3093 files changed, 842670 insertions, 0 deletions

diff --git a/CA_store.cpp b/CA_store.cpp
new file mode 100644
index 0000000..3bf7be3
--- /dev/null
+++ b/CA_store.cpp
@@ -0,0 +1,40 @@
+#include <windows.h>
+#include <wincrypt.h>
+
+#include "vmime/vmime.hpp"
+
+#include "utilities.h"
+
+using namespace vmime::security::cert;
+
+vmime::shared_ptr<defaultCertificateVerifier>
+windows_root_certs_verifier(void)
+{
+	vmime::shared_ptr<defaultCertificateVerifier> vrf =
+		vmime::make_shared<defaultCertificateVerifier>();
+	std::vector<vmime::shared_ptr<X509Certificate>> root_certs;	
+	vmime::shared_ptr<vmime::security::cert::X509Certificate> cert;
+	HCERTSTORE store;
+	PCCERT_CONTEXT context;
+
+	store = CertOpenSystemStore(0, "ROOT");
+	if (store == NULL)
+		FAIL(MSG_NO_ROOT_CA_STORE);
+
+	context = NULL;
+	while (true) {
+		context = CertEnumCertificatesInStore(store, context);
+		if (context == NULL)
+			break;
+
+		cert = vmime::security::cert::X509Certificate::import
+			(context->pbCertEncoded, context->cbCertEncoded);
+		if (cert)
+			root_certs.push_back(cert);
+	}
+
+	CertCloseStore(store, 0);
+	vrf->setX509RootCAs(root_certs);
+
+	return vrf;
+}
diff --git a/COPYING.txt b/COPYING.txt
new file mode 100644
index 0000000..a1c662c
--- /dev/null
+++ b/COPYING.txt
@@ -0,0 +1,47 @@
+This tool includes 3 statically-linked libraries:
+     - OpenSSL cryptographic library
+     - Vmime "C++ class library for working with RFC-822 and MIME messages"
+       (basically email stuff)
+     - Iniparser library for parsing of .ini configuration files
+
+In addition, the binary contains statically-linked bits of code,
+that GCC (Mingw-w64) adds to binaries.
+
+* OpenSSL
+  We're using a version of this library from before its relicense to
+  Apache 2.0 finalized. License info can be found in openssl-1.1.0h/LICENSE.
+
+  Library's website: https://www.openssl.org/
+
+* Vmime
+  This is a GPLv3-licensed library with exception for OpenSSL. License info
+  can be found in vmime-master/COPYING and vmime-master/COPYING.OpenSSL.
+
+  Library's website: https://www.vmime.org/
+
+* Iniparser
+  Small, MIT-licensed C library. License text can be found
+  in iniparser-4.1/LICENSE. Additionally, many modifications were
+  applied, that are GPLv3-compatible (and in fact, public domain).
+
+  Library's source repository: https://github.com/ndevilla/iniparser/
+
+* LibGCC & friends
+  I don't know details of what runtime bits GCC links in, but there are
+  definitely some. I don't think any of the licenses requires me to provide
+  sources for those, but nevertheless - the entire toolchain (hence also its
+  runtime libraries) can be found in Debian:
+
+      https://packages.debian.org/buster/g++-mingw-w64
+
+  It also has links to sources on the right side of every page, under the
+  "Download Source Package" text. I actually used Devuan to build programs,
+  but it seems to be using the same Mingw-x64 packages, so it doesn't matter.
+
+* My code
+  Copyright (C) 2021 Wojtek Kosior, dual licensed under either:
+       - GNU GPL, version 3 or (at Your option) any later version
+       	 (license text in LICENSES/GPLv3.txt)
+       - 0BSD (license text in LICENSES/0BSD.txt)
+  My code is that in project's topmost directory + some big modifications
+  in Iniparser and a small ugly modification in Vmime.
diff --git a/HACKING.txt b/HACKING.txt
new file mode 100644
index 0000000..dac1c5b
--- /dev/null
+++ b/HACKING.txt
@@ -0,0 +1,42 @@
+Programs are (a bit ugly) written in a mix of C and C++. First it was going to
+be only C, but it turned out libspopc is not good enough for the task (it does
+not parse messages), so I replaced it with vmime, which is a C++ lib.
+
+I compiled the programs using Mingw-w64 under Devuan (a derivative of Debian).
+There's currently no facility to build it uder something else, sorry.
+
+Everything is linked statically (so that the programs ca be just copy-pasted
+to some system and run there). Again, I haven't bothered making it possible
+to build differently.
+
+To build, You need to first `apt install g++-mingw-w64-i686 gcc-mingw-w64-i686`.
+Some other deps are also required for building libraries (at least for OpenSSL)
+- You'll see what's missing once You get an error.
+
+* OpenSSL
+  Procedures are described in openssl-1.1.0h/INSTALL. Basically, You need to
+  cd into openssl-1.10h/ and run
+  `./Configure --cross-compile-prefix=i686-w64-mingw32- mingw` and `make`.
+  At the and You should have libcrypto.a and libssl.a inside openssl-1.1.0h/.
+  I haven't made any modification to OpenSSL lib.
+
+* Vmime
+  I made a very ugly modification to certificate import code - I changed it to
+  treat provided certs as DER instead of PEM format. Remember about that, if
+  You decide to update the library to a newer version. I also added
+  a mingw_cross_toolchain.cmake file in vmime-master/ to facilitate
+  cross-compiling. Unfortunately, there weren't any instructions on how to do
+  that, so I had to fight cmake for a while. Finally, I added
+  build_for_losedows.sh script in vmime-master/. To build - just enter
+  the library's directory and run the script. You should be left with
+  libvmime.a in vmime-master/.
+
+* Iniparser
+  I modified both the library sources and its Makefile. It should suffice to
+  anter iniparser-4.1/ and run `make` there. You'll be left with
+  a libiniparser.a.
+
+* The actual programs
+  Make is used. If You've already prepared the libraries, just run `make` and
+  hope it doesn't crash ;)
+  pop.exe and push.exe shall be produced.
diff --git a/LICENSES/0BSD.txt b/LICENSES/0BSD.txt
new file mode 100644
index 0000000..38874ac
--- /dev/null
+++ b/LICENSES/0BSD.txt
@@ -0,0 +1,6 @@
+Copyright (C) 2021 by Wojtek Kosior <echo a3dvanR1c0Bwcm90b25tYWlsLmNvbQo= | base64 -d>
+
+Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
+THIS SOFTWARE.
diff --git a/LICENSES/GPLv3.txt b/LICENSES/GPLv3.txt
new file mode 100644
index 0000000..f288702
--- /dev/null
+++ b/LICENSES/GPLv3.txt
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..bc6ca14
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,42 @@
+# Previously there were also:
+#  * -Ilibspopc-0.12/ in INCLUDEFLAGS
+#  * -Llibspopc-0.12/ and -lspopc in LIBFLAGS
+#  * -DUSE_SSL in CFLAGS
+# libspopc now got replaced with VMime, which also handles mail parsing
+INCLUDEFLAGS = -Iiniparser-4.1/src/ -Ivmime-master/src/ \
+	-Ivmime-master/config_header/
+
+LIBFLAGS = -static -Lvmime-master/ -Lopenssl-1.1.0h/ -Liniparser-4.1/ \
+	-liniparser -lvmime -lssl -lcrypto -lcrypt32 -lws2_32 -lwsock32
+CC = i686-w64-mingw32-gcc
+CXX = i686-w64-mingw32-g++
+STRIP = i686-w64-mingw32-strip
+CFLAGS = $(INCLUDEFLAGS) -Wall -O2 -std=c11
+CXXFLAGS = $(INCLUDEFLAGS) -Wall -O2 -std=c++11
+
+PROGRAMS = pop.exe push.exe
+COMMON_O = config.o messages.o misc.o CA_store.o timeout_handler.o exceptions.o
+POP_OBJECTS = pop.o $(COMMON_O)
+PUSH_OBJECTS = push.o $(COMMON_O)
+
+all: $(PROGRAMS)
+
+#	stripping nie jest konieczny, ale zmniejsza rozmiar pliku o ponad 25%
+pop.exe: $(POP_OBJECTS)
+	$(CXX) $^ $(LIBFLAGS) -o $@
+	$(STRIP) $@
+
+push.exe: $(PUSH_OBJECTS)
+	$(CXX) $^ $(LIBFLAGS) -o $@
+	$(STRIP) $@
+
+clean:
+	-rm -f $(PROGRAMS) *.o
+
+%.o: %.c
+	$(CC) -c $< -o $@ $(CFLAGS)
+
+%.o: %.cpp
+	$(CXX) -c $< -o $@ $(CXXFLAGS)
+
+.PHONY: all clean
diff --git a/README.txt b/README.txt
new file mode 100644
index 0000000..7e971df
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,10 @@
+Programs to automatically send and receive emails through SMTP and POP3,
+under Windows (aka Losedows).
+
+This program probably has no use for you. I am including it in a public
+repository so that it can serve as part of my CV. Also, it ended up being
+a quite ugly piece of code (well, C++ is what happened).
+
+For license terms of the programs and included libraries, see COPYING.txt.
+
+For information about building and modifying, see HACKING.txt.
diff --git a/README_pl.txt b/README_pl.txt
new file mode 100644
index 0000000..2ac42e3
--- /dev/null
+++ b/README_pl.txt
@@ -0,0 +1,6 @@
+Programy do automatycznego wysyłania i pobierania maili przez SMTP i POP3,
+pod Windą. Dołączone są także pełne kody źródłowe używanych bibliotek.
+
+Szczegóły dot. licencji znajdują się w COPYING.txt.
+
+Informacje, jak zbudować/zmodyfikować program, można znaleźć w HACKING.txt.
diff --git a/config.c b/config.c
new file mode 100644
index 0000000..7dd0c1e
--- /dev/null
+++ b/config.c
@@ -0,0 +1,287 @@
+/* C */
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/* Losedows */
+#include <fileapi.h>
+
+/* local */
+#include "utilities.h"
+#include "iniparser.h"
+
+#define BUFSIZE 4096
+
+static const char *get_string(dictionary *ini, const char *key)
+{
+	const char *value;
+	char *new_string;
+	size_t length;
+
+	value = iniparser_getstring(ini, key, NULL);
+	if (!value)
+		return NULL;
+
+	length = strlen(value);
+	new_string = dirtyalloc(length + 1);
+	memcpy(new_string, value, length + 1);
+	return new_string;
+}
+
+static enum bool_param get_bool(dictionary *ini, const char *key)
+{
+	int value = iniparser_getboolean(ini, key, 2);
+
+	return value == 2 ? PARAM_NOT_GIVEN :
+	  value == 1 ? PARAM_YES : PARAM_NO;
+}
+
+static size_t get_msg(dictionary *ini, const char **dest)
+{
+	int nkeys, i;
+	const char **keys;
+	const char *line;
+	size_t msg_size = 0;
+	char *msg, *msg_pos;
+
+	nkeys = iniparser_getsecnkeys(ini, "MSG");
+	if (nkeys == 0) {
+		*dest = NULL;
+		return 0;
+	}
+
+	keys = dirtyalloc(nkeys * sizeof(const char*));
+	iniparser_getseckeys(ini, "MSG", keys);
+
+	for (i = 0; i < nkeys; i++)
+		msg_size += strlen(iniparser_getstring(ini, keys[i], "")) + 1;
+
+	msg = dirtyalloc(msg_size);
+	msg_pos = msg;
+
+	for (i = 0; i < nkeys; i++) {
+		line = iniparser_getstring(ini, keys[i], "");
+		while (*line)
+			*(msg_pos++) = *(line++);
+		*(msg_pos++) = '\n';
+	}
+
+	free(keys);
+	*(msg_pos - 1) = '\0';
+	*dest = msg;
+
+	/* Exclude terminating null byte from returned size */
+	return msg_size - 1;
+}
+
+static size_t get_list(dictionary *ini, const char *section,
+		       const char ***dest)
+{
+	int nkeys, i;
+	const char **keys, **items;
+	const char *line;
+	char *copied_line;
+	size_t length;
+
+	nkeys = iniparser_getsecnkeys(ini, section);
+
+	if (nkeys == 0) {
+		*dest = NULL;
+		return 0;
+	}
+
+	keys = dirtyalloc(nkeys * sizeof(const char *));
+	items = dirtyalloc(nkeys * sizeof(const char *));
+	iniparser_getseckeys(ini, section, keys);
+
+	for (i = 0; i < nkeys; i++) {
+		line = iniparser_getstring(ini, keys[i], "");
+		length = strlen(line) + 1;
+		copied_line = dirtyalloc(length);
+		memcpy(copied_line, line, length);
+		items[i] = copied_line;
+	}
+
+	free(keys);
+	*dest = items;
+	return nkeys;
+}
+
+static dictionary *check_file_and_load_ini(const char *filename)
+{
+	int retval;
+	char full_pathname[BUFSIZE];
+	dictionary *ini;
+
+	retval = GetFullPathName(filename, BUFSIZE, full_pathname, NULL);
+
+	if (retval == 0)
+		FAIL(MSG_CONF_PATH_EXPAND_FAIL, filename);
+
+	if (access(full_pathname, F_OK) != 0)
+		FAIL(MSG_CONF_NOT_EXIST, full_pathname);
+
+	if (access(full_pathname, R_OK) != 0)
+		FAIL(MSG_CONF_NOT_READABLE, full_pathname);
+
+	ini = iniparser_load(full_pathname);
+
+	if (!ini)
+		FAIL(MSG_INVALID_INI_FILE, full_pathname);
+
+	return ini;
+}
+
+void print_config(struct config *config);
+
+void read_config(const char *filename, struct config *config)
+{
+	dictionary *ini;
+
+	ini = check_file_and_load_ini(filename);
+
+	memset(config, '\0', sizeof(struct config)); /* not really needed */
+
+	config->host      = get_string(ini, "SERVER:host");
+	config->login     = get_string(ini, "SERVER:login");
+	config->password  = get_string(ini, "SERVER:password");
+	config->dest_dir  = get_string(ini, "SERVER:outputdir");
+
+	config->reply_to  = get_string(ini, "MAIL:replyto");
+	config->from      = get_string(ini, "MAIL:from");
+
+	if (!config->reply_to)
+		config->reply_to  = get_string(ini, "SERVER:replyto");
+	if (!config->from)
+		config->from  = get_string(ini, "SERVER:from");
+
+	config->subject   = get_string(ini, "MAIL:subject");
+
+	config->use_SSL   = get_bool(ini, "SERVER:ssl");
+	config->use_AUTH  = get_bool(ini, "SERVER:auth");
+	config->del_msgs  = get_bool(ini, "SERVER:delete_msg");
+	config->save_body = get_bool(ini, "SERVER:save_body");
+	config->save_subj = get_bool(ini, "SERVER:save_subject");
+	config->port_POP3 = iniparser_getint(ini, "SERVER:port_pop3", -1);
+	config->port_SMTP = iniparser_getint(ini, "SERVER:port_smtp", -1);
+	config->timeout   = iniparser_getint(ini, "SERVER:timeout",   1000000);
+	config->nfiles    = get_list(ini, "FILES", &config->files);
+	config->nto       = get_list(ini, "CC",    &config->to);
+	config->msg_size  = get_msg (ini, &config->msg_body);
+
+	iniparser_freedict(ini);
+
+	/* print_config(config); */
+}
+
+void get_config(int argc, const char **argv, struct config *config)
+{
+	int config_arg_idx = 1;
+
+	if (argc < 2)
+		goto bad_args;
+
+	if (strcmp(argv[1], "--wide-chars") == 0) {
+		config_arg_idx = 2;
+		iniparser_set_fgetc_impl(provisional_wide_char_fgetc);
+	}
+
+	if (argc <= config_arg_idx)
+		goto bad_args;
+
+	iniparser_set_error_callback(dummy_errback);
+	iniparser_set_process_multiline(false);
+	read_config(argv[config_arg_idx], config);
+	return;
+
+bad_args:
+	FAIL(MSG_BAD_ARGS_NUM, argv[0]);
+}
+
+void free_config(struct config *config)
+{
+	//TODO
+}
+
+void print_config(struct config *config)
+{
+	size_t i;
+
+	if (config->host)
+		printf("host: %s\n", config->host);
+	else
+		puts("host not set");
+
+	if (config->login)
+		printf("login: %s\n", config->login);
+	else
+		puts("login not set");
+
+	if (config->password)
+		printf("password: %s\n", config->password);
+	else
+		puts("password not set");
+
+	if (config->reply_to)
+		printf("reply_to: %s\n", config->reply_to);
+	else
+		puts("reply_to not set");
+
+	if (config->from)
+		printf("from: %s\n", config->from);
+	else
+		puts("from not set");
+
+	if (config->dest_dir)
+		printf("dest_dir: %s\n", config->dest_dir);
+	else
+		puts("dest_dir not set");
+
+	if (config->subject)
+		printf("subject: %s\n", config->subject);
+	else
+		puts("subject not set");
+
+	printf("SSL: %s\n", config->use_SSL ? "True" : "False");
+
+	printf("AUTH: %s\n", config->use_AUTH ? "True" : "False");
+
+	printf("port_POP3: %d\n", config->port_POP3);
+
+	printf("port_SMTP: %d\n", config->port_SMTP);
+
+	printf("timeout: %d\n", config->timeout);
+
+	printf("delete: %s\n", config->del_msgs ? "True" : "False");
+
+	printf("save_body: %s\n", config->save_body ? "True" : "False");
+
+	printf("save_subject: %s\n", config->save_subj ? "True" : "False");
+
+	if (config->nfiles) {
+		puts("files:");
+		for (i = 0; i < config->nfiles; i++)
+			printf("  %s\n", config->files[i]);
+	} else {
+		puts("no files");
+	}
+
+	if (config->nto) {
+		puts("recipients:");
+		for (i = 0; i < config->nto; i++)
+			printf("  %s\n", config->to[i]);
+	} else {
+		puts("no recipients");
+	}
+
+	if (config->msg_body) {
+		printf("message (length %lu):\n",
+		       (unsigned long)config->msg_size);
+		puts(config->msg_body);
+	} else {
+		puts("no message");
+	}
+}
diff --git a/exceptions.cpp b/exceptions.cpp
new file mode 100644
index 0000000..35fa37b
--- /dev/null
+++ b/exceptions.cpp
@@ -0,0 +1,71 @@
+#include <stdlib.h>
+#include <iostream>
+
+#include "vmime/vmime.hpp"
+#include "vmime/security/cert/certificateIssuerVerificationException.hpp"
+#include "vmime/security/cert/unsupportedCertificateTypeException.hpp"
+#include "vmime/security/cert/certificateNotTrustedException.hpp"
+#include "vmime/security/cert/certificateExpiredException.hpp"
+#include "vmime/security/cert/certificateNotYetValidException.hpp"
+#include "vmime/exception.hpp"
+
+#include "exceptions.hpp"
+#include "utilities.h"
+
+using namespace vmime::exceptions;
+using namespace vmime::security::cert;
+
+#define EX_COMPATIBLE(ex_type_name) (dynamic_cast<ex_type_name*>(e) != nullptr)
+
+void handle_vmime_exception(vmime::exception *e)
+{
+	if (EX_COMPATIBLE(authentication_error))
+		FAIL(MSG_BAD_AUTHENTICATION);
+	if (EX_COMPATIBLE(certificateIssuerVerificationException))
+		FAIL(MSG_CERT_VERIFICATION_FAIL);
+	if (EX_COMPATIBLE(unsupportedCertificateTypeException))
+		FAIL(MSG_BAD_CERT_FORMAT);
+	if (EX_COMPATIBLE(certificateNotTrustedException))
+		FAIL(MSG_UNKNOWN_CERT);
+	if (EX_COMPATIBLE(certificateExpiredException))
+		FAIL(MSG_CERT_EXPIRED);
+	if (EX_COMPATIBLE(certificateNotYetValidException))
+		FAIL(MSG_CERT_NOT_YET_VALID);
+
+	if (EX_COMPATIBLE(connection_error))
+		std::cerr << "Blad polaczenia z serwerem: ";
+	else
+		std::cerr << "Blad (biblioteka vmime): ";
+	std::cerr << e->what() << std::endl;
+
+#define PRINT_MORE(ex_type_name, text, more)				\
+	ex_type_name *ex_type_name =					\
+		dynamic_cast<vmime::exceptions::ex_type_name*>(e);	\
+	if (ex_type_name != nullptr)					\
+		std::cerr << text << ex_type_name->more << std::endl;
+
+#define PRINT_RESPONSE(ex_type_name)					\
+	PRINT_MORE(ex_type_name, "Odpowiedz serwera: ", response())
+
+	PRINT_RESPONSE(command_error);
+	PRINT_RESPONSE(connection_greeting_error);
+	PRINT_RESPONSE(authentication_error);
+	PRINT_RESPONSE(invalid_response);
+	PRINT_MORE(filesystem_exception, "Sciezka: ",
+		   path().toString("\\", vmime::charsets::WINDOWS_1250));
+
+	FAIL_NOMSG();
+}
+
+void handle_std_exception(std::exception *e)
+{
+	if (EX_COMPATIBLE(silent_exception))
+		FAIL_NOMSG();
+	if (EX_COMPATIBLE(std::bad_alloc))
+		FAIL(MSG_MALLOC_FAIL);
+
+	std::cerr << "Blad (biblioteka standardowa): "
+		  << e->what() << std::endl;
+
+	FAIL_NOMSG();
+}
diff --git a/exceptions.hpp b/exceptions.hpp
new file mode 100644
index 0000000..4821bc9
--- /dev/null
+++ b/exceptions.hpp
@@ -0,0 +1,14 @@
+#include "vmime/vmime.hpp"
+
+void handle_vmime_exception(vmime::exception *e);
+
+void handle_std_exception(std::exception *e);
+
+class silent_exception : public std::runtime_error {
+public:
+	silent_exception() : std::runtime_error("")
+		{
+		}
+
+//	virtual ~Exception() noexcept {}
+};
diff --git a/hello.cpp b/hello.cpp
new file mode 100644
index 0000000..c56dd7b
--- /dev/null
+++ b/hello.cpp
@@ -0,0 +1,40 @@
+#include <iostream>
+#include <string>
+#include <regex>
+
+static std::string get_next_filename(std::string filename)
+{
+	std::regex
+		numbered_reg("(.[^.]*)[(]([1-9][0-9]{0,8})[)](([.].*)?)"),
+		unnumbered_reg("(.[^.]*)(([.].*)?)");
+	std::smatch what;
+	std::string base_name, number, rest;
+	long new_idx;
+
+	if (regex_match(filename, what, numbered_reg)) {
+		base_name = what[1];
+		number = what[2];
+		rest = what[3];
+		new_idx = std::stol(number) + 1;
+	} else {
+		regex_match(filename, what, unnumbered_reg);
+		base_name = what[1];
+		rest = what[2];
+		new_idx = 1;
+	}
+	std:: cout << filename << "  ";
+	return base_name + "(" + std::to_string(new_idx) + ")" + rest;
+}
+
+int main()
+{
+	std::cout << get_next_filename("dupa(1)") << std::endl;
+	std::cout << get_next_filename("dupa(1).txt") << std::endl;
+	std::cout << get_next_filename("....dupa(1).txt") << std::endl;
+	std::cout << get_next_filename("dupa(01).kupa(22).png") << std::endl;
+	std::cout << get_next_filename("dupa(1)e..txt") << std::endl;
+	std::cout << get_next_filename("dupa(111111111).txt") << std::endl;
+	std::cout << get_next_filename("dupa(1111111111).txt") << std::endl;
+	std::cout << get_next_filename("dupa.txt") << std::endl;
+	return 0;
+}
diff --git a/iniparser-4.1/.gitignore b/iniparser-4.1/.gitignore
new file mode 100644
index 0000000..8fc7b85
--- /dev/null
+++ b/iniparser-4.1/.gitignore
@@ -0,0 +1,11 @@
+### Ignore all files created by make
+#
+*.a
+*.o
+*.so
+*.so.*
+/example/iniexample
+/example/parse
+# Autogenerate source file
+/test/AllTests.c
+/test/testrun
diff --git a/iniparser-4.1/.travis.yml b/iniparser-4.1/.travis.yml
new file mode 100644
index 0000000..22a61fa
--- /dev/null
+++ b/iniparser-4.1/.travis.yml
@@ -0,0 +1,9 @@
+language: c
+
+env:
+ - ENV_CC=clang
+ - ENV_CC=clang++
+ - ENV_CC=gcc
+ - ENV_CC=g++
+
+script: CC=$ENV_CC make && CC=$ENV_CC make check
diff --git a/iniparser-4.1/AUTHORS b/iniparser-4.1/AUTHORS
new file mode 100644
index 0000000..d5a3f6b
--- /dev/null
+++ b/iniparser-4.1/AUTHORS
@@ -0,0 +1,6 @@
+Author: Nicolas Devillard <ndevilla@free.fr>
+
+This tiny library has received countless contributions and I have
+not kept track of all the people who contributed. Let them be thanked
+for their ideas, code, suggestions, corrections, enhancements!
+
diff --git a/iniparser-4.1/FAQ-en.md b/iniparser-4.1/FAQ-en.md
new file mode 100644
index 0000000..0bb43ba
--- /dev/null
+++ b/iniparser-4.1/FAQ-en.md
@@ -0,0 +1,37 @@
+# iniparser FAQ #
+
+## Is iniparser thread safe ?
+
+Starting from version 4, iniparser is designed to be thread-safe, provided
+you surround it with your own mutex logic. The choice to not add thread
+safety inside the library has been made to provide more freedom for the
+developer, especially when dealing with their own custom reading logic
+e.g. acquiring the mutex, reading entries with iniparser, then releasing
+the mutex.
+
+## Your build system isn't portable, let me help you...
+
+We have received countless contributions from distrib people to modify the
+Makefile into what they think is the "standard", which we had to reject.
+The default, standard Makefile for Debian bears absolutely no relationship
+with the one from SuSE or RedHat and there is no possible way to merge them
+all. A build system is something so specific to each environment that it
+is completely pointless to try and push anything that claims to be
+standard. The provided Makefile in this project is purely here to have
+something to play with quickly.
+
+## iniparser_dump() is slow
+
+The dumping functions are based on fprintf, which can turn out to be
+surprisingly slow on some embedded platforms. You can replace fprintf by a
+combined use of sprintf and fwrite, or you can use setvbuf() to change
+buffering parameters to accomodate fprintf(). Something like:
+
+setvbuf(f, NULL, _IOFBF, 0);
+
+## iniparser does not compile with my C++ compiler!
+
+See the docs: iniparser is a C library. C++ is quite a different language,
+despite the promises of compatibility. You will have to modify iniparser
+quite heavily to make it work with a C++ compiler. Good luck!
+
diff --git a/iniparser-4.1/FAQ-zhcn.md b/iniparser-4.1/FAQ-zhcn.md
new file mode 100644
index 0000000..ad0286d
--- /dev/null
+++ b/iniparser-4.1/FAQ-zhcn.md
@@ -0,0 +1,27 @@
+# iniparser FAQ #
+
+## iniparser线程安全� ?
+
+从版本4开始，iniparser被设计�线程安全的，你需�围绕它处�你自己的互斥逻辑。
+选择�在库中添加线程安全，是为开�者�供更多的自由，特别是在处�他们自己的读
+逻辑。如获�互斥�，用iniparser阅读�目，然�释放互斥体。
+
+## 你的构建系统��移�，让我�帮助你...
+
+我们已�收到了��地的开�人员的无数贡献，将Makefile修改为他们认为是“标准�的
+内容，但是我们�得�拒�。 默认情况下，Debian的标准Makefile与SuSE或RedHat完
+全没有关系，没有�能的方�将它们全部�并。 构建系统对于�个环境�说都是特别的，
+�试推动任何声称是标准的东西是完全没有�义的。 在这个项目中�供的Makefile纯粹
+是为了快速的把库跑起�。
+
+## iniparser_dump() 速度慢
+
+dump函数是基于fprintf的，在嵌入�平�上它�能导致很慢。你�以把fprintf��
+sprintf和fwrite的组�，或者�以使用setvbfu()�改�fprintf的缓存�数。比如：
+
+setvbuf(f, NULL, _IOFBF, 0);
+
+## 用我的c++编译器�能编译iniparser!
+
+看文档：iniparser是一个C库。虽然C++兼容C，但它�是�外一门语言。让iniparser在
+C++编译器下工作，会是一份��的工作。�你好��
diff --git a/iniparser-4.1/INSTALL b/iniparser-4.1/INSTALL
new file mode 100644
index 0000000..a5b05d0
--- /dev/null
+++ b/iniparser-4.1/INSTALL
@@ -0,0 +1,15 @@
+
+iniParser installation instructions
+-----------------------------------
+
+- Modify the Makefile to suit your environment.
+- Type 'make' to make the library.
+- Type 'make check' to make the test program.
+- Type 'test/iniexample' to launch the test program.
+- Type 'test/parse' to launch torture tests.
+
+
+
+Enjoy!
+N. Devillard
+Wed Mar  2 21:14:17 CET 2011
diff --git a/iniparser-4.1/LICENSE b/iniparser-4.1/LICENSE
new file mode 100644
index 0000000..4c073ba
--- /dev/null
+++ b/iniparser-4.1/LICENSE
@@ -0,0 +1,40 @@
+Most of the library code:
+
+Copyright (c) 2000-2011 by Nicolas Devillard.
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+-----------------------------------------------------------
+
+getline.c:
+The original code is public domain -- Will Hartung 4/9/09
+Modifications, public domain as well, by Antti Haapala, 11/10/17
+
+Additionaly, getline.c can be considered available under CC BY-SA 3.0,
+as required under the Terms of Service of StackOverflow where the code
+was taken from.
+
+-----------------------------------------------------------
+
+Modifications to make the library work with lines longer that 1024 chars:
+
+Copyright (C) 2021 Wojtek Kosior, dual licensed under either:
+     - GNU GPL, version 3 or (at Your option) any later version
+     - 0BSD
diff --git a/iniparser-4.1/Makefile b/iniparser-4.1/Makefile
new file mode 100644
index 0000000..bcf4dc4
--- /dev/null
+++ b/iniparser-4.1/Makefile
@@ -0,0 +1,86 @@
+#
+# iniparser Makefile
+#
+.PHONY: example
+
+# Compiler settings
+CC	= i686-w64-mingw32-gcc
+
+CFLAGS  += -Wall -Wextra -ansi -pedantic
+#CFLAGS  += -fPIC
+ifndef DEBUG
+ADDITIONAL_CFLAGS  ?= -O2
+else
+ADDITIONAL_CFLAGS  ?= -g
+endif
+
+CFLAGS += ${ADDITIONAL_CFLAGS}
+
+# Ar settings to build the library
+AR	= i686-w64-mingw32-ar
+ARFLAGS = rcs
+
+SHLD = ${CC} ${CFLAGS}
+LDSHFLAGS = -shared -Wl,-Bsymbolic
+LDFLAGS += -Wl,-rpath -Wl,/usr/lib -Wl,-rpath,/usr/lib
+
+# .so.0 is for version 3.x, .so.1 is 4.x
+SO_TARGET ?= libiniparser.so.1
+
+# Set RANLIB to ranlib on systems that require it (Sun OS < 4, Mac OSX)
+# RANLIB  = ranlib
+RANLIB = true
+
+RM      ?= rm -f
+
+
+# Implicit rules
+
+SUFFIXES = .o .c .h .a .so .sl
+
+COMPILE.c	?= $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c
+
+ifndef V
+QUIET_AR	= @echo "AR	$@";
+QUIET_CC	= @echo "CC	$@";
+QUIET_LINK	= @echo "LINK	$@";
+QUIET_RANLIB	= @echo "RANLIB	$@";
+endif
+
+.c.o:
+	$(QUIET_CC)$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+
+SRCS = src/iniparser.c src/dictionary.c src/getline.c
+
+OBJS = $(SRCS:.c=.o)
+
+
+default:	libiniparser.a $(SO_TARGET)
+
+libiniparser.a:	$(OBJS)
+	$(QUIET_AR)$(AR) $(ARFLAGS) $@ $^
+	$(QUIET_RANLIB)$(RANLIB) $@
+
+$(SO_TARGET):	$(OBJS)
+	$(QUIET_LINK)$(SHLD) $(LDSHFLAGS) $(LDFLAGS) -o $(SO_TARGET) $(OBJS) \
+		-Wl,-soname=`basename $(SO_TARGET)`
+
+clean:
+	$(RM) $(OBJS)
+	@(cd test ; $(MAKE) clean)
+
+veryclean:
+	$(RM) $(OBJS) libiniparser.a $(SO_TARGET)
+	rm -rf ./html ; mkdir html
+	cd example ; $(MAKE) veryclean
+	cd test ; $(MAKE) veryclean
+
+docs:
+	@(cd doc ; $(MAKE))
+
+check: $(SO_TARGET)
+	@(cd test ; $(MAKE))
+
+example: libiniparser.a
+	@(cd example ; $(MAKE))	
diff --git a/iniparser-4.1/README.md b/iniparser-4.1/README.md
new file mode 100644
index 0000000..dbc30d0
--- /dev/null
+++ b/iniparser-4.1/README.md
@@ -0,0 +1,44 @@
+[![Build Status](https://travis-ci.org/ndevilla/iniparser.svg?branch=master)](https://travis-ci.org/ndevilla/iniparser)
+
+# Iniparser 4 #
+
+
+## I - Overview
+
+This modules offers parsing of ini files from the C level.
+See a complete documentation in HTML format, from this directory
+open the file html/index.html with any HTML-capable browser.
+
+Key features :
+
+ - Small : around 1500 sloc inside 4 files (2 .c and 2 .h)
+ - Portable : no dependancies, written in `-ansi -pedantic` C89
+ - Fully reintrant : easy to make it thread-safe (just surround
+   library calls by mutex)
+
+## II - Building project
+
+A simple `make` at the root of the project should be enough to get the static
+(i.e. `libiniparser.a`) and shared (i.e. `libiniparser.so.0`) libraries compiled.
+
+You should consider trying the following rules too :
+
+ - `make check` : run the unitary tests
+ - `make example` : compile the example, run it with `./example/iniexample`
+
+## III - License
+
+This software is released under MIT License.
+See LICENSE for full informations
+
+## IV - Versions
+
+Current version is 4.1. Version 4.0 introduces breaking changes in the api.
+Older versions 3.1 and 3.2 with the legacy api are available as tags.
+
+
+## V - FAQ
+
+See [FAQ-en.md](FAQ-en.md) in this directory for answers to Frequently Asked Questions.
+
+还有简化中国翻译在[FAQ-zhcn.md](FAQ-zhcn.md).
diff --git a/iniparser-4.1/doc/Makefile b/iniparser-4.1/doc/Makefile
new file mode 100644
index 0000000..db925ec
--- /dev/null
+++ b/iniparser-4.1/doc/Makefile
@@ -0,0 +1,16 @@
+#
+# iniparser doc Makefile
+#
+
+all: html
+
+html:
+	doxygen iniparser.dox
+	rm -f ../html/annotated.html
+	rm -f ../html/classes.html
+	rm -f ../html/doxygen.gif
+	rm -f ../html/files.html
+	rm -f ../html/functions.html
+	rm -f ../html/globals.html
+	rm -f ../html/iniparser_main.html
+
diff --git a/iniparser-4.1/doc/iniparser.dox b/iniparser-4.1/doc/iniparser.dox
new file mode 100644
index 0000000..e4b2242
--- /dev/null
+++ b/iniparser-4.1/doc/iniparser.dox
@@ -0,0 +1,81 @@
+PROJECT_NAME           = iniparser
+PROJECT_NUMBER         = 4.1
+OUTPUT_DIRECTORY       = ..
+OUTPUT_LANGUAGE        = English
+EXTRACT_ALL            = YES
+EXTRACT_PRIVATE        = NO
+EXTRACT_STATIC         = NO
+HIDE_UNDOC_MEMBERS     = NO
+BRIEF_MEMBER_DESC      = YES
+REPEAT_BRIEF           = YES
+ALWAYS_DETAILED_SEC    = NO
+FULL_PATH_NAMES        = NO
+STRIP_FROM_PATH        = 
+INTERNAL_DOCS          = NO
+SOURCE_BROWSER         = NO
+INLINE_SOURCES         = NO
+STRIP_CODE_COMMENTS    = YES
+CASE_SENSE_NAMES       = YES
+HIDE_SCOPE_NAMES       = NO
+VERBATIM_HEADERS       = NO
+SHOW_INCLUDE_FILES     = NO
+JAVADOC_AUTOBRIEF      = NO
+INHERIT_DOCS           = YES
+INLINE_INFO            = YES
+SORT_MEMBER_DOCS       = YES
+DISTRIBUTE_GROUP_DOC   = NO
+TAB_SIZE               = 4
+ENABLED_SECTIONS       = 
+GENERATE_TODOLIST      = NO
+GENERATE_TESTLIST      = NO
+ALIASES                =
+MAX_INITIALIZER_LINES  = 30
+OPTIMIZE_OUTPUT_FOR_C  = YES
+QUIET                  = NO
+WARNINGS               = YES
+WARN_IF_UNDOCUMENTED   = YES
+WARN_FORMAT            = "$file:$line: $text"
+WARN_LOGFILE           = 
+INPUT                  =  iniparser.main ../src
+FILE_PATTERNS          = iniparser.h
+RECURSIVE              = NO
+EXCLUDE                =
+EXCLUDE_PATTERNS       = 
+EXAMPLE_PATH           = 
+EXAMPLE_PATTERNS       = 
+IMAGE_PATH             = 
+INPUT_FILTER           = 
+FILTER_SOURCE_FILES    = NO
+ALPHABETICAL_INDEX     = YES
+COLS_IN_ALPHA_INDEX    = 5
+IGNORE_PREFIX          = 
+GENERATE_HTML          = YES
+HTML_OUTPUT            = html
+HTML_HEADER            =
+HTML_FOOTER            =
+HTML_STYLESHEET        = 
+HTML_ALIGN_MEMBERS     = YES
+GENERATE_HTMLHELP      = NO
+DISABLE_INDEX          = YES
+ENUM_VALUES_PER_LINE   = 4
+GENERATE_TREEVIEW      = NO
+TREEVIEW_WIDTH         = 250
+
+GENERATE_LATEX         = NO
+GENERATE_RTF           = NO
+GENERATE_MAN           = NO
+
+ENABLE_PREPROCESSING   = NO
+MACRO_EXPANSION        = NO
+EXPAND_ONLY_PREDEF     = NO
+SEARCH_INCLUDES        = NO
+INCLUDE_PATH           = 
+INCLUDE_FILE_PATTERNS  = 
+PREDEFINED             = 
+EXPAND_AS_DEFINED      = 
+TAGFILES               = 
+GENERATE_TAGFILE       = 
+ALLEXTERNALS           = NO
+PERL_PATH              = /usr/bin/perl
+HAVE_DOT               = NO
+SEARCHENGINE           = NO
diff --git a/iniparser-4.1/doc/iniparser.main b/iniparser-4.1/doc/iniparser.main
new file mode 100644
index 0000000..47747c1
--- /dev/null
+++ b/iniparser-4.1/doc/iniparser.main
@@ -0,0 +1,207 @@
+
+/**
+
+    @mainpage   iniparser documentation
+
+
+    @section welcome    Introduction
+
+    iniParser is a simple C library offering ini file parsing services.
+    The library is pretty small (less than 1500 lines of C) and robust, and
+    does not depend on any other external library to compile. It is written
+    in ANSI C and should compile on most platforms without difficulty.
+
+
+    @section inidef     What is an ini file?
+
+    An ini file is an ASCII file describing simple parameters
+    (character strings, integers, floating-point values or booleans)
+    in an explicit format, easy to use and modify for users.
+
+    An ini file is segmented into Sections, declared by the following
+    syntax:
+
+    @verbatim
+    [Section Name]
+    @endverbatim
+
+    i.e. the section name enclosed in square brackets, alone on a
+    line. Sections names are allowed to contain any character but
+    square brackets or linefeeds.
+
+    In any section are zero or more variables, declared with the
+    following syntax:
+
+    @verbatim
+    Key = value ; comment
+    @endverbatim
+
+    The key is any string (possibly containing blanks). The value is
+    any character on the right side of the equal sign. Values can be
+    given enclosed with quotes. If no quotes are present, the value is
+    understood as containing all characters between the first and the
+    last non-blank characters before the comment. The following
+    declarations are identical:
+
+    @verbatim
+    Hello = "this is a long string value" ; comment
+    Hello = this is a long string value ; comment
+    @endverbatim
+
+    The semicolon and comment at the end of the line are optional. If
+    there is a comment, it starts from the first character after the
+    semicolon up to the end of the line.
+
+    Multi-line values can be provided by ending the line with a
+    backslash (\).
+
+    @verbatim
+    Multiple = Line 1 \
+    Line 2 \
+    Line 3 \
+    Line 4 ; comment
+    @endverbatim
+
+    This would yield: "multiple" <- "Line1 Line2 Line3 Line4"
+
+    Comments in an ini file are:
+
+    - Lines starting with a hash sign
+    - Blank lines (only blanks or tabs)
+    - Comments given on value lines after the semicolon (if present)
+
+
+    @section install    Compiling/installing the library
+
+    Edit the Makefile to indicate the C compiler you want to use, the
+    options to provide to compile ANSI C, and possibly the options to pass
+    to the ar program on your machine to build a library (.a) from a set
+    of object (.o) files.
+
+    Defaults are set for the gcc compiler and the standard ar library
+    builder.
+
+    Type 'make', that should do it.
+
+    To use the library in your programs, add the following line on top
+    of your module:
+
+    @code
+    #include "iniparser.h"
+    @endcode
+
+    And link your program with the iniparser library by adding
+    @c -liniparser.a to the compile line.
+
+    See the file test/initest.c for an example.
+
+    iniparser is an ANSI C library. If you want to compile it
+    with a C++ compiler you will likely run into compatibility
+    issues. Headers probably have to include the extern "C"
+    hack and function prototypes will want to add some const
+    here and there to keep the compiler happy. This job is left
+    to the reader as there are too many C++ compilers around, each
+    with its own requirements as to what represents acceptable
+    C code in a C++ environment. You have been warned.
+
+
+    @section reference  Library reference
+
+    The library is completely documented in its header file. On-line
+    documentation has been generated and can be consulted here:
+
+    - iniparser.h
+
+
+    @section usage      Using the parser
+
+    Comments are discarded by the parser. Then sections are
+    identified, and in each section a new entry is created for every
+    keyword found. The keywords are stored with the following syntax:
+
+    @verbatim
+    [Section]
+    Keyword = value ; comment
+    @endverbatim
+
+    is converted to the following key pair:
+
+    @verbatim
+    ("section:keyword", "value")
+    @endverbatim
+
+    This means that if you want to retrieve the value that was stored
+    in the section called @c Pizza, in the keyword @c Cheese,
+    you would make a request to the dictionary for
+    @c "pizza:cheese". All section and keyword names are converted
+    to lowercase before storage in the structure. The value side is
+    conserved as it has been parsed, though.
+
+    Section names are also stored in the structure. They are stored
+    using as key the section name, and a NULL associated value. They
+    can be queried through iniparser_find_entry().
+
+    To launch the parser, use the function called iniparser_load(), which
+    takes an input file name and returns a newly allocated @e dictionary
+    structure. This latter object should remain opaque to the user and only
+    accessed through the following accessor functions:
+
+    - iniparser_getstring()
+    - iniparser_getint()
+    - iniparser_getdouble()
+    - iniparser_getboolean()
+
+    Finally, discard this structure using iniparser_freedict().
+
+    All values parsed from the ini file are stored as strings. The
+    accessors are just converting these strings to the requested type on
+    the fly, but you could basically perform this conversion by yourself
+    after having called the string accessor.
+
+    Notice that iniparser_getboolean() will return an integer (0 or 1),
+    trying to make sense of what was found in the file. Strings starting
+    with "y", "Y", "t", "T" or "1" are considered true values (return 1),
+    strings starting with "n", "N", "f", "F", "0" are considered false
+    (return 0). This allows some flexibility in handling of boolean
+    answers.
+
+    If you want to add extra information into the structure that was not
+    present in the ini file, you can use iniparser_set() to insert a
+    string.
+
+    If you want to add a section to the structure, add a key
+    with a NULL value. Example:
+    @verbatim
+    iniparser_set(ini, "section", NULL);
+    iniparser_set(ini, "section:key1", NULL);
+    iniparser_set(ini, "section:key2", NULL);
+    @endverbatim
+
+
+    @section implementation     A word about the implementation
+
+    The dictionary structure is a pretty simple dictionary
+    implementation which might find some uses in other applications.
+    If you are curious, look into the source.
+
+
+    @section defects            Known defects
+
+    The dictionary structure is extremely unefficient for searching
+    as keys are sorted in the same order as they are read from the
+    ini file, which is convenient when dumping back to a file. The
+    simplistic first-approach linear search implemented there can
+    become a bottleneck if you have a very large number of keys.
+
+    People who need to load large amounts of data from an ini file
+    should definitely turn to more appropriate solutions: sqlite3 or
+    similar. There are otherwise many other dictionary implementations
+    available on the net to replace this one.
+
+
+    @section authors    Authors
+
+    Nicolas Devillard (ndevilla AT free DOT fr).
+
+
+*/
diff --git a/iniparser-4.1/example/Makefile b/iniparser-4.1/example/Makefile
new file mode 100644
index 0000000..cc6e54b
--- /dev/null
+++ b/iniparser-4.1/example/Makefile
@@ -0,0 +1,27 @@
+#
+# iniparser tests Makefile
+#
+
+CC     	= i686-w64-mingw32-gcc
+CFLAGS  += -g -I../src
+LFLAGS  += -L.. -liniparser
+AR	= i686-w64-mingw32-ar
+ARFLAGS += rcv
+RM      ?= rm -f
+
+
+default: all
+
+all: iniexample.exe parse.exe
+
+iniexample.exe: iniexample.c
+	$(CC) $(CFLAGS) -o iniexample.exe iniexample.c -I../src -L.. -liniparser
+
+parse.exe: parse.c
+	$(CC) $(CFLAGS) -o parse.exe parse.c -I../src -L.. -liniparser
+
+clean veryclean:
+	$(RM) iniexample.exe example.ini parse.exe
+
+
+
diff --git a/iniparser-4.1/example/iniexample.c b/iniparser-4.1/example/iniexample.c
new file mode 100644
index 0000000..81013f0
--- /dev/null
+++ b/iniparser-4.1/example/iniexample.c
@@ -0,0 +1,104 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "iniparser.h"
+
+void create_example_ini_file(void);
+int  parse_ini_file(char * ini_name);
+
+int main(int argc, char * argv[])
+{
+    int     status ;
+
+    if (argc<2) {
+        create_example_ini_file();
+        status = parse_ini_file("example.ini");
+    } else {
+        status = parse_ini_file(argv[1]);
+    }
+    return status ;
+}
+
+void create_example_ini_file(void)
+{
+    FILE    *   ini ;
+
+    if ((ini=fopen("example.ini", "w"))==NULL) {
+        fprintf(stderr, "iniparser: cannot create example.ini\n");
+        return ;
+    }
+
+    fprintf(ini,
+    "#\n"
+    "# This is an example of ini file\n"
+    "#\n"
+    "\n"
+    "[Pizza]\n"
+    "\n"
+    "Ham       = yes ;\n"
+    "Mushrooms = TRUE ;\n"
+    "Capres    = 0 ;\n"
+    "Cheese    = Non ;\n"
+    "\n"
+    "\n"
+    "[Wine]\n"
+    "\n"
+    "Grape     = Cabernet Sauvignon ;\n"
+    "Year      = 1989 ;\n"
+    "Country   = Spain ;\n"
+    "Alcohol   = 12.5  ;\n"
+    "\n");
+    fclose(ini);
+}
+
+
+int parse_ini_file(char * ini_name)
+{
+    dictionary  *   ini ;
+
+    /* Some temporary variables to hold query results */
+    int             b ;
+    int             i ;
+    double          d ;
+    const char  *   s ;
+
+    ini = iniparser_load(ini_name);
+    if (ini==NULL) {
+        fprintf(stderr, "cannot parse file: %s\n", ini_name);
+        return -1 ;
+    }
+    iniparser_dump(ini, stderr);
+
+    /* Get pizza attributes */
+    printf("Pizza:\n");
+
+    b = iniparser_getboolean(ini, "pizza:ham", -1);
+    printf("Ham:       [%d]\n", b);
+    b = iniparser_getboolean(ini, "pizza:mushrooms", -1);
+    printf("Mushrooms: [%d]\n", b);
+    b = iniparser_getboolean(ini, "pizza:capres", -1);
+    printf("Capres:    [%d]\n", b);
+    b = iniparser_getboolean(ini, "pizza:cheese", -1);
+    printf("Cheese:    [%d]\n", b);
+
+    /* Get wine attributes */
+    printf("Wine:\n");
+    s = iniparser_getstring(ini, "wine:grape", NULL);
+    printf("Grape:     [%s]\n", s ? s : "UNDEF");
+
+    i = iniparser_getint(ini, "wine:year", -1);
+    printf("Year:      [%d]\n", i);
+
+    s = iniparser_getstring(ini, "wine:country", NULL);
+    printf("Country:   [%s]\n", s ? s : "UNDEF");
+
+    d = iniparser_getdouble(ini, "wine:alcohol", -1.0);
+    printf("Alcohol:   [%g]\n", d);
+
+    iniparser_freedict(ini);
+    return 0 ;
+}
+
+
diff --git a/iniparser-4.1/example/parse.c b/iniparser-4.1/example/parse.c
new file mode 100644
index 0000000..37d07aa
--- /dev/null
+++ b/iniparser-4.1/example/parse.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "iniparser.h"
+
+int main(int argc, char * argv[])
+{
+    dictionary * ini ;
+    char       * ini_name ;
+
+    if (argc<2) {
+        ini_name = "twisted.ini";
+    } else {
+        ini_name = argv[1] ;
+    }
+
+    ini = iniparser_load(ini_name);
+    iniparser_dump(ini, stdout);
+    iniparser_freedict(ini);
+
+    return 0 ;
+}
diff --git a/iniparser-4.1/example/twisted-errors.ini b/iniparser-4.1/example/twisted-errors.ini
new file mode 100644
index 0000000..4dc3bbe
--- /dev/null
+++ b/iniparser-4.1/example/twisted-errors.ini
@@ -0,0 +1,9 @@
+#
+# All of these should trigger syntax errors
+#
+[section]
+hello
+world
+hello \
+world
+a + b ;
diff --git a/iniparser-4.1/example/twisted-genhuge.py b/iniparser-4.1/example/twisted-genhuge.py
new file mode 100644
index 0000000..570973c
--- /dev/null
+++ b/iniparser-4.1/example/twisted-genhuge.py
@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+import os
+import sys
+
+if __name__=="__main__":
+    f=open('twisted-massive.ini', 'w')
+    for i in range(100):
+        f.write('[%03d]\n' % i)
+        for j in range(100):
+            f.write('key-%03d=1;\n' % j)
+    f.close()
+
diff --git a/iniparser-4.1/example/twisted-ofkey.ini b/iniparser-4.1/example/twisted-ofkey.ini
new file mode 100644
index 0000000..4f2e72e
--- /dev/null
+++ b/iniparser-4.1/example/twisted-ofkey.ini
@@ -0,0 +1,66 @@
+# Stress testing buffers for overflows
+[long]
+# Shitload key size
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=1
+
diff --git a/iniparser-4.1/example/twisted-ofval.ini b/iniparser-4.1/example/twisted-ofval.ini
new file mode 100644
index 0000000..2a3cedf
--- /dev/null
+++ b/iniparser-4.1/example/twisted-ofval.ini
@@ -0,0 +1,56 @@
+# Shitload data size
+[long]
+a=\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890;
+
diff --git a/iniparser-4.1/example/twisted.ini b/iniparser-4.1/example/twisted.ini
new file mode 100644
index 0000000..86e549f
--- /dev/null
+++ b/iniparser-4.1/example/twisted.ini
@@ -0,0 +1,131 @@
+#
+# Twisted.ini
+# This file is meant for regression tests
+
+# Different blank settings around the equal sign
+[blanks]
+a=1
+b=1;
+c=1; comment
+d=1# comment
+
+e =1
+f =1;
+g =1; comment
+h =1# comment
+
+i= 1
+j= 1;
+k= 1; comment
+l= 1# comment
+
+m = 1
+n = 1;
+o = 1; comment
+p = 1# comment
+
+q=1 ;
+r=1 ; comment
+s=1 ;comment
+t=1 #comment
+
+# Empty values
+[empty]
+a = ''
+b = ""
+
+c = '' ;
+d = "" ;
+
+e = '' ; comment
+f = "" ; comment
+
+g =
+h = ;
+i = ; comment
+j = # comment
+
+k=
+l=;
+m=;comment
+n=#
+
+# Peculiar values
+[peculiar]
+a=';';
+b='#'#
+c=';';comment
+d='#'#comment
+e=\;
+f=\#
+g=\;comment
+h=\#comment
+i=;;
+j=##
+k=;;;;;;;;;;
+l=##########
+
+# Quotes
+[quotes]
+s1='
+s2=''
+s3='''
+s4=''''
+
+d1="
+d2=""
+d3="""
+d4=""""
+
+m1='"'
+m2="'"
+
+h1=hello'world
+h2='hello'world
+h3='hello'world'
+
+h4=hello"world
+h5="hello"world
+h6="hello"world"
+
+# Section names
+[a]
+[ b]
+[c ]
+[ d ]
+[ begin    end ]
+[ open[ ]
+
+# Multi-line inputs
+[multi]
+a = begin\
+end
+b = begin \
+end
+c = begin \
+ end
+d = 1\
+2\
+3\
+4
+e = 1 \ 
+    2 \ 
+    3 \  
+    4
+f = 1 ; \
+hidden = because of the preceding backslash multi-lining the comment ;
+visible = 1
+g = 1 #\
+and now this comment is hidden too \
+and this one too
+h = 1
+multi \
+line \
+key = 1
+multi \
+line \
+key = \
+multi \
+line \
+value ;
+# end of file
diff --git a/iniparser-4.1/src/dictionary.c b/iniparser-4.1/src/dictionary.c
new file mode 100644
index 0000000..7d6bc43
--- /dev/null
+++ b/iniparser-4.1/src/dictionary.c
@@ -0,0 +1,406 @@
+/*-------------------------------------------------------------------------*/
+/**
+   @file    dictionary.c
+   @author  N. Devillard
+   @brief   Implements a dictionary for string variables.
+
+   This module implements a simple dictionary object, i.e. a list
+   of string/string associations. This object is useful to store e.g.
+   informations retrieved from a configuration file (ini files).
+*/
+/*--------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------
+                                Includes
+ ---------------------------------------------------------------------------*/
+#include "dictionary.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+/** Maximum value size for integers and doubles. */
+#define MAXVALSZ    1024
+
+/** Minimal allocated number of entries in a dictionary */
+#define DICTMINSZ   128
+
+/** Invalid key token */
+#define DICT_INVALID_KEY    ((char*)-1)
+
+/*---------------------------------------------------------------------------
+                            Private functions
+ ---------------------------------------------------------------------------*/
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Duplicate a string
+  @param    s String to duplicate
+  @return   Pointer to a newly allocated string, to be freed with free()
+
+  This is a replacement for strdup(). This implementation is provided
+  for systems that do not have it.
+ */
+/*--------------------------------------------------------------------------*/
+static char * xstrdup(const char * s)
+{
+    char * t ;
+    size_t len ;
+    if (!s)
+        return NULL ;
+
+    len = strlen(s) + 1 ;
+    t = (char*) malloc(len) ;
+    if (t) {
+        memcpy(t, s, len) ;
+    }
+    return t ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Grow user data buffer if it is not large enough.
+  @param    dict Dictionary to operate on
+  @param    required_size Minimal expected size of user data buffer
+  @return   This function returns non-zero in case of failure
+ */
+/*--------------------------------------------------------------------------*/
+int prepare_user_data_buf(dictionary *dict, size_t required_size)
+{
+    char *tmp;
+
+    if (dict->user_data_len < required_size) {
+	tmp = realloc(dict->user_data, required_size);
+	if (!tmp)
+	    return -1;
+	dict->user_data = tmp;
+	dict->user_data_len = required_size;
+    }
+
+    return 0;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Double the size of the dictionary
+  @param    d Dictionary to grow
+  @return   This function returns non-zero in case of failure
+ */
+/*--------------------------------------------------------------------------*/
+static int dictionary_grow(dictionary * d)
+{
+    char        ** new_val ;
+    char        ** new_key ;
+    unsigned     * new_hash ;
+
+    new_val  = (char**) calloc(d->size * 2, sizeof *d->val);
+    new_key  = (char**) calloc(d->size * 2, sizeof *d->key);
+    new_hash = (unsigned*) calloc(d->size * 2, sizeof *d->hash);
+    if (!new_val || !new_key || !new_hash) {
+        /* An allocation failed, leave the dictionary unchanged */
+        if (new_val)
+            free(new_val);
+        if (new_key)
+            free(new_key);
+        if (new_hash)
+            free(new_hash);
+        return -1 ;
+    }
+    /* Initialize the newly allocated space */
+    memcpy(new_val, d->val, d->size * sizeof(char *));
+    memcpy(new_key, d->key, d->size * sizeof(char *));
+    memcpy(new_hash, d->hash, d->size * sizeof(unsigned));
+    /* Delete previous data */
+    free(d->val);
+    free(d->key);
+    free(d->hash);
+    /* Actually update the dictionary */
+    d->size *= 2 ;
+    d->val = new_val;
+    d->key = new_key;
+    d->hash = new_hash;
+    return 0 ;
+}
+
+/*---------------------------------------------------------------------------
+                            Function codes
+ ---------------------------------------------------------------------------*/
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Compute the hash key for a string.
+  @param    key     Character string to use for key.
+  @return   1 unsigned int on at least 32 bits.
+
+  This hash function has been taken from an Article in Dr Dobbs Journal.
+  This is normally a collision-free function, distributing keys evenly.
+  The key is stored anyway in the struct so that collision can be avoided
+  by comparing the key itself in last resort.
+ */
+/*--------------------------------------------------------------------------*/
+unsigned dictionary_hash(const char * key)
+{
+    size_t      len ;
+    unsigned    hash ;
+    size_t      i ;
+
+    if (!key)
+        return 0 ;
+
+    len = strlen(key);
+    for (hash=0, i=0 ; i<len ; i++) {
+        hash += (unsigned)key[i] ;
+        hash += (hash<<10);
+        hash ^= (hash>>6) ;
+    }
+    hash += (hash <<3);
+    hash ^= (hash >>11);
+    hash += (hash <<15);
+    return hash ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Create a new dictionary object.
+  @param    size    Optional initial size of the dictionary.
+  @return   1 newly allocated dictionary objet.
+
+  This function allocates a new dictionary object of given size and returns
+  it. If you do not know in advance (roughly) the number of entries in the
+  dictionary, give size=0.
+ */
+/*-------------------------------------------------------------------------*/
+dictionary * dictionary_new(size_t size)
+{
+    dictionary  *   d ;
+
+    /* If no size was specified, allocate space for DICTMINSZ */
+    if (size<DICTMINSZ) size=DICTMINSZ ;
+
+    d = (dictionary*) calloc(1, sizeof *d) ;
+
+    if (d) {
+        d->size = size ;
+        d->val  = (char**) calloc(size, sizeof *d->val);
+        d->key  = (char**) calloc(size, sizeof *d->key);
+        d->hash = (unsigned*) calloc(size, sizeof *d->hash);
+	d->user_data = NULL;
+	d->user_data_len = 0;
+    }
+    return d ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete a dictionary object
+  @param    d   dictionary object to deallocate.
+  @return   void
+
+  Deallocate a dictionary object and all memory associated to it.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_del(dictionary * d)
+{
+    ssize_t  i ;
+
+    if (d==NULL) return ;
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]!=NULL)
+            free(d->key[i]);
+        if (d->val[i]!=NULL)
+            free(d->val[i]);
+    }
+    free(d->val);
+    free(d->key);
+    free(d->hash);
+    free(d->user_data);
+    free(d);
+    return ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get a value from a dictionary.
+  @param    d       dictionary object to search.
+  @param    key     Key to look for in the dictionary.
+  @param    def     Default value to return if key not found.
+  @return   1 pointer to internally allocated character string.
+
+  This function locates a key in a dictionary and returns a pointer to its
+  value, or the passed 'def' pointer if no such key can be found in
+  dictionary. The returned character pointer points to data internal to the
+  dictionary object, you should not try to free it or modify it.
+ */
+/*--------------------------------------------------------------------------*/
+const char * dictionary_get(const dictionary * d, const char * key, const char * def)
+{
+    unsigned    hash ;
+    ssize_t      i ;
+
+    hash = dictionary_hash(key);
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]==NULL)
+            continue ;
+        /* Compare hash */
+        if (hash==d->hash[i]) {
+            /* Compare string, to avoid hash collisions */
+            if (!strcmp(key, d->key[i])) {
+                return d->val[i] ;
+            }
+        }
+    }
+    return def ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Set a value in a dictionary.
+  @param    d       dictionary object to modify.
+  @param    key     Key to modify or add.
+  @param    val     Value to add.
+  @return   int     0 if Ok, anything else otherwise
+
+  If the given key is found in the dictionary, the associated value is
+  replaced by the provided one. If the key cannot be found in the
+  dictionary, it is added to it.
+
+  It is Ok to provide a NULL value for val, but NULL values for the dictionary
+  or the key are considered as errors: the function will return immediately
+  in such a case.
+
+  Notice that if you dictionary_set a variable to NULL, a call to
+  dictionary_get will return a NULL value: the variable will be found, and
+  its value (NULL) is returned. In other words, setting the variable
+  content to NULL is equivalent to deleting the variable from the
+  dictionary. It is not possible (in this implementation) to have a key in
+  the dictionary without value.
+
+  This function returns non-zero in case of failure.
+ */
+/*--------------------------------------------------------------------------*/
+int dictionary_set(dictionary * d, const char * key, const char * val)
+{
+    ssize_t         i ;
+    unsigned       hash ;
+
+    if (d==NULL || key==NULL) return -1 ;
+
+    /* Compute hash for this key */
+    hash = dictionary_hash(key) ;
+    /* Find if value is already in dictionary */
+    if (d->n>0) {
+        for (i=0 ; i<d->size ; i++) {
+            if (d->key[i]==NULL)
+                continue ;
+            if (hash==d->hash[i]) { /* Same hash value */
+                if (!strcmp(key, d->key[i])) {   /* Same key */
+                    /* Found a value: modify and return */
+                    if (d->val[i]!=NULL)
+                        free(d->val[i]);
+                    d->val[i] = (val ? xstrdup(val) : NULL);
+                    /* Value has been modified: return */
+                    return 0 ;
+                }
+            }
+        }
+    }
+    /* Add a new value */
+    /* See if dictionary needs to grow */
+    if (d->n==d->size) {
+        /* Reached maximum size: reallocate dictionary */
+        if (dictionary_grow(d) != 0)
+            return -1;
+    }
+
+    /* Insert key in the first empty slot. Start at d->n and wrap at
+       d->size. Because d->n < d->size this will necessarily
+       terminate. */
+    for (i=d->n ; d->key[i] ; ) {
+        if(++i == d->size) i = 0;
+    }
+    /* Copy key */
+    d->key[i]  = xstrdup(key);
+    d->val[i]  = (val ? xstrdup(val) : NULL) ;
+    d->hash[i] = hash;
+    d->n ++ ;
+    return 0 ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete a key in a dictionary
+  @param    d       dictionary object to modify.
+  @param    key     Key to remove.
+  @return   void
+
+  This function deletes a key in a dictionary. Nothing is done if the
+  key cannot be found.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_unset(dictionary * d, const char * key)
+{
+    unsigned    hash ;
+    ssize_t      i ;
+
+    if (key == NULL || d == NULL) {
+        return;
+    }
+
+    hash = dictionary_hash(key);
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]==NULL)
+            continue ;
+        /* Compare hash */
+        if (hash==d->hash[i]) {
+            /* Compare string, to avoid hash collisions */
+            if (!strcmp(key, d->key[i])) {
+                /* Found key */
+                break ;
+            }
+        }
+    }
+    if (i>=d->size)
+        /* Key not found */
+        return ;
+
+    free(d->key[i]);
+    d->key[i] = NULL ;
+    if (d->val[i]!=NULL) {
+        free(d->val[i]);
+        d->val[i] = NULL ;
+    }
+    d->hash[i] = 0 ;
+    d->n -- ;
+    return ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Dump a dictionary to an opened file pointer.
+  @param    d   Dictionary to dump
+  @param    f   Opened file pointer.
+  @return   void
+
+  Dumps a dictionary onto an opened file pointer. Key pairs are printed out
+  as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as
+  output file pointers.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_dump(const dictionary * d, FILE * out)
+{
+    ssize_t  i ;
+
+    if (d==NULL || out==NULL) return ;
+    if (d->n<1) {
+        fprintf(out, "empty dictionary\n");
+        return ;
+    }
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]) {
+            fprintf(out, "%20s\t[%s]\n",
+                    d->key[i],
+                    d->val[i] ? d->val[i] : "UNDEF");
+        }
+    }
+    return ;
+}
diff --git a/iniparser-4.1/src/dictionary.h b/iniparser-4.1/src/dictionary.h
new file mode 100644
index 0000000..ddf1f1d
--- /dev/null
+++ b/iniparser-4.1/src/dictionary.h
@@ -0,0 +1,190 @@
+
+
+/*-------------------------------------------------------------------------*/
+/**
+   @file    dictionary.h
+   @author  N. Devillard
+   @brief   Implements a dictionary for string variables.
+
+   This module implements a simple dictionary object, i.e. a list
+   of string/string associations. This object is useful to store e.g.
+   informations retrieved from a configuration file (ini files).
+*/
+/*--------------------------------------------------------------------------*/
+
+#ifndef _DICTIONARY_H_
+#define _DICTIONARY_H_
+
+/*---------------------------------------------------------------------------
+                                Includes
+ ---------------------------------------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*---------------------------------------------------------------------------
+                                New types
+ ---------------------------------------------------------------------------*/
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Dictionary object
+
+  This object contains a list of string/string associations. Each
+  association is identified by a unique string key. Looking up values
+  in the dictionary is speeded up by the use of a (hopefully collision-free)
+  hash function.
+ */
+/*-------------------------------------------------------------------------*/
+typedef struct _dictionary_ {
+    char         *  user_data; /** Had to add this to make the program robust */
+    size_t          user_data_len; /** user_data buffer size */
+    int             n ;     /** Number of entries in dictionary */
+    ssize_t         size ;  /** Storage size */
+    char        **  val ;   /** List of string values */
+    char        **  key ;   /** List of string keys */
+    unsigned     *  hash ;  /** List of hash values for keys */
+} dictionary ;
+
+
+/*---------------------------------------------------------------------------
+                            Function prototypes
+ ---------------------------------------------------------------------------*/
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Grow user data buffer if it is not large enough.
+  @param    dict Dictionary to operate on
+  @param    required_size Minimal expected size of user data buffer
+  @return   This function returns non-zero in case of failure
+
+  If dict->user_data is too small to contain required_size bytes,
+  this function attempts to reallocate it into a bigger buffer and
+  updates dict->user_data_len accordingly.
+ */
+/*--------------------------------------------------------------------------*/
+  int prepare_user_data_buf(dictionary *dict, size_t required_size);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Compute the hash key for a string.
+  @param    key     Character string to use for key.
+  @return   1 unsigned int on at least 32 bits.
+
+  This hash function has been taken from an Article in Dr Dobbs Journal.
+  This is normally a collision-free function, distributing keys evenly.
+  The key is stored anyway in the struct so that collision can be avoided
+  by comparing the key itself in last resort.
+ */
+/*--------------------------------------------------------------------------*/
+unsigned dictionary_hash(const char * key);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Create a new dictionary object.
+  @param    size    Optional initial size of the dictionary.
+  @return   1 newly allocated dictionary objet.
+
+  This function allocates a new dictionary object of given size and returns
+  it. If you do not know in advance (roughly) the number of entries in the
+  dictionary, give size=0.
+ */
+/*--------------------------------------------------------------------------*/
+dictionary * dictionary_new(size_t size);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete a dictionary object
+  @param    d   dictionary object to deallocate.
+  @return   void
+
+  Deallocate a dictionary object and all memory associated to it.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_del(dictionary * vd);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get a value from a dictionary.
+  @param    d       dictionary object to search.
+  @param    key     Key to look for in the dictionary.
+  @param    def     Default value to return if key not found.
+  @return   1 pointer to internally allocated character string.
+
+  This function locates a key in a dictionary and returns a pointer to its
+  value, or the passed 'def' pointer if no such key can be found in
+  dictionary. The returned character pointer points to data internal to the
+  dictionary object, you should not try to free it or modify it.
+ */
+/*--------------------------------------------------------------------------*/
+const char * dictionary_get(const dictionary * d, const char * key, const char * def);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Set a value in a dictionary.
+  @param    d       dictionary object to modify.
+  @param    key     Key to modify or add.
+  @param    val     Value to add.
+  @return   int     0 if Ok, anything else otherwise
+
+  If the given key is found in the dictionary, the associated value is
+  replaced by the provided one. If the key cannot be found in the
+  dictionary, it is added to it.
+
+  It is Ok to provide a NULL value for val, but NULL values for the dictionary
+  or the key are considered as errors: the function will return immediately
+  in such a case.
+
+  Notice that if you dictionary_set a variable to NULL, a call to
+  dictionary_get will return a NULL value: the variable will be found, and
+  its value (NULL) is returned. In other words, setting the variable
+  content to NULL is equivalent to deleting the variable from the
+  dictionary. It is not possible (in this implementation) to have a key in
+  the dictionary without value.
+
+  This function returns non-zero in case of failure.
+ */
+/*--------------------------------------------------------------------------*/
+int dictionary_set(dictionary * vd, const char * key, const char * val);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete a key in a dictionary
+  @param    d       dictionary object to modify.
+  @param    key     Key to remove.
+  @return   void
+
+  This function deletes a key in a dictionary. Nothing is done if the
+  key cannot be found.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_unset(dictionary * d, const char * key);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Dump a dictionary to an opened file pointer.
+  @param    d   Dictionary to dump
+  @param    f   Opened file pointer.
+  @return   void
+
+  Dumps a dictionary onto an opened file pointer. Key pairs are printed out
+  as @c [Key]=[Value], one per line. It is Ok to provide stdout or stderr as
+  output file pointers.
+ */
+/*--------------------------------------------------------------------------*/
+void dictionary_dump(const dictionary * d, FILE * out);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/iniparser-4.1/src/getline.c b/iniparser-4.1/src/getline.c
new file mode 100644
index 0000000..4fde05b
--- /dev/null
+++ b/iniparser-4.1/src/getline.c
@@ -0,0 +1,58 @@
+/* The original code is public domain -- Will Hartung 4/9/09 */
+/* Modifications, public domain as well, by Antti Haapala, 11/10/17 */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdint.h>
+
+ssize_t _getline(char **lineptr, size_t *n, FILE *stream,
+		 int (*fgetc_impl)(FILE*)) {
+    size_t pos;
+    int c;
+
+    if (lineptr == NULL || stream == NULL || n == NULL) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    c = fgetc_impl(stream);
+    if (c == EOF) {
+        return -1;
+    }
+
+    if (*lineptr == NULL) {
+        *lineptr = malloc(128);
+        if (*lineptr == NULL) {
+            return -1;
+        }
+        *n = 128;
+    }
+
+    pos = 0;
+    while(c != EOF) {
+        if (pos + 1 >= *n) {
+	    char *new_ptr;
+            size_t new_size = *n + (*n >> 2);
+            if (new_size < 128) {
+                new_size = 128;
+            }
+            new_ptr = realloc(*lineptr, new_size);
+            if (new_ptr == NULL) {
+                return -1;
+            }
+            *n = new_size;
+            *lineptr = new_ptr;
+        }
+
+        ((unsigned char *)(*lineptr))[pos ++] = c;
+        if (c == '\n') {
+            break;
+        }
+        c = fgetc_impl(stream);
+    }
+
+    (*lineptr)[pos] = '\0';
+    return pos;
+}
diff --git a/iniparser-4.1/src/iniparser.c b/iniparser-4.1/src/iniparser.c
new file mode 100644
index 0000000..d3be382
--- /dev/null
+++ b/iniparser-4.1/src/iniparser.c
@@ -0,0 +1,938 @@
+
+/*-------------------------------------------------------------------------*/
+/**
+   @file    iniparser.c
+   @author  N. Devillard
+   @brief   Parser for ini files.
+*/
+/*--------------------------------------------------------------------------*/
+/*---------------------------- Includes ------------------------------------*/
+#include <ctype.h>
+#include <stdarg.h>
+#include <errno.h>
+#include "iniparser.h"
+
+ssize_t _getline(char **lineptr, size_t *n, FILE *stream,
+		 int (*fgetc_impl)(FILE*));
+
+/*---------------------------- Defines -------------------------------------*/
+#define INI_INVALID_KEY     ((char*)-1)
+
+/*---------------------------------------------------------------------------
+                        Private to this module
+ ---------------------------------------------------------------------------*/
+/**
+ * This enum stores the status for each parsed line (internal use only).
+ */
+typedef enum _line_status_ {
+    LINE_ERROR,
+    LINE_EMPTY,
+    LINE_COMMENT,
+    LINE_SECTION,
+    LINE_VALUE
+} line_status ;
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Convert a string to lowercase.
+  @param    in   String to convert.
+  @param    out Output buffer.
+  @param    len Size of the out buffer.
+  @return   ptr to the out buffer or NULL if an error occured.
+
+  This function convert a string into lowercase.
+  At most len - 1 elements of the input string will be converted.
+ */
+/*--------------------------------------------------------------------------*/
+static const char * strlwc(const char * in, char *out, unsigned len)
+{
+    unsigned i ;
+
+    if (in==NULL || out == NULL || len==0) return NULL ;
+    i=0 ;
+    while (in[i] != '\0' && i < len-1) {
+        out[i] = (char)tolower((int)in[i]);
+        i++ ;
+    }
+    out[i] = '\0';
+    return out ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Convert a string to lowercase in-place.
+  @param    in   String to convert.
+  @return   value of in argument.
+
+  This function convert a string into lowercase.
+ */
+/*--------------------------------------------------------------------------*/
+static char *strlwc_in_place(char *in)
+{
+    unsigned i ;
+
+    if (in == NULL)
+	return NULL;
+
+    i = 0;
+    while (in[i] != '\0') {
+        in[i] = tolower(in[i]);
+        i++;
+    }
+
+    return in;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Find substrings without blanks at the beginning nor end.
+  @param    s String to parse.
+  @param    s_end End of string to parse.
+  @param    begin Place to store pointer to the beginning of substring or NULL.
+  @param    end Place to store pointer to the end of substring or NULL.
+  @return   unsigned New size of the string.
+ */
+/*--------------------------------------------------------------------------*/
+static size_t strstrip(char *s, char *s_end,
+		       char **begin, char **end)
+{
+    char *_begin, *_end;
+  
+    _begin = s;
+    _end = s_end;
+
+    while (_begin < _end && isspace((int) *_begin))
+	   _begin++;
+
+    while (_begin < _end && isspace((int) *(_end - 1)))
+	   _end--;
+
+    if (begin)
+	*begin = _begin;
+    if (end)
+	*end = _end;
+    return _end - _begin;
+}
+
+/**
+ * This variable defines, whether multiline values should be parsed.
+ */
+static int process_multiline = 1;
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure whether to parse multiline values.
+  @param    process_multiline  Boolean (0 or 1) value.
+
+  By default, multiline values will be parsed. If someone puts into their .ini
+  file 2 lines like those:
+
+      outputdir=c:\temp\
+      save_subject=1
+
+  then we're screwed. All will be treated as if it was on one line.
+  This function makes it possible to disable this linebreak feature.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_set_process_multiline(int process)
+{
+  process_multiline = process;
+}
+
+/**
+ * This variable points to the function, that should be used for reading data.
+ */
+static int (*fgetc_impl)(FILE*) = fgetc;
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure a function to read file.
+  @param    impl  Function to call.
+
+  By default, fgetc() will be used for reading files. If a null pointer is passed
+  as impl the reading callback will be switched back to default.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_set_fgetc_impl(int (*impl)(FILE*))
+{
+  if (impl)
+    fgetc_impl = impl;
+  else
+    fgetc_impl = fgetc;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Default error callback for iniparser: wraps `fprintf(stderr, ...)`.
+ */
+/*--------------------------------------------------------------------------*/
+static int default_error_callback(const char *format, ...)
+{
+  int ret;
+  va_list argptr;
+  va_start(argptr, format);
+  ret = vfprintf(stderr, format, argptr);
+  va_end(argptr);
+  return ret;
+}
+
+static int (*iniparser_error_callback)(const char*, ...) = default_error_callback;
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure a function to receive the error messages.
+  @param    errback  Function to call.
+
+  By default, the error will be printed on stderr. If a null pointer is passed
+  as errback the error callback will be switched back to default.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_set_error_callback(int (*errback)(const char *, ...))
+{
+  if (errback) {
+    iniparser_error_callback = errback;
+  } else {
+    iniparser_error_callback = default_error_callback;
+  }
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get number of sections in a dictionary
+  @param    d   Dictionary to examine
+  @return   int Number of sections found in dictionary
+
+  This function returns the number of sections found in a dictionary.
+  The test to recognize sections is done on the string stored in the
+  dictionary: a section name is given as "section" whereas a key is
+  stored as "section:key", thus the test looks for entries that do not
+  contain a colon.
+
+  This clearly fails in the case a section name contains a colon, but
+  this should simply be avoided.
+
+  This function returns -1 in case of error.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getnsec(const dictionary * d)
+{
+    int i ;
+    int nsec ;
+
+    if (d==NULL) return -1 ;
+    nsec=0 ;
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]==NULL)
+            continue ;
+        if (strchr(d->key[i], ':')==NULL) {
+            nsec ++ ;
+        }
+    }
+    return nsec ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get name for section n in a dictionary.
+  @param    d   Dictionary to examine
+  @param    n   Section number (from 0 to nsec-1).
+  @return   Pointer to char string
+
+  This function locates the n-th section in a dictionary and returns
+  its name as a pointer to a string statically allocated inside the
+  dictionary. Do not free or modify the returned string!
+
+  This function returns NULL in case of error.
+ */
+/*--------------------------------------------------------------------------*/
+const char * iniparser_getsecname(const dictionary * d, int n)
+{
+    int i ;
+    int foundsec ;
+
+    if (d==NULL || n<0) return NULL ;
+    foundsec=0 ;
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]==NULL)
+            continue ;
+        if (strchr(d->key[i], ':')==NULL) {
+            foundsec++ ;
+            if (foundsec>n)
+                break ;
+        }
+    }
+    if (foundsec<=n) {
+        return NULL ;
+    }
+    return d->key[i] ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Dump a dictionary to an opened file pointer.
+  @param    d   Dictionary to dump.
+  @param    f   Opened file pointer to dump to.
+  @return   void
+
+  This function prints out the contents of a dictionary, one element by
+  line, onto the provided file pointer. It is OK to specify @c stderr
+  or @c stdout as output files. This function is meant for debugging
+  purposes mostly.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_dump(const dictionary * d, FILE * f)
+{
+    int     i ;
+
+    if (d==NULL || f==NULL) return ;
+    for (i=0 ; i<d->size ; i++) {
+        if (d->key[i]==NULL)
+            continue ;
+        if (d->val[i]!=NULL) {
+            fprintf(f, "[%s]=[%s]\n", d->key[i], d->val[i]);
+        } else {
+            fprintf(f, "[%s]=UNDEF\n", d->key[i]);
+        }
+    }
+    return ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Save a dictionary to a loadable ini file
+  @param    d   Dictionary to dump
+  @param    f   Opened file pointer to dump to
+  @return   void
+
+  This function dumps a given dictionary into a loadable ini file.
+  It is Ok to specify @c stderr or @c stdout as output files.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_dump_ini(const dictionary * d, FILE * f)
+{
+    int          i ;
+    int          nsec ;
+    const char * secname ;
+
+    if (d==NULL || f==NULL) return ;
+
+    nsec = iniparser_getnsec(d);
+    if (nsec<1) {
+        /* No section in file: dump all keys as they are */
+        for (i=0 ; i<d->size ; i++) {
+            if (d->key[i]==NULL)
+                continue ;
+            fprintf(f, "%s = %s\n", d->key[i], d->val[i]);
+        }
+        return ;
+    }
+    for (i=0 ; i<nsec ; i++) {
+        secname = iniparser_getsecname(d, i) ;
+        iniparser_dumpsection_ini(d, secname, f);
+    }
+    fprintf(f, "\n");
+    return ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Save a dictionary section to a loadable ini file
+  @param    d   Dictionary to dump
+  @param    s   Section name of dictionary to dump
+  @param    f   Opened file pointer to dump to
+  @return   void
+
+  This function dumps a given section of a given dictionary into a loadable ini
+  file.  It is Ok to specify @c stderr or @c stdout as output files.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
+{
+    size_t j, len;
+
+    if (d == NULL || f == NULL)
+	return;
+    if (!iniparser_find_entry(d, s))
+	return;
+
+    fprintf(f, "\n[%s]\n", s);
+
+    len = strlen(s) + 1;
+
+    strlwc(s, d->user_data, len);
+    d->user_data[len - 1] = ':';
+
+    for (j = 0 ; j < (size_t) d->size ; j++) {
+        if (d->key[j]==NULL)
+            continue;
+        if (!strncmp(d->key[j], d->user_data, len)) {
+            fprintf(f,
+                    "%-30s = %s\n",
+                    d->key[j]+len,
+                    d->val[j] ? d->val[j] : "");
+        }
+    }
+
+    fprintf(f, "\n");
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the number of keys in a section of a dictionary.
+  @param    d   Dictionary to examine
+  @param    s   Section name of dictionary to examine
+  @return   Number of keys in section
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getsecnkeys(const dictionary * d, const char * s)
+{
+    size_t len, nkeys;
+    size_t j;
+
+    nkeys = 0;
+
+    if (d == NULL)
+	return nkeys;
+    if (! iniparser_find_entry(d, s))
+	return nkeys;
+
+    len = strlen(s) + 1;
+    if (len + 1 > d->user_data_len)
+	return nkeys;
+
+    strlwc(s, d->user_data, len);
+    d->user_data[len - 1] = ':';
+
+    for (j = 0 ; j < (size_t) d->size; j++) {
+        if (d->key[j] == NULL)
+            continue;
+        if (!strncmp(d->key[j], d->user_data, len))
+            nkeys++;
+    }
+
+    return nkeys;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the number of keys in a section of a dictionary.
+  @param    d    Dictionary to examine
+  @param    s    Section name of dictionary to examine
+  @param    keys Already allocated array to store the keys in
+  @return   The pointer passed as `keys` argument or NULL in case of error
+
+  This function queries a dictionary and finds all keys in a given section.
+  The keys argument should be an array of pointers which size has been
+  determined by calling `iniparser_getsecnkeys` function prior to this one.
+
+  Each pointer in the returned char pointer-to-pointer is pointing to
+  a string allocated in the dictionary; do not free or modify them.
+ */
+/*--------------------------------------------------------------------------*/
+const char ** iniparser_getseckeys(const dictionary * d, const char * s, const char ** keys)
+{
+    size_t i, j, len;
+
+    if (d == NULL || keys == NULL)
+	return NULL;
+    if (! iniparser_find_entry(d, s))
+	return NULL;
+
+    len = strlen(s) + 1;
+    strlwc(s, d->user_data, len);
+    d->user_data[len - 1] = ':';
+
+    i = 0;
+
+    for (j = 0; j < (size_t) d->size; j++) {
+        if (d->key[j]==NULL)
+            continue ;
+        if (!strncmp(d->key[j], d->user_data, len)) {
+            keys[i] = d->key[j];
+            i++;
+        }
+    }
+
+    return keys;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key
+  @param    d       Dictionary to search
+  @param    key     Key string to look for
+  @param    def     Default value to return if key not found.
+  @return   pointer to statically allocated character string
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the pointer passed as 'def' is returned.
+  The returned char pointer is pointing to a string allocated in
+  the dictionary, do not free or modify it.
+ */
+/*--------------------------------------------------------------------------*/
+const char * iniparser_getstring(const dictionary * d, const char * key,
+				 const char * def)
+{
+    const char * sval;
+    size_t len = strlen(key) + 1;
+
+    if (d==NULL || key==NULL)
+        return def;
+
+    if (len > d->user_data_len)
+	return def;
+
+    strlwc(key, d->user_data, len);
+    sval = dictionary_get(d, d->user_data, def);
+    return sval ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to an long int
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   long integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  Supported values for integers include the usual C notation
+  so decimal, octal (starting with 0) and hexadecimal (starting with 0x)
+  are supported. Examples:
+
+  "42"      ->  42
+  "042"     ->  34 (octal -> decimal)
+  "0x42"    ->  66 (hexa  -> decimal)
+
+  Warning: the conversion may overflow in various ways. Conversion is
+  totally outsourced to strtol(), see the associated man page for overflow
+  handling.
+
+  Credits: Thanks to A. Becker for suggesting strtol()
+ */
+/*--------------------------------------------------------------------------*/
+long int iniparser_getlongint(const dictionary * d, const char * key, long int notfound)
+{
+    const char * str ;
+
+    str = iniparser_getstring(d, key, INI_INVALID_KEY);
+    if (str==INI_INVALID_KEY) return notfound ;
+    return strtol(str, NULL, 0);
+}
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to an int
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  Supported values for integers include the usual C notation
+  so decimal, octal (starting with 0) and hexadecimal (starting with 0x)
+  are supported. Examples:
+
+  "42"      ->  42
+  "042"     ->  34 (octal -> decimal)
+  "0x42"    ->  66 (hexa  -> decimal)
+
+  Warning: the conversion may overflow in various ways. Conversion is
+  totally outsourced to strtol(), see the associated man page for overflow
+  handling.
+
+  Credits: Thanks to A. Becker for suggesting strtol()
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getint(const dictionary * d, const char * key, int notfound)
+{
+    return (int)iniparser_getlongint(d, key, notfound);
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to a double
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   double
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+ */
+/*--------------------------------------------------------------------------*/
+double iniparser_getdouble(const dictionary * d, const char * key, double notfound)
+{
+    const char * str ;
+
+    str = iniparser_getstring(d, key, INI_INVALID_KEY);
+    if (str==INI_INVALID_KEY) return notfound ;
+    return atof(str);
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to a boolean
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  A true boolean is found if one of the following is matched:
+
+  - A string starting with 'y'
+  - A string starting with 'Y'
+  - A string starting with 't'
+  - A string starting with 'T'
+  - A string starting with '1'
+
+  A false boolean is found if one of the following is matched:
+
+  - A string starting with 'n'
+  - A string starting with 'N'
+  - A string starting with 'f'
+  - A string starting with 'F'
+  - A string starting with '0'
+
+  The notfound value returned if no boolean is identified, does not
+  necessarily have to be 0 or 1.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getboolean(const dictionary * d, const char * key, int notfound)
+{
+    int          ret ;
+    const char * c ;
+
+    c = iniparser_getstring(d, key, INI_INVALID_KEY);
+    if (c==INI_INVALID_KEY) return notfound ;
+    if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') {
+        ret = 1 ;
+    } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') {
+        ret = 0 ;
+    } else {
+        ret = notfound ;
+    }
+    return ret;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Finds out if a given entry exists in a dictionary
+  @param    ini     Dictionary to search
+  @param    entry   Name of the entry to look for
+  @return   integer 1 if entry exists, 0 otherwise
+
+  Finds out if a given entry exists in the dictionary. Since sections
+  are stored as keys with NULL associated values, this is the only way
+  of querying for the presence of sections in a dictionary.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_find_entry(const dictionary * ini, const char * entry)
+{
+    int found=0 ;
+    if (iniparser_getstring(ini, entry, INI_INVALID_KEY)!=INI_INVALID_KEY) {
+        found = 1 ;
+    }
+    return found ;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Set an entry in a dictionary.
+  @param    ini     Dictionary to modify.
+  @param    entry   Entry to modify (entry name)
+  @param    val     New value to associate to the entry.
+  @return   int 0 if Ok, -1 otherwise.
+
+  If the given entry can be found in the dictionary, it is modified to
+  contain the provided value. If it cannot be found, the entry is created.
+  It is Ok to set val to NULL.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_set(dictionary * ini, const char * entry, const char * val)
+{
+    size_t len = strlen(entry) + 1;
+    int result;
+
+    if (prepare_user_data_buf(ini, len))
+	return -1;
+
+    result = dictionary_set(ini, strlwc(entry, ini->user_data, len), val);
+
+    return result;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete an entry in a dictionary
+  @param    ini     Dictionary to modify
+  @param    entry   Entry to delete (entry name)
+  @return   void
+
+  If the given entry can be found, it is deleted from the dictionary.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_unset(dictionary * ini, const char * entry)
+{
+    size_t len = strlen(entry) + 1;
+    if (len <= ini->user_data_len)
+	dictionary_unset(ini, strlwc(entry, ini->user_data, len));
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Load a single line from an INI file
+  @param    input_line  Input line, may be concatenated multi-line input
+  @param    section     Output place to store section
+  @param    key         Output place to store key
+  @param    value       Output place to store value
+  @return   line_status value
+ */
+/*--------------------------------------------------------------------------*/
+static line_status iniparser_line(
+    char * input_line,
+    char ** section,
+    char ** key,
+    char ** value)
+{
+    char *line, *line_end, *substr, *substr_end, *tmp;
+
+    strstrip(input_line, input_line + strlen(input_line), &line, &line_end);
+
+    if (*line == ';' || *line == '#') {
+        /* Comment line */
+	return LINE_COMMENT;
+    }
+    if (line == line_end) {
+	return LINE_EMPTY;
+    }
+    if (line[0] == '[' && line_end[-1] == ']') {
+        /* Section name */
+	strstrip(line + 1, line_end - 1, &substr, &substr_end);
+	*substr_end = '\0';
+	*section = strlwc_in_place(substr);
+	return LINE_SECTION;
+    }
+
+    /* Key and value */
+    substr = line;
+    substr_end = substr;
+    while (*substr_end != '=') {
+	if (++substr_end == line_end)
+	    break;
+    }
+    if (substr_end == line_end)
+	return LINE_ERROR;
+    tmp = substr_end;
+
+    /* Get key */
+    strstrip(substr, substr_end, &substr, &substr_end);
+    *substr_end = '\0';
+    *key = strlwc_in_place(substr);
+
+    /* Get value */
+    substr = tmp + 1;
+    substr_end = line_end;
+    strstrip(substr, substr_end, &substr, &substr_end);
+    *substr_end = '\0';
+
+    if ((substr[0] == '\'' && (tmp = strchr(substr + 1, '\''))) ||
+	(substr[0] == '"' && (tmp = strchr(substr + 1, '"')))) {
+	/* Handle quoted values */
+	substr++;
+	substr_end = tmp;
+    } else {
+	/* Handle comments */
+	for (tmp = substr; *tmp; tmp++) {
+	    if (*tmp == ';' || *tmp == '#')
+		break;
+	}
+	if (*tmp)
+	    strstrip(substr, tmp, &substr, &substr_end);
+    }	
+
+    *substr_end = '\0';
+    *value = substr;
+
+    return LINE_VALUE;
+}
+
+static char empty_string[] = "";
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Parse an ini file and return an allocated dictionary object
+  @param    ininame Name of the ini file to read.
+  @return   Pointer to newly allocated dictionary
+
+  This is the parser for ini files. This function is called, providing
+  the name of the file to be read. It returns a dictionary object that
+  should not be accessed directly, but through accessor functions
+  instead.
+
+  The returned dictionary must be freed using iniparser_freedict().
+ */
+/*--------------------------------------------------------------------------*/
+dictionary * iniparser_load(const char * ininame)
+{
+    FILE * in = NULL;
+
+    char *read_buf = NULL;
+    size_t read_buf_len = 0;
+    ssize_t read_len;
+
+    char *line = NULL, *tmp;
+    size_t line_len = 0;
+    int append_to_line = 0;
+
+    char *section;
+    char *key;
+    char *val;
+
+    const char *current_section = empty_string;
+
+    int  lineno = 0;
+    int  errs = 0;
+    int  sections = 0;
+
+    dictionary * dict;
+
+    if ((in=fopen(ininame, "r"))==NULL) {
+        iniparser_error_callback("iniparser: cannot open %s\n", ininame);
+	return NULL;
+    }
+
+    dict = dictionary_new(0) ;
+    if (!dict)
+        goto fail;
+
+    while (1) {
+        errno = 0;
+        read_len = _getline(&read_buf, &read_buf_len, in, fgetc_impl);
+	if (read_len < 1) {
+	    if (errno)
+	        goto fail;
+	    break;
+	}
+	/* printf("read buf: %s", read_buf); */
+	if (read_buf[read_len - 1] == '\n')
+	    read_buf[--read_len] = '\0';
+
+        lineno++;
+
+	if (append_to_line) {
+	    if (read_len > 0) {
+	        tmp = realloc(line, line_len + read_len + 1);
+		if (!tmp)
+		    goto fail;
+		line = tmp;
+		memcpy(line + line_len, read_buf, read_len + 1);
+		line_len += read_len;
+	    }
+	} else {
+	    line = malloc(read_len + 1);
+	    if (!line)
+	        goto fail;
+	    memcpy(line, read_buf, read_len + 1);
+	    line_len = read_len;
+	}
+
+        /* Detect multi-line */
+	append_to_line = 0;
+        if (process_multiline) {
+	    tmp = strrchr(line, '\\');
+	    if (tmp && !strstrip(tmp + 1, line + line_len, NULL, NULL)) {
+		/* Multi-line value */
+		line_len = tmp - line;
+		line[line_len] = '\0';
+		append_to_line = 1;
+		continue;
+	    }
+	}
+
+        switch (iniparser_line(line, &section, &key, &val)) {
+	case LINE_EMPTY:
+	case LINE_COMMENT:
+            break;
+
+	case LINE_SECTION:
+	    if (prepare_user_data_buf(dict, strlen(current_section) + 2))
+		goto fail;
+
+            if (dictionary_set(dict, section, NULL) < 0)
+		goto fail;
+	    current_section = iniparser_getsecname(dict, sections++);
+	    break;
+
+	case LINE_VALUE:
+	    if (prepare_user_data_buf
+		(dict, strlen(current_section) + strlen(key) + 2))
+		goto fail;
+
+            sprintf(dict->user_data, "%s:%s", current_section, key);
+
+            if (dictionary_set(dict, dict->user_data, val))
+		goto fail;
+            break;
+
+	case LINE_ERROR:
+            iniparser_error_callback(
+		"iniparser: syntax error in %s (%d):\n-> %s\n",
+		ininame,
+		lineno,
+		line);
+            errs++;
+            break;
+
+	default:
+            break;
+        }
+
+	free(line);
+    }
+    if (errs) {
+        dictionary_del(dict);
+        dict = NULL;
+    }
+    free(read_buf);
+    fclose(in);
+    return dict;
+
+fail:
+    if (in)
+        fclose(in);
+    dictionary_del(dict);
+    free(read_buf);
+    free(line);
+    iniparser_error_callback("iniparser: memory allocation failure\n");
+    return NULL;
+}
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Free all memory associated to an ini dictionary
+  @param    d Dictionary to free
+  @return   void
+
+  Free all memory associated to an ini dictionary.
+  It is mandatory to call this function before the dictionary object
+  gets out of the current context.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_freedict(dictionary * d)
+{
+    dictionary_del(d);
+}
diff --git a/iniparser-4.1/src/iniparser.h b/iniparser-4.1/src/iniparser.h
new file mode 100644
index 0000000..e00530d
--- /dev/null
+++ b/iniparser-4.1/src/iniparser.h
@@ -0,0 +1,386 @@
+
+/*-------------------------------------------------------------------------*/
+/**
+   @file    iniparser.h
+   @author  N. Devillard
+   @brief   Parser for ini files.
+*/
+/*--------------------------------------------------------------------------*/
+
+#ifndef _INIPARSER_H_
+#define _INIPARSER_H_
+
+/*---------------------------------------------------------------------------
+                                Includes
+ ---------------------------------------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * The following #include is necessary on many Unixes but not Linux.
+ * It is not needed for Windows platforms.
+ * Uncomment it if needed.
+ */
+/* #include <unistd.h> */
+
+#include "dictionary.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure a function to receive the error messages.
+  @param    errback  Function to call.
+
+  By default, the error will be printed on stderr. If a null pointer is passed
+  as errback the error callback will be switched back to default.
+ */
+/*--------------------------------------------------------------------------*/
+
+void iniparser_set_error_callback(int (*errback)(const char *, ...));
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure whether to parse multiline values.
+  @param    process_multiline  Boolean (0 or 1) value.
+
+  By default, multiline values will be parsed. If someone puts into their .ini
+  file 2 lines like those:
+
+      outputdir=c:\temp\
+      save_subject=1
+
+  then we're screwed. All will be treated as if it was on one line.
+  This function makes it possible to disable this linebreak feature.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_set_process_multiline(int process);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Configure a function to read file.
+  @param    impl  Function to call.
+
+  By default, fgetc() will be used for reading files. If a null pointer is passed
+  as impl the reading callback will be switched back to default.
+ */
+/*--------------------------------------------------------------------------*/
+  void iniparser_set_fgetc_impl(int (*impl)(FILE*));
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get number of sections in a dictionary
+  @param    d   Dictionary to examine
+  @return   int Number of sections found in dictionary
+
+  This function returns the number of sections found in a dictionary.
+  The test to recognize sections is done on the string stored in the
+  dictionary: a section name is given as "section" whereas a key is
+  stored as "section:key", thus the test looks for entries that do not
+  contain a colon.
+
+  This clearly fails in the case a section name contains a colon, but
+  this should simply be avoided.
+
+  This function returns -1 in case of error.
+ */
+/*--------------------------------------------------------------------------*/
+
+int iniparser_getnsec(const dictionary * d);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get name for section n in a dictionary.
+  @param    d   Dictionary to examine
+  @param    n   Section number (from 0 to nsec-1).
+  @return   Pointer to char string
+
+  This function locates the n-th section in a dictionary and returns
+  its name as a pointer to a string statically allocated inside the
+  dictionary. Do not free or modify the returned string!
+
+  This function returns NULL in case of error.
+ */
+/*--------------------------------------------------------------------------*/
+
+const char * iniparser_getsecname(const dictionary * d, int n);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Save a dictionary to a loadable ini file
+  @param    d   Dictionary to dump
+  @param    f   Opened file pointer to dump to
+  @return   void
+
+  This function dumps a given dictionary into a loadable ini file.
+  It is Ok to specify @c stderr or @c stdout as output files.
+ */
+/*--------------------------------------------------------------------------*/
+
+void iniparser_dump_ini(const dictionary * d, FILE * f);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Save a dictionary section to a loadable ini file
+  @param    d   Dictionary to dump
+  @param    s   Section name of dictionary to dump
+  @param    f   Opened file pointer to dump to
+  @return   void
+
+  This function dumps a given section of a given dictionary into a loadable ini
+  file.  It is Ok to specify @c stderr or @c stdout as output files.
+ */
+/*--------------------------------------------------------------------------*/
+
+void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Dump a dictionary to an opened file pointer.
+  @param    d   Dictionary to dump.
+  @param    f   Opened file pointer to dump to.
+  @return   void
+
+  This function prints out the contents of a dictionary, one element by
+  line, onto the provided file pointer. It is OK to specify @c stderr
+  or @c stdout as output files. This function is meant for debugging
+  purposes mostly.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_dump(const dictionary * d, FILE * f);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the number of keys in a section of a dictionary.
+  @param    d   Dictionary to examine
+  @param    s   Section name of dictionary to examine
+  @return   Number of keys in section
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getsecnkeys(const dictionary * d, const char * s);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the number of keys in a section of a dictionary.
+  @param    d    Dictionary to examine
+  @param    s    Section name of dictionary to examine
+  @param    keys Already allocated array to store the keys in
+  @return   The pointer passed as `keys` argument or NULL in case of error
+
+  This function queries a dictionary and finds all keys in a given section.
+  The keys argument should be an array of pointers which size has been
+  determined by calling `iniparser_getsecnkeys` function prior to this one.
+
+  Each pointer in the returned char pointer-to-pointer is pointing to
+  a string allocated in the dictionary; do not free or modify them.
+ */
+/*--------------------------------------------------------------------------*/
+const char ** iniparser_getseckeys(const dictionary * d, const char * s, const char ** keys);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key
+  @param    d       Dictionary to search
+  @param    key     Key string to look for
+  @param    def     Default value to return if key not found.
+  @return   pointer to statically allocated character string
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the pointer passed as 'def' is returned.
+  The returned char pointer is pointing to a string allocated in
+  the dictionary, do not free or modify it.
+ */
+/*--------------------------------------------------------------------------*/
+const char * iniparser_getstring(const dictionary * d, const char * key, const char * def);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to an int
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  Supported values for integers include the usual C notation
+  so decimal, octal (starting with 0) and hexadecimal (starting with 0x)
+  are supported. Examples:
+
+  - "42"      ->  42
+  - "042"     ->  34 (octal -> decimal)
+  - "0x42"    ->  66 (hexa  -> decimal)
+
+  Warning: the conversion may overflow in various ways. Conversion is
+  totally outsourced to strtol(), see the associated man page for overflow
+  handling.
+
+  Credits: Thanks to A. Becker for suggesting strtol()
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getint(const dictionary * d, const char * key, int notfound);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to an long int
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  Supported values for integers include the usual C notation
+  so decimal, octal (starting with 0) and hexadecimal (starting with 0x)
+  are supported. Examples:
+
+  - "42"      ->  42
+  - "042"     ->  34 (octal -> decimal)
+  - "0x42"    ->  66 (hexa  -> decimal)
+
+  Warning: the conversion may overflow in various ways. Conversion is
+  totally outsourced to strtol(), see the associated man page for overflow
+  handling.
+ */
+/*--------------------------------------------------------------------------*/
+long int iniparser_getlongint(const dictionary * d, const char * key, long int notfound);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to a double
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   double
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+ */
+/*--------------------------------------------------------------------------*/
+double iniparser_getdouble(const dictionary * d, const char * key, double notfound);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Get the string associated to a key, convert to a boolean
+  @param    d Dictionary to search
+  @param    key Key string to look for
+  @param    notfound Value to return in case of error
+  @return   integer
+
+  This function queries a dictionary for a key. A key as read from an
+  ini file is given as "section:key". If the key cannot be found,
+  the notfound value is returned.
+
+  A true boolean is found if one of the following is matched:
+
+  - A string starting with 'y'
+  - A string starting with 'Y'
+  - A string starting with 't'
+  - A string starting with 'T'
+  - A string starting with '1'
+
+  A false boolean is found if one of the following is matched:
+
+  - A string starting with 'n'
+  - A string starting with 'N'
+  - A string starting with 'f'
+  - A string starting with 'F'
+  - A string starting with '0'
+
+  The notfound value returned if no boolean is identified, does not
+  necessarily have to be 0 or 1.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_getboolean(const dictionary * d, const char * key, int notfound);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Set an entry in a dictionary.
+  @param    ini     Dictionary to modify.
+  @param    entry   Entry to modify (entry name)
+  @param    val     New value to associate to the entry.
+  @return   int     0 if Ok, -1 otherwise.
+
+  If the given entry can be found in the dictionary, it is modified to
+  contain the provided value. If it cannot be found, the entry is created.
+  It is Ok to set val to NULL.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_set(dictionary * ini, const char * entry, const char * val);
+
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Delete an entry in a dictionary
+  @param    ini     Dictionary to modify
+  @param    entry   Entry to delete (entry name)
+  @return   void
+
+  If the given entry can be found, it is deleted from the dictionary.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_unset(dictionary * ini, const char * entry);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Finds out if a given entry exists in a dictionary
+  @param    ini     Dictionary to search
+  @param    entry   Name of the entry to look for
+  @return   integer 1 if entry exists, 0 otherwise
+
+  Finds out if a given entry exists in the dictionary. Since sections
+  are stored as keys with NULL associated values, this is the only way
+  of querying for the presence of sections in a dictionary.
+ */
+/*--------------------------------------------------------------------------*/
+int iniparser_find_entry(const dictionary * ini, const char * entry) ;
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Parse an ini file and return an allocated dictionary object
+  @param    ininame Name of the ini file to read.
+  @return   Pointer to newly allocated dictionary
+
+  This is the parser for ini files. This function is called, providing
+  the name of the file to be read. It returns a dictionary object that
+  should not be accessed directly, but through accessor functions
+  instead.
+
+  The returned dictionary must be freed using iniparser_freedict().
+ */
+/*--------------------------------------------------------------------------*/
+dictionary * iniparser_load(const char * ininame);
+
+/*-------------------------------------------------------------------------*/
+/**
+  @brief    Free all memory associated to an ini dictionary
+  @param    d Dictionary to free
+  @return   void
+
+  Free all memory associated to an ini dictionary.
+  It is mandatory to call this function before the dictionary object
+  gets out of the current context.
+ */
+/*--------------------------------------------------------------------------*/
+void iniparser_freedict(dictionary * d);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/iniparser-4.1/test/CuTest.c b/iniparser-4.1/test/CuTest.c
new file mode 100644
index 0000000..463f170
--- /dev/null
+++ b/iniparser-4.1/test/CuTest.c
@@ -0,0 +1,348 @@
+#include <assert.h>
+#include <setjmp.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <math.h>
+
+#include "CuTest.h"
+
+/*-------------------------------------------------------------------------*
+ * CuStr
+ *-------------------------------------------------------------------------*/
+
+char* CuStrAlloc(int size)
+{
+	char* newStr = (char*) malloc( sizeof(char) * (size) );
+	return newStr;
+}
+
+char* CuStrCopy(const char* old)
+{
+	int len = strlen(old);
+	char* newStr = CuStrAlloc(len + 1);
+	strcpy(newStr, old);
+	return newStr;
+}
+
+/*-------------------------------------------------------------------------*
+ * CuString
+ *-------------------------------------------------------------------------*/
+
+void CuStringInit(CuString* str)
+{
+	str->length = 0;
+	str->size = STRING_MAX;
+	str->buffer = (char*) malloc(sizeof(char) * str->size);
+	str->buffer[0] = '\0';
+}
+
+CuString* CuStringNew(void)
+{
+	CuString* str = (CuString*) malloc(sizeof(CuString));
+	str->length = 0;
+	str->size = STRING_MAX;
+	str->buffer = (char*) malloc(sizeof(char) * str->size);
+	str->buffer[0] = '\0';
+	return str;
+}
+
+void CuStringDelete(CuString *str)
+{
+        if (!str) return;
+        free(str->buffer);
+        free(str);
+}
+
+void CuStringResize(CuString* str, int newSize)
+{
+	str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize);
+	str->size = newSize;
+}
+
+void CuStringAppend(CuString* str, const char* text)
+{
+	int length;
+
+	if (text == NULL) {
+		text = "NULL";
+	}
+
+	length = strlen(text);
+	if (str->length + length + 1 >= str->size)
+		CuStringResize(str, str->length + length + 1 + STRING_INC);
+	str->length += length;
+	strcat(str->buffer, text);
+}
+
+void CuStringAppendChar(CuString* str, char ch)
+{
+	char text[2];
+	text[0] = ch;
+	text[1] = '\0';
+	CuStringAppend(str, text);
+}
+
+void CuStringAppendFormat(CuString* str, const char* format, ...)
+{
+	va_list argp;
+	char buf[HUGE_STRING_LEN];
+	va_start(argp, format);
+	vsprintf(buf, format, argp);
+	va_end(argp);
+	CuStringAppend(str, buf);
+}
+
+void CuStringInsert(CuString* str, const char* text, int pos)
+{
+	int length = strlen(text);
+	if (pos > str->length)
+		pos = str->length;
+	if (str->length + length + 1 >= str->size)
+		CuStringResize(str, str->length + length + 1 + STRING_INC);
+	memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1);
+	str->length += length;
+	memcpy(str->buffer + pos, text, length);
+}
+
+/*-------------------------------------------------------------------------*
+ * CuTest
+ *-------------------------------------------------------------------------*/
+
+void CuTestInit(CuTest* t, const char* name, TestFunction function)
+{
+	t->name = CuStrCopy(name);
+	t->failed = 0;
+	t->ran = 0;
+	t->message = NULL;
+	t->function = function;
+	t->jumpBuf = NULL;
+}
+
+CuTest* CuTestNew(const char* name, TestFunction function)
+{
+	CuTest* tc = CU_ALLOC(CuTest);
+	CuTestInit(tc, name, function);
+	return tc;
+}
+
+void CuTestDelete(CuTest *t)
+{
+        if (!t) return;
+        free(t->name);
+        free(t);
+}
+
+void CuTestRun(CuTest* tc)
+{
+	jmp_buf buf;
+	tc->jumpBuf = &buf;
+	if (setjmp(buf) == 0)
+	{
+		tc->ran = 1;
+		(tc->function)(tc);
+	}
+	tc->jumpBuf = 0;
+}
+
+static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string)
+{
+	char buf[HUGE_STRING_LEN];
+
+	sprintf(buf, "%s:%d: ", file, line);
+	CuStringInsert(string, buf, 0);
+
+	tc->failed = 1;
+	tc->message = string->buffer;
+	if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0);
+}
+
+void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message)
+{
+	CuString string;
+
+	CuStringInit(&string);
+	if (message2 != NULL)
+	{
+		CuStringAppend(&string, message2);
+		CuStringAppend(&string, ": ");
+	}
+	CuStringAppend(&string, message);
+	CuFailInternal(tc, file, line, &string);
+}
+
+void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition)
+{
+	if (condition) return;
+	CuFail_Line(tc, file, line, NULL, message);
+}
+
+void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
+	const char* expected, const char* actual)
+{
+	CuString string;
+	if ((expected == NULL && actual == NULL) ||
+	    (expected != NULL && actual != NULL &&
+	     strcmp(expected, actual) == 0))
+	{
+		return;
+	}
+
+	CuStringInit(&string);
+	if (message != NULL)
+	{
+		CuStringAppend(&string, message);
+		CuStringAppend(&string, ": ");
+	}
+	CuStringAppend(&string, "expected <");
+	CuStringAppend(&string, expected);
+	CuStringAppend(&string, "> but was <");
+	CuStringAppend(&string, actual);
+	CuStringAppend(&string, ">");
+	CuFailInternal(tc, file, line, &string);
+}
+
+void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
+	int expected, int actual)
+{
+	char buf[STRING_MAX];
+	if (expected == actual) return;
+	sprintf(buf, "expected <%d> but was <%d>", expected, actual);
+	CuFail_Line(tc, file, line, message, buf);
+}
+
+void CuAssertLongIntEquals_LineMsg(CuTest *tc, const char *file, int line, const char *message,
+    long int expected, long int actual) 
+{
+	char buf[STRING_MAX];
+	if (expected == actual) return;
+	sprintf(buf, "expected <%ld> but was <%ld>", expected, actual);
+	CuFail_Line(tc, file, line, message, buf);
+}
+
+void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
+	double expected, double actual, double delta)
+{
+	char buf[STRING_MAX];
+	if (fabs(expected - actual) <= delta) return;
+	sprintf(buf, "expected <%f> but was <%f>", expected, actual);
+
+	CuFail_Line(tc, file, line, message, buf);
+}
+
+void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message,
+	const void* expected, const void* actual)
+{
+	char buf[STRING_MAX];
+	if (expected == actual) return;
+	sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
+	CuFail_Line(tc, file, line, message, buf);
+}
+
+
+/*-------------------------------------------------------------------------*
+ * CuSuite
+ *-------------------------------------------------------------------------*/
+
+void CuSuiteInit(CuSuite* testSuite)
+{
+	testSuite->count = 0;
+	testSuite->failCount = 0;
+        memset(testSuite->list, 0, sizeof(testSuite->list));
+}
+
+CuSuite* CuSuiteNew(void)
+{
+	CuSuite* testSuite = CU_ALLOC(CuSuite);
+	CuSuiteInit(testSuite);
+	return testSuite;
+}
+
+void CuSuiteDelete(CuSuite *testSuite)
+{
+        unsigned int n;
+        for (n=0; n < MAX_TEST_CASES; n++)
+        {
+                if (testSuite->list[n])
+                {
+                        CuTestDelete(testSuite->list[n]);
+                }
+        }
+        free(testSuite);
+
+}
+
+void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase)
+{
+	assert(testSuite->count < MAX_TEST_CASES);
+	testSuite->list[testSuite->count] = testCase;
+	testSuite->count++;
+}
+
+void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2)
+{
+	int i;
+	for (i = 0 ; i < testSuite2->count ; ++i)
+	{
+		CuTest* testCase = testSuite2->list[i];
+		CuSuiteAdd(testSuite, testCase);
+	}
+}
+
+void CuSuiteRun(CuSuite* testSuite)
+{
+	int i;
+	for (i = 0 ; i < testSuite->count ; ++i)
+	{
+		CuTest* testCase = testSuite->list[i];
+		CuTestRun(testCase);
+		if (testCase->failed) { testSuite->failCount += 1; }
+	}
+}
+
+void CuSuiteSummary(CuSuite* testSuite, CuString* summary)
+{
+	int i;
+	for (i = 0 ; i < testSuite->count ; ++i)
+	{
+		CuTest* testCase = testSuite->list[i];
+		CuStringAppend(summary, testCase->failed ? "F" : ".");
+	}
+	CuStringAppend(summary, "\n\n");
+}
+
+void CuSuiteDetails(CuSuite* testSuite, CuString* details)
+{
+	int i;
+	int failCount = 0;
+
+	if (testSuite->failCount == 0)
+	{
+		int passCount = testSuite->count - testSuite->failCount;
+		const char* testWord = passCount == 1 ? "test" : "tests";
+		CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord);
+	}
+	else
+	{
+		if (testSuite->failCount == 1)
+			CuStringAppend(details, "There was 1 failure:\n");
+		else
+			CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount);
+
+		for (i = 0 ; i < testSuite->count ; ++i)
+		{
+			CuTest* testCase = testSuite->list[i];
+			if (testCase->failed)
+			{
+				failCount++;
+				CuStringAppendFormat(details, "%d) %s: %s\n",
+					failCount, testCase->name, testCase->message);
+			}
+		}
+		CuStringAppend(details, "\n!!!FAILURES!!!\n");
+
+		CuStringAppendFormat(details, "Runs: %d ",   testSuite->count);
+		CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount);
+		CuStringAppendFormat(details, "Fails: %d\n",  testSuite->failCount);
+	}
+}
diff --git a/iniparser-4.1/test/CuTest.h b/iniparser-4.1/test/CuTest.h
new file mode 100644
index 0000000..0f58592
--- /dev/null
+++ b/iniparser-4.1/test/CuTest.h
@@ -0,0 +1,121 @@
+#ifndef CU_TEST_H
+#define CU_TEST_H
+
+#include <setjmp.h>
+#include <stdarg.h>
+
+#define CUTEST_VERSION  "CuTest 1.5"
+
+/* CuString */
+
+char* CuStrAlloc(int size);
+char* CuStrCopy(const char* old);
+
+#define CU_ALLOC(TYPE)		((TYPE*) malloc(sizeof(TYPE)))
+
+#define HUGE_STRING_LEN	8192
+#define STRING_MAX		256
+#define STRING_INC		256
+
+typedef struct
+{
+	int length;
+	int size;
+	char* buffer;
+} CuString;
+
+void CuStringInit(CuString* str);
+CuString* CuStringNew(void);
+void CuStringRead(CuString* str, const char* path);
+void CuStringAppend(CuString* str, const char* text);
+void CuStringAppendChar(CuString* str, char ch);
+void CuStringAppendFormat(CuString* str, const char* format, ...);
+void CuStringInsert(CuString* str, const char* text, int pos);
+void CuStringResize(CuString* str, int newSize);
+void CuStringDelete(CuString* str);
+
+/* CuTest */
+
+typedef struct CuTest CuTest;
+
+typedef void (*TestFunction)(CuTest *);
+
+struct CuTest
+{
+	char* name;
+	TestFunction function;
+	int failed;
+	int ran;
+	const char* message;
+	jmp_buf *jumpBuf;
+};
+
+void CuTestInit(CuTest* t, const char* name, TestFunction function);
+CuTest* CuTestNew(const char* name, TestFunction function);
+void CuTestRun(CuTest* tc);
+void CuTestDelete(CuTest *t);
+
+/* Internal versions of assert functions -- use the public versions */
+void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message);
+void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition);
+void CuAssertStrEquals_LineMsg(CuTest* tc,
+	const char* file, int line, const char* message,
+	const char* expected, const char* actual);
+void CuAssertIntEquals_LineMsg(CuTest* tc,
+	const char* file, int line, const char* message,
+	int expected, int actual);
+void CuAssertLongIntEquals_LineMsg(CuTest *tc,
+    const char *file, int line, const char *message,
+    long int expected, long int actual);
+void CuAssertDblEquals_LineMsg(CuTest* tc,
+	const char* file, int line, const char* message,
+	double expected, double actual, double delta);
+void CuAssertPtrEquals_LineMsg(CuTest* tc,
+	const char* file, int line, const char* message,
+	const void* expected, const void* actual);
+
+/* public assert functions */
+
+#define CuFail(tc, ms)                        CuFail_Line(  (tc), __FILE__, __LINE__, NULL, (ms))
+#define CuAssert(tc, ms, cond)                CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond))
+#define CuAssertTrue(tc, cond)                CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond))
+
+#define CuAssertStrEquals(tc,ex,ac)           CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
+#define CuAssertStrEquals_Msg(tc,ms,ex,ac)    CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
+#define CuAssertIntEquals(tc,ex,ac)           CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
+#define CuAssertIntEquals_Msg(tc,ms,ex,ac)    CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
+#define CuAssertLongIntEquals(tc,ex,ac)           CuAssertLongIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
+#define CuAssertLongIntEquals_Msg(tc,ms,ex,ac)    CuAssertLongIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
+#define CuAssertDblEquals(tc,ex,ac,dl)        CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac),(dl))
+#define CuAssertDblEquals_Msg(tc,ms,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac),(dl))
+#define CuAssertPtrEquals(tc,ex,ac)           CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac))
+#define CuAssertPtrEquals_Msg(tc,ms,ex,ac)    CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac))
+
+#define CuAssertPtrNotNull(tc,p)        CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL))
+#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL))
+
+/* CuSuite */
+
+#define MAX_TEST_CASES	1024
+
+#define SUITE_ADD_TEST(SUITE,TEST)	CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST))
+
+typedef struct
+{
+	int count;
+	CuTest* list[MAX_TEST_CASES];
+	int failCount;
+
+} CuSuite;
+
+
+void CuSuiteInit(CuSuite* testSuite);
+CuSuite* CuSuiteNew(void);
+void CuSuiteDelete(CuSuite *testSuite);
+void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase);
+void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2);
+void CuSuiteRun(CuSuite* testSuite);
+void CuSuiteSummary(CuSuite* testSuite, CuString* summary);
+void CuSuiteDetails(CuSuite* testSuite, CuString* details);
+
+#endif /* CU_TEST_H */
diff --git a/iniparser-4.1/test/CuTest_license.txt b/iniparser-4.1/test/CuTest_license.txt
new file mode 100644
index 0000000..5f053ba
--- /dev/null
+++ b/iniparser-4.1/test/CuTest_license.txt
@@ -0,0 +1,38 @@
+NOTE

+

+The license is based on the zlib/libpng license. For more details see

+http://www.opensource.org/licenses/zlib-license.html. The intent of the

+license is to: 

+

+- keep the license as simple as possible

+- encourage the use of CuTest in both free and commercial applications

+  and libraries

+- keep the source code together 

+- give credit to the CuTest contributors for their work

+

+If you ship CuTest in source form with your source distribution, the

+following license document must be included with it in unaltered form.

+If you find CuTest useful we would like to hear about it. 

+

+LICENSE

+

+Copyright (c) 2003 Asim Jalis

+

+This software is provided 'as-is', without any express or implied

+warranty. In no event will the authors be held liable for any damages

+arising from the use of this software.

+

+Permission is granted to anyone to use this software for any purpose,

+including commercial applications, and to alter it and redistribute it

+freely, subject to the following restrictions:

+

+1. The origin of this software must not be misrepresented; you must not

+claim that you wrote the original software. If you use this software in

+a product, an acknowledgment in the product documentation would be

+appreciated but is not required.

+

+2. Altered source versions must be plainly marked as such, and must not

+be misrepresented as being the original software.

+

+3. This notice may not be removed or altered from any source

+distribution.

diff --git a/iniparser-4.1/test/Makefile b/iniparser-4.1/test/Makefile
new file mode 100644
index 0000000..15a8d26
--- /dev/null
+++ b/iniparser-4.1/test/Makefile
@@ -0,0 +1,35 @@
+CC   ?= gcc
+
+ifndef V
+QUIET_CC         = @echo "CC	$@";
+QUIET_MAKE_TESTS = @echo "GN	Alltests.c";
+endif
+
+DEPS = $(shell ls ../src/*.[ch])
+
+SRC = $(shell ls *.c | sed 's/AllTests.c//')
+OBJ = $(SRC:.c=.o)
+
+INCLUDE = -I../src
+CFLAGS  += -pipe -ansi -pedantic -Wall -Wextra -g
+LDFLAGS +=
+
+all: check
+
+check: testrun
+	@./testrun
+
+testrun: AllTests.o $(OBJ)
+	$(QUIET_CC)$(CC) -o $@ AllTests.o $(OBJ) $(LDFLAGS)
+
+AllTests.o: $(OBJ)
+	$(QUIET_MAKE_TESTS)./make-tests.sh > AllTests.c
+	$(QUIET_CC)$(CC) -c -o AllTests.o AllTests.c $(CFLAGS) $(INCLUDE)
+
+%.o: %.c $(DEPS)
+	$(QUIET_CC)$(CC) -c -o $@ $< $(CFLAGS) $(INCLUDE)
+
+clean veryclean:
+	rm -rf AllTests.c
+	rm -rf $(OBJ) AllTests.o
+	rm -rf testrun
diff --git a/iniparser-4.1/test/make-tests.sh b/iniparser-4.1/test/make-tests.sh
new file mode 100755
index 0000000..f2a3f2a
--- /dev/null
+++ b/iniparser-4.1/test/make-tests.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Auto generate single AllTests file for CuTest.
+# Searches through all *.c files in the current directory.
+# Prints to stdout.
+# Author: Asim Jalis
+# Date: 01/08/2003
+
+if test $# -eq 0 ; then FILES=*.c ; else FILES=$* ; fi
+
+echo '
+
+/* This is auto-generated code. Edit at your own peril. */
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "CuTest.h"
+
+'
+
+cat $FILES | grep '^void Test' | 
+    sed -e 's/(.*$//' \
+        -e 's/$/(CuTest*);/' \
+        -e 's/^/extern /'
+
+echo \
+'
+
+void RunAllTests(void) 
+{
+    CuString *output = CuStringNew();
+    CuSuite* suite = CuSuiteNew();
+
+'
+cat $FILES | grep '^void Test' | 
+    sed -e 's/^void //' \
+        -e 's/(.*$//' \
+        -e 's/^/    SUITE_ADD_TEST(suite, /' \
+        -e 's/$/);/'
+
+echo \
+'
+    CuSuiteRun(suite);
+    CuSuiteSummary(suite, output);
+    CuSuiteDetails(suite, output);
+    printf("%s\n", output->buffer);
+    CuStringDelete(output);
+    CuSuiteDelete(suite);
+}
+
+int main(void)
+{
+    RunAllTests();
+    return 0;
+}
+'
diff --git a/iniparser-4.1/test/ressources/bad_ini/ends_well.ini b/iniparser-4.1/test/ressources/bad_ini/ends_well.ini
new file mode 100644
index 0000000..3f920c7
--- /dev/null
+++ b/iniparser-4.1/test/ressources/bad_ini/ends_well.ini
@@ -0,0 +1,6 @@
+#
+# This dict contains an error but ends up with a correct entry
+#
+[section]
+error is here
+a = b
diff --git a/iniparser-4.1/test/ressources/bad_ini/twisted-errors.ini b/iniparser-4.1/test/ressources/bad_ini/twisted-errors.ini
new file mode 100644
index 0000000..4dc3bbe
--- /dev/null
+++ b/iniparser-4.1/test/ressources/bad_ini/twisted-errors.ini
@@ -0,0 +1,9 @@
+#
+# All of these should trigger syntax errors
+#
+[section]
+hello
+world
+hello \
+world
+a + b ;
diff --git a/iniparser-4.1/test/ressources/bad_ini/twisted-ofkey.ini b/iniparser-4.1/test/ressources/bad_ini/twisted-ofkey.ini
new file mode 100644
index 0000000..4f2e72e
--- /dev/null
+++ b/iniparser-4.1/test/ressources/bad_ini/twisted-ofkey.ini
@@ -0,0 +1,66 @@
+# Stress testing buffers for overflows
+[long]
+# Shitload key size
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=1
+
diff --git a/iniparser-4.1/test/ressources/bad_ini/twisted-ofval.ini b/iniparser-4.1/test/ressources/bad_ini/twisted-ofval.ini
new file mode 100644
index 0000000..2a3cedf
--- /dev/null
+++ b/iniparser-4.1/test/ressources/bad_ini/twisted-ofval.ini
@@ -0,0 +1,56 @@
+# Shitload data size
+[long]
+a=\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890;
+
diff --git a/iniparser-4.1/test/ressources/good_ini/empty.ini b/iniparser-4.1/test/ressources/good_ini/empty.ini
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/iniparser-4.1/test/ressources/good_ini/empty.ini
diff --git a/iniparser-4.1/test/ressources/good_ini/spaced.ini b/iniparser-4.1/test/ressources/good_ini/spaced.ini
new file mode 100644
index 0000000..8e78e3b
--- /dev/null
+++ b/iniparser-4.1/test/ressources/good_ini/spaced.ini
@@ -0,0 +1,16 @@
+         
+
+        
+
+
+
+		
+
+
+
+
+
+
+		
+
+
diff --git a/iniparser-4.1/test/ressources/good_ini/spaced2.ini b/iniparser-4.1/test/ressources/good_ini/spaced2.ini
new file mode 100644
index 0000000..2acbd74
--- /dev/null
+++ b/iniparser-4.1/test/ressources/good_ini/spaced2.ini
@@ -0,0 +1,20 @@
+                                        
+# spaced2.ini
+
+[blanks]		
+												
+
+
+
+
+
+
+
+
+
+
+a=1
+b=1;
+c=1; comment
+d=1# comment
+                          		
\ No newline at end of file
diff --git a/iniparser-4.1/test/ressources/good_ini/twisted.ini b/iniparser-4.1/test/ressources/good_ini/twisted.ini
new file mode 100644
index 0000000..86e549f
--- /dev/null
+++ b/iniparser-4.1/test/ressources/good_ini/twisted.ini
@@ -0,0 +1,131 @@
+#
+# Twisted.ini
+# This file is meant for regression tests
+
+# Different blank settings around the equal sign
+[blanks]
+a=1
+b=1;
+c=1; comment
+d=1# comment
+
+e =1
+f =1;
+g =1; comment
+h =1# comment
+
+i= 1
+j= 1;
+k= 1; comment
+l= 1# comment
+
+m = 1
+n = 1;
+o = 1; comment
+p = 1# comment
+
+q=1 ;
+r=1 ; comment
+s=1 ;comment
+t=1 #comment
+
+# Empty values
+[empty]
+a = ''
+b = ""
+
+c = '' ;
+d = "" ;
+
+e = '' ; comment
+f = "" ; comment
+
+g =
+h = ;
+i = ; comment
+j = # comment
+
+k=
+l=;
+m=;comment
+n=#
+
+# Peculiar values
+[peculiar]
+a=';';
+b='#'#
+c=';';comment
+d='#'#comment
+e=\;
+f=\#
+g=\;comment
+h=\#comment
+i=;;
+j=##
+k=;;;;;;;;;;
+l=##########
+
+# Quotes
+[quotes]
+s1='
+s2=''
+s3='''
+s4=''''
+
+d1="
+d2=""
+d3="""
+d4=""""
+
+m1='"'
+m2="'"
+
+h1=hello'world
+h2='hello'world
+h3='hello'world'
+
+h4=hello"world
+h5="hello"world
+h6="hello"world"
+
+# Section names
+[a]
+[ b]
+[c ]
+[ d ]
+[ begin    end ]
+[ open[ ]
+
+# Multi-line inputs
+[multi]
+a = begin\
+end
+b = begin \
+end
+c = begin \
+ end
+d = 1\
+2\
+3\
+4
+e = 1 \ 
+    2 \ 
+    3 \  
+    4
+f = 1 ; \
+hidden = because of the preceding backslash multi-lining the comment ;
+visible = 1
+g = 1 #\
+and now this comment is hidden too \
+and this one too
+h = 1
+multi \
+line \
+key = 1
+multi \
+line \
+key = \
+multi \
+line \
+value ;
+# end of file
diff --git a/iniparser-4.1/test/test_dictionary.c b/iniparser-4.1/test/test_dictionary.c
new file mode 100644
index 0000000..f89f1c1
--- /dev/null
+++ b/iniparser-4.1/test/test_dictionary.c
@@ -0,0 +1,237 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "CuTest.h"
+
+/* We need to directly insert the .c file in order to test the */
+/* static functions as well */
+#include "dictionary.c"
+
+void Test_xstrdup(CuTest *tc)
+{
+    size_t i;
+    char *dup_str;
+    const char *strings[] = {
+        "",
+        "test",
+        " "
+    };
+    char *string_very_long;
+
+    /* NULL test */
+    CuAssertPtrEquals(tc, NULL, xstrdup(NULL));
+
+    for (i = 0 ; i < sizeof(strings) / sizeof(char *) ; ++i) {
+        dup_str = xstrdup(strings[i]);
+        CuAssertStrEquals(tc, strings[i], dup_str);
+        free(dup_str);
+    }
+
+    /* test a overflowing string */
+    string_very_long = (char*) malloc(10 * 1024);
+    memset(string_very_long, '#', 10 * 1024);
+    string_very_long[10 * 1024 - 1] = '\0';
+    dup_str = xstrdup(string_very_long);
+    CuAssertStrEquals(tc, string_very_long, dup_str);
+
+    free(string_very_long);
+    free(dup_str);
+}
+
+void Test_dictionary_grow(CuTest *tc)
+{
+    unsigned i;
+    dictionary *dic;
+
+    dic = dictionary_new(DICTMINSZ);
+    CuAssertPtrNotNull(tc, dic);
+    CuAssertIntEquals(tc, 0, dic->n);
+    CuAssertIntEquals(tc, DICTMINSZ, dic->size);
+
+    for (i = 1 ; i < 10 ; ++i) {
+        CuAssertIntEquals(tc, 0, dictionary_grow(dic));
+        CuAssertIntEquals(tc, 0, dic->n);
+        CuAssertIntEquals(tc, (1 << i) * DICTMINSZ, dic->size);
+    }
+}
+
+void Test_dictionary_hash(CuTest *tc)
+{
+    /* NULL test */
+    CuAssertIntEquals(tc, 0, dictionary_hash(NULL));
+}
+
+void Test_dictionary_growing(CuTest *tc)
+{
+    int i, j;
+    char sec_name[32];
+    char key_name[64];
+    dictionary *dic;
+
+    dic = dictionary_new(DICTMINSZ);
+    CuAssertPtrNotNull(tc, dic);
+    CuAssertIntEquals(tc, 0, dic->n);
+
+    /* Makes the dictionary grow */
+    for (i = 1 ; i < 101; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        CuAssertIntEquals(tc, 0, dictionary_set(dic, sec_name, ""));
+        for (j = 1 ; j < 11; ++j) {
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            CuAssertIntEquals(tc, 0, dictionary_set(dic, key_name, "dummy_value"));
+            CuAssertIntEquals(tc, i + (i - 1) * 10 + j, dic->n);
+        }
+    }
+
+    /* Shrink the dictionary */
+    for (i = 100 ; i > 0; --i) {
+        sprintf(sec_name, "sec%d", i);
+        for (j = 10 ; j > 0; --j) {
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            dictionary_unset(dic, key_name);
+        }
+        dictionary_unset(dic, sec_name);
+        CuAssertIntEquals(tc, (i - 1) * (11), dic->n);
+    }
+
+    dictionary_del(dic);
+}
+
+static char *get_dump(dictionary *d)
+{
+    FILE *fd;
+    char *dump_buff;
+    int dump_size;
+
+    /* Dump the dictionary in temporary file */
+    fd = tmpfile();
+    if (fd == NULL)
+        return NULL;
+    dictionary_dump(d, fd);
+
+    /* Retrieve the dump file */
+    dump_size = ftell(fd);
+    if (dump_size == -1) {
+        fclose(fd);
+        return NULL;
+    }
+    rewind(fd);
+
+    dump_buff = (char*) calloc(1, dump_size + 1);
+    if (dump_buff == NULL) {
+        fclose(fd);
+        return NULL;
+    }
+    if (fread(dump_buff, 1, dump_size, fd) != (size_t)dump_size) {
+        fclose(fd);
+        return NULL;
+    }
+
+    fclose(fd);
+    return dump_buff;
+}
+
+void Test_dictionary_unset(CuTest *tc)
+{
+    int i, j;
+    char sec_name[32];
+    char key_name[64];
+    dictionary *dic1;
+    dictionary *dic2;
+    char *dic1_dump;
+    char *dic2_dump;
+
+    /* try dummy unsets */
+    dictionary_unset(NULL, NULL);
+    dictionary_unset(NULL, key_name);
+
+    /* Generate two similar dictionaries */
+    dic1 = dictionary_new(DICTMINSZ);
+    CuAssertPtrNotNull(tc, dic1);
+    for (i = 1 ; i < 10; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        dictionary_set(dic1, sec_name, "");
+        for (j = 1 ; j < 10; ++j) {
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            dictionary_set(dic1, key_name, "dummy_value");
+        }
+    }
+    dic2 = dictionary_new(DICTMINSZ);
+    CuAssertPtrNotNull(tc, dic2);
+    for (i = 1 ; i < 10; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        dictionary_set(dic2, sec_name, "");
+        for (j = 1 ; j < 10; ++j) {
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            dictionary_set(dic2, key_name, "dummy_value");
+        }
+    }
+
+    /* Make sure the dictionaries are the same */
+    dic1_dump = get_dump(dic1);
+    dic2_dump = get_dump(dic2);
+    CuAssertStrEquals(tc, dic1_dump, dic2_dump);
+    free(dic1_dump);
+    free(dic2_dump);
+
+    /* Those tests should not change the dictionary */
+    dictionary_unset(dic2, NULL);
+    dictionary_unset(dic2, "bad_key");
+
+    /* dic1 and dic2 must still be the same */
+    dic1_dump = get_dump(dic1);
+    dic2_dump = get_dump(dic2);
+    CuAssertStrEquals(tc, dic1_dump, dic2_dump);
+    free(dic1_dump);
+    free(dic2_dump);
+}
+
+void Test_dictionary_dump(CuTest *tc)
+{
+    int i, j;
+    char sec_name[32];
+    char key_name[64];
+    dictionary *dic;
+    char *dump_buff;
+    const char dump_real[] = "\
+                sec1\t[]\n\
+           sec1:key1\t[dummy_value]\n\
+           sec1:key2\t[dummy_value]\n\
+           sec1:key3\t[dummy_value]\n\
+           sec1:key4\t[dummy_value]\n\
+                sec2\t[]\n\
+           sec2:key1\t[dummy_value]\n\
+           sec2:key2\t[dummy_value]\n\
+           sec2:key3\t[dummy_value]\n\
+           sec2:key4\t[dummy_value]\n\
+";
+
+    dic = dictionary_new(DICTMINSZ);
+    CuAssertPtrNotNull(tc, dic);
+
+    /* Try dummy values */
+    dictionary_dump(NULL, NULL);
+    dictionary_dump(dic, NULL);
+
+    /* Try with empty dictionary first */
+    dump_buff = get_dump(dic);
+    CuAssertStrEquals(tc, "empty dictionary\n", dump_buff);
+    free(dump_buff);
+
+    /* Populate the dictionary */
+    for (i = 1 ; i < 3; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        dictionary_set(dic, sec_name, "");
+        for (j = 1 ; j < 5; ++j) {
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            dictionary_set(dic, key_name, "dummy_value");
+        }
+    }
+
+    /* Check the dump file */
+    dump_buff = get_dump(dic);
+    CuAssertStrEquals(tc, dump_real, dump_buff);
+    free(dump_buff);
+
+    dictionary_del(dic);
+}
diff --git a/iniparser-4.1/test/test_iniparser.c b/iniparser-4.1/test/test_iniparser.c
new file mode 100644
index 0000000..c76529c
--- /dev/null
+++ b/iniparser-4.1/test/test_iniparser.c
@@ -0,0 +1,698 @@
+#include <stdio.h>
+#include <dirent.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <stdarg.h>
+
+#include "CuTest.h"
+#include "dictionary.h"
+
+/* We need to directly insert the .c file in order to test the */
+/* static functions as well */
+#include "iniparser.c"
+
+#define GOOD_INI_PATH "ressources/good_ini"
+#define BAD_INI_PATH "ressources/bad_ini"
+
+
+/* Tool function to create and populate a generic non-empty dictionary */
+static dictionary * generate_dictionary(unsigned sections, unsigned entries_per_section)
+{
+    unsigned i, j ;
+    dictionary * dic;
+    char sec_name[32];
+    char key_name[64];
+    char key_value[32];
+
+    dic = dictionary_new(sections + sections * entries_per_section);
+    if (dic == NULL)
+        return NULL;
+
+    /* Insert the sections */
+    for (i = 0; i < sections; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        dictionary_set(dic, sec_name, "");
+        for (j = 0; j < entries_per_section; ++j) {
+            /* Populate the section with the entries */
+            sprintf(key_name, "%s:key%d", sec_name, j);
+            sprintf(key_value, "value-%d/%d", i, j);
+            dictionary_set(dic, key_name, key_value);
+        }
+    }
+
+    return dic;
+}
+
+void Test_iniparser_strlwc(CuTest *tc)
+{
+    char out_buffer[128];
+
+    /* NULL ptr as input */
+    CuAssertPtrEquals(tc, NULL, strlwc(NULL, NULL, 0));
+    CuAssertPtrEquals(tc, NULL, strlwc(NULL, out_buffer, sizeof (out_buffer)));
+    CuAssertPtrEquals(tc, NULL, strlwc("", NULL, sizeof (out_buffer)));
+    CuAssertPtrEquals(tc, NULL, strlwc("", out_buffer, 0));
+    CuAssertPtrEquals(tc, NULL, strlwc(NULL, NULL, 0));
+
+    /* empty string */
+    CuAssertStrEquals(tc, "", strlwc("", out_buffer, sizeof (out_buffer)));
+
+    CuAssertStrEquals(tc, "  ", strlwc("  ", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "test", strlwc("test", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "test", strlwc("TEST", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "test", strlwc("TeSt", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "test test",
+                      strlwc("TEST TEST", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "very long string !!!!!!!",
+                      strlwc("very long string !!!!!!!", out_buffer, sizeof (out_buffer)));
+    CuAssertStrEquals(tc, "cutted string", strlwc("cutted string<---here", out_buffer, 14));
+
+    /* test using same buffer as input and output */
+    strcpy(out_buffer, "OVERWRITE ME !");
+    CuAssertPtrNotNull(tc, strlwc(out_buffer, out_buffer, sizeof(out_buffer)));
+    CuAssertStrEquals(tc, "overwrite me !", out_buffer);
+}
+
+void Test_iniparser_strstrip(CuTest *tc)
+{
+    /* First element in the array is the expected stripping result */
+    const char *strings_empty[] = {
+        "",
+        "       ",
+        "\n\n\n\n",
+        "\t\t\t\t",
+        "\n     \t\n\t\n    "
+    };
+    const char *strings_test[] = {
+        "test",
+        "test ",
+        "test          ",
+        " test",
+        "   test    ",
+        "\ttest\t",
+        "\ttest\n"
+
+    };
+    const char *test_with_spaces = "I am a test with\tspaces.";
+    char stripped[ASCIILINESZ+1];
+    char error_msg[128];
+    unsigned i;
+
+    /* NULL ptr as input */
+    strstrip(NULL);
+
+    /* empty string */
+    for (i = 0 ; i < sizeof (strings_empty) / sizeof (char *) ; ++i) {
+        strcpy(stripped, strings_empty[i]);
+        strstrip(stripped);
+        sprintf(error_msg, "Bad stripping : strstrip(\"%s\") ==> \"%s\"",
+            strings_empty[i], stripped);
+        CuAssertStrEquals_Msg(tc, error_msg, stripped, strings_empty[0]);
+    }
+
+    /* test string */
+    for (i = 0 ; i < sizeof (strings_test) / sizeof (char *) ; ++i) {
+        strcpy(stripped, strings_test[i]);
+        strstrip(stripped);
+        sprintf(error_msg, "Bad stripping : strstrip(\"%s\") ==> \"%s\"",
+            strings_test[i], stripped);
+        CuAssertStrEquals_Msg(tc, error_msg, strings_test[0], stripped);
+    }
+    strcpy(stripped, ".");
+    strstrip(stripped);
+    CuAssertStrEquals(tc, ".", stripped);
+
+    /* string containing spaces */
+    strcpy(stripped, test_with_spaces);
+    strstrip(stripped);
+    CuAssertStrEquals(tc, test_with_spaces, stripped);
+}
+
+void Test_iniparser_getnsec(CuTest *tc)
+{
+    int i;
+    char sec_name[32];
+    dictionary *dic;
+
+    /* NULL test */
+    CuAssertIntEquals(tc, -1, iniparser_getnsec(NULL));
+
+    /* Empty dictionary */
+    dic = dictionary_new(10);
+    CuAssertIntEquals(tc, 0, iniparser_getnsec(dic));
+    dictionary_del(dic);
+
+    /* Regular dictionary */
+    dic = generate_dictionary(512, 0);
+    CuAssertIntEquals(tc, 512, iniparser_getnsec(dic));
+
+    /* Check after removing sections */
+    for (i = 1; i < 512; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        dictionary_unset(dic, sec_name);
+        CuAssertIntEquals(tc, 512 - i, iniparser_getnsec(dic));
+    }
+    dictionary_del(dic);
+
+    /* Mix sections and regular keys */
+    dic = generate_dictionary(10, 512);
+    CuAssertIntEquals(tc, 10, iniparser_getnsec(dic));
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getsecname(CuTest *tc)
+{
+    unsigned i;
+    char sec_name[32];
+    dictionary *dic;
+    /* NULL test */
+    CuAssertTrue(tc, iniparser_getsecname(NULL, 0) == NULL);
+
+    /* Empty dictionary */
+    dic = dictionary_new(10);
+    CuAssertPtrEquals(tc, NULL, iniparser_getsecname(dic, 0));
+    dictionary_del(dic);
+
+    /* Sections without entries dictionary */
+    dic = generate_dictionary(100, 0);
+    for (i = 0; i < 100; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        CuAssertStrEquals(tc, sec_name, iniparser_getsecname(dic, i));
+    }
+    dictionary_del(dic);
+
+    /* Generic dictionary */
+    dic = generate_dictionary(10, 100);
+    for (i = 0; i < 10; ++i) {
+        sprintf(sec_name, "sec%d", i);
+        CuAssertStrEquals(tc, sec_name, iniparser_getsecname(dic, i));
+    }
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getseckeys(CuTest *tc)
+{
+    unsigned i;
+    char key_name[64];
+    dictionary *dic;
+    int nkeys;
+    const char * keys[10]; /* At most 10 elements per section */
+    /* NULL test */
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(NULL, NULL, NULL));
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(NULL, "dummy", NULL));
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(NULL, "dummy", keys));
+
+    /* Empty dictionary */
+    dic = dictionary_new(10);
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, NULL, keys));
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, "dummy", keys));
+    dictionary_del(dic);
+
+    /* Generic dictionary */
+
+    dic = generate_dictionary(100, 10);
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, NULL, keys));
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, "dummy", keys));
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, "sec0", NULL));
+    nkeys = iniparser_getsecnkeys(dic, "sec42");
+    CuAssertIntEquals(tc, nkeys, 10);
+    CuAssertPtrEquals(tc, keys, iniparser_getseckeys(dic, "sec42", keys));
+    for (i = 0; i < 10; ++i) {
+        sprintf(key_name, "sec42:key%d", i);
+        CuAssertStrEquals(tc, key_name, keys[i]);
+    }
+
+    /* Remove some keys to make the dictionary more real */
+    dictionary_unset(dic, "sec42");
+    dictionary_unset(dic, "sec99:key9");
+    dictionary_unset(dic, "sec0:key0");
+    dictionary_unset(dic, "sec0:key1");
+    dictionary_unset(dic, "sec0:key2");
+
+    CuAssertPtrEquals(tc, NULL, iniparser_getseckeys(dic, "sec42", keys));
+    nkeys = iniparser_getsecnkeys(dic, "Sec99");
+    CuAssertIntEquals(tc, nkeys, 9);
+    CuAssertPtrEquals(tc, keys, iniparser_getseckeys(dic, "Sec99", keys));
+    for (i = 0; i < 9; ++i) {
+        sprintf(key_name, "sec99:key%d", i);
+        CuAssertStrEquals(tc, key_name, keys[i]);
+    }
+
+    nkeys = iniparser_getsecnkeys(dic, "sec0");
+    CuAssertIntEquals(tc, nkeys, 7);
+    CuAssertPtrEquals(tc, keys, iniparser_getseckeys(dic, "sec0", keys));
+    for (i = 0; i < 7; ++i) {
+        sprintf(key_name, "sec0:key%d", i + 3);
+        CuAssertStrEquals(tc, key_name, keys[i]);
+    }
+
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getstring(CuTest *tc)
+{
+    dictionary *dic;
+    /* NULL test */
+    CuAssertPtrEquals(tc, NULL, iniparser_getstring(NULL, NULL, NULL));
+    CuAssertPtrEquals(tc, NULL, iniparser_getstring(NULL, "dummy", NULL));
+
+    /* Check the def return element */
+    dic = dictionary_new(10);
+    CuAssertPtrEquals(tc, NULL, iniparser_getstring(dic, "dummy", NULL));
+    CuAssertStrEquals(tc, "def", iniparser_getstring(dic, NULL, "def"));
+    CuAssertStrEquals(tc, "def", iniparser_getstring(dic, "dummy", "def"));
+    dictionary_del(dic);
+
+    /* Generic dictionary */
+    dic = generate_dictionary(100, 10);
+    CuAssertStrEquals(tc, "value-0/0",
+                      iniparser_getstring(dic, "sec0:key0", NULL));
+    CuAssertStrEquals(tc, "value-42/5",
+                      iniparser_getstring(dic, "sec42:key5", NULL));
+    CuAssertStrEquals(tc, "value-99/9",
+                      iniparser_getstring(dic, "sec99:key9", NULL));
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getint(CuTest *tc)
+{
+    unsigned i;
+    char key_name[64];
+    dictionary *dic;
+    const struct { int num; const char *value; } good_val[] = {
+        { 0, "0" },
+        { 1, "1" },
+        { -1, "-1" },
+        { 1000, "1000" },
+        { 077, "077" },
+        { -01000, "-01000" },
+        { 0xFFFF, "0xFFFF" },
+        { -0xFFFF, "-0xFFFF" },
+        { 0x4242, "0x4242" },
+        { 0, NULL} /* must be last */
+    };
+    const char *bad_val[] = {
+        "",
+        "notanumber",
+        "0x",
+        "k2000",
+        " ",
+        "0xG1"
+    };
+    /* NULL test */
+    CuAssertIntEquals(tc, -42, iniparser_getint(NULL, NULL, -42));
+    CuAssertIntEquals(tc, -42, iniparser_getint(NULL, "dummy", -42));
+
+    /* Check the def return element */
+    dic = dictionary_new(10);
+    CuAssertIntEquals(tc, 42, iniparser_getint(dic, "dummy", 42));
+    CuAssertIntEquals(tc, 0xFFFF, iniparser_getint(dic, NULL, 0xFFFF));
+    CuAssertIntEquals(tc, -0xFFFF, iniparser_getint(dic, "dummy", -0xFFFF));
+    dictionary_del(dic);
+
+    /* Generic dictionary */
+    dic = dictionary_new(10);
+    for (i = 0; good_val[i].value != NULL; ++i) {
+        sprintf(key_name, "int:value%d", i);
+        dictionary_set(dic, key_name, good_val[i].value);
+    }
+    for (i = 0; good_val[i].value != NULL; ++i) {
+        sprintf(key_name, "int:value%d", i);
+        CuAssertIntEquals(tc, good_val[i].num,
+                          iniparser_getint(dic, key_name, 0));
+    }
+    dictionary_del(dic);
+
+    /* Test bad names */
+    dic = dictionary_new(10);
+    for (i = 0; i < sizeof (bad_val) / sizeof (char *); ++i) {
+        sprintf(key_name, "int:bad%d", i);
+        dictionary_set(dic, key_name, bad_val[i]);
+    }
+    for (i = 0; i < sizeof (bad_val) / sizeof (char *); ++i) {
+        sprintf(key_name, "int:bad%d", i);
+        CuAssertIntEquals(tc, 0,
+                          iniparser_getint(dic, key_name, 0));
+    }
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getlongint(CuTest *tc)
+{
+    unsigned i;
+    char key_name[64];
+    dictionary *dic;
+    const struct { long int num; const char *value; } good_val[] = {
+        { 0, "0" },
+        { 1, "1" },
+        { -1, "-1" },
+        { 1000, "1000" },
+        { 077, "077" },
+        { -01000, "-01000" },
+        { 0x7FFFFFFFFFFFFFFF, "0x7FFFFFFFFFFFFFFF" },
+        { -0x7FFFFFFFFFFFFFFF, "-0x7FFFFFFFFFFFFFFF" },
+        { 0x4242, "0x4242" },
+        { 0, NULL} /* must be last */
+    };
+    const char *bad_val[] = {
+        "",
+        "notanumber",
+        "0x",
+        "k2000",
+        " ",
+        "0xG1"
+    };
+    /* NULL test */
+    CuAssertLongIntEquals(tc, -42, iniparser_getlongint(NULL, NULL, -42));
+    CuAssertLongIntEquals(tc, -42, iniparser_getlongint(NULL, "dummy", -42));
+
+    /* Check the def return element */
+    dic = dictionary_new(10);
+    CuAssertLongIntEquals(tc, 42, iniparser_getlongint(dic, "dummy", 42));
+    CuAssertLongIntEquals(tc, 0x7FFFFFFFFFFFFFFF, iniparser_getlongint(dic, NULL, 0x7FFFFFFFFFFFFFFF));
+    CuAssertLongIntEquals(tc, -0x7FFFFFFFFFFFFFFF, iniparser_getlongint(dic, "dummy", -0x7FFFFFFFFFFFFFFF));
+    dictionary_del(dic);
+
+    /* Generic dictionary */
+    dic = dictionary_new(10);
+    for (i = 0; good_val[i].value != NULL; ++i) {
+        sprintf(key_name, "longint:value%d", i);
+        dictionary_set(dic, key_name, good_val[i].value);
+    }
+    for (i = 0; good_val[i].value != NULL; ++i) {
+        sprintf(key_name, "longint:value%d", i);
+        CuAssertLongIntEquals(tc, good_val[i].num,
+                          iniparser_getlongint(dic, key_name, 0));
+    }
+    dictionary_del(dic);
+
+    /* Test bad names */
+    dic = dictionary_new(10);
+    for (i = 0; i < sizeof (bad_val) / sizeof (char *); ++i) {
+        sprintf(key_name, "longint:bad%d", i);
+        dictionary_set(dic, key_name, bad_val[i]);
+    }
+    for (i = 0; i < sizeof (bad_val) / sizeof (char *); ++i) {
+        sprintf(key_name, "longint:bad%d", i);
+        CuAssertLongIntEquals(tc, 0,
+                          iniparser_getlongint(dic, key_name, 0));
+    }
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getdouble(CuTest *tc)
+{
+    dictionary *dic;
+
+    /* NULL test */
+    CuAssertDblEquals(tc, -42, iniparser_getdouble(NULL, NULL, -42), 0);
+    CuAssertDblEquals(tc, 4.2, iniparser_getdouble(NULL, "dummy", 4.2), 0);
+
+    /* Check the def return element */
+    dic = dictionary_new(10);
+    CuAssertDblEquals(tc, 3.1415, iniparser_getdouble(dic, "dummy", 3.1415), 0);
+    CuAssertDblEquals(tc, 0xFFFFFFFF, iniparser_getdouble(dic, NULL, 0xFFFFFFFF), 0);
+    CuAssertDblEquals(tc, -0xFFFFFFFF, iniparser_getdouble(dic, "dummy", -0xFFFFFFFF), 0);
+
+    /* Insert some values */
+    dictionary_set(dic, "double", "");
+    dictionary_set(dic, "double:good0", "0");
+    dictionary_set(dic, "double:good1", "-0");
+    dictionary_set(dic, "double:good2", "1.0");
+    dictionary_set(dic, "double:good3", "3.1415");
+    dictionary_set(dic, "double:good4", "6.6655957");
+    dictionary_set(dic, "double:good5", "-123456789.123456789");
+
+    /* Add dummy stuff too */
+    dictionary_set(dic, "double:bad0", "foo");
+
+    /* Get back the values */
+    CuAssertDblEquals(tc, 0, iniparser_getdouble(dic, "double:good0", 0xFF), 0);
+    CuAssertDblEquals(tc, 0, iniparser_getdouble(dic, "double:good1", 0xFF), 0);
+    CuAssertDblEquals(tc, 1.0, iniparser_getdouble(dic, "double:good2", 0xFF), 0);
+    CuAssertDblEquals(tc, 3.1415, iniparser_getdouble(dic, "double:good3", 0xFF), 0);
+    CuAssertDblEquals(tc, 6.6655957, iniparser_getdouble(dic, "double:good4", 0xFF), 0);
+    CuAssertDblEquals(tc, -123456789.123456789,
+                         iniparser_getdouble(dic, "double:good5", 0xFF), 0);
+
+    CuAssertDblEquals(tc, 0, iniparser_getdouble(dic, "double:bad0", 42.42), 0);
+
+    dictionary_del(dic);
+}
+
+void Test_iniparser_getboolean(CuTest *tc)
+{
+    unsigned i;
+    char key_name[64];
+
+    dictionary *dic;
+    const char *token_true[] = {
+        "1",
+        "true",
+        "t",
+        "TRUE",
+        "T",
+        "yes",
+        "y",
+        "YES"
+        "Y",
+        NULL
+    };
+    const char *token_false[] = {
+        "0",
+        "false",
+        "f",
+        "FALSE",
+        "F",
+        "no",
+        "n",
+        "NO",
+        "N",
+        NULL
+    };
+
+    /* NULL test */
+    CuAssertIntEquals(tc, 1, iniparser_getboolean(NULL, NULL, 1));
+    CuAssertIntEquals(tc, 1, iniparser_getboolean(NULL, "dummy", 1));
+
+    /* Check the def return element */
+    dic = dictionary_new(10);
+    CuAssertIntEquals(tc, 1, iniparser_getboolean(dic, "dummy", 1));
+    CuAssertIntEquals(tc, 0, iniparser_getboolean(dic, NULL, 0));
+    CuAssertIntEquals(tc, 1, iniparser_getboolean(dic, "dummy", 1));
+
+    for (i = 0; token_true[i] != NULL; ++i) {
+        sprintf(key_name, "bool:true%d", i);
+        iniparser_set(dic, key_name, token_true[i]);
+    }
+    for (i = 0; token_false[i] != NULL; ++i) {
+        sprintf(key_name, "bool:false%d", i);
+        iniparser_set(dic, key_name, token_false[i]);
+    }
+
+    for (i = 0; token_true[i] != NULL; ++i) {
+        sprintf(key_name, "bool:true%d", i);
+        CuAssertIntEquals(tc, 1, iniparser_getboolean(dic, key_name, 0));
+    }
+    for (i = 0; token_false[i] != NULL; ++i) {
+        sprintf(key_name, "bool:false%d", i);
+        CuAssertIntEquals(tc, 0, iniparser_getboolean(dic, key_name, 1));
+    }
+
+    /* Test bad boolean */
+    iniparser_set(dic, "bool:bad0", "");
+    iniparser_set(dic, "bool:bad1", "m'kay");
+    iniparser_set(dic, "bool:bad2", "42");
+    iniparser_set(dic, "bool:bad3", "_true");
+    CuAssertIntEquals(tc, 0xFF, iniparser_getboolean(dic, "bool:bad0", 0xFF));
+    CuAssertIntEquals(tc, 0xFF, iniparser_getboolean(dic, "bool:bad1", 0xFF));
+    CuAssertIntEquals(tc, 0xFF, iniparser_getboolean(dic, "bool:bad2", 0xFF));
+    CuAssertIntEquals(tc, 0xFF, iniparser_getboolean(dic, "bool:bad3", 0xFF));
+
+    dictionary_del(dic);
+}
+
+void Test_iniparser_line(CuTest *tc)
+{
+    char section [ASCIILINESZ+1] ;
+    char key     [ASCIILINESZ+1] ;
+    char val     [ASCIILINESZ+1] ;
+
+    /* Test empty line */
+    CuAssertIntEquals(tc, LINE_EMPTY, iniparser_line("", section, key, val));
+    CuAssertIntEquals(tc, LINE_EMPTY, iniparser_line("    ", section, key, val));
+    CuAssertIntEquals(tc, LINE_EMPTY, iniparser_line("\t", section, key, val));
+
+    /* Test valid syntax */
+    CuAssertIntEquals(tc, LINE_SECTION, iniparser_line("[s]", section, key, val));
+    CuAssertStrEquals(tc, "s", section);
+
+    CuAssertIntEquals(tc, LINE_SECTION, iniparser_line("[ section ]", section, key, val));
+    CuAssertStrEquals(tc, "section", section);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("k=1", section, key, val));
+    CuAssertStrEquals(tc, "k", key);
+    CuAssertStrEquals(tc, "1", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key = 0x42", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "0x42", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key= value with spaces", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "value with spaces", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("k =_!<>''", section, key, val));
+    CuAssertStrEquals(tc, "k", key);
+    CuAssertStrEquals(tc, "_!<>''", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("empty_value =", section, key, val));
+    CuAssertStrEquals(tc, "empty_value", key);
+    CuAssertStrEquals(tc, "", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("empty_value =        \t\n", section, key, val));
+    CuAssertStrEquals(tc, "empty_value", key);
+    CuAssertStrEquals(tc, "", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key =\tval # comment", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "val", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key \n\n = \n val", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "val", val);
+
+    CuAssertIntEquals(tc, LINE_COMMENT, iniparser_line(";comment", section, key, val));
+    CuAssertIntEquals(tc, LINE_COMMENT, iniparser_line(" # comment", section, key, val));
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key = \"  do_not_strip  \"", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "  do_not_strip  ", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key = '    '", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "    ", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key = \"\"", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "", val);
+
+    CuAssertIntEquals(tc, LINE_VALUE, iniparser_line("key = ''", section, key, val));
+    CuAssertStrEquals(tc, "key", key);
+    CuAssertStrEquals(tc, "", val);
+
+    /* Test syntax error */
+    CuAssertIntEquals(tc, LINE_ERROR, iniparser_line("empty_value", section, key, val));
+    CuAssertIntEquals(tc, LINE_ERROR, iniparser_line("not finished\\", section, key, val));
+    CuAssertIntEquals(tc, LINE_ERROR, iniparser_line("0x42 / 0b101010", section, key, val));
+
+}
+
+void Test_iniparser_load(CuTest *tc)
+{
+    DIR *dir;
+    struct dirent *curr;
+    struct stat curr_stat;
+    dictionary *dic;
+    char ini_path[256];
+
+    /* Dummy tests */
+    dic = iniparser_load("/you/shall/not/path");
+    CuAssertPtrEquals(tc, NULL, dic);
+
+    /* Test all the good .ini files */
+    dir = opendir(GOOD_INI_PATH);
+    CuAssertPtrNotNullMsg(tc, "Cannot open good .ini conf directory", dir);
+    for (curr = readdir(dir); curr != NULL; curr = readdir(dir)) {
+        sprintf(ini_path, "%s/%s", GOOD_INI_PATH, curr->d_name);
+        stat(ini_path, &curr_stat);
+        if (S_ISREG(curr_stat.st_mode)) {
+            dic = iniparser_load(ini_path);
+            CuAssertPtrNotNullMsg(tc, ini_path, dic);
+            dictionary_del(dic);
+        }
+    }
+    closedir(dir);
+
+    /* Test all the bad .ini files */
+    dir = opendir(BAD_INI_PATH);
+    CuAssertPtrNotNullMsg(tc, "Cannot open bad .ini conf directory", dir);
+    for (curr = readdir(dir); curr != NULL; curr = readdir(dir)) {
+        sprintf(ini_path, "%s/%s", BAD_INI_PATH, curr->d_name);
+        stat(ini_path, &curr_stat);
+        if (S_ISREG(curr_stat.st_mode)) {
+            dic = iniparser_load(ini_path);
+            CuAssertPtrEquals_Msg(tc, ini_path, NULL, dic);
+            dictionary_del(dic);
+        }
+    }
+    closedir(dir);
+}
+
+void Test_dictionary_wrapper(CuTest *tc)
+{
+    dictionary *dic;
+
+    dic = dictionary_new(10);
+
+    CuAssertIntEquals(tc, -1, iniparser_set(dic, NULL, NULL));
+    CuAssertIntEquals(tc, -1, iniparser_set(NULL, "section", "value"));
+
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section", NULL));
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key", "value"));
+
+    CuAssertStrEquals(tc, "value", iniparser_getstring(dic, "section:key", NULL));
+    /* reset the key's value*/
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key", NULL));
+    CuAssertStrEquals(tc, NULL, iniparser_getstring(dic, "section:key", "dummy"));
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key", "value"));
+    CuAssertStrEquals(tc, "value", iniparser_getstring(dic, "section:key", NULL));
+
+    iniparser_unset(dic, "section:key");
+    CuAssertStrEquals(tc, "dummy", iniparser_getstring(dic, "section:key", "dummy"));
+    CuAssertStrEquals(tc, NULL, iniparser_getstring(dic, "section", "dummy"));
+
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key", NULL));
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key1", NULL));
+    CuAssertIntEquals(tc, 0, iniparser_set(dic, "section:key2", NULL));
+
+    iniparser_unset(dic, "section");
+    CuAssertStrEquals(tc, NULL, iniparser_getstring(dic, "section", NULL));
+
+    iniparser_freedict(dic);
+}
+
+static char _last_error[1024];
+static int _error_callback(const char *format, ...)
+{
+    int ret;
+    va_list argptr;
+    va_start(argptr, format);
+    ret = vsprintf(_last_error, format, argptr);
+    va_end(argptr);
+    return ret;
+
+}
+
+void Test_iniparser_error_callback(CuTest *tc)
+{
+    dictionary *dic;
+
+    /* Specify our custom error_callback */
+    iniparser_set_error_callback(_error_callback);
+
+    /* Trigger an error and check it was written on the right output */
+    dic = iniparser_load("/path/to/nowhere.ini");
+    CuAssertPtrEquals(tc, NULL, dic);
+    CuAssertStrEquals(tc, "iniparser: cannot open /path/to/nowhere.ini\n", _last_error);
+
+    /* Reset erro_callback */
+    _last_error[0] = '\0';
+    iniparser_set_error_callback(NULL);
+
+    /* Make sure custom callback is no more called */
+    dic = iniparser_load("/path/to/nowhere.ini");
+    CuAssertPtrEquals(tc, NULL, dic);
+    CuAssertStrEquals(tc, "", _last_error);
+}
diff --git a/messages.c b/messages.c
new file mode 100644
index 0000000..5f69924
--- /dev/null
+++ b/messages.c
@@ -0,0 +1,36 @@
+#ifdef MESSAGES_EXTERN
+#define MSG(varname, text) extern char *MSG_##varname
+#else
+#define MSG(varname, text) char *MSG_##varname = text
+#endif
+
+#define USAGE "Skladnia wywolania: %s [--wide-chars] " \
+  "{SCIEZKA_PLIKU_KONFIGURACYJNEGO}"
+
+MSG(MALLOC_FAIL, "Za malo pamieci");
+MSG(CONF_PATH_EXPAND_FAIL, "Bledna sciezka pliku konfiguracyjnego: %s");
+MSG(CONF_NOT_EXIST, "Podany plik konfiguracyjny nie istnieje: %s");
+MSG(CONF_NOT_READABLE, "Brak uprawnien do odczytu pliku konfiguracyjnego: %s");
+MSG(INVALID_INI_FILE, "Blad ladowania konfiguracji, "
+    "sprawdz poprawnosc skladni pliku: %s");
+MSG(BAD_VALUE, "Niepoprawna wartosc zmiennej %s, oczekiwane: %s");
+MSG(BAD_VAR, "Nie zdefiniowano poprawnej zmiennej %s");
+MSG(BAD_PORT_VAR, "Nie zdefiniowano poprawnego portu %s (0 - 65535)");
+MSG(NO_SECTION, "Nie podano %s (sekcja %s)");
+MSG(BAD_DEST_DIR_END, "Sciezka podanego katalogu docelowego "
+    "nie jest zakonczona znakiem '\\'");
+MSG(DEST_DIR_NOT_EXIST, "Podany katalog docelowy nie istnieje");
+MSG(DEST_DIR_NOT_WRITEABLE, "Brak uprawnien do zapisu w katalogu docelowym");
+MSG(ATTACH_NOT_EXIST, "Plik zalacznika nie istnieje: %s");
+MSG(NO_ROOT_CA_STORE, "Nie udalo sie pozyskac zainstalowanych certyfikatow");
+MSG(BAD_ARGS_NUM, "Zle argumenty programu. \r\n" USAGE);
+MSG(MKDIR_FAIL, "Nie udalo sie utworzyc katalogu: %s");
+MSG(FILE_SAVE_FAIL, "Nie udalo sie zapisac do pliku: %s");
+MSG(BAD_AUTHENTICATION, "Nie udalo sie uwierzytelnic przed serwerem");
+MSG(BAD_CERT_FORMAT, "Otrzymano certyfikat w niewspieranym formacie");
+MSG(CERT_VERIFICATION_FAIL, "Blad weryfikacji certyfikatu, "
+    "system lub siec moze byc celem ataku");
+MSG(UNKNOWN_CERT, "Brak certyfikatu w bazie, weryfikacja serwera niemozliwa");
+MSG(CERT_EXPIRED, "Waznosc certyfikatu uzywanego przez serwer wygasla");
+MSG(CERT_NOT_YET_VALID, "Certyfikat uzywany przez serwer "
+    "jeszcze nie zaczal obowiazywac");
diff --git a/misc.c b/misc.c
new file mode 100644
index 0000000..e73b903
--- /dev/null
+++ b/misc.c
@@ -0,0 +1,68 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "utilities.h"
+
+void _finish(bool ok)
+{
+	puts(ok ? "\nOk. " : "\nBlad. ");
+	exit(ok ? 0 : -1);
+}
+
+void *dirtyalloc(size_t size)
+{
+	void *memory = malloc(size);
+
+	if (memory == NULL)
+		FAIL(MSG_MALLOC_FAIL);
+
+	return memory;
+}
+
+/* Used to suppress stderr output of iniparser library */
+int dummy_errback(const char *fmt, ...)
+{
+	return 1;
+}
+
+/*
+ * I had to deal with UTF-16 config files. Since mostly the ASCII characters
+ * are used anyway, I decided to just pick every second byte of the file and
+ * got this semi-working... This IS provisional.
+ */
+int provisional_wide_char_fgetc(FILE *stream)
+{
+	int c = 128;
+
+	while (c > 127) {
+		c = getc(stream);
+		getc(stream);
+
+		if (c == EOF)
+			return EOF;
+	}
+
+	return c;
+}
+
+bool is_valid_port_number(int port)
+{
+  return port >= 0 && port <= 65535;
+}
+
+/*
+ * Different implementations if validate_config() and perform_work()
+ * are supplied in pop and push programs.
+ */
+int main(int argc, const char **argv)
+{
+	struct config config;
+
+	get_config(argc, argv, &config);
+	validate_config(&config);
+	perform_work(&config);
+	/* actually, this won't be reached, because perform_work exit()s... */
+	free_config(&config);
+
+	return 0;
+}
diff --git a/openssl-1.1.0h/.gitattributes b/openssl-1.1.0h/.gitattributes
new file mode 100644
index 0000000..15121c8
--- /dev/null
+++ b/openssl-1.1.0h/.gitattributes
@@ -0,0 +1,3 @@
+*.der binary
+/fuzz/corpora/** binary
+*.pfx binary
diff --git a/openssl-1.1.0h/.gitignore b/openssl-1.1.0h/.gitignore
new file mode 100644
index 0000000..7324bda
--- /dev/null
+++ b/openssl-1.1.0h/.gitignore
@@ -0,0 +1,174 @@
+# Ignore editor artefacts
+/.dir-locals.el
+
+# Top level excludes
+/Makefile.orig
+/MINFO
+/TABLE
+/*.a
+/*.pc
+/rehash.time
+/inc.*
+/makefile.*
+/out.*
+/tmp.*
+/configdata.pm
+
+# *all* Makefiles
+Makefile
+# ... except in demos
+!/demos/*/Makefile
+
+# Links under apps
+/apps/CA.pl
+/apps/tsget
+/apps/tsget.pl
+/apps/md4.c
+
+# Auto generated headers
+/crypto/buildinf.h
+/apps/progs.h
+/crypto/include/internal/*_conf.h
+/openssl/include/opensslconf.h
+/util/domd
+
+# Executables
+/apps/openssl
+/test/sha256t
+/test/sha512t
+/test/gost2814789t
+/test/ssltest_old
+/test/*test
+/test/fips_aesavs
+/test/fips_desmovs
+/test/fips_dhvs
+/test/fips_drbgvs
+/test/fips_dssvs
+/test/fips_ecdhvs
+/test/fips_ecdsavs
+/test/fips_rngvs
+/test/fips_test_suite
+/test/ssltest_old
+/test/x509aux
+/test/v3ext
+
+# Certain files that get created by tests on the fly
+/test/test-runs
+/test/buildtest_*
+
+# Fuzz stuff.
+# Anything without an extension is an executable on Unix, so we keep files
+# with extensions.  And we keep the corpora subddir versioned as well.
+# Anything more generic with extensions that should be ignored will be taken
+# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
+/fuzz/*
+!/fuzz/README*
+!/fuzz/corpora
+!/fuzz/*.*
+
+# Misc auto generated files
+/include/openssl/opensslconf.h
+/tools/c_rehash
+/tools/c_rehash.pl
+/util/shlib_wrap.sh
+/tags
+/TAGS
+/crypto.map
+/ssl.map
+
+# Windows (legacy)
+/tmp32
+/tmp32.dbg
+/tmp32dll
+/tmp32dll.dbg
+/out32
+/out32.dbg
+/out32dll
+/out32dll.dbg
+/inc32
+/MINFO
+/ms/.rnd
+/ms/bcb.mak
+/ms/libeay32.def
+/ms/nt.mak
+/ms/ntdll.mak
+/ms/ssleay32.def
+/ms/version32.rc
+
+# Files created on other branches that are not held in git, and are not
+# needed on this branch
+/include/openssl/asn1_mac.h
+/include/openssl/des_old.h
+/include/openssl/fips.h
+/include/openssl/fips_rand.h
+/include/openssl/krb5_asn.h
+/include/openssl/kssl.h
+/include/openssl/pq_compat.h
+/include/openssl/ssl23.h
+/include/openssl/tmdiff.h
+/include/openssl/ui_compat.h
+/test/fips_aesavs.c
+/test/fips_desmovs.c
+/test/fips_dsatest.c
+/test/fips_dssvs.c
+/test/fips_hmactest.c
+/test/fips_randtest.c
+/test/fips_rngvs.c
+/test/fips_rsagtest.c
+/test/fips_rsastest.c
+/test/fips_rsavtest.c
+/test/fips_shatest.c
+/test/fips_test_suite.c
+/test/shatest.c
+
+##### Generic patterns
+# Auto generated assembly language source files
+*.s
+!/crypto/*/asm/*.s
+/crypto/arm*.S
+/crypto/*/*.S
+*.asm
+!/crypto/*/asm/*.asm
+
+# Object files
+*.o
+*.obj
+
+# editor artefacts
+*.swp
+.#*
+\#*#
+*~
+
+# Certificate symbolic links
+*.0
+
+# All kinds of executables
+*.so
+*.so.*
+*.dylib
+*.dylib.*
+*.dll
+*.dll.*
+*.exe
+*.pyc
+*.exp
+*.lib
+*.pdb
+*.ilk
+*.def
+*.rc
+*.res
+
+# Misc generated stuff
+Makefile.save
+/crypto/**/lib
+/engines/**/lib
+/ssl/**/lib
+*.bak
+cscope.*
+*.d
+pod2htmd.tmp
+
+# Windows manifest files
+*.manifest
diff --git a/openssl-1.1.0h/.travis-apt-pin.preferences b/openssl-1.1.0h/.travis-apt-pin.preferences
new file mode 100644
index 0000000..1797bd0
--- /dev/null
+++ b/openssl-1.1.0h/.travis-apt-pin.preferences
@@ -0,0 +1,15 @@
+Package: clang-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang-common-3.9-dev
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang1-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libllvm3.9v4
+Pin: release o=Ubuntu
+Pin-Priority: -1
diff --git a/openssl-1.1.0h/.travis-create-release.sh b/openssl-1.1.0h/.travis-create-release.sh
new file mode 100644
index 0000000..311cedd
--- /dev/null
+++ b/openssl-1.1.0h/.travis-create-release.sh
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+# $1 is expected to be $TRAVIS_OS_NAME
+
+./Configure dist
+if [ "$1" == osx ]; then
+    make NAME='_srcdist' TARFILE='_srcdist.tar' \
+         TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
+else
+    make TARFILE='_srcdist.tar' NAME='_srcdist' dist
+fi
diff --git a/openssl-1.1.0h/.travis.yml b/openssl-1.1.0h/.travis.yml
new file mode 100644
index 0000000..b5fc443
--- /dev/null
+++ b/openssl-1.1.0h/.travis.yml
@@ -0,0 +1,204 @@
+dist: trusty
+sudo: required
+
+language: c
+cache: ccache
+
+before_install:
+    - if [ -n "$COVERALLS" ]; then
+          pip install --user cpp-coveralls;
+      fi;
+
+addons:
+    apt:
+        packages:
+            - ccache
+
+os:
+    - linux
+
+compiler:
+    - clang
+    - gcc
+
+env:
+    - CONFIG_OPTS="" DESTDIR="_install"
+    - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
+    - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
+    - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
+    - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
+    - CONFIG_OPTS="no-ec" BUILDONLY="yes"
+    - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
+
+matrix:
+    include:
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
+        - os: linux
+          compiler: gcc
+          env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="enable-asan"
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="enable-msan"
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
+        - os: linux
+          compiler: clang-3.9
+          env: CONFIG_OPTS="no-stdio"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - gcc-5
+                  sources:
+                      - ubuntu-toolchain-r-test
+          compiler: gcc-5
+          env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: i686-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: i686-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: x86_64-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: x86_64-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
+    exclude:
+        - os: linux
+          compiler: clang
+        - os: osx
+          compiler: gcc
+
+before_script:
+    - if [ -n "$DESTDIR" ]; then
+          sh .travis-create-release.sh $TRAVIS_OS_NAME;
+          tar -xvzf _srcdist.tar.gz;
+          mkdir _build;
+          cd _build;
+          srcdir=../_srcdist;
+          top=..;
+      else
+          srcdir=.;
+          top=.;
+      fi
+    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
+      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
+      else
+          if [ "$CC" == clang-3.9 ]; then
+              sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
+              curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
+              echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
+              sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
+              sudo -E apt-get -yq update;
+              sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
+          elif which ccache >/dev/null; then
+              CC="ccache $CC";
+          fi;
+          $srcdir/config -v $CONFIG_OPTS;
+      fi
+    - if [ -z "$BUILDONLY" ]; then
+          if [ -n "$CROSS_COMPILE" ]; then
+              if [ "$TRAVIS_OS_NAME" == "linux" ]; then
+                  sudo dpkg --add-architecture i386;
+                  sudo apt-get update;
+              fi;
+          fi;
+      fi
+    - cd $top
+
+script:
+    - if [ -z "$BUILDONLY" ]; then
+          make="make -s";
+      else
+          make="make";
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          cd _build;
+          top=..;
+      else
+          top=.;
+      fi
+    - if $make update; then
+          echo -e '+\057 MAKE UPDATE OK';
+      else
+          echo -e '+\057 MAKE UPDATE FAILED'; false;
+      fi;
+      git diff --exit-code
+    - if [ -n "$CHECKDOCS" ]; then
+          if $make doc-nits; then
+              echo -e '+\057\057 MAKE DOC-NITS OK';
+          else
+              echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
+          fi;
+      fi
+    - if $make ; then
+          echo -e '+\057\057\057 MAKE OK';
+      else
+          echo -e '+\057\057\057 MAKE FAILED'; false;
+      fi;
+    - if [ -z "$BUILDONLY" ]; then
+          if [ -n "$CROSS_COMPILE" ]; then
+              sudo apt-get -yq install wine;
+              export EXE_SHELL="wine" WINEPREFIX=`pwd`;
+          fi;
+          HARNESS_VERBOSE=yes make test;
+      else
+          if $make build_tests; then
+              echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
+          else
+              echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
+          fi;
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          mkdir "../$DESTDIR";
+          if $make install install_docs DESTDIR="../$DESTDIR"; then
+              echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
+          else
+              echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
+          fi;
+      fi
+    - cd $top
+
+after_success:
+    - if [ -n "$COVERALLS" ]; then
+          coveralls -b . --gcov-options '\-lp';
+      fi;
+
+notifications:
+    email:
+        secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
diff --git a/openssl-1.1.0h/ACKNOWLEDGEMENTS b/openssl-1.1.0h/ACKNOWLEDGEMENTS
new file mode 100644
index 0000000..d21dccb
--- /dev/null
+++ b/openssl-1.1.0h/ACKNOWLEDGEMENTS
@@ -0,0 +1,2 @@
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.
diff --git a/openssl-1.1.0h/AUTHORS b/openssl-1.1.0h/AUTHORS
new file mode 100644
index 0000000..48211a2
--- /dev/null
+++ b/openssl-1.1.0h/AUTHORS
@@ -0,0 +1,21 @@
+    Andy Polyakov
+    Ben Laurie
+    Bodo Möller
+    Emilia Käsper
+    Eric Young
+    Geoff Thorpe
+    Holger Reif
+    Kurt Roeckx
+    Lutz Jänicke
+    Mark J. Cox
+    Matt Caswell
+    Nils Larsch
+    Paul C. Sutton
+    Ralf S. Engelschall
+    Rich Salz
+    Richard Levitte
+    Stephen Henson
+    Steve Marquess
+    Tim Hudson
+    Ulf Möller
+    Viktor Dukhovni
diff --git a/openssl-1.1.0h/CHANGES b/openssl-1.1.0h/CHANGES
new file mode 100644
index 0000000..0ea1ad5
--- /dev/null
+++ b/openssl-1.1.0h/CHANGES
@@ -0,0 +1,12586 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ This is a high-level summary of the most important changes.
+ For a full list of changes, see the git commit log; for example,
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+ Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
+
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+     Constructed ASN.1 types with a recursive definition (such as can be found
+     in PKCS7) could eventually exceed the stack given malicious input with
+     excessive recursion. This could result in a Denial Of Service attack. There
+     are no such structures used within SSL/TLS that come from untrusted sources
+     so this is considered safe.
+
+     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+     project.
+     (CVE-2018-0739)
+     [Matt Caswell]
+
+  *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
+
+     Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+     effectively reduced to only comparing the least significant bit of each
+     byte. This allows an attacker to forge messages that would be considered as
+     authenticated in an amount of tries lower than that guaranteed by the
+     security claims of the scheme. The module can only be compiled by the
+     HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
+
+     This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
+     (IBM).
+     (CVE-2018-0733)
+     [Andy Polyakov]
+
+  *) Add a build target 'build_all_generated', to build all generated files
+     and only that.  This can be used to prepare everything that requires
+     things like perl for a system that lacks perl and then move everything
+     to that system and do the rest of the build there.
+     [Richard Levitte]
+
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+     OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+     (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+     changes this is no longer possible in 1.1.0. Therefore the new
+     SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+     1.1.0 to provide equivalent functionality.
+
+     Note that if an application built against 1.1.0h headers (or above) is run
+     using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+     accepted but nothing will happen, i.e. renegotiation will not be prevented.
+     [Matt Caswell]
+
+  *) Removed the OS390-Unix config target.  It relied on a script that doesn't
+     exist.
+     [Rich Salz]
+
+  *) rsaz_1024_mul_avx2 overflow bug on x86_64
+
+     There is an overflow bug in the AVX2 Montgomery multiplication procedure
+     used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+     Analysis suggests that attacks against RSA and DSA as a result of this
+     defect would be very difficult to perform and are not believed likely.
+     Attacks against DH1024 are considered just feasible, because most of the
+     work necessary to deduce information about a private key may be performed
+     offline. The amount of resources required for such an attack would be
+     significant. However, for an attack on TLS to be meaningful, the server
+     would have to share the DH1024 private key among multiple clients, which is
+     no longer an option since CVE-2016-0701.
+
+     This only affects processors that support the AVX2 but not ADX extensions
+     like Intel Haswell (4th generation).
+
+     This issue was reported to OpenSSL by David Benjamin (Google). The issue
+     was originally found via the OSS-Fuzz project.
+     (CVE-2017-3738)
+     [Andy Polyakov]
+
+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
+
+  *) bn_sqrx8x_internal carry bug on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients.
+
+     This only affects processors that support the BMI1, BMI2 and ADX extensions
+     like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3736)
+     [Andy Polyakov]
+
+  *) Malformed X.509 IPAddressFamily could cause OOB read
+
+     If an X.509 certificate has a malformed IPAddressFamily extension,
+     OpenSSL could do a one-byte buffer overread. The most likely result
+     would be an erroneous display of the certificate in text format.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3735)
+     [Rich Salz]
+
+  *) Ignore the '-named_curve auto' value for compatibility of applications
+     with OpenSSL 1.0.2.
+     [Tomas Mraz <tmraz@fedoraproject.org>]
+
+  *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
+     [Emilia Käsper]
+
+ Changes between 1.1.0e and 1.1.0f [25 May 2017]
+
+  *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
+     platform rather than 'mingw'.
+     [Richard Levitte]
+
+  *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c.
+     VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1,
+     which is the minimum version we support.
+     [Richard Levitte]
+
+ Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
+
+  *) Encrypt-Then-Mac renegotiation crash
+
+     During a renegotiation handshake if the Encrypt-Then-Mac extension is
+     negotiated where it was not in the original handshake (or vice-versa) then
+     this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+     and servers are affected.
+
+     This issue was reported to OpenSSL by Joe Orton (Red Hat).
+     (CVE-2017-3733)
+     [Matt Caswell]
+
+ Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
+
+  *) Truncated packet could crash via OOB read
+
+     If one side of an SSL/TLS path is running on a 32-bit host and a specific
+     cipher is being used, then a truncated packet can cause that host to
+     perform an out-of-bounds read, usually resulting in a crash.
+
+     This issue was reported to OpenSSL by Robert Święcki of Google.
+     (CVE-2017-3731)
+     [Andy Polyakov]
+
+  *) Bad (EC)DHE parameters cause a client crash
+
+     If a malicious server supplies bad parameters for a DHE or ECDHE key
+     exchange then this can result in the client attempting to dereference a
+     NULL pointer leading to a client crash. This could be exploited in a Denial
+     of Service attack.
+
+     This issue was reported to OpenSSL by Guido Vranken.
+     (CVE-2017-3730)
+     [Matt Caswell]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+     similar to CVE-2015-3193 but must be treated as a separate problem.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3732)
+     [Andy Polyakov]
+
+ Changes between 1.1.0b and 1.1.0c [10 Nov 2016]
+
+  *) ChaCha20/Poly1305 heap-buffer-overflow
+
+     TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to
+     a DoS attack by corrupting larger payloads. This can result in an OpenSSL
+     crash. This issue is not considered to be exploitable beyond a DoS.
+
+     This issue was reported to OpenSSL by Robert Święcki (Google Security Team)
+     (CVE-2016-7054)
+     [Richard Levitte]
+
+  *) CMS Null dereference
+
+     Applications parsing invalid CMS structures can crash with a NULL pointer
+     dereference. This is caused by a bug in the handling of the ASN.1 CHOICE
+     type in OpenSSL 1.1.0 which can result in a NULL value being passed to the
+     structure callback if an attempt is made to free certain invalid encodings.
+     Only CHOICE structures using a callback which do not handle NULL value are
+     affected.
+
+     This issue was reported to OpenSSL by Tyler Nighswander of ForAllSecure.
+     (CVE-2016-7053)
+     [Stephen Henson]
+
+  *) Montgomery multiplication may produce incorrect results
+
+     There is a carry propagating bug in the Broadwell-specific Montgomery
+     multiplication procedure that handles input lengths divisible by, but
+     longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+     and DH private keys are impossible. This is because the subroutine in
+     question is not used in operations with the private key itself and an input
+     of the attacker's direct choice. Otherwise the bug can manifest itself as
+     transient authentication and key negotiation failures or reproducible
+     erroneous outcome of public-key operations with specially crafted input.
+     Among EC algorithms only Brainpool P-512 curves are affected and one
+     presumably can attack ECDH key negotiation. Impact was not analyzed in
+     detail, because pre-requisites for attack are considered unlikely. Namely
+     multiple clients have to choose the curve in question and the server has to
+     share the private key among them, neither of which is default behaviour.
+     Even then only clients that chose the curve will be affected.
+
+     This issue was publicly reported as transient failures and was not
+     initially recognized as a security issue. Thanks to Richard Morgan for
+     providing reproducible case.
+     (CVE-2016-7055)
+     [Andy Polyakov]
+
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
+
+  *) Removed automatic addition of RPATH in shared libraries and executables,
+     as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
+     [Richard Levitte]
+
+ Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
+
+  *) Fix Use After Free for large message sizes
+
+     The patch applied to address CVE-2016-6307 resulted in an issue where if a
+     message larger than approx 16k is received then the underlying buffer to
+     store the incoming message is reallocated and moved. Unfortunately a
+     dangling pointer to the old location is left which results in an attempt to
+     write to the previously freed location. This is likely to result in a
+     crash, however it could potentially lead to execution of arbitrary code.
+
+     This issue only affects OpenSSL 1.1.0a.
+
+     This issue was reported to OpenSSL by Robert Święcki.
+     (CVE-2016-6309)
+     [Matt Caswell]
+
+ Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+     A malicious client can send an excessively large OCSP Status Request
+     extension. If that client continually requests renegotiation, sending a
+     large OCSP Status Request extension each time, then there will be unbounded
+     memory growth on the server. This will eventually lead to a Denial Of
+     Service attack through memory exhaustion. Servers with a default
+     configuration are vulnerable even if they do not support OCSP. Builds using
+     the "no-ocsp" build time option are not affected.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6304)
+     [Matt Caswell]
+
+  *) SSL_peek() hang on empty record
+
+     OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer
+     sends an empty record. This could be exploited by a malicious peer in a
+     Denial Of Service attack.
+
+     This issue was reported to OpenSSL by Alex Gaynor.
+     (CVE-2016-6305)
+     [Matt Caswell]
+
+  *) Excessive allocation of memory in tls_get_message_header() and
+     dtls1_preprocess_fragment()
+
+     A (D)TLS message includes 3 bytes for its length in the header for the
+     message. This would allow for messages up to 16Mb in length. Messages of
+     this length are excessive and OpenSSL includes a check to ensure that a
+     peer is sending reasonably sized messages in order to avoid too much memory
+     being consumed to service a connection. A flaw in the logic of version
+     1.1.0 means that memory for the message is allocated too early, prior to
+     the excessive message length check. Due to way memory is allocated in
+     OpenSSL this could mean an attacker could force up to 21Mb to be allocated
+     to service a connection. This could lead to a Denial of Service through
+     memory exhaustion. However, the excessive message length check still takes
+     place, and this would cause the connection to immediately fail. Assuming
+     that the application calls SSL_free() on the failed connection in a timely
+     manner then the 21Mb of allocated memory will then be immediately freed
+     again. Therefore the excessive memory allocation will be transitory in
+     nature. This then means that there is only a security impact if:
+
+     1) The application does not call SSL_free() in a timely manner in the event
+     that the connection fails
+     or
+     2) The application is working in a constrained environment where there is
+     very little free memory
+     or
+     3) The attacker initiates multiple connection attempts such that there are
+     multiple connections in a state where memory has been allocated for the
+     connection; SSL_free() has not yet been called; and there is insufficient
+     memory to service the multiple requests.
+
+     Except in the instance of (1) above any Denial Of Service is likely to be
+     transitory because as soon as the connection fails the memory is
+     subsequently freed again in the SSL_free() call. However there is an
+     increased risk during this period of application crashes due to the lack of
+     memory - which would then mean a more serious Denial of Service.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6307 and CVE-2016-6308)
+     [Matt Caswell]
+
+  *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler,
+     had to be removed. Primary reason is that vendor assembler can't
+     assemble our modules with -KPIC flag. As result it, assembly
+     support, was not even available as option. But its lack means
+     lack of side-channel resistant code, which is incompatible with
+     security by todays standards. Fortunately gcc is readily available
+     prepackaged option, which we firmly point at...
+     [Andy Polyakov]
+
+ Changes between 1.0.2h and 1.1.0  [25 Aug 2016]
+
+  *) Windows command-line tool supports UTF-8 opt-in option for arguments
+     and console input. Setting OPENSSL_WIN32_UTF8 environment variable
+     (to any value) allows Windows user to access PKCS#12 file generated
+     with Windows CryptoAPI and protected with non-ASCII password, as well
+     as files generated under UTF-8 locale on Linux also protected with
+     non-ASCII password.
+     [Andy Polyakov]
+
+  *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
+     have been disabled by default and removed from DEFAULT, just like RC4.
+     See the RC4 item below to re-enable both.
+     [Rich Salz]
+
+  *) The method for finding the storage location for the Windows RAND seed file
+     has changed. First we check %RANDFILE%. If that is not set then we check
+     the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If
+     all else fails we fall back to C:\.
+     [Matt Caswell]
+
+  *) The EVP_EncryptUpdate() function has had its return type changed from void
+     to int. A return of 0 indicates and error while a return of 1 indicates
+     success.
+     [Matt Caswell]
+
+  *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
+     DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
+     off the constant time implementation for RSA, DSA and DH have been made
+     no-ops and deprecated.
+     [Matt Caswell]
+
+  *) Windows RAND implementation was simplified to only get entropy by
+     calling CryptGenRandom(). Various other RAND-related tickets
+     were also closed.
+     [Joseph Wylie Yandle, Rich Salz]
+
+  *) The stack and lhash API's were renamed to start with OPENSSL_SK_
+     and OPENSSL_LH_, respectively.  The old names are available
+     with API compatibility.  They new names are now completely documented.
+     [Rich Salz]
+
+  *) Unify TYPE_up_ref(obj) methods signature.
+     SSL_CTX_up_ref(), SSL_up_ref(), X509_up_ref(), EVP_PKEY_up_ref(),
+     X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an
+     int (instead of void) like all others TYPE_up_ref() methods.
+     So now these methods also check the return value of CRYPTO_atomic_add(),
+     and the validity of object reference counter.
+     [fdasilvayy@gmail.com]
+
+  *) With Windows Visual Studio builds, the .pdb files are installed
+     alongside the installed libraries and executables.  For a static
+     library installation, ossl_static.pdb is the associate compiler
+     generated .pdb file to be used when linking programs.
+     [Richard Levitte]
+
+  *) Remove openssl.spec.  Packaging files belong with the packagers.
+     [Richard Levitte]
+
+  *) Automatic Darwin/OSX configuration has had a refresh, it will now
+     recognise x86_64 architectures automatically.  You can still decide
+     to build for a different bitness with the environment variable
+     KERNEL_BITS (can be 32 or 64), for example:
+
+         KERNEL_BITS=32 ./config
+
+     [Richard Levitte]
+
+  *) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0,
+     256 bit AES and HMAC with SHA256.
+     [Steve Henson]
+
+  *) Remove support for MIPS o32 ABI on IRIX (and IRIX only).
+     [Andy Polyakov]
+
+  *) Triple-DES ciphers have been moved from HIGH to MEDIUM.
+     [Rich Salz]
+
+  *) To enable users to have their own config files and build file templates,
+     Configure looks in the directory indicated by the environment variable
+     OPENSSL_LOCAL_CONFIG_DIR as well as the in-source Configurations/
+     directory.  On VMS, OPENSSL_LOCAL_CONFIG_DIR is expected to be a logical
+     name and is used as is.
+     [Richard Levitte]
+
+  *) The following datatypes were made opaque: X509_OBJECT, X509_STORE_CTX,
+     X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD.  The unused type
+     X509_CERT_FILE_CTX was removed.
+     [Rich Salz]
+
+  *) "shared" builds are now the default. To create only static libraries use
+     the "no-shared" Configure option.
+     [Matt Caswell]
+
+  *) Remove the no-aes, no-hmac, no-rsa, no-sha and no-md5 Configure options.
+     All of these option have not worked for some while and are fundamental
+     algorithms.
+     [Matt Caswell]
+
+  *) Make various cleanup routines no-ops and mark them as deprecated. Most
+     global cleanup functions are no longer required because they are handled
+     via auto-deinit (see OPENSSL_init_crypto and OPENSSL_init_ssl man pages).
+     Explicitly de-initing can cause problems (e.g. where a library that uses
+     OpenSSL de-inits, but an application is still using it). The affected
+     functions are CONF_modules_free(), ENGINE_cleanup(), OBJ_cleanup(),
+     EVP_cleanup(), BIO_sock_cleanup(), CRYPTO_cleanup_all_ex_data(),
+     RAND_cleanup(), SSL_COMP_free_compression_methods(), ERR_free_strings() and
+     COMP_zlib_cleanup().
+     [Matt Caswell]
+
+  *) --strict-warnings no longer enables runtime debugging options
+     such as REF_DEBUG. Instead, debug options are automatically
+     enabled with '--debug' builds.
+     [Andy Polyakov, Emilia Käsper]
+
+  *) Made DH and DH_METHOD opaque. The structures for managing DH objects
+     have been moved out of the public header files. New functions for managing
+     these have been added.
+     [Matt Caswell]
+
+  *) Made RSA and RSA_METHOD opaque. The structures for managing RSA
+     objects have been moved out of the public header files. New
+     functions for managing these have been added.
+     [Richard Levitte]
+
+  *) Made DSA and DSA_METHOD opaque. The structures for managing DSA objects
+     have been moved out of the public header files. New functions for managing
+     these have been added.
+     [Matt Caswell]
+
+  *) Made BIO and BIO_METHOD opaque. The structures for managing BIOs have been
+     moved out of the public header files. New functions for managing these
+     have been added.
+     [Matt Caswell]
+
+  *) Removed no-rijndael as a config option. Rijndael is an old name for AES.
+     [Matt Caswell]
+
+  *) Removed the mk1mf build scripts.
+     [Richard Levitte]
+
+  *) Headers are now wrapped, if necessary, with OPENSSL_NO_xxx, so
+     it is always safe to #include a header now.
+     [Rich Salz]
+
+  *) Removed the aged BC-32 config and all its supporting scripts
+     [Richard Levitte]
+
+  *) Removed support for Ultrix, Netware, and OS/2.
+     [Rich Salz]
+
+  *) Add support for HKDF.
+     [Alessandro Ghedini]
+
+  *) Add support for blake2b and blake2s
+     [Bill Cox]
+
+  *) Added support for "pipelining". Ciphers that have the
+     EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple
+     encryptions/decryptions simultaneously. There are currently no built-in
+     ciphers with this property but the expectation is that engines will be able
+     to offer it to significantly improve throughput. Support has been extended
+     into libssl so that multiple records for a single connection can be
+     processed in one go (for >=TLS 1.1).
+     [Matt Caswell]
+
+  *) Added the AFALG engine. This is an async capable engine which is able to
+     offload work to the Linux kernel. In this initial version it only supports
+     AES128-CBC. The kernel must be version 4.1.0 or greater.
+     [Catriona Lucey]
+
+  *) OpenSSL now uses a new threading API. It is no longer necessary to
+     set locking callbacks to use OpenSSL in a multi-threaded environment. There
+     are two supported threading models: pthreads and windows threads. It is
+     also possible to configure OpenSSL at compile time for "no-threads". The
+     old threading API should no longer be used. The functions have been
+     replaced with "no-op" compatibility macros.
+     [Alessandro Ghedini, Matt Caswell]
+
+  *) Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+     [Todd Short]
+
+  *) Add SSL_CIPHER queries for authentication and key-exchange.
+     [Todd Short]
+
+  *) Changes to the DEFAULT cipherlist:
+       - Prefer (EC)DHE handshakes over plain RSA.
+       - Prefer AEAD ciphers over legacy ciphers.
+       - Prefer ECDSA over RSA when both certificates are available.
+       - Prefer TLSv1.2 ciphers/PRF.
+       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
+         default cipherlist.
+     [Emilia Käsper]
+
+  *) Change the ECC default curve list to be this, in order: x25519,
+     secp256r1, secp521r1, secp384r1.
+     [Rich Salz]
+
+  *) RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
+     disabled by default. They can be re-enabled using the
+     enable-weak-ssl-ciphers option to Configure.
+     [Matt Caswell]
+
+  *) If the server has ALPN configured, but supports no protocols that the
+     client advertises, send a fatal "no_application_protocol" alert.
+     This behaviour is SHALL in RFC 7301, though it isn't universally
+     implemented by other servers.
+     [Emilia Käsper]
+
+  *) Add X25519 support.
+     Add ASN.1 and EVP_PKEY methods for X25519. This includes support
+     for public and private key encoding using the format documented in
+     draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports
+     key generation and key derivation.
+
+     TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses
+     X25519(29).
+     [Steve Henson]
+
+  *) Deprecate SRP_VBASE_get_by_user.
+     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+     In order to fix an unavoidable memory leak (CVE-2016-0798),
+     SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP
+     seed, even if the seed is configured.
+
+     Users should use SRP_VBASE_get1_by_user instead. Note that in
+     SRP_VBASE_get1_by_user, caller must free the returned value. Note
+     also that even though configuring the SRP seed attempts to hide
+     invalid usernames by continuing the handshake with fake
+     credentials, this behaviour is not constant time and no strong
+     guarantees are made that the handshake is indistinguishable from
+     that of a valid user.
+     [Emilia Käsper]
+
+  *) Configuration change; it's now possible to build dynamic engines
+     without having to build shared libraries and vice versa.  This
+     only applies to the engines in engines/, those in crypto/engine/
+     will always be built into libcrypto (i.e. "static").
+
+     Building dynamic engines is enabled by default; to disable, use
+     the configuration option "disable-dynamic-engine".
+
+     The only requirements for building dynamic engines are the
+     presence of the DSO module and building with position independent
+     code, so they will also automatically be disabled if configuring
+     with "disable-dso" or "disable-pic".
+
+     The macros OPENSSL_NO_STATIC_ENGINE and OPENSSL_NO_DYNAMIC_ENGINE
+     are also taken away from openssl/opensslconf.h, as they are
+     irrelevant.
+     [Richard Levitte]
+
+  *) Configuration change; if there is a known flag to compile
+     position independent code, it will always be applied on the
+     libcrypto and libssl object files, and never on the application
+     object files.  This means other libraries that use routines from
+     libcrypto / libssl can be made into shared libraries regardless
+     of how OpenSSL was configured.
+
+     If this isn't desirable, the configuration options "disable-pic"
+     or "no-pic" can be used to disable the use of PIC.  This will
+     also disable building shared libraries and dynamic engines.
+     [Richard Levitte]
+
+  *) Removed JPAKE code.  It was experimental and has no wide use.
+     [Rich Salz]
+
+  *) The INSTALL_PREFIX Makefile variable has been renamed to
+     DESTDIR.  That makes for less confusion on what this variable
+     is for.  Also, the configuration option --install_prefix is
+     removed.
+     [Richard Levitte]
+
+  *) Heartbeat for TLS has been removed and is disabled by default
+     for DTLS; configure with enable-heartbeats.  Code that uses the
+     old #define's might need to be updated.
+     [Emilia Käsper, Rich Salz]
+
+  *) Rename REF_CHECK to REF_DEBUG.
+     [Rich Salz]
+
+  *) New "unified" build system
+
+     The "unified" build system is aimed to be a common system for all
+     platforms we support.  With it comes new support for VMS.
+
+     This system builds supports building in a different directory tree
+     than the source tree.  It produces one Makefile (for unix family
+     or lookalikes), or one descrip.mms (for VMS).
+
+     The source of information to make the Makefile / descrip.mms is
+     small files called 'build.info', holding the necessary
+     information for each directory with source to compile, and a
+     template in Configurations, like unix-Makefile.tmpl or
+     descrip.mms.tmpl.
+
+     With this change, the library names were also renamed on Windows
+     and on VMS.  They now have names that are closer to the standard
+     on Unix, and include the major version number, and in certain
+     cases, the architecture they are built for.  See "Notes on shared
+     libraries" in INSTALL.
+
+     We rely heavily on the perl module Text::Template.
+     [Richard Levitte]
+
+  *) Added support for auto-initialisation and de-initialisation of the library.
+     OpenSSL no longer requires explicit init or deinit routines to be called,
+     except in certain circumstances. See the OPENSSL_init_crypto() and
+     OPENSSL_init_ssl() man pages for further information.
+     [Matt Caswell]
+
+  *) The arguments to the DTLSv1_listen function have changed. Specifically the
+     "peer" argument is now expected to be a BIO_ADDR object.
+
+  *) Rewrite of BIO networking library. The BIO library lacked consistent
+     support of IPv6, and adding it required some more extensive
+     modifications.  This introduces the BIO_ADDR and BIO_ADDRINFO types,
+     which hold all types of addresses and chains of address information.
+     It also introduces a new API, with functions like BIO_socket,
+     BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
+     The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
+     have been adapted accordingly.
+     [Richard Levitte]
+
+  *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
+     the leading 0-byte.
+     [Emilia Käsper]
+
+  *) CRIME protection: disable compression by default, even if OpenSSL is
+     compiled with zlib enabled. Applications can still enable compression
+     by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
+     using the SSL_CONF library to configure compression.
+     [Emilia Käsper]
+
+  *) The signature of the session callback configured with
+     SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
+     was explicitly marked as 'const unsigned char*' instead of
+     'unsigned char*'.
+     [Emilia Käsper]
+
+  *) Always DPURIFY. Remove the use of uninitialized memory in the
+     RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
+     [Emilia Käsper]
+
+  *) Removed many obsolete configuration items, including
+        DES_PTR, DES_RISC1, DES_RISC2, DES_INT
+        MD2_CHAR, MD2_INT, MD2_LONG
+        BF_PTR, BF_PTR2
+        IDEA_SHORT, IDEA_LONG
+        RC2_SHORT, RC2_LONG, RC4_LONG, RC4_CHUNK, RC4_INDEX
+     [Rich Salz, with advice from Andy Polyakov]
+
+  *) Many BN internals have been moved to an internal header file.
+     [Rich Salz with help from Andy Polyakov]
+
+  *) Configuration and writing out the results from it has changed.
+     Files such as Makefile include/openssl/opensslconf.h and are now
+     produced through general templates, such as Makefile.in and
+     crypto/opensslconf.h.in and some help from the perl module
+     Text::Template.
+
+     Also, the center of configuration information is no longer
+     Makefile.  Instead, Configure produces a perl module in
+     configdata.pm which holds most of the config data (in the hash
+     table %config), the target data that comes from the target
+     configuration in one of the Configurations/*.conf files (in
+     %target).
+     [Richard Levitte]
+
+  *) To clarify their intended purposes, the Configure options
+     --prefix and --openssldir change their semantics, and become more
+     straightforward and less interdependent.
+
+     --prefix shall be used exclusively to give the location INSTALLTOP
+     where programs, scripts, libraries, include files and manuals are
+     going to be installed.  The default is now /usr/local.
+
+     --openssldir shall be used exclusively to give the default
+     location OPENSSLDIR where certificates, private keys, CRLs are
+     managed.  This is also where the default openssl.cnf gets
+     installed.
+     If the directory given with this option is a relative path, the
+     values of both the --prefix value and the --openssldir value will
+     be combined to become OPENSSLDIR.
+     The default for --openssldir is INSTALLTOP/ssl.
+
+     Anyone who uses --openssldir to specify where OpenSSL is to be
+     installed MUST change to use --prefix instead.
+     [Richard Levitte]
+
+  *) The GOST engine was out of date and therefore it has been removed. An up
+     to date GOST engine is now being maintained in an external repository.
+     See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
+     support for GOST ciphersuites (these are only activated if a GOST engine
+     is present).
+     [Matt Caswell]
+
+  *) EGD is no longer supported by default; use enable-egd when
+     configuring.
+     [Ben Kaduk and Rich Salz]
+
+  *) The distribution now has Makefile.in files, which are used to
+     create Makefile's when Configure is run.  *Configure must be run
+     before trying to build now.*
+     [Rich Salz]
+
+  *) The return value for SSL_CIPHER_description() for error conditions
+     has changed.
+     [Rich Salz]
+
+  *) Support for RFC6698/RFC7671 DANE TLSA peer authentication.
+
+     Obtaining and performing DNSSEC validation of TLSA records is
+     the application's responsibility.  The application provides
+     the TLSA records of its choice to OpenSSL, and these are then
+     used to authenticate the peer.
+
+     The TLSA records need not even come from DNS.  They can, for
+     example, be used to implement local end-entity certificate or
+     trust-anchor "pinning", where the "pin" data takes the form
+     of TLSA records, which can augment or replace verification
+     based on the usual WebPKI public certification authorities.
+     [Viktor Dukhovni]
+
+  *) Revert default OPENSSL_NO_DEPRECATED setting.  Instead OpenSSL
+     continues to support deprecated interfaces in default builds.
+     However, applications are strongly advised to compile their
+     source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides
+     the declarations of all interfaces deprecated in 0.9.8, 1.0.0
+     or the 1.1.0 releases.
+
+     In environments in which all applications have been ported to
+     not use any deprecated interfaces OpenSSL's Configure script
+     should be used with the --api=1.1.0 option to entirely remove
+     support for the deprecated features from the library and
+     unconditionally disable them in the installed headers.
+     Essentially the same effect can be achieved with the "no-deprecated"
+     argument to Configure, except that this will always restrict
+     the build to just the latest API, rather than a fixed API
+     version.
+
+     As applications are ported to future revisions of the API,
+     they should update their compile-time OPENSSL_API_COMPAT define
+     accordingly, but in most cases should be able to continue to
+     compile with later releases.
+
+     The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are
+     0x10000000L and 0x00908000L, respectively.  However those
+     versions did not support the OPENSSL_API_COMPAT feature, and
+     so applications are not typically tested for explicit support
+     of just the undeprecated features of either release.
+     [Viktor Dukhovni]
+
+  *) Add support for setting the minimum and maximum supported protocol.
+     It can bet set via the SSL_set_min_proto_version() and
+     SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and
+     MaxProtcol.  It's recommended to use the new APIs to disable
+     protocols instead of disabling individual protocols using
+     SSL_set_options() or SSL_CONF's Protocol.  This change also
+     removes support for disabling TLS 1.2 in the OpenSSL TLS
+     client at compile time by defining OPENSSL_NO_TLS1_2_CLIENT.
+     [Kurt Roeckx]
+
+  *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
+     [Andy Polyakov]
+
+  *) New EC_KEY_METHOD, this replaces the older ECDSA_METHOD and ECDH_METHOD
+     and integrates ECDSA and ECDH functionality into EC. Implementations can
+     now redirect key generation and no longer need to convert to or from
+     ECDSA_SIG format.
+
+     Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
+     include the ec.h header file instead.
+     [Steve Henson]
+
+  *) Remove support for all 40 and 56 bit ciphers.  This includes all the export
+     ciphers who are no longer supported and drops support the ephemeral RSA key
+     exchange. The LOW ciphers currently doesn't have any ciphers in it.
+     [Kurt Roeckx]
+
+  *) Made EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER and HMAC_CTX
+     opaque.  For HMAC_CTX, the following constructors and destructors
+     were added:
+
+        HMAC_CTX *HMAC_CTX_new(void);
+        void HMAC_CTX_free(HMAC_CTX *ctx);
+
+     For EVP_MD and EVP_CIPHER, complete APIs to create, fill and
+     destroy such methods has been added.  See EVP_MD_meth_new(3) and
+     EVP_CIPHER_meth_new(3) for documentation.
+
+     Additional changes:
+     1) EVP_MD_CTX_cleanup(), EVP_CIPHER_CTX_cleanup() and
+        HMAC_CTX_cleanup() were removed.  HMAC_CTX_reset() and
+        EVP_MD_CTX_reset() should be called instead to reinitialise
+        an already created structure.
+     2) For consistency with the majority of our object creators and
+        destructors, EVP_MD_CTX_(create|destroy) were renamed to
+        EVP_MD_CTX_(new|free).  The old names are retained as macros
+        for deprecated builds.
+     [Richard Levitte]
+
+  *) Added ASYNC support. Libcrypto now includes the async sub-library to enable
+     cryptographic operations to be performed asynchronously as long as an
+     asynchronous capable engine is used. See the ASYNC_start_job() man page for
+     further details. Libssl has also had this capability integrated with the
+     introduction of the new mode SSL_MODE_ASYNC and associated error
+     SSL_ERROR_WANT_ASYNC. See the SSL_CTX_set_mode() and SSL_get_error() man
+     pages. This work was developed in partnership with Intel Corp.
+     [Matt Caswell]
+
+  *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
+     always enabled now.  If you want to disable the support you should
+     exclude it using the list of supported ciphers. This also means that the
+     "-no_ecdhe" option has been removed from s_server.
+     [Kurt Roeckx]
+
+  *) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
+     SSL_{CTX_}set1_curves() which can set a list.
+     [Kurt Roeckx]
+
+  *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback().  You should set the
+     curve you want to support using SSL_{CTX_}set1_curves().
+     [Kurt Roeckx]
+
+  *) State machine rewrite. The state machine code has been significantly
+     refactored in order to remove much duplication of code and solve issues
+     with the old code (see ssl/statem/README for further details). This change
+     does have some associated API changes. Notably the SSL_state() function
+     has been removed and replaced by SSL_get_state which now returns an
+     "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed
+     altogether. The previous handshake states defined in ssl.h and ssl3.h have
+     also been removed.
+     [Matt Caswell]
+
+  *) All instances of the string "ssleay" in the public API were replaced
+     with OpenSSL (case-matching; e.g., OPENSSL_VERSION for #define's)
+     Some error codes related to internal RSA_eay API's were renamed.
+     [Rich Salz]
+
+  *) The demo files in crypto/threads were moved to demo/threads.
+     [Rich Salz]
+
+  *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron, gmp,
+     sureware and ubsec.
+     [Matt Caswell, Rich Salz]
+
+  *) New ASN.1 embed macro.
+
+     New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
+     structure is not allocated: it is part of the parent. That is instead of
+
+     FOO *x;
+
+     it must be:
+
+     FOO x;
+
+     This reduces memory fragmentation and make it impossible to accidentally
+     set a mandatory field to NULL.
+
+     This currently only works for some fields specifically a SEQUENCE, CHOICE,
+     or ASN1_STRING type which is part of a parent SEQUENCE. Since it is
+     equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or
+     SEQUENCE OF.
+     [Steve Henson]
+
+  *) Remove EVP_CHECK_DES_KEY, a compile-time option that never compiled.
+     [Emilia Käsper]
+
+  *) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
+     in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also
+     an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add
+     DES and RC4 ciphersuites.
+     [Matt Caswell]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) Fix no-stdio build.
+    [ David Woodhouse <David.Woodhouse@intel.com> and also
+      Ivan Nestlerode <ivan.nestlerode@sonos.com> ]
+
+  *) New testing framework
+     The testing framework has been largely rewritten and is now using
+     perl and the perl modules Test::Harness and an extended variant of
+     Test::More called OpenSSL::Test to do its work.  All test scripts in
+     test/ have been rewritten into test recipes, and all direct calls to
+     executables in test/Makefile have become individual recipes using the
+     simplified testing OpenSSL::Test::Simple.
+
+     For documentation on our testing modules, do:
+
+        perldoc test/testlib/OpenSSL/Test/Simple.pm
+        perldoc test/testlib/OpenSSL/Test.pm
+
+     [Richard Levitte]
+
+  *) Revamped memory debug; only -DCRYPTO_MDEBUG and -DCRYPTO_MDEBUG_ABORT
+     are used; the latter aborts on memory leaks (usually checked on exit).
+     Some undocumented "set malloc, etc., hooks" functions were removed
+     and others were changed.  All are now documented.
+     [Rich Salz]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     return an error
+     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
+
+  *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+     from RFC4279, RFC4785, RFC5487, RFC5489.
+
+     Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
+     original RSA_PSK patch.
+     [Steve Henson]
+
+  *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
+     era flag was never set throughout the codebase (only read). Also removed
+     SSL3_FLAGS_POP_BUFFER which was only used if
+     SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
+     [Matt Caswell]
+
+  *) Changed the default name options in the "ca", "crl", "req" and "x509"
+     to be "oneline" instead of "compat".
+     [Richard Levitte]
+
+  *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
+     not aware of clients that still exhibit this bug, and the workaround
+     hasn't been working properly for a while.
+     [Emilia Käsper]
+
+  *) The return type of BIO_number_read() and BIO_number_written() as well as
+     the corresponding num_read and num_write members in the BIO structure has
+     changed from unsigned long to uint64_t. On platforms where an unsigned
+     long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
+     transferred.
+     [Matt Caswell]
+
+  *) Given the pervasive nature of TLS extensions it is inadvisable to run
+     OpenSSL without support for them. It also means that maintaining
+     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+     [Matt Caswell]
+
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
+  *) Version negotiation has been rewritten. In particular SSLv23_method(),
+     SSLv23_client_method() and SSLv23_server_method() have been deprecated,
+     and turned into macros which simply call the new preferred function names
+     TLS_method(), TLS_client_method() and TLS_server_method(). All new code
+     should use the new names instead. Also as part of this change the ssl23.h
+     header file has been removed.
+     [Matt Caswell]
+
+  *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+     code and the associated standard is no longer considered fit-for-purpose.
+     [Matt Caswell]
+
+  *) RT2547 was closed.  When generating a private key, try to make the
+     output file readable only by the owner.  This behavior change might
+     be noticeable when interacting with other software.
+
+  *) Documented all exdata functions.  Added CRYPTO_free_ex_index.
+     Added a test.
+     [Rich Salz]
+
+  *) Added HTTP GET support to the ocsp command.
+     [Rich Salz]
+
+  *) Changed default digest for the dgst and enc commands from MD5 to
+     sha256
+     [Rich Salz]
+
+  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+     [Matt Caswell]
+
+  *) Added support for TLS extended master secret from
+     draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+     initial patch which was a great help during development.
+     [Steve Henson]
+
+  *) All libssl internal structures have been removed from the public header
+     files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+     now redundant). Users should not attempt to access internal structures
+     directly. Instead they should use the provided API functions.
+     [Matt Caswell]
+
+  *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
+     Access to deprecated functions can be re-enabled by running config with
+     "enable-deprecated". In addition applications wishing to use deprecated
+     functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
+     will, by default, disable some transitive includes that previously existed
+     in the header files (e.g. ec.h will no longer, by default, include bn.h)
+     [Matt Caswell]
+
+  *) Added support for OCB mode. OpenSSL has been granted a patent license
+     compatible with the OpenSSL license for use of OCB. Details are available
+     at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support
+     for OCB can be removed by calling config with no-ocb.
+     [Matt Caswell]
+
+  *) SSLv2 support has been removed.  It still supports receiving a SSLv2
+     compatible client hello.
+     [Kurt Roeckx]
+
+  *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz],
+     done while fixing the error code for the key-too-small case.
+     [Annie Yousar <a.yousar@informatik.hu-berlin.de>]
+
+  *) CA.sh has been removed; use CA.pl instead.
+     [Rich Salz]
+
+  *) Removed old DES API.
+     [Rich Salz]
+
+  *) Remove various unsupported platforms:
+        Sony NEWS4
+        BEOS and BEOS_R5
+        NeXT
+        SUNOS
+        MPE/iX
+        Sinix/ReliantUNIX RM400
+        DGUX
+        NCR
+        Tandem
+        Cray
+        16-bit platforms such as WIN16
+     [Rich Salz]
+
+  *) Clean up OPENSSL_NO_xxx #define's
+        Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+        Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+        OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+        OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+        OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+        Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+        OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+        OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+        OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
+        Remove MS_STATIC; it's a relic from platforms <32 bits.
+     [Rich Salz]
+
+  *) Cleaned up dead code
+        Remove all but one '#ifdef undef' which is to be looked at.
+     [Rich Salz]
+
+  *) Clean up calling of xxx_free routines.
+        Just like free(), fix most of the xxx_free routines to accept
+        NULL.  Remove the non-null checks from callers.  Save much code.
+     [Rich Salz]
+
+  *) Add secure heap for storage of private keys (when possible).
+     Add BIO_s_secmem(), CBIGNUM, etc.
+     Contributed by Akamai Technologies under our Corporate CLA.
+     [Rich Salz]
+
+  *) Experimental support for a new, fast, unbiased prime candidate generator,
+     bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
+     [Felix Laurie von Massenbach <felix@erbridge.co.uk>]
+
+  *) New output format NSS in the sess_id command line tool. This allows
+     exporting the session id and the master key in NSS keylog format.
+     [Martin Kaiser <martin@kaiser.cx>]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.  Thanks to Ted Unangst for feedback on this issue.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+     this fixes a limitation in previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Experimental encrypt-then-mac support.
+    
+     Experimental support for encrypt then mac from
+     draft-gutmann-tls-encrypt-then-mac-02.txt
+
+     To enable it set the appropriate extension number (0x42 for the test
+     server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42
+ 
+     For non-compliant peers (i.e. just about everything) this should have no
+     effect.
+
+     WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
+
+     [Steve Henson]
+
+  *) Add EVP support for key wrapping algorithms, to avoid problems with
+     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+     algorithms and include tests cases.
+     [Steve Henson]
+
+  *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
+     enveloped data.
+     [Steve Henson]
+
+  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+     MGF1 digest and OAEP label.
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) New function ASN1_TIME_diff to calculate the difference between two
+     ASN1_TIME structures or one structure and the current time.
+     [Steve Henson]
+
+  *) Update fips_test_suite to support multiple command line options. New
+     test to induce all self test errors in sequence and check expected
+     failures.
+     [Steve Henson]
+
+  *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
+     sign or verify all in one operation.
+     [Steve Henson]
+
+  *) Add fips_algvs: a multicall fips utility incorporating all the algorithm
+     test programs and fips_test_suite. Includes functionality to parse
+     the minimal script output of fipsalgest.pl directly.
+     [Steve Henson]
+
+  *) Add authorisation parameter to FIPS_module_mode_set().
+     [Steve Henson]
+
+  *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
+     [Steve Henson]
+
+  *) Use separate DRBG fields for internal and external flags. New function
+     FIPS_drbg_health_check() to perform on demand health checking. Add
+     generation tests to fips_test_suite with reduced health check interval to 
+     demonstrate periodic health checking. Add "nodh" option to
+     fips_test_suite to skip very slow DH test.
+     [Steve Henson]
+
+  *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers
+     based on NID.
+     [Steve Henson]
+
+  *) More extensive health check for DRBG checking many more failure modes.
+     New function FIPS_selftest_drbg_all() to handle every possible DRBG
+     combination: call this in fips_test_suite.
+     [Steve Henson]
+
+  *) Add support for canonical generation of DSA parameter 'g'. See 
+     FIPS 186-3 A.2.3.
+
+  *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
+     POST to handle HMAC cases.
+     [Steve Henson]
+
+  *) Add functions FIPS_module_version() and FIPS_module_version_text()
+     to return numerical and string versions of the FIPS module number.
+     [Steve Henson]
+
+  *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
+     FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implemented
+     outside the validated module in the FIPS capable OpenSSL.
+     [Steve Henson]
+
+  *) Minor change to DRBG entropy callback semantics. In some cases
+     there is no multiple of the block length between min_len and
+     max_len. Allow the callback to return more than max_len bytes
+     of entropy but discard any extra: it is the callback's responsibility
+     to ensure that the extra data discarded does not impact the
+     requested amount of entropy.
+     [Steve Henson]
+
+  *) Add PRNG security strength checks to RSA, DSA and ECDSA using 
+     information in FIPS186-3, SP800-57 and SP800-131A.
+     [Steve Henson]
+
+  *) CCM support via EVP. Interface is very similar to GCM case except we
+     must supply all data in one chunk (i.e. no update, final) and the
+     message length must be supplied if AAD is used. Add algorithm test
+     support.
+     [Steve Henson]
+
+  *) Initial version of POST overhaul. Add POST callback to allow the status
+     of POST to be monitored and/or failures induced. Modify fips_test_suite
+     to use callback. Always run all selftests even if one fails.
+     [Steve Henson]
+
+  *) XTS support including algorithm test driver in the fips_gcmtest program.
+     Note: this does increase the maximum key length from 32 to 64 bytes but
+     there should be no binary compatibility issues as existing applications
+     will never use XTS mode.
+     [Steve Henson]
+
+  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+     performs algorithm blocking for unapproved PRNG types. Also do not
+     set PRNG type in FIPS_mode_set(): leave this to the application.
+     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+     the standard OpenSSL PRNG: set additional data to a date time vector.
+     [Steve Henson]
+
+  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+     This shouldn't present any incompatibility problems because applications
+     shouldn't be using these directly and any that are will need to rethink
+     anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+     [Steve Henson]
+
+  *) Extensive self tests and health checking required by SP800-90 DRBG.
+     Remove strength parameter from FIPS_drbg_instantiate and always
+     instantiate at maximum supported strength.
+     [Steve Henson]
+
+  *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
+     [Steve Henson]
+
+  *) New algorithm test program fips_dhvs to handle DH primitives only testing.
+     [Steve Henson]
+
+  *) New function DH_compute_key_padded() to compute a DH key and pad with
+     leading zeroes if needed: this complies with SP800-56A et al.
+     [Steve Henson]
+
+  *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
+     anything, incomplete, subject to change and largely untested at present.
+     [Steve Henson]
+
+  *) Modify fipscanisteronly build option to only build the necessary object
+     files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
+     [Steve Henson]
+
+  *) Add experimental option FIPSSYMS to give all symbols in
+     fipscanister.o and FIPS or fips prefix. This will avoid
+     conflicts with future versions of OpenSSL. Add perl script
+     util/fipsas.pl to preprocess assembly language source files
+     and rename any affected symbols.
+     [Steve Henson]
+
+  *) Add selftest checks and algorithm block of non-fips algorithms in
+     FIPS mode. Remove DES2 from selftests.
+     [Steve Henson]
+
+  *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just
+     return internal method without any ENGINE dependencies. Add new
+     tiny fips sign and verify functions.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) New build option "fipscanisteronly". This only builds fipscanister.o
+     and (currently) associated fips utilities. Uses the file Makefile.fips
+     instead of Makefile.org as the prototype.
+     [Steve Henson]
+
+  *) Add some FIPS mode restrictions to GCM. Add internal IV generator.
+     Update fips_gcmtest to use IV generator.
+     [Steve Henson]
+
+  *) Initial, experimental EVP support for AES-GCM. AAD can be input by
+     setting output buffer to NULL. The *Final function must be
+     called although it will not retrieve any additional data. The tag
+     can be set or retrieved with a ctrl. The IV length is by default 12
+     bytes (96 bits) but can be set to an alternative value. If the IV
+     length exceeds the maximum IV length (currently 16 bytes) it cannot be
+     set before the key. 
+     [Steve Henson]
+
+  *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+     underlying do_cipher function handles all cipher semantics itself
+     including padding and finalisation. This is useful if (for example)
+     an ENGINE cipher handles block padding itself. The behaviour of
+     do_cipher is subtly changed if this flag is set: the return value
+     is the number of characters written to the output buffer (zero is
+     no longer an error code) or a negative error code. Also if the
+     input buffer is NULL and length 0 finalisation should be performed.
+     [Steve Henson]
+
+  *) If a candidate issuer certificate is already part of the constructed
+     path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+     [Steve Henson]
+
+  *) Improve forward-security support: add functions
+
+       void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
+       void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
+
+     for use by SSL/TLS servers; the callback function will be called whenever a
+     new session is created, and gets to decide whether the session may be
+     cached to make it resumable (return 0) or not (return 1).  (As by the
+     SSL/TLS protocol specifications, the session_id sent by the server will be
+     empty to indicate that the session is not resumable; also, the server will
+     not generate RFC 4507 (RFC 5077) session tickets.)
+
+     A simple reasonable callback implementation is to return is_forward_secure.
+     This parameter will be set to 1 or 0 depending on the ciphersuite selected
+     by the SSL/TLS server library, indicating whether it can provide forward
+     security.
+     [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+  *) New -verify_name option in command line utilities to set verification
+     parameters by name.
+     [Steve Henson]
+
+  *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
+     Add CMAC pkey methods.
+     [Steve Henson]
+
+  *) Experimental renegotiation in s_server -www mode. If the client 
+     browses /reneg connection is renegotiated. If /renegcert it is
+     renegotiated requesting a certificate.
+     [Steve Henson]
+
+  *) Add an "external" session cache for debugging purposes to s_server. This
+     should help trace issues which normally are only apparent in deployed
+     multi-process servers.
+     [Steve Henson]
+
+  *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+     return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+     BIO_set_cipher() and some obscure PEM functions were changed so they
+     can now return an error. The RAND changes required a change to the
+     RAND_METHOD structure.
+     [Steve Henson]
+
+  *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+     a gcc attribute to warn if the result of a function is ignored. This
+     is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+     whose return value is often ignored. 
+     [Steve Henson]
+
+  *) New -noct, -requestct, -requirect and -ctlogfile options for s_client.
+     These allow SCTs (signed certificate timestamps) to be requested and
+     validated when establishing a connection.
+     [Rob Percival <robpercival@google.com>]
+
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+     A MITM attacker can use a padding oracle attack to decrypt traffic
+     when the connection uses an AES CBC cipher and the server support
+     AES-NI.
+
+     This issue was introduced as part of the fix for Lucky 13 padding
+     attack (CVE-2013-0169). The padding check was rewritten to be in
+     constant time by making sure that always the same bytes are read and
+     compared against either the MAC or padding bytes. But it no longer
+     checked that there was enough data to have both the MAC and padding
+     bytes.
+
+     This issue was reported by Juraj Somorovsky using TLS-Attacker.
+     (CVE-2016-2107)
+     [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+     An overflow can occur in the EVP_EncodeUpdate() function which is used for
+     Base64 encoding of binary data. If an attacker is able to supply very large
+     amounts of input data then a length check can overflow resulting in a heap
+     corruption.
+
+     Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
+     the PEM_write_bio* family of functions. These are mainly used within the
+     OpenSSL command line applications, so any application which processes data
+     from an untrusted source and outputs it as a PEM file should be considered
+     vulnerable to this issue. User applications that call these APIs directly
+     with large amounts of untrusted data may also be vulnerable.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2105)
+     [Matt Caswell]
+
+  *) Fix EVP_EncryptUpdate overflow
+
+     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+     is able to supply very large amounts of input data after a previous call to
+     EVP_EncryptUpdate() with a partial block then a length check can overflow
+     resulting in a heap corruption. Following an analysis of all OpenSSL
+     internal usage of the EVP_EncryptUpdate() function all usage is one of two
+     forms. The first form is where the EVP_EncryptUpdate() call is known to be
+     the first called function after an EVP_EncryptInit(), and therefore that
+     specific call must be safe. The second form is where the length passed to
+     EVP_EncryptUpdate() can be seen from the code to be some small value and
+     therefore there is no possibility of an overflow. Since all instances are
+     one of these two forms, it is believed that there can be no overflows in
+     internal code due to this problem. It should be noted that
+     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
+     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
+     of these calls have also been analysed too and it is believed there are no
+     instances in internal usage where an overflow could occur.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2106)
+     [Matt Caswell]
+
+  *) Prevent ASN.1 BIO excessive memory allocation
+
+     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+     a short invalid encoding can cause allocation of large amounts of memory
+     potentially consuming excessive resources or exhausting memory.
+
+     Any application parsing untrusted data through d2i BIO functions is
+     affected. The memory based functions such as d2i_X509() are *not* affected.
+     Since the memory based functions are used by the TLS library, TLS
+     applications are not affected.
+
+     This issue was reported by Brian Carpenter.
+     (CVE-2016-2109)
+     [Stephen Henson]
+
+  *) EBCDIC overread
+
+     ASN1 Strings that are over 1024 bytes can cause an overread in applications
+     using the X509_NAME_oneline() function on EBCDIC systems. This could result
+     in arbitrary stack data being returned in the buffer.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2176)
+     [Matt Caswell]
+
+  *) Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+     [Todd Short]
+
+  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
+     default.
+     [Kurt Roeckx]
+
+  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
+     methods are enabled and ssl2 is disabled the methods return NULL.
+     [Kurt Roeckx]
+
+ Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
+
+  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+    Builds that are not configured with "enable-weak-ssl-ciphers" will not
+    provide any "EXPORT" or "LOW" strength ciphers.
+    [Viktor Dukhovni]
+
+  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
+    is by default disabled at build-time.  Builds that are not configured with
+    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
+    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
+    will need to explicitly call either of:
+
+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+    or
+        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+    as appropriate.  Even if either of those is used, or the application
+    explicitly uses the version-specific SSLv2_method() or its client and
+    server variants, SSLv2 ciphers vulnerable to exhaustive search key
+    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
+    ciphers, and SSLv2 56-bit DES are no longer available.
+    (CVE-2016-0800)
+    [Viktor Dukhovni]
+
+  *) Fix a double-free in DSA code
+
+     A double free bug was discovered when OpenSSL parses malformed DSA private
+     keys and could lead to a DoS attack or memory corruption for applications
+     that receive DSA private keys from untrusted sources.  This scenario is
+     considered rare.
+
+     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2016-0705)
+     [Stephen Henson]
+
+  *) Disable SRP fake user seed to address a server memory leak.
+
+     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+     was changed to ignore the "fake user" SRP seed, even if the seed
+     is configured.
+
+     Users should use SRP_VBASE_get1_by_user instead. Note that in
+     SRP_VBASE_get1_by_user, caller must free the returned value. Note
+     also that even though configuring the SRP seed attempts to hide
+     invalid usernames by continuing the handshake with fake
+     credentials, this behaviour is not constant time and no strong
+     guarantees are made that the handshake is indistinguishable from
+     that of a valid user.
+     (CVE-2016-0798)
+     [Emilia Käsper]
+
+  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+
+     In the BN_hex2bn function the number of hex digits is calculated using an
+     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
+     large values of |i| this can result in |bn_expand| not allocating any
+     memory because |i * 4| is negative. This can leave the internal BIGNUM data
+     field as NULL leading to a subsequent NULL ptr deref. For very large values
+     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
+     In this case memory is allocated to the internal BIGNUM data field, but it
+     is insufficiently sized leading to heap corruption. A similar issue exists
+     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
+     is ever called by user applications with very large untrusted hex/dec data.
+     This is anticipated to be a rare occurrence.
+
+     All OpenSSL internal usage of these functions use data that is not expected
+     to be untrusted, e.g. config file data or application command line
+     arguments. If user developed applications generate config file data based
+     on untrusted data then it is possible that this could also lead to security
+     consequences. This is also anticipated to be rare.
+
+     This issue was reported to OpenSSL by Guido Vranken.
+     (CVE-2016-0797)
+     [Matt Caswell]
+
+  *) Fix memory issues in BIO_*printf functions
+
+     The internal |fmtstr| function used in processing a "%s" format string in
+     the BIO_*printf functions could overflow while calculating the length of a
+     string and cause an OOB read when printing very long strings.
+
+     Additionally the internal |doapr_outch| function can attempt to write to an
+     OOB memory location (at an offset from the NULL pointer) in the event of a
+     memory allocation failure. In 1.0.2 and below this could be caused where
+     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
+     could be in processing a very long "%s" format string. Memory leaks can
+     also occur.
+
+     The first issue may mask the second issue dependent on compiler behaviour.
+     These problems could enable attacks where large amounts of untrusted data
+     is passed to the BIO_*printf functions. If applications use these functions
+     in this way then they could be vulnerable. OpenSSL itself uses these
+     functions when printing out human-readable dumps of ASN.1 data. Therefore
+     applications that print this data could be vulnerable if the data is from
+     untrusted sources. OpenSSL command line applications could also be
+     vulnerable where they print out ASN.1 data, or if untrusted data is passed
+     as command line arguments.
+
+     Libssl is not considered directly vulnerable. Additionally certificates etc
+     received via remote connections via libssl are also unlikely to be able to
+     trigger these issues because of message size limits enforced within libssl.
+
+     This issue was reported to OpenSSL Guido Vranken.
+     (CVE-2016-0799)
+     [Matt Caswell]
+
+  *) Side channel attack on modular exponentiation
+
+     A side-channel attack was found which makes use of cache-bank conflicts on
+     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
+     of RSA keys.  The ability to exploit this issue is limited as it relies on
+     an attacker who has control of code in a thread running on the same
+     hyper-threaded core as the victim thread which is performing decryptions.
+
+     This issue was reported to OpenSSL by Yuval Yarom, The University of
+     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
+     Nadia Heninger, University of Pennsylvania with more information at
+     http://cachebleed.info.
+     (CVE-2016-0702)
+     [Andy Polyakov]
+
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]
+
+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+  *) DH small subgroups
+
+     Historically OpenSSL only ever generated DH parameters based on "safe"
+     primes. More recently (in version 1.0.2) support was provided for
+     generating X9.42 style parameter files such as those required for RFC 5114
+     support. The primes used in such files may not be "safe". Where an
+     application is using DH configured with parameters based on primes that are
+     not "safe" then an attacker could use this fact to find a peer's private
+     DH exponent. This attack requires that the attacker complete multiple
+     handshakes in which the peer uses the same private DH exponent. For example
+     this could be used to discover a TLS server's private DH exponent if it's
+     reusing the private DH exponent or it's using a static DH ciphersuite.
+
+     OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+     TLS. It is not on by default. If the option is not set then the server
+     reuses the same private DH exponent for the life of the server process and
+     would be vulnerable to this attack. It is believed that many popular
+     applications do set this option and would therefore not be at risk.
+
+     The fix for this issue adds an additional check where a "q" parameter is
+     available (as is the case in X9.42 based parameters). This detects the
+     only known attack, and is the only possible defense for static DH
+     ciphersuites. This could have some performance impact.
+
+     Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
+     default and cannot be disabled. This could have some performance impact.
+
+     This issue was reported to OpenSSL by Antonio Sanso (Adobe).
+     (CVE-2016-0701)
+     [Matt Caswell]
+
+  *) SSLv2 doesn't block disabled ciphers
+
+     A malicious client can negotiate SSLv2 ciphers that have been disabled on
+     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+     been disabled, provided that the SSLv2 protocol was not also disabled via
+     SSL_OP_NO_SSLv2.
+
+     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+     and Sebastian Schinzel.
+     (CVE-2015-3197)
+     [Viktor Dukhovni]
+
+ Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+     This issue was reported to OpenSSL by Hanno Böck.
+     (CVE-2015-3193)
+     [Andy Polyakov]
+
+  *) Certificate verify crash with missing PSS parameter
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and absent mask generation function parameter. Since these
+     routines are used to verify certificate signature algorithms this can be
+     used to crash any certificate verification operation and exploited in a
+     DoS attack. Any application which performs certificate verification is
+     vulnerable including OpenSSL clients and servers which enable client
+     authentication.
+
+     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
+     (CVE-2015-3194)
+     [Stephen Henson]
+
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     return an error
+     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
+
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
+
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
+  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+     incompatibility in the handling of HMAC. The previous ABI has now been
+     restored.
+     [Matt Caswell]
+
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
+
+  *) ClientHello sigalgs DoS fix
+
+     If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
+     invalid signature algorithms extension a NULL pointer dereference will
+     occur. This can be exploited in a DoS attack against the server.
+
+     This issue was was reported to OpenSSL by David Ramos of Stanford
+     University.
+     (CVE-2015-0291)
+     [Stephen Henson and Matt Caswell]
+
+  *) Multiblock corrupted pointer fix
+
+     OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
+     feature only applies on 64 bit x86 architecture platforms that support AES
+     NI instructions. A defect in the implementation of "multiblock" can cause
+     OpenSSL's internal write buffer to become incorrectly set to NULL when
+     using non-blocking IO. Typically, when the user application is using a
+     socket BIO for writing, this will only result in a failed connection.
+     However if some other BIO is used then it is likely that a segmentation
+     fault will be triggered, thus enabling a potential DoS attack.
+
+     This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
+     (CVE-2015-0290)
+     [Matt Caswell]
+
+  *) Segmentation fault in DTLSv1_listen fix
+
+     The DTLSv1_listen function is intended to be stateless and processes the
+     initial ClientHello from many peers. It is common for user code to loop
+     over the call to DTLSv1_listen until a valid ClientHello is received with
+     an associated cookie. A defect in the implementation of DTLSv1_listen means
+     that state is preserved in the SSL object from one invocation to the next
+     that can lead to a segmentation fault. Errors processing the initial
+     ClientHello can trigger this scenario. An example of such an error could be
+     that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
+     server.
+
+     This issue was reported to OpenSSL by Per Allansson.
+     (CVE-2015-0207)
+     [Matt Caswell]
+
+  *) Segmentation fault in ASN1_TYPE_cmp fix
+
+     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+     certificate signature algorithm consistency this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+     (CVE-2015-0286)
+     [Stephen Henson]
+
+  *) Segmentation fault for invalid PSS parameters fix
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and invalid parameters. Since these routines are used to verify
+     certificate signature algorithms this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+
+     This issue was was reported to OpenSSL by Brian Carpenter.
+     (CVE-2015-0208)
+     [Stephen Henson]
+
+  *) ASN.1 structure reuse memory corruption fix
+
+     Reusing a structure in ASN.1 parsing may allow an attacker to cause
+     memory corruption via an invalid write. Such reuse is and has been
+     strongly discouraged and is believed to be rare.
+
+     Applications that parse structures containing CHOICE or ANY DEFINED BY
+     components may be affected. Certificate parsing (d2i_X509 and related
+     functions) are however not affected. OpenSSL clients and servers are
+     not affected.
+     (CVE-2015-0287)
+     [Stephen Henson]
+
+  *) PKCS7 NULL pointer dereferences fix
+
+     The PKCS#7 parsing code does not handle missing outer ContentInfo
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+     missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+     otherwise parse PKCS#7 structures from untrusted sources are
+     affected. OpenSSL clients and servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-0289)
+     [Emilia Käsper]
+
+  *) DoS via reachable assert in SSLv2 servers fix
+
+     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+     servers that both support SSLv2 and enable export cipher suites by sending
+     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+     This issue was discovered by Sean Burford (Google) and Emilia Käsper
+     (OpenSSL development team).
+     (CVE-2015-0293)
+     [Emilia Käsper]
+
+  *) Empty CKE with client auth and DHE fix
+
+     If client auth is used then a server can seg fault in the event of a DHE
+     ciphersuite being selected and a zero length ClientKeyExchange message
+     being sent by the client. This could be exploited in a DoS attack.
+     (CVE-2015-1787)
+     [Matt Caswell]
+
+  *) Handshake with unseeded PRNG fix
+
+     Under certain conditions an OpenSSL 1.0.2 client can complete a handshake
+     with an unseeded PRNG. The conditions are:
+     - The client is on a platform where the PRNG has not been seeded
+     automatically, and the user has not seeded manually
+     - A protocol specific client method version has been used (i.e. not
+     SSL_client_methodv23)
+     - A ciphersuite is used that does not require additional random data from
+     the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
+
+     If the handshake succeeds then the client random that has been used will
+     have been generated from a PRNG with insufficient entropy and therefore the
+     output may be predictable.
+
+     For example using the following command with an unseeded openssl will
+     succeed on an unpatched platform:
+
+     openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
+     (CVE-2015-0285)
+     [Matt Caswell]
+
+  *) Use After Free following d2i_ECPrivatekey error fix
+
+     A malformed EC private key file consumed via the d2i_ECPrivateKey function
+     could cause a use after free condition. This, in turn, could cause a double
+     free in several private key parsing functions (such as d2i_PrivateKey
+     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+     for applications that receive EC private keys from untrusted
+     sources. This scenario is considered rare.
+
+     This issue was discovered by the BoringSSL project and fixed in their
+     commit 517073cd4b.
+     (CVE-2015-0209)
+     [Matt Caswell]
+
+  *) X509_to_X509_REQ NULL pointer deref fix
+
+     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+     the certificate key is invalid. This function is rarely used in practice.
+
+     This issue was discovered by Brian Carpenter.
+     (CVE-2015-0288)
+     [Stephen Henson]
+
+  *) Removed the export ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
+
+ Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
+
+  *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
+     ARMv5 through ARMv8, as opposite to "locking" it to single one.
+     So far those who have to target multiple platforms would compromise
+     and argue that binary targeting say ARMv5 would still execute on
+     ARMv8. "Universal" build resolves this compromise by providing
+     near-optimal performance even on newer platforms.
+     [Andy Polyakov]
+
+  *) Accelerated NIST P-256 elliptic curve implementation for x86_64
+     (other platforms pending).
+     [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]
+
+  *) Add support for the SignedCertificateTimestampList certificate and
+     OCSP response extensions from RFC6962.
+     [Rob Stradling]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+  *) Initial support for PowerISA 2.0.7, first implemented in POWER8.
+     This covers AES, SHA256/512 and GHASH. "Initial" means that most
+     common cases are optimized and there still is room for further
+     improvements. Vector Permutation AES for Altivec is also added.
+     [Andy Polyakov]
+
+  *) Add support for little-endian ppc64 Linux target.
+     [Marcelo Cerri (IBM)]
+
+  *) Initial support for AMRv8 ISA crypto extensions. This covers AES,
+     SHA1, SHA256 and GHASH. "Initial" means that most common cases
+     are optimized and there still is room for further improvements.
+     Both 32- and 64-bit modes are supported.
+     [Andy Polyakov, Ard Biesheuvel (Linaro)]
+
+  *) Improved ARMv7 NEON support.
+     [Andy Polyakov]
+
+  *) Support for SPARC Architecture 2011 crypto extensions, first
+     implemented in SPARC T4. This covers AES, DES, Camellia, SHA1,
+     SHA256/512, MD5, GHASH and modular exponentiation.
+     [Andy Polyakov, David Miller]
+
+  *) Accelerated modular exponentiation for Intel processors, a.k.a.
+     RSAZ.
+     [Shay Gueron & Vlad Krasnov (Intel Corp)]
+
+  *) Support for new and upcoming Intel processors, including AVX2,
+     BMI and SHA ISA extensions. This includes additional "stitched"
+     implementations, AESNI-SHA256 and GCM, and multi-buffer support
+     for TLS encrypt.
+
+     This work was sponsored by Intel Corp.
+     [Andy Polyakov]
+
+  *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
+     supports both DTLS 1.2 and 1.0 and should use whatever version the peer
+     supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
+     [Steve Henson]
+
+  *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+     this fixes a limitation in previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+     MGF1 digest and OAEP label.
+     [Steve Henson]
+
+  *) Add EVP support for key wrapping algorithms, to avoid problems with
+     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+     algorithms and include tests cases.
+     [Steve Henson]
+
+  *) Add functions to allocate and set the fields of an ECDSA_METHOD
+     structure.
+     [Douglas E. Engert, Steve Henson]
+
+  *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the
+     difference in days and seconds between two tm or ASN1_TIME structures.
+     [Steve Henson]
+
+  *) Add -rev test option to s_server to just reverse order of characters
+     received by client and send back to server. Also prints an abbreviated
+     summary of the connection parameters.
+     [Steve Henson]
+
+  *) New option -brief for s_client and s_server to print out a brief summary
+     of connection parameters.
+     [Steve Henson]
+
+  *) Add callbacks for arbitrary TLS extensions.
+     [Trevor Perrin <trevp@trevp.net> and Ben Laurie]
+
+  *) New option -crl_download in several openssl utilities to download CRLs
+     from CRLDP extension in certificates.
+     [Steve Henson]
+
+  *) New options -CRL and -CRLform for s_client and s_server for CRLs.
+     [Steve Henson]
+
+  *) New function X509_CRL_diff to generate a delta CRL from the difference
+     of two full CRLs. Add support to "crl" utility.
+     [Steve Henson]
+
+  *) New functions to set lookup_crls function and to retrieve
+     X509_STORE from X509_STORE_CTX.
+     [Steve Henson]
+
+  *) Print out deprecated issuer and subject unique ID fields in
+     certificates.
+     [Steve Henson]
+
+  *) Extend OCSP I/O functions so they can be used for simple general purpose
+     HTTP as well as OCSP. New wrapper function which can be used to download
+     CRLs using the OCSP API.
+     [Steve Henson]
+
+  *) Delegate command line handling in s_client/s_server to SSL_CONF APIs.
+     [Steve Henson]
+
+  *) SSL_CONF* functions. These provide a common framework for application
+     configuration using configuration files or command lines.
+     [Steve Henson]
+
+  *) SSL/TLS tracing code. This parses out SSL/TLS records using the
+     message callback and prints the results. Needs compile time option
+     "enable-ssl-trace". New options to s_client and s_server to enable
+     tracing.
+     [Steve Henson]
+
+  *) New ctrl and macro to retrieve supported points extensions.
+     Print out extension in s_server and s_client.
+     [Steve Henson]
+
+  *) New functions to retrieve certificate signature and signature
+     OID NID.
+     [Steve Henson]
+
+  *) Add functions to retrieve and manipulate the raw cipherlist sent by a
+     client to OpenSSL.
+     [Steve Henson]
+
+  *) New Suite B modes for TLS code. These use and enforce the requirements
+     of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
+     only use Suite B curves. The Suite B modes can be set by using the
+     strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
+     [Steve Henson]
+
+  *) New chain verification flags for Suite B levels of security. Check
+     algorithms are acceptable when flags are set in X509_verify_cert.
+     [Steve Henson]
+
+  *) Make tls1_check_chain return a set of flags indicating checks passed
+     by a certificate chain. Add additional tests to handle client
+     certificates: checks for matching certificate type and issuer name
+     comparison.
+     [Steve Henson]
+
+  *) If an attempt is made to use a signature algorithm not in the peer
+     preference list abort the handshake. If client has no suitable
+     signature algorithms in response to a certificate request do not
+     use the certificate.
+     [Steve Henson]
+
+  *) If server EC tmp key is not in client preference list abort handshake.
+     [Steve Henson]
+
+  *) Add support for certificate stores in CERT structure. This makes it
+     possible to have different stores per SSL structure or one store in
+     the parent SSL_CTX. Include distinct stores for certificate chain
+     verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
+     to build and store a certificate chain in CERT structure: returning
+     an error if the chain cannot be built: this will allow applications
+     to test if a chain is correctly configured.
+
+     Note: if the CERT based stores are not set then the parent SSL_CTX
+     store is used to retain compatibility with existing behaviour.
+
+     [Steve Henson]
+
+  *) New function ssl_set_client_disabled to set a ciphersuite disabled
+     mask based on the current session, check mask when sending client
+     hello and checking the requested ciphersuite.
+     [Steve Henson]
+
+  *) New ctrls to retrieve and set certificate types in a certificate
+     request message. Print out received values in s_client. If certificate
+     types is not set with custom values set sensible values based on
+     supported signature algorithms.
+     [Steve Henson]
+
+  *) Support for distinct client and server supported signature algorithms.
+     [Steve Henson]
+
+  *) Add certificate callback. If set this is called whenever a certificate
+     is required by client or server. An application can decide which
+     certificate chain to present based on arbitrary criteria: for example
+     supported signature algorithms. Add very simple example to s_server.
+     This fixes many of the problems and restrictions of the existing client
+     certificate callback: for example you can now clear an existing
+     certificate and specify the whole chain.
+     [Steve Henson]
+
+  *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+     the certificate can be used for (if anything). Set valid_flags field 
+     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+     to have similar checks in it.
+
+     Add new "cert_flags" field to CERT structure and include a "strict mode".
+     This enforces some TLS certificate requirements (such as only permitting
+     certificate signature algorithms contained in the supported algorithms
+     extension) which some implementations ignore: this option should be used
+     with caution as it could cause interoperability issues.
+     [Steve Henson]
+
+  *) Update and tidy signature algorithm extension processing. Work out
+     shared signature algorithms based on preferences and peer algorithms
+     and print them out in s_client and s_server. Abort handshake if no
+     shared signature algorithms.
+     [Steve Henson]
+
+  *) Add new functions to allow customised supported signature algorithms
+     for SSL and SSL_CTX structures. Add options to s_client and s_server
+     to support them.
+     [Steve Henson]
+
+  *) New function SSL_certs_clear() to delete all references to certificates
+     from an SSL structure. Before this once a certificate had been added
+     it couldn't be removed.
+     [Steve Henson]
+
+  *) Integrate hostname, email address and IP address checking with certificate
+     verification. New verify options supporting checking in openssl utility.
+     [Steve Henson]
+
+  *) Fixes and wildcard matching support to hostname and email checking
+     functions. Add manual page.
+     [Florian Weimer (Red Hat Product Security Team)]
+
+  *) New functions to check a hostname email or IP address against a
+     certificate. Add options x509 utility to print results of checks against
+     a certificate.
+     [Steve Henson]
+
+  *) Fix OCSP checking.
+     [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
+
+  *) Initial experimental support for explicitly trusted non-root CAs. 
+     OpenSSL still tries to build a complete chain to a root but if an
+     intermediate CA has a trust setting included that is used. The first
+     setting is used: whether to trust (e.g., -addtrust option to the x509
+     utility) or reject.
+     [Steve Henson]
+
+  *) Add -trusted_first option which attempts to find certificates in the
+     trusted store even if an untrusted chain is also supplied.
+     [Steve Henson]
+
+  *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+     platform support for Linux and Android.
+     [Andy Polyakov]
+
+  *) Support for linux-x32, ILP32 environment in x86_64 framework.
+     [Andy Polyakov]
+
+  *) Experimental multi-implementation support for FIPS capable OpenSSL.
+     When in FIPS mode the approved implementations are used as normal,
+     when not in FIPS mode the internal unapproved versions are used instead.
+     This means that the FIPS capable OpenSSL isn't forced to use the
+     (often lower performance) FIPS implementations outside FIPS mode.
+     [Steve Henson]
+
+  *) Transparently support X9.42 DH parameters when calling
+     PEM_read_bio_DHparameters. This means existing applications can handle
+     the new parameter format automatically.
+     [Steve Henson]
+
+  *) Initial experimental support for X9.42 DH parameter format: mainly
+     to support use of 'q' parameter for RFC5114 parameters.
+     [Steve Henson]
+
+  *) Add DH parameters from RFC5114 including test data to dhtest.
+     [Steve Henson]
+
+  *) Support for automatic EC temporary key parameter selection. If enabled
+     the most preferred EC parameters are automatically used instead of
+     hardcoded fixed parameters. Now a server just has to call:
+     SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
+     support ECDH and use the most appropriate parameters.
+     [Steve Henson]
+
+  *) Enhance and tidy EC curve and point format TLS extension code. Use
+     static structures instead of allocation if default values are used.
+     New ctrls to set curves we wish to support and to retrieve shared curves.
+     Print out shared curves in s_server. New options to s_server and s_client
+     to set list of supported curves.
+     [Steve Henson]
+
+  *) New ctrls to retrieve supported signature algorithms and 
+     supported curve values as an array of NIDs. Extend openssl utility
+     to print out received values.
+     [Steve Henson]
+
+  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+     between NIDs and the more common NIST names such as "P-256". Enhance
+     ecparam utility and ECC method to recognise the NIST names for curves.
+     [Steve Henson]
+
+  *) Enhance SSL/TLS certificate chain handling to support different
+     chains for each certificate instead of one chain in the parent SSL_CTX.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuite client authentication: where both
+     server and client use DH certificates with common parameters.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuites: those requiring DH server
+     certificates.
+     [Steve Henson]
+
+  *) New function i2d_re_X509_tbs for re-encoding the TBS portion of
+     the certificate.
+     Note: Related 1.0.2-beta specific macros X509_get_cert_info,
+     X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
+     X509_CINF_get_signature were reverted post internal team review.
+
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+     message can cause a segmentation fault in OpenSSL due to a NULL pointer
+     dereference. This could lead to a Denial Of Service attack. Thanks to
+     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+     (CVE-2014-3571)
+     [Steve Henson]
+
+  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+     dtls1_buffer_record function under certain conditions. In particular this
+     could occur if an attacker sent repeated DTLS records with the same
+     sequence number but for the next epoch. The memory leak could be exploited
+     by an attacker in a Denial of Service attack through memory exhaustion.
+     Thanks to Chris Mueller for reporting this issue.
+     (CVE-2015-0206)
+     [Matt Caswell]
+
+  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+     method would be set to NULL which could later result in a NULL pointer
+     dereference. Thanks to Frank Schmirler for reporting this issue.
+     (CVE-2014-3569)
+     [Kurt Roeckx]
+
+  *) Abort handshake if server key exchange message is omitted for ephemeral
+     ECDH ciphersuites.
+
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
+     (CVE-2014-3572)
+     [Steve Henson]
+
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
+  *) Fixed issue where DH client certificates are accepted without verification.
+     An OpenSSL server will accept a DH certificate for client authentication
+     without the certificate verify message. This effectively allows a client to
+     authenticate without the use of a private key. This only affects servers
+     which trust a client certificate authority which issues certificates
+     containing DH keys: these are extremely rare and hardly ever encountered.
+     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+     this issue.
+     (CVE-2015-0205)
+     [Steve Henson]
+
+  *) Ensure that the session ID context of an SSL is updated when its
+     SSL_CTX is updated via SSL_set_SSL_CTX.
+
+     The session ID context is typically set from the parent SSL_CTX,
+     and can vary with the CTX.
+     [Adam Langley]
+
+  *) Fix various certificate fingerprint issues.
+
+     By using non-DER or invalid encodings outside the signed portion of a
+     certificate the fingerprint can be changed without breaking the signature.
+     Although no details of the signed portion of the certificate can be changed
+     this can cause problems with some applications: e.g. those using the
+     certificate fingerprint for blacklists.
+
+     1. Reject signatures with non zero unused bits.
+
+     If the BIT STRING containing the signature has non zero unused bits reject
+     the signature. All current signature algorithms require zero unused bits.
+
+     2. Check certificate algorithm consistency.
+
+     Check the AlgorithmIdentifier inside TBS matches the one in the
+     certificate signature. NB: this will result in signature failure
+     errors for some broken certificates.
+
+     Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+     3. Check DSA/ECDSA signatures use DER.
+
+     Re-encode DSA/ECDSA signatures and compare with the original received
+     signature. Return an error if there is a mismatch.
+
+     This will reject various cases including garbage after signature
+     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+     (negative or with leading zeroes).
+
+     Further analysis was conducted and fixes were developed by Stephen Henson
+     of the OpenSSL core team.
+
+     (CVE-2014-8275)
+     [Steve Henson]
+
+   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+      results on some platforms, including x86_64. This bug occurs at random
+      with a very low probability, and is not known to be exploitable in any
+      way, though its exact impact is difficult to determine. Thanks to Pieter
+      Wuille (Blockstream) who reported this issue and also suggested an initial
+      fix. Further analysis was conducted by the OpenSSL development team and
+      Adam Langley of Google. The final fix was developed by Andy Polyakov of
+      the OpenSSL core team.
+      (CVE-2014-3570)
+      [Andy Polyakov]
+
+   *) Do not resume sessions on the server if the negotiated protocol
+      version does not match the session's version. Resuming with a different
+      version, while not strictly forbidden by the RFC, is of questionable
+      sanity and breaks all known clients.
+      [David Benjamin, Emilia Käsper]
+
+   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+      early CCS messages during renegotiation. (Note that because
+      renegotiation is encrypted, this early CCS was not exploitable.)
+      [Emilia Käsper]
+
+   *) Tighten client-side session ticket handling during renegotiation:
+      ensure that the client only accepts a session ticket if the server sends
+      the extension anew in the ServerHello. Previously, a TLS client would
+      reuse the old extension state and thus accept a session ticket if one was
+      announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
+      [Emilia Käsper]
+
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+  *) SRTP Memory Leak.
+
+     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+     sends a carefully crafted handshake message, to cause OpenSSL to fail
+     to free up to 64k of memory causing a memory leak. This could be
+     exploited in a Denial Of Service attack. This issue affects OpenSSL
+     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+     whether SRTP is used or configured. Implementations of OpenSSL that
+     have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+     The fix was developed by the OpenSSL team.
+     (CVE-2014-3513)
+     [OpenSSL team]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+ 
+     Re-encode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
+ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
+
+  *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
+     SRP code can be overrun an internal buffer. Add sanity check that
+     g, A, B < N to SRP code.
+
+     Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
+     Group for discovering this issue.
+     (CVE-2014-3512)
+     [Steve Henson]
+
+  *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
+     TLS 1.0 instead of higher protocol versions when the ClientHello message
+     is badly fragmented. This allows a man-in-the-middle attacker to force a
+     downgrade to TLS 1.0 even if both the server and the client support a
+     higher protocol version, by modifying the client's TLS records.
+
+     Thanks to David Benjamin and Adam Langley (Google) for discovering and
+     researching this issue.
+     (CVE-2014-3511)
+     [David Benjamin]
+
+  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+     to a denial of service attack. A malicious server can crash the client
+     with a null pointer dereference (read) by specifying an anonymous (EC)DH
+     ciphersuite and sending carefully crafted handshake messages.
+
+     Thanks to Felix Gröbert (Google) for discovering and researching this
+     issue.
+     (CVE-2014-3510)
+     [Emilia Käsper]
+
+  *) By sending carefully crafted DTLS packets an attacker could cause openssl
+     to leak memory. This can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3507)
+     [Adam Langley]
+
+  *) An attacker can force openssl to consume large amounts of memory whilst
+     processing DTLS handshake messages. This can be exploited through a
+     Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3506)
+     [Adam Langley]
+
+  *) An attacker can force an error condition which causes openssl to crash
+     whilst processing DTLS packets due to memory being freed twice. This
+     can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+     this issue.
+     (CVE-2014-3505)
+     [Adam Langley]
+
+  *) If a multithreaded client connects to a malicious server using a resumed
+     session and the server sends an ec point format extension it could write
+     up to 255 bytes to freed memory.
+
+     Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
+     issue.
+     (CVE-2014-3509)
+     [Gabor Tyukasz]
+
+  *) A malicious server can crash an OpenSSL client with a null pointer
+     dereference (read) by specifying an SRP ciphersuite even though it was not
+     properly negotiated with the client. This can be exploited through a
+     Denial of Service attack.
+
+     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+     discovering and researching this issue.
+     (CVE-2014-5139)
+     [Steve Henson]
+
+  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+     X509_name_oneline, X509_name_print_ex et al. to leak some information
+     from the stack. Applications may be affected if they echo pretty printing
+     output to the attacker.
+
+     Thanks to Ivan Fratric (Google) for discovering this issue.
+     (CVE-2014-3508)
+     [Emilia Käsper, and Steve Henson]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+  *) Fix for TLS record tampering bug. A carefully crafted invalid 
+     handshake could crash OpenSSL with a NULL pointer exception.
+     Thanks to Anton Johansson for reporting this issues.
+     (CVE-2013-4353)
+
+  *) Keep original DTLS digest and encryption contexts in retransmission
+     structures so we can use the previous session parameters if they need
+     to be resent. (CVE-2013-6450)
+     [Steve Henson]
+
+  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
+     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
+     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+     [Rob Stradling, Adam Langley]
+
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+     supporting platforms or when small records were transferred.
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+     ciphersuites which can be exploited in a denial of service attack.
+     Thanks go to and to Adam Langley <agl@chromium.org> for discovering
+     and detecting this bug and to Wolfgang Ettlinger
+     <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
+     (CVE-2012-2686)
+     [Adam Langley]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
+
+  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
+     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
+     mean any application compiled against OpenSSL 1.0.0 headers setting
+     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
+     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
+     0x10000000L Any application which was previously compiled against
+     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
+     will need to be recompiled as a result. Letting be results in
+     inability to disable specifically TLS 1.1 and in client context,
+     in unlike event, limit maximum offered version to TLS 1.0 [see below].
+     [Steve Henson]
+
+  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
+     [Andy Polyakov]
+
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+	the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+	TLS 1.2 client support entirely.
+     [Steve Henson]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
+ Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
+
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum permitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+	- x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+	- x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+	- x86_64:       bit-sliced AES implementation;
+	- ARM:          NEON support, contemporary platforms optimizations;
+	- s390x:        z196 support;
+	- *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
+  *) Add TLS key material exporter from RFC 5705.
+     [Eric Rescorla]
+
+  *) Add DTLS-SRTP negotiation from RFC 5764.
+     [Eric Rescorla]
+
+  *) Add Next Protocol Negotiation,
+     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+     disabled with a no-npn flag to config or Configure. Code donated
+     by Google.
+     [Adam Langley <agl@google.com> and Ben Laurie]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump. 
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
+
+  *) Password based recipient info support for CMS library: implementing
+     RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Session-handling fixes:
+     - Fix handling of connections that are resuming with a session ID,
+       but also support Session Tickets.
+     - Fix a bug that suppressed issuing of a new ticket if the client
+       presented a ticket with an expired session.
+     - Try to set the ticket lifetime hint to something reasonable.
+     - Make tickets shorter by excluding irrelevant information.
+     - On the client side, don't ignore renewed tickets.
+     [Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix PSK session representation.
+     [Bodo Moeller]
+
+  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
+
+     This work was sponsored by Intel.
+     [Andy Polyakov]
+
+  *) Add GCM support to TLS library. Some custom code is needed to split
+     the IV between the fixed (from PRF) and explicit (from TLS record)
+     portions. This adds all GCM ciphersuites supported by RFC5288 and 
+     RFC5289. Generalise some AES* cipherstrings to include GCM and
+     add a special AESGCM string for GCM only.
+     [Steve Henson]
+
+  *) Expand range of ctrls for AES GCM. Permit setting invocation
+     field on decrypt and retrieval of invocation field only on encrypt.
+     [Steve Henson]
+
+  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
+     As required by RFC5289 these ciphersuites cannot be used if for
+     versions of TLS earlier than 1.2.
+     [Steve Henson]
+
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appropriate default but do *not* set the default.
+     This means we can return the appropriate method in applications that
+     switch between FIPS and non-FIPS modes.
+     [Steve Henson]
+
+  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
+     ENGINE is used then we cannot handle that in the FIPS module so we
+     keep original code iff non-FIPS operations are allowed.
+     [Steve Henson]
+
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
+
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
+  *) Low level digest APIs are not approved in FIPS mode: any attempt
+     to use these will cause a fatal error. Applications that *really* want
+     to use them can use the private_* version instead.
+     [Steve Henson]
+
+  *) Redirect cipher operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Redirect digest operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Update build system to add "fips" flag which will link in fipscanister.o
+     for static and shared library builds embedding a signature if needed.
+     [Steve Henson]
+
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
+  *) Add TLS v1.2 server support for client authentication. 
+     [Steve Henson]
+
+  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+     and enable MD5.
+     [Steve Henson]
+
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
+  *) Add server support for TLS v1.2 signature algorithms extension. Switch
+     to new signature format when needed using client digest preference.
+     All server ciphersuites should now work correctly in TLS v1.2. No client
+     support yet and no support for client certificates.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+     ciphersuites. At present only RSA key exchange ciphersuites work with
+     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+     and version checking.
+     [Steve Henson]
+
+  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
+     with this defined it will not be affected by any changes to ssl internal
+     structures. Add several utility functions to allow openssl application
+     to work with OPENSSL_NO_SSL_INTERN defined.
+     [Steve Henson]
+
+  *) A long standing patch to add support for SRP from EdelWeb (Peter
+     Sylvester and Christophe Renou) was integrated.
+     [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+     <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+     Ben Laurie]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
+
+  *) Permit abbreviated handshakes when renegotiating using the function
+     SSL_renegotiate_abbreviated().
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be re-enabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
+
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
+
+ Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked@gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
+     [Adam Langley (Google)]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Fix ssl_ciph.c set-up race.
+     [Adam Langley (Google)]
+
+  *) Fix spurious failures in ecdsatest.c.
+     [Emilia Käsper (Google)]
+
+  *) Fix the BIO_f_buffer() implementation (which was mixing different
+     interpretations of the '..._len' fields).
+     [Adam Langley (Google)]
+
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
+  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+     [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix WIN32 build system to correctly link an ENGINE directory into
+     a DLL. 
+     [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
+
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
+
+  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+     context. The operation can be customised via the ctrl mechanism in
+     case ENGINEs want to include additional functionality.
+     [Steve Henson]
+
+  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+     [Steve Henson]
+
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz@vcpc.univie.ac.at>]
+
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Disable MD2 in the default configuration.
+     [Steve Henson]
+
+  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+     indicate the initial BIO being pushed or popped. This makes it possible
+     to determine whether the BIO is the one explicitly called or as a result
+     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+     it handles reference counts correctly and doesn't zero out the I/O bio
+     when it is not being explicitly popped. WARNING: applications which
+     included workarounds for the old buggy behaviour will need to be modified
+     or they could free up already freed BIOs.
+     [Steve Henson]
+
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
+     [Guenter <lists@gknw.net>]
+
+  *) Add ECDHE and PSK support to DTLS.
+     [Michael Tuexen <tuexen@fh-muenster.de>]
+
+  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+     be used on C++.
+     [Steve Henson]
+
+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually 
+     attempting to work them out.
+     [Steve Henson]
+
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+
+        openssl sha256 foo
+
+     as well as:
+
+        openssl dgst -sha256 foo
+
+     and this works for ENGINE based algorithms too.
+
+     [Steve Henson]
+
+  *) Update Gost ENGINE to support parameter files.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+
+  *) Enhance the hash format used for certificate directory links. The new
+     form uses the canonical encoding (meaning equivalent names will work
+     even if they aren't identical) and uses SHA1 instead of MD5. This form
+     is incompatible with the older format and as a result c_rehash should
+     be used to rebuild symbolic links.
+     [Steve Henson]
+
+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+
+  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+     committed to OpenSSL should pass this lot as a minimum.
+     [Steve Henson]
+
+  *) Add session ticket override functionality for use by EAP-FAST.
+     [Jouni Malinen <j@w1.fi>]
+
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+
+  *) Type-checked OBJ_bsearch_ex.
+     [Ben Laurie]
+
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.
+     [Ben Laurie]
+
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
+
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications won't
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Initial indirect CRL support. Currently only supported in the CRLs
+     passed directly and not via lookup. Process certificate issuer
+     CRL entry extension and lookup CRL entries by bother issuer name
+     and serial number. Check and process CRL issuer entry in IDP extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for distinct certificate and CRL paths. The CRL issuer
+     certificate is validated separately in this case. Only enabled if
+     an extended CRL support flag is set: this flag will enable additional
+     CRL functionality in future.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for policy mappings extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Fixes to pathlength constraint, self issued certificate handling,
+     policy processing to align with RFC3280 and PKITS tests.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for name constraints certificate extension. DN, email, DNS
+     and URI types are currently supported.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) To cater for systems that provide a pointer-based thread ID rather
+     than numeric, deprecate the current numeric thread ID mechanism and
+     replace it with a structure and associated callback type. This
+     mechanism allows a numeric "hash" to be extracted from a thread ID in
+     either case, and on platforms where pointers are larger than 'long',
+     mixing is done to help ensure the numeric 'hash' is usable even if it
+     can't be guaranteed unique. The default mechanism is to use "&errno"
+     as a pointer-based thread ID to distinguish between threads.
+
+     Applications that want to provide their own thread IDs should now use
+     CRYPTO_THREADID_set_callback() to register a callback that will call
+     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+
+     Note that ERR_remove_state() is now deprecated, because it is tied
+     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
+     to free the current thread's error state should be replaced by
+     ERR_remove_thread_state(NULL).
+
+     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+     application was previously providing a numeric thread callback that
+     was inappropriate for distinguishing threads, then uniqueness might
+     have been obtained with &errno that happened immediately in the
+     intermediate development versions of OpenSSL; this is no longer the
+     case, the numeric thread callback will now override the automatic use
+     of &errno.)
+     [Geoff Thorpe, with help from Bodo Moeller]
+
+  *) Initial support for different CRL issuing certificates. This covers a
+     simple case where the self issued certificates in the chain exist and
+     the real CRL issuer is higher in the existing chain.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
+
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
+
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData, digestedData and
+     encryptedData, envelopedData types included. Scripts to check against
+     RFC4134 examples draft and interop and consistency checks of many
+     content types and variants.
+     [Steve Henson]
+
+  *) Add options to enc utility to support use of zlib compression BIO.
+     [Steve Henson]
+
+  *) Extend mk1mf to support importing of options and assembly language
+     files from Configure script, currently only included in VC-WIN32.
+     The assembly language rules can now optionally generate the source
+     files from the associated perl scripts.
+     [Steve Henson]
+
+  *) Implement remaining functionality needed to support GOST ciphersuites.
+     Interop testing has been performed using CryptoPro implementations.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) s390x assembler pack.
+     [Andy Polyakov]
+
+  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
+     "family."
+     [Andy Polyakov]
+
+  *) Implement Opaque PRF Input TLS extension as specified in
+     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
+     official specification yet and no extension type assignment by
+     IANA exists, this extension (for now) will have to be explicitly
+     enabled when building OpenSSL by providing the extension number
+     to use.  For example, specify an option
+
+         -DTLSEXT_TYPE_opaque_prf_input=0x9527
+
+     to the "config" or "Configure" script to enable the extension,
+     assuming extension number 0x9527 (which is a completely arbitrary
+     and unofficial assignment based on the MD5 hash of the Internet
+     Draft).  Note that by doing so, you potentially lose
+     interoperability with other TLS implementations since these might
+     be using the same extension number for other purposes.
+
+     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
+     opaque PRF input value to use in the handshake.  This will create
+     an interal copy of the length-'len' string at 'src', and will
+     return non-zero for success.
+
+     To get more control and flexibility, provide a callback function
+     by using
+
+          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
+          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
+
+     where
+
+          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
+          void *arg;
+
+     Callback function 'cb' will be called in handshakes, and is
+     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
+     Argument 'arg' is for application purposes (the value as given to
+     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
+     be provided to the callback function).  The callback function
+     has to return non-zero to report success: usually 1 to use opaque
+     PRF input just if possible, or 2 to enforce use of the opaque PRF
+     input.  In the latter case, the library will abort the handshake
+     if opaque PRF input is not successfully negotiated.
+
+     Arguments 'peerinput' and 'len' given to the callback function
+     will always be NULL and 0 in the case of a client.  A server will
+     see the client's opaque PRF input through these variables if
+     available (NULL and 0 otherwise).  Note that if the server
+     provides an opaque PRF input, the length must be the same as the
+     length of the client's opaque PRF input.
+
+     Note that the callback function will only be called when creating
+     a new session (session resumption can resume whatever was
+     previously negotiated), and will not be called in SSL 2.0
+     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
+     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
+     for applications that need to enforce opaque PRF input.
+
+     [Bodo Moeller]
+
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC. 
+
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
+
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
+
+  *) Add option -stream to use PKCS#7 streaming in smime utility. New
+     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+     to output in BER and PEM format.
+     [Steve Henson]
+
+  *) Experimental support for use of HMAC via EVP_PKEY interface. This
+     allows HMAC to be handled via the EVP_DigestSign*() interface. The
+     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+     ENGINE support for HMAC keys which are unextractable. New -mac and
+     -macopt options to dgst utility.
+     [Steve Henson]
+
+  *) New option -sigopt to dgst utility. Update dgst to use
+     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+     alternative signing parameters such as X9.31 or PSS in the dgst 
+     utility.
+     [Steve Henson]
+
+  *) Change ssl_cipher_apply_rule(), the internal function that does
+     the work each time a ciphersuite string requests enabling
+     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
+     removing ("!foo+bar") a class of ciphersuites: Now it maintains
+     the order of disabled ciphersuites such that those ciphersuites
+     that most recently went from enabled to disabled not only stay
+     in order with respect to each other, but also have higher priority
+     than other disabled ciphersuites the next time ciphersuites are
+     enabled again.
+
+     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
+     the same ciphersuites as with "HIGH" alone, but in a specific
+     order where the PSK ciphersuites come first (since they are the
+     most recently disabled ciphersuites when "HIGH" is parsed).
+
+     Also, change ssl_create_cipher_list() (using this new
+     funcionality) such that between otherwise identical
+     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
+     the default order.
+     [Bodo Moeller]
+
+  *) Change ssl_create_cipher_list() so that it automatically
+     arranges the ciphersuites in reasonable order before starting
+     to process the rule string.  Thus, the definition for "DEFAULT"
+     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
+     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
+     This makes it much easier to arrive at a reasonable default order
+     in applications for which anonymous ciphers are OK (meaning
+     that you can't actually use DEFAULT).
+     [Bodo Moeller; suggested by Victor Duchovni]
+
+  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
+     processing) into multiple integers instead of setting
+     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
+     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
+     (These masks as well as the individual bit definitions are hidden
+     away into the non-exported interface ssl/ssl_locl.h, so this
+     change to the definition of the SSL_CIPHER structure shouldn't
+     affect applications.)  This give us more bits for each of these
+     categories, so there is no longer a need to coagulate AES128 and
+     AES256 into a single algorithm bit, and to coagulate Camellia128
+     and Camellia256 into a single algorithm bit, which has led to all
+     kinds of kludges.
+
+     Thus, among other things, the kludge introduced in 0.9.7m and
+     0.9.8e for masking out AES256 independently of AES128 or masking
+     out Camellia256 independently of AES256 is not needed here in 0.9.9.
+
+     With the change, we also introduce new ciphersuite aliases that
+     so far were missing: "AES128", "AES256", "CAMELLIA128", and
+     "CAMELLIA256".
+     [Bodo Moeller]
+
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+
+  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
+     it yet and it is largely untested.
+     [Steve Henson]
+
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
+  *) Initial incomplete changes to avoid need for function casts in OpenSSL
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented.  Update ASN1 to avoid use of legacy functions. 
+     [Steve Henson]
+
+  *) Win32/64 targets are linked with Winsock2.
+     [Andy Polyakov]
+
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling 
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+
+  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
+     new CRLs added to a directory can be used. New command line option
+     -verify_return_error to s_client and s_server. This causes real errors
+     to be returned by the verify callback instead of carrying on no matter
+     what. This reflects the way a "real world" verify callback would behave.
+     [Steve Henson]
+
+  *) GOST engine, supporting several GOST algorithms and public key formats.
+     Kindly donated by Cryptocom.
+     [Cryptocom]
+
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.
+     [Steve Henson]
+
+  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
+     this would be called X509_CRL_cmp() but that name is already used by
+     a function that just compares CRL issuer names. Cache several CRL 
+     extensions in X509_CRL structure and cache CRLDP in X509.
+     [Steve Henson]
+
+  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+     this maps equivalent X509_NAME structures into a consistent structure.
+     Name comparison can then be performed rapidly using memcmp().
+     [Steve Henson]
+
+  *) Non-blocking OCSP request processing. Add -timeout option to ocsp 
+     utility.
+     [Steve Henson]
+
+  *) Allow digests to supply their own micalg string for S/MIME type using
+     the ctrl EVP_MD_CTRL_MICALG.
+     [Steve Henson]
+
+  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+     ctrl. It can then customise the structure before and/or after signing
+     if necessary.
+     [Steve Henson]
+
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+
+  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+     digest and cipher tables. New options added to openssl utility:
+     list-message-digest-algorithms and list-cipher-algorithms.
+     [Steve Henson]
+
+  *) Change the array representation of binary polynomials: the list
+     of degrees of non-zero coefficients is now terminated with -1.
+     Previously it was terminated with 0, which was also part of the
+     value; thus, the array representation was not applicable to
+     polynomials where t^0 has coefficient zero.  This change makes
+     the array representation useful in a more general context.
+     [Douglas Stebila]
+
+  *) Various modifications and fixes to SSL/TLS cipher string
+     handling.  For ECC, the code now distinguishes between fixed ECDH
+     with RSA certificates on the one hand and with ECDSA certificates
+     on the other hand, since these are separate ciphersuites.  The
+     unused code for Fortezza ciphersuites has been removed.
+
+     For consistency with EDH, ephemeral ECDH is now called "EECDH"
+     (not "ECDHE").  For consistency with the code for DH
+     certificates, use of ECDH certificates is now considered ECDH
+     authentication, not RSA or ECDSA authentication (the latter is
+     merely the CA's signing algorithm and not actively used in the
+     protocol).
+
+     The temporary ciphersuite alias "ECCdraft" is no longer
+     available, and ECC ciphersuites are no longer excluded from "ALL"
+     and "DEFAULT".  The following aliases now exist for RFC 4492
+     ciphersuites, most of these by analogy with the DH case:
+
+         kECDHr   - ECDH cert, signed with RSA
+         kECDHe   - ECDH cert, signed with ECDSA
+         kECDH    - ECDH cert (signed with either RSA or ECDSA)
+         kEECDH   - ephemeral ECDH
+         ECDH     - ECDH cert or ephemeral ECDH
+
+         aECDH    - ECDH cert
+         aECDSA   - ECDSA cert
+         ECDSA    - ECDSA cert
+
+         AECDH    - anonymous ECDH
+         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
+
+     [Bodo Moeller]
+
+  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
+     Use correct micalg parameters depending on digest(s) in signed message.
+     [Steve Henson]
+
+  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
+     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
+     [Steve Henson]
+
+  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
+     an engine to register a method. Add ENGINE lookups for methods and
+     functional reference processing.
+     [Steve Henson]
+
+  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
+     EVP_{Sign,Verify}* which allow an application to customise the signature
+     process.
+     [Steve Henson]
+
+  *) New -resign option to smime utility. This adds one or more signers
+     to an existing PKCS#7 signedData structure. Also -md option to use an
+     alternative message digest algorithm for signing.
+     [Steve Henson]
+
+  *) Tidy up PKCS#7 routines and add new functions to make it easier to
+     create PKCS7 structures containing multiple signers. Update smime
+     application to support multiple signers.
+     [Steve Henson]
+
+  *) New -macalg option to pkcs12 utility to allow setting of an alternative
+     digest MAC.
+     [Steve Henson]
+
+  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
+     Reorganize PBE internals to lookup from a static table using NIDs,
+     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
+     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
+     PRF which will be automatically used with PBES2.
+     [Steve Henson]
+
+  *) Replace the algorithm specific calls to generate keys in "req" with the
+     new API.
+     [Steve Henson]
+
+  *) Update PKCS#7 enveloped data routines to use new API. This is now
+     supported by any public key method supporting the encrypt operation. A
+     ctrl is added to allow the public key algorithm to examine or modify
+     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
+     a no op.
+     [Steve Henson]
+
+  *) Add a ctrl to asn1 method to allow a public key algorithm to express
+     a default digest type to use. In most cases this will be SHA1 but some
+     algorithms (such as GOST) need to specify an alternative digest. The
+     return value indicates how strong the preference is 1 means optional and
+     2 is mandatory (that is it is the only supported type). Modify
+     ASN1_item_sign() to accept a NULL digest argument to indicate it should
+     use the default md. Update openssl utilities to use the default digest
+     type for signing if it is not explicitly indicated.
+     [Steve Henson]
+
+  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New 
+     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
+     signing method from the key type. This effectively removes the link
+     between digests and public key types.
+     [Steve Henson]
+
+  *) Add an OID cross reference table and utility functions. Its purpose is to
+     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
+     rsaEncryption. This will allow some of the algorithm specific hackery
+     needed to use the correct OID to be removed. 
+     [Steve Henson]
+
+  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
+     structures for PKCS7_sign(). They are now set up by the relevant public
+     key ASN1 method.
+     [Steve Henson]
+
+  *) Add provisional EC pkey method with support for ECDSA and ECDH.
+     [Steve Henson]
+
+  *) Add support for key derivation (agreement) in the API, DH method and
+     pkeyutl.
+     [Steve Henson]
+
+  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
+     public and private key formats. As a side effect these add additional 
+     command line functionality not previously available: DSA signatures can be
+     generated and verified using pkeyutl and DH key support and generation in
+     pkey, genpkey.
+     [Steve Henson]
+
+  *) BeOS support.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+
+  *) New make target "install_html_docs" installs HTML renditions of the
+     manual pages.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+
+  *) New utility "genpkey" this is analogous to "genrsa" etc except it can
+     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
+     support key and parameter generation and add initial key generation
+     functionality for RSA.
+     [Steve Henson]
+
+  *) Add functions for main EVP_PKEY_method operations. The undocumented
+     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
+     EVP_PKEY_{encrypt,decrypt}_old. 
+     [Steve Henson]
+
+  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
+     key API, doesn't do much yet.
+     [Steve Henson]
+
+  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
+     public key algorithms. New option to openssl utility:
+     "list-public-key-algorithms" to print out info.
+     [Steve Henson]
+
+  *) Implement the Supported Elliptic Curves Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
+     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
+     [Steve Henson]
+
+  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
+     utilities such as rsa, dsa, dsaparam etc except they process any key
+     type.
+     [Steve Henson]
+
+  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
+     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
+     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
+     structure.
+     [Steve Henson]
+
+  *) Initial support for pluggable public key ASN1.
+     De-spaghettify the public key ASN1 handling. Move public and private
+     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
+     algorithm specific handling to a single module within the relevant
+     algorithm directory. Add functions to allow (near) opaque processing
+     of public and private key structures.
+     [Steve Henson]
+
+  *) Implement the Supported Point Formats Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
+     for the psk identity [hint] and the psk callback functions to the
+     SSL_SESSION, SSL and SSL_CTX structure.
+     
+     New ciphersuites:
+         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
+         PSK-AES256-CBC-SHA
+ 
+     New functions:
+         SSL_CTX_use_psk_identity_hint
+         SSL_get_psk_identity_hint
+         SSL_get_psk_identity
+         SSL_use_psk_identity_hint
+
+     [Mika Kousa and Pasi Eronen of Nokia Corporation]
+
+  *) Add RFC 3161 compliant time stamp request creation, response generation
+     and response verification functionality.
+     [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecognized_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou]
+
+  *) Whirlpool hash implementation is added.
+     [Andy Polyakov]
+
+  *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
+     bn(64,32). Because of instruction set limitations it doesn't have
+     any negative impact on performance. This was done mostly in order
+     to make it possible to share assembler modules, such as bn_mul_mont
+     implementations, between 32- and 64-bit builds without hassle.
+     [Andy Polyakov]
+
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+
+  *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
+     dedicated Montgomery multiplication procedure, is introduced.
+     BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
+     "64-bit" performance on certain 32-bit targets.
+     [Andy Polyakov]
+
+  *) New option SSL_OP_NO_COMP to disable use of compression selectively
+     in SSL structures. New SSL ctrl to set maximum send fragment size. 
+     Save memory by seeting the I/O buffer sizes dynamically instead of
+     using the maximum available value.
+     [Steve Henson]
+
+  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+     in addition to the text details.
+     [Bodo Moeller]
+
+  *) Very, very preliminary EXPERIMENTAL support for printing of general
+     ASN1 structures. This currently produces rather ugly output and doesn't
+     handle several customised structures at all.
+     [Steve Henson]
+
+  *) Integrated support for PVK file format and some related formats such
+     as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
+     these in the 'rsa' and 'dsa' utilities.
+     [Steve Henson]
+
+  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+     [Steve Henson]
+
+  *) Remove the ancient ASN1_METHOD code. This was only ever used in one
+     place for the (very old) "NETSCAPE" format certificates which are now
+     handled using new ASN1 code equivalents.
+     [Steve Henson]
+
+  *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
+     pointer and make the SSL_METHOD parameter in SSL_CTX_new,
+     SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
+     [Nils Larsch]
+
+  *) Modify CRL distribution points extension code to print out previously
+     unsupported fields. Enhance extension setting code to allow setting of
+     all fields.
+     [Steve Henson]
+
+  *) Add print and set support for Issuing Distribution Point CRL extension.
+     [Steve Henson]
+
+  *) Change 'Configure' script to enable Camellia by default.
+     [NTT]
+
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]
+
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
+
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
+
+  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+     accommodate for stack sorting, always a write lock!).
+     [Bodo Moeller]
+
+  *) On some versions of WIN32 Heap32Next is very slow. This can cause
+     excessive delays in the RAND_poll(): over a minute. As a workaround
+     include a time check in the inner Heap32Next loop too.
+     [Steve Henson]
+
+  *) The code that handled flushing of data in SSL/TLS originally used the
+     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+     the problem outlined in PR#1949. The fix suggested there however can
+     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+     of Apache). So instead simplify the code to flush unconditionally.
+     This should be fine since flushing with no data to flush is a no op.
+     [Steve Henson]
+
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect and renegotiate with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by RFC5746.  Some renegotiating
+     TLS clients will continue a connection gracefully when they receive
+     the alert. Unfortunately OpenSSL mishandled this alert and would hang
+     waiting for a server hello which it will never receive. Now we treat a
+     received no_renegotiation alert as a fatal error. This is because
+     applications requesting a renegotiation might well expect it to succeed
+     and would have no code in place to handle the server denying it so the
+     only safe thing to do is to terminate the connection.
+     [Steve Henson]
+
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+
+  *) Implement RFC5746. Re-enable renegotiation but require the extension
+     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+     turns out to be a bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
+
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
+
+  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+     and restored.
+     [Steve Henson]
+
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists@gknw.net>]
+
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+
+  *) Don't check self signed certificate signatures in X509_verify_cert()
+     by default (a flag can override this): it just wastes time without
+     adding any security. As a useful side effect self signed root CAs
+     with non-FIPS digests are now usable in FIPS mode.
+     [Steve Henson]
+
+  *) In dtls1_process_out_of_seq_message() the check if the current message
+     is already buffered was missing. For every new message was memory
+     allocated, allowing an attacker to perform an denial of service attack
+     with sending out of seq handshake messages until there is no memory
+     left. Additionally every future messege was buffered, even if the
+     sequence number made no sense and would be part of another handshake.
+     So only messages with sequence numbers less than 10 in advance will be
+     buffered.  (CVE-2009-1378)
+     [Robin Seggelmann, discovered by Daniel Mentz] 	
+
+  *) Records are buffered if they arrive with a future epoch to be
+     processed after finishing the corresponding handshake. There is
+     currently no limitation to this buffer allowing an attacker to perform
+     a DOS attack with sending records with future epochs until there is no
+     memory left. This patch adds the pqueue_size() function to determine
+     the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
+     [Robin Seggelmann, discovered by Daniel Mentz] 	
+
+  *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+     parent structure is freed.  (CVE-2009-1379)
+     [Daniel Mentz] 	
+
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
+  *) Add 2.5.4.* OIDs
+     [Ilya O. <vrghost@gmail.com>]
+
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
+
+  *) Set S/MIME signing as the default purpose rather than setting it 
+     unconditionally. This allows applications to override it at the store
+     level.
+     [Steve Henson]
+
+  *) Permit restricted recursion of ASN1 strings. This is needed in practice
+     to handle some structures.
+     [Steve Henson]
+
+  *) Improve efficiency of mem_gets: don't search whole buffer each time
+     for a '\n'
+     [Jeremy Shapiro <jnshapir@us.ibm.com>]
+
+  *) New -hex option for openssl rand.
+     [Matthieu Herrb]
+
+  *) Print out UTF8String and NumericString when parsing ASN1.
+     [Steve Henson]
+
+  *) Support NumericString type for name components.
+     [Steve Henson]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
+     [Ben Laurie]
+
+  *) Set the comparison function in v3_addr_canonize().
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Add support for XMPP STARTTLS in s_client.
+     [Philip Paeps <philip@freebsd.org>]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
+
+  *) Fix a state transition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Fix bug in X509_ATTRIBUTE creation: don't set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certificate requests and PKCS#12
+     files.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a cilent crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672) 
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
+
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Partial backport from 0.9.9-dev:
+
+     Introduce bn_mul_mont (dedicated Montgomery multiplication
+     procedure) as a candidate for BIGNUM assembler implementation.
+     While 0.9.9-dev uses assembler for various architectures, only
+     x86_64 is available by default here in the 0.9.8 branch, and
+     32-bit x86 is available through a compile-time setting.
+
+     To try the 32-bit x86 assembler implementation, use Configure
+     option "enable-montasm" (which exists only for this backport).
+
+     As "enable-montasm" for 32-bit x86 disclaims code stability
+     anyway, in this constellation we activate additional code
+     backported from 0.9.9-dev for further performance improvements,
+     namely BN_from_montgomery_word.  (To enable this otherwise,
+     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+     [Andy Polyakov (backport partially by Bodo Moeller)]
+
+  *) Add TLS session ticket callback. This allows an application to set
+     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+     values. This is useful for key rollover for example where several key
+     sets may exist with different names.
+     [Steve Henson]
+
+  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+     This was broken until now in 0.9.8 releases, such that the only way
+     a registered ENGINE could be used (assuming it initialises
+     successfully on the host) was to explicitly set it as the default
+     for the relevant algorithms. This is in contradiction with 0.9.7
+     behaviour and the documentation. With this fix, when an ENGINE is
+     registered into a given algorithm's table of implementations, the
+     'uptodate' flag is reset so that auto-discovery will be used next
+     time a new context for that algorithm attempts to select an
+     implementation.
+     [Ian Lister (tweaked by Geoff Thorpe)]
+
+  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+     implementation in the following ways:
+
+     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+     hard coded.
+
+     Lack of BER streaming support means one pass streaming processing is
+     only supported if data is detached: setting the streaming flag is
+     ignored for embedded content.
+
+     CMS support is disabled by default and must be explicitly enabled
+     with the enable-cms configuration option.
+     [Steve Henson]
+
+  *) Update the GMP engine glue to do direct copies between BIGNUM and
+     mpz_t when openssl and GMP use the same limb size. Otherwise the
+     existing "conversion via a text string export" trick is still used.
+     [Paul Sheer <paulsheer@gmail.com>]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it.
+     [Steve Henson]
+
+  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+     RFC3394 compatible AES key wrapping.
+     [Steve Henson]
+
+  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+     sets string data without copying. X509_ALGOR_set0() and
+     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+     from an X509_ATTRIBUTE structure optionally checking it occurs only
+     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+     data.
+     [Steve Henson]
+
+  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+     to get the expected BN_FLG_CONSTTIME behavior.
+     [Bodo Moeller (Google)]
+  
+  *) Netware support:
+
+     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+     - added some more tests to do_tests.pl
+     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+     - various changes to netware.pl to enable gcc-cross builds on Win32
+       platform
+     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+     - various changes to fix missing prototype warnings
+     - fixed x86nasm.pl to create correct asm files for NASM COFF output
+     - added AES, WHIRLPOOL and CPUID assembler code to build files
+     - added missing AES assembler make rules to mk1mf.pl
+     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+     [Guenter Knauf <eflash@gmx.net>]
+
+  *) Implement certificate status request TLS extension defined in RFC3546.
+     A client can set the appropriate parameters and receive the encoded
+     OCSP response via a callback. A server can query the supplied parameters
+     and set the encoded OCSP response in the callback. Add simplified examples
+     to s_client and s_server.
+     [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
+
+  *) Fix various bugs:
+     + Binary incompatibility of ssl_ctx_st structure
+     + DTLS interoperation with non-compliant servers
+     + Don't call get_session_cb() without proposed session
+     + Fix ia64 assembler code
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
+
+  *) DTLS Handshake overhaul. There were longstanding issues with
+     OpenSSL DTLS implementation, which were making it impossible for
+     RFC 4347 compliant client to communicate with OpenSSL server.
+     Unfortunately just fixing these incompatibilities would "cut off"
+     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+     server keeps tolerating non RFC compliant syntax. The opposite is
+     not true, 0.9.8f client can not communicate with earlier server.
+     This update even addresses CVE-2007-4995.
+     [Andy Polyakov]
+
+  *) Changes to avoid need for function casts in OpenSSL: some compilers
+     (gcc 4.2 and later) reject their use.
+     [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>,
+      Steve Henson]
+  
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecognized_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
+
+  *) Add AES and SSE2 assembly language support to VC++ build.
+     [Steve Henson]
+
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
+  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+     (which previously caused an internal error).
+     [Bodo Moeller]
+
+  *) Squeeze another 10% out of IGE mode when in != out.
+     [Ben Laurie]
+
+  *) AES IGE mode speedup.
+     [Dean Gaudet (Google)]
+
+  *) Add the Korean symmetric 128-bit cipher SEED (see
+     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+     add SEED ciphersuites from RFC 4162:
+
+        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
+        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
+        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
+        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, SEED remains excluded from compilation unless OpenSSL
+     is configured with 'enable-seed'.
+     [KISA, Bodo Moeller]
+
+  *) Mitigate branch prediction attacks, which can be practical if a
+     single processor is shared, allowing a spy process to extract
+     information.  For detailed background information, see
+     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+     and Necessary Software Countermeasures").  The core of the change
+     are new versions BN_div_no_branch() and
+     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+     respectively, which are slower, but avoid the security-relevant
+     conditional branches.  These are automatically called by BN_div()
+     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
+     remove a conditional branch.
+
+     BN_FLG_CONSTTIME is the new name for the previous
+     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
+     in the exponent causes BN_mod_exp_mont() to use the alternative
+     implementation in BN_mod_exp_mont_consttime().)  The old name
+     remains as a deprecated alias.
+
+     Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+     constant-time implementations for more than just exponentiation.
+     Here too the old name is kept as a deprecated alias.
+
+     BN_BLINDING_new() will now use BN_dup() for the modulus so that
+     the BN_BLINDING structure gets an independent copy of the
+     modulus.  This means that the previous "BIGNUM *m" argument to
+     BN_BLINDING_new() and to BN_BLINDING_create_param() now
+     essentially becomes "const BIGNUM *m", although we can't actually
+     change this in the header file before 0.9.9.  It allows
+     RSA_setup_blinding() to use BN_with_flags() on the modulus to
+     enable BN_FLG_CONSTTIME.
+
+     [Matthew D Wood (Intel Corp)]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+     not complete and could lead to a possible single byte overflow
+     (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
+  *) Since AES128 and AES256 (and similarly Camellia128 and
+     Camellia256) share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't
+     (or if Camellia128 is available and Camellia256 isn't).
+     [Victor Duchovni]
+
+  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+     When a point or a seed is encoded in a BIT STRING, we need to
+     prevent the removal of trailing zero bits to get the proper DER
+     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
+     of a NamedBitList, for which trailing 0 bits need to be removed.)
+     [Bodo Moeller]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Add RFC 3779 support.
+     [Rob Austein for ARIN, Ben Laurie]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+     match only those.  Before that, "AES256-SHA" would be interpreted
+     as a pattern and match "AES128-SHA" too (since AES128-SHA got
+     the same strength classification in 0.9.7h) as we currently only
+     have a single AES bit in the ciphersuite description bitmap.
+     That change, however, also applied to ciphersuite strings such as
+     "RC4-MD5" that intentionally matched multiple ciphersuites --
+     namely, SSL 2.0 ciphersuites in addition to the more common ones
+     from SSL 3.0/TLS 1.0.
+
+     So we change the selection algorithm again: Naming an explicit
+     ciphersuite selects this one ciphersuite, and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions.
+     Thus, "RC4-MD5" again will properly select both the SSL 2.0
+     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+     Since SSL 2.0 does not have any ciphersuites for which the
+     128/256 bit distinction would be relevant, this works for now.
+     The proper fix will be to use different bits for AES128 and
+     AES256, which would have avoided the problems from the beginning;
+     however, bits are scarce, so we can only do this in a new release
+     (not just a patchlevel) when we can change the SSL_CIPHER
+     definition to split the single 'unsigned long mask' bitmap into
+     multiple values to extend the available space.
+
+     [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactivate the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
+
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+     [Richard Levitte]
+
+  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+     key into the same file any more.
+     [Richard Levitte]
+
+  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+     [Andy Polyakov]
+
+  *) Add -utf8 command line and config file option to 'ca'.
+     [Stefan <stf@udoma.org]
+
+  *) Removed the macro des_crypt(), as it seems to conflict with some
+     libraries.  Use DES_crypt().
+     [Richard Levitte]
+
+  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+     involves renaming the source and generated shared-libs for
+     both. The engines will accept the corrected or legacy ids
+     ('ncipher' and '4758_cca' respectively) when binding. NB,
+     this only applies when building 'shared'.
+     [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
+  *) Add attribute functions to EVP_PKEY structure. Modify
+     PKCS12_create() to recognize a CSP name attribute and
+     use it. Make -CSP option work again in pkcs12 utility.
+     [Steve Henson]
+
+  *) Add new functionality to the bn blinding code:
+     - automatic re-creation of the BN_BLINDING parameters after
+       a fixed number of uses (currently 32)
+     - add new function for parameter creation
+     - introduce flags to control the update behaviour of the
+       BN_BLINDING parameters
+     - hide BN_BLINDING structure
+     Add a second BN_BLINDING slot to the RSA structure to improve
+     performance when a single RSA object is shared among several
+     threads.
+     [Nils Larsch]
+
+  *) Add support for DTLS.
+     [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
+
+  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+     [Walter Goulet]
+
+  *) Remove buggy and incomplete DH cert support from
+     ssl/ssl_rsa.c and ssl/s3_both.c
+     [Nils Larsch]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]
+
+  *) Compile clean with "-Wall -Wmissing-prototypes
+     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+     DEBUG_SAFESTACK must also be set.
+     [Ben Laurie]
+
+  *) Change ./Configure so that certain algorithms can be disabled by default.
+     The new counterpiece to "no-xxx" is "enable-xxx".
+
+     The patented RC5 and MDC2 algorithms will now be disabled unless
+     "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+     (IDEA remains enabled despite being patented.  This is because IDEA
+     is frequently required for interoperability, and there is no license
+     fee for non-commercial use.  As before, "no-idea" can be used to
+     avoid this algorithm.)
+
+     [Bodo Moeller]
+
+  *) Add processing of proxy certificates (see RFC 3820).  This work was
+     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+     EGEE (Enabling Grids for E-science in Europe).
+     [Richard Levitte]
+
+  *) RC4 performance overhaul on modern architectures/implementations, such
+     as Intel P4, IA-64 and AMD64.
+     [Andy Polyakov]
+
+  *) New utility extract-section.pl. This can be used specify an alternative
+     section number in a pod file instead of having to treat each file as
+     a separate case in Makefile. This can be done by adding two lines to the
+     pod file:
+
+     =for comment openssl_section:XXX
+
+     The blank line is mandatory.
+
+     [Steve Henson]
+
+  *) New arguments -certform, -keyform and -pass for s_client and s_server
+     to allow alternative format key and certificate files and passphrase
+     sources.
+     [Steve Henson]
+
+  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+     update associated structures and add various utility functions.
+
+     Add new policy related verify parameters, include policy checking in 
+     standard verify code. Enhance 'smime' application with extra parameters
+     to support policy checking and print out.
+     [Steve Henson]
+
+  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+     Nehemiah processors. These extensions support AES encryption in hardware
+     as well as RNG (though RNG support is currently disabled).
+     [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
+
+  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+     [Geoff Thorpe]
+
+  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+     [Andy Polyakov and a number of other people]
+
+  *) Improved PowerPC platform support. Most notably BIGNUM assembler
+     implementation contributed by IBM.
+     [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+     exponent rather than 'unsigned long'. There is a corresponding change to
+     the new 'rsa_keygen' element of the RSA_METHOD structure.
+     [Jelte Jansen, Geoff Thorpe]
+
+  *) Functionality for creating the initial serial number file is now
+     moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+     number file to 1, which is bound to cause problems.  To avoid
+     the problems while respecting compatibility between different 0.9.7
+     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
+     CA.pl for serial number initialization.  With the new release 0.9.8,
+     we can fix the problem directly in the 'ca' utility.)
+     [Steve Henson]
+
+  *) Reduced header interdepencies by declaring more opaque objects in
+     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+     give fewer recursive includes, which could break lazy source code - so
+     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+     developers should define this symbol when building and using openssl to
+     ensure they track the recommended behaviour, interfaces, [etc], but
+     backwards-compatible behaviour prevails when this isn't defined.
+     [Geoff Thorpe]
+
+  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+     [Steve Henson]
+
+  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+     This will generate a random key of the appropriate length based on the 
+     cipher context. The EVP_CIPHER can provide its own random key generation
+     routine to support keys of a specific form. This is used in the des and 
+     3des routines to generate a key of the correct parity. Update S/MIME
+     code to use new functions and hence generate correct parity DES keys.
+     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
+     valid (weak or incorrect parity).
+     [Steve Henson]
+
+  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+     as looking them up. This is useful when the verified structure may contain
+     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+     present unless the new PKCS7_NO_CRL flag is asserted.
+     [Steve Henson]
+
+  *) Extend ASN1 oid configuration module. It now additionally accepts the
+     syntax:
+
+     shortName = some long name, 1.2.3.4
+     [Steve Henson]
+
+  *) Reimplemented the BN_CTX implementation. There is now no more static
+     limitation on the number of variables it can handle nor the depth of the
+     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+     information can now expand as required, and rather than having a single
+     static array of bignums, BN_CTX now uses a linked-list of such arrays
+     allowing it to expand on demand whilst maintaining the usefulness of
+     BN_CTX's "bundling".
+     [Geoff Thorpe]
+
+  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+     to allow all RSA operations to function using a single BN_CTX.
+     [Geoff Thorpe]
+
+  *) Preliminary support for certificate policy evaluation and checking. This
+     is initially intended to pass the tests outlined in "Conformance Testing
+     of Relying Party Client Certificate Path Processing Logic" v1.07.
+     [Steve Henson]
+
+  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+     remained unused and not that useful. A variety of other little bignum
+     tweaks and fixes have also been made continuing on from the audit (see
+     below).
+     [Geoff Thorpe]
+
+  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+     associated ASN1, EVP and SSL functions and old ASN1 macros.
+     [Richard Levitte]
+
+  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+     and this should never fail. So the return value from the use of
+     BN_set_word() (which can fail due to needless expansion) is now deprecated;
+     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+     [Geoff Thorpe]
+
+  *) BN_CTX_get() should return zero-valued bignums, providing the same
+     initialised value as BN_new().
+     [Geoff Thorpe, suggested by Ulf Möller]
+
+  *) Support for inhibitAnyPolicy certificate extension.
+     [Steve Henson]
+
+  *) An audit of the BIGNUM code is underway, for which debugging code is
+     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+     is considered valid when processing BIGNUMs, and causes execution to
+     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+     further steps are taken to deliberately pollute unused data in BIGNUM
+     structures to try and expose faulty code further on. For now, openssl will
+     (in its default mode of operation) continue to tolerate the inconsistent
+     forms that it has tolerated in the past, but authors and packagers should
+     consider trying openssl and their own applications when compiled with
+     these debugging symbols defined. It will help highlight potential bugs in
+     their own code, and will improve the test coverage for OpenSSL itself. At
+     some point, these tighter rules will become openssl's default to improve
+     maintainability, though the assert()s and other overheads will remain only
+     in debugging configurations. See bn.h for more details.
+     [Geoff Thorpe, Nils Larsch, Ulf Möller]
+
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
+  *) Because of the callback-based approach for implementing LHASH as a
+     template type, lh_insert() adds opaque objects to hash-tables and
+     lh_doall() or lh_doall_arg() are typically used with a destructor callback
+     to clean up those corresponding objects before destroying the hash table
+     (and losing the object pointers). So some over-zealous constifications in
+     LHASH have been relaxed so that lh_insert() does not take (nor store) the
+     objects as "const" and the lh_doall[_arg] callback wrappers are not
+     prototyped to have "const" restrictions on the object pointers they are
+     given (and so aren't required to cast them away any more).
+     [Geoff Thorpe]
+
+  *) The tmdiff.h API was so ugly and minimal that our own timing utility
+     (speed) prefers to use its own implementation. The two implementations
+     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+     its object type properly exposed (MS_TM) instead of casting to/from "char
+     *". This may still change yet if someone realises MS_TM and "ms_time_***"
+     aren't necessarily the greatest nomenclatures - but this is what was used
+     internally to the implementation so I've used that for now.
+     [Geoff Thorpe]
+
+  *) Ensure that deprecated functions do not get compiled when
+     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+     the self-tests were still using deprecated key-generation functions so
+     these have been updated also.
+     [Geoff Thorpe]
+
+  *) Reorganise PKCS#7 code to separate the digest location functionality
+     into PKCS7_find_digest(), digest addition into PKCS7_bio_add_digest().
+     New function PKCS7_set_digest() to set the digest type for PKCS#7
+     digestedData type. Add additional code to correctly generate the
+     digestedData type and add support for this type in PKCS7 initialization
+     functions.
+     [Steve Henson]
+
+  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
+     structure of type "other".
+     [Steve Henson]
+
+  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+     sure the loop does correctly stop and breaking ("division by zero")
+     modulus operations are not performed. The (pre-generated) prime
+     table crypto/bn/bn_prime.h was already correct, but it could not be
+     re-generated on some platforms because of the "division by zero"
+     situation in the script.
+     [Ralf S. Engelschall]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+     SHA-1 now is only used for "small" curves (where the
+     representation of a field element takes up to 24 bytes); for
+     larger curves, the field element resulting from ECDH is directly
+     used as premaster secret.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+     curve secp160r1 to the tests.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add the possibility to load symbols globally with DSO.
+     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
+
+  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+     control of the error stack.
+     [Richard Levitte]
+
+  *) Add support for STORE in ENGINE.
+     [Richard Levitte]
+
+  *) Add the STORE type.  The intention is to provide a common interface
+     to certificate and key stores, be they simple file-based stores, or
+     HSM-type store, or LDAP stores, or...
+     NOTE: The code is currently UNTESTED and isn't really used anywhere.
+     [Richard Levitte]
+
+  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
+     pass a list of arguments to any function as well as provide a way
+     for a function to pass data back to the caller.
+     [Richard Levitte]
+
+  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
+     works like BUF_strdup() but can be used to duplicate a portion of
+     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
+     a memory area.
+     [Richard Levitte]
+
+  *) Add the function sk_find_ex() which works like sk_find(), but will
+     return an index to an element even if an exact match couldn't be
+     found.  The index is guaranteed to point at the element where the
+     searched-for key would be inserted to preserve sorting order.
+     [Richard Levitte]
+
+  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+     takes an extra flags argument for optional functionality.  Currently,
+     the following flags are defined:
+
+	OBJ_BSEARCH_VALUE_ON_NOMATCH
+	This one gets OBJ_bsearch_ex() to return a pointer to the first
+	element where the comparing function returns a negative or zero
+	number.
+
+	OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+	This one gets OBJ_bsearch_ex() to return a pointer to the first
+	element where the comparing function returns zero.  This is useful
+	if there are more than one element where the comparing function
+	returns zero.
+     [Richard Levitte]
+
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
+  *) Add functionality to check the public key of a certificate request
+     against a given private.  This is useful to check that a certificate
+     request can be signed by that key (self-signing).
+     [Richard Levitte]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) Generate muti valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
+  *) Support for nameConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyMappings certificate extension.
+     [Steve Henson]
+
+  *) Make sure the default DSA_METHOD implementation only uses its
+     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+     and change its own handlers to be NULL so as to remove unnecessary
+     indirection. This lets alternative implementations fallback to the
+     default implementation more easily.
+     [Geoff Thorpe]
+
+  *) Support for directoryName in GeneralName related extensions
+     in config files.
+     [Steve Henson]
+
+  *) Make it possible to link applications using Makefile.shared.
+     Make that possible even when linking against static libraries!
+     [Richard Levitte]
+
+  *) Support for single pass processing for S/MIME signing. This now
+     means that S/MIME signing can be done from a pipe, in addition
+     cleartext signing (multipart/signed type) is effectively streaming
+     and the signed data does not need to be all held in memory.
+
+     This is done with a new flag PKCS7_STREAM. When this flag is set
+     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+     is done after the data is output (and digests calculated) in
+     SMIME_write_PKCS7().
+     [Steve Henson]
+
+  *) Add full support for -rpath/-R, both in shared libraries and
+     applications, at least on the platforms where it's known how
+     to do it.
+     [Richard Levitte]
+
+  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+     will now compute a table of multiples of the generator that
+     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+     faster (notably in the case of a single point multiplication,
+     scalar * generator).
+     [Nils Larsch, Bodo Moeller]
+
+  *) IPv6 support for certificate extensions. The various extensions
+     which use the IP:a.b.c.d can now take IPv6 addresses using the
+     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+     correctly.
+     [Steve Henson]
+
+  *) Added an ENGINE that implements RSA by performing private key
+     exponentiations with the GMP library. The conversions to and from
+     GMP's mpz_t format aren't optimised nor are any montgomery forms
+     cached, and on x86 it appears OpenSSL's own performance has caught up.
+     However there are likely to be other architectures where GMP could
+     provide a boost. This ENGINE is not built in by default, but it can be
+     specified at Configure time and should be accompanied by the necessary
+     linker additions, eg;
+         ./config -DOPENSSL_USE_GMP -lgmp
+     [Geoff Thorpe]
+
+  *) "openssl engine" will not display ENGINE/DSO load failure errors when
+     testing availability of engines with "-t" - the old behaviour is
+     produced by increasing the feature's verbosity with "-tt".
+     [Geoff Thorpe]
+
+  *) ECDSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
+     via PR#459)
+     [Lutz Jaenicke]
+
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overridden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
+  *) Change the "progress" mechanism used in key-generation and
+     primality testing to functions that take a new BN_GENCB pointer in
+     place of callback/argument pairs. The new API functions have "_ex"
+     postfixes and the older functions are reimplemented as wrappers for
+     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+     declarations of the old functions to help (graceful) attempts to
+     migrate to the new functions. Also, the new key-generation API
+     functions operate on a caller-supplied key-structure and return
+     success/failure rather than returning a key or NULL - this is to
+     help make "keygen" another member function of RSA_METHOD etc.
+
+     Example for using the new callback interface:
+
+          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+          void *my_arg = ...;
+          BN_GENCB my_cb;
+
+          BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+          /* For the meaning of a, b in calls to my_callback(), see the
+           * documentation of the function that calls the callback.
+           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+           * my_callback should return 1 if it wants BN_is_prime_ex()
+           * to continue, or 0 to stop.
+           */
+
+     [Geoff Thorpe]
+
+  *) Change the ZLIB compression method to be stateful, and make it
+     available to TLS with the number defined in 
+     draft-ietf-tls-compression-04.txt.
+     [Richard Levitte]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+        forward		[0]	Certificate OPTIONAL,
+        reverse		[1]	Certificate OPTIONAL,
+        -- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
+  *) Make it possible to inhibit symlinking of shared libraries in
+     Makefile.shared, for Cygwin's sake.
+     [Richard Levitte]
+
+  *) Extend the BIGNUM API by creating a function 
+          void BN_set_negative(BIGNUM *a, int neg);
+     and a macro that behave like
+          int  BN_is_negative(const BIGNUM *a);
+
+     to avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch]
+
+  *) Implement fast modular reduction for pseudo-Mersenne primes
+     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+     EC_GROUP_new_curve_GFp() will now automatically use this
+     if applicable.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add new lock type (CRYPTO_LOCK_BN).
+     [Bodo Moeller]
+
+  *) Change the ENGINE framework to automatically load engines
+     dynamically from specific directories unless they could be
+     found to already be built in or loaded.  Move all the
+     current engines except for the cryptodev one to a new
+     directory engines/.
+     The engines in engines/ are built as shared libraries if
+     the "shared" options was given to ./Configure or ./config.
+     Otherwise, they are inserted in libcrypto.a.
+     /usr/local/ssl/engines is the default directory for dynamic
+     engines, but that can be overridden at configure time through
+     the usual use of --prefix and/or --openssldir, and at run
+     time with the environment variable OPENSSL_ENGINES.
+     [Geoff Thorpe and Richard Levitte]
+
+  *) Add Makefile.shared, a helper makefile to build shared
+     libraries.  Adapt Makefile.org.
+     [Richard Levitte]
+
+  *) Add version info to Win32 DLLs.
+     [Peter 'Luna' Runestig" <peter@runestig.com>]
+
+  *) Add new 'medium level' PKCS#12 API. Certificates and keys
+     can be added using this API to created arbitrary PKCS#12
+     files while avoiding the low level API.
+
+     New options to PKCS12_create(), key or cert can be NULL and
+     will then be omitted from the output file. The encryption
+     algorithm NIDs can be set to -1 for no encryption, the mac
+     iteration count can be set to 0 to omit the mac.
+
+     Enhance pkcs12 utility by making the -nokeys and -nocerts
+     options work when creating a PKCS#12 file. New option -nomac
+     to omit the mac, NONE can be set for an encryption algorithm.
+     New code is modified to use the enhanced PKCS12_create()
+     instead of the low level API.
+     [Steve Henson]
+
+  *) Extend ASN1 encoder to support indefinite length constructed
+     encoding. This can output sequences tags and octet strings in
+     this form. Modify pk7_asn1.c to support indefinite length
+     encoding. This is experimental and needs additional code to
+     be useful, such as an ASN1 bio and some enhanced streaming
+     PKCS#7 code.
+
+     Extend template encode functionality so that tagging is passed
+     down to the template encoder.
+     [Steve Henson]
+
+  *) Let 'openssl req' fail if an argument to '-newkey' is not
+     recognized instead of using RSA as a default.
+     [Bodo Moeller]
+
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
+  *) Change BN_mod_sqrt() so that it verifies that the input value
+     is really the square of the return value.  (Previously,
+     BN_mod_sqrt would show GIGO behaviour.)
+     [Bodo Moeller]
+
+  *) Add named elliptic curves over binary fields from X9.62, SECG,
+     and WAP/WTLS; add OIDs that were still missing.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Extend the EC library for elliptic curves over binary fields
+     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+     New EC_METHOD:
+
+          EC_GF2m_simple_method
+
+     New API functions:
+
+          EC_GROUP_new_curve_GF2m
+          EC_GROUP_set_curve_GF2m
+          EC_GROUP_get_curve_GF2m
+          EC_POINT_set_affine_coordinates_GF2m
+          EC_POINT_get_affine_coordinates_GF2m
+          EC_POINT_set_compressed_coordinates_GF2m
+
+     Point compression for binary fields is disabled by default for
+     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+     enable it).
+
+     As binary polynomials are represented as BIGNUMs, various members
+     of the EC_GROUP and EC_POINT data structures can be shared
+     between the implementations for prime fields and binary fields;
+     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+     are essentially identical to their ..._GFp counterparts.
+     (For simplicity, the '..._GFp' prefix has been dropped from
+     various internal method names.)
+
+     An internal 'field_div' method (similar to 'field_mul' and
+     'field_sqr') has been added; this is used only for binary fields.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+     through methods ('mul', 'precompute_mult').
+
+     The generic implementations (now internally called 'ec_wNAF_mul'
+     and 'ec_wNAF_precomputed_mult') remain the default if these
+     methods are undefined.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New function EC_GROUP_get_degree, which is defined through
+     EC_METHOD.  For curves over prime fields, this returns the bit
+     length of the modulus.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New functions EC_GROUP_dup, EC_POINT_dup.
+     (These simply call ..._new  and ..._copy).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+     Polynomials are represented as BIGNUMs (where the sign bit is not
+     used) in the following functions [macros]:  
+
+          BN_GF2m_add
+          BN_GF2m_sub             [= BN_GF2m_add]
+          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
+          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
+          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
+          BN_GF2m_mod_inv
+          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
+          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
+          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
+          BN_GF2m_cmp             [= BN_ucmp]
+
+     (Note that only the 'mod' functions are actually for fields GF(2^m).
+     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+     For some functions, an the irreducible polynomial defining a
+     field can be given as an 'unsigned int[]' with strictly
+     decreasing elements giving the indices of those bits that are set;
+     i.e., p[] represents the polynomial
+          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+     where
+          p[0] > p[1] > ... > p[k] = 0.
+     This applies to the following functions:
+
+          BN_GF2m_mod_arr
+          BN_GF2m_mod_mul_arr
+          BN_GF2m_mod_sqr_arr
+          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
+          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
+          BN_GF2m_mod_exp_arr
+          BN_GF2m_mod_sqrt_arr
+          BN_GF2m_mod_solve_quad_arr
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     Conversion can be performed by the following functions:
+
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     bntest.c has additional tests for binary polynomial arithmetic.
+
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add new error code 'ERR_R_DISABLED' that can be used when some
+     functionality is disabled at compile-time.
+     [Douglas Stebila <douglas.stebila@sun.com>]
+
+  *) Change default behaviour of 'openssl asn1parse' so that more
+     information is visible when viewing, e.g., a certificate:
+
+     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+     mode the content of non-printable OCTET STRINGs is output in a
+     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+     avoid the appearance of a printable string.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+     functions
+          EC_GROUP_set_asn1_flag()
+          EC_GROUP_get_asn1_flag()
+          EC_GROUP_set_point_conversion_form()
+          EC_GROUP_get_point_conversion_form()
+     These control ASN1 encoding details:
+     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+       has been set to OPENSSL_EC_NAMED_CURVE.
+     - Points are encoded in uncompressed form by default; options for
+       asn1_for are as for point2oct, namely
+          POINT_CONVERSION_COMPRESSED
+          POINT_CONVERSION_UNCOMPRESSED
+          POINT_CONVERSION_HYBRID
+
+     Also add 'seed' and 'seed_len' members to EC_GROUP with access
+     functions
+          EC_GROUP_set_seed()
+          EC_GROUP_get0_seed()
+          EC_GROUP_get_seed_len()
+     This is used only for ASN1 purposes (so far).
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'field_type' member to EC_METHOD, which holds the NID
+     of the appropriate field type OID.  The new function
+     EC_METHOD_get_field_type() returns this value.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add functions 
+          EC_POINT_point2bn()
+          EC_POINT_bn2point()
+          EC_POINT_point2hex()
+          EC_POINT_hex2point()
+     providing useful interfaces to EC_POINT_point2oct() and
+     EC_POINT_oct2point().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Change internals of the EC library so that the functions
+          EC_GROUP_set_generator()
+          EC_GROUP_get_generator()
+          EC_GROUP_get_order()
+          EC_GROUP_get_cofactor()
+     are implemented directly in crypto/ec/ec_lib.c and not dispatched
+     to methods, which would lead to unnecessary code duplication when
+     adding different types of curves.
+     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
+
+  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+     arithmetic, and such that modified wNAFs are generated
+     (which avoid length expansion in many cases).
+     [Bodo Moeller]
+
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add ECDSA in new directory crypto/ecdsa/.
+
+     Add applications 'openssl ecparam' and 'openssl ecdsa'
+     (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+     ECDSA support is also included in various other files across the
+     library.  Most notably,
+     - 'openssl req' now has a '-newkey ecdsa:file' option;
+     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+       them suitable for ECDSA where domain parameters must be
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_curve_name(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
+     Also add a 'curve_name' member to EC_GROUP objects, which can be
+     accessed via
+         EC_GROUP_set_curve_name()
+         EC_GROUP_get_curve_name()
+     [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
+ 
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+ Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
+
+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Since AES128 and AES256 share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't.
+     [Victor Duchovni]
+
+  *) Expand security boundary to match 1.1.1 module.
+     [Steve Henson]
+
+  *) Remove redundant features: hash file source, editing of test vectors
+     modify fipsld to use external fips_premain.c signature.
+     [Steve Henson]
+
+  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+     run algorithm test programs.
+     [Steve Henson]
+
+  *) Make algorithm test programs more tolerant of whitespace.
+     [Steve Henson]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Change ciphersuite string processing so that an explicit
+     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+     will no longer include "AES128-SHA"), and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions (so that
+     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
+     changes from 0.9.8b and 0.9.8d.
+     [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build. 
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
+  *) Make a new fixed-window mod_exp implementation the default for
+     RSA, DSA, and DH private-key operations so that the sequence of
+     squares and multiplies and the memory access pattern are
+     independent of the particular secret key.  This will mitigate
+     cache-timing and potential related attacks.
+
+     BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+     and this is automatically used by BN_mod_exp_mont() if the new flag
+     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH
+     will use this BN flag for private exponents unless the flag
+     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+  *) Change the client implementation for SSLv23_method() and
+     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+     (Previously, the SSL 2.0 backwards compatible Client Hello
+     message format would be used even with SSL_OP_NO_SSLv2.)
+     [Bodo Moeller]
+
+  *) Add support for smime-type MIME parameter in S/MIME messages which some
+     clients need.
+     [Steve Henson]
+
+  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+     a threadsafe manner. Modify rsa code to use new function and add calls
+     to dsa and dh code (which had race conditions before).
+     [Steve Henson]
+
+  *) Include the fixed error library code in the C error file definitions
+     instead of fixing them up at runtime. This keeps the error code
+     structures constant.
+     [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
+  *) Undo Cygwin change.
+     [Ulf Möller]
+
+  *) Added support for proxy certificates according to RFC 3820.
+     Because they may be a security thread to unaware applications,
+     they must be explicitly allowed in run-time.  See
+     docs/HOWTO/proxy_certificates.txt for further information.
+     [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
+
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
+  *) Use Windows randomness collection on Cygwin.
+     [Ulf Möller]
+
+  *) Fix hang in EGD/PRNGD query when communication socket is closed
+     prematurely by EGD/PRNGD.
+     [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
+
+  *) Prompt for pass phrases when appropriate for PKCS12 input format.
+     [Steve Henson]
+
+  *) Back-port of selected performance improvements from development
+     branch, as well as improved support for PowerPC platforms.
+     [Andy Polyakov]
+
+  *) Add lots of checks for memory allocation failure, error codes to indicate
+     failure and freeing up memory if a failure occurs.
+     [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
+
+  *) Add new -passin argument to dgst.
+     [Steve Henson]
+
+  *) Perform some character comparisons of different types in X509_NAME_cmp:
+     this is needed for some certificates that re-encode DNs into UTF8Strings
+     (in violation of RFC3280) and can't or won't issue name rollover
+     certificates.
+     [Steve Henson]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
+
+  *) Avoid a race condition when CRLs are checked in a multi threaded 
+     environment. This would happen due to the reordering of the revoked
+     entries during signature checking and serial number lookup. Now the
+     encoding is cached and the serial number sort performed under a lock.
+     Add new STACK function sk_is_sorted().
+     [Steve Henson]
+
+  *) Add Delta CRL to the extension code.
+     [Steve Henson]
+
+  *) Various fixes to s3_pkt.c so alerts are sent properly.
+     [David Holmes <d.holmes@f5.com>]
+
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is created using 'openssl x509 -next_serial' in CA.pl
+     rather than being initialized to 1.
+     [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
+     [Joe Orton, Steve Henson]   
+
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CVE-2004-0112)
+     [Joe Orton, Steve Henson]   
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) X509 verify fixes. Disable broken certificate workarounds when 
+     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+     keyUsage extension present. Don't accept CRLs with unhandled critical
+     extensions: since verify currently doesn't process CRL extensions this
+     rejects a CRL with *any* critical extensions. Add new verify error codes
+     for these cases.
+     [Steve Henson]
+
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
+  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+     this HMAC (and other) operations are several times slower than OpenSSL
+     < 0.9.7.
+     [Steve Henson]
+
+  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Use the correct content when signing type "other".
+     [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write 
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
+
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller] 
+
+ Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+  *) Make the no-err option work as intended.  The intention with no-err
+     is not to have the whole error stack handling routines removed from
+     libcrypto, it's only intended to remove all the function name and
+     reason texts, thereby removing some of the footprint that may not
+     be interesting if those errors aren't displayed anyway.
+
+     NOTE: it's still possible for any application or module to have it's
+     own set of error texts inserted.  The routines are there, just not
+     used by default when no-err is given.
+     [Richard Levitte]
+
+  *) Add support for FreeBSD on IA64.
+     [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
+
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
+
+  *) Allow an application to disable the automatic SSL chain building.
+     Before this a rather primitive chain build was always performed in
+     ssl3_output_cert_chain(): an application had no way to send the 
+     correct chain if the automatic operation produced an incorrect result.
+
+     Now the chain builder is disabled if either:
+
+     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+     The reasoning behind this is that an application would not want the
+     auto chain building to take place if extra chain certificates are
+     present and it might also want a means of sending no additional
+     certificates (for example the chain has two certificates and the
+     root is omitted).
+     [Steve Henson]
+
+  *) Add the possibility to build without the ENGINE framework.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+     [Steve Henson]
+
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+     Nils Larsch <nla@trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
+
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
+  *) IA-32 assembler support enhancements: unified ELF targets, support
+     for SCO/Caldera platforms, fix for Cygwin shared build.
+     [Andy Polyakov]
+
+  *) Add support for FreeBSD on sparc64.  As a consequence, support for
+     FreeBSD on non-x86 processors is separate from x86 processors on
+     the config script, much like the NetBSD support.
+     [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
+  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
+     removed entirely.
+     [Richard Levitte]
+
+  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
+     seems that in spite of existing for more than a year, many application
+     author have done nothing to provide the necessary callbacks, which
+     means that this particular engine will not work properly anywhere.
+     This is a very unfortunate situation which forces us, in the name
+     of usability, to give the hw_ncipher.c a static lock, which is part
+     of libcrypto.
+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).
+     [Richard Levitte]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CVE-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+	# Place yourself outside of the OpenSSL source tree.  In
+	# this example, the environment variable OPENSSL_SOURCE
+	# is assumed to contain the absolute OpenSSL source directory.
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+		mkdir -p `dirname $F`
+		ln -s $OPENSSL_SOURCE/$F $F
+	done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successful, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized 
+     after all ctrl commands have been executed on it. If init=1 the 
+     ENGINE is initailized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be iniatialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+        
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Preliminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is 
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto iterfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello received from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert@anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+	 des_set_key_checked(..., &ks);
+	 des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     won't compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.     
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf@hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+	OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+	OPENSSL_DECLARE_GLOBAL(int,foo);
+	#define foo OPENSSL_GLOBAL_REF(foo)
+	OPENSSL_DECLARE_GLOBAL(double,bar);
+	#define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers. 
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputed or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+	CRYPTO_set_mem_ex_functions
+	CRYPTO_set_locked_mem_ex_functions
+	CRYPTO_get_mem_ex_functions
+	CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, querying stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     won't normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which 
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognice more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certificates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add appropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+     The following entry accidentally appeared in the CHANGES file
+     distributed with OpenSSL 0.9.7.  The modifications described in
+     it do *not* apply to OpenSSL 0.9.7.
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+#endif
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+	ENGINE_load_cswift()
+	ENGINE_load_chil()
+	ENGINE_load_atalla()
+	ENGINE_load_nuron()
+	ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CVE-2003-0851)
+     [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and 
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank@valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+	Alon Kantor <alonk@checkpoint.com> (and others),
+	Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CVE-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CVE-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erroneously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix object definitions for Private and Enterprise: they were not
+     recognized in their shortname (=lowercase) representation. Extend
+     obj_dat.pl to issue an error when using undefined keywords instead
+     of silently ignoring the problem (Svenning Sorensen
+     <sss@sss.dnsalias.net>).
+     [Lutz Jaenicke]
+
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+ 
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom@arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
+  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+     Yoram Zahavi <YoramZ@gilian.com>).
+     [Lutz Jaenicke]
+
+  *) Add information about CygWin 1.3 and on, and preserve proper
+     configuration for the versions before that.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar@checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
+     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+     flag is set). Proposed by Aslam <aslam@funk.com>.
+     [Lutz Jaenicke]
+
+  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+     value is 0.
+     [Richard Levitte]
+
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add the configuration target linux-s390x.
+     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
+
+  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+     variable as an indication that a ClientHello message has been
+     received.  As the flag value will be lost between multiple
+     invocations of ssl3_accept when using non-blocking I/O, the
+     function may not be aware that a handshake has actually taken
+     place, thus preventing a new session from being added to the
+     session cache.
+
+     To avoid this problem, we now set s->new_session to 2 instead of
+     using a local variable.
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+     if the SSL_R_LENGTH_MISMATCH error is detected.
+     [Geoff Thorpe, Bodo Moeller]
+
+  *) New 'shared_ldflag' column in Configure platform table.
+     [Richard Levitte]
+
+  *) Fix EVP_CIPHER_mode macro.
+     ["Dan S. Camper" <dan@bti.net>]
+
+  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+     type, we must throw them away by setting rr->length to 0.
+     [D P Chang <dpc@qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
+
+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
+  *) Only add signing time to PKCS7 structures if it is not already
+     present.
+     [Steve Henson]
+
+  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+     OBJ_ld_ce should be OBJ_id_ce.
+     Also some ip-pda OIDs in crypto/objects/objects.txt were
+     incorrect (cf. RFC 3039).
+     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+     returns early because it has nothing to do.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Cryptographic Appliance's keyserver technology.
+     (Use engine 'keyclient')
+     [Cryptographic Appliances and Geoff Thorpe]
+
+  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
+     is called via tools/c89.sh because arguments have to be
+     rearranged (all '-L' options must appear before the first object
+     modules).
+     [Richard Shapiro <rshapiro@abinitio.com>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Broadcom crypto accelerator cards, backported
+     from 0.9.7.
+     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for SureWare crypto accelerator cards from 
+     Baltimore Technologies.  (Use engine 'sureware')
+     [Baltimore Technologies and Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for crypto accelerator cards from Accelerated
+     Encryption Processing, www.aep.ie.  (Use engine 'aep')
+     [AEP Inc. and Mark Cox]
+
+  *) Add a configuration entry for gcc on UnixWare.
+     [Gary Benson <gbenson@redhat.com>]
+
+  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+     messages are stored in a single piece (fixed-length part and
+     variable-length part combined) and fix various bugs found on the way.
+     [Bodo Moeller]
+
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they have
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
+  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+     (sent using the client's version number) if client_version is
+     smaller than the protocol version in use.  Also change
+     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+     the client will at least see that alert.
+     [Bodo Moeller]
+
+  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+     correctly.
+     [Bodo Moeller]
+
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+     should end in 'break', not 'goto end' which circumvents various
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.
+
+     Also avoid some overhead by not calling ssl_init_wbio_buffer()
+     before just sending a HelloRequest.
+     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
+
+  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+     reveal whether illegal block cipher padding was found or a MAC
+     verification error occurred.  (Neither SSLerr() codes nor alerts
+     are directly visible to potential attackers, but the information
+     may leak via logfiles.)
+
+     Similar changes are not required for the SSL 2.0 implementation
+     because the number of padding bytes is sent in clear for SSL 2.0,
+     and the extra bytes are just ignored.  However ssl/s2_pkt.c
+     failed to verify that the purported number of padding bytes is in
+     the legal range.
+     [Bodo Moeller]
+
+  *) Add OpenUNIX-8 support including shared libraries
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding parameters and hence was not vulnerable.
+     [Bodo Moeller]
+
+  *) BN_sqr() bug fix.
+     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
+
+  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+     followed by modular reduction.
+     [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
+
+  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+     equivalent based on BN_pseudo_rand() instead of BN_rand().
+     [Bodo Moeller]
+
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+     [Lutz Jaenicke]
+
+  *) Rework the configuration and shared library support for Tru64 Unix.
+     The configuration part makes use of modern compiler features and
+     still retains old compiler behavior for those that run older versions
+     of the OS.  The shared library support part includes a variant that
+     uses the RPATH feature, and is available through the special
+     configuration target "alpha-cc-rpath", which will never be selected
+     automatically.
+     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
+  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+     [Andy Polyakov]
+
+  *) Modified SSL library such that the verify_callback that has been set
+     specificly for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
+  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+     explicitly to NULL, as at least on Solaris 8 this seems not always to be
+     done automatically (in contradiction to the requirements of the C
+     standard). This made problems when used from OpenSSH.
+     [Lutz Jaenicke]
+
+  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+     dh->length and always used
+
+          BN_rand_range(priv_key, dh->p).
+
+     BN_rand_range() is not necessary for Diffie-Hellman, and this
+     specific range makes Diffie-Hellman unnecessarily inefficient if
+     dh->length (recommended exponent length) is much smaller than the
+     length of dh->p.  We could use BN_rand_range() if the order of
+     the subgroup was stored in the DH structure, but we only have
+     dh->length.
+
+     So switch back to
+
+          BN_rand(priv_key, l, ...)
+
+     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+     otherwise.
+     [Bodo Moeller]
+
+  *) In
+
+          RSA_eay_public_encrypt
+          RSA_eay_private_decrypt
+          RSA_eay_private_encrypt (signing)
+          RSA_eay_public_decrypt (signature verification)
+
+     (default implementations for RSA_public_encrypt,
+     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+     always reject numbers >= n.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+     to synchronize access to 'locking_thread'.  This is necessary on
+     systems where access to 'locking_thread' (an 'unsigned long'
+     variable) is not atomic.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+     *before* setting the 'crypto_lock_rand' flag.  The previous code had
+     a race condition if 0 is a valid thread ID.
+     [Travis Vitek <vitek@roguewave.com>]
+
+  *) Add support for shared libraries under Irix.
+     [Albert Chin-A-Young <china@thewrittenword.com>]
+
+  *) Add configuration option to build on Linux on both big-endian and
+     little-endian MIPS.
+     [Ralf Baechle <ralf@uni-koblenz.de>]
+
+  *) Add the possibility to create shared libraries on HP-UX.
+     [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
+
+  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
+     PRNG state recovery was possible based on the output of
+     one PRNG request appropriately sized to gain knowledge on
+     'md' followed by enough consecutive 1-byte PRNG requests
+     to traverse all of 'state'.
+
+     1. When updating 'md_local' (the current thread's copy of 'md')
+        during PRNG output generation, hash all of the previous
+        'md_local' value, not just the half used for PRNG output.
+
+     2. Make the number of bytes from 'state' included into the hash
+        independent from the number of PRNG bytes requested.
+
+     The first measure alone would be sufficient to avoid
+     Markku-Juhani's attack.  (Actually it had never occurred
+     to me that the half of 'md_local' used for chaining was the
+     half from which PRNG output bytes were taken -- I had always
+     assumed that the secret half would be used.)  The second
+     measure makes sure that additional data from 'state' is never
+     mixed into 'md_local' in small portions; this heuristically
+     further strengthens the PRNG.
+     [Bodo Moeller]
+
+  *) Fix crypto/bn/asm/mips3.s.
+     [Andy Polyakov]
+
+  *) When only the key is given to "enc", the IV is undefined. Print out
+     an error message in this case.
+     [Lutz Jaenicke]
+
+  *) Handle special case when X509_NAME is empty in X509 printing routines.
+     [Steve Henson]
+
+  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+     positive and less than q.
+     [Bodo Moeller]
+
+  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+     used: it isn't thread safe and the add_lock_callback should handle
+     that itself.
+     [Paul Rose <Paul.Rose@bridge.com>]
+
+  *) Verify that incoming data obeys the block size in
+     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+     [Bodo Moeller]
+
+  *) Fix OAEP check.
+     [Ulf Möller, Bodo Möller]
+
+  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+     when fixing the server behaviour for backwards-compatible 'client
+     hello' messages.  (Note that the attack is impractical against
+     SSL 3.0 and TLS 1.0 anyway because length and version checking
+     means that the probability of guessing a valid ciphertext is
+     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+     paper.)
+
+     Before 0.9.5, the countermeasure (hide the error by generating a
+     random 'decryption result') did not work properly because
+     ERR_clear_error() was missing, meaning that SSL_get_error() would
+     detect the supposedly ignored error.
+
+     Both problems are now fixed.
+     [Bodo Moeller]
+
+  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+     (previously it was 1024).
+     [Bodo Moeller]
+
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
+     parameters in DSA public key structures and return an error in the
+     DSA routines if parameters are absent.
+     [Steve Henson]
+
+  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+     in the current directory if neither $RANDFILE nor $HOME was set.
+     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
+     caused some confusion to Windows users who haven't defined $HOME.
+     Thus RAND_file_name() is changed again: e_os.h can define a
+     DEFAULT_HOME, which will be used if $HOME is not set.
+     For Windows, we use "C:"; on other platforms, we still require
+     environment variables.
+
+  *) Move 'if (!initialized) RAND_poll()' into regions protected by
+     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
+     having multiple threads call RAND_poll() concurrently.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+     combination of a flag and a thread ID variable.
+     Otherwise while one thread is in ssleay_rand_bytes (which sets the
+     flag), *other* threads can enter ssleay_add_bytes without obeying
+     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+     that they do not hold after the first thread unsets add_do_not_lock).
+     [Bodo Moeller]
+
+  *) Change bctest again: '-x' expressions are not available in all
+     versions of 'test'.
+     [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+
+  *) Fix a couple of memory leaks in PKCS7_dataDecode()
+     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
+
+  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+     the default extension for executables, if any.  Also, make the perl
+     scripts that use symlink() to test if it really exists and use "cp"
+     if it doesn't.  All this made OpenSSL compilable and installable in
+     CygWin.
+     [Richard Levitte]
+
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     For compatibility with Ultrix, avoid shell functions (introduced
+     in the bctest version that searches along $PATH).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
+     [Richard Levitte]
+
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Disabled incorrect Alpha assembler code.
+     [Richard Levitte]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf Möller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf Möller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Make sure that shared libraries get the internal name engine with
+     the full version number and not just 0.  This should mark the
+     shared libraries as not backward compatible.  Of course, this should
+     be changed again when we can guarantee backward binary compatibility.
+     [Richard Levitte]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+  *) Rework the system to generate shared libraries:
+
+     - Make note of the expected extension for the shared libraries and
+       if there is a need for symbolic links from for example libcrypto.so.0
+       to libcrypto.so.0.9.7.  There is extended info in Configure for
+       that.
+
+     - Make as few rebuilds of the shared libraries as possible.
+
+     - Still avoid linking the OpenSSL programs with the shared libraries.
+
+     - When installing, install the shared libraries separately from the
+       static ones.
+     [Richard Levitte]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disabled algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
+  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+     BIO_ctrl (for BIO pairs).
+     [Bodo Möller]
+
+  *) Add DSO method for VMS.
+     [Richard Levitte]
+
+  *) Bug fix: Montgomery multiplication could produce results with the
+     wrong sign.
+     [Ulf Möller]
+
+  *) Add RPM specification openssl.spec and modify it to build three
+     packages.  The default package contains applications, application
+     documentation and run-time libraries.  The devel package contains
+     include files, static libraries and function documentation.  The
+     doc package contains the contents of the doc directory.  The original
+     openssl.spec was provided by Damien Miller <djm@mindrot.org>.
+     [Richard Levitte]
+     
+  *) Add a large number of documentation files for many SSL routines.
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Add a configuration entry for Sony News 4.
+     [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
+
+  *) Don't set the two most significant bits to one when generating a
+     random number < q in the DSA library.
+     [Ulf Möller]
+
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
+  *) Add a few more EBCDIC conditionals that make `req' and `x509'
+     work better on such systems.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+     Update PKCS12_parse() so it copies the friendlyName and the
+     keyid to the certificates aux info.
+     [Steve Henson]
+
+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su@celocom.de>]
+
+  *) Major change in util/mkdef.pl to include extra information
+     about each symbol, as well as presenting variables as well
+     as functions.  This change means that there's n more need
+     to rebuild the .num files when some algorithms are excluded.
+     [Richard Levitte]
+
+  *) Allow the verify time to be set by an application,
+     rather than always using the current time.
+     [Steve Henson]
+  
+  *) Phase 2 verify code reorganisation. The certificate
+     verify code now looks up an issuer certificate by a
+     number of criteria: subject name, authority key id
+     and key usage. It also verifies self signed certificates
+     by the same criteria. The main comparison function is
+     X509_check_issued() which performs these checks.
+ 
+     Lot of changes were necessary in order to support this
+     without completely rewriting the lookup code.
+ 
+     Authority and subject key identifier are now cached.
+ 
+     The LHASH 'certs' is X509_STORE has now been replaced
+     by a STACK_OF(X509_OBJECT). This is mainly because an
+     LHASH can't store or retrieve multiple objects with
+     the same hash value.
+
+     As a result various functions (which were all internal
+     use only) have changed to handle the new X509_STORE
+     structure. This will break anything that messed round
+     with X509_STORE internally.
+ 
+     The functions X509_STORE_add_cert() now checks for an
+     exact match, rather than just subject name.
+ 
+     The X509_STORE API doesn't directly support the retrieval
+     of multiple certificates matching a given criteria, however
+     this can be worked round by performing a lookup first
+     (which will fill the cache with candidate certificates)
+     and then examining the cache for matches. This is probably
+     the best we can do without throwing out X509_LOOKUP
+     entirely (maybe later...).
+ 
+     The X509_VERIFY_CTX structure has been enhanced considerably.
+ 
+     All certificate lookup operations now go via a get_issuer()
+     callback. Although this currently uses an X509_STORE it
+     can be replaced by custom lookups. This is a simple way
+     to bypass the X509_STORE hackery necessary to make this
+     work and makes it possible to use more efficient techniques
+     in future. A very simple version which uses a simple
+     STACK for its trusted certificate store is also provided
+     using X509_STORE_CTX_trusted_stack().
+ 
+     The verify_cb() and verify() callbacks now have equivalents
+     in the X509_STORE_CTX structure.
+ 
+     X509_STORE_CTX also has a 'flags' field which can be used
+     to customise the verify behaviour.
+     [Steve Henson]
+ 
+  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 
+     excludes S/MIME capabilities.
+     [Steve Henson]
+
+  *) When a certificate request is read in keep a copy of the
+     original encoding of the signed data and use it when outputting
+     again. Signatures then use the original encoding rather than
+     a decoded, encoded version which may cause problems if the
+     request is improperly encoded.
+     [Steve Henson]
+
+  *) For consistency with other BIO_puts implementations, call
+     buffer_write(b, ...) directly in buffer_puts instead of calling
+     BIO_write(b, ...).
+
+     In BIO_puts, increment b->num_write as in BIO_write.
+     [Peter.Sylvester@EdelWeb.fr]
+
+  *) Fix BN_mul_word for the case where the word is 0. (We have to use
+     BN_zero, we may not return a BIGNUM with an array consisting of
+     words set to zero.)
+     [Bodo Moeller]
+
+  *) Avoid calling abort() from within the library when problems are
+     detected, except if preprocessor symbols have been defined
+     (such as REF_CHECK, BN_DEBUG etc.).
+     [Bodo Moeller]
+
+  *) New openssl application 'rsautl'. This utility can be
+     used for low level RSA operations. DER public key
+     BIO/fp routines also added.
+     [Steve Henson]
+
+  *) New Configure entry and patches for compiling on QNX 4.
+     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
+
+  *) A demo state-machine implementation was sponsored by
+     Nuron (http://www.nuron.com/) and is now available in
+     demos/state_machine.
+     [Ben Laurie]
+
+  *) New options added to the 'dgst' utility for signature
+     generation and verification.
+     [Steve Henson]
+
+  *) Unrecognized PKCS#7 content types are now handled via a
+     catch all ASN1_TYPE structure. This allows unsupported
+     types to be stored as a "blob" and an application can
+     encode and decode it manually.
+     [Steve Henson]
+
+  *) Fix various signed/unsigned issues to make a_strex.c
+     compile under VC++.
+     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
+
+  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+     length if passed a buffer. ASN1_INTEGER_to_BN failed
+     if passed a NULL BN and its argument was negative.
+     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
+
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
+  *) Added BIO_vprintf() and BIO_vsnprintf().
+     [Richard Levitte]
+
+  *) Added more prefixes to parse for in the the strings written
+     through a logging bio, to cover all the levels that are available
+     through syslog.  The prefixes are now:
+
+	PANIC, EMERG, EMR	=>	LOG_EMERG
+	ALERT, ALR		=>	LOG_ALERT
+	CRIT, CRI		=>	LOG_CRIT
+	ERROR, ERR		=>	LOG_ERR
+	WARNING, WARN, WAR	=>	LOG_WARNING
+	NOTICE, NOTE, NOT	=>	LOG_NOTICE
+	INFO, INF		=>	LOG_INFO
+	DEBUG, DBG		=>	LOG_DEBUG
+
+     and as before, if none of those prefixes are present at the
+     beginning of the string, LOG_ERR is chosen.
+
+     On Win32, the LOG_* levels are mapped according to this:
+
+	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
+	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
+	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE
+
+     [Richard Levitte]
+
+  *) Made it possible to reconfigure with just the configuration
+     argument "reconf" or "reconfigure".  The command line arguments
+     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+     and are retrieved from there when reconfiguring.
+     [Richard Levitte]
+
+  *) MD4 implemented.
+     [Assar Westerlund <assar@sics.se>, Richard Levitte]
+
+  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+     [Richard Levitte]
+
+  *) The obj_dat.pl script was messing up the sorting of object
+     names. The reason was that it compared the quoted version
+     of strings as a result "OCSP" > "OCSP Signing" because
+     " > SPACE. Changed script to store unquoted versions of
+     names and add quotes on output. It was also omitting some
+     names from the lookup table if they were given a default
+     value (that is if SN is missing it is given the same
+     value as LN and vice versa), these are now added on the
+     grounds that if an object has a name we should be able to
+     look it up. Finally added warning output when duplicate
+     short or long names are found.
+     [Steve Henson]
+
+  *) Changes needed for Tandem NSK.
+     [Scott Uroff <scott@xypro.com>]
+
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
+  *) Make it possible to get hexdumps of unprintable data with 'openssl
+     asn1parse'.  By implication, the functions ASN1_parse_dump() and
+     BIO_dump_indent() are added.
+     [Richard Levitte]
+
+  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+     these print out strings and name structures based on various
+     flags including RFC2253 support and proper handling of
+     multibyte characters. Added options to the 'x509' utility 
+     to allow the various flags to be set.
+     [Steve Henson]
+
+  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+     Also change the functions X509_cmp_current_time() and
+     X509_gmtime_adj() work with an ASN1_TIME structure,
+     this will enable certificates using GeneralizedTime in validity
+     dates to be checked.
+     [Steve Henson]
+
+  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+     negative public key encodings) on by default,
+     NO_NEG_PUBKEY_BUG can be set to disable it.
+     [Steve Henson]
+
+  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+     content octets. An i2c_ASN1_OBJECT is unnecessary because
+     the encoding can be trivially obtained from the structure.
+     [Steve Henson]
+
+  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+     not read locks (CRYPTO_r_[un]lock).
+     [Bodo Moeller]
+
+  *) A first attempt at creating official support for shared
+     libraries through configuration.  I've kept it so the
+     default is static libraries only, and the OpenSSL programs
+     are always statically linked for now, but there are
+     preparations for dynamic linking in place.
+     This has been tested on Linux and Tru64.
+     [Richard Levitte]
+
+  *) Randomness polling function for Win9x, as described in:
+     Peter Gutmann, Software Generation of Practically Strong
+     Random Numbers.
+     [Ulf Möller]
+
+  *) Fix so PRNG is seeded in req if using an already existing
+     DSA key.
+     [Steve Henson]
+
+  *) New options to smime application. -inform and -outform
+     allow alternative formats for the S/MIME message including
+     PEM and DER. The -content option allows the content to be
+     specified separately. This should allow things like Netscape
+     form signing output easier to verify.
+     [Steve Henson]
+
+  *) Fix the ASN1 encoding of tags using the 'long form'.
+     [Steve Henson]
+
+  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+     STRING types. These convert content octets to and from the
+     underlying type. The actual tag and length octets are
+     already assumed to have been read in and checked. These
+     are needed because all other string types have virtually
+     identical handling apart from the tag. By having versions
+     of the ASN1 functions that just operate on content octets
+     IMPLICIT tagging can be handled properly. It also allows
+     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+     and ASN1_INTEGER are identical apart from the tag.
+     [Steve Henson]
+
+  *) Change the handling of OID objects as follows:
+
+     - New object identifiers are inserted in objects.txt, following
+       the syntax given in objects.README.
+     - objects.pl is used to process obj_mac.num and create a new
+       obj_mac.h.
+     - obj_dat.pl is used to create a new obj_dat.h, using the data in
+       obj_mac.h.
+
+     This is currently kind of a hack, and the perl code in objects.pl
+     isn't very elegant, but it works as I intended.  The simplest way
+     to check that it worked correctly is to look in obj_dat.h and
+     check the array nid_objs and make sure the objects haven't moved
+     around (this is important!).  Additions are OK, as well as
+     consistent name changes. 
+     [Richard Levitte]
+
+  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+     [Bodo Moeller]
+
+  *) Addition of the command line parameter '-rand file' to 'openssl req'.
+     The given file adds to whatever has already been seeded into the
+     random pool through the RANDFILE configuration file option or
+     environment variable, or the default random state file.
+     [Richard Levitte]
+
+  *) mkstack.pl now sorts each macro group into lexical order.
+     Previously the output order depended on the order the files
+     appeared in the directory, resulting in needless rewriting
+     of safestack.h .
+     [Steve Henson]
+
+  *) Patches to make OpenSSL compile under Win32 again. Mostly
+     work arounds for the VC++ problem that it treats func() as
+     func(void). Also stripped out the parts of mkdef.pl that
+     added extra typesafe functions: these no longer exist.
+     [Steve Henson]
+
+  *) Reorganisation of the stack code. The macros are now all 
+     collected in safestack.h . Each macro is defined in terms of
+     a "stack macro" of the form SKM_<name>(type, a, b). The 
+     DEBUG_SAFESTACK is now handled in terms of function casts,
+     this has the advantage of retaining type safety without the
+     use of additional functions. If DEBUG_SAFESTACK is not defined
+     then the non typesafe macros are used instead. Also modified the
+     mkstack.pl script to handle the new form. Needs testing to see
+     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+     the default if no major problems. Similar behaviour for ASN1_SET_OF
+     and PKCS12_STACK_OF.
+     [Steve Henson]
+
+  *) When some versions of IIS use the 'NET' form of private key the
+     key derivation algorithm is different. Normally MD5(password) is
+     used as a 128 bit RC4 key. In the modified case
+     MD5(MD5(password) + "SGCKEYSALT")  is used instead. Added some
+     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+     as the old Netscape_RSA functions except they have an additional
+     'sgckey' parameter which uses the modified algorithm. Also added
+     an -sgckey command line option to the rsa utility. Thanks to 
+     Adrian Peck <bertie@ncipher.com> for posting details of the modified
+     algorithm to openssl-dev.
+     [Steve Henson]
+
+  *) The evp_local.h macros were using 'c.##kname' which resulted in
+     invalid expansion on some systems (SCO 5.0.5 for example).
+     Corrected to 'c.kname'.
+     [Phillip Porch <root@theporch.com>]
+
+  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+     a STACK of email addresses from a certificate or request, these look
+     in the subject name and the subject alternative name extensions and 
+     omit any duplicate addresses.
+     [Steve Henson]
+
+  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+     This makes DSA verification about 2 % faster.
+     [Bodo Moeller]
+
+  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+     (meaning that now 2^5 values will be precomputed, which is only 4 KB
+     plus overhead for 1024 bit moduli).
+     This makes exponentiations about 0.5 % faster for 1024 bit
+     exponents (as measured by "openssl speed rsa2048").
+     [Bodo Moeller]
+
+  *) Rename memory handling macros to avoid conflicts with other
+     software:
+          Malloc         =>  OPENSSL_malloc
+          Malloc_locked  =>  OPENSSL_malloc_locked
+          Realloc        =>  OPENSSL_realloc
+          Free           =>  OPENSSL_free
+     [Richard Levitte]
+
+  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+     [Bodo Moeller]
+
+  *) CygWin32 support.
+     [John Jarvie <jjarvie@newsguy.com>]
+
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
+  *) The STACK code has been cleaned up, and certain type declarations
+     that didn't make a lot of sense have been brought in line. This has
+     also involved a cleanup of sorts in safestack.h to more correctly
+     map type-safe stack functions onto their plain stack counterparts.
+     This work has also resulted in a variety of "const"ifications of
+     lots of the code, especially "_cmp" operations which should normally
+     be prototyped with "const" parameters anyway.
+     [Geoff Thorpe]
+
+  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+     (The PRNG state consists of two parts, the large pool 'state' and 'md',
+     where all of 'md' is used each time the PRNG is used, but 'state'
+     is used only indexed by a cyclic counter. As entropy may not be
+     well distributed from the beginning, 'md' is important as a
+     chaining variable. However, the output function chains only half
+     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
+     all of 'md', and seeding with STATE_SIZE dummy bytes will result
+     in all of 'state' being rewritten, with the new values depending
+     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
+     [Bodo Moeller]
+
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) Major EVP API cipher revision.
+     Add hooks for extra EVP features. This allows various cipher
+     parameters to be set in the EVP interface. Support added for variable
+     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+     setting of RC2 and RC5 parameters.
+
+     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+     ciphers.
+
+     Remove lots of duplicated code from the EVP library. For example *every*
+     cipher init() function handles the 'iv' in the same way according to the
+     cipher mode. They also all do nothing if the 'key' parameter is NULL and
+     for CFB and OFB modes they zero ctx->num.
+
+     New functionality allows removal of S/MIME code RC2 hack.
+
+     Most of the routines have the same form and so can be declared in terms
+     of macros.
+
+     By shifting this to the top level EVP_CipherInit() it can be removed from
+     all individual ciphers. If the cipher wants to handle IVs or keys
+     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+     flags.
+
+     Change lots of functions like EVP_EncryptUpdate() to now return a
+     value: although software versions of the algorithms cannot fail
+     any installed hardware versions can.
+     [Steve Henson]
+
+  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+     this option is set, tolerate broken clients that send the negotiated
+     protocol version number instead of the requested protocol version
+     number.
+     [Bodo Moeller]
+
+  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+     i.e. non-zero for export ciphersuites, zero otherwise.
+     Previous versions had this flag inverted, inconsistent with
+     rsa_tmp_cb (..._TMP_RSA_CB).
+     [Bodo Moeller; problem reported by Amit Chopra]
+
+  *) Add missing DSA library text string. Work around for some IIS
+     key files with invalid SEQUENCE encoding.
+     [Steve Henson]
+
+  *) Add a document (doc/standards.txt) that list all kinds of standards
+     and so on that are implemented in OpenSSL.
+     [Richard Levitte]
+
+  *) Enhance c_rehash script. Old version would mishandle certificates
+     with the same subject name hash and wouldn't handle CRLs at all.
+     Added -fingerprint option to crl utility, to support new c_rehash
+     features.
+     [Steve Henson]
+
+  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+     [Ulf Möller]
+
+  *) Fix for SSL server purpose checking. Server checking was
+     rejecting certificates which had extended key usage present
+     but no ssl client purpose.
+     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
+
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
+  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+     perror when PEM_read_bio_X509_REQ fails, the error message must
+     be obtained from the error queue.
+     [Bodo Moeller]
+
+  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+     it in ERR_remove_state if appropriate, and change ERR_get_state
+     accordingly to avoid race conditions (this is necessary because
+     thread_hash is no longer constant once set).
+     [Bodo Moeller]
+
+  *) Bugfix for linux-elf makefile.one.
+     [Ulf Möller]
+
+  *) RSA_get_default_method() will now cause a default
+     RSA_METHOD to be chosen if one doesn't exist already.
+     Previously this was only set during a call to RSA_new()
+     or RSA_new_method(NULL) meaning it was possible for
+     RSA_get_default_method() to return NULL.
+     [Geoff Thorpe]
+
+  *) Added native name translation to the existing DSO code
+     that will convert (if the flag to do so is set) filenames
+     that are sufficiently small and have no path information
+     into a canonical native form. Eg. "blah" converted to
+     "libblah.so" or "blah.dll" etc.
+     [Geoff Thorpe]
+
+  *) New function ERR_error_string_n(e, buf, len) which is like
+     ERR_error_string(e, buf), but writes at most 'len' bytes
+     including the 0 terminator.  For ERR_error_string_n, 'buf'
+     may not be NULL.
+     [Damien Miller <djm@mindrot.org>, Bodo Moeller]
+
+  *) CONF library reworked to become more general.  A new CONF
+     configuration file reader "class" is implemented as well as a
+     new functions (NCONF_*, for "New CONF") to handle it.  The now
+     old CONF_* functions are still there, but are reimplemented to
+     work in terms of the new functions.  Also, a set of functions
+     to handle the internal storage of the configuration data is
+     provided to make it easier to write new configuration file
+     reader "classes" (I can definitely see something reading a
+     configuration file in XML format, for example), called _CONF_*,
+     or "the configuration storage API"...
+
+     The new configuration file reading functions are:
+
+        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+        NCONF_default, NCONF_WIN32
+
+        NCONF_dump_fp, NCONF_dump_bio
+
+     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+     NCONF_new creates a new CONF object.  This works in the same way
+     as other interfaces in OpenSSL, like the BIO interface.
+     NCONF_dump_* dump the internal storage of the configuration file,
+     which is useful for debugging.  All other functions take the same
+     arguments as the old CONF_* functions wth the exception of the
+     first that must be a `CONF *' instead of a `LHASH *'.
+
+     To make it easer to use the new classes with the old CONF_* functions,
+     the function CONF_set_default_method is provided.
+     [Richard Levitte]
+
+  *) Add '-tls1' option to 'openssl ciphers', which was already
+     mentioned in the documentation but had not been implemented.
+     (This option is not yet really useful because even the additional
+     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+     [Bodo Moeller]
+
+  *) Initial DSO code added into libcrypto for letting OpenSSL (and
+     OpenSSL-based applications) load shared libraries and bind to
+     them in a portable way.
+     [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
+
+  *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili@amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meaning
+     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf@suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf Möller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke@trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
+
+  *) PKCS7_encrypt() was adding text MIME headers twice because they
+     were added manually and by SMIME_crlf_copy().
+     [Steve Henson]
+
+  *) In bntest.c don't call BN_rand with zero bits argument.
+     [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
+
+  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+     case was implemented. This caused BN_div_recp() to fail occasionally.
+     [Ulf Möller]
+
+  *) Add an optional second argument to the set_label() in the perl
+     assembly language builder. If this argument exists and is set
+     to 1 it signals that the assembler should use a symbol whose 
+     scope is the entire file, not just the current function. This
+     is needed with MASM which uses the format label:: for this scope.
+     [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
+
+  *) Change the ASN1 types so they are typedefs by default. Before
+     almost all types were #define'd to ASN1_STRING which was causing
+     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+     for example.
+     [Steve Henson]
+
+  *) Change names of new functions to the new get1/get0 naming
+     convention: After 'get1', the caller owns a reference count
+     and has to call ..._free; 'get0' returns a pointer to some
+     data structure without incrementing reference counters.
+     (Some of the existing 'get' functions increment a reference
+     counter, some don't.)
+     Similarly, 'set1' and 'add1' functions increase reference
+     counters or duplicate objects.
+     [Steve Henson]
+
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
+  *) Fix potential buffer overrun problem in BIO_printf().
+     [Ulf Möller, using public domain code by Patrick Powell; problem
+      pointed out by David Sacerdote <das33@cornell.edu>]
+
+  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
+     RAND_egd() and RAND_status().  In the command line application,
+     the EGD socket can be specified like a seed file using RANDFILE
+     or -rand.
+     [Ulf Möller]
+
+  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+     Some CAs (e.g. Verisign) distribute certificates in this form.
+     [Steve Henson]
+
+  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+     list to exclude them. This means that no special compilation option
+     is needed to use anonymous DH: it just needs to be included in the
+     cipher list.
+     [Steve Henson]
+
+  *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+     EVP_MD_type. The old functionality is available in a new macro called
+     EVP_MD_md(). Change code that uses it and update docs.
+     [Steve Henson]
+
+  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+     where the 'void *' argument is replaced by a function pointer argument.
+     Previously 'void *' was abused to point to functions, which works on
+     many platforms, but is not correct.  As these functions are usually
+     called by macros defined in OpenSSL header files, most source code
+     should work without changes.
+     [Richard Levitte]
+
+  *) <openssl/opensslconf.h> (which is created by Configure) now contains
+     sections with information on -D... compiler switches used for
+     compiling the library so that applications can see them.  To enable
+     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+     must be defined.  E.g.,
+        #define OPENSSL_ALGORITHM_DEFINES
+        #include <openssl/opensslconf.h>
+     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+     [Richard Levitte, Ulf and Bodo Möller]
+
+  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+     record layer.
+     [Bodo Moeller]
+
+  *) Change the 'other' type in certificate aux info to a STACK_OF
+     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+     the required ASN1 format: arbitrary types determined by an OID.
+     [Steve Henson]
+
+  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+     argument to 'req'. This is not because the function is newer or
+     better than others it just uses the work 'NEW' in the certificate
+     request header lines. Some software needs this.
+     [Steve Henson]
+
+  *) Reorganise password command line arguments: now passwords can be
+     obtained from various sources. Delete the PEM_cb function and make
+     it the default behaviour: i.e. if the callback is NULL and the
+     usrdata argument is not NULL interpret it as a null terminated pass
+     phrase. If usrdata and the callback are NULL then the pass phrase
+     is prompted for as usual.
+     [Steve Henson]
+
+  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+     the support is automatically enabled. The resulting binaries will
+     autodetect the card and use it if present.
+     [Ben Laurie and Compaq Inc.]
+
+  *) Work around for Netscape hang bug. This sends certificate request
+     and server done in one record. Since this is perfectly legal in the
+     SSL/TLS protocol it isn't a "bug" option and is on by default. See
+     the bugs/SSLv3 entry for more info.
+     [Steve Henson]
+
+  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+     [Andy Polyakov]
+
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
+  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+     [Bodo Moeller]
+
+  *) Add command line password options to the remaining applications.
+     [Steve Henson]
+
+  *) Bug fix for BN_div_recp() for numerators with an even number of
+     bits.
+     [Ulf Möller]
+
+  *) More tests in bntest.c, and changed test_bn output.
+     [Ulf Möller]
+
+  *) ./config recognizes MacOS X now.
+     [Andy Polyakov]
+
+  *) Bug fix for BN_div() when the first words of num and divsor are
+     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+     [Ulf Möller]
+
+  *) Add support for various broken PKCS#8 formats, and command line
+     options to produce them.
+     [Steve Henson]
+
+  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+     get temporary BIGNUMs from a BN_CTX.
+     [Ulf Möller]
+
+  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+     for p == 0.
+     [Ulf Möller]
+
+  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+     include a #define from the old name to the new. The original intent
+     was that statically linked binaries could for example just call
+     SSLeay_add_all_ciphers() to just add ciphers to the table and not
+     link with digests. This never worked because SSLeay_add_all_digests()
+     and SSLeay_add_all_ciphers() were in the same source file so calling
+     one would link with the other. They are now in separate source files.
+     [Steve Henson]
+
+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+
+  *) Use a less unusual form of the Miller-Rabin primality test (it used
+     a binary algorithm for exponentiation integrated into the Miller-Rabin
+     loop, our standard modexp algorithms are faster).
+     [Bodo Moeller]
+
+  *) Support for the EBCDIC character set completed.
+     [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
+
+  *) Source code cleanups: use const where appropriate, eliminate casts,
+     use void * instead of char * in lhash.
+     [Ulf Möller] 
+
+  *) Bugfix: ssl3_send_server_key_exchange was not restartable
+     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+     this the server could overwrite ephemeral keys that the client
+     has already seen).
+     [Bodo Moeller]
+
+  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+     using 50 iterations of the Rabin-Miller test.
+
+     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+     iterations of the Rabin-Miller test as required by the appendix
+     to FIPS PUB 186[-1]) instead of DSA_is_prime.
+     As BN_is_prime_fasttest includes trial division, DSA parameter
+     generation becomes much faster.
+
+     This implies a change for the callback functions in DSA_is_prime
+     and DSA_generate_parameters: The callback function is called once
+     for each positive witness in the Rabin-Miller test, not just
+     occasionally in the inner loop; and the parameters to the
+     callback function now provide an iteration count for the outer
+     loop rather than for the current invocation of the inner loop.
+     DSA_generate_parameters additionally can call the callback
+     function with an 'iteration count' of -1, meaning that a
+     candidate has passed the trial division test (when q is generated 
+     from an application-provided seed, trial division is skipped).
+     [Bodo Moeller]
+
+  *) New function BN_is_prime_fasttest that optionally does trial
+     division before starting the Rabin-Miller test and has
+     an additional BN_CTX * argument (whereas BN_is_prime always
+     has to allocate at least one BN_CTX).
+     'callback(1, -1, cb_arg)' is called when a number has passed the
+     trial division stage.
+     [Bodo Moeller]
+
+  *) Fix for bug in CRL encoding. The validity dates weren't being handled
+     as ASN1_TIME.
+     [Steve Henson]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro:
+     BN_is_prime(..., BN_prime_checks, ...) now uses
+     BN_prime_checks_for_size to determine the appropriate number of
+     Rabin-Miller iterations.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analogous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
+  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable. RAND_add is like
+     RAND_seed, but takes an extra argument for an entropy estimate
+     (RAND_seed always assumes full entropy).
+     [Ulf Möller]
+
+  *) Do more iterations of Rabin-Miller probable prime test (specifically,
+     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 for random input.
+     [Bodo Moeller]
+
+  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+     [Bodo Moeller]
+
+  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+     in the 0.9.5 release), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
+  *) Add manpage for the pkcs12 command. Also change the default
+     behaviour so MAC iteration counts are used unless the new
+     -nomaciter option is used. This improves file security and
+     only older versions of MSIE (4.0 for example) need it.
+     [Steve Henson]
+
+  *) Honor the no-xxx Configure options when creating .DEF files.
+     [Ulf Möller]
+
+  *) Add PKCS#10 attributes to field table: challengePassword, 
+     unstructuredName and unstructuredAddress. These are taken from
+     draft PKCS#9 v2.0 but are compatible with v1.2 provided no 
+     international characters are used.
+
+     More changes to X509_ATTRIBUTE code: allow the setting of types
+     based on strings. Remove the 'loc' parameter when adding
+     attributes because these will be a SET OF encoding which is sorted
+     in ASN1 order.
+     [Steve Henson]
+
+  *) Initial changes to the 'req' utility to allow request generation
+     automation. This will allow an application to just generate a template
+     file containing all the field values and have req construct the
+     request.
+
+     Initial support for X509_ATTRIBUTE handling. Stacks of these are
+     used all over the place including certificate requests and PKCS#7
+     structures. They are currently handled manually where necessary with
+     some primitive wrappers for PKCS#7. The new functions behave in a
+     manner analogous to the X509 extension functions: they allow
+     attributes to be looked up by NID and added.
+
+     Later something similar to the X509V3 code would be desirable to
+     automatically handle the encoding, decoding and printing of the
+     more complex types. The string types like challengePassword can
+     be handled by the string table functions.
+
+     Also modified the multi byte string table handling. Now there is
+     a 'global mask' which masks out certain types. The table itself
+     can use the flag STABLE_NO_MASK to ignore the mask setting: this
+     is useful when for example there is only one permissible type
+     (as in countryName) and using the mask might result in no valid
+     types at all.
+     [Steve Henson]
+
+  *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+     SSL_get_peer_finished to allow applications to obtain the latest
+     Finished messages sent to the peer or expected from the peer,
+     respectively.  (SSL_get_peer_finished is usually the Finished message
+     actually received from the peer, otherwise the protocol will be aborted.)
+
+     As the Finished message are message digests of the complete handshake
+     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+     be used for external authentication procedures when the authentication
+     provided by SSL/TLS is not desired or is not enough.
+     [Bodo Moeller]
+
+  *) Enhanced support for Alpha Linux is added. Now ./config checks if
+     the host supports BWX extension and if Compaq C is present on the
+     $PATH. Just exploiting of the BWX extension results in 20-30%
+     performance kick for some algorithms, e.g. DES and RC4 to mention
+     a couple. Compaq C in turn generates ~20% faster code for MD5 and
+     SHA1.
+     [Andy Polyakov]
+
+  *) Add support for MS "fast SGC". This is arguably a violation of the
+     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+     weak crypto and after checking the certificate is SGC a second one
+     with strong crypto. MS SGC stops the first handshake after receiving
+     the server certificate message and sends a second client hello. Since
+     a server will typically do all the time consuming operations before
+     expecting any further messages from the client (server key exchange
+     is the most expensive) there is little difference between the two.
+
+     To get OpenSSL to support MS SGC we have to permit a second client
+     hello message after we have sent server done. In addition we have to
+     reset the MAC if we do get this second client hello.
+     [Steve Henson]
+
+  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+     if a DER encoded private key is RSA or DSA traditional format. Changed
+     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+     format DER encoded private key. Newer code should use PKCS#8 format which
+     has the key type encoded in the ASN1 structure. Added DER private key
+     support to pkcs8 application.
+     [Steve Henson]
+
+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
+  *) In SSL_CTX_add_session, take into account that there might be multiple
+     SSL_SESSION structures with the same session ID (e.g. when two threads
+     concurrently obtain them from an external cache).
+     The internal cache can handle only one SSL_SESSION with a given ID,
+     so if there's a conflict, we now throw out the old one to achieve
+     consistency.
+     [Bodo Moeller]
+
+  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
+     some routines that use cipher OIDs: some ciphers do not have OIDs
+     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+     example.
+     [Steve Henson]
+
+  *) Simplify the trust setting structure and code. Now we just have
+     two sequences of OIDs for trusted and rejected settings. These will
+     typically have values the same as the extended key usage extension
+     and any application specific purposes.
+
+     The trust checking code now has a default behaviour: it will just
+     check for an object with the same NID as the passed id. Functions can
+     be provided to override either the default behaviour or the behaviour
+     for a given id. SSL client, server and email already have functions
+     in place for compatibility: they check the NID and also return "trusted"
+     if the certificate is self signed.
+     [Steve Henson]
+
+  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+     traditional format into an EVP_PKEY structure.
+     [Steve Henson]
+
+  *) Add a password callback function PEM_cb() which either prompts for
+     a password if usr_data is NULL or otherwise assumes it is a null
+     terminated password. Allow passwords to be passed on command line
+     environment or config files in a few more utilities.
+     [Steve Henson]
+
+  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+     keys. Add some short names for PKCS#8 PBE algorithms and allow them
+     to be specified on the command line for the pkcs8 and pkcs12 utilities.
+     Update documentation.
+     [Steve Henson]
+
+  *) Support for ASN1 "NULL" type. This could be handled before by using
+     ASN1_TYPE but there wasn't any function that would try to read a NULL
+     and produce an error if it couldn't. For compatibility we also have
+     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+     don't allocate anything because they don't need to.
+     [Steve Henson]
+
+  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+     for details.
+     [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
+
+  *) Rebuild of the memory allocation routines used by OpenSSL code and
+     possibly others as well.  The purpose is to make an interface that
+     provide hooks so anyone can build a separate set of allocation and
+     deallocation routines to be used by OpenSSL, for example memory
+     pool implementations, or something else, which was previously hard
+     since Malloc(), Realloc() and Free() were defined as macros having
+     the values malloc, realloc and free, respectively (except for Win32
+     compilations).  The same is provided for memory debugging code.
+     OpenSSL already comes with functionality to find memory leaks, but
+     this gives people a chance to debug other memory problems.
+
+     With these changes, a new set of functions and macros have appeared:
+
+       CRYPTO_set_mem_debug_functions()	        [F]
+       CRYPTO_get_mem_debug_functions()         [F]
+       CRYPTO_dbg_set_options()	                [F]
+       CRYPTO_dbg_get_options()                 [F]
+       CRYPTO_malloc_debug_init()               [M]
+
+     The memory debug functions are NULL by default, unless the library
+     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
+     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+     gives the standard debugging functions that come with OpenSSL) or
+     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+     provided by the library user) must be used.  When the standard
+     debugging functions are used, CRYPTO_dbg_set_options can be used to
+     request additional information:
+     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+     the CRYPTO_MDEBUG_xxx macro when compiling the library.   
+
+     Also, things like CRYPTO_set_mem_functions will always give the
+     expected result (the new set of functions is used for allocation
+     and deallocation) at all times, regardless of platform and compiler
+     options.
+
+     To finish it up, some functions that were never use in any other
+     way than through macros have a new API and new semantic:
+
+       CRYPTO_dbg_malloc()
+       CRYPTO_dbg_realloc()
+       CRYPTO_dbg_free()
+
+     All macros of value have retained their old syntax.
+     [Richard Levitte and Bodo Moeller]
+
+  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+     ordering of SMIMECapabilities wasn't in "strength order" and there
+     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+     algorithm.
+     [Steve Henson]
+
+  *) Some ASN1 types with illegal zero length encoding (INTEGER,
+     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+     [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
+
+  *) Merge in my S/MIME library for OpenSSL. This provides a simple
+     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+     functionality to handle multipart/signed properly) and a utility
+     called 'smime' to call all this stuff. This is based on code I
+     originally wrote for Celo who have kindly allowed it to be
+     included in OpenSSL.
+     [Steve Henson]
+
+  *) Add variants des_set_key_checked and des_set_key_unchecked of
+     des_set_key (aka des_key_sched).  Global variable des_check_key
+     decides which of these is called by des_set_key; this way
+     des_check_key behaves as it always did, but applications and
+     the library itself, which was buggy for des_check_key == 1,
+     have a cleaner way to pick the version they need.
+     [Bodo Moeller]
+
+  *) New function PKCS12_newpass() which changes the password of a
+     PKCS12 structure.
+     [Steve Henson]
+
+  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+     dynamic mix. In both cases the ids can be used as an index into the
+     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+     functions so they accept a list of the field values and the
+     application doesn't need to directly manipulate the X509_TRUST
+     structure.
+     [Steve Henson]
+
+  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+     need initialising.
+     [Steve Henson]
+
+  *) Modify the way the V3 extension code looks up extensions. This now
+     works in a similar way to the object code: we have some "standard"
+     extensions in a static table which is searched with OBJ_bsearch()
+     and the application can add dynamic ones if needed. The file
+     crypto/x509v3/ext_dat.h now has the info: this file needs to be
+     updated whenever a new extension is added to the core code and kept
+     in ext_nid order. There is a simple program 'tabtest.c' which checks
+     this. New extensions are not added too often so this file can readily
+     be maintained manually.
+
+     There are two big advantages in doing things this way. The extensions
+     can be looked up immediately and no longer need to be "added" using
+     X509V3_add_standard_extensions(): this function now does nothing.
+     [Side note: I get *lots* of email saying the extension code doesn't
+      work because people forget to call this function]
+     Also no dynamic allocation is done unless new extensions are added:
+     so if we don't add custom extensions there is no need to call
+     X509V3_EXT_cleanup().
+     [Steve Henson]
+
+  *) Modify enc utility's salting as follows: make salting the default. Add a
+     magic header, so unsalted files fail gracefully instead of just decrypting
+     to garbage. This is because not salting is a big security hole, so people
+     should be discouraged from doing it.
+     [Ben Laurie]
+
+  *) Fixes and enhancements to the 'x509' utility. It allowed a message
+     digest to be passed on the command line but it only used this
+     parameter when signing a certificate. Modified so all relevant
+     operations are affected by the digest parameter including the
+     -fingerprint and -x509toreq options. Also -x509toreq choked if a
+     DSA key was used because it didn't fix the digest.
+     [Steve Henson]
+
+  *) Initial certificate chain verify code. Currently tests the untrusted
+     certificates for consistency with the verify purpose (which is set
+     when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+     this is because it will reject chains with invalid extensions whereas
+     every previous version of OpenSSL and SSLeay made no checks at all.
+
+     Trust code: checks the root CA for the relevant trust settings. Trust
+     settings have an initial value consistent with the verify purpose: e.g.
+     if the verify purpose is for SSL client use it expects the CA to be
+     trusted for SSL client use. However the default value can be changed to
+     permit custom trust settings: one example of this would be to only trust
+     certificates from a specific "secure" set of CAs.
+
+     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+     which should be used for version portability: especially since the
+     verify structure is likely to change more often now.
+
+     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+     to set them. If not set then assume SSL clients will verify SSL servers
+     and vice versa.
+
+     Two new options to the verify program: -untrusted allows a set of
+     untrusted certificates to be passed in and -purpose which sets the
+     intended purpose of the certificate. If a purpose is set then the
+     new chain verify code is used to check extension consistency.
+     [Steve Henson]
+
+  *) Support for the authority information access extension.
+     [Steve Henson]
+
+  *) Modify RSA and DSA PEM read routines to transparently handle
+     PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+     public keys in a format compatible with certificate
+     SubjectPublicKeyInfo structures. Unfortunately there were already
+     functions called *_PublicKey_* which used various odd formats so
+     these are retained for compatibility: however the DSA variants were
+     never in a public release so they have been deleted. Changed dsa/rsa
+     utilities to handle the new format: note no releases ever handled public
+     keys so we should be OK.
+
+     The primary motivation for this change is to avoid the same fiasco
+     that dogs private keys: there are several incompatible private key
+     formats some of which are standard and some OpenSSL specific and
+     require various evil hacks to allow partial transparent handling and
+     even then it doesn't work with DER formats. Given the option anything
+     other than PKCS#8 should be dumped: but the other formats have to
+     stay in the name of compatibility.
+
+     With public keys and the benefit of hindsight one standard format 
+     is used which works with EVP_PKEY, RSA or DSA structures: though
+     it clearly returns an error if you try to read the wrong kind of key.
+
+     Added a -pubkey option to the 'x509' utility to output the public key.
+     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+     that do the same as the EVP_PKEY_assign_*() except they up the
+     reference count of the added key (they don't "swallow" the
+     supplied key).
+     [Steve Henson]
+
+  *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+     CRLs would fail if the file contained no certificates or no CRLs:
+     added a new function to read in both types and return the number
+     read: this means that if none are read it will be an error. The
+     DER versions of the certificate and CRL reader would always fail
+     because it isn't possible to mix certificates and CRLs in DER format
+     without choking one or the other routine. Changed this to just read
+     a certificate: this is the best we can do. Also modified the code
+     in apps/verify.c to take notice of return codes: it was previously
+     attempting to read in certificates from NULL pointers and ignoring
+     any errors: this is one reason why the cert and CRL reader seemed
+     to work. It doesn't check return codes from the default certificate
+     routines: these may well fail if the certificates aren't installed.
+     [Steve Henson]
+
+  *) Code to support otherName option in GeneralName.
+     [Steve Henson]
+
+  *) First update to verify code. Change the verify utility
+     so it warns if it is passed a self signed certificate:
+     for consistency with the normal behaviour. X509_verify
+     has been modified to it will now verify a self signed
+     certificate if *exactly* the same certificate appears
+     in the store: it was previously impossible to trust a
+     single self signed certificate. This means that:
+     openssl verify ss.pem
+     now gives a warning about a self signed certificate but
+     openssl verify -CAfile ss.pem ss.pem
+     is OK.
+     [Steve Henson]
+
+  *) For servers, store verify_result in SSL_SESSION data structure
+     (and add it to external session representation).
+     This is needed when client certificate verifications fails,
+     but an application-provided verification callback (set by
+     SSL_CTX_set_cert_verify_callback) allows accepting the session
+     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+     but returns 1): When the session is reused, we have to set
+     ssl->verify_result to the appropriate error code to avoid
+     security holes.
+     [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+  *) Fix a bug in the new PKCS#7 code: it didn't consider the
+     case in PKCS7_dataInit() where the signed PKCS7 structure
+     didn't contain any existing data because it was being created.
+     [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
+
+  *) Add a salt to the key derivation routines in enc.c. This
+     forms the first 8 bytes of the encrypted file. Also add a
+     -S option to allow a salt to be input on the command line.
+     [Steve Henson]
+
+  *) New function X509_cmp(). Oddly enough there wasn't a function
+     to compare two certificates. We do this by working out the SHA1
+     hash and comparing that. X509_cmp() will be needed by the trust
+     code.
+     [Steve Henson]
+
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
+     [Geoff Thorpe <geoff@eu.c2.net>]
+
+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
+  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+     the 'enc' command.
+     [Steve Henson]
+
+  *) Add the possibility to add extra information to the memory leak
+     detecting output, to form tracebacks, showing from where each
+     allocation was originated: CRYPTO_push_info("constant string") adds
+     the string plus current file name and line number to a per-thread
+     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+     is like calling CYRPTO_pop_info() until the stack is empty.
+     Also updated memory leak detection code to be multi-thread-safe.
+     [Richard Levitte]
+
+  *) Add options -text and -noout to pkcs7 utility and delete the
+     encryption options which never did anything. Update docs.
+     [Steve Henson]
+
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
+  *) Add a few manpages for some of the openssl commands.
+     [Steve Henson]
+
+  *) Fix the -revoke option in ca. It was freeing up memory twice,
+     leaking and not finding already revoked certificates.
+     [Steve Henson]
+
+  *) Extensive changes to support certificate auxiliary information.
+     This involves the use of X509_CERT_AUX structure and X509_AUX
+     functions. An X509_AUX function such as PEM_read_X509_AUX()
+     can still read in a certificate file in the usual way but it
+     will also read in any additional "auxiliary information". By
+     doing things this way a fair degree of compatibility can be
+     retained: existing certificates can have this information added
+     using the new 'x509' options. 
+
+     Current auxiliary information includes an "alias" and some trust
+     settings. The trust settings will ultimately be used in enhanced
+     certificate chain verification routines: currently a certificate
+     can only be trusted if it is self signed and then it is trusted
+     for all purposes.
+     [Steve Henson]
+
+  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+     The problem was that one of the replacement routines had not been working
+     since SSLeay releases.  For now the offending routine has been replaced
+     with non-optimised assembler.  Even so, this now gives around 95%
+     performance improvement for 1024 bit RSA signs.
+     [Mark Cox]
+
+  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 
+     handling. Most clients have the effective key size in bits equal to
+     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+     A few however don't do this and instead use the size of the decrypted key
+     to determine the RC2 key length and the AlgorithmIdentifier to determine
+     the effective key length. In this case the effective key length can still
+     be 40 bits but the key length can be 168 bits for example. This is fixed
+     by manually forcing an RC2 key into the EVP_PKEY structure because the
+     EVP code can't currently handle unusual RC2 key sizes: it always assumes
+     the key length and effective key length are equal.
+     [Steve Henson]
+
+  *) Add a bunch of functions that should simplify the creation of 
+     X509_NAME structures. Now you should be able to do:
+     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+     and have it automatically work out the correct field type and fill in
+     the structures. The more adventurous can try:
+     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+     and it will (hopefully) work out the correct multibyte encoding.
+     [Steve Henson]
+
+  *) Change the 'req' utility to use the new field handling and multibyte
+     copy routines. Before the DN field creation was handled in an ad hoc
+     way in req, ca, and x509 which was rather broken and didn't support
+     BMPStrings or UTF8Strings. Since some software doesn't implement
+     BMPStrings or UTF8Strings yet, they can be enabled using the config file
+     using the dirstring_type option. See the new comment in the default
+     openssl.cnf for more info.
+     [Steve Henson]
+
+  *) Make crypto/rand/md_rand.c more robust:
+     - Assure unique random numbers after fork().
+     - Make sure that concurrent threads access the global counter and
+       md serializably so that we never lose entropy in them
+       or use exactly the same state in multiple threads.
+       Access to the large state is not always serializable because
+       the additional locking could be a performance killer, and
+       md should be large enough anyway.
+     [Bodo Moeller]
+
+  *) New file apps/app_rand.c with commonly needed functionality
+     for handling the random seed file.
+
+     Use the random seed file in some applications that previously did not:
+          ca,
+          dsaparam -genkey (which also ignored its '-rand' option), 
+          s_client,
+          s_server,
+          x509 (when signing).
+     Except on systems with /dev/urandom, it is crucial to have a random
+     seed file at least for key creation, DSA signing, and for DH exchanges;
+     for RSA signatures we could do without one.
+
+     gendh and gendsa (unlike genrsa) used to read only the first byte
+     of each file listed in the '-rand' option.  The function as previously
+     found in genrsa is now in app_rand.c and is used by all programs
+     that support '-rand'.
+     [Bodo Moeller]
+
+  *) In RAND_write_file, use mode 0600 for creating files;
+     don't just chmod when it may be too late.
+     [Bodo Moeller]
+
+  *) Report an error from X509_STORE_load_locations
+     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+     [Bill Perry]
+
+  *) New function ASN1_mbstring_copy() this copies a string in either
+     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+     into an ASN1_STRING type. A mask of permissible types is passed
+     and it chooses the "minimal" type to use or an error if not type
+     is suitable.
+     [Steve Henson]
+
+  *) Add function equivalents to the various macros in asn1.h. The old
+     macros are retained with an M_ prefix. Code inside the library can
+     use the M_ macros. External code (including the openssl utility)
+     should *NOT* in order to be "shared library friendly".
+     [Steve Henson]
+
+  *) Add various functions that can check a certificate's extensions
+     to see if it usable for various purposes such as SSL client,
+     server or S/MIME and CAs of these types. This is currently 
+     VERY EXPERIMENTAL but will ultimately be used for certificate chain
+     verification. Also added a -purpose flag to x509 utility to
+     print out all the purposes.
+     [Steve Henson]
+
+  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+     functions.
+     [Steve Henson]
+
+  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+     for, obtain and decode and extension and obtain its critical flag.
+     This allows all the necessary extension code to be handled in a
+     single function call.
+     [Steve Henson]
+
+  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+     platforms. See crypto/rc4/rc4_enc.c for further details.
+     [Andy Polyakov]
+
+  *) New -noout option to asn1parse. This causes no output to be produced
+     its main use is when combined with -strparse and -out to extract data
+     from a file (which may not be in ASN.1 format).
+     [Steve Henson]
+
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) New option -dhparam in s_server. This allows a DH parameter file to be
+     stated explicitly. If it is not stated then it tries the first server
+     certificate file. The previous behaviour hard coded the filename
+     "server.pem".
+     [Steve Henson]
+
+  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+     a public key to be input or output. For example:
+     openssl rsa -in key.pem -pubout -out pubkey.pem
+     Also added necessary DSA public key functions to handle this.
+     [Steve Henson]
+
+  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+     in the message. This was handled by allowing
+     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+     [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
+
+  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+     to the end of the strings whereas this didn't. This would cause problems
+     if strings read with d2i_ASN1_bytes() were later modified.
+     [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix for base64 decode bug. When a base64 bio reads only one line of
+     data and it contains EOF it will end up returning an error. This is
+     caused by input 46 bytes long. The cause is due to the way base64
+     BIOs find the start of base64 encoded data. They do this by trying a
+     trial decode on each line until they find one that works. When they
+     do a flag is set and it starts again knowing it can pass all the
+     data directly through the decoder. Unfortunately it doesn't reset
+     the context it uses. This means that if EOF is reached an attempt
+     is made to pass two EOFs through the context and this causes the
+     resulting error. This can also cause other problems as well. As is
+     usual with these problems it takes *ages* to find and the fix is
+     trivial: move one line.
+     [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+  *) Ugly workaround to get s_client and s_server working under Windows. The
+     old code wouldn't work because it needed to select() on sockets and the
+     tty (for keypresses and to see if data could be written). Win32 only
+     supports select() on sockets so we select() with a 1s timeout on the
+     sockets and then see if any characters are waiting to be read, if none
+     are present then we retry, we also assume we can always write data to
+     the tty. This isn't nice because the code then blocks until we've
+     received a complete line of data and it is effectively polling the
+     keyboard at 1s intervals: however it's quite a bit better than not
+     working at all :-) A dedicated Windows application might handle this
+     with an event loop for example.
+     [Steve Henson]
+
+  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+     will be called when RSA_sign() and RSA_verify() are used. This is useful
+     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+     This necessitated the support of an extra signature type NID_md5_sha1
+     for SSL signatures and modifications to the SSL library to use it instead
+     of calling RSA_public_decrypt() and RSA_private_encrypt().
+     [Steve Henson]
+
+  *) Add new -verify -CAfile and -CApath options to the crl program, these
+     will lookup a CRL issuers certificate and verify the signature in a
+     similar way to the verify program. Tidy up the crl program so it
+     no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+     less strict. It will now permit CRL extensions even if it is not
+     a V2 CRL: this will allow it to tolerate some broken CRLs.
+     [Steve Henson]
+
+  *) Initialize all non-automatic variables each time one of the openssl
+     sub-programs is started (this is necessary as they may be started
+     multiple times from the "OpenSSL>" prompt).
+     [Lennart Bang, Bodo Moeller]
+
+  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+     removing all other RSA functionality (this is what NO_RSA does). This
+     is so (for example) those in the US can disable those operations covered
+     by the RSA patent while allowing storage and parsing of RSA keys and RSA
+     key generation.
+     [Steve Henson]
+
+  *) Non-copying interface to BIO pairs.
+     (still largely untested)
+     [Bodo Moeller]
+
+  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+     ASCII string. This was handled independently in various places before.
+     [Steve Henson]
+
+  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+     UTF8 strings a character at a time.
+     [Steve Henson]
+
+  *) Use client_version from client hello to select the protocol
+     (s23_srvr.c) and for RSA client key exchange verification
+     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+     [Bodo Moeller]
+
+  *) Add various utility functions to handle SPKACs, these were previously
+     handled by poking round in the structure internals. Added new function
+     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+     print, verify and generate SPKACs. Based on an original idea from
+     Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
+     [Steve Henson]
+
+  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+     [Andy Polyakov]
+
+  *) Allow the config file extension section to be overwritten on the
+     command line. Based on an original idea from Massimiliano Pala
+     <madwolf@comune.modena.it>. The new option is called -extensions
+     and can be applied to ca, req and x509. Also -reqexts to override
+     the request extensions in req and -crlexts to override the crl extensions
+     in ca.
+     [Steve Henson]
+
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
+  *) Allow certificate extensions to be added to certificate requests. These
+     are specified in a 'req_extensions' option of the req section of the
+     config file. They can be printed out with the -text option to req but
+     are otherwise ignored at present.
+     [Steve Henson]
+
+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+     data read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+
+  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+     a few extra parameters to the DH structure: these will be useful if
+     for example we want the value of 'q' or implement X9.42 DH.
+     [Steve Henson]
+
+  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+     provides hooks that allow the default DSA functions or functions on a
+     "per key" basis to be replaced. This allows hardware acceleration and
+     hardware key storage to be handled without major modification to the
+     library. Also added low level modexp hooks and CRYPTO_EX structure and 
+     associated functions.
+     [Steve Henson]
+
+  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+     as "read only": it can't be written to and the buffer it points to will
+     not be freed. Reading from a read only BIO is much more efficient than
+     a normal memory BIO. This was added because there are several times when
+     an area of memory needs to be read from a BIO. The previous method was
+     to create a memory BIO and write the data to it, this results in two
+     copies of the data and an O(n^2) reading algorithm. There is a new
+     function BIO_new_mem_buf() which creates a read only memory BIO from
+     an area of memory. Also modified the PKCS#7 routines to use read only
+     memory BIOs.
+     [Steve Henson]
+
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occurred while trying to read the rest.
+     [Bodo Moeller]
+
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
+
+  *) Initial support for certificate extension requests, these are included
+     in things like Xenroll certificate requests. Included functions to allow
+     extensions to be obtained and added.
+     [Steve Henson]
+
+  *) -crlf option to s_client and s_server for sending newlines as
+     CRLF (as required by many protocols).
+     [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+  
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]
+
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp.
+     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+     private key operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf Möller]
+
+  *) Add support for the the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work: 
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre@mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match. 
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler@authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names. 
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC@Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf Möller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf Möller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.  
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard@levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf Möller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+     
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj@void.si>, modified by Ulf Möller]
+
+  *) Support Mingw32.
+     [Ulf Möller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf Möller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+  
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf Möller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels@netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf Möller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf Möller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf Möller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code imbedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf Möller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf Möller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf Möller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils@medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf Möller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available cipers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf Möller]
+
+  *) Tweaks to Configure
+     [Niels Poppe <niels@netbox.org>]
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf Möller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf Möller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparison
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (separated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core@openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additionally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them), 
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were 
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.  
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+  
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a: 
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie@aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+  
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start adding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl 
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun@kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan@celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans@isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number 
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length constructed 
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documentation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+  
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree: 
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+ 
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested 
+     binary structures 
+     [Dr Stephen Henson <shenson@bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
+     bytes sent in the client random.
+     [Edward Bishop <ebishop@spyglass.com>]
+
diff --git a/openssl-1.1.0h/CONTRIBUTING b/openssl-1.1.0h/CONTRIBUTING
new file mode 100644
index 0000000..1eebaf3
--- /dev/null
+++ b/openssl-1.1.0h/CONTRIBUTING
@@ -0,0 +1,54 @@
+HOW TO CONTRIBUTE PATCHES TO OpenSSL
+------------------------------------
+
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+
+Development is coordinated on the openssl-dev mailing list (see the
+above link or https://mta.openssl.org for information on subscribing).
+If you are unsure as to whether a feature will be useful for the general
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first.  Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
+
+To submit a patch, make a pull request on GitHub.  If you think the patch
+could use feedback from the community, please start a thread on openssl-dev
+to discuss it.
+
+Having addressed the following items before the PR will help make the
+acceptance and review process faster:
+
+    1. Anything other than trivial contributions will require a contributor
+    licensing agreement, giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible; expect to have to rebase
+    often. We do not accept merge commits; You will be asked to remove
+    them before a patch is considered acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile without
+    warnings. Where gcc or clang is available you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.
+    Clean builds via Travis and AppVeyor are expected, and done whenever
+    a PR is created or updated.
+
+    5.  When at all possible, patches should include tests. These can
+    either be added to an existing test, or completely new.  Please see
+    test/README for information on the test framework.
+
+    6.  New features or changed functionality must include
+    documentation. Please look at the "pod" files in doc/apps, doc/crypto
+    and doc/ssl for examples of our style.
diff --git a/openssl-1.1.0h/Configurations/00-base-templates.conf b/openssl-1.1.0h/Configurations/00-base-templates.conf
new file mode 100644
index 0000000..3455b3a
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/00-base-templates.conf
@@ -0,0 +1,293 @@
+# -*- Mode: perl -*-
+%targets=(
+    DEFAULTS => {
+	template	=> 1,
+
+	cflags		=> "",
+	defines		=> [],
+	thread_scheme	=> "(unknown)", # Assume we don't know
+	thread_defines	=> [],
+
+	apps_aux_src	=> "",
+	cpuid_asm_src	=> "mem_clr.c",
+	uplink_aux_src	=> "",
+	bn_asm_src	=> "bn_asm.c",
+	ec_asm_src	=> "",
+	des_asm_src	=> "des_enc.c fcrypt_b.c",
+	aes_asm_src	=> "aes_core.c aes_cbc.c",
+	bf_asm_src	=> "bf_enc.c",
+	md5_asm_src	=> "",
+	cast_asm_src	=> "c_enc.c",
+	rc4_asm_src	=> "rc4_enc.c rc4_skey.c",
+	rmd160_asm_src	=> "",
+	rc5_asm_src	=> "rc5_enc.c",
+	wp_asm_src	=> "wp_block.c",
+	cmll_asm_src	=> "camellia.c cmll_misc.c cmll_cbc.c",
+	modes_asm_src	=> "",
+	padlock_asm_src	=> "",
+	chacha_asm_src	=> "chacha_enc.c",
+	poly1305_asm_src	=> "",
+
+	unistd		=> "<unistd.h>",
+	shared_target	=> "",
+	shared_cflag	=> "",
+	shared_defines	=> [],
+	shared_ldflag	=> "",
+	shared_rcflag	=> "",
+	shared_extension	=> "",
+
+        build_scheme    => [ "unified", "unix" ],
+        build_file      => "Makefile",
+    },
+
+    BASE_common => {
+	template	=> 1,
+	defines		=>
+	    sub {
+                my @defs = ();
+                push @defs, "ZLIB" unless $disabled{zlib};
+                push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
+                return [ @defs ];
+            },
+    },
+
+    BASE_unix => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        ex_libs         =>
+            sub {
+                unless ($disabled{zlib}) {
+                    if (defined($disabled{"zlib-dynamic"})) {
+                        if (defined($withargs{zlib_lib})) {
+                            return "-L".$withargs{zlib_lib}." -lz";
+                        } else {
+                            return "-lz";
+                        }
+                    }
+                }
+                return (); },
+
+        build_scheme    => [ "unified", "unix" ],
+        build_file      => "Makefile",
+    },
+
+    BASE_Windows => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        ex_libs         =>
+            sub {
+                unless ($disabled{zlib}) {
+                    if (defined($disabled{"zlib-dynamic"})) {
+                        return $withargs{zlib_lib} // "ZLIB1";
+                    }
+                }
+                return ();
+            },
+
+        ld              => "link",
+        lflags          => "/nologo",
+        loutflag        => "/out:",
+        ar              => "lib",
+        arflags         => "/nologo",
+        aroutflag       => "/out:",
+        rc               => "rc",
+        rcoutflag        => "/fo",
+        mt              => "mt",
+        mtflags         => "-nologo",
+        mtinflag        => "-manifest ",
+        mtoutflag       => "-outputresource:",
+
+        build_file      => "makefile",
+        build_scheme    => [ "unified", "windows" ],
+    },
+
+    BASE_VMS => {
+        inherit_from    => [ "BASE_common" ],
+        template        => 1,
+
+        build_file       => "descrip.mms",
+        build_scheme     => [ "unified", "VMS" ],
+    },
+
+    uplink_common => {
+	template	=> 1,
+	apps_aux_src	=> add("../ms/applink.c"),
+	uplink_aux_src	=> add("../ms/uplink.c"),
+	defines		=> add("OPENSSL_USE_APPLINK"),
+    },
+    x86_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86.s"),
+    },
+    x86_64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86_64.s"),
+    },
+    ia64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-ia64.s"),
+    },
+
+    x86_asm => {
+	template	=> 1,
+	cpuid_asm_src	=> "x86cpuid.s",
+	bn_asm_src	=> "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-x86.s",
+	des_asm_src	=> "des-586.s crypt586.s",
+	aes_asm_src	=> "aes-586.s vpaes-x86.s aesni-x86.s",
+	bf_asm_src	=> "bf-586.s",
+	md5_asm_src	=> "md5-586.s",
+	cast_asm_src	=> "cast-586.s",
+	sha1_asm_src	=> "sha1-586.s sha256-586.s sha512-586.s",
+	rc4_asm_src	=> "rc4-586.s",
+	rmd160_asm_src	=> "rmd-586.s",
+	rc5_asm_src	=> "rc5-586.s",
+	wp_asm_src	=> "wp_block.c wp-mmx.s",
+	cmll_asm_src	=> "cmll-x86.s",
+	modes_asm_src	=> "ghash-x86.s",
+	padlock_asm_src	=> "e_padlock-x86.s",
+	chacha_asm_src	=> "chacha-x86.s",
+	poly1305_asm_src=> "poly1305-x86.s",
+    },
+    x86_elf_asm => {
+	template	=> 1,
+	inherit_from	=> [ "x86_asm" ],
+	perlasm_scheme	=> "elf"
+    },
+    x86_64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "x86_64cpuid.s",
+	bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s",
+	aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+	md5_asm_src     => "md5-x86_64.s",
+	sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
+	rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
+	wp_asm_src      => "wp-x86_64.s",
+	cmll_asm_src    => "cmll-x86_64.s cmll_misc.c",
+	modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+	padlock_asm_src => "e_padlock-x86_64.s",
+	chacha_asm_src	=> "chacha-x86_64.s",
+	poly1305_asm_src=> "poly1305-x86_64.s",
+    },
+    ia64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ia64cpuid.s",
+	bn_asm_src      => "bn-ia64.s ia64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ia64.s",
+	md5_asm_src     => "md5-ia64.s",
+	sha1_asm_src    => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
+	rc4_asm_src     => "rc4-ia64.s rc4_skey.c",
+	modes_asm_src   => "ghash-ia64.s",
+	perlasm_scheme	=> "void"
+    },
+    sparcv9_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "sparcv9cap.c sparccpuid.S",
+	bn_asm_src      => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
+	md5_asm_src     => "md5-sparcv9.S",
+	sha1_asm_src    => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
+	cmll_asm_src    => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
+	modes_asm_src   => "ghash-sparcv9.S",
+	poly1305_asm_src=> "poly1305-sparcv9.S",
+	perlasm_scheme	=> "void"
+    },
+    sparcv8_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "",
+	bn_asm_src      => "asm/sparcv8.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c",
+	perlasm_scheme	=> "void"
+    },
+    alpha_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "alphacpuid.s",
+	bn_asm_src      => "bn_asm.c alpha-mont.S",
+	sha1_asm_src    => "sha1-alpha.S",
+	modes_asm_src   => "ghash-alpha.S",
+	perlasm_scheme	=> "void"
+    },
+    mips32_asm => {
+	template	=> 1,
+	bn_asm_src      => "bn-mips.s mips-mont.s",
+	aes_asm_src     => "aes_cbc.c aes-mips.S",
+	sha1_asm_src    => "sha1-mips.S sha256-mips.S",
+    },
+    mips64_asm => {
+	inherit_from	=> [ "mips32_asm" ],
+	template	=> 1,
+	sha1_asm_src    => add("sha512-mips.S"),
+	poly1305_asm_src=> "poly1305-mips.S",
+    },
+    s390x_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "s390xcap.c s390xcpuid.S",
+	bn_asm_src      => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
+	aes_asm_src     => "aes-s390x.S aes-ctr.fake aes-xts.fake",
+	sha1_asm_src    => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
+	rc4_asm_src     => "rc4-s390x.s",
+	modes_asm_src   => "ghash-s390x.S",
+	chacha_asm_src  => "chacha-s390x.S",
+	poly1305_asm_src=> "poly1305-s390x.S",
+    },
+    armv4_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c armv4cpuid.S",
+	bn_asm_src      => "bn_asm.c armv4-mont.S armv4-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv4.S",
+	aes_asm_src     => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
+	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
+	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv4.S",
+	poly1305_asm_src=> "poly1305-armv4.S", 
+	perlasm_scheme	=> "void"
+    },
+    aarch64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c arm64cpuid.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv8.S",
+	bn_asm_src      => "bn_asm.c armv8-mont.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
+	sha1_asm_src    => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
+	modes_asm_src   => "ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv8.S",
+	poly1305_asm_src=> "poly1305-armv8.S",
+    },
+    parisc11_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "pariscid.s",
+	bn_asm_src      => "bn_asm.c parisc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-parisc.s",
+	sha1_asm_src    => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
+	rc4_asm_src     => "rc4-parisc.s",
+	modes_asm_src   => "ghash-parisc.s",
+	perlasm_scheme	=> "32"
+    },
+    parisc20_64_asm => {
+	template	=> 1,
+	inherit_from	=> [ "parisc11_asm" ],
+	perlasm_scheme	=> "64",
+    },
+    ppc64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ppccpuid.s ppccap.c",
+	bn_asm_src      => "bn-ppc.s ppc-mont.s ppc64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
+	sha1_asm_src    => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
+	modes_asm_src   => "ghashp8-ppc.s",
+	chacha_asm_src	=> "chacha-ppc.s",
+	poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
+    },
+    ppc32_asm => {
+	inherit_from	=> [ "ppc64_asm" ],
+	template	=> 1
+    },
+);
diff --git a/openssl-1.1.0h/Configurations/10-main.conf b/openssl-1.1.0h/Configurations/10-main.conf
new file mode 100644
index 0000000..b49f04b
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/10-main.conf
@@ -0,0 +1,1884 @@
+## -*- mode: perl; -*-
+## Standard openssl configuration targets.
+
+# Helper functions for the Windows configs
+my $vc_win64a_info = {};
+sub vc_win64a_info {
+    unless (%$vc_win64a_info) {
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+            $vc_win64a_info = { as        => "nasm",
+                                asflags   => "-f win64 -DNEAR -Ox -g",
+                                asoutflag => "-o" };
+        } elsif ($disabled{asm}) {
+            $vc_win64a_info = { as        => "ml64",
+                                asflags   => "/c /Cp /Cx /Zi",
+                                asoutflag => "/Fo" };
+        } else {
+            $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
+            $vc_win64a_info = { as        => "{unknown}",
+                                asflags   => "",
+                                asoutflag => "" };
+        }
+    }
+    return $vc_win64a_info;
+}
+
+my $vc_win32_info = {};
+sub vc_win32_info {
+    unless (%$vc_win32_info) {
+        my $ver=`nasm -v 2>NUL`;
+        my $vew=`nasmw -v 2>NUL`;
+        if ($ver ne "" || $vew ne "") {
+            $vc_win32_info = { as        => $ver ge $vew ? "nasm" : "nasmw",
+                               asflags   => "-f win32",
+                               asoutflag => "-o",
+                               perlasm_scheme => "win32n" };
+        } elsif ($disabled{asm}) {
+            $vc_win32_info = { as        => "ml",
+                               asflags   => "/nologo /Cp /coff /c /Cx /Zi",
+                               asoutflag => "/Fo",
+                               perlasm_scheme => "win32" };
+        } else {
+            $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
+            $vc_win32_info = { as        => "{unknown}",
+                               asflags   => "",
+                               asoutflag => "",
+                               perlasm_scheme => "win32" };
+        }
+    }
+    return $vc_win32_info;
+}
+
+my $vc_wince_info = {};
+sub vc_wince_info {
+    unless (%$vc_wince_info) {
+        # sanity check
+        $die->('%OSVERSION% is not defined') if (!defined($ENV{'OSVERSION'}));
+        $die->('%PLATFORM% is not defined')  if (!defined($ENV{'PLATFORM'}));
+        $die->('%TARGETCPU% is not defined') if (!defined($ENV{'TARGETCPU'}));
+
+        #
+        # Idea behind this is to mimic flags set by eVC++ IDE...
+        #
+        my $wcevers = $ENV{'OSVERSION'};                    # WCENNN
+	my $wcevernum;
+	my $wceverdotnum;
+	if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) {
+	    $wcevernum = "$1$2";
+	    $wceverdotnum = "$1.$2";
+	} else {
+	    $die->('%OSVERSION% value is insane');
+	    $wcevernum = "{unknown}";
+	    $wceverdotnum = "{unknown}";
+	}
+        my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN
+        my $wcelflag = "/subsystem:windowsce,$wceverdotnum";        # ...,N.NN
+
+        my $wceplatf =  $ENV{'PLATFORM'};
+
+        $wceplatf =~ tr/a-z0-9 /A-Z0-9_/;
+        $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
+
+        my $wcetgt = $ENV{'TARGETCPU'};                     # just shorter name...
+      SWITCH: for($wcetgt) {
+          /^X86/        && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
+                                $wcelflag.=" /machine:X86";     last; };
+          /^ARMV4[IT]/  && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
+                                $wcecdefs.=" -QRarch4T -QRinterwork-return";
+                                $wcelflag.=" /machine:THUMB";   last; };
+          /^ARM/        && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcelflag.=" /machine:ARM";     last; };
+          /^MIPSIV/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
+                                $wcelflag.=" /machine:MIPSFPU"; last; };
+          /^MIPS16/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -DMIPSII -QMmips16";
+                                $wcelflag.=" /machine:MIPS16";  last; };
+          /^MIPSII/     && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -QMmips2";
+                                $wcelflag.=" /machine:MIPS";    last; };
+          /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
+                                $wcelflag.=" /machine:MIPS";    last; };
+          /^SH[0-9]/    && do { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_ -DSHx";
+                                $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
+                                $wcelflag.=" /machine:$wcetgt"; last; };
+          { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_";
+            $wcelflag.=" /machine:$wcetgt";                     last; };
+      }
+
+        $vc_wince_info = { cflags => $wcecdefs,
+                           lflags => $wcelflag };
+    }
+    return $vc_wince_info;
+}
+
+# Helper functions for the VMS configs
+my $vms_info = {};
+sub vms_info {
+    unless (%$vms_info) {
+        my $pointer_size = shift;
+        my $pointer_size_str = $pointer_size == 0 ? "" : "$pointer_size";
+
+        $vms_info->{disable_warns} = [ ];
+        $vms_info->{pointer_size} = $pointer_size_str;
+        if ($pointer_size == 64) {
+            `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`;
+            if ($? == 0) {
+                push @{$vms_info->{disable_warns}}, "MAYLOSEDATA3";
+            }
+        }
+
+        unless ($disabled{zlib}) {
+            my $default_zlib = 'GNV$LIBZSHR' . $pointer_size_str;
+            if (defined($disabled{"zlib-dynamic"})) {
+                $vms_info->{zlib} = $withargs{zlib_lib} || "$default_zlib/SHARE";
+            } else {
+                $vms_info->{def_zlib} = $withargs{zlib_lib} || $default_zlib;
+                # In case the --with-zlib-lib value contains something like
+                # /SHARE or /LIB or so at the end, remove it.
+                $vms_info->{def_zlib} =~ s|/.*$||g;
+            }
+        }
+    }
+    return $vms_info;
+}
+
+%targets = (
+
+#### Basic configs that should work on any 32-bit box
+    "gcc" => {
+        cc               => "gcc",
+        cflags           => picker(debug   => "-O0 -g",
+                                   release => "-O3"),
+        thread_scheme    => "(unknown)",
+        bn_ops           => "BN_LLONG",
+    },
+    "cc" => {
+        cc               => "cc",
+        cflags           => "-O",
+        thread_scheme    => "(unknown)",
+    },
+
+#### VOS Configurations
+    "vos-gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "gcc",
+        cflags           => picker(default => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN",
+                                   debug   => "-O0 -g",
+                                   release => "-O3"),
+        thread_scheme    => "(unknown)",
+        sys_id           => "VOS",
+        lflags           => "-Wl,-map",
+        bn_ops           => "BN_LLONG",
+        shared_extension => ".so",
+    },
+
+#### Solaris configurations
+    "solaris-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        cflags           => "-DFILIO_H",
+        ex_libs          => add("-lsocket -lnsl -ldl"),
+        dso_scheme       => "dlfcn",
+        thread_scheme    => "pthreads",
+        shared_target    => "solaris-shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+#### Solaris x86 with GNU C setups
+    "solaris-x86-gcc" => {
+        # NB. GNU C has to be configured to use GNU assembler, and not
+        # /usr/ccs/bin/as. Failure to comply will result in compile
+        # failures [at least] in 32-bit build.
+        # [Above statement is in direct contradition with one below.
+        #  Latter is kept, because it's formally inappropriate to
+        #  modify compile flags in letter release.]
+        # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have
+        # to do it here because whenever GNU C instantiates an assembler
+        # template it surrounds it with #APP #NO_APP comment pair which
+        # (at least Solaris 7_x86) /usr/ccs/bin/as fails to assemble
+        # with "Illegal mnemonic" error message.
+        inherit_from     => [ "solaris-common", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => add_before(picker(default => "-Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM",
+                                              debug   => "-O0 -g",
+                                              release => "-O3 -fomit-frame-pointer"),
+                                       threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared -static-libgcc",
+    },
+    "solaris64-x86_64-gcc" => {
+        # -shared -static-libgcc might appear controversial, but modules
+        # taken from static libgcc do not have relocations and linking
+        # them into our shared objects doesn't have any negative side
+        # effects. On the contrary, doing so makes it possible to use
+        # gcc shared build with Sun C. Given that gcc generates faster
+        # code [thanks to inline assembler], I would actually recommend
+        # to consider using gcc shared build even with vendor compiler:-)
+        #					<appro@fy.chalmers.se>
+        inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
+        cc               => "gcc",
+        cflags           => add_before(picker(default => "-m64 -Wall -DL_ENDIAN",
+                                              debug   => "-O0 -g",
+                                              release => "-O3"),
+                                       threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-m64 -shared -static-libgcc",
+        multilib         => "/64",
+    },
+
+#### Solaris x86 with Sun C setups
+    # There used to be solaris-x86-cc target, but it was removed,
+    # primarily because vendor assembler can't assemble our modules
+    # with -KPIC flag. As result it, assembly support, was not even
+    # available as option. But its lack means lack of side-channel
+    # resistant code, which is incompatible with security by todays
+    # standards. Fortunately gcc is readily available prepackaged
+    # option, which we can firmly point at...
+    #
+    # On related note, solaris64-x86_64-cc target won't compile code
+    # paths utilizing AVX and post-Haswell instruction extensions.
+    # Consider switching to solaris64-x86_64-gcc even here...
+    #
+    "solaris64-x86_64-cc" => {
+        inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
+        cc               => "cc",
+        cflags           => add_before(picker(default => "-xarch=generic64 -xstrconst -Xa -DL_ENDIAN",
+                                              debug   => "-g",
+                                              release => "-xO5 -xdepend -xbuiltin"),
+                                       threads("-D_REENTRANT")),
+        thread_scheme    => "pthreads",
+        lflags           => add("-xarch=generic64",threads("-mt")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        shared_cflag     => "-KPIC",
+        shared_ldflag    => "-xarch=generic64 -G -dy -z text",
+        multilib         => "/64",
+    },
+
+#### SPARC Solaris with GNU C setups
+    "solaris-sparcv7-gcc" => {
+        inherit_from     => [ "solaris-common" ],
+        cc               => "gcc",
+        cflags           => add_before(picker(default => "-Wall -DB_ENDIAN -DBN_DIV2W",
+                                              debug   => "-O0 -g",
+                                              release => "-O3"),
+                                       threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+    },
+    "solaris-sparcv8-gcc" => {
+        inherit_from     => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ],
+        cflags           => add_before("-mcpu=v8"),
+    },
+    "solaris-sparcv9-gcc" => {
+        # -m32 should be safe to add as long as driver recognizes
+        # -mcpu=ultrasparc
+        inherit_from     => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ],
+        cflags           => add_before("-m32 -mcpu=ultrasparc"),
+    },
+    "solaris64-sparcv9-gcc" => {
+        inherit_from     => [ "solaris-sparcv9-gcc" ],
+        cflags           => sub { my $f=join(" ",@_); $f =~ s/\-m32/-m64/; $f; },
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_ldflag    => "-m64 -shared",
+        multilib         => "/64",
+    },
+
+#### SPARC Solaris with Sun C setups
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+    "solaris-sparcv7-cc" => {
+        inherit_from     => [ "solaris-common" ],
+        cc               => "cc",
+        cflags           => add_before(picker(default => "-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W",
+                                              debug   => "-g",
+                                              release => "-xO5 -xdepend"),
+                                       threads("-D_REENTRANT")),
+        lflags           => add(threads("-mt")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_cflag     => "-KPIC",
+        shared_ldflag    => "-G -dy -z text",
+    },
+####
+    "solaris-sparcv8-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv8_asm") ],
+        cflags           => add_before("-xarch=v8"),
+    },
+    "solaris-sparcv9-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+        cflags           => add_before("-xarch=v8plus"),
+    },
+    "solaris64-sparcv9-cc" => {
+        inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
+        cflags           => add_before("-xarch=v9"),
+        lflags           => add_before("-xarch=v9"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_ldflag    => "-xarch=v9 -G -dy -z text",
+        multilib         => "/64",
+    },
+
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported.
+    "irix-mips3-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("mips64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W",
+                                           debug   => "-g -O0",
+                                           release => "-O3"),
+                                    threads("-D_SGI_MP_SOURCE")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "n32",
+        dso_scheme       => "dlfcn",
+        shared_target    => "irix-shared",
+        shared_ldflag    => "-mabi=n32",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "32",
+    },
+    "irix-mips3-cc" => {
+        inherit_from     => [ "BASE_unix", asm("mips64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+                                           debug   => "-g -O0",
+                                           release => "-O2"),
+                                    threads("-D_SGI_MP_SOURCE")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "n32",
+        dso_scheme       => "dlfcn",
+        shared_target    => "irix-shared",
+        shared_ldflag    => "-n32",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "32",
+    },
+    # N64 ABI builds.
+    "irix64-mips4-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("mips64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-mabi=64 -mips4 -DB_ENDIAN -DBN_DIV3W",
+                                           debug   => "-g -O0",
+                                           release => "-O3"),
+                                    threads("-D_SGI_MP_SOURCE")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "irix-shared",
+        shared_ldflag    => "-mabi=64",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "64",
+    },
+    "irix64-mips4-cc" => {
+        inherit_from     => [ "BASE_unix", asm("mips64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-64 -mips4 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W",
+                                           debug   => "-g -O0",
+                                           release => "-O2"),
+                                    threads("-D_SGI_MP_SOURCE")),
+        ex_libs          => add(threads("-lpthread")),
+        bn_ops           => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "irix-shared",
+        shared_ldflag    => "-64",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "64",
+    },
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+#   that the only difference between +O3 and +O4 is global inter-
+#   procedural analysis. As it has to be performed during the link
+#   stage the compiler leaves behind certain pseudo-code in lib*.a
+#   which might be release or even patch level specific. Generating
+#   the machine code for and analyzing the *whole* program appears
+#   to be *extremely* memory demanding while the performance gain is
+#   actually questionable. The situation is intensified by the default
+#   HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+#   which is way too low for +O4. In other words, doesn't +O3 make
+#   more sense?
+# - Keep in mind that the HP compiler by default generates code
+#   suitable for execution on the host you're currently compiling at.
+#   If the toolkit is meant to be used on various PA-RISC processors
+#   consider './Configure hpux-parisc-[g]cc +DAportable'.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+#   32-bit message digests. (For the moment of this writing) HP C
+#   doesn't seem to "digest" too many local variables (they make "him"
+#   chew forever:-). For more details look-up MD32_XARRAY comment in
+#   crypto/sha/sha_lcl.h.
+# - originally there were 32-bit hpux-parisc2-* targets. They were
+#   scrapped, because a) they were not interchangeable with other 32-bit
+#   targets; b) performance-critical 32-bit assembly modules implement
+#   even PA-RISC 2.0-specific code paths, which are chosen at run-time,
+#   thus adequate performance is provided even with PA-RISC 1.1 build.
+#					<appro@fy.chalmers.se>
+    "hpux-parisc-gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-pthread")),
+        ex_libs          => add("-Wl,+s -ldld", threads("-pthread")),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dl",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+        shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "hpux-parisc1_1-gcc" => {
+        inherit_from     => [ "hpux-parisc-gcc", asm("parisc11_asm") ],
+        multilib         => "/pa1.1",
+    },
+    "hpux64-parisc2-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("parisc20_64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DB_ENDIAN",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-ldl"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => "-shared",
+        shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/pa20_64",
+    },
+
+    # More attempts at unified 10.X and 11.X targets for HP C compiler.
+    #
+    # Chris Ruemmler <ruemmler@cup.hp.com>
+    # Kevin Steves <ks@hp.se>
+    "hpux-parisc-cc" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY",
+                                           debug   => "+O0 +d -g",
+                                           release => "+O3"),
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-Wl,+s -ldld",threads("-lpthread")),
+        bn_ops           => "RC4_CHAR",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dl",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "+Z",
+        shared_ldflag    => "-b",
+        shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "hpux-parisc1_1-cc" => {
+        inherit_from     => [ "hpux-parisc-cc", asm("parisc11_asm") ],
+        cflags           => add_before("+DA1.1"),
+        multilib         => "/pa1.1",
+    },
+    "hpux64-parisc2-cc" => {
+        inherit_from     => [ "BASE_unix", asm("parisc20_64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY",
+                                           debug   => "+O0 +d -g",
+                                           release => "+O3"),
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-ldl",threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "+Z",
+        shared_ldflag    => "+DD64 -b",
+        shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/pa20_64",
+    },
+
+    # HP/UX IA-64 targets
+    "hpux-ia64-cc" => {
+        inherit_from     => [ "BASE_unix", asm("ia64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN",
+                                           debug   => "+O0 +d -g",
+                                           release => "+O2"),
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-ldl",threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "+Z",
+        shared_ldflag    => "+DD32 -b",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/hpux32",
+    },
+    # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted
+    # with debugging of the following config.
+    "hpux64-ia64-cc" => {
+        inherit_from     => [ "BASE_unix", asm("ia64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN",
+                                           debug   => "+O0 +d -g",
+                                           release => "+O3"),
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-ldl", threads("-lpthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "+Z",
+        shared_ldflag    => "+DD64 -b",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/hpux64",
+    },
+    # GCC builds...
+    "hpux-ia64-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("ia64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DB_ENDIAN",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => "-shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/hpux32",
+    },
+    "hpux64-ia64-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("ia64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-mlp64 -DB_ENDIAN",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "hpux-shared",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => "-mlp64 -shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "/hpux64",
+    },
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+    "MPE/iX-gcc" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "gcc",
+        cflags           => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB",
+        sys_id           => "MPE",
+        ex_libs          => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"),
+        thread_scheme    => "(unknown)",
+        bn_ops           => "BN_LLONG",
+    },
+
+#### DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4
+#### and forward. In reality 'uname -s' still returns "OSF1". Originally
+#### there were even osf1-* configs targeting prior versions provided,
+#### but not anymore...
+    "tru64-alpha-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("alpha_asm") ],
+        cc               => "gcc",
+        cflags           => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
+                                    threads("-pthread")),
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "alpha-osf1-shared",
+        shared_extension => ".so",
+    },
+    "tru64-alpha-cc" => {
+        inherit_from     => [ "BASE_unix", asm("alpha_asm") ],
+        cc               => "cc",
+        cflags           => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
+                                    threads("-pthread")),
+        ex_libs          => add("-lrt", threads("-pthread")), # for mlock(2)
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "alpha-osf1-shared",
+        shared_ldflag    => "-msym",
+        shared_extension => ".so",
+    },
+
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+    "linux-generic32" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-Wall",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC -DOPENSSL_USE_NODELETE",
+        shared_ldflag    => "-Wl,-znodelete",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "linux-generic64" => {
+        inherit_from     => [ "linux-generic32" ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+    },
+
+    "linux-ppc" => {
+        inherit_from     => [ "linux-generic32", asm("ppc32_asm") ],
+        perlasm_scheme   => "linux32",
+    },
+    "linux-ppc64" => {
+        inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
+        cflags           => add("-m64 -DB_ENDIAN"),
+        perlasm_scheme   => "linux64",
+        shared_ldflag    => add("-m64"),
+        multilib         => "64",
+    },
+    "linux-ppc64le" => {
+        inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
+        cflags           => add("-m64 -DL_ENDIAN"),
+        perlasm_scheme   => "linux64le",
+        shared_ldflag    => add("-m64"),
+    },
+
+    "linux-armv4" => {
+        ################################################################
+        # Note that -march is not among compiler options in linux-armv4
+        # target description. Not specifying one is intentional to give
+        # you choice to:
+        #
+        # a) rely on your compiler default by not specifying one;
+        # b) specify your target platform explicitly for optimal
+        # performance, e.g. -march=armv6 or -march=armv7-a;
+        # c) build "universal" binary that targets *range* of platforms
+        # by specifying minimum and maximum supported architecture;
+        #
+        # As for c) option. It actually makes no sense to specify
+        # maximum to be less than ARMv7, because it's the least
+        # requirement for run-time switch between platform-specific
+        # code paths. And without run-time switch performance would be
+        # equivalent to one for minimum. Secondly, there are some
+        # natural limitations that you'd have to accept and respect.
+        # Most notably you can *not* build "universal" binary for
+        # big-endian platform. This is because ARMv7 processor always
+        # picks instructions in little-endian order. Another similar
+        # limitation is that -mthumb can't "cross" -march=armv6t2
+        # boundary, because that's where it became Thumb-2. Well, this
+        # limitation is a bit artificial, because it's not really
+        # impossible, but it's deemed too tricky to support. And of
+        # course you have to be sure that your binutils are actually
+        # up to the task of handling maximum target platform. With all
+        # this in mind here is an example of how to configure
+        # "universal" build:
+        #
+        # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+        #
+        inherit_from     => [ "linux-generic32", asm("armv4_asm") ],
+        perlasm_scheme   => "linux32",
+    },
+    "linux-aarch64" => {
+        inherit_from     => [ "linux-generic64", asm("aarch64_asm") ],
+        perlasm_scheme   => "linux64",
+    },
+    "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
+        inherit_from     => [ "linux-generic32", asm("aarch64_asm") ],
+        cflags           => add("-mabi=ilp32"),
+        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        perlasm_scheme   => "linux64",
+        shared_ldflag    => add("-mabi=ilp32"),
+    },
+
+    "linux-mips32" => {
+        # Configure script adds minimally required -march for assembly
+        # support, if no -march was specified at command line.
+        inherit_from     => [ "linux-generic32", asm("mips32_asm") ],
+        cflags           => add("-mabi=32 -DBN_DIV3W"),
+        perlasm_scheme   => "o32",
+        shared_ldflag    => add("-mabi=32"),
+    },
+    # mips32 and mips64 below refer to contemporary MIPS Architecture
+    # specifications, MIPS32 and MIPS64, rather than to kernel bitness.
+    "linux-mips64" => {
+        inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
+        cflags           => add("-mabi=n32 -DBN_DIV3W"),
+        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        perlasm_scheme   => "n32",
+        shared_ldflag    => add("-mabi=n32"),
+        multilib         => "32",
+    },
+    "linux64-mips64" => {
+        inherit_from     => [ "linux-generic64", asm("mips64_asm") ],
+        cflags           => add("-mabi=64 -DBN_DIV3W"),
+        perlasm_scheme   => "64",
+        shared_ldflag    => add("-mabi=64"),
+        multilib         => "64",
+    },
+
+    #### IA-32 targets...
+    #### These two targets are a bit aged and are to be used on older Linux
+    #### machines where gcc doesn't understand -m32 and -m64
+    "linux-elf" => {
+        inherit_from     => [ "linux-generic32", asm("x86_elf_asm") ],
+        cflags           => add(picker(default => "-DL_ENDIAN",
+                                       release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+    },
+    "linux-aout" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm") ],
+        cc               => "gcc",
+        cflags           => add(picker(default => "-DL_ENDIAN -Wall",
+                                       debug   => "-O0 -g",
+                                       release => "-O3 -fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "a.out",
+    },
+
+    #### X86 / X86_64 targets
+    "linux-x86" => {
+        inherit_from     => [ "linux-generic32", asm("x86_asm") ],
+        cflags           => add(picker(default => "-m32 -DL_ENDIAN",
+                                       release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "elf",
+        shared_ldflag    => add("-m32"),
+    },
+    "linux-x86-clang" => {
+        inherit_from     => [ "linux-x86" ],
+        cc               => "clang",
+        cxx              => "clang++",
+        cflags           => add("-Wextra -Qunused-arguments"),
+    },
+    "linux-x86_64" => {
+        inherit_from     => [ "linux-generic64", asm("x86_64_asm") ],
+        cflags           => add("-m64 -DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+        shared_ldflag    => add("-m64"),
+        multilib         => "64",
+    },
+    "linux-x86_64-clang" => {
+        inherit_from     => [ "linux-x86_64" ],
+        cc               => "clang",
+        cflags           => add("-Wextra -Qunused-arguments"),
+    },
+    "linux-x32" => {
+        inherit_from     => [ "linux-generic32", asm("x86_64_asm") ],
+        cflags           => add("-mx32 -DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT",
+        perlasm_scheme   => "elf32",
+        shared_ldflag    => add("-mx32"),
+        multilib         => "x32",
+    },
+
+    "linux-ia64" => {
+        inherit_from     => [ "linux-generic64", asm("ia64_asm") ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "linux64-s390x" => {
+        inherit_from     => [ "linux-generic64", asm("s390x_asm") ],
+        cflags           => add("-m64 -DB_ENDIAN"),
+        perlasm_scheme   => "64",
+        shared_ldflag    => add("-m64"),
+        multilib         => "64",
+    },
+    "linux32-s390x" => {
+        #### So called "highgprs" target for z/Architecture CPUs
+        # "Highgprs" is kernel feature first implemented in Linux
+        # 2.6.32, see /proc/cpuinfo. The idea is to preserve most
+        # significant bits of general purpose registers not only
+        # upon 32-bit process context switch, but even on
+        # asynchronous signal delivery to such process. This makes
+        # it possible to deploy 64-bit instructions even in legacy
+        # application context and achieve better [or should we say
+        # adequate] performance. The build is binary compatible with
+        # linux-generic32, and the idea is to be able to install the
+        # resulting libcrypto.so alongside generic one, e.g. as
+        # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time
+        # linker to autodiscover. Unfortunately it doesn't work just
+        # yet, because of couple of bugs in glibc
+        # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+        #
+        inherit_from     => [ "linux-generic32", asm("s390x_asm") ],
+        cflags           => add("-m31 -Wa,-mzarch -DB_ENDIAN"),
+        bn_asm_src       => sub { my $r=join(" ",@_); $r=~s|asm/s390x\.S|bn_asm.c|; $r; },
+        perlasm_scheme   => "31",
+        shared_ldflag    => add("-m31"),
+        multilib         => "/highgprs",
+    },
+
+    #### SPARC Linux setups
+    # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has
+    # patiently assisted with debugging of following two configs.
+    "linux-sparcv8" => {
+        inherit_from     => [ "linux-generic32", asm("sparcv8_asm") ],
+        cflags           => add("-mcpu=v8 -DB_ENDIAN -DBN_DIV2W"),
+    },
+    "linux-sparcv9" => {
+        # it's a real mess with -mcpu=ultrasparc option under Linux,
+        # but -Wa,-Av8plus should do the trick no matter what.
+        inherit_from     => [ "linux-generic32", asm("sparcv9_asm") ],
+        cflags           => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W"),
+        shared_ldflag    => add("-m32"),
+    },
+    "linux64-sparcv9" => {
+        # GCC 3.1 is a requirement
+        inherit_from     => [ "linux-generic64", asm("sparcv9_asm") ],
+        cflags           => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        shared_ldflag    => add("-m64"),
+        multilib         => "64",
+    },
+
+    "linux-alpha-gcc" => {
+        inherit_from     => [ "linux-generic64", asm("alpha_asm") ],
+        cflags           => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+    "linux-c64xplus" => {
+        inherit_from     => [ "BASE_unix" ],
+        # TI_CGT_C6000_7.3.x is a requirement
+        cc               => "cl6x",
+        cflags           => combine("--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT",
+                                    threads("-D_REENTRANT")),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "c64xpluscpuid.s",
+        bn_asm_src       => "asm/bn-c64xplus.asm c64xplus-gf2m.s",
+        aes_asm_src      => "aes-c64xplus.s aes_cbc.c aes-ctr.fake",
+        sha1_asm_src     => "sha1-c64xplus.s sha256-c64xplus.s sha512-c64xplus.s",
+        rc4_asm_src      => "rc4-c64xplus.s",
+        modes_asm_src    => "ghash-c64xplus.s",
+        chacha_asm_src   => "chacha-c64xplus.s",
+        poly1305_asm_src => "poly1305-c64xplus.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "void",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "--pic",
+        shared_ldflag    => add("-z --sysv --shared"),
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        ranlib           => "true",
+    },
+
+#### Android: linux-* but without pointers to headers and libs.
+    #
+    # It takes pair of prior-set environment variables to make it work:
+    #
+    # CROSS_SYSROOT=/some/where/android-ndk-<ver>/platforms/android-<apiver>/arch-<arch>
+    # CROSS_COMPILE=<prefix>
+    #
+    # As well as PATH adjusted to cover ${CROSS_COMPILE}gcc and company.
+    # For example to compile for ICS and ARM with NDK 10d, you'd:
+    #
+    # ANDROID_NDK=/some/where/android-ndk-10d
+    # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
+    # CROSS_COMPILE=arm-linux-androideabi-
+    # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
+    #
+    "android" => {
+        inherit_from     => [ "linux-generic32" ],
+        # Special note about unconditional -fPIC and -pie. The underlying
+        # reason is that Lollipop refuses to run non-PIE. But what about
+        # older systems and NDKs? -fPIC was never problem, so the only
+        # concern is -pie. Older toolchains, e.g. r4, appear to handle it
+        # and binaries turn mostly functional. "Mostly" means that oldest
+        # Androids, such as Froyo, fail to handle executable, but newer
+        # systems are perfectly capable of executing binaries targeting
+        # Froyo. Keep in mind that in the nutshell Android builds are
+        # about JNI, i.e. shared libraries, not applications.
+        cflags           => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")),
+        bin_cflags       => "-pie",
+    },
+    "android-x86" => {
+        inherit_from     => [ "android", asm("x86_asm") ],
+        cflags           => add(picker(release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "android",
+    },
+    ################################################################
+    # Contemporary Android applications can provide multiple JNI
+    # providers in .apk, targeting multiple architectures. Among
+    # them there is "place" for two ARM flavours: generic eabi and
+    # armv7-a/hard-float. However, it should be noted that OpenSSL's
+    # ability to engage NEON is not constrained by ABI choice, nor
+    # is your ability to call OpenSSL from your application code
+    # compiled with floating-point ABI other than default 'soft'.
+    # [Latter thanks to __attribute__((pcs("aapcs"))) declaration.]
+    # This means that choice of ARM libraries you provide in .apk
+    # is driven by application needs. For example if application
+    # itself benefits from NEON or is floating-point intensive, then
+    # it might be appropriate to provide both libraries. Otherwise
+    # just generic eabi would do. But in latter case it would be
+    # appropriate to
+    #
+    #   ./Configure android-armeabi -D__ARM_MAX_ARCH__=8
+    #
+    # in order to build "universal" binary and allow OpenSSL take
+    # advantage of NEON when it's available.
+    #
+    "android-armeabi" => {
+        inherit_from     => [ "android", asm("armv4_asm") ],
+    },
+    "android-mips" => {
+        inherit_from     => [ "android", asm("mips32_asm") ],
+        perlasm_scheme   => "o32",
+    },
+
+    "android64" => {
+        inherit_from     => [ "linux-generic64" ],
+        cflags           => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")),
+        bin_cflags       => "-pie",
+    },
+    "android64-aarch64" => {
+        inherit_from     => [ "android64", asm("aarch64_asm") ],
+        perlasm_scheme   => "linux64",
+    },
+
+#### *BSD
+    "BSD-generic32" => {
+        # As for thread cflag. Idea is to maintain "collective" set of
+        # flags, which would cover all BSD flavors. -pthread applies
+        # to them all, but is treated differently. OpenBSD expands is
+        # as -D_POSIX_THREAD -lc_r, which is sufficient. FreeBSD 4.x
+        # expands it as -lc_r, which has to be accompanied by explicit
+        # -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x
+        # expands it as -lc_r, which seems to be sufficient?
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-Wall",
+                                           debug   => "-O0 -g",
+                                           release => "-O3"),
+                                    threads("-pthread -D_THREAD_SAFE -D_REENTRANT")),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "BSD-generic64" => {
+        inherit_from     => [ "BSD-generic32" ],
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "BSD-x86" => {
+        inherit_from     => [ "BSD-generic32", asm("x86_asm") ],
+        cflags           => add(picker(default => "-DL_ENDIAN",
+                                       release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+        shared_target    => "bsd-shared",
+        perlasm_scheme   => "a.out",
+    },
+    "BSD-x86-elf" => {
+        inherit_from     => [ "BSD-x86" ],
+        perlasm_scheme   => "elf",
+    },
+
+    "BSD-sparcv8" => {
+        inherit_from     => [ "BSD-generic32", asm("sparcv8_asm") ],
+        cflags           => add("-mcpu=v8 -DB_ENDIAN"),
+    },
+    "BSD-sparc64" => {
+        # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+        # simply *happens* to work around a compiler bug in gcc 3.3.3,
+        # triggered by RIPEMD160 code.
+        inherit_from     => [ "BSD-generic64", asm("sparcv9_asm") ],
+        cflags           => add("-DB_ENDIAN -DMD32_REG_T=int"),
+        bn_ops           => "BN_LLONG",
+    },
+
+    "BSD-ia64" => {
+        inherit_from     => [ "BSD-generic64", asm("ia64_asm") ],
+        cflags           => add_before("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+
+    "BSD-x86_64" => {
+        inherit_from     => [ "BSD-generic64", asm("x86_64_asm") ],
+        cflags           => add_before("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "elf",
+    },
+
+    "bsdi-elf-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -Wall",
+        ex_libs          => add("-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+
+    "nextstep" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => "-O -Wall",
+        unistd           => "<libc.h>",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+    },
+    "nextstep3.3" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => "-O3 -Wall",
+        unistd           => "<libc.h>",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+    },
+
+# QNX
+    "qnx4" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => "-DL_ENDIAN -DTERMIO",
+        thread_scheme    => "(unknown)",
+    },
+    "QNX6" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "gcc",
+        ex_libs          => add("-lsocket"),
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "QNX6-i386" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => "-DL_ENDIAN -O2 -Wall",
+        ex_libs          => add("-lsocket"),
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+
+#### SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
+# patiently assisted to debug most of it.
+#
+# UnixWare 2.0x fails destest with -O.
+    "unixware-2.0" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => combine("-DFILIO_H -DNO_STRINGS_H",
+                                    threads("-Kthread")),
+        ex_libs          => add("-lsocket -lnsl -lresolv -lx"),
+        thread_scheme    => "uithreads",
+    },
+    "unixware-2.1" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => combine("-O -DFILIO_H",
+                                    threads("-Kthread")),
+        ex_libs          => add("-lsocket -lnsl -lresolv -lx"),
+        thread_scheme    => "uithreads",
+    },
+    "unixware-7" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "cc",
+        cflags           => combine("-O -DFILIO_H -Kalloca",
+                                    threads("-Kthread")),
+        ex_libs          => add("-lsocket -lnsl"),
+        thread_scheme    => "uithreads",
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr5-shared",
+        shared_cflag     => "-Kpic",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "unixware-7-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "gnu-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
+    "sco5-cc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "cc",
+        cflags           => "-belf",
+        ex_libs          => add("-lsocket -lnsl"),
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr3-shared",
+        shared_cflag     => "-Kpic",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "sco5-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => "-O3 -fomit-frame-pointer",
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "(unknown)",
+        perlasm_scheme   => "elf-1",
+        dso_scheme       => "dlfcn",
+        shared_target    => "svr3-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+
+#### IBM's AIX.
+    # Below targets assume AIX >=5. Caveat lector. If you are accustomed
+    # to control compilation "bitness" by setting $OBJECT_MODE environment
+    # variable, then you should know that in OpenSSL case it's considered
+    # only in ./config. Once configured, build procedure remains "deaf" to
+    # current value of $OBJECT_MODE.
+    "aix-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("ppc32_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DB_ENDIAN",
+                                           debug   => "-O0 -g",
+                                           release => "-O"),
+                                    threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        sys_id           => "AIX",
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "aix32",
+        dso_scheme       => "dlfcn",
+        shared_target    => "aix-shared",
+        shared_ldflag    => "-shared -static-libgcc -Wl,-G",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        arflags          => "-X32",
+    },
+    "aix64-gcc" => {
+        inherit_from     => [ "BASE_unix", asm("ppc64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-maix64 -DB_ENDIAN",
+                                           debug   => "-O0 -g",
+                                           release => "-O"),
+                                    threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        sys_id           => "AIX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "aix64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "aix-shared",
+        shared_ldflag    => "-maix64 -shared -static-libgcc -Wl,-G",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        arflags          => "-X64",
+    },
+    "aix-cc" => {
+        inherit_from     => [ "BASE_unix", asm("ppc32_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-q32 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+                                           debug   => "-O0 -g",
+                                           release => "-O"),
+                                    threads("-qthreaded -D_THREAD_SAFE")),
+        sys_id           => "AIX",
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        ex_libs          => threads("-lpthreads"),
+        perlasm_scheme   => "aix32",
+        dso_scheme       => "dlfcn",
+        shared_target    => "aix-shared",
+        shared_ldflag    => "-q32 -G",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        arflags          => "-X 32",
+    },
+    "aix64-cc" => {
+        inherit_from     => [ "BASE_unix", asm("ppc64_asm") ],
+        cc               => "cc",
+        cflags           => combine(picker(default => "-q64 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst",
+                                           debug   => "-O0 -g",
+                                           release => "-O"),
+                                    threads("-qthreaded -D_THREAD_SAFE")),
+        sys_id           => "AIX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        ex_libs          => threads("-lpthreads"),
+        perlasm_scheme   => "aix64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "aix-shared",
+        shared_ldflag    => "-q64 -G",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        arflags          => "-X 64",
+    },
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+    "BS2000-OSD" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "c89",
+        cflags           => "-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC",
+        ex_libs          => add("-lsocket -lnsl"),
+        bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
+        thread_scheme    => "(unknown)",
+    },
+
+#### Visual C targets
+#
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+#
+# Note about -wd4090, disable warning C4090. This warning returns false
+# positives in some situations. Disabling it altogether masks both
+# legitimate and false cases, but as we compile on multiple platforms,
+# we rely on other compilers to catch legitimate cases.
+#
+# Also note that we force threads no matter what.  Configuring "no-threads"
+# is ignored.
+    "VC-common" => {
+        inherit_from     => [ "BASE_Windows" ],
+        template         => 1,
+        cc               => "cl",
+        cflags           => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE",
+        defines          => add(sub { my @defs = ();
+                                      unless ($disabled{"zlib-dynamic"}) {
+                                          my $zlib =
+                                              $withargs{zlib_lib} // "ZLIB1";
+                                          push @defs,
+                                              quotify("perl",
+                                                      'LIBZ="' . $zlib . '"');
+                                      }
+                                      return [ @defs ];
+                                    }),
+        coutflag         => "/Fo",
+        lib_cflags       => add("/Zi /Fdossl_static"),
+        dso_cflags       => "/Zi /Fddso",
+        bin_cflags       => "/Zi /Fdapp",
+        lflags           => add("/debug"),
+        shared_ldflag    => "/dll",
+        shared_target    => "win-shared", # meaningless except it gives Configure a hint
+        thread_scheme    => "winthreads",
+        dso_scheme       => "win32",
+        apps_aux_src     => add("win32_init.c"),
+    },
+    "VC-noCE-common" => {
+        inherit_from     => [ "VC-common" ],
+        template         => 1,
+        cflags           => add(picker(default => "-DUNICODE -D_UNICODE",
+                                       debug   =>
+                                       sub {
+                                           ($disabled{shared} ? "" : "/MDd")
+                                               ." /Od -DDEBUG -D_DEBUG";
+                                       },
+                                       release =>
+                                       sub {
+                                           ($disabled{shared} ? "" : "/MD")
+                                               ." /O2";
+                                       })),
+        lib_cflags       => add(sub { $disabled{shared} ? "/MT /Zl" : () }),
+        # Following might/should appears controversial, i.e. defining
+        # /MDd without evaluating $disabled{shared}. It works in
+        # non-shared build because static library is compiled with /Zl
+        # and bares no reference to specific RTL. And it works in
+        # shared build because multiple /MDd options are not prohibited.
+        # But why /MDd in static build? Well, basically this is just a
+        # reference point, which allows to catch eventual errors that
+        # would prevent those who want to wrap OpenSSL into own .DLL.
+        # Why not /MD in release build then? Well, some are likely to
+        # prefer [non-debug] openssl.exe to be free from Micorosoft RTL
+        # redistributable.
+        bin_cflags       => add(picker(debug   => "/MDd",
+                                       release => sub { $disabled{shared} ? "/MT" : () },
+                                      )),
+        bin_lflags       => add("/subsystem:console /opt:ref"),
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'ws2_32.lib' unless $disabled{sock};
+            push @ex_libs, 'gdi32.lib advapi32.lib crypt32.lib user32.lib';
+            return join(" ", @ex_libs);
+        }),
+    },
+    "VC-WIN64-common" => {
+        inherit_from     => [ "VC-noCE-common" ],
+        template         => 1,
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'bufferoverflowu.lib' if (`cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+            return join(" ", @_, @ex_libs);
+        }),
+        bn_ops           => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN",
+        build_scheme     => add("VC-W64", { separator => undef }),
+    },
+    "VC-WIN64I" => {
+        inherit_from     => [ "VC-WIN64-common", asm("ia64_asm"),
+                              sub { $disabled{shared} ? () : "ia64_uplink" } ],
+        as               => "ias",
+        asflags          => "-d debug",
+        asoutflag        => "-o",
+        sys_id           => "WIN64I",
+        bn_asm_src       => sub { return undef unless @_;
+                                  my $r=join(" ",@_); $r=~s|bn-ia64.s|bn_asm.c|; $r; },
+        perlasm_scheme   => "ias",
+        multilib         => "-ia64",
+    },
+    "VC-WIN64A" => {
+        inherit_from     => [ "VC-WIN64-common", asm("x86_64_asm"),
+                              sub { $disabled{shared} ? () : "x86_64_uplink" } ],
+        as               => sub { vc_win64a_info()->{as} },
+        asflags          => sub { vc_win64a_info()->{asflags} },
+        asoutflag        => sub { vc_win64a_info()->{asoutflag} },
+        sys_id           => "WIN64A",
+        bn_asm_src       => sub { return undef unless @_;
+                                  my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
+        perlasm_scheme   => "auto",
+        multilib         => "-x64",
+    },
+    "VC-WIN32" => {
+        # x86 Win32 target defaults to ANSI API, if you want UNICODE,
+        # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE'
+        inherit_from     => [ "VC-noCE-common", asm("x86_asm"),
+                              sub { $disabled{shared} ? () : "uplink_common" } ],
+        as               => sub { vc_win32_info()->{as} },
+        asflags          => sub { vc_win32_info()->{asflags} },
+        asoutflag        => sub { vc_win32_info()->{asoutflag} },
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            # WIN32 UNICODE build gets linked with unicows.lib for
+            # backward compatibility with Win9x.
+            push @ex_libs, 'unicows.lib'
+                if (grep { $_ eq "UNICODE" } @user_defines);
+            return join(" ", @ex_libs, @_);
+        }),
+        sys_id           => "WIN32",
+        bn_ops           => "BN_LLONG EXPORT_VAR_AS_FN",
+        perlasm_scheme   => sub { vc_win32_info()->{perlasm_scheme} },
+        build_scheme     => add("VC-W32", { separator => undef }),
+    },
+    "VC-CE" => {
+        inherit_from     => [ "VC-common" ],
+        as               => "ml",
+        asflags          => "/nologo /Cp /coff /c /Cx /Zi",
+        asoutflag        => "/Fo",
+        cc               => "cl",
+        cflags           =>
+            picker(default =>
+                   combine('/W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYS_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT',
+                           sub { vc_wince_info()->{cflags}; },
+                           sub { defined($ENV{'WCECOMPAT'})
+                                     ? '-I$(WCECOMPAT)/include' : (); },
+                           sub { defined($ENV{'PORTSDK_LIBPATH'})
+                                     ? '-I$(PORTSDK_LIBPATH)/../../include' : (); },
+                           sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14
+                                     ? ($disabled{shared} ? " /MT" : " /MD")
+                                     : " /MC"; }),
+                   debug   => "/Od -DDEBUG -D_DEBUG",
+                   release => "/O1i"),
+        lflags           => combine("/nologo /opt:ref",
+                                    sub { vc_wince_info()->{lflags}; },
+                                    sub { defined($ENV{PORTSDK_LIBPATH})
+                                              ? "/entry:mainCRTstartup" : (); }),
+        sys_id           => "WINCE",
+        bn_ops           => "BN_LLONG EXPORT_VAR_AS_FN",
+        ex_libs          => add(sub {
+            my @ex_libs = ();
+            push @ex_libs, 'ws2.lib' unless $disabled{sock};
+            push @ex_libs, 'crypt32.lib';
+            if (defined($ENV{WCECOMPAT})) {
+                my $x = '$(WCECOMPAT)/lib';
+                if (-f "$x/$ENV{TARGETCPU}/wcecompatex.lib") {
+                    $x .= '/$(TARGETCPU)/wcecompatex.lib';
+                } else {
+                    $x .= '/wcecompatex.lib';
+                }
+                push @ex_libs, $x;
+            }
+            push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib'
+                if (defined($ENV{'PORTSDK_LIBPATH'}));
+            push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib'
+                if ($ENV{'TARGETCPU'} eq "X86");
+            return @ex_libs;
+        }),
+        build_scheme     => add("VC-WCE", { separator => undef }),
+    },
+
+#### MinGW
+    "mingw" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm"),
+                              sub { $disabled{shared} ? () : "x86_uplink" } ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall",
+                                           debug   => "-g -O0",
+                                           release => "-O3 -fomit-frame-pointer"),
+                                    threads("-D_MT")),
+        sys_id           => "MINGW32",
+        ex_libs          => add("-lws2_32 -lgdi32 -lcrypt32"),
+        bn_ops           => "BN_LLONG EXPORT_VAR_AS_FN",
+        thread_scheme    => "winthreads",
+        perlasm_scheme   => "coff",
+        dso_scheme       => "win32",
+        shared_target    => "mingw-shared",
+        shared_cflag     => add("-D_WINDLL"),
+        shared_ldflag    => "-static-libgcc",
+        shared_rcflag    => "--target=pe-i386",
+        shared_extension => ".dll",
+        multilib         => "",
+        apps_aux_src     => add("win32_init.c"),
+    },
+    "mingw64" => {
+        # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
+        # .dll compiled with one compiler with application compiled with
+        # another compiler. It's possible to engage Applink support in
+        # mingw64 build, but it's not done, because till mingw64
+        # supports structured exception handling, one can't seriously
+        # consider its binaries for using with non-mingw64 run-time
+        # environment. And as mingw64 is always consistent with itself,
+        # Applink is never engaged and can as well be omitted.
+        inherit_from     => [ "BASE_unix", asm("x86_64_asm") ],
+        cc               => "gcc",
+        cflags           => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m64 -Wall",
+                                           debug   => "-g -O0",
+                                           release => "-O3"),
+                                    threads("-D_MT")),
+        sys_id           => "MINGW64",
+        ex_libs          => add("-lws2_32 -lgdi32 -lcrypt32"),
+        bn_ops           => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN",
+        thread_scheme    => "winthreads",
+        perlasm_scheme   => "mingw64",
+        dso_scheme       => "win32",
+        shared_target    => "mingw-shared",
+        shared_cflag     => add("-D_WINDLL"),
+        shared_ldflag    => "-static-libgcc",
+        shared_rcflag    => "--target=pe-x86-64",
+        shared_extension => ".dll",
+        multilib         => "64",
+        apps_aux_src     => add("win32_init.c"),
+    },
+
+#### UEFI
+    "UEFI" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => "-DL_ENDIAN -O",
+        sys_id           => "UEFI",
+    },
+
+#### UWIN
+    "UWIN" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "cc",
+        cflags           => "-DTERMIOS -DL_ENDIAN -O -Wall",
+        sys_id           => "UWIN",
+        bn_ops           => "BN_LLONG",
+        dso_scheme       => "win32",
+    },
+
+#### Cygwin
+    "Cygwin-x86" => {
+        inherit_from     => [ "BASE_unix", asm("x86_asm") ],
+        cc               => "gcc",
+        cflags           => picker(default => "-DTERMIOS -DL_ENDIAN -Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3 -fomit-frame-pointer"),
+        sys_id           => "CYGWIN",
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthread",
+        perlasm_scheme   => "coff",
+        dso_scheme       => "dlfcn",
+        shared_target    => "cygwin-shared",
+        shared_cflag     => "-D_WINDLL",
+        shared_ldflag    => "-shared",
+        shared_extension => ".dll",
+    },
+    "Cygwin-x86_64" => {
+        inherit_from     => [ "BASE_unix", asm("x86_64_asm") ],
+        cc               => "gcc",
+        cflags           => picker(default => "-DTERMIOS -DL_ENDIAN -Wall",
+                                   debug   => "-g -O0",
+                                   release => "-O3"),
+        sys_id           => "CYGWIN",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthread",
+        perlasm_scheme   => "mingw64",
+        dso_scheme       => "dlfcn",
+        shared_target    => "cygwin-shared",
+        shared_cflag     => "-D_WINDLL",
+        shared_ldflag    => "-shared",
+        shared_extension => ".dll",
+    },
+    # Backward compatibility for those using this target
+    "Cygwin" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    # In case someone constructs the Cygwin target name themself
+    "Cygwin-i386" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i486" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i586" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+    "Cygwin-i686" => {
+	inherit_from     => [ "Cygwin-x86" ]
+    },
+
+##### MacOS X (a.k.a. Darwin) setup
+    "darwin-common" => {
+        inherit_from     => [ "BASE_unix" ],
+        template         => 1,
+        cc               => "cc",
+        cflags           => combine(picker(default => "",
+                                           debug   => "-g -O0",
+                                           release => "-O3"),
+                                   threads("-D_REENTRANT")),
+        sys_id           => "MACOSX",
+        plib_lflags      => "-Wl,-search_paths_first",
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "osx32",
+        dso_scheme       => "dlfcn",
+        ranlib           => "ranlib -c",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-dynamiclib",
+        shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+    },
+    # Option "freeze" such as -std=gnu9x can't negatively interfere
+    # with future defaults for below two targets, because MacOS X
+    # for PPC has no future, it was discontinued by vendor in 2009.
+    "darwin-ppc-cc" => {
+        inherit_from     => [ "darwin-common", asm("ppc32_asm") ],
+        cflags           => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"),
+        perlasm_scheme   => "osx32",
+        shared_cflag     => add("-fno-common"),
+        shared_ldflag    => "-arch ppc -dynamiclib",
+    },
+    "darwin64-ppc-cc" => {
+        inherit_from     => [ "darwin-common", asm("ppc64_asm") ],
+        cflags           => add("-arch ppc64 -std=gnu9x -DB_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "osx64",
+        shared_ldflag    => "-arch ppc64 -dynamiclib",
+    },
+    "darwin-i386-cc" => {
+        inherit_from     => [ "darwin-common", asm("x86_asm") ],
+        cflags           => add(picker(default => "-arch i386 -DL_ENDIAN",
+                                       release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG RC4_INT",
+        perlasm_scheme   => "macosx",
+        shared_ldflag    => "-arch i386 -dynamiclib",
+    },
+    "darwin64-x86_64-cc" => {
+        inherit_from     => [ "darwin-common", asm("x86_64_asm") ],
+        cflags           => add("-arch x86_64 -DL_ENDIAN -Wall"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "macosx",
+        shared_ldflag    => "-arch x86_64 -dynamiclib",
+    },
+
+#### iPhoneOS/iOS
+#
+# It takes three prior-set environment variables to make it work:
+#
+# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
+# CROSS_TOP=/where/SDKs/are
+# CROSS_SDK=iPhoneOSx.y.sdk
+#
+# Exact paths vary with Xcode releases, but for couple of last ones
+# they would look like this:
+#
+# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
+# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
+# CROSS_SDK=iPhoneOS.sdk
+#
+    "iphoneos-cross" => {
+        inherit_from     => [ "darwin-common" ],
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
+        sys_id           => "iOS",
+    },
+    "ios-cross" => {
+        inherit_from     => [ "darwin-common", asm("armv4_asm") ],
+        # It should be possible to go below iOS 6 and even add -arch armv6,
+        # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
+        # at this point.
+        cflags           => add("-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
+        sys_id           => "iOS",
+        perlasm_scheme   => "ios32",
+    },
+    "ios64-cross" => {
+        inherit_from     => [ "darwin-common", asm("aarch64_asm") ],
+        cflags           => add("-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
+        sys_id           => "iOS",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        perlasm_scheme   => "ios64",
+    },
+
+##### GNU Hurd
+    "hurd-x86" => {
+        inherit_from     => [ "BASE_unix" ],
+        inherit_from     => [ asm("x86_elf_asm") ],
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+                                    threads("-pthread")),
+        ex_libs          => add("-ldl", threads("-pthread")),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+
+##### VxWorks for various targets
+    "vxworks-ppc60x" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip",
+        sys_id           => "VXWORKS",
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"),
+    },
+    "vxworks-ppcgen" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip",
+        sys_id           => "VXWORKS",
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"),
+    },
+    "vxworks-ppc405" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h",
+        sys_id           => "VXWORKS",
+        lflags           => "-r",
+    },
+    "vxworks-ppc750" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG)",
+        sys_id           => "VXWORKS",
+        lflags           => "-r",
+    },
+    "vxworks-ppc750-debug" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DPEDANTIC -DDEBUG -g",
+        sys_id           => "VXWORKS",
+        lflags           => "-r",
+    },
+    "vxworks-ppc860" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccppc",
+        cflags           => "-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h",
+        sys_id           => "VXWORKS",
+        lflags           => "-r",
+    },
+    "vxworks-simlinux" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "ccpentium",
+        cflags           => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK",
+        sys_id           => "VXWORKS",
+        lflags           => "-r",
+        ranlib           => "ranlibpentium",
+    },
+    "vxworks-mips" => {
+        inherit_from     => [ "BASE_unix", asm("mips32_asm") ],
+        cc               => "ccmips",
+        cflags           => combine("-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip",
+                                    threads("-D_REENTRANT")),
+        sys_id           => "VXWORKS",
+        ex_libs          => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"),
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "o32",
+        ranlib           => "ranlibmips",
+    },
+
+#### uClinux
+    "uClinux-dist" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "$ENV{'CC'}",
+        cflags           => combine(threads("-D_REENTRANT")),
+        ex_libs          => add("\$(LDLIBS)"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "$ENV{'LIBSSL_dlfcn'}",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        ranlib           => "$ENV{'RANLIB'}",
+    },
+    "uClinux-dist64" => {
+        inherit_from     => [ "BASE_unix" ],
+        cc               => "$ENV{'CC'}",
+        cflags           => combine(threads("-D_REENTRANT")),
+        ex_libs          => add("\$(LDLIBS)"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "$ENV{'LIBSSL_dlfcn'}",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        ranlib           => "$ENV{'RANLIB'}",
+    },
+
+    ##### VMS
+    "vms-generic" => {
+        inherit_from     => [ "BASE_VMS" ],
+        template         => 1,
+        cc               => "CC/DECC",
+        cflags           => picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL",
+                                   debug   => "/NOOPTIMIZE/DEBUG",
+                                   release => "/OPTIMIZE/NODEBUG"),
+        defines          => add("OPENSSL_USE_NODELETE"),
+        lflags           => picker(default => "/MAP",
+                                   debug   => "/DEBUG/TRACEBACK",
+                                   release => "/NODEBUG/NOTRACEBACK"),
+        lib_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),
+        dso_cflags       => add("/NAMES=(AS_IS,SHORTENED)"),
+        shared_target    => "vms-shared",
+        dso_scheme       => "vms",
+        thread_scheme    => "pthreads",
+
+        apps_aux_src     => "vms_decc_init.c vms_term_sock.c",
+    },
+
+    "vms-alpha" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           => add(sub { my @warnings =
+                                          @{vms_info(0)->{disable_warns}};
+                                      @warnings
+                                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }),
+        defines          =>
+                    add(sub {
+                            return vms_info(0)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(0)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(0)->{pointer_size} },
+        #as               => "???",
+        #debug_aflags     => "/NOOPTIMIZE/DEBUG",
+        #release_aflags   => "/OPTIMIZE/NODEBUG",
+        bn_opts          => "SIXTY_FOUR_BIT RC4_INT",
+    },
+    "vms-alpha-p32" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           =>
+            add("/POINTER_SIZE=32",
+                sub { my @warnings =
+                          @{vms_info(32)->{disable_warns}};
+                      @warnings
+                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : ();
+                } ),
+        defines          =>
+                    add(sub {
+                            return vms_info(32)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(32)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(32)->{pointer_size} },
+    },
+    "vms-alpha-p64" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           =>
+            add("/POINTER_SIZE=64=ARGV",
+                sub { my @warnings =
+                          @{vms_info(64)->{disable_warns}};
+                      @warnings
+                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : ();
+                } ),
+        defines          =>
+                    add(sub {
+                            return vms_info(64)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(64)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(64)->{pointer_size} },
+    },
+    "vms-ia64" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           => add(sub { my @warnings =
+                                          @{vms_info(0)->{disable_warns}};
+                                      @warnings
+                                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }),
+        defines          =>
+                    add(sub {
+                            return vms_info(0)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(0)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(0)->{pointer_size} },
+        #as               => "I4S",
+        #debug_aflags     => "/NOOPTIMIZE/DEBUG",
+        #release_aflags   => "/OPTIMIZE/NODEBUG",
+        bn_opts          => "SIXTY_FOUR_BIT RC4_INT",
+    },
+    "vms-ia64-p32" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           =>
+            add("/POINTER_SIZE=32",
+                sub { my @warnings =
+                          @{vms_info(32)->{disable_warns}};
+                      @warnings
+                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : ();
+                } ),
+        defines          =>
+                    add(sub {
+                            return vms_info(32)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(32)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(32)->{pointer_size} },
+    },
+    "vms-ia64-p64" => {
+        inherit_from     => [ "vms-generic" ],
+        cflags           =>
+            add("/POINTER_SIZE=64=ARGV",
+                sub { my @warnings =
+                          @{vms_info(64)->{disable_warns}};
+                      @warnings
+                          ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : ();
+                } ),
+        defines          =>
+                    add(sub {
+                            return vms_info(64)->{def_zlib}
+                                ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
+                            }),
+        ex_libs          => add(sub { return vms_info(64)->{zlib} || (); }),
+        pointer_size     => sub { return vms_info(64)->{pointer_size} },
+    },
+
+);
diff --git a/openssl-1.1.0h/Configurations/50-djgpp.conf b/openssl-1.1.0h/Configurations/50-djgpp.conf
new file mode 100644
index 0000000..f532bd1
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/50-djgpp.conf
@@ -0,0 +1,15 @@
+# We can't make any commitment to support the DJGPP platform,
+# and rely entirely on the OpenSSL community to help is fine
+# tune and test.
+
+%targets = (
+    "DJGPP" => {
+        inherit_from     => [ asm("x86_asm") ],
+        cc               => "gcc",
+        cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
+        sys_id           => "MSDOS",
+        ex_libs          => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
+        bn_ops           => "BN_LLONG",
+        perlasm_scheme   => "a.out",
+    },
+);
diff --git a/openssl-1.1.0h/Configurations/50-haiku.conf b/openssl-1.1.0h/Configurations/50-haiku.conf
new file mode 100644
index 0000000..f114666
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/50-haiku.conf
@@ -0,0 +1,29 @@
+%targets = (
+    "haiku-common" => {
+        template         => 1,
+        cc               => "cc",
+        cflags           => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
+                                              debug   => "-g -O0",
+                                              release => "-O2"),
+                                       threads("-D_REENTRANT")),
+        sys_id           => "HAIKU",
+        ex_libs          => "-lnetwork",
+        perlasm_scheme   => "elf",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+        shared_target    => "gnu-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-shared",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "haiku-x86" => {
+        inherit_from     => [ "haiku-common", asm("x86_elf_asm") ],
+        cflags           => add(picker(release => "-fomit-frame-pointer")),
+        bn_ops           => "BN_LLONG",
+    },
+    "haiku-x86_64" => {
+        inherit_from     => [ "haiku-common" ],
+        cflags           => add("-m64"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+    },
+);
diff --git a/openssl-1.1.0h/Configurations/50-masm.conf b/openssl-1.1.0h/Configurations/50-masm.conf
new file mode 100644
index 0000000..60a5507
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/50-masm.conf
@@ -0,0 +1,17 @@
+# We can't make commitment to supporting Microsoft assembler,
+# because it would mean supporting all masm versions. This in
+# in turn is because masm is not really an interchangeable option,
+# while users tend to have reasons to stick with specific Visual
+# Studio versions. It's usually lesser hassle to make it work
+# with latest assembler, but tweaking for older versions had
+# proven to be daunting task. This is experimental target, for
+# production builds stick with [up-to-date version of] nasm.
+
+%targets = (
+    "VC-WIN64A-masm" => {
+        inherit_from    => [ "VC-WIN64A" ],
+        as              => "ml64",
+        asflags         => "/c /Cp /Cx /Zi",
+        asoutflag       => "/Fo",
+    },
+);
diff --git a/openssl-1.1.0h/Configurations/90-team.conf b/openssl-1.1.0h/Configurations/90-team.conf
new file mode 100644
index 0000000..0a83c22
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/90-team.conf
@@ -0,0 +1,112 @@
+## -*- mode: perl; -*-
+## Build configuration targets for openssl-team members
+
+%targets = (
+    "purify" => {
+        cc               => "purify gcc",
+        cflags           => "-g -Wall",
+        thread_scheme    => "(unknown)",
+        ex_libs          => add(" ","-lsocket -lnsl"),
+    },
+    "debug" => {
+        cc               => "gcc",
+        cflags           => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-erbridge" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "gcc",
+        cflags           => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-m64",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "64",
+    },
+    "debug-linux-pentium" => {
+        inherit_from     => [ "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ppro" => {
+        inherit_from     => [ "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ia32-aes" => {
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "x86cpuid.s",
+        bn_asm_src       => "bn-586.s co-586.s x86-mont.s",
+        des_asm_src      => "des-586.s crypt586.s",
+        aes_asm_src      => "aes_x86core.s aes_cbc.s aesni-x86.s",
+        bf_asm_src       => "bf-586.s",
+        md5_asm_src      => "md5-586.s",
+        sha1_asm_src     => "sha1-586.s sha256-586.s sha512-586.s",
+        cast_asm_src     => "cast-586.s",
+        rc4_asm_src      => "rc4-586.s",
+        rmd160_asm_src   => "rmd-586.s",
+        rc5_asm_src      => "rc5-586.s",
+        wp_asm_src       => "wp_block.s wp-mmx.s",
+        modes_asm_src    => "ghash-x86.s",
+        padlock_asm_src  => "e_padlock-x86.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "dist" => {
+        cc               => "cc",
+        cflags           => "-O",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-test-64-clang" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "darwin64-debug-test-64-clang" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        sys_id           => "MACOSX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "macosx",
+        dso_scheme       => "dlfcn",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC -fno-common",
+        shared_ldflag    => "-arch x86_64 -dynamiclib",
+        shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+    },
+);
diff --git a/openssl-1.1.0h/Configurations/INTERNALS.Configure b/openssl-1.1.0h/Configurations/INTERNALS.Configure
new file mode 100644
index 0000000..b28305d
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/INTERNALS.Configure
@@ -0,0 +1,136 @@
+Configure Internals
+===================
+
+[ note: this file uses markdown for formatting ]
+
+Intro
+-----
+
+This is a collection of notes that are hopefully of interest to those
+who decide to dive into Configure and what it does.  This is a living
+document and anyone is encouraged to add to it and submit changes.
+There's no claim for this document to be complete at any time, but it
+will hopefully reach such a point in time.
+
+
+----------------------------------------------------------------------
+
+Parsing build.info files, processing conditions
+-----------------------------------------------
+
+Processing conditions in build.info files is done with the help of a
+condition stack that tell if a build.info should be processed or if it
+should just be skipped over.  The possible states of the stack top are
+expressed in the following comment from Configure:
+
+    # The top item of this stack has the following values
+    # -2 positive already run and we found ELSE (following ELSIF should fail)
+    # -1 positive already run (skip until ENDIF)
+    # 0 negatives so far (if we're at a condition, check it)
+    # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
+    # 2 positive ELSE (following ELSIF should fail)
+
+Ground rule is that non-condition lines are skipped over if the
+stack top is > 0.  Condition lines (IF, ELSIF, ELSE and ENDIF
+statements) need to be processed either way to keep track of the skip
+stack states, so they are a little more intricate.
+
+Instead of trying to describe in words, here are some example of what
+the skip stack should look like after each line is processed:
+
+Example 1:
+
+| IF[1]                     |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[1]                   |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSIF[1]                |  1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ELSIF[1]                  | -1        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[1]                   | -1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                | -1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    | -1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   | -1        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ENDIF                     |           |                               |
+
+Example 2:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[1]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[1]                   |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSIF[1]                |  1 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
+Example 3:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[0]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[0]                   |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[1]                |  1  1     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ELSE                    |  1 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
+Example 4:
+
+| IF[0]                     |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+|   IF[0]                   |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[0]                |  0 -1     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  0 -2     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ENDIF                   |  0        |                               |
+|   ... whatever ...        |           | this line is skipped over     |
+| ELSIF[1]                  |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+|   IF[0]                   |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSIF[0]                |  1  0     |                               |
+|     ... whatever ...      |           | this line is skipped over     |
+|   ELSE                    |  1  2     |                               |
+|     ... whatever ...      |           | this line is processed        |
+|   ENDIF                   |  1        |                               |
+|   ... whatever ...        |           | this line is processed        |
+| ENDIF                     |           |                               |
+
diff --git a/openssl-1.1.0h/Configurations/README b/openssl-1.1.0h/Configurations/README
new file mode 100644
index 0000000..6e13645
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/README
@@ -0,0 +1,721 @@
+Intro
+=====
+
+This directory contains a few sets of files that are used for
+configuration in diverse ways:
+
+    *.conf      Target platform configurations, please read
+                'Configurations of OpenSSL target platforms' for more
+                information.
+    *.tmpl      Build file templates, please read 'Build-file
+                programming with the "unified" build system' as well
+                as 'Build info files' for more information.
+    *.pm        Helper scripts / modules for the main `Configure`
+                script.  See 'Configure helper scripts for more
+                information.
+
+
+Configurations of OpenSSL target platforms
+==========================================
+
+Configuration targets are a collection of facts that we know about
+different platforms and their capabilities.  We organise them in a
+hash table, where each entry represent a specific target.
+
+Note that configuration target names must be unique across all config
+files.  The Configure script does check that a config file doesn't
+have config targets that shadow config targets from other files.
+
+In each table entry, the following keys are significant:
+
+        inherit_from    => Other targets to inherit values from.
+                           Explained further below. [1]
+        template        => Set to 1 if this isn't really a platform
+                           target.  Instead, this target is a template
+                           upon which other targets can be built.
+                           Explained further below.  [1]
+
+        sys_id          => System identity for systems where that
+                           is difficult to determine automatically.
+
+        cc              => The compiler command, usually one of "cc",
+                           "gcc" or "clang".  This command is normally
+                           also used to link object files and
+                           libraries into the final program.
+        cflags          => Flags that are used at all times when
+                           compiling.
+        defines         => As an alternative, macro definitions may be
+                           present here instead of in `cflags'.  If
+                           given here, they MUST be as an array of the
+                           string such as "MACRO=value", or just
+                           "MACRO" for definitions without value.
+        shared_cflag    => Extra compilation flags used when
+                           compiling for shared libraries, typically
+                           something like "-fPIC".
+
+        (linking is a complex thing, see [3] below)
+        ld              => Linker command, usually not defined
+                           (meaning the compiler command is used
+                           instead).
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        lflags          => Flags that are used when linking apps.
+        shared_ldflag   => Flags that are used when linking shared
+                           or dynamic libraries.
+        plib_lflags     => Extra linking flags to appear just before
+                           the libraries on the command line.
+        ex_libs         => Extra libraries that are needed when
+                           linking.
+
+        ar              => The library archive command, the default is
+                           "ar".
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        arflags         => Flags to be used with the library archive
+                           command.
+
+        ranlib          => The library archive indexing command, the
+                           default is 'ranlib' it it exists.
+
+        unistd          => An alternative header to the typical
+                           '<unistd.h>'.  This is very rarely needed.
+
+        shared_extension => File name extension used for shared
+                            libraries. 
+        obj_extension   => File name extension used for object files.
+                           On unix, this defaults to ".o" (NOTE: this
+                           is here for future use, it's not
+                           implemented yet)
+        exe_extension   => File name extension used for executable
+                           files.  On unix, this defaults to "" (NOTE:
+                           this is here for future use, it's not
+                           implemented yet)
+        shlib_variant   => A "variant" identifier inserted between the base
+                           shared library name and the extension.  On "unixy"
+                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+                           supports installation of custom OpenSSL libraries
+                           that don't conflict with other builds of OpenSSL
+                           installed on the system.  The variant identifier
+                           becomes part of the SONAME of the library and also
+                           any symbol versions (symbol versions are not used or
+                           needed with MacOS/X).  For example, on a system
+                           where a default build would normally create the SSL
+                           shared library as 'libssl.so -> libssl.so.1.1' with
+                           the value of the symlink as the SONAME, a target
+                           definition that sets 'shlib_variant => "-abc"' will
+                           create 'libssl.so -> libssl-abc.so.1.1', again with
+                           an SONAME equal to the value of the symlink.  The
+                           symbol versions associated with the variant library
+                           would then be 'OPENSSL_ABC_<version>' rather than
+                           the default 'OPENSSL_<version>'. The string inserted
+                           into symbol versions is obtained by mapping all
+                           letters in the "variant" identifier to upper case
+                           and all non-alphanumeric characters to '_'.
+
+        thread_scheme   => The type of threads is used on the
+                           configured platform.  Currently known
+                           values are "(unknown)", "pthreads",
+                           "uithreads" (a.k.a solaris threads) and
+                           "winthreads".  Except for "(unknown)", the
+                           actual value is currently ignored but may
+                           be used in the future.  See further notes
+                           below [2].
+        dso_scheme      => The type of dynamic shared objects to build
+                           for.  This mostly comes into play with
+                           engines, but can be used for other purposes
+                           as well.  Valid values are "DLFCN"
+                           (dlopen() et al), "DLFCN_NO_H" (for systems
+                           that use dlopen() et al but do not have
+                           fcntl.h), "DL" (shl_load() et al), "WIN32"
+                           and "VMS".
+        perlasm_scheme  => The perlasm method used to created the
+                           assembler files used when compiling with
+                           assembler implementations.
+        shared_target   => The shared library building method used.
+                           This is a target found in Makefile.shared.
+        build_scheme    => The scheme used to build up a Makefile.
+                           In its simplest form, the value is a string
+                           with the name of the build scheme.
+                           The value may also take the form of a list
+                           of strings, if the build_scheme is to have
+                           some options.  In this case, the first
+                           string in the list is the name of the build
+                           scheme.
+                           Currently recognised build scheme is "unified".
+                           For the "unified" build scheme, this item
+                           *must* be an array with the first being the
+                           word "unified" and the second being a word
+                           to identify the platform family.
+
+        multilib        => On systems that support having multiple
+                           implementations of a library (typically a
+                           32-bit and a 64-bit variant), this is used
+                           to have the different variants in different
+                           directories.
+
+        bn_ops          => Building options (was just bignum options in
+                           the earlier history of this option, hence the
+                           name). This is a string of words that describe
+                           algorithms' implementation parameters that
+                           are optimal for the designated target platform,
+                           such as the type of integers used to build up
+                           the bignum, different ways to implement certain
+                           ciphers and so on. To fully comprehend the
+                           meaning, the best is to read the affected
+                           source.
+                           The valid words are:
+
+                           THIRTY_TWO_BIT       bignum limbs are 32 bits,
+                                                this is default if no
+                                                option is specified, it
+                                                works on any supported
+                                                system [unless "wider"
+                                                limb size is implied in
+                                                assembly code];
+                           BN_LLONG             bignum limbs are 32 bits,
+                                                but 64-bit 'unsigned long
+                                                long' is used internally
+                                                in calculations;
+                           SIXTY_FOUR_BIT_LONG  bignum limbs are 64 bits
+                                                and sizeof(long) is 8;
+                           SIXTY_FOUR_BIT       bignums limbs are 64 bits,
+                                                but execution environment
+                                                is ILP32;
+                           RC4_CHAR             RC4 key schedule is made
+                                                up of 'unsigned char's;
+                           RC4_INT              RC4 key schedule is made
+                                                up of 'unsigned int's;
+                           EXPORT_VAR_AS_FN     for shared libraries,
+                                                export vars as
+                                                accessor functions.
+
+        apps_extra_src  => Extra source to build apps/openssl, as
+                           needed by the target.
+        cpuid_asm_src   => assembler implementation of cpuid code as
+                           well as OPENSSL_cleanse().
+                           Default to mem_clr.c
+        bn_asm_src      => Assembler implementation of core bignum
+                           functions.
+                           Defaults to bn_asm.c
+        ec_asm_src      => Assembler implementation of core EC
+                           functions.
+        des_asm_src     => Assembler implementation of core DES
+                           encryption functions.
+                           Defaults to 'des_enc.c fcrypt_b.c'
+        aes_asm_src     => Assembler implementation of core AES
+                           functions.
+                           Defaults to 'aes_core.c aes_cbc.c'
+        bf_asm_src      => Assembler implementation of core BlowFish
+                           functions.
+                           Defaults to 'bf_enc.c'
+        md5_asm_src     => Assembler implementation of core MD5
+                           functions.
+        sha1_asm_src    => Assembler implementation of core SHA1,
+                           functions, and also possibly SHA256 and
+                           SHA512 ones.
+        cast_asm_src    => Assembler implementation of core CAST
+                           functions.
+                           Defaults to 'c_enc.c'
+        rc4_asm_src     => Assembler implementation of core RC4
+                           functions.
+                           Defaults to 'rc4_enc.c rc4_skey.c'
+        rmd160_asm_src  => Assembler implementation of core RMD160
+                           functions.
+        rc5_asm_src     => Assembler implementation of core RC5
+                           functions.
+                           Defaults to 'rc5_enc.c'
+        wp_asm_src      => Assembler implementation of core WHIRLPOOL
+                           functions.
+        cmll_asm_src    => Assembler implementation of core CAMELLIA
+                           functions.
+                           Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
+        modes_asm_src   => Assembler implementation of cipher modes,
+                           currently the functions gcm_gmult_4bit and
+                           gcm_ghash_4bit.
+        padlock_asm_src => Assembler implementation of core parts of
+                           the padlock engine.  This is mandatory on
+                           any platform where the padlock engine might
+                           actually be built.
+
+
+[1] as part of the target configuration, one can have a key called
+    'inherit_from' that indicate what other configurations to inherit
+    data from.  These are resolved recursively.
+
+    Inheritance works as a set of default values that can be overridden
+    by corresponding key values in the inheriting configuration.
+
+    Note 1: any configuration table can be used as a template.
+    Note 2: pure templates have the attribute 'template => 1' and
+            cannot be used as build targets.
+
+    If several configurations are given in the 'inherit_from' array,
+    the values of same attribute are concatenated with space
+    separation.  With this, it's possible to have several smaller
+    templates for different configuration aspects that can be combined
+    into a complete configuration.
+
+    instead of a scalar value or an array, a value can be a code block
+    of the form 'sub { /* your code here */ }'.  This code block will
+    be called with the list of inherited values for that key as
+    arguments.  In fact, the concatenation of strings is really done
+    by using 'sub { join(" ",@_) }' on the list of inherited values.
+
+    An example:
+
+        "foo" => {
+                template => 1,
+                haha => "ha ha",
+                hoho => "ho",
+                ignored => "This should not appear in the end result",
+        },
+        "bar" => {
+                template => 1,
+                haha => "ah",
+                hoho => "haho",
+                hehe => "hehe"
+        },
+        "laughter" => {
+                inherit_from => [ "foo", "bar" ],
+                hehe => sub { join(" ",(@_,"!!!")) },
+                ignored => "",
+        }
+
+        The entry for "laughter" will become as follows after processing:
+
+        "laughter" => {
+                haha => "ha ha ah",
+                hoho => "ho haho",
+                hehe => "hehe !!!",
+                ignored => ""
+        }
+
+[2] OpenSSL is built with threading capabilities unless the user
+    specifies 'no-threads'.  The value of the key 'thread_scheme' may
+    be "(unknown)", in which case the user MUST give some compilation
+    flags to Configure.
+
+[3] OpenSSL has three types of things to link from object files or
+    static libraries:
+
+    - shared libraries; that would be libcrypto and libssl.
+    - shared objects (sometimes called dynamic libraries);  that would
+      be the engines.
+    - applications; those are apps/openssl and all the test apps.
+
+    Very roughly speaking, linking is done like this (words in braces
+    represent the configuration settings documented at the beginning
+    of this file):
+
+    shared libraries:
+        {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
+            -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
+            {plib_lflags} -lcrypto {ex_libs}
+
+    shared objects:
+        {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
+            blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
+
+    applications:
+        {ld} $(CFLAGS) {lflags} -o app \
+            app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
+
+
+Historically, the target configurations came in form of a string with
+values separated by colons.  This use is deprecated.  The string form
+looked like this:
+
+   "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
+
+
+Build info files
+================
+
+The build.info files that are spread over the source tree contain the
+minimum information needed to build and distribute OpenSSL.  It uses a
+simple and yet fairly powerful language to determine what needs to be
+built, from what sources, and other relationships between files.
+
+For every build.info file, all file references are relative to the
+directory of the build.info file for source files, and the
+corresponding build directory for built files if the build tree
+differs from the source tree.
+
+When processed, every line is processed with the perl module
+Text::Template, using the delimiters "{-" and "-}".  The hashes
+%config and %target are passed to the perl fragments, along with
+$sourcedir and $builddir, which are the locations of the source
+directory for the current build.info file and the corresponding build
+directory, all relative to the top of the build tree.
+
+To begin with, things to be built are declared by setting specific
+variables:
+
+    PROGRAMS=foo bar
+    LIBS=libsomething
+    ENGINES=libeng
+    SCRIPTS=myhack
+    EXTRA=file1 file2
+
+Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
+without extensions.  The build file templates will figure them out.
+
+For each thing to be built, it is then possible to say what sources
+they are built from:
+
+    PROGRAMS=foo bar
+    SOURCE[foo]=foo.c common.c
+    SOURCE[bar]=bar.c extra.c common.c
+
+It's also possible to tell some other dependencies:
+
+    DEPEND[foo]=libsomething
+    DEPEND[libbar]=libsomethingelse
+
+(it could be argued that 'libsomething' and 'libsomethingelse' are
+source as well.  However, the files given through SOURCE are expected
+to be located in the source tree while files given through DEPEND are
+expected to be located in the build tree)
+
+For some libraries, we maintain files with public symbols and their
+slot in a transfer vector (important on some platforms).  It can be
+declared like this:
+
+    ORDINALS[libcrypto]=crypto
+
+The value is not the name of the file in question, but rather the
+argument to util/mkdef.pl that indicates which file to use.
+
+One some platforms, shared libraries come with a name that's different
+from their static counterpart.  That's declared as follows:
+
+    SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
+
+The example is from Cygwin, which has a required naming convention.
+
+Sometimes, it makes sense to rename an output file, for example a
+library:
+
+    RENAME[libfoo]=libbar
+
+That lines has "libfoo" get renamed to "libbar".  While it makes no
+sense at all to just have a rename like that (why not just use
+"libbar" everywhere?), it does make sense when it can be used
+conditionally.  See a little further below for an example.
+
+In some cases, it's desirable to include some source files in the
+shared form of a library only:
+
+    SHARED_SOURCE[libfoo]=dllmain.c
+
+For any file to be built, it's also possible to tell what extra
+include paths the build of their source files should use:
+
+    INCLUDE[foo]=include
+
+In some cases, one might want to generate some source files from
+others, that's done as follows:
+
+    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
+    GENERATE[bar.s]=asm/bar.S
+
+The value of each GENERATE line is a command line or part of it.
+Configure places no rules on the command line, except the the first
+item muct be the generator file.  It is, however, entirely up to the
+build file template to define exactly how those command lines should
+be handled, how the output is captured and so on.
+
+Sometimes, the generator file itself depends on other files, for
+example if it is a perl script that depends on other perl modules.
+This can be expressed using DEPEND like this:
+
+    DEPEND[asm/something.pl]=../perlasm/Foo.pm
+
+There may also be cases where the exact file isn't easily specified,
+but an inclusion directory still needs to be specified.  INCLUDE can
+be used in that case:
+
+    INCLUDE[asm/something.pl]=../perlasm
+
+NOTE: GENERATE lines are limited to one command only per GENERATE.
+
+As a last resort, it's possible to have raw build file lines, between
+BEGINRAW and ENDRAW lines as follows:
+
+    BEGINRAW[Makefile(unix)]
+    haha.h: {- $builddir -}/Makefile
+        echo "/* haha */" > haha.h
+    ENDRAW[Makefile(unix)]
+
+The word within square brackets is the build_file configuration item
+or the build_file configuration item followed by the second word in the
+build_scheme configuration item for the configured target within
+parenthesis as shown above.  For example, with the following relevant
+configuration items:
+
+   build_file   => "build.ninja"
+   build_scheme => [ "unified", "unix" ]
+
+... these lines will be considered:
+
+   BEGINRAW[build.ninja]
+   build haha.h: echo "/* haha */" > haha.h
+   ENDRAW[build.ninja]
+
+   BEGINRAW[build.ninja(unix)]
+   build hoho.h: echo "/* hoho */" > hoho.h
+   ENDRAW[build.ninja(unix)]
+
+Should it be needed because the recipes within a RAW section might
+clash with those generated by Configure, it's possible to tell it
+not to generate them with the use of OVERRIDES, for example:
+
+    SOURCE[libfoo]=foo.c bar.c
+    
+    OVERRIDES=bar.o
+    BEGINRAW[Makefile(unix)]
+    bar.o: bar.c
+    	$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
+    ENDRAW[Makefile(unix)]
+
+See the documentation further up for more information on configuration
+items.
+
+Finally, you can have some simple conditional use of the build.info
+information, looking like this:
+
+    IF[1]
+     something
+    ELSIF[2]
+     something other
+    ELSE
+     something else
+    ENDIF
+
+The expression in square brackets is interpreted as a string in perl,
+and will be seen as true if perl thinks it is, otherwise false.  For
+example, the above would have "something" used, since 1 is true.
+
+Together with the use of Text::Template, this can be used as
+conditions based on something in the passed variables, for example:
+
+    IF[{- $disabled{shared} -}]
+      LIBS=libcrypto
+      SOURCE[libcrypto]=...
+    ELSE
+      LIBS=libfoo
+      SOURCE[libfoo]=...
+    ENDIF
+
+or:
+
+    # VMS has a cultural standard where all libraries are prefixed.
+    # For OpenSSL, the choice is 'ossl_'
+    IF[{- $config{target} =~ /^vms/ -}]
+     RENAME[libcrypto]=ossl_libcrypto
+     RENAME[libssl]=ossl_libssl
+    ENDIF
+
+
+Build-file programming with the "unified" build system
+======================================================
+
+"Build files" are called "Makefile" on Unix-like operating systems,
+"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
+
+To use the "unified" build system, the target configuration needs to
+set the three items 'build_scheme', 'build_file' and 'build_command'.
+In the rest of this section, we will assume that 'build_scheme' is set
+to "unified" (see the configurations documentation above for the
+details).
+
+For any name given by 'build_file', the "unified" system expects a
+template file in Configurations/ named like the build file, with
+".tmpl" appended, or in case of possible ambiguity, a combination of
+the second 'build_scheme' list item and the 'build_file' name.  For
+example, if 'build_file' is set to "Makefile", the template could be
+Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
+In case both Configurations/unix-Makefile.tmpl and
+Configurations/Makefile.tmpl are present, the former takes
+precedence.
+
+The build-file template is processed with the perl module
+Text::Template, using "{-" and "-}" as delimiters that enclose the
+perl code fragments that generate configuration-dependent content.
+Those perl fragments have access to all the hash variables from
+configdata.pem.
+
+The build-file template is expected to define at least the following
+perl functions in a perl code fragment enclosed with "{-" and "-}".
+They are all expected to return a string with the lines they produce.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    generator => [ "generatingfile", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ],
+                                     ordinals => [ "word", "/PATH/TO/ordfile" ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.  'ordinals' MAY be present, and when
+                  it is, its value is an array where the word is
+                  "crypto" or "ssl" and the file is one of the ordinal
+                  files util/libeay.num or util/ssleay.num in the
+                  source directory.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dso     - function that produces build file lines to build a
+                  dynamic shared object file from object files.
+
+                  called like this:
+
+                        obj2dso(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/otherlibfile",
+                                ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+In all cases, file file paths are relative to the build tree top, and
+the build file actions run with the build tree top as current working
+directory.
+
+Make sure to end the section with these functions with a string that
+you thing is appropriate for the resulting build file.  If nothing
+else, end it like this:
+
+      "";       # Make sure no lingering values end up in the Makefile
+    -}
+
+
+Configure helper scripts
+========================
+
+Configure uses helper scripts in this directory:
+
+Checker scripts
+---------------
+
+These scripts are per platform family, to check the integrity of the
+tools used for configuration and building.  The checker script used is
+either {build_platform}-{build_file}-checker.pm or
+{build_platform}-checker.pm, where {build_platform} is the second
+'build_scheme' list element from the configuration target data, and
+{build_file} is 'build_file' from the same target data.
+
+If the check succeeds, the script is expected to end with a non-zero
+expression.  If the check fails, the script can end with a zero, or
+with a `die`.
diff --git a/openssl-1.1.0h/Configurations/README.design b/openssl-1.1.0h/Configurations/README.design
new file mode 100644
index 0000000..bea9790
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/README.design
@@ -0,0 +1,641 @@
+Design document for the unified scheme data
+===========================================
+
+How are things connected?
+-------------------------
+
+The unified scheme takes all its data from the build.info files seen
+throughout the source tree.  These files hold the minimum information
+needed to build end product files from diverse sources.  See the
+section on build.info files below.
+
+From the information in build.info files, Configure builds up an
+information database as a hash table called %unified_info, which is
+stored in configdata.pm, found at the top of the build tree (which may
+or may not be the same as the source tree).
+
+Configurations/common.tmpl uses the data from %unified_info to
+generate the rules for building end product files as well as
+intermediary files with the help of a few functions found in the
+build-file templates.  See the section on build-file templates further
+down for more information.
+
+build.info files
+----------------
+
+As mentioned earlier, build.info files are meant to hold the minimum
+information needed to build output files, and therefore only (with a
+few possible exceptions [1]) have information about end products (such
+as scripts, library files and programs) and source files (such as C
+files, C header files, assembler files, etc).  Intermediate files such
+as object files are rarely directly referred to in build.info files (and
+when they are, it's always with the file name extension .o), they are
+inferred by Configure.  By the same rule of minimalism, end product
+file name extensions (such as .so, .a, .exe, etc) are never mentioned
+in build.info.  Their file name extensions will be inferred by the
+build-file templates, adapted for the platform they are meant for (see
+sections on %unified_info and build-file templates further down).
+
+The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
+end products.  There are variants for them with '_NO_INST' as suffix
+(PROGRAM_NO_INST etc) to specify end products that shouldn't get
+installed.
+
+The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
+produced file, and their values are the source used to produce that
+particular produced file, extra dependencies, include directories
+needed, and ordinal files (explained further below.
+
+All their values in all the build.info throughout the source tree are
+collected together and form a set of programs, libraries, engines and
+scripts to be produced, source files, dependencies, etc etc etc.
+
+Let's have a pretend example, a very limited contraption of OpenSSL,
+composed of the program 'apps/openssl', the libraries 'libssl' and
+'libcrypto', an engine 'engines/ossltest' and their sources and
+dependencies.
+
+    # build.info
+    LIBS=libcrypto libssl
+    ORDINALS[libcrypto]=crypto
+    ORDINALS[libssl]=ssl
+    INCLUDE[libcrypto]=include
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+
+This is the top directory build.info file, and it tells us that two
+libraries are to be built, there are some ordinals to be used to
+declare what symbols in those libraries are seen as public, the
+include directory 'include/' shall be used throughout when building
+anything that will end up in each library, and that the library
+'libssl' depend on the library 'libcrypto' to function properly.
+
+    # apps/build.info
+    PROGRAMS=openssl
+    SOURCE[openssl]=openssl.c
+    INCLUDE[openssl]=.. ../include
+    DEPEND[openssl]=../libssl
+
+This is the build.info file in 'apps/', one may notice that all file
+paths mentioned are relative to the directory the build.info file is
+located in.  This one tells us that there's a program to be built
+called 'apps/openssl' (the file name extension will depend on the
+platform and is therefore not mentioned in the build.info file).  It's
+built from one source file, 'apps/openssl.c', and building it requires
+the use of '.' and 'include' include directories (both are declared
+from the point of view of the 'apps/' directory), and that the program
+depends on the library 'libssl' to function properly.
+
+    # crypto/build.info
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=aes.c evp.c cversion.c
+    DEPEND[cversion.o]=buildinf.h
+    
+    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[buildinf.h]=../Makefile
+    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
+
+This is the build.info file in 'crypto', and it tells us a little more
+about what's needed to produce 'libcrypto'.  LIBS is used again to
+declare that 'libcrypto' is to be produced.  This declaration is
+really unnecessary as it's already mentioned in the top build.info
+file, but can make the info file easier to understand.  This is to
+show that duplicate information isn't an issue.
+
+This build.info file informs us that 'libcrypto' is built from a few
+source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
+It also shows us that building the object file inferred from
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it 
+also shows the possibility to declare how some files are generated
+using some script, in this case a perl script, and how such scripts
+can be declared to depend on other files, in this case a perl module.
+
+Two things are worth an extra note:
+
+'DEPEND[cversion.o]' mentions an object file.  DEPEND indexes is the
+only location where it's valid to mention them
+
+Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
+seen from the top directory, no exception.
+
+    # ssl/build.info
+    LIBS=../libssl
+    SOURCE[../libssl]=tls.c
+
+This is the build.info file in 'ssl/', and it tells us that the
+library 'libssl' is built from the source file 'ssl/tls.c'.
+
+    # engines/build.info
+    ENGINES=dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+
+    ENGINES_NO_INST=ossltest
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto
+    INCLUDE[ossltest]=../include
+
+This is the build.info file in 'engines/', telling us that two engines
+called 'engines/dasync' and 'engines/ossltest' shall be built, that
+dasync's source is 'engines/e_dasync.c' and ossltest's source is
+'engines/e_ossltest.c' and that the include directory 'include/' may
+be used when building anything that will be part of these engines.
+Also, both engines depend on the library 'libcrypto' to function
+properly.  Finally, only dasync is being installed, as ossltest is
+only for internal testing.
+
+When Configure digests these build.info files, the accumulated
+information comes down to this:
+
+    LIBS=libcrypto libssl
+    ORDINALS[libcrypto]=crypto
+    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
+    DEPEND[crypto/cversion.o]=crypto/buildinf.h
+    INCLUDE[libcrypto]=include
+    ORDINALS[libssl]=ssl
+    SOURCE[libssl]=ssl/tls.c
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+    
+    PROGRAMS=apps/openssl
+    SOURCE[apps/openssl]=apps/openssl.c
+    INCLUDE[apps/openssl]=. include
+    DEPEND[apps/openssl]=libssl
+
+    ENGINES=engines/dasync
+    SOURCE[engines/dasync]=engines/e_dasync.c
+    DEPEND[engines/dasync]=libcrypto
+    INCLUDE[engines/dasync]=include
+
+    ENGINES_NO_INST=engines/ossltest
+    SOURCE[engines/ossltest]=engines/e_ossltest.c
+    DEPEND[engines/ossltest]=libcrypto
+    INCLUDE[engines/ossltest]=include
+    
+    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[crypto/buildinf.h]=Makefile
+    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
+
+
+A few notes worth mentioning:
+
+LIBS may be used to declare routine libraries only.
+
+PROGRAMS may be used to declare programs only.
+
+ENGINES may be used to declare engines only.
+
+The indexes for SOURCE and ORDINALS must only be end product files,
+such as libraries, programs or engines.  The values of SOURCE
+variables must only be source files (possibly generated)
+
+INCLUDE and DEPEND shows a relationship between different files
+(usually produced files) or between files and directories, such as a
+program depending on a library, or between an object file and some
+extra source file.
+
+When Configure processes the build.info files, it will take it as
+truth without question, and will therefore perform very few checks.
+If the build tree is separate from the source tree, it will assume
+that all built files and up in the build directory and that all source
+files are to be found in the source tree, if they can be found there.
+Configure will assume that source files that can't be found in the
+source tree (such as 'crypto/bildinf.h' in the example above) are
+generated and will be found in the build tree.
+
+
+The %unified_info database
+--------------------------
+
+The information in all the build.info get digested by Configure and
+collected into the %unified_info database, divided into the following
+indexes:
+
+  depends   => a hash table containing 'file' => [ 'dependency' ... ]
+               pairs.  These are directly inferred from the DEPEND
+               variables in build.info files.
+
+  engines   => a list of engines.  These are directly inferred from
+               the ENGINES variable in build.info files.
+
+  generate  => a hash table containing 'file' => [ 'generator' ... ]
+               pairs.  These are directly inferred from the GENERATE
+               variables in build.info files.
+
+  includes  => a hash table containing 'file' => [ 'include' ... ]
+               pairs.  These are directly inferred from the INCLUDE
+               variables in build.info files.
+
+  install   => a hash table containing 'type' => [ 'file' ... ] pairs.
+               The types are 'programs', 'libraries', 'engines' and
+               'scripts', and the array of files list the files of
+               that type that should be installed.
+
+  libraries => a list of libraries.  These are directly inferred from
+               the LIBS variable in build.info files.
+
+  ordinals  => a hash table containing 'file' => [ 'word', 'ordfile' ]
+               pairs.  'file' and 'word' are directly inferred from
+               the ORDINALS variables in build.info files, while the
+               file 'ofile' comes from internal knowledge in
+               Configure.
+
+  programs  => a list of programs.  These are directly inferred from
+               the PROGRAMS variable in build.info files.
+
+  rawlines  => a list of build-file lines.  These are a direct copy of
+               the BEGINRAW..ENDRAW lines in build.info files.  Note:
+               only the BEGINRAW..ENDRAW section for the current
+               platform are copied, the rest are ignored.
+
+  scripts   => a list of scripts.  There are directly inferred from
+               the SCRIPTS variable in build.info files.
+
+  sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
+               pairs.  These are indirectly inferred from the SOURCE
+               variables in build.info files.  Object files are
+               mentioned in this hash table, with source files from
+               SOURCE variables, and AS source files for programs and
+               libraries.
+
+  shared_sources =>
+               a hash table just like 'sources', but only as source
+               files (object files) for building shared libraries.
+
+As an example, here is how the build.info files example from the
+section above would be digested into a %unified_info table:
+
+    our %unified_info = (
+        "depends" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "libssl",
+                    ],
+                "crypto/buildinf.h" =>
+                    [
+                        "Makefile",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/buildinf.h",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "libcrypto",
+                    ],
+                "libssl" =>
+                    [
+                        "libcrypto",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util/Foo.pm",
+                    ],
+            },
+        "engines" =>
+            [
+                "engines/dasync",
+                "engines/ossltest",
+            ],
+        "generate" =>
+            {
+                "crypto/buildinf.h" =>
+                    [
+                        "util/mkbuildinf.pl",
+                        "\"\$(CC)",
+                        "\$(CFLAGS)\"",
+                        "\"$(PLATFORM)\"",
+                    ],
+            },
+        "includes" =>
+            {
+                "apps/openssl" =>
+                    [
+                        ".",
+                        "include",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "include"
+                    ],
+                "libcrypto" =>
+                    [
+                        "include",
+                    ],
+                "libssl" =>
+                    [
+                        "include",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util",
+                    ],
+            }
+        "install" =>
+            {
+                "engines" =>
+                    [
+                        "engines/dasync",
+                    ],
+                "libraries" =>
+                    [
+                        "libcrypto",
+                        "libssl",
+                    ],
+                "programs" =>
+                    [
+                        "apps/openssl",
+                    ],
+           },
+        "libraries" =>
+            [
+                "libcrypto",
+                "libssl",
+            ],
+        "ordinals" =>
+            {
+                "libcrypto" =>
+                    [
+                        "crypto",
+                        "util/libcrypto.num",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl",
+                        "util/libssl.num",
+                    ],
+            },
+        "programs" =>
+            [
+                "apps/openssl",
+            ],
+        "rawlines" =>
+            [
+            ],
+        "sources" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "apps/openssl.o",
+                    ],
+                "apps/openssl.o" =>
+                    [
+                        "apps/openssl.c",
+                    ],
+                "crypto/aes.o" =>
+                    [
+                        "crypto/aes.c",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/cversion.c",
+                    ],
+                "crypto/evp.o" =>
+                    [
+                        "crypto/evp.c",
+                    ],
+                "engines/e_ossltest.o" =>
+                    [
+                        "engines/e_ossltest.c",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "engines/e_ossltest.o",
+                    ],
+                "libcrypto" =>
+                    [
+                        "crypto/aes.c",
+                        "crypto/cversion.c",
+                        "crypto/evp.c",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+                "ssl/tls.o" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+            },
+    );
+
+As can be seen, everything in %unified_info is fairly simple suggest
+of information.  Still, it tells us that to build all programs, we
+must build 'apps/openssl', and to build the latter, we will need to
+build all its sources ('apps/openssl.o' in this case) and all the
+other things it depends on (such as 'libssl').  All those dependencies
+need to be built as well, using the same logic, so to build 'libssl',
+we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
+latter...
+
+
+Build-file templates
+--------------------
+
+Build-file templates are essentially build-files (such as Makefile on
+Unix) with perl code fragments mixed in.  Those perl code fragment
+will generate all the configuration dependent data, including all the
+rules needed to build end product files and intermediary files alike.
+At a minimum, there must be a perl code fragment that defines a set of
+functions that are used to generates specific build-file rules, to
+build static libraries from object files, to build shared libraries
+from static libraries, to programs from object files and libraries,
+etc.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ],
+                                     ordinals => [ "word", "/PATH/TO/ordfile" ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.  'ordinals' MAY be present, and when
+                  it is, its value is an array where the word is
+                  "crypto" or "ssl" and the file is one of the ordinal
+                  files util/libcrypto.num or util/libssl.num in the
+                  source directory.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dynlib  - function that produces build file lines to build a
+                  dynamically loadable library file ("libfoo.so" on
+                  Unix) from object files.
+
+                  called like this:
+
+                        obj2dynlib(lib => "PATH/TO/libfile",
+                                   objs => [ "PATH/TO/objectfile", ... ],
+                                   deps => [ "PATH/TO/otherlibfile",
+                                   ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+Along with the build-file templates is the driving engine
+Configurations/common.tmpl, which looks through all the information in
+%unified_info and generates all the rulesets to build libraries,
+programs and all intermediate files, using the rule generating
+functions defined in the build-file template.
+
+As an example with the smaller build.info set we've seen as an
+example, producing the rules to build 'libcrypto' would result in the
+following calls:
+
+    # Note: libobj2shlib will only be called if shared libraries are
+    # to be produced.
+    # Note 2: libobj2shlib gets both the name of the static library
+    # and the names of all the object files that go into it.  It's up
+    # to the implementation to decide which to use as input.
+    # Note 3: common.tmpl peals off the ".o" extension from all object
+    # files, as the platform at hand may have a different one.
+    libobj2shlib(shlib => "libcrypto",
+                 lib => "libcrypto",
+                 objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
+                 deps => [  ]
+                 ordinals => [ "crypto", "util/libcrypto.num" ]);
+
+    obj2lib(lib => "libcrypto"
+            objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
+
+    src2obj(obj => "crypto/aes"
+            srcs => [ "crypto/aes.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/evp"
+            srcs => [ "crypto/evp.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/cversion"
+            srcs => [ "crypto/cversion.c" ],
+            deps => [ "crypto/buildinf.h" ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    generatesrc(src => "crypto/buildinf.h",
+                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
+                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
+                generator_incs => [ "util" ],
+                generator_deps => [ "util/Foo.pm" ],
+                incs => [ ],
+                deps => [ ],
+                intent => "lib");
+
+The returned strings from all those calls are then concatenated
+together and written to the resulting build-file.
diff --git a/openssl-1.1.0h/Configurations/common.tmpl b/openssl-1.1.0h/Configurations/common.tmpl
new file mode 100644
index 0000000..13ffe94
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/common.tmpl
@@ -0,0 +1,229 @@
+{- # -*- Mode: perl -*-
+
+ use File::Basename;
+
+ # A cache of objects for which a recipe has already been generated
+ my %cache;
+
+ # resolvedepends and reducedepends work in tandem to make sure
+ # there are no duplicate dependencies and that they are in the
+ # right order.  This is especially used to sort the list of
+ # libraries that a build depends on.
+ sub resolvedepends {
+     my $thing = shift;
+     my @listsofar = @_;    # to check if we're looping
+     my @list = @{$unified_info{depends}->{$thing}};
+     my @newlist = ();
+     if (scalar @list) {
+         foreach my $item (@list) {
+             # It's time to break off when the dependency list starts looping
+             next if grep { $_ eq $item } @listsofar;
+             push @newlist, $item, resolvedepends($item, @listsofar, $item);
+         }
+     }
+     @newlist;
+ }
+ sub reducedepends {
+     my @list = @_;
+     my @newlist = ();
+     while (@list) {
+         my $item = shift @list;
+         push @newlist, $item
+             unless grep { $item eq $_ } @list;
+     }
+     @newlist;
+ }
+
+ # dogenerate is responsible for producing all the recipes that build
+ # generated source files.  It recurses in case a dependency is also a
+ # generated source file.
+ sub dogenerate {
+     my $src = shift;
+     return "" if $cache{$src};
+     my $obj = shift;
+     my $bin = shift;
+     my %opts = @_;
+     if ($unified_info{generate}->{$src}) {
+         die "$src is generated by Configure, should not appear in build file\n"
+             if ref $unified_info{generate}->{$src} eq "";
+         my $script = $unified_info{generate}->{$src}->[0];
+         $OUT .= generatesrc(src => $src,
+                             generator => $unified_info{generate}->{$src},
+                             generator_incs => $unified_info{includes}->{$script},
+                             generator_deps => $unified_info{depends}->{$script},
+                             deps => $unified_info{depends}->{$src},
+                             incs => $unified_info{includes}->{$obj},
+                             %opts);
+         foreach (@{$unified_info{depends}->{$src}}) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$src} = 1;
+ }
+
+ # doobj is responsible for producing all the recipes that build
+ # object files as well as dependency files.
+ sub doobj {
+     my $obj = shift;
+     return "" if $cache{$obj};
+     (my $obj_no_o = $obj) =~ s|\.o$||;
+     my $bin = shift;
+     my %opts = @_;
+     if (@{$unified_info{sources}->{$obj}}) {
+         $OUT .= src2obj(obj => $obj_no_o,
+                         srcs => $unified_info{sources}->{$obj},
+                         deps => $unified_info{depends}->{$obj},
+                         incs => $unified_info{includes}->{$obj},
+                         %opts);
+         foreach ((@{$unified_info{sources}->{$obj}},
+                   @{$unified_info{depends}->{$obj}})) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$obj} = 1;
+ }
+
+ # dolib is responsible for building libraries.  It will call
+ # libobj2shlib is shared libraries are produced, and obj2lib in all
+ # cases.  It also makes sure all object files for the library are
+ # built.
+ sub dolib {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     unless ($disabled{shared}) {
+         my %ordinals =
+             $unified_info{ordinals}->{$lib}
+             ? (ordinals => $unified_info{ordinals}->{$lib}) : ();
+         $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
+                              lib => $lib,
+                              objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                                        (@{$unified_info{sources}->{$lib}},
+                                         @{$unified_info{shared_sources}->{$lib}}) ],
+                              deps => [ reducedepends(resolvedepends($lib)) ],
+                              %ordinals);
+         foreach (@{$unified_info{shared_sources}->{$lib}}) {
+             doobj($_, $lib, intent => "lib");
+         }
+     }
+     $OUT .= obj2lib(lib => $lib,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               @{$unified_info{sources}->{$lib}} ]);
+     foreach (@{$unified_info{sources}->{$lib}}) {
+         doobj($_, $lib, intent => "lib");
+     }
+     $cache{$lib} = 1;
+ }
+
+ # doengine is responsible for building engines.  It will call
+ # obj2dso, and also makes sure all object files for the library
+ # are built.
+ sub doengine {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     $OUT .= obj2dso(lib => $lib,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               (@{$unified_info{sources}->{$lib}},
+                                @{$unified_info{shared_sources}->{$lib}}) ],
+                     deps => [ resolvedepends($lib) ]);
+     foreach ((@{$unified_info{sources}->{$lib}},
+               @{$unified_info{shared_sources}->{$lib}})) {
+         doobj($_, $lib, intent => "dso");
+     }
+     $cache{$lib} = 1;
+ }
+
+ # dobin is responsible for building programs.  It will call obj2bin,
+ # and also makes sure all object files for the library are built.
+ sub dobin {
+     my $bin = shift;
+     return "" if $cache{$bin};
+     my $deps = [ reducedepends(resolvedepends($bin)) ];
+     $OUT .= obj2bin(bin => $bin,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               @{$unified_info{sources}->{$bin}} ],
+                     deps => $deps);
+     foreach (@{$unified_info{sources}->{$bin}}) {
+         doobj($_, $bin, intent => "bin");
+     }
+     $cache{$bin} = 1;
+ }
+
+ # dobin is responsible for building scripts from templates.  It will
+ # call in2script.
+ sub doscript {
+     my $script = shift;
+     return "" if $cache{$script};
+     $OUT .= in2script(script => $script,
+                       sources => $unified_info{sources}->{$script});
+     $cache{$script} = 1;
+ }
+
+ sub dodir {
+     my $dir = shift;
+     return "" if !exists(&generatedir) or $cache{$dir};
+     $OUT .= generatedir(dir => $dir,
+                         deps => $unified_info{dirinfo}->{$dir}->{deps},
+                         %{$unified_info{dirinfo}->{$_}->{products}});
+     $cache{$dir} = 1;
+ }
+
+ # Start with populating the cache with all the overrides
+ %cache = map { $_ => 1 } @{$unified_info{overrides}};
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable.  Then, add build rules for those
+ # directories
+ if (exists &generatedir) {
+     my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
+                      "lib" => [ @{$unified_info{libraries}} ],
+                      "bin" => [ @{$unified_info{programs}} ],
+                      "script" => [ @{$unified_info{scripts}} ] );
+     foreach my $type (keys %loopinfo) {
+         foreach my $product (@{$loopinfo{$type}}) {
+             my %dirs = ();
+             my $pd = dirname($product);
+
+             # We already have a "test" target, and the current directory
+             # is just silly to make a target for
+             $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
+
+             foreach (@{$unified_info{sources}->{$product}}) {
+                 my $d = dirname($_);
+
+                 # We don't want to create targets for source directories
+                 # when building out of source
+                 next if ($config{sourcedir} ne $config{builddir}
+                          && $d =~ m|^\Q$config{sourcedir}\E|);
+                 # We already have a "test" target, and the current directory
+                 # is just silly to make a target for
+                 next if $d eq "test" || $d eq ".";
+
+                 $dirs{$d} = 1;
+                 push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+                     if $d ne $pd;
+             }
+             foreach (keys %dirs) {
+                 push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+                 $product;
+             }
+         }
+     }
+ }
+
+ # Build mandatory generated headers
+ foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
+
+ # Build all known libraries, engines, programs and scripts.
+ # Everything else will be handled as a consequence.
+ foreach (@{$unified_info{libraries}}) { dolib($_);    }
+ foreach (@{$unified_info{engines}})   { doengine($_); }
+ foreach (@{$unified_info{programs}})  { dobin($_);    }
+ foreach (@{$unified_info{scripts}})   { doscript($_); }
+
+ foreach (sort keys %{$unified_info{dirinfo}})  { dodir($_); }
+
+ # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
+ # they are added here.
+ $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
+-}
diff --git a/openssl-1.1.0h/Configurations/descrip.mms.tmpl b/openssl-1.1.0h/Configurations/descrip.mms.tmpl
new file mode 100644
index 0000000..7e3356f
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/descrip.mms.tmpl
@@ -0,0 +1,780 @@
+## descrip.mms to build OpenSSL on OpenVMS
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+  use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+  # Our prefix, claimed when speaking with the VSI folks Tuesday
+  # January 26th 2016
+  our $osslprefix = 'OSSL$';
+  (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
+
+  our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor};
+  our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
+
+  our $sourcedir = $config{sourcedir};
+  our $builddir = $config{builddir};
+  sub sourcefile {
+      catfile($sourcedir, @_);
+  }
+  sub buildfile {
+      catfile($builddir, @_);
+  }
+  sub sourcedir {
+      catdir($sourcedir, @_);
+  }
+  sub builddir {
+      catdir($builddir, @_);
+  }
+  sub tree {
+      (my $x = shift) =~ s|\]$|...]|;
+      $x
+  }
+  sub move {
+      my $f = catdir(@_);
+      my $b = abs2rel(rel2abs("."),rel2abs($f));
+      $sourcedir = catdir($b,$sourcedir)
+          if !file_name_is_absolute($sourcedir);
+      $builddir = catdir($b,$builddir)
+          if !file_name_is_absolute($builddir);
+      "";
+  }
+
+  # Because we need to make two computations of these data,
+  # we store them in arrays for reuse
+  our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}};
+  our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}};
+  our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
+                       grep { defined $unified_info{generate}->{$_} }
+                       map { @{$unified_info{sources}->{$_}} }
+                       grep { /\.o$/ } keys %{$unified_info{sources}} ),
+                     ( grep { /\.h$/ } keys %{$unified_info{generate}} ) );
+
+  # This is a horrible hack, but is needed because recursive inclusion of files
+  # in different directories does not work well with HP C.
+  my $sd = sourcedir("crypto", "async", "arch");
+  foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) {
+      (my $x = $_) =~ s|\.o$|.OBJ|;
+      $unified_info{before}->{$x}
+          = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define arch 'arch_include');
+      $unified_info{after}->{$x}
+          = qq(deassign arch);
+  }
+  my $sd1 = sourcedir("ssl","record");
+  my $sd2 = sourcedir("ssl","statem");
+  $unified_info{before}->{"[.test]heartbeat_test.OBJ"}
+      = $unified_info{before}->{"[.test]ssltest_old.OBJ"}
+      = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define record 'record_include'
+        statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define statem 'statem_include');
+  $unified_info{after}->{"[.test]heartbeat_test.OBJ"}
+      = $unified_info{after}->{"[.test]ssltest.OBJ"}
+      = qq(deassign statem
+        deassign record);
+  foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) {
+      (my $x = $_) =~ s|\.o$|.OBJ|;
+      $unified_info{before}->{$x}
+          = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define record 'record_include'
+        statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define statem 'statem_include');
+      $unified_info{after}->{$x}
+          = qq(deassign statem
+        deassign record);
+  }
+  # This makes sure things get built in the order they need
+  # to. You're welcome.
+  sub dependmagic {
+      my $target = shift;
+
+      return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
+  }
+  #use Data::Dumper;
+  #print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
+  #print STDERR "DEBUG: after:\n", Dumper($unified_info{after});
+  "";
+-}
+PLATFORM={- $config{target} -}
+OPTIONS={- $config{options} -}
+CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+# Allow both V and VERBOSE to indicate verbosity.  This only applies
+# to testing.
+VERBOSE=$(V)
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
+SHLIB_MAJOR={- $config{shlib_major} -}
+SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_TARGET={- $target{shared_target} -}
+
+EXE_EXT=.EXE
+LIB_EXT=.OLB
+SHLIB_EXT=.EXE
+OBJ_EXT=.OBJ
+DEP_EXT=.D
+
+LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -}
+SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
+ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
+PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
+SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
+                    grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                    keys %{$unified_info{sources}};
+        join(", ", map { "-\n\t".$_ } @deps); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
+GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -}
+
+INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
+INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=[.tools]c_rehash.pl
+MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
+# DESTDIR is for package builders so that they can configure for, say,
+# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
+# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
+# MMS with /MACROS=(DESTDIR=STAGING:[USER]).  The result will end up in
+# STAGING:[USER.OPENSSL].
+# Normally it is left empty.
+DESTDIR=
+
+# Do not edit this manually. Use Configure --prefix=DIR to change this!
+INSTALLTOP={- our $installtop =
+                  catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]";
+              $installtop -}
+SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
+# This is the standard central area to store certificates, private keys...
+OPENSSLDIR={- catdir($config{openssldir}) or
+              $config{prefix} ? catdir($config{prefix},"COMMON")
+                              : "SYS\$COMMON:[OPENSSL-COMMON]" -}
+# The same, but for C
+OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
+# Where installed engines reside, for C
+ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}:
+
+CC= {- $target{cc} -}
+CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
+CFLAGS_Q=$(CFLAGS)
+DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
+LDFLAGS= {- $target{lflags} -}
+EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -}
+LIB_CFLAGS={- $target{lib_cflags} || "" -}
+DSO_CFLAGS={- $target{dso_cflags} || "" -}
+BIN_CFLAGS={- $target{bin_cflags} || "" -}
+
+PERL={- $config{perl} -}
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS={- $target{as} -}
+ASFLAG={- $target{asflags} -}
+
+# .FIRST and .LAST are special targets with MMS and MMK.
+# The defines in there are for C.  includes that look like
+# this:
+#
+#    #include <openssl/foo.h>
+#    #include "internal/bar.h"
+#
+# will use the logical names to find the files.  Expecting
+# DECompHP C to find files in subdirectories of whatever was
+# given with /INCLUDE is a fantasy, unfortunately.
+NODEBUG=@
+.FIRST :
+        $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;"
+        $(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
+        $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
+        $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3'
+        $(NODEBUG) staging_dir = "$(DESTDIR)"
+        $(NODEBUG) staging_instdir = ""
+        $(NODEBUG) staging_datadir = ""
+        $(NODEBUG) IF staging_dir .NES. "" THEN -
+                staging_instdir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
+        $(NODEBUG) IF staging_instdir - "]A.;" .NES. staging_instdir THEN -
+                staging_instdir = staging_instdir - "]A.;" + ".OPENSSL-INSTALL]"
+        $(NODEBUG) IF staging_instdir - "A.;" .NES. staging_instdir THEN -
+                staging_instdir = staging_instdir - "A.;" + "[OPENSSL-INSTALL]"
+        $(NODEBUG) IF staging_dir .NES. "" THEN -
+                staging_datadir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
+        $(NODEBUG) IF staging_datadir - "]A.;" .NES. staging_datadir THEN -
+                staging_datadir = staging_datadir - "]A.;" + ".OPENSSL-COMMON]"
+        $(NODEBUG) IF staging_datadir - "A.;" .NES. staging_datadir THEN -
+                staging_datadir = staging_datadir - "A.;" + "[OPENSSL-COMMON]"
+        $(NODEBUG) !
+        $(NODEBUG) ! Installation logical names
+        $(NODEBUG) !
+        $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) DEFINE ossl_installroot 'installtop'
+        $(NODEBUG) DEFINE ossl_dataroot 'datatop'
+        $(NODEBUG) !
+        $(NODEBUG) ! Figure out the architecture
+        $(NODEBUG) !
+        $(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase")
+        $(NODEBUG) !
+        $(NODEBUG) ! Set up logical names for the libraries, so LINK and
+        $(NODEBUG) ! running programs can use them.
+        $(NODEBUG) !
+        $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
+
+.LAST :
+        $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
+        $(NODEBUG) DEASSIGN ossl_dataroot
+        $(NODEBUG) DEASSIGN ossl_installroot
+        $(NODEBUG) DEASSIGN internal
+        $(NODEBUG) DEASSIGN openssl
+.DEFAULT :
+        @ ! MMS cannot handle no actions...
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -} : build_libs_nodep, build_engines_nodep, build_programs_nodep
+{- dependmagic('build_libs'); -} : build_libs_nodep
+{- dependmagic('build_engines'); -} : build_engines_nodep
+{- dependmagic('build_programs'); -} : build_programs_nodep
+
+build_generated : $(GENERATED_MANDATORY)
+build_libs_nodep : $(LIBS), $(SHLIBS)
+build_engines_nodep : $(ENGINES)
+build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests : build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
+
+test : tests
+{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
+        @ ! {- output_off() if $disabled{tests}; "" -}
+        SET DEFAULT [.test]{- move("test") -}
+        CREATE/DIR [.test-runs]
+        DEFINE SRCTOP {- sourcedir() -}
+        DEFINE BLDTOP {- builddir() -}
+        DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
+        DEFINE OPENSSL_ENGINES {- builddir("engines") -}
+        DEFINE OPENSSL_DEBUG_MEMORY "on"
+        IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
+        $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
+        DEASSIGN OPENSSL_DEBUG_MEMORY
+        DEASSIGN OPENSSL_ENGINES
+        DEASSIGN BLDTOP
+        DEASSIGN SRCTOP
+        SET DEFAULT [-]{- move("..") -}
+        @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+        @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
+        @ ! {- output_on() if !$disabled{tests}; "" -}
+
+list-tests :
+        @ ! {- output_off() if $disabled{tests}; "" -}
+        @ DEFINE SRCTOP {- sourcedir() -}
+        @ $(PERL) {- sourcefile("test", "run_tests.pl") -} list
+        @ DEASSIGN SRCTOP
+        @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+        @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
+        @ ! {- output_on() if !$disabled{tests}; "" -}
+
+install : install_sw install_ssldirs install_docs
+        @ WRITE SYS$OUTPUT ""
+        @ WRITE SYS$OUTPUT "######################################################################"
+        @ WRITE SYS$OUTPUT ""
+        @ IF "$(DESTDIR)" .EQS. "" THEN -
+             PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
+                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+                    WRITE SYS$OUTPUT "" )
+        @ IF "$(DESTDIR)" .NES. "" THEN -
+             PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; -
+                    WRITE SYS$OUTPUT staging_instdir ; -
+                    WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; -
+                    WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; -
+                    WRITE SYS$OUTPUT staging_datadir ; -
+                    WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
+                    WRITE SYS$OUTPUT "" ; -
+                    WRITE SYS$OUTPUT "When in its final destination," ; -
+                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
+                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
+                    WRITE SYS$OUTPUT "" )
+
+check_install :
+        spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
+
+uninstall : uninstall_docs uninstall_sw
+
+# Because VMS wants the generation number (or *) to delete files, we can't
+# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
+libclean :
+        {- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -}
+
+clean : libclean
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
+        {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
+        - DELETE [...]*.MAP;*
+        - DELETE [...]*.D;*
+        - DELETE [...]*.OBJ;*,*.LIS;*
+        - DELETE []CXX$DEMANGLER_DB.;*
+        - DELETE [.VMS]openssl_startup.com;*
+        - DELETE [.VMS]openssl_shutdown.com;*
+        - DELETE []vmsconfig.pm;*
+
+distclean : clean
+        - DELETE configdata.pm;*
+        - DELETE descrip.mms;*
+
+depend : descrip.mms
+descrip.mms : FORCE
+	@ ! {- output_off() if $disabled{makedepend}; "" -}
+        @ $(PERL) -pe "if (/^# DO NOT DELETE.*/) { exit(0); }" -
+                < descrip.mms > descrip.mms-new
+        @ OPEN/APPEND DESCRIP descrip.mms-new
+        @ WRITE DESCRIP "# DO NOT DELETE THIS LINE -- make depend depends on it."
+        {- join("\n\t", map { "\@ IF F\$SEARCH(\"$_\") .NES. \"\" THEN TYPE $_ /OUTPUT=DESCRIP:" } @deps); -}
+        @ CLOSE DESCRIP
+        @ PIPE ( $(PERL) -e "use File::Compare qw/compare_text/; my $x = compare_text(""descrip.mms"",""descrip.mms-new""); exit(0x10000000 + ($x == 0));" || -
+                 RENAME descrip.mms-new descrip.mms )
+        @ IF F$SEARCH("descrip.mms-new") .NES. "" THEN DELETE descrip.mms-new;*
+        -@ SPAWN/OUTPUT=NLA0: PURGE/NOLOG descrip.mms
+	@ ! {- output_on() if $disabled{makedepend}; "" -}
+
+# Install helper targets #############################################
+
+install_sw : all install_shared _install_dev_ns -
+             install_engines _install_runtime_ns -
+             install_startup install_ivp
+
+uninstall_sw : uninstall_shared _uninstall_dev_ns -
+               uninstall_engines _uninstall_runtime_ns -
+               uninstall_startup uninstall_ivp
+
+install_docs : install_html_docs
+
+uninstall_docs : uninstall_html_docs
+
+install_ssldirs : check_INSTALLTOP
+        - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
+        IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN -
+                CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
+        COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
+        @ ! Install configuration file
+        COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
+                ossl_dataroot:[000000]openssl.cnf-dist
+        IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
+                COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
+                        ossl_dataroot:[000000]openssl.cnf
+
+install_shared : check_INSTALLTOP
+        @ {- output_off() if $disabled{shared}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing shareable images"
+        @ ! Install shared (runtime) libraries
+        - CREATE/DIR ossl_installroot:[LIB.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
+                @install_shlibs) -}
+        @ {- output_on() if $disabled{shared}; "" -} !
+
+_install_dev_ns : check_INSTALLTOP
+        @ WRITE SYS$OUTPUT "*** Installing development files"
+        @ ! Install header files
+        - CREATE/DIR ossl_installroot:[include.openssl]
+        COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl]
+        @ ! Install static (development) libraries
+        - CREATE/DIR ossl_installroot:[LIB.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
+                @{$unified_info{install}->{libraries}}) -}
+
+install_dev : install_shared _install_dev_ns
+
+_install_runtime_ns : check_INSTALLTOP
+        @ ! Install the main program
+        - CREATE/DIR ossl_installroot:[EXE.'arch']
+        COPY/PROT=W:RE [.APPS]openssl.EXE -
+                ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
+        @ ! Install scripts
+        COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
+        @ ! {- output_on() if $disabled{apps}; "" -}
+
+install_runtime : install_shared _install_runtime_ns
+
+install_engines : check_INSTALLTOP
+        @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing engines"
+        - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
+                @{$unified_info{install}->{engines}}) -}
+        @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
+
+install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
+                 [.VMS]openssl_utils.com, check_INSTALLTOP
+        - CREATE/DIR ossl_installroot:[SYS$STARTUP]
+        COPY/PROT=W:RE [.VMS]openssl_startup.com -
+                ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com
+        COPY/PROT=W:RE [.VMS]openssl_shutdown.com -
+                ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com
+        COPY/PROT=W:RE [.VMS]openssl_utils.com -
+                ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com
+
+install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP
+        - CREATE/DIR ossl_installroot:[SYSTEST]
+        COPY/PROT=W:RE [.VMS]openssl_ivp.com -
+                ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
+
+[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_startup.com.in") -} -
+                > [.VMS]openssl_startup.com
+
+[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_utils.com.in") -} -
+                > [.VMS]openssl_utils.com
+
+[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_shutdown.com.in") -} -
+                > [.VMS]openssl_shutdown.com
+
+[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -}
+        - CREATE/DIR [.VMS]
+        $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
+                {- sourcefile("VMS", "openssl_ivp.com.in") -} -
+                > [.VMS]openssl_ivp.com
+
+vmsconfig.pm : configdata.pm
+        OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
+        WRITE CONFIG "package vmsconfig;"
+        WRITE CONFIG "use strict; use warnings;"
+        WRITE CONFIG "use Exporter;"
+        WRITE CONFIG "our @ISA = qw(Exporter);"
+        WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
+        WRITE CONFIG "our %config = ("
+        WRITE CONFIG "  target => '","{- $config{target} -}","',"
+        WRITE CONFIG "  version => '","{- $config{version} -}","',"
+        WRITE CONFIG "  shlib_major => '","{- $config{shlib_major} -}","',"
+        WRITE CONFIG "  shlib_minor => '","{- $config{shlib_minor} -}","',"
+        WRITE CONFIG "  no_shared => '","{- $disabled{shared} -}","',"
+        WRITE CONFIG "  INSTALLTOP => '$(INSTALLTOP)',"
+        WRITE CONFIG "  OPENSSLDIR => '$(OPENSSLDIR)',"
+        WRITE CONFIG "  pointer_size => '","{- $target{pointer_size} -}","',"
+        WRITE CONFIG ");"
+        WRITE CONFIG "our %target = ();"
+        WRITE CONFIG "our %disabled = ();"
+        WRITE CONFIG "our %withargs = ();"
+        WRITE CONFIG "our %unified_info = ();"
+        WRITE CONFIG "1;"
+        CLOSE CONFIG
+
+install_html_docs : check_INSTALLTOP
+        sourcedir = F$PARSE("{- $sourcedir -}A.;","[]") - "]A.;" + ".DOC]"
+        $(PERL) {- sourcefile("util", "process_docs.pl") -} -
+                --sourcedir='sourcedir' --destdir=ossl_installroot:[HTML] -
+                --type=html
+
+check_INSTALLTOP :
+        @ IF "$(INSTALLTOP)" .EQS. "" THEN -
+                WRITE SYS$ERROR "INSTALLTOP should not be empty"
+        @ IF "$(INSTALLTOP)" .EQS. "" THEN -
+                EXIT %x10000002
+
+# Helper targets #####################################################
+
+# Developer targets ##################################################
+
+debug_logicals :
+        SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot
+
+# Building targets ###################################################
+
+configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+        @ WRITE SYS$OUTPUT "Reconfiguring..."
+        perl $(SRCDIR)Configure reconf
+        @ WRITE SYS$OUTPUT "*************************************************"
+        @ WRITE SYS$OUTPUT "***                                           ***"
+        @ WRITE SYS$OUTPUT "***   Please run the same mms command again   ***"
+        @ WRITE SYS$OUTPUT "***                                           ***"
+        @ WRITE SYS$OUTPUT "*************************************************"
+        @ PIPE ( EXIT %X10000000 )
+
+{-
+  use File::Basename;
+  use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
+
+  sub generatesrc {
+      my %args = @_;
+      my $generator = join(" ", @{$args{generator}});
+      my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
+      my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
+
+      if ($args{src} !~ /\.[sS]$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+	      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$args{src} : $args{generator}->[0] $deps
+	\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
+	    "-o$target{build_file}" $generator > \$@
+EOF
+	  } else {
+              return <<"EOF";
+$args{src} : $args{generator}->[0] $deps
+	\$(PERL)$generator_incs $generator > \$@
+EOF
+	  }
+      } else {
+          die "No method to generate assembler source present.\n";
+      }
+  }
+
+  sub src2obj {
+      my %args = @_;
+      my $obj = $args{obj};
+      my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}});
+
+      # Because VMS C isn't very good at combining a /INCLUDE path with
+      # #includes having a relative directory (like '#include "../foo.h"),
+      # the best choice is to move to the first source file's intended
+      # directory before compiling, and make sure to write the object file
+      # in the correct position (important when the object tree is other
+      # than the source tree).
+      my $forward = dirname($args{srcs}->[0]);
+      my $backward = abs2rel(rel2abs("."), rel2abs($forward));
+      my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward));
+      my $objn = basename($obj);
+      my $srcs =
+          join(", ",
+               map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
+      my $ecflags = { lib => '$(LIB_CFLAGS)',
+                      dso => '$(DSO_CFLAGS)',
+                      bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
+      my $incs_on = "\@ !";
+      my $incs_off = "\@ !";
+      my $incs = "";
+      my @incs = ();
+      push @incs, @{$args{incs}} if @{$args{incs}};
+      unless ($disabled{zlib}) {
+          # GNV$ZLIB_INCLUDE is the standard logical name for later zlib
+          # incarnations.
+          push @incs, ($withargs{zlib_include} || 'GNV$ZLIB_INCLUDE:');
+      }
+      if (@incs) {
+          $incs_on =
+              "DEFINE tmp_includes "
+              .join(",-\n\t\t\t", map {
+                                      file_name_is_absolute($_)
+                                      ? $_ : catdir($backward,$_)
+                                  } @incs);
+          $incs_off = "DEASSIGN tmp_includes";
+          $incs = " /INCLUDE=(tmp_includes:)";
+      }
+      my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
+      my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
+      my $depbuild = $disabled{makedepend} ? ""
+          : " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)";
+
+      return <<"EOF";
+$obj.OBJ : $deps
+        ${before}
+        SET DEFAULT $forward
+        $incs_on
+        \$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
+        $incs_off
+        SET DEFAULT $backward
+        ${after}
+        \@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || -
+                 RENAME $obj.tmp-D $obj.d )
+        \@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;*
+        - PURGE $obj.OBJ
+EOF
+  }
+  sub libobj2shlib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $shlib = $args{shlib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
+      my @deps = map {
+          $disabled{shared} ? $_.".OLB"
+              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+      my $deps = join(", -\n\t\t", @deps);
+      my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
+      my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
+      my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
+                                               "VMS", "engine.opt")),
+                               rel2abs($config{builddir}));
+      my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
+                                             "util", "mkdef.pl")),
+                             rel2abs($config{builddir}));
+      my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                     "VMS", "translatesyms.pl")),
+                                     rel2abs($config{builddir}));
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt =
+          join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             $x =~ s|(\.EXE)|$1/SHARE|;
+                             $x =~ s|(\.OLB)|$1/LIB|;
+                             "WRITE OPT_FILE \"$x\"" } @deps)
+          || "\@ !";
+      return <<"EOF";
+$shlib.EXE : $lib.OLB $deps $ordinalsfile
+        \$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp
+        \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC
+        DELETE $shlib.SYMVEC-tmp;*
+        OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT
+        WRITE OPT_FILE "IDENTIFICATION=""V$config{version}"""
+        TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE:
+        WRITE OPT_FILE "$lib.OLB/LIBRARY"
+        $write_opt
+        CLOSE OPT_FILE
+        LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS)
+        DELETE $shlib.SYMVEC;*
+        PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP
+EOF
+  }
+  sub obj2dso {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      (my $libn_nolib = $libn) =~ s/^lib//;
+      my @objs = map { "$_.OBJ" } @{$args{objs}};
+      my @deps = map {
+          $disabled{shared} ? $_.".OLB"
+              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+      my $deps = join(", -\n\t\t", @objs, @deps);
+      my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
+      my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
+                                               "VMS", "engine.opt")),
+                               rel2abs($config{builddir}));
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt1 =
+          join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                                 "WRITE OPT_FILE \"$x" } @objs).
+          "\"";
+      my $write_opt2 =
+          join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             $x =~ s|(\.EXE)|$1/SHARE|;
+                             $x =~ s|(\.OLB)|$1/LIB|;
+                             "WRITE OPT_FILE \"$x\"" } @deps)
+          || "\@ !";
+      return <<"EOF";
+$lib.EXE : $deps
+        OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
+        TYPE $engine_opt /OUTPUT=OPT_FILE:
+        $write_opt1
+        $write_opt2
+        CLOSE OPT_FILE
+        LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS)
+        - PURGE $lib.EXE,$lib.OPT,$lib.MAP
+EOF
+  }
+  sub obj2lib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $objs = join(", -\n\t\t", map { $_.".OBJ" } (@{$args{objs}}));
+      my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_.OBJ" }
+                                    @{$args{objs}}));
+      return <<"EOF";
+$lib.OLB : $objs
+        LIBRARY/CREATE/OBJECT $lib.OLB
+        $fill_lib
+        - PURGE $lib.OLB
+EOF
+  }
+  sub obj2bin {
+      my %args = @_;
+      my $bin = $args{bin};
+      my $bind = dirname($bin);
+      my $binn = basename($bin);
+      my @objs = map { "$_.OBJ" } @{$args{objs}};
+      my @deps = map {
+          $disabled{shared} ? $_.".OLB"
+              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+      my $deps = join(", -\n\t\t", @objs, @deps);
+      # The "[]" hack is because in .OPT files, each line inherits the
+      # previous line's file spec as default, so if no directory spec
+      # is present in the current line and the previous line has one that
+      # doesn't apply, you're in for a surprise.
+      my $write_opt1 =
+          join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                                 "WRITE OPT_FILE \"$x" } @objs).
+          "\"";
+      my $write_opt2 =
+          join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
+                             $x =~ s|(\.EXE)|$1/SHARE|;
+                             $x =~ s|(\.OLB)|$1/LIB|;
+                             "WRITE OPT_FILE \"$x\"" } @deps)
+          || "\@ !";
+      return <<"EOF";
+$bin.EXE : $deps
+        OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
+        $write_opt1
+        $write_opt2
+        CLOSE OPT_FILE
+        LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS)
+        - PURGE $bin.EXE,$bin.OPT
+EOF
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      return "" if grep { $_ eq $script } @{$args{sources}}; # No overwrite!
+      my $sources = join(" ", @{$args{sources}});
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script : $sources
+        \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
+	    "-o$target{build_file}" $sources > $script
+        SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
+        PURGE $script
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/openssl-1.1.0h/Configurations/unix-Makefile.tmpl b/openssl-1.1.0h/Configurations/unix-Makefile.tmpl
new file mode 100644
index 0000000..40cf2c3
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/unix-Makefile.tmpl
@@ -0,0 +1,1044 @@
+##
+## Makefile for OpenSSL
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+     our $objext = $target{obj_extension} || ".o";
+     our $depext = $target{dep_extension} || ".d";
+     our $exeext = $target{exe_extension} || "";
+     our $libext = $target{lib_extension} || ".a";
+     our $shlibext = $target{shared_extension} || ".so";
+     our $shlibvariant = $target{shlib_variant} || "";
+     our $shlibextsimple = $target{shared_extension_simple} || ".so";
+     our $shlibextimport = $target{shared_import_extension} || "";
+     our $dsoext = $target{dso_extension} || ".so";
+
+     sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
+
+     our $sover = $config{target} =~ /^mingw/
+         ? $config{shlib_major}."_".$config{shlib_minor}
+         : $config{shlib_major}.".".$config{shlib_minor};
+
+     # shlib and shlib_simple both take a static library name and figure
+     # out what the shlib name should be.
+     #
+     # When OpenSSL is configured "no-shared", these functions will just
+     # return empty lists, making them suitable to join().
+     #
+     # With Windows DLL producers, shlib($libname) will return the shared
+     # library name (which usually is different from the static library
+     # name) with the default shared extension appended to it, while
+     # shlib_simple($libname) will return the static library name with
+     # the shared extension followed by ".a" appended to it.  The former
+     # result is used as the runtime shared library while the latter is
+     # used as the DLL import library.
+     #
+     # On all Unix systems, shlib($libname) will return the library name
+     # with the default shared extension, while shlib_simple($libname)
+     # will return the name from shlib($libname) with any SO version number
+     # removed.  On some systems, they may therefore return the exact same
+     # string.
+     sub shlib {
+         return () if $disabled{shared};
+         my $lib = shift;
+         return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext;
+     }
+     sub shlib_simple {
+         return () if $disabled{shared};
+
+         my $lib = shift;
+         if (windowsdll()) {
+             return $lib . $shlibextimport;
+         }
+         return $lib .  $shlibextsimple;
+     }
+
+     # dso is a complement to shlib / shlib_simple that returns the
+     # given libname with the simple shared extension (possible SO version
+     # removed).  This differs from shlib_simple() by being unconditional.
+     sub dso {
+         my $engine = shift;
+
+         return $engine . $dsoext;
+     }
+     # This makes sure things get built in the order they need
+     # to. You're welcome.
+     sub dependmagic {
+         my $target = shift;
+
+         return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
+     }
+     '';
+-}
+PLATFORM={- $config{target} -}
+OPTIONS={- $config{options} -}
+CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
+SHLIB_MAJOR={- $config{shlib_major} -}
+SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_TARGET={- $target{shared_target} -}
+
+LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
+SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
+SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
+ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
+SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+                  grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                  keys %{$unified_info{sources}}); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
+GENERATED={- join(" ",
+                  ( grep { defined $unified_info{generate}->{$_} }
+                    map { @{$unified_info{sources}->{$_}} }
+                    grep { /\.o$/ } keys %{$unified_info{sources}} ),
+                  ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
+
+INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -}
+INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
+MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
+# DESTDIR is for package builders so that they can configure for, say,
+# /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+DESTDIR=
+
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
+	      #
+	      our $prefix = $config{prefix} || "/usr/local";
+              $prefix -}
+OPENSSLDIR={- #
+	      # The logic here is that if no --openssldir was given,
+	      # OPENSSLDIR will get the value from $prefix plus "/ssl".
+	      # If --openssldir was given and the value is an absolute
+	      # path, OPENSSLDIR will get its value without change.
+	      # If the value from --openssldir is a relative path,
+	      # OPENSSLDIR will get $prefix with the --openssldir
+	      # value appended as a subdirectory.
+	      #
+              use File::Spec::Functions;
+              our $openssldir =
+                  $config{openssldir} ?
+                      (file_name_is_absolute($config{openssldir}) ?
+                           $config{openssldir}
+                           : catdir($prefix, $config{openssldir}))
+                      : catdir($prefix, "ssl");
+              $openssldir -}
+LIBDIR={- #
+          # if $prefix/lib$target{multilib} is not an existing
+          # directory, then assume that it's not searched by linker
+          # automatically, in which case adding $target{multilib} suffix
+          # causes more grief than we're ready to tolerate, so don't...
+          our $multilib =
+              -d "$prefix/lib$target{multilib}" ? $target{multilib} : "";
+          our $libdir = $config{libdir} || "lib$multilib";
+          $libdir -}
+ENGINESDIR={- use File::Spec::Functions;
+              catdir($prefix,$libdir,"engines-$sover") -}
+
+# Convenience variable for those who want to set the rpath in shared
+# libraries and applications
+LIBRPATH=$(INSTALLTOP)/$(LIBDIR)
+
+MANDIR=$(INSTALLTOP)/share/man
+DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
+HTMLDIR=$(DOCDIR)/html
+
+# MANSUFFIX is for the benefit of anyone who may want to have a suffix
+# appended after the manpage file section number.  "ssl" is popular,
+# resulting in files such as config.5ssl rather than config.5.
+MANSUFFIX=
+HTMLSUFFIX=html
+
+
+
+CROSS_COMPILE= {- $config{cross_compile_prefix} -}
+CC= $(CROSS_COMPILE){- $target{cc} -}
+CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
+CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
+LDFLAGS= {- $target{lflags} -}
+PLIB_LDFLAGS= {- $target{plib_lflags} -}
+EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
+LIB_CFLAGS={- $target{shared_cflag} || "" -}
+LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag} -}
+DSO_CFLAGS={- $target{shared_cflag} || "" -}
+DSO_LDFLAGS=$(LIB_LDFLAGS)
+BIN_CFLAGS={- $target{bin_cflags} -}
+
+PERL={- $config{perl} -}
+
+ARFLAGS= {- $target{arflags} -}
+AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r
+RANLIB= {- $target{ranlib} -}
+NM= $(CROSS_COMPILE){- $target{nm} || "nm" -}
+RCFLAGS={- $target{shared_rcflag} -}
+RC= $(CROSS_COMPILE){- $target{rc} || "windres" -}
+RM= rm -f
+RMDIR= rmdir
+TAR= {- $target{tar} || "tar" -}
+TARFLAGS= {- $target{tarflags} -}
+MAKEDEPEND={- $config{makedepprog} -}
+
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        ../$(NAME).tar
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.  In any case, we do not define AS or
+# ASFLAGS for this reason.
+PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR= {- $config{processor} -}
+
+# We want error [and other] messages in English. Trouble is that make(1)
+# doesn't pass macros down as environment variables unless there already
+# was corresponding variable originally set. In other words we can only
+# reassign environment variables, but not set new ones, not in portable
+# manner that is. That's why we reassign several, just to be sure...
+LC_ALL=C
+LC_MESSAGES=C
+LANG=C
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep link-utils
+{- dependmagic('build_libs'); -}: build_libs_nodep
+{- dependmagic('build_engines'); -}: build_engines_nodep
+{- dependmagic('build_programs'); -}: build_programs_nodep
+
+build_generated: $(GENERATED_MANDATORY)
+build_libs_nodep: libcrypto.pc libssl.pc openssl.pc
+build_engines_nodep: $(ENGINES)
+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests: build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
+
+test: tests
+{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
+	@ : {- output_off() if $disabled{tests}; "" -}
+	( cd test; \
+	  mkdir -p test-runs; \
+	  SRCTOP=../$(SRCDIR) \
+	  BLDTOP=../$(BLDDIR) \
+	  RESULT_D=test-runs \
+	  PERL="$(PERL)" \
+	  EXE_EXT={- $exeext -} \
+	  OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \
+	  OPENSSL_DEBUG_MEMORY=on \
+	    $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
+	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@ : {- output_on() if !$disabled{tests}; "" -}
+
+list-tests:
+	@ : {- output_off() if $disabled{tests}; "" -}
+	@SRCTOP="$(SRCDIR)" \
+	 $(PERL) $(SRCDIR)/test/run_tests.pl list
+	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@ : {- output_on() if !$disabled{tests}; "" -}
+
+install: install_sw install_ssldirs install_docs
+
+uninstall: uninstall_docs uninstall_sw
+
+libclean:
+	@set -e; for s in $(SHLIB_INFO); do \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		echo $(RM) $$s1; \
+		$(RM) $$s1; \
+		if [ "$$s1" != "$$s2" ]; then \
+			echo $(RM) $$s2; \
+			$(RM) $$s2; \
+		fi; \
+	done
+	$(RM) $(LIBS)
+	$(RM) *.map
+
+clean: libclean
+	$(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
+	$(RM) $(GENERATED)
+	-$(RM) `find . -name '*{- $depext -}' -a \! -path "./.git/*"`
+	-$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
+	$(RM) core
+	$(RM) tags TAGS doc-nits
+	$(RM) -r test/test-runs
+	$(RM) openssl.pc libcrypto.pc libssl.pc
+	-$(RM) `find . -type l -a \! -path "./.git/*"`
+	$(RM) $(TARFILE)
+
+distclean: clean
+	$(RM) configdata.pm
+	$(RM) Makefile
+
+# We check if any depfile is newer than Makefile and decide to
+# concatenate only if that is true.
+depend:
+	@: {- output_off() if $disabled{makedepend}; "" -}
+	@if egrep "^# DO NOT DELETE THIS LINE" Makefile >/dev/null && [ -z "`find $(DEPS) -newer Makefile 2>/dev/null; exit 0`" ]; then :; else \
+	  ( $(PERL) -pe 'exit 0 if /^# DO NOT DELETE THIS LINE.*/' < Makefile; \
+	    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.'; \
+	    echo; \
+	    for f in $(DEPS); do \
+	      if [ -f $$f ]; then cat $$f; fi; \
+	    done ) > Makefile.new; \
+	  if cmp Makefile.new Makefile >/dev/null 2>&1; then \
+	    rm -f Makefile.new; \
+	  else \
+	    mv -f Makefile.new Makefile; \
+	  fi; \
+	fi
+	@: {- output_on() if $disabled{makedepend}; "" -}
+
+# Install helper targets #############################################
+
+install_sw: all install_dev install_engines install_runtime
+
+uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
+
+install_docs: install_man_docs install_html_docs
+
+uninstall_docs: uninstall_man_docs uninstall_html_docs
+	$(RM) -r -v $(DESTDIR)$(DOCDIR)
+
+install_ssldirs:
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
+	@set -e; for x in dummy $(MISC_SCRIPTS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		echo "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
+		cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
+		chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
+		mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
+		      $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
+	done
+	@echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
+	@cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
+	@chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
+	@mv -f  $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
+	@if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
+		echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
+		cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
+		chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
+	fi
+
+install_dev:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@echo "*** Installing development files"
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@echo "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
+	@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
+			  $(BLDDIR)/include/openssl/*.h; do \
+		fn=`basename $$i`; \
+		echo "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
+		cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+		chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+	done
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
+	@set -e; for l in $(INSTALL_LIBS); do \
+		fn=`basename $$l`; \
+		echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
+		cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+		$(RANLIB) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+		chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
+	done
+	@ : {- output_off() if $disabled{shared}; "" -}
+	@set -e; for s in $(INSTALL_SHLIB_INFO); do \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		fn1=`basename $$s1`; \
+		fn2=`basename $$s2`; \
+		: {- output_off() if windowsdll(); "" -}; \
+		echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
+		cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \
+		      $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \
+		if [ "$$fn1" != "$$fn2" ]; then \
+			echo "link $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
+			ln -sf $$fn1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
+		fi; \
+		: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
+		echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
+		cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \
+		      $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
+		: {- output_on() unless windowsdll(); "" -}; \
+	done
+	@ : {- output_on() if $disabled{shared}; "" -}
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	@echo "install libcrypto.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc"
+	@cp libcrypto.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	@chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+	@echo "install libssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc"
+	@cp libssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	@chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+	@echo "install openssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc"
+	@cp openssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	@chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+uninstall_dev:
+	@echo "*** Uninstalling development files"
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
+	@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
+			  $(BLDDIR)/include/openssl/*.h; do \
+		fn=`basename $$i`; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
+	done
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
+	@set -e; for l in $(INSTALL_LIBS); do \
+		fn=`basename $$l`; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
+	done
+	@ : {- output_off() if $disabled{shared}; "" -}
+	@set -e; for s in $(INSTALL_SHLIB_INFO); do \
+		s1=`echo "$$s" | cut -f1 -d";"`; \
+		s2=`echo "$$s" | cut -f2 -d";"`; \
+		fn1=`basename $$s1`; \
+		fn2=`basename $$s2`; \
+		: {- output_off() if windowsdll(); "" -}; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \
+		if [ "$$fn1" != "$$fn2" ]; then \
+			echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
+			$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
+		fi; \
+		: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
+		: {- output_on() unless windowsdll(); "" -}; \
+	done
+	@ : {- output_on() if $disabled{shared}; "" -}
+	$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+	$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+	$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
+
+install_engines:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
+	@echo "*** Installing engines"
+	@set -e; for e in dummy $(INSTALL_ENGINES); do \
+		if [ "$$e" = "dummy" ]; then continue; fi; \
+		fn=`basename $$e`; \
+		echo "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
+		cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
+		chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
+		mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
+		      $(DESTDIR)$(ENGINESDIR)/$$fn; \
+	done
+
+uninstall_engines:
+	@echo "*** Uninstalling engines"
+	@set -e; for e in dummy $(INSTALL_ENGINES); do \
+		if [ "$$e" = "dummy" ]; then continue; fi; \
+		fn=`basename $$e`; \
+		if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
+			continue; \
+		fi; \
+		echo "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
+		$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
+	done
+	-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
+
+install_runtime:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+	@ : {- output_off() if windowsdll(); "" -}
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
+	@ : {- output_on() if windowsdll(); "" -}
+	@echo "*** Installing runtime files"
+	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
+		if [ "$$s" = "dummy" ]; then continue; fi; \
+		fn=`basename $$s`; \
+		: {- output_off() unless windowsdll(); "" -}; \
+		echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+		: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
+		echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
+		cp $$s $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
+		: {- output_on() if windowsdll(); "" -}; \
+	done
+	@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	@set -e; for x in dummy $(BIN_SCRIPTS); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+
+uninstall_runtime:
+	@echo "*** Uninstalling runtime files"
+	@set -e; for x in dummy $(INSTALL_PROGRAMS); \
+	do  \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done;
+	@set -e; for x in dummy $(BIN_SCRIPTS); \
+	do  \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	@ : {- output_off() unless windowsdll(); "" -}
+	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
+		if [ "$$s" = "dummy" ]; then continue; fi; \
+		fn=`basename $$s`; \
+		echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+	done
+	@ : {- output_on() unless windowsdll(); "" -}
+	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
+
+
+install_man_docs:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@echo "*** Installing manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
+
+uninstall_man_docs:
+	@echo "*** Uninstalling manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \
+		--remove
+
+install_html_docs:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@echo "*** Installing HTML manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(HTMLDIR) --type=html
+
+uninstall_html_docs:
+	@echo "*** Uninstalling manpages"
+	$(PERL) $(SRCDIR)/util/process_docs.pl \
+		--destdir=$(DESTDIR)$(HTMLDIR) --type=html --remove
+
+
+# Developer targets (note: these are only available on Unix) #########
+
+update: generate errors ordinals
+
+generate: generate_apps generate_crypto_bn generate_crypto_objects \
+          generate_crypto_conf generate_crypto_asn1
+
+doc-nits:
+	(cd $(SRCDIR); $(PERL) util/find-doc-nits -n ) >doc-nits
+	if [ -s doc-nits ] ; then cat doc-nits; rm doc-nits ; exit 1; fi
+
+# Test coverage is a good idea for the future
+#coverage: $(PROGRAMS) $(TESTPROGRAMS)
+#	...
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRCS)
+
+generate_apps:
+	( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
+				< apps/openssl.cnf > apps/openssl-vms.cnf )
+
+generate_crypto_bn:
+	( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
+
+generate_crypto_objects:
+	( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \
+				crypto/objects/objects.txt \
+				crypto/objects/obj_mac.num \
+				include/openssl/obj_mac.h )
+	( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
+				include/openssl/obj_mac.h \
+				crypto/objects/obj_dat.h )
+	( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \
+				crypto/objects/obj_mac.num \
+				crypto/objects/obj_xref.txt \
+				> crypto/objects/obj_xref.h )
+
+generate_crypto_conf:
+	( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \
+			        > crypto/conf/conf_def.h )
+
+generate_crypto_asn1:
+	( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \
+			        > crypto/asn1/charmap.h )
+
+errors:
+	( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
+	( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
+	( cd $(SRCDIR)/engines; \
+	  for e in *.ec; do \
+	      $(PERL) ../util/mkerr.pl -conf $$e \
+		      -nostatic -staticloader -write *.c; \
+	  done )
+
+ordinals:
+	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
+	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
+
+test_ordinals:
+	( cd test; \
+	  SRCTOP=../$(SRCDIR) \
+	  BLDTOP=../$(BLDDIR) \
+	    $(PERL) ../$(SRCDIR)/test/run_tests.pl test_ordinals )
+
+tags TAGS: FORCE
+	rm -f TAGS tags
+	-ctags -R .
+	-etags `find . -name '*.[ch]' -o -name '*.pm'`
+
+# Release targets (note: only available on Unix) #####################
+
+# If your tar command doesn't support --owner and --group, make sure to
+# use one that does, for example GNU tar
+TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
+PREPARE_CMD=:
+tar:
+	set -e; \
+	TMPDIR=/var/tmp/openssl-copy.$$$$; \
+	DISTDIR=$(NAME); \
+	mkdir -p $$TMPDIR/$$DISTDIR; \
+	(cd $(SRCDIR); \
+	 git ls-tree -r --name-only --full-tree HEAD \
+         | grep -v '^fuzz/corpora' \
+	 | while read F; do \
+	       mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
+	       cp $$F $$TMPDIR/$$DISTDIR/$$F; \
+	   done); \
+	(cd $$TMPDIR/$$DISTDIR; \
+	 $(PREPARE_CMD); \
+	 find . -type d -print | xargs chmod 755; \
+	 find . -type f -print | xargs chmod a+r; \
+	 find . -type f -perm -0100 -print | xargs chmod a+x); \
+	(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
+	| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
+	rm -rf $$TMPDIR
+	cd $(SRCDIR); ls -l $(TARFILE).gz
+
+dist:
+	@$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' tar
+
+# Helper targets #####################################################
+
+link-utils: $(BLDDIR)/util/opensslwrap.sh
+
+$(BLDDIR)/util/opensslwrap.sh: configdata.pm
+	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
+	    mkdir -p "$(BLDDIR)/util"; \
+	    ln -sf "../$(SRCDIR)/util/opensslwrap.sh" "$(BLDDIR)/util"; \
+	fi
+
+FORCE:
+
+# Building targets ###################################################
+
+libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib_simple($_) } @{$unified_info{libraries}}) -}
+libcrypto.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo 'enginesdir=$${libdir}/engines-{- $sover -}'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libcrypto'; \
+	    echo 'Description: OpenSSL cryptography library'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Libs: -L$${libdir} -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+
+libssl.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libssl'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires.private: libcrypto'; \
+	    echo 'Libs: -L$${libdir} -lssl'; \
+	    echo 'Cflags: -I$${includedir}' ) > libssl.pc
+
+openssl.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: libssl libcrypto' ) > openssl.pc
+
+configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+	@echo "Detected changed: $?"
+	@echo "Reconfiguring..."
+	$(PERL) $(SRCDIR)/Configure reconf
+	@echo "**************************************************"
+	@echo "***                                            ***"
+	@echo "***   Please run the same make command again   ***"
+	@echo "***                                            ***"
+	@echo "**************************************************"
+	@false
+
+{-
+  use File::Basename;
+  use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+  # Helper function to figure out dependencies on libraries
+  # It takes a list of library names and outputs a list of dependencies
+  sub compute_lib_depends {
+      if ($disabled{shared}) {
+          return map { $_.$libext } @_;
+      }
+
+      # Depending on shared libraries:
+      # On Windows POSIX layers, we depend on {libname}.dll.a
+      # On Unix platforms, we depend on {shlibname}.so
+      return map { shlib_simple($_) } @_;
+  }
+
+  sub generatesrc {
+      my %args = @_;
+      my $generator = join(" ", @{$args{generator}});
+      my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}});
+      my $incs = join("", map { " -I".$_ } @{$args{incs}});
+      my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}});
+
+      if ($args{src} !~ /\.[sS]$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+              my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $generator > \$@
+EOF
+	  } else {
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(PERL)$generator_incs $generator > \$@
+EOF
+	  }
+      } else {
+          if ($args{generator}->[0] =~ /\.pl$/) {
+              $generator = 'CC="$(CC)" $(PERL)'.$generator_incs.' '.$generator;
+          } elsif ($args{generator}->[0] =~ /\.m4$/) {
+              $generator = 'm4 -B 8192'.$generator_incs.' '.$generator.' >'
+          } elsif ($args{generator}->[0] =~ /\.S$/) {
+              $generator = undef;
+          } else {
+              die "Generator type for $args{src} unknown: $generator\n";
+          }
+
+          if (defined($generator)) {
+              return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	$generator \$@
+EOF
+          }
+          return <<"EOF";
+$args{src}: $args{generator}->[0] $deps
+	\$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\
+	\$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
+EOF
+      }
+  }
+
+  # Should one wonder about the end of the Perl snippet, it's because this
+  # second regexp eats up line endings as well, if the removed path is the
+  # last in the line.  We may therefore need to put back a line ending.
+  sub src2obj {
+      my %args = @_;
+      my $obj = $args{obj};
+      my @srcs = @{$args{srcs}};
+      my $srcs = join(" ",  @srcs);
+      my $deps = join(" ", @srcs, @{$args{deps}});
+      my $incs = join("", map { " -I".$_ } @{$args{incs}});
+      unless ($disabled{zlib}) {
+          if ($withargs{zlib_include}) {
+              $incs .= " -I".$withargs{zlib_include};
+          }
+      }
+      my $ecflags = { lib => '$(LIB_CFLAGS)',
+                      dso => '$(DSO_CFLAGS)',
+                      bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
+      my $makedepprog = $config{makedepprog};
+      my $recipe;
+      # extension-specific rules
+      if (grep /\.s$/, @srcs) {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	\$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs
+EOF
+      } elsif (grep /\.S$/, @srcs) {
+          # In case one wonders why not just $(CC) -c file.S. While it
+          # does work with contemporary compilers, there are some legacy
+          # ones that get it wrong. Hence the elaborate scheme... We
+          # don't care to maintain dependecy lists, because dependency
+          # is rather weak, at most one header file that lists constants
+          # which are assigned in ascending order.
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	( trap "rm -f \$@.*" INT 0; \\
+	  \$(CPP) $incs \$(CFLAGS) $ecflags $srcs | \\
+	  \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\
+	  \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s )
+EOF
+      } elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
+	\@touch $obj$depext.tmp
+	\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
+		rm -f $obj$depext.tmp; \\
+	else \\
+		mv $obj$depext.tmp $obj$depext; \\
+	fi
+EOF
+      } else {
+          $recipe .= <<"EOF";
+$obj$objext: $deps
+	\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
+EOF
+          if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
+              $recipe .= <<"EOF";
+	-\$(MAKEDEPEND) -f- -o"|\$\@" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
+	    >$obj$depext.tmp 2>/dev/null
+	-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' $obj$depext.tmp
+	\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
+		rm -f $obj$depext.tmp; \\
+	else \\
+		mv $obj$depext.tmp $obj$depext; \\
+	fi
+EOF
+          }
+      }
+      return $recipe;
+  }
+  # On Unix, we build shlibs from static libs, so we're ignoring the
+  # object file array.  We *know* this routine is only called when we've
+  # configure 'shared'.
+  sub libobj2shlib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $shlib = $args{shlib};
+      my $libd = dirname($lib);
+      my $libn = basename($lib);
+      (my $libname = $libn) =~ s/^lib//;
+      my $linklibs = join("", map { my $d = dirname($_);
+                                    my $f = basename($_);
+                                    (my $l = $f) =~ s/^lib//;
+                                    " -L$d -l$l" } @{$args{deps}});
+      my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
+      my $shlib_target = $target{shared_target};
+      my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
+      my $target = shlib_simple($lib);
+      my $target_full = shlib($lib);
+      return <<"EOF"
+# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
+# that two files get produced, {shlibname}.dll and {libname}.dll.a.
+# With all other Unix platforms, we often build a shared library with the
+# SO version built into the file name and a symlink without the SO version
+# It's not necessary to have both as targets.  The choice falls on the
+# simplest, {libname}$shlibextimport for Windows POSIX layers and
+# {libname}$shlibextsimple for the Unix platforms.
+$target: $lib$libext $deps $ordinalsfile
+	\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
+		PLATFORM=\$(PLATFORM) \\
+		PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
+		INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
+		LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
+		LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
+		STLIBNAME=$lib$libext \\
+		SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\
+		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
+		LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\
+		RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
+		link_shlib.$shlib_target
+EOF
+	  . (windowsdll() ? <<"EOF" : "");
+	rm -f apps/$shlib$shlibext
+	rm -f test/$shlib$shlibext
+	rm -f fuzz/$shlib$shlibext
+	cp -p $shlib$shlibext apps/
+	cp -p $shlib$shlibext test/
+	cp -p $shlib$shlibext fuzz/
+EOF
+  }
+  sub obj2dso {
+      my %args = @_;
+      my $dso = $args{lib};
+      my $dsod = dirname($dso);
+      my $dson = basename($dso);
+      my $shlibdeps = join("", map { my $d = dirname($_);
+                                     my $f = basename($_);
+                                     (my $l = $f) =~ s/^lib//;
+                                     " -L$d -l$l" } @{$args{deps}});
+      my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
+      my $shlib_target = $target{shared_target};
+      my $objs = join(" ", map { $_.$objext } @{$args{objs}});
+      my $target = dso($dso);
+      return <<"EOF";
+$target: $objs $deps
+	\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
+		PLATFORM=\$(PLATFORM) \\
+		PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\
+		LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
+		SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\
+		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
+		SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\
+		LIBEXTRAS="$objs" \\
+		link_dso.$shlib_target
+EOF
+  }
+  sub obj2lib {
+      my %args = @_;
+      my $lib = $args{lib};
+      my $objs = join(" ", map { $_.$objext } @{$args{objs}});
+      return <<"EOF";
+$lib$libext: $objs
+	\$(AR) \$\@ \$\?
+	\$(RANLIB) \$\@ || echo Never mind.
+EOF
+  }
+  sub obj2bin {
+      my %args = @_;
+      my $bin = $args{bin};
+      my $bind = dirname($bin);
+      my $binn = basename($bin);
+      my $objs = join(" ", map { $_.$objext } @{$args{objs}});
+      my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
+      my $linklibs = join("", map { my $d = dirname($_);
+                                    my $f = basename($_);
+                                    $d = "." if $d eq $f;
+                                    (my $l = $f) =~ s/^lib//;
+                                    " -L$d -l$l" } @{$args{deps}});
+      my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
+      return <<"EOF";
+$bin$exeext: $objs $deps
+	\$(RM) $bin$exeext
+	\$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
+		PERL="\$(PERL)" SRCDIR=\$(SRCDIR) \\
+		APPNAME=$bin$exeext OBJECTS="$objs" \\
+		LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
+		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
+		LDFLAGS='\$(LDFLAGS)' \\
+		link_app.$shlib_target
+EOF
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      my $sources = join(" ", @{$args{sources}});
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script: $sources
+	\$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $sources > "$script"
+	chmod a+x $script
+EOF
+  }
+  sub generatedir {
+      my %args = @_;
+      my $dir = $args{dir};
+      my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
+      my @actions = ();
+      my %extinfo = ( dso => $dsoext,
+                      lib => $libext,
+                      bin => $exeext );
+
+      foreach my $type (("dso", "lib", "bin", "script")) {
+          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
+          # For lib object files, we could update the library.  However, it
+          # was decided that it's enough to build the directory local object
+          # files, so we don't need to add any actions, and the dependencies
+          # are already taken care of.
+          if ($type ne "lib") {
+              foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
+                  if (dirname($prod) eq $dir) {
+                      push @deps, $prod.$extinfo{$type};
+                  } else {
+                      push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
+                  }
+              }
+          }
+      }
+
+      my $deps = join(" ", @deps);
+      my $actions = join("\n", "", @actions);
+      return <<"EOF";
+$args{dir} $args{dir}/: $deps$actions
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/openssl-1.1.0h/Configurations/unix-checker.pm b/openssl-1.1.0h/Configurations/unix-checker.pm
new file mode 100644
index 0000000..b39b0eb
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/unix-checker.pm
@@ -0,0 +1,22 @@
+#! /usr/bin/perl
+
+use Config;
+
+# Check that the perl implementation file modules generate paths that
+# we expect for the platform
+use File::Spec::Functions qw(:DEFAULT rel2abs);
+
+if (rel2abs('.') !~ m|/|) {
+    die <<EOF;
+
+******************************************************************************
+This perl implementation doesn't produce Unix like paths (with forward slash
+directory separators).  Please use an implementation that matches your
+building platform.
+
+This Perl version: $Config{version} for $Config{archname}
+******************************************************************************
+EOF
+}
+
+1;
diff --git a/openssl-1.1.0h/Configurations/windows-checker.pm b/openssl-1.1.0h/Configurations/windows-checker.pm
new file mode 100644
index 0000000..de46fbc
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/windows-checker.pm
@@ -0,0 +1,22 @@
+#! /usr/bin/perl
+
+use Config;
+
+# Check that the perl implementation file modules generate paths that
+# we expect for the platform
+use File::Spec::Functions qw(:DEFAULT rel2abs);
+
+if (rel2abs('.') !~ m|\\|) {
+    die <<EOF;
+
+******************************************************************************
+This perl implementation doesn't produce Windows like paths (with backward
+slash directory separators).  Please use an implementation that matches your
+building platform.
+
+This Perl version: $Config{version} for $Config{archname}
+******************************************************************************
+EOF
+}
+
+1;
diff --git a/openssl-1.1.0h/Configurations/windows-makefile.tmpl b/openssl-1.1.0h/Configurations/windows-makefile.tmpl
new file mode 100644
index 0000000..e3e213f
--- /dev/null
+++ b/openssl-1.1.0h/Configurations/windows-makefile.tmpl
@@ -0,0 +1,621 @@
+##
+## Makefile for OpenSSL
+##
+## {- join("\n## ", @autowarntext) -}
+{-
+ our $objext = $target{obj_extension} || ".obj";
+ our $depext = $target{dep_extension} || ".d";
+ our $exeext = $target{exe_extension} || ".exe";
+ our $libext = $target{lib_extension} || ".lib";
+ our $shlibext = $target{shared_extension} || ".dll";
+ our $shlibextimport = $target{shared_import_extension} || ".lib";
+ our $dsoext = $target{dso_extension} || ".dll";
+
+ our $sover = $config{shlib_major}."_".$config{shlib_minor};
+
+ my $win_installenv =
+     $target{build_scheme}->[2] eq "VC-W32" ?
+     "ProgramFiles(x86)" : "ProgramW6432";
+ my $win_commonenv =
+     $target{build_scheme}->[2] eq "VC-W32"
+     ? "CommonProgramFiles(x86)" : "CommonProgramW6432";
+ our $win_installroot =
+     defined($ENV{$win_installenv})
+     ? $win_installenv : 'ProgramFiles';
+ our $win_commonroot =
+     defined($ENV{$win_commonenv})
+     ? $win_commonenv : 'CommonProgramFiles';
+
+ # expand variables early
+ $win_installroot = $ENV{$win_installroot};
+ $win_commonroot = $ENV{$win_commonroot};
+
+ sub shlib {
+     return () if $disabled{shared};
+     my $lib = shift;
+     return $unified_info{sharednames}->{$lib} . $shlibext;
+ }
+
+ sub shlib_import {
+     return () if $disabled{shared};
+     my $lib = shift;
+     return $lib . $shlibextimport;
+ }
+
+ sub dso {
+     my $dso = shift;
+
+     return $dso . $dsoext;
+ }
+ # This makes sure things get built in the order they need
+ # to. You're welcome.
+ sub dependmagic {
+     my $target = shift;
+
+     return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
+ }
+ '';
+-}
+
+PLATFORM={- $config{target} -}
+SRCDIR={- $config{sourcedir} -}
+BLDDIR={- $config{builddir} -}
+
+VERSION={- $config{version} -}
+MAJOR={- $config{major} -}
+MINOR={- $config{minor} -}
+
+SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+
+LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
+SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
+SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
+ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
+ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
+PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
+PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
+SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
+{- output_off() if $disabled{makedepend}; "" -}
+DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
+                  grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
+                  keys %{$unified_info{sources}}); -}
+{- output_on() if $disabled{makedepend}; "" -}
+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
+GENERATED={- join(" ",
+                  ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x }
+                    grep { defined $unified_info{generate}->{$_} }
+                    map { @{$unified_info{sources}->{$_}} }
+                    grep { /\.o$/ } keys %{$unified_info{sources}} ),
+                  ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
+
+INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
+INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
+INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
+INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
+{- output_off() if $disabled{apps}; "" -}
+BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
+MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
+{- output_on() if $disabled{apps}; "" -}
+
+APPS_OPENSSL={- use File::Spec::Functions;
+                catfile("apps","openssl") -}
+
+# Do not edit these manually. Use Configure with --prefix or --openssldir
+# to change this!  Short explanation in the top comment in Configure
+INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
+                  #
+                  use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $prefix = canonpath($config{prefix}
+                                          || "$win_installroot\\OpenSSL");
+                  our ($prefix_dev, $prefix_dir, $prefix_file) =
+                      splitpath($prefix, 1);
+                  $prefix_dev -}
+INSTALLTOP_dir={- canonpath($prefix_dir) -}
+OPENSSLDIR_dev={- #
+                  # The logic here is that if no --openssldir was given,
+                  # OPENSSLDIR will get the value from $prefix plus "/ssl".
+                  # If --openssldir was given and the value is an absolute
+                  # path, OPENSSLDIR will get its value without change.
+                  # If the value from --openssldir is a relative path,
+                  # OPENSSLDIR will get $prefix with the --openssldir
+                  # value appended as a subdirectory.
+                  #
+                  use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $openssldir =
+                      $config{openssldir} ?
+                          (file_name_is_absolute($config{openssldir}) ?
+                               canonpath($config{openssldir})
+                               : catdir($prefix, $config{openssldir}))
+                          : canonpath("$win_commonroot\\SSL");
+                  our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
+                      splitpath($openssldir, 1);
+                  $openssldir_dev -}
+OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
+LIBDIR={- our $libdir = $config{libdir} || "lib";
+          $libdir -}
+ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
+                  our $enginesdir = catdir($prefix,$libdir,"engines-$sover");
+                  our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+                      splitpath($enginesdir, 1);
+                  $enginesdir_dev -}
+ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
+!IF "$(DESTDIR)" != ""
+INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
+OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
+ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
+!ELSE
+INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
+OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
+ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
+!ENDIF
+
+CC={- $target{cc} -}
+CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -}
+COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY)
+RC={- $target{rc} || "rc" -}
+RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY)
+LD={- $target{ld} || "link" -}
+LDFLAGS={- $target{lflags} -}
+LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY)
+EX_LIBS={- $target{ex_libs} -}
+LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -}
+LIB_LDFLAGS={- $target{shared_ldflag} || "" -}
+DSO_CFLAGS={- join(" ", $target{dso_cflags}, $target{shared_cflag}) || "" -}
+DSO_LDFLAGS={- join(" ", $target{dso_lflags}, $target{shared_ldflag}) || "" -}
+BIN_CFLAGS={- $target{bin_cflags} -}
+BIN_LDFLAGS={- $target{bin_lflags} -}
+
+PERL={- $config{perl} -}
+
+AR={- $target{ar} -}
+ARFLAGS= {- $target{arflags} -}
+AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY)
+
+MT={- $target{mt} -}
+MTFLAGS= {- $target{mtflags} -}
+MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY)
+MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
+
+AS={- $target{as} -}
+ASFLAGS={- $target{asflags} -}
+ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
+PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+PROCESSOR= {- $config{processor} -}
+
+# The main targets ###################################################
+
+{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep
+{- dependmagic('build_libs'); -}: build_libs_nodep
+{- dependmagic('build_engines'); -}: build_engines_nodep
+{- dependmagic('build_programs'); -}: build_programs_nodep
+
+build_generated: $(GENERATED_MANDATORY)
+build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
+build_engines_nodep: $(ENGINES)
+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
+
+# Kept around for backward compatibility
+build_apps build_tests: build_programs
+
+# Convenience target to prebuild all generated files, not just the mandatory
+# ones
+build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
+
+test: tests
+{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
+	@rem {- output_off() if $disabled{tests}; "" -}
+	-mkdir $(BLDDIR)\test\test-runs
+	set SRCTOP=$(SRCDIR)
+	set BLDTOP=$(BLDDIR)
+	set RESULT_D=$(BLDDIR)\test\test-runs
+	set PERL=$(PERL)
+	set OPENSSL_ENGINES=$(MAKEDIR)\engines
+	set OPENSSL_DEBUG_MEMORY=on
+	"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
+	@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@rem {- output_on() if !$disabled{tests}; "" -}
+
+list-tests:
+	@rem {- output_off() if $disabled{tests}; "" -}
+	@set SRCTOP=$(SRCDIR)
+	@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
+	@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
+	@echo "Tests are not supported with your chosen Configure options"
+	@rem {- output_on() if !$disabled{tests}; "" -}
+
+install: install_sw install_ssldirs install_docs
+
+uninstall: uninstall_docs uninstall_sw
+
+libclean:
+	"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
+	"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
+	"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
+	"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
+	-del /Q /F $(LIBS)
+	-del /Q ossl_static.pdb
+
+clean: libclean
+	{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
+	-del /Q /F $(ENGINES)
+	-del /Q /F $(SCRIPTS)
+	-del /Q /F $(GENERATED)
+	-del /Q /S /F *.d
+	-del /Q /S /F *.obj
+	-del /Q /S /F *.pdb
+	-del /Q /S /F *.exp
+	-del /Q /S /F engines\*.ilk
+	-del /Q /S /F engines\*.lib
+	-del /Q /S /F apps\*.lib
+	-del /Q /S /F engines\*.manifest
+	-del /Q /S /F apps\*.manifest
+	-del /Q /S /F test\*.manifest
+
+distclean: clean
+	-del /Q /F configdata.pm
+	-del /Q /F makefile
+
+depend:
+
+# Install helper targets #############################################
+
+install_sw: all install_dev install_engines install_runtime
+
+uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
+
+install_docs: install_html_docs
+
+uninstall_docs: uninstall_html_docs
+
+install_ssldirs:
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
+                                        "$(OPENSSLDIR)\openssl.cnf.dist"
+	@IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
+         "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
+                                        "$(OPENSSLDIR)\openssl.cnf"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
+                                        "$(OPENSSLDIR)\misc"
+
+install_dev:
+	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
+	@echo *** Installing development files
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
+	@rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
+				       "$(INSTALLTOP)\include\openssl"
+	@rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
+				       "$(INSTALLTOP)\include\openssl"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
+				       "$(INSTALLTOP)\include\openssl"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
+				       "$(INSTALLTOP)\$(LIBDIR)"
+	@if "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
+                                       "$(INSTALLTOP)\$(LIBDIR)"
+
+uninstall_dev:
+
+install_engines:
+	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
+	@echo *** Installing engines
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
+	@if not "$(ENGINES)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
+	@if not "$(ENGINES)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
+
+uninstall_engines:
+
+install_runtime:
+	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
+	@echo *** Installing runtime files
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
+	@if not "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
+	@if not "$(SHLIBS)"=="" \
+	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
+                                        "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
+                                        "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
+                                        "$(INSTALLTOP)\bin"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
+                                        "$(INSTALLTOP)\bin"
+
+uninstall_runtime:
+
+install_html_docs:
+        "$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
+                "--destdir=$(INSTALLTOP)\html" --type=html
+
+uninstall_html_docs:
+
+# Building targets ###################################################
+
+configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
+	@echo "Detected changed: $?"
+	@echo "Reconfiguring..."
+	"$(PERL)" "$(SRCDIR)\Configure" reconf
+	@echo "**************************************************"
+	@echo "***                                            ***"
+	@echo "***   Please run the same make command again   ***"
+	@echo "***                                            ***"
+	@echo "**************************************************"
+	@exit 1
+
+{-
+ use File::Basename;
+ use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+
+ # Helper function to figure out dependencies on libraries
+ # It takes a list of library names and outputs a list of dependencies
+ sub compute_lib_depends {
+     if ($disabled{shared}) {
+	 return map { $_.$libext } @_;
+     }
+     return map { shlib_import($_) } @_;
+ }
+
+  sub generatesrc {
+      my %args = @_;
+      (my $target = $args{src}) =~ s/\.[sS]$/.asm/;
+      my ($gen0, @gens) = @{$args{generator}};
+      my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
+      my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
+      my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
+      my $deps = @{$args{deps}} ?
+          '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
+
+      if ($target !~ /\.asm$/) {
+          if ($args{generator}->[0] =~ m|^.*\.in$|) {
+              my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                                   "util", "dofile.pl")),
+                                   rel2abs($config{builddir}));
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $generator > \$@
+EOF
+	  } else {
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	"\$(PERL)"$generator_incs $generator > \$@
+EOF
+	  }
+      } else {
+          if ($args{generator}->[0] =~ /\.pl$/) {
+              $generator = '"$(PERL)"'.$generator_incs.' '.$generator;
+          } elsif ($args{generator}->[0] =~ /\.S$/) {
+              $generator = undef;
+          } else {
+              die "Generator type for $src unknown: $generator\n";
+          }
+
+          if (defined($generator)) {
+              # If the target is named foo.S in build.info, we want to
+              # end up generating foo.s in two steps.
+              if ($args{src} =~ /\.S$/) {
+                   return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	set ASM=\$(AS)
+	$generator \$@.S
+	\$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
+        del /Q \$@.S
+EOF
+              }
+              # Otherwise....
+              return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	set ASM=\$(AS)
+	$generator \$@
+EOF
+          }
+          return <<"EOF";
+$target: "$args{generator}->[0]" $deps
+	\$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
+EOF
+      }
+  }
+
+ sub src2obj {
+     my %args = @_;
+     my $obj = $args{obj};
+     my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
+                    } ( @{$args{srcs}} );
+     my $srcs = '"'.join('" "',  @srcs).'"';
+     my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
+     my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
+     unless ($disabled{zlib}) {
+         if ($withargs{zlib_include}) {
+             $incs .= ' /I "'.$withargs{zlib_include}.'"';
+         }
+     }
+     my $ecflags = { lib => '$(LIB_CFLAGS)',
+		     dso => '$(DSO_CFLAGS)',
+		     bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
+     my $makedepprog = $config{makedepprog};
+     if ($srcs[0] =~ /\.asm$/) {
+         return <<"EOF";
+$obj$objext: $deps
+	\$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs
+EOF
+     }
+     return <<"EOF"	if (!$disabled{makedepend});
+$obj$depext: $deps
+	\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
+	    "\$(PERL)" -n << > $obj$depext
+chomp;
+s/^Note: including file: *//;
+\$\$collect{\$\$_} = 1;
+END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
+<<
+$obj$objext: $obj$depext
+	\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
+EOF
+    return <<"EOF"	if ($disabled{makedepend});
+$obj$objext: $deps
+	\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
+EOF
+ }
+
+ # On Unix, we build shlibs from static libs, so we're ignoring the
+ # object file array.  We *know* this routine is only called when we've
+ # configure 'shared'.
+ sub libobj2shlib {
+     my %args = @_;
+     my $lib = $args{lib};
+     my $shlib = $args{shlib};
+     (my $mkdef_key = $lib) =~ s/^lib//i;
+     my $objs = join("\n", map { $_.$objext } @{$args{objs}});
+     my $linklibs = join("",
+			 map { "\n$_" } compute_lib_depends(@{$args{deps}}));
+     my $deps = join(" ",
+		     (map { $_.$objext } @{$args{objs}}),
+		     compute_lib_depends(@{$args{deps}}));
+     my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
+     my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
+					    "util", "mkdef.pl")),
+			    rel2abs($config{builddir}));
+     my $mkrc_pl = abs2rel(rel2abs(catfile($config{sourcedir},
+					   "util", "mkrc.pl")),
+			   rel2abs($config{builddir}));
+     my $target = shlib_import($lib);
+     return <<"EOF"
+$target: $deps "$ordinalsfile" "$mkdef_pl"
+	"\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def
+	"\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
+	DEL $shlib.def.tmp
+	"\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
+	\$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
+	IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
+	\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
+		/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
+$objs $shlib.res$linklibs \$(EX_LIBS)
+<<
+	IF EXIST $shlib$shlibext.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
+	IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
+	IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
+	IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
+	COPY $shlib$shlibext apps
+	COPY $shlib$shlibext test
+	COPY $shlib$shlibext fuzz
+EOF
+ }
+ sub obj2dso {
+     my %args = @_;
+     my $dso = $args{lib};
+     my $dso_n = basename($dso);
+     my $objs = join("\n", map { $_.$objext } @{$args{objs}});
+     my $linklibs = join("",
+			 map { "\n$_" } compute_lib_depends(@{$args{deps}}));
+     my $deps = join(" ",
+		     (map { $_.$objext } @{$args{objs}}),
+		     compute_lib_depends(@{$args{deps}}));
+     return <<"EOF";
+$dso$dsoext: $deps
+	IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
+	\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
+LIBRARY         $dso_n
+EXPORTS
+    bind_engine		@1
+    v_check		@2
+<<
+$objs$linklibs \$(EX_LIBS)
+<<
+	IF EXIST $dso$dsoext.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
+EOF
+ }
+ sub obj2lib {
+     # Because static libs and import libs are both named the same in native
+     # Windows, we can't have both.  We skip the static lib in that case,
+     # as the shared libs are what we use anyway.
+     return "" unless $disabled{"shared"};
+
+     my %args = @_;
+     my $lib = $args{lib};
+     my $objs = join("\n", map { $_.$objext } @{$args{objs}});
+     my $deps = join(" ", map { $_.$objext } @{$args{objs}});
+     return <<"EOF";
+$lib$libext: $deps
+	\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
+\$**
+<<
+EOF
+ }
+ sub obj2bin {
+     my %args = @_;
+     my $bin = $args{bin};
+     my $objs = join("\n", map { $_.$objext } @{$args{objs}});
+     my $linklibs = join("",
+			 map { "\n$_" } compute_lib_depends(@{$args{deps}}));
+     my $deps = join(" ",
+		     (map { $_.$objext } @{$args{objs}}),
+		     compute_lib_depends(@{$args{deps}}));
+     return <<"EOF";
+$bin$exeext: $deps
+	IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
+	\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
+$objs setargv.obj$linklibs \$(EX_LIBS)
+<<
+	IF EXIST $bin$exeext.manifest \\
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
+EOF
+  }
+  sub in2script {
+      my %args = @_;
+      my $script = $args{script};
+      my $sources = '"'.join('" "', @{$args{sources}}).'"';
+      my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
+                                           "util", "dofile.pl")),
+                           rel2abs($config{builddir}));
+      return <<"EOF";
+$script: $sources
+	"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
+	    "-o$target{build_file}" $sources > "$script"
+EOF
+  }
+  sub generatedir {
+      my %args = @_;
+      my $dir = $args{dir};
+      my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
+      my @actions = ();
+      my %extinfo = ( dso => $dsoext,
+                      lib => $libext,
+                      bin => $exeext );
+
+      foreach my $type (("dso", "lib", "bin", "script")) {
+          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
+          # For lib object files, we could update the library.  However,
+          # LIB on Windows doesn't work that way, so we won't create any
+          # actions for it, and the dependencies are already taken care of.
+          if ($type ne "lib") {
+              foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
+                  if (dirname($prod) eq $dir) {
+                      push @deps, $prod.$extinfo{$type};
+                  } else {
+                      push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
+                  }
+              }
+          }
+      }
+
+      my $deps = join(" ", @deps);
+      my $actions = join("\n", "", @actions);
+      return <<"EOF";
+$args{dir} $args{dir}\\ : $deps$actions
+EOF
+  }
+  ""    # Important!  This becomes part of the template result.
+-}
diff --git a/openssl-1.1.0h/Configure b/openssl-1.1.0h/Configure
new file mode 100755
index 0000000..c003364
--- /dev/null
+++ b/openssl-1.1.0h/Configure
@@ -0,0 +1,2806 @@
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+##  Configure -- OpenSSL source tree configuration script
+
+use 5.10.0;
+use strict;
+use FindBin;
+use lib "$FindBin::Bin/util/perl";
+use File::Basename;
+use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
+use File::Path qw/mkpath/;
+use OpenSSL::Glob;
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+
+# Options:
+#
+# --config      add the given configuration file, which will be read after
+#               any "Configurations*" files that are found in the same
+#               directory as this script.
+# --prefix      prefix for the OpenSSL installation, which includes the
+#               directories bin, lib, include, share/man, share/doc/openssl
+#               This becomes the value of INSTALLTOP in Makefile
+#               (Default: /usr/local)
+# --openssldir  OpenSSL data area, such as openssl.cnf, certificates and keys.
+#               If it's a relative directory, it will be added on the directory
+#               given with --prefix.
+#               This becomes the value of OPENSSLDIR in Makefile and in C.
+#               (Default: PREFIX/ssl)
+#
+# --cross-compile-prefix Add specified prefix to binutils components.
+#
+# --api         One of 0.9.8, 1.0.0 or 1.1.0.  Do not compile support for
+#               interfaces deprecated as of the specified OpenSSL version.
+#
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# [no-]shared	[don't] try to create shared libraries when supported.
+# [no-]pic      [don't] try to build position independent code when supported.
+#               If disabled, it also disables shared and dynamic-engine.
+# no-asm        do not use assembler
+# no-dso        do not compile in any native shared-library methods. This
+#               will ensure that all methods just return NULL.
+# no-egd        do not compile support for the entropy-gathering daemon APIs
+# [no-]zlib     [don't] compile support for zlib compression.
+# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
+#		library and will be loaded in run-time by the OpenSSL library.
+# sctp          include SCTP support
+# enable-weak-ssl-ciphers
+#               Enable weak ciphers that are disabled by default.
+# 386           generate 80386 code in assembly modules
+# no-sse2       disables IA-32 SSE2 code in assembly modules, the above
+#               mentioned '386' option implies this one
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through
+# -static       while -static is also a pass-through compiler option (and
+#               as such is limited to environments where it's actually
+#               meaningful), it triggers a number configuration options,
+#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               argued that the only reason to produce statically linked
+#               binaries (and in context it means executables linked with
+#               -static flag, and not just executables linked with static
+#               libcrypto.a) is to eliminate dependency on specific run-time,
+#               a.k.a. libc version. The mentioned config options are meant
+#               to achieve just that. Unfortunately on Linux it's impossible
+#               to eliminate the dependency completely for openssl executable
+#               because of getaddrinfo and gethostbyname calls, which can
+#               invoke dynamically loadable library facility anyway to meet
+#               the lookup requests. For this reason on Linux statically
+#               linked openssl executable has rather debugging value than
+#               production quality.
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#		provided to stack calls. Generates unique stack functions for
+#		each possible stack type.
+# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
+# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# Following are set automatically by this script
+#
+# MD5_ASM	use some extra md5 assembler,
+# SHA1_ASM	use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASM	use some extra ripemd160 assembler,
+# SHA256_ASM	sha256_block is implemented in assembler
+# SHA512_ASM	sha512_block is implemented in assembler
+# AES_ASM	AES_[en|de]crypt is implemented in assembler
+
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these.
+
+# DEBUG_UNUSED enables __owur (warn unused result) checks.
+my $gcc_devteam_warn = "-DDEBUG_UNUSED"
+        # -DPEDANTIC complements -pedantic and is meant to mask code that
+        # is not strictly standard-compliant and/or implementation-specific,
+        # e.g. inline assembly, disregards to alignment requirements, such
+        # that -pedantic would complain about. Incidentally -DPEDANTIC has
+        # to be used even in sanitized builds, because sanitizer too is
+        # supposed to and does take notice of non-standard behaviour. Then
+        # -pedantic with pre-C9x compiler would also complain about 'long
+        # long' not being supported. As 64-bit algorithms are common now,
+        # it grew impossible to resolve this without sizeable additional
+        # code, so we just tell compiler to be pedantic about everything
+        # but 'long long' type.
+        . " -DPEDANTIC -pedantic -Wno-long-long"
+        . " -Wall"
+        . " -Wextra"
+        . " -Wno-unused-parameter"
+        . " -Wno-missing-field-initializers"
+        . " -Wsign-compare"
+        . " -Wmissing-prototypes"
+        . " -Wshadow"
+        . " -Wformat"
+        . " -Wtype-limits"
+        . " -Wundef"
+        . " -Werror"
+        ;
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled:
+#       -Wswitch-enum
+#       -Wcast-align
+#       -Wunreachable-code
+#       -Wlanguage-extension-token -- no, we use asm()
+#       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
+#       -Wextended-offsetof -- no, needed in CMS ASN1 code
+my $clang_devteam_warn = ""
+        . " -Qunused-arguments"
+        . " -Wno-language-extension-token"
+        . " -Wno-extended-offsetof"
+        . " -Wconditional-uninitialized"
+        . " -Wincompatible-pointer-types-discards-qualifiers"
+        . " -Wmissing-variable-declarations"
+        ;
+
+# This adds backtrace information to the memory leak info.  Is only used
+# when crypto-mdebug-backtrace is enabled.
+my $memleak_devteam_backtrace = "-rdynamic";
+
+my $strict_warnings = 0;
+
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all,
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+
+#
+# API compatibility name to version number mapping.
+#
+my $maxapi = "1.1.0";           # API for "no-deprecated" builds
+my $apitable = {
+    "1.1.0" => "0x10100000L",
+    "1.0.0" => "0x10000000L",
+    "0.9.8" => "0x00908000L",
+};
+
+our %table = ();
+our %config = ();
+our %withargs = ();
+
+# Forward declarations ###############################################
+
+# read_config(filename)
+#
+# Reads a configuration file and populates %table with the contents
+# (which the configuration file places in %targets).
+sub read_config;
+
+# resolve_config(target)
+#
+# Resolves all the late evaluations, inheritances and so on for the
+# chosen target and any target it inherits from.
+sub resolve_config;
+
+
+# Information collection #############################################
+
+# Unified build supports separate build dir
+my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
+my $blddir = catdir(absolutedir("."));         # catdir ensures local syntax
+my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
+
+my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
+
+$config{sourcedir} = abs2rel($srcdir);
+$config{builddir} = abs2rel($blddir);
+
+# Collect reconfiguration information if needed
+my @argvcopy=@ARGV;
+
+if (grep /^reconf(igure)?$/, @argvcopy) {
+    if (-f "./configdata.pm") {
+	my $file = "./configdata.pm";
+	unless (my $return = do $file) {
+	    die "couldn't parse $file: $@" if $@;
+            die "couldn't do $file: $!"    unless defined $return;
+            die "couldn't run $file"       unless $return;
+	}
+
+	@argvcopy = defined($configdata::config{perlargv}) ?
+	    @{$configdata::config{perlargv}} : ();
+	die "Incorrect data to reconfigure, please do a normal configuration\n"
+	    if (grep(/^reconf/,@argvcopy));
+	$ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix}
+	    if defined($configdata::config{cross_compile_prefix});
+	$ENV{CC} = $configdata::config{cc}
+	    if defined($configdata::config{cc});
+	$ENV{BUILDFILE} = $configdata::config{build_file}
+	    if defined($configdata::config{build_file});
+	$ENV{$local_config_envname} = $configdata::config{local_config_dir}
+	    if defined($configdata::config{local_config_dir});
+
+	print "Reconfiguring with: ", join(" ",@argvcopy), "\n";
+	print "    CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n"
+	    if $ENV{CROSS_COMPILE};
+	print "    CC = ",$ENV{CC},"\n" if $ENV{CC};
+	print "    BUILDFILE = ",$ENV{BUILDFILE},"\n" if $ENV{BUILDFILE};
+	print "    $local_config_envname = ",$ENV{$local_config_envname},"\n"
+	    if $ENV{$local_config_envname};
+    } else {
+	die "Insufficient data to reconfigure, please do a normal configuration\n";
+    }
+}
+
+$config{perlargv} = [ @argvcopy ];
+
+# Collect version numbers
+$config{version} = "unknown";
+$config{version_num} = "unknown";
+$config{shlib_version_number} = "unknown";
+$config{shlib_version_history} = "unknown";
+
+collect_information(
+    collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')),
+    qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; },
+    qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/	     => sub { $config{version_num}=$1 },
+    qr/SHLIB_VERSION_NUMBER *"([^"]+)"/	     => sub { $config{shlib_version_number}=$1 },
+    qr/SHLIB_VERSION_HISTORY *"([^"]*)"/     => sub { $config{shlib_version_history}=$1 }
+    );
+if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; }
+
+($config{major}, $config{minor})
+    = ($config{version} =~ /^([0-9]+)\.([0-9\.]+)/);
+($config{shlib_major}, $config{shlib_minor})
+    = ($config{shlib_version_number} =~ /^([0-9]+)\.([0-9\.]+)/);
+die "erroneous version information in opensslv.h: ",
+    "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n"
+    if ($config{major} eq "" || $config{minor} eq ""
+	|| $config{shlib_major} eq "" ||  $config{shlib_minor} eq "");
+
+# Collect target configurations
+
+my $pattern = catfile(dirname($0), "Configurations", "*.conf");
+foreach (sort glob($pattern)) {
+    &read_config($_);
+}
+
+if (defined $ENV{$local_config_envname}) {
+    if ($^O eq 'VMS') {
+        # VMS environment variables are logical names,
+        # which can be used as is
+        $pattern = $local_config_envname . ':' . '*.conf';
+    } else {
+        $pattern = catfile($ENV{$local_config_envname}, '*.conf');
+    }
+
+    foreach (sort glob($pattern)) {
+        &read_config($_);
+    }
+}
+
+
+print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
+
+$config{prefix}="";
+$config{openssldir}="";
+$config{processor}="";
+$config{libdir}="";
+$config{cross_compile_prefix}="";
+$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
+my $nofipscanistercheck=0;
+$config{baseaddr}="0xFB00000";
+my $auto_threads=1;    # enable threads automatically? true by default
+my $default_ranlib;
+$config{fips}=0;
+
+# Top level directories to build
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
+# crypto/ subdirectories to build
+$config{sdirs} = [
+    "objects",
+    "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
+    "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
+    "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
+    "buffer", "bio", "stack", "lhash", "rand", "err",
+    "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
+    "cms", "ts", "srp", "cmac", "ct", "async", "kdf"
+    ];
+
+# Known TLS and DTLS protocols
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @dtls = qw(dtls1 dtls1_2);
+
+# Explicitly known options that are possible to disable.  They can
+# be regexps, and will be used like this: /^no-${option}$/
+# For developers: keep it sorted alphabetically
+
+my @disablables = (
+    "afalgeng",
+    "asan",
+    "asm",
+    "async",
+    "autoalginit",
+    "autoerrinit",
+    "bf",
+    "blake2",
+    "camellia",
+    "capieng",
+    "cast",
+    "chacha",
+    "cmac",
+    "cms",
+    "comp",
+    "crypto-mdebug",
+    "crypto-mdebug-backtrace",
+    "ct",
+    "deprecated",
+    "des",
+    "dgram",
+    "dh",
+    "dsa",
+    "dso",
+    "dtls",
+    "dynamic-engine",
+    "ec",
+    "ec2m",
+    "ecdh",
+    "ecdsa",
+    "ec_nistp_64_gcc_128",
+    "egd",
+    "engine",
+    "err",
+    "filenames",
+    "fuzz-libfuzzer",
+    "fuzz-afl",
+    "gost",
+    "heartbeats",
+    "hw(-.+)?",
+    "idea",
+    "makedepend",
+    "md2",
+    "md4",
+    "mdc2",
+    "msan",
+    "multiblock",
+    "nextprotoneg",
+    "ocb",
+    "ocsp",
+    "pic",
+    "poly1305",
+    "posix-io",
+    "psk",
+    "rc2",
+    "rc4",
+    "rc5",
+    "rdrand",
+    "rfc3779",
+    "rmd160",
+    "scrypt",
+    "sctp",
+    "seed",
+    "shared",
+    "sock",
+    "srp",
+    "srtp",
+    "sse2",
+    "ssl",
+    "ssl-trace",
+    "static-engine",
+    "stdio",
+    "threads",
+    "tls",
+    "ts",
+    "ubsan",
+    "ui",
+    "unit-test",
+    "whirlpool",
+    "weak-ssl-ciphers",
+    "zlib",
+    "zlib-dynamic",
+    );
+foreach my $proto ((@tls, @dtls))
+	{
+	push(@disablables, $proto);
+	push(@disablables, "$proto-method");
+	}
+
+my %deprecated_disablables = (
+    "ssl2" => undef,
+    "buf-freelists" => undef,
+    "ripemd" => "rmd160"
+    );
+
+# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+
+our %disabled = ( # "what"         => "comment"
+                  "asan"		=> "default",
+		  "crypto-mdebug"       => "default",
+		  "crypto-mdebug-backtrace" => "default",
+		  "ec_nistp_64_gcc_128" => "default",
+		  "egd"                 => "default",
+		  "fuzz-libfuzzer"	=> "default",
+		  "fuzz-afl"		=> "default",
+		  "heartbeats"          => "default",
+		  "md2"                 => "default",
+                  "msan"                => "default",
+		  "rc5"                 => "default",
+		  "sctp"                => "default",
+		  "ssl-trace"           => "default",
+		  "ssl3"                => "default",
+		  "ssl3-method"         => "default",
+                  "ubsan"		=> "default",
+		  "unit-test"           => "default",
+		  "weak-ssl-ciphers"    => "default",
+		  "zlib"                => "default",
+		  "zlib-dynamic"        => "default",
+		);
+
+# Note: => pair form used for aesthetics, not to truly make a hash table
+my @disable_cascades = (
+    # "what"		=> [ "cascade", ... ]
+    sub { $config{processor} eq "386" }
+			=> [ "sse2" ],
+    "ssl"		=> [ "ssl3" ],
+    "ssl3-method"	=> [ "ssl3" ],
+    "zlib"		=> [ "zlib-dynamic" ],
+    "des"		=> [ "mdc2" ],
+    "ec"		=> [ "ecdsa", "ecdh" ],
+
+    "dgram"		=> [ "dtls", "sctp" ],
+    "sock"		=> [ "dgram" ],
+    "dtls"		=> [ @dtls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+			=> [ "dtls" ],
+
+    "tls"		=> [ @tls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @tls }
+			=> [ "tls" ],
+
+    "crypto-mdebug"     => [ "crypto-mdebug-backtrace" ],
+
+    # Without DSO, we can't load dynamic engines, so don't build them dynamic
+    "dso"               => [ "dynamic-engine" ],
+
+    # Without position independent code, there can be no shared libraries or DSOs
+    "pic"               => [ "shared" ],
+    "shared"            => [ "dynamic-engine" ],
+    "engine"            => [ "afalgeng" ],
+
+    # no-autoalginit is only useful when building non-shared
+    "autoalginit"       => [ "shared", "apps" ],
+
+    "stdio"             => [ "apps", "capieng", "egd" ],
+    "apps"              => [ "tests" ],
+    "comp"		=> [ "zlib" ],
+    sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
+
+    sub { !$disabled{"msan"} } => [ "asm" ],
+    );
+
+# Avoid protocol support holes.  Also disable all versions below N, if version
+# N is disabled while N+1 is enabled.
+#
+my @list = (reverse @tls);
+while ((my $first, my $second) = (shift @list, shift @list)) {
+    last unless @list;
+    push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
+			      => [ @list ] );
+    unshift @list, $second;
+}
+my @list = (reverse @dtls);
+while ((my $first, my $second) = (shift @list, shift @list)) {
+    last unless @list;
+    push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
+			      => [ @list ] );
+    unshift @list, $second;
+}
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo".
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+&usage if ($#ARGV < 0);
+
+my $user_cflags="";
+my @user_defines=();
+$config{openssl_api_defines}=[];
+$config{openssl_algorithm_defines}=[];
+$config{openssl_thread_defines}=[];
+$config{openssl_sys_defines}=[];
+$config{openssl_other_defines}=[];
+my $libs="";
+my $target="";
+$config{options}="";
+$config{build_type} = "release";
+
+my %unsupported_options = ();
+my %deprecated_options = ();
+while (@argvcopy)
+	{
+	$_ = shift @argvcopy;
+	# VMS is a case insensitive environment, and depending on settings
+	# out of our control, we may receive options uppercased.  Let's
+	# downcase at least the part before any equal sign.
+	if ($^O eq "VMS")
+		{
+		s/^([^=]*)/lc($1)/e;
+		}
+	s /^-no-/no-/; # some people just can't read the instructions
+
+	# rewrite some options in "enable-..." form
+	s /^-?-?shared$/enable-shared/;
+	s /^sctp$/enable-sctp/;
+	s /^threads$/enable-threads/;
+	s /^zlib$/enable-zlib/;
+	s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+        if (/^(no|disable|enable)-(.+)$/)
+                {
+                my $word = $2;
+                if (!exists $deprecated_disablables{$word}
+                        && !grep { $word =~ /^${_}$/ } @disablables)
+                        {
+                        $unsupported_options{$_} = 1;
+                        next;
+                        }
+                }
+        if (/^no-(.+)$/ || /^disable-(.+)$/)
+                {
+                foreach my $proto ((@tls, @dtls))
+                        {
+                        if ($1 eq "$proto-method")
+                                {
+                                $disabled{"$proto"} = "option($proto-method)";
+                                last;
+                                }
+                        }
+                if ($1 eq "dtls")
+                        {
+                        foreach my $proto (@dtls)
+                                {
+                                $disabled{$proto} = "option(dtls)";
+                                }
+                        $disabled{"dtls"} = "option(dtls)";
+                        }
+                elsif ($1 eq "ssl")
+                        {
+                        # Last one of its kind
+                        $disabled{"ssl3"} = "option(ssl)";
+                        }
+                elsif ($1 eq "tls")
+                        {
+                        # XXX: Tests will fail if all SSL/TLS
+                        # protocols are disabled.
+                        foreach my $proto (@tls)
+                                {
+                                $disabled{$proto} = "option(tls)";
+                                }
+                        }
+                elsif ($1 eq "static-engine")
+                        {
+                        delete $disabled{"dynamic-engine"};
+                        }
+                elsif ($1 eq "dynamic-engine")
+                        {
+                        $disabled{"dynamic-engine"} = "option";
+                        }
+                elsif (exists $deprecated_disablables{$1})
+                        {
+                        $deprecated_options{$_} = 1;
+                        if (defined $deprecated_disablables{$1})
+                                {
+                                $disabled{$deprecated_disablables{$1}} = "option";
+                                }
+                        }
+                else
+                        {
+                        $disabled{$1} = "option";
+                        }
+		# No longer an automatic choice
+		$auto_threads = 0 if ($1 eq "threads");
+		}
+	elsif (/^enable-(.+)$/)
+		{
+                if ($1 eq "static-engine")
+                        {
+                        $disabled{"dynamic-engine"} = "option";
+                        }
+                elsif ($1 eq "dynamic-engine")
+                        {
+                        delete $disabled{"dynamic-engine"};
+                        }
+                elsif ($1 eq "zlib-dynamic")
+                        {
+                        delete $disabled{"zlib"};
+                        }
+		my $algo = $1;
+		delete $disabled{$algo};
+
+		# No longer an automatic choice
+		$auto_threads = 0 if ($1 eq "threads");
+		}
+	elsif (/^--strict-warnings$/)
+		{
+		$strict_warnings = 1;
+		}
+	elsif (/^--debug$/)
+		{
+		$config{build_type} = "debug";
+		}
+	elsif (/^--release$/)
+		{
+		$config{build_type} = "release";
+		}
+	elsif (/^386$/)
+		{ $config{processor}=386; }
+	elsif (/^fips$/)
+		{
+		$config{fips}=1;
+		}
+	elsif (/^rsaref$/)
+		{
+		# No RSAref support any more since it's not needed.
+		# The check for the option is there so scripts aren't
+		# broken
+		}
+	elsif (/^nofipscanistercheck$/)
+		{
+		$config{fips} = 1;
+		$nofipscanistercheck = 1;
+		}
+	elsif (/^[-+]/)
+		{
+		if (/^--prefix=(.*)$/)
+			{
+			$config{prefix}=$1;
+			die "Directory given with --prefix MUST be absolute\n"
+				unless file_name_is_absolute($config{prefix});
+			}
+		elsif (/^--api=(.*)$/)
+			{
+			$config{api}=$1;
+			}
+		elsif (/^--libdir=(.*)$/)
+			{
+			$config{libdir}=$1;
+			}
+		elsif (/^--openssldir=(.*)$/)
+			{
+			$config{openssldir}=$1;
+			}
+		elsif (/^--with-zlib-lib=(.*)$/)
+			{
+			$withargs{zlib_lib}=$1;
+			}
+		elsif (/^--with-zlib-include=(.*)$/)
+			{
+			$withargs{zlib_include}=$1;
+			}
+		elsif (/^--with-fuzzer-lib=(.*)$/)
+			{
+			$withargs{fuzzer_lib}=$1;
+			}
+		elsif (/^--with-fuzzer-include=(.*)$/)
+			{
+			$withargs{fuzzer_include}=$1;
+			}
+		elsif (/^--with-fipslibdir=(.*)$/)
+			{
+			$config{fipslibdir}="$1/";
+			}
+		elsif (/^--with-baseaddr=(.*)$/)
+			{
+			$config{baseaddr}="$1";
+			}
+		elsif (/^--cross-compile-prefix=(.*)$/)
+			{
+			$config{cross_compile_prefix}=$1;
+			}
+		elsif (/^--config=(.*)$/)
+			{
+			read_config $1;
+			}
+		elsif (/^-[lL](.*)$/ or /^-Wl,/)
+			{
+			$libs.=$_." ";
+			}
+		elsif (/^-rpath$/ or /^-R$/)
+			# -rpath is the OSF1 rpath flag
+			# -R is the old Solaris rpath flag
+			{
+			my $rpath = shift(@argvcopy) || "";
+			$rpath .= " " if $rpath ne "";
+			$libs.=$_." ".$rpath;
+			}
+		elsif (/^-static$/)
+			{
+			$libs.=$_." ";
+			$disabled{"dso"} = "forced";
+			$disabled{"pic"} = "forced";
+			$disabled{"shared"} = "forced";
+			$disabled{"threads"} = "forced";
+			}
+		elsif (/^-D(.*)$/)
+			{
+			push @user_defines, $1;
+			}
+		else	# common if (/^[-+]/), just pass down...
+			{
+			$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+			$user_cflags.=" ".$_;
+			}
+		}
+	else
+		{
+		die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+		$target=$_;
+		}
+	unless ($_ eq $target || /^no-/ || /^disable-/)
+		{
+		# "no-..." follows later after implied disactivations
+		# have been derived.  (Don't take this too seriously,
+		# we really only write OPTIONS to the Makefile out of
+		# nostalgia.)
+
+		if ($config{options} eq "")
+			{ $config{options} = $_; }
+		else
+			{ $config{options} .= " ".$_; }
+		}
+
+        if (defined($config{api}) && !exists $apitable->{$config{api}}) {
+		die "***** Unsupported api compatibility level: $config{api}\n",
+        }
+
+	if (keys %deprecated_options)
+		{
+		warn "***** Deprecated options: ",
+			join(", ", keys %deprecated_options), "\n";
+		}
+	if (keys %unsupported_options)
+		{
+		die "***** Unsupported options: ",
+			join(", ", keys %unsupported_options), "\n";
+		}
+	}
+
+if ($libs =~ /(^|\s)-Wl,-rpath,/
+    && !$disabled{shared}
+    && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
+    die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
+	"***** any of asan, msan or ubsan\n";
+}
+
+if ($config{fips})
+	{
+	delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
+	}
+else
+	{
+	@{$config{dirs}} = grep !/^fips$/, @{$config{dirs}};
+	}
+
+my @tocheckfor = (keys %disabled);
+while (@tocheckfor) {
+    my %new_tocheckfor = ();
+    my @cascade_copy = (@disable_cascades);
+    while (@cascade_copy) {
+	my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy);
+	if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
+	    foreach(grep { !defined($disabled{$_}) } @$descendents) {
+		$new_tocheckfor{$_} = 1; $disabled{$_} = "forced";
+	    }
+	}
+    }
+    @tocheckfor = (keys %new_tocheckfor);
+}
+
+our $die = sub { die @_; };
+if ($target eq "TABLE") {
+    local $die = sub { warn @_; };
+    foreach (sort keys %table) {
+	print_table_entry($_, "TABLE");
+    }
+    exit 0;
+}
+
+if ($target eq "LIST") {
+    foreach (sort keys %table) {
+	print $_,"\n" unless $table{$_}->{template};
+    }
+    exit 0;
+}
+
+if ($target eq "HASH") {
+    local $die = sub { warn @_; };
+    print "%table = (\n";
+    foreach (sort keys %table) {
+	print_table_entry($_, "HASH");
+    }
+    exit 0;
+}
+
+# Backward compatibility?
+if ($target =~ m/^CygWin32(-.*)$/) {
+    $target = "Cygwin".$1;
+}
+
+foreach (sort (keys %disabled))
+	{
+	$config{options} .= " no-$_";
+
+	printf "    no-%-12s %-10s", $_, "[$disabled{$_}]";
+
+	if (/^dso$/)
+		{ }
+	elsif (/^threads$/)
+		{ }
+	elsif (/^shared$/)
+		{ }
+	elsif (/^pic$/)
+		{ }
+	elsif (/^zlib$/)
+		{ }
+	elsif (/^dynamic-engine$/)
+		{ }
+	elsif (/^makedepend$/)
+		{ }
+	elsif (/^zlib-dynamic$/)
+		{ }
+	elsif (/^sse2$/)
+		{ }
+	elsif (/^engine$/)
+		{
+		@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
+		@{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}};
+		push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE";
+		print " OPENSSL_NO_ENGINE (skip engines)";
+		}
+	else
+		{
+		my ($WHAT, $what);
+
+		($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/;
+
+		# Fix up C macro end names
+		$WHAT = "RMD160" if $what eq "ripemd";
+
+		# fix-up crypto/directory name(s)
+		$what = "ripemd" if $what eq "rmd160";
+		$what = "whrlpool" if $what eq "whirlpool";
+
+		if ($what ne "async" && $what ne "err"
+		    && grep { $_ eq $what } @{$config{sdirs}})
+			{
+			push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT";
+			@{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}};
+
+			print " OPENSSL_NO_$WHAT (skip dir)";
+			}
+		else
+			{
+			push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
+			print " OPENSSL_NO_$WHAT";
+			}
+		}
+
+	print "\n";
+	}
+
+print "Configuring for $target\n";
+
+# Support for legacy targets having a name starting with 'debug-'
+my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
+if ($d) {
+    $config{build_type} = "debug";
+
+    # If we do not find debug-foo in the table, the target is set to foo.
+    if (!$table{$target}) {
+	$target = $t;
+    }
+}
+$config{target} = $target;
+my %target = resolve_config($target);
+
+&usage if (!%target || $target{template});
+
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
+%target = ( %{$table{DEFAULTS}}, %target );
+
+$target{exe_extension}="";
+$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"
+                                  || $config{target} =~ /^(?:Cygwin|mingw)/);
+$target{exe_extension}=".pm"  if ($config{target} =~ /vos/);
+
+($target{shared_extension_simple}=$target{shared_extension})
+    =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\)||;
+$target{dso_extension}=$target{shared_extension_simple};
+($target{shared_import_extension}=$target{shared_extension_simple}.".a")
+    if ($config{target} =~ /^(?:Cygwin|mingw)/);
+
+
+$config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
+    if $config{cross_compile_prefix} eq "";
+
+# Allow overriding the names of some tools.  USE WITH CARE
+# Note: only Unix cares about HASHBANGPERL...  that explains
+# the default string.
+$config{perl} =    $ENV{'PERL'}    || ($^O ne "VMS" ? $^X : "perl");
+$config{hashbangperl} =
+    $ENV{'HASHBANGPERL'}           || $ENV{'PERL'}     || "/usr/bin/env perl";
+$target{cc} =      $ENV{'CC'}      || $target{cc}      || "cc";
+$target{ranlib} =  $ENV{'RANLIB'}  || $target{ranlib}  ||
+                   (which("$config{cross_compile_prefix}ranlib") ?
+                          "\$(CROSS_COMPILE)ranlib" : "true");
+$target{ar} =      $ENV{'AR'}      || $target{ar}      || "ar";
+$target{nm} =      $ENV{'NM'}      || $target{nm}      || "nm";
+$target{rc} =
+    $ENV{'RC'}  || $ENV{'WINDRES'} || $target{rc}      || "windres";
+
+# Allow overriding the build file name
+$target{build_file} = $ENV{BUILDFILE} || $target{build_file} || "Makefile";
+
+# Cache information necessary for reconfiguration
+$config{cc} = $target{cc};
+$config{build_file} = $target{build_file};
+
+# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
+# or release_ attributes.
+# Do it in such a way that no spurious space is appended (hence the grep).
+$config{defines} = [];
+$config{cflags} = "";
+$config{ex_libs} = "";
+$config{shared_ldflag} = "";
+
+# Make sure build_scheme is consistent.
+$target{build_scheme} = [ $target{build_scheme} ]
+    if ref($target{build_scheme}) ne "ARRAY";
+
+my ($builder, $builder_platform, @builder_opts) =
+    @{$target{build_scheme}};
+
+foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+                      $builder_platform."-checker.pm")) {
+    my $checker_path = catfile($srcdir, "Configurations", $checker);
+    if (-f $checker_path) {
+        my $fn = $ENV{CONFIGURE_CHECKER_WARN}
+            ? sub { warn $@; } : sub { die $@; };
+        if (! do $checker_path) {
+            if ($@) {
+                $fn->($@);
+            } elsif ($!) {
+                $fn->($!);
+            } else {
+                $fn->("The detected tools didn't match the platform\n");
+            }
+        }
+        last;
+    }
+}
+
+push @{$config{defines}}, "NDEBUG"    if $config{build_type} eq "release";
+
+if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
+	{
+	$config{cflags} .= " -mno-cygwin";
+	$config{shared_ldflag} .= " -mno-cygwin";
+	}
+
+if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) {
+	# minimally required architecture flags for assembly modules
+	$config{cflags}="-mips2 $config{cflags}" if ($target =~ /mips32/);
+	$config{cflags}="-mips3 $config{cflags}" if ($target =~ /mips64/);
+}
+
+my $no_shared_warn=0;
+my $no_user_cflags=0;
+my $no_user_defines=0;
+
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+if (!$disabled{dso} && $target{dso_scheme} ne "")
+	{
+	$target{dso_scheme} =~ tr/[a-z]/[A-Z]/;
+	if ($target{dso_scheme} eq "DLFCN")
+		{
+		unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H";
+		}
+	elsif ($target{dso_scheme} eq "DLFCN_NO_H")
+		{
+		unshift @{$config{defines}}, "DSO_DLFCN";
+		}
+	else
+		{
+		unshift @{$config{defines}}, "DSO_$target{dso_scheme}";
+		}
+	}
+
+$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
+
+if ($disabled{asm})
+	{
+	if ($config{fips})
+		{
+		@{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
+		@{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
+		}
+	}
+
+# If threads aren't disabled, check how possible they are
+unless ($disabled{threads}) {
+    if ($auto_threads) {
+        # Enabled by default, disable it forcibly if unavailable
+        if ($target{thread_scheme} eq "(unknown)") {
+            $disabled{threads} = "unavailable";
+        }
+    } else {
+        # The user chose to enable threads explicitly, let's see
+        # if there's a chance that's possible
+        if ($target{thread_scheme} eq "(unknown)") {
+            # If the user asked for "threads" and we don't have internal
+            # knowledge how to do it, [s]he is expected to provide any
+            # system-dependent compiler options that are necessary.  We
+            # can't truly check that the given options are correct, but
+            # we expect the user to know what [s]He is doing.
+            if ($no_user_cflags && $no_user_defines) {
+                die "You asked for multi-threading support, but didn't\n"
+                    ,"provide any system-specific compiler options\n";
+            }
+        }
+    }
+}
+
+# If threads still aren't disabled, add a C macro to ensure the source
+# code knows about it.  Any other flag is taken care of by the configs.
+unless($disabled{threads}) {
+    foreach (("defines", "openssl_thread_defines")) {
+        push @{$config{$_}}, "OPENSSL_THREADS";
+    }
+}
+
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+        $config{api} = $maxapi;
+}
+
+if ($target{shared_target} eq "")
+	{
+	$no_shared_warn = 1
+	    if ((!$disabled{shared} || !$disabled{"dynamic-engine"})
+		&& !$config{fips});
+	$disabled{shared} = "no-shared-target";
+	$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
+	    "no-shared-target";
+	}
+
+if ($disabled{"dynamic-engine"}) {
+        push @{$config{defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
+        $config{dynamic_engines} = 0;
+} else {
+        push @{$config{defines}}, "OPENSSL_NO_STATIC_ENGINE";
+        $config{dynamic_engines} = 1;
+}
+
+unless ($disabled{"fuzz-libfuzzer"}) {
+    $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
+}
+
+unless ($disabled{asan}) {
+    $config{cflags} .= "-fsanitize=address ";
+}
+
+unless ($disabled{ubsan}) {
+    # -DPEDANTIC or -fnosanitize=alignment may also be required on some
+    # platforms.
+    $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
+}
+
+unless ($disabled{msan}) {
+  $config{cflags} .= "-fsanitize=memory ";
+}
+
+unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
+        && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) {
+    $config{cflags} .= "-fno-omit-frame-pointer -g ";
+}
+#
+# Platform fix-ups
+#
+
+# This saves the build files from having to check
+if ($disabled{pic})
+	{
+	$target{shared_cflag} = $target{shared_ldflag} =
+		$target{shared_rcflag} = "";
+	}
+else
+	{
+	push @{$config{defines}}, "OPENSSL_PIC";
+	}
+
+if ($target{sys_id} ne "")
+	{
+	push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}";
+	}
+
+unless ($disabled{asm}) {
+    $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
+    $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
+
+    # bn-586 is the only one implementing bn_*_part_words
+    push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
+    push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
+
+    push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
+    push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
+    push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
+
+    if ($config{fips}) {
+	push @{$config{openssl_other_defines}}, "OPENSSL_FIPS";
+    }
+
+    if ($target{sha1_asm_src}) {
+	push @{$config{defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
+	push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
+	push @{$config{defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/);
+    }
+    if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) {
+	push @{$config{defines}}, "RC4_ASM";
+    }
+    if ($target{md5_asm_src}) {
+	push @{$config{defines}}, "MD5_ASM";
+    }
+    $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC
+    if ($target{rmd160_asm_src}) {
+	push @{$config{defines}}, "RMD160_ASM";
+    }
+    if ($target{aes_asm_src}) {
+	push @{$config{defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
+	# aes-ctr.fake is not a real file, only indication that assembler
+	# module implements AES_ctr32_encrypt...
+	push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
+	# aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
+	push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
+	$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
+	push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
+	push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
+    }
+    if ($target{wp_asm_src} =~ /mmx/) {
+        if ($config{processor} eq "386") {
+	    $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src};
+	} elsif (!$disabled{"whirlpool"}) {
+	    push @{$config{defines}}, "WHIRLPOOL_ASM";
+	}
+    }
+    if ($target{modes_asm_src} =~ /ghash-/) {
+	push @{$config{defines}}, "GHASH_ASM";
+    }
+    if ($target{ec_asm_src} =~ /ecp_nistz256/) {
+	push @{$config{defines}}, "ECP_NISTZ256_ASM";
+    }
+    if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
+	push @{$config{defines}}, "PADLOCK_ASM";
+    }
+    if ($target{poly1305_asm_src} ne "") {
+	push @{$config{defines}}, "POLY1305_ASM";
+    }
+}
+
+my %predefined;
+
+if ($^O ne "VMS") {
+    my $cc = "$config{cross_compile_prefix}$target{cc}";
+
+    # collect compiler pre-defines from gcc or gcc-alike...
+    open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
+    while (<PIPE>) {
+	m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+	$predefined{$1} = $2 // "";
+    }
+    close(PIPE);
+
+    if (!$disabled{makedepend}) {
+	# We know that GNU C version 3 and up as well as all clang
+	# versions support dependency generation
+	if ($predefined{__GNUC__} >= 3) {
+	    $config{makedepprog} = $cc;
+	} else {
+	    $config{makedepprog} = which('makedepend');
+	    $disabled{makedepend} = "unavailable" unless $config{makedepprog};
+	}
+    }
+}
+
+
+
+# Deal with bn_ops ###################################################
+
+$config{bn_ll}			=0;
+$config{export_var_as_fn}	=0;
+my $def_int="unsigned int";
+$config{rc4_int}		=$def_int;
+($config{b64l},$config{b64},$config{b32})=(0,0,1);
+
+my $count = 0;
+foreach (sort split(/\s+/,$target{bn_ops})) {
+    $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/;
+    $config{export_var_as_fn}=1                 if $_ eq 'EXPORT_VAR_AS_FN';
+    $config{bn_ll}=1				if $_ eq 'BN_LLONG';
+    $config{rc4_int}="unsigned char"		if $_ eq 'RC4_CHAR';
+    ($config{b64l},$config{b64},$config{b32})
+	=(0,1,0)				if $_ eq 'SIXTY_FOUR_BIT';
+    ($config{b64l},$config{b64},$config{b32})
+	=(1,0,0)				if $_ eq 'SIXTY_FOUR_BIT_LONG';
+    ($config{b64l},$config{b64},$config{b32})
+	=(0,0,1)				if $_ eq 'THIRTY_TWO_BIT';
+}
+die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set in bn_ops\n"
+    if $count > 1;
+
+
+# Hack cflags for better warnings (dev option) #######################
+
+# "Stringify" the C flags string.  This permits it to be made part of a string
+# and works as well on command lines.
+$config{cflags} =~ s/([\\\"])/\\$1/g;
+
+if (defined($config{api})) {
+    $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ];
+    my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}});
+    push @{$config{defines}}, $apiflag;
+}
+
+if ($strict_warnings)
+	{
+	my $wopt;
+	die "ERROR --strict-warnings requires gcc or gcc-alike"
+            unless defined($predefined{__GNUC__});
+	foreach $wopt (split /\s+/, $gcc_devteam_warn)
+		{
+		$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
+		}
+	if (defined($predefined{__clang__}))
+		{
+		foreach $wopt (split /\s+/, $clang_devteam_warn)
+			{
+			$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
+			}
+		}
+	}
+
+unless ($disabled{"crypto-mdebug-backtrace"})
+	{
+	foreach my $wopt (split /\s+/, $memleak_devteam_backtrace)
+		{
+		$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
+		}
+	if ($target =~ /^BSD-/)
+		{
+		$config{ex_libs} .= " -lexecinfo";
+		}
+	}
+
+if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; }
+else                    { $no_user_cflags=1;  }
+if (@user_defines) { $config{defines}=[ @{$config{defines}}, @user_defines ]; }
+else               { $no_user_defines=1;    }
+
+# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON
+
+unless ($disabled{afalgeng}) {
+    $config{afalgeng}="";
+    if ($target =~ m/^linux/) {
+        my $minver = 4*10000 + 1*100 + 0;
+        if ($config{cross_compile_prefix} eq "") {
+            my $verstr = `uname -r`;
+            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+            ($mi2) = $mi2 =~ /(\d+)/;
+            my $ver = $ma*10000 + $mi1*100 + $mi2;
+            if ($ver < $minver) {
+                $disabled{afalgeng} = "too-old-kernel";
+            } else {
+                push @{$config{engdirs}}, "afalg";
+            }
+        } else {
+            $disabled{afalgeng} = "cross-compiling";
+        }
+    } else {
+        $disabled{afalgeng}  = "not-linux";
+    }
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
+
+# If we use the unified build, collect information from build.info files
+my %unified_info = ();
+
+my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
+if ($builder eq "unified") {
+    use with_fallback qw(Text::Template);
+
+    sub cleandir {
+        my $base = shift;
+        my $dir = shift;
+        my $relativeto = shift || ".";
+
+        $dir = catdir($base,$dir) unless isabsolute($dir);
+
+        # Make sure the directories we're building in exists
+        mkpath($dir);
+
+        my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
+        #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
+        return $res;
+    }
+
+    sub cleanfile {
+        my $base = shift;
+        my $file = shift;
+        my $relativeto = shift || ".";
+
+        $file = catfile($base,$file) unless isabsolute($file);
+
+        my $d = dirname($file);
+        my $f = basename($file);
+
+        # Make sure the directories we're building in exists
+        mkpath($d);
+
+        my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
+        #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
+        return $res;
+    }
+
+    # Store the name of the template file we will build the build file from
+    # in %config.  This may be useful for the build file itself.
+    my @build_file_template_names =
+	( $builder_platform."-".$target{build_file}.".tmpl",
+	  $target{build_file}.".tmpl" );
+    my @build_file_templates = ();
+
+    # First, look in the user provided directory, if given
+    if (defined $ENV{$local_config_envname}) {
+	@build_file_templates =
+	    map {
+		if ($^O eq 'VMS') {
+		    # VMS environment variables are logical names,
+		    # which can be used as is
+		    $local_config_envname . ':' . $_;
+		} else {
+		    catfile($ENV{$local_config_envname}, $_);
+		}
+	    }
+	    @build_file_template_names;
+    }
+    # Then, look in our standard directory
+    push @build_file_templates,
+	( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+	  @build_file_template_names );
+
+    my $build_file_template;
+    for $_ (@build_file_templates) {
+	$build_file_template = $_;
+        last if -f $build_file_template;
+
+        $build_file_template = undef;
+    }
+    if (!defined $build_file_template) {
+	die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
+    }
+    $config{build_file_templates}
+      = [ $build_file_template,
+          cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
+                    $blddir) ];
+
+    my @build_infos = ( [ ".", "build.info" ] );
+    foreach (@{$config{dirs}}) {
+        push @build_infos, [ $_, "build.info" ]
+            if (-f catfile($srcdir, $_, "build.info"));
+    }
+    foreach (@{$config{sdirs}}) {
+        push @build_infos, [ catdir("crypto", $_), "build.info" ]
+            if (-f catfile($srcdir, "crypto", $_, "build.info"));
+    }
+    foreach (@{$config{engdirs}}) {
+        push @build_infos, [ catdir("engines", $_), "build.info" ]
+            if (-f catfile($srcdir, "engines", $_, "build.info"));
+    }
+
+    $config{build_infos} = [ ];
+
+    foreach (@build_infos) {
+        my $sourced = catdir($srcdir, $_->[0]);
+        my $buildd = catdir($blddir, $_->[0]);
+
+        mkpath($buildd);
+
+        my $f = $_->[1];
+        # The basic things we're trying to build
+        my @programs = ();
+        my @programs_install = ();
+        my @libraries = ();
+        my @libraries_install = ();
+        my @engines = ();
+        my @engines_install = ();
+        my @scripts = ();
+        my @scripts_install = ();
+        my @extra = ();
+        my @overrides = ();
+        my @intermediates = ();
+        my @rawlines = ();
+
+        my %ordinals = ();
+        my %sources = ();
+        my %shared_sources = ();
+        my %includes = ();
+        my %depends = ();
+        my %renames = ();
+        my %sharednames = ();
+        my %generate = ();
+
+        # We want to detect configdata.pm in the source tree, so we
+        # don't use it if the build tree is different.
+        my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+
+        push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
+        my $template =
+            Text::Template->new(TYPE => 'FILE',
+                                SOURCE => catfile($sourced, $f),
+                                PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
+        die "Something went wrong with $sourced/$f: $!\n" unless $template;
+        my @text =
+            split /^/m,
+            $template->fill_in(HASH => { config => \%config,
+                                         target => \%target,
+                                         disabled => \%disabled,
+                                         withargs => \%withargs,
+                                         builddir => abs2rel($buildd, $blddir),
+                                         sourcedir => abs2rel($sourced, $blddir),
+                                         buildtop => abs2rel($blddir, $blddir),
+                                         sourcetop => abs2rel($srcdir, $blddir) },
+                               DELIMITERS => [ "{-", "-}" ]);
+
+        # The top item of this stack has the following values
+        # -2 positive already run and we found ELSE (following ELSIF should fail)
+        # -1 positive already run (skip until ENDIF)
+        # 0 negatives so far (if we're at a condition, check it)
+        # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
+        # 2 positive ELSE (following ELSIF should fail)
+        my @skip = ();
+        collect_information(
+            collect_from_array([ @text ],
+                               qr/\\$/ => sub { my $l1 = shift; my $l2 = shift;
+                                                $l1 =~ s/\\$//; $l1.$l2 }),
+            # Info we're looking for
+            qr/^\s*IF\[((?:\\.|[^\\\]])*)\]\s*$/
+            => sub {
+                if (! @skip || $skip[$#skip] > 0) {
+                    push @skip, !! $1;
+                } else {
+                    push @skip, -1;
+                }
+            },
+            qr/^\s*ELSIF\[((?:\\.|[^\\\]])*)\]\s*$/
+            => sub { die "ELSIF out of scope" if ! @skip;
+                     die "ELSIF following ELSE" if abs($skip[$#skip]) == 2;
+                     $skip[$#skip] = -1 if $skip[$#skip] != 0;
+                     $skip[$#skip] = !! $1
+                         if $skip[$#skip] == 0; },
+            qr/^\s*ELSE\s*$/
+            => sub { die "ELSE out of scope" if ! @skip;
+                     $skip[$#skip] = -2 if $skip[$#skip] != 0;
+                     $skip[$#skip] = 2 if $skip[$#skip] == 0; },
+            qr/^\s*ENDIF\s*$/
+            => sub { die "ENDIF out of scope" if ! @skip;
+                     pop @skip; },
+            qr/^\s*PROGRAMS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @programs, @x;
+                    push @programs_install, @x unless $install;
+                }
+            },
+            qr/^\s*LIBS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @libraries, @x;
+                    push @libraries_install, @x unless $install;
+                }
+            },
+            qr/^\s*ENGINES(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @engines, @x;
+                    push @engines_install, @x unless $install;
+                }
+            },
+            qr/^\s*SCRIPTS(_NO_INST)?\s*=\s*(.*)\s*$/
+            => sub {
+                if (!@skip || $skip[$#skip] > 0) {
+                    my $install = $1;
+                    my @x = tokenize($2);
+                    push @scripts, @x;
+                    push @scripts_install, @x unless $install;
+                }
+            },
+            qr/^\s*EXTRA\s*=\s*(.*)\s*$/
+            => sub { push @extra, tokenize($1)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
+            => sub { push @overrides, tokenize($1)
+                         if !@skip || $skip[$#skip] > 0 },
+
+            qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
+            => sub { push @{$ordinals{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$sources{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$shared_sources{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$includes{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*DEPEND\[((?:\\.|[^\\\]])*)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$depends{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$generate{$1}}, $2
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$renames{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*SHARED_NAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+            => sub { push @{$sharednames{$1}}, tokenize($2)
+                         if !@skip || $skip[$#skip] > 0 },
+            qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
+            => sub {
+                my $lineiterator = shift;
+                my $target_kind = $1;
+                while (defined $lineiterator->()) {
+                    s|\R$||;
+                    if (/^\s*ENDRAW\[((?:\\.|[^\\\]])+)\]\s*$/) {
+                        die "ENDRAW doesn't match BEGINRAW"
+                            if $1 ne $target_kind;
+                        last;
+                    }
+                    next if @skip && $skip[$#skip] <= 0;
+                    push @rawlines,  $_
+                        if ($target_kind eq $target{build_file}
+                            || $target_kind eq $target{build_file}."(".$builder_platform.")");
+                }
+            },
+            qr/^(?:#.*|\s*)$/ => sub { },
+            "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" },
+            "BEFORE" => sub {
+                if ($buildinfo_debug) {
+                    print STDERR "DEBUG: Parsing ",join(" ", @_),"\n";
+                    print STDERR "DEBUG: ... before parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n";
+                }
+            },
+            "AFTER" => sub {
+                if ($buildinfo_debug) {
+                    print STDERR "DEBUG: .... after parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n";
+                }
+            },
+            );
+        die "runaway IF?" if (@skip);
+
+        foreach (keys %renames) {
+            die "$_ renamed to more than one thing: "
+                ,join(" ", @{$renames{$_}}),"\n"
+                if scalar @{$renames{$_}} > 1;
+            my $dest = cleanfile($buildd, $_, $blddir);
+            my $to = cleanfile($buildd, $renames{$_}->[0], $blddir);
+            die "$dest renamed to more than one thing: "
+                ,$unified_info{rename}->{$dest}, $to
+                unless !defined($unified_info{rename}->{$dest})
+                or $unified_info{rename}->{$dest} eq $to;
+            $unified_info{rename}->{$dest} = $to;
+        }
+
+        foreach (@programs) {
+            my $program = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$program}) {
+                $program = $unified_info{rename}->{$program};
+            }
+            $unified_info{programs}->{$program} = 1;
+        }
+
+        foreach (@programs_install) {
+            my $program = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$program}) {
+                $program = $unified_info{rename}->{$program};
+            }
+            $unified_info{install}->{programs}->{$program} = 1;
+        }
+
+        foreach (@libraries) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{libraries}->{$library} = 1;
+        }
+
+        foreach (@libraries_install) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{install}->{libraries}->{$library} = 1;
+        }
+
+        die <<"EOF" if scalar @engines and !$config{dynamic_engines};
+ENGINES can only be used if configured with 'dynamic-engine'.
+This is usually a fault in a build.info file.
+EOF
+        foreach (@engines) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{engines}->{$library} = 1;
+        }
+
+        foreach (@engines_install) {
+            my $library = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$library}) {
+                $library = $unified_info{rename}->{$library};
+            }
+            $unified_info{install}->{engines}->{$library} = 1;
+        }
+
+        foreach (@scripts) {
+            my $script = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$script}) {
+                $script = $unified_info{rename}->{$script};
+            }
+            $unified_info{scripts}->{$script} = 1;
+        }
+
+        foreach (@scripts_install) {
+            my $script = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$script}) {
+                $script = $unified_info{rename}->{$script};
+            }
+            $unified_info{install}->{scripts}->{$script} = 1;
+        }
+
+        foreach (@extra) {
+            my $extra = cleanfile($buildd, $_, $blddir);
+            $unified_info{extra}->{$extra} = 1;
+        }
+
+        foreach (@overrides) {
+            my $override = cleanfile($buildd, $_, $blddir);
+            $unified_info{overrides}->{$override} = 1;
+        }
+
+        push @{$unified_info{rawlines}}, @rawlines;
+
+        unless ($disabled{shared}) {
+            # Check sharednames.
+            foreach (keys %sharednames) {
+                my $dest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$dest}) {
+                    $dest = $unified_info{rename}->{$dest};
+                }
+                die "shared_name for $dest with multiple values: "
+                    ,join(" ", @{$sharednames{$_}}),"\n"
+                    if scalar @{$sharednames{$_}} > 1;
+                my $to = cleanfile($buildd, $sharednames{$_}->[0], $blddir);
+                die "shared_name found for a library $dest that isn't defined\n"
+                    unless $unified_info{libraries}->{$dest};
+                die "shared_name for $dest with multiple values: "
+                    ,$unified_info{sharednames}->{$dest}, ", ", $to
+                    unless !defined($unified_info{sharednames}->{$dest})
+                    or $unified_info{sharednames}->{$dest} eq $to;
+                $unified_info{sharednames}->{$dest} = $to;
+            }
+
+            # Additionally, we set up sharednames for libraries that don't
+            # have any, as themselves.
+            foreach (keys %{$unified_info{libraries}}) {
+                if (!defined $unified_info{sharednames}->{$_}) {
+                    $unified_info{sharednames}->{$_} = $_
+                }
+            }
+        }
+
+        foreach (keys %ordinals) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            foreach (@{$ordinals{$dest}}) {
+                my %known_ordinals =
+                    (
+                     crypto =>
+                     cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir),
+                     ssl =>
+                     cleanfile($sourced, catfile("util", "libssl.num"), $blddir)
+                    );
+                my $o = $known_ordinals{$_};
+                die "Ordinals for $ddest defined more than once\n"
+                    if $unified_info{ordinals}->{$ddest};
+                $unified_info{ordinals}->{$ddest} = [ $_, $o ];
+            }
+        }
+
+        foreach (keys %sources) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            foreach (@{$sources{$dest}}) {
+                my $s = cleanfile($sourced, $_, $blddir);
+
+                # If it isn't in the source tree, we assume it's generated
+                # in the build tree
+                if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
+                    $s = cleanfile($buildd, $_, $blddir);
+                }
+                # We recognise C and asm files
+                if ($s =~ /\.[csS]\b$/) {
+                    (my $o = $_) =~ s/\.[csS]\b$/.o/;
+                    $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } else {
+                    $unified_info{sources}->{$ddest}->{$s} = 1;
+                }
+            }
+        }
+
+        foreach (keys %shared_sources) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            foreach (@{$shared_sources{$dest}}) {
+                my $s = cleanfile($sourced, $_, $blddir);
+
+                # If it isn't in the source tree, we assume it's generated
+                # in the build tree
+                if ($s eq $src_configdata || ! -f $s || $generate{$_}) {
+                    $s = cleanfile($buildd, $_, $blddir);
+                }
+                # We recognise C and asm files
+                if ($s =~ /\.[csS]\b$/) {
+                    (my $o = $_) =~ s/\.[csS]\b$/.o/;
+                    $o = cleanfile($buildd, $o, $blddir);
+                    $unified_info{shared_sources}->{$ddest}->{$o} = 1;
+                    $unified_info{sources}->{$o}->{$s} = 1;
+                } else {
+                    die "unrecognised source file type for shared library: $s\n";
+                }
+            }
+        }
+
+        foreach (keys %generate) {
+            my $dest = $_;
+            my $ddest = cleanfile($buildd, $_, $blddir);
+            if ($unified_info{rename}->{$ddest}) {
+                $ddest = $unified_info{rename}->{$ddest};
+            }
+            die "more than one generator for $dest: "
+                    ,join(" ", @{$generate{$_}}),"\n"
+                    if scalar @{$generate{$_}} > 1;
+            my @generator = split /\s+/, $generate{$dest}->[0];
+            $generator[0] = cleanfile($sourced, $generator[0], $blddir),
+            $unified_info{generate}->{$ddest} = [ @generator ];
+        }
+
+        foreach (keys %depends) {
+            my $dest = $_;
+            my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir);
+
+            # If the destination doesn't exist in source, it can only be
+            # a generated file in the build tree.
+            if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
+                $ddest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$ddest}) {
+                    $ddest = $unified_info{rename}->{$ddest};
+                }
+            }
+            foreach (@{$depends{$dest}}) {
+                my $d = cleanfile($sourced, $_, $blddir);
+
+                # If we know it's generated, or assume it is because we can't
+                # find it in the source tree, we set file we depend on to be
+                # in the build tree rather than the source tree, and assume
+                # and that there are lines to build it in a BEGINRAW..ENDRAW
+                # section or in the Makefile template.
+                if ($d eq $src_configdata
+                    || ! -f $d
+                    || (grep { $d eq $_ }
+                        map { cleanfile($srcdir, $_, $blddir) }
+                        grep { /\.h$/ } keys %{$unified_info{generate}})) {
+                    $d = cleanfile($buildd, $_, $blddir);
+                }
+                # Take note if the file to depend on is being renamed
+                if ($unified_info{rename}->{$d}) {
+                    $d = $unified_info{rename}->{$d};
+                }
+                $unified_info{depends}->{$ddest}->{$d} = 1;
+            }
+        }
+
+        foreach (keys %includes) {
+            my $dest = $_;
+            my $ddest = cleanfile($sourced, $_, $blddir);
+
+            # If the destination doesn't exist in source, it can only be
+            # a generated file in the build tree.
+            if ($ddest eq $src_configdata || ! -f $ddest) {
+                $ddest = cleanfile($buildd, $_, $blddir);
+                if ($unified_info{rename}->{$ddest}) {
+                    $ddest = $unified_info{rename}->{$ddest};
+                }
+            }
+            foreach (@{$includes{$dest}}) {
+                my $is = cleandir($sourced, $_, $blddir);
+                my $ib = cleandir($buildd, $_, $blddir);
+                push @{$unified_info{includes}->{$ddest}->{source}}, $is
+                    unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
+                push @{$unified_info{includes}->{$ddest}->{build}}, $ib
+                    unless grep { $_ eq $ib } @{$unified_info{includes}->{$ddest}->{build}};
+            }
+        }
+    }
+
+    # Massage the result
+
+    # If we depend on a header file or a perl module, add an inclusion of
+    # its directory to allow smoothe inclusion
+    foreach my $dest (keys %{$unified_info{depends}}) {
+        next if $dest eq "";
+        foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
+            next unless $d =~ /\.(h|pm)$/;
+            my $i = dirname($d);
+            my $spot =
+                $d eq "configdata.pm" || defined($unified_info{generate}->{$d})
+                ? 'build' : 'source';
+            push @{$unified_info{includes}->{$dest}->{$spot}}, $i
+                unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}};
+        }
+    }
+
+    # Trickle down includes placed on libraries, engines and programs to
+    # their sources (i.e. object files)
+    foreach my $dest (keys %{$unified_info{engines}},
+                      keys %{$unified_info{libraries}},
+                      keys %{$unified_info{programs}}) {
+        foreach my $k (("source", "build")) {
+            next unless defined($unified_info{includes}->{$dest}->{$k});
+            my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
+            foreach my $obj (grep /\.o$/,
+                             (keys %{$unified_info{sources}->{$dest}},
+                              keys %{$unified_info{shared_sources}->{$dest}})) {
+                foreach my $inc (@incs) {
+                    unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
+                        unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
+                }
+            }
+        }
+        delete $unified_info{includes}->{$dest};
+    }
+
+    ### Make unified_info a bit more efficient
+    # One level structures
+    foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
+        $unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
+    }
+    # Two level structures
+    foreach my $l1 (("install", "sources", "shared_sources", "ldadd", "depends")) {
+        foreach my $l2 (sort keys %{$unified_info{$l1}}) {
+            $unified_info{$l1}->{$l2} =
+                [ sort keys %{$unified_info{$l1}->{$l2}} ];
+        }
+    }
+    # Includes
+    foreach my $dest (sort keys %{$unified_info{includes}}) {
+        if (defined($unified_info{includes}->{$dest}->{build})) {
+            my @source_includes = ();
+            @source_includes = ( @{$unified_info{includes}->{$dest}->{source}} )
+                if defined($unified_info{includes}->{$dest}->{source});
+            $unified_info{includes}->{$dest} =
+                [ @{$unified_info{includes}->{$dest}->{build}} ];
+            foreach my $inc (@source_includes) {
+                push @{$unified_info{includes}->{$dest}}, $inc
+                    unless grep { $_ eq $inc } @{$unified_info{includes}->{$dest}};
+            }
+        } else {
+            $unified_info{includes}->{$dest} =
+                [ @{$unified_info{includes}->{$dest}->{source}} ];
+        }
+    }
+}
+
+# For the schemes that need it, we provide the old *_obj configs
+# from the *_asm_obj ones
+foreach (grep /_(asm|aux)_src$/, keys %target) {
+    my $src = $_;
+    (my $obj = $_) =~ s/_(asm|aux)_src$/_obj/;
+    ($target{$obj} = $target{$src}) =~ s/\.[csS]\b/.o/g;
+}
+
+# Write down our configuration where it fits #########################
+
+open(OUT,">configdata.pm") || die "unable to create configdata.pm: $!\n";
+print OUT <<"EOF";
+package configdata;
+
+use strict;
+use warnings;
+
+use Exporter;
+#use vars qw(\@ISA \@EXPORT);
+our \@ISA = qw(Exporter);
+our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info \@disablables);
+
+EOF
+print OUT "our %config = (\n";
+foreach (sort keys %config) {
+    if (ref($config{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$config{$_}}), " ],\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $config{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our %target = (\n";
+foreach (sort keys %target) {
+    if (ref($target{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$target{$_}}), " ],\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $target{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \%available_protocols = (\n";
+print OUT "  tls => [ ", join(", ", map { quotify("perl", $_) } @tls), " ],\n";
+print OUT "  dtls => [ ", join(", ", map { quotify("perl", $_) } @dtls), " ],\n";
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \@disablables = (\n";
+foreach (@disablables) {
+    print OUT "  ", quotify("perl", $_), ",\n";
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our \%disabled = (\n";
+foreach (sort keys %disabled) {
+    print OUT "  ", quotify("perl", $_), " => ", quotify("perl", $disabled{$_}), ",\n";
+}
+print OUT <<"EOF";
+);
+
+EOF
+print OUT "our %withargs = (\n";
+foreach (sort keys %withargs) {
+    if (ref($withargs{$_}) eq "ARRAY") {
+	print OUT "  ", $_, " => [ ", join(", ",
+					   map { quotify("perl", $_) }
+					   @{$withargs{$_}}), " ],\n";
+    } else {
+	print OUT "  ", $_, " => ", quotify("perl", $withargs{$_}), ",\n"
+    }
+}
+print OUT <<"EOF";
+);
+
+EOF
+if ($builder eq "unified") {
+    my $recurse;
+    $recurse = sub {
+        my $indent = shift;
+        foreach (@_) {
+            if (ref $_ eq "ARRAY") {
+                print OUT " "x$indent, "[\n";
+                foreach (@$_) {
+                    $recurse->($indent + 4, $_);
+                }
+                print OUT " "x$indent, "],\n";
+            } elsif (ref $_ eq "HASH") {
+                my %h = %$_;
+                print OUT " "x$indent, "{\n";
+                foreach (sort keys %h) {
+                    if (ref $h{$_} eq "") {
+                        print OUT " "x($indent + 4), quotify("perl", $_), " => ", quotify("perl", $h{$_}), ",\n";
+                    } else {
+                        print OUT " "x($indent + 4), quotify("perl", $_), " =>\n";
+                        $recurse->($indent + 8, $h{$_});
+                    }
+                }
+                print OUT " "x$indent, "},\n";
+            } else {
+                print OUT " "x$indent, quotify("perl", $_), ",\n";
+            }
+        }
+    };
+    print OUT "our %unified_info = (\n";
+    foreach (sort keys %unified_info) {
+        if (ref $unified_info{$_} eq "") {
+            print OUT " "x4, quotify("perl", $_), " => ", quotify("perl", $unified_info{$_}), ",\n";
+        } else {
+            print OUT " "x4, quotify("perl", $_), " =>\n";
+            $recurse->(8, $unified_info{$_});
+        }
+    }
+    print OUT <<"EOF";
+);
+
+EOF
+}
+print OUT "1;\n";
+close(OUT);
+
+
+print "CC            =$config{cross_compile_prefix}$target{cc}\n";
+print "CFLAG         =$target{cflags} $config{cflags}\n";
+print "SHARED_CFLAG  =$target{shared_cflag}\n";
+print "DEFINES       =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
+print "LFLAG         =$target{lflags}\n";
+print "PLIB_LFLAG    =$target{plib_lflags}\n";
+print "EX_LIBS       =$target{ex_libs} $config{ex_libs}\n";
+print "APPS_OBJ      =$target{apps_obj}\n";
+print "CPUID_OBJ     =$target{cpuid_obj}\n";
+print "UPLINK_OBJ    =$target{uplink_obj}\n";
+print "BN_ASM        =$target{bn_obj}\n";
+print "EC_ASM        =$target{ec_obj}\n";
+print "DES_ENC       =$target{des_obj}\n";
+print "AES_ENC       =$target{aes_obj}\n";
+print "BF_ENC        =$target{bf_obj}\n";
+print "CAST_ENC      =$target{cast_obj}\n";
+print "RC4_ENC       =$target{rc4_obj}\n";
+print "RC5_ENC       =$target{rc5_obj}\n";
+print "MD5_OBJ_ASM   =$target{md5_obj}\n";
+print "SHA1_OBJ_ASM  =$target{sha1_obj}\n";
+print "RMD160_OBJ_ASM=$target{rmd160_obj}\n";
+print "CMLL_ENC      =$target{cmll_obj}\n";
+print "MODES_OBJ     =$target{modes_obj}\n";
+print "PADLOCK_OBJ   =$target{padlock_obj}\n";
+print "CHACHA_ENC    =$target{chacha_obj}\n";
+print "POLY1305_OBJ  =$target{poly1305_obj}\n";
+print "BLAKE2_OBJ    =$target{blake2_obj}\n";
+print "PROCESSOR     =$config{processor}\n";
+print "RANLIB        =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ?
+                             "$config{cross_compile_prefix}ranlib" :
+                             "$target{ranlib}", "\n";
+print "ARFLAGS       =$target{arflags}\n";
+print "PERL          =$config{perl}\n";
+print "\n";
+print "SIXTY_FOUR_BIT_LONG mode\n" if $config{b64l};
+print "SIXTY_FOUR_BIT mode\n" if $config{b64};
+print "THIRTY_TWO_BIT mode\n" if $config{b32};
+print "BN_LLONG mode\n" if $config{bn_ll};
+print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int;
+
+my %builders = (
+    unified => sub {
+        run_dofile(catfile($blddir, $target{build_file}),
+                   @{$config{build_file_templates}});
+    },
+    );
+
+$builders{$builder}->($builder_platform, @builder_opts);
+
+print <<"EOF";
+
+Configured for $target.
+EOF
+
+print <<"EOF" if ($disabled{threads} eq "unavailable");
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+EOF
+
+print <<"EOF" if ($no_shared_warn);
+
+The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this
+platform, so we will pretend you gave the option 'no-pic', which also disables
+'shared' and 'dynamic-engine'.  If you know how to implement shared libraries
+or position independent code, please let us know (but please first make sure
+you have tried with a current version of OpenSSL).
+EOF
+
+exit(0);
+
+######################################################################
+#
+# Helpers and utility functions
+#
+
+# Configuration file reading #########################################
+
+# Note: All of the helper functions are for lazy evaluation.  They all
+# return a CODE ref, which will return the intended value when evaluated.
+# Thus, whenever there's mention of a returned value, it's about that
+# intended value.
+
+# Helper function to implement conditional inheritance depending on the
+# value of $disabled{asm}.  Used in inherit_from values as follows:
+#
+#      inherit_from => [ "template", asm("asm_tmpl") ]
+#
+sub asm {
+    my @x = @_;
+    sub {
+	$disabled{asm} ? () : @x;
+    }
+}
+
+# Helper function to implement conditional value variants, with a default
+# plus additional values based on the value of $config{build_type}.
+# Arguments are given in hash table form:
+#
+#       picker(default => "Basic string: ",
+#              debug   => "debug",
+#              release => "release")
+#
+# When configuring with --debug, the resulting string will be
+# "Basic string: debug", and when not, it will be "Basic string: release"
+#
+# This can be used to create variants of sets of flags according to the
+# build type:
+#
+#       cflags => picker(default => "-Wall",
+#                        debug   => "-g -O0",
+#                        release => "-O3")
+#
+sub picker {
+    my %opts = @_;
+    return sub { add($opts{default} || (),
+                     $opts{$config{build_type}} || ())->(); }
+}
+
+# Helper function to combine several values of different types into one.
+# This is useful if you want to combine a string with the result of a
+# lazy function, such as:
+#
+#       cflags => combine("-Wall", sub { $disabled{zlib} ? () : "-DZLIB" })
+#
+sub combine {
+    my @stuff = @_;
+    return sub { add(@stuff)->(); }
+}
+
+# Helper function to implement conditional values depending on the value
+# of $disabled{threads}.  Can be used as follows:
+#
+#       cflags => combine("-Wall", threads("-pthread"))
+#
+sub threads {
+    my @flags = @_;
+    return sub { add($disabled{threads} ? () : @flags)->(); }
+}
+
+
+
+our $add_called = 0;
+# Helper function to implement adding values to already existing configuration
+# values.  It handles elements that are ARRAYs, CODEs and scalars
+sub _add {
+    my $separator = shift;
+
+    # If there's any ARRAY in the collection of values OR the separator
+    # is undef, we will return an ARRAY of combined values, otherwise a
+    # string of joined values with $separator as the separator.
+    my $found_array = !defined($separator);
+
+    my @values =
+	map {
+	    my $res = $_;
+	    while (ref($res) eq "CODE") {
+		$res = $res->();
+	    }
+	    if (defined($res)) {
+		if (ref($res) eq "ARRAY") {
+		    $found_array = 1;
+		    @$res;
+		} else {
+		    $res;
+		}
+	    } else {
+		();
+	    }
+    } (@_);
+
+    $add_called = 1;
+
+    if ($found_array) {
+	[ @values ];
+    } else {
+	join($separator, grep { defined($_) && $_ ne "" } @values);
+    }
+}
+sub add_before {
+    my $separator = " ";
+    if (ref($_[$#_]) eq "HASH") {
+        my $opts = pop;
+        $separator = $opts->{separator};
+    }
+    my @x = @_;
+    sub { _add($separator, @x, @_) };
+}
+sub add {
+    my $separator = " ";
+    if (ref($_[$#_]) eq "HASH") {
+        my $opts = pop;
+        $separator = $opts->{separator};
+    }
+    my @x = @_;
+    sub { _add($separator, @_, @x) };
+}
+
+# configuration reader, evaluates the input file as a perl script and expects
+# it to fill %targets with target configurations.  Those are then added to
+# %table.
+sub read_config {
+    my $fname = shift;
+    open(CONFFILE, "< $fname")
+	or die "Can't open configuration file '$fname'!\n";
+    my $x = $/;
+    undef $/;
+    my $content = <CONFFILE>;
+    $/ = $x;
+    close(CONFFILE);
+    my %targets = ();
+    {
+	# Protect certain tables from tampering
+	local %table = %::table;
+
+	eval $content;
+	warn $@ if $@;
+    }
+    my %preexisting = ();
+    foreach (sort keys %targets) {
+        $preexisting{$_} = 1 if $table{$_};
+    }
+    die <<"EOF",
+The following config targets from $fname
+shadow pre-existing config targets with the same name:
+EOF
+        map { "  $_\n" } sort keys %preexisting
+        if %preexisting;
+
+
+    # For each target, check that it's configured with a hash table.
+    foreach (keys %targets) {
+	if (ref($targets{$_}) ne "HASH") {
+	    if (ref($targets{$_}) eq "") {
+		warn "Deprecated target configuration for $_, ignoring...\n";
+	    } else {
+		warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n";
+	    }
+	    delete $targets{$_};
+	} else {
+            $targets{$_}->{_conf_fname_int} = add([ $fname ]);
+        }
+    }
+
+    %table = (%table, %targets);
+
+}
+
+# configuration resolver.  Will only resolve all the lazy evaluation
+# codeblocks for the chosen target and all those it inherits from,
+# recursively
+sub resolve_config {
+    my $target = shift;
+    my @breadcrumbs = @_;
+
+#    my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS});
+
+    if (grep { $_ eq $target } @breadcrumbs) {
+	die "inherit_from loop!  target backtrace:\n  "
+	    ,$target,"\n  ",join("\n  ", @breadcrumbs),"\n";
+    }
+
+    if (!defined($table{$target})) {
+	warn "Warning! target $target doesn't exist!\n";
+	return ();
+    }
+    # Recurse through all inheritances.  They will be resolved on the
+    # fly, so when this operation is done, they will all just be a
+    # bunch of attributes with string values.
+    # What we get here, though, are keys with references to lists of
+    # the combined values of them all.  We will deal with lists after
+    # this stage is done.
+    my %combined_inheritance = ();
+    if ($table{$target}->{inherit_from}) {
+	my @inherit_from =
+	    map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}};
+	foreach (@inherit_from) {
+	    my %inherited_config = resolve_config($_, $target, @breadcrumbs);
+
+	    # 'template' is a marker that's considered private to
+	    # the config that had it.
+	    delete $inherited_config{template};
+
+	    foreach (keys %inherited_config) {
+		if (!$combined_inheritance{$_}) {
+		    $combined_inheritance{$_} = [];
+		}
+		push @{$combined_inheritance{$_}}, $inherited_config{$_};
+	    }
+	}
+    }
+
+    # We won't need inherit_from in this target any more, since we've
+    # resolved all the inheritances that lead to this
+    delete $table{$target}->{inherit_from};
+
+    # Now is the time to deal with those lists.  Here's the place to
+    # decide what shall be done with those lists, all based on the
+    # values of the target we're currently dealing with.
+    # - If a value is a coderef, it will be executed with the list of
+    #   inherited values as arguments.
+    # - If the corresponding key doesn't have a value at all or is the
+    #   empty string, the inherited value list will be run through the
+    #   default combiner (below), and the result becomes this target's
+    #   value.
+    # - Otherwise, this target's value is assumed to be a string that
+    #   will simply override the inherited list of values.
+    my $default_combiner = add();
+
+    my %all_keys =
+	map { $_ => 1 } (keys %combined_inheritance,
+			 keys %{$table{$target}});
+
+    sub process_values {
+	my $object    = shift;
+	my $inherited = shift;  # Always a [ list ]
+	my $target    = shift;
+	my $entry     = shift;
+
+        $add_called = 0;
+
+        while(ref($object) eq "CODE") {
+            $object = $object->(@$inherited);
+        }
+        if (!defined($object)) {
+            return ();
+        }
+        elsif (ref($object) eq "ARRAY") {
+            local $add_called;  # To make sure recursive calls don't affect it
+            return [ map { process_values($_, $inherited, $target, $entry) }
+                     @$object ];
+        } elsif (ref($object) eq "") {
+            return $object;
+        } else {
+            die "cannot handle reference type ",ref($object)
+                ," found in target ",$target," -> ",$entry,"\n";
+        }
+    }
+
+    foreach (sort keys %all_keys) {
+        my $previous = $combined_inheritance{$_};
+
+	# Current target doesn't have a value for the current key?
+	# Assign it the default combiner, the rest of this loop body
+	# will handle it just like any other coderef.
+	if (!exists $table{$target}->{$_}) {
+	    $table{$target}->{$_} = $default_combiner;
+	}
+
+	$table{$target}->{$_} = process_values($table{$target}->{$_},
+					       $combined_inheritance{$_},
+					       $target, $_);
+        unless(defined($table{$target}->{$_})) {
+            delete $table{$target}->{$_};
+        }
+#        if ($extra_checks &&
+#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$_})) {
+#            warn "$_ got replaced in $target\n";
+#        }
+    }
+
+    # Finally done, return the result.
+    return %{$table{$target}};
+}
+
+sub usage
+	{
+	print STDERR $usage;
+	print STDERR "\npick os/compiler from:\n";
+	my $j=0;
+	my $i;
+        my $k=0;
+	foreach $i (sort keys %table)
+		{
+		next if $table{$i}->{template};
+		next if $i =~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	foreach $i (sort keys %table)
+		{
+		next if $table{$i}->{template};
+		next if $i !~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
+	exit(1);
+	}
+
+sub run_dofile
+{
+    my $out = shift;
+    my @templates = @_;
+
+    unlink $out || warn "Can't remove $out, $!"
+        if -f $out;
+    foreach (@templates) {
+        die "Can't open $_, $!" unless -f $_;
+    }
+    my $perlcmd = (quotify("maybeshell", $config{perl}))[0];
+    my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
+    #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
+    system($cmd);
+    exit 1 if $? != 0;
+    rename("$out.new", $out) || die "Can't rename $out.new, $!";
+}
+
+sub which
+{
+    my ($name)=@_;
+
+    if (eval { require IPC::Cmd; 1; }) {
+        IPC::Cmd->import();
+        return scalar IPC::Cmd::can_run($name);
+    } else {
+        # if there is $directories component in splitpath,
+        # then it's not something to test with $PATH...
+        return $name if (File::Spec->splitpath($name))[1];
+
+        foreach (File::Spec->path()) {
+            my $fullpath = catfile($_, "$name$target{exe_extension}");
+            if (-f $fullpath and -x $fullpath) {
+                return $fullpath;
+            }
+        }
+    }
+}
+
+# Configuration printer ##############################################
+
+sub print_table_entry
+{
+    my $target = shift;
+    my %target = resolve_config($target);
+    my $type = shift;
+
+    # Don't print the templates
+    return if $target{template};
+
+    my @sequence = (
+	"sys_id",
+	"cc",
+	"cflags",
+	"defines",
+	"unistd",
+	"ld",
+	"lflags",
+	"loutflag",
+	"plib_lflags",
+	"ex_libs",
+	"bn_ops",
+	"apps_aux_src",
+	"cpuid_asm_src",
+	"uplink_aux_src",
+	"bn_asm_src",
+	"ec_asm_src",
+	"des_asm_src",
+	"aes_asm_src",
+	"bf_asm_src",
+	"md5_asm_src",
+	"cast_asm_src",
+	"sha1_asm_src",
+	"rc4_asm_src",
+	"rmd160_asm_src",
+	"rc5_asm_src",
+	"wp_asm_src",
+	"cmll_asm_src",
+	"modes_asm_src",
+	"padlock_asm_src",
+	"chacha_asm_src",
+	"poly1035_asm_src",
+	"thread_scheme",
+	"perlasm_scheme",
+	"dso_scheme",
+	"shared_target",
+	"shared_cflag",
+	"shared_defines",
+	"shared_ldflag",
+	"shared_rcflag",
+	"shared_extension",
+	"dso_extension",
+	"obj_extension",
+	"exe_extension",
+	"ranlib",
+	"ar",
+	"arflags",
+	"aroutflag",
+	"rc",
+	"rcflags",
+	"rcoutflag",
+	"mt",
+	"mtflags",
+	"mtinflag",
+	"mtoutflag",
+	"multilib",
+	"build_scheme",
+	);
+
+    if ($type eq "TABLE") {
+	print "\n";
+	print "*** $target\n";
+        foreach (@sequence) {
+            if (ref($target{$_}) eq "ARRAY") {
+                printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}});
+            } else {
+                printf "\$%-12s = %s\n", $_, $target{$_};
+            }
+        }
+    } elsif ($type eq "HASH") {
+	my $largest =
+	    length((sort { length($a) <=> length($b) } @sequence)[-1]);
+	print "    '$target' => {\n";
+	foreach (@sequence) {
+	    if ($target{$_}) {
+                if (ref($target{$_}) eq "ARRAY") {
+                    print "      '",$_,"'"," " x ($largest - length($_))," => [ ",join(", ", map { "'$_'" } @{$target{$_}})," ],\n";
+                } else {
+                    print "      '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n";
+                }
+	    }
+	}
+	print "    },\n";
+    }
+}
+
+# Utility routines ###################################################
+
+# On VMS, if the given file is a logical name, File::Spec::Functions
+# will consider it an absolute path.  There are cases when we want a
+# purely syntactic check without checking the environment.
+sub isabsolute {
+    my $file = shift;
+
+    # On non-platforms, we just use file_name_is_absolute().
+    return file_name_is_absolute($file) unless $^O eq "VMS";
+
+    # If the file spec includes a device or a directory spec,
+    # file_name_is_absolute() is perfectly safe.
+    return file_name_is_absolute($file) if $file =~ m|[:\[]|;
+
+    # Here, we know the given file spec isn't absolute
+    return 0;
+}
+
+# Makes a directory absolute and cleans out /../ in paths like foo/../bar
+# On some platforms, this uses rel2abs(), while on others, realpath() is used.
+# realpath() requires that at least all path components except the last is an
+# existing directory.  On VMS, the last component of the directory spec must
+# exist.
+sub absolutedir {
+    my $dir = shift;
+
+    # realpath() is quite buggy on VMS.  It uses LIB$FID_TO_NAME, which
+    # will return the volume name for the device, no matter what.  Also,
+    # it will return an incorrect directory spec if the argument is a
+    # directory that doesn't exist.
+    if ($^O eq "VMS") {
+        return rel2abs($dir);
+    }
+
+    # We use realpath() on Unix, since no other will properly clean out
+    # a directory spec.
+    use Cwd qw/realpath/;
+
+    return realpath($dir);
+}
+
+sub quotify {
+    my %processors = (
+	perl    => sub { my $x = shift;
+			 $x =~ s/([\\\$\@"])/\\$1/g;
+			 return '"'.$x.'"'; },
+	maybeshell => sub { my $x = shift;
+			    (my $y = $x) =~ s/([\\\"])/\\$1/g;
+			    if ($x ne $y || $x =~ m|\s|) {
+				return '"'.$y.'"';
+			    } else {
+				return $x;
+			    }
+			},
+	);
+    my $for = shift;
+    my $processor =
+	defined($processors{$for}) ? $processors{$for} : sub { shift; };
+
+    return map { $processor->($_); } @_;
+}
+
+# collect_from_file($filename, $line_concat_cond_re, $line_concat)
+# $filename is a file name to read from
+# $line_concat_cond_re is a regexp detecting a line continuation ending
+# $line_concat is a CODEref that takes care of concatenating two lines
+sub collect_from_file {
+    my $filename = shift;
+    my $line_concat_cond_re = shift;
+    my $line_concat = shift;
+
+    open my $fh, $filename || die "unable to read $filename: $!\n";
+    return sub {
+        my $saved_line = "";
+        $_ = "";
+        while (<$fh>) {
+            s|\R$||;
+            if (defined $line_concat) {
+                $_ = $line_concat->($saved_line, $_);
+                $saved_line = "";
+            }
+            if (defined $line_concat_cond_re && /$line_concat_cond_re/) {
+                $saved_line = $_;
+                next;
+            }
+            return $_;
+        }
+        die "$filename ending with continuation line\n" if $_;
+        close $fh;
+        return undef;
+    }
+}
+
+# collect_from_array($array, $line_concat_cond_re, $line_concat)
+# $array is an ARRAYref of lines
+# $line_concat_cond_re is a regexp detecting a line continuation ending
+# $line_concat is a CODEref that takes care of concatenating two lines
+sub collect_from_array {
+    my $array = shift;
+    my $line_concat_cond_re = shift;
+    my $line_concat = shift;
+    my @array = (@$array);
+
+    return sub {
+        my $saved_line = "";
+        $_ = "";
+        while (defined($_ = shift @array)) {
+            s|\R$||;
+            if (defined $line_concat) {
+                $_ = $line_concat->($saved_line, $_);
+                $saved_line = "";
+            }
+            if (defined $line_concat_cond_re && /$line_concat_cond_re/) {
+                $saved_line = $_;
+                next;
+            }
+            return $_;
+        }
+        die "input text ending with continuation line\n" if $_;
+        return undef;
+    }
+}
+
+# collect_information($lineiterator, $line_continue, $regexp => $CODEref, ...)
+# $lineiterator is a CODEref that delivers one line at a time.
+# All following arguments are regex/CODEref pairs, where the regexp detects a
+# line and the CODEref does something with the result of the regexp.
+sub collect_information {
+    my $lineiterator = shift;
+    my %collectors = @_;
+
+    while(defined($_ = $lineiterator->())) {
+        s|\R$||;
+        my $found = 0;
+        if ($collectors{"BEFORE"}) {
+            $collectors{"BEFORE"}->($_);
+        }
+        foreach my $re (keys %collectors) {
+            if ($re !~ /^OTHERWISE|BEFORE|AFTER$/ && /$re/) {
+                $collectors{$re}->($lineiterator);
+                $found = 1;
+            };
+        }
+        if ($collectors{"OTHERWISE"}) {
+            $collectors{"OTHERWISE"}->($lineiterator, $_)
+                unless $found || !defined $collectors{"OTHERWISE"};
+        }
+        if ($collectors{"AFTER"}) {
+            $collectors{"AFTER"}->($_);
+        }
+    }
+}
+
+# tokenize($line)
+# $line is a line of text to split up into tokens
+# returns a list of tokens
+#
+# Tokens are divided by spaces.  If the tokens include spaces, they
+# have to be quoted with single or double quotes.  Double quotes
+# inside a double quoted token must be escaped.  Escaping is done
+# with backslash.
+# Basically, the same quoting rules apply for " and ' as in any
+# Unix shell.
+sub tokenize {
+    my $line = my $debug_line = shift;
+    my @result = ();
+
+    while ($line =~ s|^\s+||, $line ne "") {
+        my $token = "";
+        while ($line ne "" && $line !~ m|^\s|) {
+            if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) {
+                $token .= $1;
+                $line = $';
+            } elsif ($line =~ m/^'([^']*)'/) {
+                $token .= $1;
+                $line = $';
+            } elsif ($line =~ m/^(\S+)/) {
+                $token .= $1;
+                $line = $';
+            }
+        }
+        push @result, $token;
+    }
+
+    if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) {
+	print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n";
+	print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n";
+    }
+    return @result;
+}
diff --git a/openssl-1.1.0h/FAQ b/openssl-1.1.0h/FAQ
new file mode 100644
index 0000000..22c5cf7
--- /dev/null
+++ b/openssl-1.1.0h/FAQ
@@ -0,0 +1,2 @@
+The FAQ is now maintained on the web:
+        https://www.openssl.org/docs/faq.html
diff --git a/openssl-1.1.0h/INSTALL b/openssl-1.1.0h/INSTALL
new file mode 100644
index 0000000..3e21cc2
--- /dev/null
+++ b/openssl-1.1.0h/INSTALL
@@ -0,0 +1,964 @@
+
+ OPENSSL INSTALLATION
+ --------------------
+
+ This document describes installation on all supported operating
+ systems (the Linux/Unix family, OpenVMS and Windows)
+
+ To install OpenSSL, you will need:
+
+  * A make implementation
+  * Perl 5 with core modules (please read NOTES.PERL)
+  * The perl module Text::Template (please read NOTES.PERL)
+  * an ANSI C compiler
+  * a development environment in the form of development libraries and C
+    header files
+  * a supported operating system
+
+ For additional platform specific requirements, solutions to specific
+ issues and other details, please read one of these:
+
+  * NOTES.UNIX (any supported Unix like system)
+  * NOTES.VMS (OpenVMS)
+  * NOTES.WIN (any supported Windows)
+  * NOTES.DJGPP (DOS platform with DJGPP)
+
+ Notational conventions in this document
+ ---------------------------------------
+
+ Throughout this document, we use the following conventions in command
+ examples:
+
+ $ command                      Any line starting with a dollar sign
+                                ($) is a command line.
+
+ { word1 | word2 | word3 }      This denotes a mandatory choice, to be
+                                replaced with one of the given words.
+                                A simple example would be this:
+
+                                $ echo { FOO | BAR | COOKIE }
+
+                                which is to be understood as one of
+                                these:
+
+                                $ echo FOO
+                                - or -
+                                $ echo BAR
+                                - or -
+                                $ echo COOKIE
+
+ [ word1 | word2 | word3 ]      Similar to { word1 | word2 | word3 }
+                                except it's optional to give any of
+                                those.  In addition to the examples
+                                above, this would also be valid:
+
+                                $ echo
+
+ {{ target }}                   This denotes a mandatory word or
+                                sequence of words of some sort.  A
+                                simple example would be this:
+
+                                $ type {{ filename }}
+
+                                which is to be understood to use the
+                                command 'type' on some file name
+                                determined by the user.
+
+ [[ options ]]                  Similar to {{ target }}, but is
+                                optional.
+
+ Note that the notation assumes spaces around {, }, [, ], {{, }} and
+ [[, ]].  This is to differentiate from OpenVMS directory
+ specifications, which also use [ and ], but without spaces.
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  on Unix:
+
+    $ ./config
+    $ make
+    $ make test
+    $ make install
+
+  on OpenVMS:
+
+    $ @config
+    $ mms
+    $ mms test
+    $ mms install
+
+  on Windows (only pick one of the targets for configuration):
+
+    $ perl Configure { VC-WIN32 | VC-WIN64A | VC-WIN64I | VC-CE }
+    $ nmake
+    $ nmake test
+    $ nmake install
+
+ If any of these steps fails, see section Installation in Detail below.
+
+ This will build and install OpenSSL in the default location, which is:
+
+  Unix:    normal installation directories under /usr/local
+  OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
+           OpenSSL version number with underscores instead of periods.
+  Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
+
+ If you want to install it anywhere else, run config like this:
+
+  On Unix:
+
+    $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl
+
+  On OpenVMS:
+
+    $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
+
+ (Note: if you do add options to the configuration command, please make sure
+ you've read more than just this Quick Start, such as relevant NOTES.* files,
+ the options outline below, as configuration options may change the outcome
+ in otherwise unexpected ways)
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build (note that for Windows, the defaults for --prefix and
+ --openssldir depend in what configuration is used and what Windows
+ implementation OpenSSL is built on.  More notes on this in NOTES.WIN):
+
+  --api=x.y.z
+                   Don't build with support for deprecated APIs below the
+                   specified version number. For example "--api=1.1.0" will
+                   remove support for all APIS that were deprecated in OpenSSL
+                   version 1.1.0 or below.
+
+  --cross-compile-prefix=PREFIX
+                   The PREFIX to include in front of commands for your
+                   toolchain. It's likely to have to end with dash, e.g.
+                   a-b-c- would invoke GNU compiler as a-b-c-gcc, etc.
+                   Unfortunately cross-compiling is too case-specific to
+                   put together one-size-fits-all instructions. You might
+                   have to pass more flags or set up environment variables
+                   to actually make it work. Android and iOS cases are
+                   discussed in corresponding Configurations/10-main.cf
+                   sections. But there are cases when this option alone is
+                   sufficient. For example to build the mingw64 target on
+                   Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
+                   works. Naturally provided that mingw packages are
+                   installed. Today Debian and Ubuntu users have option to
+                   install a number of prepackaged cross-compilers along
+                   with corresponding run-time and development packages for
+                   "alien" hardware. To give another example
+                   "--cross-compile-prefix=mipsel-linux-gnu-" suffices
+                   in such case. Needless to mention that you have to
+                   invoke ./Configure, not ./config, and pass your target
+                   name explicitly.
+
+  --debug
+                   Build OpenSSL with debugging symbols.
+
+  --libdir=DIR
+                   The name of the directory under the top of the installation
+                   directory tree (see the --prefix option) where libraries will
+                   be installed. By default this is "lib". Note that on Windows
+                   only ".lib" files will be stored in this location. dll files
+                   will always be installed to the "bin" directory.
+
+  --openssldir=DIR
+                   Directory for OpenSSL configuration files, and also the
+                   default certificate and key store.  Defaults are:
+
+                   Unix:           /usr/local/ssl
+                   Windows:        C:\Program Files\Common Files\SSL
+                                or C:\Program Files (x86)\Common Files\SSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL-COMMON]
+
+  --prefix=DIR
+                   The top of the installation directory tree.  Defaults are:
+
+                   Unix:           /usr/local
+                   Windows:        C:\Program Files\OpenSSL
+                                or C:\Program Files (x86)\OpenSSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL-'version']
+
+  --release
+                   Build OpenSSL without debugging symbols. This is the default.
+
+  --strict-warnings
+                   This is a developer flag that switches on various compiler
+                   options recommended for OpenSSL development. It only works
+                   when using gcc or clang as the compiler. If you are
+                   developing a patch for OpenSSL then it is recommended that
+                   you use this option where possible.
+
+  --with-zlib-include=DIR
+                   The directory for the location of the zlib include file. This
+                   option is only necessary if enable-zlib (see below) is used
+                   and the include file is not already on the system include
+                   path.
+
+  --with-zlib-lib=LIB
+                   On Unix: this is the directory containing the zlib library.
+                   If not provided the system library path will be used.
+                   On Windows: this is the filename of the zlib library (with or
+                   without a path). This flag must be provided if the
+                   zlib-dynamic option is not also used. If zlib-dynamic is used
+                   then this flag is optional and a default value ("ZLIB1") is
+                   used if not provided. 
+                   On VMS: this is the filename of the zlib library (with or
+                   without a path). This flag is optional and if not provided
+                   then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
+                   used by default depending on the pointer size chosen.
+
+  no-afalgeng
+                   Don't build the AFALG engine. This option will be forced if
+                   on a platform that does not support AFALG.
+
+  enable-asan
+                   Build with the Address sanitiser. This is a developer option
+                   only. It may not work on all platforms and should never be
+                   used in production environments. It will only work when used
+                   with gcc or clang and should be used in conjunction with the
+                   no-shared option.
+
+  no-asm
+                   Do not use assembler code. On some platforms a small amount
+                   of assembler code may still be used.
+
+  no-async
+                   Do not build support for async operations.
+
+  no-autoalginit
+                   Don't automatically load all supported ciphers and digests.
+                   Typically OpenSSL will make available all of its supported
+                   ciphers and digests. For a statically linked application this
+                   may be undesirable if small executable size is an objective.
+                   This only affects libcrypto. Ciphers and digests will have to
+                   be loaded manually using EVP_add_cipher() and
+                   EVP_add_digest() if this option is used. This option will
+                   force a non-shared build.
+
+  no-autoerrinit
+                   Don't automatically load all libcrypto/libssl error strings.
+                   Typically OpenSSL will automatically load human readable
+                   error strings. For a statically linked application this may
+                   be undesirable if small executable size is an objective.
+
+
+  no-capieng
+                   Don't build the CAPI engine. This option will be forced if
+                   on a platform that does not support CAPI.
+
+  no-cms
+                   Don't build support for CMS features
+
+  no-comp
+                   Don't build support for SSL/TLS compression. If this option
+                   is left enabled (the default), then compression will only
+                   work if the zlib or zlib-dynamic options are also chosen.
+
+  enable-crypto-mdebug
+                   Build support for debugging memory allocated via
+                   OPENSSL_malloc() or OPENSSL_zalloc().
+
+  enable-crypto-mdebug-backtrace
+                   As for crypto-mdebug, but additionally provide backtrace
+                   information for allocated memory.
+                   TO BE USED WITH CARE: this uses GNU C functionality, and
+                   is therefore not usable for non-GNU config targets.  If
+                   your build complains about the use of '-rdynamic' or the
+                   lack of header file execinfo.h, this option is not for you.
+                   ALSO NOTE that even though execinfo.h is available on your
+                   system (through Gnulib), the functions might just be stubs
+                   that do nothing.
+
+  no-ct
+                   Don't build support for Certificate Transparency.
+
+  no-deprecated
+                   Don't build with support for any deprecated APIs. This is the
+                   same as using "--api" and supplying the latest version
+                   number.
+
+  no-dgram
+                   Don't build support for datagram based BIOs. Selecting this
+                   option will also force the disabling of DTLS.
+
+  no-dso
+                   Don't build support for loading Dynamic Shared Objects.
+
+  no-dynamic-engine
+                   Don't build the dynamically loaded engines. This only has an
+                   effect in a "shared" build
+
+  no-ec
+                   Don't build support for Elliptic Curves.
+
+  no-ec2m
+                   Don't build support for binary Elliptic Curves
+
+  enable-ec_nistp_64_gcc_128
+                   Enable support for optimised implementations of some commonly
+                   used NIST elliptic curves. This is only supported on some
+                   platforms.
+
+  enable-egd
+                   Build support for gathering entropy from EGD (Entropy
+                   Gathering Daemon).
+
+  no-engine
+                   Don't build support for loading engines.
+
+  no-err
+                   Don't compile in any error strings.
+
+  no-filenames
+                   Don't compile in filename and line number information (e.g.
+                   for errors and memory allocation).
+
+  enable-fuzz-libfuzzer, enable-fuzz-afl
+                   Build with support for fuzzing using either libfuzzer or AFL.
+                   These are developer options only. They may not work on all
+                   platforms and should never be used in production environments.
+                   See the file fuzz/README.md for further details.
+
+  no-gost
+                   Don't build support for GOST based ciphersuites. Note that
+                   if this feature is enabled then GOST ciphersuites are only
+                   available if the GOST algorithms are also available through
+                   loading an externally supplied engine.
+
+  enable-heartbeats
+                   Build support for DTLS heartbeats.
+
+  no-hw-padlock
+                   Don't build the padlock engine.
+
+  no-makedepend
+                   Don't generate dependencies.
+
+  no-multiblock
+                   Don't build support for writing multiple records in one
+                   go in libssl (Note: this is a different capability to the
+                   pipelining functionality).
+
+  no-nextprotoneg
+                   Don't build support for the NPN TLS extension.
+
+  no-ocsp
+                   Don't build support for OCSP.
+
+  no-pic
+                   Don't build with support for Position Independent Code.
+
+  no-posix-io
+                   Don't use POSIX IO capabilities.
+
+  no-psk
+                   Don't build support for Pre-Shared Key based ciphersuites.
+
+  no-rdrand
+                   Don't use hardware RDRAND capabilities.
+
+  no-rfc3779
+                   Don't build support for RFC3779 ("X.509 Extensions for IP
+                   Addresses and AS Identifiers")
+
+  sctp
+                   Build support for SCTP
+
+  no-shared
+                   Do not create shared libraries, only static ones.  See "Note
+                   on shared libraries" below.
+
+  no-sock
+                   Don't build support for socket BIOs
+
+  no-srp
+                   Don't build support for SRP or SRP based ciphersuites.
+
+  no-srtp
+                   Don't build SRTP support
+
+  no-sse2
+                   Exclude SSE2 code paths from 32-bit x86 assembly modules.
+                   Normally SSE2 extension is detected at run-time, but the
+                   decision whether or not the machine code will be executed
+                   is taken solely on CPU capability vector. This means that
+                   if you happen to run OS kernel which does not support SSE2
+                   extension on Intel P4 processor, then your application
+                   might be exposed to "illegal instruction" exception.
+                   There might be a way to enable support in kernel, e.g.
+                   FreeBSD kernel can  be compiled with CPU_ENABLE_SSE, and
+                   there is a way to disengage SSE2 code paths upon application
+                   start-up, but if you aim for wider "audience" running
+                   such kernel, consider no-sse2. Both the 386 and
+                   no-asm options imply no-sse2.
+
+  enable-ssl-trace
+                   Build with the SSL Trace capabilities (adds the "-trace"
+                   option to s_client and s_server).
+
+  no-static-engine
+                   Don't build the statically linked engines. This only
+                   has an impact when not built "shared".
+
+  no-stdio
+                   Don't use anything from the C header file "stdio.h" that
+                   makes use of the "FILE" type. Only libcrypto and libssl can
+                   be built in this way. Using this option will suppress
+                   building the command line applications. Additionally since
+                   the OpenSSL tests also use the command line applications the
+                   tests will also be skipped.
+
+  no-threads
+                   Don't try to build with support for multi-threaded
+                   applications.
+
+  threads
+                   Build with support for multi-threaded applications. Most
+                   platforms will enable this by default. However if on a
+                   platform where this is not the case then this will usually
+                   require additional system-dependent options! See "Note on
+                   multi-threading" below.
+
+  no-ts
+                   Don't build Time Stamping Authority support.
+
+  enable-ubsan
+                   Build with the Undefined Behaviour sanitiser. This is a
+                   developer option only. It may not work on all platforms and
+                   should never be used in production environments. It will only
+                   work when used with gcc or clang and should be used in
+                   conjunction with the "-DPEDANTIC" option (or the
+                   --strict-warnings option).
+
+  no-ui
+                   Don't build with the "UI" capability (i.e. the set of
+                   features enabling text based prompts).
+
+  enable-unit-test
+                   Enable additional unit test APIs. This should not typically
+                   be used in production deployments.
+
+  enable-weak-ssl-ciphers
+                   Build support for SSL/TLS ciphers that are considered "weak"
+                   (e.g. RC4 based ciphersuites).
+
+  zlib
+                   Build with support for zlib compression/decompression.
+
+  zlib-dynamic
+                   Like "zlib", but has OpenSSL load the zlib library
+                   dynamically when needed.  This is only supported on systems
+                   where loading of shared libraries is supported.
+
+  386
+                   In 32-bit x86 builds, when generating assembly modules,
+                   use the 80386 instruction set only (the default x86 code
+                   is more efficient, but requires at least a 486). Note:
+                   This doesn't affect code generated by compiler, you're
+                   likely to complement configuration command line with
+                   suitable compiler-specific option.
+
+  no-<prot>
+                   Don't build support for negotiating the specified SSL/TLS
+                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
+                   dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
+                   tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
+                   disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
+                   with "no-ssl3". Note this only affects version negotiation.
+                   OpenSSL will still provide the methods for applications to
+                   explicitly select the individual protocol versions.
+
+  no-<prot>-method
+                   As for no-<prot> but in addition do not build the methods for
+                   applications to explicitly select individual protocol
+                   versions.
+
+  enable-<alg>
+                   Build with support for the specified algorithm, where <alg>
+                   is one of: md2 or rc5.
+
+  no-<alg>
+                   Build without support for the specified algorithm, where
+                   <alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
+                   des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
+                   rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
+                   algorithm is deprecated and if used is synonymous with rmd160.
+
+  -Dxxx, lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
+                   These system specific options will be recocognised and
+                   passed through to the compiler to allow you to define
+                   preprocessor symbols, specify additional libraries, library
+                   directories or other compiler options. It might be worth
+                   noting that some compilers generate code specifically for
+                   processor the compiler currently executes on. This is not
+                   necessarily what you might have in mind, since it might be
+                   unsuitable for execution on other, typically older,
+                   processor. Consult your compiler documentation.
+
+  -xxx, +xxx
+                   Additional options that are not otherwise recognised are
+                   passed through as they are to the compiler as well.  Again,
+                   consult your compiler documentation.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+     NOTE: This is not available on Windows.
+
+       $ ./config [[ options ]]                         # Unix
+
+       or
+
+       $ @config [[ options ]]                          ! OpenVMS
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [[ options ]]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure                                    # Unix
+
+       or
+
+       $ perl Configure                                 # All other platforms
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [[ options ]]
+
+     If your system isn't listed, you will have to create a configuration
+     file named Configurations/{{ something }}.conf and add the correct
+     configuration for your system. See the available configs as examples
+     and read Configurations/README and Configurations/README.design for
+     more information.
+
+     The generic configurations "cc" or "gcc" should usually work on 32 bit
+     Unix-like systems.
+
+     Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
+     and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
+     and defines various macros in include/openssl/opensslconf.h (generated from
+     include/openssl/opensslconf.h.in).
+
+ 1c. Configure OpenSSL for building outside of the source tree.
+
+     OpenSSL can be configured to build in a build directory separate from
+     the directory with the source code.  It's done by placing yourself in
+     some other directory and invoking the configuration commands from
+     there.
+
+     Unix example:
+
+       $ mkdir /var/tmp/openssl-build
+       $ cd /var/tmp/openssl-build
+       $ /PATH/TO/OPENSSL/SOURCE/config [[ options ]]
+
+       or
+
+       $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]]
+
+     OpenVMS example:
+
+       $ set default sys$login:
+       $ create/dir [.tmp.openssl-build]
+       $ set default [.tmp.openssl-build]
+       $ @[PATH.TO.OPENSSL.SOURCE]config [[ options ]]
+
+       or
+
+       $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]]
+
+     Windows example:
+
+       $ C:
+       $ mkdir \temp-openssl
+       $ cd \temp-openssl
+       $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure {{ target }} [[ options ]]
+
+     Paths can be relative just as well as absolute.  Configure will
+     do its best to translate them to relative paths whenever possible.
+
+  2. Build OpenSSL by running:
+
+       $ make                                           # Unix
+       $ mms                                            ! (or mmk) OpenVMS
+       $ nmake                                          # Windows
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a on
+     Unix, corresponding on other platforms) and the OpenSSL binary
+     ("openssl"). The libraries will be built in the top-level directory,
+     and the binary will be in the "apps" subdirectory.
+
+     If the build fails, look at the output.  There may be reasons
+     for the failure that aren't problems in OpenSSL itself (like
+     missing standard headers).  If you are having problems you can
+     get help by sending an email to the openssl-users email list (see
+     https://www.openssl.org/community/mailinglists.html for details). If
+     it is a bug with OpenSSL itself, please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues. Please review the existing
+     ones first; maybe the bug was already reported or has already been
+     fixed.
+
+     (If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.)
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test                                      # Unix
+       $ mms test                                       ! OpenVMS
+       $ nmake test                                     # Windows
+
+     NOTE: you MUST run the tests from an unprivileged account (or
+     disable your privileges temporarily if your platform allows it).
+
+     If some tests fail, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a
+     malfunction with Perl).  You may want increased verbosity, that
+     can be accomplished like this:
+
+       $ make VERBOSE=1 test                            # Unix
+
+       $ mms /macro=(VERBOSE=1) test                    ! OpenVMS
+
+       $ nmake VERBOSE=1 test                           # Windows
+
+     If you want to run just one or a few specific tests, you can use
+     the make variable TESTS to specify them, like this:
+
+       $ make TESTS='test_rsa test_dsa' test            # Unix
+       $ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
+       $ nmake TESTS='test_rsa test_dsa' test           # Windows
+
+     And of course, you can combine (Unix example shown):
+       
+       $ make VERBOSE=1 TESTS='test_rsa test_dsa' test
+
+     You can find the list of available tests like this:
+
+       $ make list-tests                                # Unix
+       $ mms list-tests                                 ! OpenVMS
+       $ nmake list-tests                               # Windows
+
+     Have a look at the manual for the perl module Test::Harness to
+     see what other HARNESS_* variables there are.
+
+     If you find a problem with OpenSSL itself, try removing any
+     compiler optimization flags from the CFLAGS line in Makefile and
+     run "make clean; make" or corresponding.
+
+     To report a bug please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install                                   # Unix
+       $ mms install                                    ! OpenVMS
+       $ nmake install                                  # Windows
+
+     This will install all the software components in this directory
+     tree under PREFIX (the directory given with --prefix or its
+     default):
+
+       Unix:
+
+         bin/           Contains the openssl binary and a few other
+                        utility scripts.
+         include/openssl
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         lib            Contains the OpenSSL library files.
+         lib/engines    Contains the OpenSSL dynamically loadable engines.
+
+         share/man/man1 Contains the OpenSSL command line man-pages.
+         share/man/man3 Contains the OpenSSL library calls man-pages.
+         share/man/man5 Contains the OpenSSL configuration format man-pages.
+         share/man/man7 Contains the OpenSSL other misc man-pages.
+
+         share/doc/openssl/html/man1
+         share/doc/openssl/html/man3
+         share/doc/openssl/html/man5
+         share/doc/openssl/html/man7
+                        Contains the HTML rendition of the man-pages.
+
+       OpenVMS ('arch' is replaced with the architecture name, "Alpha"
+       or "ia64", 'sover' is replaced with the shared library version
+       (0101 for 1.1), and 'pz' is replaced with the pointer size
+       OpenSSL was built with):
+
+         [.EXE.'arch']  Contains the openssl binary.
+         [.EXE]         Contains a few utility scripts.
+         [.include.openssl]
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         [.LIB.'arch']  Contains the OpenSSL library files.
+         [.ENGINES'sover''pz'.'arch']
+                        Contains the OpenSSL dynamically loadable engines.
+         [.SYS$STARTUP] Contains startup, login and shutdown scripts.
+                        These define appropriate logical names and
+                        command symbols.
+         [.SYSTEST]     Contains the installation verification procedure.
+         [.HTML]        Contains the HTML rendition of the manual pages.
+                        
+
+     Additionally, install will add the following directories under
+     OPENSSLDIR (the directory given with --openssldir or its default)
+     for you convenience:
+
+         certs          Initially empty, this is the default location
+                        for certificate files.
+         private        Initially empty, this is the default location
+                        for private key files.
+         misc           Various scripts.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make DESTDIR=/tmp/package-root install         # Unix
+       $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
+
+     The specified destination directory will be prepended to all
+     installation target paths.
+
+  Compatibility issues with previous OpenSSL versions:
+
+  *  COMPILING existing applications
+
+     OpenSSL 1.1.0 hides a number of structures that were previously
+     open.  This includes all internal libssl structures and a number
+     of EVP types.  Accessor functions have been added to allow
+     controlled access to the structures' data.
+
+     This means that some software needs to be rewritten to adapt to
+     the new ways of doing things.  This often amounts to allocating
+     an instance of a structure explicitly where you could previously
+     allocate them on the stack as automatic variables, and using the
+     provided accessor functions where you would previously access a
+     structure's field directly.
+
+     Some APIs have changed as well.  However, older APIs have been
+     preserved when possible.
+
+ Environment Variables
+ ---------------------
+
+ A number of environment variables can be used to provide additional control
+ over the build process. Typically these should be defined prior to running
+ config or Configure. Not all environment variables are relevant to all
+ platforms.
+
+ AR
+                The name of the ar executable to use.
+
+ BUILDFILE
+                Use a different build file name than the platform default
+                ("Makefile" on Unixly platforms, "makefile" on native Windows,
+                "descrip.mms" on OpenVMS).  This requires that there is a
+                corresponding build file template.  See Configurations/README
+                for further information.
+
+ CC
+                The compiler to use. Configure will attempt to pick a default
+                compiler for your platform but this choice can be overridden
+                using this variable. Set it to the compiler executable you wish
+                to use, e.g. "gcc" or "clang".
+
+ CROSS_COMPILE
+                This environment variable has the same meaning as for the
+                "--cross-compile-prefix" Configure flag described above. If both
+                are set then the Configure flag takes precedence.
+
+ NM
+                The name of the nm executable to use.
+
+ OPENSSL_LOCAL_CONFIG_DIR
+                OpenSSL comes with a database of information about how it
+                should be built on different platforms as well as build file
+                templates for those platforms. The database is comprised of
+                ".conf" files in the Configurations directory.  The build
+                file templates reside there as well as ".tmpl" files. See the
+                file Configurations/README for further information about the
+                format of ".conf" files as well as information on the ".tmpl"
+                files.
+                In addition to the standard ".conf" and ".tmpl" files, it is
+                possible to create your own ".conf" and ".tmpl" files and store
+                them locally, outside the OpenSSL source tree. This environment
+                variable can be set to the directory where these files are held
+                and will have Configure to consider them in addition to the
+                standard ones.
+
+ PERL
+                The name of the Perl executable to use when building OpenSSL.
+
+ HASHBANGPERL
+                The command string for the Perl executable to insert in the
+                #! line of perl scripts that will be publically installed.
+                Default: /usr/bin/env perl
+                Note: the value of this variable is added to the same scripts
+                on all platforms, but it's only relevant on Unix-like platforms.
+
+ RC
+                The name of the rc executable to use. The default will be as
+                defined for the target platform in the ".conf" file. If not
+                defined then "windres" will be used. The WINDRES environment
+                variable is synonymous to this. If both are defined then RC
+                takes precedence.
+
+ RANLIB
+                The name of the ranlib executable to use.
+
+ WINDRES
+                See RC.
+
+ Makefile targets
+ ----------------
+
+ The Configure script generates a Makefile in a format relevant to the specific
+ platform. The Makefiles provide a number of targets that can be used. Not all
+ targets may be available on all platforms. Only the most common targets are
+ described here. Examine the Makefiles themselves for the full list.
+
+ all
+                The default target to build all the software components.
+
+ clean
+                Remove all build artefacts and return the directory to a "clean"
+                state.
+
+ depend
+                Rebuild the dependencies in the Makefiles. This is a legacy
+                option that no longer needs to be used in OpenSSL 1.1.0.
+
+ install
+                Install all OpenSSL components.
+
+ install_sw
+                Only install the OpenSSL software components.
+
+ install_docs
+                Only install the OpenSSL documentation components.
+
+ install_man_docs
+                Only install the OpenSSL man pages (Unix only).
+
+ install_html_docs
+                Only install the OpenSSL html documentation.
+
+ list-tests
+                Prints a list of all the self test names.
+
+ test
+                Build and run the OpenSSL self tests.
+
+ uninstall
+                Uninstall all OpenSSL components.
+
+ update
+                This is a developer option. If you are developing a patch for
+                OpenSSL you may need to use this if you want to update
+                automatically generated files; add new error codes or add new
+                (or change the visibility of) public API functions. (Unix only).
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+ OpenSSL provides built-in support for two threading models: pthreads (found on
+ most UNIX/Linux systems), and Windows threads. No other threading models are
+ supported. If your platform does not provide pthreads or Windows threads then
+ you should Configure with the "no-threads" option.
+
+ Notes on shared libraries
+ -------------------------
+
+ For most systems the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems
+ the shared libraries will be created by default. This can be suppressed and
+ only static libraries created by using the "no-shared" option. On systems
+ where OpenSSL does not know how to build shared libraries the "no-shared"
+ option will be forced and only static libraries will be created.
+
+ Shared libraries are named a little differently on different platforms.
+ One way or another, they all have the major OpenSSL version number as
+ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
+ the name.
+
+ On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ and libssl.so.1.1.
+
+ on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+ with import libraries libcrypto.dll.a and libssl.dll.a.
+
+ On Windows build with MSVC or using MingW, shared libraries are named
+ libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+ and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+ and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+ are named libcrypto.lib and libssl.lib, while with MingW, they are named
+ libcrypto.dll.a and libssl.dll.a.
+
+ On VMS, shareable images (VMS speak for shared libraries) are named
+ ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+ OpenSSL is specifically built for 32-bit pointers, the shareable images
+ are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+ instead, and when built for 64-bit pointers, they are named
+ ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain a random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
diff --git a/openssl-1.1.0h/LICENSE b/openssl-1.1.0h/LICENSE
new file mode 100644
index 0000000..e953f59
--- /dev/null
+++ b/openssl-1.1.0h/LICENSE
@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
diff --git a/openssl-1.1.0h/Makefile.shared b/openssl-1.1.0h/Makefile.shared
new file mode 100644
index 0000000..4f9550a
--- /dev/null
+++ b/openssl-1.1.0h/Makefile.shared
@@ -0,0 +1,521 @@
+#
+# Helper makefile to link shared libraries in a portable way.
+# This is much simpler than libtool, and hopefully not too error-prone.
+#
+# The following variables need to be set on the command line to build
+# properly
+
+# CC contains the current compiler.  This one MUST be defined
+CC=cc
+CFLAGS=$(CFLAG)
+# LDFLAGS contains flags to be used when temporary object files (when building
+# shared libraries) are created, or when an application is linked.
+# SHARED_LDFLAGS contains flags to be used when the shared library is created.
+LDFLAGS=$(LDFLAG)
+SHARED_LDFLAGS=$(SHARED_LDFLAG)
+
+RC=windres
+# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
+# or Mingw.
+SHARED_RCFLAGS=$(SHARED_RCFLAG)
+
+NM=nm
+
+# LIBNAME contains just the name of the library, without prefix ("lib"
+# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+# .dll, ...).  This one MUST have a value when using this makefile to
+# build shared libraries.
+# For example, to build libfoo.so, you need to do the following:
+#LIBNAME=foo
+LIBNAME=
+
+# STLIBNAME contains the path of the static library to build the shared
+# library from, for example:
+#STLIBNAME=libfoo.a
+STLIBNAME=
+
+# On most Unix platforms, SHLIBNAME contains the path of the short name of
+# the shared library to build, for example
+#SHLIBNAME=libfoo.so
+# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
+# library name for the shared library to be built, for example:
+#SHLIBNAME=libfoo.dll.a
+
+# SHLIBNAME_FULL contains the path of the full name of the shared library to
+# build, for example:
+#SHLIBNAME_FULL=libfoo.so.1.2
+# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
+# example:
+#SHLIBNAME_FULL=dir/dso.so
+SHLIBNAME_FULL=
+
+# SHLIBVERSION contains the current version of the shared library (not to
+# be confused with the project version)
+#SHLIBVERSION=1.2
+SHLIBVERSION=
+
+# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
+# SHLIBNAME_FULL MUST have values when using this makefile, and in some
+# cases, SHLIBVERSION as well.  To build DSOs, SHLIBNAME_FULL MUST have
+# a value, the rest can be left alone.
+
+
+# APPNAME contains just the name of the application, without suffix (""
+# on Unix, ".exe" on Windows, ...).  This one MUST have a value when using
+# this makefile to build applications.
+# For example, to build foo, you need to do the following:
+#APPNAME=foo
+APPNAME=
+
+# SRCDIR is the top directory of the source tree.
+SRCDIR=.
+
+# OBJECTS contains all the object files to link together into the application.
+# This must contain at least one object file.
+#OBJECTS=foo.o
+OBJECTS=
+
+# LIBEXTRAS contains extra modules to link together with the library.
+# For example, if a second library, say libbar.a needs to be linked into
+# libfoo.so, you need to do the following:
+#LIBEXTRAS=libbar.a
+# Note that this MUST be used when using the link_dso targets, to hold the
+# names of all object files that go into the target shared object.
+LIBEXTRAS=
+
+# LIBDEPS contains all the flags necessary to cover all necessary
+# dependencies to other libraries.
+LIBDEPS=
+
+#------------------------------------------------------------------------------
+# The rest is private to this makefile.
+
+SET_X=:
+#SET_X=set -x
+
+top:
+	echo "Trying to use this makefile interactively?  Don't."
+
+LINK_APP=	\
+  ( $(SET_X);   \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \
+    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+    echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+        $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \
+    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+
+LINK_SO=	\
+  ( $(SET_X);   \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+    echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+         $${SHAREDCMD} $${SHAREDFLAGS} \
+	     -o $(SHLIBNAME_FULL) \
+	     $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
+    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+    $${SHAREDCMD} $${SHAREDFLAGS} \
+	-o $(SHLIBNAME_FULL) \
+	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+  ) && $(SYMLINK_SO)
+
+SYMLINK_SO=	\
+	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
+		if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
+		     "$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
+			( $(SET_X); \
+			  rm -f $(SHLIBNAME); \
+			  ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
+		fi; \
+	fi
+
+LINK_SO_SHLIB=	SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_DSO=	INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
+
+LINK_SO_SHLIB_VIA_O=	\
+  SHOBJECTS=$(STLIBNAME).o; \
+  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
+  ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
+    ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
+  $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
+
+LINK_SO_SHLIB_UNPACKED=	\
+  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
+  (cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
+  ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
+  SHOBJECTS=$$UNPACKDIR/*.o; \
+  $(LINK_SO) && rm -rf $$UNPACKDIR
+
+DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+
+DO_GNU_SO_COMMON=\
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
+DO_GNU_DSO=\
+	$(DO_GNU_SO_COMMON)
+DO_GNU_SO=\
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	$(DO_GNU_SO_COMMON)
+DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
+
+#This is rather special.  It's a special target with which one can link
+#applications without bothering with any features that have anything to
+#do with shared libraries, for example when linking against static
+#libraries.  It's mostly here to avoid a lot of conditionals everywhere
+#else...
+link_app.:
+	$(LINK_APP)
+
+link_dso.gnu:
+	@ $(DO_GNU_DSO); $(LINK_SO_DSO)
+link_shlib.gnu:
+	@ $(DO_GNU_SO); $(LINK_SO_SHLIB)
+link_app.gnu:
+	@ $(DO_GNU_APP); $(LINK_APP)
+
+link_shlib.linux-shared:
+	@$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
+	$(DO_GNU_SO); \
+	ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \
+	$(LINK_SO_SHLIB)
+
+link_dso.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
+	LIBDEPS=" "; \
+	ALLSYMSFLAGS=; \
+	NOALLSYMSFLAGS=; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+	fi; $(LINK_SO_DSO)
+link_shlib.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
+	LIBDEPS=" "; \
+	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+	NOALLSYMSFLAGS=; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+	fi; $(LINK_SO_SHLIB)
+link_app.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; $(LINK_APP)
+
+# For Darwin AKA Mac OS/X (dyld)
+# Originally link_dso.darwin produced .so, because it was hard-coded
+# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
+# extension in order to allow for run-time linking with vendor-
+# supplied shared libraries such as libz, so that link_dso.darwin had
+# to be harmonized with it. This caused minor controversy, because
+# it was believed that dlopen can't be used to dynamically load
+# .dylib-s, only so called bundle modules (ones linked with -bundle
+# flag). The belief seems to be originating from pre-10.4 release,
+# where dlfcn functionality was emulated by dlcompat add-on. In
+# 10.4 dlopen was rewritten as native part of dyld and is documented
+# to be capable of loading both dynamic libraries and bundles. In
+# order to provide compatibility with pre-10.4 dlopen, modules are
+# linked with -bundle flag, which makes .dylib extension misleading.
+# It works, because dlopen is [and always was] extension-agnostic.
+# Alternative to this heuristic approach is to develop specific
+# MacOS X dso module relying on whichever "native" dyld interface.
+link_dso.darwin:
+	@ ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
+	$(LINK_SO_DSO)
+link_shlib.darwin:
+	@ ALLSYMSFLAGS='-all_load'; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
+	$(LINK_SO_SHLIB)
+link_app.darwin:	# is there run-path on darwin?
+	$(LINK_APP)
+
+link_dso.cygwin:
+	@ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	base=-Wl,--enable-auto-image-base; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
+	$(LINK_SO_DSO)
+link_shlib.cygwin:
+	@ INHIBIT_SYMLINKS=yes; \
+	echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
+		     "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
+	$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
+		$(RC) $(SHARED_RCFLAGS) -o rc.o; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
+	$(LINK_SO_SHLIB) || exit 1; \
+	rm rc.o
+link_app.cygwin:
+	$(LINK_APP)
+
+# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
+# corresponding cygwin targets, as they do the exact same thing.
+link_shlib.mingw:
+	@ INHIBIT_SYMLINKS=yes; \
+	base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
+	$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
+		| sed -e 's|^\(LIBRARY  *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
+		> $(LIBNAME).def; \
+	echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
+		"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
+	$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
+		$(RC) $(SHARED_RCFLAGS) -o rc.o; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
+	$(LINK_SO_SHLIB) || exit 1; \
+	rm $(LIBNAME).def rc.o
+
+link_dso.alpha-osf1:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.alpha-osf1:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		ALLSYMSFLAGS='-all'; \
+		NOALLSYMSFLAGS='-none'; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.alpha-osf1:
+	@if $(DETECT_GNU_LD); then \
+		$(DO_GNU_APP); \
+	else \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; \
+	$(LINK_APP)
+
+link_dso.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		ALLSYMSFLAGS=""; \
+		NOALLSYMSFLAGS=""; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
+		ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
+		NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_APP); \
+	else \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; \
+	$(LINK_APP)
+
+# OpenServer 5 native compilers used
+link_dso.svr3:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.svr3:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
+	fi; \
+	$(LINK_SO_SHLIB_UNPACKED)
+link_app.svr3:
+	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
+	$(LINK_APP)
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+link_dso.svr5:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		SHARE_FLAG='-G'; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.svr5:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		SHARE_FLAG='-G'; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
+	fi; \
+	$(LINK_SO_SHLIB_UNPACKED)
+link_app.svr5:
+	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
+	$(LINK_APP)
+
+link_dso.irix:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		ALLSYMSFLAGS=""; \
+		NOALLSYMSFLAGS=""; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.irix:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		MINUSWL=""; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+		ALLSYMSFLAGS="$${MINUSWL}-all"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.irix:
+	@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	$(LINK_APP)
+
+# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# rules imply that we can only link one level down in catalog structure,
+# but that's what takes place for the moment of this writing. +cdp option
+# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# editor context only [it's simply ignored in other cases, which are all
+# ELFs by the way].
+#
+link_dso.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
+	fi; \
+	rm -f $(SHLIBNAME_FULL) || :; \
+	$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
+link_shlib.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
+	ALLSYMSFLAGS='-Wl,-Fl'; \
+	NOALLSYMSFLAGS=''; \
+	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
+	fi; \
+	rm -f $(SHLIBNAME_FULL) || :; \
+	$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
+link_app.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
+	fi; \
+	$(LINK_APP)
+
+link_dso.aix:
+	@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
+	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
+	$(LINK_SO_DSO);
+link_shlib.aix:
+	@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
+	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+	ALLSYMSFLAGS='-bnogc'; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
+	$(LINK_SO_SHLIB_VIA_O)
+link_app.aix:
+	LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
+	$(LINK_APP)
+
+
+# Targets to build symbolic links when needed
+symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
+symlink.aix:
+	@ $(SYMLINK_SO)
+symlink.darwin:
+	@ $(SYMLINK_SO)
+symlink.hpux:
+	@ $(SYMLINK_SO)
+# The following lines means those specific architectures do no symlinks
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+
+# Compatibility targets
+link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
+link_shlib.bsd-gcc-shared: link_shlib.linux-shared
+link_shlib.gnu-shared: link_shlib.gnu
+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+link_dso.bsd-shared: link_dso.bsd
+link_shlib.bsd-shared: link_shlib.bsd
+link_app.bsd-shared: link_app.bsd
+link_dso.darwin-shared: link_dso.darwin
+link_shlib.darwin-shared: link_shlib.darwin
+link_app.darwin-shared: link_app.darwin
+symlink.darwin-shared: symlink.darwin
+link_dso.cygwin-shared: link_dso.cygwin
+link_shlib.cygwin-shared: link_shlib.cygwin
+link_app.cygwin-shared: link_app.cygwin
+symlink.cygwin-shared: symlink.cygwin
+link_dso.mingw-shared: link_dso.cygwin
+link_shlib.mingw-shared: link_shlib.mingw
+link_app.mingw-shared: link_app.cygwin
+symlink.mingw-shared: symlink.cygwin
+link_dso.alpha-osf1-shared: link_dso.alpha-osf1
+link_shlib.alpha-osf1-shared: link_shlib.alpha-osf1
+link_app.alpha-osf1-shared: link_app.alpha-osf1
+symlink.alpha-osf1-shared: symlink.alpha-osf1
+link_dso.tru64-shared: link_dso.tru64
+link_shlib.tru64-shared: link_shlib.tru64
+link_app.tru64-shared: link_app.tru64
+symlink.tru64-shared: symlink.tru64
+link_dso.tru64-shared-rpath: link_dso.tru64-rpath
+link_shlib.tru64-shared-rpath: link_shlib.tru64-rpath
+link_app.tru64-shared-rpath: link_app.tru64-rpath
+symlink.tru64-shared-rpath: symlink.tru64-rpath
+link_dso.solaris-shared: link_dso.solaris
+link_shlib.solaris-shared: link_shlib.solaris
+link_app.solaris-shared: link_app.solaris
+symlink.solaris-shared: symlink.solaris
+link_dso.svr3-shared: link_dso.svr3
+link_shlib.svr3-shared: link_shlib.svr3
+link_app.svr3-shared: link_app.svr3
+symlink.svr3-shared: symlink.svr3
+link_dso.svr5-shared: link_dso.svr5
+link_shlib.svr5-shared: link_shlib.svr5
+link_app.svr5-shared: link_app.svr5
+symlink.svr5-shared: symlink.svr5
+link_dso.irix-shared: link_dso.irix
+link_shlib.irix-shared: link_shlib.irix
+link_app.irix-shared: link_app.irix
+symlink.irix-shared: symlink.irix
+link_dso.hpux-shared: link_dso.hpux
+link_shlib.hpux-shared: link_shlib.hpux
+link_app.hpux-shared: link_app.hpux
+symlink.hpux-shared: symlink.hpux
+link_dso.aix-shared: link_dso.aix
+link_shlib.aix-shared: link_shlib.aix
+link_app.aix-shared: link_app.aix
+symlink.aix-shared: symlink.aix
diff --git a/openssl-1.1.0h/NEWS b/openssl-1.1.0h/NEWS
new file mode 100644
index 0000000..8744fe6
--- /dev/null
+++ b/openssl-1.1.0h/NEWS
@@ -0,0 +1,868 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
+
+      o Constructed ASN.1 types with a recursive definition could exceed the
+        stack (CVE-2018-0739)
+      o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+      o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
+  Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+
+      o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+      o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
+  Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
+
+      o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+  Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+
+      o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
+  Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
+
+      o Truncated packet could crash via OOB read (CVE-2017-3731)
+      o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+
+  Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+      o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+      o CMS Null dereference (CVE-2016-7053)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+  Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
+  Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SSL_peek() hang on empty record (CVE-2016-6305)
+      o Excessive allocation of memory in tls_get_message_header()
+       (CVE-2016-6307)
+      o Excessive allocation of memory in dtls1_preprocess_fragment()
+       (CVE-2016-6308)
+
+  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
+
+      o Copyright text was shrunk to a boilerplate that points to the license
+      o "shared" builds are now the default when possible
+      o Added support for "pipelining"
+      o Added the AFALG engine
+      o New threading API implemented
+      o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
+      o Support for extended master secret
+      o CCM ciphersuites
+      o Reworked test suite, now based on perl, Test::Harness and Test::More
+      o *Most* libcrypto and libssl public structures were made opaque,
+        including:
+        BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
+        DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
+        BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
+        EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
+        X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
+        X509_LOOKUP, X509_LOOKUP_METHOD
+      o libssl internal structures made opaque
+      o SSLv2 support removed
+      o Kerberos ciphersuite support removed
+      o RC4 removed from DEFAULT ciphersuites in libssl
+      o 40 and 56 bit cipher support removed from libssl
+      o All public header files moved to include/openssl, no more symlinking
+      o SSL/TLS state machine, version negotiation and record layer rewritten
+      o EC revision: now operations use new EC_KEY_METHOD.
+      o Support for OCB mode added to libcrypto
+      o Support for asynchronous crypto operations added to libcrypto and libssl
+      o Deprecated interfaces can now be disabled at build time either
+        relative to the latest release via the "no-deprecated" Configure
+        argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+      o Application software can be compiled with -DOPENSSL_API_COMPAT=version
+        to ensure that features deprecated in that version are not exposed.
+      o Support for RFC6698/RFC7671 DANE TLSA peer authentication
+      o Change of Configure to use --prefix as the main installation
+        directory location rather than --openssldir.  The latter becomes
+        the directory for certs, private key and openssl.cnf exclusively.
+      o Reworked BIO networking library, with full support for IPv6.
+      o New "unified" build system
+      o New security levels
+      o Support for scrypt algorithm
+      o Support for X25519
+      o Extended SSL_CONF support using configuration files
+      o KDF algorithm support. Implement TLS PRF as a KDF.
+      o Support for Certificate Transparency
+      o HKDF support.
+
+  Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+
+      o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+      o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+      o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+      o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+      o EBCDIC overread (CVE-2016-2176)
+      o Modify behavior of ALPN to invoke callback after SNI/servername
+        callback, such that updates to the SSL_CTX affect ALPN.
+      o Remove LOW from the DEFAULT cipher list.  This removes singles DES from
+        the default.
+      o Only remove the SSLv2 methods with the no-ssl2-method option.
+
+  Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+
+      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+      o Disable SSLv2 default build, default negotiation and weak ciphers
+        (CVE-2016-0800)
+      o Fix a double-free in DSA code (CVE-2016-0705)
+      o Disable SRP fake user seed to address a server memory leak
+        (CVE-2016-0798)
+      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+        (CVE-2016-0797)
+      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+  Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+      o DH small subgroups (CVE-2016-0701)
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
+  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+      o In DSA_generate_parameters_ex, if the provided seed is too short,
+        return an error
+
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
+
+  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+  Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+
+      o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+      o Multiblock corrupted pointer fix (CVE-2015-0290)
+      o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Empty CKE with client auth and DHE fix (CVE-2015-1787)
+      o Handshake with unseeded PRNG fix (CVE-2015-0285)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
+
+  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
+
+      o Suite B support for TLS 1.2 and DTLS 1.2
+      o Support for DTLS 1.2
+      o TLS automatic EC curve selection.
+      o API to set TLS supported signature algorithms and curves
+      o SSL_CONF configuration API.
+      o TLS Brainpool support.
+      o ALPN support.
+      o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
+
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
+  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
+  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+      o Fix for CVE-2014-3512
+      o Fix for CVE-2014-3511
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3509
+      o Fix for CVE-2014-5139
+      o Fix for CVE-2014-3508
+
+  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0198
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2010-5298
+
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
+  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+      o Don't include gmt_unix_time in TLS server and client random values
+      o Fix for TLS record tampering bug CVE-2013-4353
+      o Fix for TLS version checking bug CVE-2013-6449
+      o Fix for DTLS retransmission bug CVE-2013-6450
+
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+
+      o Fix compilation error on non-x86 platforms.
+      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+      o Workarounds for some servers that hang on long client hellos.
+      o Fix SEGV in AES code.
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+
+      o TLS/DTLS heartbeat support.
+      o SCTP support.
+      o RFC 5705 TLS key material exporter.
+      o RFC 5764 DTLS-SRTP negotiation.
+      o Next Protocol Negotiation.
+      o PSS signatures in certificates, requests and CRLs.
+      o Support for password based recipient info for CMS.
+      o Support TLS v1.2 and TLS v1.1.
+      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+      o SRP support.
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+      o Fix mishandling of absent EC point format extension.
+      o Fix various platform compilation issues.
+      o Corrected fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+      o Fix for CVE-2010-2939
+      o Fix WIN32 build system for GOST ENGINE.
+
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-1633.
+      o GOST MAC and CFB fixes.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
+
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFC4134
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
+
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+      o CFB cipher definition fixes.
+      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+      o Cipher definition fixes.
+      o Workaround for slow RAND_poll() on some WIN32 versions.
+      o Remove MD2 from algorithm tables.
+      o SPKAC handling fixes.
+      o Support for RFC5746 TLS renegotiation extension.
+      o Compression memory leak fixed.
+      o Compression session resumption fixed.
+      o Ticket and SNI coexistence fixes.
+      o Many fixes to DTLS handling. 
+
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+      o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+      o Fix various build issues.
+      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+      o Fix security issue (CVE-2008-5077)
+      o Merge FIPS 140-2 branch code.
+
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+      o CryptoAPI ENGINE support.
+      o Various precautionary measures.
+      o Fix for bugs affecting certificate request creation.
+      o Support for local machine keyset attribute in PKCS#12 files.
+
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+      o Backport of CMS functionality to 0.9.8.
+      o Fixes for bugs introduced with 0.9.8f.
+
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+      o Add gcc 4.2 support.
+      o Add support for AES and SSE2 assembly language optimization
+        for VC++ build.
+      o Support for RFC4507bis and server name extensions if explicitly 
+        selected at compile time.
+      o DTLS improvements.
+      o RFC4507bis support.
+      o TLS Extensions support.
+
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+      o Various ciphersuite selection fixes.
+      o RFC3779 support.
+
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
+      o Extended Windows CE support
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Rework of the passing of parameters from one Makefile to another.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+        This library is unfortunately unfinished and unused within
+        OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parametrisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitly enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.
+      o New BIGNUM blinding.
+      o Added support for the RSA-PSS encryption scheme
+      o Added support for the RSA X.931 padding.
+      o Added support for BSD sockets on NetWare.
+      o Added support for files larger than 2GB.
+      o Added initial support for Win64.
+      o Added alternate pkg-config files.
+
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+      o FIPS 1.1.1 module linking.
+      o Various ciphersuite selection fixes.
+
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+      o More compilation issues fixed.
+      o Adaptation to more modern Kerberos API.
+      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+      o Enhanced x86_64 assembler BIGNUM module.
+      o More constification.
+      o Added processing of proxy certificates (RFC 3820).
+
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+      o Several compilation issues fixed.
+      o Many memory allocation failure checks added.
+      o Improved comparison of X509 Name type.
+      o Mandatory basic checks on certificates.
+      o Performance improvements.
+
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+      o Fix race condition in CRL checking code.
+      o Fixes to PKCS#7 (S/MIME) code.
+
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X509 verification fixes
+      o Speed up HMAC and other operations
+
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o New -ignore_err option to OCSP utility.
+      o Various interop and bug fixes in S/MIME code.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Configuration: Irix fixes, AIX fixes, better mingw support.
+      o Support for new platforms: linux-ia64-ecc.
+      o Build: shared library support fixes.
+      o ASN.1: treat domainComponent correctly.
+      o Documentation: fixes and additions.
+
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+      o Security: Important security related bugfixes.
+      o Enhanced compatibility with MIT Kerberos.
+      o Can be built without the ENGINE framework.
+      o IA32 assembler enhancements.
+      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+      o Configuration: the no-err option now works properly.
+      o SSL/TLS: now handles manual certificate chain building.
+      o SSL/TLS: certain session ID malfunctions corrected.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64, Linux 64-bit on Sparc v9
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+      o Important security related bugfixes.
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+
diff --git a/openssl-1.1.0h/NOTES.DJGPP b/openssl-1.1.0h/NOTES.DJGPP
new file mode 100644
index 0000000..bbe63dc
--- /dev/null
+++ b/openssl-1.1.0h/NOTES.DJGPP
@@ -0,0 +1,48 @@
+
+ 
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ environment for 16-bit DOS, but only with long filename support.
+ If you wish to compile on native DOS with 8+3 filenames, you will
+ have to tweak the installation yourself, including renaming files
+ with illegal or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and the PERL module Text::Template also be
+ installed (see NOTES.PERL).
+
+ All of these can be obtained from the usual DJGPP mirror sites or
+ directly at "http://www.delorie.com/pub/djgpp". For help on which
+ files to download, see the DJGPP "ZIP PICKER" page at
+ "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ OpenSSL. This can be obtained from "http://www.watt-32.net/".
+ The Makefile assumes that the WATT-32 code is in the directory
+ specified by the environment variable WATT_ROOT. If you have watt-32
+ in directory "watt32" under your main DJGPP directory, specify
+ WATT_ROOT="/dev/env/DJDIR/watt32".
+
+ To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ running "./Configure" with appropriate arguments:
+
+	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ 
+ And finally fire up "make". You may run out of DPMI selectors when
+ running in a DOS box under Windows. If so, just close the BASH
+ shell, go back to Windows, and restart BASH. Then run "make" again.
+
+ RUN-TIME CAVEAT LECTOR
+ --------------
+
+ Quoting FAQ:
+
+  "Cryptographic software needs a source of unpredictable data to work
+   correctly.  Many open source operating systems provide a "randomness
+   device" (/dev/urandom or /dev/random) that serves this purpose."
+
+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
+ obtained from "http://www.rahul.net/dkaufman/index.html".
diff --git a/openssl-1.1.0h/NOTES.PERL b/openssl-1.1.0h/NOTES.PERL
new file mode 100644
index 0000000..46d585a
--- /dev/null
+++ b/openssl-1.1.0h/NOTES.PERL
@@ -0,0 +1,119 @@
+ TOC
+ ===
+
+ - Notes on Perl
+ - Notes on Perl on Windows
+ - Notes on Perl modules we use
+ - Notes on installing a perl module
+
+ Notes on Perl
+ -------------
+
+ For our scripts, we rely quite a bit on Perl, and increasingly on
+ some core Perl modules.  These Perl modules are part of the Perl
+ source, so if you build Perl on your own, you should be set.
+
+ However, if you install Perl as binary packages, the outcome might
+ differ, and you may have to check that you do get the core modules
+ installed properly.  We do not claim to know them all, but experience
+ has told us the following:
+
+ - on Linux distributions based on Debian, the package 'perl' will
+   install the core Perl modules as well, so you will be fine.
+ - on Linux distributions based on RPMs, you will need to install
+   'perl-core' rather than just 'perl'.
+
+ You MUST have at least Perl version 5.10.0 installed.  This minimum
+ requirement is due to our use of regexp backslash sequence \R among
+ other features that didn't exist in core Perl before that version.
+
+ Notes on Perl on Windows
+ ------------------------
+
+ There are a number of build targets that can be viewed as "Windows".
+ Indeed, there are VC-* configs targeting VisualStudio C, as well as
+ MinGW and Cygwin. The key recommendation is to use "matching" Perl,
+ one that matches build environment. For example, if you will build
+ on Cygwin be sure to use the Cygwin package manager to install Perl.
+ For MSYS builds use the MSYS provided Perl. For VC-* builds we
+ recommend ActiveState Perl, available from
+ http://www.activestate.com/ActivePerl.
+
+ Notes on Perl on VMS
+ --------------------
+
+ You will need to install Perl separately.  One way to do so is to
+ download the source from http://perl.org/, unpacking it, reading
+ README.vms and follow the instructions.  Another way is to download a
+ .PCSI file from http://www.vmsperl.com/ and install it using the
+ POLYCENTER install tool.
+
+ Notes on Perl modules we use
+ ----------------------------
+
+ We make increasing use of Perl modules, and do our best to limit
+ ourselves to core Perl modules to keep the requirements down.  There
+ are just a few exceptions:
+
+ Test::More         We require the minimum version to be 0.96, which
+                    appeared in Perl 5.13.4, because that version was
+                    the first to have all the features we're using.
+                    This module is required for testing only!  If you
+                    don't plan on running the tests, you don't need to
+                    bother with this one.
+
+ Text::Template     This module is not part of the core Perl modules.
+                    As a matter of fact, the core Perl modules do not
+                    include any templating module to date.
+                    This module is absolutely needed, configuration
+                    depends on it.
+
+ To avoid unnecessary initial hurdles, we have bundled a copy of the
+ following modules in our source.  They will work as fallbacks if
+ these modules aren't already installed on the system.
+
+    Text::Template
+
+ Notes on installing a perl module
+ ---------------------------------
+
+ There are a number of ways to install a perl module.  In all
+ descriptions below, Text::Template will server as an example.
+
+ 1. for Linux users, the easiest is to install with the use of your
+    favorite package manager.  Usually, all you need to do is search
+    for the module name and to install the package that comes up.
+
+    On Debian based Linux distributions, it would go like this:
+
+        $ apt-cache search Text::Template
+        ...
+        libtext-template-perl - perl module to process text templates
+        $ sudo apt-get install libtext-template-perl
+
+    Perl modules in Debian based distributions use package names like
+    the name of the module in question, with "lib" prepended and
+    "-perl" appended.
+
+ 2. Install using CPAN.  This is very easy, but usually requires root
+    access:
+
+        $ cpan -i Text::Template
+
+    Note that this runs all the tests that the module to be installed
+    comes with.  This is usually a smooth operation, but there are
+    platforms where a failure is indicated even though the actual tests
+    were successful.  Should that happen, you can force an
+    installation regardless (that should be safe since you've already
+    seen the tests succeed!):
+
+        $ cpan -f -i Text::Template
+
+    Note: on VMS, you must quote any argument that contains upper case
+    characters, so the lines above would be:
+
+        $ cpan -i "Text::Template"
+
+    and:
+
+        $ cpan -f -i "Text::Template"
diff --git a/openssl-1.1.0h/NOTES.UNIX b/openssl-1.1.0h/NOTES.UNIX
new file mode 100644
index 0000000..43146e9
--- /dev/null
+++ b/openssl-1.1.0h/NOTES.UNIX
@@ -0,0 +1,30 @@
+
+ NOTES FOR UNIX LIKE PLATFORMS
+ =============================
+
+ For Unix/POSIX runtime systems on Windows, please see NOTES.WIN.
+
+
+ Shared libraries and installation in non-standard locations
+ -----------------------------------------------------------
+
+ Binaries on Unix variants expect to find shared libraries in standard
+ locations, such as /usr/lib, /usr/local/lib and some other locations
+ configured in the system (for example /etc/ld.so.conf on some systems).
+ If the libraries are installed in non-standard locations, binaries
+ will not find them and therefore fail to run unless they get a bit of
+ help from a defined RPATH or RUNPATH.  This can be applied by adding
+ the appropriate linker flags to the configuration command, such as
+ this (/usr/local/ssl was the default location for OpenSSL installation
+ in versions before 1.1.0):
+
+    $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
+        -Wl,-rpath,/usr/local/ssl/lib
+
+ Because the actual library location may vary further (for example on
+ multilib installations), there is a convenience variable in Makefile
+ that holds the exact installation directory and that can be used like
+ this:
+
+    $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
+        -Wl,-rpath,'$(LIBRPATH)'
diff --git a/openssl-1.1.0h/NOTES.VMS b/openssl-1.1.0h/NOTES.VMS
new file mode 100644
index 0000000..3e9a57e
--- /dev/null
+++ b/openssl-1.1.0h/NOTES.VMS
@@ -0,0 +1,81 @@
+
+ NOTES FOR THE OPENVMS PLATFORM
+ ==============================
+
+ Requirement details
+ -------------------
+
+ In addition to the requirements and instructions listed in INSTALL,
+ this are required as well:
+
+  * At least ODS-5 disk organization for source and build.
+    Installation can be done on any existing disk organization.
+
+
+ About ANSI C compiler
+ ---------------------
+
+ An ANSI C compiled is needed among other things.  This means that
+ VAX C is not and will not be supported.
+
+ We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require
+ version 7.1 or later.  Compiling with a different ANSI C compiler may
+ require some work.
+
+ Please avoid using C RTL feature logical names DECC$* when building
+ and testing OpenSSL.  Most of all, they can be disruptive when
+ running the tests, as they affect the Perl interpreter.
+
+
+ About ODS-5 directory names and Perl
+ ------------------------------------
+
+ It seems that the perl function canonpath() in the File::Spec module
+ doesn't treat file specifications where the last directory name
+ contains periods very well.  Unfortunately, some versions of VMS tar
+ will keep the periods in the OpenSSL source directory instead of
+ converting them to underscore, thereby leaving your source in
+ something like [.openssl-1^.1^.0].  This will lead to issues when
+ configuring and building OpenSSL.
+
+ We have no replacement for Perl's canonpath(), so the best workaround
+ for now is to rename the OpenSSL source directory, as follows (please
+ adjust for the actual source directory name you have):
+
+    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR 
+
+
+ About MMS and DCL
+ -----------------
+
+ MMS has certain limitations when it comes to line length, and DCL has
+ certain limitations when it comes to total command length.  We do
+ what we can to mitigate, but there is the possibility that it's not
+ enough.  Should you run into issues, a very simple solution is to set
+ yourself up a few logical names for the directory trees you're going
+ to use.
+
+
+ Checking the distribution
+ -------------------------
+
+ There have been reports of places where the distribution didn't quite
+ get through, for example if you've copied the tree from a NFS-mounted
+ Unix mount point.
+
+ The easiest way to check if everything got through as it should is to
+ check for one of the following files:
+
+   [.crypto]opensslconf^.h.in
+
+ The best way to get a correct distribution is to download the gzipped
+ tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
+ it and VMSTAR to unpack the resulting tar file.
+
+ Gzip and VMSTAR are available here:
+
+   http://antinode.info/dec/index.html#Software
+
+ Should you need it, you can find UnZip for VMS here:
+
+   http://www.info-zip.org/UnZip.html
diff --git a/openssl-1.1.0h/NOTES.WIN b/openssl-1.1.0h/NOTES.WIN
new file mode 100644
index 0000000..c31aed9
--- /dev/null
+++ b/openssl-1.1.0h/NOTES.WIN
@@ -0,0 +1,139 @@
+
+ NOTES FOR THE WINDOWS PLATFORMS
+ ===============================
+
+ Requirement details for native (Visual C++) builds
+ --------------------------------------------------
+
+ In addition to the requirements and instructions listed in INSTALL,
+ this are required as well:
+
+ - You need Perl.  We recommend ActiveState Perl, available from
+   https://www.activestate.com/ActivePerl. Another viable alternative
+   appears to be Strawberry Perl, http://strawberryperl.com.
+   You also need the perl module Text::Template, available on CPAN.
+   Please read NOTES.PERL for more information.
+
+ - You need a C compiler.  OpenSSL has been tested to build with these:
+
+   * Visual C++
+
+ - Netwide Assembler, a.k.a. NASM, available from http://www.nasm.us,
+   is required if you intend to utilize assembler modules. Note that NASM
+   is the only supported assembler. The Microsoft provided assembler is NOT
+   supported.
+
+
+ Visual C++ (native Windows)
+ ---------------------------
+
+ Installation directories
+
+ The default installation directories are derived from environment
+ variables.
+
+ For VC-WIN32, the following defaults are use:
+
+     PREFIX:      %ProgramFiles(86)%\OpenSSL
+     OPENSSLDIR:  %CommonProgramFiles(86)%\SSL
+
+ For VC-WIN64, the following defaults are use:
+
+     PREFIX:      %ProgramW6432%\OpenSSL
+     OPENSSLDIR:  %CommonProgramW6432%\SSL
+
+ Should those environment variables not exist (on a pure Win32
+ installation for examples), these fallbacks are used:
+
+     PREFIX:      %ProgramFiles%\OpenSSL
+     OPENSSLDIR:  %CommonProgramFiles%\SSL
+
+ ALSO NOTE that those directories are usually write protected, even if
+ your account is in the Administrators group.  To work around that,
+ start the command prompt by right-clicking on it and choosing "Run as
+ Administrator" before running 'nmake install'.  The other solution
+ is, of course, to choose a different set of directories by using
+ --prefix and --openssldir when configuring.
+
+ GNU C (Cygwin)
+ --------------
+
+ Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
+ Windows subsystem and provides a bash shell and GNU tools environment.
+ Consequently, a make of OpenSSL with Cygwin is virtually identical to the
+ Unix procedure.
+
+ To build OpenSSL using Cygwin, you need to:
+
+ * Install Cygwin (see https://cygwin.com/)
+
+ * Install Cygwin Perl and ensure it is in the path. Recall that
+   as least 5.10.0 is required.
+
+ * Run the Cygwin bash shell
+
+ Apart from that, follow the Unix instructions in INSTALL.
+
+ NOTE: "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ It is also possible to create "conventional" Windows binaries that use
+ the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using MinGW
+ development add-on for Cygwin. MinGW is supported even as a standalone
+ setup as described in the following section. In the context you should
+ recognize that binaries targeting Cygwin itself are not interchangeable
+ with "conventional" Windows binaries you generate with/for MinGW.
+
+
+ GNU C (MinGW/MSYS)
+ ------------------
+
+ * Compiler and shell environment installation:
+
+   MinGW and MSYS are available from http://www.mingw.org/, both are
+   required. Run the installers and do whatever magic they say it takes
+   to start MSYS bash shell with GNU tools and matching Perl on its PATH.
+   "Matching Perl" refers to chosen "shell environment", i.e. if built
+   under MSYS, then Perl compiled for MSYS must be used.
+
+   Alternatively, one can use MSYS2 from https://msys2.github.io/,
+   which includes MingW (32-bit and 64-bit).
+
+ * It is also possible to cross-compile it on Linux by configuring
+   with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
+   Other possible cross compile prefixes include x86_64-w64-mingw32-
+   and i686-w64-mingw32-.
+
+
+ Linking your application
+ ------------------------
+
+ This section applies to non-Cygwin builds.
+
+ If you link with static OpenSSL libraries then you're expected to
+ additionally link your application with WS2_32.LIB, GDI32.LIB,
+ ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
+ non-interactive service applications might feel concerned about
+ linking with GDI32.LIB and USER32.LIB, as they are justly associated
+ with interactive desktop, which is not available to service
+ processes. The toolkit is designed to detect in which context it's
+ currently executed, GUI, console app or service, and act accordingly,
+ namely whether or not to actually make GUI calls. Additionally those
+ who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
+ actually keep them off service process should consider implementing
+ and exporting from .exe image in question own _OPENSSL_isservice not
+ relying on USER32.DLL. E.g., on Windows Vista and later you could:
+
+	__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
+	{   DWORD sess;
+	    if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
+	        return sess==0;
+	    return FALSE;
+	}
+
+ If you link with OpenSSL .DLLs, then you're expected to include into
+ your application code small "shim" snippet, which provides glue between
+ OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink
+ manual page for further details.
diff --git a/openssl-1.1.0h/README b/openssl-1.1.0h/README
new file mode 100644
index 0000000..3491280
--- /dev/null
+++ b/openssl-1.1.0h/README
@@ -0,0 +1,94 @@
+
+ OpenSSL 1.1.0h 27 Mar 2018
+
+ Copyright (c) 1998-2016 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl (with platform specific naming):
+     Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto (with platform specific naming):
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     not logically part of it.
+
+ openssl:
+     A command line tool that can be used for:
+        Creation of key parameters
+        Creation of X.509 certificates, CSRs and CRLs
+        Calculation of message digests
+        Encryption and decryption
+        SSL/TLS client and server tests
+        Handling of S/MIME signed or encrypted mail
+        And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+        INSTALL         Linux, Unix, Windows, OpenVMS, ...
+        NOTES.*         INSTALL addendums for different platforms
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the latest version from the repository
+      to see if the problem has already been addressed
+    - Configure with no-asm
+    - Remove compiler optimisation flags
+
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
+
+    - OpenSSL version: output of 'openssl version -a'
+    - Any "Configure" options that you selected during compilation of the
+      library if applicable (see INSTALL)
+    - OS Name, Version, Hardware platform
+    - Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
diff --git a/openssl-1.1.0h/README.ECC b/openssl-1.1.0h/README.ECC
new file mode 100644
index 0000000..fa3cad7
--- /dev/null
+++ b/openssl-1.1.0h/README.ECC
@@ -0,0 +1,61 @@
+NOTE: The OpenSSL Software Foundation has executed a sublicense agreement
+entitled "Elliptic Curve Cryptography Patent License Agreement" with the
+National Security Agency/ Central Security Service Commercial Solutions
+Center (NCSC) dated 2010-11-04. That agreement permits implementation and
+distribution of software containing features covered by any or all of the
+following patents:
+
+1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol 
+    with Implicit Signatures" issued on June 2, 1998;
+2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport 
+    Protocol with Implicit Signature and Reduced Bandwidth" filed on May 
+    16, 1996;
+3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol 
+    with Implicit Signatures" issued on March 30, 1999;
+4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol 
+    with Implicit Signatures" issued on April 20, 1999;
+5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" 
+    issued on August 3, 1999;
+6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key 
+    Protocol" filed on May 17, 1996;
+7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key 
+    Protocol" filed on May 17, 1996;
+8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" 
+    issued on December 7, 1999;
+9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a 
+    Smartcard" filed on April 14, 1997;
+10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a 
+     Smartcard" filed on April 15, 1997;
+11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol 
+     with Implicit Signatures" issued on September 19, 2000;
+12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport 
+     Protocol with Implicit Signatures" filed on April 16, 1996;
+13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and 
+     Transport Protocol with Implicit Signatures" filed on April 16, 1996;
+14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" 
+     issued on October 31, 2000;
+15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption 
+     Systems" filed on July 31, 1995;
+16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption 
+     Systems" filed on July 31, 1995;
+17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued 
+     on January 1, 2002;
+18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" 
+     issued on November 26, 2002;
+19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport 
+     Protocol" filed on April 16, 1996;
+20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and 
+     Transport Protocol" filed on April 21, 1996;
+21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" 
+     issued on May 13, 2003;
+22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" 
+     issued September 9, 2003;
+23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a 
+     Smartcard" filed on November 5, 1999;
+24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and 
+     Transport Protocol with Implicit Signatures" filed on April 25, 2000;
+25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a 
+     Smartcard" filed on August 29, 2001 and published on July 18, 2002; and,
+26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key 
+     Protocol" filed on July 1, 2000.
+
diff --git a/openssl-1.1.0h/README.ENGINE b/openssl-1.1.0h/README.ENGINE
new file mode 100644
index 0000000..530a4ed
--- /dev/null
+++ b/openssl-1.1.0h/README.ENGINE
@@ -0,0 +1,288 @@
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component was added to support alternative
+  cryptography implementations, most commonly for interfacing with external
+  crypto devices (eg. accelerator cards). This component is called ENGINE,
+  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+  caused a little confusion as 0.9.6** releases were rolled in two
+  versions, a "standard" and an "engine" version. In development for 0.9.7,
+  the ENGINE code has been merged into the main branch and will be present
+  in the standard releases from 0.9.7 forwards.
+
+  There are currently built-in ENGINE implementations for the following
+  crypto devices:
+
+      o Cryptodev
+      o Microsoft CryptoAPI
+      o VIA Padlock
+      o nCipher CHIL
+
+  In addition, dynamic binding to external ENGINE implementations is now
+  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+  section below for details.
+
+  At this stage, a number of things are still needed and are being worked on:
+
+      1 Integration of EVP support.
+      2 Configuration support.
+      3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+  the ENGINE model so that alternative implementations of existing
+  algorithms/modes (or previously unimplemented ones) can be provided by
+  ENGINE implementations.
+
+2 Configuration support currently exists in the ENGINE API itself, in the
+  form of "control commands". These allow an application to expose to the
+  user/admin the set of commands and parameter types a given ENGINE
+  implementation supports, and for an application to directly feed string
+  based input to those ENGINEs, in the form of name-value pairs. This is an
+  extensible way for ENGINEs to define their own "configuration" mechanisms
+  that are specific to a given ENGINE (eg. for a particular hardware
+  device) but that should be consistent across *all* OpenSSL-based
+  applications when they use that ENGINE. Work is in progress (or at least
+  in planning) for supporting these control commands from the CONF (or
+  NCONF) code so that applications using OpenSSL's existing configuration
+  file format can have ENGINE settings specified in much the same way.
+  Presently however, applications must use the ENGINE API itself to provide
+  such functionality. To see first hand the types of commands available
+  with the various compiled-in ENGINEs (see further down for dynamic
+  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+       openssl engine -vvvv
+
+3 Documentation? Volunteers welcome! The source code is reasonably well
+  self-documenting, but some summaries and usage instructions are needed -
+  moreover, they are needed in the same POD format the existing OpenSSL
+  documentation is provided in. Any complete or incomplete contributions
+  would help make this happen.
+
+  STABILITY & BUG-REPORTS
+  =======================
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time. For the most part,
+  the vendors of the devices these ENGINEs support have contributed to the
+  development and/or testing of the implementations, and *usually* (with no
+  guarantees) have experience in using the ENGINE support to drive their
+  devices from common OpenSSL-based applications. Bugs and/or inexplicable
+  behaviour in using a specific ENGINE implementation should be sent to the
+  author of that implementation (if it is mentioned in the corresponding C
+  file), and in the case of implementations for commercial hardware
+  devices, also through whatever vendor support channels are available.  If
+  none of this is possible, or the problem seems to be something about the
+  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+  implementation) then you should mail complete details to the relevant
+  OpenSSL mailing list. For a definition of "complete details", refer to
+  the OpenSSL "README" file. As for which list to send it to;
+
+     openssl-users: if you are *using* the ENGINE abstraction, either in an
+          pre-compiled application or in your own application code.
+
+     openssl-dev: if you are discussing problems with OpenSSL source code.
+
+  USAGE
+  =====
+
+  The default "openssl" ENGINE is always chosen when performing crypto
+  operations unless you specify otherwise. You must actively tell the
+  openssl utility commands to use anything else through a new command line
+  switch called "-engine". Also, if you want to use the ENGINE support in
+  your own code to do something similar, you must likewise explicitly
+  select the ENGINE implementation you want.
+
+  Depending on the type of hardware, system, and configuration, "settings"
+  may need to be applied to an ENGINE for it to function as expected/hoped.
+  The recommended way of doing this is for the application to support
+  ENGINE "control commands" so that each ENGINE implementation can provide
+  whatever configuration primitives it might require and the application
+  can allow the user/admin (and thus the hardware vendor's support desk
+  also) to provide any such input directly to the ENGINE implementation.
+  This way, applications do not need to know anything specific to any
+  device, they only need to provide the means to carry such user/admin
+  input through to the ENGINE in question. Ie. this connects *you* (and
+  your helpdesk) to the specific ENGINE implementation (and device), and
+  allows application authors to not get buried in hassle supporting
+  arbitrary devices they know (and care) nothing about.
+
+  A new "openssl" utility, "openssl engine", has been added in that allows
+  for testing and examination of ENGINE implementations. Basic usage
+  instructions are available by specifying the "-?" command line switch.
+
+  DYNAMIC ENGINES
+  ===============
+
+  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+  implementations that aren't pre-compiled and linked into OpenSSL-based
+  applications. This could be because existing compiled-in implementations
+  have known problems and you wish to use a newer version with an existing
+  application. It could equally be because the application (or OpenSSL
+  library) you are using simply doesn't have support for the ENGINE you
+  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+  you with a self-contained implementation in the form of a shared-library.
+  The other use-case for "dynamic" is with applications that wish to
+  maintain the smallest foot-print possible and so do not link in various
+  ENGINE implementations from OpenSSL, but instead leaves you to provide
+  them, if you want them, in the form of "dynamic"-loadable
+  shared-libraries. It should be possible for hardware vendors to provide
+  their own shared-libraries to support arbitrary hardware to work with
+  applications based on OpenSSL 0.9.7 or later. If you're using an
+  application based on 0.9.7 (or later) and the support you desire is only
+  announced for versions later than the one you need, ask the vendor to
+  backport their ENGINE to the version you need.
+
+  How does "dynamic" work?
+  ------------------------
+    The dynamic ENGINE has a special flag in its implementation such that
+    every time application code asks for the 'dynamic' ENGINE, it in fact
+    gets its own copy of it. As such, multi-threaded code (or code that
+    multiplexes multiple uses of 'dynamic' in a single application in any
+    way at all) does not get confused by 'dynamic' being used to do many
+    independent things. Other ENGINEs typically don't do this so there is
+    only ever 1 ENGINE structure of its type (and reference counts are used
+    to keep order). The dynamic ENGINE itself provides absolutely no
+    cryptographic functionality, and any attempt to "initialise" the ENGINE
+    automatically fails. All it does provide are a few "control commands"
+    that can be used to control how it will load an external ENGINE
+    implementation from a shared-library. To see these control commands,
+    use the command-line;
+
+       openssl engine -vvvv dynamic
+
+    The "SO_PATH" control command should be used to identify the
+    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+    might possibly be useful if there is a minor version conflict and you
+    (or a vendor helpdesk) is convinced you can safely ignore it.
+    "ID" is probably only needed if a shared-library implements
+    multiple ENGINEs, but if you know the engine id you expect to be using,
+    it doesn't hurt to specify it (and this provides a sanity check if
+    nothing else). "LIST_ADD" is only required if you actually wish the
+    loaded ENGINE to be discoverable by application code later on using the
+    ENGINE's "id". For most applications, this isn't necessary - but some
+    application authors may have nifty reasons for using it. The "LOAD"
+    command is the only one that takes no parameters and is the command
+    that uses the settings from any previous commands to actually *load*
+    the shared-library ENGINE implementation. If this command succeeds, the
+    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+    that has been loaded from the shared-library. As such, any control
+    commands supported by the loaded ENGINE could then be executed as per
+    normal. Eg. if ENGINE "foo" is implemented in the shared-library
+    "libfoo.so" and it supports some special control command "CMD_FOO", the
+    following code would load and use it (NB: obviously this code has no
+    error checking);
+
+       ENGINE *e = ENGINE_by_id("dynamic");
+       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+    For testing, the "openssl engine" utility can be useful for this sort
+    of thing. For example the above code excerpt would achieve much the
+    same result as;
+
+       openssl engine dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD \
+                 -pre "CMD_FOO:some input data"
+
+    Or to simply see the list of commands supported by the "foo" ENGINE;
+
+       openssl engine -vvvv dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD
+
+    Applications that support the ENGINE API and more specifically, the
+    "control commands" mechanism, will provide some way for you to pass
+    such commands through to ENGINEs. As such, you would select "dynamic"
+    as the ENGINE to use, and the parameters/commands you pass would
+    control the *actual* ENGINE used. Each command is actually a name-value
+    pair and the value can sometimes be omitted (eg. the "LOAD" command).
+    Whilst the syntax demonstrated in "openssl engine" uses a colon to
+    separate the command name from the value, applications may provide
+    their own syntax for making that separation (eg. a win32 registry
+    key-value pair may be used by some applications). The reason for the
+    "-pre" syntax in the "openssl engine" utility is that some commands
+    might be issued to an ENGINE *after* it has been initialised for use.
+    Eg. if an ENGINE implementation requires a smart-card to be inserted
+    during initialisation (or a PIN to be typed, or whatever), there may be
+    a control command you can issue afterwards to "forget" the smart-card
+    so that additional initialisation is no longer possible. In
+    applications such as web-servers, where potentially volatile code may
+    run on the same host system, this may provide some arguable security
+    value. In such a case, the command would be passed to the ENGINE after
+    it has been initialised for use, and so the "-post" switch would be
+    used instead. Applications may provide a different syntax for
+    supporting this distinction, and some may simply not provide it at all
+    ("-pre" is almost always what you're after, in reality).
+
+  How do I build a "dynamic" ENGINE?
+  ----------------------------------
+    This question is trickier - currently OpenSSL bundles various ENGINE
+    implementations that are statically built in, and any application that
+    calls the "ENGINE_load_builtin_engines()" function will automatically
+    have all such ENGINEs available (and occupying memory). Applications
+    that don't call that function have no ENGINEs available like that and
+    would have to use "dynamic" to load any such ENGINE - but on the other
+    hand such applications would only have the memory footprint of any
+    ENGINEs explicitly loaded using user/admin provided control commands.
+    The main advantage of not statically linking ENGINEs and only using
+    "dynamic" for hardware support is that any installation using no
+    "external" ENGINE suffers no unnecessary memory footprint from unused
+    ENGINEs. Likewise, installations that do require an ENGINE incur the
+    overheads from only *that* ENGINE once it has been loaded.
+
+    Sounds good? Maybe, but currently building an ENGINE implementation as
+    a shared-library that can be loaded by "dynamic" isn't automated in
+    OpenSSL's build process. It can be done manually quite easily however.
+    Such a shared-library can either be built with any OpenSSL code it
+    needs statically linked in, or it can link dynamically against OpenSSL
+    if OpenSSL itself is built as a shared library. The instructions are
+    the same in each case, but in the former (statically linked any
+    dependencies on OpenSSL) you must ensure OpenSSL is built with
+    position-independent code ("PIC"). The default OpenSSL compilation may
+    already specify the relevant flags to do this, but you should consult
+    with your compiler documentation if you are in any doubt.
+
+    This example will show building the "atalla" ENGINE in the
+    crypto/engine/ directory as a shared-library for use via the "dynamic"
+    ENGINE.
+    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+       source tree.
+    2) Recompile at least one source file so you can see all the compiler
+       flags (and syntax) being used to build normally. Eg;
+           touch hw_atalla.c ; make
+       will rebuild "hw_atalla.o" using all such flags.
+    3) Manually enter the same compilation line to compile the
+       "hw_atalla.c" file but with the following two changes;
+         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+	 (b) change the output file from "hw_atalla.o" to something new,
+             eg. "tmp_atalla.o"
+    4) Link "tmp_atalla.o" into a shared-library using the top-level
+       OpenSSL libraries to resolve any dependencies. The syntax for doing
+       this depends heavily on your system/compiler and is a nightmare
+       known well to anyone who has worked with shared-library portability
+       before. 'gcc' on Linux, for example, would use the following syntax;
+          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+    5) Test your shared library using "openssl engine" as explained in the
+       previous section. Eg. from the top-level directory, you might try;
+          apps/openssl engine -vvvv dynamic \
+              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+       If the shared-library loads successfully, you will see both "-pre"
+       commands marked as "SUCCESS" and the list of control commands
+       displayed (because of "-vvvv") will be the control commands for the
+       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+       the "-t" switch to the utility if you want it to try and initialise
+       the atalla ENGINE for use to test any possible hardware/driver
+       issues.
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+  A quick test done right before the release showed that trying "openssl speed
+  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+  to write at memory address 0x00000002.
+
diff --git a/openssl-1.1.0h/README.FIPS b/openssl-1.1.0h/README.FIPS
new file mode 100644
index 0000000..8593486
--- /dev/null
+++ b/openssl-1.1.0h/README.FIPS
@@ -0,0 +1 @@
+This release does not support a FIPS 140-2 validated module.
diff --git a/openssl-1.1.0h/VMS/VMSify-conf.pl b/openssl-1.1.0h/VMS/VMSify-conf.pl
new file mode 100644
index 0000000..21eff11
--- /dev/null
+++ b/openssl-1.1.0h/VMS/VMSify-conf.pl
@@ -0,0 +1,41 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
+my @file_vars = ( "database", "certificate", "serial", "crlnumber",
+		  "crl", "private_key", "RANDFILE" );
+while(<STDIN>) {
+    s|\R$||;
+    foreach my $d (@directory_vars) {
+	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
+	    $_ = "$1sys\\\$disk:\[.$2$3";
+	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
+	    $_ = "$1sys\\\$disk:\[.$2$3";
+	}
+	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
+	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
+	    $_ = "$1.$3]$4";
+	}
+    }
+    foreach my $f (@file_vars) {
+	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
+	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
+	    $_ = "$1.$3$4";
+	}
+	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
+	    $_ = "$1]$3.$4";
+	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
+	    $_ = "$1]$3$4";
+	}
+   }
+    print $_,"\n";
+}
diff --git a/openssl-1.1.0h/VMS/engine.opt b/openssl-1.1.0h/VMS/engine.opt
new file mode 100644
index 0000000..1c73c80
--- /dev/null
+++ b/openssl-1.1.0h/VMS/engine.opt
@@ -0,0 +1,2 @@
+CASE_SENSITIVE=YES
+SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)
diff --git a/openssl-1.1.0h/VMS/openssl_ivp.com.in b/openssl-1.1.0h/VMS/openssl_ivp.com.in
new file mode 100644
index 0000000..825a699
--- /dev/null
+++ b/openssl-1.1.0h/VMS/openssl_ivp.com.in
@@ -0,0 +1,50 @@
+$	! OpenSSL Internal Verification Procedure
+$	!
+$	! This script checks the consistency of a OpenSSL installation
+$	! It had better be spawned, as it creates process logicals
+$
+$	! Generated information
+$	INSTALLTOP := {- $config{INSTALLTOP} -}
+$	OPENSSLDIR := {- $config{OPENSSLDIR} -}
+$
+$	! Make sure that INSTALLTOP and OPENSSLDIR become something one
+$	! can use to call the startup procedure
+$	INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
+		     - ".][000000" - "[000000." - "][" - "]A.;" + "."
+$	OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
+		     - ".][000000" - "[000000." - "][" - "]A.;" + "."
+$
+$	v    := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
+$	pz   := {- $config{pointer_size} -}
+$	
+$	@'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
+$	@'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
+$
+$	IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
+           .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}-
+           .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
+           .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}-
+           .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
+           .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
+           .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
+$	THEN
+$	    WRITE SYS$ERROR "Installation inconsistent"
+$	    EXIT %x00018292 ! RMS$_FNF, file not found
+$	ENDIF
+$
+$	ON ERROR THEN GOTO error
+$
+$	! If something else is wrong with the installation, we're likely
+$	! to get an image activation error here
+$	openssl version -a
+$
+$	! FUTURE ENHANCEMENT: Verify that engines are where they should be.
+$	! openssl engine -c -t checker
+$
+$	WRITE SYS$ERROR "OpenSSL IVP passed"
+$	EXIT %x10000001
+$
+$ error:
+$	save_status = $STATUS
+$	WRITE SYS$ERROR "OpenSSL IVP failed"
+$	EXIT 'save_status'
diff --git a/openssl-1.1.0h/VMS/openssl_shutdown.com.in b/openssl-1.1.0h/VMS/openssl_shutdown.com.in
new file mode 100644
index 0000000..f0df1c1
--- /dev/null
+++ b/openssl-1.1.0h/VMS/openssl_shutdown.com.in
@@ -0,0 +1,56 @@
+$	! OpenSSL shutdown script
+$	!
+$	! This script deassigns the logical names used by the installation
+$	! of OpenSSL.  It can do so at any level, defined by P1.
+$	!
+$	! P1	Qualifier(s) for DEASSIGN.
+$	!	Default: /PROCESS
+$	!
+$	! P2	If the value is "NOALIASES", no alias logical names are
+$	!	deassigned.
+$
+$	status = %x10000001	! Generic success
+$
+$	! In case there's a problem
+$	ON CONTROL_Y THEN GOTO bailout
+$	ON ERROR THEN GOTO bailout
+$
+$	! Find the architecture
+$	IF F$GETSYI("CPU") .LT. 128
+$	THEN
+$	    arch := VAX
+$	ELSE
+$	    arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
+$	    IF arch .EQS. "" THEN GOTO unknown_arch
+$	ENDIF
+$
+$	! Abbrevs
+$	DEAS := DEASSIGN /NOLOG 'P1'
+$	sv   := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
+$	pz   := {- $config{pointer_size} -}
+$
+$	DEAS OSSL$DATAROOT
+$	DEAS OSSL$INSTROOT
+$	DEAS OSSL$INCLUDE
+$	DEAS OSSL$LIB
+$	DEAS OSSL$SHARE
+$	DEAS OSSL$ENGINES'sv'
+$	DEAS OSSL$EXE
+$	DEAS OSSL$LIBCRYPTO'pz'
+$	DEAS OSSL$LIBSSL'pz'
+${- output_off() if $config{no_shared}; "" -}
+$	DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
+$	DEAS OSSL$LIBSSL'sv'_SHR'pz'
+${- output_on() if $config{no_shared}; "" -}
+$	DEAS OPENSSL
+$
+$	IF P2 .NES. "NOALIASES"
+$	THEN
+$	    DEAS OSSL$ENGINES
+${- output_off() if $config{no_shared}; "" -}
+$	    DEAS OSSL$LIBCRYPTO_SHR'pz'
+$	    DEAS OSSL$LIBSSL_SHR'pz'
+${- output_on() if $config{no_shared}; "" -}
+$	ENDIF
+$
+$	EXIT 'status'
diff --git a/openssl-1.1.0h/VMS/openssl_startup.com.in b/openssl-1.1.0h/VMS/openssl_startup.com.in
new file mode 100644
index 0000000..9c8c09a
--- /dev/null
+++ b/openssl-1.1.0h/VMS/openssl_startup.com.in
@@ -0,0 +1,123 @@
+$	! OpenSSL startup script
+$	!
+$	! This script defines the logical names used by the installation
+$	! of OpenSSL.  It can provide those logical names at any level,
+$	! defined by P1.
+$	!
+$	! The logical names created are:
+$	!
+$	!	OSSL$INSTROOT		Installation root
+$	!	OSSL$DATAROOT		Data root (common directory
+$	!				for certs etc)
+$	!	OSSL$INCLUDE		Include directory root
+$	!	OSSL$LIB		Where the static library files
+$	!				are located
+$	!	OSSL$SHARE		Where the shareable image files
+$	!				are located
+$	!	OSSL$EXE		Where the executables are located
+$	!	OSSL$ENGINESnnn		Where the shareable images are located
+$	!	OSSL$LIBCRYPTO		The static crypto library
+$	!	OSSL$LIBSSL		The static ssl library
+$	!	OSSL$LIBCRYPTOnnn_SHR	The shareable crypto image
+$	!	OSSL$LIBSSLnnn_SHR	The shareable ssl image
+$	!	OPENSSL			is OSSL$INCLUDE:[OPENSSL]
+$	!
+$	! In all these, nnn is the OpenSSL version number.  This allows
+$	! several OpenSSL versions to be installed simultaneously, which
+$	! matters for applications that are linked to the shareable images
+$	! or that depend on engines.
+$	!
+$	! In addition, unless P2 is "NOALIASES", these logical names are
+$	! created:
+$	!
+$	!	OSSL$ENGINES		Alias for OSSL$ENGINESnnn
+$	!	OSSL$LIBCRYPTO_SHR	Alias for OSSL$LIBCRYPTOnnn_SHR
+$	!	OSSL$LIBSSL_SHR		Alias for OSSL$LIBSSLnnn_SHR
+$	!
+$	! P1	Qualifier(s) for DEFINE.  "/SYSTEM" would be typical when
+$	!	calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
+$	!	while "/PROCESS" would be typical for a personal install.
+$	!	Default: /PROCESS
+$	!
+$	! P2	If the value is "NOALIASES", no alias logical names are
+$	!	created.
+$
+$	status = %x10000001	! Generic success
+$
+$	! In case there's a problem
+$	ON CONTROL_Y THEN GOTO bailout
+$	ON ERROR THEN GOTO bailout
+$
+$	! Find the architecture
+$	IF F$GETSYI("CPU") .LT. 128
+$	THEN
+$	    arch := VAX
+$	ELSE
+$	    arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
+$	    IF arch .EQS. "" THEN GOTO unknown_arch
+$	ENDIF
+$
+$	! Generated information
+$	INSTALLTOP := {- $config{INSTALLTOP} -}
+$	OPENSSLDIR := {- $config{OPENSSLDIR} -}
+$
+$	! Make sure that INSTALLTOP and OPENSSLDIR become something one
+$	! can build concealed logical names on
+$	INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
+		     - ".][000000" - "[000000." - "][" - "]A.;" + "."
+$	OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
+		     - ".][000000" - "[000000." - "][" - "]A.;" + "."
+$
+$	DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
+$	DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
+$
+$	! Check that things are in place, and specifically, the stuff
+$	! belonging to this architecture
+$	IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" -
+	   .OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" -
+	   .OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" -
+	   .OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" -
+	   .OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" -
+	   .OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. ""
+$	THEN
+$	    WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'"
+$	    status = %x00018292 ! RMS$_FNF, file not found
+$	    GOTO bailout
+$	ENDIF
+$
+$	! Abbrevs
+$	DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
+$	DEF  := DEFINE /NOLOG 'P1'
+$	sv   := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
+$	pz   := {- $config{pointer_size} -}
+$
+$	DEFT OSSL$DATAROOT		'OPENSSLDIR_']
+$	DEFT OSSL$INSTROOT		'INSTALLTOP_']
+$	DEFT OSSL$INCLUDE		'INSTALLTOP_'INCLUDE.]
+$	DEF  OSSL$LIB			OSSL$INSTROOT:[LIB.'arch']
+$	DEF  OSSL$SHARE			OSSL$INSTROOT:[LIB.'arch']
+$	DEF  OSSL$ENGINES'sv''pz'	OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
+$	DEF  OSSL$EXE			OSSL$INSTROOT:[EXE.'arch'],-
+					OSSL$INSTROOT:[EXE]
+$	DEF  OSSL$LIBCRYPTO'pz'		OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
+$	DEF  OSSL$LIBSSL'pz'		OSSL$LIB:OSSL$LIBSSL'pz'.OLB
+${- output_off() if $config{no_shared}; "" -}
+$	DEF  OSSL$LIBCRYPTO'sv'_SHR'pz'	OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
+$	DEF  OSSL$LIBSSL'sv'_SHR'pz'	OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
+${- output_on() if $config{no_shared}; "" -}
+$	DEF  OPENSSL			OSSL$INCLUDE:[OPENSSL]
+$
+$	IF P2 .NES. "NOALIASES"
+$	THEN
+$	    DEF OSSL$ENGINES'pz'	OSSL$ENGINES'sv''pz'
+${- output_off() if $config{no_shared}; "" -}
+$	    DEF OSSL$LIBCRYPTO_SHR'pz'	OSSL$LIBCRYPTO'sv'_SHR'pz'
+$	    DEF OSSL$LIBSSL_SHR'pz'	OSSL$LIBSSL'sv'_SHR'pz'
+${- output_on() if $config{no_shared}; "" -}
+$	ENDIF
+$
+$ bailout:
+$	DEASSIGN WRK_INSTALLTOP
+$	DEASSIGN WRK_OPENSSLDIR
+$
+$	EXIT 'status'
diff --git a/openssl-1.1.0h/VMS/openssl_utils.com.in b/openssl-1.1.0h/VMS/openssl_utils.com.in
new file mode 100644
index 0000000..edd733d
--- /dev/null
+++ b/openssl-1.1.0h/VMS/openssl_utils.com.in
@@ -0,0 +1,14 @@
+$	! OpenSSL utilities
+$	!
+$
+$	v    := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
+$
+$	OPENSSL'v'	:== $OSSL$EXE:OPENSSL'v'
+$	OPENSSL		:== $OSSL$EXE:OPENSSL'v'
+$
+$	IF F$TYPE(PERL) .EQS. "STRING"
+$	THEN
+$	    C_REHASH	:== 'PERL' OSSL$EXE:c_rehash.pl
+$	ELSE
+$	    WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
+$	ENDIF
diff --git a/openssl-1.1.0h/VMS/test-includes.com b/openssl-1.1.0h/VMS/test-includes.com
new file mode 100644
index 0000000..c1d7ccd
--- /dev/null
+++ b/openssl-1.1.0h/VMS/test-includes.com
@@ -0,0 +1,28 @@
+$! Quick script to check how well including individual header files works
+$! on VMS, even when the VMS macro isn't defined.
+$
+$	sav_def = f$env("DEFAULT")
+$	here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
+$	set default 'here'
+$	set default [-.include.openssl]
+$	define openssl 'f$env("DEFAULT")'
+$	set default [--]
+$
+$ loop:
+$	f = f$search("openssl:*.h")
+$	if f .eqs. "" then goto loop_end
+$	write sys$output "Checking ",f
+$	open/write foo foo.c
+$	write foo "#undef VMS"
+$	write foo "#include <stdio.h>"
+$	write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
+$	write foo "main()"
+$	write foo "{printf(""foo\n"");}"
+$	close foo
+$	cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
+$	delete foo.c;
+$	goto loop
+$ loop_end:
+$	set default 'save_def'
+$	exit
+
diff --git a/openssl-1.1.0h/VMS/translatesyms.pl b/openssl-1.1.0h/VMS/translatesyms.pl
new file mode 100644
index 0000000..f61d954
--- /dev/null
+++ b/openssl-1.1.0h/VMS/translatesyms.pl
@@ -0,0 +1,62 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# This script will translate any SYMBOL_VECTOR item that has a translation
+# in CXX$DEMANGLER_DB.  The latter is generated by and CC/DECC command that
+# uses the qualifier /REPOSITORY with the build directory as value.  When
+# /NAMES=SHORTENED has been used, this file will hold the translations from
+# the original symbols to the shortened variants.
+#
+# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be
+# read as a text file, with each record as one line.
+#
+# The lines will have the following syntax for any symbol found that's longer
+# than 31 characters:
+#
+# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars
+#
+# $ is present at the end of the shortened symbol name, and is preceded by a
+# 7 character checksum.  The $ makes it easy to separate the shortened name
+# from the original one.
+
+use strict;
+use warnings;
+
+usage() if scalar @ARGV < 1;
+
+my %translations = ();
+
+open DEMANGLER_DATA, $ARGV[0]
+    or die "Couldn't open $ARGV[0]: $!\n";
+while(<DEMANGLER_DATA>) {
+    s|\R$||;
+    (my $translated, my $original) = split /\$/;
+    $translations{$original} = $translated.'$';
+}
+close DEMANGLER_DATA;
+
+$| = 1;                         # Autoflush
+while(<STDIN>) {
+    s@
+      ((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA)
+     @
+      if (defined($translations{$2})) {
+          my $trans = $translations{$2};
+          my $trans_uc = uc $trans;
+          if (defined($1) && $trans ne $trans_uc) {
+              "$trans_uc/$trans=$3"
+          } else {
+              "$trans=$3"
+          }
+      } else {
+          $&
+      }
+     @gxe;
+    print $_;
+}
diff --git a/openssl-1.1.0h/apps/CA.pl.in b/openssl-1.1.0h/apps/CA.pl.in
new file mode 100644
index 0000000..7277eec
--- /dev/null
+++ b/openssl-1.1.0h/apps/CA.pl.in
@@ -0,0 +1,196 @@
+#!{- $config{hashbangperl} -}
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Wrapper around the ca to make it easier to use
+#
+# {- join("\n# ", @autowarntext) -}
+
+use strict;
+use warnings;
+
+my $openssl = "openssl";
+if(defined $ENV{'OPENSSL'}) {
+    $openssl = $ENV{'OPENSSL'};
+} else {
+    $ENV{'OPENSSL'} = $openssl;
+}
+
+my $verbose = 1;
+
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+my $DAYS = "-days 365";
+my $CADAYS = "-days 1095";	# 3 years
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
+my $VERIFY = "$openssl verify";
+my $X509 = "$openssl x509";
+my $PKCS12 = "$openssl pkcs12";
+
+# default openssl.cnf file has setup as per the following
+my $CATOP = "./demoCA";
+my $CAKEY = "cakey.pem";
+my $CAREQ = "careq.pem";
+my $CACERT = "cacert.pem";
+my $CACRL = "crl.pem";
+my $DIRMODE = 0777;
+
+my $NEWKEY = "newkey.pem";
+my $NEWREQ = "newreq.pem";
+my $NEWCERT = "newcert.pem";
+my $NEWP12 = "newcert.p12";
+my $RET = 0;
+my $WHAT = shift @ARGV || "";
+my $FILE;
+
+# See if reason for a CRL entry is valid; exit if not.
+sub crl_reason_ok
+{
+    my $r = shift;
+
+    if ($r eq 'unspecified' || $r eq 'keyCompromise'
+        || $r eq 'CACompromise' || $r eq 'affiliationChanged'
+        || $r eq 'superseded' || $r eq 'cessationOfOperation'
+        || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
+        return 1;
+    }
+    print STDERR "Invalid CRL reason; must be one of:\n";
+    print STDERR "    unspecified, keyCompromise, CACompromise,\n";
+    print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
+    print STDERR "    certificateHold, removeFromCRL";
+    exit 1;
+}
+
+# Copy a PEM-format file; return like exit status (zero means ok)
+sub copy_pemfile
+{
+    my ($infile, $outfile, $bound) = @_;
+    my $found = 0;
+
+    open IN, $infile || die "Cannot open $infile, $!";
+    open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
+    while (<IN>) {
+        $found = 1 if /^-----BEGIN.*$bound/;
+        print OUT $_ if $found;
+        $found = 2, last if /^-----END.*$bound/;
+    }
+    close IN;
+    close OUT;
+    return $found == 2 ? 0 : 1;
+}
+
+# Wrapper around system; useful for debugging.  Returns just the exit status
+sub run
+{
+    my $cmd = shift;
+    print "====\n$cmd\n" if $verbose;
+    my $status = system($cmd);
+    print "==> $status\n====\n" if $verbose;
+    return $status >> 8;
+}
+
+
+if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
+    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+    print STDERR "       CA -pkcs12 [certname]\n";
+    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
+    exit 0;
+}
+if ($WHAT eq '-newcert' ) {
+    # create a certificate
+    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
+    print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq-nodes' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newca' ) {
+    # create the directory hierarchy
+    mkdir ${CATOP}, $DIRMODE;
+    mkdir "${CATOP}/certs", $DIRMODE;
+    mkdir "${CATOP}/crl", $DIRMODE ;
+    mkdir "${CATOP}/newcerts", $DIRMODE;
+    mkdir "${CATOP}/private", $DIRMODE;
+    open OUT, ">${CATOP}/index.txt";
+    close OUT;
+    open OUT, ">${CATOP}/crlnumber";
+    print OUT "01\n";
+    close OUT;
+    # ask user for existing CA certificate
+    print "CA certificate filename (or enter to create)\n";
+    $FILE = "" unless defined($FILE = <STDIN>);
+    $FILE =~ s{\R$}{};
+    if ($FILE ne "") {
+        copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+        copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+    } else {
+        print "Making CA certificate ...\n";
+        $RET = run("$REQ -new -keyout"
+                . " ${CATOP}/private/$CAKEY"
+                . " -out ${CATOP}/$CAREQ");
+        $RET = run("$CA -create_serial"
+                . " -out ${CATOP}/$CACERT $CADAYS -batch"
+                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
+                . " -extensions v3_ca"
+                . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
+        print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
+    }
+} elsif ($WHAT eq '-pkcs12' ) {
+    my $cname = $ARGV[0];
+    $cname = "My Certificate" unless defined $cname;
+    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
+            . " -certfile ${CATOP}/$CACERT"
+            . " -out $NEWP12"
+            . " -export -name \"$cname\"");
+    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+} elsif ($WHAT eq '-xsign' ) {
+    $RET = run("$CA -policy policy_anything -infiles $NEWREQ");
+} elsif ($WHAT eq '-sign' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signCA' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -extensions v3_ca -infiles $NEWREQ");
+    print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signcert' ) {
+    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
+            . " -out tmp.pem");
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -infiles tmp.pem") if $RET == 0;
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-verify' ) {
+    my @files = @ARGV ? @ARGV : ( $NEWCERT );
+    my $file;
+    foreach $file (@files) {
+        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
+        $RET = $status if $status != 0;
+    }
+} elsif ($WHAT eq '-crl' ) {
+    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
+    print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
+} elsif ($WHAT eq '-revoke' ) {
+    my $cname = $ARGV[0];
+    if (!defined $cname) {
+        print "Certificate filename is required; reason optional.\n";
+        exit 1;
+    }
+    my $reason = $ARGV[1];
+    $reason = " -crl_reason $reason"
+        if defined $reason && crl_reason_ok($reason);
+    $RET = run("$CA -revoke \"$cname\"" . $reason);
+} else {
+    print STDERR "Unknown arg \"$WHAT\"\n";
+    print STDERR "Use -help for help.\n";
+    exit 1;
+}
+
+exit $RET;
diff --git a/openssl-1.1.0h/apps/app_rand.c b/openssl-1.1.0h/apps/app_rand.c
new file mode 100644
index 0000000..ff0771c
--- /dev/null
+++ b/openssl-1.1.0h/apps/app_rand.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, int dont_warn)
+{
+    int consider_randfile = (file == NULL);
+    char buffer[200];
+
+    if (file == NULL)
+        file = RAND_file_name(buffer, sizeof(buffer));
+#ifndef OPENSSL_NO_EGD
+    else if (RAND_egd(file) > 0) {
+        /*
+         * we try if the given filename is an EGD socket. if it is, we don't
+         * write anything back to the file.
+         */
+        egdsocket = 1;
+        return 1;
+    }
+#endif
+    if (file == NULL || !RAND_load_file(file, -1)) {
+        if (RAND_status() == 0) {
+            if (!dont_warn) {
+                BIO_printf(bio_err, "unable to load 'random state'\n");
+                BIO_printf(bio_err,
+                           "This means that the random number generator has not been seeded\n");
+                BIO_printf(bio_err, "with much random data.\n");
+                if (consider_randfile) { /* explanation does not apply when a
+                                          * file is explicitly named */
+                    BIO_printf(bio_err,
+                               "Consider setting the RANDFILE environment variable to point at a file that\n");
+                    BIO_printf(bio_err,
+                               "'random' data can be kept in (the file will be overwritten).\n");
+                }
+            }
+            return 0;
+        }
+    }
+    seeded = 1;
+    return 1;
+}
+
+long app_RAND_load_files(char *name)
+{
+    char *p, *n;
+    int last;
+    long tot = 0;
+#ifndef OPENSSL_NO_EGD
+    int egd;
+#endif
+
+    for (;;) {
+        last = 0;
+        for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
+        if (*p == '\0')
+            last = 1;
+        *p = '\0';
+        n = name;
+        name = p + 1;
+        if (*n == '\0')
+            break;
+
+#ifndef OPENSSL_NO_EGD
+        egd = RAND_egd(n);
+        if (egd > 0)
+            tot += egd;
+        else
+#endif
+            tot += RAND_load_file(n, -1);
+        if (last)
+            break;
+    }
+    if (tot > 512)
+        app_RAND_allow_write_file();
+    return (tot);
+}
+
+int app_RAND_write_file(const char *file)
+{
+    char buffer[200];
+
+    if (egdsocket || !seeded)
+        /*
+         * If we did not manage to read the seed file, we should not write a
+         * low-entropy seed file back -- it would suppress a crucial warning
+         * the next time we want to use it.
+         */
+        return 0;
+
+    if (file == NULL)
+        file = RAND_file_name(buffer, sizeof(buffer));
+    if (file == NULL || !RAND_write_file(file)) {
+        BIO_printf(bio_err, "unable to write 'random state'\n");
+        return 0;
+    }
+    return 1;
+}
+
+void app_RAND_allow_write_file(void)
+{
+    seeded = 1;
+}
diff --git a/openssl-1.1.0h/apps/apps.c b/openssl-1.1.0h/apps/apps.c
new file mode 100644
index 0000000..8703d0c
--- /dev/null
+++ b/openssl-1.1.0h/apps/apps.c
@@ -0,0 +1,2650 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+# define _POSIX_C_SOURCE 2
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+#include <ctype.h>
+#include <errno.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/ssl.h>
+#include "s_apps.h"
+#include "apps.h"
+
+#ifdef _WIN32
+static int WIN32_rename(const char *from, const char *to);
+# define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+typedef struct {
+    const char *name;
+    unsigned long flag;
+    unsigned long mask;
+} NAME_EX_TBL;
+
+#if !defined(OPENSSL_NO_UI) || !defined(OPENSSL_NO_ENGINE)
+static UI_METHOD *ui_method = NULL;
+#endif
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+
+int app_init(long mesgwin);
+
+int chopup_args(ARGS *arg, char *buf)
+{
+    int quoted;
+    char c = '\0', *p = NULL;
+
+    arg->argc = 0;
+    if (arg->size == 0) {
+        arg->size = 20;
+        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
+    }
+
+    for (p = buf;;) {
+        /* Skip whitespace. */
+        while (*p && isspace(_UC(*p)))
+            p++;
+        if (!*p)
+            break;
+
+        /* The start of something good :-) */
+        if (arg->argc >= arg->size) {
+            char **tmp;
+            arg->size += 20;
+            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
+            if (tmp == NULL)
+                return 0;
+            arg->argv = tmp;
+        }
+        quoted = *p == '\'' || *p == '"';
+        if (quoted)
+            c = *p++;
+        arg->argv[arg->argc++] = p;
+
+        /* now look for the end of this */
+        if (quoted) {
+            while (*p && *p != c)
+                p++;
+            *p++ = '\0';
+        } else {
+            while (*p && !isspace(_UC(*p)))
+                p++;
+            if (*p)
+                *p++ = '\0';
+        }
+    }
+    arg->argv[arg->argc] = NULL;
+    return (1);
+}
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+{
+    return (1);
+}
+#endif
+
+int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                             const char *CApath, int noCAfile, int noCApath)
+{
+    if (CAfile == NULL && CApath == NULL) {
+        if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
+            return 0;
+        if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
+            return 0;
+
+        return 1;
+    }
+    return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
+}
+
+#ifndef OPENSSL_NO_CT
+
+int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    if (path == NULL) {
+        return SSL_CTX_set_default_ctlog_list_file(ctx);
+    }
+
+    return SSL_CTX_set_ctlog_list_file(ctx, path);
+}
+
+#endif
+
+int dump_cert_text(BIO *out, X509 *x)
+{
+    char *p;
+
+    p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+    BIO_puts(out, "subject=");
+    BIO_puts(out, p);
+    OPENSSL_free(p);
+
+    p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
+    BIO_puts(out, "\nissuer=");
+    BIO_puts(out, p);
+    BIO_puts(out, "\n");
+    OPENSSL_free(p);
+
+    return 0;
+}
+
+#ifndef OPENSSL_NO_UI
+static int ui_open(UI *ui)
+{
+    return UI_method_get_opener(UI_OpenSSL())(ui);
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0') {
+                    UI_set_result(ui, uis, password);
+                    return 1;
+                }
+            }
+        default:
+            break;
+        }
+    }
+    return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0')
+                    return 1;
+            }
+        default:
+            break;
+        }
+    }
+    return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_close(UI *ui)
+{
+    return UI_method_get_closer(UI_OpenSSL())(ui);
+}
+
+int setup_ui_method(void)
+{
+    ui_method = UI_create_method("OpenSSL application user interface");
+    UI_method_set_opener(ui_method, ui_open);
+    UI_method_set_reader(ui_method, ui_read);
+    UI_method_set_writer(ui_method, ui_write);
+    UI_method_set_closer(ui_method, ui_close);
+    return 0;
+}
+
+void destroy_ui_method(void)
+{
+    if (ui_method) {
+        UI_destroy_method(ui_method);
+        ui_method = NULL;
+    }
+}
+#endif
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+    int res = 0;
+#ifndef OPENSSL_NO_UI
+    UI *ui = NULL;
+#endif
+    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+#ifdef OPENSSL_NO_UI
+    if (cb_data != NULL && cb_data->password != NULL) {
+        res = strlen(cb_data->password);
+        if (res > bufsiz)
+            res = bufsiz;
+        memcpy(buf, cb_data->password, res);
+    }
+#else
+    ui = UI_new_method(ui_method);
+    if (ui) {
+        int ok = 0;
+        char *buff = NULL;
+        int ui_flags = 0;
+        const char *prompt_info = NULL;
+        char *prompt;
+
+        if (cb_data != NULL && cb_data->prompt_info != NULL)
+            prompt_info = cb_data->prompt_info;
+        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+        if (!prompt) {
+            BIO_printf(bio_err, "Out of memory\n");
+            UI_free(ui);
+            return 0;
+        }
+
+        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+        /* We know that there is no previous user data to return to us */
+        (void)UI_add_user_data(ui, cb_data);
+
+        if (ok >= 0)
+            ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+                                     PW_MIN_LENGTH, bufsiz - 1);
+        if (ok >= 0 && verify) {
+            buff = app_malloc(bufsiz, "password buffer");
+            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+                                      PW_MIN_LENGTH, bufsiz - 1, buf);
+        }
+        if (ok >= 0)
+            do {
+                ok = UI_process(ui);
+            }
+            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+        OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+
+        if (ok >= 0)
+            res = strlen(buf);
+        if (ok == -1) {
+            BIO_printf(bio_err, "User interface error\n");
+            ERR_print_errors(bio_err);
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        if (ok == -2) {
+            BIO_printf(bio_err, "aborted!\n");
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        UI_free(ui);
+        OPENSSL_free(prompt);
+    }
+#endif
+    return res;
+}
+
+static char *app_get_pass(const char *arg, int keepbio);
+
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
+{
+    int same;
+    if (!arg2 || !arg1 || strcmp(arg1, arg2))
+        same = 0;
+    else
+        same = 1;
+    if (arg1) {
+        *pass1 = app_get_pass(arg1, same);
+        if (!*pass1)
+            return 0;
+    } else if (pass1)
+        *pass1 = NULL;
+    if (arg2) {
+        *pass2 = app_get_pass(arg2, same ? 2 : 0);
+        if (!*pass2)
+            return 0;
+    } else if (pass2)
+        *pass2 = NULL;
+    return 1;
+}
+
+static char *app_get_pass(const char *arg, int keepbio)
+{
+    char *tmp, tpass[APP_PASS_LEN];
+    static BIO *pwdbio = NULL;
+    int i;
+
+    if (strncmp(arg, "pass:", 5) == 0)
+        return OPENSSL_strdup(arg + 5);
+    if (strncmp(arg, "env:", 4) == 0) {
+        tmp = getenv(arg + 4);
+        if (!tmp) {
+            BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
+            return NULL;
+        }
+        return OPENSSL_strdup(tmp);
+    }
+    if (!keepbio || !pwdbio) {
+        if (strncmp(arg, "file:", 5) == 0) {
+            pwdbio = BIO_new_file(arg + 5, "r");
+            if (!pwdbio) {
+                BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
+                return NULL;
+            }
+#if !defined(_WIN32)
+            /*
+             * Under _WIN32, which covers even Win64 and CE, file
+             * descriptors referenced by BIO_s_fd are not inherited
+             * by child process and therefore below is not an option.
+             * It could have been an option if bss_fd.c was operating
+             * on real Windows descriptors, such as those obtained
+             * with CreateFile.
+             */
+        } else if (strncmp(arg, "fd:", 3) == 0) {
+            BIO *btmp;
+            i = atoi(arg + 3);
+            if (i >= 0)
+                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+            if ((i < 0) || !pwdbio) {
+                BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
+                return NULL;
+            }
+            /*
+             * Can't do BIO_gets on an fd BIO so add a buffering BIO
+             */
+            btmp = BIO_new(BIO_f_buffer());
+            pwdbio = BIO_push(btmp, pwdbio);
+#endif
+        } else if (strcmp(arg, "stdin") == 0) {
+            pwdbio = dup_bio_in(FORMAT_TEXT);
+            if (!pwdbio) {
+                BIO_printf(bio_err, "Can't open BIO for stdin\n");
+                return NULL;
+            }
+        } else {
+            BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
+            return NULL;
+        }
+    }
+    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+    if (keepbio != 1) {
+        BIO_free_all(pwdbio);
+        pwdbio = NULL;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "Error reading password from BIO\n");
+        return NULL;
+    }
+    tmp = strchr(tpass, '\n');
+    if (tmp)
+        *tmp = 0;
+    return OPENSSL_strdup(tpass);
+}
+
+static CONF *app_load_config_(BIO *in, const char *filename)
+{
+    long errorline = -1;
+    CONF *conf;
+    int i;
+
+    conf = NCONF_new(NULL);
+    i = NCONF_load_bio(conf, in, &errorline);
+    if (i > 0)
+        return conf;
+
+    if (errorline <= 0)
+        BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
+                   opt_getprog(), filename);
+    else
+        BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
+                   opt_getprog(), errorline, filename);
+    NCONF_free(conf);
+    return NULL;
+}
+CONF *app_load_config(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_(in, filename);
+    BIO_free(in);
+    return conf;
+}
+CONF *app_load_config_quiet(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_(in, filename);
+    BIO_free(in);
+    return conf;
+}
+
+int app_load_modules(const CONF *config)
+{
+    CONF *to_free = NULL;
+
+    if (config == NULL)
+        config = to_free = app_load_config_quiet(default_config_file);
+    if (config == NULL)
+        return 1;
+
+    if (CONF_modules_load(config, NULL, 0) <= 0) {
+        BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
+        ERR_print_errors(bio_err);
+        NCONF_free(to_free);
+        return 0;
+    }
+    NCONF_free(to_free);
+    return 1;
+}
+
+int add_oid_section(CONF *conf)
+{
+    char *p;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
+        ERR_clear_error();
+        return 1;
+    }
+    if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
+        BIO_printf(bio_err, "problem loading oid section %s\n", p);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        cnf = sk_CONF_VALUE_value(sktmp, i);
+        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+            BIO_printf(bio_err, "problem creating object %s=%s\n",
+                       cnf->name, cnf->value);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int load_pkcs12(BIO *in, const char *desc,
+                       pem_password_cb *pem_cb, void *cb_data,
+                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+    const char *pass;
+    char tpass[PEM_BUFSIZE];
+    int len, ret = 0;
+    PKCS12 *p12;
+    p12 = d2i_PKCS12_bio(in, NULL);
+    if (p12 == NULL) {
+        BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
+        goto die;
+    }
+    /* See if an empty password will do */
+    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+        pass = "";
+    else {
+        if (!pem_cb)
+            pem_cb = (pem_password_cb *)password_callback;
+        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+        if (len < 0) {
+            BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
+            goto die;
+        }
+        if (len < PEM_BUFSIZE)
+            tpass[len] = 0;
+        if (!PKCS12_verify_mac(p12, tpass, len)) {
+            BIO_printf(bio_err,
+                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+                       desc);
+            goto die;
+        }
+        pass = tpass;
+    }
+    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+    PKCS12_free(p12);
+    return ret;
+}
+
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
+{
+    char *host = NULL, *port = NULL, *path = NULL;
+    BIO *bio = NULL;
+    OCSP_REQ_CTX *rctx = NULL;
+    int use_ssl, rv = 0;
+    if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
+        goto err;
+    if (use_ssl) {
+        BIO_puts(bio_err, "https not supported\n");
+        goto err;
+    }
+    bio = BIO_new_connect(host);
+    if (!bio || !BIO_set_conn_port(bio, port))
+        goto err;
+    rctx = OCSP_REQ_CTX_new(bio, 1024);
+    if (rctx == NULL)
+        goto err;
+    if (!OCSP_REQ_CTX_http(rctx, "GET", path))
+        goto err;
+    if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
+        goto err;
+    if (pcert) {
+        do {
+            rv = X509_http_nbio(rctx, pcert);
+        } while (rv == -1);
+    } else {
+        do {
+            rv = X509_CRL_http_nbio(rctx, pcrl);
+        } while (rv == -1);
+    }
+
+ err:
+    OPENSSL_free(host);
+    OPENSSL_free(path);
+    OPENSSL_free(port);
+    if (bio)
+        BIO_free_all(bio);
+    OCSP_REQ_CTX_free(rctx);
+    if (rv != 1) {
+        BIO_printf(bio_err, "Error loading %s from %s\n",
+                   pcert ? "certificate" : "CRL", url);
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+#endif
+
+X509 *load_cert(const char *file, int format, const char *cert_descrip)
+{
+    X509 *x = NULL;
+    BIO *cert;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(file, &x, NULL);
+#endif
+        return x;
+    }
+
+    if (file == NULL) {
+        unbuffer(stdin);
+        cert = dup_bio_in(format);
+    } else
+        cert = bio_open_default(file, 'r', format);
+    if (cert == NULL)
+        goto end;
+
+    if (format == FORMAT_ASN1)
+        x = d2i_X509_bio(cert, NULL);
+    else if (format == FORMAT_PEM)
+        x = PEM_read_bio_X509_AUX(cert, NULL,
+                                  (pem_password_cb *)password_callback, NULL);
+    else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+            goto end;
+    } else {
+        BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
+        goto end;
+    }
+ end:
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load certificate\n");
+        ERR_print_errors(bio_err);
+    }
+    BIO_free(cert);
+    return (x);
+}
+
+X509_CRL *load_crl(const char *infile, int format)
+{
+    X509_CRL *x = NULL;
+    BIO *in = NULL;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(infile, NULL, &x);
+#endif
+        return x;
+    }
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1)
+        x = d2i_X509_CRL_bio(in, NULL);
+    else if (format == FORMAT_PEM)
+        x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+    else {
+        BIO_printf(bio_err, "bad input format specified for input crl\n");
+        goto end;
+    }
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load CRL\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return (x);
+}
+
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL)
+            BIO_printf(bio_err, "no engine specified\n");
+        else {
+#ifndef OPENSSL_NO_ENGINE
+            if (ENGINE_init(e)) {
+                pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+                ENGINE_finish(e);
+            }
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else
+        key = bio_open_default(file, 'r', format);
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PrivateKey_bio(key, NULL);
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PrivateKey(key, NULL,
+                                       (pem_password_cb *)password_callback,
+                                       &cb_data);
+    }
+    else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(key, key_descrip,
+                         (pem_password_cb *)password_callback, &cb_data,
+                         &pkey, NULL, NULL))
+            goto end;
+    }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
+    else if (format == FORMAT_MSBLOB)
+        pkey = b2i_PrivateKey_bio(key);
+    else if (format == FORMAT_PVK)
+        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+                           &cb_data);
+#endif
+    else {
+        BIO_printf(bio_err, "bad input format specified for key file\n");
+        goto end;
+    }
+ end:
+    BIO_free(key);
+    if (pkey == NULL) {
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+        ERR_print_errors(bio_err);
+    }
+    return (pkey);
+}
+
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL)
+            BIO_printf(bio_err, "no engine specified\n");
+        else {
+#ifndef OPENSSL_NO_ENGINE
+            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else
+        key = bio_open_default(file, 'r', format);
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PUBKEY_bio(key, NULL);
+    }
+    else if (format == FORMAT_ASN1RSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = d2i_RSAPublicKey_bio(key, NULL);
+        if (rsa) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    } else if (format == FORMAT_PEMRSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
+                                        (pem_password_cb *)password_callback,
+                                        &cb_data);
+        if (rsa != NULL) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    }
+    else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PUBKEY(key, NULL,
+                                   (pem_password_cb *)password_callback,
+                                   &cb_data);
+    }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+    else if (format == FORMAT_MSBLOB)
+        pkey = b2i_PublicKey_bio(key);
+#endif
+ end:
+    BIO_free(key);
+    if (pkey == NULL)
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+    return (pkey);
+}
+
+static int load_certs_crls(const char *file, int format,
+                           const char *pass, const char *desc,
+                           STACK_OF(X509) **pcerts,
+                           STACK_OF(X509_CRL) **pcrls)
+{
+    int i;
+    BIO *bio;
+    STACK_OF(X509_INFO) *xis = NULL;
+    X509_INFO *xi;
+    PW_CB_DATA cb_data;
+    int rv = 0;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (format != FORMAT_PEM) {
+        BIO_printf(bio_err, "bad input format specified for %s\n", desc);
+        return 0;
+    }
+
+    bio = bio_open_default(file, 'r', FORMAT_PEM);
+    if (bio == NULL)
+        return 0;
+
+    xis = PEM_X509_INFO_read_bio(bio, NULL,
+                                 (pem_password_cb *)password_callback,
+                                 &cb_data);
+
+    BIO_free(bio);
+
+    if (pcerts && *pcerts == NULL) {
+        *pcerts = sk_X509_new_null();
+        if (!*pcerts)
+            goto end;
+    }
+
+    if (pcrls && *pcrls == NULL) {
+        *pcrls = sk_X509_CRL_new_null();
+        if (!*pcrls)
+            goto end;
+    }
+
+    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+        xi = sk_X509_INFO_value(xis, i);
+        if (xi->x509 && pcerts) {
+            if (!sk_X509_push(*pcerts, xi->x509))
+                goto end;
+            xi->x509 = NULL;
+        }
+        if (xi->crl && pcrls) {
+            if (!sk_X509_CRL_push(*pcrls, xi->crl))
+                goto end;
+            xi->crl = NULL;
+        }
+    }
+
+    if (pcerts && sk_X509_num(*pcerts) > 0)
+        rv = 1;
+
+    if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
+        rv = 1;
+
+ end:
+
+    sk_X509_INFO_pop_free(xis, X509_INFO_free);
+
+    if (rv == 0) {
+        if (pcerts) {
+            sk_X509_pop_free(*pcerts, X509_free);
+            *pcerts = NULL;
+        }
+        if (pcrls) {
+            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+            *pcrls = NULL;
+        }
+        BIO_printf(bio_err, "unable to load %s\n",
+                   pcerts ? "certificates" : "CRLs");
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+
+void* app_malloc(int sz, const char *what)
+{
+    void *vp = OPENSSL_malloc(sz);
+
+    if (vp == NULL) {
+        BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
+                opt_getprog(), sz, what);
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    return vp;
+}
+
+/*
+ * Initialize or extend, if *certs != NULL, a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, certs, NULL);
+}
+
+/*
+ * Initialize or extend, if *crls != NULL, a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, NULL, crls);
+}
+
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL cert_tbl[] = {
+        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+        {"ca_default", X509_FLAG_CA, 0xffffffffl},
+        {"no_header", X509_FLAG_NO_HEADER, 0},
+        {"no_version", X509_FLAG_NO_VERSION, 0},
+        {"no_serial", X509_FLAG_NO_SERIAL, 0},
+        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+        {"no_aux", X509_FLAG_NO_AUX, 0},
+        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {NULL, 0, 0}
+    };
+    return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL ex_tbl[] = {
+        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+        {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
+        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+        {"dn_rev", XN_FLAG_DN_REV, 0},
+        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+        {"align", XN_FLAG_FN_ALIGN, 0},
+        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+        {"space_eq", XN_FLAG_SPC_EQ, 0},
+        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+        {NULL, 0, 0}
+    };
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+        return 0;
+    if ((*flags & XN_FLAG_SEP_MASK) == 0)
+        *flags |= XN_FLAG_SEP_CPLUS_SPC;
+    return 1;
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+    if (strcasecmp(arg, "none") == 0)
+        *copy_type = EXT_COPY_NONE;
+    else if (strcasecmp(arg, "copy") == 0)
+        *copy_type = EXT_COPY_ADD;
+    else if (strcasecmp(arg, "copyall") == 0)
+        *copy_type = EXT_COPY_ALL;
+    else
+        return 0;
+    return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    X509_EXTENSION *ext, *tmpext;
+    ASN1_OBJECT *obj;
+    int i, idx, ret = 0;
+    if (!x || !req || (copy_type == EXT_COPY_NONE))
+        return 1;
+    exts = X509_REQ_get_extensions(req);
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+        obj = X509_EXTENSION_get_object(ext);
+        idx = X509_get_ext_by_OBJ(x, obj, -1);
+        /* Does extension exist? */
+        if (idx != -1) {
+            /* If normal copy don't override existing extension */
+            if (copy_type == EXT_COPY_ADD)
+                continue;
+            /* Delete all extensions of same type */
+            do {
+                tmpext = X509_get_ext(x, idx);
+                X509_delete_ext(x, idx);
+                X509_EXTENSION_free(tmpext);
+                idx = X509_get_ext_by_OBJ(x, obj, -1);
+            } while (idx != -1);
+        }
+        if (!X509_add_ext(x, ext, -1))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+    return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *val;
+    int i, ret = 1;
+    if (!arg)
+        return 0;
+    vals = X509V3_parse_list(arg);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        val = sk_CONF_VALUE_value(vals, i);
+        if (!set_table_opts(flags, val->name, in_tbl))
+            ret = 0;
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    char c;
+    const NAME_EX_TBL *ptbl;
+    c = arg[0];
+
+    if (c == '-') {
+        c = 0;
+        arg++;
+    } else if (c == '+') {
+        c = 1;
+        arg++;
+    } else
+        c = 1;
+
+    for (ptbl = in_tbl; ptbl->name; ptbl++) {
+        if (strcasecmp(arg, ptbl->name) == 0) {
+            *flags &= ~ptbl->mask;
+            if (c)
+                *flags |= ptbl->flag;
+            else
+                *flags &= ~ptbl->flag;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags)
+{
+    char *buf;
+    char mline = 0;
+    int indent = 0;
+
+    if (title)
+        BIO_puts(out, title);
+    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mline = 1;
+        indent = 4;
+    }
+    if (lflags == XN_FLAG_COMPAT) {
+        buf = X509_NAME_oneline(nm, 0, 0);
+        BIO_puts(out, buf);
+        BIO_puts(out, "\n");
+        OPENSSL_free(buf);
+    } else {
+        if (mline)
+            BIO_puts(out, "\n");
+        X509_NAME_print_ex(out, nm, indent, lflags);
+        BIO_puts(out, "\n");
+    }
+}
+
+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
+                      int len, unsigned char *buffer)
+{
+    BIO_printf(out, "    static unsigned char %s_%d[] = {", var, len);
+    if (BN_is_zero(in))
+        BIO_printf(out, "\n\t0x00");
+    else {
+        int i, l;
+
+        l = BN_bn2bin(in, buffer);
+        for (i = 0; i < l; i++) {
+            if ((i % 10) == 0)
+                BIO_printf(out, "\n\t");
+            if (i < l - 1)
+                BIO_printf(out, "0x%02X, ", buffer[i]);
+            else
+                BIO_printf(out, "0x%02X", buffer[i]);
+        }
+    }
+    BIO_printf(out, "\n    };\n");
+}
+void print_array(BIO *out, const char* title, int len, const unsigned char* d)
+{
+    int i;
+
+    BIO_printf(out, "unsigned char %s[%d] = {", title, len);
+    for (i = 0; i < len; i++) {
+        if ((i % 10) == 0)
+            BIO_printf(out, "\n    ");
+        if (i < len - 1)
+            BIO_printf(out, "0x%02X, ", d[i]);
+        else
+            BIO_printf(out, "0x%02X", d[i]);
+    }
+    BIO_printf(out, "\n};\n");
+}
+
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
+{
+    X509_STORE *store = X509_STORE_new();
+    X509_LOOKUP *lookup;
+
+    if (store == NULL)
+        goto end;
+
+    if (CAfile != NULL || !noCAfile) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        if (CAfile) {
+            if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+                goto end;
+            }
+        } else
+            X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+    }
+
+    if (CApath != NULL || !noCApath) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            goto end;
+        if (CApath) {
+            if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+                goto end;
+            }
+        } else
+            X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+    }
+
+    ERR_clear_error();
+    return store;
+ end:
+    X509_STORE_free(store);
+    return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(const char *engine)
+{
+    ENGINE *e = ENGINE_by_id("dynamic");
+    if (e) {
+        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+            ENGINE_free(e);
+            e = NULL;
+        }
+    }
+    return e;
+}
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug)
+{
+    ENGINE *e = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine) {
+        if (strcmp(engine, "auto") == 0) {
+            BIO_printf(bio_err, "enabling auto ENGINE support\n");
+            ENGINE_register_all_complete();
+            return NULL;
+        }
+        if ((e = ENGINE_by_id(engine)) == NULL
+            && (e = try_load_engine(engine)) == NULL) {
+            BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
+            ERR_print_errors(bio_err);
+            return NULL;
+        }
+        if (debug) {
+            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
+        }
+        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            BIO_printf(bio_err, "can't use that engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(e);
+            return NULL;
+        }
+
+        BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+    }
+#endif
+    return e;
+}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+    if (e != NULL)
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
+#endif
+}
+
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
+{
+    const char *n;
+
+    n = a[DB_serial];
+    while (*n == '0')
+        n++;
+    return OPENSSL_LH_strhash(n);
+}
+
+static int index_serial_cmp(const OPENSSL_CSTRING *a,
+                            const OPENSSL_CSTRING *b)
+{
+    const char *aa, *bb;
+
+    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+    return (strcmp(aa, bb));
+}
+
+static int index_name_qual(char **a)
+{
+    return (a[0][0] == 'V');
+}
+
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
+{
+    return OPENSSL_LH_strhash(a[DB_name]);
+}
+
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+{
+    return (strcmp(a[DB_name], b[DB_name]));
+}
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
+#undef BSIZE
+#define BSIZE 256
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
+{
+    BIO *in = NULL;
+    BIGNUM *ret = NULL;
+    char buf[1024];
+    ASN1_INTEGER *ai = NULL;
+
+    ai = ASN1_INTEGER_new();
+    if (ai == NULL)
+        goto err;
+
+    in = BIO_new_file(serialfile, "r");
+    if (in == NULL) {
+        if (!create) {
+            perror(serialfile);
+            goto err;
+        }
+        ERR_clear_error();
+        ret = BN_new();
+        if (ret == NULL || !rand_serial(ret, ai))
+            BIO_printf(bio_err, "Out of memory\n");
+    } else {
+        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        ret = ASN1_INTEGER_to_BN(ai, NULL);
+        if (ret == NULL) {
+            BIO_printf(bio_err,
+                       "error converting number from bin to BIGNUM\n");
+            goto err;
+        }
+    }
+
+    if (ret && retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    BIO_free(in);
+    ASN1_INTEGER_free(ai);
+    return (ret);
+}
+
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+                ASN1_INTEGER **retai)
+{
+    char buf[1][BSIZE];
+    BIO *out = NULL;
+    int ret = 0;
+    ASN1_INTEGER *ai = NULL;
+    int j;
+
+    if (suffix == NULL)
+        j = strlen(serialfile);
+    else
+        j = strlen(serialfile) + strlen(suffix) + 1;
+    if (j >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+
+    if (suffix == NULL)
+        OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
+    else {
+#ifndef OPENSSL_SYS_VMS
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
+#else
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
+#endif
+    }
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+        goto err;
+    }
+    i2a_ASN1_INTEGER(out, ai);
+    BIO_puts(out, "\n");
+    ret = 1;
+    if (retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    BIO_free_all(out);
+    ASN1_INTEGER_free(ai);
+    return (ret);
+}
+
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix)
+{
+    char buf[2][BSIZE];
+    int i, j;
+
+    i = strlen(serialfile) + strlen(old_suffix);
+    j = strlen(serialfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 1 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
+#endif
+    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", serialfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], serialfile) < 0) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", buf[0], serialfile);
+        perror("reason");
+        rename(buf[1], serialfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+{
+    BIGNUM *btmp;
+    int ret = 0;
+
+    if (b)
+        btmp = b;
+    else
+        btmp = BN_new();
+
+    if (btmp == NULL)
+        return 0;
+
+    if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+        goto error;
+    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+        goto error;
+
+    ret = 1;
+
+ error:
+
+    if (btmp != b)
+        BN_free(btmp);
+
+    return ret;
+}
+
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
+{
+    CA_DB *retdb = NULL;
+    TXT_DB *tmpdb = NULL;
+    BIO *in;
+    CONF *dbattr_conf = NULL;
+    char buf[BSIZE];
+
+    in = BIO_new_file(dbfile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+#ifndef OPENSSL_SYS_VMS
+    BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
+#else
+    BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
+#endif
+    dbattr_conf = app_load_config(buf);
+
+    retdb = app_malloc(sizeof(*retdb), "new DB");
+    retdb->db = tmpdb;
+    tmpdb = NULL;
+    if (db_attr)
+        retdb->attributes = *db_attr;
+    else {
+        retdb->attributes.unique_subject = 1;
+    }
+
+    if (dbattr_conf) {
+        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+        if (p) {
+            retdb->attributes.unique_subject = parse_yesno(p, 1);
+        }
+    }
+
+ err:
+    NCONF_free(dbattr_conf);
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+    return retdb;
+}
+
+int index_index(CA_DB *db)
+{
+    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+                             LHASH_HASH_FN(index_serial),
+                             LHASH_COMP_FN(index_serial))) {
+        BIO_printf(bio_err,
+                   "error creating serial number index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+
+    if (db->attributes.unique_subject
+        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+                                LHASH_HASH_FN(index_name),
+                                LHASH_COMP_FN(index_name))) {
+        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+    return 1;
+}
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+{
+    char buf[3][BSIZE];
+    BIO *out;
+    int j;
+
+    j = strlen(dbfile) + strlen(suffix);
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
+#else
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
+#endif
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        perror(dbfile);
+        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+        goto err;
+    }
+    j = TXT_DB_write(out, db->db);
+    BIO_free(out);
+    if (j <= 0)
+        goto err;
+
+    out = BIO_new_file(buf[1], "w");
+    if (out == NULL) {
+        perror(buf[2]);
+        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+        goto err;
+    }
+    BIO_printf(out, "unique_subject = %s\n",
+               db->attributes.unique_subject ? "yes" : "no");
+    BIO_free(out);
+
+    return 1;
+ err:
+    return 0;
+}
+
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix)
+{
+    char buf[5][BSIZE];
+    int i, j;
+
+    i = strlen(dbfile) + strlen(old_suffix);
+    j = strlen(dbfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
+#endif
+    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], dbfile) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+        perror("reason");
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
+        perror("reason");
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[2], buf[4]) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+        perror("reason");
+        rename(buf[3], buf[4]);
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+void free_index(CA_DB *db)
+{
+    if (db) {
+        TXT_DB_free(db->db);
+        OPENSSL_free(db);
+    }
+}
+
+int parse_yesno(const char *str, int def)
+{
+    if (str) {
+        switch (*str) {
+        case 'f':              /* false */
+        case 'F':              /* FALSE */
+        case 'n':              /* no */
+        case 'N':              /* NO */
+        case '0':              /* 0 */
+            return 0;
+        case 't':              /* true */
+        case 'T':              /* TRUE */
+        case 'y':              /* yes */
+        case 'Y':              /* YES */
+        case '1':              /* 1 */
+            return 1;
+        }
+    }
+    return def;
+}
+
+/*
+ * name is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
+{
+    int nextismulti = 0;
+    char *work;
+    X509_NAME *n;
+
+    if (*cp++ != '/')
+        return NULL;
+
+    n = X509_NAME_new();
+    if (n == NULL)
+        return NULL;
+    work = OPENSSL_strdup(cp);
+    if (work == NULL)
+        goto err;
+
+    while (*cp) {
+        char *bp = work;
+        char *typestr = bp;
+        unsigned char *valstr;
+        int nid;
+        int ismulti = nextismulti;
+        nextismulti = 0;
+
+        /* Collect the type */
+        while (*cp && *cp != '=')
+            *bp++ = *cp++;
+        if (*cp == '\0') {
+            BIO_printf(bio_err,
+                    "%s: Hit end of string before finding the equals.\n",
+                    opt_getprog());
+            goto err;
+        }
+        *bp++ = '\0';
+        ++cp;
+
+        /* Collect the value. */
+        valstr = (unsigned char *)bp;
+        for (; *cp && *cp != '/'; *bp++ = *cp++) {
+            if (canmulti && *cp == '+') {
+                nextismulti = 1;
+                break;
+            }
+            if (*cp == '\\' && *++cp == '\0') {
+                BIO_printf(bio_err,
+                        "%s: escape character at end of string\n",
+                        opt_getprog());
+                goto err;
+            }
+        }
+        *bp++ = '\0';
+
+        /* If not at EOS (must be + or /), move forward. */
+        if (*cp)
+            ++cp;
+
+        /* Parse */
+        nid = OBJ_txt2nid(typestr);
+        if (nid == NID_undef) {
+            BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
+                      opt_getprog(), typestr);
+            continue;
+        }
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        valstr, strlen((char *)valstr),
+                                        -1, ismulti ? -1 : 0))
+            goto err;
+    }
+
+    OPENSSL_free(work);
+    return n;
+
+ err:
+    X509_NAME_free(n);
+    OPENSSL_free(work);
+    return NULL;
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.
+ */
+
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+{
+    BIO *mem;
+    int len, ret;
+    unsigned char tbuf[1024];
+
+    mem = BIO_new(BIO_s_mem());
+    if (mem == NULL)
+        return -1;
+    for (;;) {
+        if ((maxlen != -1) && maxlen < 1024)
+            len = maxlen;
+        else
+            len = 1024;
+        len = BIO_read(in, tbuf, len);
+        if (len < 0) {
+            BIO_free(mem);
+            return -1;
+        }
+        if (len == 0)
+            break;
+        if (BIO_write(mem, tbuf, len) != len) {
+            BIO_free(mem);
+            return -1;
+        }
+        maxlen -= len;
+
+        if (maxlen == 0)
+            break;
+    }
+    ret = BIO_get_mem_data(mem, (char **)out);
+    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+    BIO_free(mem);
+    return ret;
+}
+
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+{
+    int rv;
+    char *stmp, *vtmp = NULL;
+    stmp = OPENSSL_strdup(value);
+    if (!stmp)
+        return -1;
+    vtmp = strchr(stmp, ':');
+    if (vtmp) {
+        *vtmp = 0;
+        vtmp++;
+    }
+    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+    OPENSSL_free(stmp);
+    return rv;
+}
+
+static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
+{
+    X509_POLICY_NODE *node;
+    int i;
+
+    BIO_printf(bio_err, "%s Policies:", name);
+    if (nodes) {
+        BIO_puts(bio_err, "\n");
+        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            X509_POLICY_NODE_print(bio_err, node, 2);
+        }
+    } else
+        BIO_puts(bio_err, " <empty>\n");
+}
+
+void policies_print(X509_STORE_CTX *ctx)
+{
+    X509_POLICY_TREE *tree;
+    int explicit_policy;
+    tree = X509_STORE_CTX_get0_policy_tree(ctx);
+    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+    BIO_printf(bio_err, "Require explicit Policy: %s\n",
+               explicit_policy ? "True" : "False");
+
+    nodes_print("Authority", X509_policy_tree_get0_policies(tree));
+    nodes_print("User", X509_policy_tree_get0_user_policies(tree));
+}
+
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
+ *   outlen: (output) set to the length of the resulting buffer on success.
+ *   err: (maybe NULL) on failure, an error message line is written to this BIO.
+ *   in: a NUL terminated string like "abc,def,ghi"
+ *
+ *   returns: a malloc'd buffer or NULL on failure.
+ */
+unsigned char *next_protos_parse(size_t *outlen, const char *in)
+{
+    size_t len;
+    unsigned char *out;
+    size_t i, start = 0;
+
+    len = strlen(in);
+    if (len >= 65535)
+        return NULL;
+
+    out = app_malloc(strlen(in) + 1, "NPN buffer");
+    for (i = 0; i <= len; ++i) {
+        if (i == len || in[i] == ',') {
+            if (i - start > 255) {
+                OPENSSL_free(out);
+                return NULL;
+            }
+            out[start] = i - start;
+            start = i + 1;
+        } else
+            out[i + 1] = in[i];
+    }
+
+    *outlen = len + 1;
+    return out;
+}
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip)
+{
+    if (x == NULL)
+        return;
+    if (checkhost) {
+        BIO_printf(bio, "Hostname %s does%s match certificate\n",
+                   checkhost,
+                   X509_check_host(x, checkhost, 0, 0, NULL) == 1
+                       ? "" : " NOT");
+    }
+
+    if (checkemail) {
+        BIO_printf(bio, "Email %s does%s match certificate\n",
+                   checkemail, X509_check_email(x, checkemail, 0, 0)
+                   ? "" : " NOT");
+    }
+
+    if (checkip) {
+        BIO_printf(bio, "IP %s does%s match certificate\n",
+                   checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
+    }
+}
+
+/* Get first http URL from a DIST_POINT structure */
+
+static const char *get_dp_url(DIST_POINT *dp)
+{
+    GENERAL_NAMES *gens;
+    GENERAL_NAME *gen;
+    int i, gtype;
+    ASN1_STRING *uri;
+    if (!dp->distpoint || dp->distpoint->type != 0)
+        return NULL;
+    gens = dp->distpoint->name.fullname;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        uri = GENERAL_NAME_get0_value(gen, &gtype);
+        if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
+            const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
+            if (strncmp(uptr, "http://", 7) == 0)
+                return uptr;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Look through a CRLDP structure and attempt to find an http URL to
+ * downloads a CRL from.
+ */
+
+static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
+{
+    int i;
+    const char *urlptr = NULL;
+    for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
+        urlptr = get_dp_url(dp);
+        if (urlptr)
+            return load_crl(urlptr, FORMAT_HTTP);
+    }
+    return NULL;
+}
+
+/*
+ * Example of downloading CRLs from CRLDP: not usable for real world as it
+ * always downloads, doesn't support non-blocking I/O and doesn't cache
+ * anything.
+ */
+
+static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    X509 *x;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_CRL *crl;
+    STACK_OF(DIST_POINT) *crldp;
+
+    crls = sk_X509_CRL_new_null();
+    if (!crls)
+        return NULL;
+    x = X509_STORE_CTX_get_current_cert(ctx);
+    crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (!crl) {
+        sk_X509_CRL_free(crls);
+        return NULL;
+    }
+    sk_X509_CRL_push(crls, crl);
+    /* Try to download delta CRL */
+    crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (crl)
+        sk_X509_CRL_push(crls, crl);
+    return crls;
+}
+
+void store_setup_crl_download(X509_STORE *st)
+{
+    X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
+}
+
+/*
+ * Platform-specific sections
+ */
+#if defined(_WIN32)
+# ifdef fileno
+#  undef fileno
+#  define fileno(a) (int)_fileno(a)
+# endif
+
+# include <windows.h>
+# include <tchar.h>
+
+static int WIN32_rename(const char *from, const char *to)
+{
+    TCHAR *tfrom = NULL, *tto;
+    DWORD err;
+    int ret = 0;
+
+    if (sizeof(TCHAR) == 1) {
+        tfrom = (TCHAR *)from;
+        tto = (TCHAR *)to;
+    } else {                    /* UNICODE path */
+
+        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
+        tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
+        if (tfrom == NULL)
+            goto err;
+        tto = tfrom + flen;
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+# endif
+            for (i = 0; i < flen; i++)
+                tfrom[i] = (TCHAR)from[i];
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+# endif
+            for (i = 0; i < tlen; i++)
+                tto[i] = (TCHAR)to[i];
+    }
+
+    if (MoveFile(tfrom, tto))
+        goto ok;
+    err = GetLastError();
+    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
+        if (DeleteFile(tto) && MoveFile(tfrom, tto))
+            goto ok;
+        err = GetLastError();
+    }
+    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
+        errno = ENOENT;
+    else if (err == ERROR_ACCESS_DENIED)
+        errno = EACCES;
+    else
+        errno = EINVAL;         /* we could map more codes... */
+ err:
+    ret = -1;
+ ok:
+    if (tfrom != NULL && tfrom != (TCHAR *)from)
+        free(tfrom);
+    return ret;
+}
+#endif
+
+/* app_tminterval section */
+#if defined(_WIN32)
+double app_tminterval(int stop, int usertime)
+{
+    FILETIME now;
+    double ret = 0;
+    static ULARGE_INTEGER tmstart;
+    static int warning = 1;
+# ifdef _WIN32_WINNT
+    static HANDLE proc = NULL;
+
+    if (proc == NULL) {
+        if (check_winnt())
+            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
+                               GetCurrentProcessId());
+        if (proc == NULL)
+            proc = (HANDLE) - 1;
+    }
+
+    if (usertime && proc != (HANDLE) - 1) {
+        FILETIME junk;
+        GetProcessTimes(proc, &junk, &junk, &junk, &now);
+    } else
+# endif
+    {
+        SYSTEMTIME systime;
+
+        if (usertime && warning) {
+            BIO_printf(bio_err, "To get meaningful results, run "
+                       "this program on idle system.\n");
+            warning = 0;
+        }
+        GetSystemTime(&systime);
+        SystemTimeToFileTime(&systime, &now);
+    }
+
+    if (stop == TM_START) {
+        tmstart.u.LowPart = now.dwLowDateTime;
+        tmstart.u.HighPart = now.dwHighDateTime;
+    } else {
+        ULARGE_INTEGER tmstop;
+
+        tmstop.u.LowPart = now.dwLowDateTime;
+        tmstop.u.HighPart = now.dwHighDateTime;
+
+        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
+    }
+
+    return (ret);
+}
+#elif defined(OPENSSL_SYSTEM_VXWORKS)
+# include <time.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+# ifdef CLOCK_REALTIME
+    static struct timespec tmstart;
+    struct timespec now;
+# else
+    static unsigned long tmstart;
+    unsigned long now;
+# endif
+    static int warning = 1;
+
+    if (usertime && warning) {
+        BIO_printf(bio_err, "To get meaningful results, run "
+                   "this program on idle system.\n");
+        warning = 0;
+    }
+# ifdef CLOCK_REALTIME
+    clock_gettime(CLOCK_REALTIME, &now);
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
+               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+# else
+    now = tickGet();
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)sysClkRateGet();
+# endif
+    return (ret);
+}
+
+#elif defined(OPENSSL_SYSTEM_VMS)
+# include <time.h>
+# include <times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    static clock_t tmstart;
+    double ret = 0;
+    clock_t now;
+# ifdef __TMS
+    struct tms rus;
+
+    now = times(&rus);
+    if (usertime)
+        now = rus.tms_utime;
+# else
+    if (usertime)
+        now = clock();          /* sum of user and kernel times */
+    else {
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
+                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
+            );
+    }
+# endif
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)(CLK_TCK);
+
+    return (ret);
+}
+
+#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
+# include <sys/times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct tms rus;
+    clock_t now = times(&rus);
+    static clock_t tmstart;
+
+    if (usertime)
+        now = rus.tms_utime;
+
+    if (stop == TM_START)
+        tmstart = now;
+    else {
+        long int tck = sysconf(_SC_CLK_TCK);
+        ret = (now - tmstart) / (double)tck;
+    }
+
+    return (ret);
+}
+
+#else
+# include <sys/time.h>
+# include <sys/resource.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct rusage rus;
+    struct timeval now;
+    static struct timeval tmstart;
+
+    if (usertime)
+        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
+    else
+        gettimeofday(&now, NULL);
+
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_usec * 1e-6)
+               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+
+    return ret;
+}
+#endif
+
+int app_access(const char* name, int flag)
+{
+#ifdef _WIN32
+    return _access(name, flag);
+#else
+    return access(name, flag);
+#endif
+}
+
+/* app_isdir section */
+#ifdef _WIN32
+int app_isdir(const char *name)
+{
+    DWORD attr;
+# if defined(UNICODE) || defined(_UNICODE)
+    size_t i, len_0 = strlen(name) + 1;
+    WCHAR tempname[MAX_PATH];
+
+    if (len_0 > MAX_PATH)
+        return -1;
+
+#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
+#  endif
+        for (i = 0; i < len_0; i++)
+            tempname[i] = (WCHAR)name[i];
+
+    attr = GetFileAttributes(tempname);
+# else
+    attr = GetFileAttributes(name);
+# endif
+    if (attr == INVALID_FILE_ATTRIBUTES)
+        return -1;
+    return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
+#else
+# include <sys/stat.h>
+# ifndef S_ISDIR
+#  if defined(_S_IFMT) && defined(_S_IFDIR)
+#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
+#  else
+#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
+#  endif
+# endif
+
+int app_isdir(const char *name)
+{
+# if defined(S_ISDIR)
+    struct stat st;
+
+    if (stat(name, &st) == 0)
+        return S_ISDIR(st.st_mode);
+    else
+        return -1;
+# else
+    return -1;
+# endif
+}
+#endif
+
+/* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+    TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+    if (stdin_sock == -1) {
+        TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+        atexit(close_stdin_sock);
+    }
+
+    return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+    return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+    return fileno(stdout);
+}
+
+#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
+int raw_read_stdin(void *buf, int siz)
+{
+    DWORD n;
+    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
+        return (n);
+    else
+        return (-1);
+}
+#elif defined(__VMS)
+#include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+    return recv(fileno_stdin(), buf, siz, 0);
+}
+#else
+int raw_read_stdin(void *buf, int siz)
+{
+    return read(fileno_stdin(), buf, siz);
+}
+#endif
+
+#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
+int raw_write_stdout(const void *buf, int siz)
+{
+    DWORD n;
+    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
+        return (n);
+    else
+        return (-1);
+}
+#else
+int raw_write_stdout(const void *buf, int siz)
+{
+    return write(fileno_stdout(), buf, siz);
+}
+#endif
+
+/*
+ * Centralized handling if input and output files with format specification
+ * The format is meant to show what the input and output is supposed to be,
+ * and is therefore a show of intent more than anything else.  However, it
+ * does impact behavior on some platform, such as differentiating between
+ * text and binary input/output on non-Unix platforms
+ */
+static int istext(int format)
+{
+    return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
+}
+
+BIO *dup_bio_in(int format)
+{
+    return BIO_new_fp(stdin,
+                      BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+}
+
+BIO *dup_bio_out(int format)
+{
+    BIO *b = BIO_new_fp(stdout,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+    return b;
+}
+
+BIO *dup_bio_err(int format)
+{
+    BIO *b = BIO_new_fp(stderr,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+    return b;
+}
+
+void unbuffer(FILE *fp)
+{
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * However, we trust that the C RTL will never give us a FILE pointer
+ * above the first 4 GB of memory, so we simply turn off the warning
+ * temporarily.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    setbuf(fp, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+}
+
+static const char *modestr(char mode, int format)
+{
+    OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');
+
+    switch (mode) {
+    case 'a':
+        return istext(format) ? "a" : "ab";
+    case 'r':
+        return istext(format) ? "r" : "rb";
+    case 'w':
+        return istext(format) ? "w" : "wb";
+    }
+    /* The assert above should make sure we never reach this point */
+    return NULL;
+}
+
+static const char *modeverb(char mode)
+{
+    switch (mode) {
+    case 'a':
+        return "appending";
+    case 'r':
+        return "reading";
+    case 'w':
+        return "writing";
+    }
+    return "(doing something)";
+}
+
+/*
+ * Open a file for writing, owner-read-only.
+ */
+BIO *bio_open_owner(const char *filename, int format, int private)
+{
+    FILE *fp = NULL;
+    BIO *b = NULL;
+    int fd = -1, bflags, mode, textmode;
+
+    if (!private || filename == NULL || strcmp(filename, "-") == 0)
+        return bio_open_default(filename, 'w', format);
+
+    mode = O_WRONLY;
+#ifdef O_CREAT
+    mode |= O_CREAT;
+#endif
+#ifdef O_TRUNC
+    mode |= O_TRUNC;
+#endif
+    textmode = istext(format);
+    if (!textmode) {
+#ifdef O_BINARY
+        mode |= O_BINARY;
+#elif defined(_O_BINARY)
+        mode |= _O_BINARY;
+#endif
+    }
+
+#ifdef OPENSSL_SYS_VMS
+    /* VMS doesn't have O_BINARY, it just doesn't make sense.  But,
+     * it still needs to know that we're going binary, or fdopen()
+     * will fail with "invalid argument"...  so we tell VMS what the
+     * context is.
+     */
+    if (!textmode)
+        fd = open(filename, mode, 0600, "ctx=bin");
+    else
+#endif
+        fd = open(filename, mode, 0600);
+    if (fd < 0)
+        goto err;
+    fp = fdopen(fd, modestr('w', format));
+    if (fp == NULL)
+        goto err;
+    bflags = BIO_CLOSE;
+    if (textmode)
+        bflags |= BIO_FP_TEXT;
+    b = BIO_new_fp(fp, bflags);
+    if (b)
+        return b;
+
+ err:
+    BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
+               opt_getprog(), filename, strerror(errno));
+    ERR_print_errors(bio_err);
+    /* If we have fp, then fdopen took over fd, so don't close both. */
+    if (fp)
+        fclose(fp);
+    else if (fd >= 0)
+        close(fd);
+    return NULL;
+}
+
+static BIO *bio_open_default_(const char *filename, char mode, int format,
+                              int quiet)
+{
+    BIO *ret;
+
+    if (filename == NULL || strcmp(filename, "-") == 0) {
+        ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s, %s\n",
+                   mode == 'r' ? "stdin" : "stdout", strerror(errno));
+    } else {
+        ret = BIO_new_file(filename, modestr(mode, format));
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s for %s, %s\n",
+                   filename, modeverb(mode), strerror(errno));
+    }
+    ERR_print_errors(bio_err);
+    return NULL;
+}
+
+BIO *bio_open_default(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 0);
+}
+
+BIO *bio_open_default_quiet(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 1);
+}
+
+void wait_for_async(SSL *s)
+{
+    /* On Windows select only works for sockets, so we simply don't wait  */
+#ifndef OPENSSL_SYS_WINDOWS
+    int width = 0;
+    fd_set asyncfds;
+    OSSL_ASYNC_FD *fds;
+    size_t numfds;
+    size_t i;
+
+    if (!SSL_get_all_async_fds(s, NULL, &numfds))
+        return;
+    if (numfds == 0)
+        return;
+    fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
+    if (!SSL_get_all_async_fds(s, fds, &numfds)) {
+        OPENSSL_free(fds);
+        return;
+    }
+
+    FD_ZERO(&asyncfds);
+    for (i = 0; i < numfds; i++) {
+        if (width <= (int)fds[i])
+            width = (int)fds[i] + 1;
+        openssl_fdset((int)fds[i], &asyncfds);
+    }
+    select(width, (void *)&asyncfds, NULL, NULL, NULL);
+    OPENSSL_free(fds);
+#endif
+}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+    HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+    DWORD events = 0;
+    INPUT_RECORD inputrec;
+    DWORD insize = 1;
+    BOOL peeked;
+
+    if (inhand == INVALID_HANDLE_VALUE) {
+        return 0;
+    }
+
+    peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+    if (!peeked) {
+        /* Probably redirected input? _kbhit() does not work in this case */
+        if (!feof(stdin)) {
+            return 1;
+        }
+        return 0;
+    }
+# endif
+    return _kbhit();
+}
+#endif
+
+/* Corrupt a signature by modifying final byte */
+void corrupt_signature(const ASN1_STRING *signature)
+{
+        unsigned char *s = signature->data;
+        s[signature->length - 1] ^= 0x1;
+}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days)
+{
+    if (startdate == NULL || strcmp(startdate, "today") == 0) {
+        if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+            return 0;
+    } else {
+        if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
+            return 0;
+    }
+    if (enddate == NULL) {
+        if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+            == NULL)
+            return 0;
+    } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
+        return 0;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/apps/apps.h b/openssl-1.1.0h/apps/apps.h
new file mode 100644
index 0000000..f91faf8
--- /dev/null
+++ b/openssl-1.1.0h/apps/apps.h
@@ -0,0 +1,573 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_APPS_H
+# define HEADER_APPS_H
+
+# include "e_os.h"
+# if defined(__unix) || defined(__unix__)
+#  include <sys/time.h> /* struct timeval for DTLS */
+# endif
+# include <assert.h>
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+# include <openssl/txt_db.h>
+# include <openssl/engine.h>
+# include <openssl/ocsp.h>
+# include <signal.h>
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+# else
+#  define openssl_fdset(a,b) FD_SET(a, b)
+# endif
+
+/*
+ * quick macro when you need to pass an unsigned char instead of a char.
+ * this is true for some implementations of the is*() functions, for
+ * example.
+ */
+#define _UC(c) ((unsigned char)(c))
+
+int app_RAND_load_file(const char *file, int dont_warn);
+int app_RAND_write_file(const char *file);
+/*
+ * When `file' is NULL, use defaults. `bio_e' is for error messages.
+ */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+                                       * separated by LIST_SEPARATOR_CHAR
+                                       * (see e_os.h).  The string is
+                                       * destroyed! */
+
+extern char *default_config_file;
+extern BIO *bio_in;
+extern BIO *bio_out;
+extern BIO *bio_err;
+BIO *dup_bio_in(int format);
+BIO *dup_bio_out(int format);
+BIO *dup_bio_err(int format);
+BIO *bio_open_owner(const char *filename, int format, int private);
+BIO *bio_open_default(const char *filename, char mode, int format);
+BIO *bio_open_default_quiet(const char *filename, char mode, int format);
+CONF *app_load_config(const char *filename);
+CONF *app_load_config_quiet(const char *filename);
+int app_load_modules(const CONF *config);
+void unbuffer(FILE *fp);
+void wait_for_async(SSL *s);
+# if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void);
+# endif
+
+void corrupt_signature(const ASN1_STRING *signature);
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days);
+
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+        OPT_V__FIRST=2000, \
+        OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+        OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+        OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+        OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+        OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+        OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+        OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+        OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+        OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+        OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
+        OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+        { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
+        { "purpose", OPT_V_PURPOSE, 's', \
+            "certificate chain purpose"}, \
+        { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
+        { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
+            "chain depth limit" }, \
+        { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
+            "chain authentication security level" }, \
+        { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
+        { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
+            "expected peer hostname" }, \
+        { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
+            "expected peer email" }, \
+        { "verify_ip", OPT_V_VERIFY_IP, 's', \
+            "expected peer IP address" }, \
+        { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
+            "permit unhandled critical extensions"}, \
+        { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
+        { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
+        { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
+        { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
+        { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
+            "set policy variable require-explicit-policy"}, \
+        { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
+            "set policy variable inhibit-any-policy"}, \
+        { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
+            "set policy variable inhibit-policy-mapping"}, \
+        { "x509_strict", OPT_V_X509_STRICT, '-', \
+            "disable certificate compatibility work-arounds"}, \
+        { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
+            "enable extended CRL features"}, \
+        { "use_deltas", OPT_V_USE_DELTAS, '-', \
+            "use delta CRLs"}, \
+        { "policy_print", OPT_V_POLICY_PRINT, '-', \
+            "print policy processing diagnostics"}, \
+        { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
+            "check root CA self-signatures"}, \
+        { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
+            "search trust store first (default)" }, \
+        { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
+        { "suiteB_128", OPT_V_SUITEB_128, '-', \
+            "Suite B 128-bit mode allowing 192-bit algorithms"}, \
+        { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
+        { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
+            "accept chains anchored by intermediate trust-store CAs"}, \
+        { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
+        { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
+        { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
+
+# define OPT_V_CASES \
+        OPT_V__FIRST: case OPT_V__LAST: break; \
+        case OPT_V_POLICY: \
+        case OPT_V_PURPOSE: \
+        case OPT_V_VERIFY_NAME: \
+        case OPT_V_VERIFY_DEPTH: \
+        case OPT_V_VERIFY_AUTH_LEVEL: \
+        case OPT_V_ATTIME: \
+        case OPT_V_VERIFY_HOSTNAME: \
+        case OPT_V_VERIFY_EMAIL: \
+        case OPT_V_VERIFY_IP: \
+        case OPT_V_IGNORE_CRITICAL: \
+        case OPT_V_ISSUER_CHECKS: \
+        case OPT_V_CRL_CHECK: \
+        case OPT_V_CRL_CHECK_ALL: \
+        case OPT_V_POLICY_CHECK: \
+        case OPT_V_EXPLICIT_POLICY: \
+        case OPT_V_INHIBIT_ANY: \
+        case OPT_V_INHIBIT_MAP: \
+        case OPT_V_X509_STRICT: \
+        case OPT_V_EXTENDED_CRL: \
+        case OPT_V_USE_DELTAS: \
+        case OPT_V_POLICY_PRINT: \
+        case OPT_V_CHECK_SS_SIG: \
+        case OPT_V_TRUSTED_FIRST: \
+        case OPT_V_SUITEB_128_ONLY: \
+        case OPT_V_SUITEB_128: \
+        case OPT_V_SUITEB_192: \
+        case OPT_V_PARTIAL_CHAIN: \
+        case OPT_V_NO_ALT_CHAINS: \
+        case OPT_V_NO_CHECK_TIME: \
+        case OPT_V_ALLOW_PROXY_CERTS
+
+/*
+ * Common "extended"? options.
+ */
+# define OPT_X_ENUM \
+        OPT_X__FIRST=1000, \
+        OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+        OPT_X_CERTFORM, OPT_X_KEYFORM, \
+        OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+        { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
+        { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
+        { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
+        { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
+            "build certificate chain for the extended certificates"}, \
+        { "xcertform", OPT_X_CERTFORM, 'F', \
+            "format of Extended certificate (PEM or DER) PEM default " }, \
+        { "xkeyform", OPT_X_KEYFORM, 'F', \
+            "format of Extended certificate's key (PEM or DER) PEM default"}
+
+# define OPT_X_CASES \
+        OPT_X__FIRST: case OPT_X__LAST: break; \
+        case OPT_X_KEY: \
+        case OPT_X_CERT: \
+        case OPT_X_CHAIN: \
+        case OPT_X_CHAIN_BUILD: \
+        case OPT_X_CERTFORM: \
+        case OPT_X_KEYFORM
+
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+        OPT_S__FIRST=3000, \
+        OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+        OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
+        OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
+        OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+        OPT_S_NO_RENEGOTIATION, OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
+        {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
+        {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
+        {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+        {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
+        {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
+        {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
+        {"no_ticket", OPT_S_NOTICKET, '-', \
+            "Disable use of TLS session tickets"}, \
+        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
+        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
+            "Enable use of legacy renegotiation (dangerous)"}, \
+        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
+            "Disable all renegotiation."}, \
+        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
+            "Allow initial connection to servers that don't support RI"}, \
+        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
+            "Disallow session resumption on renegotiation"}, \
+        {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
+            "Disallow initial connection to servers that don't support RI"}, \
+        {"strict", OPT_S_STRICT, '-', \
+            "Enforce strict certificate checks as per TLS standard"}, \
+        {"sigalgs", OPT_S_SIGALGS, 's', \
+            "Signature algorithms to support (colon-separated list)" }, \
+        {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
+            "Signature algorithms to support for client certificate" \
+            " authentication (colon-separated list)" }, \
+        {"curves", OPT_S_CURVES, 's', \
+            "Elliptic curves to advertise (colon-separated list)" }, \
+        {"named_curve", OPT_S_NAMEDCURVE, 's', \
+            "Elliptic curve used for ECDHE (server-side only)" }, \
+        {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
+        {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
+        {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
+        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
+            "Perform all sorts of protocol violations for testing purposes"}
+
+# define OPT_S_CASES \
+        OPT_S__FIRST: case OPT_S__LAST: break; \
+        case OPT_S_NOSSL3: \
+        case OPT_S_NOTLS1: \
+        case OPT_S_NOTLS1_1: \
+        case OPT_S_NOTLS1_2: \
+        case OPT_S_BUGS: \
+        case OPT_S_NO_COMP: \
+        case OPT_S_COMP: \
+        case OPT_S_NOTICKET: \
+        case OPT_S_SERVERPREF: \
+        case OPT_S_LEGACYRENEG: \
+        case OPT_S_LEGACYCONN: \
+        case OPT_S_ONRESUMP: \
+        case OPT_S_NOLEGACYCONN: \
+        case OPT_S_STRICT: \
+        case OPT_S_SIGALGS: \
+        case OPT_S_CLIENTSIGALGS: \
+        case OPT_S_CURVES: \
+        case OPT_S_NAMEDCURVE: \
+        case OPT_S_CIPHER: \
+        case OPT_S_MINPROTO: \
+        case OPT_S_MAXPROTO: \
+        case OPT_S_NO_RENEGOTIATION: \
+        case OPT_S_DEBUGBROKE
+
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+  || o == OPT_S_NOTLS1_2)
+
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+    const char *name;
+    int retval;
+    /*
+     * value type: - no value (also the value zero), n number, p positive
+     * number, u unsigned, l long, s string, < input file, > output file,
+     * f any format, F der/pem format , E der/pem/engine format identifier.
+     * l, n and u include zero; p does not.
+     */
+    int valtype;
+    const char *helpstr;
+} OPTIONS;
+
+/*
+ * A string/int pairing; widely use for option value lookup, hence the
+ * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
+ * the "generic" name STRINT_PAIR.
+ */
+typedef struct string_int_pair_st {
+    const char *name;
+    int retval;
+} OPT_PAIR, STRINT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER          (1L <<  1)
+# define OPT_FMT_PKCS12          (1L <<  2)
+# define OPT_FMT_SMIME           (1L <<  3)
+# define OPT_FMT_ENGINE          (1L <<  4)
+# define OPT_FMT_MSBLOB          (1L <<  5)
+# define OPT_FMT_NETSCAPE        (1L <<  6)
+# define OPT_FMT_NSS             (1L <<  7)
+# define OPT_FMT_TEXT            (1L <<  8)
+# define OPT_FMT_HTTP            (1L <<  9)
+# define OPT_FMT_PVK             (1L << 10)
+# define OPT_FMT_PDE     (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
+# define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
+# define OPT_FMT_ANY     ( \
+        OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
+        OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next(void);
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+int opt_imax(const char *arg, intmax_t *result);
+int opt_umax(const char *arg, uintmax_t *result);
+#else
+# define opt_imax opt_long
+# define opt_umax opt_ulong
+# define intmax_t long
+# define uintmax_t unsigned long
+#endif
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char *opt_reset(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+
+typedef struct args_st {
+    int size;
+    int argc;
+    char **argv;
+} ARGS;
+
+/*
+ * VMS C only for now, implemented in vms_decc_init.c
+ * If other C compilers forget to terminate argv with NULL, this function
+ * can be re-used.
+ */
+char **copy_argv(int *argc, char *argv[]);
+/*
+ * Win32-specific argv initialization that splits OS-supplied UNICODE
+ * command line string to array of UTF8-encoded strings.
+ */
+void win32_utf8argv(int *argc, char **argv[]);
+
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+    const void *password;
+    const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+
+int chopup_args(ARGS *arg, char *buf);
+# ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags);
+# endif
+void print_bignum_var(BIO *, const BIGNUM *, const char*,
+                      int, unsigned char *);
+void print_array(BIO *, const char *, int, const unsigned char *);
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
+int add_oid_section(CONF *conf);
+X509 *load_cert(const char *file, int format, const char *cert_descrip);
+X509_CRL *load_crl(const char *infile, int format);
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *cert_descrip);
+X509_STORE *setup_verify(const char *CAfile, const char *CApath,
+                         int noCAfile, int noCApath);
+__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                    const char *CApath, int noCAfile,
+                                    int noCApath);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Sets the file to load the Certificate Transparency log list from.
+ * If path is NULL, loads from the default file path.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug);
+void release_engine(ENGINE *e);
+
+# ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout);
+# endif
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+# define DB_type         0
+# define DB_exp_date     1
+# define DB_rev_date     2
+# define DB_serial       3      /* index - unique */
+# define DB_file         4
+# define DB_name         5      /* index - unique when active and not
+                                 * disabled */
+# define DB_NUMBER       6
+
+# define DB_TYPE_REV     'R'
+# define DB_TYPE_EXP     'E'
+# define DB_TYPE_VAL     'V'
+
+typedef struct db_attr_st {
+    int unique_subject;
+} DB_ATTR;
+typedef struct ca_db_st {
+    DB_ATTR attributes;
+    TXT_DB *db;
+} CA_DB;
+
+void* app_malloc(int sz, const char *what);
+BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+                ASN1_INTEGER **retai);
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix);
+void free_index(CA_DB *db);
+# define index_name_cmp_noconst(a, b) \
+        index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+        (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
+int parse_yesno(const char *str, int def);
+
+X509_NAME *parse_name(const char *str, long chtype, int multirdn);
+int args_verify(char ***pargs, int *pargc,
+                int *badarg, X509_VERIFY_PARAM **pm);
+void policies_print(X509_STORE_CTX *ctx);
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param);
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+# ifndef OPENSSL_NO_PSK
+extern char *psk_key;
+# endif
+
+unsigned char *next_protos_parse(size_t *outlen, const char *in);
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip);
+
+void store_setup_crl_download(X509_STORE *st);
+
+/* See OPT_FMT_xxx, above. */
+/* On some platforms, it's important to distinguish between text and binary
+ * files.  On some, there might even be specific file formats for different
+ * contents.  The FORMAT_xxx macros are meant to express an intent with the
+ * file being read or created.
+ */
+# define B_FORMAT_TEXT   0x8000
+# define FORMAT_UNDEF    0
+# define FORMAT_TEXT    (1 | B_FORMAT_TEXT)     /* Generic text */
+# define FORMAT_BINARY   2                      /* Generic binary */
+# define FORMAT_BASE64  (3 | B_FORMAT_TEXT)     /* Base64 */
+# define FORMAT_ASN1     4                      /* ASN.1/DER */
+# define FORMAT_PEM     (5 | B_FORMAT_TEXT)
+# define FORMAT_PKCS12   6
+# define FORMAT_SMIME   (7 | B_FORMAT_TEXT)
+# define FORMAT_ENGINE   8                      /* Not really a file format */
+# define FORMAT_PEMRSA  (9 | B_FORMAT_TEXT)     /* PEM RSAPubicKey format */
+# define FORMAT_ASN1RSA  10                     /* DER RSAPubicKey format */
+# define FORMAT_MSBLOB   11                     /* MS Key blob format */
+# define FORMAT_PVK      12                     /* MS PVK file format */
+# define FORMAT_HTTP     13                     /* Download using HTTP */
+# define FORMAT_NSS      14                     /* NSS keylog format */
+
+# define EXT_COPY_NONE   0
+# define EXT_COPY_ADD    1
+# define EXT_COPY_ALL    2
+
+# define NETSCAPE_CERT_HDR       "certificate"
+
+# define APP_PASS_LEN    1024
+
+# define SERIAL_RAND_BITS        64
+
+int app_isdir(const char *);
+int app_access(const char *, int flag);
+int fileno_stdin(void);
+int fileno_stdout(void);
+int raw_read_stdin(void *, int);
+int raw_write_stdout(const void *, int);
+
+# define TM_START        0
+# define TM_STOP         1
+double app_tminterval(int stop, int usertime);
+
+typedef struct verify_options_st {
+    int depth;
+    int quiet;
+    int error;
+    int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
+
+# include "progs.h"
+
+#endif
diff --git a/openssl-1.1.0h/apps/asn1pars.c b/openssl-1.1.0h/apps/asn1pars.c
new file mode 100644
index 0000000..1ac261c
--- /dev/null
+++ b/openssl-1.1.0h/apps/asn1pars.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
+ * -strparse option which parses nested binary structures
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
+    OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
+    OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
+} OPTION_CHOICE;
+
+OPTIONS asn1parse_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+    {"in", OPT_IN, '<', "input file"},
+    {"out", OPT_OUT, '>', "output file (output format is always DER)"},
+    {"i", OPT_INDENT, 0, "indents the output"},
+    {"noout", OPT_NOOUT, 0, "do not produce any output"},
+    {"offset", OPT_OFFSET, 'p', "offset into file"},
+    {"length", OPT_LENGTH, 'p', "length of section in file"},
+    {"oid", OPT_OID, '<', "file of extra oid definitions"},
+    {"dump", OPT_DUMP, 0, "unknown data in hex form"},
+    {"dlimit", OPT_DLIMIT, 'p',
+     "dump the first arg bytes of unknown data in hex form"},
+    {"strparse", OPT_STRPARSE, 's',
+     "offset; a series of these can be used to 'dig'"},
+    {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
+    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
+    {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
+    {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
+    {"strictpem", OPT_STRICTPEM, 0,
+     "do not attempt base64 decode outside PEM markers"},
+    {NULL}
+};
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
+
+int asn1parse_main(int argc, char **argv)
+{
+    ASN1_TYPE *at = NULL;
+    BIO *in = NULL, *b64 = NULL, *derout = NULL;
+    BUF_MEM *buf = NULL;
+    STACK_OF(OPENSSL_STRING) *osk = NULL;
+    char *genstr = NULL, *genconf = NULL;
+    char *infile = NULL, *oidfile = NULL, *derfile = NULL;
+    unsigned char *str = NULL;
+    char *name = NULL, *header = NULL, *prog;
+    const unsigned char *ctmpbuf;
+    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+    int offset = 0, ret = 1, i, j;
+    long num, tmplen;
+    unsigned char *tmpbuf;
+    unsigned int length = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, asn1parse_options);
+
+    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+        goto end;
+    }
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(asn1parse_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            derfile = opt_arg();
+            break;
+        case OPT_INDENT:
+            indent = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_OID:
+            oidfile = opt_arg();
+            break;
+        case OPT_OFFSET:
+            offset = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_LENGTH:
+            length = atoi(opt_arg());
+            break;
+        case OPT_DUMP:
+            dump = -1;
+            break;
+        case OPT_DLIMIT:
+            dump = atoi(opt_arg());
+            break;
+        case OPT_STRPARSE:
+            sk_OPENSSL_STRING_push(osk, opt_arg());
+            break;
+        case OPT_GENSTR:
+            genstr = opt_arg();
+            break;
+        case OPT_GENCONF:
+            genconf = opt_arg();
+            break;
+        case OPT_STRICTPEM:
+            strictpem = 1;
+            informat = FORMAT_PEM;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (oidfile != NULL) {
+        in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+        OBJ_create_objects(in);
+        BIO_free(in);
+    }
+
+    if ((in = bio_open_default(infile, 'r', informat)) == NULL)
+        goto end;
+
+    if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
+        goto end;
+
+    if (strictpem) {
+        if (PEM_read_bio(in, &name, &header, &str, &num) !=
+            1) {
+            BIO_printf(bio_err, "Error reading PEM file\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+
+        if ((buf = BUF_MEM_new()) == NULL)
+            goto end;
+        if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+            goto end;           /* Pre-allocate :-) */
+
+        if (genstr || genconf) {
+            num = do_generate(genstr, genconf, buf);
+            if (num < 0) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        else {
+
+            if (informat == FORMAT_PEM) {
+                BIO *tmp;
+
+                if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+                    goto end;
+                BIO_push(b64, in);
+                tmp = in;
+                in = b64;
+                b64 = tmp;
+            }
+
+            num = 0;
+            for (;;) {
+                if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
+                    goto end;
+                i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+                if (i <= 0)
+                    break;
+                num += i;
+            }
+        }
+        str = (unsigned char *)buf->data;
+
+    }
+
+    /* If any structs to parse go through in sequence */
+
+    if (sk_OPENSSL_STRING_num(osk)) {
+        tmpbuf = str;
+        tmplen = num;
+        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+            ASN1_TYPE *atmp;
+            int typ;
+            j = atoi(sk_OPENSSL_STRING_value(osk, i));
+            if (j == 0) {
+                BIO_printf(bio_err, "'%s' is an invalid number\n",
+                           sk_OPENSSL_STRING_value(osk, i));
+                continue;
+            }
+            tmpbuf += j;
+            tmplen -= j;
+            atmp = at;
+            ctmpbuf = tmpbuf;
+            at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
+            ASN1_TYPE_free(atmp);
+            if (!at) {
+                BIO_printf(bio_err, "Error parsing structure\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            typ = ASN1_TYPE_get(at);
+            if ((typ == V_ASN1_OBJECT)
+                || (typ == V_ASN1_BOOLEAN)
+                || (typ == V_ASN1_NULL)) {
+                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            /* hmm... this is a little evil but it works */
+            tmpbuf = at->value.asn1_string->data;
+            tmplen = at->value.asn1_string->length;
+        }
+        str = tmpbuf;
+        num = tmplen;
+    }
+
+    if (offset >= num) {
+        BIO_printf(bio_err, "Error: offset too large\n");
+        goto end;
+    }
+
+    num -= offset;
+
+    if ((length == 0) || ((long)length > num))
+        length = (unsigned int)num;
+    if (derout) {
+        if (BIO_write(derout, str + offset, length) != (int)length) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (!noout &&
+        !ASN1_parse_dump(bio_out, &(str[offset]), length,
+                         indent, dump)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    BIO_free(derout);
+    BIO_free(in);
+    BIO_free(b64);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BUF_MEM_free(buf);
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    if (strictpem)
+        OPENSSL_free(str);
+    ASN1_TYPE_free(at);
+    sk_OPENSSL_STRING_free(osk);
+    return (ret);
+}
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
+{
+    CONF *cnf = NULL;
+    int len;
+    unsigned char *p;
+    ASN1_TYPE *atyp = NULL;
+
+    if (genconf) {
+        if ((cnf = app_load_config(genconf)) == NULL)
+            goto err;
+        if (!genstr)
+            genstr = NCONF_get_string(cnf, "default", "asn1");
+        if (!genstr) {
+            BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
+            goto err;
+        }
+    }
+
+    atyp = ASN1_generate_nconf(genstr, cnf);
+    NCONF_free(cnf);
+    cnf = NULL;
+
+    if (!atyp)
+        return -1;
+
+    len = i2d_ASN1_TYPE(atyp, NULL);
+
+    if (len <= 0)
+        goto err;
+
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    p = (unsigned char *)buf->data;
+
+    i2d_ASN1_TYPE(atyp, &p);
+
+    ASN1_TYPE_free(atyp);
+    return len;
+
+ err:
+    NCONF_free(cnf);
+    ASN1_TYPE_free(atyp);
+    return -1;
+}
diff --git a/openssl-1.1.0h/apps/build.info b/openssl-1.1.0h/apps/build.info
new file mode 100644
index 0000000..e2ddd2b
--- /dev/null
+++ b/openssl-1.1.0h/apps/build.info
@@ -0,0 +1,28 @@
+{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
+   our @apps_openssl_src =
+       ( qw(openssl.c
+            asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
+            dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
+            genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
+            pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
+            s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
+            srp.c ts.c verify.c version.c x509.c rehash.c
+            apps.c opt.c s_cb.c s_socket.c
+            app_rand.c),
+          split(/\s+/, $target{apps_aux_src}) );
+   "" -}
+IF[{- !$disabled{apps} -}]
+  PROGRAMS=openssl
+  SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
+  INCLUDE[openssl]=.. ../include
+  DEPEND[openssl]=../libssl
+
+  {- join("\n  ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
+                  @apps_openssl_src) -}
+  GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
+  DEPEND[progs.h]=../configdata.pm
+
+  SCRIPTS=CA.pl {- $tsget_name -}
+  SOURCE[CA.pl]=CA.pl.in
+  SOURCE[{- $tsget_name -}]=tsget.in
+ENDIF
diff --git a/openssl-1.1.0h/apps/ca-cert.srl b/openssl-1.1.0h/apps/ca-cert.srl
new file mode 100644
index 0000000..2c7456e
--- /dev/null
+++ b/openssl-1.1.0h/apps/ca-cert.srl
@@ -0,0 +1 @@
+07
diff --git a/openssl-1.1.0h/apps/ca-key.pem b/openssl-1.1.0h/apps/ca-key.pem
new file mode 100644
index 0000000..4e74249
--- /dev/null
+++ b/openssl-1.1.0h/apps/ca-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
+XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
+im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
+9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
+QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
+wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
+dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
+Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
+Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
+TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
+PZoQ5B2XJ7bhTQ==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/ca-req.pem b/openssl-1.1.0h/apps/ca-req.pem
new file mode 100644
index 0000000..84c6dbb
--- /dev/null
+++ b/openssl-1.1.0h/apps/ca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
+IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
+DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
+vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
+2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
+pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
+PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/ca.c b/openssl-1.1.0h/apps/ca.c
new file mode 100644
index 0000000..d474a2b
--- /dev/null
+++ b/openssl-1.1.0h/apps/ca.c
@@ -0,0 +1,2593 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef OPENSSL_SYS_VMS
+#  if defined(__DECC)
+#   include <unistd.h>
+#  else
+#   include <unixlib.h>
+#  endif
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
+#  include <sys/file.h>
+# endif
+#endif
+
+#include "apps.h"
+
+#ifndef W_OK
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#undef BSIZE
+#define BSIZE 256
+
+#define BASE_SECTION            "ca"
+
+#define ENV_DEFAULT_CA          "default_ca"
+
+#define STRING_MASK             "string_mask"
+#define UTF8_IN                 "utf8"
+
+#define ENV_NEW_CERTS_DIR       "new_certs_dir"
+#define ENV_CERTIFICATE         "certificate"
+#define ENV_SERIAL              "serial"
+#define ENV_CRLNUMBER           "crlnumber"
+#define ENV_PRIVATE_KEY         "private_key"
+#define ENV_DEFAULT_DAYS        "default_days"
+#define ENV_DEFAULT_STARTDATE   "default_startdate"
+#define ENV_DEFAULT_ENDDATE     "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS    "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS   "default_crl_hours"
+#define ENV_DEFAULT_MD          "default_md"
+#define ENV_DEFAULT_EMAIL_DN    "email_in_dn"
+#define ENV_PRESERVE            "preserve"
+#define ENV_POLICY              "policy"
+#define ENV_EXTENSIONS          "x509_extensions"
+#define ENV_CRLEXT              "crl_extensions"
+#define ENV_MSIE_HACK           "msie_hack"
+#define ENV_NAMEOPT             "name_opt"
+#define ENV_CERTOPT             "cert_opt"
+#define ENV_EXTCOPY             "copy_extensions"
+#define ENV_UNIQUE_SUBJECT      "unique_subject"
+
+#define ENV_DATABASE            "database"
+
+/* Additional revocation information types */
+
+#define REV_NONE                0 /* No additional information */
+#define REV_CRL_REASON          1 /* Value is CRL reason code */
+#define REV_HOLD                2 /* Value is hold instruction */
+#define REV_KEY_COMPROMISE      3 /* Value is cert key compromise time */
+#define REV_CA_COMPROMISE       4 /* Value is CA key compromise time */
+
+static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *conf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *conf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy);
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect, CONF *conf,
+                         int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *conf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
+static int check_time_format(const char *str);
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, const char *str);
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str);
+
+static CONF *extconf = NULL;
+static int preserve = 0;
+static int msie_hack = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
+    OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
+    OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
+    OPT_KEY, OPT_CERT, OPT_SELFSIGN, OPT_IN, OPT_OUT, OPT_OUTDIR,
+    OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
+    OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
+    OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
+    OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+    OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE,
+    OPT_CRL_CA_COMPROMISE
+} OPTION_CHOICE;
+
+OPTIONS ca_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
+    {"config", OPT_CONFIG, 's', "A config file"},
+    {"name", OPT_NAME, 's', "The particular CA definition to use"},
+    {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"create_serial", OPT_CREATE_SERIAL, '-',
+     "If reading serial fails, create a new random serial"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+    {"enddate", OPT_ENDDATE, 's',
+     "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+    {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+    {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+    {"keyfile", OPT_KEYFILE, 's', "Private key"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
+    {"cert", OPT_CERT, '<', "The CA cert"},
+    {"selfsign", OPT_SELFSIGN, '-',
+     "Sign a cert with the key associated with it"},
+    {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
+    {"out", OPT_OUT, '>', "Where to put the output file(s)"},
+    {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
+    {"batch", OPT_BATCH, '-', "Don't ask questions"},
+    {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
+    {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+    {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
+    {"msie_hack", OPT_MSIE_HACK, '-',
+     "msie modifications to handle all those universal strings"},
+    {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
+    {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
+    {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
+    {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
+    {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
+    {"spkac", OPT_SPKAC, '<',
+     "File contains DN and signed public key and challenge"},
+    {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
+    {"valid", OPT_VALID, 's',
+     "Add a Valid(not-revoked) DB entry about a cert (given in file)"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Extension section (override value in config file)"},
+    {"extfile", OPT_EXTFILE, '<',
+     "Configuration file with X509v3 extensions to add"},
+    {"status", OPT_STATUS, 's', "Shows cert status given the serial number"},
+    {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
+    {"crlexts", OPT_CRLEXTS, 's',
+     "CRL extension section (override value in config file)"},
+    {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"},
+    {"crl_hold", OPT_CRL_HOLD, 's',
+     "the hold instruction, an OID. Sets revocation reason to certificateHold"},
+    {"crl_compromise", OPT_CRL_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to keyCompromise"},
+    {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to CACompromise"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int ca_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    BIGNUM *crlnumber = NULL, *serial = NULL;
+    EVP_PKEY *pkey = NULL;
+    BIO *in = NULL, *out = NULL, *Sout = NULL;
+    ASN1_INTEGER *tmpser;
+    ASN1_TIME *tmptm;
+    CA_DB *db = NULL;
+    DB_ATTR db_attr;
+    STACK_OF(CONF_VALUE) *attribs = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    STACK_OF(X509) *cert_sk = NULL;
+    X509_CRL *crl = NULL;
+    const EVP_MD *dgst = NULL;
+    char *configfile = default_config_file, *section = NULL;
+    char *md = NULL, *policy = NULL, *keyfile = NULL;
+    char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL;
+    const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+    const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
+    char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
+    const char *serialfile = NULL, *subj = NULL;
+    char *prog, *startdate = NULL, *enddate = NULL;
+    char *dbfile = NULL, *f, *randfile = NULL;
+    char buf[3][BSIZE];
+    char *const *pp;
+    const char *p;
+    int create_ser = 0, free_key = 0, total = 0, total_done = 0;
+    int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
+    int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
+    int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
+    int i, j, rev_type = REV_NONE, selfsign = 0;
+    long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
+    unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
+    X509 *x509 = NULL, *x509p = NULL, *x = NULL;
+    X509_REVOKED *r = NULL;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, ca_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ca_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            req = 1;
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            /* preserve=1; */
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_CREATE_SERIAL:
+            create_ser = 1;
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_STARTDATE:
+            startdate = opt_arg();
+            break;
+        case OPT_ENDDATE:
+            enddate = opt_arg();
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_MD:
+            md = opt_arg();
+            break;
+        case OPT_POLICY:
+            policy = opt_arg();
+            break;
+        case OPT_KEYFILE:
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_KEY:
+            key = opt_arg();
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_SELFSIGN:
+            selfsign = 1;
+            break;
+        case OPT_OUTDIR:
+            outdir = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (sigopts == NULL)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (sigopts == NULL
+                || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto end;
+            break;
+        case OPT_NOTEXT:
+            notext = 1;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_PRESERVEDN:
+            preserve = 1;
+            break;
+        case OPT_NOEMAILDN:
+            email_dn = 0;
+            break;
+        case OPT_GENCRL:
+            gencrl = 1;
+            break;
+        case OPT_MSIE_HACK:
+            msie_hack = 1;
+            break;
+        case OPT_CRLDAYS:
+            crldays = atol(opt_arg());
+            break;
+        case OPT_CRLHOURS:
+            crlhours = atol(opt_arg());
+            break;
+        case OPT_CRLSEC:
+            crlsec = atol(opt_arg());
+            break;
+        case OPT_INFILES:
+            req = 1;
+            goto end_of_options;
+        case OPT_SS_CERT:
+            ss_cert_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_SPKAC:
+            spkac_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_REVOKE:
+            infile = opt_arg();
+            dorevoke = 1;
+            break;
+        case OPT_VALID:
+            infile = opt_arg();
+            dorevoke = 2;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_STATUS:
+            ser_status = opt_arg();
+            break;
+        case OPT_UPDATEDB:
+            doupdatedb = 1;
+            break;
+        case OPT_CRLEXTS:
+            crl_ext = opt_arg();
+            break;
+        case OPT_CRL_REASON:
+            rev_arg = opt_arg();
+            rev_type = REV_CRL_REASON;
+            break;
+        case OPT_CRL_HOLD:
+            rev_arg = opt_arg();
+            rev_type = REV_HOLD;
+            break;
+        case OPT_CRL_COMPROMISE:
+            rev_arg = opt_arg();
+            rev_type = REV_KEY_COMPROMISE;
+            break;
+        case OPT_CRL_CA_COMPROMISE:
+            rev_arg = opt_arg();
+            rev_type = REV_CA_COMPROMISE;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+end_of_options:
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+
+    if ((conf = app_load_config(configfile)) == NULL)
+        goto end;
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Lets get the config section we are using */
+    if (section == NULL
+        && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
+        goto end;
+
+    p = NCONF_get_string(conf, NULL, "oid_file");
+    if (p == NULL)
+        ERR_clear_error();
+    if (p != NULL) {
+        BIO *oid_bio = BIO_new_file(p, "r");
+
+        if (oid_bio == NULL) {
+            ERR_clear_error();
+        } else {
+            OBJ_create_objects(oid_bio);
+            BIO_free(oid_bio);
+        }
+    }
+    if (!add_oid_section(conf)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+    if (randfile == NULL)
+        ERR_clear_error();
+    app_RAND_load_file(randfile, 0);
+
+    f = NCONF_get_string(conf, section, STRING_MASK);
+    if (!f)
+        ERR_clear_error();
+
+    if (f && !ASN1_STRING_set_default_mask_asc(f)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        f = NCONF_get_string(conf, section, UTF8_IN);
+        if (!f)
+            ERR_clear_error();
+        else if (strcmp(f, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    db_attr.unique_subject = 1;
+    p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+    if (p) {
+        db_attr.unique_subject = parse_yesno(p, 1);
+    } else
+        ERR_clear_error();
+
+    /*****************************************************************/
+    /* report status of cert with serial number given on command line */
+    if (ser_status) {
+        dbfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (dbfile == NULL)
+            goto end;
+
+        db = load_index(dbfile, &db_attr);
+        if (db == NULL)
+            goto end;
+
+        if (!index_index(db))
+            goto end;
+
+        if (get_certificate_status(ser_status, db) != 1)
+            BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
+        goto end;
+    }
+
+    /*****************************************************************/
+    /* we definitely need a private key, so let's get it */
+
+    if (keyfile == NULL
+        && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
+        goto end;
+
+    if (!key) {
+        free_key = 1;
+        if (!app_passwd(passinarg, NULL, &key, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+    }
+    pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
+    if (key)
+        OPENSSL_cleanse(key, strlen(key));
+    if (pkey == NULL) {
+        /* load_key() has already printed an appropriate message */
+        goto end;
+    }
+
+    /*****************************************************************/
+    /* we need a certificate */
+    if (!selfsign || spkac_file || ss_cert_file || gencrl) {
+        if (certfile == NULL
+            && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
+            goto end;
+
+        x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
+        if (x509 == NULL)
+            goto end;
+
+        if (!X509_check_private_key(x509, pkey)) {
+            BIO_printf(bio_err,
+                       "CA certificate and CA private key do not match\n");
+            goto end;
+        }
+    }
+    if (!selfsign)
+        x509p = x509;
+
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        preserve = 1;
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        msie_hack = 1;
+
+    f = NCONF_get_string(conf, section, ENV_NAMEOPT);
+
+    if (f) {
+        if (!set_name_ex(&nameopt, f)) {
+            BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    } else {
+        nameopt = XN_FLAG_ONELINE;
+        ERR_clear_error();
+    }
+
+    f = NCONF_get_string(conf, section, ENV_CERTOPT);
+
+    if (f) {
+        if (!set_cert_ex(&certopt, f)) {
+            BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    } else
+        ERR_clear_error();
+
+    f = NCONF_get_string(conf, section, ENV_EXTCOPY);
+
+    if (f) {
+        if (!set_ext_copy(&ext_copy, f)) {
+            BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+            goto end;
+        }
+    } else
+        ERR_clear_error();
+
+    /*****************************************************************/
+    /* lookup where to write new certificates */
+    if ((outdir == NULL) && (req)) {
+
+        outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
+        if (outdir == NULL) {
+            BIO_printf(bio_err,
+                       "there needs to be defined a directory for new certificate to be placed in\n");
+            goto end;
+        }
+#ifndef OPENSSL_SYS_VMS
+        /*
+         * outdir is a directory spec, but access() for VMS demands a
+         * filename.  We could use the DEC C routine to convert the
+         * directory syntax to Unixly, and give that to app_isdir,
+         * but for now the fopen will catch the error if it's not a
+         * directory
+         */
+        if (app_isdir(outdir) <= 0) {
+            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);
+            perror(outdir);
+            goto end;
+        }
+#endif
+    }
+
+    /*****************************************************************/
+    /* we need to load the database file */
+    dbfile = lookup_conf(conf, section, ENV_DATABASE);
+    if (dbfile == NULL)
+        goto end;
+
+    db = load_index(dbfile, &db_attr);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+        if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
+            BIO_printf(bio_err,
+                       "entry %d: not revoked yet, but has a revocation date\n",
+                       i + 1);
+            goto end;
+        }
+        if ((pp[DB_type][0] == DB_TYPE_REV) &&
+            !make_revoked(NULL, pp[DB_rev_date])) {
+            BIO_printf(bio_err, " in entry %d\n", i + 1);
+            goto end;
+        }
+        if (!check_time_format((char *)pp[DB_exp_date])) {
+            BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
+            goto end;
+        }
+        p = pp[DB_serial];
+        j = strlen(p);
+        if (*p == '-') {
+            p++;
+            j--;
+        }
+        if ((j & 1) || (j < 2)) {
+            BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
+                       i + 1, j);
+            goto end;
+        }
+        for ( ; *p; p++) {
+            if (!isxdigit(_UC(*p))) {
+                BIO_printf(bio_err,
+                           "entry %d: bad char 0%o '%c' in serial number\n",
+                           i + 1, *p, *p);
+                goto end;
+            }
+        }
+    }
+    if (verbose) {
+        TXT_DB_write(bio_out, db->db);
+        BIO_printf(bio_err, "%d entries loaded from the database\n",
+                   sk_OPENSSL_PSTRING_num(db->db->data));
+        BIO_printf(bio_err, "generating index\n");
+    }
+
+    if (!index_index(db))
+        goto end;
+
+    /*****************************************************************/
+    /* Update the db file for expired certificates */
+    if (doupdatedb) {
+        if (verbose)
+            BIO_printf(bio_err, "Updating %s ...\n", dbfile);
+
+        i = do_updatedb(db);
+        if (i == -1) {
+            BIO_printf(bio_err, "Malloc failure\n");
+            goto end;
+        } else if (i == 0) {
+            if (verbose)
+                BIO_printf(bio_err, "No entries found to mark expired\n");
+        } else {
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Done. %d entries marked as expired\n", i);
+        }
+    }
+
+    /*****************************************************************/
+    /* Read extensions config file                                   */
+    if (extfile) {
+        if ((extconf = app_load_config(extfile)) == NULL) {
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
+                       extfile);
+
+        /* We can have sections in the ext file */
+        if (extensions == NULL) {
+            extensions = NCONF_get_string(extconf, "default", "extensions");
+            if (extensions == NULL)
+                extensions = "default";
+        }
+    }
+
+    /*****************************************************************/
+    if (req || gencrl) {
+        /* FIXME: Is it really always text? */
+        Sout = bio_open_default(outfile, 'w', FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+    }
+
+    if (md == NULL
+        && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
+        goto end;
+
+    if (strcmp(md, "default") == 0) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
+            BIO_puts(bio_err, "no default digest\n");
+            goto end;
+        }
+        md = (char *)OBJ_nid2sn(def_nid);
+    }
+
+    if (!opt_md(md, &dgst)) {
+        goto end;
+    }
+
+    if (req) {
+        if (email_dn == 1) {
+            char *tmp_email_dn = NULL;
+
+            tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
+            if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
+                email_dn = 0;
+        }
+        if (verbose)
+            BIO_printf(bio_err, "message digest is %s\n",
+                       OBJ_nid2ln(EVP_MD_type(dgst)));
+        if (policy == NULL
+            && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "policy is %s\n", policy);
+
+        serialfile = lookup_conf(conf, section, ENV_SERIAL);
+        if (serialfile == NULL)
+            goto end;
+
+        if (!extconf) {
+            /*
+             * no '-extfile' option, so we look for extensions in the main
+             * configuration file
+             */
+            if (!extensions) {
+                extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
+                if (!extensions)
+                    ERR_clear_error();
+            }
+            if (extensions) {
+                /* Check syntax of file */
+                X509V3_CTX ctx;
+                X509V3_set_ctx_test(&ctx);
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
+                    BIO_printf(bio_err,
+                               "Error Loading extension section %s\n",
+                               extensions);
+                    ret = 1;
+                    goto end;
+                }
+            }
+        }
+
+        if (startdate == NULL) {
+            startdate = NCONF_get_string(conf, section,
+                                         ENV_DEFAULT_STARTDATE);
+            if (startdate == NULL)
+                ERR_clear_error();
+        }
+        if (startdate && !ASN1_TIME_set_string(NULL, startdate)) {
+            BIO_printf(bio_err,
+                       "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+        if (startdate == NULL)
+            startdate = "today";
+
+        if (enddate == NULL) {
+            enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE);
+            if (enddate == NULL)
+                ERR_clear_error();
+        }
+        if (enddate && !ASN1_TIME_set_string(NULL, enddate)) {
+            BIO_printf(bio_err,
+                       "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+
+        if (days == 0) {
+            if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+                days = 0;
+        }
+        if (!enddate && (days == 0)) {
+            BIO_printf(bio_err,
+                       "cannot lookup how many days to certify for\n");
+            goto end;
+        }
+
+        if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
+            BIO_printf(bio_err, "error while loading serial number\n");
+            goto end;
+        }
+        if (verbose) {
+            if (BN_is_zero(serial))
+                BIO_printf(bio_err, "next serial number is 00\n");
+            else {
+                if ((f = BN_bn2hex(serial)) == NULL)
+                    goto end;
+                BIO_printf(bio_err, "next serial number is %s\n", f);
+                OPENSSL_free(f);
+            }
+        }
+
+        if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
+            BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
+            goto end;
+        }
+
+        if ((cert_sk = sk_X509_new_null()) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        if (spkac_file != NULL) {
+            total++;
+            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
+                              attribs, db, serial, subj, chtype, multirdn,
+                              email_dn, startdate, enddate, days, extensions,
+                              conf, verbose, certopt, nameopt, default_op,
+                              ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+                if (outfile) {
+                    output_der = 1;
+                    batch = 1;
+                }
+            }
+        }
+        if (ss_cert_file != NULL) {
+            total++;
+            j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
+                             attribs,
+                             db, serial, subj, chtype, multirdn, email_dn,
+                             startdate, enddate, days, batch, extensions,
+                             conf, verbose, certopt, nameopt, default_op,
+                             ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        if (infile != NULL) {
+            total++;
+            j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, nameopt, default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        for (i = 0; i < argc; i++) {
+            total++;
+            j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, nameopt, default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        /*
+         * we have a stack of newly certified certificates and a data base
+         * and serial number that need updating
+         */
+
+        if (sk_X509_num(cert_sk) > 0) {
+            if (!batch) {
+                BIO_printf(bio_err,
+                           "\n%d out of %d certificate requests certified, commit? [y/n]",
+                           total_done, total);
+                (void)BIO_flush(bio_err);
+                buf[0][0] = '\0';
+                if (!fgets(buf[0], 10, stdin)) {
+                    BIO_printf(bio_err,
+                               "CERTIFICATION CANCELED: I/O error\n");
+                    ret = 0;
+                    goto end;
+                }
+                if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
+                    BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
+                    ret = 0;
+                    goto end;
+                }
+            }
+
+            BIO_printf(bio_err, "Write out database with %d new entries\n",
+                       sk_X509_num(cert_sk));
+
+            if (!save_serial(serialfile, "new", serial, NULL))
+                goto end;
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "writing new certificates\n");
+        for (i = 0; i < sk_X509_num(cert_sk); i++) {
+            BIO *Cout = NULL;
+            X509 *xi = sk_X509_value(cert_sk, i);
+            ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
+            int k;
+            char *n;
+
+            j = ASN1_STRING_length(serialNumber);
+            p = (const char *)ASN1_STRING_get0_data(serialNumber);
+
+            if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+                BIO_printf(bio_err, "certificate file name too long\n");
+                goto end;
+            }
+
+            strcpy(buf[2], outdir);
+
+#ifndef OPENSSL_SYS_VMS
+            OPENSSL_strlcat(buf[2], "/", sizeof(buf[2]));
+#endif
+
+            n = (char *)&(buf[2][strlen(buf[2])]);
+            if (j > 0) {
+                for (k = 0; k < j; k++) {
+                    if (n >= &(buf[2][sizeof(buf[2])]))
+                        break;
+                    BIO_snprintf(n,
+                                 &buf[2][0] + sizeof(buf[2]) - n,
+                                 "%02X", (unsigned char)*(p++));
+                    n += 2;
+                }
+            } else {
+                *(n++) = '0';
+                *(n++) = '0';
+            }
+            *(n++) = '.';
+            *(n++) = 'p';
+            *(n++) = 'e';
+            *(n++) = 'm';
+            *n = '\0';
+            if (verbose)
+                BIO_printf(bio_err, "writing %s\n", buf[2]);
+
+            Cout = BIO_new_file(buf[2], "w");
+            if (Cout == NULL) {
+                perror(buf[2]);
+                goto end;
+            }
+            write_new_certificate(Cout, xi, 0, notext);
+            write_new_certificate(Sout, xi, output_der, notext);
+            BIO_free_all(Cout);
+        }
+
+        if (sk_X509_num(cert_sk)) {
+            /* Rename the database and the serial file */
+            if (!rotate_serial(serialfile, "new", "old"))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+
+    /*****************************************************************/
+    if (gencrl) {
+        int crl_v2 = 0;
+        if (!crl_ext) {
+            crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
+            if (!crl_ext)
+                ERR_clear_error();
+        }
+        if (crl_ext) {
+            /* Check syntax of file */
+            X509V3_CTX ctx;
+            X509V3_set_ctx_test(&ctx);
+            X509V3_set_nconf(&ctx, conf);
+            if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
+                BIO_printf(bio_err,
+                           "Error Loading CRL extension section %s\n",
+                           crl_ext);
+                ret = 1;
+                goto end;
+            }
+        }
+
+        if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+            != NULL)
+            if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
+                BIO_printf(bio_err, "error while loading CRL number\n");
+                goto end;
+            }
+
+        if (!crldays && !crlhours && !crlsec) {
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_DAYS, &crldays))
+                crldays = 0;
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_HOURS, &crlhours))
+                crlhours = 0;
+            ERR_clear_error();
+        }
+        if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
+            BIO_printf(bio_err,
+                       "cannot lookup how long until the next CRL is issued\n");
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "making CRL\n");
+        if ((crl = X509_CRL_new()) == NULL)
+            goto end;
+        if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
+            goto end;
+
+        tmptm = ASN1_TIME_new();
+        if (tmptm == NULL
+                || X509_gmtime_adj(tmptm, 0) == NULL
+                || !X509_CRL_set1_lastUpdate(crl, tmptm)
+                || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+                                    NULL) == NULL) {
+            BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+            ASN1_TIME_free(tmptm);
+            goto end;
+        }
+        X509_CRL_set1_nextUpdate(crl, tmptm);
+
+        ASN1_TIME_free(tmptm);
+
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_type][0] == DB_TYPE_REV) {
+                if ((r = X509_REVOKED_new()) == NULL)
+                    goto end;
+                j = make_revoked(r, pp[DB_rev_date]);
+                if (!j)
+                    goto end;
+                if (j == 2)
+                    crl_v2 = 1;
+                if (!BN_hex2bn(&serial, pp[DB_serial]))
+                    goto end;
+                tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+                BN_free(serial);
+                serial = NULL;
+                if (!tmpser)
+                    goto end;
+                X509_REVOKED_set_serialNumber(r, tmpser);
+                ASN1_INTEGER_free(tmpser);
+                X509_CRL_add0_revoked(crl, r);
+            }
+        }
+
+        /*
+         * sort the data so it will be written in serial number order
+         */
+        X509_CRL_sort(crl);
+
+        /* we now have a CRL */
+        if (verbose)
+            BIO_printf(bio_err, "signing CRL\n");
+
+        /* Add any extensions asked for */
+
+        if (crl_ext || crlnumberfile != NULL) {
+            X509V3_CTX crlctx;
+            X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+            X509V3_set_nconf(&crlctx, conf);
+
+            if (crl_ext)
+                if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
+                    goto end;
+            if (crlnumberfile != NULL) {
+                tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+                if (!tmpser)
+                    goto end;
+                X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
+                ASN1_INTEGER_free(tmpser);
+                crl_v2 = 1;
+                if (!BN_add_word(crlnumber, 1))
+                    goto end;
+            }
+        }
+        if (crl_ext || crl_v2) {
+            if (!X509_CRL_set_version(crl, 1))
+                goto end;       /* version 2 CRL */
+        }
+
+        /* we have a CRL number that need updating */
+        if (crlnumberfile != NULL)
+            if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
+                goto end;
+
+        BN_free(crlnumber);
+        crlnumber = NULL;
+
+        if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
+            goto end;
+
+        PEM_write_bio_X509_CRL(Sout, crl);
+
+        if (crlnumberfile != NULL) /* Rename the crlnumber file */
+            if (!rotate_serial(crlnumberfile, "new", "old"))
+                goto end;
+
+    }
+    /*****************************************************************/
+    if (dorevoke) {
+        if (infile == NULL) {
+            BIO_printf(bio_err, "no input files\n");
+            goto end;
+        } else {
+            X509 *revcert;
+            revcert = load_cert(infile, FORMAT_PEM, infile);
+            if (revcert == NULL)
+                goto end;
+            if (dorevoke == 2)
+                rev_type = -1;
+            j = do_revoke(revcert, db, rev_type, rev_arg);
+            if (j <= 0)
+                goto end;
+            X509_free(revcert);
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+    /*****************************************************************/
+    ret = 0;
+ end:
+    BIO_free_all(Sout);
+    BIO_free_all(out);
+    BIO_free_all(in);
+    sk_X509_pop_free(cert_sk, X509_free);
+
+    if (ret)
+        ERR_print_errors(bio_err);
+    app_RAND_write_file(randfile);
+    if (free_key)
+        OPENSSL_free(key);
+    BN_free(serial);
+    BN_free(crlnumber);
+    free_index(db);
+    sk_OPENSSL_STRING_free(sigopts);
+    EVP_PKEY_free(pkey);
+    X509_free(x509);
+    X509_CRL_free(crl);
+    NCONF_free(conf);
+    NCONF_free(extconf);
+    release_engine(e);
+    return (ret);
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *lconf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_REQ *req = NULL;
+    BIO *in = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    in = BIO_new_file(infile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "Error reading certificate request in %s\n",
+                   infile);
+        goto end;
+    }
+    if (verbose)
+        X509_REQ_print(bio_err, req);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
+        BIO_printf(bio_err,
+                   "Certificate request and CA private key do not match\n");
+        ok = 0;
+        goto end;
+    }
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_REQ_verify(req, pktmp);
+    pktmp = NULL;
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err,
+                   "Signature did not match the certificate request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    } else
+        BIO_printf(bio_err, "Signature ok\n");
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, selfsign);
+
+ end:
+    X509_REQ_free(req);
+    BIO_free(in);
+    return (ok);
+}
+
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *lconf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy)
+{
+    X509 *req = NULL;
+    X509_REQ *rreq = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
+        goto end;
+    if (verbose)
+        X509_print(bio_err, req);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if ((pktmp = X509_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_verify(req, pktmp);
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature did not match the certificate\n");
+        goto end;
+    } else
+        BIO_printf(bio_err, "Signature ok\n");
+
+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
+        goto end;
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+
+ end:
+    X509_REQ_free(rreq);
+    X509_free(req);
+    return (ok);
+}
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *lconf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
+    const ASN1_TIME *tm;
+    ASN1_STRING *str, *str2;
+    ASN1_OBJECT *obj;
+    X509 *ret = NULL;
+    X509_NAME_ENTRY *ne;
+    X509_NAME_ENTRY *tne, *push;
+    EVP_PKEY *pktmp;
+    int ok = -1, i, j, last, nid;
+    const char *p;
+    CONF_VALUE *cv;
+    OPENSSL_STRING row[DB_NUMBER];
+    OPENSSL_STRING *irow = NULL;
+    OPENSSL_STRING *rrow = NULL;
+    char buf[25];
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    if (subj) {
+        X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+        if (!n) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        X509_REQ_set_subject_name(req, n);
+        X509_NAME_free(n);
+    }
+
+    if (default_op)
+        BIO_printf(bio_err,
+                   "The Subject's Distinguished Name is as follows\n");
+
+    name = X509_REQ_get_subject_name(req);
+    for (i = 0; i < X509_NAME_entry_count(name); i++) {
+        ne = X509_NAME_get_entry(name, i);
+        str = X509_NAME_ENTRY_get_data(ne);
+        obj = X509_NAME_ENTRY_get_object(ne);
+
+        if (msie_hack) {
+            /* assume all type should be strings */
+            nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
+
+            if (str->type == V_ASN1_UNIVERSALSTRING)
+                ASN1_UNIVERSALSTRING_to_string(str);
+
+            if ((str->type == V_ASN1_IA5STRING) &&
+                (nid != NID_pkcs9_emailAddress))
+                str->type = V_ASN1_T61STRING;
+
+            if ((nid == NID_pkcs9_emailAddress) &&
+                (str->type == V_ASN1_PRINTABLESTRING))
+                str->type = V_ASN1_IA5STRING;
+        }
+
+        /* If no EMAIL is wanted in the subject */
+        if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+            continue;
+
+        /* check some things */
+        if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+            (str->type != V_ASN1_IA5STRING)) {
+            BIO_printf(bio_err,
+                       "\nemailAddress type needs to be of type IA5STRING\n");
+            goto end;
+        }
+        if ((str->type != V_ASN1_BMPSTRING)
+            && (str->type != V_ASN1_UTF8STRING)) {
+            j = ASN1_PRINTABLE_type(str->data, str->length);
+            if (((j == V_ASN1_T61STRING) &&
+                 (str->type != V_ASN1_T61STRING)) ||
+                ((j == V_ASN1_IA5STRING) &&
+                 (str->type == V_ASN1_PRINTABLESTRING))) {
+                BIO_printf(bio_err,
+                           "\nThe string contains characters that are illegal for the ASN.1 type\n");
+                goto end;
+            }
+        }
+
+        if (default_op)
+            old_entry_print(obj, str);
+    }
+
+    /* Ok, now we check the 'policy' stuff. */
+    if ((subject = X509_NAME_new()) == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    /* take a copy of the issuer name before we mess with it. */
+    if (selfsign)
+        CAname = X509_NAME_dup(name);
+    else
+        CAname = X509_NAME_dup(X509_get_subject_name(x509));
+    if (CAname == NULL)
+        goto end;
+    str = str2 = NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
+        cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
+        if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
+            BIO_printf(bio_err,
+                       "%s:unknown object type in 'policy' configuration\n",
+                       cv->name);
+            goto end;
+        }
+        obj = OBJ_nid2obj(j);
+
+        last = -1;
+        for (;;) {
+            /* lookup the object in the supplied name list */
+            j = X509_NAME_get_index_by_OBJ(name, obj, last);
+            if (j < 0) {
+                if (last != -1)
+                    break;
+                tne = NULL;
+            } else {
+                tne = X509_NAME_get_entry(name, j);
+            }
+            last = j;
+
+            /* depending on the 'policy', decide what to do. */
+            push = NULL;
+            if (strcmp(cv->value, "optional") == 0) {
+                if (tne != NULL)
+                    push = tne;
+            } else if (strcmp(cv->value, "supplied") == 0) {
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The %s field needed to be supplied and was missing\n",
+                               cv->name);
+                    goto end;
+                } else
+                    push = tne;
+            } else if (strcmp(cv->value, "match") == 0) {
+                int last2;
+
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The mandatory %s field was missing\n",
+                               cv->name);
+                    goto end;
+                }
+
+                last2 = -1;
+
+ again2:
+                j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
+                if ((j < 0) && (last2 == -1)) {
+                    BIO_printf(bio_err,
+                               "The %s field does not exist in the CA certificate,\n"
+                               "the 'policy' is misconfigured\n",
+                               cv->name);
+                    goto end;
+                }
+                if (j >= 0) {
+                    push = X509_NAME_get_entry(CAname, j);
+                    str = X509_NAME_ENTRY_get_data(tne);
+                    str2 = X509_NAME_ENTRY_get_data(push);
+                    last2 = j;
+                    if (ASN1_STRING_cmp(str, str2) != 0)
+                        goto again2;
+                }
+                if (j < 0) {
+                    BIO_printf(bio_err,
+                               "The %s field is different between\n"
+                               "CA certificate (%s) and the request (%s)\n",
+                               cv->name,
+                               ((str2 == NULL) ? "NULL" : (char *)str2->data),
+                               ((str == NULL) ? "NULL" : (char *)str->data));
+                    goto end;
+                }
+            } else {
+                BIO_printf(bio_err,
+                           "%s:invalid type in 'policy' configuration\n",
+                           cv->value);
+                goto end;
+            }
+
+            if (push != NULL) {
+                if (!X509_NAME_add_entry(subject, push, -1, 0)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+            if (j < 0)
+                break;
+        }
+    }
+
+    if (preserve) {
+        X509_NAME_free(subject);
+        /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+        subject = X509_NAME_dup(name);
+        if (subject == NULL)
+            goto end;
+    }
+
+    /* We are now totally happy, lets make and sign the certificate */
+    if (verbose)
+        BIO_printf(bio_err,
+                   "Everything appears to be ok, creating and signing the certificate\n");
+
+    if ((ret = X509_new()) == NULL)
+        goto end;
+
+#ifdef X509_V3
+    /* Make it an X509 v3 certificate. */
+    if (!X509_set_version(ret, 2))
+        goto end;
+#endif
+
+    if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
+        goto end;
+    if (selfsign) {
+        if (!X509_set_issuer_name(ret, subject))
+            goto end;
+    } else {
+        if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
+            goto end;
+    }
+
+    if (!set_cert_times(ret, startdate, enddate, days))
+        goto end;
+
+    if (enddate != NULL) {
+        int tdays;
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
+        days = tdays;
+    }
+
+    if (!X509_set_subject_name(ret, subject))
+        goto end;
+
+    pktmp = X509_REQ_get0_pubkey(req);
+    i = X509_set_pubkey(ret, pktmp);
+    if (!i)
+        goto end;
+
+    /* Lets add the extensions, if there are any */
+    if (ext_sect) {
+        X509V3_CTX ctx;
+
+        /* Initialize the context structure */
+        if (selfsign)
+            X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
+        else
+            X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+
+        if (extconf) {
+            if (verbose)
+                BIO_printf(bio_err, "Extra configuration file found\n");
+
+            /* Use the extconf configuration db LHASH */
+            X509V3_set_nconf(&ctx, extconf);
+
+            /* Test the structure (needed?) */
+            /* X509V3_set_ctx_test(&ctx); */
+
+            /* Adds exts contained in the configuration file */
+            if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from file.\n");
+        } else if (ext_sect) {
+            /* We found extensions to be set from config file */
+            X509V3_set_nconf(&ctx, lconf);
+
+            if (!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from config\n");
+        }
+    }
+
+    /* Copy extensions from request (if any) */
+
+    if (!copy_extensions(ret, req, ext_copy)) {
+        BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    {
+        const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
+
+        if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+            /* Make it an X509 v3 certificate. */
+            if (!X509_set_version(ret, 2))
+                goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err,
+                   "The subject name appears to be ok, checking data base for clashes\n");
+
+    /* Build the correct Subject if no e-mail is wanted in the subject. */
+    if (!email_dn) {
+        X509_NAME_ENTRY *tmpne;
+        X509_NAME *dn_subject;
+
+        /*
+         * Its best to dup the subject DN and then delete any email addresses
+         * because this retains its structure.
+         */
+        if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        while ((i = X509_NAME_get_index_by_NID(dn_subject,
+                                               NID_pkcs9_emailAddress,
+                                               -1)) >= 0) {
+            tmpne = X509_NAME_get_entry(dn_subject, i);
+            X509_NAME_delete_entry(dn_subject, i);
+            X509_NAME_ENTRY_free(tmpne);
+        }
+
+        if (!X509_set_subject_name(ret, dn_subject)) {
+            X509_NAME_free(dn_subject);
+            goto end;
+        }
+        X509_NAME_free(dn_subject);
+    }
+
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+    if (row[DB_name] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (BN_is_zero(serial))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(serial);
+    if (row[DB_serial] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (row[DB_name][0] == '\0') {
+        /*
+         * An empty subject! We'll use the serial number instead. If
+         * unique_subject is in use then we don't want different entries with
+         * empty subjects matching each other.
+         */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+        if (row[DB_name] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+    }
+
+    if (db->attributes.unique_subject) {
+        OPENSSL_STRING *crow = row;
+
+        rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:There is already a certificate for %s\n",
+                       row[DB_name]);
+        }
+    }
+    if (rrow == NULL) {
+        rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:Serial number %s has already been issued,\n",
+                       row[DB_serial]);
+            BIO_printf(bio_err,
+                       "      check the database/serial_file for corruption\n");
+        }
+    }
+
+    if (rrow != NULL) {
+        BIO_printf(bio_err, "The matching entry has the following details\n");
+        if (rrow[DB_type][0] == DB_TYPE_EXP)
+            p = "Expired";
+        else if (rrow[DB_type][0] == DB_TYPE_REV)
+            p = "Revoked";
+        else if (rrow[DB_type][0] == DB_TYPE_VAL)
+            p = "Valid";
+        else
+            p = "\ninvalid type, Data base error\n";
+        BIO_printf(bio_err, "Type          :%s\n", p);;
+        if (rrow[DB_type][0] == DB_TYPE_REV) {
+            p = rrow[DB_exp_date];
+            if (p == NULL)
+                p = "undef";
+            BIO_printf(bio_err, "Was revoked on:%s\n", p);
+        }
+        p = rrow[DB_exp_date];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Expires on    :%s\n", p);
+        p = rrow[DB_serial];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Serial Number :%s\n", p);
+        p = rrow[DB_file];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "File name     :%s\n", p);
+        p = rrow[DB_name];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Subject Name  :%s\n", p);
+        ok = -1;                /* This is now a 'bad' error. */
+        goto end;
+    }
+
+    if (!default_op) {
+        BIO_printf(bio_err, "Certificate Details:\n");
+        /*
+         * Never print signature details because signature not present
+         */
+        certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+        X509_print_ex(bio_err, ret, nameopt, certopt);
+    }
+
+    BIO_printf(bio_err, "Certificate is to be certified until ");
+    ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
+    if (days)
+        BIO_printf(bio_err, " (%ld days)", days);
+    BIO_printf(bio_err, "\n");
+
+    if (!batch) {
+
+        BIO_printf(bio_err, "Sign the certificate? [y/n]:");
+        (void)BIO_flush(bio_err);
+        buf[0] = '\0';
+        if (!fgets(buf, sizeof(buf) - 1, stdin)) {
+            BIO_printf(bio_err,
+                       "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+            ok = 0;
+            goto end;
+        }
+        if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
+            BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
+            ok = 0;
+            goto end;
+        }
+    }
+
+    pktmp = X509_get0_pubkey(ret);
+    if (EVP_PKEY_missing_parameters(pktmp) &&
+        !EVP_PKEY_missing_parameters(pkey))
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+
+    if (!do_X509_sign(ret, pkey, dgst, sigopts))
+        goto end;
+
+    /* We now just add it to the database */
+    row[DB_type] = OPENSSL_strdup("V");
+    tm = X509_get0_notAfter(ret);
+    row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
+    memcpy(row[DB_exp_date], tm->data, tm->length);
+    row[DB_exp_date][tm->length] = '\0';
+    row[DB_rev_date] = NULL;
+    row[DB_file] = OPENSSL_strdup("unknown");
+    if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+        (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update database\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        goto end;
+    }
+    irow = NULL;
+    ok = 1;
+ end:
+    if (ok != 1) {
+        for (i = 0; i < DB_NUMBER; i++)
+            OPENSSL_free(row[i]);
+    }
+    OPENSSL_free(irow);
+
+    X509_NAME_free(CAname);
+    X509_NAME_free(subject);
+    if (ok <= 0)
+        X509_free(ret);
+    else
+        *xret = ret;
+    return (ok);
+}
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der,
+                                  int notext)
+{
+
+    if (output_der) {
+        (void)i2d_X509_bio(bp, x);
+        return;
+    }
+    if (!notext)
+        X509_print(bp, x);
+    PEM_write_bio_X509(bp, x);
+}
+
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect,
+                         CONF *lconf, int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    LHASH_OF(CONF_VALUE) *parms = NULL;
+    X509_REQ *req = NULL;
+    CONF_VALUE *cv = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *type, *buf;
+    EVP_PKEY *pktmp = NULL;
+    X509_NAME *n = NULL;
+    X509_NAME_ENTRY *ne = NULL;
+    int ok = -1, i, j;
+    long errline;
+    int nid;
+
+    /*
+     * Load input file into a hash table.  (This is just an easy
+     * way to read and parse the file, then put it into a convenient
+     * STACK format).
+     */
+    parms = CONF_load(NULL, infile, &errline);
+    if (parms == NULL) {
+        BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    sk = CONF_get_section(parms, "default");
+    if (sk_CONF_VALUE_num(sk) == 0) {
+        BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+        goto end;
+    }
+
+    /*
+     * Now create a dummy X509 request structure.  We don't actually
+     * have an X509 request, but we have many of the components
+     * (a public key, various DN components).  The idea is that we
+     * put these components into the right X509 request structure
+     * and we can use the same code as if you had a real X509 request.
+     */
+    req = X509_REQ_new();
+    if (req == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /*
+     * Build up the subject name set.
+     */
+    n = X509_REQ_get_subject_name(req);
+
+    for (i = 0;; i++) {
+        if (sk_CONF_VALUE_num(sk) <= i)
+            break;
+
+        cv = sk_CONF_VALUE_value(sk, i);
+        type = cv->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (buf = cv->name; *buf; buf++)
+            if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+                buf++;
+                if (*buf)
+                    type = buf;
+                break;
+            }
+
+        buf = cv->value;
+        if ((nid = OBJ_txt2nid(type)) == NID_undef) {
+            if (strcmp(type, "SPKAC") == 0) {
+                spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
+                if (spki == NULL) {
+                    BIO_printf(bio_err,
+                               "unable to load Netscape SPKAC structure\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+            continue;
+        }
+
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        (unsigned char *)buf, -1, -1, 0))
+            goto end;
+    }
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
+                   infile);
+        goto end;
+    }
+
+    /*
+     * Now extract the key from the SPKI structure.
+     */
+
+    BIO_printf(bio_err,
+               "Check that the SPKAC request matches the signature\n");
+
+    if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
+        BIO_printf(bio_err, "error unpacking SPKAC public key\n");
+        goto end;
+    }
+
+    j = NETSCAPE_SPKI_verify(spki, pktmp);
+    if (j <= 0) {
+        EVP_PKEY_free(pktmp);
+        BIO_printf(bio_err,
+                   "signature verification failed on SPKAC public key\n");
+        goto end;
+    }
+    BIO_printf(bio_err, "Signature ok\n");
+
+    X509_REQ_set_pubkey(req, pktmp);
+    EVP_PKEY_free(pktmp);
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, 1,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+ end:
+    X509_REQ_free(req);
+    CONF_free(parms);
+    NETSCAPE_SPKI_free(spki);
+    X509_NAME_ENTRY_free(ne);
+
+    return (ok);
+}
+
+static int check_time_format(const char *str)
+{
+    return ASN1_TIME_set_string(NULL, str);
+}
+
+static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+{
+    const ASN1_TIME *tm = NULL;
+    char *row[DB_NUMBER], **rrow, **irow;
+    char *rev_str = NULL;
+    BIGNUM *bn = NULL;
+    int ok = -1, i;
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
+    bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
+    if (!bn)
+        goto end;
+    if (BN_is_zero(bn))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(bn);
+    BN_free(bn);
+    if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+        /* Entries with empty Subjects actually use the serial number instead */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+    }
+    if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+    /*
+     * We have to lookup by serial number because name lookup skips revoked
+     * certs
+     */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err,
+                   "Adding Entry with serial number %s to DB for %s\n",
+                   row[DB_serial], row[DB_name]);
+
+        /* We now just add it to the database */
+        row[DB_type] = OPENSSL_strdup("V");
+        tm = X509_get0_notAfter(x509);
+        row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
+        memcpy(row[DB_exp_date], tm->data, tm->length);
+        row[DB_exp_date][tm->length] = '\0';
+        row[DB_rev_date] = NULL;
+        row[DB_file] = OPENSSL_strdup("unknown");
+
+        if (row[DB_type] == NULL || row[DB_file] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+
+        irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
+        for (i = 0; i < DB_NUMBER; i++)
+            irow[i] = row[i];
+        irow[DB_NUMBER] = NULL;
+
+        if (!TXT_DB_insert(db->db, irow)) {
+            BIO_printf(bio_err, "failed to update database\n");
+            BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+            OPENSSL_free(irow);
+            goto end;
+        }
+
+        for (i = 0; i < DB_NUMBER; i++)
+            row[i] = NULL;
+
+        /* Revoke Certificate */
+        if (type == -1)
+            ok = 1;
+        else
+            ok = do_revoke(x509, db, type, value);
+
+        goto end;
+
+    } else if (index_name_cmp_noconst(row, rrow)) {
+        BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
+        goto end;
+    } else if (type == -1) {
+        BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else if (rrow[DB_type][0] == 'R') {
+        BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
+        rev_str = make_revocation_str(type, value);
+        if (!rev_str) {
+            BIO_printf(bio_err, "Error in revocation arguments\n");
+            goto end;
+        }
+        rrow[DB_type][0] = 'R';
+        rrow[DB_type][1] = '\0';
+        rrow[DB_rev_date] = rev_str;
+    }
+    ok = 1;
+ end:
+    for (i = 0; i < DB_NUMBER; i++)
+        OPENSSL_free(row[i]);
+    return (ok);
+}
+
+static int get_certificate_status(const char *serial, CA_DB *db)
+{
+    char *row[DB_NUMBER], **rrow;
+    int ok = -1, i;
+    size_t serial_len = strlen(serial);
+
+    /* Free Resources */
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    /* Malloc needed char spaces */
+    row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
+
+    if (serial_len % 2) {
+        /*
+         * Set the first char to 0
+         */ ;
+        row[DB_serial][0] = '0';
+
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial] + 1, serial, serial_len);
+        row[DB_serial][serial_len + 1] = '\0';
+    } else {
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial], serial, serial_len);
+        row[DB_serial][serial_len] = '\0';
+    }
+
+    /* Make it Upper Case */
+    for (i = 0; row[DB_serial][i] != '\0'; i++)
+        row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
+
+    ok = 1;
+
+    /* Search for the certificate */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
+        ok = -1;
+        goto end;
+    } else if (rrow[DB_type][0] == 'V') {
+        BIO_printf(bio_err, "%s=Valid (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == 'R') {
+        BIO_printf(bio_err, "%s=Revoked (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == 'E') {
+        BIO_printf(bio_err, "%s=Expired (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == 'S') {
+        BIO_printf(bio_err, "%s=Suspended (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "%s=Unknown (%c).\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        ok = -1;
+    }
+ end:
+    for (i = 0; i < DB_NUMBER; i++) {
+        OPENSSL_free(row[i]);
+    }
+    return (ok);
+}
+
+static int do_updatedb(CA_DB *db)
+{
+    ASN1_UTCTIME *a_tm = NULL;
+    int i, cnt = 0;
+    int db_y2k, a_y2k;          /* flags = 1 if y >= 2000 */
+    char **rrow, *a_tm_s;
+
+    a_tm = ASN1_UTCTIME_new();
+    if (a_tm == NULL)
+        return -1;
+
+    /* get actual time and make a string */
+    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+        ASN1_UTCTIME_free(a_tm);
+        return -1;
+    }
+    a_tm_s = app_malloc(a_tm->length + 1, "time string");
+
+    memcpy(a_tm_s, a_tm->data, a_tm->length);
+    a_tm_s[a_tm->length] = '\0';
+
+    if (strncmp(a_tm_s, "49", 2) <= 0)
+        a_y2k = 1;
+    else
+        a_y2k = 0;
+
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (rrow[DB_type][0] == 'V') {
+            /* ignore entries that are not valid */
+            if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+                db_y2k = 1;
+            else
+                db_y2k = 0;
+
+            if (db_y2k == a_y2k) {
+                /* all on the same y2k side */
+                if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
+                    rrow[DB_type][0] = 'E';
+                    rrow[DB_type][1] = '\0';
+                    cnt++;
+
+                    BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+                }
+            } else if (db_y2k < a_y2k) {
+                rrow[DB_type][0] = 'E';
+                rrow[DB_type][1] = '\0';
+                cnt++;
+
+                BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+            }
+
+        }
+    }
+
+    ASN1_UTCTIME_free(a_tm);
+    OPENSSL_free(a_tm_s);
+    return (cnt);
+}
+
+static const char *crl_reasons[] = {
+    /* CRL reason strings */
+    "unspecified",
+    "keyCompromise",
+    "CACompromise",
+    "affiliationChanged",
+    "superseded",
+    "cessationOfOperation",
+    "certificateHold",
+    "removeFromCRL",
+    /* Additional pseudo reasons */
+    "holdInstruction",
+    "keyTime",
+    "CAkeyTime"
+};
+
+#define NUM_REASONS OSSL_NELEM(crl_reasons)
+
+/*
+ * Given revocation information convert to a DB string. The format of the
+ * string is: revtime[,reason,extra]. Where 'revtime' is the revocation time
+ * (the current time). 'reason' is the optional CRL reason and 'extra' is any
+ * additional argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+{
+    char *str;
+    const char *other = NULL;
+    const char *reason = NULL;
+    ASN1_OBJECT *otmp;
+    ASN1_UTCTIME *revtm = NULL;
+    int i;
+    switch (rev_type) {
+    case REV_NONE:
+        break;
+
+    case REV_CRL_REASON:
+        for (i = 0; i < 8; i++) {
+            if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
+                reason = crl_reasons[i];
+                break;
+            }
+        }
+        if (reason == NULL) {
+            BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+            return NULL;
+        }
+        break;
+
+    case REV_HOLD:
+        /* Argument is an OID */
+
+        otmp = OBJ_txt2obj(rev_arg, 0);
+        ASN1_OBJECT_free(otmp);
+
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+            return NULL;
+        }
+
+        reason = "holdInstruction";
+        other = rev_arg;
+        break;
+
+    case REV_KEY_COMPROMISE:
+    case REV_CA_COMPROMISE:
+
+        /* Argument is the key compromise time  */
+        if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
+            BIO_printf(bio_err,
+                       "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
+                       rev_arg);
+            return NULL;
+        }
+        other = rev_arg;
+        if (rev_type == REV_KEY_COMPROMISE)
+            reason = "keyTime";
+        else
+            reason = "CAkeyTime";
+
+        break;
+
+    }
+
+    revtm = X509_gmtime_adj(NULL, 0);
+
+    if (!revtm)
+        return NULL;
+
+    i = revtm->length + 1;
+
+    if (reason)
+        i += strlen(reason) + 1;
+    if (other)
+        i += strlen(other) + 1;
+
+    str = app_malloc(i, "revocation reason");
+    OPENSSL_strlcpy(str, (char *)revtm->data, i);
+    if (reason) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, reason, i);
+    }
+    if (other) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, other, i);
+    }
+    ASN1_UTCTIME_free(revtm);
+    return str;
+}
+
+/*-
+ * Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+int make_revoked(X509_REVOKED *rev, const char *str)
+{
+    char *tmp = NULL;
+    int reason_code = -1;
+    int i, ret = 0;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+    ASN1_ENUMERATED *rtmp = NULL;
+
+    ASN1_TIME *revDate = NULL;
+
+    i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+    if (i == 0)
+        goto end;
+
+    if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+        goto end;
+
+    if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
+        rtmp = ASN1_ENUMERATED_new();
+        if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
+            goto end;
+        if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+            goto end;
+    }
+
+    if (rev && comp_time) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_invalidity_date, comp_time, 0, 0))
+            goto end;
+    }
+    if (rev && hold) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_hold_instruction_code, hold, 0, 0))
+            goto end;
+    }
+
+    if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+        ret = 2;
+    else
+        ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_OBJECT_free(hold);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+    ASN1_ENUMERATED_free(rtmp);
+    ASN1_TIME_free(revDate);
+
+    return ret;
+}
+
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
+{
+    char buf[25], *pbuf;
+    const char *p;
+    int j;
+
+    j = i2a_ASN1_OBJECT(bio_err, obj);
+    pbuf = buf;
+    for (j = 22 - j; j > 0; j--)
+        *(pbuf++) = ' ';
+    *(pbuf++) = ':';
+    *(pbuf++) = '\0';
+    BIO_puts(bio_err, buf);
+
+    if (str->type == V_ASN1_PRINTABLESTRING)
+        BIO_printf(bio_err, "PRINTABLE:'");
+    else if (str->type == V_ASN1_T61STRING)
+        BIO_printf(bio_err, "T61STRING:'");
+    else if (str->type == V_ASN1_IA5STRING)
+        BIO_printf(bio_err, "IA5STRING:'");
+    else if (str->type == V_ASN1_UNIVERSALSTRING)
+        BIO_printf(bio_err, "UNIVERSALSTRING:'");
+    else
+        BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
+
+    p = (const char *)str->data;
+    for (j = str->length; j > 0; j--) {
+        if ((*p >= ' ') && (*p <= '~'))
+            BIO_printf(bio_err, "%c", *p);
+        else if (*p & 0x80)
+            BIO_printf(bio_err, "\\0x%02X", *p);
+        else if ((unsigned char)*p == 0xf7)
+            BIO_printf(bio_err, "^?");
+        else
+            BIO_printf(bio_err, "^%c", *p + '@');
+        p++;
+    }
+    BIO_printf(bio_err, "'\n");
+    return 1;
+}
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+{
+    char *tmp;
+    char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+    int reason_code = -1;
+    int ret = 0;
+    unsigned int i;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+
+    tmp = OPENSSL_strdup(str);
+    if (!tmp) {
+        BIO_printf(bio_err, "memory allocation failure\n");
+        goto end;
+    }
+
+    p = strchr(tmp, ',');
+
+    rtime_str = tmp;
+
+    if (p) {
+        *p = '\0';
+        p++;
+        reason_str = p;
+        p = strchr(p, ',');
+        if (p) {
+            *p = '\0';
+            arg_str = p + 1;
+        }
+    }
+
+    if (prevtm) {
+        *prevtm = ASN1_UTCTIME_new();
+        if (*prevtm == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto end;
+        }
+        if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
+            BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+            goto end;
+        }
+    }
+    if (reason_str) {
+        for (i = 0; i < NUM_REASONS; i++) {
+            if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
+                reason_code = i;
+                break;
+            }
+        }
+        if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
+            BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+            goto end;
+        }
+
+        if (reason_code == 7)
+            reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+        else if (reason_code == 8) { /* Hold instruction */
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing hold instruction\n");
+                goto end;
+            }
+            reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+            hold = OBJ_txt2obj(arg_str, 0);
+
+            if (!hold) {
+                BIO_printf(bio_err, "invalid object identifier %s\n",
+                           arg_str);
+                goto end;
+            }
+            if (phold)
+                *phold = hold;
+            else
+                ASN1_OBJECT_free(hold);
+        } else if ((reason_code == 9) || (reason_code == 10)) {
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing compromised time\n");
+                goto end;
+            }
+            comp_time = ASN1_GENERALIZEDTIME_new();
+            if (comp_time == NULL) {
+                BIO_printf(bio_err, "memory allocation failure\n");
+                goto end;
+            }
+            if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
+                BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+                goto end;
+            }
+            if (reason_code == 9)
+                reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+            else
+                reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+        }
+    }
+
+    if (preason)
+        *preason = reason_code;
+    if (pinvtm) {
+        *pinvtm = comp_time;
+        comp_time = NULL;
+    }
+
+    ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/apps/cert.pem b/openssl-1.1.0h/apps/cert.pem
new file mode 100644
index 0000000..de4a77a
--- /dev/null
+++ b/openssl-1.1.0h/apps/cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
+Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
+DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
+tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
+sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
+19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/apps/ciphers.c b/openssl-1.1.0h/apps/ciphers.c
new file mode 100644
index 0000000..e1b5b25
--- /dev/null
+++ b/openssl-1.1.0h/apps/ciphers.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_STDNAME,
+    OPT_SSL3,
+    OPT_TLS1,
+    OPT_TLS1_1,
+    OPT_TLS1_2,
+    OPT_PSK,
+    OPT_SRP,
+    OPT_V, OPT_UPPER_V, OPT_S
+} OPTION_CHOICE;
+
+OPTIONS ciphers_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
+    {"V", OPT_UPPER_V, '-', "Even more verbose"},
+    {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
+#endif
+#ifndef OPENSSL_NO_PSK
+    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
+    {NULL}
+};
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+                              unsigned int max_identity_len,
+                              unsigned char *psk,
+                              unsigned int max_psk_len)
+{
+    return 0;
+}
+#endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif
+
+int ciphers_main(int argc, char **argv)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
+#ifndef OPENSSL_NO_SSL_TRACE
+    int stdname = 0;
+#endif
+#ifndef OPENSSL_NO_PSK
+    int psk = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
+#endif
+    const char *p;
+    char *ciphers = NULL, *prog;
+    char buf[512];
+    OPTION_CHOICE o;
+    int min_version = 0, max_version = 0;
+
+    prog = opt_init(argc, argv, ciphers_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ciphers_options);
+            ret = 0;
+            goto end;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_UPPER_V:
+            verbose = Verbose = 1;
+            break;
+        case OPT_S:
+            use_supported = 1;
+            break;
+        case OPT_STDNAME:
+#ifndef OPENSSL_NO_SSL_TRACE
+            stdname = verbose = 1;
+#endif
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            psk = 1;
+#endif
+            break;
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
+#endif
+            break;
+        }
+    }
+    argv = opt_rest();
+    argc = opt_num_rest();
+
+    if (argc == 1)
+        ciphers = *argv;
+    else if (argc != 0)
+        goto opthelp;
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL)
+        goto err;
+    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto err;
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (psk)
+        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+#endif
+    if (ciphers != NULL) {
+        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+            BIO_printf(bio_err, "Error in cipher list\n");
+            goto err;
+        }
+    }
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+
+    if (use_supported)
+        sk = SSL_get1_supported_ciphers(ssl);
+    else
+        sk = SSL_get_ciphers(ssl);
+
+    if (!verbose) {
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+            p = SSL_CIPHER_get_name(c);
+            if (p == NULL)
+                break;
+            if (i != 0)
+                BIO_printf(bio_out, ":");
+            BIO_printf(bio_out, "%s", p);
+        }
+        BIO_printf(bio_out, "\n");
+    } else {
+
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c;
+
+            c = sk_SSL_CIPHER_value(sk, i);
+
+            if (Verbose) {
+                unsigned long id = SSL_CIPHER_get_id(c);
+                int id0 = (int)(id >> 24);
+                int id1 = (int)((id >> 16) & 0xffL);
+                int id2 = (int)((id >> 8) & 0xffL);
+                int id3 = (int)(id & 0xffL);
+
+                if ((id & 0xff000000L) == 0x03000000L)
+                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
+                                                                                  * cipher */
+                else
+                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+            }
+#ifndef OPENSSL_NO_SSL_TRACE
+            if (stdname) {
+                const char *nm = SSL_CIPHER_standard_name(c);
+                if (nm == NULL)
+                    nm = "UNKNOWN";
+                BIO_printf(bio_out, "%s - ", nm);
+            }
+#endif
+            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
+        }
+    }
+
+    ret = 0;
+    goto end;
+ err:
+    ERR_print_errors(bio_err);
+ end:
+    if (use_supported)
+        sk_SSL_CIPHER_free(sk);
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/client.pem b/openssl-1.1.0h/apps/client.pem
new file mode 100644
index 0000000..e7a47a7
--- /dev/null
+++ b/openssl-1.1.0h/apps/client.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
++yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
+lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
+nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
+x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
+bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
+AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
+hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
+curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
+IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
+vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
+QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
+CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
+wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
+agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
+mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
+MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
+HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
+p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
+KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
+1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
+L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
+LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
+Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
+/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
+1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
+1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
+NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
+zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
+mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
+5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
+u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
+HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
+tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
+SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
+kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
+1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/cms.c b/openssl-1.1.0h/apps/cms.c
new file mode 100644
index 0000000..640f92e
--- /dev/null
+++ b/openssl-1.1.0h/apps/cms.c
@@ -0,0 +1,1298 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+# include <openssl/crypto.h>
+# include <openssl/pem.h>
+# include <openssl/err.h>
+# include <openssl/x509_vfy.h>
+# include <openssl/x509v3.h>
+# include <openssl/cms.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from);
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param);
+
+# define SMIME_OP        0x10
+# define SMIME_IP        0x20
+# define SMIME_SIGNERS   0x40
+# define SMIME_ENCRYPT           (1 | SMIME_OP)
+# define SMIME_DECRYPT           (2 | SMIME_IP)
+# define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_VERIFY            (4 | SMIME_IP)
+# define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
+# define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_DATAOUT           (7 | SMIME_IP)
+# define SMIME_DATA_CREATE       (8 | SMIME_OP)
+# define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
+# define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
+# define SMIME_UNCOMPRESS        (11 | SMIME_IP)
+# define SMIME_COMPRESS          (12 | SMIME_OP)
+# define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+# define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+# define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
+# define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
+
+static int verify_err = 0;
+
+typedef struct cms_key_param_st cms_key_param;
+
+struct cms_key_param_st {
+    int idx;
+    STACK_OF(OPENSSL_STRING) *param;
+    cms_key_param *next;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
+    OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+    OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
+    OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
+    OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
+    OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
+    OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
+    OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
+    OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
+    OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+    OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
+    OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
+    OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+    OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
+    OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
+    OPT_3DES_WRAP, OPT_ENGINE,
+    OPT_V_ENUM,
+    OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS cms_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
+    {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+    {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
+    {"data_out", OPT_DATA_OUT, '-'},
+    {"data_create", OPT_DATA_CREATE, '-'},
+    {"digest_verify", OPT_DIGEST_VERIFY, '-'},
+    {"digest_create", OPT_DIGEST_CREATE, '-'},
+    {"compress", OPT_COMPRESS, '-'},
+    {"uncompress", OPT_UNCOMPRESS, '-'},
+    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
+    {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
+    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"asciicrlf", OPT_ASCIICRLF, '-'},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
+    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+    {"indef", OPT_INDEF, '-', "Same as -stream"},
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
+    {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
+    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
+    {"receipt_request_all", OPT_RR_ALL, '-'},
+    {"receipt_request_first", OPT_RR_FIRST, '-'},
+    {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"print", OPT_PRINT, '-', 
+     "For the -cmsout operation print out all fields of the CMS structure"},
+    {"secretkey", OPT_SECRETKEY, 's'},
+    {"secretkeyid", OPT_SECRETKEYID, 's'},
+    {"pwri_password", OPT_PWRI_PASSWORD, 's'},
+    {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
+    {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
+    {"receipt_request_from", OPT_RR_FROM, 's'},
+    {"receipt_request_to", OPT_RR_TO, 's'},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_V_OPTIONS,
+    {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
+    {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
+    {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
+# ifndef OPENSSL_NO_DES
+    {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int cms_main(int argc, char **argv)
+{
+    ASN1_OBJECT *econtent_type = NULL;
+    BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+    CMS_ContentInfo *cms = NULL, *rcms = NULL;
+    CMS_ReceiptRequest *rr = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *key = NULL;
+    const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *certsoutfile = NULL;
+    int noCAfile = 0, noCApath = 0;
+    char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
+    char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
+        NULL;
+    char *to = NULL, *from = NULL, *subject = NULL, *prog;
+    cms_key_param *key_first = NULL, *key_param = NULL;
+    int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
+        0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+    int need_rand = 0, operation = 0, ret = 1, rr_print = 0, rr_allorfirst =
+        -1;
+    int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+    size_t secret_keylen = 0, secret_keyidlen = 0;
+    unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
+    unsigned char *secret_key = NULL, *secret_keyid = NULL;
+    long ltmp;
+    const char *mime_eol = "\n";
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, cms_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(cms_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_SIGN_RECEIPT:
+            operation = SMIME_SIGN_RECEIPT;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_VERIFY_RETCODE:
+            verify_retcode = 1;
+            break;
+        case OPT_VERIFY_RECEIPT:
+            operation = SMIME_VERIFY_RECEIPT;
+            rctfile = opt_arg();
+            break;
+        case OPT_CMSOUT:
+            operation = SMIME_CMSOUT;
+            break;
+        case OPT_DATA_OUT:
+            operation = SMIME_DATAOUT;
+            break;
+        case OPT_DATA_CREATE:
+            operation = SMIME_DATA_CREATE;
+            break;
+        case OPT_DIGEST_VERIFY:
+            operation = SMIME_DIGEST_VERIFY;
+            break;
+        case OPT_DIGEST_CREATE:
+            operation = SMIME_DIGEST_CREATE;
+            break;
+        case OPT_COMPRESS:
+            operation = SMIME_COMPRESS;
+            break;
+        case OPT_UNCOMPRESS:
+            operation = SMIME_UNCOMPRESS;
+            break;
+        case OPT_ED_DECRYPT:
+            operation = SMIME_ENCRYPTED_DECRYPT;
+            break;
+        case OPT_ED_ENCRYPT:
+            operation = SMIME_ENCRYPTED_ENCRYPT;
+            break;
+        case OPT_DEBUG_DECRYPT:
+            flags |= CMS_DEBUG_DECRYPT;
+            break;
+        case OPT_TEXT:
+            flags |= CMS_TEXT;
+            break;
+        case OPT_ASCIICRLF:
+            flags |= CMS_ASCIICRLF;
+            break;
+        case OPT_NOINTERN:
+            flags |= CMS_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= CMS_NO_SIGNER_CERT_VERIFY;
+            break;
+        case OPT_NOCERTS:
+            flags |= CMS_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= CMS_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~CMS_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= CMS_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= CMS_BINARY;
+            break;
+        case OPT_KEYID:
+            flags |= CMS_USE_KEYID;
+            break;
+        case OPT_NOSIGS:
+            flags |= CMS_NOSIGS;
+            break;
+        case OPT_NO_CONTENT_VERIFY:
+            flags |= CMS_NO_CONTENT_VERIFY;
+            break;
+        case OPT_NO_ATTR_VERIFY:
+            flags |= CMS_NO_ATTR_VERIFY;
+            break;
+        case OPT_INDEF:
+            flags |= CMS_STREAM;
+            break;
+        case OPT_NOINDEF:
+            flags &= ~CMS_STREAM;
+            break;
+        case OPT_CRLFEOL:
+            mime_eol = "\r\n";
+            flags |= CMS_CRLFEOL;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_RR_PRINT:
+            rr_print = 1;
+            break;
+        case OPT_RR_ALL:
+            rr_allorfirst = 0;
+            break;
+        case OPT_RR_FIRST:
+            rr_allorfirst = 1;
+            break;
+        case OPT_RCTFORM:
+            if (rctformat == FORMAT_SMIME)
+                rcms = SMIME_read_CMS(rctin, NULL);
+            else if (rctformat == FORMAT_PEM)
+                rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+            else if (rctformat == FORMAT_ASN1)
+                if (!opt_format(opt_arg(),
+                                OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
+                    goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_RR_FROM:
+            if (rr_from == NULL
+                && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            break;
+        case OPT_RR_TO:
+            if (rr_to == NULL
+                && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            break;
+        case OPT_PRINT:
+            noout = print = 1;
+            break;
+        case OPT_SECRETKEY:
+            if (secret_key != NULL) {
+                BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_key == NULL) {
+                BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+                goto end;
+            }
+            secret_keylen = (size_t)ltmp;
+            break;
+        case OPT_SECRETKEYID:
+            if (secret_keyid != NULL) {
+                BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_keyid == NULL) {
+                BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+                goto opthelp;
+            }
+            secret_keyidlen = (size_t)ltmp;
+            break;
+        case OPT_PWRI_PASSWORD:
+            pwri_pass = (unsigned char *)opt_arg();
+            break;
+        case OPT_ECONTENT_TYPE:
+            if (econtent_type != NULL) {
+                BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            econtent_type = OBJ_txt2obj(opt_arg(), 0);
+            if (econtent_type == NULL) {
+                BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            need_rand = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_CERTSOUT:
+            certsoutfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto end;
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile) {
+                if (signerfile == NULL) {
+                    BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                    goto end;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_RECIP:
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
+                    goto end;
+                cert = load_cert(opt_arg(), FORMAT_PEM,
+                                 "recipient certificate file");
+                if (cert == NULL)
+                    goto end;
+                sk_X509_push(encerts, cert);
+                cert = NULL;
+            } else
+                recipfile = opt_arg();
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto end;
+            break;
+        case OPT_KEYOPT:
+            keyidx = -1;
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts)
+                    keyidx += sk_X509_num(encerts);
+            } else {
+                if (keyfile || signerfile)
+                    keyidx++;
+                if (skkeys)
+                    keyidx += sk_OPENSSL_STRING_num(skkeys);
+            }
+            if (keyidx < 0) {
+                BIO_printf(bio_err, "No key specified\n");
+                goto opthelp;
+            }
+            if (key_param == NULL || key_param->idx != keyidx) {
+                cms_key_param *nparam;
+                nparam = app_malloc(sizeof(*nparam), "key param buffer");
+                nparam->idx = keyidx;
+                if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                nparam->next = NULL;
+                if (key_first == NULL)
+                    key_first = nparam;
+                else
+                    key_param->next = nparam;
+                key_param = nparam;
+            }
+            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
+            wrap_cipher = EVP_des_ede3_wrap();
+# endif
+            break;
+        case OPT_AES128_WRAP:
+            wrap_cipher = EVP_aes_128_wrap();
+            break;
+        case OPT_AES192_WRAP:
+            wrap_cipher = EVP_aes_192_wrap();
+            break;
+        case OPT_AES256_WRAP:
+            wrap_cipher = EVP_aes_256_wrap();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
+        BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+        goto opthelp;
+    }
+
+    if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
+        BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+        goto opthelp;
+    }
+    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        if (keyfile && !signerfile) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        /* Check to see if any final signer needs to be appended */
+        if (signerfile) {
+            if (!sksigners
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!keyfile)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (!sksigners) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+        need_rand = 1;
+    }
+
+    else if (operation == SMIME_DECRYPT) {
+        if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (*argv == NULL && !secret_key && !pwri_pass && !encerts) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+        need_rand = 1;
+    } else if (!operation)
+        goto opthelp;
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (need_rand) {
+        app_RAND_load_file(NULL, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~CMS_DETACHED;
+
+    if (!(operation & SMIME_OP)) {
+        if (flags & CMS_BINARY)
+            outformat = FORMAT_BINARY;
+    }
+
+    if (!(operation & SMIME_IP)) {
+        if (flags & CMS_BINARY)
+            informat = FORMAT_BINARY;
+    }
+
+    if (operation == SMIME_ENCRYPT) {
+        if (!cipher) {
+# ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+# else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+# endif
+        }
+
+        if (secret_key && !secret_keyid) {
+            BIO_printf(bio_err, "No secret key id\n");
+            goto end;
+        }
+
+        if (*argv && !encerts)
+            if ((encerts = sk_X509_new_null()) == NULL)
+                goto end;
+        while (*argv) {
+            if ((cert = load_cert(*argv, FORMAT_PEM,
+                                  "recipient certificate file")) == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_SIGN_RECEIPT) {
+        if ((signer = load_cert(signerfile, FORMAT_PEM,
+                                "receipt signer certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (!keyfile)
+            keyfile = recipfile;
+    } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
+        if (!keyfile)
+            keyfile = signerfile;
+    } else
+        keyfile = NULL;
+
+    if (keyfile) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (!key)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME)
+            cms = SMIME_read_CMS(in, &indata);
+        else if (informat == FORMAT_PEM)
+            cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+        else if (informat == FORMAT_ASN1)
+            cms = d2i_CMS_bio(in, NULL);
+        else {
+            BIO_printf(bio_err, "Bad input format for CMS file\n");
+            goto end;
+        }
+
+        if (!cms) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+        if (certsoutfile) {
+            STACK_OF(X509) *allcerts;
+            allcerts = CMS_get1_certs(cms);
+            if (!save_certs(certsoutfile, allcerts)) {
+                BIO_printf(bio_err,
+                           "Error writing certs to %s\n", certsoutfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_pop_free(allcerts, X509_free);
+        }
+    }
+
+    if (rctfile) {
+        char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+        if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
+            BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
+            goto end;
+        }
+
+        if (rctformat == FORMAT_SMIME)
+            rcms = SMIME_read_CMS(rctin, NULL);
+        else if (rctformat == FORMAT_PEM)
+            rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+        else if (rctformat == FORMAT_ASN1)
+            rcms = d2i_CMS_bio(rctin, NULL);
+        else {
+            BIO_printf(bio_err, "Bad input format for receipt\n");
+            goto end;
+        }
+
+        if (!rcms) {
+            BIO_printf(bio_err, "Error reading receipt\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, cms_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_DATA_CREATE) {
+        cms = CMS_data_create(in, flags);
+    } else if (operation == SMIME_DIGEST_CREATE) {
+        cms = CMS_digest_create(in, sign_md, flags);
+    } else if (operation == SMIME_COMPRESS) {
+        cms = CMS_compress(in, -1, flags);
+    } else if (operation == SMIME_ENCRYPT) {
+        int i;
+        flags |= CMS_PARTIAL;
+        cms = CMS_encrypt(NULL, in, cipher, flags);
+        if (!cms)
+            goto end;
+        for (i = 0; i < sk_X509_num(encerts); i++) {
+            CMS_RecipientInfo *ri;
+            cms_key_param *kparam;
+            int tflags = flags;
+            X509 *x = sk_X509_value(encerts, i);
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            ri = CMS_add1_recipient_cert(cms, x, tflags);
+            if (!ri)
+                goto end;
+            if (kparam) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
+                && wrap_cipher) {
+                EVP_CIPHER_CTX *wctx;
+                wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+                EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
+            }
+        }
+
+        if (secret_key) {
+            if (!CMS_add0_recipient_key(cms, NID_undef,
+                                        secret_key, secret_keylen,
+                                        secret_keyid, secret_keyidlen,
+                                        NULL, NULL, NULL))
+                goto end;
+            /* NULL these because call absorbs them */
+            secret_key = NULL;
+            secret_keyid = NULL;
+        }
+        if (pwri_pass) {
+            pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
+            if (!pwri_tmp)
+                goto end;
+            if (!CMS_add0_recipient_password(cms,
+                                             -1, NID_undef, NID_undef,
+                                             pwri_tmp, -1, NULL))
+                goto end;
+            pwri_tmp = NULL;
+        }
+        if (!(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
+        cms = CMS_EncryptedData_encrypt(in, cipher,
+                                        secret_key, secret_keylen, flags);
+
+    } else if (operation == SMIME_SIGN_RECEIPT) {
+        CMS_ContentInfo *srcms = NULL;
+        STACK_OF(CMS_SignerInfo) *sis;
+        CMS_SignerInfo *si;
+        sis = CMS_get0_SignerInfos(cms);
+        if (!sis)
+            goto end;
+        si = sk_CMS_SignerInfo_value(sis, 0);
+        srcms = CMS_sign_receipt(si, signer, key, other, flags);
+        if (!srcms)
+            goto end;
+        CMS_ContentInfo_free(cms);
+        cms = srcms;
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+
+            if (flags & CMS_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= CMS_STREAM;
+            }
+            flags |= CMS_PARTIAL;
+            cms = CMS_sign(NULL, NULL, other, in, flags);
+            if (!cms)
+                goto end;
+            if (econtent_type)
+                CMS_set1_eContentType(cms, econtent_type);
+
+            if (rr_to) {
+                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
+                if (!rr) {
+                    BIO_puts(bio_err,
+                             "Signed Receipt Request Creation Error\n");
+                    goto end;
+                }
+            }
+        } else
+            flags |= CMS_REUSE_DIGEST;
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            CMS_SignerInfo *si;
+            cms_key_param *kparam;
+            int tflags = flags;
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+
+            signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
+            if (!signer) {
+                ret = 2;
+                goto end;
+            }
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (!key) {
+                ret = 2;
+                goto end;
+            }
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
+            if (!si)
+                goto end;
+            if (kparam) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_SignerInfo_get0_pkey_ctx(si);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (rr && !CMS_add1_ReceiptRequest(si, rr))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    }
+
+    if (!cms) {
+        BIO_printf(bio_err, "Error creating CMS structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (flags & CMS_DEBUG_DECRYPT)
+            CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+        if (secret_key) {
+            if (!CMS_decrypt_set1_key(cms,
+                                      secret_key, secret_keylen,
+                                      secret_keyid, secret_keyidlen)) {
+                BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
+                goto end;
+            }
+        }
+
+        if (key) {
+            if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
+                BIO_puts(bio_err, "Error decrypting CMS using private key\n");
+                goto end;
+            }
+        }
+
+        if (pwri_pass) {
+            if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
+                BIO_puts(bio_err, "Error decrypting CMS using password\n");
+                goto end;
+            }
+        }
+
+        if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting CMS structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_DATAOUT) {
+        if (!CMS_data(cms, out, flags))
+            goto end;
+    } else if (operation == SMIME_UNCOMPRESS) {
+        if (!CMS_uncompress(cms, indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_DIGEST_VERIFY) {
+        if (CMS_digest_verify(cms, indata, out, flags) > 0)
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
+        if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+                                       indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_VERIFY) {
+        if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            if (verify_retcode)
+                ret = verify_err + 32;
+            goto end;
+        }
+        if (signerfile) {
+            STACK_OF(X509) *signers;
+            signers = CMS_get0_signers(cms);
+            if (!save_certs(signerfile, signers)) {
+                BIO_printf(bio_err,
+                           "Error writing signers to %s\n", signerfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_free(signers);
+        }
+        if (rr_print)
+            receipt_request_print(cms);
+
+    } else if (operation == SMIME_VERIFY_RECEIPT) {
+        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else {
+        if (noout) {
+            if (print)
+                CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
+        } else if (outformat == FORMAT_SMIME) {
+            if (to)
+                BIO_printf(out, "To: %s%s", to, mime_eol);
+            if (from)
+                BIO_printf(out, "From: %s%s", from, mime_eol);
+            if (subject)
+                BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+            if (operation == SMIME_RESIGN)
+                ret = SMIME_write_CMS(out, cms, indata, flags);
+            else
+                ret = SMIME_write_CMS(out, cms, in, flags);
+        } else if (outformat == FORMAT_PEM)
+            ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
+        else if (outformat == FORMAT_ASN1)
+            ret = i2d_CMS_bio_stream(out, cms, in, flags);
+        else {
+            BIO_printf(bio_err, "Bad output format for CMS file\n");
+            goto end;
+        }
+        if (ret <= 0) {
+            ret = 6;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    if (need_rand)
+        app_RAND_write_file(NULL);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    OPENSSL_free(secret_key);
+    OPENSSL_free(secret_keyid);
+    OPENSSL_free(pwri_tmp);
+    ASN1_OBJECT_free(econtent_type);
+    CMS_ReceiptRequest_free(rr);
+    sk_OPENSSL_STRING_free(rr_to);
+    sk_OPENSSL_STRING_free(rr_from);
+    for (key_param = key_first; key_param;) {
+        cms_key_param *tparam;
+        sk_OPENSSL_STRING_free(key_param->param);
+        tparam = key_param->next;
+        OPENSSL_free(key_param);
+        key_param = tparam;
+    }
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(rcms);
+    release_engine(e);
+    BIO_free(rctin);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+    if (!signerfile)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (!tmp)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    verify_err = error;
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+
+}
+
+static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
+{
+    STACK_OF(GENERAL_NAME) *gens;
+    GENERAL_NAME *gen;
+    int i, j;
+
+    for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
+        gens = sk_GENERAL_NAMES_value(gns, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
+            gen = sk_GENERAL_NAME_value(gens, j);
+            BIO_puts(bio_err, "    ");
+            GENERAL_NAME_print(bio_err, gen);
+            BIO_puts(bio_err, "\n");
+        }
+    }
+    return;
+}
+
+static void receipt_request_print(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_SignerInfo) *sis;
+    CMS_SignerInfo *si;
+    CMS_ReceiptRequest *rr;
+    int allorfirst;
+    STACK_OF(GENERAL_NAMES) *rto, *rlist;
+    ASN1_STRING *scid;
+    int i, rv;
+    sis = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
+        si = sk_CMS_SignerInfo_value(sis, i);
+        rv = CMS_get1_ReceiptRequest(si, &rr);
+        BIO_printf(bio_err, "Signer %d:\n", i + 1);
+        if (rv == 0)
+            BIO_puts(bio_err, "  No Receipt Request\n");
+        else if (rv < 0) {
+            BIO_puts(bio_err, "  Receipt Request Parse Error\n");
+            ERR_print_errors(bio_err);
+        } else {
+            const char *id;
+            int idlen;
+            CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+                                           &rlist, &rto);
+            BIO_puts(bio_err, "  Signed Content ID:\n");
+            idlen = ASN1_STRING_length(scid);
+            id = (const char *)ASN1_STRING_get0_data(scid);
+            BIO_dump_indent(bio_err, id, idlen, 4);
+            BIO_puts(bio_err, "  Receipts From");
+            if (rlist) {
+                BIO_puts(bio_err, " List:\n");
+                gnames_stack_print(rlist);
+            } else if (allorfirst == 1)
+                BIO_puts(bio_err, ": First Tier\n");
+            else if (allorfirst == 0)
+                BIO_puts(bio_err, ": All\n");
+            else
+                BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
+            BIO_puts(bio_err, "  Receipts To:\n");
+            gnames_stack_print(rto);
+        }
+        CMS_ReceiptRequest_free(rr);
+    }
+}
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
+{
+    int i;
+    STACK_OF(GENERAL_NAMES) *ret;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ret = sk_GENERAL_NAMES_new_null();
+    if (!ret)
+        goto err;
+    for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
+        char *str = sk_OPENSSL_STRING_value(ns, i);
+        gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
+        if (!gen)
+            goto err;
+        gens = GENERAL_NAMES_new();
+        if (gens == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(gens, gen))
+            goto err;
+        gen = NULL;
+        if (!sk_GENERAL_NAMES_push(ret, gens))
+            goto err;
+        gens = NULL;
+    }
+
+    return ret;
+
+ err:
+    sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+    GENERAL_NAMES_free(gens);
+    GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from)
+{
+    STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+    CMS_ReceiptRequest *rr;
+    rct_to = make_names_stack(rr_to);
+    if (!rct_to)
+        goto err;
+    if (rr_from) {
+        rct_from = make_names_stack(rr_from);
+        if (!rct_from)
+            goto err;
+    } else
+        rct_from = NULL;
+    rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+                                    rct_to);
+    return rr;
+ err:
+    sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+    return NULL;
+}
+
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param)
+{
+    char *keyopt;
+    int i;
+    if (sk_OPENSSL_STRING_num(param) <= 0)
+        return 1;
+    for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
+        keyopt = sk_OPENSSL_STRING_value(param, i);
+        if (pkey_ctrl_string(pctx, keyopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/apps/crl.c b/openssl-1.1.0h/apps/crl.c
new file mode 100644
index 0000000..06b6e5b
--- /dev/null
+++ b/openssl-1.1.0h/apps/crl.c
@@ -0,0 +1,347 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
+    OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
+    OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
+    OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+    OPT_NOOUT, OPT_NAMEOPT, OPT_MD
+} OPTION_CHOICE;
+
+OPTIONS crl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format; default PEM"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"out", OPT_OUT, '>', "output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
+    {"key", OPT_KEY, '<', "CRL signing Private key to use"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
+    {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
+    {"noout", OPT_NOOUT, '-', "No CRL output"},
+    {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
+    {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
+    {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
+    {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
+    {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
+    {"text", OPT_TEXT, '-', "Print out a text format version"},
+    {"hash", OPT_HASH, '-', "Print hash value"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
+#endif
+    {NULL}
+};
+
+int crl_main(int argc, char **argv)
+{
+    X509_CRL *x = NULL;
+    BIO *out = NULL;
+    X509_STORE *store = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_OBJECT *xobj = NULL;
+    EVP_PKEY *pkey;
+    const EVP_MD *digest = EVP_sha1();
+    unsigned long nmflag = 0;
+    char nmflag_set = 0;
+    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog;
+    OPTION_CHOICE o;
+    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+    int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
+    int i;
+#ifndef OPENSSL_NO_MD5
+    int hash_old = 0;
+#endif
+
+    prog = opt_init(argc, argv, crl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_GENDELTA:
+            crldiff = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath =  1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile =  1;
+            break;
+        case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
+            hash_old = ++num;
+#endif
+            break;
+        case OPT_VERIFY:
+            do_ver = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_HASH:
+            hash = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_LASTUPDATE:
+            lastupdate = ++num;
+            break;
+        case OPT_NEXTUPDATE:
+            nextupdate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_CRLNUMBER:
+            crlnumber = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_NAMEOPT:
+            nmflag_set = 1;
+            if (!set_name_ex(&nmflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
+
+    x = load_crl(infile, informat);
+    if (x == NULL)
+        goto end;
+
+    if (do_ver) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        ctx = X509_STORE_CTX_new();
+        if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
+            BIO_printf(bio_err, "Error initialising X509 store\n");
+            goto end;
+        }
+
+        xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
+                                                 X509_CRL_get_issuer(x));
+        if (xobj == NULL) {
+            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+            goto end;
+        }
+        pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
+        X509_OBJECT_free(xobj);
+        if (!pkey) {
+            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+            goto end;
+        }
+        i = X509_CRL_verify(x, pkey);
+        EVP_PKEY_free(pkey);
+        if (i < 0)
+            goto end;
+        if (i == 0)
+            BIO_printf(bio_err, "verify failure\n");
+        else
+            BIO_printf(bio_err, "verify OK\n");
+    }
+
+    if (crldiff) {
+        X509_CRL *newcrl, *delta;
+        if (!keyfile) {
+            BIO_puts(bio_err, "Missing CRL signing key\n");
+            goto end;
+        }
+        newcrl = load_crl(crldiff, informat);
+        if (!newcrl)
+            goto end;
+        pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
+        if (!pkey) {
+            X509_CRL_free(newcrl);
+            goto end;
+        }
+        delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+        X509_CRL_free(newcrl);
+        EVP_PKEY_free(pkey);
+        if (delta) {
+            X509_CRL_free(x);
+            x = delta;
+        } else {
+            BIO_puts(bio_err, "Error creating delta CRL\n");
+            goto end;
+        }
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *sig;
+
+        X509_CRL_get0_signature(x, &sig, NULL);
+        corrupt_signature(sig);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
+                           nmflag);
+            }
+            if (crlnumber == i) {
+                ASN1_INTEGER *crlnum;
+                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+                BIO_printf(bio_out, "crlNumber=");
+                if (crlnum) {
+                    i2a_ASN1_INTEGER(bio_out, crlnum);
+                    ASN1_INTEGER_free(crlnum);
+                } else
+                    BIO_puts(bio_out, "<NONE>");
+                BIO_printf(bio_out, "\n");
+            }
+            if (hash == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash(X509_CRL_get_issuer(x)));
+            }
+#ifndef OPENSSL_NO_MD5
+            if (hash_old == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+            }
+#endif
+            if (lastupdate == i) {
+                BIO_printf(bio_out, "lastUpdate=");
+                ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
+                BIO_printf(bio_out, "\n");
+            }
+            if (nextupdate == i) {
+                BIO_printf(bio_out, "nextUpdate=");
+                if (X509_CRL_get0_nextUpdate(x))
+                    ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
+                else
+                    BIO_printf(bio_out, "NONE");
+                BIO_printf(bio_out, "\n");
+            }
+            if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+
+                if (!X509_CRL_digest(x, digest, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(bio_out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(digest)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+        }
+    }
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (text)
+        X509_CRL_print(out, x);
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1)
+        i = (int)i2d_X509_CRL_bio(out, x);
+    else
+        i = PEM_write_bio_X509_CRL(out, x);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write CRL\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BIO_free_all(out);
+    X509_CRL_free(x);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/crl2p7.c b/openssl-1.1.0h/apps/crl2p7.c
new file mode 100644
index 0000000..9c5f79f
--- /dev/null
+++ b/openssl-1.1.0h/apps/crl2p7.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
+} OPTION_CHOICE;
+
+OPTIONS crl2pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
+    {"certfile", OPT_CERTFILE, '<',
+     "File of chain of certs to a trusted CA; can be repeated"},
+    {NULL}
+};
+
+int crl2pkcs7_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNED *p7s = NULL;
+    STACK_OF(OPENSSL_STRING) *certflst = NULL;
+    STACK_OF(X509) *cert_stack = NULL;
+    STACK_OF(X509_CRL) *crl_stack = NULL;
+    X509_CRL *crl = NULL;
+    char *infile = NULL, *outfile = NULL, *prog, *certfile;
+    int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
+        0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, crl2pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl2pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOCRL:
+            nocrl = 1;
+            break;
+        case OPT_CERTFILE:
+            if ((certflst == NULL)
+                && (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!nocrl) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            crl = d2i_X509_CRL_bio(in, NULL);
+        else if (informat == FORMAT_PEM)
+            crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+        if (crl == NULL) {
+            BIO_printf(bio_err, "unable to load CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if ((p7 = PKCS7_new()) == NULL)
+        goto end;
+    if ((p7s = PKCS7_SIGNED_new()) == NULL)
+        goto end;
+    p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+    p7->d.sign = p7s;
+    p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+
+    if (!ASN1_INTEGER_set(p7s->version, 1))
+        goto end;
+    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+        goto end;
+    p7s->crl = crl_stack;
+    if (crl != NULL) {
+        sk_X509_CRL_push(crl_stack, crl);
+        crl = NULL;             /* now part of p7 for OPENSSL_freeing */
+    }
+
+    if ((cert_stack = sk_X509_new_null()) == NULL)
+        goto end;
+    p7s->cert = cert_stack;
+
+    if (certflst)
+        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+            certfile = sk_OPENSSL_STRING_value(certflst, i);
+            if (add_certs_from_file(cert_stack, certfile) < 0) {
+                BIO_printf(bio_err, "error loading certificates\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (outformat == FORMAT_ASN1)
+        i = i2d_PKCS7_bio(out, p7);
+    else if (outformat == FORMAT_PEM)
+        i = PEM_write_bio_PKCS7(out, p7);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write pkcs7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    sk_OPENSSL_STRING_free(certflst);
+    BIO_free(in);
+    BIO_free_all(out);
+    PKCS7_free(p7);
+    X509_CRL_free(crl);
+
+    return (ret);
+}
+
+/*-
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ *      Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ *      number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+{
+    BIO *in = NULL;
+    int count = 0;
+    int ret = -1;
+    STACK_OF(X509_INFO) *sk = NULL;
+    X509_INFO *xi;
+
+    in = BIO_new_file(certfile, "r");
+    if (in == NULL) {
+        BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* This loads from a file, a stack of x509/crl/pkey sets */
+    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+    if (sk == NULL) {
+        BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* scan over it and pull out the CRL's */
+    while (sk_X509_INFO_num(sk)) {
+        xi = sk_X509_INFO_shift(sk);
+        if (xi->x509 != NULL) {
+            sk_X509_push(stack, xi->x509);
+            xi->x509 = NULL;
+            count++;
+        }
+        X509_INFO_free(xi);
+    }
+
+    ret = count;
+ end:
+    /* never need to OPENSSL_free x */
+    BIO_free(in);
+    sk_X509_INFO_free(sk);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/ct_log_list.cnf b/openssl-1.1.0h/apps/ct_log_list.cnf
new file mode 100644
index 0000000..2434874
--- /dev/null
+++ b/openssl-1.1.0h/apps/ct_log_list.cnf
@@ -0,0 +1,34 @@
+enabled_logs=pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
+
+[pilot]
+description = Google Pilot Log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==
+
+[aviator]
+description = Google Aviator log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==
+
+[rocketeer]
+description = Google Rocketeer log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==
+
+[digicert]
+description = DigiCert Log Server
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==
+
+[certly]
+description = Certly.IO log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==
+
+[izempe]
+description = Izempe log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==
+
+[symantec]
+description = Symantec log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==
+
+[venafi]
+description = Venafi log
+key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB
+
diff --git a/openssl-1.1.0h/apps/demoCA/cacert.pem b/openssl-1.1.0h/apps/demoCA/cacert.pem
new file mode 100644
index 0000000..affbce3
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoCA/cacert.pem
@@ -0,0 +1,14 @@
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
diff --git a/openssl-1.1.0h/apps/demoCA/index.txt b/openssl-1.1.0h/apps/demoCA/index.txt
new file mode 100644
index 0000000..2cdd252
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoCA/index.txt
@@ -0,0 +1,39 @@
+R	980705233205Z	951009233205Z	01	certs/00000001	/CN=Eric Young
+E	951009233205Z		02	certs/00000002	/CN=Duncan Young
+R	980705233205Z	951201010000Z	03	certs/00000003	/CN=Tim Hudson
+V	980705233205Z		04	certs/00000004	/CN=Eric Young4
+V	980705233205Z		05	certs/00000004	/CN=Eric Young5
+V	980705233205Z		06	certs/00000004	/CN=Eric Young6
+V	980705233205Z		07	certs/00000004	/CN=Eric Young7
+V	980705233205Z		08	certs/00000004	/CN=Eric Young8
+V	980705233205Z		09	certs/00000004	/CN=Eric Young9
+V	980705233205Z		0A	certs/00000004	/CN=Eric YoungA
+V	980705233205Z		0B	certs/00000004	/CN=Eric YoungB
+V	980705233205Z		0C	certs/00000004	/CN=Eric YoungC
+V	980705233205Z		0D	certs/00000004	/CN=Eric YoungD
+V	980705233205Z		0E	certs/00000004	/CN=Eric YoungE
+V	980705233205Z		0F	certs/00000004	/CN=Eric YoungF
+V	980705233205Z		10	certs/00000004	/CN=Eric Young10
+V	980705233205Z		11	certs/00000004	/CN=Eric Young11
+V	980705233205Z		12	certs/00000004	/CN=Eric Young12
+V	980705233205Z		13	certs/00000004	/CN=Eric Young13
+V	980705233205Z		14	certs/00000004	/CN=Eric Young14
+V	980705233205Z		15	certs/00000004	/CN=Eric Young15
+V	980705233205Z		16	certs/00000004	/CN=Eric Young16
+V	980705233205Z		17	certs/00000004	/CN=Eric Young17
+V	961206150305Z		010C	unknown	/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V	961206153245Z		010D	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V	970322074816Z		010E	unknown	/CN=Eric Young/Email=eay@mincom.oz.au
+V	970322075152Z		010F	unknown	/CN=Eric Young
+V	970322075906Z		0110	unknown	/CN=Eric Youngg
+V	970324092238Z		0111	unknown	/C=AU/SP=Queensland/CN=Eric Young
+V	970324221931Z		0112	unknown	/CN=Fred
+V	970324224934Z		0113	unknown	/C=AU/CN=eay
+V	971001005237Z		0114	unknown	/C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V	971001010331Z		0115	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
+V	971001013945Z		0117	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V	971014225415Z		0118	unknown	/C=AU/SP=Queensland/CN=test
+V	971015004448Z		0119	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
+V	971016035001Z		011A	unknown	/C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
+V	971016080129Z		011B	unknown	/C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
+V	971016224000Z		011D	unknown	/L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
diff --git a/openssl-1.1.0h/apps/demoCA/private/cakey.pem b/openssl-1.1.0h/apps/demoCA/private/cakey.pem
new file mode 100644
index 0000000..48fb18c
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoCA/private/cakey.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/demoCA/serial b/openssl-1.1.0h/apps/demoCA/serial
new file mode 100644
index 0000000..69fa0ff
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoCA/serial
@@ -0,0 +1 @@
+011E
diff --git a/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt b/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt
new file mode 100644
index 0000000..ccae629
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt
@@ -0,0 +1,6 @@
+# This is a file that will be filled by the openssl srp routine.
+# You can initialize the file with additional groups, these are
+# records starting with a I followed by the g and N values and the id.
+# The exact values ... you have to dig this out from the source of srp.c
+# or srp_vfy.c
+# The last value of an I is used as the default group for new users.  
diff --git a/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt.attr b/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/openssl-1.1.0h/apps/demoSRP/srp_verifier.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/openssl-1.1.0h/apps/dgst.c b/openssl-1.1.0h/apps/dgst.c
new file mode 100644
index 0000000..08182e2
--- /dev/null
+++ b/openssl-1.1.0h/apps/dgst.c
@@ -0,0 +1,480 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
+    OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
+    OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
+    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+    OPT_DIGEST
+} OPTION_CHOICE;
+
+OPTIONS dgst_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  file... files to digest (default is stdin)\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"c", OPT_C, '-', "Print the digest with separating colons"},
+    {"r", OPT_R, '-', "Print the digest in coreutils format"},
+    {"rand", OPT_RAND, 's',
+     "Use file(s) containing random data to seed RNG or an EGD sock"},
+    {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"sign", OPT_SIGN, 's', "Sign digest using private key"},
+    {"verify", OPT_VERIFY, 's',
+     "Verify a signature using public key"},
+    {"prverify", OPT_PRVERIFY, 's',
+     "Verify a signature using private key"},
+    {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
+    {"hex", OPT_HEX, '-', "Print as hex dump"},
+    {"binary", OPT_BINARY, '-', "Print in binary form"},
+    {"d", OPT_DEBUG, '-', "Print debug info"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
+     "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
+    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
+    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"", OPT_DIGEST, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for digest operations"},
+#endif
+    {NULL}
+};
+
+int dgst_main(int argc, char **argv)
+{
+    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
+    ENGINE *e = NULL, *impl = NULL;
+    EVP_PKEY *sigkey = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
+    char *hmac_key = NULL;
+    char *mac_name = NULL;
+    char *passinarg = NULL, *passin = NULL;
+    const EVP_MD *md = NULL, *m;
+    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
+    const char *sigfile = NULL, *randfile = NULL;
+    OPTION_CHOICE o;
+    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+    unsigned char *buf = NULL, *sigbuf = NULL;
+    int engine_impl = 0;
+
+    prog = opt_progname(argv[0]);
+    buf = app_malloc(BUFSIZE, "I/O buffer");
+    md = EVP_get_digestbyname(prog);
+
+    prog = opt_init(argc, argv, dgst_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dgst_options);
+            ret = 0;
+            goto end;
+        case OPT_C:
+            separator = 1;
+            break;
+        case OPT_R:
+            separator = 2;
+            break;
+        case OPT_RAND:
+            randfile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGN:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_VERIFY:
+            keyfile = opt_arg();
+            want_pub = do_verify = 1;
+            break;
+        case OPT_PRVERIFY:
+            keyfile = opt_arg();
+            do_verify = 1;
+            break;
+        case OPT_SIGNATURE:
+            sigfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_HEX:
+            out_bin = 0;
+            break;
+        case OPT_BINARY:
+            out_bin = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_FIPS_FINGERPRINT:
+            hmac_key = "etaonrishdlcupfm";
+            break;
+        case OPT_HMAC:
+            hmac_key = opt_arg();
+            break;
+        case OPT_MAC:
+            mac_name = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MACOPT:
+            if (!macopts)
+                macopts = sk_OPENSSL_STRING_new_null();
+            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            if (!opt_md(opt_unknown(), &m))
+                goto opthelp;
+            md = m;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (keyfile != NULL && argc > 1) {
+        BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
+        goto end;
+    }
+
+    if (do_verify && !sigfile) {
+        BIO_printf(bio_err,
+                   "No signature to verify: use the -signature option\n");
+        goto end;
+    }
+    if (engine_impl)
+        impl = e;
+
+    in = BIO_new(BIO_s_file());
+    bmd = BIO_new(BIO_f_md());
+    if ((in == NULL) || (bmd == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        /* needed for windows 3.1 */
+        BIO_set_callback_arg(in, (char *)bio_err);
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (out_bin == -1) {
+        if (keyfile)
+            out_bin = 1;
+        else
+            out_bin = 0;
+    }
+
+    if (randfile)
+        app_RAND_load_file(randfile, 0);
+
+    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
+        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+        goto end;
+    }
+
+    if (keyfile) {
+        if (want_pub)
+            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
+        else
+            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
+        if (!sigkey) {
+            /*
+             * load_[pub]key() has already printed an appropriate message
+             */
+            goto end;
+        }
+    }
+
+    if (mac_name) {
+        EVP_PKEY_CTX *mac_ctx = NULL;
+        int r = 0;
+        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
+            goto mac_end;
+        if (macopts) {
+            char *macopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+                macopt = sk_OPENSSL_STRING_value(macopts, i);
+                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+                    BIO_printf(bio_err,
+                               "MAC parameter error \"%s\"\n", macopt);
+                    ERR_print_errors(bio_err);
+                    goto mac_end;
+                }
+            }
+        }
+        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto mac_end;
+        }
+        r = 1;
+ mac_end:
+        EVP_PKEY_CTX_free(mac_ctx);
+        if (r == 0)
+            goto end;
+    }
+
+    if (hmac_key) {
+        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
+                                      (unsigned char *)hmac_key, -1);
+        if (!sigkey)
+            goto end;
+    }
+
+    if (sigkey) {
+        EVP_MD_CTX *mctx = NULL;
+        EVP_PKEY_CTX *pctx = NULL;
+        int r;
+        if (!BIO_get_md_ctx(bmd, &mctx)) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (do_verify)
+            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+        else
+            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+        if (!r) {
+            BIO_printf(bio_err, "Error setting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (sigopts) {
+            char *sigopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+    }
+    /* we use md as a filter, reading from 'in' */
+    else {
+        EVP_MD_CTX *mctx = NULL;
+        if (!BIO_get_md_ctx(bmd, &mctx)) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (md == NULL)
+            md = EVP_sha256();
+        if (!EVP_DigestInit_ex(mctx, md, impl)) {
+            BIO_printf(bio_err, "Error setting digest\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (sigfile && sigkey) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+        if (!sigbio) {
+            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        siglen = EVP_PKEY_size(sigkey);
+        sigbuf = app_malloc(siglen, "signature buffer");
+        siglen = BIO_read(sigbio, sigbuf, siglen);
+        BIO_free(sigbio);
+        if (siglen <= 0) {
+            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    inp = BIO_push(bmd, in);
+
+    if (md == NULL) {
+        EVP_MD_CTX *tctx;
+        BIO_get_md_ctx(bmd, &tctx);
+        md = EVP_MD_CTX_md(tctx);
+    }
+
+    if (argc == 0) {
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                    siglen, NULL, NULL, "stdin");
+    } else {
+        const char *md_name = NULL, *sig_name = NULL;
+        if (!out_bin) {
+            if (sigkey) {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ameth = EVP_PKEY_get0_asn1(sigkey);
+                if (ameth)
+                    EVP_PKEY_asn1_get0_info(NULL, NULL,
+                                            NULL, NULL, &sig_name, ameth);
+            }
+            if (md)
+                md_name = EVP_MD_name(md);
+        }
+        ret = 0;
+        for (i = 0; i < argc; i++) {
+            int r;
+            if (BIO_read_filename(in, argv[i]) <= 0) {
+                perror(argv[i]);
+                ret++;
+                continue;
+            } else
+                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                          siglen, sig_name, md_name, argv[i]);
+            if (r)
+                ret = r;
+            (void)BIO_reset(bmd);
+        }
+    }
+ end:
+    OPENSSL_clear_free(buf, BUFSIZE);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    BIO_free_all(out);
+    EVP_PKEY_free(sigkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    sk_OPENSSL_STRING_free(macopts);
+    OPENSSL_free(sigbuf);
+    BIO_free(bmd);
+    release_engine(e);
+    return (ret);
+}
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file)
+{
+    size_t len;
+    int i;
+
+    for (;;) {
+        i = BIO_read(bp, (char *)buf, BUFSIZE);
+        if (i < 0) {
+            BIO_printf(bio_err, "Read Error in %s\n", file);
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+        if (i == 0)
+            break;
+    }
+    if (sigin) {
+        EVP_MD_CTX *ctx;
+        BIO_get_md_ctx(bp, &ctx);
+        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
+        if (i > 0)
+            BIO_printf(out, "Verified OK\n");
+        else if (i == 0) {
+            BIO_printf(out, "Verification Failure\n");
+            return 1;
+        } else {
+            BIO_printf(bio_err, "Error Verifying Data\n");
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+        return 0;
+    }
+    if (key) {
+        EVP_MD_CTX *ctx;
+        BIO_get_md_ctx(bp, &ctx);
+        len = BUFSIZE;
+        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
+            BIO_printf(bio_err, "Error Signing Data\n");
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+    } else {
+        len = BIO_gets(bp, (char *)buf, BUFSIZE);
+        if ((int)len < 0) {
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+    }
+
+    if (binout)
+        BIO_write(out, buf, len);
+    else if (sep == 2) {
+        for (i = 0; i < (int)len; i++)
+            BIO_printf(out, "%02x", buf[i]);
+        BIO_printf(out, " *%s\n", file);
+    } else {
+        if (sig_name) {
+            BIO_puts(out, sig_name);
+            if (md_name)
+                BIO_printf(out, "-%s", md_name);
+            BIO_printf(out, "(%s)= ", file);
+        } else if (md_name)
+            BIO_printf(out, "%s(%s)= ", md_name, file);
+        else
+            BIO_printf(out, "(%s)= ", file);
+        for (i = 0; i < (int)len; i++) {
+            if (sep && (i != 0))
+                BIO_printf(out, ":");
+            BIO_printf(out, "%02x", buf[i]);
+        }
+        BIO_printf(out, "\n");
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/apps/dh1024.pem b/openssl-1.1.0h/apps/dh1024.pem
new file mode 100644
index 0000000..f1a5e18
--- /dev/null
+++ b/openssl-1.1.0h/apps/dh1024.pem
@@ -0,0 +1,10 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
+-----END DH PARAMETERS-----
+
+These are the 1024-bit DH parameters from "Internet Key Exchange 
+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/openssl-1.1.0h/apps/dh2048.pem b/openssl-1.1.0h/apps/dh2048.pem
new file mode 100644
index 0000000..e899f2e
--- /dev/null
+++ b/openssl-1.1.0h/apps/dh2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048-bit DH parameters from "More Modular Exponential 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/openssl-1.1.0h/apps/dh4096.pem b/openssl-1.1.0h/apps/dh4096.pem
new file mode 100644
index 0000000..adada2b
--- /dev/null
+++ b/openssl-1.1.0h/apps/dh4096.pem
@@ -0,0 +1,19 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096-bit DH parameters from "More Modular Exponential 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+https://tools.ietf.org/html/rfc3526
+
+See https://tools.ietf.org/html/rfc2412 for how they were generated.
diff --git a/openssl-1.1.0h/apps/dhparam.c b/openssl-1.1.0h/apps/dhparam.c
new file mode 100644
index 0000000..94322e3
--- /dev/null
+++ b/openssl-1.1.0h/apps/dhparam.c
@@ -0,0 +1,392 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DH
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+# endif
+
+# define DEFBITS 2048
+
+static int dh_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
+    OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
+} OPTION_CHOICE;
+
+OPTIONS dhparam_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"check", OPT_CHECK, '-', "Check the DH parameters"},
+    {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
+    {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"C", OPT_C, '-', "Print C code"},
+    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
+    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
+# ifndef OPENSSL_NO_DSA
+    {"dsaparam", OPT_DSAPARAM, '-',
+     "Read or generate DSA parameters, convert to DH"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dhparam_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    DH *dh = NULL;
+    char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
+    int dsaparam = 0;
+#endif
+    int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dhparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dhparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_DSAPARAM:
+#ifndef OPENSSL_NO_DSA
+            dsaparam = 1;
+#endif
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_2:
+            g = 2;
+            break;
+        case OPT_5:
+            g = 5;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
+        goto end;
+
+    if (g && !num)
+        num = DEFBITS;
+
+# ifndef OPENSSL_NO_DSA
+    if (dsaparam && g) {
+        BIO_printf(bio_err,
+                   "generator may not be chosen for DSA parameters\n");
+        goto end;
+    }
+# endif
+    /* DH parameters */
+    if (num && !g)
+        g = 2;
+
+    if (num) {
+
+        BN_GENCB *cb;
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        BN_GENCB_set(cb, dh_cb, bio_err);
+        if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
+            BIO_printf(bio_err,
+                       "warning, not much extra random data, consider using the -rand option\n");
+        }
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa = DSA_new();
+
+            BIO_printf(bio_err,
+                       "Generating DSA parameters, %d bit long prime\n", num);
+            if (dsa == NULL
+                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
+                                               cb)) {
+                DSA_free(dsa);
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            dh = DH_new();
+            BIO_printf(bio_err,
+                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
+                       num, g);
+            BIO_printf(bio_err, "This is going to take a long time\n");
+            if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        BN_GENCB_free(cb);
+        app_RAND_write_file(NULL);
+    } else {
+
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa;
+
+            if (informat == FORMAT_ASN1)
+                dsa = d2i_DSAparams_bio(in, NULL);
+            else                /* informat == FORMAT_PEM */
+                dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+
+            if (dsa == NULL) {
+                BIO_printf(bio_err, "unable to load DSA parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
+                dh = d2i_DHparams_bio(in, NULL);
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
+                dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
+
+            if (dh == NULL) {
+                BIO_printf(bio_err, "unable to load DH parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        /* dh != NULL */
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        DHparams_print(out, dh);
+    }
+
+    if (check) {
+        if (!DH_check(dh, &i)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i & DH_CHECK_P_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+        if (i & DH_CHECK_Q_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+        if (i & DH_CHECK_INVALID_Q_VALUE)
+            BIO_printf(bio_err, "WARNING: q value is invalid\n");
+        if (i & DH_CHECK_INVALID_J_VALUE)
+            BIO_printf(bio_err, "WARNING: j value is invalid\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+            BIO_printf(bio_err,
+                       "WARNING: unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+            BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
+        if (i == 0)
+            BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+        if (num != 0 && i != 0) {
+            /*
+             * We have generated parameters but DH_check() indicates they are
+             * invalid! This should never happen!
+             */
+            BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+            goto end;
+        }
+    }
+    if (C) {
+        unsigned char *data;
+        int len, bits;
+        const BIGNUM *pbn, *gbn;
+
+        len = DH_size(dh);
+        bits = DH_bits(dh);
+        DH_get0_pqg(dh, &pbn, NULL, &gbn);
+        data = app_malloc(len, "print a BN");
+        BIO_printf(out, "#ifndef HEADER_DH_H\n"
+                        "# include <openssl/dh.h>\n"
+                        "#endif\n"
+                        "\n");
+        BIO_printf(out, "DH *get_dh%d()\n{\n", bits);
+        print_bignum_var(out, pbn, "dhp", bits, data);
+        print_bignum_var(out, gbn, "dhg", bits, data);
+        BIO_printf(out, "    DH *dh = DH_new();\n"
+                        "    BIGNUM *dhp_bn, *dhg_bn;\n"
+                        "\n"
+                        "    if (dh == NULL)\n"
+                        "        return NULL;\n");
+        BIO_printf(out, "    dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    if (dhp_bn == NULL || dhg_bn == NULL\n"
+                        "            || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n"
+                        "        DH_free(dh);\n"
+                        "        BN_free(dhp_bn);\n"
+                        "        BN_free(dhg_bn);\n"
+                        "        return NULL;\n"
+                        "    }\n");
+        if (DH_get_length(dh) > 0)
+            BIO_printf(out,
+                        "    if (!DH_set_length(dh, %ld)) {\n"
+                        "        DH_free(dh);\n"
+                        "    }\n", DH_get_length(dh));
+        BIO_printf(out, "    return dh;\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (!noout) {
+        const BIGNUM *q;
+        DH_get0_pqg(dh, NULL, &q, NULL);
+        if (outformat == FORMAT_ASN1) {
+            if (q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (q != NULL)
+            i = PEM_write_bio_DHxparams(out, dh);
+        else
+            i = PEM_write_bio_DHparams(out, dh);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DH parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    DH_free(dh);
+    release_engine(e);
+    return (ret);
+}
+
+static int dh_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/apps/dsa-ca.pem b/openssl-1.1.0h/apps/dsa-ca.pem
new file mode 100644
index 0000000..3ce8dc6
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsa-ca.pem
@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
+ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
+hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
+zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
+EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
+5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
+epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
+bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
+i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
+5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
+ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
+KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
+BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
+j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
+7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
+SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
+5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
+nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
+tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
+KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
+SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
+wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
+gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
+AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
+jgjIkA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/apps/dsa-pca.pem b/openssl-1.1.0h/apps/dsa-pca.pem
new file mode 100644
index 0000000..a51a06e
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsa-pca.pem
@@ -0,0 +1,47 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
+PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
+bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
+gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
+meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
+qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
+CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
+rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
+lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
+mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
+AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
+MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
+KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
+Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
+++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
+zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
+4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
+TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
+AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
+N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
+wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
++OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
+MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
+BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
+lnt88g==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/apps/dsa.c b/openssl-1.1.0h/apps/dsa.c
new file mode 100644
index 0000000..8454b2e
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsa.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/dsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
+    OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
+} OPTION_CHOICE;
+
+OPTIONS dsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_RC4
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dsa_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    DSA *dsa = NULL;
+    ENGINE *e = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+# ifndef OPENSSL_NO_RC4
+    int pvk_encr = 2;
+# endif
+    int private = 0;
+
+    prog = opt_init(argc, argv, dsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            ret = 0;
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+#ifndef OPENSSL_NO_RC4
+            pvk_encr = (o - OPT_PVK_NONE);
+#endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    BIO_printf(bio_err, "read DSA key\n");
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin)
+            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+
+        if (pkey) {
+            dsa = EVP_PKEY_get1_DSA(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    }
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!DSA_print(out, dsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *pub_key = NULL;
+        DSA_get0_key(dsa, &pub_key, NULL);
+        BIO_printf(out, "Public Key=");
+        BN_print(out, pub_key);
+        BIO_printf(out, "\n");
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing DSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubin || pubout)
+            i = i2d_DSA_PUBKEY_bio(out, dsa);
+        else {
+            assert(private);
+            i = i2d_DSAPrivateKey_bio(out, dsa);
+        }
+    } else if (outformat == FORMAT_PEM) {
+        if (pubin || pubout)
+            i = PEM_write_bio_DSA_PUBKEY(out, dsa);
+        else {
+            assert(private);
+            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+                                            NULL, 0, NULL, passout);
+        }
+# ifndef OPENSSL_NO_RSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        if (pk == NULL)
+           goto end;
+
+        EVP_PKEY_set1_DSA(pk, dsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+#  ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+#  else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+#  endif
+        }
+        else if (pubin || pubout)
+            i = i2b_PublicKey_bio(out, pk);
+        else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+# endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/dsa1024.pem b/openssl-1.1.0h/apps/dsa1024.pem
new file mode 100644
index 0000000..082dec3
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsa1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----
diff --git a/openssl-1.1.0h/apps/dsa512.pem b/openssl-1.1.0h/apps/dsa512.pem
new file mode 100644
index 0000000..5f86d1a
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsa512.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----
diff --git a/openssl-1.1.0h/apps/dsap.pem b/openssl-1.1.0h/apps/dsap.pem
new file mode 100644
index 0000000..d4dfdb3
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsap.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
+GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
+t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
+ADiRffvSdhrNw5dkqdql
+-----END DSA PARAMETERS-----
diff --git a/openssl-1.1.0h/apps/dsaparam.c b/openssl-1.1.0h/apps/dsaparam.c
new file mode 100644
index 0000000..5c3c8f8
--- /dev/null
+++ b/openssl-1.1.0h/apps/dsaparam.c
@@ -0,0 +1,316 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# ifdef GENCB_TEST
+
+static int stop_keygen_flag = 0;
+
+static void timebomb_sigalarm(int foo)
+{
+    stop_keygen_flag = 1;
+}
+
+# endif
+
+static int dsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE,
+    OPT_TIMEBOMB
+} OPTION_CHOICE;
+
+OPTIONS dsaparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print as text"},
+    {"C", OPT_C, '-', "Output C code"},
+    {"noout", OPT_NOOUT, '-', "No output"},
+    {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
+    {"rand", OPT_RAND, 's', "Files to use for random number input"},
+# ifdef GENCB_TEST
+    {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int dsaparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    DSA *dsa = NULL;
+    BIO *in = NULL, *out = NULL;
+    BN_GENCB *cb = NULL;
+    int numbits = -1, num = 0, genkey = 0, need_rand = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, i, text = 0, private = 0;
+# ifdef GENCB_TEST
+    int timebomb = 0;
+# endif
+    char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dsaparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsaparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TIMEBOMB:
+# ifdef GENCB_TEST
+            timebomb = atoi(opt_arg());
+            break;
+# endif
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = need_rand = 1;
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            need_rand = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num < 0)
+            goto end;
+        /* generate a key */
+        numbits = num;
+        need_rand = 1;
+    }
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (need_rand) {
+        app_RAND_load_file(NULL, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+
+    if (numbits > 0) {
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
+            goto end;
+        }
+        BN_GENCB_set(cb, dsa_cb, bio_err);
+        assert(need_rand);
+        dsa = DSA_new();
+        if (dsa == NULL) {
+            BIO_printf(bio_err, "Error allocating DSA object\n");
+            goto end;
+        }
+        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
+                   num);
+        BIO_printf(bio_err, "This could take some time\n");
+# ifdef GENCB_TEST
+        if (timebomb > 0) {
+            struct sigaction act;
+            act.sa_handler = timebomb_sigalarm;
+            act.sa_flags = 0;
+            BIO_printf(bio_err,
+                       "(though I'll stop it if not done within %d secs)\n",
+                       timebomb);
+            if (sigaction(SIGALRM, &act, NULL) != 0) {
+                BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
+                goto end;
+            }
+            alarm(timebomb);
+        }
+# endif
+        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
+# ifdef GENCB_TEST
+            if (stop_keygen_flag) {
+                BIO_printf(bio_err, "DSA key generation time-stopped\n");
+                /* This is an asked-for behaviour! */
+                ret = 0;
+                goto end;
+            }
+# endif
+            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error, DSA key generation failed\n");
+            goto end;
+        }
+    } else if (informat == FORMAT_ASN1)
+        dsa = d2i_DSAparams_bio(in, NULL);
+    else
+        dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (text) {
+        DSAparams_print(out, dsa);
+    }
+
+    if (C) {
+        const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+        unsigned char *data;
+        int len, bits_p;
+
+        DSA_get0_pqg(dsa, &p, &q, &g);
+        len = BN_num_bytes(p);
+        bits_p = BN_num_bits(p);
+
+        data = app_malloc(len + 20, "BN space");
+
+        BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
+        print_bignum_var(bio_out, p, "dsap", len, data);
+        print_bignum_var(bio_out, q, "dsaq", len, data);
+        print_bignum_var(bio_out, g, "dsag", len, data);
+        BIO_printf(bio_out, "    DSA *dsa = DSA_new();\n"
+                            "\n");
+        BIO_printf(bio_out, "    if (dsa == NULL)\n"
+                            "        return NULL;\n");
+        BIO_printf(bio_out, "    dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n",
+               bits_p, bits_p);
+        BIO_printf(bio_out, "    dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n",
+               bits_p, bits_p);
+        BIO_printf(bio_out, "    dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n",
+               bits_p, bits_p);
+        BIO_printf(bio_out, "    if (!dsa->p || !dsa->q || !dsa->g) {\n"
+                            "        DSA_free(dsa);\n"
+                            "        return NULL;\n"
+                            "    }\n"
+                            "    return(dsa);\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAparams_bio(out, dsa);
+        else
+            i = PEM_write_bio_DSAparams(out, dsa);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DSA parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (genkey) {
+        DSA *dsakey;
+
+        assert(need_rand);
+        if ((dsakey = DSAparams_dup(dsa)) == NULL)
+            goto end;
+        if (!DSA_generate_key(dsakey)) {
+            ERR_print_errors(bio_err);
+            DSA_free(dsakey);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAPrivateKey_bio(out, dsakey);
+        else
+            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
+                                            NULL);
+        DSA_free(dsakey);
+    }
+    if (need_rand)
+        app_RAND_write_file(NULL);
+    ret = 0;
+ end:
+    BN_GENCB_free(cb);
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    return (ret);
+}
+
+static int dsa_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+# ifdef GENCB_TEST
+    if (stop_keygen_flag)
+        return 0;
+# endif
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/apps/ec.c b/openssl-1.1.0h/apps/ec.c
new file mode 100644
index 0000000..2516c03
--- /dev/null
+++ b/openssl-1.1.0h/apps/ec.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+
+static OPT_PAIR conv_forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR param_enc[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
+    OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
+    OPT_NO_PUBLIC, OPT_CHECK
+} OPTION_CHOICE;
+
+OPTIONS ec_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key"},
+    {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
+    {"check", OPT_CHECK, '-', "check key consistency"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int ec_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EC_KEY *eckey = NULL;
+    const EC_GROUP *group;
+    const EVP_CIPHER *enc = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
+    int no_public = 0, check = 0;
+
+    prog = opt_init(argc, argv, ec_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ec_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PARAM_OUT:
+            param_out = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), conv_forms, &i))
+                goto opthelp;
+            new_form = 1;
+            form = i;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), param_enc, &i))
+                goto opthelp;
+            new_asn1_flag = 1;
+            asn1_flag = i;
+            break;
+        case OPT_NO_PUBLIC:
+            no_public = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = param_out || pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (informat != FORMAT_ENGINE) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+    }
+
+    BIO_printf(bio_err, "read EC key\n");
+    if (informat == FORMAT_ASN1) {
+        if (pubin)
+            eckey = d2i_EC_PUBKEY_bio(in, NULL);
+        else
+            eckey = d2i_ECPrivateKey_bio(in, NULL);
+    } else if (informat == FORMAT_ENGINE) {
+        EVP_PKEY *pkey;
+        if (pubin)
+            pkey = load_pubkey(infile, informat , 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        if (pkey != NULL) {
+            eckey = EVP_PKEY_get1_EC_KEY(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    } else {
+        if (pubin)
+            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+        else
+            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
+    }
+    if (eckey == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    group = EC_KEY_get0_group(eckey);
+
+    if (new_form)
+        EC_KEY_set_conv_form(eckey, form);
+
+    if (new_asn1_flag)
+        EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+    if (no_public)
+        EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+
+    if (text) {
+        assert(pubin || private);
+        if (!EC_KEY_print(out, eckey, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (check) {
+        if (EC_KEY_check_key(eckey) == 1) {
+            BIO_printf(bio_err, "EC Key valid.\n");
+        } else {
+            BIO_printf(bio_err, "EC Key Invalid!\n");
+            ERR_print_errors(bio_err);
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    BIO_printf(bio_err, "writing EC key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (param_out)
+            i = i2d_ECPKParameters_bio(out, group);
+        else if (pubin || pubout)
+            i = i2d_EC_PUBKEY_bio(out, eckey);
+        else {
+            assert(private);
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        }
+    } else {
+        if (param_out)
+            i = PEM_write_bio_ECPKParameters(out, group);
+        else if (pubin || pubout)
+            i = PEM_write_bio_EC_PUBKEY(out, eckey);
+        else {
+            assert(private);
+            i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+                                           NULL, 0, NULL, passout);
+        }
+    }
+
+    if (!i) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+    } else
+        ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    EC_KEY_free(eckey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/ecparam.c b/openssl-1.1.0h/apps/ecparam.c
new file mode 100644
index 0000000..999f748
--- /dev/null
+++ b/openssl-1.1.0h/apps/ecparam.c
@@ -0,0 +1,471 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/ec.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
+    OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE
+} OPTION_CHOICE;
+
+OPTIONS ecparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"in", OPT_IN, '<', "Input file  - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
+    {"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
+    {"check", OPT_CHECK, '-', "Validate the ec parameters"},
+    {"list_curves", OPT_LIST_CURVES, '-',
+     "Prints a list of all curve 'short names'"},
+    {"no_seed", OPT_NO_SEED, '-',
+     "If 'explicit' parameters are chosen do not use the seed"},
+    {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
+    {"name", OPT_NAME, 's',
+     "Use the ec parameters with specified 'short name'"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"genkey", OPT_GENKEY, '-', "Generate ec key"},
+    {"rand", OPT_RAND, 's', "Files to use for random number input"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+static OPT_PAIR forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR encodings[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+int ecparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+    BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
+    BIO *in = NULL, *out = NULL;
+    EC_GROUP *group = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *curve_name = NULL, *inrand = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    unsigned char *buffer = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, private = 0;
+    int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
+    int text = 0, i, need_rand = 0, genkey = 0;
+
+    prog = opt_init(argc, argv, ecparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ecparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_LIST_CURVES:
+            list_curves = 1;
+            break;
+        case OPT_NO_SEED:
+            no_seed = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_NAME:
+            curve_name = opt_arg();
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), forms, &new_form))
+                goto opthelp;
+            form = new_form;
+            new_form = 1;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), encodings, &asn1_flag))
+                goto opthelp;
+            new_asn1_flag = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = need_rand = 1;
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            need_rand = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (list_curves) {
+        EC_builtin_curve *curves = NULL;
+        size_t crv_len = EC_get_builtin_curves(NULL, 0);
+        size_t n;
+
+        curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
+        if (!EC_get_builtin_curves(curves, crv_len)) {
+            OPENSSL_free(curves);
+            goto end;
+        }
+
+        for (n = 0; n < crv_len; n++) {
+            const char *comment;
+            const char *sname;
+            comment = curves[n].comment;
+            sname = OBJ_nid2sn(curves[n].nid);
+            if (comment == NULL)
+                comment = "CURVE DESCRIPTION NOT AVAILABLE";
+            if (sname == NULL)
+                sname = "";
+
+            BIO_printf(out, "  %-10s: ", sname);
+            BIO_printf(out, "%s\n", comment);
+        }
+
+        OPENSSL_free(curves);
+        ret = 0;
+        goto end;
+    }
+
+    if (curve_name != NULL) {
+        int nid;
+
+        /*
+         * workaround for the SECG curve names secp192r1 and secp256r1 (which
+         * are the same as the curves prime192v1 and prime256v1 defined in
+         * X9.62)
+         */
+        if (strcmp(curve_name, "secp192r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime192v1 "
+                       "instead of secp192r1\n");
+            nid = NID_X9_62_prime192v1;
+        } else if (strcmp(curve_name, "secp256r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime256v1 "
+                       "instead of secp256r1\n");
+            nid = NID_X9_62_prime256v1;
+        } else
+            nid = OBJ_sn2nid(curve_name);
+
+        if (nid == 0)
+            nid = EC_curve_nist2nid(curve_name);
+
+        if (nid == 0) {
+            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+            goto end;
+        }
+
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL) {
+            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+            goto end;
+        }
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+        EC_GROUP_set_point_conversion_form(group, form);
+    } else if (informat == FORMAT_ASN1)
+        group = d2i_ECPKParameters_bio(in, NULL);
+    else
+        group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+    if (group == NULL) {
+        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (new_form)
+        EC_GROUP_set_point_conversion_form(group, form);
+
+    if (new_asn1_flag)
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+    if (no_seed) {
+        EC_GROUP_set_seed(group, NULL, 0);
+    }
+
+    if (text) {
+        if (!ECPKParameters_print(out, group, 0))
+            goto end;
+    }
+
+    if (check) {
+        BIO_printf(bio_err, "checking elliptic curve parameters: ");
+        if (!EC_GROUP_check(group, NULL)) {
+            BIO_printf(bio_err, "failed\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "ok\n");
+
+    }
+
+    if (C) {
+        size_t buf_len = 0, tmp_len = 0;
+        const EC_POINT *point;
+        int is_prime, len = 0;
+        const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+        if ((ec_p = BN_new()) == NULL
+                || (ec_a = BN_new()) == NULL
+                || (ec_b = BN_new()) == NULL
+                || (ec_gen = BN_new()) == NULL
+                || (ec_order = BN_new()) == NULL
+                || (ec_cofactor = BN_new()) == NULL) {
+            perror("Can't allocate BN");
+            goto end;
+        }
+
+        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+        if (!is_prime) {
+            BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
+            goto end;
+        }
+
+        if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
+            goto end;
+
+        if ((point = EC_GROUP_get0_generator(group)) == NULL)
+            goto end;
+        if (!EC_POINT_point2bn(group, point,
+                               EC_GROUP_get_point_conversion_form(group),
+                               ec_gen, NULL))
+            goto end;
+        if (!EC_GROUP_get_order(group, ec_order, NULL))
+            goto end;
+        if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+            goto end;
+
+        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+            goto end;
+
+        len = BN_num_bits(ec_order);
+
+        if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+            buf_len = tmp_len;
+
+        buffer = app_malloc(buf_len, "BN buffer");
+
+        BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
+        print_bignum_var(out, ec_p, "ec_p", len, buffer);
+        print_bignum_var(out, ec_a, "ec_a", len, buffer);
+        print_bignum_var(out, ec_b, "ec_b", len, buffer);
+        print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
+        print_bignum_var(out, ec_order, "ec_order", len, buffer);
+        print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+        BIO_printf(out, "    int ok = 0;\n"
+                        "    EC_GROUP *group = NULL;\n"
+                        "    EC_POINT *point = NULL;\n"
+                        "    BIGNUM *tmp_1 = NULL;\n"
+                        "    BIGNUM *tmp_2 = NULL;\n"
+                        "    BIGNUM *tmp_3 = NULL;\n"
+                        "\n");
+
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
+                        "        goto err;\n"
+                        "\n");
+        BIO_printf(out, "    /* build generator */\n");
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
+        BIO_printf(out, "    if (point == NULL)\n"
+                        "        goto err;\n");
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
+                        "        goto err;\n"
+                        "ok = 1;"
+                        "\n");
+        BIO_printf(out, "err:\n"
+                        "    BN_free(tmp_1);\n"
+                        "    BN_free(tmp_2);\n"
+                        "    BN_free(tmp_3);\n"
+                        "    EC_POINT_free(point);\n"
+                        "    if (!ok) {\n"
+                        "        EC_GROUP_free(group);\n"
+                        "        return NULL;\n"
+                        "    }\n"
+                        "    return (group);\n"
+                        "}\n");
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPKParameters_bio(out, group);
+        else
+            i = PEM_write_bio_ECPKParameters(out, group);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write elliptic "
+                       "curve parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (need_rand) {
+        app_RAND_load_file(NULL, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+
+    if (genkey) {
+        EC_KEY *eckey = EC_KEY_new();
+
+        if (eckey == NULL)
+            goto end;
+
+        assert(need_rand);
+
+        if (EC_KEY_set_group(eckey, group) == 0) {
+            BIO_printf(bio_err, "unable to set group when generating key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (new_form)
+            EC_KEY_set_conv_form(eckey, form);
+
+        if (!EC_KEY_generate_key(eckey)) {
+            BIO_printf(bio_err, "unable to generate key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        else
+            i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+                                           NULL, 0, NULL, NULL);
+        EC_KEY_free(eckey);
+    }
+
+    if (need_rand)
+        app_RAND_write_file(NULL);
+
+    ret = 0;
+ end:
+    BN_free(ec_p);
+    BN_free(ec_a);
+    BN_free(ec_b);
+    BN_free(ec_gen);
+    BN_free(ec_order);
+    BN_free(ec_cofactor);
+    OPENSSL_free(buffer);
+    EC_GROUP_free(group);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return (ret);
+}
+
+#endif
diff --git a/openssl-1.1.0h/apps/enc.c b/openssl-1.1.0h/apps/enc.c
new file mode 100644
index 0000000..df55381
--- /dev/null
+++ b/openssl-1.1.0h/apps/enc.c
@@ -0,0 +1,623 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <ctype.h>
+
+#undef SIZE
+#undef BSIZE
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+
+static int set_hex(char *in, unsigned char *out, int size);
+static void show_ciphers(const OBJ_NAME *name, void *bio_);
+
+struct doall_enc_ciphers {
+    BIO *bio;
+    int n;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_LIST,
+    OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
+    OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
+    OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
+    OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS enc_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"ciphers", OPT_LIST, '-', "List ciphers"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pass", OPT_PASS, 's', "Passphrase source"},
+    {"e", OPT_E, '-', "Encrypt"},
+    {"d", OPT_D, '-', "Decrypt"},
+    {"p", OPT_P, '-', "Print the iv/key"},
+    {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
+    {"v", OPT_V, '-', "Verbose output"},
+    {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
+    {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
+    {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
+    {"base64", OPT_A, '-', "Same as option -a"},
+    {"A", OPT_UPPER_A, '-',
+     "Used with -[base64|a] to specify base64 buffer as a single line"},
+    {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
+    {"k", OPT_K, 's', "Passphrase"},
+    {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
+    {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
+    {"S", OPT_UPPER_S, 's', "Salt, in hex"},
+    {"iv", OPT_IV, 's', "IV in hex"},
+    {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
+    {"none", OPT_NONE, '-', "Don't encrypt"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifdef ZLIB
+    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int enc_main(int argc, char **argv)
+{
+    static char buf[128];
+    static const char magic[] = "Salted__";
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+        NULL, *wbio = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    const EVP_CIPHER *cipher = NULL, *c;
+    const EVP_MD *dgst = NULL;
+    char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
+    char mbuf[sizeof(magic) - 1];
+    OPTION_CHOICE o;
+    int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
+    int enc = 1, printkey = 0, i, k;
+    int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
+    int ret = 1, inl, nopad = 0;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
+    long n;
+    struct doall_enc_ciphers dec;
+#ifdef ZLIB
+    int do_zlib = 0;
+    BIO *bzl = NULL;
+#endif
+
+    /* first check the program name */
+    prog = opt_progname(argv[0]);
+    if (strcmp(prog, "base64") == 0)
+        base64 = 1;
+#ifdef ZLIB
+    else if (strcmp(prog, "zlib") == 0)
+        do_zlib = 1;
+#endif
+    else {
+        cipher = EVP_get_cipherbyname(prog);
+        if (cipher == NULL && strcmp(prog, "enc") != 0) {
+            BIO_printf(bio_err, "%s is not a known cipher\n", prog);
+            goto end;
+        }
+    }
+
+    prog = opt_init(argc, argv, enc_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(enc_options);
+            ret = 0;
+            goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported ciphers:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+                                   show_ciphers, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
+        case OPT_E:
+            enc = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_D:
+            enc = 0;
+            break;
+        case OPT_P:
+            printkey = 1;
+            break;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_NOPAD:
+            nopad = 1;
+            break;
+        case OPT_SALT:
+            nosalt = 0;
+            break;
+        case OPT_NOSALT:
+            nosalt = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_UPPER_P:
+            printkey = 2;
+            break;
+        case OPT_UPPER_A:
+            olb64 = 1;
+            break;
+        case OPT_A:
+            base64 = 1;
+            break;
+        case OPT_Z:
+#ifdef ZLIB
+            do_zlib = 1;
+#endif
+            break;
+        case OPT_BUFSIZE:
+            p = opt_arg();
+            i = (int)strlen(p) - 1;
+            k = i >= 1 && p[i] == 'k';
+            if (k)
+                p[i] = '\0';
+            if (!opt_long(opt_arg(), &n)
+                    || n < 0 || (k && n >= LONG_MAX / 1024))
+                goto opthelp;
+            if (k)
+                n *= 1024;
+            bsize = (int)n;
+            break;
+        case OPT_K:
+            str = opt_arg();
+            break;
+        case OPT_KFILE:
+            in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
+            if (in == NULL)
+                goto opthelp;
+            i = BIO_gets(in, buf, sizeof(buf));
+            BIO_free(in);
+            in = NULL;
+            if (i <= 0) {
+                BIO_printf(bio_err,
+                           "%s Can't read key from %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
+                buf[i] = '\0';
+            if (i <= 0) {
+                BIO_printf(bio_err, "%s: zero length password\n", prog);
+                goto opthelp;
+            }
+            str = buf;
+            break;
+        case OPT_UPPER_K:
+            hkey = opt_arg();
+            break;
+        case OPT_UPPER_S:
+            hsalt = opt_arg();
+            break;
+        case OPT_IV:
+            hiv = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &dgst))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &c))
+                goto opthelp;
+            cipher = c;
+            break;
+        case OPT_NONE:
+            cipher = NULL;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+        BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
+        BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (dgst == NULL)
+        dgst = EVP_sha256();
+
+    /* It must be large enough for a base64 encoded line */
+    if (base64 && bsize < 80)
+        bsize = 80;
+    if (verbose)
+        BIO_printf(bio_err, "bufsize=%d\n", bsize);
+
+#ifdef ZLIB
+    if (!do_zlib)
+#endif
+        if (base64) {
+            if (enc)
+                outformat = FORMAT_BASE64;
+            else
+                informat = FORMAT_BASE64;
+        }
+
+    strbuf = app_malloc(SIZE, "strbuf");
+    buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
+
+    if (infile == NULL) {
+        in = dup_bio_in(informat);
+    } else
+        in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (!str && passarg) {
+        if (!app_passwd(passarg, NULL, &pass, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+        str = pass;
+    }
+
+    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+        if (1) {
+#ifndef OPENSSL_NO_UI
+            for (;;) {
+                char prompt[200];
+
+                BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
+                             OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+                             (enc) ? "encryption" : "decryption");
+                strbuf[0] = '\0';
+                i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
+                if (i == 0) {
+                    if (strbuf[0] == '\0') {
+                        ret = 1;
+                        goto end;
+                    }
+                    str = strbuf;
+                    break;
+                }
+                if (i < 0) {
+                    BIO_printf(bio_err, "bad password read\n");
+                    goto end;
+                }
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        BIO_set_callback(out, BIO_debug_callback);
+        BIO_set_callback_arg(in, (char *)bio_err);
+        BIO_set_callback_arg(out, (char *)bio_err);
+    }
+
+    rbio = in;
+    wbio = out;
+
+#ifdef ZLIB
+    if (do_zlib) {
+        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(bzl, BIO_debug_callback);
+            BIO_set_callback_arg(bzl, (char *)bio_err);
+        }
+        if (enc)
+            wbio = BIO_push(bzl, wbio);
+        else
+            rbio = BIO_push(bzl, rbio);
+    }
+#endif
+
+    if (base64) {
+        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(b64, BIO_debug_callback);
+            BIO_set_callback_arg(b64, (char *)bio_err);
+        }
+        if (olb64)
+            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        if (enc)
+            wbio = BIO_push(b64, wbio);
+        else
+            rbio = BIO_push(b64, rbio);
+    }
+
+    if (cipher != NULL) {
+        /*
+         * Note that str is NULL if a key was passed on the command line, so
+         * we get no salt in that case. Is this a bug?
+         */
+        if (str != NULL) {
+            /*
+             * Salt handling: if encrypting generate a salt and write to
+             * output BIO. If decrypting read salt from input BIO.
+             */
+            unsigned char *sptr;
+            size_t str_len = strlen(str);
+
+            if (nosalt)
+                sptr = NULL;
+            else {
+                if (enc) {
+                    if (hsalt) {
+                        if (!set_hex(hsalt, salt, sizeof(salt))) {
+                            BIO_printf(bio_err, "invalid hex salt value\n");
+                            goto end;
+                        }
+                    } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
+                        goto end;
+                    /*
+                     * If -P option then don't bother writing
+                     */
+                    if ((printkey != 2)
+                        && (BIO_write(wbio, magic,
+                                      sizeof(magic) - 1) != sizeof(magic) - 1
+                            || BIO_write(wbio,
+                                         (char *)salt,
+                                         sizeof(salt)) != sizeof(salt))) {
+                        BIO_printf(bio_err, "error writing output file\n");
+                        goto end;
+                    }
+                } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
+                           || BIO_read(rbio,
+                                       (unsigned char *)salt,
+                                       sizeof(salt)) != sizeof(salt)) {
+                    BIO_printf(bio_err, "error reading input file\n");
+                    goto end;
+                } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
+                    BIO_printf(bio_err, "bad magic number\n");
+                    goto end;
+                }
+
+                sptr = salt;
+            }
+
+            if (!EVP_BytesToKey(cipher, dgst, sptr,
+                                (unsigned char *)str,
+                                str_len, 1, key, iv)) {
+                BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+                goto end;
+            }
+            /*
+             * zero the complete buffer or the string passed from the command
+             * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
+             */
+            if (str == strbuf)
+                OPENSSL_cleanse(str, SIZE);
+            else
+                OPENSSL_cleanse(str, str_len);
+        }
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof(iv))) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
+        }
+        if ((hiv == NULL) && (str == NULL)
+            && EVP_CIPHER_iv_length(cipher) != 0) {
+            /*
+             * No IV was explicitly set and no IV was generated during
+             * EVP_BytesToKey. Hence the IV is undefined, making correct
+             * decryption impossible.
+             */
+            BIO_printf(bio_err, "iv undefined\n");
+            goto end;
+        }
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+            BIO_printf(bio_err, "invalid hex key value\n");
+            goto end;
+        }
+
+        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
+            goto end;
+
+        /*
+         * Since we may be changing parameters work on the encryption context
+         * rather than calling BIO_set_cipher().
+         */
+
+        BIO_get_cipher_ctx(benc, &ctx);
+
+        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (nopad)
+            EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (debug) {
+            BIO_set_callback(benc, BIO_debug_callback);
+            BIO_set_callback_arg(benc, (char *)bio_err);
+        }
+
+        if (printkey) {
+            if (!nosalt) {
+                printf("salt=");
+                for (i = 0; i < (int)sizeof(salt); i++)
+                    printf("%02X", salt[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_key_length(cipher) > 0) {
+                printf("key=");
+                for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
+                    printf("%02X", key[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_iv_length(cipher) > 0) {
+                printf("iv =");
+                for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
+                    printf("%02X", iv[i]);
+                printf("\n");
+            }
+            if (printkey == 2) {
+                ret = 0;
+                goto end;
+            }
+        }
+    }
+
+    /* Only encrypt/decrypt as we write the file */
+    if (benc != NULL)
+        wbio = BIO_push(benc, wbio);
+
+    for (;;) {
+        inl = BIO_read(rbio, (char *)buff, bsize);
+        if (inl <= 0)
+            break;
+        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+            BIO_printf(bio_err, "error writing output file\n");
+            goto end;
+        }
+    }
+    if (!BIO_flush(wbio)) {
+        BIO_printf(bio_err, "bad decrypt\n");
+        goto end;
+    }
+
+    ret = 0;
+    if (verbose) {
+        BIO_printf(bio_err, "bytes read   :%8"BIO_PRI64"u\n", BIO_number_read(in));
+        BIO_printf(bio_err, "bytes written:%8"BIO_PRI64"u\n", BIO_number_written(out));
+    }
+ end:
+    ERR_print_errors(bio_err);
+    OPENSSL_free(strbuf);
+    OPENSSL_free(buff);
+    BIO_free(in);
+    BIO_free_all(out);
+    BIO_free(benc);
+    BIO_free(b64);
+#ifdef ZLIB
+    BIO_free(bzl);
+#endif
+    release_engine(e);
+    OPENSSL_free(pass);
+    return (ret);
+}
+
+static void show_ciphers(const OBJ_NAME *name, void *arg)
+{
+    struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
+    const EVP_CIPHER *cipher;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else
+        BIO_printf(dec->bio, " ");
+}
+
+static int set_hex(char *in, unsigned char *out, int size)
+{
+    int i, n;
+    unsigned char j;
+
+    n = strlen(in);
+    if (n > (size * 2)) {
+        BIO_printf(bio_err, "hex string is too long\n");
+        return (0);
+    }
+    memset(out, 0, size);
+    for (i = 0; i < n; i++) {
+        j = (unsigned char)*in;
+        *(in++) = '\0';
+        if (j == 0)
+            break;
+        if (!isxdigit(j)) {
+            BIO_printf(bio_err, "non-hex digit\n");
+            return (0);
+        }
+        j = (unsigned char)OPENSSL_hexchar2int(j);
+        if (i & 1)
+            out[i / 2] |= j;
+        else
+            out[i / 2] = (j << 4);
+    }
+    return (1);
+}
diff --git a/openssl-1.1.0h/apps/engine.c b/openssl-1.1.0h/apps/engine.c
new file mode 100644
index 0000000..4eeb642
--- /dev/null
+++ b/openssl-1.1.0h/apps/engine.c
@@ -0,0 +1,446 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_ENGINE
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "apps.h"
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/err.h>
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
+    OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
+} OPTION_CHOICE;
+
+OPTIONS engine_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  engine... Engines to load\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "List 'control commands' For each specified engine"},
+    {"vv", OPT_VV, '-', "Also display each command's description"},
+    {"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
+    {"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
+    {"c", OPT_C, '-', "List the capabilities of specified engine"},
+    {"t", OPT_T, '-', "Check that specified engine is available"},
+    {"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
+    {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
+    {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
+    {OPT_MORE_STR, OPT_EOF, 1,
+     "Commands are like \"SO_PATH:/lib/libdriver.so\""},
+    {NULL}
+};
+
+static int append_buf(char **buf, int *size, const char *s)
+{
+    if (*buf == NULL) {
+        *size = 256;
+        *buf = app_malloc(*size, "engine buffer");
+        **buf = '\0';
+    }
+
+    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+        char *tmp;
+        *size += 256;
+        tmp = OPENSSL_realloc(*buf, *size);
+        if (tmp == NULL) {
+            OPENSSL_free(*buf);
+            *buf = NULL;
+            return 0;
+        }
+        *buf = tmp;
+    }
+
+    if (**buf != '\0')
+        OPENSSL_strlcat(*buf, ", ", *size);
+    OPENSSL_strlcat(*buf, s, *size);
+
+    return 1;
+}
+
+static int util_flags(BIO *out, unsigned int flags, const char *indent)
+{
+    int started = 0, err = 0;
+    /* Indent before displaying input flags */
+    BIO_printf(out, "%s%s(input flags): ", indent, indent);
+    if (flags == 0) {
+        BIO_printf(out, "<no flags>\n");
+        return 1;
+    }
+    /*
+     * If the object is internal, mark it in a way that shows instead of
+     * having it part of all the other flags, even if it really is.
+     */
+    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        BIO_printf(out, "[Internal] ");
+    }
+
+    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+        BIO_printf(out, "NUMERIC");
+        started = 1;
+    }
+    /*
+     * Now we check that no combinations of the mutually exclusive NUMERIC,
+     * STRING, and NO_INPUT flags have been used. Future flags that can be
+     * OR'd together with these would need to added after these to preserve
+     * the testing logic.
+     */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "STRING");
+        started = 1;
+    }
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "NO_INPUT");
+        started = 1;
+    }
+    /* Check for unknown flags */
+    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+        ~ENGINE_CMD_FLAG_STRING &
+        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+    if (flags) {
+        if (started)
+            BIO_printf(out, "|");
+        BIO_printf(out, "<0x%04X>", flags);
+    }
+    if (err)
+        BIO_printf(out, "  <illegal flags!>");
+    BIO_printf(out, "\n");
+    return 1;
+}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
+{
+    static const int line_wrap = 78;
+    int num;
+    int ret = 0;
+    char *name = NULL;
+    char *desc = NULL;
+    int flags;
+    int xpos = 0;
+    STACK_OF(OPENSSL_STRING) *cmds = NULL;
+    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+                            0, NULL, NULL)) <= 0)) {
+        return 1;
+    }
+
+    cmds = sk_OPENSSL_STRING_new_null();
+    if (!cmds)
+        goto err;
+
+    do {
+        int len;
+        /* Get the command input flags */
+        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+                                 NULL, NULL)) < 0)
+            goto err;
+        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+            /* Get the command name */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                   NULL, NULL)) <= 0)
+                goto err;
+            name = app_malloc(len + 1, "name buffer");
+            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                            NULL) <= 0)
+                goto err;
+            /* Get the command description */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                   NULL, NULL)) < 0)
+                goto err;
+            if (len > 0) {
+                desc = app_malloc(len + 1, "description buffer");
+                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                NULL) <= 0)
+                    goto err;
+            }
+            /* Now decide on the output */
+            if (xpos == 0)
+                /* Do an indent */
+                xpos = BIO_puts(out, indent);
+            else
+                /* Otherwise prepend a ", " */
+                xpos += BIO_printf(out, ", ");
+            if (verbose == 1) {
+                /*
+                 * We're just listing names, comma-delimited
+                 */
+                if ((xpos > (int)strlen(indent)) &&
+                    (xpos + (int)strlen(name) > line_wrap)) {
+                    BIO_printf(out, "\n");
+                    xpos = BIO_puts(out, indent);
+                }
+                xpos += BIO_printf(out, "%s", name);
+            } else {
+                /* We're listing names plus descriptions */
+                BIO_printf(out, "%s: %s\n", name,
+                           (desc == NULL) ? "<no description>" : desc);
+                /* ... and sometimes input flags */
+                if ((verbose >= 3) && !util_flags(out, flags, indent))
+                    goto err;
+                xpos = 0;
+            }
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(desc);
+        desc = NULL;
+        /* Move to the next command */
+        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+    } while (num > 0);
+    if (xpos > 0)
+        BIO_printf(out, "\n");
+    ret = 1;
+ err:
+    sk_OPENSSL_STRING_free(cmds);
+    OPENSSL_free(name);
+    OPENSSL_free(desc);
+    return ret;
+}
+
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+                         BIO *out, const char *indent)
+{
+    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
+
+    if (num < 0) {
+        BIO_printf(out, "[Error]: internal stack error\n");
+        return;
+    }
+    for (loop = 0; loop < num; loop++) {
+        char buf[256];
+        const char *cmd, *arg;
+        cmd = sk_OPENSSL_STRING_value(cmds, loop);
+        res = 1;                /* assume success */
+        /* Check if this command has no ":arg" */
+        if ((arg = strstr(cmd, ":")) == NULL) {
+            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+                res = 0;
+        } else {
+            if ((int)(arg - cmd) > 254) {
+                BIO_printf(out, "[Error]: command name too long\n");
+                return;
+            }
+            memcpy(buf, cmd, (int)(arg - cmd));
+            buf[arg - cmd] = '\0';
+            arg++;              /* Move past the ":" */
+            /* Call the command with the argument */
+            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+                res = 0;
+        }
+        if (res)
+            BIO_printf(out, "[Success]: %s\n", cmd);
+        else {
+            BIO_printf(out, "[Failure]: %s\n", cmd);
+            ERR_print_errors(out);
+        }
+    }
+}
+
+int engine_main(int argc, char **argv)
+{
+    int ret = 1, i;
+    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
+    ENGINE *e;
+    STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
+    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
+    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
+    BIO *out;
+    const char *indent = "     ";
+    OPTION_CHOICE o;
+    char *prog;
+    char *argv1;
+
+    out = dup_bio_out(FORMAT_TEXT);
+    if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
+        goto end;
+
+    /* Remember the original command name, parse/skip any leading engine
+     * names, and then setup to parse the rest of the line as flags. */
+    prog = argv[0];
+    while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
+        sk_OPENSSL_CSTRING_push(engines, argv1);
+        argc--;
+        argv++;
+    }
+    argv[0] = prog;
+    opt_init(argc, argv, engine_options);
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(engine_options);
+            ret = 0;
+            goto end;
+        case OPT_VVVV:
+        case OPT_VVV:
+        case OPT_VV:
+        case OPT_V:
+            /* Convert to an integer from one to four. */
+            i = (int)(o - OPT_V) + 1;
+            if (verbose < i)
+                verbose = i;
+            break;
+        case OPT_C:
+            list_cap = 1;
+            break;
+        case OPT_TT:
+            test_avail_noise++;
+            /* fall thru */
+        case OPT_T:
+            test_avail++;
+            break;
+        case OPT_PRE:
+            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            break;
+        case OPT_POST:
+            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            break;
+        }
+    }
+
+    /* Allow any trailing parameters as engine names. */
+    argc = opt_num_rest();
+    argv = opt_rest();
+    for ( ; *argv; argv++) {
+        if (**argv == '-') {
+            BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
+                       prog);
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        }
+        sk_OPENSSL_CSTRING_push(engines, *argv);
+    }
+
+    if (sk_OPENSSL_CSTRING_num(engines) == 0) {
+        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+            sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
+        }
+    }
+
+    ret = 0;
+    for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
+        const char *id = sk_OPENSSL_CSTRING_value(engines, i);
+        if ((e = ENGINE_by_id(id)) != NULL) {
+            const char *name = ENGINE_get_name(e);
+            /*
+             * Do "id" first, then "name". Easier to auto-parse.
+             */
+            BIO_printf(out, "(%s) %s\n", id, name);
+            util_do_cmds(e, pre_cmds, out, indent);
+            if (strcmp(ENGINE_get_id(e), id) != 0) {
+                BIO_printf(out, "Loaded: (%s) %s\n",
+                           ENGINE_get_id(e), ENGINE_get_name(e));
+            }
+            if (list_cap) {
+                int cap_size = 256;
+                char *cap_buf = NULL;
+                int k, n;
+                const int *nids;
+                ENGINE_CIPHERS_PTR fn_c;
+                ENGINE_DIGESTS_PTR fn_d;
+                ENGINE_PKEY_METHS_PTR fn_pk;
+
+                if (ENGINE_get_RSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RSA"))
+                    goto end;
+                if (ENGINE_get_DSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DSA"))
+                    goto end;
+                if (ENGINE_get_DH(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DH"))
+                    goto end;
+                if (ENGINE_get_RAND(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RAND"))
+                    goto end;
+
+                fn_c = ENGINE_get_ciphers(e);
+                if (!fn_c)
+                    goto skip_ciphers;
+                n = fn_c(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_ciphers:
+                fn_d = ENGINE_get_digests(e);
+                if (!fn_d)
+                    goto skip_digests;
+                n = fn_d(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_digests:
+                fn_pk = ENGINE_get_pkey_meths(e);
+                if (!fn_pk)
+                    goto skip_pmeths;
+                n = fn_pk(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+ skip_pmeths:
+                if (cap_buf && (*cap_buf != '\0'))
+                    BIO_printf(out, " [%s]\n", cap_buf);
+
+                OPENSSL_free(cap_buf);
+            }
+            if (test_avail) {
+                BIO_printf(out, "%s", indent);
+                if (ENGINE_init(e)) {
+                    BIO_printf(out, "[ available ]\n");
+                    util_do_cmds(e, post_cmds, out, indent);
+                    ENGINE_finish(e);
+                } else {
+                    BIO_printf(out, "[ unavailable ]\n");
+                    if (test_avail_noise)
+                        ERR_print_errors_fp(stdout);
+                    ERR_clear_error();
+                }
+            }
+            if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
+                goto end;
+            ENGINE_free(e);
+        } else {
+            ERR_print_errors(bio_err);
+            /* because exit codes above 127 have special meaning on Unix */
+            if (++ret > 127)
+                ret = 127;
+        }
+    }
+
+ end:
+
+    ERR_print_errors(bio_err);
+    sk_OPENSSL_CSTRING_free(engines);
+    sk_OPENSSL_STRING_free(pre_cmds);
+    sk_OPENSSL_STRING_free(post_cmds);
+    BIO_free_all(out);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/errstr.c b/openssl-1.1.0h/apps/errstr.c
new file mode 100644
index 0000000..79d83ee
--- /dev/null
+++ b/openssl-1.1.0h/apps/errstr.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
+} OPTION_CHOICE;
+
+OPTIONS errstr_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
+    {OPT_HELP_STR, 1, '-', "  errnum  Error number\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {NULL}
+};
+
+int errstr_main(int argc, char **argv)
+{
+    OPTION_CHOICE o;
+    char buf[256], *prog;
+    int ret = 1;
+    unsigned long l;
+
+    prog = opt_init(argc, argv, errstr_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(errstr_options);
+            ret = 0;
+            goto end;
+        }
+    }
+
+    ret = 0;
+    for (argv = opt_rest(); *argv; argv++) {
+        if (sscanf(*argv, "%lx", &l) == 0)
+            ret++;
+        else {
+            /* We're not really an SSL application so this won't auto-init, but
+             * we're still interested in SSL error strings
+             */
+            OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+                             | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+            ERR_error_string_n(l, buf, sizeof(buf));
+            BIO_printf(bio_out, "%s\n", buf);
+        }
+    }
+ end:
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/gendsa.c b/openssl-1.1.0h/apps/gendsa.c
new file mode 100644
index 0000000..bdef022
--- /dev/null
+++ b/openssl-1.1.0h/apps/gendsa.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_DSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS gendsa_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output the key to the specified file"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int gendsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL, *in = NULL;
+    DSA *dsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *inrand = NULL, *dsaparams = NULL;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
+    OPTION_CHOICE o;
+    int ret = 1, private = 0;
+    const BIGNUM *p = NULL;
+
+    prog = opt_init(argc, argv, gendsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(gendsa_options);
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    private = 1;
+
+    if (argc != 1)
+        goto opthelp;
+    dsaparams = *argv;
+
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end2;
+
+    if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameter file\n");
+        goto end;
+    }
+    BIO_free(in);
+    in = NULL;
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end2;
+
+    if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
+        BIO_printf(bio_err,
+                   "warning, not much extra random data, consider using the -rand option\n");
+    }
+    if (inrand != NULL)
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                   app_RAND_load_files(inrand));
+
+    DSA_get0_pqg(dsa, &p, NULL, NULL);
+    BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
+    if (!DSA_generate_key(dsa))
+        goto end;
+
+    app_RAND_write_file(NULL);
+
+    assert(private);
+    if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
+        goto end;
+    ret = 0;
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+ end2:
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passout);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/genpkey.c b/openssl-1.1.0h/apps/genpkey.c
new file mode 100644
index 0000000..9e37977
--- /dev/null
+++ b/openssl-1.1.0h/apps/genpkey.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
+    OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS genpkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
+    {"pass", OPT_PASS, 's', "Output file pass phrase source"},
+    {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
+    {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+    {"pkeyopt", OPT_PKEYOPT, 's',
+     "Set the public key algorithm option as opt:value"},
+    {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
+    {"text", OPT_TEXT, '-', "Print the in text"},
+    {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    /* This is deliberately last. */
+    {OPT_HELP_STR, 1, 1,
+     "Order of options may be important!  See the documentation.\n"},
+    {NULL}
+};
+
+int genpkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
+    const EVP_CIPHER *cipher = NULL;
+    OPTION_CHOICE o;
+    int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
+    int private = 0;
+
+    prog = opt_init(argc, argv, genpkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genpkey_options);
+            goto end;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PARAMFILE:
+            if (do_param == 1)
+                goto opthelp;
+            if (!init_keygen_file(&ctx, opt_arg(), e))
+                goto end;
+            break;
+        case OPT_ALGORITHM:
+            if (!init_gen_str(&ctx, opt_arg(), e, do_param))
+                goto end;
+            break;
+        case OPT_PKEYOPT:
+            if (ctx == NULL) {
+                BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
+                goto opthelp;
+            }
+            if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
+                BIO_printf(bio_err,
+                           "%s: Error setting %s parameter:\n",
+                           prog, opt_arg());
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OPT_GENPARAM:
+            if (ctx != NULL)
+                goto opthelp;
+            do_param = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher)
+                || do_param == 1)
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = do_param ? 0 : 1;
+
+    if (ctx == NULL)
+        goto opthelp;
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_puts(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
+    EVP_PKEY_CTX_set_app_data(ctx, bio_err);
+
+    if (do_param) {
+        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (do_param)
+        rv = PEM_write_bio_Parameters(out, pkey);
+    else if (outformat == FORMAT_PEM) {
+        assert(private);
+        rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
+    } else if (outformat == FORMAT_ASN1) {
+        assert(private);
+        rv = i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+
+    if (rv <= 0) {
+        BIO_puts(bio_err, "Error writing key\n");
+        ERR_print_errors(bio_err);
+    }
+
+    if (text) {
+        if (do_param)
+            rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
+        else
+            rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
+
+        if (rv <= 0) {
+            BIO_puts(bio_err, "Error printing key\n");
+            ERR_print_errors(bio_err);
+        }
+    }
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    BIO_free_all(out);
+    BIO_free(in);
+    release_engine(e);
+    OPENSSL_free(pass);
+    return ret;
+}
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
+{
+    BIO *pbio;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    if (*pctx) {
+        BIO_puts(bio_err, "Parameters already set!\n");
+        return 0;
+    }
+
+    pbio = BIO_new_file(file, "r");
+    if (!pbio) {
+        BIO_printf(bio_err, "Can't open parameter file %s\n", file);
+        return 0;
+    }
+
+    pkey = PEM_read_bio_Parameters(pbio, NULL);
+    BIO_free(pbio);
+
+    if (!pkey) {
+        BIO_printf(bio_err, "Error reading parameter file %s\n", file);
+        return 0;
+    }
+
+    ctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(ctx) <= 0)
+        goto err;
+    EVP_PKEY_free(pkey);
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_puts(bio_err, "Error initializing context\n");
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    return 0;
+
+}
+
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param)
+{
+    EVP_PKEY_CTX *ctx = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id;
+
+    if (*pctx) {
+        BIO_puts(bio_err, "Algorithm already set!\n");
+        return 0;
+    }
+
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#ifndef OPENSSL_NO_ENGINE
+    if (!ameth && e)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+#endif
+
+    if (!ameth) {
+        BIO_printf(bio_err, "Algorithm %s not found\n", algname);
+        return 0;
+    }
+
+    ERR_clear_error();
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(tmpeng);
+#endif
+    ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
+
+    if (!ctx)
+        goto err;
+    if (do_param) {
+        if (EVP_PKEY_paramgen_init(ctx) <= 0)
+            goto err;
+    } else {
+        if (EVP_PKEY_keygen_init(ctx) <= 0)
+            goto err;
+    }
+
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error initializing %s context\n", algname);
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    return 0;
+
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
diff --git a/openssl-1.1.0h/apps/genrsa.c b/openssl-1.1.0h/apps/genrsa.c
new file mode 100644
index 0000000..19bc753
--- /dev/null
+++ b/openssl-1.1.0h/apps/genrsa.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+
+# define DEFBITS 2048
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_3, OPT_F4, OPT_ENGINE,
+    OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS genrsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"3", OPT_3, '-', "Use 3 for the E value"},
+    {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"out", OPT_OUT, 's', "Output the key to specified file"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int genrsa_main(int argc, char **argv)
+{
+    BN_GENCB *cb = BN_GENCB_new();
+    PW_CB_DATA cb_data;
+    ENGINE *eng = NULL;
+    BIGNUM *bn = BN_new();
+    BIO *out = NULL;
+    const BIGNUM *e;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    int ret = 1, num = DEFBITS, private = 0;
+    unsigned long f4 = RSA_F4;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
+    char *inrand = NULL, *prog, *hexe, *dece;
+    OPTION_CHOICE o;
+
+    if (bn == NULL || cb == NULL)
+        goto end;
+
+    BN_GENCB_set(cb, genrsa_cb, bio_err);
+
+    prog = opt_init(argc, argv, genrsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genrsa_options);
+            goto end;
+        case OPT_3:
+            f4 = 3;
+            break;
+        case OPT_F4:
+            f4 = RSA_F4;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            eng = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    private = 1;
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    if (!app_RAND_load_file(NULL, 1) && inrand == NULL
+        && !RAND_status()) {
+        BIO_printf(bio_err,
+                   "warning, not much extra random data, consider using the -rand option\n");
+    }
+    if (inrand != NULL)
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                   app_RAND_load_files(inrand));
+
+    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
+               num);
+    rsa = eng ? RSA_new_method(eng) : RSA_new();
+    if (rsa == NULL)
+        goto end;
+
+    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
+        goto end;
+
+    app_RAND_write_file(NULL);
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    hexe = BN_bn2hex(e);
+    dece = BN_bn2dec(e);
+    if (hexe && dece) {
+        BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
+    }
+    OPENSSL_free(hexe);
+    OPENSSL_free(dece);
+    cb_data.password = passout;
+    cb_data.prompt_info = outfile;
+    assert(private);
+    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
+                                     (pem_password_cb *)password_callback,
+                                     &cb_data))
+        goto end;
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    BN_GENCB_free(cb);
+    RSA_free(rsa);
+    BIO_free_all(out);
+    release_engine(eng);
+    OPENSSL_free(passout);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    return (ret);
+}
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/apps/nseq.c b/openssl-1.1.0h/apps/nseq.c
new file mode 100644
index 0000000..018d5eb
--- /dev/null
+++ b/openssl-1.1.0h/apps/nseq.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_TOSEQ, OPT_IN, OPT_OUT
+} OPTION_CHOICE;
+
+OPTIONS nseq_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {NULL}
+};
+
+int nseq_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    X509 *x509 = NULL;
+    NETSCAPE_CERT_SEQUENCE *seq = NULL;
+    OPTION_CHOICE o;
+    int toseq = 0, ret = 1, i;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, nseq_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(nseq_options);
+            goto end;
+        case OPT_TOSEQ:
+            toseq = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+
+    if (toseq) {
+        seq = NETSCAPE_CERT_SEQUENCE_new();
+        if (seq == NULL)
+            goto end;
+        seq->certs = sk_X509_new_null();
+        if (seq->certs == NULL)
+            goto end;
+        while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+            sk_X509_push(seq->certs, x509);
+
+        if (!sk_X509_num(seq->certs)) {
+            BIO_printf(bio_err, "%s: Error reading certs file %s\n",
+                       prog, infile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+        ret = 0;
+        goto end;
+    }
+
+    seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
+    if (seq == NULL) {
+        BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
+                   prog, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    for (i = 0; i < sk_X509_num(seq->certs); i++) {
+        x509 = sk_X509_value(seq->certs, i);
+        dump_cert_text(out, x509);
+        PEM_write_bio_X509(out, x509);
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    NETSCAPE_CERT_SEQUENCE_free(seq);
+
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/ocsp.c b/openssl-1.1.0h/apps/ocsp.c
new file mode 100644
index 0000000..4b53334
--- /dev/null
+++ b/openssl-1.1.0h/apps/ocsp.c
@@ -0,0 +1,1290 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_OCSP
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# ifdef OPENSSL_SYS_VMS
+#  define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
+                                 * on OpenVMS */
+# endif
+
+# define USE_SOCKETS
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include <ctype.h>
+
+/* Needs to be included before the openssl headers */
+# include "apps.h"
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/x509v3.h>
+
+# if defined(NETWARE_CLIB)
+#  ifdef NETWARE_BSDSOCK
+#   include <sys/socket.h>
+#   include <sys/bsdskt.h>
+#  else
+#   include <novsock2.h>
+#  endif
+# elif defined(NETWARE_LIBC)
+#  ifdef NETWARE_BSDSOCK
+#   include <sys/select.h>
+#  else
+#   include <novsock2.h>
+#  endif
+# endif
+
+/* Maximum leeway in validity period: default 5 minutes */
+# define MAX_VALIDITY_PERIOD    (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids);
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage);
+static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, X509 *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *md,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+
+# ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout);
+# endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+    OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
+    OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
+    OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
+    OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER,
+    OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT,
+    OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER,
+    OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH,
+    OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT,
+    OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
+    OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
+    OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_HEADER,
+    OPT_V_ENUM,
+    OPT_MD
+} OPTION_CHOICE;
+
+OPTIONS ocsp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUTFILE, '>', "Output filename"},
+    {"timeout", OPT_TIMEOUT, 'p',
+     "Connection timeout (in seconds) to the OCSP responder"},
+    {"url", OPT_URL, 's', "Responder URL"},
+    {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
+    {"port", OPT_PORT, 'p', "Port to run responder on"},
+    {"ignore_err", OPT_IGNORE_ERR, '-',
+     "Ignore Error response from OCSP responder, and retry "},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
+    {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
+    {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
+     "Don't include any certificates in response"},
+    {"resp_key_id", OPT_RESP_KEY_ID, '-',
+     "Identify response by signing certificate key ID"},
+    {"no_certs", OPT_NO_CERTS, '-',
+     "Don't include any certificates in signed request"},
+    {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
+     "Don't check signature on response"},
+    {"no_cert_verify", OPT_NO_CERT_VERIFY, '-',
+     "Don't check signing certificate"},
+    {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
+    {"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
+     "Don't do additional checks on signing certificate"},
+    {"no_explicit", OPT_NO_EXPLICIT, '-',
+     "Do not explicitly check the chain, just verify the root"},
+    {"trust_other", OPT_TRUST_OTHER, '-',
+     "Don't verify additional certificates"},
+    {"no_intern", OPT_NO_INTERN, '-',
+     "Don't search certificates contained in response for signer"},
+    {"badsig", OPT_BADSIG, '-',
+        "Corrupt last byte of loaded OSCP response signature (for test)"},
+    {"text", OPT_TEXT, '-', "Print text form of request and response"},
+    {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
+    {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
+    {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"},
+    {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"},
+    {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"},
+    {"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
+    {"sign_other", OPT_SIGN_OTHER, '<',
+     "Additional certificates to include in signed request"},
+    {"verify_other", OPT_VERIFY_OTHER, '<',
+     "Additional certificates to search for signer"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"validity_period", OPT_VALIDITY_PERIOD, 'u',
+     "Maximum validity discrepancy in seconds"},
+    {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
+    {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
+    {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"},
+    {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"},
+    {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+    {"issuer", OPT_ISSUER, '<', "Issuer certificate"},
+    {"cert", OPT_CERT, '<', "Certificate to check"},
+    {"serial", OPT_SERIAL, 's', "Serial number to check"},
+    {"index", OPT_INDEX, '<', "Certificate status index file"},
+    {"CA", OPT_CA, '<', "CA certificate"},
+    {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
+    {"nrequest", OPT_REQUEST, 'p',
+     "Number of requests to accept (default unlimited)"},
+    {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
+    {"rsigner", OPT_RSIGNER, '<',
+     "Responder certificate to sign responses with"},
+    {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
+    {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
+    {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
+    {"header", OPT_HEADER, 's', "key=value header to add"},
+    {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
+    OPT_V_OPTIONS,
+    {NULL}
+};
+
+int ocsp_main(int argc, char **argv)
+{
+    BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
+    const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+    int trailing_md = 0;
+    CA_DB *rdb = NULL;
+    EVP_PKEY *key = NULL, *rkey = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    STACK_OF(CONF_VALUE) *headers = NULL;
+    STACK_OF(OCSP_CERTID) *ids = NULL;
+    STACK_OF(OPENSSL_STRING) *reqnames = NULL;
+    STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+    STACK_OF(X509) *issuers = NULL;
+    X509 *issuer = NULL, *cert = NULL, *rca_cert = NULL;
+    X509 *signer = NULL, *rsigner = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *header, *value;
+    char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
+    char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
+    char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
+    char *rsignfile = NULL, *rkeyfile = NULL;
+    char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+    char *signfile = NULL, *keyfile = NULL;
+    char *thost = NULL, *tport = NULL, *tpath = NULL;
+    int noCAfile = 0, noCApath = 0;
+    int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
+    int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
+    int req_text = 0, resp_text = 0, ret = 1;
+#ifndef OPENSSL_NO_SOCK
+    int req_timeout = -1;
+#endif
+    long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+    unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+    OPTION_CHOICE o;
+    char *prog;
+
+    reqnames = sk_OPENSSL_STRING_new_null();
+    if (!reqnames)
+        goto end;
+    ids = sk_OCSP_CERTID_new_null();
+    if (!ids)
+        goto end;
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, ocsp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(ocsp_options);
+            goto end;
+        case OPT_OUTFILE:
+            outfile = opt_arg();
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_SOCK
+            req_timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_URL:
+            OPENSSL_free(thost);
+            OPENSSL_free(tport);
+            OPENSSL_free(tpath);
+            thost = tport = tpath = NULL;
+            if (!OCSP_parse_url(opt_arg(), &host, &port, &path, &use_ssl)) {
+                BIO_printf(bio_err, "%s Error parsing URL\n", prog);
+                goto end;
+            }
+            thost = host;
+            tport = port;
+            tpath = path;
+            break;
+        case OPT_HOST:
+            host = opt_arg();
+            break;
+        case OPT_PORT:
+            port = opt_arg();
+            break;
+        case OPT_IGNORE_ERR:
+            ignore_err = 1;
+            break;
+        case OPT_NOVERIFY:
+            noverify = 1;
+            break;
+        case OPT_NONCE:
+            add_nonce = 2;
+            break;
+        case OPT_NO_NONCE:
+            add_nonce = 0;
+            break;
+        case OPT_RESP_NO_CERTS:
+            rflags |= OCSP_NOCERTS;
+            break;
+        case OPT_RESP_KEY_ID:
+            rflags |= OCSP_RESPID_KEY;
+            break;
+        case OPT_NO_CERTS:
+            sign_flags |= OCSP_NOCERTS;
+            break;
+        case OPT_NO_SIGNATURE_VERIFY:
+            verify_flags |= OCSP_NOSIGS;
+            break;
+        case OPT_NO_CERT_VERIFY:
+            verify_flags |= OCSP_NOVERIFY;
+            break;
+        case OPT_NO_CHAIN:
+            verify_flags |= OCSP_NOCHAIN;
+            break;
+        case OPT_NO_CERT_CHECKS:
+            verify_flags |= OCSP_NOCHECKS;
+            break;
+        case OPT_NO_EXPLICIT:
+            verify_flags |= OCSP_NOEXPLICIT;
+            break;
+        case OPT_TRUST_OTHER:
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_NO_INTERN:
+            verify_flags |= OCSP_NOINTERN;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_TEXT:
+            req_text = resp_text = 1;
+            break;
+        case OPT_REQ_TEXT:
+            req_text = 1;
+            break;
+        case OPT_RESP_TEXT:
+            resp_text = 1;
+            break;
+        case OPT_REQIN:
+            reqin = opt_arg();
+            break;
+        case OPT_RESPIN:
+            respin = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signfile = opt_arg();
+            break;
+        case OPT_VAFILE:
+            verify_certfile = opt_arg();
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_SIGN_OTHER:
+            sign_certfile = opt_arg();
+            break;
+        case OPT_VERIFY_OTHER:
+            verify_certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_VALIDITY_PERIOD:
+            opt_long(opt_arg(), &nsec);
+            break;
+        case OPT_STATUS_AGE:
+            opt_long(opt_arg(), &maxage);
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_REQOUT:
+            reqout = opt_arg();
+            break;
+        case OPT_RESPOUT:
+            respout = opt_arg();
+            break;
+        case OPT_PATH:
+            path = opt_arg();
+            break;
+        case OPT_ISSUER:
+            issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
+            if (issuer == NULL)
+                goto end;
+            if (issuers == NULL) {
+                if ((issuers = sk_X509_new_null()) == NULL)
+                    goto end;
+            }
+            sk_X509_push(issuers, issuer);
+            break;
+        case OPT_CERT:
+            X509_free(cert);
+            cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
+            if (cert == NULL)
+                goto end;
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_SERIAL:
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_INDEX:
+            ridx_filename = opt_arg();
+            break;
+        case OPT_CA:
+            rca_filename = opt_arg();
+            break;
+        case OPT_NMIN:
+            opt_int(opt_arg(), &nmin);
+            if (ndays == -1)
+                ndays = 0;
+            break;
+        case OPT_REQUEST:
+            opt_int(opt_arg(), &accept_count);
+            break;
+        case OPT_NDAYS:
+            ndays = atoi(opt_arg());
+            break;
+        case OPT_RSIGNER:
+            rsignfile = opt_arg();
+            break;
+        case OPT_RKEY:
+            rkeyfile = opt_arg();
+            break;
+        case OPT_ROTHER:
+            rcertfile = opt_arg();
+            break;
+        case OPT_RMD:   /* Response MessageDigest */
+            if (!opt_md(opt_arg(), &rsign_md))
+                goto end;
+            break;
+        case OPT_HEADER:
+            header = opt_arg();
+            value = strchr(header, '=');
+            if (value == NULL) {
+                BIO_printf(bio_err, "Missing = in header key=value\n");
+                goto opthelp;
+            }
+            *value++ = '\0';
+            if (!X509V3_add_value(header, value, &headers))
+                goto end;
+            break;
+        case OPT_MD:
+            if (trailing_md) {
+                BIO_printf(bio_err,
+                           "%s: Digest must be before -cert or -serial\n",
+                           prog);
+                goto opthelp;
+            }
+            if (!opt_md(opt_unknown(), &cert_id_md))
+                goto opthelp;
+            trailing_md = 1;
+            break;
+        }
+    }
+
+    if (trailing_md) {
+        BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
+                   prog);
+        goto opthelp;
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    /* Have we anything to do? */
+    if (!req && !reqin && !respin && !(port && ridx_filename))
+        goto opthelp;
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (!req && (add_nonce != 2))
+        add_nonce = 0;
+
+    if (!req && reqin) {
+        derbio = bio_open_default(reqin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (!req) {
+            BIO_printf(bio_err, "Error reading OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (!req && port) {
+        acbio = init_responder(port);
+        if (!acbio)
+            goto end;
+    }
+
+    if (rsignfile) {
+        if (!rkeyfile)
+            rkeyfile = rsignfile;
+        rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
+        if (!rsigner) {
+            BIO_printf(bio_err, "Error loading responder certificate\n");
+            goto end;
+        }
+        rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate");
+        if (rcertfile) {
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
+                            "responder other certificates"))
+                goto end;
+        }
+        rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+                        "responder private key");
+        if (!rkey)
+            goto end;
+    }
+    if (acbio)
+        BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+ redo_accept:
+
+    if (acbio) {
+        if (!do_responder(&req, &cbio, acbio))
+            goto end;
+        if (!req) {
+            resp =
+                OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+                                     NULL);
+            send_ocsp_response(cbio, resp);
+            goto done_resp;
+        }
+    }
+
+    if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
+        BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+        goto end;
+    }
+
+    if (req && add_nonce)
+        OCSP_request_add1_nonce(req, NULL, -1);
+
+    if (signfile) {
+        if (!keyfile)
+            keyfile = signfile;
+        signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
+        if (!signer) {
+            BIO_printf(bio_err, "Error loading signer certificate\n");
+            goto end;
+        }
+        if (sign_certfile) {
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
+                            "signer certificates"))
+                goto end;
+        }
+        key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
+                       "signer private key");
+        if (!key)
+            goto end;
+
+        if (!OCSP_request_sign
+            (req, signer, key, NULL, sign_other, sign_flags)) {
+            BIO_printf(bio_err, "Error signing OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req_text && req)
+        OCSP_REQUEST_print(out, req, 0);
+
+    if (reqout) {
+        derbio = bio_open_default(reqout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_REQUEST_bio(derbio, req);
+        BIO_free(derbio);
+    }
+
+    if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
+        BIO_printf(bio_err,
+                   "Need a responder certificate, key and CA for this operation!\n");
+        goto end;
+    }
+
+    if (ridx_filename && !rdb) {
+        rdb = load_index(ridx_filename, NULL);
+        if (!rdb)
+            goto end;
+        if (!index_index(rdb))
+            goto end;
+    }
+
+    if (rdb) {
+        make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
+                               rsign_md, rother, rflags, nmin, ndays, badsig);
+        if (cbio)
+            send_ocsp_response(cbio, resp);
+    } else if (host) {
+# ifndef OPENSSL_NO_SOCK
+        resp = process_responder(req, host, path,
+                                 port, use_ssl, headers, req_timeout);
+        if (!resp)
+            goto end;
+# else
+        BIO_printf(bio_err,
+                   "Error creating connect BIO - sockets not supported.\n");
+        goto end;
+# endif
+    } else if (respin) {
+        derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (!resp) {
+            BIO_printf(bio_err, "Error reading OCSP response\n");
+            goto end;
+        }
+    } else {
+        ret = 0;
+        goto end;
+    }
+
+ done_resp:
+
+    if (respout) {
+        derbio = bio_open_default(respout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_RESPONSE_bio(derbio, resp);
+        BIO_free(derbio);
+    }
+
+    i = OCSP_response_status(resp);
+    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+        BIO_printf(out, "Responder Error: %s (%d)\n",
+                   OCSP_response_status_str(i), i);
+        if (ignore_err)
+            goto redo_accept;
+        ret = 0;
+        goto end;
+    }
+
+    if (resp_text)
+        OCSP_RESPONSE_print(out, resp, 0);
+
+    /* If running as responder don't verify our own response */
+    if (cbio) {
+        /* If not unlimited, see if we took all we should. */
+        if (accept_count != -1 && --accept_count <= 0) {
+            ret = 0;
+            goto end;
+        }
+        BIO_free_all(cbio);
+        cbio = NULL;
+        OCSP_REQUEST_free(req);
+        req = NULL;
+        OCSP_RESPONSE_free(resp);
+        resp = NULL;
+        goto redo_accept;
+    }
+    if (ridx_filename) {
+        ret = 0;
+        goto end;
+    }
+
+    if (!store) {
+        store = setup_verify(CAfile, CApath, noCAfile, noCApath);
+        if (!store)
+            goto end;
+    }
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+    if (verify_certfile) {
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
+                        "validator certificate"))
+            goto end;
+    }
+
+    bs = OCSP_response_get1_basic(resp);
+    if (!bs) {
+        BIO_printf(bio_err, "Error parsing response\n");
+        goto end;
+    }
+
+    ret = 0;
+
+    if (!noverify) {
+        if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+            if (i == -1)
+                BIO_printf(bio_err, "WARNING: no nonce in response\n");
+            else {
+                BIO_printf(bio_err, "Nonce Verify error\n");
+                ret = 1;
+                goto end;
+            }
+        }
+
+        i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+        if (i <= 0 && issuers) {
+            i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+            if (i > 0)
+                ERR_clear_error();
+        }
+        if (i <= 0) {
+            BIO_printf(bio_err, "Response Verify Failure\n");
+            ERR_print_errors(bio_err);
+            ret = 1;
+        } else
+            BIO_printf(bio_err, "Response verify OK\n");
+
+    }
+
+    print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
+
+ end:
+    ERR_print_errors(bio_err);
+    X509_free(signer);
+    X509_STORE_free(store);
+    X509_VERIFY_PARAM_free(vpm);
+    EVP_PKEY_free(key);
+    EVP_PKEY_free(rkey);
+    X509_free(cert);
+    sk_X509_pop_free(issuers, X509_free);
+    X509_free(rsigner);
+    X509_free(rca_cert);
+    free_index(rdb);
+    BIO_free_all(cbio);
+    BIO_free_all(acbio);
+    BIO_free(out);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(resp);
+    OCSP_BASICRESP_free(bs);
+    sk_OPENSSL_STRING_free(reqnames);
+    sk_OCSP_CERTID_free(ids);
+    sk_X509_pop_free(sign_other, X509_free);
+    sk_X509_pop_free(verify_other, X509_free);
+    sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
+    OPENSSL_free(thost);
+    OPENSSL_free(tport);
+    OPENSSL_free(tpath);
+
+    return (ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    if (!issuer) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
+    if (!id || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    X509_NAME *iname;
+    ASN1_BIT_STRING *ikey;
+    ASN1_INTEGER *sno;
+    if (!issuer) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    iname = X509_get_subject_name(issuer);
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    sno = s2i_ASN1_INTEGER(NULL, serial);
+    if (!sno) {
+        BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+        return 0;
+    }
+    id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
+    ASN1_INTEGER_free(sno);
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage)
+{
+    OCSP_CERTID *id;
+    const char *name;
+    int i, status, reason;
+    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+    if (!bs || !req || !sk_OPENSSL_STRING_num(names)
+        || !sk_OCSP_CERTID_num(ids))
+        return;
+
+    for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
+        id = sk_OCSP_CERTID_value(ids, i);
+        name = sk_OPENSSL_STRING_value(names, i);
+        BIO_printf(out, "%s: ", name);
+
+        if (!OCSP_resp_find_status(bs, id, &status, &reason,
+                                   &rev, &thisupd, &nextupd)) {
+            BIO_puts(out, "ERROR: No Status found.\n");
+            continue;
+        }
+
+        /*
+         * Check validity: if invalid write to output BIO so we know which
+         * response this refers to.
+         */
+        if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+            BIO_puts(out, "WARNING: Status times invalid.\n");
+            ERR_print_errors(out);
+        }
+        BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+        BIO_puts(out, "\tThis Update: ");
+        ASN1_GENERALIZEDTIME_print(out, thisupd);
+        BIO_puts(out, "\n");
+
+        if (nextupd) {
+            BIO_puts(out, "\tNext Update: ");
+            ASN1_GENERALIZEDTIME_print(out, nextupd);
+            BIO_puts(out, "\n");
+        }
+
+        if (status != V_OCSP_CERTSTATUS_REVOKED)
+            continue;
+
+        if (reason != -1)
+            BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
+
+        BIO_puts(out, "\tRevocation Time: ");
+        ASN1_GENERALIZEDTIME_print(out, rev);
+        BIO_puts(out, "\n");
+    }
+}
+
+static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, X509 *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *rmd,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig)
+{
+    ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+    OCSP_CERTID *cid, *ca_id = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    int i, id_count;
+
+    id_count = OCSP_request_onereq_count(req);
+
+    if (id_count <= 0) {
+        *resp =
+            OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+        goto end;
+    }
+
+    bs = OCSP_BASICRESP_new();
+    thisupd = X509_gmtime_adj(NULL, 0);
+    if (ndays != -1)
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+
+    /* Examine each certificate id in the request */
+    for (i = 0; i < id_count; i++) {
+        OCSP_ONEREQ *one;
+        ASN1_INTEGER *serial;
+        char **inf;
+        ASN1_OBJECT *cert_id_md_oid;
+        const EVP_MD *cert_id_md;
+        one = OCSP_request_onereq_get0(req, i);
+        cid = OCSP_onereq_get0_id(one);
+
+        OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
+
+        cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+        if (!cert_id_md) {
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+        OCSP_CERTID_free(ca_id);
+        ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
+
+        /* Is this request about our CA? */
+        if (OCSP_id_issuer_cmp(ca_id, cid)) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+            continue;
+        }
+        OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+        inf = lookup_serial(db, serial);
+        if (!inf)
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+        else if (inf[DB_type][0] == DB_TYPE_VAL)
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_GOOD,
+                                   0, NULL, thisupd, nextupd);
+        else if (inf[DB_type][0] == DB_TYPE_REV) {
+            ASN1_OBJECT *inst = NULL;
+            ASN1_TIME *revtm = NULL;
+            ASN1_GENERALIZEDTIME *invtm = NULL;
+            OCSP_SINGLERESP *single;
+            int reason = -1;
+            unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+            single = OCSP_basic_add1_status(bs, cid,
+                                            V_OCSP_CERTSTATUS_REVOKED,
+                                            reason, revtm, thisupd, nextupd);
+            if (invtm)
+                OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
+                                             invtm, 0, 0);
+            else if (inst)
+                OCSP_SINGLERESP_add1_ext_i2d(single,
+                                             NID_hold_instruction_code, inst,
+                                             0, 0);
+            ASN1_OBJECT_free(inst);
+            ASN1_TIME_free(revtm);
+            ASN1_GENERALIZEDTIME_free(invtm);
+        }
+    }
+
+    OCSP_copy_nonce(bs, req);
+
+    OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
+
+    if (badsig) {
+        const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
+        corrupt_signature(sig);
+    }
+
+    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+    ASN1_TIME_free(thisupd);
+    ASN1_TIME_free(nextupd);
+    OCSP_CERTID_free(ca_id);
+    OCSP_BASICRESP_free(bs);
+}
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+{
+    int i;
+    BIGNUM *bn = NULL;
+    char *itmp, *row[DB_NUMBER], **rrow;
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    bn = ASN1_INTEGER_to_BN(ser, NULL);
+    OPENSSL_assert(bn);         /* FIXME: should report an error at this
+                                 * point and abort */
+    if (BN_is_zero(bn))
+        itmp = OPENSSL_strdup("00");
+    else
+        itmp = BN_bn2hex(bn);
+    row[DB_serial] = itmp;
+    BN_free(bn);
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    OPENSSL_free(itmp);
+    return rrow;
+}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(const char *port)
+{
+# ifdef OPENSSL_NO_SOCK
+    BIO_printf(bio_err,
+               "Error setting up accept BIO - sockets not supported.\n");
+    return NULL;
+# else
+    BIO *acbio = NULL, *bufbio = NULL;
+
+    bufbio = BIO_new(BIO_f_buffer());
+    if (bufbio == NULL)
+        goto err;
+    acbio = BIO_new(BIO_s_accept());
+    if (acbio == NULL
+        || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
+        || BIO_set_accept_port(acbio, port) < 0) {
+        BIO_printf(bio_err, "Error setting up accept BIO\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    BIO_set_accept_bios(acbio, bufbio);
+    bufbio = NULL;
+    if (BIO_do_accept(acbio) <= 0) {
+        BIO_printf(bio_err, "Error starting accept\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    return acbio;
+
+ err:
+    BIO_free_all(acbio);
+    BIO_free(bufbio);
+    return NULL;
+# endif
+}
+
+# ifndef OPENSSL_NO_SOCK
+/*
+ * Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
+ */
+static int urldecode(char *p)
+{
+    unsigned char *out = (unsigned char *)p;
+    unsigned char *save = out;
+
+    for (; *p; p++) {
+        if (*p != '%')
+            *out++ = *p;
+        else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) {
+            /* Don't check, can't fail because of ixdigit() call. */
+            *out++ = (OPENSSL_hexchar2int(p[1]) << 4)
+                   | OPENSSL_hexchar2int(p[2]);
+            p += 2;
+        }
+        else
+            return -1;
+    }
+    *out = '\0';
+    return (int)(out - save);
+}
+# endif
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
+{
+# ifdef OPENSSL_NO_SOCK
+    return 0;
+# else
+    int len;
+    OCSP_REQUEST *req = NULL;
+    char inbuf[2048], reqbuf[2048];
+    char *p, *q;
+    BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
+
+    if (BIO_do_accept(acbio) <= 0) {
+        BIO_printf(bio_err, "Error accepting connection\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    cbio = BIO_pop(acbio);
+    *pcbio = cbio;
+
+    /* Read the request line. */
+    len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
+    if (len <= 0)
+        return 1;
+    if (strncmp(reqbuf, "GET ", 4) == 0) {
+        /* Expecting GET {sp} /URL {sp} HTTP/1.x */
+        for (p = reqbuf + 4; *p == ' '; ++p)
+            continue;
+        if (*p != '/') {
+            BIO_printf(bio_err, "Invalid request -- bad URL\n");
+            return 1;
+        }
+        p++;
+
+        /* Splice off the HTTP version identifier. */
+        for (q = p; *q; q++)
+            if (*q == ' ')
+                break;
+        if (strncmp(q, " HTTP/1.", 8) != 0) {
+            BIO_printf(bio_err, "Invalid request -- bad HTTP vesion\n");
+            return 1;
+        }
+        *q = '\0';
+        len = urldecode(p);
+        if (len <= 0) {
+            BIO_printf(bio_err, "Invalid request -- bad URL encoding\n");
+            return 1;
+        }
+        if ((getbio = BIO_new_mem_buf(p, len)) == NULL
+            || (b64 = BIO_new(BIO_f_base64())) == NULL) {
+            BIO_printf(bio_err, "Could not allocate memory\n");
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        getbio = BIO_push(b64, getbio);
+    } else if (strncmp(reqbuf, "POST ", 5) != 0) {
+        BIO_printf(bio_err, "Invalid request -- bad HTTP verb\n");
+        return 1;
+    }
+
+    /* Read and skip past the headers. */
+    for (;;) {
+        len = BIO_gets(cbio, inbuf, sizeof(inbuf));
+        if (len <= 0)
+            return 1;
+        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+            break;
+    }
+
+    /* Try to read OCSP request */
+    if (getbio) {
+        req = d2i_OCSP_REQUEST_bio(getbio, NULL);
+        BIO_free_all(getbio);
+    } else
+        req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+    if (!req) {
+        BIO_printf(bio_err, "Error parsing OCSP request\n");
+        ERR_print_errors(bio_err);
+    }
+
+    *preq = req;
+
+    return 1;
+# endif
+}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+{
+    char http_resp[] =
+        "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+        "Content-Length: %d\r\n\r\n";
+    if (!cbio)
+        return 0;
+    BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+    i2d_OCSP_RESPONSE_bio(cbio, resp);
+    (void)BIO_flush(cbio);
+    return 1;
+}
+
+# ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout)
+{
+    int fd;
+    int rv;
+    int i;
+    int add_host = 1;
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    fd_set confds;
+    struct timeval tv;
+
+    if (req_timeout != -1)
+        BIO_set_nbio(cbio, 1);
+
+    rv = BIO_do_connect(cbio);
+
+    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
+        BIO_puts(bio_err, "Error connecting BIO\n");
+        return NULL;
+    }
+
+    if (BIO_get_fd(cbio, &fd) < 0) {
+        BIO_puts(bio_err, "Can't get connection fd\n");
+        goto err;
+    }
+
+    if (req_timeout != -1 && rv <= 0) {
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on connect\n");
+            return NULL;
+        }
+    }
+
+    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
+    if (ctx == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
+        CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+        if (add_host == 1 && strcasecmp("host", hdr->name) == 0)
+            add_host = 0;
+        if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+            goto err;
+    }
+
+    if (add_host == 1 && OCSP_REQ_CTX_add1_header(ctx, "Host", host) == 0)
+        goto err;
+
+    if (!OCSP_REQ_CTX_set1_req(ctx, req))
+        goto err;
+
+    for (;;) {
+        rv = OCSP_sendreq_nbio(&rsp, ctx);
+        if (rv != -1)
+            break;
+        if (req_timeout == -1)
+            continue;
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        if (BIO_should_read(cbio))
+            rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+        else if (BIO_should_write(cbio))
+            rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        else {
+            BIO_puts(bio_err, "Unexpected retry condition\n");
+            goto err;
+        }
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on request\n");
+            break;
+        }
+        if (rv == -1) {
+            BIO_puts(bio_err, "Select error\n");
+            break;
+        }
+
+    }
+ err:
+    OCSP_REQ_CTX_free(ctx);
+
+    return rsp;
+}
+
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout)
+{
+    BIO *cbio = NULL;
+    SSL_CTX *ctx = NULL;
+    OCSP_RESPONSE *resp = NULL;
+
+    cbio = BIO_new_connect(host);
+    if (!cbio) {
+        BIO_printf(bio_err, "Error creating connect BIO\n");
+        goto end;
+    }
+    if (port)
+        BIO_set_conn_port(cbio, port);
+    if (use_ssl == 1) {
+        BIO *sbio;
+        ctx = SSL_CTX_new(TLS_client_method());
+        if (ctx == NULL) {
+            BIO_printf(bio_err, "Error creating SSL context.\n");
+            goto end;
+        }
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        sbio = BIO_new_ssl(ctx, 1);
+        cbio = BIO_push(sbio, cbio);
+    }
+
+    resp = query_responder(cbio, host, path, headers, req, req_timeout);
+    if (!resp)
+        BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+    BIO_free_all(cbio);
+    SSL_CTX_free(ctx);
+    return resp;
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/apps/openssl-vms.cnf b/openssl-1.1.0h/apps/openssl-vms.cnf
new file mode 100644
index 0000000..0092a65
--- /dev/null
+++ b/openssl-1.1.0h/apps/openssl-vms.cnf
@@ -0,0 +1,346 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA		# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certs with same subject.
+new_certs_dir	= $dir.newcerts]		# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial. 		# The current serial number
+crlnumber	= $dir]crlnumber.	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= sys\$disk:[.demoCA		# TSA root directory
+serial		= $dir]tsaserial.	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir.cacert.pem]	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
diff --git a/openssl-1.1.0h/apps/openssl.c b/openssl-1.1.0h/apps/openssl.c
new file mode 100644
index 0000000..2607694
--- /dev/null
+++ b/openssl-1.1.0h/apps/openssl.c
@@ -0,0 +1,703 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#include "s_apps.h"
+/* Needed to get the other O_xxx flags. */
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#define INCLUDE_FUNCTION_TABLE
+#include "apps.h"
+
+
+#ifdef OPENSSL_NO_CAMELLIA
+# define FORMAT "%-15s"
+# define COLUMNS 5
+#else
+# define FORMAT "%-18s"
+# define COLUMNS 4
+#endif
+
+/* Special sentinel to exit the program. */
+#define EXIT_THE_PROGRAM (-1)
+
+/*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+ * required type of "FUNCTION*"). This removes the necessity for
+ * macro-generated wrapper functions.
+ */
+static LHASH_OF(FUNCTION) *prog_init(void);
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
+static void list_pkey(void);
+static void list_type(FUNC_TYPE ft);
+static void list_disabled(void);
+char *default_config_file = NULL;
+
+BIO *bio_in = NULL;
+BIO *bio_out = NULL;
+BIO *bio_err = NULL;
+
+static int apps_startup()
+{
+#ifdef SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+#endif
+
+    /* Set non-default library initialisation settings */
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                          | OPENSSL_INIT_LOAD_CONFIG, NULL))
+        return 0;
+
+#ifndef OPENSSL_NO_UI
+    setup_ui_method();
+#endif
+
+    return 1;
+}
+
+static void apps_shutdown()
+{
+#ifndef OPENSSL_NO_UI
+    destroy_ui_method();
+#endif
+}
+
+static char *make_config_name()
+{
+    const char *t;
+    size_t len;
+    char *p;
+
+    if ((t = getenv("OPENSSL_CONF")) != NULL)
+        return OPENSSL_strdup(t);
+
+    t = X509_get_default_cert_area();
+    len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
+    p = app_malloc(len, "config filename buffer");
+    strcpy(p, t);
+#ifndef OPENSSL_SYS_VMS
+    strcat(p, "/");
+#endif
+    strcat(p, OPENSSL_CONF);
+
+    return p;
+}
+
+int main(int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+    LHASH_OF(FUNCTION) *prog = NULL;
+    char **copied_argv = NULL;
+    char *p, *pname;
+    char buf[1024];
+    const char *prompt;
+    ARGS arg;
+    int first, n, i, ret = 0;
+
+    arg.argv = NULL;
+    arg.size = 0;
+
+    /* Set up some of the environment. */
+    default_config_file = make_config_name();
+    bio_in = dup_bio_in(FORMAT_TEXT);
+    bio_out = dup_bio_out(FORMAT_TEXT);
+    bio_err = dup_bio_err(FORMAT_TEXT);
+
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+    copied_argv = argv = copy_argv(&argc, argv);
+#elif defined(_WIN32)
+    /*
+     * Replace argv[] with UTF-8 encoded strings.
+     */
+    win32_utf8argv(&argc, &argv);
+#endif
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode_set(1)) {
+            ERR_print_errors(bio_err);
+            return 1;
+        }
+#else
+        BIO_printf(bio_err, "FIPS mode not supported.\n");
+        return 1;
+#endif
+    }
+
+    if (!apps_startup()) {
+        BIO_printf(bio_err,
+                   "FATAL: Startup failure (dev note: apps_startup() failed)\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+        goto end;
+    }
+
+    prog = prog_init();
+    pname = opt_progname(argv[0]);
+
+    /* first check the program name */
+    f.name = pname;
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp != NULL) {
+        argv[0] = pname;
+        ret = fp->func(argc, argv);
+        goto end;
+    }
+
+    /* If there is stuff on the command line, run with that. */
+    if (argc != 1) {
+        argc--;
+        argv++;
+        ret = do_cmd(prog, argc, argv);
+        if (ret < 0)
+            ret = 0;
+        goto end;
+    }
+
+    /* ok, lets enter interactive mode */
+    for (;;) {
+        ret = 0;
+        /* Read a line, continue reading if line ends with \ */
+        for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
+            prompt = first ? "OpenSSL> " : "> ";
+            p[0] = '\0';
+#ifndef READLINE
+            fputs(prompt, stdout);
+            fflush(stdout);
+            if (!fgets(p, n, stdin))
+                goto end;
+            if (p[0] == '\0')
+                goto end;
+            i = strlen(p);
+            if (i <= 1)
+                break;
+            if (p[i - 2] != '\\')
+                break;
+            i -= 2;
+            p += i;
+            n -= i;
+#else
+            {
+                extern char *readline(const char *);
+                extern void add_history(const char *cp);
+                char *text;
+
+                text = readline(prompt);
+                if (text == NULL)
+                    goto end;
+                i = strlen(text);
+                if (i == 0 || i > n)
+                    break;
+                if (text[i - 1] != '\\') {
+                    p += strlen(strcpy(p, text));
+                    free(text);
+                    add_history(buf);
+                    break;
+                }
+
+                text[i - 1] = '\0';
+                p += strlen(strcpy(p, text));
+                free(text);
+                n -= i;
+            }
+#endif
+        }
+
+        if (!chopup_args(&arg, buf)) {
+            BIO_printf(bio_err, "Can't parse (no memory?)\n");
+            break;
+        }
+
+        ret = do_cmd(prog, arg.argc, arg.argv);
+        if (ret == EXIT_THE_PROGRAM) {
+            ret = 0;
+            goto end;
+        }
+        if (ret != 0)
+            BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
+        (void)BIO_flush(bio_out);
+        (void)BIO_flush(bio_err);
+    }
+    ret = 1;
+ end:
+    OPENSSL_free(copied_argv);
+    OPENSSL_free(default_config_file);
+    lh_FUNCTION_free(prog);
+    OPENSSL_free(arg.argv);
+
+    BIO_free(bio_in);
+    BIO_free_all(bio_out);
+    apps_shutdown();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
+
+OPTIONS exit_options[] = {
+    {NULL}
+};
+
+static void list_cipher_fn(const EVP_CIPHER *c,
+                           const char *from, const char *to, void *arg)
+{
+    if (c)
+        BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
+    else {
+        if (!from)
+            from = "<undefined>";
+        if (!to)
+            to = "<undefined>";
+        BIO_printf(arg, "%s => %s\n", from, to);
+    }
+}
+
+static void list_md_fn(const EVP_MD *m,
+                       const char *from, const char *to, void *arg)
+{
+    if (m)
+        BIO_printf(arg, "%s\n", EVP_MD_name(m));
+    else {
+        if (!from)
+            from = "<undefined>";
+        if (!to)
+            to = "<undefined>";
+        BIO_printf((BIO *)arg, "%s => %s\n", from, to);
+    }
+}
+
+/* Unified enum for help and list commands. */
+typedef enum HELPLIST_CHOICE {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMANDS, OPT_DIGEST_COMMANDS,
+    OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
+    OPT_PK_ALGORITHMS, OPT_DISABLED
+} HELPLIST_CHOICE;
+
+OPTIONS list_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"commands", OPT_COMMANDS, '-', "List of standard commands"},
+    {"digest-commands", OPT_DIGEST_COMMANDS, '-',
+     "List of message digest commands"},
+    {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
+     "List of message digest algorithms"},
+    {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
+    {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
+     "List of cipher algorithms"},
+    {"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
+     "List of public key algorithms"},
+    {"disabled", OPT_DISABLED, '-',
+     "List of disabled features"},
+    {NULL}
+};
+
+int list_main(int argc, char **argv)
+{
+    char *prog;
+    HELPLIST_CHOICE o;
+    int done = 0;
+
+    prog = opt_init(argc, argv, list_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:  /* Never hit, but suppresses warning */
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_HELP:
+            opt_help(list_options);
+            break;
+        case OPT_COMMANDS:
+            list_type(FT_general);
+            break;
+        case OPT_DIGEST_COMMANDS:
+            list_type(FT_md);
+            break;
+        case OPT_DIGEST_ALGORITHMS:
+            EVP_MD_do_all_sorted(list_md_fn, bio_out);
+            break;
+        case OPT_CIPHER_COMMANDS:
+            list_type(FT_cipher);
+            break;
+        case OPT_CIPHER_ALGORITHMS:
+            EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
+            break;
+        case OPT_PK_ALGORITHMS:
+            list_pkey();
+            break;
+        case OPT_DISABLED:
+            list_disabled();
+            break;
+        }
+        done = 1;
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (!done)
+        goto opthelp;
+
+    return 0;
+}
+
+OPTIONS help_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {NULL}
+};
+
+int help_main(int argc, char **argv)
+{
+    FUNCTION *fp;
+    int i, nl;
+    FUNC_TYPE tp;
+    char *prog;
+    HELPLIST_CHOICE o;
+
+    prog = opt_init(argc, argv, help_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        default:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_HELP:
+            opt_help(help_options);
+            return 0;
+        }
+    }
+
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Usage: %s\n", prog);
+        return 1;
+    }
+
+    BIO_printf(bio_err, "\nStandard commands");
+    i = 0;
+    tp = FT_none;
+    for (fp = functions; fp->name != NULL; fp++) {
+        nl = 0;
+        if (((i++) % COLUMNS) == 0) {
+            BIO_printf(bio_err, "\n");
+            nl = 1;
+        }
+        if (fp->type != tp) {
+            tp = fp->type;
+            if (!nl)
+                BIO_printf(bio_err, "\n");
+            if (tp == FT_md) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nMessage Digest commands (see the `dgst' command for more details)\n");
+            } else if (tp == FT_cipher) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nCipher commands (see the `enc' command for more details)\n");
+            }
+        }
+        BIO_printf(bio_err, FORMAT, fp->name);
+    }
+    BIO_printf(bio_err, "\n\n");
+    return 0;
+}
+
+int exit_main(int argc, char **argv)
+{
+    return EXIT_THE_PROGRAM;
+}
+
+static void list_type(FUNC_TYPE ft)
+{
+    FUNCTION *fp;
+    int i = 0;
+
+    for (fp = functions; fp->name != NULL; fp++)
+        if (fp->type == ft) {
+            if ((i++ % COLUMNS) == 0)
+                BIO_printf(bio_out, "\n");
+            BIO_printf(bio_out, FORMAT, fp->name);
+        }
+    BIO_printf(bio_out, "\n");
+}
+
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+
+    if (argc <= 0 || argv[0] == NULL)
+        return (0);
+    f.name = argv[0];
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp == NULL) {
+        if (EVP_get_digestbyname(argv[0])) {
+            f.type = FT_md;
+            f.func = dgst_main;
+            fp = &f;
+        } else if (EVP_get_cipherbyname(argv[0])) {
+            f.type = FT_cipher;
+            f.func = enc_main;
+            fp = &f;
+        }
+    }
+    if (fp != NULL) {
+        return (fp->func(argc, argv));
+    }
+    if ((strncmp(argv[0], "no-", 3)) == 0) {
+        /*
+         * User is asking if foo is unsupported, by trying to "run" the
+         * no-foo command.  Strange.
+         */
+        f.name = argv[0] + 3;
+        if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
+            BIO_printf(bio_out, "%s\n", argv[0]);
+            return (0);
+        }
+        BIO_printf(bio_out, "%s\n", argv[0] + 3);
+        return 1;
+    }
+    if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
+        strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
+        /* Special value to mean "exit the program. */
+        return EXIT_THE_PROGRAM;
+
+    BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
+               argv[0]);
+    return (1);
+}
+
+static void list_pkey(void)
+{
+    int i;
+
+    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int pkey_id, pkey_base_id, pkey_flags;
+        const char *pinfo, *pem_str;
+        ameth = EVP_PKEY_asn1_get0(i);
+        EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+                                &pinfo, &pem_str, ameth);
+        if (pkey_flags & ASN1_PKEY_ALIAS) {
+            BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
+            BIO_printf(bio_out, "\tAlias for: %s\n",
+                       OBJ_nid2ln(pkey_base_id));
+        } else {
+            BIO_printf(bio_out, "Name: %s\n", pinfo);
+            BIO_printf(bio_out, "\tType: %s Algorithm\n",
+                       pkey_flags & ASN1_PKEY_DYNAMIC ?
+                       "External" : "Builtin");
+            BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+            if (pem_str == NULL)
+                pem_str = "(none)";
+            BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
+        }
+
+    }
+}
+
+static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+{
+    return strncmp(a->name, b->name, 8);
+}
+
+static unsigned long function_hash(const FUNCTION * a)
+{
+    return OPENSSL_LH_strhash(a->name);
+}
+
+static int SortFnByName(const void *_f1, const void *_f2)
+{
+    const FUNCTION *f1 = _f1;
+    const FUNCTION *f2 = _f2;
+
+    if (f1->type != f2->type)
+        return f1->type - f2->type;
+    return strcmp(f1->name, f2->name);
+}
+
+static void list_disabled(void)
+{
+    BIO_puts(bio_out, "Disabled algorithms:\n");
+#ifdef OPENSSL_NO_BF
+    BIO_puts(bio_out, "BF\n");
+#endif
+#ifdef OPENSSL_NO_BLAKE2
+    BIO_puts(bio_out, "BLAKE2\n");
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+    BIO_puts(bio_out, "CAMELLIA\n");
+#endif
+#ifdef OPENSSL_NO_CAST
+    BIO_puts(bio_out, "CAST\n");
+#endif
+#ifdef OPENSSL_NO_CMAC
+    BIO_puts(bio_out, "CMAC\n");
+#endif
+#ifdef OPENSSL_NO_CMS
+    BIO_puts(bio_out, "CMS\n");
+#endif
+#ifdef OPENSSL_NO_COMP
+    BIO_puts(bio_out, "COMP\n");
+#endif
+#ifdef OPENSSL_NO_DES
+    BIO_puts(bio_out, "DES\n");
+#endif
+#ifdef OPENSSL_NO_DGRAM
+    BIO_puts(bio_out, "DGRAM\n");
+#endif
+#ifdef OPENSSL_NO_DH
+    BIO_puts(bio_out, "DH\n");
+#endif
+#ifdef OPENSSL_NO_DSA
+    BIO_puts(bio_out, "DSA\n");
+#endif
+#if defined(OPENSSL_NO_DTLS)
+    BIO_puts(bio_out, "DTLS\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1)
+    BIO_puts(bio_out, "DTLS1\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1_2)
+    BIO_puts(bio_out, "DTLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_EC
+    BIO_puts(bio_out, "EC\n");
+#endif
+#ifdef OPENSSL_NO_EC2M
+    BIO_puts(bio_out, "EC2M\n");
+#endif
+#ifdef OPENSSL_NO_ENGINE
+    BIO_puts(bio_out, "ENGINE\n");
+#endif
+#ifdef OPENSSL_NO_GOST
+    BIO_puts(bio_out, "GOST\n");
+#endif
+#ifdef OPENSSL_NO_HEARTBEATS
+    BIO_puts(bio_out, "HEARTBEATS\n");
+#endif
+#ifdef OPENSSL_NO_IDEA
+    BIO_puts(bio_out, "IDEA\n");
+#endif
+#ifdef OPENSSL_NO_MD2
+    BIO_puts(bio_out, "MD2\n");
+#endif
+#ifdef OPENSSL_NO_MD4
+    BIO_puts(bio_out, "MD4\n");
+#endif
+#ifdef OPENSSL_NO_MD5
+    BIO_puts(bio_out, "MD5\n");
+#endif
+#ifdef OPENSSL_NO_MDC2
+    BIO_puts(bio_out, "MDC2\n");
+#endif
+#ifdef OPENSSL_NO_OCB
+    BIO_puts(bio_out, "OCB\n");
+#endif
+#ifdef OPENSSL_NO_OCSP
+    BIO_puts(bio_out, "OCSP\n");
+#endif
+#ifdef OPENSSL_NO_PSK
+    BIO_puts(bio_out, "PSK\n");
+#endif
+#ifdef OPENSSL_NO_RC2
+    BIO_puts(bio_out, "RC2\n");
+#endif
+#ifdef OPENSSL_NO_RC4
+    BIO_puts(bio_out, "RC4\n");
+#endif
+#ifdef OPENSSL_NO_RC5
+    BIO_puts(bio_out, "RC5\n");
+#endif
+#ifdef OPENSSL_NO_RMD160
+    BIO_puts(bio_out, "RMD160\n");
+#endif
+#ifdef OPENSSL_NO_RSA
+    BIO_puts(bio_out, "RSA\n");
+#endif
+#ifdef OPENSSL_NO_SCRYPT
+    BIO_puts(bio_out, "SCRYPT\n");
+#endif
+#ifdef OPENSSL_NO_SCTP
+    BIO_puts(bio_out, "SCTP\n");
+#endif
+#ifdef OPENSSL_NO_SEED
+    BIO_puts(bio_out, "SEED\n");
+#endif
+#ifdef OPENSSL_NO_SOCK
+    BIO_puts(bio_out, "SOCK\n");
+#endif
+#ifdef OPENSSL_NO_SRP
+    BIO_puts(bio_out, "SRP\n");
+#endif
+#ifdef OPENSSL_NO_SRTP
+    BIO_puts(bio_out, "SRTP\n");
+#endif
+#ifdef OPENSSL_NO_SSL3
+    BIO_puts(bio_out, "SSL3\n");
+#endif
+#ifdef OPENSSL_NO_TLS1
+    BIO_puts(bio_out, "TLS1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+    BIO_puts(bio_out, "TLS1_1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+    BIO_puts(bio_out, "TLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_WHIRLPOOL
+    BIO_puts(bio_out, "WHIRLPOOL\n");
+#endif
+#ifndef ZLIB
+    BIO_puts(bio_out, "ZLIB\n");
+#endif
+}
+
+static LHASH_OF(FUNCTION) *prog_init(void)
+{
+    LHASH_OF(FUNCTION) *ret;
+    FUNCTION *f;
+    size_t i;
+
+    /* Sort alphabetically within category. For nicer help displays. */
+    for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
+    qsort(functions, i, sizeof(*functions), SortFnByName);
+
+    if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
+        return (NULL);
+
+    for (f = functions; f->name != NULL; f++)
+        (void)lh_FUNCTION_insert(ret, f);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/openssl.cnf b/openssl-1.1.0h/apps/openssl.cnf
new file mode 100644
index 0000000..b3e7444
--- /dev/null
+++ b/openssl-1.1.0h/apps/openssl.cnf
@@ -0,0 +1,346 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certs with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
diff --git a/openssl-1.1.0h/apps/opt.c b/openssl-1.1.0h/apps/opt.c
new file mode 100644
index 0000000..6e40f64
--- /dev/null
+++ b/openssl-1.1.0h/apps/opt.c
@@ -0,0 +1,977 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* #define COMPILE_STANDALONE_TEST_DRIVER  */
+#include "apps.h"
+#include <string.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <limits.h>
+#include <openssl/bio.h>
+#include <openssl/x509v3.h>
+
+#define MAX_OPT_HELP_WIDTH 30
+const char OPT_HELP_STR[] = "--";
+const char OPT_MORE_STR[] = "---";
+
+/* Our state */
+static char **argv;
+static int argc;
+static int opt_index;
+static char *arg;
+static char *flag;
+static char *dunno;
+static const OPTIONS *unknown;
+static const OPTIONS *opts;
+static char prog[40];
+
+/*
+ * Return the simple name of the program; removing various platform gunk.
+ */
+#if defined(OPENSSL_SYS_WIN32)
+char *opt_progname(const char *argv0)
+{
+    size_t i, n;
+    const char *p;
+    char *q;
+
+    /* find the last '/', '\' or ':' */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/' || *p == '\\' || *p == ':') {
+            p++;
+            break;
+        }
+
+    /* Strip off trailing nonsense. */
+    n = strlen(p);
+    if (n > 4 &&
+        (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
+        n -= 4;
+
+    /* Copy over the name, in lowercase. */
+    if (n > sizeof(prog) - 1)
+        n = sizeof(prog) - 1;
+    for (q = prog, i = 0; i < n; i++, p++)
+        *q++ = tolower((unsigned char)*p);
+    *q = '\0';
+    return prog;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+char *opt_progname(const char *argv0)
+{
+    const char *p, *q;
+
+    /* Find last special character sys:[foo.bar]openssl */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == ':' || *p == ']' || *p == '>') {
+            p++;
+            break;
+        }
+
+    q = strrchr(p, '.');
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    if (q != NULL && q - p < sizeof(prog))
+        prog[q - p] = '\0';
+    return prog;
+}
+
+#else
+
+char *opt_progname(const char *argv0)
+{
+    const char *p;
+
+    /* Could use strchr, but this is like the ones above. */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/') {
+            p++;
+            break;
+        }
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    return prog;
+}
+#endif
+
+char *opt_getprog(void)
+{
+    return prog;
+}
+
+/* Set up the arg parsing. */
+char *opt_init(int ac, char **av, const OPTIONS *o)
+{
+    /* Store state. */
+    argc = ac;
+    argv = av;
+    opt_index = 1;
+    opts = o;
+    opt_progname(av[0]);
+    unknown = NULL;
+
+    for (; o->name; ++o) {
+#ifndef NDEBUG
+        const OPTIONS *next;
+        int duplicated, i;
+#endif
+
+        if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
+            continue;
+#ifndef NDEBUG
+        i = o->valtype;
+
+        /* Make sure options are legit. */
+        assert(o->name[0] != '-');
+        assert(o->retval > 0);
+        switch (i) {
+        case   0: case '-': case '/': case '<': case '>': case 'E': case 'F':
+        case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
+        case 'u': case 'c':
+            break;
+        default:
+            assert(0);
+        }
+
+        /* Make sure there are no duplicates. */
+        for (next = o + 1; next->name; ++next) {
+            /*
+             * Some compilers inline strcmp and the assert string is too long.
+             */
+            duplicated = strcmp(o->name, next->name) == 0;
+            assert(!duplicated);
+        }
+#endif
+        if (o->name[0] == '\0') {
+            assert(unknown == NULL);
+            unknown = o;
+            assert(unknown->valtype == 0 || unknown->valtype == '-');
+        }
+    }
+    return prog;
+}
+
+static OPT_PAIR formats[] = {
+    {"PEM/DER", OPT_FMT_PEMDER},
+    {"pkcs12", OPT_FMT_PKCS12},
+    {"smime", OPT_FMT_SMIME},
+    {"engine", OPT_FMT_ENGINE},
+    {"msblob", OPT_FMT_MSBLOB},
+    {"netscape", OPT_FMT_NETSCAPE},
+    {"nss", OPT_FMT_NSS},
+    {"text", OPT_FMT_TEXT},
+    {"http", OPT_FMT_HTTP},
+    {"pvk", OPT_FMT_PVK},
+    {NULL}
+};
+
+/* Print an error message about a failed format parse. */
+int opt_format_error(const char *s, unsigned long flags)
+{
+    OPT_PAIR *ap;
+
+    if (flags == OPT_FMT_PEMDER)
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
+                   prog, s);
+    else {
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
+                   prog, s);
+        for (ap = formats; ap->name; ap++)
+            if (flags & ap->retval)
+                BIO_printf(bio_err, "   %s\n", ap->name);
+    }
+    return 0;
+}
+
+/* Parse a format string, put it into *result; return 0 on failure, else 1. */
+int opt_format(const char *s, unsigned long flags, int *result)
+{
+    switch (*s) {
+    default:
+        return 0;
+    case 'D':
+    case 'd':
+        if ((flags & OPT_FMT_PEMDER) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ASN1;
+        break;
+    case 'T':
+    case 't':
+        if ((flags & OPT_FMT_TEXT) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_TEXT;
+        break;
+    case 'N':
+    case 'n':
+        if ((flags & OPT_FMT_NSS) == 0)
+            return opt_format_error(s, flags);
+        if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_NSS;
+        break;
+    case 'S':
+    case 's':
+        if ((flags & OPT_FMT_SMIME) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_SMIME;
+        break;
+    case 'M':
+    case 'm':
+        if ((flags & OPT_FMT_MSBLOB) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_MSBLOB;
+        break;
+    case 'E':
+    case 'e':
+        if ((flags & OPT_FMT_ENGINE) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ENGINE;
+        break;
+    case 'H':
+    case 'h':
+        if ((flags & OPT_FMT_HTTP) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_HTTP;
+        break;
+    case '1':
+        if ((flags & OPT_FMT_PKCS12) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_PKCS12;
+        break;
+    case 'P':
+    case 'p':
+        if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
+            if ((flags & OPT_FMT_PEMDER) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PEM;
+        } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
+            if ((flags & OPT_FMT_PVK) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PVK;
+        } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
+                   || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
+            if ((flags & OPT_FMT_PKCS12) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PKCS12;
+        } else
+            return 0;
+        break;
+    }
+    return 1;
+}
+
+/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
+{
+    *cipherp = EVP_get_cipherbyname(name);
+    if (*cipherp)
+        return 1;
+    BIO_printf(bio_err, "%s: Unknown cipher %s\n", prog, name);
+    return 0;
+}
+
+/*
+ * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
+ */
+int opt_md(const char *name, const EVP_MD **mdp)
+{
+    *mdp = EVP_get_digestbyname(name);
+    if (*mdp)
+        return 1;
+    BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name);
+    return 0;
+}
+
+/* Look through a list of name/value pairs. */
+int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
+{
+    const OPT_PAIR *pp;
+
+    for (pp = pairs; pp->name; pp++)
+        if (strcmp(pp->name, name) == 0) {
+            *result = pp->retval;
+            return 1;
+        }
+    BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
+    for (pp = pairs; pp->name; pp++)
+        BIO_printf(bio_err, "\t%s\n", pp->name);
+    return 0;
+}
+
+/* Parse an int, put it into *result; return 0 on failure, else 1. */
+int opt_int(const char *value, int *result)
+{
+    long l;
+
+    if (!opt_long(value, &l))
+        return 0;
+    *result = (int)l;
+    if (*result != l) {
+        BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
+                   prog, value);
+        return 0;
+    }
+    return 1;
+}
+
+/* Parse a long, put it into *result; return 0 on failure, else 1. */
+int opt_long(const char *value, long *result)
+{
+    int oerrno = errno;
+    long l;
+    char *endp;
+
+    errno = 0;
+    l = strtol(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
+                   prog, value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+
+/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_imax(const char *value, intmax_t *result)
+{
+    int oerrno = errno;
+    intmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoimax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
+                   prog, value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+
+/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_umax(const char *value, uintmax_t *result)
+{
+    int oerrno = errno;
+    uintmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoumax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || (m == UINTMAX_MAX && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
+                   prog, value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+#endif
+
+/*
+ * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
+ */
+int opt_ulong(const char *value, unsigned long *result)
+{
+    int oerrno = errno;
+    char *endptr;
+    unsigned long l;
+
+    errno = 0;
+    l = strtoul(value, &endptr, 0);
+    if (*endptr
+            || endptr == value
+            || ((l == ULONG_MAX) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        BIO_printf(bio_err, "%s: Can't parse \"%s\" as an unsigned number\n",
+                   prog, value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+/*
+ * We pass opt as an int but cast it to "enum range" so that all the
+ * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
+ * in gcc do the right thing.
+ */
+enum range { OPT_V_ENUM };
+
+int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    ossl_intmax_t t = 0;
+    ASN1_OBJECT *otmp;
+    X509_PURPOSE *xptmp;
+    const X509_VERIFY_PARAM *vtmp;
+
+    assert(vpm != NULL);
+    assert(opt > OPT_V__FIRST);
+    assert(opt < OPT_V__LAST);
+
+    switch ((enum range)opt) {
+    case OPT_V__FIRST:
+    case OPT_V__LAST:
+        return 0;
+    case OPT_V_POLICY:
+        otmp = OBJ_txt2obj(opt_arg(), 0);
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+        break;
+    case OPT_V_PURPOSE:
+        /* purpose name -> purpose index */
+        i = X509_PURPOSE_get_by_sname(opt_arg());
+        if (i < 0) {
+            BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
+            return 0;
+        }
+
+        /* purpose index -> purpose object */
+        xptmp = X509_PURPOSE_get0(i);
+
+        /* purpose object -> purpose value */
+        i = X509_PURPOSE_get_id(xptmp);
+
+        if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
+            BIO_printf(bio_err,
+                       "%s: Internal error setting purpose %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        break;
+    case OPT_V_VERIFY_NAME:
+        vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
+        if (vtmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid verify name %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set1(vpm, vtmp);
+        break;
+    case OPT_V_VERIFY_DEPTH:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_depth(vpm, i);
+        break;
+    case OPT_V_VERIFY_AUTH_LEVEL:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_auth_level(vpm, i);
+        break;
+    case OPT_V_ATTIME:
+        if (!opt_imax(opt_arg(), &t))
+            return 0;
+        if (t != (time_t)t) {
+            BIO_printf(bio_err, "%s: epoch time out of range %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
+        break;
+    case OPT_V_VERIFY_HOSTNAME:
+        if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_EMAIL:
+        if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_IP:
+        if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
+            return 0;
+        break;
+    case OPT_V_IGNORE_CRITICAL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
+        break;
+    case OPT_V_ISSUER_CHECKS:
+        /* NOP, deprecated */
+        break;
+    case OPT_V_CRL_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
+        break;
+    case OPT_V_CRL_CHECK_ALL:
+        X509_VERIFY_PARAM_set_flags(vpm,
+                                    X509_V_FLAG_CRL_CHECK |
+                                    X509_V_FLAG_CRL_CHECK_ALL);
+        break;
+    case OPT_V_POLICY_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
+        break;
+    case OPT_V_EXPLICIT_POLICY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
+        break;
+    case OPT_V_INHIBIT_ANY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
+        break;
+    case OPT_V_INHIBIT_MAP:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
+        break;
+    case OPT_V_X509_STRICT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
+        break;
+    case OPT_V_EXTENDED_CRL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
+        break;
+    case OPT_V_USE_DELTAS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
+        break;
+    case OPT_V_POLICY_PRINT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
+        break;
+    case OPT_V_CHECK_SS_SIG:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
+        break;
+    case OPT_V_TRUSTED_FIRST:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
+        break;
+    case OPT_V_SUITEB_128_ONLY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
+        break;
+    case OPT_V_SUITEB_128:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
+        break;
+    case OPT_V_SUITEB_192:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
+        break;
+    case OPT_V_PARTIAL_CHAIN:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
+        break;
+    case OPT_V_NO_ALT_CHAINS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
+        break;
+    case OPT_V_NO_CHECK_TIME:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
+        break;
+    case OPT_V_ALLOW_PROXY_CERTS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        break;
+    }
+    return 1;
+
+}
+
+/*
+ * Parse the next flag (and value if specified), return 0 if done, -1 on
+ * error, otherwise the flag's retval.
+ */
+int opt_next(void)
+{
+    char *p;
+    const OPTIONS *o;
+    int ival;
+    long lval;
+    unsigned long ulval;
+    ossl_intmax_t imval;
+    ossl_uintmax_t umval;
+
+    /* Look at current arg; at end of the list? */
+    arg = NULL;
+    p = argv[opt_index];
+    if (p == NULL)
+        return 0;
+
+    /* If word doesn't start with a -, we're done. */
+    if (*p != '-')
+        return 0;
+
+    /* Hit "--" ? We're done. */
+    opt_index++;
+    if (strcmp(p, "--") == 0)
+        return 0;
+
+    /* Allow -nnn and --nnn */
+    if (*++p == '-')
+        p++;
+    flag = p - 1;
+
+    /* If we have --flag=foo, snip it off */
+    if ((arg = strchr(p, '=')) != NULL)
+        *arg++ = '\0';
+    for (o = opts; o->name; ++o) {
+        /* If not this option, move on to the next one. */
+        if (strcmp(p, o->name) != 0)
+            continue;
+
+        /* If it doesn't take a value, make sure none was given. */
+        if (o->valtype == 0 || o->valtype == '-') {
+            if (arg) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s does not take a value\n", prog, p);
+                return -1;
+            }
+            return o->retval;
+        }
+
+        /* Want a value; get the next param if =foo not used. */
+        if (arg == NULL) {
+            if (argv[opt_index] == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s needs a value\n", prog, o->name);
+                return -1;
+            }
+            arg = argv[opt_index++];
+        }
+
+        /* Syntax-check value. */
+        switch (o->valtype) {
+        default:
+        case 's':
+            /* Just a string. */
+            break;
+        case '/':
+            if (app_isdir(arg) >= 0)
+                break;
+            BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
+            return -1;
+        case '<':
+            /* Input file. */
+            if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) >= 0)
+                break;
+            BIO_printf(bio_err,
+                       "%s: Cannot open input file %s, %s\n",
+                       prog, arg, strerror(errno));
+            return -1;
+        case '>':
+            /* Output file. */
+            if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) >= 0 || errno == ENOENT)
+                break;
+            BIO_printf(bio_err,
+                       "%s: Cannot open output file %s, %s\n",
+                       prog, arg, strerror(errno));
+            return -1;
+        case 'p':
+        case 'n':
+            if (!opt_int(arg, &ival)
+                    || (o->valtype == 'p' && ival <= 0)) {
+                BIO_printf(bio_err,
+                           "%s: Non-positive number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'M':
+            if (!opt_imax(arg, &imval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'U':
+            if (!opt_umax(arg, &umval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'l':
+            if (!opt_long(arg, &lval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'u':
+            if (!opt_ulong(arg, &ulval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'c':
+        case 'E':
+        case 'F':
+        case 'f':
+            if (opt_format(arg,
+                           o->valtype == 'c' ? OPT_FMT_PDS :
+                           o->valtype == 'E' ? OPT_FMT_PDE :
+                           o->valtype == 'F' ? OPT_FMT_PEMDER
+                           : OPT_FMT_ANY, &ival))
+                break;
+            BIO_printf(bio_err,
+                       "%s: Invalid format \"%s\" for -%s\n",
+                       prog, arg, o->name);
+            return -1;
+        }
+
+        /* Return the flag value. */
+        return o->retval;
+    }
+    if (unknown != NULL) {
+        dunno = p;
+        return unknown->retval;
+    }
+    BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
+    return -1;
+}
+
+/* Return the most recent flag parameter. */
+char *opt_arg(void)
+{
+    return arg;
+}
+
+/* Return the most recent flag. */
+char *opt_flag(void)
+{
+    return flag;
+}
+
+/* Return the unknown option. */
+char *opt_unknown(void)
+{
+    return dunno;
+}
+
+/* Return the rest of the arguments after parsing flags. */
+char **opt_rest(void)
+{
+    return &argv[opt_index];
+}
+
+/* How many items in remaining args? */
+int opt_num_rest(void)
+{
+    int i = 0;
+    char **pp;
+
+    for (pp = opt_rest(); *pp; pp++, i++)
+        continue;
+    return i;
+}
+
+/* Return a string describing the parameter type. */
+static const char *valtype2param(const OPTIONS *o)
+{
+    switch (o->valtype) {
+    case 0:
+    case '-':
+        return "";
+    case 's':
+        return "val";
+    case '/':
+        return "dir";
+    case '<':
+        return "infile";
+    case '>':
+        return "outfile";
+    case 'p':
+        return "+int";
+    case 'n':
+        return "int";
+    case 'l':
+        return "long";
+    case 'u':
+        return "ulong";
+    case 'E':
+        return "PEM|DER|ENGINE";
+    case 'F':
+        return "PEM|DER";
+    case 'f':
+        return "format";
+    case 'M':
+        return "intmax";
+    case 'U':
+        return "uintmax";
+    }
+    return "parm";
+}
+
+void opt_help(const OPTIONS *list)
+{
+    const OPTIONS *o;
+    int i;
+    int standard_prolog;
+    int width = 5;
+    char start[80 + 1];
+    char *p;
+    const char *help;
+
+    /* Starts with its own help message? */
+    standard_prolog = list[0].name != OPT_HELP_STR;
+
+    /* Find the widest help. */
+    for (o = list; o->name; o++) {
+        if (o->name == OPT_MORE_STR)
+            continue;
+        i = 2 + (int)strlen(o->name);
+        if (o->valtype != '-')
+            i += 1 + strlen(valtype2param(o));
+        if (i < MAX_OPT_HELP_WIDTH && i > width)
+            width = i;
+        assert(i < (int)sizeof(start));
+    }
+
+    if (standard_prolog)
+        BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
+                   prog);
+
+    /* Now let's print. */
+    for (o = list; o->name; o++) {
+        help = o->helpstr ? o->helpstr : "(No additional info)";
+        if (o->name == OPT_HELP_STR) {
+            BIO_printf(bio_err, help, prog);
+            continue;
+        }
+
+        /* Pad out prefix */
+        memset(start, ' ', sizeof(start) - 1);
+        start[sizeof(start) - 1] = '\0';
+
+        if (o->name == OPT_MORE_STR) {
+            /* Continuation of previous line; pad and print. */
+            start[width] = '\0';
+            BIO_printf(bio_err, "%s  %s\n", start, help);
+            continue;
+        }
+
+        /* Build up the "-flag [param]" part. */
+        p = start;
+        *p++ = ' ';
+        *p++ = '-';
+        if (o->name[0])
+            p += strlen(strcpy(p, o->name));
+        else
+            *p++ = '*';
+        if (o->valtype != '-') {
+            *p++ = ' ';
+            p += strlen(strcpy(p, valtype2param(o)));
+        }
+        *p = ' ';
+        if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
+            *p = '\0';
+            BIO_printf(bio_err, "%s\n", start);
+            memset(start, ' ', sizeof(start));
+        }
+        start[width] = '\0';
+        BIO_printf(bio_err, "%s  %s\n", start, help);
+    }
+}
+
+#ifdef COMPILE_STANDALONE_TEST_DRIVER
+# include <sys/stat.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN, OPT_INFORM, OPT_OUT, OPT_COUNT, OPT_U, OPT_FLAG,
+    OPT_STR, OPT_NOTUSED
+} OPTION_CHOICE;
+
+static OPTIONS options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s flags\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "input file"},
+    {OPT_MORE_STR, 1, '-', "more detail about input"},
+    {"inform", OPT_INFORM, 'f', "input file format; defaults to pem"},
+    {"out", OPT_OUT, '>', "output file"},
+    {"count", OPT_COUNT, 'p', "a counter greater than zero"},
+    {"u", OPT_U, 'u', "an unsigned number"},
+    {"flag", OPT_FLAG, 0, "just some flag"},
+    {"str", OPT_STR, 's', "the magic word"},
+    {"areallyverylongoption", OPT_HELP, '-', "long way for help"},
+    {NULL}
+};
+
+BIO *bio_err;
+
+int app_isdir(const char *name)
+{
+    struct stat sb;
+
+    return name != NULL && stat(name, &sb) >= 0 && S_ISDIR(sb.st_mode);
+}
+
+int main(int ac, char **av)
+{
+    OPTION_CHOICE o;
+    char **rest;
+    char *prog;
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    prog = opt_init(ac, av, options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (c) {
+        case OPT_NOTUSED:
+        case OPT_EOF:
+        case OPT_ERR:
+            printf("%s: Usage error; try -help.\n", prog);
+            return 1;
+        case OPT_HELP:
+            opt_help(options);
+            return 0;
+        case OPT_IN:
+            printf("in %s\n", opt_arg());
+            break;
+        case OPT_INFORM:
+            printf("inform %s\n", opt_arg());
+            break;
+        case OPT_OUT:
+            printf("out %s\n", opt_arg());
+            break;
+        case OPT_COUNT:
+            printf("count %s\n", opt_arg());
+            break;
+        case OPT_U:
+            printf("u %s\n", opt_arg());
+            break;
+        case OPT_FLAG:
+            printf("flag\n");
+            break;
+        case OPT_STR:
+            printf("str %s\n", opt_arg());
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    printf("args = %d\n", argc);
+    if (argc)
+        while (*argv)
+            printf("  %s\n", *argv++);
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/apps/passwd.c b/openssl-1.1.0h/apps/passwd.c
new file mode 100644
index 0000000..f2b0d9a
--- /dev/null
+++ b/openssl-1.1.0h/apps/passwd.c
@@ -0,0 +1,512 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+# define NO_MD5CRYPT_1
+#endif
+
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+
+# include <string.h>
+
+# include "apps.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# ifndef OPENSSL_NO_DES
+#  include <openssl/des.h>
+# endif
+# ifndef NO_MD5CRYPT_1
+#  include <openssl/md5.h>
+# endif
+
+static unsigned const char cov_2char[64] = {
+    /* from crypto/des/fcrypt.c */
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
+                     int useapr1);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN,
+    OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
+    OPT_1, OPT_CRYPT, OPT_SALT, OPT_STDIN
+} OPTION_CHOICE;
+
+OPTIONS passwd_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Read passwords from file"},
+    {"noverify", OPT_NOVERIFY, '-',
+     "Never verify when reading password from terminal"},
+    {"quiet", OPT_QUIET, '-', "No warnings"},
+    {"table", OPT_TABLE, '-', "Format output as table"},
+    {"reverse", OPT_REVERSE, '-', "Switch table columns"},
+    {"salt", OPT_SALT, 's', "Use provided salt"},
+    {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
+# ifndef NO_MD5CRYPT_1
+    {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
+    {"1", OPT_1, '-', "MD5-based password algorithm"},
+# endif
+# ifndef OPENSSL_NO_DES
+    {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
+# endif
+    {NULL}
+};
+
+int passwd_main(int argc, char **argv)
+{
+    BIO *in = NULL;
+    char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
+    char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
+    OPTION_CHOICE o;
+    int in_stdin = 0, pw_source_defined = 0;
+# ifndef OPENSSL_NO_UI
+    int in_noverify = 0;
+# endif
+    int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+    int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
+    size_t passwd_malloc_size = 0, pw_maxlen = 256;
+
+    prog = opt_init(argc, argv, passwd_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(passwd_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            if (pw_source_defined)
+                goto opthelp;
+            infile = opt_arg();
+            pw_source_defined = 1;
+            break;
+        case OPT_NOVERIFY:
+# ifndef OPENSSL_NO_UI
+            in_noverify = 1;
+# endif
+            break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
+        case OPT_TABLE:
+            table = 1;
+            break;
+        case OPT_REVERSE:
+            reverse = 1;
+            break;
+        case OPT_1:
+            use1 = 1;
+            break;
+        case OPT_APR1:
+            useapr1 = 1;
+            break;
+        case OPT_CRYPT:
+            usecrypt = 1;
+            break;
+        case OPT_SALT:
+            passed_salt = 1;
+            salt = opt_arg();
+            break;
+        case OPT_STDIN:
+            if (pw_source_defined)
+                goto opthelp;
+            in_stdin = 1;
+            pw_source_defined = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (*argv) {
+        if (pw_source_defined)
+            goto opthelp;
+        pw_source_defined = 1;
+        passwds = argv;
+    }
+
+    if (!usecrypt && !use1 && !useapr1) {
+        /* use default */
+        usecrypt = 1;
+    }
+    if (usecrypt + use1 + useapr1 > 1) {
+        /* conflict */
+        goto opthelp;
+    }
+
+# ifdef OPENSSL_NO_DES
+    if (usecrypt)
+        goto opthelp;
+# endif
+# ifdef NO_MD5CRYPT_1
+    if (use1 || useapr1)
+        goto opthelp;
+# endif
+
+    if (infile != NULL && in_stdin) {
+        BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
+        goto end;
+    }
+
+    if (infile != NULL || in_stdin) {
+        /*
+         * If in_stdin is true, we know that infile is NULL, and that
+         * bio_open_default() will give us back an alias for stdin.
+         */
+        in = bio_open_default(infile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+    }
+
+    if (usecrypt)
+        pw_maxlen = 8;
+    else if (use1 || useapr1)
+        pw_maxlen = 256;        /* arbitrary limit, should be enough for most
+                                 * passwords */
+
+    if (passwds == NULL) {
+        /* no passwords on the command line */
+
+        passwd_malloc_size = pw_maxlen + 2;
+        /* longer than necessary so that we can warn about truncation */
+        passwd = passwd_malloc =
+            app_malloc(passwd_malloc_size, "password buffer");
+    }
+
+    if ((in == NULL) && (passwds == NULL)) {
+        /*
+         * we use the following method to make sure what
+         * in the 'else' section is always compiled, to
+         * avoid rot of not-frequently-used code.
+         */
+        if (1) {
+# ifndef OPENSSL_NO_UI
+            /* build a null-terminated list */
+            static char *passwds_static[2] = { NULL, NULL };
+
+            passwds = passwds_static;
+            if (in == NULL) {
+                if (EVP_read_pw_string
+                    (passwd_malloc, passwd_malloc_size, "Password: ",
+                     !(passed_salt || in_noverify)) != 0)
+                    goto end;
+            }
+            passwds[0] = passwd_malloc;
+        } else {
+# endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    if (in == NULL) {
+        assert(passwds != NULL);
+        assert(*passwds != NULL);
+
+        do {                    /* loop over list of passwords */
+            passwd = *passwds++;
+            if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
+                           quiet, table, reverse, pw_maxlen, usecrypt, use1,
+                           useapr1))
+                goto end;
+        } while (*passwds != NULL);
+    } else {
+        /* in != NULL */
+        int done;
+
+        assert(passwd != NULL);
+        do {
+            int r = BIO_gets(in, passwd, pw_maxlen + 1);
+            if (r > 0) {
+                char *c = (strchr(passwd, '\n'));
+                if (c != NULL) {
+                    *c = 0;     /* truncate at newline */
+                } else {
+                    /* ignore rest of line */
+                    char trash[BUFSIZ];
+                    do
+                        r = BIO_gets(in, trash, sizeof(trash));
+                    while ((r > 0) && (!strchr(trash, '\n')));
+                }
+
+                if (!do_passwd
+                    (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
+                     table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+                    goto end;
+            }
+            done = (r <= 0);
+        } while (!done);
+    }
+    ret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    OPENSSL_free(salt_malloc);
+    OPENSSL_free(passwd_malloc);
+    BIO_free(in);
+    return (ret);
+}
+
+# ifndef NO_MD5CRYPT_1
+/*
+ * MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable). For magic
+ * string "1", this should be compatible to the MD5-based BSD password
+ * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
+ * Apache password algorithm. (Apparently, the Apache password algorithm is
+ * identical except that the 'magic' string was changed -- the laziest
+ * application of the NIH principle I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* "$apr1$..salt..$.......md5hash..........\0" */
+    static char out_buf[6 + 9 + 24 + 2];
+    unsigned char buf[MD5_DIGEST_LENGTH];
+    char *salt_out;
+    int n;
+    unsigned int i;
+    EVP_MD_CTX *md = NULL, *md2 = NULL;
+    size_t passwd_len, salt_len, magic_len;
+
+    passwd_len = strlen(passwd);
+    out_buf[0] = '$';
+    out_buf[1] = 0;
+    magic_len = strlen(magic);
+
+    if (magic_len > 4)    /* assert it's  "1" or "apr1" */
+        return NULL;
+
+    OPENSSL_strlcat(out_buf, magic, sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, "$", sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, salt, sizeof(out_buf));
+
+    if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
+        return NULL;
+
+    salt_out = out_buf + 2 + magic_len;
+    salt_len = strlen(salt_out);
+
+    if (salt_len > 8)
+        return NULL;
+
+    md = EVP_MD_CTX_new();
+    if (md == NULL
+        || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md, passwd, passwd_len)
+        || !EVP_DigestUpdate(md, "$", 1)
+        || !EVP_DigestUpdate(md, magic, magic_len)
+        || !EVP_DigestUpdate(md, "$", 1)
+        || !EVP_DigestUpdate(md, salt_out, salt_len))
+        goto err;
+
+    md2 = EVP_MD_CTX_new();
+    if (md2 == NULL
+        || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestUpdate(md2, salt_out, salt_len)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestFinal_ex(md2, buf, NULL))
+        goto err;
+
+    for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
+        if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
+            goto err;
+    }
+    if (!EVP_DigestUpdate(md, buf, i))
+        goto err;
+
+    n = passwd_len;
+    while (n) {
+        if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
+            goto err;
+        n >>= 1;
+    }
+    if (!EVP_DigestFinal_ex(md, buf, NULL))
+        return NULL;
+
+    for (i = 0; i < 1000; i++) {
+        if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
+            goto err;
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? (unsigned const char *)passwd : buf,
+                              (i & 1) ? passwd_len : sizeof(buf)))
+            goto err;
+        if (i % 3) {
+            if (!EVP_DigestUpdate(md2, salt_out, salt_len))
+                goto err;
+        }
+        if (i % 7) {
+            if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+                goto err;
+        }
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? buf : (unsigned const char *)passwd,
+                              (i & 1) ? sizeof(buf) : passwd_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md2, buf, NULL))
+                goto err;
+    }
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    md2 = NULL;
+    md = NULL;
+
+    {
+        /* transform buf into output string */
+        unsigned char buf_perm[sizeof(buf)];
+        int dest, source;
+        char *output;
+
+        /* silly output permutation */
+        for (dest = 0, source = 0; dest < 14;
+             dest++, source = (source + 6) % 17)
+            buf_perm[dest] = buf[source];
+        buf_perm[14] = buf[5];
+        buf_perm[15] = buf[11];
+#  ifndef PEDANTIC              /* Unfortunately, this generates a "no
+                                 * effect" warning */
+        assert(16 == sizeof(buf_perm));
+#  endif
+
+        output = salt_out + salt_len;
+        assert(output == out_buf + strlen(out_buf));
+
+        *output++ = '$';
+
+        for (i = 0; i < 15; i += 3) {
+            *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+            *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+                                  (buf_perm[i + 2] >> 6)];
+            *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+                                  (buf_perm[i + 1] >> 4)];
+            *output++ = cov_2char[buf_perm[i] >> 2];
+        }
+        assert(i == 15);
+        *output++ = cov_2char[buf_perm[i] & 0x3f];
+        *output++ = cov_2char[buf_perm[i] >> 6];
+        *output = 0;
+        assert(strlen(out_buf) < sizeof(out_buf));
+    }
+
+    return out_buf;
+
+ err:
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    return NULL;
+}
+# endif
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
+                     int useapr1)
+{
+    char *hash = NULL;
+
+    assert(salt_p != NULL);
+    assert(salt_malloc_p != NULL);
+
+    /* first make sure we have a salt */
+    if (!passed_salt) {
+# ifndef OPENSSL_NO_DES
+        if (usecrypt) {
+            if (*salt_malloc_p == NULL)
+                *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer");
+            if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
+                goto end;
+            (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+            (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+            (*salt_p)[2] = 0;
+#  ifdef CHARSET_EBCDIC
+            ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
+                                                * to ASCII */
+#  endif
+        }
+# endif                         /* !OPENSSL_NO_DES */
+
+# ifndef NO_MD5CRYPT_1
+        if (use1 || useapr1) {
+            int i;
+
+            if (*salt_malloc_p == NULL)
+                *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer");
+            if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
+                goto end;
+
+            for (i = 0; i < 8; i++)
+                (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+            (*salt_p)[8] = 0;
+        }
+# endif                         /* !NO_MD5CRYPT_1 */
+    }
+
+    assert(*salt_p != NULL);
+
+    /* truncate password if necessary */
+    if ((strlen(passwd) > pw_maxlen)) {
+        if (!quiet)
+            /*
+             * XXX: really we should know how to print a size_t, not cast it
+             */
+            BIO_printf(bio_err,
+                       "Warning: truncating password to %u characters\n",
+                       (unsigned)pw_maxlen);
+        passwd[pw_maxlen] = 0;
+    }
+    assert(strlen(passwd) <= pw_maxlen);
+
+    /* now compute password hash */
+# ifndef OPENSSL_NO_DES
+    if (usecrypt)
+        hash = DES_crypt(passwd, *salt_p);
+# endif
+# ifndef NO_MD5CRYPT_1
+    if (use1 || useapr1)
+        hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+# endif
+    assert(hash != NULL);
+
+    if (table && !reverse)
+        BIO_printf(out, "%s\t%s\n", passwd, hash);
+    else if (table && reverse)
+        BIO_printf(out, "%s\t%s\n", hash, passwd);
+    else
+        BIO_printf(out, "%s\n", hash);
+    return 1;
+
+ end:
+    return 0;
+}
+#else
+
+int passwd_main(int argc, char **argv)
+{
+    BIO_printf(bio_err, "Program not available.\n");
+    return (1);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/pca-cert.srl b/openssl-1.1.0h/apps/pca-cert.srl
new file mode 100644
index 0000000..2c7456e
--- /dev/null
+++ b/openssl-1.1.0h/apps/pca-cert.srl
@@ -0,0 +1 @@
+07
diff --git a/openssl-1.1.0h/apps/pca-key.pem b/openssl-1.1.0h/apps/pca-key.pem
new file mode 100644
index 0000000..c6ad0e9
--- /dev/null
+++ b/openssl-1.1.0h/apps/pca-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
+xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
+rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
+GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
+o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
+Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
+IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
+6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
+NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
+kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
+Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
+641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
+wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
+HgIoacuFDKz5CA==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/pca-req.pem b/openssl-1.1.0h/apps/pca-req.pem
new file mode 100644
index 0000000..5a8c5cb
--- /dev/null
+++ b/openssl-1.1.0h/apps/pca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
+GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2GI47aS7P5X5D
+xcQBWeFdx3uZmRW7BGpCvWwNn0Gq8q3kcMn4W12wyR8gVfnOMSOX25plXdrf7rOJ
+OKzIRrAbS/PUqghB4TyaSxcsIkFZiUwIwDWK1pGSubkf/vmJmcs7i3zxywbrbiun
+BRil8NzTU6MY2KKDH9Jmndqz193CkwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEA
+eJdCB0nHnFK0hek4biAxX0GuJXkknuUy46NKEhv3GBwt4gtO29bfkbQTGOsBBKNs
+KptlnkItscOXY+0lSva9K3XlwD9do7k2IZFtXJVayZVw1GcKybIY0l7B6kcSxG7T
+f3CsO+ifdrsJKtyoZNs96lBMrtXyGybt3mgQNdZauQU=
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/pkcs12.c b/openssl-1.1.0h/apps/pkcs12.c
new file mode 100644
index 0000000..85f649d
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkcs12.c
@@ -0,0 +1,935 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#if defined(OPENSSL_NO_DES)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/pkcs12.h>
+
+# define NOKEYS          0x1
+# define NOCERTS         0x2
+# define INFO            0x4
+# define CLCERTS         0x8
+# define CACERTS         0x10
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
+                        const char *pass, int passlen, int options,
+                        char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
+                         const char *pass, int passlen,
+                         int options, char *pempass, const EVP_CIPHER *enc);
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+static int alg_print(const X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(int *ppbe, const char *str);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
+    OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
+    OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+    OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
+    OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
+    OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
+    OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE
+} OPTION_CHOICE;
+
+OPTIONS pkcs12_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+    {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
+    {"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
+    {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
+    {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
+    {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
+    {"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
+    {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+    {"chain", OPT_CHAIN, '-', "Add certificate chain"},
+    {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+    {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
+# ifndef OPENSSL_NO_RC2
+    {"descert", OPT_DESCERT, '-',
+     "Encrypt output with 3DES (default RC2-40)"},
+    {"certpbe", OPT_CERTPBE, 's',
+     "Certificate PBE algorithm (default RC2-40)"},
+# else
+    {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
+    {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
+# endif
+    {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
+    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
+    {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
+    {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+    {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
+    {"LMK", OPT_LMK, '-',
+     "Add local machine keyset attribute to private key"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
+    {"macalg", OPT_MACALG, 's',
+     "Digest algorithm used in MAC (default SHA1)"},
+    {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"inkey", OPT_INKEY, 's', "Private key if not infile"},
+    {"certfile", OPT_CERTFILE, '<', "Load certs from file"},
+    {"name", OPT_NAME, 's', "Use name as friendly name"},
+    {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+    {"caname", OPT_CANAME, 's',
+     "Use name as CA friendly name (can be repeated)"},
+    {"in", OPT_IN, '<', "Input filename"},
+    {"out", OPT_OUT, '>', "Output filename"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+    {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int pkcs12_main(int argc, char **argv)
+{
+    char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
+    char *name = NULL, *csp_name = NULL;
+    char pass[2048] = "", macpass[2048] = "";
+    int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+    int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
+# ifndef OPENSSL_NO_RC2
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+# else
+    int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+# endif
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    int ret = 1, macver = 1, add_lmk = 0, private = 0;
+    int noprompt = 0;
+    char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
+    char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL;
+    char *cpass = NULL, *mpass = NULL, *badpass = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *prog;
+    int noCApath = 0, noCAfile = 0;
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    PKCS12 *p12 = NULL;
+    STACK_OF(OPENSSL_STRING) *canames = NULL;
+    const EVP_CIPHER *enc = EVP_des_ede3_cbc();
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs12_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs12_options);
+            ret = 0;
+            goto end;
+        case OPT_NOKEYS:
+            options |= NOKEYS;
+            break;
+        case OPT_KEYEX:
+            keytype = KEY_EX;
+            break;
+        case OPT_KEYSIG:
+            keytype = KEY_SIG;
+            break;
+        case OPT_NOCERTS:
+            options |= NOCERTS;
+            break;
+        case OPT_CLCERTS:
+            options |= CLCERTS;
+            break;
+        case OPT_CACERTS:
+            options |= CACERTS;
+            break;
+        case OPT_NOOUT:
+            options |= (NOKEYS | NOCERTS);
+            break;
+        case OPT_INFO:
+            options |= INFO;
+            break;
+        case OPT_CHAIN:
+            chain = 1;
+            break;
+        case OPT_TWOPASS:
+            twopass = 1;
+            break;
+        case OPT_NOMACVER:
+            macver = 0;
+            break;
+        case OPT_DESCERT:
+            cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+            break;
+        case OPT_EXPORT:
+            export_cert = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_MACITER:
+            maciter = PKCS12_DEFAULT_ITER;
+            break;
+        case OPT_NOMACITER:
+            maciter = 1;
+            break;
+        case OPT_NOMAC:
+            maciter = -1;
+            break;
+        case OPT_MACALG:
+            macalg = opt_arg();
+            break;
+        case OPT_NODES:
+            enc = NULL;
+            break;
+        case OPT_CERTPBE:
+            if (!set_pbe(&cert_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_KEYPBE:
+            if (!set_pbe(&key_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_INKEY:
+            keyname = opt_arg();
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_NAME:
+            name = opt_arg();
+            break;
+        case OPT_LMK:
+            add_lmk = 1;
+            break;
+        case OPT_CSP:
+            csp_name = opt_arg();
+            break;
+        case OPT_CANAME:
+            if (canames == NULL
+                && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(canames, opt_arg());
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PASSWORD:
+            passarg = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (passarg) {
+        if (export_cert)
+            passoutarg = passarg;
+        else
+            passinarg = passarg;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (!cpass) {
+        if (export_cert)
+            cpass = passout;
+        else
+            cpass = passin;
+    }
+
+    if (cpass) {
+        mpass = cpass;
+        noprompt = 1;
+    } else {
+        cpass = pass;
+        mpass = macpass;
+    }
+
+    if (export_cert || inrand) {
+        app_RAND_load_file(NULL, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+
+    if (twopass) {
+        if (1) {
+#ifndef OPENSSL_NO_UI
+            if (EVP_read_pw_string
+                (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Unsupported option -twopass\n");
+            goto end;
+        }
+    }
+
+    if (export_cert) {
+        EVP_PKEY *key = NULL;
+        X509 *ucert = NULL, *x = NULL;
+        STACK_OF(X509) *certs = NULL;
+        const EVP_MD *macmd = NULL;
+        unsigned char *catmp = NULL;
+        int i;
+
+        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+            BIO_printf(bio_err, "Nothing to do!\n");
+            goto export_end;
+        }
+
+        if (options & NOCERTS)
+            chain = 0;
+
+        if (!(options & NOKEYS)) {
+            key = load_key(keyname ? keyname : infile,
+                           FORMAT_PEM, 1, passin, e, "private key");
+            if (!key)
+                goto export_end;
+        }
+
+        /* Load in all certs in input file */
+        if (!(options & NOCERTS)) {
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
+                            "certificates"))
+                goto export_end;
+
+            if (key) {
+                /* Look for matching private key */
+                for (i = 0; i < sk_X509_num(certs); i++) {
+                    x = sk_X509_value(certs, i);
+                    if (X509_check_private_key(x, key)) {
+                        ucert = x;
+                        /* Zero keyid and alias */
+                        X509_keyid_set1(ucert, NULL, 0);
+                        X509_alias_set1(ucert, NULL, 0);
+                        /* Remove from list */
+                        (void)sk_X509_delete(certs, i);
+                        break;
+                    }
+                }
+                if (!ucert) {
+                    BIO_printf(bio_err,
+                               "No certificate matches private key\n");
+                    goto export_end;
+                }
+            }
+
+        }
+
+        /* Add any more certificates asked for */
+        if (certfile) {
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
+                            "certificates from certfile"))
+                goto export_end;
+        }
+
+        /* If chaining get chain from user cert */
+        if (chain) {
+            int vret;
+            STACK_OF(X509) *chain2;
+            X509_STORE *store;
+            if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath))
+                    == NULL)
+                goto export_end;
+
+            vret = get_cert_chain(ucert, store, &chain2);
+            X509_STORE_free(store);
+
+            if (vret == X509_V_OK) {
+                /* Exclude verified certificate */
+                for (i = 1; i < sk_X509_num(chain2); i++)
+                    sk_X509_push(certs, sk_X509_value(chain2, i));
+                /* Free first certificate */
+                X509_free(sk_X509_value(chain2, 0));
+                sk_X509_free(chain2);
+            } else {
+                if (vret != X509_V_ERR_UNSPECIFIED)
+                    BIO_printf(bio_err, "Error %s getting chain.\n",
+                               X509_verify_cert_error_string(vret));
+                else
+                    ERR_print_errors(bio_err);
+                goto export_end;
+            }
+        }
+
+        /* Add any CA names */
+
+        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+            catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
+            X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+        }
+
+        if (csp_name && key)
+            EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+                                      MBSTRING_ASC, (unsigned char *)csp_name,
+                                      -1);
+
+        if (add_lmk && key)
+            EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+        if (!noprompt) {
+            if (1) {
+#ifndef OPENSSL_NO_UI
+                if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
+                                       1)) {
+                    BIO_printf(bio_err, "Can't read Password\n");
+                    goto export_end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto export_end;
+            }
+        }
+
+        if (!twopass)
+            OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+        p12 = PKCS12_create(cpass, name, key, ucert, certs,
+                            key_pbe, cert_pbe, iter, -1, keytype);
+
+        if (!p12) {
+            ERR_print_errors(bio_err);
+            goto export_end;
+        }
+
+        if (macalg) {
+            if (!opt_md(macalg, &macmd))
+                goto opthelp;
+        }
+
+        if (maciter != -1)
+            PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
+
+        assert(private);
+
+        out = bio_open_owner(outfile, FORMAT_PKCS12, private);
+        if (out == NULL)
+            goto end;
+
+        i2d_PKCS12_bio(out, p12);
+
+        ret = 0;
+
+ export_end:
+
+        EVP_PKEY_free(key);
+        sk_X509_pop_free(certs, X509_free);
+        X509_free(ucert);
+
+        goto end;
+
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_PKCS12);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!noprompt) {
+        if (1) {
+#ifndef OPENSSL_NO_UI
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
+                                   0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+    }
+
+    if (!twopass)
+        OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+    if ((options & INFO) && PKCS12_mac_present(p12)) {
+        const ASN1_INTEGER *tmaciter;
+        const X509_ALGOR *macalgid;
+        const ASN1_OBJECT *macobj;
+        PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
+        X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
+        BIO_puts(bio_err, "MAC:");
+        i2a_ASN1_OBJECT(bio_err, macobj);
+        BIO_printf(bio_err, " Iteration %ld\n",
+                   tmaciter  != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+    }
+    if (macver) {
+        /* If we enter empty password try no password first */
+        if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+            /* If mac and crypto pass the same set it to NULL too */
+            if (!twopass)
+                cpass = NULL;
+        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+            /*
+             * May be UTF8 from previous version of OpenSSL:
+             * convert to a UTF8 form which will translate
+             * to the same Unicode password.
+             */
+            unsigned char *utmp;
+            int utmplen;
+            utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen);
+            if (utmp == NULL)
+                goto end;
+            badpass = OPENSSL_uni2utf8(utmp, utmplen);
+            OPENSSL_free(utmp);
+            if (!PKCS12_verify_mac(p12, badpass, -1)) {
+                BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            } else {
+                BIO_printf(bio_err, "Warning: using broken algorithm\n");
+                if (!twopass)
+                    cpass = badpass;
+            }
+        }
+    }
+
+    assert(private);
+    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
+        BIO_printf(bio_err, "Error outputting keys and certificates\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    PKCS12_free(p12);
+    if (export_cert || inrand)
+        app_RAND_write_file(NULL);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    sk_OPENSSL_STRING_free(canames);
+    OPENSSL_free(badpass);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return (ret);
+}
+
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
+                        int passlen, int options, char *pempass,
+                        const EVP_CIPHER *enc)
+{
+    STACK_OF(PKCS7) *asafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    int ret = 0;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+            if (options & INFO)
+                BIO_printf(bio_err, "PKCS7 Data\n");
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            if (options & INFO) {
+                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+                alg_print(p7->d.encrypted->enc_data->algorithm);
+            }
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags)
+            goto err;
+        if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+                                   options, pempass, enc)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            goto err;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+    ret = 1;
+
+ err:
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return ret;
+}
+
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!dump_certs_pkeys_bag(out,
+                                  sk_PKCS12_SAFEBAG_value(bags, i),
+                                  pass, passlen, options, pempass, enc))
+            return 0;
+    }
+    return 1;
+}
+
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
+                         const char *pass, int passlen, int options,
+                         char *pempass, const EVP_CIPHER *enc)
+{
+    EVP_PKEY *pkey;
+    PKCS8_PRIV_KEY_INFO *p8;
+    const PKCS8_PRIV_KEY_INFO *p8c;
+    X509 *x509;
+    const STACK_OF(X509_ATTRIBUTE) *attrs;
+    int ret = 0;
+
+    attrs = PKCS12_SAFEBAG_get0_attrs(bag);
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Key bag\n");
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
+        if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
+            return 0;
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (options & INFO) {
+            const X509_SIG *tp8;
+            const X509_ALGOR *tp8alg;
+
+            BIO_printf(bio_err, "Shrouded Keybag: ");
+            tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
+            X509_SIG_get0(tp8, &tp8alg, NULL);
+            alg_print(tp8alg);
+        }
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return 0;
+        }
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_certBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Certificate bag\n");
+        if (options & NOCERTS)
+            return 1;
+        if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
+            if (options & CACERTS)
+                return 1;
+        } else if (options & CLCERTS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        dump_cert_text(out, x509);
+        ret = PEM_write_bio_X509(out, x509);
+        X509_free(x509);
+        break;
+
+    case NID_safeContentsBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Safe Contents bag\n");
+        print_attribs(out, attrs, "Bag Attributes");
+        return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
+                                     pass, passlen, options, pempass, enc);
+
+    default:
+        BIO_printf(bio_err, "Warning unsupported bag type: ");
+        i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
+        BIO_printf(bio_err, "\n");
+        return 1;
+    }
+    return ret;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *store_ctx = NULL;
+    STACK_OF(X509) *chn = NULL;
+    int i = 0;
+
+    store_ctx = X509_STORE_CTX_new();
+    if (store_ctx == NULL) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+    if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+
+
+    if (X509_verify_cert(store_ctx) > 0)
+        chn = X509_STORE_CTX_get1_chain(store_ctx);
+    else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
+        i = X509_V_ERR_UNSPECIFIED;
+
+end:
+    X509_STORE_CTX_free(store_ctx);
+    *chain = chn;
+    return i;
+}
+
+static int alg_print(const X509_ALGOR *alg)
+{
+    int pbenid, aparamtype;
+    const ASN1_OBJECT *aoid;
+    const void *aparam;
+    PBEPARAM *pbe = NULL;
+
+    X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
+
+    pbenid = OBJ_obj2nid(aoid);
+
+    BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
+
+    /*
+     * If PBE algorithm is PBES2 decode algorithm parameters
+     * for additional details.
+     */
+    if (pbenid == NID_pbes2) {
+        PBE2PARAM *pbe2 = NULL;
+        int encnid;
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
+        if (pbe2 == NULL) {
+            BIO_puts(bio_err, "<unsupported parameters>");
+            goto done;
+        }
+        X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
+        pbenid = OBJ_obj2nid(aoid);
+        X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
+        encnid = OBJ_obj2nid(aoid);
+        BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
+                   OBJ_nid2sn(encnid));
+        /* If KDF is PBKDF2 decode parameters */
+        if (pbenid == NID_id_pbkdf2) {
+            PBKDF2PARAM *kdf = NULL;
+            int prfnid;
+            if (aparamtype == V_ASN1_SEQUENCE)
+                kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
+            if (kdf == NULL) {
+                BIO_puts(bio_err, "<unsupported parameters>");
+                goto done;
+            }
+
+            if (kdf->prf == NULL) {
+                prfnid = NID_hmacWithSHA1;
+            } else {
+                X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
+                prfnid = OBJ_obj2nid(aoid);
+            }
+            BIO_printf(bio_err, ", Iteration %ld, PRF %s",
+                       ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
+            PBKDF2PARAM_free(kdf);
+        }
+        PBE2PARAM_free(pbe2);
+    } else {
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
+        if (pbe == NULL) {
+            BIO_puts(bio_err, "<unsupported parameters>");
+            goto done;
+        }
+        BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
+        PBEPARAM_free(pbe);
+    }
+ done:
+    BIO_puts(bio_err, "\n");
+    return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+    int ret;
+    X509 *cert;
+    ret = 0;
+    while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+        ret = 1;
+        sk_X509_push(sk, cert);
+    }
+    if (ret)
+        ERR_clear_error();
+    return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+    char *value;
+    int i, attr_nid;
+    if (!attrlst) {
+        BIO_printf(out, "%s: <No Attributes>\n", name);
+        return 1;
+    }
+    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+        BIO_printf(out, "%s: <Empty Attributes>\n", name);
+        return 1;
+    }
+    BIO_printf(out, "%s\n", name);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+        ASN1_OBJECT *attr_obj;
+        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+        attr_obj = X509_ATTRIBUTE_get0_object(attr);
+        attr_nid = OBJ_obj2nid(attr_obj);
+        BIO_printf(out, "    ");
+        if (attr_nid == NID_undef) {
+            i2a_ASN1_OBJECT(out, attr_obj);
+            BIO_printf(out, ": ");
+        } else
+            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+        if (X509_ATTRIBUTE_count(attr)) {
+            av = X509_ATTRIBUTE_get0_type(attr, 0);
+            switch (av->type) {
+            case V_ASN1_BMPSTRING:
+                value = OPENSSL_uni2asc(av->value.bmpstring->data,
+                                        av->value.bmpstring->length);
+                BIO_printf(out, "%s\n", value);
+                OPENSSL_free(value);
+                break;
+
+            case V_ASN1_OCTET_STRING:
+                hex_prin(out, av->value.octet_string->data,
+                         av->value.octet_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            case V_ASN1_BIT_STRING:
+                hex_prin(out, av->value.bit_string->data,
+                         av->value.bit_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            default:
+                BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+                break;
+            }
+        } else
+            BIO_printf(out, "<No Values>\n");
+    }
+    return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        BIO_printf(out, "%02X ", buf[i]);
+}
+
+static int set_pbe(int *ppbe, const char *str)
+{
+    if (!str)
+        return 0;
+    if (strcmp(str, "NONE") == 0) {
+        *ppbe = -1;
+        return 1;
+    }
+    *ppbe = OBJ_txt2nid(str);
+    if (*ppbe == NID_undef) {
+        BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+        return 0;
+    }
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/apps/pkcs7.c b/openssl-1.1.0h/apps/pkcs7.c
new file mode 100644
index 0000000..209e30d
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkcs7.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
+    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
+} OPTION_CHOICE;
+
+OPTIONS pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded data"},
+    {"text", OPT_TEXT, '-', "Print full details of certificates"},
+    {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
+    {"print_certs", OPT_PRINT_CERTS, '-',
+     "Print_certs  print any certs or crl in the input"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkcs7_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    PKCS7 *p7 = NULL;
+    BIO *in = NULL, *out = NULL;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    char *infile = NULL, *outfile = NULL, *prog;
+    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PRINT:
+            p7_print = 1;
+            break;
+        case OPT_PRINT_CERTS:
+            print_certs = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (informat == FORMAT_ASN1)
+        p7 = d2i_PKCS7_bio(in, NULL);
+    else
+        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "unable to load PKCS7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (p7_print)
+        PKCS7_print_ctx(out, p7, 0, NULL);
+
+    if (print_certs) {
+        STACK_OF(X509) *certs = NULL;
+        STACK_OF(X509_CRL) *crls = NULL;
+
+        i = OBJ_obj2nid(p7->type);
+        switch (i) {
+        case NID_pkcs7_signed:
+            if (p7->d.sign != NULL) {
+                certs = p7->d.sign->cert;
+                crls = p7->d.sign->crl;
+            }
+            break;
+        case NID_pkcs7_signedAndEnveloped:
+            if (p7->d.signed_and_enveloped != NULL) {
+                certs = p7->d.signed_and_enveloped->cert;
+                crls = p7->d.signed_and_enveloped->crl;
+            }
+            break;
+        default:
+            break;
+        }
+
+        if (certs != NULL) {
+            X509 *x;
+
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                x = sk_X509_value(certs, i);
+                if (text)
+                    X509_print(out, x);
+                else
+                    dump_cert_text(out, x);
+
+                if (!noout)
+                    PEM_write_bio_X509(out, x);
+                BIO_puts(out, "\n");
+            }
+        }
+        if (crls != NULL) {
+            X509_CRL *crl;
+
+            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+                crl = sk_X509_CRL_value(crls, i);
+
+                X509_CRL_print(out, crl);
+
+                if (!noout)
+                    PEM_write_bio_X509_CRL(out, crl);
+                BIO_puts(out, "\n");
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_PKCS7_bio(out, p7);
+        else
+            i = PEM_write_bio_PKCS7(out, p7);
+
+        if (!i) {
+            BIO_printf(bio_err, "unable to write pkcs7 object\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/pkcs8.c b/openssl-1.1.0h/apps/pkcs8.c
new file mode 100644
index 0000000..0874370
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkcs8.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+    OPT_TRADITIONAL
+} OPTION_CHOICE;
+
+OPTIONS pkcs8_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
+    {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
+    {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
+    {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
+    {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
+    {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
+    {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
+    {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
+    {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
+    {NULL}
+};
+
+int pkcs8_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+#ifndef OPENSSL_NO_UI
+    char pass[APP_PASS_LEN];
+#endif
+    char *passin = NULL, *passout = NULL, *p8pass = NULL;
+    OPTION_CHOICE o;
+    int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+    int private = 0, traditional = 0;
+#ifndef OPENSSL_NO_SCRYPT
+    long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif
+
+    prog = opt_init(argc, argv, pkcs8_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs8_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TOPK8:
+            topk8 = 1;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_NOCRYPT:
+            nocrypt = 1;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_V2:
+            if (!opt_cipher(opt_arg(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_V1:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (pbe_nid == NID_undef) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_V2PRF:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+#ifndef OPENSSL_NO_SCRYPT
+        case OPT_SCRYPT:
+            scrypt_N = 16384;
+            scrypt_r = 8;
+            scrypt_p = 1;
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_SCRYPT_N:
+            if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_R:
+            if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_P:
+            if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
+                goto opthelp;
+            break;
+#endif
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if ((pbe_nid == -1) && cipher == NULL)
+        cipher = EVP_aes_256_cbc();
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (topk8) {
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+        if (!pkey)
+            goto end;
+        if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
+            BIO_printf(bio_err, "Error converting key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (nocrypt) {
+            assert(private);
+            if (outformat == FORMAT_PEM)
+                PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+            else if (outformat == FORMAT_ASN1)
+                i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+            else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        } else {
+            X509_ALGOR *pbe;
+            if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
+                if (scrypt_N && scrypt_r && scrypt_p)
+                    pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
+                                                scrypt_N, scrypt_r, scrypt_p);
+                else
+#endif
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                                            pbe_nid);
+            } else {
+                pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
+            }
+            if (pbe == NULL) {
+                BIO_printf(bio_err, "Error setting PBE algorithm\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (passout)
+                p8pass = passout;
+            else if (1) {
+#ifndef OPENSSL_NO_UI
+                p8pass = pass;
+                if (EVP_read_pw_string
+                    (pass, sizeof(pass), "Enter Encryption Password:", 1)) {
+                    X509_ALGOR_free(pbe);
+                    goto end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto end;
+            }
+            app_RAND_load_file(NULL, 0);
+            p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
+            if (p8 == NULL) {
+                X509_ALGOR_free(pbe);
+                BIO_printf(bio_err, "Error encrypting key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            app_RAND_write_file(NULL);
+            assert(private);
+            if (outformat == FORMAT_PEM)
+                PEM_write_bio_PKCS8(out, p8);
+            else if (outformat == FORMAT_ASN1)
+                i2d_PKCS8_bio(out, p8);
+            else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (nocrypt) {
+        if (informat == FORMAT_PEM)
+            p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
+        else if (informat == FORMAT_ASN1)
+            p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+        else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+    } else {
+        if (informat == FORMAT_PEM)
+            p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+        else if (informat == FORMAT_ASN1)
+            p8 = d2i_PKCS8_bio(in, NULL);
+        else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+
+        if (!p8) {
+            BIO_printf(bio_err, "Error reading key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (passin)
+            p8pass = passin;
+        else if (1) {
+#ifndef OPENSSL_NO_UI
+            p8pass = pass;
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+        p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+    }
+
+    if (!p8inf) {
+        BIO_printf(bio_err, "Error decrypting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
+        BIO_printf(bio_err, "Error converting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    assert(private);
+    if (outformat == FORMAT_PEM) {
+        if (traditional)
+            PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
+                                                 NULL, passout);
+        else
+            PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+    } else if (outformat == FORMAT_ASN1) {
+        i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    X509_SIG_free(p8);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/apps/pkey.c b/openssl-1.1.0h/apps/pkey.c
new file mode 100644
index 0000000..ad1a3b1
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkey.c
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
+    OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
+    OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL
+} OPTION_CHOICE;
+
+OPTIONS pkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-',
+     "Read public key from input (default is private key)"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
+    {"text", OPT_TEXT, '-', "Output in plaintext as well"},
+    {"noout", OPT_NOOUT, '-', "Don't output the key"},
+    {"", OPT_MD, '-', "Any supported cipher"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
+    int private = 0, traditional = 0;
+
+    prog = opt_init(argc, argv, pkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkey_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PUBIN:
+            pubin = pubout = pubtext = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_TEXT_PUB:
+            pubtext = text = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_MD:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = !noout && !pubout ? 1 : 0;
+    if (text && !pubtext)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (pubin)
+        pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+    else
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+    if (!pkey)
+        goto end;
+
+    if (!noout) {
+        if (outformat == FORMAT_PEM) {
+            if (pubout)
+                PEM_write_bio_PUBKEY(out, pkey);
+            else {
+                assert(private);
+                if (traditional)
+                    PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
+                                                         NULL, 0, NULL,
+                                                         passout);
+                else
+                    PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                             NULL, 0, NULL, passout);
+            }
+        } else if (outformat == FORMAT_ASN1) {
+            if (pubout)
+                i2d_PUBKEY_bio(out, pkey);
+            else {
+                assert(private);
+                i2d_PrivateKey_bio(out, pkey);
+            }
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+
+    }
+
+    if (text) {
+        if (pubtext)
+            EVP_PKEY_print_public(out, pkey, 0, NULL);
+        else {
+            assert(private);
+            EVP_PKEY_print_private(out, pkey, 0, NULL);
+        }
+    }
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/apps/pkeyparam.c b/openssl-1.1.0h/apps/pkeyparam.c
new file mode 100644
index 0000000..0a1b2d1
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkeyparam.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE
+} OPTION_CHOICE;
+
+OPTIONS pkeyparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print parameters as text"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkeyparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    EVP_PKEY *pkey = NULL;
+    int text = 0, noout = 0, ret = 1;
+    OPTION_CHOICE o;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, pkeyparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyparam_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+    pkey = PEM_read_bio_Parameters(in, NULL);
+    if (!pkey) {
+        BIO_printf(bio_err, "Error reading parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!noout)
+        PEM_write_bio_Parameters(out, pkey);
+
+    if (text)
+        EVP_PKEY_print_params(out, pkey, 0, NULL);
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/apps/pkeyutl.c b/openssl-1.1.0h/apps/pkeyutl.c
new file mode 100644
index 0000000..bbb1274
--- /dev/null
+++ b/openssl-1.1.0h/apps/pkeyutl.c
@@ -0,0 +1,508 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#define KEY_NONE        0
+#define KEY_PRIVKEY     1
+#define KEY_PUBKEY      2
+#define KEY_CERT        3
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int impl);
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e);
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
+    OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
+    OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN
+} OPTION_CHOICE;
+
+OPTIONS pkeyutl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"pubin", OPT_PUBIN, '-', "Input is a public key"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"sign", OPT_SIGN, '-', "Sign input data with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"verifyrecover", OPT_VERIFYRECOVER, '-',
+     "Verify with public key, recover original data"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+    {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+    {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
+    {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
+    {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+    {"inkey", OPT_INKEY, 's', "Input private key file"},
+    {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for crypto operations"},
+#endif
+    {NULL}
+};
+
+int pkeyutl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
+    char hexdump = 0, asn1parse = 0, rev = 0, *prog;
+    unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
+    OPTION_CHOICE o;
+    int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+    int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+    int engine_impl = 0;
+    int ret = 1, rv = -1;
+    size_t buf_outlen;
+    const char *inkey = NULL;
+    const char *peerkey = NULL;
+    const char *kdfalg = NULL;
+    int kdflen = 0;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
+
+    prog = opt_init(argc, argv, pkeyutl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyutl_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGFILE:
+            sigfile = opt_arg();
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_PEERKEY:
+            peerkey = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PEERFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_SIGN:
+            pkey_op = EVP_PKEY_OP_SIGN;
+            break;
+        case OPT_VERIFY:
+            pkey_op = EVP_PKEY_OP_VERIFY;
+            break;
+        case OPT_VERIFYRECOVER:
+            pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
+            break;
+        case OPT_ENCRYPT:
+            pkey_op = EVP_PKEY_OP_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            pkey_op = EVP_PKEY_OP_DECRYPT;
+            break;
+        case OPT_DERIVE:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            break;
+        case OPT_KDF:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            key_type = KEY_NONE;
+            kdfalg = opt_arg();
+            break;
+        case OPT_KDFLEN:
+            kdflen = atoi(opt_arg());
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_PKEYOPT:
+            if ((pkeyopts == NULL &&
+                 (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
+                sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
+                BIO_puts(bio_err, "out of memory\n");
+                goto end;
+            }
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (kdfalg != NULL) {
+        if (kdflen == 0) {
+            BIO_printf(bio_err,
+                       "%s: no KDF length given (-kdflen parameter).\n", prog);
+            goto opthelp;
+        }
+    } else if (inkey == NULL) {
+        BIO_printf(bio_err,
+                   "%s: no private key given (-inkey parameter).\n", prog);
+        goto opthelp;
+    } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
+        BIO_printf(bio_err,
+                   "%s: no peer key given (-peerkey parameter).\n", prog);
+        goto opthelp;
+    }
+    ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
+                   passinarg, pkey_op, e, engine_impl);
+    if (ctx == NULL) {
+        BIO_printf(bio_err, "%s: Error initializing context\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
+        BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (pkeyopts != NULL) {
+        int num = sk_OPENSSL_STRING_num(pkeyopts);
+        int i;
+
+        for (i = 0; i < num; ++i) {
+            const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
+
+            if (pkey_ctrl_string(ctx, opt) <= 0) {
+                BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
+                           prog, opt);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: Signature file specified for non verify\n", prog);
+        goto end;
+    }
+
+    if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: No signature file specified for verify\n", prog);
+        goto end;
+    }
+
+/* FIXME: seed PRNG only if needed */
+    app_RAND_load_file(NULL, 0);
+
+    if (pkey_op != EVP_PKEY_OP_DERIVE) {
+        in = bio_open_default(infile, 'r', FORMAT_BINARY);
+        if (in == NULL)
+            goto end;
+    }
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    if (sigfile) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+        if (!sigbio) {
+            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+            goto end;
+        }
+        siglen = bio_to_mem(&sig, keysize * 10, sigbio);
+        BIO_free(sigbio);
+        if (siglen < 0) {
+            BIO_printf(bio_err, "Error reading signature data\n");
+            goto end;
+        }
+    }
+
+    if (in) {
+        /* Read the input data */
+        buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
+        if (buf_inlen < 0) {
+            BIO_printf(bio_err, "Error reading input Data\n");
+            exit(1);
+        }
+        if (rev) {
+            size_t i;
+            unsigned char ctmp;
+            size_t l = (size_t)buf_inlen;
+            for (i = 0; i < l / 2; i++) {
+                ctmp = buf_in[i];
+                buf_in[i] = buf_in[l - 1 - i];
+                buf_in[l - 1 - i] = ctmp;
+            }
+        }
+    }
+
+    if (pkey_op == EVP_PKEY_OP_VERIFY) {
+        rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+                             buf_in, (size_t)buf_inlen);
+        if (rv == 1) {
+            BIO_puts(out, "Signature Verified Successfully\n");
+            ret = 0;
+        } else
+            BIO_puts(out, "Signature Verification Failure\n");
+        goto end;
+    }
+    if (kdflen != 0) {
+        buf_outlen = kdflen;
+        rv = 1;
+    } else {
+        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv > 0 && buf_outlen != 0) {
+        buf_out = app_malloc(buf_outlen, "buffer output");
+        rv = do_keyop(ctx, pkey_op,
+                      buf_out, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv <= 0) {
+        if (pkey_op != EVP_PKEY_OP_DERIVE) {
+            BIO_puts(bio_err, "Public Key operation error\n");
+        } else {
+            BIO_puts(bio_err, "Key derivation failed\n");
+        }
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+            ERR_print_errors(bio_err);
+    } else if (hexdump)
+        BIO_dump(out, (char *)buf_out, buf_outlen);
+    else
+        BIO_write(out, buf_out, buf_outlen);
+
+ end:
+    EVP_PKEY_CTX_free(ctx);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(buf_in);
+    OPENSSL_free(buf_out);
+    OPENSSL_free(sig);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    return ret;
+}
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int engine_impl)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    ENGINE *impl = NULL;
+    char *passin = NULL;
+    int rv = -1;
+    X509 *x;
+    if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
+         || (pkey_op == EVP_PKEY_OP_DERIVE))
+        && (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyform, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+
+    case KEY_NONE:
+        break;
+
+    }
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine_impl)
+        impl = e;
+#endif
+
+    if (kdfalg) {
+        int kdfnid = OBJ_sn2nid(kdfalg);
+
+        if (kdfnid == NID_undef) {
+            kdfnid = OBJ_ln2nid(kdfalg);
+            if (kdfnid == NID_undef) {
+                BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
+                           kdfalg);
+                goto end;
+            }
+        }
+        ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+    } else {
+        if (pkey == NULL)
+            goto end;
+        *pkeysize = EVP_PKEY_size(pkey);
+        ctx = EVP_PKEY_CTX_new(pkey, impl);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (ctx == NULL)
+        goto end;
+
+    switch (pkey_op) {
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFY:
+        rv = EVP_PKEY_verify_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive_init(ctx);
+        break;
+    }
+
+    if (rv <= 0) {
+        EVP_PKEY_CTX_free(ctx);
+        ctx = NULL;
+    }
+
+ end:
+    OPENSSL_free(passin);
+    return ctx;
+
+}
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e)
+{
+    EVP_PKEY *peer = NULL;
+    ENGINE *engine = NULL;
+    int ret;
+
+    if (peerform == FORMAT_ENGINE)
+        engine = e;
+    peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
+    if (!peer) {
+        BIO_printf(bio_err, "Error reading peer key %s\n", file);
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_set_peer(ctx, peer);
+
+    EVP_PKEY_free(peer);
+    if (ret <= 0)
+        ERR_print_errors(bio_err);
+    return ret;
+}
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen)
+{
+    int rv = 0;
+    switch (pkey_op) {
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive(ctx, out, poutlen);
+        break;
+
+    }
+    return rv;
+}
diff --git a/openssl-1.1.0h/apps/prime.c b/openssl-1.1.0h/apps/prime.c
new file mode 100644
index 0000000..c12463d
--- /dev/null
+++ b/openssl-1.1.0h/apps/prime.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
+} OPTION_CHOICE;
+
+OPTIONS prime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  number Number to check for primality\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"hex", OPT_HEX, '-', "Hex output"},
+    {"generate", OPT_GENERATE, '-', "Generate a prime"},
+    {"bits", OPT_BITS, 'p', "Size of number in bits"},
+    {"safe", OPT_SAFE, '-',
+     "When used with -generate, generate a safe prime"},
+    {"checks", OPT_CHECKS, 'p', "Number of checks"},
+    {NULL}
+};
+
+int prime_main(int argc, char **argv)
+{
+    BIGNUM *bn = NULL;
+    int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, prime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(prime_options);
+            ret = 0;
+            goto end;
+        case OPT_HEX:
+            hex = 1;
+            break;
+        case OPT_GENERATE:
+            generate = 1;
+            break;
+        case OPT_BITS:
+            bits = atoi(opt_arg());
+            break;
+        case OPT_SAFE:
+            safe = 1;
+            break;
+        case OPT_CHECKS:
+            checks = atoi(opt_arg());
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (generate) {
+        if (argc != 0) {
+            BIO_printf(bio_err, "Extra arguments given.\n");
+            goto opthelp;
+        }
+    } else if (argc == 0) {
+        BIO_printf(bio_err, "%s: No prime specified\n", prog);
+        goto opthelp;
+    }
+
+    if (generate) {
+        char *s;
+
+        if (!bits) {
+            BIO_printf(bio_err, "Specify the number of bits.\n");
+            goto end;
+        }
+        bn = BN_new();
+        if (bn == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
+            BIO_printf(bio_err, "Failed to generate prime.\n");
+            goto end;
+        }
+        s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+        if (s == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        BIO_printf(bio_out, "%s\n", s);
+        OPENSSL_free(s);
+    } else {
+        for ( ; *argv; argv++) {
+            int r;
+
+            if (hex)
+                r = BN_hex2bn(&bn, argv[0]);
+            else
+                r = BN_dec2bn(&bn, argv[0]);
+
+            if(!r) {
+                BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
+                goto end;
+            }
+
+            BN_print(bio_out, bn);
+            BIO_printf(bio_out, " (%s) %s prime\n",
+                       argv[0],
+                       BN_is_prime_ex(bn, checks, NULL, NULL)
+                           ? "is" : "is not");
+        }
+    }
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    return ret;
+}
diff --git a/openssl-1.1.0h/apps/privkey.pem b/openssl-1.1.0h/apps/privkey.pem
new file mode 100644
index 0000000..02f3498
--- /dev/null
+++ b/openssl-1.1.0h/apps/privkey.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
+qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
+iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
+xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
+Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
+TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
+Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
+ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
+68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
+CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
+0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
++lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
+CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
+Ri+qO+HhZFUBqQ==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/progs.pl b/openssl-1.1.0h/apps/progs.pl
new file mode 100644
index 0000000..0d3b446
--- /dev/null
+++ b/openssl-1.1.0h/apps/progs.pl
@@ -0,0 +1,164 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Generate progs.h file by looking for command mains in list of C files
+# passed on the command line.
+
+use strict;
+use warnings;
+use lib '.';
+use configdata qw/@disablables %unified_info/;
+
+my %commands = ();
+my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+
+my $apps_openssl = shift @ARGV;
+# because the program apps/openssl has object files as sources, and
+# they then have the corresponding C files as source, we need to chain
+# the lookups in %unified_info
+my @openssl_source =
+    map { @{$unified_info{sources}->{$_}} }
+    @{$unified_info{sources}->{$apps_openssl}};
+
+foreach my $filename (@openssl_source) {
+	open F, $filename or die "Couldn't open $filename: $!\n";
+	foreach (grep /$cmdre/, <F>) {
+		my @foo = /$cmdre/;
+		$commands{$1} = 1;
+	}
+	close F;
+}
+
+@ARGV = sort keys %commands;
+
+print <<'EOF';
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+    FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+    FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+    FUNC_TYPE type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+    const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+EOF
+
+foreach (@ARGV) {
+	printf "extern int %s_main(int argc, char *argv[]);\n", $_;
+}
+
+print "\n";
+
+foreach (@ARGV) {
+	printf "extern OPTIONS %s_options[];\n", $_;
+}
+
+print "\n#ifdef INCLUDE_FUNCTION_TABLE\n";
+print "static FUNCTION functions[] = {\n";
+my %cmd_disabler = (
+    ciphers  => "sock",
+    genrsa   => "rsa",
+    rsautl   => "rsa",
+    gendsa   => "dsa",
+    dsaparam => "dsa",
+    gendh    => "dh",
+    dhparam  => "dh",
+    ecparam  => "ec",
+    pkcs12   => "des",
+    );
+foreach my $cmd (@ARGV) {
+	my $str="    { FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options },\n";
+	if ($cmd =~ /^s_/) {
+		print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
+	} elsif (grep { $cmd eq $_ } @disablables) {
+		print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
+	} elsif (my $disabler = $cmd_disabler{$cmd}) {
+		print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
+	} else {
+		print $str;
+	}
+}
+
+my %md_disabler = (
+    blake2b512 => "blake2",
+    blake2s256 => "blake2",
+    );
+foreach my $cmd (
+	"md2", "md4", "md5",
+	"gost",
+	"sha1", "sha224", "sha256", "sha384", "sha512",
+	"mdc2", "rmd160", "blake2b512", "blake2s256"
+) {
+        my $str = "    { FT_md, \"".$cmd."\", dgst_main},\n";
+        if (grep { $cmd eq $_ } @disablables) {
+                print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
+        } elsif (my $disabler = $md_disabler{$cmd}) {
+                print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
+        } else {
+                print $str;
+        }
+}
+
+my %cipher_disabler = (
+    des3  => "des",
+    desx  => "des",
+    cast5 => "cast",
+    );
+foreach my $cmd (
+	"aes-128-cbc", "aes-128-ecb",
+	"aes-192-cbc", "aes-192-ecb",
+	"aes-256-cbc", "aes-256-ecb",
+	"camellia-128-cbc", "camellia-128-ecb",
+	"camellia-192-cbc", "camellia-192-ecb",
+	"camellia-256-cbc", "camellia-256-ecb",
+	"base64", "zlib",
+	"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
+	"rc2", "bf", "cast", "rc5",
+	"des-ecb", "des-ede",    "des-ede3",
+	"des-cbc", "des-ede-cbc","des-ede3-cbc",
+	"des-cfb", "des-ede-cfb","des-ede3-cfb",
+	"des-ofb", "des-ede-ofb","des-ede3-ofb",
+	"idea-cbc","idea-ecb",    "idea-cfb", "idea-ofb",
+	"seed-cbc","seed-ecb",    "seed-cfb", "seed-ofb",
+	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
+	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
+	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb"
+) {
+	my $str="    { FT_cipher, \"$cmd\", enc_main, enc_options },\n";
+	(my $algo= $cmd) =~ s/-.*//g;
+        if ($cmd eq "zlib") {
+                print "#ifdef ZLIB\n${str}#endif\n";
+        } elsif (grep { $algo eq $_ } @disablables) {
+                print "#ifndef OPENSSL_NO_".uc($algo)."\n${str}#endif\n";
+        } elsif (my $disabler = $cipher_disabler{$algo}) {
+                print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
+	} else {
+		print $str;
+	}
+}
+
+print "    { 0, NULL, NULL}\n};\n";
+print "#endif\n";
diff --git a/openssl-1.1.0h/apps/rand.c b/openssl-1.1.0h/apps/rand.c
new file mode 100644
index 0000000..b3ec70a
--- /dev/null
+++ b/openssl-1.1.0h/apps/rand.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX
+} OPTION_CHOICE;
+
+OPTIONS rand_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"base64", OPT_BASE64, '-', "Base64 encode output"},
+    {"hex", OPT_HEX, '-', "Hex encode output"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int rand_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    char *inrand = NULL, *outfile = NULL, *prog;
+    OPTION_CHOICE o;
+    int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
+
+    prog = opt_init(argc, argv, rand_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rand_options);
+            ret = 0;
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_BASE64:
+            format = FORMAT_BASE64;
+            break;
+        case OPT_HEX:
+            format = FORMAT_TEXT;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    app_RAND_load_file(NULL, (inrand != NULL));
+    if (inrand != NULL)
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                   app_RAND_load_files(inrand));
+
+    out = bio_open_default(outfile, 'w', format);
+    if (out == NULL)
+        goto end;
+
+    if (format == FORMAT_BASE64) {
+        BIO *b64 = BIO_new(BIO_f_base64());
+        if (b64 == NULL)
+            goto end;
+        out = BIO_push(b64, out);
+    }
+
+    while (num > 0) {
+        unsigned char buf[4096];
+        int chunk;
+
+        chunk = num;
+        if (chunk > (int)sizeof(buf))
+            chunk = sizeof(buf);
+        r = RAND_bytes(buf, chunk);
+        if (r <= 0)
+            goto end;
+        if (format != FORMAT_TEXT) {
+            if (BIO_write(out, buf, chunk) != chunk)
+                goto end;
+        } else {
+            for (i = 0; i < chunk; i++)
+                if (BIO_printf(out, "%02x", buf[i]) != 2)
+                    goto end;
+        }
+        num -= chunk;
+    }
+    if (format == FORMAT_TEXT)
+        BIO_puts(out, "\n");
+    if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
+        goto end;
+
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    release_engine(e);
+    BIO_free_all(out);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/rehash.c b/openssl-1.1.0h/apps/rehash.c
new file mode 100644
index 0000000..273ad74
--- /dev/null
+++ b/openssl-1.1.0h/apps/rehash.c
@@ -0,0 +1,529 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * C implementation based on the original Perl and shell versions
+ *
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@iki.fi>
+ */
+
+#include "apps.h"
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
+    (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
+# include <unistd.h>
+# include <stdio.h>
+# include <limits.h>
+# include <errno.h>
+# include <string.h>
+# include <ctype.h>
+# include <sys/stat.h>
+
+/*
+ * Make sure that the processing of symbol names is treated the same as when
+ * libcrypto is built.  This is done automatically for public headers (see
+ * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
+ * but not for internal headers.
+ */
+# ifdef __VMS
+#  pragma names save
+#  pragma names as_is,shortened
+# endif
+
+# include "internal/o_dir.h"
+
+# ifdef __VMS
+#  pragma names restore
+# endif
+
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# include <openssl/x509.h>
+
+
+# ifndef PATH_MAX
+#  define PATH_MAX 4096
+# endif
+# ifndef NAME_MAX
+#  define NAME_MAX 255
+# endif
+# define MAX_COLLISIONS  256
+
+typedef struct hentry_st {
+    struct hentry_st *next;
+    char *filename;
+    unsigned short old_id;
+    unsigned char need_symlink;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+} HENTRY;
+
+typedef struct bucket_st {
+    struct bucket_st *next;
+    HENTRY *first_entry, *last_entry;
+    unsigned int hash;
+    unsigned short type;
+    unsigned short num_needed;
+} BUCKET;
+
+enum Type {
+    /* Keep in sync with |suffixes|, below. */
+    TYPE_CERT=0, TYPE_CRL=1
+};
+
+enum Hash {
+    HASH_OLD, HASH_NEW, HASH_BOTH
+};
+
+
+static int evpmdsize;
+static const EVP_MD *evpmd;
+static int remove_links = 1;
+static int verbose = 0;
+static BUCKET *hash_table[257];
+
+static const char *suffixes[] = { "", "r" };
+static const char *extensions[] = { "pem", "crt", "cer", "crl" };
+
+
+static void bit_set(unsigned char *set, unsigned int bit)
+{
+    set[bit >> 3] |= 1 << (bit & 0x7);
+}
+
+static int bit_isset(unsigned char *set, unsigned int bit)
+{
+    return set[bit >> 3] & (1 << (bit & 0x7));
+}
+
+
+/*
+ * Process an entry; return number of errors.
+ */
+static int add_entry(enum Type type, unsigned int hash, const char *filename,
+                      const unsigned char *digest, int need_symlink,
+                      unsigned short old_id)
+{
+    static BUCKET nilbucket;
+    static HENTRY nilhentry;
+    BUCKET *bp;
+    HENTRY *ep, *found = NULL;
+    unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table);
+
+    for (bp = hash_table[ndx]; bp; bp = bp->next)
+        if (bp->type == type && bp->hash == hash)
+            break;
+    if (bp == NULL) {
+        bp = app_malloc(sizeof(*bp), "hash bucket");
+        *bp = nilbucket;
+        bp->next = hash_table[ndx];
+        bp->type = type;
+        bp->hash = hash;
+        hash_table[ndx] = bp;
+    }
+
+    for (ep = bp->first_entry; ep; ep = ep->next) {
+        if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
+            BIO_printf(bio_err,
+                       "%s: skipping duplicate %s in %s\n", opt_getprog(),
+                       type == TYPE_CERT ? "certificate" : "CRL", filename);
+            return 1;
+        }
+        if (strcmp(filename, ep->filename) == 0) {
+            found = ep;
+            if (digest == NULL)
+                break;
+        }
+    }
+    ep = found;
+    if (ep == NULL) {
+        if (bp->num_needed >= MAX_COLLISIONS) {
+            BIO_printf(bio_err,
+                       "%s: hash table overflow for %s\n",
+                       opt_getprog(), filename);
+            return 1;
+        }
+        ep = app_malloc(sizeof(*ep), "collision bucket");
+        *ep = nilhentry;
+        ep->old_id = ~0;
+        ep->filename = OPENSSL_strdup(filename);
+        if (bp->last_entry)
+            bp->last_entry->next = ep;
+        if (bp->first_entry == NULL)
+            bp->first_entry = ep;
+        bp->last_entry = ep;
+    }
+
+    if (old_id < ep->old_id)
+        ep->old_id = old_id;
+    if (need_symlink && !ep->need_symlink) {
+        ep->need_symlink = 1;
+        bp->num_needed++;
+        memcpy(ep->digest, digest, evpmdsize);
+    }
+    return 0;
+}
+
+/*
+ * Check if a symlink goes to the right spot; return 0 if okay.
+ * This can be -1 if bad filename, or an error count.
+ */
+static int handle_symlink(const char *filename, const char *fullpath)
+{
+    unsigned int hash = 0;
+    int i, type, id;
+    unsigned char ch;
+    char linktarget[PATH_MAX], *endptr;
+    ossl_ssize_t n;
+
+    for (i = 0; i < 8; i++) {
+        ch = filename[i];
+        if (!isxdigit(ch))
+            return -1;
+        hash <<= 4;
+        hash += OPENSSL_hexchar2int(ch);
+    }
+    if (filename[i++] != '.')
+        return -1;
+    for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
+        const char *suffix = suffixes[type];
+        if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
+            break;
+    }
+    i += strlen(suffixes[type]);
+
+    id = strtoul(&filename[i], &endptr, 10);
+    if (*endptr != '\0')
+        return -1;
+
+    n = readlink(fullpath, linktarget, sizeof(linktarget));
+    if (n < 0 || n >= (int)sizeof(linktarget))
+        return -1;
+    linktarget[n] = 0;
+
+    return add_entry(type, hash, linktarget, NULL, 0, id);
+}
+
+/*
+ * process a file, return number of errors.
+ */
+static int do_file(const char *filename, const char *fullpath, enum Hash h)
+{
+    STACK_OF (X509_INFO) *inf = NULL;
+    X509_INFO *x;
+    X509_NAME *name = NULL;
+    BIO *b;
+    const char *ext;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+    int type, errs = 0;
+    size_t i;
+
+    /* Does it end with a recognized extension? */
+    if ((ext = strrchr(filename, '.')) == NULL)
+        goto end;
+    for (i = 0; i < OSSL_NELEM(extensions); i++) {
+        if (strcasecmp(extensions[i], ext + 1) == 0)
+            break;
+    }
+    if (i >= OSSL_NELEM(extensions))
+        goto end;
+
+    /* Does it have X.509 data in it? */
+    if ((b = BIO_new_file(fullpath, "r")) == NULL) {
+        BIO_printf(bio_err, "%s: skipping %s, cannot open file\n",
+                   opt_getprog(), filename);
+        errs++;
+        goto end;
+    }
+    inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
+    BIO_free(b);
+    if (inf == NULL)
+        goto end;
+
+    if (sk_X509_INFO_num(inf) != 1) {
+        BIO_printf(bio_err,
+                   "%s: skipping %s,"
+                   "it does not contain exactly one certificate or CRL\n",
+                   opt_getprog(), filename);
+        /* This is not an error. */
+        goto end;
+    }
+    x = sk_X509_INFO_value(inf, 0);
+    if (x->x509) {
+        type = TYPE_CERT;
+        name = X509_get_subject_name(x->x509);
+        X509_digest(x->x509, evpmd, digest, NULL);
+    } else if (x->crl) {
+        type = TYPE_CRL;
+        name = X509_CRL_get_issuer(x->crl);
+        X509_CRL_digest(x->crl, evpmd, digest, NULL);
+    } else {
+        ++errs;
+        goto end;
+    }
+    if (name) {
+        if ((h == HASH_NEW) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
+        if ((h == HASH_OLD) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
+    }
+
+end:
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return errs;
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int ends_with_dirsep(const char *path)
+{
+    if (*path != '\0')
+        path += strlen(path) - 1;
+# if defined __VMS
+    if (*path == ']' || *path == '>' || *path == ':')
+        return 1;
+# elif defined _WIN32
+    if (*path == '\\')
+        return 1;
+# endif
+    return *path == '/';
+}
+
+static int massage_filename(char *name)
+{
+# ifdef __VMS
+    char *p = strchr(name, ';');
+    char *q = p;
+
+    if (q != NULL) {
+        for (q++; *q != '\0'; q++) {
+            if (!isdigit((unsigned char)*q))
+                return 1;
+        }
+    }
+
+    *p = '\0';
+# endif
+    return 1;
+}
+
+/*
+ * Process a directory; return number of errors found.
+ */
+static int do_dir(const char *dirname, enum Hash h)
+{
+    BUCKET *bp, *nextbp;
+    HENTRY *ep, *nextep;
+    OPENSSL_DIR_CTX *d = NULL;
+    struct stat st;
+    unsigned char idmask[MAX_COLLISIONS / 8];
+    int n, numfiles, nextid, buflen, errs = 0;
+    size_t i;
+    const char *pathsep;
+    const char *filename;
+    char *buf, *copy;
+    STACK_OF(OPENSSL_STRING) *files = NULL;
+
+    if (app_access(dirname, W_OK) < 0) {
+        BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
+        return 1;
+    }
+    buflen = strlen(dirname);
+    pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
+    buflen += NAME_MAX + 1 + 1;
+    buf = app_malloc(buflen, "filename buffer");
+
+    if (verbose)
+        BIO_printf(bio_out, "Doing %s\n", dirname);
+
+    if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
+        exit(1);
+    }
+    while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+        if ((copy = strdup(filename)) == NULL
+                || !massage_filename(copy)
+                || sk_OPENSSL_STRING_push(files, copy) == 0) {
+            BIO_puts(bio_err, "out of memory\n");
+            exit(1);
+        }
+    }
+    OPENSSL_DIR_end(&d);
+    sk_OPENSSL_STRING_sort(files);
+
+    numfiles = sk_OPENSSL_STRING_num(files);
+    for (n = 0; n < numfiles; ++n) {
+        filename = sk_OPENSSL_STRING_value(files, n);
+        if (BIO_snprintf(buf, buflen, "%s%s%s",
+                         dirname, pathsep, filename) >= buflen)
+            continue;
+        if (lstat(buf, &st) < 0)
+            continue;
+        if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0)
+            continue;
+        errs += do_file(filename, buf, h);
+    }
+    sk_OPENSSL_STRING_pop_free(files, str_free);
+
+    for (i = 0; i < OSSL_NELEM(hash_table); i++) {
+        for (bp = hash_table[i]; bp; bp = nextbp) {
+            nextbp = bp->next;
+            nextid = 0;
+            memset(idmask, 0, (bp->num_needed + 7) / 8);
+            for (ep = bp->first_entry; ep; ep = ep->next)
+                if (ep->old_id < bp->num_needed)
+                    bit_set(idmask, ep->old_id);
+
+            for (ep = bp->first_entry; ep; ep = nextep) {
+                nextep = ep->next;
+                if (ep->old_id < bp->num_needed) {
+                    /* Link exists, and is used as-is */
+                    BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, buf);
+                } else if (ep->need_symlink) {
+                    /* New link needed (it may replace something) */
+                    while (bit_isset(idmask, nextid))
+                        nextid++;
+
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], nextid);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                    if (symlink(ep->filename, buf) < 0) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't symlink %s, %s\n",
+                                   opt_getprog(), ep->filename,
+                                   strerror(errno));
+                        errs++;
+                    }
+                    bit_set(idmask, nextid);
+                } else if (remove_links) {
+                    /* Link to be deleted */
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "unlink %s\n",
+                                   &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                }
+                OPENSSL_free(ep->filename);
+                OPENSSL_free(ep);
+            }
+            OPENSSL_free(bp);
+        }
+        hash_table[i] = NULL;
+    }
+
+    OPENSSL_free(buf);
+    return errs;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
+} OPTION_CHOICE;
+
+OPTIONS rehash_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"h", OPT_HELP, '-', "Display this summary"},
+    {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
+    {"old", OPT_OLD, '-', "Use old-style hash to generate links"},
+    {"n", OPT_N, '-', "Do not remove existing links"},
+    {"v", OPT_VERBOSE, '-', "Verbose output"},
+    {NULL}
+};
+
+
+int rehash_main(int argc, char **argv)
+{
+    const char *env, *prog;
+    char *e, *m;
+    int errs = 0;
+    OPTION_CHOICE o;
+    enum Hash h = HASH_NEW;
+
+    prog = opt_init(argc, argv, rehash_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rehash_options);
+            goto end;
+        case OPT_COMPAT:
+            h = HASH_BOTH;
+            break;
+        case OPT_OLD:
+            h = HASH_OLD;
+            break;
+        case OPT_N:
+            remove_links = 0;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    evpmd = EVP_sha1();
+    evpmdsize = EVP_MD_size(evpmd);
+
+    if (*argv) {
+        while (*argv)
+            errs += do_dir(*argv++, h);
+    } else if ((env = getenv("SSL_CERT_DIR")) != NULL) {
+        m = OPENSSL_strdup(env);
+        for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":"))
+            errs += do_dir(e, h);
+        OPENSSL_free(m);
+    } else {
+        errs += do_dir("/etc/ssl/certs", h);
+    }
+
+ end:
+    return errs;
+}
+
+#else
+OPTIONS rehash_options[] = {
+    {NULL}
+};
+
+int rehash_main(int argc, char **argv)
+{
+    BIO_printf(bio_err, "Not available; use c_rehash script\n");
+    return (1);
+}
+
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */
diff --git a/openssl-1.1.0h/apps/req.c b/openssl-1.1.0h/apps/req.c
new file mode 100644
index 0000000..2a21569
--- /dev/null
+++ b/openssl-1.1.0h/apps/req.c
@@ -0,0 +1,1510 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#define SECTION         "req"
+
+#define BITS            "default_bits"
+#define KEYFILE         "default_keyfile"
+#define PROMPT          "prompt"
+#define DISTINGUISHED_NAME      "distinguished_name"
+#define ATTRIBUTES      "attributes"
+#define V3_EXTENSIONS   "x509_extensions"
+#define REQ_EXTENSIONS  "req_extensions"
+#define STRING_MASK     "string_mask"
+#define UTF8_IN         "utf8"
+
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
+                    int attribs, unsigned long chtype);
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
+                         int multirdn);
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+                     STACK_OF(CONF_VALUE) *attr, int attribs,
+                     unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min, int n_max,
+                                unsigned long chtype);
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int req_check_len(int len, int n_min, int n_max);
+static int check_end(const char *str, const char *end);
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine);
+static CONF *req_conf = NULL;
+static int batch = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
+    OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
+    OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY,
+    OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
+    OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
+    OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
+    OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS,
+    OPT_REQEXTS, OPT_MD
+} OPTION_CHOICE;
+
+OPTIONS req_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, 's', "Private key to use"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"new", OPT_NEW, '-', "New request"},
+    {"config", OPT_CONFIG, '<', "Request template file"},
+    {"keyout", OPT_KEYOUT, '>', "File to send the key to"},
+    {"passin", OPT_PASSIN, 's', "Private key password source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"batch", OPT_BATCH, '-',
+     "Do not ask anything during request generation"},
+    {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
+    {"modulus", OPT_MODULUS, '-', "RSA modulus"},
+    {"verify", OPT_VERIFY, '-', "Verify signature on REQ"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt the output key"},
+    {"noout", OPT_NOOUT, '-', "Do not output REQ"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"reqopt", OPT_REQOPT, 's', "Various request text options"},
+    {"text", OPT_TEXT, '-', "Text form of request"},
+    {"x509", OPT_X509, '-',
+     "Output a x509 structure instead of a cert request"},
+    {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
+    {"subj", OPT_SUBJ, 's', "Set or modify request subject"},
+    {"subject", OPT_SUBJECT, '-', "Output the request's subject"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Cert extension section (override value in config file)"},
+    {"reqexts", OPT_REQEXTS, 's',
+     "Request extension section (override value in config file)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"keygen_engine", OPT_KEYGEN_ENGINE, 's',
+     "Specify engine to be used for key generation operations"},
+#endif
+    {NULL}
+};
+
+int req_main(int argc, char **argv)
+{
+    ASN1_INTEGER *serial = NULL;
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL, *gen_eng = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *genctx = NULL;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
+    X509 *x509ss = NULL;
+    X509_REQ *req = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *md_alg = NULL, *digest = NULL;
+    char *extensions = NULL, *infile = NULL;
+    char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
+    char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *nofree_passin = NULL, *nofree_passout = NULL;
+    char *req_exts = NULL, *subj = NULL;
+    char *template = default_config_file, *keyout = NULL;
+    const char *keyalg = NULL;
+    OPTION_CHOICE o;
+    int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = 0;
+    int pkey_type = -1, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
+    int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
+    int nodes = 0, newhdr = 0, subject = 0, pubkey = 0;
+    long newkey = -1;
+    unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
+    char nmflag_set = 0;
+
+#ifndef OPENSSL_NO_DES
+    cipher = EVP_des_ede3_cbc();
+#endif
+
+    prog = opt_init(argc, argv, req_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(req_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_KEYGEN_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            gen_eng = ENGINE_by_id(opt_arg());
+            if (gen_eng == NULL) {
+                BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_NEW:
+            newreq = 1;
+            break;
+        case OPT_CONFIG:
+            template = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYOUT:
+            keyout = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passargin = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passargout = opt_arg();
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_NEWKEY:
+            keyalg = opt_arg();
+            newreq = 1;
+            break;
+        case OPT_PKEYOPT:
+            if (!pkeyopts)
+                pkeyopts = sk_OPENSSL_STRING_new_null();
+            if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_NEWHDR:
+            newhdr = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_NODES:
+            nodes = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_NAMEOPT:
+            nmflag_set = 1;
+            if (!set_name_ex(&nmflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_REQOPT:
+            if (!set_cert_ex(&reqflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_X509:
+            x509 = 1;
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_SET_SERIAL:
+            if (serial != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            serial = s2i_ASN1_INTEGER(NULL, opt_arg());
+            if (serial == NULL)
+                goto opthelp;
+            break;
+        case OPT_SUBJECT:
+            subject = 1;
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_REQEXTS:
+            req_exts = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md_alg))
+                goto opthelp;
+            digest = md_alg;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (x509 && infile == NULL)
+        newreq = 1;
+
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
+
+    /* TODO: simplify this as pkey is still always NULL here */
+    private = newreq && (pkey == NULL) ? 1 : 0;
+
+    if (!app_passwd(passargin, passargout, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Using configuration from %s\n", template);
+    req_conf = app_load_config(template);
+    if (template != default_config_file && !app_load_modules(req_conf))
+        goto end;
+
+    if (req_conf != NULL) {
+        p = NCONF_get_string(req_conf, NULL, "oid_file");
+        if (p == NULL)
+            ERR_clear_error();
+        if (p != NULL) {
+            BIO *oid_bio;
+
+            oid_bio = BIO_new_file(p, "r");
+            if (oid_bio == NULL) {
+                /*-
+                BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+                ERR_print_errors(bio_err);
+                */
+            } else {
+                OBJ_create_objects(oid_bio);
+                BIO_free(oid_bio);
+            }
+        }
+    }
+    if (!add_oid_section(req_conf))
+        goto end;
+
+    if (md_alg == NULL) {
+        p = NCONF_get_string(req_conf, SECTION, "default_md");
+        if (p == NULL)
+            ERR_clear_error();
+        else {
+            if (!opt_md(p, &md_alg))
+                goto opthelp;
+            digest = md_alg;
+        }
+    }
+
+    if (!extensions) {
+        extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+        if (!extensions)
+            ERR_clear_error();
+    }
+    if (extensions) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extensions);
+            goto end;
+        }
+    }
+
+    if (passin == NULL) {
+        passin = nofree_passin =
+            NCONF_get_string(req_conf, SECTION, "input_password");
+        if (passin == NULL)
+            ERR_clear_error();
+    }
+
+    if (passout == NULL) {
+        passout = nofree_passout =
+            NCONF_get_string(req_conf, SECTION, "output_password");
+        if (passout == NULL)
+            ERR_clear_error();
+    }
+
+    p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+    if (!p)
+        ERR_clear_error();
+
+    if (p && !ASN1_STRING_set_default_mask_asc(p)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+        if (!p)
+            ERR_clear_error();
+        else if (strcmp(p, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    if (!req_exts) {
+        req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+        if (!req_exts)
+            ERR_clear_error();
+    }
+    if (req_exts) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading request extension section %s\n",
+                       req_exts);
+            goto end;
+        }
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        if (!pkey) {
+            /* load_key() has already printed an appropriate message */
+            goto end;
+        } else {
+            char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
+            if (randfile == NULL)
+                ERR_clear_error();
+            app_RAND_load_file(randfile, 0);
+        }
+    }
+
+    if (newreq && (pkey == NULL)) {
+        char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
+        if (randfile == NULL)
+            ERR_clear_error();
+        app_RAND_load_file(randfile, 0);
+        if (inrand)
+            app_RAND_load_files(inrand);
+
+        if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
+            newkey = DEFAULT_KEY_LENGTH;
+        }
+
+        if (keyalg) {
+            genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (!genctx)
+                goto end;
+        }
+
+        if (newkey < MIN_KEY_LENGTH
+            && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+            BIO_printf(bio_err, "private key length is too short,\n");
+            BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n",
+                       MIN_KEY_LENGTH, newkey);
+            goto end;
+        }
+
+        if (!genctx) {
+            genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (!genctx)
+                goto end;
+        }
+
+        if (pkeyopts) {
+            char *genopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
+                genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
+                if (pkey_ctrl_string(genctx, genopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+
+        if (pkey_type == EVP_PKEY_EC) {
+            BIO_printf(bio_err, "Generating an EC private key\n");
+        } else {
+            BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+                       newkey, keyalgstr);
+        }
+
+        EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
+        EVP_PKEY_CTX_set_app_data(genctx, bio_err);
+
+        if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error Generating Key\n");
+            goto end;
+        }
+
+        EVP_PKEY_CTX_free(genctx);
+        genctx = NULL;
+
+        app_RAND_write_file(randfile);
+
+        if (keyout == NULL) {
+            keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
+            if (keyout == NULL)
+                ERR_clear_error();
+        }
+
+        if (keyout == NULL)
+            BIO_printf(bio_err, "writing new private key to stdout\n");
+        else
+            BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
+        out = bio_open_owner(keyout, outformat, private);
+        if (out == NULL)
+            goto end;
+
+        p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
+        if (p == NULL) {
+            ERR_clear_error();
+            p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
+            if (p == NULL)
+                ERR_clear_error();
+        }
+        if ((p != NULL) && (strcmp(p, "no") == 0))
+            cipher = NULL;
+        if (nodes)
+            cipher = NULL;
+
+        i = 0;
+ loop:
+        assert(private);
+        if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                      NULL, 0, NULL, passout)) {
+            if ((ERR_GET_REASON(ERR_peek_error()) ==
+                 PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
+                ERR_clear_error();
+                i++;
+                goto loop;
+            }
+            goto end;
+        }
+        BIO_free(out);
+        out = NULL;
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (!newreq) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            req = d2i_X509_REQ_bio(in, NULL);
+        else
+            req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        if (req == NULL) {
+            BIO_printf(bio_err, "unable to load X509 request\n");
+            goto end;
+        }
+    }
+
+    if (newreq || x509) {
+        if (pkey == NULL) {
+            BIO_printf(bio_err, "you need to specify a private key\n");
+            goto end;
+        }
+
+        if (req == NULL) {
+            req = X509_REQ_new();
+            if (req == NULL) {
+                goto end;
+            }
+
+            i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
+            subj = NULL;        /* done processing '-subj' option */
+            if (!i) {
+                BIO_printf(bio_err, "problems making Certificate Request\n");
+                goto end;
+            }
+        }
+        if (x509) {
+            EVP_PKEY *tmppkey;
+            X509V3_CTX ext_ctx;
+            if ((x509ss = X509_new()) == NULL)
+                goto end;
+
+            /* Set version to V3 */
+            if (extensions && !X509_set_version(x509ss, 2))
+                goto end;
+            if (serial) {
+                if (!X509_set_serialNumber(x509ss, serial))
+                    goto end;
+            } else {
+                if (!rand_serial(NULL, X509_get_serialNumber(x509ss)))
+                    goto end;
+            }
+
+            if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            if (!set_cert_times(x509ss, NULL, NULL, days))
+                goto end;
+            if (!X509_set_subject_name
+                (x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            tmppkey = X509_REQ_get0_pubkey(req);
+            if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+                goto end;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (extensions && !X509V3_EXT_add_nconf(req_conf,
+                                                    &ext_ctx, extensions,
+                                                    x509ss)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           extensions);
+                goto end;
+            }
+
+            i = do_X509_sign(x509ss, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else {
+            X509V3_CTX ext_ctx;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
+                                                      &ext_ctx, req_exts,
+                                                      req)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           req_exts);
+                goto end;
+            }
+            i = do_X509_REQ_sign(req, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (subj && x509) {
+        BIO_printf(bio_err, "Cannot modify certificate subject\n");
+        goto end;
+    }
+
+    if (subj && !x509) {
+        if (verbose) {
+            BIO_printf(bio_err, "Modifying Request's Subject\n");
+            print_name(bio_err, "old subject=",
+                       X509_REQ_get_subject_name(req), nmflag);
+        }
+
+        if (build_subject(req, subj, chtype, multirdn) == 0) {
+            BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose) {
+            print_name(bio_err, "new subject=",
+                       X509_REQ_get_subject_name(req), nmflag);
+        }
+    }
+
+    if (verify && !x509) {
+        EVP_PKEY *tpubkey = pkey;
+
+        if (tpubkey == NULL) {
+            tpubkey = X509_REQ_get0_pubkey(req);
+            if (tpubkey == NULL)
+                goto end;
+        }
+
+        i = X509_REQ_verify(req, tpubkey);
+
+        if (i < 0) {
+            goto end;
+        } else if (i == 0) {
+            BIO_printf(bio_err, "verify failure\n");
+            ERR_print_errors(bio_err);
+        } else                  /* if (i > 0) */
+            BIO_printf(bio_err, "verify OK\n");
+    }
+
+    if (noout && !text && !modulus && !subject && !pubkey) {
+        ret = 0;
+        goto end;
+    }
+
+    out = bio_open_default(outfile,
+                           keyout != NULL && outfile != NULL &&
+                           strcmp(keyout, outfile) == 0 ? 'a' : 'w',
+                           outformat);
+    if (out == NULL)
+        goto end;
+
+    if (pubkey) {
+        EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
+
+        if (tpubkey == NULL) {
+            BIO_printf(bio_err, "Error getting public key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_PUBKEY(out, tpubkey);
+    }
+
+    if (text) {
+        if (x509)
+            X509_print_ex(out, x509ss, nmflag, reqflag);
+        else
+            X509_REQ_print_ex(out, req, nmflag, reqflag);
+    }
+
+    if (subject) {
+        if (x509)
+            print_name(out, "subject=", X509_get_subject_name(x509ss),
+                       nmflag);
+        else
+            print_name(out, "subject=", X509_REQ_get_subject_name(req),
+                       nmflag);
+    }
+
+    if (modulus) {
+        EVP_PKEY *tpubkey;
+
+        if (x509)
+            tpubkey = X509_get0_pubkey(x509ss);
+        else
+            tpubkey = X509_REQ_get0_pubkey(req);
+        if (tpubkey == NULL) {
+            fprintf(stdout, "Modulus=unavailable\n");
+            goto end;
+        }
+        fprintf(stdout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+        if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
+            const BIGNUM *n;
+            RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
+            BN_print(out, n);
+        } else
+#endif
+            fprintf(stdout, "Wrong Algorithm type");
+        fprintf(stdout, "\n");
+    }
+
+    if (!noout && !x509) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_REQ_bio(out, req);
+        else if (newhdr)
+            i = PEM_write_bio_X509_REQ_NEW(out, req);
+        else
+            i = PEM_write_bio_X509_REQ(out, req);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 request\n");
+            goto end;
+        }
+    }
+    if (!noout && x509 && (x509ss != NULL)) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_bio(out, x509ss);
+        else
+            i = PEM_write_bio_X509(out, x509ss);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 certificate\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret) {
+        ERR_print_errors(bio_err);
+    }
+    NCONF_free(req_conf);
+    BIO_free(in);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(genctx);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    sk_OPENSSL_STRING_free(sigopts);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_free(gen_eng);
+#endif
+    OPENSSL_free(keyalgstr);
+    X509_REQ_free(req);
+    X509_free(x509ss);
+    ASN1_INTEGER_free(serial);
+    release_engine(e);
+    if (passin != nofree_passin)
+        OPENSSL_free(passin);
+    if (passout != nofree_passout)
+        OPENSSL_free(passout);
+    return (ret);
+}
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
+                    int attribs, unsigned long chtype)
+{
+    int ret = 0, i;
+    char no_prompt = 0;
+    STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+    char *tmp, *dn_sect, *attr_sect;
+
+    tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
+    if (tmp == NULL)
+        ERR_clear_error();
+    if ((tmp != NULL) && strcmp(tmp, "no") == 0)
+        no_prompt = 1;
+
+    dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
+    if (dn_sect == NULL) {
+        BIO_printf(bio_err, "unable to find '%s' in config\n",
+                   DISTINGUISHED_NAME);
+        goto err;
+    }
+    dn_sk = NCONF_get_section(req_conf, dn_sect);
+    if (dn_sk == NULL) {
+        BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+        goto err;
+    }
+
+    attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
+    if (attr_sect == NULL) {
+        ERR_clear_error();
+        attr_sk = NULL;
+    } else {
+        attr_sk = NCONF_get_section(req_conf, attr_sect);
+        if (attr_sk == NULL) {
+            BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
+            goto err;
+        }
+    }
+
+    /* setup version number */
+    if (!X509_REQ_set_version(req, 0L))
+        goto err;               /* version 1 */
+
+    if (subj)
+        i = build_subject(req, subj, chtype, multirdn);
+    else if (no_prompt)
+        i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+    else
+        i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
+                        chtype);
+    if (!i)
+        goto err;
+
+    if (!X509_REQ_set_pubkey(req, pkey))
+        goto err;
+
+    ret = 1;
+ err:
+    return (ret);
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
+                         int multirdn)
+{
+    X509_NAME *n;
+
+    if ((n = parse_name(subject, chtype, multirdn)) == NULL)
+        return 0;
+
+    if (!X509_REQ_set_subject_name(req, n)) {
+        X509_NAME_free(n);
+        return 0;
+    }
+    X509_NAME_free(n);
+    return 1;
+}
+
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype)
+{
+    int i;
+    char *p, *q;
+    char buf[100];
+    int nid, mval;
+    long n_min, n_max;
+    char *type, *value;
+    const char *def;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+    subj = X509_REQ_get_subject_name(req);
+
+    if (!batch) {
+        BIO_printf(bio_err,
+                   "You are about to be asked to enter information that will be incorporated\n");
+        BIO_printf(bio_err, "into your certificate request.\n");
+        BIO_printf(bio_err,
+                   "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+        BIO_printf(bio_err,
+                   "There are quite a few fields but you can leave some blank\n");
+        BIO_printf(bio_err,
+                   "For some fields there will be a default value,\n");
+        BIO_printf(bio_err,
+                   "If you enter '.', the field will be left blank.\n");
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (sk_CONF_VALUE_num(dn_sk)) {
+        i = -1;
+ start:for (;;) {
+            i++;
+            if (sk_CONF_VALUE_num(dn_sk) <= i)
+                break;
+
+            v = sk_CONF_VALUE_value(dn_sk, i);
+            p = q = NULL;
+            type = v->name;
+            if (!check_end(type, "_min") || !check_end(type, "_max") ||
+                !check_end(type, "_default") || !check_end(type, "_value"))
+                continue;
+            /*
+             * Skip past any leading X. X: X, etc to allow for multiple
+             * instances
+             */
+            for (p = v->name; *p; p++)
+                if ((*p == ':') || (*p == ',') || (*p == '.')) {
+                    p++;
+                    if (*p)
+                        type = p;
+                    break;
+                }
+            if (*type == '+') {
+                mval = -1;
+                type++;
+            } else
+                mval = 0;
+            /* If OBJ not recognised ignore it */
+            if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                goto start;
+            if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
+                >= (int)sizeof(buf)) {
+                BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+                return 0;
+            }
+
+            if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                def = "";
+            }
+
+            BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
+            if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                value = NULL;
+            }
+
+            BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
+                ERR_clear_error();
+                n_min = -1;
+            }
+
+            BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
+                ERR_clear_error();
+                n_max = -1;
+            }
+
+            if (!add_DN_object(subj, v->value, def, value, nid,
+                               n_min, n_max, chtype, mval))
+                return 0;
+        }
+        if (X509_NAME_entry_count(subj) == 0) {
+            BIO_printf(bio_err,
+                       "error, no objects specified in config file\n");
+            return 0;
+        }
+
+        if (attribs) {
+            if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)
+                && (!batch)) {
+                BIO_printf(bio_err,
+                           "\nPlease enter the following 'extra' attributes\n");
+                BIO_printf(bio_err,
+                           "to be sent with your certificate request\n");
+            }
+
+            i = -1;
+ start2:   for (;;) {
+                i++;
+                if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
+                    break;
+
+                v = sk_CONF_VALUE_value(attr_sk, i);
+                type = v->name;
+                if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                    goto start2;
+
+                if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
+                    >= (int)sizeof(buf)) {
+                    BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+                    return 0;
+                }
+
+                if ((def = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    def = "";
+                }
+
+                BIO_snprintf(buf, sizeof(buf), "%s_value", type);
+                if ((value = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    value = NULL;
+                }
+
+                BIO_snprintf(buf, sizeof(buf), "%s_min", type);
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
+                    ERR_clear_error();
+                    n_min = -1;
+                }
+
+                BIO_snprintf(buf, sizeof(buf), "%s_max", type);
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
+                    ERR_clear_error();
+                    n_max = -1;
+                }
+
+                if (!add_attribute_object(req,
+                                          v->value, def, value, nid, n_min,
+                                          n_max, chtype))
+                    return 0;
+            }
+        }
+    } else {
+        BIO_printf(bio_err, "No template, please set one up.\n");
+        return 0;
+    }
+
+    return 1;
+
+}
+
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+                     STACK_OF(CONF_VALUE) *attr_sk, int attribs,
+                     unsigned long chtype)
+{
+    int i, spec_char, plus_char;
+    char *p, *q;
+    char *type;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+
+    subj = X509_REQ_get_subject_name(req);
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        int mval;
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        p = q = NULL;
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = v->name; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            type++;
+            mval = -1;
+        } else
+            mval = 0;
+        if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+
+    if (!X509_NAME_entry_count(subj)) {
+        BIO_printf(bio_err, "error, no objects specified in config file\n");
+        return 0;
+    }
+    if (attribs) {
+        for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
+            v = sk_CONF_VALUE_value(attr_sk, i);
+            if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+                                           (unsigned char *)v->value, -1))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval)
+{
+    int i, ret = 0;
+    char buf[1024];
+ start:
+    if (!batch)
+        BIO_printf(bio_err, "%s [%s]:", text, def);
+    (void)BIO_flush(bio_err);
+    if (value != NULL) {
+        OPENSSL_strlcpy(buf, value, sizeof(buf));
+        OPENSSL_strlcat(buf, "\n", sizeof(buf));
+        BIO_printf(bio_err, "%s\n", value);
+    } else {
+        buf[0] = '\0';
+        if (!batch) {
+            if (!fgets(buf, sizeof(buf), stdin))
+                return 0;
+        } else {
+            buf[0] = '\n';
+            buf[1] = '\0';
+        }
+    }
+
+    if (buf[0] == '\0')
+        return (0);
+    else if (buf[0] == '\n') {
+        if ((def == NULL) || (def[0] == '\0'))
+            return (1);
+        OPENSSL_strlcpy(buf, def, sizeof(buf));
+        OPENSSL_strlcat(buf, "\n", sizeof(buf));
+    } else if ((buf[0] == '.') && (buf[1] == '\n'))
+        return (1);
+
+    i = strlen(buf);
+    if (buf[i - 1] != '\n') {
+        BIO_printf(bio_err, "weird input :-(\n");
+        return (0);
+    }
+    buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, i);
+#endif
+    if (!req_check_len(i, n_min, n_max)) {
+        if (batch || value)
+            return 0;
+        goto start;
+    }
+
+    if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                    (unsigned char *)buf, -1, -1, mval))
+        goto err;
+    ret = 1;
+ err:
+    return (ret);
+}
+
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min,
+                                int n_max, unsigned long chtype)
+{
+    int i;
+    static char buf[1024];
+
+ start:
+    if (!batch)
+        BIO_printf(bio_err, "%s [%s]:", text, def);
+    (void)BIO_flush(bio_err);
+    if (value != NULL) {
+        OPENSSL_strlcpy(buf, value, sizeof(buf));
+        OPENSSL_strlcat(buf, "\n", sizeof(buf));
+        BIO_printf(bio_err, "%s\n", value);
+    } else {
+        buf[0] = '\0';
+        if (!batch) {
+            if (!fgets(buf, sizeof(buf), stdin))
+                return 0;
+        } else {
+            buf[0] = '\n';
+            buf[1] = '\0';
+        }
+    }
+
+    if (buf[0] == '\0')
+        return (0);
+    else if (buf[0] == '\n') {
+        if ((def == NULL) || (def[0] == '\0'))
+            return (1);
+        OPENSSL_strlcpy(buf, def, sizeof(buf));
+        OPENSSL_strlcat(buf, "\n", sizeof(buf));
+    } else if ((buf[0] == '.') && (buf[1] == '\n'))
+        return (1);
+
+    i = strlen(buf);
+    if (buf[i - 1] != '\n') {
+        BIO_printf(bio_err, "weird input :-(\n");
+        return (0);
+    }
+    buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, i);
+#endif
+    if (!req_check_len(i, n_min, n_max)) {
+        if (batch || value)
+            return 0;
+        goto start;
+    }
+
+    if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+                                   (unsigned char *)buf, -1)) {
+        BIO_printf(bio_err, "Error adding attribute\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    return (1);
+ err:
+    return (0);
+}
+
+static int req_check_len(int len, int n_min, int n_max)
+{
+    if ((n_min > 0) && (len < n_min)) {
+        BIO_printf(bio_err,
+                   "string is too short, it needs to be at least %d bytes long\n",
+                   n_min);
+        return (0);
+    }
+    if ((n_max >= 0) && (len > n_max)) {
+        BIO_printf(bio_err,
+                   "string is too long, it needs to be no more than %d bytes long\n",
+                   n_max);
+        return (0);
+    }
+    return (1);
+}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(const char *str, const char *end)
+{
+    int elen, slen;
+    const char *tmp;
+    elen = strlen(end);
+    slen = strlen(str);
+    if (elen > slen)
+        return 1;
+    tmp = str + slen - elen;
+    return strcmp(tmp, end);
+}
+
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine)
+{
+    EVP_PKEY_CTX *gctx = NULL;
+    EVP_PKEY *param = NULL;
+    long keylen = -1;
+    BIO *pbio = NULL;
+    const char *paramfile = NULL;
+
+    if (gstr == NULL) {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = *pkeylen;
+    } else if (gstr[0] >= '0' && gstr[0] <= '9') {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = atol(gstr);
+        *pkeylen = keylen;
+    } else if (strncmp(gstr, "param:", 6) == 0)
+        paramfile = gstr + 6;
+    else {
+        const char *p = strchr(gstr, ':');
+        int len;
+        ENGINE *tmpeng;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+
+        if (p)
+            len = p - gstr;
+        else
+            len = strlen(gstr);
+        /*
+         * The lookup of a the string will cover all engines so keep a note
+         * of the implementation.
+         */
+
+        ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
+
+        if (!ameth) {
+            BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
+            return NULL;
+        }
+
+        EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+        if (*pkey_type == EVP_PKEY_RSA) {
+            if (p) {
+                keylen = atol(p + 1);
+                *pkeylen = keylen;
+            } else
+                keylen = *pkeylen;
+        } else if (p)
+            paramfile = p + 1;
+    }
+
+    if (paramfile) {
+        pbio = BIO_new_file(paramfile, "r");
+        if (!pbio) {
+            BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile);
+            return NULL;
+        }
+        param = PEM_read_bio_Parameters(pbio, NULL);
+
+        if (!param) {
+            X509 *x;
+            (void)BIO_reset(pbio);
+            x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
+            if (x) {
+                param = X509_get_pubkey(x);
+                X509_free(x);
+            }
+        }
+
+        BIO_free(pbio);
+
+        if (!param) {
+            BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
+            return NULL;
+        }
+        if (*pkey_type == -1)
+            *pkey_type = EVP_PKEY_id(param);
+        else if (*pkey_type != EVP_PKEY_base_id(param)) {
+            BIO_printf(bio_err, "Key Type does not match parameters\n");
+            EVP_PKEY_free(param);
+            return NULL;
+        }
+    }
+
+    if (palgnam) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *tmpeng;
+        const char *anam;
+        ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
+        if (!ameth) {
+            BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
+            return NULL;
+        }
+        EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+        *palgnam = OPENSSL_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+    }
+
+    if (param) {
+        gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+        *pkeylen = EVP_PKEY_bits(param);
+        EVP_PKEY_free(param);
+    } else
+        gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+
+    if (gctx == NULL) {
+        BIO_puts(bio_err, "Error allocating keygen context\n");
+        ERR_print_errors(bio_err);
+        return NULL;
+    }
+
+    if (EVP_PKEY_keygen_init(gctx) <= 0) {
+        BIO_puts(bio_err, "Error initializing keygen context\n");
+        ERR_print_errors(bio_err);
+        EVP_PKEY_CTX_free(gctx);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_RSA
+    if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
+        if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
+            BIO_puts(bio_err, "Error setting RSA keysize\n");
+            ERR_print_errors(bio_err);
+            EVP_PKEY_CTX_free(gctx);
+            return NULL;
+        }
+    }
+#endif
+
+    return gctx;
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
+
+static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
+                        const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i;
+
+    if (ctx == NULL)
+        return 0;
+    if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
+        return 0;
+    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_REQ_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_CRL_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
diff --git a/openssl-1.1.0h/apps/req.pem b/openssl-1.1.0h/apps/req.pem
new file mode 100644
index 0000000..5537df6
--- /dev/null
+++ b/openssl-1.1.0h/apps/req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
+YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
+S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
+AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
+tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
+84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
+CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
+Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/rsa.c b/openssl-1.1.0h/apps/rsa.c
new file mode 100644
index 0000000..8b15fcb
--- /dev/null
+++ b/openssl-1.1.0h/apps/rsa.c
@@ -0,0 +1,310 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
+    OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
+} OPTION_CHOICE;
+
+OPTIONS rsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output a public key"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
+    {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"check", OPT_CHECK, '-', "Verify key consistency"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int rsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    int i, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
+    int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    int pvk_encr = 2;
+# endif
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_RSAPUBKEY_IN:
+            pubin = 2;
+            break;
+        case OPT_RSAPUBKEY_OUT:
+            pubout = 2;
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+            pvk_encr = (o - OPT_PVK_NONE);
+# endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+    if (check && pubin) {
+        BIO_printf(bio_err, "Only private keys can be checked\n");
+        goto end;
+    }
+
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin) {
+            int tmpformat = -1;
+            if (pubin == 2) {
+                if (informat == FORMAT_PEM)
+                    tmpformat = FORMAT_PEMRSA;
+                else if (informat == FORMAT_ASN1)
+                    tmpformat = FORMAT_ASN1RSA;
+            } else
+                tmpformat = informat;
+
+            pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+        } else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+
+        if (pkey != NULL)
+            rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (rsa == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!RSA_print(out, rsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *n;
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        BIO_printf(out, "Modulus=");
+        BN_print(out, n);
+        BIO_printf(out, "\n");
+    }
+
+    if (check) {
+        int r = RSA_check_key_ex(rsa, NULL);
+
+        if (r == 1)
+            BIO_printf(out, "RSA key ok\n");
+        else if (r == 0) {
+            unsigned long err;
+
+            while ((err = ERR_peek_error()) != 0 &&
+                   ERR_GET_LIB(err) == ERR_LIB_RSA &&
+                   ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
+                   ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
+                BIO_printf(out, "RSA key error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove e from error stack */
+            }
+        } else if (r == -1) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing RSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = i2d_RSAPublicKey_bio(out, rsa);
+            else
+                i = i2d_RSA_PUBKEY_bio(out, rsa);
+        } else {
+            assert(private);
+            i = i2d_RSAPrivateKey_bio(out, rsa);
+        }
+    }
+    else if (outformat == FORMAT_PEM) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = PEM_write_bio_RSAPublicKey(out, rsa);
+            else
+                i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+        } else {
+            assert(private);
+            i = PEM_write_bio_RSAPrivateKey(out, rsa,
+                                            enc, NULL, 0, NULL, passout);
+        }
+# ifndef OPENSSL_NO_DSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        EVP_PKEY_set1_RSA(pk, rsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+#  ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+#  else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+#  endif
+        } else if (pubin || pubout) {
+            i = i2b_PublicKey_bio(out, pk);
+        } else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+# endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write key\n");
+        ERR_print_errors(bio_err);
+    } else
+        ret = 0;
+ end:
+    release_engine(e);
+    BIO_free_all(out);
+    RSA_free(rsa);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/rsa8192.pem b/openssl-1.1.0h/apps/rsa8192.pem
new file mode 100644
index 0000000..946a6e5
--- /dev/null
+++ b/openssl-1.1.0h/apps/rsa8192.pem
@@ -0,0 +1,101 @@
+-----BEGIN RSA PRIVATE KEY-----
+
+MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
+ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
+MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
+55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
+yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
+tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
+LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
+aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
+PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
+mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
+71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
+d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
+wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
+bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
+Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
+Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
+pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
+os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
+mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
+cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
+LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
+tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
+PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
+psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
+9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
+xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
+ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
+RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
+1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
+P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
+77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
+4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
+/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
+GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
+HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
+ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
+AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
+52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
+5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
+7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
+KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
+cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
+dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
+DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
+Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
+f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
+J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
+TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
+fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
+Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
+mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
+YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
+mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
+Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
+c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
+Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
+WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
+KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
+JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
+yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
+kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
+DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
+22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
+D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
+PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
+dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
+FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
+6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
+eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
+bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
+XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
+7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
+82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
+beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
+pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
+70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
+YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
+ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
+lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
+4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
+lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
+LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
+x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
+O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
+6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
+Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
+DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
+Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
+oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
+nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
+X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
+QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
+TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
+46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
+rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
+I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
+-----END RSA PRIVATE KEY-----
+
diff --git a/openssl-1.1.0h/apps/rsautl.c b/openssl-1.1.0h/apps/rsautl.c
new file mode 100644
index 0000000..d527bf4
--- /dev/null
+++ b/openssl-1.1.0h/apps/rsautl.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "apps.h"
+# include <string.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rsa.h>
+
+# define RSA_SIGN        1
+# define RSA_VERIFY      2
+# define RSA_ENCRYPT     3
+# define RSA_DECRYPT     4
+
+# define KEY_PRIVKEY     1
+# define KEY_PUBKEY      2
+# define KEY_CERT        3
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
+    OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
+    OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM
+} OPTION_CHOICE;
+
+OPTIONS rsautl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"inkey", OPT_INKEY, 's', "Input key"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
+    {"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
+    {"raw", OPT_RAW, '-', "Use no padding"},
+    {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
+    {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
+    {"sign", OPT_SIGN, '-', "Sign with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-',
+     "Run output through asn1parse; useful with -verify"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int rsautl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    RSA *rsa = NULL;
+    X509 *x;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *prog;
+    char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+    unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
+    int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
+    int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsautl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsautl_options);
+            ret = 0;
+            goto end;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_RAW:
+            pad = RSA_NO_PADDING;
+            break;
+        case OPT_OAEP:
+            pad = RSA_PKCS1_OAEP_PADDING;
+            break;
+        case OPT_SSL:
+            pad = RSA_SSLV23_PADDING;
+            break;
+        case OPT_PKCS:
+            pad = RSA_PKCS1_PADDING;
+            break;
+        case OPT_X931:
+            pad = RSA_X931_PADDING;
+            break;
+        case OPT_SIGN:
+            rsa_mode = RSA_SIGN;
+            need_priv = 1;
+            break;
+        case OPT_VERIFY:
+            rsa_mode = RSA_VERIFY;
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_ENCRYPT:
+            rsa_mode = RSA_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            rsa_mode = RSA_DECRYPT;
+            need_priv = 1;
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_INKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (need_priv && (key_type != KEY_PRIVKEY)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+/* FIXME: seed PRNG only if needed */
+    app_RAND_load_file(NULL, 0);
+
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyformat, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+    }
+
+    if (!pkey) {
+        return 1;
+    }
+
+    rsa = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+
+    if (!rsa) {
+        BIO_printf(bio_err, "Error getting RSA key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_BINARY);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    keysize = RSA_size(rsa);
+
+    rsa_in = app_malloc(keysize * 2, "hold rsa key");
+    rsa_out = app_malloc(keysize, "output rsa key");
+
+    /* Read the input data */
+    rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+    if (rsa_inlen < 0) {
+        BIO_printf(bio_err, "Error reading input Data\n");
+        goto end;
+    }
+    if (rev) {
+        int i;
+        unsigned char ctmp;
+        for (i = 0; i < rsa_inlen / 2; i++) {
+            ctmp = rsa_in[i];
+            rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+            rsa_in[rsa_inlen - 1 - i] = ctmp;
+        }
+    }
+    switch (rsa_mode) {
+
+    case RSA_VERIFY:
+        rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_SIGN:
+        rsa_outlen =
+            RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_ENCRYPT:
+        rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_DECRYPT:
+        rsa_outlen =
+            RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+    }
+
+    if (rsa_outlen < 0) {
+        BIO_printf(bio_err, "RSA operation error\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+            ERR_print_errors(bio_err);
+        }
+    } else if (hexdump)
+        BIO_dump(out, (char *)rsa_out, rsa_outlen);
+    else
+        BIO_write(out, rsa_out, rsa_outlen);
+ end:
+    RSA_free(rsa);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(rsa_in);
+    OPENSSL_free(rsa_out);
+    OPENSSL_free(passin);
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/apps/s1024key.pem b/openssl-1.1.0h/apps/s1024key.pem
new file mode 100644
index 0000000..19e0403
--- /dev/null
+++ b/openssl-1.1.0h/apps/s1024key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/s1024req.pem b/openssl-1.1.0h/apps/s1024req.pem
new file mode 100644
index 0000000..bb75e7e
--- /dev/null
+++ b/openssl-1.1.0h/apps/s1024req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
+dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
+9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
+KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
+RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
+BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
+nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
+frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/s512-key.pem b/openssl-1.1.0h/apps/s512-key.pem
new file mode 100644
index 0000000..0e3ff2d
--- /dev/null
+++ b/openssl-1.1.0h/apps/s512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/s512-req.pem b/openssl-1.1.0h/apps/s512-req.pem
new file mode 100644
index 0000000..ea314be
--- /dev/null
+++ b/openssl-1.1.0h/apps/s512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
+MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
+y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
+5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/s_apps.h b/openssl-1.1.0h/apps/s_apps.h
new file mode 100644
index 0000000..c47932b
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_apps.h
@@ -0,0 +1,102 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# define _kbhit kbhit
+#endif
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
+/*
+ * VAX C does not defined fd_set and friends, but it's actually quite simple
+ */
+/* These definitions are borrowed from SOCKETSHR.       /Richard Levitte */
+# define MAX_NOFILE      32
+# define NBBY             8     /* number of bits in a byte */
+
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE      MAX_NOFILE
+# endif                         /* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+# define MAXSELFD        MAX_NOFILE
+typedef int fd_mask;            /* int here! VMS prototypes int, not long */
+# define NFDBITS (sizeof(fd_mask) * NBBY)/* bits per mask (power of 2!) */
+# define NFDSHIFT 5             /* Shift based on above */
+
+typedef fd_mask fd_set;
+# define FD_SET(n, p)    (*(p) |= (1 << ((n) % NFDBITS)))
+# define FD_CLR(n, p)    (*(p) &= ~(1 << ((n) % NFDBITS)))
+# define FD_ISSET(n, p)  (*(p) & (1 << ((n) % NFDBITS)))
+# define FD_ZERO(p)      memset((p), 0, sizeof(*(p)))
+#endif
+
+#define PORT            "4433"
+#define PROTOCOL        "tcp"
+
+typedef int (*do_server_cb)(int s, int stype, unsigned char *context);
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type,
+              do_server_cb cb,
+              unsigned char *context, int naccept);
+#ifdef HEADER_X509_H
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
+int ssl_print_curves(BIO *out, SSL *s, int noshared);
+#endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
+int init_client(int *sock, const char *host, const char *port,
+                int family, int type);
+int should_retry(int i);
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret);
+
+#ifdef HEADER_SSL_H
+void apps_ssl_info_callback(const SSL *s, int where, int ret);
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg);
+void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
+               int len, void *arg);
+#endif
+
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len);
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len);
+
+typedef struct ssl_excert_st SSL_EXCERT;
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
+void ssl_excert_free(SSL_EXCERT *exc);
+int args_excert(int option, SSL_EXCERT **pexc);
+int load_excert(SSL_EXCERT **pexc);
+void print_verify_detail(SSL *s, BIO *bio);
+void print_ssl_summary(SSL *s);
+#ifdef HEADER_SSL_H
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
+                     int crl_download);
+int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
+                    const char *vfyCAfile, const char *chCApath,
+                    const char *chCAfile, STACK_OF(X509_CRL) *crls,
+                    int crl_download);
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
+#endif
diff --git a/openssl-1.1.0h/apps/s_cb.c b/openssl-1.1.0h/apps/s_cb.c
new file mode 100644
index 0000000..afa3065
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_cb.c
@@ -0,0 +1,1335 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* callback functions used by s_client, s_server, and s_time */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcpy() and strcmp() */
+#define USE_SOCKETS
+#include "apps.h"
+#undef USE_SOCKETS
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include "s_apps.h"
+
+#define COOKIE_SECRET_LENGTH    16
+
+VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+
+#ifndef OPENSSL_NO_SOCK
+static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+static int cookie_initialized = 0;
+#endif
+
+static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
+{
+    for ( ; list->name; ++list)
+        if (list->retval == val)
+            return list->name;
+    return def;
+}
+
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    X509 *err_cert;
+    int err, depth;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    if (!verify_args.quiet || !ok) {
+        BIO_printf(bio_err, "depth=%d ", depth);
+        if (err_cert) {
+            X509_NAME_print_ex(bio_err,
+                               X509_get_subject_name(err_cert),
+                               0, XN_FLAG_ONELINE);
+            BIO_puts(bio_err, "\n");
+        } else
+            BIO_puts(bio_err, "<no cert>\n");
+    }
+    if (!ok) {
+        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                   X509_verify_cert_error_string(err));
+        if (verify_args.depth >= depth) {
+            if (!verify_args.return_error)
+                ok = 1;
+            verify_args.error = err;
+        } else {
+            ok = 0;
+            verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        }
+    }
+    switch (err) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        BIO_puts(bio_err, "issuer= ");
+        X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        BIO_printf(bio_err, "notBefore=");
+        ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        BIO_printf(bio_err, "notAfter=");
+        ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        if (!verify_args.quiet)
+            policies_print(ctx);
+        break;
+    }
+    if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
+        policies_print(ctx);
+    if (ok && !verify_args.quiet)
+        BIO_printf(bio_err, "verify return:%d\n", ok);
+    return (ok);
+}
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+{
+    if (cert_file != NULL) {
+        if (SSL_CTX_use_certificate_file(ctx, cert_file,
+                                         SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get certificate from '%s'\n",
+                       cert_file);
+            ERR_print_errors(bio_err);
+            return (0);
+        }
+        if (key_file == NULL)
+            key_file = cert_file;
+        if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get private key from '%s'\n",
+                       key_file);
+            ERR_print_errors(bio_err);
+            return (0);
+        }
+
+        /*
+         * If we are using DSA, we can copy the parameters from the private
+         * key
+         */
+
+        /*
+         * Now we know that a key and cert have been set against the SSL
+         * context
+         */
+        if (!SSL_CTX_check_private_key(ctx)) {
+            BIO_printf(bio_err,
+                       "Private key does not match the certificate public key\n");
+            return (0);
+        }
+    }
+    return (1);
+}
+
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain)
+{
+    int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
+    if (cert == NULL)
+        return 1;
+    if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+        BIO_printf(bio_err, "error setting certificate\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
+        BIO_printf(bio_err, "error setting private key\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /*
+     * Now we know that a key and cert have been set against the SSL context
+     */
+    if (!SSL_CTX_check_private_key(ctx)) {
+        BIO_printf(bio_err,
+                   "Private key does not match the certificate public key\n");
+        return 0;
+    }
+    if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
+        BIO_printf(bio_err, "error setting certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
+        BIO_printf(bio_err, "error building certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static STRINT_PAIR cert_type_list[] = {
+    {"RSA sign", TLS_CT_RSA_SIGN},
+    {"DSA sign", TLS_CT_DSS_SIGN},
+    {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
+    {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
+    {"ECDSA sign", TLS_CT_ECDSA_SIGN},
+    {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
+    {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
+    {"GOST01 Sign", TLS_CT_GOST01_SIGN},
+    {NULL}
+};
+
+static void ssl_print_client_cert_types(BIO *bio, SSL *s)
+{
+    const unsigned char *p;
+    int i;
+    int cert_type_num = SSL_get0_certificate_types(s, &p);
+    if (!cert_type_num)
+        return;
+    BIO_puts(bio, "Client Certificate Types: ");
+    for (i = 0; i < cert_type_num; i++) {
+        unsigned char cert_type = p[i];
+        const char *cname = lookup((int)cert_type, cert_type_list, NULL);
+
+        if (i)
+            BIO_puts(bio, ", ");
+        if (cname)
+            BIO_puts(bio, cname);
+        else
+            BIO_printf(bio, "UNKNOWN (%d),", cert_type);
+    }
+    BIO_puts(bio, "\n");
+}
+
+static int do_print_sigalgs(BIO *out, SSL *s, int shared)
+{
+    int i, nsig, client;
+    client = SSL_is_server(s) ? 0 : 1;
+    if (shared)
+        nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+    else
+        nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+    if (nsig == 0)
+        return 1;
+
+    if (shared)
+        BIO_puts(out, "Shared ");
+
+    if (client)
+        BIO_puts(out, "Requested ");
+    BIO_puts(out, "Signature Algorithms: ");
+    for (i = 0; i < nsig; i++) {
+        int hash_nid, sign_nid;
+        unsigned char rhash, rsign;
+        const char *sstr = NULL;
+        if (shared)
+            SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+                                   &rsign, &rhash);
+        else
+            SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
+        if (i)
+            BIO_puts(out, ":");
+        if (sign_nid == EVP_PKEY_RSA)
+            sstr = "RSA";
+        else if (sign_nid == EVP_PKEY_DSA)
+            sstr = "DSA";
+        else if (sign_nid == EVP_PKEY_EC)
+            sstr = "ECDSA";
+        if (sstr)
+            BIO_printf(out, "%s+", sstr);
+        else
+            BIO_printf(out, "0x%02X+", (int)rsign);
+        if (hash_nid != NID_undef)
+            BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
+        else
+            BIO_printf(out, "0x%02X", (int)rhash);
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_sigalgs(BIO *out, SSL *s)
+{
+    int mdnid;
+    if (!SSL_is_server(s))
+        ssl_print_client_cert_types(out, s);
+    do_print_sigalgs(out, s, 0);
+    do_print_sigalgs(out, s, 1);
+    if (SSL_get_peer_signature_nid(s, &mdnid))
+        BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int ssl_print_point_formats(BIO *out, SSL *s)
+{
+    int i, nformats;
+    const char *pformats;
+    nformats = SSL_get0_ec_point_formats(s, &pformats);
+    if (nformats <= 0)
+        return 1;
+    BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
+    for (i = 0; i < nformats; i++, pformats++) {
+        if (i)
+            BIO_puts(out, ":");
+        switch (*pformats) {
+        case TLSEXT_ECPOINTFORMAT_uncompressed:
+            BIO_puts(out, "uncompressed");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
+            BIO_puts(out, "ansiX962_compressed_prime");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
+            BIO_puts(out, "ansiX962_compressed_char2");
+            break;
+
+        default:
+            BIO_printf(out, "unknown(%d)", (int)*pformats);
+            break;
+
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_curves(BIO *out, SSL *s, int noshared)
+{
+    int i, ncurves, *curves, nid;
+    const char *cname;
+
+    ncurves = SSL_get1_curves(s, NULL);
+    if (ncurves <= 0)
+        return 1;
+    curves = app_malloc(ncurves * sizeof(int), "curves to print");
+    SSL_get1_curves(s, curves);
+
+    BIO_puts(out, "Supported Elliptic Curves: ");
+    for (i = 0; i < ncurves; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = curves[i];
+        /* If unrecognised print out hex version */
+        if (nid & TLSEXT_nid_unknown)
+            BIO_printf(out, "0x%04X", nid & 0xFFFF);
+        else {
+            /* Use NIST name for curve if it exists */
+            cname = EC_curve_nid2nist(nid);
+            if (!cname)
+                cname = OBJ_nid2sn(nid);
+            BIO_printf(out, "%s", cname);
+        }
+    }
+    OPENSSL_free(curves);
+    if (noshared) {
+        BIO_puts(out, "\n");
+        return 1;
+    }
+    BIO_puts(out, "\nShared Elliptic curves: ");
+    ncurves = SSL_get_shared_curve(s, -1);
+    for (i = 0; i < ncurves; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = SSL_get_shared_curve(s, i);
+        cname = EC_curve_nid2nist(nid);
+        if (!cname)
+            cname = OBJ_nid2sn(nid);
+        BIO_printf(out, "%s", cname);
+    }
+    if (ncurves == 0)
+        BIO_puts(out, "NONE");
+    BIO_puts(out, "\n");
+    return 1;
+}
+#endif
+int ssl_print_tmp_key(BIO *out, SSL *s)
+{
+    EVP_PKEY *key;
+    if (!SSL_get_server_tmp_key(s, &key))
+        return 1;
+    BIO_puts(out, "Server Temp Key: ");
+    switch (EVP_PKEY_id(key)) {
+    case EVP_PKEY_RSA:
+        BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+        break;
+
+    case EVP_PKEY_DH:
+        BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+        break;
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        {
+            EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+            int nid;
+            const char *cname;
+            nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+            EC_KEY_free(ec);
+            cname = EC_curve_nid2nist(nid);
+            if (!cname)
+                cname = OBJ_nid2sn(nid);
+            BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
+        }
+    break;
+#endif
+    default:
+        BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
+                   EVP_PKEY_bits(key));
+    }
+    EVP_PKEY_free(key);
+    return 1;
+}
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret)
+{
+    BIO *out;
+
+    out = (BIO *)BIO_get_callback_arg(bio);
+    if (out == NULL)
+        return (ret);
+
+    if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
+        BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+        return (ret);
+    } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
+        BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+    }
+    return (ret);
+}
+
+void apps_ssl_info_callback(const SSL *s, int where, int ret)
+{
+    const char *str;
+    int w;
+
+    w = where & ~SSL_ST_MASK;
+
+    if (w & SSL_ST_CONNECT)
+        str = "SSL_connect";
+    else if (w & SSL_ST_ACCEPT)
+        str = "SSL_accept";
+    else
+        str = "undefined";
+
+    if (where & SSL_CB_LOOP) {
+        BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+    } else if (where & SSL_CB_ALERT) {
+        str = (where & SSL_CB_READ) ? "read" : "write";
+        BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+                   str,
+                   SSL_alert_type_string_long(ret),
+                   SSL_alert_desc_string_long(ret));
+    } else if (where & SSL_CB_EXIT) {
+        if (ret == 0)
+            BIO_printf(bio_err, "%s:failed in %s\n",
+                       str, SSL_state_string_long(s));
+        else if (ret < 0) {
+            BIO_printf(bio_err, "%s:error in %s\n",
+                       str, SSL_state_string_long(s));
+        }
+    }
+}
+
+static STRINT_PAIR ssl_versions[] = {
+    {"SSL 3.0", SSL3_VERSION},
+    {"TLS 1.0", TLS1_VERSION},
+    {"TLS 1.1", TLS1_1_VERSION},
+    {"TLS 1.2", TLS1_2_VERSION},
+    {"DTLS 1.0", DTLS1_VERSION},
+    {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
+    {NULL}
+};
+static STRINT_PAIR alert_types[] = {
+    {" close_notify", 0},
+    {" unexpected_message", 10},
+    {" bad_record_mac", 20},
+    {" decryption_failed", 21},
+    {" record_overflow", 22},
+    {" decompression_failure", 30},
+    {" handshake_failure", 40},
+    {" bad_certificate", 42},
+    {" unsupported_certificate", 43},
+    {" certificate_revoked", 44},
+    {" certificate_expired", 45},
+    {" certificate_unknown", 46},
+    {" illegal_parameter", 47},
+    {" unknown_ca", 48},
+    {" access_denied", 49},
+    {" decode_error", 50},
+    {" decrypt_error", 51},
+    {" export_restriction", 60},
+    {" protocol_version", 70},
+    {" insufficient_security", 71},
+    {" internal_error", 80},
+    {" user_canceled", 90},
+    {" no_renegotiation", 100},
+    {" unsupported_extension", 110},
+    {" certificate_unobtainable", 111},
+    {" unrecognized_name", 112},
+    {" bad_certificate_status_response", 113},
+    {" bad_certificate_hash_value", 114},
+    {" unknown_psk_identity", 115},
+    {NULL}
+};
+
+static STRINT_PAIR handshakes[] = {
+    {", HelloRequest", 0},
+    {", ClientHello", 1},
+    {", ServerHello", 2},
+    {", HelloVerifyRequest", 3},
+    {", NewSessionTicket", 4},
+    {", Certificate", 11},
+    {", ServerKeyExchange", 12},
+    {", CertificateRequest", 13},
+    {", ServerHelloDone", 14},
+    {", CertificateVerify", 15},
+    {", ClientKeyExchange", 16},
+    {", Finished", 20},
+    {", CertificateUrl", 21},
+    {", CertificateStatus", 22},
+    {", SupplementalData", 23},
+    {NULL}
+};
+
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg)
+{
+    BIO *bio = arg;
+    const char *str_write_p = write_p ? ">>>" : "<<<";
+    const char *str_version = lookup(version, ssl_versions, "???");
+    const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
+    const unsigned char* bp = buf;
+
+    if (version == SSL3_VERSION ||
+        version == TLS1_VERSION ||
+        version == TLS1_1_VERSION ||
+        version == TLS1_2_VERSION ||
+        version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+        switch (content_type) {
+        case 20:
+            str_content_type = "ChangeCipherSpec";
+            break;
+        case 21:
+            str_content_type = "Alert";
+            str_details1 = ", ???";
+            if (len == 2) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", warning";
+                    break;
+                case 2:
+                    str_details1 = ", fatal";
+                    break;
+                }
+                str_details2 = lookup((int)bp[1], alert_types, " ???");
+            }
+            break;
+        case 22:
+            str_content_type = "Handshake";
+            str_details1 = "???";
+            if (len > 0)
+                str_details1 = lookup((int)bp[0], handshakes, "???");
+            break;
+        case 23:
+            str_content_type = "ApplicationData";
+            break;
+#ifndef OPENSSL_NO_HEARTBEATS
+        case 24:
+            str_details1 = ", Heartbeat";
+
+            if (len > 0) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", HeartbeatRequest";
+                    break;
+                case 2:
+                    str_details1 = ", HeartbeatResponse";
+                    break;
+                }
+            }
+            break;
+#endif
+        }
+    }
+
+    BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
+               str_content_type, (unsigned long)len, str_details1,
+               str_details2);
+
+    if (len > 0) {
+        size_t num, i;
+
+        BIO_printf(bio, "   ");
+        num = len;
+        for (i = 0; i < num; i++) {
+            if (i % 16 == 0 && i > 0)
+                BIO_printf(bio, "\n   ");
+            BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
+        }
+        if (i < len)
+            BIO_printf(bio, " ...");
+        BIO_printf(bio, "\n");
+    }
+    (void)BIO_flush(bio);
+}
+
+static STRINT_PAIR tlsext_types[] = {
+    {"server name", TLSEXT_TYPE_server_name},
+    {"max fragment length", TLSEXT_TYPE_max_fragment_length},
+    {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
+    {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
+    {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
+    {"status request", TLSEXT_TYPE_status_request},
+    {"user mapping", TLSEXT_TYPE_user_mapping},
+    {"client authz", TLSEXT_TYPE_client_authz},
+    {"server authz", TLSEXT_TYPE_server_authz},
+    {"cert type", TLSEXT_TYPE_cert_type},
+    {"elliptic curves", TLSEXT_TYPE_elliptic_curves},
+    {"EC point formats", TLSEXT_TYPE_ec_point_formats},
+    {"SRP", TLSEXT_TYPE_srp},
+    {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
+    {"use SRTP", TLSEXT_TYPE_use_srtp},
+    {"heartbeat", TLSEXT_TYPE_heartbeat},
+    {"session ticket", TLSEXT_TYPE_session_ticket},
+    {"renegotiation info", TLSEXT_TYPE_renegotiate},
+    {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
+    {"TLS padding", TLSEXT_TYPE_padding},
+#ifdef TLSEXT_TYPE_next_proto_neg
+    {"next protocol", TLSEXT_TYPE_next_proto_neg},
+#endif
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+    {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
+#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+    {"application layer protocol negotiation",
+     TLSEXT_TYPE_application_layer_protocol_negotiation},
+#endif
+#ifdef TLSEXT_TYPE_extended_master_secret
+    {"extended master secret", TLSEXT_TYPE_extended_master_secret},
+#endif
+    {NULL}
+};
+
+void tlsext_cb(SSL *s, int client_server, int type,
+               const unsigned char *data, int len, void *arg)
+{
+    BIO *bio = arg;
+    const char *extname = lookup(type, tlsext_types, "unknown");
+
+    BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+               client_server ? "server" : "client", extname, type, len);
+    BIO_dump(bio, (const char *)data, len);
+    (void)BIO_flush(bio);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len)
+{
+    unsigned char *buffer;
+    size_t length;
+    unsigned short port;
+    BIO_ADDR *peer = NULL;
+
+    /* Initialize a random secret */
+    if (!cookie_initialized) {
+        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+            BIO_printf(bio_err, "error setting random cookie secret\n");
+            return 0;
+        }
+        cookie_initialized = 1;
+    }
+
+    peer = BIO_ADDR_new();
+    if (peer == NULL) {
+        BIO_printf(bio_err, "memory full\n");
+        return 0;
+    }
+
+    /* Read peer information */
+    (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
+
+    /* Create buffer with peer's address and port */
+    BIO_ADDR_rawaddress(peer, NULL, &length);
+    OPENSSL_assert(length != 0);
+    port = BIO_ADDR_rawport(peer);
+    length += sizeof(port);
+    buffer = app_malloc(length, "cookie generate buffer");
+
+    memcpy(buffer, &port, sizeof(port));
+    BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
+
+    /* Calculate HMAC of buffer using the secret */
+    HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+         buffer, length, cookie, cookie_len);
+
+    OPENSSL_free(buffer);
+    BIO_ADDR_free(peer);
+
+    return 1;
+}
+
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len)
+{
+    unsigned char result[EVP_MAX_MD_SIZE];
+    unsigned int resultlength;
+
+    /* Note: we check cookie_initialized because if it's not,
+     * it cannot be valid */
+    if (cookie_initialized
+        && generate_cookie_callback(ssl, result, &resultlength)
+        && cookie_len == resultlength
+        && memcmp(result, cookie, resultlength) == 0)
+        return 1;
+
+    return 0;
+}
+#endif
+
+/*
+ * Example of extended certificate handling. Where the standard support of
+ * one certificate per algorithm is not sufficient an application can decide
+ * which certificate(s) to use at runtime based on whatever criteria it deems
+ * appropriate.
+ */
+
+/* Linked list of certificates, keys and chains */
+struct ssl_excert_st {
+    int certform;
+    const char *certfile;
+    int keyform;
+    const char *keyfile;
+    const char *chainfile;
+    X509 *cert;
+    EVP_PKEY *key;
+    STACK_OF(X509) *chain;
+    int build_chain;
+    struct ssl_excert_st *next, *prev;
+};
+
+static STRINT_PAIR chain_flags[] = {
+    {"Overall Validity", CERT_PKEY_VALID},
+    {"Sign with EE key", CERT_PKEY_SIGN},
+    {"EE signature", CERT_PKEY_EE_SIGNATURE},
+    {"CA signature", CERT_PKEY_CA_SIGNATURE},
+    {"EE key parameters", CERT_PKEY_EE_PARAM},
+    {"CA key parameters", CERT_PKEY_CA_PARAM},
+    {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
+    {"Issuer Name", CERT_PKEY_ISSUER_NAME},
+    {"Certificate Type", CERT_PKEY_CERT_TYPE},
+    {NULL}
+};
+
+static void print_chain_flags(SSL *s, int flags)
+{
+    STRINT_PAIR *pp;
+
+    for (pp = chain_flags; pp->name; ++pp)
+        BIO_printf(bio_err, "\t%s: %s\n",
+                   pp->name,
+                   (flags & pp->retval) ? "OK" : "NOT OK");
+    BIO_printf(bio_err, "\tSuite B: ");
+    if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
+        BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+    else
+        BIO_printf(bio_err, "not tested\n");
+}
+
+/*
+ * Very basic selection callback: just use any certificate chain reported as
+ * valid. More sophisticated could prioritise according to local policy.
+ */
+static int set_cert_cb(SSL *ssl, void *arg)
+{
+    int i, rv;
+    SSL_EXCERT *exc = arg;
+#ifdef CERT_CB_TEST_RETRY
+    static int retry_cnt;
+    if (retry_cnt < 5) {
+        retry_cnt++;
+        BIO_printf(bio_err,
+                   "Certificate callback retry test: count %d\n",
+                   retry_cnt);
+        return -1;
+    }
+#endif
+    SSL_certs_clear(ssl);
+
+    if (!exc)
+        return 1;
+
+    /*
+     * Go to end of list and traverse backwards since we prepend newer
+     * entries this retains the original order.
+     */
+    while (exc->next)
+        exc = exc->next;
+
+    i = 0;
+
+    while (exc) {
+        i++;
+        rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
+        BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
+                           XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+        print_chain_flags(ssl, rv);
+        if (rv & CERT_PKEY_VALID) {
+            if (!SSL_use_certificate(ssl, exc->cert)
+                    || !SSL_use_PrivateKey(ssl, exc->key)) {
+                return 0;
+            }
+            /*
+             * NB: we wouldn't normally do this as it is not efficient
+             * building chains on each connection better to cache the chain
+             * in advance.
+             */
+            if (exc->build_chain) {
+                if (!SSL_build_cert_chain(ssl, 0))
+                    return 0;
+            } else if (exc->chain)
+                SSL_set1_chain(ssl, exc->chain);
+        }
+        exc = exc->prev;
+    }
+    return 1;
+}
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
+{
+    SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
+}
+
+static int ssl_excert_prepend(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
+
+    memset(exc, 0, sizeof(*exc));
+
+    exc->next = *pexc;
+    *pexc = exc;
+
+    if (exc->next) {
+        exc->certform = exc->next->certform;
+        exc->keyform = exc->next->keyform;
+        exc->next->prev = exc;
+    } else {
+        exc->certform = FORMAT_PEM;
+        exc->keyform = FORMAT_PEM;
+    }
+    return 1;
+
+}
+
+void ssl_excert_free(SSL_EXCERT *exc)
+{
+    SSL_EXCERT *curr;
+
+    if (!exc)
+        return;
+    while (exc) {
+        X509_free(exc->cert);
+        EVP_PKEY_free(exc->key);
+        sk_X509_pop_free(exc->chain, X509_free);
+        curr = exc;
+        exc = exc->next;
+        OPENSSL_free(curr);
+    }
+}
+
+int load_excert(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+    if (!exc)
+        return 1;
+    /* If nothing in list, free and set to NULL */
+    if (!exc->certfile && !exc->next) {
+        ssl_excert_free(exc);
+        *pexc = NULL;
+        return 1;
+    }
+    for (; exc; exc = exc->next) {
+        if (!exc->certfile) {
+            BIO_printf(bio_err, "Missing filename\n");
+            return 0;
+        }
+        exc->cert = load_cert(exc->certfile, exc->certform,
+                              "Server Certificate");
+        if (!exc->cert)
+            return 0;
+        if (exc->keyfile) {
+            exc->key = load_key(exc->keyfile, exc->keyform,
+                                0, NULL, NULL, "Server Key");
+        } else {
+            exc->key = load_key(exc->certfile, exc->certform,
+                                0, NULL, NULL, "Server Key");
+        }
+        if (!exc->key)
+            return 0;
+        if (exc->chainfile) {
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            "Server Chain"))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+enum range { OPT_X_ENUM };
+
+int args_excert(int opt, SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+
+    assert(opt > OPT_X__FIRST);
+    assert(opt < OPT_X__LAST);
+
+    if (exc == NULL) {
+        if (!ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, " %s: Error initialising xcert\n",
+                       opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+    }
+
+    switch ((enum range)opt) {
+    case OPT_X__FIRST:
+    case OPT_X__LAST:
+        return 0;
+    case OPT_X_CERT:
+        if (exc->certfile && !ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+        exc->certfile = opt_arg();
+        break;
+    case OPT_X_KEY:
+        if (exc->keyfile) {
+            BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
+            goto err;
+        }
+        exc->keyfile = opt_arg();
+        break;
+    case OPT_X_CHAIN:
+        if (exc->chainfile) {
+            BIO_printf(bio_err, "%s: Chain already specified\n",
+                       opt_getprog());
+            goto err;
+        }
+        exc->chainfile = opt_arg();
+        break;
+    case OPT_X_CHAIN_BUILD:
+        exc->build_chain = 1;
+        break;
+    case OPT_X_CERTFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
+            return 0;
+        break;
+    case OPT_X_KEYFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
+            return 0;
+        break;
+    }
+    return 1;
+
+ err:
+    ERR_print_errors(bio_err);
+    ssl_excert_free(exc);
+    *pexc = NULL;
+    return 0;
+}
+
+static void print_raw_cipherlist(SSL *s)
+{
+    const unsigned char *rlist;
+    static const unsigned char scsv_id[] = { 0, 0xFF };
+    size_t i, rlistlen, num;
+    if (!SSL_is_server(s))
+        return;
+    num = SSL_get0_raw_cipherlist(s, NULL);
+    OPENSSL_assert(num == 2);
+    rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
+    BIO_puts(bio_err, "Client cipher list: ");
+    for (i = 0; i < rlistlen; i += num, rlist += num) {
+        const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
+        if (i)
+            BIO_puts(bio_err, ":");
+        if (c)
+            BIO_puts(bio_err, SSL_CIPHER_get_name(c));
+        else if (!memcmp(rlist, scsv_id, num))
+            BIO_puts(bio_err, "SCSV");
+        else {
+            size_t j;
+            BIO_puts(bio_err, "0x");
+            for (j = 0; j < num; j++)
+                BIO_printf(bio_err, "%02X", rlist[j]);
+        }
+    }
+    BIO_puts(bio_err, "\n");
+}
+
+/*
+ * Hex encoder for TLSA RRdata, not ':' delimited.
+ */
+static char *hexencode(const unsigned char *data, size_t len)
+{
+    static const char *hex = "0123456789abcdef";
+    char *out;
+    char *cp;
+    size_t outlen = 2 * len + 1;
+    int ilen = (int) outlen;
+
+    if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
+        BIO_printf(bio_err, "%s: %"BIO_PRI64"u-byte buffer too large to hexencode\n",
+                   opt_getprog(), (uint64_t)len);
+        exit(1);
+    }
+    cp = out = app_malloc(ilen, "TLSA hex data buffer");
+
+    while (len-- > 0) {
+        *cp++ = hex[(*data >> 4) & 0x0f];
+        *cp++ = hex[*data++ & 0x0f];
+    }
+    *cp = '\0';
+    return out;
+}
+
+void print_verify_detail(SSL *s, BIO *bio)
+{
+    int mdpth;
+    EVP_PKEY *mspki;
+    long verify_err = SSL_get_verify_result(s);
+
+    if (verify_err == X509_V_OK) {
+        const char *peername = SSL_get0_peername(s);
+
+        BIO_printf(bio, "Verification: OK\n");
+        if (peername != NULL)
+            BIO_printf(bio, "Verified peername: %s\n", peername);
+    } else {
+        const char *reason = X509_verify_cert_error_string(verify_err);
+
+        BIO_printf(bio, "Verification error: %s\n", reason);
+    }
+
+    if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
+        uint8_t usage, selector, mtype;
+        const unsigned char *data = NULL;
+        size_t dlen = 0;
+        char *hexdata;
+
+        mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
+
+        /*
+         * The TLSA data field can be quite long when it is a certificate,
+         * public key or even a SHA2-512 digest.  Because the initial octets of
+         * ASN.1 certificates and public keys contain mostly boilerplate OIDs
+         * and lengths, we show the last 12 bytes of the data instead, as these
+         * are more likely to distinguish distinct TLSA records.
+         */
+#define TLSA_TAIL_SIZE 12
+        if (dlen > TLSA_TAIL_SIZE)
+            hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
+        else
+            hexdata = hexencode(data, dlen);
+        BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
+                   usage, selector, mtype,
+                   (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
+                   (mspki != NULL) ? "signed the certificate" :
+                   mdpth ? "matched TA certificate" : "matched EE certificate",
+                   mdpth);
+        OPENSSL_free(hexdata);
+    }
+}
+
+void print_ssl_summary(SSL *s)
+{
+    const SSL_CIPHER *c;
+    X509 *peer;
+    /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */
+
+    BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
+    print_raw_cipherlist(s);
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
+    do_print_sigalgs(bio_err, s, 0);
+    peer = SSL_get_peer_certificate(s);
+    if (peer) {
+        int nid;
+
+        BIO_puts(bio_err, "Peer certificate: ");
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+        if (SSL_get_peer_signature_nid(s, &nid))
+            BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
+        print_verify_detail(s, bio_err);
+    } else
+        BIO_puts(bio_err, "No peer certificate\n");
+    X509_free(peer);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_err, s);
+    if (SSL_is_server(s))
+        ssl_print_curves(bio_err, s, 1);
+    else
+        ssl_print_tmp_key(bio_err, s);
+#else
+    if (!SSL_is_server(s))
+        ssl_print_tmp_key(bio_err, s);
+#endif
+}
+
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
+               SSL_CTX *ctx)
+{
+    int i;
+
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
+        const char *flag = sk_OPENSSL_STRING_value(str, i);
+        const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
+        if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
+            if (arg)
+                BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
+                           flag, arg);
+            else
+                BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        BIO_puts(bio_err, "Error finishing context\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *crl;
+    int i;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        X509_STORE_add_crl(st, crl);
+    }
+    return 1;
+}
+
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *st;
+    st = SSL_CTX_get_cert_store(ctx);
+    add_crls_store(st, crls);
+    if (crl_download)
+        store_setup_crl_download(st);
+    return 1;
+}
+
+int ssl_load_stores(SSL_CTX *ctx,
+                    const char *vfyCApath, const char *vfyCAfile,
+                    const char *chCApath, const char *chCAfile,
+                    STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *vfy = NULL, *ch = NULL;
+    int rv = 0;
+    if (vfyCApath != NULL || vfyCAfile != NULL) {
+        vfy = X509_STORE_new();
+        if (vfy == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+            goto err;
+        add_crls_store(vfy, crls);
+        SSL_CTX_set1_verify_cert_store(ctx, vfy);
+        if (crl_download)
+            store_setup_crl_download(vfy);
+    }
+    if (chCApath != NULL || chCAfile != NULL) {
+        ch = X509_STORE_new();
+        if (ch == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+            goto err;
+        SSL_CTX_set1_chain_cert_store(ctx, ch);
+    }
+    rv = 1;
+ err:
+    X509_STORE_free(vfy);
+    X509_STORE_free(ch);
+    return rv;
+}
+
+/* Verbose print out of security callback */
+
+typedef struct {
+    BIO *out;
+    int verbose;
+    int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+} security_debug_ex;
+
+static STRINT_PAIR callback_types[] = {
+    {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
+    {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
+    {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
+#ifndef OPENSSL_NO_DH
+    {"Temp DH key bits", SSL_SECOP_TMP_DH},
+#endif
+    {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
+    {"Shared Curve", SSL_SECOP_CURVE_SHARED},
+    {"Check Curve", SSL_SECOP_CURVE_CHECK},
+    {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED},
+    {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED},
+    {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK},
+    {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
+    {"Certificate chain EE key", SSL_SECOP_EE_KEY},
+    {"Certificate chain CA key", SSL_SECOP_CA_KEY},
+    {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
+    {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
+    {"Certificate chain CA digest", SSL_SECOP_CA_MD},
+    {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
+    {"SSL compression", SSL_SECOP_COMPRESSION},
+    {"Session ticket", SSL_SECOP_TICKET},
+    {NULL}
+};
+
+static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
+                                   int op, int bits, int nid,
+                                   void *other, void *ex)
+{
+    security_debug_ex *sdb = ex;
+    int rv, show_bits = 1, cert_md = 0;
+    const char *nm;
+    rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
+    if (rv == 1 && sdb->verbose < 2)
+        return 1;
+    BIO_puts(sdb->out, "Security callback: ");
+
+    nm = lookup(op, callback_types, NULL);
+    switch (op) {
+    case SSL_SECOP_TICKET:
+    case SSL_SECOP_COMPRESSION:
+        show_bits = 0;
+        nm = NULL;
+        break;
+    case SSL_SECOP_VERSION:
+        BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
+        show_bits = 0;
+        nm = NULL;
+        break;
+    case SSL_SECOP_CA_MD:
+    case SSL_SECOP_PEER_CA_MD:
+        cert_md = 1;
+        break;
+    }
+    if (nm)
+        BIO_printf(sdb->out, "%s=", nm);
+
+    switch (op & SSL_SECOP_OTHER_TYPE) {
+
+    case SSL_SECOP_OTHER_CIPHER:
+        BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
+        break;
+
+#ifndef OPENSSL_NO_EC
+    case SSL_SECOP_OTHER_CURVE:
+        {
+            const char *cname;
+            cname = EC_curve_nid2nist(nid);
+            if (cname == NULL)
+                cname = OBJ_nid2sn(nid);
+            BIO_puts(sdb->out, cname);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_SECOP_OTHER_DH:
+        {
+            DH *dh = other;
+            BIO_printf(sdb->out, "%d", DH_bits(dh));
+            break;
+        }
+#endif
+    case SSL_SECOP_OTHER_CERT:
+        {
+            if (cert_md) {
+                int sig_nid = X509_get_signature_nid(other);
+                BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
+            } else {
+                EVP_PKEY *pkey = X509_get0_pubkey(other);
+                const char *algname = "";
+                EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
+                                        &algname, EVP_PKEY_get0_asn1(pkey));
+                BIO_printf(sdb->out, "%s, bits=%d",
+                           algname, EVP_PKEY_bits(pkey));
+            }
+            break;
+        }
+    case SSL_SECOP_OTHER_SIGALG:
+        {
+            const unsigned char *salg = other;
+            const char *sname = NULL;
+            switch (salg[1]) {
+            case TLSEXT_signature_anonymous:
+                sname = "anonymous";
+                break;
+            case TLSEXT_signature_rsa:
+                sname = "RSA";
+                break;
+            case TLSEXT_signature_dsa:
+                sname = "DSA";
+                break;
+            case TLSEXT_signature_ecdsa:
+                sname = "ECDSA";
+                break;
+            }
+
+            BIO_puts(sdb->out, OBJ_nid2sn(nid));
+            if (sname)
+                BIO_printf(sdb->out, ", algorithm=%s", sname);
+            else
+                BIO_printf(sdb->out, ", algid=%d", salg[1]);
+            break;
+        }
+
+    }
+
+    if (show_bits)
+        BIO_printf(sdb->out, ", security bits=%d", bits);
+    BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
+    return rv;
+}
+
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
+{
+    static security_debug_ex sdb;
+
+    sdb.out = bio_err;
+    sdb.verbose = verbose;
+    sdb.old_cb = SSL_CTX_get_security_callback(ctx);
+    SSL_CTX_set_security_callback(ctx, security_callback_debug);
+    SSL_CTX_set0_security_ex_data(ctx, &sdb);
+}
diff --git a/openssl-1.1.0h/apps/s_client.c b/openssl-1.1.0h/apps/s_client.c
new file mode 100644
index 0000000..fb89f0c
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_client.c
@@ -0,0 +1,2760 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include <openssl/bn.h>
+#include <openssl/async.h>
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#ifndef OPENSSL_NO_CT
+# include <openssl/ct.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+#  include <sanitizer/msan_interface.h>
+# endif
+#endif
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+#define S_CLIENT_IRC_READ_TIMEOUT 8
+
+static char *prog;
+static int c_debug = 0;
+static int c_showcerts = 0;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+static BIO *bio_c_out = NULL;
+static int c_quiet = 0;
+
+static void print_stuff(BIO *berr, SSL *con, int full);
+#ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
+
+static int saved_errno;
+
+static void save_errno(void)
+{
+    saved_errno = errno;
+    errno = 0;
+}
+
+static int restore_errno(void)
+{
+    int ret = errno;
+    errno = saved_errno;
+    return ret;
+}
+
+static void do_ssl_shutdown(SSL *ssl)
+{
+    int ret;
+
+    do {
+        /* We only do unidirectional shutdown */
+        ret = SSL_shutdown(ssl);
+        if (ret < 0) {
+            switch (SSL_get_error(ssl, ret)) {
+            case SSL_ERROR_WANT_READ:
+            case SSL_ERROR_WANT_WRITE:
+            case SSL_ERROR_WANT_ASYNC:
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* We just do busy waiting. Nothing clever */
+                continue;
+            }
+            ret = 0;
+        }
+    } while (ret < 0);
+}
+
+#ifndef OPENSSL_NO_PSK
+/* Default PSK identity and key */
+static char *psk_identity = "Client_identity";
+/*
+ * char *psk_key=NULL; by default PSK is not used
+ */
+
+static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+                                  unsigned int max_identity_len,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    int ret;
+    long key_len;
+    unsigned char *key;
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "psk_client_cb\n");
+    if (!hint) {
+        /* no ServerKeyExchange message */
+        if (c_debug)
+            BIO_printf(bio_c_out,
+                       "NULL received PSK identity hint, continuing anyway\n");
+    } else if (c_debug)
+        BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
+
+    /*
+     * lookup PSK identity and PSK key based on the given identity hint here
+     */
+    ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
+    if (ret < 0 || (unsigned int)ret > max_identity_len)
+        goto out_err;
+    if (c_debug)
+        BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
+                   ret);
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
+
+    return key_len;
+ out_err:
+    if (c_debug)
+        BIO_printf(bio_err, "Error in PSK client callback\n");
+    return 0;
+}
+#endif
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    BIO *biodebug;
+    int ack;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (SSL_get_servername_type(s) != -1)
+        p->ack = !SSL_session_reused(s) && hn != NULL;
+    else
+        BIO_printf(bio_err, "Can't use SSL_get_servername\n");
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+#ifndef OPENSSL_NO_SRP
+
+/* This is a context that we pass to all callbacks */
+typedef struct srp_arg_st {
+    char *srppassin;
+    char *srplogin;
+    int msg;                    /* copy from c_msg */
+    int debug;                  /* copy from c_debug */
+    int amp;                    /* allow more groups */
+    int strength;               /* minimal size for N */
+} SRP_ARG;
+
+# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
+
+static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx = BN_CTX_new();
+    BIGNUM *p = BN_new();
+    BIGNUM *r = BN_new();
+    int ret =
+        g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
+        BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        p != NULL && BN_rshift1(p, N) &&
+        /* p = (N-1)/2 */
+        BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        r != NULL &&
+        /* verify g^((N-1)/2) == -1 (mod N) */
+        BN_mod_exp(r, g, p, N, bn_ctx) &&
+        BN_add_word(r, 1) && BN_cmp(r, N) == 0;
+
+    BN_free(r);
+    BN_free(p);
+    BN_CTX_free(bn_ctx);
+    return ret;
+}
+
+/*-
+ * This callback is used here for two purposes:
+ * - extended debugging
+ * - making some primality tests for unknown groups
+ * The callback is only called for a non default group.
+ *
+ * An application does not need the call back at all if
+ * only the standard groups are used.  In real life situations,
+ * client and server already share well known groups,
+ * thus there is no need to verify them.
+ * Furthermore, in case that a server actually proposes a group that
+ * is not one of those defined in RFC 5054, it is more appropriate
+ * to add the group to a static list and then compare since
+ * primality tests are rather cpu consuming.
+ */
+
+static int ssl_srp_verify_param_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    BIGNUM *N = NULL, *g = NULL;
+
+    if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL))
+        return 0;
+    if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
+        BIO_printf(bio_err, "SRP parameters:\n");
+        BIO_printf(bio_err, "\tN=");
+        BN_print(bio_err, N);
+        BIO_printf(bio_err, "\n\tg=");
+        BN_print(bio_err, g);
+        BIO_printf(bio_err, "\n");
+    }
+
+    if (SRP_check_known_gN_param(g, N))
+        return 1;
+
+    if (srp_arg->amp == 1) {
+        if (srp_arg->debug)
+            BIO_printf(bio_err,
+                       "SRP param N and g are not known params, going to check deeper.\n");
+
+        /*
+         * The srp_moregroups is a real debugging feature. Implementors
+         * should rather add the value to the known ones. The minimal size
+         * has already been tested.
+         */
+        if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
+            return 1;
+    }
+    BIO_printf(bio_err, "SRP param N and g rejected.\n");
+    return 0;
+}
+
+# define PWD_STRLEN 1024
+
+static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer");
+    PW_CB_DATA cb_tmp;
+    int l;
+
+    cb_tmp.password = (char *)srp_arg->srppassin;
+    cb_tmp.prompt_info = "SRP user";
+    if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
+        BIO_printf(bio_err, "Can't read Password\n");
+        OPENSSL_free(pass);
+        return NULL;
+    }
+    *(pass + l) = '\0';
+
+    return pass;
+}
+
+#endif
+
+static char *srtp_profiles = NULL;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+    int status;
+} tlsextnextprotoctx;
+
+static tlsextnextprotoctx next_proto;
+
+static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         void *arg)
+{
+    tlsextnextprotoctx *ctx = arg;
+
+    if (!c_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned i;
+        BIO_printf(bio_c_out, "Protocols advertised by server: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_c_out, ", ", 2);
+            BIO_write(bio_c_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_c_out, "\n", 1);
+    }
+
+    ctx->status =
+        SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *arg)
+{
+    char pem_name[100];
+    unsigned char ext_buf[4 + 65536];
+
+    /* Reconstruct the type/len fields prior to extension data */
+    ext_buf[0] = ext_type >> 8;
+    ext_buf[1] = ext_type & 0xFF;
+    ext_buf[2] = inlen >> 8;
+    ext_buf[3] = inlen & 0xFF;
+    memcpy(ext_buf + 4, in, inlen);
+
+    BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+                 ext_type);
+    PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
+    return 1;
+}
+
+/*
+ * Hex decoder that tolerates optional whitespace.  Returns number of bytes
+ * produced, advances inptr to end of input string.
+ */
+static ossl_ssize_t hexdecode(const char **inptr, void *result)
+{
+    unsigned char **out = (unsigned char **)result;
+    const char *in = *inptr;
+    unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode");
+    unsigned char *cp = ret;
+    uint8_t byte;
+    int nibble = 0;
+
+    if (ret == NULL)
+        return -1;
+
+    for (byte = 0; *in; ++in) {
+        int x;
+
+        if (isspace(_UC(*in)))
+            continue;
+        x = OPENSSL_hexchar2int(*in);
+        if (x < 0) {
+            OPENSSL_free(ret);
+            return 0;
+        }
+        byte |= (char)x;
+        if ((nibble ^= 1) == 0) {
+            *cp++ = byte;
+            byte = 0;
+        } else {
+            byte <<= 4;
+        }
+    }
+    if (nibble != 0) {
+        OPENSSL_free(ret);
+        return 0;
+    }
+    *inptr = in;
+
+    return cp - (*out = ret);
+}
+
+/*
+ * Decode unsigned 0..255, returns 1 on success, <= 0 on failure. Advances
+ * inptr to next field skipping leading whitespace.
+ */
+static ossl_ssize_t checked_uint8(const char **inptr, void *out)
+{
+    uint8_t *result = (uint8_t *)out;
+    const char *in = *inptr;
+    char *endp;
+    long v;
+    int e;
+
+    save_errno();
+    v = strtol(in, &endp, 10);
+    e = restore_errno();
+
+    if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
+        endp == in || !isspace(_UC(*endp)) ||
+        v != (*result = (uint8_t) v)) {
+        return -1;
+    }
+    for (in = endp; isspace(_UC(*in)); ++in)
+        continue;
+
+    *inptr = in;
+    return 1;
+}
+
+struct tlsa_field {
+    void *var;
+    const char *name;
+    ossl_ssize_t (*parser)(const char **, void *);
+};
+
+static int tlsa_import_rr(SSL *con, const char *rrdata)
+{
+    /* Not necessary to re-init these values; the "parsers" do that. */
+    static uint8_t usage;
+    static uint8_t selector;
+    static uint8_t mtype;
+    static unsigned char *data;
+    static struct tlsa_field tlsa_fields[] = {
+        { &usage, "usage", checked_uint8 },
+        { &selector, "selector", checked_uint8 },
+        { &mtype, "mtype", checked_uint8 },
+        { &data, "data", hexdecode },
+        { NULL, }
+    };
+    struct tlsa_field *f;
+    int ret;
+    const char *cp = rrdata;
+    ossl_ssize_t len = 0;
+
+    for (f = tlsa_fields; f->var; ++f) {
+        /* Returns number of bytes produced, advances cp to next field */
+        if ((len = f->parser(&cp, f->var)) <= 0) {
+            BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n",
+                       prog, f->name, rrdata);
+            return 0;
+        }
+    }
+    /* The data field is last, so len is its length */
+    ret = SSL_dane_tlsa_add(con, usage, selector, mtype, data, len);
+    OPENSSL_free(data);
+
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    if (ret < 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    return ret;
+}
+
+static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset)
+{
+    int num = sk_OPENSSL_STRING_num(rrset);
+    int count = 0;
+    int i;
+
+    for (i = 0; i < num; ++i) {
+        char *rrdata = sk_OPENSSL_STRING_value(rrset, i);
+        if (tlsa_import_rr(con, rrdata) > 0)
+            ++count;
+    }
+    return count > 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX,
+    OPT_XMPPHOST, OPT_VERIFY,
+    OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
+    OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
+    OPT_SSL_CLIENT_ENGINE, OPT_RAND, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
+    OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
+    OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
+#ifndef OPENSSL_NO_PSK
+    OPT_PSK_IDENTITY, OPT_PSK,
+#endif
+#ifndef OPENSSL_NO_SRP
+    OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+    OPT_SRP_MOREGROUPS,
+#endif
+    OPT_SSL3, OPT_SSL_CONFIG,
+    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
+    OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH,
+        OPT_VERIFYCAPATH,
+    OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
+    OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME,
+    OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
+    OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+    OPT_V_ENUM,
+    OPT_X_ENUM,
+    OPT_S_ENUM,
+    OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN,
+#ifndef OPENSSL_NO_CT
+    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
+#endif
+    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME
+} OPTION_CHOICE;
+
+OPTIONS s_client_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"host", OPT_HOST, 's', "Use -connect instead"},
+    {"port", OPT_PORT, 'p', "Use -connect instead"},
+    {"connect", OPT_CONNECT, 's',
+     "TCP/IP where to connect (default is :" PORT ")"},
+    {"proxy", OPT_PROXY, 's',
+     "Connect to via specified proxy to the real server"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+#ifdef AF_INET6
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#endif
+    {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
+    {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"},
+    {"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
+    {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
+     "DANE TLSA rrdata presentation form"},
+    {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
+     "Disable name checks when matching DANE-EE(3) TLSA records"},
+    {"reconnect", OPT_RECONNECT, '-',
+     "Drop and re-make the connection with the same Session-ID"},
+    {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
+    {"debug", OPT_DEBUG, '-', "Extra output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
+    {"state", OPT_STATE, '-', "Print the ssl states"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"quiet", OPT_QUIET, '-', "No s_client output"},
+    {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
+    {"starttls", OPT_STARTTLS, 's',
+     "Use the appropriate STARTTLS command before starting TLS"},
+    {"xmpphost", OPT_XMPPHOST, 's',
+     "Host to use with \"-starttls xmpp[-server]\""},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
+    {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+    {"use_srtp", OPT_USE_SRTP, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+    {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"prexit", OPT_PREXIT, '-',
+     "Print session information when the program exits"},
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Enable security debug messages"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Output more security debug output"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "Certificate chain file (in PEM format)"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "Use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "Use dir as certificate store path to verify CA certificate"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Set TLS extension servername in ClientHello"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+#endif
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "types  Send empty ClientHello extensions (comma-separated numbers)"},
+    {"alpn", OPT_ALPN, 's',
+     "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+    {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
+    {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'n',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'n',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just use TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
+    {"timeout", OPT_TIMEOUT, '-',
+     "Enable send/receive timeout on DTLS connections"},
+    {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
+#endif
+#ifdef WATT32
+    {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
+#endif
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#ifndef OPENSSL_NO_PSK
+    {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
+    {"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
+    {"srp_lateuser", OPT_SRP_LATEUSER, '-',
+     "SRP username into second ClientHello message"},
+    {"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
+     "Tolerate other than the known g N values."},
+    {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Enable NPN extension, considering named protocols supported (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
+     "Specify engine to be used for client certificate operations"},
+#endif
+#ifndef OPENSSL_NO_CT
+    {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
+    {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
+    {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
+#endif
+    {NULL, OPT_EOF, 0x00, NULL}
+};
+
+typedef enum PROTOCOL_choice {
+    PROTO_OFF,
+    PROTO_SMTP,
+    PROTO_POP3,
+    PROTO_IMAP,
+    PROTO_FTP,
+    PROTO_TELNET,
+    PROTO_XMPP,
+    PROTO_XMPP_SERVER,
+    PROTO_CONNECT,
+    PROTO_IRC
+} PROTOCOL_CHOICE;
+
+static const OPT_PAIR services[] = {
+    {"smtp", PROTO_SMTP},
+    {"pop3", PROTO_POP3},
+    {"imap", PROTO_IMAP},
+    {"ftp", PROTO_FTP},
+    {"xmpp", PROTO_XMPP},
+    {"xmpp-server", PROTO_XMPP_SERVER},
+    {"telnet", PROTO_TELNET},
+    {"irc", PROTO_IRC},
+    {NULL, 0}
+};
+
+#define IS_INET_FLAG(o) \
+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
+#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+/* Free |*dest| and optionally set it to a copy of |source|. */
+static void freeandcopy(char **dest, const char *source)
+{
+    OPENSSL_free(*dest);
+    *dest = NULL;
+    if (source != NULL)
+        *dest = OPENSSL_strdup(source);
+}
+
+int s_client_main(int argc, char **argv)
+{
+    BIO *sbio;
+    EVP_PKEY *key = NULL;
+    SSL *con = NULL;
+    SSL_CTX *ctx = NULL;
+    STACK_OF(X509) *chain = NULL;
+    X509 *cert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    SSL_EXCERT *exc = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    char *dane_tlsa_domain = NULL;
+    STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL;
+    int dane_ee_no_name = 0;
+    STACK_OF(X509_CRL) *crls = NULL;
+    const SSL_METHOD *meth = TLS_client_method();
+    const char *CApath = NULL, *CAfile = NULL;
+    char *cbuf = NULL, *sbuf = NULL;
+    char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL;
+    char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+    char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
+    char *port = OPENSSL_strdup(PORT);
+    char *inrand = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
+    char *xmpphost = NULL;
+    const char *ehlo = "mail.example.com";
+    struct timeval timeout, *timeoutp;
+    fd_set readfds, writefds;
+    int noCApath = 0, noCAfile = 0;
+    int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
+    int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+    int prexit = 0;
+    int sdebug = 0;
+    int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
+    int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
+    int sbuf_len, sbuf_off, cmdletters = 1;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
+    int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+    int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+    int at_eof = 0;
+#endif
+    int read_buf_len = 0;
+    int fallback_scsv = 0;
+    long randamt = 0;
+    OPTION_CHOICE o;
+#ifndef OPENSSL_NO_DTLS
+    int enable_timeouts = 0;
+    long socket_mtu = 0;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *ssl_client_engine = NULL;
+#endif
+    ENGINE *e = NULL;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+    struct timeval tv;
+#endif
+    char *servername = NULL;
+    const char *alpn_in = NULL;
+    tlsextctx tlsextcbp = { NULL, 0 };
+    const char *ssl_config = NULL;
+#define MAX_SI_TYPES 100
+    unsigned short serverinfo_types[MAX_SI_TYPES];
+    int serverinfo_count = 0, start = 0, len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    char *srppass = NULL;
+    int srp_lateuser = 0;
+    SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
+#endif
+#ifndef OPENSSL_NO_CT
+    char *ctlog_file = NULL;
+    int ct_validation = 0;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int async = 0;
+    unsigned int split_send_fragment = 0;
+    unsigned int max_pipelines = 0;
+    enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
+    int count4or6 = 0;
+    int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
+    int c_tlsextdebug = 0;
+#ifndef OPENSSL_NO_OCSP
+    int c_status_req = 0;
+#endif
+    BIO *bio_c_msg = NULL;
+
+    FD_ZERO(&readfds);
+    FD_ZERO(&writefds);
+/* Known false-positive of MemorySanitizer. */
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+    __msan_unpoison(&readfds, sizeof(readfds));
+    __msan_unpoison(&writefds, sizeof(writefds));
+# endif
+#endif
+
+    prog = opt_progname(argv[0]);
+    c_quiet = 0;
+    c_debug = 0;
+    c_showcerts = 0;
+    c_nbio = 0;
+    vpm = X509_VERIFY_PARAM_new();
+    cctx = SSL_CONF_CTX_new();
+
+    if (vpm == NULL || cctx == NULL) {
+        BIO_printf(bio_err, "%s: out of memory\n", prog);
+        goto end;
+    }
+
+    cbuf = app_malloc(BUFSIZZ, "cbuf");
+    sbuf = app_malloc(BUFSIZZ, "sbuf");
+    mbuf = app_malloc(BUFSIZZ, "mbuf");
+
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_client_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        /* Check for intermixing flags. */
+        if (connect_type == use_unix && IS_INET_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (unix and internet domains)\n",
+                       prog);
+            goto end;
+        }
+        if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (internet and unix domains)\n",
+                       prog);
+            goto end;
+        }
+
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_client_options);
+            ret = 0;
+            goto end;
+        case OPT_4:
+            connect_type = use_inet;
+            socket_family = AF_INET;
+            count4or6++;
+            break;
+#ifdef AF_INET6
+        case OPT_6:
+            connect_type = use_inet;
+            socket_family = AF_INET6;
+            count4or6++;
+            break;
+#endif
+        case OPT_HOST:
+            connect_type = use_inet;
+            freeandcopy(&host, opt_arg());
+            break;
+        case OPT_PORT:
+            connect_type = use_inet;
+            freeandcopy(&port, opt_arg());
+            break;
+        case OPT_CONNECT:
+            connect_type = use_inet;
+            freeandcopy(&connectstr, opt_arg());
+            break;
+        case OPT_PROXY:
+            proxystr = opt_arg();
+            starttls_proto = PROTO_CONNECT;
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            connect_type = use_unix;
+            socket_family = AF_UNIX;
+            freeandcopy(&host, opt_arg());
+            break;
+#endif
+        case OPT_XMPPHOST:
+            xmpphost = opt_arg();
+            break;
+        case OPT_SMTPHOST:
+            ehlo = opt_arg();
+            break;
+        case OPT_VERIFY:
+            verify = SSL_VERIFY_PEER;
+            verify_args.depth = atoi(opt_arg());
+            if (!c_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_CERT:
+            cert_file = opt_arg();
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SESS_OUT:
+            sess_out = opt_arg();
+            break;
+        case OPT_SESS_IN:
+            sess_in = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &cert_format))
+                goto opthelp;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BRIEF:
+            c_brief = verify_args.quiet = c_quiet = 1;
+            break;
+        case OPT_S_CASES:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_PREXIT:
+            prexit = 1;
+            break;
+        case OPT_CRLF:
+            crlf = 1;
+            break;
+        case OPT_QUIET:
+            c_quiet = c_ign_eof = 1;
+            break;
+        case OPT_NBIO:
+            c_nbio = 1;
+            break;
+        case OPT_NOCMDS:
+            cmdletters = 0;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_SSL_CLIENT_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            ssl_client_engine = ENGINE_by_id(opt_arg());
+            if (ssl_client_engine == NULL) {
+                BIO_printf(bio_err, "Error getting client auth engine\n");
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_IGN_EOF:
+            c_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            c_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            c_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            c_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            c_status_req = 1;
+#endif
+            break;
+        case OPT_WDEBUG:
+#ifdef WATT32
+            dbug_init();
+#endif
+            break;
+        case OPT_MSG:
+            c_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_c_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            c_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_SHOWCERTS:
+            c_showcerts = 1;
+            break;
+        case OPT_NBIO_TEST:
+            nbio_test = 1;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+#ifndef OPENSSL_NO_PSK
+        case OPT_PSK_IDENTITY:
+            psk_identity = opt_arg();
+            break;
+        case OPT_PSK:
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
+                goto end;
+            }
+            break;
+#endif
+#ifndef OPENSSL_NO_SRP
+        case OPT_SRPUSER:
+            srp_arg.srplogin = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRPPASS:
+            srppass = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_STRENGTH:
+            srp_arg.strength = atoi(opt_arg());
+            BIO_printf(bio_err, "SRP minimal length for N is %d\n",
+                       srp_arg.strength);
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_LATEUSER:
+            srp_lateuser = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_MOREGROUPS:
+            srp_arg.amp = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+#endif
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_client_method();
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS1
+            meth = DTLS_client_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS1_2
+            meth = DTLS_client_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_FALLBACKSCSV:
+            fallback_scsv = 1;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            chain_file = opt_arg();
+            break;
+        case OPT_KEY:
+            key_file = opt_arg();
+            break;
+        case OPT_RECONNECT:
+            reconnect = 5;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+#ifndef OPENSSL_NO_CT
+        case OPT_NOCT:
+            ct_validation = 0;
+            break;
+        case OPT_CT:
+            ct_validation = 1;
+            break;
+        case OPT_CTLOG_FILE:
+            ctlog_file = opt_arg();
+            break;
+#endif
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_DANE_TLSA_DOMAIN:
+            dane_tlsa_domain = opt_arg();
+            break;
+        case OPT_DANE_TLSA_RRDATA:
+            if (dane_tlsa_rrset == NULL)
+                dane_tlsa_rrset = sk_OPENSSL_STRING_new_null();
+            if (dane_tlsa_rrset == NULL ||
+                !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_DANE_EE_NO_NAME:
+            dane_ee_no_name = 1;
+            break;
+        case OPT_NEXTPROTONEG:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SERVERINFO:
+            p = opt_arg();
+            len = strlen(p);
+            for (start = 0, i = 0; i <= len; ++i) {
+                if (i == len || p[i] == ',') {
+                    serverinfo_types[serverinfo_count] = atoi(p + start);
+                    if (++serverinfo_count == MAX_SI_TYPES)
+                        break;
+                    start = i + 1;
+                }
+            }
+            break;
+        case OPT_STARTTLS:
+            if (!opt_pair(opt_arg(), services, &starttls_proto))
+                goto end;
+            break;
+        case OPT_SERVERNAME:
+            servername = opt_arg();
+            break;
+        case OPT_USE_SRTP:
+            srtp_profiles = opt_arg();
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            if (split_send_fragment == 0) {
+                /*
+                 * Not allowed - set to a deliberately bad value so we get an
+                 * error message below
+                 */
+                split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH + 1;
+            }
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+        }
+    }
+    if (count4or6 >= 2) {
+        BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
+        goto opthelp;
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (proxystr) {
+        int res;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr == NULL) {
+            BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog);
+            goto opthelp;
+        }
+        res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -proxy argument malformed or ambiguous\n", prog);
+            goto end;
+        }
+    } else {
+        int res = 1;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr != NULL)
+            res = BIO_parse_hostserv(connectstr, &host, &port,
+                                     BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -connect argument malformed or ambiguous\n",
+                       prog);
+            goto end;
+        }
+    }
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+
+    if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
+        BIO_printf(bio_err, "Bad split send fragment size\n");
+        goto end;
+    }
+
+    if (max_pipelines > SSL_MAX_PIPELINES) {
+        BIO_printf(bio_err, "Bad max pipelines value\n");
+        goto end;
+    }
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    next_proto.status = -1;
+    if (next_proto_neg_in) {
+        next_proto.data =
+            next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL) {
+            BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
+            goto end;
+        }
+    } else
+        next_proto.data = NULL;
+#endif
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (key_file == NULL)
+        key_file = cert_file;
+
+    if (key_file) {
+        key = load_key(key_file, key_format, 0, pass, e,
+                       "client certificate private key file");
+        if (key == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (cert_file) {
+        cert = load_cert(cert_file, cert_format, "client certificate file");
+        if (cert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (chain_file) {
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
+                        "client certificate chain"))
+            goto end;
+    }
+
+    if (crl_file) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (crl == NULL) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (!app_RAND_load_file(NULL, 1) && inrand == NULL
+        && !RAND_status()) {
+        BIO_printf(bio_err,
+                   "warning, not much extra random data, consider using the -rand option\n");
+    }
+    if (inrand != NULL) {
+        randamt = app_RAND_load_files(inrand);
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n", randamt);
+    }
+
+    if (bio_c_out == NULL) {
+        if (c_quiet && !c_debug) {
+            bio_c_out = BIO_new(BIO_s_null());
+            if (c_msg && !bio_c_msg)
+                bio_c_msg = dup_bio_out(FORMAT_TEXT);
+        } else if (bio_c_out == NULL)
+            bio_c_out = dup_bio_out(FORMAT_TEXT);
+    }
+#ifndef OPENSSL_NO_SRP
+    if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+#endif
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+    if (split_send_fragment > 0) {
+        SSL_CTX_set_split_send_fragment(ctx, split_send_fragment);
+    }
+    if (max_pipelines > 0) {
+        SSL_CTX_set_max_pipelines(ctx, max_pipelines);
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (ssl_client_engine) {
+        if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
+            BIO_puts(bio_err, "Error setting client auth engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(ssl_client_engine);
+            goto end;
+        }
+        ENGINE_free(ssl_client_engine);
+    }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (c_debug)
+            BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
+        SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
+    }
+#endif
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (exc)
+        ssl_ctx_set_excert(ctx, exc);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.data)
+        SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
+#endif
+    if (alpn_in) {
+        size_t alpn_len;
+        unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
+
+        if (alpn == NULL) {
+            BIO_printf(bio_err, "Error parsing -alpn argument\n");
+            goto end;
+        }
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) {
+            BIO_printf(bio_err, "Error setting ALPN\n");
+            goto end;
+        }
+        OPENSSL_free(alpn);
+    }
+
+    for (i = 0; i < serverinfo_count; i++) {
+        if (!SSL_CTX_add_client_custom_ext(ctx,
+                                           serverinfo_types[i],
+                                           NULL, NULL, NULL,
+                                           serverinfo_cli_parse_cb, NULL)) {
+            BIO_printf(bio_err,
+                       "Warning: Unable to add custom extension %u, skipping\n",
+                       serverinfo_types[i]);
+        }
+    }
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+
+#ifndef OPENSSL_NO_CT
+    /* Enable SCT processing, without early connection termination */
+    if (ct_validation &&
+        !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
+        if (ct_validation) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        /*
+         * If CT validation is not enabled, the log list isn't needed so don't
+         * show errors or abort. We try to load it regardless because then we
+         * can show the names of the logs any SCTs came from (SCTs may be seen
+         * even with validation disabled).
+         */
+        ERR_clear_error();
+    }
+#endif
+
+    SSL_CTX_set_verify(ctx, verify, verify_callback);
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, crl_download);
+
+    if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
+        goto end;
+
+    if (servername != NULL) {
+        tlsextcbp.biodebug = bio_err;
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+# ifndef OPENSSL_NO_SRP
+    if (srp_arg.srplogin) {
+        if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
+            BIO_printf(bio_err, "Unable to set SRP username\n");
+            goto end;
+        }
+        srp_arg.msg = c_msg;
+        srp_arg.debug = c_debug;
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
+        SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
+        SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
+        if (c_msg || c_debug || srp_arg.amp == 0)
+            SSL_CTX_set_srp_verify_param_callback(ctx,
+                                                  ssl_srp_verify_param_cb);
+    }
+# endif
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_CTX_dane_enable(ctx) <= 0) {
+            BIO_printf(bio_err,
+                       "%s: Error enabling DANE TLSA authentication.\n",
+                       prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    con = SSL_new(ctx);
+    if (sess_in) {
+        SSL_SESSION *sess;
+        BIO *stmp = BIO_new_file(sess_in, "r");
+        if (!stmp) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (!sess) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (!SSL_set_session(con, sess)) {
+            BIO_printf(bio_err, "Can't set session\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        SSL_SESSION_free(sess);
+    }
+
+    if (fallback_scsv)
+        SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
+    if (servername != NULL) {
+        if (!SSL_set_tlsext_host_name(con, servername)) {
+            BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) {
+            BIO_printf(bio_err, "%s: Error enabling DANE TLSA "
+                       "authentication.\n", prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (dane_tlsa_rrset == NULL) {
+            BIO_printf(bio_err, "%s: DANE TLSA authentication requires at "
+                       "least one -dane_tlsa_rrdata option.\n", prog);
+            goto end;
+        }
+        if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) {
+            BIO_printf(bio_err, "%s: Failed to import any TLSA "
+                       "records.\n", prog);
+            goto end;
+        }
+        if (dane_ee_no_name)
+            SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+    } else if (dane_tlsa_rrset != NULL) {
+        BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
+                   "-dane_tlsa_domain option.\n", prog);
+        goto end;
+    }
+
+ re_start:
+    if (init_client(&s, host, port, socket_family, socket_type) == 0) {
+        BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+        BIO_closesocket(s);
+        goto end;
+    }
+    BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
+
+    if (c_nbio) {
+        if (!BIO_socket_nbio(s, 1)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_c_out, "Turned on non blocking io\n");
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (socket_type == SOCK_DGRAM) {
+        union BIO_sock_info_u peer_info;
+
+        sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+        if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            BIO_closesocket(s);
+            goto end;
+        }
+        if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
+            BIO_printf(bio_err, "getsockname:errno=%d\n",
+                       get_last_socket_error());
+            BIO_ADDR_free(peer_info.addr);
+            BIO_closesocket(s);
+            goto end;
+        }
+
+        (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
+        BIO_ADDR_free(peer_info.addr);
+        peer_info.addr = NULL;
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                BIO_free(sbio);
+                goto shut;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                BIO_free(sbio);
+                goto shut;
+            }
+        } else
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+    } else
+#endif /* OPENSSL_NO_DTLS */
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    if (c_debug) {
+        BIO_set_callback(sbio, bio_dump_callback);
+        BIO_set_callback_arg(sbio, (char *)bio_c_out);
+    }
+    if (c_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (c_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
+    }
+
+    if (c_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_c_out);
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (c_status_req) {
+        SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+        SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+    }
+#endif
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_connect_state(con);
+
+    /* ok, lets connect */
+    if (fileno_stdin() > SSL_get_fd(con))
+        width = fileno_stdin() + 1;
+    else
+        width = SSL_get_fd(con) + 1;
+
+    read_tty = 1;
+    write_tty = 0;
+    tty_on = 0;
+    read_ssl = 1;
+    write_ssl = 1;
+
+    cbuf_len = 0;
+    cbuf_off = 0;
+    sbuf_len = 0;
+    sbuf_off = 0;
+
+    switch ((PROTOCOL_CHOICE) starttls_proto) {
+    case PROTO_OFF:
+        break;
+    case PROTO_SMTP:
+        {
+            /*
+             * This is an ugly hack that does a lot of assumptions. We do
+             * have to handle multi-line responses which may come in a single
+             * packet or not. We therefore have to use BIO_gets() which does
+             * need a buffering BIO. So during the initial chitchat we do
+             * push a buffering BIO into the chain that is removed again
+             * later on to not disturb the rest of the s_client operation.
+             */
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from SMTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            }
+            while (mbuf_len > 3 && mbuf[3] == '-');
+            BIO_printf(fbio, "EHLO %s\r\n", ehlo);
+            (void)BIO_flush(fbio);
+            /* wait for multi-line response to end EHLO SMTP response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            }
+            while (mbuf_len > 3 && mbuf[3] == '-');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "didn't find starttls in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_POP3:
+        {
+            BIO_read(sbio, mbuf, BUFSIZZ);
+            BIO_printf(sbio, "STLS\r\n");
+            mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+        }
+        break;
+    case PROTO_IMAP:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITY... */
+            BIO_printf(fbio, ". CAPABILITY\r\n");
+            (void)BIO_flush(fbio);
+            /* wait for multi-line CAPABILITY response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            }
+            while (mbuf_len > 3 && mbuf[0] != '.');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, ". STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_FTP:
+        {
+            BIO *fbio = BIO_new(BIO_f_buffer());
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from FTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            }
+            while (mbuf_len > 3 && mbuf[3] == '-');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            BIO_printf(sbio, "AUTH TLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_XMPP:
+    case PROTO_XMPP_SERVER:
+        {
+            int seen = 0;
+            BIO_printf(sbio, "<stream:stream "
+                       "xmlns:stream='http://etherx.jabber.org/streams' "
+                       "xmlns='jabber:%s' to='%s' version='1.0'>",
+                       starttls_proto == PROTO_XMPP ? "client" : "server",
+                       xmpphost ? xmpphost : host);
+            seen = BIO_read(sbio, mbuf, BUFSIZZ);
+            mbuf[seen] = 0;
+            while (!strstr
+                   (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
+                   && !strstr(mbuf,
+                              "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+            {
+                seen = BIO_read(sbio, mbuf, BUFSIZZ);
+
+                if (seen <= 0)
+                    goto shut;
+
+                mbuf[seen] = 0;
+            }
+            BIO_printf(sbio,
+                       "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+            seen = BIO_read(sbio, sbuf, BUFSIZZ);
+            sbuf[seen] = 0;
+            if (!strstr(sbuf, "<proceed"))
+                goto shut;
+            mbuf[0] = 0;
+        }
+        break;
+    case PROTO_TELNET:
+        {
+            static const unsigned char tls_do[] = {
+                /* IAC    DO   START_TLS */
+                   255,   253, 46
+            };
+            static const unsigned char tls_will[] = {
+                /* IAC  WILL START_TLS */
+                   255, 251, 46
+            };
+            static const unsigned char tls_follows[] = {
+                /* IAC  SB   START_TLS FOLLOWS IAC  SE */
+                   255, 250, 46,       1,      255, 240
+            };
+            int bytes;
+
+            /* Telnet server should demand we issue START_TLS */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
+                goto shut;
+            /* Agree to issue START_TLS and send the FOLLOWS sub-command */
+            BIO_write(sbio, tls_will, 3);
+            BIO_write(sbio, tls_follows, 6);
+            (void)BIO_flush(sbio);
+            /* Telnet server also sent the FOLLOWS sub-command */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
+                goto shut;
+        }
+        break;
+    case PROTO_CONNECT:
+        {
+            enum {
+                error_proto,     /* Wrong protocol, not even HTTP */
+                error_connect,   /* CONNECT failed */
+                success
+            } foundit = error_connect;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);
+            (void)BIO_flush(fbio);
+            /*
+             * The first line is the HTTP response.  According to RFC 7230,
+             * it's formated exactly like this:
+             *
+             * HTTP/d.d ddd Reason text\r\n
+             */
+            mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            if (mbuf[8] != ' ') {
+                BIO_printf(bio_err,
+                           "%s: HTTP CONNECT failed, incorrect response "
+                           "from proxy\n", prog);
+                foundit = error_proto;
+            } else if (mbuf[9] != '2') {
+                BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog,
+                           &mbuf[9]);
+            } else {
+                foundit = success;
+            }
+            if (foundit != error_proto) {
+                /* Read past all following headers */
+                do {
+                    mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                } while (mbuf_len > 2);
+            }
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (foundit != success) {
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_IRC:
+        {
+            int numeric;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "STARTTLS\r\n");
+            (void)BIO_flush(fbio);
+            width = SSL_get_fd(con) + 1;
+
+            do {
+                numeric = 0;
+
+                FD_ZERO(&readfds);
+                openssl_fdset(SSL_get_fd(con), &readfds);
+                timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
+                timeout.tv_usec = 0;
+                /*
+                 * If the IRCd doesn't respond within
+                 * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
+                 * it doesn't support STARTTLS. Many IRCds
+                 * will not give _any_ sort of response to a
+                 * STARTTLS command when it's not supported.
+                 */
+                if (!BIO_get_buffer_num_lines(fbio)
+                    && !BIO_pending(fbio)
+                    && !BIO_pending(sbio)
+                    && select(width, (void *)&readfds, NULL, NULL,
+                              &timeout) < 1) {
+                    BIO_printf(bio_err,
+                               "Timeout waiting for response (%d seconds).\n",
+                               S_CLIENT_IRC_READ_TIMEOUT);
+                    break;
+                }
+
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
+                    break;
+                /* :example.net 451 STARTTLS :You have not registered */
+                /* :example.net 421 STARTTLS :Unknown command */
+                if ((numeric == 451 || numeric == 421)
+                    && strstr(mbuf, "STARTTLS") != NULL) {
+                    BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                    break;
+                }
+                if (numeric == 691) {
+                    BIO_printf(bio_err, "STARTTLS negotiation failed: ");
+                    ERR_print_errors(bio_err);
+                    break;
+                }
+            } while (numeric != 670);
+
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (numeric != 670) {
+                BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+                ret = 1;
+                goto shut;
+            }
+        }
+    }
+
+    for (;;) {
+        FD_ZERO(&readfds);
+        FD_ZERO(&writefds);
+
+        if ((SSL_version(con) == DTLS1_VERSION) &&
+            DTLSv1_get_timeout(con, &timeout))
+            timeoutp = &timeout;
+        else
+            timeoutp = NULL;
+
+        if (SSL_in_init(con) && !SSL_total_renegotiations(con)) {
+            in_init = 1;
+            tty_on = 0;
+        } else {
+            tty_on = 1;
+            if (in_init) {
+                in_init = 0;
+
+                if (sess_out) {
+                    BIO *stmp = BIO_new_file(sess_out, "w");
+                    if (stmp) {
+                        PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
+                        BIO_free(stmp);
+                    } else
+                        BIO_printf(bio_err, "Error writing session file %s\n",
+                                   sess_out);
+                }
+                if (c_brief) {
+                    BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
+                    print_ssl_summary(con);
+                }
+
+                print_stuff(bio_c_out, con, full_log);
+                if (full_log > 0)
+                    full_log--;
+
+                if (starttls_proto) {
+                    BIO_write(bio_err, mbuf, mbuf_len);
+                    /* We don't need to know any more */
+                    if (!reconnect)
+                        starttls_proto = PROTO_OFF;
+                }
+
+                if (reconnect) {
+                    reconnect--;
+                    BIO_printf(bio_c_out,
+                               "drop connection and then reconnect\n");
+                    do_ssl_shutdown(con);
+                    SSL_set_connect_state(con);
+                    BIO_closesocket(SSL_get_fd(con));
+                    goto re_start;
+                }
+            }
+        }
+
+        ssl_pending = read_ssl && SSL_has_pending(con);
+
+        if (!ssl_pending) {
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (tty_on) {
+                /*
+                 * Note that select() returns when read _would not block_,
+                 * and EOF satisfies that.  To avoid a CPU-hogging loop,
+                 * set the flag so we exit.
+                 */
+                if (read_tty && !at_eof)
+                    openssl_fdset(fileno_stdin(), &readfds);
+#if !defined(OPENSSL_SYS_VMS)
+                if (write_tty)
+                    openssl_fdset(fileno_stdout(), &writefds);
+#endif
+            }
+            if (read_ssl)
+                openssl_fdset(SSL_get_fd(con), &readfds);
+            if (write_ssl)
+                openssl_fdset(SSL_get_fd(con), &writefds);
+#else
+            if (!tty_on || !write_tty) {
+                if (read_ssl)
+                    openssl_fdset(SSL_get_fd(con), &readfds);
+                if (write_ssl)
+                    openssl_fdset(SSL_get_fd(con), &writefds);
+            }
+#endif
+
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under Windows/DOS we make the assumption that we can always
+             * write to the tty: therefore if we need to write to the tty we
+             * just fall through. Otherwise we timeout the select every
+             * second and see if there are any keypresses. Note: this is a
+             * hack, in a proper Windows application we wouldn't do this.
+             */
+            i = 0;
+            if (!write_tty) {
+                if (read_tty) {
+                    tv.tv_sec = 1;
+                    tv.tv_usec = 0;
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, &tv);
+                    if (!i && (!has_stdin_waiting() || !read_tty))
+                        continue;
+                } else
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, timeoutp);
+            }
+#else
+            i = select(width, (void *)&readfds, (void *)&writefds,
+                       NULL, timeoutp);
+#endif
+            if (i < 0) {
+                BIO_printf(bio_err, "bad select %d\n",
+                           get_last_socket_error());
+                goto shut;
+                /* goto end; */
+            }
+        }
+
+        if ((SSL_version(con) == DTLS1_VERSION)
+            && DTLSv1_handle_timeout(con) > 0) {
+            BIO_printf(bio_err, "TIMEOUT occurred\n");
+        }
+
+        if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
+            k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                cbuf_off += k;
+                cbuf_len -= k;
+                if (k <= 0)
+                    goto end;
+                /* we have done a  write(con,NULL,0); */
+                if (cbuf_len <= 0) {
+                    read_tty = 1;
+                    write_ssl = 0;
+                } else {        /* if (cbuf_len > 0) */
+
+                    read_tty = 0;
+                    write_ssl = 1;
+                }
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "write W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "write A BLOCK\n");
+                wait_for_async(con);
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "write R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                write_ssl = 0;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "write X BLOCK\n");
+                break;
+            case SSL_ERROR_ZERO_RETURN:
+                if (cbuf_len != 0) {
+                    BIO_printf(bio_c_out, "shutdown\n");
+                    ret = 0;
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                    break;
+                }
+
+            case SSL_ERROR_SYSCALL:
+                if ((k != 0) || (cbuf_len != 0)) {
+                    BIO_printf(bio_err, "write:errno=%d\n",
+                               get_last_socket_error());
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                }
+                break;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client - treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+            }
+        }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS)
+        /* Assume Windows/DOS/BeOS can always write */
+        else if (!ssl_pending && write_tty)
+#else
+        else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds))
+#endif
+        {
+#ifdef CHARSET_EBCDIC
+            ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len);
+#endif
+            i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
+
+            if (i <= 0) {
+                BIO_printf(bio_c_out, "DONE\n");
+                ret = 0;
+                goto shut;
+                /* goto end; */
+            }
+
+            sbuf_len -= i;;
+            sbuf_off += i;
+            if (sbuf_len <= 0) {
+                read_ssl = 1;
+                write_tty = 0;
+            }
+        } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
+#ifdef RENEG
+            {
+                static int iiii;
+                if (++iiii == 52) {
+                    SSL_renegotiate(con);
+                    iiii = 0;
+                }
+            }
+#endif
+            k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
+
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                if (k <= 0)
+                    goto end;
+                sbuf_off = 0;
+                sbuf_len = k;
+
+                read_ssl = 0;
+                write_tty = 1;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "read A BLOCK\n");
+                wait_for_async(con);
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "read W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "read R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "read X BLOCK\n");
+                break;
+            case SSL_ERROR_SYSCALL:
+                ret = get_last_socket_error();
+                if (c_brief)
+                    BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
+                else
+                    BIO_printf(bio_err, "read:errno=%d\n", ret);
+                goto shut;
+            case SSL_ERROR_ZERO_RETURN:
+                BIO_printf(bio_c_out, "closed\n");
+                ret = 0;
+                goto shut;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client. Treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+                /* break; */
+            }
+        }
+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
+#if defined(OPENSSL_SYS_MSDOS)
+        else if (has_stdin_waiting())
+#else
+        else if (FD_ISSET(fileno_stdin(), &readfds))
+#endif
+        {
+            if (crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(cbuf, BUFSIZZ / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (cbuf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    cbuf[j + lf_num] = cbuf[j];
+                    if (cbuf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        cbuf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else
+                i = raw_read_stdin(cbuf, BUFSIZZ);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (i == 0)
+                at_eof = 1;
+#endif
+
+            if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
+                BIO_printf(bio_err, "DONE\n");
+                ret = 0;
+                goto shut;
+            }
+
+            if ((!c_ign_eof) && (cbuf[0] == 'R' && cmdletters)) {
+                BIO_printf(bio_err, "RENEGOTIATING\n");
+                SSL_renegotiate(con);
+                cbuf_len = 0;
+            }
+#ifndef OPENSSL_NO_HEARTBEATS
+            else if ((!c_ign_eof) && (cbuf[0] == 'B' && cmdletters)) {
+                BIO_printf(bio_err, "HEARTBEATING\n");
+                SSL_heartbeat(con);
+                cbuf_len = 0;
+            }
+#endif
+            else {
+                cbuf_len = i;
+                cbuf_off = 0;
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii(cbuf, cbuf, i);
+#endif
+            }
+
+            write_ssl = 1;
+            read_tty = 0;
+        }
+    }
+
+    ret = 0;
+ shut:
+    if (in_init)
+        print_stuff(bio_c_out, con, full_log);
+    do_ssl_shutdown(con);
+
+    /*
+     * Give the socket time to send its last data before we close it.
+     * No amount of setting SO_LINGER etc on the socket seems to persuade
+     * Windows to send the data before closing the socket...but sleeping
+     * for a short time seems to do it (units in ms)
+     * TODO: Find a better way to do this
+     */
+#if defined(OPENSSL_SYS_WINDOWS)
+    Sleep(50);
+#elif defined(OPENSSL_SYS_CYGWIN)
+    usleep(50000);
+#endif
+
+    /*
+     * If we ended with an alert being sent, but still with data in the
+     * network buffer to be read, then calling BIO_closesocket() will
+     * result in a TCP-RST being sent. On some platforms (notably
+     * Windows) then this will result in the peer immediately abandoning
+     * the connection including any buffered alert data before it has
+     * had a chance to be read. Shutting down the sending side first,
+     * and then closing the socket sends TCP-FIN first followed by
+     * TCP-RST. This seems to allow the peer to read the alert data.
+     */
+    shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
+    BIO_closesocket(SSL_get_fd(con));
+ end:
+    if (con != NULL) {
+        if (prexit != 0)
+            print_stuff(bio_c_out, con, 1);
+        SSL_free(con);
+    }
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(next_proto.data);
+#endif
+    SSL_CTX_free(ctx);
+    X509_free(cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    EVP_PKEY_free(key);
+    sk_X509_pop_free(chain, X509_free);
+    OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(srp_arg.srppassin);
+#endif
+    OPENSSL_free(connectstr);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    sk_OPENSSL_STRING_free(dane_tlsa_rrset);
+    SSL_CONF_CTX_free(cctx);
+    OPENSSL_clear_free(cbuf, BUFSIZZ);
+    OPENSSL_clear_free(sbuf, BUFSIZZ);
+    OPENSSL_clear_free(mbuf, BUFSIZZ);
+    release_engine(e);
+    BIO_free(bio_c_out);
+    bio_c_out = NULL;
+    BIO_free(bio_c_msg);
+    bio_c_msg = NULL;
+    return (ret);
+}
+
+static void print_stuff(BIO *bio, SSL *s, int full)
+{
+    X509 *peer = NULL;
+    char buf[BUFSIZ];
+    STACK_OF(X509) *sk;
+    STACK_OF(X509_NAME) *sk2;
+    const SSL_CIPHER *c;
+    X509_NAME *xn;
+    int i;
+#ifndef OPENSSL_NO_COMP
+    const COMP_METHOD *comp, *expansion;
+#endif
+    unsigned char *exportedkeymat;
+#ifndef OPENSSL_NO_CT
+    const SSL_CTX *ctx = SSL_get_SSL_CTX(s);
+#endif
+
+    if (full) {
+        int got_a_chain = 0;
+
+        sk = SSL_get_peer_cert_chain(s);
+        if (sk != NULL) {
+            got_a_chain = 1;
+
+            BIO_printf(bio, "---\nCertificate chain\n");
+            for (i = 0; i < sk_X509_num(sk); i++) {
+                X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
+                                  buf, sizeof(buf));
+                BIO_printf(bio, "%2d s:%s\n", i, buf);
+                X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
+                                  buf, sizeof(buf));
+                BIO_printf(bio, "   i:%s\n", buf);
+                if (c_showcerts)
+                    PEM_write_bio_X509(bio, sk_X509_value(sk, i));
+            }
+        }
+
+        BIO_printf(bio, "---\n");
+        peer = SSL_get_peer_certificate(s);
+        if (peer != NULL) {
+            BIO_printf(bio, "Server certificate\n");
+
+            /* Redundant if we showed the whole chain */
+            if (!(c_showcerts && got_a_chain))
+                PEM_write_bio_X509(bio, peer);
+            X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
+            BIO_printf(bio, "subject=%s\n", buf);
+            X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
+            BIO_printf(bio, "issuer=%s\n", buf);
+        } else
+            BIO_printf(bio, "no peer certificate available\n");
+
+        sk2 = SSL_get_client_CA_list(s);
+        if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
+            BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
+            for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
+                xn = sk_X509_NAME_value(sk2, i);
+                X509_NAME_oneline(xn, buf, sizeof(buf));
+                BIO_write(bio, buf, strlen(buf));
+                BIO_write(bio, "\n", 1);
+            }
+        } else {
+            BIO_printf(bio, "---\nNo client certificate CA names sent\n");
+        }
+
+        ssl_print_sigalgs(bio, s);
+        ssl_print_tmp_key(bio, s);
+
+#ifndef OPENSSL_NO_CT
+        /*
+         * When the SSL session is anonymous, or resumed via an abbreviated
+         * handshake, no SCTs are provided as part of the handshake.  While in
+         * a resumed session SCTs may be present in the session's certificate,
+         * no callbacks are invoked to revalidate these, and in any case that
+         * set of SCTs may be incomplete.  Thus it makes little sense to
+         * attempt to display SCTs from a resumed session's certificate, and of
+         * course none are associated with an anonymous peer.
+         */
+        if (peer != NULL && !SSL_session_reused(s) && SSL_ct_is_enabled(s)) {
+            const STACK_OF(SCT) *scts = SSL_get0_peer_scts(s);
+            int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+
+            BIO_printf(bio, "---\nSCTs present (%i)\n", sct_count);
+            if (sct_count > 0) {
+                const CTLOG_STORE *log_store = SSL_CTX_get0_ctlog_store(ctx);
+
+                BIO_printf(bio, "---\n");
+                for (i = 0; i < sct_count; ++i) {
+                    SCT *sct = sk_SCT_value(scts, i);
+
+                    BIO_printf(bio, "SCT validation status: %s\n",
+                               SCT_validation_status_string(sct));
+                    SCT_print(sct, bio, 0, log_store);
+                    if (i < sct_count - 1)
+                        BIO_printf(bio, "\n---\n");
+                }
+                BIO_printf(bio, "\n");
+            }
+        }
+#endif
+
+        BIO_printf(bio,
+                   "---\nSSL handshake has read %"BIO_PRI64"u"
+                   " bytes and written %"BIO_PRI64"u bytes\n",
+                   BIO_number_read(SSL_get_rbio(s)),
+                   BIO_number_written(SSL_get_wbio(s)));
+    }
+    print_verify_detail(s, bio);
+    BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, "));
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio, "%s, Cipher is %s\n",
+               SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+    if (peer != NULL) {
+        EVP_PKEY *pktmp;
+
+        pktmp = X509_get0_pubkey(peer);
+        BIO_printf(bio, "Server public key is %d bit\n",
+                   EVP_PKEY_bits(pktmp));
+    }
+    BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+#ifndef OPENSSL_NO_COMP
+    comp = SSL_get_current_compression(s);
+    expansion = SSL_get_current_expansion(s);
+    BIO_printf(bio, "Compression: %s\n",
+               comp ? SSL_COMP_get_name(comp) : "NONE");
+    BIO_printf(bio, "Expansion: %s\n",
+               expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+
+#ifdef SSL_DEBUG
+    {
+        /* Print out local port of connection: useful for debugging */
+        int sock;
+        union BIO_sock_info_u info;
+
+        sock = SSL_get_fd(s);
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
+            BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
+                       ntohs(BIO_ADDR_rawport(info.addr)));
+        }
+        BIO_ADDR_free(info.addr);
+    }
+#endif
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.status != -1) {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
+        BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
+        BIO_write(bio, proto, proto_len);
+        BIO_write(bio, "\n", 1);
+    }
+#endif
+    {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_alpn_selected(s, &proto, &proto_len);
+        if (proto_len > 0) {
+            BIO_printf(bio, "ALPN protocol: ");
+            BIO_write(bio, proto, proto_len);
+            BIO_write(bio, "\n", 1);
+        } else
+            BIO_printf(bio, "No ALPN negotiated\n");
+    }
+
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile =
+            SSL_get_selected_srtp_profile(s);
+
+        if (srtp_profile)
+            BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+
+    SSL_SESSION_print(bio, SSL_get_session(s));
+    if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) {
+        BIO_printf(bio, "Keying material exporter:\n");
+        BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(s, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio, "    Error\n");
+        } else {
+            BIO_printf(bio, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio, "%02X", exportedkeymat[i]);
+            BIO_printf(bio, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+    BIO_printf(bio, "---\n");
+    X509_free(peer);
+    /* flush, or debugging output gets mixed with http response */
+    (void)BIO_flush(bio);
+}
+
+# ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg)
+{
+    const unsigned char *p;
+    int len;
+    OCSP_RESPONSE *rsp;
+    len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+    BIO_puts(arg, "OCSP response: ");
+    if (!p) {
+        BIO_puts(arg, "no response sent\n");
+        return 1;
+    }
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+    if (!rsp) {
+        BIO_puts(arg, "response parse error\n");
+        BIO_dump_indent(arg, (char *)p, len, 4);
+        return 0;
+    }
+    BIO_puts(arg, "\n======================================\n");
+    OCSP_RESPONSE_print(arg, rsp, 0);
+    BIO_puts(arg, "======================================\n");
+    OCSP_RESPONSE_free(rsp);
+    return 1;
+}
+# endif
+
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/apps/s_server.c b/openssl-1.1.0h/apps/s_server.c
new file mode 100644
index 0000000..31c90fd
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_server.c
@@ -0,0 +1,3305 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(_WIN32)
+/* Included before async.h to avoid some warnings */
+# include <windows.h>
+#endif
+
+#include <openssl/e_os2.h>
+#include <openssl/async.h>
+#include <openssl/ssl.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
+static void close_accept_socket(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+static void init_session_cache_ctx(SSL_CTX *sctx);
+static void free_sessions(void);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+#endif
+
+static const int bufsize = 16 * 1024;
+static int accept_socket = -1;
+
+#define TEST_CERT       "server.pem"
+#define TEST_CERT2      "server2.pem"
+
+static int s_nbio = 0;
+static int s_nbio_test = 0;
+static int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
+static SSL_CTX *ctx2 = NULL;
+static int www = 0;
+
+static BIO *bio_s_out = NULL;
+static BIO *bio_s_msg = NULL;
+static int s_debug = 0;
+static int s_tlsextdebug = 0;
+static int s_msg = 0;
+static int s_quiet = 0;
+static int s_ign_eof = 0;
+static int s_brief = 0;
+
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+
+static int async = 0;
+
+static const char *session_id_prefix = NULL;
+
+#ifndef OPENSSL_NO_DTLS
+static int enable_timeouts = 0;
+static long socket_mtu;
+#endif
+
+/*
+ * We define this but make it always be 0 in no-dtls builds to simplify the
+ * code.
+ */
+static int dtlslisten = 0;
+
+#ifndef OPENSSL_NO_PSK
+static const char psk_identity[] = "Client_identity";
+char *psk_key = NULL;           /* by default PSK is not used */
+
+static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    long key_len = 0;
+    unsigned char *key;
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "psk_server_cb\n");
+    if (!identity) {
+        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+                   (int)strlen(identity), identity);
+
+    /* here we could lookup the given identity e.g. from a database */
+    if (strcmp(identity, psk_identity) != 0) {
+        BIO_printf(bio_s_out, "PSK error: client identity not found"
+                   " (got '%s' expected '%s')\n", identity, psk_identity);
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "PSK client identity found\n");
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (key_len > (int)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+    return key_len;
+ out_err:
+    if (s_debug)
+        BIO_printf(bio_err, "Error in PSK server callback\n");
+    (void)BIO_flush(bio_err);
+    (void)BIO_flush(bio_s_out);
+    return 0;
+}
+#endif
+
+#ifndef OPENSSL_NO_SRP
+/* This is a context that we pass to callbacks */
+typedef struct srpsrvparm_st {
+    char *login;
+    SRP_VBASE *vb;
+    SRP_user_pwd *user;
+} srpsrvparm;
+
+/*
+ * This callback pretends to require some asynchronous logic in order to
+ * obtain a verifier. When the callback is called for a new connection we
+ * return with a negative value. This will provoke the accept etc to return
+ * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ * (which would normally occur after a worker has finished) and we set the
+ * user parameters.
+ */
+static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+    srpsrvparm *p = (srpsrvparm *) arg;
+    int ret = SSL3_AL_FATAL;
+
+    if (p->login == NULL && p->user == NULL) {
+        p->login = SSL_get_srp_username(s);
+        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+        return (-1);
+    }
+
+    if (p->user == NULL) {
+        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+        goto err;
+    }
+
+    if (SSL_set_srp_server_param
+        (s, p->user->N, p->user->g, p->user->s, p->user->v,
+         p->user->info) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+    BIO_printf(bio_err,
+               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+               p->login, p->user->info);
+    ret = SSL_ERROR_NONE;
+
+ err:
+    SRP_user_pwd_free(p->user);
+    p->user = NULL;
+    p->login = NULL;
+    return ret;
+}
+
+#endif
+
+static int local_argc = 0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
+static BIO_METHOD *methods_ebcdic = NULL;
+
+/* This struct is "unwarranted chumminess with the compiler." */
+typedef struct {
+    size_t alloced;
+    char buff[1];
+} EBCDIC_OUTBUFF;
+
+static const BIO_METHOD *BIO_f_ebcdic_filter()
+{
+    if (methods_ebcdic == NULL) {
+        methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
+                                      "EBCDIC/ASCII filter");
+        if (methods_ebcdic == NULL
+            || !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
+            || !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
+            || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
+            || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
+            || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
+            || !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
+            || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
+            return NULL;
+    }
+    return methods_ebcdic;
+}
+
+static int ebcdic_new(BIO *bi)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
+    wbuf->alloced = 1024;
+    wbuf->buff[0] = '\0';
+
+    BIO_set_data(bi, wbuf);
+    BIO_set_init(bi, 1);
+    return 1;
+}
+
+static int ebcdic_free(BIO *a)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    if (a == NULL)
+        return 0;
+    wbuf = BIO_get_data(a);
+    OPENSSL_free(wbuf);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO *next = BIO_next(b);
+
+    if (out == NULL || outl == 0)
+        return (0);
+    if (next == NULL)
+        return (0);
+
+    ret = BIO_read(next, out, outl);
+    if (ret > 0)
+        ascii2ebcdic(out, out, ret);
+    return ret;
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+    EBCDIC_OUTBUFF *wbuf;
+    BIO *next = BIO_next(b);
+    int ret = 0;
+    int num;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (next == NULL)
+        return 0;
+
+    wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
+
+    if (inl > (num = wbuf->alloced)) {
+        num = num + num;        /* double the size */
+        if (num < inl)
+            num = inl;
+        OPENSSL_free(wbuf);
+        wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
+
+        wbuf->alloced = num;
+        wbuf->buff[0] = '\0';
+
+        BIO_set_data(b, wbuf);
+    }
+
+    ebcdic2ascii(wbuf->buff, in, inl);
+
+    ret = BIO_write(next, wbuf->buff, inl);
+
+    return (ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+    int i, ret = 0;
+    BIO *next = BIO_next(bp);
+
+    if (next == NULL)
+        return 0;
+/*      return(BIO_gets(bp->next_bio,buf,size));*/
+    for (i = 0; i < size - 1; ++i) {
+        ret = ebcdic_read(bp, &buf[i], 1);
+        if (ret <= 0)
+            break;
+        else if (buf[i] == '\n') {
+            ++i;
+            break;
+        }
+    }
+    if (i < size)
+        buf[i] = '\0';
+    return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+    if (BIO_next(bp) == NULL)
+        return 0;
+    return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    char *servername;
+    BIO *biodebug;
+    int extension_error;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (servername && p->biodebug)
+        BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
+                   servername);
+
+    if (!p->servername)
+        return SSL_TLSEXT_ERR_NOACK;
+
+    if (servername) {
+        if (strcasecmp(servername, p->servername))
+            return p->extension_error;
+        if (ctx2) {
+            BIO_printf(p->biodebug, "Switching server context.\n");
+            SSL_set_SSL_CTX(s, ctx2);
+        }
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+typedef struct tlsextstatusctx_st {
+    /* Default responder to use */
+    char *host, *path, *port;
+    int use_ssl;
+    int timeout;
+    int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 };
+
+#ifndef OPENSSL_NO_OCSP
+/*
+ * Certificate Status callback. This is called when a client includes a
+ * certificate status request extension. This is a simplified version. It
+ * examines certificates each time and makes one OCSP responder query for
+ * each request. A full version would store details such as the OCSP
+ * certificate IDs and minimise the number of OCSP responses by caching them
+ * until they were considered "expired".
+ */
+
+static int cert_status_cb(SSL *s, void *arg)
+{
+    tlsextstatusctx *srctx = arg;
+    char *host = NULL, *port = NULL, *path = NULL;
+    int use_ssl;
+    unsigned char *rspder = NULL;
+    int rspderlen;
+    STACK_OF(OPENSSL_STRING) *aia = NULL;
+    X509 *x = NULL;
+    X509_STORE_CTX *inctx = NULL;
+    X509_OBJECT *obj;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_CERTID *id = NULL;
+    STACK_OF(X509_EXTENSION) *exts;
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int i;
+
+    if (srctx->verbose)
+        BIO_puts(bio_err, "cert_status: callback called\n");
+    /* Build up OCSP query from server certificate */
+    x = SSL_get_certificate(s);
+    aia = X509_get1_ocsp(x);
+    if (aia) {
+        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
+                            &host, &port, &path, &use_ssl)) {
+            BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
+            goto err;
+        }
+        if (srctx->verbose)
+            BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
+                       sk_OPENSSL_STRING_value(aia, 0));
+    } else {
+        if (!srctx->host) {
+            BIO_puts(bio_err,
+                     "cert_status: no AIA and no default responder URL\n");
+            goto done;
+        }
+        host = srctx->host;
+        path = srctx->path;
+        port = srctx->port;
+        use_ssl = srctx->use_ssl;
+    }
+
+    inctx = X509_STORE_CTX_new();
+    if (inctx == NULL)
+        goto err;
+    if (!X509_STORE_CTX_init(inctx,
+                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+                             NULL, NULL))
+        goto err;
+    obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
+                                            X509_get_issuer_name(x));
+    if (obj == NULL) {
+        BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
+        goto done;
+    }
+    id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
+    X509_OBJECT_free(obj);
+    if (!id)
+        goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
+    if (!OCSP_request_add0_id(req, id))
+        goto err;
+    id = NULL;
+    /* Add any extensions to the request */
+    SSL_get_tlsext_status_exts(s, &exts);
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        if (!OCSP_REQUEST_add_ext(req, ext, -1))
+            goto err;
+    }
+    resp = process_responder(req, host, path, port, use_ssl, NULL,
+                             srctx->timeout);
+    if (!resp) {
+        BIO_puts(bio_err, "cert_status: error querying responder\n");
+        goto done;
+    }
+    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+    if (rspderlen <= 0)
+        goto err;
+    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+    if (srctx->verbose) {
+        BIO_puts(bio_err, "cert_status: ocsp response sent:\n");
+        OCSP_RESPONSE_print(bio_err, resp, 2);
+    }
+    ret = SSL_TLSEXT_ERR_OK;
+    goto done;
+
+ err:
+    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ done:
+    if (ret != SSL_TLSEXT_ERR_OK)
+        ERR_print_errors(bio_err);
+    if (aia) {
+        OPENSSL_free(host);
+        OPENSSL_free(path);
+        OPENSSL_free(port);
+        X509_email_free(aia);
+    }
+    OCSP_CERTID_free(id);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(resp);
+    X509_STORE_CTX_free(inctx);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextnextprotoctx;
+
+static int next_proto_cb(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    tlsextnextprotoctx *next_proto = arg;
+
+    *data = next_proto->data;
+    *len = next_proto->len;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+/* This the context that we pass to alpn_cb */
+typedef struct tlsextalpnctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextalpnctx;
+
+static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
+                   const unsigned char *in, unsigned int inlen, void *arg)
+{
+    tlsextalpnctx *alpn_ctx = arg;
+
+    if (!s_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned int i;
+        BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_s_out, ", ", 2);
+            BIO_write(bio_s_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    if (SSL_select_next_proto
+        ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
+         inlen) != OPENSSL_NPN_NEGOTIATED) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    if (!s_quiet) {
+        BIO_printf(bio_s_out, "ALPN protocols selected: ");
+        BIO_write(bio_s_out, *out, *outlen);
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
+{
+    /* disable resumption for sessions with forward secure ciphers */
+    return is_forward_secure;
+}
+
+#ifndef OPENSSL_NO_SRP
+static srpsrvparm srp_callback_parm;
+#endif
+#ifndef OPENSSL_NO_SRTP
+static char *srtp_profiles = NULL;
+#endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
+    OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+    OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
+    OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
+    OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
+    OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
+    OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE,
+    OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
+    OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE,
+    OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF,
+    OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
+    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
+    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
+    OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+    OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
+    OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+    OPT_S_ENUM,
+    OPT_V_ENUM,
+    OPT_X_ENUM
+} OPTION_CHOICE;
+
+OPTIONS s_server_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"port", OPT_PORT, 'p',
+     "TCP/IP port to listen on for connections (default is " PORT ")"},
+    {"accept", OPT_ACCEPT, 's',
+     "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#ifdef AF_UNIX
+    {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+#endif
+    {"context", OPT_CONTEXT, 's', "Set session ID context"},
+    {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
+    {"Verify", OPT_UPPER_V_VERIFY, 'n',
+     "Turn on peer certificate verification, must have a cert"},
+    {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+    {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "PEM serverinfo file for certificate"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"key", OPT_KEY, 's',
+     "Private Key if not in -cert; default is " TEST_CERT},
+    {"keyform", OPT_KEYFORM, 'f',
+     "Key format (PEM, DER or ENGINE) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"dcert", OPT_DCERT, '<',
+     "Second certificate file to use (usually for DSA)"},
+    {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
+    {"dcertform", OPT_DCERTFORM, 'F',
+     "Second certificate format (PEM or DER) PEM default"},
+    {"dkey", OPT_DKEY, '<',
+     "Second private key file to use (usually for DSA)"},
+    {"dkeyform", OPT_DKEYFORM, 'F',
+     "Second key format (PEM, DER or ENGINE) PEM default"},
+    {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"debug", OPT_DEBUG, '-', "Print more output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"state", OPT_STATE, '-', "Print the SSL states"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
+    {"quiet", OPT_QUIET, '-', "No server output"},
+    {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
+     "Disable caching and tickets if ephemeral (EC)DH is used"},
+    {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
+    {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Servername for HostName TLS extension"},
+    {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
+     "mismatch send fatal alert (default warning alert)"},
+    {"cert2", OPT_CERT2, '<',
+     "Certificate file to use for servername; default is" TEST_CERT2},
+    {"key2", OPT_KEY2, '<',
+     "-Private Key file to use for servername if not in -cert2"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+    {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
+    {"id_prefix", OPT_ID_PREFIX, 's',
+     "Generate SSL/TLS session IDs prefixed by arg"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+     "Download CRL from distribution points"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "certificate chain file in PEM format"},
+    {"dcert_chain", OPT_DCERT_CHAIN, '<',
+     "second certificate chain file in PEM format"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "use dir as certificate store path to verify CA certificate"},
+    {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
+    {"ext_cache", OPT_EXT_CACHE, '-',
+     "Disable internal cache, setup and use external cache"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-',
+     "No verify output except verify errors"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+    {"status_verbose", OPT_STATUS_VERBOSE, '-',
+     "Print more output in certificate status callback"},
+    {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
+     "Status request responder timeout"},
+    {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "trace protocol messages"},
+#endif
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Print output from SSL/TLS security framework"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Print more output from SSL/TLS security framework"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"rev", OPT_REV, '-',
+     "act as a simple test server which just sends back with the received text reversed"},
+    {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
+    {"ssl_config", OPT_SSL_CONFIG, 's',
+     "Configure SSL_CTX using the configuration 'val'"},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'n',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'n',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#ifndef OPENSSL_NO_PSK
+    {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+    {"srpuserseed", OPT_SRPUSERSEED, 's',
+     "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
+    {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+    {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+    {"listen", OPT_LISTEN, '-',
+     "Listen for a DTLS ClientHello with a cookie and then connect"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_DH
+    {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {"use_srtp", OPT_SRTP_PROFILES, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+#endif
+    {"alpn", OPT_ALPN, 's',
+     "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL, OPT_EOF, 0, NULL}
+};
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+int s_server_main(int argc, char *argv[])
+{
+    ENGINE *engine = NULL;
+    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    SSL_EXCERT *exc = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *s_cert = NULL, *s_dcert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
+    char *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *crl_file = NULL, *prog;
+#ifdef AF_UNIX
+    int unlink_unix_path = 0;
+#endif
+    do_server_cb server_cb;
+    int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
+#ifndef OPENSSL_NO_DH
+    char *dhfile = NULL;
+    int no_dhe = 0;
+#endif
+    int nocert = 0, ret = 1;
+    int noCApath = 0, noCAfile = 0;
+    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+    int rev = 0, naccept = -1, sdebug = 0;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
+    int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+    char *host = NULL;
+    char *port = BUF_strdup(PORT);
+    unsigned char *context = NULL;
+    OPTION_CHOICE o;
+    EVP_PKEY *s_key2 = NULL;
+    X509 *s_cert2 = NULL;
+    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+    const char *ssl_config = NULL;
+    int read_buf_len = 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+    tlsextnextprotoctx next_proto = { NULL, 0 };
+#endif
+    const char *alpn_in = NULL;
+    tlsextalpnctx alpn_ctx = { NULL, 0 };
+#ifndef OPENSSL_NO_PSK
+    /* by default do not send a PSK identity hint */
+    char *psk_identity_hint = NULL;
+    char *p;
+#endif
+#ifndef OPENSSL_NO_SRP
+    char *srpuserseed = NULL;
+    char *srp_verifier_file = NULL;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int s_server_verify = SSL_VERIFY_NONE;
+    int s_server_session_id_context = 1; /* anything will do */
+    const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL;
+    const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+    char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
+#ifndef OPENSSL_NO_OCSP
+    int s_tlsextstatus = 0;
+#endif
+    int no_resume_ephemeral = 0;
+    unsigned int split_send_fragment = 0, max_pipelines = 0;
+    const char *s_serverinfo_file = NULL;
+
+    /* Init of few remaining global variables */
+    local_argc = argc;
+    local_argv = argv;
+
+    ctx = ctx2 = NULL;
+    s_nbio = s_nbio_test = 0;
+    www = 0;
+    bio_s_out = NULL;
+    s_debug = 0;
+    s_msg = 0;
+    s_quiet = 0;
+    s_brief = 0;
+    async = 0;
+
+    cctx = SSL_CONF_CTX_new();
+    vpm = X509_VERIFY_PARAM_new();
+    if (cctx == NULL || vpm == NULL)
+        goto end;
+    SSL_CONF_CTX_set_flags(cctx,
+                           SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_server_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_server_options);
+            ret = 0;
+            goto end;
+
+        case OPT_4:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                OPENSSL_free(host); host = NULL;
+                OPENSSL_free(port); port = NULL;
+            }
+#endif
+            socket_family = AF_INET;
+            break;
+        case OPT_6:
+            if (1) {
+#ifdef AF_INET6
+#ifdef AF_UNIX
+                if (socket_family == AF_UNIX) {
+                    OPENSSL_free(host); host = NULL;
+                    OPENSSL_free(port); port = NULL;
+                }
+#endif
+                socket_family = AF_INET6;
+            } else {
+#endif
+                BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_PORT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -port argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+        case OPT_ACCEPT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -accept argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            socket_family = AF_UNIX;
+            OPENSSL_free(host); host = BUF_strdup(opt_arg());
+            OPENSSL_free(port); port = NULL;
+            break;
+        case OPT_UNLINK:
+            unlink_unix_path = 1;
+            break;
+#endif
+        case OPT_NACCEPT:
+            naccept = atol(opt_arg());
+            break;
+        case OPT_VERIFY:
+            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_UPPER_V_VERIFY:
+            s_server_verify =
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+                SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err,
+                           "verify depth is %d, must return a certificate\n",
+                           verify_args.depth);
+            break;
+        case OPT_CONTEXT:
+            context = (unsigned char *)opt_arg();
+            break;
+        case OPT_CERT:
+            s_cert_file = opt_arg();
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SERVERINFO:
+            s_serverinfo_file = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            s_key_file = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            s_chain_file = opt_arg();
+            break;
+        case OPT_DHPARAM:
+#ifndef OPENSSL_NO_DH
+            dhfile = opt_arg();
+#endif
+            break;
+        case OPT_DCERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format))
+                goto opthelp;
+            break;
+        case OPT_DCERT:
+            s_dcert_file = opt_arg();
+            break;
+        case OPT_DKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format))
+                goto opthelp;
+            break;
+        case OPT_DPASS:
+            dpassarg = opt_arg();
+            break;
+        case OPT_DKEY:
+            s_dkey_file = opt_arg();
+            break;
+        case OPT_DCERT_CHAIN:
+            s_dchain_file = opt_arg();
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_NO_CACHE:
+            no_cache = 1;
+            break;
+        case OPT_EXT_CACHE:
+            ext_cache = 1;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_S_CASES:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_NBIO:
+            s_nbio = 1;
+            break;
+        case OPT_NBIO_TEST:
+            s_nbio = s_nbio_test = 1;
+            break;
+        case OPT_IGN_EOF:
+            s_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            s_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            s_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            s_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+#endif
+            break;
+        case OPT_STATUS_VERBOSE:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = tlscstatp.verbose = 1;
+#endif
+            break;
+        case OPT_STATUS_TIMEOUT:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            tlscstatp.timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_STATUS_URL:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            if (!OCSP_parse_url(opt_arg(),
+                                &tlscstatp.host,
+                                &tlscstatp.port,
+                                &tlscstatp.path, &tlscstatp.use_ssl)) {
+                BIO_printf(bio_err, "Error parsing URL\n");
+                goto end;
+            }
+#endif
+            break;
+        case OPT_MSG:
+            s_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_s_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            s_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+        case OPT_CRLF:
+            s_crlf = 1;
+            break;
+        case OPT_QUIET:
+            s_quiet = 1;
+            break;
+        case OPT_BRIEF:
+            s_quiet = s_brief = verify_args.quiet = 1;
+            break;
+        case OPT_NO_DHE:
+#ifndef OPENSSL_NO_DH
+            no_dhe = 1;
+#endif
+            break;
+        case OPT_NO_RESUME_EPHEMERAL:
+            no_resume_ephemeral = 1;
+            break;
+        case OPT_PSK_HINT:
+#ifndef OPENSSL_NO_PSK
+            psk_identity_hint = opt_arg();
+#endif
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                goto end;
+            }
+#endif
+            break;
+        case OPT_SRPVFILE:
+#ifndef OPENSSL_NO_SRP
+            srp_verifier_file = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_SRPUSERSEED:
+#ifndef OPENSSL_NO_SRP
+            srpuserseed = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_WWW:
+            www = 1;
+            break;
+        case OPT_UPPER_WWW:
+            www = 2;
+            break;
+        case OPT_HTTP:
+            www = 3;
+            break;
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_LISTEN:
+#ifndef OPENSSL_NO_DTLS
+            dtlslisten = 1;
+#endif
+            break;
+        case OPT_ID_PREFIX:
+            session_id_prefix = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            break;
+        case OPT_SERVERNAME:
+            tlsextcbp.servername = opt_arg();
+            break;
+        case OPT_SERVERNAME_FATAL:
+            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+            break;
+        case OPT_CERT2:
+            s_cert_file2 = opt_arg();
+            break;
+        case OPT_KEY2:
+            s_key_file2 = opt_arg();
+            break;
+        case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SRTP_PROFILES:
+#ifndef OPENSSL_NO_SRTP
+            srtp_profiles = opt_arg();
+#endif
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            if (split_send_fragment == 0) {
+                /*
+                 * Not allowed - set to a deliberately bad value so we get an
+                 * error message below
+                 */
+                split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH + 1;
+            }
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+#ifndef OPENSSL_NO_DTLS
+    if (www && socket_type == SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
+        goto end;
+    }
+
+    if (dtlslisten && socket_type != SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can only use -listen with DTLS\n");
+        goto end;
+    }
+#endif
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+
+    if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
+        BIO_printf(bio_err, "Bad split send fragment size\n");
+        goto end;
+    }
+
+    if (max_pipelines > SSL_MAX_PIPELINES) {
+        BIO_printf(bio_err, "Bad max pipelines value\n");
+        goto end;
+    }
+
+    if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (s_key_file == NULL)
+        s_key_file = s_cert_file;
+
+    if (s_key_file2 == NULL)
+        s_key_file2 = s_cert_file2;
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (nocert == 0) {
+        s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
+                         "server certificate private key file");
+        if (!s_key) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_cert = load_cert(s_cert_file, s_cert_format,
+                           "server certificate file");
+
+        if (!s_cert) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_chain_file) {
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
+                            "server certificate chain"))
+                goto end;
+        }
+
+        if (tlsextcbp.servername) {
+            s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
+                              "second server certificate private key file");
+            if (!s_key2) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            s_cert2 = load_cert(s_cert_file2, s_cert_format,
+                                "second server certificate file");
+
+            if (!s_cert2) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto_neg_in) {
+        next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL)
+            goto end;
+    }
+#endif
+    alpn_ctx.data = NULL;
+    if (alpn_in) {
+        alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in);
+        if (alpn_ctx.data == NULL)
+            goto end;
+    }
+
+    if (crl_file) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (!crl) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (!crls || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (s_dcert_file) {
+
+        if (s_dkey_file == NULL)
+            s_dkey_file = s_dcert_file;
+
+        s_dkey = load_key(s_dkey_file, s_dkey_format,
+                          0, dpass, engine, "second certificate private key file");
+        if (!s_dkey) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_dcert = load_cert(s_dcert_file, s_dcert_format,
+                            "second server certificate file");
+
+        if (!s_dcert) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_dchain_file) {
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
+                            "second server certificate chain"))
+                goto end;
+        }
+
+    }
+
+    if (!app_RAND_load_file(NULL, 1) && inrand == NULL
+        && !RAND_status()) {
+        BIO_printf(bio_err,
+                   "warning, not much extra random data, consider using the -rand option\n");
+    }
+    if (inrand != NULL)
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                   app_RAND_load_files(inrand));
+
+    if (bio_s_out == NULL) {
+        if (s_quiet && !s_debug) {
+            bio_s_out = BIO_new(BIO_s_null());
+            if (s_msg && !bio_s_msg)
+                bio_s_msg = dup_bio_out(FORMAT_TEXT);
+        } else {
+            if (bio_s_out == NULL)
+                bio_s_out = dup_bio_out(FORMAT_TEXT);
+        }
+    }
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+    if (nocert)
+#endif
+    {
+        s_cert_file = NULL;
+        s_key_file = NULL;
+        s_dcert_file = NULL;
+        s_dkey_file = NULL;
+        s_cert_file2 = NULL;
+        s_key_file2 = NULL;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (session_id_prefix) {
+        if (strlen(session_id_prefix) >= 32)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long, only one new session will be possible\n");
+        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+            BIO_printf(bio_err, "error setting 'id_prefix'\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+    }
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (exc)
+        ssl_ctx_set_excert(ctx, exc);
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+    if (no_cache)
+        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+    else if (ext_cache)
+        init_session_cache_ctx(ctx);
+    else
+        SSL_CTX_sess_set_cache_size(ctx, 128);
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+    if (split_send_fragment > 0) {
+        SSL_CTX_set_split_send_fragment(ctx, split_send_fragment);
+    }
+    if (max_pipelines > 0) {
+        SSL_CTX_set_max_pipelines(ctx, max_pipelines);
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, 0);
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (s_cert2) {
+        ctx2 = SSL_CTX_new(meth);
+        if (ctx2 == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (ctx2) {
+        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+        if (sdebug)
+            ssl_ctx_security_debug(ctx, sdebug);
+
+        if (session_id_prefix) {
+            if (strlen(session_id_prefix) >= 32)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long, only one new session will be possible\n");
+            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+                BIO_printf(bio_err, "error setting 'id_prefix'\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+        }
+        SSL_CTX_set_quiet_shutdown(ctx2, 1);
+        if (exc)
+            ssl_ctx_set_excert(ctx2, exc);
+
+        if (state)
+            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
+
+        if (no_cache)
+            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
+        else if (ext_cache)
+            init_session_cache_ctx(ctx2);
+        else
+            SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+        if (async)
+            SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
+
+        if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+                                      noCApath)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
+            BIO_printf(bio_err, "Error setting verify params\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        ssl_ctx_add_crls(ctx2, crls, 0);
+        if (!config_ctx(cctx, ssl_args, ctx2))
+            goto end;
+    }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (next_proto.data)
+        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
+                                              &next_proto);
+#endif
+    if (alpn_ctx.data)
+        SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
+
+#ifndef OPENSSL_NO_DH
+    if (!no_dhe) {
+        DH *dh = NULL;
+
+        if (dhfile)
+            dh = load_dh_param(dhfile);
+        else if (s_cert_file)
+            dh = load_dh_param(s_cert_file);
+
+        if (dh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+        }
+        (void)BIO_flush(bio_s_out);
+
+        if (dh == NULL)
+            SSL_CTX_set_dh_auto(ctx, 1);
+        else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
+            BIO_puts(bio_err, "Error setting temp DH parameters\n");
+            ERR_print_errors(bio_err);
+            DH_free(dh);
+            goto end;
+        }
+
+        if (ctx2) {
+            if (!dhfile) {
+                DH *dh2 = load_dh_param(s_cert_file2);
+                if (dh2 != NULL) {
+                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+                    (void)BIO_flush(bio_s_out);
+
+                    DH_free(dh);
+                    dh = dh2;
+                }
+            }
+            if (dh == NULL)
+                SSL_CTX_set_dh_auto(ctx2, 1);
+            else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
+                BIO_puts(bio_err, "Error setting temp DH parameters\n");
+                ERR_print_errors(bio_err);
+                DH_free(dh);
+                goto end;
+            }
+        }
+        DH_free(dh);
+    }
+#endif
+
+    if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
+        goto end;
+
+    if (s_serverinfo_file != NULL
+        && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
+        goto end;
+
+    if (s_dcert != NULL) {
+        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
+            goto end;
+    }
+
+    if (no_resume_ephemeral) {
+        SSL_CTX_set_not_resumable_session_callback(ctx,
+                                                   not_resumable_sess_cb);
+
+        if (ctx2)
+            SSL_CTX_set_not_resumable_session_callback(ctx2,
+                                                       not_resumable_sess_cb);
+    }
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (s_debug)
+            BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
+    }
+
+    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#endif
+
+    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+    if (!SSL_CTX_set_session_id_context(ctx,
+                                        (void *)&s_server_session_id_context,
+                                        sizeof(s_server_session_id_context))) {
+        BIO_printf(bio_err, "error setting session id context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /* Set DTLS cookie generation and verification callbacks */
+    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+    if (ctx2) {
+        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+        if (!SSL_CTX_set_session_id_context(ctx2,
+                    (void *)&s_server_session_id_context,
+                    sizeof(s_server_session_id_context))) {
+            BIO_printf(bio_err, "error setting session id context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        tlsextcbp.biodebug = bio_s_out;
+        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (srp_verifier_file != NULL) {
+        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
+        srp_callback_parm.user = NULL;
+        srp_callback_parm.login = NULL;
+        if ((ret =
+             SRP_VBASE_init(srp_callback_parm.vb,
+                            srp_verifier_file)) != SRP_NO_ERROR) {
+            BIO_printf(bio_err,
+                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+                       srp_verifier_file, ret);
+            goto end;
+        }
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
+        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+    } else
+#endif
+    if (CAfile != NULL) {
+        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
+        if (ctx2)
+            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (s_tlsextstatus) {
+        SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+        if (ctx2) {
+            SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb);
+            SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp);
+        }
+    }
+#endif
+
+    BIO_printf(bio_s_out, "ACCEPT\n");
+    (void)BIO_flush(bio_s_out);
+    if (rev)
+        server_cb = rev_body;
+    else if (www)
+        server_cb = www_body;
+    else
+        server_cb = sv_body;
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX
+        && unlink_unix_path)
+        unlink(host);
+#endif
+    do_server(&accept_socket, host, port, socket_family, socket_type,
+              server_cb, context, naccept);
+    print_stats(bio_s_out, ctx);
+    ret = 0;
+ end:
+    SSL_CTX_free(ctx);
+    X509_free(s_cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_free(s_dcert);
+    EVP_PKEY_free(s_key);
+    EVP_PKEY_free(s_dkey);
+    sk_X509_pop_free(s_chain, X509_free);
+    sk_X509_pop_free(s_dchain, X509_free);
+    OPENSSL_free(pass);
+    OPENSSL_free(dpass);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    free_sessions();
+    OPENSSL_free(tlscstatp.host);
+    OPENSSL_free(tlscstatp.port);
+    OPENSSL_free(tlscstatp.path);
+    SSL_CTX_free(ctx2);
+    X509_free(s_cert2);
+    EVP_PKEY_free(s_key2);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    OPENSSL_free(next_proto.data);
+#endif
+    OPENSSL_free(alpn_ctx.data);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    SSL_CONF_CTX_free(cctx);
+    release_engine(engine);
+    BIO_free(bio_s_out);
+    bio_s_out = NULL;
+    BIO_free(bio_s_msg);
+    bio_s_msg = NULL;
+#ifdef CHARSET_EBCDIC
+    BIO_meth_free(methods_ebcdic);
+#endif
+    return (ret);
+}
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+{
+    BIO_printf(bio, "%4ld items in the session cache\n",
+               SSL_CTX_sess_number(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+               SSL_CTX_sess_connect(ssl_ctx));
+    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects that finished\n",
+               SSL_CTX_sess_connect_good(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+               SSL_CTX_sess_accept(ssl_ctx));
+    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts that finished\n",
+               SSL_CTX_sess_accept_good(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache misses\n",
+               SSL_CTX_sess_misses(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache timeouts\n",
+               SSL_CTX_sess_timeouts(ssl_ctx));
+    BIO_printf(bio, "%4ld callback cache hits\n",
+               SSL_CTX_sess_cb_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+               SSL_CTX_sess_cache_full(ssl_ctx),
+               SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static int sv_body(int s, int stype, unsigned char *context)
+{
+    char *buf = NULL;
+    fd_set readfds;
+    int ret = 1, width;
+    int k, i;
+    unsigned long l;
+    SSL *con = NULL;
+    BIO *sbio;
+    struct timeval timeout;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+    struct timeval tv;
+#else
+    struct timeval *timeoutp;
+#endif
+
+    buf = app_malloc(bufsize, "server buffer");
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    if (con == NULL) {
+        con = SSL_new(ctx);
+
+        if (s_tlsextdebug) {
+            SSL_set_tlsext_debug_callback(con, tlsext_cb);
+            SSL_set_tlsext_debug_arg(con, bio_s_out);
+        }
+
+        if (context
+            && !SSL_set_session_id_context(con,
+                                           context, strlen((char *)context))) {
+            BIO_printf(bio_err, "Error setting session id context\n");
+            ret = -1;
+            goto err;
+        }
+    }
+    if (!SSL_clear(con)) {
+        BIO_printf(bio_err, "Error clearing SSL connection\n");
+        ret = -1;
+        goto err;
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (stype == SOCK_DGRAM) {
+
+        sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+        } else
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+        /* turn on cookie exchange */
+        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+    } else
+#endif
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+    /* SSL_set_fd(con,s); */
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (fileno_stdin() > s)
+        width = fileno_stdin() + 1;
+    else
+        width = s + 1;
+    for (;;) {
+        int read_from_terminal;
+        int read_from_sslcon;
+
+        read_from_terminal = 0;
+        read_from_sslcon = SSL_has_pending(con)
+                           || (async && SSL_waiting_for_async(con));
+
+        if (!read_from_sslcon) {
+            FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            openssl_fdset(fileno_stdin(), &readfds);
+#endif
+            openssl_fdset(s, &readfds);
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under DOS (non-djgpp) and Windows we can't select on stdin:
+             * only on sockets. As a workaround we timeout the select every
+             * second and check for any keypress. In a proper Windows
+             * application we wouldn't do this because it is inefficient.
+             */
+            tv.tv_sec = 1;
+            tv.tv_usec = 0;
+            i = select(width, (void *)&readfds, NULL, NULL, &tv);
+            if (has_stdin_waiting())
+                read_from_terminal = 1;
+            if ((i < 0) || (!i && !read_from_terminal))
+                continue;
+#else
+            if ((SSL_version(con) == DTLS1_VERSION) &&
+                DTLSv1_get_timeout(con, &timeout))
+                timeoutp = &timeout;
+            else
+                timeoutp = NULL;
+
+            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
+
+            if ((SSL_version(con) == DTLS1_VERSION)
+                && DTLSv1_handle_timeout(con) > 0) {
+                BIO_printf(bio_err, "TIMEOUT occurred\n");
+            }
+
+            if (i <= 0)
+                continue;
+            if (FD_ISSET(fileno_stdin(), &readfds))
+                read_from_terminal = 1;
+#endif
+            if (FD_ISSET(s, &readfds))
+                read_from_sslcon = 1;
+        }
+        if (read_from_terminal) {
+            if (s_crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(buf, bufsize / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (buf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    buf[j + lf_num] = buf[j];
+                    if (buf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        buf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else
+                i = raw_read_stdin(buf, bufsize);
+
+            if (!s_quiet && !s_brief) {
+                if ((i <= 0) || (buf[0] == 'Q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    BIO_closesocket(s);
+                    close_accept_socket();
+                    ret = -11;
+                    goto err;
+                }
+                if ((i <= 0) || (buf[0] == 'q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_version(con) != DTLS1_VERSION)
+                        BIO_closesocket(s);
+                    /*
+                     * close_accept_socket(); ret= -11;
+                     */
+                    goto err;
+                }
+#ifndef OPENSSL_NO_HEARTBEATS
+                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    BIO_printf(bio_err, "HEARTBEATING\n");
+                    SSL_heartbeat(con);
+                    i = 0;
+                    continue;
+                }
+#endif
+                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                    /*
+                     * strcpy(buf,"server side RE-NEGOTIATE\n");
+                     */
+                }
+                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                    /*
+                     * strcpy(buf,"server side RE-NEGOTIATE asking for client
+                     * cert\n");
+                     */
+                }
+                if (buf[0] == 'P') {
+                    static const char *str = "Lets print some clear text\n";
+                    BIO_write(SSL_get_wbio(con), str, strlen(str));
+                }
+                if (buf[0] == 'S') {
+                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+                }
+            }
+#ifdef CHARSET_EBCDIC
+            ebcdic2ascii(buf, buf, i);
+#endif
+            l = k = 0;
+            for (;;) {
+                /* should do a select for the write */
+#ifdef RENEG
+                static count = 0;
+                if (++count == 100) {
+                    count = 0;
+                    SSL_renegotiate(con);
+                }
+#endif
+                k = SSL_write(con, &(buf[l]), (unsigned int)i);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
+                }
+#endif
+                switch (SSL_get_error(con, k)) {
+                case SSL_ERROR_NONE:
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                case SSL_ERROR_WANT_X509_LOOKUP:
+                    BIO_printf(bio_s_out, "Write BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                    /* break; */
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+                if (k > 0) {
+                    l += k;
+                    i -= k;
+                }
+                if (i <= 0)
+                    break;
+            }
+        }
+        if (read_from_sslcon) {
+            /*
+             * init_ssl_connection handles all async events itself so if we're
+             * waiting for async then we shouldn't go back into
+             * init_ssl_connection
+             */
+            if ((!async || !SSL_waiting_for_async(con))
+                    && !SSL_is_init_finished(con)) {
+                i = init_ssl_connection(con);
+
+                if (i < 0) {
+                    ret = 0;
+                    goto err;
+                } else if (i == 0) {
+                    ret = 1;
+                    goto err;
+                }
+            } else {
+ again:
+                i = SSL_read(con, (char *)buf, bufsize);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    i = SSL_read(con, (char *)buf, bufsize);
+                }
+#endif
+                switch (SSL_get_error(con, i)) {
+                case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+                    ascii2ebcdic(buf, buf, i);
+#endif
+                    raw_write_stdout(buf, (unsigned int)i);
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_has_pending(con))
+                        goto again;
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                    BIO_printf(bio_s_out, "Read BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+            }
+        }
+    }
+ err:
+    if (con != NULL) {
+        BIO_printf(bio_s_out, "shutting down SSL\n");
+        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        SSL_free(con);
+    }
+    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+    OPENSSL_clear_free(buf, bufsize);
+    if (ret >= 0)
+        BIO_printf(bio_s_out, "ACCEPT\n");
+    (void)BIO_flush(bio_s_out);
+    return (ret);
+}
+
+static void close_accept_socket(void)
+{
+    BIO_printf(bio_err, "shutdown accept socket\n");
+    if (accept_socket >= 0) {
+        BIO_closesocket(accept_socket);
+    }
+}
+
+static int init_ssl_connection(SSL *con)
+{
+    int i;
+    const char *str;
+    X509 *peer;
+    long verify_err;
+    char buf[BUFSIZ];
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    const unsigned char *next_proto_neg;
+    unsigned next_proto_neg_len;
+#endif
+    unsigned char *exportedkeymat;
+    int retry = 0;
+
+#ifndef OPENSSL_NO_DTLS
+    if (dtlslisten) {
+        BIO_ADDR *client = NULL;
+
+        if ((client = BIO_ADDR_new()) == NULL) {
+            BIO_printf(bio_err, "ERROR - memory\n");
+            return 0;
+        }
+        i = DTLSv1_listen(con, client);
+        if (i > 0) {
+            BIO *wbio;
+            int fd = -1;
+
+            wbio = SSL_get_wbio(con);
+            if (wbio) {
+                BIO_get_fd(wbio, &fd);
+            }
+
+            if (!wbio || BIO_connect(fd, client, 0) == 0) {
+                BIO_printf(bio_err, "ERROR - unable to connect\n");
+                BIO_ADDR_free(client);
+                return 0;
+            }
+            BIO_ADDR_free(client);
+            dtlslisten = 0;
+            i = SSL_accept(con);
+        } else {
+            BIO_ADDR_free(client);
+        }
+    } else
+#endif
+
+    do {
+        i = SSL_accept(con);
+
+        if (i <= 0)
+            retry = BIO_sock_should_retry(i);
+#ifdef CERT_CB_TEST_RETRY
+        {
+            while (i <= 0
+                    && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+                    && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
+                BIO_printf(bio_err,
+                           "LOOKUP from certificate callback during accept\n");
+                i = SSL_accept(con);
+                if (i <= 0)
+                    retry = BIO_sock_should_retry(i);
+            }
+        }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+        while (i <= 0
+               && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+            BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                       srp_callback_parm.login);
+            SRP_user_pwd_free(srp_callback_parm.user);
+            srp_callback_parm.user =
+                SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                       srp_callback_parm.login);
+            if (srp_callback_parm.user)
+                BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                           srp_callback_parm.user->info);
+            else
+                BIO_printf(bio_s_out, "LOOKUP not successful\n");
+            i = SSL_accept(con);
+            if (i <= 0)
+                retry = BIO_sock_should_retry(i);
+        }
+#endif
+    } while (i < 0 && SSL_waiting_for_async(con));
+
+    if (i <= 0) {
+        if ((dtlslisten && i == 0)
+                || (!dtlslisten && retry)) {
+            BIO_printf(bio_s_out, "DELAY\n");
+            return (1);
+        }
+
+        BIO_printf(bio_err, "ERROR\n");
+
+        verify_err = SSL_get_verify_result(con);
+        if (verify_err != X509_V_OK) {
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_err));
+        }
+        /* Always print any error messages */
+        ERR_print_errors(bio_err);
+        return (0);
+    }
+
+    if (s_brief)
+        print_ssl_summary(con);
+
+    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+    peer = SSL_get_peer_certificate(con);
+    if (peer != NULL) {
+        BIO_printf(bio_s_out, "Client certificate\n");
+        PEM_write_bio_X509(bio_s_out, peer);
+        X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
+        BIO_printf(bio_s_out, "subject=%s\n", buf);
+        X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
+        BIO_printf(bio_s_out, "issuer=%s\n", buf);
+        X509_free(peer);
+        peer = NULL;
+    }
+
+    if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
+        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+    ssl_print_sigalgs(bio_s_out, con);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_s_out, con);
+    ssl_print_curves(bio_s_out, con, 0);
+#endif
+    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
+    if (next_proto_neg) {
+        BIO_printf(bio_s_out, "NEXTPROTO is ");
+        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
+        BIO_printf(bio_s_out, "\n");
+    }
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile
+            = SSL_get_selected_srtp_profile(con);
+
+        if (srtp_profile)
+            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+    if (SSL_session_reused(con))
+        BIO_printf(bio_s_out, "Reused session-id\n");
+    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+    if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
+        BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
+
+    if (keymatexportlabel != NULL) {
+        BIO_printf(bio_s_out, "Keying material exporter:\n");
+        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(con, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio_s_out, "    Error\n");
+        } else {
+            BIO_printf(bio_s_out, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+            BIO_printf(bio_s_out, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+
+    (void)BIO_flush(bio_s_out);
+    return (1);
+}
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+{
+    DH *ret = NULL;
+    BIO *bio;
+
+    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
+        goto err;
+    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ err:
+    BIO_free(bio);
+    return (ret);
+}
+#endif
+
+static int www_body(int s, int stype, unsigned char *context)
+{
+    char *buf = NULL;
+    int ret = 1;
+    int i, j, k, dot;
+    SSL *con;
+    const SSL_CIPHER *c;
+    BIO *io, *ssl_bio, *sbio;
+#ifdef RENEG
+    int total_bytes = 0;
+#endif
+    int width;
+    fd_set readfds;
+
+    /* Set width for a select call if needed */
+    width = s + 1;
+
+    buf = app_malloc(bufsize, "server www buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (context
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context)))
+        goto err;
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* SSL_set_fd(con,s); */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            goto end;
+        }
+
+        /* else we have data */
+        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+            char *p;
+            X509 *peer = NULL;
+            STACK_OF(SSL_CIPHER) *sk;
+            static const char *space = "                          ";
+
+            if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
+                if (strncmp("GET /renegcert", buf, 14) == 0)
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                i = SSL_renegotiate(con);
+                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
+                /* Send the HelloRequest */
+                i = SSL_do_handshake(con);
+                if (i <= 0) {
+                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
+                               SSL_get_error(con, i));
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /* Wait for a ClientHello to come back */
+                FD_ZERO(&readfds);
+                openssl_fdset(s, &readfds);
+                i = select(width, (void *)&readfds, NULL, NULL, NULL);
+                if (i <= 0 || !FD_ISSET(s, &readfds)) {
+                    BIO_printf(bio_s_out,
+                               "Error waiting for client response\n");
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /*
+                 * We're not actually expecting any data here and we ignore
+                 * any that is sent. This is just to force the handshake that
+                 * we're expecting to come from the client. If they haven't
+                 * sent one there's not much we can do.
+                 */
+                BIO_gets(io, buf, bufsize - 1);
+            }
+
+            BIO_puts(io,
+                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+            BIO_puts(io, "<pre>\n");
+            /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
+            BIO_puts(io, "\n");
+            for (i = 0; i < local_argc; i++) {
+                const char *myp;
+                for (myp = local_argv[i]; *myp; myp++)
+                    switch (*myp) {
+                    case '<':
+                        BIO_puts(io, "&lt;");
+                        break;
+                    case '>':
+                        BIO_puts(io, "&gt;");
+                        break;
+                    case '&':
+                        BIO_puts(io, "&amp;");
+                        break;
+                    default:
+                        BIO_write(io, myp, 1);
+                        break;
+                    }
+                BIO_write(io, " ", 1);
+            }
+            BIO_puts(io, "\n");
+
+            BIO_printf(io,
+                       "Secure Renegotiation IS%s supported\n",
+                       SSL_get_secure_renegotiation_support(con) ?
+                       "" : " NOT");
+
+            /*
+             * The following is evil and should not really be done
+             */
+            BIO_printf(io, "Ciphers supported in s_server binary\n");
+            sk = SSL_get_ciphers(con);
+            j = sk_SSL_CIPHER_num(sk);
+            for (i = 0; i < j; i++) {
+                c = sk_SSL_CIPHER_value(sk, i);
+                BIO_printf(io, "%-11s:%-25s ",
+                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                if ((((i + 1) % 2) == 0) && (i + 1 != j))
+                    BIO_puts(io, "\n");
+            }
+            BIO_puts(io, "\n");
+            p = SSL_get_shared_ciphers(con, buf, bufsize);
+            if (p != NULL) {
+                BIO_printf(io,
+                           "---\nCiphers common between both SSL end points:\n");
+                j = i = 0;
+                while (*p) {
+                    if (*p == ':') {
+                        BIO_write(io, space, 26 - j);
+                        i++;
+                        j = 0;
+                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+                    } else {
+                        BIO_write(io, p, 1);
+                        j++;
+                    }
+                    p++;
+                }
+                BIO_puts(io, "\n");
+            }
+            ssl_print_sigalgs(io, con);
+#ifndef OPENSSL_NO_EC
+            ssl_print_curves(io, con, 0);
+#endif
+            BIO_printf(io, (SSL_session_reused(con)
+                            ? "---\nReused, " : "---\nNew, "));
+            c = SSL_get_current_cipher(con);
+            BIO_printf(io, "%s, Cipher is %s\n",
+                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+            SSL_SESSION_print(io, SSL_get_session(con));
+            BIO_printf(io, "---\n");
+            print_stats(io, SSL_get_SSL_CTX(con));
+            BIO_printf(io, "---\n");
+            peer = SSL_get_peer_certificate(con);
+            if (peer != NULL) {
+                BIO_printf(io, "Client certificate\n");
+                X509_print(io, peer);
+                PEM_write_bio_X509(io, peer);
+                X509_free(peer);
+                peer = NULL;
+            } else {
+                BIO_puts(io, "no client certificate available\n");
+            }
+            BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
+            break;
+        } else if ((www == 2 || www == 3)
+                   && (strncmp("GET /", buf, 5) == 0)) {
+            BIO *file;
+            char *p, *e;
+            static const char *text =
+                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+            /* skip the '/' */
+            p = &(buf[5]);
+
+            dot = 1;
+            for (e = p; *e != '\0'; e++) {
+                if (e[0] == ' ')
+                    break;
+
+                switch (dot) {
+                case 1:
+                    dot = (e[0] == '.') ? 2 : 0;
+                    break;
+                case 2:
+                    dot = (e[0] == '.') ? 3 : 0;
+                    break;
+                case 3:
+                    dot = (e[0] == '/') ? -1 : 0;
+                    break;
+                }
+                if (dot == 0)
+                    dot = (e[0] == '/') ? 1 : 0;
+            }
+            dot = (dot == 3) || (dot == -1); /* filename contains ".."
+                                              * component */
+
+            if (*e == '\0') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
+                break;
+            }
+            *e = '\0';
+
+            if (dot) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                break;
+            }
+
+            if (*p == '/') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid path\r\n", p);
+                break;
+            }
+
+            /* if a directory, do the index thang */
+            if (app_isdir(p) > 0) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is a directory\r\n", p);
+                break;
+            }
+
+            if ((file = BIO_new_file(p, "r")) == NULL) {
+                BIO_puts(io, text);
+                BIO_printf(io, "Error opening '%s'\r\n", p);
+                ERR_print_errors(io);
+                break;
+            }
+
+            if (!s_quiet)
+                BIO_printf(bio_err, "FILE:%s\n", p);
+
+            if (www == 2) {
+                i = strlen(p);
+                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                else
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+            }
+            /* send the file */
+            for (;;) {
+                i = BIO_read(file, buf, bufsize);
+                if (i <= 0)
+                    break;
+
+#ifdef RENEG
+                total_bytes += i;
+                BIO_printf(bio_err, "%d\n", i);
+                if (total_bytes > 3 * 1024) {
+                    total_bytes = 0;
+                    BIO_printf(bio_err, "RENEGOTIATE\n");
+                    SSL_renegotiate(con);
+                }
+#endif
+
+                for (j = 0; j < i;) {
+#ifdef RENEG
+                    static count = 0;
+                    if (++count == 13) {
+                        SSL_renegotiate(con);
+                    }
+#endif
+                    k = BIO_write(io, &(buf[j]), i - j);
+                    if (k <= 0) {
+                        if (!BIO_should_retry(io)
+                            && !SSL_waiting_for_async(con))
+                            goto write_error;
+                        else {
+                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
+                        }
+                    } else {
+                        j += k;
+                    }
+                }
+            }
+ write_error:
+            BIO_free(file);
+            break;
+        }
+    }
+
+    for (;;) {
+        i = (int)BIO_flush(io);
+        if (i <= 0) {
+            if (!BIO_should_retry(io))
+                break;
+        } else
+            break;
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+    if (ret >= 0)
+        BIO_printf(bio_s_out, "ACCEPT\n");
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return (ret);
+}
+
+static int rev_body(int s, int stype, unsigned char *context)
+{
+    char *buf = NULL;
+    int i;
+    int ret = 1;
+    SSL *con;
+    BIO *io, *ssl_bio, *sbio;
+
+    buf = app_malloc(bufsize, "server rev buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+    if (context
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_do_handshake(io);
+        if (i > 0)
+            break;
+        if (!BIO_should_retry(io)) {
+            BIO_puts(bio_err, "CONNECTION FAILURE\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#ifndef OPENSSL_NO_SRP
+        if (BIO_should_io_special(io)
+            && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+            BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+            SRP_user_pwd_free(srp_callback_parm.user);
+            srp_callback_parm.user =
+                SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                       srp_callback_parm.login);
+            if (srp_callback_parm.user)
+                BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                           srp_callback_parm.user->info);
+            else
+                BIO_printf(bio_s_out, "LOOKUP not successful\n");
+            continue;
+        }
+#endif
+    }
+    BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
+    print_ssl_summary(con);
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            BIO_printf(bio_err, "CONNECTION CLOSED\n");
+            goto end;
+        } else {
+            char *p = buf + i - 1;
+            while (i && (*p == '\n' || *p == '\r')) {
+                p--;
+                i--;
+            }
+            if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
+                ret = 1;
+                BIO_printf(bio_err, "CONNECTION CLOSED\n");
+                goto end;
+            }
+            BUF_reverse((unsigned char *)buf, NULL, i);
+            buf[i] = '\n';
+            BIO_write(io, buf, i + 1);
+            for (;;) {
+                i = BIO_flush(io);
+                if (i > 0)
+                    break;
+                if (!BIO_should_retry(io))
+                    goto end;
+            }
+        }
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return (ret);
+}
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+    do {
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+        /*
+         * Prefix the session_id with the required prefix. NB: If our prefix
+         * is too long, clip it - but there will be worse effects anyway, eg.
+         * the server could only possibly create 1 session ID (ie. the
+         * prefix!) so all future session negotiations will fail due to
+         * conflicts.
+         */
+        memcpy(id, session_id_prefix,
+               (strlen(session_id_prefix) < *id_len) ?
+               strlen(session_id_prefix) : *id_len);
+    }
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++count < MAX_SESSION_ID_ATTEMPTS));
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}
+
+/*
+ * By default s_server uses an in-memory cache which caches SSL_SESSION
+ * structures without any serialisation. This hides some bugs which only
+ * become apparent in deployed servers. By implementing a basic external
+ * session cache some issues can be debugged using s_server.
+ */
+
+typedef struct simple_ssl_session_st {
+    unsigned char *id;
+    unsigned int idlen;
+    unsigned char *der;
+    int derlen;
+    struct simple_ssl_session_st *next;
+} simple_ssl_session;
+
+static simple_ssl_session *first = NULL;
+
+static int add_session(SSL *ssl, SSL_SESSION *session)
+{
+    simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
+    unsigned char *p;
+
+    SSL_SESSION_get_id(session, &sess->idlen);
+    sess->derlen = i2d_SSL_SESSION(session, NULL);
+    if (sess->derlen < 0) {
+        BIO_printf(bio_err, "Error encoding session\n");
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
+    sess->der = app_malloc(sess->derlen, "get session buffer");
+    if (!sess->id) {
+        BIO_printf(bio_err, "Out of memory adding to external cache\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+    p = sess->der;
+
+    /* Assume it still works. */
+    if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
+        BIO_printf(bio_err, "Unexpected session encoding length\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->next = first;
+    first = sess;
+    BIO_printf(bio_err, "New session added to external cache\n");
+    return 0;
+}
+
+static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen,
+                                int *do_copy)
+{
+    simple_ssl_session *sess;
+    *do_copy = 0;
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) {
+            const unsigned char *p = sess->der;
+            BIO_printf(bio_err, "Lookup session: cache hit\n");
+            return d2i_SSL_SESSION(NULL, &p, sess->derlen);
+        }
+    }
+    BIO_printf(bio_err, "Lookup session: cache miss\n");
+    return NULL;
+}
+
+static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
+{
+    simple_ssl_session *sess, *prev = NULL;
+    const unsigned char *id;
+    unsigned int idlen;
+    id = SSL_SESSION_get_id(session, &idlen);
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) {
+            if (prev)
+                prev->next = sess->next;
+            else
+                first = sess->next;
+            OPENSSL_free(sess->id);
+            OPENSSL_free(sess->der);
+            OPENSSL_free(sess);
+            return;
+        }
+        prev = sess;
+    }
+}
+
+static void init_session_cache_ctx(SSL_CTX *sctx)
+{
+    SSL_CTX_set_session_cache_mode(sctx,
+                                   SSL_SESS_CACHE_NO_INTERNAL |
+                                   SSL_SESS_CACHE_SERVER);
+    SSL_CTX_sess_set_new_cb(sctx, add_session);
+    SSL_CTX_sess_set_get_cb(sctx, get_session);
+    SSL_CTX_sess_set_remove_cb(sctx, del_session);
+}
+
+static void free_sessions(void)
+{
+    simple_ssl_session *sess, *tsess;
+    for (sess = first; sess;) {
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        tsess = sess;
+        sess = sess->next;
+        OPENSSL_free(tsess);
+    }
+    first = NULL;
+}
+
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/apps/s_socket.c b/openssl-1.1.0h/apps/s_socket.c
new file mode 100644
index 0000000..458aa86
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_socket.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* socket-related functions used by s_client and s_server */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <openssl/opensslconf.h>
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+# define USE_SOCKETS
+# include "apps.h"
+# undef USE_SOCKETS
+# include "s_apps.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+
+/*
+ * init_client - helper routine to set up socket communication
+ * @sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ *
+ * This will create a socket and use it to connect to a host:port, or if
+ * family == AF_UNIX, to the path found in host.
+ *
+ * If the host has more than one address, it will try them one by one until
+ * a successful connection is established.  The resulting socket will be
+ * found in *sock on success, it will be given INVALID_SOCKET otherwise.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int init_client(int *sock, const char *host, const char *port,
+                int family, int type)
+{
+    BIO_ADDRINFO *res = NULL;
+    const BIO_ADDRINFO *ai = NULL;
+    int ret;
+
+    if (!BIO_sock_init())
+        return 0;
+
+    ret = BIO_lookup(host, port, BIO_LOOKUP_CLIENT, family, type, &res);
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    ret = 0;
+    for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
+        /* Admittedly, these checks are quite paranoid, we should not get
+         * anything in the BIO_ADDRINFO chain that we haven't
+         * asked for. */
+        OPENSSL_assert((family == AF_UNSPEC
+                        || family == BIO_ADDRINFO_family(ai))
+                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai)));
+
+        *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
+                           BIO_ADDRINFO_protocol(ai), 0);
+        if (*sock == INVALID_SOCKET) {
+            /* Maybe the kernel doesn't support the socket family, even if
+             * BIO_lookup() added it in the returned result...
+             */
+            continue;
+        }
+        if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), 0)) {
+            BIO_closesocket(*sock);
+            *sock = INVALID_SOCKET;
+            continue;
+        }
+
+        /* Success, don't try any more addresses */
+        break;
+    }
+
+    if (*sock == INVALID_SOCKET) {
+        ERR_print_errors(bio_err);
+    } else {
+        /* Remove any stale errors from previous connection attempts */
+        ERR_clear_error();
+        ret = 1;
+    }
+    BIO_ADDRINFO_free(res);
+    return ret;
+}
+
+/*
+ * do_server - helper routine to perform a server operation
+ * @accept_sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ * @cb: pointer to a function that receives the accepted socket and
+ *  should perform the communication with the connecting client.
+ * @context: pointer to memory that's passed verbatim to the cb function.
+ * @naccept: number of times an incoming connect should be accepted.  If -1,
+ *  unlimited number.
+ *
+ * This will create a socket and use it to listen to a host:port, or if
+ * family == AF_UNIX, to the path found in host, then start accepting
+ * incoming connections and run cb on the resulting socket.
+ *
+ * 0 on failure, something other on success.
+ */
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type, do_server_cb cb,
+              unsigned char *context, int naccept)
+{
+    int asock = 0;
+    int sock;
+    int i;
+    BIO_ADDRINFO *res = NULL;
+    const BIO_ADDRINFO *next;
+    int sock_family, sock_type, sock_protocol;
+    const BIO_ADDR *sock_address;
+    int sock_options = BIO_SOCK_REUSEADDR;
+    int ret = 0;
+
+    if (!BIO_sock_init())
+        return 0;
+
+    if (!BIO_lookup(host, port, BIO_LOOKUP_SERVER, family, type, &res)) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /* Admittedly, these checks are quite paranoid, we should not get
+     * anything in the BIO_ADDRINFO chain that we haven't asked for */
+    OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
+                   && (type == 0 || type == BIO_ADDRINFO_socktype(res)));
+
+    sock_family = BIO_ADDRINFO_family(res);
+    sock_type = BIO_ADDRINFO_socktype(res);
+    sock_protocol = BIO_ADDRINFO_protocol(res);
+    sock_address = BIO_ADDRINFO_address(res);
+    next = BIO_ADDRINFO_next(res);
+    if (sock_family == AF_INET6)
+        sock_options |= BIO_SOCK_V6_ONLY;
+    if (next != NULL
+            && BIO_ADDRINFO_socktype(next) == sock_type
+            && BIO_ADDRINFO_protocol(next) == sock_protocol) {
+        if (sock_family == AF_INET
+                && BIO_ADDRINFO_family(next) == AF_INET6) {
+            sock_family = AF_INET6;
+            sock_address = BIO_ADDRINFO_address(next);
+        } else if (sock_family == AF_INET6
+                   && BIO_ADDRINFO_family(next) == AF_INET) {
+            sock_options &= ~BIO_SOCK_V6_ONLY;
+        }
+    }
+
+    asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET
+        || !BIO_listen(asock, sock_address, sock_options)) {
+        BIO_ADDRINFO_free(res);
+        ERR_print_errors(bio_err);
+        if (asock != INVALID_SOCKET)
+            BIO_closesocket(asock);
+        goto end;
+    }
+
+    BIO_ADDRINFO_free(res);
+    res = NULL;
+
+    if (accept_sock != NULL)
+        *accept_sock = asock;
+    for (;;) {
+        if (type == SOCK_STREAM) {
+            do {
+                sock = BIO_accept_ex(asock, NULL, 0);
+            } while (sock < 0 && BIO_sock_should_retry(sock));
+            if (sock < 0) {
+                ERR_print_errors(bio_err);
+                BIO_closesocket(asock);
+                break;
+            }
+            i = (*cb)(sock, type, context);
+
+            /*
+             * Give the socket time to send its last data before we close it.
+             * No amount of setting SO_LINGER etc on the socket seems to
+             * persuade Windows to send the data before closing the socket...
+             * but sleeping for a short time seems to do it (units in ms)
+             * TODO: Find a better way to do this
+             */
+#if defined(OPENSSL_SYS_WINDOWS)
+            Sleep(50);
+#elif defined(OPENSSL_SYS_CYGWIN)
+            usleep(50000);
+#endif
+
+            /*
+             * If we ended with an alert being sent, but still with data in the
+             * network buffer to be read, then calling BIO_closesocket() will
+             * result in a TCP-RST being sent. On some platforms (notably
+             * Windows) then this will result in the peer immediately abandoning
+             * the connection including any buffered alert data before it has
+             * had a chance to be read. Shutting down the sending side first,
+             * and then closing the socket sends TCP-FIN first followed by
+             * TCP-RST. This seems to allow the peer to read the alert data.
+             */
+            shutdown(sock, 1); /* SHUT_WR */
+            BIO_closesocket(sock);
+        } else {
+            i = (*cb)(asock, type, context);
+        }
+
+        if (naccept != -1)
+            naccept--;
+        if (i < 0 || naccept == 0) {
+            BIO_closesocket(asock);
+            ret = i;
+            break;
+        }
+    }
+ end:
+# ifdef AF_UNIX
+    if (family == AF_UNIX)
+        unlink(host);
+# endif
+    return ret;
+}
+
+#endif  /* OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/apps/s_time.c b/openssl-1.1.0h/apps/s_time.c
new file mode 100644
index 0000000..dc0ec4a
--- /dev/null
+++ b/openssl-1.1.0h/apps/s_time.c
@@ -0,0 +1,385 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "s_apps.h"
+#include <openssl/err.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#define SSL_CONNECT_NAME        "localhost:4433"
+
+#define SECONDS 30
+#define SECONDSSTR "30"
+
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
+
+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
+    OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS,
+    OPT_VERIFY, OPT_TIME, OPT_SSL3,
+    OPT_WWW
+} OPTION_CHOICE;
+
+OPTIONS s_time_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"connect", OPT_CONNECT, 's',
+     "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
+    {"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"},
+    {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
+    {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"new", OPT_NEW, '-', "Just time new connections"},
+    {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
+    {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
+    {"verify", OPT_VERIFY, 'p',
+     "Turn on peer certificate verification, set depth"},
+    {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
+    {"www", OPT_WWW, 's', "Fetch specified page from the site"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+    {NULL}
+};
+
+#define START   0
+#define STOP    1
+
+static double tm_Time_F(int s)
+{
+    return app_tminterval(s, 1);
+}
+
+int s_time_main(int argc, char **argv)
+{
+    char buf[1024 * 8];
+    SSL *scon = NULL;
+    SSL_CTX *ctx = NULL;
+    const SSL_METHOD *meth = NULL;
+    char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL;
+    char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
+    double totalTime = 0.0;
+    int noCApath = 0, noCAfile = 0;
+    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
+    long bytes_read = 0, finishtime = 0;
+    OPTION_CHOICE o;
+    int max_version = 0, ver, buf_len;
+    size_t buf_size;
+
+    meth = TLS_client_method();
+
+    prog = opt_init(argc, argv, s_time_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_time_options);
+            ret = 0;
+            goto end;
+        case OPT_CONNECT:
+            host = opt_arg();
+            break;
+        case OPT_REUSE:
+            perform = 2;
+            break;
+        case OPT_NEW:
+            perform = 1;
+            break;
+        case OPT_VERIFY:
+            if (!opt_int(opt_arg(), &verify_args.depth))
+                goto opthelp;
+            BIO_printf(bio_err, "%s: verify depth is %d\n",
+                       prog, verify_args.depth);
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CIPHER:
+            cipher = opt_arg();
+            break;
+        case OPT_BUGS:
+            st_bugs = 1;
+            break;
+        case OPT_TIME:
+            if (!opt_int(opt_arg(), &maxtime))
+                goto opthelp;
+            break;
+        case OPT_WWW:
+            www_path = opt_arg();
+            buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2;  /* 2 is for %s */
+            if (buf_size > sizeof(buf)) {
+                BIO_printf(bio_err, "%s: -www option is too long\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_SSL3:
+            max_version = SSL3_VERSION;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (cipher == NULL)
+        cipher = getenv("SSL_CIPHER");
+    if (cipher == NULL)
+        BIO_printf(bio_err, "No CIPHER specified\n");
+
+    if ((ctx = SSL_CTX_new(meth)) == NULL)
+        goto end;
+
+    SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (st_bugs)
+        SSL_CTX_set_options(ctx, SSL_OP_ALL);
+    if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
+        goto end;
+    if (!set_cert_stuff(ctx, certfile, keyfile))
+        goto end;
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (!(perform & 1))
+        goto next;
+    printf("Collecting connection statistics for %d seconds\n", maxtime);
+
+    /* Loop and time how long it takes to make connections */
+
+    bytes_read = 0;
+    finishtime = (long)time(NULL) + maxtime;
+    tm_Time_F(START);
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((scon = doConnection(NULL, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path != NULL) {
+            buf_len = BIO_snprintf(buf, sizeof(buf),
+                                   fmt_http_get_cmd, www_path);
+            if (SSL_write(scon, buf, buf_len) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon))
+            ver = 'r';
+        else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+
+        SSL_free(scon);
+        scon = NULL;
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    i = (int)((long)time(NULL) - finishtime + maxtime);
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+
+    /*
+     * Now loop and time connections using the same session id over and over
+     */
+
+ next:
+    if (!(perform & 2))
+        goto end;
+    printf("\n\nNow timing with session id reuse.\n");
+
+    /* Get an SSL object so we can reuse the session id */
+    if ((scon = doConnection(NULL, host, ctx)) == NULL) {
+        BIO_printf(bio_err, "Unable to get connection\n");
+        goto end;
+    }
+
+    if (www_path != NULL) {
+        buf_len = BIO_snprintf(buf, sizeof(buf),
+                               fmt_http_get_cmd, www_path);
+        if (SSL_write(scon, buf, buf_len) <= 0)
+            goto end;
+        while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+            continue;
+    }
+    SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    BIO_closesocket(SSL_get_fd(scon));
+
+    nConn = 0;
+    totalTime = 0.0;
+
+    finishtime = (long)time(NULL) + maxtime;
+
+    printf("starting\n");
+    bytes_read = 0;
+    tm_Time_F(START);
+
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((doConnection(scon, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path) {
+            BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
+                         www_path);
+            if (SSL_write(scon, buf, strlen(buf)) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon))
+            ver = 'r';
+        else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+
+    ret = 0;
+
+ end:
+    SSL_free(scon);
+    SSL_CTX_free(ctx);
+    return (ret);
+}
+
+/*-
+ * doConnection - make a connection
+ */
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
+{
+    BIO *conn;
+    SSL *serverCon;
+    int i;
+
+    if ((conn = BIO_new(BIO_s_connect())) == NULL)
+        return NULL;
+
+    BIO_set_conn_hostname(conn, host);
+    BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
+
+    if (scon == NULL)
+        serverCon = SSL_new(ctx);
+    else {
+        serverCon = scon;
+        SSL_set_connect_state(serverCon);
+    }
+
+    SSL_set_bio(serverCon, conn, conn);
+
+    /* ok, lets connect */
+    i = SSL_connect(serverCon);
+    if (i <= 0) {
+        BIO_printf(bio_err, "ERROR\n");
+        if (verify_args.error != X509_V_OK)
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_args.error));
+        else
+            ERR_print_errors(bio_err);
+        if (scon == NULL)
+            SSL_free(serverCon);
+        return NULL;
+    }
+
+#if defined(SOL_SOCKET) && defined(SO_LINGER)
+    {
+        struct linger no_linger;
+
+        no_linger.l_onoff  = 1;
+        no_linger.l_linger = 0;
+        (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
+                          (char*)&no_linger, sizeof(no_linger));
+    }
+#endif
+
+    return serverCon;
+}
+#endif /* OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/apps/server.pem b/openssl-1.1.0h/apps/server.pem
new file mode 100644
index 0000000..d0fc265
--- /dev/null
+++ b/openssl-1.1.0h/apps/server.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
+KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
+R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
+vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
+TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
+41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
+AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
+hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
+WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
+yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
+vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
+xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
+JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
+h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
+tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
+D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
+uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
+qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
+zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
+r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
+AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
+5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
+W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
+674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
+utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
+BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
+4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
+WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
+bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
+6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
+4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
+WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
+n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
+JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
+OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/server.srl b/openssl-1.1.0h/apps/server.srl
new file mode 100644
index 0000000..8a0f05e
--- /dev/null
+++ b/openssl-1.1.0h/apps/server.srl
@@ -0,0 +1 @@
+01
diff --git a/openssl-1.1.0h/apps/server2.pem b/openssl-1.1.0h/apps/server2.pem
new file mode 100644
index 0000000..a3927cf
--- /dev/null
+++ b/openssl-1.1.0h/apps/server2.pem
@@ -0,0 +1,52 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
+A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
+IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
+gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
+qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
+ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
+/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
+bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
+ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
+zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
+LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
+XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
+5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
+Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
+oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
+UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
+2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
+92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
+DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
+KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
+x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
+DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
+F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
+rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
++znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
+Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
+E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
+Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
+8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
+rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
+bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
+5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
+3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
+5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
+5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
+38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
+z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
+kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
+NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/apps/sess_id.c b/openssl-1.1.0h/apps/sess_id.c
new file mode 100644
index 0000000..2b63e69
--- /dev/null
+++ b/openssl-1.1.0h/apps/sess_id.c
@@ -0,0 +1,190 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
+} OPTION_CHOICE;
+
+OPTIONS sess_id_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (PEM, DER or NSS)"},
+    {"in", OPT_IN, 's', "Input file - default stdin"},
+    {"out", OPT_OUT, 's', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print ssl session id details"},
+    {"cert", OPT_CERT, '-', "Output certificate "},
+    {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
+    {"context", OPT_CONTEXT, 's', "Set the session ID context"},
+    {NULL}
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+
+int sess_id_main(int argc, char **argv)
+{
+    SSL_SESSION *x = NULL;
+    X509 *peer = NULL;
+    BIO *out = NULL;
+    char *infile = NULL, *outfile = NULL, *context = NULL, *prog;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, sess_id_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(sess_id_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS,
+                            &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_CERT:
+            cert = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_CONTEXT:
+            context = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    x = load_sess_id(infile, informat);
+    if (x == NULL) {
+        goto end;
+    }
+    peer = SSL_SESSION_get0_peer(x);
+
+    if (context) {
+        size_t ctx_len = strlen(context);
+        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+            BIO_printf(bio_err, "Context too long\n");
+            goto end;
+        }
+        if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
+                    ctx_len)) {
+            BIO_printf(bio_err, "Error setting id context\n");
+            goto end;
+        }
+    }
+
+    if (!noout || text) {
+        out = bio_open_default(outfile, 'w', outformat);
+        if (out == NULL)
+            goto end;
+    }
+
+    if (text) {
+        SSL_SESSION_print(out, x);
+
+        if (cert) {
+            if (peer == NULL)
+                BIO_puts(out, "No certificate present\n");
+            else
+                X509_print(out, peer);
+        }
+    }
+
+    if (!noout && !cert) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_SSL_SESSION_bio(out, x);
+        else if (outformat == FORMAT_PEM)
+            i = PEM_write_bio_SSL_SESSION(out, x);
+        else if (outformat == FORMAT_NSS)
+            i = SSL_SESSION_print_keylog(out, x);
+        else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write SSL_SESSION\n");
+            goto end;
+        }
+    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+        if (outformat == FORMAT_ASN1)
+            i = (int)i2d_X509_bio(out, peer);
+        else if (outformat == FORMAT_PEM)
+            i = PEM_write_bio_X509(out, peer);
+        else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    SSL_SESSION_free(x);
+    return (ret);
+}
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+{
+    SSL_SESSION *x = NULL;
+    BIO *in = NULL;
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1)
+        x = d2i_SSL_SESSION_bio(in, NULL);
+    else
+        x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load SSL_SESSION\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return (x);
+}
diff --git a/openssl-1.1.0h/apps/smime.c b/openssl-1.1.0h/apps/smime.c
new file mode 100644
index 0000000..e18d7de
--- /dev/null
+++ b/openssl-1.1.0h/apps/smime.c
@@ -0,0 +1,656 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP        0x10
+#define SMIME_IP        0x20
+#define SMIME_SIGNERS   0x40
+#define SMIME_ENCRYPT   (1 | SMIME_OP)
+#define SMIME_DECRYPT   (2 | SMIME_IP)
+#define SMIME_SIGN      (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY    (4 | SMIME_IP)
+#define SMIME_PK7OUT    (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN    (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
+    OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
+    OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
+    OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
+    OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
+    OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
+    OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_V_ENUM,
+    OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
+    OPT_OUTFORM, OPT_CONTENT
+} OPTION_CHOICE;
+
+OPTIONS smime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"nochain", OPT_NOCHAIN, '-', 
+     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
+    {"indef", OPT_INDEF, '-', "Same as -stream" },
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int smime_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *indata = NULL;
+    EVP_PKEY *key = NULL;
+    PKCS7 *p7 = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *inrand = NULL;
+    char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
+        NULL;
+    char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
+        NULL, *subject = NULL;
+    OPTION_CHOICE o;
+    int noCApath = 0, noCAfile = 0;
+    int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
+        0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
+        FORMAT_PEM;
+    int vpmtouched = 0, rv = 0;
+    ENGINE *e = NULL;
+    const char *mime_eol = "\n";
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, smime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(smime_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_PK7OUT:
+            operation = SMIME_PK7OUT;
+            break;
+        case OPT_TEXT:
+            flags |= PKCS7_TEXT;
+            break;
+        case OPT_NOINTERN:
+            flags |= PKCS7_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= PKCS7_NOVERIFY;
+            break;
+        case OPT_NOCHAIN:
+            flags |= PKCS7_NOCHAIN;
+            break;
+        case OPT_NOCERTS:
+            flags |= PKCS7_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= PKCS7_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~PKCS7_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= PKCS7_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= PKCS7_BINARY;
+            break;
+        case OPT_NOSIGS:
+            flags |= PKCS7_NOSIGS;
+            break;
+        case OPT_STREAM:
+        case OPT_INDEF:
+            indef = 1;
+            break;
+        case OPT_NOINDEF:
+            indef = 0;
+            break;
+        case OPT_CRLFEOL:
+            flags |= PKCS7_CRLFEOL;
+            mime_eol = "\r\n";
+            break;
+        case OPT_RAND:
+            inrand = opt_arg();
+            need_rand = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_RECIP:
+            recipfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile) {
+                if (signerfile == NULL) {
+                    BIO_printf(bio_err,
+                               "%s: Must have -signer before -inkey\n", prog);
+                    goto opthelp;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto opthelp;
+            vpmtouched++;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        /* Check to see if any final signer needs to be appended */
+        if (keyfile && !signerfile) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        if (signerfile) {
+            if (!sksigners
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!keyfile)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (!sksigners) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+        need_rand = 1;
+    } else if (operation == SMIME_DECRYPT) {
+        if (!recipfile && !keyfile) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+        need_rand = 1;
+    } else if (!operation)
+        goto opthelp;
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (need_rand) {
+        app_RAND_load_file(NULL, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~PKCS7_DETACHED;
+
+    if (!(operation & SMIME_OP)) {
+        if (flags & PKCS7_BINARY)
+            outformat = FORMAT_BINARY;
+    }
+
+    if (!(operation & SMIME_IP)) {
+        if (flags & PKCS7_BINARY)
+            informat = FORMAT_BINARY;
+    }
+
+    if (operation == SMIME_ENCRYPT) {
+        if (!cipher) {
+#ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+#else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+#endif
+        }
+        encerts = sk_X509_new_null();
+        if (!encerts)
+            goto end;
+        while (*argv) {
+            cert = load_cert(*argv, FORMAT_PEM,
+                             "recipient certificate file");
+            if (cert == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (!keyfile)
+            keyfile = recipfile;
+    } else if (operation == SMIME_SIGN) {
+        if (!keyfile)
+            keyfile = signerfile;
+    } else
+        keyfile = NULL;
+
+    if (keyfile) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (!key)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME)
+            p7 = SMIME_read_PKCS7(in, &indata);
+        else if (informat == FORMAT_PEM)
+            p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+        else if (informat == FORMAT_ASN1)
+            p7 = d2i_PKCS7_bio(in, NULL);
+        else {
+            BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+            goto end;
+        }
+
+        if (!p7) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (operation == SMIME_VERIFY) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, smime_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_ENCRYPT) {
+        if (indef)
+            flags |= PKCS7_STREAM;
+        p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we only enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+            if (flags & PKCS7_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= PKCS7_STREAM;
+            } else if (indef)
+                flags |= PKCS7_STREAM;
+            flags |= PKCS7_PARTIAL;
+            p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+            if (!p7)
+                goto end;
+            if (flags & PKCS7_NOCERTS) {
+                for (i = 0; i < sk_X509_num(other); i++) {
+                    X509 *x = sk_X509_value(other, i);
+                    PKCS7_add_certificate(p7, x);
+                }
+            }
+        } else
+            flags |= PKCS7_REUSE_DIGEST;
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+            signer = load_cert(signerfile, FORMAT_PEM,
+                               "signer certificate");
+            if (!signer)
+                goto end;
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (!key)
+                goto end;
+            if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
+            if (!PKCS7_final(p7, in, flags))
+                goto end;
+        }
+    }
+
+    if (!p7) {
+        BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_VERIFY) {
+        STACK_OF(X509) *signers;
+        if (PKCS7_verify(p7, other, store, indata, out, flags))
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+        signers = PKCS7_get0_signers(p7, other, flags);
+        if (!save_certs(signerfile, signers)) {
+            BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+            ret = 5;
+            goto end;
+        }
+        sk_X509_free(signers);
+    } else if (operation == SMIME_PK7OUT)
+        PEM_write_bio_PKCS7(out, p7);
+    else {
+        if (to)
+            BIO_printf(out, "To: %s%s", to, mime_eol);
+        if (from)
+            BIO_printf(out, "From: %s%s", from, mime_eol);
+        if (subject)
+            BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+        if (outformat == FORMAT_SMIME) {
+            if (operation == SMIME_RESIGN)
+                rv = SMIME_write_PKCS7(out, p7, indata, flags);
+            else
+                rv = SMIME_write_PKCS7(out, p7, in, flags);
+        } else if (outformat == FORMAT_PEM)
+            rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
+        else if (outformat == FORMAT_ASN1)
+            rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
+        else {
+            BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+            goto end;
+        }
+        if (rv == 0) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ret = 3;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (need_rand)
+        app_RAND_write_file(NULL);
+    if (ret)
+        ERR_print_errors(bio_err);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+    if (!signerfile)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (!tmp)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+
+}
diff --git a/openssl-1.1.0h/apps/speed.c b/openssl-1.1.0h/apps/speed.c
new file mode 100644
index 0000000..b0a7b6e
--- /dev/null
+++ b/openssl-1.1.0h/apps/speed.c
@@ -0,0 +1,3149 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+#undef SECONDS
+#define SECONDS                 3
+#define PRIME_SECONDS   10
+#define RSA_SECONDS             10
+#define DSA_SECONDS             10
+#define ECDSA_SECONDS   10
+#define ECDH_SECONDS    10
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/async.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#include <openssl/aes.h>
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/camellia.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+# include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+#endif
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/ripemd.h>
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/whrlpool.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_RC5
+# include <openssl/rc5.h>
+#endif
+#ifndef OPENSSL_NO_RC2
+# include <openssl/rc2.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+# include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# include "./testdsa.h"
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/modes.h>
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE (1024*16+1)
+#define MAX_MISALIGNMENT 63
+
+#define ALGOR_NUM       30
+#define SIZE_NUM        6
+#define PRIME_NUM       3
+#define RSA_NUM         7
+#define DSA_NUM         3
+
+#define EC_NUM          17
+#define MAX_ECDH_SIZE   256
+#define MISALIGN        64
+
+static volatile int run = 0;
+
+static int mr = 0;
+static int usertime = 1;
+
+typedef void *(*kdf_fn) (
+        const void *in, size_t inlen, void *out, size_t *xoutlen);
+
+typedef struct loopargs_st {
+    ASYNC_JOB *inprogress_job;
+    ASYNC_WAIT_CTX *wait_ctx;
+    unsigned char *buf;
+    unsigned char *buf2;
+    unsigned char *buf_malloc;
+    unsigned char *buf2_malloc;
+    unsigned int siglen;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa_key[RSA_NUM];
+#endif
+#ifndef OPENSSL_NO_DSA
+    DSA *dsa_key[DSA_NUM];
+#endif
+#ifndef OPENSSL_NO_EC
+    EC_KEY *ecdsa[EC_NUM];
+    EC_KEY *ecdh_a[EC_NUM];
+    EC_KEY *ecdh_b[EC_NUM];
+    unsigned char *secret_a;
+    unsigned char *secret_b;
+    size_t      outlen;
+    kdf_fn      kdf;
+#endif
+    EVP_CIPHER_CTX *ctx;
+    HMAC_CTX *hctx;
+    GCM128_CONTEXT *gcm_ctx;
+} loopargs_t;
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args);
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args);
+static int HMAC_loop(void *args);
+#endif
+static int SHA1_loop(void *args);
+static int SHA256_loop(void *args);
+static int SHA512_loop(void *args);
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RC4
+static int RC4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DES
+static int DES_ncbc_encrypt_loop(void *args);
+static int DES_ede3_cbc_encrypt_loop(void *args);
+#endif
+static int AES_cbc_128_encrypt_loop(void *args);
+static int AES_cbc_192_encrypt_loop(void *args);
+static int AES_ige_128_encrypt_loop(void *args);
+static int AES_cbc_256_encrypt_loop(void *args);
+static int AES_ige_192_encrypt_loop(void *args);
+static int AES_ige_256_encrypt_loop(void *args);
+static int CRYPTO_gcm128_aad_loop(void *args);
+static int EVP_Update_loop(void *args);
+static int EVP_Digest_loop(void *args);
+#ifndef OPENSSL_NO_RSA
+static int RSA_sign_loop(void *args);
+static int RSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DSA
+static int DSA_sign_loop(void *args);
+static int DSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_EC
+static int ECDSA_sign_loop(void *args);
+static int ECDSA_verify_loop(void *args);
+static int ECDH_compute_key_loop(void *args);
+#endif
+static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs);
+
+static double Time_F(int s);
+static void print_message(const char *s, long num, int length);
+static void pkey_print_message(const char *str, const char *str2,
+                               long num, int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
+#ifndef NO_FORK
+static int do_multi(int multi);
+#endif
+
+static const char *names[ALGOR_NUM] = {
+    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+    "des cbc", "des ede3", "idea cbc", "seed cbc",
+    "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+    "evp", "sha256", "sha512", "whirlpool",
+    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
+};
+
+static double results[ALGOR_NUM][SIZE_NUM];
+
+static const int lengths[SIZE_NUM] = {
+    16, 64, 256, 1024, 8 * 1024, 16 * 1024
+};
+
+#ifndef OPENSSL_NO_RSA
+static double rsa_results[RSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_DSA
+static double dsa_results[DSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_EC
+static double ecdsa_results[EC_NUM][2];
+static double ecdh_results[EC_NUM][1];
+#endif
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+#endif
+
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#  define SIGRETTYPE void
+# else
+#  define SIGRETTYPE int
+# endif
+
+static SIGRETTYPE sig_done(int sig);
+static SIGRETTYPE sig_done(int sig)
+{
+    signal(SIGALRM, sig_done);
+    run = 0;
+}
+#endif
+
+#define START   0
+#define STOP    1
+
+#if defined(_WIN32)
+
+# if !defined(SIGALRM)
+#  define SIGALRM
+# endif
+static unsigned int lapse;
+static volatile unsigned int schlock;
+static void alarm_win32(unsigned int secs)
+{
+    lapse = secs * 1000;
+}
+
+# define alarm alarm_win32
+
+static DWORD WINAPI sleepy(VOID * arg)
+{
+    schlock = 1;
+    Sleep(lapse);
+    run = 0;
+    return 0;
+}
+
+static double Time_F(int s)
+{
+    double ret;
+    static HANDLE thr;
+
+    if (s == START) {
+        schlock = 0;
+        thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
+        if (thr == NULL) {
+            DWORD err = GetLastError();
+            BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
+            ExitProcess(err);
+        }
+        while (!schlock)
+            Sleep(0);           /* scheduler spinlock */
+        ret = app_tminterval(s, usertime);
+    } else {
+        ret = app_tminterval(s, usertime);
+        if (run)
+            TerminateThread(thr, 0);
+        CloseHandle(thr);
+    }
+
+    return ret;
+}
+#else
+
+static double Time_F(int s)
+{
+    double ret = app_tminterval(s, usertime);
+    if (s == STOP)
+        alarm(0);
+    return ret;
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher);
+
+static int found(const char *name, const OPT_PAIR *pairs, int *result)
+{
+    for (; pairs->name; pairs++)
+        if (strcmp(name, pairs->name) == 0) {
+            *result = pairs->retval;
+            return 1;
+        }
+    return 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
+    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS
+} OPTION_CHOICE;
+
+OPTIONS speed_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
+    {"decrypt", OPT_DECRYPT, '-',
+     "Time decryption instead of encryption (only EVP)"},
+    {"mr", OPT_MR, '-', "Produce machine readable output"},
+    {"mb", OPT_MB, '-',
+     "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
+    {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
+    {"elapsed", OPT_ELAPSED, '-',
+     "Measure time in real time instead of CPU user time"},
+#ifndef NO_FORK
+    {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
+#endif
+#ifndef OPENSSL_NO_ASYNC
+    {"async_jobs", OPT_ASYNCJOBS, 'p',
+     "Enable async mode and start pnum jobs"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL},
+};
+
+#define D_MD2           0
+#define D_MDC2          1
+#define D_MD4           2
+#define D_MD5           3
+#define D_HMAC          4
+#define D_SHA1          5
+#define D_RMD160        6
+#define D_RC4           7
+#define D_CBC_DES       8
+#define D_EDE3_DES      9
+#define D_CBC_IDEA      10
+#define D_CBC_SEED      11
+#define D_CBC_RC2       12
+#define D_CBC_RC5       13
+#define D_CBC_BF        14
+#define D_CBC_CAST      15
+#define D_CBC_128_AES   16
+#define D_CBC_192_AES   17
+#define D_CBC_256_AES   18
+#define D_CBC_128_CML   19
+#define D_CBC_192_CML   20
+#define D_CBC_256_CML   21
+#define D_EVP           22
+#define D_SHA256        23
+#define D_SHA512        24
+#define D_WHIRLPOOL     25
+#define D_IGE_128_AES   26
+#define D_IGE_192_AES   27
+#define D_IGE_256_AES   28
+#define D_GHASH         29
+static OPT_PAIR doit_choices[] = {
+#ifndef OPENSSL_NO_MD2
+    {"md2", D_MD2},
+#endif
+#ifndef OPENSSL_NO_MDC2
+    {"mdc2", D_MDC2},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {"md4", D_MD4},
+#endif
+#ifndef OPENSSL_NO_MD5
+    {"md5", D_MD5},
+    {"hmac", D_HMAC},
+#endif
+    {"sha1", D_SHA1},
+    {"sha256", D_SHA256},
+    {"sha512", D_SHA512},
+#ifndef OPENSSL_NO_WHIRLPOOL
+    {"whirlpool", D_WHIRLPOOL},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {"ripemd", D_RMD160},
+    {"rmd160", D_RMD160},
+    {"ripemd160", D_RMD160},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {"rc4", D_RC4},
+#endif
+#ifndef OPENSSL_NO_DES
+    {"des-cbc", D_CBC_DES},
+    {"des-ede3", D_EDE3_DES},
+#endif
+    {"aes-128-cbc", D_CBC_128_AES},
+    {"aes-192-cbc", D_CBC_192_AES},
+    {"aes-256-cbc", D_CBC_256_AES},
+    {"aes-128-ige", D_IGE_128_AES},
+    {"aes-192-ige", D_IGE_192_AES},
+    {"aes-256-ige", D_IGE_256_AES},
+#ifndef OPENSSL_NO_RC2
+    {"rc2-cbc", D_CBC_RC2},
+    {"rc2", D_CBC_RC2},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {"rc5-cbc", D_CBC_RC5},
+    {"rc5", D_CBC_RC5},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {"idea-cbc", D_CBC_IDEA},
+    {"idea", D_CBC_IDEA},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {"seed-cbc", D_CBC_SEED},
+    {"seed", D_CBC_SEED},
+#endif
+#ifndef OPENSSL_NO_BF
+    {"bf-cbc", D_CBC_BF},
+    {"blowfish", D_CBC_BF},
+    {"bf", D_CBC_BF},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {"cast-cbc", D_CBC_CAST},
+    {"cast", D_CBC_CAST},
+    {"cast5", D_CBC_CAST},
+#endif
+    {"ghash", D_GHASH},
+    {NULL}
+};
+
+#ifndef OPENSSL_NO_DSA
+# define R_DSA_512       0
+# define R_DSA_1024      1
+# define R_DSA_2048      2
+static OPT_PAIR dsa_choices[] = {
+    {"dsa512", R_DSA_512},
+    {"dsa1024", R_DSA_1024},
+    {"dsa2048", R_DSA_2048},
+    {NULL},
+};
+#endif
+
+#define R_RSA_512       0
+#define R_RSA_1024      1
+#define R_RSA_2048      2
+#define R_RSA_3072      3
+#define R_RSA_4096      4
+#define R_RSA_7680      5
+#define R_RSA_15360     6
+static OPT_PAIR rsa_choices[] = {
+    {"rsa512", R_RSA_512},
+    {"rsa1024", R_RSA_1024},
+    {"rsa2048", R_RSA_2048},
+    {"rsa3072", R_RSA_3072},
+    {"rsa4096", R_RSA_4096},
+    {"rsa7680", R_RSA_7680},
+    {"rsa15360", R_RSA_15360},
+    {NULL}
+};
+
+#define R_EC_P160    0
+#define R_EC_P192    1
+#define R_EC_P224    2
+#define R_EC_P256    3
+#define R_EC_P384    4
+#define R_EC_P521    5
+#define R_EC_K163    6
+#define R_EC_K233    7
+#define R_EC_K283    8
+#define R_EC_K409    9
+#define R_EC_K571    10
+#define R_EC_B163    11
+#define R_EC_B233    12
+#define R_EC_B283    13
+#define R_EC_B409    14
+#define R_EC_B571    15
+#define R_EC_X25519  16
+#ifndef OPENSSL_NO_EC
+static OPT_PAIR ecdsa_choices[] = {
+    {"ecdsap160", R_EC_P160},
+    {"ecdsap192", R_EC_P192},
+    {"ecdsap224", R_EC_P224},
+    {"ecdsap256", R_EC_P256},
+    {"ecdsap384", R_EC_P384},
+    {"ecdsap521", R_EC_P521},
+    {"ecdsak163", R_EC_K163},
+    {"ecdsak233", R_EC_K233},
+    {"ecdsak283", R_EC_K283},
+    {"ecdsak409", R_EC_K409},
+    {"ecdsak571", R_EC_K571},
+    {"ecdsab163", R_EC_B163},
+    {"ecdsab233", R_EC_B233},
+    {"ecdsab283", R_EC_B283},
+    {"ecdsab409", R_EC_B409},
+    {"ecdsab571", R_EC_B571},
+    {NULL}
+};
+
+static OPT_PAIR ecdh_choices[] = {
+    {"ecdhp160", R_EC_P160},
+    {"ecdhp192", R_EC_P192},
+    {"ecdhp224", R_EC_P224},
+    {"ecdhp256", R_EC_P256},
+    {"ecdhp384", R_EC_P384},
+    {"ecdhp521", R_EC_P521},
+    {"ecdhk163", R_EC_K163},
+    {"ecdhk233", R_EC_K233},
+    {"ecdhk283", R_EC_K283},
+    {"ecdhk409", R_EC_K409},
+    {"ecdhk571", R_EC_K571},
+    {"ecdhb163", R_EC_B163},
+    {"ecdhb233", R_EC_B233},
+    {"ecdhb283", R_EC_B283},
+    {"ecdhb409", R_EC_B409},
+    {"ecdhb571", R_EC_B571},
+    {"ecdhx25519", R_EC_X25519},
+    {NULL}
+};
+#endif
+
+#ifndef SIGALRM
+# define COND(d) (count < (d))
+# define COUNT(d) (d)
+#else
+# define COND(unused_cond) (run && count<0x7fffffff)
+# define COUNT(d) (count)
+#endif                         /* SIGALRM */
+
+static int testnum;
+
+/* Nb of iterations to do per algorithm and key-size */
+static long c[ALGOR_NUM][SIZE_NUM];
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md2[MD2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
+                NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char mdc2[MDC2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MDC2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
+                NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md4[MD4_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD4][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
+                NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md5[MD5_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_MD5][testnum]); count++)
+        MD5(buf, lengths[testnum], md5);
+    return count;
+}
+
+static int HMAC_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    HMAC_CTX *hctx = tempargs->hctx;
+    unsigned char hmac[MD5_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_HMAC][testnum]); count++) {
+        HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
+        HMAC_Update(hctx, buf, lengths[testnum]);
+        HMAC_Final(hctx, hmac, NULL);
+    }
+    return count;
+}
+#endif
+
+static int SHA1_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha[SHA_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA1][testnum]); count++)
+        SHA1(buf, lengths[testnum], sha);
+    return count;
+}
+
+static int SHA256_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha256[SHA256_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA256][testnum]); count++)
+        SHA256(buf, lengths[testnum], sha256);
+    return count;
+}
+
+static int SHA512_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha512[SHA512_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA512][testnum]); count++)
+        SHA512(buf, lengths[testnum], sha512);
+    return count;
+}
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
+        WHIRLPOOL(buf, lengths[testnum], whirlpool);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_RMD160][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
+                NULL, EVP_ripemd160(), NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RC4
+static RC4_KEY rc4_ks;
+static int RC4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_RC4][testnum]); count++)
+        RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DES
+static unsigned char DES_iv[8];
+static DES_key_schedule sch;
+static DES_key_schedule sch2;
+static DES_key_schedule sch3;
+static int DES_ncbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
+        DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
+                &DES_iv, DES_ENCRYPT);
+    return count;
+}
+
+static int DES_ede3_cbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
+        DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
+                &sch, &sch2, &sch3,
+                &DES_iv, DES_ENCRYPT);
+    return count;
+}
+#endif
+
+#define MAX_BLOCK_SIZE 128
+
+static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+static AES_KEY aes_ks1, aes_ks2, aes_ks3;
+static int AES_cbc_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                (size_t)lengths[testnum], &aes_ks1,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                (size_t)lengths[testnum], &aes_ks2,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                (size_t)lengths[testnum], &aes_ks3,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                (size_t)lengths[testnum], &aes_ks1,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                (size_t)lengths[testnum], &aes_ks2,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                (size_t)lengths[testnum], &aes_ks3,
+                iv, AES_ENCRYPT);
+    return count;
+}
+
+static int CRYPTO_gcm128_aad_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
+    int count;
+    for (count = 0; COND(c[D_GHASH][testnum]); count++)
+        CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
+    return count;
+}
+
+static long save_count = 0;
+static int decrypt = 0;
+static int EVP_Update_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt)
+        for (count = 0; COND(nb_iter); count++)
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+    else
+        for (count = 0; COND(nb_iter); count++)
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+static const EVP_MD *evp_md = NULL;
+static int EVP_Digest_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int count;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+
+    for (count = 0; COND(nb_iter); count++) {
+        if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
+            return -1;
+    }
+    return count;
+}
+
+#ifndef OPENSSL_NO_RSA
+static long rsa_c[RSA_NUM][2];  /* # RSA iteration test */
+
+static int RSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int *rsa_num = &tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][0]); count++) {
+        ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "RSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int RSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int rsa_num = tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][1]); count++) {
+        ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "RSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static long dsa_c[DSA_NUM][2];
+static int DSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int *siglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][0]); count++) {
+        ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "DSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int DSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int siglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][1]); count++) {
+        ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "DSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static long ecdsa_c[EC_NUM][2];
+static int ECDSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int *ecdsasiglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
+        ret = ECDSA_sign(0, buf, 20,
+                ecdsasig, ecdsasiglen, ecdsa[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "ECDSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int ECDSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int ecdsasiglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
+        ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
+                ecdsa[testnum]);
+        if (ret != 1) {
+            BIO_printf(bio_err, "ECDSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+/* ******************************************************************** */
+static long ecdh_c[EC_NUM][1];
+
+static int ECDH_compute_key_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    EC_KEY **ecdh_a = tempargs->ecdh_a;
+    EC_KEY **ecdh_b = tempargs->ecdh_b;
+    unsigned char *secret_a = tempargs->secret_a;
+    int count;
+    size_t outlen = tempargs->outlen;
+    kdf_fn kdf = tempargs->kdf;
+
+    for (count = 0; COND(ecdh_c[testnum][0]); count++) {
+        ECDH_compute_key(secret_a, outlen,
+                EC_KEY_get0_public_key(ecdh_b[testnum]),
+                ecdh_a[testnum], kdf);
+    }
+    return count;
+}
+
+static const size_t KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+                       size_t *outlen)
+{
+    if (*outlen < SHA_DIGEST_LENGTH)
+        return NULL;
+    *outlen = SHA_DIGEST_LENGTH;
+    return SHA1(in, inlen, out);
+}
+#endif                          /* OPENSSL_NO_EC */
+
+static int run_benchmark(int async_jobs,
+                         int (*loop_function)(void *), loopargs_t *loopargs)
+{
+    int job_op_count = 0;
+    int total_op_count = 0;
+    int num_inprogress = 0;
+    int error = 0, i = 0, ret = 0;
+    OSSL_ASYNC_FD job_fd = 0;
+    size_t num_job_fds = 0;
+
+    run = 1;
+
+    if (async_jobs == 0) {
+        return loop_function((void *)&loopargs);
+    }
+
+    for (i = 0; i < async_jobs && !error; i++) {
+        loopargs_t *looparg_item = loopargs + i;
+
+        /* Copy pointer content (looparg_t item address) into async context */
+        ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
+                              &job_op_count, loop_function,
+                              (void *)&looparg_item, sizeof(looparg_item));
+        switch (ret) {
+        case ASYNC_PAUSE:
+            ++num_inprogress;
+            break;
+        case ASYNC_FINISH:
+            if (job_op_count == -1) {
+                error = 1;
+            } else {
+                total_op_count += job_op_count;
+            }
+            break;
+        case ASYNC_NO_JOBS:
+        case ASYNC_ERR:
+            BIO_printf(bio_err, "Failure in the job\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+    }
+
+    while (num_inprogress > 0) {
+#if defined(OPENSSL_SYS_WINDOWS)
+        DWORD avail = 0;
+#elif defined(OPENSSL_SYS_UNIX)
+        int select_result = 0;
+        OSSL_ASYNC_FD max_fd = 0;
+        fd_set waitfdset;
+
+        FD_ZERO(&waitfdset);
+
+        for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds)
+                    || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds);
+            FD_SET(job_fd, &waitfdset);
+            if (job_fd > max_fd)
+                max_fd = job_fd;
+        }
+
+        if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
+            BIO_printf(bio_err,
+                    "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
+                    "Decrease the value of async_jobs\n",
+                    max_fd, FD_SETSIZE);
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
+        if (select_result == -1 && errno == EINTR)
+            continue;
+
+        if (select_result == -1) {
+            BIO_printf(bio_err, "Failure in the select\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        if (select_result == 0)
+            continue;
+#endif
+
+        for (i = 0; i < async_jobs; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds)
+                    || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds);
+
+#if defined(OPENSSL_SYS_UNIX)
+            if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
+                continue;
+#elif defined(OPENSSL_SYS_WINDOWS)
+            if (num_job_fds == 1
+                && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
+                && avail > 0)
+                continue;
+#endif
+
+            ret = ASYNC_start_job(&loopargs[i].inprogress_job, 
+                    loopargs[i].wait_ctx, &job_op_count, loop_function, 
+                    (void *)(loopargs + i), sizeof(loopargs_t));
+            switch (ret) {
+            case ASYNC_PAUSE:
+                break;
+            case ASYNC_FINISH:
+                if (job_op_count == -1) {
+                    error = 1;
+                } else {
+                    total_op_count += job_op_count;
+                }
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                break;
+            case ASYNC_NO_JOBS:
+            case ASYNC_ERR:
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                BIO_printf(bio_err, "Failure in the job\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+        }
+    }
+
+    return error ? -1 : total_op_count;
+}
+
+int speed_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    loopargs_t *loopargs = NULL;
+    int async_init = 0;
+    int loopargs_len = 0;
+    char *prog;
+    const char *engine_id = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    double d = 0.0;
+    OPTION_CHOICE o;
+    int multiblock = 0, pr_header = 0;
+    int doit[ALGOR_NUM] = { 0 };
+    int ret = 1, i, k, misalign = 0;
+    long count = 0;
+#ifndef NO_FORK
+    int multi = 0;
+#endif
+    unsigned int async_jobs = 0;
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
+    long rsa_count = 1;
+#endif
+    size_t loop;
+
+    /* What follows are the buffers and key material. */
+#ifndef OPENSSL_NO_RC5
+    RC5_32_KEY rc5_ks;
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_KEY rc2_ks;
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_KEY_SCHEDULE seed_ks;
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_KEY bf_ks;
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_KEY cast_ks;
+#endif
+    static const unsigned char key16[16] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static const unsigned char key24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char key32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+#ifndef OPENSSL_NO_CAMELLIA
+    static const unsigned char ckey24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char ckey32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+    CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
+#ifndef OPENSSL_NO_DES
+    static DES_cblock key = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+    };
+    static DES_cblock key2 = {
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static DES_cblock key3 = {
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+#endif
+#ifndef OPENSSL_NO_RSA
+    static const unsigned int rsa_bits[RSA_NUM] = {
+        512, 1024, 2048, 3072, 4096, 7680, 15360
+    };
+    static const unsigned char *rsa_data[RSA_NUM] = {
+        test512, test1024, test2048, test3072, test4096, test7680, test15360
+    };
+    static const int rsa_data_length[RSA_NUM] = {
+        sizeof(test512), sizeof(test1024),
+        sizeof(test2048), sizeof(test3072),
+        sizeof(test4096), sizeof(test7680),
+        sizeof(test15360)
+    };
+    int rsa_doit[RSA_NUM] = { 0 };
+#endif
+#ifndef OPENSSL_NO_DSA
+    static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
+    int dsa_doit[DSA_NUM] = { 0 };
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * We only test over the following curves as they are representative, To
+     * add tests over more curves, simply add the curve NID and curve name to
+     * the following arrays and increase the EC_NUM value accordingly.
+     */
+    static const unsigned int test_curves[EC_NUM] = {
+        /* Prime Curves */
+        NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1,
+        NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
+        /* Binary Curves */
+        NID_sect163k1, NID_sect233k1, NID_sect283k1,
+        NID_sect409k1, NID_sect571k1, NID_sect163r2,
+        NID_sect233r1, NID_sect283r1, NID_sect409r1,
+        NID_sect571r1,
+        /* Other */
+        NID_X25519
+    };
+    static const char *test_curves_names[EC_NUM] = {
+        /* Prime Curves */
+        "secp160r1", "nistp192", "nistp224",
+        "nistp256", "nistp384", "nistp521",
+        /* Binary Curves */
+        "nistk163", "nistk233", "nistk283",
+        "nistk409", "nistk571", "nistb163",
+        "nistb233", "nistb283", "nistb409",
+        "nistb571",
+        /* Other */
+        "X25519"
+    };
+    static const int test_curves_bits[EC_NUM] = {
+        160, 192, 224,
+        256, 384, 521,
+        163, 233, 283,
+        409, 571, 163,
+        233, 283, 409,
+        571, 253 /* X25519 */
+    };
+
+    int ecdsa_doit[EC_NUM] = { 0 };
+    int ecdh_doit[EC_NUM] = { 0 };
+#endif                          /* ndef OPENSSL_NO_EC */
+
+    prog = opt_init(argc, argv, speed_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opterr:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(speed_options);
+            ret = 0;
+            goto end;
+        case OPT_ELAPSED:
+            usertime = 0;
+            break;
+        case OPT_EVP:
+            evp_md = NULL;
+            evp_cipher = EVP_get_cipherbyname(opt_arg());
+            if (evp_cipher == NULL)
+                evp_md = EVP_get_digestbyname(opt_arg());
+            if (evp_cipher == NULL && evp_md == NULL) {
+                BIO_printf(bio_err,
+                           "%s: %s is an unknown cipher or digest\n",
+                           prog, opt_arg());
+                goto end;
+            }
+            doit[D_EVP] = 1;
+            break;
+        case OPT_DECRYPT:
+            decrypt = 1;
+            break;
+        case OPT_ENGINE:
+            /*
+             * In a forked execution, an engine might need to be
+             * initialised by each child process, not by the parent.
+             * So store the name here and run setup_engine() later on.
+             */
+            engine_id = opt_arg();
+            break;
+        case OPT_MULTI:
+#ifndef NO_FORK
+            multi = atoi(opt_arg());
+#endif
+            break;
+        case OPT_ASYNCJOBS:
+#ifndef OPENSSL_NO_ASYNC
+            async_jobs = atoi(opt_arg());
+            if (!ASYNC_is_capable()) {
+                BIO_printf(bio_err,
+                           "%s: async_jobs specified but async not supported\n",
+                           prog);
+                goto opterr;
+            }
+            if (async_jobs > 99999) {
+                BIO_printf(bio_err,
+                           "%s: too many async_jobs\n",
+                           prog);
+                goto opterr;
+            }
+#endif
+            break;
+        case OPT_MISALIGN:
+            if (!opt_int(opt_arg(), &misalign))
+                goto end;
+            if (misalign > MISALIGN) {
+                BIO_printf(bio_err,
+                           "%s: Maximum offset is %d\n", prog, MISALIGN);
+                goto opterr;
+            }
+            break;
+        case OPT_MR:
+            mr = 1;
+            break;
+        case OPT_MB:
+            multiblock = 1;
+#ifdef OPENSSL_NO_MULTIBLOCK
+            BIO_printf(bio_err,
+                       "%s: -mb specified but multi-block support is disabled\n",
+                       prog);
+            goto end;
+#endif
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    /* Remaining arguments are algorithms. */
+    for ( ; *argv; argv++) {
+        if (found(*argv, doit_choices, &i)) {
+            doit[i] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_DES
+        if (strcmp(*argv, "des") == 0) {
+            doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "sha") == 0) {
+            doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(*argv, "openssl") == 0)
+            continue;
+        if (strcmp(*argv, "rsa") == 0) {
+            rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
+                rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
+                rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
+                rsa_doit[R_RSA_15360] = 1;
+            continue;
+        }
+        if (found(*argv, rsa_choices, &i)) {
+            rsa_doit[i] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(*argv, "dsa") == 0) {
+            dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
+                dsa_doit[R_DSA_2048] = 1;
+            continue;
+        }
+        if (found(*argv, dsa_choices, &i)) {
+            dsa_doit[i] = 2;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "aes") == 0) {
+            doit[D_CBC_128_AES] = doit[D_CBC_192_AES] =
+                doit[D_CBC_256_AES] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_CAMELLIA
+        if (strcmp(*argv, "camellia") == 0) {
+            doit[D_CBC_128_CML] = doit[D_CBC_192_CML] =
+                doit[D_CBC_256_CML] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(*argv, "ecdsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
+                ecdsa_doit[ecdsa_choices[loop].retval] = 1;
+            continue;
+        }
+        if (found(*argv, ecdsa_choices, &i)) {
+            ecdsa_doit[i] = 2;
+            continue;
+        }
+        if (strcmp(*argv, "ecdh") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
+                ecdh_doit[ecdh_choices[loop].retval] = 1;
+            continue;
+        }
+        if (found(*argv, ecdh_choices, &i)) {
+            ecdh_doit[i] = 2;
+            continue;
+        }
+#endif
+        BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
+        goto end;
+    }
+
+    /* Initialize the job pool if async mode is enabled */
+    if (async_jobs > 0) {
+        async_init = ASYNC_init_thread(async_jobs, async_jobs);
+        if (!async_init) {
+            BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
+            goto end;
+        }
+    }
+
+    loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
+    loopargs = app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
+    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
+
+    for (i = 0; i < loopargs_len; i++) {
+        if (async_jobs > 0) {
+            loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
+            if (loopargs[i].wait_ctx == NULL) {
+                BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
+                goto end;
+            }
+        }
+
+        loopargs[i].buf_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer");
+        loopargs[i].buf2_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer");
+        /* Align the start of buffers on a 64 byte boundary */
+        loopargs[i].buf = loopargs[i].buf_malloc + misalign;
+        loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+#ifndef OPENSSL_NO_EC
+        loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
+        loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
+#endif
+    }
+
+#ifndef NO_FORK
+    if (multi && do_multi(multi))
+        goto show_res;
+#endif
+
+    /* Initialize the engine after the fork */
+    e = setup_engine(engine_id, 0);
+
+    /* No parameters; turn on everything. */
+    if ((argc == 0) && !doit[D_EVP]) {
+        for (i = 0; i < ALGOR_NUM; i++)
+            if (i != D_EVP)
+                doit[i] = 1;
+#ifndef OPENSSL_NO_RSA
+        for (i = 0; i < RSA_NUM; i++)
+            rsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (i = 0; i < DSA_NUM; i++)
+            dsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_EC
+        for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
+            ecdsa_doit[ecdsa_choices[loop].retval] = 1;
+        for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++)
+            ecdh_doit[ecdh_choices[loop].retval] = 1;
+#endif
+    }
+    for (i = 0; i < ALGOR_NUM; i++)
+        if (doit[i])
+            pr_header++;
+
+    if (usertime == 0 && !mr)
+        BIO_printf(bio_err,
+                   "You have chosen to measure elapsed time "
+                   "instead of user CPU time.\n");
+
+#ifndef OPENSSL_NO_RSA
+    for (i = 0; i < loopargs_len; i++) {
+        for (k = 0; k < RSA_NUM; k++) {
+            const unsigned char *p;
+
+            p = rsa_data[k];
+            loopargs[i].rsa_key[k] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
+            if (loopargs[i].rsa_key[k] == NULL) {
+                BIO_printf(bio_err, "internal error loading RSA key number %d\n",
+                        k);
+                goto end;
+            }
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    for (i = 0; i < loopargs_len; i++) {
+        loopargs[i].dsa_key[0] = get_dsa512();
+        loopargs[i].dsa_key[1] = get_dsa1024();
+        loopargs[i].dsa_key[2] = get_dsa2048();
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    DES_set_key_unchecked(&key, &sch);
+    DES_set_key_unchecked(&key2, &sch2);
+    DES_set_key_unchecked(&key3, &sch3);
+#endif
+    AES_set_encrypt_key(key16, 128, &aes_ks1);
+    AES_set_encrypt_key(key24, 192, &aes_ks2);
+    AES_set_encrypt_key(key32, 256, &aes_ks3);
+#ifndef OPENSSL_NO_CAMELLIA
+    Camellia_set_key(key16, 128, &camellia_ks1);
+    Camellia_set_key(ckey24, 192, &camellia_ks2);
+    Camellia_set_key(ckey32, 256, &camellia_ks3);
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_set_encrypt_key(key16, &idea_ks);
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_set_key(key16, &seed_ks);
+#endif
+#ifndef OPENSSL_NO_RC4
+    RC4_set_key(&rc4_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_set_key(&rc2_ks, 16, key16, 128);
+#endif
+#ifndef OPENSSL_NO_RC5
+    RC5_32_set_key(&rc5_ks, 16, key16, 12);
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_set_key(&bf_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_set_key(&cast_ks, 16, key16);
+#endif
+#ifndef SIGALRM
+# ifndef OPENSSL_NO_DES
+    BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+    count = 10;
+    do {
+        long it;
+        count *= 2;
+        Time_F(START);
+        for (it = count; it; it--)
+            DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
+                            (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
+        d = Time_F(STOP);
+    } while (d < 3);
+    save_count = count;
+    c[D_MD2][0] = count / 10;
+    c[D_MDC2][0] = count / 10;
+    c[D_MD4][0] = count;
+    c[D_MD5][0] = count;
+    c[D_HMAC][0] = count;
+    c[D_SHA1][0] = count;
+    c[D_RMD160][0] = count;
+    c[D_RC4][0] = count * 5;
+    c[D_CBC_DES][0] = count;
+    c[D_EDE3_DES][0] = count / 3;
+    c[D_CBC_IDEA][0] = count;
+    c[D_CBC_SEED][0] = count;
+    c[D_CBC_RC2][0] = count;
+    c[D_CBC_RC5][0] = count;
+    c[D_CBC_BF][0] = count;
+    c[D_CBC_CAST][0] = count;
+    c[D_CBC_128_AES][0] = count;
+    c[D_CBC_192_AES][0] = count;
+    c[D_CBC_256_AES][0] = count;
+    c[D_CBC_128_CML][0] = count;
+    c[D_CBC_192_CML][0] = count;
+    c[D_CBC_256_CML][0] = count;
+    c[D_SHA256][0] = count;
+    c[D_SHA512][0] = count;
+    c[D_WHIRLPOOL][0] = count;
+    c[D_IGE_128_AES][0] = count;
+    c[D_IGE_192_AES][0] = count;
+    c[D_IGE_256_AES][0] = count;
+    c[D_GHASH][0] = count;
+
+    for (i = 1; i < SIZE_NUM; i++) {
+        long l0, l1;
+
+        l0 = (long)lengths[0];
+        l1 = (long)lengths[i];
+
+        c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
+        c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
+        c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
+        c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
+        c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
+        c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
+        c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
+        c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
+        c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
+        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
+        c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
+
+        l0 = (long)lengths[i - 1];
+
+        c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+        c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+        c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+        c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+        c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+        c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+        c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+        c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+        c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+        c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+        c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+        c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+        c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+        c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+        c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+        c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+        c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+        c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+    }
+
+#  ifndef OPENSSL_NO_RSA
+    rsa_c[R_RSA_512][0] = count / 2000;
+    rsa_c[R_RSA_512][1] = count / 400;
+    for (i = 1; i < RSA_NUM; i++) {
+        rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+        rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+        if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
+            rsa_doit[i] = 0;
+        else {
+            if (rsa_c[i][0] == 0) {
+                rsa_c[i][0] = 1;            /* Set minimum iteration Nb to 1. */
+                rsa_c[i][1] = 20;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_DSA
+    dsa_c[R_DSA_512][0] = count / 1000;
+    dsa_c[R_DSA_512][1] = count / 1000 / 2;
+    for (i = 1; i < DSA_NUM; i++) {
+        dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+        dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+        if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
+            dsa_doit[i] = 0;
+        else {
+            if (dsa_c[i][0] == 0) {
+                dsa_c[i][0] = 1;            /* Set minimum iteration Nb to 1. */
+                dsa_c[i][1] = 1;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_EC
+    ecdsa_c[R_EC_P160][0] = count / 1000;
+    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_K163][0] = count / 1000;
+    ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_B163][0] = count / 1000;
+    ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+
+    ecdh_c[R_EC_P160][0] = count / 1000;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_K163][0] = count / 1000;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_B163][0] = count / 1000;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+#  endif
+
+# else
+/* not worth fixing */
+#  error "You cannot disable DES on systems without SIGALRM."
+# endif                        /* OPENSSL_NO_DES */
+#else
+# ifndef _WIN32
+    signal(SIGALRM, sig_done);
+# endif
+#endif                         /* SIGALRM */
+
+#ifndef OPENSSL_NO_MD2
+    if (doit[D_MD2]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_MDC2
+    if (doit[D_MDC2]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MDC2, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD4
+    if (doit[D_MD4]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD4, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    if (doit[D_MD5]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, MD5_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD5, testnum, count, d);
+        }
+    }
+
+    if (doit[D_HMAC]) {
+        static const char hmac_key[] = "This is a key...";
+        int len = strlen(hmac_key);
+
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].hctx = HMAC_CTX_new();
+            if (loopargs[i].hctx == NULL) {
+                BIO_printf(bio_err, "HMAC malloc failure, exiting...");
+                exit(1);
+            }
+
+            HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
+        }
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, HMAC_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_HMAC, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++) {
+            HMAC_CTX_free(loopargs[i].hctx);
+        }
+    }
+#endif
+    if (doit[D_SHA1]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA1_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA1, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA256]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_SHA256], c[D_SHA256][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA256_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA256, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA512]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_SHA512], c[D_SHA512][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA512_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA512, testnum, count, d);
+        }
+    }
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+    if (doit[D_WHIRLPOOL]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_WHIRLPOOL, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+    if (doit[D_RMD160]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_RMD160], c[D_RMD160][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RMD160, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC4
+    if (doit[D_RC4]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RC4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RC4, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    if (doit[D_CBC_DES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_DES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_EDE3_DES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_EDE3_DES, testnum, count, d);
+        }
+    }
+#endif
+
+    if (doit[D_CBC_128_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_AES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_IGE_128_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_192_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_256_AES]) {
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_256_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_GHASH]) {
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].gcm_ctx = CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
+            CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, (unsigned char *)"0123456789ab", 12);
+        }
+
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum]);
+            Time_F(START);
+            count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_GHASH, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++)
+            CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
+    }
+
+#ifndef OPENSSL_NO_CAMELLIA
+    if (doit[D_CBC_128_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_128_CML]);
+            doit[D_CBC_128_CML] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks1,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_192_CML]);
+            doit[D_CBC_192_CML] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
+                          lengths[testnum]);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks2,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_256_CML]);
+            doit[D_CBC_256_CML] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
+                          lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks3,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_CML, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_IDEA
+    if (doit[D_CBC_IDEA]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_IDEA]);
+            doit[D_CBC_IDEA] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
+                IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &idea_ks,
+                                 iv, IDEA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_IDEA, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_SEED
+    if (doit[D_CBC_SEED]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_SEED]);
+            doit[D_CBC_SEED] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
+                SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &seed_ks, iv, 1);
+            d = Time_F(STOP);
+            print_result(D_CBC_SEED, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC2
+    if (doit[D_CBC_RC2]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC2]);
+            doit[D_CBC_RC2] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], lengths[testnum]);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
+                RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                (size_t)lengths[testnum], &rc2_ks,
+                                iv, RC2_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC5
+    if (doit[D_CBC_RC5]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC5]);
+            doit[D_CBC_RC5] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], lengths[testnum]);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
+                RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                   (size_t)lengths[testnum], &rc5_ks,
+                                   iv, RC5_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC5, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_BF
+    if (doit[D_CBC_BF]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_BF]);
+            doit[D_CBC_BF] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
+                BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                               (size_t)lengths[testnum], &bf_ks,
+                               iv, BF_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_BF, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_CAST
+    if (doit[D_CBC_CAST]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_CAST]);
+            doit[D_CBC_CAST] = 0;
+        }
+        for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
+            print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], lengths[testnum]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
+                CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &cast_ks,
+                                 iv, CAST_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_CAST, testnum, count, d);
+        }
+    }
+#endif
+
+    if (doit[D_EVP]) {
+        if (multiblock && evp_cipher) {
+            if (!
+                (EVP_CIPHER_flags(evp_cipher) &
+                 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+                BIO_printf(bio_err, "%s is not multi-block capable\n",
+                           OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+                goto end;
+            }
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            multiblock_speed(evp_cipher);
+            ret = 0;
+            goto end;
+        }
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            if (evp_cipher) {
+
+                names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+                /*
+                 * -O3 -fschedule-insns messes up an optimization here!
+                 * names[D_EVP] somehow becomes NULL
+                 */
+                print_message(names[D_EVP], save_count, lengths[testnum]);
+
+                for (k = 0; k < loopargs_len; k++) {
+                    loopargs[k].ctx = EVP_CIPHER_CTX_new();
+                    if (decrypt)
+                        EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
+                    else
+                        EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
+                    EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
+                }
+
+                Time_F(START);
+                count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);
+                d = Time_F(STOP);
+                for (k = 0; k < loopargs_len; k++) {
+                    EVP_CIPHER_CTX_free(loopargs[k].ctx);
+                }
+            }
+            if (evp_md) {
+                names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
+                print_message(names[D_EVP], save_count, lengths[testnum]);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
+                d = Time_F(STOP);
+            }
+            print_result(D_EVP, testnum, count, d);
+        }
+    }
+
+    for (i = 0; i < loopargs_len; i++)
+        RAND_bytes(loopargs[i].buf, 36);
+
+#ifndef OPENSSL_NO_RSA
+    for (testnum = 0; testnum < RSA_NUM; testnum++) {
+        int st = 0;
+        if (!rsa_doit[testnum])
+            continue;
+        for (i = 0; i < loopargs_len; i++) {
+            st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "RSA sign failure.  No RSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("private", "rsa",
+                               rsa_c[testnum][0], rsa_bits[testnum], RSA_SECONDS);
+            /* RSA_blinding_on(rsa_key[testnum],NULL); */
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R1:%ld:%d:%.2f\n"
+                       : "%ld %d bit private RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][0] = d / (double)count;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "RSA verify failure.  No RSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("public", "rsa",
+                               rsa_c[testnum][1], rsa_bits[testnum], RSA_SECONDS);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R2:%ld:%d:%.2f\n"
+                       : "%ld %d bit public RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][1] = d / (double)count;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < RSA_NUM; testnum++)
+                rsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_RSA */
+
+    for (i = 0; i < loopargs_len; i++)
+        RAND_bytes(loopargs[i].buf, 36);
+
+#ifndef OPENSSL_NO_DSA
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+    }
+    for (testnum = 0; testnum < DSA_NUM; testnum++) {
+        int st = 0;
+        if (!dsa_doit[testnum])
+            continue;
+
+        /* DSA_generate_key(dsa_key[testnum]); */
+        /* DSA_sign_setup(dsa_key[testnum],NULL); */
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "DSA sign failure.  No DSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("sign", "dsa",
+                               dsa_c[testnum][0], dsa_bits[testnum], DSA_SECONDS);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R3:%ld:%d:%.2f\n"
+                       : "%ld %d bit DSA signs in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][0] = d / (double)count;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "DSA verify failure.  No DSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            dsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("verify", "dsa",
+                               dsa_c[testnum][1], dsa_bits[testnum], DSA_SECONDS);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R4:%ld:%d:%.2f\n"
+                       : "%ld %d bit DSA verify in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][1] = d / (double)count;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < DSA_NUM; testnum++)
+                dsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+    }
+    for (testnum = 0; testnum < EC_NUM; testnum++) {
+        int st = 1;
+
+        if (!ecdsa_doit[testnum])
+            continue;           /* Ignore Curve */
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].ecdsa[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+            if (loopargs[i].ecdsa[testnum] == NULL) {
+                st = 0;
+                break;
+            }
+        }
+        if (st == 0) {
+            BIO_printf(bio_err, "ECDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
+                /* Perform ECDSA signature test */
+                EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
+                st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                &loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+                if (st == 0)
+                    break;
+            }
+            if (st == 0) {
+                BIO_printf(bio_err,
+                           "ECDSA sign failure.  No ECDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", "ecdsa",
+                                   ecdsa_c[testnum][0],
+                                   test_curves_bits[testnum], ECDSA_SECONDS);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R5:%ld:%d:%.2f\n" :
+                           "%ld %d bit ECDSA signs in %.2fs \n",
+                           count, test_curves_bits[testnum], d);
+                ecdsa_results[testnum][0] = d / (double)count;
+                rsa_count = count;
+            }
+
+            /* Perform ECDSA verification test */
+            for (i = 0; i < loopargs_len; i++) {
+                st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                  loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+                if (st != 1)
+                    break;
+            }
+            if (st != 1) {
+                BIO_printf(bio_err,
+                           "ECDSA verify failure.  No ECDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                ecdsa_doit[testnum] = 0;
+            } else {
+                pkey_print_message("verify", "ecdsa",
+                                   ecdsa_c[testnum][1],
+                                   test_curves_bits[testnum], ECDSA_SECONDS);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R6:%ld:%d:%.2f\n"
+                           : "%ld %d bit ECDSA verify in %.2fs\n",
+                           count, test_curves_bits[testnum], d);
+                ecdsa_results[testnum][1] = d / (double)count;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (testnum++; testnum < EC_NUM; testnum++)
+                    ecdsa_doit[testnum] = 0;
+            }
+        }
+    }
+
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+    }
+    for (testnum = 0; testnum < EC_NUM; testnum++) {
+        int ecdh_checks = 1;
+
+        if (!ecdh_doit[testnum])
+            continue;
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].ecdh_a[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+            loopargs[i].ecdh_b[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+            if (loopargs[i].ecdh_a[testnum] == NULL ||
+                loopargs[i].ecdh_b[testnum] == NULL) {
+                ecdh_checks = 0;
+                break;
+            }
+        }
+        if (ecdh_checks == 0) {
+            BIO_printf(bio_err, "ECDH failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                /* generate two ECDH key pairs */
+                if (!EC_KEY_generate_key(loopargs[i].ecdh_a[testnum]) ||
+                        !EC_KEY_generate_key(loopargs[i].ecdh_b[testnum])) {
+                    BIO_printf(bio_err, "ECDH key generation failure.\n");
+                    ERR_print_errors(bio_err);
+                    ecdh_checks = 0;
+                    rsa_count = 1;
+                } else {
+                    int secret_size_a, secret_size_b;
+                    /*
+                     * If field size is not more than 24 octets, then use SHA-1
+                     * hash of result; otherwise, use result (see section 4.8 of
+                     * draft-ietf-tls-ecc-03.txt).
+                     */
+                    int field_size = EC_GROUP_get_degree(
+                            EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
+
+                    if (field_size <= 24 * 8) {                 /* 192 bits */
+                        loopargs[i].outlen = KDF1_SHA1_len;
+                        loopargs[i].kdf = KDF1_SHA1;
+                    } else {
+                        loopargs[i].outlen = (field_size + 7) / 8;
+                        loopargs[i].kdf = NULL;
+                    }
+                    secret_size_a =
+                        ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen,
+                                EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]),
+                                loopargs[i].ecdh_a[testnum], loopargs[i].kdf);
+                    secret_size_b =
+                        ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen,
+                                EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]),
+                                loopargs[i].ecdh_b[testnum], loopargs[i].kdf);
+                    if (secret_size_a != secret_size_b)
+                        ecdh_checks = 0;
+                    else
+                        ecdh_checks = 1;
+
+                    for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
+                        if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
+                            ecdh_checks = 0;
+                    }
+
+                    if (ecdh_checks == 0) {
+                        BIO_printf(bio_err, "ECDH computations don't match.\n");
+                        ERR_print_errors(bio_err);
+                        rsa_count = 1;
+                        break;
+                    }
+                }
+            }
+            if (ecdh_checks != 0) {
+                pkey_print_message("", "ecdh",
+                        ecdh_c[testnum][0],
+                        test_curves_bits[testnum], ECDH_SECONDS);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                        mr ? "+R7:%ld:%d:%.2f\n" :
+                        "%ld %d-bit ECDH ops in %.2fs\n", count,
+                        test_curves_bits[testnum], d);
+                ecdh_results[testnum][0] = d / (double)count;
+                rsa_count = count;
+            }
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < EC_NUM; testnum++)
+                ecdh_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_EC */
+#ifndef NO_FORK
+ show_res:
+#endif
+    if (!mr) {
+        printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+        printf("options:");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+        printf("%s ", AES_options());
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    }
+
+    if (pr_header) {
+        if (mr)
+            printf("+H");
+        else {
+            printf
+                ("The 'numbers' are in 1000s of bytes per second processed.\n");
+            printf("type        ");
+        }
+        for (testnum = 0; testnum < SIZE_NUM; testnum++)
+            printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
+        printf("\n");
+    }
+
+    for (k = 0; k < ALGOR_NUM; k++) {
+        if (!doit[k])
+            continue;
+        if (mr)
+            printf("+F:%d:%s", k, names[k]);
+        else
+            printf("%-13s", names[k]);
+        for (testnum = 0; testnum < SIZE_NUM; testnum++) {
+            if (results[k][testnum] > 10000 && !mr)
+                printf(" %11.2fk", results[k][testnum] / 1e3);
+            else
+                printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
+        }
+        printf("\n");
+    }
+#ifndef OPENSSL_NO_RSA
+    testnum = 1;
+    for (k = 0; k < RSA_NUM; k++) {
+        if (!rsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F2:%u:%u:%f:%f\n",
+                   k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
+        else
+            printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
+                   1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    testnum = 1;
+    for (k = 0; k < DSA_NUM; k++) {
+        if (!dsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F3:%u:%u:%f:%f\n",
+                   k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+        else
+            printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
+                   1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    testnum = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+
+        if (mr)
+            printf("+F4:%u:%u:%f:%f\n",
+                   k, test_curves_bits[k],
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
+        else
+            printf("%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                   test_curves_bits[k],
+                   test_curves_names[k],
+                   ecdsa_results[k][0], ecdsa_results[k][1],
+                   1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+    }
+
+    testnum = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdh_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30sop      op/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F5:%u:%u:%f:%f\n",
+                   k, test_curves_bits[k],
+                   ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+
+        else
+            printf("%4u bit ecdh (%s) %8.4fs %8.1f\n",
+                   test_curves_bits[k],
+                   test_curves_names[k],
+                   ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+    }
+#endif
+
+    ret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    for (i = 0; i < loopargs_len; i++) {
+        OPENSSL_free(loopargs[i].buf_malloc);
+        OPENSSL_free(loopargs[i].buf2_malloc);
+
+#ifndef OPENSSL_NO_RSA
+        for (k = 0; k < RSA_NUM; k++)
+            RSA_free(loopargs[i].rsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (k = 0; k < DSA_NUM; k++)
+            DSA_free(loopargs[i].dsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_EC
+        for (k = 0; k < EC_NUM; k++) {
+            EC_KEY_free(loopargs[i].ecdsa[k]);
+            EC_KEY_free(loopargs[i].ecdh_a[k]);
+            EC_KEY_free(loopargs[i].ecdh_b[k]);
+        }
+        OPENSSL_free(loopargs[i].secret_a);
+        OPENSSL_free(loopargs[i].secret_b);
+#endif
+    }
+
+    if (async_jobs > 0) {
+        for (i = 0; i < loopargs_len; i++)
+            ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
+    }
+
+    if (async_init) {
+        ASYNC_cleanup_thread();
+    }
+    OPENSSL_free(loopargs);
+    release_engine(e);
+    return (ret);
+}
+
+static void print_message(const char *s, long num, int length)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DT:%s:%d:%d\n"
+               : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
+    (void)BIO_flush(bio_err);
+    alarm(SECONDS);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DN:%s:%ld:%d\n"
+               : "Doing %s %ld times on %d size blocks: ", s, num, length);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+                               int bits, int tm)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DTP:%d:%s:%s:%d\n"
+               : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
+    (void)BIO_flush(bio_err);
+    alarm(tm);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DNP:%ld:%d:%s:%s\n"
+               : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void print_result(int alg, int run_no, int count, double time_used)
+{
+    if (count == -1) {
+        BIO_puts(bio_err, "EVP error!\n");
+        exit(1);
+    }
+    BIO_printf(bio_err,
+               mr ? "+R:%d:%s:%f\n"
+               : "%d %s's in %.2fs\n", count, names[alg], time_used);
+    results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
+}
+
+#ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+{
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof(isdelim));
+    isdelim[0] = 1;
+
+    while (*delim) {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+    }
+
+    while (!isdelim[(unsigned char)(**string)]) {
+        (*string)++;
+    }
+
+    if (**string) {
+        **string = 0;
+        (*string)++;
+    }
+
+    return token;
+}
+
+static int do_multi(int multi)
+{
+    int n;
+    int fd[2];
+    int *fds;
+    static char sep[] = ":";
+
+    fds = malloc(sizeof(*fds) * multi);
+    for (n = 0; n < multi; ++n) {
+        if (pipe(fd) == -1) {
+            BIO_printf(bio_err, "pipe failure\n");
+            exit(1);
+        }
+        fflush(stdout);
+        (void)BIO_flush(bio_err);
+        if (fork()) {
+            close(fd[1]);
+            fds[n] = fd[0];
+        } else {
+            close(fd[0]);
+            close(1);
+            if (dup(fd[1]) == -1) {
+                BIO_printf(bio_err, "dup failed\n");
+                exit(1);
+            }
+            close(fd[1]);
+            mr = 1;
+            usertime = 0;
+            free(fds);
+            return 0;
+        }
+        printf("Forked child %d\n", n);
+    }
+
+    /* for now, assume the pipe is long enough to take all the output */
+    for (n = 0; n < multi; ++n) {
+        FILE *f;
+        char buf[1024];
+        char *p;
+
+        f = fdopen(fds[n], "r");
+        while (fgets(buf, sizeof(buf), f)) {
+            p = strchr(buf, '\n');
+            if (p)
+                *p = '\0';
+            if (buf[0] != '+') {
+                BIO_printf(bio_err, "Don't understand line '%s' from child %d\n",
+                        buf, n);
+                continue;
+            }
+            printf("Got: %s from %d\n", buf, n);
+            if (strncmp(buf, "+F:", 3) == 0) {
+                int alg;
+                int j;
+
+                p = buf + 3;
+                alg = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+                for (j = 0; j < SIZE_NUM; ++j)
+                    results[alg][j] += atof(sstrsep(&p, sep));
+            } else if (strncmp(buf, "+F2:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
+                else
+                    rsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
+                else
+                    rsa_results[k][1] = d;
+            }
+# ifndef OPENSSL_NO_DSA
+            else if (strncmp(buf, "+F3:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
+                else
+                    dsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
+                else
+                    dsa_results[k][1] = d;
+            }
+# endif
+# ifndef OPENSSL_NO_EC
+            else if (strncmp(buf, "+F4:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdsa_results[k][0] =
+                        1 / (1 / ecdsa_results[k][0] + 1 / d);
+                else
+                    ecdsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdsa_results[k][1] =
+                        1 / (1 / ecdsa_results[k][1] + 1 / d);
+                else
+                    ecdsa_results[k][1] = d;
+            } else if (strncmp(buf, "+F5:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
+                else
+                    ecdh_results[k][0] = d;
+
+            }
+# endif
+
+            else if (strncmp(buf, "+H:", 3) == 0) {
+                ;
+            } else
+                BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, n);
+        }
+
+        fclose(f);
+    }
+    free(fds);
+    return 1;
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher)
+{
+    static int mblengths[] =
+        { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
+    int j, count, num = OSSL_NELEM(mblengths);
+    const char *alg_name;
+    unsigned char *inp, *out, no_key[32], no_iv[16];
+    EVP_CIPHER_CTX *ctx;
+    double d = 0.0;
+
+    inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
+    out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv);
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
+                        no_key);
+    alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+
+    for (j = 0; j < num; j++) {
+        print_message(alg_name, 0, mblengths[j]);
+        Time_F(START);
+        for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
+            unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+            size_t len = mblengths[j];
+            int packlen;
+
+            memset(aad, 0, 8);  /* avoid uninitialized values */
+            aad[8] = 23;        /* SSL3_RT_APPLICATION_DATA */
+            aad[9] = 3;         /* version */
+            aad[10] = 2;
+            aad[11] = 0;        /* length */
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = len;
+            mb_param.interleave = 8;
+
+            packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+
+            if (packlen > 0) {
+                mb_param.out = out;
+                mb_param.inp = inp;
+                mb_param.len = len;
+                EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param);
+            } else {
+                int pad;
+
+                RAND_bytes(out, 16);
+                len += 16;
+                aad[11] = len >> 8;
+                aad[12] = len;
+                pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, aad);
+                EVP_Cipher(ctx, out, inp, len + pad);
+            }
+        }
+        d = Time_F(STOP);
+        BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
+                   : "%d %s's in %.2fs\n", count, "evp", d);
+        results[D_EVP][j] = ((double)count) / d * mblengths[j];
+    }
+
+    if (mr) {
+        fprintf(stdout, "+H");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%d", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%.2f", results[D_EVP][j]);
+        fprintf(stdout, "\n");
+    } else {
+        fprintf(stdout,
+                "The 'numbers' are in 1000s of bytes per second processed.\n");
+        fprintf(stdout, "type                    ");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, "%7d bytes", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "%-24s", alg_name);
+
+        for (j = 0; j < num; j++) {
+            if (results[D_EVP][j] > 10000)
+                fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
+            else
+                fprintf(stdout, " %11.2f ", results[D_EVP][j]);
+        }
+        fprintf(stdout, "\n");
+    }
+
+    OPENSSL_free(inp);
+    OPENSSL_free(out);
+    EVP_CIPHER_CTX_free(ctx);
+}
diff --git a/openssl-1.1.0h/apps/spkac.c b/openssl-1.1.0h/apps/spkac.c
new file mode 100644
index 0000000..3449067
--- /dev/null
+++ b/openssl-1.1.0h/apps/spkac.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
+    OPT_SPKSECT
+} OPTION_CHOICE;
+
+OPTIONS spkac_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, '<', "Create SPKAC using private key"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"challenge", OPT_CHALLENGE, 's', "Challenge string"},
+    {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
+    {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
+    {"spksect", OPT_SPKSECT, 's',
+     "Specify the name of an SPKAC-dedicated section of configuration"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int spkac_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *challenge = NULL, *keyfile = NULL;
+    char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
+    char *spkstr = NULL, *prog;
+    const char *spkac = "SPKAC", *spksect = "default";
+    int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, spkac_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(spkac_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_CHALLENGE:
+            challenge = opt_arg();
+            break;
+        case OPT_SPKAC:
+            spkac = opt_arg();
+            break;
+        case OPT_SPKSECT:
+            spksect = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
+                        FORMAT_PEM, 1, passin, e, "private key");
+        if (pkey == NULL)
+            goto end;
+        spki = NETSCAPE_SPKI_new();
+        if (spki == NULL)
+            goto end;
+        if (challenge != NULL)
+            ASN1_STRING_set(spki->spkac->challenge,
+                            challenge, (int)strlen(challenge));
+        NETSCAPE_SPKI_set_pubkey(spki, pkey);
+        NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        spkstr = NETSCAPE_SPKI_b64_encode(spki);
+        if (spkstr == NULL)
+            goto end;
+
+        out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+        if (out == NULL) {
+            OPENSSL_free(spkstr);
+            goto end;
+        }
+        BIO_printf(out, "SPKAC=%s\n", spkstr);
+        OPENSSL_free(spkstr);
+        ret = 0;
+        goto end;
+    }
+
+    if ((conf = app_load_config(infile)) == NULL)
+        goto end;
+
+    spkstr = NCONF_get_string(conf, spksect, spkac);
+
+    if (spkstr == NULL) {
+        BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Error loading SPKAC\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (!noout)
+        NETSCAPE_SPKI_print(out, spki);
+    pkey = NETSCAPE_SPKI_get_pubkey(spki);
+    if (verify) {
+        i = NETSCAPE_SPKI_verify(spki, pkey);
+        if (i > 0) {
+            BIO_printf(bio_err, "Signature OK\n");
+        } else {
+            BIO_printf(bio_err, "Signature Failure\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (pubkey)
+        PEM_write_bio_PUBKEY(out, pkey);
+
+    ret = 0;
+
+ end:
+    NCONF_free(conf);
+    NETSCAPE_SPKI_free(spki);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/srp.c b/openssl-1.1.0h/apps/srp.c
new file mode 100644
index 0000000..0ead68e
--- /dev/null
+++ b/openssl-1.1.0h/apps/srp.c
@@ -0,0 +1,613 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SRP
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/conf.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/txt_db.h>
+# include <openssl/buffer.h>
+# include <openssl/srp.h>
+# include "apps.h"
+
+# define BASE_SECTION    "srp"
+# define CONFIG_FILE "openssl.cnf"
+
+# define ENV_RANDFILE            "RANDFILE"
+
+# define ENV_DATABASE            "srpvfile"
+# define ENV_DEFAULT_SRP         "default_srp"
+
+static int get_index(CA_DB *db, char *id, char type)
+{
+    char **pp;
+    int i;
+    if (id == NULL)
+        return -1;
+    if (type == DB_SRP_INDEX) {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_srptype][0] == DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    } else {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] != DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static void print_entry(CA_DB *db, int indx, int verbose, char *s)
+{
+    if (indx >= 0 && verbose) {
+        int j;
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
+        BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
+        for (j = 0; j < DB_NUMBER; j++) {
+            BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
+        }
+    }
+}
+
+static void print_index(CA_DB *db, int indexindex, int verbose)
+{
+    print_entry(db, indexindex, verbose, "g N entry");
+}
+
+static void print_user(CA_DB *db, int userindex, int verbose)
+{
+    if (verbose > 0) {
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+        if (pp[DB_srptype][0] != 'I') {
+            print_entry(db, userindex, verbose, "User entry");
+            print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
+                        "g N entry");
+        }
+
+    }
+}
+
+static int update_index(CA_DB *db, char **row)
+{
+    char **irow;
+    int i;
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update srpvfile\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        OPENSSL_free(irow);
+        return 0;
+    }
+    return 1;
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static char *srp_verify_user(const char *user, const char *srp_verifier,
+                             char *srp_usersalt, const char *g, const char *N,
+                             const char *passin, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *verifier = NULL;
+    char *gNid = NULL;
+    int len;
+
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passin;
+
+    len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err,
+                       "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, srp_verifier, srp_usersalt, g, N);
+        if (verbose > 1)
+            BIO_printf(bio_err, "Pass %s\n", password);
+
+        OPENSSL_assert(srp_usersalt != NULL);
+        if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
+                                         &verifier, N, g)) ) {
+            BIO_printf(bio_err, "Internal error validating SRP verifier\n");
+        } else {
+            if (strcmp(verifier, srp_verifier))
+                gNid = NULL;
+            OPENSSL_free(verifier);
+        }
+        OPENSSL_cleanse(password, len);
+    }
+    return gNid;
+}
+
+static char *srp_create_user(char *user, char **srp_verifier,
+                             char **srp_usersalt, char *g, char *N,
+                             char *passout, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *gNid = NULL;
+    char *salt = NULL;
+    int len;
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passout;
+
+    len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, g, N);
+        if (!(gNid = SRP_create_verifier(user, password, &salt,
+                                         srp_verifier, N, g)) ) {
+            BIO_printf(bio_err, "Internal error creating SRP verifier\n");
+        } else {
+            *srp_usersalt = salt;
+        }
+        OPENSSL_cleanse(password, len);
+        if (verbose > 1)
+            BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
+                       gNid, salt, *srp_verifier);
+
+    }
+    return gNid;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
+    OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
+    OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE
+} OPTION_CHOICE;
+
+OPTIONS srp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
+    {"config", OPT_CONFIG, '<', "A config file"},
+    {"name", OPT_NAME, 's', "The particular srp definition to use"},
+    {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
+    {"add", OPT_ADD, '-', "Add a user and srp verifier"},
+    {"modify", OPT_MODIFY, '-',
+     "Modify the srp verifier of an existing user"},
+    {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
+    {"list", OPT_LIST, '-', "List users"},
+    {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
+    {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int srp_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    CA_DB *db = NULL;
+    CONF *conf = NULL;
+    int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
+    int doupdatedb = 0, mode = OPT_ERR;
+    char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
+    char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
+    char *randfile = NULL, *section = NULL;
+    char **gNrow = NULL, *configfile = NULL;
+    char *srpvfile = NULL, **pp, *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, srp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(srp_options);
+            ret = 0;
+            goto end;
+        case OPT_VERBOSE:
+            verbose++;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SRPVFILE:
+            srpvfile = opt_arg();
+            break;
+        case OPT_ADD:
+        case OPT_DELETE:
+        case OPT_MODIFY:
+        case OPT_LIST:
+            if (mode != OPT_ERR) {
+                BIO_printf(bio_err,
+                           "%s: Only one of -add/-delete/-modify/-list\n",
+                           prog);
+                goto opthelp;
+            }
+            mode = o;
+            break;
+        case OPT_GN:
+            gN = opt_arg();
+            break;
+        case OPT_USERINFO:
+            userinfo = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (srpvfile && configfile) {
+        BIO_printf(bio_err,
+                   "-srpvfile and -configfile cannot be specified together.\n");
+        goto end;
+    }
+    if (mode == OPT_ERR) {
+        BIO_printf(bio_err,
+                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+        goto opthelp;
+    }
+    if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "Need at least one user.\n");
+            goto opthelp;
+        }
+        user = *argv++;
+    }
+    if ((passinarg || passoutarg) && argc != 1) {
+        BIO_printf(bio_err,
+                   "-passin, -passout arguments only valid with one user.\n");
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (!srpvfile) {
+        if (!configfile)
+            configfile = default_config_file;
+
+        if (verbose)
+            BIO_printf(bio_err, "Using configuration from %s\n",
+                       configfile);
+        conf = app_load_config(configfile);
+        if (conf == NULL)
+            goto end;
+        if (configfile != default_config_file && !app_load_modules(conf))
+            goto end;
+
+        /* Lets get the config section we are using */
+        if (section == NULL) {
+            if (verbose)
+                BIO_printf(bio_err,
+                           "trying to read " ENV_DEFAULT_SRP
+                           " in " BASE_SECTION "\n");
+
+            section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+            if (section == NULL)
+                goto end;
+        }
+
+        if (randfile == NULL)
+            randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+
+        if (verbose)
+            BIO_printf(bio_err,
+                       "trying to read " ENV_DATABASE " in section \"%s\"\n",
+                       section);
+
+        srpvfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (srpvfile == NULL)
+            goto end;
+    }
+    if (randfile == NULL)
+        ERR_clear_error();
+    else
+        app_RAND_load_file(randfile, 0);
+
+    if (verbose)
+        BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
+                   srpvfile);
+
+    db = load_index(srpvfile, NULL);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            maxgN = i;
+            if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
+                gNindex = i;
+
+            print_index(db, i, verbose > 1);
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Database initialised\n");
+
+    if (gNindex >= 0) {
+        gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
+        print_entry(db, gNindex, verbose > 1, "Default g and N");
+    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
+        BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
+        goto end;
+    } else {
+        if (verbose)
+            BIO_printf(bio_err, "Database has no g N information.\n");
+        gNrow = NULL;
+    }
+
+    if (verbose > 1)
+        BIO_printf(bio_err, "Starting user processing\n");
+
+    while (mode == OPT_LIST || user != NULL) {
+        int userindex = -1;
+
+        if (user != NULL && verbose > 1)
+            BIO_printf(bio_err, "Processing user \"%s\"\n", user);
+        if ((userindex = get_index(db, user, 'U')) >= 0) {
+            print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
+        }
+
+        if (mode == OPT_LIST) {
+            if (user == NULL) {
+                BIO_printf(bio_err, "List all users\n");
+
+                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+                    print_user(db, i, 1);
+                }
+            } else if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, ignored. t\n", user);
+                errors++;
+            }
+        } else if (mode == OPT_ADD) {
+            if (userindex >= 0) {
+                /* reactivation of a new user */
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
+                row[DB_srptype][0] = 'V';
+
+                doupdatedb = 1;
+            } else {
+                char *row[DB_NUMBER];
+                char *gNid;
+                row[DB_srpverifier] = NULL;
+                row[DB_srpsalt] = NULL;
+                row[DB_srpinfo] = NULL;
+                if (!
+                    (gNid =
+                     srp_create_user(user, &(row[DB_srpverifier]),
+                                     &(row[DB_srpsalt]),
+                                     gNrow ? gNrow[DB_srpsalt] : gN,
+                                     gNrow ? gNrow[DB_srpverifier] : NULL,
+                                     passout, verbose))) {
+                    BIO_printf(bio_err,
+                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
+                               user);
+                    errors++;
+                    goto end;
+                }
+                row[DB_srpid] = OPENSSL_strdup(user);
+                row[DB_srptype] = OPENSSL_strdup("v");
+                row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                if ((row[DB_srpid] == NULL)
+                    || (row[DB_srpgN] == NULL)
+                    || (row[DB_srptype] == NULL)
+                    || (row[DB_srpverifier] == NULL)
+                    || (row[DB_srpsalt] == NULL)
+                    || (userinfo
+                        && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
+                    || !update_index(db, row)) {
+                    OPENSSL_free(row[DB_srpid]);
+                    OPENSSL_free(row[DB_srpgN]);
+                    OPENSSL_free(row[DB_srpinfo]);
+                    OPENSSL_free(row[DB_srptype]);
+                    OPENSSL_free(row[DB_srpverifier]);
+                    OPENSSL_free(row[DB_srpsalt]);
+                    goto end;
+                }
+                doupdatedb = 1;
+            }
+        } else if (mode == OPT_MODIFY) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored.\n",
+                           user);
+                errors++;
+            } else {
+
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                char type = row[DB_srptype][0];
+                if (type == 'v') {
+                    BIO_printf(bio_err,
+                               "user \"%s\" already updated, operation ignored.\n",
+                               user);
+                    errors++;
+                } else {
+                    char *gNid;
+
+                    if (row[DB_srptype][0] == 'V') {
+                        int user_gN;
+                        char **irow = NULL;
+                        if (verbose)
+                            BIO_printf(bio_err,
+                                       "Verifying password for user \"%s\"\n",
+                                       user);
+                        if ((user_gN =
+                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+                            irow =
+                                sk_OPENSSL_PSTRING_value(db->db->data,
+                                                         userindex);
+
+                        if (!srp_verify_user
+                            (user, row[DB_srpverifier], row[DB_srpsalt],
+                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
+                             irow ? irow[DB_srpverifier] : NULL, passin,
+                             verbose)) {
+                            BIO_printf(bio_err,
+                                       "Invalid password for user \"%s\", operation abandoned.\n",
+                                       user);
+                            errors++;
+                            goto end;
+                        }
+                    }
+                    if (verbose)
+                        BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
+                                   user);
+
+                    if (!
+                        (gNid =
+                         srp_create_user(user, &(row[DB_srpverifier]),
+                                         &(row[DB_srpsalt]),
+                                         gNrow ? gNrow[DB_srpsalt] : NULL,
+                                         gNrow ? gNrow[DB_srpverifier] : NULL,
+                                         passout, verbose))) {
+                        BIO_printf(bio_err,
+                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
+                                   user);
+                        errors++;
+                        goto end;
+                    }
+
+                    row[DB_srptype][0] = 'v';
+                    row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                    if (row[DB_srpid] == NULL
+                        || row[DB_srpgN] == NULL
+                        || row[DB_srptype] == NULL
+                        || row[DB_srpverifier] == NULL
+                        || row[DB_srpsalt] == NULL
+                        || (userinfo
+                            && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
+                                == NULL)))
+                        goto end;
+
+                    doupdatedb = 1;
+                }
+            }
+        } else if (mode == OPT_DELETE) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored. t\n",
+                           user);
+                errors++;
+            } else {
+                char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
+                xpp[DB_srptype][0] = 'R';
+                doupdatedb = 1;
+            }
+        }
+        user = *argv++;
+        if (user == NULL) {
+            /* no more processing in any mode if no users left */
+            break;
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "User procession done.\n");
+
+    if (doupdatedb) {
+        /* Lets check some fields */
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] == 'v') {
+                pp[DB_srptype][0] = 'V';
+                print_user(db, i, verbose);
+            }
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Trying to update srpvfile.\n");
+        if (!save_index(srpvfile, "new", db))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "Temporary srpvfile created.\n");
+        if (!rotate_index(srpvfile, "new", "old"))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "srpvfile updated.\n");
+    }
+
+    ret = (errors != 0);
+ end:
+    if (errors != 0)
+        if (verbose)
+            BIO_printf(bio_err, "User errors %d.\n", errors);
+
+    if (verbose)
+        BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    if (ret)
+        ERR_print_errors(bio_err);
+    if (randfile)
+        app_RAND_write_file(randfile);
+    NCONF_free(conf);
+    free_index(db);
+    release_engine(e);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/apps/testCA.pem b/openssl-1.1.0h/apps/testCA.pem
new file mode 100644
index 0000000..dcb710a
--- /dev/null
+++ b/openssl-1.1.0h/apps/testCA.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/apps/testdsa.h b/openssl-1.1.0h/apps/testdsa.h
new file mode 100644
index 0000000..1e4502a
--- /dev/null
+++ b/openssl-1.1.0h/apps/testdsa.h
@@ -0,0 +1,290 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* used by speed.c */
+DSA *get_dsa512(void);
+DSA *get_dsa1024(void);
+DSA *get_dsa2048(void);
+
+static unsigned char dsa512_priv[] = {
+    0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
+    0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
+};
+
+static unsigned char dsa512_pub[] = {
+    0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
+    0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
+    0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
+    0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
+    0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
+    0xbe, 0xba, 0x0a, 0x6b, 0xc8,
+};
+
+static unsigned char dsa512_p[] = {
+    0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
+    0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
+    0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
+    0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
+    0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
+    0xA2, 0x76, 0x7D, 0x31,
+};
+
+static unsigned char dsa512_q[] = {
+    0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
+    0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
+};
+
+static unsigned char dsa512_g[] = {
+    0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
+    0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
+    0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
+    0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
+    0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
+    0xA2, 0x03, 0x9D, 0x20,
+};
+
+DSA *get_dsa512()
+{
+    DSA *dsa;
+    BIGNUM *priv_key, *pub_key, *p, *q, *g;
+
+    if ((dsa = DSA_new()) == NULL)
+        return (NULL);
+    priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
+    pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
+    p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
+    q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
+    g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
+    if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+            || (g == NULL)) {
+        goto err;
+    }
+    if (!DSA_set0_pqg(dsa, p, q, g))
+        goto err;
+    p = q = g = NULL;
+
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto err;
+
+    return dsa;
+ err:
+    DSA_free(dsa);
+    BN_free(priv_key);
+    BN_free(pub_key);
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    return NULL;
+}
+
+static unsigned char dsa1024_priv[] = {
+    0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
+    0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
+};
+
+static unsigned char dsa1024_pub[] = {
+    0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
+    0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
+    0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
+    0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
+    0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
+    0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
+    0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
+    0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
+    0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
+    0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
+    0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
+};
+
+static unsigned char dsa1024_p[] = {
+    0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
+    0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
+    0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
+    0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
+    0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
+    0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
+    0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
+    0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
+    0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
+    0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
+    0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
+};
+
+static unsigned char dsa1024_q[] = {
+    0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
+    0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
+};
+
+static unsigned char dsa1024_g[] = {
+    0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
+    0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
+    0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
+    0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
+    0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
+    0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
+    0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
+    0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
+    0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
+    0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
+    0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
+};
+
+DSA *get_dsa1024()
+{
+    DSA *dsa;
+    BIGNUM *priv_key, *pub_key, *p, *q, *g;
+
+    if ((dsa = DSA_new()) == NULL)
+        return (NULL);
+    priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
+    pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
+    p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
+    q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
+    g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
+    if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+            || (g == NULL)) {
+        goto err;
+    }
+    if (!DSA_set0_pqg(dsa, p, q, g))
+        goto err;
+    p = q = g = NULL;
+
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto err;
+
+    return dsa;
+ err:
+    DSA_free(dsa);
+    BN_free(priv_key);
+    BN_free(pub_key);
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    return NULL;
+}
+
+static unsigned char dsa2048_priv[] = {
+    0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
+    0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
+};
+
+static unsigned char dsa2048_pub[] = {
+    0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
+    0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
+    0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
+    0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
+    0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
+    0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
+    0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
+    0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
+    0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
+    0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
+    0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
+    0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
+    0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
+    0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
+    0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
+    0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
+    0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
+    0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
+    0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
+    0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
+    0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
+    0x8b, 0x33, 0xb7, 0xce,
+};
+
+static unsigned char dsa2048_p[] = {
+    0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
+    0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
+    0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
+    0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
+    0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
+    0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
+    0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
+    0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
+    0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
+    0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
+    0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
+    0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
+    0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
+    0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
+    0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
+    0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
+    0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
+    0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
+    0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
+    0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
+    0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
+    0xF8, 0x68, 0xCF, 0x9B,
+};
+
+static unsigned char dsa2048_q[] = {
+    0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
+    0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
+};
+
+static unsigned char dsa2048_g[] = {
+    0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
+    0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
+    0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
+    0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
+    0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
+    0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
+    0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
+    0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
+    0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
+    0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
+    0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
+    0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
+    0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
+    0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
+    0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
+    0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
+    0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
+    0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
+    0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
+    0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
+    0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
+    0xF8, 0xB2, 0xE5, 0x38,
+};
+
+DSA *get_dsa2048()
+{
+    DSA *dsa;
+    BIGNUM *priv_key, *pub_key, *p, *q, *g;
+
+    if ((dsa = DSA_new()) == NULL)
+        return (NULL);
+    priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
+    pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
+    p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
+    q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
+    g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
+    if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+            || (g == NULL)) {
+        goto err;
+    }
+    if (!DSA_set0_pqg(dsa, p, q, g))
+        goto err;
+    p = q = g = NULL;
+
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto err;
+
+    return dsa;
+ err:
+    DSA_free(dsa);
+    BN_free(priv_key);
+    BN_free(pub_key);
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    return NULL;
+}
+
diff --git a/openssl-1.1.0h/apps/testrsa.h b/openssl-1.1.0h/apps/testrsa.h
new file mode 100644
index 0000000..1350ce5
--- /dev/null
+++ b/openssl-1.1.0h/apps/testrsa.h
@@ -0,0 +1,1960 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static unsigned char test512[] = {
+    0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+    0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01,
+    0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f,
+    0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde,
+    0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71,
+    0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87,
+    0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83,
+    0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc,
+    0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66,
+    0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf,
+    0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4,
+    0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf,
+    0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26,
+    0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb,
+    0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9,
+    0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a,
+    0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3,
+    0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2,
+    0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53,
+    0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda,
+    0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8,
+    0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d,
+    0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b,
+    0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01,
+    0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11,
+    0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47,
+    0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4,
+    0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99,
+    0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c,
+    0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb,
+    0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c,
+};
+
+static unsigned char test1024[] = {
+    0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05,
+    0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5,
+    0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55,
+    0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9,
+    0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96,
+    0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37,
+    0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd,
+    0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24,
+    0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23,
+    0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37,
+    0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94,
+    0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b,
+    0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02,
+    0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f,
+    0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0,
+    0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f,
+    0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f,
+    0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88,
+    0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba,
+    0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c,
+    0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43,
+    0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc,
+    0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee,
+    0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d,
+    0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed,
+    0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20,
+    0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c,
+    0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3,
+    0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02,
+    0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4,
+    0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a,
+    0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc,
+    0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2,
+    0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04,
+    0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52,
+    0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38,
+    0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7,
+    0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20,
+    0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4,
+    0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02,
+    0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b,
+    0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52,
+    0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde,
+    0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f,
+    0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66,
+    0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46,
+    0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad,
+    0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80,
+    0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf,
+    0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84,
+    0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60,
+    0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c,
+    0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b,
+    0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c,
+    0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7,
+    0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53,
+    0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9,
+    0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba,
+    0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14,
+    0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45,
+};
+
+static unsigned char test2048[] = {
+    0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f,
+    0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27,
+    0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f,
+    0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde,
+    0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a,
+    0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32,
+    0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f,
+    0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab,
+    0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33,
+    0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f,
+    0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4,
+    0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e,
+    0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29,
+    0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b,
+    0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0,
+    0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34,
+    0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1,
+    0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15,
+    0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c,
+    0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66,
+    0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2,
+    0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27,
+    0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15,
+    0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20,
+    0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1,
+    0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03,
+    0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3,
+    0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa,
+    0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c,
+    0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac,
+    0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40,
+    0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3,
+    0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d,
+    0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01,
+    0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4,
+    0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5,
+    0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9,
+    0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6,
+    0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3,
+    0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e,
+    0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46,
+    0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53,
+    0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59,
+    0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab,
+    0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48,
+    0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca,
+    0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35,
+    0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9,
+    0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b,
+    0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f,
+    0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0,
+    0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33,
+    0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7,
+    0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50,
+    0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c,
+    0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8,
+    0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56,
+    0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f,
+    0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04,
+    0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14,
+    0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c,
+    0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06,
+    0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c,
+    0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28,
+    0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80,
+    0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1,
+    0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc,
+    0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63,
+    0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61,
+    0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94,
+    0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95,
+    0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4,
+    0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84,
+    0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94,
+    0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e,
+    0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11,
+    0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1,
+    0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb,
+    0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80,
+    0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5,
+    0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a,
+    0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29,
+    0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72,
+    0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54,
+    0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8,
+    0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d,
+    0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90,
+    0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27,
+    0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28,
+    0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82,
+    0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90,
+    0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81,
+    0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf,
+    0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01,
+    0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16,
+    0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5,
+    0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3,
+    0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc,
+    0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1,
+    0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8,
+    0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31,
+    0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c,
+    0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b,
+    0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32,
+    0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02,
+    0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9,
+    0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84,
+    0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04,
+    0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a,
+    0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd,
+    0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43,
+    0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46,
+    0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41,
+    0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5,
+    0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b,
+    0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55,
+    0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d,
+    0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4,
+    0x95,
+};
+
+static unsigned char test3072[] = {
+    0x30, 0x82, 0x06, 0xe3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x81, 0x00, 0xbc, 0x3b, 0x23, 0xc0, 0x33, 0xa7, 0x8b, 0xaa,
+    0xca, 0xa3, 0x8c, 0x94, 0xf2, 0x4c, 0x52, 0x08, 0x85, 0x80,
+    0xfc, 0x36, 0x15, 0xfa, 0x03, 0x06, 0xb6, 0xd6, 0x3f, 0x60,
+    0x8a, 0x89, 0x0d, 0xba, 0x1a, 0x51, 0x0b, 0x12, 0xea, 0x71,
+    0x77, 0xf6, 0x3a, 0x30, 0x21, 0x3d, 0x24, 0xf8, 0x2e, 0xd0,
+    0x17, 0x3a, 0x85, 0x94, 0x25, 0x42, 0x89, 0xff, 0x6a, 0x68,
+    0xdf, 0x1f, 0x86, 0xae, 0xa5, 0xbb, 0x9a, 0x79, 0xf6, 0x69,
+    0x94, 0xfe, 0xde, 0xfe, 0xce, 0x1b, 0x2e, 0xae, 0x1d, 0x91,
+    0xcb, 0xb9, 0xf1, 0x2d, 0xd8, 0x00, 0x82, 0x51, 0x8e, 0xf9,
+    0xfd, 0xac, 0xf1, 0x0e, 0x7f, 0xb7, 0x95, 0x85, 0x35, 0xf9,
+    0xcb, 0xbe, 0x5f, 0xd3, 0x58, 0xe3, 0xa1, 0x54, 0x9e, 0x30,
+    0xb1, 0x8d, 0x01, 0x97, 0x82, 0x06, 0x8e, 0x77, 0xfb, 0xce,
+    0x50, 0x2f, 0xbf, 0xf1, 0xff, 0x57, 0x0a, 0x42, 0x03, 0xfd,
+    0x0e, 0xba, 0x1e, 0xca, 0x85, 0xc1, 0x9b, 0xa5, 0x9d, 0x09,
+    0x0e, 0xe9, 0xbb, 0xc5, 0x73, 0x47, 0x0d, 0x39, 0x3c, 0x64,
+    0x06, 0x9a, 0x79, 0x3f, 0x50, 0x87, 0x9c, 0x18, 0x2d, 0x62,
+    0x01, 0xfc, 0xed, 0xc1, 0x58, 0x28, 0x21, 0x94, 0x1e, 0xf9,
+    0x2d, 0x96, 0x4f, 0xd0, 0xbc, 0xf1, 0xe0, 0x8a, 0xfa, 0x4d,
+    0xb6, 0x78, 0x4a, 0xde, 0x17, 0x59, 0xb0, 0x22, 0xa0, 0x9a,
+    0xd3, 0x70, 0xb6, 0xc2, 0xbe, 0xbc, 0x96, 0xca, 0x41, 0x5f,
+    0x58, 0x4e, 0xce, 0xef, 0x64, 0x45, 0xdd, 0x3f, 0x81, 0x92,
+    0xcc, 0x40, 0x79, 0xfc, 0x19, 0xe2, 0xbc, 0x77, 0x2f, 0x43,
+    0xfb, 0x8e, 0xad, 0x82, 0x4a, 0x0b, 0xb1, 0xbc, 0x09, 0x8a,
+    0x80, 0xc3, 0x0f, 0xef, 0xd2, 0x06, 0xd3, 0x4b, 0x0c, 0x7f,
+    0xae, 0x60, 0x3f, 0x2e, 0x52, 0xb4, 0xe4, 0xc2, 0x5c, 0xa6,
+    0x71, 0xc0, 0x13, 0x9c, 0xca, 0xa6, 0x0d, 0x13, 0xd7, 0xb7,
+    0x14, 0x94, 0x3f, 0x0d, 0x8b, 0x06, 0x70, 0x2f, 0x15, 0x82,
+    0x8d, 0x47, 0x45, 0xa6, 0x00, 0x8a, 0x14, 0x91, 0xde, 0x2f,
+    0x50, 0x17, 0xe3, 0x1d, 0x34, 0x29, 0x8c, 0xe4, 0x57, 0x74,
+    0x2a, 0x3a, 0x82, 0x65, 0x26, 0xf7, 0x8d, 0xcc, 0x1b, 0x8f,
+    0xaf, 0xe5, 0x85, 0xe5, 0xbe, 0x85, 0xd6, 0xb7, 0x04, 0xe8,
+    0xf5, 0xd4, 0x74, 0xe2, 0x54, 0x14, 0xdd, 0x58, 0xcf, 0x1f,
+    0x11, 0x8a, 0x9f, 0x82, 0xa2, 0x01, 0xf9, 0xc2, 0xdf, 0x7b,
+    0x84, 0xb1, 0xd8, 0x5b, 0x70, 0xbb, 0x24, 0xe7, 0xd0, 0x2a,
+    0x75, 0x3d, 0x55, 0xac, 0x45, 0xe9, 0xab, 0xc6, 0x84, 0x8a,
+    0xe7, 0x6d, 0x26, 0x12, 0x89, 0xb5, 0x67, 0xe8, 0x46, 0x9d,
+    0x46, 0x1a, 0xfa, 0x2d, 0xc0, 0x5b, 0x60, 0x46, 0x8b, 0xb7,
+    0x32, 0x03, 0xff, 0x75, 0xee, 0x9f, 0x3c, 0xdd, 0xb6, 0x35,
+    0x4e, 0x82, 0xbd, 0x99, 0x73, 0x51, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0x02, 0x82, 0x01, 0x80, 0x42, 0xee, 0xa4, 0x9f, 0xcb,
+    0xbe, 0x60, 0x23, 0xb3, 0x3a, 0xc4, 0xda, 0x91, 0xee, 0x21,
+    0x9d, 0x76, 0x1b, 0x8f, 0x93, 0x8b, 0xed, 0x02, 0xf6, 0x78,
+    0x3d, 0x66, 0xfb, 0xe5, 0x47, 0x26, 0xe2, 0x6e, 0x49, 0x33,
+    0x2e, 0xde, 0xbe, 0xca, 0x71, 0x7b, 0xef, 0x71, 0x62, 0x54,
+    0xab, 0x0b, 0xba, 0x63, 0x08, 0x24, 0x47, 0xb1, 0x98, 0x1f,
+    0x89, 0xfb, 0x44, 0x9f, 0x52, 0x8e, 0x89, 0xbb, 0xd5, 0x21,
+    0xf1, 0x0c, 0x76, 0x2e, 0xcd, 0x12, 0x6e, 0x78, 0xcb, 0xa1,
+    0xa5, 0xb8, 0x4e, 0x07, 0xab, 0x6e, 0xdf, 0x66, 0x57, 0x87,
+    0xff, 0x88, 0x5f, 0xcc, 0x9c, 0x9a, 0x7b, 0x15, 0x5f, 0x2a,
+    0x83, 0xdb, 0xd5, 0x9f, 0x65, 0x6a, 0x9d, 0xb4, 0x95, 0xfc,
+    0xe0, 0x22, 0x00, 0x1e, 0xa2, 0x8d, 0x56, 0x5a, 0x9e, 0x0a,
+    0x3b, 0x10, 0x07, 0x24, 0xec, 0x55, 0xcc, 0xaf, 0x87, 0x3b,
+    0xd6, 0x8d, 0xa4, 0x86, 0x80, 0x18, 0x42, 0xdb, 0x9d, 0x24,
+    0xc3, 0x97, 0x3b, 0x89, 0x5a, 0x03, 0xb3, 0x0a, 0x72, 0xd1,
+    0x78, 0xf0, 0xc8, 0x80, 0xb0, 0x9d, 0x3c, 0xae, 0x5e, 0x0a,
+    0x5b, 0x6e, 0x87, 0xd3, 0x3d, 0x25, 0x2e, 0x03, 0x33, 0x01,
+    0xfd, 0xb1, 0xa5, 0xd9, 0x58, 0x01, 0xb9, 0xaf, 0xf6, 0x32,
+    0x6a, 0x38, 0xe7, 0x39, 0x63, 0x3c, 0xfc, 0x0c, 0x41, 0x90,
+    0x28, 0x40, 0x03, 0xcd, 0xfb, 0xde, 0x80, 0x74, 0x21, 0xaa,
+    0xae, 0x58, 0xe9, 0x97, 0x18, 0x85, 0x58, 0x3d, 0x2b, 0xd6,
+    0x61, 0xf6, 0xe8, 0xbc, 0x6d, 0x2a, 0xf3, 0xb8, 0xea, 0x8c,
+    0x64, 0x44, 0xc6, 0xd3, 0x9f, 0x00, 0x7b, 0xb2, 0x52, 0x18,
+    0x11, 0x04, 0x96, 0xb7, 0x05, 0xbb, 0xc2, 0x38, 0x5b, 0xa7,
+    0x0a, 0x84, 0xb6, 0x4f, 0x02, 0x63, 0xa4, 0x57, 0x00, 0xe3,
+    0xde, 0xe4, 0xf2, 0xb3, 0x55, 0xd9, 0x00, 0xa9, 0xd2, 0x5c,
+    0x69, 0x9f, 0xe5, 0x80, 0x4f, 0x23, 0x7c, 0xd9, 0xa7, 0x77,
+    0x4a, 0xbb, 0x09, 0x6d, 0x45, 0x02, 0xcf, 0x32, 0x90, 0xfd,
+    0x10, 0xb6, 0xb3, 0x93, 0xd9, 0x3b, 0x1d, 0x57, 0x66, 0xb5,
+    0xb3, 0xb1, 0x6e, 0x53, 0x5f, 0x04, 0x60, 0x29, 0xcd, 0xe8,
+    0xb8, 0xab, 0x62, 0x82, 0x33, 0x40, 0xc7, 0xf8, 0x64, 0x60,
+    0x0e, 0xab, 0x06, 0x3e, 0xa0, 0xa3, 0x62, 0x11, 0x3f, 0x67,
+    0x5d, 0x24, 0x9e, 0x60, 0x29, 0xdc, 0x4c, 0xd5, 0x13, 0xee,
+    0x3d, 0xb7, 0x84, 0x93, 0x27, 0xb5, 0x6a, 0xf9, 0xf0, 0xdd,
+    0x50, 0xac, 0x46, 0x3c, 0xe6, 0xd5, 0xec, 0xf7, 0xb7, 0x9f,
+    0x23, 0x39, 0x9c, 0x88, 0x8c, 0x5a, 0x62, 0x3f, 0x8d, 0x4a,
+    0xd7, 0xeb, 0x5e, 0x1e, 0x49, 0xf8, 0xa9, 0x53, 0x11, 0x75,
+    0xd0, 0x43, 0x1e, 0xc7, 0x29, 0x22, 0x80, 0x1f, 0xc5, 0x83,
+    0x8d, 0x20, 0x04, 0x87, 0x7f, 0x57, 0x8c, 0xf5, 0xa1, 0x02,
+    0x81, 0xc1, 0x00, 0xf7, 0xaa, 0xf5, 0xa5, 0x00, 0xdb, 0xd6,
+    0x11, 0xfc, 0x07, 0x6d, 0x22, 0x24, 0x2b, 0x4b, 0xc5, 0x67,
+    0x0f, 0x37, 0xa5, 0xdb, 0x8f, 0x38, 0xe2, 0x05, 0x43, 0x9a,
+    0x44, 0x05, 0x3f, 0xa9, 0xac, 0x4c, 0x98, 0x3c, 0x72, 0x38,
+    0xc3, 0x89, 0x33, 0x58, 0x73, 0x51, 0xcc, 0x5d, 0x2f, 0x8f,
+    0x6d, 0x3f, 0xa1, 0x22, 0x9e, 0xfb, 0x9a, 0xb4, 0xb8, 0x79,
+    0x95, 0xaf, 0x83, 0xcf, 0x5a, 0xb7, 0x14, 0x14, 0x0c, 0x51,
+    0x8a, 0x11, 0xe6, 0xd6, 0x21, 0x1e, 0x17, 0x13, 0xd3, 0x69,
+    0x7a, 0x3a, 0xd5, 0xaf, 0x3f, 0xb8, 0x25, 0x01, 0xcb, 0x2b,
+    0xe6, 0xfc, 0x03, 0xd8, 0xd4, 0xf7, 0x20, 0xe0, 0x21, 0xef,
+    0x1a, 0xca, 0x61, 0xeb, 0x8e, 0x96, 0x45, 0x8e, 0x5c, 0xe6,
+    0x81, 0x0b, 0x2d, 0x05, 0x32, 0xf9, 0x41, 0x62, 0xb4, 0x33,
+    0x98, 0x10, 0x3a, 0xcd, 0xf0, 0x7a, 0x8b, 0x1a, 0x48, 0xd7,
+    0x3b, 0x01, 0xf5, 0x18, 0x65, 0x8f, 0x3c, 0xc2, 0x31, 0x3b,
+    0xd3, 0xa7, 0x17, 0x5f, 0x7c, 0x0c, 0xe7, 0x25, 0x18, 0x5a,
+    0x08, 0xe1, 0x09, 0x89, 0x13, 0xa7, 0xc5, 0x12, 0xab, 0x88,
+    0x30, 0xcd, 0x06, 0xf9, 0xba, 0x6f, 0xca, 0x9c, 0x8a, 0xda,
+    0x3e, 0x53, 0x90, 0xd7, 0x16, 0x2e, 0xfc, 0xbc, 0xad, 0xd6,
+    0x3d, 0xc0, 0x66, 0x4c, 0x02, 0x3d, 0x31, 0xfd, 0x6c, 0xdb,
+    0x1c, 0xdf, 0x96, 0x33, 0x23, 0x02, 0x81, 0xc1, 0x00, 0xc2,
+    0x90, 0x47, 0xc4, 0xfb, 0x59, 0xf0, 0xc5, 0x14, 0x75, 0x29,
+    0xfa, 0x77, 0xa1, 0x8d, 0xd4, 0x90, 0xa1, 0x0d, 0x3f, 0x16,
+    0x88, 0xe3, 0x4c, 0x8f, 0x8f, 0x18, 0x8c, 0x9c, 0x8a, 0xd5,
+    0xa7, 0x41, 0x99, 0xf3, 0x80, 0x8e, 0xb1, 0xb8, 0x63, 0xd8,
+    0x3f, 0x95, 0xd0, 0xd0, 0x2b, 0xf5, 0xe6, 0x93, 0xe8, 0xfe,
+    0xd0, 0x73, 0xd5, 0xbd, 0xb4, 0xee, 0x51, 0x19, 0x6a, 0x10,
+    0xca, 0xc8, 0xba, 0xa4, 0x4d, 0x84, 0x54, 0x38, 0x17, 0xb5,
+    0xd0, 0xa8, 0x75, 0x22, 0xc5, 0x1b, 0x61, 0xa6, 0x51, 0x88,
+    0x63, 0xf0, 0x4f, 0xd1, 0x88, 0xd9, 0x16, 0x49, 0x30, 0xe1,
+    0xa8, 0x47, 0xc9, 0x30, 0x1d, 0x5c, 0x75, 0xd8, 0x89, 0xb6,
+    0x1d, 0x45, 0xd8, 0x0f, 0x94, 0x89, 0xb3, 0xe4, 0x51, 0xfa,
+    0x21, 0xff, 0x6f, 0xb6, 0x30, 0x6f, 0x33, 0x24, 0xbc, 0x09,
+    0x98, 0xe9, 0x20, 0x02, 0x0b, 0xde, 0xff, 0xc5, 0x06, 0xb6,
+    0x28, 0xa3, 0xa1, 0x07, 0xe8, 0xe1, 0xd2, 0xc2, 0xf1, 0xd1,
+    0x23, 0x6b, 0x4c, 0x3a, 0xae, 0x85, 0xec, 0xf9, 0xff, 0xa7,
+    0x9b, 0x25, 0xb8, 0x95, 0x1d, 0xa8, 0x14, 0x81, 0x4f, 0x79,
+    0x4f, 0xd6, 0x39, 0x5d, 0xe6, 0x5f, 0xd2, 0x34, 0x54, 0x8b,
+    0x1e, 0x40, 0x4c, 0x15, 0x5a, 0x45, 0xce, 0x0c, 0xb0, 0xdf,
+    0xa1, 0x17, 0xb8, 0xb0, 0x6a, 0x82, 0xa5, 0x97, 0x92, 0x70,
+    0xfb, 0x02, 0x81, 0xc0, 0x77, 0x46, 0x44, 0x2b, 0x04, 0xf0,
+    0xda, 0x75, 0xaa, 0xd4, 0xc0, 0xc0, 0x32, 0x7f, 0x0f, 0x6c,
+    0xb0, 0x27, 0x69, 0xfb, 0x5c, 0x73, 0xeb, 0x47, 0x1e, 0x95,
+    0xe2, 0x13, 0x64, 0x1b, 0xb6, 0xd1, 0x1d, 0xca, 0x2b, 0x42,
+    0x2f, 0x08, 0x2c, 0x69, 0x27, 0xed, 0xd1, 0xb5, 0x04, 0x23,
+    0xc5, 0x85, 0x2d, 0xa1, 0xa2, 0x94, 0xc2, 0x43, 0x4d, 0x49,
+    0x92, 0x74, 0x7e, 0x24, 0x92, 0x95, 0xf3, 0x99, 0x9d, 0xd6,
+    0x18, 0xe6, 0xcf, 0x9c, 0x45, 0xff, 0x89, 0x08, 0x40, 0x2a,
+    0x0e, 0xa0, 0x28, 0xf9, 0x83, 0xfe, 0xc1, 0xe6, 0x40, 0xa8,
+    0xe2, 0x29, 0xc9, 0xb0, 0xe8, 0x9a, 0x17, 0xb2, 0x23, 0x7e,
+    0xf4, 0x32, 0x08, 0xc9, 0x83, 0xb2, 0x15, 0xb8, 0xc5, 0xc9,
+    0x03, 0xd1, 0x9d, 0xda, 0x3e, 0xa8, 0xbf, 0xd5, 0xb7, 0x7d,
+    0x65, 0x63, 0x94, 0x5d, 0x5d, 0x94, 0xb4, 0xcf, 0x8d, 0x07,
+    0x0b, 0x70, 0x85, 0x8e, 0xce, 0x03, 0x0b, 0x2a, 0x8d, 0xb3,
+    0x3c, 0x46, 0xc0, 0x2f, 0xc7, 0x72, 0x6c, 0x9c, 0x5d, 0x07,
+    0x0f, 0x45, 0x3b, 0x6b, 0x66, 0x32, 0xab, 0x17, 0x83, 0xd8,
+    0x4c, 0x2c, 0x84, 0x71, 0x19, 0x8f, 0xaa, 0x0a, 0xff, 0xbc,
+    0xf7, 0x42, 0x10, 0xe8, 0xae, 0x4d, 0x26, 0xaf, 0xdd, 0x06,
+    0x33, 0x29, 0x66, 0x21, 0x5d, 0xf5, 0xae, 0x17, 0x07, 0x1f,
+    0x87, 0x9e, 0xae, 0x27, 0x1d, 0xd5, 0x02, 0x81, 0xc0, 0x56,
+    0x17, 0x4f, 0x9a, 0x8a, 0xf9, 0xde, 0x3e, 0xe6, 0x71, 0x7d,
+    0x94, 0xb5, 0xb0, 0xc7, 0xb8, 0x62, 0x12, 0xd1, 0x70, 0xb4,
+    0x00, 0xf8, 0x4a, 0xdd, 0x4f, 0x1d, 0x36, 0xc2, 0xe1, 0xef,
+    0xee, 0x25, 0x6a, 0x00, 0xc4, 0x46, 0xdf, 0xbe, 0xce, 0x77,
+    0x56, 0x93, 0x6d, 0x25, 0x5f, 0xfe, 0x5b, 0xfb, 0xe0, 0xe2,
+    0x37, 0xcc, 0xb9, 0xac, 0x4a, 0xce, 0x15, 0x16, 0xa0, 0xc7,
+    0x33, 0x63, 0xa4, 0xaa, 0xa5, 0x1e, 0x43, 0xc1, 0xda, 0x43,
+    0xfa, 0x43, 0x40, 0x29, 0x95, 0x7c, 0x2b, 0x36, 0x53, 0xe7,
+    0x7d, 0x09, 0x4d, 0xd8, 0x52, 0xac, 0x74, 0x5f, 0x08, 0x81,
+    0x21, 0x5c, 0x3a, 0x5a, 0xce, 0xf3, 0x25, 0xb6, 0x1e, 0x21,
+    0x76, 0x4c, 0x7c, 0x71, 0x50, 0x71, 0xaa, 0x27, 0x02, 0x5b,
+    0x23, 0x06, 0x0b, 0x21, 0x5b, 0xc7, 0x28, 0xa3, 0x3d, 0x8d,
+    0x25, 0x9b, 0x2a, 0x2d, 0x9d, 0xa1, 0x1c, 0x1d, 0xcb, 0x7d,
+    0x78, 0xf8, 0x06, 0x7e, 0x20, 0x7f, 0x24, 0x2a, 0x5c, 0xa4,
+    0x04, 0xff, 0x2a, 0x68, 0xe0, 0xe6, 0xa3, 0xd8, 0x6f, 0x56,
+    0x73, 0xa1, 0x3a, 0x4e, 0xc9, 0x23, 0xa1, 0x87, 0x22, 0x6a,
+    0x74, 0x78, 0x3f, 0x44, 0x1c, 0x77, 0x13, 0xe5, 0x51, 0xef,
+    0x89, 0x00, 0x3c, 0x6a, 0x4a, 0x5a, 0x8e, 0xf5, 0x30, 0xa2,
+    0x93, 0x7e, 0x92, 0x9b, 0x85, 0x55, 0xaf, 0xfe, 0x24, 0xaf,
+    0x57, 0x02, 0x81, 0xc1, 0x00, 0xa4, 0xc2, 0x6a, 0x59, 0x45,
+    0xea, 0x71, 0x7d, 0x4c, 0xaf, 0xaf, 0xd6, 0x55, 0x97, 0x73,
+    0xc5, 0xa1, 0x3c, 0xf6, 0x59, 0x23, 0xb6, 0x1f, 0x5e, 0x9c,
+    0x96, 0x0f, 0x97, 0x66, 0x82, 0x91, 0x48, 0x36, 0x70, 0x02,
+    0x67, 0xde, 0x34, 0xa6, 0x95, 0x7b, 0x51, 0x43, 0x66, 0xa4,
+    0x16, 0x45, 0x59, 0x12, 0xdb, 0x35, 0x19, 0x4b, 0xbf, 0x1d,
+    0xab, 0xf3, 0x3f, 0xb4, 0xb4, 0x6f, 0x66, 0xb0, 0x67, 0xc6,
+    0x77, 0x2c, 0x46, 0xa8, 0x03, 0x64, 0x9a, 0x13, 0x9d, 0x40,
+    0x22, 0x56, 0x76, 0x1a, 0x7c, 0x1e, 0xe2, 0xda, 0x7f, 0x09,
+    0xcf, 0x10, 0xe3, 0xf2, 0xf4, 0x2a, 0x3b, 0x46, 0xc7, 0x61,
+    0x9b, 0xef, 0x4a, 0x18, 0x60, 0x8c, 0x32, 0x71, 0xb9, 0xdd,
+    0xac, 0xa0, 0xc6, 0x8d, 0x3f, 0xab, 0xc3, 0x21, 0x2c, 0xeb,
+    0x91, 0x8f, 0xc7, 0x43, 0x0d, 0x0c, 0x67, 0x9e, 0xab, 0xe6,
+    0x8d, 0xb6, 0x2d, 0x41, 0xca, 0x43, 0xd8, 0xcb, 0x30, 0xfb,
+    0x3b, 0x40, 0x0d, 0x10, 0x9b, 0xb1, 0x55, 0x93, 0x73, 0x8b,
+    0x60, 0xef, 0xc0, 0xee, 0xc0, 0xa6, 0x7a, 0x79, 0x90, 0xfd,
+    0x4c, 0x25, 0xd4, 0x4f, 0x67, 0xbe, 0xf7, 0x86, 0x3c, 0x5d,
+    0x2b, 0x7d, 0x97, 0x3d, 0xa2, 0x91, 0xa5, 0x06, 0x69, 0xf6,
+    0x7a, 0xb8, 0x77, 0xe6, 0x70, 0xa9, 0xd8, 0x86, 0x4b, 0xa6,
+    0xcf, 0x67, 0x1d, 0x33, 0xcf, 0xfe, 0x3e
+};
+
+static unsigned char test4096[] = {
+    0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
+    0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43,
+    0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21,
+    0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44,
+    0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28,
+    0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41,
+    0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7,
+    0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd,
+    0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e,
+    0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b,
+    0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6,
+    0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf,
+    0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d,
+    0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e,
+    0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0,
+    0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99,
+    0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90,
+    0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8,
+    0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a,
+    0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda,
+    0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca,
+    0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28,
+    0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7,
+    0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb,
+    0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26,
+    0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c,
+    0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03,
+    0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1,
+    0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09,
+    0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83,
+    0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95,
+    0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc,
+    0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36,
+    0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5,
+    0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc,
+    0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8,
+    0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa,
+    0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca,
+    0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e,
+    0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56,
+    0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48,
+    0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46,
+    0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b,
+    0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe,
+    0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3,
+    0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69,
+    0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe,
+    0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3,
+    0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f,
+    0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed,
+    0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4,
+    0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3,
+    0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f,
+    0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb,
+    0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd,
+    0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5,
+    0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17,
+    0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52,
+    0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c,
+    0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f,
+    0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12,
+    0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61,
+    0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8,
+    0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4,
+    0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e,
+    0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50,
+    0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea,
+    0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16,
+    0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae,
+    0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6,
+    0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c,
+    0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a,
+    0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e,
+    0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb,
+    0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5,
+    0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6,
+    0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe,
+    0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14,
+    0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88,
+    0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7,
+    0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19,
+    0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40,
+    0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b,
+    0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69,
+    0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9,
+    0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c,
+    0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62,
+    0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2,
+    0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9,
+    0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25,
+    0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d,
+    0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab,
+    0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f,
+    0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c,
+    0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda,
+    0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd,
+    0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54,
+    0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41,
+    0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7,
+    0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1,
+    0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d,
+    0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65,
+    0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28,
+    0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01,
+    0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d,
+    0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14,
+    0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc,
+    0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37,
+    0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81,
+    0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94,
+    0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e,
+    0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9,
+    0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c,
+    0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24,
+    0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc,
+    0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1,
+    0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc,
+    0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84,
+    0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77,
+    0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21,
+    0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6,
+    0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa,
+    0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14,
+    0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39,
+    0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06,
+    0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3,
+    0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35,
+    0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97,
+    0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed,
+    0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8,
+    0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4,
+    0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94,
+    0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4,
+    0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d,
+    0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c,
+    0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e,
+    0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1,
+    0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc,
+    0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55,
+    0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61,
+    0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92,
+    0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80,
+    0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13,
+    0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48,
+    0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed,
+    0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9,
+    0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a,
+    0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35,
+    0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7,
+    0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c,
+    0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47,
+    0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8,
+    0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7,
+    0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc,
+    0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82,
+    0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b,
+    0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef,
+    0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6,
+    0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80,
+    0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac,
+    0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b,
+    0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35,
+    0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c,
+    0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e,
+    0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a,
+    0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd,
+    0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5,
+    0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc,
+    0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30,
+    0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f,
+    0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c,
+    0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe,
+    0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f,
+    0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91,
+    0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9,
+    0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf,
+    0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76,
+    0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0,
+    0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78,
+    0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10,
+    0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82,
+    0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00,
+    0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25,
+    0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3,
+    0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b,
+    0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79,
+    0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94,
+    0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8,
+    0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38,
+    0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0,
+    0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44,
+    0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b,
+    0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf,
+    0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f,
+    0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28,
+    0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97,
+    0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f,
+    0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48,
+    0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35,
+    0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84,
+    0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a,
+    0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b,
+    0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e,
+    0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55,
+    0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16,
+    0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c,
+    0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05,
+    0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3,
+    0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e,
+    0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43,
+    0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e,
+    0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a,
+    0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed,
+    0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7,
+    0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c,
+    0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b,
+    0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e,
+    0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95,
+    0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11,
+    0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb,
+    0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e,
+    0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a,
+    0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc,
+    0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35,
+    0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21,
+    0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a,
+    0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70,
+    0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01,
+    0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c,
+    0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26,
+    0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55,
+    0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
+};
+
+static unsigned char test7680[] = {
+    0x30, 0x82, 0x11, 0x09, 0x02, 0x01, 0x00, 0x02, 0x82, 0x03,
+    0xc1, 0x00, 0xe3, 0x27, 0x46, 0x99, 0xb5, 0x17, 0xab, 0xfa,
+    0x65, 0x05, 0x7a, 0x06, 0x81, 0x14, 0xce, 0x43, 0x21, 0x49,
+    0x0f, 0x08, 0xf1, 0x70, 0xb4, 0xc1, 0x10, 0xd1, 0x87, 0xf8,
+    0x29, 0x91, 0x36, 0x66, 0x2d, 0xbe, 0x7b, 0x1d, 0xa2, 0x0b,
+    0x20, 0x38, 0xd9, 0x8e, 0x78, 0x27, 0xcf, 0xb5, 0x45, 0x58,
+    0x3d, 0xf4, 0xda, 0xf0, 0xdc, 0x21, 0x17, 0x52, 0xcd, 0x68,
+    0xe2, 0x81, 0xac, 0x88, 0x61, 0x10, 0xbc, 0xb0, 0x7f, 0xe4,
+    0xf3, 0x78, 0xb7, 0x28, 0x6c, 0x5f, 0x5c, 0xc2, 0x8d, 0x3d,
+    0xb0, 0x87, 0x41, 0x15, 0x2e, 0x09, 0x5f, 0xea, 0x06, 0x7f,
+    0xe9, 0x35, 0x18, 0x90, 0x50, 0xad, 0xf6, 0xb9, 0xfd, 0x33,
+    0x02, 0x1a, 0x99, 0x9e, 0xa5, 0x7d, 0x2c, 0x3b, 0x24, 0xe7,
+    0x31, 0x35, 0x73, 0x9a, 0xb0, 0xfe, 0x03, 0xfc, 0xc6, 0x98,
+    0x78, 0xd9, 0x66, 0x95, 0xa5, 0x12, 0xbc, 0x1e, 0x82, 0xbc,
+    0xf1, 0xc5, 0x31, 0xcd, 0xa6, 0xb1, 0x0c, 0x02, 0xbf, 0x7f,
+    0xb7, 0xaf, 0x5f, 0xd6, 0xed, 0xf7, 0xc1, 0x59, 0x86, 0x3a,
+    0x35, 0x95, 0x54, 0x21, 0x8d, 0x6a, 0xb3, 0xd1, 0x2b, 0x71,
+    0xf5, 0xf1, 0x66, 0x00, 0xb1, 0x88, 0xee, 0x3b, 0xa4, 0x41,
+    0x52, 0x1a, 0xf5, 0x0e, 0x32, 0xb6, 0xbf, 0x52, 0xab, 0x51,
+    0x55, 0x91, 0x32, 0x4f, 0xaf, 0x91, 0xac, 0xf7, 0xff, 0x8e,
+    0x3b, 0x2b, 0x61, 0xe9, 0x6d, 0x1d, 0x68, 0x80, 0x90, 0x79,
+    0x34, 0x96, 0xca, 0x49, 0x43, 0x7c, 0x89, 0x4e, 0x5e, 0x31,
+    0xb5, 0xce, 0x01, 0x9b, 0x09, 0xaf, 0x92, 0x06, 0x24, 0xe7,
+    0x22, 0x35, 0xcc, 0xa2, 0x0b, 0xfb, 0x5b, 0x87, 0x65, 0x71,
+    0xff, 0x64, 0x3e, 0xf9, 0xe8, 0x33, 0xa0, 0xc3, 0x4e, 0xb2,
+    0x41, 0x98, 0x54, 0xeb, 0x13, 0x99, 0xfb, 0x32, 0x78, 0x7e,
+    0xda, 0x4f, 0xd3, 0x46, 0x6a, 0xb5, 0x78, 0x81, 0x3f, 0x04,
+    0x13, 0x5f, 0x67, 0xaf, 0x88, 0xa5, 0x9e, 0x0d, 0xc5, 0xf3,
+    0xe7, 0x4c, 0x51, 0xf5, 0x51, 0x4a, 0xa4, 0x58, 0x64, 0xd9,
+    0xa2, 0x32, 0x54, 0x36, 0xce, 0x38, 0xd8, 0xc2, 0x0e, 0x0d,
+    0x60, 0x8e, 0x32, 0x7f, 0x90, 0x8a, 0xbc, 0x88, 0xbe, 0x6a,
+    0xc0, 0x47, 0x0f, 0x02, 0x41, 0xff, 0x3b, 0x7e, 0xc5, 0xa6,
+    0x33, 0x1d, 0x19, 0xd1, 0xd5, 0x67, 0x6c, 0xbf, 0x16, 0xb0,
+    0x7e, 0x80, 0x10, 0xbf, 0x7f, 0xdd, 0xd0, 0xf4, 0xc3, 0x94,
+    0x2c, 0x9a, 0x2c, 0xda, 0x69, 0x4e, 0xd6, 0x7b, 0x40, 0x4d,
+    0x2a, 0x27, 0xcb, 0x5a, 0xe5, 0x2d, 0x3f, 0x7d, 0x51, 0x9d,
+    0x9f, 0x70, 0xde, 0x50, 0xb1, 0xd3, 0xd2, 0x38, 0x4d, 0x1c,
+    0xca, 0xc2, 0x1e, 0x80, 0xd0, 0x36, 0x82, 0x04, 0xe6, 0x17,
+    0x79, 0x9f, 0x2e, 0xc9, 0xed, 0x2b, 0xd5, 0x1b, 0xfa, 0x7d,
+    0x1a, 0x80, 0xb5, 0x0e, 0x2f, 0x05, 0xbe, 0x4a, 0x1b, 0xfe,
+    0x0a, 0xad, 0x01, 0xde, 0x91, 0xc8, 0xf9, 0x81, 0xbe, 0xc7,
+    0xaf, 0xe7, 0x87, 0xed, 0x9d, 0xb8, 0x6c, 0xad, 0x65, 0xed,
+    0x5e, 0xd3, 0x67, 0x8c, 0x62, 0x3a, 0xe7, 0xfd, 0x67, 0xe0,
+    0xbb, 0x57, 0xaf, 0x56, 0xeb, 0x4a, 0x58, 0x6e, 0xad, 0xf2,
+    0xbe, 0xc3, 0x70, 0x29, 0xf8, 0xeb, 0x68, 0x45, 0xa0, 0xbd,
+    0xcd, 0xa5, 0xb4, 0xd9, 0x01, 0xb7, 0x44, 0xeb, 0x97, 0xf3,
+    0x0c, 0x56, 0xe4, 0x26, 0xd0, 0xa5, 0xb1, 0xa3, 0x49, 0x6e,
+    0x88, 0xf2, 0x22, 0xe2, 0x7b, 0x58, 0x3a, 0xd9, 0x52, 0xa4,
+    0xb1, 0x4c, 0x5c, 0x7c, 0xf0, 0x88, 0x7b, 0x9f, 0x06, 0xe9,
+    0x32, 0x4e, 0xf2, 0x64, 0x83, 0x8b, 0xa2, 0xea, 0x1d, 0x25,
+    0xf1, 0x8d, 0x16, 0x8b, 0xe0, 0xab, 0xd2, 0xe9, 0xe4, 0x6b,
+    0x7d, 0x76, 0x98, 0x22, 0x53, 0x31, 0x6b, 0xcc, 0xf1, 0xe5,
+    0x1d, 0xd7, 0xa5, 0xb0, 0xea, 0x6b, 0x38, 0x14, 0x0c, 0x06,
+    0x10, 0x27, 0xd8, 0x33, 0xf3, 0x9a, 0xae, 0x94, 0xdd, 0x0b,
+    0xb4, 0x6d, 0xe5, 0x91, 0xdd, 0xf1, 0x0f, 0x27, 0xa4, 0x94,
+    0x55, 0xf0, 0xde, 0x07, 0x29, 0xe6, 0x3f, 0x26, 0x19, 0xa1,
+    0xdd, 0xd1, 0x06, 0x99, 0xda, 0x54, 0x23, 0x3c, 0xf5, 0x5c,
+    0x2e, 0x96, 0xa9, 0x21, 0x23, 0x25, 0x2e, 0x6f, 0xf1, 0xf9,
+    0x11, 0x54, 0xe5, 0x7b, 0xb9, 0x1f, 0x11, 0xe2, 0x9e, 0x6b,
+    0x61, 0x8b, 0xa3, 0x8b, 0xc1, 0x20, 0x9b, 0xfb, 0x51, 0xef,
+    0xbb, 0xb9, 0xf6, 0xaf, 0x66, 0xb3, 0x2c, 0x25, 0xef, 0x76,
+    0xcb, 0xbf, 0x7a, 0x93, 0x2f, 0xe1, 0x17, 0x56, 0xc1, 0x00,
+    0x33, 0xb5, 0xd9, 0x91, 0x05, 0x31, 0xcc, 0x72, 0xcd, 0x4a,
+    0x93, 0x9a, 0xe3, 0x21, 0x42, 0x9e, 0xb8, 0x4e, 0x6c, 0x27,
+    0x93, 0xf0, 0x7f, 0x22, 0xdb, 0xe5, 0xb3, 0xa3, 0xf7, 0xe7,
+    0x80, 0xbb, 0x91, 0xca, 0xf7, 0xe8, 0x52, 0xb8, 0x11, 0x64,
+    0x66, 0x25, 0x94, 0xf8, 0x6f, 0x0b, 0x3b, 0xb7, 0xff, 0x80,
+    0x9e, 0x36, 0xe9, 0x88, 0x2e, 0xab, 0x05, 0xbf, 0x99, 0x9f,
+    0x2b, 0x4f, 0xc6, 0xb1, 0x13, 0x5b, 0x06, 0xff, 0x0a, 0x7b,
+    0xbc, 0x7f, 0x07, 0xa0, 0x35, 0xc2, 0x2d, 0x44, 0x3e, 0xad,
+    0x44, 0xcb, 0x47, 0x18, 0x26, 0x71, 0x7b, 0x17, 0xc9, 0x6d,
+    0xb5, 0x4b, 0xcf, 0xdf, 0x14, 0x2c, 0x6c, 0xdf, 0x21, 0xce,
+    0x93, 0x49, 0x34, 0x69, 0x49, 0xfd, 0x3e, 0x71, 0x5b, 0xfa,
+    0x07, 0xc5, 0x7e, 0x5e, 0x54, 0x1a, 0x3c, 0xa6, 0x29, 0xb5,
+    0xbf, 0x0d, 0xf1, 0xc6, 0xa4, 0x61, 0xd6, 0x17, 0x1d, 0xf0,
+    0xa2, 0x78, 0x8f, 0xbc, 0x7e, 0x0c, 0xb4, 0xf0, 0x1e, 0x05,
+    0xea, 0xb5, 0xad, 0x68, 0x95, 0x0b, 0x27, 0xb4, 0x29, 0x7c,
+    0x70, 0x2a, 0x9a, 0x0a, 0x39, 0xd4, 0x76, 0xb7, 0x72, 0x30,
+    0x5e, 0xae, 0x9c, 0x4a, 0x55, 0xc7, 0x46, 0xd7, 0x5f, 0xbe,
+    0x10, 0x61, 0x25, 0x18, 0x7a, 0x9f, 0xd3, 0x05, 0x3d, 0x6f,
+    0x9a, 0x1e, 0xec, 0x2b, 0x03, 0xe0, 0x49, 0x6a, 0x9c, 0xd6,
+    0xdb, 0xc2, 0xa1, 0xe1, 0x0a, 0xbb, 0x31, 0x42, 0xc8, 0x43,
+    0x4e, 0x7c, 0xa9, 0x7c, 0x60, 0xea, 0xbe, 0xf1, 0x8b, 0xe8,
+    0xb2, 0x90, 0x83, 0x14, 0x21, 0xe4, 0xb3, 0x0d, 0x7c, 0x63,
+    0x3c, 0x98, 0x55, 0xc6, 0x44, 0xa6, 0xa8, 0x1e, 0x42, 0xb7,
+    0x89, 0xa8, 0xbd, 0xb8, 0x34, 0x3d, 0x09, 0x80, 0x99, 0x73,
+    0x9f, 0xaf, 0x17, 0x56, 0xf2, 0x73, 0x3e, 0x1e, 0x6e, 0xe9,
+    0x18, 0xa0, 0x5b, 0x69, 0xce, 0xfd, 0x3d, 0x77, 0x81, 0x95,
+    0x3b, 0xf1, 0xde, 0x26, 0xe9, 0x27, 0xef, 0x92, 0x2a, 0x97,
+    0xdc, 0x95, 0xa5, 0xa3, 0xb0, 0xfb, 0x96, 0x89, 0x4f, 0xe6,
+    0xc1, 0x42, 0x0b, 0xfd, 0xb4, 0x6d, 0x0a, 0x9f, 0x9b, 0x31,
+    0xd8, 0x21, 0x38, 0x8a, 0xee, 0xb6, 0x5c, 0x12, 0xa8, 0xb4,
+    0x07, 0x79, 0x41, 0xa7, 0x7f, 0x13, 0x74, 0xad, 0x0b, 0xee,
+    0x28, 0x52, 0xac, 0x2f, 0x4d, 0x30, 0x1c, 0xc5, 0xa6, 0xa5,
+    0x61, 0x42, 0xbd, 0xe1, 0x4f, 0xd3, 0xec, 0x66, 0xf2, 0x63,
+    0xf4, 0x93, 0xdb, 0x35, 0x2d, 0x3b, 0x71, 0x25, 0x09, 0xde,
+    0xda, 0x46, 0xda, 0xe2, 0xa7, 0xa3, 0xdf, 0xcd, 0xbf, 0x58,
+    0x05, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x03,
+    0xc0, 0x5f, 0xd5, 0x15, 0x1b, 0x09, 0xe4, 0xa7, 0xc0, 0xa6,
+    0xd8, 0x0d, 0xa8, 0x2a, 0xd3, 0x1d, 0x46, 0x03, 0x07, 0xf0,
+    0x98, 0xe4, 0x4b, 0x99, 0x66, 0x8e, 0x72, 0xe7, 0xbb, 0x51,
+    0xc6, 0x1a, 0xbe, 0x36, 0xf4, 0x52, 0xba, 0xa8, 0xbf, 0xaa,
+    0xe3, 0x71, 0x1d, 0x83, 0x21, 0xc0, 0xa6, 0x88, 0x4f, 0xf7,
+    0x2b, 0x93, 0x26, 0xe4, 0xa7, 0xed, 0x50, 0x18, 0xaa, 0xf4,
+    0x4c, 0xa2, 0xfe, 0x92, 0x7c, 0xde, 0x2e, 0x54, 0x76, 0xc2,
+    0x25, 0x1e, 0x98, 0xa6, 0x48, 0x01, 0x39, 0x6f, 0x1f, 0x24,
+    0x97, 0x9b, 0x64, 0x95, 0x1c, 0x8d, 0x63, 0x8d, 0x44, 0x6f,
+    0x9d, 0xdf, 0xf4, 0x1a, 0xa5, 0x9a, 0x1e, 0xd3, 0x6c, 0xae,
+    0xa9, 0x8c, 0x3f, 0xfb, 0x2f, 0x78, 0xf6, 0xa6, 0xd6, 0x06,
+    0xd3, 0xb7, 0x26, 0xff, 0x1e, 0xdb, 0x8d, 0xcc, 0x37, 0x4d,
+    0x5c, 0xe2, 0xc3, 0xa5, 0x75, 0xe6, 0xf9, 0xb4, 0x4c, 0x84,
+    0x6f, 0x9e, 0x58, 0x55, 0xc8, 0x01, 0xfa, 0x32, 0xd2, 0x6e,
+    0x2b, 0x45, 0xf2, 0xc6, 0x48, 0xad, 0x40, 0xd8, 0xb9, 0x3c,
+    0x1b, 0xf8, 0xf7, 0x82, 0xd3, 0x0e, 0x73, 0xe3, 0xb1, 0x5b,
+    0x82, 0x71, 0x77, 0x3f, 0x6f, 0x36, 0x9a, 0xe0, 0xec, 0x51,
+    0xf8, 0x5f, 0x84, 0x92, 0xee, 0xb8, 0x7e, 0xe7, 0x1a, 0x14,
+    0x50, 0x82, 0x7a, 0x4d, 0xe6, 0xd6, 0xa3, 0x76, 0x24, 0x8a,
+    0x5f, 0xfe, 0x19, 0xdd, 0xd7, 0xf7, 0x5b, 0xae, 0x18, 0x04,
+    0x90, 0xcd, 0x5c, 0xe5, 0x64, 0xe8, 0x04, 0xb1, 0x06, 0xa5,
+    0xdd, 0xf8, 0x9d, 0x71, 0x13, 0xaa, 0x36, 0x7f, 0x61, 0x27,
+    0xf4, 0xac, 0x95, 0x7d, 0x1a, 0x99, 0x7d, 0xe0, 0xd5, 0x9c,
+    0x5a, 0xad, 0x9a, 0xff, 0x54, 0xb0, 0xb1, 0x55, 0x45, 0x2d,
+    0x19, 0x58, 0x52, 0x28, 0xdd, 0xe0, 0xb5, 0x65, 0x52, 0x97,
+    0x45, 0xf0, 0x2b, 0x98, 0x1f, 0x61, 0x6c, 0x9d, 0xaa, 0x59,
+    0x85, 0xf9, 0x97, 0x7b, 0xbd, 0xeb, 0x95, 0x81, 0xfb, 0x29,
+    0x8c, 0xf0, 0x52, 0xdf, 0xed, 0xee, 0xb2, 0x00, 0x32, 0x35,
+    0x14, 0xa8, 0xa4, 0xca, 0x91, 0xff, 0x18, 0xb7, 0x96, 0xfb,
+    0x32, 0x62, 0xa9, 0xa0, 0xd0, 0x77, 0x43, 0xf5, 0x99, 0xd1,
+    0xee, 0xe8, 0xad, 0x1a, 0x2c, 0xd4, 0xeb, 0xe1, 0xf5, 0x01,
+    0x41, 0x78, 0xc0, 0x27, 0x19, 0x50, 0x2e, 0xba, 0x22, 0xd1,
+    0xeb, 0xb3, 0xa5, 0x27, 0x0b, 0xec, 0xf9, 0x26, 0x7e, 0x1f,
+    0xe7, 0x17, 0x9f, 0x39, 0xa8, 0x72, 0x22, 0x63, 0x79, 0x6a,
+    0x9c, 0x89, 0x55, 0x9a, 0xb4, 0x61, 0x41, 0xbc, 0xaa, 0x14,
+    0x37, 0x29, 0x03, 0xc0, 0x52, 0x4e, 0x31, 0x44, 0x8f, 0x2e,
+    0x17, 0x81, 0x88, 0xf4, 0xce, 0xda, 0x41, 0xb8, 0xd5, 0x14,
+    0x91, 0x8c, 0xca, 0xd2, 0x0d, 0x99, 0x06, 0x09, 0xc2, 0xb7,
+    0xe8, 0xae, 0xfa, 0x01, 0xea, 0x99, 0x62, 0x68, 0xb6, 0xdf,
+    0xc8, 0x27, 0xae, 0xbf, 0xb0, 0x9b, 0x5b, 0x1a, 0xa2, 0xe2,
+    0x5a, 0x7a, 0xe5, 0x4b, 0x92, 0x1f, 0xff, 0x73, 0xae, 0x16,
+    0x40, 0x78, 0x42, 0x28, 0xbb, 0x13, 0x5e, 0xbc, 0x71, 0x7a,
+    0x78, 0x3e, 0xd8, 0x1b, 0xc2, 0x2c, 0xd6, 0xdc, 0xfa, 0x39,
+    0x72, 0xf8, 0xa2, 0x2c, 0x8b, 0x1c, 0x5d, 0xab, 0xb8, 0x07,
+    0xc7, 0xae, 0x29, 0x93, 0x68, 0xbf, 0x61, 0xe9, 0xa4, 0x37,
+    0x83, 0x7d, 0x13, 0xc7, 0x18, 0xf0, 0x7d, 0xa4, 0x20, 0x47,
+    0x14, 0x68, 0x95, 0x46, 0x56, 0x6d, 0xd5, 0x7b, 0xe1, 0x51,
+    0x8f, 0x96, 0xc1, 0x7b, 0x35, 0x09, 0x7a, 0x89, 0x0e, 0xdf,
+    0x12, 0xd5, 0xe1, 0x9c, 0x2a, 0x94, 0x95, 0x43, 0x93, 0x48,
+    0xa6, 0x23, 0xe6, 0xd8, 0xf2, 0xb8, 0x0e, 0xba, 0x6d, 0x61,
+    0x03, 0xaf, 0x40, 0x63, 0x2b, 0x2f, 0xee, 0x61, 0x4c, 0xc4,
+    0x70, 0x3d, 0x78, 0xc1, 0x4f, 0x8e, 0x0b, 0x9b, 0x06, 0x35,
+    0x6d, 0x6d, 0x83, 0x37, 0xbb, 0x39, 0x7d, 0x7f, 0x33, 0x93,
+    0xc4, 0xeb, 0x8e, 0xfc, 0xda, 0xf0, 0x54, 0xfe, 0x1d, 0xc4,
+    0xd3, 0x83, 0x99, 0xdf, 0x65, 0xee, 0x00, 0x7d, 0x86, 0x27,
+    0xd4, 0x3a, 0x6b, 0xe6, 0x82, 0x8e, 0x58, 0x2d, 0x03, 0x38,
+    0xef, 0x6c, 0x82, 0x87, 0x18, 0x3b, 0x47, 0xe7, 0xbc, 0xe1,
+    0x58, 0x70, 0x4d, 0x46, 0x96, 0x34, 0x60, 0x96, 0x15, 0x09,
+    0x3c, 0x84, 0x40, 0xaf, 0x80, 0x32, 0x75, 0xc7, 0x23, 0x6c,
+    0xfb, 0x1d, 0x57, 0x73, 0x19, 0x09, 0xe8, 0x1a, 0x4c, 0x02,
+    0x5c, 0x7e, 0x4e, 0xbe, 0x75, 0xf8, 0x73, 0xff, 0x2d, 0x54,
+    0x19, 0x55, 0xf5, 0xf4, 0x1b, 0xc9, 0xbc, 0xc2, 0x19, 0xcb,
+    0xb7, 0x4e, 0x6a, 0x0d, 0xff, 0xca, 0x7d, 0xd0, 0x88, 0x91,
+    0x8b, 0x9b, 0x21, 0xa4, 0xa2, 0x43, 0x0d, 0xbc, 0x9e, 0x73,
+    0x7d, 0x54, 0x7d, 0x95, 0xcc, 0x63, 0x5e, 0xc1, 0xb8, 0xe6,
+    0x27, 0xff, 0x20, 0x07, 0xe8, 0x6e, 0x7e, 0xf2, 0x0f, 0x5a,
+    0x09, 0xef, 0xe5, 0x4d, 0x80, 0x39, 0x95, 0xd5, 0xf4, 0xee,
+    0x3b, 0xca, 0x7c, 0x73, 0xf8, 0x39, 0x5a, 0xc1, 0x1d, 0x7d,
+    0x94, 0x72, 0x32, 0xad, 0x58, 0xe2, 0xfc, 0x71, 0x6e, 0x66,
+    0xaa, 0xa1, 0x59, 0xd6, 0xac, 0xab, 0xbe, 0x8c, 0x53, 0x99,
+    0xcd, 0xe8, 0x2d, 0xb5, 0xb3, 0x46, 0x58, 0x2e, 0x16, 0xd7,
+    0x4d, 0x8b, 0x7d, 0x4a, 0xb1, 0x4c, 0x85, 0x91, 0x1b, 0x57,
+    0x54, 0xf8, 0x14, 0x59, 0xdb, 0xc4, 0x2c, 0x9c, 0x08, 0x6d,
+    0x3d, 0xd7, 0xf6, 0xa6, 0xe6, 0xb3, 0x2a, 0xe7, 0x29, 0x1c,
+    0xab, 0xb4, 0xed, 0x13, 0x19, 0xf8, 0xb6, 0x60, 0x92, 0x44,
+    0x53, 0xd4, 0xa9, 0x7e, 0xba, 0x21, 0xa2, 0xdc, 0x6e, 0xa5,
+    0x5e, 0x53, 0x59, 0x3c, 0x52, 0x61, 0x7b, 0x5f, 0x19, 0xad,
+    0xc8, 0x6d, 0x68, 0x8d, 0x7a, 0xc9, 0xd6, 0xef, 0xeb, 0x67,
+    0x4f, 0xca, 0xe7, 0xf6, 0x29, 0x36, 0x97, 0xfb, 0x3e, 0x37,
+    0x95, 0x85, 0x71, 0x70, 0xf6, 0x63, 0x86, 0x2a, 0x29, 0xd7,
+    0x9a, 0x96, 0x76, 0xa7, 0x47, 0x98, 0x4e, 0x06, 0x31, 0xaf,
+    0xf3, 0x4f, 0x2a, 0x65, 0x90, 0x6a, 0x4b, 0x8e, 0x43, 0x79,
+    0xe2, 0xdd, 0xce, 0x08, 0x1c, 0x01, 0xec, 0x38, 0x41, 0xdd,
+    0x19, 0xd8, 0xf3, 0x36, 0x03, 0x35, 0x03, 0xaf, 0x1c, 0x45,
+    0x3c, 0xac, 0x13, 0xaa, 0x36, 0x16, 0x48, 0x77, 0xb3, 0xbe,
+    0xa3, 0xb3, 0x9d, 0x7f, 0x20, 0xca, 0x74, 0x65, 0xac, 0x93,
+    0xa7, 0x54, 0xad, 0xc8, 0x68, 0x0e, 0xf8, 0x44, 0x1f, 0xad,
+    0x2c, 0xb7, 0x9a, 0x9a, 0x07, 0xe5, 0xcd, 0x87, 0xe0, 0x14,
+    0xb5, 0xaf, 0xd3, 0xd7, 0xcf, 0x13, 0x9f, 0x3b, 0xbd, 0xfe,
+    0x29, 0x0b, 0x72, 0xf5, 0x4c, 0x54, 0x94, 0xc7, 0x66, 0xec,
+    0xa8, 0x41, 0x96, 0x3d, 0x17, 0xed, 0x19, 0xc0, 0x82, 0x3e,
+    0x5f, 0x9a, 0x91, 0xfe, 0xd1, 0x2f, 0xb8, 0x94, 0xaa, 0x58,
+    0x68, 0x95, 0x31, 0x87, 0x57, 0x9a, 0x75, 0x94, 0x4d, 0x38,
+    0x7d, 0x56, 0x82, 0x81, 0x9c, 0xb9, 0x34, 0x2b, 0xe7, 0x40,
+    0xd9, 0x3c, 0x77, 0x5b, 0x95, 0x51, 0x06, 0x11, 0x41, 0xe3,
+    0x8b, 0xb7, 0x32, 0xeb, 0xe1, 0x05, 0x1b, 0x10, 0xa8, 0x0e,
+    0xa1, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xfa, 0x38, 0x34, 0xfe,
+    0x55, 0x87, 0x71, 0x62, 0x47, 0x00, 0x33, 0x64, 0x67, 0x70,
+    0x79, 0x76, 0xdf, 0xfe, 0xc3, 0x28, 0x38, 0xdf, 0x90, 0xd4,
+    0xc0, 0xee, 0x98, 0xbf, 0x9d, 0x9b, 0x85, 0xd8, 0x61, 0x65,
+    0xa5, 0x70, 0xf5, 0xd2, 0x2c, 0xbf, 0x2f, 0xb5, 0x55, 0x79,
+    0x92, 0x13, 0xba, 0x4d, 0x3c, 0x39, 0xbf, 0xd5, 0x31, 0x13,
+    0x7a, 0x31, 0xf4, 0x8b, 0xce, 0xf8, 0xd0, 0xd3, 0x9b, 0xe2,
+    0xee, 0x31, 0xdb, 0xba, 0xcc, 0x1a, 0xba, 0x1c, 0x8d, 0xee,
+    0xea, 0xcb, 0xd3, 0x5a, 0xad, 0x87, 0xd6, 0xf9, 0x15, 0x2f,
+    0x6e, 0x00, 0x06, 0x74, 0x25, 0x8d, 0xff, 0xc8, 0xa6, 0x11,
+    0x1c, 0xe8, 0x16, 0x1a, 0xde, 0x53, 0x05, 0xb9, 0x53, 0x55,
+    0x28, 0x83, 0x3d, 0xbe, 0x61, 0x0c, 0xc4, 0x98, 0x7d, 0xf6,
+    0xec, 0x36, 0xc3, 0xe5, 0xe7, 0x1d, 0x14, 0x64, 0xcb, 0x0d,
+    0x62, 0x5d, 0x7a, 0xcd, 0x88, 0xfc, 0x66, 0x4e, 0xf9, 0x36,
+    0x47, 0x95, 0x18, 0x3a, 0x48, 0x2a, 0xff, 0x62, 0x8f, 0x6c,
+    0xe2, 0xc2, 0xe9, 0xd3, 0x6a, 0x45, 0x5c, 0xf5, 0x89, 0x53,
+    0x5c, 0xbe, 0xcf, 0xad, 0x87, 0x22, 0x9c, 0x31, 0x48, 0xdb,
+    0xd8, 0xe4, 0xe5, 0x38, 0xae, 0xc2, 0xb0, 0xd2, 0xba, 0xb7,
+    0x30, 0x53, 0x2d, 0xb1, 0x35, 0xf1, 0x58, 0x0f, 0x8a, 0x06,
+    0x51, 0x76, 0xb9, 0x2c, 0x32, 0xe0, 0xd1, 0xaa, 0x82, 0x34,
+    0x69, 0x71, 0x1c, 0x5f, 0x35, 0xa8, 0x9d, 0x11, 0xac, 0x13,
+    0xdb, 0x7b, 0xf6, 0x93, 0xe3, 0xb9, 0xbd, 0xd9, 0xb2, 0x86,
+    0xff, 0x61, 0x88, 0x2b, 0x72, 0x5c, 0x84, 0xe1, 0x0c, 0x72,
+    0xab, 0x44, 0xff, 0x23, 0x13, 0xaf, 0xd1, 0x5a, 0xd3, 0xea,
+    0x73, 0xfe, 0xd5, 0xa4, 0x7d, 0x9e, 0x4e, 0xac, 0x03, 0x93,
+    0x72, 0x14, 0x2d, 0x96, 0x6f, 0xee, 0xb4, 0xcd, 0x4e, 0xab,
+    0xea, 0x71, 0x93, 0x81, 0xe0, 0x3d, 0xcd, 0x61, 0x96, 0x25,
+    0x76, 0xbd, 0xc4, 0xb5, 0xdd, 0x7c, 0xf1, 0xb9, 0xe1, 0x2c,
+    0x58, 0x1b, 0xa4, 0x46, 0x4b, 0x12, 0x57, 0x58, 0xaa, 0x3a,
+    0xae, 0x89, 0xa3, 0xb3, 0xcf, 0x1f, 0x8d, 0x67, 0xdf, 0x6d,
+    0x7e, 0x8e, 0xfa, 0xc5, 0x09, 0x73, 0x46, 0x56, 0x55, 0x90,
+    0xeb, 0x77, 0x4e, 0x16, 0x4f, 0x68, 0x7b, 0x1f, 0x61, 0x23,
+    0xec, 0xa9, 0x71, 0x30, 0x33, 0x25, 0xc7, 0x4e, 0x26, 0x2e,
+    0x4e, 0x2b, 0xc2, 0x64, 0x5f, 0xf5, 0x8f, 0x7a, 0x4b, 0x1c,
+    0x06, 0xb3, 0x91, 0xf6, 0x9b, 0x51, 0xb7, 0xb0, 0x64, 0x72,
+    0x04, 0xe5, 0xfa, 0x14, 0x2f, 0xed, 0x61, 0x29, 0x03, 0x73,
+    0x19, 0x15, 0x6e, 0x2c, 0x8b, 0x0e, 0xec, 0x4d, 0xf1, 0xe3,
+    0x6f, 0x58, 0x7c, 0xc9, 0x48, 0x67, 0x3f, 0x51, 0xb5, 0xb7,
+    0x26, 0x46, 0xa7, 0x25, 0x79, 0x55, 0xfe, 0x3a, 0x44, 0xb4,
+    0x44, 0xfc, 0xb8, 0x14, 0x34, 0x47, 0xd7, 0xa3, 0x0e, 0x76,
+    0xe7, 0x83, 0x9a, 0x02, 0xc3, 0xcf, 0x2b, 0xd9, 0x83, 0x93,
+    0xd5, 0xee, 0x99, 0x74, 0x45, 0x62, 0x23, 0xa6, 0x02, 0xc9,
+    0xc0, 0x10, 0x70, 0x0a, 0x99, 0x29, 0x0c, 0x79, 0x04, 0x4c,
+    0x77, 0x21, 0x96, 0xf0, 0xa5, 0x17, 0x22, 0xbe, 0xab, 0x9b,
+    0xd7, 0x42, 0xd3, 0xe9, 0xc0, 0x42, 0x44, 0x7d, 0x9d, 0xc9,
+    0x3d, 0xf9, 0x36, 0x97, 0x1b, 0x75, 0x52, 0x8f, 0xe9, 0xb9,
+    0x8c, 0xa7, 0x64, 0x19, 0x5b, 0x5d, 0x60, 0xb4, 0x42, 0x95,
+    0xc9, 0xdb, 0x82, 0x03, 0xc6, 0xb0, 0x28, 0x72, 0x64, 0x03,
+    0x41, 0x4d, 0x8f, 0xc6, 0xd0, 0xcd, 0x02, 0x82, 0x01, 0xe1,
+    0x00, 0xe8, 0x66, 0xa7, 0xf9, 0x0f, 0x5a, 0x21, 0xfc, 0x88,
+    0x4e, 0x91, 0xd5, 0x4a, 0xf0, 0xf4, 0x32, 0xe5, 0x0d, 0xf3,
+    0x06, 0x95, 0xd0, 0x4e, 0x47, 0x0c, 0x04, 0x66, 0x77, 0xfd,
+    0xb8, 0x93, 0x0d, 0xff, 0x8f, 0x97, 0xa0, 0x4a, 0x36, 0x37,
+    0xa6, 0x5e, 0x95, 0x79, 0xc8, 0xb2, 0x21, 0x98, 0x81, 0xf1,
+    0xb8, 0xf4, 0x52, 0xaf, 0x3c, 0x8c, 0x86, 0x85, 0x55, 0x56,
+    0xfc, 0x90, 0xe3, 0x32, 0x50, 0x7c, 0x54, 0x07, 0x9e, 0xed,
+    0xfc, 0xd4, 0xb9, 0x5c, 0x98, 0x22, 0xfb, 0x72, 0xd7, 0x83,
+    0xf0, 0xd1, 0x61, 0x10, 0xbd, 0x68, 0x5d, 0x72, 0xc1, 0xce,
+    0x92, 0x43, 0x77, 0x9f, 0xb8, 0x8d, 0x8e, 0xf2, 0xe3, 0x62,
+    0x4a, 0x93, 0x03, 0xd3, 0xd9, 0x01, 0xa8, 0x99, 0x6f, 0xa3,
+    0x4c, 0x6d, 0x7a, 0xf2, 0x9e, 0x8e, 0x6b, 0xbc, 0xe4, 0x9d,
+    0x8e, 0xe7, 0x25, 0x86, 0xa4, 0xa9, 0xc2, 0xef, 0xdf, 0xbb,
+    0x6e, 0x3d, 0x4b, 0x57, 0x95, 0x81, 0x6f, 0x68, 0x3f, 0x19,
+    0xa8, 0xff, 0x5a, 0x08, 0x7a, 0xe4, 0x4c, 0x4e, 0xb4, 0xea,
+    0xf4, 0xc8, 0x2f, 0xef, 0x8c, 0x5e, 0xcd, 0x62, 0x1c, 0x8c,
+    0x93, 0x60, 0x5d, 0xa3, 0x11, 0x64, 0x0b, 0xeb, 0x6d, 0x21,
+    0xbc, 0x3a, 0x5b, 0x5c, 0x0c, 0xa7, 0x8a, 0xc6, 0xa8, 0xe1,
+    0x48, 0x81, 0x01, 0xb5, 0x65, 0xab, 0x2e, 0xbe, 0x38, 0x94,
+    0xf7, 0xa6, 0x33, 0xc1, 0x6e, 0x0b, 0x88, 0x38, 0xe7, 0x1b,
+    0x04, 0x9a, 0x10, 0x2d, 0x1d, 0x3f, 0x5f, 0x5f, 0xc8, 0xef,
+    0xcd, 0xc5, 0x16, 0xdc, 0x84, 0xc0, 0x66, 0xe0, 0xa3, 0xfc,
+    0xfa, 0x96, 0xc7, 0xb7, 0xec, 0x4f, 0x40, 0x0a, 0xc5, 0xbe,
+    0x6d, 0x39, 0x4a, 0x7e, 0x91, 0x4f, 0xe1, 0x03, 0xd2, 0x39,
+    0xbc, 0x87, 0x69, 0xa1, 0xf0, 0x6d, 0x11, 0xf5, 0xb4, 0x9d,
+    0xae, 0x76, 0x6b, 0xc6, 0xbf, 0xe4, 0x47, 0xbc, 0x4d, 0x13,
+    0x88, 0xa8, 0x83, 0xf5, 0xae, 0x1d, 0xfb, 0x4d, 0x4c, 0x44,
+    0x03, 0xd8, 0xa4, 0x2e, 0x4d, 0xf8, 0x5f, 0x45, 0x94, 0x58,
+    0xd7, 0xd9, 0x4b, 0x47, 0xd8, 0xfc, 0x35, 0x05, 0xed, 0xb4,
+    0xb6, 0xc2, 0x36, 0x2e, 0xba, 0xd2, 0x7a, 0xba, 0x69, 0x34,
+    0xbf, 0xf1, 0xa1, 0x5e, 0x17, 0x71, 0x89, 0xd3, 0x54, 0x57,
+    0x05, 0x2b, 0x82, 0xe3, 0x0a, 0x64, 0x5c, 0x3b, 0x8c, 0x6b,
+    0xc7, 0x10, 0x8a, 0xb5, 0xd3, 0xd7, 0x90, 0xeb, 0xdb, 0x1d,
+    0xa0, 0xbf, 0x6b, 0xea, 0xcd, 0x31, 0x7a, 0x8d, 0x64, 0xcc,
+    0x58, 0xc0, 0x07, 0xa4, 0x6e, 0x14, 0x0b, 0xf3, 0xea, 0x3e,
+    0x87, 0x9f, 0x7c, 0xb8, 0x1c, 0x22, 0x26, 0x8a, 0x7d, 0x90,
+    0xdd, 0x57, 0x28, 0x38, 0xcc, 0x0e, 0x71, 0x92, 0x89, 0xee,
+    0x79, 0x88, 0xbc, 0x05, 0x21, 0xda, 0x42, 0x92, 0x52, 0x66,
+    0xac, 0x4a, 0xe5, 0xf5, 0x6e, 0x47, 0xd5, 0xba, 0x37, 0xd3,
+    0x7c, 0x89, 0xd4, 0xd8, 0x6f, 0xde, 0x63, 0x44, 0xb5, 0x88,
+    0xdd, 0xb1, 0x30, 0xb4, 0x6d, 0xcd, 0xbf, 0xc8, 0x34, 0x27,
+    0x59, 0x7d, 0x79, 0xdc, 0x96, 0x5b, 0x8e, 0xc0, 0x87, 0xc0,
+    0x4e, 0x40, 0x07, 0x13, 0x91, 0x6b, 0x3a, 0x12, 0x03, 0x64,
+    0x70, 0xaf, 0x80, 0x24, 0x1c, 0x5c, 0xfb, 0xf5, 0xc0, 0x74,
+    0x5e, 0xaf, 0x06, 0x18, 0x04, 0x67, 0x4a, 0xbd, 0xac, 0xd7,
+    0xca, 0xbe, 0x4e, 0xa1, 0x19, 0x48, 0x7d, 0xa6, 0x59, 0xf6,
+    0x1a, 0x62, 0x50, 0x53, 0x46, 0xa4, 0x5b, 0x9c, 0x5a, 0xfd,
+    0x89, 0x9d, 0xd4, 0xde, 0xf4, 0xa7, 0x3d, 0x88, 0x73, 0xa5,
+    0xb9, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xe7, 0x70, 0x59, 0xc3,
+    0xed, 0xc4, 0x6b, 0xa1, 0xa5, 0x5e, 0x90, 0x2a, 0x8c, 0x6a,
+    0xc2, 0x4e, 0xab, 0xfc, 0xee, 0xf2, 0x23, 0x38, 0xd6, 0xb3,
+    0x93, 0x08, 0x9e, 0x0c, 0x8e, 0x71, 0x2d, 0xa9, 0xe8, 0xdc,
+    0xa5, 0xdc, 0x07, 0xe3, 0xb1, 0x33, 0xdd, 0xa2, 0xf2, 0x3e,
+    0x92, 0x58, 0xe0, 0xf7, 0x53, 0x7f, 0x6e, 0xea, 0x78, 0x8c,
+    0x35, 0x78, 0x43, 0x63, 0x95, 0xbb, 0x1b, 0x1c, 0xbf, 0x91,
+    0x75, 0x14, 0x74, 0xd3, 0x20, 0xba, 0x8f, 0xee, 0x9d, 0x71,
+    0xa1, 0x87, 0x8a, 0x24, 0xd3, 0x61, 0x53, 0xfb, 0xec, 0x16,
+    0x84, 0xbe, 0x4d, 0x39, 0xdd, 0x0a, 0xac, 0xce, 0x20, 0x9c,
+    0xaf, 0x8a, 0x13, 0xf8, 0x22, 0x2f, 0xd4, 0x99, 0x88, 0x74,
+    0xba, 0x16, 0x3a, 0x63, 0xff, 0x4c, 0x5a, 0x03, 0x5a, 0x6f,
+    0xac, 0x29, 0x33, 0xa5, 0x50, 0xd1, 0xda, 0xed, 0x27, 0xcb,
+    0x67, 0x72, 0x63, 0x85, 0xfc, 0xf0, 0xc8, 0x88, 0xbf, 0x85,
+    0xef, 0x4b, 0xfe, 0xae, 0xd9, 0xd5, 0xbb, 0x86, 0xa4, 0x76,
+    0xe8, 0x7f, 0xb4, 0xdb, 0xb1, 0xee, 0x1a, 0x7f, 0x99, 0xd7,
+    0x9b, 0x6f, 0x7a, 0x94, 0x5c, 0xec, 0x2c, 0x60, 0x81, 0xad,
+    0xa7, 0xbe, 0x80, 0x2e, 0x9f, 0xa6, 0xc0, 0xfb, 0x09, 0x6d,
+    0x2b, 0xab, 0xa4, 0x15, 0xc7, 0x79, 0x46, 0x24, 0x89, 0x5c,
+    0x32, 0xb9, 0x87, 0xa9, 0x54, 0x1e, 0x12, 0x90, 0x8e, 0x02,
+    0x80, 0x8c, 0xf8, 0xdb, 0x2f, 0xbc, 0x98, 0x1b, 0xa2, 0x78,
+    0x73, 0x89, 0x03, 0x97, 0xe3, 0x09, 0x08, 0x8b, 0x75, 0xcf,
+    0xdc, 0x23, 0x90, 0x59, 0xef, 0x5b, 0x98, 0x24, 0xb8, 0xe8,
+    0xcf, 0x75, 0xf0, 0x2f, 0xb7, 0xa3, 0xe6, 0x17, 0x06, 0xf0,
+    0x52, 0xfe, 0x21, 0x0a, 0x16, 0x8e, 0xf8, 0xe1, 0xae, 0x25,
+    0x11, 0x5d, 0x8c, 0x95, 0x1b, 0x4f, 0x45, 0xb8, 0xa8, 0xcd,
+    0xe6, 0xf9, 0xca, 0xa0, 0x54, 0x93, 0x95, 0x86, 0x6f, 0xe4,
+    0x93, 0x22, 0x0f, 0xf2, 0xcf, 0xbd, 0x23, 0xb0, 0xf4, 0x8f,
+    0x99, 0xa7, 0x67, 0x99, 0x05, 0x13, 0x1f, 0xeb, 0x88, 0xf8,
+    0xe2, 0x3b, 0xb9, 0x49, 0x35, 0x89, 0x4f, 0xb8, 0x06, 0x37,
+    0x36, 0xda, 0x75, 0x25, 0x0f, 0x0a, 0xaa, 0xc2, 0x6c, 0x3e,
+    0xb1, 0x2d, 0x16, 0xf3, 0x17, 0xdb, 0xe2, 0x16, 0x32, 0x39,
+    0x92, 0x4b, 0x5f, 0xc0, 0x5f, 0x6e, 0xd0, 0x1c, 0x7e, 0xc0,
+    0x51, 0xd9, 0xb3, 0xe2, 0x37, 0xc7, 0xe0, 0x40, 0x13, 0x7d,
+    0x06, 0xcd, 0xcd, 0x72, 0xb6, 0x53, 0x2d, 0x7e, 0x60, 0x49,
+    0xfe, 0x31, 0xe1, 0xd0, 0x0e, 0x4c, 0x98, 0x93, 0xe0, 0xf6,
+    0xf2, 0xfa, 0x99, 0x7f, 0x65, 0xd8, 0x15, 0xc6, 0x3a, 0xb8,
+    0x4d, 0x63, 0x21, 0x78, 0xe4, 0x19, 0x6b, 0xbd, 0xde, 0x40,
+    0x5b, 0x8c, 0xfa, 0x49, 0x75, 0x23, 0x8f, 0x14, 0xc2, 0x3b,
+    0xa3, 0x9b, 0xc5, 0x80, 0x1a, 0xa3, 0x60, 0xd7, 0x17, 0x27,
+    0xf0, 0x18, 0x0f, 0xba, 0x02, 0xf7, 0x7a, 0xed, 0xa4, 0x00,
+    0x77, 0xde, 0x4b, 0xdd, 0xf9, 0xd7, 0x3e, 0x75, 0xed, 0x1a,
+    0x43, 0x26, 0x71, 0x1b, 0xbc, 0x72, 0xf5, 0x70, 0x72, 0x03,
+    0x70, 0x25, 0x87, 0x81, 0x6a, 0x92, 0x2d, 0xb7, 0x02, 0xf0,
+    0x10, 0x79, 0x65, 0x9d, 0x4e, 0x11, 0x7d, 0x5c, 0x5b, 0x37,
+    0xaa, 0xb4, 0xfa, 0x43, 0x66, 0x48, 0x6c, 0x67, 0x64, 0x9e,
+    0x15, 0x75, 0x36, 0xe7, 0x25, 0x55, 0x07, 0x7f, 0x74, 0x1f,
+    0x2c, 0x28, 0x76, 0xe7, 0x9b, 0x3d, 0x91, 0x0b, 0xcd, 0x6a,
+    0x1d, 0x5a, 0xea, 0x63, 0xd0, 0xf9, 0x02, 0x82, 0x01, 0xe0,
+    0x3e, 0x31, 0xf2, 0xf4, 0x29, 0x92, 0xa2, 0x93, 0xd5, 0xda,
+    0xc9, 0x16, 0x7e, 0xf6, 0xdb, 0x33, 0x9f, 0xaf, 0x4b, 0x01,
+    0xd1, 0x28, 0x2d, 0x3a, 0xc0, 0x51, 0x91, 0x26, 0xbd, 0xa5,
+    0x1e, 0xdd, 0xd9, 0x2e, 0x11, 0x93, 0x19, 0x29, 0x47, 0x5d,
+    0x63, 0xe4, 0xb6, 0xf1, 0xea, 0x12, 0x29, 0xa1, 0x65, 0x12,
+    0x6d, 0x78, 0x8f, 0x63, 0x31, 0xec, 0x72, 0x54, 0x73, 0x72,
+    0x26, 0x48, 0x57, 0x57, 0xc8, 0xde, 0x28, 0x27, 0xf5, 0x62,
+    0xfb, 0x7f, 0x1b, 0xf3, 0xaf, 0x31, 0x01, 0xfc, 0x01, 0x58,
+    0x7a, 0x80, 0x72, 0x9d, 0x6e, 0x07, 0xcc, 0x45, 0x67, 0xc6,
+    0x26, 0xfe, 0x25, 0xa5, 0x9b, 0x64, 0xcd, 0x45, 0xe3, 0x31,
+    0x38, 0x05, 0x07, 0x36, 0x05, 0x46, 0x9c, 0xc1, 0x8e, 0xbf,
+    0x4e, 0x71, 0x5f, 0xea, 0xe5, 0x0c, 0x9a, 0x41, 0xc8, 0x94,
+    0xcc, 0xf1, 0x73, 0x06, 0x30, 0x54, 0x76, 0x23, 0xb7, 0x22,
+    0x7a, 0x8e, 0xe6, 0x42, 0xa1, 0xa0, 0x32, 0x12, 0xe9, 0x08,
+    0x1c, 0x46, 0x79, 0x0c, 0x82, 0x7a, 0x95, 0x79, 0xbf, 0x83,
+    0x80, 0xeb, 0xab, 0x3d, 0x32, 0xc5, 0xde, 0x62, 0xeb, 0x90,
+    0x29, 0x73, 0x05, 0xc8, 0x0a, 0xb1, 0x51, 0xf1, 0x23, 0xdd,
+    0x1e, 0xf5, 0x02, 0x3e, 0x74, 0xbc, 0x24, 0x0c, 0x60, 0x36,
+    0x2a, 0x28, 0x4d, 0xe6, 0x86, 0x98, 0x7c, 0xd9, 0xe1, 0xac,
+    0x21, 0x33, 0xaa, 0xa9, 0x8b, 0xb6, 0x8a, 0x1b, 0xf7, 0x54,
+    0x14, 0xf3, 0x0d, 0x4f, 0xcd, 0x7c, 0xf5, 0xc2, 0x6d, 0xc2,
+    0xf0, 0xe2, 0xfc, 0x63, 0x1e, 0xa6, 0xa9, 0xa9, 0xd9, 0x73,
+    0x2a, 0xd5, 0x0a, 0x38, 0xd8, 0xc0, 0xb7, 0xe1, 0x51, 0xe4,
+    0x23, 0x37, 0xf7, 0x85, 0x66, 0x0e, 0x3f, 0x1a, 0x8c, 0xcf,
+    0x12, 0xa2, 0x47, 0x6f, 0x73, 0x91, 0x21, 0xe3, 0x93, 0x6b,
+    0x74, 0x4f, 0xc5, 0xa1, 0xe7, 0x32, 0xf7, 0x86, 0xdd, 0x1a,
+    0x6e, 0x96, 0xda, 0x32, 0x1d, 0xdd, 0xfa, 0x42, 0xd5, 0xd4,
+    0xfd, 0xae, 0x7a, 0xa1, 0xed, 0x3d, 0x79, 0xfe, 0x88, 0x84,
+    0x43, 0xa7, 0xec, 0xf3, 0x7a, 0x13, 0xaa, 0xa1, 0x82, 0x02,
+    0x83, 0x19, 0x43, 0x0a, 0x46, 0x78, 0x07, 0xd9, 0x4d, 0xff,
+    0xac, 0x67, 0xd6, 0x29, 0x89, 0xfe, 0x2b, 0xab, 0x5f, 0x9a,
+    0x87, 0x99, 0x80, 0xaf, 0x70, 0x4a, 0x6a, 0xb9, 0x5a, 0xc2,
+    0xac, 0x7f, 0xa2, 0xc7, 0xad, 0xe2, 0x1f, 0xec, 0xc5, 0x12,
+    0x17, 0x08, 0x87, 0x8f, 0x20, 0x95, 0xbe, 0xaf, 0x62, 0x2c,
+    0xc2, 0x3f, 0x89, 0x56, 0xd8, 0x50, 0x96, 0x97, 0x72, 0xe2,
+    0x92, 0xe1, 0x2a, 0xd8, 0x84, 0x9f, 0x31, 0xe3, 0x06, 0xd8,
+    0xe5, 0x91, 0x63, 0x19, 0xe1, 0x27, 0xad, 0xe2, 0xf2, 0x0a,
+    0x5e, 0x78, 0x8b, 0x1b, 0x13, 0x31, 0x4b, 0xbd, 0x77, 0xb2,
+    0xd6, 0x5c, 0x92, 0x81, 0x50, 0x02, 0x37, 0xd2, 0xe6, 0xeb,
+    0x66, 0x6b, 0xaa, 0xfc, 0xcd, 0x54, 0x5d, 0xb8, 0x03, 0x87,
+    0xe8, 0xfa, 0xb2, 0xde, 0xcb, 0xf8, 0x6e, 0x58, 0xde, 0xcb,
+    0x09, 0x54, 0x8a, 0x9f, 0x46, 0xa3, 0x7e, 0x8d, 0x15, 0xff,
+    0x1b, 0x0d, 0x89, 0xc4, 0x1a, 0x21, 0x31, 0x5e, 0xed, 0x0b,
+    0x67, 0x3c, 0x70, 0xed, 0x92, 0x48, 0xef, 0xec, 0xf0, 0x77,
+    0xc2, 0x79, 0x6c, 0x06, 0x09, 0xaa, 0xab, 0xf6, 0x4c, 0xcd,
+    0xfa, 0x7e, 0x4a, 0x88, 0xdc, 0xa8, 0x9b, 0xd3, 0x69, 0x94,
+    0x88, 0x09, 0x1d, 0x30, 0x43, 0x9e, 0x2c, 0xcb, 0x01, 0x1d,
+    0x4a, 0x3b, 0x04, 0xec, 0x0e, 0xb1, 0xde, 0x09, 0xad, 0x29,
+    0x02, 0x82, 0x01, 0xe1, 0x00, 0x9f, 0x02, 0x13, 0x7a, 0xd0,
+    0xa9, 0x8a, 0x7a, 0xa0, 0x05, 0xbb, 0x44, 0x6f, 0xaf, 0xf7,
+    0xe3, 0xd4, 0x35, 0xef, 0x73, 0x39, 0xd5, 0xe0, 0xa2, 0x0f,
+    0x1a, 0x25, 0xa8, 0xf7, 0xc2, 0xa5, 0xec, 0x57, 0xf8, 0x0d,
+    0x2a, 0xb6, 0x64, 0x03, 0x8c, 0x22, 0x0f, 0xe7, 0x98, 0xa1,
+    0x12, 0xfe, 0x24, 0xef, 0x61, 0x28, 0x9f, 0xa7, 0x22, 0x6b,
+    0x6d, 0xab, 0x8d, 0x7d, 0x2a, 0x8b, 0xae, 0x8b, 0xfd, 0xcb,
+    0xd5, 0x0b, 0x79, 0x1b, 0x89, 0xcb, 0x5b, 0x7a, 0x8c, 0xdc,
+    0xe8, 0x8d, 0xdd, 0x35, 0x9f, 0x06, 0x69, 0x64, 0x12, 0xeb,
+    0x46, 0x79, 0xdf, 0x82, 0x2c, 0x89, 0x75, 0x9e, 0x7a, 0xec,
+    0xad, 0xe5, 0x88, 0x31, 0xfa, 0x86, 0x93, 0xca, 0xf1, 0x2d,
+    0x9b, 0x62, 0x5a, 0xe9, 0x43, 0x09, 0xf3, 0x8c, 0xe5, 0xc7,
+    0xc0, 0xce, 0x86, 0xe7, 0xdb, 0xc7, 0x4d, 0x27, 0xd5, 0xee,
+    0x76, 0xce, 0x35, 0x30, 0x47, 0xef, 0x00, 0x1b, 0x69, 0x9a,
+    0x3f, 0xa5, 0x2a, 0xc9, 0x07, 0xab, 0x99, 0xba, 0x2a, 0xe7,
+    0xfb, 0xa9, 0x4e, 0xb9, 0xae, 0x2c, 0x50, 0xfc, 0x35, 0x49,
+    0xe6, 0x97, 0x78, 0x3c, 0xb1, 0x59, 0xd7, 0x1d, 0x4e, 0x4e,
+    0xea, 0xde, 0xa0, 0xd0, 0xc4, 0x1d, 0xb1, 0xd3, 0x53, 0x1e,
+    0xf9, 0xbf, 0xb3, 0x6a, 0x17, 0xb4, 0xda, 0xcc, 0x27, 0x19,
+    0xc6, 0x35, 0xe8, 0x28, 0xd3, 0xe3, 0x76, 0x3a, 0xdc, 0xd0,
+    0x75, 0xc8, 0xb4, 0x6c, 0xbe, 0x84, 0x2a, 0x45, 0xd1, 0x43,
+    0x22, 0x54, 0xd7, 0xc5, 0xd0, 0xd7, 0x73, 0x35, 0x6b, 0xa8,
+    0xfa, 0xad, 0x60, 0xc0, 0x64, 0xc1, 0x58, 0x89, 0x09, 0x81,
+    0x0a, 0x0b, 0xea, 0x33, 0x91, 0xb0, 0xef, 0x53, 0x50, 0x41,
+    0xae, 0xd9, 0xee, 0xbe, 0x9e, 0xf0, 0x0b, 0xa0, 0x7c, 0xbf,
+    0x3f, 0xc9, 0x4b, 0xe0, 0x48, 0xd8, 0x10, 0xd5, 0x2e, 0xce,
+    0xf0, 0x7c, 0xd8, 0x05, 0xde, 0x09, 0x7e, 0x8c, 0x63, 0x4c,
+    0xdb, 0x8b, 0x91, 0xcd, 0x7f, 0xb6, 0x6b, 0xad, 0xce, 0xb1,
+    0x17, 0x6c, 0xf7, 0x08, 0x0d, 0x7c, 0xda, 0x4f, 0x0a, 0x07,
+    0xd0, 0xae, 0x72, 0x3c, 0x67, 0x4a, 0x44, 0x54, 0x47, 0xce,
+    0xe1, 0x17, 0x07, 0x12, 0xde, 0x52, 0xef, 0xef, 0x4c, 0x2b,
+    0x42, 0x7d, 0x09, 0x80, 0x36, 0x34, 0xdc, 0x45, 0x6f, 0xb0,
+    0x2d, 0xab, 0xa0, 0x0c, 0x58, 0xae, 0x35, 0xd3, 0x9b, 0x37,
+    0xc1, 0x1d, 0xeb, 0xfe, 0xc3, 0x04, 0xc9, 0x1d, 0xe7, 0x3d,
+    0x16, 0x64, 0xed, 0xf5, 0xe8, 0xdf, 0x99, 0xa4, 0xfb, 0xad,
+    0x79, 0x88, 0xd5, 0x8c, 0x62, 0x33, 0x9e, 0x35, 0xa6, 0x7f,
+    0x9d, 0xb6, 0x1a, 0x40, 0x6d, 0xc3, 0x89, 0x5d, 0x7b, 0xe2,
+    0xc8, 0xd3, 0x16, 0x13, 0x07, 0x9a, 0x38, 0x22, 0x33, 0x03,
+    0xac, 0x70, 0x3e, 0xce, 0x32, 0x56, 0x0b, 0x58, 0x56, 0xb8,
+    0xe9, 0xd8, 0x42, 0x35, 0x6c, 0xb9, 0x02, 0xb3, 0x64, 0xeb,
+    0xaa, 0x09, 0x3f, 0xac, 0x66, 0x08, 0xb4, 0x5f, 0x3e, 0xb4,
+    0xec, 0x39, 0xb1, 0x99, 0xe4, 0x5d, 0x1d, 0x32, 0x14, 0xc1,
+    0x48, 0x8f, 0x6c, 0x65, 0x87, 0x34, 0x50, 0xa4, 0xf4, 0x9b,
+    0x5b, 0x2e, 0xb5, 0x79, 0x0d, 0x11, 0x62, 0xa4, 0x35, 0x9c,
+    0x6f, 0x92, 0xd0, 0x68, 0x07, 0xdd, 0x69, 0x85, 0x48, 0xe3,
+    0x5d, 0x10, 0x34, 0xaf, 0xea, 0x41, 0x72, 0x5a, 0x71, 0x00,
+    0xf8, 0xe6, 0x47, 0x7f, 0xa0, 0x6f, 0x91, 0x96, 0x40, 0x00,
+    0x40, 0x70, 0xfb, 0x63, 0xcf, 0xc9, 0x36, 0x04, 0x1c, 0x3b,
+    0x11, 0x08, 0x29, 0x81, 0x9f
+};
+
+static unsigned char test15360[] = {
+    0x30, 0x82, 0x21, 0xe8, 0x02, 0x01, 0x00, 0x02, 0x82, 0x07,
+    0x81, 0x00, 0xad, 0x3f, 0xaa, 0xdc, 0x8c, 0x85, 0xcb, 0x60,
+    0xd2, 0xf5, 0x30, 0xa1, 0x0f, 0x26, 0xec, 0xdf, 0xfc, 0x91,
+    0x39, 0xbd, 0x3e, 0x8f, 0x99, 0x64, 0x1e, 0x51, 0xd2, 0x27,
+    0x5e, 0x76, 0xcd, 0x86, 0x33, 0x07, 0xf9, 0xbd, 0x3b, 0x06,
+    0xc3, 0x3c, 0x85, 0xcb, 0x7e, 0x91, 0x14, 0xb0, 0x0b, 0x77,
+    0x22, 0x30, 0x71, 0xb8, 0xbb, 0x74, 0x30, 0x33, 0x35, 0x56,
+    0x34, 0x47, 0x10, 0x8f, 0x88, 0xe2, 0x6f, 0xdc, 0x3b, 0xe9,
+    0x58, 0x9d, 0x0c, 0xdc, 0x8f, 0x70, 0x41, 0x7a, 0x12, 0xd2,
+    0x9a, 0x35, 0xbe, 0x0a, 0x57, 0x13, 0x0c, 0xe9, 0xbf, 0x77,
+    0x54, 0x00, 0x74, 0xb7, 0x1a, 0x3e, 0xa7, 0xe9, 0xb6, 0xe7,
+    0x4f, 0x1e, 0xa4, 0xc0, 0x7c, 0x4c, 0x66, 0xc5, 0xce, 0xad,
+    0x96, 0x1b, 0xe2, 0x1a, 0xf1, 0x3d, 0x8b, 0x50, 0xcf, 0xe2,
+    0x15, 0x21, 0x6d, 0x83, 0x95, 0x00, 0xee, 0x97, 0xc4, 0xae,
+    0xc9, 0x38, 0x62, 0x6c, 0xb2, 0xe7, 0x7f, 0x15, 0x0a, 0xab,
+    0x86, 0xb9, 0xd9, 0x8a, 0xf8, 0xeb, 0x88, 0x5d, 0xdc, 0x0c,
+    0x1e, 0xc5, 0xe6, 0xa1, 0x7b, 0xbf, 0xf1, 0x02, 0xe3, 0xad,
+    0xf8, 0xed, 0x17, 0x9f, 0x83, 0x11, 0x31, 0x3b, 0xad, 0xb4,
+    0xf9, 0x8d, 0x1d, 0x56, 0x9b, 0xac, 0x68, 0x55, 0x0a, 0x74,
+    0x20, 0xee, 0x57, 0xe7, 0x1c, 0x6d, 0x05, 0xa1, 0x4e, 0xa5,
+    0x11, 0x99, 0xb4, 0x86, 0xdb, 0x58, 0xe7, 0xf6, 0xb6, 0x4f,
+    0x92, 0x58, 0x57, 0x9b, 0x74, 0x04, 0xe5, 0xd1, 0x1d, 0x7c,
+    0x4b, 0xb8, 0x1f, 0x5d, 0x0e, 0x93, 0xee, 0x44, 0x18, 0xb6,
+    0x58, 0x0e, 0xa1, 0x0b, 0x8e, 0x2e, 0x99, 0x4c, 0x72, 0x91,
+    0xfa, 0xfa, 0xe2, 0x22, 0x05, 0x5d, 0x2b, 0x2d, 0xd8, 0x60,
+    0xd5, 0x1b, 0x08, 0x56, 0x2b, 0xb5, 0x21, 0xdb, 0x1a, 0xe6,
+    0xa8, 0x39, 0xa2, 0xf4, 0x58, 0xcb, 0xd2, 0xf9, 0xce, 0xc0,
+    0x1e, 0x1b, 0xf9, 0xa7, 0x37, 0xca, 0xa3, 0x77, 0x6e, 0xb1,
+    0xaf, 0x33, 0xb5, 0x6d, 0x5f, 0x33, 0x2e, 0x1a, 0x34, 0xdb,
+    0x42, 0xbe, 0x5f, 0xf9, 0x09, 0xb7, 0x9f, 0xd4, 0x09, 0xfb,
+    0x87, 0x13, 0x3c, 0xe2, 0x27, 0xb8, 0xf3, 0x1d, 0x7e, 0x92,
+    0xdd, 0x87, 0x86, 0x55, 0x69, 0x9b, 0x55, 0xcd, 0xef, 0x7a,
+    0x71, 0x5d, 0x81, 0x3a, 0xd9, 0xf7, 0x7f, 0xde, 0xe0, 0x92,
+    0xd9, 0x78, 0x0f, 0x1d, 0x43, 0xb1, 0x1e, 0x29, 0xc1, 0x49,
+    0xb6, 0x5e, 0x85, 0x83, 0xd9, 0x04, 0xfd, 0x79, 0xd8, 0x47,
+    0x03, 0x2e, 0x85, 0x19, 0xfd, 0x63, 0xe7, 0xa4, 0x8b, 0xc0,
+    0x94, 0x0e, 0xb7, 0x54, 0x97, 0xd6, 0x44, 0x5d, 0x63, 0x12,
+    0xff, 0xdd, 0xde, 0x2c, 0x00, 0x0e, 0xc9, 0xca, 0x7e, 0xa2,
+    0x65, 0x25, 0xb0, 0x1d, 0xa9, 0x20, 0x4f, 0xdd, 0xea, 0x3a,
+    0xb5, 0xe8, 0x0f, 0xf3, 0xb2, 0xb7, 0x00, 0x4a, 0xe8, 0xa4,
+    0x83, 0x49, 0xbd, 0x78, 0xdf, 0xac, 0x2c, 0x37, 0x81, 0xb3,
+    0xf3, 0xb7, 0x13, 0x93, 0x3e, 0xb2, 0x79, 0x55, 0xf2, 0xd8,
+    0x9c, 0xf7, 0xf2, 0xf1, 0xd5, 0x6c, 0x9c, 0xff, 0xec, 0xf4,
+    0xea, 0x08, 0x3c, 0x65, 0x35, 0xb7, 0x09, 0x03, 0x6d, 0x99,
+    0x1d, 0x5b, 0x73, 0x06, 0x61, 0xb4, 0xf0, 0xc5, 0xdb, 0x3e,
+    0xe0, 0x1d, 0xa8, 0x5b, 0x7a, 0x5b, 0x5b, 0x9c, 0x11, 0x75,
+    0x83, 0x1d, 0xf4, 0x73, 0x27, 0xf3, 0x79, 0xf2, 0x82, 0xd6,
+    0x28, 0x45, 0x58, 0x23, 0x6c, 0x29, 0xd3, 0x50, 0x51, 0x1b,
+    0x38, 0xef, 0x89, 0x90, 0x84, 0xa2, 0x4c, 0x35, 0x7b, 0x30,
+    0x5e, 0xbd, 0x1a, 0xd5, 0xdf, 0xcd, 0xcd, 0x74, 0x3f, 0x2e,
+    0x01, 0xea, 0x33, 0x07, 0x74, 0xfb, 0x86, 0x75, 0x20, 0x0e,
+    0x4f, 0xbf, 0x65, 0xd4, 0x15, 0x19, 0x6f, 0x8d, 0x37, 0xcd,
+    0xb6, 0x6f, 0x50, 0x9d, 0x5e, 0x04, 0x81, 0x7d, 0xec, 0xd6,
+    0xbb, 0x40, 0x1b, 0xe0, 0xf5, 0xd5, 0x86, 0x26, 0xc5, 0x41,
+    0x84, 0x0e, 0x3e, 0x73, 0xb7, 0xa4, 0xbe, 0x2a, 0xfe, 0xd7,
+    0xe4, 0x4d, 0x5c, 0x2d, 0x6a, 0x04, 0xe6, 0xdd, 0x28, 0xa0,
+    0x75, 0x4c, 0xe0, 0x23, 0x2c, 0xad, 0xec, 0xaa, 0x72, 0xfd,
+    0x03, 0xc0, 0x65, 0xfa, 0xc4, 0x3c, 0x25, 0x10, 0xae, 0x3f,
+    0x09, 0x96, 0x4e, 0xff, 0xfe, 0xc7, 0xe4, 0x9e, 0xec, 0xb5,
+    0x6e, 0xec, 0xf3, 0x7a, 0x83, 0x7a, 0x8b, 0xbb, 0x91, 0x8d,
+    0xab, 0x3c, 0x4d, 0x7f, 0x34, 0x77, 0xbe, 0x0c, 0x87, 0xf2,
+    0xc3, 0xd6, 0xcb, 0xcc, 0xfa, 0x1e, 0xaf, 0x21, 0x24, 0xe9,
+    0xaa, 0x89, 0x61, 0x0c, 0x7a, 0x1c, 0x7d, 0x00, 0x87, 0x69,
+    0x30, 0xa0, 0xb4, 0x3b, 0x96, 0x1c, 0x00, 0x14, 0x07, 0xb8,
+    0x3f, 0x59, 0x62, 0x3a, 0x3f, 0xfb, 0x68, 0xb8, 0x81, 0x7d,
+    0x4a, 0x9d, 0x1c, 0xa2, 0x07, 0xa3, 0xb1, 0x42, 0x7b, 0xfa,
+    0x9b, 0xbc, 0x94, 0x30, 0x7e, 0xea, 0xe7, 0x40, 0x7e, 0xd4,
+    0x0f, 0x33, 0x3b, 0x57, 0xda, 0x8b, 0x6d, 0x64, 0xd5, 0xe4,
+    0x91, 0x83, 0xf0, 0x3d, 0xae, 0x8b, 0x91, 0xf0, 0xcd, 0xb1,
+    0xa0, 0xe0, 0x0d, 0xe1, 0xbb, 0x22, 0x78, 0x1f, 0x3a, 0xe5,
+    0x53, 0x28, 0xf0, 0x35, 0xae, 0x71, 0xe6, 0xfd, 0x63, 0xb2,
+    0x9c, 0x3f, 0xdd, 0x95, 0x7b, 0xc4, 0xe9, 0x2f, 0xd9, 0x93,
+    0x3a, 0x10, 0x42, 0x1c, 0x90, 0xab, 0xfb, 0xd3, 0x02, 0xe9,
+    0x59, 0xbc, 0x53, 0x7e, 0xf3, 0xe1, 0x52, 0x15, 0xa6, 0x58,
+    0x9e, 0xc1, 0xa6, 0x0e, 0x2e, 0x35, 0x07, 0x3a, 0xc3, 0x1f,
+    0xaa, 0x58, 0xe7, 0xc6, 0x33, 0x6a, 0x39, 0x4b, 0x21, 0x15,
+    0x3d, 0x92, 0x4e, 0x5e, 0xf9, 0x01, 0xd6, 0x0f, 0x28, 0x61,
+    0x15, 0xdf, 0xed, 0x6f, 0x75, 0xc4, 0x8f, 0xcb, 0x16, 0x55,
+    0x09, 0xc7, 0x24, 0xb2, 0x0c, 0x49, 0x25, 0x8d, 0x5e, 0xf1,
+    0x0e, 0xe0, 0xe2, 0xc4, 0xcc, 0x1f, 0x4e, 0x60, 0x5c, 0x5e,
+    0xc6, 0x7f, 0x68, 0x7f, 0xdb, 0x1a, 0x01, 0x67, 0x07, 0xb1,
+    0x56, 0x93, 0xf2, 0x26, 0x81, 0xc0, 0x33, 0xb8, 0x48, 0xf9,
+    0x2c, 0x5c, 0x18, 0x29, 0xed, 0xe0, 0x6c, 0xa0, 0xac, 0xd2,
+    0x90, 0x4b, 0x52, 0x87, 0xbb, 0xb5, 0x05, 0xd8, 0x56, 0xc5,
+    0xb8, 0x8f, 0x3f, 0x49, 0x52, 0x9a, 0xa2, 0xd0, 0x40, 0x80,
+    0x5b, 0x16, 0x15, 0xbc, 0x74, 0x8e, 0x00, 0x10, 0xaf, 0xfb,
+    0x6d, 0xba, 0xcb, 0xbc, 0xe6, 0x13, 0x75, 0xce, 0x27, 0xae,
+    0x85, 0x57, 0x6c, 0xc0, 0x8a, 0x84, 0x6f, 0x34, 0x16, 0xd4,
+    0x35, 0xd2, 0xcc, 0x55, 0x00, 0xc1, 0xd8, 0x28, 0x2c, 0x9c,
+    0x84, 0x78, 0xbf, 0xf0, 0x3b, 0x0d, 0x9f, 0x81, 0xd4, 0xef,
+    0x99, 0x77, 0x53, 0xd2, 0x8e, 0x43, 0x52, 0xf0, 0x32, 0x7e,
+    0xba, 0xbf, 0xb6, 0x0e, 0x9d, 0x9b, 0x00, 0xd0, 0x50, 0x55,
+    0x67, 0x5a, 0x2c, 0x8b, 0x9b, 0x29, 0xfb, 0x41, 0x74, 0x4c,
+    0xb7, 0xd8, 0x98, 0xa2, 0xfb, 0x73, 0x07, 0x96, 0xef, 0xcd,
+    0x47, 0x13, 0x1d, 0xe2, 0xb1, 0xac, 0xf3, 0xcf, 0x47, 0x98,
+    0x7b, 0x6f, 0xf6, 0x32, 0x44, 0x41, 0x78, 0x09, 0x8e, 0x64,
+    0x0c, 0xbf, 0xe2, 0x0f, 0x8c, 0x44, 0x2f, 0x4e, 0x55, 0xe0,
+    0xc6, 0xfd, 0x05, 0x74, 0x18, 0x1a, 0xb9, 0xfa, 0xcb, 0xd3,
+    0xfa, 0x69, 0x50, 0x63, 0xce, 0x2b, 0xef, 0x92, 0x0f, 0x11,
+    0xd4, 0x9b, 0x53, 0x6c, 0xed, 0xc5, 0x0b, 0x7c, 0xbd, 0xa1,
+    0x5d, 0xdf, 0xab, 0xcf, 0xaa, 0x83, 0x5e, 0xa8, 0xc5, 0xfe,
+    0x91, 0x2b, 0x23, 0x1f, 0x39, 0x3d, 0x71, 0x74, 0xbf, 0xa2,
+    0xf1, 0xda, 0x2f, 0x29, 0x02, 0x9b, 0xea, 0x48, 0x2c, 0xaf,
+    0xe7, 0xa9, 0xf5, 0x68, 0xab, 0x8f, 0x18, 0xb9, 0x7b, 0x28,
+    0xf0, 0x92, 0xfb, 0x07, 0xd7, 0xbd, 0x43, 0xcd, 0x7f, 0xfc,
+    0xb9, 0x5f, 0x24, 0xf8, 0x48, 0x2e, 0xbe, 0x42, 0x87, 0x80,
+    0x38, 0x78, 0x9e, 0x8c, 0x52, 0x6d, 0xfa, 0x2e, 0x46, 0x35,
+    0x7a, 0x59, 0x88, 0xb9, 0x3e, 0xcb, 0x79, 0xb4, 0x8a, 0x9e,
+    0xd5, 0xd0, 0x30, 0x8c, 0xb2, 0x0c, 0x9d, 0x8d, 0x2d, 0x64,
+    0x0b, 0xf6, 0xeb, 0xf1, 0xde, 0xea, 0x74, 0xfc, 0xbc, 0x01,
+    0x18, 0x48, 0x4e, 0x35, 0x02, 0x83, 0x01, 0xb2, 0x50, 0xa0,
+    0x44, 0x19, 0x30, 0x00, 0x12, 0x4a, 0xa0, 0x6d, 0x6b, 0x8b,
+    0xf1, 0xce, 0xda, 0x2e, 0x16, 0x35, 0x52, 0x26, 0xf9, 0xbe,
+    0xb1, 0x37, 0xfc, 0x0a, 0x8b, 0x6f, 0x06, 0x11, 0x7b, 0xf7,
+    0xa8, 0x40, 0xbd, 0x8d, 0x94, 0xa4, 0xa2, 0xe0, 0xb6, 0xdf,
+    0x62, 0xc0, 0x6f, 0xb3, 0x5d, 0x84, 0xb9, 0xaa, 0x2f, 0xc1,
+    0x3b, 0xcb, 0x20, 0xc6, 0x68, 0x69, 0x15, 0x74, 0xbc, 0xdb,
+    0x43, 0x9c, 0x4a, 0xfc, 0x72, 0xc1, 0xf5, 0x87, 0x80, 0xe8,
+    0x6c, 0xd5, 0xc1, 0x2e, 0x34, 0x5e, 0x96, 0x76, 0x08, 0x3e,
+    0x45, 0xe4, 0xa0, 0x4a, 0x7a, 0xc1, 0x67, 0x38, 0xf2, 0x31,
+    0x1f, 0x7b, 0x0f, 0x54, 0xbd, 0x0d, 0x1f, 0x9e, 0x8e, 0x99,
+    0x8b, 0x58, 0xd9, 0x94, 0x87, 0xaa, 0x8b, 0x82, 0x5d, 0x5e,
+    0xe8, 0x50, 0xf4, 0xf2, 0xc7, 0xe9, 0x85, 0x6b, 0xd2, 0xef,
+    0x13, 0xc1, 0xed, 0x57, 0x2a, 0xc5, 0xd6, 0x5d, 0xa4, 0x3b,
+    0x29, 0xba, 0xab, 0x1b, 0xaa, 0x21, 0x41, 0xe9, 0xdc, 0x47,
+    0x88, 0xef, 0x0c, 0xfc, 0xb2, 0xdc, 0xf7, 0xdb, 0x55, 0x4d,
+    0x70, 0xc7, 0xe2, 0x8a, 0x8a, 0xe1, 0xde, 0xcf, 0xe5, 0xca,
+    0x23, 0x36, 0x29, 0xe5, 0xfc, 0x54, 0x66, 0xda, 0xe9, 0xab,
+    0x58, 0x20, 0xb2, 0x8e, 0xb2, 0x7d, 0x5d, 0xb8, 0xc7, 0x6c,
+    0x48, 0x53, 0x2b, 0x47, 0xe0, 0x12, 0x00, 0x0e, 0xfe, 0xa5,
+    0x93, 0x34, 0xf9, 0x3e, 0xa6, 0x3f, 0x56, 0xaa, 0x43, 0x65,
+    0xbb, 0x5a, 0x70, 0x3e, 0x62, 0xac, 0x3f, 0x5b, 0x90, 0x02,
+    0x50, 0x5d, 0x05, 0xa8, 0xd5, 0x67, 0x1a, 0x62, 0xec, 0xd4,
+    0xde, 0x29, 0x04, 0xac, 0x6d, 0x15, 0x5d, 0xa0, 0xec, 0xf2,
+    0x57, 0x13, 0x0e, 0x17, 0x96, 0x0c, 0x32, 0x6a, 0xc5, 0xe0,
+    0xa8, 0xff, 0x85, 0xa4, 0xa3, 0xe3, 0x0e, 0x35, 0x5d, 0xd1,
+    0x28, 0x84, 0xaa, 0xc4, 0x84, 0xcd, 0x25, 0x63, 0x85, 0x82,
+    0x3e, 0x12, 0x30, 0x17, 0x57, 0x45, 0xb8, 0xb4, 0x34, 0x01,
+    0x3a, 0xa2, 0x77, 0x61, 0xc8, 0x3d, 0x1f, 0xc5, 0x0e, 0x4a,
+    0xbb, 0xf6, 0xa0, 0x5d, 0x79, 0x4b, 0xc8, 0xf3, 0x9c, 0x87,
+    0x05, 0x2f, 0xea, 0x25, 0x28, 0x91, 0x69, 0x77, 0x7c, 0xba,
+    0xea, 0x4a, 0x75, 0x2e, 0x2b, 0x17, 0x83, 0x50, 0x32, 0x43,
+    0x4f, 0xcd, 0xf1, 0x77, 0xb1, 0x22, 0x0a, 0x8b, 0x69, 0x58,
+    0x09, 0x35, 0x07, 0x6d, 0x61, 0x4a, 0x8d, 0x18, 0x65, 0x6e,
+    0x9b, 0x62, 0x07, 0xd0, 0x6a, 0x92, 0x39, 0x05, 0x80, 0x14,
+    0xfa, 0x1c, 0x93, 0x84, 0x0c, 0xb5, 0x8c, 0x41, 0x91, 0x4e,
+    0x48, 0xf0, 0xf2, 0xba, 0x1d, 0x73, 0x2f, 0x1e, 0xa1, 0x55,
+    0xc3, 0x02, 0x8c, 0xb1, 0xf2, 0x37, 0xa6, 0x9a, 0x6b, 0xcd,
+    0x45, 0x2e, 0x08, 0x90, 0x26, 0x63, 0x91, 0xff, 0x22, 0x5e,
+    0xcd, 0xae, 0x9b, 0x19, 0x1e, 0x10, 0x62, 0x4e, 0x1f, 0x2d,
+    0x81, 0x69, 0x4f, 0x41, 0xe5, 0x94, 0xff, 0x7e, 0xcc, 0x15,
+    0x36, 0x1e, 0x29, 0x59, 0x37, 0xe7, 0x64, 0x40, 0x17, 0x1a,
+    0x32, 0xba, 0x01, 0x26, 0x30, 0x80, 0x60, 0x07, 0x86, 0x6e,
+    0xd4, 0xb3, 0xe2, 0x44, 0x16, 0x33, 0xf2, 0x4c, 0x84, 0x0e,
+    0xb1, 0x4a, 0xc7, 0x92, 0xa6, 0xa3, 0x42, 0x36, 0x05, 0x3e,
+    0x74, 0xa8, 0xb1, 0xc5, 0x63, 0x59, 0x0d, 0x1e, 0x36, 0x45,
+    0x2b, 0x36, 0x5e, 0xca, 0xab, 0x97, 0x49, 0xd3, 0xab, 0xae,
+    0x63, 0x0a, 0xd1, 0x03, 0x57, 0x88, 0xa4, 0xa4, 0x3c, 0xda,
+    0x15, 0x49, 0x1a, 0x5d, 0xe6, 0x5e, 0xb9, 0x82, 0x23, 0xc0,
+    0x83, 0x96, 0xfe, 0x38, 0x0b, 0x80, 0x0e, 0xde, 0x22, 0xeb,
+    0x5d, 0xe4, 0x56, 0x32, 0xbe, 0xe0, 0xc0, 0x6e, 0x69, 0x63,
+    0x27, 0x4e, 0x00, 0x58, 0x80, 0x70, 0xd9, 0xcc, 0x4e, 0xae,
+    0x6c, 0x5e, 0x6a, 0x43, 0x81, 0xfd, 0x45, 0xb2, 0xa4, 0x6c,
+    0xf0, 0x9c, 0x66, 0x5c, 0x7d, 0x5c, 0x78, 0x55, 0x33, 0x4b,
+    0x3c, 0x3b, 0x1d, 0x18, 0x58, 0x79, 0x6a, 0x02, 0xec, 0xce,
+    0x53, 0x69, 0xc0, 0x17, 0xed, 0x57, 0xaf, 0x71, 0x5b, 0x42,
+    0x1b, 0x49, 0xd8, 0xe8, 0x96, 0x80, 0xb6, 0x48, 0x1b, 0x7c,
+    0xf8, 0x74, 0x1c, 0xb1, 0xc4, 0x10, 0xb7, 0xf4, 0x97, 0x7e,
+    0x6b, 0x8f, 0x54, 0xba, 0x37, 0xb9, 0x35, 0x9e, 0x7b, 0x17,
+    0x16, 0x9b, 0x89, 0x39, 0xae, 0x4f, 0x2e, 0x18, 0x65, 0xb4,
+    0x76, 0x20, 0x9a, 0x58, 0xe2, 0x57, 0x6e, 0x1c, 0x3f, 0x8e,
+    0x9a, 0xbb, 0xd8, 0xfc, 0x4c, 0xd6, 0x2d, 0xc1, 0xa6, 0x46,
+    0xac, 0x13, 0x1e, 0xa7, 0xf7, 0x1d, 0x28, 0x3a, 0xf4, 0xd6,
+    0x48, 0xfb, 0xe5, 0xb3, 0x84, 0x94, 0x47, 0x92, 0xae, 0x9a,
+    0x58, 0xc5, 0xac, 0x23, 0x1b, 0xb5, 0xcd, 0x96, 0xd2, 0x5e,
+    0xb2, 0x41, 0xfc, 0x9a, 0xae, 0x19, 0xf1, 0x7b, 0x4b, 0x53,
+    0x1b, 0xfa, 0xa5, 0x0c, 0x49, 0x6d, 0xff, 0xf4, 0x51, 0x88,
+    0x19, 0x04, 0xd9, 0x85, 0x8e, 0xe2, 0x3a, 0x62, 0x31, 0x5c,
+    0x6e, 0xe8, 0x4d, 0x04, 0x1d, 0xd8, 0xc2, 0x7b, 0x51, 0xe7,
+    0x59, 0xbc, 0x85, 0x5c, 0xc4, 0xcc, 0xad, 0xcb, 0x93, 0x69,
+    0x18, 0xe4, 0x71, 0x9e, 0x63, 0x33, 0x99, 0xb6, 0x3b, 0x23,
+    0x11, 0x17, 0x7a, 0x3d, 0x6f, 0xb9, 0x6b, 0xf1, 0xf2, 0xa7,
+    0x03, 0xfd, 0xf0, 0xcd, 0x5b, 0xb5, 0xda, 0x9a, 0xd9, 0x95,
+    0x02, 0x76, 0xd8, 0x38, 0xd3, 0xbd, 0xa0, 0x4a, 0x9a, 0xab,
+    0x70, 0xde, 0xc6, 0xf9, 0xa5, 0x19, 0x9c, 0xc4, 0xf9, 0x07,
+    0x4d, 0xea, 0x15, 0xc2, 0x91, 0x4d, 0x54, 0xa9, 0x2c, 0xca,
+    0xdf, 0xaa, 0xd1, 0xc4, 0xc0, 0x18, 0x77, 0x28, 0x2a, 0x2c,
+    0xc3, 0x7c, 0x26, 0xbd, 0xd8, 0x0d, 0x51, 0xa1, 0x4d, 0xad,
+    0x76, 0x76, 0xaa, 0xa9, 0x45, 0x82, 0x4f, 0x76, 0xfb, 0x1a,
+    0xd3, 0x71, 0x3c, 0x55, 0xa2, 0x5c, 0xe0, 0xd6, 0xda, 0x35,
+    0xbe, 0x25, 0x23, 0x26, 0x51, 0xc6, 0xb4, 0xf3, 0x3e, 0x2c,
+    0x54, 0x09, 0xc7, 0x6f, 0xa5, 0x08, 0x81, 0xba, 0x75, 0xda,
+    0xcb, 0x4d, 0x05, 0xdd, 0xca, 0x93, 0x48, 0x30, 0xe8, 0x4a,
+    0x1f, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x07,
+    0x80, 0x25, 0x2f, 0xbc, 0x49, 0xf8, 0xb3, 0xa3, 0x32, 0xd6,
+    0x35, 0x20, 0xca, 0x01, 0x49, 0x96, 0xa0, 0x81, 0x42, 0xde,
+    0xc4, 0xdb, 0x0f, 0xd1, 0x99, 0xe6, 0xd4, 0x23, 0x2a, 0xa6,
+    0x21, 0x13, 0xfe, 0x51, 0x27, 0xce, 0x18, 0x2a, 0xfa, 0x49,
+    0x9f, 0xcd, 0x0c, 0x1f, 0xcf, 0x9e, 0x44, 0x27, 0x41, 0xdc,
+    0x09, 0xcf, 0xef, 0x19, 0xf5, 0x57, 0x7f, 0x36, 0x5c, 0x99,
+    0x7e, 0x03, 0x74, 0xfb, 0xa9, 0xb6, 0xde, 0xeb, 0xd1, 0x2b,
+    0x5f, 0x12, 0x6a, 0xa9, 0x33, 0x2c, 0x2a, 0xba, 0xad, 0x8f,
+    0xc2, 0x27, 0x57, 0x6a, 0xd7, 0x40, 0xf7, 0x4f, 0x4c, 0x9a,
+    0xb0, 0x3a, 0x5d, 0x2e, 0xf9, 0xf1, 0xea, 0xbd, 0x82, 0xaa,
+    0xbd, 0xe6, 0x19, 0x16, 0xd5, 0x03, 0x5e, 0x43, 0xfd, 0x88,
+    0x71, 0xd5, 0xb7, 0x78, 0xbe, 0x80, 0x0f, 0xc9, 0x7f, 0x3a,
+    0x8f, 0xe1, 0x44, 0xd4, 0x0f, 0xce, 0x26, 0xaf, 0x65, 0xe0,
+    0xf5, 0x04, 0x53, 0x56, 0x97, 0x4f, 0xf4, 0xc1, 0x44, 0x8d,
+    0xf7, 0x88, 0x55, 0x47, 0x16, 0xaf, 0x3f, 0x8e, 0x42, 0xdf,
+    0xbc, 0x14, 0xc3, 0xe6, 0x9f, 0x0d, 0x69, 0x54, 0x5b, 0x7c,
+    0x49, 0xcf, 0xbf, 0x42, 0x4f, 0xc7, 0x64, 0x8a, 0xe5, 0x84,
+    0x87, 0x20, 0x9b, 0xfd, 0x70, 0x25, 0x38, 0xd3, 0xb4, 0x97,
+    0x78, 0xf1, 0x4f, 0x3f, 0x0f, 0xbb, 0x9c, 0xa3, 0x17, 0xd5,
+    0x4e, 0x4b, 0xac, 0x82, 0x9a, 0x73, 0xb7, 0xc5, 0xec, 0x10,
+    0x7a, 0x7b, 0xdb, 0x77, 0x2c, 0xb1, 0xf3, 0x8f, 0xc3, 0xa5,
+    0x31, 0x11, 0x32, 0x55, 0x35, 0xb5, 0x77, 0xd2, 0x62, 0x19,
+    0x46, 0x92, 0x94, 0xbb, 0x61, 0x0f, 0x30, 0x94, 0x8a, 0xf6,
+    0xf7, 0x30, 0xe0, 0xa2, 0x8c, 0x1b, 0xff, 0x8c, 0x29, 0x44,
+    0xb4, 0xb7, 0xb6, 0x5f, 0x4d, 0x52, 0xc6, 0x07, 0xe1, 0x28,
+    0x8c, 0xae, 0x88, 0x8a, 0x22, 0xbd, 0xd7, 0x36, 0xe4, 0x8f,
+    0xd1, 0xeb, 0x65, 0x54, 0x19, 0x5f, 0xba, 0xfb, 0xfc, 0x91,
+    0xa1, 0xa4, 0xb8, 0xa4, 0x2d, 0x85, 0x20, 0xc4, 0xe5, 0xa7,
+    0x4e, 0xdb, 0xa4, 0xc5, 0xcc, 0x2f, 0x37, 0x41, 0x29, 0x47,
+    0x15, 0xff, 0x04, 0x80, 0x08, 0x37, 0xce, 0xc5, 0xe3, 0x5a,
+    0x3f, 0x83, 0xbb, 0x03, 0x9e, 0xfe, 0xec, 0xe4, 0x11, 0x41,
+    0x12, 0x13, 0xf2, 0x00, 0xe5, 0x1a, 0x02, 0x49, 0xeb, 0xdb,
+    0x57, 0xe4, 0xce, 0xa0, 0x3f, 0xfd, 0x3c, 0x73, 0x2b, 0x92,
+    0x44, 0x79, 0x9e, 0x12, 0x4f, 0xfa, 0xe4, 0x53, 0x62, 0xf2,
+    0xb0, 0xe2, 0x8a, 0xf0, 0x93, 0xa8, 0x1d, 0xee, 0x8d, 0x58,
+    0x7a, 0x4c, 0x29, 0x91, 0x29, 0xc1, 0xa4, 0xd5, 0xe6, 0x37,
+    0x1b, 0x75, 0x5b, 0xb6, 0x6b, 0x76, 0x2e, 0xcb, 0xbd, 0xa9,
+    0xbe, 0x4c, 0x2e, 0x21, 0xa6, 0x38, 0xde, 0x66, 0x2f, 0x51,
+    0xea, 0x4c, 0xba, 0x3f, 0x4a, 0xfe, 0x7a, 0x15, 0xb3, 0x72,
+    0x26, 0xba, 0xcf, 0x9e, 0x1b, 0x03, 0xa6, 0xaa, 0x65, 0x68,
+    0xd3, 0x8c, 0x15, 0x17, 0xe9, 0x11, 0x18, 0x3c, 0xb6, 0xf8,
+    0x02, 0x54, 0x98, 0x49, 0xfa, 0x35, 0x3c, 0xcd, 0xac, 0xc8,
+    0x2b, 0x1a, 0x63, 0x93, 0x03, 0x05, 0xa1, 0x41, 0xbe, 0x12,
+    0xca, 0x15, 0x47, 0x72, 0x63, 0x77, 0x26, 0xd0, 0xe7, 0x8f,
+    0x0d, 0x6e, 0x9c, 0xac, 0x07, 0xbe, 0x03, 0x22, 0xd0, 0x39,
+    0x63, 0x8d, 0x9b, 0xc6, 0x20, 0x81, 0xb5, 0x67, 0x15, 0xf6,
+    0xb0, 0xe3, 0xb9, 0x3e, 0xb7, 0x3f, 0x8f, 0x46, 0xc9, 0x74,
+    0x10, 0x1e, 0x53, 0xf1, 0xd4, 0x30, 0x4d, 0x6e, 0x72, 0xb4,
+    0x73, 0x1c, 0xb6, 0x79, 0x82, 0x60, 0x2e, 0x2a, 0x7d, 0x82,
+    0x95, 0xb5, 0x7c, 0x4d, 0x44, 0xcb, 0xd8, 0x8a, 0x17, 0xe8,
+    0x50, 0x29, 0xd8, 0x3a, 0xeb, 0x29, 0xc1, 0x83, 0x0f, 0xd9,
+    0xaf, 0xcc, 0xfa, 0xea, 0x3a, 0x47, 0x5d, 0x33, 0x1f, 0xe8,
+    0x33, 0x5b, 0x88, 0x8e, 0xdb, 0xd5, 0x1e, 0xaf, 0x4a, 0x5f,
+    0xc0, 0xfa, 0xf0, 0xb5, 0xa3, 0x5b, 0xda, 0x38, 0xb7, 0x38,
+    0x5e, 0xce, 0x81, 0x44, 0xf7, 0x66, 0x62, 0x64, 0x1d, 0x04,
+    0xf0, 0x8a, 0x4f, 0xa2, 0x80, 0x76, 0x83, 0x23, 0x89, 0x61,
+    0x6b, 0xc3, 0xb7, 0xee, 0xb5, 0x06, 0x33, 0xad, 0x63, 0x04,
+    0x78, 0xc9, 0xde, 0x32, 0xde, 0xcf, 0x18, 0xb9, 0xb0, 0x3b,
+    0xee, 0x0a, 0x58, 0xea, 0xad, 0xbc, 0x1e, 0x77, 0xa0, 0x93,
+    0xf7, 0xae, 0x9e, 0xb6, 0x31, 0x59, 0x8e, 0xb1, 0x03, 0x8f,
+    0xbb, 0xa4, 0x25, 0x0c, 0x2e, 0xd7, 0xe2, 0x62, 0x5c, 0xf1,
+    0x68, 0xe9, 0x76, 0xd7, 0x23, 0x14, 0x45, 0xaf, 0xcb, 0x09,
+    0x50, 0x05, 0x3f, 0xa0, 0xf9, 0xc3, 0x9e, 0x89, 0x05, 0xa8,
+    0x3b, 0x54, 0x55, 0x32, 0x74, 0x91, 0x46, 0xc1, 0x2c, 0x96,
+    0x7e, 0x60, 0xad, 0xfa, 0xbb, 0xcd, 0x09, 0x7b, 0x39, 0x10,
+    0x82, 0x8a, 0xc0, 0x5a, 0x0d, 0xab, 0xb3, 0x71, 0x45, 0xad,
+    0x39, 0x8e, 0xec, 0x4d, 0x91, 0x8d, 0xda, 0x8d, 0xfa, 0xb0,
+    0xad, 0x44, 0x3c, 0xc9, 0x21, 0x56, 0x22, 0xfc, 0xd3, 0xba,
+    0xb7, 0x3c, 0xe3, 0x8d, 0xda, 0x59, 0x34, 0x42, 0xdd, 0x04,
+    0x5b, 0x8e, 0x2b, 0xc7, 0x94, 0xd5, 0x42, 0xe0, 0x4a, 0x6f,
+    0x35, 0x5a, 0x27, 0x82, 0xd8, 0x82, 0x40, 0xee, 0x0f, 0xa6,
+    0xef, 0xe4, 0x70, 0xe3, 0x30, 0xb7, 0x2d, 0xd4, 0xbb, 0x27,
+    0xb2, 0xbf, 0xad, 0x49, 0x45, 0xbc, 0xeb, 0xbe, 0xb7, 0xd8,
+    0xe3, 0xb1, 0xf3, 0xeb, 0x41, 0x20, 0x9b, 0x21, 0x54, 0xc3,
+    0xa8, 0xaf, 0x9f, 0x20, 0x5c, 0x15, 0x8e, 0x25, 0xbc, 0xbc,
+    0x69, 0x91, 0xfe, 0xda, 0xad, 0xe5, 0x37, 0x7d, 0xb0, 0x51,
+    0x14, 0xae, 0x8f, 0x35, 0x15, 0x0a, 0xd4, 0x49, 0xa7, 0xd9,
+    0x20, 0x70, 0xa4, 0xf2, 0xf4, 0x24, 0x66, 0x52, 0xd1, 0xa5,
+    0x22, 0xea, 0x29, 0xd9, 0xb2, 0x82, 0x8d, 0x36, 0x66, 0x75,
+    0x6e, 0xd5, 0x8c, 0x54, 0x08, 0x21, 0xf2, 0xee, 0x78, 0xc7,
+    0x1f, 0x9c, 0x63, 0x5d, 0x88, 0x56, 0xd1, 0xa0, 0x80, 0x33,
+    0x60, 0x55, 0x23, 0x72, 0xd6, 0xb0, 0x1a, 0x50, 0xde, 0x25,
+    0x70, 0xb5, 0x77, 0x42, 0xf8, 0x19, 0x18, 0x15, 0x8f, 0xfd,
+    0x0c, 0x6a, 0x46, 0x1f, 0xbf, 0xe7, 0x60, 0x91, 0xe7, 0xbb,
+    0x25, 0x63, 0x66, 0xff, 0x11, 0x97, 0xbb, 0xfd, 0x3a, 0x17,
+    0x94, 0x77, 0xb4, 0xc5, 0x21, 0xba, 0x30, 0x94, 0xdd, 0xe5,
+    0xeb, 0x1d, 0x01, 0xba, 0xf9, 0xb0, 0x30, 0xdb, 0x11, 0x93,
+    0xb7, 0xfa, 0x79, 0xe8, 0x5e, 0xb3, 0x39, 0xf4, 0x51, 0x68,
+    0x31, 0xce, 0xe9, 0x0e, 0x93, 0xde, 0xff, 0xec, 0x27, 0xbd,
+    0xa6, 0x1a, 0x4c, 0xe0, 0x92, 0x5c, 0xd4, 0x07, 0xd2, 0xa1,
+    0xdd, 0x12, 0x83, 0xd2, 0x9a, 0x79, 0xb3, 0x3c, 0xfb, 0x07,
+    0xe3, 0x18, 0x1a, 0xa3, 0x24, 0x80, 0xb4, 0xcc, 0xf4, 0xc6,
+    0xa5, 0x6c, 0x25, 0xd7, 0x99, 0x1a, 0x30, 0xf0, 0xa9, 0xfc,
+    0x2e, 0x83, 0x44, 0xac, 0x64, 0x76, 0x34, 0xb0, 0xa6, 0x6f,
+    0x20, 0x5a, 0x14, 0xf2, 0x07, 0xa7, 0x6f, 0x4d, 0xab, 0xf5,
+    0xfc, 0x9d, 0xd6, 0x3e, 0x82, 0x48, 0x31, 0x25, 0x47, 0xc9,
+    0x0e, 0x1d, 0xdb, 0x98, 0x91, 0x56, 0xf5, 0xfe, 0x66, 0x8d,
+    0x48, 0xf0, 0x4c, 0x6c, 0x2c, 0x96, 0x54, 0x43, 0xec, 0x76,
+    0xf2, 0xe1, 0x76, 0x68, 0xc8, 0xe1, 0xde, 0x0d, 0x8e, 0x6f,
+    0xfc, 0x15, 0xd5, 0x93, 0x92, 0xfe, 0xca, 0x9b, 0x30, 0x61,
+    0x03, 0x0b, 0xca, 0x99, 0x2f, 0xd3, 0x15, 0xe9, 0x66, 0x81,
+    0xbd, 0x56, 0x17, 0x14, 0x4a, 0x2e, 0xf1, 0x34, 0x84, 0x55,
+    0x9d, 0xc0, 0x2b, 0xa7, 0x4a, 0xee, 0xf1, 0x7c, 0x67, 0xc7,
+    0xf3, 0x08, 0x1e, 0x6d, 0x6b, 0x5b, 0xcc, 0x81, 0x91, 0x5c,
+    0x94, 0x1a, 0x80, 0xda, 0x3a, 0xce, 0x36, 0x05, 0xb0, 0x7a,
+    0xe8, 0xd0, 0xb4, 0x57, 0x9c, 0xf9, 0xea, 0xf3, 0x26, 0x1d,
+    0xcb, 0xf8, 0xdd, 0x65, 0xaf, 0xf7, 0xcd, 0xf7, 0xa1, 0x3d,
+    0xfc, 0x9a, 0x3b, 0x08, 0xb9, 0xfa, 0x3c, 0x16, 0x49, 0x4a,
+    0xf1, 0xba, 0x4d, 0x31, 0xdd, 0x5e, 0x4f, 0x3d, 0x66, 0x22,
+    0x1b, 0x08, 0x91, 0x7d, 0xc6, 0xaf, 0x15, 0x07, 0x3c, 0xa1,
+    0xf7, 0x07, 0xfd, 0x3e, 0x90, 0xbb, 0x6f, 0x7a, 0xe9, 0xe1,
+    0x2f, 0xb9, 0xee, 0x91, 0x8e, 0x18, 0xcc, 0x8d, 0x1d, 0x22,
+    0xa0, 0xa0, 0x28, 0x25, 0xfc, 0xd4, 0x94, 0xd3, 0xaa, 0xcf,
+    0xce, 0xd0, 0x85, 0x82, 0x6f, 0x20, 0x9f, 0x55, 0x0e, 0xe5,
+    0x72, 0x0d, 0x17, 0x3e, 0x34, 0xc7, 0x2c, 0x0a, 0x14, 0x45,
+    0x27, 0xe2, 0xc7, 0x2f, 0x86, 0xa1, 0x55, 0x3e, 0x78, 0x03,
+    0xe9, 0x78, 0x2e, 0xd3, 0x99, 0xee, 0xa0, 0x14, 0xf8, 0xe3,
+    0x6c, 0xeb, 0x3f, 0x9a, 0xf3, 0x15, 0xce, 0xd5, 0x76, 0xf6,
+    0x3a, 0x86, 0x30, 0x76, 0xf9, 0x88, 0x30, 0xf5, 0x4a, 0x50,
+    0x58, 0x80, 0xe9, 0xd9, 0xd4, 0xb9, 0x34, 0x42, 0xa6, 0x4e,
+    0x9c, 0x1a, 0x07, 0x16, 0x9e, 0xee, 0xe4, 0x88, 0x04, 0x8e,
+    0xa8, 0xe7, 0xcd, 0xe8, 0x47, 0x1e, 0x54, 0x45, 0xd2, 0x65,
+    0xd8, 0xee, 0x4b, 0xbd, 0xd0, 0x85, 0xaa, 0xfb, 0x06, 0x53,
+    0x91, 0x7e, 0xe0, 0x59, 0x20, 0x57, 0x6a, 0xee, 0xd8, 0x9f,
+    0x77, 0x7f, 0xd7, 0x40, 0x63, 0xbb, 0x21, 0x75, 0x76, 0x11,
+    0x27, 0xcf, 0x05, 0xbb, 0x41, 0x30, 0x98, 0xbf, 0xdc, 0x5f,
+    0xc6, 0xa4, 0x1e, 0x30, 0xa1, 0x53, 0xd4, 0x36, 0x7f, 0x2e,
+    0x86, 0xd7, 0xd9, 0x95, 0x29, 0xd5, 0x46, 0x18, 0x60, 0x27,
+    0xe4, 0x6f, 0xcb, 0xf4, 0xe2, 0xfe, 0xff, 0x3e, 0xff, 0x15,
+    0xc6, 0xf2, 0x31, 0xf9, 0x2a, 0xc8, 0x05, 0x4e, 0x7c, 0x2e,
+    0x92, 0xc8, 0x41, 0x4f, 0x9e, 0x23, 0x21, 0x4d, 0x74, 0xf8,
+    0xc3, 0x44, 0x39, 0xc2, 0x69, 0x4b, 0x2e, 0x76, 0x5e, 0x44,
+    0x12, 0x65, 0x31, 0x98, 0xbe, 0x0a, 0x10, 0x11, 0x12, 0x2c,
+    0x67, 0x3d, 0x85, 0x2e, 0xd3, 0x97, 0x54, 0x1e, 0xb6, 0xad,
+    0xd9, 0x45, 0x11, 0x53, 0x04, 0x7c, 0x3f, 0xf4, 0xc9, 0xac,
+    0x82, 0x1b, 0x84, 0xf4, 0x20, 0x6b, 0xf1, 0xf5, 0x72, 0x04,
+    0x24, 0xc1, 0xd3, 0x42, 0x43, 0x52, 0x9d, 0x2d, 0xd3, 0x89,
+    0x8e, 0xd8, 0x28, 0xb9, 0xa2, 0xb4, 0xed, 0xbc, 0x76, 0x87,
+    0x55, 0x67, 0x39, 0xd9, 0xb7, 0x20, 0x6a, 0xec, 0xec, 0xb8,
+    0x14, 0x51, 0x91, 0xb9, 0x96, 0x0f, 0x7a, 0x3a, 0x12, 0xde,
+    0x14, 0x3b, 0x83, 0xcf, 0x41, 0x5b, 0x5d, 0xff, 0x33, 0x68,
+    0xdb, 0x53, 0x64, 0x93, 0xb1, 0xc3, 0x8a, 0x46, 0xa8, 0x44,
+    0x9c, 0x14, 0x12, 0x6c, 0x92, 0x6f, 0xae, 0xc3, 0x45, 0xb2,
+    0xa1, 0x67, 0x81, 0x3c, 0x22, 0x47, 0xfd, 0xa4, 0x7a, 0x79,
+    0xa8, 0x0a, 0xfb, 0x7a, 0x91, 0x6e, 0xe9, 0x53, 0xec, 0x98,
+    0x82, 0x57, 0xad, 0x05, 0x38, 0x55, 0xc1, 0xce, 0x3a, 0x04,
+    0x4d, 0x12, 0x72, 0x37, 0x4a, 0x36, 0x54, 0x3f, 0x67, 0x8a,
+    0xee, 0xd9, 0xf3, 0x80, 0xd5, 0xd7, 0xb8, 0xfc, 0x6e, 0x4f,
+    0x60, 0x2b, 0x5a, 0xa4, 0xc5, 0x05, 0xdb, 0xe5, 0x09, 0xe3,
+    0xeb, 0xa2, 0x51, 0x33, 0x30, 0x96, 0x46, 0x01, 0x26, 0x8f,
+    0x38, 0xc9, 0x97, 0x32, 0x2d, 0xb4, 0x59, 0x15, 0x15, 0x38,
+    0x66, 0x66, 0xfe, 0xcb, 0xee, 0xc1, 0xf6, 0x4e, 0xb7, 0xdf,
+    0x7b, 0x63, 0xe6, 0x3f, 0xe0, 0x1c, 0x97, 0xed, 0x86, 0xf3,
+    0xd2, 0xad, 0x42, 0x29, 0x20, 0x28, 0xa6, 0x59, 0x58, 0x7d,
+    0x8f, 0x5c, 0x43, 0x07, 0xd1, 0x7e, 0x83, 0xba, 0x9c, 0x1b,
+    0xfe, 0x17, 0x9e, 0xc8, 0x09, 0x63, 0x9a, 0x2d, 0x61, 0x33,
+    0x51, 0x46, 0x01, 0xa8, 0xe9, 0x43, 0x1e, 0x4e, 0xfe, 0x61,
+    0x1a, 0x28, 0x11, 0x65, 0x70, 0x43, 0x9f, 0xfc, 0x21, 0x1d,
+    0x76, 0x7b, 0x40, 0x08, 0x18, 0xd3, 0xe8, 0xc2, 0xe3, 0x8c,
+    0xe7, 0x27, 0xc2, 0xec, 0xb0, 0x08, 0x3e, 0x6b, 0x8f, 0x77,
+    0x6d, 0x9e, 0xa6, 0xab, 0xce, 0x9a, 0xf8, 0x8f, 0x77, 0xb3,
+    0xf4, 0xe8, 0x8b, 0xe7, 0xd9, 0xa1, 0x95, 0x40, 0x6b, 0xca,
+    0x21, 0x98, 0xff, 0xdc, 0xdc, 0x96, 0xc3, 0x08, 0x81, 0x72,
+    0x9a, 0xdd, 0xe2, 0xcf, 0x95, 0x99, 0xa6, 0xa3, 0x5e, 0x9e,
+    0x25, 0x60, 0xa3, 0xc3, 0x39, 0xf7, 0x54, 0x6c, 0xf2, 0x75,
+    0xa9, 0x38, 0x12, 0x38, 0x4d, 0x42, 0xe8, 0xec, 0x13, 0x25,
+    0xa0, 0xf8, 0x04, 0xb8, 0xf6, 0x66, 0x0b, 0x56, 0xe1, 0xfb,
+    0x26, 0x03, 0xe6, 0xa5, 0xf1, 0x4d, 0x7f, 0xa5, 0x9d, 0x58,
+    0x71, 0xd8, 0xc7, 0x6a, 0xbe, 0xdc, 0x90, 0x89, 0xb1, 0x36,
+    0xb4, 0xb6, 0xb4, 0xbb, 0xaf, 0x6e, 0x43, 0x10, 0xa6, 0xea,
+    0xee, 0x12, 0xcb, 0x08, 0x2c, 0x4e, 0x66, 0xf0, 0x1f, 0xf4,
+    0xbf, 0xd3, 0xeb, 0x63, 0x48, 0xd0, 0xbe, 0x8a, 0xed, 0x24,
+    0xdb, 0x0f, 0x23, 0x1d, 0x2e, 0x30, 0x97, 0x0f, 0xd8, 0xc6,
+    0x3b, 0x04, 0x2f, 0x33, 0x78, 0x20, 0x6e, 0xb1, 0x33, 0x03,
+    0x27, 0xac, 0x0a, 0x37, 0x15, 0x31, 0xef, 0x4d, 0x43, 0xcc,
+    0xa0, 0x49, 0x80, 0xe3, 0x8c, 0xc0, 0xf3, 0xf7, 0x2d, 0x37,
+    0x1d, 0xd3, 0x90, 0x5f, 0xad, 0x31, 0xb5, 0x95, 0x17, 0x69,
+    0x4b, 0xec, 0x84, 0x9d, 0x2b, 0x8d, 0xdd, 0x9b, 0x58, 0x04,
+    0xba, 0x28, 0x0e, 0x28, 0xc1, 0x54, 0x6c, 0xb0, 0x25, 0x0c,
+    0x4f, 0x98, 0x47, 0xf7, 0x93, 0xc2, 0xae, 0x2f, 0x6d, 0x29,
+    0x9c, 0x3d, 0xe3, 0xb5, 0xe3, 0x28, 0x43, 0x14, 0xe6, 0x92,
+    0x4c, 0x79, 0x90, 0x59, 0x75, 0x77, 0x56, 0x43, 0xda, 0xac,
+    0xa9, 0x42, 0xd7, 0xca, 0x95, 0x73, 0x26, 0x54, 0x1f, 0x3a,
+    0x8a, 0x37, 0x64, 0xd7, 0xcf, 0xe1, 0x31, 0xf7, 0x40, 0x59,
+    0xfd, 0xff, 0xea, 0x72, 0xfd, 0xc4, 0xde, 0xe3, 0x4d, 0x8a,
+    0xf5, 0x80, 0xc0, 0x61, 0x21, 0xbd, 0xbd, 0x8e, 0x42, 0xd5,
+    0x4c, 0xe4, 0xf4, 0x78, 0x31, 0xca, 0xf1, 0xec, 0x7c, 0x7b,
+    0x85, 0x6a, 0x05, 0x54, 0xbe, 0x38, 0x54, 0x2f, 0x1f, 0xda,
+    0x9f, 0x98, 0xe2, 0x79, 0xd7, 0x42, 0xca, 0xba, 0x85, 0x21,
+    0xe2, 0xcb, 0x2b, 0xae, 0x4a, 0x4e, 0x35, 0xfb, 0xcf, 0x3d,
+    0xc5, 0xae, 0x27, 0x30, 0xa9, 0x45, 0xe6, 0x3b, 0x43, 0x3e,
+    0x35, 0xe3, 0xf2, 0x0d, 0x53, 0x32, 0x2b, 0xf6, 0xe6, 0xc7,
+    0xd5, 0x02, 0x82, 0x03, 0xc1, 0x00, 0xd4, 0x04, 0x9b, 0xef,
+    0x5d, 0x58, 0xb0, 0xa3, 0xaa, 0xd2, 0xab, 0x53, 0x65, 0x99,
+    0x03, 0x49, 0x48, 0x4d, 0xf5, 0xdf, 0x5d, 0x16, 0x14, 0x11,
+    0x60, 0x45, 0x1b, 0xff, 0x4a, 0x60, 0x2b, 0x37, 0x63, 0xf6,
+    0xa7, 0x8a, 0xa8, 0xff, 0x08, 0x97, 0x08, 0xfc, 0xbb, 0xb3,
+    0x20, 0xa3, 0xcd, 0xd9, 0x58, 0xdb, 0x16, 0x1b, 0x88, 0x02,
+    0x1e, 0x0f, 0x43, 0x9b, 0x16, 0x7e, 0xbe, 0xb1, 0x9c, 0x13,
+    0x10, 0xdc, 0xa1, 0x56, 0xff, 0xa3, 0xff, 0x5e, 0x69, 0x30,
+    0xee, 0x7e, 0x76, 0x5f, 0x84, 0x94, 0xeb, 0x8f, 0x58, 0xf8,
+    0xcf, 0xbb, 0x99, 0x6e, 0xf0, 0xd8, 0x32, 0xf6, 0xce, 0x48,
+    0x6f, 0x7c, 0xc8, 0x8f, 0xd3, 0x86, 0x22, 0x49, 0x9f, 0xde,
+    0x11, 0x05, 0xa4, 0xdc, 0x92, 0xfb, 0x0f, 0xfa, 0x09, 0x4d,
+    0x17, 0x1a, 0xe2, 0x76, 0x67, 0x40, 0xa9, 0x5b, 0x1b, 0x54,
+    0x66, 0x48, 0xf7, 0xc3, 0x59, 0xd4, 0xcf, 0x55, 0xd0, 0x7f,
+    0x3b, 0xb0, 0xa2, 0xd8, 0xec, 0xb7, 0x88, 0xe7, 0xb0, 0x30,
+    0x72, 0x42, 0x65, 0xe2, 0x91, 0xa7, 0x9b, 0xf6, 0x07, 0x45,
+    0x52, 0x51, 0xaa, 0xbe, 0x32, 0x35, 0xe4, 0x88, 0x23, 0xe7,
+    0xcb, 0x3c, 0x1c, 0xfb, 0x0b, 0x96, 0xd5, 0xb3, 0x92, 0x86,
+    0x79, 0x5b, 0x47, 0x93, 0xd6, 0xbd, 0xc7, 0x21, 0x17, 0xd0,
+    0xc9, 0xc7, 0x69, 0x84, 0x80, 0x98, 0xaf, 0x2c, 0x63, 0xd1,
+    0xef, 0x6e, 0xca, 0x84, 0x30, 0x32, 0x83, 0x2d, 0x49, 0xbb,
+    0x1f, 0x2a, 0xfe, 0x40, 0x7c, 0x03, 0xd4, 0x45, 0xdc, 0xfe,
+    0x94, 0xf9, 0xe4, 0x36, 0x47, 0xfa, 0x7e, 0x2e, 0x93, 0x03,
+    0xf8, 0x15, 0xf9, 0xce, 0xc3, 0x5b, 0x76, 0x10, 0xec, 0x89,
+    0x8c, 0xce, 0x25, 0xa5, 0x77, 0x9a, 0xc5, 0x1e, 0xdd, 0x07,
+    0x1b, 0x5b, 0xac, 0x6f, 0xdb, 0x94, 0x85, 0xdf, 0x02, 0x22,
+    0xd1, 0xa9, 0x01, 0x8e, 0x63, 0xa1, 0xee, 0x94, 0x9c, 0xdb,
+    0xb4, 0x1a, 0x43, 0xe1, 0x1f, 0x4e, 0x2f, 0x68, 0x50, 0x0c,
+    0x2f, 0x5b, 0xc5, 0x1b, 0xe1, 0x8d, 0x4b, 0xe0, 0x63, 0x8d,
+    0x7a, 0x30, 0xbe, 0xb7, 0x2e, 0x02, 0xc6, 0x02, 0xac, 0xa8,
+    0xb8, 0x65, 0xc6, 0x28, 0xee, 0xe4, 0xec, 0x99, 0xa1, 0x9a,
+    0xfd, 0x1f, 0xb5, 0x85, 0x7a, 0x94, 0x16, 0xe2, 0xe7, 0x74,
+    0x06, 0x54, 0x1b, 0xd0, 0xaf, 0x58, 0x4e, 0x50, 0x7e, 0xd6,
+    0xe4, 0x31, 0xd2, 0x0c, 0xd7, 0x9d, 0xe2, 0x00, 0x30, 0xbe,
+    0x26, 0x30, 0x48, 0x99, 0x98, 0x58, 0x54, 0x5a, 0xc4, 0x0a,
+    0x6c, 0xa1, 0x06, 0xe9, 0x38, 0xe6, 0x79, 0x39, 0x00, 0x9e,
+    0xb6, 0xe3, 0xf7, 0x01, 0xcf, 0x2f, 0x82, 0x5e, 0xc3, 0x21,
+    0x1b, 0x79, 0x93, 0xb5, 0xe4, 0x39, 0x9d, 0x32, 0x9d, 0x72,
+    0xa4, 0xa8, 0xc9, 0x90, 0xce, 0xaf, 0xc0, 0x00, 0xad, 0x20,
+    0x87, 0x26, 0xc7, 0xd3, 0x5f, 0x2e, 0xf0, 0x5e, 0xf8, 0x8b,
+    0x85, 0xa3, 0xc6, 0x66, 0xd8, 0x2f, 0x86, 0xfe, 0x7d, 0x8d,
+    0x22, 0xa5, 0x6d, 0x68, 0x3e, 0x87, 0x6e, 0xf7, 0xf1, 0xf0,
+    0x07, 0xc4, 0xe3, 0xf1, 0x84, 0xc4, 0x93, 0x42, 0x06, 0x20,
+    0x80, 0x64, 0xb3, 0x52, 0x5c, 0xa5, 0xcf, 0xee, 0xfe, 0xa4,
+    0x09, 0x41, 0xbe, 0xaa, 0x78, 0x52, 0x76, 0x3f, 0xf7, 0xe8,
+    0xa1, 0x6b, 0x0a, 0xbc, 0x22, 0xbe, 0xdf, 0x72, 0x7b, 0xea,
+    0x90, 0x43, 0xee, 0xc2, 0x0b, 0x26, 0xdc, 0x02, 0x26, 0xa7,
+    0x50, 0x04, 0x7a, 0x06, 0x91, 0xae, 0x93, 0xd5, 0xd2, 0xc9,
+    0xa1, 0xe1, 0xfc, 0xb9, 0x8c, 0x94, 0xca, 0xa8, 0x1c, 0x2c,
+    0x57, 0x97, 0x3e, 0x50, 0xed, 0x93, 0x45, 0x7a, 0x2c, 0x59,
+    0x7b, 0x34, 0x8f, 0xcd, 0xd6, 0x17, 0x93, 0xd8, 0xde, 0xe8,
+    0xb0, 0x9e, 0x27, 0x15, 0xc5, 0xbb, 0xa5, 0xbb, 0xc2, 0x30,
+    0x9b, 0xc7, 0x27, 0x02, 0x18, 0xd8, 0xdb, 0xa4, 0x84, 0x37,
+    0x64, 0xf7, 0xf7, 0xf1, 0xc8, 0x86, 0x4c, 0x64, 0x97, 0x08,
+    0xe9, 0x4e, 0x0e, 0xb6, 0x92, 0xe9, 0x4c, 0x7b, 0x7f, 0xe1,
+    0xcc, 0xa0, 0x71, 0xa7, 0x34, 0x48, 0x46, 0xbb, 0x37, 0xce,
+    0xb0, 0x4d, 0x39, 0xa8, 0x0e, 0xab, 0xf6, 0x2f, 0x7c, 0x88,
+    0xae, 0xcf, 0x90, 0xc6, 0x01, 0xd3, 0x5b, 0x37, 0xe9, 0xb1,
+    0x28, 0x42, 0x14, 0xbf, 0x59, 0x35, 0x04, 0xab, 0x46, 0x6e,
+    0xa8, 0x29, 0xe2, 0x7a, 0x77, 0x0e, 0x07, 0x67, 0xe4, 0x2b,
+    0x03, 0xd2, 0x02, 0x36, 0x16, 0xd7, 0x81, 0x5d, 0x38, 0x9c,
+    0x68, 0x9c, 0xf5, 0x9e, 0x49, 0x7d, 0x99, 0xfd, 0xcd, 0x1d,
+    0xd2, 0xdf, 0x3c, 0x36, 0x19, 0x85, 0xaa, 0xb1, 0x30, 0x7a,
+    0x21, 0xb1, 0x83, 0x16, 0xcf, 0xd1, 0x75, 0xa5, 0x9d, 0xd7,
+    0xc1, 0x60, 0xa8, 0xdb, 0x1e, 0xb9, 0x3e, 0x9c, 0x12, 0x42,
+    0xe8, 0x47, 0x49, 0x18, 0x9f, 0x5c, 0x12, 0xd1, 0x69, 0xd5,
+    0x7d, 0xa8, 0x3c, 0xda, 0x35, 0x8a, 0x6c, 0x63, 0xb8, 0x62,
+    0x8a, 0x61, 0xfa, 0xf2, 0x61, 0x11, 0x1e, 0xb6, 0xf3, 0x5c,
+    0x62, 0x9d, 0xa7, 0x62, 0x0c, 0x87, 0x93, 0xe2, 0x23, 0x6c,
+    0x3d, 0xa9, 0x2c, 0x4b, 0xd5, 0x7f, 0xfe, 0x72, 0x27, 0x36,
+    0x06, 0xcb, 0x65, 0x38, 0xef, 0x13, 0x57, 0x6a, 0xc9, 0xc6,
+    0x4f, 0x51, 0xd0, 0x90, 0x06, 0xa0, 0x23, 0x65, 0x95, 0xce,
+    0x16, 0x8f, 0x8d, 0xb2, 0xf9, 0x7f, 0x3c, 0x2c, 0x30, 0x5a,
+    0x38, 0xf1, 0x62, 0x79, 0x4b, 0xe5, 0xd7, 0x0a, 0x3f, 0x83,
+    0x5f, 0x46, 0x26, 0x97, 0xb7, 0x08, 0x8c, 0x5b, 0xb8, 0x02,
+    0x28, 0xf2, 0x4d, 0xdf, 0x93, 0x97, 0xc5, 0x94, 0x4b, 0x0e,
+    0x42, 0xc3, 0x35, 0x91, 0x6b, 0x69, 0x61, 0x76, 0x7f, 0x94,
+    0xcf, 0x0b, 0x81, 0x33, 0xff, 0xf3, 0x0c, 0xc7, 0x01, 0x94,
+    0x94, 0xa9, 0xed, 0xcd, 0x4b, 0xc8, 0xcb, 0x91, 0xf9, 0x7a,
+    0x47, 0xcd, 0x79, 0x3c, 0xa6, 0xde, 0x52, 0xd2, 0x47, 0x5c,
+    0x10, 0x62, 0xbb, 0xe5, 0x32, 0xde, 0x83, 0xcf, 0xa8, 0x52,
+    0xb3, 0xe7, 0xf9, 0xec, 0x17, 0x34, 0xbf, 0x33, 0x5d, 0xb2,
+    0x4e, 0x56, 0xf7, 0x29, 0xd9, 0x5c, 0x1b, 0x83, 0x01, 0xbb,
+    0xb9, 0x2b, 0x95, 0x52, 0x08, 0xab, 0xa4, 0x51, 0x03, 0xa1,
+    0xfb, 0x6a, 0x50, 0xcd, 0xa8, 0x9d, 0x95, 0x6f, 0x7e, 0xb1,
+    0x80, 0x1e, 0x9d, 0x81, 0x01, 0x26, 0x41, 0x78, 0x36, 0x3c,
+    0x8a, 0x44, 0xf4, 0x98, 0x88, 0x1c, 0x5d, 0x06, 0xd3, 0xd2,
+    0xb2, 0x58, 0x7d, 0xa1, 0x45, 0x1b, 0xbf, 0x8c, 0xf6, 0x6a,
+    0xfa, 0xfd, 0x08, 0x29, 0x3e, 0x91, 0x57, 0xf1, 0x3d, 0x20,
+    0xed, 0x49, 0x6e, 0x9c, 0x46, 0xd5, 0x08, 0x8d, 0x9b, 0xf8,
+    0xef, 0xa3, 0x3a, 0x98, 0xcb, 0xb4, 0xcb, 0x5b, 0x30, 0x25,
+    0x20, 0xcc, 0x04, 0xa1, 0xeb, 0xeb, 0xee, 0x1b, 0x36, 0x85,
+    0xc1, 0x93, 0x16, 0x5a, 0x31, 0xdf, 0xd6, 0x0e, 0x73, 0x9e,
+    0x63, 0x6e, 0x96, 0x90, 0x54, 0xd2, 0xc2, 0x53, 0x69, 0x93,
+    0xd5, 0x54, 0xca, 0xd8, 0x84, 0xf7, 0x8f, 0x9a, 0xd1, 0x80,
+    0x0d, 0x57, 0xa8, 0x26, 0xbe, 0x45, 0x64, 0xd5, 0x2b, 0xbb,
+    0x45, 0xb5, 0x08, 0xb9, 0x37, 0x57, 0x02, 0x82, 0x03, 0xc1,
+    0x00, 0xd1, 0x30, 0x2e, 0xb7, 0x9b, 0xe7, 0x5d, 0x13, 0x74,
+    0x1f, 0x52, 0xf2, 0x02, 0x18, 0xe9, 0x07, 0x87, 0x9e, 0xed,
+    0xde, 0x83, 0x92, 0xcf, 0x73, 0x61, 0x21, 0xc4, 0x62, 0x30,
+    0x6c, 0xa2, 0x36, 0xbd, 0xe2, 0xc5, 0x19, 0xf6, 0xdf, 0x51,
+    0x7b, 0xca, 0xd4, 0xe4, 0x51, 0x83, 0x49, 0x27, 0xdd, 0xbd,
+    0xb0, 0x10, 0x79, 0x39, 0xdd, 0x0e, 0x3d, 0x65, 0xad, 0x6d,
+    0xa3, 0x95, 0x52, 0x85, 0xdb, 0x18, 0x94, 0x60, 0xaa, 0xc0,
+    0xc8, 0x8b, 0xdb, 0xfe, 0xf9, 0xf0, 0x86, 0xf9, 0x33, 0x8a,
+    0xd7, 0xbe, 0x8d, 0x43, 0x83, 0x4d, 0xe4, 0x17, 0x2b, 0x46,
+    0x54, 0x44, 0x1b, 0xbe, 0x52, 0x64, 0x47, 0x02, 0x6c, 0x4a,
+    0x64, 0xb4, 0x3f, 0x21, 0x2f, 0xbb, 0xe3, 0x72, 0x7c, 0x26,
+    0x14, 0xdf, 0x80, 0x50, 0xd4, 0x94, 0xe9, 0xc6, 0x7d, 0x71,
+    0xd8, 0xaf, 0xfb, 0x74, 0x36, 0x33, 0xbe, 0x58, 0x63, 0xad,
+    0xcb, 0xdf, 0xc0, 0x73, 0x9e, 0x19, 0xb0, 0x65, 0xe1, 0xd1,
+    0x10, 0x44, 0xf1, 0xf0, 0x08, 0xa3, 0x09, 0x25, 0xeb, 0xd5,
+    0xcb, 0xdd, 0x98, 0xdd, 0xbc, 0x09, 0x2c, 0xef, 0xc1, 0x8d,
+    0x43, 0x15, 0x41, 0xc2, 0xa1, 0x84, 0x37, 0x70, 0x5a, 0xd5,
+    0xf5, 0xb2, 0x6a, 0x1f, 0xbb, 0xcc, 0x30, 0xb9, 0xd9, 0xc7,
+    0x36, 0x21, 0xf3, 0x69, 0x3e, 0x91, 0x38, 0x4d, 0xa5, 0xc4,
+    0xf7, 0x84, 0x90, 0x34, 0x0e, 0x47, 0x7e, 0x26, 0xf2, 0x98,
+    0x25, 0x26, 0xda, 0xf0, 0x4e, 0x55, 0xea, 0x4d, 0x9b, 0x8a,
+    0x4a, 0xe1, 0x1f, 0xa0, 0x07, 0x90, 0x9e, 0x59, 0x64, 0xae,
+    0xd9, 0xd6, 0x7e, 0x72, 0xa1, 0xc4, 0xea, 0x7d, 0xbd, 0x1f,
+    0x7d, 0x2b, 0xd9, 0x2c, 0xdc, 0x8b, 0xc0, 0xda, 0x52, 0x0c,
+    0xd1, 0xd0, 0x56, 0xb7, 0x93, 0xc7, 0x26, 0x79, 0x71, 0xd0,
+    0x0d, 0xae, 0xaa, 0xa7, 0xe4, 0xc1, 0x59, 0x27, 0x68, 0x97,
+    0x9a, 0xff, 0x3d, 0x36, 0x07, 0x55, 0x77, 0x07, 0x97, 0x69,
+    0xf3, 0x99, 0x91, 0x3f, 0x63, 0xfd, 0x70, 0x8c, 0xa1, 0xeb,
+    0xc5, 0x21, 0xa3, 0xfe, 0x99, 0x96, 0x11, 0x37, 0xb9, 0xe6,
+    0x93, 0xf8, 0xd0, 0xb1, 0xa3, 0x57, 0x7a, 0xa8, 0x63, 0xdd,
+    0x09, 0x56, 0xb0, 0x3b, 0xa6, 0x59, 0xc7, 0x89, 0x54, 0x16,
+    0xe9, 0x2d, 0x78, 0x7d, 0xaf, 0x4e, 0x0a, 0x5b, 0x62, 0x3b,
+    0x0b, 0xcb, 0x24, 0x89, 0x4e, 0x1c, 0x3d, 0xe1, 0xbd, 0x5a,
+    0x3e, 0xc5, 0xfd, 0x15, 0x3d, 0x08, 0x38, 0x33, 0x5e, 0x37,
+    0x4c, 0xe3, 0xe3, 0xe9, 0xc4, 0x1d, 0x2b, 0xd4, 0x58, 0x25,
+    0x58, 0x23, 0x8e, 0xc6, 0x83, 0x9a, 0xf3, 0x9a, 0x78, 0xe9,
+    0xa7, 0xca, 0xd7, 0xdd, 0x89, 0x20, 0x6e, 0x02, 0xea, 0x6b,
+    0x37, 0x74, 0xda, 0xa0, 0xc2, 0x5a, 0x2b, 0x80, 0x1c, 0x28,
+    0x91, 0x0d, 0x50, 0x64, 0xf0, 0x12, 0xe7, 0xc4, 0x7e, 0xdd,
+    0x28, 0x3b, 0x26, 0x9a, 0xf4, 0x39, 0x56, 0xa4, 0x72, 0x4d,
+    0xcb, 0x67, 0x3c, 0x68, 0xb2, 0x6f, 0xf0, 0xd0, 0x15, 0x90,
+    0xc8, 0x08, 0xbb, 0x0b, 0x08, 0x6b, 0x8a, 0xde, 0x41, 0x57,
+    0xbc, 0x63, 0x0e, 0x00, 0x8d, 0xf8, 0xdd, 0x93, 0xce, 0x58,
+    0x7b, 0xa8, 0xb9, 0x64, 0x26, 0x06, 0xe7, 0x71, 0x23, 0x0f,
+    0x41, 0xf1, 0xb7, 0xae, 0x59, 0x2e, 0xd0, 0x73, 0xc5, 0xd9,
+    0xdc, 0x0e, 0x1c, 0x02, 0x58, 0x69, 0xb3, 0x15, 0x6d, 0x96,
+    0x2b, 0xdb, 0x7b, 0x3b, 0x6c, 0x38, 0x32, 0x6b, 0xd8, 0x08,
+    0xb2, 0xbd, 0xa7, 0x49, 0x43, 0xeb, 0x90, 0x42, 0x70, 0xc5,
+    0xba, 0xcd, 0x4a, 0x44, 0x8f, 0x83, 0x0d, 0x17, 0x51, 0x5a,
+    0x95, 0xa2, 0x57, 0x9a, 0x16, 0x19, 0x91, 0xbb, 0x90, 0x5c,
+    0x2a, 0x16, 0xe8, 0x26, 0x10, 0x3c, 0xb7, 0x10, 0x5c, 0xf8,
+    0xc5, 0x15, 0x2b, 0x70, 0x75, 0x69, 0xba, 0x7b, 0x3d, 0x0b,
+    0x57, 0xac, 0x39, 0x12, 0x2e, 0xd6, 0xd9, 0x13, 0x74, 0x8e,
+    0xa8, 0x0b, 0x17, 0xe1, 0x03, 0x7a, 0xba, 0x1d, 0x07, 0x91,
+    0x8c, 0x2a, 0x3a, 0x8d, 0xe0, 0x2a, 0x94, 0xd4, 0x16, 0x35,
+    0x64, 0x8b, 0x92, 0x2c, 0x2f, 0xa4, 0x18, 0xfe, 0x3f, 0x02,
+    0x19, 0x8c, 0xb9, 0xeb, 0xaf, 0x01, 0x06, 0xa8, 0x37, 0x7f,
+    0xe2, 0x44, 0x10, 0xce, 0xeb, 0x8d, 0xd0, 0x73, 0xc4, 0x1e,
+    0x3d, 0x2c, 0xaf, 0x77, 0xb2, 0xef, 0xe5, 0x95, 0x8b, 0xdf,
+    0x02, 0xfc, 0x93, 0xb8, 0xa9, 0x27, 0x88, 0x1d, 0x1d, 0x82,
+    0x9f, 0xb6, 0xe4, 0x12, 0x05, 0x79, 0xb6, 0x1c, 0x41, 0x0d,
+    0xc1, 0x53, 0x49, 0x8f, 0x3d, 0xc9, 0xad, 0x84, 0xcb, 0x0b,
+    0x88, 0x7e, 0xfe, 0x73, 0x59, 0x21, 0x64, 0xc5, 0x50, 0x53,
+    0xdc, 0x98, 0xc6, 0x43, 0xb8, 0xf5, 0xc3, 0xa1, 0xf5, 0xb2,
+    0xd8, 0x86, 0xe9, 0xae, 0x98, 0xf9, 0x3b, 0x99, 0xc0, 0xe7,
+    0xd7, 0x4a, 0xed, 0xac, 0x89, 0x84, 0xb0, 0x8e, 0xd3, 0xab,
+    0xec, 0x03, 0x02, 0x12, 0x4b, 0x44, 0x17, 0x4d, 0x98, 0x26,
+    0x1e, 0x51, 0xc5, 0xbb, 0xcd, 0xdc, 0x50, 0xab, 0x83, 0x37,
+    0x49, 0x90, 0x1e, 0x34, 0xad, 0x81, 0x22, 0x6c, 0xe4, 0xdd,
+    0x19, 0x01, 0x09, 0x25, 0x2d, 0x9e, 0x52, 0x90, 0x72, 0xa1,
+    0x68, 0x3d, 0x0c, 0x49, 0x99, 0x19, 0x75, 0x5a, 0xca, 0x08,
+    0x69, 0xa1, 0xd2, 0x88, 0x8c, 0xea, 0xcf, 0x9c, 0xbc, 0x23,
+    0xad, 0x3f, 0xb9, 0xfc, 0xb9, 0x30, 0x0d, 0xd6, 0xd9, 0x65,
+    0x0c, 0x7e, 0x99, 0x68, 0x35, 0x26, 0x07, 0xd1, 0x55, 0xbf,
+    0x8e, 0xde, 0xe7, 0xe7, 0x01, 0xcb, 0xca, 0x0a, 0x39, 0x2e,
+    0xcc, 0x19, 0xec, 0x77, 0xf3, 0xab, 0xb2, 0xe6, 0x0e, 0x54,
+    0x06, 0x01, 0x50, 0x77, 0xd3, 0x61, 0x36, 0x05, 0x90, 0xe4,
+    0xd8, 0xc4, 0x1d, 0xf5, 0xc7, 0xfa, 0x65, 0xf0, 0x46, 0x6a,
+    0x5f, 0xa7, 0xc3, 0x8c, 0x6f, 0x04, 0x7f, 0xcf, 0x97, 0xb9,
+    0x68, 0x92, 0x31, 0x09, 0x02, 0x9f, 0x22, 0xc9, 0xf8, 0xe6,
+    0x7e, 0xa8, 0x95, 0x5b, 0x6b, 0xfe, 0x9c, 0x4e, 0x63, 0x2d,
+    0x8c, 0x1a, 0x4c, 0x8b, 0x14, 0x79, 0x08, 0xd5, 0x96, 0x76,
+    0xd1, 0xb4, 0x2f, 0xae, 0x5d, 0x91, 0x88, 0x7c, 0xdd, 0xd2,
+    0x06, 0x86, 0xcf, 0x0a, 0x83, 0x6f, 0xda, 0xca, 0x71, 0x7c,
+    0xe7, 0xe5, 0x34, 0xa8, 0x9a, 0x53, 0x8d, 0xa5, 0xaa, 0x5d,
+    0xb5, 0x17, 0x81, 0x34, 0x6f, 0xbe, 0xbb, 0xb6, 0x58, 0x22,
+    0x90, 0x80, 0xf6, 0x9c, 0x1c, 0xb0, 0x79, 0x8f, 0x92, 0x5b,
+    0x7d, 0x1c, 0x71, 0x5f, 0xb4, 0x87, 0x36, 0xbe, 0x81, 0x8d,
+    0x4a, 0xfc, 0x28, 0x72, 0x81, 0xaf, 0x5f, 0xbd, 0x5f, 0x99,
+    0xe3, 0xc9, 0x37, 0xb0, 0x6e, 0xad, 0x70, 0x96, 0xfa, 0xe3,
+    0x99, 0xf7, 0x08, 0x14, 0x21, 0x21, 0xb7, 0x1a, 0xaa, 0xe8,
+    0x07, 0xb6, 0xfd, 0xa3, 0x7a, 0x2d, 0x93, 0x64, 0x8f, 0x89,
+    0x2c, 0x71, 0x49, 0x71, 0xb8, 0x45, 0xca, 0xe0, 0x7c, 0x00,
+    0x8d, 0xbd, 0xb8, 0x1c, 0x3a, 0x94, 0xa2, 0xa7, 0x6d, 0x0a,
+    0x2e, 0x84, 0xaf, 0xbd, 0xab, 0x05, 0x95, 0x64, 0x8b, 0x05,
+    0xc8, 0xc9, 0x4e, 0xea, 0xb5, 0x96, 0x4a, 0x47, 0xdd, 0xf2,
+    0xcb, 0x02, 0x82, 0x03, 0xc0, 0x59, 0xb3, 0xd9, 0x85, 0xdc,
+    0xa8, 0xb9, 0x93, 0x85, 0xa2, 0xbc, 0x79, 0xfc, 0x72, 0x50,
+    0xc1, 0xa0, 0xa5, 0xdb, 0x71, 0x35, 0xa1, 0x31, 0xbc, 0x68,
+    0x4e, 0xd5, 0x19, 0x9e, 0x0e, 0x32, 0x3a, 0xad, 0x40, 0x9e,
+    0x82, 0x3c, 0x1e, 0x2b, 0x34, 0x3b, 0xc9, 0x32, 0x61, 0x07,
+    0x5e, 0x46, 0xa9, 0xbe, 0xbe, 0x73, 0x0c, 0x12, 0xef, 0x52,
+    0x68, 0x82, 0xe2, 0x0b, 0x12, 0x74, 0xfc, 0x10, 0x5c, 0xc0,
+    0xb5, 0x98, 0x4d, 0x86, 0xbb, 0x8c, 0x40, 0x15, 0xa1, 0x6e,
+    0x46, 0x73, 0x2e, 0xd6, 0x99, 0x6b, 0x50, 0xab, 0x04, 0x1a,
+    0x5f, 0xf4, 0xfa, 0xcb, 0x4b, 0xad, 0xc4, 0x5e, 0x62, 0xa7,
+    0x48, 0xd4, 0x52, 0x85, 0xdc, 0x2a, 0x85, 0x9b, 0xee, 0x08,
+    0xa5, 0xaa, 0xaa, 0xe8, 0x44, 0xf0, 0xed, 0x89, 0x21, 0xe4,
+    0xb4, 0xab, 0x3c, 0x0d, 0x53, 0x7e, 0x53, 0xdd, 0xac, 0x47,
+    0xda, 0x77, 0x79, 0x5f, 0x78, 0x7a, 0x80, 0x84, 0x46, 0x50,
+    0xaa, 0xdb, 0x3b, 0x8c, 0x6b, 0xda, 0xb0, 0xac, 0x0a, 0xd3,
+    0x4c, 0xe4, 0x6e, 0x87, 0xd1, 0xb2, 0x5a, 0xd5, 0x98, 0xae,
+    0xcb, 0x7e, 0xc2, 0x19, 0xdc, 0x53, 0x64, 0x86, 0x4c, 0x7b,
+    0xe0, 0x63, 0x22, 0x94, 0x34, 0xad, 0x15, 0xdc, 0xd8, 0xa8,
+    0x5f, 0xc6, 0x58, 0xf6, 0x72, 0x34, 0xdd, 0xfb, 0x85, 0x8a,
+    0xd9, 0xa3, 0xfb, 0x3b, 0xad, 0x5d, 0xf0, 0x1a, 0x0b, 0xa8,
+    0x91, 0xe7, 0x7d, 0x26, 0x27, 0x38, 0xf8, 0xe0, 0x49, 0x1b,
+    0x56, 0xc5, 0x5b, 0xe3, 0x1c, 0x7b, 0xa3, 0x53, 0x6d, 0x22,
+    0xfa, 0xd7, 0x63, 0x5f, 0xf0, 0xcb, 0x92, 0x49, 0x01, 0x54,
+    0xe5, 0x77, 0x5b, 0xd3, 0xab, 0xce, 0xb8, 0x3a, 0x5b, 0xb8,
+    0x07, 0x40, 0x46, 0x51, 0xe4, 0x59, 0xa2, 0x45, 0x41, 0xcc,
+    0x81, 0x6c, 0xe3, 0xa6, 0xb3, 0xa0, 0x30, 0x4a, 0x67, 0x10,
+    0xed, 0xc0, 0x8a, 0xcd, 0xfc, 0xa5, 0x44, 0x9b, 0x59, 0x19,
+    0x4a, 0x43, 0x8d, 0xec, 0x00, 0xd8, 0x6d, 0xf9, 0xf0, 0x2d,
+    0xd9, 0x55, 0xfc, 0x05, 0xe2, 0x12, 0x48, 0x4d, 0xd6, 0x7d,
+    0xec, 0x41, 0xc4, 0x9e, 0xe2, 0xed, 0x84, 0x14, 0x29, 0x0e,
+    0x5b, 0x81, 0x0b, 0xb0, 0x87, 0x8a, 0xd3, 0x35, 0x5c, 0xad,
+    0xdb, 0xcc, 0xa1, 0x3c, 0xcb, 0x8b, 0x23, 0x55, 0x69, 0xf1,
+    0x83, 0x84, 0x81, 0x36, 0xae, 0xd5, 0xf3, 0x98, 0xb6, 0xb2,
+    0xb5, 0xa1, 0x79, 0x6d, 0x80, 0x8f, 0x2e, 0x25, 0x71, 0x4e,
+    0x16, 0xff, 0xa0, 0x7c, 0xa4, 0x62, 0x8c, 0x44, 0x85, 0x64,
+    0x90, 0x7c, 0xac, 0x10, 0x36, 0xf2, 0xf2, 0xfb, 0x20, 0x2b,
+    0xa1, 0x27, 0xd0, 0xcc, 0x27, 0xfd, 0xb0, 0xba, 0x3e, 0x37,
+    0xb1, 0xa8, 0x9d, 0x3c, 0x82, 0x63, 0xd0, 0x16, 0x6d, 0x7a,
+    0xdd, 0x2e, 0xea, 0xe5, 0x87, 0xd6, 0x64, 0x72, 0xdb, 0x60,
+    0x53, 0x38, 0x18, 0x66, 0x1d, 0x25, 0xf6, 0x08, 0x92, 0x7f,
+    0x68, 0x5b, 0x79, 0x07, 0xde, 0x93, 0xee, 0xf8, 0x8f, 0xce,
+    0x28, 0xcf, 0xb1, 0x5b, 0x43, 0x51, 0xdf, 0xf5, 0xac, 0xe8,
+    0x9c, 0x95, 0x14, 0x8a, 0x67, 0xe1, 0x25, 0xfe, 0x11, 0xa2,
+    0x40, 0xf8, 0xdd, 0xcf, 0xf5, 0x17, 0x94, 0xb6, 0x88, 0x10,
+    0xa2, 0x90, 0x58, 0xef, 0xaf, 0x73, 0xf8, 0x7c, 0x9b, 0x20,
+    0x30, 0x79, 0xca, 0x3f, 0xa9, 0x22, 0x40, 0xfd, 0xcc, 0xb0,
+    0x5d, 0x0d, 0x97, 0x6b, 0xc0, 0x75, 0x35, 0x33, 0xc5, 0x76,
+    0x45, 0x6e, 0x9b, 0x78, 0xe7, 0xb4, 0x04, 0xb3, 0xba, 0x3b,
+    0x93, 0xb1, 0xa9, 0x8f, 0xa1, 0x24, 0x5d, 0x1c, 0x0e, 0x66,
+    0xc0, 0xc6, 0xcc, 0xd6, 0xb7, 0x88, 0x9d, 0xb8, 0x45, 0xe3,
+    0xaa, 0xc9, 0x6c, 0xfd, 0x37, 0xdc, 0x85, 0xd5, 0x49, 0xfd,
+    0xef, 0xeb, 0xf9, 0x7a, 0x3f, 0x7a, 0x4f, 0x86, 0x49, 0xaa,
+    0x9f, 0x08, 0x12, 0x0b, 0x11, 0x35, 0x5c, 0xd5, 0xd3, 0xda,
+    0x14, 0x50, 0x03, 0x2c, 0x24, 0x26, 0x0e, 0x29, 0x18, 0xcc,
+    0x1d, 0x0a, 0x7c, 0x94, 0x8b, 0xc0, 0xa0, 0x3f, 0xea, 0xf8,
+    0xf8, 0xa9, 0x1d, 0x65, 0x31, 0x6f, 0x3b, 0xa6, 0xd0, 0xfc,
+    0x26, 0xb0, 0x4e, 0x3a, 0x66, 0xe7, 0x32, 0x10, 0x2e, 0x84,
+    0x47, 0xad, 0xa9, 0x18, 0xfc, 0xa3, 0x8b, 0x74, 0x84, 0x4f,
+    0xd4, 0x25, 0x93, 0x0f, 0xdb, 0x2e, 0xae, 0x88, 0x8e, 0x28,
+    0xf8, 0x0f, 0xaa, 0x60, 0xd4, 0xbe, 0xad, 0x66, 0x0c, 0x0d,
+    0x01, 0xbd, 0x8d, 0xc4, 0xfc, 0x48, 0xef, 0x78, 0x14, 0x34,
+    0xee, 0xb3, 0xbc, 0xd4, 0xbb, 0x1f, 0x7c, 0x12, 0x5c, 0x9b,
+    0xeb, 0x77, 0x3e, 0x2c, 0x6e, 0x31, 0x59, 0xe6, 0x78, 0xc5,
+    0xe8, 0xa4, 0xdd, 0xf1, 0xef, 0x5d, 0x27, 0x45, 0x31, 0x13,
+    0xd0, 0x21, 0xa1, 0x13, 0xce, 0xac, 0x7e, 0xbb, 0xfb, 0x32,
+    0xeb, 0x76, 0x31, 0xc4, 0xba, 0xdf, 0xfb, 0x5a, 0x1b, 0xc9,
+    0x9e, 0x74, 0xa0, 0x9e, 0x26, 0x82, 0xd5, 0x6e, 0x1d, 0xc3,
+    0x0e, 0xd1, 0x6d, 0xdb, 0x43, 0xb3, 0x0b, 0x14, 0xcb, 0xf1,
+    0xad, 0x62, 0x34, 0x49, 0xb8, 0xd3, 0x08, 0xca, 0x93, 0xf1,
+    0x42, 0xb2, 0x4b, 0x23, 0x79, 0x93, 0xde, 0x18, 0x58, 0xf3,
+    0x66, 0xfa, 0xdc, 0xab, 0xca, 0x33, 0x22, 0x2b, 0x5c, 0x8c,
+    0x12, 0xc1, 0x7b, 0x2e, 0x52, 0x72, 0xa7, 0x78, 0x4a, 0x49,
+    0xa1, 0x53, 0x02, 0x76, 0x2d, 0x2e, 0xf8, 0x43, 0x3c, 0xe8,
+    0xfa, 0xb7, 0xff, 0x39, 0xed, 0x74, 0x9e, 0x11, 0x61, 0x33,
+    0xde, 0x2a, 0x55, 0xe6, 0x4a, 0xe7, 0x97, 0xa6, 0xb2, 0xc3,
+    0x40, 0x41, 0x52, 0x66, 0xcf, 0xbf, 0xf8, 0x8e, 0x08, 0xea,
+    0x96, 0x4d, 0x03, 0xc9, 0xbe, 0x3c, 0x4e, 0x36, 0x8c, 0x6f,
+    0x4d, 0x1e, 0xcd, 0x31, 0x6d, 0x53, 0xea, 0x9e, 0xf0, 0x8e,
+    0x35, 0x97, 0x37, 0x54, 0xe9, 0x0f, 0xb8, 0x23, 0x25, 0x69,
+    0x5b, 0xb5, 0xff, 0xc3, 0x5a, 0x2d, 0x10, 0x6a, 0xc0, 0xb8,
+    0xee, 0x0d, 0x31, 0x5b, 0xe4, 0x69, 0x40, 0x62, 0xa7, 0x1b,
+    0x16, 0xfa, 0xd6, 0xb8, 0xba, 0xc8, 0x6a, 0xa3, 0x29, 0xdd,
+    0x9b, 0x4d, 0xd7, 0x96, 0xef, 0x31, 0x74, 0xac, 0x37, 0x10,
+    0x91, 0x30, 0x0c, 0x15, 0x3f, 0x09, 0xb6, 0x7d, 0x22, 0xfb,
+    0x8c, 0x6f, 0xc3, 0x93, 0xa3, 0x98, 0xa6, 0x23, 0xa4, 0x55,
+    0xe0, 0x9e, 0x23, 0x06, 0xa9, 0x78, 0xe9, 0xb3, 0x88, 0xc9,
+    0xb7, 0x83, 0x05, 0x46, 0x11, 0x3a, 0x0a, 0xb9, 0x74, 0x5b,
+    0xa0, 0xb5, 0x06, 0x96, 0x86, 0xb6, 0xf4, 0x9d, 0x0d, 0x86,
+    0x43, 0xa8, 0x40, 0x4b, 0x08, 0x93, 0x7c, 0xad, 0xb0, 0x50,
+    0xb4, 0xd0, 0xe7, 0xad, 0xd0, 0x54, 0x5e, 0x15, 0xaf, 0xad,
+    0x34, 0x12, 0x86, 0xb3, 0x29, 0x3b, 0x20, 0xc9, 0xad, 0xeb,
+    0xc2, 0x65, 0xf3, 0x5c, 0x2d, 0xe5, 0xff, 0xfd, 0x81, 0x79,
+    0xf5, 0x11, 0x6f, 0xf7, 0xca, 0x0c, 0x76, 0xf0, 0xd4, 0x02,
+    0x9d, 0xb7, 0x76, 0x39, 0x6d, 0x32, 0x6a, 0xb8, 0x30, 0xa4,
+    0x01, 0xcc, 0x10, 0xef, 0xb1, 0x0e, 0x41, 0x22, 0x82, 0x5b,
+    0x22, 0xcb, 0x32, 0x19, 0x2e, 0xa3, 0x0a, 0xce, 0x05, 0xdd,
+    0xe8, 0x4a, 0x58, 0x92, 0xe1, 0x02, 0x82, 0x03, 0xc0, 0x22,
+    0x0f, 0x95, 0x5b, 0xc2, 0x1f, 0xde, 0xf0, 0xde, 0xf4, 0x86,
+    0xbd, 0xef, 0x07, 0x7d, 0x52, 0x03, 0x8c, 0x26, 0x31, 0x17,
+    0xfd, 0x5c, 0x97, 0xed, 0xd5, 0xe0, 0xb3, 0x18, 0x2d, 0x68,
+    0x10, 0x3f, 0xc4, 0xdf, 0xd1, 0x05, 0x78, 0x81, 0x3d, 0x05,
+    0xde, 0xba, 0x3a, 0x67, 0x85, 0x0e, 0xdf, 0xb5, 0x16, 0x28,
+    0xe8, 0x84, 0x3a, 0x71, 0x2a, 0x20, 0x17, 0x28, 0x05, 0xfd,
+    0xb7, 0x4d, 0x22, 0x4a, 0x93, 0x46, 0x56, 0x27, 0x43, 0xc0,
+    0x3a, 0x16, 0xff, 0x3d, 0x61, 0xcc, 0xcb, 0xce, 0xac, 0xa8,
+    0x53, 0x3a, 0x0d, 0xf4, 0x2d, 0xd2, 0x73, 0xf2, 0x64, 0xa0,
+    0x1e, 0x60, 0x53, 0xec, 0x0d, 0xff, 0xe0, 0x00, 0x10, 0xfb,
+    0xa4, 0x57, 0xd3, 0xfc, 0xe4, 0xe0, 0xec, 0x44, 0x0b, 0x1c,
+    0x05, 0x39, 0xa4, 0x13, 0x87, 0x29, 0x11, 0x9d, 0xea, 0xe9,
+    0x64, 0xa9, 0x1c, 0x76, 0x3a, 0x65, 0x0b, 0xfd, 0xed, 0x77,
+    0x46, 0x4f, 0xcd, 0x0b, 0x63, 0xc4, 0x83, 0x0b, 0x56, 0x79,
+    0xd3, 0x67, 0x01, 0x11, 0x02, 0xd9, 0x50, 0xd8, 0x23, 0xf4,
+    0xb6, 0x02, 0x4c, 0xae, 0xb5, 0xc9, 0x68, 0x1b, 0x87, 0x33,
+    0xbb, 0xdc, 0x64, 0x0e, 0x32, 0x34, 0xb2, 0x25, 0xaa, 0x76,
+    0xdd, 0x7e, 0xc3, 0x46, 0x51, 0x1c, 0xc1, 0xd0, 0x05, 0x09,
+    0x6c, 0x27, 0xd3, 0xcf, 0x33, 0x7a, 0xb9, 0x26, 0x24, 0x23,
+    0x4a, 0x93, 0x9f, 0x4b, 0x96, 0xc7, 0xe2, 0xb2, 0x51, 0x42,
+    0x4d, 0x5d, 0xd9, 0x73, 0x75, 0xce, 0x23, 0x28, 0x56, 0x5e,
+    0xe7, 0x96, 0x58, 0x04, 0xfd, 0x33, 0x93, 0x08, 0x41, 0x62,
+    0x02, 0x7e, 0xc9, 0xc6, 0x55, 0x64, 0x19, 0xda, 0x39, 0xb8,
+    0x5d, 0x09, 0x47, 0xf3, 0xdd, 0x77, 0xee, 0xea, 0x35, 0x73,
+    0x95, 0xdb, 0x18, 0x4d, 0xd1, 0xfe, 0xee, 0x40, 0x31, 0x2a,
+    0x22, 0x91, 0x69, 0xd6, 0xed, 0x9c, 0x54, 0x14, 0x73, 0x61,
+    0x61, 0xe7, 0x1d, 0x34, 0x96, 0x47, 0xff, 0x28, 0x7a, 0x48,
+    0xa3, 0xf4, 0xcd, 0x64, 0x23, 0xe2, 0x52, 0x2f, 0x20, 0x8f,
+    0x04, 0xb3, 0xdc, 0xf0, 0x29, 0x67, 0x88, 0x76, 0x79, 0xdb,
+    0x86, 0xa7, 0x95, 0xf0, 0x15, 0x81, 0xbb, 0x98, 0xee, 0xff,
+    0x55, 0x7c, 0xb0, 0xee, 0x67, 0x65, 0xfd, 0xf2, 0x29, 0x0f,
+    0x85, 0x51, 0xf9, 0xac, 0x5c, 0x55, 0x5a, 0xde, 0x40, 0x62,
+    0x58, 0x55, 0x9f, 0x09, 0x4c, 0x2e, 0x28, 0x75, 0xbc, 0x48,
+    0xe2, 0x97, 0x85, 0xb3, 0x83, 0xeb, 0x21, 0x49, 0x21, 0xd4,
+    0xed, 0x74, 0x4f, 0xc1, 0x6c, 0x34, 0x8c, 0x11, 0xb0, 0x93,
+    0x41, 0x99, 0x23, 0x2e, 0xa4, 0xc1, 0x9f, 0x34, 0x74, 0x64,
+    0xbb, 0xd7, 0x4f, 0x8f, 0x9f, 0x3a, 0x0c, 0x4f, 0x5e, 0xdd,
+    0x41, 0x07, 0xf1, 0xfd, 0x5a, 0x9d, 0xe6, 0x77, 0xd8, 0x7e,
+    0x71, 0x7b, 0xad, 0xf7, 0x76, 0x13, 0x71, 0x90, 0xb3, 0x0f,
+    0x46, 0x8e, 0xee, 0x7b, 0x33, 0x97, 0x5d, 0x21, 0x3b, 0xa0,
+    0x58, 0x9e, 0xb7, 0x87, 0x30, 0x8f, 0xc1, 0x23, 0x2c, 0xde,
+    0xf7, 0x0d, 0xa9, 0xd6, 0x50, 0xeb, 0x35, 0x7a, 0x82, 0xab,
+    0x22, 0x49, 0x86, 0xd4, 0x61, 0xc7, 0xc2, 0x4e, 0x77, 0xfc,
+    0x16, 0x0b, 0xaf, 0x81, 0x6a, 0x47, 0xea, 0xac, 0x7e, 0x51,
+    0x4c, 0x56, 0x30, 0x21, 0x46, 0x41, 0xc3, 0x92, 0x60, 0x99,
+    0x4f, 0x88, 0x36, 0x3b, 0x27, 0xb4, 0xb2, 0x7e, 0x44, 0x2f,
+    0xdd, 0x95, 0xe4, 0x5e, 0x16, 0x1f, 0xa7, 0x32, 0x6b, 0x60,
+    0x24, 0x0f, 0xf2, 0xe6, 0x35, 0x3c, 0x0c, 0x3e, 0xb5, 0xd6,
+    0xdd, 0x63, 0xe2, 0x76, 0x35, 0x38, 0x79, 0xbf, 0xa5, 0x23,
+    0xa4, 0xdd, 0xeb, 0x01, 0x48, 0xd0, 0x60, 0x86, 0x11, 0x38,
+    0x5f, 0x9e, 0x6b, 0x00, 0x67, 0xd2, 0x5b, 0x41, 0x0a, 0x5e,
+    0x13, 0x0f, 0xa1, 0x9e, 0x90, 0x85, 0xa6, 0x7f, 0xe5, 0x4b,
+    0x9e, 0x93, 0x4e, 0x5b, 0x1f, 0x47, 0x62, 0xb0, 0x23, 0xbe,
+    0x82, 0xa9, 0xd9, 0xb6, 0x2e, 0xfd, 0xb1, 0x10, 0xca, 0xe0,
+    0xc9, 0x5d, 0xf6, 0x85, 0x18, 0x6c, 0x9c, 0x1d, 0x1f, 0x7c,
+    0xf6, 0x55, 0x09, 0x80, 0xcf, 0xac, 0xfe, 0x37, 0x6a, 0x4f,
+    0x96, 0xaa, 0x40, 0x79, 0x8b, 0x4a, 0xf2, 0x96, 0x79, 0x12,
+    0x1a, 0x26, 0x87, 0x06, 0x35, 0x4d, 0xd4, 0x3e, 0x14, 0x39,
+    0xe5, 0x6c, 0x39, 0x0f, 0x84, 0xb3, 0x5f, 0xed, 0xf4, 0xff,
+    0x89, 0x52, 0x05, 0x00, 0xf1, 0xd1, 0xc3, 0xcf, 0x54, 0x10,
+    0x24, 0x7c, 0xa6, 0xb5, 0x95, 0xa8, 0x6e, 0x13, 0x3e, 0x4a,
+    0x40, 0x6c, 0xf9, 0x63, 0x90, 0x44, 0x52, 0x07, 0x53, 0xb7,
+    0x51, 0xd9, 0x18, 0x47, 0x2e, 0xb0, 0x4e, 0x0f, 0x09, 0x99,
+    0x3a, 0x97, 0x26, 0x53, 0xa6, 0x02, 0x06, 0x0e, 0x93, 0xe1,
+    0x0b, 0xc5, 0xa9, 0x14, 0xd3, 0xd6, 0x8a, 0x29, 0x75, 0xcd,
+    0xb6, 0x7b, 0x64, 0x7c, 0xdd, 0x7e, 0xb4, 0x0a, 0x87, 0x48,
+    0x4a, 0x1b, 0x0e, 0x74, 0x4c, 0xd3, 0x0e, 0x96, 0x0e, 0x53,
+    0xc4, 0x3d, 0x7b, 0x1c, 0x87, 0x6a, 0x15, 0xd8, 0x77, 0xba,
+    0xe6, 0xa0, 0x2f, 0x2c, 0x1a, 0x9d, 0xde, 0x79, 0xfd, 0xab,
+    0x44, 0x80, 0xf0, 0x37, 0x9a, 0x3b, 0xf8, 0xde, 0x3d, 0x29,
+    0xcb, 0x89, 0x64, 0x4b, 0x57, 0xe7, 0x6b, 0x84, 0x09, 0x27,
+    0x17, 0x2f, 0xb2, 0xba, 0x3d, 0x09, 0xc9, 0x3c, 0x89, 0xe6,
+    0x19, 0x73, 0x83, 0xf7, 0xc6, 0x19, 0x18, 0x96, 0xb2, 0x7d,
+    0x1e, 0x9f, 0x70, 0x1f, 0xfc, 0x1f, 0xe2, 0xb5, 0x69, 0x1e,
+    0xf4, 0x65, 0x91, 0xce, 0x4b, 0xdc, 0x74, 0x49, 0x21, 0x64,
+    0x8b, 0x33, 0x50, 0xd2, 0xc1, 0x33, 0x62, 0x5b, 0xde, 0x0a,
+    0x72, 0xbe, 0xc0, 0x05, 0x51, 0x15, 0x80, 0xed, 0x32, 0x3a,
+    0x64, 0xa2, 0x73, 0x68, 0x5b, 0x16, 0xcf, 0x70, 0x5c, 0x98,
+    0xe5, 0x67, 0x45, 0x60, 0x57, 0x2b, 0x47, 0x0a, 0x22, 0x73,
+    0xc3, 0x56, 0x33, 0x3e, 0x14, 0x1d, 0x0c, 0xd1, 0x03, 0x08,
+    0x92, 0x21, 0x2b, 0xa9, 0x6e, 0x6b, 0xf9, 0x0c, 0x1e, 0x86,
+    0xdd, 0xb5, 0xbb, 0xa4, 0xa5, 0x82, 0x99, 0x98, 0x49, 0x36,
+    0xec, 0x98, 0x98, 0x95, 0xac, 0xc2, 0xa0, 0x1f, 0xa5, 0x7e,
+    0x67, 0xd1, 0xcf, 0x6a, 0xf4, 0x16, 0x08, 0x7a, 0x8d, 0x0b,
+    0xae, 0x12, 0x51, 0xe6, 0x8e, 0xe6, 0xcd, 0xa1, 0xaa, 0x6d,
+    0xe4, 0x54, 0xd4, 0x69, 0x1b, 0x09, 0x6a, 0xba, 0x5e, 0x0b,
+    0x11, 0x9c, 0x83, 0xb3, 0x5c, 0x67, 0xbb, 0x2d, 0xf8, 0x66,
+    0x1c, 0x33, 0xb8, 0x22, 0x58, 0x10, 0x96, 0xe9, 0x99, 0xaf,
+    0x0b, 0x2a, 0xf1, 0xe0, 0xcb, 0x56, 0xfb, 0x6d, 0x04, 0x40,
+    0xec, 0x37, 0x67, 0x1e, 0x08, 0x7a, 0x1c, 0xe9, 0xd8, 0x54,
+    0xf7, 0xd4, 0xc7, 0x3c, 0x45, 0x23, 0x2b, 0x76, 0xd2, 0x62,
+    0xc2, 0x53, 0xce, 0xfe, 0x02, 0xc4, 0xd9, 0xf6, 0x3c, 0xed,
+    0x49, 0x47, 0x21, 0xf9, 0x03, 0x3a, 0xa0, 0x16, 0x3a, 0xfe,
+    0x0c, 0x2f, 0x54, 0x7e, 0x85, 0x29, 0x7b, 0xc0, 0xaf, 0xa8,
+    0x5d, 0x31, 0x25, 0xda, 0xa7, 0xe3, 0x92, 0x1b, 0x64, 0x01,
+    0x1b, 0x3f, 0x6e, 0x47, 0xc5, 0x5a, 0x84, 0x52, 0x17, 0x02,
+    0x82, 0x03, 0xc1, 0x00, 0x81, 0x99, 0x2e, 0x72, 0x41, 0x6e,
+    0x86, 0xeb, 0x6f, 0x42, 0xd1, 0x38, 0x6e, 0xaa, 0x1a, 0xd5,
+    0x0a, 0xad, 0x51, 0xb1, 0xce, 0xd6, 0x35, 0xbe, 0x34, 0xd8,
+    0xc1, 0xe4, 0x5f, 0xdf, 0x2e, 0xe4, 0x90, 0xf2, 0x61, 0x21,
+    0x46, 0xc6, 0xfe, 0xab, 0x0f, 0x6c, 0x97, 0x78, 0xcd, 0x55,
+    0x86, 0x83, 0x61, 0x99, 0x49, 0x14, 0x86, 0xc6, 0x86, 0xf1,
+    0x41, 0x66, 0xc9, 0x39, 0x52, 0x99, 0x49, 0x07, 0xd6, 0x9d,
+    0xb7, 0x40, 0x34, 0x5f, 0xe7, 0x3a, 0xfa, 0x95, 0xeb, 0xa1,
+    0x03, 0xb7, 0x52, 0x71, 0x93, 0x30, 0x0b, 0x51, 0x58, 0x82,
+    0x07, 0x2f, 0x44, 0xa9, 0x4f, 0x9b, 0x1b, 0xf3, 0xd6, 0x21,
+    0x3d, 0x68, 0xef, 0x3f, 0xaf, 0xc2, 0x6f, 0xa0, 0xd5, 0x2b,
+    0xb8, 0x73, 0x84, 0x67, 0x36, 0x8b, 0xa4, 0x25, 0xe0, 0x86,
+    0xd9, 0x14, 0x5c, 0x6c, 0xd8, 0x61, 0xe1, 0x0a, 0x6c, 0xaf,
+    0xbb, 0x9c, 0xf6, 0x74, 0xca, 0x5a, 0x04, 0xac, 0x85, 0xc1,
+    0x1b, 0x4d, 0xf2, 0x07, 0xb6, 0x1e, 0x97, 0x7b, 0x75, 0xdf,
+    0x9b, 0x8a, 0x31, 0xc6, 0x90, 0xd5, 0x8d, 0x39, 0xc2, 0x54,
+    0xf4, 0xe2, 0x83, 0x57, 0x12, 0x19, 0xf5, 0xb2, 0xd2, 0x53,
+    0x81, 0x6d, 0xf0, 0x09, 0xc9, 0x80, 0x8b, 0x07, 0x7c, 0x59,
+    0xcd, 0x78, 0x00, 0xd6, 0x44, 0x7f, 0xe4, 0xdb, 0x77, 0x02,
+    0x00, 0x25, 0x79, 0x91, 0xc9, 0xde, 0xd0, 0xed, 0x3f, 0xfc,
+    0x37, 0x36, 0xea, 0xf0, 0x56, 0x50, 0xe7, 0x38, 0xca, 0xe1,
+    0x67, 0x12, 0x96, 0x55, 0x3e, 0xff, 0x97, 0xe5, 0xa7, 0x03,
+    0x5b, 0x72, 0x80, 0xd6, 0xa5, 0x23, 0x39, 0x78, 0x07, 0xc8,
+    0x83, 0x19, 0x74, 0xfb, 0x79, 0xc2, 0x9e, 0xbd, 0xf9, 0xaf,
+    0x09, 0x0f, 0xbd, 0x3d, 0x34, 0xe8, 0x44, 0x89, 0xb1, 0xf1,
+    0x2b, 0xa5, 0xff, 0x22, 0xc9, 0x47, 0xe2, 0x31, 0xb5, 0x6b,
+    0x8a, 0x65, 0x5f, 0x81, 0x5f, 0x89, 0xb0, 0x03, 0x5d, 0x53,
+    0x0e, 0xdd, 0xfb, 0xe5, 0x70, 0xaa, 0xd2, 0x37, 0x4d, 0xa1,
+    0x7c, 0xf2, 0xe4, 0x7f, 0xf1, 0x4a, 0xaf, 0x12, 0xd1, 0x83,
+    0xdc, 0xb2, 0x9e, 0xc1, 0x95, 0x3d, 0x04, 0x9f, 0xa3, 0xad,
+    0xcc, 0x78, 0x14, 0x9a, 0xf9, 0x58, 0x39, 0x08, 0x15, 0xda,
+    0x1b, 0x94, 0x50, 0x2d, 0x44, 0xc0, 0x23, 0x1c, 0x36, 0x5f,
+    0x16, 0x08, 0xa3, 0xdf, 0x9e, 0x4f, 0xbb, 0x07, 0xcd, 0xe3,
+    0x8c, 0xbf, 0xf1, 0xc3, 0x3e, 0x98, 0xf8, 0x49, 0x79, 0x58,
+    0xc9, 0x0f, 0x47, 0xc0, 0xab, 0x2f, 0x21, 0x63, 0xf6, 0xe6,
+    0xfe, 0x8a, 0xea, 0xbc, 0x32, 0x63, 0xca, 0x75, 0xf8, 0xa4,
+    0x1b, 0x6c, 0xfe, 0x9a, 0x6e, 0x68, 0x1f, 0x48, 0x59, 0xfb,
+    0x34, 0x43, 0x10, 0xd5, 0x0d, 0x80, 0x54, 0xcb, 0x67, 0x21,
+    0xc7, 0x13, 0x85, 0x38, 0x0c, 0xf9, 0x40, 0x2e, 0x2e, 0x4a,
+    0x05, 0x9e, 0x51, 0xae, 0xdd, 0xba, 0x23, 0x83, 0x66, 0x2a,
+    0xbf, 0x7f, 0xca, 0x9c, 0x6c, 0x2d, 0x6b, 0x7d, 0x68, 0x52,
+    0x81, 0x56, 0x2f, 0xea, 0xf9, 0xe7, 0xf1, 0x55, 0x16, 0xfc,
+    0x29, 0xe2, 0xa5, 0x1e, 0x0a, 0x06, 0xe0, 0x85, 0x4e, 0xa6,
+    0x5d, 0x20, 0x9d, 0x2b, 0xa2, 0xad, 0xaa, 0xd6, 0x9b, 0xd2,
+    0x98, 0x29, 0x45, 0x5c, 0x55, 0xc0, 0x91, 0xa2, 0x65, 0xcd,
+    0xac, 0xc6, 0x1a, 0x53, 0xa1, 0x46, 0x13, 0xf9, 0xfe, 0x1a,
+    0xf6, 0xdf, 0xa5, 0x1a, 0x58, 0x7c, 0x81, 0x2e, 0x46, 0x46,
+    0xf7, 0x2f, 0xd6, 0xaa, 0x21, 0xb0, 0x0e, 0x7e, 0xac, 0xb8,
+    0xc6, 0x76, 0x62, 0x82, 0x3b, 0x0a, 0x36, 0xbe, 0x97, 0x16,
+    0xd5, 0x79, 0x55, 0x15, 0x64, 0x2a, 0xbe, 0x19, 0x4e, 0x93,
+    0x3b, 0x44, 0x7c, 0xe2, 0xfc, 0x18, 0x4e, 0x83, 0x37, 0xfb,
+    0x26, 0x78, 0x6d, 0x24, 0x6b, 0x48, 0x21, 0x67, 0xde, 0xf5,
+    0x00, 0x22, 0x9a, 0xec, 0x40, 0x16, 0x96, 0x8a, 0x3f, 0xd5,
+    0xa6, 0x5e, 0x03, 0x84, 0xbb, 0x15, 0x4d, 0x55, 0x71, 0x00,
+    0x90, 0xc2, 0x96, 0x25, 0x01, 0xab, 0xe6, 0x47, 0x44, 0x6f,
+    0xf9, 0x53, 0x80, 0x2b, 0xa8, 0x83, 0xc8, 0x14, 0x77, 0x13,
+    0x00, 0x66, 0xee, 0x7e, 0x7a, 0xa0, 0x28, 0x65, 0xf3, 0x31,
+    0xb6, 0xac, 0xd7, 0x87, 0x84, 0x29, 0xed, 0x5b, 0xcd, 0x74,
+    0xc0, 0x89, 0x51, 0x11, 0x9a, 0xd5, 0x7b, 0xe0, 0x9c, 0xd0,
+    0x8d, 0x72, 0xe3, 0x77, 0xda, 0x0a, 0xc2, 0xdc, 0x6f, 0xad,
+    0x49, 0x03, 0xfa, 0xe6, 0x7e, 0xa6, 0x24, 0x32, 0xe6, 0x8f,
+    0xd9, 0x70, 0xfa, 0x59, 0x70, 0xa9, 0xa3, 0x08, 0x7d, 0x89,
+    0xc4, 0x96, 0x61, 0xc2, 0xf5, 0xe5, 0xb5, 0x3b, 0x0d, 0xec,
+    0xb8, 0x9c, 0xee, 0x09, 0x77, 0x27, 0xbd, 0x35, 0x66, 0x90,
+    0x9e, 0x46, 0xf7, 0xbd, 0xa6, 0xc5, 0x31, 0xd4, 0x6a, 0x52,
+    0x17, 0x5d, 0x0a, 0x0e, 0x2c, 0x34, 0x7a, 0x6a, 0x21, 0xac,
+    0x42, 0xf0, 0x31, 0xde, 0x48, 0xe0, 0x27, 0xd0, 0x79, 0xc9,
+    0x06, 0x94, 0x7b, 0x51, 0x4b, 0x5b, 0x02, 0x6a, 0x19, 0xba,
+    0x71, 0x45, 0x9c, 0xdf, 0xe6, 0x30, 0x9e, 0xaa, 0xad, 0xa1,
+    0x87, 0xf6, 0x37, 0xde, 0xa2, 0x97, 0x68, 0x20, 0x2d, 0x5a,
+    0xdc, 0xdd, 0x91, 0x63, 0x5f, 0x79, 0xda, 0x99, 0x20, 0x3a,
+    0x4b, 0xe5, 0x43, 0x0e, 0x12, 0x70, 0x57, 0x91, 0xfa, 0xee,
+    0xc4, 0xb6, 0xb6, 0xb1, 0xf1, 0x06, 0xbd, 0xcf, 0x8d, 0x2a,
+    0x05, 0xc0, 0x07, 0x23, 0x84, 0x85, 0xef, 0x9c, 0xbb, 0x6f,
+    0x5f, 0x4a, 0x9a, 0x27, 0x9f, 0x9f, 0x32, 0x97, 0xe8, 0x24,
+    0xb9, 0x64, 0x2c, 0x39, 0xff, 0x2f, 0x4b, 0xc4, 0x7e, 0x65,
+    0xfe, 0xbb, 0x5c, 0xa0, 0xb2, 0x6e, 0xc4, 0xb6, 0x93, 0x2b,
+    0x51, 0x9e, 0x2e, 0x1f, 0xd8, 0xcf, 0x60, 0xe0, 0x75, 0x15,
+    0xf9, 0xa0, 0x67, 0x99, 0x88, 0x2b, 0x76, 0xce, 0x41, 0x42,
+    0x10, 0x29, 0x89, 0xbf, 0xca, 0xb7, 0x61, 0x08, 0x94, 0xee,
+    0xa0, 0xb3, 0x3a, 0x09, 0xc5, 0x6f, 0x04, 0xf9, 0x1b, 0xb5,
+    0x64, 0x99, 0x08, 0xe4, 0xcc, 0xce, 0xdf, 0x71, 0x65, 0x8a,
+    0x6d, 0x62, 0xde, 0x76, 0x1d, 0x6d, 0x6b, 0x78, 0x22, 0x32,
+    0x63, 0xdd, 0x53, 0x7d, 0xec, 0xed, 0x9d, 0x82, 0xa9, 0x2c,
+    0x5c, 0x8a, 0x17, 0xdd, 0x85, 0xf9, 0xd2, 0xac, 0x6e, 0x98,
+    0x60, 0x2e, 0x08, 0xd4, 0x06, 0x76, 0xf4, 0x97, 0xca, 0xb1,
+    0x72, 0x50, 0x5b, 0x83, 0xea, 0xbb, 0x39, 0x0f, 0x18, 0xb3,
+    0xb8, 0x03, 0xee, 0x7c, 0x84, 0xa9, 0x69, 0xcd, 0x1d, 0xbd,
+    0xe2, 0xb7, 0xce, 0xe2, 0x6f, 0x03, 0x49, 0x52, 0x67, 0xa0,
+    0x1b, 0x23, 0x43, 0x92, 0x2c, 0x7c, 0x3b, 0x65, 0xe8, 0x61,
+    0x99, 0xde, 0xb5, 0xf1, 0x63, 0x73, 0x92, 0x6c, 0x70, 0x8b,
+    0x83, 0x10, 0xb4, 0x06, 0x2c, 0x99, 0x12, 0x73, 0xec, 0x87,
+    0x92, 0x09, 0x67, 0x96, 0xd6, 0x9c, 0x9f, 0x35, 0x48, 0x48,
+    0x3b, 0x44, 0x00, 0x73, 0x1c, 0x59, 0xeb, 0x81, 0x7b, 0xd1,
+    0xda, 0x76, 0xcf, 0xc2, 0x4d, 0xf1, 0xa2, 0x5b, 0x2f, 0x5f,
+    0x91, 0x29, 0x6e, 0x08, 0x37, 0xd6, 0xaa, 0xd2, 0xf8, 0x4f,
+    0x5e, 0x00, 0x16, 0x52
+};
diff --git a/openssl-1.1.0h/apps/timeouts.h b/openssl-1.1.0h/apps/timeouts.h
new file mode 100644
index 0000000..e023b0a
--- /dev/null
+++ b/openssl-1.1.0h/apps/timeouts.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INCLUDED_TIMEOUTS_H
+# define INCLUDED_TIMEOUTS_H
+
+/* numbers in us */
+# define DGRAM_RCV_TIMEOUT         250000
+# define DGRAM_SND_TIMEOUT         250000
+
+#endif                          /* ! INCLUDED_TIMEOUTS_H */
diff --git a/openssl-1.1.0h/apps/ts.c b/openssl-1.1.0h/apps/ts.c
new file mode 100644
index 0000000..0e07c08
--- /dev/null
+++ b/openssl-1.1.0h/apps/ts.c
@@ -0,0 +1,995 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_TS
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+# include <openssl/ts.h>
+# include <openssl/bn.h>
+
+/* Request nonce length, in bits (must be a multiple of 8). */
+# define NONCE_LENGTH            64
+
+/* Name of config entry that defines the OID file. */
+# define ENV_OID_FILE            "oid_file"
+
+/* Is |EXACTLY_ONE| of three pointers set? */
+# define EXACTLY_ONE(a, b, c) \
+        (( a && !b && !c) || \
+         ( b && !a && !c) || \
+         ( c && !a && !b))
+
+static ASN1_OBJECT *txt2obj(const char *oid);
+static CONF *load_config_file(const char *configfile);
+
+/* Query related functions. */
+static int query_command(const char *data, const char *digest,
+                         const EVP_MD *md, const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text);
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert);
+static int create_digest(BIO *input, const char *digest,
+                         const EVP_MD *md, unsigned char **md_value);
+static ASN1_INTEGER *create_nonce(int bits);
+
+/* Reply related functions. */
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text);
+static TS_RESP *read_PKCS7(BIO *in_bio);
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy);
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
+static ASN1_INTEGER *next_serial(const char *serialfile);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+
+/* Verify related functions. */
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm);
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm);
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm);
+static int verify_cb(int ok, X509_STORE_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
+    OPT_DIGEST, OPT_RAND, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
+    OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
+    OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
+    OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
+    OPT_MD, OPT_V_ENUM
+} OPTION_CHOICE;
+
+OPTIONS ts_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"config", OPT_CONFIG, '<', "Configuration file"},
+    {"section", OPT_SECTION, 's', "Section to use within config file"},
+    {"query", OPT_QUERY, '-', "Generate a TS query"},
+    {"data", OPT_DATA, '<', "File to hash"},
+    {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
+    {"rand", OPT_RAND, 's',
+     "Load the file(s) into the random number generator"},
+    {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
+    {"cert", OPT_CERT, '-', "Put cert request into query"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
+    {"text", OPT_TEXT, '-', "Output text (not DER)"},
+    {"reply", OPT_REPLY, '-', "Generate a TS reply"},
+    {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"inkey", OPT_INKEY, 's', "File with private key for reply"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
+    {"verify", OPT_VERIFY, '-', "Verify a TS response"},
+    {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
+    {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
+    {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+    {"", OPT_MD, '-', "Any supported digest"},
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+    {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
+    OPT_V_OPTIONS,
+    {OPT_HELP_STR, 1, '-', "\n"},
+    {NULL}
+};
+
+/*
+ * This command is so complex, special help is needed.
+ */
+static char* opt_helplist[] = {
+    "Typical uses:",
+    "ts -query [-rand file...] [-config file] [-data file]",
+    "          [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]",
+    "          [-in file] [-out file] [-text]",
+    "  or",
+    "ts -reply [-config file] [-section tsa_section]",
+    "          [-queryfile file] [-passin password]",
+    "          [-signer tsa_cert.pem] [-inkey private_key.pem]",
+    "          [-chain certs_file.pem] [-tspolicy oid]",
+    "          [-in file] [-token_in] [-out file] [-token_out]",
+# ifndef OPENSSL_NO_ENGINE
+    "          [-text] [-engine id]",
+# else
+    "          [-text]",
+# endif
+    "  or",
+    "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
+    "           [-data file] [-digest hexstring]",
+    "           [-queryfile file] -in file [-token_in]",
+    "           [[options specific to 'ts -verify']]",
+    NULL,
+};
+
+int ts_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    const char *CAfile = NULL, *untrusted = NULL, *prog;
+    const char *configfile = default_config_file, *engine = NULL;
+    const char *section = NULL;
+    char **helpp;
+    char *password = NULL;
+    char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
+    char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
+    char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
+    const EVP_MD *md = NULL;
+    OPTION_CHOICE o, mode = OPT_ERR;
+    int ret = 1, no_nonce = 0, cert = 0, text = 0;
+    int vpmtouched = 0;
+    X509_VERIFY_PARAM *vpm = NULL;
+    /* Input is ContentInfo instead of TimeStampResp. */
+    int token_in = 0;
+    /* Output is ContentInfo instead of TimeStampResp. */
+    int token_out = 0;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, ts_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ts_options);
+            for (helpp = opt_helplist; *helpp; ++helpp)
+                BIO_printf(bio_err, "%s\n", *helpp);
+            ret = 0;
+            goto end;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_SECTION:
+            section = opt_arg();
+            break;
+        case OPT_QUERY:
+        case OPT_REPLY:
+        case OPT_VERIFY:
+            if (mode != OPT_ERR)
+                goto opthelp;
+            mode = o;
+            break;
+        case OPT_DATA:
+            data = opt_arg();
+            break;
+        case OPT_DIGEST:
+            digest = opt_arg();
+            break;
+        case OPT_RAND:
+            rnd = opt_arg();
+            break;
+        case OPT_TSPOLICY:
+            policy = opt_arg();
+            break;
+        case OPT_NO_NONCE:
+            no_nonce = 1;
+            break;
+        case OPT_CERT:
+            cert = 1;
+            break;
+        case OPT_IN:
+            in = opt_arg();
+            break;
+        case OPT_TOKEN_IN:
+            token_in = 1;
+            break;
+        case OPT_OUT:
+            out = opt_arg();
+            break;
+        case OPT_TOKEN_OUT:
+            token_out = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_QUERYFILE:
+            queryfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passin = opt_arg();
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signer = opt_arg();
+            break;
+        case OPT_CHAIN:
+            chain = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_UNTRUSTED:
+            untrusted = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md))
+                goto opthelp;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        }
+    }
+    if (mode == OPT_ERR || opt_num_rest() != 0)
+        goto opthelp;
+
+    /* Seed the random number generator if it is going to be used. */
+    if (mode == OPT_QUERY && !no_nonce) {
+        if (!app_RAND_load_file(NULL, 1) && rnd == NULL)
+            BIO_printf(bio_err, "warning, not much extra random "
+                       "data, consider using the -rand option\n");
+        if (rnd != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(rnd));
+    }
+
+    if (mode == OPT_REPLY && passin &&
+        !app_passwd(passin, NULL, &password, NULL)) {
+        BIO_printf(bio_err, "Error getting password.\n");
+        goto end;
+    }
+
+    conf = load_config_file(configfile);
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Check parameter consistency and execute the appropriate function. */
+    switch (mode) {
+    default:
+    case OPT_ERR:
+        goto opthelp;
+    case OPT_QUERY:
+        if (vpmtouched)
+            goto opthelp;
+        if ((data != NULL) && (digest != NULL))
+            goto opthelp;
+        ret = !query_command(data, digest, md, policy, no_nonce, cert,
+                             in, out, text);
+        break;
+    case OPT_REPLY:
+        if (vpmtouched)
+            goto opthelp;
+        if ((in != NULL) && (queryfile != NULL))
+            goto opthelp;
+        if (in == NULL) {
+            if ((conf == NULL) || (token_in != 0))
+                goto opthelp;
+        }
+        ret = !reply_command(conf, section, engine, queryfile,
+                             password, inkey, md, signer, chain, policy,
+                             in, token_in, out, token_out, text);
+        break;
+    case OPT_VERIFY:
+        if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
+            goto opthelp;
+        ret = !verify_command(data, digest, queryfile, in, token_in,
+                              CApath, CAfile, untrusted,
+                              vpmtouched ? vpm : NULL);
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    app_RAND_write_file(NULL);
+    NCONF_free(conf);
+    OPENSSL_free(password);
+    return (ret);
+}
+
+/*
+ * Configuration file-related function definitions.
+ */
+
+static ASN1_OBJECT *txt2obj(const char *oid)
+{
+    ASN1_OBJECT *oid_obj = NULL;
+
+    if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL)
+        BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
+
+    return oid_obj;
+}
+
+static CONF *load_config_file(const char *configfile)
+{
+    CONF *conf = app_load_config(configfile);
+
+    if (conf != NULL) {
+        const char *p;
+
+        BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+        p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
+        if (p != NULL) {
+            BIO *oid_bio = BIO_new_file(p, "r");
+            if (!oid_bio)
+                ERR_print_errors(bio_err);
+            else {
+                OBJ_create_objects(oid_bio);
+                BIO_free_all(oid_bio);
+            }
+        } else
+            ERR_clear_error();
+        if (!add_oid_section(conf))
+            ERR_print_errors(bio_err);
+    }
+    return conf;
+}
+
+/*
+ * Query-related method definitions.
+ */
+static int query_command(const char *data, const char *digest, const EVP_MD *md,
+                         const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text)
+{
+    int ret = 0;
+    TS_REQ *query = NULL;
+    BIO *in_bio = NULL;
+    BIO *data_bio = NULL;
+    BIO *out_bio = NULL;
+
+    /* Build query object. */
+    if (in != NULL) {
+        if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = d2i_TS_REQ_bio(in_bio, NULL);
+    } else {
+        if (digest == NULL
+            && (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = create_query(data_bio, digest, md, policy, no_nonce, cert);
+    }
+    if (query == NULL)
+        goto end;
+
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+            goto end;
+        if (!TS_REQ_print_bio(out_bio, query))
+            goto end;
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (!i2d_TS_REQ_bio(out_bio, query))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(data_bio);
+    BIO_free_all(out_bio);
+    TS_REQ_free(query);
+    return ret;
+}
+
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert)
+{
+    int ret = 0;
+    TS_REQ *ts_req = NULL;
+    int len;
+    TS_MSG_IMPRINT *msg_imprint = NULL;
+    X509_ALGOR *algo = NULL;
+    unsigned char *data = NULL;
+    ASN1_OBJECT *policy_obj = NULL;
+    ASN1_INTEGER *nonce_asn1 = NULL;
+
+    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+        goto err;
+    if ((ts_req = TS_REQ_new()) == NULL)
+        goto err;
+    if (!TS_REQ_set_version(ts_req, 1))
+        goto err;
+    if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
+        goto err;
+    if ((algo = X509_ALGOR_new()) == NULL)
+        goto err;
+    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
+        goto err;
+    if ((algo->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    algo->parameter->type = V_ASN1_NULL;
+    if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
+        goto err;
+    if ((len = create_digest(data_bio, digest, md, &data)) == 0)
+        goto err;
+    if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
+        goto err;
+    if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
+        goto err;
+    if (policy && (policy_obj = txt2obj(policy)) == NULL)
+        goto err;
+    if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
+        goto err;
+
+    /* Setting nonce if requested. */
+    if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
+        goto err;
+    if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
+        goto err;
+    if (!TS_REQ_set_cert_req(ts_req, cert))
+        goto err;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        TS_REQ_free(ts_req);
+        ts_req = NULL;
+        BIO_printf(bio_err, "could not create query\n");
+        ERR_print_errors(bio_err);
+    }
+    TS_MSG_IMPRINT_free(msg_imprint);
+    X509_ALGOR_free(algo);
+    OPENSSL_free(data);
+    ASN1_OBJECT_free(policy_obj);
+    ASN1_INTEGER_free(nonce_asn1);
+    return ts_req;
+}
+
+static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
+                         unsigned char **md_value)
+{
+    int md_value_len;
+    int rv = 0;
+    EVP_MD_CTX *md_ctx = NULL;
+
+    md_value_len = EVP_MD_size(md);
+    if (md_value_len < 0)
+        return 0;
+
+    if (input) {
+        unsigned char buffer[4096];
+        int length;
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL)
+            return 0;
+        *md_value = app_malloc(md_value_len, "digest buffer");
+        if (!EVP_DigestInit(md_ctx, md))
+            goto err;
+        while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+            if (!EVP_DigestUpdate(md_ctx, buffer, length))
+                goto err;
+        }
+        if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
+            goto err;
+        md_value_len = EVP_MD_size(md);
+    } else {
+        long digest_len;
+        *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
+        if (!*md_value || md_value_len != digest_len) {
+            OPENSSL_free(*md_value);
+            *md_value = NULL;
+            BIO_printf(bio_err, "bad digest, %d bytes "
+                       "must be specified\n", md_value_len);
+            return 0;
+        }
+    }
+    rv = md_value_len;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return rv;
+}
+
+static ASN1_INTEGER *create_nonce(int bits)
+{
+    unsigned char buf[20];
+    ASN1_INTEGER *nonce = NULL;
+    int len = (bits - 1) / 8 + 1;
+    int i;
+
+    if (len > (int)sizeof(buf))
+        goto err;
+    if (RAND_bytes(buf, len) <= 0)
+        goto err;
+
+    /* Find the first non-zero byte and creating ASN1_INTEGER object. */
+    for (i = 0; i < len && !buf[i]; ++i)
+        continue;
+    if ((nonce = ASN1_INTEGER_new()) == NULL)
+        goto err;
+    OPENSSL_free(nonce->data);
+    nonce->length = len - i;
+    nonce->data = app_malloc(nonce->length + 1, "nonce buffer");
+    memcpy(nonce->data, buf + i, nonce->length);
+    return nonce;
+
+ err:
+    BIO_printf(bio_err, "could not create nonce\n");
+    ASN1_INTEGER_free(nonce);
+    return NULL;
+}
+
+/*
+ * Reply-related method definitions.
+ */
+
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *in_bio = NULL;
+    BIO *query_bio = NULL;
+    BIO *inkey_bio = NULL;
+    BIO *signer_bio = NULL;
+    BIO *out_bio = NULL;
+
+    if (in != NULL) {
+        if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+            goto end;
+        if (token_in) {
+            response = read_PKCS7(in_bio);
+        } else {
+            response = d2i_TS_RESP_bio(in_bio, NULL);
+        }
+    } else {
+        response = create_response(conf, section, engine, queryfile,
+                                   passin, inkey, md, signer, chain, policy);
+        if (response)
+            BIO_printf(bio_err, "Response has been generated.\n");
+        else
+            BIO_printf(bio_err, "Response is not generated.\n");
+    }
+    if (response == NULL)
+        goto end;
+
+    /* Write response. */
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+        goto end;
+        if (token_out) {
+            TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+            if (!TS_TST_INFO_print_bio(out_bio, tst_info))
+                goto end;
+        } else {
+            if (!TS_RESP_print_bio(out_bio, response))
+                goto end;
+        }
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (token_out) {
+            PKCS7 *token = TS_RESP_get_token(response);
+            if (!i2d_PKCS7_bio(out_bio, token))
+                goto end;
+        } else {
+            if (!i2d_TS_RESP_bio(out_bio, response))
+                goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(query_bio);
+    BIO_free_all(inkey_bio);
+    BIO_free_all(signer_bio);
+    BIO_free_all(out_bio);
+    TS_RESP_free(response);
+    return ret;
+}
+
+/* Reads a PKCS7 token and adds default 'granted' status info to it. */
+static TS_RESP *read_PKCS7(BIO *in_bio)
+{
+    int ret = 0;
+    PKCS7 *token = NULL;
+    TS_TST_INFO *tst_info = NULL;
+    TS_RESP *resp = NULL;
+    TS_STATUS_INFO *si = NULL;
+
+    if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+        goto end;
+    if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL)
+        goto end;
+    if ((resp = TS_RESP_new()) == NULL)
+        goto end;
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto end;
+    if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
+        goto end;
+    if (!TS_RESP_set_status_info(resp, si))
+        goto end;
+    TS_RESP_set_tst_info(resp, token, tst_info);
+    token = NULL;               /* Ownership is lost. */
+    tst_info = NULL;            /* Ownership is lost. */
+    ret = 1;
+
+ end:
+    PKCS7_free(token);
+    TS_TST_INFO_free(tst_info);
+    if (!ret) {
+        TS_RESP_free(resp);
+        resp = NULL;
+    }
+    TS_STATUS_INFO_free(si);
+    return resp;
+}
+
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *query_bio = NULL;
+    TS_RESP_CTX *resp_ctx = NULL;
+
+    if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL)
+        goto end;
+    if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
+        goto end;
+    if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
+        goto end;
+    if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
+        goto end;
+# ifndef OPENSSL_NO_ENGINE
+    if (!TS_CONF_set_crypto_device(conf, section, engine))
+        goto end;
+# endif
+    if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
+        goto end;
+
+    if (md) {
+        if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
+            goto end;
+    } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
+            goto end;
+    }
+
+    if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_policies(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_digests(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ordering(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
+        goto end;
+    if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL)
+        goto end;
+    ret = 1;
+
+ end:
+    if (!ret) {
+        TS_RESP_free(response);
+        response = NULL;
+    }
+    TS_RESP_CTX_free(resp_ctx);
+    BIO_free_all(query_bio);
+    return response;
+}
+
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
+{
+    const char *serial_file = (const char *)data;
+    ASN1_INTEGER *serial = next_serial(serial_file);
+
+    if (!serial) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Error during serial number "
+                                    "generation.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
+    } else
+        save_ts_serial(serial_file, serial);
+
+    return serial;
+}
+
+static ASN1_INTEGER *next_serial(const char *serialfile)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    ASN1_INTEGER *serial = NULL;
+    BIGNUM *bn = NULL;
+
+    if ((serial = ASN1_INTEGER_new()) == NULL)
+        goto err;
+
+    if ((in = BIO_new_file(serialfile, "r")) == NULL) {
+        ERR_clear_error();
+        BIO_printf(bio_err, "Warning: could not open file %s for "
+                   "reading, using serial number: 1\n", serialfile);
+        if (!ASN1_INTEGER_set(serial, 1))
+            goto err;
+    } else {
+        char buf[1024];
+        if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
+            goto err;
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+        if (!BN_add_word(bn, 1))
+            goto err;
+        if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (!ret) {
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+    }
+    BIO_free_all(in);
+    BN_free(bn);
+    return serial;
+}
+
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
+{
+    int ret = 0;
+    BIO *out = NULL;
+
+    if ((out = BIO_new_file(serialfile, "w")) == NULL)
+        goto err;
+    if (i2a_ASN1_INTEGER(out, serial) <= 0)
+        goto err;
+    if (BIO_puts(out, "\n") <= 0)
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        BIO_printf(bio_err, "could not save serial number to %s\n",
+                   serialfile);
+    BIO_free_all(out);
+    return ret;
+}
+
+
+/*
+ * Verify-related method definitions.
+ */
+
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm)
+{
+    BIO *in_bio = NULL;
+    PKCS7 *token = NULL;
+    TS_RESP *response = NULL;
+    TS_VERIFY_CTX *verify_ctx = NULL;
+    int ret = 0;
+
+    if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+        goto end;
+    if (token_in) {
+        if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+            goto end;
+    } else {
+        if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
+            goto end;
+    }
+
+    if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
+                                        CApath, CAfile, untrusted,
+                                        vpm)) == NULL)
+        goto end;
+
+    ret = token_in
+        ? TS_RESP_verify_token(verify_ctx, token)
+        : TS_RESP_verify_response(verify_ctx, response);
+
+ end:
+    printf("Verification: ");
+    if (ret)
+        printf("OK\n");
+    else {
+        printf("FAILED\n");
+        ERR_print_errors(bio_err);
+    }
+
+    BIO_free_all(in_bio);
+    PKCS7_free(token);
+    TS_RESP_free(response);
+    TS_VERIFY_CTX_free(verify_ctx);
+    return ret;
+}
+
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm)
+{
+    TS_VERIFY_CTX *ctx = NULL;
+    BIO *input = NULL;
+    TS_REQ *request = NULL;
+    int ret = 0;
+    int f = 0;
+
+    if (data != NULL || digest != NULL) {
+        if ((ctx = TS_VERIFY_CTX_new()) == NULL)
+            goto err;
+        f = TS_VFY_VERSION | TS_VFY_SIGNER;
+        if (data != NULL) {
+            BIO *out = NULL;
+
+            f |= TS_VFY_DATA;
+            if ((out = BIO_new_file(data, "rb")) == NULL)
+                goto err;
+            if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) {
+                BIO_free_all(out);
+                goto err;
+            }
+        } else if (digest != NULL) {
+            long imprint_len;
+            unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
+            f |= TS_VFY_IMPRINT;
+            if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
+                BIO_printf(bio_err, "invalid digest string\n");
+                goto err;
+            }
+        }
+
+    } else if (queryfile != NULL) {
+        if ((input = BIO_new_file(queryfile, "rb")) == NULL)
+            goto err;
+        if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
+            goto err;
+        if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
+            goto err;
+    } else
+        return NULL;
+
+    /* Add the signature verification flag and arguments. */
+    TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
+
+    /* Initialising the X509_STORE object. */
+    if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
+            == NULL)
+        goto err;
+
+    /* Loading untrusted certificates. */
+    if (untrusted
+        && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TS_VERIFY_CTX_free(ctx);
+        ctx = NULL;
+    }
+    BIO_free_all(input);
+    TS_REQ_free(request);
+    return ctx;
+}
+
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm)
+{
+    X509_STORE *cert_ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    int i;
+
+    cert_ctx = X509_STORE_new();
+    X509_STORE_set_verify_cb(cert_ctx, verify_cb);
+    if (CApath != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+            goto err;
+        }
+    }
+
+    if (CAfile != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+            goto err;
+        }
+    }
+
+    if (vpm != NULL)
+        X509_STORE_set1_param(cert_ctx, vpm);
+
+    return cert_ctx;
+
+ err:
+    X509_STORE_free(cert_ctx);
+    return NULL;
+}
+
+static int verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+    return ok;
+}
+#endif  /* ndef OPENSSL_NO_TS */
diff --git a/openssl-1.1.0h/apps/tsget.in b/openssl-1.1.0h/apps/tsget.in
new file mode 100644
index 0000000..c6193e5
--- /dev/null
+++ b/openssl-1.1.0h/apps/tsget.in
@@ -0,0 +1,200 @@
+#!{- $config{hashbangperl} -}
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::Easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+    my ($maxlength, $state) = @_;
+    my $return_data = "";
+    my $data_len = length ${$state->{data}};
+    if ($state->{bytes} < $data_len) {
+	$data_len = $data_len - $state->{bytes};
+	$data_len = $maxlength if $data_len > $maxlength;
+	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+	$state->{bytes} += $data_len;
+    }
+    return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+    my ($data, $pointer) = @_;
+    ${$pointer} .= $data;
+    return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+    my $url = shift;
+
+    # Create Curl object.
+    my $curl = WWW::Curl::Easy::new();
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+    $curl->setopt(CURLOPT_FAILONERROR, 1);
+    $curl->setopt(CURLOPT_USERAGENT,
+        "OpenTSA tsget.pl/openssl-{- $config{version} -}");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_UPLOAD, 1);
+    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+    $curl->setopt(CURLOPT_HTTPHEADER,
+		["Content-Type: application/timestamp-query",
+		"Accept: application/timestamp-reply,application/timestamp-response"]);
+    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+    # SSL related options.
+    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
+    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
+    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+    # Setting destination.
+    $curl->setopt(CURLOPT_URL, $url);
+
+    return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+    my $curl = shift;
+    my $body = shift;
+    my $ts_body;
+    local $::error_buf;
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+    # Send the request...
+    my $error_code = $curl->perform();
+    my $error_string;
+    if ($error_code != 0) {
+        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+	$error_string = "could not get timestamp";
+	$error_string .= ", http code: $http_code" unless $http_code == 0;
+	$error_string .= ", curl code: $error_code";
+	$error_string .= " ($::error_buf)" if defined($::error_buf);
+    } else {
+        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+	if (lc($ct) ne "application/timestamp-reply"
+	    && lc($ct) ne "application/timestamp-response") {
+	    $error_string = "unexpected content type returned: $ct";
+        }
+    }
+    return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+    exit 1;
+}
+
+# ----------------------------------------------------------------------
+#   Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+    my @old_argv = @ARGV;
+    @ARGV = split /\s+/, $ENV{TSGET};
+    getopts($getopt_arg, \%options) or usage;
+    @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+    || (@ARGV > 1 && exists($options{o}))) {
+    print STDERR "Inconsistent command line options.\n";
+    usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/;   # For reading whole files.
+REQUEST: foreach (@ARGV) {
+    my $input = $_;
+    my ($base, $path) = fileparse($input, '\.[^.]*');
+    my $output_base = $base . $options{e};
+    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+    STDERR->printflush("$input: ") if $options{v};
+    # Read request.
+    my $body;
+    if ($input eq "-") {
+	# Read the request from STDIN;
+	$body = <STDIN>;
+    } else {
+	# Read the request from file.
+        open INPUT, "<" . $input
+	    or warn("$input: could not open input file: $!\n"), next REQUEST;
+        $body = <INPUT>;
+        close INPUT
+	    or warn("$input: could not close input file: $!\n"), next REQUEST;
+    }
+
+    # Send request.
+    STDERR->printflush("sending request") if $options{v};
+
+    my ($ts_body, $error) = get_timestamp $curl, \$body;
+    if (defined($error)) {
+	die "$input: fatal error: $error\n";
+    }
+    STDERR->printflush(", reply received") if $options{v};
+
+    # Write response.
+    if ($output eq "-") {
+	# Write to STDOUT.
+        print $ts_body;
+    } else {
+	# Write to file.
+        open OUTPUT, ">", $output
+	    or warn("$output: could not open output file: $!\n"), next REQUEST;
+        print OUTPUT $ts_body;
+        close OUTPUT
+	    or warn("$output: could not close output file: $!\n"), next REQUEST;
+    }
+    STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
diff --git a/openssl-1.1.0h/apps/verify.c b/openssl-1.1.0h/apps/verify.c
new file mode 100644
index 0000000..0925ee6
--- /dev/null
+++ b/openssl-1.1.0h/apps/verify.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+static int cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain);
+static int v_verbose = 0, vflags = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE,
+    OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
+    OPT_V_ENUM,
+    OPT_VERBOSE
+} OPTION_CHOICE;
+
+OPTIONS verify_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-',
+        "Print extra information about the operations being performed."},
+    {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
+    {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
+    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
+    {"CRLfile", OPT_CRLFILE, '<',
+        "File containing one or more CRL's (in PEM format) to load"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+        "Attempt to download CRL information for this certificate"},
+    {"show_chain", OPT_SHOW_CHAIN, '-',
+        "Display information about the certificate chain"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int verify_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *prog, *CApath = NULL, *CAfile = NULL;
+    int noCApath = 0, noCAfile = 0;
+    int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, verify_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(verify_options);
+            BIO_printf(bio_err, "Recognized usages:\n");
+            for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+                X509_PURPOSE *ptmp;
+                ptmp = X509_PURPOSE_get0(i);
+                BIO_printf(bio_err, "\t%-10s\t%s\n",
+                        X509_PURPOSE_get0_sname(ptmp),
+                        X509_PURPOSE_get0_name(ptmp));
+            }
+
+            BIO_printf(bio_err, "Recognized verify names:\n");
+            for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
+                const X509_VERIFY_PARAM *vptmp;
+                vptmp = X509_VERIFY_PARAM_get0(i);
+                BIO_printf(bio_err, "\t%-10s\n",
+                        X509_VERIFY_PARAM_get0_name(vptmp));
+            }
+            ret = 0;
+            goto end;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_UNTRUSTED:
+            /* Zero or more times */
+            if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
+                            "untrusted certificates"))
+                goto end;
+            break;
+        case OPT_TRUSTED:
+            /* Zero or more times */
+            noCAfile = 1;
+            noCApath = 1;
+            if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
+                            "trusted certificates"))
+                goto end;
+            break;
+        case OPT_CRLFILE:
+            /* Zero or more times */
+            if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
+                           "other CRLs"))
+                goto end;
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_ENGINE:
+            if ((e = setup_engine(opt_arg(), 0)) == NULL) {
+                /* Failure message already displayed */
+                goto end;
+            }
+            break;
+        case OPT_SHOW_CHAIN:
+            show_chain = 1;
+            break;
+        case OPT_VERBOSE:
+            v_verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (trusted != NULL && (CAfile || CApath)) {
+        BIO_printf(bio_err,
+                   "%s: Cannot use -trusted with -CAfile or -CApath\n",
+                   prog);
+        goto end;
+    }
+
+    if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(store, cb);
+
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+
+    ERR_clear_error();
+
+    if (crl_download)
+        store_setup_crl_download(store);
+
+    ret = 0;
+    if (argc < 1) {
+        if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
+            ret = -1;
+    } else {
+        for (i = 0; i < argc; i++)
+            if (check(store, argv[i], untrusted, trusted, crls,
+                      show_chain) != 1)
+                ret = -1;
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    X509_STORE_free(store);
+    sk_X509_pop_free(untrusted, X509_free);
+    sk_X509_pop_free(trusted, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    release_engine(e);
+    return (ret < 0 ? 2 : ret);
+}
+
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain)
+{
+    X509 *x = NULL;
+    int i = 0, ret = 0;
+    X509_STORE_CTX *csc;
+    STACK_OF(X509) *chain = NULL;
+    int num_untrusted;
+
+    x = load_cert(file, FORMAT_PEM, "certificate file");
+    if (x == NULL)
+        goto end;
+
+    csc = X509_STORE_CTX_new();
+    if (csc == NULL) {
+        printf("error %s: X.509 store context allocation failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+
+    X509_STORE_set_flags(ctx, vflags);
+    if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+        printf("error %s: X.509 store context initialization failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+    if (tchain)
+        X509_STORE_CTX_set0_trusted_stack(csc, tchain);
+    if (crls)
+        X509_STORE_CTX_set0_crls(csc, crls);
+    i = X509_verify_cert(csc);
+    if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
+        printf("%s: OK\n", (file == NULL) ? "stdin" : file);
+        ret = 1;
+        if (show_chain) {
+            int j;
+
+            chain = X509_STORE_CTX_get1_chain(csc);
+            num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+            printf("Chain:\n");
+            for (j = 0; j < sk_X509_num(chain); j++) {
+                X509 *cert = sk_X509_value(chain, j);
+                printf("depth=%d: ", j);
+                X509_NAME_print_ex_fp(stdout,
+                                      X509_get_subject_name(cert),
+                                      0, XN_FLAG_ONELINE);
+                if (j < num_untrusted)
+                    printf(" (untrusted)");
+                printf("\n");
+            }
+            sk_X509_pop_free(chain, X509_free);
+        }
+    } else {
+        printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
+    }
+    X509_STORE_CTX_free(csc);
+
+ end:
+    if (i <= 0)
+        ERR_print_errors(bio_err);
+    X509_free(x);
+
+    return ret;
+}
+
+static int cb(int ok, X509_STORE_CTX *ctx)
+{
+    int cert_error = X509_STORE_CTX_get_error(ctx);
+    X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+    if (!ok) {
+        if (current_cert) {
+            X509_NAME_print_ex(bio_err,
+                            X509_get_subject_name(current_cert),
+                            0, XN_FLAG_ONELINE);
+            BIO_printf(bio_err, "\n");
+        }
+        BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
+               X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
+               cert_error,
+               X509_STORE_CTX_get_error_depth(ctx),
+               X509_verify_cert_error_string(cert_error));
+        switch (cert_error) {
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+            policies_print(ctx);
+            /* fall thru */
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+
+            /*
+             * since we are just checking the certificates, it is ok if they
+             * are self signed. But we should still warn the user.
+             */
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+            /* Continue after extension errors too */
+        case X509_V_ERR_INVALID_CA:
+        case X509_V_ERR_INVALID_NON_CA:
+        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        case X509_V_ERR_INVALID_PURPOSE:
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+            ok = 1;
+        }
+
+        return ok;
+
+    }
+    if (cert_error == X509_V_OK && ok == 2)
+        policies_print(ctx);
+    if (!v_verbose)
+        ERR_clear_error();
+    return (ok);
+}
diff --git a/openssl-1.1.0h/apps/version.c b/openssl-1.1.0h/apps/version.c
new file mode 100644
index 0000000..2f8be36
--- /dev/null
+++ b/openssl-1.1.0h/apps/version.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A
+} OPTION_CHOICE;
+
+OPTIONS version_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"a", OPT_A, '-', "Show all data"},
+    {"b", OPT_B, '-', "Show build date"},
+    {"d", OPT_D, '-', "Show configuration directory"},
+    {"e", OPT_E, '-', "Show engines directory"},
+    {"f", OPT_F, '-', "Show compiler flags used"},
+    {"o", OPT_O, '-', "Show some internal datatype options"},
+    {"p", OPT_P, '-', "Show target build platform"},
+    {"v", OPT_V, '-', "Show library version"},
+    {NULL}
+};
+
+int version_main(int argc, char **argv)
+{
+    int ret = 1, dirty = 0;
+    int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+    int engdir = 0;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, version_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(version_options);
+            ret = 0;
+            goto end;
+        case OPT_B:
+            dirty = date = 1;
+            break;
+        case OPT_D:
+            dirty = dir = 1;
+            break;
+        case OPT_E:
+            dirty = engdir = 1;
+            break;
+        case OPT_F:
+            dirty = cflags = 1;
+            break;
+        case OPT_O:
+            dirty = options = 1;
+            break;
+        case OPT_P:
+            dirty = platform = 1;
+            break;
+        case OPT_V:
+            dirty = version = 1;
+            break;
+        case OPT_A:
+            options = cflags = version = date = platform = dir = engdir = 1;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra parameters given.\n");
+        goto opthelp;
+    }
+    if (!dirty)
+        version = 1;
+
+    if (version) {
+        if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER) {
+            printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        } else {
+            printf("%s (Library: %s)\n",
+                   OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
+        }
+    }
+    if (date)
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+    if (platform)
+        printf("%s\n", OpenSSL_version(OPENSSL_PLATFORM));
+    if (options) {
+        printf("options:  ");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n");
+    }
+    if (cflags)
+        printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    if (dir)
+        printf("%s\n", OpenSSL_version(OPENSSL_DIR));
+    if (engdir)
+        printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+    ret = 0;
+ end:
+    return (ret);
+}
diff --git a/openssl-1.1.0h/apps/vms_decc_init.c b/openssl-1.1.0h/apps/vms_decc_init.c
new file mode 100644
index 0000000..f83f716
--- /dev/null
+++ b/openssl-1.1.0h/apps/vms_decc_init.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+ defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
+# define USE_DECC_INIT 1
+#endif
+
+#ifdef USE_DECC_INIT
+
+/*
+ * ----------------------------------------------------------------------
+ * decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection
+ * of C RTL features without using the DECC$* logical name method.
+ * ----------------------------------------------------------------------
+ */
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <unixlib.h>
+
+# include "apps.h"
+
+/* Global storage. */
+
+/* Flag to sense if decc_init() was called. */
+
+int decc_init_done = -1;
+
+/* Structure to hold a DECC$* feature name and its desired value. */
+
+typedef struct {
+    char *name;
+    int value;
+} decc_feat_t;
+
+/*
+ * Array of DECC$* feature names and their desired values. Note:
+ * DECC$ARGV_PARSE_STYLE is the urgent one.
+ */
+
+decc_feat_t decc_feat_array[] = {
+    /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
+    {"DECC$ARGV_PARSE_STYLE", 1},
+
+    /* Preserve case for file names on ODS5 disks. */
+    {"DECC$EFS_CASE_PRESERVE", 1},
+
+    /*
+     * Enable multiple dots (and most characters) in ODS5 file names, while
+     * preserving VMS-ness of ";version".
+     */
+    {"DECC$EFS_CHARSET", 1},
+
+    /* List terminator. */
+    {(char *)NULL, 0}
+};
+
+
+char **copy_argv(int *argc, char *argv[])
+{
+    /*-
+     * The note below is for historical purpose.  On VMS now we always
+     * copy argv "safely."
+     *
+     * 2011-03-22 SMS.
+     * If we have 32-bit pointers everywhere, then we're safe, and
+     * we bypass this mess, as on non-VMS systems.
+     * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+     * pointers for argv[].
+     * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+     * everywhere else, we always allocate and use a 64-bit
+     * duplicate of argv[].
+     * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+     * to NULL-terminate a 64-bit argv[].  (As this was written, the
+     * compiler ECO was available only on IA64.)
+     * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+     * 64-bit argv[argc] for NULL, and, if necessary, use a
+     * (properly) NULL-terminated (64-bit) duplicate of argv[].
+     * The same code is used in either case to duplicate argv[].
+     * Some of these decisions could be handled in preprocessing,
+     * but the code tends to get even uglier, and the penalty for
+     * deciding at compile- or run-time is tiny.
+     */
+
+    int i, count = *argc;
+    char **newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy");
+
+    for (i = 0; i < count; i++)
+        newargv[i] = argv[i];
+    newargv[i] = NULL;
+    *argc = i;
+    return newargv;
+}
+
+/* LIB$INITIALIZE initialization function. */
+
+static void decc_init(void)
+{
+    char *openssl_debug_decc_init;
+    int verbose = 0;
+    int feat_index;
+    int feat_value;
+    int feat_value_max;
+    int feat_value_min;
+    int i;
+    int sts;
+
+    /* Get debug option. */
+    openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
+    if (openssl_debug_decc_init != NULL) {
+        verbose = strtol(openssl_debug_decc_init, NULL, 10);
+        if (verbose <= 0) {
+            verbose = 1;
+        }
+    }
+
+    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
+    decc_init_done = 1;
+
+    /* Loop through all items in the decc_feat_array[]. */
+
+    for (i = 0; decc_feat_array[i].name != NULL; i++) {
+        /* Get the feature index. */
+        feat_index = decc$feature_get_index(decc_feat_array[i].name);
+        if (feat_index >= 0) {
+            /* Valid item.  Collect its properties. */
+            feat_value = decc$feature_get_value(feat_index, 1);
+            feat_value_min = decc$feature_get_value(feat_index, 2);
+            feat_value_max = decc$feature_get_value(feat_index, 3);
+
+            /* Check the validity of our desired value. */
+            if ((decc_feat_array[i].value >= feat_value_min) &&
+                (decc_feat_array[i].value <= feat_value_max)) {
+                /* Valid value.  Set it if necessary. */
+                if (feat_value != decc_feat_array[i].value) {
+                    sts = decc$feature_set_value(feat_index,
+                                                 1, decc_feat_array[i].value);
+
+                    if (verbose > 1) {
+                        fprintf(stderr, " %s = %d, sts = %d.\n",
+                                decc_feat_array[i].name,
+                                decc_feat_array[i].value, sts);
+                    }
+                }
+            } else {
+                /* Invalid DECC feature value. */
+                fprintf(stderr,
+                        " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+                        feat_value,
+                        feat_value_min, decc_feat_array[i].name,
+                        feat_value_max);
+            }
+        } else {
+            /* Invalid DECC feature name. */
+            fprintf(stderr,
+                    " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
+        }
+    }
+
+    if (verbose > 0) {
+        fprintf(stderr, " DECC_INIT complete.\n");
+    }
+}
+
+/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
+
+# pragma nostandard
+
+/*
+ * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
+ * attributes.  Note that "nopic" is significant only on VAX.
+ */
+# pragma extern_model save
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define PSECT_ALIGN 3
+# else
+#  define PSECT_ALIGN 2
+# endif
+
+# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+const int spare[8] = { 0 };
+
+# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init) () = decc_init;
+
+# pragma extern_model restore
+
+/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
+
+# pragma extern_model save
+
+int LIB$INITIALIZE(void);
+
+# pragma extern_model strict_refdef
+int dmy_lib$initialize = (int)LIB$INITIALIZE;
+
+# pragma extern_model restore
+
+# pragma standard
+
+#else                           /* def USE_DECC_INIT */
+
+/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
+int decc_init_dummy(void);
+
+#endif                          /* def USE_DECC_INIT */
diff --git a/openssl-1.1.0h/apps/vms_term_sock.c b/openssl-1.1.0h/apps/vms_term_sock.c
new file mode 100644
index 0000000..bc0c173
--- /dev/null
+++ b/openssl-1.1.0h/apps/vms_term_sock.c
@@ -0,0 +1,590 @@
+/*
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __VMS
+# define OPENSSL_SYS_VMS
+# pragma message disable DOLLARID
+
+
+# include <openssl/opensslconf.h>
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+#  define _POSIX_C_SOURCE 2
+# endif
+
+# include <stdio.h>
+
+# undef _POSIX_C_SOURCE
+
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <netinet/in.h>
+# include <inet.h>
+# include <unistd.h>
+# include <string.h>
+# include <errno.h>
+# include <starlet.h>
+# include <iodef.h>
+# ifdef __alpha
+#  include <iosbdef.h>
+# else
+typedef struct _iosb {           /* Copied from IOSBDEF.H for Alpha  */
+#  pragma __nomember_alignment
+    __union  {
+        __struct  {
+            unsigned short int iosb$w_status; /* Final I/O status           */
+            __union  {
+                __struct  {             /* 16-bit byte count variant        */
+                    unsigned short int iosb$w_bcnt; /* 16-bit byte count    */
+                    __union  {
+                        unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
+                        unsigned int iosb$l_pid; /* 32-bit pid              */
+                    } iosb$r_l;
+                } iosb$r_bcnt_16;
+                __struct  {             /* 32-bit byte count variant        */
+                    unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
+                    unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
+                } iosb$r_bcnt_32;
+            } iosb$r_devdepend;
+        } iosb$r_io_64;
+        __struct  {
+            __union  {
+                unsigned int iosb$l_getxxi_status; /* Final GETxxI status   */
+                unsigned int iosb$l_reg_status; /* Final $Registry status   */
+            } iosb$r_l_status;
+            unsigned int iosb$l_reserved; /* Reserved field                 */
+        } iosb$r_get_64;
+    } iosb$r_io_get;
+} IOSB;
+
+#  if !defined(__VAXC)
+#   define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
+#   define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
+#   define iosb$r_l        iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
+#   define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
+#   define iosb$l_pid iosb$r_l.iosb$l_pid
+#   define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
+#   define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
+#   define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
+#   define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
+#  endif          /* #if !defined(__VAXC) */
+
+# endif  /* End of IOSBDEF */
+
+# include <efndef.h>
+# include <stdlib.h>
+# include <ssdef.h>
+# include <time.h>
+# include <stdarg.h>
+# include <descrip.h>
+
+# include "vms_term_sock.h"
+
+# ifdef __alpha
+static struct _iosb TerminalDeviceIosb;
+# else
+IOSB TerminalDeviceIosb;
+# endif
+
+static char TerminalDeviceBuff[255 + 2];
+static int TerminalSocketPair[2] = {0, 0};
+static unsigned short TerminalDeviceChan = 0;
+
+static int CreateSocketPair (int, int, int, int *);
+static void SocketPairTimeoutAst (int);
+static int TerminalDeviceAst (int);
+static void LogMessage (char *, ...);
+
+/*
+** Socket Pair Timeout Value (must be 0-59 seconds)
+*/
+# define SOCKET_PAIR_TIMEOUT_VALUE 20
+
+/*
+** Socket Pair Timeout Block which is passed to timeout AST
+*/
+typedef struct _SocketPairTimeoutBlock {
+    unsigned short SockChan1;
+    unsigned short SockChan2;
+} SPTB;
+
+# ifdef TERM_SOCK_TEST
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int main (int argc, char *argv[], char *envp[])
+{
+    char TermBuff[80];
+    int TermSock,
+        status,
+        len;
+
+    LogMessage ("Enter 'q' or 'Q' to quit ...");
+    while (strcasecmp (TermBuff, "Q")) {
+        /*
+        ** Create the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+
+        /*
+        ** Process the terminal input
+        */
+        LogMessage ("Waiting on terminal I/O ...\n");
+        len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
+        TermBuff[len] = '\0';
+        LogMessage ("Received terminal I/O [%s]", TermBuff);
+
+        /*
+        ** Delete the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+    }
+
+    return 1;
+
+}
+# endif
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket)
+{
+    int status;
+    $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
+
+    /*
+    ** Process the requested function code
+    */
+    switch (FunctionCode) {
+    case TERM_SOCK_CREATE:
+        /*
+        ** Create a socket pair
+        */
+        status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
+        if (status == -1) {
+            LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
+            if (TerminalSocketPair[0])
+                close (TerminalSocketPair[0]);
+            if (TerminalSocketPair[1])
+                close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Assign a channel to the terminal device
+        */
+        status = sys$assign (&TerminalDeviceDesc,
+                             &TerminalDeviceChan,
+                             0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Queue an async IO to the terminal device
+        */
+        status = sys$qio (EFN$C_ENF,
+                          TerminalDeviceChan,
+                          IO$_READVBLK,
+                          &TerminalDeviceIosb,
+                          TerminalDeviceAst,
+                          0,
+                          TerminalDeviceBuff,
+                          sizeof(TerminalDeviceBuff) - 2,
+                          0, 0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Return the input side of the socket pair
+        */
+        *ReturnSocket = TerminalSocketPair[1];
+        break;
+
+    case TERM_SOCK_DELETE:
+        /*
+        ** Cancel any pending IO on the terminal channel
+        */
+        status = sys$cancel (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+	** Deassign the terminal channel
+	*/
+        status = sys$dassgn (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Close the terminal socket pair
+        */
+        close (TerminalSocketPair[0]);
+        close (TerminalSocketPair[1]);
+
+        /*
+	** Return the initialized socket
+	*/
+        *ReturnSocket = 0;
+        break;
+
+    default:
+        /*
+	** Invalid function code
+	*/
+        LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
+        return (TERM_SOCK_FAILURE);
+        break;
+    }
+
+    /*
+    ** Return success
+    */
+    return (TERM_SOCK_SUCCESS);
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int CreateSocketPair (int SocketFamily,
+                             int SocketType,
+                             int SocketProtocol,
+                             int *SocketPair)
+{
+    struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
+    static const char* LocalHostAddr = {"127.0.0.1"};
+    unsigned short TcpAcceptChan = 0,
+        TcpDeviceChan = 0;
+    unsigned long BinTimeBuff[2];
+    struct sockaddr_in sin;
+    char AscTimeBuff[32];
+    short LocalHostPort;
+    int status;
+    unsigned int slen;
+
+# ifdef __alpha
+    struct _iosb iosb;
+# else
+    IOSB iosb;
+# endif
+
+    int SockDesc1 = 0,
+        SockDesc2 = 0;
+    SPTB sptb;
+    $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
+
+    /*
+    ** Create a socket
+    */
+    SockDesc1 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc1 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        return (-1);
+    }
+
+    /*
+    ** Initialize the socket information
+    */
+    slen = sizeof(sin);
+    memset ((char *) &sin, 0, slen);
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
+    sin.sin_port = 0;
+
+    /*
+    ** Bind the socket to the local IP
+    */
+    status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: bind () - %d", errno);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Get the socket name so we can save the port number
+    */
+    status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: getsockname () - %d", errno);
+        close (SockDesc1);
+        return (-1);
+    } else
+        LocalHostPort = sin.sin_port;
+
+    /*
+    ** Setup a listen for the socket
+    */
+    listen (SockDesc1, 5);
+
+    /*
+    ** Get the binary (64-bit) time of the specified timeout value
+    */
+    sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
+    AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
+    AscTimeDesc.dsc$a_pointer = AscTimeBuff;
+    status = sys$bintim (&AscTimeDesc, BinTimeBuff);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Assign another channel to the TCP/IP device for the accept.
+    ** This is the channel that ends up being connected to.
+    */
+    status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Get the channel of the first socket for the accept
+    */
+    TcpAcceptChan = decc$get_sdc (SockDesc1);
+
+    /*
+    ** Perform the accept using $QIO so we can do this asynchronously
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TcpAcceptChan,
+                      IO$_ACCESS | IO$M_ACCEPT,
+                      &iosb,
+                      0, 0, 0, 0, 0,
+                      &TcpDeviceChan,
+                      0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Create the second socket to do the connect
+    */
+    SockDesc2 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc2 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return (-1) ;
+    }
+
+    /*
+    ** Setup the Socket Pair Timeout Block
+    */
+    sptb.SockChan1 = TcpAcceptChan;
+    sptb.SockChan2 = decc$get_sdc (SockDesc2);
+
+    /*
+    ** Before we block on the connect, set a timer that can cancel I/O on our
+    ** two sockets if it never connects.
+    */
+    status = sys$setimr (EFN$C_ENF,
+                         BinTimeBuff,
+                         SocketPairTimeoutAst,
+                         &sptb,
+                         0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Now issue the connect
+    */
+    memset ((char *) &sin, 0, sizeof(sin)) ;
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
+    sin.sin_port = LocalHostPort ;
+
+    status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
+    if (status < 0 ) {
+        LogMessage ("CreateSocketPair: connect () - %d", errno);
+        sys$cantim (&sptb, 0);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Wait for the asynch $QIO to finish.  Note that if the I/O was aborted
+    ** (SS$_ABORT), then we probably canceled it from the AST routine - so log
+    ** a timeout.
+    */
+    status = sys$synch (EFN$C_ENF, &iosb);
+    if (! (iosb.iosb$w_status & 1)) {
+        if (iosb.iosb$w_status == SS$_ABORT)
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
+        else {
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
+                        iosb.iosb$w_status);
+            sys$cantim (&sptb, 0);
+        }
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Here we're successfully connected, so cancel the timer, convert the
+    ** I/O channel to a socket fd, close the listener socket and return the
+    ** connected pair.
+    */
+    sys$cantim (&sptb, 0);
+
+    close (SockDesc1) ;
+    SocketPair[0] = SockDesc2 ;
+    SocketPair[1] = socket_fd (TcpDeviceChan);
+
+    return (0) ;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void SocketPairTimeoutAst (int astparm)
+{
+    SPTB *sptb = (SPTB *) astparm;
+
+    sys$cancel (sptb->SockChan2); /* Cancel the connect() */
+    sys$cancel (sptb->SockChan1); /* Cancel the accept() */
+
+    return;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int TerminalDeviceAst (int astparm)
+{
+    int status;
+
+    /*
+    ** Terminate the terminal buffer
+    */
+    TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
+    strcat (TerminalDeviceBuff, "\n");
+
+    /*
+    ** Send the data read from the terminal device throught the socket pair
+    */
+    send (TerminalSocketPair[0], TerminalDeviceBuff,
+          TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
+
+    /*
+    ** Queue another async IO to the terminal device
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TerminalDeviceChan,
+                      IO$_READVBLK,
+                      &TerminalDeviceIosb,
+                      TerminalDeviceAst,
+                      0,
+                      TerminalDeviceBuff,
+                      sizeof(TerminalDeviceBuff) - 1,
+                      0, 0, 0, 0);
+
+    /*
+    ** Return status
+    */
+    return status;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void LogMessage (char *msg, ...)
+{
+    char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+    static unsigned int pid = 0;
+    va_list args;
+    time_t CurTime;
+    struct tm *LocTime;
+    char MsgBuff[256];
+
+    /*
+    ** Get the process pid
+    */
+    if (pid == 0)
+        pid = getpid ();
+
+    /*
+    ** Convert the current time into local time
+    */
+    CurTime = time (NULL);
+    LocTime = localtime (&CurTime);
+
+    /*
+    ** Format the message buffer
+    */
+    sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
+             LocTime->tm_mday, Month[LocTime->tm_mon],
+             (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+             LocTime->tm_sec, pid, msg);
+
+    /*
+    ** Get any variable arguments and add them to the print of the message
+    ** buffer
+    */
+    va_start (args, msg);
+    vfprintf (stderr, MsgBuff, args);
+    va_end (args);
+
+    /*
+    ** Flush standard error output
+    */
+    fsync (fileno (stderr));
+
+    return;
+
+}
+#endif
diff --git a/openssl-1.1.0h/apps/vms_term_sock.h b/openssl-1.1.0h/apps/vms_term_sock.h
new file mode 100644
index 0000000..662fa0a
--- /dev/null
+++ b/openssl-1.1.0h/apps/vms_term_sock.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef TERM_SOCK_H
+# define TERM_SOCK_H
+
+/*
+** Terminal Socket Function Codes
+*/
+# define TERM_SOCK_CREATE       1
+# define TERM_SOCK_DELETE       2
+
+/*
+** Terminal Socket Status Codes
+*/
+# define TERM_SOCK_FAILURE      0
+# define TERM_SOCK_SUCCESS      1
+
+/*
+** Terminal Socket Prototype
+*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket);
+
+#endif
diff --git a/openssl-1.1.0h/apps/win32_init.c b/openssl-1.1.0h/apps/win32_init.c
new file mode 100644
index 0000000..ebe92bc
--- /dev/null
+++ b/openssl-1.1.0h/apps/win32_init.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <windows.h>
+#include <stdlib.h>
+#include <string.h>
+#include <malloc.h>
+
+#if defined(CP_UTF8)
+
+static UINT saved_cp;
+static int newargc;
+static char **newargv;
+
+static void cleanup(void)
+{
+    int i;
+
+    SetConsoleOutputCP(saved_cp);
+
+    for (i = 0; i < newargc; i++)
+        free(newargv[i]);
+
+    free(newargv);
+}
+
+/*
+ * Incrementally [re]allocate newargv and keep it NULL-terminated.
+ */
+static int validate_argv(int argc)
+{
+    static int size = 0;
+
+    if (argc >= size) {
+        char **ptr;
+
+        while (argc >= size)
+            size += 64;
+
+        ptr = realloc(newargv, size * sizeof(newargv[0]));
+        if (ptr == NULL)
+            return 0;
+
+        (newargv = ptr)[argc] = NULL;
+    } else {
+        newargv[argc] = NULL;
+    }
+
+    return 1;
+}
+
+static int process_glob(WCHAR *wstr, int wlen)
+{
+    int i, slash, udlen;
+    WCHAR saved_char;
+    WIN32_FIND_DATAW data;
+    HANDLE h;
+
+    /*
+     * Note that we support wildcard characters only in filename part
+     * of the path, and not in directories. Windows users are used to
+     * this, that's why recursive glob processing is not implemented.
+     */
+    /*
+     * Start by looking for last slash or backslash, ...
+     */
+    for (slash = 0, i = 0; i < wlen; i++)
+        if (wstr[i] == L'/' || wstr[i] == L'\\')
+            slash = i + 1;
+    /*
+     * ... then look for asterisk or question mark in the file name.
+     */
+    for (i = slash; i < wlen; i++)
+        if (wstr[i] == L'*' || wstr[i] == L'?')
+            break;
+
+    if (i == wlen)
+        return 0;   /* definitely not a glob */
+
+    saved_char = wstr[wlen];
+    wstr[wlen] = L'\0';
+    h = FindFirstFileW(wstr, &data);
+    wstr[wlen] = saved_char;
+    if (h == INVALID_HANDLE_VALUE)
+        return 0;   /* not a valid glob, just pass... */
+
+    if (slash)
+        udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                    NULL, 0, NULL, NULL);
+    else
+        udlen = 0;
+
+    do {
+        int uflen;
+        char *arg;
+
+        /*
+         * skip over . and ..
+         */
+        if (data.cFileName[0] == L'.') {
+            if ((data.cFileName[1] == L'\0') ||
+                (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
+                continue;
+        }
+
+        if (!validate_argv(newargc + 1))
+            break;
+
+        /*
+         * -1 below means "scan for trailing '\0' *and* count it",
+         * so that |uflen| covers even trailing '\0'.
+         */
+        uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                                    NULL, 0, NULL, NULL);
+
+        arg = malloc(udlen + uflen);
+        if (arg == NULL)
+            break;
+
+        if (udlen)
+            WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                arg, udlen, NULL, NULL);
+
+        WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                            arg + udlen, uflen, NULL, NULL);
+
+        newargv[newargc++] = arg;
+    } while (FindNextFileW(h, &data));
+
+    CloseHandle(h);
+
+    return 1;
+}
+
+void win32_utf8argv(int *argc, char **argv[])
+{
+    const WCHAR *wcmdline;
+    WCHAR *warg, *wend, *p;
+    int wlen, ulen, valid = 1;
+    char *arg;
+
+    if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) == 0)
+        return;
+
+    newargc = 0;
+    newargv = NULL;
+    if (!validate_argv(newargc))
+        return;
+
+    wcmdline = GetCommandLineW();
+    if (wcmdline == NULL) return;
+
+    /*
+     * make a copy of the command line, since we might have to modify it...
+     */
+    wlen = wcslen(wcmdline);
+    p = _alloca((wlen + 1) * sizeof(WCHAR));
+    wcscpy(p, wcmdline);
+
+    while (*p != L'\0') {
+        int in_quote = 0;
+
+        if (*p == L' ' || *p == L'\t') {
+            p++; /* skip over white spaces */
+            continue;
+        }
+
+        /*
+         * Note: because we may need to fiddle with the number of backslashes,
+         * the argument string is copied into itself.  This is safe because
+         * the number of characters will never expand.
+         */
+        warg = wend = p;
+        while (*p != L'\0'
+               && (in_quote || (*p != L' ' && *p != L'\t'))) {
+            switch (*p) {
+            case L'\\':
+                /*
+                 * Microsoft documentation on how backslashes are treated
+                 * is:
+                 *
+                 * + Backslashes are interpreted literally, unless they
+                 *   immediately precede a double quotation mark.
+                 * + If an even number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is interpreted as a string delimiter.
+                 * + If an odd number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is "escaped" by the remaining backslash, causing a
+                 *   literal double quotation mark (") to be placed in argv.
+                 *
+                 * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
+                 *
+                 * Though referred page doesn't mention it, multiple qouble
+                 * quotes are also special. Pair of double quotes in quoted
+                 * string is counted as single double quote.
+                 */
+                {
+                    const WCHAR *q = p;
+                    int i;
+
+                    while (*p == L'\\')
+                        p++;
+
+                    if (*p == L'"') {
+                        int i;
+
+                        for (i = (p - q) / 2; i > 0; i--)
+                            *wend++ = L'\\';
+
+                        /*
+                         * if odd amount of backslashes before the quote,
+                         * said quote is part of the argument, not a delimiter
+                         */
+                        if ((p - q) % 2 == 1)
+                            *wend++ = *p++;
+                    } else {
+                        for (i = p - q; i > 0; i--)
+                            *wend++ = L'\\';
+                    }
+                }
+                break;
+            case L'"':
+                /*
+                 * Without the preceding backslash (or when preceded with an
+                 * even number of backslashes), the double quote is a simple
+                 * string delimiter and just slightly change the parsing state
+                 */
+                if (in_quote && p[1] == L'"')
+                    *wend++ = *p++;
+                else
+                    in_quote = !in_quote;
+                p++;
+                break;
+            default:
+                /*
+                 * Any other non-delimiter character is just taken verbatim
+                 */
+                *wend++ = *p++;
+            }
+        }
+
+        wlen = wend - warg;
+
+        if (wlen == 0 || !process_glob(warg, wlen)) {
+            if (!validate_argv(newargc + 1)) {
+                valid = 0;
+                break;
+            }
+
+            ulen = 0;
+            if (wlen > 0) {
+                ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                           NULL, 0, NULL, NULL);
+                if (ulen <= 0)
+                    continue;
+            }
+
+            arg = malloc(ulen + 1);
+            if (arg == NULL) {
+                valid = 0;
+                break;
+            }
+
+            if (wlen > 0)
+                WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                    arg, ulen, NULL, NULL);
+            arg[ulen] = '\0';
+
+            newargv[newargc++] = arg;
+        }
+    }
+
+    if (valid) {
+        saved_cp = GetConsoleOutputCP();
+        SetConsoleOutputCP(CP_UTF8);
+
+        *argc = newargc;
+        *argv = newargv;
+
+        atexit(cleanup);
+    } else if (newargv != NULL) {
+        int i;
+
+        for (i = 0; i < newargc; i++)
+            free(newargv[i]);
+
+        free(newargv);
+
+        newargc = 0;
+        newargv = NULL;
+    }
+
+    return;
+}
+#else
+void win32_utf8argv(int &argc, char **argv[])
+{   return;   }
+#endif
diff --git a/openssl-1.1.0h/apps/x509.c b/openssl-1.1.0h/apps/x509.c
new file mode 100644
index 0000000..7a66ea6
--- /dev/null
+++ b/openssl-1.1.0h/apps/x509.c
@@ -0,0 +1,1099 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS        30
+
+static int callb(int ok, X509_STORE_CTX *ctx);
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section);
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile,
+                        int create, int days, int clrext, CONF *conf,
+                        const char *section, ASN1_INTEGER *sno, int reqfile);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
+    OPT_CAKEYFORM, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE,
+    OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA,
+    OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_FORCE_PUBKEY,
+    OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT,
+    OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
+    OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
+    OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
+    OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
+    OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
+    OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
+    OPT_SUBJECT_HASH_OLD,
+    OPT_ISSUER_HASH_OLD,
+    OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
+} OPTION_CHOICE;
+
+OPTIONS x509_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f',
+     "Input format - default PEM (one of DER, NET or PEM)"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (one of DER, NET or PEM)"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+    {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
+    {"serial", OPT_SERIAL, '-', "Print serial number value"},
+    {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
+    {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
+    {"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
+    {"subject", OPT_SUBJECT, '-', "Print subject DN"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"email", OPT_EMAIL, '-', "Print email address(es)"},
+    {"startdate", OPT_STARTDATE, '-', "Set notBefore field"},
+    {"enddate", OPT_ENDDATE, '-', "Set notAfter field"},
+    {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"},
+    {"dates", OPT_DATES, '-', "Both Before and After dates"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"pubkey", OPT_PUBKEY, '-', "Output the public key"},
+    {"fingerprint", OPT_FINGERPRINT, '-',
+     "Print the certificate fingerprint"},
+    {"alias", OPT_ALIAS, '-', "Output certificate alias"},
+    {"noout", OPT_NOOUT, '-', "No output, just status"},
+    {"nocert", OPT_NOCERT, '-', "No certificate output"},
+    {"ocspid", OPT_OCSPID, '-',
+     "Print OCSP hash values for the subject name and public key"},
+    {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
+    {"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"},
+    {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
+    {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"},
+    {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
+    {"addreject", OPT_ADDREJECT, 's',
+     "Reject certificate for a given purpose"},
+    {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
+    {"days", OPT_DAYS, 'n',
+     "How long till expiry of a signed certificate - def 30 days"},
+    {"checkend", OPT_CHECKEND, 'M',
+     "Check whether the cert expires in the next arg seconds"},
+    {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
+    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+    {"x509toreq", OPT_X509TOREQ, '-',
+     "Output a certification request object"},
+    {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
+    {"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
+    {"CAkey", OPT_CAKEY, 's',
+     "The CA key, must be PEM format; if not in CAfile"},
+    {"CAcreateserial", OPT_CACREATESERIAL, '-',
+     "Create serial number file if it does not exist"},
+    {"CAserial", OPT_CASERIAL, 's', "Serial file"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"text", OPT_TEXT, '-', "Print the certificate in text form"},
+    {"C", OPT_C, '-', "Print out C code forms"},
+    {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
+    {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"certopt", OPT_CERTOPT, 's', "Various certificate text options"},
+    {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"},
+    {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
+    {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
+    {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
+    {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
+    {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
+    {"clrreject", OPT_CLRREJECT, '-',
+     "Clears all the prohibited or rejected uses of the certificate"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+     "Print old-style (MD5) issuer hash value"},
+    {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+     "Print old-style (MD5) subject hash value"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int x509_main(int argc, char **argv)
+{
+    ASN1_INTEGER *sno = NULL;
+    ASN1_OBJECT *objtmp = NULL;
+    BIO *out = NULL;
+    CONF *extconf = NULL;
+    EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
+    STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    X509 *x = NULL, *xca = NULL;
+    X509_REQ *req = NULL, *rq = NULL;
+    X509_STORE *ctx = NULL;
+    const EVP_MD *digest = NULL;
+    char *CAkeyfile = NULL, *CAserial = NULL, *fkeyfile = NULL, *alias = NULL;
+    char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
+    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+    char buf[256], *prog;
+    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
+    int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+    int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
+    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
+    int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
+    int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
+    int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
+    int enddate = 0;
+    time_t checkoffset = 0;
+    unsigned long nmflag = 0, certflag = 0;
+    char nmflag_set = 0;
+    OPTION_CHOICE o;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_MD5
+    int subject_hash_old = 0, issuer_hash_old = 0;
+#endif
+
+    ctx = X509_STORE_new();
+    if (ctx == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(ctx, callb);
+
+    prog = opt_init(argc, argv, x509_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(x509_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_CAFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAformat))
+                goto opthelp;
+            break;
+        case OPT_CAKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_REQ:
+            reqfile = need_rand = 1;
+            break;
+
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_EXTENSIONS:
+            extsect = opt_arg();
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            sign_flag = ++num;
+            need_rand = 1;
+            break;
+        case OPT_CA:
+            CAfile = opt_arg();
+            CA_flag = ++num;
+            need_rand = 1;
+            break;
+        case OPT_CAKEY:
+            CAkeyfile = opt_arg();
+            break;
+        case OPT_CASERIAL:
+            CAserial = opt_arg();
+            break;
+        case OPT_SET_SERIAL:
+            if (sno != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL)
+                goto opthelp;
+            break;
+        case OPT_FORCE_PUBKEY:
+            fkeyfile = opt_arg();
+            break;
+        case OPT_ADDTRUST:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid trust object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(trust, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_ADDREJECT:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid reject object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (reject == NULL
+                && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(reject, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_SETALIAS:
+            alias = opt_arg();
+            trustout = 1;
+            break;
+        case OPT_CERTOPT:
+            if (!set_cert_ex(&certflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_NAMEOPT:
+            nmflag_set = 1;
+            if (!set_name_ex(&nmflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_C:
+            C = ++num;
+            break;
+        case OPT_EMAIL:
+            email = ++num;
+            break;
+        case OPT_OCSP_URI:
+            ocsp_uri = ++num;
+            break;
+        case OPT_SERIAL:
+            serial = ++num;
+            break;
+        case OPT_NEXT_SERIAL:
+            next_serial = ++num;
+            break;
+        case OPT_MODULUS:
+            modulus = ++num;
+            break;
+        case OPT_PUBKEY:
+            pubkey = ++num;
+            break;
+        case OPT_X509TOREQ:
+            x509req = ++num;
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_SUBJECT:
+            subject = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_HASH:
+            subject_hash = ++num;
+            break;
+        case OPT_ISSUER_HASH:
+            issuer_hash = ++num;
+            break;
+        case OPT_PURPOSE:
+            pprint = ++num;
+            break;
+        case OPT_STARTDATE:
+            startdate = ++num;
+            break;
+        case OPT_ENDDATE:
+            enddate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_TRUSTOUT:
+            trustout = 1;
+            break;
+        case OPT_CLRTRUST:
+            clrtrust = ++num;
+            break;
+        case OPT_CLRREJECT:
+            clrreject = ++num;
+            break;
+        case OPT_ALIAS:
+            aliasout = ++num;
+            break;
+        case OPT_CACREATESERIAL:
+            CA_createserial = ++num;
+            break;
+        case OPT_CLREXT:
+            clrext = 1;
+            break;
+        case OPT_OCSPID:
+            ocspid = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+#ifndef OPENSSL_NO_MD5
+        case OPT_SUBJECT_HASH_OLD:
+            subject_hash_old = ++num;
+            break;
+        case OPT_ISSUER_HASH_OLD:
+            issuer_hash_old = ++num;
+            break;
+#else
+        case OPT_SUBJECT_HASH_OLD:
+        case OPT_ISSUER_HASH_OLD:
+            break;
+#endif
+        case OPT_DATES:
+            startdate = ++num;
+            enddate = ++num;
+            break;
+        case OPT_CHECKEND:
+            checkend = 1;
+            {
+                intmax_t temp = 0;
+                if (!opt_imax(opt_arg(), &temp))
+                    goto opthelp;
+                checkoffset = (time_t)temp;
+                if ((intmax_t)checkoffset != temp) {
+                    BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+                               prog, opt_arg());
+                    goto opthelp;
+                }
+            }
+            break;
+        case OPT_CHECKHOST:
+            checkhost = opt_arg();
+            break;
+        case OPT_CHECKEMAIL:
+            checkemail = opt_arg();
+            break;
+        case OPT_CHECKIP:
+            checkip = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc != 0) {
+        BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]);
+        goto opthelp;
+    }
+
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
+
+    if (need_rand)
+        app_RAND_load_file(NULL, 0);
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (!X509_STORE_set_default_paths(ctx)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (fkeyfile) {
+        fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
+        if (fkey == NULL)
+            goto end;
+    }
+
+    if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+        CAkeyfile = CAfile;
+    } else if ((CA_flag) && (CAkeyfile == NULL)) {
+        BIO_printf(bio_err,
+                   "need to specify a CAkey if using the CA command\n");
+        goto end;
+    }
+
+    if (extfile) {
+        X509V3_CTX ctx2;
+        if ((extconf = app_load_config(extfile)) == NULL)
+            goto end;
+        if (!extsect) {
+            extsect = NCONF_get_string(extconf, "default", "extensions");
+            if (!extsect) {
+                ERR_clear_error();
+                extsect = "default";
+            }
+        }
+        X509V3_set_ctx_test(&ctx2);
+        X509V3_set_nconf(&ctx2, extconf);
+        if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extsect);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (reqfile) {
+        EVP_PKEY *pkey;
+        BIO *in;
+
+        if (!sign_flag && !CA_flag) {
+            BIO_printf(bio_err, "We need a private key to sign with\n");
+            goto end;
+        }
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+        req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        BIO_free(in);
+
+        if (req == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
+            BIO_printf(bio_err, "error unpacking public key\n");
+            goto end;
+        }
+        i = X509_REQ_verify(req, pkey);
+        if (i < 0) {
+            BIO_printf(bio_err, "Signature verification error\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i == 0) {
+            BIO_printf(bio_err,
+                       "Signature did not match the certificate request\n");
+            goto end;
+        } else
+            BIO_printf(bio_err, "Signature ok\n");
+
+        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
+                   nmflag);
+
+        if ((x = X509_new()) == NULL)
+            goto end;
+
+        if (sno == NULL) {
+            sno = ASN1_INTEGER_new();
+            if (sno == NULL || !rand_serial(NULL, sno))
+                goto end;
+            if (!X509_set_serialNumber(x, sno))
+                goto end;
+            ASN1_INTEGER_free(sno);
+            sno = NULL;
+        } else if (!X509_set_serialNumber(x, sno))
+            goto end;
+
+        if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!set_cert_times(x, NULL, NULL, days))
+            goto end;
+
+        if (fkey)
+            X509_set_pubkey(x, fkey);
+        else {
+            pkey = X509_REQ_get0_pubkey(req);
+            X509_set_pubkey(x, pkey);
+        }
+    } else
+        x = load_cert(infile, informat, "Certificate");
+
+    if (x == NULL)
+        goto end;
+    if (CA_flag) {
+        xca = load_cert(CAfile, CAformat, "CA Certificate");
+        if (xca == NULL)
+            goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (!noout || text || next_serial)
+        OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
+
+    if (alias)
+        X509_alias_set1(x, (unsigned char *)alias, -1);
+
+    if (clrtrust)
+        X509_trust_clear(x);
+    if (clrreject)
+        X509_reject_clear(x);
+
+    if (trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            objtmp = sk_ASN1_OBJECT_value(trust, i);
+            X509_add1_trust_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            objtmp = sk_ASN1_OBJECT_value(reject, i);
+            X509_add1_reject_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *signature;
+
+        X509_get0_signature(&signature, NULL, x);
+        corrupt_signature(signature);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(out, "issuer=", X509_get_issuer_name(x), nmflag);
+            } else if (subject == i) {
+                print_name(out, "subject=",
+                           X509_get_subject_name(x), nmflag);
+            } else if (serial == i) {
+                BIO_printf(out, "serial=");
+                i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
+                BIO_printf(out, "\n");
+            } else if (next_serial == i) {
+                ASN1_INTEGER *ser = X509_get_serialNumber(x);
+                BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+
+                if (!bnser)
+                    goto end;
+                if (!BN_add_word(bnser, 1))
+                    goto end;
+                ser = BN_to_ASN1_INTEGER(bnser, NULL);
+                if (!ser)
+                    goto end;
+                BN_free(bnser);
+                i2a_ASN1_INTEGER(out, ser);
+                ASN1_INTEGER_free(ser);
+                BIO_puts(out, "\n");
+            } else if ((email == i) || (ocsp_uri == i)) {
+                int j;
+                STACK_OF(OPENSSL_STRING) *emlst;
+                if (email == i)
+                    emlst = X509_get1_email(x);
+                else
+                    emlst = X509_get1_ocsp(x);
+                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
+                    BIO_printf(out, "%s\n",
+                               sk_OPENSSL_STRING_value(emlst, j));
+                X509_email_free(emlst);
+            } else if (aliasout == i) {
+                unsigned char *alstr;
+                alstr = X509_alias_get0(x, NULL);
+                if (alstr)
+                    BIO_printf(out, "%s\n", alstr);
+                else
+                    BIO_puts(out, "<No Alias>\n");
+            } else if (subject_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (subject_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash_old(x));
+            }
+#endif
+            else if (issuer_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (issuer_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash_old(x));
+            }
+#endif
+            else if (pprint == i) {
+                X509_PURPOSE *ptmp;
+                int j;
+                BIO_printf(out, "Certificate purposes:\n");
+                for (j = 0; j < X509_PURPOSE_get_count(); j++) {
+                    ptmp = X509_PURPOSE_get0(j);
+                    purpose_print(out, x, ptmp);
+                }
+            } else if (modulus == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Modulus=unavailable\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                BIO_printf(out, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+                    const BIGNUM *n;
+                    RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
+                    BN_print(out, n);
+                } else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+                    const BIGNUM *dsapub = NULL;
+                    DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
+                    BN_print(out, dsapub);
+                } else
+#endif
+                {
+                    BIO_printf(out, "Wrong Algorithm type");
+                }
+                BIO_printf(out, "\n");
+            } else if (pubkey == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Error getting public key\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                PEM_write_bio_PUBKEY(out, pkey);
+            } else if (C == i) {
+                unsigned char *d;
+                char *m;
+                int len;
+
+                X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+                BIO_printf(out, "/*\n"
+                                " * Subject: %s\n", buf);
+
+                X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf));
+                BIO_printf(out, " * Issuer:  %s\n"
+                                " */\n", buf);
+
+                len = i2d_X509(x, NULL);
+                m = app_malloc(len, "x509 name buffer");
+                d = (unsigned char *)m;
+                len = i2d_X509_NAME(X509_get_subject_name(x), &d);
+                print_array(out, "the_subject_name", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+                print_array(out, "the_public_key", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509(x, &d);
+                print_array(out, "the_certificate", len, (unsigned char *)m);
+                OPENSSL_free(m);
+            } else if (text == i) {
+                X509_print_ex(out, x, nmflag, certflag);
+            } else if (startdate == i) {
+                BIO_puts(out, "notBefore=");
+                ASN1_TIME_print(out, X509_get0_notBefore(x));
+                BIO_puts(out, "\n");
+            } else if (enddate == i) {
+                BIO_puts(out, "notAfter=");
+                ASN1_TIME_print(out, X509_get0_notAfter(x));
+                BIO_puts(out, "\n");
+            } else if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                const EVP_MD *fdig = digest;
+
+                if (!fdig)
+                    fdig = EVP_sha1();
+
+                if (!X509_digest(x, fdig, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(fdig)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+
+            /* should be in the library */
+            else if ((sign_flag == i) && (x509req == 0)) {
+                BIO_printf(bio_err, "Getting Private key\n");
+                if (Upkey == NULL) {
+                    Upkey = load_key(keyfile, keyformat, 0,
+                                     passin, e, "Private key");
+                    if (Upkey == NULL)
+                        goto end;
+                }
+
+                assert(need_rand);
+                if (!sign(x, Upkey, days, clrext, digest, extconf, extsect))
+                    goto end;
+            } else if (CA_flag == i) {
+                BIO_printf(bio_err, "Getting CA Private Key\n");
+                if (CAkeyfile != NULL) {
+                    CApkey = load_key(CAkeyfile, CAkeyformat,
+                                      0, passin, e, "CA Private Key");
+                    if (CApkey == NULL)
+                        goto end;
+                }
+
+                assert(need_rand);
+                if (!x509_certify(ctx, CAfile, digest, x, xca,
+                                  CApkey, sigopts,
+                                  CAserial, CA_createserial, days, clrext,
+                                  extconf, extsect, sno, reqfile))
+                    goto end;
+            } else if (x509req == i) {
+                EVP_PKEY *pk;
+
+                BIO_printf(bio_err, "Getting request Private Key\n");
+                if (keyfile == NULL) {
+                    BIO_printf(bio_err, "no request key file specified\n");
+                    goto end;
+                } else {
+                    pk = load_key(keyfile, keyformat, 0,
+                                  passin, e, "request key");
+                    if (pk == NULL)
+                        goto end;
+                }
+
+                BIO_printf(bio_err, "Generating certificate request\n");
+
+                rq = X509_to_X509_REQ(x, pk, digest);
+                EVP_PKEY_free(pk);
+                if (rq == NULL) {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                if (!noout) {
+                    X509_REQ_print(out, rq);
+                    PEM_write_bio_X509_REQ(out, rq);
+                }
+                noout = 1;
+            } else if (ocspid == i) {
+                X509_ocspid_print(out, x);
+            }
+        }
+    }
+
+    if (checkend) {
+        time_t tcheck = time(NULL) + checkoffset;
+
+        if (X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0) {
+            BIO_printf(out, "Certificate will expire\n");
+            ret = 1;
+        } else {
+            BIO_printf(out, "Certificate will not expire\n");
+            ret = 0;
+        }
+        goto end;
+    }
+
+    print_cert_checks(out, x, checkhost, checkemail, checkip);
+
+    if (noout || nocert) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1)
+        i = i2d_X509_bio(out, x);
+    else if (outformat == FORMAT_PEM) {
+        if (trustout)
+            i = PEM_write_bio_X509_AUX(out, x);
+        else
+            i = PEM_write_bio_X509(out, x);
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (!i) {
+        BIO_printf(bio_err, "unable to write certificate\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    if (need_rand)
+        app_RAND_write_file(NULL);
+    NCONF_free(extconf);
+    BIO_free_all(out);
+    X509_STORE_free(ctx);
+    X509_REQ_free(req);
+    X509_free(x);
+    X509_free(xca);
+    EVP_PKEY_free(Upkey);
+    EVP_PKEY_free(CApkey);
+    EVP_PKEY_free(fkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    X509_REQ_free(rq);
+    ASN1_INTEGER_free(sno);
+    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(objtmp);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return (ret);
+}
+
+static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile,
+                                      int create)
+{
+    char *buf = NULL, *p;
+    ASN1_INTEGER *bs = NULL;
+    BIGNUM *serial = NULL;
+    size_t len;
+
+    len = ((serialfile == NULL)
+           ? (strlen(CAfile) + strlen(POSTFIX) + 1)
+           : (strlen(serialfile))) + 1;
+    buf = app_malloc(len, "serial# buffer");
+    if (serialfile == NULL) {
+        OPENSSL_strlcpy(buf, CAfile, len);
+        for (p = buf; *p; p++)
+            if (*p == '.') {
+                *p = '\0';
+                break;
+            }
+        OPENSSL_strlcat(buf, POSTFIX, len);
+    } else
+        OPENSSL_strlcpy(buf, serialfile, len);
+
+    serial = load_serial(buf, create, NULL);
+    if (serial == NULL)
+        goto end;
+
+    if (!BN_add_word(serial, 1)) {
+        BIO_printf(bio_err, "add_word failure\n");
+        goto end;
+    }
+
+    if (!save_serial(buf, NULL, serial, &bs))
+        goto end;
+
+ end:
+    OPENSSL_free(buf);
+    BN_free(serial);
+    return bs;
+}
+
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts,
+                        const char *serialfile, int create,
+                        int days, int clrext, CONF *conf, const char *section,
+                        ASN1_INTEGER *sno, int reqfile)
+{
+    int ret = 0;
+    ASN1_INTEGER *bs = NULL;
+    X509_STORE_CTX *xsc = NULL;
+    EVP_PKEY *upkey;
+
+    upkey = X509_get0_pubkey(xca);
+    if (upkey == NULL) {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
+    EVP_PKEY_copy_parameters(upkey, pkey);
+
+    xsc = X509_STORE_CTX_new();
+    if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, x, NULL)) {
+        BIO_printf(bio_err, "Error initialising X509 store\n");
+        goto end;
+    }
+    if (sno)
+        bs = sno;
+    else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
+        goto end;
+
+    /*
+     * NOTE: this certificate can/should be self signed, unless it was a
+     * certificate request in which case it is not.
+     */
+    X509_STORE_CTX_set_cert(xsc, x);
+    X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+    if (!reqfile && X509_verify_cert(xsc) <= 0)
+        goto end;
+
+    if (!X509_check_private_key(xca, pkey)) {
+        BIO_printf(bio_err,
+                   "CA certificate and CA private key do not match\n");
+        goto end;
+    }
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+        goto end;
+    if (!X509_set_serialNumber(x, bs))
+        goto end;
+
+    if (!set_cert_times(x, NULL, NULL, days))
+        goto end;
+
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+
+    if (conf) {
+        X509V3_CTX ctx2;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx2, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+            goto end;
+    }
+
+    if (!do_X509_sign(x, pkey, digest, sigopts))
+        goto end;
+    ret = 1;
+ end:
+    X509_STORE_CTX_free(xsc);
+    if (!ret)
+        ERR_print_errors(bio_err);
+    if (!sno)
+        ASN1_INTEGER_free(bs);
+    return ret;
+}
+
+static int callb(int ok, X509_STORE_CTX *ctx)
+{
+    int err;
+    X509 *err_cert;
+
+    /*
+     * it is ok to use a self signed certificate This case will catch both
+     * the initial ok == 0 and the final ok == 1 calls to this function
+     */
+    err = X509_STORE_CTX_get_error(ctx);
+    if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+        return 1;
+
+    /*
+     * BAD we should have gotten an error.  Normally if everything worked
+     * X509_STORE_CTX_get_error(ctx) will still be set to
+     * DEPTH_ZERO_SELF_....
+     */
+    if (ok) {
+        BIO_printf(bio_err,
+                   "error with certificate to be certified - should be self signed\n");
+        return 0;
+    } else {
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+        BIO_printf(bio_err,
+                   "error with certificate - error %d at depth %d\n%s\n", err,
+                   X509_STORE_CTX_get_error_depth(ctx),
+                   X509_verify_cert_error_string(err));
+        return 1;
+    }
+}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section)
+{
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+        goto err;
+    if (!set_cert_times(x, NULL, NULL, days))
+        goto err;
+    if (!X509_set_pubkey(x, pkey))
+        goto err;
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+    if (conf) {
+        X509V3_CTX ctx;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+            goto err;
+    }
+    if (!X509_sign(x, pkey, digest))
+        goto err;
+    return 1;
+ err:
+    ERR_print_errors(bio_err);
+    return 0;
+}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+    int id, i, idret;
+    const char *pname;
+    id = X509_PURPOSE_get_id(pt);
+    pname = X509_PURPOSE_get0_name(pt);
+    for (i = 0; i < 2; i++) {
+        idret = X509_check_purpose(cert, id, i);
+        BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+        if (idret == 1)
+            BIO_printf(bio, "Yes\n");
+        else if (idret == 0)
+            BIO_printf(bio, "No\n");
+        else
+            BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/appveyor.yml b/openssl-1.1.0h/appveyor.yml
new file mode 100644
index 0000000..8dd6cb6
--- /dev/null
+++ b/openssl-1.1.0h/appveyor.yml
@@ -0,0 +1,45 @@
+platform:
+    - x86
+    - x64
+
+environment:
+    matrix:
+        - VSVER: 14
+
+configuration:
+    - plain
+    - shared
+
+before_build:
+    - ps: >-
+        If ($env:Platform -Match "x86") {
+            $env:VCVARS_PLATFORM="x86"
+            $env:TARGET="VC-WIN32"
+        } Else {
+            $env:VCVARS_PLATFORM="amd64"
+            $env:TARGET="VC-WIN64A"
+        }
+    - ps: >-
+        If ($env:Configuration -Match "shared") {
+            $env:SHARED=""
+        } Else {
+            $env:SHARED="no-shared"
+        }
+    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
+    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
+    - mkdir _build
+    - cd _build
+    - perl ..\Configure %TARGET% no-asm %SHARED%
+    - cd ..
+
+build_script:
+    - cd _build
+    - nmake
+    - cd ..
+
+test_script:
+    - cd _build
+    - nmake test
+    - mkdir ..\_install
+    - nmake install install_docs DESTDIR=..\_install
+    - cd ..
diff --git a/openssl-1.1.0h/build.info b/openssl-1.1.0h/build.info
new file mode 100644
index 0000000..fa136dc
--- /dev/null
+++ b/openssl-1.1.0h/build.info
@@ -0,0 +1,41 @@
+LIBS=libcrypto libssl
+ORDINALS[libcrypto]=crypto
+ORDINALS[libssl]=ssl
+INCLUDE[libcrypto]=. crypto/include include
+INCLUDE[libssl]=. include
+DEPEND[libssl]=libcrypto
+
+# Empty DEPEND "indices" means the dependencies are expected to be built
+# unconditionally before anything else.
+DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \
+         crypto/include/internal/dso_conf.h
+DEPEND[include/openssl/opensslconf.h]=configdata.pm
+GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
+DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm
+GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in
+DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm
+GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in
+
+
+IF[{- $config{target} =~ /^Cygwin/ -}]
+ SHARED_NAME[libcrypto]=cygcrypto-{- $config{shlib_major}.".".$config{shlib_minor} -}
+ SHARED_NAME[libssl]=cygssl-{- $config{shlib_major}.".".$config{shlib_minor} -}
+ELSIF[{- $config{target} =~ /^mingw/ -}]
+ SHARED_NAME[libcrypto]=libcrypto-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $config{target} eq "mingw64" ? "-x64" : "" -}
+ SHARED_NAME[libssl]=libssl-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $config{target} eq "mingw64" ? "-x64" : "" -}
+ELSIF[{- $config{target} =~ /^VC-/ -}]
+ SHARED_NAME[libcrypto]=libcrypto-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $target{multilib} -}
+ SHARED_NAME[libssl]=libssl-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $target{multilib} -}
+ENDIF
+
+# VMS has a cultural standard where all libraries are prefixed.
+# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
+# conversation with VSI, Tuesday January 26 2016)
+# Also, it seems it's usual to have the pointer size the libraries
+# were built for as part of the name.
+IF[{- $config{target} =~ /^vms/ -}]
+ RENAME[libcrypto]=ossl$libcrypto{- $target{pointer_size} -}
+ RENAME[libssl]=ossl$libssl{- $target{pointer_size} -}
+ SHARED_NAME[libcrypto]=ossl$libcrypto{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
+ SHARED_NAME[libssl]=ossl$libssl{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
+ENDIF
diff --git a/openssl-1.1.0h/config b/openssl-1.1.0h/config
new file mode 100755
index 0000000..35e849a
--- /dev/null
+++ b/openssl-1.1.0h/config
@@ -0,0 +1,933 @@
+#!/bin/sh
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# OpenSSL config: determine the operating system and run ./Configure
+# Derived from minarch and GuessOS from Apache.
+#
+# Do "config -h" for usage information.
+SUFFIX=""
+DRYRUN="false"
+VERBOSE="false"
+EXE=""
+THERE=`dirname $0`
+
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) options=$options" --debug";;
+-t*) DRYRUN="true" VERBOSE="true";;
+-v*) VERBOSE="true";;
+-h*) DRYRUN="true"; cat <<EOF
+Usage: config [options]
+ -d	Build with debugging when possible.
+ -t	Test mode, do not run the Configure perl script.
+ -v	Verbose mode, show the exact Configure call that is being made.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
+esac
+done
+
+# First get uname entries that we use below
+
+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+
+# Now test for ISC and SCO, since it is has a braindamaged uname.
+#
+# We need to work around FreeBSD 1.1.5.1 
+(
+XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
+if [ "x$XREL" != "x" ]; then
+    if [ -f /etc/kconfig ]; then
+	case "$XREL" in
+	    4.0|4.1)
+		    echo "${MACHINE}-whatever-isc4"; exit 0
+		;;
+	esac
+    else
+	case "$XREL" in
+	    3.2v4.2)
+		echo "whatever-whatever-sco3"; exit 0
+		;;
+	    3.2v5.0*)
+		echo "whatever-whatever-sco5"; exit 0
+		;;
+	    4.2MP)
+		case "x${VERSION}" in
+		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
+		esac
+		;;
+	    4.2)
+		echo "whatever-whatever-unixware1"; exit 0
+		;;
+	    5*)
+		case "x${VERSION}" in
+		    # We hardcode i586 in place of ${MACHINE} for the
+		    # following reason. The catch is that even though Pentium
+		    # is minimum requirement for platforms in question,
+		    # ${MACHINE} gets always assigned to i386. Now, problem
+		    # with i386 is that it makes ./config pass 386 to
+		    # ./Configure, which in turn makes make generate
+		    # inefficient SHA-1 (for this moment) code.
+		    x[678]*)  echo "i586-sco-unixware7"; exit 0 ;;
+		esac
+		;;
+	esac
+    fi
+fi
+# Now we simply scan though... In most cases, the SYSTEM info is enough
+#
+case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    A/UX:*)
+	echo "m68k-apple-aux3"; exit 0
+	;;
+
+    AIX:[3-9]:4:*)
+	echo "${MACHINE}-ibm-aix"; exit 0
+	;;
+
+    AIX:*:[5-9]:*)
+	echo "${MACHINE}-ibm-aix"; exit 0
+	;;
+
+    AIX:*)
+	echo "${MACHINE}-ibm-aix3"; exit 0
+	;;
+
+    HI-UX:*)
+	echo "${MACHINE}-hi-hiux"; exit 0
+	;;
+
+    HP-UX:*)
+	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "$HPUXVER" in
+	    1[0-9].*)	# HPUX 10 and 11 targets are unified
+		echo "${MACHINE}-hp-hpux1x"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-hp-hpux"; exit 0
+		;;
+	esac
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
+	;;
+
+    IRIX64:*)
+	echo "mips4-sgi-irix64"; exit 0
+	;;
+
+    Linux:[2-9].*)
+	echo "${MACHINE}-whatever-linux2"; exit 0
+	;;
+
+    Linux:1.*)
+	echo "${MACHINE}-whatever-linux1"; exit 0
+	;;
+
+    GNU*)
+	echo "hurd-x86"; exit 0;
+	;;
+
+    LynxOS:*)
+	echo "${MACHINE}-lynx-lynxos"; exit 0
+	;;
+
+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
+    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
+	;;
+
+    BSD/386:*|BSD/OS:*)
+	echo "${MACHINE}-whatever-bsdi"; exit 0
+	;;
+
+    FreeBSD:*:*:*386*)
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;
+
+    FreeBSD:*)
+	echo "${MACHINE}-whatever-freebsd"; exit 0
+	;;
+
+    Haiku:*)
+	echo "${MACHINE}-whatever-haiku"; exit 0
+	;;
+
+    NetBSD:*:*:*386*)
+        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+	;;
+
+    NetBSD:*)
+	echo "${MACHINE}-whatever-netbsd"; exit 0
+	;;
+
+    OpenBSD:*)
+	echo "${MACHINE}-whatever-openbsd"; exit 0
+	;;
+
+    OpenUNIX:*)
+	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+	;;
+
+    OSF1:*:*:*alpha*)
+	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+	case "$OSFMAJOR" in
+	    4|5)
+		echo "${MACHINE}-dec-tru64"; exit 0
+		;;
+	    1|2|3)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	esac
+	;;
+
+    QNX:*)
+	case "$RELEASE" in
+	    4*)
+		echo "${MACHINE}-whatever-qnx4"
+		;;
+	    6*)
+		echo "${MACHINE}-whatever-qnx6"
+		;;
+	    *)
+		echo "${MACHINE}-whatever-qnx"
+		;;
+	esac
+	exit 0
+	;;
+
+    Paragon*:*:*:*)
+	echo "i860-intel-osf1"; exit 0
+	;;
+
+    Rhapsody:*)
+	echo "ppc-apple-rhapsody"; exit 0
+	;;
+
+    Darwin:*)
+	case "$MACHINE" in
+	    Power*)
+		echo "ppc-apple-darwin${VERSION}"
+		;;
+	    x86_64)
+		echo "x86_64-apple-darwin${VERSION}"
+		;;
+	    *)
+		echo "i686-apple-darwin${VERSION}"
+		;;
+	esac
+	exit 0
+	;;
+
+    SunOS:5.*)
+	echo "${MACHINE}-whatever-solaris2"; exit 0
+	;;
+
+    SunOS:*)
+	echo "${MACHINE}-sun-sunos4"; exit 0
+	;;
+
+    UNIX_System_V:4.*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    VOS:*:*:i786)
+     echo "i386-stratus-vos"; exit 0
+     ;;
+
+    VOS:*:*:*)
+     echo "hppa1.1-stratus-vos"; exit 0
+     ;;
+
+    *:4*:R4*:m88k)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    DYNIX/ptx:4*:*)
+	echo "${MACHINE}-whatever-sysv4"; exit 0
+	;;
+
+    *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
+	echo "i486-ncr-sysv4"; exit 0
+	;;
+
+    ULTRIX:*)
+	echo "${MACHINE}-unknown-ultrix"; exit 0
+	;;
+
+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
+	;;
+
+    machten:*)
+       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
+       ;;
+
+    library:*)
+	echo "${MACHINE}-ncr-sysv4"; exit 0
+	;;
+
+    ConvexOS:*:11.0:*)
+	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
+	;;
+
+    # The following combinations are supported
+    # MINGW64* on x86_64 => mingw64
+    # MINGW32* on x86_64 => mingw
+    # MINGW32* on i?86 => mingw
+    #
+    # MINGW64* on i?86 isn't expected to work...
+    MINGW64*:*:*:x86_64)
+	echo "${MACHINE}-whatever-mingw64"; exit 0;
+	;;
+    MINGW*)
+	echo "${MACHINE}-whatever-mingw"; exit 0;
+	;;
+    CYGWIN*)
+	echo "${MACHINE}-pc-cygwin"; exit 0
+	;;
+
+    vxworks*)
+       echo "${MACHINE}-whatever-vxworks"; exit 0;
+       ;;
+esac
+
+#
+# Ugg. These are all we can determine by what we know about
+# the output of uname. Be more creative:
+#
+
+# Do the Apollo stuff first. Here, we just simply assume
+# that the existence of the /usr/apollo directory is proof
+# enough
+if [ -d /usr/apollo ]; then
+    echo "whatever-apollo-whatever"
+    exit 0
+fi
+
+# Now NeXT
+ISNEXT=`hostinfo 2>/dev/null`
+case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
+    *NeXT*)
+	echo "whatever-next-nextstep"; exit 0
+	;;
+esac
+
+# At this point we gone through all the one's
+# we know of: Punt
+
+echo "${MACHINE}-whatever-${SYSTEM}" 
+exit 0
+) 2>/dev/null | (
+
+# ---------------------------------------------------------------------------
+# this is where the translation occurs into SSLeay terms
+# ---------------------------------------------------------------------------
+
+# Only set CC if not supplied already
+if [ -z "$CROSS_COMPILE$CC" ]; then
+  GCCVER=`sh -c "gcc -dumpversion" 2>/dev/null`
+  if [ "$GCCVER" != "" ]; then
+    # then strip off whatever prefix egcs prepends the number with...
+    # Hopefully, this will work for any future prefixes as well.
+    GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
+    # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+    # does give us what we want though, so we use that.  We just just the
+    # major and minor version numbers.
+    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+    CC=gcc
+  else
+    CC=cc
+  fi
+fi
+GCCVER=${GCCVER:-0}
+if [ "$SYSTEM" = "HP-UX" ];then
+  # By default gcc is a ILP32 compiler (with long long == 64).
+  GCC_BITS="32"
+  if [ $GCCVER -ge 30 ]; then
+    # PA64 support only came in with gcc 3.0.x.
+    # We check if the preprocessor symbol __LP64__ is defined...
+    if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
+      : # __LP64__ has slipped through, it therefore is not defined
+    else
+      GCC_BITS="64"
+    fi
+  fi
+fi
+if [ "$SYSTEM" = "SunOS" ]; then
+  if [ $GCCVER -ge 30 ]; then
+    # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
+    # to be working, at the very least 'make test' passes...
+    if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
+      GCC_ARCH="-m64"
+    else
+      GCC_ARCH="-m32"
+    fi
+  fi
+  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  fi
+fi
+
+if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
+    (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
+fi
+
+CCVER=${CCVER:-0}
+
+# read the output of the embedded GuessOS 
+read GUESSOS
+
+echo Operating system: $GUESSOS
+
+# now map the output into SSLeay terms ... really should hack into the
+# script above so we end up with values in vars but that would take
+# more time that I want to waste at the moment
+case "$GUESSOS" in
+  uClinux*64*)
+    OUT=uClinux-dist64
+	;;
+  uClinux*)
+    OUT=uClinux-dist
+	;;
+  mips3-sgi-irix)
+	#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	#CPU=${CPU:-0}
+	#if [ $CPU -ge 5000 ]; then
+	#	options="$options -mips4"
+	#else
+	#	options="$options -mips3"
+	#fi
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure irix64-mips4-$CC' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	  echo "         You have about 5 seconds to press Ctrl-C to abort."
+	  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+        #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        #CPU=${CPU:-0}
+        #if [ $CPU -ge 5000 ]; then
+        #        options="$options -mips4"
+        #else
+        #        options="$options -mips3"
+        #fi
+	OUT="irix-mips3-$CC"
+	;;
+  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
+  ppc-apple-darwin*)
+	ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke '$THERE/Configure darwin64-ppc-cc' *manually*."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	      echo "         You have about 5 seconds to press Ctrl-C to abort."
+	      (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	    fi
+	fi
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="darwin64-ppc-cc"
+	else
+	    OUT="darwin-ppc-cc"
+	fi ;;
+  i?86-apple-darwin*)
+	ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke 'KERNEL_BITS=64 $THERE/config $options'."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	      echo "         You have about 5 seconds to press Ctrl-C to abort."
+	      # The stty technique used elsewhere doesn't work on
+	      # MacOS. At least, right now on this Mac.
+	      sleep 5
+	    fi
+	fi
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="darwin64-x86_64-cc"
+	else
+	    OUT="darwin-i386-cc"
+	fi ;;
+  x86_64-apple-darwin*)
+	if [ -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 32-bit library, then you have to"
+	    echo "         invoke 'KERNEL_BITS=32 $THERE/config $options'."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	      echo "         You have about 5 seconds to press Ctrl-C to abort."
+	      # The stty technique used elsewhere doesn't work on
+	      # MacOS. At least, right now on this Mac.
+	      sleep 5
+	    fi
+	fi
+	if [ "$KERNEL_BITS" = "32" ]; then
+	    OUT="darwin-i386-cc"
+	else
+	    OUT="darwin64-x86_64-cc"
+	fi ;;
+  armv6+7-*-iphoneos)
+	options="$options -arch%20armv6 -arch%20armv7"
+	OUT="iphoneos-cross" ;;
+  *-*-iphoneos)
+	options="$options -arch%20${MACHINE}"
+	OUT="iphoneos-cross" ;;
+  arm64-*-iphoneos|*-*-ios64)
+	OUT="ios64-cross" ;;
+  alpha-*-linux2)
+        ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
+	case ${ISA:-generic} in
+	*[678])	OUT="linux-alpha+bwx-$CC" ;;
+	*)	OUT="linux-alpha-$CC" ;;
+	esac
+	if [ "$CC" = "gcc" ]; then
+	    case ${ISA:-generic} in
+	    EV5|EV45)		options="$options -mcpu=ev5";;
+	    EV56|PCA56)		options="$options -mcpu=ev56";;
+	    *)			options="$options -mcpu=ev6";;
+	    esac
+	fi
+	;;
+  ppc64-*-linux2)
+	if [ -z "$KERNEL_BITS" ]; then
+	    echo "WARNING! If you wish to build 64-bit library, then you have to"
+	    echo "         invoke '$THERE/Configure linux-ppc64' *manually*."
+	    if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		echo "         You have about 5 seconds to press Ctrl-C to abort."
+		(trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	    fi
+	fi
+	if [ "$KERNEL_BITS" = "64" ]; then
+	    OUT="linux-ppc64"
+	else
+	    OUT="linux-ppc"
+	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+	fi
+	;;
+  ppc64le-*-linux2) OUT="linux-ppc64le" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips64*-*-linux2)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure linux64-mips64' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	    echo "         You have about 5 seconds to press Ctrl-C to abort."
+	    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="linux-mips64"
+	;;
+  mips*-*-linux2) OUT="linux-mips32" ;;
+  ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+  ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
+  pentium-*-vxworks*) OUT="vxworks-pentium" ;;
+  simlinux-*-vxworks*) OUT="vxworks-simlinux" ;;
+  mips-*-vxworks*) OUT="vxworks-mips";;
+  ia64-*-linux?) OUT="linux-ia64" ;;
+  sparc64-*-linux2)
+	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+	echo "         and wish to build 64-bit library, then you have to"
+	echo "         invoke '$THERE/Configure linux64-sparcv9' *manually*."
+	if [ "$DRYRUN" = "false" -a -t 1 ]; then
+	  echo "          You have about 5 seconds to press Ctrl-C to abort."
+	  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+	esac ;;
+  parisc*-*-linux2)
+	# 64-bit builds under parisc64 linux are not supported and
+	# compiler is expected to generate 32-bit objects...
+	CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo`
+	CPUSCHEDULE=`awk '/^cpu.[ 	]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo`
+
+	# ??TODO ??  Model transformations
+	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
+	#    assuming no further arch. identification will ever be used by GCC.
+	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
+	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
+	#    for these chips in the future.
+	#         PA7300LC -> 7100LC (1.1)
+	#         PA8200   -> 8000   (2.0)
+	#         PA8500   -> 8000   (2.0)
+	#         PA8600   -> 8000   (2.0)
+
+	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
+	# Finish Model transformations
+
+	options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
+	OUT="linux-generic32" ;;
+  armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
+  armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
+  arm*-*-linux2) OUT="linux-armv4" ;;
+  aarch64-*-linux2) OUT="linux-aarch64" ;;
+  sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+  s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+  s390x-*-linux2)
+	# To be uncommented when glibc bug is fixed, see Configure...
+	#if egrep -e '^features.* highgprs' /proc/cpuinfo >/dev/null ; then
+	#  echo "WARNING! If you wish to build \"highgprs\" 32-bit library, then you"
+	#  echo "         have to invoke './Configure linux32-s390x' *manually*."
+	#  if [ "$DRYRUN" = "false" -a -t -1 ]; then
+	#    echo "         You have about 5 seconds to press Ctrl-C to abort."
+	#    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	#  fi
+	#fi
+	OUT="linux64-s390x"
+	;;
+  x86_64-*-linux?)
+	if $CC -dM -E -x c /dev/null 2>&1 | grep -q ILP32 > /dev/null; then
+	    OUT="linux-x32"
+	else
+	    OUT="linux-x86_64"
+	fi ;;
+  *86-*-linux2)
+        # On machines where the compiler understands -m32, prefer a
+        # config target that uses it
+        if $CC -m32 -E -x c /dev/null > /dev/null 2>&1; then
+            OUT="linux-x86"
+        else
+            OUT="linux-elf"
+        fi ;;
+  *86-*-linux1) OUT="linux-aout" ;;
+  *-*-linux?) OUT="linux-generic32" ;;
+  sun4[uv]*-*-solaris2)
+	OUT="solaris-sparcv9-$CC"
+	ISA64=`(isainfo) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "" ]; then
+	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke '$THERE/Configure solaris64-sparcv9-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
+		# $GCC_ARCH denotes default ABI chosen by compiler driver
+		# (first one found on the $PATH). I assume that user
+		# expects certain consistency with the rest of his builds
+		# and therefore switch over to 64-bit. <appro>
+		OUT="solaris64-sparcv9-gcc"
+		echo "WARNING! If you wish to build 32-bit library, then you have to"
+		echo "         invoke '$THERE/Configure solaris-sparcv9-gcc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    elif [ "$GCC_ARCH" = "-m32" ]; then
+		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
+		echo "        and wish to build 64-bit library, then you have to"
+		echo "        invoke '$THERE/Configure solaris64-sparcv9-gcc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    fi
+	fi
+	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "64" ]; then
+	    OUT="solaris64-sparcv9-$CC"
+	fi
+	;;
+  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
+  *86*-*-solaris2)
+	ISA64=`(isainfo) 2>/dev/null | grep amd64`
+	if [ "$ISA64" != "" -a ${KERNEL_BITS:-64} -eq 64 ]; then
+	    OUT="solaris64-x86_64-$CC"
+	else
+	    OUT="solaris-x86-$CC"
+	    if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
+		options="$options no-sse2"
+	    fi
+	fi
+	;;
+  *-*-sunos4)		OUT="sunos-$CC" ;;
+
+  *86*-*-bsdi4)		OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
+  alpha*-*-*bsd*)	OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;;
+  powerpc64-*-*bsd*)	OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;;
+  sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
+  ia64-*-*bsd*)		OUT="BSD-ia64" ;;
+  amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
+  *86*-*-*bsd*)		# mimic ld behaviour when it's looking for libc...
+			if [ -L /usr/lib/libc.so ]; then	# [Free|Net]BSD
+			    libc=/usr/lib/libc.so
+			else					# OpenBSD
+			    # ld searches for highest libc.so.* and so do we
+			    libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
+			fi
+			case "`(file -L $libc) 2>/dev/null`" in
+			*ELF*)	OUT="BSD-x86-elf" ;;
+			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
+			esac ;;
+  *-*-*bsd*)		OUT="BSD-generic32" ;;
+
+  x86_64-*-haiku)	OUT="haiku-x86_64" ;;
+  *-*-haiku)		OUT="haiku-x86" ;;
+
+  *-*-osf)		OUT="osf1-alpha-cc" ;;
+  *-*-tru64)		OUT="tru64-alpha-cc" ;;
+  *-*-[Uu]nix[Ww]are7)
+	if [ "$CC" = "gcc" ]; then
+	  OUT="unixware-7-gcc" ; options="$options no-sse2"
+	else    
+	  OUT="unixware-7" ; options="$options no-sse2 -D__i386__"
+	fi
+	;;
+  *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
+  *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
+  *-*-vos)
+	options="$options no-threads no-shared no-asm no-dso"
+	EXE=".pm"
+	OUT="vos-$CC" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  *-hpux1*)
+	if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
+	    OUT="hpux64-parisc2-gcc"
+	fi
+	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
+	CPU_VERSION=${CPU_VERSION:-0}
+	# See <sys/unistd.h> for further info on CPU_VERSION.
+	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+	        OUT="hpux64-ia64-cc"
+             else
+	        OUT="hpux-ia64-cc"
+             fi
+	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
+	     OUT=${OUT:-"hpux-parisc2-${CC}"}
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+		echo "WARNING! If you wish to build 64-bit library then you have to"
+		echo "         invoke '$THERE/Configure hpux64-parisc2-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	     fi
+	     # PA-RISC 2.0 is no longer supported as separate 32-bit
+	     # target. This is compensated for by run-time detection
+	     # in most critical assembly modules and taking advantage
+	     # of 2.0 architecture in PA-RISC 1.1 build.
+	     OUT="hpux-parisc1_1-${CC}"
+	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
+	     OUT="hpux-parisc1_1-${CC}"
+	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
+	     OUT="hpux-parisc-${CC}"
+	else					# Motorola(?) CPU
+	     OUT="hpux-$CC"
+	fi
+	options="$options -D_REENTRANT" ;;
+  *-hpux)	OUT="hpux-parisc-$CC" ;;
+  *-aix)
+	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	OBJECT_MODE=${OBJECT_MODE:-32}
+	if [ "$CC" = "gcc" ]; then
+	    OUT="aix-gcc"
+          if [ $OBJECT_MODE -eq 64 ]; then
+            echo 'Your $OBJECT_MODE was found to be set to 64'
+            OUT="aix64-gcc"
+          fi
+	elif [ $OBJECT_MODE -eq 64 ]; then
+	    echo 'Your $OBJECT_MODE was found to be set to 64' 
+	    OUT="aix64-cc"
+	else
+	    OUT="aix-cc"
+	    if [ $KERNEL_BITS -eq 64 ]; then
+		echo "WARNING! If you wish to build 64-bit kit, then you have to"
+		echo "         invoke '$THERE/Configure aix64-cc' *manually*."
+		if [ "$DRYRUN" = "false" -a -t 1 ]; then
+		    echo "         You have ~5 seconds to press Ctrl-C to abort."
+		    (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		fi
+	    fi
+	fi
+	if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then
+	    :	# this applies even to Power3 and later, as they return PowerPC_POWER[345]
+	else
+	    options="$options no-asm"
+	fi
+	;;
+  # these are all covered by the catchall below
+  i[3456]86-*-cygwin) OUT="Cygwin-x86" ;;
+  *-*-cygwin) OUT="Cygwin-${MACHINE}" ;;
+  x86pc-*-qnx6) OUT="QNX6-i386" ;;
+  *-*-qnx6) OUT="QNX6" ;;
+  x86-*-android|i?86-*-android) OUT="android-x86" ;;
+  armv[7-9]*-*-android)
+      OUT="android-armeabi"; options="$options -march=armv7-a" ;;
+  arm*-*-android) OUT="android-armeabi" ;;
+  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+esac
+
+# NB: This atalla support has been superseded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
+# See whether we can compile Atalla support
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
+
+if [ -n "$CONFIG_OPTIONS" ]; then
+  options="$options $CONFIG_OPTIONS"
+fi
+
+if expr "$options" : '.*no\-asm' > /dev/null; then :; else
+  sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \
+  grep \\--noexecstack >/dev/null && \
+  options="$options -Wa,--noexecstack"
+fi
+
+# gcc < 2.8 does not support -march=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv8-gcc
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
+for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha
+do
+  if [ ! -d $THERE/crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
+if [ -z "$OUT" ]; then
+  OUT="$CC"
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5$EXE" ] ; then
+			PERL="$i/perl5$EXE"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl$EXE" ] ; then
+			if "$i/perl$EXE" -e 'exit($]<5.0)'; then
+				PERL="$i/perl$EXE"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
+# run Configure to check to see if we need to specify the 
+# compiler for the platform ... in which case we add it on
+# the end ... otherwise we leave it off
+
+$PERL $THERE/Configure LIST | grep "$OUT-$CC" > /dev/null
+if [ $? = "0" ]; then
+  OUT="$OUT-$CC"
+fi
+
+OUT="$OUT"
+
+$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  echo Configuring for $OUT
+
+  if [ "$VERBOSE" = "true" ]; then
+    echo $PERL $THERE/Configure $OUT $options
+  fi  
+  if [ "$DRYRUN" = "false" ]; then
+    $PERL $THERE/Configure $OUT $options
+  fi
+else
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
+fi
+)
diff --git a/openssl-1.1.0h/config.com b/openssl-1.1.0h/config.com
new file mode 100644
index 0000000..46ccaa2
--- /dev/null
+++ b/openssl-1.1.0h/config.com
@@ -0,0 +1,93 @@
+$	! OpenSSL config: determine the architecture and run Configure
+$	! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+$	!
+$	! Licensed under the OpenSSL license (the "License").  You may not use
+$	! this file except in compliance with the License.  You can obtain a
+$	! copy in the file LICENSE in the source distribution or at
+$	! https://www.openssl.org/source/license.html
+$	!
+$	! Very simple for the moment, it will take the following arguments:
+$	!
+$	! -32 or 32	sets /POINTER_SIZE=32
+$	! -64 or 64	sets /POINTER_SIZE=64
+$	! -d		sets debugging
+$	! -h		prints a usage and exits
+$	! -t		test mode, doesn't run Configure
+$
+$	arch = f$edit( f$getsyi( "arch_name"), "lowercase")
+$	pointer_size = ""
+$	dryrun = 0
+$	verbose = 0
+$	here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;"
+$
+$	collected_args = ""
+$	P_index = 0
+$	LOOP1:
+$	    P_index = P_index + 1
+$	    IF P_index .GT. 8 THEN GOTO ENDLOOP1
+$	    P = F$EDIT(P1,"TRIM,LOWERCASE")
+$	    IF P .EQS. "-h"
+$           THEN
+$               dryrun = 1
+$               P = ""
+$               TYPE SYS$INPUT
+$               DECK
+Usage: @config [options]
+
+  -32 or 32	Build with 32-bit pointer size.
+  -64 or 64	Build with 64-bit pointer size.
+  -d		Build with debugging.
+  -t            Test mode, do not run the Configure perl script.
+  -v            Verbose mode, show the exact Configure call that is being made.
+  -h		This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+$               EOD
+$           ENDIF
+$	    IF P .EQS. "-t"
+$	    THEN
+$		dryrun = 1
+$		verbose = 1
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-v"
+$	    THEN
+$		verbose = 1
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-32" .OR. P .EQS. "32"
+$	    THEN
+$		pointer_size = "-P32"
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-64" .OR. P .EQS. "64"
+$	    THEN
+$		pointer_size = "-P64"
+$		P = ""
+$	    ENDIF
+$	    IF P .EQS. "-d"
+$	    THEN
+$               collected_args = collected_args + " --debug"
+$		P = ""
+$	    ENDIF
+$	    IF P .NES. "" THEN -
+	       collected_args = collected_args + " """ + P1 + """"
+$	    P1 = P2
+$	    P2 = P3
+$	    P3 = P4
+$	    P4 = P5
+$	    P5 = P6
+$	    P6 = P7
+$	    P7 = P8
+$	    P8 = ""
+$	    GOTO LOOP1
+$	ENDLOOP1:
+$
+$	target = "vms-''arch'''pointer_size'"
+$       IF verbose THEN -
+           WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args
+$       IF .not. dryrun THEN -
+           PERL 'here'Configure "''target'"'collected_args'
+$       EXIT $STATUS
diff --git a/openssl-1.1.0h/crypto/LPdir_nyi.c b/openssl-1.1.0h/crypto/LPdir_nyi.c
new file mode 100644
index 0000000..049044c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_nyi.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+struct LP_dir_context_st {
+    void *dummy;
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    errno = EINVAL;
+    return 0;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    errno = EINVAL;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/LPdir_unix.c b/openssl-1.1.0h/crypto/LPdir_unix.c
new file mode 100644
index 0000000..1bb2940
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_unix.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * The POSIXly macro for the maximum number of characters in a file path is
+ * NAME_MAX.  However, some operating systems use PATH_MAX instead.
+ * Therefore, it seems natural to first check for PATH_MAX and use that, and
+ * if it doesn't exist, use NAME_MAX.
+ */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/*
+ * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+ * exist.  It's also possible that NAME_MAX exists but is define to a very
+ * small value (HP-UX offers 14), so we need to check if we got a result, and
+ * if it meets a minimum standard, and create or change it if not.
+ */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st {
+    DIR *dir;
+    char entry_name[LP_ENTRY_SIZE + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    struct dirent *direntry = NULL;
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        (*ctx)->dir = opendir(directory);
+        if ((*ctx)->dir == NULL) {
+            int save_errno = errno; /* Probably not needed, but I'm paranoid */
+            free(*ctx);
+            *ctx = NULL;
+            errno = save_errno;
+            return 0;
+        }
+    }
+
+    direntry = readdir((*ctx)->dir);
+    if (direntry == NULL) {
+        return 0;
+    }
+
+    strncpy((*ctx)->entry_name, direntry->d_name,
+            sizeof((*ctx)->entry_name) - 1);
+    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int ret = closedir((*ctx)->dir);
+
+        free(*ctx);
+        switch (ret) {
+        case 0:
+            return 1;
+        case -1:
+            return 0;
+        default:
+            break;
+        }
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/LPdir_vms.c b/openssl-1.1.0h/crypto/LPdir_vms.c
new file mode 100644
index 0000000..1a5b60f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_vms.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+#include "vms_rms.h"
+
+/* Some compiler options hide EVMSERR. */
+#ifndef EVMSERR
+# define EVMSERR        65535   /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st {
+    unsigned long VMS_context;
+    char filespec[NAMX_MAXRSS + 1];
+    char result[NAMX_MAXRSS + 1];
+    struct dsc$descriptor_d filespec_dsc;
+    struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    int status;
+    char *p, *r;
+    size_t l;
+    unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+    char *ctx_filespec_32p;
+# pragma pointer_size restore
+    char ctx_filespec_32[NAMX_MAXRSS + 1];
+#endif                          /* __INITIAL_POINTER_SIZE == 64 */
+
+#ifdef NAML$C_MAXRSS
+    flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t filespeclen = strlen(directory);
+        char *filespec = NULL;
+
+        if (filespeclen == 0) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        /* MUST be a VMS directory specification!  Let's estimate if it is. */
+        if (directory[filespeclen - 1] != ']'
+            && directory[filespeclen - 1] != '>'
+            && directory[filespeclen - 1] != ':') {
+            errno = EINVAL;
+            return 0;
+        }
+
+        filespeclen += 4;       /* "*.*;" */
+
+        if (filespeclen > NAMX_MAXRSS) {
+            errno = ENAMETOOLONG;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        strcpy((*ctx)->filespec, directory);
+        strcat((*ctx)->filespec, "*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy(ctx_filespec_32p, (*ctx)->filespec);
+#else                           /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif                          /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+        (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+        (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
+    }
+
+    (*ctx)->result_dsc.dsc$w_length = 0;
+    (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+    (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+    status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                           &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+    if (status == RMS$_NMF) {
+        errno = 0;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        errno = EVMSERR;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    /*
+     * Quick, cheap and dirty way to discard any device and directory, since
+     * we only want file names
+     */
+    l = (*ctx)->result_dsc.dsc$w_length;
+    p = (*ctx)->result_dsc.dsc$a_pointer;
+    r = p;
+    for (; *p; p++) {
+        if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+            p++;
+        } else if (*p == ':' || *p == '>' || *p == ']') {
+            l -= p + 1 - r;
+            r = p + 1;
+        } else if (*p == ';') {
+            l = p - r;
+            break;
+        }
+    }
+
+    strncpy((*ctx)->result, r, l);
+    (*ctx)->result[l] = '\0';
+    str$free1_dx(&(*ctx)->result_dsc);
+
+    return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+        free(*ctx);
+
+        if (!$VMS_STATUS_SUCCESS(status)) {
+            errno = EVMSERR;
+            vaxc$errno = status;
+            return 0;
+        }
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/LPdir_win.c b/openssl-1.1.0h/crypto/LPdir_win.c
new file mode 100644
index 0000000..8f674d3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_win.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <windows.h>
+#include <tchar.h>
+#include "internal/numbers.h"
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * We're most likely overcautious here, but let's reserve for broken WinCE
+ * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
+ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
+ */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+#ifdef CP_UTF8
+# define CP_DEFAULT CP_UTF8
+#else
+# define CP_DEFAULT CP_ACP
+#endif
+
+struct LP_dir_context_st {
+    WIN32_FIND_DATA ctx;
+    HANDLE handle;
+    char entry_name[NAME_MAX + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t dirlen = strlen(directory);
+
+        if (dirlen == 0 || dirlen > INT_MAX - 3) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        if (sizeof(TCHAR) != sizeof(char)) {
+            TCHAR *wdir = NULL;
+            /* len_0 denotes string length *with* trailing 0 */
+            size_t index = 0, len_0 = dirlen + 1;
+#ifdef LP_MULTIBYTE_AVAILABLE
+            int sz = 0;
+            UINT cp;
+
+            do {
+# ifdef CP_UTF8
+                if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
+                                              directory, len_0,
+                                              NULL, 0)) > 0 ||
+                    GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
+                    break;
+# endif
+                sz = MultiByteToWideChar((cp = CP_ACP), 0,
+                                         directory, len_0,
+                                         NULL, 0);
+            } while (0);
+
+            if (sz > 0) {
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                if (!MultiByteToWideChar(cp, 0, directory, len_0,
+                                         (WCHAR *)wdir, sz)) {
+                    free(*ctx);
+                    *ctx = NULL;
+                    errno = EINVAL;
+                    return 0;
+                }
+            } else
+#endif
+            {
+                sz = len_0;
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                for (index = 0; index < len_0; index++)
+                    wdir[index] = (TCHAR)directory[index];
+            }
+
+            sz--; /* wdir[sz] is trailing '\0' now */
+            if (wdir[sz - 1] != TEXT('*')) {
+                if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
+                    _tcscpy(wdir + sz, TEXT("/*"));
+                else
+                    _tcscpy(wdir + sz, TEXT("*"));
+            }
+
+            (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+        } else {
+            if (directory[dirlen - 1] != '*') {
+                char *buf = _alloca(dirlen + 3);
+
+                strcpy(buf, directory);
+                if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
+                    strcpy(buf + dirlen, "/*");
+                else
+                    strcpy(buf + dirlen, "*");
+
+                directory = buf;
+            }
+
+            (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+        }
+
+        if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+            free(*ctx);
+            *ctx = NULL;
+            errno = EINVAL;
+            return 0;
+        }
+    } else {
+        if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+            return 0;
+        }
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        TCHAR *wdir = (*ctx)->ctx.cFileName;
+        size_t index, len_0 = 0;
+
+        while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
+            len_0++;
+        len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+        if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
+                                 (*ctx)->entry_name,
+                                 sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+            for (index = 0; index < len_0; index++)
+                (*ctx)->entry_name[index] = (char)wdir[index];
+    } else
+        strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+                sizeof((*ctx)->entry_name) - 1);
+
+    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        FindClose((*ctx)->handle);
+        free(*ctx);
+        *ctx = NULL;
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/LPdir_win32.c b/openssl-1.1.0h/crypto/LPdir_win32.c
new file mode 100644
index 0000000..59ed485
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_win32.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/openssl-1.1.0h/crypto/LPdir_wince.c b/openssl-1.1.0h/crypto/LPdir_wince.c
new file mode 100644
index 0000000..dbc1052
--- /dev/null
+++ b/openssl-1.1.0h/crypto/LPdir_wince.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/*
+ * We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently under
+ * investigation what the exact conditions would be
+ */
+#include "LPdir_win.c"
diff --git a/openssl-1.1.0h/crypto/aes/aes_cbc.c b/openssl-1.1.0h/crypto/aes/aes_cbc.c
new file mode 100644
index 0000000..342841f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t len, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) AES_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) AES_decrypt);
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_cfb.c b/openssl-1.1.0h/crypto/aes/aes_cfb.c
new file mode 100644
index 0000000..f010e3c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) AES_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_core.c b/openssl-1.1.0h/crypto/aes/aes_core.c
new file mode 100644
index 0000000..bd5c779
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_core.c
@@ -0,0 +1,1367 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#ifndef AES_ASM
+/*-
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+#else /* AES_ASM */
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                ((u32)Te4[(temp      ) & 0xff]);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 8) ^ (tp9 << 24) ^
+                (tpb >> 24) ^ (tpb << 8);
+#endif
+        }
+    }
+    return 0;
+}
+
+#endif /* AES_ASM */
diff --git a/openssl-1.1.0h/crypto/aes/aes_ecb.c b/openssl-1.1.0h/crypto/aes/aes_ecb.c
new file mode 100644
index 0000000..29bfc1a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_ecb.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc)
+{
+
+    assert(in && out && key);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+    if (AES_ENCRYPT == enc)
+        AES_encrypt(in, out, key);
+    else
+        AES_decrypt(in, out, key);
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_ige.c b/openssl-1.1.0h/crypto/aes/aes_ige.c
new file mode 100644
index 0000000..75f796c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_ige.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+    unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+# define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+# define store_block(d, s)       *(aes_block_t *)(d) = (s)
+#else
+# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+    size_t n;
+    size_t len = length;
+
+    if (length == 0)
+        return;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    len = length / AES_BLOCK_SIZE;
+
+    if (AES_ENCRYPT == enc) {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] = inp->data[n] ^ ivp->data[n];
+                AES_encrypt((unsigned char *)outp->data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= iv2p->data[n];
+                ivp = outp;
+                iv2p = inp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+                AES_encrypt((unsigned char *)tmp2.data,
+                            (unsigned char *)tmp2.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] ^= iv2.data[n];
+                store_block(out, tmp2);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    } else {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t tmp;
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= ivp->data[n];
+                ivp = inp;
+                iv2p = outp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                tmp2 = tmp;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv2.data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)tmp.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv.data[n];
+                store_block(out, tmp);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    }
+}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc)
+{
+    size_t n;
+    size_t len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    unsigned char tmp2[AES_BLOCK_SIZE];
+    unsigned char tmp3[AES_BLOCK_SIZE];
+    unsigned char prev[AES_BLOCK_SIZE];
+    const unsigned char *iv;
+    const unsigned char *iv2;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    if (AES_ENCRYPT == enc) {
+        /*
+         * XXX: Do a separate case for when in != out (strictly should check
+         * for overlap, too)
+         */
+
+        /* First the forward pass */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            iv = out;
+            memcpy(prev, in, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+
+        /* And now backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            out -= AES_BLOCK_SIZE;
+            /*
+             * XXX: reduce copies by alternating between buffers
+             */
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            /*
+             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+             */
+            AES_encrypt(out, out, key);
+            /*
+             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+             */
+            /*
+             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+             */
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            /*
+             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+             */
+            iv = out;
+            memcpy(prev, tmp, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+        }
+    } else {
+        /* First backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        in += length;
+        out += length;
+        while (len >= AES_BLOCK_SIZE) {
+            in -= AES_BLOCK_SIZE;
+            out -= AES_BLOCK_SIZE;
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            memcpy(tmp2, in, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+        }
+
+        /* And now forwards */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            memcpy(tmp2, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+    }
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_locl.h b/openssl-1.1.0h/crypto/aes/aes_locl.h
new file mode 100644
index 0000000..adee29d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_locl.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_LOCL_H
+# define HEADER_AES_LOCL_H
+
+# include <openssl/e_os2.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  define GETU32(p) SWAP(*((u32 *)(p)))
+#  define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# else
+#  define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#  define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+# endif
+
+# ifdef AES_LONG
+typedef unsigned long u32;
+# else
+typedef unsigned int u32;
+# endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+# define MAXKC   (256/32)
+# define MAXKB   (256/8)
+# define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+# undef FULL_UNROLL
+
+#endif                          /* !HEADER_AES_LOCL_H */
diff --git a/openssl-1.1.0h/crypto/aes/aes_misc.c b/openssl-1.1.0h/crypto/aes/aes_misc.c
new file mode 100644
index 0000000..7403c84
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_misc.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char *AES_options(void)
+{
+#ifdef FULL_UNROLL
+    return "aes(full)";
+#else
+    return "aes(partial)";
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_ofb.c b/openssl-1.1.0h/crypto/aes/aes_ofb.c
new file mode 100644
index 0000000..215b538
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) AES_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_wrap.c b/openssl-1.1.0h/crypto/aes/aes_wrap.c
new file mode 100644
index 0000000..cae0b21
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_wrap.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
+}
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_unwrap(key, iv, out, in, inlen,
+                             (block128_f) AES_decrypt);
+}
diff --git a/openssl-1.1.0h/crypto/aes/aes_x86core.c b/openssl-1.1.0h/crypto/aes/aes_x86core.c
new file mode 100644
index 0000000..95b49bb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/aes_x86core.c
@@ -0,0 +1,1075 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] assembler.
+ *
+ *                  <appro@fy.chalmers.se>
+ */
+
+
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+ * These two parameters control which table, 256-byte or 2KB, is
+ * referenced in outer and respectively inner rounds.
+ */
+#define AES_COMPACT_IN_OUTER_ROUNDS
+#ifdef  AES_COMPACT_IN_OUTER_ROUNDS
+/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while
+ * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further*
+ * by factor of ~2. */
+# undef  AES_COMPACT_IN_INNER_ROUNDS
+#endif
+
+#if 1
+static void prefetch256(const void *table)
+{
+    volatile unsigned long *t=(void *)table,ret;
+    unsigned long sum;
+    int i;
+
+    /* 32 is common least cache-line size */
+    for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0]))   sum ^= t[i];
+
+    ret = sum;
+}
+#else
+# define prefetch256(t)
+#endif
+
+#undef GETU32
+#define GETU32(p) (*((u32*)(p)))
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#define U64(C)  C##UI64
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#define U64(C)  C##UL
+#else
+typedef unsigned long long u64;
+#define U64(C)  C##ULL
+#endif
+
+#undef ROTATE
+#if defined(_MSC_VER)
+# define ROTATE(a,n)    _lrotl(a,n)
+#elif defined(__ICC)
+# define ROTATE(a,n)    _rotl(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                asm (           \
+                "roll %1,%0"        \
+                : "=r"(ret)     \
+                : "I"(n), "0"(a)    \
+                : "cc");        \
+               ret;             \
+            })
+# endif
+#endif
+/*-
+Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+*/
+#define Te0 (u32)((u64*)((u8*)Te+0))
+#define Te1 (u32)((u64*)((u8*)Te+3))
+#define Te2 (u32)((u64*)((u8*)Te+2))
+#define Te3 (u32)((u64*)((u8*)Te+1))
+/*-
+Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+#define Td0 (u32)((u64*)((u8*)Td+0))
+#define Td1 (u32)((u64*)((u8*)Td+3))
+#define Td2 (u32)((u64*)((u8*)Td+2))
+#define Td3 (u32)((u64*)((u8*)Td+1))
+
+static const u64 Te[256] = {
+    U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8),
+    U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6),
+    U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6),
+    U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591),
+    U64(0x5030306050303060), U64(0x0301010203010102),
+    U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56),
+    U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5),
+    U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec),
+    U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f),
+    U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa),
+    U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2),
+    U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb),
+    U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3),
+    U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45),
+    U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453),
+    U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b),
+    U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1),
+    U64(0xae93933dae93933d), U64(0x6a26264c6a26264c),
+    U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e),
+    U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83),
+    U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551),
+    U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9),
+    U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab),
+    U64(0x5331316253313162), U64(0x3f15152a3f15152a),
+    U64(0x0c0404080c040408), U64(0x52c7c79552c7c795),
+    U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d),
+    U64(0x2818183028181830), U64(0xa1969637a1969637),
+    U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f),
+    U64(0x0907070e0907070e), U64(0x3612122436121224),
+    U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df),
+    U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e),
+    U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea),
+    U64(0x1b0909121b090912), U64(0x9e83831d9e83831d),
+    U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34),
+    U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc),
+    U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b),
+    U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76),
+    U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d),
+    U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd),
+    U64(0x712f2f5e712f2f5e), U64(0x9784841397848413),
+    U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9),
+    U64(0x0000000000000000), U64(0x2cededc12cededc1),
+    U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3),
+    U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6),
+    U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d),
+    U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972),
+    U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98),
+    U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85),
+    U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5),
+    U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed),
+    U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a),
+    U64(0x5533336655333366), U64(0x9485851194858511),
+    U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9),
+    U64(0x0602020406020204), U64(0x817f7ffe817f7ffe),
+    U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78),
+    U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b),
+    U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d),
+    U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05),
+    U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21),
+    U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1),
+    U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677),
+    U64(0x75dadaaf75dadaaf), U64(0x6321214263212142),
+    U64(0x3010102030101020), U64(0x1affffe51affffe5),
+    U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf),
+    U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18),
+    U64(0x3513132635131326), U64(0x2fececc32fececc3),
+    U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735),
+    U64(0xcc444488cc444488), U64(0x3917172e3917172e),
+    U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755),
+    U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a),
+    U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba),
+    U64(0x2b1919322b191932), U64(0x957373e6957373e6),
+    U64(0xa06060c0a06060c0), U64(0x9881811998818119),
+    U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3),
+    U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54),
+    U64(0xab90903bab90903b), U64(0x8388880b8388880b),
+    U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7),
+    U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428),
+    U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc),
+    U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad),
+    U64(0x3be0e0db3be0e0db), U64(0x5632326456323264),
+    U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14),
+    U64(0xdb494992db494992), U64(0x0a06060c0a06060c),
+    U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8),
+    U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd),
+    U64(0xefacac43efacac43), U64(0xa66262c4a66262c4),
+    U64(0xa8919139a8919139), U64(0xa4959531a4959531),
+    U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2),
+    U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b),
+    U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda),
+    U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1),
+    U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949),
+    U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac),
+    U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf),
+    U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4),
+    U64(0xe9aeae47e9aeae47), U64(0x1808081018080810),
+    U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0),
+    U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c),
+    U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657),
+    U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697),
+    U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1),
+    U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e),
+    U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61),
+    U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f),
+    U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c),
+    U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc),
+    U64(0xd8484890d8484890), U64(0x0503030605030306),
+    U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c),
+    U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a),
+    U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969),
+    U64(0x9186861791868617), U64(0x58c1c19958c1c199),
+    U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27),
+    U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb),
+    U64(0xb398982bb398982b), U64(0x3311112233111122),
+    U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9),
+    U64(0x898e8e07898e8e07), U64(0xa7949433a7949433),
+    U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c),
+    U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9),
+    U64(0x49cece8749cece87), U64(0xff5555aaff5555aa),
+    U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5),
+    U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159),
+    U64(0x8089890980898909), U64(0x170d0d1a170d0d1a),
+    U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7),
+    U64(0xc6424284c6424284), U64(0xb86868d0b86868d0),
+    U64(0xc3414182c3414182), U64(0xb0999929b0999929),
+    U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e),
+    U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8),
+    U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c)
+};
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+
+static const u64 Td[256] = {
+    U64(0x50a7f45150a7f451), U64(0x5365417e5365417e),
+    U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a),
+    U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f),
+    U64(0xab58faacab58faac), U64(0x9303e34b9303e34b),
+    U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad),
+    U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5),
+    U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5),
+    U64(0x8044352680443526), U64(0x8fa362b58fa362b5),
+    U64(0x495ab1de495ab1de), U64(0x671bba25671bba25),
+    U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d),
+    U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81),
+    U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b),
+    U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215),
+    U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295),
+    U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458),
+    U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e),
+    U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4),
+    U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927),
+    U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0),
+    U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d),
+    U64(0x184adf63184adf63), U64(0x82311ae582311ae5),
+    U64(0x6033519760335197), U64(0x457f5362457f5362),
+    U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb),
+    U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9),
+    U64(0x5868487058684870), U64(0x19fd458f19fd458f),
+    U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52),
+    U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72),
+    U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566),
+    U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f),
+    U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3),
+    U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23),
+    U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed),
+    U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7),
+    U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e),
+    U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506),
+    U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4),
+    U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2),
+    U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4),
+    U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040),
+    U64(0x069f715e069f715e), U64(0x51106ebd51106ebd),
+    U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96),
+    U64(0xae053eddae053edd), U64(0x46bde64d46bde64d),
+    U64(0xb58d5491b58d5491), U64(0x055dc471055dc471),
+    U64(0x6fd406046fd40604), U64(0xff155060ff155060),
+    U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6),
+    U64(0xcc434089cc434089), U64(0x779ed967779ed967),
+    U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907),
+    U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879),
+    U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c),
+    U64(0xc91e84f8c91e84f8), U64(0x0000000000000000),
+    U64(0x8386800983868009), U64(0x48ed2b3248ed2b32),
+    U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c),
+    U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f),
+    U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36),
+    U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68),
+    U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624),
+    U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793),
+    U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b),
+    U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61),
+    U64(0x694b775a694b775a), U64(0x161a121c161a121c),
+    U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0),
+    U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12),
+    U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2),
+    U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14),
+    U64(0x8519f1578519f157), U64(0x4c0775af4c0775af),
+    U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3),
+    U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c),
+    U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b),
+    U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb),
+    U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8),
+    U64(0xcadc31d7cadc31d7), U64(0x1085634210856342),
+    U64(0x4022971340229713), U64(0x2011c6842011c684),
+    U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2),
+    U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7),
+    U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc),
+    U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177),
+    U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9),
+    U64(0xfa489411fa489411), U64(0x2264e9472264e947),
+    U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0),
+    U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322),
+    U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9),
+    U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498),
+    U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5),
+    U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f),
+    U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850),
+    U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54),
+    U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890),
+    U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382),
+    U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069),
+    U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf),
+    U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810),
+    U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb),
+    U64(0x097826cd097826cd), U64(0xf418596ef418596e),
+    U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83),
+    U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa),
+    U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef),
+    U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a),
+    U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029),
+    U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a),
+    U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235),
+    U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc),
+    U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733),
+    U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41),
+    U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117),
+    U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43),
+    U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4),
+    U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c),
+    U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546),
+    U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01),
+    U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb),
+    U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92),
+    U64(0x335610e9335610e9), U64(0x1347d66d1347d66d),
+    U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137),
+    U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb),
+    U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7),
+    U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a),
+    U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255),
+    U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773),
+    U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f),
+    U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478),
+    U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9),
+    U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2),
+    U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc),
+    U64(0x8b493c288b493c28), U64(0x41950dff41950dff),
+    U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08),
+    U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664),
+    U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5),
+    U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0)
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU
+};
+
+static const u32 rcon[] = {
+    0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U,
+    0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U,
+    0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp      ) & 0xff]      ) ^
+                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >> 24)       ] << 24);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+#if 1
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+        }
+#else
+        rk[0] =
+            Td0[Te2[(rk[0]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[0] >> 24)       ] & 0xff];
+        rk[1] =
+            Td0[Te2[(rk[1]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[1] >> 24)       ] & 0xff];
+        rk[2] =
+            Td0[Te2[(rk[2]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[2] >> 24)       ] & 0xff];
+        rk[3] =
+            Td0[Te2[(rk[3]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[3] >> 24)       ] & 0xff];
+#endif
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24;
+    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24;
+    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24;
+    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {   int i;
+        u32 r0, r1, r2;
+
+        for (i = 0; i < 4; i++) {
+            r0 = t[i];
+            r1 = r0 & 0x80808080;
+            r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+            t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+            t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                (r0 << 16) ^ (r0 >> 16) ^
+                (r0 << 8) ^ (r0 >> 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Te0[(s0      ) & 0xff] ^
+        Te1[(s1 >>  8) & 0xff] ^
+        Te2[(s2 >> 16) & 0xff] ^
+        Te3[(s3 >> 24)       ] ^
+        rk[4];
+    t[1] =  Te0[(s1      ) & 0xff] ^
+        Te1[(s2 >>  8) & 0xff] ^
+        Te2[(s3 >> 16) & 0xff] ^
+        Te3[(s0 >> 24)       ] ^
+        rk[5];
+    t[2] =  Te0[(s2      ) & 0xff] ^
+        Te1[(s3 >>  8) & 0xff] ^
+        Te2[(s0 >> 16) & 0xff] ^
+        Te3[(s1 >> 24)       ] ^
+        rk[6];
+    t[3] =  Te0[(s3      ) & 0xff] ^
+        Te1[(s0 >>  8) & 0xff] ^
+        Te2[(s1 >> 16) & 0xff] ^
+        Te3[(s2 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s3 >> 24)       ] << 24;
+        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s0 >> 24)       ] << 24;
+        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s1 >> 24)       ] << 24;
+        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s2 >> 24)       ] << 24;
+
+        /* now do the linear transform using words */
+        {
+            int i;
+            u32 r0, r1, r2;
+
+            for (i = 0; i < 4; i++) {
+                r0 = t[i];
+                r1 = r0 & 0x80808080;
+                r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                    ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+                t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                    ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+                t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                    (r0 << 16) ^ (r0 >> 16) ^
+                    (r0 << 8) ^ (r0 >> 24);
+#endif
+                t[i] ^= rk[i];
+            }
+        }
+#else
+        t[0] =  Te0[(s0      ) & 0xff] ^
+            Te1[(s1 >>  8) & 0xff] ^
+            Te2[(s2 >> 16) & 0xff] ^
+            Te3[(s3 >> 24)       ] ^
+            rk[0];
+        t[1] =  Te0[(s1      ) & 0xff] ^
+            Te1[(s2 >>  8) & 0xff] ^
+            Te2[(s3 >> 16) & 0xff] ^
+            Te3[(s0 >> 24)       ] ^
+            rk[1];
+        t[2] =  Te0[(s2      ) & 0xff] ^
+            Te1[(s3 >>  8) & 0xff] ^
+            Te2[(s0 >> 16) & 0xff] ^
+            Te3[(s1 >> 24)       ] ^
+            rk[2];
+        t[3] =  Te0[(s3      ) & 0xff] ^
+            Te1[(s0 >>  8) & 0xff] ^
+            Te2[(s1 >> 16) & 0xff] ^
+            Te3[(s2 >> 24)       ] ^
+            rk[3];
+#endif
+        s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    *(u32*)(out+0) =
+           (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24 ^
+        rk[0];
+    *(u32*)(out+4) =
+           (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24 ^
+        rk[1];
+    *(u32*)(out+8) =
+           (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24 ^
+        rk[2];
+    *(u32*)(out+12) =
+           (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24 ^
+        rk[3];
+#else
+    *(u32*)(out+0) =
+        (Te2[(s0      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s1 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s3 >> 24)       ] & 0xff000000U) ^
+        rk[0];
+    *(u32*)(out+4) =
+        (Te2[(s1      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s2 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s0 >> 24)       ] & 0xff000000U) ^
+        rk[1];
+    *(u32*)(out+8) =
+        (Te2[(s2      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s3 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s1 >> 24)       ] & 0xff000000U) ^
+        rk[2];
+    *(u32*)(out+12) =
+        (Te2[(s3      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s0 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s2 >> 24)       ] & 0xff000000U) ^
+        rk[3];
+#endif
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Td4);
+
+    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s1 >> 24)       ] << 24;
+    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s2 >> 24)       ] << 24;
+    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s3 >> 24)       ] << 24;
+    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[4];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[5];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[6];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s1 >> 24)       ] << 24;
+        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s2 >> 24)       ] << 24;
+        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s3 >> 24)       ] << 24;
+        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[0];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[1];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[2];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[3];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    prefetch256(Td4);
+
+    *(u32*)(out+0) =
+        ((u32)Td4[(s0      ) & 0xff])    ^
+        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s1 >> 24)       ] << 24) ^
+        rk[0];
+    *(u32*)(out+4) =
+        ((u32)Td4[(s1      ) & 0xff])     ^
+        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s2 >> 24)       ] << 24) ^
+        rk[1];
+    *(u32*)(out+8) =
+        ((u32)Td4[(s2      ) & 0xff])     ^
+        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s3 >> 24)       ] << 24) ^
+        rk[2];
+    *(u32*)(out+12) =
+        ((u32)Td4[(s3      ) & 0xff])     ^
+        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s0 >> 24)       ] << 24) ^
+        rk[3];
+}
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-586.pl b/openssl-1.1.0h/crypto/aes/asm/aes-586.pl
new file mode 100755
index 0000000..1ba3565
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-586.pl
@@ -0,0 +1,3000 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Version 4.3.
+#
+# You might fail to appreciate this module performance from the first
+# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
+# to be *the* best Intel C compiler without -KPIC, performance appears
+# to be virtually identical... But try to re-configure with shared
+# library support... Aha! Intel compiler "suddenly" lags behind by 30%
+# [on P4, more on others]:-) And if compared to position-independent
+# code generated by GNU C, this code performs *more* than *twice* as
+# fast! Yes, all this buzz about PIC means that unlike other hand-
+# coded implementations, this one was explicitly designed to be safe
+# to use even in shared library context... This also means that this
+# code isn't necessarily absolutely fastest "ever," because in order
+# to achieve position independence an extra register has to be
+# off-loaded to stack, which affects the benchmark result.
+#
+# Special note about instruction choice. Do you recall RC4_INT code
+# performing poorly on P4? It might be the time to figure out why.
+# RC4_INT code implies effective address calculations in base+offset*4
+# form. Trouble is that it seems that offset scaling turned to be
+# critical path... At least eliminating scaling resulted in 2.8x RC4
+# performance improvement [as you might recall]. As AES code is hungry
+# for scaling too, I [try to] avoid the latter by favoring off-by-2
+# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
+#
+# As was shown by Dean Gaudet <dean@arctic.org>, the above note turned
+# void. Performance improvement with off-by-2 shifts was observed on
+# intermediate implementation, which was spilling yet another register
+# to stack... Final offset*4 code below runs just a tad faster on P4,
+# but exhibits up to 10% improvement on other cores.
+#
+# Second version is "monolithic" replacement for aes_core.c, which in
+# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
+# This made it possible to implement little-endian variant of the
+# algorithm without modifying the base C code. Motivating factor for
+# the undertaken effort was that it appeared that in tight IA-32
+# register window little-endian flavor could achieve slightly higher
+# Instruction Level Parallelism, and it indeed resulted in up to 15%
+# better performance on most recent µ-archs...
+#
+# Third version adds AES_cbc_encrypt implementation, which resulted in
+# up to 40% performance imrovement of CBC benchmark results. 40% was
+# observed on P4 core, where "overall" imrovement coefficient, i.e. if
+# compared to PIC generated by GCC and in CBC mode, was observed to be
+# as large as 4x:-) CBC performance is virtually identical to ECB now
+# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
+# Opteron, because certain function prologues and epilogues are
+# effectively taken out of the loop...
+#
+# Version 3.2 implements compressed tables and prefetch of these tables
+# in CBC[!] mode. Former means that 3/4 of table references are now
+# misaligned, which unfortunately has negative impact on elder IA-32
+# implementations, Pentium suffered 30% penalty, PIII - 10%.
+#
+# Version 3.3 avoids L1 cache aliasing between stack frame and
+# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
+# latter is achieved by copying the key schedule to controlled place in
+# stack. This unfortunately has rather strong impact on small block CBC
+# performance, ~2x deterioration on 16-byte block if compared to 3.3.
+#
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
+# Current ECB performance numbers for 128-bit key in CPU cycles per
+# processed byte [measure commonly used by AES benchmarkers] are:
+#
+#		small footprint		fully unrolled
+# P4		24			22
+# AMD K8	20			19
+# PIII		25			23
+# Pentium	81			78
+#
+# Version 3.7 reimplements outer rounds as "compact." Meaning that
+# first and last rounds reference compact 256 bytes S-box. This means
+# that first round consumes a lot more CPU cycles and that encrypt
+# and decrypt performance becomes asymmetric. Encrypt performance
+# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
+# aggressively pre-fetched.
+#
+# Version 4.0 effectively rolls back to 3.6 and instead implements
+# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
+# which use exclusively 256 byte S-box. These functions are to be
+# called in modes not concealing plain text, such as ECB, or when
+# we're asked to process smaller amount of data [or unconditionally
+# on hyper-threading CPU]. Currently it's called unconditionally from
+# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
+# still needs to be modified to switch between slower and faster
+# mode when appropriate... But in either case benchmark landscape
+# changes dramatically and below numbers are CPU cycles per processed
+# byte for 128-bit key.
+#
+#		ECB encrypt	ECB decrypt	CBC large chunk
+# P4		52[54]		83[95]		23
+# AMD K8	46[41]		66[70]		18
+# PIII		41[50]		60[77]		24
+# Core 2	31[36]		45[64]		18.5
+# Atom		76[100]		96[138]		60
+# Pentium	115		150		77
+#
+# Version 4.1 switches to compact S-box even in key schedule setup.
+#
+# Version 4.2 prefetches compact S-box in every SSE round or in other
+# words every cache-line is *guaranteed* to be accessed within ~50
+# cycles window. Why just SSE? Because it's needed on hyper-threading
+# CPU! Which is also why it's prefetched with 64 byte stride. Best
+# part is that it has no negative effect on performance:-)  
+#
+# Version 4.3 implements switch between compact and non-compact block
+# functions in AES_cbc_encrypt depending on how much data was asked
+# to be processed in one stroke.
+#
+######################################################################
+# Timing attacks are classified in two classes: synchronous when
+# attacker consciously initiates cryptographic operation and collects
+# timing data of various character afterwards, and asynchronous when
+# malicious code is executed on same CPU simultaneously with AES,
+# instruments itself and performs statistical analysis of this data.
+#
+# As far as synchronous attacks go the root to the AES timing
+# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
+# are referred to in single 128-bit block operation. Well, in C
+# implementation with 4 distinct tables it's actually as little as 40
+# references per 256 elements table, but anyway... Secondly, even
+# though S-box elements are clustered into smaller amount of cache-
+# lines, smaller than 160 and even 40, it turned out that for certain
+# plain-text pattern[s] or simply put chosen plain-text and given key
+# few cache-lines remain unaccessed during block operation. Now, if
+# attacker can figure out this access pattern, he can deduct the key
+# [or at least part of it]. The natural way to mitigate this kind of
+# attacks is to minimize the amount of cache-lines in S-box and/or
+# prefetch them to ensure that every one is accessed for more uniform
+# timing. But note that *if* plain-text was concealed in such way that
+# input to block function is distributed *uniformly*, then attack
+# wouldn't apply. Now note that some encryption modes, most notably
+# CBC, do mask the plain-text in this exact way [secure cipher output
+# is distributed uniformly]. Yes, one still might find input that
+# would reveal the information about given key, but if amount of
+# candidate inputs to be tried is larger than amount of possible key
+# combinations then attack becomes infeasible. This is why revised
+# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
+# of data is to be processed in one stroke. The current size limit of
+# 512 bytes is chosen to provide same [diminishigly low] probability
+# for cache-line to remain untouched in large chunk operation with
+# large S-box as for single block operation with compact S-box and
+# surely needs more careful consideration...
+#
+# As for asynchronous attacks. There are two flavours: attacker code
+# being interleaved with AES on hyper-threading CPU at *instruction*
+# level, and two processes time sharing single core. As for latter.
+# Two vectors. 1. Given that attacker process has higher priority,
+# yield execution to process performing AES just before timer fires
+# off the scheduler, immediately regain control of CPU and analyze the
+# cache state. For this attack to be efficient attacker would have to
+# effectively slow down the operation by several *orders* of magnitute,
+# by ratio of time slice to duration of handful of AES rounds, which
+# unlikely to remain unnoticed. Not to mention that this also means
+# that he would spend correspondigly more time to collect enough
+# statistical data to mount the attack. It's probably appropriate to
+# say that if adeversary reckons that this attack is beneficial and
+# risks to be noticed, you probably have larger problems having him
+# mere opportunity. In other words suggested code design expects you
+# to preclude/mitigate this attack by overall system security design.
+# 2. Attacker manages to make his code interrupt driven. In order for
+# this kind of attack to be feasible, interrupt rate has to be high
+# enough, again comparable to duration of handful of AES rounds. But
+# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
+# generates interrupts at such raging rate...
+#
+# And now back to the former, hyper-threading CPU or more specifically
+# Intel P4. Recall that asynchronous attack implies that malicious
+# code instruments itself. And naturally instrumentation granularity
+# has be noticeably lower than duration of codepath accessing S-box.
+# Given that all cache-lines are accessed during that time that is.
+# Current implementation accesses *all* cache-lines within ~50 cycles
+# window, which is actually *less* than RDTSC latency on Intel P4!
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&static_label("AES_Te");
+&static_label("AES_Td");
+
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="edi";
+$acc="esi";
+$tbl="ebp";
+
+# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp");	# return address
+$__s0=&DWP(4,"esp");	# s0 backing store
+$__s1=&DWP(8,"esp");	# s1 backing store
+$__s2=&DWP(12,"esp");	# s2 backing store
+$__s3=&DWP(16,"esp");	# s3 backing store
+$__key=&DWP(20,"esp");	# pointer to key schedule
+$__end=&DWP(24,"esp");	# pointer to end of key schedule
+$__tbl=&DWP(28,"esp");	# %ebp backing store
+
+# stack frame layout in AES_[en|crypt] routines, which differs from
+# above by 4 and overlaps by %ebp backing store
+$_tbl=&DWP(24,"esp");
+$_esp=&DWP(28,"esp");
+
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
+$speed_limit=512;	# chunks smaller than $speed_limit are
+			# processed with compact routine in CBC mode
+$small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
+			# recent µ-archs], but ~5 times smaller!
+			# I favor compact code to minimize cache
+			# contention and in hope to "collect" 5% back
+			# in real-life applications...
+
+$vertical_spin=0;	# shift "verticaly" defaults to 0, because of
+			# its proof-of-concept status...
+# Note that there is no decvert(), as well as last encryption round is
+# performed with "horizontal" shifts. This is because this "vertical"
+# implementation [one which groups shifts on a given $s[i] to form a
+# "column," unlike "horizontal" one, which groups shifts on different
+# $s[i] to form a "row"] is work in progress. It was observed to run
+# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
+# whole 12% slower:-( So we face a trade-off... Shall it be resolved
+# some day? Till then the code is considered experimental and by
+# default remains dormant...
+
+sub encvert()
+{ my ($te,@s) = @_;
+  my ($v0,$v1) = ($acc,$key);
+
+	&mov	($v0,$s[3]);				# copy s3
+	&mov	(&DWP(4,"esp"),$s[2]);			# save s2
+	&mov	($v1,$s[0]);				# copy s0
+	&mov	(&DWP(8,"esp"),$s[1]);			# save s1
+
+	&movz	($s[2],&HB($s[0]));
+	&and	($s[0],0xFF);
+	&mov	($s[0],&DWP(0,$te,$s[0],8));		# s0>>0
+	&shr	($v1,16);
+	&mov	($s[3],&DWP(3,$te,$s[2],8));		# s0>>8
+	&movz	($s[1],&HB($v1));
+	&and	($v1,0xFF);
+	&mov	($s[2],&DWP(2,$te,$v1,8));		# s0>>16
+	 &mov	($v1,$v0);
+	&mov	($s[1],&DWP(1,$te,$s[1],8));		# s0>>24
+
+	&and	($v0,0xFF);
+	&xor	($s[3],&DWP(0,$te,$v0,8));		# s3>>0
+	&movz	($v0,&HB($v1));
+	&shr	($v1,16);
+	&xor	($s[2],&DWP(3,$te,$v0,8));		# s3>>8
+	&movz	($v0,&HB($v1));
+	&and	($v1,0xFF);
+	&xor	($s[1],&DWP(2,$te,$v1,8));		# s3>>16
+	 &mov	($v1,&DWP(4,"esp"));			# restore s2
+	&xor	($s[0],&DWP(1,$te,$v0,8));		# s3>>24
+
+	&mov	($v0,$v1);
+	&and	($v1,0xFF);
+	&xor	($s[2],&DWP(0,$te,$v1,8));		# s2>>0
+	&movz	($v1,&HB($v0));
+	&shr	($v0,16);
+	&xor	($s[1],&DWP(3,$te,$v1,8));		# s2>>8
+	&movz	($v1,&HB($v0));
+	&and	($v0,0xFF);
+	&xor	($s[0],&DWP(2,$te,$v0,8));		# s2>>16
+	 &mov	($v0,&DWP(8,"esp"));			# restore s1
+	&xor	($s[3],&DWP(1,$te,$v1,8));		# s2>>24
+
+	&mov	($v1,$v0);
+	&and	($v0,0xFF);
+	&xor	($s[1],&DWP(0,$te,$v0,8));		# s1>>0
+	&movz	($v0,&HB($v1));
+	&shr	($v1,16);
+	&xor	($s[0],&DWP(3,$te,$v0,8));		# s1>>8
+	&movz	($v0,&HB($v1));
+	&and	($v1,0xFF);
+	&xor	($s[3],&DWP(2,$te,$v1,8));		# s1>>16
+	 &mov	($key,$__key);				# reincarnate v1 as key
+	&xor	($s[2],&DWP(1,$te,$v0,8));		# s1>>24
+}
+
+# Another experimental routine, which features "horizontal spin," but
+# eliminates one reference to stack. Strangely enough runs slower...
+sub enchoriz()
+{ my ($v0,$v1) = ($key,$acc);
+
+	&movz	($v0,&LB($s0));			#  3, 2, 1, 0*
+	&rotr	($s2,8);			#  8,11,10, 9
+	&mov	($v1,&DWP(0,$te,$v0,8));	#  0
+	&movz	($v0,&HB($s1));			#  7, 6, 5*, 4
+	&rotr	($s3,16);			# 13,12,15,14
+	&xor	($v1,&DWP(3,$te,$v0,8));	#  5
+	&movz	($v0,&HB($s2));			#  8,11,10*, 9
+	&rotr	($s0,16);			#  1, 0, 3, 2
+	&xor	($v1,&DWP(2,$te,$v0,8));	# 10
+	&movz	($v0,&HB($s3));			# 13,12,15*,14
+	&xor	($v1,&DWP(1,$te,$v0,8));	# 15, t[0] collected
+	&mov	($__s0,$v1);			# t[0] saved
+
+	&movz	($v0,&LB($s1));			#  7, 6, 5, 4*
+	&shr	($s1,16);			#  -, -, 7, 6
+	&mov	($v1,&DWP(0,$te,$v0,8));	#  4
+	&movz	($v0,&LB($s3));			# 13,12,15,14*
+	&xor	($v1,&DWP(2,$te,$v0,8));	# 14
+	&movz	($v0,&HB($s0));			#  1, 0, 3*, 2
+	&and	($s3,0xffff0000);		# 13,12, -, -
+	&xor	($v1,&DWP(1,$te,$v0,8));	#  3
+	&movz	($v0,&LB($s2));			#  8,11,10, 9*
+	&or	($s3,$s1);			# 13,12, 7, 6
+	&xor	($v1,&DWP(3,$te,$v0,8));	#  9, t[1] collected
+	&mov	($s1,$v1);			#  s[1]=t[1]
+
+	&movz	($v0,&LB($s0));			#  1, 0, 3, 2*
+	&shr	($s2,16);			#  -, -, 8,11
+	&mov	($v1,&DWP(2,$te,$v0,8));	#  2
+	&movz	($v0,&HB($s3));			# 13,12, 7*, 6
+	&xor	($v1,&DWP(1,$te,$v0,8));	#  7
+	&movz	($v0,&HB($s2));			#  -, -, 8*,11
+	&xor	($v1,&DWP(0,$te,$v0,8));	#  8
+	&mov	($v0,$s3);
+	&shr	($v0,24);			# 13
+	&xor	($v1,&DWP(3,$te,$v0,8));	# 13, t[2] collected
+
+	&movz	($v0,&LB($s2));			#  -, -, 8,11*
+	&shr	($s0,24);			#  1*
+	&mov	($s2,&DWP(1,$te,$v0,8));	# 11
+	&xor	($s2,&DWP(3,$te,$s0,8));	#  1
+	&mov	($s0,$__s0);			# s[0]=t[0]
+	&movz	($v0,&LB($s3));			# 13,12, 7, 6*
+	&shr	($s3,16);			#   ,  ,13,12
+	&xor	($s2,&DWP(2,$te,$v0,8));	#  6
+	&mov	($key,$__key);			# reincarnate v0 as key
+	&and	($s3,0xff);			#   ,  ,13,12*
+	&mov	($s3,&DWP(0,$te,$s3,8));	# 12
+	&xor	($s3,$s2);			# s[2]=t[3] collected
+	&mov	($s2,$v1);			# s[2]=t[2]
+}
+
+# More experimental code... SSE one... Even though this one eliminates
+# *all* references to stack, it's not faster...
+sub sse_encbody()
+{
+	&movz	($acc,&LB("eax"));		#  0
+	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  0
+	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
+	&movz	("edx",&HB("eax"));		#  1
+	&mov	("edx",&DWP(3,$tbl,"edx",8));	#  1
+	&shr	("eax",16);			#  5, 4
+
+	&movz	($acc,&LB("ebx"));		# 10
+	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 10
+	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
+	&movz	($acc,&HB("ebx"));		# 11
+	&xor	("edx",&DWP(1,$tbl,$acc,8));	# 11
+	&shr	("ebx",16);			# 15,14
+
+	&movz	($acc,&HB("eax"));		#  5
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  5
+	&movq	("mm3",QWP(16,$key));
+	&movz	($acc,&HB("ebx"));		# 15
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	# 15
+	&movd	("mm0","ecx");			# t[0] collected
+
+	&movz	($acc,&LB("eax"));		#  4
+	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  4
+	&movd	("eax","mm2");			#  7, 6, 3, 2
+	&movz	($acc,&LB("ebx"));		# 14
+	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 14
+	&movd	("ebx","mm6");			# 13,12, 9, 8
+
+	&movz	($acc,&HB("eax"));		#  3
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  3
+	&movz	($acc,&HB("ebx"));		#  9
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  9
+	&movd	("mm1","ecx");			# t[1] collected
+
+	&movz	($acc,&LB("eax"));		#  2
+	&mov	("ecx",&DWP(2,$tbl,$acc,8));	#  2
+	&shr	("eax",16);			#  7, 6
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+	&movz	($acc,&LB("ebx"));		#  8
+	&xor	("ecx",&DWP(0,$tbl,$acc,8));	#  8
+	&shr	("ebx",16);			# 13,12
+
+	&movz	($acc,&HB("eax"));		#  7
+	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  7
+	&pxor	("mm0","mm3");
+	&movz	("eax",&LB("eax"));		#  6
+	&xor	("edx",&DWP(2,$tbl,"eax",8));	#  6
+	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
+	&movz	($acc,&HB("ebx"));		# 13
+	&xor	("ecx",&DWP(3,$tbl,$acc,8));	# 13
+	&xor	("ecx",&DWP(24,$key));		# t[2]
+	&movd	("mm4","ecx");			# t[2] collected
+	&movz	("ebx",&LB("ebx"));		# 12
+	&xor	("edx",&DWP(0,$tbl,"ebx",8));	# 12
+	&shr	("ecx",16);
+	&movd	("eax","mm1");			#  5, 4, 1, 0
+	&mov	("ebx",&DWP(28,$key));		# t[3]
+	&xor	("ebx","edx");
+	&movd	("mm5","ebx");			# t[3] collected
+	&and	("ebx",0xffff0000);
+	&or	("ebx","ecx");
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub enccompact()
+{ my $Fn = \&mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# $Fn is used in first compact round and its purpose is to
+	# void restoration of some values from stack, so that after
+	# 4xenccompact with extra argument $key value is left there...
+	if ($i==3)  {	&$Fn	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&movz	($out,&BP(-128,$te,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]);
+			&shr	($tmp,24);			}
+			&movz	($tmp,&BP(-128,$te,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+	&comment();
+}
+
+sub enctransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $tbl;
+  my $r2  = $key ;
+
+	&and	($tmp,$s[$i]);
+	&lea	($r2,&DWP(0,$s[$i],$s[$i]));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&and	($r2,0xfefefefe);
+	&sub	($acc,$tmp);
+	&mov	($tmp,$s[$i]);
+	&and	($acc,0x1b1b1b1b);
+	&rotr	($tmp,16);
+	&xor	($acc,$r2);	# r2
+	&mov	($r2,$s[$i]);
+
+	&xor	($s[$i],$acc);	# r0 ^ r2
+	&rotr	($r2,16+8);
+	&xor	($acc,$tmp);
+	&rotl	($s[$i],24);
+	&xor	($acc,$r2);
+	&mov	($tmp,0x80808080)	if ($i!=1);
+	&xor	($s[$i],$acc);	# ROTATE(r2^r0,24) ^ r2
+}
+
+&function_begin_B("_x86_AES_encrypt_compact");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	# prefetch Te4
+	&mov	($key,&DWP(0-128,$tbl));
+	&mov	($acc,&DWP(32-128,$tbl));
+	&mov	($key,&DWP(64-128,$tbl));
+	&mov	($acc,&DWP(96-128,$tbl));
+	&mov	($key,&DWP(128-128,$tbl));
+	&mov	($acc,&DWP(160-128,$tbl));
+	&mov	($key,&DWP(192-128,$tbl));
+	&mov	($acc,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+
+		&enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
+		&enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
+		&enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
+		&enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
+		&mov	($tbl,0x80808080);
+		&enctransform(2);
+		&enctransform(3);
+		&enctransform(0);
+		&enctransform(1);
+		&mov 	($key,$__key);
+		&mov	($tbl,$__tbl);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+	&cmp	($key,$__end);
+	&mov	($__key,$key);
+	&jb	(&label("loop"));
+
+	&enccompact(0,$tbl,$s0,$s1,$s2,$s3);
+	&enccompact(1,$tbl,$s1,$s2,$s3,$s0);
+	&enccompact(2,$tbl,$s2,$s3,$s0,$s1);
+	&enccompact(3,$tbl,$s3,$s0,$s1,$s2);
+
+	&xor	($s0,&DWP(16,$key));
+	&xor	($s1,&DWP(20,$key));
+	&xor	($s2,&DWP(24,$key));
+	&xor	($s3,&DWP(28,$key));
+
+	&ret	();
+&function_end_B("_x86_AES_encrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+#
+# Performance is not actually extraordinary in comparison to pure
+# x86 code. In particular encrypt performance is virtually the same.
+# Decrypt performance on the other hand is 15-20% better on newer
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# better on PIII:-) And additionally on the pros side this code
+# eliminates redundant references to stack and thus relieves/
+# minimizes the pressure on the memory bus.
+#
+# MMX register layout                           lsb
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |          mm4          |          mm0          |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |     s3    |     s2    |     s1    |     s0    |    
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+#
+# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
+# In this terms encryption and decryption "compact" permutation
+# matrices can be depicted as following:
+#
+# encryption              lsb	# decryption              lsb
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t0 || 15 | 10 |  5 |  0 |	# | t0 ||  7 | 10 | 13 |  0 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t1 ||  3 | 14 |  9 |  4 |	# | t1 || 11 | 14 |  1 |  4 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t2 ||  7 |  2 | 13 |  8 |	# | t2 || 15 |  2 |  5 |  8 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+# | t3 || 11 |  6 |  1 | 12 |	# | t3 ||  3 |  6 |  9 | 12 |
+# +----++----+----+----+----+	# +----++----+----+----+----+
+#
+######################################################################
+# Why not xmm registers? Short answer. It was actually tested and
+# was not any faster, but *contrary*, most notably on Intel CPUs.
+# Longer answer. Main advantage of using mm registers is that movd
+# latency is lower, especially on Intel P4. While arithmetic
+# instructions are twice as many, they can be scheduled every cycle
+# and not every second one when they are operating on xmm register,
+# so that "arithmetic throughput" remains virtually the same. And
+# finally the code can be executed even on elder SSE-only CPUs:-)
+
+sub sse_enccompact()
+{
+	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
+	&pshufw	("mm5","mm4",0x0d);		# 15,14,11,10
+	&movd	("eax","mm1");			#  5, 4, 1, 0
+	&movd	("ebx","mm5");			# 15,14,11,10
+	&mov	($__key,$key);
+
+	&movz	($acc,&LB("eax"));		#  0
+	&movz	("edx",&HB("eax"));		#  1
+	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
+	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
+	&movz	($key,&LB("ebx"));		# 10
+	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
+	&shr	("eax",16);			#  5, 4
+	&shl	("edx",8);			#  1
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 10
+	&movz	($key,&HB("ebx"));		# 11
+	&shl	($acc,16);			# 10
+	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
+	&or	("ecx",$acc);			# 10
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 11
+	&movz	($key,&HB("eax"));		#  5
+	&shl	($acc,24);			# 11
+	&shr	("ebx",16);			# 15,14
+	&or	("edx",$acc);			# 11
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  5
+	&movz	($key,&HB("ebx"));		# 15
+	&shl	($acc,8);			#  5
+	&or	("ecx",$acc);			#  5
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 15
+	&movz	($key,&LB("eax"));		#  4
+	&shl	($acc,24);			# 15
+	&or	("ecx",$acc);			# 15
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  4
+	&movz	($key,&LB("ebx"));		# 14
+	&movd	("eax","mm2");			#  7, 6, 3, 2
+	&movd	("mm0","ecx");			# t[0] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	# 14
+	&movz	($key,&HB("eax"));		#  3
+	&shl	("ecx",16);			# 14
+	&movd	("ebx","mm6");			# 13,12, 9, 8
+	&or	("ecx",$acc);			# 14
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  3
+	&movz	($key,&HB("ebx"));		#  9
+	&shl	($acc,24);			#  3
+	&or	("ecx",$acc);			#  3
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  9
+	&movz	($key,&LB("ebx"));		#  8
+	&shl	($acc,8);			#  9
+	&shr	("ebx",16);			# 13,12
+	&or	("ecx",$acc);			#  9
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  8
+	&movz	($key,&LB("eax"));		#  2
+	&shr	("eax",16);			#  7, 6
+	&movd	("mm1","ecx");			# t[1] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	#  2
+	&movz	($key,&HB("eax"));		#  7
+	&shl	("ecx",16);			#  2
+	&and	("eax",0xff);			#  6
+	&or	("ecx",$acc);			#  2
+
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  7
+	&movz	($key,&HB("ebx"));		# 13
+	&shl	($acc,24);			#  7
+	&and	("ebx",0xff);			# 12
+	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  6
+	&or	("ecx",$acc);			#  7
+	&shl	("eax",16);			#  6
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 13
+	&or	("edx","eax");			#  6
+	&shl	($acc,8);			# 13
+	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	# 12
+	&or	("ecx",$acc);			# 13
+	&or	("edx","ebx");			# 12
+	&mov	($key,$__key);
+	&movd	("mm4","ecx");			# t[2] collected
+	&movd	("mm5","edx");			# t[3] collected
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+					if (!$x86only) {
+&function_begin_B("_sse_AES_encrypt_compact");
+	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
+	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	&mov	($s0,0x1b1b1b1b);		# magic constant
+	&mov	(&DWP(8,"esp"),$s0);
+	&mov	(&DWP(12,"esp"),$s0);
+
+	# prefetch Te4
+	&mov	($s0,&DWP(0-128,$tbl));
+	&mov	($s1,&DWP(32-128,$tbl));
+	&mov	($s2,&DWP(64-128,$tbl));
+	&mov	($s3,&DWP(96-128,$tbl));
+	&mov	($s0,&DWP(128-128,$tbl));
+	&mov	($s1,&DWP(160-128,$tbl));
+	&mov	($s2,&DWP(192-128,$tbl));
+	&mov	($s3,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+		&sse_enccompact();
+		&add	($key,16);
+		&cmp	($key,$__end);
+		&ja	(&label("out"));
+
+		&movq	("mm2",&QWP(8,"esp"));
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&movq	("mm1","mm0");		&movq	("mm5","mm4");	# r0
+		&pcmpgtb("mm3","mm0");		&pcmpgtb("mm7","mm4");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&pshufw	("mm2","mm0",0xb1);	&pshufw	("mm6","mm4",0xb1);# ROTATE(r0,16)
+		&paddb	("mm0","mm0");		&paddb	("mm4","mm4");
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# = r2
+		&pshufw	("mm3","mm2",0xb1);	&pshufw	("mm7","mm6",0xb1);# r0
+		&pxor	("mm1","mm0");		&pxor	("mm5","mm4");	# r0^r2
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(r0,16)
+
+		&movq	("mm2","mm3");		&movq	("mm6","mm7");
+		&pslld	("mm3",8);		&pslld	("mm7",8);
+		&psrld	("mm2",24);		&psrld	("mm6",24);
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= r0<<8
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= r0>>24
+
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
+		&psrld	("mm1",8);		&psrld	("mm5",8);
+		&mov	($s0,&DWP(0-128,$tbl));
+		&pslld	("mm3",24);		&pslld	("mm7",24);
+		&mov	($s1,&DWP(64-128,$tbl));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= (r2^r0)<<8
+		&mov	($s2,&DWP(128-128,$tbl));
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= (r2^r0)>>24
+		&mov	($s3,&DWP(192-128,$tbl));
+
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
+	&jmp	(&label("loop"));
+
+	&set_label("out",16);
+	&pxor	("mm0",&QWP(0,$key));
+	&pxor	("mm4",&QWP(8,$key));
+
+	&ret	();
+&function_end_B("_sse_AES_encrypt_compact");
+					}
+
+######################################################################
+# Vanilla block function.
+######################################################################
+
+sub encstep()
+{ my ($i,$te,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# lines marked with #%e?x[i] denote "reordered" instructions...
+	if ($i==3)  {	&mov	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);
+			&and	($out,0xFF);			}
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&mov	($out,&DWP(0,$te,$out,8));
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&xor	($out,&DWP(3,$te,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&xor	($out,&DWP(2,$te,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]); 
+			&shr	($tmp,24)			}
+			&xor	($out,&DWP(1,$te,$tmp,8));
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+			&comment();
+}
+
+sub enclast()
+{ my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	if ($i==3)  {	&mov	($key,$__key);			}##%edx
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
+	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
+			&mov	($out,&DWP(2,$te,$out,8));
+			&and	($out,0x000000ff);
+
+	if ($i==3)  {	$tmp=$s[1];				}##%eax
+			&movz	($tmp,&HB($s[1]));
+			&mov	($tmp,&DWP(0,$te,$tmp,8));
+			&and	($tmp,0x0000ff00);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
+	else        {	&mov	($tmp,$s[2]);
+			&shr	($tmp,16);			}
+	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
+			&and	($tmp,0xFF);
+			&mov	($tmp,&DWP(0,$te,$tmp,8));
+			&and	($tmp,0x00ff0000);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
+	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
+	else        {	&mov	($tmp,$s[3]);
+			&shr	($tmp,24);			}
+			&mov	($tmp,&DWP(2,$te,$tmp,8));
+			&and	($tmp,0xff000000);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$acc);			}
+}
+
+&function_begin_B("_x86_AES_encrypt");
+	if ($vertical_spin) {
+		# I need high parts of volatile registers to be accessible...
+		&exch	($s1="edi",$key="ebx");
+		&mov	($s2="esi",$acc="ecx");
+	}
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	if ($small_footprint) {
+	    &lea	($acc,&DWP(-2,$acc,$acc));
+	    &lea	($acc,&DWP(0,$key,$acc,8));
+	    &mov	($__end,$acc);		# end of key schedule
+
+	    &set_label("loop",16);
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+	    &cmp	($key,$__end);
+	    &mov	($__key,$key);
+	    &jb		(&label("loop"));
+	}
+	else {
+	    &cmp	($acc,10);
+	    &jle	(&label("10rounds"));
+	    &cmp	($acc,12);
+	    &jle	(&label("12rounds"));
+
+	&set_label("14rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("12rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("10rounds",4);
+	    for ($i=1;$i<10;$i++) {
+		if ($vertical_spin) {
+		    &encvert($tbl,$s0,$s1,$s2,$s3);
+		} else {
+		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+		}
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	}
+
+	if ($vertical_spin) {
+	    # "reincarnate" some registers for "horizontal" spin...
+	    &mov	($s1="ebx",$key="edi");
+	    &mov	($s2="ecx",$acc="esi");
+	}
+	&enclast(0,$tbl,$s0,$s1,$s2,$s3);
+	&enclast(1,$tbl,$s1,$s2,$s3,$s0);
+	&enclast(2,$tbl,$s2,$s3,$s0,$s1);
+	&enclast(3,$tbl,$s3,$s0,$s1,$s2);
+
+	&add	($key,$small_footprint?16:160);
+	&xor	($s0,&DWP(0,$key));
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&ret	();
+
+&set_label("AES_Te",64);	# Yes! I keep it in the code segment!
+	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+#rcon:
+	&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
+	&data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+	&data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
+	&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
+&function_end_B("_x86_AES_encrypt");
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+&function_begin("AES_encrypt");
+	&mov	($acc,&wparam(0));		# load inp
+	&mov	($key,&wparam(2));		# load key
+
+	&mov	($s0,"esp");
+	&sub	("esp",36);
+	&and	("esp",-64);			# align to cache-line
+
+	# place stack frame just "above" the key schedule
+	&lea	($s1,&DWP(-64-63,$key));
+	&sub	($s1,"esp");
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp",$s1);
+	&add	("esp",4);	# 4 is reserved for caller's return address
+	&mov	($_esp,$s0);			# save stack pointer
+
+	&call   (&label("pic_point"));          # make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
+	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
+	&lea	($s1,&DWP(768-4,"esp"));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),25);	# check for SSE bit
+	&jnc	(&label("x86"));
+
+	&movq	("mm0",&QWP(0,$acc));
+	&movq	("mm4",&QWP(8,$acc));
+	&call	("_sse_AES_encrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&movq	(&QWP(0,$acc),"mm0");		# write output data
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&function_end_A();
+					}
+	&set_label("x86",16);
+	&mov	($_tbl,$tbl);
+	&mov	($s0,&DWP(0,$acc));		# load input data
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+	&call	("_x86_AES_encrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&mov	(&DWP(0,$acc),$s0);		# write output data
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+&function_end("AES_encrypt");
+
+#--------------------------------------------------------------------#
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub deccompact()
+{ my $Fn = \&mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# $Fn is used in first compact round and its purpose is to
+	# void restoration of some values from stack, so that after
+	# 4xdeccompact with extra argument $key, $s0 and $s1 values
+	# are left there...
+	if($i==3)   {	&$Fn	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&movz	($out,&BP(-128,$td,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &$Fn ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&movz	($tmp,&BP(-128,$td,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&$Fn	($s[3],$__s0);			}
+}
+
+# must be called with 2,3,0,1 as argument sequence!!!
+sub dectransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $key;
+  my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
+  my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
+  my $tp8 = $tbl;
+
+	&mov	($tmp,0x80808080);
+	&and	($tmp,$s[$i]);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp2,&DWP(0,$s[$i],$s[$i]));
+	&sub	($acc,$tmp);
+	&and	($tp2,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	&xor	($tp2,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp2);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp4,&DWP(0,$tp2,$tp2));
+	&sub	($acc,$tmp);
+	&and	($tp4,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp2,$s[$i]);	# tp2^tp1
+	&xor	($tp4,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp4);
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&lea	($tp8,&DWP(0,$tp4,$tp4));
+	&sub	($acc,$tmp);
+	&and	($tp8,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp4,$s[$i]);	# tp4^tp1
+	 &rotl	($s[$i],8);	# = ROTATE(tp1,8)
+	&xor	($tp8,$acc);
+
+	&xor	($s[$i],$tp2);
+	&xor	($tp2,$tp8);
+	&xor	($s[$i],$tp4);
+	&xor	($tp4,$tp8);
+	&rotl	($tp2,24);
+	&xor	($s[$i],$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
+	&rotl	($tp4,16);
+	&xor	($s[$i],$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
+	&rotl	($tp8,8);
+	&xor	($s[$i],$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
+	 &mov	($s[0],$__s0)			if($i==2); #prefetch $s0
+	 &mov	($s[1],$__s1)			if($i==3); #prefetch $s1
+	 &mov	($s[2],$__s2)			if($i==1);
+	&xor	($s[$i],$tp8);	# ^= ROTATE(tp8,8)
+
+	&mov	($s[3],$__s3)			if($i==1);
+	&mov	(&DWP(4+4*$i,"esp"),$s[$i])	if($i>=2);
+}
+
+&function_begin_B("_x86_AES_decrypt_compact");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	# prefetch Td4
+	&mov	($key,&DWP(0-128,$tbl));
+	&mov	($acc,&DWP(32-128,$tbl));
+	&mov	($key,&DWP(64-128,$tbl));
+	&mov	($acc,&DWP(96-128,$tbl));
+	&mov	($key,&DWP(128-128,$tbl));
+	&mov	($acc,&DWP(160-128,$tbl));
+	&mov	($key,&DWP(192-128,$tbl));
+	&mov	($acc,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+
+		&deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
+		&deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
+		&deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
+		&deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
+		&dectransform(2);
+		&dectransform(3);
+		&dectransform(0);
+		&dectransform(1);
+		&mov 	($key,$__key);
+		&mov	($tbl,$__tbl);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+	&cmp	($key,$__end);
+	&mov	($__key,$key);
+	&jb	(&label("loop"));
+
+	&deccompact(0,$tbl,$s0,$s3,$s2,$s1);
+	&deccompact(1,$tbl,$s1,$s0,$s3,$s2);
+	&deccompact(2,$tbl,$s2,$s1,$s0,$s3);
+	&deccompact(3,$tbl,$s3,$s2,$s1,$s0);
+
+	&xor	($s0,&DWP(16,$key));
+	&xor	($s1,&DWP(20,$key));
+	&xor	($s2,&DWP(24,$key));
+	&xor	($s3,&DWP(28,$key));
+
+	&ret	();
+&function_end_B("_x86_AES_decrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+
+sub sse_deccompact()
+{
+	&pshufw	("mm1","mm0",0x0c);		#  7, 6, 1, 0
+	&pshufw	("mm5","mm4",0x09);		# 13,12,11,10
+	&movd	("eax","mm1");			#  7, 6, 1, 0
+	&movd	("ebx","mm5");			# 13,12,11,10
+	&mov	($__key,$key);
+
+	&movz	($acc,&LB("eax"));		#  0
+	&movz	("edx",&HB("eax"));		#  1
+	&pshufw	("mm2","mm0",0x06);		#  3, 2, 5, 4
+	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
+	&movz	($key,&LB("ebx"));		# 10
+	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
+	&shr	("eax",16);			#  7, 6
+	&shl	("edx",8);			#  1
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 10
+	&movz	($key,&HB("ebx"));		# 11
+	&shl	($acc,16);			# 10
+	&pshufw	("mm6","mm4",0x03);		# 9, 8,15,14
+	&or	("ecx",$acc);			# 10
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 11
+	&movz	($key,&HB("eax"));		#  7
+	&shl	($acc,24);			# 11
+	&shr	("ebx",16);			# 13,12
+	&or	("edx",$acc);			# 11
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  7
+	&movz	($key,&HB("ebx"));		# 13
+	&shl	($acc,24);			#  7
+	&or	("ecx",$acc);			#  7
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 13
+	&movz	($key,&LB("eax"));		#  6
+	&shl	($acc,8);			# 13
+	&movd	("eax","mm2");			#  3, 2, 5, 4
+	&or	("ecx",$acc);			# 13
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  6
+	&movz	($key,&LB("ebx"));		# 12
+	&shl	($acc,16);			#  6
+	&movd	("ebx","mm6");			#  9, 8,15,14
+	&movd	("mm0","ecx");			# t[0] collected
+	&movz	("ecx",&BP(-128,$tbl,$key,1));	# 12
+	&movz	($key,&LB("eax"));		#  4
+	&or	("ecx",$acc);			# 12
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  4
+	&movz	($key,&LB("ebx"));		# 14
+	&or	("edx",$acc);			#  4
+	&movz	($acc,&BP(-128,$tbl,$key,1));	# 14
+	&movz	($key,&HB("eax"));		#  5
+	&shl	($acc,16);			# 14
+	&shr	("eax",16);			#  3, 2
+	&or	("edx",$acc);			# 14
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  5
+	&movz	($key,&HB("ebx"));		# 15
+	&shr	("ebx",16);			#  9, 8
+	&shl	($acc,8);			#  5
+	&movd	("mm1","edx");			# t[1] collected
+	&movz	("edx",&BP(-128,$tbl,$key,1));	# 15
+	&movz	($key,&HB("ebx"));		#  9
+	&shl	("edx",24);			# 15
+	&and	("ebx",0xff);			#  8
+	&or	("edx",$acc);			# 15
+
+	&punpckldq	("mm0","mm1");		# t[0,1] collected
+
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  9
+	&movz	($key,&LB("eax"));		#  2
+	&shl	($acc,8);			#  9
+	&movz	("eax",&HB("eax"));		#  3
+	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	#  8
+	&or	("ecx",$acc);			#  9
+	&movz	($acc,&BP(-128,$tbl,$key,1));	#  2
+	&or	("edx","ebx");			#  8
+	&shl	($acc,16);			#  2
+	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  3
+	&or	("edx",$acc);			#  2
+	&shl	("eax",24);			#  3
+	&or	("ecx","eax");			#  3
+	&mov	($key,$__key);
+	&movd	("mm4","edx");			# t[2] collected
+	&movd	("mm5","ecx");			# t[3] collected
+
+	&punpckldq	("mm4","mm5");		# t[2,3] collected
+}
+
+					if (!$x86only) {
+&function_begin_B("_sse_AES_decrypt_compact");
+	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
+	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
+
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	($__end,$acc);			# end of key schedule
+
+	&mov	($s0,0x1b1b1b1b);		# magic constant
+	&mov	(&DWP(8,"esp"),$s0);
+	&mov	(&DWP(12,"esp"),$s0);
+
+	# prefetch Td4
+	&mov	($s0,&DWP(0-128,$tbl));
+	&mov	($s1,&DWP(32-128,$tbl));
+	&mov	($s2,&DWP(64-128,$tbl));
+	&mov	($s3,&DWP(96-128,$tbl));
+	&mov	($s0,&DWP(128-128,$tbl));
+	&mov	($s1,&DWP(160-128,$tbl));
+	&mov	($s2,&DWP(192-128,$tbl));
+	&mov	($s3,&DWP(224-128,$tbl));
+
+	&set_label("loop",16);
+		&sse_deccompact();
+		&add	($key,16);
+		&cmp	($key,$__end);
+		&ja	(&label("out"));
+
+		# ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
+		&movq	("mm3","mm0");		&movq	("mm7","mm4");
+		&movq	("mm2","mm0",1);	&movq	("mm6","mm4",1);
+		&movq	("mm1","mm0");		&movq	("mm5","mm4");
+		&pshufw	("mm0","mm0",0xb1);	&pshufw	("mm4","mm4",0xb1);# = ROTATE(tp0,16)
+		&pslld	("mm2",8);		&pslld	("mm6",8);
+		&psrld	("mm3",8);		&psrld	("mm7",8);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<8
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>8
+		&pslld	("mm2",16);		&pslld	("mm6",16);
+		&psrld	("mm3",16);		&psrld	("mm7",16);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<24
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>24
+
+		&movq	("mm3",&QWP(8,"esp"));
+		&pxor	("mm2","mm2");		&pxor	("mm6","mm6");
+		&pcmpgtb("mm2","mm1");		&pcmpgtb("mm6","mm5");
+		&pand	("mm2","mm3");		&pand	("mm6","mm3");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm2");		&pxor	("mm5","mm6");	# tp2
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&movq	("mm2","mm1");		&movq	("mm6","mm5");
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp2
+		&pslld	("mm3",24);		&pslld	("mm7",24);
+		&psrld	("mm2",8);		&psrld	("mm6",8);
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp2<<24
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp2>>8
+
+		&movq	("mm2",&QWP(8,"esp"));
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp4
+		&pshufw	("mm3","mm1",0xb1);	&pshufw	("mm7","mm5",0xb1);
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp4
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= ROTATE(tp4,16)	
+
+		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
+		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
+		&pand	("mm3","mm2");		&pand	("mm7","mm2");
+		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
+		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp8
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8
+		&movq	("mm3","mm1");		&movq	("mm7","mm5");
+		&pshufw	("mm2","mm1",0xb1);	&pshufw	("mm6","mm5",0xb1);
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(tp8,16)
+		&pslld	("mm1",8);		&pslld	("mm5",8);
+		&psrld	("mm3",8);		&psrld	("mm7",8);
+		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<8
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>8
+		&mov	($s0,&DWP(0-128,$tbl));
+		&pslld	("mm1",16);		&pslld	("mm5",16);
+		&mov	($s1,&DWP(64-128,$tbl));
+		&psrld	("mm3",16);		&psrld	("mm7",16);
+		&mov	($s2,&DWP(128-128,$tbl));
+		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<24
+		&mov	($s3,&DWP(192-128,$tbl));
+		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>24
+
+		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
+	&jmp	(&label("loop"));
+
+	&set_label("out",16);
+	&pxor	("mm0",&QWP(0,$key));
+	&pxor	("mm4",&QWP(8,$key));
+
+	&ret	();
+&function_end_B("_sse_AES_decrypt_compact");
+					}
+
+######################################################################
+# Vanilla block function.
+######################################################################
+
+sub decstep()
+{ my ($i,$td,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	# no instructions are reordered, as performance appears
+	# optimal... or rather that all attempts to reorder didn't
+	# result in better performance [which by the way is not a
+	# bit lower than ecryption].
+	if($i==3)   {	&mov	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&mov	($out,&DWP(0,$td,$out,8));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&xor	($out,&DWP(3,$td,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	&mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&xor	($out,&DWP(2,$td,$tmp,8));
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&xor	($out,&DWP(1,$td,$tmp,8));
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$__s0);			}
+			&comment();
+}
+
+sub declast()
+{ my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+	if($i==0)   {	&lea	($td,&DWP(2048+128,$td));
+			&mov	($tmp,&DWP(0-128,$td));
+			&mov	($acc,&DWP(32-128,$td));
+			&mov	($tmp,&DWP(64-128,$td));
+			&mov	($acc,&DWP(96-128,$td));
+			&mov	($tmp,&DWP(128-128,$td));
+			&mov	($acc,&DWP(160-128,$td));
+			&mov	($tmp,&DWP(192-128,$td));
+			&mov	($acc,&DWP(224-128,$td));
+			&lea	($td,&DWP(-128,$td));		}
+	if($i==3)   {	&mov	($key,$__key);			}
+	else        {	&mov	($out,$s[0]);			}
+			&and	($out,0xFF);
+			&movz	($out,&BP(0,$td,$out,1));
+
+	if ($i==3)  {	$tmp=$s[1];				}
+			&movz	($tmp,&HB($s[1]));
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,8);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
+	else        {	mov	($tmp,$s[2]);			}
+			&shr	($tmp,16);
+			&and	($tmp,0xFF);
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,16);
+			&xor	($out,$tmp);
+
+	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
+	else        {	&mov	($tmp,$s[3]);			}
+			&shr	($tmp,24);
+			&movz	($tmp,&BP(0,$td,$tmp,1));
+			&shl	($tmp,24);
+			&xor	($out,$tmp);
+	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
+	if ($i==3)  {	&mov	($s[3],$__s0);
+			&lea	($td,&DWP(-2048,$td));		}
+}
+
+&function_begin_B("_x86_AES_decrypt");
+	# note that caller is expected to allocate stack frame for me!
+	&mov	($__key,$key);			# save key
+
+	&xor	($s0,&DWP(0,$key));		# xor with key
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&mov	($acc,&DWP(240,$key));		# load key->rounds
+
+	if ($small_footprint) {
+	    &lea	($acc,&DWP(-2,$acc,$acc));
+	    &lea	($acc,&DWP(0,$key,$acc,8));
+	    &mov	($__end,$acc);		# end of key schedule
+	    &set_label("loop",16);
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&add	($key,16);		# advance rd_key
+		&xor	($s0,&DWP(0,$key));
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+	    &cmp	($key,$__end);
+	    &mov	($__key,$key);
+	    &jb		(&label("loop"));
+	}
+	else {
+	    &cmp	($acc,10);
+	    &jle	(&label("10rounds"));
+	    &cmp	($acc,12);
+	    &jle	(&label("12rounds"));
+
+	&set_label("14rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("12rounds",4);
+	    for ($i=1;$i<3;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	    &add	($key,32);
+	    &mov	($__key,$key);		# advance rd_key
+	&set_label("10rounds",4);
+	    for ($i=1;$i<10;$i++) {
+		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
+		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
+		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
+		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
+		&xor	($s0,&DWP(16*$i+0,$key));
+		&xor	($s1,&DWP(16*$i+4,$key));
+		&xor	($s2,&DWP(16*$i+8,$key));
+		&xor	($s3,&DWP(16*$i+12,$key));
+	    }
+	}
+
+	&declast(0,$tbl,$s0,$s3,$s2,$s1);
+	&declast(1,$tbl,$s1,$s0,$s3,$s2);
+	&declast(2,$tbl,$s2,$s1,$s0,$s3);
+	&declast(3,$tbl,$s3,$s2,$s1,$s0);
+
+	&add	($key,$small_footprint?16:160);
+	&xor	($s0,&DWP(0,$key));
+	&xor	($s1,&DWP(4,$key));
+	&xor	($s2,&DWP(8,$key));
+	&xor	($s3,&DWP(12,$key));
+
+	&ret	();
+
+&set_label("AES_Td",64);	# Yes! I keep it in the code segment!
+	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+&function_end_B("_x86_AES_decrypt");
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&function_begin("AES_decrypt");
+	&mov	($acc,&wparam(0));		# load inp
+	&mov	($key,&wparam(2));		# load key
+
+	&mov	($s0,"esp");
+	&sub	("esp",36);
+	&and	("esp",-64);			# align to cache-line
+
+	# place stack frame just "above" the key schedule
+	&lea	($s1,&DWP(-64-63,$key));
+	&sub	($s1,"esp");
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp",$s1);
+	&add	("esp",4);	# 4 is reserved for caller's return address
+	&mov	($_esp,$s0);	# save stack pointer
+
+	&call   (&label("pic_point"));          # make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+	&lea    ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
+
+	# pick Td4 copy which can't "overlap" with stack frame or key schedule
+	&lea	($s1,&DWP(768-4,"esp"));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),25);	# check for SSE bit
+	&jnc	(&label("x86"));
+
+	&movq	("mm0",&QWP(0,$acc));
+	&movq	("mm4",&QWP(8,$acc));
+	&call	("_sse_AES_decrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&movq	(&QWP(0,$acc),"mm0");		# write output data
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&function_end_A();
+					}
+	&set_label("x86",16);
+	&mov	($_tbl,$tbl);
+	&mov	($s0,&DWP(0,$acc));		# load input data
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+	&call	("_x86_AES_decrypt_compact");
+	&mov	("esp",$_esp);			# restore stack pointer
+	&mov	($acc,&wparam(1));		# load out
+	&mov	(&DWP(0,$acc),$s0);		# write output data
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+&function_end("AES_decrypt");
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const AES_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+#             -4(%esp)		# return address	 0(%esp)
+#              0(%esp)		# s0 backing store	 4(%esp)	
+#              4(%esp)		# s1 backing store	 8(%esp)
+#              8(%esp)		# s2 backing store	12(%esp)
+#             12(%esp)		# s3 backing store	16(%esp)
+#             16(%esp)		# key backup		20(%esp)
+#             20(%esp)		# end of key schedule	24(%esp)
+#             24(%esp)		# %ebp backup		28(%esp)
+#             28(%esp)		# %esp backup
+my $_inp=&DWP(32,"esp");	# copy of wparam(0)
+my $_out=&DWP(36,"esp");	# copy of wparam(1)
+my $_len=&DWP(40,"esp");	# copy of wparam(2)
+my $_key=&DWP(44,"esp");	# copy of wparam(3)
+my $_ivp=&DWP(48,"esp");	# copy of wparam(4)
+my $_tmp=&DWP(52,"esp");	# volatile variable
+#
+my $ivec=&DWP(60,"esp");	# ivec[16]
+my $aes_key=&DWP(76,"esp");	# copy of aes_key
+my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
+
+&function_begin("AES_cbc_encrypt");
+	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
+	&cmp	($s2,0);
+	&je	(&label("drop_out"));
+
+	&call   (&label("pic_point"));		# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+
+	&cmp	(&wparam(5),0);
+	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+	&jne	(&label("picked_te"));
+	&lea	($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
+	&set_label("picked_te");
+
+	# one can argue if this is required
+	&pushf	();
+	&cld	();
+
+	&cmp	($s2,$speed_limit);
+	&jb	(&label("slow_way"));
+	&test	($s2,15);
+	&jnz	(&label("slow_way"));
+					if (!$x86only) {
+	&bt	(&DWP(0,$s0),28);	# check for hyper-threading bit
+	&jc	(&label("slow_way"));
+					}
+	# pre-allocate aligned stack frame...
+	&lea	($acc,&DWP(-80-244,"esp"));
+	&and	($acc,-64);
+
+	# ... and make sure it doesn't alias with $tbl modulo 4096
+	&mov	($s0,$tbl);
+	&lea	($s1,&DWP(2048+256,$tbl));
+	&mov	($s3,$acc);
+	&and	($s0,0xfff);		# s = %ebp&0xfff
+	&and	($s1,0xfff);		# e = (%ebp+2048+256)&0xfff
+	&and	($s3,0xfff);		# p = %esp&0xfff
+
+	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);
+	&jb	(&label("tbl_break_out"));
+	&sub	($s3,$s1);
+	&sub	($acc,$s3);
+	&jmp	(&label("tbl_ok"));
+	&set_label("tbl_break_out",4);	# else %esp -= (p-s)&0xfff + framesz;
+	&sub	($s3,$s0);
+	&and	($s3,0xfff);
+	&add	($s3,384);
+	&sub	($acc,$s3);
+	&set_label("tbl_ok",4);
+
+	&lea	($s3,&wparam(0));	# obtain pointer to parameter block
+	&exch	("esp",$acc);		# allocate stack frame
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_tbl,$tbl);		# save %ebp
+	&mov	($_esp,$acc);		# save %esp
+
+	&mov	($s0,&DWP(0,$s3));	# load inp
+	&mov	($s1,&DWP(4,$s3));	# load out
+	#&mov	($s2,&DWP(8,$s3));	# load len
+	&mov	($key,&DWP(12,$s3));	# load key
+	&mov	($acc,&DWP(16,$s3));	# load ivp
+	&mov	($s3,&DWP(20,$s3));	# load enc flag
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$key);		# save copy of key
+	&mov	($_ivp,$acc);		# save copy of ivp
+
+	&mov	($mark,0);		# copy of aes_key->rounds = 0;
+	# do we copy key schedule to stack?
+	&mov	($s1 eq "ebx" ? $s1 : "",$key);
+	&mov	($s2 eq "ecx" ? $s2 : "",244/4);
+	&sub	($s1,$tbl);
+	&mov	("esi",$key);
+	&and	($s1,0xfff);
+	&lea	("edi",$aes_key);
+	&cmp	($s1,2048+256);
+	&jb	(&label("do_copy"));
+	&cmp	($s1,4096-244);
+	&jb	(&label("skip_copy"));
+	&set_label("do_copy",4);
+		&mov	($_key,"edi");
+		&data_word(0xA5F3F689);	# rep movsd
+	&set_label("skip_copy");
+
+	&mov	($key,16);
+	&set_label("prefetch_tbl",4);
+		&mov	($s0,&DWP(0,$tbl));
+		&mov	($s1,&DWP(32,$tbl));
+		&mov	($s2,&DWP(64,$tbl));
+		&mov	($acc,&DWP(96,$tbl));
+		&lea	($tbl,&DWP(128,$tbl));
+		&sub	($key,1);
+	&jnz	(&label("prefetch_tbl"));
+	&sub	($tbl,2048);
+
+	&mov	($acc,$_inp);
+	&mov	($key,$_ivp);
+
+	&cmp	($s3,0);
+	&je	(&label("fast_decrypt"));
+
+#----------------------------- ENCRYPT -----------------------------#
+	&mov	($s0,&DWP(0,$key));		# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("fast_enc_loop",16);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$acc));	# xor input data
+		&xor	($s1,&DWP(4,$acc));
+		&xor	($s2,&DWP(8,$acc));
+		&xor	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_encrypt");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($s2,$_len);		# load len
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_enc_loop"));
+	&mov	($acc,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last 2 dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# save ivec
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&cmp	($mark,0);		# was the key schedule copied?
+	&mov	("edi",$_key);
+	&je	(&label("skip_ezero"));
+	# zero copy of key schedule
+	&mov	("ecx",240/4);
+	&xor	("eax","eax");
+	&align	(4);
+	&data_word(0xABF3F689);		# rep stosd
+	&set_label("skip_ezero");
+	&mov	("esp",$_esp);
+	&popf	();
+    &set_label("drop_out");
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+#----------------------------- DECRYPT -----------------------------#
+&set_label("fast_decrypt",16);
+
+	&cmp	($acc,$_out);
+	&je	(&label("fast_dec_in_place"));	# in-place processing...
+
+	&mov	($_tmp,$key);
+
+	&align	(4);
+	&set_label("fast_dec_loop",16);
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt");
+
+		&mov	($key,$_tmp);		# load ivp
+		&mov	($acc,$_len);		# load len
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	($key,$_out);		# load out
+		&mov	($acc,$_inp);		# load inp
+
+		&mov	(&DWP(0,$key),$s0);	# write output
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+		&mov	($_tmp,$acc);		# save ivp
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($key,&DWP(16,$key));	# advance out
+		&mov	($_out,$key);		# save out
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_dec_loop"));
+	&mov	($key,$_tmp);		# load temp ivp
+	&mov	($acc,$_ivp);		# load user ivp
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+	&mov	($s2,&DWP(8,$key));
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# copy back to user
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+	&jmp	(&label("fast_dec_out"));
+
+    &set_label("fast_dec_in_place",16);
+	&set_label("fast_dec_in_place_loop");
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&lea	($key,$ivec);
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($acc,$_out);		# load out
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	(&DWP(0,$acc),$s0);	# write output
+		&mov	(&DWP(4,$acc),$s1);
+		&mov	(&DWP(8,$acc),$s2);
+		&mov	(&DWP(12,$acc),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance out
+		&mov	($_out,$acc);		# save out
+
+		&lea	($acc,$ivec);
+		&mov	($s0,&DWP(0,$acc));	# read temp
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	(&DWP(0,$key),$s0);	# copy iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($s2,$_len);		# load len
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&sub	($s2,16);		# decrease len
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("fast_dec_in_place_loop"));
+
+    &set_label("fast_dec_out",4);
+	&cmp	($mark,0);		# was the key schedule copied?
+	&mov	("edi",$_key);
+	&je	(&label("skip_dzero"));
+	# zero copy of key schedule
+	&mov	("ecx",240/4);
+	&xor	("eax","eax");
+	&align	(4);
+	&data_word(0xABF3F689);		# rep stosd
+	&set_label("skip_dzero");
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+&set_label("slow_way",16);
+
+	&mov	($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
+	&mov	($key,&wparam(3));	# load key
+
+	# pre-allocate aligned stack frame...
+	&lea	($acc,&DWP(-80,"esp"));
+	&and	($acc,-64);
+
+	# ... and make sure it doesn't alias with $key modulo 1024
+	&lea	($s1,&DWP(-80-63,$key));
+	&sub	($s1,$acc);
+	&neg	($s1);
+	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	($acc,$s1);
+
+	# pick S-box copy which can't overlap with stack frame or $key
+	&lea	($s1,&DWP(768,$acc));
+	&sub	($s1,$tbl);
+	&and	($s1,0x300);
+	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
+
+	&lea	($s3,&wparam(0));	# pointer to parameter block
+
+	&exch	("esp",$acc);
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_tbl,$tbl);		# save %ebp
+	&mov	($_esp,$acc);		# save %esp
+	&mov	($_tmp,$s0);		# save OPENSSL_ia32cap
+
+	&mov	($s0,&DWP(0,$s3));	# load inp
+	&mov	($s1,&DWP(4,$s3));	# load out
+	#&mov	($s2,&DWP(8,$s3));	# load len
+	#&mov	($key,&DWP(12,$s3));	# load key
+	&mov	($acc,&DWP(16,$s3));	# load ivp
+	&mov	($s3,&DWP(20,$s3));	# load enc flag
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$key);		# save copy of key
+	&mov	($_ivp,$acc);		# save copy of ivp
+
+	&mov	($key,$acc);
+	&mov	($acc,$s0);
+
+	&cmp	($s3,0);
+	&je	(&label("slow_decrypt"));
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+	&cmp	($s2,16);
+	&mov	($s3,$s1);
+	&jb	(&label("slow_enc_tail"));
+
+					if (!$x86only) {
+	&bt	($_tmp,25);		# check for SSE bit
+	&jnc	(&label("slow_enc_x86"));
+
+	&movq	("mm0",&QWP(0,$key));	# load iv
+	&movq	("mm4",&QWP(8,$key));
+
+	&set_label("slow_enc_loop_sse",16);
+		&pxor	("mm0",&QWP(0,$acc));	# xor input data
+		&pxor	("mm4",&QWP(8,$acc));
+
+		&mov	($key,$_key);
+		&call	("_sse_AES_encrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+		&mov	($s2,$_len);		# load len
+
+		&movq	(&QWP(0,$key),"mm0");	# save output data
+		&movq	(&QWP(8,$key),"mm4");
+
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&cmp	($s2,16);
+		&mov	($_len,$s2);		# save len
+	&jae	(&label("slow_enc_loop_sse"));
+	&test	($s2,15);
+	&jnz	(&label("slow_enc_tail"));
+	&mov	($acc,$_ivp);		# load ivp
+	&movq	(&QWP(0,$acc),"mm0");	# save ivec
+	&movq	(&QWP(8,$acc),"mm4");
+	&emms	();
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+					}
+    &set_label("slow_enc_x86",16);
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("slow_enc_loop_x86",4);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$acc));	# xor input data
+		&xor	($s1,&DWP(4,$acc));
+		&xor	($s2,&DWP(8,$acc));
+		&xor	($s3,&DWP(12,$acc));
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_encrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&lea	($s3,&DWP(16,$key));	# advance out
+		&mov	($_out,$s3);		# save out
+		&sub	($s2,16);		# decrease len
+		&cmp	($s2,16);
+		&mov	($_len,$s2);		# save len
+	&jae	(&label("slow_enc_loop_x86"));
+	&test	($s2,15);
+	&jnz	(&label("slow_enc_tail"));
+	&mov	($acc,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$acc),$s0);	# save ivec
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_enc_tail",16);
+	&emms	()	if (!$x86only);
+	&mov	($key eq "edi"? $key:"",$s3);	# load out to edi
+	&mov	($s1,16);
+	&sub	($s1,$s2);
+	&cmp	($key,$acc eq "esi"? $acc:"");	# compare with inp
+	&je	(&label("enc_in_place"));
+	&align	(4);
+	&data_word(0xA4F3F689);	# rep movsb	# copy input
+	&jmp	(&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
+	&lea	($key,&DWP(0,$key,$s2));
+    &set_label("enc_skip_in_place");
+	&mov	($s2,$s1);
+	&xor	($s0,$s0);
+	&align	(4);
+	&data_word(0xAAF3F689);	# rep stosb	# zero tail
+
+	&mov	($key,$_ivp);			# restore ivp
+	&mov	($acc,$s3);			# output as input
+	&mov	($s0,&DWP(0,$key));
+	&mov	($s1,&DWP(4,$key));
+	&mov	($_len,16);			# len=16
+	&jmp	(&label("slow_enc_loop_x86"));	# one more spin...
+
+#--------------------------- SLOW DECRYPT ---------------------------#
+&set_label("slow_decrypt",16);
+					if (!$x86only) {
+	&bt	($_tmp,25);		# check for SSE bit
+	&jnc	(&label("slow_dec_loop_x86"));
+
+	&set_label("slow_dec_loop_sse",4);
+		&movq	("mm0",&QWP(0,$acc));	# read input
+		&movq	("mm4",&QWP(8,$acc));
+
+		&mov	($key,$_key);
+		&call	("_sse_AES_decrypt_compact");
+
+		&mov	($acc,$_inp);		# load inp
+		&lea	($s0,$ivec);
+		&mov	($s1,$_out);		# load out
+		&mov	($s2,$_len);		# load len
+		&mov	($key,$_ivp);		# load ivp
+
+		&movq	("mm1",&QWP(0,$acc));	# re-read input
+		&movq	("mm5",&QWP(8,$acc));
+
+		&pxor	("mm0",&QWP(0,$key));	# xor iv
+		&pxor	("mm4",&QWP(8,$key));
+
+		&movq	(&QWP(0,$key),"mm1");	# copy input to iv
+		&movq	(&QWP(8,$key),"mm5");
+
+		&sub	($s2,16);		# decrease len
+		&jc	(&label("slow_dec_partial_sse"));
+
+		&movq	(&QWP(0,$s1),"mm0");	# write output
+		&movq	(&QWP(8,$s1),"mm4");
+
+		&lea	($s1,&DWP(16,$s1));	# advance out
+		&mov	($_out,$s1);		# save out
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("slow_dec_loop_sse"));
+	&emms	();
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_dec_partial_sse",16);
+	&movq	(&QWP(0,$s0),"mm0");	# save output to temp
+	&movq	(&QWP(8,$s0),"mm4");
+	&emms	();
+
+	&add	($s2 eq "ecx" ? "ecx":"",16);
+	&mov	("edi",$s1);		# out
+	&mov	("esi",$s0);		# temp
+	&align	(4);
+	&data_word(0xA4F3F689);		# rep movsb # copy partial output
+
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+					}
+	&set_label("slow_dec_loop_x86",16);
+		&mov	($s0,&DWP(0,$acc));	# read input
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&lea	($key,$ivec);
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($key,$_key);		# load key
+		&call	("_x86_AES_decrypt_compact");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($acc,$_len);		# load len
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&sub	($acc,16);
+		&jc	(&label("slow_dec_partial_x86"));
+
+		&mov	($_len,$acc);		# save len
+		&mov	($acc,$_out);		# load out
+
+		&mov	(&DWP(0,$acc),$s0);	# write output
+		&mov	(&DWP(4,$acc),$s1);
+		&mov	(&DWP(8,$acc),$s2);
+		&mov	(&DWP(12,$acc),$s3);
+
+		&lea	($acc,&DWP(16,$acc));	# advance out
+		&mov	($_out,$acc);		# save out
+
+		&lea	($acc,$ivec);
+		&mov	($s0,&DWP(0,$acc));	# read temp
+		&mov	($s1,&DWP(4,$acc));
+		&mov	($s2,&DWP(8,$acc));
+		&mov	($s3,&DWP(12,$acc));
+
+		&mov	(&DWP(0,$key),$s0);	# copy it to iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($acc,$_inp);		# load inp
+		&lea	($acc,&DWP(16,$acc));	# advance inp
+		&mov	($_inp,$acc);		# save inp
+	&jnz	(&label("slow_dec_loop_x86"));
+	&mov	("esp",$_esp);
+	&popf	();
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("slow_dec_partial_x86",16);
+	&lea	($acc,$ivec);
+	&mov	(&DWP(0,$acc),$s0);	# save output to temp
+	&mov	(&DWP(4,$acc),$s1);
+	&mov	(&DWP(8,$acc),$s2);
+	&mov	(&DWP(12,$acc),$s3);
+
+	&mov	($acc,$_inp);
+	&mov	($s0,&DWP(0,$acc));	# re-read input
+	&mov	($s1,&DWP(4,$acc));
+	&mov	($s2,&DWP(8,$acc));
+	&mov	($s3,&DWP(12,$acc));
+
+	&mov	(&DWP(0,$key),$s0);	# copy it to iv
+	&mov	(&DWP(4,$key),$s1);
+	&mov	(&DWP(8,$key),$s2);
+	&mov	(&DWP(12,$key),$s3);
+
+	&mov	("ecx",$_len);
+	&mov	("edi",$_out);
+	&lea	("esi",$ivec);
+	&align	(4);
+	&data_word(0xA4F3F689);		# rep movsb # copy partial output
+
+	&mov	("esp",$_esp);
+	&popf	();
+&function_end("AES_cbc_encrypt");
+}
+
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+	&movz	("esi",&LB("edx"));		# rk[i]>>0
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&movz	("esi",&HB("edx"));		# rk[i]>>8
+	&shl	("ebx",24);
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&shr	("edx",16);
+	&movz	("esi",&LB("edx"));		# rk[i]>>16
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&movz	("esi",&HB("edx"));		# rk[i]>>24
+	&shl	("ebx",8);
+	&xor	("eax","ebx");
+
+	&movz	("ebx",&BP(-128,$tbl,"esi",1));
+	&shl	("ebx",16);
+	&xor	("eax","ebx");
+
+	&xor	("eax",&DWP(1024-128,$tbl,"ecx",4));	# rcon
+}
+
+&function_begin("_x86_AES_set_encrypt_key");
+	&mov	("esi",&wparam(1));		# user supplied key
+	&mov	("edi",&wparam(3));		# private key schedule
+
+	&test	("esi",-1);
+	&jz	(&label("badpointer"));
+	&test	("edi",-1);
+	&jz	(&label("badpointer"));
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($tbl);
+	&lea	($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+	&lea	($tbl,&DWP(2048+128,$tbl));
+
+	# prefetch Te4
+	&mov	("eax",&DWP(0-128,$tbl));
+	&mov	("ebx",&DWP(32-128,$tbl));
+	&mov	("ecx",&DWP(64-128,$tbl));
+	&mov	("edx",&DWP(96-128,$tbl));
+	&mov	("eax",&DWP(128-128,$tbl));
+	&mov	("ebx",&DWP(160-128,$tbl));
+	&mov	("ecx",&DWP(192-128,$tbl));
+	&mov	("edx",&DWP(224-128,$tbl));
+
+	&mov	("ecx",&wparam(2));		# number of bits in key
+	&cmp	("ecx",128);
+	&je	(&label("10rounds"));
+	&cmp	("ecx",192);
+	&je	(&label("12rounds"));
+	&cmp	("ecx",256);
+	&je	(&label("14rounds"));
+	&mov	("eax",-2);			# invalid number of bits
+	&jmp	(&label("exit"));
+
+    &set_label("10rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 4 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("10shortcut"));
+
+	&align	(4);
+	&set_label("10loop");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+		&mov	("edx",&DWP(12,"edi"));		# rk[3]
+	&set_label("10shortcut");
+		&enckey	();
+
+		&mov	(&DWP(16,"edi"),"eax");		# rk[4]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(20,"edi"),"eax");		# rk[5]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
+		&inc	("ecx");
+		&add	("edi",16);
+		&cmp	("ecx",10);
+	&jl	(&label("10loop"));
+
+	&mov	(&DWP(80,"edi"),10);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+		
+    &set_label("12rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 6 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+	&mov	("ecx",&DWP(16,"esi"));
+	&mov	("edx",&DWP(20,"esi"));
+	&mov	(&DWP(16,"edi"),"ecx");
+	&mov	(&DWP(20,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("12shortcut"));
+
+	&align	(4);
+	&set_label("12loop");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+		&mov	("edx",&DWP(20,"edi"));		# rk[5]
+	&set_label("12shortcut");
+		&enckey	();
+
+		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
+
+		&cmp	("ecx",7);
+		&je	(&label("12break"));
+		&inc	("ecx");
+
+		&xor	("eax",&DWP(16,"edi"));
+		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
+		&xor	("eax",&DWP(20,"edi"));
+		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
+
+		&add	("edi",24);
+	&jmp	(&label("12loop"));
+
+	&set_label("12break");
+	&mov	(&DWP(72,"edi"),12);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+
+    &set_label("14rounds");
+	&mov	("eax",&DWP(0,"esi"));		# copy first 8 dwords
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&xor	("ecx","ecx");
+	&jmp	(&label("14shortcut"));
+
+	&align	(4);
+	&set_label("14loop");
+		&mov	("edx",&DWP(28,"edi"));		# rk[7]
+	&set_label("14shortcut");
+		&mov	("eax",&DWP(0,"edi"));		# rk[0]
+
+		&enckey	();
+
+		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
+		&xor	("eax",&DWP(4,"edi"));
+		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
+		&xor	("eax",&DWP(8,"edi"));
+		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
+		&xor	("eax",&DWP(12,"edi"));
+		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
+
+		&cmp	("ecx",6);
+		&je	(&label("14break"));
+		&inc	("ecx");
+
+		&mov	("edx","eax");
+		&mov	("eax",&DWP(16,"edi"));		# rk[4]
+		&movz	("esi",&LB("edx"));		# rk[11]>>0
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&movz	("esi",&HB("edx"));		# rk[11]>>8
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&shr	("edx",16);
+		&shl	("ebx",8);
+		&movz	("esi",&LB("edx"));		# rk[11]>>16
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&movz	("esi",&HB("edx"));		# rk[11]>>24
+		&shl	("ebx",16);
+		&xor	("eax","ebx");
+
+		&movz	("ebx",&BP(-128,$tbl,"esi",1));
+		&shl	("ebx",24);
+		&xor	("eax","ebx");
+
+		&mov	(&DWP(48,"edi"),"eax");		# rk[12]
+		&xor	("eax",&DWP(20,"edi"));
+		&mov	(&DWP(52,"edi"),"eax");		# rk[13]
+		&xor	("eax",&DWP(24,"edi"));
+		&mov	(&DWP(56,"edi"),"eax");		# rk[14]
+		&xor	("eax",&DWP(28,"edi"));
+		&mov	(&DWP(60,"edi"),"eax");		# rk[15]
+
+		&add	("edi",32);
+	&jmp	(&label("14loop"));
+
+	&set_label("14break");
+	&mov	(&DWP(48,"edi"),14);		# setup number of rounds
+	&xor	("eax","eax");
+	&jmp	(&label("exit"));
+
+    &set_label("badpointer");
+	&mov	("eax",-1);
+    &set_label("exit");
+&function_end("_x86_AES_set_encrypt_key");
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&function_begin_B("AES_set_encrypt_key");
+	&call	("_x86_AES_set_encrypt_key");
+	&ret	();
+&function_end_B("AES_set_encrypt_key");
+
+sub deckey()
+{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
+  my $tmp = $tbl;
+
+	&mov	($tmp,0x80808080);
+	&and	($tmp,$tp1);
+	&lea	($tp2,&DWP(0,$tp1,$tp1));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&sub	($acc,$tmp);
+	&and	($tp2,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	&xor	($tp2,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp2);
+	&lea	($tp4,&DWP(0,$tp2,$tp2));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	&sub	($acc,$tmp);
+	&and	($tp4,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &xor	($tp2,$tp1);	# tp2^tp1
+	&xor	($tp4,$acc);
+	&mov	($tmp,0x80808080);
+
+	&and	($tmp,$tp4);
+	&lea	($tp8,&DWP(0,$tp4,$tp4));
+	&mov	($acc,$tmp);
+	&shr	($tmp,7);
+	 &xor	($tp4,$tp1);	# tp4^tp1
+	&sub	($acc,$tmp);
+	&and	($tp8,0xfefefefe);
+	&and	($acc,0x1b1b1b1b);
+	 &rotl	($tp1,8);	# = ROTATE(tp1,8)
+	&xor	($tp8,$acc);
+
+	&mov	($tmp,&DWP(4*($i+1),$key));	# modulo-scheduled load
+
+	&xor	($tp1,$tp2);
+	&xor	($tp2,$tp8);
+	&xor	($tp1,$tp4);
+	&rotl	($tp2,24);
+	&xor	($tp4,$tp8);
+	&xor	($tp1,$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
+	&rotl	($tp4,16);
+	&xor	($tp1,$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
+	&rotl	($tp8,8);
+	&xor	($tp1,$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
+	&mov	($tp2,$tmp);
+	&xor	($tp1,$tp8);	# ^= ROTATE(tp8,8)
+
+	&mov	(&DWP(4*$i,$key),$tp1);
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&function_begin_B("AES_set_decrypt_key");
+	&call	("_x86_AES_set_encrypt_key");
+	&cmp	("eax",0);
+	&je	(&label("proceed"));
+	&ret	();
+
+    &set_label("proceed");
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+
+	&mov	("esi",&wparam(2));
+	&mov	("ecx",&DWP(240,"esi"));	# pull number of rounds
+	&lea	("ecx",&DWP(0,"","ecx",4));
+	&lea	("edi",&DWP(0,"esi","ecx",4));	# pointer to last chunk
+
+	&set_label("invert",4);			# invert order of chunks
+		&mov	("eax",&DWP(0,"esi"));
+		&mov	("ebx",&DWP(4,"esi"));
+		&mov	("ecx",&DWP(0,"edi"));
+		&mov	("edx",&DWP(4,"edi"));
+		&mov	(&DWP(0,"edi"),"eax");
+		&mov	(&DWP(4,"edi"),"ebx");
+		&mov	(&DWP(0,"esi"),"ecx");
+		&mov	(&DWP(4,"esi"),"edx");
+		&mov	("eax",&DWP(8,"esi"));
+		&mov	("ebx",&DWP(12,"esi"));
+		&mov	("ecx",&DWP(8,"edi"));
+		&mov	("edx",&DWP(12,"edi"));
+		&mov	(&DWP(8,"edi"),"eax");
+		&mov	(&DWP(12,"edi"),"ebx");
+		&mov	(&DWP(8,"esi"),"ecx");
+		&mov	(&DWP(12,"esi"),"edx");
+		&add	("esi",16);
+		&sub	("edi",16);
+		&cmp	("esi","edi");
+	&jne	(&label("invert"));
+
+	&mov	($key,&wparam(2));
+	&mov	($acc,&DWP(240,$key));		# pull number of rounds
+	&lea	($acc,&DWP(-2,$acc,$acc));
+	&lea	($acc,&DWP(0,$key,$acc,8));
+	&mov	(&wparam(2),$acc);
+
+	&mov	($s0,&DWP(16,$key));		# modulo-scheduled load
+	&set_label("permute",4);		# permute the key schedule
+		&add	($key,16);
+		&deckey	(0,$key,$s0,$s1,$s2,$s3);
+		&deckey	(1,$key,$s1,$s2,$s3,$s0);
+		&deckey	(2,$key,$s2,$s3,$s0,$s1);
+		&deckey	(3,$key,$s3,$s0,$s1,$s2);
+		&cmp	($key,&wparam(2));
+	&jb	(&label("permute"));
+
+	&xor	("eax","eax");			# return success
+&function_end("AES_set_decrypt_key");
+&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-armv4.pl b/openssl-1.1.0h/crypto/aes/asm/aes-armv4.pl
new file mode 100644
index 0000000..9981589
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-armv4.pl
@@ -0,0 +1,1245 @@
+#! /usr/bin/env perl
+# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for ARMv4
+
+# January 2007.
+#
+# Code uses single 1K S-box and is >2 times faster than code generated
+# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
+# allows to merge logical or arithmetic operation with shift or rotate
+# in one instruction and emit combined result every cycle. The module
+# is endian-neutral. The performance is ~42 cycles/byte for 128-bit
+# key [on single-issue Xscale PXA250 core].
+
+# May 2007.
+#
+# AES_set_[en|de]crypt_key is added.
+
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 12% improvement on
+# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~21.5 cycles per byte.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$s0="r0";
+$s1="r1";
+$s2="r2";
+$s3="r3";
+$t1="r4";
+$t2="r5";
+$t3="r6";
+$i1="r7";
+$i2="r8";
+$i3="r9";
+
+$tbl="r10";
+$key="r11";
+$rounds="r12";
+
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+#endif
+
+.text
+#if defined(__thumb2__) && !defined(__APPLE__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#undef __thumb2__
+#endif
+
+.type	AES_Te,%object
+.align	5
+AES_Te:
+.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+@ Te4[256]
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+@ rcon[]
+.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
+.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
+.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.size	AES_Te,.-AES_Te
+
+@ void AES_encrypt(const unsigned char *in, unsigned char *out,
+@ 		 const AES_KEY *key) {
+.global AES_encrypt
+.type   AES_encrypt,%function
+.align	5
+AES_encrypt:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_encrypt
+#else
+	adr	r3,.
+#endif
+	stmdb   sp!,{r1,r4-r12,lr}
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Te
+#else
+	sub	$tbl,r3,#AES_encrypt-AES_Te	@ Te
+#endif
+	mov	$rounds,r0		@ inp
+	mov	$key,r2
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	orr	$s3,$s3,$t2,lsl#16
+	orr	$s3,$s3,$t3,lsl#24
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+#endif
+	bl	_armv4_AES_encrypt
+
+	ldr	$rounds,[sp],#4		@ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$rounds,#0]
+	str	$s1,[$rounds,#4]
+	str	$s2,[$rounds,#8]
+	str	$s3,[$rounds,#12]
+#else
+	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
+	mov	$t2,$s0,lsr#16		@ manner...
+	mov	$t3,$s0,lsr#8
+	strb	$t1,[$rounds,#0]
+	strb	$t2,[$rounds,#1]
+	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
+	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
+	mov	$t3,$s1,lsr#8
+	strb	$t1,[$rounds,#4]
+	strb	$t2,[$rounds,#5]
+	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
+	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
+	mov	$t3,$s2,lsr#8
+	strb	$t1,[$rounds,#8]
+	strb	$t2,[$rounds,#9]
+	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
+	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
+	mov	$t3,$s3,lsr#8
+	strb	$t1,[$rounds,#12]
+	strb	$t2,[$rounds,#13]
+	strb	$t3,[$rounds,#14]
+	strb	$s3,[$rounds,#15]
+#endif
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_encrypt,.-AES_encrypt
+
+.type   _armv4_AES_encrypt,%function
+.align	2
+_armv4_AES_encrypt:
+	str	lr,[sp,#-4]!		@ push lr
+	ldmia	$key!,{$t1-$i1}
+	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
+	eor	$s1,$s1,$t2
+	eor	$s2,$s2,$t3
+	eor	$s3,$s3,$i1
+	sub	$rounds,$rounds,#1
+	mov	lr,#255
+
+	and	$i1,lr,$s0
+	and	$i2,lr,$s0,lsr#8
+	and	$i3,lr,$s0,lsr#16
+	mov	$s0,$s0,lsr#24
+.Lenc_loop:
+	ldr	$t1,[$tbl,$i1,lsl#2]	@ Te3[s0>>0]
+	and	$i1,lr,$s1,lsr#16	@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Te2[s0>>8]
+	and	$i2,lr,$s1
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Te1[s0>>16]
+	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Te0[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te1[s1>>16]
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te3[s1>>0]
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te2[s1>>8]
+	eor	$s0,$s0,$i1,ror#8
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Te0[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,ror#8
+	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$t3,$i3,ror#8
+	and	$i3,lr,$s2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
+	eor	$s1,$s1,$t1,ror#24
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
+	mov	$s2,$s2,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te3[s2>>0]
+	eor	$s0,$s0,$i1,ror#16
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
+	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,ror#8
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$t3,$i3,ror#16
+	and	$i3,lr,$s3,lsr#16	@ i2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
+	eor	$s2,$s2,$t2,ror#16
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te1[s3>>16]
+	eor	$s0,$s0,$i1,ror#24
+	ldr	$i1,[$key],#16
+	eor	$s1,$s1,$i2,ror#16
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
+	eor	$s2,$s2,$i3,ror#8
+	ldr	$t1,[$key,#-12]
+	eor	$s3,$s3,$t3,ror#8
+
+	ldr	$t2,[$key,#-8]
+	eor	$s0,$s0,$i1
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0,lsr#16
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
+
+	subs	$rounds,$rounds,#1
+	bne	.Lenc_loop
+
+	add	$tbl,$tbl,#2
+
+	ldrb	$t1,[$tbl,$i1,lsl#2]	@ Te4[s0>>0]
+	and	$i1,lr,$s1,lsr#16	@ i0
+	ldrb	$t2,[$tbl,$i2,lsl#2]	@ Te4[s0>>8]
+	and	$i2,lr,$s1
+	ldrb	$t3,[$tbl,$i3,lsl#2]	@ Te4[s0>>16]
+	and	$i3,lr,$s1,lsr#8
+	ldrb	$s0,[$tbl,$s0,lsl#2]	@ Te4[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s1>>16]
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s1>>0]
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s1>>8]
+	eor	$s0,$i1,$s0,lsl#8
+	ldrb	$s1,[$tbl,$s1,lsl#2]	@ Te4[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,lsl#8
+	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$i3,$t3,lsl#8
+	and	$i3,lr,$s2
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
+	eor	$s1,$t1,$s1,lsl#24
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
+	mov	$s2,$s2,lsr#24
+
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s2>>0]
+	eor	$s0,$i1,$s0,lsl#8
+	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
+	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,lsl#16
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,lsl#8
+	and	$i3,lr,$s3,lsr#16	@ i2
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
+	eor	$s2,$t2,$s2,lsl#24
+	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s3>>16]
+	eor	$s0,$i1,$s0,lsl#8
+	ldr	$i1,[$key,#0]
+	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
+	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
+	eor	$s2,$s2,$i3,lsl#16
+	ldr	$t2,[$key,#8]
+	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
+
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
+
+	sub	$tbl,$tbl,#2
+	ldr	pc,[sp],#4		@ pop and return
+.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
+
+.global AES_set_encrypt_key
+.type   AES_set_encrypt_key,%function
+.align	5
+AES_set_encrypt_key:
+_armv4_AES_set_encrypt_key:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_set_encrypt_key
+#else
+	adr	r3,.
+#endif
+	teq	r0,#0
+#ifdef	__thumb2__
+	itt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	moveq	r0,#-1
+	beq	.Labrt
+	teq	r2,#0
+#ifdef	__thumb2__
+	itt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	moveq	r0,#-1
+	beq	.Labrt
+
+	teq	r1,#128
+	beq	.Lok
+	teq	r1,#192
+	beq	.Lok
+	teq	r1,#256
+#ifdef	__thumb2__
+	itt	ne			@ Thumb2 thing, sanity check in ARM
+#endif
+	movne	r0,#-1
+	bne	.Labrt
+
+.Lok:	stmdb   sp!,{r4-r12,lr}
+	mov	$rounds,r0		@ inp
+	mov	lr,r1			@ bits
+	mov	$key,r2			@ key
+
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Te+1024				@ Te4
+#else
+	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
+#endif
+
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	str	$s0,[$key],#16
+	orr	$s3,$s3,$t2,lsl#16
+	str	$s1,[$key,#-12]
+	orr	$s3,$s3,$t3,lsl#24
+	str	$s2,[$key,#-8]
+	str	$s3,[$key,#-4]
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$key],#16
+	str	$s1,[$key,#-12]
+	str	$s2,[$key,#-8]
+	str	$s3,[$key,#-4]
+#endif
+
+	teq	lr,#128
+	bne	.Lnot128
+	mov	$rounds,#10
+	str	$rounds,[$key,#240-16]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+
+.L128_loop:
+	and	$t2,lr,$s3,lsr#24
+	and	$i1,lr,$s3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$t2,$t2,$t1
+	eor	$s0,$s0,$t2			@ rk[4]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[5]=rk[1]^rk[4]
+	str	$s0,[$key],#16
+	eor	$s2,$s2,$s1			@ rk[6]=rk[2]^rk[5]
+	str	$s1,[$key,#-12]
+	eor	$s3,$s3,$s2			@ rk[7]=rk[3]^rk[6]
+	str	$s2,[$key,#-8]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-4]
+	bne	.L128_loop
+	sub	r2,$key,#176
+	b	.Ldone
+
+.Lnot128:
+#if __ARM_ARCH__<7
+	ldrb	$i2,[$rounds,#19]
+	ldrb	$t1,[$rounds,#18]
+	ldrb	$t2,[$rounds,#17]
+	ldrb	$t3,[$rounds,#16]
+	orr	$i2,$i2,$t1,lsl#8
+	ldrb	$i3,[$rounds,#23]
+	orr	$i2,$i2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#22]
+	orr	$i2,$i2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#21]
+	ldrb	$t3,[$rounds,#20]
+	orr	$i3,$i3,$t1,lsl#8
+	orr	$i3,$i3,$t2,lsl#16
+	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
+	str	$i3,[$key,#-4]
+#else
+	ldr	$i2,[$rounds,#16]
+	ldr	$i3,[$rounds,#20]
+#ifdef __ARMEL__
+	rev	$i2,$i2
+	rev	$i3,$i3
+#endif
+	str	$i2,[$key],#8
+	str	$i3,[$key,#-4]
+#endif
+
+	teq	lr,#192
+	bne	.Lnot192
+	mov	$rounds,#12
+	str	$rounds,[$key,#240-24]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+	mov	$rounds,#8
+
+.L192_loop:
+	and	$t2,lr,$i3,lsr#24
+	and	$i1,lr,$i3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$i3,$t2,$t1
+	eor	$s0,$s0,$i3			@ rk[6]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[7]=rk[1]^rk[6]
+	str	$s0,[$key],#24
+	eor	$s2,$s2,$s1			@ rk[8]=rk[2]^rk[7]
+	str	$s1,[$key,#-20]
+	eor	$s3,$s3,$s2			@ rk[9]=rk[3]^rk[8]
+	str	$s2,[$key,#-16]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-12]
+#ifdef	__thumb2__
+	itt	eq				@ Thumb2 thing, sanity check in ARM
+#endif
+	subeq	r2,$key,#216
+	beq	.Ldone
+
+	ldr	$i1,[$key,#-32]
+	ldr	$i2,[$key,#-28]
+	eor	$i1,$i1,$s3			@ rk[10]=rk[4]^rk[9]
+	eor	$i3,$i2,$i1			@ rk[11]=rk[5]^rk[10]
+	str	$i1,[$key,#-8]
+	str	$i3,[$key,#-4]
+	b	.L192_loop
+
+.Lnot192:
+#if __ARM_ARCH__<7
+	ldrb	$i2,[$rounds,#27]
+	ldrb	$t1,[$rounds,#26]
+	ldrb	$t2,[$rounds,#25]
+	ldrb	$t3,[$rounds,#24]
+	orr	$i2,$i2,$t1,lsl#8
+	ldrb	$i3,[$rounds,#31]
+	orr	$i2,$i2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#30]
+	orr	$i2,$i2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#29]
+	ldrb	$t3,[$rounds,#28]
+	orr	$i3,$i3,$t1,lsl#8
+	orr	$i3,$i3,$t2,lsl#16
+	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
+	str	$i3,[$key,#-4]
+#else
+	ldr	$i2,[$rounds,#24]
+	ldr	$i3,[$rounds,#28]
+#ifdef __ARMEL__
+	rev	$i2,$i2
+	rev	$i3,$i3
+#endif
+	str	$i2,[$key],#8
+	str	$i3,[$key,#-4]
+#endif
+
+	mov	$rounds,#14
+	str	$rounds,[$key,#240-32]
+	add	$t3,$tbl,#256			@ rcon
+	mov	lr,#255
+	mov	$rounds,#7
+
+.L256_loop:
+	and	$t2,lr,$i3,lsr#24
+	and	$i1,lr,$i3,lsr#16
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
+	orr	$t2,$t2,$i3,lsl#8
+	eor	$i3,$t2,$t1
+	eor	$s0,$s0,$i3			@ rk[8]=rk[0]^...
+	eor	$s1,$s1,$s0			@ rk[9]=rk[1]^rk[8]
+	str	$s0,[$key],#32
+	eor	$s2,$s2,$s1			@ rk[10]=rk[2]^rk[9]
+	str	$s1,[$key,#-28]
+	eor	$s3,$s3,$s2			@ rk[11]=rk[3]^rk[10]
+	str	$s2,[$key,#-24]
+	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-20]
+#ifdef	__thumb2__
+	itt	eq				@ Thumb2 thing, sanity check in ARM
+#endif
+	subeq	r2,$key,#256
+	beq	.Ldone
+
+	and	$t2,lr,$s3
+	and	$i1,lr,$s3,lsr#8
+	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#16
+	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3,lsr#24
+	ldrb	$i2,[$tbl,$i2]
+	orr	$t2,$t2,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]
+	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$key,#-48]
+	orr	$t2,$t2,$i3,lsl#24
+
+	ldr	$i1,[$key,#-44]
+	ldr	$i2,[$key,#-40]
+	eor	$t1,$t1,$t2			@ rk[12]=rk[4]^...
+	ldr	$i3,[$key,#-36]
+	eor	$i1,$i1,$t1			@ rk[13]=rk[5]^rk[12]
+	str	$t1,[$key,#-16]
+	eor	$i2,$i2,$i1			@ rk[14]=rk[6]^rk[13]
+	str	$i1,[$key,#-12]
+	eor	$i3,$i3,$i2			@ rk[15]=rk[7]^rk[14]
+	str	$i2,[$key,#-8]
+	str	$i3,[$key,#-4]
+	b	.L256_loop
+
+.align	2
+.Ldone:	mov	r0,#0
+	ldmia   sp!,{r4-r12,lr}
+.Labrt:
+#if __ARM_ARCH__>=5
+	ret				@ bx lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.global AES_set_decrypt_key
+.type   AES_set_decrypt_key,%function
+.align	5
+AES_set_decrypt_key:
+	str	lr,[sp,#-4]!            @ push lr
+	bl	_armv4_AES_set_encrypt_key
+	teq	r0,#0
+	ldr	lr,[sp],#4              @ pop lr
+	bne	.Labrt
+
+	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
+	mov	r1,r2			@ which is AES_KEY *key
+	b	_armv4_AES_set_enc2dec_key
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+
+@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
+.global	AES_set_enc2dec_key
+.type	AES_set_enc2dec_key,%function
+.align	5
+AES_set_enc2dec_key:
+_armv4_AES_set_enc2dec_key:
+	stmdb   sp!,{r4-r12,lr}
+
+	ldr	$rounds,[r0,#240]
+	mov	$i1,r0			@ input
+	add	$i2,r0,$rounds,lsl#4
+	mov	$key,r1			@ output
+	add	$tbl,r1,$rounds,lsl#4
+	str	$rounds,[r1,#240]
+
+.Linv:	ldr	$s0,[$i1],#16
+	ldr	$s1,[$i1,#-12]
+	ldr	$s2,[$i1,#-8]
+	ldr	$s3,[$i1,#-4]
+	ldr	$t1,[$i2],#-16
+	ldr	$t2,[$i2,#16+4]
+	ldr	$t3,[$i2,#16+8]
+	ldr	$i3,[$i2,#16+12]
+	str	$s0,[$tbl],#-16
+	str	$s1,[$tbl,#16+4]
+	str	$s2,[$tbl,#16+8]
+	str	$s3,[$tbl,#16+12]
+	str	$t1,[$key],#16
+	str	$t2,[$key,#-12]
+	str	$t3,[$key,#-8]
+	str	$i3,[$key,#-4]
+	teq	$i1,$i2
+	bne	.Linv
+
+	ldr	$s0,[$i1]
+	ldr	$s1,[$i1,#4]
+	ldr	$s2,[$i1,#8]
+	ldr	$s3,[$i1,#12]
+	str	$s0,[$key]
+	str	$s1,[$key,#4]
+	str	$s2,[$key,#8]
+	str	$s3,[$key,#12]
+	sub	$key,$key,$rounds,lsl#3
+___
+$mask80=$i1;
+$mask1b=$i2;
+$mask7f=$i3;
+$code.=<<___;
+	ldr	$s0,[$key,#16]!		@ prefetch tp1
+	mov	$mask80,#0x80
+	mov	$mask1b,#0x1b
+	orr	$mask80,$mask80,#0x8000
+	orr	$mask1b,$mask1b,#0x1b00
+	orr	$mask80,$mask80,$mask80,lsl#16
+	orr	$mask1b,$mask1b,$mask1b,lsl#16
+	sub	$rounds,$rounds,#1
+	mvn	$mask7f,$mask80
+	mov	$rounds,$rounds,lsl#2	@ (rounds-1)*4
+
+.Lmix:	and	$t1,$s0,$mask80
+	and	$s1,$s0,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s1,$t1,$s1,lsl#1	@ tp2
+
+	and	$t1,$s1,$mask80
+	and	$s2,$s1,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s2,$t1,$s2,lsl#1	@ tp4
+
+	and	$t1,$s2,$mask80
+	and	$s3,$s2,$mask7f
+	sub	$t1,$t1,$t1,lsr#7
+	and	$t1,$t1,$mask1b
+	eor	$s3,$t1,$s3,lsl#1	@ tp8
+
+	eor	$t1,$s1,$s2
+	eor	$t2,$s0,$s3		@ tp9
+	eor	$t1,$t1,$s3		@ tpe
+	eor	$t1,$t1,$s1,ror#24
+	eor	$t1,$t1,$t2,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
+	eor	$t1,$t1,$s2,ror#16
+	eor	$t1,$t1,$t2,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
+	eor	$t1,$t1,$t2,ror#8	@ ^= ROTATE(tp9,24)
+
+	ldr	$s0,[$key,#4]		@ prefetch tp1
+	str	$t1,[$key],#4
+	subs	$rounds,$rounds,#1
+	bne	.Lmix
+
+	mov	r0,#0
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
+
+.type	AES_Td,%object
+.align	5
+AES_Td:
+.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+@ Td4[256]
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td,.-AES_Td
+
+@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@ 		 const AES_KEY *key) {
+.global AES_decrypt
+.type   AES_decrypt,%function
+.align	5
+AES_decrypt:
+#ifndef	__thumb2__
+	sub	r3,pc,#8		@ AES_decrypt
+#else
+	adr	r3,.
+#endif
+	stmdb   sp!,{r1,r4-r12,lr}
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$tbl,AES_Td
+#else
+	sub	$tbl,r3,#AES_decrypt-AES_Td	@ Td
+#endif
+	mov	$rounds,r0		@ inp
+	mov	$key,r2
+#if __ARM_ARCH__<7
+	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
+	ldrb	$t1,[$rounds,#2]	@ manner...
+	ldrb	$t2,[$rounds,#1]
+	ldrb	$t3,[$rounds,#0]
+	orr	$s0,$s0,$t1,lsl#8
+	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
+	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
+	ldrb	$t2,[$rounds,#5]
+	ldrb	$t3,[$rounds,#4]
+	orr	$s1,$s1,$t1,lsl#8
+	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
+	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
+	ldrb	$t2,[$rounds,#9]
+	ldrb	$t3,[$rounds,#8]
+	orr	$s2,$s2,$t1,lsl#8
+	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
+	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
+	ldrb	$t2,[$rounds,#13]
+	ldrb	$t3,[$rounds,#12]
+	orr	$s3,$s3,$t1,lsl#8
+	orr	$s3,$s3,$t2,lsl#16
+	orr	$s3,$s3,$t3,lsl#24
+#else
+	ldr	$s0,[$rounds,#0]
+	ldr	$s1,[$rounds,#4]
+	ldr	$s2,[$rounds,#8]
+	ldr	$s3,[$rounds,#12]
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+#endif
+	bl	_armv4_AES_decrypt
+
+	ldr	$rounds,[sp],#4		@ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+	rev	$s0,$s0
+	rev	$s1,$s1
+	rev	$s2,$s2
+	rev	$s3,$s3
+#endif
+	str	$s0,[$rounds,#0]
+	str	$s1,[$rounds,#4]
+	str	$s2,[$rounds,#8]
+	str	$s3,[$rounds,#12]
+#else
+	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
+	mov	$t2,$s0,lsr#16		@ manner...
+	mov	$t3,$s0,lsr#8
+	strb	$t1,[$rounds,#0]
+	strb	$t2,[$rounds,#1]
+	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
+	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
+	mov	$t3,$s1,lsr#8
+	strb	$t1,[$rounds,#4]
+	strb	$t2,[$rounds,#5]
+	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
+	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
+	mov	$t3,$s2,lsr#8
+	strb	$t1,[$rounds,#8]
+	strb	$t2,[$rounds,#9]
+	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
+	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
+	mov	$t3,$s3,lsr#8
+	strb	$t1,[$rounds,#12]
+	strb	$t2,[$rounds,#13]
+	strb	$t3,[$rounds,#14]
+	strb	$s3,[$rounds,#15]
+#endif
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia   sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	AES_decrypt,.-AES_decrypt
+
+.type   _armv4_AES_decrypt,%function
+.align	2
+_armv4_AES_decrypt:
+	str	lr,[sp,#-4]!		@ push lr
+	ldmia	$key!,{$t1-$i1}
+	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
+	eor	$s1,$s1,$t2
+	eor	$s2,$s2,$t3
+	eor	$s3,$s3,$i1
+	sub	$rounds,$rounds,#1
+	mov	lr,#255
+
+	and	$i1,lr,$s0,lsr#16
+	and	$i2,lr,$s0,lsr#8
+	and	$i3,lr,$s0
+	mov	$s0,$s0,lsr#24
+.Ldec_loop:
+	ldr	$t1,[$tbl,$i1,lsl#2]	@ Td1[s0>>16]
+	and	$i1,lr,$s1		@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Td2[s0>>8]
+	and	$i2,lr,$s1,lsr#16
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Td3[s0>>0]
+	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Td0[s0>>24]
+	mov	$s1,$s1,lsr#24
+
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td3[s1>>0]
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td1[s1>>16]
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td2[s1>>8]
+	eor	$s0,$s0,$i1,ror#24
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Td0[s1>>24]
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,ror#8
+	and	$i2,lr,$s2		@ i1
+	eor	$t3,$i3,$t3,ror#8
+	and	$i3,lr,$s2,lsr#16
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
+	eor	$s1,$s1,$t1,ror#8
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
+	mov	$s2,$s2,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td1[s2>>16]
+	eor	$s0,$s0,$i1,ror#16
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
+	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s1,$s1,$i2,ror#24
+	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,ror#8
+	and	$i3,lr,$s3		@ i2
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
+	eor	$s2,$s2,$t2,ror#8
+	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
+	mov	$s3,$s3,lsr#24
+
+	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td3[s3>>0]
+	eor	$s0,$s0,$i1,ror#8
+	ldr	$i1,[$key],#16
+	eor	$s1,$s1,$i2,ror#16
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
+	eor	$s2,$s2,$i3,ror#24
+
+	ldr	$t1,[$key,#-12]
+	eor	$s0,$s0,$i1
+	ldr	$t2,[$key,#-8]
+	eor	$s3,$s3,$t3,ror#8
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0,lsr#16
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
+
+	subs	$rounds,$rounds,#1
+	bne	.Ldec_loop
+
+	add	$tbl,$tbl,#1024
+
+	ldr	$t2,[$tbl,#0]		@ prefetch Td4
+	ldr	$t3,[$tbl,#32]
+	ldr	$t1,[$tbl,#64]
+	ldr	$t2,[$tbl,#96]
+	ldr	$t3,[$tbl,#128]
+	ldr	$t1,[$tbl,#160]
+	ldr	$t2,[$tbl,#192]
+	ldr	$t3,[$tbl,#224]
+
+	ldrb	$s0,[$tbl,$s0]		@ Td4[s0>>24]
+	ldrb	$t1,[$tbl,$i1]		@ Td4[s0>>16]
+	and	$i1,lr,$s1		@ i0
+	ldrb	$t2,[$tbl,$i2]		@ Td4[s0>>8]
+	and	$i2,lr,$s1,lsr#16
+	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
+	and	$i3,lr,$s1,lsr#8
+
+	add	$s1,$tbl,$s1,lsr#24
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s1>>0]
+	ldrb	$s1,[$s1]		@ Td4[s1>>24]
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s1>>16]
+	eor	$s0,$i1,$s0,lsl#24
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
+	eor	$s1,$t1,$s1,lsl#8
+	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,lsl#8
+	and	$i2,lr,$s2		@ i1
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
+	eor	$t3,$t3,$i3,lsl#8
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
+	and	$i3,lr,$s2,lsr#16
+
+	add	$s2,$tbl,$s2,lsr#24
+	ldrb	$s2,[$s2]		@ Td4[s2>>24]
+	eor	$s0,$s0,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
+	eor	$s1,$i2,$s1,lsl#16
+	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s2,$t2,$s2,lsl#16
+	and	$i2,lr,$s3,lsr#8	@ i1
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
+	eor	$t3,$t3,$i3,lsl#16
+	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
+	and	$i3,lr,$s3		@ i2
+
+	add	$s3,$tbl,$s3,lsr#24
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
+	ldrb	$s3,[$s3]		@ Td4[s3>>24]
+	eor	$s0,$s0,$i1,lsl#16
+	ldr	$i1,[$key,#0]
+	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
+	eor	$s2,$i3,$s2,lsl#8
+	ldr	$t2,[$key,#8]
+	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
+
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
+
+	sub	$tbl,$tbl,#1024
+	ldr	pc,[sp],#4		@ pop and return
+.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
+.asciz	"AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
+$code =~ s/\bret\b/bx\tlr/gm;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+print $code;
+close STDOUT;	# enforce flush
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-c64xplus.pl b/openssl-1.1.0h/crypto/aes/asm/aes-c64xplus.pl
new file mode 100644
index 0000000..19d2cc1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-c64xplus.pl
@@ -0,0 +1,1382 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# [Endian-neutral] AES for C64x+.
+#
+# Even though SPLOOPs are scheduled for 13 cycles, and thus expected
+# performance is ~8.5 cycles per byte processed with 128-bit key,
+# measured performance turned to be ~10 cycles per byte. Discrepancy
+# must be caused by limitations of L1D memory banking(*), see SPRU871
+# TI publication for further details. If any consolation it's still
+# ~20% faster than TI's linear assembly module anyway... Compared to
+# aes_core.c compiled with cl6x 6.0 with -mv6400+ -o2 options this
+# code is 3.75x faster and almost 3x smaller (tables included).
+#
+# (*)	This means that there might be subtle correlation between data
+#	and timing and one can wonder if it can be ... attacked:-(
+#	On the other hand this also means that *if* one chooses to
+#	implement *4* T-tables variant [instead of 1 T-table as in
+#	this implementation, or in addition to], then one ought to
+#	*interleave* them. Even though it complicates addressing,
+#	references to interleaved tables would be guaranteed not to
+#	clash. I reckon that it should be possible to break 8 cycles
+#	per byte "barrier," i.e. improve by ~20%, naturally at the
+#	cost of 8x increased pressure on L1D. 8x because you'd have
+#	to interleave both Te and Td tables...
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($TEA,$TEB)=("A5","B5");
+($KPA,$KPB)=("A3","B1");
+@K=("A6","B6","A7","B7");
+@s=("A8","B8","A9","B9");
+@Te0=@Td0=("A16","B16","A17","B17");
+@Te1=@Td1=("A18","B18","A19","B19");
+@Te2=@Td2=("A20","B20","A21","B21");
+@Te3=@Td3=("A22","B22","A23","B23");
+
+$code=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	AES_encrypt,_AES_encrypt
+	.asg	AES_decrypt,_AES_decrypt
+	.asg	AES_set_encrypt_key,_AES_set_encrypt_key
+	.asg	AES_set_decrypt_key,_AES_set_decrypt_key
+	.asg	AES_ctr32_encrypt,_AES_ctr32_encrypt
+	.endif
+
+	.asg	B3,RA
+	.asg	A4,INP
+	.asg	B4,OUT
+	.asg	A6,KEY
+	.asg	A4,RET
+	.asg	B15,SP
+
+	.eval	24,EXT0
+	.eval	16,EXT1
+	.eval	8,EXT2
+	.eval	0,EXT3
+	.eval	8,TBL1
+	.eval	16,TBL2
+	.eval	24,TBL3
+
+	.if	.BIG_ENDIAN
+	.eval	24-EXT0,EXT0
+	.eval	24-EXT1,EXT1
+	.eval	24-EXT2,EXT2
+	.eval	24-EXT3,EXT3
+	.eval	32-TBL1,TBL1
+	.eval	32-TBL2,TBL2
+	.eval	32-TBL3,TBL3
+	.endif
+
+	.global	_AES_encrypt
+_AES_encrypt:
+	.asmfunc
+	MVK	1,B2
+__encrypt:
+	.if	__TI_EABI__
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	\$PCR_OFFSET(AES_Te,__encrypt),$TEA
+||	ADDKPC	__encrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	\$PCR_OFFSET(AES_Te,__encrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.else
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	(AES_Te-__encrypt),$TEA
+||	ADDKPC	__encrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	(AES_Te-__encrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.endif
+	LDW	*$KPA++[2],$Te0[0]		; zero round key
+||	LDW	*$KPB++[2],$Te0[1]
+||	MVK	60,A0
+||	ADD	B0,$TEA,$TEA			; AES_Te
+	LDW	*KEY[A0],B0			; rounds
+||	MVK	1024,A0				; sizeof(AES_Te)
+	LDW	*$KPA++[2],$Te0[2]
+||	LDW	*$KPB++[2],$Te0[3]
+||	MV	$TEA,$TEB
+	NOP
+	.if	.BIG_ENDIAN
+	MV	A9,$s[0]
+||	MV	A8,$s[1]
+||	MV	B9,$s[2]
+||	MV	B8,$s[3]
+	.else
+	MV	A8,$s[0]
+||	MV	A9,$s[1]
+||	MV	B8,$s[2]
+||	MV	B9,$s[3]
+	.endif
+	XOR	$Te0[0],$s[0],$s[0]
+||	XOR	$Te0[1],$s[1],$s[1]
+||	LDW	*$KPA++[2],$K[0]		; 1st round key
+||	LDW	*$KPB++[2],$K[1]
+	SUB	B0,2,B0
+
+	SPLOOPD	13
+||	MVC	B0,ILC
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+;;====================================================================
+	EXTU	$s[1],EXT1,24,$Te1[1]
+||	EXTU	$s[0],EXT3,24,$Te3[0]
+	LDW	*${TEB}[$Te1[1]],$Te1[1]	; Te1[s1>>8],	t0
+||	LDW	*${TEA}[$Te3[0]],$Te3[0]	; Te3[s0>>24],	t1
+||	XOR	$s[2],$Te0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Te0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[1],EXT3,24,$Te3[1]
+||	EXTU	$s[0],EXT1,24,$Te1[0]
+	LDW	*${TEB}[$Te3[1]],$Te3[1]	; Te3[s1>>24],	t2
+||	LDW	*${TEA}[$Te1[0]],$Te1[0]	; Te1[s0>>8],	t3
+||	EXTU	$s[2],EXT2,24,$Te2[2]
+||	EXTU	$s[3],EXT2,24,$Te2[3]
+	LDW	*${TEA}[$Te2[2]],$Te2[2]	; Te2[s2>>16],	t0
+||	LDW	*${TEB}[$Te2[3]],$Te2[3]	; Te2[s3>>16],	t1
+||	EXTU	$s[3],EXT3,24,$Te3[3]
+||	EXTU	$s[2],EXT1,24,$Te1[2]
+	LDW	*${TEB}[$Te3[3]],$Te3[3]	; Te3[s3>>24],	t0
+||	LDW	*${TEA}[$Te1[2]],$Te1[2]	; Te1[s2>>8],	t1
+||	EXTU	$s[0],EXT2,24,$Te2[0]
+||	EXTU	$s[1],EXT2,24,$Te2[1]
+	LDW	*${TEA}[$Te2[0]],$Te2[0]	; Te2[s0>>16],	t2
+||	LDW	*${TEB}[$Te2[1]],$Te2[1]	; Te2[s1>>16],	t3
+||	EXTU	$s[3],EXT1,24,$Te1[3]
+||	EXTU	$s[2],EXT3,24,$Te3[2]
+	LDW	*${TEB}[$Te1[3]],$Te1[3]	; Te1[s3>>8],	t2
+||	LDW	*${TEA}[$Te3[2]],$Te3[2]	; Te3[s2>>24],	t3
+||	ROTL	$Te1[1],TBL1,$Te3[0]		; t0
+||	ROTL	$Te3[0],TBL3,$Te1[1]		; t1
+||	EXTU	$s[0],EXT0,24,$Te0[0]
+||	EXTU	$s[1],EXT0,24,$Te0[1]
+	LDW	*${TEA}[$Te0[0]],$Te0[0]	; Te0[s0],	t0
+||	LDW	*${TEB}[$Te0[1]],$Te0[1]	; Te0[s1],	t1
+||	ROTL	$Te3[1],TBL3,$Te1[0]		; t2
+||	ROTL	$Te1[0],TBL1,$Te3[1]		; t3
+||	EXTU	$s[2],EXT0,24,$Te0[2]
+||	EXTU	$s[3],EXT0,24,$Te0[3]
+	LDW	*${TEA}[$Te0[2]],$Te0[2]	; Te0[s2],	t2
+||	LDW	*${TEB}[$Te0[3]],$Te0[3]	; Te0[s3],	t3
+||	ROTL	$Te2[2],TBL2,$Te2[2]		; t0
+||	ROTL	$Te2[3],TBL2,$Te2[3]		; t1
+||	XOR	$K[0],$Te3[0],$s[0]
+||	XOR	$K[1],$Te1[1],$s[1]
+	ROTL	$Te3[3],TBL3,$Te1[2]		; t0
+||	ROTL	$Te1[2],TBL1,$Te3[3]		; t1
+||	XOR	$K[2],$Te1[0],$s[2]
+||	XOR	$K[3],$Te3[1],$s[3]
+||	LDW	*$KPA++[2],$K[0]		; next round key
+||	LDW	*$KPB++[2],$K[1]
+	ROTL	$Te2[0],TBL2,$Te2[0]		; t2
+||	ROTL	$Te2[1],TBL2,$Te2[1]		; t3
+||	XOR	$s[0],$Te2[2],$s[0]
+||	XOR	$s[1],$Te2[3],$s[1]
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+	ROTL	$Te1[3],TBL1,$Te3[2]		; t2
+||	ROTL	$Te3[2],TBL3,$Te1[3]		; t3
+||	XOR	$s[0],$Te1[2],$s[0]
+||	XOR	$s[1],$Te3[3],$s[1]
+	XOR	$s[2],$Te2[0],$s[2]
+||	XOR	$s[3],$Te2[1],$s[3]
+||	XOR	$s[0],$Te0[0],$s[0]
+||	XOR	$s[1],$Te0[1],$s[1]
+	SPKERNEL
+||	XOR.L	$s[2],$Te3[2],$s[2]
+||	XOR.L	$s[3],$Te1[3],$s[3]
+;;====================================================================
+	ADD.D	${TEA},A0,${TEA}		; point to Te4
+||	ADD.D	${TEB},A0,${TEB}
+||	EXTU	$s[1],EXT1,24,$Te1[1]
+||	EXTU	$s[0],EXT3,24,$Te3[0]
+	LDBU	*${TEB}[$Te1[1]],$Te1[1]	; Te1[s1>>8],	t0
+||	LDBU	*${TEA}[$Te3[0]],$Te3[0]	; Te3[s0>>24],	t1
+||	XOR	$s[2],$Te0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Te0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[0],EXT0,24,$Te0[0]
+||	EXTU	$s[1],EXT0,24,$Te0[1]
+	LDBU	*${TEA}[$Te0[0]],$Te0[0]	; Te0[s0],	t0
+||	LDBU	*${TEB}[$Te0[1]],$Te0[1]	; Te0[s1],	t1
+||	EXTU	$s[3],EXT3,24,$Te3[3]
+||	EXTU	$s[2],EXT1,24,$Te1[2]
+	LDBU	*${TEB}[$Te3[3]],$Te3[3]	; Te3[s3>>24],	t0
+||	LDBU	*${TEA}[$Te1[2]],$Te1[2]	; Te1[s2>>8],	t1
+||	EXTU	$s[2],EXT2,24,$Te2[2]
+||	EXTU	$s[3],EXT2,24,$Te2[3]
+	LDBU	*${TEA}[$Te2[2]],$Te2[2]	; Te2[s2>>16],	t0
+||	LDBU	*${TEB}[$Te2[3]],$Te2[3]	; Te2[s3>>16],	t1
+||	EXTU	$s[1],EXT3,24,$Te3[1]
+||	EXTU	$s[0],EXT1,24,$Te1[0]
+	LDBU	*${TEB}[$Te3[1]],$Te3[1]	; Te3[s1>>24],	t2
+||	LDBU	*${TEA}[$Te1[0]],$Te1[0]	; Te1[s0>>8],	t3
+||	EXTU	$s[3],EXT1,24,$Te1[3]
+||	EXTU	$s[2],EXT3,24,$Te3[2]
+	LDBU	*${TEB}[$Te1[3]],$Te1[3]	; Te1[s3>>8],	t2
+||	LDBU	*${TEA}[$Te3[2]],$Te3[2]	; Te3[s2>>24],	t3
+||	EXTU	$s[2],EXT0,24,$Te0[2]
+||	EXTU	$s[3],EXT0,24,$Te0[3]
+	LDBU	*${TEA}[$Te0[2]],$Te0[2]	; Te0[s2],	t2
+||	LDBU	*${TEB}[$Te0[3]],$Te0[3]	; Te0[s3],	t3
+||	EXTU	$s[0],EXT2,24,$Te2[0]
+||	EXTU	$s[1],EXT2,24,$Te2[1]
+	LDBU	*${TEA}[$Te2[0]],$Te2[0]	; Te2[s0>>16],	t2
+||	LDBU	*${TEB}[$Te2[1]],$Te2[1]	; Te2[s1>>16],	t3
+
+	.if	.BIG_ENDIAN
+	PACK2	$Te0[0],$Te1[1],$Te0[0]
+||	PACK2	$Te0[1],$Te1[2],$Te0[1]
+	PACK2	$Te2[2],$Te3[3],$Te2[2]
+||	PACK2	$Te2[3],$Te3[0],$Te2[3]
+	PACKL4	$Te0[0],$Te2[2],$Te0[0]
+||	PACKL4	$Te0[1],$Te2[3],$Te0[1]
+	XOR	$K[0],$Te0[0],$Te0[0]		; s[0]
+||	XOR	$K[1],$Te0[1],$Te0[1]		; s[1]
+
+	PACK2	$Te0[2],$Te1[3],$Te0[2]
+||	PACK2	$Te0[3],$Te1[0],$Te0[3]
+	PACK2	$Te2[0],$Te3[1],$Te2[0]
+||	PACK2	$Te2[1],$Te3[2],$Te2[1]
+||	BNOP	RA
+	PACKL4	$Te0[2],$Te2[0],$Te0[2]
+||	PACKL4	$Te0[3],$Te2[1],$Te0[3]
+	XOR	$K[2],$Te0[2],$Te0[2]		; s[2]
+||	XOR	$K[3],$Te0[3],$Te0[3]		; s[3]
+
+	MV	$Te0[0],A9
+||	MV	$Te0[1],A8
+	MV	$Te0[2],B9
+||	MV	$Te0[3],B8
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.else
+	PACK2	$Te1[1],$Te0[0],$Te1[1]
+||	PACK2	$Te1[2],$Te0[1],$Te1[2]
+	PACK2	$Te3[3],$Te2[2],$Te3[3]
+||	PACK2	$Te3[0],$Te2[3],$Te3[0]
+	PACKL4	$Te3[3],$Te1[1],$Te1[1]
+||	PACKL4	$Te3[0],$Te1[2],$Te1[2]
+	XOR	$K[0],$Te1[1],$Te1[1]		; s[0]
+||	XOR	$K[1],$Te1[2],$Te1[2]		; s[1]
+
+	PACK2	$Te1[3],$Te0[2],$Te1[3]
+||	PACK2	$Te1[0],$Te0[3],$Te1[0]
+	PACK2	$Te3[1],$Te2[0],$Te3[1]
+||	PACK2	$Te3[2],$Te2[1],$Te3[2]
+||	BNOP	RA
+	PACKL4	$Te3[1],$Te1[3],$Te1[3]
+||	PACKL4	$Te3[2],$Te1[0],$Te1[0]
+	XOR	$K[2],$Te1[3],$Te1[3]		; s[2]
+||	XOR	$K[3],$Te1[0],$Te1[0]		; s[3]
+
+	MV	$Te1[1],A8
+||	MV	$Te1[2],A9
+	MV	$Te1[3],B8
+||	MV	$Te1[0],B9
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.endif
+	.endasmfunc
+
+	.global	_AES_decrypt
+_AES_decrypt:
+	.asmfunc
+	MVK	1,B2
+__decrypt:
+	.if	__TI_EABI__
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	\$PCR_OFFSET(AES_Td,__decrypt),$TEA
+||	ADDKPC	__decrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	\$PCR_OFFSET(AES_Td,__decrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.else
+   [B2]	LDNDW	*INP++,A9:A8			; load input
+||	MVKL	(AES_Td-__decrypt),$TEA
+||	ADDKPC	__decrypt,B0
+   [B2]	LDNDW	*INP++,B9:B8
+||	MVKH	(AES_Td-__decrypt),$TEA
+||	ADD	0,KEY,$KPA
+||	ADD	4,KEY,$KPB
+	.endif
+	LDW	*$KPA++[2],$Td0[0]		; zero round key
+||	LDW	*$KPB++[2],$Td0[1]
+||	MVK	60,A0
+||	ADD	B0,$TEA,$TEA			; AES_Td
+	LDW	*KEY[A0],B0			; rounds
+||	MVK	1024,A0				; sizeof(AES_Td)
+	LDW	*$KPA++[2],$Td0[2]
+||	LDW	*$KPB++[2],$Td0[3]
+||	MV	$TEA,$TEB
+	NOP
+	.if	.BIG_ENDIAN
+	MV	A9,$s[0]
+||	MV	A8,$s[1]
+||	MV	B9,$s[2]
+||	MV	B8,$s[3]
+	.else
+	MV	A8,$s[0]
+||	MV	A9,$s[1]
+||	MV	B8,$s[2]
+||	MV	B9,$s[3]
+	.endif
+	XOR	$Td0[0],$s[0],$s[0]
+||	XOR	$Td0[1],$s[1],$s[1]
+||	LDW	*$KPA++[2],$K[0]		; 1st round key
+||	LDW	*$KPB++[2],$K[1]
+	SUB	B0,2,B0
+
+	SPLOOPD	13
+||	MVC	B0,ILC
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+;;====================================================================
+	EXTU	$s[1],EXT3,24,$Td3[1]
+||	EXTU	$s[0],EXT1,24,$Td1[0]
+	LDW	*${TEB}[$Td3[1]],$Td3[1]	; Td3[s1>>24],	t0
+||	LDW	*${TEA}[$Td1[0]],$Td1[0]	; Td1[s0>>8],	t1
+||	XOR	$s[2],$Td0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Td0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[1],EXT1,24,$Td1[1]
+||	EXTU	$s[0],EXT3,24,$Td3[0]
+	LDW	*${TEB}[$Td1[1]],$Td1[1]	; Td1[s1>>8],	t2
+||	LDW	*${TEA}[$Td3[0]],$Td3[0]	; Td3[s0>>24],	t3
+||	EXTU	$s[2],EXT2,24,$Td2[2]
+||	EXTU	$s[3],EXT2,24,$Td2[3]
+	LDW	*${TEA}[$Td2[2]],$Td2[2]	; Td2[s2>>16],	t0
+||	LDW	*${TEB}[$Td2[3]],$Td2[3]	; Td2[s3>>16],	t1
+||	EXTU	$s[3],EXT1,24,$Td1[3]
+||	EXTU	$s[2],EXT3,24,$Td3[2]
+	LDW	*${TEB}[$Td1[3]],$Td1[3]	; Td1[s3>>8],	t0
+||	LDW	*${TEA}[$Td3[2]],$Td3[2]	; Td3[s2>>24],	t1
+||	EXTU	$s[0],EXT2,24,$Td2[0]
+||	EXTU	$s[1],EXT2,24,$Td2[1]
+	LDW	*${TEA}[$Td2[0]],$Td2[0]	; Td2[s0>>16],	t2
+||	LDW	*${TEB}[$Td2[1]],$Td2[1]	; Td2[s1>>16],	t3
+||	EXTU	$s[3],EXT3,24,$Td3[3]
+||	EXTU	$s[2],EXT1,24,$Td1[2]
+	LDW	*${TEB}[$Td3[3]],$Td3[3]	; Td3[s3>>24],	t2
+||	LDW	*${TEA}[$Td1[2]],$Td1[2]	; Td1[s2>>8],	t3
+||	ROTL	$Td3[1],TBL3,$Td1[0]		; t0
+||	ROTL	$Td1[0],TBL1,$Td3[1]		; t1
+||	EXTU	$s[0],EXT0,24,$Td0[0]
+||	EXTU	$s[1],EXT0,24,$Td0[1]
+	LDW	*${TEA}[$Td0[0]],$Td0[0]	; Td0[s0],	t0
+||	LDW	*${TEB}[$Td0[1]],$Td0[1]	; Td0[s1],	t1
+||	ROTL	$Td1[1],TBL1,$Td3[0]		; t2
+||	ROTL	$Td3[0],TBL3,$Td1[1]		; t3
+||	EXTU	$s[2],EXT0,24,$Td0[2]
+||	EXTU	$s[3],EXT0,24,$Td0[3]
+	LDW	*${TEA}[$Td0[2]],$Td0[2]	; Td0[s2],	t2
+||	LDW	*${TEB}[$Td0[3]],$Td0[3]	; Td0[s3],	t3
+||	ROTL	$Td2[2],TBL2,$Td2[2]		; t0
+||	ROTL	$Td2[3],TBL2,$Td2[3]		; t1
+||	XOR	$K[0],$Td1[0],$s[0]
+||	XOR	$K[1],$Td3[1],$s[1]
+	ROTL	$Td1[3],TBL1,$Td3[2]		; t0
+||	ROTL	$Td3[2],TBL3,$Td1[3]		; t1
+||	XOR	$K[2],$Td3[0],$s[2]
+||	XOR	$K[3],$Td1[1],$s[3]
+||	LDW	*$KPA++[2],$K[0]		; next round key
+||	LDW	*$KPB++[2],$K[1]
+	ROTL	$Td2[0],TBL2,$Td2[0]		; t2
+||	ROTL	$Td2[1],TBL2,$Td2[1]		; t3
+||	XOR	$s[0],$Td2[2],$s[0]
+||	XOR	$s[1],$Td2[3],$s[1]
+||	LDW	*$KPA++[2],$K[2]
+||	LDW	*$KPB++[2],$K[3]
+	ROTL	$Td3[3],TBL3,$Td1[2]		; t2
+||	ROTL	$Td1[2],TBL1,$Td3[3]		; t3
+||	XOR	$s[0],$Td3[2],$s[0]
+||	XOR	$s[1],$Td1[3],$s[1]
+	XOR	$s[2],$Td2[0],$s[2]
+||	XOR	$s[3],$Td2[1],$s[3]
+||	XOR	$s[0],$Td0[0],$s[0]
+||	XOR	$s[1],$Td0[1],$s[1]
+	SPKERNEL
+||	XOR.L	$s[2],$Td1[2],$s[2]
+||	XOR.L	$s[3],$Td3[3],$s[3]
+;;====================================================================
+	ADD.D	${TEA},A0,${TEA}		; point to Td4
+||	ADD.D	${TEB},A0,${TEB}
+||	EXTU	$s[1],EXT3,24,$Td3[1]
+||	EXTU	$s[0],EXT1,24,$Td1[0]
+	LDBU	*${TEB}[$Td3[1]],$Td3[1]	; Td3[s1>>24],	t0
+||	LDBU	*${TEA}[$Td1[0]],$Td1[0]	; Td1[s0>>8],	t1
+||	XOR	$s[2],$Td0[2],$s[2]		; modulo-scheduled
+||	XOR	$s[3],$Td0[3],$s[3]		; modulo-scheduled
+||	EXTU	$s[0],EXT0,24,$Td0[0]
+||	EXTU	$s[1],EXT0,24,$Td0[1]
+	LDBU	*${TEA}[$Td0[0]],$Td0[0]	; Td0[s0],	t0
+||	LDBU	*${TEB}[$Td0[1]],$Td0[1]	; Td0[s1],	t1
+||	EXTU	$s[2],EXT2,24,$Td2[2]
+||	EXTU	$s[3],EXT2,24,$Td2[3]
+	LDBU	*${TEA}[$Td2[2]],$Td2[2]	; Td2[s2>>16],	t0
+||	LDBU	*${TEB}[$Td2[3]],$Td2[3]	; Td2[s3>>16],	t1
+||	EXTU	$s[3],EXT1,24,$Td1[3]
+||	EXTU	$s[2],EXT3,24,$Td3[2]
+	LDBU	*${TEB}[$Td1[3]],$Td1[3]	; Td1[s3>>8],	t0
+||	LDBU	*${TEA}[$Td3[2]],$Td3[2]	; Td3[s2>>24],	t1
+||	EXTU	$s[1],EXT1,24,$Td1[1]
+||	EXTU	$s[0],EXT3,24,$Td3[0]
+	LDBU	*${TEB}[$Td1[1]],$Td1[1]	; Td1[s1>>8],	t2
+||	LDBU	*${TEA}[$Td3[0]],$Td3[0]	; Td3[s0>>24],	t3
+||	EXTU	$s[0],EXT2,24,$Td2[0]
+||	EXTU	$s[1],EXT2,24,$Td2[1]
+	LDBU	*${TEA}[$Td2[0]],$Td2[0]	; Td2[s0>>16],	t2
+||	LDBU	*${TEB}[$Td2[1]],$Td2[1]	; Td2[s1>>16],	t3
+||	EXTU	$s[3],EXT3,24,$Td3[3]
+||	EXTU	$s[2],EXT1,24,$Td1[2]
+	LDBU	*${TEB}[$Td3[3]],$Td3[3]	; Td3[s3>>24],	t2
+||	LDBU	*${TEA}[$Td1[2]],$Td1[2]	; Td1[s2>>8],	t3
+||	EXTU	$s[2],EXT0,24,$Td0[2]
+||	EXTU	$s[3],EXT0,24,$Td0[3]
+	LDBU	*${TEA}[$Td0[2]],$Td0[2]	; Td0[s2],	t2
+||	LDBU	*${TEB}[$Td0[3]],$Td0[3]	; Td0[s3],	t3
+
+	.if	.BIG_ENDIAN
+	PACK2	$Td0[0],$Td1[3],$Td0[0]
+||	PACK2	$Td0[1],$Td1[0],$Td0[1]
+	PACK2	$Td2[2],$Td3[1],$Td2[2]
+||	PACK2	$Td2[3],$Td3[2],$Td2[3]
+	PACKL4	$Td0[0],$Td2[2],$Td0[0]
+||	PACKL4	$Td0[1],$Td2[3],$Td0[1]
+	XOR	$K[0],$Td0[0],$Td0[0]		; s[0]
+||	XOR	$K[1],$Td0[1],$Td0[1]		; s[1]
+
+	PACK2	$Td0[2],$Td1[1],$Td0[2]
+||	PACK2	$Td0[3],$Td1[2],$Td0[3]
+	PACK2	$Td2[0],$Td3[3],$Td2[0]
+||	PACK2	$Td2[1],$Td3[0],$Td2[1]
+||	BNOP	RA
+	PACKL4	$Td0[2],$Td2[0],$Td0[2]
+||	PACKL4	$Td0[3],$Td2[1],$Td0[3]
+	XOR	$K[2],$Td0[2],$Td0[2]		; s[2]
+||	XOR	$K[3],$Td0[3],$Td0[3]		; s[3]
+
+	MV	$Td0[0],A9
+||	MV	$Td0[1],A8
+	MV	$Td0[2],B9
+||	MV	$Td0[3],B8
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.else
+	PACK2	$Td1[3],$Td0[0],$Td1[3]
+||	PACK2	$Td1[0],$Td0[1],$Td1[0]
+	PACK2	$Td3[1],$Td2[2],$Td3[1]
+||	PACK2	$Td3[2],$Td2[3],$Td3[2]
+	PACKL4	$Td3[1],$Td1[3],$Td1[3]
+||	PACKL4	$Td3[2],$Td1[0],$Td1[0]
+	XOR	$K[0],$Td1[3],$Td1[3]		; s[0]
+||	XOR	$K[1],$Td1[0],$Td1[0]		; s[1]
+
+	PACK2	$Td1[1],$Td0[2],$Td1[1]
+||	PACK2	$Td1[2],$Td0[3],$Td1[2]
+	PACK2	$Td3[3],$Td2[0],$Td3[3]
+||	PACK2	$Td3[0],$Td2[1],$Td3[0]
+||	BNOP	RA
+	PACKL4	$Td3[3],$Td1[1],$Td1[1]
+||	PACKL4	$Td3[0],$Td1[2],$Td1[2]
+	XOR	$K[2],$Td1[1],$Td1[1]		; s[2]
+||	XOR	$K[3],$Td1[2],$Td1[2]		; s[3]
+
+	MV	$Td1[3],A8
+||	MV	$Td1[0],A9
+	MV	$Td1[1],B8
+||	MV	$Td1[2],B9
+|| [B2]	STNDW	A9:A8,*OUT++
+   [B2]	STNDW	B9:B8,*OUT++
+	.endif
+	.endasmfunc
+___
+{
+my @K=(@K,@s);			# extended key
+my @Te4=map("B$_",(16..19));
+
+my @Kx9=@Te0;			# used in AES_set_decrypt_key
+my @KxB=@Te1;
+my @KxD=@Te2;
+my @KxE=@Te3;
+
+$code.=<<___;
+	.asg	OUT,BITS
+
+	.global	_AES_set_encrypt_key
+_AES_set_encrypt_key:
+__set_encrypt_key:
+	.asmfunc
+	MV	INP,A0
+||	SHRU	BITS,5,BITS			; 128-192-256 -> 4-6-8
+||	MV	KEY,A1
+  [!A0]	B	RA
+||[!A0]	MVK	-1,RET
+||[!A0]	MVK	1,A1				; only one B RA
+  [!A1]	B	RA
+||[!A1]	MVK	-1,RET
+||[!A1]	MVK	0,A0
+||	MVK	0,B0
+||	MVK	0,A1
+   [A0]	LDNDW	*INP++,A9:A8
+|| [A0]	CMPEQ	4,BITS,B0
+|| [A0]	CMPLT	3,BITS,A1
+   [B0]	B	key128?
+|| [A1]	LDNDW	*INP++,B9:B8
+|| [A0]	CMPEQ	6,BITS,B0
+|| [A0]	CMPLT	5,BITS,A1
+   [B0]	B	key192?
+|| [A1]	LDNDW	*INP++,B17:B16
+|| [A0]	CMPEQ	8,BITS,B0
+|| [A0]	CMPLT	7,BITS,A1
+   [B0]	B	key256?
+|| [A1]	LDNDW	*INP++,B19:B18
+
+	.if	__TI_EABI__
+   [A0]	ADD	0,KEY,$KPA
+|| [A0]	ADD	4,KEY,$KPB
+|| [A0]	MVKL	\$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
+|| [A0]	ADDKPC	__set_encrypt_key,B6
+   [A0]	MVKH	\$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
+   [A0]	ADD	B6,$TEA,$TEA			; AES_Te4
+	.else
+   [A0]	ADD	0,KEY,$KPA
+|| [A0]	ADD	4,KEY,$KPB
+|| [A0]	MVKL	(AES_Te4-__set_encrypt_key),$TEA
+|| [A0]	ADDKPC	__set_encrypt_key,B6
+   [A0]	MVKH	(AES_Te4-__set_encrypt_key),$TEA
+   [A0]	ADD	B6,$TEA,$TEA			; AES_Te4
+	.endif
+	NOP
+	NOP
+
+	BNOP	RA,5
+||	MVK	-2,RET				; unknown bit length
+||	MVK	0,B0				; redundant
+;;====================================================================
+;;====================================================================
+key128?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$Te4[2]
+||	MV	B8,$K[3]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$Te4[2]
+||	MV	B9,$K[3]
+	.endif
+
+	MVK	256,A0
+||	MVK	9,B0
+
+	SPLOOPD	14
+||	MVC	B0,ILC
+||	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[2]
+||	EXTU	$K[3],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[3],A0
+||	EXTU	$K[3],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[3],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+
+	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+	SPKERNEL
+;;====================================================================
+	BNOP	RA
+	MV	$Te4[2],$K[2]
+||	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	10,B0				; rounds
+	STW	B0,*++${KPB}[15]
+	MVK	0,RET
+;;====================================================================
+;;====================================================================
+key192?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$K[2]
+||	MV	B8,$K[3]
+	MV	B17,$Te4[2]
+||	MV	B16,$K[5]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$K[2]
+||	MV	B9,$K[3]
+	MV	B16,$Te4[2]
+||	MV	B17,$K[5]
+	.endif
+
+	MVK	256,A0
+||	MVK	6,B0
+	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+loop192?:
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[4]
+||	EXTU	$K[5],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[5],A0
+||	EXTU	$K[5],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[5],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	STW	$K[4],*$KPA++[2]
+||	STW	$K[5],*$KPB++[2]
+
+	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+	BDEC	loop192?,B0
+||	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+	MV	$Te4[2],$K[2]
+||	XOR	$K[3],$K[4],$Te4[2]		; K[4]
+	XOR	$Te4[2],$K[5],$K[5]		; K[5]
+;;====================================================================
+	BNOP	RA
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	12,B0				; rounds
+	STW	B0,*++${KPB}[7]
+	MVK	0,RET
+;;====================================================================
+;;====================================================================
+key256?:
+	.if	.BIG_ENDIAN
+	MV	A9,$K[0]
+||	MV	A8,$K[1]
+||	MV	B9,$K[2]
+||	MV	B8,$K[3]
+	MV	B17,$K[4]
+||	MV	B16,$K[5]
+||	MV	B19,$Te4[2]
+||	MV	B18,$K[7]
+	.else
+	MV	A8,$K[0]
+||	MV	A9,$K[1]
+||	MV	B8,$K[2]
+||	MV	B9,$K[3]
+	MV	B16,$K[4]
+||	MV	B17,$K[5]
+||	MV	B18,$Te4[2]
+||	MV	B19,$K[7]
+	.endif
+
+	MVK	256,A0
+||	MVK	6,B0
+	MV	$TEA,$TEB
+||	ADD	$TEA,A0,A30			; rcon
+;;====================================================================
+loop256?:
+	LDW	*A30++[1],A31			; rcon[i]
+||	MV	$Te4[2],$K[6]
+||	EXTU	$K[7],EXT1,24,$Te4[0]
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[7],A0
+||	EXTU	$K[7],EXT2,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT3,24,A0
+||	EXTU	$K[7],EXT0,24,$Te4[3]
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	.endif
+
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	STW	$K[4],*$KPA++[2]
+||	STW	$K[5],*$KPB++[2]
+	STW	$K[6],*$KPA++[2]
+||	STW	$K[7],*$KPB++[2]
+||	XOR	A31,$K[0],$K[0]			; ^=rcon[i]
+	.if	.BIG_ENDIAN
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+||[!B0]	B	done256?
+	.else
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+||	PACK2	$Te4[3],A0,$Te4[3]
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+||[!B0]	B	done256?
+	.endif
+	XOR	$Te4[3],$K[0],$Te4[0]		; K[0]
+	XOR	$Te4[0],$K[1],$K[1]		; K[1]
+	MV	$Te4[0],$K[0]
+||	XOR	$K[1],$K[2],$Te4[2]		; K[2]
+	XOR	$Te4[2],$K[3],$K[3]		; K[3]
+
+	MV	$Te4[2],$K[2]
+|| [B0]	EXTU	$K[3],EXT0,24,$Te4[0]
+|| [B0]	SUB	B0,1,B0
+	LDBU	*${TEB}[$Te4[0]],$Te4[0]
+||	MV	$K[3],A0
+||	EXTU	$K[3],EXT1,24,$Te4[1]
+	LDBU	*${TEB}[$Te4[1]],$Te4[1]
+||	EXTU	A0,EXT2,24,A0
+||	EXTU	$K[3],EXT3,24,$Te4[3]
+
+	.if	.BIG_ENDIAN
+	LDBU	*${TEA}[A0],$Te4[3]
+||	LDBU	*${TEB}[$Te4[3]],A0
+	NOP	3
+	PACK2	$Te4[0],$Te4[1],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+||	B	loop256?
+	PACKL4	$Te4[1],$Te4[3],$Te4[3]
+	.else
+	LDBU	*${TEA}[A0],A0
+||	LDBU	*${TEB}[$Te4[3]],$Te4[3]
+	NOP	3
+	PACK2	$Te4[1],$Te4[0],$Te4[1]
+	PACK2	$Te4[3],A0,$Te4[3]
+||	B	loop256?
+	PACKL4	$Te4[3],$Te4[1],$Te4[3]
+	.endif
+
+	XOR	$Te4[3],$K[4],$Te4[0]		; K[4]
+	XOR	$Te4[0],$K[5],$K[5]		; K[5]
+	MV	$Te4[0],$K[4]
+||	XOR	$K[5],$K[6],$Te4[2]		; K[6]
+	XOR	$Te4[2],$K[7],$K[7]		; K[7]
+;;====================================================================
+done256?:
+	BNOP	RA
+	STW	$K[0],*$KPA++[2]
+||	STW	$K[1],*$KPB++[2]
+	STW	$K[2],*$KPA++[2]
+||	STW	$K[3],*$KPB++[2]
+	MVK	14,B0				; rounds
+	STW	B0,*--${KPB}[1]
+	MVK	0,RET
+	.endasmfunc
+
+	.global	_AES_set_decrypt_key
+_AES_set_decrypt_key:
+	.asmfunc
+	B	__set_encrypt_key		; guarantee local call
+	MV	KEY,B30				; B30 is not modified
+	MV	RA, B31				; B31 is not modified
+	ADDKPC	ret?,RA,2
+ret?:						; B0 holds rounds or zero
+  [!B0]	BNOP	B31				; return if zero
+   [B0]	SHL	B0,4,A0				; offset to last round key
+   [B0]	SHRU	B0,1,B1
+   [B0]	SUB	B1,1,B1
+   [B0]	MVK	0x0000001B,B3			; AES polynomial
+   [B0]	MVKH	0x07000000,B3
+
+	SPLOOPD	9				; flip round keys
+||	MVC	B1,ILC
+||	MV	B30,$KPA
+||	ADD	B30,A0,$KPB
+||	MVK	16,A0				; sizeof(round key)
+;;====================================================================
+	LDW	*${KPA}[0],A16
+||	LDW	*${KPB}[0],B16
+	LDW	*${KPA}[1],A17
+||	LDW	*${KPB}[1],B17
+	LDW	*${KPA}[2],A18
+||	LDW	*${KPB}[2],B18
+	LDW	*${KPA}[3],A19
+||	ADD	$KPA,A0,$KPA
+||	LDW	*${KPB}[3],B19
+||	SUB	$KPB,A0,$KPB
+	NOP
+	STW	B16,*${KPA}[-4]
+||	STW	A16,*${KPB}[4]
+	STW	B17,*${KPA}[-3]
+||	STW	A17,*${KPB}[5]
+	STW	B18,*${KPA}[-2]
+||	STW	A18,*${KPB}[6]
+	STW	B19,*${KPA}[-1]
+||	STW	A19,*${KPB}[7]
+	SPKERNEL
+;;====================================================================
+	SUB	B0,1,B0				; skip last round
+||	ADD	B30,A0,$KPA			; skip first round
+||	ADD	B30,A0,$KPB
+||	MVC	GFPGFR,B30			; save GFPGFR
+	LDW	*${KPA}[0],$K[0]
+||	LDW	*${KPB}[1],$K[1]
+||	MVC	B3,GFPGFR
+	LDW	*${KPA}[2],$K[2]
+||	LDW	*${KPB}[3],$K[3]
+	MVK	0x00000909,A24
+||	MVK	0x00000B0B,B24
+	MVKH	0x09090000,A24
+||	MVKH	0x0B0B0000,B24
+	MVC	B0,ILC
+||	SUB	B0,1,B0
+
+	GMPY4	$K[0],A24,$Kx9[0]		; ·0x09
+||	GMPY4	$K[1],A24,$Kx9[1]
+||	MVK	0x00000D0D,A25
+||	MVK	0x00000E0E,B25
+	GMPY4	$K[2],A24,$Kx9[2]
+||	GMPY4	$K[3],A24,$Kx9[3]
+||	MVKH	0x0D0D0000,A25
+||	MVKH	0x0E0E0000,B25
+
+	GMPY4	$K[0],B24,$KxB[0]		; ·0x0B
+||	GMPY4	$K[1],B24,$KxB[1]
+	GMPY4	$K[2],B24,$KxB[2]
+||	GMPY4	$K[3],B24,$KxB[3]
+
+	SPLOOP	11				; InvMixColumns
+;;====================================================================
+	GMPY4	$K[0],A25,$KxD[0]		; ·0x0D
+||	GMPY4	$K[1],A25,$KxD[1]
+||	SWAP2	$Kx9[0],$Kx9[0]			; rotate by 16
+||	SWAP2	$Kx9[1],$Kx9[1]
+||	MV	$K[0],$s[0]			; this or DINT
+||	MV	$K[1],$s[1]
+|| [B0]	LDW	*${KPA}[4],$K[0]
+|| [B0]	LDW	*${KPB}[5],$K[1]
+	GMPY4	$K[2],A25,$KxD[2]
+||	GMPY4	$K[3],A25,$KxD[3]
+||	SWAP2	$Kx9[2],$Kx9[2]
+||	SWAP2	$Kx9[3],$Kx9[3]
+||	MV	$K[2],$s[2]
+||	MV	$K[3],$s[3]
+|| [B0]	LDW	*${KPA}[6],$K[2]
+|| [B0]	LDW	*${KPB}[7],$K[3]
+
+	GMPY4	$s[0],B25,$KxE[0]		; ·0x0E
+||	GMPY4	$s[1],B25,$KxE[1]
+||	XOR	$Kx9[0],$KxB[0],$KxB[0]
+||	XOR	$Kx9[1],$KxB[1],$KxB[1]
+	GMPY4	$s[2],B25,$KxE[2]
+||	GMPY4	$s[3],B25,$KxE[3]
+||	XOR	$Kx9[2],$KxB[2],$KxB[2]
+||	XOR	$Kx9[3],$KxB[3],$KxB[3]
+
+	ROTL	$KxB[0],TBL3,$KxB[0]
+||	ROTL	$KxB[1],TBL3,$KxB[1]
+||	SWAP2	$KxD[0],$KxD[0]			; rotate by 16
+||	SWAP2	$KxD[1],$KxD[1]
+	ROTL	$KxB[2],TBL3,$KxB[2]
+||	ROTL	$KxB[3],TBL3,$KxB[3]
+||	SWAP2	$KxD[2],$KxD[2]
+||	SWAP2	$KxD[3],$KxD[3]
+
+	XOR	$KxE[0],$KxD[0],$KxE[0]
+||	XOR	$KxE[1],$KxD[1],$KxE[1]
+|| [B0]	GMPY4	$K[0],A24,$Kx9[0]		; ·0x09
+|| [B0]	GMPY4	$K[1],A24,$Kx9[1]
+||	ADDAW	$KPA,4,$KPA
+	XOR	$KxE[2],$KxD[2],$KxE[2]
+||	XOR	$KxE[3],$KxD[3],$KxE[3]
+|| [B0]	GMPY4	$K[2],A24,$Kx9[2]
+|| [B0]	GMPY4	$K[3],A24,$Kx9[3]
+||	ADDAW	$KPB,4,$KPB
+
+	XOR	$KxB[0],$KxE[0],$KxE[0]
+||	XOR	$KxB[1],$KxE[1],$KxE[1]
+|| [B0]	GMPY4	$K[0],B24,$KxB[0]		; ·0x0B
+|| [B0]	GMPY4	$K[1],B24,$KxB[1]
+	XOR	$KxB[2],$KxE[2],$KxE[2]
+||	XOR	$KxB[3],$KxE[3],$KxE[3]
+|| [B0]	GMPY4	$K[2],B24,$KxB[2]
+|| [B0]	GMPY4	$K[3],B24,$KxB[3]
+||	STW	$KxE[0],*${KPA}[-4]
+||	STW	$KxE[1],*${KPB}[-3]
+	STW	$KxE[2],*${KPA}[-2]
+||	STW	$KxE[3],*${KPB}[-1]
+|| [B0]	SUB	B0,1,B0
+	SPKERNEL
+;;====================================================================
+	BNOP	B31,3
+	MVC	B30,GFPGFR			; restore GFPGFR(*)
+	MVK	0,RET
+	.endasmfunc
+___
+# (*)	Even though ABI doesn't specify GFPGFR as non-volatile, there
+#	are code samples out there that *assume* its default value.
+}
+{
+my ($inp,$out,$blocks,$key,$ivp)=("A4","B4","A6","B6","A8");
+$code.=<<___;
+	.global	_AES_ctr32_encrypt
+_AES_ctr32_encrypt:
+	.asmfunc
+	LDNDW	*${ivp}[0],A31:A30	; load counter value
+||	MV	$blocks,A2		; reassign $blocks
+||	DMV	RA,$key,B27:B26		; reassign RA and $key
+	LDNDW	*${ivp}[1],B31:B30
+||	MVK	0,B2			; don't let __encrypt load input
+||	MVK	0,A1			; and postpone writing output
+	.if	.BIG_ENDIAN
+	NOP
+	.else
+	NOP	4
+	SWAP2	B31,B31			; keep least significant 32 bits
+	SWAP4	B31,B31			; in host byte order
+	.endif
+ctr32_loop?:
+   [A2]	BNOP	__encrypt
+|| [A1]	XOR	A29,A9,A9		; input^Ek(counter)
+|| [A1]	XOR	A28,A8,A8
+|| [A2]	LDNDW	*INP++,A29:A28		; load input
+  [!A2]	BNOP	B27			; return
+|| [A1]	XOR	B29,B9,B9
+|| [A1]	XOR	B28,B8,B8
+|| [A2]	LDNDW	*INP++,B29:B28
+	.if	.BIG_ENDIAN
+   [A1]	STNDW	A9:A8,*OUT++		; save output
+|| [A2]	DMV	A31,A30,A9:A8		; pass counter value to __encrypt
+   [A1]	STNDW	B9:B8,*OUT++
+|| [A2]	DMV	B31,B30,B9:B8
+|| [A2]	ADD	B30,1,B30		; counter++
+	.else
+   [A1]	STNDW	A9:A8,*OUT++		; save output
+|| [A2]	DMV	A31,A30,A9:A8
+|| [A2]	SWAP2	B31,B0
+|| [A2]	ADD	B31,1,B31		; counter++
+   [A1]	STNDW	B9:B8,*OUT++
+|| [A2]	MV	B30,B8
+|| [A2]	SWAP4	B0,B9
+	.endif
+   [A2]	ADDKPC	ctr32_loop?,RA		; return to ctr32_loop?
+|| [A2]	MV	B26,KEY			; pass $key
+|| [A2]	SUB	A2,1,A2			; $blocks--
+||[!A1]	MVK	1,A1
+	NOP
+	NOP
+	.endasmfunc
+___
+}
+# Tables are kept in endian-neutral manner
+$code.=<<___;
+	.if	__TI_EABI__
+	.sect	".text:aes_asm.const"
+	.else
+	.sect	".const:aes_asm"
+	.endif
+	.align	128
+AES_Te:
+	.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84
+	.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
+	.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
+	.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
+	.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
+	.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
+	.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
+	.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
+	.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
+	.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
+	.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
+	.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
+	.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
+	.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
+	.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
+	.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
+	.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
+	.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
+	.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
+	.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
+	.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
+	.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
+	.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
+	.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
+	.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
+	.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
+	.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
+	.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
+	.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
+	.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
+	.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
+	.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
+	.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
+	.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
+	.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
+	.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
+	.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
+	.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
+	.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
+	.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
+	.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
+	.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
+	.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
+	.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
+	.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
+	.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
+	.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
+	.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
+	.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
+	.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
+	.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
+	.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
+	.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
+	.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
+	.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
+	.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
+	.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
+	.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
+	.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
+	.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
+	.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
+	.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
+	.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
+	.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
+	.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
+	.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
+	.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
+	.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
+	.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
+	.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
+	.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
+	.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
+	.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
+	.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
+	.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
+	.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
+	.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
+	.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
+	.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
+	.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
+	.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
+	.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
+	.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
+	.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
+	.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
+	.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
+	.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
+	.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
+	.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
+	.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
+	.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
+	.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
+	.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
+	.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
+	.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
+	.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
+	.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
+	.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
+	.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
+	.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
+	.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
+	.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
+	.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
+	.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
+	.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
+	.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
+	.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
+	.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
+	.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
+	.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
+	.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
+	.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
+	.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
+	.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
+	.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
+	.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
+	.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
+	.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
+	.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
+	.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
+	.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
+	.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
+	.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
+	.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
+	.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
+	.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
+	.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
+	.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
+AES_Te4:
+	.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+rcon:
+	.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00
+	.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
+	.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
+	.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
+	.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
+	.align	128
+AES_Td:
+	.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53
+	.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
+	.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
+	.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
+	.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
+	.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
+	.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
+	.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
+	.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
+	.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
+	.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
+	.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
+	.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
+	.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
+	.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
+	.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
+	.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
+	.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
+	.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
+	.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
+	.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
+	.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
+	.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
+	.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
+	.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
+	.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
+	.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
+	.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
+	.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
+	.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
+	.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
+	.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
+	.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
+	.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
+	.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
+	.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
+	.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
+	.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
+	.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
+	.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
+	.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
+	.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
+	.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
+	.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
+	.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
+	.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
+	.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
+	.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
+	.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
+	.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
+	.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
+	.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
+	.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
+	.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
+	.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
+	.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
+	.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
+	.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
+	.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
+	.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
+	.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
+	.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
+	.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
+	.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
+	.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
+	.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
+	.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
+	.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
+	.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
+	.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
+	.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
+	.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
+	.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
+	.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
+	.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
+	.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
+	.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
+	.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
+	.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
+	.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
+	.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
+	.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
+	.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
+	.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
+	.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
+	.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
+	.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
+	.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
+	.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
+	.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
+	.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
+	.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
+	.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
+	.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
+	.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
+	.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
+	.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
+	.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
+	.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
+	.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
+	.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
+	.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
+	.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
+	.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
+	.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
+	.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
+	.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
+	.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
+	.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
+	.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
+	.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
+	.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
+	.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
+	.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
+	.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
+	.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
+	.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
+	.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
+	.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
+	.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
+	.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
+	.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
+	.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
+	.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
+	.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
+	.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
+	.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
+	.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
+AES_Td4:
+	.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+	.cstring "AES for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-ia64.S b/openssl-1.1.0h/crypto/aes/asm/aes-ia64.S
new file mode 100644
index 0000000..f7f1f63
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-ia64.S
@@ -0,0 +1,1130 @@
+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// project. Rights for redistribution and usage in source and binary
+// forms are granted according to the OpenSSL license.
+// ====================================================================
+//
+// What's wrong with compiler generated code? Compiler never uses
+// variable 'shr' which is pairable with 'extr'/'dep' instructions.
+// Then it uses 'zxt' which is an I-type, but can be replaced with
+// 'and' which in turn can be assigned to M-port [there're double as
+// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
+// registers for small constants (255, 24 and 16) to be used with
+// 'shr' and 'and' instructions I can achieve better ILP, Instruction
+// Level Parallelism, and performance. This code outperforms GCC 3.3
+// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
+// HP C - by 40%. Measured best-case scenario, i.e. aligned
+// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
+// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
+
+// Version 1.2 mitigates the hazard of cache-timing attacks by
+// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
+// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
+// prior last round. As result performance dropped to (26 + 15*rounds)
+// ticks per block or 11 cycles per byte processed with 128-bit key.
+// This is ~16% deterioration. For reference Itanium 2 L1 cache has
+// 64 bytes line size and L2 - 128 bytes...
+
+.ident	"aes-ia64.S, version 1.2"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.explicit
+.text
+
+rk0=r8;     rk1=r9;
+
+pfssave=r2;
+lcsave=r10;
+prsave=r3;
+maskff=r11;
+twenty4=r14;
+sixteen=r15;
+
+te00=r16;   te11=r17;   te22=r18;   te33=r19;
+te01=r20;   te12=r21;   te23=r22;   te30=r23;
+te02=r24;   te13=r25;   te20=r26;   te31=r27;
+te03=r28;   te10=r29;   te21=r30;   te32=r31;
+
+// these are rotating...
+t0=r32;     s0=r33;
+t1=r34;     s1=r35;
+t2=r36;     s2=r37;
+t3=r38;     s3=r39;
+
+te0=r40;    te1=r41;    te2=r42;    te3=r43;
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP	addp4
+#else
+# define ADDP	add
+#endif
+
+// Offsets from Te0
+#define TE0	0
+#define TE2	2
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define TE1	3
+#define TE3	1
+#else
+#define TE1	1
+#define TE3	3
+#endif
+
+// This implies that AES_KEY comprises 32-bit key schedule elements
+// even on LP64 platforms.
+#ifndef	KSZ
+# define KSZ	4
+# define LDKEY	ld4
+#endif
+
+.proc	_ia64_AES_encrypt#
+// Input:	rk0-rk1
+//		te0
+//		te3	as AES_KEY->rounds!!!
+//		s0-s3
+//		maskff,twenty4,sixteen
+// Output:	r16,r20,r24,r28 as s0-s3
+// Clobber:	r16-r31,rk0-rk1,r32-r43
+.align	32
+_ia64_AES_encrypt:
+	.prologue
+	.altrp	b6
+	.body
+{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
+	LDKEY	t0=[rk0],2*KSZ
+	mov	pr.rot=1<<16	}
+{ .mmi;	LDKEY	t1=[rk1],2*KSZ
+	add	te1=TE1,te0
+	add	te3=-3,te3	};;
+{ .mib;	LDKEY	t2=[rk0],2*KSZ
+	mov	ar.ec=2		}
+{ .mib;	LDKEY	t3=[rk1],2*KSZ
+	add	te2=TE2,te0
+	brp.loop.imp	.Le_top,.Le_end-16	};;
+
+{ .mmi;	xor	s0=s0,t0
+	xor	s1=s1,t1
+	mov	ar.lc=te3	}
+{ .mmi;	xor	s2=s2,t2
+	xor	s3=s3,t3
+	add	te3=TE3,te0	};;
+
+.align	32
+.Le_top:
+{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	(p0)	and	te33=s3,maskff		// 0/0:s3&0xff
+	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	(p0)	and	te30=s0,maskff		// 0/1:s0&0xff
+	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	(p0)	shladd	te33=te33,3,te3		// 1/0:te0+s0>>24
+	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	(p0)	shladd	te30=te30,3,te3		// 1/1:te3+s0
+	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	(p0)	ld4	te33=[te33]		// 2/0:te3[s3&0xff]
+	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
+	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	(p0)	ld4	te30=[te30]		// 2/1:te3[s0]
+	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
+	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
+	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
+	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
+	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
+	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
+	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
+	(p0)	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
+	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
+	(p0)	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
+	(p0)	shladd	te11=te11,3,te1		// 5/0:te1+s1>>16
+	(p0)	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
+	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
+	(p0)	and	te31=s1,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	(p0)	ld4	te11=[te11]		// 6/0:te1[s1>>16]
+	(p0)	shladd	te12=te12,3,te1		// 6/1:te1+s2>>16
+	(p0)	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
+	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
+	(p0)	and	te32=s2,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	(p0)	ld4	te12=[te12]		// 7/1:te1[s2>>16]
+	(p0)	shladd	te31=te31,3,te3		// 7/2:te3+s1&0xff
+	(p0)	and	te13=te13,maskff}	// 7/2:s3>>16&0xff
+{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
+	(p0)	shladd	te32=te32,3,te3		// 7/3:te3+s2
+	(p0)	xor	t0=t0,te33	};;	// 7/0:
+{ .mmi;	(p0)	ld4	te31=[te31]		// 8/2:te3[s1]
+	(p0)	shladd	te13=te13,3,te1		// 8/2:te1+s3>>16
+	(p0)	xor	t0=t0,te22	}	// 8/0:
+{ .mmi;	(p0)	ld4	te32=[te32]		// 8/3:te3[s2]
+	(p0)	shladd	te10=te10,3,te1		// 8/3:te1+s0>>16
+	(p0)	xor	t1=t1,te30	};;	// 8/1:
+{ .mmi;	(p0)	ld4	te13=[te13]		// 9/2:te1[s3>>16]
+	(p0)	ld4	te10=[te10]		// 9/3:te1[s0>>16]
+	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
+{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
+	(p0)	xor	t2=t2,te20		// 10[9]/2:
+	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
+{ .mmi;	(p0)	xor	t0=t0,te11		// 11[10]/0:done!
+	(p0)	xor	t1=t1,te01		// 11[10]/1:
+	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
+{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
+	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
+{ .mmi;	(p0)	xor	t1=t1,te12		// 13[11]/1:done!
+	(p0)	xor	t2=t2,te31		// 13[11]/2:
+	(p0)	xor	t3=t3,te32	}	// 13[11]/3:
+{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
+	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
+{ .mib;	(p0)	xor	t2=t2,te13		// 14[12]/2:done!
+	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
+{ .mib;	(p0)	xor	t3=t3,te10		// 14[12]/3:done!
+	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
+	br.ctop.sptk	.Le_top		};;
+.Le_end:
+
+
+{ .mmi;	ld8	te12=[te0]		// prefetch Te4
+	ld8	te31=[te1]	}
+{ .mmi;	ld8	te10=[te2]
+	ld8	te32=[te3]	}
+
+{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	and	te33=s3,maskff		// 0/0:s3&0xff
+	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	and	te30=s0,maskff		// 0/1:s0&0xff
+	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	add	te33=te33,te0		// 1/0:te0+s0>>24
+	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	add	te30=te30,te0		// 1/1:te0+s0
+	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	ld1	te33=[te33]		// 2/0:te0[s3&0xff]
+	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
+	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	ld1	te30=[te30]		// 2/1:te0[s0]
+	add	te23=te23,te0		// 2/1:te0+s3>>8
+	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
+	add	te20=te20,te0		// 3/2:te0+s0>>8
+	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
+	add	te00=te00,te0		// 3/0:te0+s0>>24
+	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
+	add	te21=te21,te0		// 4/3:te0+s2
+	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
+	add	te01=te01,te0		// 4/1:te0+s1>>24
+	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
+	add	te11=te11,te0		// 5/0:te0+s1>>16
+	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
+	add	te02=te02,te0		// 5/2:te0+s2>>24
+	and	te31=s1,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	ld1	te11=[te11]		// 6/0:te0[s1>>16]
+	add	te12=te12,te0		// 6/1:te0+s2>>16
+	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
+	add	te03=te03,te0		// 6/3:te0+s0>>16
+	and	te32=s2,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	ld1	te12=[te12]		// 7/1:te0[s2>>16]
+	add	te31=te31,te0		// 7/2:te0+s1&0xff
+	dep	te33=te22,te33,8,8}	// 7/0:
+{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
+	add	te32=te32,te0		// 7/3:te0+s2
+	and	te13=te13,maskff};;	// 7/2:s3>>16&0xff
+{ .mmi;	ld1	te31=[te31]		// 8/2:te0[s1]
+	add	te13=te13,te0		// 8/2:te0+s3>>16
+	dep	te30=te23,te30,8,8}	// 8/1:
+{ .mmi;	ld1	te32=[te32]		// 8/3:te0[s2]
+	add	te10=te10,te0		// 8/3:te0+s0>>16
+	shl	te00=te00,twenty4};;	// 8/0:
+{ .mii;	ld1	te13=[te13]		// 9/2:te0[s3>>16]
+	dep	te33=te11,te33,16,8	// 9/0:
+	shl	te01=te01,twenty4};;	// 9/1:
+{ .mii;	ld1	te10=[te10]		// 10/3:te0[s0>>16]
+	dep	te31=te20,te31,8,8	// 10/2:
+	shl	te02=te02,twenty4};;	// 10/2:
+{ .mii;	xor	t0=t0,te33		// 11/0:
+	dep	te32=te21,te32,8,8	// 11/3:
+	shl	te12=te12,sixteen};;	// 11/1:
+{ .mii;	xor	r16=t0,te00		// 12/0:done!
+	dep	te31=te13,te31,16,8	// 12/2:
+	shl	te03=te03,twenty4};;	// 12/3:
+{ .mmi;	xor	t1=t1,te01		// 13/1:
+	xor	t2=t2,te02		// 13/2:
+	dep	te32=te10,te32,16,8};;	// 13/3:
+{ .mmi;	xor	t1=t1,te30		// 14/1:
+	xor	r24=t2,te31		// 14/2:done!
+	xor	t3=t3,te32	};;	// 14/3:
+{ .mib;	xor	r20=t1,te12		// 15/1:done!
+	xor	r28=t3,te03		// 15/3:done!
+	br.ret.sptk	b6	};;
+.endp	_ia64_AES_encrypt#
+
+// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
+.global	AES_encrypt#
+.proc	AES_encrypt#
+.align	32
+AES_encrypt:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
+	and	out0=3,in0
+	mov	r3=ip			}
+{ .mmi;	ADDP	in0=0,in0
+	mov	loc0=psr.um
+	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
+
+{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
+	add	out8=(AES_Te#-AES_encrypt#),r3	// Te0
+	.save	pr,prsave
+	mov	prsave=pr		}
+{ .mmi;	rum	1<<3				// clear um.ac
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc		};;
+
+	.body
+#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne	p6,p0=out0,r0
+	add	out0=4,in0
+(p6)	br.dpnt.many	.Le_i_unaligned	};;
+
+{ .mmi;	ld4	out1=[in0],8		// s0
+	and	out9=3,in1
+	mov	twenty4=24		}
+{ .mmi;	ld4	out3=[out0],8		// s1
+	ADDP	rk0=0,in2
+	mov	sixteen=16		};;
+{ .mmi;	ld4	out5=[in0]		// s2
+	cmp.ne	p6,p0=out9,r0
+	mov	maskff=0xff		}
+{ .mmb;	ld4	out7=[out0]		// s3
+	ADDP	rk1=KSZ,in2
+	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
+
+{ .mib;	ADDP	in0=4,in1
+	ADDP	in1=0,in1
+(p6)	br.spnt	.Le_o_unaligned		};;
+
+{ .mii;	mov	psr.um=loc0
+	mov	ar.pfs=pfssave
+	mov	ar.lc=lcsave		};;
+{ .mmi;	st4	[in1]=r16,8		// s0
+	st4	[in0]=r20,8		// s1
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	st4	[in1]=r24		// s2
+	st4	[in0]=r28		// s3
+	br.ret.sptk.many	b0	};;
+#endif
+
+.align	32
+.Le_i_unaligned:
+{ .mmi;	add	out0=1,in0
+	add	out2=2,in0
+	add	out4=3,in0	};;
+{ .mmi;	ld1	r16=[in0],4
+	ld1	r17=[out0],4	}//;;
+{ .mmi;	ld1	r18=[out2],4
+	ld1	out1=[out4],4	};;	// s0
+{ .mmi;	ld1	r20=[in0],4
+	ld1	r21=[out0],4	}//;;
+{ .mmi;	ld1	r22=[out2],4
+	ld1	out3=[out4],4	};;	// s1
+{ .mmi;	ld1	r24=[in0],4
+	ld1	r25=[out0],4	}//;;
+{ .mmi;	ld1	r26=[out2],4
+	ld1	out5=[out4],4	};;	// s2
+{ .mmi;	ld1	r28=[in0]
+	ld1	r29=[out0]	}//;;
+{ .mmi;	ld1	r30=[out2]
+	ld1	out7=[out4]	};;	// s3
+
+{ .mii;
+	dep	out1=r16,out1,24,8	//;;
+	dep	out3=r20,out3,24,8	}//;;
+{ .mii;	ADDP	rk0=0,in2
+	dep	out5=r24,out5,24,8	//;;
+	dep	out7=r28,out7,24,8	};;
+{ .mii;	ADDP	rk1=KSZ,in2
+	dep	out1=r17,out1,16,8	//;;
+	dep	out3=r21,out3,16,8	}//;;
+{ .mii;	mov	twenty4=24
+	dep	out5=r25,out5,16,8	//;;
+	dep	out7=r29,out7,16,8	};;
+{ .mii;	mov	sixteen=16
+	dep	out1=r18,out1,8,8	//;;
+	dep	out3=r22,out3,8,8	}//;;
+{ .mii;	mov	maskff=0xff
+	dep	out5=r26,out5,8,8	//;;
+	dep	out7=r30,out7,8,8	};;
+
+{ .mib;	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
+
+.Le_o_unaligned:
+{ .mii;	ADDP	out0=0,in1
+	extr.u	r17=r16,8,8			// s0
+	shr.u	r19=r16,twenty4		}//;;
+{ .mii;	ADDP	out1=1,in1
+	extr.u	r18=r16,16,8
+	shr.u	r23=r20,twenty4		}//;;	// s1
+{ .mii;	ADDP	out2=2,in1
+	extr.u	r21=r20,8,8
+	shr.u	r22=r20,sixteen		}//;;
+{ .mii;	ADDP	out3=3,in1
+	extr.u	r25=r24,8,8			// s2
+	shr.u	r27=r24,twenty4		};;
+{ .mii;	st1	[out3]=r16,4
+	extr.u	r26=r24,16,8
+	shr.u	r31=r28,twenty4		}//;;	// s3
+{ .mii;	st1	[out2]=r17,4
+	extr.u	r29=r28,8,8
+	shr.u	r30=r28,sixteen		}//;;
+
+{ .mmi;	st1	[out1]=r18,4
+	st1	[out0]=r19,4		};;
+{ .mmi;	st1	[out3]=r20,4
+	st1	[out2]=r21,4		}//;;
+{ .mmi;	st1	[out1]=r22,4
+	st1	[out0]=r23,4		};;
+{ .mmi;	st1	[out3]=r24,4
+	st1	[out2]=r25,4
+	mov	pr=prsave,0x1ffff	}//;;
+{ .mmi;	st1	[out1]=r26,4
+	st1	[out0]=r27,4
+	mov	ar.pfs=pfssave		};;
+{ .mmi;	st1	[out3]=r28
+	st1	[out2]=r29
+	mov	ar.lc=lcsave		}//;;
+{ .mmi;	st1	[out1]=r30
+	st1	[out0]=r31		}
+{ .mfb;	mov	psr.um=loc0			// restore user mask
+	br.ret.sptk.many	b0	};;
+.endp	AES_encrypt#
+
+// *AES_decrypt are autogenerated by the following script:
+#if 0
+#!/usr/bin/env perl
+print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";
+open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);
+print "#endif\n";
+while(<>) {
+	$process=1	if (/\.proc\s+_ia64_AES_encrypt/);
+	next		if (!$process);
+
+	#s/te00=s0/td00=s0/;	s/te00/td00/g;
+	s/te11=s1/td13=s3/;	s/te11/td13/g;
+	#s/te22=s2/td22=s2/;	s/te22/td22/g;
+	s/te33=s3/td31=s1/;	s/te33/td31/g;
+
+	#s/te01=s1/td01=s1/;	s/te01/td01/g;
+	s/te12=s2/td10=s0/;	s/te12/td10/g;
+	#s/te23=s3/td23=s3/;	s/te23/td23/g;
+	s/te30=s0/td32=s2/;	s/te30/td32/g;
+
+	#s/te02=s2/td02=s2/;	s/te02/td02/g;
+	s/te13=s3/td11=s1/;	s/te13/td11/g;
+	#s/te20=s0/td20=s0/;	s/te20/td20/g;
+	s/te31=s1/td33=s3/;	s/te31/td33/g;
+
+	#s/te03=s3/td03=s3/;	s/te03/td03/g;
+	s/te10=s0/td12=s2/;	s/te10/td12/g;
+	#s/te21=s1/td21=s1/;	s/te21/td21/g;
+	s/te32=s2/td30=s0/;	s/te32/td30/g;
+
+	s/td/te/g;
+
+	s/AES_encrypt/AES_decrypt/g;
+	s/\.Le_/.Ld_/g;
+	s/AES_Te#/AES_Td#/g;
+
+	print;
+
+	exit		if (/\.endp\s+AES_decrypt/);
+}
+#endif
+.proc	_ia64_AES_decrypt#
+// Input:	rk0-rk1
+//		te0
+//		te3	as AES_KEY->rounds!!!
+//		s0-s3
+//		maskff,twenty4,sixteen
+// Output:	r16,r20,r24,r28 as s0-s3
+// Clobber:	r16-r31,rk0-rk1,r32-r43
+.align	32
+_ia64_AES_decrypt:
+	.prologue
+	.altrp	b6
+	.body
+{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
+	LDKEY	t0=[rk0],2*KSZ
+	mov	pr.rot=1<<16	}
+{ .mmi;	LDKEY	t1=[rk1],2*KSZ
+	add	te1=TE1,te0
+	add	te3=-3,te3	};;
+{ .mib;	LDKEY	t2=[rk0],2*KSZ
+	mov	ar.ec=2		}
+{ .mib;	LDKEY	t3=[rk1],2*KSZ
+	add	te2=TE2,te0
+	brp.loop.imp	.Ld_top,.Ld_end-16	};;
+
+{ .mmi;	xor	s0=s0,t0
+	xor	s1=s1,t1
+	mov	ar.lc=te3	}
+{ .mmi;	xor	s2=s2,t2
+	xor	s3=s3,t3
+	add	te3=TE3,te0	};;
+
+.align	32
+.Ld_top:
+{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	(p0)	and	te31=s1,maskff		// 0/0:s3&0xff
+	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	(p0)	and	te32=s2,maskff		// 0/1:s0&0xff
+	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	(p0)	shladd	te31=te31,3,te3		// 1/0:te0+s0>>24
+	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	(p0)	shladd	te32=te32,3,te3		// 1/1:te3+s0
+	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	(p0)	ld4	te31=[te31]		// 2/0:te3[s3&0xff]
+	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
+	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	(p0)	ld4	te32=[te32]		// 2/1:te3[s0]
+	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
+	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
+	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
+	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
+	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
+	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
+	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
+	(p0)	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
+	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
+	(p0)	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
+	(p0)	shladd	te13=te13,3,te1		// 5/0:te1+s1>>16
+	(p0)	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
+	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
+	(p0)	and	te33=s3,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	(p0)	ld4	te13=[te13]		// 6/0:te1[s1>>16]
+	(p0)	shladd	te10=te10,3,te1		// 6/1:te1+s2>>16
+	(p0)	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
+	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
+	(p0)	and	te30=s0,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	(p0)	ld4	te10=[te10]		// 7/1:te1[s2>>16]
+	(p0)	shladd	te33=te33,3,te3		// 7/2:te3+s1&0xff
+	(p0)	and	te11=te11,maskff}	// 7/2:s3>>16&0xff
+{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
+	(p0)	shladd	te30=te30,3,te3		// 7/3:te3+s2
+	(p0)	xor	t0=t0,te31	};;	// 7/0:
+{ .mmi;	(p0)	ld4	te33=[te33]		// 8/2:te3[s1]
+	(p0)	shladd	te11=te11,3,te1		// 8/2:te1+s3>>16
+	(p0)	xor	t0=t0,te22	}	// 8/0:
+{ .mmi;	(p0)	ld4	te30=[te30]		// 8/3:te3[s2]
+	(p0)	shladd	te12=te12,3,te1		// 8/3:te1+s0>>16
+	(p0)	xor	t1=t1,te32	};;	// 8/1:
+{ .mmi;	(p0)	ld4	te11=[te11]		// 9/2:te1[s3>>16]
+	(p0)	ld4	te12=[te12]		// 9/3:te1[s0>>16]
+	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
+{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
+	(p0)	xor	t2=t2,te20		// 10[9]/2:
+	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
+{ .mmi;	(p0)	xor	t0=t0,te13		// 11[10]/0:done!
+	(p0)	xor	t1=t1,te01		// 11[10]/1:
+	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
+{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
+	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
+{ .mmi;	(p0)	xor	t1=t1,te10		// 13[11]/1:done!
+	(p0)	xor	t2=t2,te33		// 13[11]/2:
+	(p0)	xor	t3=t3,te30	}	// 13[11]/3:
+{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
+	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
+{ .mib;	(p0)	xor	t2=t2,te11		// 14[12]/2:done!
+	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
+{ .mib;	(p0)	xor	t3=t3,te12		// 14[12]/3:done!
+	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
+	br.ctop.sptk	.Ld_top		};;
+.Ld_end:
+
+
+{ .mmi;	ld8	te10=[te0]		// prefetch Td4
+	ld8	te33=[te1]	}
+{ .mmi;	ld8	te12=[te2]
+	ld8	te30=[te3]	}
+
+{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
+	and	te31=s1,maskff		// 0/0:s3&0xff
+	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
+{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
+	and	te32=s2,maskff		// 0/1:s0&0xff
+	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
+{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
+	add	te31=te31,te0		// 1/0:te0+s0>>24
+	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
+{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
+	add	te32=te32,te0		// 1/1:te0+s0
+	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
+{ .mmi;	ld1	te31=[te31]		// 2/0:te0[s3&0xff]
+	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
+	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
+{ .mmi;	ld1	te32=[te32]		// 2/1:te0[s0]
+	add	te23=te23,te0		// 2/1:te0+s3>>8
+	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
+{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
+	add	te20=te20,te0		// 3/2:te0+s0>>8
+	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
+{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
+	add	te00=te00,te0		// 3/0:te0+s0>>24
+	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
+{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
+	add	te21=te21,te0		// 4/3:te0+s2
+	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
+{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
+	add	te01=te01,te0		// 4/1:te0+s1>>24
+	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
+{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
+	add	te13=te13,te0		// 5/0:te0+s1>>16
+	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
+{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
+	add	te02=te02,te0		// 5/2:te0+s2>>24
+	and	te33=s3,maskff	};;	// 5/2:s1&0xff
+{ .mmi;	ld1	te13=[te13]		// 6/0:te0[s1>>16]
+	add	te10=te10,te0		// 6/1:te0+s2>>16
+	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
+{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
+	add	te03=te03,te0		// 6/3:te0+s0>>16
+	and	te30=s0,maskff	};;	// 6/3:s2&0xff
+
+{ .mmi;	ld1	te10=[te10]		// 7/1:te0[s2>>16]
+	add	te33=te33,te0		// 7/2:te0+s1&0xff
+	dep	te31=te22,te31,8,8}	// 7/0:
+{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
+	add	te30=te30,te0		// 7/3:te0+s2
+	and	te11=te11,maskff};;	// 7/2:s3>>16&0xff
+{ .mmi;	ld1	te33=[te33]		// 8/2:te0[s1]
+	add	te11=te11,te0		// 8/2:te0+s3>>16
+	dep	te32=te23,te32,8,8}	// 8/1:
+{ .mmi;	ld1	te30=[te30]		// 8/3:te0[s2]
+	add	te12=te12,te0		// 8/3:te0+s0>>16
+	shl	te00=te00,twenty4};;	// 8/0:
+{ .mii;	ld1	te11=[te11]		// 9/2:te0[s3>>16]
+	dep	te31=te13,te31,16,8	// 9/0:
+	shl	te01=te01,twenty4};;	// 9/1:
+{ .mii;	ld1	te12=[te12]		// 10/3:te0[s0>>16]
+	dep	te33=te20,te33,8,8	// 10/2:
+	shl	te02=te02,twenty4};;	// 10/2:
+{ .mii;	xor	t0=t0,te31		// 11/0:
+	dep	te30=te21,te30,8,8	// 11/3:
+	shl	te10=te10,sixteen};;	// 11/1:
+{ .mii;	xor	r16=t0,te00		// 12/0:done!
+	dep	te33=te11,te33,16,8	// 12/2:
+	shl	te03=te03,twenty4};;	// 12/3:
+{ .mmi;	xor	t1=t1,te01		// 13/1:
+	xor	t2=t2,te02		// 13/2:
+	dep	te30=te12,te30,16,8};;	// 13/3:
+{ .mmi;	xor	t1=t1,te32		// 14/1:
+	xor	r24=t2,te33		// 14/2:done!
+	xor	t3=t3,te30	};;	// 14/3:
+{ .mib;	xor	r20=t1,te10		// 15/1:done!
+	xor	r28=t3,te03		// 15/3:done!
+	br.ret.sptk	b6	};;
+.endp	_ia64_AES_decrypt#
+
+// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
+.global	AES_decrypt#
+.proc	AES_decrypt#
+.align	32
+AES_decrypt:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
+	and	out0=3,in0
+	mov	r3=ip			}
+{ .mmi;	ADDP	in0=0,in0
+	mov	loc0=psr.um
+	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
+
+{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
+	add	out8=(AES_Td#-AES_decrypt#),r3	// Te0
+	.save	pr,prsave
+	mov	prsave=pr		}
+{ .mmi;	rum	1<<3				// clear um.ac
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc		};;
+
+	.body
+#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
+{ .mib; cmp.ne	p6,p0=out0,r0
+	add	out0=4,in0
+(p6)	br.dpnt.many	.Ld_i_unaligned	};;
+
+{ .mmi;	ld4	out1=[in0],8		// s0
+	and	out9=3,in1
+	mov	twenty4=24		}
+{ .mmi;	ld4	out3=[out0],8		// s1
+	ADDP	rk0=0,in2
+	mov	sixteen=16		};;
+{ .mmi;	ld4	out5=[in0]		// s2
+	cmp.ne	p6,p0=out9,r0
+	mov	maskff=0xff		}
+{ .mmb;	ld4	out7=[out0]		// s3
+	ADDP	rk1=KSZ,in2
+	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
+
+{ .mib;	ADDP	in0=4,in1
+	ADDP	in1=0,in1
+(p6)	br.spnt	.Ld_o_unaligned		};;
+
+{ .mii;	mov	psr.um=loc0
+	mov	ar.pfs=pfssave
+	mov	ar.lc=lcsave		};;
+{ .mmi;	st4	[in1]=r16,8		// s0
+	st4	[in0]=r20,8		// s1
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	st4	[in1]=r24		// s2
+	st4	[in0]=r28		// s3
+	br.ret.sptk.many	b0	};;
+#endif
+
+.align	32
+.Ld_i_unaligned:
+{ .mmi;	add	out0=1,in0
+	add	out2=2,in0
+	add	out4=3,in0	};;
+{ .mmi;	ld1	r16=[in0],4
+	ld1	r17=[out0],4	}//;;
+{ .mmi;	ld1	r18=[out2],4
+	ld1	out1=[out4],4	};;	// s0
+{ .mmi;	ld1	r20=[in0],4
+	ld1	r21=[out0],4	}//;;
+{ .mmi;	ld1	r22=[out2],4
+	ld1	out3=[out4],4	};;	// s1
+{ .mmi;	ld1	r24=[in0],4
+	ld1	r25=[out0],4	}//;;
+{ .mmi;	ld1	r26=[out2],4
+	ld1	out5=[out4],4	};;	// s2
+{ .mmi;	ld1	r28=[in0]
+	ld1	r29=[out0]	}//;;
+{ .mmi;	ld1	r30=[out2]
+	ld1	out7=[out4]	};;	// s3
+
+{ .mii;
+	dep	out1=r16,out1,24,8	//;;
+	dep	out3=r20,out3,24,8	}//;;
+{ .mii;	ADDP	rk0=0,in2
+	dep	out5=r24,out5,24,8	//;;
+	dep	out7=r28,out7,24,8	};;
+{ .mii;	ADDP	rk1=KSZ,in2
+	dep	out1=r17,out1,16,8	//;;
+	dep	out3=r21,out3,16,8	}//;;
+{ .mii;	mov	twenty4=24
+	dep	out5=r25,out5,16,8	//;;
+	dep	out7=r29,out7,16,8	};;
+{ .mii;	mov	sixteen=16
+	dep	out1=r18,out1,8,8	//;;
+	dep	out3=r22,out3,8,8	}//;;
+{ .mii;	mov	maskff=0xff
+	dep	out5=r26,out5,8,8	//;;
+	dep	out7=r30,out7,8,8	};;
+
+{ .mib;	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
+
+.Ld_o_unaligned:
+{ .mii;	ADDP	out0=0,in1
+	extr.u	r17=r16,8,8			// s0
+	shr.u	r19=r16,twenty4		}//;;
+{ .mii;	ADDP	out1=1,in1
+	extr.u	r18=r16,16,8
+	shr.u	r23=r20,twenty4		}//;;	// s1
+{ .mii;	ADDP	out2=2,in1
+	extr.u	r21=r20,8,8
+	shr.u	r22=r20,sixteen		}//;;
+{ .mii;	ADDP	out3=3,in1
+	extr.u	r25=r24,8,8			// s2
+	shr.u	r27=r24,twenty4		};;
+{ .mii;	st1	[out3]=r16,4
+	extr.u	r26=r24,16,8
+	shr.u	r31=r28,twenty4		}//;;	// s3
+{ .mii;	st1	[out2]=r17,4
+	extr.u	r29=r28,8,8
+	shr.u	r30=r28,sixteen		}//;;
+
+{ .mmi;	st1	[out1]=r18,4
+	st1	[out0]=r19,4		};;
+{ .mmi;	st1	[out3]=r20,4
+	st1	[out2]=r21,4		}//;;
+{ .mmi;	st1	[out1]=r22,4
+	st1	[out0]=r23,4		};;
+{ .mmi;	st1	[out3]=r24,4
+	st1	[out2]=r25,4
+	mov	pr=prsave,0x1ffff	}//;;
+{ .mmi;	st1	[out1]=r26,4
+	st1	[out0]=r27,4
+	mov	ar.pfs=pfssave		};;
+{ .mmi;	st1	[out3]=r28
+	st1	[out2]=r29
+	mov	ar.lc=lcsave		}//;;
+{ .mmi;	st1	[out1]=r30
+	st1	[out0]=r31		}
+{ .mfb;	mov	psr.um=loc0			// restore user mask
+	br.ret.sptk.many	b0	};;
+.endp	AES_decrypt#
+
+// leave it in .text segment...
+.align	64
+.global	AES_Te#
+.type	AES_Te#,@object
+AES_Te:	data4	0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
+	data4	0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
+	data4	0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
+	data4	0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
+	data4	0x60303050,0x60303050, 0x02010103,0x02010103
+	data4	0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
+	data4	0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
+	data4	0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
+	data4	0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
+	data4	0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
+	data4	0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
+	data4	0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
+	data4	0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
+	data4	0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
+	data4	0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
+	data4	0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
+	data4	0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
+	data4	0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
+	data4	0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
+	data4	0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
+	data4	0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
+	data4	0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
+	data4	0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
+	data4	0x62313153,0x62313153, 0x2a15153f,0x2a15153f
+	data4	0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
+	data4	0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
+	data4	0x30181828,0x30181828, 0x379696a1,0x379696a1
+	data4	0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
+	data4	0x0e070709,0x0e070709, 0x24121236,0x24121236
+	data4	0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
+	data4	0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
+	data4	0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
+	data4	0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
+	data4	0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
+	data4	0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
+	data4	0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
+	data4	0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
+	data4	0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
+	data4	0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
+	data4	0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
+	data4	0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
+	data4	0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
+	data4	0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
+	data4	0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
+	data4	0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
+	data4	0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
+	data4	0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
+	data4	0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
+	data4	0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
+	data4	0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
+	data4	0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
+	data4	0x66333355,0x66333355, 0x11858594,0x11858594
+	data4	0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
+	data4	0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
+	data4	0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
+	data4	0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
+	data4	0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
+	data4	0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
+	data4	0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
+	data4	0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
+	data4	0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
+	data4	0xafdada75,0xafdada75, 0x42212163,0x42212163
+	data4	0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
+	data4	0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
+	data4	0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
+	data4	0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
+	data4	0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
+	data4	0x884444cc,0x884444cc, 0x2e171739,0x2e171739
+	data4	0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
+	data4	0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
+	data4	0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
+	data4	0x3219192b,0x3219192b, 0xe6737395,0xe6737395
+	data4	0xc06060a0,0xc06060a0, 0x19818198,0x19818198
+	data4	0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
+	data4	0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
+	data4	0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
+	data4	0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
+	data4	0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
+	data4	0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
+	data4	0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
+	data4	0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
+	data4	0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
+	data4	0x924949db,0x924949db, 0x0c06060a,0x0c06060a
+	data4	0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
+	data4	0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
+	data4	0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
+	data4	0x399191a8,0x399191a8, 0x319595a4,0x319595a4
+	data4	0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
+	data4	0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
+	data4	0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
+	data4	0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
+	data4	0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
+	data4	0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
+	data4	0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
+	data4	0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
+	data4	0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
+	data4	0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
+	data4	0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
+	data4	0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
+	data4	0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
+	data4	0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
+	data4	0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
+	data4	0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
+	data4	0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
+	data4	0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
+	data4	0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
+	data4	0x904848d8,0x904848d8, 0x06030305,0x06030305
+	data4	0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
+	data4	0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
+	data4	0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
+	data4	0x17868691,0x17868691, 0x99c1c158,0x99c1c158
+	data4	0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
+	data4	0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
+	data4	0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
+	data4	0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
+	data4	0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
+	data4	0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
+	data4	0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
+	data4	0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
+	data4	0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
+	data4	0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
+	data4	0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
+	data4	0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
+	data4	0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
+	data4	0x824141c3,0x824141c3, 0x299999b0,0x299999b0
+	data4	0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
+	data4	0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
+	data4	0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
+// Te4:
+	data1	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	data1	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	data1	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	data1	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	data1	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	data1	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	data1	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	data1	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	data1	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	data1	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	data1	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	data1	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	data1	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	data1	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	data1	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	data1	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	data1	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	data1	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	data1	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	data1	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	data1	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	data1	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	data1	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	data1	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	data1	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	data1	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	data1	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	data1	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	data1	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	data1	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	data1	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	data1	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.size	AES_Te#,2048+256	// HP-UX assembler fails to ".-AES_Te#"
+
+.align	64
+.global	AES_Td#
+.type	AES_Td#,@object
+AES_Td:	data4	0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
+	data4	0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
+	data4	0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
+	data4	0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
+	data4	0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
+	data4	0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
+	data4	0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
+	data4	0x26354480,0x26354480, 0xb562a38f,0xb562a38f
+	data4	0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
+	data4	0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
+	data4	0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
+	data4	0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
+	data4	0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
+	data4	0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
+	data4	0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
+	data4	0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
+	data4	0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
+	data4	0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
+	data4	0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
+	data4	0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
+	data4	0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
+	data4	0x97513360,0x97513360, 0x62537f45,0x62537f45
+	data4	0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
+	data4	0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
+	data4	0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
+	data4	0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
+	data4	0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
+	data4	0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
+	data4	0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
+	data4	0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
+	data4	0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
+	data4	0x02036aba,0x02036aba, 0xed16825c,0xed16825c
+	data4	0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
+	data4	0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
+	data4	0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
+	data4	0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
+	data4	0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
+	data4	0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
+	data4	0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
+	data4	0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
+	data4	0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
+	data4	0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
+	data4	0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
+	data4	0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
+	data4	0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
+	data4	0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
+	data4	0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
+	data4	0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
+	data4	0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
+	data4	0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
+	data4	0x09808683,0x09808683, 0x322bed48,0x322bed48
+	data4	0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
+	data4	0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
+	data4	0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
+	data4	0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
+	data4	0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
+	data4	0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
+	data4	0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
+	data4	0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
+	data4	0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
+	data4	0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
+	data4	0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
+	data4	0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
+	data4	0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
+	data4	0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
+	data4	0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
+	data4	0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
+	data4	0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
+	data4	0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
+	data4	0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
+	data4	0xd731dcca,0xd731dcca, 0x42638510,0x42638510
+	data4	0x13972240,0x13972240, 0x84c61120,0x84c61120
+	data4	0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
+	data4	0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
+	data4	0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
+	data4	0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
+	data4	0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
+	data4	0x119448fa,0x119448fa, 0x47e96422,0x47e96422
+	data4	0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
+	data4	0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
+	data4	0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
+	data4	0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
+	data4	0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
+	data4	0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
+	data4	0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
+	data4	0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
+	data4	0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
+	data4	0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
+	data4	0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
+	data4	0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
+	data4	0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
+	data4	0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
+	data4	0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
+	data4	0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
+	data4	0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
+	data4	0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
+	data4	0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
+	data4	0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
+	data4	0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
+	data4	0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
+	data4	0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
+	data4	0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
+	data4	0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
+	data4	0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
+	data4	0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
+	data4	0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
+	data4	0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
+	data4	0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
+	data4	0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
+	data4	0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
+	data4	0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
+	data4	0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
+	data4	0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
+	data4	0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
+	data4	0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
+	data4	0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
+	data4	0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
+	data4	0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
+	data4	0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
+	data4	0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
+	data4	0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
+	data4	0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
+	data4	0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
+	data4	0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
+	data4	0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
+	data4	0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
+	data4	0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
+	data4	0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
+// Td4:
+	data1	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	data1	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	data1	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	data1	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	data1	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	data1	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	data1	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	data1	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	data1	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	data1	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	data1	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	data1	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	data1	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	data1	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	data1	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	data1	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	data1	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	data1	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	data1	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	data1	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	data1	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	data1	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	data1	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	data1	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	data1	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	data1	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	data1	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	data1	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	data1	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	data1	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	data1	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	data1	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td#,2048+256	// HP-UX assembler fails to ".-AES_Td#"
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-mips.pl b/openssl-1.1.0h/crypto/aes/asm/aes-mips.pl
new file mode 100644
index 0000000..439578d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-mips.pl
@@ -0,0 +1,2131 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for MIPS
+
+# October 2010
+#
+# Code uses 1K[+256B] S-box and on single-issue core [such as R5000]
+# spends ~68 cycles per byte processed with 128-bit key. This is ~16%
+# faster than gcc-generated code, which is not very impressive. But
+# recall that compressed S-box requires extra processing, namely
+# additional rotations. Rotations are implemented with lwl/lwr pairs,
+# which is normally used for loading unaligned data. Another cool
+# thing about this module is its endian neutrality, which means that
+# it processes data without ever changing byte order...
+
+# September 2012
+#
+# Add MIPS32R2 (~10% less instructions) and SmartMIPS ASE (further
+# ~25% less instructions) code. Note that there is no run-time switch,
+# instead, code path is chosen upon pre-process time, pass -mips32r2
+# or/and -msmartmips.
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_LA="dla";
+	$PTR_ADD="dadd";	# incidentally works even on n32
+	$PTR_SUB="dsub";	# incidentally works even on n32
+	$PTR_INS="dins";
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_LA="la";
+	$PTR_ADD="add";
+	$PTR_SUB="sub";
+	$PTR_INS="ins";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+open STDOUT,">$output";
+
+if (!defined($big_endian))
+{    $big_endian=(unpack('L',pack('N',1))==1);   }
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+my ($MSB,$LSB)=(0,3);	# automatically converted to little-endian
+
+$code.=<<___;
+.text
+#ifdef OPENSSL_FIPSCANISTER
+# include <openssl/fipssyms.h>
+#endif
+
+#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
+#define _MIPS_ARCH_MIPS32R2
+#endif
+
+#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__))
+.option	pic2
+#endif
+.set	noat
+___
+
+{{{
+my $FRAMESIZE=16*$SZREG;
+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7);
+my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
+my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23));
+my ($key0,$cnt)=($gp,$fp);
+
+# instuction ordering is "stolen" from output from MIPSpro assembler
+# invoked with -mips3 -O3 arguments...
+$code.=<<___;
+.align	5
+.ent	_mips_AES_encrypt
+_mips_AES_encrypt:
+	.frame	$sp,0,$ra
+	.set	reorder
+	lw	$t0,0($key)
+	lw	$t1,4($key)
+	lw	$t2,8($key)
+	lw	$t3,12($key)
+	lw	$cnt,240($key)
+	$PTR_ADD $key0,$key,16
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	sub	$cnt,1
+#if defined(__mips_smartmips)
+	ext	$i0,$s1,16,8
+.Loop_enc:
+	ext	$i1,$s2,16,8
+	ext	$i2,$s3,16,8
+	ext	$i3,$s0,16,8
+	lwxs	$t0,$i0($Tbl)		# Te1[s1>>16]
+	ext	$i0,$s2,8,8
+	lwxs	$t1,$i1($Tbl)		# Te1[s2>>16]
+	ext	$i1,$s3,8,8
+	lwxs	$t2,$i2($Tbl)		# Te1[s3>>16]
+	ext	$i2,$s0,8,8
+	lwxs	$t3,$i3($Tbl)		# Te1[s0>>16]
+	ext	$i3,$s1,8,8
+
+	lwxs	$t4,$i0($Tbl)		# Te2[s2>>8]
+	ext	$i0,$s3,0,8
+	lwxs	$t5,$i1($Tbl)		# Te2[s3>>8]
+	ext	$i1,$s0,0,8
+	lwxs	$t6,$i2($Tbl)		# Te2[s0>>8]
+	ext	$i2,$s1,0,8
+	lwxs	$t7,$i3($Tbl)		# Te2[s1>>8]
+	ext	$i3,$s2,0,8
+
+	lwxs	$t8,$i0($Tbl)		# Te3[s3]
+	ext	$i0,$s0,24,8
+	lwxs	$t9,$i1($Tbl)		# Te3[s0]
+	ext	$i1,$s1,24,8
+	lwxs	$t10,$i2($Tbl)		# Te3[s1]
+	ext	$i2,$s2,24,8
+	lwxs	$t11,$i3($Tbl)		# Te3[s2]
+	ext	$i3,$s3,24,8
+
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	xor	$t0,$t4
+	lwxs	$t4,$i0($Tbl)		# Te0[s0>>24]
+	xor	$t1,$t5
+	lwxs	$t5,$i1($Tbl)		# Te0[s1>>24]
+	xor	$t2,$t6
+	lwxs	$t6,$i2($Tbl)		# Te0[s2>>24]
+	xor	$t3,$t7
+	lwxs	$t7,$i3($Tbl)		# Te0[s3>>24]
+
+	rotr	$t8,$t8,24
+	lw	$s0,0($key0)
+	rotr	$t9,$t9,24
+	lw	$s1,4($key0)
+	rotr	$t10,$t10,24
+	lw	$s2,8($key0)
+	rotr	$t11,$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	sub	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_enc
+	ext	$i0,$s1,16,8
+
+	_xtr	$i0,$s1,16-2
+#else
+	_xtr	$i0,$s1,16-2
+.Loop_enc:
+	_xtr	$i1,$s2,16-2
+	_xtr	$i2,$s3,16-2
+	_xtr	$i3,$s0,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	lw	$t0,0($i0)		# Te1[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lw	$t1,0($i1)		# Te1[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lw	$t2,0($i2)		# Te1[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lw	$t3,0($i3)		# Te1[s0>>16]
+	_xtr	$i3,$s1,8-2
+#else
+	lwl	$t0,3($i0)		# Te1[s1>>16]
+	lwl	$t1,3($i1)		# Te1[s2>>16]
+	lwl	$t2,3($i2)		# Te1[s3>>16]
+	lwl	$t3,3($i3)		# Te1[s0>>16]
+	lwr	$t0,2($i0)		# Te1[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lwr	$t1,2($i1)		# Te1[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lwr	$t2,2($i2)		# Te1[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lwr	$t3,2($i3)		# Te1[s0>>16]
+	_xtr	$i3,$s1,8-2
+#endif
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+# if defined(_MIPSEL)
+	lw	$t4,0($i0)		# Te2[s2>>8]
+	_xtr	$i0,$s3,0-2
+	lw	$t5,0($i1)		# Te2[s3>>8]
+	_xtr	$i1,$s0,0-2
+	lw	$t6,0($i2)		# Te2[s0>>8]
+	_xtr	$i2,$s1,0-2
+	lw	$t7,0($i3)		# Te2[s1>>8]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lw	$t8,0($i0)		# Te3[s3]
+	$PTR_INS $i0,$s0,2,8
+	lw	$t9,0($i1)		# Te3[s0]
+	$PTR_INS $i1,$s1,2,8
+	lw	$t10,0($i2)		# Te3[s1]
+	$PTR_INS $i2,$s2,2,8
+	lw	$t11,0($i3)		# Te3[s2]
+	$PTR_INS $i3,$s3,2,8
+# else
+	lw	$t4,0($i0)		# Te2[s2>>8]
+	$PTR_INS $i0,$s3,2,8
+	lw	$t5,0($i1)		# Te2[s3>>8]
+	$PTR_INS $i1,$s0,2,8
+	lw	$t6,0($i2)		# Te2[s0>>8]
+	$PTR_INS $i2,$s1,2,8
+	lw	$t7,0($i3)		# Te2[s1>>8]
+	$PTR_INS $i3,$s2,2,8
+
+	lw	$t8,0($i0)		# Te3[s3]
+	_xtr	$i0,$s0,24-2
+	lw	$t9,0($i1)		# Te3[s0]
+	_xtr	$i1,$s1,24-2
+	lw	$t10,0($i2)		# Te3[s1]
+	_xtr	$i2,$s2,24-2
+	lw	$t11,0($i3)		# Te3[s2]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# endif
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	rotr	$t8,$t8,24
+	rotr	$t9,$t9,24
+	rotr	$t10,$t10,24
+	rotr	$t11,$t11,24
+#else
+	lwl	$t4,2($i0)		# Te2[s2>>8]
+	lwl	$t5,2($i1)		# Te2[s3>>8]
+	lwl	$t6,2($i2)		# Te2[s0>>8]
+	lwl	$t7,2($i3)		# Te2[s1>>8]
+	lwr	$t4,1($i0)		# Te2[s2>>8]
+	_xtr	$i0,$s3,0-2
+	lwr	$t5,1($i1)		# Te2[s3>>8]
+	_xtr	$i1,$s0,0-2
+	lwr	$t6,1($i2)		# Te2[s0>>8]
+	_xtr	$i2,$s1,0-2
+	lwr	$t7,1($i3)		# Te2[s1>>8]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lwl	$t8,1($i0)		# Te3[s3]
+	lwl	$t9,1($i1)		# Te3[s0]
+	lwl	$t10,1($i2)		# Te3[s1]
+	lwl	$t11,1($i3)		# Te3[s2]
+	lwr	$t8,0($i0)		# Te3[s3]
+	_xtr	$i0,$s0,24-2
+	lwr	$t9,0($i1)		# Te3[s0]
+	_xtr	$i1,$s1,24-2
+	lwr	$t10,0($i2)		# Te3[s1]
+	_xtr	$i2,$s2,24-2
+	lwr	$t11,0($i3)		# Te3[s2]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+	xor	$t0,$t4
+	lw	$t4,0($i0)		# Te0[s0>>24]
+	xor	$t1,$t5
+	lw	$t5,0($i1)		# Te0[s1>>24]
+	xor	$t2,$t6
+	lw	$t6,0($i2)		# Te0[s2>>24]
+	xor	$t3,$t7
+	lw	$t7,0($i3)		# Te0[s3>>24]
+
+	xor	$t0,$t8
+	lw	$s0,0($key0)
+	xor	$t1,$t9
+	lw	$s1,4($key0)
+	xor	$t2,$t10
+	lw	$s2,8($key0)
+	xor	$t3,$t11
+	lw	$s3,12($key0)
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	sub	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_enc
+	_xtr	$i0,$s1,16-2
+#endif
+
+	.set	reorder
+	_xtr	$i1,$s2,16-2
+	_xtr	$i2,$s3,16-2
+	_xtr	$i3,$s0,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t0,2($i0)		# Te4[s1>>16]
+	_xtr	$i0,$s2,8-2
+	lbu	$t1,2($i1)		# Te4[s2>>16]
+	_xtr	$i1,$s3,8-2
+	lbu	$t2,2($i2)		# Te4[s3>>16]
+	_xtr	$i2,$s0,8-2
+	lbu	$t3,2($i3)		# Te4[s0>>16]
+	_xtr	$i3,$s1,8-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+# if defined(_MIPSEL)
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	$PTR_INS $i0,$s0,2,8
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	$PTR_INS $i1,$s1,2,8
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	$PTR_INS $i2,$s2,2,8
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	$PTR_INS $i3,$s3,2,8
+
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	_xtr	$i0,$s3,0-2
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	_xtr	$i1,$s0,0-2
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	_xtr	$i2,$s1,0-2
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# else
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	_xtr	$i0,$s0,24-2
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	_xtr	$i1,$s1,24-2
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	_xtr	$i2,$s2,24-2
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	$PTR_INS $i0,$s3,2,8
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	$PTR_INS $i1,$s0,2,8
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	$PTR_INS $i2,$s1,2,8
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	$PTR_INS $i3,$s2,2,8
+# endif
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins2	$t0,$t4,8
+	lbu	$t4,2($i0)		# Te4[s3]
+	_ins2	$t1,$t5,8
+	lbu	$t5,2($i1)		# Te4[s0]
+	_ins2	$t2,$t6,8
+	lbu	$t6,2($i2)		# Te4[s1]
+	_ins2	$t3,$t7,8
+	lbu	$t7,2($i3)		# Te4[s2]
+
+	_ins2	$t0,$t8,24
+	lw	$s0,0($key0)
+	_ins2	$t1,$t9,24
+	lw	$s1,4($key0)
+	_ins2	$t2,$t10,24
+	lw	$s2,8($key0)
+	_ins2	$t3,$t11,24
+	lw	$s3,12($key0)
+
+	_ins2	$t0,$t4,0
+	_ins2	$t1,$t5,0
+	_ins2	$t2,$t6,0
+	_ins2	$t3,$t7,0
+#else
+	lbu	$t4,2($i0)		# Te4[s2>>8]
+	_xtr	$i0,$s0,24-2
+	lbu	$t5,2($i1)		# Te4[s3>>8]
+	_xtr	$i1,$s1,24-2
+	lbu	$t6,2($i2)		# Te4[s0>>8]
+	_xtr	$i2,$s2,24-2
+	lbu	$t7,2($i3)		# Te4[s1>>8]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,2($i0)		# Te4[s0>>24]
+	_xtr	$i0,$s3,0-2
+	lbu	$t9,2($i1)		# Te4[s1>>24]
+	_xtr	$i1,$s0,0-2
+	lbu	$t10,2($i2)		# Te4[s2>>24]
+	_xtr	$i2,$s1,0-2
+	lbu	$t11,2($i3)		# Te4[s3>>24]
+	_xtr	$i3,$s2,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins	$t4,8
+	_ins	$t5,8
+	_ins	$t6,8
+	_ins	$t7,8
+
+	xor	$t0,$t4
+	lbu	$t4,2($i0)		# Te4[s3]
+	xor	$t1,$t5
+	lbu	$t5,2($i1)		# Te4[s0]
+	xor	$t2,$t6
+	lbu	$t6,2($i2)		# Te4[s1]
+	xor	$t3,$t7
+	lbu	$t7,2($i3)		# Te4[s2]
+
+	_ins	$t8,24
+	lw	$s0,0($key0)
+	_ins	$t9,24
+	lw	$s1,4($key0)
+	_ins	$t10,24
+	lw	$s2,8($key0)
+	_ins	$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	_ins	$t4,0
+	_ins	$t5,0
+	_ins	$t6,0
+	_ins	$t7,0
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+#endif
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	jr	$ra
+.end	_mips_AES_encrypt
+
+.align	5
+.globl	AES_encrypt
+.ent	AES_encrypt
+AES_encrypt:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_encrypt
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te		# PIC-ified 'load address'
+
+	lwl	$s0,0+$MSB($inp)
+	lwl	$s1,4+$MSB($inp)
+	lwl	$s2,8+$MSB($inp)
+	lwl	$s3,12+$MSB($inp)
+	lwr	$s0,0+$LSB($inp)
+	lwr	$s1,4+$LSB($inp)
+	lwr	$s2,8+$LSB($inp)
+	lwr	$s3,12+$LSB($inp)
+
+	bal	_mips_AES_encrypt
+
+	swr	$s0,0+$LSB($out)
+	swr	$s1,4+$LSB($out)
+	swr	$s2,8+$LSB($out)
+	swr	$s3,12+$LSB($out)
+	swl	$s0,0+$MSB($out)
+	swl	$s1,4+$MSB($out)
+	swl	$s2,8+$MSB($out)
+	swl	$s3,12+$MSB($out)
+
+	.set	noreorder
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_encrypt
+___
+
+$code.=<<___;
+.align	5
+.ent	_mips_AES_decrypt
+_mips_AES_decrypt:
+	.frame	$sp,0,$ra
+	.set	reorder
+	lw	$t0,0($key)
+	lw	$t1,4($key)
+	lw	$t2,8($key)
+	lw	$t3,12($key)
+	lw	$cnt,240($key)
+	$PTR_ADD $key0,$key,16
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	sub	$cnt,1
+#if defined(__mips_smartmips)
+	ext	$i0,$s3,16,8
+.Loop_dec:
+	ext	$i1,$s0,16,8
+	ext	$i2,$s1,16,8
+	ext	$i3,$s2,16,8
+	lwxs	$t0,$i0($Tbl)		# Td1[s3>>16]
+	ext	$i0,$s2,8,8
+	lwxs	$t1,$i1($Tbl)		# Td1[s0>>16]
+	ext	$i1,$s3,8,8
+	lwxs	$t2,$i2($Tbl)		# Td1[s1>>16]
+	ext	$i2,$s0,8,8
+	lwxs	$t3,$i3($Tbl)		# Td1[s2>>16]
+	ext	$i3,$s1,8,8
+
+	lwxs	$t4,$i0($Tbl)		# Td2[s2>>8]
+	ext	$i0,$s1,0,8
+	lwxs	$t5,$i1($Tbl)		# Td2[s3>>8]
+	ext	$i1,$s2,0,8
+	lwxs	$t6,$i2($Tbl)		# Td2[s0>>8]
+	ext	$i2,$s3,0,8
+	lwxs	$t7,$i3($Tbl)		# Td2[s1>>8]
+	ext	$i3,$s0,0,8
+
+	lwxs	$t8,$i0($Tbl)		# Td3[s1]
+	ext	$i0,$s0,24,8
+	lwxs	$t9,$i1($Tbl)		# Td3[s2]
+	ext	$i1,$s1,24,8
+	lwxs	$t10,$i2($Tbl)		# Td3[s3]
+	ext	$i2,$s2,24,8
+	lwxs	$t11,$i3($Tbl)		# Td3[s0]
+	ext	$i3,$s3,24,8
+
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	xor	$t0,$t4
+	lwxs	$t4,$i0($Tbl)		# Td0[s0>>24]
+	xor	$t1,$t5
+	lwxs	$t5,$i1($Tbl)		# Td0[s1>>24]
+	xor	$t2,$t6
+	lwxs	$t6,$i2($Tbl)		# Td0[s2>>24]
+	xor	$t3,$t7
+	lwxs	$t7,$i3($Tbl)		# Td0[s3>>24]
+
+	rotr	$t8,$t8,24
+	lw	$s0,0($key0)
+	rotr	$t9,$t9,24
+	lw	$s1,4($key0)
+	rotr	$t10,$t10,24
+	lw	$s2,8($key0)
+	rotr	$t11,$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	sub	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_dec
+	ext	$i0,$s3,16,8
+
+	_xtr	$i0,$s3,16-2
+#else
+	_xtr	$i0,$s3,16-2
+.Loop_dec:
+	_xtr	$i1,$s0,16-2
+	_xtr	$i2,$s1,16-2
+	_xtr	$i3,$s2,16-2
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	lw	$t0,0($i0)		# Td1[s3>>16]
+	_xtr	$i0,$s2,8-2
+	lw	$t1,0($i1)		# Td1[s0>>16]
+	_xtr	$i1,$s3,8-2
+	lw	$t2,0($i2)		# Td1[s1>>16]
+	_xtr	$i2,$s0,8-2
+	lw	$t3,0($i3)		# Td1[s2>>16]
+	_xtr	$i3,$s1,8-2
+#else
+	lwl	$t0,3($i0)		# Td1[s3>>16]
+	lwl	$t1,3($i1)		# Td1[s0>>16]
+	lwl	$t2,3($i2)		# Td1[s1>>16]
+	lwl	$t3,3($i3)		# Td1[s2>>16]
+	lwr	$t0,2($i0)		# Td1[s3>>16]
+	_xtr	$i0,$s2,8-2
+	lwr	$t1,2($i1)		# Td1[s0>>16]
+	_xtr	$i1,$s3,8-2
+	lwr	$t2,2($i2)		# Td1[s1>>16]
+	_xtr	$i2,$s0,8-2
+	lwr	$t3,2($i3)		# Td1[s2>>16]
+	_xtr	$i3,$s1,8-2
+#endif
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$t0,$t0,8
+	rotr	$t1,$t1,8
+	rotr	$t2,$t2,8
+	rotr	$t3,$t3,8
+# if defined(_MIPSEL)
+	lw	$t4,0($i0)		# Td2[s2>>8]
+	_xtr	$i0,$s1,0-2
+	lw	$t5,0($i1)		# Td2[s3>>8]
+	_xtr	$i1,$s2,0-2
+	lw	$t6,0($i2)		# Td2[s0>>8]
+	_xtr	$i2,$s3,0-2
+	lw	$t7,0($i3)		# Td2[s1>>8]
+	_xtr	$i3,$s0,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lw	$t8,0($i0)		# Td3[s1]
+	$PTR_INS $i0,$s0,2,8
+	lw	$t9,0($i1)		# Td3[s2]
+	$PTR_INS $i1,$s1,2,8
+	lw	$t10,0($i2)		# Td3[s3]
+	$PTR_INS $i2,$s2,2,8
+	lw	$t11,0($i3)		# Td3[s0]
+	$PTR_INS $i3,$s3,2,8
+#else
+	lw	$t4,0($i0)		# Td2[s2>>8]
+	$PTR_INS $i0,$s1,2,8
+	lw	$t5,0($i1)		# Td2[s3>>8]
+	$PTR_INS $i1,$s2,2,8
+	lw	$t6,0($i2)		# Td2[s0>>8]
+	$PTR_INS $i2,$s3,2,8
+	lw	$t7,0($i3)		# Td2[s1>>8]
+	$PTR_INS $i3,$s0,2,8
+
+	lw	$t8,0($i0)		# Td3[s1]
+	_xtr	$i0,$s0,24-2
+	lw	$t9,0($i1)		# Td3[s2]
+	_xtr	$i1,$s1,24-2
+	lw	$t10,0($i2)		# Td3[s3]
+	_xtr	$i2,$s2,24-2
+	lw	$t11,0($i3)		# Td3[s0]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+	rotr	$t4,$t4,16
+	rotr	$t5,$t5,16
+	rotr	$t6,$t6,16
+	rotr	$t7,$t7,16
+
+	rotr	$t8,$t8,24
+	rotr	$t9,$t9,24
+	rotr	$t10,$t10,24
+	rotr	$t11,$t11,24
+#else
+	lwl	$t4,2($i0)		# Td2[s2>>8]
+	lwl	$t5,2($i1)		# Td2[s3>>8]
+	lwl	$t6,2($i2)		# Td2[s0>>8]
+	lwl	$t7,2($i3)		# Td2[s1>>8]
+	lwr	$t4,1($i0)		# Td2[s2>>8]
+	_xtr	$i0,$s1,0-2
+	lwr	$t5,1($i1)		# Td2[s3>>8]
+	_xtr	$i1,$s2,0-2
+	lwr	$t6,1($i2)		# Td2[s0>>8]
+	_xtr	$i2,$s3,0-2
+	lwr	$t7,1($i3)		# Td2[s1>>8]
+	_xtr	$i3,$s0,0-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lwl	$t8,1($i0)		# Td3[s1]
+	lwl	$t9,1($i1)		# Td3[s2]
+	lwl	$t10,1($i2)		# Td3[s3]
+	lwl	$t11,1($i3)		# Td3[s0]
+	lwr	$t8,0($i0)		# Td3[s1]
+	_xtr	$i0,$s0,24-2
+	lwr	$t9,0($i1)		# Td3[s2]
+	_xtr	$i1,$s1,24-2
+	lwr	$t10,0($i2)		# Td3[s3]
+	_xtr	$i2,$s2,24-2
+	lwr	$t11,0($i3)		# Td3[s0]
+	_xtr	$i3,$s3,24-2
+
+	and	$i0,0x3fc
+	and	$i1,0x3fc
+	and	$i2,0x3fc
+	and	$i3,0x3fc
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#endif
+
+	xor	$t0,$t4
+	lw	$t4,0($i0)		# Td0[s0>>24]
+	xor	$t1,$t5
+	lw	$t5,0($i1)		# Td0[s1>>24]
+	xor	$t2,$t6
+	lw	$t6,0($i2)		# Td0[s2>>24]
+	xor	$t3,$t7
+	lw	$t7,0($i3)		# Td0[s3>>24]
+
+	xor	$t0,$t8
+	lw	$s0,0($key0)
+	xor	$t1,$t9
+	lw	$s1,4($key0)
+	xor	$t2,$t10
+	lw	$s2,8($key0)
+	xor	$t3,$t11
+	lw	$s3,12($key0)
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+
+	sub	$cnt,1
+	$PTR_ADD $key0,16
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+	.set	noreorder
+	bnez	$cnt,.Loop_dec
+	_xtr	$i0,$s3,16-2
+#endif
+
+	.set	reorder
+	lw	$t4,1024($Tbl)		# prefetch Td4
+	_xtr	$i0,$s3,16
+	lw	$t5,1024+32($Tbl)
+	_xtr	$i1,$s0,16
+	lw	$t6,1024+64($Tbl)
+	_xtr	$i2,$s1,16
+	lw	$t7,1024+96($Tbl)
+	_xtr	$i3,$s2,16
+	lw	$t8,1024+128($Tbl)
+	and	$i0,0xff
+	lw	$t9,1024+160($Tbl)
+	and	$i1,0xff
+	lw	$t10,1024+192($Tbl)
+	and	$i2,0xff
+	lw	$t11,1024+224($Tbl)
+	and	$i3,0xff
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t0,1024($i0)		# Td4[s3>>16]
+	_xtr	$i0,$s2,8
+	lbu	$t1,1024($i1)		# Td4[s0>>16]
+	_xtr	$i1,$s3,8
+	lbu	$t2,1024($i2)		# Td4[s1>>16]
+	_xtr	$i2,$s0,8
+	lbu	$t3,1024($i3)		# Td4[s2>>16]
+	_xtr	$i3,$s1,8
+
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,0xff
+	and	$i3,0xff
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+# if defined(_MIPSEL)
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	$PTR_INS $i0,$s0,0,8
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	$PTR_INS $i1,$s1,0,8
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	$PTR_INS $i2,$s2,0,8
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	$PTR_INS $i3,$s3,0,8
+
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	_xtr	$i0,$s1,0
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	_xtr	$i1,$s2,0
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	_xtr	$i2,$s3,0
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	_xtr	$i3,$s0,0
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+# else
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	_xtr	$i0,$s0,24
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	_xtr	$i1,$s1,24
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	_xtr	$i2,$s2,24
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	_xtr	$i3,$s3,24
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	$PTR_INS $i0,$s1,0,8
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	$PTR_INS $i1,$s2,0,8
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	$PTR_INS $i2,$s3,0,8
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	$PTR_INS $i3,$s0,0,8
+# endif
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins2	$t0,$t4,8
+	lbu	$t4,1024($i0)		# Td4[s1]
+	_ins2	$t1,$t5,8
+	lbu	$t5,1024($i1)		# Td4[s2]
+	_ins2	$t2,$t6,8
+	lbu	$t6,1024($i2)		# Td4[s3]
+	_ins2	$t3,$t7,8
+	lbu	$t7,1024($i3)		# Td4[s0]
+
+	_ins2	$t0,$t8,24
+	lw	$s0,0($key0)
+	_ins2	$t1,$t9,24
+	lw	$s1,4($key0)
+	_ins2	$t2,$t10,24
+	lw	$s2,8($key0)
+	_ins2	$t3,$t11,24
+	lw	$s3,12($key0)
+
+	_ins2	$t0,$t4,0
+	_ins2	$t1,$t5,0
+	_ins2	$t2,$t6,0
+	_ins2	$t3,$t7,0
+#else
+	lbu	$t4,1024($i0)		# Td4[s2>>8]
+	_xtr	$i0,$s0,24
+	lbu	$t5,1024($i1)		# Td4[s3>>8]
+	_xtr	$i1,$s1,24
+	lbu	$t6,1024($i2)		# Td4[s0>>8]
+	_xtr	$i2,$s2,24
+	lbu	$t7,1024($i3)		# Td4[s1>>8]
+	_xtr	$i3,$s3,24
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$t8,1024($i0)		# Td4[s0>>24]
+	_xtr	$i0,$s1,0
+	lbu	$t9,1024($i1)		# Td4[s1>>24]
+	_xtr	$i1,$s2,0
+	lbu	$t10,1024($i2)		# Td4[s2>>24]
+	_xtr	$i2,$s3,0
+	lbu	$t11,1024($i3)		# Td4[s3>>24]
+	_xtr	$i3,$s0,0
+
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+
+	_ins	$t0,16
+	_ins	$t1,16
+	_ins	$t2,16
+	_ins	$t3,16
+
+	_ins	$t4,8
+	_ins	$t5,8
+	_ins	$t6,8
+	_ins	$t7,8
+
+	xor	$t0,$t4
+	lbu	$t4,1024($i0)		# Td4[s1]
+	xor	$t1,$t5
+	lbu	$t5,1024($i1)		# Td4[s2]
+	xor	$t2,$t6
+	lbu	$t6,1024($i2)		# Td4[s3]
+	xor	$t3,$t7
+	lbu	$t7,1024($i3)		# Td4[s0]
+
+	_ins	$t8,24
+	lw	$s0,0($key0)
+	_ins	$t9,24
+	lw	$s1,4($key0)
+	_ins	$t10,24
+	lw	$s2,8($key0)
+	_ins	$t11,24
+	lw	$s3,12($key0)
+
+	xor	$t0,$t8
+	xor	$t1,$t9
+	xor	$t2,$t10
+	xor	$t3,$t11
+
+	_ins	$t4,0
+	_ins	$t5,0
+	_ins	$t6,0
+	_ins	$t7,0
+
+	xor	$t0,$t4
+	xor	$t1,$t5
+	xor	$t2,$t6
+	xor	$t3,$t7
+#endif
+
+	xor	$s0,$t0
+	xor	$s1,$t1
+	xor	$s2,$t2
+	xor	$s3,$t3
+
+	jr	$ra
+.end	_mips_AES_decrypt
+
+.align	5
+.globl	AES_decrypt
+.ent	AES_decrypt
+AES_decrypt:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_decrypt
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Td		# PIC-ified 'load address'
+
+	lwl	$s0,0+$MSB($inp)
+	lwl	$s1,4+$MSB($inp)
+	lwl	$s2,8+$MSB($inp)
+	lwl	$s3,12+$MSB($inp)
+	lwr	$s0,0+$LSB($inp)
+	lwr	$s1,4+$LSB($inp)
+	lwr	$s2,8+$LSB($inp)
+	lwr	$s3,12+$LSB($inp)
+
+	bal	_mips_AES_decrypt
+
+	swr	$s0,0+$LSB($out)
+	swr	$s1,4+$LSB($out)
+	swr	$s2,8+$LSB($out)
+	swr	$s3,12+$LSB($out)
+	swl	$s0,0+$MSB($out)
+	swl	$s1,4+$MSB($out)
+	swl	$s2,8+$MSB($out)
+	swl	$s3,12+$MSB($out)
+
+	.set	noreorder
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_decrypt
+___
+}}}
+
+{{{
+my $FRAMESIZE=8*$SZREG;
+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc000f008" : "0xc0000000";
+
+my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3);
+my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
+my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
+my ($rcon,$cnt)=($gp,$fp);
+
+$code.=<<___;
+.align	5
+.ent	_mips_AES_set_encrypt_key
+_mips_AES_set_encrypt_key:
+	.frame	$sp,0,$ra
+	.set	noreorder
+	beqz	$inp,.Lekey_done
+	li	$t0,-1
+	beqz	$key,.Lekey_done
+	$PTR_ADD $rcon,$Tbl,256
+
+	.set	reorder
+	lwl	$rk0,0+$MSB($inp)	# load 128 bits
+	lwl	$rk1,4+$MSB($inp)
+	lwl	$rk2,8+$MSB($inp)
+	lwl	$rk3,12+$MSB($inp)
+	li	$at,128
+	lwr	$rk0,0+$LSB($inp)
+	lwr	$rk1,4+$LSB($inp)
+	lwr	$rk2,8+$LSB($inp)
+	lwr	$rk3,12+$LSB($inp)
+	.set	noreorder
+	beq	$bits,$at,.L128bits
+	li	$cnt,10
+
+	.set	reorder
+	lwl	$rk4,16+$MSB($inp)	# load 192 bits
+	lwl	$rk5,20+$MSB($inp)
+	li	$at,192
+	lwr	$rk4,16+$LSB($inp)
+	lwr	$rk5,20+$LSB($inp)
+	.set	noreorder
+	beq	$bits,$at,.L192bits
+	li	$cnt,8
+
+	.set	reorder
+	lwl	$rk6,24+$MSB($inp)	# load 256 bits
+	lwl	$rk7,28+$MSB($inp)
+	li	$at,256
+	lwr	$rk6,24+$LSB($inp)
+	lwr	$rk7,28+$LSB($inp)
+	.set	noreorder
+	beq	$bits,$at,.L256bits
+	li	$cnt,7
+
+	b	.Lekey_done
+	li	$t0,-2
+
+.align	4
+.L128bits:
+	.set	reorder
+	srl	$i0,$rk3,16
+	srl	$i1,$rk3,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk3,0xff
+	srl	$i3,$rk3,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	sub	$cnt,1
+	$PTR_ADD $key,16
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+
+	.set	noreorder
+	bnez	$cnt,.L128bits
+	$PTR_ADD $rcon,4
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	li	$cnt,10
+	sw	$rk3,12($key)
+	li	$t0,0
+	sw	$cnt,80($key)
+	b	.Lekey_done
+	$PTR_SUB $key,10*16
+
+.align	4
+.L192bits:
+	.set	reorder
+	srl	$i0,$rk5,16
+	srl	$i1,$rk5,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk5,0xff
+	srl	$i3,$rk5,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	sw	$rk4,16($key)
+	sw	$rk5,20($key)
+	sub	$cnt,1
+	$PTR_ADD $key,24
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+	xor	$rk4,$rk3
+	xor	$rk5,$rk4
+
+	.set	noreorder
+	bnez	$cnt,.L192bits
+	$PTR_ADD $rcon,4
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	li	$cnt,12
+	sw	$rk3,12($key)
+	li	$t0,0
+	sw	$cnt,48($key)
+	b	.Lekey_done
+	$PTR_SUB $key,12*16
+
+.align	4
+.L256bits:
+	.set	reorder
+	srl	$i0,$rk7,16
+	srl	$i1,$rk7,8
+	and	$i0,0xff
+	and	$i1,0xff
+	and	$i2,$rk7,0xff
+	srl	$i3,$rk7,24
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+
+	sw	$rk0,0($key)
+	sw	$rk1,4($key)
+	sw	$rk2,8($key)
+	sw	$rk3,12($key)
+	sw	$rk4,16($key)
+	sw	$rk5,20($key)
+	sw	$rk6,24($key)
+	sw	$rk7,28($key)
+	sub	$cnt,1
+
+	_bias	$i0,24
+	_bias	$i1,16
+	_bias	$i2,8
+	_bias	$i3,0
+
+	xor	$rk0,$i0
+	lw	$i0,0($rcon)
+	xor	$rk0,$i1
+	xor	$rk0,$i2
+	xor	$rk0,$i3
+	xor	$rk0,$i0
+
+	xor	$rk1,$rk0
+	xor	$rk2,$rk1
+	xor	$rk3,$rk2
+	beqz	$cnt,.L256bits_done
+
+	srl	$i0,$rk3,24
+	srl	$i1,$rk3,16
+	srl	$i2,$rk3,8
+	and	$i3,$rk3,0xff
+	and	$i1,0xff
+	and	$i2,0xff
+	$PTR_ADD $i0,$Tbl
+	$PTR_ADD $i1,$Tbl
+	$PTR_ADD $i2,$Tbl
+	$PTR_ADD $i3,$Tbl
+	lbu	$i0,0($i0)
+	lbu	$i1,0($i1)
+	lbu	$i2,0($i2)
+	lbu	$i3,0($i3)
+	sll	$i0,24
+	sll	$i1,16
+	sll	$i2,8
+
+	xor	$rk4,$i0
+	xor	$rk4,$i1
+	xor	$rk4,$i2
+	xor	$rk4,$i3
+
+	xor	$rk5,$rk4
+	xor	$rk6,$rk5
+	xor	$rk7,$rk6
+
+	$PTR_ADD $key,32
+	.set	noreorder
+	b	.L256bits
+	$PTR_ADD $rcon,4
+
+.L256bits_done:
+	sw	$rk0,32($key)
+	sw	$rk1,36($key)
+	sw	$rk2,40($key)
+	li	$cnt,14
+	sw	$rk3,44($key)
+	li	$t0,0
+	sw	$cnt,48($key)
+	$PTR_SUB $key,12*16
+
+.Lekey_done:
+	jr	$ra
+	nop
+.end	_mips_AES_set_encrypt_key
+
+.globl	AES_set_encrypt_key
+.ent	AES_set_encrypt_key
+AES_set_encrypt_key:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_set_encrypt_key
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te4		# PIC-ified 'load address'
+
+	bal	_mips_AES_set_encrypt_key
+
+	.set	noreorder
+	move	$a0,$t0
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_set_encrypt_key
+___
+
+my ($head,$tail)=($inp,$bits);
+my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
+my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
+$code.=<<___;
+.align	5
+.globl	AES_set_decrypt_key
+.ent	AES_set_decrypt_key
+AES_set_decrypt_key:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Tbl
+	.cpsetup	$pf,$zero,AES_set_decrypt_key
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Tbl,AES_Te4		# PIC-ified 'load address'
+
+	bal	_mips_AES_set_encrypt_key
+
+	bltz	$t0,.Ldkey_done
+
+	sll	$at,$cnt,4
+	$PTR_ADD $head,$key,0
+	$PTR_ADD $tail,$key,$at
+.align	4
+.Lswap:
+	lw	$rk0,0($head)
+	lw	$rk1,4($head)
+	lw	$rk2,8($head)
+	lw	$rk3,12($head)
+	lw	$rk4,0($tail)
+	lw	$rk5,4($tail)
+	lw	$rk6,8($tail)
+	lw	$rk7,12($tail)
+	sw	$rk0,0($tail)
+	sw	$rk1,4($tail)
+	sw	$rk2,8($tail)
+	sw	$rk3,12($tail)
+	$PTR_ADD $head,16
+	$PTR_SUB $tail,16
+	sw	$rk4,-16($head)
+	sw	$rk5,-12($head)
+	sw	$rk6,-8($head)
+	sw	$rk7,-4($head)
+	bne	$head,$tail,.Lswap
+
+	lw	$tp1,16($key)		# modulo-scheduled
+	lui	$x80808080,0x8080
+	sub	$cnt,1
+	or	$x80808080,0x8080
+	sll	$cnt,2
+	$PTR_ADD $key,16
+	lui	$x1b1b1b1b,0x1b1b
+	nor	$x7f7f7f7f,$zero,$x80808080
+	or	$x1b1b1b1b,0x1b1b
+.align	4
+.Lmix:
+	and	$m,$tp1,$x80808080
+	and	$tp2,$tp1,$x7f7f7f7f
+	srl	$tp4,$m,7
+	addu	$tp2,$tp2		# tp2<<1
+	subu	$m,$tp4
+	and	$m,$x1b1b1b1b
+	xor	$tp2,$m
+
+	and	$m,$tp2,$x80808080
+	and	$tp4,$tp2,$x7f7f7f7f
+	srl	$tp8,$m,7
+	addu	$tp4,$tp4		# tp4<<1
+	subu	$m,$tp8
+	and	$m,$x1b1b1b1b
+	xor	$tp4,$m
+
+	and	$m,$tp4,$x80808080
+	and	$tp8,$tp4,$x7f7f7f7f
+	srl	$tp9,$m,7
+	addu	$tp8,$tp8		# tp8<<1
+	subu	$m,$tp9
+	and	$m,$x1b1b1b1b
+	xor	$tp8,$m
+
+	xor	$tp9,$tp8,$tp1
+	xor	$tpe,$tp8,$tp4
+	xor	$tpb,$tp9,$tp2
+	xor	$tpd,$tp9,$tp4
+
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	rotr	$tp1,$tpd,16
+	 xor	$tpe,$tp2
+	rotr	$tp2,$tp9,8
+	xor	$tpe,$tp1
+	rotr	$tp4,$tpb,24
+	xor	$tpe,$tp2
+	lw	$tp1,4($key)		# modulo-scheduled
+	xor	$tpe,$tp4
+#else
+	_ror	$tp1,$tpd,16
+	 xor	$tpe,$tp2
+	_ror	$tp2,$tpd,-16
+	xor	$tpe,$tp1
+	_ror	$tp1,$tp9,8
+	xor	$tpe,$tp2
+	_ror	$tp2,$tp9,-24
+	xor	$tpe,$tp1
+	_ror	$tp1,$tpb,24
+	xor	$tpe,$tp2
+	_ror	$tp2,$tpb,-8
+	xor	$tpe,$tp1
+	lw	$tp1,4($key)		# modulo-scheduled
+	xor	$tpe,$tp2
+#endif
+	sub	$cnt,1
+	sw	$tpe,0($key)
+	$PTR_ADD $key,4
+	bnez	$cnt,.Lmix
+
+	li	$t0,0
+.Ldkey_done:
+	.set	noreorder
+	move	$a0,$t0
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	AES_set_decrypt_key
+___
+}}}
+
+######################################################################
+# Tables are kept in endian-neutral manner
+$code.=<<___;
+.rdata
+.align	10
+AES_Te:
+.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84	# Te0
+.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
+.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
+.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
+.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
+.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
+.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
+.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
+.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
+.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
+.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
+.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
+.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
+.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
+.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
+.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
+.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
+.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
+.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
+.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
+.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
+.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
+.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
+.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
+.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
+.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
+.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
+.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
+.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
+.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
+.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
+.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
+.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
+.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
+.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
+.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
+.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
+.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
+.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
+.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
+.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
+.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
+.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
+.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
+.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
+.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
+.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
+.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
+.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
+.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
+.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
+.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
+.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
+.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
+.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
+.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
+.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
+.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
+.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
+.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
+.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
+.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
+.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
+.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
+.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
+.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
+.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
+.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
+.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
+.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
+.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
+.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
+.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
+.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
+.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
+.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
+.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
+.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
+.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
+.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
+.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
+.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
+.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
+.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
+.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
+.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
+.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
+.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
+.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
+.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
+.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
+.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
+.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
+.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
+.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
+.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
+.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
+.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
+.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
+.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
+.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
+.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
+.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
+.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
+.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
+.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
+.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
+.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
+.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
+.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
+.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
+.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
+.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
+.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
+.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
+.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
+.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
+.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
+.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
+.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
+.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
+.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
+.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
+.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
+.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
+.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
+.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
+.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
+
+AES_Td:
+.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53	# Td0
+.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
+.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
+.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
+.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
+.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
+.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
+.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
+.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
+.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
+.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
+.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
+.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
+.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
+.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
+.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
+.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
+.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
+.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
+.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
+.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
+.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
+.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
+.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
+.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
+.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
+.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
+.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
+.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
+.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
+.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
+.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
+.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
+.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
+.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
+.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
+.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
+.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
+.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
+.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
+.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
+.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
+.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
+.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
+.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
+.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
+.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
+.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
+.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
+.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
+.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
+.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
+.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
+.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
+.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
+.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
+.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
+.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
+.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
+.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
+.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
+.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
+.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
+.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
+.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
+.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
+.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
+.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
+.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
+.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
+.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
+.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
+.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
+.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
+.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
+.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
+.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
+.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
+.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
+.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
+.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
+.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
+.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
+.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
+.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
+.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
+.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
+.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
+.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
+.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
+.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
+.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
+.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
+.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
+.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
+.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
+.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
+.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
+.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
+.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
+.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
+.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
+.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
+.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
+.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
+.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
+.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
+.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
+.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
+.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
+.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
+.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
+.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
+.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
+.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
+.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
+.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
+.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
+.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
+.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
+.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
+.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
+.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
+.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
+.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
+.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
+.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
+.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
+
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38	# Td4
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+
+AES_Te4:
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5	# Te4
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+
+.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00	# rcon
+.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
+.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
+.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
+.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# made-up _instructions, _xtr, _ins, _ror and _bias, cope
+	# with byte order dependencies...
+	if (/^\s+_/) {
+	    s/(_[a-z]+\s+)(\$[0-9]+),([^,]+)(#.*)*$/$1$2,$2,$3/;
+
+	    s/_xtr\s+(\$[0-9]+),(\$[0-9]+),([0-9]+(\-2)*)/
+		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ins\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ins2\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("ins\t$1,$2,%d,8",$big_endian ?	eval($3)
+					:		eval("24-$3"))/e or
+	    s/_ror\s+(\$[0-9]+),(\$[0-9]+),(\-?[0-9]+)/
+		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("$3*-1"))/e or
+	    s/_bias\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
+		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
+					:		eval("($3-16)&31"))/e;
+
+	    s/srl\s+(\$[0-9]+),(\$[0-9]+),\-([0-9]+)/
+		sprintf("sll\t$1,$2,$3")/e				or
+	    s/srl\s+(\$[0-9]+),(\$[0-9]+),0/
+		sprintf("and\t$1,$2,0xff")/e				or
+	    s/(sll\s+\$[0-9]+,\$[0-9]+,0)/#$1/;
+	}
+
+	# convert lwl/lwr and swr/swl to little-endian order
+	if (!$big_endian && /^\s+[sl]w[lr]\s+/) {
+	    s/([sl]wl.*)([0-9]+)\((\$[0-9]+)\)/
+		sprintf("$1%d($3)",eval("$2-$2%4+($2%4-1)&3"))/e	or
+	    s/([sl]wr.*)([0-9]+)\((\$[0-9]+)\)/
+		sprintf("$1%d($3)",eval("$2-$2%4+($2%4+1)&3"))/e;
+	}
+
+	if (!$big_endian) {
+	    s/(rotr\s+\$[0-9]+,\$[0-9]+),([0-9]+)/sprintf("$1,%d",32-$2)/e;
+	    s/(ext\s+\$[0-9]+,\$[0-9]+),([0-9]+),8/sprintf("$1,%d,8",24-$2)/e;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-parisc.pl b/openssl-1.1.0h/crypto/aes/asm/aes-parisc.pl
new file mode 100644
index 0000000..2c785bc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-parisc.pl
@@ -0,0 +1,1029 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for PA-RISC.
+#
+# June 2009.
+#
+# The module is mechanical transliteration of aes-sparcv9.pl, but with
+# a twist: S-boxes are compressed even further down to 1K+256B. On
+# PA-7100LC performance is ~40% better than gcc 3.2 generated code and
+# is about 33 cycles per byte processed with 128-bit key. Newer CPUs
+# perform at 16 cycles per byte. It's not faster than code generated
+# by vendor compiler, but recall that it has compressed S-boxes, which
+# requires extra processing.
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
+				#                 [+ argument transfer]
+$inp="%r26";	# arg0
+$out="%r25";	# arg1
+$key="%r24";	# arg2
+
+($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4");
+($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8");
+
+($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7,
+ $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) =
+("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16",
+"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26");
+
+$tbl="%r28";
+$rounds="%r29";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	64
+AES_encrypt
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	blr	%r0,$tbl
+	ldi	3,$t0
+L\$enc_pic
+	andcm	$tbl,$t0,$tbl
+	ldo	L\$AES_Te-L\$enc_pic($tbl),$tbl
+
+	and	$inp,$t0,$t0
+	sub	$inp,$t0,$inp
+	ldw	0($inp),$s0
+	ldw	4($inp),$s1
+	ldw	8($inp),$s2
+	comib,=	0,$t0,L\$enc_inp_aligned
+	ldw	12($inp),$s3
+
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11
+	ldw	16($inp),$t1
+	vshd	$s0,$s1,$s0
+	vshd	$s1,$s2,$s1
+	vshd	$s2,$s3,$s2
+	vshd	$s3,$t1,$s3
+
+L\$enc_inp_aligned
+	bl	_parisc_AES_encrypt,%r31
+	nop
+
+	extru,<> $out,31,2,%r0
+	b	L\$enc_out_aligned
+	nop
+
+	_srm	$s0,24,$acc0
+	_srm	$s0,16,$acc1
+	stb	$acc0,0($out)
+	_srm	$s0,8,$acc2
+	stb	$acc1,1($out)
+	_srm	$s1,24,$acc4
+	stb	$acc2,2($out)
+	_srm	$s1,16,$acc5
+	stb	$s0,3($out)
+	_srm	$s1,8,$acc6
+	stb	$acc4,4($out)
+	_srm	$s2,24,$acc0
+	stb	$acc5,5($out)
+	_srm	$s2,16,$acc1
+	stb	$acc6,6($out)
+	_srm	$s2,8,$acc2
+	stb	$s1,7($out)
+	_srm	$s3,24,$acc4
+	stb	$acc0,8($out)
+	_srm	$s3,16,$acc5
+	stb	$acc1,9($out)
+	_srm	$s3,8,$acc6
+	stb	$acc2,10($out)
+	stb	$s2,11($out)
+	stb	$acc4,12($out)
+	stb	$acc5,13($out)
+	stb	$acc6,14($out)
+	b	L\$enc_done
+	stb	$s3,15($out)
+
+L\$enc_out_aligned
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+
+L\$enc_done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	16
+_parisc_AES_encrypt
+	.PROC
+	.CALLINFO	MILLICODE
+	.ENTRY
+	ldw	240($key),$rounds
+	ldw	0($key),$t0
+	ldw	4($key),$t1
+	ldw	8($key),$t2
+	_srm	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ldw	12($key),$t3
+	_srm	$s0,24,$acc0
+	xor	$t1,$s1,$s1
+	ldw	16($key),$t0
+	_srm	$s1,16,$acc1
+	xor	$t2,$s2,$s2
+	ldw	20($key),$t1
+	xor	$t3,$s3,$s3
+	ldw	24($key),$t2
+	ldw	28($key),$t3
+L\$enc_loop
+	_srm	$s2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$s3,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$s1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$s2,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$s3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$s0,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$s2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$s3,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$s0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$s1,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$s3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$s0,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$s1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$s2,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+	ldwx,s	$acc14($tbl),$acc14
+	ldwx,s	$acc15($tbl),$acc15
+	addib,= -1,$rounds,L\$enc_last
+	ldo	32($key),$key
+
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	_srm	$t1,16,$acc1
+		xor	$acc15,$t3,$t3
+
+	_srm	$t2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$t3,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$t1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$t2,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$t3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$t0,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$t2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$t3,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$t0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$t1,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$t3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$t0,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$t1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$t2,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+		_ror	$acc1,8,$acc1
+	ldwx,s	$acc14($tbl),$acc14
+
+		_ror	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldwx,s	$acc15($tbl),$acc15
+		_ror	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ldw	16($key),$t0
+		_ror	$acc5,8,$acc5
+		xor	$acc2,$s0,$s0
+	ldw	20($key),$t1
+		_ror	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ldw	24($key),$t2
+		_ror	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ldw	28($key),$t3
+		_ror	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldw	1024+0($tbl),%r0		; prefetch te4
+		_ror	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldw	1024+32($tbl),%r0		; prefetch te4
+		_ror	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldw	1024+64($tbl),%r0		; prefetch te4
+		_ror	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldw	1024+96($tbl),%r0		; prefetch te4
+		_ror	$acc14,16,$acc14
+		xor	$acc9,$s2,$s2
+	ldw	1024+128($tbl),%r0		; prefetch te4
+		_ror	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldw	1024+160($tbl),%r0		; prefetch te4
+	_srm	$s0,24,$acc0
+		xor	$acc11,$s2,$s2
+	ldw	1024+192($tbl),%r0		; prefetch te4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldw	1024+224($tbl),%r0		; prefetch te4
+	_srm	$s1,16,$acc1
+		xor	$acc14,$s3,$s3
+	b	L\$enc_loop
+		xor	$acc15,$s3,$s3
+
+	.ALIGN	16
+L\$enc_last
+	ldo	1024($tbl),$rounds
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	_srm	$t1,16,$acc1
+		xor	$acc15,$t3,$t3
+
+	_srm	$t2,8,$acc2
+	ldbx	$acc0($rounds),$acc0
+	_srm	$t1,24,$acc4
+	ldbx	$acc1($rounds),$acc1
+	_srm	$t2,16,$acc5
+	_srm	$t3,0,$acc3
+	ldbx	$acc2($rounds),$acc2
+	ldbx	$acc3($rounds),$acc3
+	_srm	$t3,8,$acc6
+	ldbx	$acc4($rounds),$acc4
+	_srm	$t2,24,$acc8
+	ldbx	$acc5($rounds),$acc5
+	_srm	$t3,16,$acc9
+	_srm	$t0,0,$acc7
+	ldbx	$acc6($rounds),$acc6
+	ldbx	$acc7($rounds),$acc7
+	_srm	$t0,8,$acc10
+	ldbx	$acc8($rounds),$acc8
+	_srm	$t3,24,$acc12
+	ldbx	$acc9($rounds),$acc9
+	_srm	$t0,16,$acc13
+	_srm	$t1,0,$acc11
+	ldbx	$acc10($rounds),$acc10
+	_srm	$t1,8,$acc14
+	ldbx	$acc11($rounds),$acc11
+	ldbx	$acc12($rounds),$acc12
+	ldbx	$acc13($rounds),$acc13
+	_srm	$t2,0,$acc15
+	ldbx	$acc14($rounds),$acc14
+
+		dep	$acc0,7,8,$acc3
+	ldbx	$acc15($rounds),$acc15
+		dep	$acc4,7,8,$acc7
+		dep	$acc1,15,8,$acc3
+		dep	$acc5,15,8,$acc7
+		dep	$acc2,23,8,$acc3
+		dep	$acc6,23,8,$acc7
+		xor	$acc3,$s0,$s0
+		xor	$acc7,$s1,$s1
+		dep	$acc8,7,8,$acc11
+		dep	$acc12,7,8,$acc15
+		dep	$acc9,15,8,$acc11
+		dep	$acc13,15,8,$acc15
+		dep	$acc10,23,8,$acc11
+		dep	$acc14,23,8,$acc15
+		xor	$acc11,$s2,$s2
+
+	bv	(%r31)
+	.EXIT
+		xor	$acc15,$s3,$s3
+	.PROCEND
+
+	.ALIGN	64
+L\$AES_Te
+	.WORD	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+	.WORD	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+	.WORD	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+	.WORD	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+	.WORD	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+	.WORD	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+	.WORD	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+	.WORD	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+	.WORD	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+	.WORD	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+	.WORD	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+	.WORD	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+	.WORD	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+	.WORD	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+	.WORD	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+	.WORD	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+	.WORD	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+	.WORD	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+	.WORD	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+	.WORD	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+	.WORD	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+	.WORD	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+	.WORD	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+	.WORD	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+	.WORD	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+	.WORD	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+	.WORD	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+	.WORD	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+	.WORD	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+	.WORD	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+	.WORD	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+	.WORD	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+	.WORD	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+	.WORD	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+	.WORD	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+	.WORD	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+	.WORD	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+	.WORD	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+	.WORD	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+	.WORD	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+	.WORD	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+	.WORD	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+	.WORD	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+	.WORD	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+	.WORD	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+	.WORD	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+	.WORD	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+	.WORD	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+	.WORD	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+	.WORD	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+	.WORD	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+	.WORD	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+	.WORD	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+	.WORD	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+	.WORD	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+	.WORD	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+	.WORD	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+	.WORD	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+	.WORD	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+	.WORD	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+	.WORD	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+	.WORD	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+	.WORD	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+	.WORD	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+	.BYTE	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.BYTE	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.BYTE	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.BYTE	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.BYTE	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.BYTE	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.BYTE	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.BYTE	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.BYTE	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.BYTE	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.BYTE	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.BYTE	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.BYTE	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.BYTE	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.BYTE	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.BYTE	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.BYTE	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.BYTE	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.BYTE	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.BYTE	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.BYTE	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.BYTE	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.BYTE	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.BYTE	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.BYTE	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.BYTE	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.BYTE	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.BYTE	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.BYTE	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.BYTE	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.BYTE	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.BYTE	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+
+$code.=<<___;
+	.EXPORT	AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	16
+AES_decrypt
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	blr	%r0,$tbl
+	ldi	3,$t0
+L\$dec_pic
+	andcm	$tbl,$t0,$tbl
+	ldo	L\$AES_Td-L\$dec_pic($tbl),$tbl
+
+	and	$inp,$t0,$t0
+	sub	$inp,$t0,$inp
+	ldw	0($inp),$s0
+	ldw	4($inp),$s1
+	ldw	8($inp),$s2
+	comib,=	0,$t0,L\$dec_inp_aligned
+	ldw	12($inp),$s3
+
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11
+	ldw	16($inp),$t1
+	vshd	$s0,$s1,$s0
+	vshd	$s1,$s2,$s1
+	vshd	$s2,$s3,$s2
+	vshd	$s3,$t1,$s3
+
+L\$dec_inp_aligned
+	bl	_parisc_AES_decrypt,%r31
+	nop
+
+	extru,<> $out,31,2,%r0
+	b	L\$dec_out_aligned
+	nop
+
+	_srm	$s0,24,$acc0
+	_srm	$s0,16,$acc1
+	stb	$acc0,0($out)
+	_srm	$s0,8,$acc2
+	stb	$acc1,1($out)
+	_srm	$s1,24,$acc4
+	stb	$acc2,2($out)
+	_srm	$s1,16,$acc5
+	stb	$s0,3($out)
+	_srm	$s1,8,$acc6
+	stb	$acc4,4($out)
+	_srm	$s2,24,$acc0
+	stb	$acc5,5($out)
+	_srm	$s2,16,$acc1
+	stb	$acc6,6($out)
+	_srm	$s2,8,$acc2
+	stb	$s1,7($out)
+	_srm	$s3,24,$acc4
+	stb	$acc0,8($out)
+	_srm	$s3,16,$acc5
+	stb	$acc1,9($out)
+	_srm	$s3,8,$acc6
+	stb	$acc2,10($out)
+	stb	$s2,11($out)
+	stb	$acc4,12($out)
+	stb	$acc5,13($out)
+	stb	$acc6,14($out)
+	b	L\$dec_done
+	stb	$s3,15($out)
+
+L\$dec_out_aligned
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+
+L\$dec_done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	16
+_parisc_AES_decrypt
+	.PROC
+	.CALLINFO	MILLICODE
+	.ENTRY
+	ldw	240($key),$rounds
+	ldw	0($key),$t0
+	ldw	4($key),$t1
+	ldw	8($key),$t2
+	ldw	12($key),$t3
+	_srm	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ldw	16($key),$t0
+	xor	$t1,$s1,$s1
+	ldw	20($key),$t1
+	_srm	$s0,24,$acc0
+	xor	$t2,$s2,$s2
+	ldw	24($key),$t2
+	xor	$t3,$s3,$s3
+	ldw	28($key),$t3
+	_srm	$s3,16,$acc1
+L\$dec_loop
+	_srm	$s2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$s1,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$s1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$s0,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$s3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$s2,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$s2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$s1,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$s0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$s3,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$s3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$s2,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$s1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$s0,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+	ldwx,s	$acc14($tbl),$acc14
+	ldwx,s	$acc15($tbl),$acc15
+	addib,= -1,$rounds,L\$dec_last
+	ldo	32($key),$key
+
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	_srm	$t3,16,$acc1
+
+	_srm	$t2,8,$acc2
+	ldwx,s	$acc0($tbl),$acc0
+	_srm	$t1,0,$acc3
+	ldwx,s	$acc1($tbl),$acc1
+	_srm	$t1,24,$acc4
+	ldwx,s	$acc2($tbl),$acc2
+	_srm	$t0,16,$acc5
+	ldwx,s	$acc3($tbl),$acc3
+	_srm	$t3,8,$acc6
+	ldwx,s	$acc4($tbl),$acc4
+	_srm	$t2,0,$acc7
+	ldwx,s	$acc5($tbl),$acc5
+	_srm	$t2,24,$acc8
+	ldwx,s	$acc6($tbl),$acc6
+	_srm	$t1,16,$acc9
+	ldwx,s	$acc7($tbl),$acc7
+	_srm	$t0,8,$acc10
+	ldwx,s	$acc8($tbl),$acc8
+	_srm	$t3,0,$acc11
+	ldwx,s	$acc9($tbl),$acc9
+	_srm	$t3,24,$acc12
+	ldwx,s	$acc10($tbl),$acc10
+	_srm	$t2,16,$acc13
+	ldwx,s	$acc11($tbl),$acc11
+	_srm	$t1,8,$acc14
+	ldwx,s	$acc12($tbl),$acc12
+	_srm	$t0,0,$acc15
+	ldwx,s	$acc13($tbl),$acc13
+		_ror	$acc1,8,$acc1
+	ldwx,s	$acc14($tbl),$acc14
+
+		_ror	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldwx,s	$acc15($tbl),$acc15
+		_ror	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ldw	16($key),$t0
+		_ror	$acc5,8,$acc5
+		xor	$acc2,$s0,$s0
+	ldw	20($key),$t1
+		_ror	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ldw	24($key),$t2
+		_ror	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ldw	28($key),$t3
+		_ror	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldw	1024+0($tbl),%r0		; prefetch td4
+		_ror	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldw	1024+32($tbl),%r0		; prefetch td4
+		_ror	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldw	1024+64($tbl),%r0		; prefetch td4
+		_ror	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldw	1024+96($tbl),%r0		; prefetch td4
+		_ror	$acc14,16,$acc14
+		xor	$acc9,$s2,$s2
+	ldw	1024+128($tbl),%r0		; prefetch td4
+		_ror	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldw	1024+160($tbl),%r0		; prefetch td4
+	_srm	$s0,24,$acc0
+		xor	$acc11,$s2,$s2
+	ldw	1024+192($tbl),%r0		; prefetch td4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldw	1024+224($tbl),%r0		; prefetch td4
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	b	L\$dec_loop
+	_srm	$s3,16,$acc1
+
+	.ALIGN	16
+L\$dec_last
+	ldo	1024($tbl),$rounds
+		_ror	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ldw	0($key),$s0
+		_ror	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ldw	4($key),$s1
+		_ror	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ldw	8($key),$s2
+		_ror	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ldw	12($key),$s3
+		_ror	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		_ror	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		_ror	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		_ror	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		_ror	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		_ror	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		_ror	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		_ror	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	_srm	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	_srm	$t3,16,$acc1
+
+	_srm	$t2,8,$acc2
+	ldbx	$acc0($rounds),$acc0
+	_srm	$t1,24,$acc4
+	ldbx	$acc1($rounds),$acc1
+	_srm	$t0,16,$acc5
+	_srm	$t1,0,$acc3
+	ldbx	$acc2($rounds),$acc2
+	ldbx	$acc3($rounds),$acc3
+	_srm	$t3,8,$acc6
+	ldbx	$acc4($rounds),$acc4
+	_srm	$t2,24,$acc8
+	ldbx	$acc5($rounds),$acc5
+	_srm	$t1,16,$acc9
+	_srm	$t2,0,$acc7
+	ldbx	$acc6($rounds),$acc6
+	ldbx	$acc7($rounds),$acc7
+	_srm	$t0,8,$acc10
+	ldbx	$acc8($rounds),$acc8
+	_srm	$t3,24,$acc12
+	ldbx	$acc9($rounds),$acc9
+	_srm	$t2,16,$acc13
+	_srm	$t3,0,$acc11
+	ldbx	$acc10($rounds),$acc10
+	_srm	$t1,8,$acc14
+	ldbx	$acc11($rounds),$acc11
+	ldbx	$acc12($rounds),$acc12
+	ldbx	$acc13($rounds),$acc13
+	_srm	$t0,0,$acc15
+	ldbx	$acc14($rounds),$acc14
+
+		dep	$acc0,7,8,$acc3
+	ldbx	$acc15($rounds),$acc15
+		dep	$acc4,7,8,$acc7
+		dep	$acc1,15,8,$acc3
+		dep	$acc5,15,8,$acc7
+		dep	$acc2,23,8,$acc3
+		dep	$acc6,23,8,$acc7
+		xor	$acc3,$s0,$s0
+		xor	$acc7,$s1,$s1
+		dep	$acc8,7,8,$acc11
+		dep	$acc12,7,8,$acc15
+		dep	$acc9,15,8,$acc11
+		dep	$acc13,15,8,$acc15
+		dep	$acc10,23,8,$acc11
+		dep	$acc14,23,8,$acc15
+		xor	$acc11,$s2,$s2
+
+	bv	(%r31)
+	.EXIT
+		xor	$acc15,$s3,$s3
+	.PROCEND
+
+	.ALIGN	64
+L\$AES_Td
+	.WORD	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+	.WORD	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+	.WORD	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+	.WORD	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+	.WORD	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+	.WORD	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+	.WORD	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+	.WORD	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+	.WORD	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+	.WORD	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+	.WORD	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+	.WORD	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+	.WORD	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+	.WORD	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+	.WORD	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+	.WORD	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+	.WORD	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+	.WORD	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+	.WORD	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+	.WORD	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+	.WORD	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+	.WORD	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+	.WORD	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+	.WORD	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+	.WORD	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+	.WORD	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+	.WORD	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+	.WORD	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+	.WORD	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+	.WORD	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+	.WORD	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+	.WORD	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+	.WORD	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+	.WORD	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+	.WORD	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+	.WORD	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+	.WORD	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+	.WORD	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+	.WORD	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+	.WORD	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+	.WORD	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+	.WORD	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+	.WORD	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+	.WORD	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+	.WORD	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+	.WORD	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+	.WORD	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+	.WORD	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+	.WORD	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+	.WORD	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+	.WORD	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+	.WORD	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+	.WORD	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+	.WORD	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+	.WORD	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+	.WORD	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+	.WORD	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+	.WORD	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+	.WORD	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+	.WORD	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+	.WORD	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+	.WORD	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+	.WORD	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+	.WORD	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+	.BYTE	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.BYTE	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.BYTE	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.BYTE	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.BYTE	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.BYTE	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.BYTE	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.BYTE	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.BYTE	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.BYTE	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.BYTE	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.BYTE	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.BYTE	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.BYTE	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.BYTE	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.BYTE	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.BYTE	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.BYTE	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.BYTE	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.BYTE	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.BYTE	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.BYTE	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.BYTE	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.BYTE	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.BYTE	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.BYTE	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.BYTE	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.BYTE	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.BYTE	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.BYTE	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.BYTE	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.BYTE	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+	.STRINGZ "AES for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# translate made up instructons: _ror, _srm
+	s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/				or
+
+	s/_srm(\s+%r[0-9]+),([0-9]+),/
+		$SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
+		:            sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
+
+	s/,\*/,/			if ($SIZE_T==4);
+	s/\bbv\b(.*\(%r2\))/bve$1/	if ($SIZE_T==8);
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-ppc.pl b/openssl-1.1.0h/crypto/aes/asm/aes-ppc.pl
new file mode 100644
index 0000000..1558d8e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-ppc.pl
@@ -0,0 +1,1459 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Needs more work: key setup, CBC routine...
+#
+# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
+# 128-bit key, which is ~40% better than 64-bit code generated by gcc
+# 4.0. But these are not the ones currently used! Their "compact"
+# counterparts are, for security reason. ppc_AES_encrypt_compact runs
+# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
+# at 1/3 of ppc_AES_decrypt.
+
+# February 2010
+#
+# Rescheduling instructions to favour Power6 pipeline gave 10%
+# performance improvement on the platform in question (and marginal
+# improvement even on others). It should be noted that Power6 fails
+# to process byte in 18 cycles, only in 23, because it fails to issue
+# 4 load instructions in two cycles, only in 3. As result non-compact
+# block subroutines are 25% slower than one would expect. Compact
+# functions scale better, because they have pure computational part,
+# which scales perfectly with clock frequency. To be specific
+# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
+# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=32*$SIZE_T;
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$sp="r1";
+$toc="r2";
+$inp="r3";
+$out="r4";
+$key="r5";
+
+$Tbl0="r3";
+$Tbl1="r6";
+$Tbl2="r7";
+$Tbl3=$out;	# stay away from "r2"; $out is offloaded to stack
+
+$s0="r8";
+$s1="r9";
+$s2="r10";
+$s3="r11";
+
+$t0="r12";
+$t1="r0";	# stay away from "r13";
+$t2="r14";
+$t3="r15";
+
+$acc00="r16";
+$acc01="r17";
+$acc02="r18";
+$acc03="r19";
+
+$acc04="r20";
+$acc05="r21";
+$acc06="r22";
+$acc07="r23";
+
+$acc08="r24";
+$acc09="r25";
+$acc10="r26";
+$acc11="r27";
+
+$acc12="r28";
+$acc13="r29";
+$acc14="r30";
+$acc15="r31";
+
+$mask80=$Tbl2;
+$mask1b=$Tbl3;
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.align	7
+LAES_Te:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl0	;    vvvvv "distance" between . and 1st data entry
+	addi	$Tbl0,$Tbl0,`128-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+LAES_Td:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl0	;    vvvvvvvv "distance" between . and 1st data entry
+	addi	$Tbl0,$Tbl0,`128-64-8+2048+256`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`128-64-9*4`
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+
+
+.globl	.AES_encrypt
+.align	7
+.AES_encrypt:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	$out,`$FRAME-$SIZE_T*19`($sp)
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	andi.	$t0,$inp,3
+	andi.	$t1,$out,3
+	or.	$t0,$t0,$t1
+	bne	Lenc_unaligned
+
+Lenc_unaligned_ok:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$s0,0($inp)
+	lwz	$s1,4($inp)
+	lwz	$s2,8($inp)
+	lwz	$s3,12($inp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$t0,0($inp)
+	lwz	$t1,4($inp)
+	lwz	$t2,8($inp)
+	lwz	$t3,12($inp)
+	rotlwi	$s0,$t0,8
+	rotlwi	$s1,$t1,8
+	rotlwi	$s2,$t2,8
+	rotlwi	$s3,$t3,8
+	rlwimi	$s0,$t0,24,0,7
+	rlwimi	$s1,$t1,24,0,7
+	rlwimi	$s2,$t2,24,0,7
+	rlwimi	$s3,$t3,24,0,7
+	rlwimi	$s0,$t0,24,16,23
+	rlwimi	$s1,$t1,24,16,23
+	rlwimi	$s2,$t2,24,16,23
+	rlwimi	$s3,$t3,24,16,23
+___
+$code.=<<___;
+	bl	LAES_Te
+	bl	Lppc_AES_encrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	rotlwi	$t0,$s0,8
+	rotlwi	$t1,$s1,8
+	rotlwi	$t2,$s2,8
+	rotlwi	$t3,$s3,8
+	rlwimi	$t0,$s0,24,0,7
+	rlwimi	$t1,$s1,24,0,7
+	rlwimi	$t2,$s2,24,0,7
+	rlwimi	$t3,$s3,24,0,7
+	rlwimi	$t0,$s0,24,16,23
+	rlwimi	$t1,$s1,24,16,23
+	rlwimi	$t2,$s2,24,16,23
+	rlwimi	$t3,$s3,24,16,23
+	stw	$t0,0($out)
+	stw	$t1,4($out)
+	stw	$t2,8($out)
+	stw	$t3,12($out)
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+___
+$code.=<<___;
+	b	Lenc_done
+
+Lenc_unaligned:
+	subfic	$t0,$inp,4096
+	subfic	$t1,$out,4096
+	andi.	$t0,$t0,4096-16
+	beq	Lenc_xpage
+	andi.	$t1,$t1,4096-16
+	bne	Lenc_unaligned_ok
+
+Lenc_xpage:
+	lbz	$acc00,0($inp)
+	lbz	$acc01,1($inp)
+	lbz	$acc02,2($inp)
+	lbz	$s0,3($inp)
+	lbz	$acc04,4($inp)
+	lbz	$acc05,5($inp)
+	lbz	$acc06,6($inp)
+	lbz	$s1,7($inp)
+	lbz	$acc08,8($inp)
+	lbz	$acc09,9($inp)
+	lbz	$acc10,10($inp)
+	insrwi	$s0,$acc00,8,0
+	lbz	$s2,11($inp)
+	insrwi	$s1,$acc04,8,0
+	lbz	$acc12,12($inp)
+	insrwi	$s0,$acc01,8,8
+	lbz	$acc13,13($inp)
+	insrwi	$s1,$acc05,8,8
+	lbz	$acc14,14($inp)
+	insrwi	$s0,$acc02,8,16
+	lbz	$s3,15($inp)
+	insrwi	$s1,$acc06,8,16
+	insrwi	$s2,$acc08,8,0
+	insrwi	$s3,$acc12,8,0
+	insrwi	$s2,$acc09,8,8
+	insrwi	$s3,$acc13,8,8
+	insrwi	$s2,$acc10,8,16
+	insrwi	$s3,$acc14,8,16
+
+	bl	LAES_Te
+	bl	Lppc_AES_encrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+
+	extrwi	$acc00,$s0,8,0
+	extrwi	$acc01,$s0,8,8
+	stb	$acc00,0($out)
+	extrwi	$acc02,$s0,8,16
+	stb	$acc01,1($out)
+	stb	$acc02,2($out)
+	extrwi	$acc04,$s1,8,0
+	stb	$s0,3($out)
+	extrwi	$acc05,$s1,8,8
+	stb	$acc04,4($out)
+	extrwi	$acc06,$s1,8,16
+	stb	$acc05,5($out)
+	stb	$acc06,6($out)
+	extrwi	$acc08,$s2,8,0
+	stb	$s1,7($out)
+	extrwi	$acc09,$s2,8,8
+	stb	$acc08,8($out)
+	extrwi	$acc10,$s2,8,16
+	stb	$acc09,9($out)
+	stb	$acc10,10($out)
+	extrwi	$acc12,$s3,8,0
+	stb	$s2,11($out)
+	extrwi	$acc13,$s3,8,8
+	stb	$acc12,12($out)
+	extrwi	$acc14,$s3,8,16
+	stb	$acc13,13($out)
+	stb	$acc14,14($out)
+	stb	$s3,15($out)
+
+Lenc_done:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+
+.align	5
+Lppc_AES_encrypt:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,3
+	lwz	$t0,0($key)
+	addi	$Tbl2,$Tbl0,2
+	lwz	$t1,4($key)
+	addi	$Tbl3,$Tbl0,1
+	lwz	$t2,8($key)
+	addi	$acc00,$acc00,-1
+	lwz	$t3,12($key)
+	addi	$key,$key,16
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	mtctr	$acc00
+.align	4
+Lenc_loop:
+	rlwinm	$acc00,$s0,`32-24+3`,21,28
+	rlwinm	$acc01,$s1,`32-24+3`,21,28
+	rlwinm	$acc02,$s2,`32-24+3`,21,28
+	rlwinm	$acc03,$s3,`32-24+3`,21,28
+	lwz	$t0,0($key)
+	rlwinm	$acc04,$s1,`32-16+3`,21,28
+	lwz	$t1,4($key)
+	rlwinm	$acc05,$s2,`32-16+3`,21,28
+	lwz	$t2,8($key)
+	rlwinm	$acc06,$s3,`32-16+3`,21,28
+	lwz	$t3,12($key)
+	rlwinm	$acc07,$s0,`32-16+3`,21,28
+	lwzx	$acc00,$Tbl0,$acc00
+	rlwinm	$acc08,$s2,`32-8+3`,21,28
+	lwzx	$acc01,$Tbl0,$acc01
+	rlwinm	$acc09,$s3,`32-8+3`,21,28
+	lwzx	$acc02,$Tbl0,$acc02
+	rlwinm	$acc10,$s0,`32-8+3`,21,28
+	lwzx	$acc03,$Tbl0,$acc03
+	rlwinm	$acc11,$s1,`32-8+3`,21,28
+	lwzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s3,`0+3`,21,28
+	lwzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s0,`0+3`,21,28
+	lwzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s1,`0+3`,21,28
+	lwzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s2,`0+3`,21,28
+	lwzx	$acc08,$Tbl2,$acc08
+	xor	$t0,$t0,$acc00
+	lwzx	$acc09,$Tbl2,$acc09
+	xor	$t1,$t1,$acc01
+	lwzx	$acc10,$Tbl2,$acc10
+	xor	$t2,$t2,$acc02
+	lwzx	$acc11,$Tbl2,$acc11
+	xor	$t3,$t3,$acc03
+	lwzx	$acc12,$Tbl3,$acc12
+	xor	$t0,$t0,$acc04
+	lwzx	$acc13,$Tbl3,$acc13
+	xor	$t1,$t1,$acc05
+	lwzx	$acc14,$Tbl3,$acc14
+	xor	$t2,$t2,$acc06
+	lwzx	$acc15,$Tbl3,$acc15
+	xor	$t3,$t3,$acc07
+	xor	$t0,$t0,$acc08
+	xor	$t1,$t1,$acc09
+	xor	$t2,$t2,$acc10
+	xor	$t3,$t3,$acc11
+	xor	$s0,$t0,$acc12
+	xor	$s1,$t1,$acc13
+	xor	$s2,$t2,$acc14
+	xor	$s3,$t3,$acc15
+	addi	$key,$key,16
+	bdnz	Lenc_loop
+
+	addi	$Tbl2,$Tbl0,2048
+	nop
+	lwz	$t0,0($key)
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	lwz	$t1,4($key)
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	lwz	$t2,8($key)
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	lwz	$t3,12($key)
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4
+	rlwinm	$acc04,$s1,`32-16`,24,31
+	lwz	$acc09,`2048+32`($Tbl0)
+	rlwinm	$acc05,$s2,`32-16`,24,31
+	lwz	$acc10,`2048+64`($Tbl0)
+	rlwinm	$acc06,$s3,`32-16`,24,31
+	lwz	$acc11,`2048+96`($Tbl0)
+	rlwinm	$acc07,$s0,`32-16`,24,31
+	lwz	$acc12,`2048+128`($Tbl0)
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lwz	$acc13,`2048+160`($Tbl0)
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lwz	$acc14,`2048+192`($Tbl0)
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lwz	$acc15,`2048+224`($Tbl0)
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc00,$Tbl2,$acc00
+	rlwinm	$acc12,$s3,`0`,24,31
+	lbzx	$acc01,$Tbl2,$acc01
+	rlwinm	$acc13,$s0,`0`,24,31
+	lbzx	$acc02,$Tbl2,$acc02
+	rlwinm	$acc14,$s1,`0`,24,31
+	lbzx	$acc03,$Tbl2,$acc03
+	rlwinm	$acc15,$s2,`0`,24,31
+	lbzx	$acc04,$Tbl2,$acc04
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc05,$Tbl2,$acc05
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc06,$Tbl2,$acc06
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc07,$Tbl2,$acc07
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc08,$Tbl2,$acc08
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc09,$Tbl2,$acc09
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc10,$Tbl2,$acc10
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc11,$Tbl2,$acc11
+	rlwimi	$s3,$acc07,16,8,15
+	lbzx	$acc12,$Tbl2,$acc12
+	rlwimi	$s0,$acc08,8,16,23
+	lbzx	$acc13,$Tbl2,$acc13
+	rlwimi	$s1,$acc09,8,16,23
+	lbzx	$acc14,$Tbl2,$acc14
+	rlwimi	$s2,$acc10,8,16,23
+	lbzx	$acc15,$Tbl2,$acc15
+	rlwimi	$s3,$acc11,8,16,23
+	or	$s0,$s0,$acc12
+	or	$s1,$s1,$acc13
+	or	$s2,$s2,$acc14
+	or	$s3,$s3,$acc15
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+Lppc_AES_encrypt_compact:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,2048
+	lwz	$t0,0($key)
+	lis	$mask80,0x8080
+	lwz	$t1,4($key)
+	lis	$mask1b,0x1b1b
+	lwz	$t2,8($key)
+	ori	$mask80,$mask80,0x8080
+	lwz	$t3,12($key)
+	ori	$mask1b,$mask1b,0x1b1b
+	addi	$key,$key,16
+	mtctr	$acc00
+.align	4
+Lenc_compact_loop:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	xor	$s2,$s2,$t2
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	xor	$s3,$s3,$t3
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	rlwinm	$acc04,$s1,`32-16`,24,31
+	rlwinm	$acc05,$s2,`32-16`,24,31
+	rlwinm	$acc06,$s3,`32-16`,24,31
+	rlwinm	$acc07,$s0,`32-16`,24,31
+	lbzx	$acc00,$Tbl1,$acc00
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lbzx	$acc01,$Tbl1,$acc01
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl1,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl1,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s3,`0`,24,31
+	lbzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s0,`0`,24,31
+	lbzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s1,`0`,24,31
+	lbzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s2,`0`,24,31
+	lbzx	$acc08,$Tbl1,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl1,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl1,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl1,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl1,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl1,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl1,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl1,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	lwz	$t0,0($key)
+	or	$s0,$s0,$acc12
+	lwz	$t1,4($key)
+	or	$s1,$s1,$acc13
+	lwz	$t2,8($key)
+	or	$s2,$s2,$acc14
+	lwz	$t3,12($key)
+	or	$s3,$s3,$acc15
+
+	addi	$key,$key,16
+	bdz	Lenc_compact_done
+
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc01,$s1,$mask80
+	and	$acc02,$s2,$mask80
+	and	$acc03,$s3,$mask80
+	srwi	$acc04,$acc00,7		# r1>>7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	srwi	$acc05,$acc01,7
+	andc	$acc09,$s1,$mask80
+	srwi	$acc06,$acc02,7
+	andc	$acc10,$s2,$mask80
+	srwi	$acc07,$acc03,7
+	andc	$acc11,$s3,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc01,$acc01,$acc05
+	sub	$acc02,$acc02,$acc06
+	sub	$acc03,$acc03,$acc07
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc09,$acc09,$acc09
+	add	$acc10,$acc10,$acc10
+	add	$acc11,$acc11,$acc11
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc01,$acc01,$mask1b
+	and	$acc02,$acc02,$mask1b
+	and	$acc03,$acc03,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc01,$acc01,$acc09
+	 rotlwi	$acc12,$s0,16		# ROTATE(r0,16)
+	xor	$acc02,$acc02,$acc10
+	 rotlwi	$acc13,$s1,16
+	xor	$acc03,$acc03,$acc11
+	 rotlwi	$acc14,$s2,16
+
+	xor	$s0,$s0,$acc00		# r0^r2
+	rotlwi	$acc15,$s3,16
+	xor	$s1,$s1,$acc01
+	rotrwi	$s0,$s0,24		# ROTATE(r2^r0,24)
+	xor	$s2,$s2,$acc02
+	rotrwi	$s1,$s1,24
+	xor	$s3,$s3,$acc03
+	rotrwi	$s2,$s2,24
+	xor	$s0,$s0,$acc00		# ROTATE(r2^r0,24)^r2
+	rotrwi	$s3,$s3,24
+	xor	$s1,$s1,$acc01
+	xor	$s2,$s2,$acc02
+	xor	$s3,$s3,$acc03
+	rotlwi	$acc08,$acc12,8		# ROTATE(r0,24)
+	xor	$s0,$s0,$acc12		#
+	rotlwi	$acc09,$acc13,8
+	xor	$s1,$s1,$acc13
+	rotlwi	$acc10,$acc14,8
+	xor	$s2,$s2,$acc14
+	rotlwi	$acc11,$acc15,8
+	xor	$s3,$s3,$acc15
+	xor	$s0,$s0,$acc08		#
+	xor	$s1,$s1,$acc09
+	xor	$s2,$s2,$acc10
+	xor	$s3,$s3,$acc11
+
+	b	Lenc_compact_loop
+.align	4
+Lenc_compact_done:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.AES_encrypt,.-.AES_encrypt
+
+.globl	.AES_decrypt
+.align	7
+.AES_decrypt:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	$out,`$FRAME-$SIZE_T*19`($sp)
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	andi.	$t0,$inp,3
+	andi.	$t1,$out,3
+	or.	$t0,$t0,$t1
+	bne	Ldec_unaligned
+
+Ldec_unaligned_ok:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$s0,0($inp)
+	lwz	$s1,4($inp)
+	lwz	$s2,8($inp)
+	lwz	$s3,12($inp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$t0,0($inp)
+	lwz	$t1,4($inp)
+	lwz	$t2,8($inp)
+	lwz	$t3,12($inp)
+	rotlwi	$s0,$t0,8
+	rotlwi	$s1,$t1,8
+	rotlwi	$s2,$t2,8
+	rotlwi	$s3,$t3,8
+	rlwimi	$s0,$t0,24,0,7
+	rlwimi	$s1,$t1,24,0,7
+	rlwimi	$s2,$t2,24,0,7
+	rlwimi	$s3,$t3,24,0,7
+	rlwimi	$s0,$t0,24,16,23
+	rlwimi	$s1,$t1,24,16,23
+	rlwimi	$s2,$t2,24,16,23
+	rlwimi	$s3,$t3,24,16,23
+___
+$code.=<<___;
+	bl	LAES_Td
+	bl	Lppc_AES_decrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	rotlwi	$t0,$s0,8
+	rotlwi	$t1,$s1,8
+	rotlwi	$t2,$s2,8
+	rotlwi	$t3,$s3,8
+	rlwimi	$t0,$s0,24,0,7
+	rlwimi	$t1,$s1,24,0,7
+	rlwimi	$t2,$s2,24,0,7
+	rlwimi	$t3,$s3,24,0,7
+	rlwimi	$t0,$s0,24,16,23
+	rlwimi	$t1,$s1,24,16,23
+	rlwimi	$t2,$s2,24,16,23
+	rlwimi	$t3,$s3,24,16,23
+	stw	$t0,0($out)
+	stw	$t1,4($out)
+	stw	$t2,8($out)
+	stw	$t3,12($out)
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	stw	$s0,0($out)
+	stw	$s1,4($out)
+	stw	$s2,8($out)
+	stw	$s3,12($out)
+___
+$code.=<<___;
+	b	Ldec_done
+
+Ldec_unaligned:
+	subfic	$t0,$inp,4096
+	subfic	$t1,$out,4096
+	andi.	$t0,$t0,4096-16
+	beq	Ldec_xpage
+	andi.	$t1,$t1,4096-16
+	bne	Ldec_unaligned_ok
+
+Ldec_xpage:
+	lbz	$acc00,0($inp)
+	lbz	$acc01,1($inp)
+	lbz	$acc02,2($inp)
+	lbz	$s0,3($inp)
+	lbz	$acc04,4($inp)
+	lbz	$acc05,5($inp)
+	lbz	$acc06,6($inp)
+	lbz	$s1,7($inp)
+	lbz	$acc08,8($inp)
+	lbz	$acc09,9($inp)
+	lbz	$acc10,10($inp)
+	insrwi	$s0,$acc00,8,0
+	lbz	$s2,11($inp)
+	insrwi	$s1,$acc04,8,0
+	lbz	$acc12,12($inp)
+	insrwi	$s0,$acc01,8,8
+	lbz	$acc13,13($inp)
+	insrwi	$s1,$acc05,8,8
+	lbz	$acc14,14($inp)
+	insrwi	$s0,$acc02,8,16
+	lbz	$s3,15($inp)
+	insrwi	$s1,$acc06,8,16
+	insrwi	$s2,$acc08,8,0
+	insrwi	$s3,$acc12,8,0
+	insrwi	$s2,$acc09,8,8
+	insrwi	$s3,$acc13,8,8
+	insrwi	$s2,$acc10,8,16
+	insrwi	$s3,$acc14,8,16
+
+	bl	LAES_Td
+	bl	Lppc_AES_decrypt_compact
+	$POP	$out,`$FRAME-$SIZE_T*19`($sp)
+
+	extrwi	$acc00,$s0,8,0
+	extrwi	$acc01,$s0,8,8
+	stb	$acc00,0($out)
+	extrwi	$acc02,$s0,8,16
+	stb	$acc01,1($out)
+	stb	$acc02,2($out)
+	extrwi	$acc04,$s1,8,0
+	stb	$s0,3($out)
+	extrwi	$acc05,$s1,8,8
+	stb	$acc04,4($out)
+	extrwi	$acc06,$s1,8,16
+	stb	$acc05,5($out)
+	stb	$acc06,6($out)
+	extrwi	$acc08,$s2,8,0
+	stb	$s1,7($out)
+	extrwi	$acc09,$s2,8,8
+	stb	$acc08,8($out)
+	extrwi	$acc10,$s2,8,16
+	stb	$acc09,9($out)
+	stb	$acc10,10($out)
+	extrwi	$acc12,$s3,8,0
+	stb	$s2,11($out)
+	extrwi	$acc13,$s3,8,8
+	stb	$acc12,12($out)
+	extrwi	$acc14,$s3,8,16
+	stb	$acc13,13($out)
+	stb	$acc14,14($out)
+	stb	$s3,15($out)
+
+Ldec_done:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+
+.align	5
+Lppc_AES_decrypt:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,3
+	lwz	$t0,0($key)
+	addi	$Tbl2,$Tbl0,2
+	lwz	$t1,4($key)
+	addi	$Tbl3,$Tbl0,1
+	lwz	$t2,8($key)
+	addi	$acc00,$acc00,-1
+	lwz	$t3,12($key)
+	addi	$key,$key,16
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	mtctr	$acc00
+.align	4
+Ldec_loop:
+	rlwinm	$acc00,$s0,`32-24+3`,21,28
+	rlwinm	$acc01,$s1,`32-24+3`,21,28
+	rlwinm	$acc02,$s2,`32-24+3`,21,28
+	rlwinm	$acc03,$s3,`32-24+3`,21,28
+	lwz	$t0,0($key)
+	rlwinm	$acc04,$s3,`32-16+3`,21,28
+	lwz	$t1,4($key)
+	rlwinm	$acc05,$s0,`32-16+3`,21,28
+	lwz	$t2,8($key)
+	rlwinm	$acc06,$s1,`32-16+3`,21,28
+	lwz	$t3,12($key)
+	rlwinm	$acc07,$s2,`32-16+3`,21,28
+	lwzx	$acc00,$Tbl0,$acc00
+	rlwinm	$acc08,$s2,`32-8+3`,21,28
+	lwzx	$acc01,$Tbl0,$acc01
+	rlwinm	$acc09,$s3,`32-8+3`,21,28
+	lwzx	$acc02,$Tbl0,$acc02
+	rlwinm	$acc10,$s0,`32-8+3`,21,28
+	lwzx	$acc03,$Tbl0,$acc03
+	rlwinm	$acc11,$s1,`32-8+3`,21,28
+	lwzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s1,`0+3`,21,28
+	lwzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s2,`0+3`,21,28
+	lwzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s3,`0+3`,21,28
+	lwzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s0,`0+3`,21,28
+	lwzx	$acc08,$Tbl2,$acc08
+	xor	$t0,$t0,$acc00
+	lwzx	$acc09,$Tbl2,$acc09
+	xor	$t1,$t1,$acc01
+	lwzx	$acc10,$Tbl2,$acc10
+	xor	$t2,$t2,$acc02
+	lwzx	$acc11,$Tbl2,$acc11
+	xor	$t3,$t3,$acc03
+	lwzx	$acc12,$Tbl3,$acc12
+	xor	$t0,$t0,$acc04
+	lwzx	$acc13,$Tbl3,$acc13
+	xor	$t1,$t1,$acc05
+	lwzx	$acc14,$Tbl3,$acc14
+	xor	$t2,$t2,$acc06
+	lwzx	$acc15,$Tbl3,$acc15
+	xor	$t3,$t3,$acc07
+	xor	$t0,$t0,$acc08
+	xor	$t1,$t1,$acc09
+	xor	$t2,$t2,$acc10
+	xor	$t3,$t3,$acc11
+	xor	$s0,$t0,$acc12
+	xor	$s1,$t1,$acc13
+	xor	$s2,$t2,$acc14
+	xor	$s3,$t3,$acc15
+	addi	$key,$key,16
+	bdnz	Ldec_loop
+
+	addi	$Tbl2,$Tbl0,2048
+	nop
+	lwz	$t0,0($key)
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	lwz	$t1,4($key)
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	lwz	$t2,8($key)
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	lwz	$t3,12($key)
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4
+	rlwinm	$acc04,$s3,`32-16`,24,31
+	lwz	$acc09,`2048+32`($Tbl0)
+	rlwinm	$acc05,$s0,`32-16`,24,31
+	lwz	$acc10,`2048+64`($Tbl0)
+	lbzx	$acc00,$Tbl2,$acc00
+	lwz	$acc11,`2048+96`($Tbl0)
+	lbzx	$acc01,$Tbl2,$acc01
+	lwz	$acc12,`2048+128`($Tbl0)
+	rlwinm	$acc06,$s1,`32-16`,24,31
+	lwz	$acc13,`2048+160`($Tbl0)
+	rlwinm	$acc07,$s2,`32-16`,24,31
+	lwz	$acc14,`2048+192`($Tbl0)
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lwz	$acc15,`2048+224`($Tbl0)
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl2,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl2,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl2,$acc04
+	rlwinm	$acc12,$s1,`0`,24,31
+	lbzx	$acc05,$Tbl2,$acc05
+	rlwinm	$acc13,$s2,`0`,24,31
+	lbzx	$acc06,$Tbl2,$acc06
+	rlwinm	$acc14,$s3,`0`,24,31
+	lbzx	$acc07,$Tbl2,$acc07
+	rlwinm	$acc15,$s0,`0`,24,31
+	lbzx	$acc08,$Tbl2,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl2,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl2,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl2,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl2,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl2,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl2,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl2,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	or	$s0,$s0,$acc12
+	or	$s1,$s1,$acc13
+	or	$s2,$s2,$acc14
+	or	$s3,$s3,$acc15
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+Lppc_AES_decrypt_compact:
+	lwz	$acc00,240($key)
+	addi	$Tbl1,$Tbl0,2048
+	lwz	$t0,0($key)
+	lis	$mask80,0x8080
+	lwz	$t1,4($key)
+	lis	$mask1b,0x1b1b
+	lwz	$t2,8($key)
+	ori	$mask80,$mask80,0x8080
+	lwz	$t3,12($key)
+	ori	$mask1b,$mask1b,0x1b1b
+	addi	$key,$key,16
+___
+$code.=<<___ if ($SIZE_T==8);
+	insrdi	$mask80,$mask80,32,0
+	insrdi	$mask1b,$mask1b,32,0
+___
+$code.=<<___;
+	mtctr	$acc00
+.align	4
+Ldec_compact_loop:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	rlwinm	$acc00,$s0,`32-24`,24,31
+	xor	$s2,$s2,$t2
+	rlwinm	$acc01,$s1,`32-24`,24,31
+	xor	$s3,$s3,$t3
+	rlwinm	$acc02,$s2,`32-24`,24,31
+	rlwinm	$acc03,$s3,`32-24`,24,31
+	rlwinm	$acc04,$s3,`32-16`,24,31
+	rlwinm	$acc05,$s0,`32-16`,24,31
+	rlwinm	$acc06,$s1,`32-16`,24,31
+	rlwinm	$acc07,$s2,`32-16`,24,31
+	lbzx	$acc00,$Tbl1,$acc00
+	rlwinm	$acc08,$s2,`32-8`,24,31
+	lbzx	$acc01,$Tbl1,$acc01
+	rlwinm	$acc09,$s3,`32-8`,24,31
+	lbzx	$acc02,$Tbl1,$acc02
+	rlwinm	$acc10,$s0,`32-8`,24,31
+	lbzx	$acc03,$Tbl1,$acc03
+	rlwinm	$acc11,$s1,`32-8`,24,31
+	lbzx	$acc04,$Tbl1,$acc04
+	rlwinm	$acc12,$s1,`0`,24,31
+	lbzx	$acc05,$Tbl1,$acc05
+	rlwinm	$acc13,$s2,`0`,24,31
+	lbzx	$acc06,$Tbl1,$acc06
+	rlwinm	$acc14,$s3,`0`,24,31
+	lbzx	$acc07,$Tbl1,$acc07
+	rlwinm	$acc15,$s0,`0`,24,31
+	lbzx	$acc08,$Tbl1,$acc08
+	rlwinm	$s0,$acc00,24,0,7
+	lbzx	$acc09,$Tbl1,$acc09
+	rlwinm	$s1,$acc01,24,0,7
+	lbzx	$acc10,$Tbl1,$acc10
+	rlwinm	$s2,$acc02,24,0,7
+	lbzx	$acc11,$Tbl1,$acc11
+	rlwinm	$s3,$acc03,24,0,7
+	lbzx	$acc12,$Tbl1,$acc12
+	rlwimi	$s0,$acc04,16,8,15
+	lbzx	$acc13,$Tbl1,$acc13
+	rlwimi	$s1,$acc05,16,8,15
+	lbzx	$acc14,$Tbl1,$acc14
+	rlwimi	$s2,$acc06,16,8,15
+	lbzx	$acc15,$Tbl1,$acc15
+	rlwimi	$s3,$acc07,16,8,15
+	rlwimi	$s0,$acc08,8,16,23
+	rlwimi	$s1,$acc09,8,16,23
+	rlwimi	$s2,$acc10,8,16,23
+	rlwimi	$s3,$acc11,8,16,23
+	lwz	$t0,0($key)
+	or	$s0,$s0,$acc12
+	lwz	$t1,4($key)
+	or	$s1,$s1,$acc13
+	lwz	$t2,8($key)
+	or	$s2,$s2,$acc14
+	lwz	$t3,12($key)
+	or	$s3,$s3,$acc15
+
+	addi	$key,$key,16
+	bdz	Ldec_compact_done
+___
+$code.=<<___ if ($SIZE_T==8);
+	# vectorized permutation improves decrypt performance by 10%
+	insrdi	$s0,$s1,32,0
+	insrdi	$s2,$s3,32,0
+
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc02,$s2,$mask80
+	srdi	$acc04,$acc00,7		# r1>>7
+	srdi	$acc06,$acc02,7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	andc	$acc10,$s2,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc02,$acc02,$acc06
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc10,$acc10,$acc10
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc02,$acc02,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc02,$acc02,$acc10
+
+	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
+	and	$acc06,$acc02,$mask80
+	srdi	$acc08,$acc04,7		# r1>>7
+	srdi	$acc10,$acc06,7
+	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
+	andc	$acc14,$acc02,$mask80
+	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
+	sub	$acc06,$acc06,$acc10
+	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
+	add	$acc14,$acc14,$acc14
+	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc06,$acc06,$mask1b
+	xor	$acc04,$acc04,$acc12	# r4
+	xor	$acc06,$acc06,$acc14
+
+	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
+	and	$acc10,$acc06,$mask80
+	srdi	$acc12,$acc08,7		# r1>>7
+	srdi	$acc14,$acc10,7
+	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
+	sub	$acc10,$acc10,$acc14
+	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
+	andc	$acc14,$acc06,$mask80
+	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
+	add	$acc14,$acc14,$acc14
+	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc10,$acc10,$mask1b
+	xor	$acc08,$acc08,$acc12	# r8
+	xor	$acc10,$acc10,$acc14
+
+	xor	$acc00,$acc00,$s0	# r2^r0
+	xor	$acc02,$acc02,$s2
+	xor	$acc04,$acc04,$s0	# r4^r0
+	xor	$acc06,$acc06,$s2
+
+	extrdi	$acc01,$acc00,32,0
+	extrdi	$acc03,$acc02,32,0
+	extrdi	$acc05,$acc04,32,0
+	extrdi	$acc07,$acc06,32,0
+	extrdi	$acc09,$acc08,32,0
+	extrdi	$acc11,$acc10,32,0
+___
+$code.=<<___ if ($SIZE_T==4);
+	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
+	and	$acc01,$s1,$mask80
+	and	$acc02,$s2,$mask80
+	and	$acc03,$s3,$mask80
+	srwi	$acc04,$acc00,7		# r1>>7
+	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
+	srwi	$acc05,$acc01,7
+	andc	$acc09,$s1,$mask80
+	srwi	$acc06,$acc02,7
+	andc	$acc10,$s2,$mask80
+	srwi	$acc07,$acc03,7
+	andc	$acc11,$s3,$mask80
+	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
+	sub	$acc01,$acc01,$acc05
+	sub	$acc02,$acc02,$acc06
+	sub	$acc03,$acc03,$acc07
+	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
+	add	$acc09,$acc09,$acc09
+	add	$acc10,$acc10,$acc10
+	add	$acc11,$acc11,$acc11
+	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc01,$acc01,$mask1b
+	and	$acc02,$acc02,$mask1b
+	and	$acc03,$acc03,$mask1b
+	xor	$acc00,$acc00,$acc08	# r2
+	xor	$acc01,$acc01,$acc09
+	xor	$acc02,$acc02,$acc10
+	xor	$acc03,$acc03,$acc11
+
+	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
+	and	$acc05,$acc01,$mask80
+	and	$acc06,$acc02,$mask80
+	and	$acc07,$acc03,$mask80
+	srwi	$acc08,$acc04,7		# r1>>7
+	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
+	srwi	$acc09,$acc05,7
+	andc	$acc13,$acc01,$mask80
+	srwi	$acc10,$acc06,7
+	andc	$acc14,$acc02,$mask80
+	srwi	$acc11,$acc07,7
+	andc	$acc15,$acc03,$mask80
+	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
+	sub	$acc05,$acc05,$acc09
+	sub	$acc06,$acc06,$acc10
+	sub	$acc07,$acc07,$acc11
+	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
+	add	$acc13,$acc13,$acc13
+	add	$acc14,$acc14,$acc14
+	add	$acc15,$acc15,$acc15
+	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc05,$acc05,$mask1b
+	and	$acc06,$acc06,$mask1b
+	and	$acc07,$acc07,$mask1b
+	xor	$acc04,$acc04,$acc12	# r4
+	xor	$acc05,$acc05,$acc13
+	xor	$acc06,$acc06,$acc14
+	xor	$acc07,$acc07,$acc15
+
+	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
+	and	$acc09,$acc05,$mask80
+	srwi	$acc12,$acc08,7		# r1>>7
+	and	$acc10,$acc06,$mask80
+	srwi	$acc13,$acc09,7
+	and	$acc11,$acc07,$mask80
+	srwi	$acc14,$acc10,7
+	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
+	srwi	$acc15,$acc11,7
+	sub	$acc09,$acc09,$acc13
+	sub	$acc10,$acc10,$acc14
+	sub	$acc11,$acc11,$acc15
+	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
+	andc	$acc13,$acc05,$mask80
+	andc	$acc14,$acc06,$mask80
+	andc	$acc15,$acc07,$mask80
+	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
+	add	$acc13,$acc13,$acc13
+	add	$acc14,$acc14,$acc14
+	add	$acc15,$acc15,$acc15
+	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
+	and	$acc09,$acc09,$mask1b
+	and	$acc10,$acc10,$mask1b
+	and	$acc11,$acc11,$mask1b
+	xor	$acc08,$acc08,$acc12	# r8
+	xor	$acc09,$acc09,$acc13
+	xor	$acc10,$acc10,$acc14
+	xor	$acc11,$acc11,$acc15
+
+	xor	$acc00,$acc00,$s0	# r2^r0
+	xor	$acc01,$acc01,$s1
+	xor	$acc02,$acc02,$s2
+	xor	$acc03,$acc03,$s3
+	xor	$acc04,$acc04,$s0	# r4^r0
+	xor	$acc05,$acc05,$s1
+	xor	$acc06,$acc06,$s2
+	xor	$acc07,$acc07,$s3
+___
+$code.=<<___;
+	rotrwi	$s0,$s0,8		# = ROTATE(r0,8)
+	rotrwi	$s1,$s1,8
+	xor	$s0,$s0,$acc00		# ^= r2^r0
+	rotrwi	$s2,$s2,8
+	xor	$s1,$s1,$acc01
+	rotrwi	$s3,$s3,8
+	xor	$s2,$s2,$acc02
+	xor	$s3,$s3,$acc03
+	xor	$acc00,$acc00,$acc08
+	xor	$acc01,$acc01,$acc09
+	xor	$acc02,$acc02,$acc10
+	xor	$acc03,$acc03,$acc11
+	xor	$s0,$s0,$acc04		# ^= r4^r0
+	rotrwi	$acc00,$acc00,24
+	xor	$s1,$s1,$acc05
+	rotrwi	$acc01,$acc01,24
+	xor	$s2,$s2,$acc06
+	rotrwi	$acc02,$acc02,24
+	xor	$s3,$s3,$acc07
+	rotrwi	$acc03,$acc03,24
+	xor	$acc04,$acc04,$acc08
+	xor	$acc05,$acc05,$acc09
+	xor	$acc06,$acc06,$acc10
+	xor	$acc07,$acc07,$acc11
+	xor	$s0,$s0,$acc08		# ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
+	rotrwi	$acc04,$acc04,16
+	xor	$s1,$s1,$acc09
+	rotrwi	$acc05,$acc05,16
+	xor	$s2,$s2,$acc10
+	rotrwi	$acc06,$acc06,16
+	xor	$s3,$s3,$acc11
+	rotrwi	$acc07,$acc07,16
+	xor	$s0,$s0,$acc00		# ^= ROTATE(r8^r2^r0,24)
+	rotrwi	$acc08,$acc08,8
+	xor	$s1,$s1,$acc01
+	rotrwi	$acc09,$acc09,8
+	xor	$s2,$s2,$acc02
+	rotrwi	$acc10,$acc10,8
+	xor	$s3,$s3,$acc03
+	rotrwi	$acc11,$acc11,8
+	xor	$s0,$s0,$acc04		# ^= ROTATE(r8^r4^r0,16)
+	xor	$s1,$s1,$acc05
+	xor	$s2,$s2,$acc06
+	xor	$s3,$s3,$acc07
+	xor	$s0,$s0,$acc08		# ^= ROTATE(r8,8)	
+	xor	$s1,$s1,$acc09	
+	xor	$s2,$s2,$acc10	
+	xor	$s3,$s3,$acc11	
+
+	b	Ldec_compact_loop
+.align	4
+Ldec_compact_done:
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	xor	$s2,$s2,$t2
+	xor	$s3,$s3,$t3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.AES_decrypt,.-.AES_decrypt
+
+.asciz	"AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+.align	7
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-s390x.pl b/openssl-1.1.0h/crypto/aes/asm/aes-s390x.pl
new file mode 100644
index 0000000..fd8a737
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-s390x.pl
@@ -0,0 +1,2226 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for s390x.
+
+# April 2007.
+#
+# Software performance improvement over gcc-generated code is ~70% and
+# in absolute terms is ~73 cycles per byte processed with 128-bit key.
+# You're likely to exclaim "why so slow?" Keep in mind that z-CPUs are
+# *strictly* in-order execution and issued instruction [in this case
+# load value from memory is critical] has to complete before execution
+# flow proceeds. S-boxes are compressed to 2KB[+256B].
+#
+# As for hardware acceleration support. It's basically a "teaser," as
+# it can and should be improved in several ways. Most notably support
+# for CBC is not utilized, nor multiple blocks are ever processed.
+# Then software key schedule can be postponed till hardware support
+# detection... Performance improvement over assembler is reportedly
+# ~2.5x, but can reach >8x [naturally on larger chunks] if proper
+# support is implemented.
+
+# May 2007.
+#
+# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
+# for 128-bit keys, if hardware support is detected.
+
+# Januray 2009.
+#
+# Add support for hardware AES192/256 and reschedule instructions to
+# minimize/avoid Address Generation Interlock hazard and to favour
+# dual-issue z10 pipeline. This gave ~25% improvement on z10 and
+# almost 50% on z9. The gain is smaller on z10, because being dual-
+# issue z10 makes it improssible to eliminate the interlock condition:
+# critial path is not long enough. Yet it spends ~24 cycles per byte
+# processed with 128-bit key.
+#
+# Unlike previous version hardware support detection takes place only
+# at the moment of key schedule setup, which is denoted in key->rounds.
+# This is done, because deferred key setup can't be made MT-safe, not
+# for keys longer than 128 bits.
+#
+# Add AES_cbc_encrypt, which gives incredible performance improvement,
+# it was measured to be ~6.6x. It's less than previously mentioned 8x,
+# because software implementation was optimized.
+
+# May 2010.
+#
+# Add AES_ctr32_encrypt. If hardware-assisted, it provides up to 4.3x
+# performance improvement over "generic" counter mode routine relying
+# on single-block, also hardware-assisted, AES_encrypt. "Up to" refers
+# to the fact that exact throughput value depends on current stack
+# frame alignment within 4KB page. In worst case you get ~75% of the
+# maximum, but *on average* it would be as much as ~98%. Meaning that
+# worst case is unlike, it's like hitting ravine on plateau.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 2x better than code generated by gcc 4.3.
+
+# December 2010.
+#
+# Add support for z196 "cipher message with counter" instruction.
+# Note however that it's disengaged, because it was measured to
+# perform ~12% worse than vanilla km-based code...
+
+# February 2011.
+#
+# Add AES_xts_[en|de]crypt. This includes support for z196 km-xts-aes
+# instructions, which deliver ~70% improvement at 8KB block size over
+# vanilla km-based code, 37% - at most like 512-bytes block size.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$softonly=0;	# allow hardware support
+
+$t0="%r0";	$mask="%r0";
+$t1="%r1";
+$t2="%r2";	$inp="%r2";
+$t3="%r3";	$out="%r3";	$bits="%r3";
+$key="%r4";
+$i1="%r5";
+$i2="%r6";
+$i3="%r7";
+$s0="%r8";
+$s1="%r9";
+$s2="%r10";
+$s3="%r11";
+$tbl="%r12";
+$rounds="%r13";
+$ra="%r14";
+$sp="%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code=<<___;
+.text
+
+.type	AES_Te,\@object
+.align	256
+AES_Te:
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+# Te4[256]
+.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+# rcon[]
+.long	0x01000000, 0x02000000, 0x04000000, 0x08000000
+.long	0x10000000, 0x20000000, 0x40000000, 0x80000000
+.long	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.align	256
+.size	AES_Te,.-AES_Te
+
+# void AES_encrypt(const unsigned char *inp, unsigned char *out,
+# 		 const AES_KEY *key) {
+.globl	AES_encrypt
+.type	AES_encrypt,\@function
+AES_encrypt:
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lesoft
+
+	la	%r1,0($key)
+	#la	%r2,0($inp)
+	la	%r4,0($out)
+	lghi	%r3,16		# single block length
+	.long	0xb92e0042	# km %r4,%r2
+	brc	1,.-4		# can this happen?
+	br	%r14
+.align	64
+.Lesoft:
+___
+$code.=<<___;
+	stm${g}	%r3,$ra,3*$SIZE_T($sp)
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt
+
+	l${g}	$out,3*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_encrypt,.-AES_encrypt
+
+.type   _s390x_AES_encrypt,\@function
+.align	16
+_s390x_AES_encrypt:
+	st${g}	$ra,15*$SIZE_T($sp)
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$s3,12($key)
+	l	$rounds,240($key)
+	llill	$mask,`0xff<<3`
+	aghi	$rounds,-1
+	j	.Lenc_loop
+.align	16
+.Lenc_loop:
+	sllg	$t1,$s0,`0+3`
+	srlg	$t2,$s0,`8-3`
+	srlg	$t3,$s0,`16-3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	ngr	$t1,$mask
+	nr	$t2,$mask
+	nr	$t3,$mask
+
+	srlg	$i1,$s1,`16-3`	# i0
+	sllg	$i2,$s1,`0+3`
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	nr	$i1,$mask
+	nr	$s1,$mask
+	ngr	$i2,$mask
+	nr	$i3,$mask
+
+	l	$s0,0($s0,$tbl)	# Te0[s0>>24]
+	l	$t1,1($t1,$tbl)	# Te3[s0>>0]
+	l	$t2,2($t2,$tbl) # Te2[s0>>8]
+	l	$t3,3($t3,$tbl)	# Te1[s0>>16]
+
+	x	$s0,3($i1,$tbl)	# Te1[s1>>16]
+	l	$s1,0($s1,$tbl)	# Te0[s1>>24]
+	x	$t2,1($i2,$tbl)	# Te3[s1>>0]
+	x	$t3,2($i3,$tbl)	# Te2[s1>>8]
+
+	srlg	$i1,$s2,`8-3`	# i0
+	srlg	$i2,$s2,`16-3`	# i1
+	nr	$i1,$mask
+	nr	$i2,$mask
+	sllg	$i3,$s2,`0+3`
+	srl	$s2,`24-3`
+	nr	$s2,$mask
+	ngr	$i3,$mask
+
+	xr	$s1,$t1
+	srlg	$ra,$s3,`8-3`	# i1
+	sllg	$t1,$s3,`0+3`	# i0
+	nr	$ra,$mask
+	la	$key,16($key)
+	ngr	$t1,$mask
+
+	x	$s0,2($i1,$tbl)	# Te2[s2>>8]
+	x	$s1,3($i2,$tbl)	# Te1[s2>>16]
+	l	$s2,0($s2,$tbl)	# Te0[s2>>24]
+	x	$t3,1($i3,$tbl)	# Te3[s2>>0]
+
+	srlg	$i3,$s3,`16-3`	# i2
+	xr	$s2,$t2
+	srl	$s3,`24-3`
+	nr	$i3,$mask
+	nr	$s3,$mask
+
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$t3,12($key)
+
+	x	$s0,1($t1,$tbl)	# Te3[s3>>0]
+	x	$s1,2($ra,$tbl)	# Te2[s3>>8]
+	x	$s2,3($i3,$tbl)	# Te1[s3>>16]
+	l	$s3,0($s3,$tbl)	# Te0[s3>>24]
+	xr	$s3,$t3
+
+	brct	$rounds,.Lenc_loop
+	.align	16
+
+	sllg	$t1,$s0,`0+3`
+	srlg	$t2,$s0,`8-3`
+	ngr	$t1,$mask
+	srlg	$t3,$s0,`16-3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	nr	$t2,$mask
+	nr	$t3,$mask
+
+	srlg	$i1,$s1,`16-3`	# i0
+	sllg	$i2,$s1,`0+3`
+	ngr	$i2,$mask
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	nr	$i1,$mask
+	nr	$s1,$mask
+	nr	$i3,$mask
+
+	llgc	$s0,2($s0,$tbl)	# Te4[s0>>24]
+	llgc	$t1,2($t1,$tbl)	# Te4[s0>>0]
+	sll	$s0,24
+	llgc	$t2,2($t2,$tbl)	# Te4[s0>>8]
+	llgc	$t3,2($t3,$tbl)	# Te4[s0>>16]
+	sll	$t2,8
+	sll	$t3,16
+
+	llgc	$i1,2($i1,$tbl)	# Te4[s1>>16]
+	llgc	$s1,2($s1,$tbl)	# Te4[s1>>24]
+	llgc	$i2,2($i2,$tbl)	# Te4[s1>>0]
+	llgc	$i3,2($i3,$tbl)	# Te4[s1>>8]
+	sll	$i1,16
+	sll	$s1,24
+	sll	$i3,8
+	or	$s0,$i1
+	or	$s1,$t1
+	or	$t2,$i2
+	or	$t3,$i3
+	
+	srlg	$i1,$s2,`8-3`	# i0
+	srlg	$i2,$s2,`16-3`	# i1
+	nr	$i1,$mask
+	nr	$i2,$mask
+	sllg	$i3,$s2,`0+3`
+	srl	$s2,`24-3`
+	ngr	$i3,$mask
+	nr	$s2,$mask
+
+	sllg	$t1,$s3,`0+3`	# i0
+	srlg	$ra,$s3,`8-3`	# i1
+	ngr	$t1,$mask
+
+	llgc	$i1,2($i1,$tbl)	# Te4[s2>>8]
+	llgc	$i2,2($i2,$tbl)	# Te4[s2>>16]
+	sll	$i1,8
+	llgc	$s2,2($s2,$tbl)	# Te4[s2>>24]
+	llgc	$i3,2($i3,$tbl)	# Te4[s2>>0]
+	sll	$i2,16
+	nr	$ra,$mask
+	sll	$s2,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$t2
+	or	$t3,$i3
+
+	srlg	$i3,$s3,`16-3`	# i2
+	srl	$s3,`24-3`
+	nr	$i3,$mask
+	nr	$s3,$mask
+
+	l	$t0,16($key)
+	l	$t2,20($key)
+
+	llgc	$i1,2($t1,$tbl)	# Te4[s3>>0]
+	llgc	$i2,2($ra,$tbl)	# Te4[s3>>8]
+	llgc	$i3,2($i3,$tbl)	# Te4[s3>>16]
+	llgc	$s3,2($s3,$tbl)	# Te4[s3>>24]
+	sll	$i2,8
+	sll	$i3,16
+	sll	$s3,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$i3
+	or	$s3,$t3
+
+	l${g}	$ra,15*$SIZE_T($sp)
+	xr	$s0,$t0
+	xr	$s1,$t2
+	x	$s2,24($key)
+	x	$s3,28($key)
+
+	br	$ra	
+.size	_s390x_AES_encrypt,.-_s390x_AES_encrypt
+___
+
+$code.=<<___;
+.type	AES_Td,\@object
+.align	256
+AES_Td:
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+# Td4[256]
+.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size	AES_Td,.-AES_Td
+
+# void AES_decrypt(const unsigned char *inp, unsigned char *out,
+# 		 const AES_KEY *key) {
+.globl	AES_decrypt
+.type	AES_decrypt,\@function
+AES_decrypt:
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Ldsoft
+
+	la	%r1,0($key)
+	#la	%r2,0($inp)
+	la	%r4,0($out)
+	lghi	%r3,16		# single block length
+	.long	0xb92e0042	# km %r4,%r2
+	brc	1,.-4		# can this happen?
+	br	%r14
+.align	64
+.Ldsoft:
+___
+$code.=<<___;
+	stm${g}	%r3,$ra,3*$SIZE_T($sp)
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+
+	larl	$tbl,AES_Td
+	bras	$ra,_s390x_AES_decrypt
+
+	l${g}	$out,3*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_decrypt,.-AES_decrypt
+
+.type   _s390x_AES_decrypt,\@function
+.align	16
+_s390x_AES_decrypt:
+	st${g}	$ra,15*$SIZE_T($sp)
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$s3,12($key)
+	l	$rounds,240($key)
+	llill	$mask,`0xff<<3`
+	aghi	$rounds,-1
+	j	.Ldec_loop
+.align	16
+.Ldec_loop:
+	srlg	$t1,$s0,`16-3`
+	srlg	$t2,$s0,`8-3`
+	sllg	$t3,$s0,`0+3`
+	srl	$s0,`24-3`
+	nr	$s0,$mask
+	nr	$t1,$mask
+	nr	$t2,$mask
+	ngr	$t3,$mask
+
+	sllg	$i1,$s1,`0+3`	# i0
+	srlg	$i2,$s1,`16-3`
+	srlg	$i3,$s1,`8-3`
+	srl	$s1,`24-3`
+	ngr	$i1,$mask
+	nr	$s1,$mask
+	nr	$i2,$mask
+	nr	$i3,$mask
+
+	l	$s0,0($s0,$tbl)	# Td0[s0>>24]
+	l	$t1,3($t1,$tbl)	# Td1[s0>>16]
+	l	$t2,2($t2,$tbl)	# Td2[s0>>8]
+	l	$t3,1($t3,$tbl)	# Td3[s0>>0]
+
+	x	$s0,1($i1,$tbl)	# Td3[s1>>0]
+	l	$s1,0($s1,$tbl)	# Td0[s1>>24]
+	x	$t2,3($i2,$tbl)	# Td1[s1>>16]
+	x	$t3,2($i3,$tbl)	# Td2[s1>>8]
+
+	srlg	$i1,$s2,`8-3`	# i0
+	sllg	$i2,$s2,`0+3`	# i1
+	srlg	$i3,$s2,`16-3`
+	srl	$s2,`24-3`
+	nr	$i1,$mask
+	ngr	$i2,$mask
+	nr	$s2,$mask
+	nr	$i3,$mask
+
+	xr	$s1,$t1
+	srlg	$ra,$s3,`8-3`	# i1
+	srlg	$t1,$s3,`16-3`	# i0
+	nr	$ra,$mask
+	la	$key,16($key)
+	nr	$t1,$mask
+
+	x	$s0,2($i1,$tbl)	# Td2[s2>>8]
+	x	$s1,1($i2,$tbl)	# Td3[s2>>0]
+	l	$s2,0($s2,$tbl)	# Td0[s2>>24]
+	x	$t3,3($i3,$tbl)	# Td1[s2>>16]
+
+	sllg	$i3,$s3,`0+3`	# i2
+	srl	$s3,`24-3`
+	ngr	$i3,$mask
+	nr	$s3,$mask
+
+	xr	$s2,$t2
+	x	$s0,0($key)
+	x	$s1,4($key)
+	x	$s2,8($key)
+	x	$t3,12($key)
+
+	x	$s0,3($t1,$tbl)	# Td1[s3>>16]
+	x	$s1,2($ra,$tbl)	# Td2[s3>>8]
+	x	$s2,1($i3,$tbl)	# Td3[s3>>0]
+	l	$s3,0($s3,$tbl)	# Td0[s3>>24]
+	xr	$s3,$t3
+
+	brct	$rounds,.Ldec_loop
+	.align	16
+
+	l	$t1,`2048+0`($tbl)	# prefetch Td4
+	l	$t2,`2048+64`($tbl)
+	l	$t3,`2048+128`($tbl)
+	l	$i1,`2048+192`($tbl)
+	llill	$mask,0xff
+
+	srlg	$i3,$s0,24	# i0
+	srlg	$t1,$s0,16
+	srlg	$t2,$s0,8
+	nr	$s0,$mask	# i3
+	nr	$t1,$mask
+
+	srlg	$i1,$s1,24
+	nr	$t2,$mask
+	srlg	$i2,$s1,16
+	srlg	$ra,$s1,8
+	nr	$s1,$mask	# i0
+	nr	$i2,$mask
+	nr	$ra,$mask
+
+	llgc	$i3,2048($i3,$tbl)	# Td4[s0>>24]
+	llgc	$t1,2048($t1,$tbl)	# Td4[s0>>16]
+	llgc	$t2,2048($t2,$tbl)	# Td4[s0>>8]
+	sll	$t1,16
+	llgc	$t3,2048($s0,$tbl)	# Td4[s0>>0]
+	sllg	$s0,$i3,24
+	sll	$t2,8
+
+	llgc	$s1,2048($s1,$tbl)	# Td4[s1>>0]
+	llgc	$i1,2048($i1,$tbl)	# Td4[s1>>24]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s1>>16]
+	sll	$i1,24
+	llgc	$i3,2048($ra,$tbl)	# Td4[s1>>8]
+	sll	$i2,16
+	sll	$i3,8
+	or	$s0,$s1
+	or	$t1,$i1
+	or	$t2,$i2
+	or	$t3,$i3
+
+	srlg	$i1,$s2,8	# i0
+	srlg	$i2,$s2,24
+	srlg	$i3,$s2,16
+	nr	$s2,$mask	# i1
+	nr	$i1,$mask
+	nr	$i3,$mask
+	llgc	$i1,2048($i1,$tbl)	# Td4[s2>>8]
+	llgc	$s1,2048($s2,$tbl)	# Td4[s2>>0]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s2>>24]
+	llgc	$i3,2048($i3,$tbl)	# Td4[s2>>16]
+	sll	$i1,8
+	sll	$i2,24
+	or	$s0,$i1
+	sll	$i3,16
+	or	$t2,$i2
+	or	$t3,$i3
+
+	srlg	$i1,$s3,16	# i0
+	srlg	$i2,$s3,8	# i1
+	srlg	$i3,$s3,24
+	nr	$s3,$mask	# i2
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	l${g}	$ra,15*$SIZE_T($sp)
+	or	$s1,$t1
+	l	$t0,16($key)
+	l	$t1,20($key)
+
+	llgc	$i1,2048($i1,$tbl)	# Td4[s3>>16]
+	llgc	$i2,2048($i2,$tbl)	# Td4[s3>>8]
+	sll	$i1,16
+	llgc	$s2,2048($s3,$tbl)	# Td4[s3>>0]
+	llgc	$s3,2048($i3,$tbl)	# Td4[s3>>24]
+	sll	$i2,8
+	sll	$s3,24
+	or	$s0,$i1
+	or	$s1,$i2
+	or	$s2,$t2
+	or	$s3,$t3
+
+	xr	$s0,$t0
+	xr	$s1,$t1
+	x	$s2,24($key)
+	x	$s3,28($key)
+
+	br	$ra	
+.size	_s390x_AES_decrypt,.-_s390x_AES_decrypt
+___
+
+$code.=<<___;
+# void AES_set_encrypt_key(const unsigned char *in, int bits,
+# 		 AES_KEY *key) {
+.globl	AES_set_encrypt_key
+.type	AES_set_encrypt_key,\@function
+.align	16
+AES_set_encrypt_key:
+_s390x_AES_set_encrypt_key:
+	lghi	$t0,0
+	cl${g}r	$inp,$t0
+	je	.Lminus1
+	cl${g}r	$key,$t0
+	je	.Lminus1
+
+	lghi	$t0,128
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	$t0,192
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	$t0,256
+	clr	$bits,$t0
+	je	.Lproceed
+	lghi	%r2,-2
+	br	%r14
+
+.align	16
+.Lproceed:
+___
+$code.=<<___ if (!$softonly);
+	# convert bits to km(c) code, [128,192,256]->[18,19,20]
+	lhi	%r5,-128
+	lhi	%r0,18
+	ar	%r5,$bits
+	srl	%r5,6
+	ar	%r5,%r0
+
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000
+	srlg	%r0,%r0,0(%r5)
+	ng	%r0,32(%r1)	# check availability of both km...
+	ng	%r0,48(%r1)	# ...and kmc support for given key length
+	jz	.Lekey_internal
+
+	lmg	%r0,%r1,0($inp)	# just copy 128 bits...
+	stmg	%r0,%r1,0($key)
+	lhi	%r0,192
+	cr	$bits,%r0
+	jl	1f
+	lg	%r1,16($inp)
+	stg	%r1,16($key)
+	je	1f
+	lg	%r1,24($inp)
+	stg	%r1,24($key)
+1:	st	$bits,236($key)	# save bits [for debugging purposes]
+	lgr	$t0,%r5
+	st	%r5,240($key)	# save km(c) code
+	lghi	%r2,0
+	br	%r14
+___
+$code.=<<___;
+.align	16
+.Lekey_internal:
+	stm${g}	%r4,%r13,4*$SIZE_T($sp)	# all non-volatile regs and $key
+
+	larl	$tbl,AES_Te+2048
+
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+	st	$s0,0($key)
+	st	$s1,4($key)
+	st	$s2,8($key)
+	st	$s3,12($key)
+	lghi	$t0,128
+	cr	$bits,$t0
+	jne	.Lnot128
+
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,10
+	st	$rounds,240($key)
+
+	llgfr	$t2,$s3			# temp=rk[3]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	srlg	$i3,$s3,24
+	nr	$t2,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L128_loop:
+	la	$t2,0($t2,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t2,2,0($t2)		# Te4[rk[3]>>0]<<8
+	icm	$t2,4,0($i1)		# Te4[rk[3]>>8]<<16
+	icm	$t2,8,0($i2)		# Te4[rk[3]>>16]<<24
+	icm	$t2,1,0($i3)		# Te4[rk[3]>>24]
+	x	$t2,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t2			# rk[4]=rk[0]^...
+	xr	$s1,$s0			# rk[5]=rk[1]^rk[4]
+	xr	$s2,$s1			# rk[6]=rk[2]^rk[5]
+	xr	$s3,$s2			# rk[7]=rk[3]^rk[6]
+
+	llgfr	$t2,$s3			# temp=rk[3]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	nr	$t2,$mask
+	nr	$i1,$mask
+	srlg	$i3,$s3,24
+	nr	$i2,$mask
+
+	st	$s0,16($key)
+	st	$s1,20($key)
+	st	$s2,24($key)
+	st	$s3,28($key)
+	la	$key,16($key)		# key+=4
+	la	$t3,4($t3)		# i++
+	brct	$rounds,.L128_loop
+	lghi	$t0,10
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lnot128:
+	llgf	$t0,16($inp)
+	llgf	$t1,20($inp)
+	st	$t0,16($key)
+	st	$t1,20($key)
+	lghi	$t0,192
+	cr	$bits,$t0
+	jne	.Lnot192
+
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,12
+	st	$rounds,240($key)
+	lghi	$rounds,8
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L192_loop:
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t1,2,0($t1)		# Te4[rk[5]>>0]<<8
+	icm	$t1,4,0($i1)		# Te4[rk[5]>>8]<<16
+	icm	$t1,8,0($i2)		# Te4[rk[5]>>16]<<24
+	icm	$t1,1,0($i3)		# Te4[rk[5]>>24]
+	x	$t1,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t1			# rk[6]=rk[0]^...
+	xr	$s1,$s0			# rk[7]=rk[1]^rk[6]
+	xr	$s2,$s1			# rk[8]=rk[2]^rk[7]
+	xr	$s3,$s2			# rk[9]=rk[3]^rk[8]
+
+	st	$s0,24($key)
+	st	$s1,28($key)
+	st	$s2,32($key)
+	st	$s3,36($key)
+	brct	$rounds,.L192_continue
+	lghi	$t0,12
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.L192_continue:
+	lgr	$t1,$s3
+	x	$t1,16($key)		# rk[10]=rk[4]^rk[9]
+	st	$t1,40($key)
+	x	$t1,20($key)		# rk[11]=rk[5]^rk[10]
+	st	$t1,44($key)
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	la	$key,24($key)		# key+=6
+	la	$t3,4($t3)		# i++
+	j	.L192_loop
+
+.align	16
+.Lnot192:
+	llgf	$t0,24($inp)
+	llgf	$t1,28($inp)
+	st	$t0,24($key)
+	st	$t1,28($key)
+	llill	$mask,0xff
+	lghi	$t3,0			# i=0
+	lghi	$rounds,14
+	st	$rounds,240($key)
+	lghi	$rounds,7
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+.align	16
+.L256_loop:
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	icm	$t1,2,0($t1)		# Te4[rk[7]>>0]<<8
+	icm	$t1,4,0($i1)		# Te4[rk[7]>>8]<<16
+	icm	$t1,8,0($i2)		# Te4[rk[7]>>16]<<24
+	icm	$t1,1,0($i3)		# Te4[rk[7]>>24]
+	x	$t1,256($t3,$tbl)	# rcon[i]
+	xr	$s0,$t1			# rk[8]=rk[0]^...
+	xr	$s1,$s0			# rk[9]=rk[1]^rk[8]
+	xr	$s2,$s1			# rk[10]=rk[2]^rk[9]
+	xr	$s3,$s2			# rk[11]=rk[3]^rk[10]
+	st	$s0,32($key)
+	st	$s1,36($key)
+	st	$s2,40($key)
+	st	$s3,44($key)
+	brct	$rounds,.L256_continue
+	lghi	$t0,14
+	lghi	%r2,0
+	lm${g}	%r4,%r13,4*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.L256_continue:
+	lgr	$t1,$s3			# temp=rk[11]
+	srlg	$i1,$s3,8
+	srlg	$i2,$s3,16
+	srlg	$i3,$s3,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+	la	$t1,0($t1,$tbl)
+	la	$i1,0($i1,$tbl)
+	la	$i2,0($i2,$tbl)
+	la	$i3,0($i3,$tbl)
+	llgc	$t1,0($t1)		# Te4[rk[11]>>0]
+	icm	$t1,2,0($i1)		# Te4[rk[11]>>8]<<8
+	icm	$t1,4,0($i2)		# Te4[rk[11]>>16]<<16
+	icm	$t1,8,0($i3)		# Te4[rk[11]>>24]<<24
+	x	$t1,16($key)		# rk[12]=rk[4]^...
+	st	$t1,48($key)
+	x	$t1,20($key)		# rk[13]=rk[5]^rk[12]
+	st	$t1,52($key)
+	x	$t1,24($key)		# rk[14]=rk[6]^rk[13]
+	st	$t1,56($key)
+	x	$t1,28($key)		# rk[15]=rk[7]^rk[14]
+	st	$t1,60($key)
+
+	srlg	$i1,$t1,8
+	srlg	$i2,$t1,16
+	srlg	$i3,$t1,24
+	nr	$t1,$mask
+	nr	$i1,$mask
+	nr	$i2,$mask
+
+	la	$key,32($key)		# key+=8
+	la	$t3,4($t3)		# i++
+	j	.L256_loop
+
+.Lminus1:
+	lghi	%r2,-1
+	br	$ra
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+# void AES_set_decrypt_key(const unsigned char *in, int bits,
+# 		 AES_KEY *key) {
+.globl	AES_set_decrypt_key
+.type	AES_set_decrypt_key,\@function
+.align	16
+AES_set_decrypt_key:
+	#st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to
+	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers and $key!
+	bras	$ra,_s390x_AES_set_encrypt_key
+	#l${g}	$key,4*$SIZE_T($sp)
+	l${g}	$ra,14*$SIZE_T($sp)
+	ltgr	%r2,%r2
+	bnzr	$ra
+___
+$code.=<<___ if (!$softonly);
+	#l	$t0,240($key)
+	lhi	$t1,16
+	cr	$t0,$t1
+	jl	.Lgo
+	oill	$t0,0x80	# set "decrypt" bit
+	st	$t0,240($key)
+	br	$ra
+___
+$code.=<<___;
+.align	16
+.Lgo:	lgr	$rounds,$t0	#llgf	$rounds,240($key)
+	la	$i1,0($key)
+	sllg	$i2,$rounds,4
+	la	$i2,0($i2,$key)
+	srl	$rounds,1
+	lghi	$t1,-16
+
+.align	16
+.Linv:	lmg	$s0,$s1,0($i1)
+	lmg	$s2,$s3,0($i2)
+	stmg	$s0,$s1,0($i2)
+	stmg	$s2,$s3,0($i1)
+	la	$i1,16($i1)
+	la	$i2,0($t1,$i2)
+	brct	$rounds,.Linv
+___
+$mask80=$i1;
+$mask1b=$i2;
+$maskfe=$i3;
+$code.=<<___;
+	llgf	$rounds,240($key)
+	aghi	$rounds,-1
+	sll	$rounds,2	# (rounds-1)*4
+	llilh	$mask80,0x8080
+	llilh	$mask1b,0x1b1b
+	llilh	$maskfe,0xfefe
+	oill	$mask80,0x8080
+	oill	$mask1b,0x1b1b
+	oill	$maskfe,0xfefe
+
+.align	16
+.Lmix:	l	$s0,16($key)	# tp1
+	lr	$s1,$s0
+	ngr	$s1,$mask80
+	srlg	$t1,$s1,7
+	slr	$s1,$t1
+	nr	$s1,$mask1b
+	sllg	$t1,$s0,1
+	nr	$t1,$maskfe
+	xr	$s1,$t1		# tp2
+
+	lr	$s2,$s1
+	ngr	$s2,$mask80
+	srlg	$t1,$s2,7
+	slr	$s2,$t1
+	nr	$s2,$mask1b
+	sllg	$t1,$s1,1
+	nr	$t1,$maskfe
+	xr	$s2,$t1		# tp4
+
+	lr	$s3,$s2
+	ngr	$s3,$mask80
+	srlg	$t1,$s3,7
+	slr	$s3,$t1
+	nr	$s3,$mask1b
+	sllg	$t1,$s2,1
+	nr	$t1,$maskfe
+	xr	$s3,$t1		# tp8
+
+	xr	$s1,$s0		# tp2^tp1
+	xr	$s2,$s0		# tp4^tp1
+	rll	$s0,$s0,24	# = ROTATE(tp1,8)
+	xr	$s2,$s3		# ^=tp8
+	xr	$s0,$s1		# ^=tp2^tp1
+	xr	$s1,$s3		# tp2^tp1^tp8
+	xr	$s0,$s2		# ^=tp4^tp1^tp8
+	rll	$s1,$s1,8
+	rll	$s2,$s2,16
+	xr	$s0,$s1		# ^= ROTATE(tp8^tp2^tp1,24)
+	rll	$s3,$s3,24
+	xr	$s0,$s2    	# ^= ROTATE(tp8^tp4^tp1,16)
+	xr	$s0,$s3		# ^= ROTATE(tp8,8)
+
+	st	$s0,16($key)
+	la	$key,4($key)
+	brct	$rounds,.Lmix
+
+	lm${g}	%r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key!
+	lghi	%r2,0
+	br	$ra
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+########################################################################
+# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+#                     size_t length, const AES_KEY *key,
+#                     unsigned char *ivec, const int enc)
+{
+my $inp="%r2";
+my $out="%r4";	# length and out are swapped
+my $len="%r3";
+my $key="%r5";
+my $ivp="%r6";
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.type	AES_cbc_encrypt,\@function
+.align	16
+AES_cbc_encrypt:
+	xgr	%r3,%r4		# flip %r3 and %r4, out and len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if (!$softonly);
+	lhi	%r0,16
+	cl	%r0,240($key)
+	jh	.Lcbc_software
+
+	lg	%r0,0($ivp)	# copy ivec
+	lg	%r1,8($ivp)
+	stmg	%r0,%r1,16($sp)
+	lmg	%r0,%r1,0($key)	# copy key, cover 256 bit
+	stmg	%r0,%r1,32($sp)
+	lmg	%r0,%r1,16($key)
+	stmg	%r0,%r1,48($sp)
+	l	%r0,240($key)	# load kmc code
+	lghi	$key,15		# res=len%16, len-=res;
+	ngr	$key,$len
+	sl${g}r	$len,$key
+	la	%r1,16($sp)	# parameter block - ivec || key
+	jz	.Lkmc_truncated
+	.long	0xb92f0042	# kmc %r4,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	ltr	$key,$key
+	jnz	.Lkmc_truncated
+.Lkmc_done:
+	lmg	%r0,%r1,16($sp)	# copy ivec to caller
+	stg	%r0,0($ivp)
+	stg	%r1,8($ivp)
+	br	$ra
+.align	16
+.Lkmc_truncated:
+	ahi	$key,-1		# it's the way it's encoded in mvc
+	tmll	%r0,0x80
+	jnz	.Lkmc_truncated_dec
+	lghi	%r1,0
+	stg	%r1,16*$SIZE_T($sp)
+	stg	%r1,16*$SIZE_T+8($sp)
+	bras	%r1,1f
+	mvc	16*$SIZE_T(1,$sp),0($inp)
+1:	ex	$key,0(%r1)
+	la	%r1,16($sp)	# restore parameter block
+	la	$inp,16*$SIZE_T($sp)
+	lghi	$len,16
+	.long	0xb92f0042	# kmc %r4,%r2
+	j	.Lkmc_done
+.align	16
+.Lkmc_truncated_dec:
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$out,16*$SIZE_T($sp)
+	lghi	$len,16
+	.long	0xb92f0042	# kmc %r4,%r2
+	l${g}	$out,4*$SIZE_T($sp)
+	bras	%r1,2f
+	mvc	0(1,$out),16*$SIZE_T($sp)
+2:	ex	$key,0(%r1)
+	j	.Lkmc_done
+.align	16
+.Lcbc_software:
+___
+$code.=<<___;
+	stm${g}	$key,$ra,5*$SIZE_T($sp)
+	lhi	%r0,0
+	cl	%r0,`$stdframe+$SIZE_T-4`($sp)
+	je	.Lcbc_decrypt
+
+	larl	$tbl,AES_Te
+
+	llgf	$s0,0($ivp)
+	llgf	$s1,4($ivp)
+	llgf	$s2,8($ivp)
+	llgf	$s3,12($ivp)
+
+	lghi	$t0,16
+	sl${g}r	$len,$t0
+	brc	4,.Lcbc_enc_tail	# if borrow
+.Lcbc_enc_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	x	$s0,0($inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_encrypt
+
+	lm${g}	$inp,$key,2*$SIZE_T($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+	la	$inp,16($inp)
+	la	$out,16($out)
+	lghi	$t0,16
+	lt${g}r	$len,$len
+	jz	.Lcbc_enc_done
+	sl${g}r	$len,$t0
+	brc	4,.Lcbc_enc_tail	# if borrow
+	j	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_done:
+	l${g}	$ivp,6*$SIZE_T($sp)
+	st	$s0,0($ivp)
+	st	$s1,4($ivp)	
+	st	$s2,8($ivp)
+	st	$s3,12($ivp)
+
+	lm${g}	%r7,$ra,7*$SIZE_T($sp)
+	br	$ra
+
+.align	16
+.Lcbc_enc_tail:
+	aghi	$len,15
+	lghi	$t0,0
+	stg	$t0,16*$SIZE_T($sp)
+	stg	$t0,16*$SIZE_T+8($sp)
+	bras	$t1,3f
+	mvc	16*$SIZE_T(1,$sp),0($inp)
+3:	ex	$len,0($t1)
+	lghi	$len,0
+	la	$inp,16*$SIZE_T($sp)
+	j	.Lcbc_enc_loop
+
+.align	16
+.Lcbc_decrypt:
+	larl	$tbl,AES_Td
+
+	lg	$t0,0($ivp)
+	lg	$t1,8($ivp)
+	stmg	$t0,$t1,16*$SIZE_T($sp)
+
+.Lcbc_dec_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	llgf	$s0,0($inp)
+	llgf	$s1,4($inp)
+	llgf	$s2,8($inp)
+	llgf	$s3,12($inp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_decrypt
+
+	lm${g}	$inp,$key,2*$SIZE_T($sp)
+	sllg	$s0,$s0,32
+	sllg	$s2,$s2,32
+	lr	$s0,$s1
+	lr	$s2,$s3
+
+	lg	$t0,0($inp)
+	lg	$t1,8($inp)
+	xg	$s0,16*$SIZE_T($sp)
+	xg	$s2,16*$SIZE_T+8($sp)
+	lghi	$s1,16
+	sl${g}r	$len,$s1
+	brc	4,.Lcbc_dec_tail	# if borrow
+	brc	2,.Lcbc_dec_done	# if zero
+	stg	$s0,0($out)
+	stg	$s2,8($out)
+	stmg	$t0,$t1,16*$SIZE_T($sp)
+
+	la	$inp,16($inp)
+	la	$out,16($out)
+	j	.Lcbc_dec_loop
+
+.Lcbc_dec_done:
+	stg	$s0,0($out)
+	stg	$s2,8($out)
+.Lcbc_dec_exit:
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	stmg	$t0,$t1,0($ivp)
+
+	br	$ra
+
+.align	16
+.Lcbc_dec_tail:
+	aghi	$len,15
+	stg	$s0,16*$SIZE_T($sp)
+	stg	$s2,16*$SIZE_T+8($sp)
+	bras	$s1,4f
+	mvc	0(1,$out),16*$SIZE_T($sp)
+4:	ex	$len,0($s1)
+	j	.Lcbc_dec_exit
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+########################################################################
+# void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+#                     size_t blocks, const AES_KEY *key,
+#                     const unsigned char *ivec)
+{
+my $inp="%r2";
+my $out="%r4";	# blocks and out are swapped
+my $len="%r3";
+my $key="%r5";	my $iv0="%r5";
+my $ivp="%r6";
+my $fp ="%r7";
+
+$code.=<<___;
+.globl	AES_ctr32_encrypt
+.type	AES_ctr32_encrypt,\@function
+.align	16
+AES_ctr32_encrypt:
+	xgr	%r3,%r4		# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+	llgfr	$len,$len	# safe in ctr32 subroutine even in 64-bit case
+___
+$code.=<<___ if (!$softonly);
+	l	%r0,240($key)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lctr32_software
+
+	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+
+	slgr	$out,$inp
+	la	%r1,0($key)	# %r1 is permanent copy of $key
+	lg	$iv0,0($ivp)	# load ivec
+	lg	$ivp,8($ivp)
+
+	# prepare and allocate stack frame at the top of 4K page
+	# with 1K reserved for eventual signal handling
+	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
+	lghi	$s1,-4096
+	algr	$s0,$sp
+	lgr	$fp,$sp
+	ngr	$s0,$s1		# align at page boundary
+	slgr	$fp,$s0		# total buffer size
+	lgr	$s2,$sp
+	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
+	slgr	$fp,$s1		# deduct reservation to get usable buffer size
+	# buffer size is at lest 256 and at most 3072+256-16
+
+	la	$sp,1024($s0)	# alloca
+	srlg	$fp,$fp,4	# convert bytes to blocks, minimum 16
+	st${g}	$s2,0($sp)	# back-chain
+	st${g}	$fp,$SIZE_T($sp)
+
+	slgr	$len,$fp
+	brc	1,.Lctr32_hw_switch	# not zero, no borrow
+	algr	$fp,$len	# input is shorter than allocated buffer
+	lghi	$len,0
+	st${g}	$fp,$SIZE_T($sp)
+
+.Lctr32_hw_switch:
+___
+$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower
+	llgfr	$s0,%r0
+	lgr	$s1,%r1
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000	# check if kmctr supports the function code
+	srlg	%r0,%r0,0($s0)
+	ng	%r0,64(%r1)	# check kmctr capability vector
+	lgr	%r0,$s0
+	lgr	%r1,$s1
+	jz	.Lctr32_km_loop
+
+####### kmctr code
+	algr	$out,$inp	# restore $out
+	lgr	$s1,$len	# $s1 undertakes $len
+	j	.Lctr32_kmctr_loop
+.align	16
+.Lctr32_kmctr_loop:
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+.Lctr32_kmctr_prepare:
+	stg	$iv0,0($s2)
+	stg	$ivp,8($s2)
+	la	$s2,16($s2)
+	ahi	$ivp,1		# 32-bit increment, preserves upper half
+	brct	$s3,.Lctr32_kmctr_prepare
+
+	#la	$inp,0($inp)	# inp
+	sllg	$len,$fp,4	# len
+	#la	$out,0($out)	# out
+	la	$s2,16($sp)	# iv
+	.long	0xb92da042	# kmctr $out,$s2,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+
+	slgr	$s1,$fp
+	brc	1,.Lctr32_kmctr_loop	# not zero, no borrow
+	algr	$fp,$s1
+	lghi	$s1,0
+	brc	4+1,.Lctr32_kmctr_loop	# not zero
+
+	l${g}	$sp,0($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+___
+$code.=<<___ if (!$softonly);
+.Lctr32_km_loop:
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+.Lctr32_km_prepare:
+	stg	$iv0,0($s2)
+	stg	$ivp,8($s2)
+	la	$s2,16($s2)
+	ahi	$ivp,1		# 32-bit increment, preserves upper half
+	brct	$s3,.Lctr32_km_prepare
+
+	la	$s0,16($sp)	# inp
+	sllg	$s1,$fp,4	# len
+	la	$s2,16($sp)	# out
+	.long	0xb92e00a8	# km %r10,%r8
+	brc	1,.-4		# pay attention to "partial completion"
+
+	la	$s2,16($sp)
+	lgr	$s3,$fp
+	slgr	$s2,$inp
+.Lctr32_km_xor:
+	lg	$s0,0($inp)
+	lg	$s1,8($inp)
+	xg	$s0,0($s2,$inp)
+	xg	$s1,8($s2,$inp)
+	stg	$s0,0($out,$inp)
+	stg	$s1,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lctr32_km_xor
+
+	slgr	$len,$fp
+	brc	1,.Lctr32_km_loop	# not zero, no borrow
+	algr	$fp,$len
+	lghi	$len,0
+	brc	4+1,.Lctr32_km_loop	# not zero
+
+	l${g}	$s0,0($sp)
+	l${g}	$s1,$SIZE_T($sp)
+	la	$s2,16($sp)
+.Lctr32_km_zap:
+	stg	$s0,0($s2)
+	stg	$s0,8($s2)
+	la	$s2,16($s2)
+	brct	$s1,.Lctr32_km_zap
+
+	la	$sp,0($s0)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lctr32_software:
+___
+$code.=<<___;
+	stm${g}	$key,$ra,5*$SIZE_T($sp)
+	sl${g}r	$inp,$out
+	larl	$tbl,AES_Te
+	llgf	$t1,12($ivp)
+
+.Lctr32_loop:
+	stm${g}	$inp,$out,2*$SIZE_T($sp)
+	llgf	$s0,0($ivp)
+	llgf	$s1,4($ivp)
+	llgf	$s2,8($ivp)
+	lgr	$s3,$t1
+	st	$t1,16*$SIZE_T($sp)
+	lgr	%r4,$key
+
+	bras	$ra,_s390x_AES_encrypt
+
+	lm${g}	$inp,$ivp,2*$SIZE_T($sp)
+	llgf	$t1,16*$SIZE_T($sp)
+	x	$s0,0($inp,$out)
+	x	$s1,4($inp,$out)
+	x	$s2,8($inp,$out)
+	x	$s3,12($inp,$out)
+	stm	$s0,$s3,0($out)
+
+	la	$out,16($out)
+	ahi	$t1,1		# 32-bit increment
+	brct	$len,.Lctr32_loop
+
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_ctr32_encrypt,.-AES_ctr32_encrypt
+___
+}
+
+########################################################################
+# void AES_xts_encrypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+{
+my $inp="%r2";
+my $out="%r4";	# len and out are swapped
+my $len="%r3";
+my $key1="%r5";	# $i1
+my $key2="%r6";	# $i2
+my $fp="%r7";	# $i3
+my $tweak=16*$SIZE_T+16;	# or $stdframe-16, bottom of the frame...
+
+$code.=<<___;
+.type	_s390x_xts_km,\@function
+.align	16
+_s390x_xts_km:
+___
+$code.=<<___ if(1);
+	llgfr	$s0,%r0			# put aside the function code
+	lghi	$s1,0x7f
+	nr	$s1,%r0
+	larl	%r1,OPENSSL_s390xcap_P
+	llihh	%r0,0x8000
+	srlg	%r0,%r0,32($s1)		# check for 32+function code
+	ng	%r0,32(%r1)		# check km capability vector
+	lgr	%r0,$s0			# restore the function code
+	la	%r1,0($key1)		# restore $key1
+	jz	.Lxts_km_vanilla
+
+	lmg	$i2,$i3,$tweak($sp)	# put aside the tweak value
+	algr	$out,$inp
+
+	oill	%r0,32			# switch to xts function code
+	aghi	$s1,-18			#
+	sllg	$s1,$s1,3		# (function code - 18)*8, 0 or 16
+	la	%r1,$tweak-16($sp)
+	slgr	%r1,$s1			# parameter block position
+	lmg	$s0,$s3,0($key1)	# load 256 bits of key material,
+	stmg	$s0,$s3,0(%r1)		# and copy it to parameter block.
+					# yes, it contains junk and overlaps
+					# with the tweak in 128-bit case.
+					# it's done to avoid conditional
+					# branch.
+	stmg	$i2,$i3,$tweak($sp)	# "re-seat" the tweak value
+
+	.long	0xb92e0042		# km %r4,%r2
+	brc	1,.-4			# pay attention to "partial completion"
+
+	lrvg	$s0,$tweak+0($sp)	# load the last tweak
+	lrvg	$s1,$tweak+8($sp)
+	stmg	%r0,%r3,$tweak-32($sp)	# wipe copy of the key
+
+	nill	%r0,0xffdf		# switch back to original function code
+	la	%r1,0($key1)		# restore pointer to $key1
+	slgr	$out,$inp
+
+	llgc	$len,2*$SIZE_T-1($sp)
+	nill	$len,0x0f		# $len%=16
+	br	$ra
+	
+.align	16
+.Lxts_km_vanilla:
+___
+$code.=<<___;
+	# prepare and allocate stack frame at the top of 4K page
+	# with 1K reserved for eventual signal handling
+	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
+	lghi	$s1,-4096
+	algr	$s0,$sp
+	lgr	$fp,$sp
+	ngr	$s0,$s1		# align at page boundary
+	slgr	$fp,$s0		# total buffer size
+	lgr	$s2,$sp
+	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
+	slgr	$fp,$s1		# deduct reservation to get usable buffer size
+	# buffer size is at lest 256 and at most 3072+256-16
+
+	la	$sp,1024($s0)	# alloca
+	nill	$fp,0xfff0	# round to 16*n
+	st${g}	$s2,0($sp)	# back-chain
+	nill	$len,0xfff0	# redundant
+	st${g}	$fp,$SIZE_T($sp)
+
+	slgr	$len,$fp
+	brc	1,.Lxts_km_go	# not zero, no borrow
+	algr	$fp,$len	# input is shorter than allocated buffer
+	lghi	$len,0
+	st${g}	$fp,$SIZE_T($sp)
+
+.Lxts_km_go:
+	lrvg	$s0,$tweak+0($s2)	# load the tweak value in little-endian
+	lrvg	$s1,$tweak+8($s2)
+
+	la	$s2,16($sp)		# vector of ascending tweak values
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+	j	.Lxts_km_start
+
+.Lxts_km_loop:
+	la	$s2,16($sp)
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+.Lxts_km_prepare:
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+.Lxts_km_start:
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	stg	$i1,0($s2,$inp)
+	stg	$i2,8($s2,$inp)
+	xg	$i1,0($inp)
+	xg	$i2,8($inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lxts_km_prepare
+
+	slgr	$inp,$fp		# rewind $inp
+	la	$s2,0($out,$inp)
+	lgr	$s3,$fp
+	.long	0xb92e00aa		# km $s2,$s2
+	brc	1,.-4			# pay attention to "partial completion"
+
+	la	$s2,16($sp)
+	slgr	$s2,$inp
+	srlg	$s3,$fp,4
+.Lxts_km_xor:
+	lg	$i1,0($out,$inp)
+	lg	$i2,8($out,$inp)
+	xg	$i1,0($s2,$inp)
+	xg	$i2,8($s2,$inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$inp,16($inp)
+	brct	$s3,.Lxts_km_xor
+
+	slgr	$len,$fp
+	brc	1,.Lxts_km_loop		# not zero, no borrow
+	algr	$fp,$len
+	lghi	$len,0
+	brc	4+1,.Lxts_km_loop	# not zero
+
+	l${g}	$i1,0($sp)		# back-chain
+	llgf	$fp,`2*$SIZE_T-4`($sp)	# bytes used
+	la	$i2,16($sp)
+	srlg	$fp,$fp,4
+.Lxts_km_zap:
+	stg	$i1,0($i2)
+	stg	$i1,8($i2)
+	la	$i2,16($i2)
+	brct	$fp,.Lxts_km_zap
+
+	la	$sp,0($i1)
+	llgc	$len,2*$SIZE_T-1($i1)
+	nill	$len,0x0f		# $len%=16
+	bzr	$ra
+
+	# generate one more tweak...
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+
+	ltr	$len,$len		# clear zero flag
+	br	$ra
+.size	_s390x_xts_km,.-_s390x_xts_km
+
+.globl	AES_xts_encrypt
+.type	AES_xts_encrypt,\@function
+.align	16
+AES_xts_encrypt:
+	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
+	srag	$len,$len,4		# formally wrong, because it expands
+					# sign byte, but who can afford asking
+					# to process more than 2^63-1 bytes?
+					# I use it, because it sets condition
+					# code...
+	bcr	8,$ra			# abort if zero (i.e. less than 16)
+___
+$code.=<<___ if (!$softonly);
+	llgf	%r0,240($key2)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lxts_enc_software
+
+	st${g}	$ra,5*$SIZE_T($sp)
+	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+
+	sllg	$len,$len,4		# $len&=~15
+	slgr	$out,$inp
+
+	# generate the tweak value
+	l${g}	$s3,$stdframe($sp)	# pointer to iv
+	la	$s2,$tweak($sp)
+	lmg	$s0,$s1,0($s3)
+	lghi	$s3,16
+	stmg	$s0,$s1,0($s2)
+	la	%r1,0($key2)		# $key2 is not needed anymore
+	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
+	brc	1,.-4			# can this happen?
+
+	l	%r0,240($key1)
+	la	%r1,0($key1)		# $key1 is not needed anymore
+	bras	$ra,_s390x_xts_km
+	jz	.Lxts_enc_km_done
+
+	aghi	$inp,-16		# take one step back
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_enc_km_steal:
+	llgc	$i1,16($inp)
+	llgc	$i2,0($out,$inp)
+	stc	$i1,0($out,$inp)
+	stc	$i2,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_enc_km_steal
+
+	la	$s2,0($i3)
+	lghi	$s3,16
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	xg	$i1,0($s2)
+	xg	$i2,8($s2)
+	stg	$i1,0($s2)
+	stg	$i2,8($s2)
+	.long	0xb92e00aa		# km $s2,$s2
+	brc	1,.-4			# can this happen?
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+	xg	$i1,0($i3)
+	xg	$i2,8($i3)
+	stg	$i1,0($i3)
+	stg	$i2,8($i3)
+
+.Lxts_enc_km_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$tweak+8($sp)
+	l${g}	$ra,5*$SIZE_T($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lxts_enc_software:
+___
+$code.=<<___;
+	stm${g}	%r6,$ra,6*$SIZE_T($sp)
+
+	slgr	$out,$inp
+
+	l${g}	$s3,$stdframe($sp)	# ivp
+	llgf	$s0,0($s3)		# load iv
+	llgf	$s1,4($s3)
+	llgf	$s2,8($s3)
+	llgf	$s3,12($s3)
+	stm${g}	%r2,%r5,2*$SIZE_T($sp)
+	la	$key,0($key2)
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt	# generate the tweak
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	stm	$s0,$s3,$tweak($sp)	# save the tweak
+	j	.Lxts_enc_enter
+
+.align	16
+.Lxts_enc_loop:
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+	la	$inp,16($inp)		# $inp+=16
+.Lxts_enc_enter:
+	x	$s0,0($inp)		# ^=*($inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_encrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+	brct${g}	$len,.Lxts_enc_loop
+
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	jz	.Lxts_enc_done
+
+	la	$i3,0($inp,$out)	# put aside real $out
+.Lxts_enc_steal:
+	llgc	%r0,16($inp)
+	llgc	%r1,0($out,$inp)
+	stc	%r0,0($out,$inp)
+	stc	%r1,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_enc_steal
+	la	$out,0($i3)		# restore real $out
+
+	# generate last tweak...
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+
+	x	$s0,0($out)		# ^=*(inp)|stolen cipther-text
+	x	$s1,4($out)
+	x	$s2,8($out)
+	x	$s3,12($out)
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_encrypt
+	l${g}	$out,4*$SIZE_T($sp)
+	x	$s0,`$tweak+0`($sp)	# ^=tweak
+	x	$s1,`$tweak+4`($sp)
+	x	$s2,`$tweak+8`($sp)
+	x	$s3,`$tweak+12`($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+
+.Lxts_enc_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$twesk+8($sp)
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_xts_encrypt,.-AES_xts_encrypt
+___
+# void AES_xts_decrypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+$code.=<<___;
+.globl	AES_xts_decrypt
+.type	AES_xts_decrypt,\@function
+.align	16
+AES_xts_decrypt:
+	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
+	xgr	%r4,%r3
+	xgr	%r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
+	aghi	$len,-16
+	bcr	4,$ra			# abort if less than zero. formally
+					# wrong, because $len is unsigned,
+					# but who can afford asking to
+					# process more than 2^63-1 bytes?
+	tmll	$len,0x0f
+	jnz	.Lxts_dec_proceed
+	aghi	$len,16
+.Lxts_dec_proceed:
+___
+$code.=<<___ if (!$softonly);
+	llgf	%r0,240($key2)
+	lhi	%r1,16
+	clr	%r0,%r1
+	jl	.Lxts_dec_software
+
+	st${g}	$ra,5*$SIZE_T($sp)
+	stm${g}	%r6,$s3,6*$SIZE_T($sp)
+
+	nill	$len,0xfff0		# $len&=~15
+	slgr	$out,$inp
+
+	# generate the tweak value
+	l${g}	$s3,$stdframe($sp)	# pointer to iv
+	la	$s2,$tweak($sp)
+	lmg	$s0,$s1,0($s3)
+	lghi	$s3,16
+	stmg	$s0,$s1,0($s2)
+	la	%r1,0($key2)		# $key2 is not needed past this point
+	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
+	brc	1,.-4			# can this happen?
+
+	l	%r0,240($key1)
+	la	%r1,0($key1)		# $key1 is not needed anymore
+
+	ltgr	$len,$len
+	jz	.Lxts_dec_km_short
+	bras	$ra,_s390x_xts_km
+	jz	.Lxts_dec_km_done
+
+	lrvgr	$s2,$s0			# make copy in reverse byte order
+	lrvgr	$s3,$s1
+	j	.Lxts_dec_km_2ndtweak
+
+.Lxts_dec_km_short:
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%=16
+	lrvg	$s0,$tweak+0($sp)	# load the tweak
+	lrvg	$s1,$tweak+8($sp)
+	lrvgr	$s2,$s0			# make copy in reverse byte order
+	lrvgr	$s3,$s1
+
+.Lxts_dec_km_2ndtweak:
+	lghi	$i1,0x87
+	srag	$i2,$s1,63		# broadcast upper bit
+	ngr	$i1,$i2			# rem
+	algr	$s0,$s0
+	alcgr	$s1,$s1
+	xgr	$s0,$i1
+	lrvgr	$i1,$s0			# flip byte order
+	lrvgr	$i2,$s1
+
+	xg	$i1,0($inp)
+	xg	$i2,8($inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+	la	$i2,0($out,$inp)
+	lghi	$i3,16
+	.long	0xb92e0066		# km $i2,$i2
+	brc	1,.-4			# can this happen?
+	lrvgr	$i1,$s0
+	lrvgr	$i2,$s1
+	xg	$i1,0($out,$inp)
+	xg	$i2,8($out,$inp)
+	stg	$i1,0($out,$inp)
+	stg	$i2,8($out,$inp)
+
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_dec_km_steal:
+	llgc	$i1,16($inp)
+	llgc	$i2,0($out,$inp)
+	stc	$i1,0($out,$inp)
+	stc	$i2,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_dec_km_steal
+
+	lgr	$s0,$s2
+	lgr	$s1,$s3
+	xg	$s0,0($i3)
+	xg	$s1,8($i3)
+	stg	$s0,0($i3)
+	stg	$s1,8($i3)
+	la	$s0,0($i3)
+	lghi	$s1,16
+	.long	0xb92e0088		# km $s0,$s0
+	brc	1,.-4			# can this happen?
+	xg	$s2,0($i3)
+	xg	$s3,8($i3)
+	stg	$s2,0($i3)
+	stg	$s3,8($i3)
+.Lxts_dec_km_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$tweak+8($sp)
+	l${g}	$ra,5*$SIZE_T($sp)
+	lm${g}	%r6,$s3,6*$SIZE_T($sp)
+	br	$ra
+.align	16
+.Lxts_dec_software:
+___
+$code.=<<___;
+	stm${g}	%r6,$ra,6*$SIZE_T($sp)
+
+	srlg	$len,$len,4
+	slgr	$out,$inp
+
+	l${g}	$s3,$stdframe($sp)	# ivp
+	llgf	$s0,0($s3)		# load iv
+	llgf	$s1,4($s3)
+	llgf	$s2,8($s3)
+	llgf	$s3,12($s3)
+	stm${g}	%r2,%r5,2*$SIZE_T($sp)
+	la	$key,0($key2)
+	larl	$tbl,AES_Te
+	bras	$ra,_s390x_AES_encrypt	# generate the tweak
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	larl	$tbl,AES_Td
+	lt${g}r	$len,$len
+	stm	$s0,$s3,$tweak($sp)	# save the tweak
+	jz	.Lxts_dec_short
+	j	.Lxts_dec_enter
+
+.align	16
+.Lxts_dec_loop:
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
+	stg	$s1,$tweak+0($sp)	# save the tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak+8($sp)
+	llgfr	$s3,$s3
+.Lxts_dec_enter:
+	x	$s0,0($inp)		# tweak^=*(inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+	la	$inp,16($inp)
+	brct${g}	$len,.Lxts_dec_loop
+
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	jz	.Lxts_dec_done
+
+	# generate pair of tweaks...
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$i2,$s1			# flip byte order
+	lrvgr	$i3,$s3
+	stmg	$i2,$i3,$tweak($sp)	# save the 1st tweak
+	j	.Lxts_dec_2ndtweak
+
+.align	16
+.Lxts_dec_short:
+	llgc	$len,`2*$SIZE_T-1`($sp)
+	nill	$len,0x0f		# $len%16
+	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
+	lrvg	$s3,$tweak+8($sp)
+.Lxts_dec_2ndtweak:
+	lghi	%r1,0x87
+	srag	%r0,$s3,63		# broadcast upper bit
+	ngr	%r1,%r0			# rem
+	algr	$s1,$s1
+	alcgr	$s3,$s3
+	xgr	$s1,%r1
+	lrvgr	$s1,$s1			# flip byte order
+	lrvgr	$s3,$s3
+	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
+	stg	$s1,$tweak-16+0($sp)	# save the 2nd tweak
+	llgfr	$s1,$s1
+	srlg	$s2,$s3,32
+	stg	$s3,$tweak-16+8($sp)
+	llgfr	$s3,$s3
+
+	x	$s0,0($inp)		# tweak_the_2nd^=*(inp)
+	x	$s1,4($inp)
+	x	$s2,8($inp)
+	x	$s3,12($inp)
+	stm${g}	%r2,%r3,2*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	lm${g}	%r2,%r5,2*$SIZE_T($sp)
+	x	$s0,$tweak-16+0($sp)	# ^=tweak_the_2nd
+	x	$s1,$tweak-16+4($sp)
+	x	$s2,$tweak-16+8($sp)
+	x	$s3,$tweak-16+12($sp)
+	st	$s0,0($out,$inp)
+	st	$s1,4($out,$inp)
+	st	$s2,8($out,$inp)
+	st	$s3,12($out,$inp)
+
+	la	$i3,0($out,$inp)	# put aside real $out
+.Lxts_dec_steal:
+	llgc	%r0,16($inp)
+	llgc	%r1,0($out,$inp)
+	stc	%r0,0($out,$inp)
+	stc	%r1,16($out,$inp)
+	la	$inp,1($inp)
+	brct	$len,.Lxts_dec_steal
+	la	$out,0($i3)		# restore real $out
+
+	lm	$s0,$s3,$tweak($sp)	# load the 1st tweak
+	x	$s0,0($out)		# tweak^=*(inp)|stolen cipher-text
+	x	$s1,4($out)
+	x	$s2,8($out)
+	x	$s3,12($out)
+	st${g}	$out,4*$SIZE_T($sp)
+	la	$key,0($key1)
+	bras	$ra,_s390x_AES_decrypt
+	l${g}	$out,4*$SIZE_T($sp)
+	x	$s0,$tweak+0($sp)	# ^=tweak
+	x	$s1,$tweak+4($sp)
+	x	$s2,$tweak+8($sp)
+	x	$s3,$tweak+12($sp)
+	st	$s0,0($out)
+	st	$s1,4($out)
+	st	$s2,8($out)
+	st	$s3,12($out)
+	stg	$sp,$tweak-16+0($sp)	# wipe 2nd tweak
+	stg	$sp,$tweak-16+8($sp)
+.Lxts_dec_done:
+	stg	$sp,$tweak+0($sp)	# wipe tweak
+	stg	$sp,$twesk+8($sp)
+	lm${g}	%r6,$ra,6*$SIZE_T($sp)
+	br	$ra
+.size	AES_xts_decrypt,.-AES_xts_decrypt
+___
+}
+$code.=<<___;
+.string	"AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;	# force flush
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-sparcv9.pl b/openssl-1.1.0h/crypto/aes/asm/aes-sparcv9.pl
new file mode 100755
index 0000000..883fae8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-sparcv9.pl
@@ -0,0 +1,1192 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 1.1
+#
+# The major reason for undertaken effort was to mitigate the hazard of
+# cache-timing attack. This is [currently and initially!] addressed in
+# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each.
+# 2. References to them are scheduled for L2 cache latency, meaning
+# that the tables don't have to reside in L1 cache. Once again, this
+# is an initial draft and one should expect more countermeasures to
+# be implemented...
+#
+# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last
+# round.
+#
+# Even though performance was not the primary goal [on the contrary,
+# extra shifts "induced" by compressed S-box and longer loop epilogue
+# "induced" by scheduling for L2 have negative effect on performance],
+# the code turned out to run in ~23 cycles per processed byte en-/
+# decrypted with 128-bit key. This is pretty good result for code
+# with mentioned qualities and UltraSPARC core. Compared to Sun C
+# generated code my encrypt procedure runs just few percents faster,
+# while decrypt one - whole 50% faster [yes, Sun C failed to generate
+# optimal decrypt procedure]. Compared to GNU C generated code both
+# procedures are more than 60% faster:-)
+
+$output = pop;
+open STDOUT,">$output";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+$locals=16;
+
+$acc0="%l0";
+$acc1="%o0";
+$acc2="%o1";
+$acc3="%o2";
+
+$acc4="%l1";
+$acc5="%o3";
+$acc6="%o4";
+$acc7="%o5";
+
+$acc8="%l2";
+$acc9="%o7";
+$acc10="%g1";
+$acc11="%g2";
+
+$acc12="%l3";
+$acc13="%g3";
+$acc14="%g4";
+$acc15="%g5";
+
+$t0="%l4";
+$t1="%l5";
+$t2="%l6";
+$t3="%l7";
+
+$s0="%i0";
+$s1="%i1";
+$s2="%i2";
+$s3="%i3";
+$tbl="%i4";
+$key="%i5";
+$rounds="%i7";	# aliases with return address, which is off-loaded to stack
+
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef  __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+.section	".text",#alloc,#execinstr
+
+.align	256
+AES_Te:
+___
+&_data_word(
+	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+	.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+	.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+	.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+	.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+	.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+	.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+	.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+	.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+	.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+	.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+	.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+	.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+	.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+	.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+	.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+	.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+	.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+	.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+	.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+	.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+	.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+	.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+	.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+	.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+	.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+	.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+	.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+	.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+	.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+	.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+	.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+	.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.type	AES_Te,#object
+.size	AES_Te,(.-AES_Te)
+
+.align	64
+.skip	16
+_sparcv9_AES_encrypt:
+	save	%sp,-$frame-$locals,%sp
+	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
+	ld	[$key+240],$rounds
+	ld	[$key+0],$t0
+	ld	[$key+4],$t1			!
+	ld	[$key+8],$t2
+	srl	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ld	[$key+12],$t3
+	srl	$s0,21,$acc0
+	xor	$t1,$s1,$s1
+	ld	[$key+16],$t0
+	srl	$s1,13,$acc1			!
+	xor	$t2,$s2,$s2
+	ld	[$key+20],$t1
+	xor	$t3,$s3,$s3
+	ld	[$key+24],$t2
+	and	$acc0,2040,$acc0
+	ld	[$key+28],$t3
+	nop
+.Lenc_loop:
+	srl	$s2,5,$acc2			!
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$s3,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	srl	$s1,21,$acc4
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2		!
+	srl	$s2,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$s3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4
+	fmovs	%f0,%f0
+	sll	$s0,3,$acc7			!
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$s2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	srl	$s3,13,$acc9
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7		!
+	srl	$s0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$s1,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9
+	fmovs	%f0,%f0
+	srl	$s3,21,$acc12			!
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$s0,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	srl	$s1,5,$acc14
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12		!
+	sll	$s2,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+	and	$acc15,2040,$acc15
+	add	$key,32,$key
+	ldx	[$tbl+$acc14],$acc14
+	fmovs	%f0,%f0
+	subcc	$rounds,1,$rounds		!
+	ldx	[$tbl+$acc15],$acc15
+	bz,a,pn	%icc,.Lenc_last
+	add	$tbl,2048,$rounds
+
+		srlx	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+	fmovs	%f0,%f0
+		srlx	$acc2,16,$acc2		!
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3			!
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+	fmovs	%f0,%f0
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10	!
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15	!
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,21,$acc0
+		xor	$acc14,$t3,$t3
+	srl	$t1,13,$acc1
+		xor	$acc15,$t3,$t3
+
+	and	$acc0,2040,$acc0		!
+	srl	$t2,5,$acc2
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$t3,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	fmovs	%f0,%f0
+	srl	$t1,21,$acc4			!
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2
+	srl	$t2,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$t3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4		!
+	sll	$t0,3,$acc7
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$t2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	fmovs	%f0,%f0
+	srl	$t3,13,$acc9			!
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7
+	srl	$t0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$t1,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9		!
+	srl	$t3,21,$acc12
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$t0,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	fmovs	%f0,%f0
+	srl	$t1,5,$acc14			!
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12
+	sll	$t2,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+		srlx	$acc1,8,$acc1
+	and	$acc15,2040,$acc15
+	ldx	[$tbl+$acc14],$acc14		!
+
+		srlx	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldx	[$tbl+$acc15],$acc15
+		srlx	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ld	[$key+16],$t0
+	fmovs	%f0,%f0
+		srlx	$acc5,8,$acc5		!
+		xor	$acc2,$s0,$s0
+	ld	[$key+20],$t1
+		srlx	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ld	[$key+24],$t2
+		srlx	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ld	[$key+28],$t3			!
+		srlx	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldx	[$tbl+2048+0],%g0		! prefetch te4
+		srlx	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldx	[$tbl+2048+32],%g0		! prefetch te4
+		srlx	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldx	[$tbl+2048+64],%g0		! prefetch te4
+		srlx	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldx	[$tbl+2048+96],%g0		! prefetch te4
+		srlx	$acc14,16,$acc14	!
+		xor	$acc9,$s2,$s2
+	ldx	[$tbl+2048+128],%g0		! prefetch te4
+		srlx	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldx	[$tbl+2048+160],%g0		! prefetch te4
+	srl	$s0,21,$acc0
+		xor	$acc11,$s2,$s2
+	ldx	[$tbl+2048+192],%g0		! prefetch te4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldx	[$tbl+2048+224],%g0		! prefetch te4
+	srl	$s1,13,$acc1			!
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	ba	.Lenc_loop
+	and	$acc0,2040,$acc0
+
+.align	32
+.Lenc_last:
+		srlx	$acc1,8,$acc1		!
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+		srlx	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2			!
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9		!
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14	!
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+	srl	$t1,16,$acc1			!
+		xor	$acc15,$t3,$t3
+
+	srl	$t2,8,$acc2
+	and	$acc1,255,$acc1
+	ldub	[$rounds+$acc0],$acc0
+	srl	$t1,24,$acc4
+	and	$acc2,255,$acc2
+	ldub	[$rounds+$acc1],$acc1
+	srl	$t2,16,$acc5			!
+	and	$t3,255,$acc3
+	ldub	[$rounds+$acc2],$acc2
+	ldub	[$rounds+$acc3],$acc3
+	srl	$t3,8,$acc6
+	and	$acc5,255,$acc5
+	ldub	[$rounds+$acc4],$acc4
+	fmovs	%f0,%f0
+	srl	$t2,24,$acc8			!
+	and	$acc6,255,$acc6
+	ldub	[$rounds+$acc5],$acc5
+	srl	$t3,16,$acc9
+	and	$t0,255,$acc7
+	ldub	[$rounds+$acc6],$acc6
+	ldub	[$rounds+$acc7],$acc7
+	fmovs	%f0,%f0
+	srl	$t0,8,$acc10			!
+	and	$acc9,255,$acc9
+	ldub	[$rounds+$acc8],$acc8
+	srl	$t3,24,$acc12
+	and	$acc10,255,$acc10
+	ldub	[$rounds+$acc9],$acc9
+	srl	$t0,16,$acc13
+	and	$t1,255,$acc11
+	ldub	[$rounds+$acc10],$acc10		!
+	srl	$t1,8,$acc14
+	and	$acc13,255,$acc13
+	ldub	[$rounds+$acc11],$acc11
+	ldub	[$rounds+$acc12],$acc12
+	and	$acc14,255,$acc14
+	ldub	[$rounds+$acc13],$acc13
+	and	$t2,255,$acc15
+	ldub	[$rounds+$acc14],$acc14		!
+
+		sll	$acc0,24,$acc0
+		xor	$acc3,$s0,$s0
+	ldub	[$rounds+$acc15],$acc15
+		sll	$acc1,16,$acc1
+		xor	$acc0,$s0,$s0
+	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
+	fmovs	%f0,%f0
+		sll	$acc2,8,$acc2		!
+		xor	$acc1,$s0,$s0
+		sll	$acc4,24,$acc4
+		xor	$acc2,$s0,$s0
+		sll	$acc5,16,$acc5
+		xor	$acc7,$s1,$s1
+		sll	$acc6,8,$acc6
+		xor	$acc4,$s1,$s1
+		sll	$acc8,24,$acc8		!
+		xor	$acc5,$s1,$s1
+		sll	$acc9,16,$acc9
+		xor	$acc11,$s2,$s2
+		sll	$acc10,8,$acc10
+		xor	$acc6,$s1,$s1
+		sll	$acc12,24,$acc12
+		xor	$acc8,$s2,$s2
+		sll	$acc13,16,$acc13	!
+		xor	$acc9,$s2,$s2
+		sll	$acc14,8,$acc14
+		xor	$acc10,$s2,$s2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+
+	ret
+	restore
+.type	_sparcv9_AES_encrypt,#function
+.size	_sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
+
+.align	32
+.globl	AES_encrypt
+AES_encrypt:
+	or	%o0,%o1,%g1
+	andcc	%g1,3,%g0
+	bnz,pn	%xcc,.Lunaligned_enc
+	save	%sp,-$frame,%sp
+
+	ld	[%i0+0],%o0
+	ld	[%i0+4],%o1
+	ld	[%i0+8],%o2
+	ld	[%i0+12],%o3
+
+1:	call	.+8
+	add	%o7,AES_Te-1b,%o4
+	call	_sparcv9_AES_encrypt
+	mov	%i2,%o5
+
+	st	%o0,[%i1+0]
+	st	%o1,[%i1+4]
+	st	%o2,[%i1+8]
+	st	%o3,[%i1+12]
+
+	ret
+	restore
+
+.align	32
+.Lunaligned_enc:
+	ldub	[%i0+0],%l0
+	ldub	[%i0+1],%l1
+	ldub	[%i0+2],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+3],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+4],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+5],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+6],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o0
+	ldub	[%i0+7],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	ldub	[%i0+8],%l0
+	or	%l7,%l6,%l6
+	ldub	[%i0+9],%l1
+	or	%l4,%l6,%o1
+	ldub	[%i0+10],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+11],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+12],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+13],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+14],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o2
+	ldub	[%i0+15],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	or	%l7,%l6,%l6
+	or	%l4,%l6,%o3
+
+1:	call	.+8
+	add	%o7,AES_Te-1b,%o4
+	call	_sparcv9_AES_encrypt
+	mov	%i2,%o5
+
+	srl	%o0,24,%l0
+	srl	%o0,16,%l1
+	stb	%l0,[%i1+0]
+	srl	%o0,8,%l2
+	stb	%l1,[%i1+1]
+	stb	%l2,[%i1+2]
+	srl	%o1,24,%l4
+	stb	%o0,[%i1+3]
+
+	srl	%o1,16,%l5
+	stb	%l4,[%i1+4]
+	srl	%o1,8,%l6
+	stb	%l5,[%i1+5]
+	stb	%l6,[%i1+6]
+	srl	%o2,24,%l0
+	stb	%o1,[%i1+7]
+
+	srl	%o2,16,%l1
+	stb	%l0,[%i1+8]
+	srl	%o2,8,%l2
+	stb	%l1,[%i1+9]
+	stb	%l2,[%i1+10]
+	srl	%o3,24,%l4
+	stb	%o2,[%i1+11]
+
+	srl	%o3,16,%l5
+	stb	%l4,[%i1+12]
+	srl	%o3,8,%l6
+	stb	%l5,[%i1+13]
+	stb	%l6,[%i1+14]
+	stb	%o3,[%i1+15]
+
+	ret
+	restore
+.type	AES_encrypt,#function
+.size	AES_encrypt,(.-AES_encrypt)
+
+___
+
+$code.=<<___;
+.align	256
+AES_Td:
+___
+&_data_word(
+	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+	.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+	.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+	.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+	.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+	.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+	.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+	.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+	.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+	.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+	.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+	.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+	.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+	.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+	.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+	.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+	.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+	.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+	.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+	.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+	.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+	.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+	.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+	.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+	.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+	.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+	.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+	.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+	.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+	.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+	.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+	.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+	.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.type	AES_Td,#object
+.size	AES_Td,(.-AES_Td)
+
+.align	64
+.skip	16
+_sparcv9_AES_decrypt:
+	save	%sp,-$frame-$locals,%sp
+	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
+	ld	[$key+240],$rounds
+	ld	[$key+0],$t0
+	ld	[$key+4],$t1			!
+	ld	[$key+8],$t2
+	ld	[$key+12],$t3
+	srl	$rounds,1,$rounds
+	xor	$t0,$s0,$s0
+	ld	[$key+16],$t0
+	xor	$t1,$s1,$s1
+	ld	[$key+20],$t1
+	srl	$s0,21,$acc0			!
+	xor	$t2,$s2,$s2
+	ld	[$key+24],$t2
+	xor	$t3,$s3,$s3
+	and	$acc0,2040,$acc0
+	ld	[$key+28],$t3
+	srl	$s3,13,$acc1
+	nop
+.Ldec_loop:
+	srl	$s2,5,$acc2			!
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$s1,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	srl	$s1,21,$acc4
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2		!
+	srl	$s0,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$s3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4
+	fmovs	%f0,%f0
+	sll	$s2,3,$acc7			!
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$s2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	srl	$s1,13,$acc9
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7		!
+	srl	$s0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$s3,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9
+	fmovs	%f0,%f0
+	srl	$s3,21,$acc12			!
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$s2,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	srl	$s1,5,$acc14
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12		!
+	sll	$s0,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+	and	$acc15,2040,$acc15
+	add	$key,32,$key
+	ldx	[$tbl+$acc14],$acc14
+	fmovs	%f0,%f0
+	subcc	$rounds,1,$rounds		!
+	ldx	[$tbl+$acc15],$acc15
+	bz,a,pn	%icc,.Ldec_last
+	add	$tbl,2048,$rounds
+
+		srlx	$acc1,8,$acc1
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+	fmovs	%f0,%f0
+		srlx	$acc2,16,$acc2		!
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3			!
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+	fmovs	%f0,%f0
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10	!
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15	!
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,21,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3
+	srl	$t3,13,$acc1
+
+	and	$acc0,2040,$acc0		!
+	srl	$t2,5,$acc2
+	and	$acc1,2040,$acc1
+	ldx	[$tbl+$acc0],$acc0
+	sll	$t1,3,$acc3
+	and	$acc2,2040,$acc2
+	ldx	[$tbl+$acc1],$acc1
+	fmovs	%f0,%f0
+	srl	$t1,21,$acc4			!
+	and	$acc3,2040,$acc3
+	ldx	[$tbl+$acc2],$acc2
+	srl	$t0,13,$acc5
+	and	$acc4,2040,$acc4
+	ldx	[$tbl+$acc3],$acc3
+	srl	$t3,5,$acc6
+	and	$acc5,2040,$acc5
+	ldx	[$tbl+$acc4],$acc4		!
+	sll	$t2,3,$acc7
+	and	$acc6,2040,$acc6
+	ldx	[$tbl+$acc5],$acc5
+	srl	$t2,21,$acc8
+	and	$acc7,2040,$acc7
+	ldx	[$tbl+$acc6],$acc6
+	fmovs	%f0,%f0
+	srl	$t1,13,$acc9			!
+	and	$acc8,2040,$acc8
+	ldx	[$tbl+$acc7],$acc7
+	srl	$t0,5,$acc10
+	and	$acc9,2040,$acc9
+	ldx	[$tbl+$acc8],$acc8
+	sll	$t3,3,$acc11
+	and	$acc10,2040,$acc10
+	ldx	[$tbl+$acc9],$acc9		!
+	srl	$t3,21,$acc12
+	and	$acc11,2040,$acc11
+	ldx	[$tbl+$acc10],$acc10
+	srl	$t2,13,$acc13
+	and	$acc12,2040,$acc12
+	ldx	[$tbl+$acc11],$acc11
+	fmovs	%f0,%f0
+	srl	$t1,5,$acc14			!
+	and	$acc13,2040,$acc13
+	ldx	[$tbl+$acc12],$acc12
+	sll	$t0,3,$acc15
+	and	$acc14,2040,$acc14
+	ldx	[$tbl+$acc13],$acc13
+		srlx	$acc1,8,$acc1
+	and	$acc15,2040,$acc15
+	ldx	[$tbl+$acc14],$acc14		!
+
+		srlx	$acc2,16,$acc2
+		xor	$acc0,$s0,$s0
+	ldx	[$tbl+$acc15],$acc15
+		srlx	$acc3,24,$acc3
+		xor	$acc1,$s0,$s0
+	ld	[$key+16],$t0
+	fmovs	%f0,%f0
+		srlx	$acc5,8,$acc5		!
+		xor	$acc2,$s0,$s0
+	ld	[$key+20],$t1
+		srlx	$acc6,16,$acc6
+		xor	$acc3,$s0,$s0
+	ld	[$key+24],$t2
+		srlx	$acc7,24,$acc7
+		xor	$acc4,$s1,$s1
+	ld	[$key+28],$t3			!
+		srlx	$acc9,8,$acc9
+		xor	$acc5,$s1,$s1
+	ldx	[$tbl+2048+0],%g0		! prefetch td4
+		srlx	$acc10,16,$acc10
+		xor	$acc6,$s1,$s1
+	ldx	[$tbl+2048+32],%g0		! prefetch td4
+		srlx	$acc11,24,$acc11
+		xor	$acc7,$s1,$s1
+	ldx	[$tbl+2048+64],%g0		! prefetch td4
+		srlx	$acc13,8,$acc13
+		xor	$acc8,$s2,$s2
+	ldx	[$tbl+2048+96],%g0		! prefetch td4
+		srlx	$acc14,16,$acc14	!
+		xor	$acc9,$s2,$s2
+	ldx	[$tbl+2048+128],%g0		! prefetch td4
+		srlx	$acc15,24,$acc15
+		xor	$acc10,$s2,$s2
+	ldx	[$tbl+2048+160],%g0		! prefetch td4
+	srl	$s0,21,$acc0
+		xor	$acc11,$s2,$s2
+	ldx	[$tbl+2048+192],%g0		! prefetch td4
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+	ldx	[$tbl+2048+224],%g0		! prefetch td4
+	and	$acc0,2040,$acc0		!
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+	ba	.Ldec_loop
+	srl	$s3,13,$acc1
+
+.align	32
+.Ldec_last:
+		srlx	$acc1,8,$acc1		!
+		xor	$acc0,$t0,$t0
+	ld	[$key+0],$s0
+		srlx	$acc2,16,$acc2
+		xor	$acc1,$t0,$t0
+	ld	[$key+4],$s1
+		srlx	$acc3,24,$acc3
+		xor	$acc2,$t0,$t0
+	ld	[$key+8],$s2			!
+		srlx	$acc5,8,$acc5
+		xor	$acc3,$t0,$t0
+	ld	[$key+12],$s3
+		srlx	$acc6,16,$acc6
+		xor	$acc4,$t1,$t1
+		srlx	$acc7,24,$acc7
+		xor	$acc5,$t1,$t1
+		srlx	$acc9,8,$acc9		!
+		xor	$acc6,$t1,$t1
+		srlx	$acc10,16,$acc10
+		xor	$acc7,$t1,$t1
+		srlx	$acc11,24,$acc11
+		xor	$acc8,$t2,$t2
+		srlx	$acc13,8,$acc13
+		xor	$acc9,$t2,$t2
+		srlx	$acc14,16,$acc14	!
+		xor	$acc10,$t2,$t2
+		srlx	$acc15,24,$acc15
+		xor	$acc11,$t2,$t2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$t3,$t3
+	srl	$t0,24,$acc0
+		xor	$acc14,$t3,$t3
+		xor	$acc15,$t3,$t3		!
+	srl	$t3,16,$acc1
+
+	srl	$t2,8,$acc2
+	and	$acc1,255,$acc1
+	ldub	[$rounds+$acc0],$acc0
+	srl	$t1,24,$acc4
+	and	$acc2,255,$acc2
+	ldub	[$rounds+$acc1],$acc1
+	srl	$t0,16,$acc5			!
+	and	$t1,255,$acc3
+	ldub	[$rounds+$acc2],$acc2
+	ldub	[$rounds+$acc3],$acc3
+	srl	$t3,8,$acc6
+	and	$acc5,255,$acc5
+	ldub	[$rounds+$acc4],$acc4
+	fmovs	%f0,%f0
+	srl	$t2,24,$acc8			!
+	and	$acc6,255,$acc6
+	ldub	[$rounds+$acc5],$acc5
+	srl	$t1,16,$acc9
+	and	$t2,255,$acc7
+	ldub	[$rounds+$acc6],$acc6
+	ldub	[$rounds+$acc7],$acc7
+	fmovs	%f0,%f0
+	srl	$t0,8,$acc10			!
+	and	$acc9,255,$acc9
+	ldub	[$rounds+$acc8],$acc8
+	srl	$t3,24,$acc12
+	and	$acc10,255,$acc10
+	ldub	[$rounds+$acc9],$acc9
+	srl	$t2,16,$acc13
+	and	$t3,255,$acc11
+	ldub	[$rounds+$acc10],$acc10		!
+	srl	$t1,8,$acc14
+	and	$acc13,255,$acc13
+	ldub	[$rounds+$acc11],$acc11
+	ldub	[$rounds+$acc12],$acc12
+	and	$acc14,255,$acc14
+	ldub	[$rounds+$acc13],$acc13
+	and	$t0,255,$acc15
+	ldub	[$rounds+$acc14],$acc14		!
+
+		sll	$acc0,24,$acc0
+		xor	$acc3,$s0,$s0
+	ldub	[$rounds+$acc15],$acc15
+		sll	$acc1,16,$acc1
+		xor	$acc0,$s0,$s0
+	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
+	fmovs	%f0,%f0
+		sll	$acc2,8,$acc2		!
+		xor	$acc1,$s0,$s0
+		sll	$acc4,24,$acc4
+		xor	$acc2,$s0,$s0
+		sll	$acc5,16,$acc5
+		xor	$acc7,$s1,$s1
+		sll	$acc6,8,$acc6
+		xor	$acc4,$s1,$s1
+		sll	$acc8,24,$acc8		!
+		xor	$acc5,$s1,$s1
+		sll	$acc9,16,$acc9
+		xor	$acc11,$s2,$s2
+		sll	$acc10,8,$acc10
+		xor	$acc6,$s1,$s1
+		sll	$acc12,24,$acc12
+		xor	$acc8,$s2,$s2
+		sll	$acc13,16,$acc13	!
+		xor	$acc9,$s2,$s2
+		sll	$acc14,8,$acc14
+		xor	$acc10,$s2,$s2
+		xor	$acc12,$acc14,$acc14
+		xor	$acc13,$s3,$s3
+		xor	$acc14,$s3,$s3
+		xor	$acc15,$s3,$s3
+
+	ret
+	restore
+.type	_sparcv9_AES_decrypt,#function
+.size	_sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
+
+.align	32
+.globl	AES_decrypt
+AES_decrypt:
+	or	%o0,%o1,%g1
+	andcc	%g1,3,%g0
+	bnz,pn	%xcc,.Lunaligned_dec
+	save	%sp,-$frame,%sp
+
+	ld	[%i0+0],%o0
+	ld	[%i0+4],%o1
+	ld	[%i0+8],%o2
+	ld	[%i0+12],%o3
+
+1:	call	.+8
+	add	%o7,AES_Td-1b,%o4
+	call	_sparcv9_AES_decrypt
+	mov	%i2,%o5
+
+	st	%o0,[%i1+0]
+	st	%o1,[%i1+4]
+	st	%o2,[%i1+8]
+	st	%o3,[%i1+12]
+
+	ret
+	restore
+
+.align	32
+.Lunaligned_dec:
+	ldub	[%i0+0],%l0
+	ldub	[%i0+1],%l1
+	ldub	[%i0+2],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+3],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+4],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+5],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+6],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o0
+	ldub	[%i0+7],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	ldub	[%i0+8],%l0
+	or	%l7,%l6,%l6
+	ldub	[%i0+9],%l1
+	or	%l4,%l6,%o1
+	ldub	[%i0+10],%l2
+
+	sll	%l0,24,%l0
+	ldub	[%i0+11],%l3
+	sll	%l1,16,%l1
+	ldub	[%i0+12],%l4
+	sll	%l2,8,%l2
+	or	%l1,%l0,%l0
+	ldub	[%i0+13],%l5
+	sll	%l4,24,%l4
+	or	%l3,%l2,%l2
+	ldub	[%i0+14],%l6
+	sll	%l5,16,%l5
+	or	%l0,%l2,%o2
+	ldub	[%i0+15],%l7
+
+	sll	%l6,8,%l6
+	or	%l5,%l4,%l4
+	or	%l7,%l6,%l6
+	or	%l4,%l6,%o3
+
+1:	call	.+8
+	add	%o7,AES_Td-1b,%o4
+	call	_sparcv9_AES_decrypt
+	mov	%i2,%o5
+
+	srl	%o0,24,%l0
+	srl	%o0,16,%l1
+	stb	%l0,[%i1+0]
+	srl	%o0,8,%l2
+	stb	%l1,[%i1+1]
+	stb	%l2,[%i1+2]
+	srl	%o1,24,%l4
+	stb	%o0,[%i1+3]
+
+	srl	%o1,16,%l5
+	stb	%l4,[%i1+4]
+	srl	%o1,8,%l6
+	stb	%l5,[%i1+5]
+	stb	%l6,[%i1+6]
+	srl	%o2,24,%l0
+	stb	%o1,[%i1+7]
+
+	srl	%o2,16,%l1
+	stb	%l0,[%i1+8]
+	srl	%o2,8,%l2
+	stb	%l1,[%i1+9]
+	stb	%l2,[%i1+10]
+	srl	%o3,24,%l4
+	stb	%o2,[%i1+11]
+
+	srl	%o3,16,%l5
+	stb	%l4,[%i1+12]
+	srl	%o3,8,%l6
+	stb	%l5,[%i1+13]
+	stb	%l6,[%i1+14]
+	stb	%o3,[%i1+15]
+
+	ret
+	restore
+.type	AES_decrypt,#function
+.size	AES_decrypt,(.-AES_decrypt)
+___
+
+# fmovs instructions substituting for FP nops were originally added
+# to meet specific instruction alignment requirements to maximize ILP.
+# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
+# undesired effect, so just omit them and sacrifice some portion of
+# percent in performance...
+$code =~ s/fmovs.*$//gm;
+
+print $code;
+close STDOUT;	# ensure flush
diff --git a/openssl-1.1.0h/crypto/aes/asm/aes-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/aes-x86_64.pl
new file mode 100755
index 0000000..ce4ca30
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aes-x86_64.pl
@@ -0,0 +1,2820 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Version 2.1.
+#
+# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
+# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
+# [you'll notice a lot of resemblance], such as compressed S-boxes
+# in little-endian byte order, prefetch of these tables in CBC mode,
+# as well as avoiding L1 cache aliasing between stack frame and key
+# schedule and already mentioned tables, compressed Td4...
+#
+# Performance in number of cycles per processed byte for 128-bit key:
+#
+#		ECB encrypt	ECB decrypt	CBC large chunk
+# AMD64		33		43		13.0
+# EM64T		38		56		18.6(*)
+# Core 2	30		42		14.5(*)
+# Atom		65		86		32.1(*)
+#
+# (*) with hyper-threading off
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$verticalspin=1;	# unlike 32-bit version $verticalspin performs
+			# ~15% better on both AMD and Intel cores
+$speed_limit=512;	# see aes-586.pl for details
+
+$code=".text\n";
+
+$s0="%eax";
+$s1="%ebx";
+$s2="%ecx";
+$s3="%edx";
+$acc0="%esi";	$mask80="%rsi";
+$acc1="%edi";	$maskfe="%rdi";
+$acc2="%ebp";	$mask1b="%rbp";
+$inp="%r8";
+$out="%r9";
+$t0="%r10d";
+$t1="%r11d";
+$t2="%r12d";
+$rnds="%r13d";
+$sbox="%r14";
+$key="%r15";
+
+sub hi() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1h/;	$r; }
+sub lo() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1l/;
+			$r =~ s/%[er]([sd]i)/%\1l/;
+			$r =~ s/%(r[0-9]+)[d]?/%\1b/;	$r; }
+sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
+			$r =~ s/%r([0-9]+)/%r\1d/;	$r; }
+sub _data_word()
+{ my $i;
+    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+sub data_word()
+{ my $i;
+  my $last=pop(@_);
+    $code.=".long\t";
+    while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
+    $code.=sprintf"0x%08x\n",$last;
+}
+
+sub data_byte()
+{ my $i;
+  my $last=pop(@_);
+    $code.=".byte\t";
+    while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
+    $code.=sprintf"0x%02x\n",$last&0xff;
+}
+
+sub encvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	# favor 3-way issue Opteron pipeline...
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	mov	0($sbox,$acc0,8),$t0
+	mov	0($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	movzb	`&lo("$s3")`,$acc2
+	xor	3($sbox,$acc0,8),$t0
+	xor	3($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s3")`,$acc0
+	shr	\$16,$s2
+	movzb	`&hi("$s0")`,$acc2
+	xor	3($sbox,$acc0,8),$t2
+	shr	\$16,$s3
+	xor	3($sbox,$acc2,8),$t3
+
+	shr	\$16,$s1
+	lea	16($key),$key
+	shr	\$16,$s0
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	xor	2($sbox,$acc0,8),$t0
+	xor	2($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	movzb	`&lo("$s1")`,$acc2
+	xor	1($sbox,$acc0,8),$t0
+	xor	1($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t3
+
+	mov	12($key),$s3
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	mov	0($key),$s0
+	xor	1($sbox,$acc1,8),$t2
+	xor	1($sbox,$acc2,8),$t3
+
+	mov	4($key),$s1
+	mov	8($key),$s2
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub enclastvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	movzb	2($sbox,$acc0,8),$t0
+	movzb	2($sbox,$acc1,8),$t1
+	movzb	2($sbox,$acc2,8),$t2
+
+	movzb	`&lo("$s3")`,$acc0
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	movzb	2($sbox,$acc0,8),$t3
+	mov	0($sbox,$acc1,8),$acc1	#$t0
+	mov	0($sbox,$acc2,8),$acc2	#$t1
+
+	and	\$0x0000ff00,$acc1
+	and	\$0x0000ff00,$acc2
+
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+	shr	\$16,$s2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	shr	\$16,$s3
+	mov	0($sbox,$acc0,8),$acc0	#$t2
+	mov	0($sbox,$acc1,8),$acc1	#$t3
+
+	and	\$0x0000ff00,$acc0
+	and	\$0x0000ff00,$acc1
+	shr	\$16,$s1
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+	shr	\$16,$s0
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	mov	0($sbox,$acc0,8),$acc0	#$t0
+	mov	0($sbox,$acc1,8),$acc1	#$t1
+	mov	0($sbox,$acc2,8),$acc2	#$t2
+
+	and	\$0x00ff0000,$acc0
+	and	\$0x00ff0000,$acc1
+	and	\$0x00ff0000,$acc2
+
+	xor	$acc0,$t0
+	xor	$acc1,$t1
+	xor	$acc2,$t2
+
+	movzb	`&lo("$s1")`,$acc0
+	movzb	`&hi("$s3")`,$acc1
+	movzb	`&hi("$s0")`,$acc2
+	mov	0($sbox,$acc0,8),$acc0	#$t3
+	mov	2($sbox,$acc1,8),$acc1	#$t0
+	mov	2($sbox,$acc2,8),$acc2	#$t1
+
+	and	\$0x00ff0000,$acc0
+	and	\$0xff000000,$acc1
+	and	\$0xff000000,$acc2
+
+	xor	$acc0,$t3
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	mov	16+12($key),$s3
+	mov	2($sbox,$acc0,8),$acc0	#$t2
+	mov	2($sbox,$acc1,8),$acc1	#$t3
+	mov	16+0($key),$s0
+
+	and	\$0xff000000,$acc0
+	and	\$0xff000000,$acc1
+
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+
+	mov	16+4($key),$s1
+	mov	16+8($key),$s2
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub encstep()
+{ my ($i,@s) = @_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	if ($i==3) {
+		$tmp0=$s[1];
+		$tmp1=$s[2];
+		$tmp2=$s[3];
+	}
+	$code.="	movzb	".&lo($s[0]).",$out\n";
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	lea	16($key),$key\n"	if ($i==0);
+
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	mov	0($sbox,$out,8),$out\n";
+
+	$code.="	shr	\$16,$tmp1\n";
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+	$code.="	xor	3($sbox,$tmp0,8),$out\n";
+
+	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+	$code.="	xor	4*$i($key),$out\n";
+
+	$code.="	xor	2($sbox,$tmp1,8),$out\n";
+	$code.="	xor	1($sbox,$tmp2,8),$out\n";
+
+	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+sub enclast()
+{ my ($i,@s)=@_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	if ($i==3) {
+		$tmp0=$s[1];
+		$tmp1=$s[2];
+		$tmp2=$s[3];
+	}
+	$code.="	movzb	".&lo($s[0]).",$out\n";
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+
+	$code.="	mov	2($sbox,$out,8),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+	$code.="	and	\$0x000000ff,$out\n";
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	mov	0($sbox,$tmp0,8),$tmp0\n";
+	$code.="	mov	0($sbox,$tmp1,8),$tmp1\n";
+	$code.="	mov	2($sbox,$tmp2,8),$tmp2\n";
+
+	$code.="	and	\$0x0000ff00,$tmp0\n";
+	$code.="	and	\$0x00ff0000,$tmp1\n";
+	$code.="	and	\$0xff000000,$tmp2\n";
+
+	$code.="	xor	$tmp0,$out\n";
+	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
+	$code.="	xor	$tmp1,$out\n";
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	xor	$tmp2,$out\n";
+	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+$code.=<<___;
+.type	_x86_64_AES_encrypt,\@abi-omnipotent
+.align	16
+_x86_64_AES_encrypt:
+	xor	0($key),$s0			# xor with key
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+
+	mov	240($key),$rnds			# load key->rounds
+	sub	\$1,$rnds
+	jmp	.Lenc_loop
+.align	16
+.Lenc_loop:
+___
+	if ($verticalspin) { &encvert(); }
+	else {	&encstep(0,$s0,$s1,$s2,$s3);
+		&encstep(1,$s1,$s2,$s3,$s0);
+		&encstep(2,$s2,$s3,$s0,$s1);
+		&encstep(3,$s3,$s0,$s1,$s2);
+	}
+$code.=<<___;
+	sub	\$1,$rnds
+	jnz	.Lenc_loop
+___
+	if ($verticalspin) { &enclastvert(); }
+	else {	&enclast(0,$s0,$s1,$s2,$s3);
+		&enclast(1,$s1,$s2,$s3,$s0);
+		&enclast(2,$s2,$s3,$s0,$s1);
+		&enclast(3,$s3,$s0,$s1,$s2);
+		$code.=<<___;
+		xor	16+0($key),$s0		# xor with key
+		xor	16+4($key),$s1
+		xor	16+8($key),$s2
+		xor	16+12($key),$s3
+___
+	}
+$code.=<<___;
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
+___
+
+# it's possible to implement this by shifting tN by 8, filling least
+# significant byte with byte load and finally bswap-ing at the end,
+# but such partial register load kills Core 2...
+sub enccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$t0
+	movzb	`&lo("$s1")`,$t1
+	movzb	`&lo("$s2")`,$t2
+	movzb	`&lo("$s3")`,$t3
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	shr	\$16,$s2
+	movzb	`&hi("$s3")`,$acc2
+	movzb	($sbox,$t0,1),$t0
+	movzb	($sbox,$t1,1),$t1
+	movzb	($sbox,$t2,1),$t2
+	movzb	($sbox,$t3,1),$t3
+
+	movzb	($sbox,$acc0,1),$t4	#$t0
+	movzb	`&hi("$s0")`,$acc0
+	movzb	($sbox,$acc1,1),$t5	#$t1
+	movzb	`&lo("$s2")`,$acc1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+
+	shl	\$8,$t4
+	shr	\$16,$s3
+	shl	\$8,$t5
+	xor	$t4,$t0
+	shr	\$16,$s0
+	movzb	`&lo("$s3")`,$t4
+	shr	\$16,$s1
+	xor	$t5,$t1
+	shl	\$8,$acc2
+	movzb	`&lo("$s0")`,$t5
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	xor	$acc2,$t2
+
+	shl	\$8,$acc0
+	movzb	`&lo("$s1")`,$acc2
+	shl	\$16,$acc1
+	xor	$acc0,$t3
+	movzb	($sbox,$t4,1),$t4	#$t1
+	movzb	`&hi("$s3")`,$acc0
+	movzb	($sbox,$t5,1),$t5	#$t2
+	xor	$acc1,$t0
+
+	shr	\$8,$s2
+	movzb	`&hi("$s0")`,$acc1
+	shl	\$16,$t4
+	shr	\$8,$s1
+	shl	\$16,$t5
+	xor	$t4,$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t3
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$acc1	#$t1
+	movzb	($sbox,$s2,1),$s3	#$t3
+	movzb	($sbox,$s1,1),$s2	#$t2
+
+	shl	\$16,$acc2
+	xor	$t5,$t2
+	shl	\$24,$acc0
+	xor	$acc2,$t3
+	shl	\$24,$acc1
+	xor	$acc0,$t0
+	shl	\$24,$s3
+	xor	$acc1,$t1
+	shl	\$24,$s2
+	mov	$t0,$s0
+	mov	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub enctransform_ref()
+{ my $sn = shift;
+  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	mov	$sn,$acc
+	and	\$0x80808080,$acc
+	mov	$acc,$tmp
+	shr	\$7,$tmp
+	lea	($sn,$sn),$r2
+	sub	$tmp,$acc
+	and	\$0xfefefefe,$r2
+	and	\$0x1b1b1b1b,$acc
+	mov	$sn,$tmp
+	xor	$acc,$r2
+
+	xor	$r2,$sn
+	rol	\$24,$sn
+	xor	$r2,$sn
+	ror	\$16,$tmp
+	xor	$tmp,$sn
+	ror	\$8,$tmp
+	xor	$tmp,$sn
+___
+}
+
+# unlike decrypt case it does not pay off to parallelize enctransform
+sub enctransform()
+{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
+
+$code.=<<___;
+	mov	\$0x80808080,$t0
+	mov	\$0x80808080,$t1
+	and	$s0,$t0
+	and	$s1,$t1
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	shr	\$7,$t0
+	lea	($s0,$s0),$r20
+	shr	\$7,$t1
+	lea	($s1,$s1),$r21
+	sub	$t0,$acc0
+	sub	$t1,$acc1
+	and	\$0xfefefefe,$r20
+	and	\$0xfefefefe,$r21
+	and	\$0x1b1b1b1b,$acc0
+	and	\$0x1b1b1b1b,$acc1
+	mov	$s0,$t0
+	mov	$s1,$t1
+	xor	$acc0,$r20
+	xor	$acc1,$r21
+
+	xor	$r20,$s0
+	xor	$r21,$s1
+	 mov	\$0x80808080,$t2
+	rol	\$24,$s0
+	 mov	\$0x80808080,$t3
+	rol	\$24,$s1
+	 and	$s2,$t2
+	 and	$s3,$t3
+	xor	$r20,$s0
+	xor	$r21,$s1
+	 mov	$t2,$acc0
+	ror	\$16,$t0
+	 mov	$t3,$acc1
+	ror	\$16,$t1
+	 lea	($s2,$s2),$r20
+	 shr	\$7,$t2
+	xor	$t0,$s0
+	 shr	\$7,$t3
+	xor	$t1,$s1
+	ror	\$8,$t0
+	 lea	($s3,$s3),$r21
+	ror	\$8,$t1
+	 sub	$t2,$acc0
+	 sub	$t3,$acc1
+	xor	$t0,$s0
+	xor	$t1,$s1
+
+	and	\$0xfefefefe,$r20
+	and	\$0xfefefefe,$r21
+	and	\$0x1b1b1b1b,$acc0
+	and	\$0x1b1b1b1b,$acc1
+	mov	$s2,$t2
+	mov	$s3,$t3
+	xor	$acc0,$r20
+	xor	$acc1,$r21
+
+	ror	\$16,$t2
+	xor	$r20,$s2
+	ror	\$16,$t3
+	xor	$r21,$s3
+	rol	\$24,$s2
+	mov	0($sbox),$acc0			# prefetch Te4
+	rol	\$24,$s3
+	xor	$r20,$s2
+	mov	64($sbox),$acc1
+	xor	$r21,$s3
+	mov	128($sbox),$r20
+	xor	$t2,$s2
+	ror	\$8,$t2
+	xor	$t3,$s3
+	ror	\$8,$t3
+	xor	$t2,$s2
+	mov	192($sbox),$r21
+	xor	$t3,$s3
+___
+}
+
+$code.=<<___;
+.type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
+.align	16
+_x86_64_AES_encrypt_compact:
+	lea	128($sbox),$inp			# size optimization
+	mov	0-128($inp),$acc1		# prefetch Te4
+	mov	32-128($inp),$acc2
+	mov	64-128($inp),$t0
+	mov	96-128($inp),$t1
+	mov	128-128($inp),$acc1
+	mov	160-128($inp),$acc2
+	mov	192-128($inp),$t0
+	mov	224-128($inp),$t1
+	jmp	.Lenc_loop_compact
+.align	16
+.Lenc_loop_compact:
+		xor	0($key),$s0		# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+		lea	16($key),$key
+___
+		&enccompactvert();
+$code.=<<___;
+		cmp	16(%rsp),$key
+		je	.Lenc_compact_done
+___
+		&enctransform();
+$code.=<<___;
+	jmp	.Lenc_loop_compact
+.align	16
+.Lenc_compact_done:
+	xor	0($key),$s0
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
+___
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl	AES_encrypt
+.type	AES_encrypt,\@function,3
+.align	16
+.globl	asm_AES_encrypt
+.hidden	asm_AES_encrypt
+asm_AES_encrypt:
+AES_encrypt:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	# allocate frame "above" key schedule
+	mov	%rsp,%r10
+	lea	-63(%rdx),%rcx	# %rdx is key argument
+	and	\$-64,%rsp
+	sub	%rsp,%rcx
+	neg	%rcx
+	and	\$0x3c0,%rcx
+	sub	%rcx,%rsp
+	sub	\$32,%rsp
+
+	mov	%rsi,16(%rsp)	# save out
+	mov	%r10,24(%rsp)	# save real stack pointer
+.Lenc_prologue:
+
+	mov	%rdx,$key
+	mov	240($key),$rnds	# load rounds
+
+	mov	0(%rdi),$s0	# load input vector
+	mov	4(%rdi),$s1
+	mov	8(%rdi),$s2
+	mov	12(%rdi),$s3
+
+	shl	\$4,$rnds
+	lea	($key,$rnds),%rbp
+	mov	$key,(%rsp)	# key schedule
+	mov	%rbp,8(%rsp)	# end of key schedule
+
+	# pick Te4 copy which can't "overlap" with stack frame or key schedule
+	lea	.LAES_Te+2048(%rip),$sbox
+	lea	768(%rsp),%rbp
+	sub	$sbox,%rbp
+	and	\$0x300,%rbp
+	lea	($sbox,%rbp),$sbox
+
+	call	_x86_64_AES_encrypt_compact
+
+	mov	16(%rsp),$out	# restore out
+	mov	24(%rsp),%rsi	# restore saved stack pointer
+	mov	$s0,0($out)	# write output vector
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lenc_epilogue:
+	ret
+.size	AES_encrypt,.-AES_encrypt
+___
+
+#------------------------------------------------------------------#
+
+sub decvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	# favor 3-way issue Opteron pipeline...
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	mov	0($sbox,$acc0,8),$t0
+	mov	0($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	movzb	`&lo("$s3")`,$acc2
+	xor	3($sbox,$acc0,8),$t0
+	xor	3($sbox,$acc1,8),$t1
+	mov	0($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s1")`,$acc0
+	shr	\$16,$s0
+	movzb	`&hi("$s2")`,$acc2
+	xor	3($sbox,$acc0,8),$t2
+	shr	\$16,$s3
+	xor	3($sbox,$acc2,8),$t3
+
+	shr	\$16,$s1
+	lea	16($key),$key
+	shr	\$16,$s2
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	xor	2($sbox,$acc0,8),$t0
+	xor	2($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t2
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	movzb	`&lo("$s1")`,$acc2
+	xor	1($sbox,$acc0,8),$t0
+	xor	1($sbox,$acc1,8),$t1
+	xor	2($sbox,$acc2,8),$t3
+
+	movzb	`&hi("$s3")`,$acc0
+	mov	12($key),$s3
+	movzb	`&hi("$s0")`,$acc2
+	xor	1($sbox,$acc0,8),$t2
+	mov	0($key),$s0
+	xor	1($sbox,$acc2,8),$t3
+
+	xor	$t0,$s0
+	mov	4($key),$s1
+	mov	8($key),$s2
+	xor	$t2,$s2
+	xor	$t1,$s1
+	xor	$t3,$s3
+___
+}
+
+sub declastvert()
+{ my $t3="%r8d";	# zaps $inp!
+
+$code.=<<___;
+	lea	2048($sbox),$sbox	# size optimization
+	movzb	`&lo("$s0")`,$acc0
+	movzb	`&lo("$s1")`,$acc1
+	movzb	`&lo("$s2")`,$acc2
+	movzb	($sbox,$acc0,1),$t0
+	movzb	($sbox,$acc1,1),$t1
+	movzb	($sbox,$acc2,1),$t2
+
+	movzb	`&lo("$s3")`,$acc0
+	movzb	`&hi("$s3")`,$acc1
+	movzb	`&hi("$s0")`,$acc2
+	movzb	($sbox,$acc0,1),$t3
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	movzb	($sbox,$acc2,1),$acc2	#$t1
+
+	shl	\$8,$acc1
+	shl	\$8,$acc2
+
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+	shr	\$16,$s3
+
+	movzb	`&hi("$s1")`,$acc0
+	movzb	`&hi("$s2")`,$acc1
+	shr	\$16,$s0
+	movzb	($sbox,$acc0,1),$acc0	#$t2
+	movzb	($sbox,$acc1,1),$acc1	#$t3
+
+	shl	\$8,$acc0
+	shl	\$8,$acc1
+	shr	\$16,$s1
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+	shr	\$16,$s2
+
+	movzb	`&lo("$s2")`,$acc0
+	movzb	`&lo("$s3")`,$acc1
+	movzb	`&lo("$s0")`,$acc2
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$acc1	#$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+
+	shl	\$16,$acc0
+	shl	\$16,$acc1
+	shl	\$16,$acc2
+
+	xor	$acc0,$t0
+	xor	$acc1,$t1
+	xor	$acc2,$t2
+
+	movzb	`&lo("$s1")`,$acc0
+	movzb	`&hi("$s1")`,$acc1
+	movzb	`&hi("$s2")`,$acc2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	movzb	($sbox,$acc2,1),$acc2	#$t1
+
+	shl	\$16,$acc0
+	shl	\$24,$acc1
+	shl	\$24,$acc2
+
+	xor	$acc0,$t3
+	xor	$acc1,$t0
+	xor	$acc2,$t1
+
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	mov	16+12($key),$s3
+	movzb	($sbox,$acc0,1),$acc0	#$t2
+	movzb	($sbox,$acc1,1),$acc1	#$t3
+	mov	16+0($key),$s0
+
+	shl	\$24,$acc0
+	shl	\$24,$acc1
+
+	xor	$acc0,$t2
+	xor	$acc1,$t3
+
+	mov	16+4($key),$s1
+	mov	16+8($key),$s2
+	lea	-2048($sbox),$sbox
+	xor	$t0,$s0
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+sub decstep()
+{ my ($i,@s) = @_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	$code.="	mov	$s[0],$out\n"		if ($i!=3);
+			$tmp1=$s[2]			if ($i==3);
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	and	\$0xFF,$out\n";
+
+	$code.="	mov	0($sbox,$out,8),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+			$tmp2=$s[3]			if ($i==3);
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+			$tmp0=$s[1]			if ($i==3);
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	and	\$0xFF,$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	xor	3($sbox,$tmp0,8),$out\n";
+	$code.="	xor	2($sbox,$tmp1,8),$out\n";
+	$code.="	xor	1($sbox,$tmp2,8),$out\n";
+
+	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+sub declast()
+{ my ($i,@s)=@_;
+  my $tmp0=$acc0;
+  my $tmp1=$acc1;
+  my $tmp2=$acc2;
+  my $out=($t0,$t1,$t2,$s[0])[$i];
+
+	$code.="	mov	$s[0],$out\n"		if ($i!=3);
+			$tmp1=$s[2]			if ($i==3);
+	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
+	$code.="	and	\$0xFF,$out\n";
+
+	$code.="	movzb	2048($sbox,$out,1),$out\n";
+	$code.="	shr	\$16,$tmp1\n";
+			$tmp2=$s[3]			if ($i==3);
+	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
+
+			$tmp0=$s[1]			if ($i==3);
+	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
+	$code.="	and	\$0xFF,$tmp1\n";
+	$code.="	shr	\$24,$tmp2\n";
+
+	$code.="	movzb	2048($sbox,$tmp0,1),$tmp0\n";
+	$code.="	movzb	2048($sbox,$tmp1,1),$tmp1\n";
+	$code.="	movzb	2048($sbox,$tmp2,1),$tmp2\n";
+
+	$code.="	shl	\$8,$tmp0\n";
+	$code.="	shl	\$16,$tmp1\n";
+	$code.="	shl	\$24,$tmp2\n";
+
+	$code.="	xor	$tmp0,$out\n";
+	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
+	$code.="	xor	$tmp1,$out\n";
+	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
+	$code.="	xor	$tmp2,$out\n";
+	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
+	$code.="\n";
+}
+
+$code.=<<___;
+.type	_x86_64_AES_decrypt,\@abi-omnipotent
+.align	16
+_x86_64_AES_decrypt:
+	xor	0($key),$s0			# xor with key
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+
+	mov	240($key),$rnds			# load key->rounds
+	sub	\$1,$rnds
+	jmp	.Ldec_loop
+.align	16
+.Ldec_loop:
+___
+	if ($verticalspin) { &decvert(); }
+	else {	&decstep(0,$s0,$s3,$s2,$s1);
+		&decstep(1,$s1,$s0,$s3,$s2);
+		&decstep(2,$s2,$s1,$s0,$s3);
+		&decstep(3,$s3,$s2,$s1,$s0);
+		$code.=<<___;
+		lea	16($key),$key
+		xor	0($key),$s0			# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+___
+	}
+$code.=<<___;
+	sub	\$1,$rnds
+	jnz	.Ldec_loop
+___
+	if ($verticalspin) { &declastvert(); }
+	else {	&declast(0,$s0,$s3,$s2,$s1);
+		&declast(1,$s1,$s0,$s3,$s2);
+		&declast(2,$s2,$s1,$s0,$s3);
+		&declast(3,$s3,$s2,$s1,$s0);
+		$code.=<<___;
+		xor	16+0($key),$s0			# xor with key
+		xor	16+4($key),$s1
+		xor	16+8($key),$s2
+		xor	16+12($key),$s3
+___
+	}
+$code.=<<___;
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
+___
+
+sub deccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+	movzb	`&lo("$s0")`,$t0
+	movzb	`&lo("$s1")`,$t1
+	movzb	`&lo("$s2")`,$t2
+	movzb	`&lo("$s3")`,$t3
+	movzb	`&hi("$s3")`,$acc0
+	movzb	`&hi("$s0")`,$acc1
+	shr	\$16,$s3
+	movzb	`&hi("$s1")`,$acc2
+	movzb	($sbox,$t0,1),$t0
+	movzb	($sbox,$t1,1),$t1
+	movzb	($sbox,$t2,1),$t2
+	movzb	($sbox,$t3,1),$t3
+
+	movzb	($sbox,$acc0,1),$t4	#$t0
+	movzb	`&hi("$s2")`,$acc0
+	movzb	($sbox,$acc1,1),$t5	#$t1
+	movzb	($sbox,$acc2,1),$acc2	#$t2
+	movzb	($sbox,$acc0,1),$acc0	#$t3
+
+	shr	\$16,$s2
+	shl	\$8,$t5
+	shl	\$8,$t4
+	movzb	`&lo("$s2")`,$acc1
+	shr	\$16,$s0
+	xor	$t4,$t0
+	shr	\$16,$s1
+	movzb	`&lo("$s3")`,$t4
+
+	shl	\$8,$acc2
+	xor	$t5,$t1
+	shl	\$8,$acc0
+	movzb	`&lo("$s0")`,$t5
+	movzb	($sbox,$acc1,1),$acc1	#$t0
+	xor	$acc2,$t2
+	movzb	`&lo("$s1")`,$acc2
+
+	shl	\$16,$acc1
+	xor	$acc0,$t3
+	movzb	($sbox,$t4,1),$t4	#$t1
+	movzb	`&hi("$s1")`,$acc0
+	movzb	($sbox,$acc2,1),$acc2	#$t3
+	xor	$acc1,$t0
+	movzb	($sbox,$t5,1),$t5	#$t2
+	movzb	`&hi("$s2")`,$acc1
+
+	shl	\$16,$acc2
+	shl	\$16,$t4
+	shl	\$16,$t5
+	xor	$acc2,$t3
+	movzb	`&hi("$s3")`,$acc2
+	xor	$t4,$t1
+	shr	\$8,$s0
+	xor	$t5,$t2
+
+	movzb	($sbox,$acc0,1),$acc0	#$t0
+	movzb	($sbox,$acc1,1),$s1	#$t1
+	movzb	($sbox,$acc2,1),$s2	#$t2
+	movzb	($sbox,$s0,1),$s3	#$t3
+
+	mov	$t0,$s0
+	shl	\$24,$acc0
+	shl	\$24,$s1
+	shl	\$24,$s2
+	xor	$acc0,$s0
+	shl	\$24,$s3
+	xor	$t1,$s1
+	xor	$t2,$s2
+	xor	$t3,$s3
+___
+}
+
+# parallelized version! input is pair of 64-bit values: %rax=s1.s0
+# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
+# %ecx=s2 and %edx=s3.
+sub dectransform()
+{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
+  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
+  my $prefetch = shift;
+
+$code.=<<___;
+	mov	$mask80,$tp40
+	mov	$mask80,$tp48
+	and	$tp10,$tp40
+	and	$tp18,$tp48
+	mov	$tp40,$acc0
+	mov	$tp48,$acc8
+	shr	\$7,$tp40
+	lea	($tp10,$tp10),$tp20
+	shr	\$7,$tp48
+	lea	($tp18,$tp18),$tp28
+	sub	$tp40,$acc0
+	sub	$tp48,$acc8
+	and	$maskfe,$tp20
+	and	$maskfe,$tp28
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp20
+	xor	$acc8,$tp28
+	mov	$mask80,$tp80
+	mov	$mask80,$tp88
+
+	and	$tp20,$tp80
+	and	$tp28,$tp88
+	mov	$tp80,$acc0
+	mov	$tp88,$acc8
+	shr	\$7,$tp80
+	lea	($tp20,$tp20),$tp40
+	shr	\$7,$tp88
+	lea	($tp28,$tp28),$tp48
+	sub	$tp80,$acc0
+	sub	$tp88,$acc8
+	and	$maskfe,$tp40
+	and	$maskfe,$tp48
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp40
+	xor	$acc8,$tp48
+	mov	$mask80,$tp80
+	mov	$mask80,$tp88
+
+	and	$tp40,$tp80
+	and	$tp48,$tp88
+	mov	$tp80,$acc0
+	mov	$tp88,$acc8
+	shr	\$7,$tp80
+	 xor	$tp10,$tp20		# tp2^=tp1
+	shr	\$7,$tp88
+	 xor	$tp18,$tp28		# tp2^=tp1
+	sub	$tp80,$acc0
+	sub	$tp88,$acc8
+	lea	($tp40,$tp40),$tp80
+	lea	($tp48,$tp48),$tp88
+	 xor	$tp10,$tp40		# tp4^=tp1
+	 xor	$tp18,$tp48		# tp4^=tp1
+	and	$maskfe,$tp80
+	and	$maskfe,$tp88
+	and	$mask1b,$acc0
+	and	$mask1b,$acc8
+	xor	$acc0,$tp80
+	xor	$acc8,$tp88
+
+	xor	$tp80,$tp10		# tp1^=tp8
+	xor	$tp88,$tp18		# tp1^=tp8
+	xor	$tp80,$tp20		# tp2^tp1^=tp8
+	xor	$tp88,$tp28		# tp2^tp1^=tp8
+	mov	$tp10,$acc0
+	mov	$tp18,$acc8
+	xor	$tp80,$tp40		# tp4^tp1^=tp8
+	shr	\$32,$acc0
+	xor	$tp88,$tp48		# tp4^tp1^=tp8
+	shr	\$32,$acc8
+	xor	$tp20,$tp80		# tp8^=tp8^tp2^tp1=tp2^tp1
+	rol	\$8,`&LO("$tp10")`	# ROTATE(tp1^tp8,8)
+	xor	$tp28,$tp88		# tp8^=tp8^tp2^tp1=tp2^tp1
+	rol	\$8,`&LO("$tp18")`	# ROTATE(tp1^tp8,8)
+	xor	$tp40,$tp80		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+	rol	\$8,`&LO("$acc0")`	# ROTATE(tp1^tp8,8)
+	xor	$tp48,$tp88		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+
+	rol	\$8,`&LO("$acc8")`	# ROTATE(tp1^tp8,8)
+	xor	`&LO("$tp80")`,`&LO("$tp10")`
+	shr	\$32,$tp80
+	xor	`&LO("$tp88")`,`&LO("$tp18")`
+	shr	\$32,$tp88
+	xor	`&LO("$tp80")`,`&LO("$acc0")`
+	xor	`&LO("$tp88")`,`&LO("$acc8")`
+
+	mov	$tp20,$tp80
+	rol	\$24,`&LO("$tp20")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp28,$tp88
+	rol	\$24,`&LO("$tp28")`	# ROTATE(tp2^tp1^tp8,24)
+	shr	\$32,$tp80
+	xor	`&LO("$tp20")`,`&LO("$tp10")`
+	shr	\$32,$tp88
+	xor	`&LO("$tp28")`,`&LO("$tp18")`
+	rol	\$24,`&LO("$tp80")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp40,$tp20
+	rol	\$24,`&LO("$tp88")`	# ROTATE(tp2^tp1^tp8,24)
+	mov	$tp48,$tp28
+	shr	\$32,$tp20
+	xor	`&LO("$tp80")`,`&LO("$acc0")`
+	shr	\$32,$tp28
+	xor	`&LO("$tp88")`,`&LO("$acc8")`
+
+	`"mov	0($sbox),$mask80"	if ($prefetch)`
+	rol	\$16,`&LO("$tp40")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	64($sbox),$maskfe"	if ($prefetch)`
+	rol	\$16,`&LO("$tp48")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	128($sbox),$mask1b"	if ($prefetch)`
+	rol	\$16,`&LO("$tp20")`	# ROTATE(tp4^tp1^tp8,16)
+	`"mov	192($sbox),$tp80"	if ($prefetch)`
+	xor	`&LO("$tp40")`,`&LO("$tp10")`
+	rol	\$16,`&LO("$tp28")`	# ROTATE(tp4^tp1^tp8,16)
+	xor	`&LO("$tp48")`,`&LO("$tp18")`
+	`"mov	256($sbox),$tp88"	if ($prefetch)`
+	xor	`&LO("$tp20")`,`&LO("$acc0")`
+	xor	`&LO("$tp28")`,`&LO("$acc8")`
+___
+}
+
+$code.=<<___;
+.type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
+.align	16
+_x86_64_AES_decrypt_compact:
+	lea	128($sbox),$inp			# size optimization
+	mov	0-128($inp),$acc1		# prefetch Td4
+	mov	32-128($inp),$acc2
+	mov	64-128($inp),$t0
+	mov	96-128($inp),$t1
+	mov	128-128($inp),$acc1
+	mov	160-128($inp),$acc2
+	mov	192-128($inp),$t0
+	mov	224-128($inp),$t1
+	jmp	.Ldec_loop_compact
+
+.align	16
+.Ldec_loop_compact:
+		xor	0($key),$s0		# xor with key
+		xor	4($key),$s1
+		xor	8($key),$s2
+		xor	12($key),$s3
+		lea	16($key),$key
+___
+		&deccompactvert();
+$code.=<<___;
+		cmp	16(%rsp),$key
+		je	.Ldec_compact_done
+
+		mov	256+0($sbox),$mask80
+		shl	\$32,%rbx
+		shl	\$32,%rdx
+		mov	256+8($sbox),$maskfe
+		or	%rbx,%rax
+		or	%rdx,%rcx
+		mov	256+16($sbox),$mask1b
+___
+		&dectransform(1);
+$code.=<<___;
+	jmp	.Ldec_loop_compact
+.align	16
+.Ldec_compact_done:
+	xor	0($key),$s0
+	xor	4($key),$s1
+	xor	8($key),$s2
+	xor	12($key),$s3
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
+___
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl	AES_decrypt
+.type	AES_decrypt,\@function,3
+.align	16
+.globl	asm_AES_decrypt
+.hidden	asm_AES_decrypt
+asm_AES_decrypt:
+AES_decrypt:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	# allocate frame "above" key schedule
+	mov	%rsp,%r10
+	lea	-63(%rdx),%rcx	# %rdx is key argument
+	and	\$-64,%rsp
+	sub	%rsp,%rcx
+	neg	%rcx
+	and	\$0x3c0,%rcx
+	sub	%rcx,%rsp
+	sub	\$32,%rsp
+
+	mov	%rsi,16(%rsp)	# save out
+	mov	%r10,24(%rsp)	# save real stack pointer
+.Ldec_prologue:
+
+	mov	%rdx,$key
+	mov	240($key),$rnds	# load rounds
+
+	mov	0(%rdi),$s0	# load input vector
+	mov	4(%rdi),$s1
+	mov	8(%rdi),$s2
+	mov	12(%rdi),$s3
+
+	shl	\$4,$rnds
+	lea	($key,$rnds),%rbp
+	mov	$key,(%rsp)	# key schedule
+	mov	%rbp,8(%rsp)	# end of key schedule
+
+	# pick Td4 copy which can't "overlap" with stack frame or key schedule
+	lea	.LAES_Td+2048(%rip),$sbox
+	lea	768(%rsp),%rbp
+	sub	$sbox,%rbp
+	and	\$0x300,%rbp
+	lea	($sbox,%rbp),$sbox
+	shr	\$3,%rbp	# recall "magic" constants!
+	add	%rbp,$sbox
+
+	call	_x86_64_AES_decrypt_compact
+
+	mov	16(%rsp),$out	# restore out
+	mov	24(%rsp),%rsi	# restore saved stack pointer
+	mov	$s0,0($out)	# write output vector
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Ldec_epilogue:
+	ret
+.size	AES_decrypt,.-AES_decrypt
+___
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+$code.=<<___;
+	movz	%dl,%esi		# rk[i]>>0
+	movzb	-128(%rbp,%rsi),%ebx
+	movz	%dh,%esi		# rk[i]>>8
+	shl	\$24,%ebx
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	shr	\$16,%edx
+	movz	%dl,%esi		# rk[i]>>16
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	movz	%dh,%esi		# rk[i]>>24
+	shl	\$8,%ebx
+	xor	%ebx,%eax
+
+	movzb	-128(%rbp,%rsi),%ebx
+	shl	\$16,%ebx
+	xor	%ebx,%eax
+
+	xor	1024-128(%rbp,%rcx,4),%eax		# rcon
+___
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+$code.=<<___;
+.globl	AES_set_encrypt_key
+.type	AES_set_encrypt_key,\@function,3
+.align	16
+AES_set_encrypt_key:
+	push	%rbx
+	push	%rbp
+	push	%r12			# redundant, but allows to share 
+	push	%r13			# exception handler...
+	push	%r14
+	push	%r15
+	sub	\$8,%rsp
+.Lenc_key_prologue:
+
+	call	_x86_64_AES_set_encrypt_key
+
+	mov	40(%rsp),%rbp
+	mov	48(%rsp),%rbx
+	add	\$56,%rsp
+.Lenc_key_epilogue:
+	ret
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align	16
+_x86_64_AES_set_encrypt_key:
+	mov	%esi,%ecx			# %ecx=bits
+	mov	%rdi,%rsi			# %rsi=userKey
+	mov	%rdx,%rdi			# %rdi=key
+
+	test	\$-1,%rsi
+	jz	.Lbadpointer
+	test	\$-1,%rdi
+	jz	.Lbadpointer
+
+	lea	.LAES_Te(%rip),%rbp
+	lea	2048+128(%rbp),%rbp
+
+	# prefetch Te4
+	mov	0-128(%rbp),%eax
+	mov	32-128(%rbp),%ebx
+	mov	64-128(%rbp),%r8d
+	mov	96-128(%rbp),%edx
+	mov	128-128(%rbp),%eax
+	mov	160-128(%rbp),%ebx
+	mov	192-128(%rbp),%r8d
+	mov	224-128(%rbp),%edx
+
+	cmp	\$128,%ecx
+	je	.L10rounds
+	cmp	\$192,%ecx
+	je	.L12rounds
+	cmp	\$256,%ecx
+	je	.L14rounds
+	mov	\$-2,%rax			# invalid number of bits
+	jmp	.Lexit
+
+.L10rounds:
+	mov	0(%rsi),%rax			# copy first 4 dwords
+	mov	8(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rdx,8(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L10shortcut
+.align	4
+.L10loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	12(%rdi),%edx			# rk[3]
+.L10shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,16(%rdi)			# rk[4]
+		xor	4(%rdi),%eax
+		mov	%eax,20(%rdi)			# rk[5]
+		xor	8(%rdi),%eax
+		mov	%eax,24(%rdi)			# rk[6]
+		xor	12(%rdi),%eax
+		mov	%eax,28(%rdi)			# rk[7]
+		add	\$1,%ecx
+		lea	16(%rdi),%rdi
+		cmp	\$10,%ecx
+	jl	.L10loop
+
+	movl	\$10,80(%rdi)			# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.L12rounds:
+	mov	0(%rsi),%rax			# copy first 6 dwords
+	mov	8(%rsi),%rbx
+	mov	16(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rbx,8(%rdi)
+	mov	%rdx,16(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L12shortcut
+.align	4
+.L12loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	20(%rdi),%edx			# rk[5]
+.L12shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,24(%rdi)			# rk[6]
+		xor	4(%rdi),%eax
+		mov	%eax,28(%rdi)			# rk[7]
+		xor	8(%rdi),%eax
+		mov	%eax,32(%rdi)			# rk[8]
+		xor	12(%rdi),%eax
+		mov	%eax,36(%rdi)			# rk[9]
+
+		cmp	\$7,%ecx
+		je	.L12break
+		add	\$1,%ecx
+
+		xor	16(%rdi),%eax
+		mov	%eax,40(%rdi)			# rk[10]
+		xor	20(%rdi),%eax
+		mov	%eax,44(%rdi)			# rk[11]
+
+		lea	24(%rdi),%rdi
+	jmp	.L12loop
+.L12break:
+	movl	\$12,72(%rdi)		# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.L14rounds:		
+	mov	0(%rsi),%rax			# copy first 8 dwords
+	mov	8(%rsi),%rbx
+	mov	16(%rsi),%rcx
+	mov	24(%rsi),%rdx
+	mov	%rax,0(%rdi)
+	mov	%rbx,8(%rdi)
+	mov	%rcx,16(%rdi)
+	mov	%rdx,24(%rdi)
+
+	shr	\$32,%rdx
+	xor	%ecx,%ecx
+	jmp	.L14shortcut
+.align	4
+.L14loop:
+		mov	0(%rdi),%eax			# rk[0]
+		mov	28(%rdi),%edx			# rk[4]
+.L14shortcut:
+___
+		&enckey	();
+$code.=<<___;
+		mov	%eax,32(%rdi)			# rk[8]
+		xor	4(%rdi),%eax
+		mov	%eax,36(%rdi)			# rk[9]
+		xor	8(%rdi),%eax
+		mov	%eax,40(%rdi)			# rk[10]
+		xor	12(%rdi),%eax
+		mov	%eax,44(%rdi)			# rk[11]
+
+		cmp	\$6,%ecx
+		je	.L14break
+		add	\$1,%ecx
+
+		mov	%eax,%edx
+		mov	16(%rdi),%eax			# rk[4]
+		movz	%dl,%esi			# rk[11]>>0
+		movzb	-128(%rbp,%rsi),%ebx
+		movz	%dh,%esi			# rk[11]>>8
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		shr	\$16,%edx
+		shl	\$8,%ebx
+		movz	%dl,%esi			# rk[11]>>16
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		movz	%dh,%esi			# rk[11]>>24
+		shl	\$16,%ebx
+		xor	%ebx,%eax
+
+		movzb	-128(%rbp,%rsi),%ebx
+		shl	\$24,%ebx
+		xor	%ebx,%eax
+
+		mov	%eax,48(%rdi)			# rk[12]
+		xor	20(%rdi),%eax
+		mov	%eax,52(%rdi)			# rk[13]
+		xor	24(%rdi),%eax
+		mov	%eax,56(%rdi)			# rk[14]
+		xor	28(%rdi),%eax
+		mov	%eax,60(%rdi)			# rk[15]
+
+		lea	32(%rdi),%rdi
+	jmp	.L14loop
+.L14break:
+	movl	\$14,48(%rdi)		# setup number of rounds
+	xor	%rax,%rax
+	jmp	.Lexit
+
+.Lbadpointer:
+	mov	\$-1,%rax
+.Lexit:
+	.byte	0xf3,0xc3			# rep ret
+.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+___
+
+sub deckey_ref()
+{ my ($i,$ptr,$te,$td) = @_;
+  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
+$code.=<<___;
+	mov	$i($ptr),$tp1
+	mov	$tp1,$acc
+	and	\$0x80808080,$acc
+	mov	$acc,$tp4
+	shr	\$7,$tp4
+	lea	0($tp1,$tp1),$tp2
+	sub	$tp4,$acc
+	and	\$0xfefefefe,$tp2
+	and	\$0x1b1b1b1b,$acc
+	xor	$tp2,$acc
+	mov	$acc,$tp2
+
+	and	\$0x80808080,$acc
+	mov	$acc,$tp8
+	shr	\$7,$tp8
+	lea	0($tp2,$tp2),$tp4
+	sub	$tp8,$acc
+	and	\$0xfefefefe,$tp4
+	and	\$0x1b1b1b1b,$acc
+	 xor	$tp1,$tp2		# tp2^tp1
+	xor	$tp4,$acc
+	mov	$acc,$tp4
+
+	and	\$0x80808080,$acc
+	mov	$acc,$tp8
+	shr	\$7,$tp8
+	sub	$tp8,$acc
+	lea	0($tp4,$tp4),$tp8
+	 xor	$tp1,$tp4		# tp4^tp1
+	and	\$0xfefefefe,$tp8
+	and	\$0x1b1b1b1b,$acc
+	xor	$acc,$tp8
+
+	xor	$tp8,$tp1		# tp1^tp8
+	rol	\$8,$tp1		# ROTATE(tp1^tp8,8)
+	xor	$tp8,$tp2		# tp2^tp1^tp8
+	xor	$tp8,$tp4		# tp4^tp1^tp8
+	xor	$tp2,$tp8
+	xor	$tp4,$tp8		# tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
+
+	xor	$tp8,$tp1
+	rol	\$24,$tp2		# ROTATE(tp2^tp1^tp8,24)
+	xor	$tp2,$tp1
+	rol	\$16,$tp4		# ROTATE(tp4^tp1^tp8,16)
+	xor	$tp4,$tp1
+
+	mov	$tp1,$i($ptr)
+___
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+$code.=<<___;
+.globl	AES_set_decrypt_key
+.type	AES_set_decrypt_key,\@function,3
+.align	16
+AES_set_decrypt_key:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	push	%rdx			# save key schedule
+.Ldec_key_prologue:
+
+	call	_x86_64_AES_set_encrypt_key
+	mov	(%rsp),%r8		# restore key schedule
+	cmp	\$0,%eax
+	jne	.Labort
+
+	mov	240(%r8),%r14d		# pull number of rounds
+	xor	%rdi,%rdi
+	lea	(%rdi,%r14d,4),%rcx
+	mov	%r8,%rsi
+	lea	(%r8,%rcx,4),%rdi	# pointer to last chunk
+.align	4
+.Linvert:
+		mov	0(%rsi),%rax
+		mov	8(%rsi),%rbx
+		mov	0(%rdi),%rcx
+		mov	8(%rdi),%rdx
+		mov	%rax,0(%rdi)
+		mov	%rbx,8(%rdi)
+		mov	%rcx,0(%rsi)
+		mov	%rdx,8(%rsi)
+		lea	16(%rsi),%rsi
+		lea	-16(%rdi),%rdi
+		cmp	%rsi,%rdi
+	jne	.Linvert
+
+	lea	.LAES_Te+2048+1024(%rip),%rax	# rcon
+
+	mov	40(%rax),$mask80
+	mov	48(%rax),$maskfe
+	mov	56(%rax),$mask1b
+
+	mov	%r8,$key
+	sub	\$1,%r14d
+.align	4
+.Lpermute:
+		lea	16($key),$key
+		mov	0($key),%rax
+		mov	8($key),%rcx
+___
+		&dectransform ();
+$code.=<<___;
+		mov	%eax,0($key)
+		mov	%ebx,4($key)
+		mov	%ecx,8($key)
+		mov	%edx,12($key)
+		sub	\$1,%r14d
+	jnz	.Lpermute
+
+	xor	%rax,%rax
+.Labort:
+	mov	8(%rsp),%r15
+	mov	16(%rsp),%r14
+	mov	24(%rsp),%r13
+	mov	32(%rsp),%r12
+	mov	40(%rsp),%rbp
+	mov	48(%rsp),%rbx
+	add	\$56,%rsp
+.Ldec_key_epilogue:
+	ret
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const AES_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -8(%rsp)		return address
+my $keyp="0(%rsp)";		# one to pass as $key
+my $keyend="8(%rsp)";		# &(keyp->rd_key[4*keyp->rounds])
+my $_rsp="16(%rsp)";		# saved %rsp
+my $_inp="24(%rsp)";		# copy of 1st parameter, inp
+my $_out="32(%rsp)";		# copy of 2nd parameter, out
+my $_len="40(%rsp)";		# copy of 3rd parameter, length
+my $_key="48(%rsp)";		# copy of 4th parameter, key
+my $_ivp="56(%rsp)";		# copy of 5th parameter, ivp
+my $ivec="64(%rsp)";		# ivec[16]
+my $aes_key="80(%rsp)";		# copy of aes_key
+my $mark="80+240(%rsp)";	# copy of aes_key->rounds
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.type	AES_cbc_encrypt,\@function,6
+.align	16
+.extern	OPENSSL_ia32cap_P
+.globl	asm_AES_cbc_encrypt
+.hidden	asm_AES_cbc_encrypt
+asm_AES_cbc_encrypt:
+AES_cbc_encrypt:
+	cmp	\$0,%rdx	# check length
+	je	.Lcbc_epilogue
+	pushfq
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lcbc_prologue:
+
+	cld
+	mov	%r9d,%r9d	# clear upper half of enc
+
+	lea	.LAES_Te(%rip),$sbox
+	cmp	\$0,%r9
+	jne	.Lcbc_picked_te
+	lea	.LAES_Td(%rip),$sbox
+.Lcbc_picked_te:
+
+	mov	OPENSSL_ia32cap_P(%rip),%r10d
+	cmp	\$$speed_limit,%rdx
+	jb	.Lcbc_slow_prologue
+	test	\$15,%rdx
+	jnz	.Lcbc_slow_prologue
+	bt	\$28,%r10d
+	jc	.Lcbc_slow_prologue
+
+	# allocate aligned stack frame...
+	lea	-88-248(%rsp),$key
+	and	\$-64,$key
+
+	# ... and make sure it doesn't alias with AES_T[ed] modulo 4096
+	mov	$sbox,%r10
+	lea	2304($sbox),%r11
+	mov	$key,%r12
+	and	\$0xFFF,%r10	# s = $sbox&0xfff
+	and	\$0xFFF,%r11	# e = ($sbox+2048)&0xfff
+	and	\$0xFFF,%r12	# p = %rsp&0xfff
+
+	cmp	%r11,%r12	# if (p=>e) %rsp =- (p-e);
+	jb	.Lcbc_te_break_out
+	sub	%r11,%r12
+	sub	%r12,$key
+	jmp	.Lcbc_te_ok
+.Lcbc_te_break_out:		# else %rsp -= (p-s)&0xfff + framesz
+	sub	%r10,%r12
+	and	\$0xFFF,%r12
+	add	\$320,%r12
+	sub	%r12,$key
+.align	4
+.Lcbc_te_ok:
+
+	xchg	%rsp,$key
+	#add	\$8,%rsp	# reserve for return address!
+	mov	$key,$_rsp	# save %rsp
+.Lcbc_fast_body:
+	mov	%rdi,$_inp	# save copy of inp
+	mov	%rsi,$_out	# save copy of out
+	mov	%rdx,$_len	# save copy of len
+	mov	%rcx,$_key	# save copy of key
+	mov	%r8,$_ivp	# save copy of ivp
+	movl	\$0,$mark	# copy of aes_key->rounds = 0;
+	mov	%r8,%rbp	# rearrange input arguments
+	mov	%r9,%rbx
+	mov	%rsi,$out
+	mov	%rdi,$inp
+	mov	%rcx,$key
+
+	mov	240($key),%eax		# key->rounds
+	# do we copy key schedule to stack?
+	mov	$key,%r10
+	sub	$sbox,%r10
+	and	\$0xfff,%r10
+	cmp	\$2304,%r10
+	jb	.Lcbc_do_ecopy
+	cmp	\$4096-248,%r10
+	jb	.Lcbc_skip_ecopy
+.align	4
+.Lcbc_do_ecopy:
+		mov	$key,%rsi
+		lea	$aes_key,%rdi
+		lea	$aes_key,$key
+		mov	\$240/8,%ecx
+		.long	0x90A548F3	# rep movsq
+		mov	%eax,(%rdi)	# copy aes_key->rounds
+.Lcbc_skip_ecopy:
+	mov	$key,$keyp	# save key pointer
+
+	mov	\$18,%ecx
+.align	4
+.Lcbc_prefetch_te:
+		mov	0($sbox),%r10
+		mov	32($sbox),%r11
+		mov	64($sbox),%r12
+		mov	96($sbox),%r13
+		lea	128($sbox),$sbox
+		sub	\$1,%ecx
+	jnz	.Lcbc_prefetch_te
+	lea	-2304($sbox),$sbox
+
+	cmp	\$0,%rbx
+	je	.LFAST_DECRYPT
+
+#----------------------------- ENCRYPT -----------------------------#
+	mov	0(%rbp),$s0		# load iv
+	mov	4(%rbp),$s1
+	mov	8(%rbp),$s2
+	mov	12(%rbp),$s3
+
+.align	4
+.Lcbc_fast_enc_loop:
+		xor	0($inp),$s0
+		xor	4($inp),$s1
+		xor	8($inp),$s2
+		xor	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_encrypt
+
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10
+		mov	$s0,0($out)
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		sub	\$16,%r10
+		test	\$-16,%r10
+		mov	%r10,$_len
+	jnz	.Lcbc_fast_enc_loop
+	mov	$_ivp,%rbp	# restore ivp
+	mov	$s0,0(%rbp)	# save ivec
+	mov	$s1,4(%rbp)
+	mov	$s2,8(%rbp)
+	mov	$s3,12(%rbp)
+
+	jmp	.Lcbc_fast_cleanup
+
+#----------------------------- DECRYPT -----------------------------#
+.align	16
+.LFAST_DECRYPT:
+	cmp	$inp,$out
+	je	.Lcbc_fast_dec_in_place
+
+	mov	%rbp,$ivec
+.align	4
+.Lcbc_fast_dec_loop:
+		mov	0($inp),$s0	# read input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_decrypt
+
+		mov	$ivec,%rbp	# load ivp
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10	# load len
+		xor	0(%rbp),$s0	# xor iv
+		xor	4(%rbp),$s1
+		xor	8(%rbp),$s2
+		xor	12(%rbp),$s3
+		mov	$inp,%rbp	# current input, next iv
+
+		sub	\$16,%r10
+		mov	%r10,$_len	# update len
+		mov	%rbp,$ivec	# update ivp
+
+		mov	$s0,0($out)	# write output
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+	jnz	.Lcbc_fast_dec_loop
+	mov	$_ivp,%r12		# load user ivp
+	mov	0(%rbp),%r10		# load iv
+	mov	8(%rbp),%r11
+	mov	%r10,0(%r12)		# copy back to user
+	mov	%r11,8(%r12)
+	jmp	.Lcbc_fast_cleanup
+
+.align	16
+.Lcbc_fast_dec_in_place:
+	mov	0(%rbp),%r10		# copy iv to stack
+	mov	8(%rbp),%r11
+	mov	%r10,0+$ivec
+	mov	%r11,8+$ivec
+.align	4
+.Lcbc_fast_dec_in_place_loop:
+		mov	0($inp),$s0	# load input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# if ($verticalspin) save inp
+
+		call	_x86_64_AES_decrypt
+
+		mov	$_inp,$inp	# if ($verticalspin) restore inp
+		mov	$_len,%r10
+		xor	0+$ivec,$s0
+		xor	4+$ivec,$s1
+		xor	8+$ivec,$s2
+		xor	12+$ivec,$s3
+
+		mov	0($inp),%r11	# load input
+		mov	8($inp),%r12
+		sub	\$16,%r10
+		jz	.Lcbc_fast_dec_in_place_done
+
+		mov	%r11,0+$ivec	# copy input to iv
+		mov	%r12,8+$ivec
+
+		mov	$s0,0($out)	# save output [zaps input]
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		mov	%r10,$_len
+	jmp	.Lcbc_fast_dec_in_place_loop
+.Lcbc_fast_dec_in_place_done:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)	# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0($out)	# save output [zaps input]
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+.align	4
+.Lcbc_fast_cleanup:
+	cmpl	\$0,$mark	# was the key schedule copied?
+	lea	$aes_key,%rdi
+	je	.Lcbc_exit
+		mov	\$240/8,%ecx
+		xor	%rax,%rax
+		.long	0x90AB48F3	# rep stosq
+
+	jmp	.Lcbc_exit
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+.align	16
+.Lcbc_slow_prologue:
+	# allocate aligned stack frame...
+	lea	-88(%rsp),%rbp
+	and	\$-64,%rbp
+	# ... just "above" key schedule
+	lea	-88-63(%rcx),%r10
+	sub	%rbp,%r10
+	neg	%r10
+	and	\$0x3c0,%r10
+	sub	%r10,%rbp
+
+	xchg	%rsp,%rbp
+	#add	\$8,%rsp	# reserve for return address!
+	mov	%rbp,$_rsp	# save %rsp
+.Lcbc_slow_body:
+	#mov	%rdi,$_inp	# save copy of inp
+	#mov	%rsi,$_out	# save copy of out
+	#mov	%rdx,$_len	# save copy of len
+	#mov	%rcx,$_key	# save copy of key
+	mov	%r8,$_ivp	# save copy of ivp
+	mov	%r8,%rbp	# rearrange input arguments
+	mov	%r9,%rbx
+	mov	%rsi,$out
+	mov	%rdi,$inp
+	mov	%rcx,$key
+	mov	%rdx,%r10
+
+	mov	240($key),%eax
+	mov	$key,$keyp	# save key pointer
+	shl	\$4,%eax
+	lea	($key,%rax),%rax
+	mov	%rax,$keyend
+
+	# pick Te4 copy which can't "overlap" with stack frame or key scdedule
+	lea	2048($sbox),$sbox
+	lea	768-8(%rsp),%rax
+	sub	$sbox,%rax
+	and	\$0x300,%rax
+	lea	($sbox,%rax),$sbox
+
+	cmp	\$0,%rbx
+	je	.LSLOW_DECRYPT
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+	test	\$-16,%r10		# check upon length
+	mov	0(%rbp),$s0		# load iv
+	mov	4(%rbp),$s1
+	mov	8(%rbp),$s2
+	mov	12(%rbp),$s3
+	jz	.Lcbc_slow_enc_tail	# short input...
+
+.align	4
+.Lcbc_slow_enc_loop:
+		xor	0($inp),$s0
+		xor	4($inp),$s1
+		xor	8($inp),$s2
+		xor	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# save inp
+		mov	$out,$_out	# save out
+		mov	%r10,$_len	# save len
+
+		call	_x86_64_AES_encrypt_compact
+
+		mov	$_inp,$inp	# restore inp
+		mov	$_out,$out	# restore out
+		mov	$_len,%r10	# restore len
+		mov	$s0,0($out)
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+		sub	\$16,%r10
+		test	\$-16,%r10
+	jnz	.Lcbc_slow_enc_loop
+	test	\$15,%r10
+	jnz	.Lcbc_slow_enc_tail
+	mov	$_ivp,%rbp	# restore ivp
+	mov	$s0,0(%rbp)	# save ivec
+	mov	$s1,4(%rbp)
+	mov	$s2,8(%rbp)
+	mov	$s3,12(%rbp)
+
+	jmp	.Lcbc_exit
+
+.align	4
+.Lcbc_slow_enc_tail:
+	mov	%rax,%r11
+	mov	%rcx,%r12
+	mov	%r10,%rcx
+	mov	$inp,%rsi
+	mov	$out,%rdi
+	.long	0x9066A4F3		# rep movsb
+	mov	\$16,%rcx		# zero tail
+	sub	%r10,%rcx
+	xor	%rax,%rax
+	.long	0x9066AAF3		# rep stosb
+	mov	$out,$inp		# this is not a mistake!
+	mov	\$16,%r10		# len=16
+	mov	%r11,%rax
+	mov	%r12,%rcx
+	jmp	.Lcbc_slow_enc_loop	# one more spin...
+#--------------------------- SLOW DECRYPT ---------------------------#
+.align	16
+.LSLOW_DECRYPT:
+	shr	\$3,%rax
+	add	%rax,$sbox		# recall "magic" constants!
+
+	mov	0(%rbp),%r11		# copy iv to stack
+	mov	8(%rbp),%r12
+	mov	%r11,0+$ivec
+	mov	%r12,8+$ivec
+
+.align	4
+.Lcbc_slow_dec_loop:
+		mov	0($inp),$s0	# load input
+		mov	4($inp),$s1
+		mov	8($inp),$s2
+		mov	12($inp),$s3
+		mov	$keyp,$key	# restore key
+		mov	$inp,$_inp	# save inp
+		mov	$out,$_out	# save out
+		mov	%r10,$_len	# save len
+
+		call	_x86_64_AES_decrypt_compact
+
+		mov	$_inp,$inp	# restore inp
+		mov	$_out,$out	# restore out
+		mov	$_len,%r10
+		xor	0+$ivec,$s0
+		xor	4+$ivec,$s1
+		xor	8+$ivec,$s2
+		xor	12+$ivec,$s3
+
+		mov	0($inp),%r11	# load input
+		mov	8($inp),%r12
+		sub	\$16,%r10
+		jc	.Lcbc_slow_dec_partial
+		jz	.Lcbc_slow_dec_done
+
+		mov	%r11,0+$ivec	# copy input to iv
+		mov	%r12,8+$ivec
+
+		mov	$s0,0($out)	# save output [can zap input]
+		mov	$s1,4($out)
+		mov	$s2,8($out)
+		mov	$s3,12($out)
+
+		lea	16($inp),$inp
+		lea	16($out),$out
+	jmp	.Lcbc_slow_dec_loop
+.Lcbc_slow_dec_done:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)		# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0($out)		# save output [can zap input]
+	mov	$s1,4($out)
+	mov	$s2,8($out)
+	mov	$s3,12($out)
+
+	jmp	.Lcbc_exit
+
+.align	4
+.Lcbc_slow_dec_partial:
+	mov	$_ivp,%rdi
+	mov	%r11,0(%rdi)		# copy iv back to user
+	mov	%r12,8(%rdi)
+
+	mov	$s0,0+$ivec		# save output to stack
+	mov	$s1,4+$ivec
+	mov	$s2,8+$ivec
+	mov	$s3,12+$ivec
+
+	mov	$out,%rdi
+	lea	$ivec,%rsi
+	lea	16(%r10),%rcx
+	.long	0x9066A4F3	# rep movsb
+	jmp	.Lcbc_exit
+
+.align	16
+.Lcbc_exit:
+	mov	$_rsp,%rsi
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lcbc_popfq:
+	popfq
+.Lcbc_epilogue:
+	ret
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+
+$code.=<<___;
+.align	64
+.LAES_Te:
+___
+	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+#rcon:
+$code.=<<___;
+	.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
+	.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
+	.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
+	.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
+___
+$code.=<<___;
+.align	64
+.LAES_Td:
+___
+	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	block_se_handler,\@abi-omnipotent
+.align	16
+block_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_block_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_block_prologue
+
+	mov	24(%rax),%rax		# pull saved real stack pointer
+	lea	48(%rax),%rax		# adjust...
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_block_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	block_se_handler,.-block_se_handler
+
+.type	key_se_handler,\@abi-omnipotent
+.align	16
+key_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_key_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_key_prologue
+
+	lea	56(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_key_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	key_se_handler,.-key_se_handler
+
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue
+	jb	.Lin_cbc_prologue
+
+	lea	.Lcbc_fast_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_fast_body
+	jb	.Lin_cbc_frame_setup
+
+	lea	.Lcbc_slow_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_prologue
+	jb	.Lin_cbc_body
+
+	lea	.Lcbc_slow_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_body
+	jb	.Lin_cbc_frame_setup
+
+.Lin_cbc_body:
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lcbc_epilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_epilogue
+	jae	.Lin_cbc_prologue
+
+	lea	8(%rax),%rax
+
+	lea	.Lcbc_popfq(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_popfq
+	jae	.Lin_cbc_prologue
+
+	mov	`16-8`(%rax),%rax	# biased $_rsp
+	lea	56(%rax),%rax
+
+.Lin_cbc_frame_setup:
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%rbp
+	mov	-32(%rax),%r12
+	mov	-40(%rax),%r13
+	mov	-48(%rax),%r14
+	mov	-56(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_cbc_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_AES_encrypt
+	.rva	.LSEH_end_AES_encrypt
+	.rva	.LSEH_info_AES_encrypt
+
+	.rva	.LSEH_begin_AES_decrypt
+	.rva	.LSEH_end_AES_decrypt
+	.rva	.LSEH_info_AES_decrypt
+
+	.rva	.LSEH_begin_AES_set_encrypt_key
+	.rva	.LSEH_end_AES_set_encrypt_key
+	.rva	.LSEH_info_AES_set_encrypt_key
+
+	.rva	.LSEH_begin_AES_set_decrypt_key
+	.rva	.LSEH_end_AES_set_decrypt_key
+	.rva	.LSEH_info_AES_set_decrypt_key
+
+	.rva	.LSEH_begin_AES_cbc_encrypt
+	.rva	.LSEH_end_AES_cbc_encrypt
+	.rva	.LSEH_info_AES_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_AES_encrypt:
+	.byte	9,0,0,0
+	.rva	block_se_handler
+	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
+.LSEH_info_AES_decrypt:
+	.byte	9,0,0,0
+	.rva	block_se_handler
+	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
+.LSEH_info_AES_set_encrypt_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+	.rva	.Lenc_key_prologue,.Lenc_key_epilogue	# HandlerData[]
+.LSEH_info_AES_set_decrypt_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+	.rva	.Ldec_key_prologue,.Ldec_key_epilogue	# HandlerData[]
+.LSEH_info_AES_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesfx-sparcv9.pl b/openssl-1.1.0h/crypto/aes/asm/aesfx-sparcv9.pl
new file mode 100644
index 0000000..04b3cf7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesfx-sparcv9.pl
@@ -0,0 +1,1270 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2016
+#
+# Initial support for Fujitsu SPARC64 X/X+ comprises minimally
+# required key setup and single-block procedures.
+#
+# April 2016
+#
+# Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means
+# that parallelizeable nature of CBC decrypt and CTR is not utilized
+# yet. CBC encrypt on the other hand is as good as it can possibly
+# get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X.
+# This is ~6x faster than pure software implementation...
+#
+# July 2016
+#
+# Switch from faligndata to fshiftorx, which allows to omit alignaddr
+# instructions and improve single-block and short-input performance
+# with misaligned data.
+
+$output = pop;
+open STDOUT,">$output";
+
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask) = map("%o$_",(0..5));
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#define LOCALS (STACK_BIAS+STACK_FRAME)
+
+.text
+
+.globl	aes_fx_encrypt
+.align	32
+aes_fx_encrypt:
+	and		$inp, 7, $tmp		! is input aligned?
+	andn		$inp, 7, $inp
+	ldd		[$key +  0], %f6	! round[0]
+	ldd		[$key +  8], %f8
+	mov		%o7, %g1
+	ld		[$key + 240], $rounds
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	sll		$tmp, 3, $tmp
+	ldd		[$inp + 0], %f0		! load input
+	brz,pt		$tmp, .Lenc_inp_aligned
+	ldd		[$inp + 8], %f2
+
+	ldd		[%o7 + $tmp], %f14	! shift left params
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f14, %f0
+	fshiftorx	%f2, %f4, %f14, %f2
+
+.Lenc_inp_aligned:
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		%f0, %f6, %f0		! ^=round[0]
+	fxor		%f2, %f8, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $key
+	sub		$rounds, 4, $rounds
+
+.Loop_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10
+	ldd		[$key + 24], %f12
+	add		$key, 32, $key
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key +  0], %f6
+	ldd		[$key +  8], %f8
+
+	brnz,a		$rounds, .Loop_enc
+	sub		$rounds, 2, $rounds
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	andn		$out, 7, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+	add		%o7, 64, %o7
+	sll		$tmp, 3, $tmp
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[%o7 + $tmp], %f14	! shift right params
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	bnz,pn		%icc, .Lenc_out_unaligned
+	mov		%g1, %o7
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+.align	16
+.Lenc_out_unaligned:
+	add		$out, 16, $inp
+	orn		%g0, $mask, $tmp
+	fshiftorx	%f0, %f0, %f14, %f4
+	fshiftorx	%f0, %f2, %f14, %f6
+	fshiftorx	%f2, %f2, %f14, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	stda		%f8, [$inp + $tmp]0xc0	! partial store
+	retl
+	nop
+.type	aes_fx_encrypt,#function
+.size	aes_fx_encrypt,.-aes_fx_encrypt
+
+.globl	aes_fx_decrypt
+.align	32
+aes_fx_decrypt:
+	and		$inp, 7, $tmp		! is input aligned?
+	andn		$inp, 7, $inp
+	ldd		[$key +  0], %f6	! round[0]
+	ldd		[$key +  8], %f8
+	mov		%o7, %g1
+	ld		[$key + 240], $rounds
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	sll		$tmp, 3, $tmp
+	ldd		[$inp + 0], %f0		! load input
+	brz,pt		$tmp, .Ldec_inp_aligned
+	ldd		[$inp + 8], %f2
+
+	ldd		[%o7 + $tmp], %f14	! shift left params
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f14, %f0
+	fshiftorx	%f2, %f4, %f14, %f2
+
+.Ldec_inp_aligned:
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		%f0, %f6, %f0		! ^=round[0]
+	fxor		%f2, %f8, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $key
+	sub		$rounds, 4, $rounds
+
+.Loop_dec:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10
+	ldd		[$key + 24], %f12
+	add		$key, 32, $key
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$key +  0], %f6
+	ldd		[$key +  8], %f8
+
+	brnz,a		$rounds, .Loop_dec
+	sub		$rounds, 2, $rounds
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	andn		$out, 7, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+	add		%o7, 64, %o7
+	sll		$tmp, 3, $tmp
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[%o7 + $tmp], %f14	! shift right params
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	bnz,pn		%icc, .Ldec_out_unaligned
+	mov		%g1, %o7
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+.align	16
+.Ldec_out_unaligned:
+	add		$out, 16, $inp
+	orn		%g0, $mask, $tmp
+	fshiftorx	%f0, %f0, %f14, %f4
+	fshiftorx	%f0, %f2, %f14, %f6
+	fshiftorx	%f2, %f2, %f14, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	stda		%f8, [$inp + $tmp]0xc0	! partial store
+	retl
+	nop
+.type	aes_fx_decrypt,#function
+.size	aes_fx_decrypt,.-aes_fx_decrypt
+___
+}
+{
+my ($inp,$bits,$out,$tmp,$inc) = map("%o$_",(0..5));
+$code.=<<___;
+.globl	aes_fx_set_decrypt_key
+.align	32
+aes_fx_set_decrypt_key:
+	b		.Lset_encrypt_key
+	mov		-1, $inc
+	retl
+	nop
+.type	aes_fx_set_decrypt_key,#function
+.size	aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key
+
+.globl	aes_fx_set_encrypt_key
+.align	32
+aes_fx_set_encrypt_key:
+	mov		1, $inc
+	nop
+.Lset_encrypt_key:
+	and		$inp, 7, $tmp
+	andn		$inp, 7, $inp
+	sll		$tmp, 3, $tmp
+	mov		%o7, %g1
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	ldd		[%o7 + $tmp], %f10	! shift left params
+	mov		%g1, %o7
+
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc, .L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc, .L192
+	ldd		[$inp + 16], %f4
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+	fshiftorx	%f4, %f6, %f10, %f4
+	fshiftorx	%f6, %f8, %f10, %f6
+
+.L256aligned:
+	mov		14, $bits
+	and		$inc, `14*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<6; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f6, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 0]
+	faeskeyx	%f2, 0x01, %f4
+	std		%f6, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f4, 0x00, %f6
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f6, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4,[$out + 0]
+	std		%f6,[$out + 8]
+	add		$out, $inc, $out
+	std		%f0,[$out + 0]
+	std		%f2,[$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+
+.align	16
+.L192:
+	brz,pt		$tmp, .L192aligned
+	nop
+
+	ldd		[$inp + 24], %f6
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+	fshiftorx	%f4, %f6, %f10, %f4
+
+.L192aligned:
+	mov		12, $bits
+	and		$inc, `12*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<8; $i+=2) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f4, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 0]
+	faeskeyx	%f2, 0x00, %f4
+	std		%f0, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f4, `0x10+$i+1`, %f0
+	std		%f2, [$out + 0]
+	faeskeyx	%f0, 0x00, %f2
+	std		%f4, [$out + 8]
+	add		$out, $inc, $out
+___
+$code.=<<___		if ($i<6);
+	faeskeyx	%f2, 0x00, %f4
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	fshiftorx	%f0, %f2, %f10, %f0
+	fshiftorx	%f2, %f4, %f10, %f2
+
+.L128aligned:
+	mov		10, $bits
+	and		$inc, `10*16`, $tmp
+	st		$bits, [$out + 240]	! store rounds
+	add		$out, $tmp, $out	! start or end of key schedule
+	sllx		$inc, 4, $inc		! 16 or -16
+___
+for ($i=0; $i<10; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + 0]
+	faeskeyx	%f2, `0x10+$i`, %f0
+	std		%f2, [$out + 8]
+	add		$out, $inc, $out
+	faeskeyx	%f0, 0x00, %f2
+___
+}
+$code.=<<___;
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	retl
+	xor		%o0, %o0, %o0		! return 0
+.type	aes_fx_set_encrypt_key,#function
+.size	aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
+___
+}
+{
+my ($inp,$out,$len,$key,$ivp,$dir) = map("%i$_",(0..5));
+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
+my ($iv0,$iv1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
+   = map("%f$_",grep { !($_ & 1) } (16 .. 62));
+my ($ileft,$iright) = ($ialign,$oalign);
+
+$code.=<<___;
+.globl	aes_fx_cbc_encrypt
+.align	32
+aes_fx_cbc_encrypt:
+	save		%sp, -STACK_FRAME-16, %sp
+	srln		$len, 4, $len
+	and		$inp, 7, $ialign
+	andn		$inp, 7, $inp
+	brz,pn		$len, .Lcbc_no_data
+	sll		$ialign, 3, $ileft
+
+1:	call		.+8
+	add		%o7, .Linp_align-1b, %o7
+
+	ld		[$key + 240], $rounds
+	and		$out, 7, $oalign
+	ld		[$ivp + 0], %f0		! load ivec
+	andn		$out, 7, $out
+	ld		[$ivp + 4], %f1
+	sll		$oalign, 3, $mask
+	ld		[$ivp + 8], %f2
+	ld		[$ivp + 12], %f3
+
+	sll		$rounds, 4, $rounds
+	add		$rounds, $key, $end
+	ldd		[$key + 0], $r0hi	! round[0]
+	ldd		[$key + 8], $r0lo
+
+	add		$inp, 16, $inp
+	sub		$len,  1, $len
+	ldd		[$end + 0], $rlhi	! round[last]
+	ldd		[$end + 8], $rllo
+
+	mov		16, $inc
+	movrz		$len, 0, $inc
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	ldd		[%o7 + $ileft], $fshift	! shift left params
+	add		%o7, 64, %o7
+	ldd		[$inp - 16], $in0	! load input
+	ldd		[$inp -  8], $in1
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	brz		$dir, .Lcbc_decrypt
+	add		$inp, $inc, $inp	! inp+=16
+
+	fxor		$r0hi, %f0, %f0		! ivec^=round[0]
+	fxor		$r0lo, %f2, %f2
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	nop
+
+.Loop_cbc_enc:
+	fxor		$in0, %f0, %f0		! inp^ivec^round[0]
+	fxor		$in1, %f2, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lcbc_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_enc
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		$r0hi, $in0, $in0	! inp^=round[0]
+	fxor		$r0lo, $in1, $in1
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, $rlhi, %f0
+	faesenclx	%f4, $rllo, %f2
+
+	brnz,pn		$oalign, .Lcbc_enc_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_enc
+	sub		$len, 1, $len
+
+	st		%f0, [$ivp + 0]		! output ivec
+	st		%f1, [$ivp + 4]
+	st		%f2, [$ivp + 8]
+	st		%f3, [$ivp + 12]
+
+.Lcbc_no_data:
+	ret
+	restore
+
+.align	32
+.Lcbc_enc_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lcbc_enc_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_cbc_enc_unaligned_out
+	nop
+
+.align	32
+.Loop_cbc_enc_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$in0, %f0, %f0		! inp^ivec^round[0]
+	fxor		$in1, %f2, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp -  8], %o1
+	brz		$ileft, .Lcbc_enc_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lcbc_enc_aligned_inp:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lcbc_enc_unaligned:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_enc_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fxor		$r0hi, $in0, $in0	! inp^=round[0]
+	fxor		$r0lo, $in1, $in1
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, $rlhi, %f0
+	faesenclx	%f4, $rllo, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_enc_unaligned_out
+	sub		$len, 1, $len
+
+.Lcbc_enc_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	st		%f0, [$ivp + 0]		! output ivec
+	st		%f1, [$ivp + 4]
+	st		%f2, [$ivp + 8]
+	st		%f3, [$ivp + 12]
+
+	ret
+	restore
+
+.align	32
+.Lcbc_decrypt:
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	fmovd		%f0, $iv0
+	fmovd		%f2, $iv1
+
+.Loop_cbc_dec:
+	fxor		$in0, $r0hi, %f0	! inp^round[0]
+	fxor		$in1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lcbc_dec:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_dec
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	fxor		$iv0, $rlhi, %f6	! ivec^round[last]
+	fxor		$iv1, $rllo, %f8
+	fmovd		$in0, $iv0
+	fmovd		$in1, $iv1
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	brnz,pn		$oalign, .Lcbc_dec_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_dec
+	sub		$len, 1, $len
+
+	st		$iv0,    [$ivp + 0]	! output ivec
+	st		$iv0#lo, [$ivp + 4]
+	st		$iv1,    [$ivp + 8]
+	st		$iv1#lo, [$ivp + 12]
+
+	ret
+	restore
+
+.align	32
+.Lcbc_dec_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lcbc_dec_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_cbc_dec_unaligned_out
+	nop
+
+.align	32
+.Loop_cbc_dec_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$in0, $r0hi, %f0	! inp^round[0]
+	fxor		$in1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp - 8], %o1
+	brz		$ileft, .Lcbc_dec_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lcbc_dec_aligned_inp:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lcbc_dec_unaligned:
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lcbc_dec_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f6, %f0
+	faesdecx	%f4, %f8, %f2
+
+	fxor		$iv0, $rlhi, %f6	! ivec^round[last]
+	fxor		$iv1, $rllo, %f8
+	fmovd		$in0, $iv0
+	fmovd		$in1, $iv1
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesdecx	%f2, %f10, %f0
+	faesdecx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fmovd		%f0, %f4
+	faesdeclx	%f2, %f6, %f0
+	faesdeclx	%f4, %f8, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_cbc_dec_unaligned_out
+	sub		$len, 1, $len
+
+.Lcbc_dec_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	st		$iv0,    [$ivp + 0]	! output ivec
+	st		$iv0#lo, [$ivp + 4]
+	st		$iv1,    [$ivp + 8]
+	st		$iv1#lo, [$ivp + 12]
+
+	ret
+	restore
+.type	aes_fx_cbc_encrypt,#function
+.size	aes_fx_cbc_encrypt,.-aes_fx_cbc_encrypt
+___
+}
+{
+my ($inp,$out,$len,$key,$ivp) = map("%i$_",(0..5));
+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
+my ($ctr0,$ctr1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
+   = map("%f$_",grep { !($_ & 1) } (16 .. 62));
+my ($ileft,$iright) = ($ialign, $oalign);
+my $one = "%f14";
+
+$code.=<<___;
+.globl	aes_fx_ctr32_encrypt_blocks
+.align	32
+aes_fx_ctr32_encrypt_blocks:
+	save		%sp, -STACK_FRAME-16, %sp
+	srln		$len, 0, $len
+	and		$inp, 7, $ialign
+	andn		$inp, 7, $inp
+	brz,pn		$len, .Lctr32_no_data
+	sll		$ialign, 3, $ileft
+
+.Lpic:	call		.+8
+	add		%o7, .Linp_align - .Lpic, %o7
+
+	ld		[$key + 240], $rounds
+	and		$out, 7, $oalign
+	ld		[$ivp +  0], $ctr0	! load counter
+	andn		$out, 7, $out
+	ld		[$ivp +  4], $ctr0#lo
+	sll		$oalign, 3, $mask
+	ld		[$ivp +  8], $ctr1
+	ld		[$ivp + 12], $ctr1#lo
+	ldd		[%o7 + 128], $one
+
+	sll		$rounds, 4, $rounds
+	add		$rounds, $key, $end
+	ldd		[$key + 0], $r0hi	! round[0]
+	ldd		[$key + 8], $r0lo
+
+	add		$inp, 16, $inp
+	sub		$len, 1, $len
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	mov		16, $inc
+	movrz		$len, 0, $inc
+	ldd		[$end + 0], $rlhi	! round[last]
+	ldd		[$end + 8], $rllo
+
+	ldd		[%o7 + $ileft], $fshift	! shiftleft params
+	add		%o7, 64, %o7
+	ldd		[$inp - 16], $in0	! load input
+	ldd		[$inp -  8], $in1
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+
+.Loop_ctr32:
+	fxor		$ctr0, $r0hi, %f0	! counter^round[0]
+	fxor		$ctr1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+	add		$key, 32, $end
+	sub		$rounds, 16*6, $inner
+
+.Lctr32_enc:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lctr32_enc
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	fxor		$in0, $rlhi, %f6	! inp^round[last]
+	fxor		$in1, $rllo, %f8
+
+	movrz		$len, 0, $inc
+	fmovd		$intail, $in0
+	ldd		[$inp - 8], $in1	! load next input block
+	ldda		[$inp]0x82, $intail	! non-faulting load
+	add		$inp, $inc, $inp	! inp+=16
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fshiftorx	$in0, $in1, $fshift, $in0
+	fshiftorx	$in1, $intail, $fshift, $in1
+	fpadd32		$ctr1, $one, $ctr1	! increment counter
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	brnz,pn		$oalign, .Lctr32_unaligned_out
+	nop
+
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_ctr32
+	sub		$len, 1, $len
+
+.Lctr32_no_data:
+	ret
+	restore
+
+.align	32
+.Lctr32_unaligned_out:
+	ldd		[%o7 + $mask], $fshift	! shift right params
+	mov		0xff, $mask
+	srl		$mask, $oalign, $mask
+	sub		%g0, $ileft, $iright
+
+	fshiftorx	%f0, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+
+	stda		%f6, [$out + $mask]0xc0	! partial store
+	orn		%g0, $mask, $mask
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+	brz		$len, .Lctr32_unaligned_out_done
+	sub		$len, 1, $len
+	b		.Loop_ctr32_unaligned_out
+	nop
+
+.align	32
+.Loop_ctr32_unaligned_out:
+	fmovd		%f2, $outhead
+	fxor		$ctr0, $r0hi, %f0	! counter^round[0]
+	fxor		$ctr1, $r0lo, %f2
+	ldd		[$key + 32], %f6	! round[2]
+	ldd		[$key + 40], %f8
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 48], %f10	! round[3]
+	ldd		[$key + 56], %f12
+
+	ldx		[$inp - 16], %o0
+	ldx		[$inp -  8], %o1
+	brz		$ileft, .Lctr32_aligned_inp
+	movrz		$len, 0, $inc
+
+	ldx		[$inp], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+
+.Lctr32_aligned_inp:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$key + 64], %f6	! round[4]
+	ldd		[$key + 72], %f8
+	add		$key, 64, $end
+	sub		$rounds, 16*8, $inner
+
+	stx		%o0, [%sp + LOCALS + 0]
+	stx		%o1, [%sp + LOCALS + 8]
+	add		$inp, $inc, $inp	! inp+=16
+	nop
+
+.Lctr32_enc_unaligned:
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10
+	ldd		[$end + 24], %f12
+	add		$end, 32, $end
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	ldd		[$end + 0], %f6
+	ldd		[$end + 8], %f8
+
+	brnz,a		$inner, .Lctr32_enc_unaligned
+	sub		$inner, 16*2, $inner
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$end + 16], %f10	! round[last-1]
+	ldd		[$end + 24], %f12
+	fpadd32		$ctr1, $one, $ctr1	! increment counter
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f6, %f0
+	faesencx	%f4, %f8, %f2
+	fxor		$in0, $rlhi, %f6	! inp^round[last]
+	fxor		$in1, $rllo, %f8
+	ldd		[%sp + LOCALS + 0], $in0
+	ldd		[%sp + LOCALS + 8], $in1
+
+	fmovd		%f0, %f4
+	faesencx	%f2, %f10, %f0
+	faesencx	%f4, %f12, %f2
+	ldd		[$key + 16], %f10	! round[1]
+	ldd		[$key + 24], %f12
+
+	fmovd		%f0, %f4
+	faesenclx	%f2, %f6, %f0
+	faesenclx	%f4, %f8, %f2
+
+	fshiftorx	$outhead, %f0, $fshift, %f6
+	fshiftorx	%f0, %f2, $fshift, %f8
+	std		%f6, [$out + 0]
+	std		%f8, [$out + 8]
+	add		$out, 16, $out
+
+	brnz,a		$len, .Loop_ctr32_unaligned_out
+	sub		$len, 1, $len
+
+.Lctr32_unaligned_out_done:
+	fshiftorx	%f2, %f2, $fshift, %f8
+	stda		%f8, [$out + $mask]0xc0	! partial store
+
+	ret
+	restore
+.type	aes_fx_ctr32_encrypt_blocks,#function
+.size	aes_fx_ctr32_encrypt_blocks,.-aes_fx_ctr32_encrypt_blocks
+
+.align	32
+.Linp_align:		! fshiftorx parameters for left shift toward %rs1
+	.byte	0, 0, 64,  0,	0, 64,  0, -64
+	.byte	0, 0, 56,  8,	0, 56,  8, -56
+	.byte	0, 0, 48, 16,	0, 48, 16, -48
+	.byte	0, 0, 40, 24,	0, 40, 24, -40
+	.byte	0, 0, 32, 32,	0, 32, 32, -32
+	.byte	0, 0, 24, 40,	0, 24, 40, -24
+	.byte	0, 0, 16, 48,	0, 16, 48, -16
+	.byte	0, 0,  8, 56,	0,  8, 56, -8
+.Lout_align:		! fshiftorx parameters for right shift toward %rs2
+	.byte	0, 0,  0, 64,	0,  0, 64,   0
+	.byte	0, 0,  8, 56,	0,  8, 56,  -8
+	.byte	0, 0, 16, 48,	0, 16, 48, -16
+	.byte	0, 0, 24, 40,	0, 24, 40, -24
+	.byte	0, 0, 32, 32,	0, 32, 32, -32
+	.byte	0, 0, 40, 24,	0, 40, 24, -40
+	.byte	0, 0, 48, 16,	0, 48, 16, -48
+	.byte	0, 0, 56,  8,	0, 56,  8, -56
+.Lone:
+	.word	0, 1
+.asciz	"AES for Fujitsu SPARC64 X, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+}
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"faligndata"	=> 0x048,
+		"bshuffle"	=> 0x04c,
+		"fpadd32"	=> 0x052,
+		"fxor"		=> 0x06c,
+		"fsrc2"		=> 0x078	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"alignaddr"	=> 0x018,
+		"bmask"		=> 0x019,
+		"alignaddrl"	=> 0x01a	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfx {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"faesencx"	=> 0x90,
+		"faesdecx"	=> 0x91,
+		"faesenclx"	=> 0x92,
+		"faesdeclx"	=> 0x93,
+		"faeskeyx"	=> 0x94	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	$rs2 = ($rs2 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs2;
+	$rs2 = oct($rs2) if ($rs2 =~ /^0/);
+
+	foreach ($rs1,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfx3src {
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"fshiftorx"	=> 0x0b	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rs3,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x37<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+    s/\`([^\`]*)\`/eval $1/ge;
+
+    s/%f([0-9]+)#lo/sprintf "%%f%d",$1+1/ge;
+
+    s/\b(faes[^x]{3,4}x)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&unfx($1,$2,$3,$4)
+     /ge or
+    s/\b([f][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unfx3src($1,$2,$3,$4,$5)
+     /ge or
+    s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+     /ge or
+    s/\b(alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+     /ge;
+    print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesni-mb-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/aesni-mb-x86_64.pl
new file mode 100644
index 0000000..aa2735e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -0,0 +1,1402 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer AES-NI procedures process several independent buffers
+# in parallel by interleaving independent instructions.
+#
+# Cycles per byte for interleave factor 4:
+#
+#			asymptotic	measured
+#			---------------------------
+# Westmere		5.00/4=1.25	5.13/4=1.28
+# Atom			15.0/4=3.75	?15.7/4=3.93
+# Sandy Bridge		5.06/4=1.27	5.18/4=1.29
+# Ivy Bridge		5.06/4=1.27	5.14/4=1.29
+# Haswell		4.44/4=1.11	4.44/4=1.11
+# Bulldozer		5.75/4=1.44	5.76/4=1.44
+#
+# Cycles per byte for interleave factor 8 (not implemented for
+# pre-AVX processors, where higher interleave factor incidentally
+# doesn't result in improvement):
+#
+#			asymptotic	measured
+#			---------------------------
+# Sandy Bridge		5.06/8=0.64	7.10/8=0.89(*)
+# Ivy Bridge		5.06/8=0.64	7.14/8=0.89(*)
+# Haswell		5.00/8=0.63	5.00/8=0.63
+# Bulldozer		5.75/8=0.72	5.77/8=0.72
+#
+# (*)	Sandy/Ivy Bridge are known to handle high interleave factors
+#	suboptimally;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void aesni_multi_cbc_encrypt (
+#     struct {	void *inp,*out; int blocks; double iv[2]; } inp[8];
+#     const AES_KEY *key,
+#     int num);		/* 1 or 2 */
+#
+$inp="%rdi";	# 1st arg
+$key="%rsi";	# 2nd arg
+$num="%edx";
+
+@inptr=map("%r$_",(8..11));
+@outptr=map("%r$_",(12..15));
+
+($rndkey0,$rndkey1)=("%xmm0","%xmm1");
+@out=map("%xmm$_",(2..5));
+@inp=map("%xmm$_",(6..9));
+($counters,$mask,$zero)=map("%xmm$_",(10..12));
+
+($rounds,$one,$sink,$offset)=("%eax","%ecx","%rbp","%rbx");
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	aesni_multi_cbc_encrypt
+.type	aesni_multi_cbc_encrypt,\@function,3
+.align	32
+aesni_multi_cbc_encrypt:
+___
+$code.=<<___ if ($avx);
+	cmp	\$2,$num
+	jb	.Lenc_non_avx
+	mov	OPENSSL_ia32cap_P+4(%rip),%ecx
+	test	\$`1<<28`,%ecx			# AVX bit
+	jnz	_avx_cbc_enc_shortcut
+	jmp	.Lenc_non_avx
+.align	16
+.Lenc_non_avx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler 
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+
+	sub	\$48,%rsp
+	and	\$-64,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+
+.Lenc4x_body:
+	movdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*2($inp),$inp
+
+.Lenc4x_loop_grande:
+	mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`40*$i+16-40*2`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*2`($inp),@inptr[$i]
+	cmp	$num,$one
+	mov	`40*$i+8-40*2`($inp),@outptr[$i]
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	movdqu	`40*$i+24-40*2`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@inptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Lenc4x_done
+
+	movups	0x10-0x78($key),$rndkey1
+	 pxor	$zero,@out[0]
+	movups	0x20-0x78($key),$rndkey0
+	 pxor	$zero,@out[1]
+	mov	0xf0-0x78($key),$rounds
+	 pxor	$zero,@out[2]
+	movdqu	(@inptr[0]),@inp[0]		# load inputs
+	 pxor	$zero,@out[3]
+	movdqu	(@inptr[1]),@inp[1]
+	 pxor	@inp[0],@out[0]
+	movdqu	(@inptr[2]),@inp[2]
+	 pxor	@inp[1],@out[1]
+	movdqu	(@inptr[3]),@inp[3]
+	 pxor	@inp[2],@out[2]
+	 pxor	@inp[3],@out[3]
+	movdqa	32(%rsp),$counters		# load counters
+	xor	$offset,$offset
+	jmp	.Loop_enc4x
+
+.align	32
+.Loop_enc4x:
+	add	\$16,$offset
+	lea	16(%rsp),$sink			# sink pointer
+	mov	\$1,$one			# constant of 1
+	sub	$offset,$sink
+
+	aesenc		$rndkey1,@out[0]
+	prefetcht0	31(@inptr[0],$offset)	# prefetch input
+	prefetcht0	31(@inptr[1],$offset)
+	aesenc		$rndkey1,@out[1]
+	prefetcht0	31(@inptr[2],$offset)
+	prefetcht0	31(@inptr[2],$offset)
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0x30-0x78($key),$rndkey1
+___
+for($i=0;$i<4;$i++) {
+my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
+$code.=<<___;
+	 cmp		`32+4*$i`(%rsp),$one
+	aesenc		$rndkey,@out[0]
+	aesenc		$rndkey,@out[1]
+	aesenc		$rndkey,@out[2]
+	 cmovge		$sink,@inptr[$i]	# cancel input
+	 cmovg		$sink,@outptr[$i]	# sink output
+	aesenc		$rndkey,@out[3]
+	movups		`0x40+16*$i-0x78`($key),$rndkey
+___
+}
+$code.=<<___;
+	 movdqa		$counters,$mask
+	aesenc		$rndkey0,@out[0]
+	prefetcht0	15(@outptr[0],$offset)	# prefetch output
+	prefetcht0	15(@outptr[1],$offset)
+	aesenc		$rndkey0,@out[1]
+	prefetcht0	15(@outptr[2],$offset)
+	prefetcht0	15(@outptr[3],$offset)
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0x80-0x78($key),$rndkey0
+	 pxor		$zero,$zero
+
+	aesenc		$rndkey1,@out[0]
+	 pcmpgtd	$zero,$mask
+	 movdqu		-0x78($key),$zero	# reload 0-round key
+	aesenc		$rndkey1,@out[1]
+	 paddd		$mask,$counters		# decrement counters
+	 movdqa		$counters,32(%rsp)	# update counters
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0x90-0x78($key),$rndkey1
+
+	cmp	\$11,$rounds
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xa0-0x78($key),$rndkey0
+
+	jb	.Lenc4x_tail
+
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0xb0-0x78($key),$rndkey1
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xc0-0x78($key),$rndkey0
+
+	je	.Lenc4x_tail
+
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	movups		0xd0-0x78($key),$rndkey1
+
+	aesenc		$rndkey0,@out[0]
+	aesenc		$rndkey0,@out[1]
+	aesenc		$rndkey0,@out[2]
+	aesenc		$rndkey0,@out[3]
+	movups		0xe0-0x78($key),$rndkey0
+	jmp	.Lenc4x_tail
+
+.align	32
+.Lenc4x_tail:
+	aesenc		$rndkey1,@out[0]
+	aesenc		$rndkey1,@out[1]
+	aesenc		$rndkey1,@out[2]
+	aesenc		$rndkey1,@out[3]
+	 movdqu		(@inptr[0],$offset),@inp[0]
+	movdqu		0x10-0x78($key),$rndkey1
+
+	aesenclast	$rndkey0,@out[0]
+	 movdqu		(@inptr[1],$offset),@inp[1]
+	 pxor		$zero,@inp[0]
+	aesenclast	$rndkey0,@out[1]
+	 movdqu		(@inptr[2],$offset),@inp[2]
+	 pxor		$zero,@inp[1]
+	aesenclast	$rndkey0,@out[2]
+	 movdqu		(@inptr[3],$offset),@inp[3]
+	 pxor		$zero,@inp[2]
+	aesenclast	$rndkey0,@out[3]
+	movdqu		0x20-0x78($key),$rndkey0
+	 pxor		$zero,@inp[3]
+
+	movups		@out[0],-16(@outptr[0],$offset)
+	 pxor		@inp[0],@out[0]
+	movups		@out[1],-16(@outptr[1],$offset)	
+	 pxor		@inp[1],@out[1]
+	movups		@out[2],-16(@outptr[2],$offset)	
+	 pxor		@inp[2],@out[2]
+	movups		@out[3],-16(@outptr[3],$offset)
+	 pxor		@inp[3],@out[3]
+
+	dec	$num
+	jnz	.Loop_enc4x
+
+	mov	16(%rsp),%rax			# original %rsp
+	mov	24(%rsp),$num
+
+	#pxor	@inp[0],@out[0]
+	#pxor	@inp[1],@out[1]
+	#movdqu	@out[0],`40*0+24-40*2`($inp)	# output iv FIX ME!
+	#pxor	@inp[2],@out[2]
+	#movdqu	@out[1],`40*1+24-40*2`($inp)
+	#pxor	@inp[3],@out[3]
+	#movdqu	@out[2],`40*2+24-40*2`($inp)	# won't fix, let caller
+	#movdqu	@out[3],`40*3+24-40*2`($inp)	# figure this out...
+
+	lea	`40*4`($inp),$inp
+	dec	$num
+	jnz	.Lenc4x_loop_grande
+
+.Lenc4x_done:
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	#movaps	-0x68(%rax),%xmm13
+	#movaps	-0x58(%rax),%xmm14
+	#movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lenc4x_epilogue:
+	ret
+.size	aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt
+
+.globl	aesni_multi_cbc_decrypt
+.type	aesni_multi_cbc_decrypt,\@function,3
+.align	32
+aesni_multi_cbc_decrypt:
+___
+$code.=<<___ if ($avx);
+	cmp	\$2,$num
+	jb	.Ldec_non_avx
+	mov	OPENSSL_ia32cap_P+4(%rip),%ecx
+	test	\$`1<<28`,%ecx			# AVX bit
+	jnz	_avx_cbc_dec_shortcut
+	jmp	.Ldec_non_avx
+.align	16
+.Ldec_non_avx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,-0x68(%rax)	# not used, saved to share se_handler 
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+
+	sub	\$48,%rsp
+	and	\$-64,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+
+.Ldec4x_body:
+	movdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*2($inp),$inp
+
+.Ldec4x_loop_grande:
+	mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`40*$i+16-40*2`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*2`($inp),@inptr[$i]
+	cmp	$num,$one
+	mov	`40*$i+8-40*2`($inp),@outptr[$i]
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	movdqu	`40*$i+24-40*2`($inp),@inp[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@inptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldec4x_done
+
+	movups	0x10-0x78($key),$rndkey1
+	movups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+	movdqu	(@inptr[0]),@out[0]		# load inputs
+	movdqu	(@inptr[1]),@out[1]
+	 pxor	$zero,@out[0]
+	movdqu	(@inptr[2]),@out[2]
+	 pxor	$zero,@out[1]
+	movdqu	(@inptr[3]),@out[3]
+	 pxor	$zero,@out[2]
+	 pxor	$zero,@out[3]
+	movdqa	32(%rsp),$counters		# load counters
+	xor	$offset,$offset
+	jmp	.Loop_dec4x
+
+.align	32
+.Loop_dec4x:
+	add	\$16,$offset
+	lea	16(%rsp),$sink			# sink pointer
+	mov	\$1,$one			# constant of 1
+	sub	$offset,$sink
+
+	aesdec		$rndkey1,@out[0]
+	prefetcht0	31(@inptr[0],$offset)	# prefetch input
+	prefetcht0	31(@inptr[1],$offset)
+	aesdec		$rndkey1,@out[1]
+	prefetcht0	31(@inptr[2],$offset)
+	prefetcht0	31(@inptr[3],$offset)
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0x30-0x78($key),$rndkey1
+___
+for($i=0;$i<4;$i++) {
+my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
+$code.=<<___;
+	 cmp		`32+4*$i`(%rsp),$one
+	aesdec		$rndkey,@out[0]
+	aesdec		$rndkey,@out[1]
+	aesdec		$rndkey,@out[2]
+	 cmovge		$sink,@inptr[$i]	# cancel input
+	 cmovg		$sink,@outptr[$i]	# sink output
+	aesdec		$rndkey,@out[3]
+	movups		`0x40+16*$i-0x78`($key),$rndkey
+___
+}
+$code.=<<___;
+	 movdqa		$counters,$mask
+	aesdec		$rndkey0,@out[0]
+	prefetcht0	15(@outptr[0],$offset)	# prefetch output
+	prefetcht0	15(@outptr[1],$offset)
+	aesdec		$rndkey0,@out[1]
+	prefetcht0	15(@outptr[2],$offset)
+	prefetcht0	15(@outptr[3],$offset)
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0x80-0x78($key),$rndkey0
+	 pxor		$zero,$zero
+
+	aesdec		$rndkey1,@out[0]
+	 pcmpgtd	$zero,$mask
+	 movdqu		-0x78($key),$zero	# reload 0-round key
+	aesdec		$rndkey1,@out[1]
+	 paddd		$mask,$counters		# decrement counters
+	 movdqa		$counters,32(%rsp)	# update counters
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0x90-0x78($key),$rndkey1
+
+	cmp	\$11,$rounds
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xa0-0x78($key),$rndkey0
+
+	jb	.Ldec4x_tail
+
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0xb0-0x78($key),$rndkey1
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xc0-0x78($key),$rndkey0
+
+	je	.Ldec4x_tail
+
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	aesdec		$rndkey1,@out[3]
+	movups		0xd0-0x78($key),$rndkey1
+
+	aesdec		$rndkey0,@out[0]
+	aesdec		$rndkey0,@out[1]
+	aesdec		$rndkey0,@out[2]
+	aesdec		$rndkey0,@out[3]
+	movups		0xe0-0x78($key),$rndkey0
+	jmp	.Ldec4x_tail
+
+.align	32
+.Ldec4x_tail:
+	aesdec		$rndkey1,@out[0]
+	aesdec		$rndkey1,@out[1]
+	aesdec		$rndkey1,@out[2]
+	 pxor		$rndkey0,@inp[0]
+	 pxor		$rndkey0,@inp[1]
+	aesdec		$rndkey1,@out[3]
+	movdqu		0x10-0x78($key),$rndkey1
+	 pxor		$rndkey0,@inp[2]
+	 pxor		$rndkey0,@inp[3]
+	movdqu		0x20-0x78($key),$rndkey0
+
+	aesdeclast	@inp[0],@out[0]
+	aesdeclast	@inp[1],@out[1]
+	 movdqu		-16(@inptr[0],$offset),@inp[0]	# load next IV
+	 movdqu		-16(@inptr[1],$offset),@inp[1]
+	aesdeclast	@inp[2],@out[2]
+	aesdeclast	@inp[3],@out[3]
+	 movdqu		-16(@inptr[2],$offset),@inp[2]
+	 movdqu		-16(@inptr[3],$offset),@inp[3]
+
+	movups		@out[0],-16(@outptr[0],$offset)
+	 movdqu		(@inptr[0],$offset),@out[0]
+	movups		@out[1],-16(@outptr[1],$offset)	
+	 movdqu		(@inptr[1],$offset),@out[1]
+	 pxor		$zero,@out[0]
+	movups		@out[2],-16(@outptr[2],$offset)	
+	 movdqu		(@inptr[2],$offset),@out[2]
+	 pxor		$zero,@out[1]
+	movups		@out[3],-16(@outptr[3],$offset)
+	 movdqu		(@inptr[3],$offset),@out[3]
+	 pxor		$zero,@out[2]
+	 pxor		$zero,@out[3]
+
+	dec	$num
+	jnz	.Loop_dec4x
+
+	mov	16(%rsp),%rax			# original %rsp
+	mov	24(%rsp),$num
+
+	lea	`40*4`($inp),$inp
+	dec	$num
+	jnz	.Ldec4x_loop_grande
+
+.Ldec4x_done:
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	#movaps	-0x68(%rax),%xmm13
+	#movaps	-0x58(%rax),%xmm14
+	#movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Ldec4x_epilogue:
+	ret
+.size	aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt
+___
+
+						if ($avx) {{{
+my @ptr=map("%r$_",(8..15));
+my $offload=$sink;
+
+my @out=map("%xmm$_",(2..9));
+my @inp=map("%xmm$_",(10..13));
+my ($counters,$zero)=("%xmm14","%xmm15");
+
+$code.=<<___;
+.type	aesni_multi_cbc_encrypt_avx,\@function,3
+.align	32
+aesni_multi_cbc_encrypt_avx:
+_avx_cbc_enc_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+	# +64	distances between inputs and outputs
+	# +128	off-load area for @inp[0..3]
+
+	sub	\$192,%rsp
+	and	\$-128,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+
+.Lenc8x_body:
+	vzeroupper
+	vmovdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*4($inp),$inp
+	shr	\$1,$num
+
+.Lenc8x_loop_grande:
+	#mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<8;$i++) {
+  my $temp = $i ? $offload : $offset;
+    $code.=<<___;
+	mov	`40*$i+16-40*4`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*4`($inp),@ptr[$i]	# input pointer
+	cmp	$num,$one
+	mov	`40*$i+8-40*4`($inp),$temp	# output pointer
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	vmovdqu	`40*$i+24-40*4`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+	sub	@ptr[$i],$temp			# distance between input and output
+	mov	$temp,`64+8*$i`(%rsp)		# initialize distances
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Lenc8x_done
+
+	vmovups	0x10-0x78($key),$rndkey1
+	vmovups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+
+	vpxor	(@ptr[0]),$zero,@inp[0]		# load inputs and xor with 0-round
+	 lea	128(%rsp),$offload		# offload area
+	vpxor	(@ptr[1]),$zero,@inp[1]
+	vpxor	(@ptr[2]),$zero,@inp[2]
+	vpxor	(@ptr[3]),$zero,@inp[3]
+	 vpxor	@inp[0],@out[0],@out[0]
+	vpxor	(@ptr[4]),$zero,@inp[0]
+	 vpxor	@inp[1],@out[1],@out[1]
+	vpxor	(@ptr[5]),$zero,@inp[1]
+	 vpxor	@inp[2],@out[2],@out[2]
+	vpxor	(@ptr[6]),$zero,@inp[2]
+	 vpxor	@inp[3],@out[3],@out[3]
+	vpxor	(@ptr[7]),$zero,@inp[3]
+	 vpxor	@inp[0],@out[4],@out[4]
+	mov	\$1,$one			# constant of 1
+	 vpxor	@inp[1],@out[5],@out[5]
+	 vpxor	@inp[2],@out[6],@out[6]
+	 vpxor	@inp[3],@out[7],@out[7]
+	jmp	.Loop_enc8x
+
+.align	32
+.Loop_enc8x:
+___
+for($i=0;$i<8;$i++) {
+my $rndkey=($i&1)?$rndkey0:$rndkey1;
+$code.=<<___;
+	vaesenc		$rndkey,@out[0],@out[0]
+	 cmp		32+4*$i(%rsp),$one
+___
+$code.=<<___ if ($i);
+	 mov		64+8*$i(%rsp),$offset
+___
+$code.=<<___;
+	vaesenc		$rndkey,@out[1],@out[1]
+	prefetcht0	31(@ptr[$i])			# prefetch input
+	vaesenc		$rndkey,@out[2],@out[2]
+___
+$code.=<<___ if ($i>1);
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+___
+$code.=<<___;
+	vaesenc		$rndkey,@out[3],@out[3]
+	 lea		(@ptr[$i],$offset),$offset
+	 cmovge		%rsp,@ptr[$i]			# cancel input
+	vaesenc		$rndkey,@out[4],@out[4]
+	 cmovg		%rsp,$offset			# sink output
+	vaesenc		$rndkey,@out[5],@out[5]
+	 sub		@ptr[$i],$offset
+	vaesenc		$rndkey,@out[6],@out[6]
+	 vpxor		16(@ptr[$i]),$zero,@inp[$i%4]	# load input and xor with 0-round
+	 mov		$offset,64+8*$i(%rsp)
+	vaesenc		$rndkey,@out[7],@out[7]
+	vmovups		`16*(3+$i)-0x78`($key),$rndkey
+	 lea		16(@ptr[$i],$offset),@ptr[$i]	# switch to output
+___
+$code.=<<___ if ($i<4)
+	 vmovdqu	@inp[$i%4],`16*$i`($offload)	# off-load
+___
+}
+$code.=<<___;
+	 vmovdqu	32(%rsp),$counters
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+	prefetcht0	15(@ptr[$i-1])
+	cmp	\$11,$rounds
+	jb	.Lenc8x_tail
+
+	vaesenc		$rndkey1,@out[0],@out[0]
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	vaesenc		$rndkey1,@out[5],@out[5]
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0xb0-0x78($key),$rndkey1
+
+	vaesenc		$rndkey0,@out[0],@out[0]
+	vaesenc		$rndkey0,@out[1],@out[1]
+	vaesenc		$rndkey0,@out[2],@out[2]
+	vaesenc		$rndkey0,@out[3],@out[3]
+	vaesenc		$rndkey0,@out[4],@out[4]
+	vaesenc		$rndkey0,@out[5],@out[5]
+	vaesenc		$rndkey0,@out[6],@out[6]
+	vaesenc		$rndkey0,@out[7],@out[7]
+	vmovups		0xc0-0x78($key),$rndkey0
+	je	.Lenc8x_tail
+
+	vaesenc		$rndkey1,@out[0],@out[0]
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	vaesenc		$rndkey1,@out[5],@out[5]
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0xd0-0x78($key),$rndkey1
+
+	vaesenc		$rndkey0,@out[0],@out[0]
+	vaesenc		$rndkey0,@out[1],@out[1]
+	vaesenc		$rndkey0,@out[2],@out[2]
+	vaesenc		$rndkey0,@out[3],@out[3]
+	vaesenc		$rndkey0,@out[4],@out[4]
+	vaesenc		$rndkey0,@out[5],@out[5]
+	vaesenc		$rndkey0,@out[6],@out[6]
+	vaesenc		$rndkey0,@out[7],@out[7]
+	vmovups		0xe0-0x78($key),$rndkey0
+
+.Lenc8x_tail:
+	vaesenc		$rndkey1,@out[0],@out[0]
+	 vpxor		$zero,$zero,$zero
+	vaesenc		$rndkey1,@out[1],@out[1]
+	vaesenc		$rndkey1,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesenc		$rndkey1,@out[3],@out[3]
+	vaesenc		$rndkey1,@out[4],@out[4]
+	 vpaddd		$counters,$zero,$zero		# decrement counters
+	 vmovdqu	48(%rsp),$counters
+	vaesenc		$rndkey1,@out[5],@out[5]
+	 mov		64(%rsp),$offset		# pre-load 1st offset
+	vaesenc		$rndkey1,@out[6],@out[6]
+	vaesenc		$rndkey1,@out[7],@out[7]
+	vmovups		0x10-0x78($key),$rndkey1
+
+	vaesenclast	$rndkey0,@out[0],@out[0]
+	 vmovdqa	$zero,32(%rsp)			# update counters
+	 vpxor		$zero,$zero,$zero
+	vaesenclast	$rndkey0,@out[1],@out[1]
+	vaesenclast	$rndkey0,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesenclast	$rndkey0,@out[3],@out[3]
+	vaesenclast	$rndkey0,@out[4],@out[4]
+	 vpaddd		$zero,$counters,$counters	# decrement counters
+	 vmovdqu	-0x78($key),$zero		# 0-round
+	vaesenclast	$rndkey0,@out[5],@out[5]
+	vaesenclast	$rndkey0,@out[6],@out[6]
+	 vmovdqa	$counters,48(%rsp)		# update counters
+	vaesenclast	$rndkey0,@out[7],@out[7]
+	vmovups		0x20-0x78($key),$rndkey0
+
+	vmovups		@out[0],-16(@ptr[0])		# write output
+	 sub		$offset,@ptr[0]			# switch to input
+	 vpxor		0x00($offload),@out[0],@out[0]
+	vmovups		@out[1],-16(@ptr[1])	
+	 sub		`64+1*8`(%rsp),@ptr[1]
+	 vpxor		0x10($offload),@out[1],@out[1]
+	vmovups		@out[2],-16(@ptr[2])	
+	 sub		`64+2*8`(%rsp),@ptr[2]
+	 vpxor		0x20($offload),@out[2],@out[2]
+	vmovups		@out[3],-16(@ptr[3])
+	 sub		`64+3*8`(%rsp),@ptr[3]
+	 vpxor		0x30($offload),@out[3],@out[3]
+	vmovups		@out[4],-16(@ptr[4])
+	 sub		`64+4*8`(%rsp),@ptr[4]
+	 vpxor		@inp[0],@out[4],@out[4]
+	vmovups		@out[5],-16(@ptr[5])	
+	 sub		`64+5*8`(%rsp),@ptr[5]
+	 vpxor		@inp[1],@out[5],@out[5]
+	vmovups		@out[6],-16(@ptr[6])	
+	 sub		`64+6*8`(%rsp),@ptr[6]
+	 vpxor		@inp[2],@out[6],@out[6]
+	vmovups		@out[7],-16(@ptr[7])
+	 sub		`64+7*8`(%rsp),@ptr[7]
+	 vpxor		@inp[3],@out[7],@out[7]
+
+	dec	$num
+	jnz	.Loop_enc8x
+
+	mov	16(%rsp),%rax			# original %rsp
+	#mov	24(%rsp),$num
+	#lea	`40*8`($inp),$inp
+	#dec	$num
+	#jnz	.Lenc8x_loop_grande
+
+.Lenc8x_done:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lenc8x_epilogue:
+	ret
+.size	aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx
+
+.type	aesni_multi_cbc_decrypt_avx,\@function,3
+.align	32
+aesni_multi_cbc_decrypt_avx:
+_avx_cbc_dec_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	# stack layout
+	#
+	# +0	output sink
+	# +16	input sink [original %rsp and $num]
+	# +32	counters
+	# +64	distances between inputs and outputs
+	# +128	off-load area for @inp[0..3]
+	# +192	IV/input offload
+
+	sub	\$256,%rsp
+	and	\$-256,%rsp
+	sub	\$192,%rsp
+	mov	%rax,16(%rsp)			# original %rsp
+
+.Ldec8x_body:
+	vzeroupper
+	vmovdqu	($key),$zero			# 0-round key
+	lea	0x78($key),$key			# size optimization
+	lea	40*4($inp),$inp
+	shr	\$1,$num
+
+.Ldec8x_loop_grande:
+	#mov	$num,24(%rsp)			# original $num
+	xor	$num,$num
+___
+for($i=0;$i<8;$i++) {
+  my $temp = $i ? $offload : $offset;
+    $code.=<<___;
+	mov	`40*$i+16-40*4`($inp),$one	# borrow $one for number of blocks
+	mov	`40*$i+0-40*4`($inp),@ptr[$i]	# input pointer
+	cmp	$num,$one
+	mov	`40*$i+8-40*4`($inp),$temp	# output pointer
+	cmovg	$one,$num			# find maximum
+	test	$one,$one
+	vmovdqu	`40*$i+24-40*4`($inp),@out[$i]	# load IV
+	mov	$one,`32+4*$i`(%rsp)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+	sub	@ptr[$i],$temp			# distance between input and output
+	mov	$temp,`64+8*$i`(%rsp)		# initialize distances
+	vmovdqu	@out[$i],`192+16*$i`(%rsp)	# offload IV
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldec8x_done
+
+	vmovups	0x10-0x78($key),$rndkey1
+	vmovups	0x20-0x78($key),$rndkey0
+	mov	0xf0-0x78($key),$rounds
+	 lea	192+128(%rsp),$offload		# offload area
+
+	vmovdqu	(@ptr[0]),@out[0]		# load inputs
+	vmovdqu	(@ptr[1]),@out[1]
+	vmovdqu	(@ptr[2]),@out[2]
+	vmovdqu	(@ptr[3]),@out[3]
+	vmovdqu	(@ptr[4]),@out[4]
+	vmovdqu	(@ptr[5]),@out[5]
+	vmovdqu	(@ptr[6]),@out[6]
+	vmovdqu	(@ptr[7]),@out[7]
+	vmovdqu	@out[0],0x00($offload)		# offload inputs
+	vpxor	$zero,@out[0],@out[0]		# xor inputs with 0-round
+	vmovdqu	@out[1],0x10($offload)
+	vpxor	$zero,@out[1],@out[1]
+	vmovdqu	@out[2],0x20($offload)
+	vpxor	$zero,@out[2],@out[2]
+	vmovdqu	@out[3],0x30($offload)
+	vpxor	$zero,@out[3],@out[3]
+	vmovdqu	@out[4],0x40($offload)
+	vpxor	$zero,@out[4],@out[4]
+	vmovdqu	@out[5],0x50($offload)
+	vpxor	$zero,@out[5],@out[5]
+	vmovdqu	@out[6],0x60($offload)
+	vpxor	$zero,@out[6],@out[6]
+	vmovdqu	@out[7],0x70($offload)
+	vpxor	$zero,@out[7],@out[7]
+	xor	\$0x80,$offload
+	mov	\$1,$one			# constant of 1
+	jmp	.Loop_dec8x
+
+.align	32
+.Loop_dec8x:
+___
+for($i=0;$i<8;$i++) {
+my $rndkey=($i&1)?$rndkey0:$rndkey1;
+$code.=<<___;
+	vaesdec		$rndkey,@out[0],@out[0]
+	 cmp		32+4*$i(%rsp),$one
+___
+$code.=<<___ if ($i);
+	 mov		64+8*$i(%rsp),$offset
+___
+$code.=<<___;
+	vaesdec		$rndkey,@out[1],@out[1]
+	prefetcht0	31(@ptr[$i])			# prefetch input
+	vaesdec		$rndkey,@out[2],@out[2]
+___
+$code.=<<___ if ($i>1);
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+___
+$code.=<<___;
+	vaesdec		$rndkey,@out[3],@out[3]
+	 lea		(@ptr[$i],$offset),$offset
+	 cmovge		%rsp,@ptr[$i]			# cancel input
+	vaesdec		$rndkey,@out[4],@out[4]
+	 cmovg		%rsp,$offset			# sink output
+	vaesdec		$rndkey,@out[5],@out[5]
+	 sub		@ptr[$i],$offset
+	vaesdec		$rndkey,@out[6],@out[6]
+	 vmovdqu	16(@ptr[$i]),@inp[$i%4]		# load input
+	 mov		$offset,64+8*$i(%rsp)
+	vaesdec		$rndkey,@out[7],@out[7]
+	vmovups		`16*(3+$i)-0x78`($key),$rndkey
+	 lea		16(@ptr[$i],$offset),@ptr[$i]	# switch to output
+___
+$code.=<<___ if ($i<4);
+	 vmovdqu	@inp[$i%4],`128+16*$i`(%rsp)	# off-load
+___
+}
+$code.=<<___;
+	 vmovdqu	32(%rsp),$counters
+	prefetcht0	15(@ptr[$i-2])			# prefetch output
+	prefetcht0	15(@ptr[$i-1])
+	cmp	\$11,$rounds
+	jb	.Ldec8x_tail
+
+	vaesdec		$rndkey1,@out[0],@out[0]
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	vaesdec		$rndkey1,@out[5],@out[5]
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0xb0-0x78($key),$rndkey1
+
+	vaesdec		$rndkey0,@out[0],@out[0]
+	vaesdec		$rndkey0,@out[1],@out[1]
+	vaesdec		$rndkey0,@out[2],@out[2]
+	vaesdec		$rndkey0,@out[3],@out[3]
+	vaesdec		$rndkey0,@out[4],@out[4]
+	vaesdec		$rndkey0,@out[5],@out[5]
+	vaesdec		$rndkey0,@out[6],@out[6]
+	vaesdec		$rndkey0,@out[7],@out[7]
+	vmovups		0xc0-0x78($key),$rndkey0
+	je	.Ldec8x_tail
+
+	vaesdec		$rndkey1,@out[0],@out[0]
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	vaesdec		$rndkey1,@out[5],@out[5]
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0xd0-0x78($key),$rndkey1
+
+	vaesdec		$rndkey0,@out[0],@out[0]
+	vaesdec		$rndkey0,@out[1],@out[1]
+	vaesdec		$rndkey0,@out[2],@out[2]
+	vaesdec		$rndkey0,@out[3],@out[3]
+	vaesdec		$rndkey0,@out[4],@out[4]
+	vaesdec		$rndkey0,@out[5],@out[5]
+	vaesdec		$rndkey0,@out[6],@out[6]
+	vaesdec		$rndkey0,@out[7],@out[7]
+	vmovups		0xe0-0x78($key),$rndkey0
+
+.Ldec8x_tail:
+	vaesdec		$rndkey1,@out[0],@out[0]
+	 vpxor		$zero,$zero,$zero
+	vaesdec		$rndkey1,@out[1],@out[1]
+	vaesdec		$rndkey1,@out[2],@out[2]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesdec		$rndkey1,@out[3],@out[3]
+	vaesdec		$rndkey1,@out[4],@out[4]
+	 vpaddd		$counters,$zero,$zero		# decrement counters
+	 vmovdqu	48(%rsp),$counters
+	vaesdec		$rndkey1,@out[5],@out[5]
+	 mov		64(%rsp),$offset		# pre-load 1st offset
+	vaesdec		$rndkey1,@out[6],@out[6]
+	vaesdec		$rndkey1,@out[7],@out[7]
+	vmovups		0x10-0x78($key),$rndkey1
+
+	vaesdeclast	$rndkey0,@out[0],@out[0]
+	 vmovdqa	$zero,32(%rsp)			# update counters
+	 vpxor		$zero,$zero,$zero
+	vaesdeclast	$rndkey0,@out[1],@out[1]
+	vpxor		0x00($offload),@out[0],@out[0]	# xor with IV
+	vaesdeclast	$rndkey0,@out[2],@out[2]
+	vpxor		0x10($offload),@out[1],@out[1]
+	 vpcmpgtd	$zero,$counters,$zero
+	vaesdeclast	$rndkey0,@out[3],@out[3]
+	vpxor		0x20($offload),@out[2],@out[2]
+	vaesdeclast	$rndkey0,@out[4],@out[4]
+	vpxor		0x30($offload),@out[3],@out[3]
+	 vpaddd		$zero,$counters,$counters	# decrement counters
+	 vmovdqu	-0x78($key),$zero		# 0-round
+	vaesdeclast	$rndkey0,@out[5],@out[5]
+	vpxor		0x40($offload),@out[4],@out[4]
+	vaesdeclast	$rndkey0,@out[6],@out[6]
+	vpxor		0x50($offload),@out[5],@out[5]
+	 vmovdqa	$counters,48(%rsp)		# update counters
+	vaesdeclast	$rndkey0,@out[7],@out[7]
+	vpxor		0x60($offload),@out[6],@out[6]
+	vmovups		0x20-0x78($key),$rndkey0
+
+	vmovups		@out[0],-16(@ptr[0])		# write output
+	 sub		$offset,@ptr[0]			# switch to input
+	 vmovdqu	128+0(%rsp),@out[0]
+	vpxor		0x70($offload),@out[7],@out[7]
+	vmovups		@out[1],-16(@ptr[1])	
+	 sub		`64+1*8`(%rsp),@ptr[1]
+	 vmovdqu	@out[0],0x00($offload)
+	 vpxor		$zero,@out[0],@out[0]
+	 vmovdqu	128+16(%rsp),@out[1]
+	vmovups		@out[2],-16(@ptr[2])	
+	 sub		`64+2*8`(%rsp),@ptr[2]
+	 vmovdqu	@out[1],0x10($offload)
+	 vpxor		$zero,@out[1],@out[1]
+	 vmovdqu	128+32(%rsp),@out[2]
+	vmovups		@out[3],-16(@ptr[3])
+	 sub		`64+3*8`(%rsp),@ptr[3]
+	 vmovdqu	@out[2],0x20($offload)
+	 vpxor		$zero,@out[2],@out[2]
+	 vmovdqu	128+48(%rsp),@out[3]
+	vmovups		@out[4],-16(@ptr[4])
+	 sub		`64+4*8`(%rsp),@ptr[4]
+	 vmovdqu	@out[3],0x30($offload)
+	 vpxor		$zero,@out[3],@out[3]
+	 vmovdqu	@inp[0],0x40($offload)
+	 vpxor		@inp[0],$zero,@out[4]
+	vmovups		@out[5],-16(@ptr[5])	
+	 sub		`64+5*8`(%rsp),@ptr[5]
+	 vmovdqu	@inp[1],0x50($offload)
+	 vpxor		@inp[1],$zero,@out[5]
+	vmovups		@out[6],-16(@ptr[6])	
+	 sub		`64+6*8`(%rsp),@ptr[6]
+	 vmovdqu	@inp[2],0x60($offload)
+	 vpxor		@inp[2],$zero,@out[6]
+	vmovups		@out[7],-16(@ptr[7])
+	 sub		`64+7*8`(%rsp),@ptr[7]
+	 vmovdqu	@inp[3],0x70($offload)
+	 vpxor		@inp[3],$zero,@out[7]
+
+	xor	\$128,$offload
+	dec	$num
+	jnz	.Loop_dec8x
+
+	mov	16(%rsp),%rax			# original %rsp
+	#mov	24(%rsp),$num
+	#lea	`40*8`($inp),$inp
+	#dec	$num
+	#jnz	.Ldec8x_loop_grande
+
+.Ldec8x_done:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Ldec8x_epilogue:
+	ret
+.size	aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx
+___
+						}}}
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	16(%rax),%rax		# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore cotnext->R12
+	mov	%r13,224($context)	# restore cotnext->R13
+	mov	%r14,232($context)	# restore cotnext->R14
+	mov	%r15,240($context)	# restore cotnext->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_multi_cbc_encrypt
+	.rva	.LSEH_end_aesni_multi_cbc_encrypt
+	.rva	.LSEH_info_aesni_multi_cbc_encrypt
+	.rva	.LSEH_begin_aesni_multi_cbc_decrypt
+	.rva	.LSEH_end_aesni_multi_cbc_decrypt
+	.rva	.LSEH_info_aesni_multi_cbc_decrypt
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_end_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_info_aesni_multi_cbc_encrypt_avx
+	.rva	.LSEH_begin_aesni_multi_cbc_decrypt_avx
+	.rva	.LSEH_end_aesni_multi_cbc_decrypt_avx
+	.rva	.LSEH_info_aesni_multi_cbc_decrypt_avx
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_aesni_multi_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc4x_body,.Lenc4x_epilogue		# HandlerData[]
+.LSEH_info_aesni_multi_cbc_decrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec4x_body,.Ldec4x_epilogue		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_aesni_multi_cbc_encrypt_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc8x_body,.Lenc8x_epilogue		# HandlerData[]
+.LSEH_info_aesni_multi_cbc_decrypt_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec8x_body,.Ldec8x_epilogue		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    push @opcode,$rex|0x40	if($rex);
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x66);
+
+    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	rex(\@opcode,$4,$3);
+	push @opcode,0x0f,0x3a,0xdf;
+	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
+	my $c=$2;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesimc" => 0xdb,
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	my $off = $2;
+	push @opcode,0x44 if ($3>=8);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0x44|(($3&7)<<3),0x24;	# ModR/M
+	push @opcode,($off=~/^0/?oct($off):$off)&0xff;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesni-sha1-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/aesni-sha1-x86_64.pl
new file mode 100644
index 0000000..33a7f0c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -0,0 +1,2072 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# June 2011
+#
+# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled
+# in http://download.intel.com/design/intarch/papers/323686.pdf, is
+# that since AESNI-CBC encrypt exhibit *very* low instruction-level
+# parallelism, interleaving it with another algorithm would allow to
+# utilize processor resources better and achieve better performance.
+# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and
+# AESNI code is weaved into it. Below are performance numbers in
+# cycles per processed byte, less is better, for standalone AESNI-CBC
+# encrypt, sum of the latter and standalone SHA1, and "stitched"
+# subroutine:
+#
+#		AES-128-CBC	+SHA1		stitch      gain
+# Westmere	3.77[+5.3]	9.07		6.55	    +38%
+# Sandy Bridge	5.05[+5.0(6.1)]	10.06(11.15)	5.98(7.05)  +68%(+58%)
+# Ivy Bridge	5.05[+4.6]	9.65		5.54        +74%
+# Haswell	4.43[+3.6(4.2)]	8.00(8.58)	4.55(5.21)  +75%(+65%)
+# Skylake	2.63[+3.5(4.1)]	6.17(6.69)	4.23(4.44)  +46%(+51%)
+# Bulldozer	5.77[+6.0]	11.72		6.37        +84%
+# Ryzen(**)	2.71[+1.93]	4.64		2.74        +69%
+# Goldmont(**)	3.82[+1.70]	5.52		4.20        +31%
+#
+#		AES-192-CBC
+# Westmere	4.51		9.81		6.80	    +44%
+# Sandy Bridge	6.05		11.06(12.15)	6.11(7.19)  +81%(+69%)
+# Ivy Bridge	6.05		10.65		6.07        +75%
+# Haswell	5.29		8.86(9.44)	5.32(5.32)  +67%(+77%)
+# Bulldozer	6.89		12.84		6.96        +84%
+#
+#		AES-256-CBC
+# Westmere	5.25		10.55		7.21	    +46%
+# Sandy Bridge	7.05		12.06(13.15)	7.12(7.72)  +69%(+70%)
+# Ivy Bridge	7.05		11.65		7.12        +64%
+# Haswell	6.19		9.76(10.34)	6.21(6.25)  +57%(+65%)
+# Skylake	3.62		7.16(7.68)	4.56(4.76)  +57%(+61%)
+# Bulldozer	8.00		13.95		8.25        +69%
+# Ryzen(**)	3.71		5.64		3.72        +52%
+# Goldmont(**)	5.35		7.05		5.76        +22%
+#
+# (*)	There are two code paths: SSSE3 and AVX. See sha1-568.pl for
+#	background information. Above numbers in parentheses are SSSE3
+#	results collected on AVX-capable CPU, i.e. apply on OSes that
+#	don't support AVX.
+# (**)	SHAEXT results.
+#
+# Needless to mention that it makes no sense to implement "stitched"
+# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1
+# fully utilize parallelism, so stitching would not give any gain
+# anyway. Well, there might be some, e.g. because of better cache
+# locality... For reference, here are performance results for
+# standalone AESNI-CBC decrypt:
+#
+#		AES-128-CBC	AES-192-CBC	AES-256-CBC
+# Westmere	1.25		1.50		1.75
+# Sandy Bridge	0.74		0.91		1.09
+# Ivy Bridge	0.74		0.90		1.11
+# Haswell	0.63		0.76		0.88
+# Bulldozer	0.70		0.85		0.99
+
+# And indeed:
+#
+#		AES-256-CBC	+SHA1		stitch      gain
+# Westmere	1.75		7.20		6.68        +7.8%
+# Sandy Bridge	1.09		6.09(7.22)	5.82(6.95)  +4.6%(+3.9%)
+# Ivy Bridge	1.11		5.70		5.45        +4.6%
+# Haswell	0.88		4.45(5.00)	4.39(4.69)  +1.4%(*)(+6.6%)
+# Bulldozer	0.99		6.95		5.95        +17%(**)
+#
+# (*)	Tiny improvement coefficient on Haswell is because we compare
+#	AVX1 stitch to sum with AVX2 SHA1.
+# (**)	Execution is fully dominated by integer code sequence and
+#	SIMD still hardly shows [in single-process benchmark;-]
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+	   $1>=2.19);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+	   $1>=2.09);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
+	   $1>=10);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+
+$stitched_decrypt=0;
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void aesni_cbc_sha1_enc(const void *inp,
+#			void *out,
+#			size_t length,
+#			const AES_KEY *key,
+#			unsigned char *iv,
+#			SHA_CTX *ctx,
+#			const void *in0);
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	aesni_cbc_sha1_enc
+.type	aesni_cbc_sha1_enc,\@abi-omnipotent
+.align	32
+aesni_cbc_sha1_enc:
+	# caller should check for SSSE3 and AES-NI bits
+	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r11
+___
+$code.=<<___ if ($shaext);
+	bt	\$61,%r11		# check SHA bit
+	jc	aesni_cbc_sha1_enc_shaext
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r11d		# mask AVX bit
+	and	\$`1<<30`,%r10d		# mask "Intel CPU" bit
+	or	%r11d,%r10d
+	cmp	\$`1<<28|1<<30`,%r10d
+	je	aesni_cbc_sha1_enc_avx
+___
+$code.=<<___;
+	jmp	aesni_cbc_sha1_enc_ssse3
+	ret
+.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
+___
+
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my $j=0; my $jj=0; my $r=0; my $sn=0; my $rx=0;
+my $K_XX_XX="%r11";
+my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13));			# for enc
+my @rndkey=("%xmm14","%xmm15");					# for enc
+my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15));	# for dec
+
+if (1) {	# reassign for Atom Silvermont
+    # The goal is to minimize amount of instructions with more than
+    # 3 prefix bytes. Or in more practical terms to keep AES-NI *and*
+    # SSSE3 instructions to upper half of the register bank.
+    @X=map("%xmm$_",(8..11,4..7));
+    @Tx=map("%xmm$_",(12,13,3));
+    ($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15));
+    @rndkey=("%xmm0","%xmm1");
+}
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_ssse3,\@function,6
+.align	32
+aesni_cbc_sha1_enc_ssse3:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	#shr	\$6,$len			# debugging artefact
+	#jz	.Lepilogue_ssse3		# debugging artefact
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+	#mov	$in0,$inp			# debugging artefact
+	#lea	64(%rsp),$ctx			# debugging artefact
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_ssse3:
+___
+$code.=<<___;
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	movdqu	($ivp),$iv			# load IV
+	mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+my $rounds="${ivp}d";
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	mov	240-112($key),$rounds
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@Tx[2]	# pbswap mask
+	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@Tx[2],@X[-4&7]		# byte swap
+	pshufb	@Tx[2],@X[-3&7]
+	pshufb	@Tx[2],@X[-2&7]
+	add	\$64,$inp
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	pshufb	@Tx[2],@X[-1&7]
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	movups	-112($key),$rndkey0	# $key[0]
+	movups	16-112($key),$rndkey[0]	# forward reference
+	jmp	.Loop_ssse3
+___
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	movups		`16*$n`($in0),$in		# load input
+	xorps		$rndkey0,$in
+___
+      $code.=<<___ if ($n);
+	movups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	xorps		$in,$iv
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Laesenclast$sn
+	movups		`32+16*($k+0)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+1)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+	je		.Laesenclast$sn
+	movups		`32+16*($k+2)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+3)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+.Laesenclast$sn:
+	aesenclast	$rndkey[0],$iv
+	movups		16-112($key),$rndkey[1]		# forward reference
+___
+    } else {
+      $code.=<<___;
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	&pshufd	(@X[0],@X[-4&7],0xee);	# was &movdqa	(@X[0],@X[-3&7]);
+	 eval(shift(@insns));
+	&movdqa	(@Tx[0],@X[-1&7]);
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@Tx[2],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&movdqa	(@Tx[1],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@Tx[1],2);
+	&pxor	(@X[0],@Tx[2]);
+	 eval(shift(@insns));
+	  &movdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	&pshufd (@Tx[1],@X[-1&7],0xee)	if ($Xi==7);	# was &movdqa	(@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns))		if ($Xi==8);
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns))		if ($Xi==8);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_ror/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+	&punpcklqdq(@Tx[0],@X[-1&7]);	# compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	if ($Xi%5) {
+	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+	} else {			# ... or load next one
+	  &movdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
+	}
+	 eval(shift(@insns));		# ror
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psrld	(@Tx[0],30);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	  &pshufd(@Tx[1],@X[-1&7],0xee)	if ($Xi<19);	# was &movdqa	(@Tx[1],@X[0])
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$len);
+	&je	(shift);
+
+	unshift(@Tx,pop(@Tx));
+
+	&movdqa	(@Tx[2],"64($K_XX_XX)");	# pbswap mask
+	&movdqa	(@Tx[1],"0($K_XX_XX)");		# K_00_19
+	&movdqu	(@X[-4&7],"0($inp)");		# load input
+	&movdqu	(@X[-3&7],"16($inp)");
+	&movdqu	(@X[-2&7],"32($inp)");
+	&movdqu	(@X[-1&7],"48($inp)");
+	&pshufb	(@X[-4&7],@Tx[2]);		# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@Tx[1]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+my @body_00_19 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2);',	# $b>>>2
+	'&xor	(@T[0],$d);',
+	'&mov	(@T[1],$a);',	# $b for next round
+
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&xor	($b,$c);',	# $c^$d for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&and	(@T[1],$b);',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c);',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_00_19 () {	# ((c^d)&b)^d
+    # on start @T[0]=(c^d)&b
+    return &body_20_39() if ($rx==19); $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_00_19;
+
+	$n = scalar(@r);
+	$k = (($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n);
+	$jj++;
+
+    return @r;
+}
+
+my @body_20_39 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19);',	# ($b^$d^$c)
+	'&mov	(@T[1],$a);',	# $b for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j< 79);',	# $b^$d for next round
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_20_39 () {	# b^d^c
+    # on entry @T[0]=b^d
+    return &body_40_59() if ($rx==39); $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_20_39;
+
+	$n = scalar(@r);
+	$k = (($jj+1)*8/20)*20*$n/8;	# 8 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n && $rx!=20);
+	$jj++;
+
+    return @r;
+}
+
+my @body_40_59 = (
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40);',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40);',	# restore $c
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&mov	(@T[1],$a);',	# $b for next round
+	'&xor	(@T[0],$c);',
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59);',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59);',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+    # on entry @T[0]=(b^c), (c^=d)
+    $rx++;
+
+    use integer;
+    my ($k,$n);
+    my @r=@body_40_59;
+
+	$n = scalar(@r);
+	$k=(($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
+	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n && $rx!=40);
+	$jj++;
+
+    return @r;
+}
+$code.=<<___;
+.align	32
+.Loop_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39,".Ldone_ssse3");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_r=$r; @saved_rndkey=@rndkey;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+$code.=<<___;
+	movups	$iv,48($out,$in0)		# write output
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_ssse3
+
+.Ldone_ssse3:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$r=$saved_r;     @rndkey=@saved_rndkey;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+$code.=<<___;
+	movups	$iv,48($out,$in0)		# write output
+	mov	88(%rsp),$ivp			# restore $ivp
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	movups	$iv,($ivp)			# write IV
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_ssse3:
+	ret
+.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
+___
+
+						if ($stitched_decrypt) {{{
+# reset
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+$j=$jj=$r=$rx=0;
+$Xi=4;
+
+# reassign for Atom Silvermont (see above)
+($inout0,$inout1,$inout2,$inout3,$rndkey0)=map("%xmm$_",(0..4));
+@X=map("%xmm$_",(8..13,6,7));
+@Tx=map("%xmm$_",(14,15,5));
+
+my @aes256_dec = (
+	'&movdqu($inout0,"0x00($in0)");',
+	'&movdqu($inout1,"0x10($in0)");	&pxor	($inout0,$rndkey0);',
+	'&movdqu($inout2,"0x20($in0)");	&pxor	($inout1,$rndkey0);',
+	'&movdqu($inout3,"0x30($in0)");	&pxor	($inout2,$rndkey0);',
+
+	'&pxor	($inout3,$rndkey0);	&movups	($rndkey0,"16-112($key)");',
+	'&movaps("64(%rsp)",@X[2]);',	# save IV, originally @X[3]
+	undef,undef
+	);
+for ($i=0;$i<13;$i++) {
+    push (@aes256_dec,(
+	'&aesdec	($inout0,$rndkey0);',
+	'&aesdec	($inout1,$rndkey0);',
+	'&aesdec	($inout2,$rndkey0);',
+	'&aesdec	($inout3,$rndkey0);	&movups($rndkey0,"'.(16*($i+2)-112).'($key)");'
+	));
+    push (@aes256_dec,(undef,undef))	if (($i>=3 && $i<=5) || $i>=11);
+    push (@aes256_dec,(undef,undef))	if ($i==5);
+}
+push(@aes256_dec,(
+	'&aesdeclast	($inout0,$rndkey0);	&movups	(@X[0],"0x00($in0)");',
+	'&aesdeclast	($inout1,$rndkey0);	&movups	(@X[1],"0x10($in0)");',
+	'&aesdeclast	($inout2,$rndkey0);	&movups	(@X[2],"0x20($in0)");',
+	'&aesdeclast	($inout3,$rndkey0);	&movups	(@X[3],"0x30($in0)");',
+
+	'&xorps		($inout0,"64(%rsp)");	&movdqu	($rndkey0,"-112($key)");',
+	'&xorps		($inout1,@X[0]);	&movups	("0x00($out,$in0)",$inout0);',
+	'&xorps		($inout2,@X[1]);	&movups	("0x10($out,$in0)",$inout1);',
+	'&xorps		($inout3,@X[2]);	&movups	("0x20($out,$in0)",$inout2);',
+
+	'&movups	("0x30($out,$in0)",$inout3);'
+	));
+
+sub body_00_19_dec () {	# ((c^d)&b)^d
+    # on start @T[0]=(c^d)&b
+    return &body_20_39_dec() if ($rx==19);
+
+    my @r=@body_00_19;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+sub body_20_39_dec () {	# b^d^c
+    # on entry @T[0]=b^d
+    return &body_40_59_dec() if ($rx==39);
+  
+    my @r=@body_20_39;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+sub body_40_59_dec () {	# ((b^c)&(c^d))^c
+    # on entry @T[0]=(b^c), (c^=d)
+
+    my @r=@body_40_59;
+
+	unshift (@r,@aes256_dec[$rx])	if (@aes256_dec[$rx]);
+	$rx++;
+
+    return @r;
+}
+
+$code.=<<___;
+.globl	aesni256_cbc_sha1_dec
+.type	aesni256_cbc_sha1_dec,\@abi-omnipotent
+.align	32
+aesni256_cbc_sha1_dec:
+	# caller should check for SSSE3 and AES-NI bits
+	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r11d
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r11d		# mask AVX bit
+	and	\$`1<<30`,%r10d		# mask "Intel CPU" bit
+	or	%r11d,%r10d
+	cmp	\$`1<<28|1<<30`,%r10d
+	je	aesni256_cbc_sha1_dec_avx
+___
+$code.=<<___;
+	jmp	aesni256_cbc_sha1_dec_ssse3
+	ret
+.size	aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec
+
+.type	aesni256_cbc_sha1_dec_ssse3,\@function,6
+.align	32
+aesni256_cbc_sha1_dec_ssse3:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_dec_ssse3:
+___
+$code.=<<___;
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	movdqu	($ivp),@X[3]			# load IV
+	#mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@Tx[2]	# pbswap mask
+	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@Tx[2],@X[-4&7]		# byte swap
+	add	\$64,$inp
+	pshufb	@Tx[2],@X[-3&7]
+	pshufb	@Tx[2],@X[-2&7]
+	pshufb	@Tx[2],@X[-1&7]
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	movdqu	-112($key),$rndkey0	# $key[0]
+	jmp	.Loop_dec_ssse3
+
+.align	32
+.Loop_dec_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_16_31(\&body_00_19_dec);
+	&Xupdate_ssse3_32_79(\&body_00_19_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_40_59_dec);
+	&Xupdate_ssse3_32_79(\&body_20_39_dec);
+	&Xuplast_ssse3_80(\&body_20_39_dec,".Ldone_dec_ssse3");	# can jump to "done"
+
+				$saved_j=$j;   @saved_V=@V;
+				$saved_rx=$rx;
+
+	&Xloop_ssse3(\&body_20_39_dec);
+	&Xloop_ssse3(\&body_20_39_dec);
+	&Xloop_ssse3(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_dec_ssse3
+
+.Ldone_dec_ssse3:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$rx=$saved_rx;
+
+	&Xtail_ssse3(\&body_20_39_dec);
+	&Xtail_ssse3(\&body_20_39_dec);
+	&Xtail_ssse3(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	movups	@X[3],($ivp)			# write IV
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_dec_ssse3:
+	ret
+.size	aesni256_cbc_sha1_dec_ssse3,.-aesni256_cbc_sha1_dec_ssse3
+___
+						}}}
+$j=$jj=$r=$rx=0;
+
+if ($avx) {
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13));
+my @rndkey=("%xmm14","%xmm15");
+my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15));	# for dec
+my $Kx=@Tx[2];
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_avx,\@function,6
+.align	32
+aesni_cbc_sha1_enc_avx:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	#shr	\$6,$len			# debugging artefact
+	#jz	.Lepilogue_avx			# debugging artefact
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+	#mov	$in0,$inp			# debugging artefact
+	#lea	64(%rsp),$ctx			# debugging artefact
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_avx:
+___
+$code.=<<___;
+	vzeroall
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	vmovdqu	($ivp),$iv			# load IV
+	mov	$ivp,88(%rsp)			# save $ivp
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+my $rounds="${ivp}d";
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	mov	240-112($key),$rounds
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	0($K_XX_XX),$Kx		# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	vmovups	-112($key),$rndkey[1]	# $key[0]
+	vmovups	16-112($key),$rndkey[0]	# forward reference
+	jmp	.Loop_avx
+___
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	vmovdqu		`16*$n`($in0),$in		# load input
+	vpxor		$rndkey[1],$in,$in
+___
+      $code.=<<___ if ($n);
+	vmovups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	vpxor		$in,$iv,$iv
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*$k-112`($key),$rndkey[1]
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Lvaesenclast$sn
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*($k+0)-112`($key),$rndkey[1]
+	vaesenc		$rndkey[1],$iv,$iv
+	vmovups		`32+16*($k+1)-112`($key),$rndkey[0]
+	je		.Lvaesenclast$sn
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*($k+2)-112`($key),$rndkey[1]
+	vaesenc		$rndkey[1],$iv,$iv
+	vmovups		`32+16*($k+3)-112`($key),$rndkey[0]
+.Lvaesenclast$sn:
+	vaesenclast	$rndkey[0],$iv,$iv
+	vmovups		-112($key),$rndkey[0]
+	vmovups		16-112($key),$rndkey[1]		# forward reference
+___
+    } else {
+      $code.=<<___;
+	vaesenc		$rndkey[0],$iv,$iv
+	vmovups		`32+16*$k-112`($key),$rndkey[1]
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[1],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	&vpsrld	(@Tx[0],@Tx[1],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[1],@Tx[1],2);
+	&vpxor	(@X[0],@X[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	($Kx,eval(16*(($Xi)/5))."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	  &vmovdqa	($Kx,eval(16*($Xi/5))."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$len);
+	&je	(shift);
+
+	&vmovdqa(@Tx[1],"64($K_XX_XX)");	# pbswap mask
+	&vmovdqa($Kx,"0($K_XX_XX)");		# K_00_19
+	&vmovdqu(@X[-4&7],"0($inp)");		# load input
+	&vmovdqu(@X[-3&7],"16($inp)");
+	&vmovdqu(@X[-2&7],"32($inp)");
+	&vmovdqu(@X[-1&7],"48($inp)");
+	&vpshufb(@X[-4&7],@X[-4&7],@Tx[1]);	# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@Tx[0],@X[($Xi-4)&7],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa(eval(16*$Xi)."(%rsp)",@Tx[0]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+$code.=<<___;
+.align	32
+.Loop_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39,".Ldone_avx");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_r=$r; @saved_rndkey=@rndkey;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+$code.=<<___;
+	vmovups	$iv,48($out,$in0)		# write output
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_avx
+
+.Ldone_avx:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$r=$saved_r;     @rndkey=@saved_rndkey;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+$code.=<<___;
+	vmovups	$iv,48($out,$in0)		# write output
+	mov	88(%rsp),$ivp			# restore $ivp
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	vmovups	$iv,($ivp)			# write IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_avx:
+	ret
+.size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
+___
+
+						if ($stitched_decrypt) {{{
+# reset
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$j=$jj=$r=$rx=0;
+$Xi=4;
+
+@aes256_dec = (
+	'&vpxor	($inout0,$rndkey0,"0x00($in0)");',
+	'&vpxor	($inout1,$rndkey0,"0x10($in0)");',
+	'&vpxor	($inout2,$rndkey0,"0x20($in0)");',
+	'&vpxor	($inout3,$rndkey0,"0x30($in0)");',
+
+	'&vmovups($rndkey0,"16-112($key)");',
+	'&vmovups("64(%rsp)",@X[2]);',		# save IV, originally @X[3]
+	undef,undef
+	);
+for ($i=0;$i<13;$i++) {
+    push (@aes256_dec,(
+	'&vaesdec	($inout0,$inout0,$rndkey0);',
+	'&vaesdec	($inout1,$inout1,$rndkey0);',
+	'&vaesdec	($inout2,$inout2,$rndkey0);',
+	'&vaesdec	($inout3,$inout3,$rndkey0);	&vmovups($rndkey0,"'.(16*($i+2)-112).'($key)");'
+	));
+    push (@aes256_dec,(undef,undef))	if (($i>=3 && $i<=5) || $i>=11);
+    push (@aes256_dec,(undef,undef))	if ($i==5);
+}
+push(@aes256_dec,(
+	'&vaesdeclast	($inout0,$inout0,$rndkey0);	&vmovups(@X[0],"0x00($in0)");',
+	'&vaesdeclast	($inout1,$inout1,$rndkey0);	&vmovups(@X[1],"0x10($in0)");',
+	'&vaesdeclast	($inout2,$inout2,$rndkey0);	&vmovups(@X[2],"0x20($in0)");',
+	'&vaesdeclast	($inout3,$inout3,$rndkey0);	&vmovups(@X[3],"0x30($in0)");',
+
+	'&vxorps	($inout0,$inout0,"64(%rsp)");	&vmovdqu($rndkey0,"-112($key)");',
+	'&vxorps	($inout1,$inout1,@X[0]);	&vmovups("0x00($out,$in0)",$inout0);',
+	'&vxorps	($inout2,$inout2,@X[1]);	&vmovups("0x10($out,$in0)",$inout1);',
+	'&vxorps	($inout3,$inout3,@X[2]);	&vmovups("0x20($out,$in0)",$inout2);',
+
+	'&vmovups	("0x30($out,$in0)",$inout3);'
+	));
+
+$code.=<<___;
+.type	aesni256_cbc_sha1_dec_avx,\@function,6
+.align	32
+aesni256_cbc_sha1_dec_avx:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,96+0(%rsp)
+	movaps	%xmm7,96+16(%rsp)
+	movaps	%xmm8,96+32(%rsp)
+	movaps	%xmm9,96+48(%rsp)
+	movaps	%xmm10,96+64(%rsp)
+	movaps	%xmm11,96+80(%rsp)
+	movaps	%xmm12,96+96(%rsp)
+	movaps	%xmm13,96+112(%rsp)
+	movaps	%xmm14,96+128(%rsp)
+	movaps	%xmm15,96+144(%rsp)
+.Lprologue_dec_avx:
+___
+$code.=<<___;
+	vzeroall
+	mov	$in0,%r12			# reassign arguments
+	mov	$out,%r13
+	mov	$len,%r14
+	lea	112($key),%r15			# size optimization
+	vmovdqu	($ivp),@X[3]			# load IV
+___
+($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
+$code.=<<___;
+	shl	\$6,$len
+	sub	$in0,$out
+	add	$inp,$len		# end of input
+
+	lea	K_XX_XX(%rip),$K_XX_XX
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	0($K_XX_XX),$Kx		# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	vmovups	-112($key),$rndkey0	# $key[0]
+	jmp	.Loop_dec_avx
+
+.align	32
+.Loop_dec_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_16_31(\&body_00_19_dec);
+	&Xupdate_avx_32_79(\&body_00_19_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_40_59_dec);
+	&Xupdate_avx_32_79(\&body_20_39_dec);
+	&Xuplast_avx_80(\&body_20_39_dec,".Ldone_dec_avx");	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+				$saved_rx=$rx;
+
+	&Xloop_avx(\&body_20_39_dec);
+	&Xloop_avx(\&body_20_39_dec);
+	&Xloop_avx(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+	lea	64($in0),$in0
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_dec_avx
+
+.Ldone_dec_avx:
+___
+				$jj=$j=$saved_j; @V=@saved_V;
+				$rx=$saved_rx;
+
+	&Xtail_avx(\&body_20_39_dec);
+	&Xtail_avx(\&body_20_39_dec);
+	&Xtail_avx(\&body_20_39_dec);
+
+	eval(@aes256_dec[-1]);			# last store
+$code.=<<___;
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+	vmovups	@X[3],($ivp)			# write IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	96+0(%rsp),%xmm6
+	movaps	96+16(%rsp),%xmm7
+	movaps	96+32(%rsp),%xmm8
+	movaps	96+48(%rsp),%xmm9
+	movaps	96+64(%rsp),%xmm10
+	movaps	96+80(%rsp),%xmm11
+	movaps	96+96(%rsp),%xmm12
+	movaps	96+112(%rsp),%xmm13
+	movaps	96+128(%rsp),%xmm14
+	movaps	96+144(%rsp),%xmm15
+___
+$code.=<<___;
+	lea	`104+($win64?10*16:0)`(%rsp),%rsi
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_dec_avx:
+	ret
+.size	aesni256_cbc_sha1_dec_avx,.-aesni256_cbc_sha1_dec_avx
+___
+						}}}
+}
+$code.=<<___;
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+
+.asciz	"AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+						if ($shaext) {{{
+($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$rounds="%r11d";
+
+($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15));
+@rndkey=("%xmm0","%xmm1");
+$r=0;
+
+my ($BSWAP,$ABCD,$E,$E_,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(7..12));
+my @MSG=map("%xmm$_",(3..6));
+
+$code.=<<___;
+.type	aesni_cbc_sha1_enc_shaext,\@function,6
+.align	32
+aesni_cbc_sha1_enc_shaext:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+___
+$code.=<<___ if ($win64);
+	lea	`-8-10*16`(%rsp),%rsp
+	movaps	%xmm6,-8-10*16(%rax)
+	movaps	%xmm7,-8-9*16(%rax)
+	movaps	%xmm8,-8-8*16(%rax)
+	movaps	%xmm9,-8-7*16(%rax)
+	movaps	%xmm10,-8-6*16(%rax)
+	movaps	%xmm11,-8-5*16(%rax)
+	movaps	%xmm12,-8-4*16(%rax)
+	movaps	%xmm13,-8-3*16(%rax)
+	movaps	%xmm14,-8-2*16(%rax)
+	movaps	%xmm15,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	movdqu	($ctx),$ABCD
+	movd	16($ctx),$E
+	movdqa	K_XX_XX+0x50(%rip),$BSWAP	# byte-n-word swap
+
+	mov	240($key),$rounds
+	sub	$in0,$out
+	movups	($key),$rndkey0			# $key[0]
+	movups	($ivp),$iv			# load IV
+	movups	16($key),$rndkey[0]		# forward reference
+	lea	112($key),$key			# size optimization
+
+	pshufd	\$0b00011011,$ABCD,$ABCD	# flip word order
+	pshufd	\$0b00011011,$E,$E		# flip word order
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+___
+	&$aesenc();
+$code.=<<___;
+	movdqu		($inp),@MSG[0]
+	movdqa		$E,$E_SAVE		# offload $E
+	pshufb		$BSWAP,@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqa		$ABCD,$ABCD_SAVE	# offload $ABCD
+___
+	&$aesenc();
+$code.=<<___;
+	pshufb		$BSWAP,@MSG[1]
+
+	paddd		@MSG[0],$E
+	movdqu		0x20($inp),@MSG[2]
+	lea		0x40($inp),$inp
+	pxor		$E_SAVE,@MSG[0]		# black magic
+___
+	&$aesenc();
+$code.=<<___;
+	pxor		$E_SAVE,@MSG[0]		# black magic
+	movdqa		$ABCD,$E_
+	pshufb		$BSWAP,@MSG[2]
+	sha1rnds4	\$0,$E,$ABCD		# 0-3
+	sha1nexte	@MSG[1],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	sha1msg1	@MSG[1],@MSG[0]
+	movdqu		-0x10($inp),@MSG[3]
+	movdqa		$ABCD,$E
+	pshufb		$BSWAP,@MSG[3]
+___
+	&$aesenc();
+$code.=<<___;
+	sha1rnds4	\$0,$E_,$ABCD		# 4-7
+	sha1nexte	@MSG[2],$E
+	pxor		@MSG[2],@MSG[0]
+	sha1msg1	@MSG[2],@MSG[1]
+___
+	&$aesenc();
+
+for($i=2;$i<20-4;$i++) {
+$code.=<<___;
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$`int($i/5)`,$E,$ABCD	# 8-11
+	sha1nexte	@MSG[3],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	sha1msg2	@MSG[3],@MSG[0]
+	pxor		@MSG[3],@MSG[1]
+	sha1msg1	@MSG[3],@MSG[2]
+___
+	($E,$E_)=($E_,$E);
+	push(@MSG,shift(@MSG));
+
+	&$aesenc();
+}
+$code.=<<___;
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 64-67
+	sha1nexte	@MSG[3],$E_
+	sha1msg2	@MSG[3],@MSG[0]
+	pxor		@MSG[3],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 68-71
+	sha1nexte	@MSG[0],$E
+	sha1msg2	@MSG[0],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$E_SAVE,@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 72-75
+	sha1nexte	@MSG[1],$E_
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 76-79
+	sha1nexte	$MSG[0],$E
+___
+	while($r<40)	{ &$aesenc(); }		# remaining aesenc's
+$code.=<<___;
+	dec		$len
+
+	paddd		$ABCD_SAVE,$ABCD
+	movups		$iv,48($out,$in0)	# write output
+	lea		64($in0),$in0
+	jnz		.Loop_shaext
+
+	pshufd	\$0b00011011,$ABCD,$ABCD
+	pshufd	\$0b00011011,$E,$E
+	movups	$iv,($ivp)			# write IV
+	movdqu	$ABCD,($ctx)
+	movd	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-10*16(%rax),%xmm6
+	movaps	-8-9*16(%rax),%xmm7
+	movaps	-8-8*16(%rax),%xmm8
+	movaps	-8-7*16(%rax),%xmm9
+	movaps	-8-6*16(%rax),%xmm10
+	movaps	-8-5*16(%rax),%xmm11
+	movaps	-8-4*16(%rax),%xmm12
+	movaps	-8-3*16(%rax),%xmm13
+	movaps	-8-2*16(%rax),%xmm14
+	movaps	-8-1*16(%rax),%xmm15
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext
+___
+						}}}
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	ssse3_handler,\@abi-omnipotent
+.align	16
+ssse3_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+___
+$code.=<<___ if ($shaext);
+	lea	aesni_cbc_sha1_enc_shaext(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lseh_no_shaext
+
+	lea	(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	168(%rax),%rax		# adjust stack pointer
+	jmp	.Lcommon_seh_tail
+.Lseh_no_shaext:
+___
+$code.=<<___;
+	lea	96(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	`104+10*16`(%rax),%rax	# adjust stack pointer
+
+	mov	0(%rax),%r15
+	mov	8(%rax),%r14
+	mov	16(%rax),%r13
+	mov	24(%rax),%r12
+	mov	32(%rax),%rbp
+	mov	40(%rax),%rbx
+	lea	48(%rax),%rax
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	ssse3_handler,.-ssse3_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_ssse3
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_ssse3
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_ssse3
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_avx
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_avx
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_avx
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_aesni_cbc_sha1_enc_shaext
+	.rva	.LSEH_end_aesni_cbc_sha1_enc_shaext
+	.rva	.LSEH_info_aesni_cbc_sha1_enc_shaext
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_aesni_cbc_sha1_enc_ssse3:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_aesni_cbc_sha1_enc_avx:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_aesni_cbc_sha1_enc_shaext:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+}
+
+####################################################################
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    unshift @opcode,$rex|0x40	if($rex);
+}
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	rex(\@opcode,$3,$2);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x0f,0x38);
+
+    if ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,$opcodelet{$1},0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	unshift @opcode,0x66;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+foreach (split("\n",$code)) {
+        s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo		or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo		or
+	s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesni-sha256-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/aesni-sha256-x86_64.pl
new file mode 100644
index 0000000..0e49f26
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -0,0 +1,1717 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# January 2013
+#
+# This is AESNI-CBC+SHA256 stitch implementation. The idea, as spelled
+# in http://download.intel.com/design/intarch/papers/323686.pdf, is
+# that since AESNI-CBC encrypt exhibit *very* low instruction-level
+# parallelism, interleaving it with another algorithm would allow to
+# utilize processor resources better and achieve better performance.
+# SHA256 instruction sequences(*) are taken from sha512-x86_64.pl and
+# AESNI code is weaved into it. As SHA256 dominates execution time,
+# stitch performance does not depend on AES key length. Below are
+# performance numbers in cycles per processed byte, less is better,
+# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
+# subroutine:
+#
+#		 AES-128/-192/-256+SHA256   this(**)	gain
+# Sandy Bridge	    5.05/6.05/7.05+11.6	    13.0	+28%/36%/43%
+# Ivy Bridge	    5.05/6.05/7.05+10.3	    11.6	+32%/41%/50%
+# Haswell	    4.43/5.29/6.19+7.80	    8.79	+39%/49%/59%
+# Skylake	    2.62/3.14/3.62+7.70	    8.10	+27%/34%/40%
+# Bulldozer	    5.77/6.89/8.00+13.7	    13.7	+42%/50%/58%
+# Ryzen(***)	    2.71/-/3.71+2.05	    2.74/-/3.73	+74%/-/54%
+# Goldmont(***)	    3.82/-/5.35+4.16	    4.73/-/5.94	+69%/-/60%
+#
+# (*)	there are XOP, AVX1 and AVX2 code paths, meaning that
+#	Westmere is omitted from loop, this is because gain was not
+#	estimated high enough to justify the effort;
+# (**)	these are EVP-free results, results obtained with 'speed
+#	-evp aes-256-cbc-hmac-sha256' will vary by percent or two;
+# (***)	these are SHAEXT results;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=12);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=$avx;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$func="aesni_cbc_sha256_enc";
+$TABLE="K256";
+$SZ=4;
+@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
+				"%r8d","%r9d","%r10d","%r11d");
+($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%esi");
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+$rounds=64;
+
+########################################################################
+# void aesni_cbc_sha256_enc(const void *inp,
+#			void *out,
+#			size_t length,
+#			const AES_KEY *key,
+#			unsigned char *iv,
+#			SHA256_CTX *ctx,
+#			const void *in0);
+($inp,  $out,  $len,  $key,  $ivp, $ctx, $in0) =
+("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+$Tbl="%rbp";
+
+$_inp="16*$SZ+0*8(%rsp)";
+$_out="16*$SZ+1*8(%rsp)";
+$_end="16*$SZ+2*8(%rsp)";
+$_key="16*$SZ+3*8(%rsp)";
+$_ivp="16*$SZ+4*8(%rsp)";
+$_ctx="16*$SZ+5*8(%rsp)";
+$_in0="16*$SZ+6*8(%rsp)";
+$_rsp="16*$SZ+7*8(%rsp)";
+$framesz=16*$SZ+8*8;
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+.globl	$func
+.type	$func,\@abi-omnipotent
+.align	16
+$func:
+___
+						if ($avx) {
+$code.=<<___;
+	lea	OPENSSL_ia32cap_P(%rip),%r11
+	mov	\$1,%eax
+	cmp	\$0,`$win64?"%rcx":"%rdi"`
+	je	.Lprobe
+	mov	0(%r11),%eax
+	mov	4(%r11),%r10
+___
+$code.=<<___ if ($shaext);
+	bt	\$61,%r10			# check for SHA
+	jc	${func}_shaext
+___
+$code.=<<___;
+	mov	%r10,%r11
+	shr	\$32,%r11
+
+	test	\$`1<<11`,%r10d			# check for XOP
+	jnz	${func}_xop
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<8|1<<5|1<<3`,%r11d	# check for BMI2+AVX2+BMI1
+	cmp	\$`1<<8|1<<5|1<<3`,%r11d
+	je	${func}_avx2
+___
+$code.=<<___;
+	and	\$`1<<28`,%r10d			# check for AVX
+	jnz	${func}_avx
+	ud2
+___
+						}
+$code.=<<___;
+	xor	%eax,%eax
+	cmp	\$0,`$win64?"%rcx":"%rdi"`
+	je	.Lprobe
+	ud2
+.Lprobe:
+	ret
+.size	$func,.-$func
+
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
+	.long	0,0,0,0,   0,0,0,0
+	.asciz	"AESNI-CBC+SHA256 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+######################################################################
+# SIMD code paths
+#
+{{{
+($iv,$inout,$roundkey,$temp,
+ $mask10,$mask12,$mask14,$offload)=map("%xmm$_",(8..15));
+
+$aesni_cbc_idx=0;
+@aesni_cbc_block = (
+##	&vmovdqu	($roundkey,"0x00-0x80($inp)");'
+##	&vmovdqu	($inout,($inp));
+##	&mov		($_inp,$inp);
+
+	'&vpxor		($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x10-0x80($inp)");',
+
+	'&vpxor		($inout,$inout,$iv);',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x20-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x30-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x40-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x50-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x60-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x70-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x80-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x90-0x80($inp)");',
+
+	'&vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xa0-0x80($inp)");',
+
+	'&vaesenclast	($temp,$inout,$roundkey);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xb0-0x80($inp)");',
+
+	'&vpand		($iv,$temp,$mask10);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xc0-0x80($inp)");',
+
+	'&vaesenclast	($temp,$inout,$roundkey);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0xd0-0x80($inp)");',
+
+	'&vpand		($temp,$temp,$mask12);'.
+	' &vaesenc	($inout,$inout,$roundkey);'.
+	 '&vmovdqu	($roundkey,"0xe0-0x80($inp)");',
+
+	'&vpor		($iv,$iv,$temp);'.
+	' &vaesenclast	($temp,$inout,$roundkey);'.
+	' &vmovdqu	($roundkey,"0x00-0x80($inp)");'
+
+##	&mov		($inp,$_inp);
+##	&mov		($out,$_out);
+##	&vpand		($temp,$temp,$mask14);
+##	&vpor		($iv,$iv,$temp);
+##	&vmovdqu	($iv,($out,$inp);
+##	&lea		(inp,16($inp));
+);
+
+my $a4=$T1;
+my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&ror	($a0,$Sigma1[2]-$Sigma1[1])',
+	'&mov	($a,$a1)',
+	'&mov	($a4,$f)',
+
+	'&xor	($a0,$e)',
+	'&ror	($a1,$Sigma0[2]-$Sigma0[1])',
+	'&xor	($a4,$g)',			# f^g
+
+	'&ror	($a0,$Sigma1[1]-$Sigma1[0])',
+	'&xor	($a1,$a)',
+	'&and	($a4,$e)',			# (f^g)&e
+
+	@aesni_cbc_block[$aesni_cbc_idx++].
+	'&xor	($a0,$e)',
+	'&add	($h,$SZ*($i&15)."(%rsp)")',	# h+=X[i]+K[i]
+	'&mov	($a2,$a)',
+
+	'&ror	($a1,$Sigma0[1]-$Sigma0[0])',
+	'&xor	($a4,$g)',			# Ch(e,f,g)=((f^g)&e)^g
+	'&xor	($a2,$b)',			# a^b, b^c in next round
+
+	'&ror	($a0,$Sigma1[0])',		# Sigma1(e)
+	'&add	($h,$a4)',			# h+=Ch(e,f,g)
+	'&and	($a3,$a2)',			# (b^c)&(a^b)
+
+	'&xor	($a1,$a)',
+	'&add	($h,$a0)',			# h+=Sigma1(e)
+	'&xor	($a3,$b)',			# Maj(a,b,c)=Ch(a^b,c,b)
+
+	'&add	($d,$h)',			# d+=h
+	'&ror	($a1,$Sigma0[0])',		# Sigma0(a)
+	'&add	($h,$a3)',			# h+=Maj(a,b,c)
+
+	'&mov	($a0,$d)',
+	'&add	($a1,$h);'.			# h+=Sigma0(a)
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+}
+
+if ($avx) {{
+######################################################################
+# XOP code path
+#
+$code.=<<___;
+.type	${func}_xop,\@function,6
+.align	64
+${func}_xop:
+.Lxop_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	sub	\$`$framesz+$win64*16*10`,%rsp
+	and	\$-64,%rsp		# align stack frame
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	mov	$out,$_out
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%r11,$_rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_xop:
+	vzeroall
+
+	mov	$inp,%r12		# borrow $a4
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r13	# borrow $a0
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	sub	\$9,%r14
+
+	mov	$SZ*0(%r15),$A
+	mov	$SZ*1(%r15),$B
+	mov	$SZ*2(%r15),$C
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+
+	vmovdqa	0x00(%r13,%r14,8),$mask14
+	vmovdqa	0x10(%r13,%r14,8),$mask12
+	vmovdqa	0x20(%r13,%r14,8),$mask10
+	vmovdqu	0x00-0x80($inp),$roundkey
+	jmp	.Lloop_xop
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00(%rsi,%r12),@X[0]
+	vmovdqu	0x10(%rsi,%r12),@X[1]
+	vmovdqu	0x20(%rsi,%r12),@X[2]
+	vmovdqu	0x30(%rsi,%r12),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	vmovdqu	(%r12),$inout		# $a4
+	mov	%r12,$_inp		# $a4
+___
+sub XOP_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[3],@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrld		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddd	(@X[0],@X[0],$t3);	# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[3],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[3],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t0);	# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrldq	($t3,$t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[0],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[0],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpslldq	($t3,$t3,8);		# 22 instructions
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&XOP_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+    	&mov		("%r12",$_inp);		# borrow $a4
+	&vpand		($temp,$temp,$mask14);
+	&mov		("%r15",$_out);		# borrow $a2
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r12)",$iv);	# write output
+	&lea		("%r12","16(%r12)");	# inp++
+
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+	&vmovdqu	($inout,"(%r12)");
+	&mov		($_inp,"%r12");
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+					}
+$code.=<<___;
+	mov	$_inp,%r12		# borrow $a4
+	mov	$_out,%r13		# borrow $a0
+	mov	$_ctx,%r15		# borrow $a2
+	mov	$_in0,%rsi		# borrow $a3
+
+	vpand	$mask14,$temp,$temp
+	mov	$a1,$A
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r13,%r12)		# write output
+	lea	16(%r12),%r12		# inp++
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r12
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	jb	.Lloop_xop
+
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_xop:
+	ret
+.size	${func}_xop,.-${func}_xop
+___
+######################################################################
+# AVX+shrd code path
+#
+local *ror = sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	${func}_avx,\@function,6
+.align	64
+${func}_avx:
+.Lavx_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	sub	\$`$framesz+$win64*16*10`,%rsp
+	and	\$-64,%rsp		# align stack frame
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	mov	$out,$_out
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%r11,$_rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx:
+	vzeroall
+
+	mov	$inp,%r12		# borrow $a4
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r13	# borrow $a0
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	sub	\$9,%r14
+
+	mov	$SZ*0(%r15),$A
+	mov	$SZ*1(%r15),$B
+	mov	$SZ*2(%r15),$C
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+
+	vmovdqa	0x00(%r13,%r14,8),$mask14
+	vmovdqa	0x10(%r13,%r14,8),$mask12
+	vmovdqa	0x20(%r13,%r14,8),$mask10
+	vmovdqu	0x00-0x80($inp),$roundkey
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00(%rsi,%r12),@X[0]
+	vmovdqu	0x10(%rsi,%r12),@X[1]
+	vmovdqu	0x20(%rsi,%r12),@X[2]
+	vmovdqu	0x30(%rsi,%r12),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	vmovdqu	(%r12),$inout		# $a4
+	mov	%r12,$_inp		# $a4
+___
+sub Xupdate_256_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],$SZ)',	# X[9..12]
+	'&vpsrld	($t2,$t0,$sigma0[0]);',
+	 '&vpaddd	(@X[0],@X[0],$t3)',	# X[0..3] += X[9..12]
+	'&vpsrld	($t3,$t0,$sigma0[2])',
+	'&vpslld	($t1,$t0,8*$SZ-$sigma0[1]);',
+	'&vpxor		($t0,$t3,$t2)',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t1)',
+	'&vpslld	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t2)',
+	 '&vpsrld	($t2,$t3,$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..4])
+	 '&vpsrlq	($t3,$t3,$sigma1[0]);',
+	'&vpaddd	(@X[0],@X[0],$t0)',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',		# sigma1(X[14..15])
+	 '&vpshufd	($t2,$t2,0b10000100)',
+	 '&vpsrldq	($t2,$t2,8)',
+	'&vpaddd	(@X[0],@X[0],$t2)',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,$sigma1[2])',
+	 '&vpsrlq	($t3,$t3,$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufd	($t2,$t2,0b11101000)',
+	 '&vpslldq	($t2,$t2,8)',
+	'&vpaddd	(@X[0],@X[0],$t2)'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub AVX_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+    	&mov		("%r12",$_inp);		# borrow $a4
+	&vpand		($temp,$temp,$mask14);
+	&mov		("%r15",$_out);		# borrow $a2
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r12)",$iv);	# write output
+	&lea		("%r12","16(%r12)");	# inp++
+
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+	&vmovdqu	($inout,"(%r12)");
+	&mov		($_inp,"%r12");
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					}
+$code.=<<___;
+	mov	$_inp,%r12		# borrow $a4
+	mov	$_out,%r13		# borrow $a0
+	mov	$_ctx,%r15		# borrow $a2
+	mov	$_in0,%rsi		# borrow $a3
+
+	vpand	$mask14,$temp,$temp
+	mov	$a1,$A
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r13,%r12)		# write output
+	lea	16(%r12),%r12		# inp++
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r12
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+	jb	.Lloop_avx
+
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_avx:
+	ret
+.size	${func}_avx,.-${func}_avx
+___
+
+if ($avx>1) {{
+######################################################################
+# AVX2+BMI code path
+#
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp 
+my $PUSH8=8*2*$SZ;
+use integer;
+
+sub bodyx_00_15 () {
+	# at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&add	($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)',    # h+=X[i]+K[i]
+	'&and	($a4,$e)',		# f&e
+	'&rorx	($a0,$e,$Sigma1[2])',
+	'&rorx	($a2,$e,$Sigma1[1])',
+
+	'&lea	($a,"($a,$a1)")',	# h+=Sigma0(a) from the past
+	'&lea	($h,"($h,$a4)")',
+	'&andn	($a4,$e,$g)',		# ~e&g
+	'&xor	($a0,$a2)',
+
+	'&rorx	($a1,$e,$Sigma1[0])',
+	'&lea	($h,"($h,$a4)")',	# h+=Ch(e,f,g)=(e&f)+(~e&g)
+	'&xor	($a0,$a1)',		# Sigma1(e)
+	'&mov	($a2,$a)',
+
+	'&rorx	($a4,$a,$Sigma0[2])',
+	'&lea	($h,"($h,$a0)")',	# h+=Sigma1(e)
+	'&xor	($a2,$b)',		# a^b, b^c in next round
+	'&rorx	($a1,$a,$Sigma0[1])',
+
+	'&rorx	($a0,$a,$Sigma0[0])',
+	'&lea	($d,"($d,$h)")',	# d+=h
+	'&and	($a3,$a2)',		# (b^c)&(a^b)
+	@aesni_cbc_block[$aesni_cbc_idx++].
+	'&xor	($a1,$a4)',
+
+	'&xor	($a3,$b)',		# Maj(a,b,c)=Ch(a^b,c,b)
+	'&xor	($a1,$a0)',		# Sigma0(a)
+	'&lea	($h,"($h,$a3)");'.	# h+=Maj(a,b,c)
+	'&mov	($a4,$e)',		# copy of f in future
+
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+	# and at the finish one has to $a+=$a1
+}
+
+$code.=<<___;
+.type	${func}_avx2,\@function,6
+.align	64
+${func}_avx2:
+.Lavx2_shortcut:
+	mov	`($win64?56:8)`(%rsp),$in0	# load 7th parameter
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	sub	\$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp
+	and	\$-256*$SZ,%rsp		# align stack frame
+	add	\$`2*$SZ*($rounds-8)`,%rsp
+
+	shl	\$6,$len
+	sub	$inp,$out		# re-bias
+	sub	$inp,$in0
+	add	$inp,$len		# end of input
+
+	#mov	$inp,$_inp		# saved later
+	#mov	$out,$_out		# kept in $offload
+	mov	$len,$_end
+	#mov	$key,$_key		# remains resident in $inp register
+	mov	$ivp,$_ivp
+	mov	$ctx,$_ctx
+	mov	$in0,$_in0
+	mov	%r11,$_rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,`$framesz+16*0`(%rsp)
+	movaps	%xmm7,`$framesz+16*1`(%rsp)
+	movaps	%xmm8,`$framesz+16*2`(%rsp)
+	movaps	%xmm9,`$framesz+16*3`(%rsp)
+	movaps	%xmm10,`$framesz+16*4`(%rsp)
+	movaps	%xmm11,`$framesz+16*5`(%rsp)
+	movaps	%xmm12,`$framesz+16*6`(%rsp)
+	movaps	%xmm13,`$framesz+16*7`(%rsp)
+	movaps	%xmm14,`$framesz+16*8`(%rsp)
+	movaps	%xmm15,`$framesz+16*9`(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx2:
+	vzeroall
+
+	mov	$inp,%r13		# borrow $a0
+	vpinsrq	\$1,$out,$offload,$offload
+	lea	0x80($key),$inp		# size optimization, reassign
+	lea	$TABLE+`$SZ*2*$rounds+32`(%rip),%r12	# borrow $a4
+	mov	0xf0-0x80($inp),%r14d	# rounds, borrow $a1
+	mov	$ctx,%r15		# borrow $a2
+	mov	$in0,%rsi		# borrow $a3
+	vmovdqu	($ivp),$iv		# load IV
+	lea	-9(%r14),%r14
+
+	vmovdqa	0x00(%r12,%r14,8),$mask14
+	vmovdqa	0x10(%r12,%r14,8),$mask12
+	vmovdqa	0x20(%r12,%r14,8),$mask10
+
+	sub	\$-16*$SZ,%r13		# inp++, size optimization
+	mov	$SZ*0(%r15),$A
+	lea	(%rsi,%r13),%r12	# borrow $a0
+	mov	$SZ*1(%r15),$B
+	cmp	$len,%r13		# $_end
+	mov	$SZ*2(%r15),$C
+	cmove	%rsp,%r12		# next block or random data
+	mov	$SZ*3(%r15),$D
+	mov	$SZ*4(%r15),$E
+	mov	$SZ*5(%r15),$F
+	mov	$SZ*6(%r15),$G
+	mov	$SZ*7(%r15),$H
+	vmovdqu	0x00-0x80($inp),$roundkey
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%ymm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%ymm$_",(4..7));
+
+$code.=<<___;
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	-16*$SZ+0(%rsi,%r13),%xmm0
+	vmovdqu	-16*$SZ+16(%rsi,%r13),%xmm1
+	vmovdqu	-16*$SZ+32(%rsi,%r13),%xmm2
+	vmovdqu	-16*$SZ+48(%rsi,%r13),%xmm3
+
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	 vpshufb	$t3,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	 vpshufb	$t3,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[2],@X[2]
+	lea	-16*$SZ(%r13),%r13
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	mov	$B,$a3
+	vmovdqa	$t2,0x00(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x20(%rsp)
+	mov	$F,$a4
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+	vmovdqu	(%r13),$inout
+	vpinsrq	\$0,%r13,$offload,$offload
+___
+
+sub AVX2_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+    $aesni_cbc_idx=0;
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX2_256_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&vmovq		("%r13",$offload);	# borrow $a0
+	&vpextrq	("%r15",$offload,1);	# borrow $a2
+	&vpand		($temp,$temp,$mask14);
+	&vpor		($iv,$iv,$temp);
+	&vmovdqu	("(%r15,%r13)",$iv);	# write output
+	&lea		("%r13","16(%r13)");	# inp++
+
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+	&vmovdqu	($inout,"(%r13)");
+	&vpinsrq	($offload,$offload,"%r13",0);
+
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+					}
+$code.=<<___;
+	vpextrq	\$1,$offload,%r12		# $_out, borrow $a4
+	vmovq	$offload,%r13			# $_inp, borrow $a0
+	mov	`2*$SZ*$rounds+5*8`(%rsp),%r15	# $_ctx, borrow $a2
+	add	$a1,$A
+	lea	`2*$SZ*($rounds-8)`(%rsp),$Tbl
+
+	vpand	$mask14,$temp,$temp
+	vpor	$temp,$iv,$iv
+	vmovdqu	$iv,(%r12,%r13)			# write output
+	lea	16(%r13),%r13
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	add	$SZ*7(%r15),$H
+
+	mov	$A,$SZ*0(%r15)
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	cmp	`$PUSH8+2*8`($Tbl),%r13		# $_end
+	je	.Ldone_avx2
+
+	xor	$a1,$a1
+	mov	$B,$a3
+	mov	$F,$a4
+	xor	$C,$a3			# magic
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+	vmovdqu	(%r13),$inout
+	vpinsrq	\$0,%r13,$offload,$offload
+___
+    $aesni_cbc_idx=0;
+    for ($i=0; $i<16; ) {
+	my $base="+16($Tbl)";
+	foreach(bodyx_00_15()) { eval; }
+	&lea	($Tbl,"-$PUSH8($Tbl)")	if ($i==8);
+    }
+$code.=<<___;
+	vmovq	$offload,%r13			# borrow $a0
+	vpextrq	\$1,$offload,%r15		# borrow $a2
+	vpand	$mask14,$temp,$temp
+	vpor	$temp,$iv,$iv
+	lea	-$PUSH8($Tbl),$Tbl
+	vmovdqu	$iv,(%r15,%r13)			# write output
+	lea	16(%r13),%r13			# inp++
+	cmp	%rsp,$Tbl
+	jae	.Lower_avx2
+
+	mov	`2*$SZ*$rounds+5*8`(%rsp),%r15	# $_ctx, borrow $a2
+	lea	16*$SZ(%r13),%r13
+	mov	`2*$SZ*$rounds+6*8`(%rsp),%rsi	# $_in0, borrow $a3
+	add	$a1,$A
+	lea	`2*$SZ*($rounds-8)`(%rsp),%rsp
+
+	add	$SZ*0(%r15),$A
+	add	$SZ*1(%r15),$B
+	add	$SZ*2(%r15),$C
+	add	$SZ*3(%r15),$D
+	add	$SZ*4(%r15),$E
+	add	$SZ*5(%r15),$F
+	add	$SZ*6(%r15),$G
+	lea	(%rsi,%r13),%r12
+	add	$SZ*7(%r15),$H
+
+	cmp	$_end,%r13
+
+	mov	$A,$SZ*0(%r15)
+	cmove	%rsp,%r12		# next block or stale data
+	mov	$B,$SZ*1(%r15)
+	mov	$C,$SZ*2(%r15)
+	mov	$D,$SZ*3(%r15)
+	mov	$E,$SZ*4(%r15)
+	mov	$F,$SZ*5(%r15)
+	mov	$G,$SZ*6(%r15)
+	mov	$H,$SZ*7(%r15)
+
+	jbe	.Loop_avx2
+	lea	(%rsp),$Tbl
+
+.Ldone_avx2:
+	lea	($Tbl),%rsp
+	mov	$_ivp,$ivp
+	mov	$_rsp,%rsi
+	vmovdqu	$iv,($ivp)		# output IV
+	vzeroall
+___
+$code.=<<___ if ($win64);
+	movaps	`$framesz+16*0`(%rsp),%xmm6
+	movaps	`$framesz+16*1`(%rsp),%xmm7
+	movaps	`$framesz+16*2`(%rsp),%xmm8
+	movaps	`$framesz+16*3`(%rsp),%xmm9
+	movaps	`$framesz+16*4`(%rsp),%xmm10
+	movaps	`$framesz+16*5`(%rsp),%xmm11
+	movaps	`$framesz+16*6`(%rsp),%xmm12
+	movaps	`$framesz+16*7`(%rsp),%xmm13
+	movaps	`$framesz+16*8`(%rsp),%xmm14
+	movaps	`$framesz+16*9`(%rsp),%xmm15
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_avx2:
+	ret
+.size	${func}_avx2,.-${func}_avx2
+___
+}}
+}}
+{{
+my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
+
+my ($rounds,$Tbl)=("%r11d","%rbx");
+
+my ($iv,$in,$rndkey0)=map("%xmm$_",(6,14,15));
+my @rndkey=("%xmm4","%xmm5");
+my $r=0;
+my $sn=0;
+
+my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..3,7..9));
+my @MSG=map("%xmm$_",(10..13));
+
+my $aesenc=sub {
+  use integer;
+  my ($n,$k)=($r/10,$r%10);
+    if ($k==0) {
+      $code.=<<___;
+	movups		`16*$n`($in0),$in		# load input
+	xorps		$rndkey0,$in
+___
+      $code.=<<___ if ($n);
+	movups		$iv,`16*($n-1)`($out,$in0)	# write output
+___
+      $code.=<<___;
+	xorps		$in,$iv
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    } elsif ($k==9) {
+      $sn++;
+      $code.=<<___;
+	cmp		\$11,$rounds
+	jb		.Laesenclast$sn
+	movups		`32+16*($k+0)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+1)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+	je		.Laesenclast$sn
+	movups		`32+16*($k+2)-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+	movups		`32+16*($k+3)-112`($key),$rndkey[0]
+	aesenc		$rndkey[1],$iv
+.Laesenclast$sn:
+	aesenclast	$rndkey[0],$iv
+	movups		16-112($key),$rndkey[1]		# forward reference
+	nop
+___
+    } else {
+      $code.=<<___;
+	movups		`32+16*$k-112`($key),$rndkey[1]
+	aesenc		$rndkey[0],$iv
+___
+    }
+    $r++;	unshift(@rndkey,pop(@rndkey));
+};
+
+if ($shaext) {
+my $Tbl="%rax";
+
+$code.=<<___;
+.type	${func}_shaext,\@function,6
+.align	32
+${func}_shaext:
+	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
+___
+$code.=<<___ if ($win64);
+	lea	`-8-10*16`(%rsp),%rsp
+	movaps	%xmm6,-8-10*16(%rax)
+	movaps	%xmm7,-8-9*16(%rax)
+	movaps	%xmm8,-8-8*16(%rax)
+	movaps	%xmm9,-8-7*16(%rax)
+	movaps	%xmm10,-8-6*16(%rax)
+	movaps	%xmm11,-8-5*16(%rax)
+	movaps	%xmm12,-8-4*16(%rax)
+	movaps	%xmm13,-8-3*16(%rax)
+	movaps	%xmm14,-8-2*16(%rax)
+	movaps	%xmm15,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	lea		K256+0x80(%rip),$Tbl
+	movdqu		($ctx),$ABEF		# DCBA
+	movdqu		16($ctx),$CDGH		# HGFE
+	movdqa		0x200-0x80($Tbl),$TMP	# byte swap mask
+
+	mov		240($key),$rounds
+	sub		$in0,$out
+	movups		($key),$rndkey0		# $key[0]
+	movups		($ivp),$iv		# load IV
+	movups		16($key),$rndkey[0]	# forward reference
+	lea		112($key),$key		# size optimization
+
+	pshufd		\$0x1b,$ABEF,$Wi	# ABCD
+	pshufd		\$0xb1,$ABEF,$ABEF	# CDAB
+	pshufd		\$0x1b,$CDGH,$CDGH	# EFGH
+	movdqa		$TMP,$BSWAP		# offload
+	palignr		\$8,$CDGH,$ABEF		# ABEF
+	punpcklqdq	$Wi,$CDGH		# CDGH
+
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu		($inp),@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$TMP,@MSG[0]
+	movdqu		0x30($inp),@MSG[3]
+
+	movdqa		0*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	pshufb		$TMP,@MSG[1]
+	movdqa		$CDGH,$CDGH_SAVE	# offload
+	movdqa		$ABEF,$ABEF_SAVE	# offload
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 0-3
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		1*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	pshufb		$TMP,@MSG[2]
+	lea		0x40($inp),$inp
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 4-7
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		2*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	pshufb		$TMP,@MSG[3]
+	sha256msg1	@MSG[1],@MSG[0]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 8-11
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[3],$TMP
+	palignr		\$4,@MSG[2],$TMP
+	paddd		$TMP,@MSG[0]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		3*32-0x80($Tbl),$Wi
+	paddd		@MSG[3],$Wi
+	sha256msg2	@MSG[3],@MSG[0]
+	sha256msg1	@MSG[2],@MSG[1]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 12-15
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	movdqa		@MSG[0],$TMP
+	palignr		\$4,@MSG[3],$TMP
+	paddd		$TMP,@MSG[1]
+	sha256rnds2	$CDGH,$ABEF
+___
+for($i=4;$i<16-3;$i++) {
+	&$aesenc()	if (($r%10)==0);
+$code.=<<___;
+	movdqa		$i*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 16-19...
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	paddd		$TMP,@MSG[2]
+___
+	&$aesenc();
+	&$aesenc()	if ($r==19);
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+___
+	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqa		13*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 52-55
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	paddd		$TMP,@MSG[2]
+___
+	&$aesenc();
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		14*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	sha256msg2	@MSG[1],@MSG[2]
+	movdqa		$BSWAP,$TMP
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 56-59
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		15*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+___
+	&$aesenc();
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$ABEF,$CDGH		# 60-63
+	pshufd		\$0x0e,$Wi,$Wi
+___
+	&$aesenc();
+$code.=<<___;
+	sha256rnds2	$CDGH,$ABEF
+	#pxor		$CDGH,$rndkey0		# black magic
+___
+	while ($r<40)	{ &$aesenc(); }		# remaining aesenc's
+$code.=<<___;
+	#xorps		$CDGH,$rndkey0		# black magic
+	paddd		$CDGH_SAVE,$CDGH
+	paddd		$ABEF_SAVE,$ABEF
+
+	dec		$len
+	movups		$iv,48($out,$in0)	# write output
+	lea		64($in0),$in0
+	jnz		.Loop_shaext
+
+	pshufd		\$0xb1,$CDGH,$CDGH	# DCHG
+	pshufd		\$0x1b,$ABEF,$TMP	# FEBA
+	pshufd		\$0xb1,$ABEF,$ABEF	# BAFE
+	punpckhqdq	$CDGH,$ABEF		# DCBA
+	palignr		\$8,$TMP,$CDGH		# HGFE
+
+	movups		$iv,($ivp)		# write IV
+	movdqu		$ABEF,($ctx)
+	movdqu		$CDGH,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	0*16(%rsp),%xmm6
+	movaps	1*16(%rsp),%xmm7
+	movaps	2*16(%rsp),%xmm8
+	movaps	3*16(%rsp),%xmm9
+	movaps	4*16(%rsp),%xmm10
+	movaps	5*16(%rsp),%xmm11
+	movaps	6*16(%rsp),%xmm12
+	movaps	7*16(%rsp),%xmm13
+	movaps	8*16(%rsp),%xmm14
+	movaps	9*16(%rsp),%xmm15
+	lea	8+10*16(%rsp),%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	${func}_shaext,.-${func}_shaext
+___
+}
+}}}}}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64 && $avx) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HanderlData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+___
+$code.=<<___ if ($shaext);
+	lea	aesni_cbc_sha256_enc_shaext(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lnot_in_shaext
+
+	lea	(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	168(%rax),%rax		# adjust stack pointer
+	jmp	.Lin_prologue
+.Lnot_in_shaext:
+___
+$code.=<<___ if ($avx>1);
+	lea	.Lavx2_shortcut(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<avx2_shortcut
+	jb	.Lnot_in_avx2
+
+	and	\$-256*$SZ,%rax
+	add	\$`2*$SZ*($rounds-8)`,%rax
+.Lnot_in_avx2:
+___
+$code.=<<___;
+	mov	%rax,%rsi		# put aside Rsp
+	mov	16*$SZ+7*8(%rax),%rax	# pull $_rsp
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	16*$SZ+8*8(%rsi),%rsi	# Xmm6- save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+	.rva	.LSEH_begin_${func}_xop
+	.rva	.LSEH_end_${func}_xop
+	.rva	.LSEH_info_${func}_xop
+
+	.rva	.LSEH_begin_${func}_avx
+	.rva	.LSEH_end_${func}_avx
+	.rva	.LSEH_info_${func}_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_${func}_avx2
+	.rva	.LSEH_end_${func}_avx2
+	.rva	.LSEH_info_${func}_avx2
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_${func}_shaext
+	.rva	.LSEH_end_${func}_shaext
+	.rva	.LSEH_info_${func}_shaext
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_${func}_xop:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_xop,.Lepilogue_xop		# HandlerData[]
+
+.LSEH_info_${func}_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_${func}_avx2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_${func}_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+}
+
+####################################################################
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    unshift @opcode,$rex|0x40	if($rex);
+}
+
+{
+  my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+  sub sha256op38 {
+    my $instr = shift;
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+  }
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesni-x86.pl b/openssl-1.1.0h/crypto/aes/asm/aesni-x86.pl
new file mode 100644
index 0000000..ed1a47c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesni-x86.pl
@@ -0,0 +1,3413 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
+# details].
+#
+# Performance.
+#
+# To start with see corresponding paragraph in aesni-x86_64.pl...
+# Instead of filling table similar to one found there I've chosen to
+# summarize *comparison* results for raw ECB, CTR and CBC benchmarks.
+# The simplified table below represents 32-bit performance relative
+# to 64-bit one in every given point. Ratios vary for different
+# encryption modes, therefore interval values.
+#
+#	16-byte     64-byte     256-byte    1-KB        8-KB
+#	53-67%      67-84%      91-94%      95-98%      97-99.5%
+#
+# Lower ratios for smaller block sizes are perfectly understandable,
+# because function call overhead is higher in 32-bit mode. Largest
+# 8-KB block performance is virtually same: 32-bit code is less than
+# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise.
+
+# January 2011
+#
+# See aesni-x86_64.pl for details. Unlike x86_64 version this module
+# interleaves at most 6 aes[enc|dec] instructions, because there are
+# not enough registers for 8x interleave [which should be optimal for
+# Sandy Bridge]. Actually, performance results for 6x interleave
+# factor presented in aesni-x86_64.pl (except for CTR) are for this
+# module.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09.
+
+# November 2015
+#
+# Add aesni_ocb_[en|de]crypt.
+
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS	ECB	OCB
+# Westmere	3.77/1.37	1.37	1.52	1.27
+# * Bridge	5.07/0.98	0.99	1.09	0.91	1.10
+# Haswell	4.44/0.80	0.97	1.03	0.72	0.76
+# Silvermont	5.77/3.56	3.67	4.03	3.46	4.03
+# Bulldozer	5.80/0.98	1.05	1.24	0.93	1.23
+
+$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
+			# generates drop-in replacement for
+			# crypto/aes/asm/aes-586.pl:-)
+$inline=1;		# inline _aesni_[en|de]crypt
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],$0);
+
+&external_label("OPENSSL_ia32cap_P");
+&static_label("key_const");
+
+if ($PREFIX eq "aesni")	{ $movekey=\&movups; }
+else			{ $movekey=\&movups; }
+
+$len="eax";
+$rounds="ecx";
+$key="edx";
+$inp="esi";
+$out="edi";
+$rounds_="ebx";	# backup copy for $rounds
+$key_="ebp";	# backup copy for $key
+
+$rndkey0="xmm0";
+$rndkey1="xmm1";
+$inout0="xmm2";
+$inout1="xmm3";
+$inout2="xmm4";
+$inout3="xmm5";	$in1="xmm5";
+$inout4="xmm6";	$in0="xmm6";
+$inout5="xmm7";	$ivec="xmm7";
+
+# AESNI extension
+sub aeskeygenassist
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm);	}
+}
+sub aescommon
+{ my($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);}
+}
+sub aesimc	{ aescommon(0xdb,@_); }
+sub aesenc	{ aescommon(0xdc,@_); }
+sub aesenclast	{ aescommon(0xdd,@_); }
+sub aesdec	{ aescommon(0xde,@_); }
+sub aesdeclast	{ aescommon(0xdf,@_); }
+
+# Inline version of internal aesni_[en|de]crypt1
+{ my $sn;
+sub aesni_inline_generate1
+{ my ($p,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout));
+  $sn++;
+
+    &$movekey		($rndkey0,&QWP(0,$key));
+    &$movekey		($rndkey1,&QWP(16,$key));
+    &xorps		($ivec,$rndkey0)	if (defined($ivec));
+    &lea		($key,&DWP(32,$key));
+    &xorps		($inout,$ivec)		if (defined($ivec));
+    &xorps		($inout,$rndkey0)	if (!defined($ivec));
+    &set_label("${p}1_loop_$sn");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&dec		($rounds);
+	&$movekey	($rndkey1,&QWP(0,$key));
+	&lea		($key,&DWP(16,$key));
+    &jnz		(&label("${p}1_loop_$sn"));
+    eval"&aes${p}last	($inout,$rndkey1)";
+}}
+
+sub aesni_generate1	# fully unrolled loop
+{ my ($p,$inout)=@_; $inout=$inout0 if (!defined($inout));
+
+    &function_begin_B("_aesni_${p}rypt1");
+	&movups		($rndkey0,&QWP(0,$key));
+	&$movekey	($rndkey1,&QWP(0x10,$key));
+	&xorps		($inout,$rndkey0);
+	&$movekey	($rndkey0,&QWP(0x20,$key));
+	&lea		($key,&DWP(0x30,$key));
+	&cmp		($rounds,11);
+	&jb		(&label("${p}128"));
+	&lea		($key,&DWP(0x20,$key));
+	&je		(&label("${p}192"));
+	&lea		($key,&DWP(0x20,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(-0x40,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-0x30,$key));
+    &set_label("${p}192");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(-0x20,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-0x10,$key));
+    &set_label("${p}128");
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x10,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x20,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x30,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x40,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x50,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0x60,$key));
+	eval"&aes${p}	($inout,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(0x70,$key));
+	eval"&aes${p}	($inout,$rndkey1)";
+    eval"&aes${p}last	($inout,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt1");
+}
+
+# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("enc") if (!$inline);
+&function_begin_B("${PREFIX}_encrypt");
+	&mov	("eax",&wparam(0));
+	&mov	($key,&wparam(2));
+	&movups	($inout0,&QWP(0,"eax"));
+	&mov	($rounds,&DWP(240,$key));
+	&mov	("eax",&wparam(1));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&pxor	($rndkey0,$rndkey0);		# clear register bank
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,"eax"),$inout0);
+	&pxor	($inout0,$inout0);
+	&ret	();
+&function_end_B("${PREFIX}_encrypt");
+
+# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("dec") if(!$inline);
+&function_begin_B("${PREFIX}_decrypt");
+	&mov	("eax",&wparam(0));
+	&mov	($key,&wparam(2));
+	&movups	($inout0,&QWP(0,"eax"));
+	&mov	($rounds,&DWP(240,$key));
+	&mov	("eax",&wparam(1));
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&pxor	($rndkey0,$rndkey0);		# clear register bank
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,"eax"),$inout0);
+	&pxor	($inout0,$inout0);
+	&ret	();
+&function_end_B("${PREFIX}_decrypt");
+
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it originally made no sense to implement 2x subroutine.
+# But times change and it became appropriate to spend extra 192 bytes
+# on 2x subroutine on Atom Silvermont account. For processors that
+# can schedule aes[enc|dec] every cycle optimal interleave factor
+# equals to corresponding instructions latency. 8x is optimal for
+# * Bridge, but it's unfeasible to accommodate such implementation
+# in XMM registers addreassable in 32-bit mode and therefore maximum
+# of 6x is used instead...
+
+sub aesni_generate2
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt2");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&add		($rounds,16);
+
+    &set_label("${p}2_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("${p}2_loop"));
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt2");
+}
+
+sub aesni_generate3
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt3");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&add		($rounds,16);
+
+    &set_label("${p}3_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("${p}3_loop"));
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt3");
+}
+
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement  would be <20%,
+# so it's not worth it...
+sub aesni_generate4
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt4");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&shl		($rounds,4);
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&$movekey	($rndkey0,&QWP(32,$key));
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	&data_byte	(0x0f,0x1f,0x40,0x00);
+	&add		($rounds,16);
+
+    &set_label("${p}4_loop");
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+	eval"&aes${p}	($inout3,$rndkey1)";
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	eval"&aes${p}	($inout3,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+    &jnz		(&label("${p}4_loop"));
+
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}	($inout3,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    eval"&aes${p}last	($inout3,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt4");
+}
+
+sub aesni_generate6
+{ my $p=shift;
+
+    &function_begin_B("_aesni_${p}rypt6");
+    &static_label("_aesni_${p}rypt6_enter");
+	&$movekey	($rndkey0,&QWP(0,$key));
+	&shl		($rounds,4);
+	&$movekey	($rndkey1,&QWP(16,$key));
+	&xorps		($inout0,$rndkey0);
+	&pxor		($inout1,$rndkey0);	# pxor does better here
+	&pxor		($inout2,$rndkey0);
+	eval"&aes${p}	($inout0,$rndkey1)";
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+	eval"&aes${p}	($inout1,$rndkey1)";
+	&lea		($key,&DWP(32,$key,$rounds));
+	&neg		($rounds);
+	eval"&aes${p}	($inout2,$rndkey1)";
+	&pxor		($inout5,$rndkey0);
+	&$movekey	($rndkey0,&QWP(0,$key,$rounds));
+	&add		($rounds,16);
+	&jmp		(&label("_aesni_${p}rypt6_inner"));
+
+    &set_label("${p}6_loop",16);
+	eval"&aes${p}	($inout0,$rndkey1)";
+	eval"&aes${p}	($inout1,$rndkey1)";
+	eval"&aes${p}	($inout2,$rndkey1)";
+    &set_label("_aesni_${p}rypt6_inner");
+	eval"&aes${p}	($inout3,$rndkey1)";
+	eval"&aes${p}	($inout4,$rndkey1)";
+	eval"&aes${p}	($inout5,$rndkey1)";
+    &set_label("_aesni_${p}rypt6_enter");
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	eval"&aes${p}	($inout0,$rndkey0)";
+	eval"&aes${p}	($inout1,$rndkey0)";
+	eval"&aes${p}	($inout2,$rndkey0)";
+	eval"&aes${p}	($inout3,$rndkey0)";
+	eval"&aes${p}	($inout4,$rndkey0)";
+	eval"&aes${p}	($inout5,$rndkey0)";
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+    &jnz		(&label("${p}6_loop"));
+
+    eval"&aes${p}	($inout0,$rndkey1)";
+    eval"&aes${p}	($inout1,$rndkey1)";
+    eval"&aes${p}	($inout2,$rndkey1)";
+    eval"&aes${p}	($inout3,$rndkey1)";
+    eval"&aes${p}	($inout4,$rndkey1)";
+    eval"&aes${p}	($inout5,$rndkey1)";
+    eval"&aes${p}last	($inout0,$rndkey0)";
+    eval"&aes${p}last	($inout1,$rndkey0)";
+    eval"&aes${p}last	($inout2,$rndkey0)";
+    eval"&aes${p}last	($inout3,$rndkey0)";
+    eval"&aes${p}last	($inout4,$rndkey0)";
+    eval"&aes${p}last	($inout5,$rndkey0)";
+    &ret();
+    &function_end_B("_aesni_${p}rypt6");
+}
+&aesni_generate2("enc") if ($PREFIX eq "aesni");
+&aesni_generate2("dec");
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+
+if ($PREFIX eq "aesni") {
+######################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+#                         size_t length, const AES_KEY *key,
+#                         int enc);
+&function_begin("aesni_ecb_encrypt");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&and	($len,-16);
+	&jz	(&label("ecb_ret"));
+	&mov	($rounds,&DWP(240,$key));
+	&test	($rounds_,$rounds_);
+	&jz	(&label("ecb_decrypt"));
+
+	&mov	($key_,$key);		# backup $key
+	&mov	($rounds_,$rounds);	# backup $rounds
+	&cmp	($len,0x60);
+	&jb	(&label("ecb_enc_tail"));
+
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&sub	($len,0x60);
+	&jmp	(&label("ecb_enc_loop6_enter"));
+
+&set_label("ecb_enc_loop6",16);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+&set_label("ecb_enc_loop6_enter");
+
+	&call	("_aesni_encrypt6");
+
+	&mov	($key,$key_);		# restore $key
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&sub	($len,0x60);
+	&jnc	(&label("ecb_enc_loop6"));
+
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&add	($len,0x60);
+	&jz	(&label("ecb_ret"));
+
+&set_label("ecb_enc_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&cmp	($len,0x20);
+	&jb	(&label("ecb_enc_one"));
+	&movups	($inout1,&QWP(0x10,$inp));
+	&je	(&label("ecb_enc_two"));
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x40);
+	&jb	(&label("ecb_enc_three"));
+	&movups	($inout3,&QWP(0x30,$inp));
+	&je	(&label("ecb_enc_four"));
+	&movups	($inout4,&QWP(0x40,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_encrypt6");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&movups	(&QWP(0,$out),$inout0);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_two",16);
+	&call	("_aesni_encrypt2");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_three",16);
+	&call	("_aesni_encrypt3");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_enc_four",16);
+	&call	("_aesni_encrypt4");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&jmp	(&label("ecb_ret"));
+######################################################################
+&set_label("ecb_decrypt",16);
+	&mov	($key_,$key);		# backup $key
+	&mov	($rounds_,$rounds);	# backup $rounds
+	&cmp	($len,0x60);
+	&jb	(&label("ecb_dec_tail"));
+
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&sub	($len,0x60);
+	&jmp	(&label("ecb_dec_loop6_enter"));
+
+&set_label("ecb_dec_loop6",16);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+&set_label("ecb_dec_loop6_enter");
+
+	&call	("_aesni_decrypt6");
+
+	&mov	($key,$key_);		# restore $key
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&sub	($len,0x60);
+	&jnc	(&label("ecb_dec_loop6"));
+
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+	&add	($len,0x60);
+	&jz	(&label("ecb_ret"));
+
+&set_label("ecb_dec_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&cmp	($len,0x20);
+	&jb	(&label("ecb_dec_one"));
+	&movups	($inout1,&QWP(0x10,$inp));
+	&je	(&label("ecb_dec_two"));
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x40);
+	&jb	(&label("ecb_dec_three"));
+	&movups	($inout3,&QWP(0x30,$inp));
+	&je	(&label("ecb_dec_four"));
+	&movups	($inout4,&QWP(0x40,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_decrypt6");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&movups	(&QWP(0,$out),$inout0);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_two",16);
+	&call	("_aesni_decrypt2");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_three",16);
+	&call	("_aesni_decrypt3");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ecb_ret"));
+
+&set_label("ecb_dec_four",16);
+	&call	("_aesni_decrypt4");
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+
+&set_label("ecb_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ecb_encrypt");
+
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{ my $cmac=$inout1;
+&function_begin("aesni_ccm64_encrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($rounds,&wparam(5));
+	&mov	($key_,"esp");
+	&sub	("esp",60);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(48,"esp"),$key_);
+
+	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
+	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
+	&mov	($rounds,&DWP(240,$key));
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds_,1);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds_);
+	&mov	(&DWP(20,"esp"),$key_);
+	&mov	(&DWP(24,"esp"),$key_);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&lea	($key_,&DWP(0,$key));
+	&movdqa	($inout3,&QWP(0,"esp"));
+	&movdqa	($inout0,$ivec);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&sub	($rounds_,$rounds);
+	&pshufb	($ivec,$inout3);
+
+&set_label("ccm64_enc_outer");
+	&$movekey	($rndkey0,&QWP(0,$key_));
+	&mov		($rounds,$rounds_);
+	&movups		($in0,&QWP(0,$inp));
+
+	&xorps		($inout0,$rndkey0);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&xorps		($rndkey0,$in0);
+	&xorps		($cmac,$rndkey0);		# cmac^=inp
+	&$movekey	($rndkey0,&QWP(32,$key_));
+
+&set_label("ccm64_enc2_loop");
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	&aesenc		($inout0,$rndkey0);
+	&aesenc		($cmac,$rndkey0);
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("ccm64_enc2_loop"));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&paddq		($ivec,&QWP(16,"esp"));
+	&dec		($len);
+	&aesenclast	($inout0,$rndkey0);
+	&aesenclast	($cmac,$rndkey0);
+
+	&lea	($inp,&DWP(16,$inp));
+	&xorps	($in0,$inout0);			# inp^=E(ivec)
+	&movdqa	($inout0,$ivec);
+	&movups	(&QWP(0,$out),$in0);		# save output
+	&pshufb	($inout0,$inout3);
+	&lea	($out,&DWP(16,$out));
+	&jnz	(&label("ccm64_enc_outer"));
+
+	&mov	("esp",&DWP(48,"esp"));
+	&mov	($out,&wparam(5));
+	&movups	(&QWP(0,$out),$cmac);
+
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ccm64_encrypt_blocks");
+
+&function_begin("aesni_ccm64_decrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($rounds,&wparam(5));
+	&mov	($key_,"esp");
+	&sub	("esp",60);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(48,"esp"),$key_);
+
+	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
+	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
+	&mov	($rounds,&DWP(240,$key));
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds_,1);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds_);
+	&mov	(&DWP(20,"esp"),$key_);
+	&mov	(&DWP(24,"esp"),$key_);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&movdqa	($inout3,&QWP(0,"esp"));	# bswap mask
+	&movdqa	($inout0,$ivec);
+
+	&mov	($key_,$key);
+	&mov	($rounds_,$rounds);
+
+	&pshufb	($ivec,$inout3);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&shl	($rounds_,4);
+	&mov	($rounds,16);
+	&movups	($in0,&QWP(0,$inp));		# load inp
+	&paddq	($ivec,&QWP(16,"esp"));
+	&lea	($inp,&QWP(16,$inp));
+	&sub	($rounds,$rounds_);
+	&lea	($key,&DWP(32,$key_,$rounds_));
+	&mov	($rounds_,$rounds);
+	&jmp	(&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_outer",16);
+	&xorps	($in0,$inout0);			# inp ^= E(ivec)
+	&movdqa	($inout0,$ivec);
+	&movups	(&QWP(0,$out),$in0);		# save output
+	&lea	($out,&DWP(16,$out));
+	&pshufb	($inout0,$inout3);
+
+	&sub	($len,1);
+	&jz	(&label("ccm64_dec_break"));
+
+	&$movekey	($rndkey0,&QWP(0,$key_));
+	&mov		($rounds,$rounds_);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&xorps		($in0,$rndkey0);
+	&xorps		($inout0,$rndkey0);
+	&xorps		($cmac,$in0);		# cmac^=out
+	&$movekey	($rndkey0,&QWP(32,$key_));
+
+&set_label("ccm64_dec2_loop");
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&$movekey	($rndkey1,&QWP(0,$key,$rounds));
+	&add		($rounds,32);
+	&aesenc		($inout0,$rndkey0);
+	&aesenc		($cmac,$rndkey0);
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&jnz		(&label("ccm64_dec2_loop"));
+	&movups		($in0,&QWP(0,$inp));	# load inp
+	&paddq		($ivec,&QWP(16,"esp"));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($cmac,$rndkey1);
+	&aesenclast	($inout0,$rndkey0);
+	&aesenclast	($cmac,$rndkey0);
+	&lea		($inp,&QWP(16,$inp));
+	&jmp	(&label("ccm64_dec_outer"));
+
+&set_label("ccm64_dec_break",16);
+	&mov	($rounds,&DWP(240,$key_));
+	&mov	($key,$key_);
+	if ($inline)
+	{   &aesni_inline_generate1("enc",$cmac,$in0);	}
+	else
+	{   &call	("_aesni_encrypt1",$cmac);	}
+
+	&mov	("esp",&DWP(48,"esp"));
+	&mov	($out,&wparam(5));
+	&movups	(&QWP(0,$out),$cmac);
+
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+&function_end("aesni_ccm64_decrypt_blocks");
+}
+
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see crypto/modes/ctr128.c for details)
+#
+# stack layout:
+#	0	pshufb mask
+#	16	vector addend: 0,6,6,6
+# 	32	counter-less ivec
+#	48	1st triplet of counter vector
+#	64	2nd triplet of counter vector
+#	80	saved %esp
+
+&function_begin("aesni_ctr32_encrypt_blocks");
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&mov	($rounds_,&wparam(4));
+	&mov	($key_,"esp");
+	&sub	("esp",88);
+	&and	("esp",-16);			# align stack
+	&mov	(&DWP(80,"esp"),$key_);
+
+	&cmp	($len,1);
+	&je	(&label("ctr32_one_shortcut"));
+
+	&movdqu	($inout5,&QWP(0,$rounds_));	# load ivec
+
+	# compose byte-swap control mask for pshufb on stack
+	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
+	&mov	(&DWP(4,"esp"),0x08090a0b);
+	&mov	(&DWP(8,"esp"),0x04050607);
+	&mov	(&DWP(12,"esp"),0x00010203);
+
+	# compose counter increment vector on stack
+	&mov	($rounds,6);
+	&xor	($key_,$key_);
+	&mov	(&DWP(16,"esp"),$rounds);
+	&mov	(&DWP(20,"esp"),$rounds);
+	&mov	(&DWP(24,"esp"),$rounds);
+	&mov	(&DWP(28,"esp"),$key_);
+
+	&pextrd	($rounds_,$inout5,3);		# pull 32-bit counter
+	&pinsrd	($inout5,$key_,3);		# wipe 32-bit counter
+
+	&mov	($rounds,&DWP(240,$key));	# key->rounds
+
+	# compose 2 vectors of 3x32-bit counters
+	&bswap	($rounds_);
+	&pxor	($rndkey0,$rndkey0);
+	&pxor	($rndkey1,$rndkey1);
+	&movdqa	($inout0,&QWP(0,"esp"));	# load byte-swap mask
+	&pinsrd	($rndkey0,$rounds_,0);
+	&lea	($key_,&DWP(3,$rounds_));
+	&pinsrd	($rndkey1,$key_,0);
+	&inc	($rounds_);
+	&pinsrd	($rndkey0,$rounds_,1);
+	&inc	($key_);
+	&pinsrd	($rndkey1,$key_,1);
+	&inc	($rounds_);
+	&pinsrd	($rndkey0,$rounds_,2);
+	&inc	($key_);
+	&pinsrd	($rndkey1,$key_,2);
+	&movdqa	(&QWP(48,"esp"),$rndkey0);	# save 1st triplet
+	&pshufb	($rndkey0,$inout0);		# byte swap
+	&movdqu	($inout4,&QWP(0,$key));		# key[0]
+	&movdqa	(&QWP(64,"esp"),$rndkey1);	# save 2nd triplet
+	&pshufb	($rndkey1,$inout0);		# byte swap
+
+	&pshufd	($inout0,$rndkey0,3<<6);	# place counter to upper dword
+	&pshufd	($inout1,$rndkey0,2<<6);
+	&cmp	($len,6);
+	&jb	(&label("ctr32_tail"));
+	&pxor	($inout5,$inout4);		# counter-less ivec^key[0]
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&movdqa	(&QWP(32,"esp"),$inout5);	# save counter-less ivec^key[0]
+	&mov	($key_,$key);			# backup $key
+	&sub	($rounds_,$rounds);		# backup twisted $rounds
+	&lea	($key,&DWP(32,$key,$rounds));
+	&sub	($len,6);
+	&jmp	(&label("ctr32_loop6"));
+
+&set_label("ctr32_loop6",16);
+	# inlining _aesni_encrypt6's prologue gives ~6% improvement...
+	&pshufd	($inout2,$rndkey0,1<<6);
+	&movdqa	($rndkey0,&QWP(32,"esp"));	# pull counter-less ivec
+	&pshufd	($inout3,$rndkey1,3<<6);
+	&pxor		($inout0,$rndkey0);	# merge counter-less ivec
+	&pshufd	($inout4,$rndkey1,2<<6);
+	&pxor		($inout1,$rndkey0);
+	&pshufd	($inout5,$rndkey1,1<<6);
+	&$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&aesenc		($inout0,$rndkey1);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($inout5,$rndkey0);
+	&aesenc		($inout1,$rndkey1);
+	&$movekey	($rndkey0,&QWP(32,$key_));
+	&mov		($rounds,$rounds_);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&call		(&label("_aesni_encrypt6_enter"));
+
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout1,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movdqa	($rndkey0,&QWP(16,"esp"));	# load increment
+	&xorps	($inout2,$rndkey1);
+	&movdqa	($rndkey1,&QWP(64,"esp"));	# load 2nd triplet
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+
+	&paddd	($rndkey1,$rndkey0);		# 2nd triplet increment
+	&paddd	($rndkey0,&QWP(48,"esp"));	# 1st triplet increment
+	&movdqa	($inout0,&QWP(0,"esp"));	# load byte swap mask
+
+	&movups	($inout1,&QWP(0x30,$inp));
+	&movups	($inout2,&QWP(0x40,$inp));
+	&xorps	($inout3,$inout1);
+	&movups	($inout1,&QWP(0x50,$inp));
+	&lea	($inp,&DWP(0x60,$inp));
+	&movdqa	(&QWP(48,"esp"),$rndkey0);	# save 1st triplet
+	&pshufb	($rndkey0,$inout0);		# byte swap
+	&xorps	($inout4,$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&xorps	($inout5,$inout1);
+	&movdqa	(&QWP(64,"esp"),$rndkey1);	# save 2nd triplet
+	&pshufb	($rndkey1,$inout0);		# byte swap
+	&movups	(&QWP(0x40,$out),$inout4);
+	&pshufd	($inout0,$rndkey0,3<<6);
+	&movups	(&QWP(0x50,$out),$inout5);
+	&lea	($out,&DWP(0x60,$out));
+
+	&pshufd	($inout1,$rndkey0,2<<6);
+	&sub	($len,6);
+	&jnc	(&label("ctr32_loop6"));
+
+	&add	($len,6);
+	&jz	(&label("ctr32_ret"));
+	&movdqu	($inout5,&QWP(0,$key_));
+	&mov	($key,$key_);
+	&pxor	($inout5,&QWP(32,"esp"));	# restore count-less ivec
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+
+&set_label("ctr32_tail");
+	&por	($inout0,$inout5);
+	&cmp	($len,2);
+	&jb	(&label("ctr32_one"));
+
+	&pshufd	($inout2,$rndkey0,1<<6);
+	&por	($inout1,$inout5);
+	&je	(&label("ctr32_two"));
+
+	&pshufd	($inout3,$rndkey1,3<<6);
+	&por	($inout2,$inout5);
+	&cmp	($len,4);
+	&jb	(&label("ctr32_three"));
+
+	&pshufd	($inout4,$rndkey1,2<<6);
+	&por	($inout3,$inout5);
+	&je	(&label("ctr32_four"));
+
+	&por	($inout4,$inout5);
+	&call	("_aesni_encrypt6");
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout1,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout2,$rndkey1);
+	&movups	($rndkey1,&QWP(0x40,$inp));
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout4,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&movups	(&QWP(0x40,$out),$inout4);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_one_shortcut",16);
+	&movups	($inout0,&QWP(0,$rounds_));	# load ivec
+	&mov	($rounds,&DWP(240,$key));
+	
+&set_label("ctr32_one");
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&movups	($in0,&QWP(0,$inp));
+	&xorps	($in0,$inout0);
+	&movups	(&QWP(0,$out),$in0);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_two",16);
+	&call	("_aesni_encrypt2");
+	&movups	($inout3,&QWP(0,$inp));
+	&movups	($inout4,&QWP(0x10,$inp));
+	&xorps	($inout0,$inout3);
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_three",16);
+	&call	("_aesni_encrypt3");
+	&movups	($inout3,&QWP(0,$inp));
+	&movups	($inout4,&QWP(0x10,$inp));
+	&xorps	($inout0,$inout3);
+	&movups	($inout5,&QWP(0x20,$inp));
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&jmp	(&label("ctr32_ret"));
+
+&set_label("ctr32_four",16);
+	&call	("_aesni_encrypt4");
+	&movups	($inout4,&QWP(0,$inp));
+	&movups	($inout5,&QWP(0x10,$inp));
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout0,$inout4);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout1,$inout5);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+
+&set_label("ctr32_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(32,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(48,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(64,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&mov	("esp",&DWP(80,"esp"));
+&function_end("aesni_ctr32_encrypt_blocks");
+
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2
+#	const unsigned char iv[16]);
+#
+{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1);
+
+&function_begin("aesni_xts_encrypt");
+	&mov	($key,&wparam(4));		# key2
+	&mov	($inp,&wparam(5));		# clear-text tweak
+
+	&mov	($rounds,&DWP(240,$key));	# key2->rounds
+	&movups	($inout0,&QWP(0,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));		# key1
+
+	&mov	($key_,"esp");
+	&sub	("esp",16*7+8);
+	&mov	($rounds,&DWP(240,$key));	# key1->rounds
+	&and	("esp",-16);			# align stack
+
+	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
+	&mov	(&DWP(16*6+4,"esp"),0);
+	&mov	(&DWP(16*6+8,"esp"),1);
+	&mov	(&DWP(16*6+12,"esp"),0);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
+	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
+
+	&movdqa	($tweak,$inout0);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+
+	&and	($len,-16);
+	&mov	($key_,$key);			# backup $key
+	&mov	($rounds_,$rounds);		# backup $rounds
+	&sub	($len,16*6);
+	&jc	(&label("xts_enc_short"));
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&sub	($rounds_,$rounds);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&jmp	(&label("xts_enc_loop6"));
+
+&set_label("xts_enc_loop6",16);
+	for ($i=0;$i<4;$i++) {
+	    &pshufd	($twres,$twtmp,0x13);
+	    &pxor	($twtmp,$twtmp);
+	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
+	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
+	    &pand	($twres,$twmask);	# isolate carry and residue
+	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
+	    &pxor	($tweak,$twres);
+	}
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	 &$movekey	($rndkey0,&QWP(0,$key_));
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	 &movups	($inout0,&QWP(0,$inp));	# load input
+	&pxor	($inout5,$tweak);
+
+	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+	&mov	($rounds,$rounds_);		# restore $rounds
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	 &pxor		($inout1,$rndkey0);
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	 &pxor		($inout2,$rndkey0);
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	 &pxor		($inout3,$rndkey0);
+	&movdqu	($rndkey1,&QWP(16*5,$inp));
+	 &pxor		($inout4,$rndkey0);
+	&lea	($inp,&DWP(16*6,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
+	&pxor	($inout5,$rndkey1);
+
+	 &$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	 &aesenc	($inout0,$rndkey1);
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&pxor	($inout4,&QWP(16*4,"esp"));
+	 &aesenc	($inout1,$rndkey1);
+	&pxor		($inout5,$rndkey0);
+	 &$movekey	($rndkey0,&QWP(32,$key_));
+	 &aesenc	($inout2,$rndkey1);
+	 &aesenc	($inout3,$rndkey1);
+	 &aesenc	($inout4,$rndkey1);
+	 &aesenc	($inout5,$rndkey1);
+	&call		(&label("_aesni_encrypt6_enter"));
+
+	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
+       &pxor	($twtmp,$twtmp);
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*2,$out),$inout2);
+	&xorps	($inout4,&QWP(16*4,"esp"));
+	&movups	(&QWP(16*3,$out),$inout3);
+	&xorps	($inout5,$tweak);
+	&movups	(&QWP(16*4,$out),$inout4);
+       &pshufd	($twres,$twtmp,0x13);
+	&movups	(&QWP(16*5,$out),$inout5);
+	&lea	($out,&DWP(16*6,$out));
+       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
+
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+	&sub	($len,16*6);
+	&jnc	(&label("xts_enc_loop6"));
+
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds_,$rounds);
+
+&set_label("xts_enc_short");
+	&add	($len,16*6);
+	&jz	(&label("xts_enc_done6x"));
+
+	&movdqa	($inout3,$tweak);		# put aside previous tweak
+	&cmp	($len,0x20);
+	&jb	(&label("xts_enc_one"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&je	(&label("xts_enc_two"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&cmp	($len,0x40);
+	&jb	(&label("xts_enc_three"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout5,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&movdqa	(&QWP(16*0,"esp"),$inout3);
+	&movdqa	(&QWP(16*1,"esp"),$inout4);
+	&je	(&label("xts_enc_four"));
+
+	&movdqa	(&QWP(16*2,"esp"),$inout5);
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*3,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	&pxor	($inout5,$tweak);
+
+	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	&lea	($inp,&DWP(16*5,$inp));
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
+	&pxor	($inout4,$inout5);
+
+	&call	("_aesni_encrypt6");
+
+	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout4,$tweak);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&movups	(&QWP(16*4,$out),$inout4);
+	&lea	($out,&DWP(16*5,$out));
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_one",16);
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&lea	($inp,&DWP(16*1,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&lea	($out,&DWP(16*1,$out));
+
+	&movdqa	($tweak,$inout3);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_two",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&lea	($inp,&DWP(16*2,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+
+	&call	("_aesni_encrypt2");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&lea	($out,&DWP(16*2,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_three",16);
+	&movaps	($inout5,$tweak);		# put aside last tweak
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&lea	($inp,&DWP(16*3,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+
+	&call	("_aesni_encrypt3");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&lea	($out,&DWP(16*3,$out));
+
+	&movdqa	($tweak,$inout5);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_four",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movups	($inout3,&QWP(16*3,$inp));
+	&lea	($inp,&DWP(16*4,$inp));
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&xorps	($inout3,$inout4);
+
+	&call	("_aesni_encrypt4");
+
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,$inout4);
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&lea	($out,&DWP(16*4,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_enc_done"));
+
+&set_label("xts_enc_done6x",16);		# $tweak is pre-calculated
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&and	($len,15);
+	&jz	(&label("xts_enc_ret"));
+	&movdqa	($inout3,$tweak);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&jmp	(&label("xts_enc_steal"));
+
+&set_label("xts_enc_done",16);
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&pxor	($twtmp,$twtmp);
+	&and	($len,15);
+	&jz	(&label("xts_enc_ret"));
+
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&pshufd	($inout3,$twtmp,0x13);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($inout3,&QWP(16*6,"esp"));	# isolate carry and residue
+	&pxor	($inout3,$tweak);
+
+&set_label("xts_enc_steal");
+	&movz	($rounds,&BP(0,$inp));
+	&movz	($key,&BP(-16,$out));
+	&lea	($inp,&DWP(1,$inp));
+	&mov	(&BP(-16,$out),&LB($rounds));
+	&mov	(&BP(0,$out),&LB($key));
+	&lea	($out,&DWP(1,$out));
+	&sub	($len,1);
+	&jnz	(&label("xts_enc_steal"));
+
+	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(-16,$out));	# load input
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(-16,$out),$inout0);	# write output
+
+&set_label("xts_enc_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&movdqa	(&QWP(16*0,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm3","xmm3");
+	&movdqa	(&QWP(16*1,"esp"),"xmm0");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(16*2,"esp"),"xmm0");
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(16*3,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(16*4,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&movdqa	(&QWP(16*5,"esp"),"xmm0");
+	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
+&function_end("aesni_xts_encrypt");
+
+&function_begin("aesni_xts_decrypt");
+	&mov	($key,&wparam(4));		# key2
+	&mov	($inp,&wparam(5));		# clear-text tweak
+
+	&mov	($rounds,&DWP(240,$key));	# key2->rounds
+	&movups	($inout0,&QWP(0,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));		# key1
+
+	&mov	($key_,"esp");
+	&sub	("esp",16*7+8);
+	&and	("esp",-16);			# align stack
+
+	&xor	($rounds_,$rounds_);		# if(len%16) len-=16;
+	&test	($len,15);
+	&setnz	(&LB($rounds_));
+	&shl	($rounds_,4);
+	&sub	($len,$rounds_);
+
+	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
+	&mov	(&DWP(16*6+4,"esp"),0);
+	&mov	(&DWP(16*6+8,"esp"),1);
+	&mov	(&DWP(16*6+12,"esp"),0);
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
+	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
+
+	&mov	($rounds,&DWP(240,$key));	# key1->rounds
+	&mov	($key_,$key);			# backup $key
+	&mov	($rounds_,$rounds);		# backup $rounds
+
+	&movdqa	($tweak,$inout0);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+
+	&and	($len,-16);
+	&sub	($len,16*6);
+	&jc	(&label("xts_dec_short"));
+
+	&shl	($rounds,4);
+	&mov	($rounds_,16);
+	&sub	($rounds_,$rounds);
+	&lea	($key,&DWP(32,$key,$rounds));
+	&jmp	(&label("xts_dec_loop6"));
+
+&set_label("xts_dec_loop6",16);
+	for ($i=0;$i<4;$i++) {
+	    &pshufd	($twres,$twtmp,0x13);
+	    &pxor	($twtmp,$twtmp);
+	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
+	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
+	    &pand	($twres,$twmask);	# isolate carry and residue
+	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
+	    &pxor	($tweak,$twres);
+	}
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	 &$movekey	($rndkey0,&QWP(0,$key_));
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	 &movups	($inout0,&QWP(0,$inp));	# load input
+	&pxor	($inout5,$tweak);
+
+	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
+	&mov	($rounds,$rounds_);
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	 &pxor		($inout1,$rndkey0);
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	 &pxor		($inout2,$rndkey0);
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	 &pxor		($inout3,$rndkey0);
+	&movdqu	($rndkey1,&QWP(16*5,$inp));
+	 &pxor		($inout4,$rndkey0);
+	&lea	($inp,&DWP(16*6,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
+	&pxor	($inout5,$rndkey1);
+
+	 &$movekey	($rndkey1,&QWP(16,$key_));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	 &aesdec	($inout0,$rndkey1);
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&pxor	($inout4,&QWP(16*4,"esp"));
+	 &aesdec	($inout1,$rndkey1);
+	&pxor		($inout5,$rndkey0);
+	 &$movekey	($rndkey0,&QWP(32,$key_));
+	 &aesdec	($inout2,$rndkey1);
+	 &aesdec	($inout3,$rndkey1);
+	 &aesdec	($inout4,$rndkey1);
+	 &aesdec	($inout5,$rndkey1);
+	&call		(&label("_aesni_decrypt6_enter"));
+
+	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
+       &pxor	($twtmp,$twtmp);
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*2,$out),$inout2);
+	&xorps	($inout4,&QWP(16*4,"esp"));
+	&movups	(&QWP(16*3,$out),$inout3);
+	&xorps	($inout5,$tweak);
+	&movups	(&QWP(16*4,$out),$inout4);
+       &pshufd	($twres,$twtmp,0x13);
+	&movups	(&QWP(16*5,$out),$inout5);
+	&lea	($out,&DWP(16*6,$out));
+       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
+
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+	&sub	($len,16*6);
+	&jnc	(&label("xts_dec_loop6"));
+
+	&mov	($rounds,&DWP(240,$key_));	# restore $rounds
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds_,$rounds);
+
+&set_label("xts_dec_short");
+	&add	($len,16*6);
+	&jz	(&label("xts_dec_done6x"));
+
+	&movdqa	($inout3,$tweak);		# put aside previous tweak
+	&cmp	($len,0x20);
+	&jb	(&label("xts_dec_one"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&je	(&label("xts_dec_two"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&cmp	($len,0x40);
+	&jb	(&label("xts_dec_three"));
+
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($inout5,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+	&movdqa	(&QWP(16*0,"esp"),$inout3);
+	&movdqa	(&QWP(16*1,"esp"),$inout4);
+	&je	(&label("xts_dec_four"));
+
+	&movdqa	(&QWP(16*2,"esp"),$inout5);
+	&pshufd	($inout5,$twtmp,0x13);
+	&movdqa	(&QWP(16*3,"esp"),$tweak);
+	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
+	&pand	($inout5,$twmask);		# isolate carry and residue
+	&pxor	($inout5,$tweak);
+
+	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu	($inout1,&QWP(16*1,$inp));
+	&movdqu	($inout2,&QWP(16*2,$inp));
+	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movdqu	($inout3,&QWP(16*3,$inp));
+	&pxor	($inout1,&QWP(16*1,"esp"));
+	&movdqu	($inout4,&QWP(16*4,$inp));
+	&pxor	($inout2,&QWP(16*2,"esp"));
+	&lea	($inp,&DWP(16*5,$inp));
+	&pxor	($inout3,&QWP(16*3,"esp"));
+	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
+	&pxor	($inout4,$inout5);
+
+	&call	("_aesni_decrypt6");
+
+	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,&QWP(16*2,"esp"));
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,&QWP(16*3,"esp"));
+	&movups	(&QWP(16*1,$out),$inout1);
+	&xorps	($inout4,$tweak);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&movups	(&QWP(16*4,$out),$inout4);
+	&lea	($out,&DWP(16*5,$out));
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_one",16);
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&lea	($inp,&DWP(16*1,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&lea	($out,&DWP(16*1,$out));
+
+	&movdqa	($tweak,$inout3);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_two",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&lea	($inp,&DWP(16*2,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+
+	&call	("_aesni_decrypt2");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&lea	($out,&DWP(16*2,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_three",16);
+	&movaps	($inout5,$tweak);		# put aside last tweak
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&lea	($inp,&DWP(16*3,$inp));
+	&xorps	($inout0,$inout3);		# input^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+
+	&call	("_aesni_decrypt3");
+
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&xorps	($inout1,$inout4);
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&lea	($out,&DWP(16*3,$out));
+
+	&movdqa	($tweak,$inout5);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_four",16);
+	&movaps	($inout4,$tweak);		# put aside last tweak
+
+	&movups	($inout0,&QWP(16*0,$inp));	# load input
+	&movups	($inout1,&QWP(16*1,$inp));
+	&movups	($inout2,&QWP(16*2,$inp));
+	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
+	&movups	($inout3,&QWP(16*3,$inp));
+	&lea	($inp,&DWP(16*4,$inp));
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&xorps	($inout3,$inout4);
+
+	&call	("_aesni_decrypt4");
+
+	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
+	&xorps	($inout1,&QWP(16*1,"esp"));
+	&xorps	($inout2,$inout5);
+	&movups	(&QWP(16*0,$out),$inout0);	# write output
+	&xorps	($inout3,$inout4);
+	&movups	(&QWP(16*1,$out),$inout1);
+	&movups	(&QWP(16*2,$out),$inout2);
+	&movups	(&QWP(16*3,$out),$inout3);
+	&lea	($out,&DWP(16*4,$out));
+
+	&movdqa	($tweak,$inout4);		# last tweak
+	&jmp	(&label("xts_dec_done"));
+
+&set_label("xts_dec_done6x",16);		# $tweak is pre-calculated
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&and	($len,15);
+	&jz	(&label("xts_dec_ret"));
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&jmp	(&label("xts_dec_only_one_more"));
+
+&set_label("xts_dec_done",16);
+	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
+	&pxor	($twtmp,$twtmp);
+	&and	($len,15);
+	&jz	(&label("xts_dec_ret"));
+
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
+	&pshufd	($twres,$twtmp,0x13);
+	&pxor	($twtmp,$twtmp);
+	&movdqa	($twmask,&QWP(16*6,"esp"));
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($twres,$twmask);		# isolate carry and residue
+	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
+	&pxor	($tweak,$twres);
+
+&set_label("xts_dec_only_one_more");
+	&pshufd	($inout3,$twtmp,0x13);
+	&movdqa	($inout4,$tweak);		# put aside previous tweak
+	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
+	&pand	($inout3,$twmask);		# isolate carry and residue
+	&pxor	($inout3,$tweak);
+
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(0,$inp));		# load input
+	&xorps	($inout0,$inout3);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout3);		# output^=tweak
+	&movups	(&QWP(0,$out),$inout0);		# write output
+
+&set_label("xts_dec_steal");
+	&movz	($rounds,&BP(16,$inp));
+	&movz	($key,&BP(0,$out));
+	&lea	($inp,&DWP(1,$inp));
+	&mov	(&BP(0,$out),&LB($rounds));
+	&mov	(&BP(16,$out),&LB($key));
+	&lea	($out,&DWP(1,$out));
+	&sub	($len,1);
+	&jnz	(&label("xts_dec_steal"));
+
+	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
+	&mov	($key,$key_);			# restore $key
+	&mov	($rounds,$rounds_);		# restore $rounds
+
+	&movups	($inout0,&QWP(0,$out));		# load input
+	&xorps	($inout0,$inout4);		# input^=tweak
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$inout4);		# output^=tweak
+	&movups	(&QWP(0,$out),$inout0);		# write output
+
+&set_label("xts_dec_ret");
+	&pxor	("xmm0","xmm0");		# clear register bank
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&movdqa	(&QWP(16*0,"esp"),"xmm0");	# clear stack
+	&pxor	("xmm3","xmm3");
+	&movdqa	(&QWP(16*1,"esp"),"xmm0");
+	&pxor	("xmm4","xmm4");
+	&movdqa	(&QWP(16*2,"esp"),"xmm0");
+	&pxor	("xmm5","xmm5");
+	&movdqa	(&QWP(16*3,"esp"),"xmm0");
+	&pxor	("xmm6","xmm6");
+	&movdqa	(&QWP(16*4,"esp"),"xmm0");
+	&pxor	("xmm7","xmm7");
+	&movdqa	(&QWP(16*5,"esp"),"xmm0");
+	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
+&function_end("aesni_xts_decrypt");
+}
+
+######################################################################
+# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks,
+#	const AES_KEY *key, unsigned int start_block_num,
+#	unsigned char offset_i[16], const unsigned char L_[][16],
+#	unsigned char checksum[16]);
+#
+{
+# offsets within stack frame
+my $checksum = 16*6;
+my ($key_off,$rounds_off,$out_off,$end_off,$esp_off)=map(16*7+4*$_,(0..4));
+
+# reassigned registers
+my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
+# $l_, $blocks, $inp, $key are permanently allocated in registers;
+# remaining non-volatile ones are offloaded to stack, which even
+# stay invariant after written to stack.
+
+&function_begin("aesni_ocb_encrypt");
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&movdqu	($rndkey0,&QWP(0,$rounds));	# load offset_i
+	&mov	($block,&wparam(4));		# start_block_num
+	&movdqu	($rndkey1,&QWP(0,$rounds_));	# load checksum
+	&mov	($l_,&wparam(6));		# L_
+
+	&mov	($rounds,"esp");
+	&sub	("esp",$esp_off+4);		# alloca
+	&and	("esp",-16);			# align stack
+
+	&sub	($out,$inp);
+	&shl	($len,4);
+	&lea	($len,&DWP(-16*6,$inp,$len));	# end of input - 16*6
+	&mov	(&DWP($out_off,"esp"),$out);
+	&mov	(&DWP($end_off,"esp"),$len);
+	&mov	(&DWP($esp_off,"esp"),$rounds);
+
+	&mov	($rounds,&DWP(240,$key));
+
+	&test	($block,1);
+	&jnz	(&label("odd"));
+
+	&bsf		($i3,$block);
+	&add		($block,1);
+	&shl		($i3,4);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+	&mov		($i3,$key);			# put aside key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&lea		($inp,&DWP(16,$inp));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout4);		# pass the checksum
+
+	&movups		(&QWP(-16,$out,$inp),$inout0);	# store output
+
+	&mov		($rounds,&DWP(240,$i3));
+	&mov		($key,$i3);			# restore key
+	&mov		($len,&DWP($end_off,"esp"));
+
+&set_label("odd");
+	&shl		($rounds,4);
+	&mov		($out,16);
+	&sub		($out,$rounds);			# twisted rounds
+	&mov		(&DWP($key_off,"esp"),$key);
+	&lea		($key,&DWP(32,$key,$rounds));	# end of key schedule
+	&mov		(&DWP($rounds_off,"esp"),$out);
+
+	&cmp		($inp,$len);
+	&ja		(&label("short"));
+	&jmp		(&label("grandloop"));
+
+&set_label("grandloop",32);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&lea		($i5,&DWP(5,$block));
+	&add		($block,6);
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&bsf		($i5,$i5);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&shl		($i5,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+	&movdqu		($inout5,&QWP(0,$l_,$i5));
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+	&movdqa		(&QWP(16*5,"esp"),$inout5);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&movdqu		($inout5,&QWP(16*5,$inp));
+	&lea		($inp,&DWP(16*6,$inp));
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($rndkey1,$inout4);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($rndkey1,$inout5);
+	&pxor		($inout5,$rndkey0);
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,&QWP(16*5,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($inout1,$rndkey1);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&mov		($len,&DWP($end_off,"esp"));
+	&call		("_aesni_encrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*5,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,$rndkey0);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+
+	&movdqu		(&QWP(-16*6,$out,$inp),$inout0);# store output
+	&movdqu		(&QWP(-16*5,$out,$inp),$inout1);
+	&movdqu		(&QWP(-16*4,$out,$inp),$inout2);
+	&movdqu		(&QWP(-16*3,$out,$inp),$inout3);
+	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+	&cmp		($inp,$len);			# done yet?
+	&jb		(&label("grandloop"));
+
+&set_label("short");
+	&add		($len,16*6);
+	&sub		($len,$inp);
+	&jz		(&label("done"));
+
+	&cmp		($len,16*2);
+	&jb		(&label("one"));
+	&je		(&label("two"));
+
+	&cmp		($len,16*4);
+	&jb		(&label("three"));
+	&je		(&label("four"));
+
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&pxor		($inout5,$inout5);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$rndkey0);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($rndkey1,$inout4);
+	&pxor		($inout4,$rndkey0);
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesenc		($inout0,$rndkey1);
+	&aesenc		($inout1,$rndkey1);
+	&aesenc		($inout2,$rndkey1);
+	&aesenc		($inout3,$rndkey1);
+	&aesenc		($inout4,$rndkey1);
+	&aesenc		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*4,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,$rndkey0);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+
+	&movdqu		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movdqu		(&QWP(16*1,$out,$inp),$inout1);
+	&movdqu		(&QWP(16*2,$out,$inp),$inout2);
+	&movdqu		(&QWP(16*3,$out,$inp),$inout3);
+	&movdqu		(&QWP(16*4,$out,$inp),$inout4);
+
+	&jmp		(&label("done"));
+
+&set_label("one",16);
+	&movdqu		($inout5,&QWP(0,$l_));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	if ($inline)
+	{   &aesni_inline_generate1("enc");	}
+	else
+	{   &call	("_aesni_encrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout4);		# pass the checksum
+	&movups		(&QWP(0,$out,$inp),$inout0);
+
+	&jmp		(&label("done"));
+
+&set_label("two",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout4,&QWP(0,$l_));
+	&movdqu		($inout5,&QWP(0,$l_,$i1));
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout4,$rndkey0);		# ^ last offset_i
+	&pxor		($inout5,$inout4);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout4);		# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$inout5);
+
+	&movdqa		($inout3,$rndkey1)
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt2");
+
+	&xorps		($inout0,$inout4);		# ^ offset_i
+	&xorps		($inout1,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,$inout3);		# pass the checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+
+	&jmp		(&label("done"));
+
+&set_label("three",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout3,&QWP(0,$l_));
+	&movdqu		($inout4,&QWP(0,$l_,$i1));
+	&movdqa		($inout5,$inout3);
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout3,$rndkey0);		# ^ last offset_i
+	&pxor		($inout4,$inout3);
+	&pxor		($inout5,$inout4);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,$inout3);		# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,$inout4);
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt3");
+
+	&xorps		($inout0,$inout3);		# ^ offset_i
+	&xorps		($inout1,$inout4);
+	&xorps		($inout2,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+
+	&jmp		(&label("done"));
+
+&set_label("four",16);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout2,&QWP(0,$l_));
+	&movdqu		($inout3,&QWP(0,$l_,$i1));
+	&movdqa		($inout4,$inout2);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+
+	&pxor		($inout2,$rndkey0);		# ^ last offset_i
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&pxor		($inout3,$inout2);
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*0,"esp"),$inout2);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*1,"esp"),$inout3);
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($rndkey1,$inout1);
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($rndkey1,$inout2);
+	&pxor		($inout2,$inout4);
+	&pxor		($rndkey1,$inout3);
+	&pxor		($inout3,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1)
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_encrypt4");
+
+	&xorps		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&xorps		($inout1,&QWP(16*1,"esp"));
+	&xorps		($inout2,$inout4);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&xorps		($inout3,$inout5);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&movups		(&QWP(16*3,$out,$inp),$inout3);
+
+&set_label("done");
+	&mov	($key,&DWP($esp_off,"esp"));
+	&pxor	($inout0,$inout0);		# clear register bank
+	&pxor	($inout1,$inout1);
+	&movdqa	(&QWP(16*0,"esp"),$inout0);	# clear stack
+	&pxor	($inout2,$inout2);
+	&movdqa	(&QWP(16*1,"esp"),$inout0);
+	&pxor	($inout3,$inout3);
+	&movdqa	(&QWP(16*2,"esp"),$inout0);
+	&pxor	($inout4,$inout4);
+	&movdqa	(&QWP(16*3,"esp"),$inout0);
+	&pxor	($inout5,$inout5);
+	&movdqa	(&QWP(16*4,"esp"),$inout0);
+	&movdqa	(&QWP(16*5,"esp"),$inout0);
+	&movdqa	(&QWP(16*6,"esp"),$inout0);
+
+	&lea	("esp",&DWP(0,$key));
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+	&movdqu	(&QWP(0,$rounds),$rndkey0);
+	&pxor	($rndkey0,$rndkey0);
+	&movdqu	(&QWP(0,$rounds_),$rndkey1);
+	&pxor	($rndkey1,$rndkey1);
+&function_end("aesni_ocb_encrypt");
+
+&function_begin("aesni_ocb_decrypt");
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+
+	&mov	($inp,&wparam(0));
+	&mov	($out,&wparam(1));
+	&mov	($len,&wparam(2));
+	&mov	($key,&wparam(3));
+	&movdqu	($rndkey0,&QWP(0,$rounds));	# load offset_i
+	&mov	($block,&wparam(4));		# start_block_num
+	&movdqu	($rndkey1,&QWP(0,$rounds_));	# load checksum
+	&mov	($l_,&wparam(6));		# L_
+
+	&mov	($rounds,"esp");
+	&sub	("esp",$esp_off+4);		# alloca
+	&and	("esp",-16);			# align stack
+
+	&sub	($out,$inp);
+	&shl	($len,4);
+	&lea	($len,&DWP(-16*6,$inp,$len));	# end of input - 16*6
+	&mov	(&DWP($out_off,"esp"),$out);
+	&mov	(&DWP($end_off,"esp"),$len);
+	&mov	(&DWP($esp_off,"esp"),$rounds);
+
+	&mov	($rounds,&DWP(240,$key));
+
+	&test	($block,1);
+	&jnz	(&label("odd"));
+
+	&bsf		($i3,$block);
+	&add		($block,1);
+	&shl		($i3,4);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+	&mov		($i3,$key);			# put aside key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&lea		($inp,&DWP(16,$inp));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movaps		($rndkey1,$inout4);		# pass the checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($rndkey1,$inout0);		# checksum
+	&movups		(&QWP(-16,$out,$inp),$inout0);	# store output
+
+	&mov		($rounds,&DWP(240,$i3));
+	&mov		($key,$i3);			# restore key
+	&mov		($len,&DWP($end_off,"esp"));
+
+&set_label("odd");
+	&shl		($rounds,4);
+	&mov		($out,16);
+	&sub		($out,$rounds);			# twisted rounds
+	&mov		(&DWP($key_off,"esp"),$key);
+	&lea		($key,&DWP(32,$key,$rounds));	# end of key schedule
+	&mov		(&DWP($rounds_off,"esp"),$out);
+
+	&cmp		($inp,$len);
+	&ja		(&label("short"));
+	&jmp		(&label("grandloop"));
+
+&set_label("grandloop",32);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&lea		($i5,&DWP(5,$block));
+	&add		($block,6);
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&bsf		($i5,$i5);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&shl		($i5,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+	&movdqu		($inout5,&QWP(0,$l_,$i5));
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+	&movdqa		(&QWP(16*5,"esp"),$inout5);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&movdqu		($inout5,&QWP(16*5,$inp));
+	&lea		($inp,&DWP(16*6,$inp));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+	&pxor		($inout5,$rndkey0);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,&QWP(16*5,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesdec		($inout0,$rndkey1);
+	&aesdec		($inout1,$rndkey1);
+	&aesdec		($inout2,$rndkey1);
+	&aesdec		($inout3,$rndkey1);
+	&aesdec		($inout4,$rndkey1);
+	&aesdec		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&mov		($len,&DWP($end_off,"esp"));
+	&call		("_aesni_decrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*5,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+	&pxor		($inout5,$rndkey0);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqu		(&QWP(-16*6,$out,$inp),$inout0);# store output
+	&pxor		($rndkey1,$inout1);
+	&movdqu		(&QWP(-16*5,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout2);
+	&movdqu		(&QWP(-16*4,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout3);
+	&movdqu		(&QWP(-16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout4);
+	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+	&pxor		($rndkey1,$inout5);
+	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+	&cmp		($inp,$len);			# done yet?
+	&jb		(&label("grandloop"));
+
+&set_label("short");
+	&add		($len,16*6);
+	&sub		($len,$inp);
+	&jz		(&label("done"));
+
+	&cmp		($len,16*2);
+	&jb		(&label("one"));
+	&je		(&label("two"));
+
+	&cmp		($len,16*4);
+	&jb		(&label("three"));
+	&je		(&label("four"));
+
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout0,&QWP(0,$l_));
+	&movdqu		($inout1,&QWP(0,$l_,$i1));
+	&mov		($rounds,&DWP($rounds_off,"esp"));
+	&movdqa		($inout2,$inout0);
+	&movdqu		($inout3,&QWP(0,$l_,$i3));
+	&movdqa		($inout4,$inout0);
+
+	&pxor		($inout0,$rndkey0);		# ^ last offset_i
+	&pxor		($inout1,$inout0);
+	&movdqa		(&QWP(16*0,"esp"),$inout0);
+	&pxor		($inout2,$inout1);
+	&movdqa		(&QWP(16*1,"esp"),$inout1);
+	&pxor		($inout3,$inout2);
+	&movdqa		(&QWP(16*2,"esp"),$inout2);
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*3,"esp"),$inout3);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*4,"esp"),$inout4);
+
+	&$movekey	($rndkey0,&QWP(-48,$key,$rounds));
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&movdqu		($inout4,&QWP(16*4,$inp));
+	&pxor		($inout5,$inout5);
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,$rndkey0);		# ^ roundkey[0]
+	&pxor		($inout1,$rndkey0);
+	&pxor		($inout2,$rndkey0);
+	&pxor		($inout3,$rndkey0);
+	&pxor		($inout4,$rndkey0);
+
+	&$movekey	($rndkey1,&QWP(-32,$key,$rounds));
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,&QWP(16*4,"esp"));
+
+	&$movekey	($rndkey0,&QWP(-16,$key,$rounds));
+	&aesdec		($inout0,$rndkey1);
+	&aesdec		($inout1,$rndkey1);
+	&aesdec		($inout2,$rndkey1);
+	&aesdec		($inout3,$rndkey1);
+	&aesdec		($inout4,$rndkey1);
+	&aesdec		($inout5,$rndkey1);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt6_enter");
+
+	&movdqa		($rndkey0,&QWP(16*4,"esp"));	# pass last offset_i
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,&QWP(16*2,"esp"));
+	&pxor		($inout3,&QWP(16*3,"esp"));
+	&pxor		($inout4,$rndkey0);
+
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqu		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout1);
+	&movdqu		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout2);
+	&movdqu		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout3);
+	&movdqu		(&QWP(16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout4);
+	&movdqu		(&QWP(16*4,$out,$inp),$inout4);
+
+	&jmp		(&label("done"));
+
+&set_label("one",16);
+	&movdqu		($inout5,&QWP(0,$l_));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&mov		($rounds,&DWP(240,$key));
+
+	&pxor		($inout5,$rndkey0);		# ^ last offset_i
+	&pxor		($inout0,$inout5);		# ^ offset_i
+
+	&movdqa		($inout4,$rndkey1);
+	&mov		($out,&DWP($out_off,"esp"));
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+
+	&xorps		($inout0,$inout5);		# ^ offset_i
+	&movaps		($rndkey1,$inout4);		# pass the checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($rndkey1,$inout0);		# checksum
+	&movups		(&QWP(0,$out,$inp),$inout0);
+
+	&jmp		(&label("done"));
+
+&set_label("two",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout4,&QWP(0,$l_));
+	&movdqu		($inout5,&QWP(0,$l_,$i1));
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		($inout3,$rndkey1);
+	&pxor		($inout4,$rndkey0);		# ^ last offset_i
+	&pxor		($inout5,$inout4);
+
+	&pxor		($inout0,$inout4);		# ^ offset_i
+	&pxor		($inout1,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt2");
+
+	&xorps		($inout0,$inout4);		# ^ offset_i
+	&xorps		($inout1,$inout5);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&xorps		($inout3,$inout0);		# checksum
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&xorps		($inout3,$inout1);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&movaps		($rndkey1,$inout3);		# pass the checksum
+
+	&jmp		(&label("done"));
+
+&set_label("three",16);
+	&lea		($i1,&DWP(1,$block));
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&bsf		($i1,$i1);
+	&shl		($i1,4);
+	&movdqu		($inout3,&QWP(0,$l_));
+	&movdqu		($inout4,&QWP(0,$l_,$i1));
+	&movdqa		($inout5,$inout3);
+
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout3,$rndkey0);		# ^ last offset_i
+	&pxor		($inout4,$inout3);
+	&pxor		($inout5,$inout4);
+
+	&pxor		($inout0,$inout3);		# ^ offset_i
+	&pxor		($inout1,$inout4);
+	&pxor		($inout2,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt3");
+
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&xorps		($inout0,$inout3);		# ^ offset_i
+	&xorps		($inout1,$inout4);
+	&xorps		($inout2,$inout5);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout0);		# checksum
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout1);
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout2);
+
+	&jmp		(&label("done"));
+
+&set_label("four",16);
+	&lea		($i1,&DWP(1,$block));
+	&lea		($i3,&DWP(3,$block));
+	&bsf		($i1,$i1);
+	&bsf		($i3,$i3);
+	&mov		($key,&DWP($key_off,"esp"));	# restore key
+	&shl		($i1,4);
+	&shl		($i3,4);
+	&movdqu		($inout2,&QWP(0,$l_));
+	&movdqu		($inout3,&QWP(0,$l_,$i1));
+	&movdqa		($inout4,$inout2);
+	&movdqu		($inout5,&QWP(0,$l_,$i3));
+
+	&pxor		($inout2,$rndkey0);		# ^ last offset_i
+	&movdqu		($inout0,&QWP(16*0,$inp));	# load input
+	&pxor		($inout3,$inout2);
+	&movdqu		($inout1,&QWP(16*1,$inp));
+	&pxor		($inout4,$inout3);
+	&movdqa		(&QWP(16*0,"esp"),$inout2);
+	&pxor		($inout5,$inout4);
+	&movdqa		(&QWP(16*1,"esp"),$inout3);
+	&movdqu		($inout2,&QWP(16*2,$inp));
+	&movdqu		($inout3,&QWP(16*3,$inp));
+	&mov		($rounds,&DWP(240,$key));
+
+	&movdqa		(&QWP($checksum,"esp"),$rndkey1);
+	&pxor		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&pxor		($inout1,&QWP(16*1,"esp"));
+	&pxor		($inout2,$inout4);
+	&pxor		($inout3,$inout5);
+
+	&mov		($out,&DWP($out_off,"esp"));
+	&call		("_aesni_decrypt4");
+
+	&movdqa		($rndkey1,&QWP($checksum,"esp"));# pass the checksum
+	&xorps		($inout0,&QWP(16*0,"esp"));	# ^ offset_i
+	&xorps		($inout1,&QWP(16*1,"esp"));
+	&xorps		($inout2,$inout4);
+	&movups		(&QWP(16*0,$out,$inp),$inout0);	# store output
+	&pxor		($rndkey1,$inout0);		# checksum
+	&xorps		($inout3,$inout5);
+	&movups		(&QWP(16*1,$out,$inp),$inout1);
+	&pxor		($rndkey1,$inout1);
+	&movdqa		($rndkey0,$inout5);		# pass last offset_i
+	&movups		(&QWP(16*2,$out,$inp),$inout2);
+	&pxor		($rndkey1,$inout2);
+	&movups		(&QWP(16*3,$out,$inp),$inout3);
+	&pxor		($rndkey1,$inout3);
+
+&set_label("done");
+	&mov	($key,&DWP($esp_off,"esp"));
+	&pxor	($inout0,$inout0);		# clear register bank
+	&pxor	($inout1,$inout1);
+	&movdqa	(&QWP(16*0,"esp"),$inout0);	# clear stack
+	&pxor	($inout2,$inout2);
+	&movdqa	(&QWP(16*1,"esp"),$inout0);
+	&pxor	($inout3,$inout3);
+	&movdqa	(&QWP(16*2,"esp"),$inout0);
+	&pxor	($inout4,$inout4);
+	&movdqa	(&QWP(16*3,"esp"),$inout0);
+	&pxor	($inout5,$inout5);
+	&movdqa	(&QWP(16*4,"esp"),$inout0);
+	&movdqa	(&QWP(16*5,"esp"),$inout0);
+	&movdqa	(&QWP(16*6,"esp"),$inout0);
+
+	&lea	("esp",&DWP(0,$key));
+	&mov	($rounds,&wparam(5));		# &offset_i
+	&mov	($rounds_,&wparam(7));		# &checksum
+	&movdqu	(&QWP(0,$rounds),$rndkey0);
+	&pxor	($rndkey0,$rndkey0);
+	&movdqu	(&QWP(0,$rounds_),$rndkey1);
+	&pxor	($rndkey1,$rndkey1);
+&function_end("aesni_ocb_decrypt");
+}
+}
+
+######################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+#                           size_t length, const AES_KEY *key,
+#                           unsigned char *ivp,const int enc);
+&function_begin("${PREFIX}_cbc_encrypt");
+	&mov	($inp,&wparam(0));
+	&mov	($rounds_,"esp");
+	&mov	($out,&wparam(1));
+	&sub	($rounds_,24);
+	&mov	($len,&wparam(2));
+	&and	($rounds_,-16);
+	&mov	($key,&wparam(3));
+	&mov	($key_,&wparam(4));
+	&test	($len,$len);
+	&jz	(&label("cbc_abort"));
+
+	&cmp	(&wparam(5),0);
+	&xchg	($rounds_,"esp");		# alloca
+	&movups	($ivec,&QWP(0,$key_));		# load IV
+	&mov	($rounds,&DWP(240,$key));
+	&mov	($key_,$key);			# backup $key
+	&mov	(&DWP(16,"esp"),$rounds_);	# save original %esp
+	&mov	($rounds_,$rounds);		# backup $rounds
+	&je	(&label("cbc_decrypt"));
+
+	&movaps	($inout0,$ivec);
+	&cmp	($len,16);
+	&jb	(&label("cbc_enc_tail"));
+	&sub	($len,16);
+	&jmp	(&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+	&movups	($ivec,&QWP(0,$inp));		# input actually
+	&lea	($inp,&DWP(16,$inp));
+	if ($inline)
+	{   &aesni_inline_generate1("enc",$inout0,$ivec);	}
+	else
+	{   &xorps($inout0,$ivec); &call("_aesni_encrypt1");	}
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&mov	($key,$key_);		# restore $key
+	&movups	(&QWP(0,$out),$inout0);	# store output
+	&lea	($out,&DWP(16,$out));
+	&sub	($len,16);
+	&jnc	(&label("cbc_enc_loop"));
+	&add	($len,16);
+	&jnz	(&label("cbc_enc_tail"));
+	&movaps	($ivec,$inout0);
+	&pxor	($inout0,$inout0);
+	&jmp	(&label("cbc_ret"));
+
+&set_label("cbc_enc_tail");
+	&mov	("ecx",$len);		# zaps $rounds
+	&data_word(0xA4F3F689);		# rep movsb
+	&mov	("ecx",16);		# zero tail
+	&sub	("ecx",$len);
+	&xor	("eax","eax");		# zaps $len
+	&data_word(0xAAF3F689);		# rep stosb
+	&lea	($out,&DWP(-16,$out));	# rewind $out by 1 block
+	&mov	($rounds,$rounds_);	# restore $rounds
+	&mov	($inp,$out);		# $inp and $out are the same
+	&mov	($key,$key_);		# restore $key
+	&jmp	(&label("cbc_enc_loop"));
+######################################################################
+&set_label("cbc_decrypt",16);
+	&cmp	($len,0x50);
+	&jbe	(&label("cbc_dec_tail"));
+	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
+	&sub	($len,0x50);
+	&jmp	(&label("cbc_dec_loop6_enter"));
+
+&set_label("cbc_dec_loop6",16);
+	&movaps	(&QWP(0,"esp"),$rndkey0);	# save IV
+	&movups	(&QWP(0,$out),$inout5);
+	&lea	($out,&DWP(0x10,$out));
+&set_label("cbc_dec_loop6_enter");
+	&movdqu	($inout0,&QWP(0,$inp));
+	&movdqu	($inout1,&QWP(0x10,$inp));
+	&movdqu	($inout2,&QWP(0x20,$inp));
+	&movdqu	($inout3,&QWP(0x30,$inp));
+	&movdqu	($inout4,&QWP(0x40,$inp));
+	&movdqu	($inout5,&QWP(0x50,$inp));
+
+	&call	("_aesni_decrypt6");
+
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,&QWP(0,"esp"));	# ^=IV
+	&xorps	($inout1,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout2,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout3,$rndkey1);
+	&movups	($rndkey1,&QWP(0x40,$inp));
+	&xorps	($inout4,$rndkey0);
+	&movups	($rndkey0,&QWP(0x50,$inp));	# IV
+	&xorps	($inout5,$rndkey1);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&lea	($inp,&DWP(0x60,$inp));
+	&movups	(&QWP(0x20,$out),$inout2);
+	&mov	($rounds,$rounds_);		# restore $rounds
+	&movups	(&QWP(0x30,$out),$inout3);
+	&mov	($key,$key_);			# restore $key
+	&movups	(&QWP(0x40,$out),$inout4);
+	&lea	($out,&DWP(0x50,$out));
+	&sub	($len,0x60);
+	&ja	(&label("cbc_dec_loop6"));
+
+	&movaps	($inout0,$inout5);
+	&movaps	($ivec,$rndkey0);
+	&add	($len,0x50);
+	&jle	(&label("cbc_dec_clear_tail_collected"));
+	&movups	(&QWP(0,$out),$inout0);
+	&lea	($out,&DWP(0x10,$out));
+&set_label("cbc_dec_tail");
+	&movups	($inout0,&QWP(0,$inp));
+	&movaps	($in0,$inout0);
+	&cmp	($len,0x10);
+	&jbe	(&label("cbc_dec_one"));
+
+	&movups	($inout1,&QWP(0x10,$inp));
+	&movaps	($in1,$inout1);
+	&cmp	($len,0x20);
+	&jbe	(&label("cbc_dec_two"));
+
+	&movups	($inout2,&QWP(0x20,$inp));
+	&cmp	($len,0x30);
+	&jbe	(&label("cbc_dec_three"));
+
+	&movups	($inout3,&QWP(0x30,$inp));
+	&cmp	($len,0x40);
+	&jbe	(&label("cbc_dec_four"));
+
+	&movups	($inout4,&QWP(0x40,$inp));
+	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
+	&movups	($inout0,&QWP(0,$inp));
+	&xorps	($inout5,$inout5);
+	&call	("_aesni_decrypt6");
+	&movups	($rndkey1,&QWP(0,$inp));
+	&movups	($rndkey0,&QWP(0x10,$inp));
+	&xorps	($inout0,&QWP(0,"esp"));	# ^= IV
+	&xorps	($inout1,$rndkey1);
+	&movups	($rndkey1,&QWP(0x20,$inp));
+	&xorps	($inout2,$rndkey0);
+	&movups	($rndkey0,&QWP(0x30,$inp));
+	&xorps	($inout3,$rndkey1);
+	&movups	($ivec,&QWP(0x40,$inp));	# IV
+	&xorps	($inout4,$rndkey0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&pxor	($inout2,$inout2);
+	&movups	(&QWP(0x30,$out),$inout3);
+	&pxor	($inout3,$inout3);
+	&lea	($out,&DWP(0x40,$out));
+	&movaps	($inout0,$inout4);
+	&pxor	($inout4,$inout4);
+	&sub	($len,0x50);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_one",16);
+	if ($inline)
+	{   &aesni_inline_generate1("dec");	}
+	else
+	{   &call	("_aesni_decrypt1");	}
+	&xorps	($inout0,$ivec);
+	&movaps	($ivec,$in0);
+	&sub	($len,0x10);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_two",16);
+	&call	("_aesni_decrypt2");
+	&xorps	($inout0,$ivec);
+	&xorps	($inout1,$in0);
+	&movups	(&QWP(0,$out),$inout0);
+	&movaps	($inout0,$inout1);
+	&pxor	($inout1,$inout1);
+	&lea	($out,&DWP(0x10,$out));
+	&movaps	($ivec,$in1);
+	&sub	($len,0x20);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_three",16);
+	&call	("_aesni_decrypt3");
+	&xorps	($inout0,$ivec);
+	&xorps	($inout1,$in0);
+	&xorps	($inout2,$in1);
+	&movups	(&QWP(0,$out),$inout0);
+	&movaps	($inout0,$inout2);
+	&pxor	($inout2,$inout2);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&lea	($out,&DWP(0x20,$out));
+	&movups	($ivec,&QWP(0x20,$inp));
+	&sub	($len,0x30);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_four",16);
+	&call	("_aesni_decrypt4");
+	&movups	($rndkey1,&QWP(0x10,$inp));
+	&movups	($rndkey0,&QWP(0x20,$inp));
+	&xorps	($inout0,$ivec);
+	&movups	($ivec,&QWP(0x30,$inp));
+	&xorps	($inout1,$in0);
+	&movups	(&QWP(0,$out),$inout0);
+	&xorps	($inout2,$rndkey1);
+	&movups	(&QWP(0x10,$out),$inout1);
+	&pxor	($inout1,$inout1);
+	&xorps	($inout3,$rndkey0);
+	&movups	(&QWP(0x20,$out),$inout2);
+	&pxor	($inout2,$inout2);
+	&lea	($out,&DWP(0x30,$out));
+	&movaps	($inout0,$inout3);
+	&pxor	($inout3,$inout3);
+	&sub	($len,0x40);
+	&jmp	(&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_clear_tail_collected",16);
+	&pxor	($inout1,$inout1);
+	&pxor	($inout2,$inout2);
+	&pxor	($inout3,$inout3);
+	&pxor	($inout4,$inout4);
+&set_label("cbc_dec_tail_collected");
+	&and	($len,15);
+	&jnz	(&label("cbc_dec_tail_partial"));
+	&movups	(&QWP(0,$out),$inout0);
+	&pxor	($rndkey0,$rndkey0);
+	&jmp	(&label("cbc_ret"));
+
+&set_label("cbc_dec_tail_partial",16);
+	&movaps	(&QWP(0,"esp"),$inout0);
+	&pxor	($rndkey0,$rndkey0);
+	&mov	("ecx",16);
+	&mov	($inp,"esp");
+	&sub	("ecx",$len);
+	&data_word(0xA4F3F689);		# rep movsb
+	&movdqa	(&QWP(0,"esp"),$inout0);
+
+&set_label("cbc_ret");
+	&mov	("esp",&DWP(16,"esp"));	# pull original %esp
+	&mov	($key_,&wparam(4));
+	&pxor	($inout0,$inout0);
+	&pxor	($rndkey1,$rndkey1);
+	&movups	(&QWP(0,$key_),$ivec);	# output IV
+	&pxor	($ivec,$ivec);
+&set_label("cbc_abort");
+&function_end("${PREFIX}_cbc_encrypt");
+
+######################################################################
+# Mechanical port from aesni-x86_64.pl.
+#
+# _aesni_set_encrypt_key is private interface,
+# input:
+#	"eax"	const unsigned char *userKey
+#	$rounds	int bits
+#	$key	AES_KEY *key
+# output:
+#	"eax"	return code
+#	$round	rounds
+
+&function_begin_B("_aesni_set_encrypt_key");
+	&push	("ebp");
+	&push	("ebx");
+	&test	("eax","eax");
+	&jz	(&label("bad_pointer"));
+	&test	($key,$key);
+	&jz	(&label("bad_pointer"));
+
+	&call	(&label("pic"));
+&set_label("pic");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx"));
+
+	&picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const"));
+	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
+	&xorps	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
+	&mov	("ebp",&DWP(4,"ebp"));
+	&lea	($key,&DWP(16,$key));
+	&and	("ebp",1<<28|1<<11);	# AVX and XOP bits
+	&cmp	($rounds,256);
+	&je	(&label("14rounds"));
+	&cmp	($rounds,192);
+	&je	(&label("12rounds"));
+	&cmp	($rounds,128);
+	&jne	(&label("bad_keybits"));
+
+&set_label("10rounds",16);
+	&cmp		("ebp",1<<28);
+	&je		(&label("10rounds_alt"));
+
+	&mov		($rounds,9);
+	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
+	&aeskeygenassist("xmm1","xmm0",0x01);		# round 1
+	&call		(&label("key_128_cold"));
+	&aeskeygenassist("xmm1","xmm0",0x2);		# round 2
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x04);		# round 3
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x08);		# round 4
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x10);		# round 5
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x20);		# round 6
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x40);		# round 7
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x80);		# round 8
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x1b);		# round 9
+	&call		(&label("key_128"));
+	&aeskeygenassist("xmm1","xmm0",0x36);		# round 10
+	&call		(&label("key_128"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(80,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_128",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_128_cold");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm1","xmm1",0b11111111);	# critical path
+	&xorps		("xmm0","xmm1");
+	&ret();
+
+&set_label("10rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x00,"ebx"));
+	&mov		($rounds,8);
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&movdqa		("xmm2","xmm0");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+&set_label("loop_key128");
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+	&pslld		("xmm4",1);
+	&lea		($key,&DWP(16,$key));
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+	&movdqa		("xmm2","xmm0");
+
+	&dec		($rounds);
+	&jnz		(&label("loop_key128"));
+
+	&movdqa		("xmm4",&QWP(0x30,"ebx"));
+
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+	&pslld		("xmm4",1);
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(0,$key),"xmm0");
+
+	&movdqa		("xmm2","xmm0");
+	&pshufb		("xmm0","xmm5");
+	&aesenclast	("xmm0","xmm4");
+
+	&movdqa		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm3","xmm2");
+	&pslldq		("xmm2",4);
+	&pxor		("xmm2","xmm3");
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(16,$key),"xmm0");
+
+	&mov		($rounds,9);
+	&mov		(&DWP(96,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("12rounds",16);
+	&movq		("xmm2",&QWP(16,"eax"));	# remaining 1/3 of *userKey
+	&cmp		("ebp",1<<28);
+	&je		(&label("12rounds_alt"));
+
+	&mov		($rounds,11);
+	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
+	&aeskeygenassist("xmm1","xmm2",0x01);		# round 1,2
+	&call		(&label("key_192a_cold"));
+	&aeskeygenassist("xmm1","xmm2",0x02);		# round 2,3
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x04);		# round 4,5
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x08);		# round 5,6
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x10);		# round 7,8
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x20);		# round 8,9
+	&call		(&label("key_192b"));
+	&aeskeygenassist("xmm1","xmm2",0x40);		# round 10,11
+	&call		(&label("key_192a"));
+	&aeskeygenassist("xmm1","xmm2",0x80);		# round 11,12
+	&call		(&label("key_192b"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(48,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_192a",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_192a_cold",16);
+	&movaps		("xmm5","xmm2");
+&set_label("key_192b_warm");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&movdqa		("xmm3","xmm2");
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&pslldq		("xmm3",4);
+	&xorps		("xmm0","xmm4");
+	&pshufd		("xmm1","xmm1",0b01010101);	# critical path
+	&pxor		("xmm2","xmm3");
+	&pxor		("xmm0","xmm1");
+	&pshufd		("xmm3","xmm0",0b11111111);
+	&pxor		("xmm2","xmm3");
+	&ret();
+
+&set_label("key_192b",16);
+	&movaps		("xmm3","xmm0");
+	&shufps		("xmm5","xmm0",0b01000100);
+	&$movekey	(&QWP(0,$key),"xmm5");
+	&shufps		("xmm3","xmm2",0b01001110);
+	&$movekey	(&QWP(16,$key),"xmm3");
+	&lea		($key,&DWP(32,$key));
+	&jmp		(&label("key_192b_warm"));
+
+&set_label("12rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x10,"ebx"));
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&mov		($rounds,8);
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+&set_label("loop_key192");
+	&movq		(&QWP(0,$key),"xmm2");
+	&movdqa		("xmm1","xmm2");
+	&pshufb		("xmm2","xmm5");
+	&aesenclast	("xmm2","xmm4");
+	&pslld		("xmm4",1);
+	&lea		($key,&DWP(24,$key));
+
+	&movdqa		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm0","xmm3");
+
+	&pshufd		("xmm3","xmm0",0xff);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+
+	&pxor		("xmm0","xmm2");
+	&pxor		("xmm2","xmm3");
+	&movdqu		(&QWP(-16,$key),"xmm0");
+
+	&dec		($rounds);
+	&jnz		(&label("loop_key192"));
+
+	&mov	($rounds,11);
+	&mov	(&DWP(32,$key),$rounds);
+
+	&jmp	(&label("good_key"));
+
+&set_label("14rounds",16);
+	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
+	&lea		($key,&DWP(16,$key));
+	&cmp		("ebp",1<<28);
+	&je		(&label("14rounds_alt"));
+
+	&mov		($rounds,13);
+	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
+	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
+	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
+	&call		(&label("key_256a_cold"));
+	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
+	&call		(&label("key_256a"));
+	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
+	&call		(&label("key_256b"));
+	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
+	&call		(&label("key_256a"));
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&mov		(&DWP(16,$key),$rounds);
+	&xor		("eax","eax");
+
+	&jmp	(&label("good_key"));
+
+&set_label("key_256a",16);
+	&$movekey	(&QWP(0,$key),"xmm2");
+	&lea		($key,&DWP(16,$key));
+&set_label("key_256a_cold");
+	&shufps		("xmm4","xmm0",0b00010000);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm4","xmm0",0b10001100);
+	&xorps		("xmm0","xmm4");
+	&shufps		("xmm1","xmm1",0b11111111);	# critical path
+	&xorps		("xmm0","xmm1");
+	&ret();
+
+&set_label("key_256b",16);
+	&$movekey	(&QWP(0,$key),"xmm0");
+	&lea		($key,&DWP(16,$key));
+
+	&shufps		("xmm4","xmm2",0b00010000);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm4","xmm2",0b10001100);
+	&xorps		("xmm2","xmm4");
+	&shufps		("xmm1","xmm1",0b10101010);	# critical path
+	&xorps		("xmm2","xmm1");
+	&ret();
+
+&set_label("14rounds_alt",16);
+	&movdqa		("xmm5",&QWP(0x00,"ebx"));
+	&movdqa		("xmm4",&QWP(0x20,"ebx"));
+	&mov		($rounds,7);
+	&movdqu		(&QWP(-32,$key),"xmm0");
+	&movdqa		("xmm1","xmm2");
+	&movdqu		(&QWP(-16,$key),"xmm2");
+
+&set_label("loop_key256");
+	&pshufb		("xmm2","xmm5");
+	&aesenclast	("xmm2","xmm4");
+
+	&movdqa		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm3","xmm0");
+	&pslldq		("xmm0",4);
+	&pxor		("xmm0","xmm3");
+	&pslld		("xmm4",1);
+
+	&pxor		("xmm0","xmm2");
+	&movdqu		(&QWP(0,$key),"xmm0");
+
+	&dec		($rounds);
+	&jz		(&label("done_key256"));
+
+	&pshufd		("xmm2","xmm0",0xff);
+	&pxor		("xmm3","xmm3");
+	&aesenclast	("xmm2","xmm3");
+
+	&movdqa		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm3","xmm1");
+	&pslldq		("xmm1",4);
+	&pxor		("xmm1","xmm3");
+
+	&pxor		("xmm2","xmm1");
+	&movdqu		(&QWP(16,$key),"xmm2");
+	&lea		($key,&DWP(32,$key));
+	&movdqa		("xmm1","xmm2");
+	&jmp		(&label("loop_key256"));
+
+&set_label("done_key256");
+	&mov		($rounds,13);
+	&mov		(&DWP(16,$key),$rounds);
+
+&set_label("good_key");
+	&pxor	("xmm0","xmm0");
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&xor	("eax","eax");
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+
+&set_label("bad_pointer",4);
+	&mov	("eax",-1);
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+&set_label("bad_keybits",4);
+	&pxor	("xmm0","xmm0");
+	&mov	("eax",-2);
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+&function_end_B("_aesni_set_encrypt_key");
+
+# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
+#                              AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key");
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
+	&call	("_aesni_set_encrypt_key");
+	&ret	();
+&function_end_B("${PREFIX}_set_encrypt_key");
+
+# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
+#                              AES_KEY *key)
+&function_begin_B("${PREFIX}_set_decrypt_key");
+	&mov	("eax",&wparam(0));
+	&mov	($rounds,&wparam(1));
+	&mov	($key,&wparam(2));
+	&call	("_aesni_set_encrypt_key");
+	&mov	($key,&wparam(2));
+	&shl	($rounds,4);	# rounds-1 after _aesni_set_encrypt_key
+	&test	("eax","eax");
+	&jnz	(&label("dec_key_ret"));
+	&lea	("eax",&DWP(16,$key,$rounds));	# end of key schedule
+
+	&$movekey	("xmm0",&QWP(0,$key));	# just swap
+	&$movekey	("xmm1",&QWP(0,"eax"));
+	&$movekey	(&QWP(0,"eax"),"xmm0");
+	&$movekey	(&QWP(0,$key),"xmm1");
+	&lea		($key,&DWP(16,$key));
+	&lea		("eax",&DWP(-16,"eax"));
+
+&set_label("dec_key_inverse");
+	&$movekey	("xmm0",&QWP(0,$key));	# swap and inverse
+	&$movekey	("xmm1",&QWP(0,"eax"));
+	&aesimc		("xmm0","xmm0");
+	&aesimc		("xmm1","xmm1");
+	&lea		($key,&DWP(16,$key));
+	&lea		("eax",&DWP(-16,"eax"));
+	&$movekey	(&QWP(16,"eax"),"xmm0");
+	&$movekey	(&QWP(-16,$key),"xmm1");
+	&cmp		("eax",$key);
+	&ja		(&label("dec_key_inverse"));
+
+	&$movekey	("xmm0",&QWP(0,$key));	# inverse middle
+	&aesimc		("xmm0","xmm0");
+	&$movekey	(&QWP(0,$key),"xmm0");
+
+	&pxor		("xmm0","xmm0");
+	&pxor		("xmm1","xmm1");
+	&xor		("eax","eax");		# return success
+&set_label("dec_key_ret");
+	&ret	();
+&function_end_B("${PREFIX}_set_decrypt_key");
+
+&set_label("key_const",64);
+&data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d);
+&data_word(0x04070605,0x04070605,0x04070605,0x04070605);
+&data_word(1,1,1,1);
+&data_word(0x1b,0x1b,0x1b,0x1b);
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesni-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/aesni-x86_64.pl
new file mode 100644
index 0000000..98ca179
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesni-x86_64.pl
@@ -0,0 +1,5060 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
+# details].
+#
+# Performance.
+#
+# Given aes(enc|dec) instructions' latency asymptotic performance for
+# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte
+# processed with 128-bit key. And given their throughput asymptotic
+# performance for parallelizable modes is 1.25 cycles per byte. Being
+# asymptotic limit it's not something you commonly achieve in reality,
+# but how close does one get? Below are results collected for
+# different modes and block sized. Pairs of numbers are for en-/
+# decryption.
+#
+#	16-byte     64-byte     256-byte    1-KB        8-KB
+# ECB	4.25/4.25   1.38/1.38   1.28/1.28   1.26/1.26	1.26/1.26
+# CTR	5.42/5.42   1.92/1.92   1.44/1.44   1.28/1.28   1.26/1.26
+# CBC	4.38/4.43   4.15/1.43   4.07/1.32   4.07/1.29   4.06/1.28
+# CCM	5.66/9.42   4.42/5.41   4.16/4.40   4.09/4.15   4.06/4.07   
+# OFB	5.42/5.42   4.64/4.64   4.44/4.44   4.39/4.39   4.38/4.38
+# CFB	5.73/5.85   5.56/5.62   5.48/5.56   5.47/5.55   5.47/5.55
+#
+# ECB, CTR, CBC and CCM results are free from EVP overhead. This means
+# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni
+# [-decrypt]' will exhibit 10-15% worse results for smaller blocks.
+# The results were collected with specially crafted speed.c benchmark
+# in order to compare them with results reported in "Intel Advanced
+# Encryption Standard (AES) New Instruction Set" White Paper Revision
+# 3.0 dated May 2010. All above results are consistently better. This
+# module also provides better performance for block sizes smaller than
+# 128 bytes in points *not* represented in the above table.
+#
+# Looking at the results for 8-KB buffer.
+#
+# CFB and OFB results are far from the limit, because implementation
+# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on
+# single-block aesni_encrypt, which is not the most optimal way to go.
+# CBC encrypt result is unexpectedly high and there is no documented
+# explanation for it. Seemingly there is a small penalty for feeding
+# the result back to AES unit the way it's done in CBC mode. There is
+# nothing one can do and the result appears optimal. CCM result is
+# identical to CBC, because CBC-MAC is essentially CBC encrypt without
+# saving output. CCM CTR "stays invisible," because it's neatly
+# interleaved wih CBC-MAC. This provides ~30% improvement over
+# "straghtforward" CCM implementation with CTR and CBC-MAC performed
+# disjointly. Parallelizable modes practically achieve the theoretical
+# limit.
+#
+# Looking at how results vary with buffer size.
+#
+# Curves are practically saturated at 1-KB buffer size. In most cases
+# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one.
+# CTR curve doesn't follow this pattern and is "slowest" changing one
+# with "256-byte" result being 87% of "8-KB." This is because overhead
+# in CTR mode is most computationally intensive. Small-block CCM
+# decrypt is slower than encrypt, because first CTR and last CBC-MAC
+# iterations can't be interleaved.
+#
+# Results for 192- and 256-bit keys.
+#
+# EVP-free results were observed to scale perfectly with number of
+# rounds for larger block sizes, i.e. 192-bit result being 10/12 times
+# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences
+# are a tad smaller, because the above mentioned penalty biases all
+# results by same constant value. In similar way function call
+# overhead affects small-block performance, as well as OFB and CFB
+# results. Differences are not large, most common coefficients are
+# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one
+# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)...
+
+# January 2011
+#
+# While Westmere processor features 6 cycles latency for aes[enc|dec]
+# instructions, which can be scheduled every second cycle, Sandy
+# Bridge spends 8 cycles per instruction, but it can schedule them
+# every cycle. This means that code targeting Westmere would perform
+# suboptimally on Sandy Bridge. Therefore this update.
+#
+# In addition, non-parallelizable CBC encrypt (as well as CCM) is
+# optimized. Relative improvement might appear modest, 8% on Westmere,
+# but in absolute terms it's 3.77 cycles per byte encrypted with
+# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers
+# should be compared to asymptotic limits of 3.75 for Westmere and
+# 5.00 for Sandy Bridge. Actually, the fact that they get this close
+# to asymptotic limits is quite amazing. Indeed, the limit is
+# calculated as latency times number of rounds, 10 for 128-bit key,
+# and divided by 16, the number of bytes in block, or in other words
+# it accounts *solely* for aesenc instructions. But there are extra
+# instructions, and numbers so close to the asymptotic limits mean
+# that it's as if it takes as little as *one* additional cycle to
+# execute all of them. How is it possible? It is possible thanks to
+# out-of-order execution logic, which manages to overlap post-
+# processing of previous block, things like saving the output, with
+# actual encryption of current block, as well as pre-processing of
+# current block, things like fetching input and xor-ing it with
+# 0-round element of the key schedule, with actual encryption of
+# previous block. Keep this in mind...
+#
+# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher
+# performance is achieved by interleaving instructions working on
+# independent blocks. In which case asymptotic limit for such modes
+# can be obtained by dividing above mentioned numbers by AES
+# instructions' interleave factor. Westmere can execute at most 3 
+# instructions at a time, meaning that optimal interleave factor is 3,
+# and that's where the "magic" number of 1.25 come from. "Optimal
+# interleave factor" means that increase of interleave factor does
+# not improve performance. The formula has proven to reflect reality
+# pretty well on Westmere... Sandy Bridge on the other hand can
+# execute up to 8 AES instructions at a time, so how does varying
+# interleave factor affect the performance? Here is table for ECB
+# (numbers are cycles per byte processed with 128-bit key):
+#
+# instruction interleave factor		3x	6x	8x
+# theoretical asymptotic limit		1.67	0.83	0.625
+# measured performance for 8KB block	1.05	0.86	0.84
+#
+# "as if" interleave factor		4.7x	5.8x	6.0x
+#
+# Further data for other parallelizable modes:
+#
+# CBC decrypt				1.16	0.93	0.74
+# CTR					1.14	0.91	0.74
+#
+# Well, given 3x column it's probably inappropriate to call the limit
+# asymptotic, if it can be surpassed, isn't it? What happens there?
+# Rewind to CBC paragraph for the answer. Yes, out-of-order execution
+# magic is responsible for this. Processor overlaps not only the
+# additional instructions with AES ones, but even AES instuctions
+# processing adjacent triplets of independent blocks. In the 6x case
+# additional instructions  still claim disproportionally small amount
+# of additional cycles, but in 8x case number of instructions must be
+# a tad too high for out-of-order logic to cope with, and AES unit
+# remains underutilized... As you can see 8x interleave is hardly
+# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl
+# utilizies 6x interleave because of limited register bank capacity.
+#
+# Higher interleave factors do have negative impact on Westmere
+# performance. While for ECB mode it's negligible ~1.5%, other
+# parallelizables perform ~5% worse, which is outweighed by ~25%
+# improvement on Sandy Bridge. To balance regression on Westmere
+# CTR mode was implemented with 6x aesenc interleave factor.
+
+# April 2011
+#
+# Add aesni_xts_[en|de]crypt. Westmere spends 1.25 cycles processing
+# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.90. Just like
+# in CTR mode AES instruction interleave factor was chosen to be 6x.
+
+# November 2015
+#
+# Add aesni_ocb_[en|de]crypt. AES instruction interleave factor was
+# chosen to be 6x.
+
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS	ECB	OCB
+# Westmere	3.77/1.25	1.25	1.25	1.26
+# * Bridge	5.07/0.74	0.75	0.90	0.85	0.98
+# Haswell	4.44/0.63	0.63	0.73	0.63	0.70
+# Skylake	2.62/0.63	0.63	0.63	0.63
+# Silvermont	5.75/3.54	3.56	4.12	3.87(*)	4.11
+# Goldmont	3.82/1.26	1.26	1.29	1.29	1.50
+# Bulldozer	5.77/0.70	0.72	0.90	0.70	0.95
+#
+# (*)	Atom Silvermont ECB result is suboptimal because of penalties
+#	incurred by operations on %xmm8-15. As ECB is not considered
+#	critical, nothing was done to mitigate the problem.
+
+$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
+			# generates drop-in replacement for
+			# crypto/aes/asm/aes-x86_64.pl:-)
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
+@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+		("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+$code=".text\n";
+$code.=".extern	OPENSSL_ia32cap_P\n";
+
+$rounds="%eax";	# input to and changed by aesni_[en|de]cryptN !!!
+# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
+$inp="%rdi";
+$out="%rsi";
+$len="%rdx";
+$key="%rcx";	# input to and changed by aesni_[en|de]cryptN !!!
+$ivp="%r8";	# cbc, ctr, ...
+
+$rnds_="%r10d";	# backup copy for $rounds
+$key_="%r11";	# backup copy for $key
+
+# %xmm register layout
+$rndkey0="%xmm0";	$rndkey1="%xmm1";
+$inout0="%xmm2";	$inout1="%xmm3";
+$inout2="%xmm4";	$inout3="%xmm5";
+$inout4="%xmm6";	$inout5="%xmm7";
+$inout6="%xmm8";	$inout7="%xmm9";
+
+$in2="%xmm6";		$in1="%xmm7";	# used in CBC decrypt, CTR, ...
+$in0="%xmm8";		$iv="%xmm9";
+
+# Inline version of internal aesni_[en|de]crypt1.
+#
+# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
+# cycles which take care of loop variables...
+{ my $sn;
+sub aesni_generate1 {
+my ($p,$key,$rounds,$inout,$ivec)=@_;	$inout=$inout0 if (!defined($inout));
+++$sn;
+$code.=<<___;
+	$movkey	($key),$rndkey0
+	$movkey	16($key),$rndkey1
+___
+$code.=<<___ if (defined($ivec));
+	xorps	$rndkey0,$ivec
+	lea	32($key),$key
+	xorps	$ivec,$inout
+___
+$code.=<<___ if (!defined($ivec));
+	lea	32($key),$key
+	xorps	$rndkey0,$inout
+___
+$code.=<<___;
+.Loop_${p}1_$sn:
+	aes${p}	$rndkey1,$inout
+	dec	$rounds
+	$movkey	($key),$rndkey1
+	lea	16($key),$key
+	jnz	.Loop_${p}1_$sn	# loop body is 16 bytes
+	aes${p}last	$rndkey1,$inout
+___
+}}
+# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
+#
+{ my ($inp,$out,$key) = @_4args;
+
+$code.=<<___;
+.globl	${PREFIX}_encrypt
+.type	${PREFIX}_encrypt,\@abi-omnipotent
+.align	16
+${PREFIX}_encrypt:
+	movups	($inp),$inout0		# load input
+	mov	240($key),$rounds	# key->rounds
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($out)		# output
+	 pxor	$inout0,$inout0
+	ret
+.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl	${PREFIX}_decrypt
+.type	${PREFIX}_decrypt,\@abi-omnipotent
+.align	16
+${PREFIX}_decrypt:
+	movups	($inp),$inout0		# load input
+	mov	240($key),$rounds	# key->rounds
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($out)		# output
+	 pxor	$inout0,$inout0
+	ret
+.size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
+___
+}
+
+# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
+# factor. Why 3x subroutine were originally used in loops? Even though
+# aes[enc|dec] latency was originally 6, it could be scheduled only
+# every *2nd* cycle. Thus 3x interleave was the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it originally made no sense to implement 2x subroutine.
+# But times change and it became appropriate to spend extra 192 bytes
+# on 2x subroutine on Atom Silvermont account. For processors that
+# can schedule aes[enc|dec] every cycle optimal interleave factor
+# equals to corresponding instructions latency. 8x is optimal for
+# * Bridge and "super-optimal" for other Intel CPUs... 
+
+sub aesni_generate2 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-1] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt2,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt2:
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	add	\$16,%rax
+
+.L${dir}_loop2:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop2
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	ret
+.size	_aesni_${dir}rypt2,.-_aesni_${dir}rypt2
+___
+}
+sub aesni_generate3 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-2] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt3,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt3:
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	xorps	$rndkey0,$inout2
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	add	\$16,%rax
+
+.L${dir}_loop3:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop3
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	ret
+.size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
+___
+}
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-3] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt4,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt4:
+	$movkey	($key),$rndkey0
+	shl	\$4,$rounds
+	$movkey	16($key),$rndkey1
+	xorps	$rndkey0,$inout0
+	xorps	$rndkey0,$inout1
+	xorps	$rndkey0,$inout2
+	xorps	$rndkey0,$inout3
+	$movkey	32($key),$rndkey0
+	lea	32($key,$rounds),$key
+	neg	%rax				# $rounds
+	.byte	0x0f,0x1f,0x00
+	add	\$16,%rax
+
+.L${dir}_loop4:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop4
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	ret
+.size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
+___
+}
+sub aesni_generate6 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-5] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt6,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt6:
+	$movkey		($key),$rndkey0
+	shl		\$4,$rounds
+	$movkey		16($key),$rndkey1
+	xorps		$rndkey0,$inout0
+	pxor		$rndkey0,$inout1
+	pxor		$rndkey0,$inout2
+	aes${dir}	$rndkey1,$inout0
+	lea		32($key,$rounds),$key
+	neg		%rax			# $rounds
+	aes${dir}	$rndkey1,$inout1
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	aes${dir}	$rndkey1,$inout2
+	pxor		$rndkey0,$inout5
+	$movkey		($key,%rax),$rndkey0
+	add		\$16,%rax
+	jmp		.L${dir}_loop6_enter
+.align	16
+.L${dir}_loop6:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+.L${dir}_loop6_enter:
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	aes${dir}	$rndkey0,$inout4
+	aes${dir}	$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop6
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	aes${dir}last	$rndkey0,$inout4
+	aes${dir}last	$rndkey0,$inout5
+	ret
+.size	_aesni_${dir}rypt6,.-_aesni_${dir}rypt6
+___
+}
+sub aesni_generate8 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-7] is cipher/clear text...
+$code.=<<___;
+.type	_aesni_${dir}rypt8,\@abi-omnipotent
+.align	16
+_aesni_${dir}rypt8:
+	$movkey		($key),$rndkey0
+	shl		\$4,$rounds
+	$movkey		16($key),$rndkey1
+	xorps		$rndkey0,$inout0
+	xorps		$rndkey0,$inout1
+	pxor		$rndkey0,$inout2
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	lea		32($key,$rounds),$key
+	neg		%rax			# $rounds
+	aes${dir}	$rndkey1,$inout0
+	pxor		$rndkey0,$inout5
+	pxor		$rndkey0,$inout6
+	aes${dir}	$rndkey1,$inout1
+	pxor		$rndkey0,$inout7
+	$movkey		($key,%rax),$rndkey0
+	add		\$16,%rax
+	jmp		.L${dir}_loop8_inner
+.align	16
+.L${dir}_loop8:
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+.L${dir}_loop8_inner:
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}	$rndkey1,$inout6
+	aes${dir}	$rndkey1,$inout7
+.L${dir}_loop8_enter:
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+	aes${dir}	$rndkey0,$inout0
+	aes${dir}	$rndkey0,$inout1
+	aes${dir}	$rndkey0,$inout2
+	aes${dir}	$rndkey0,$inout3
+	aes${dir}	$rndkey0,$inout4
+	aes${dir}	$rndkey0,$inout5
+	aes${dir}	$rndkey0,$inout6
+	aes${dir}	$rndkey0,$inout7
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.L${dir}_loop8
+
+	aes${dir}	$rndkey1,$inout0
+	aes${dir}	$rndkey1,$inout1
+	aes${dir}	$rndkey1,$inout2
+	aes${dir}	$rndkey1,$inout3
+	aes${dir}	$rndkey1,$inout4
+	aes${dir}	$rndkey1,$inout5
+	aes${dir}	$rndkey1,$inout6
+	aes${dir}	$rndkey1,$inout7
+	aes${dir}last	$rndkey0,$inout0
+	aes${dir}last	$rndkey0,$inout1
+	aes${dir}last	$rndkey0,$inout2
+	aes${dir}last	$rndkey0,$inout3
+	aes${dir}last	$rndkey0,$inout4
+	aes${dir}last	$rndkey0,$inout5
+	aes${dir}last	$rndkey0,$inout6
+	aes${dir}last	$rndkey0,$inout7
+	ret
+.size	_aesni_${dir}rypt8,.-_aesni_${dir}rypt8
+___
+}
+&aesni_generate2("enc") if ($PREFIX eq "aesni");
+&aesni_generate2("dec");
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+&aesni_generate6("enc") if ($PREFIX eq "aesni");
+&aesni_generate6("dec");
+&aesni_generate8("enc") if ($PREFIX eq "aesni");
+&aesni_generate8("dec");
+
+if ($PREFIX eq "aesni") {
+########################################################################
+# void aesni_ecb_encrypt (const void *in, void *out,
+#			  size_t length, const AES_KEY *key,
+#			  int enc);
+$code.=<<___;
+.globl	aesni_ecb_encrypt
+.type	aesni_ecb_encrypt,\@function,5
+.align	16
+aesni_ecb_encrypt:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# offload $inout4..7
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
+	and	\$-16,$len		# if ($len<16)
+	jz	.Lecb_ret		# return
+
+	mov	240($key),$rounds	# key->rounds
+	$movkey	($key),$rndkey0
+	mov	$key,$key_		# backup $key
+	mov	$rounds,$rnds_		# backup $rounds
+	test	%r8d,%r8d		# 5th argument
+	jz	.Lecb_decrypt
+#--------------------------- ECB ENCRYPT ------------------------------#
+	cmp	\$0x80,$len		# if ($len<8*16)
+	jb	.Lecb_enc_tail		# short input
+
+	movdqu	($inp),$inout0		# load 8 input blocks
+	movdqu	0x10($inp),$inout1
+	movdqu	0x20($inp),$inout2
+	movdqu	0x30($inp),$inout3
+	movdqu	0x40($inp),$inout4
+	movdqu	0x50($inp),$inout5
+	movdqu	0x60($inp),$inout6
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+	sub	\$0x80,$len		# $len-=8*16 (can be zero)
+	jmp	.Lecb_enc_loop8_enter
+.align 16
+.Lecb_enc_loop8:
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movdqu	($inp),$inout0		# load 8 input blocks
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout1,0x10($out)
+	movdqu	0x10($inp),$inout1
+	movups	$inout2,0x20($out)
+	movdqu	0x20($inp),$inout2
+	movups	$inout3,0x30($out)
+	movdqu	0x30($inp),$inout3
+	movups	$inout4,0x40($out)
+	movdqu	0x40($inp),$inout4
+	movups	$inout5,0x50($out)
+	movdqu	0x50($inp),$inout5
+	movups	$inout6,0x60($out)
+	movdqu	0x60($inp),$inout6
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+.Lecb_enc_loop8_enter:
+
+	call	_aesni_encrypt8
+
+	sub	\$0x80,$len
+	jnc	.Lecb_enc_loop8		# loop if $len-=8*16 didn't borrow
+
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movups	$inout1,0x10($out)
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	movups	$inout6,0x60($out)
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	add	\$0x80,$len		# restore real remaining $len
+	jz	.Lecb_ret		# done if ($len==0)
+
+.Lecb_enc_tail:				# $len is less than 8*16
+	movups	($inp),$inout0
+	cmp	\$0x20,$len
+	jb	.Lecb_enc_one
+	movups	0x10($inp),$inout1
+	je	.Lecb_enc_two
+	movups	0x20($inp),$inout2
+	cmp	\$0x40,$len
+	jb	.Lecb_enc_three
+	movups	0x30($inp),$inout3
+	je	.Lecb_enc_four
+	movups	0x40($inp),$inout4
+	cmp	\$0x60,$len
+	jb	.Lecb_enc_five
+	movups	0x50($inp),$inout5
+	je	.Lecb_enc_six
+	movdqu	0x60($inp),$inout6
+	xorps	$inout7,$inout7
+	call	_aesni_encrypt8
+	movups	$inout0,($out)		# store 7 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	movups	$inout6,0x60($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_one:
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	movups	$inout0,($out)		# store one output block
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_two:
+	call	_aesni_encrypt2
+	movups	$inout0,($out)		# store 2 output blocks
+	movups	$inout1,0x10($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_three:
+	call	_aesni_encrypt3
+	movups	$inout0,($out)		# store 3 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_four:
+	call	_aesni_encrypt4
+	movups	$inout0,($out)		# store 4 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_five:
+	xorps	$inout5,$inout5
+	call	_aesni_encrypt6
+	movups	$inout0,($out)		# store 5 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_six:
+	call	_aesni_encrypt6
+	movups	$inout0,($out)		# store 6 output blocks
+	movups	$inout1,0x10($out)
+	movups	$inout2,0x20($out)
+	movups	$inout3,0x30($out)
+	movups	$inout4,0x40($out)
+	movups	$inout5,0x50($out)
+	jmp	.Lecb_ret
+#--------------------------- ECB DECRYPT ------------------------------#
+.align	16
+.Lecb_decrypt:
+	cmp	\$0x80,$len		# if ($len<8*16)
+	jb	.Lecb_dec_tail		# short input
+
+	movdqu	($inp),$inout0		# load 8 input blocks
+	movdqu	0x10($inp),$inout1
+	movdqu	0x20($inp),$inout2
+	movdqu	0x30($inp),$inout3
+	movdqu	0x40($inp),$inout4
+	movdqu	0x50($inp),$inout5
+	movdqu	0x60($inp),$inout6
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+	sub	\$0x80,$len		# $len-=8*16 (can be zero)
+	jmp	.Lecb_dec_loop8_enter
+.align 16
+.Lecb_dec_loop8:
+	movups	$inout0,($out)		# store 8 output blocks
+	mov	$key_,$key		# restore $key
+	movdqu	($inp),$inout0		# load 8 input blocks
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout1,0x10($out)
+	movdqu	0x10($inp),$inout1
+	movups	$inout2,0x20($out)
+	movdqu	0x20($inp),$inout2
+	movups	$inout3,0x30($out)
+	movdqu	0x30($inp),$inout3
+	movups	$inout4,0x40($out)
+	movdqu	0x40($inp),$inout4
+	movups	$inout5,0x50($out)
+	movdqu	0x50($inp),$inout5
+	movups	$inout6,0x60($out)
+	movdqu	0x60($inp),$inout6
+	movups	$inout7,0x70($out)
+	lea	0x80($out),$out		# $out+=8*16
+	movdqu	0x70($inp),$inout7
+	lea	0x80($inp),$inp		# $inp+=8*16
+.Lecb_dec_loop8_enter:
+
+	call	_aesni_decrypt8
+
+	$movkey	($key_),$rndkey0
+	sub	\$0x80,$len
+	jnc	.Lecb_dec_loop8		# loop if $len-=8*16 didn't borrow
+
+	movups	$inout0,($out)		# store 8 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	mov	$key_,$key		# restore $key
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	mov	$rnds_,$rounds		# restore $rounds
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	movups	$inout6,0x60($out)
+	 pxor	$inout6,$inout6
+	movups	$inout7,0x70($out)
+	 pxor	$inout7,$inout7
+	lea	0x80($out),$out		# $out+=8*16
+	add	\$0x80,$len		# restore real remaining $len
+	jz	.Lecb_ret		# done if ($len==0)
+
+.Lecb_dec_tail:
+	movups	($inp),$inout0
+	cmp	\$0x20,$len
+	jb	.Lecb_dec_one
+	movups	0x10($inp),$inout1
+	je	.Lecb_dec_two
+	movups	0x20($inp),$inout2
+	cmp	\$0x40,$len
+	jb	.Lecb_dec_three
+	movups	0x30($inp),$inout3
+	je	.Lecb_dec_four
+	movups	0x40($inp),$inout4
+	cmp	\$0x60,$len
+	jb	.Lecb_dec_five
+	movups	0x50($inp),$inout5
+	je	.Lecb_dec_six
+	movups	0x60($inp),$inout6
+	$movkey	($key),$rndkey0
+	xorps	$inout7,$inout7
+	call	_aesni_decrypt8
+	movups	$inout0,($out)		# store 7 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	movups	$inout6,0x60($out)
+	 pxor	$inout6,$inout6
+	 pxor	$inout7,$inout7
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_one:
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	movups	$inout0,($out)		# store one output block
+	 pxor	$inout0,$inout0		# clear register bank
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_two:
+	call	_aesni_decrypt2
+	movups	$inout0,($out)		# store 2 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_three:
+	call	_aesni_decrypt3
+	movups	$inout0,($out)		# store 3 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_four:
+	call	_aesni_decrypt4
+	movups	$inout0,($out)		# store 4 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_five:
+	xorps	$inout5,$inout5
+	call	_aesni_decrypt6
+	movups	$inout0,($out)		# store 5 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	 pxor	$inout5,$inout5
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_six:
+	call	_aesni_decrypt6
+	movups	$inout0,($out)		# store 6 output blocks
+	 pxor	$inout0,$inout0		# clear register bank
+	movups	$inout1,0x10($out)
+	 pxor	$inout1,$inout1
+	movups	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movups	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	movups	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	movups	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+
+.Lecb_ret:
+	xorps	$rndkey0,$rndkey0	# %xmm0
+	pxor	$rndkey1,$rndkey1
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lecb_enc_ret:
+___
+$code.=<<___;
+	ret
+.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
+___
+
+{
+######################################################################
+# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec,char *cmac);
+#
+# Handles only complete blocks, operates on 64-bit counter and
+# does not update *ivec! Nor does it finalize CMAC value
+# (see engine/eng_aesni.c for details)
+#
+{
+my $cmac="%r9";	# 6th argument
+
+my $increment="%xmm9";
+my $iv="%xmm6";
+my $bswap_mask="%xmm7";
+
+$code.=<<___;
+.globl	aesni_ccm64_encrypt_blocks
+.type	aesni_ccm64_encrypt_blocks,\@function,6
+.align	16
+aesni_ccm64_encrypt_blocks:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# $iv
+	movaps	%xmm7,0x10(%rsp)	# $bswap_mask
+	movaps	%xmm8,0x20(%rsp)	# $in0
+	movaps	%xmm9,0x30(%rsp)	# $increment
+.Lccm64_enc_body:
+___
+$code.=<<___;
+	mov	240($key),$rounds		# key->rounds
+	movdqu	($ivp),$iv
+	movdqa	.Lincrement64(%rip),$increment
+	movdqa	.Lbswap_mask(%rip),$bswap_mask
+
+	shl	\$4,$rounds
+	mov	\$16,$rnds_
+	lea	0($key),$key_
+	movdqu	($cmac),$inout1
+	movdqa	$iv,$inout0
+	lea	32($key,$rounds),$key		# end of key schedule
+	pshufb	$bswap_mask,$iv
+	sub	%rax,%r10			# twisted $rounds
+	jmp	.Lccm64_enc_outer
+.align	16
+.Lccm64_enc_outer:
+	$movkey	($key_),$rndkey0
+	mov	%r10,%rax
+	movups	($inp),$in0			# load inp
+
+	xorps	$rndkey0,$inout0		# counter
+	$movkey	16($key_),$rndkey1
+	xorps	$in0,$rndkey0
+	xorps	$rndkey0,$inout1		# cmac^=inp
+	$movkey	32($key_),$rndkey0
+
+.Lccm64_enc2_loop:
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	$movkey	($key,%rax),$rndkey1
+	add	\$32,%rax
+	aesenc	$rndkey0,$inout0
+	aesenc	$rndkey0,$inout1
+	$movkey	-16($key,%rax),$rndkey0
+	jnz	.Lccm64_enc2_loop
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	paddq	$increment,$iv
+	dec	$len				# $len-- ($len is in blocks)
+	aesenclast	$rndkey0,$inout0
+	aesenclast	$rndkey0,$inout1
+
+	lea	16($inp),$inp
+	xorps	$inout0,$in0			# inp ^= E(iv)
+	movdqa	$iv,$inout0
+	movups	$in0,($out)			# save output
+	pshufb	$bswap_mask,$inout0
+	lea	16($out),$out			# $out+=16
+	jnz	.Lccm64_enc_outer		# loop if ($len!=0)
+
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	 pxor	$inout0,$inout0
+	movups	$inout1,($cmac)			# store resulting mac
+	 pxor	$inout1,$inout1
+	 pxor	$in0,$in0
+	 pxor	$iv,$iv
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)			# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lccm64_enc_ret:
+___
+$code.=<<___;
+	ret
+.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
+___
+######################################################################
+$code.=<<___;
+.globl	aesni_ccm64_decrypt_blocks
+.type	aesni_ccm64_decrypt_blocks,\@function,6
+.align	16
+aesni_ccm64_decrypt_blocks:
+___
+$code.=<<___ if ($win64);
+	lea	-0x58(%rsp),%rsp
+	movaps	%xmm6,(%rsp)		# $iv
+	movaps	%xmm7,0x10(%rsp)	# $bswap_mask
+	movaps	%xmm8,0x20(%rsp)	# $in8
+	movaps	%xmm9,0x30(%rsp)	# $increment
+.Lccm64_dec_body:
+___
+$code.=<<___;
+	mov	240($key),$rounds		# key->rounds
+	movups	($ivp),$iv
+	movdqu	($cmac),$inout1
+	movdqa	.Lincrement64(%rip),$increment
+	movdqa	.Lbswap_mask(%rip),$bswap_mask
+
+	movaps	$iv,$inout0
+	mov	$rounds,$rnds_
+	mov	$key,$key_
+	pshufb	$bswap_mask,$iv
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	shl	\$4,$rnds_
+	mov	\$16,$rounds
+	movups	($inp),$in0			# load inp
+	paddq	$increment,$iv
+	lea	16($inp),$inp			# $inp+=16
+	sub	%r10,%rax			# twisted $rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	mov	%rax,%r10
+	jmp	.Lccm64_dec_outer
+.align	16
+.Lccm64_dec_outer:
+	xorps	$inout0,$in0			# inp ^= E(iv)
+	movdqa	$iv,$inout0
+	movups	$in0,($out)			# save output
+	lea	16($out),$out			# $out+=16
+	pshufb	$bswap_mask,$inout0
+
+	sub	\$1,$len			# $len-- ($len is in blocks)
+	jz	.Lccm64_dec_break		# if ($len==0) break
+
+	$movkey	($key_),$rndkey0
+	mov	%r10,%rax
+	$movkey	16($key_),$rndkey1
+	xorps	$rndkey0,$in0
+	xorps	$rndkey0,$inout0
+	xorps	$in0,$inout1			# cmac^=out
+	$movkey	32($key_),$rndkey0
+	jmp	.Lccm64_dec2_loop
+.align	16
+.Lccm64_dec2_loop:
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	$movkey	($key,%rax),$rndkey1
+	add	\$32,%rax
+	aesenc	$rndkey0,$inout0
+	aesenc	$rndkey0,$inout1
+	$movkey	-16($key,%rax),$rndkey0
+	jnz	.Lccm64_dec2_loop
+	movups	($inp),$in0			# load input
+	paddq	$increment,$iv
+	aesenc	$rndkey1,$inout0
+	aesenc	$rndkey1,$inout1
+	aesenclast	$rndkey0,$inout0
+	aesenclast	$rndkey0,$inout1
+	lea	16($inp),$inp			# $inp+=16
+	jmp	.Lccm64_dec_outer
+
+.align	16
+.Lccm64_dec_break:
+	#xorps	$in0,$inout1			# cmac^=out
+	mov	240($key_),$rounds
+___
+	&aesni_generate1("enc",$key_,$rounds,$inout1,$in0);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	 pxor	$inout0,$inout0
+	movups	$inout1,($cmac)			# store resulting mac
+	 pxor	$inout1,$inout1
+	 pxor	$in0,$in0
+	 pxor	$iv,$iv
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	%xmm0,(%rsp)			# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	lea	0x58(%rsp),%rsp
+.Lccm64_dec_ret:
+___
+$code.=<<___;
+	ret
+.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
+___
+}
+######################################################################
+# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
+#                         size_t blocks, const AES_KEY *key,
+#                         const char *ivec);
+#
+# Handles only complete blocks, operates on 32-bit counter and
+# does not update *ivec! (see crypto/modes/ctr128.c for details)
+#
+# Overhaul based on suggestions from Shay Gueron and Vlad Krasnov,
+# http://rt.openssl.org/Ticket/Display.html?id=3021&user=guest&pass=guest.
+# Keywords are full unroll and modulo-schedule counter calculations
+# with zero-round key xor.
+{
+my ($in0,$in1,$in2,$in3,$in4,$in5)=map("%xmm$_",(10..15));
+my ($key0,$ctr)=("${key_}d","${ivp}d");
+my $frame_size = 0x80 + ($win64?160:0);
+
+$code.=<<___;
+.globl	aesni_ctr32_encrypt_blocks
+.type	aesni_ctr32_encrypt_blocks,\@function,5
+.align	16
+aesni_ctr32_encrypt_blocks:
+	cmp	\$1,$len
+	jne	.Lctr32_bulk
+
+	# handle single block without allocating stack frame,
+	# useful when handling edges
+	movups	($ivp),$inout0
+	movups	($inp),$inout1
+	mov	240($key),%edx			# key->rounds
+___
+	&aesni_generate1("enc",$key,"%edx");
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0		# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	xorps	$inout1,$inout0
+	 pxor	$inout1,$inout1
+	movups	$inout0,($out)
+	 xorps	$inout0,$inout0
+	jmp	.Lctr32_epilogue
+
+.align	16
+.Lctr32_bulk:
+	lea	(%rsp),%rax
+	push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8(%rax)		# offload everything
+	movaps	%xmm7,-0x98(%rax)
+	movaps	%xmm8,-0x88(%rax)
+	movaps	%xmm9,-0x78(%rax)
+	movaps	%xmm10,-0x68(%rax)
+	movaps	%xmm11,-0x58(%rax)
+	movaps	%xmm12,-0x48(%rax)
+	movaps	%xmm13,-0x38(%rax)
+	movaps	%xmm14,-0x28(%rax)
+	movaps	%xmm15,-0x18(%rax)
+.Lctr32_body:
+___
+$code.=<<___;
+	lea	-8(%rax),%rbp
+
+	# 8 16-byte words on top of stack are counter values
+	# xor-ed with zero-round key
+
+	movdqu	($ivp),$inout0
+	movdqu	($key),$rndkey0
+	mov	12($ivp),$ctr			# counter LSB
+	pxor	$rndkey0,$inout0
+	mov	12($key),$key0			# 0-round key LSB
+	movdqa	$inout0,0x00(%rsp)		# populate counter block
+	bswap	$ctr
+	movdqa	$inout0,$inout1
+	movdqa	$inout0,$inout2
+	movdqa	$inout0,$inout3
+	movdqa	$inout0,0x40(%rsp)
+	movdqa	$inout0,0x50(%rsp)
+	movdqa	$inout0,0x60(%rsp)
+	mov	%rdx,%r10			# about to borrow %rdx
+	movdqa	$inout0,0x70(%rsp)
+
+	lea	1($ctr),%rax
+	 lea	2($ctr),%rdx
+	bswap	%eax
+	 bswap	%edx
+	xor	$key0,%eax
+	 xor	$key0,%edx
+	pinsrd	\$3,%eax,$inout1
+	lea	3($ctr),%rax
+	movdqa	$inout1,0x10(%rsp)
+	 pinsrd	\$3,%edx,$inout2
+	bswap	%eax
+	 mov	%r10,%rdx			# restore %rdx
+	 lea	4($ctr),%r10
+	 movdqa	$inout2,0x20(%rsp)
+	xor	$key0,%eax
+	 bswap	%r10d
+	pinsrd	\$3,%eax,$inout3
+	 xor	$key0,%r10d
+	movdqa	$inout3,0x30(%rsp)
+	lea	5($ctr),%r9
+	 mov	%r10d,0x40+12(%rsp)
+	bswap	%r9d
+	 lea	6($ctr),%r10
+	mov	240($key),$rounds		# key->rounds
+	xor	$key0,%r9d
+	 bswap	%r10d
+	mov	%r9d,0x50+12(%rsp)
+	 xor	$key0,%r10d
+	lea	7($ctr),%r9
+	 mov	%r10d,0x60+12(%rsp)
+	bswap	%r9d
+	 mov	OPENSSL_ia32cap_P+4(%rip),%r10d 
+	xor	$key0,%r9d
+	 and	\$`1<<26|1<<22`,%r10d		# isolate XSAVE+MOVBE
+	mov	%r9d,0x70+12(%rsp)
+
+	$movkey	0x10($key),$rndkey1
+
+	movdqa	0x40(%rsp),$inout4
+	movdqa	0x50(%rsp),$inout5
+
+	cmp	\$8,$len		# $len is in blocks
+	jb	.Lctr32_tail		# short input if ($len<8)
+
+	sub	\$6,$len		# $len is biased by -6
+	cmp	\$`1<<22`,%r10d		# check for MOVBE without XSAVE
+	je	.Lctr32_6x		# [which denotes Atom Silvermont]
+
+	lea	0x80($key),$key		# size optimization
+	sub	\$2,$len		# $len is biased by -8
+	jmp	.Lctr32_loop8
+
+.align	16
+.Lctr32_6x:
+	shl	\$4,$rounds
+	mov	\$48,$rnds_
+	bswap	$key0
+	lea	32($key,$rounds),$key	# end of key schedule
+	sub	%rax,%r10		# twisted $rounds
+	jmp	.Lctr32_loop6
+
+.align	16
+.Lctr32_loop6:
+	 add	\$6,$ctr		# next counter value
+	$movkey	-48($key,$rnds_),$rndkey0
+	aesenc	$rndkey1,$inout0
+	 mov	$ctr,%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey1,$inout1
+	 movbe	%eax,`0x00+12`(%rsp)	# store next counter value
+	 lea	1($ctr),%eax
+	aesenc	$rndkey1,$inout2
+	 xor	$key0,%eax
+	 movbe	%eax,`0x10+12`(%rsp)
+	aesenc	$rndkey1,$inout3
+	 lea	2($ctr),%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey1,$inout4
+	 movbe	%eax,`0x20+12`(%rsp)
+	 lea	3($ctr),%eax
+	aesenc	$rndkey1,$inout5
+	$movkey	-32($key,$rnds_),$rndkey1
+	 xor	$key0,%eax
+
+	aesenc	$rndkey0,$inout0
+	 movbe	%eax,`0x30+12`(%rsp)
+	 lea	4($ctr),%eax
+	aesenc	$rndkey0,$inout1
+	 xor	$key0,%eax
+	 movbe	%eax,`0x40+12`(%rsp)
+	aesenc	$rndkey0,$inout2
+	 lea	5($ctr),%eax
+	 xor	$key0,%eax
+	aesenc	$rndkey0,$inout3
+	 movbe	%eax,`0x50+12`(%rsp)
+	 mov	%r10,%rax		# mov	$rnds_,$rounds
+	aesenc	$rndkey0,$inout4
+	aesenc	$rndkey0,$inout5
+	$movkey	-16($key,$rnds_),$rndkey0
+
+	call	.Lenc_loop6
+
+	movdqu	($inp),$inout6		# load 6 input blocks
+	movdqu	0x10($inp),$inout7
+	movdqu	0x20($inp),$in0
+	movdqu	0x30($inp),$in1
+	movdqu	0x40($inp),$in2
+	movdqu	0x50($inp),$in3
+	lea	0x60($inp),$inp		# $inp+=6*16
+	$movkey	-64($key,$rnds_),$rndkey1
+	pxor	$inout0,$inout6		# inp^=E(ctr)
+	movaps	0x00(%rsp),$inout0	# load next counter [xor-ed with 0 round]
+	pxor	$inout1,$inout7
+	movaps	0x10(%rsp),$inout1
+	pxor	$inout2,$in0
+	movaps	0x20(%rsp),$inout2
+	pxor	$inout3,$in1
+	movaps	0x30(%rsp),$inout3
+	pxor	$inout4,$in2
+	movaps	0x40(%rsp),$inout4
+	pxor	$inout5,$in3
+	movaps	0x50(%rsp),$inout5
+	movdqu	$inout6,($out)		# store 6 output blocks
+	movdqu	$inout7,0x10($out)
+	movdqu	$in0,0x20($out)
+	movdqu	$in1,0x30($out)
+	movdqu	$in2,0x40($out)
+	movdqu	$in3,0x50($out)
+	lea	0x60($out),$out		# $out+=6*16
+
+	sub	\$6,$len
+	jnc	.Lctr32_loop6		# loop if $len-=6 didn't borrow
+
+	add	\$6,$len		# restore real remaining $len
+	jz	.Lctr32_done		# done if ($len==0)
+
+	lea	-48($rnds_),$rounds
+	lea	-80($key,$rnds_),$key	# restore $key
+	neg	$rounds
+	shr	\$4,$rounds		# restore $rounds
+	jmp	.Lctr32_tail
+
+.align	32
+.Lctr32_loop8:
+	 add		\$8,$ctr		# next counter value
+	movdqa		0x60(%rsp),$inout6
+	aesenc		$rndkey1,$inout0
+	 mov		$ctr,%r9d
+	movdqa		0x70(%rsp),$inout7
+	aesenc		$rndkey1,$inout1
+	 bswap		%r9d
+	$movkey		0x20-0x80($key),$rndkey0
+	aesenc		$rndkey1,$inout2
+	 xor		$key0,%r9d
+	 nop
+	aesenc		$rndkey1,$inout3
+	 mov		%r9d,0x00+12(%rsp)	# store next counter value
+	 lea		1($ctr),%r9
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0x30-0x80($key),$rndkey1
+___
+for($i=2;$i<8;$i++) {
+my $rndkeyx = ($i&1)?$rndkey1:$rndkey0;
+$code.=<<___;
+	 bswap		%r9d
+	aesenc		$rndkeyx,$inout0
+	aesenc		$rndkeyx,$inout1
+	 xor		$key0,%r9d
+	 .byte		0x66,0x90
+	aesenc		$rndkeyx,$inout2
+	aesenc		$rndkeyx,$inout3
+	 mov		%r9d,`0x10*($i-1)`+12(%rsp)
+	 lea		$i($ctr),%r9
+	aesenc		$rndkeyx,$inout4
+	aesenc		$rndkeyx,$inout5
+	aesenc		$rndkeyx,$inout6
+	aesenc		$rndkeyx,$inout7
+	$movkey		`0x20+0x10*$i`-0x80($key),$rndkeyx
+___
+}
+$code.=<<___;
+	 bswap		%r9d
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	 xor		$key0,%r9d
+	 movdqu		0x00($inp),$in0		# start loading input
+	aesenc		$rndkey0,$inout3
+	 mov		%r9d,0x70+12(%rsp)
+	 cmp		\$11,$rounds
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xa0-0x80($key),$rndkey0
+
+	jb		.Lctr32_enc_done
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0xb0-0x80($key),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xc0-0x80($key),$rndkey0
+	je		.Lctr32_enc_done
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	$movkey		0xd0-0x80($key),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	aesenc		$rndkey0,$inout6
+	aesenc		$rndkey0,$inout7
+	$movkey		0xe0-0x80($key),$rndkey0
+	jmp		.Lctr32_enc_done
+
+.align	16
+.Lctr32_enc_done:
+	movdqu		0x10($inp),$in1
+	pxor		$rndkey0,$in0		# input^=round[last]
+	movdqu		0x20($inp),$in2
+	pxor		$rndkey0,$in1
+	movdqu		0x30($inp),$in3
+	pxor		$rndkey0,$in2
+	movdqu		0x40($inp),$in4
+	pxor		$rndkey0,$in3
+	movdqu		0x50($inp),$in5
+	pxor		$rndkey0,$in4
+	pxor		$rndkey0,$in5
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+	aesenc		$rndkey1,$inout7
+	movdqu		0x60($inp),$rndkey1	# borrow $rndkey1 for inp[6]
+	lea		0x80($inp),$inp		# $inp+=8*16
+
+	aesenclast	$in0,$inout0		# $inN is inp[N]^round[last]
+	pxor		$rndkey0,$rndkey1	# borrowed $rndkey
+	movdqu		0x70-0x80($inp),$in0
+	aesenclast	$in1,$inout1
+	pxor		$rndkey0,$in0
+	movdqa		0x00(%rsp),$in1		# load next counter block
+	aesenclast	$in2,$inout2
+	aesenclast	$in3,$inout3
+	movdqa		0x10(%rsp),$in2
+	movdqa		0x20(%rsp),$in3
+	aesenclast	$in4,$inout4
+	aesenclast	$in5,$inout5
+	movdqa		0x30(%rsp),$in4
+	movdqa		0x40(%rsp),$in5
+	aesenclast	$rndkey1,$inout6
+	movdqa		0x50(%rsp),$rndkey0
+	$movkey		0x10-0x80($key),$rndkey1#real 1st-round key
+	aesenclast	$in0,$inout7
+
+	movups		$inout0,($out)		# store 8 output blocks
+	movdqa		$in1,$inout0
+	movups		$inout1,0x10($out)
+	movdqa		$in2,$inout1
+	movups		$inout2,0x20($out)
+	movdqa		$in3,$inout2
+	movups		$inout3,0x30($out)
+	movdqa		$in4,$inout3
+	movups		$inout4,0x40($out)
+	movdqa		$in5,$inout4
+	movups		$inout5,0x50($out)
+	movdqa		$rndkey0,$inout5
+	movups		$inout6,0x60($out)
+	movups		$inout7,0x70($out)
+	lea		0x80($out),$out		# $out+=8*16
+
+	sub	\$8,$len
+	jnc	.Lctr32_loop8			# loop if $len-=8 didn't borrow
+
+	add	\$8,$len			# restore real remainig $len
+	jz	.Lctr32_done			# done if ($len==0)
+	lea	-0x80($key),$key
+
+.Lctr32_tail:
+	# note that at this point $inout0..5 are populated with
+	# counter values xor-ed with 0-round key 
+	lea	16($key),$key
+	cmp	\$4,$len
+	jb	.Lctr32_loop3
+	je	.Lctr32_loop4
+
+	# if ($len>4) compute 7 E(counter)
+	shl		\$4,$rounds
+	movdqa		0x60(%rsp),$inout6
+	pxor		$inout7,$inout7
+
+	$movkey		16($key),$rndkey0
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	lea		32-16($key,$rounds),$key# prepare for .Lenc_loop8_enter
+	neg		%rax
+	aesenc		$rndkey1,$inout2
+	add		\$16,%rax		# prepare for .Lenc_loop8_enter
+	 movups		($inp),$in0
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	 movups		0x10($inp),$in1		# pre-load input
+	 movups		0x20($inp),$in2
+	aesenc		$rndkey1,$inout5
+	aesenc		$rndkey1,$inout6
+
+	call            .Lenc_loop8_enter
+
+	movdqu	0x30($inp),$in3
+	pxor	$in0,$inout0
+	movdqu	0x40($inp),$in0
+	pxor	$in1,$inout1
+	movdqu	$inout0,($out)			# store output
+	pxor	$in2,$inout2
+	movdqu	$inout1,0x10($out)
+	pxor	$in3,$inout3
+	movdqu	$inout2,0x20($out)
+	pxor	$in0,$inout4
+	movdqu	$inout3,0x30($out)
+	movdqu	$inout4,0x40($out)
+	cmp	\$6,$len
+	jb	.Lctr32_done			# $len was 5, stop store
+
+	movups	0x50($inp),$in1
+	xorps	$in1,$inout5
+	movups	$inout5,0x50($out)
+	je	.Lctr32_done			# $len was 6, stop store
+
+	movups	0x60($inp),$in2
+	xorps	$in2,$inout6
+	movups	$inout6,0x60($out)
+	jmp	.Lctr32_done			# $len was 7, stop store
+
+.align	32
+.Lctr32_loop4:
+	aesenc		$rndkey1,$inout0
+	lea		16($key),$key
+	dec		$rounds
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		($key),$rndkey1
+	jnz		.Lctr32_loop4
+	aesenclast	$rndkey1,$inout0
+	aesenclast	$rndkey1,$inout1
+	 movups		($inp),$in0		# load input
+	 movups		0x10($inp),$in1
+	aesenclast	$rndkey1,$inout2
+	aesenclast	$rndkey1,$inout3
+	 movups		0x20($inp),$in2
+	 movups		0x30($inp),$in3
+
+	xorps	$in0,$inout0
+	movups	$inout0,($out)			# store output
+	xorps	$in1,$inout1
+	movups	$inout1,0x10($out)
+	pxor	$in2,$inout2
+	movdqu	$inout2,0x20($out)
+	pxor	$in3,$inout3
+	movdqu	$inout3,0x30($out)
+	jmp	.Lctr32_done			# $len was 4, stop store
+
+.align	32
+.Lctr32_loop3:
+	aesenc		$rndkey1,$inout0
+	lea		16($key),$key
+	dec		$rounds
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	$movkey		($key),$rndkey1
+	jnz		.Lctr32_loop3
+	aesenclast	$rndkey1,$inout0
+	aesenclast	$rndkey1,$inout1
+	aesenclast	$rndkey1,$inout2
+
+	movups	($inp),$in0			# load input
+	xorps	$in0,$inout0
+	movups	$inout0,($out)			# store output
+	cmp	\$2,$len
+	jb	.Lctr32_done			# $len was 1, stop store
+
+	movups	0x10($inp),$in1
+	xorps	$in1,$inout1
+	movups	$inout1,0x10($out)
+	je	.Lctr32_done			# $len was 2, stop store
+
+	movups	0x20($inp),$in2
+	xorps	$in2,$inout2
+	movups	$inout2,0x20($out)		# $len was 3, stop store
+
+.Lctr32_done:
+	xorps	%xmm0,%xmm0			# clear regiser bank
+	xor	$key0,$key0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	movaps	%xmm0,0x70(%rsp)
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa0(%rbp),%xmm6
+	movaps	%xmm0,-0xa0(%rbp)		# clear stack
+	movaps	-0x90(%rbp),%xmm7
+	movaps	%xmm0,-0x90(%rbp)
+	movaps	-0x80(%rbp),%xmm8
+	movaps	%xmm0,-0x80(%rbp)
+	movaps	-0x70(%rbp),%xmm9
+	movaps	%xmm0,-0x70(%rbp)
+	movaps	-0x60(%rbp),%xmm10
+	movaps	%xmm0,-0x60(%rbp)
+	movaps	-0x50(%rbp),%xmm11
+	movaps	%xmm0,-0x50(%rbp)
+	movaps	-0x40(%rbp),%xmm12
+	movaps	%xmm0,-0x40(%rbp)
+	movaps	-0x30(%rbp),%xmm13
+	movaps	%xmm0,-0x30(%rbp)
+	movaps	-0x20(%rbp),%xmm14
+	movaps	%xmm0,-0x20(%rbp)
+	movaps	-0x10(%rbp),%xmm15
+	movaps	%xmm0,-0x10(%rbp)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+	movaps	%xmm0,0x70(%rsp)
+___
+$code.=<<___;
+	lea	(%rbp),%rsp
+	pop	%rbp
+.Lctr32_epilogue:
+	ret
+.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
+___
+}
+
+######################################################################
+# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2
+#	const unsigned char iv[16]);
+#
+{
+my @tweak=map("%xmm$_",(10..15));
+my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]);
+my ($key2,$ivp,$len_)=("%r8","%r9","%r9");
+my $frame_size = 0x70 + ($win64?160:0);
+
+$code.=<<___;
+.globl	aesni_xts_encrypt
+.type	aesni_xts_encrypt,\@function,6
+.align	16
+aesni_xts_encrypt:
+	lea	(%rsp),%rax
+	push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8(%rax)		# offload everything
+	movaps	%xmm7,-0x98(%rax)
+	movaps	%xmm8,-0x88(%rax)
+	movaps	%xmm9,-0x78(%rax)
+	movaps	%xmm10,-0x68(%rax)
+	movaps	%xmm11,-0x58(%rax)
+	movaps	%xmm12,-0x48(%rax)
+	movaps	%xmm13,-0x38(%rax)
+	movaps	%xmm14,-0x28(%rax)
+	movaps	%xmm15,-0x18(%rax)
+.Lxts_enc_body:
+___
+$code.=<<___;
+	lea	-8(%rax),%rbp
+	movups	($ivp),$inout0			# load clear-text tweak
+	mov	240(%r8),$rounds		# key2->rounds
+	mov	240($key),$rnds_		# key1->rounds
+___
+	# generate the tweak
+	&aesni_generate1("enc",$key2,$rounds,$inout0);
+$code.=<<___;
+	$movkey	($key),$rndkey0			# zero round key
+	mov	$key,$key_			# backup $key
+	mov	$rnds_,$rounds			# backup $rounds
+	shl	\$4,$rnds_
+	mov	$len,$len_			# backup $len
+	and	\$-16,$len
+
+	$movkey	16($key,$rnds_),$rndkey1	# last round key
+
+	movdqa	.Lxts_magic(%rip),$twmask
+	movdqa	$inout0,@tweak[5]
+	pshufd	\$0x5f,$inout0,$twres
+	pxor	$rndkey0,$rndkey1
+___
+    # alternative tweak calculation algorithm is based on suggestions
+    # by Shay Gueron. psrad doesn't conflict with AES-NI instructions
+    # and should help in the future...
+    for ($i=0;$i<4;$i++) {
+    $code.=<<___;
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	movdqa	@tweak[5],@tweak[$i]
+	psrad	\$31,$twtmp			# broadcast upper bits
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	pxor	$rndkey0,@tweak[$i]
+	pxor	$twtmp,@tweak[5]
+___
+    }
+$code.=<<___;
+	movdqa	@tweak[5],@tweak[4]
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twres
+	pxor	$rndkey0,@tweak[4]
+	pxor	$twres,@tweak[5]
+	movaps	$rndkey1,0x60(%rsp)		# save round[0]^round[last]
+
+	sub	\$16*6,$len
+	jc	.Lxts_enc_short			# if $len-=6*16 borrowed
+
+	mov	\$16+96,$rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	sub	%r10,%rax			# twisted $rounds
+	$movkey	16($key_),$rndkey1
+	mov	%rax,%r10			# backup twisted $rounds
+	lea	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_enc_grandloop
+
+.align	32
+.Lxts_enc_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqa	$rndkey0,$twmask
+	movdqu	`16*1`($inp),$inout1
+	pxor	@tweak[0],$inout0		# input^=tweak^round[0]
+	movdqu	`16*2`($inp),$inout2
+	pxor	@tweak[1],$inout1
+	 aesenc		$rndkey1,$inout0
+	movdqu	`16*3`($inp),$inout3
+	pxor	@tweak[2],$inout2
+	 aesenc		$rndkey1,$inout1
+	movdqu	`16*4`($inp),$inout4
+	pxor	@tweak[3],$inout3
+	 aesenc		$rndkey1,$inout2
+	movdqu	`16*5`($inp),$inout5
+	pxor	@tweak[5],$twmask		# round[0]^=tweak[5]
+	 movdqa	0x60(%rsp),$twres		# load round[0]^round[last]
+	pxor	@tweak[4],$inout4
+	 aesenc		$rndkey1,$inout3
+	$movkey	32($key_),$rndkey0
+	lea	`16*6`($inp),$inp
+	pxor	$twmask,$inout5
+
+	 pxor	$twres,@tweak[0]		# calclulate tweaks^round[last]
+	aesenc		$rndkey1,$inout4
+	 pxor	$twres,@tweak[1]
+	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^round[last]
+	aesenc		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor	$twres,@tweak[2]
+
+	aesenc		$rndkey0,$inout0
+	 pxor	$twres,@tweak[3]
+	 movdqa	@tweak[1],`16*1`(%rsp)
+	aesenc		$rndkey0,$inout1
+	 pxor	$twres,@tweak[4]
+	 movdqa	@tweak[2],`16*2`(%rsp)
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	 pxor	$twres,$twmask
+	 movdqa	@tweak[4],`16*4`(%rsp)
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	 movdqa	$twmask,`16*5`(%rsp)
+	pshufd	\$0x5f,@tweak[5],$twres
+	jmp	.Lxts_enc_loop6
+.align	32
+.Lxts_enc_loop6:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		-64($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		-80($key,%rax),$rndkey0
+	jnz		.Lxts_enc_loop6
+
+	movdqa	(%r8),$twmask			# start calculating next tweak
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	paddq	@tweak[5],@tweak[5]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey1,$inout1
+	pand	$twmask,$twtmp
+	$movkey	($key_),@tweak[0]		# load round[0]
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	 aesenc		$rndkey1,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[0],@tweak[1]		# copy round[0]
+	 aesenc		$rndkey1,$inout5
+	 $movkey	-64($key),$rndkey1
+
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey0,$inout0
+	paddd	$twres,$twres
+	pxor	@tweak[5],@tweak[0]
+	 aesenc		$rndkey0,$inout1
+	psrad	\$31,$twtmp
+	paddq	@tweak[5],@tweak[5]
+	 aesenc		$rndkey0,$inout2
+	 aesenc		$rndkey0,$inout3
+	pand	$twmask,$twtmp
+	movaps	@tweak[1],@tweak[2]
+	 aesenc		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey0,$inout5
+	 $movkey	-48($key),$rndkey0
+
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[1]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	 movdqa	@tweak[3],`16*3`(%rsp)
+	pxor	$twtmp,@tweak[5]
+	 aesenc		$rndkey1,$inout4
+	movaps	@tweak[2],@tweak[3]
+	movdqa	$twres,$twtmp
+	 aesenc		$rndkey1,$inout5
+	 $movkey	-32($key),$rndkey1
+
+	paddd	$twres,$twres
+	 aesenc		$rndkey0,$inout0
+	pxor	@tweak[5],@tweak[2]
+	psrad	\$31,$twtmp
+	 aesenc		$rndkey0,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesenc		$rndkey0,$inout2
+	 aesenc		$rndkey0,$inout3
+	 aesenc		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[3],@tweak[4]
+	 aesenc		$rndkey0,$inout5
+
+	movdqa	$twres,$rndkey0
+	paddd	$twres,$twres
+	 aesenc		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[3]
+	psrad	\$31,$rndkey0
+	 aesenc		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$rndkey0
+	 aesenc		$rndkey1,$inout2
+	 aesenc		$rndkey1,$inout3
+	pxor	$rndkey0,@tweak[5]
+	$movkey		($key_),$rndkey0
+	 aesenc		$rndkey1,$inout4
+	 aesenc		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+
+	pxor	@tweak[5],@tweak[4]
+	 aesenclast	`16*0`(%rsp),$inout0
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	 aesenclast	`16*1`(%rsp),$inout1
+	 aesenclast	`16*2`(%rsp),$inout2
+	pand	$twmask,$twres
+	mov	%r10,%rax			# restore $rounds
+	 aesenclast	`16*3`(%rsp),$inout3
+	 aesenclast	`16*4`(%rsp),$inout4
+	 aesenclast	`16*5`(%rsp),$inout5
+	pxor	$twres,@tweak[5]
+
+	lea	`16*6`($out),$out		# $out+=6*16
+	movups	$inout0,`-16*6`($out)		# store 6 output blocks
+	movups	$inout1,`-16*5`($out)
+	movups	$inout2,`-16*4`($out)
+	movups	$inout3,`-16*3`($out)
+	movups	$inout4,`-16*2`($out)
+	movups	$inout5,`-16*1`($out)
+	sub	\$16*6,$len
+	jnc	.Lxts_enc_grandloop		# loop if $len-=6*16 didn't borrow
+
+	mov	\$16+96,$rounds
+	sub	$rnds_,$rounds
+	mov	$key_,$key			# restore $key
+	shr	\$4,$rounds			# restore original value
+
+.Lxts_enc_short:
+	# at the point @tweak[0..5] are populated with tweak values
+	mov	$rounds,$rnds_			# backup $rounds
+	pxor	$rndkey0,@tweak[0]
+	add	\$16*6,$len			# restore real remaining $len
+	jz	.Lxts_enc_done			# done if ($len==0)
+
+	pxor	$rndkey0,@tweak[1]
+	cmp	\$0x20,$len
+	jb	.Lxts_enc_one			# $len is 1*16
+	pxor	$rndkey0,@tweak[2]
+	je	.Lxts_enc_two			# $len is 2*16
+
+	pxor	$rndkey0,@tweak[3]
+	cmp	\$0x40,$len
+	jb	.Lxts_enc_three			# $len is 3*16
+	pxor	$rndkey0,@tweak[4]
+	je	.Lxts_enc_four			# $len is 4*16
+
+	movdqu	($inp),$inout0			# $len is 5*16
+	movdqu	16*1($inp),$inout1
+	movdqu	16*2($inp),$inout2
+	pxor	@tweak[0],$inout0
+	movdqu	16*3($inp),$inout3
+	pxor	@tweak[1],$inout1
+	movdqu	16*4($inp),$inout4
+	lea	16*5($inp),$inp			# $inp+=5*16
+	pxor	@tweak[2],$inout2
+	pxor	@tweak[3],$inout3
+	pxor	@tweak[4],$inout4
+	pxor	$inout5,$inout5
+
+	call	_aesni_encrypt6
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[5],@tweak[0]
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 5 output blocks
+	xorps	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	xorps	@tweak[4],$inout4
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	movdqu	$inout4,16*4($out)
+	lea	16*5($out),$out			# $out+=5*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_one:
+	movups	($inp),$inout0
+	lea	16*1($inp),$inp			# inp+=1*16
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[1],@tweak[0]
+	movups	$inout0,($out)			# store one output block
+	lea	16*1($out),$out			# $out+=1*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_two:
+	movups	($inp),$inout0
+	movups	16($inp),$inout1
+	lea	32($inp),$inp			# $inp+=2*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+
+	call	_aesni_encrypt2
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[2],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movups	$inout0,($out)			# store 2 output blocks
+	movups	$inout1,16*1($out)
+	lea	16*2($out),$out			# $out+=2*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_three:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	lea	16*3($inp),$inp			# $inp+=3*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+
+	call	_aesni_encrypt3
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[3],@tweak[0]
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movups	$inout0,($out)			# store 3 output blocks
+	movups	$inout1,16*1($out)
+	movups	$inout2,16*2($out)
+	lea	16*3($out),$out			# $out+=3*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_four:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	xorps	@tweak[0],$inout0
+	movups	16*3($inp),$inout3
+	lea	16*4($inp),$inp			# $inp+=4*16
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	xorps	@tweak[3],$inout3
+
+	call	_aesni_encrypt4
+
+	pxor	@tweak[0],$inout0
+	movdqa	@tweak[4],@tweak[0]
+	pxor	@tweak[1],$inout1
+	pxor	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 4 output blocks
+	pxor	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	lea	16*4($out),$out			# $out+=4*16
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_done:
+	and	\$15,$len_			# see if $len%16 is 0
+	jz	.Lxts_enc_ret
+	mov	$len_,$len
+
+.Lxts_enc_steal:
+	movzb	($inp),%eax			# borrow $rounds ...
+	movzb	-16($out),%ecx			# ... and $key
+	lea	1($inp),$inp
+	mov	%al,-16($out)
+	mov	%cl,0($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lxts_enc_steal
+
+	sub	$len_,$out			# rewind $out
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	-16($out),$inout0
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movups	$inout0,-16($out)
+
+.Lxts_enc_ret:
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa0(%rbp),%xmm6
+	movaps	%xmm0,-0xa0(%rbp)		# clear stack
+	movaps	-0x90(%rbp),%xmm7
+	movaps	%xmm0,-0x90(%rbp)
+	movaps	-0x80(%rbp),%xmm8
+	movaps	%xmm0,-0x80(%rbp)
+	movaps	-0x70(%rbp),%xmm9
+	movaps	%xmm0,-0x70(%rbp)
+	movaps	-0x60(%rbp),%xmm10
+	movaps	%xmm0,-0x60(%rbp)
+	movaps	-0x50(%rbp),%xmm11
+	movaps	%xmm0,-0x50(%rbp)
+	movaps	-0x40(%rbp),%xmm12
+	movaps	%xmm0,-0x40(%rbp)
+	movaps	-0x30(%rbp),%xmm13
+	movaps	%xmm0,-0x30(%rbp)
+	movaps	-0x20(%rbp),%xmm14
+	movaps	%xmm0,-0x20(%rbp)
+	movaps	-0x10(%rbp),%xmm15
+	movaps	%xmm0,-0x10(%rbp)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+___
+$code.=<<___;
+	lea	(%rbp),%rsp
+	pop	%rbp
+.Lxts_enc_epilogue:
+	ret
+.size	aesni_xts_encrypt,.-aesni_xts_encrypt
+___
+
+$code.=<<___;
+.globl	aesni_xts_decrypt
+.type	aesni_xts_decrypt,\@function,6
+.align	16
+aesni_xts_decrypt:
+	lea	(%rsp),%rax
+	push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-0xa8(%rax)		# offload everything
+	movaps	%xmm7,-0x98(%rax)
+	movaps	%xmm8,-0x88(%rax)
+	movaps	%xmm9,-0x78(%rax)
+	movaps	%xmm10,-0x68(%rax)
+	movaps	%xmm11,-0x58(%rax)
+	movaps	%xmm12,-0x48(%rax)
+	movaps	%xmm13,-0x38(%rax)
+	movaps	%xmm14,-0x28(%rax)
+	movaps	%xmm15,-0x18(%rax)
+.Lxts_dec_body:
+___
+$code.=<<___;
+	lea	-8(%rax),%rbp
+	movups	($ivp),$inout0			# load clear-text tweak
+	mov	240($key2),$rounds		# key2->rounds
+	mov	240($key),$rnds_		# key1->rounds
+___
+	# generate the tweak
+	&aesni_generate1("enc",$key2,$rounds,$inout0);
+$code.=<<___;
+	xor	%eax,%eax			# if ($len%16) len-=16;
+	test	\$15,$len
+	setnz	%al
+	shl	\$4,%rax
+	sub	%rax,$len
+
+	$movkey	($key),$rndkey0			# zero round key
+	mov	$key,$key_			# backup $key
+	mov	$rnds_,$rounds			# backup $rounds
+	shl	\$4,$rnds_
+	mov	$len,$len_			# backup $len
+	and	\$-16,$len
+
+	$movkey	16($key,$rnds_),$rndkey1	# last round key
+
+	movdqa	.Lxts_magic(%rip),$twmask
+	movdqa	$inout0,@tweak[5]
+	pshufd	\$0x5f,$inout0,$twres
+	pxor	$rndkey0,$rndkey1
+___
+    for ($i=0;$i<4;$i++) {
+    $code.=<<___;
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	movdqa	@tweak[5],@tweak[$i]
+	psrad	\$31,$twtmp			# broadcast upper bits
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	pxor	$rndkey0,@tweak[$i]
+	pxor	$twtmp,@tweak[5]
+___
+    }
+$code.=<<___;
+	movdqa	@tweak[5],@tweak[4]
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twres
+	pxor	$rndkey0,@tweak[4]
+	pxor	$twres,@tweak[5]
+	movaps	$rndkey1,0x60(%rsp)		# save round[0]^round[last]
+
+	sub	\$16*6,$len
+	jc	.Lxts_dec_short			# if $len-=6*16 borrowed
+
+	mov	\$16+96,$rounds
+	lea	32($key_,$rnds_),$key		# end of key schedule
+	sub	%r10,%rax			# twisted $rounds
+	$movkey	16($key_),$rndkey1
+	mov	%rax,%r10			# backup twisted $rounds
+	lea	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_dec_grandloop
+
+.align	32
+.Lxts_dec_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqa	$rndkey0,$twmask
+	movdqu	`16*1`($inp),$inout1
+	pxor	@tweak[0],$inout0		# intput^=tweak^round[0]
+	movdqu	`16*2`($inp),$inout2
+	pxor	@tweak[1],$inout1
+	 aesdec		$rndkey1,$inout0
+	movdqu	`16*3`($inp),$inout3
+	pxor	@tweak[2],$inout2
+	 aesdec		$rndkey1,$inout1
+	movdqu	`16*4`($inp),$inout4
+	pxor	@tweak[3],$inout3
+	 aesdec		$rndkey1,$inout2
+	movdqu	`16*5`($inp),$inout5
+	pxor	@tweak[5],$twmask		# round[0]^=tweak[5]
+	 movdqa	0x60(%rsp),$twres		# load round[0]^round[last]
+	pxor	@tweak[4],$inout4
+	 aesdec		$rndkey1,$inout3
+	$movkey	32($key_),$rndkey0
+	lea	`16*6`($inp),$inp
+	pxor	$twmask,$inout5
+
+	 pxor	$twres,@tweak[0]		# calclulate tweaks^round[last]
+	aesdec		$rndkey1,$inout4
+	 pxor	$twres,@tweak[1]
+	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks^last round key
+	aesdec		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor	$twres,@tweak[2]
+
+	aesdec		$rndkey0,$inout0
+	 pxor	$twres,@tweak[3]
+	 movdqa	@tweak[1],`16*1`(%rsp)
+	aesdec		$rndkey0,$inout1
+	 pxor	$twres,@tweak[4]
+	 movdqa	@tweak[2],`16*2`(%rsp)
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	 pxor	$twres,$twmask
+	 movdqa	@tweak[4],`16*4`(%rsp)
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	 movdqa	$twmask,`16*5`(%rsp)
+	pshufd	\$0x5f,@tweak[5],$twres
+	jmp	.Lxts_dec_loop6
+.align	32
+.Lxts_dec_loop6:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		-64($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		-80($key,%rax),$rndkey0
+	jnz		.Lxts_dec_loop6
+
+	movdqa	(%r8),$twmask			# start calculating next tweak
+	movdqa	$twres,$twtmp
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	paddq	@tweak[5],@tweak[5]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey1,$inout1
+	pand	$twmask,$twtmp
+	$movkey	($key_),@tweak[0]		# load round[0]
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	 aesdec		$rndkey1,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[0],@tweak[1]		# copy round[0]
+	 aesdec		$rndkey1,$inout5
+	 $movkey	-64($key),$rndkey1
+
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey0,$inout0
+	paddd	$twres,$twres
+	pxor	@tweak[5],@tweak[0]
+	 aesdec		$rndkey0,$inout1
+	psrad	\$31,$twtmp
+	paddq	@tweak[5],@tweak[5]
+	 aesdec		$rndkey0,$inout2
+	 aesdec		$rndkey0,$inout3
+	pand	$twmask,$twtmp
+	movaps	@tweak[1],@tweak[2]
+	 aesdec		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey0,$inout5
+	 $movkey	-48($key),$rndkey0
+
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[1]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	 movdqa	@tweak[3],`16*3`(%rsp)
+	pxor	$twtmp,@tweak[5]
+	 aesdec		$rndkey1,$inout4
+	movaps	@tweak[2],@tweak[3]
+	movdqa	$twres,$twtmp
+	 aesdec		$rndkey1,$inout5
+	 $movkey	-32($key),$rndkey1
+
+	paddd	$twres,$twres
+	 aesdec		$rndkey0,$inout0
+	pxor	@tweak[5],@tweak[2]
+	psrad	\$31,$twtmp
+	 aesdec		$rndkey0,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$twtmp
+	 aesdec		$rndkey0,$inout2
+	 aesdec		$rndkey0,$inout3
+	 aesdec		$rndkey0,$inout4
+	pxor	$twtmp,@tweak[5]
+	movaps	@tweak[3],@tweak[4]
+	 aesdec		$rndkey0,$inout5
+
+	movdqa	$twres,$rndkey0
+	paddd	$twres,$twres
+	 aesdec		$rndkey1,$inout0
+	pxor	@tweak[5],@tweak[3]
+	psrad	\$31,$rndkey0
+	 aesdec		$rndkey1,$inout1
+	paddq	@tweak[5],@tweak[5]
+	pand	$twmask,$rndkey0
+	 aesdec		$rndkey1,$inout2
+	 aesdec		$rndkey1,$inout3
+	pxor	$rndkey0,@tweak[5]
+	$movkey		($key_),$rndkey0
+	 aesdec		$rndkey1,$inout4
+	 aesdec		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+
+	pxor	@tweak[5],@tweak[4]
+	 aesdeclast	`16*0`(%rsp),$inout0
+	psrad	\$31,$twres
+	paddq	@tweak[5],@tweak[5]
+	 aesdeclast	`16*1`(%rsp),$inout1
+	 aesdeclast	`16*2`(%rsp),$inout2
+	pand	$twmask,$twres
+	mov	%r10,%rax			# restore $rounds
+	 aesdeclast	`16*3`(%rsp),$inout3
+	 aesdeclast	`16*4`(%rsp),$inout4
+	 aesdeclast	`16*5`(%rsp),$inout5
+	pxor	$twres,@tweak[5]
+
+	lea	`16*6`($out),$out		# $out+=6*16
+	movups	$inout0,`-16*6`($out)		# store 6 output blocks
+	movups	$inout1,`-16*5`($out)
+	movups	$inout2,`-16*4`($out)
+	movups	$inout3,`-16*3`($out)
+	movups	$inout4,`-16*2`($out)
+	movups	$inout5,`-16*1`($out)
+	sub	\$16*6,$len
+	jnc	.Lxts_dec_grandloop		# loop if $len-=6*16 didn't borrow
+
+	mov	\$16+96,$rounds
+	sub	$rnds_,$rounds
+	mov	$key_,$key			# restore $key
+	shr	\$4,$rounds			# restore original value
+
+.Lxts_dec_short:
+	# at the point @tweak[0..5] are populated with tweak values
+	mov	$rounds,$rnds_			# backup $rounds
+	pxor	$rndkey0,@tweak[0]
+	pxor	$rndkey0,@tweak[1]
+	add	\$16*6,$len			# restore real remaining $len
+	jz	.Lxts_dec_done			# done if ($len==0)
+
+	pxor	$rndkey0,@tweak[2]
+	cmp	\$0x20,$len
+	jb	.Lxts_dec_one			# $len is 1*16
+	pxor	$rndkey0,@tweak[3]
+	je	.Lxts_dec_two			# $len is 2*16
+
+	pxor	$rndkey0,@tweak[4]
+	cmp	\$0x40,$len
+	jb	.Lxts_dec_three			# $len is 3*16
+	je	.Lxts_dec_four			# $len is 4*16
+
+	movdqu	($inp),$inout0			# $len is 5*16
+	movdqu	16*1($inp),$inout1
+	movdqu	16*2($inp),$inout2
+	pxor	@tweak[0],$inout0
+	movdqu	16*3($inp),$inout3
+	pxor	@tweak[1],$inout1
+	movdqu	16*4($inp),$inout4
+	lea	16*5($inp),$inp			# $inp+=5*16
+	pxor	@tweak[2],$inout2
+	pxor	@tweak[3],$inout3
+	pxor	@tweak[4],$inout4
+
+	call	_aesni_decrypt6
+
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 5 output blocks
+	xorps	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	xorps	@tweak[4],$inout4
+	movdqu	$inout2,16*2($out)
+	 pxor		$twtmp,$twtmp
+	movdqu	$inout3,16*3($out)
+	 pcmpgtd	@tweak[5],$twtmp
+	movdqu	$inout4,16*4($out)
+	lea	16*5($out),$out			# $out+=5*16
+	 pshufd		\$0x13,$twtmp,@tweak[1]	# $twres
+	and	\$15,$len_
+	jz	.Lxts_dec_ret
+
+	movdqa	@tweak[5],@tweak[0]
+	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
+	pand	$twmask,@tweak[1]		# isolate carry and residue
+	pxor	@tweak[5],@tweak[1]
+	jmp	.Lxts_dec_done2
+
+.align	16
+.Lxts_dec_one:
+	movups	($inp),$inout0
+	lea	16*1($inp),$inp			# $inp+=1*16
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[1],@tweak[0]
+	movups	$inout0,($out)			# store one output block
+	movdqa	@tweak[2],@tweak[1]
+	lea	16*1($out),$out			# $out+=1*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_two:
+	movups	($inp),$inout0
+	movups	16($inp),$inout1
+	lea	32($inp),$inp			# $inp+=2*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+
+	call	_aesni_decrypt2
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[2],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movdqa	@tweak[3],@tweak[1]
+	movups	$inout0,($out)			# store 2 output blocks
+	movups	$inout1,16*1($out)
+	lea	16*2($out),$out			# $out+=2*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_three:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	lea	16*3($inp),$inp			# $inp+=3*16
+	xorps	@tweak[0],$inout0
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+
+	call	_aesni_decrypt3
+
+	xorps	@tweak[0],$inout0
+	movdqa	@tweak[3],@tweak[0]
+	xorps	@tweak[1],$inout1
+	movdqa	@tweak[4],@tweak[1]
+	xorps	@tweak[2],$inout2
+	movups	$inout0,($out)			# store 3 output blocks
+	movups	$inout1,16*1($out)
+	movups	$inout2,16*2($out)
+	lea	16*3($out),$out			# $out+=3*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_four:
+	movups	($inp),$inout0
+	movups	16*1($inp),$inout1
+	movups	16*2($inp),$inout2
+	xorps	@tweak[0],$inout0
+	movups	16*3($inp),$inout3
+	lea	16*4($inp),$inp			# $inp+=4*16
+	xorps	@tweak[1],$inout1
+	xorps	@tweak[2],$inout2
+	xorps	@tweak[3],$inout3
+
+	call	_aesni_decrypt4
+
+	pxor	@tweak[0],$inout0
+	movdqa	@tweak[4],@tweak[0]
+	pxor	@tweak[1],$inout1
+	movdqa	@tweak[5],@tweak[1]
+	pxor	@tweak[2],$inout2
+	movdqu	$inout0,($out)			# store 4 output blocks
+	pxor	@tweak[3],$inout3
+	movdqu	$inout1,16*1($out)
+	movdqu	$inout2,16*2($out)
+	movdqu	$inout3,16*3($out)
+	lea	16*4($out),$out			# $out+=4*16
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_done:
+	and	\$15,$len_			# see if $len%16 is 0
+	jz	.Lxts_dec_ret
+.Lxts_dec_done2:
+	mov	$len_,$len
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	($inp),$inout0
+	xorps	@tweak[1],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[1],$inout0
+	movups	$inout0,($out)
+
+.Lxts_dec_steal:
+	movzb	16($inp),%eax			# borrow $rounds ...
+	movzb	($out),%ecx			# ... and $key
+	lea	1($inp),$inp
+	mov	%al,($out)
+	mov	%cl,16($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lxts_dec_steal
+
+	sub	$len_,$out			# rewind $out
+	mov	$key_,$key			# restore $key
+	mov	$rnds_,$rounds			# restore $rounds
+
+	movups	($out),$inout0
+	xorps	@tweak[0],$inout0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	@tweak[0],$inout0
+	movups	$inout0,($out)
+
+.Lxts_dec_ret:
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,0x10(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,0x20(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,0x30(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,0x40(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,0x50(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,0x60(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa0(%rbp),%xmm6
+	movaps	%xmm0,-0xa0(%rbp)		# clear stack
+	movaps	-0x90(%rbp),%xmm7
+	movaps	%xmm0,-0x90(%rbp)
+	movaps	-0x80(%rbp),%xmm8
+	movaps	%xmm0,-0x80(%rbp)
+	movaps	-0x70(%rbp),%xmm9
+	movaps	%xmm0,-0x70(%rbp)
+	movaps	-0x60(%rbp),%xmm10
+	movaps	%xmm0,-0x60(%rbp)
+	movaps	-0x50(%rbp),%xmm11
+	movaps	%xmm0,-0x50(%rbp)
+	movaps	-0x40(%rbp),%xmm12
+	movaps	%xmm0,-0x40(%rbp)
+	movaps	-0x30(%rbp),%xmm13
+	movaps	%xmm0,-0x30(%rbp)
+	movaps	-0x20(%rbp),%xmm14
+	movaps	%xmm0,-0x20(%rbp)
+	movaps	-0x10(%rbp),%xmm15
+	movaps	%xmm0,-0x10(%rbp)
+	movaps	%xmm0,0x00(%rsp)
+	movaps	%xmm0,0x10(%rsp)
+	movaps	%xmm0,0x20(%rsp)
+	movaps	%xmm0,0x30(%rsp)
+	movaps	%xmm0,0x40(%rsp)
+	movaps	%xmm0,0x50(%rsp)
+	movaps	%xmm0,0x60(%rsp)
+___
+$code.=<<___;
+	lea	(%rbp),%rsp
+	pop	%rbp
+.Lxts_dec_epilogue:
+	ret
+.size	aesni_xts_decrypt,.-aesni_xts_decrypt
+___
+}
+
+######################################################################
+# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks,
+#	const AES_KEY *key, unsigned int start_block_num,
+#	unsigned char offset_i[16], const unsigned char L_[][16],
+#	unsigned char checksum[16]);
+#
+{
+my @offset=map("%xmm$_",(10..15));
+my ($checksum,$rndkey0l)=("%xmm8","%xmm9");
+my ($block_num,$offset_p)=("%r8","%r9");		# 5th and 6th arguments
+my ($L_p,$checksum_p) = ("%rbx","%rbp");
+my ($i1,$i3,$i5) = ("%r12","%r13","%r14");
+my $seventh_arg = $win64 ? 56 : 8;
+my $blocks = $len;
+
+$code.=<<___;
+.globl	aesni_ocb_encrypt
+.type	aesni_ocb_encrypt,\@function,6
+.align	32
+aesni_ocb_encrypt:
+	lea	(%rsp),%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp),%rsp
+	movaps	%xmm6,0x00(%rsp)		# offload everything
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,0x70(%rsp)
+	movaps	%xmm14,0x80(%rsp)
+	movaps	%xmm15,0x90(%rsp)
+.Locb_enc_body:
+___
+$code.=<<___;
+	mov	$seventh_arg(%rax),$L_p		# 7th argument
+	mov	$seventh_arg+8(%rax),$checksum_p# 8th argument
+
+	mov	240($key),$rnds_
+	mov	$key,$key_
+	shl	\$4,$rnds_
+	$movkey	($key),$rndkey0l		# round[0]
+	$movkey	16($key,$rnds_),$rndkey1	# round[last]
+
+	movdqu	($offset_p),@offset[5]		# load last offset_i
+	pxor	$rndkey1,$rndkey0l		# round[0] ^ round[last]
+	pxor	$rndkey1,@offset[5]		# offset_i ^ round[last]
+
+	mov	\$16+32,$rounds
+	lea	32($key_,$rnds_),$key
+	$movkey	16($key_),$rndkey1		# round[1]
+	sub	%r10,%rax			# twisted $rounds
+	mov	%rax,%r10			# backup twisted $rounds
+
+	movdqu	($L_p),@offset[0]		# L_0 for all odd-numbered blocks
+	movdqu	($checksum_p),$checksum		# load checksum
+
+	test	\$1,$block_num			# is first block number odd?
+	jnz	.Locb_enc_odd
+
+	bsf	$block_num,$i1
+	add	\$1,$block_num
+	shl	\$4,$i1
+	movdqu	($L_p,$i1),$inout5		# borrow
+	movdqu	($inp),$inout0
+	lea	16($inp),$inp
+
+	call	__ocb_encrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,($out)
+	lea	16($out),$out
+	sub	\$1,$blocks
+	jz	.Locb_enc_done
+
+.Locb_enc_odd:
+	lea	1($block_num),$i1		# even-numbered blocks
+	lea	3($block_num),$i3
+	lea	5($block_num),$i5
+	lea	6($block_num),$block_num
+	bsf	$i1,$i1				# ntz(block)
+	bsf	$i3,$i3
+	bsf	$i5,$i5
+	shl	\$4,$i1				# ntz(block) -> table offset
+	shl	\$4,$i3
+	shl	\$4,$i5
+
+	sub	\$6,$blocks
+	jc	.Locb_enc_short
+	jmp	.Locb_enc_grandloop
+
+.align	32
+.Locb_enc_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqu	`16*1`($inp),$inout1
+	movdqu	`16*2`($inp),$inout2
+	movdqu	`16*3`($inp),$inout3
+	movdqu	`16*4`($inp),$inout4
+	movdqu	`16*5`($inp),$inout5
+	lea	`16*6`($inp),$inp
+
+	call	__ocb_encrypt6
+
+	movups	$inout0,`16*0`($out)		# store output
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+	movups	$inout4,`16*4`($out)
+	movups	$inout5,`16*5`($out)
+	lea	`16*6`($out),$out
+	sub	\$6,$blocks
+	jnc	.Locb_enc_grandloop
+
+.Locb_enc_short:
+	add	\$6,$blocks
+	jz	.Locb_enc_done
+
+	movdqu	`16*0`($inp),$inout0
+	cmp	\$2,$blocks
+	jb	.Locb_enc_one
+	movdqu	`16*1`($inp),$inout1
+	je	.Locb_enc_two
+
+	movdqu	`16*2`($inp),$inout2
+	cmp	\$4,$blocks
+	jb	.Locb_enc_three
+	movdqu	`16*3`($inp),$inout3
+	je	.Locb_enc_four
+
+	movdqu	`16*4`($inp),$inout4
+	pxor	$inout5,$inout5
+
+	call	__ocb_encrypt6
+
+	movdqa	@offset[4],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+	movups	$inout4,`16*4`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_one:
+	movdqa	@offset[0],$inout5		# borrow
+
+	call	__ocb_encrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,`16*0`($out)
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_two:
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+
+	call	__ocb_encrypt4
+
+	movdqa	@offset[1],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_three:
+	pxor	$inout3,$inout3
+
+	call	__ocb_encrypt4
+
+	movdqa	@offset[2],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_four:
+	call	__ocb_encrypt4
+
+	movdqa	@offset[3],@offset[5]
+	movups	$inout0,`16*0`($out)
+	movups	$inout1,`16*1`($out)
+	movups	$inout2,`16*2`($out)
+	movups	$inout3,`16*3`($out)
+
+.Locb_enc_done:
+	pxor	$rndkey0,@offset[5]		# "remove" round[last]
+	movdqu	$checksum,($checksum_p)		# store checksum
+	movdqu	@offset[5],($offset_p)		# store last offset_i
+
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm10
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm11
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm12
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm13
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm14
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm15
+	movaps	%xmm0,0x90(%rsp)
+	lea	0xa0+0x28(%rsp),%rax
+.Locb_enc_pop:
+	lea	0xa0(%rsp),%rsp
+___
+$code.=<<___;
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+.Locb_enc_epilogue:
+	ret
+.size	aesni_ocb_encrypt,.-aesni_ocb_encrypt
+
+.type	__ocb_encrypt6,\@abi-omnipotent
+.align	32
+__ocb_encrypt6:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 movdqa		@offset[0],@offset[4]
+	 pxor		@offset[5],@offset[0]
+	 movdqu		($L_p,$i5),@offset[5]
+	 pxor		@offset[0],@offset[1]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		$inout1,$checksum
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		$inout2,$checksum
+	pxor		@offset[2],$inout2
+	 pxor		@offset[3],@offset[4]
+	pxor		$inout3,$checksum
+	pxor		@offset[3],$inout3
+	 pxor		@offset[4],@offset[5]
+	pxor		$inout4,$checksum
+	pxor		@offset[4],$inout4
+	pxor		$inout5,$checksum
+	pxor		@offset[5],$inout5
+	$movkey		32($key_),$rndkey0
+
+	lea		1($block_num),$i1	# even-numbered blocks
+	lea		3($block_num),$i3
+	lea		5($block_num),$i5
+	add		\$6,$block_num
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	bsf		$i1,$i1			# ntz(block)
+	bsf		$i3,$i3
+	bsf		$i5,$i5
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	aesenc		$rndkey1,$inout4
+	 pxor		$rndkey0l,@offset[3]
+	 pxor		$rndkey0l,@offset[4]
+	aesenc		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor		$rndkey0l,@offset[5]
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	shl		\$4,$i1			# ntz(block) -> table offset
+	shl		\$4,$i3
+	jmp		.Locb_enc_loop6
+
+.align	32
+.Locb_enc_loop6:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	aesenc		$rndkey0,$inout4
+	aesenc		$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop6
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	aesenc		$rndkey1,$inout4
+	aesenc		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+	shl		\$4,$i5
+
+	aesenclast	@offset[0],$inout0
+	movdqu		($L_p),@offset[0]	# L_0 for all odd-numbered blocks
+	mov		%r10,%rax		# restore twisted rounds
+	aesenclast	@offset[1],$inout1
+	aesenclast	@offset[2],$inout2
+	aesenclast	@offset[3],$inout3
+	aesenclast	@offset[4],$inout4
+	aesenclast	@offset[5],$inout5
+	ret
+.size	__ocb_encrypt6,.-__ocb_encrypt6
+
+.type	__ocb_encrypt4,\@abi-omnipotent
+.align	32
+__ocb_encrypt4:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 pxor		@offset[5],@offset[0]
+	 pxor		@offset[0],@offset[1]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		$inout1,$checksum
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		$inout2,$checksum
+	pxor		@offset[2],$inout2
+	pxor		$inout3,$checksum
+	pxor		@offset[3],$inout3
+	$movkey		32($key_),$rndkey0
+
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	 pxor		$rndkey0l,@offset[3]
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		48($key_),$rndkey1
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_enc_loop4
+
+.align	32
+.Locb_enc_loop4:
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	aesenc		$rndkey0,$inout1
+	aesenc		$rndkey0,$inout2
+	aesenc		$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop4
+
+	aesenc		$rndkey1,$inout0
+	aesenc		$rndkey1,$inout1
+	aesenc		$rndkey1,$inout2
+	aesenc		$rndkey1,$inout3
+	$movkey		16($key_),$rndkey1
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesenclast	@offset[0],$inout0
+	aesenclast	@offset[1],$inout1
+	aesenclast	@offset[2],$inout2
+	aesenclast	@offset[3],$inout3
+	ret
+.size	__ocb_encrypt4,.-__ocb_encrypt4
+
+.type	__ocb_encrypt1,\@abi-omnipotent
+.align	32
+__ocb_encrypt1:
+	 pxor		@offset[5],$inout5	# offset_i
+	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
+	pxor		$inout0,$checksum	# accumulate checksum
+	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
+	$movkey		32($key_),$rndkey0
+
+	aesenc		$rndkey1,$inout0
+	$movkey		48($key_),$rndkey1
+	pxor		$rndkey0l,$inout5	# offset_i ^ round[last]
+
+	aesenc		$rndkey0,$inout0
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_enc_loop1
+
+.align	32
+.Locb_enc_loop1:
+	aesenc		$rndkey1,$inout0
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesenc		$rndkey0,$inout0
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_enc_loop1
+
+	aesenc		$rndkey1,$inout0
+	$movkey		16($key_),$rndkey1	# redundant in tail
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesenclast	$inout5,$inout0
+	ret
+.size	__ocb_encrypt1,.-__ocb_encrypt1
+
+.globl	aesni_ocb_decrypt
+.type	aesni_ocb_decrypt,\@function,6
+.align	32
+aesni_ocb_decrypt:
+	lea	(%rsp),%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp),%rsp
+	movaps	%xmm6,0x00(%rsp)		# offload everything
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,0x60(%rsp)
+	movaps	%xmm13,0x70(%rsp)
+	movaps	%xmm14,0x80(%rsp)
+	movaps	%xmm15,0x90(%rsp)
+.Locb_dec_body:
+___
+$code.=<<___;
+	mov	$seventh_arg(%rax),$L_p		# 7th argument
+	mov	$seventh_arg+8(%rax),$checksum_p# 8th argument
+
+	mov	240($key),$rnds_
+	mov	$key,$key_
+	shl	\$4,$rnds_
+	$movkey	($key),$rndkey0l		# round[0]
+	$movkey	16($key,$rnds_),$rndkey1	# round[last]
+
+	movdqu	($offset_p),@offset[5]		# load last offset_i
+	pxor	$rndkey1,$rndkey0l		# round[0] ^ round[last]
+	pxor	$rndkey1,@offset[5]		# offset_i ^ round[last]
+
+	mov	\$16+32,$rounds
+	lea	32($key_,$rnds_),$key
+	$movkey	16($key_),$rndkey1		# round[1]
+	sub	%r10,%rax			# twisted $rounds
+	mov	%rax,%r10			# backup twisted $rounds
+
+	movdqu	($L_p),@offset[0]		# L_0 for all odd-numbered blocks
+	movdqu	($checksum_p),$checksum		# load checksum
+
+	test	\$1,$block_num			# is first block number odd?
+	jnz	.Locb_dec_odd
+
+	bsf	$block_num,$i1
+	add	\$1,$block_num
+	shl	\$4,$i1
+	movdqu	($L_p,$i1),$inout5		# borrow
+	movdqu	($inp),$inout0
+	lea	16($inp),$inp
+
+	call	__ocb_decrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,($out)
+	xorps	$inout0,$checksum		# accumulate checksum
+	lea	16($out),$out
+	sub	\$1,$blocks
+	jz	.Locb_dec_done
+
+.Locb_dec_odd:
+	lea	1($block_num),$i1		# even-numbered blocks
+	lea	3($block_num),$i3
+	lea	5($block_num),$i5
+	lea	6($block_num),$block_num
+	bsf	$i1,$i1				# ntz(block)
+	bsf	$i3,$i3
+	bsf	$i5,$i5
+	shl	\$4,$i1				# ntz(block) -> table offset
+	shl	\$4,$i3
+	shl	\$4,$i5
+
+	sub	\$6,$blocks
+	jc	.Locb_dec_short
+	jmp	.Locb_dec_grandloop
+
+.align	32
+.Locb_dec_grandloop:
+	movdqu	`16*0`($inp),$inout0		# load input
+	movdqu	`16*1`($inp),$inout1
+	movdqu	`16*2`($inp),$inout2
+	movdqu	`16*3`($inp),$inout3
+	movdqu	`16*4`($inp),$inout4
+	movdqu	`16*5`($inp),$inout5
+	lea	`16*6`($inp),$inp
+
+	call	__ocb_decrypt6
+
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+	movups	$inout4,`16*4`($out)
+	pxor	$inout4,$checksum
+	movups	$inout5,`16*5`($out)
+	pxor	$inout5,$checksum
+	lea	`16*6`($out),$out
+	sub	\$6,$blocks
+	jnc	.Locb_dec_grandloop
+
+.Locb_dec_short:
+	add	\$6,$blocks
+	jz	.Locb_dec_done
+
+	movdqu	`16*0`($inp),$inout0
+	cmp	\$2,$blocks
+	jb	.Locb_dec_one
+	movdqu	`16*1`($inp),$inout1
+	je	.Locb_dec_two
+
+	movdqu	`16*2`($inp),$inout2
+	cmp	\$4,$blocks
+	jb	.Locb_dec_three
+	movdqu	`16*3`($inp),$inout3
+	je	.Locb_dec_four
+
+	movdqu	`16*4`($inp),$inout4
+	pxor	$inout5,$inout5
+
+	call	__ocb_decrypt6
+
+	movdqa	@offset[4],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+	movups	$inout4,`16*4`($out)
+	pxor	$inout4,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_one:
+	movdqa	@offset[0],$inout5		# borrow
+
+	call	__ocb_decrypt1
+
+	movdqa	$inout5,@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_two:
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+
+	call	__ocb_decrypt4
+
+	movdqa	@offset[1],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	xorps	$inout1,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_three:
+	pxor	$inout3,$inout3
+
+	call	__ocb_decrypt4
+
+	movdqa	@offset[2],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	xorps	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	xorps	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	xorps	$inout2,$checksum
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_four:
+	call	__ocb_decrypt4
+
+	movdqa	@offset[3],@offset[5]
+	movups	$inout0,`16*0`($out)		# store output
+	pxor	$inout0,$checksum		# accumulate checksum
+	movups	$inout1,`16*1`($out)
+	pxor	$inout1,$checksum
+	movups	$inout2,`16*2`($out)
+	pxor	$inout2,$checksum
+	movups	$inout3,`16*3`($out)
+	pxor	$inout3,$checksum
+
+.Locb_dec_done:
+	pxor	$rndkey0,@offset[5]		# "remove" round[last]
+	movdqu	$checksum,($checksum_p)		# store checksum
+	movdqu	@offset[5],($offset_p)		# store last offset_i
+
+	xorps	%xmm0,%xmm0			# clear register bank
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+$code.=<<___ if (!$win64);
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+___
+$code.=<<___ if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	%xmm0,0x00(%rsp)		# clear stack
+	movaps	0x10(%rsp),%xmm7
+	movaps	%xmm0,0x10(%rsp)
+	movaps	0x20(%rsp),%xmm8
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm9
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm10
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm11
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm12
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm13
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm14
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm15
+	movaps	%xmm0,0x90(%rsp)
+	lea	0xa0+0x28(%rsp),%rax
+.Locb_dec_pop:
+	lea	0xa0(%rsp),%rsp
+___
+$code.=<<___;
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+.Locb_dec_epilogue:
+	ret
+.size	aesni_ocb_decrypt,.-aesni_ocb_decrypt
+
+.type	__ocb_decrypt6,\@abi-omnipotent
+.align	32
+__ocb_decrypt6:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 movdqa		@offset[0],@offset[4]
+	 pxor		@offset[5],@offset[0]
+	 movdqu		($L_p,$i5),@offset[5]
+	 pxor		@offset[0],@offset[1]
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		@offset[2],$inout2
+	 pxor		@offset[3],@offset[4]
+	pxor		@offset[3],$inout3
+	 pxor		@offset[4],@offset[5]
+	pxor		@offset[4],$inout4
+	pxor		@offset[5],$inout5
+	$movkey		32($key_),$rndkey0
+
+	lea		1($block_num),$i1	# even-numbered blocks
+	lea		3($block_num),$i3
+	lea		5($block_num),$i5
+	add		\$6,$block_num
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	bsf		$i1,$i1			# ntz(block)
+	bsf		$i3,$i3
+	bsf		$i5,$i5
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	aesdec		$rndkey1,$inout4
+	 pxor		$rndkey0l,@offset[3]
+	 pxor		$rndkey0l,@offset[4]
+	aesdec		$rndkey1,$inout5
+	$movkey		48($key_),$rndkey1
+	 pxor		$rndkey0l,@offset[5]
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		64($key_),$rndkey0
+	shl		\$4,$i1			# ntz(block) -> table offset
+	shl		\$4,$i3
+	jmp		.Locb_dec_loop6
+
+.align	32
+.Locb_dec_loop6:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	aesdec		$rndkey0,$inout4
+	aesdec		$rndkey0,$inout5
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop6
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	$movkey		16($key_),$rndkey1
+	shl		\$4,$i5
+
+	aesdeclast	@offset[0],$inout0
+	movdqu		($L_p),@offset[0]	# L_0 for all odd-numbered blocks
+	mov		%r10,%rax		# restore twisted rounds
+	aesdeclast	@offset[1],$inout1
+	aesdeclast	@offset[2],$inout2
+	aesdeclast	@offset[3],$inout3
+	aesdeclast	@offset[4],$inout4
+	aesdeclast	@offset[5],$inout5
+	ret
+.size	__ocb_decrypt6,.-__ocb_decrypt6
+
+.type	__ocb_decrypt4,\@abi-omnipotent
+.align	32
+__ocb_decrypt4:
+	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
+	 movdqu		($L_p,$i1),@offset[1]
+	 movdqa		@offset[0],@offset[2]
+	 movdqu		($L_p,$i3),@offset[3]
+	 pxor		@offset[5],@offset[0]
+	 pxor		@offset[0],@offset[1]
+	pxor		@offset[0],$inout0	# input ^ round[0] ^ offset_i
+	 pxor		@offset[1],@offset[2]
+	pxor		@offset[1],$inout1
+	 pxor		@offset[2],@offset[3]
+	pxor		@offset[2],$inout2
+	pxor		@offset[3],$inout3
+	$movkey		32($key_),$rndkey0
+
+	 pxor		$rndkey0l,@offset[0]	# offset_i ^ round[last]
+	 pxor		$rndkey0l,@offset[1]
+	 pxor		$rndkey0l,@offset[2]
+	 pxor		$rndkey0l,@offset[3]
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		48($key_),$rndkey1
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_dec_loop4
+
+.align	32
+.Locb_dec_loop4:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	aesdec		$rndkey0,$inout1
+	aesdec		$rndkey0,$inout2
+	aesdec		$rndkey0,$inout3
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop4
+
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	$movkey		16($key_),$rndkey1
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesdeclast	@offset[0],$inout0
+	aesdeclast	@offset[1],$inout1
+	aesdeclast	@offset[2],$inout2
+	aesdeclast	@offset[3],$inout3
+	ret
+.size	__ocb_decrypt4,.-__ocb_decrypt4
+
+.type	__ocb_decrypt1,\@abi-omnipotent
+.align	32
+__ocb_decrypt1:
+	 pxor		@offset[5],$inout5	# offset_i
+	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
+	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
+	$movkey		32($key_),$rndkey0
+
+	aesdec		$rndkey1,$inout0
+	$movkey		48($key_),$rndkey1
+	pxor		$rndkey0l,$inout5	# offset_i ^ round[last]
+
+	aesdec		$rndkey0,$inout0
+	$movkey		64($key_),$rndkey0
+	jmp		.Locb_dec_loop1
+
+.align	32
+.Locb_dec_loop1:
+	aesdec		$rndkey1,$inout0
+	$movkey		($key,%rax),$rndkey1
+	add		\$32,%rax
+
+	aesdec		$rndkey0,$inout0
+	$movkey		-16($key,%rax),$rndkey0
+	jnz		.Locb_dec_loop1
+
+	aesdec		$rndkey1,$inout0
+	$movkey		16($key_),$rndkey1	# redundant in tail
+	mov		%r10,%rax		# restore twisted rounds
+
+	aesdeclast	$inout5,$inout0
+	ret
+.size	__ocb_decrypt1,.-__ocb_decrypt1
+___
+} }}
+
+########################################################################
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+#			    size_t length, const AES_KEY *key,
+#			    unsigned char *ivp,const int enc);
+{
+my $frame_size = 0x10 + ($win64?0xa0:0);	# used in decrypt
+my ($iv,$in0,$in1,$in2,$in3,$in4)=map("%xmm$_",(10..15));
+my $inp_=$key_;
+
+$code.=<<___;
+.globl	${PREFIX}_cbc_encrypt
+.type	${PREFIX}_cbc_encrypt,\@function,6
+.align	16
+${PREFIX}_cbc_encrypt:
+	test	$len,$len		# check length
+	jz	.Lcbc_ret
+
+	mov	240($key),$rnds_	# key->rounds
+	mov	$key,$key_		# backup $key
+	test	%r9d,%r9d		# 6th argument
+	jz	.Lcbc_decrypt
+#--------------------------- CBC ENCRYPT ------------------------------#
+	movups	($ivp),$inout0		# load iv as initial state
+	mov	$rnds_,$rounds
+	cmp	\$16,$len
+	jb	.Lcbc_enc_tail
+	sub	\$16,$len
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movups	($inp),$inout1		# load input
+	lea	16($inp),$inp
+	#xorps	$inout1,$inout0
+___
+	&aesni_generate1("enc",$key,$rounds,$inout0,$inout1);
+$code.=<<___;
+	mov	$rnds_,$rounds		# restore $rounds
+	mov	$key_,$key		# restore $key
+	movups	$inout0,0($out)		# store output
+	lea	16($out),$out
+	sub	\$16,$len
+	jnc	.Lcbc_enc_loop
+	add	\$16,$len
+	jnz	.Lcbc_enc_tail
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movups	$inout0,($ivp)
+	 pxor	$inout0,$inout0
+	 pxor	$inout1,$inout1
+	jmp	.Lcbc_ret
+
+.Lcbc_enc_tail:
+	mov	$len,%rcx	# zaps $key
+	xchg	$inp,$out	# $inp is %rsi and $out is %rdi now
+	.long	0x9066A4F3	# rep movsb
+	mov	\$16,%ecx	# zero tail
+	sub	$len,%rcx
+	xor	%eax,%eax
+	.long	0x9066AAF3	# rep stosb
+	lea	-16(%rdi),%rdi	# rewind $out by 1 block
+	mov	$rnds_,$rounds	# restore $rounds
+	mov	%rdi,%rsi	# $inp and $out are the same
+	mov	$key_,$key	# restore $key
+	xor	$len,$len	# len=16
+	jmp	.Lcbc_enc_loop	# one more spin
+#--------------------------- CBC DECRYPT ------------------------------#
+.align	16
+.Lcbc_decrypt:
+	cmp	\$16,$len
+	jne	.Lcbc_decrypt_bulk
+
+	# handle single block without allocating stack frame,
+	# useful in ciphertext stealing mode
+	movdqu	($inp),$inout0		# load input
+	movdqu	($ivp),$inout1		# load iv
+	movdqa	$inout0,$inout2		# future iv
+___
+	&aesni_generate1("dec",$key,$rnds_);
+$code.=<<___;
+	 pxor	$rndkey0,$rndkey0	# clear register bank
+	 pxor	$rndkey1,$rndkey1
+	movdqu	$inout2,($ivp)		# store iv
+	xorps	$inout1,$inout0		# ^=iv
+	 pxor	$inout1,$inout1
+	movups	$inout0,($out)		# store output
+	 pxor	$inout0,$inout0
+	jmp	.Lcbc_ret
+.align	16
+.Lcbc_decrypt_bulk:
+	lea	(%rsp),%rax
+	push	%rbp
+	sub	\$$frame_size,%rsp
+	and	\$-16,%rsp	# Linux kernel stack can be incorrectly seeded
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lcbc_decrypt_body:
+___
+$code.=<<___;
+	lea	-8(%rax),%rbp
+	movups	($ivp),$iv
+	mov	$rnds_,$rounds
+	cmp	\$0x50,$len
+	jbe	.Lcbc_dec_tail
+
+	$movkey	($key),$rndkey0
+	movdqu	0x00($inp),$inout0	# load input
+	movdqu	0x10($inp),$inout1
+	movdqa	$inout0,$in0
+	movdqu	0x20($inp),$inout2
+	movdqa	$inout1,$in1
+	movdqu	0x30($inp),$inout3
+	movdqa	$inout2,$in2
+	movdqu	0x40($inp),$inout4
+	movdqa	$inout3,$in3
+	movdqu	0x50($inp),$inout5
+	movdqa	$inout4,$in4
+	mov	OPENSSL_ia32cap_P+4(%rip),%r9d
+	cmp	\$0x70,$len
+	jbe	.Lcbc_dec_six_or_seven
+
+	and	\$`1<<26|1<<22`,%r9d	# isolate XSAVE+MOVBE
+	sub	\$0x50,$len		# $len is biased by -5*16
+	cmp	\$`1<<22`,%r9d		# check for MOVBE without XSAVE
+	je	.Lcbc_dec_loop6_enter	# [which denotes Atom Silvermont]
+	sub	\$0x20,$len		# $len is biased by -7*16
+	lea	0x70($key),$key		# size optimization
+	jmp	.Lcbc_dec_loop8_enter
+.align	16
+.Lcbc_dec_loop8:
+	movups	$inout7,($out)
+	lea	0x10($out),$out
+.Lcbc_dec_loop8_enter:
+	movdqu		0x60($inp),$inout6
+	pxor		$rndkey0,$inout0
+	movdqu		0x70($inp),$inout7
+	pxor		$rndkey0,$inout1
+	$movkey		0x10-0x70($key),$rndkey1
+	pxor		$rndkey0,$inout2
+	xor		$inp_,$inp_
+	cmp		\$0x70,$len	# is there at least 0x60 bytes ahead?
+	pxor		$rndkey0,$inout3
+	pxor		$rndkey0,$inout4
+	pxor		$rndkey0,$inout5
+	pxor		$rndkey0,$inout6
+
+	aesdec		$rndkey1,$inout0
+	pxor		$rndkey0,$inout7
+	$movkey		0x20-0x70($key),$rndkey0
+	aesdec		$rndkey1,$inout1
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	aesdec		$rndkey1,$inout6
+	setnc		${inp_}b
+	shl		\$7,$inp_
+	aesdec		$rndkey1,$inout7
+	add		$inp,$inp_
+	$movkey		0x30-0x70($key),$rndkey1
+___
+for($i=1;$i<12;$i++) {
+my $rndkeyx = ($i&1)?$rndkey0:$rndkey1;
+$code.=<<___	if ($i==7);
+	cmp		\$11,$rounds
+___
+$code.=<<___;
+	aesdec		$rndkeyx,$inout0
+	aesdec		$rndkeyx,$inout1
+	aesdec		$rndkeyx,$inout2
+	aesdec		$rndkeyx,$inout3
+	aesdec		$rndkeyx,$inout4
+	aesdec		$rndkeyx,$inout5
+	aesdec		$rndkeyx,$inout6
+	aesdec		$rndkeyx,$inout7
+	$movkey		`0x30+0x10*$i`-0x70($key),$rndkeyx
+___
+$code.=<<___	if ($i<6 || (!($i&1) && $i>7));
+	nop
+___
+$code.=<<___	if ($i==7);
+	jb		.Lcbc_dec_done
+___
+$code.=<<___	if ($i==9);
+	je		.Lcbc_dec_done
+___
+$code.=<<___	if ($i==11);
+	jmp		.Lcbc_dec_done
+___
+}
+$code.=<<___;
+.align	16
+.Lcbc_dec_done:
+	aesdec		$rndkey1,$inout0
+	aesdec		$rndkey1,$inout1
+	pxor		$rndkey0,$iv
+	pxor		$rndkey0,$in0
+	aesdec		$rndkey1,$inout2
+	aesdec		$rndkey1,$inout3
+	pxor		$rndkey0,$in1
+	pxor		$rndkey0,$in2
+	aesdec		$rndkey1,$inout4
+	aesdec		$rndkey1,$inout5
+	pxor		$rndkey0,$in3
+	pxor		$rndkey0,$in4
+	aesdec		$rndkey1,$inout6
+	aesdec		$rndkey1,$inout7
+	movdqu		0x50($inp),$rndkey1
+
+	aesdeclast	$iv,$inout0
+	movdqu		0x60($inp),$iv		# borrow $iv
+	pxor		$rndkey0,$rndkey1
+	aesdeclast	$in0,$inout1
+	pxor		$rndkey0,$iv
+	movdqu		0x70($inp),$rndkey0	# next IV
+	aesdeclast	$in1,$inout2
+	lea		0x80($inp),$inp
+	movdqu		0x00($inp_),$in0
+	aesdeclast	$in2,$inout3
+	aesdeclast	$in3,$inout4
+	movdqu		0x10($inp_),$in1
+	movdqu		0x20($inp_),$in2
+	aesdeclast	$in4,$inout5
+	aesdeclast	$rndkey1,$inout6
+	movdqu		0x30($inp_),$in3
+	movdqu		0x40($inp_),$in4
+	aesdeclast	$iv,$inout7
+	movdqa		$rndkey0,$iv		# return $iv
+	movdqu		0x50($inp_),$rndkey1
+	$movkey		-0x70($key),$rndkey0
+
+	movups		$inout0,($out)		# store output
+	movdqa		$in0,$inout0
+	movups		$inout1,0x10($out)
+	movdqa		$in1,$inout1
+	movups		$inout2,0x20($out)
+	movdqa		$in2,$inout2
+	movups		$inout3,0x30($out)
+	movdqa		$in3,$inout3
+	movups		$inout4,0x40($out)
+	movdqa		$in4,$inout4
+	movups		$inout5,0x50($out)
+	movdqa		$rndkey1,$inout5
+	movups		$inout6,0x60($out)
+	lea		0x70($out),$out
+
+	sub	\$0x80,$len
+	ja	.Lcbc_dec_loop8
+
+	movaps	$inout7,$inout0
+	lea	-0x70($key),$key
+	add	\$0x70,$len
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	$inout7,($out)
+	lea	0x10($out),$out
+	cmp	\$0x50,$len
+	jbe	.Lcbc_dec_tail
+
+	movaps	$in0,$inout0
+.Lcbc_dec_six_or_seven:
+	cmp	\$0x60,$len
+	ja	.Lcbc_dec_seven
+
+	movaps	$inout5,$inout6
+	call	_aesni_decrypt6
+	pxor	$iv,$inout0		# ^= IV
+	movaps	$inout6,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	pxor	$in4,$inout5
+	movdqu	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	lea	0x50($out),$out
+	movdqa	$inout5,$inout0
+	 pxor	$inout5,$inout5
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_seven:
+	movups	0x60($inp),$inout6
+	xorps	$inout7,$inout7
+	call	_aesni_decrypt8
+	movups	0x50($inp),$inout7
+	pxor	$iv,$inout0		# ^= IV
+	movups	0x60($inp),$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	pxor	$in4,$inout5
+	movdqu	$inout4,0x40($out)
+	 pxor	$inout4,$inout4
+	pxor	$inout7,$inout6
+	movdqu	$inout5,0x50($out)
+	 pxor	$inout5,$inout5
+	lea	0x60($out),$out
+	movdqa	$inout6,$inout0
+	 pxor	$inout6,$inout6
+	 pxor	$inout7,$inout7
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_loop6:
+	movups	$inout5,($out)
+	lea	0x10($out),$out
+	movdqu	0x00($inp),$inout0	# load input
+	movdqu	0x10($inp),$inout1
+	movdqa	$inout0,$in0
+	movdqu	0x20($inp),$inout2
+	movdqa	$inout1,$in1
+	movdqu	0x30($inp),$inout3
+	movdqa	$inout2,$in2
+	movdqu	0x40($inp),$inout4
+	movdqa	$inout3,$in3
+	movdqu	0x50($inp),$inout5
+	movdqa	$inout4,$in4
+.Lcbc_dec_loop6_enter:
+	lea	0x60($inp),$inp
+	movdqa	$inout5,$inout6
+
+	call	_aesni_decrypt6
+
+	pxor	$iv,$inout0		# ^= IV
+	movdqa	$inout6,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	pxor	$in3,$inout4
+	mov	$key_,$key
+	movdqu	$inout3,0x30($out)
+	pxor	$in4,$inout5
+	mov	$rnds_,$rounds
+	movdqu	$inout4,0x40($out)
+	lea	0x50($out),$out
+	sub	\$0x60,$len
+	ja	.Lcbc_dec_loop6
+
+	movdqa	$inout5,$inout0
+	add	\$0x50,$len
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	$inout5,($out)
+	lea	0x10($out),$out
+
+.Lcbc_dec_tail:
+	movups	($inp),$inout0
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_one		# $len is 1*16 or less
+
+	movups	0x10($inp),$inout1
+	movaps	$inout0,$in0
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_two		# $len is 2*16 or less
+
+	movups	0x20($inp),$inout2
+	movaps	$inout1,$in1
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_three		# $len is 3*16 or less
+
+	movups	0x30($inp),$inout3
+	movaps	$inout2,$in2
+	sub	\$0x10,$len
+	jbe	.Lcbc_dec_four		# $len is 4*16 or less
+
+	movups	0x40($inp),$inout4	# $len is 5*16 or less
+	movaps	$inout3,$in3
+	movaps	$inout4,$in4
+	xorps	$inout5,$inout5
+	call	_aesni_decrypt6
+	pxor	$iv,$inout0
+	movaps	$in4,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	pxor	$in3,$inout4
+	movdqu	$inout3,0x30($out)
+	 pxor	$inout3,$inout3
+	lea	0x40($out),$out
+	movdqa	$inout4,$inout0
+	 pxor	$inout4,$inout4
+	 pxor	$inout5,$inout5
+	sub	\$0x10,$len
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_one:
+	movaps	$inout0,$in0
+___
+	&aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+	xorps	$iv,$inout0
+	movaps	$in0,$iv
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_two:
+	movaps	$inout1,$in1
+	call	_aesni_decrypt2
+	pxor	$iv,$inout0
+	movaps	$in1,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	movdqa	$inout1,$inout0
+	 pxor	$inout1,$inout1		# clear register bank
+	lea	0x10($out),$out
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_three:
+	movaps	$inout2,$in2
+	call	_aesni_decrypt3
+	pxor	$iv,$inout0
+	movaps	$in2,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	movdqa	$inout2,$inout0
+	 pxor	$inout2,$inout2
+	lea	0x20($out),$out
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_four:
+	movaps	$inout3,$in3
+	call	_aesni_decrypt4
+	pxor	$iv,$inout0
+	movaps	$in3,$iv
+	pxor	$in0,$inout1
+	movdqu	$inout0,($out)
+	pxor	$in1,$inout2
+	movdqu	$inout1,0x10($out)
+	 pxor	$inout1,$inout1		# clear register bank
+	pxor	$in2,$inout3
+	movdqu	$inout2,0x20($out)
+	 pxor	$inout2,$inout2
+	movdqa	$inout3,$inout0
+	 pxor	$inout3,$inout3
+	lea	0x30($out),$out
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_clear_tail_collected:
+	pxor	$inout1,$inout1		# clear register bank
+	pxor	$inout2,$inout2
+	pxor	$inout3,$inout3
+___
+$code.=<<___ if (!$win64);
+	pxor	$inout4,$inout4		# %xmm6..9
+	pxor	$inout5,$inout5
+	pxor	$inout6,$inout6
+	pxor	$inout7,$inout7
+___
+$code.=<<___;
+.Lcbc_dec_tail_collected:
+	movups	$iv,($ivp)
+	and	\$15,$len
+	jnz	.Lcbc_dec_tail_partial
+	movups	$inout0,($out)
+	pxor	$inout0,$inout0
+	jmp	.Lcbc_dec_ret
+.align	16
+.Lcbc_dec_tail_partial:
+	movaps	$inout0,(%rsp)
+	pxor	$inout0,$inout0
+	mov	\$16,%rcx
+	mov	$out,%rdi
+	sub	$len,%rcx
+	lea	(%rsp),%rsi
+	.long	0x9066A4F3		# rep movsb
+	movdqa	$inout0,(%rsp)
+
+.Lcbc_dec_ret:
+	xorps	$rndkey0,$rndkey0	# %xmm0
+	pxor	$rndkey1,$rndkey1
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	%xmm0,0x10(%rsp)	# clear stack
+	movaps	0x20(%rsp),%xmm7
+	movaps	%xmm0,0x20(%rsp)
+	movaps	0x30(%rsp),%xmm8
+	movaps	%xmm0,0x30(%rsp)
+	movaps	0x40(%rsp),%xmm9
+	movaps	%xmm0,0x40(%rsp)
+	movaps	0x50(%rsp),%xmm10
+	movaps	%xmm0,0x50(%rsp)
+	movaps	0x60(%rsp),%xmm11
+	movaps	%xmm0,0x60(%rsp)
+	movaps	0x70(%rsp),%xmm12
+	movaps	%xmm0,0x70(%rsp)
+	movaps	0x80(%rsp),%xmm13
+	movaps	%xmm0,0x80(%rsp)
+	movaps	0x90(%rsp),%xmm14
+	movaps	%xmm0,0x90(%rsp)
+	movaps	0xa0(%rsp),%xmm15
+	movaps	%xmm0,0xa0(%rsp)
+___
+$code.=<<___;
+	lea	(%rbp),%rsp
+	pop	%rbp
+.Lcbc_ret:
+	ret
+.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+} 
+# int ${PREFIX}_set_decrypt_key(const unsigned char *inp,
+#				int bits, AES_KEY *key)
+#
+# input:	$inp	user-supplied key
+#		$bits	$inp length in bits
+#		$key	pointer to key schedule
+# output:	%eax	0 denoting success, -1 or -2 - failure (see C)
+#		*$key	key schedule
+#
+{ my ($inp,$bits,$key) = @_4args;
+  $bits =~ s/%r/%e/;
+
+$code.=<<___;
+.globl	${PREFIX}_set_decrypt_key
+.type	${PREFIX}_set_decrypt_key,\@abi-omnipotent
+.align	16
+${PREFIX}_set_decrypt_key:
+	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+	call	__aesni_set_encrypt_key
+	shl	\$4,$bits		# rounds-1 after _aesni_set_encrypt_key
+	test	%eax,%eax
+	jnz	.Ldec_key_ret
+	lea	16($key,$bits),$inp	# points at the end of key schedule
+
+	$movkey	($key),%xmm0		# just swap
+	$movkey	($inp),%xmm1
+	$movkey	%xmm0,($inp)
+	$movkey	%xmm1,($key)
+	lea	16($key),$key
+	lea	-16($inp),$inp
+
+.Ldec_key_inverse:
+	$movkey	($key),%xmm0		# swap and inverse
+	$movkey	($inp),%xmm1
+	aesimc	%xmm0,%xmm0
+	aesimc	%xmm1,%xmm1
+	lea	16($key),$key
+	lea	-16($inp),$inp
+	$movkey	%xmm0,16($inp)
+	$movkey	%xmm1,-16($key)
+	cmp	$key,$inp
+	ja	.Ldec_key_inverse
+
+	$movkey	($key),%xmm0		# inverse middle
+	aesimc	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	$movkey	%xmm0,($inp)
+	pxor	%xmm0,%xmm0
+.Ldec_key_ret:
+	add	\$8,%rsp
+	ret
+.LSEH_end_set_decrypt_key:
+.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+___
+
+# This is based on submission by
+#
+#	Huang Ying <ying.huang@intel.com>
+#	Vinodh Gopal <vinodh.gopal@intel.com>
+#	Kahraman Akdemir
+#
+# Aggressively optimized in respect to aeskeygenassist's critical path
+# and is contained in %xmm0-5 to meet Win64 ABI requirement.
+#
+# int ${PREFIX}_set_encrypt_key(const unsigned char *inp,
+#				int bits, AES_KEY * const key);
+#
+# input:	$inp	user-supplied key
+#		$bits	$inp length in bits
+#		$key	pointer to key schedule
+# output:	%eax	0 denoting success, -1 or -2 - failure (see C)
+#		$bits	rounds-1 (used in aesni_set_decrypt_key)
+#		*$key	key schedule
+#		$key	pointer to key schedule (used in
+#			aesni_set_decrypt_key)
+#
+# Subroutine is frame-less, which means that only volatile registers
+# are used. Note that it's declared "abi-omnipotent", which means that
+# amount of volatile registers is smaller on Windows.
+#
+$code.=<<___;
+.globl	${PREFIX}_set_encrypt_key
+.type	${PREFIX}_set_encrypt_key,\@abi-omnipotent
+.align	16
+${PREFIX}_set_encrypt_key:
+__aesni_set_encrypt_key:
+	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
+	mov	\$-1,%rax
+	test	$inp,$inp
+	jz	.Lenc_key_ret
+	test	$key,$key
+	jz	.Lenc_key_ret
+
+	mov	\$`1<<28|1<<11`,%r10d	# AVX and XOP bits
+	movups	($inp),%xmm0		# pull first 128 bits of *userKey
+	xorps	%xmm4,%xmm4		# low dword of xmm4 is assumed 0
+	and	OPENSSL_ia32cap_P+4(%rip),%r10d
+	lea	16($key),%rax		# %rax is used as modifiable copy of $key
+	cmp	\$256,$bits
+	je	.L14rounds
+	cmp	\$192,$bits
+	je	.L12rounds
+	cmp	\$128,$bits
+	jne	.Lbad_keybits
+
+.L10rounds:
+	mov	\$9,$bits			# 10 rounds for 128-bit key
+	cmp	\$`1<<28`,%r10d			# AVX, bit no XOP
+	je	.L10rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 1
+	call		.Lkey_expansion_128_cold
+	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 2
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 3
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 4
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 5
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 6
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x40,%xmm0,%xmm1	# round 7
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x80,%xmm0,%xmm1	# round 8
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x1b,%xmm0,%xmm1	# round 9
+	call		.Lkey_expansion_128
+	aeskeygenassist	\$0x36,%xmm0,%xmm1	# round 10
+	call		.Lkey_expansion_128
+	$movkey	%xmm0,(%rax)
+	mov	$bits,80(%rax)	# 240(%rdx)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L10rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	mov	\$8,%r10d
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	movdqa	%xmm0,%xmm2
+	movdqu	%xmm0,($key)
+	jmp	.Loop_key128
+
+.align	16
+.Loop_key128:
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+	pslld		\$1,%xmm4
+	lea		16(%rax),%rax
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,-16(%rax)
+	movdqa		%xmm0,%xmm2
+
+	dec	%r10d
+	jnz	.Loop_key128
+
+	movdqa		.Lkey_rcon1b(%rip),%xmm4
+
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+	pslld		\$1,%xmm4
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,(%rax)
+
+	movdqa		%xmm0,%xmm2
+	pshufb		%xmm5,%xmm0
+	aesenclast	%xmm4,%xmm0
+
+	movdqa		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm2,%xmm3
+	pslldq		\$4,%xmm2
+	pxor		%xmm3,%xmm2
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,16(%rax)
+
+	mov	$bits,96(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds:
+	movq	16($inp),%xmm2			# remaining 1/3 of *userKey
+	mov	\$11,$bits			# 12 rounds for 192
+	cmp	\$`1<<28`,%r10d			# AVX, but no XOP
+	je	.L12rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 1,2
+	call		.Lkey_expansion_192a_cold
+	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 2,3
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 4,5
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 5,6
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 7,8
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 8,9
+	call		.Lkey_expansion_192b
+	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 10,11
+	call		.Lkey_expansion_192a
+	aeskeygenassist	\$0x80,%xmm2,%xmm1	# round 11,12
+	call		.Lkey_expansion_192b
+	$movkey	%xmm0,(%rax)
+	mov	$bits,48(%rax)	# 240(%rdx)
+	xor	%rax, %rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds_alt:
+	movdqa	.Lkey_rotate192(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	mov	\$8,%r10d
+	movdqu	%xmm0,($key)
+	jmp	.Loop_key192
+
+.align	16
+.Loop_key192:
+	movq		%xmm2,0(%rax)
+	movdqa		%xmm2,%xmm1
+	pshufb		%xmm5,%xmm2
+	aesenclast	%xmm4,%xmm2
+	pslld		\$1, %xmm4
+	lea		24(%rax),%rax
+
+	movdqa		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm3,%xmm0
+
+	pshufd		\$0xff,%xmm0,%xmm3
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+
+	pxor		%xmm2,%xmm0
+	pxor		%xmm3,%xmm2
+	movdqu		%xmm0,-16(%rax)
+
+	dec	%r10d
+	jnz	.Loop_key192
+
+	mov	$bits,32(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds:
+	movups	16($inp),%xmm2			# remaning half of *userKey
+	mov	\$13,$bits			# 14 rounds for 256
+	lea	16(%rax),%rax
+	cmp	\$`1<<28`,%r10d			# AVX, but no XOP
+	je	.L14rounds_alt
+
+	$movkey	%xmm0,($key)			# round 0
+	$movkey	%xmm2,16($key)			# round 1
+	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 2
+	call		.Lkey_expansion_256a_cold
+	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 3
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 4
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 5
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 6
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 7
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 8
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 9
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 10
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 11
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 12
+	call		.Lkey_expansion_256a
+	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 13
+	call		.Lkey_expansion_256b
+	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 14
+	call		.Lkey_expansion_256a
+	$movkey	%xmm0,(%rax)
+	mov	$bits,16(%rax)	# 240(%rdx)
+	xor	%rax,%rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	mov	\$7,%r10d
+	movdqu	%xmm0,0($key)
+	movdqa	%xmm2,%xmm1
+	movdqu	%xmm2,16($key)
+	jmp	.Loop_key256
+
+.align	16
+.Loop_key256:
+	pshufb		%xmm5,%xmm2
+	aesenclast	%xmm4,%xmm2
+
+	movdqa		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm0,%xmm3
+	pslldq		\$4,%xmm0
+	pxor		%xmm3,%xmm0
+	pslld		\$1,%xmm4
+
+	pxor		%xmm2,%xmm0
+	movdqu		%xmm0,(%rax)
+
+	dec	%r10d
+	jz	.Ldone_key256
+
+	pshufd		\$0xff,%xmm0,%xmm2
+	pxor		%xmm3,%xmm3
+	aesenclast	%xmm3,%xmm2
+
+	movdqa		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm1,%xmm3
+	pslldq		\$4,%xmm1
+	pxor		%xmm3,%xmm1
+
+	pxor		%xmm1,%xmm2
+	movdqu		%xmm2,16(%rax)
+	lea		32(%rax),%rax
+	movdqa		%xmm2,%xmm1
+
+	jmp	.Loop_key256
+
+.Ldone_key256:
+	mov	$bits,16(%rax)	# 240($key)
+	xor	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.Lbad_keybits:
+	mov	\$-2,%rax
+.Lenc_key_ret:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	add	\$8,%rsp
+	ret
+.LSEH_end_set_encrypt_key:
+
+.align	16
+.Lkey_expansion_128:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_128_cold:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	xorps	%xmm4, %xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	xorps	%xmm4, %xmm0
+	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm0
+	ret
+
+.align 16
+.Lkey_expansion_192a:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_192a_cold:
+	movaps	%xmm2, %xmm5
+.Lkey_expansion_192b_warm:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	movdqa	%xmm2,%xmm3
+	xorps	%xmm4,%xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	pslldq	\$4,%xmm3
+	xorps	%xmm4,%xmm0
+	pshufd	\$0b01010101,%xmm1,%xmm1	# critical path
+	pxor	%xmm3,%xmm2
+	pxor	%xmm1,%xmm0
+	pshufd	\$0b11111111,%xmm0,%xmm3
+	pxor	%xmm3,%xmm2
+	ret
+
+.align 16
+.Lkey_expansion_192b:
+	movaps	%xmm0,%xmm3
+	shufps	\$0b01000100,%xmm0,%xmm5
+	$movkey	%xmm5,(%rax)
+	shufps	\$0b01001110,%xmm2,%xmm3
+	$movkey	%xmm3,16(%rax)
+	lea	32(%rax),%rax
+	jmp	.Lkey_expansion_192b_warm
+
+.align	16
+.Lkey_expansion_256a:
+	$movkey	%xmm2,(%rax)
+	lea	16(%rax),%rax
+.Lkey_expansion_256a_cold:
+	shufps	\$0b00010000,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	\$0b10001100,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm0
+	ret
+
+.align 16
+.Lkey_expansion_256b:
+	$movkey	%xmm0,(%rax)
+	lea	16(%rax),%rax
+
+	shufps	\$0b00010000,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	\$0b10001100,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	\$0b10101010,%xmm1,%xmm1	# critical path
+	xorps	%xmm1,%xmm2
+	ret
+.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
+___
+}
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lincrement32:
+	.long	6,6,6,0
+.Lincrement64:
+	.long	1,0,0,0
+.Lxts_magic:
+	.long	0x87,0,1,0
+.Lincrement1:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Lkey_rotate:
+	.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d
+.Lkey_rotate192:
+	.long	0x04070605,0x04070605,0x04070605,0x04070605
+.Lkey_rcon1:
+	.long	1,1,1,1
+.Lkey_rcon1b:
+	.long	0x1b,0x1b,0x1b,0x1b
+
+.asciz  "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.type	ecb_ccm64_se_handler,\@abi-omnipotent
+.align	16
+ecb_ccm64_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	0(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$8,%ecx		# 4*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0x58(%rax),%rax		# adjust stack pointer
+
+	jmp	.Lcommon_seh_tail
+.size	ecb_ccm64_se_handler,.-ecb_ccm64_se_handler
+
+.type	ctr_xts_se_handler,\@abi-omnipotent
+.align	16
+ctr_xts_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue lable
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	160($context),%rax	# pull context->Rbp
+	lea	-0xa0(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lcommon_rbp_tail
+.size	ctr_xts_se_handler,.-ctr_xts_se_handler
+
+.type	ocb_se_handler,\@abi-omnipotent
+.align	16
+ocb_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue lable
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10
+	cmp	%r10,%rbx		# context->Rip>=pop label
+	jae	.Locb_no_xmm
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xa0+0x28(%rax),%rax
+
+.Locb_no_xmm:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	ocb_se_handler,.-ocb_se_handler
+___
+$code.=<<___;
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	152($context),%rax	# pull context->Rsp
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_decrypt_bulk(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<"prologue" label
+	jb	.Lcommon_seh_tail
+
+	lea	.Lcbc_decrypt_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<cbc_decrypt_body
+	jb	.Lrestore_cbc_rax
+
+	lea	.Lcbc_ret(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>="epilogue" label
+	jae	.Lcommon_seh_tail
+
+	lea	16(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_rbp_tail:
+	mov	160($context),%rax	# pull context->Rbp
+	mov	(%rax),%rbp		# restore saved %rbp
+	lea	8(%rax),%rax		# adjust stack pointer
+	mov	%rbp,160($context)	# restore context->Rbp
+	jmp	.Lcommon_seh_tail
+
+.Lrestore_cbc_rax:
+	mov	120($context),%rax
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+	.rva	.LSEH_begin_aesni_ecb_encrypt
+	.rva	.LSEH_end_aesni_ecb_encrypt
+	.rva	.LSEH_info_ecb
+
+	.rva	.LSEH_begin_aesni_ccm64_encrypt_blocks
+	.rva	.LSEH_end_aesni_ccm64_encrypt_blocks
+	.rva	.LSEH_info_ccm64_enc
+
+	.rva	.LSEH_begin_aesni_ccm64_decrypt_blocks
+	.rva	.LSEH_end_aesni_ccm64_decrypt_blocks
+	.rva	.LSEH_info_ccm64_dec
+
+	.rva	.LSEH_begin_aesni_ctr32_encrypt_blocks
+	.rva	.LSEH_end_aesni_ctr32_encrypt_blocks
+	.rva	.LSEH_info_ctr32
+
+	.rva	.LSEH_begin_aesni_xts_encrypt
+	.rva	.LSEH_end_aesni_xts_encrypt
+	.rva	.LSEH_info_xts_enc
+
+	.rva	.LSEH_begin_aesni_xts_decrypt
+	.rva	.LSEH_end_aesni_xts_decrypt
+	.rva	.LSEH_info_xts_dec
+
+	.rva	.LSEH_begin_aesni_ocb_encrypt
+	.rva	.LSEH_end_aesni_ocb_encrypt
+	.rva	.LSEH_info_ocb_enc
+
+	.rva	.LSEH_begin_aesni_ocb_decrypt
+	.rva	.LSEH_end_aesni_ocb_decrypt
+	.rva	.LSEH_info_ocb_dec
+___
+$code.=<<___;
+	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_info_cbc
+
+	.rva	${PREFIX}_set_decrypt_key
+	.rva	.LSEH_end_set_decrypt_key
+	.rva	.LSEH_info_key
+
+	.rva	${PREFIX}_set_encrypt_key
+	.rva	.LSEH_end_set_encrypt_key
+	.rva	.LSEH_info_key
+.section	.xdata
+.align	8
+___
+$code.=<<___ if ($PREFIX eq "aesni");
+.LSEH_info_ecb:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lecb_enc_body,.Lecb_enc_ret		# HandlerData[]
+.LSEH_info_ccm64_enc:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lccm64_enc_body,.Lccm64_enc_ret	# HandlerData[]
+.LSEH_info_ccm64_dec:
+	.byte	9,0,0,0
+	.rva	ecb_ccm64_se_handler
+	.rva	.Lccm64_dec_body,.Lccm64_dec_ret	# HandlerData[]
+.LSEH_info_ctr32:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lctr32_body,.Lctr32_epilogue		# HandlerData[]
+.LSEH_info_xts_enc:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
+.LSEH_info_xts_dec:
+	.byte	9,0,0,0
+	.rva	ctr_xts_se_handler
+	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
+.LSEH_info_ocb_enc:
+	.byte	9,0,0,0
+	.rva	ocb_se_handler
+	.rva	.Locb_enc_body,.Locb_enc_epilogue	# HandlerData[]
+	.rva	.Locb_enc_pop
+	.long	0
+.LSEH_info_ocb_dec:
+	.byte	9,0,0,0
+	.rva	ocb_se_handler
+	.rva	.Locb_dec_body,.Locb_dec_epilogue	# HandlerData[]
+	.rva	.Locb_dec_pop
+	.long	0
+___
+$code.=<<___;
+.LSEH_info_cbc:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+.LSEH_info_key:
+	.byte	0x01,0x04,0x01,0x00
+	.byte	0x04,0x02,0x00,0x00	# sub rsp,8
+___
+}
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if($dst>=8);
+    $rex|=0x01			if($src>=8);
+    push @opcode,$rex|0x40	if($rex);
+}
+
+sub aesni {
+  my $line=shift;
+  my @opcode=(0x66);
+
+    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	rex(\@opcode,$4,$3);
+	push @opcode,0x0f,0x3a,0xdf;
+	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
+	my $c=$2;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesimc" => 0xdb,
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
+	return ".byte\t".join(',',@opcode);
+    }
+    elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) {
+	my %opcodelet = (
+		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
+		"aesdec" => 0xde,	"aesdeclast" => 0xdf
+	);
+	return undef if (!defined($opcodelet{$1}));
+	my $off = $2;
+	push @opcode,0x44 if ($3>=8);
+	push @opcode,0x0f,0x38,$opcodelet{$1};
+	push @opcode,0x44|(($3&7)<<3),0x24;	# ModR/M
+	push @opcode,($off=~/^0/?oct($off):$off)&0xff;
+	return ".byte\t".join(',',@opcode);
+    }
+    return $line;
+}
+
+sub movbe {
+	".byte	0x0f,0x38,0xf1,0x44,0x24,".shift;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+#$code =~ s/\bmovbe\s+%eax/bswap %eax; mov %eax/gm;	# debugging artefact
+$code =~ s/\bmovbe\s+%eax,\s*([0-9]+)\(%rsp\)/movbe($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesp8-ppc.pl b/openssl-1.1.0h/crypto/aes/asm/aesp8-ppc.pl
new file mode 100755
index 0000000..b7e92f6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesp8-ppc.pl
@@ -0,0 +1,3805 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for AES instructions as per PowerISA
+# specification version 2.07, first implemented by POWER8 processor.
+# The module is endian-agnostic in sense that it supports both big-
+# and little-endian cases. Data alignment in parallelizable modes is
+# handled with VSX loads and stores, which implies MSR.VSX flag being
+# set. It should also be noted that ISA specification doesn't prohibit
+# alignment exceptions for these instructions on page boundaries.
+# Initially alignment was handled in pure AltiVec/VMX way [when data
+# is aligned programmatically, which in turn guarantees exception-
+# free execution], but it turned to hamper performance when vcipher
+# instructions are interleaved. It's reckoned that eventual
+# misalignment penalties at page boundaries are in average lower
+# than additional overhead in pure AltiVec approach.
+#
+# May 2016
+#
+# Add XTS subroutine, 9x on little- and 12x improvement on big-endian
+# systems were measured.
+#
+######################################################################
+# Current large-block performance in cycles per byte processed with
+# 128-bit key (less is better).
+#
+#		CBC en-/decrypt	CTR	XTS
+# POWER8[le]	3.96/0.72	0.74	1.1
+# POWER8[be]	3.75/0.65	0.66	1.0
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+	$SHL	="sldi";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+	$SHL	="slwi";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=8*$SIZE_T;
+$prefix="aes_p8";
+
+$sp="r1";
+$vrsave="r12";
+
+#########################################################################
+{{{	# Key setup procedures						#
+my ($inp,$bits,$out,$ptr,$cnt,$rounds)=map("r$_",(3..8));
+my ($zero,$in0,$in1,$key,$rcon,$mask,$tmp)=map("v$_",(0..6));
+my ($stage,$outperm,$outmask,$outhead,$outtail)=map("v$_",(7..11));
+
+$code.=<<___;
+.machine	"any"
+
+.text
+
+.align	7
+rcon:
+.long	0x01000000, 0x01000000, 0x01000000, 0x01000000	?rev
+.long	0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000	?rev
+.long	0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c	?rev
+.long	0,0,0,0						?asis
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$ptr	 #vvvvv "distance between . and rcon
+	addi	$ptr,$ptr,-0x48
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.asciz	"AES for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+
+.globl	.${prefix}_set_encrypt_key
+.align	5
+.${prefix}_set_encrypt_key:
+Lset_encrypt_key:
+	mflr		r11
+	$PUSH		r11,$LRSAVE($sp)
+
+	li		$ptr,-1
+	${UCMP}i	$inp,0
+	beq-		Lenc_key_abort		# if ($inp==0) return -1;
+	${UCMP}i	$out,0
+	beq-		Lenc_key_abort		# if ($out==0) return -1;
+	li		$ptr,-2
+	cmpwi		$bits,128
+	blt-		Lenc_key_abort
+	cmpwi		$bits,256
+	bgt-		Lenc_key_abort
+	andi.		r0,$bits,0x3f
+	bne-		Lenc_key_abort
+
+	lis		r0,0xfff0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	bl		Lconsts
+	mtlr		r11
+
+	neg		r9,$inp
+	lvx		$in0,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	lvsr		$key,0,r9		# borrow $key
+	li		r8,0x20
+	cmpwi		$bits,192
+	lvx		$in1,0,$inp
+	le?vspltisb	$mask,0x0f		# borrow $mask
+	lvx		$rcon,0,$ptr
+	le?vxor		$key,$key,$mask		# adjust for byte swap
+	lvx		$mask,r8,$ptr
+	addi		$ptr,$ptr,0x10
+	vperm		$in0,$in0,$in1,$key	# align [and byte swap in LE]
+	li		$cnt,8
+	vxor		$zero,$zero,$zero
+	mtctr		$cnt
+
+	?lvsr		$outperm,0,$out
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$zero,$outmask,$outperm
+
+	blt		Loop128
+	addi		$inp,$inp,8
+	beq		L192
+	addi		$inp,$inp,8
+	b		L256
+
+.align	4
+Loop128:
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+	bdnz		Loop128
+
+	lvx		$rcon,0,$ptr		# last two round keys
+
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+
+	vperm		$key,$in0,$in0,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vxor		$in0,$in0,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+
+	addi		$inp,$out,15		# 15 is not typo
+	addi		$out,$out,0x50
+
+	li		$rounds,10
+	b		Ldone
+
+.align	4
+L192:
+	lvx		$tmp,0,$inp
+	li		$cnt,4
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+	vperm		$in1,$in1,$tmp,$key	# align [and byte swap in LE]
+	vspltisb	$key,8			# borrow $key
+	mtctr		$cnt
+	vsububm		$mask,$mask,$key	# adjust the mask
+
+Loop192:
+	vperm		$key,$in1,$in1,$mask	# roate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	vcipherlast	$key,$key,$rcon
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+
+	 vsldoi		$stage,$zero,$in1,8
+	vspltw		$tmp,$in0,3
+	vxor		$tmp,$tmp,$in1
+	vsldoi		$in1,$zero,$in1,12	# >>32
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in1,$in1,$tmp
+	vxor		$in0,$in0,$key
+	vxor		$in1,$in1,$key
+	 vsldoi		$stage,$stage,$in0,8
+
+	vperm		$key,$in1,$in1,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$stage,$stage,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	 vsldoi		$stage,$in0,$in1,8
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	 vperm		$outtail,$stage,$stage,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vspltw		$tmp,$in0,3
+	vxor		$tmp,$tmp,$in1
+	vsldoi		$in1,$zero,$in1,12	# >>32
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in1,$in1,$tmp
+	vxor		$in0,$in0,$key
+	vxor		$in1,$in1,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$inp,$out,15		# 15 is not typo
+	 addi		$out,$out,16
+	bdnz		Loop192
+
+	li		$rounds,12
+	addi		$out,$out,0x20
+	b		Ldone
+
+.align	4
+L256:
+	lvx		$tmp,0,$inp
+	li		$cnt,7
+	li		$rounds,14
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+	vperm		$in1,$in1,$tmp,$key	# align [and byte swap in LE]
+	mtctr		$cnt
+
+Loop256:
+	vperm		$key,$in1,$in1,$mask	# rotate-n-splat
+	vsldoi		$tmp,$zero,$in0,12	# >>32
+	 vperm		$outtail,$in1,$in1,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	vcipherlast	$key,$key,$rcon
+	 stvx		$stage,0,$out
+	 addi		$out,$out,16
+
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in0,$in0,$tmp
+	 vadduwm	$rcon,$rcon,$rcon
+	vxor		$in0,$in0,$key
+	 vperm		$outtail,$in0,$in0,$outperm	# rotate
+	 vsel		$stage,$outhead,$outtail,$outmask
+	 vmr		$outhead,$outtail
+	 stvx		$stage,0,$out
+	 addi		$inp,$out,15		# 15 is not typo
+	 addi		$out,$out,16
+	bdz		Ldone
+
+	vspltw		$key,$in0,3		# just splat
+	vsldoi		$tmp,$zero,$in1,12	# >>32
+	vsbox		$key,$key
+
+	vxor		$in1,$in1,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in1,$in1,$tmp
+	vsldoi		$tmp,$zero,$tmp,12	# >>32
+	vxor		$in1,$in1,$tmp
+
+	vxor		$in1,$in1,$key
+	b		Loop256
+
+.align	4
+Ldone:
+	lvx		$in1,0,$inp		# redundant in aligned case
+	vsel		$in1,$outhead,$in1,$outmask
+	stvx		$in1,0,$inp
+	li		$ptr,0
+	mtspr		256,$vrsave
+	stw		$rounds,0($out)
+
+Lenc_key_abort:
+	mr		r3,$ptr
+	blr
+	.long		0
+	.byte		0,12,0x14,1,0,0,3,0
+	.long		0
+.size	.${prefix}_set_encrypt_key,.-.${prefix}_set_encrypt_key
+
+.globl	.${prefix}_set_decrypt_key
+.align	5
+.${prefix}_set_decrypt_key:
+	$STU		$sp,-$FRAME($sp)
+	mflr		r10
+	$PUSH		r10,$FRAME+$LRSAVE($sp)
+	bl		Lset_encrypt_key
+	mtlr		r10
+
+	cmpwi		r3,0
+	bne-		Ldec_key_abort
+
+	slwi		$cnt,$rounds,4
+	subi		$inp,$out,240		# first round key
+	srwi		$rounds,$rounds,1
+	add		$out,$inp,$cnt		# last round key
+	mtctr		$rounds
+
+Ldeckey:
+	lwz		r0, 0($inp)
+	lwz		r6, 4($inp)
+	lwz		r7, 8($inp)
+	lwz		r8, 12($inp)
+	addi		$inp,$inp,16
+	lwz		r9, 0($out)
+	lwz		r10,4($out)
+	lwz		r11,8($out)
+	lwz		r12,12($out)
+	stw		r0, 0($out)
+	stw		r6, 4($out)
+	stw		r7, 8($out)
+	stw		r8, 12($out)
+	subi		$out,$out,16
+	stw		r9, -16($inp)
+	stw		r10,-12($inp)
+	stw		r11,-8($inp)
+	stw		r12,-4($inp)
+	bdnz		Ldeckey
+
+	xor		r3,r3,r3		# return value
+Ldec_key_abort:
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,4,1,0x80,0,3,0
+	.long		0
+.size	.${prefix}_set_decrypt_key,.-.${prefix}_set_decrypt_key
+___
+}}}
+#########################################################################
+{{{	# Single block en- and decrypt procedures			#
+sub gen_block () {
+my $dir = shift;
+my $n   = $dir eq "de" ? "n" : "";
+my ($inp,$out,$key,$rounds,$idx)=map("r$_",(3..7));
+
+$code.=<<___;
+.globl	.${prefix}_${dir}crypt
+.align	5
+.${prefix}_${dir}crypt:
+	lwz		$rounds,240($key)
+	lis		r0,0xfc00
+	mfspr		$vrsave,256
+	li		$idx,15			# 15 is not typo
+	mtspr		256,r0
+
+	lvx		v0,0,$inp
+	neg		r11,$out
+	lvx		v1,$idx,$inp
+	lvsl		v2,0,$inp		# inpperm
+	le?vspltisb	v4,0x0f
+	?lvsl		v3,0,r11		# outperm
+	le?vxor		v2,v2,v4
+	li		$idx,16
+	vperm		v0,v0,v1,v2		# align [and byte swap in LE]
+	lvx		v1,0,$key
+	?lvsl		v5,0,$key		# keyperm
+	srwi		$rounds,$rounds,1
+	lvx		v2,$idx,$key
+	addi		$idx,$idx,16
+	subi		$rounds,$rounds,1
+	?vperm		v1,v1,v2,v5		# align round key
+
+	vxor		v0,v0,v1
+	lvx		v1,$idx,$key
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Loop_${dir}c:
+	?vperm		v2,v2,v1,v5
+	v${n}cipher	v0,v0,v2
+	lvx		v2,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		v1,v1,v2,v5
+	v${n}cipher	v0,v0,v1
+	lvx		v1,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_${dir}c
+
+	?vperm		v2,v2,v1,v5
+	v${n}cipher	v0,v0,v2
+	lvx		v2,$idx,$key
+	?vperm		v1,v1,v2,v5
+	v${n}cipherlast	v0,v0,v1
+
+	vspltisb	v2,-1
+	vxor		v1,v1,v1
+	li		$idx,15			# 15 is not typo
+	?vperm		v2,v1,v2,v3		# outmask
+	le?vxor		v3,v3,v4
+	lvx		v1,0,$out		# outhead
+	vperm		v0,v0,v0,v3		# rotate [and byte swap in LE]
+	vsel		v1,v1,v0,v2
+	lvx		v4,$idx,$out
+	stvx		v1,0,$out
+	vsel		v0,v0,v4,v2
+	stvx		v0,$idx,$out
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,3,0
+	.long		0
+.size	.${prefix}_${dir}crypt,.-.${prefix}_${dir}crypt
+___
+}
+&gen_block("en");
+&gen_block("de");
+}}}
+#########################################################################
+{{{	# CBC en- and decrypt procedures				#
+my ($inp,$out,$len,$key,$ivp,$enc,$rounds,$idx)=map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout,$tmp)=		map("v$_",(0..3));
+my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm)=
+						map("v$_",(4..10));
+$code.=<<___;
+.globl	.${prefix}_cbc_encrypt
+.align	5
+.${prefix}_cbc_encrypt:
+	${UCMP}i	$len,16
+	bltlr-
+
+	cmpwi		$enc,0			# test direction
+	lis		r0,0xffe0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	li		$idx,15
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	le?vspltisb	$tmp,0x0f
+
+	lvx		$ivec,0,$ivp		# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$ivec,$ivec,$inptail,$inpperm
+
+	neg		r11,$inp
+	?lvsl		$keyperm,0,$key		# prepare for unaligned key
+	lwz		$rounds,240($key)
+
+	lvsr		$inpperm,0,r11		# prepare for unaligned load
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	?lvsr		$outperm,0,$out		# prepare for unaligned store
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+
+	srwi		$rounds,$rounds,1
+	li		$idx,16
+	subi		$rounds,$rounds,1
+	beq		Lcbc_dec
+
+Lcbc_enc:
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	mtctr		$rounds
+	subi		$len,$len,16		# len-=16
+
+	lvx		$rndkey0,0,$key
+	 vperm		$inout,$inout,$inptail,$inpperm
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	vxor		$inout,$inout,$ivec
+
+Loop_cbc_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_cbc_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$ivec,$inout,$rndkey0
+	${UCMP}i	$len,16
+
+	vperm		$tmp,$ivec,$ivec,$outperm
+	vsel		$inout,$outhead,$tmp,$outmask
+	vmr		$outhead,$tmp
+	stvx		$inout,0,$out
+	addi		$out,$out,16
+	bge		Lcbc_enc
+
+	b		Lcbc_done
+
+.align	4
+Lcbc_dec:
+	${UCMP}i	$len,128
+	bge		_aesp8_cbc_decrypt8x
+	vmr		$tmp,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	mtctr		$rounds
+	subi		$len,$len,16		# len-=16
+
+	lvx		$rndkey0,0,$key
+	 vperm		$tmp,$tmp,$inptail,$inpperm
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$tmp,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+
+Loop_cbc_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_cbc_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipherlast	$inout,$inout,$rndkey0
+	${UCMP}i	$len,16
+
+	vxor		$inout,$inout,$ivec
+	vmr		$ivec,$tmp
+	vperm		$tmp,$inout,$inout,$outperm
+	vsel		$inout,$outhead,$tmp,$outmask
+	vmr		$outhead,$tmp
+	stvx		$inout,0,$out
+	addi		$out,$out,16
+	bge		Lcbc_dec
+
+Lcbc_done:
+	addi		$out,$out,-1
+	lvx		$inout,0,$out		# redundant in aligned case
+	vsel		$inout,$outhead,$inout,$outmask
+	stvx		$inout,0,$out
+
+	neg		$enc,$ivp		# write [unaligned] iv
+	li		$idx,15			# 15 is not typo
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	vspltisb	$outmask,-1
+	le?vspltisb	$tmp,0x0f
+	?lvsl		$outperm,0,$enc
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+	lvx		$outhead,0,$ivp
+	vperm		$ivec,$ivec,$ivec,$outperm
+	vsel		$inout,$outhead,$ivec,$outmask
+	lvx		$inptail,$idx,$ivp
+	stvx		$inout,0,$ivp
+	vsel		$inout,$ivec,$inptail,$outmask
+	stvx		$inout,$idx,$ivp
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,6,0
+	.long		0
+___
+#########################################################################
+{{	# Optimized CBC decrypt procedure				#
+my $key_="r11";
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13));
+my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($tmp,$keyperm)=($in3,$in4);	# aliases with "caller", redundant assignment
+
+$code.=<<___;
+.align	5
+_aesp8_cbc_decrypt8x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	li		r10,`$FRAME+8*16+15`
+	li		r11,`$FRAME+8*16+31`
+	stvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+	subi		$len,$len,128		# bias
+
+	lvx		$rndkey0,$x00,$key	# load key schedule
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	lvx		v31,$x00,$key
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_cbc_dec_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_cbc_dec_key
+
+	lvx		v26,$x10,$key
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$out0,$x70,$key		# borrow $out0
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$out0,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	#lvx		$inptail,0,$inp		# "caller" already did this
+	#addi		$inp,$inp,15		# 15 is not typo
+	subi		$inp,$inp,15		# undo "caller"
+
+	 le?li		$idx,8
+	lvx_u		$in0,$x00,$inp		# load first 8 "words"
+	 le?lvsl	$inpperm,0,$idx
+	 le?vspltisb	$tmp,0x0f
+	lvx_u		$in1,$x10,$inp
+	 le?vxor	$inpperm,$inpperm,$tmp	# transform for lvx_u/stvx_u
+	lvx_u		$in2,$x20,$inp
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	lvx_u		$in3,$x30,$inp
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	lvx_u		$in4,$x40,$inp
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	vxor		$out0,$in0,$rndkey0
+	lvx_u		$in5,$x50,$inp
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	vxor		$out1,$in1,$rndkey0
+	lvx_u		$in6,$x60,$inp
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	vxor		$out2,$in2,$rndkey0
+	lvx_u		$in7,$x70,$inp
+	addi		$inp,$inp,0x80
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	vxor		$out3,$in3,$rndkey0
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	vxor		$out4,$in4,$rndkey0
+	 le?vperm	$in7,$in7,$in7,$inpperm
+	vxor		$out5,$in5,$rndkey0
+	vxor		$out6,$in6,$rndkey0
+	vxor		$out7,$in7,$rndkey0
+
+	mtctr		$rounds
+	b		Loop_cbc_dec8x
+.align	5
+Loop_cbc_dec8x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_cbc_dec8x
+
+	subic		$len,$len,128		# $len-=128
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+
+	and		r0,r0,$len
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+	vncipher	$out6,$out6,v26
+	vncipher	$out7,$out7,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in7 are loaded
+						# with last "words"
+	vncipher	$out0,$out0,v27
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+	vncipher	$out6,$out6,v27
+	vncipher	$out7,$out7,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	vncipher	$out6,$out6,v28
+	vncipher	$out7,$out7,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	vncipher	$out6,$out6,v29
+	vncipher	$out7,$out7,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+
+	vncipher	$out0,$out0,v30
+	 vxor		$ivec,$ivec,v31		# xor with last round key
+	vncipher	$out1,$out1,v30
+	 vxor		$in0,$in0,v31
+	vncipher	$out2,$out2,v30
+	 vxor		$in1,$in1,v31
+	vncipher	$out3,$out3,v30
+	 vxor		$in2,$in2,v31
+	vncipher	$out4,$out4,v30
+	 vxor		$in3,$in3,v31
+	vncipher	$out5,$out5,v30
+	 vxor		$in4,$in4,v31
+	vncipher	$out6,$out6,v30
+	 vxor		$in5,$in5,v31
+	vncipher	$out7,$out7,v30
+	 vxor		$in6,$in6,v31
+
+	vncipherlast	$out0,$out0,$ivec
+	vncipherlast	$out1,$out1,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	vncipherlast	$out2,$out2,$in1
+	 lvx_u		$in1,$x10,$inp
+	vncipherlast	$out3,$out3,$in2
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	 lvx_u		$in2,$x20,$inp
+	vncipherlast	$out4,$out4,$in3
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	 lvx_u		$in3,$x30,$inp
+	vncipherlast	$out5,$out5,$in4
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	 lvx_u		$in4,$x40,$inp
+	vncipherlast	$out6,$out6,$in5
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	 lvx_u		$in5,$x50,$inp
+	vncipherlast	$out7,$out7,$in6
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	 lvx_u		$in6,$x60,$inp
+	vmr		$ivec,$in7
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	 lvx_u		$in7,$x70,$inp
+	 addi		$inp,$inp,0x80
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	 vxor		$out0,$in0,$rndkey0
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	 le?vperm	$in7,$in7,$in7,$inpperm
+	 vxor		$out1,$in1,$rndkey0
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$rndkey0
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$rndkey0
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$rndkey0
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	 vxor		$out5,$in5,$rndkey0
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x60,$out
+	 vxor		$out6,$in6,$rndkey0
+	stvx_u		$out7,$x70,$out
+	addi		$out,$out,0x80
+	 vxor		$out7,$in7,$rndkey0
+
+	mtctr		$rounds
+	beq		Loop_cbc_dec8x		# did $len-=128 borrow?
+
+	addic.		$len,$len,128
+	beq		Lcbc_dec8x_done
+	nop
+	nop
+
+Loop_cbc_dec8x_tail:				# up to 7 "words" tail...
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_cbc_dec8x_tail
+
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	vncipher	$out6,$out6,v24
+	vncipher	$out7,$out7,v24
+
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	vncipher	$out6,$out6,v25
+	vncipher	$out7,$out7,v25
+
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+	vncipher	$out6,$out6,v26
+	vncipher	$out7,$out7,v26
+
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+	vncipher	$out6,$out6,v27
+	vncipher	$out7,$out7,v27
+
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	vncipher	$out6,$out6,v28
+	vncipher	$out7,$out7,v28
+
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	vncipher	$out6,$out6,v29
+	vncipher	$out7,$out7,v29
+
+	vncipher	$out1,$out1,v30
+	 vxor		$ivec,$ivec,v31		# last round key
+	vncipher	$out2,$out2,v30
+	 vxor		$in1,$in1,v31
+	vncipher	$out3,$out3,v30
+	 vxor		$in2,$in2,v31
+	vncipher	$out4,$out4,v30
+	 vxor		$in3,$in3,v31
+	vncipher	$out5,$out5,v30
+	 vxor		$in4,$in4,v31
+	vncipher	$out6,$out6,v30
+	 vxor		$in5,$in5,v31
+	vncipher	$out7,$out7,v30
+	 vxor		$in6,$in6,v31
+
+	cmplwi		$len,32			# switch($len)
+	blt		Lcbc_dec8x_one
+	nop
+	beq		Lcbc_dec8x_two
+	cmplwi		$len,64
+	blt		Lcbc_dec8x_three
+	nop
+	beq		Lcbc_dec8x_four
+	cmplwi		$len,96
+	blt		Lcbc_dec8x_five
+	nop
+	beq		Lcbc_dec8x_six
+
+Lcbc_dec8x_seven:
+	vncipherlast	$out1,$out1,$ivec
+	vncipherlast	$out2,$out2,$in1
+	vncipherlast	$out3,$out3,$in2
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out1,$out1,$out1,$inpperm
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x00,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x10,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x20,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x30,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x40,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x50,$out
+	stvx_u		$out7,$x60,$out
+	addi		$out,$out,0x70
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_six:
+	vncipherlast	$out2,$out2,$ivec
+	vncipherlast	$out3,$out3,$in2
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out2,$out2,$out2,$inpperm
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x00,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x10,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x20,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x30,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x40,$out
+	stvx_u		$out7,$x50,$out
+	addi		$out,$out,0x60
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_five:
+	vncipherlast	$out3,$out3,$ivec
+	vncipherlast	$out4,$out4,$in3
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out3,$out3,$out3,$inpperm
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x00,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x10,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x20,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x30,$out
+	stvx_u		$out7,$x40,$out
+	addi		$out,$out,0x50
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_four:
+	vncipherlast	$out4,$out4,$ivec
+	vncipherlast	$out5,$out5,$in4
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out4,$out4,$out4,$inpperm
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x00,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x10,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x20,$out
+	stvx_u		$out7,$x30,$out
+	addi		$out,$out,0x40
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_three:
+	vncipherlast	$out5,$out5,$ivec
+	vncipherlast	$out6,$out6,$in5
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out5,$out5,$out5,$inpperm
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x00,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x10,$out
+	stvx_u		$out7,$x20,$out
+	addi		$out,$out,0x30
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_two:
+	vncipherlast	$out6,$out6,$ivec
+	vncipherlast	$out7,$out7,$in6
+	vmr		$ivec,$in7
+
+	le?vperm	$out6,$out6,$out6,$inpperm
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x00,$out
+	stvx_u		$out7,$x10,$out
+	addi		$out,$out,0x20
+	b		Lcbc_dec8x_done
+
+.align	5
+Lcbc_dec8x_one:
+	vncipherlast	$out7,$out7,$ivec
+	vmr		$ivec,$in7
+
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out7,0,$out
+	addi		$out,$out,0x10
+
+Lcbc_dec8x_done:
+	le?vperm	$ivec,$ivec,$ivec,$inpperm
+	stvx_u		$ivec,0,$ivp		# write [unaligned] iv
+
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$inpperm,r10,$sp	# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt
+___
+}}	}}}
+
+#########################################################################
+{{{	# CTR procedure[s]						#
+my ($inp,$out,$len,$key,$ivp,$x10,$rounds,$idx)=map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout,$tmp)=		map("v$_",(0..3));
+my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm,$one)=
+						map("v$_",(4..11));
+my $dat=$tmp;
+
+$code.=<<___;
+.globl	.${prefix}_ctr32_encrypt_blocks
+.align	5
+.${prefix}_ctr32_encrypt_blocks:
+	${UCMP}i	$len,1
+	bltlr-
+
+	lis		r0,0xfff0
+	mfspr		$vrsave,256
+	mtspr		256,r0
+
+	li		$idx,15
+	vxor		$rndkey0,$rndkey0,$rndkey0
+	le?vspltisb	$tmp,0x0f
+
+	lvx		$ivec,0,$ivp		# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	 vspltisb	$one,1
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$ivec,$ivec,$inptail,$inpperm
+	 vsldoi		$one,$rndkey0,$one,1
+
+	neg		r11,$inp
+	?lvsl		$keyperm,0,$key		# prepare for unaligned key
+	lwz		$rounds,240($key)
+
+	lvsr		$inpperm,0,r11		# prepare for unaligned load
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,15		# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	srwi		$rounds,$rounds,1
+	li		$idx,16
+	subi		$rounds,$rounds,1
+
+	${UCMP}i	$len,8
+	bge		_aesp8_ctr32_encrypt8x
+
+	?lvsr		$outperm,0,$out		# prepare for unaligned store
+	vspltisb	$outmask,-1
+	lvx		$outhead,0,$out
+	?vperm		$outmask,$rndkey0,$outmask,$outperm
+	le?vxor		$outperm,$outperm,$tmp
+
+	lvx		$rndkey0,0,$key
+	mtctr		$rounds
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$ivec,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	b		Loop_ctr32_enc
+
+.align	5
+Loop_ctr32_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key
+	addi		$idx,$idx,16
+	bdnz		Loop_ctr32_enc
+
+	vadduwm		$ivec,$ivec,$one
+	 vmr		$dat,$inptail
+	 lvx		$inptail,0,$inp
+	 addi		$inp,$inp,16
+	 subic.		$len,$len,1		# blocks--
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key
+	 vperm		$dat,$dat,$inptail,$inpperm
+	 li		$idx,16
+	?vperm		$rndkey1,$rndkey0,$rndkey1,$keyperm
+	 lvx		$rndkey0,0,$key
+	vxor		$dat,$dat,$rndkey1	# last round key
+	vcipherlast	$inout,$inout,$dat
+
+	 lvx		$rndkey1,$idx,$key
+	 addi		$idx,$idx,16
+	vperm		$inout,$inout,$inout,$outperm
+	vsel		$dat,$outhead,$inout,$outmask
+	 mtctr		$rounds
+	 ?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vmr		$outhead,$inout
+	 vxor		$inout,$ivec,$rndkey0
+	 lvx		$rndkey0,$idx,$key
+	 addi		$idx,$idx,16
+	stvx		$dat,0,$out
+	addi		$out,$out,16
+	bne		Loop_ctr32_enc
+
+	addi		$out,$out,-1
+	lvx		$inout,0,$out		# redundant in aligned case
+	vsel		$inout,$outhead,$inout,$outmask
+	stvx		$inout,0,$out
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,6,0
+	.long		0
+___
+#########################################################################
+{{	# Optimized CTR procedure					#
+my $key_="r11";
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14));
+my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($tmp,$keyperm)=($in3,$in4);	# aliases with "caller", redundant assignment
+my ($two,$three,$four)=($outhead,$outperm,$outmask);
+
+$code.=<<___;
+.align	5
+_aesp8_ctr32_encrypt8x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	li		r10,`$FRAME+8*16+15`
+	li		r11,`$FRAME+8*16+31`
+	stvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key	# load key schedule
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	lvx		v31,$x00,$key
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_ctr32_enc_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key
+	addi		$key,$key,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_ctr32_enc_key
+
+	lvx		v26,$x10,$key
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$out0,$x70,$key		# borrow $out0
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$out0,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	vadduwm		$two,$one,$one
+	subi		$inp,$inp,15		# undo "caller"
+	$SHL		$len,$len,4
+
+	vadduwm		$out1,$ivec,$one	# counter values ...
+	vadduwm		$out2,$ivec,$two
+	vxor		$out0,$ivec,$rndkey0	# ... xored with rndkey[0]
+	 le?li		$idx,8
+	vadduwm		$out3,$out1,$two
+	vxor		$out1,$out1,$rndkey0
+	 le?lvsl	$inpperm,0,$idx
+	vadduwm		$out4,$out2,$two
+	vxor		$out2,$out2,$rndkey0
+	 le?vspltisb	$tmp,0x0f
+	vadduwm		$out5,$out3,$two
+	vxor		$out3,$out3,$rndkey0
+	 le?vxor	$inpperm,$inpperm,$tmp	# transform for lvx_u/stvx_u
+	vadduwm		$out6,$out4,$two
+	vxor		$out4,$out4,$rndkey0
+	vadduwm		$out7,$out5,$two
+	vxor		$out5,$out5,$rndkey0
+	vadduwm		$ivec,$out6,$two	# next counter value
+	vxor		$out6,$out6,$rndkey0
+	vxor		$out7,$out7,$rndkey0
+
+	mtctr		$rounds
+	b		Loop_ctr32_enc8x
+.align	5
+Loop_ctr32_enc8x:
+	vcipher 	$out0,$out0,v24
+	vcipher 	$out1,$out1,v24
+	vcipher 	$out2,$out2,v24
+	vcipher 	$out3,$out3,v24
+	vcipher 	$out4,$out4,v24
+	vcipher 	$out5,$out5,v24
+	vcipher 	$out6,$out6,v24
+	vcipher 	$out7,$out7,v24
+Loop_ctr32_enc8x_middle:
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher 	$out0,$out0,v25
+	vcipher 	$out1,$out1,v25
+	vcipher 	$out2,$out2,v25
+	vcipher 	$out3,$out3,v25
+	vcipher 	$out4,$out4,v25
+	vcipher 	$out5,$out5,v25
+	vcipher 	$out6,$out6,v25
+	vcipher 	$out7,$out7,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_ctr32_enc8x
+
+	subic		r11,$len,256		# $len-256, borrow $key_
+	vcipher 	$out0,$out0,v24
+	vcipher 	$out1,$out1,v24
+	vcipher 	$out2,$out2,v24
+	vcipher 	$out3,$out3,v24
+	vcipher 	$out4,$out4,v24
+	vcipher 	$out5,$out5,v24
+	vcipher 	$out6,$out6,v24
+	vcipher 	$out7,$out7,v24
+
+	subfe		r0,r0,r0		# borrow?-1:0
+	vcipher 	$out0,$out0,v25
+	vcipher 	$out1,$out1,v25
+	vcipher 	$out2,$out2,v25
+	vcipher 	$out3,$out3,v25
+	vcipher 	$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+	vcipher		$out6,$out6,v25
+	vcipher		$out7,$out7,v25
+
+	and		r0,r0,r11
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v26
+	vcipher		$out1,$out1,v26
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	vcipher		$out4,$out4,v26
+	vcipher		$out5,$out5,v26
+	vcipher		$out6,$out6,v26
+	vcipher		$out7,$out7,v26
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	subic		$len,$len,129		# $len-=129
+	vcipher		$out0,$out0,v27
+	addi		$len,$len,1		# $len-=128 really
+	vcipher		$out1,$out1,v27
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	vcipher		$out4,$out4,v27
+	vcipher		$out5,$out5,v27
+	vcipher		$out6,$out6,v27
+	vcipher		$out7,$out7,v27
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+
+	vcipher		$out0,$out0,v28
+	 lvx_u		$in0,$x00,$inp		# load input
+	vcipher		$out1,$out1,v28
+	 lvx_u		$in1,$x10,$inp
+	vcipher		$out2,$out2,v28
+	 lvx_u		$in2,$x20,$inp
+	vcipher		$out3,$out3,v28
+	 lvx_u		$in3,$x30,$inp
+	vcipher		$out4,$out4,v28
+	 lvx_u		$in4,$x40,$inp
+	vcipher		$out5,$out5,v28
+	 lvx_u		$in5,$x50,$inp
+	vcipher		$out6,$out6,v28
+	 lvx_u		$in6,$x60,$inp
+	vcipher		$out7,$out7,v28
+	 lvx_u		$in7,$x70,$inp
+	 addi		$inp,$inp,0x80
+
+	vcipher		$out0,$out0,v29
+	 le?vperm	$in0,$in0,$in0,$inpperm
+	vcipher		$out1,$out1,v29
+	 le?vperm	$in1,$in1,$in1,$inpperm
+	vcipher		$out2,$out2,v29
+	 le?vperm	$in2,$in2,$in2,$inpperm
+	vcipher		$out3,$out3,v29
+	 le?vperm	$in3,$in3,$in3,$inpperm
+	vcipher		$out4,$out4,v29
+	 le?vperm	$in4,$in4,$in4,$inpperm
+	vcipher		$out5,$out5,v29
+	 le?vperm	$in5,$in5,$in5,$inpperm
+	vcipher		$out6,$out6,v29
+	 le?vperm	$in6,$in6,$in6,$inpperm
+	vcipher		$out7,$out7,v29
+	 le?vperm	$in7,$in7,$in7,$inpperm
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in7 are loaded
+						# with last "words"
+	subfe.		r0,r0,r0		# borrow?-1:0
+	vcipher		$out0,$out0,v30
+	 vxor		$in0,$in0,v31		# xor with last round key
+	vcipher		$out1,$out1,v30
+	 vxor		$in1,$in1,v31
+	vcipher		$out2,$out2,v30
+	 vxor		$in2,$in2,v31
+	vcipher		$out3,$out3,v30
+	 vxor		$in3,$in3,v31
+	vcipher		$out4,$out4,v30
+	 vxor		$in4,$in4,v31
+	vcipher		$out5,$out5,v30
+	 vxor		$in5,$in5,v31
+	vcipher		$out6,$out6,v30
+	 vxor		$in6,$in6,v31
+	vcipher		$out7,$out7,v30
+	 vxor		$in7,$in7,v31
+
+	bne		Lctr32_enc8x_break	# did $len-129 borrow?
+
+	vcipherlast	$in0,$out0,$in0
+	vcipherlast	$in1,$out1,$in1
+	 vadduwm	$out1,$ivec,$one	# counter values ...
+	vcipherlast	$in2,$out2,$in2
+	 vadduwm	$out2,$ivec,$two
+	 vxor		$out0,$ivec,$rndkey0	# ... xored with rndkey[0]
+	vcipherlast	$in3,$out3,$in3
+	 vadduwm	$out3,$out1,$two
+	 vxor		$out1,$out1,$rndkey0
+	vcipherlast	$in4,$out4,$in4
+	 vadduwm	$out4,$out2,$two
+	 vxor		$out2,$out2,$rndkey0
+	vcipherlast	$in5,$out5,$in5
+	 vadduwm	$out5,$out3,$two
+	 vxor		$out3,$out3,$rndkey0
+	vcipherlast	$in6,$out6,$in6
+	 vadduwm	$out6,$out4,$two
+	 vxor		$out4,$out4,$rndkey0
+	vcipherlast	$in7,$out7,$in7
+	 vadduwm	$out7,$out5,$two
+	 vxor		$out5,$out5,$rndkey0
+	le?vperm	$in0,$in0,$in0,$inpperm
+	 vadduwm	$ivec,$out6,$two	# next counter value
+	 vxor		$out6,$out6,$rndkey0
+	le?vperm	$in1,$in1,$in1,$inpperm
+	 vxor		$out7,$out7,$rndkey0
+	mtctr		$rounds
+
+	 vcipher	$out0,$out0,v24
+	stvx_u		$in0,$x00,$out
+	le?vperm	$in2,$in2,$in2,$inpperm
+	 vcipher	$out1,$out1,v24
+	stvx_u		$in1,$x10,$out
+	le?vperm	$in3,$in3,$in3,$inpperm
+	 vcipher	$out2,$out2,v24
+	stvx_u		$in2,$x20,$out
+	le?vperm	$in4,$in4,$in4,$inpperm
+	 vcipher	$out3,$out3,v24
+	stvx_u		$in3,$x30,$out
+	le?vperm	$in5,$in5,$in5,$inpperm
+	 vcipher	$out4,$out4,v24
+	stvx_u		$in4,$x40,$out
+	le?vperm	$in6,$in6,$in6,$inpperm
+	 vcipher	$out5,$out5,v24
+	stvx_u		$in5,$x50,$out
+	le?vperm	$in7,$in7,$in7,$inpperm
+	 vcipher	$out6,$out6,v24
+	stvx_u		$in6,$x60,$out
+	 vcipher	$out7,$out7,v24
+	stvx_u		$in7,$x70,$out
+	addi		$out,$out,0x80
+
+	b		Loop_ctr32_enc8x_middle
+
+.align	5
+Lctr32_enc8x_break:
+	cmpwi		$len,-0x60
+	blt		Lctr32_enc8x_one
+	nop
+	beq		Lctr32_enc8x_two
+	cmpwi		$len,-0x40
+	blt		Lctr32_enc8x_three
+	nop
+	beq		Lctr32_enc8x_four
+	cmpwi		$len,-0x20
+	blt		Lctr32_enc8x_five
+	nop
+	beq		Lctr32_enc8x_six
+	cmpwi		$len,0x00
+	blt		Lctr32_enc8x_seven
+
+Lctr32_enc8x_eight:
+	vcipherlast	$out0,$out0,$in0
+	vcipherlast	$out1,$out1,$in1
+	vcipherlast	$out2,$out2,$in2
+	vcipherlast	$out3,$out3,$in3
+	vcipherlast	$out4,$out4,$in4
+	vcipherlast	$out5,$out5,$in5
+	vcipherlast	$out6,$out6,$in6
+	vcipherlast	$out7,$out7,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	le?vperm	$out7,$out7,$out7,$inpperm
+	stvx_u		$out6,$x60,$out
+	stvx_u		$out7,$x70,$out
+	addi		$out,$out,0x80
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_seven:
+	vcipherlast	$out0,$out0,$in1
+	vcipherlast	$out1,$out1,$in2
+	vcipherlast	$out2,$out2,$in3
+	vcipherlast	$out3,$out3,$in4
+	vcipherlast	$out4,$out4,$in5
+	vcipherlast	$out5,$out5,$in6
+	vcipherlast	$out6,$out6,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	le?vperm	$out6,$out6,$out6,$inpperm
+	stvx_u		$out5,$x50,$out
+	stvx_u		$out6,$x60,$out
+	addi		$out,$out,0x70
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_six:
+	vcipherlast	$out0,$out0,$in2
+	vcipherlast	$out1,$out1,$in3
+	vcipherlast	$out2,$out2,$in4
+	vcipherlast	$out3,$out3,$in5
+	vcipherlast	$out4,$out4,$in6
+	vcipherlast	$out5,$out5,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	le?vperm	$out5,$out5,$out5,$inpperm
+	stvx_u		$out4,$x40,$out
+	stvx_u		$out5,$x50,$out
+	addi		$out,$out,0x60
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_five:
+	vcipherlast	$out0,$out0,$in3
+	vcipherlast	$out1,$out1,$in4
+	vcipherlast	$out2,$out2,$in5
+	vcipherlast	$out3,$out3,$in6
+	vcipherlast	$out4,$out4,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$inpperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_four:
+	vcipherlast	$out0,$out0,$in4
+	vcipherlast	$out1,$out1,$in5
+	vcipherlast	$out2,$out2,$in6
+	vcipherlast	$out3,$out3,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$inpperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	b		Lctr32_enc8x_done
+
+.align	5
+Lctr32_enc8x_three:
+	vcipherlast	$out0,$out0,$in5
+	vcipherlast	$out1,$out1,$in6
+	vcipherlast	$out2,$out2,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	le?vperm	$out2,$out2,$out2,$inpperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	b		Lcbc_dec8x_done
+
+.align	5
+Lctr32_enc8x_two:
+	vcipherlast	$out0,$out0,$in6
+	vcipherlast	$out1,$out1,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	le?vperm	$out1,$out1,$out1,$inpperm
+	stvx_u		$out0,$x00,$out
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	b		Lcbc_dec8x_done
+
+.align	5
+Lctr32_enc8x_one:
+	vcipherlast	$out0,$out0,$in7
+
+	le?vperm	$out0,$out0,$out0,$inpperm
+	stvx_u		$out0,0,$out
+	addi		$out,$out,0x10
+
+Lctr32_enc8x_done:
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$inpperm,r10,$sp	# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+	stvx		$inpperm,r10,$sp
+	addi		r10,r10,32
+	stvx		$inpperm,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks
+___
+}}	}}}
+
+#########################################################################
+{{{	# XTS procedures						#
+# int aes_p8_xts_[en|de]crypt(const char *inp, char *out, size_t len,	#
+#                             const AES_KEY *key1, const AES_KEY *key2,	#
+#                             [const] unsigned char iv[16]);		#
+# If $key2 is NULL, then a "tweak chaining" mode is engaged, in which	#
+# input tweak value is assumed to be encrypted already, and last tweak	#
+# value, one suitable for consecutive call on same chunk of data, is	#
+# written back to original buffer. In addition, in "tweak chaining"	#
+# mode only complete input blocks are processed.			#
+
+my ($inp,$out,$len,$key1,$key2,$ivp,$rounds,$idx) =	map("r$_",(3..10));
+my ($rndkey0,$rndkey1,$inout) =				map("v$_",(0..2));
+my ($output,$inptail,$inpperm,$leperm,$keyperm) =	map("v$_",(3..7));
+my ($tweak,$seven,$eighty7,$tmp,$tweak1) =		map("v$_",(8..12));
+my $taillen = $key2;
+
+   ($inp,$idx) = ($idx,$inp);				# reassign
+
+$code.=<<___;
+.globl	.${prefix}_xts_encrypt
+.align	5
+.${prefix}_xts_encrypt:
+	mr		$inp,r3				# reassign
+	li		r3,-1
+	${UCMP}i	$len,16
+	bltlr-
+
+	lis		r0,0xfff0
+	mfspr		r12,256				# save vrsave
+	li		r11,0
+	mtspr		256,r0
+
+	vspltisb	$seven,0x07			# 0x070707..07
+	le?lvsl		$leperm,r11,r11
+	le?vspltisb	$tmp,0x0f
+	le?vxor		$leperm,$leperm,$seven
+
+	li		$idx,15
+	lvx		$tweak,0,$ivp			# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$tweak,$tweak,$inptail,$inpperm
+
+	neg		r11,$inp
+	lvsr		$inpperm,0,r11			# prepare for unaligned load
+	lvx		$inout,0,$inp
+	addi		$inp,$inp,15			# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	${UCMP}i	$key2,0				# key2==NULL?
+	beq		Lxts_enc_no_key2
+
+	?lvsl		$keyperm,0,$key2		# prepare for unaligned key
+	lwz		$rounds,240($key2)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	lvx		$rndkey0,0,$key2
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Ltweak_xts_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	bdnz		Ltweak_xts_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$tweak,$tweak,$rndkey0
+
+	li		$ivp,0				# don't chain the tweak
+	b		Lxts_enc
+
+Lxts_enc_no_key2:
+	li		$idx,-16
+	and		$len,$len,$idx			# in "tweak chaining"
+							# mode only complete
+							# blocks are processed
+Lxts_enc:
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+
+	?lvsl		$keyperm,0,$key1		# prepare for unaligned key
+	lwz		$rounds,240($key1)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	vslb		$eighty7,$seven,$seven		# 0x808080..80
+	vor		$eighty7,$eighty7,$seven	# 0x878787..87
+	vspltisb	$tmp,1				# 0x010101..01
+	vsldoi		$eighty7,$eighty7,$tmp,15	# 0x870101..01
+
+	${UCMP}i	$len,96
+	bge		_aesp8_xts_encrypt6x
+
+	andi.		$taillen,$len,15
+	subic		r0,$len,32
+	subi		$taillen,$taillen,16
+	subfe		r0,r0,r0
+	and		r0,r0,$taillen
+	add		$inp,$inp,r0
+
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	mtctr		$rounds
+	b		Loop_xts_enc
+
+.align	5
+Loop_xts_enc:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_enc
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak
+	vcipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+	addi		$out,$out,16
+
+	subic.		$len,$len,16
+	beq		Lxts_enc_done
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+
+	subic		r0,$len,32
+	subfe		r0,r0,r0
+	and		r0,r0,$taillen
+	add		$inp,$inp,r0
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$output,$output,$rndkey0	# just in case $len<16
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	mtctr		$rounds
+	${UCMP}i	$len,16
+	bge		Loop_xts_enc
+
+	vxor		$output,$output,$tweak
+	lvsr		$inpperm,0,$len			# $inpperm is no longer needed
+	vxor		$inptail,$inptail,$inptail	# $inptail is no longer needed
+	vspltisb	$tmp,-1
+	vperm		$inptail,$inptail,$tmp,$inpperm
+	vsel		$inout,$inout,$output,$inptail
+
+	subi		r11,$out,17
+	subi		$out,$out,16
+	mtctr		$len
+	li		$len,16
+Loop_xts_enc_steal:
+	lbzu		r0,1(r11)
+	stb		r0,16(r11)
+	bdnz		Loop_xts_enc_steal
+
+	mtctr		$rounds
+	b		Loop_xts_enc			# one more time...
+
+Lxts_enc_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_enc_ret
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_enc_ret:
+	mtspr		256,r12				# restore vrsave
+	li		r3,0
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_xts_encrypt,.-.${prefix}_xts_encrypt
+
+.globl	.${prefix}_xts_decrypt
+.align	5
+.${prefix}_xts_decrypt:
+	mr		$inp,r3				# reassign
+	li		r3,-1
+	${UCMP}i	$len,16
+	bltlr-
+
+	lis		r0,0xfff8
+	mfspr		r12,256				# save vrsave
+	li		r11,0
+	mtspr		256,r0
+
+	andi.		r0,$len,15
+	neg		r0,r0
+	andi.		r0,r0,16
+	sub		$len,$len,r0
+
+	vspltisb	$seven,0x07			# 0x070707..07
+	le?lvsl		$leperm,r11,r11
+	le?vspltisb	$tmp,0x0f
+	le?vxor		$leperm,$leperm,$seven
+
+	li		$idx,15
+	lvx		$tweak,0,$ivp			# load [unaligned] iv
+	lvsl		$inpperm,0,$ivp
+	lvx		$inptail,$idx,$ivp
+	le?vxor		$inpperm,$inpperm,$tmp
+	vperm		$tweak,$tweak,$inptail,$inpperm
+
+	neg		r11,$inp
+	lvsr		$inpperm,0,r11			# prepare for unaligned load
+	lvx		$inout,0,$inp
+	addi		$inp,$inp,15			# 15 is not typo
+	le?vxor		$inpperm,$inpperm,$tmp
+
+	${UCMP}i	$key2,0				# key2==NULL?
+	beq		Lxts_dec_no_key2
+
+	?lvsl		$keyperm,0,$key2		# prepare for unaligned key
+	lwz		$rounds,240($key2)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	lvx		$rndkey0,0,$key2
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+Ltweak_xts_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipher		$tweak,$tweak,$rndkey0
+	lvx		$rndkey0,$idx,$key2
+	addi		$idx,$idx,16
+	bdnz		Ltweak_xts_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vcipher		$tweak,$tweak,$rndkey1
+	lvx		$rndkey1,$idx,$key2
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vcipherlast	$tweak,$tweak,$rndkey0
+
+	li		$ivp,0				# don't chain the tweak
+	b		Lxts_dec
+
+Lxts_dec_no_key2:
+	neg		$idx,$len
+	andi.		$idx,$idx,15
+	add		$len,$len,$idx			# in "tweak chaining"
+							# mode only complete
+							# blocks are processed
+Lxts_dec:
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+
+	?lvsl		$keyperm,0,$key1		# prepare for unaligned key
+	lwz		$rounds,240($key1)
+	srwi		$rounds,$rounds,1
+	subi		$rounds,$rounds,1
+	li		$idx,16
+
+	vslb		$eighty7,$seven,$seven		# 0x808080..80
+	vor		$eighty7,$eighty7,$seven	# 0x878787..87
+	vspltisb	$tmp,1				# 0x010101..01
+	vsldoi		$eighty7,$eighty7,$tmp,15	# 0x870101..01
+
+	${UCMP}i	$len,96
+	bge		_aesp8_xts_decrypt6x
+
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	mtctr		$rounds
+
+	${UCMP}i	$len,16
+	blt		Ltail_xts_dec
+	be?b		Loop_xts_dec
+
+.align	5
+Loop_xts_dec:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_dec
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak
+	vncipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+	addi		$out,$out,16
+
+	subic.		$len,$len,16
+	beq		Lxts_dec_done
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$inout,$inout,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	mtctr		$rounds
+	${UCMP}i	$len,16
+	bge		Loop_xts_dec
+
+Ltail_xts_dec:
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak1,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak1,$tweak1,$tmp
+
+	subi		$inp,$inp,16
+	add		$inp,$inp,$len
+
+	vxor		$inout,$inout,$tweak		# :-(
+	vxor		$inout,$inout,$tweak1		# :-)
+
+Loop_xts_dec_short:
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vncipher	$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+	bdnz		Loop_xts_dec_short
+
+	?vperm		$rndkey1,$rndkey1,$rndkey0,$keyperm
+	vncipher	$inout,$inout,$rndkey1
+	lvx		$rndkey1,$idx,$key1
+	li		$idx,16
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+	vxor		$rndkey0,$rndkey0,$tweak1
+	vncipherlast	$output,$inout,$rndkey0
+
+	le?vperm	$tmp,$output,$output,$leperm
+	be?nop
+	le?stvx_u	$tmp,0,$out
+	be?stvx_u	$output,0,$out
+
+	vmr		$inout,$inptail
+	lvx		$inptail,0,$inp
+	#addi		$inp,$inp,16
+	lvx		$rndkey0,0,$key1
+	lvx		$rndkey1,$idx,$key1
+	addi		$idx,$idx,16
+	vperm		$inout,$inout,$inptail,$inpperm
+	?vperm		$rndkey0,$rndkey0,$rndkey1,$keyperm
+
+	lvsr		$inpperm,0,$len			# $inpperm is no longer needed
+	vxor		$inptail,$inptail,$inptail	# $inptail is no longer needed
+	vspltisb	$tmp,-1
+	vperm		$inptail,$inptail,$tmp,$inpperm
+	vsel		$inout,$inout,$output,$inptail
+
+	vxor		$rndkey0,$rndkey0,$tweak
+	vxor		$inout,$inout,$rndkey0
+	lvx		$rndkey0,$idx,$key1
+	addi		$idx,$idx,16
+
+	subi		r11,$out,1
+	mtctr		$len
+	li		$len,16
+Loop_xts_dec_steal:
+	lbzu		r0,1(r11)
+	stb		r0,16(r11)
+	bdnz		Loop_xts_dec_steal
+
+	mtctr		$rounds
+	b		Loop_xts_dec			# one more time...
+
+Lxts_dec_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_dec_ret
+
+	vsrab		$tmp,$tweak,$seven		# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	vxor		$tweak,$tweak,$tmp
+
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_dec_ret:
+	mtspr		256,r12				# restore vrsave
+	li		r3,0
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,6,6,0
+	.long		0
+.size	.${prefix}_xts_decrypt,.-.${prefix}_xts_decrypt
+___
+#########################################################################
+{{	# Optimized XTS procedures					#
+my $key_=$key2;
+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
+    $x00=0 if ($flavour =~ /osx/);
+my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5 )=map("v$_",(0..5));
+my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
+my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
+my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
+			# v26-v31 last 6 round keys
+my ($keyperm)=($out0);	# aliases with "caller", redundant assignment
+my $taillen=$x70;
+
+$code.=<<___;
+.align	5
+_aesp8_xts_encrypt6x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	mflr		r11
+	li		r7,`$FRAME+8*16+15`
+	li		r3,`$FRAME+8*16+31`
+	$PUSH		r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	stvx		v20,r7,$sp		# ABI says so
+	addi		r7,r7,32
+	stvx		v21,r3,$sp
+	addi		r3,r3,32
+	stvx		v22,r7,$sp
+	addi		r7,r7,32
+	stvx		v23,r3,$sp
+	addi		r3,r3,32
+	stvx		v24,r7,$sp
+	addi		r7,r7,32
+	stvx		v25,r3,$sp
+	addi		r3,r3,32
+	stvx		v26,r7,$sp
+	addi		r7,r7,32
+	stvx		v27,r3,$sp
+	addi		r3,r3,32
+	stvx		v28,r7,$sp
+	addi		r7,r7,32
+	stvx		v29,r3,$sp
+	addi		r3,r3,32
+	stvx		v30,r7,$sp
+	stvx		v31,r3,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key1	# load key schedule
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	lvx		v31,$x00,$key1
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_xts_enc_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key1
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_xts_enc_key
+
+	lvx		v26,$x10,$key1
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key1
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key1
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key1
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key1
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key1
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$twk5,$x70,$key1	# borrow $twk5
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$twk5,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	 vperm		$in0,$inout,$inptail,$inpperm
+	 subi		$inp,$inp,31		# undo "caller"
+	vxor		$twk0,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out0,$in0,$twk0
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in1,$x10,$inp
+	vxor		$twk1,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in1,$in1,$in1,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out1,$in1,$twk1
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in2,$x20,$inp
+	 andi.		$taillen,$len,15
+	vxor		$twk2,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in2,$in2,$in2,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out2,$in2,$twk2
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in3,$x30,$inp
+	 sub		$len,$len,$taillen
+	vxor		$twk3,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in3,$in3,$in3,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out3,$in3,$twk3
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in4,$x40,$inp
+	 subi		$len,$len,0x60
+	vxor		$twk4,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in4,$in4,$in4,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out4,$in4,$twk4
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	vxor		$twk5,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in5,$in5,$in5,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out5,$in5,$twk5
+	vxor		$tweak,$tweak,$tmp
+
+	vxor		v31,v31,$rndkey0
+	mtctr		$rounds
+	b		Loop_xts_enc6x
+
+.align	5
+Loop_xts_enc6x:
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+	vcipher		$out5,$out5,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_enc6x
+
+	subic		$len,$len,96		# $len-=96
+	 vxor		$in0,$twk0,v31		# xor with last round key
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk0,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out4,$out4,v24
+	vcipher		$out5,$out5,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	 vxor		$in1,$twk1,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk1,$tweak,$rndkey0
+	vcipher		$out4,$out4,v25
+	vcipher		$out5,$out5,v25
+
+	and		r0,r0,$len
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out0,$out0,v26
+	vcipher		$out1,$out1,v26
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out4,$out4,v26
+	vcipher		$out5,$out5,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in5 are loaded
+						# with last "words"
+	 vxor		$in2,$twk2,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk2,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vcipher		$out0,$out0,v27
+	vcipher		$out1,$out1,v27
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out4,$out4,v27
+	vcipher		$out5,$out5,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out0,$out0,v28
+	vcipher		$out1,$out1,v28
+	 vxor		$in3,$twk3,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk3,$tweak,$rndkey0
+	vcipher		$out2,$out2,v28
+	vcipher		$out3,$out3,v28
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipher		$out4,$out4,v28
+	vcipher		$out5,$out5,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vand		$tmp,$tmp,$eighty7
+
+	vcipher		$out0,$out0,v29
+	vcipher		$out1,$out1,v29
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out2,$out2,v29
+	vcipher		$out3,$out3,v29
+	 vxor		$in4,$twk4,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk4,$tweak,$rndkey0
+	vcipher		$out4,$out4,v29
+	vcipher		$out5,$out5,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+
+	vcipher		$out0,$out0,v30
+	vcipher		$out1,$out1,v30
+	 vand		$tmp,$tmp,$eighty7
+	vcipher		$out2,$out2,v30
+	vcipher		$out3,$out3,v30
+	 vxor		$tweak,$tweak,$tmp
+	vcipher		$out4,$out4,v30
+	vcipher		$out5,$out5,v30
+	 vxor		$in5,$twk5,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk5,$tweak,$rndkey0
+
+	vcipherlast	$out0,$out0,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vcipherlast	$out1,$out1,$in1
+	 lvx_u		$in1,$x10,$inp
+	vcipherlast	$out2,$out2,$in2
+	 le?vperm	$in0,$in0,$in0,$leperm
+	 lvx_u		$in2,$x20,$inp
+	 vand		$tmp,$tmp,$eighty7
+	vcipherlast	$out3,$out3,$in3
+	 le?vperm	$in1,$in1,$in1,$leperm
+	 lvx_u		$in3,$x30,$inp
+	vcipherlast	$out4,$out4,$in4
+	 le?vperm	$in2,$in2,$in2,$leperm
+	 lvx_u		$in4,$x40,$inp
+	 vxor		$tweak,$tweak,$tmp
+	vcipherlast	$tmp,$out5,$in5		# last block might be needed
+						# in stealing mode
+	 le?vperm	$in3,$in3,$in3,$leperm
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	 le?vperm	$in4,$in4,$in4,$leperm
+	 le?vperm	$in5,$in5,$in5,$leperm
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	 vxor		$out0,$in0,$twk0
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	 vxor		$out1,$in1,$twk1
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$twk2
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$twk3
+	le?vperm	$out5,$tmp,$tmp,$leperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$twk4
+	le?stvx_u	$out5,$x50,$out
+	be?stvx_u	$tmp, $x50,$out
+	 vxor		$out5,$in5,$twk5
+	addi		$out,$out,0x60
+
+	mtctr		$rounds
+	beq		Loop_xts_enc6x		# did $len-=96 borrow?
+
+	addic.		$len,$len,0x60
+	beq		Lxts_enc6x_zero
+	cmpwi		$len,0x20
+	blt		Lxts_enc6x_one
+	nop
+	beq		Lxts_enc6x_two
+	cmpwi		$len,0x40
+	blt		Lxts_enc6x_three
+	nop
+	beq		Lxts_enc6x_four
+
+Lxts_enc6x_five:
+	vxor		$out0,$in1,$twk0
+	vxor		$out1,$in2,$twk1
+	vxor		$out2,$in3,$twk2
+	vxor		$out3,$in4,$twk3
+	vxor		$out4,$in5,$twk4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk5		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	vxor		$tmp,$out4,$twk5	# last block prep for stealing
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_four:
+	vxor		$out0,$in2,$twk0
+	vxor		$out1,$in3,$twk1
+	vxor		$out2,$in4,$twk2
+	vxor		$out3,$in5,$twk3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk4		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	vxor		$tmp,$out3,$twk4	# last block prep for stealing
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_three:
+	vxor		$out0,$in3,$twk0
+	vxor		$out1,$in4,$twk1
+	vxor		$out2,$in5,$twk2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk3		# unused tweak
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$tmp,$out2,$twk3	# last block prep for stealing
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_two:
+	vxor		$out0,$in4,$twk0
+	vxor		$out1,$in5,$twk1
+	vxor		$out2,$out2,$out2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_enc5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk2		# unused tweak
+	vxor		$tmp,$out1,$twk2	# last block prep for stealing
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_one:
+	vxor		$out0,$in5,$twk0
+	nop
+Loop_xts_enc1x:
+	vcipher		$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_enc1x
+
+	add		$inp,$inp,$taillen
+	cmpwi		$taillen,0
+	vcipher		$out0,$out0,v24
+
+	subi		$inp,$inp,16
+	vcipher		$out0,$out0,v25
+
+	lvsr		$inpperm,0,$taillen
+	vcipher		$out0,$out0,v26
+
+	lvx_u		$in0,0,$inp
+	vcipher		$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vcipher		$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk0,$twk0,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vcipher		$out0,$out0,v30
+
+	vperm		$in0,$in0,$in0,$inpperm
+	vcipherlast	$out0,$out0,$twk0
+
+	vmr		$twk0,$twk1		# unused tweak
+	vxor		$tmp,$out0,$twk1	# last block prep for stealing
+	le?vperm	$out0,$out0,$out0,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	addi		$out,$out,0x10
+	bne		Lxts_enc6x_steal
+	b		Lxts_enc6x_done
+
+.align	4
+Lxts_enc6x_zero:
+	cmpwi		$taillen,0
+	beq		Lxts_enc6x_done
+
+	add		$inp,$inp,$taillen
+	subi		$inp,$inp,16
+	lvx_u		$in0,0,$inp
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	le?vperm	$in0,$in0,$in0,$leperm
+	vperm		$in0,$in0,$in0,$inpperm
+	vxor		$tmp,$tmp,$twk0
+Lxts_enc6x_steal:
+	vxor		$in0,$in0,$twk0
+	vxor		$out0,$out0,$out0
+	vspltisb	$out1,-1
+	vperm		$out0,$out0,$out1,$inpperm
+	vsel		$out0,$in0,$tmp,$out0	# $tmp is last block, remember?
+
+	subi		r30,$out,17
+	subi		$out,$out,16
+	mtctr		$taillen
+Loop_xts_enc6x_steal:
+	lbzu		r0,1(r30)
+	stb		r0,16(r30)
+	bdnz		Loop_xts_enc6x_steal
+
+	li		$taillen,0
+	mtctr		$rounds
+	b		Loop_xts_enc1x		# one more time...
+
+.align	4
+Lxts_enc6x_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_enc6x_ret
+
+	vxor		$tweak,$twk0,$rndkey0
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_enc6x_ret:
+	mtlr		r11
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$seven,r10,$sp		# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,1,0x80,6,6,0
+	.long		0
+
+.align	5
+_aesp8_xts_enc5x:
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		_aesp8_xts_enc5x
+
+	add		$inp,$inp,$taillen
+	cmpwi		$taillen,0
+	vcipher		$out0,$out0,v24
+	vcipher		$out1,$out1,v24
+	vcipher		$out2,$out2,v24
+	vcipher		$out3,$out3,v24
+	vcipher		$out4,$out4,v24
+
+	subi		$inp,$inp,16
+	vcipher		$out0,$out0,v25
+	vcipher		$out1,$out1,v25
+	vcipher		$out2,$out2,v25
+	vcipher		$out3,$out3,v25
+	vcipher		$out4,$out4,v25
+	 vxor		$twk0,$twk0,v31
+
+	vcipher		$out0,$out0,v26
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	vcipher		$out1,$out1,v26
+	vcipher		$out2,$out2,v26
+	vcipher		$out3,$out3,v26
+	vcipher		$out4,$out4,v26
+	 vxor		$in1,$twk1,v31
+
+	vcipher		$out0,$out0,v27
+	lvx_u		$in0,0,$inp
+	vcipher		$out1,$out1,v27
+	vcipher		$out2,$out2,v27
+	vcipher		$out3,$out3,v27
+	vcipher		$out4,$out4,v27
+	 vxor		$in2,$twk2,v31
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vcipher		$out0,$out0,v28
+	vcipher		$out1,$out1,v28
+	vcipher		$out2,$out2,v28
+	vcipher		$out3,$out3,v28
+	vcipher		$out4,$out4,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vxor		$in3,$twk3,v31
+
+	vcipher		$out0,$out0,v29
+	le?vperm	$in0,$in0,$in0,$leperm
+	vcipher		$out1,$out1,v29
+	vcipher		$out2,$out2,v29
+	vcipher		$out3,$out3,v29
+	vcipher		$out4,$out4,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$in4,$twk4,v31
+
+	vcipher		$out0,$out0,v30
+	vperm		$in0,$in0,$in0,$inpperm
+	vcipher		$out1,$out1,v30
+	vcipher		$out2,$out2,v30
+	vcipher		$out3,$out3,v30
+	vcipher		$out4,$out4,v30
+
+	vcipherlast	$out0,$out0,$twk0
+	vcipherlast	$out1,$out1,$in1
+	vcipherlast	$out2,$out2,$in2
+	vcipherlast	$out3,$out3,$in3
+	vcipherlast	$out4,$out4,$in4
+	blr
+        .long   	0
+        .byte   	0,12,0x14,0,0,0,0,0
+
+.align	5
+_aesp8_xts_decrypt6x:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	mflr		r11
+	li		r7,`$FRAME+8*16+15`
+	li		r3,`$FRAME+8*16+31`
+	$PUSH		r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	stvx		v20,r7,$sp		# ABI says so
+	addi		r7,r7,32
+	stvx		v21,r3,$sp
+	addi		r3,r3,32
+	stvx		v22,r7,$sp
+	addi		r7,r7,32
+	stvx		v23,r3,$sp
+	addi		r3,r3,32
+	stvx		v24,r7,$sp
+	addi		r7,r7,32
+	stvx		v25,r3,$sp
+	addi		r3,r3,32
+	stvx		v26,r7,$sp
+	addi		r7,r7,32
+	stvx		v27,r3,$sp
+	addi		r3,r3,32
+	stvx		v28,r7,$sp
+	addi		r7,r7,32
+	stvx		v29,r3,$sp
+	addi		r3,r3,32
+	stvx		v30,r7,$sp
+	stvx		v31,r3,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	mtspr		256,r0
+
+	subi		$rounds,$rounds,3	# -4 in total
+
+	lvx		$rndkey0,$x00,$key1	# load key schedule
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	lvx		v31,$x00,$key1
+	?vperm		$rndkey0,$rndkey0,v30,$keyperm
+	addi		$key_,$sp,$FRAME+15
+	mtctr		$rounds
+
+Load_xts_dec_key:
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v30,$x10,$key1
+	addi		$key1,$key1,0x20
+	stvx		v24,$x00,$key_		# off-load round[1]
+	?vperm		v25,v31,v30,$keyperm
+	lvx		v31,$x00,$key1
+	stvx		v25,$x10,$key_		# off-load round[2]
+	addi		$key_,$key_,0x20
+	bdnz		Load_xts_dec_key
+
+	lvx		v26,$x10,$key1
+	?vperm		v24,v30,v31,$keyperm
+	lvx		v27,$x20,$key1
+	stvx		v24,$x00,$key_		# off-load round[3]
+	?vperm		v25,v31,v26,$keyperm
+	lvx		v28,$x30,$key1
+	stvx		v25,$x10,$key_		# off-load round[4]
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	?vperm		v26,v26,v27,$keyperm
+	lvx		v29,$x40,$key1
+	?vperm		v27,v27,v28,$keyperm
+	lvx		v30,$x50,$key1
+	?vperm		v28,v28,v29,$keyperm
+	lvx		v31,$x60,$key1
+	?vperm		v29,v29,v30,$keyperm
+	lvx		$twk5,$x70,$key1	# borrow $twk5
+	?vperm		v30,v30,v31,$keyperm
+	lvx		v24,$x00,$key_		# pre-load round[1]
+	?vperm		v31,v31,$twk5,$keyperm
+	lvx		v25,$x10,$key_		# pre-load round[2]
+
+	 vperm		$in0,$inout,$inptail,$inpperm
+	 subi		$inp,$inp,31		# undo "caller"
+	vxor		$twk0,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out0,$in0,$twk0
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in1,$x10,$inp
+	vxor		$twk1,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in1,$in1,$in1,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out1,$in1,$twk1
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in2,$x20,$inp
+	 andi.		$taillen,$len,15
+	vxor		$twk2,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in2,$in2,$in2,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out2,$in2,$twk2
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in3,$x30,$inp
+	 sub		$len,$len,$taillen
+	vxor		$twk3,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in3,$in3,$in3,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out3,$in3,$twk3
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in4,$x40,$inp
+	 subi		$len,$len,0x60
+	vxor		$twk4,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in4,$in4,$in4,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out4,$in4,$twk4
+	vxor		$tweak,$tweak,$tmp
+
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	vxor		$twk5,$tweak,$rndkey0
+	vsrab		$tmp,$tweak,$seven	# next tweak value
+	vaddubm		$tweak,$tweak,$tweak
+	vsldoi		$tmp,$tmp,$tmp,15
+	 le?vperm	$in5,$in5,$in5,$leperm
+	vand		$tmp,$tmp,$eighty7
+	 vxor		$out5,$in5,$twk5
+	vxor		$tweak,$tweak,$tmp
+
+	vxor		v31,v31,$rndkey0
+	mtctr		$rounds
+	b		Loop_xts_dec6x
+
+.align	5
+Loop_xts_dec6x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_dec6x
+
+	subic		$len,$len,96		# $len-=96
+	 vxor		$in0,$twk0,v31		# xor with last round key
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk0,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out4,$out4,v24
+	vncipher	$out5,$out5,v24
+
+	subfe.		r0,r0,r0		# borrow?-1:0
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	 vxor		$in1,$twk1,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk1,$tweak,$rndkey0
+	vncipher	$out4,$out4,v25
+	vncipher	$out5,$out5,v25
+
+	and		r0,r0,$len
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out4,$out4,v26
+	vncipher	$out5,$out5,v26
+
+	add		$inp,$inp,r0		# $inp is adjusted in such
+						# way that at exit from the
+						# loop inX-in5 are loaded
+						# with last "words"
+	 vxor		$in2,$twk2,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk2,$tweak,$rndkey0
+	 vaddubm	$tweak,$tweak,$tweak
+	vncipher	$out0,$out0,v27
+	vncipher	$out1,$out1,v27
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out4,$out4,v27
+	vncipher	$out5,$out5,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	 vxor		$in3,$twk3,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk3,$tweak,$rndkey0
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipher	$out4,$out4,v28
+	vncipher	$out5,$out5,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vand		$tmp,$tmp,$eighty7
+
+	vncipher	$out0,$out0,v29
+	vncipher	$out1,$out1,v29
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	 vxor		$in4,$twk4,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk4,$tweak,$rndkey0
+	vncipher	$out4,$out4,v29
+	vncipher	$out5,$out5,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+
+	vncipher	$out0,$out0,v30
+	vncipher	$out1,$out1,v30
+	 vand		$tmp,$tmp,$eighty7
+	vncipher	$out2,$out2,v30
+	vncipher	$out3,$out3,v30
+	 vxor		$tweak,$tweak,$tmp
+	vncipher	$out4,$out4,v30
+	vncipher	$out5,$out5,v30
+	 vxor		$in5,$twk5,v31
+	 vsrab		$tmp,$tweak,$seven	# next tweak value
+	 vxor		$twk5,$tweak,$rndkey0
+
+	vncipherlast	$out0,$out0,$in0
+	 lvx_u		$in0,$x00,$inp		# load next input block
+	 vaddubm	$tweak,$tweak,$tweak
+	 vsldoi		$tmp,$tmp,$tmp,15
+	vncipherlast	$out1,$out1,$in1
+	 lvx_u		$in1,$x10,$inp
+	vncipherlast	$out2,$out2,$in2
+	 le?vperm	$in0,$in0,$in0,$leperm
+	 lvx_u		$in2,$x20,$inp
+	 vand		$tmp,$tmp,$eighty7
+	vncipherlast	$out3,$out3,$in3
+	 le?vperm	$in1,$in1,$in1,$leperm
+	 lvx_u		$in3,$x30,$inp
+	vncipherlast	$out4,$out4,$in4
+	 le?vperm	$in2,$in2,$in2,$leperm
+	 lvx_u		$in4,$x40,$inp
+	 vxor		$tweak,$tweak,$tmp
+	vncipherlast	$out5,$out5,$in5
+	 le?vperm	$in3,$in3,$in3,$leperm
+	 lvx_u		$in5,$x50,$inp
+	 addi		$inp,$inp,0x60
+	 le?vperm	$in4,$in4,$in4,$leperm
+	 le?vperm	$in5,$in5,$in5,$leperm
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	 vxor		$out0,$in0,$twk0
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	 vxor		$out1,$in1,$twk1
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	 vxor		$out2,$in2,$twk2
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	 vxor		$out3,$in3,$twk3
+	le?vperm	$out5,$out5,$out5,$leperm
+	stvx_u		$out4,$x40,$out
+	 vxor		$out4,$in4,$twk4
+	stvx_u		$out5,$x50,$out
+	 vxor		$out5,$in5,$twk5
+	addi		$out,$out,0x60
+
+	mtctr		$rounds
+	beq		Loop_xts_dec6x		# did $len-=96 borrow?
+
+	addic.		$len,$len,0x60
+	beq		Lxts_dec6x_zero
+	cmpwi		$len,0x20
+	blt		Lxts_dec6x_one
+	nop
+	beq		Lxts_dec6x_two
+	cmpwi		$len,0x40
+	blt		Lxts_dec6x_three
+	nop
+	beq		Lxts_dec6x_four
+
+Lxts_dec6x_five:
+	vxor		$out0,$in1,$twk0
+	vxor		$out1,$in2,$twk1
+	vxor		$out2,$in3,$twk2
+	vxor		$out3,$in4,$twk3
+	vxor		$out4,$in5,$twk4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk5		# unused tweak
+	vxor		$twk1,$tweak,$rndkey0
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk1
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	le?vperm	$out4,$out4,$out4,$leperm
+	stvx_u		$out3,$x30,$out
+	stvx_u		$out4,$x40,$out
+	addi		$out,$out,0x50
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_four:
+	vxor		$out0,$in2,$twk0
+	vxor		$out1,$in3,$twk1
+	vxor		$out2,$in4,$twk2
+	vxor		$out3,$in5,$twk3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk4		# unused tweak
+	vmr		$twk1,$twk5
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk5
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	le?vperm	$out3,$out3,$out3,$leperm
+	stvx_u		$out2,$x20,$out
+	stvx_u		$out3,$x30,$out
+	addi		$out,$out,0x40
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_three:
+	vxor		$out0,$in3,$twk0
+	vxor		$out1,$in4,$twk1
+	vxor		$out2,$in5,$twk2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk3		# unused tweak
+	vmr		$twk1,$twk4
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk4
+	le?vperm	$out2,$out2,$out2,$leperm
+	stvx_u		$out1,$x10,$out
+	stvx_u		$out2,$x20,$out
+	addi		$out,$out,0x30
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_two:
+	vxor		$out0,$in4,$twk0
+	vxor		$out1,$in5,$twk1
+	vxor		$out2,$out2,$out2
+	vxor		$out3,$out3,$out3
+	vxor		$out4,$out4,$out4
+
+	bl		_aesp8_xts_dec5x
+
+	le?vperm	$out0,$out0,$out0,$leperm
+	vmr		$twk0,$twk2		# unused tweak
+	vmr		$twk1,$twk3
+	le?vperm	$out1,$out1,$out1,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	vxor		$out0,$in0,$twk3
+	stvx_u		$out1,$x10,$out
+	addi		$out,$out,0x20
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_one:
+	vxor		$out0,$in5,$twk0
+	nop
+Loop_xts_dec1x:
+	vncipher	$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Loop_xts_dec1x
+
+	subi		r0,$taillen,1
+	vncipher	$out0,$out0,v24
+
+	andi.		r0,r0,16
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+
+	sub		$inp,$inp,r0
+	vncipher	$out0,$out0,v26
+
+	lvx_u		$in0,0,$inp
+	vncipher	$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk0,$twk0,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out0,$out0,v30
+
+	mtctr		$rounds
+	vncipherlast	$out0,$out0,$twk0
+
+	vmr		$twk0,$twk1		# unused tweak
+	vmr		$twk1,$twk2
+	le?vperm	$out0,$out0,$out0,$leperm
+	stvx_u		$out0,$x00,$out		# store output
+	addi		$out,$out,0x10
+	vxor		$out0,$in0,$twk2
+	bne		Lxts_dec6x_steal
+	b		Lxts_dec6x_done
+
+.align	4
+Lxts_dec6x_zero:
+	cmpwi		$taillen,0
+	beq		Lxts_dec6x_done
+
+	lvx_u		$in0,0,$inp
+	le?vperm	$in0,$in0,$in0,$leperm
+	vxor		$out0,$in0,$twk1
+Lxts_dec6x_steal:
+	vncipher	$out0,$out0,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		Lxts_dec6x_steal
+
+	add		$inp,$inp,$taillen
+	vncipher	$out0,$out0,v24
+
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+
+	lvx_u		$in0,0,$inp
+	vncipher	$out0,$out0,v26
+
+	lvsr		$inpperm,0,$taillen	# $in5 is no more
+	vncipher	$out0,$out0,v27
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+
+	vncipher	$out0,$out0,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$twk1,$twk1,v31
+
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out0,$out0,v30
+
+	vperm		$in0,$in0,$in0,$inpperm
+	vncipherlast	$tmp,$out0,$twk1
+
+	le?vperm	$out0,$tmp,$tmp,$leperm
+	le?stvx_u	$out0,0,$out
+	be?stvx_u	$tmp,0,$out
+
+	vxor		$out0,$out0,$out0
+	vspltisb	$out1,-1
+	vperm		$out0,$out0,$out1,$inpperm
+	vsel		$out0,$in0,$tmp,$out0
+	vxor		$out0,$out0,$twk0
+
+	subi		r30,$out,1
+	mtctr		$taillen
+Loop_xts_dec6x_steal:
+	lbzu		r0,1(r30)
+	stb		r0,16(r30)
+	bdnz		Loop_xts_dec6x_steal
+
+	li		$taillen,0
+	mtctr		$rounds
+	b		Loop_xts_dec1x		# one more time...
+
+.align	4
+Lxts_dec6x_done:
+	${UCMP}i	$ivp,0
+	beq		Lxts_dec6x_ret
+
+	vxor		$tweak,$twk0,$rndkey0
+	le?vperm	$tweak,$tweak,$tweak,$leperm
+	stvx_u		$tweak,0,$ivp
+
+Lxts_dec6x_ret:
+	mtlr		r11
+	li		r10,`$FRAME+15`
+	li		r11,`$FRAME+31`
+	stvx		$seven,r10,$sp		# wipe copies of round keys
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+	stvx		$seven,r10,$sp
+	addi		r10,r10,32
+	stvx		$seven,r11,$sp
+	addi		r11,r11,32
+
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,0x04,1,0x80,6,6,0
+	.long		0
+
+.align	5
+_aesp8_xts_dec5x:
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+	lvx		v24,$x20,$key_		# round[3]
+	addi		$key_,$key_,0x20
+
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	lvx		v25,$x10,$key_		# round[4]
+	bdnz		_aesp8_xts_dec5x
+
+	subi		r0,$taillen,1
+	vncipher	$out0,$out0,v24
+	vncipher	$out1,$out1,v24
+	vncipher	$out2,$out2,v24
+	vncipher	$out3,$out3,v24
+	vncipher	$out4,$out4,v24
+
+	andi.		r0,r0,16
+	cmpwi		$taillen,0
+	vncipher	$out0,$out0,v25
+	vncipher	$out1,$out1,v25
+	vncipher	$out2,$out2,v25
+	vncipher	$out3,$out3,v25
+	vncipher	$out4,$out4,v25
+	 vxor		$twk0,$twk0,v31
+
+	sub		$inp,$inp,r0
+	vncipher	$out0,$out0,v26
+	vncipher	$out1,$out1,v26
+	vncipher	$out2,$out2,v26
+	vncipher	$out3,$out3,v26
+	vncipher	$out4,$out4,v26
+	 vxor		$in1,$twk1,v31
+
+	vncipher	$out0,$out0,v27
+	lvx_u		$in0,0,$inp
+	vncipher	$out1,$out1,v27
+	vncipher	$out2,$out2,v27
+	vncipher	$out3,$out3,v27
+	vncipher	$out4,$out4,v27
+	 vxor		$in2,$twk2,v31
+
+	addi		$key_,$sp,$FRAME+15	# rewind $key_
+	vncipher	$out0,$out0,v28
+	vncipher	$out1,$out1,v28
+	vncipher	$out2,$out2,v28
+	vncipher	$out3,$out3,v28
+	vncipher	$out4,$out4,v28
+	lvx		v24,$x00,$key_		# re-pre-load round[1]
+	 vxor		$in3,$twk3,v31
+
+	vncipher	$out0,$out0,v29
+	le?vperm	$in0,$in0,$in0,$leperm
+	vncipher	$out1,$out1,v29
+	vncipher	$out2,$out2,v29
+	vncipher	$out3,$out3,v29
+	vncipher	$out4,$out4,v29
+	lvx		v25,$x10,$key_		# re-pre-load round[2]
+	 vxor		$in4,$twk4,v31
+
+	vncipher	$out0,$out0,v30
+	vncipher	$out1,$out1,v30
+	vncipher	$out2,$out2,v30
+	vncipher	$out3,$out3,v30
+	vncipher	$out4,$out4,v30
+
+	vncipherlast	$out0,$out0,$twk0
+	vncipherlast	$out1,$out1,$in1
+	vncipherlast	$out2,$out2,$in2
+	vncipherlast	$out3,$out3,$in3
+	vncipherlast	$out4,$out4,$in4
+	mtctr		$rounds
+	blr
+        .long   	0
+        .byte   	0,12,0x14,0,0,0,0,0
+___
+}}	}}}
+
+my $consts=1;
+foreach(split("\n",$code)) {
+        s/\`([^\`]*)\`/eval($1)/geo;
+
+	# constants table endian-specific conversion
+	if ($consts && m/\.(long|byte)\s+(.+)\s+(\?[a-z]*)$/o) {
+	    my $conv=$3;
+	    my @bytes=();
+
+	    # convert to endian-agnostic format
+	    if ($1 eq "long") {
+	      foreach (split(/,\s*/,$2)) {
+		my $l = /^0/?oct:int;
+		push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff;
+	      }
+	    } else {
+		@bytes = map(/^0/?oct:int,split(/,\s*/,$2));
+	    }
+
+	    # little-endian conversion
+	    if ($flavour =~ /le$/o) {
+		SWITCH: for($conv)  {
+		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; }; 
+		}
+	    }
+
+	    #emit
+	    print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n";
+	    next;
+	}
+	$consts=0 if (m/Lconsts:/o);	# end of table
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/le\?//o		or
+	    s/be\?/#be#/o	or
+	    s/\?lvsr/lvsl/o	or
+	    s/\?lvsl/lvsr/o	or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or
+	    s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or
+	    s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o;
+	} else {			# big-endian
+	    s/le\?/#le#/o	or
+	    s/be\?//o		or
+	    s/\?([a-z]+)/$1/o;
+	}
+
+        print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aest4-sparcv9.pl b/openssl-1.1.0h/crypto/aes/asm/aest4-sparcv9.pl
new file mode 100644
index 0000000..bf479c6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aest4-sparcv9.pl
@@ -0,0 +1,929 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
+# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# license. October 2012. All rights reserved.
+# ====================================================================
+
+######################################################################
+# AES for SPARC T4.
+#
+# AES round instructions complete in 3 cycles and can be issued every
+# cycle. It means that round calculations should take 4*rounds cycles,
+# because any given round instruction depends on result of *both*
+# previous instructions:
+#
+#	|0 |1 |2 |3 |4
+#	|01|01|01|
+#	   |23|23|23|
+#	            |01|01|...
+#	               |23|...
+#
+# Provided that fxor [with IV] takes 3 cycles to complete, critical
+# path length for CBC encrypt would be 3+4*rounds, or in other words
+# it should process one byte in at least (3+4*rounds)/16 cycles. This
+# estimate doesn't account for "collateral" instructions, such as
+# fetching input from memory, xor-ing it with zero-round key and
+# storing the result. Yet, *measured* performance [for data aligned
+# at 64-bit boundary!] deviates from this equation by less than 0.5%:
+#
+#		128-bit key	192-		256-
+# CBC encrypt	2.70/2.90(*)	3.20/3.40	3.70/3.90
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# Out-of-order execution logic managed to fully overlap "collateral"
+# instructions with those on critical path. Amazing!
+#
+# As with Intel AES-NI, question is if it's possible to improve
+# performance of parallelizeable modes by interleaving round
+# instructions. Provided round instruction latency and throughput
+# optimal interleave factor is 2. But can we expect 2x performance
+# improvement? Well, as round instructions can be issued one per
+# cycle, they don't saturate the 2-way issue pipeline and therefore
+# there is room for "collateral" calculations... Yet, 2x speed-up
+# over CBC encrypt remains unattaintable:
+#
+#		128-bit key	192-		256-
+# CBC decrypt	1.64/2.11	1.89/2.37	2.23/2.61
+# CTR		1.64/2.08(*)	1.89/2.33	2.23/2.61
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# Estimates based on amount of instructions under assumption that
+# round instructions are not pairable with any other instruction
+# suggest that latter is the actual case and pipeline runs
+# underutilized. It should be noted that T4 out-of-order execution
+# logic is so capable that performance gain from 2x interleave is
+# not even impressive, ~7-13% over non-interleaved code, largest
+# for 256-bit keys.
+
+# To anchor to something else, software implementation processes
+# one byte in 29 cycles with 128-bit key on same processor. Intel
+# Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts
+# in 0.93, naturally with AES-NI.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$::evp=1;	# if $evp is set to 0, script generates module with
+# AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry
+# points. These however are not fully compatible with openssl/aes.h,
+# because they expect AES_KEY to be aligned at 64-bit boundary. When
+# used through EVP, alignment is arranged at EVP layer. Second thing
+# that is arranged by EVP is at least 32-bit alignment of IV.
+
+######################################################################
+# single-round subroutines
+#
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.text
+
+.globl	aes_t4_encrypt
+.align	32
+aes_t4_encrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 240], $rounds
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	srl		$rounds, 1, $rounds
+	ldd		[$key + 32], %f16
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 40], %f18
+	add		$key, 48, $key
+
+.Lenc:
+	aes_eround01	%f12, %f0, %f2, %f4
+	aes_eround23	%f14, %f0, %f2, %f2
+	ldd		[$key + 0], %f12
+	ldd		[$key + 8], %f14
+	sub		$rounds,1,$rounds
+	aes_eround01	%f16, %f4, %f2, %f0
+	aes_eround23	%f18, %f4, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	brnz,pt		$rounds, .Lenc
+	add		$key, 32, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	aes_eround01	%f12, %f0, %f2, %f4
+	aes_eround23	%f14, %f0, %f2, %f2
+	aes_eround01_l	%f16, %f4, %f2, %f0
+	aes_eround23_l	%f18, %f4, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	aes_t4_encrypt,#function
+.size	aes_t4_encrypt,.-aes_t4_encrypt
+
+.globl	aes_t4_decrypt
+.align	32
+aes_t4_decrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 240], $rounds
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	srl		$rounds, 1, $rounds
+	ldd		[$key + 32], %f16
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 40], %f18
+	add		$key, 48, $key
+
+.Ldec:
+	aes_dround01	%f12, %f0, %f2, %f4
+	aes_dround23	%f14, %f0, %f2, %f2
+	ldd		[$key + 0], %f12
+	ldd		[$key + 8], %f14
+	sub		$rounds,1,$rounds
+	aes_dround01	%f16, %f4, %f2, %f0
+	aes_dround23	%f18, %f4, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	brnz,pt		$rounds, .Ldec
+	add		$key, 32, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	aes_dround01	%f12, %f0, %f2, %f4
+	aes_dround23	%f14, %f0, %f2, %f2
+	aes_dround01_l	%f16, %f4, %f2, %f0
+	aes_dround23_l	%f18, %f4, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	aes_t4_decrypt,#function
+.size	aes_t4_decrypt,.-aes_t4_decrypt
+___
+}
+
+######################################################################
+# key setup subroutines
+#
+{
+my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
+$code.=<<___;
+.globl	aes_t4_set_encrypt_key
+.align	32
+aes_t4_set_encrypt_key:
+.Lset_encrypt_key:
+	and		$inp, 7, $tmp
+	alignaddr	$inp, %g0, $inp
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc,.L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc,.L192
+	ldd		[$inp + 16], %f4
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f8, %f6
+.L256aligned:
+___
+for ($i=0; $i<6; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `32*$i+0`]
+	aes_kexpand1	%f0, %f6, $i, %f0
+	std		%f2, [$out + `32*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `32*$i+16`]
+	aes_kexpand0	%f4, %f2, %f4
+	std		%f6, [$out + `32*$i+24`]
+	aes_kexpand2	%f6, %f4, %f6
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `32*$i+0`]
+	aes_kexpand1	%f0, %f6, $i, %f0
+	std		%f2, [$out + `32*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `32*$i+16`]
+	std		%f6, [$out + `32*$i+24`]
+	std		%f0, [$out + `32*$i+32`]
+	std		%f2, [$out + `32*$i+40`]
+
+	mov		14, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L192:
+	brz,pt		$tmp, .L192aligned
+	nop
+
+	ldd		[$inp + 24], %f6
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+.L192aligned:
+___
+for ($i=0; $i<7; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `24*$i+0`]
+	aes_kexpand1	%f0, %f4, $i, %f0
+	std		%f2, [$out + `24*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `24*$i+16`]
+	aes_kexpand2	%f4, %f2, %f4
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `24*$i+0`]
+	aes_kexpand1	%f0, %f4, $i, %f0
+	std		%f2, [$out + `24*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+	std		%f4, [$out + `24*$i+16`]
+	std		%f0, [$out + `24*$i+24`]
+	std		%f2, [$out + `24*$i+32`]
+
+	mov		12, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+.L128aligned:
+___
+for ($i=0; $i<10; $i++) {
+    $code.=<<___;
+	std		%f0, [$out + `16*$i+0`]
+	aes_kexpand1	%f0, %f2, $i, %f0
+	std		%f2, [$out + `16*$i+8`]
+	aes_kexpand2	%f2, %f0, %f2
+___
+}
+$code.=<<___;
+	std		%f0, [$out + `16*$i+0`]
+	std		%f2, [$out + `16*$i+8`]
+
+	mov		10, $tmp
+	st		$tmp, [$out + 240]
+	retl
+	xor		%o0, %o0, %o0
+.type	aes_t4_set_encrypt_key,#function
+.size	aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key
+
+.globl	aes_t4_set_decrypt_key
+.align	32
+aes_t4_set_decrypt_key:
+	mov		%o7, %o5
+	call		.Lset_encrypt_key
+	nop
+
+	mov		%o5, %o7
+	sll		$tmp, 4, $inp		! $tmp is number of rounds
+	add		$tmp, 2, $tmp
+	add		$out, $inp, $inp	! $inp=$out+16*rounds
+	srl		$tmp, 2, $tmp		! $tmp=(rounds+2)/4
+
+.Lkey_flip:
+	ldd		[$out + 0],  %f0
+	ldd		[$out + 8],  %f2
+	ldd		[$out + 16], %f4
+	ldd		[$out + 24], %f6
+	ldd		[$inp + 0],  %f8
+	ldd		[$inp + 8],  %f10
+	ldd		[$inp - 16], %f12
+	ldd		[$inp - 8],  %f14
+	sub		$tmp, 1, $tmp
+	std		%f0, [$inp + 0]
+	std		%f2, [$inp + 8]
+	std		%f4, [$inp - 16]
+	std		%f6, [$inp - 8]
+	std		%f8, [$out + 0]
+	std		%f10, [$out + 8]
+	std		%f12, [$out + 16]
+	std		%f14, [$out + 24]
+	add		$out, 32, $out
+	brnz		$tmp, .Lkey_flip
+	sub		$inp, 32, $inp
+
+	retl
+	xor		%o0, %o0, %o0
+.type	aes_t4_set_decrypt_key,#function
+.size	aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key
+___
+}
+
+{{{
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
+my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
+
+$code.=<<___;
+.align	32
+_aes128_encrypt_1x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f48, %f0, %f2, %f4
+	aes_eround23	%f50, %f0, %f2, %f2
+	aes_eround01_l	%f52, %f4, %f2, %f0
+	retl
+	aes_eround23_l	%f54, %f4, %f2, %f2
+.type	_aes128_encrypt_1x,#function
+.size	_aes128_encrypt_1x,.-_aes128_encrypt_1x
+
+.align	32
+_aes128_encrypt_2x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f48, %f0, %f2, %f8
+	aes_eround23	%f50, %f0, %f2, %f2
+	aes_eround01	%f48, %f4, %f6, %f10
+	aes_eround23	%f50, %f4, %f6, %f6
+	aes_eround01_l	%f52, %f8, %f2, %f0
+	aes_eround23_l	%f54, %f8, %f2, %f2
+	aes_eround01_l	%f52, %f10, %f6, %f4
+	retl
+	aes_eround23_l	%f54, %f10, %f6, %f6
+.type	_aes128_encrypt_2x,#function
+.size	_aes128_encrypt_2x,.-_aes128_encrypt_2x
+
+.align	32
+_aes128_loadkey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<22;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_aes128_loadkey,#function
+.size	_aes128_loadkey,.-_aes128_loadkey
+_aes128_load_enckey=_aes128_loadkey
+_aes128_load_deckey=_aes128_loadkey
+
+___
+
+&alg_cbc_encrypt_implement("aes",128);
+if ($::evp) {
+    &alg_ctr32_implement("aes",128);
+    &alg_xts_implement("aes",128,"en");
+    &alg_xts_implement("aes",128,"de");
+}
+&alg_cbc_decrypt_implement("aes",128);
+
+$code.=<<___;
+.align	32
+_aes128_decrypt_1x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f48, %f0, %f2, %f4
+	aes_dround23	%f50, %f0, %f2, %f2
+	aes_dround01_l	%f52, %f4, %f2, %f0
+	retl
+	aes_dround23_l	%f54, %f4, %f2, %f2
+.type	_aes128_decrypt_1x,#function
+.size	_aes128_decrypt_1x,.-_aes128_decrypt_1x
+
+.align	32
+_aes128_decrypt_2x:
+___
+for ($i=0; $i<4; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f48, %f0, %f2, %f8
+	aes_dround23	%f50, %f0, %f2, %f2
+	aes_dround01	%f48, %f4, %f6, %f10
+	aes_dround23	%f50, %f4, %f6, %f6
+	aes_dround01_l	%f52, %f8, %f2, %f0
+	aes_dround23_l	%f54, %f8, %f2, %f2
+	aes_dround01_l	%f52, %f10, %f6, %f4
+	retl
+	aes_dround23_l	%f54, %f10, %f6, %f6
+.type	_aes128_decrypt_2x,#function
+.size	_aes128_decrypt_2x,.-_aes128_decrypt_2x
+___
+
+$code.=<<___;
+.align	32
+_aes192_encrypt_1x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f56, %f0, %f2, %f4
+	aes_eround23	%f58, %f0, %f2, %f2
+	aes_eround01_l	%f60, %f4, %f2, %f0
+	retl
+	aes_eround23_l	%f62, %f4, %f2, %f2
+.type	_aes192_encrypt_1x,#function
+.size	_aes192_encrypt_1x,.-_aes192_encrypt_1x
+
+.align	32
+_aes192_encrypt_2x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f56, %f0, %f2, %f8
+	aes_eround23	%f58, %f0, %f2, %f2
+	aes_eround01	%f56, %f4, %f6, %f10
+	aes_eround23	%f58, %f4, %f6, %f6
+	aes_eround01_l	%f60, %f8, %f2, %f0
+	aes_eround23_l	%f62, %f8, %f2, %f2
+	aes_eround01_l	%f60, %f10, %f6, %f4
+	retl
+	aes_eround23_l	%f62, %f10, %f6, %f6
+.type	_aes192_encrypt_2x,#function
+.size	_aes192_encrypt_2x,.-_aes192_encrypt_2x
+
+.align	32
+_aes256_encrypt_1x:
+	aes_eround01	%f16, %f0, %f2, %f4
+	aes_eround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_eround01	%f20, %f4, %f2, %f0
+	aes_eround23	%f22, %f4, %f2, %f2
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_eround01	%f16, %f0, %f2, %f4
+	aes_eround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_eround01_l	%f20, %f4, %f2, %f0
+	aes_eround23_l	%f22, %f4, %f2, %f2
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_encrypt_1x,#function
+.size	_aes256_encrypt_1x,.-_aes256_encrypt_1x
+
+.align	32
+_aes256_encrypt_2x:
+	aes_eround01	%f16, %f0, %f2, %f8
+	aes_eround23	%f18, %f0, %f2, %f2
+	aes_eround01	%f16, %f4, %f6, %f10
+	aes_eround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_eround01	%f20, %f8, %f2, %f0
+	aes_eround23	%f22, %f8, %f2, %f2
+	aes_eround01	%f20, %f10, %f6, %f4
+	aes_eround23	%f22, %f10, %f6, %f6
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_eround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_eround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_eround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_eround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_eround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_eround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_eround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_eround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_eround01	%f16, %f0, %f2, %f8
+	aes_eround23	%f18, %f0, %f2, %f2
+	aes_eround01	%f16, %f4, %f6, %f10
+	aes_eround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_eround01_l	%f20, %f8, %f2, %f0
+	aes_eround23_l	%f22, %f8, %f2, %f2
+	aes_eround01_l	%f20, %f10, %f6, %f4
+	aes_eround23_l	%f22, %f10, %f6, %f6
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_encrypt_2x,#function
+.size	_aes256_encrypt_2x,.-_aes256_encrypt_2x
+
+.align	32
+_aes192_loadkey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<26;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_aes192_loadkey,#function
+.size	_aes192_loadkey,.-_aes192_loadkey
+_aes256_loadkey=_aes192_loadkey
+_aes192_load_enckey=_aes192_loadkey
+_aes192_load_deckey=_aes192_loadkey
+_aes256_load_enckey=_aes192_loadkey
+_aes256_load_deckey=_aes192_loadkey
+___
+
+&alg_cbc_encrypt_implement("aes",256);
+&alg_cbc_encrypt_implement("aes",192);
+if ($::evp) {
+    &alg_ctr32_implement("aes",256);
+    &alg_xts_implement("aes",256,"en");
+    &alg_xts_implement("aes",256,"de");
+    &alg_ctr32_implement("aes",192);
+}
+&alg_cbc_decrypt_implement("aes",192);
+&alg_cbc_decrypt_implement("aes",256);
+
+$code.=<<___;
+.align	32
+_aes256_decrypt_1x:
+	aes_dround01	%f16, %f0, %f2, %f4
+	aes_dround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_dround01	%f20, %f4, %f2, %f0
+	aes_dround23	%f22, %f4, %f2, %f2
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f16, %f0, %f2, %f4
+	aes_dround23	%f18, %f0, %f2, %f2
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_dround01_l	%f20, %f4, %f2, %f0
+	aes_dround23_l	%f22, %f4, %f2, %f2
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_decrypt_1x,#function
+.size	_aes256_decrypt_1x,.-_aes256_decrypt_1x
+
+.align	32
+_aes256_decrypt_2x:
+	aes_dround01	%f16, %f0, %f2, %f8
+	aes_dround23	%f18, %f0, %f2, %f2
+	aes_dround01	%f16, %f4, %f6, %f10
+	aes_dround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	aes_dround01	%f20, %f8, %f2, %f0
+	aes_dround23	%f22, %f8, %f2, %f2
+	aes_dround01	%f20, %f10, %f6, %f4
+	aes_dround23	%f22, %f10, %f6, %f6
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+___
+for ($i=1; $i<6; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f16, %f0, %f2, %f8
+	aes_dround23	%f18, %f0, %f2, %f2
+	aes_dround01	%f16, %f4, %f6, %f10
+	aes_dround23	%f18, %f4, %f6, %f6
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	aes_dround01_l	%f20, %f8, %f2, %f0
+	aes_dround23_l	%f22, %f8, %f2, %f2
+	aes_dround01_l	%f20, %f10, %f6, %f4
+	aes_dround23_l	%f22, %f10, %f6, %f6
+	ldd		[$key + 32], %f20
+	retl
+	ldd		[$key + 40], %f22
+.type	_aes256_decrypt_2x,#function
+.size	_aes256_decrypt_2x,.-_aes256_decrypt_2x
+
+.align	32
+_aes192_decrypt_1x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f4
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f4, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f4, %f2, %f2
+___
+}
+$code.=<<___;
+	aes_dround01	%f56, %f0, %f2, %f4
+	aes_dround23	%f58, %f0, %f2, %f2
+	aes_dround01_l	%f60, %f4, %f2, %f0
+	retl
+	aes_dround23_l	%f62, %f4, %f2, %f2
+.type	_aes192_decrypt_1x,#function
+.size	_aes192_decrypt_1x,.-_aes192_decrypt_1x
+
+.align	32
+_aes192_decrypt_2x:
+___
+for ($i=0; $i<5; $i++) {
+    $code.=<<___;
+	aes_dround01	%f`16+8*$i+0`, %f0, %f2, %f8
+	aes_dround23	%f`16+8*$i+2`, %f0, %f2, %f2
+	aes_dround01	%f`16+8*$i+0`, %f4, %f6, %f10
+	aes_dround23	%f`16+8*$i+2`, %f4, %f6, %f6
+	aes_dround01	%f`16+8*$i+4`, %f8, %f2, %f0
+	aes_dround23	%f`16+8*$i+6`, %f8, %f2, %f2
+	aes_dround01	%f`16+8*$i+4`, %f10, %f6, %f4
+	aes_dround23	%f`16+8*$i+6`, %f10, %f6, %f6
+___
+}
+$code.=<<___;
+	aes_dround01	%f56, %f0, %f2, %f8
+	aes_dround23	%f58, %f0, %f2, %f2
+	aes_dround01	%f56, %f4, %f6, %f10
+	aes_dround23	%f58, %f4, %f6, %f6
+	aes_dround01_l	%f60, %f8, %f2, %f0
+	aes_dround23_l	%f62, %f8, %f2, %f2
+	aes_dround01_l	%f60, %f10, %f6, %f4
+	retl
+	aes_dround23_l	%f62, %f10, %f6, %f6
+.type	_aes192_decrypt_2x,#function
+.size	_aes192_decrypt_2x,.-_aes192_decrypt_2x
+___
+}}}
+
+if (!$::evp) {
+$code.=<<___;
+.global	AES_encrypt
+AES_encrypt=aes_t4_encrypt
+.global	AES_decrypt
+AES_decrypt=aes_t4_decrypt
+.global	AES_set_encrypt_key
+.align	32
+AES_set_encrypt_key:
+	andcc		%o2, 7, %g0		! check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		aes_t4_set_encrypt_key
+	nop
+1:	retl
+	nop
+.type	AES_set_encrypt_key,#function
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.global	AES_set_decrypt_key
+.align	32
+AES_set_decrypt_key:
+	andcc		%o2, 7, %g0		! check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		aes_t4_set_decrypt_key
+	nop
+1:	retl
+	nop
+.type	AES_set_decrypt_key,#function
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
+
+$code.=<<___;
+.globl	AES_cbc_encrypt
+.align	32
+AES_cbc_encrypt:
+	ld		[$key + 240], %g1
+	nop
+	brz		$enc, .Lcbc_decrypt
+	cmp		%g1, 12
+
+	bl,pt		%icc, aes128_t4_cbc_encrypt
+	nop
+	be,pn		%icc, aes192_t4_cbc_encrypt
+	nop
+	ba		aes256_t4_cbc_encrypt
+	nop
+
+.Lcbc_decrypt:
+	bl,pt		%icc, aes128_t4_cbc_decrypt
+	nop
+	be,pn		%icc, aes192_t4_cbc_decrypt
+	nop
+	ba		aes256_t4_cbc_decrypt
+	nop
+.type	AES_cbc_encrypt,#function
+.size	AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+$code.=<<___;
+.asciz	"AES for SPARC T4, David S. Miller, Andy Polyakov"
+.align	4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/aesv8-armx.pl b/openssl-1.1.0h/crypto/aes/asm/aesv8-armx.pl
new file mode 100755
index 0000000..1782d5b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/aesv8-armx.pl
@@ -0,0 +1,1008 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for ARMv8 AES instructions. The
+# module is endian-agnostic in sense that it supports both big- and
+# little-endian cases. As does it support both 32- and 64-bit modes
+# of operation. Latter is achieved by limiting amount of utilized
+# registers to 16, which implies additional NEON load and integer
+# instructions. This has no effect on mighty Apple A7, where results
+# are literally equal to the theoretical estimates based on AES
+# instruction latencies and issue rates. On Cortex-A53, an in-order
+# execution core, this costs up to 10-15%, which is partially
+# compensated by implementing dedicated code path for 128-bit
+# CBC encrypt case. On Cortex-A57 parallelizable mode performance
+# seems to be limited by sheer amount of NEON instructions...
+#
+# Performance in cycles per byte processed with 128-bit key:
+#
+#		CBC enc		CBC dec		CTR
+# Apple A7	2.39		1.20		1.20
+# Cortex-A53	1.32		1.29		1.46
+# Cortex-A57(*)	1.95		0.85		0.93
+# Denver	1.96		0.86		0.80
+# Mongoose	1.33		1.20		1.20
+#
+# (*)	original 3.64/1.34/1.32 results were for r0p0 revision
+#	and are still same even for updated module;
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$prefix="aes_v8";
+
+$code=<<___;
+#include "arm_arch.h"
+
+#if __ARM_MAX_ARCH__>=7
+.text
+___
+$code.=".arch	armv8-a+crypto\n"			if ($flavour =~ /64/);
+$code.=<<___						if ($flavour !~ /64/);
+.arch	armv7-a	// don't confuse not-so-latest binutils with argv8 :-)
+.fpu	neon
+.code	32
+#undef	__thumb2__
+___
+
+# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
+# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
+# maintain both 32- and 64-bit codes within single module and
+# transliterate common code to either flavour with regex vodoo.
+#
+{{{
+my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
+my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
+	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
+
+
+$code.=<<___;
+.align	5
+.Lrcon:
+.long	0x01,0x01,0x01,0x01
+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
+.long	0x1b,0x1b,0x1b,0x1b
+
+.globl	${prefix}_set_encrypt_key
+.type	${prefix}_set_encrypt_key,%function
+.align	5
+${prefix}_set_encrypt_key:
+.Lenc_key:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___;
+	mov	$ptr,#-1
+	cmp	$inp,#0
+	b.eq	.Lenc_key_abort
+	cmp	$out,#0
+	b.eq	.Lenc_key_abort
+	mov	$ptr,#-2
+	cmp	$bits,#128
+	b.lt	.Lenc_key_abort
+	cmp	$bits,#256
+	b.gt	.Lenc_key_abort
+	tst	$bits,#0x3f
+	b.ne	.Lenc_key_abort
+
+	adr	$ptr,.Lrcon
+	cmp	$bits,#192
+
+	veor	$zero,$zero,$zero
+	vld1.8	{$in0},[$inp],#16
+	mov	$bits,#8		// reuse $bits
+	vld1.32	{$rcon,$mask},[$ptr],#32
+
+	b.lt	.Loop128
+	b.eq	.L192
+	b	.L256
+
+.align	4
+.Loop128:
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+	b.ne	.Loop128
+
+	vld1.32	{$rcon},[$ptr]
+
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+
+	vtbl.8	$key,{$in0},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in0},[$out],#16
+	aese	$key,$zero
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	veor	$in0,$in0,$key
+	vst1.32	{$in0},[$out]
+	add	$out,$out,#0x50
+
+	mov	$rounds,#10
+	b	.Ldone
+
+.align	4
+.L192:
+	vld1.8	{$in1},[$inp],#8
+	vmov.i8	$key,#8			// borrow $key
+	vst1.32	{$in0},[$out],#16
+	vsub.i8	$mask,$mask,$key	// adjust the mask
+
+.Loop192:
+	vtbl.8	$key,{$in1},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in1},[$out],#8
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+
+	vdup.32	$tmp,${in0}[3]
+	veor	$tmp,$tmp,$in1
+	 veor	$key,$key,$rcon
+	vext.8	$in1,$zero,$in1,#12
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in1,$in1,$tmp
+	veor	$in0,$in0,$key
+	veor	$in1,$in1,$key
+	vst1.32	{$in0},[$out],#16
+	b.ne	.Loop192
+
+	mov	$rounds,#12
+	add	$out,$out,#0x20
+	b	.Ldone
+
+.align	4
+.L256:
+	vld1.8	{$in1},[$inp]
+	mov	$bits,#7
+	mov	$rounds,#14
+	vst1.32	{$in0},[$out],#16
+
+.Loop256:
+	vtbl.8	$key,{$in1},$mask
+	vext.8	$tmp,$zero,$in0,#12
+	vst1.32	{$in1},[$out],#16
+	aese	$key,$zero
+	subs	$bits,$bits,#1
+
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in0,$in0,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	 veor	$key,$key,$rcon
+	veor	$in0,$in0,$tmp
+	vshl.u8	$rcon,$rcon,#1
+	veor	$in0,$in0,$key
+	vst1.32	{$in0},[$out],#16
+	b.eq	.Ldone
+
+	vdup.32	$key,${in0}[3]		// just splat
+	vext.8	$tmp,$zero,$in1,#12
+	aese	$key,$zero
+
+	veor	$in1,$in1,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in1,$in1,$tmp
+	vext.8	$tmp,$zero,$tmp,#12
+	veor	$in1,$in1,$tmp
+
+	veor	$in1,$in1,$key
+	b	.Loop256
+
+.Ldone:
+	str	$rounds,[$out]
+	mov	$ptr,#0
+
+.Lenc_key_abort:
+	mov	x0,$ptr			// return value
+	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
+	ret
+.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
+
+.globl	${prefix}_set_decrypt_key
+.type	${prefix}_set_decrypt_key,%function
+.align	5
+${prefix}_set_decrypt_key:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	stmdb	sp!,{r4,lr}
+___
+$code.=<<___;
+	bl	.Lenc_key
+
+	cmp	x0,#0
+	b.ne	.Ldec_key_abort
+
+	sub	$out,$out,#240		// restore original $out
+	mov	x4,#-16
+	add	$inp,$out,x12,lsl#4	// end of key schedule
+
+	vld1.32	{v0.16b},[$out]
+	vld1.32	{v1.16b},[$inp]
+	vst1.32	{v0.16b},[$inp],x4
+	vst1.32	{v1.16b},[$out],#16
+
+.Loop_imc:
+	vld1.32	{v0.16b},[$out]
+	vld1.32	{v1.16b},[$inp]
+	aesimc	v0.16b,v0.16b
+	aesimc	v1.16b,v1.16b
+	vst1.32	{v0.16b},[$inp],x4
+	vst1.32	{v1.16b},[$out],#16
+	cmp	$inp,$out
+	b.hi	.Loop_imc
+
+	vld1.32	{v0.16b},[$out]
+	aesimc	v0.16b,v0.16b
+	vst1.32	{v0.16b},[$inp]
+
+	eor	x0,x0,x0		// return value
+.Ldec_key_abort:
+___
+$code.=<<___	if ($flavour !~ /64/);
+	ldmia	sp!,{r4,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldp	x29,x30,[sp],#16
+	ret
+___
+$code.=<<___;
+.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
+___
+}}}
+{{{
+sub gen_block () {
+my $dir = shift;
+my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
+my ($inp,$out,$key)=map("x$_",(0..2));
+my $rounds="w3";
+my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
+
+$code.=<<___;
+.globl	${prefix}_${dir}crypt
+.type	${prefix}_${dir}crypt,%function
+.align	5
+${prefix}_${dir}crypt:
+	ldr	$rounds,[$key,#240]
+	vld1.32	{$rndkey0},[$key],#16
+	vld1.8	{$inout},[$inp]
+	sub	$rounds,$rounds,#2
+	vld1.32	{$rndkey1},[$key],#16
+
+.Loop_${dir}c:
+	aes$e	$inout,$rndkey0
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey0},[$key],#16
+	subs	$rounds,$rounds,#2
+	aes$e	$inout,$rndkey1
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey1},[$key],#16
+	b.gt	.Loop_${dir}c
+
+	aes$e	$inout,$rndkey0
+	aes$mc	$inout,$inout
+	vld1.32	{$rndkey0},[$key]
+	aes$e	$inout,$rndkey1
+	veor	$inout,$inout,$rndkey0
+
+	vst1.8	{$inout},[$out]
+	ret
+.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
+___
+}
+&gen_block("en");
+&gen_block("de");
+}}}
+{{{
+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5";
+my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12");
+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
+
+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1);
+my ($key4,$key5,$key6,$key7)=("x6","x12","x14",$key);
+
+### q8-q15	preloaded key schedule
+
+$code.=<<___;
+.globl	${prefix}_cbc_encrypt
+.type	${prefix}_cbc_encrypt,%function
+.align	5
+${prefix}_cbc_encrypt:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	mov	ip,sp
+	stmdb	sp!,{r4-r8,lr}
+	vstmdb	sp!,{d8-d15}            @ ABI specification says so
+	ldmia	ip,{r4-r5}		@ load remaining args
+___
+$code.=<<___;
+	subs	$len,$len,#16
+	mov	$step,#16
+	b.lo	.Lcbc_abort
+	cclr	$step,eq
+
+	cmp	$enc,#0			// en- or decrypting?
+	ldr	$rounds,[$key,#240]
+	and	$len,$len,#-16
+	vld1.8	{$ivec},[$ivp]
+	vld1.8	{$dat},[$inp],$step
+
+	vld1.32	{q8-q9},[$key]		// load key schedule...
+	sub	$rounds,$rounds,#6
+	add	$key_,$key,x5,lsl#4	// pointer to last 7 round keys
+	sub	$rounds,$rounds,#2
+	vld1.32	{q10-q11},[$key_],#32
+	vld1.32	{q12-q13},[$key_],#32
+	vld1.32	{q14-q15},[$key_],#32
+	vld1.32	{$rndlast},[$key_]
+
+	add	$key_,$key,#32
+	mov	$cnt,$rounds
+	b.eq	.Lcbc_dec
+
+	cmp	$rounds,#2
+	veor	$dat,$dat,$ivec
+	veor	$rndzero_n_last,q8,$rndlast
+	b.eq	.Lcbc_enc128
+
+	vld1.32	{$in0-$in1},[$key_]
+	add	$key_,$key,#16
+	add	$key4,$key,#16*4
+	add	$key5,$key,#16*5
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	add	$key6,$key,#16*6
+	add	$key7,$key,#16*7
+	b	.Lenter_cbc_enc
+
+.align	4
+.Loop_cbc_enc:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 vst1.8	{$ivec},[$out],#16
+.Lenter_cbc_enc:
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	aese	$dat,$in0
+	aesmc	$dat,$dat
+	vld1.32	{q8},[$key4]
+	cmp	$rounds,#4
+	aese	$dat,$in1
+	aesmc	$dat,$dat
+	vld1.32	{q9},[$key5]
+	b.eq	.Lcbc_enc192
+
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	vld1.32	{q8},[$key6]
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	vld1.32	{q9},[$key7]
+	nop
+
+.Lcbc_enc192:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 subs	$len,$len,#16
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	 cclr	$step,eq
+	aese	$dat,q10
+	aesmc	$dat,$dat
+	aese	$dat,q11
+	aesmc	$dat,$dat
+	 vld1.8	{q8},[$inp],$step
+	aese	$dat,q12
+	aesmc	$dat,$dat
+	 veor	q8,q8,$rndzero_n_last
+	aese	$dat,q13
+	aesmc	$dat,$dat
+	 vld1.32 {q9},[$key_]		// re-pre-load rndkey[1]
+	aese	$dat,q14
+	aesmc	$dat,$dat
+	aese	$dat,q15
+	veor	$ivec,$dat,$rndlast
+	b.hs	.Loop_cbc_enc
+
+	vst1.8	{$ivec},[$out],#16
+	b	.Lcbc_done
+
+.align	5
+.Lcbc_enc128:
+	vld1.32	{$in0-$in1},[$key_]
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	b	.Lenter_cbc_enc128
+.Loop_cbc_enc128:
+	aese	$dat,q8
+	aesmc	$dat,$dat
+	 vst1.8	{$ivec},[$out],#16
+.Lenter_cbc_enc128:
+	aese	$dat,q9
+	aesmc	$dat,$dat
+	 subs	$len,$len,#16
+	aese	$dat,$in0
+	aesmc	$dat,$dat
+	 cclr	$step,eq
+	aese	$dat,$in1
+	aesmc	$dat,$dat
+	aese	$dat,q10
+	aesmc	$dat,$dat
+	aese	$dat,q11
+	aesmc	$dat,$dat
+	 vld1.8	{q8},[$inp],$step
+	aese	$dat,q12
+	aesmc	$dat,$dat
+	aese	$dat,q13
+	aesmc	$dat,$dat
+	aese	$dat,q14
+	aesmc	$dat,$dat
+	 veor	q8,q8,$rndzero_n_last
+	aese	$dat,q15
+	veor	$ivec,$dat,$rndlast
+	b.hs	.Loop_cbc_enc128
+
+	vst1.8	{$ivec},[$out],#16
+	b	.Lcbc_done
+___
+{
+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
+$code.=<<___;
+.align	5
+.Lcbc_dec:
+	vld1.8	{$dat2},[$inp],#16
+	subs	$len,$len,#32		// bias
+	add	$cnt,$rounds,#2
+	vorr	$in1,$dat,$dat
+	vorr	$dat1,$dat,$dat
+	vorr	$in2,$dat2,$dat2
+	b.lo	.Lcbc_dec_tail
+
+	vorr	$dat1,$dat2,$dat2
+	vld1.8	{$dat2},[$inp],#16
+	vorr	$in0,$dat,$dat
+	vorr	$in1,$dat1,$dat1
+	vorr	$in2,$dat2,$dat2
+
+.Loop3x_cbc_dec:
+	aesd	$dat0,q8
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	vld1.32	{q8},[$key_],#16
+	subs	$cnt,$cnt,#2
+	aesd	$dat0,q9
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	vld1.32	{q9},[$key_],#16
+	b.gt	.Loop3x_cbc_dec
+
+	aesd	$dat0,q8
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	 veor	$tmp0,$ivec,$rndlast
+	 subs	$len,$len,#0x30
+	 veor	$tmp1,$in0,$rndlast
+	 mov.lo	x6,$len			// x6, $cnt, is zero at this point
+	aesd	$dat0,q9
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	 veor	$tmp2,$in1,$rndlast
+	 add	$inp,$inp,x6		// $inp is adjusted in such way that
+					// at exit from the loop $dat1-$dat2
+					// are loaded with last "words"
+	 vorr	$ivec,$in2,$in2
+	 mov	$key_,$key
+	aesd	$dat0,q12
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q12
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q12
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in0},[$inp],#16
+	aesd	$dat0,q13
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q13
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q13
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in1},[$inp],#16
+	aesd	$dat0,q14
+	aesimc	$dat0,$dat0
+	aesd	$dat1,q14
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q14
+	aesimc	$dat2,$dat2
+	 vld1.8	{$in2},[$inp],#16
+	aesd	$dat0,q15
+	aesd	$dat1,q15
+	aesd	$dat2,q15
+	 vld1.32 {q8},[$key_],#16	// re-pre-load rndkey[0]
+	 add	$cnt,$rounds,#2
+	veor	$tmp0,$tmp0,$dat0
+	veor	$tmp1,$tmp1,$dat1
+	veor	$dat2,$dat2,$tmp2
+	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
+	vst1.8	{$tmp0},[$out],#16
+	 vorr	$dat0,$in0,$in0
+	vst1.8	{$tmp1},[$out],#16
+	 vorr	$dat1,$in1,$in1
+	vst1.8	{$dat2},[$out],#16
+	 vorr	$dat2,$in2,$in2
+	b.hs	.Loop3x_cbc_dec
+
+	cmn	$len,#0x30
+	b.eq	.Lcbc_done
+	nop
+
+.Lcbc_dec_tail:
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	vld1.32	{q8},[$key_],#16
+	subs	$cnt,$cnt,#2
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	vld1.32	{q9},[$key_],#16
+	b.gt	.Lcbc_dec_tail
+
+	aesd	$dat1,q8
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q8
+	aesimc	$dat2,$dat2
+	aesd	$dat1,q9
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q9
+	aesimc	$dat2,$dat2
+	aesd	$dat1,q12
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q12
+	aesimc	$dat2,$dat2
+	 cmn	$len,#0x20
+	aesd	$dat1,q13
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q13
+	aesimc	$dat2,$dat2
+	 veor	$tmp1,$ivec,$rndlast
+	aesd	$dat1,q14
+	aesimc	$dat1,$dat1
+	aesd	$dat2,q14
+	aesimc	$dat2,$dat2
+	 veor	$tmp2,$in1,$rndlast
+	aesd	$dat1,q15
+	aesd	$dat2,q15
+	b.eq	.Lcbc_dec_one
+	veor	$tmp1,$tmp1,$dat1
+	veor	$tmp2,$tmp2,$dat2
+	 vorr	$ivec,$in2,$in2
+	vst1.8	{$tmp1},[$out],#16
+	vst1.8	{$tmp2},[$out],#16
+	b	.Lcbc_done
+
+.Lcbc_dec_one:
+	veor	$tmp1,$tmp1,$dat2
+	 vorr	$ivec,$in2,$in2
+	vst1.8	{$tmp1},[$out],#16
+
+.Lcbc_done:
+	vst1.8	{$ivec},[$ivp]
+.Lcbc_abort:
+___
+}
+$code.=<<___	if ($flavour !~ /64/);
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r8,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldr	x29,[sp],#16
+	ret
+___
+$code.=<<___;
+.size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt
+___
+}}}
+{{{
+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
+my ($rounds,$cnt,$key_)=("w5","w6","x7");
+my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12));
+my $step="x12";		# aliases with $tctr2
+
+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
+
+my ($dat,$tmp)=($dat0,$tmp0);
+
+### q8-q15	preloaded key schedule
+
+$code.=<<___;
+.globl	${prefix}_ctr32_encrypt_blocks
+.type	${prefix}_ctr32_encrypt_blocks,%function
+.align	5
+${prefix}_ctr32_encrypt_blocks:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+___
+$code.=<<___	if ($flavour !~ /64/);
+	mov		ip,sp
+	stmdb		sp!,{r4-r10,lr}
+	vstmdb		sp!,{d8-d15}            @ ABI specification says so
+	ldr		r4, [ip]		@ load remaining arg
+___
+$code.=<<___;
+	ldr		$rounds,[$key,#240]
+
+	ldr		$ctr, [$ivp, #12]
+	vld1.32		{$dat0},[$ivp]
+
+	vld1.32		{q8-q9},[$key]		// load key schedule...
+	sub		$rounds,$rounds,#4
+	mov		$step,#16
+	cmp		$len,#2
+	add		$key_,$key,x5,lsl#4	// pointer to last 5 round keys
+	sub		$rounds,$rounds,#2
+	vld1.32		{q12-q13},[$key_],#32
+	vld1.32		{q14-q15},[$key_],#32
+	vld1.32		{$rndlast},[$key_]
+	add		$key_,$key,#32
+	mov		$cnt,$rounds
+	cclr		$step,lo
+#ifndef __ARMEB__
+	rev		$ctr, $ctr
+#endif
+	vorr		$dat1,$dat0,$dat0
+	add		$tctr1, $ctr, #1
+	vorr		$dat2,$dat0,$dat0
+	add		$ctr, $ctr, #2
+	vorr		$ivec,$dat0,$dat0
+	rev		$tctr1, $tctr1
+	vmov.32		${dat1}[3],$tctr1
+	b.ls		.Lctr32_tail
+	rev		$tctr2, $ctr
+	sub		$len,$len,#3		// bias
+	vmov.32		${dat2}[3],$tctr2
+	b		.Loop3x_ctr32
+
+.align	4
+.Loop3x_ctr32:
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	aese		$dat2,q8
+	aesmc		$dat2,$dat2
+	vld1.32		{q8},[$key_],#16
+	subs		$cnt,$cnt,#2
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	aese		$dat2,q9
+	aesmc		$dat2,$dat2
+	vld1.32		{q9},[$key_],#16
+	b.gt		.Loop3x_ctr32
+
+	aese		$dat0,q8
+	aesmc		$tmp0,$dat0
+	aese		$dat1,q8
+	aesmc		$tmp1,$dat1
+	 vld1.8		{$in0},[$inp],#16
+	 vorr		$dat0,$ivec,$ivec
+	aese		$dat2,q8
+	aesmc		$dat2,$dat2
+	 vld1.8		{$in1},[$inp],#16
+	 vorr		$dat1,$ivec,$ivec
+	aese		$tmp0,q9
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q9
+	aesmc		$tmp1,$tmp1
+	 vld1.8		{$in2},[$inp],#16
+	 mov		$key_,$key
+	aese		$dat2,q9
+	aesmc		$tmp2,$dat2
+	 vorr		$dat2,$ivec,$ivec
+	 add		$tctr0,$ctr,#1
+	aese		$tmp0,q12
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q12
+	aesmc		$tmp1,$tmp1
+	 veor		$in0,$in0,$rndlast
+	 add		$tctr1,$ctr,#2
+	aese		$tmp2,q12
+	aesmc		$tmp2,$tmp2
+	 veor		$in1,$in1,$rndlast
+	 add		$ctr,$ctr,#3
+	aese		$tmp0,q13
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q13
+	aesmc		$tmp1,$tmp1
+	 veor		$in2,$in2,$rndlast
+	 rev		$tctr0,$tctr0
+	aese		$tmp2,q13
+	aesmc		$tmp2,$tmp2
+	 vmov.32	${dat0}[3], $tctr0
+	 rev		$tctr1,$tctr1
+	aese		$tmp0,q14
+	aesmc		$tmp0,$tmp0
+	aese		$tmp1,q14
+	aesmc		$tmp1,$tmp1
+	 vmov.32	${dat1}[3], $tctr1
+	 rev		$tctr2,$ctr
+	aese		$tmp2,q14
+	aesmc		$tmp2,$tmp2
+	 vmov.32	${dat2}[3], $tctr2
+	 subs		$len,$len,#3
+	aese		$tmp0,q15
+	aese		$tmp1,q15
+	aese		$tmp2,q15
+
+	veor		$in0,$in0,$tmp0
+	 vld1.32	 {q8},[$key_],#16	// re-pre-load rndkey[0]
+	vst1.8		{$in0},[$out],#16
+	veor		$in1,$in1,$tmp1
+	 mov		$cnt,$rounds
+	vst1.8		{$in1},[$out],#16
+	veor		$in2,$in2,$tmp2
+	 vld1.32	 {q9},[$key_],#16	// re-pre-load rndkey[1]
+	vst1.8		{$in2},[$out],#16
+	b.hs		.Loop3x_ctr32
+
+	adds		$len,$len,#3
+	b.eq		.Lctr32_done
+	cmp		$len,#1
+	mov		$step,#16
+	cclr		$step,eq
+
+.Lctr32_tail:
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	vld1.32		{q8},[$key_],#16
+	subs		$cnt,$cnt,#2
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	vld1.32		{q9},[$key_],#16
+	b.gt		.Lctr32_tail
+
+	aese		$dat0,q8
+	aesmc		$dat0,$dat0
+	aese		$dat1,q8
+	aesmc		$dat1,$dat1
+	aese		$dat0,q9
+	aesmc		$dat0,$dat0
+	aese		$dat1,q9
+	aesmc		$dat1,$dat1
+	 vld1.8		{$in0},[$inp],$step
+	aese		$dat0,q12
+	aesmc		$dat0,$dat0
+	aese		$dat1,q12
+	aesmc		$dat1,$dat1
+	 vld1.8		{$in1},[$inp]
+	aese		$dat0,q13
+	aesmc		$dat0,$dat0
+	aese		$dat1,q13
+	aesmc		$dat1,$dat1
+	 veor		$in0,$in0,$rndlast
+	aese		$dat0,q14
+	aesmc		$dat0,$dat0
+	aese		$dat1,q14
+	aesmc		$dat1,$dat1
+	 veor		$in1,$in1,$rndlast
+	aese		$dat0,q15
+	aese		$dat1,q15
+
+	cmp		$len,#1
+	veor		$in0,$in0,$dat0
+	veor		$in1,$in1,$dat1
+	vst1.8		{$in0},[$out],#16
+	b.eq		.Lctr32_done
+	vst1.8		{$in1},[$out]
+
+.Lctr32_done:
+___
+$code.=<<___	if ($flavour !~ /64/);
+	vldmia		sp!,{d8-d15}
+	ldmia		sp!,{r4-r10,pc}
+___
+$code.=<<___	if ($flavour =~ /64/);
+	ldr		x29,[sp],#16
+	ret
+___
+$code.=<<___;
+.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
+___
+}}}
+$code.=<<___;
+#endif
+___
+########################################
+if ($flavour =~ /64/) {			######## 64-bit code
+    my %opcode = (
+	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
+	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
+
+    local *unaes = sub {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5),
+			$mnemonic,$arg;
+    };
+
+    foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
+	s/@\s/\/\//o;			# old->new style commentary
+
+	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
+	s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel	$2,$3,$2,$1/o	or
+	s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
+	s/vext\.8/ext/o		or
+	s/vrev32\.8/rev32/o	or
+	s/vtst\.8/cmtst/o	or
+	s/vshr/ushr/o		or
+	s/^(\s+)v/$1/o		or	# strip off v prefix
+	s/\bbx\s+lr\b/ret/o;
+
+	# fix up remainig legacy suffixes
+	s/\.[ui]?8//o;
+	m/\],#8/o and s/\.16b/\.8b/go;
+	s/\.[ui]?32//o and s/\.16b/\.4s/go;
+	s/\.[ui]?64//o and s/\.16b/\.2d/go;
+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+
+	print $_,"\n";
+    }
+} else {				######## 32-bit code
+    my %opcode = (
+	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
+	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
+
+    local *unaes = sub {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<1) |(($2&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    };
+
+    sub unvtbl {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
+	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
+		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;	
+    }
+
+    sub unvdup32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;	
+    }
+
+    sub unvmov32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
+	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;	
+    }
+
+    foreach(split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
+	s/\/\/\s?/@ /o;				# new->old style commentary
+
+	# fix up remainig new-style suffixes
+	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
+	s/\],#[0-9]+/]!/o;
+
+	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
+	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
+	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
+	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
+	s/^(\s+)b\./$1b/o				or
+	s/^(\s+)mov\./$1mov/o				or
+	s/^(\s+)ret/$1bx\tlr/o;
+
+	print $_,"\n";
+    }
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/bsaes-armv7.pl b/openssl-1.1.0h/crypto/aes/asm/bsaes-armv7.pl
new file mode 100644
index 0000000..7af38af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/bsaes-armv7.pl
@@ -0,0 +1,2495 @@
+#! /usr/bin/env perl
+# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
+# <ard.biesheuvel@linaro.org>. Permission to use under GPL terms is
+# granted.
+# ====================================================================
+
+# Bit-sliced AES for ARM NEON
+#
+# February 2012.
+#
+# This implementation is direct adaptation of bsaes-x86_64 module for
+# ARM NEON. Except that this module is endian-neutral [in sense that
+# it can be compiled for either endianness] by courtesy of vld1.8's
+# neutrality. Initial version doesn't implement interface to OpenSSL,
+# only low-level primitives and unsupported entry points, just enough
+# to collect performance results, which for Cortex-A8 core are:
+#
+# encrypt	19.5 cycles per byte processed with 128-bit key
+# decrypt	22.1 cycles per byte processed with 128-bit key
+# key conv.	440  cycles per 128-bit key/0.18 of 8x block
+#
+# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7,
+# which is [much] worse than anticipated (for further details see
+# http://www.openssl.org/~appro/Snapdragon-S4.html).
+#
+# Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code
+# manages in 20.0 cycles].
+#
+# When comparing to x86_64 results keep in mind that NEON unit is
+# [mostly] single-issue and thus can't [fully] benefit from
+# instruction-level parallelism. And when comparing to aes-armv4
+# results keep in mind key schedule conversion overhead (see
+# bsaes-x86_64.pl for further details)...
+#
+#						<appro@openssl.org>
+
+# April-August 2013
+#
+# Add CBC, CTR and XTS subroutines, adapt for kernel use.
+#
+#					<ard.biesheuvel@linaro.org>
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+my ($inp,$out,$len,$key)=("r0","r1","r2","r3");
+my @XMM=map("q$_",(0..15));
+
+{
+my ($key,$rounds,$const)=("r4","r5","r6");
+
+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
+
+sub Sbox {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InBasisChange	(@b);
+	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
+	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
+}
+
+sub InBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
+my @b=@_[0..7];
+$code.=<<___;
+	veor	@b[2], @b[2], @b[1]
+	veor	@b[5], @b[5], @b[6]
+	veor	@b[3], @b[3], @b[0]
+	veor	@b[6], @b[6], @b[2]
+	veor	@b[5], @b[5], @b[0]
+
+	veor	@b[6], @b[6], @b[3]
+	veor	@b[3], @b[3], @b[7]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[3], @b[3], @b[4]
+	veor	@b[4], @b[4], @b[5]
+
+	veor	@b[2], @b[2], @b[7]
+	veor	@b[3], @b[3], @b[1]
+	veor	@b[1], @b[1], @b[5]
+___
+}
+
+sub OutBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	veor	@b[0], @b[0], @b[6]
+	veor	@b[1], @b[1], @b[4]
+	veor	@b[4], @b[4], @b[6]
+	veor	@b[2], @b[2], @b[0]
+	veor	@b[6], @b[6], @b[1]
+
+	veor	@b[1], @b[1], @b[5]
+	veor	@b[5], @b[5], @b[3]
+	veor	@b[3], @b[3], @b[7]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[2], @b[2], @b[5]
+
+	veor	@b[4], @b[4], @b[7]
+___
+}
+
+sub InvSbox {
+# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InvInBasisChange	(@b);
+	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
+	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
+}
+
+sub InvInBasisChange {		# OutBasisChange in reverse (with twist)
+my @b=@_[5,1,2,6,3,7,0,4];
+$code.=<<___
+	 veor	@b[1], @b[1], @b[7]
+	veor	@b[4], @b[4], @b[7]
+
+	veor	@b[7], @b[7], @b[5]
+	 veor	@b[1], @b[1], @b[3]
+	veor	@b[2], @b[2], @b[5]
+	veor	@b[3], @b[3], @b[7]
+
+	veor	@b[6], @b[6], @b[1]
+	veor	@b[2], @b[2], @b[0]
+	 veor	@b[5], @b[5], @b[3]
+	veor	@b[4], @b[4], @b[6]
+	veor	@b[0], @b[0], @b[6]
+	veor	@b[1], @b[1], @b[4]
+___
+}
+
+sub InvOutBasisChange {		# InBasisChange in reverse
+my @b=@_[2,5,7,3,6,1,0,4];
+$code.=<<___;
+	veor	@b[1], @b[1], @b[5]
+	veor	@b[2], @b[2], @b[7]
+
+	veor	@b[3], @b[3], @b[1]
+	veor	@b[4], @b[4], @b[5]
+	veor	@b[7], @b[7], @b[5]
+	veor	@b[3], @b[3], @b[4]
+	 veor 	@b[5], @b[5], @b[0]
+	veor	@b[3], @b[3], @b[7]
+	 veor	@b[6], @b[6], @b[2]
+	 veor	@b[2], @b[2], @b[1]
+	veor	@b[6], @b[6], @b[3]
+
+	veor	@b[3], @b[3], @b[0]
+	veor	@b[5], @b[5], @b[6]
+___
+}
+
+sub Mul_GF4 {
+#;*************************************************************
+#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
+#;*************************************************************
+my ($x0,$x1,$y0,$y1,$t0,$t1)=@_;
+$code.=<<___;
+	veor 	$t0, $y0, $y1
+	vand	$t0, $t0, $x0
+	veor	$x0, $x0, $x1
+	vand	$t1, $x1, $y0
+	vand	$x0, $x0, $y1
+	veor	$x1, $t1, $t0
+	veor	$x0, $x0, $t1
+___
+}
+
+sub Mul_GF4_N {				# not used, see next subroutine
+# multiply and scale by N
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	veor	$t0, $y0, $y1
+	vand	$t0, $t0, $x0
+	veor	$x0, $x0, $x1
+	vand	$x1, $x1, $y0
+	vand	$x0, $x0, $y1
+	veor	$x1, $x1, $x0
+	veor	$x0, $x0, $t0
+___
+}
+
+sub Mul_GF4_N_GF4 {
+# interleaved Mul_GF4_N and Mul_GF4
+my ($x0,$x1,$y0,$y1,$t0,
+    $x2,$x3,$y2,$y3,$t1)=@_;
+$code.=<<___;
+	veor	$t0, $y0, $y1
+	 veor 	$t1, $y2, $y3
+	vand	$t0, $t0, $x0
+	 vand	$t1, $t1, $x2
+	veor	$x0, $x0, $x1
+	 veor	$x2, $x2, $x3
+	vand	$x1, $x1, $y0
+	 vand	$x3, $x3, $y2
+	vand	$x0, $x0, $y1
+	 vand	$x2, $x2, $y3
+	veor	$x1, $x1, $x0
+	 veor	$x2, $x2, $x3
+	veor	$x0, $x0, $t0
+	 veor	$x3, $x3, $t1
+___
+}
+sub Mul_GF16_2 {
+my @x=@_[0..7];
+my @y=@_[8..11];
+my @t=@_[12..15];
+$code.=<<___;
+	veor	@t[0], @x[0], @x[2]
+	veor	@t[1], @x[1], @x[3]
+___
+	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2..3]);
+$code.=<<___;
+	veor	@y[0], @y[0], @y[2]
+	veor	@y[1], @y[1], @y[3]
+___
+	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[2], @x[3], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	veor	@x[0], @x[0], @t[0]
+	veor	@x[2], @x[2], @t[0]
+	veor	@x[1], @x[1], @t[1]
+	veor	@x[3], @x[3], @t[1]
+
+	veor	@t[0], @x[4], @x[6]
+	veor	@t[1], @x[5], @x[7]
+___
+	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[6], @x[7], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	veor	@y[0], @y[0], @y[2]
+	veor	@y[1], @y[1], @y[3]
+___
+	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[2..3]);
+$code.=<<___;
+	veor	@x[4], @x[4], @t[0]
+	veor	@x[6], @x[6], @t[0]
+	veor	@x[5], @x[5], @t[1]
+	veor	@x[7], @x[7], @t[1]
+___
+}
+sub Inv_GF256 {
+#;********************************************************************
+#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
+#;********************************************************************
+my @x=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+# direct optimizations from hardware
+$code.=<<___;
+	veor	@t[3], @x[4], @x[6]
+	veor	@t[2], @x[5], @x[7]
+	veor	@t[1], @x[1], @x[3]
+	veor	@s[1], @x[7], @x[6]
+	 vmov	@t[0], @t[2]
+	veor	@s[0], @x[0], @x[2]
+
+	vorr	@t[2], @t[2], @t[1]
+	veor	@s[3], @t[3], @t[0]
+	vand	@s[2], @t[3], @s[0]
+	vorr	@t[3], @t[3], @s[0]
+	veor	@s[0], @s[0], @t[1]
+	vand	@t[0], @t[0], @t[1]
+	veor	@t[1], @x[3], @x[2]
+	vand	@s[3], @s[3], @s[0]
+	vand	@s[1], @s[1], @t[1]
+	veor	@t[1], @x[4], @x[5]
+	veor	@s[0], @x[1], @x[0]
+	veor	@t[3], @t[3], @s[1]
+	veor	@t[2], @t[2], @s[1]
+	vand	@s[1], @t[1], @s[0]
+	vorr	@t[1], @t[1], @s[0]
+	veor	@t[3], @t[3], @s[3]
+	veor	@t[0], @t[0], @s[1]
+	veor	@t[2], @t[2], @s[2]
+	veor	@t[1], @t[1], @s[3]
+	veor	@t[0], @t[0], @s[2]
+	vand	@s[0], @x[7], @x[3]
+	veor	@t[1], @t[1], @s[2]
+	vand	@s[1], @x[6], @x[2]
+	vand	@s[2], @x[5], @x[1]
+	vorr	@s[3], @x[4], @x[0]
+	veor	@t[3], @t[3], @s[0]
+	veor	@t[1], @t[1], @s[2]
+	veor	@t[0], @t[0], @s[3]
+	veor	@t[2], @t[2], @s[1]
+
+	@ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
+
+	@ new smaller inversion
+
+	vand	@s[2], @t[3], @t[1]
+	vmov	@s[0], @t[0]
+
+	veor	@s[1], @t[2], @s[2]
+	veor	@s[3], @t[0], @s[2]
+	veor	@s[2], @t[0], @s[2]	@ @s[2]=@s[3]
+
+	vbsl	@s[1], @t[1], @t[0]
+	vbsl	@s[3], @t[3], @t[2]
+	veor	@t[3], @t[3], @t[2]
+
+	vbsl	@s[0], @s[1], @s[2]
+	vbsl	@t[0], @s[2], @s[1]
+
+	vand	@s[2], @s[0], @s[3]
+	veor	@t[1], @t[1], @t[0]
+
+	veor	@s[2], @s[2], @t[3]
+___
+# output in s3, s2, s1, t1
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
+	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
+
+### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
+}
+
+# AES linear components
+
+sub ShiftRows {
+my @x=@_[0..7];
+my @t=@_[8..11];
+my $mask=pop;
+$code.=<<___;
+	vldmia	$key!, {@t[0]-@t[3]}
+	veor	@t[0], @t[0], @x[0]
+	veor	@t[1], @t[1], @x[1]
+	vtbl.8	`&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[0]}
+	veor	@t[2], @t[2], @x[2]
+	vtbl.8	`&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[1]}
+	veor	@t[3], @t[3], @x[3]
+	vtbl.8	`&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[2]}
+	vtbl.8	`&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)`
+	vldmia	$key!, {@t[3]}
+	veor	@t[0], @t[0], @x[4]
+	veor	@t[1], @t[1], @x[5]
+	vtbl.8	`&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)`
+	veor	@t[2], @t[2], @x[6]
+	vtbl.8	`&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)`
+	veor	@t[3], @t[3], @x[7]
+	vtbl.8	`&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)`
+	vtbl.8	`&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)`
+	vtbl.8	`&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)`
+___
+}
+
+sub MixColumns {
+# modified to emit output in order suitable for feeding back to aesenc[last]
+my @x=@_[0..7];
+my @t=@_[8..15];
+my $inv=@_[16];	# optional
+$code.=<<___;
+	vext.8	@t[0], @x[0], @x[0], #12	@ x0 <<< 32
+	vext.8	@t[1], @x[1], @x[1], #12
+	 veor	@x[0], @x[0], @t[0]		@ x0 ^ (x0 <<< 32)
+	vext.8	@t[2], @x[2], @x[2], #12
+	 veor	@x[1], @x[1], @t[1]
+	vext.8	@t[3], @x[3], @x[3], #12
+	 veor	@x[2], @x[2], @t[2]
+	vext.8	@t[4], @x[4], @x[4], #12
+	 veor	@x[3], @x[3], @t[3]
+	vext.8	@t[5], @x[5], @x[5], #12
+	 veor	@x[4], @x[4], @t[4]
+	vext.8	@t[6], @x[6], @x[6], #12
+	 veor	@x[5], @x[5], @t[5]
+	vext.8	@t[7], @x[7], @x[7], #12
+	 veor	@x[6], @x[6], @t[6]
+
+	veor	@t[1], @t[1], @x[0]
+	 veor	@x[7], @x[7], @t[7]
+	 vext.8	@x[0], @x[0], @x[0], #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
+	veor	@t[2], @t[2], @x[1]
+	veor	@t[0], @t[0], @x[7]
+	veor	@t[1], @t[1], @x[7]
+	 vext.8	@x[1], @x[1], @x[1], #8
+	veor	@t[5], @t[5], @x[4]
+	 veor	@x[0], @x[0], @t[0]
+	veor	@t[6], @t[6], @x[5]
+	 veor	@x[1], @x[1], @t[1]
+	 vext.8	@t[0], @x[4], @x[4], #8
+	veor	@t[4], @t[4], @x[3]
+	 vext.8	@t[1], @x[5], @x[5], #8
+	veor	@t[7], @t[7], @x[6]
+	 vext.8	@x[4], @x[3], @x[3], #8
+	veor	@t[3], @t[3], @x[2]
+	 vext.8	@x[5], @x[7], @x[7], #8
+	veor	@t[4], @t[4], @x[7]
+	 vext.8	@x[3], @x[6], @x[6], #8
+	veor	@t[3], @t[3], @x[7]
+	 vext.8	@x[6], @x[2], @x[2], #8
+	veor	@x[7], @t[1], @t[5]
+___
+$code.=<<___ if (!$inv);
+	veor	@x[2], @t[0], @t[4]
+	veor	@x[4], @x[4], @t[3]
+	veor	@x[5], @x[5], @t[7]
+	veor	@x[3], @x[3], @t[6]
+	 @ vmov	@x[2], @t[0]
+	veor	@x[6], @x[6], @t[2]
+	 @ vmov	@x[7], @t[1]
+___
+$code.=<<___ if ($inv);
+	veor	@t[3], @t[3], @x[4]
+	veor	@x[5], @x[5], @t[7]
+	veor	@x[2], @x[3], @t[6]
+	veor	@x[3], @t[0], @t[4]
+	veor	@x[4], @x[6], @t[2]
+	vmov	@x[6], @t[3]
+	 @ vmov	@x[7], @t[1]
+___
+}
+
+sub InvMixColumns_orig {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+$code.=<<___;
+	@ multiplication by 0x0e
+	vext.8	@t[7], @x[7], @x[7], #12
+	vmov	@t[2], @x[2]
+	veor	@x[2], @x[2], @x[5]		@ 2 5
+	veor	@x[7], @x[7], @x[5]		@ 7 5
+	vext.8	@t[0], @x[0], @x[0], #12
+	vmov	@t[5], @x[5]
+	veor	@x[5], @x[5], @x[0]		@ 5 0		[1]
+	veor	@x[0], @x[0], @x[1]		@ 0 1
+	vext.8	@t[1], @x[1], @x[1], #12
+	veor	@x[1], @x[1], @x[2]		@ 1 25
+	veor	@x[0], @x[0], @x[6]		@ 01 6		[2]
+	vext.8	@t[3], @x[3], @x[3], #12
+	veor	@x[1], @x[1], @x[3]		@ 125 3		[4]
+	veor	@x[2], @x[2], @x[0]		@ 25 016	[3]
+	veor	@x[3], @x[3], @x[7]		@ 3 75
+	veor	@x[7], @x[7], @x[6]		@ 75 6		[0]
+	vext.8	@t[6], @x[6], @x[6], #12
+	vmov	@t[4], @x[4]
+	veor	@x[6], @x[6], @x[4]		@ 6 4
+	veor	@x[4], @x[4], @x[3]		@ 4 375		[6]
+	veor	@x[3], @x[3], @x[7]		@ 375 756=36
+	veor	@x[6], @x[6], @t[5]		@ 64 5		[7]
+	veor	@x[3], @x[3], @t[2]		@ 36 2
+	vext.8	@t[5], @t[5], @t[5], #12
+	veor	@x[3], @x[3], @t[4]		@ 362 4		[5]
+___
+					my @y = @x[7,5,0,2,1,3,4,6];
+$code.=<<___;
+	@ multiplication by 0x0b
+	veor	@y[1], @y[1], @y[0]
+	veor	@y[0], @y[0], @t[0]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[1], @y[1], @t[1]
+	veor	@y[0], @y[0], @t[5]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[1], @y[1], @t[6]
+	veor	@y[0], @y[0], @t[7]
+	veor	@t[7], @t[7], @t[6]		@ clobber t[7]
+
+	veor	@y[3], @y[3], @t[0]
+	 veor	@y[1], @y[1], @y[0]
+	vext.8	@t[0], @t[0], @t[0], #12
+	veor	@y[2], @y[2], @t[1]
+	veor	@y[4], @y[4], @t[1]
+	vext.8	@t[1], @t[1], @t[1], #12
+	veor	@y[2], @y[2], @t[2]
+	veor	@y[3], @y[3], @t[2]
+	veor	@y[5], @y[5], @t[2]
+	veor	@y[2], @y[2], @t[7]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[3], @y[3], @t[3]
+	veor	@y[6], @y[6], @t[3]
+	veor	@y[4], @y[4], @t[3]
+	veor	@y[7], @y[7], @t[4]
+	vext.8	@t[3], @t[3], @t[3], #12
+	veor	@y[5], @y[5], @t[4]
+	veor	@y[7], @y[7], @t[7]
+	veor	@t[7], @t[7], @t[5]		@ clobber t[7] even more
+	veor	@y[3], @y[3], @t[5]
+	veor	@y[4], @y[4], @t[4]
+
+	veor	@y[5], @y[5], @t[7]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[6], @y[6], @t[7]
+	veor	@y[4], @y[4], @t[7]
+
+	veor	@t[7], @t[7], @t[5]
+	vext.8	@t[5], @t[5], @t[5], #12
+
+	@ multiplication by 0x0d
+	veor	@y[4], @y[4], @y[7]
+	 veor	@t[7], @t[7], @t[6]		@ restore t[7]
+	veor	@y[7], @y[7], @t[4]
+	vext.8	@t[6], @t[6], @t[6], #12
+	veor	@y[2], @y[2], @t[0]
+	veor	@y[7], @y[7], @t[5]
+	vext.8	@t[7], @t[7], @t[7], #12
+	veor	@y[2], @y[2], @t[2]
+
+	veor	@y[3], @y[3], @y[1]
+	veor	@y[1], @y[1], @t[1]
+	veor	@y[0], @y[0], @t[0]
+	veor	@y[3], @y[3], @t[0]
+	veor	@y[1], @y[1], @t[5]
+	veor	@y[0], @y[0], @t[5]
+	vext.8	@t[0], @t[0], @t[0], #12
+	veor	@y[1], @y[1], @t[7]
+	veor	@y[0], @y[0], @t[6]
+	veor	@y[3], @y[3], @y[1]
+	veor	@y[4], @y[4], @t[1]
+	vext.8	@t[1], @t[1], @t[1], #12
+
+	veor	@y[7], @y[7], @t[7]
+	veor	@y[4], @y[4], @t[2]
+	veor	@y[5], @y[5], @t[2]
+	veor	@y[2], @y[2], @t[6]
+	veor	@t[6], @t[6], @t[3]		@ clobber t[6]
+	vext.8	@t[2], @t[2], @t[2], #12
+	veor	@y[4], @y[4], @y[7]
+	veor	@y[3], @y[3], @t[6]
+
+	veor	@y[6], @y[6], @t[6]
+	veor	@y[5], @y[5], @t[5]
+	vext.8	@t[5], @t[5], @t[5], #12
+	veor	@y[6], @y[6], @t[4]
+	vext.8	@t[4], @t[4], @t[4], #12
+	veor	@y[5], @y[5], @t[6]
+	veor	@y[6], @y[6], @t[7]
+	vext.8	@t[7], @t[7], @t[7], #12
+	veor	@t[6], @t[6], @t[3]		@ restore t[6]
+	vext.8	@t[3], @t[3], @t[3], #12
+
+	@ multiplication by 0x09
+	veor	@y[4], @y[4], @y[1]
+	veor	@t[1], @t[1], @y[1]		@ t[1]=y[1]
+	veor	@t[0], @t[0], @t[5]		@ clobber t[0]
+	vext.8	@t[6], @t[6], @t[6], #12
+	veor	@t[1], @t[1], @t[5]
+	veor	@y[3], @y[3], @t[0]
+	veor	@t[0], @t[0], @y[0]		@ t[0]=y[0]
+	veor	@t[1], @t[1], @t[6]
+	veor	@t[6], @t[6], @t[7]		@ clobber t[6]
+	veor	@y[4], @y[4], @t[1]
+	veor	@y[7], @y[7], @t[4]
+	veor	@y[6], @y[6], @t[3]
+	veor	@y[5], @y[5], @t[2]
+	veor	@t[4], @t[4], @y[4]		@ t[4]=y[4]
+	veor	@t[3], @t[3], @y[3]		@ t[3]=y[3]
+	veor	@t[5], @t[5], @y[5]		@ t[5]=y[5]
+	veor	@t[2], @t[2], @y[2]		@ t[2]=y[2]
+	veor	@t[3], @t[3], @t[7]
+	veor	@XMM[5], @t[5], @t[6]
+	veor	@XMM[6], @t[6], @y[6]		@ t[6]=y[6]
+	veor	@XMM[2], @t[2], @t[6]
+	veor	@XMM[7], @t[7], @y[7]		@ t[7]=y[7]
+
+	vmov	@XMM[0], @t[0]
+	vmov	@XMM[1], @t[1]
+	@ vmov	@XMM[2], @t[2]
+	vmov	@XMM[3], @t[3]
+	vmov	@XMM[4], @t[4]
+	@ vmov	@XMM[5], @t[5]
+	@ vmov	@XMM[6], @t[6]
+	@ vmov	@XMM[7], @t[7]
+___
+}
+
+sub InvMixColumns {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+# Thanks to Jussi Kivilinna for providing pointer to
+#
+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
+
+$code.=<<___;
+	@ multiplication by 0x05-0x00-0x04-0x00
+	vext.8	@t[0], @x[0], @x[0], #8
+	vext.8	@t[6], @x[6], @x[6], #8
+	vext.8	@t[7], @x[7], @x[7], #8
+	veor	@t[0], @t[0], @x[0]
+	vext.8	@t[1], @x[1], @x[1], #8
+	veor	@t[6], @t[6], @x[6]
+	vext.8	@t[2], @x[2], @x[2], #8
+	veor	@t[7], @t[7], @x[7]
+	vext.8	@t[3], @x[3], @x[3], #8
+	veor	@t[1], @t[1], @x[1]
+	vext.8	@t[4], @x[4], @x[4], #8
+	veor	@t[2], @t[2], @x[2]
+	vext.8	@t[5], @x[5], @x[5], #8
+	veor	@t[3], @t[3], @x[3]
+	veor	@t[4], @t[4], @x[4]
+	veor	@t[5], @t[5], @x[5]
+
+	 veor	@x[0], @x[0], @t[6]
+	 veor	@x[1], @x[1], @t[6]
+	 veor	@x[2], @x[2], @t[0]
+	 veor	@x[4], @x[4], @t[2]
+	 veor	@x[3], @x[3], @t[1]
+	 veor	@x[1], @x[1], @t[7]
+	 veor	@x[2], @x[2], @t[7]
+	 veor	@x[4], @x[4], @t[6]
+	 veor	@x[5], @x[5], @t[3]
+	 veor	@x[3], @x[3], @t[6]
+	 veor	@x[6], @x[6], @t[4]
+	 veor	@x[4], @x[4], @t[7]
+	 veor	@x[5], @x[5], @t[7]
+	 veor	@x[7], @x[7], @t[5]
+___
+	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
+}
+
+sub swapmove {
+my ($a,$b,$n,$mask,$t)=@_;
+$code.=<<___;
+	vshr.u64	$t, $b, #$n
+	veor		$t, $t, $a
+	vand		$t, $t, $mask
+	veor		$a, $a, $t
+	vshl.u64	$t, $t, #$n
+	veor		$b, $b, $t
+___
+}
+sub swapmove2x {
+my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
+$code.=<<___;
+	vshr.u64	$t0, $b0, #$n
+	 vshr.u64	$t1, $b1, #$n
+	veor		$t0, $t0, $a0
+	 veor		$t1, $t1, $a1
+	vand		$t0, $t0, $mask
+	 vand		$t1, $t1, $mask
+	veor		$a0, $a0, $t0
+	vshl.u64	$t0, $t0, #$n
+	 veor		$a1, $a1, $t1
+	 vshl.u64	$t1, $t1, #$n
+	veor		$b0, $b0, $t0
+	 veor		$b1, $b1, $t1
+___
+}
+
+sub bitslice {
+my @x=reverse(@_[0..7]);
+my ($t0,$t1,$t2,$t3)=@_[8..11];
+$code.=<<___;
+	vmov.i8	$t0,#0x55			@ compose .LBS0
+	vmov.i8	$t1,#0x33			@ compose .LBS1
+___
+	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
+	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+$code.=<<___;
+	vmov.i8	$t0,#0x0f			@ compose .LBS2
+___
+	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
+	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+
+	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
+	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
+}
+
+$code.=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+
+# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
+# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
+# define VFP_ABI_FRAME	0x40
+#else
+# define VFP_ABI_PUSH
+# define VFP_ABI_POP
+# define VFP_ABI_FRAME	0
+# define BSAES_ASM_EXTENDED_KEY
+# define XTS_CHAIN_TWEAK
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+#endif
+
+#ifdef __thumb__
+# define adrl adr
+#endif
+
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.text
+.syntax	unified 	@ ARMv7-capable assembler is expected to handle this
+#if defined(__thumb2__) && !defined(__APPLE__)
+.thumb
+#else
+.code   32
+# undef __thumb2__
+#endif
+
+.type	_bsaes_decrypt8,%function
+.align	4
+_bsaes_decrypt8:
+	adr	$const,.
+	vldmia	$key!, {@XMM[9]}		@ round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0ISR
+#else
+	add	$const,$const,#.LM0ISR-_bsaes_decrypt8
+#endif
+
+	vldmia	$const!, {@XMM[8]}		@ .LM0ISR
+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
+	veor	@XMM[11], @XMM[1], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	veor	@XMM[12], @XMM[2], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+	veor	@XMM[13], @XMM[3], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
+	veor	@XMM[14], @XMM[4], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
+	veor	@XMM[15], @XMM[5], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
+	veor	@XMM[10], @XMM[6], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
+	veor	@XMM[11], @XMM[7], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	sub	$rounds,$rounds,#1
+	b	.Ldec_sbox
+.align	4
+.Ldec_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8..12]);
+$code.=".Ldec_sbox:\n";
+	&InvSbox	(@XMM[0..7, 8..15]);
+$code.=<<___;
+	subs	$rounds,$rounds,#1
+	bcc	.Ldec_done
+___
+	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
+$code.=<<___;
+	vldmia	$const, {@XMM[12]}		@ .LISR
+	ite	eq				@ Thumb2 thing, sanity check in ARM
+	addeq	$const,$const,#0x10
+	bne	.Ldec_loop
+	vldmia	$const, {@XMM[12]}		@ .LISRM0
+	b	.Ldec_loop
+.align	4
+.Ldec_done:
+___
+	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
+$code.=<<___;
+	vldmia	$key, {@XMM[8]}			@ last round key
+	veor	@XMM[6], @XMM[6], @XMM[8]
+	veor	@XMM[4], @XMM[4], @XMM[8]
+	veor	@XMM[2], @XMM[2], @XMM[8]
+	veor	@XMM[7], @XMM[7], @XMM[8]
+	veor	@XMM[3], @XMM[3], @XMM[8]
+	veor	@XMM[5], @XMM[5], @XMM[8]
+	veor	@XMM[0], @XMM[0], @XMM[8]
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	bx	lr
+.size	_bsaes_decrypt8,.-_bsaes_decrypt8
+
+.type	_bsaes_const,%object
+.align	6
+_bsaes_const:
+.LM0ISR:	@ InvShiftRows constants
+	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
+.LISR:
+	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
+.LISRM0:
+	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
+.LM0SR:		@ ShiftRows constants
+	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
+.LSR:
+	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
+.LSRM0:
+	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
+.LM0:
+	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
+.LREVM0SR:
+	.quad	0x090d01050c000408, 0x03070b0f060a0e02
+.asciz	"Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	6
+.size	_bsaes_const,.-_bsaes_const
+
+.type	_bsaes_encrypt8,%function
+.align	4
+_bsaes_encrypt8:
+	adr	$const,.
+	vldmia	$key!, {@XMM[9]}		@ round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0SR
+#else
+	sub	$const,$const,#_bsaes_encrypt8-.LM0SR
+#endif
+
+	vldmia	$const!, {@XMM[8]}		@ .LM0SR
+_bsaes_encrypt8_alt:
+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
+	veor	@XMM[11], @XMM[1], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	veor	@XMM[12], @XMM[2], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+	veor	@XMM[13], @XMM[3], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
+	veor	@XMM[14], @XMM[4], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
+	veor	@XMM[15], @XMM[5], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
+	veor	@XMM[10], @XMM[6], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
+	veor	@XMM[11], @XMM[7], @XMM[9]
+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
+_bsaes_encrypt8_bitslice:
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	sub	$rounds,$rounds,#1
+	b	.Lenc_sbox
+.align	4
+.Lenc_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8..12]);
+$code.=".Lenc_sbox:\n";
+	&Sbox		(@XMM[0..7, 8..15]);
+$code.=<<___;
+	subs	$rounds,$rounds,#1
+	bcc	.Lenc_done
+___
+	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
+$code.=<<___;
+	vldmia	$const, {@XMM[12]}		@ .LSR
+	ite	eq				@ Thumb2 thing, samity check in ARM
+	addeq	$const,$const,#0x10
+	bne	.Lenc_loop
+	vldmia	$const, {@XMM[12]}		@ .LSRM0
+	b	.Lenc_loop
+.align	4
+.Lenc_done:
+___
+	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
+	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
+$code.=<<___;
+	vldmia	$key, {@XMM[8]}			@ last round key
+	veor	@XMM[4], @XMM[4], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[8]
+	veor	@XMM[3], @XMM[3], @XMM[8]
+	veor	@XMM[7], @XMM[7], @XMM[8]
+	veor	@XMM[2], @XMM[2], @XMM[8]
+	veor	@XMM[5], @XMM[5], @XMM[8]
+	veor	@XMM[0], @XMM[0], @XMM[8]
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	bx	lr
+.size	_bsaes_encrypt8,.-_bsaes_encrypt8
+___
+}
+{
+my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6");
+
+sub bitslice_key {
+my @x=reverse(@_[0..7]);
+my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
+
+	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
+$code.=<<___;
+	@ &swapmove(@x[2,3],1,$t0,$t2,$t3);
+	vmov	@x[2], @x[0]
+	vmov	@x[3], @x[1]
+___
+	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+
+	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
+$code.=<<___;
+	@ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+	vmov	@x[4], @x[0]
+	vmov	@x[6], @x[2]
+	vmov	@x[5], @x[1]
+	vmov	@x[7], @x[3]
+___
+	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
+	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
+}
+
+$code.=<<___;
+.type	_bsaes_key_convert,%function
+.align	4
+_bsaes_key_convert:
+	adr	$const,.
+	vld1.8	{@XMM[7]},  [$inp]!		@ load round 0 key
+#if defined(__thumb2__) || defined(__APPLE__)
+	adr	$const,.LM0
+#else
+	sub	$const,$const,#_bsaes_key_convert-.LM0
+#endif
+	vld1.8	{@XMM[15]}, [$inp]!		@ load round 1 key
+
+	vmov.i8	@XMM[8],  #0x01			@ bit masks
+	vmov.i8	@XMM[9],  #0x02
+	vmov.i8	@XMM[10], #0x04
+	vmov.i8	@XMM[11], #0x08
+	vmov.i8	@XMM[12], #0x10
+	vmov.i8	@XMM[13], #0x20
+	vldmia	$const, {@XMM[14]}		@ .LM0
+
+#ifdef __ARMEL__
+	vrev32.8	@XMM[7],  @XMM[7]
+	vrev32.8	@XMM[15], @XMM[15]
+#endif
+	sub	$rounds,$rounds,#1
+	vstmia	$out!, {@XMM[7]}		@ save round 0 key
+	b	.Lkey_loop
+
+.align	4
+.Lkey_loop:
+	vtbl.8	`&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])`
+	vtbl.8	`&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])`
+	vmov.i8	@XMM[6],  #0x40
+	vmov.i8	@XMM[15], #0x80
+
+	vtst.8	@XMM[0], @XMM[7], @XMM[8]
+	vtst.8	@XMM[1], @XMM[7], @XMM[9]
+	vtst.8	@XMM[2], @XMM[7], @XMM[10]
+	vtst.8	@XMM[3], @XMM[7], @XMM[11]
+	vtst.8	@XMM[4], @XMM[7], @XMM[12]
+	vtst.8	@XMM[5], @XMM[7], @XMM[13]
+	vtst.8	@XMM[6], @XMM[7], @XMM[6]
+	vtst.8	@XMM[7], @XMM[7], @XMM[15]
+	vld1.8	{@XMM[15]}, [$inp]!		@ load next round key
+	vmvn	@XMM[0], @XMM[0]		@ "pnot"
+	vmvn	@XMM[1], @XMM[1]
+	vmvn	@XMM[5], @XMM[5]
+	vmvn	@XMM[6], @XMM[6]
+#ifdef __ARMEL__
+	vrev32.8	@XMM[15], @XMM[15]
+#endif
+	subs	$rounds,$rounds,#1
+	vstmia	$out!,{@XMM[0]-@XMM[7]}		@ write bit-sliced round key
+	bne	.Lkey_loop
+
+	vmov.i8	@XMM[7],#0x63			@ compose .L63
+	@ don't save last round key
+	bx	lr
+.size	_bsaes_key_convert,.-_bsaes_key_convert
+___
+}
+
+if (0) {		# following four functions are unsupported interface
+			# used for benchmarking...
+$code.=<<___;
+.globl	bsaes_enc_key_convert
+.type	bsaes_enc_key_convert,%function
+.align	4
+bsaes_enc_key_convert:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	ldr	r5,[$inp,#240]			@ pass rounds
+	mov	r4,$inp				@ pass key
+	mov	r12,$out			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
+
+.globl	bsaes_encrypt_128
+.type	bsaes_encrypt_128,%function
+.align	4
+bsaes_encrypt_128:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+.Lenc128_loop:
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+	mov	r4,$key				@ pass the key
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5,#10				@ pass rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
+
+	bl	_bsaes_encrypt8
+
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	subs	$len,$len,#0x80
+	vst1.8	{@XMM[5]}, [$out]!
+	bhi	.Lenc128_loop
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_encrypt_128,.-bsaes_encrypt_128
+
+.globl	bsaes_dec_key_convert
+.type	bsaes_dec_key_convert,%function
+.align	4
+bsaes_dec_key_convert:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	ldr	r5,[$inp,#240]			@ pass rounds
+	mov	r4,$inp				@ pass key
+	mov	r12,$out			@ pass key schedule
+	bl	_bsaes_key_convert
+	vldmia	$out, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	$out, {@XMM[7]}
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
+
+.globl	bsaes_decrypt_128
+.type	bsaes_decrypt_128,%function
+.align	4
+bsaes_decrypt_128:
+	stmdb	sp!,{r4-r6,lr}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+.Ldec128_loop:
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+	mov	r4,$key				@ pass the key
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5,#10				@ pass rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
+
+	bl	_bsaes_decrypt8
+
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	subs	$len,$len,#0x80
+	vst1.8	{@XMM[5]}, [$out]!
+	bhi	.Ldec128_loop
+
+	vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r6,pc}
+.size	bsaes_decrypt_128,.-bsaes_decrypt_128
+___
+}
+{
+my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10));
+my ($keysched)=("sp");
+
+$code.=<<___;
+.extern AES_cbc_encrypt
+.extern AES_decrypt
+
+.global	bsaes_cbc_encrypt
+.type	bsaes_cbc_encrypt,%function
+.align	5
+bsaes_cbc_encrypt:
+#ifndef	__KERNEL__
+	cmp	$len, #128
+#ifndef	__thumb__
+	blo	AES_cbc_encrypt
+#else
+	bhs	1f
+	b	AES_cbc_encrypt
+1:
+#endif
+#endif
+
+	@ it is up to the caller to make sure we are called with enc == 0
+
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}
+	VFP_ABI_PUSH
+	ldr	$ivp, [ip]			@ IV is 1st arg on the stack
+	mov	$len, $len, lsr#4		@ len in 16 byte blocks
+	sub	sp, #0x10			@ scratch space to carry over the IV
+	mov	$fp, sp				@ save sp
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	add	r12, #`128-32`			@ sifze of bit-slices key schedule
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12				@ sp is $keysched
+	bl	_bsaes_key_convert
+	vldmia	$keysched, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	$keysched, {@XMM[7]}
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	@ populate the key schedule
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, $key, #248
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12, {@XMM[15]}			@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+
+.align	2
+0:
+#endif
+
+	vld1.8	{@XMM[15]}, [$ivp]		@ load IV
+	b	.Lcbc_dec_loop
+
+.align	4
+.Lcbc_dec_loop:
+	subs	$len, $len, #0x8
+	bmi	.Lcbc_dec_loop_finish
+
+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	mov	r4, $keysched			@ pass the key
+#else
+	add	r4, $key, #248
+#endif
+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
+	mov	r5, $rounds
+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]
+	sub	$inp, $inp, #0x60
+	vstmia	$fp, {@XMM[15]}			@ put aside IV
+
+	bl	_bsaes_decrypt8
+
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[14]-@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[3], @XMM[3], @XMM[13]
+	vst1.8	{@XMM[6]}, [$out]!
+	veor	@XMM[5], @XMM[5], @XMM[14]
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	vst1.8	{@XMM[5]}, [$out]!
+
+	b	.Lcbc_dec_loop
+
+.Lcbc_dec_loop_finish:
+	adds	$len, $len, #8
+	beq	.Lcbc_dec_done
+
+	vld1.8	{@XMM[0]}, [$inp]!		@ load input
+	cmp	$len, #2
+	blo	.Lcbc_dec_one
+	vld1.8	{@XMM[1]}, [$inp]!
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	mov	r4, $keysched			@ pass the key
+#else
+	add	r4, $key, #248
+#endif
+	mov	r5, $rounds
+	vstmia	$fp, {@XMM[15]}			@ put aside IV
+	beq	.Lcbc_dec_two
+	vld1.8	{@XMM[2]}, [$inp]!
+	cmp	$len, #4
+	blo	.Lcbc_dec_three
+	vld1.8	{@XMM[3]}, [$inp]!
+	beq	.Lcbc_dec_four
+	vld1.8	{@XMM[4]}, [$inp]!
+	cmp	$len, #6
+	blo	.Lcbc_dec_five
+	vld1.8	{@XMM[5]}, [$inp]!
+	beq	.Lcbc_dec_six
+	vld1.8	{@XMM[6]}, [$inp]!
+	sub	$inp, $inp, #0x70
+
+	bl	_bsaes_decrypt8
+
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[3], @XMM[3], @XMM[13]
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	vst1.8	{@XMM[3]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_six:
+	sub	$inp, $inp, #0x60
+	bl	_bsaes_decrypt8
+	vldmia	$fp,{@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[12]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[7], @XMM[7], @XMM[12]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	vst1.8	{@XMM[7]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_five:
+	sub	$inp, $inp, #0x50
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor	@XMM[2], @XMM[2], @XMM[11]
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	vst1.8	{@XMM[2]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_four:
+	sub	$inp, $inp, #0x40
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[10]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[4], @XMM[4], @XMM[10]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	vst1.8	{@XMM[4]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_three:
+	sub	$inp, $inp, #0x30
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[15]}, [$inp]!
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	veor	@XMM[6], @XMM[6], @XMM[9]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	vst1.8	{@XMM[6]}, [$out]!
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_two:
+	sub	$inp, $inp, #0x20
+	bl	_bsaes_decrypt8
+	vldmia	$fp, {@XMM[14]}			@ reload IV
+	vld1.8	{@XMM[8]}, [$inp]!		@ reload input
+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
+	vld1.8	{@XMM[15]}, [$inp]!		@ reload input
+	veor	@XMM[1], @XMM[1], @XMM[8]
+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	b	.Lcbc_dec_done
+.align	4
+.Lcbc_dec_one:
+	sub	$inp, $inp, #0x10
+	mov	$rounds, $out			@ save original out pointer
+	mov	$out, $fp			@ use the iv scratch space as out buffer
+	mov	r2, $key
+	vmov	@XMM[4],@XMM[15]		@ just in case ensure that IV
+	vmov	@XMM[5],@XMM[0]			@ and input are preserved
+	bl	AES_decrypt
+	vld1.8	{@XMM[0]}, [$fp]		@ load result
+	veor	@XMM[0], @XMM[0], @XMM[4]	@ ^= IV
+	vmov	@XMM[15], @XMM[5]		@ @XMM[5] holds input
+	vst1.8	{@XMM[0]}, [$rounds]		@ write output
+
+.Lcbc_dec_done:
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+.Lcbc_dec_bzero:				@ wipe key schedule [if any]
+	vstmia		$keysched!, {q0-q1}
+	cmp		$keysched, $fp
+	bne		.Lcbc_dec_bzero
+#endif
+
+	mov	sp, $fp
+	add	sp, #0x10			@ add sp,$fp,#0x10 is no good for thumb
+	vst1.8	{@XMM[15]}, [$ivp]		@ return IV
+	VFP_ABI_POP
+	ldmia	sp!, {r4-r10, pc}
+.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+___
+}
+{
+my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10)));
+my $const = "r6";	# shared with _bsaes_encrypt8_alt
+my $keysched = "sp";
+
+$code.=<<___;
+.extern	AES_encrypt
+.global	bsaes_ctr32_encrypt_blocks
+.type	bsaes_ctr32_encrypt_blocks,%function
+.align	5
+bsaes_ctr32_encrypt_blocks:
+	cmp	$len, #8			@ use plain AES for
+	blo	.Lctr_enc_short			@ small sizes
+
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}
+	VFP_ABI_PUSH
+	ldr	$ctr, [ip]			@ ctr is 1st arg on the stack
+	sub	sp, sp, #0x10			@ scratch space to carry over the ctr
+	mov	$fp, sp				@ save sp
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	add	r12, #`128-32`			@ size of bit-sliced key schedule
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12				@ sp is $keysched
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
+#ifdef	__APPLE__
+	mov	$ctr, #:lower16:(.LREVM0SR-.LM0)
+	add	$ctr, $const, $ctr
+#else
+	add	$ctr, $const, #.LREVM0SR-.LM0	@ borrow $ctr
+#endif
+	vldmia	$keysched, {@XMM[4]}		@ load round0 key
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	@ populate the key schedule
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+
+.align	2
+0:	add	r12, $key, #248
+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
+	adrl	$ctr, .LREVM0SR			@ borrow $ctr
+	vldmia	r12, {@XMM[4]}			@ load round0 key
+	sub	sp, #0x10			@ place for adjusted round0 key
+#endif
+
+	vmov.i32	@XMM[8],#1		@ compose 1<<96
+	veor		@XMM[9],@XMM[9],@XMM[9]
+	vrev32.8	@XMM[0],@XMM[0]
+	vext.8		@XMM[8],@XMM[9],@XMM[8],#4
+	vrev32.8	@XMM[4],@XMM[4]
+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]	@ compose 2<<96
+	vstmia	$keysched, {@XMM[4]}		@ save adjusted round0 key
+	b	.Lctr_enc_loop
+
+.align	4
+.Lctr_enc_loop:
+	vadd.u32	@XMM[10], @XMM[8], @XMM[9]	@ compose 3<<96
+	vadd.u32	@XMM[1], @XMM[0], @XMM[8]	@ +1
+	vadd.u32	@XMM[2], @XMM[0], @XMM[9]	@ +2
+	vadd.u32	@XMM[3], @XMM[0], @XMM[10]	@ +3
+	vadd.u32	@XMM[4], @XMM[1], @XMM[10]
+	vadd.u32	@XMM[5], @XMM[2], @XMM[10]
+	vadd.u32	@XMM[6], @XMM[3], @XMM[10]
+	vadd.u32	@XMM[7], @XMM[4], @XMM[10]
+	vadd.u32	@XMM[10], @XMM[5], @XMM[10]	@ next counter
+
+	@ Borrow prologue from _bsaes_encrypt8 to use the opportunity
+	@ to flip byte order in 32-bit counter
+
+	vldmia		$keysched, {@XMM[9]}		@ load round0 key
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, $keysched, #0x10		@ pass next round key
+#else
+	add		r4, $key, #`248+16`
+#endif
+	vldmia		$ctr, {@XMM[8]}			@ .LREVM0SR
+	mov		r5, $rounds			@ pass rounds
+	vstmia		$fp, {@XMM[10]}			@ save next counter
+#ifdef	__APPLE__
+	mov		$const, #:lower16:(.LREVM0SR-.LSR)
+	sub		$const, $ctr, $const
+#else
+	sub		$const, $ctr, #.LREVM0SR-.LSR	@ pass constants
+#endif
+
+	bl		_bsaes_encrypt8_alt
+
+	subs		$len, $len, #8
+	blo		.Lctr_enc_loop_done
+
+	vld1.8		{@XMM[8]-@XMM[9]}, [$inp]!	@ load input
+	vld1.8		{@XMM[10]-@XMM[11]}, [$inp]!
+	veor		@XMM[0], @XMM[8]
+	veor		@XMM[1], @XMM[9]
+	vld1.8		{@XMM[12]-@XMM[13]}, [$inp]!
+	veor		@XMM[4], @XMM[10]
+	veor		@XMM[6], @XMM[11]
+	vld1.8		{@XMM[14]-@XMM[15]}, [$inp]!
+	veor		@XMM[3], @XMM[12]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!	@ write output
+	veor		@XMM[7], @XMM[13]
+	veor		@XMM[2], @XMM[14]
+	vst1.8		{@XMM[4]}, [$out]!
+	veor		@XMM[5], @XMM[15]
+	vst1.8		{@XMM[6]}, [$out]!
+	vmov.i32	@XMM[8], #1			@ compose 1<<96
+	vst1.8		{@XMM[3]}, [$out]!
+	veor		@XMM[9], @XMM[9], @XMM[9]
+	vst1.8		{@XMM[7]}, [$out]!
+	vext.8		@XMM[8], @XMM[9], @XMM[8], #4
+	vst1.8		{@XMM[2]}, [$out]!
+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]		@ compose 2<<96
+	vst1.8		{@XMM[5]}, [$out]!
+	vldmia		$fp, {@XMM[0]}			@ load counter
+
+	bne		.Lctr_enc_loop
+	b		.Lctr_enc_done
+
+.align	4
+.Lctr_enc_loop_done:
+	add		$len, $len, #8
+	vld1.8		{@XMM[8]}, [$inp]!	@ load input
+	veor		@XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!	@ write output
+	cmp		$len, #2
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[9]}, [$inp]!
+	veor		@XMM[1], @XMM[9]
+	vst1.8		{@XMM[1]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[10]}, [$inp]!
+	veor		@XMM[4], @XMM[10]
+	vst1.8		{@XMM[4]}, [$out]!
+	cmp		$len, #4
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[11]}, [$inp]!
+	veor		@XMM[6], @XMM[11]
+	vst1.8		{@XMM[6]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[12]}, [$inp]!
+	veor		@XMM[3], @XMM[12]
+	vst1.8		{@XMM[3]}, [$out]!
+	cmp		$len, #6
+	blo		.Lctr_enc_done
+	vld1.8		{@XMM[13]}, [$inp]!
+	veor		@XMM[7], @XMM[13]
+	vst1.8		{@XMM[7]}, [$out]!
+	beq		.Lctr_enc_done
+	vld1.8		{@XMM[14]}, [$inp]
+	veor		@XMM[2], @XMM[14]
+	vst1.8		{@XMM[2]}, [$out]!
+
+.Lctr_enc_done:
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifndef	BSAES_ASM_EXTENDED_KEY
+.Lctr_enc_bzero:			@ wipe key schedule [if any]
+	vstmia		$keysched!, {q0-q1}
+	cmp		$keysched, $fp
+	bne		.Lctr_enc_bzero
+#else
+	vstmia		$keysched, {q0-q1}
+#endif
+
+	mov	sp, $fp
+	add	sp, #0x10		@ add sp,$fp,#0x10 is no good for thumb
+	VFP_ABI_POP
+	ldmia	sp!, {r4-r10, pc}	@ return
+
+.align	4
+.Lctr_enc_short:
+	ldr	ip, [sp]		@ ctr pointer is passed on stack
+	stmdb	sp!, {r4-r8, lr}
+
+	mov	r4, $inp		@ copy arguments
+	mov	r5, $out
+	mov	r6, $len
+	mov	r7, $key
+	ldr	r8, [ip, #12]		@ load counter LSW
+	vld1.8	{@XMM[1]}, [ip]		@ load whole counter value
+#ifdef __ARMEL__
+	rev	r8, r8
+#endif
+	sub	sp, sp, #0x10
+	vst1.8	{@XMM[1]}, [sp]		@ copy counter value
+	sub	sp, sp, #0x10
+
+.Lctr_enc_short_loop:
+	add	r0, sp, #0x10		@ input counter value
+	mov	r1, sp			@ output on the stack
+	mov	r2, r7			@ key
+
+	bl	AES_encrypt
+
+	vld1.8	{@XMM[0]}, [r4]!	@ load input
+	vld1.8	{@XMM[1]}, [sp]		@ load encrypted counter
+	add	r8, r8, #1
+#ifdef __ARMEL__
+	rev	r0, r8
+	str	r0, [sp, #0x1c]		@ next counter value
+#else
+	str	r8, [sp, #0x1c]		@ next counter value
+#endif
+	veor	@XMM[0],@XMM[0],@XMM[1]
+	vst1.8	{@XMM[0]}, [r5]!	@ store output
+	subs	r6, r6, #1
+	bne	.Lctr_enc_short_loop
+
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+	vstmia		sp!, {q0-q1}
+
+	ldmia	sp!, {r4-r8, pc}
+.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+___
+}
+{
+######################################################################
+# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+my ($inp,$out,$len,$key,$rounds,$magic,$fp)=(map("r$_",(7..10,1..3)));
+my $const="r6";		# returned by _bsaes_key_convert
+my $twmask=@XMM[5];
+my @T=@XMM[6..7];
+
+$code.=<<___;
+.globl	bsaes_xts_encrypt
+.type	bsaes_xts_encrypt,%function
+.align	4
+bsaes_xts_encrypt:
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}		@ 0x20
+	VFP_ABI_PUSH
+	mov	r6, sp				@ future $fp
+
+	mov	$inp, r0
+	mov	$out, r1
+	mov	$len, r2
+	mov	$key, r3
+
+	sub	r0, sp, #0x10			@ 0x10
+	bic	r0, #0xf			@ align at 16 bytes
+	mov	sp, r0
+
+#ifdef	XTS_CHAIN_TWEAK
+	ldr	r0, [ip]			@ pointer to input tweak
+#else
+	@ generate initial tweak
+	ldr	r0, [ip, #4]			@ iv[]
+	mov	r1, sp
+	ldr	r2, [ip, #0]			@ key2
+	bl	AES_encrypt
+	mov	r0,sp				@ pointer to initial tweak
+#endif
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+	mov	$fp, r6
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
+	sub	r12, #`32+16`			@ place for tweak[9]
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12
+	add	r12, #0x90			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}			@ save last round key
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
+	vstmia	r12, {@XMM[7]}
+
+.align	2
+0:	sub	sp, #0x90			@ place for tweak[9]
+#endif
+
+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
+	adr	$magic, .Lxts_magic
+
+	subs	$len, #0x80
+	blo	.Lxts_enc_short
+	b	.Lxts_enc_loop
+
+.align	4
+.Lxts_enc_loop:
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
+	vst1.64		{@XMM[15]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	veor		@XMM[8], @XMM[8], @T[0]
+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	veor		@XMM[7], @XMM[7], @XMM[15]
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[2], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	veor		@XMM[13], @XMM[5], @XMM[15]
+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	subs		$len, #0x80
+	bpl		.Lxts_enc_loop
+
+.Lxts_enc_short:
+	adds		$len, #0x70
+	bmi		.Lxts_enc_done
+
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+	subs		$len, #0x10
+	bmi		.Lxts_enc_`$i-9`
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	sub		$len, #0x10
+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vld1.64		{@XMM[14]}, [r0,:128]!
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[2], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	vst1.8		{@XMM[12]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_6:
+	veor		@XMM[4], @XMM[4], @XMM[12]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[5], @XMM[5], @XMM[13]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+
+@ put this in range for both ARM and Thumb mode adr instructions
+.align	5
+.Lxts_magic:
+	.quad	1, 0x87
+
+.align	5
+.Lxts_enc_5:
+	veor		@XMM[3], @XMM[3], @XMM[11]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[4], @XMM[4], @XMM[12]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	veor		@XMM[10], @XMM[3], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	vst1.8		{@XMM[10]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_4:
+	veor		@XMM[2], @XMM[2], @XMM[10]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[3], @XMM[3], @XMM[11]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[6], @XMM[11]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_3:
+	veor		@XMM[1], @XMM[1], @XMM[9]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[2], @XMM[2], @XMM[10]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	vld1.64		{@XMM[10]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[4], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	vst1.8		{@XMM[8]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_2:
+	veor		@XMM[0], @XMM[0], @XMM[8]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[1], @XMM[1], @XMM[9]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_encrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_enc_done
+.align	4
+.Lxts_enc_1:
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp				@ preserve fp
+
+	bl		AES_encrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!
+	mov		$fp, r4
+
+	vmov		@XMM[8], @XMM[9]		@ next round tweak
+
+.Lxts_enc_done:
+#ifndef	XTS_CHAIN_TWEAK
+	adds		$len, #0x10
+	beq		.Lxts_enc_ret
+	sub		r6, $out, #0x10
+
+.Lxts_enc_steal:
+	ldrb		r0, [$inp], #1
+	ldrb		r1, [$out, #-0x10]
+	strb		r0, [$out, #-0x10]
+	strb		r1, [$out], #1
+
+	subs		$len, #1
+	bhi		.Lxts_enc_steal
+
+	vld1.8		{@XMM[0]}, [r6]
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp			@ preserve fp
+
+	bl		AES_encrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [r6]
+	mov		$fp, r4
+#endif
+
+.Lxts_enc_ret:
+	bic		r0, $fp, #0xf
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifdef	XTS_CHAIN_TWEAK
+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
+#endif
+.Lxts_enc_bzero:				@ wipe key schedule [if any]
+	vstmia		sp!, {q0-q1}
+	cmp		sp, r0
+	bne		.Lxts_enc_bzero
+
+	mov		sp, $fp
+#ifdef	XTS_CHAIN_TWEAK
+	vst1.8		{@XMM[8]}, [r1]
+#endif
+	VFP_ABI_POP
+	ldmia		sp!, {r4-r10, pc}	@ return
+
+.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+
+.globl	bsaes_xts_decrypt
+.type	bsaes_xts_decrypt,%function
+.align	4
+bsaes_xts_decrypt:
+	mov	ip, sp
+	stmdb	sp!, {r4-r10, lr}		@ 0x20
+	VFP_ABI_PUSH
+	mov	r6, sp				@ future $fp
+
+	mov	$inp, r0
+	mov	$out, r1
+	mov	$len, r2
+	mov	$key, r3
+
+	sub	r0, sp, #0x10			@ 0x10
+	bic	r0, #0xf			@ align at 16 bytes
+	mov	sp, r0
+
+#ifdef	XTS_CHAIN_TWEAK
+	ldr	r0, [ip]			@ pointer to input tweak
+#else
+	@ generate initial tweak
+	ldr	r0, [ip, #4]			@ iv[]
+	mov	r1, sp
+	ldr	r2, [ip, #0]			@ key2
+	bl	AES_encrypt
+	mov	r0, sp				@ pointer to initial tweak
+#endif
+
+	ldr	$rounds, [$key, #240]		@ get # of rounds
+	mov	$fp, r6
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	@ allocate the key schedule on the stack
+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
+	sub	r12, #`32+16`			@ place for tweak[9]
+
+	@ populate the key schedule
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	mov	sp, r12
+	add	r12, #0x90			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, sp, #0x90
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+#else
+	ldr	r12, [$key, #244]
+	eors	r12, #1
+	beq	0f
+
+	str	r12, [$key, #244]
+	mov	r4, $key			@ pass key
+	mov	r5, $rounds			@ pass # of rounds
+	add	r12, $key, #248			@ pass key schedule
+	bl	_bsaes_key_convert
+	add	r4, $key, #248
+	vldmia	r4, {@XMM[6]}
+	vstmia	r12,  {@XMM[15]}		@ save last round key
+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
+	vstmia	r4, {@XMM[7]}
+
+.align	2
+0:	sub	sp, #0x90			@ place for tweak[9]
+#endif
+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
+	adr	$magic, .Lxts_magic
+
+#ifndef	XTS_CHAIN_TWEAK
+	tst	$len, #0xf			@ if not multiple of 16
+	it	ne				@ Thumb2 thing, sanity check in ARM
+	subne	$len, #0x10			@ subtract another 16 bytes
+#endif
+	subs	$len, #0x80
+
+	blo	.Lxts_dec_short
+	b	.Lxts_dec_loop
+
+.align	4
+.Lxts_dec_loop:
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
+	vst1.64		{@XMM[15]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	veor		@XMM[8], @XMM[8], @T[0]
+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	veor		@XMM[7], @XMM[7], @XMM[15]
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[3], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	veor		@XMM[13], @XMM[5], @XMM[15]
+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+
+	subs		$len, #0x80
+	bpl		.Lxts_dec_loop
+
+.Lxts_dec_short:
+	adds		$len, #0x70
+	bmi		.Lxts_dec_done
+
+	vldmia		$magic, {$twmask}	@ load XTS magic
+	vshr.s64	@T[0], @XMM[8], #63
+	mov		r0, sp
+	vand		@T[0], @T[0], $twmask
+___
+for($i=9;$i<16;$i++) {
+$code.=<<___;
+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
+	vshr.s64	@T[1], @XMM[$i], #63
+	veor		@XMM[$i], @XMM[$i], @T[0]
+	vand		@T[1], @T[1], $twmask
+___
+	@T=reverse(@T);
+
+$code.=<<___ if ($i>=10);
+	vld1.8		{@XMM[$i-10]}, [$inp]!
+	subs		$len, #0x10
+	bmi		.Lxts_dec_`$i-9`
+___
+$code.=<<___ if ($i>=11);
+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
+___
+}
+$code.=<<___;
+	sub		$len, #0x10
+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
+
+	vld1.8		{@XMM[6]}, [$inp]!
+	veor		@XMM[5], @XMM[5], @XMM[13]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[6], @XMM[6], @XMM[14]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vld1.64		{@XMM[14]}, [r0,:128]!
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	veor		@XMM[12], @XMM[3], @XMM[14]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+	vst1.8		{@XMM[12]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_6:
+	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
+
+	veor		@XMM[4], @XMM[4], @XMM[12]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[5], @XMM[5], @XMM[13]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	veor		@XMM[11], @XMM[7], @XMM[13]
+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_5:
+	veor		@XMM[3], @XMM[3], @XMM[11]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[4], @XMM[4], @XMM[12]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	vld1.64		{@XMM[12]}, [r0,:128]!
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	veor		@XMM[10], @XMM[2], @XMM[12]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+	vst1.8		{@XMM[10]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_4:
+	veor		@XMM[2], @XMM[2], @XMM[10]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[3], @XMM[3], @XMM[11]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	veor		@XMM[9], @XMM[4], @XMM[11]
+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_3:
+	veor		@XMM[1], @XMM[1], @XMM[9]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[2], @XMM[2], @XMM[10]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	vld1.64		{@XMM[10]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	veor		@XMM[8], @XMM[6], @XMM[10]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+	vst1.8		{@XMM[8]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_2:
+	veor		@XMM[0], @XMM[0], @XMM[8]
+#ifndef	BSAES_ASM_EXTENDED_KEY
+	add		r4, sp, #0x90			@ pass key schedule
+#else
+	add		r4, $key, #248			@ pass key schedule
+#endif
+	veor		@XMM[1], @XMM[1], @XMM[9]
+	mov		r5, $rounds			@ pass rounds
+	mov		r0, sp
+
+	bl		_bsaes_decrypt8
+
+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
+	veor		@XMM[0], @XMM[0], @XMM[ 8]
+	veor		@XMM[1], @XMM[1], @XMM[ 9]
+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
+
+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
+	b		.Lxts_dec_done
+.align	4
+.Lxts_dec_1:
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r5, $magic			@ preserve magic
+	mov		r2, $key
+	mov		r4, $fp				@ preserve fp
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [$out]!
+	mov		$fp, r4
+	mov		$magic, r5
+
+	vmov		@XMM[8], @XMM[9]		@ next round tweak
+
+.Lxts_dec_done:
+#ifndef	XTS_CHAIN_TWEAK
+	adds		$len, #0x10
+	beq		.Lxts_dec_ret
+
+	@ calculate one round of extra tweak for the stolen ciphertext
+	vldmia		$magic, {$twmask}
+	vshr.s64	@XMM[6], @XMM[8], #63
+	vand		@XMM[6], @XMM[6], $twmask
+	vadd.u64	@XMM[9], @XMM[8], @XMM[8]
+	vswp		`&Dhi("@XMM[6]")`,`&Dlo("@XMM[6]")`
+	veor		@XMM[9], @XMM[9], @XMM[6]
+
+	@ perform the final decryption with the last tweak value
+	vld1.8		{@XMM[0]}, [$inp]!
+	mov		r0, sp
+	veor		@XMM[0], @XMM[0], @XMM[9]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+	mov		r4, $fp			@ preserve fp
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[9]
+	vst1.8		{@XMM[0]}, [$out]
+
+	mov		r6, $out
+.Lxts_dec_steal:
+	ldrb		r1, [$out]
+	ldrb		r0, [$inp], #1
+	strb		r1, [$out, #0x10]
+	strb		r0, [$out], #1
+
+	subs		$len, #1
+	bhi		.Lxts_dec_steal
+
+	vld1.8		{@XMM[0]}, [r6]
+	mov		r0, sp
+	veor		@XMM[0], @XMM[8]
+	mov		r1, sp
+	vst1.8		{@XMM[0]}, [sp,:128]
+	mov		r2, $key
+
+	bl		AES_decrypt
+
+	vld1.8		{@XMM[0]}, [sp,:128]
+	veor		@XMM[0], @XMM[0], @XMM[8]
+	vst1.8		{@XMM[0]}, [r6]
+	mov		$fp, r4
+#endif
+
+.Lxts_dec_ret:
+	bic		r0, $fp, #0xf
+	vmov.i32	q0, #0
+	vmov.i32	q1, #0
+#ifdef	XTS_CHAIN_TWEAK
+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
+#endif
+.Lxts_dec_bzero:				@ wipe key schedule [if any]
+	vstmia		sp!, {q0-q1}
+	cmp		sp, r0
+	bne		.Lxts_dec_bzero
+
+	mov		sp, $fp
+#ifdef	XTS_CHAIN_TWEAK
+	vst1.8		{@XMM[8]}, [r1]
+#endif
+	VFP_ABI_POP
+	ldmia		sp!, {r4-r10, pc}	@ return
+
+.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+___
+}
+$code.=<<___;
+#endif
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+        last if (!s/^#/@/ and !/^$/);
+        print;
+}
+close SELF;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/bsaes-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/bsaes-x86_64.pl
new file mode 100644
index 0000000..921d870
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/bsaes-x86_64.pl
@@ -0,0 +1,3111 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+###################################################################
+### AES-128 [originally in CTR mode]				###
+### bitsliced implementation for Intel Core 2 processors	###
+### requires support of SSE extensions up to SSSE3		###
+### Author: Emilia Käsper and Peter Schwabe			###
+### Date: 2009-03-19						###
+### Public domain						###
+###								###
+### See http://homes.esat.kuleuven.be/~ekasper/#software for	###
+### further information.					###
+###################################################################
+#
+# September 2011.
+#
+# Started as transliteration to "perlasm" the original code has
+# undergone following changes:
+#
+# - code was made position-independent;
+# - rounds were folded into a loop resulting in >5x size reduction
+#   from 12.5KB to 2.2KB;
+# - above was possibile thanks to mixcolumns() modification that
+#   allowed to feed its output back to aesenc[last], this was
+#   achieved at cost of two additional inter-registers moves;
+# - some instruction reordering and interleaving;
+# - this module doesn't implement key setup subroutine, instead it
+#   relies on conversion of "conventional" key schedule as returned
+#   by AES_set_encrypt_key (see discussion below);
+# - first and last round keys are treated differently, which allowed
+#   to skip one shiftrows(), reduce bit-sliced key schedule and
+#   speed-up conversion by 22%;
+# - support for 192- and 256-bit keys was added;
+#
+# Resulting performance in CPU cycles spent to encrypt one byte out
+# of 4096-byte buffer with 128-bit key is:
+#
+#		Emilia's	this(*)		difference
+#
+# Core 2    	9.30		8.69		+7%
+# Nehalem(**) 	7.63		6.88		+11%
+# Atom	    	17.1		16.4		+4%
+# Silvermont	-		12.9
+# Goldmont	-		8.85
+#
+# (*)	Comparison is not completely fair, because "this" is ECB,
+#	i.e. no extra processing such as counter values calculation
+#	and xor-ing input as in Emilia's CTR implementation is
+#	performed. However, the CTR calculations stand for not more
+#	than 1% of total time, so comparison is *rather* fair.
+#
+# (**)	Results were collected on Westmere, which is considered to
+#	be equivalent to Nehalem for this code.
+#
+# As for key schedule conversion subroutine. Interface to OpenSSL
+# relies on per-invocation on-the-fly conversion. This naturally
+# has impact on performance, especially for short inputs. Conversion
+# time in CPU cycles and its ratio to CPU cycles spent in 8x block
+# function is:
+#
+# 		conversion	conversion/8x block
+# Core 2	240		0.22
+# Nehalem	180		0.20
+# Atom		430		0.20
+#
+# The ratio values mean that 128-byte blocks will be processed
+# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,
+# etc. Then keep in mind that input sizes not divisible by 128 are
+# *effectively* slower, especially shortest ones, e.g. consecutive
+# 144-byte blocks are processed 44% slower than one would expect,
+# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings"
+# it's still faster than ["hyper-threading-safe" code path in]
+# aes-x86_64.pl on all lengths above 64 bytes...
+#
+# October 2011.
+#
+# Add decryption procedure. Performance in CPU cycles spent to decrypt
+# one byte out of 4096-byte buffer with 128-bit key is:
+#
+# Core 2	9.98
+# Nehalem	7.80
+# Atom		17.9
+# Silvermont	14.0
+# Goldmont	10.2
+#
+# November 2011.
+#
+# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is
+# suboptimal, but XTS is meant to be used with larger blocks...
+#
+#						<appro@openssl.org>
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
+my @XMM=map("%xmm$_",(15,0..14));	# best on Atom, +10% over (0..15)
+my $ecb=0;	# suppress unreferenced ECB subroutines, spare some space...
+
+{
+my ($key,$rounds,$const)=("%rax","%r10d","%r11");
+
+sub Sbox {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InBasisChange	(@b);
+	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
+	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
+}
+
+sub InBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
+my @b=@_[0..7];
+$code.=<<___;
+	pxor	@b[6], @b[5]
+	pxor	@b[1], @b[2]
+	pxor	@b[0], @b[3]
+	pxor	@b[2], @b[6]
+	pxor 	@b[0], @b[5]
+
+	pxor	@b[3], @b[6]
+	pxor	@b[7], @b[3]
+	pxor	@b[5], @b[7]
+	pxor	@b[4], @b[3]
+	pxor	@b[5], @b[4]
+	pxor	@b[1], @b[3]
+
+	pxor	@b[7], @b[2]
+	pxor	@b[5], @b[1]
+___
+}
+
+sub OutBasisChange {
+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
+my @b=@_[0..7];
+$code.=<<___;
+	pxor	@b[6], @b[0]
+	pxor	@b[4], @b[1]
+	pxor	@b[0], @b[2]
+	pxor	@b[6], @b[4]
+	pxor	@b[1], @b[6]
+
+	pxor	@b[5], @b[1]
+	pxor	@b[3], @b[5]
+	pxor	@b[7], @b[3]
+	pxor	@b[5], @b[7]
+	pxor	@b[5], @b[2]
+
+	pxor	@b[7], @b[4]
+___
+}
+
+sub InvSbox {
+# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
+# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
+my @b=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+	&InvInBasisChange	(@b);
+	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
+	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
+}
+
+sub InvInBasisChange {		# OutBasisChange in reverse
+my @b=@_[5,1,2,6,3,7,0,4];
+$code.=<<___
+	pxor	@b[7], @b[4]
+
+	pxor	@b[5], @b[7]
+	pxor	@b[5], @b[2]
+	pxor	@b[7], @b[3]
+	pxor	@b[3], @b[5]
+	pxor	@b[5], @b[1]
+
+	pxor	@b[1], @b[6]
+	pxor	@b[0], @b[2]
+	pxor	@b[6], @b[4]
+	pxor	@b[6], @b[0]
+	pxor	@b[4], @b[1]
+___
+}
+
+sub InvOutBasisChange {		# InBasisChange in reverse
+my @b=@_[2,5,7,3,6,1,0,4];
+$code.=<<___;
+	pxor	@b[5], @b[1]
+	pxor	@b[7], @b[2]
+
+	pxor	@b[1], @b[3]
+	pxor	@b[5], @b[4]
+	pxor	@b[5], @b[7]
+	pxor	@b[4], @b[3]
+	 pxor 	@b[0], @b[5]
+	pxor	@b[7], @b[3]
+	 pxor	@b[2], @b[6]
+	 pxor	@b[1], @b[2]
+	pxor	@b[3], @b[6]
+
+	pxor	@b[0], @b[3]
+	pxor	@b[6], @b[5]
+___
+}
+
+sub Mul_GF4 {
+#;*************************************************************
+#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
+#;*************************************************************
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	pxor 	$y1, $t0
+	pand	$x0, $t0
+	pxor	$x1, $x0
+	pand	$y0, $x1
+	pand	$y1, $x0
+	pxor	$x1, $x0
+	pxor	$t0, $x1
+___
+}
+
+sub Mul_GF4_N {				# not used, see next subroutine
+# multiply and scale by N
+my ($x0,$x1,$y0,$y1,$t0)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	pxor	$y1, $t0
+	pand	$x0, $t0
+	pxor	$x1, $x0
+	pand	$y0, $x1
+	pand	$y1, $x0
+	pxor	$x0, $x1
+	pxor	$t0, $x0
+___
+}
+
+sub Mul_GF4_N_GF4 {
+# interleaved Mul_GF4_N and Mul_GF4
+my ($x0,$x1,$y0,$y1,$t0,
+    $x2,$x3,$y2,$y3,$t1)=@_;
+$code.=<<___;
+	movdqa	$y0, $t0
+	 movdqa	$y2, $t1
+	pxor	$y1, $t0
+	 pxor 	$y3, $t1
+	pand	$x0, $t0
+	 pand	$x2, $t1
+	pxor	$x1, $x0
+	 pxor	$x3, $x2
+	pand	$y0, $x1
+	 pand	$y2, $x3
+	pand	$y1, $x0
+	 pand	$y3, $x2
+	pxor	$x0, $x1
+	 pxor	$x3, $x2
+	pxor	$t0, $x0
+	 pxor	$t1, $x3
+___
+}
+sub Mul_GF16_2 {
+my @x=@_[0..7];
+my @y=@_[8..11];
+my @t=@_[12..15];
+$code.=<<___;
+	movdqa	@x[0], @t[0]
+	movdqa	@x[1], @t[1]
+___
+	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2]);
+$code.=<<___;
+	pxor	@x[2], @t[0]
+	pxor	@x[3], @t[1]
+	pxor	@y[2], @y[0]
+	pxor	@y[3], @y[1]
+___
+	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[2], @x[3], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	pxor	@t[0], @x[0]
+	pxor	@t[0], @x[2]
+	pxor	@t[1], @x[1]
+	pxor	@t[1], @x[3]
+
+	movdqa	@x[4], @t[0]
+	movdqa	@x[5], @t[1]
+	pxor	@x[6], @t[0]
+	pxor	@x[7], @t[1]
+___
+	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
+			 @x[6], @x[7], @y[2], @y[3], @t[2]);
+$code.=<<___;
+	pxor	@y[2], @y[0]
+	pxor	@y[3], @y[1]
+___
+	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[3]);
+$code.=<<___;
+	pxor	@t[0], @x[4]
+	pxor	@t[0], @x[6]
+	pxor	@t[1], @x[5]
+	pxor	@t[1], @x[7]
+___
+}
+sub Inv_GF256 {
+#;********************************************************************
+#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
+#;********************************************************************
+my @x=@_[0..7];
+my @t=@_[8..11];
+my @s=@_[12..15];
+# direct optimizations from hardware
+$code.=<<___;
+	movdqa	@x[4], @t[3]
+	movdqa	@x[5], @t[2]
+	movdqa	@x[1], @t[1]
+	movdqa	@x[7], @s[1]
+	movdqa	@x[0], @s[0]
+
+	pxor	@x[6], @t[3]
+	pxor	@x[7], @t[2]
+	pxor	@x[3], @t[1]
+	 movdqa	@t[3], @s[2]
+	pxor	@x[6], @s[1]
+	 movdqa	@t[2], @t[0]
+	pxor	@x[2], @s[0]
+	 movdqa	@t[3], @s[3]
+
+	por	@t[1], @t[2]
+	por	@s[0], @t[3]
+	pxor	@t[0], @s[3]
+	pand	@s[0], @s[2]
+	pxor	@t[1], @s[0]
+	pand	@t[1], @t[0]
+	pand	@s[0], @s[3]
+	movdqa	@x[3], @s[0]
+	pxor	@x[2], @s[0]
+	pand	@s[0], @s[1]
+	pxor	@s[1], @t[3]
+	pxor	@s[1], @t[2]
+	movdqa	@x[4], @s[1]
+	movdqa	@x[1], @s[0]
+	pxor	@x[5], @s[1]
+	pxor	@x[0], @s[0]
+	movdqa	@s[1], @t[1]
+	pand	@s[0], @s[1]
+	por	@s[0], @t[1]
+	pxor	@s[1], @t[0]
+	pxor	@s[3], @t[3]
+	pxor	@s[2], @t[2]
+	pxor	@s[3], @t[1]
+	movdqa	@x[7], @s[0]
+	pxor	@s[2], @t[0]
+	movdqa	@x[6], @s[1]
+	pxor	@s[2], @t[1]
+	movdqa	@x[5], @s[2]
+	pand	@x[3], @s[0]
+	movdqa	@x[4], @s[3]
+	pand	@x[2], @s[1]
+	pand	@x[1], @s[2]
+	por	@x[0], @s[3]
+	pxor	@s[0], @t[3]
+	pxor	@s[1], @t[2]
+	pxor	@s[2], @t[1]
+	pxor	@s[3], @t[0] 
+
+	#Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
+
+	# new smaller inversion
+
+	movdqa	@t[3], @s[0]
+	pand	@t[1], @t[3]
+	pxor	@t[2], @s[0]
+
+	movdqa	@t[0], @s[2]
+	movdqa	@s[0], @s[3]
+	pxor	@t[3], @s[2]
+	pand	@s[2], @s[3]
+
+	movdqa	@t[1], @s[1]
+	pxor	@t[2], @s[3]
+	pxor	@t[0], @s[1]
+
+	pxor	@t[2], @t[3]
+
+	pand	@t[3], @s[1]
+
+	movdqa	@s[2], @t[2]
+	pxor	@t[0], @s[1]
+
+	pxor	@s[1], @t[2]
+	pxor	@s[1], @t[1]
+
+	pand	@t[0], @t[2]
+
+	pxor	@t[2], @s[2]
+	pxor	@t[2], @t[1]
+
+	pand	@s[3], @s[2]
+
+	pxor	@s[0], @s[2]
+___
+# output in s3, s2, s1, t1
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
+
+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
+	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
+
+### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
+}
+
+# AES linear components
+
+sub ShiftRows {
+my @x=@_[0..7];
+my $mask=pop;
+$code.=<<___;
+	pxor	0x00($key),@x[0]
+	pxor	0x10($key),@x[1]
+	pxor	0x20($key),@x[2]
+	pxor	0x30($key),@x[3]
+	pshufb	$mask,@x[0]
+	pshufb	$mask,@x[1]
+	pxor	0x40($key),@x[4]
+	pxor	0x50($key),@x[5]
+	pshufb	$mask,@x[2]
+	pshufb	$mask,@x[3]
+	pxor	0x60($key),@x[6]
+	pxor	0x70($key),@x[7]
+	pshufb	$mask,@x[4]
+	pshufb	$mask,@x[5]
+	pshufb	$mask,@x[6]
+	pshufb	$mask,@x[7]
+	lea	0x80($key),$key
+___
+}
+
+sub MixColumns {
+# modified to emit output in order suitable for feeding back to aesenc[last]
+my @x=@_[0..7];
+my @t=@_[8..15];
+my $inv=@_[16];	# optional
+$code.=<<___;
+	pshufd	\$0x93, @x[0], @t[0]	# x0 <<< 32
+	pshufd	\$0x93, @x[1], @t[1]
+	 pxor	@t[0], @x[0]		# x0 ^ (x0 <<< 32)
+	pshufd	\$0x93, @x[2], @t[2]
+	 pxor	@t[1], @x[1]
+	pshufd	\$0x93, @x[3], @t[3]
+	 pxor	@t[2], @x[2]
+	pshufd	\$0x93, @x[4], @t[4]
+	 pxor	@t[3], @x[3]
+	pshufd	\$0x93, @x[5], @t[5]
+	 pxor	@t[4], @x[4]
+	pshufd	\$0x93, @x[6], @t[6]
+	 pxor	@t[5], @x[5]
+	pshufd	\$0x93, @x[7], @t[7]
+	 pxor	@t[6], @x[6]
+	 pxor	@t[7], @x[7]
+
+	pxor	@x[0], @t[1]
+	pxor	@x[7], @t[0]
+	pxor	@x[7], @t[1]
+	 pshufd	\$0x4E, @x[0], @x[0] 	# (x0 ^ (x0 <<< 32)) <<< 64)
+	pxor	@x[1], @t[2]
+	 pshufd	\$0x4E, @x[1], @x[1]
+	pxor	@x[4], @t[5]
+	 pxor	@t[0], @x[0]
+	pxor	@x[5], @t[6]
+	 pxor	@t[1], @x[1]
+	pxor	@x[3], @t[4]
+	 pshufd	\$0x4E, @x[4], @t[0]
+	pxor	@x[6], @t[7]
+	 pshufd	\$0x4E, @x[5], @t[1]
+	pxor	@x[2], @t[3]
+	 pshufd	\$0x4E, @x[3], @x[4]
+	pxor	@x[7], @t[3]
+	 pshufd	\$0x4E, @x[7], @x[5]
+	pxor	@x[7], @t[4]
+	 pshufd	\$0x4E, @x[6], @x[3]
+	pxor	@t[4], @t[0]
+	 pshufd	\$0x4E, @x[2], @x[6]
+	pxor	@t[5], @t[1]
+___
+$code.=<<___ if (!$inv);
+	pxor	@t[3], @x[4]
+	pxor	@t[7], @x[5]
+	pxor	@t[6], @x[3]
+	 movdqa	@t[0], @x[2]
+	pxor	@t[2], @x[6]
+	 movdqa	@t[1], @x[7]
+___
+$code.=<<___ if ($inv);
+	pxor	@x[4], @t[3]
+	pxor	@t[7], @x[5]
+	pxor	@x[3], @t[6]
+	 movdqa	@t[0], @x[3]
+	pxor	@t[2], @x[6]
+	 movdqa	@t[6], @x[2]
+	 movdqa	@t[1], @x[7]
+	 movdqa	@x[6], @x[4]
+	 movdqa	@t[3], @x[6]
+___
+}
+
+sub InvMixColumns_orig {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+$code.=<<___;
+	# multiplication by 0x0e
+	pshufd	\$0x93, @x[7], @t[7]
+	movdqa	@x[2], @t[2]
+	pxor	@x[5], @x[7]		# 7 5
+	pxor	@x[5], @x[2]		# 2 5
+	pshufd	\$0x93, @x[0], @t[0]
+	movdqa	@x[5], @t[5]
+	pxor	@x[0], @x[5]		# 5 0		[1]
+	pxor	@x[1], @x[0]		# 0 1
+	pshufd	\$0x93, @x[1], @t[1]
+	pxor	@x[2], @x[1]		# 1 25
+	pxor	@x[6], @x[0]		# 01 6		[2]
+	pxor	@x[3], @x[1]		# 125 3		[4]
+	pshufd	\$0x93, @x[3], @t[3]
+	pxor	@x[0], @x[2]		# 25 016	[3]
+	pxor	@x[7], @x[3]		# 3 75
+	pxor	@x[6], @x[7]		# 75 6		[0]
+	pshufd	\$0x93, @x[6], @t[6]
+	movdqa	@x[4], @t[4]
+	pxor	@x[4], @x[6]		# 6 4
+	pxor	@x[3], @x[4]		# 4 375		[6]
+	pxor	@x[7], @x[3]		# 375 756=36
+	pxor	@t[5], @x[6]		# 64 5		[7]
+	pxor	@t[2], @x[3]		# 36 2
+	pxor	@t[4], @x[3]		# 362 4		[5]
+	pshufd	\$0x93, @t[5], @t[5]
+___
+					my @y = @x[7,5,0,2,1,3,4,6];
+$code.=<<___;
+	# multiplication by 0x0b
+	pxor	@y[0], @y[1]
+	pxor	@t[0], @y[0]
+	pxor	@t[1], @y[1]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[5], @y[0]
+	pxor	@t[6], @y[1]
+	pxor	@t[7], @y[0]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[6], @t[7]		# clobber t[7]
+	pxor	@y[0], @y[1]
+
+	pxor	@t[0], @y[3]
+	pshufd	\$0x93, @t[0], @t[0]
+	pxor	@t[1], @y[2]
+	pxor	@t[1], @y[4]
+	pxor	@t[2], @y[2]
+	pshufd	\$0x93, @t[1], @t[1]
+	pxor	@t[2], @y[3]
+	pxor	@t[2], @y[5]
+	pxor	@t[7], @y[2]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[3], @y[3]
+	pxor	@t[3], @y[6]
+	pxor	@t[3], @y[4]
+	pshufd	\$0x93, @t[3], @t[3]
+	pxor	@t[4], @y[7]
+	pxor	@t[4], @y[5]
+	pxor	@t[7], @y[7]
+	pxor	@t[5], @y[3]
+	pxor	@t[4], @y[4]
+	pxor	@t[5], @t[7]		# clobber t[7] even more
+
+	pxor	@t[7], @y[5]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[7], @y[6]
+	pxor	@t[7], @y[4]
+
+	pxor	@t[5], @t[7]
+	pshufd	\$0x93, @t[5], @t[5]
+	pxor	@t[6], @t[7]		# restore t[7]
+
+	# multiplication by 0x0d
+	pxor	@y[7], @y[4]
+	pxor	@t[4], @y[7]
+	pshufd	\$0x93, @t[6], @t[6]
+	pxor	@t[0], @y[2]
+	pxor	@t[5], @y[7]
+	pxor	@t[2], @y[2]
+	pshufd	\$0x93, @t[7], @t[7]
+
+	pxor	@y[1], @y[3]
+	pxor	@t[1], @y[1]
+	pxor	@t[0], @y[0]
+	pxor	@t[0], @y[3]
+	pxor	@t[5], @y[1]
+	pxor	@t[5], @y[0]
+	pxor	@t[7], @y[1]
+	pshufd	\$0x93, @t[0], @t[0]
+	pxor	@t[6], @y[0]
+	pxor	@y[1], @y[3]
+	pxor	@t[1], @y[4]
+	pshufd	\$0x93, @t[1], @t[1]
+
+	pxor	@t[7], @y[7]
+	pxor	@t[2], @y[4]
+	pxor	@t[2], @y[5]
+	pshufd	\$0x93, @t[2], @t[2]
+	pxor	@t[6], @y[2]
+	pxor	@t[3], @t[6]		# clobber t[6]
+	pxor	@y[7], @y[4]
+	pxor	@t[6], @y[3]
+
+	pxor	@t[6], @y[6]
+	pxor	@t[5], @y[5]
+	pxor	@t[4], @y[6]
+	pshufd	\$0x93, @t[4], @t[4]
+	pxor	@t[6], @y[5]
+	pxor	@t[7], @y[6]
+	pxor	@t[3], @t[6]		# restore t[6]
+
+	pshufd	\$0x93, @t[5], @t[5]
+	pshufd	\$0x93, @t[6], @t[6]
+	pshufd	\$0x93, @t[7], @t[7]
+	pshufd	\$0x93, @t[3], @t[3]
+
+	# multiplication by 0x09
+	pxor	@y[1], @y[4]
+	pxor	@y[1], @t[1]		# t[1]=y[1]
+	pxor	@t[5], @t[0]		# clobber t[0]
+	pxor	@t[5], @t[1]
+	pxor	@t[0], @y[3]
+	pxor	@y[0], @t[0]		# t[0]=y[0]
+	pxor	@t[6], @t[1]
+	pxor	@t[7], @t[6]		# clobber t[6]
+	pxor	@t[1], @y[4]
+	pxor	@t[4], @y[7]
+	pxor	@y[4], @t[4]		# t[4]=y[4]
+	pxor	@t[3], @y[6]
+	pxor	@y[3], @t[3]		# t[3]=y[3]
+	pxor	@t[2], @y[5]
+	pxor	@y[2], @t[2]		# t[2]=y[2]
+	pxor	@t[7], @t[3]
+	pxor	@y[5], @t[5]		# t[5]=y[5]
+	pxor	@t[6], @t[2]
+	pxor	@t[6], @t[5]
+	pxor	@y[6], @t[6]		# t[6]=y[6]
+	pxor	@y[7], @t[7]		# t[7]=y[7]
+
+	movdqa	@t[0],@XMM[0]
+	movdqa	@t[1],@XMM[1]
+	movdqa	@t[2],@XMM[2]
+	movdqa	@t[3],@XMM[3]
+	movdqa	@t[4],@XMM[4]
+	movdqa	@t[5],@XMM[5]
+	movdqa	@t[6],@XMM[6]
+	movdqa	@t[7],@XMM[7]
+___
+}
+
+sub InvMixColumns {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+# Thanks to Jussi Kivilinna for providing pointer to
+#
+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
+
+$code.=<<___;
+	# multiplication by 0x05-0x00-0x04-0x00
+	pshufd	\$0x4E, @x[0], @t[0]
+	pshufd	\$0x4E, @x[6], @t[6]
+	pxor	@x[0], @t[0]
+	pshufd	\$0x4E, @x[7], @t[7]
+	pxor	@x[6], @t[6]
+	pshufd	\$0x4E, @x[1], @t[1]
+	pxor	@x[7], @t[7]
+	pshufd	\$0x4E, @x[2], @t[2]
+	pxor	@x[1], @t[1]
+	pshufd	\$0x4E, @x[3], @t[3]
+	pxor	@x[2], @t[2]
+	 pxor	@t[6], @x[0]
+	 pxor	@t[6], @x[1]
+	pshufd	\$0x4E, @x[4], @t[4]
+	pxor	@x[3], @t[3]
+	 pxor	@t[0], @x[2]
+	 pxor	@t[1], @x[3]
+	pshufd	\$0x4E, @x[5], @t[5]
+	pxor	@x[4], @t[4]
+	 pxor	@t[7], @x[1]
+	 pxor	@t[2], @x[4]
+	pxor	@x[5], @t[5]
+
+	 pxor	@t[7], @x[2]
+	 pxor	@t[6], @x[3]
+	 pxor	@t[6], @x[4]
+	 pxor	@t[3], @x[5]
+	 pxor	@t[4], @x[6]
+	 pxor	@t[7], @x[4]
+	 pxor	@t[7], @x[5]
+	 pxor	@t[5], @x[7]
+___
+	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
+}
+
+sub aesenc {				# not used
+my @b=@_[0..7];
+my @t=@_[8..15];
+$code.=<<___;
+	movdqa	0x30($const),@t[0]	# .LSR
+___
+	&ShiftRows	(@b,@t[0]);
+	&Sbox		(@b,@t);
+	&MixColumns	(@b[0,1,4,6,3,7,2,5],@t);
+}
+
+sub aesenclast {			# not used
+my @b=@_[0..7];
+my @t=@_[8..15];
+$code.=<<___;
+	movdqa	0x40($const),@t[0]	# .LSRM0
+___
+	&ShiftRows	(@b,@t[0]);
+	&Sbox		(@b,@t);
+$code.=<<___
+	pxor	0x00($key),@b[0]
+	pxor	0x10($key),@b[1]
+	pxor	0x20($key),@b[4]
+	pxor	0x30($key),@b[6]
+	pxor	0x40($key),@b[3]
+	pxor	0x50($key),@b[7]
+	pxor	0x60($key),@b[2]
+	pxor	0x70($key),@b[5]
+___
+}
+
+sub swapmove {
+my ($a,$b,$n,$mask,$t)=@_;
+$code.=<<___;
+	movdqa	$b,$t
+	psrlq	\$$n,$b
+	pxor  	$a,$b
+	pand	$mask,$b
+	pxor	$b,$a
+	psllq	\$$n,$b
+	pxor	$t,$b
+___
+}
+sub swapmove2x {
+my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
+$code.=<<___;
+	movdqa	$b0,$t0
+	psrlq	\$$n,$b0
+	 movdqa	$b1,$t1
+	 psrlq	\$$n,$b1
+	pxor  	$a0,$b0
+	 pxor  	$a1,$b1
+	pand	$mask,$b0
+	 pand	$mask,$b1
+	pxor	$b0,$a0
+	psllq	\$$n,$b0
+	 pxor	$b1,$a1
+	 psllq	\$$n,$b1
+	pxor	$t0,$b0
+	 pxor	$t1,$b1
+___
+}
+
+sub bitslice {
+my @x=reverse(@_[0..7]);
+my ($t0,$t1,$t2,$t3)=@_[8..11];
+$code.=<<___;
+	movdqa	0x00($const),$t0	# .LBS0
+	movdqa	0x10($const),$t1	# .LBS1
+___
+	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
+	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+$code.=<<___;
+	movdqa	0x20($const),$t0	# .LBS2
+___
+	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
+	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+
+	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
+	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
+}
+
+$code.=<<___;
+.text
+
+.extern	asm_AES_encrypt
+.extern	asm_AES_decrypt
+
+.type	_bsaes_encrypt8,\@abi-omnipotent
+.align	64
+_bsaes_encrypt8:
+	lea	.LBS0(%rip), $const	# constants table
+
+	movdqa	($key), @XMM[9]		# round 0 key
+	lea	0x10($key), $key
+	movdqa	0x50($const), @XMM[8]	# .LM0SR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+_bsaes_encrypt8_bitslice:
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	dec	$rounds
+	jmp	.Lenc_sbox
+.align	16
+.Lenc_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8]);
+$code.=".Lenc_sbox:\n";
+	&Sbox		(@XMM[0..7, 8..15]);
+$code.=<<___;
+	dec	$rounds
+	jl	.Lenc_done
+___
+	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
+$code.=<<___;
+	movdqa	0x30($const), @XMM[8]	# .LSR
+	jnz	.Lenc_loop
+	movdqa	0x40($const), @XMM[8]	# .LSRM0
+	jmp	.Lenc_loop
+.align	16
+.Lenc_done:
+___
+	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
+	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
+$code.=<<___;
+	movdqa	($key), @XMM[8]		# last round key
+	pxor	@XMM[8], @XMM[4]
+	pxor	@XMM[8], @XMM[6]
+	pxor	@XMM[8], @XMM[3]
+	pxor	@XMM[8], @XMM[7]
+	pxor	@XMM[8], @XMM[2]
+	pxor	@XMM[8], @XMM[5]
+	pxor	@XMM[8], @XMM[0]
+	pxor	@XMM[8], @XMM[1]
+	ret
+.size	_bsaes_encrypt8,.-_bsaes_encrypt8
+
+.type	_bsaes_decrypt8,\@abi-omnipotent
+.align	64
+_bsaes_decrypt8:
+	lea	.LBS0(%rip), $const	# constants table
+
+	movdqa	($key), @XMM[9]		# round 0 key
+	lea	0x10($key), $key
+	movdqa	-0x30($const), @XMM[8]	# .LM0ISR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+___
+	&bitslice	(@XMM[0..7, 8..11]);
+$code.=<<___;
+	dec	$rounds
+	jmp	.Ldec_sbox
+.align	16
+.Ldec_loop:
+___
+	&ShiftRows	(@XMM[0..7, 8]);
+$code.=".Ldec_sbox:\n";
+	&InvSbox	(@XMM[0..7, 8..15]);
+$code.=<<___;
+	dec	$rounds
+	jl	.Ldec_done
+___
+	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
+$code.=<<___;
+	movdqa	-0x10($const), @XMM[8]	# .LISR
+	jnz	.Ldec_loop
+	movdqa	-0x20($const), @XMM[8]	# .LISRM0
+	jmp	.Ldec_loop
+.align	16
+.Ldec_done:
+___
+	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
+$code.=<<___;
+	movdqa	($key), @XMM[8]		# last round key
+	pxor	@XMM[8], @XMM[6]
+	pxor	@XMM[8], @XMM[4]
+	pxor	@XMM[8], @XMM[2]
+	pxor	@XMM[8], @XMM[7]
+	pxor	@XMM[8], @XMM[3]
+	pxor	@XMM[8], @XMM[5]
+	pxor	@XMM[8], @XMM[0]
+	pxor	@XMM[8], @XMM[1]
+	ret
+.size	_bsaes_decrypt8,.-_bsaes_decrypt8
+___
+}
+{
+my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11");
+
+sub bitslice_key {
+my @x=reverse(@_[0..7]);
+my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
+
+	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
+$code.=<<___;
+	#&swapmove(@x[2,3],1,$t0,$t2,$t3);
+	movdqa	@x[0], @x[2]
+	movdqa	@x[1], @x[3]
+___
+	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
+
+	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
+$code.=<<___;
+	#&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
+	movdqa	@x[0], @x[4]
+	movdqa	@x[2], @x[6]
+	movdqa	@x[1], @x[5]
+	movdqa	@x[3], @x[7]
+___
+	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
+	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
+}
+
+$code.=<<___;
+.type	_bsaes_key_convert,\@abi-omnipotent
+.align	16
+_bsaes_key_convert:
+	lea	.Lmasks(%rip), $const
+	movdqu	($inp), %xmm7		# load round 0 key
+	lea	0x10($inp), $inp
+	movdqa	0x00($const), %xmm0	# 0x01...
+	movdqa	0x10($const), %xmm1	# 0x02...
+	movdqa	0x20($const), %xmm2	# 0x04...
+	movdqa	0x30($const), %xmm3	# 0x08...
+	movdqa	0x40($const), %xmm4	# .LM0
+	pcmpeqd	%xmm5, %xmm5		# .LNOT
+
+	movdqu	($inp), %xmm6		# load round 1 key
+	movdqa	%xmm7, ($out)		# save round 0 key
+	lea	0x10($out), $out
+	dec	$rounds
+	jmp	.Lkey_loop
+.align	16
+.Lkey_loop:
+	pshufb	%xmm4, %xmm6		# .LM0
+
+	movdqa	%xmm0,	%xmm8
+	movdqa	%xmm1,	%xmm9
+
+	pand	%xmm6,	%xmm8
+	pand	%xmm6,	%xmm9
+	movdqa	%xmm2,	%xmm10
+	pcmpeqb	%xmm0,	%xmm8
+	psllq	\$4,	%xmm0		# 0x10...
+	movdqa	%xmm3,	%xmm11
+	pcmpeqb	%xmm1,	%xmm9
+	psllq	\$4,	%xmm1		# 0x20...
+
+	pand	%xmm6,	%xmm10
+	pand	%xmm6,	%xmm11
+	movdqa	%xmm0,	%xmm12
+	pcmpeqb	%xmm2,	%xmm10
+	psllq	\$4,	%xmm2		# 0x40...
+	movdqa	%xmm1,	%xmm13
+	pcmpeqb	%xmm3,	%xmm11
+	psllq	\$4,	%xmm3		# 0x80...
+
+	movdqa	%xmm2,	%xmm14
+	movdqa	%xmm3,	%xmm15
+	 pxor	%xmm5,	%xmm8		# "pnot"
+	 pxor	%xmm5,	%xmm9
+
+	pand	%xmm6,	%xmm12
+	pand	%xmm6,	%xmm13
+	 movdqa	%xmm8, 0x00($out)	# write bit-sliced round key
+	pcmpeqb	%xmm0,	%xmm12
+	psrlq	\$4,	%xmm0		# 0x01...
+	 movdqa	%xmm9, 0x10($out)
+	pcmpeqb	%xmm1,	%xmm13
+	psrlq	\$4,	%xmm1		# 0x02...
+	 lea	0x10($inp), $inp
+
+	pand	%xmm6,	%xmm14
+	pand	%xmm6,	%xmm15
+	 movdqa	%xmm10, 0x20($out)
+	pcmpeqb	%xmm2,	%xmm14
+	psrlq	\$4,	%xmm2		# 0x04...
+	 movdqa	%xmm11, 0x30($out)
+	pcmpeqb	%xmm3,	%xmm15
+	psrlq	\$4,	%xmm3		# 0x08...
+	 movdqu	($inp), %xmm6		# load next round key
+
+	pxor	%xmm5, %xmm13		# "pnot"
+	pxor	%xmm5, %xmm14
+	movdqa	%xmm12, 0x40($out)
+	movdqa	%xmm13, 0x50($out)
+	movdqa	%xmm14, 0x60($out)
+	movdqa	%xmm15, 0x70($out)
+	lea	0x80($out),$out
+	dec	$rounds
+	jnz	.Lkey_loop
+
+	movdqa	0x50($const), %xmm7	# .L63
+	#movdqa	%xmm6, ($out)		# don't save last round key
+	ret
+.size	_bsaes_key_convert,.-_bsaes_key_convert
+___
+}
+
+if (0 && !$win64) {	# following four functions are unsupported interface
+			# used for benchmarking...
+$code.=<<___;
+.globl	bsaes_enc_key_convert
+.type	bsaes_enc_key_convert,\@function,2
+.align	16
+bsaes_enc_key_convert:
+	mov	240($inp),%r10d		# pass rounds
+	mov	$inp,%rcx		# pass key
+	mov	$out,%rax		# pass key schedule
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+	ret
+.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
+
+.globl	bsaes_encrypt_128
+.type	bsaes_encrypt_128,\@function,4
+.align	16
+bsaes_encrypt_128:
+.Lenc128_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	movdqu	0x60($inp), @XMM[6]
+	movdqu	0x70($inp), @XMM[7]
+	mov	$key, %rax		# pass the $key
+	lea	0x80($inp), $inp
+	mov	\$10,%r10d
+
+	call	_bsaes_encrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$0x80,$len
+	ja	.Lenc128_loop
+	ret
+.size	bsaes_encrypt_128,.-bsaes_encrypt_128
+
+.globl	bsaes_dec_key_convert
+.type	bsaes_dec_key_convert,\@function,2
+.align	16
+bsaes_dec_key_convert:
+	mov	240($inp),%r10d		# pass rounds
+	mov	$inp,%rcx		# pass key
+	mov	$out,%rax		# pass key schedule
+	call	_bsaes_key_convert
+	pxor	($out),%xmm7		# fix up round 0 key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,($out)
+	ret
+.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
+
+.globl	bsaes_decrypt_128
+.type	bsaes_decrypt_128,\@function,4
+.align	16
+bsaes_decrypt_128:
+.Ldec128_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	movdqu	0x60($inp), @XMM[6]
+	movdqu	0x70($inp), @XMM[7]
+	mov	$key, %rax		# pass the $key
+	lea	0x80($inp), $inp
+	mov	\$10,%r10d
+
+	call	_bsaes_decrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$0x80,$len
+	ja	.Ldec128_loop
+	ret
+.size	bsaes_decrypt_128,.-bsaes_decrypt_128
+___
+}
+{
+######################################################################
+#
+# OpenSSL interface
+#
+my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64	? ("%rcx","%rdx","%r8","%r9","%r10","%r11d")
+						: ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15");
+
+if ($ecb) {
+$code.=<<___;
+.globl	bsaes_ecb_encrypt_blocks
+.type	bsaes_ecb_encrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ecb_encrypt_blocks:
+	mov	%rsp, %rax
+.Lecb_enc_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
+	mov	%rsp,%rbp		# backup %rsp
+	mov	240($arg4),%eax		# rounds
+	mov	$arg1,$inp		# backup arguments
+	mov	$arg2,$out
+	mov	$arg3,$len
+	mov	$arg4,$key
+	cmp	\$8,$arg3
+	jb	.Lecb_enc_short
+
+	mov	%eax,%ebx		# backup rounds
+	shl	\$7,%rax		# 128 bytes per inner round key
+	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
+	sub	%rax,%rsp
+	mov	%rsp,%rax		# pass key schedule
+	mov	$key,%rcx		# pass key
+	mov	%ebx,%r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+
+	sub	\$8,$len
+.Lecb_enc_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%ebx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	lea	0x80($inp), $inp
+
+	call	_bsaes_encrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lecb_enc_loop
+
+	add	\$8,$len
+	jz	.Lecb_enc_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%ebx,%r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lecb_enc_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lecb_enc_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lecb_enc_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lecb_enc_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lecb_enc_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lecb_enc_six
+	movdqu	0x60($inp), @XMM[6]
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_six:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_five:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_four:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_three:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_two:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_one:
+	call	_bsaes_encrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	jmp	.Lecb_enc_done
+.align	16
+.Lecb_enc_short:
+	lea	($inp), $arg1
+	lea	($out), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt
+	lea	16($inp), $inp
+	lea	16($out), $out
+	dec	$len
+	jnz	.Lecb_enc_short
+
+.Lecb_enc_done:
+	lea	(%rsp),%rax
+	pxor	%xmm0, %xmm0
+.Lecb_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	jb	.Lecb_enc_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lecb_enc_epilogue:
+	ret
+.size	bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks
+
+.globl	bsaes_ecb_decrypt_blocks
+.type	bsaes_ecb_decrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ecb_decrypt_blocks:
+	mov	%rsp, %rax
+.Lecb_dec_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lecb_dec_body:
+___
+$code.=<<___;
+	mov	%rsp,%rbp		# backup %rsp
+	mov	240($arg4),%eax		# rounds
+	mov	$arg1,$inp		# backup arguments
+	mov	$arg2,$out
+	mov	$arg3,$len
+	mov	$arg4,$key
+	cmp	\$8,$arg3
+	jb	.Lecb_dec_short
+
+	mov	%eax,%ebx		# backup rounds
+	shl	\$7,%rax		# 128 bytes per inner round key
+	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
+	sub	%rax,%rsp
+	mov	%rsp,%rax		# pass key schedule
+	mov	$key,%rcx		# pass key
+	mov	%ebx,%r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp),%xmm7		# fix up 0 round key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,(%rsp)
+
+	sub	\$8,$len
+.Lecb_dec_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%ebx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	lea	0x80($inp), $inp
+
+	call	_bsaes_decrypt8
+
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lecb_dec_loop
+
+	add	\$8,$len
+	jz	.Lecb_dec_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%ebx,%r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lecb_dec_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lecb_dec_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lecb_dec_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lecb_dec_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lecb_dec_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lecb_dec_six
+	movdqu	0x60($inp), @XMM[6]
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_six:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_five:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_four:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_three:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_two:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_one:
+	call	_bsaes_decrypt8
+	movdqu	@XMM[0], 0x00($out)	# write output
+	jmp	.Lecb_dec_done
+.align	16
+.Lecb_dec_short:
+	lea	($inp), $arg1
+	lea	($out), $arg2
+	lea	($key), $arg3
+	call	asm_AES_decrypt
+	lea	16($inp), $inp
+	lea	16($out), $out
+	dec	$len
+	jnz	.Lecb_dec_short
+
+.Lecb_dec_done:
+	lea	(%rsp),%rax
+	pxor	%xmm0, %xmm0
+.Lecb_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	jb	.Lecb_dec_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lecb_dec_epilogue:
+	ret
+.size	bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks
+___
+}
+$code.=<<___;
+.extern	asm_AES_cbc_encrypt
+.globl	bsaes_cbc_encrypt
+.type	bsaes_cbc_encrypt,\@abi-omnipotent
+.align	16
+bsaes_cbc_encrypt:
+___
+$code.=<<___ if ($win64);
+	mov	48(%rsp),$arg6		# pull direction flag
+___
+$code.=<<___;
+	cmp	\$0,$arg6
+	jne	asm_AES_cbc_encrypt
+	cmp	\$128,$arg3
+	jb	asm_AES_cbc_encrypt
+
+	mov	%rsp, %rax
+.Lcbc_dec_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp), %rsp
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lcbc_dec_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+	mov	240($arg4), %eax	# rounds
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+	mov	$arg5, %rbx
+	shr	\$4, $len		# bytes to blocks
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp),%xmm7		# fix up 0 round key
+	movdqa	%xmm6,(%rax)		# save last round key
+	movdqa	%xmm7,(%rsp)
+
+	movdqu	(%rbx), @XMM[15]	# load IV
+	sub	\$8,$len
+.Lcbc_dec_loop:
+	movdqu	0x00($inp), @XMM[0]	# load input
+	movdqu	0x10($inp), @XMM[1]
+	movdqu	0x20($inp), @XMM[2]
+	movdqu	0x30($inp), @XMM[3]
+	movdqu	0x40($inp), @XMM[4]
+	movdqu	0x50($inp), @XMM[5]
+	mov	%rsp, %rax		# pass key schedule
+	movdqu	0x60($inp), @XMM[6]
+	mov	%edx,%r10d		# pass rounds
+	movdqu	0x70($inp), @XMM[7]
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+
+	call	_bsaes_decrypt8
+
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[12], @XMM[7]
+	movdqu	0x60($inp), @XMM[14]
+	pxor	@XMM[13], @XMM[3]
+	movdqu	0x70($inp), @XMM[15]	# IV
+	pxor	@XMM[14], @XMM[5]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x80($inp), $inp
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	sub	\$8,$len
+	jnc	.Lcbc_dec_loop
+
+	add	\$8,$len
+	jz	.Lcbc_dec_done
+
+	movdqu	0x00($inp), @XMM[0]	# load input
+	mov	%rsp, %rax		# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+	cmp	\$2,$len
+	jb	.Lcbc_dec_one
+	movdqu	0x10($inp), @XMM[1]
+	je	.Lcbc_dec_two
+	movdqu	0x20($inp), @XMM[2]
+	cmp	\$4,$len
+	jb	.Lcbc_dec_three
+	movdqu	0x30($inp), @XMM[3]
+	je	.Lcbc_dec_four
+	movdqu	0x40($inp), @XMM[4]
+	cmp	\$6,$len
+	jb	.Lcbc_dec_five
+	movdqu	0x50($inp), @XMM[5]
+	je	.Lcbc_dec_six
+	movdqu	0x60($inp), @XMM[6]
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[12], @XMM[7]
+	movdqu	0x60($inp), @XMM[15]	# IV
+	pxor	@XMM[13], @XMM[3]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_six:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[11], @XMM[2]
+	movdqu	0x50($inp), @XMM[15]	# IV
+	pxor	@XMM[12], @XMM[7]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_five:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	0x40($inp), @XMM[15]	# IV
+	pxor	@XMM[11], @XMM[2]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_four:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[9], @XMM[6]
+	movdqu	0x30($inp), @XMM[15]	# IV
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_three:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[8], @XMM[1]
+	movdqu	0x20($inp), @XMM[15]	# IV
+	pxor	@XMM[9], @XMM[6]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_two:
+	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
+	call	_bsaes_decrypt8
+	pxor	0x20(%rbp), @XMM[0]	# ^= IV
+	movdqu	0x00($inp), @XMM[8]	# re-load input
+	movdqu	0x10($inp), @XMM[15]	# IV
+	pxor	@XMM[8], @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_one:
+	lea	($inp), $arg1
+	lea	0x20(%rbp), $arg2	# buffer output
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[15]	# ^= IV
+	movdqu	@XMM[15], ($out)	# write output
+	movdqa	@XMM[0], @XMM[15]	# IV
+
+.Lcbc_dec_done:
+	movdqu	@XMM[15], (%rbx)	# return IV
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lcbc_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lcbc_dec_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lcbc_dec_epilogue:
+	ret
+.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+
+.globl	bsaes_ctr32_encrypt_blocks
+.type	bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
+.align	16
+bsaes_ctr32_encrypt_blocks:
+	mov	%rsp, %rax
+.Lctr_enc_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp), %rsp
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lctr_enc_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+	movdqu	($arg5), %xmm0		# load counter
+	mov	240($arg4), %eax	# rounds
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+	movdqa	%xmm0, 0x20(%rbp)	# copy counter
+	cmp	\$8, $arg3
+	jb	.Lctr_enc_short
+
+	mov	%eax, %ebx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%ebx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6,%xmm7		# fix up last round key
+	movdqa	%xmm7,(%rax)		# save last round key
+
+	movdqa	(%rsp), @XMM[9]		# load round0 key
+	lea	.LADD1(%rip), %r11
+	movdqa	0x20(%rbp), @XMM[0]	# counter copy
+	movdqa	-0x20(%r11), @XMM[8]	# .LSWPUP
+	pshufb	@XMM[8], @XMM[9]	# byte swap upper part
+	pshufb	@XMM[8], @XMM[0]
+	movdqa	@XMM[9], (%rsp)		# save adjusted round0 key
+	jmp	.Lctr_enc_loop
+.align	16
+.Lctr_enc_loop:
+	movdqa	@XMM[0], 0x20(%rbp)	# save counter
+	movdqa	@XMM[0], @XMM[1]	# prepare 8 counter values
+	movdqa	@XMM[0], @XMM[2]
+	paddd	0x00(%r11), @XMM[1]	# .LADD1
+	movdqa	@XMM[0], @XMM[3]
+	paddd	0x10(%r11), @XMM[2]	# .LADD2
+	movdqa	@XMM[0], @XMM[4]
+	paddd	0x20(%r11), @XMM[3]	# .LADD3
+	movdqa	@XMM[0], @XMM[5]
+	paddd	0x30(%r11), @XMM[4]	# .LADD4
+	movdqa	@XMM[0], @XMM[6]
+	paddd	0x40(%r11), @XMM[5]	# .LADD5
+	movdqa	@XMM[0], @XMM[7]
+	paddd	0x50(%r11), @XMM[6]	# .LADD6
+	paddd	0x60(%r11), @XMM[7]	# .LADD7
+
+	# Borrow prologue from _bsaes_encrypt8 to use the opportunity
+	# to flip byte order in 32-bit counter
+	movdqa	(%rsp), @XMM[9]		# round 0 key
+	lea	0x10(%rsp), %rax	# pass key schedule
+	movdqa	-0x10(%r11), @XMM[8]	# .LSWPUPM0SR
+	pxor	@XMM[9], @XMM[0]	# xor with round0 key
+	pxor	@XMM[9], @XMM[1]
+	pxor	@XMM[9], @XMM[2]
+	pxor	@XMM[9], @XMM[3]
+	 pshufb	@XMM[8], @XMM[0]
+	 pshufb	@XMM[8], @XMM[1]
+	pxor	@XMM[9], @XMM[4]
+	pxor	@XMM[9], @XMM[5]
+	 pshufb	@XMM[8], @XMM[2]
+	 pshufb	@XMM[8], @XMM[3]
+	pxor	@XMM[9], @XMM[6]
+	pxor	@XMM[9], @XMM[7]
+	 pshufb	@XMM[8], @XMM[4]
+	 pshufb	@XMM[8], @XMM[5]
+	 pshufb	@XMM[8], @XMM[6]
+	 pshufb	@XMM[8], @XMM[7]
+	lea	.LBS0(%rip), %r11	# constants table
+	mov	%ebx,%r10d		# pass rounds
+
+	call	_bsaes_encrypt8_bitslice
+
+	sub	\$8,$len
+	jc	.Lctr_enc_loop_done
+
+	movdqu	0x00($inp), @XMM[8]	# load input
+	movdqu	0x10($inp), @XMM[9]
+	movdqu	0x20($inp), @XMM[10]
+	movdqu	0x30($inp), @XMM[11]
+	movdqu	0x40($inp), @XMM[12]
+	movdqu	0x50($inp), @XMM[13]
+	movdqu	0x60($inp), @XMM[14]
+	movdqu	0x70($inp), @XMM[15]
+	lea	0x80($inp),$inp
+	pxor	@XMM[0], @XMM[8]
+	movdqa	0x20(%rbp), @XMM[0]	# load counter
+	pxor	@XMM[9], @XMM[1]
+	movdqu	@XMM[8], 0x00($out)	# write output
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	@XMM[11], @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	@XMM[12], @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	@XMM[13], @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	@XMM[14], @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	@XMM[15], @XMM[5]
+	movdqu	@XMM[2], 0x60($out)
+	lea	.LADD1(%rip), %r11
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+	paddd	0x70(%r11), @XMM[0]	# .LADD8
+	jnz	.Lctr_enc_loop
+
+	jmp	.Lctr_enc_done
+.align	16
+.Lctr_enc_loop_done:
+	add	\$8, $len
+	movdqu	0x00($inp), @XMM[8]	# load input
+	pxor	@XMM[8], @XMM[0]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	cmp	\$2,$len
+	jb	.Lctr_enc_done
+	movdqu	0x10($inp), @XMM[9]
+	pxor	@XMM[9], @XMM[1]
+	movdqu	@XMM[1], 0x10($out)
+	je	.Lctr_enc_done
+	movdqu	0x20($inp), @XMM[10]
+	pxor	@XMM[10], @XMM[4]
+	movdqu	@XMM[4], 0x20($out)
+	cmp	\$4,$len
+	jb	.Lctr_enc_done
+	movdqu	0x30($inp), @XMM[11]
+	pxor	@XMM[11], @XMM[6]
+	movdqu	@XMM[6], 0x30($out)
+	je	.Lctr_enc_done
+	movdqu	0x40($inp), @XMM[12]
+	pxor	@XMM[12], @XMM[3]
+	movdqu	@XMM[3], 0x40($out)
+	cmp	\$6,$len
+	jb	.Lctr_enc_done
+	movdqu	0x50($inp), @XMM[13]
+	pxor	@XMM[13], @XMM[7]
+	movdqu	@XMM[7], 0x50($out)
+	je	.Lctr_enc_done
+	movdqu	0x60($inp), @XMM[14]
+	pxor	@XMM[14], @XMM[2]
+	movdqu	@XMM[2], 0x60($out)
+	jmp	.Lctr_enc_done
+
+.align	16
+.Lctr_enc_short:
+	lea	0x20(%rbp), $arg1
+	lea	0x30(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt
+	movdqu	($inp), @XMM[1]
+	lea	16($inp), $inp
+	mov	0x2c(%rbp), %eax	# load 32-bit counter
+	bswap	%eax
+	pxor	0x30(%rbp), @XMM[1]
+	inc	%eax			# increment
+	movdqu	@XMM[1], ($out)
+	bswap	%eax
+	lea	16($out), $out
+	mov	%eax, 0x2c(%rsp)	# save 32-bit counter
+	dec	$len
+	jnz	.Lctr_enc_short
+
+.Lctr_enc_done:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lctr_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lctr_enc_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lctr_enc_epilogue:
+	ret
+.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+___
+######################################################################
+# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
+#	const AES_KEY *key1, const AES_KEY *key2,
+#	const unsigned char iv[16]);
+#
+my ($twmask,$twres,$twtmp)=@XMM[13..15];
+$arg6=~s/d$//;
+
+$code.=<<___;
+.globl	bsaes_xts_encrypt
+.type	bsaes_xts_encrypt,\@abi-omnipotent
+.align	16
+bsaes_xts_encrypt:
+	mov	%rsp, %rax
+.Lxts_enc_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp), %rsp
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull key2
+	mov	0xa8(%rsp),$arg6	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lxts_enc_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+
+	lea	($arg6), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($arg5), $arg3
+	call	asm_AES_encrypt		# generate initial tweak
+
+	mov	240($key), %eax		# rounds
+	mov	$len, %rbx		# backup $len
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	%xmm6, %xmm7		# fix up last round key
+	movdqa	%xmm7, (%rax)		# save last round key
+
+	and	\$-16, $len
+	sub	\$0x80, %rsp		# place for tweak[8]
+	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+
+	sub	\$0x80, $len
+	jc	.Lxts_enc_short
+	jmp	.Lxts_enc_loop
+
+.align	16
+.Lxts_enc_loop:
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqu	0x70($inp), @XMM[8+7]
+	lea	0x80($inp), $inp
+	movdqa	@XMM[7], 0x70(%rsp)
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	pxor	@XMM[8+7], @XMM[7]
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	0x60(%rsp), @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	0x70(%rsp), @XMM[5]
+	movdqu	@XMM[2], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+
+	sub	\$0x80,$len
+	jnc	.Lxts_enc_loop
+
+.Lxts_enc_short:
+	add	\$0x80, $len
+	jz	.Lxts_enc_done
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+	cmp	\$`0x10*$i`,$len
+	je	.Lxts_enc_$i
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqa	@XMM[7], 0x70(%rsp)
+	lea	0x70($inp), $inp
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	pxor	0x60(%rsp), @XMM[2]
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[2], 0x60($out)
+	lea	0x70($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_6:
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x60($inp), $inp
+	pxor	@XMM[8+5], @XMM[5]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[3], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	lea	0x60($out), $out
+
+	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_5:
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x50($inp), $inp
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	pxor	0x40(%rsp), @XMM[3]
+	movdqu	@XMM[6], 0x30($out)
+	movdqu	@XMM[3], 0x40($out)
+	lea	0x50($out), $out
+
+	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_4:
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x40($inp), $inp
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[6]
+	movdqu	@XMM[4], 0x20($out)
+	movdqu	@XMM[6], 0x30($out)
+	lea	0x40($out), $out
+
+	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_3:
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x30($inp), $inp
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[4]
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[4], 0x20($out)
+	lea	0x30($out), $out
+
+	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_2:
+	pxor	@XMM[8+0], @XMM[0]
+	lea	0x20($inp), $inp
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_encrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	lea	0x20($out), $out
+
+	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_enc_done
+.align	16
+.Lxts_enc_1:
+	pxor	@XMM[0], @XMM[8]
+	lea	0x10($inp), $inp
+	movdqa	@XMM[8], 0x20(%rbp)
+	lea	0x20(%rbp), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_encrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
+	#pxor	@XMM[8], @XMM[0]
+	#lea	0x80(%rsp), %rax	# pass key schedule
+	#mov	%edx, %r10d		# pass rounds
+	#call	_bsaes_encrypt8
+	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x10($out), $out
+
+	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
+
+.Lxts_enc_done:
+	and	\$15, %ebx
+	jz	.Lxts_enc_ret
+	mov	$out, %rdx
+
+.Lxts_enc_steal:
+	movzb	($inp), %eax
+	movzb	-16(%rdx), %ecx
+	lea	1($inp), $inp
+	mov	%al, -16(%rdx)
+	mov	%cl, 0(%rdx)
+	lea	1(%rdx), %rdx
+	sub	\$1,%ebx
+	jnz	.Lxts_enc_steal
+
+	movdqu	-16($out), @XMM[0]
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[7], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_encrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[7]
+	movdqu	@XMM[7], -16($out)
+
+.Lxts_enc_ret:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lxts_enc_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lxts_enc_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lxts_enc_epilogue:
+	ret
+.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+
+.globl	bsaes_xts_decrypt
+.type	bsaes_xts_decrypt,\@abi-omnipotent
+.align	16
+bsaes_xts_decrypt:
+	mov	%rsp, %rax
+.Lxts_dec_prologue:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	lea	-0x48(%rsp), %rsp
+___
+$code.=<<___ if ($win64);
+	mov	0xa0(%rsp),$arg5	# pull key2
+	mov	0xa8(%rsp),$arg6	# pull ivp
+	lea	-0xa0(%rsp), %rsp
+	movaps	%xmm6, 0x40(%rsp)
+	movaps	%xmm7, 0x50(%rsp)
+	movaps	%xmm8, 0x60(%rsp)
+	movaps	%xmm9, 0x70(%rsp)
+	movaps	%xmm10, 0x80(%rsp)
+	movaps	%xmm11, 0x90(%rsp)
+	movaps	%xmm12, 0xa0(%rsp)
+	movaps	%xmm13, 0xb0(%rsp)
+	movaps	%xmm14, 0xc0(%rsp)
+	movaps	%xmm15, 0xd0(%rsp)
+.Lxts_dec_body:
+___
+$code.=<<___;
+	mov	%rsp, %rbp		# backup %rsp
+	mov	$arg1, $inp		# backup arguments
+	mov	$arg2, $out
+	mov	$arg3, $len
+	mov	$arg4, $key
+
+	lea	($arg6), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($arg5), $arg3
+	call	asm_AES_encrypt		# generate initial tweak
+
+	mov	240($key), %eax		# rounds
+	mov	$len, %rbx		# backup $len
+
+	mov	%eax, %edx		# rounds
+	shl	\$7, %rax		# 128 bytes per inner round key
+	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
+	sub	%rax, %rsp
+
+	mov	%rsp, %rax		# pass key schedule
+	mov	$key, %rcx		# pass key
+	mov	%edx, %r10d		# pass rounds
+	call	_bsaes_key_convert
+	pxor	(%rsp), %xmm7		# fix up round 0 key
+	movdqa	%xmm6, (%rax)		# save last round key
+	movdqa	%xmm7, (%rsp)
+
+	xor	%eax, %eax		# if ($len%16) len-=16;
+	and	\$-16, $len
+	test	\$15, %ebx
+	setnz	%al
+	shl	\$4, %rax
+	sub	%rax, $len
+
+	sub	\$0x80, %rsp		# place for tweak[8]
+	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+
+	sub	\$0x80, $len
+	jc	.Lxts_dec_short
+	jmp	.Lxts_dec_loop
+
+.align	16
+.Lxts_dec_loop:
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqu	0x70($inp), @XMM[8+7]
+	lea	0x80($inp), $inp
+	movdqa	@XMM[7], 0x70(%rsp)
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	pxor	@XMM[8+7], @XMM[7]
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	pxor	0x60(%rsp), @XMM[3]
+	movdqu	@XMM[7], 0x50($out)
+	pxor	0x70(%rsp), @XMM[5]
+	movdqu	@XMM[3], 0x60($out)
+	movdqu	@XMM[5], 0x70($out)
+	lea	0x80($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+
+	sub	\$0x80,$len
+	jnc	.Lxts_dec_loop
+
+.Lxts_dec_short:
+	add	\$0x80, $len
+	jz	.Lxts_dec_done
+___
+    for ($i=0;$i<7;$i++) {
+    $code.=<<___;
+	pshufd	\$0x13, $twtmp, $twres
+	pxor	$twtmp, $twtmp
+	movdqa	@XMM[7], @XMM[$i]
+	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
+	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
+	pxor	$twres, @XMM[7]
+___
+    $code.=<<___ if ($i>=1);
+	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
+	cmp	\$`0x10*$i`,$len
+	je	.Lxts_dec_$i
+___
+    $code.=<<___ if ($i>=2);
+	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
+___
+    }
+$code.=<<___;
+	movdqu	0x60($inp), @XMM[8+6]
+	pxor	@XMM[8+5], @XMM[5]
+	movdqa	@XMM[7], 0x70(%rsp)
+	lea	0x70($inp), $inp
+	pxor	@XMM[8+6], @XMM[6]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	pxor	0x60(%rsp), @XMM[3]
+	movdqu	@XMM[7], 0x50($out)
+	movdqu	@XMM[3], 0x60($out)
+	lea	0x70($out), $out
+
+	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_6:
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x60($inp), $inp
+	pxor	@XMM[8+5], @XMM[5]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	pxor	0x50(%rsp), @XMM[7]
+	movdqu	@XMM[2], 0x40($out)
+	movdqu	@XMM[7], 0x50($out)
+	lea	0x60($out), $out
+
+	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_5:
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x50($inp), $inp
+	pxor	@XMM[8+4], @XMM[4]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	pxor	0x40(%rsp), @XMM[2]
+	movdqu	@XMM[4], 0x30($out)
+	movdqu	@XMM[2], 0x40($out)
+	lea	0x50($out), $out
+
+	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_4:
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x40($inp), $inp
+	pxor	@XMM[8+3], @XMM[3]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	pxor	0x30(%rsp), @XMM[4]
+	movdqu	@XMM[6], 0x20($out)
+	movdqu	@XMM[4], 0x30($out)
+	lea	0x40($out), $out
+
+	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_3:
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x30($inp), $inp
+	pxor	@XMM[8+2], @XMM[2]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	pxor	0x20(%rsp), @XMM[6]
+	movdqu	@XMM[1], 0x10($out)
+	movdqu	@XMM[6], 0x20($out)
+	lea	0x30($out), $out
+
+	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_2:
+	pxor	@XMM[8+0], @XMM[0]
+	lea	0x20($inp), $inp
+	pxor	@XMM[8+1], @XMM[1]
+	lea	0x80(%rsp), %rax	# pass key schedule
+	mov	%edx, %r10d		# pass rounds
+
+	call	_bsaes_decrypt8
+
+	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	pxor	0x10(%rsp), @XMM[1]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	movdqu	@XMM[1], 0x10($out)
+	lea	0x20($out), $out
+
+	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
+	jmp	.Lxts_dec_done
+.align	16
+.Lxts_dec_1:
+	pxor	@XMM[0], @XMM[8]
+	lea	0x10($inp), $inp
+	movdqa	@XMM[8], 0x20(%rbp)
+	lea	0x20(%rbp), $arg1
+	lea	0x20(%rbp), $arg2
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
+	#pxor	@XMM[8], @XMM[0]
+	#lea	0x80(%rsp), %rax	# pass key schedule
+	#mov	%edx, %r10d		# pass rounds
+	#call	_bsaes_decrypt8
+	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
+	movdqu	@XMM[0], 0x00($out)	# write output
+	lea	0x10($out), $out
+
+	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
+
+.Lxts_dec_done:
+	and	\$15, %ebx
+	jz	.Lxts_dec_ret
+
+	pxor	$twtmp, $twtmp
+	movdqa	.Lxts_magic(%rip), $twmask
+	pcmpgtd	@XMM[7], $twtmp
+	pshufd	\$0x13, $twtmp, $twres
+	movdqa	@XMM[7], @XMM[6]
+	paddq	@XMM[7], @XMM[7]	# psllq 1,$tweak
+	pand	$twmask, $twres		# isolate carry and residue
+	movdqu	($inp), @XMM[0]
+	pxor	$twres, @XMM[7]
+
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[7], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[7]
+	mov	$out, %rdx
+	movdqu	@XMM[7], ($out)
+
+.Lxts_dec_steal:
+	movzb	16($inp), %eax
+	movzb	(%rdx), %ecx
+	lea	1($inp), $inp
+	mov	%al, (%rdx)
+	mov	%cl, 16(%rdx)
+	lea	1(%rdx), %rdx
+	sub	\$1,%ebx
+	jnz	.Lxts_dec_steal
+
+	movdqu	($out), @XMM[0]
+	lea	0x20(%rbp), $arg1
+	pxor	@XMM[6], @XMM[0]
+	lea	0x20(%rbp), $arg2
+	movdqa	@XMM[0], 0x20(%rbp)
+	lea	($key), $arg3
+	call	asm_AES_decrypt		# doesn't touch %xmm
+	pxor	0x20(%rbp), @XMM[6]
+	movdqu	@XMM[6], ($out)
+
+.Lxts_dec_ret:
+	lea	(%rsp), %rax
+	pxor	%xmm0, %xmm0
+.Lxts_dec_bzero:			# wipe key schedule [if any]
+	movdqa	%xmm0, 0x00(%rax)
+	movdqa	%xmm0, 0x10(%rax)
+	lea	0x20(%rax), %rax
+	cmp	%rax, %rbp
+	ja	.Lxts_dec_bzero
+
+	lea	(%rbp),%rsp		# restore %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	0x40(%rbp), %xmm6
+	movaps	0x50(%rbp), %xmm7
+	movaps	0x60(%rbp), %xmm8
+	movaps	0x70(%rbp), %xmm9
+	movaps	0x80(%rbp), %xmm10
+	movaps	0x90(%rbp), %xmm11
+	movaps	0xa0(%rbp), %xmm12
+	movaps	0xb0(%rbp), %xmm13
+	movaps	0xc0(%rbp), %xmm14
+	movaps	0xd0(%rbp), %xmm15
+	lea	0xa0(%rbp), %rsp
+___
+$code.=<<___;
+	mov	0x48(%rsp), %r15
+	mov	0x50(%rsp), %r14
+	mov	0x58(%rsp), %r13
+	mov	0x60(%rsp), %r12
+	mov	0x68(%rsp), %rbx
+	mov	0x70(%rsp), %rax
+	lea	0x78(%rsp), %rsp
+	mov	%rax, %rbp
+.Lxts_dec_epilogue:
+	ret
+.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+___
+}
+$code.=<<___;
+.type	_bsaes_const,\@object
+.align	64
+_bsaes_const:
+.LM0ISR:	# InvShiftRows constants
+	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
+.LISRM0:
+	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
+.LISR:
+	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
+.LBS0:		# bit-slice constants
+	.quad	0x5555555555555555, 0x5555555555555555
+.LBS1:
+	.quad	0x3333333333333333, 0x3333333333333333
+.LBS2:
+	.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
+.LSR:		# shiftrows constants
+	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
+.LSRM0:
+	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
+.LM0SR:
+	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
+.LSWPUP:	# byte-swap upper dword
+	.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
+.LSWPUPM0SR:
+	.quad	0x0a0d02060c03070b, 0x0004080f05090e01
+.LADD1:		# counter increment constants
+	.quad	0x0000000000000000, 0x0000000100000000
+.LADD2:
+	.quad	0x0000000000000000, 0x0000000200000000
+.LADD3:
+	.quad	0x0000000000000000, 0x0000000300000000
+.LADD4:
+	.quad	0x0000000000000000, 0x0000000400000000
+.LADD5:
+	.quad	0x0000000000000000, 0x0000000500000000
+.LADD6:
+	.quad	0x0000000000000000, 0x0000000600000000
+.LADD7:
+	.quad	0x0000000000000000, 0x0000000700000000
+.LADD8:
+	.quad	0x0000000000000000, 0x0000000800000000
+.Lxts_magic:
+	.long	0x87,0,1,0
+.Lmasks:
+	.quad	0x0101010101010101, 0x0101010101010101
+	.quad	0x0202020202020202, 0x0202020202020202
+	.quad	0x0404040404040404, 0x0404040404040404
+	.quad	0x0808080808080808, 0x0808080808080808
+.LM0:
+	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
+.L63:
+	.quad	0x6363636363636363, 0x6363636363636363
+.asciz	"Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
+.align	64
+.size	_bsaes_const,.-_bsaes_const
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	160($context),%rax	# pull context->Rbp
+
+	lea	0x40(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xa0(%rax),%rax		# adjust stack pointer
+
+	mov	0x70(%rax),%rbp
+	mov	0x68(%rax),%rbx
+	mov	0x60(%rax),%r12
+	mov	0x58(%rax),%r13
+	mov	0x50(%rax),%r14
+	mov	0x48(%rax),%r15
+	lea	0x78(%rax),%rax		# adjust stack pointer
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	%rax,152($context)	# restore context->Rsp
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+___
+$code.=<<___ if ($ecb);
+	.rva	.Lecb_enc_prologue
+	.rva	.Lecb_enc_epilogue
+	.rva	.Lecb_enc_info
+
+	.rva	.Lecb_dec_prologue
+	.rva	.Lecb_dec_epilogue
+	.rva	.Lecb_dec_info
+___
+$code.=<<___;
+	.rva	.Lcbc_dec_prologue
+	.rva	.Lcbc_dec_epilogue
+	.rva	.Lcbc_dec_info
+
+	.rva	.Lctr_enc_prologue
+	.rva	.Lctr_enc_epilogue
+	.rva	.Lctr_enc_info
+
+	.rva	.Lxts_enc_prologue
+	.rva	.Lxts_enc_epilogue
+	.rva	.Lxts_enc_info
+
+	.rva	.Lxts_dec_prologue
+	.rva	.Lxts_dec_epilogue
+	.rva	.Lxts_dec_info
+
+.section	.xdata
+.align	8
+___
+$code.=<<___ if ($ecb);
+.Lecb_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lecb_enc_body,.Lecb_enc_epilogue	# HandlerData[]
+.Lecb_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lecb_dec_body,.Lecb_dec_epilogue	# HandlerData[]
+___
+$code.=<<___;
+.Lcbc_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lcbc_dec_body,.Lcbc_dec_epilogue	# HandlerData[]
+.Lctr_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lctr_enc_body,.Lctr_enc_epilogue	# HandlerData[]
+.Lxts_enc_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
+.Lxts_dec_info:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/vpaes-armv8.pl b/openssl-1.1.0h/crypto/aes/asm/vpaes-armv8.pl
new file mode 100755
index 0000000..d6b5f56
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/vpaes-armv8.pl
@@ -0,0 +1,1259 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+##
+######################################################################
+# ARMv8 NEON adaptation by <appro@openssl.org>
+#
+# Reason for undertaken effort is that there is at least one popular
+# SoC based on Cortex-A53 that doesn't have crypto extensions.
+#
+#                   CBC enc     ECB enc/dec(*)   [bit-sliced enc/dec]
+# Cortex-A53        21.5        18.1/20.6        [17.5/19.8         ]
+# Cortex-A57        36.0(**)    20.4/24.9(**)    [14.4/16.6         ]
+# X-Gene            45.9(**)    45.8/57.7(**)    [33.1/37.6(**)     ]
+# Denver(***)       16.6(**)    15.1/17.8(**)    [8.80/9.93         ]
+# Apple A7(***)     22.7(**)    10.9/14.3        [8.45/10.0         ]
+# Mongoose(***)     26.3(**)    21.0/25.0(**)    [13.3/16.8         ]
+#
+# (*)	ECB denotes approximate result for parallelizeable modes
+#	such as CBC decrypt, CTR, etc.;
+# (**)	these results are worse than scalar compiler-generated
+#	code, but it's constant-time and therefore preferred;
+# (***)	presented for reference/comparison purposes;
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+.text
+
+.type	_vpaes_consts,%object
+.align	7	// totally strategic alignment
+_vpaes_consts:
+.Lk_mc_forward:	// mc_forward
+	.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+	.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+	.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+	.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+.Lk_mc_backward:// mc_backward
+	.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+	.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+	.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+	.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+.Lk_sr:		// sr
+	.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+	.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+	.quad	0x0F060D040B020900, 0x070E050C030A0108
+	.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+//
+// "Hot" constants
+//
+.Lk_inv:	// inv, inva
+	.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+	.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+.Lk_ipt:	// input transform (lo, hi)
+	.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+	.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+.Lk_sbo:	// sbou, sbot
+	.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+	.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+.Lk_sb1:	// sb1u, sb1t
+	.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+	.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+.Lk_sb2:	// sb2u, sb2t
+	.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+	.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+
+//
+//  Decryption stuff
+//
+.Lk_dipt:	// decryption input transform
+	.quad	0x0F505B040B545F00, 0x154A411E114E451A
+	.quad	0x86E383E660056500, 0x12771772F491F194
+.Lk_dsbo:	// decryption sbox final output
+	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.Lk_dsb9:	// decryption sbox output *9*u, *9*t
+	.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+	.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:	// decryption sbox output *D*u, *D*t
+	.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+	.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:	// decryption sbox output *B*u, *B*t
+	.quad	0xD022649296B44200, 0x602646F6B0F2D404
+	.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:	// decryption sbox output *E*u, *E*t
+	.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+	.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+
+//
+//  Key schedule constants
+//
+.Lk_dksd:	// decryption key schedule: invskew x*D
+	.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+	.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:	// decryption key schedule: invskew x*B
+	.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+	.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:	// decryption key schedule: invskew x*E + 0x63
+	.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+	.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:	// decryption key schedule: invskew x*9
+	.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+	.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+.Lk_rcon:	// rcon
+	.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_opt:	// output transform
+	.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+	.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+.Lk_deskew:	// deskew tables: inverts the sbox's "skew"
+	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+.asciz  "Vector Permutaion AES for ARMv8, Mike Hamburg (Stanford University)"
+.size	_vpaes_consts,.-_vpaes_consts
+.align	6
+___
+
+{
+my ($inp,$out,$key) = map("x$_",(0..2));
+
+my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_.16b",(18..23));
+my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_.16b",(24..27));
+my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_.16b",(24..31));
+
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.type	_vpaes_encrypt_preheat,%function
+.align	4
+_vpaes_encrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	ld1	{v18.2d-v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d-v23.2d}, [x10],#64	// .Lk_ipt, .Lk_sbo
+	ld1	{v24.2d-v27.2d}, [x10]		// .Lk_sb1, .Lk_sb2
+	ret
+.size	_vpaes_encrypt_preheat,.-_vpaes_encrypt_preheat
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
+##  Preserves %xmm6 - %xmm8 so you get some local vectors
+##
+##
+.type	_vpaes_encrypt_core,%function
+.align 4
+_vpaes_encrypt_core:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	tbl	v1.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	eor	v0.16b, v1.16b, v16.16b		// vpxor	%xmm5,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Lenc_entry
+
+.align 4
+.Lenc_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b, {$sb1t}, v2.16b		// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b, {$sb1u}, v3.16b		// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	tbl	v5.16b,	{$sb2t}, v2.16b		// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v2.16b, {$sb2u}, v3.16b		// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	eor	v2.16b, v2.16b, v5.16b		// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	tbl	v0.16b, {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	tbl	v4.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	eor	v0.16b, v0.16b, v3.16b		// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	and	x11, x11, #~(1<<6)		// and		\$0x30,	%r11		# ... mod 4
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	sub	w8, w8, #1			// nr--
+
+.Lenc_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v5.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	eor	v3.16b, v3.16b, v5.16b		// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v5.16b		// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	tbl	v3.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b, {$sbou}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b, {$sbot}, v3.16b		// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+
+.globl	vpaes_encrypt
+.type	vpaes_encrypt,%function
+.align	4
+vpaes_encrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [$inp]
+	bl	_vpaes_encrypt_preheat
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out]
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_encrypt,.-vpaes_encrypt
+
+.type	_vpaes_encrypt_2x,%function
+.align 4
+_vpaes_encrypt_2x:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b,  v14.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b,  #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	 and	v9.16b,  v15.16b,  v17.16b
+	 ushr	v8.16b,  v15.16b,  #4
+	tbl	v1.16b,  {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+	 tbl	v9.16b,  {$iptlo}, v9.16b
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b,  {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	 tbl	v10.16b, {$ipthi}, v8.16b
+	eor	v0.16b,  v1.16b,   v16.16b	// vpxor	%xmm5,	%xmm1,	%xmm0
+	 eor	v8.16b,  v9.16b,   v16.16b
+	eor	v0.16b,  v0.16b,   v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	 eor	v8.16b,  v8.16b,   v10.16b
+	b	.Lenc_2x_entry
+
+.align 4
+.Lenc_2x_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b,  {$sb1t}, v2.16b	// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	 tbl	v12.16b, {$sb1t}, v10.16b
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b,  {$sb1u}, v3.16b	// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	 tbl	v8.16b,  {$sb1u}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	tbl	v5.16b,	 {$sb2t}, v2.16b	// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	 tbl	v13.16b, {$sb2t}, v10.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	 eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v2.16b,  {$sb2u}, v3.16b	// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	 tbl	v10.16b, {$sb2u}, v11.16b
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b,  {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	 tbl	v11.16b, {v8.16b}, v1.16b
+	eor	v2.16b,  v2.16b,  v5.16b	// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	 eor	v10.16b, v10.16b, v13.16b
+	tbl	v0.16b,  {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	 tbl	v8.16b,  {v8.16b}, v4.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	 eor	v11.16b, v11.16b, v10.16b
+	tbl	v4.16b,  {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	 tbl	v12.16b, {v11.16b},v1.16b
+	eor	v0.16b,  v0.16b,  v3.16b	// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	 eor	v8.16b,  v8.16b,  v11.16b
+	and	x11, x11, #~(1<<6)		// and		\$0x30,	%r11		# ... mod 4
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	 eor	v8.16b,  v8.16b,  v12.16b
+	sub	w8, w8, #1			// nr--
+
+.Lenc_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b, v17.16b	// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b,  v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	 and	v9.16b,  v8.16b, v17.16b
+	 ushr	v8.16b,  v8.16b, #4
+	tbl	v5.16b,  {$invhi},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	 tbl	v13.16b, {$invhi},v9.16b
+	eor	v1.16b,  v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	 eor	v9.16b,  v9.16b,  v8.16b
+	tbl	v3.16b,  {$invlo},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	 tbl	v11.16b, {$invlo},v8.16b
+	tbl	v4.16b,  {$invlo},v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	 tbl	v12.16b, {$invlo},v9.16b
+	eor	v3.16b,  v3.16b,  v5.16b	// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	 eor	v11.16b, v11.16b, v13.16b
+	eor	v4.16b,  v4.16b,  v5.16b	// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	 eor	v12.16b, v12.16b, v13.16b
+	tbl	v2.16b,  {$invlo},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	 tbl	v10.16b, {$invlo},v11.16b
+	tbl	v3.16b,  {$invlo},v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	 tbl	v11.16b, {$invlo},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	 eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	 eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_2x_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b,  {$sbou}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	 tbl	v12.16b, {$sbou}, v10.16b
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b,  {$sbot}, v3.16b	// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	 tbl	v8.16b,  {$sbot}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	 eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	 tbl	v1.16b,  {v8.16b},v1.16b
+	ret
+.size	_vpaes_encrypt_2x,.-_vpaes_encrypt_2x
+
+.type	_vpaes_decrypt_preheat,%function
+.align	4
+_vpaes_decrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	adr	x11, .Lk_dipt
+	ld1	{v18.2d-v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d-v23.2d}, [x11],#64	// .Lk_dipt, .Lk_dsbo
+	ld1	{v24.2d-v27.2d}, [x11],#64	// .Lk_dsb9, .Lk_dsbd
+	ld1	{v28.2d-v31.2d}, [x11]		// .Lk_dsbb, .Lk_dsbe
+	ret
+.size	_vpaes_decrypt_preheat,.-_vpaes_decrypt_preheat
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.type	_vpaes_decrypt_core,%function
+.align	4
+_vpaes_decrypt_core:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	\$4, %r11
+	eor	x11, x11, #0x30			// xor		\$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		\$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	tbl	v2.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v2.16b, v2.16b, v16.16b		// vpxor	%xmm4,	%xmm2,	%xmm2
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Ldec_entry
+
+.align 4
+.Ldec_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b, {$sb9u}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	tbl	v1.16b, {$sb9t}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	eor	v0.16b, v4.16b, v16.16b		// vpxor	%xmm4,	%xmm0,	%xmm0
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b, {$sbdu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	tbl 	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbdt}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b, {$sbbu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbbt}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b, {$sbeu}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {$sbet}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	ext	v5.16b, v5.16b, v5.16b, #12	// vpalignr \$12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	sub	w8, w8, #1			// sub		\$1,%rax			# nr--
+
+.Ldec_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v2.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	eor	v1.16b,	v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	tbl	v3.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b, {$sbou}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	tbl	v1.16b, {$sbot}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+.globl	vpaes_decrypt
+.type	vpaes_decrypt,%function
+.align	4
+vpaes_decrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [$inp]
+	bl	_vpaes_decrypt_preheat
+	bl	_vpaes_decrypt_core
+	st1	{v0.16b}, [$out]
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_decrypt,.-vpaes_decrypt
+
+// v14-v15 input, v0-v1 output
+.type	_vpaes_decrypt_2x,%function
+.align	4
+_vpaes_decrypt_2x:
+	mov	x9, $key
+	ldr	w8, [$key,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	\$4, %r11
+	eor	x11, x11, #0x30			// xor		\$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		\$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b,  v14.16b, v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+	 and	v9.16b,  v15.16b, v17.16b
+	 ushr	v8.16b,  v15.16b, #4
+	tbl	v2.16b,  {$iptlo},v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	 tbl	v10.16b, {$iptlo},v9.16b
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b,  {$ipthi},v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	 tbl	v8.16b,  {$ipthi},v8.16b
+	eor	v2.16b,  v2.16b,  v16.16b	// vpxor	%xmm4,	%xmm2,	%xmm2
+	 eor	v10.16b, v10.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	 eor	v8.16b,  v8.16b,  v10.16b
+	b	.Ldec_2x_entry
+
+.align 4
+.Ldec_2x_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b,  {$sb9u}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	 tbl	v12.16b, {$sb9u}, v10.16b
+	tbl	v1.16b,  {$sb9t}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	 tbl	v9.16b,  {$sb9t}, v11.16b
+	eor	v0.16b,  v4.16b,  v16.16b	// vpxor	%xmm4,	%xmm0,	%xmm0
+	 eor	v8.16b,  v12.16b, v16.16b
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b,  {$sbdu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	 tbl	v12.16b, {$sbdu}, v10.16b
+	tbl 	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl 	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbdt}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	 tbl	v9.16b,  {$sbdt}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b,  {$sbbu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	 tbl	v12.16b, {$sbbu}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbbt}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	 tbl	v9.16b,  {$sbbt}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b,  {$sbeu}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	 tbl	v12.16b, {$sbeu}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	 tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {$sbet}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	 tbl	v9.16b,  {$sbet}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	 eor	v8.16b,  v8.16b,  v12.16b
+	ext	v5.16b,  v5.16b,  v5.16b, #12	// vpalignr \$12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	 eor	v8.16b,  v8.16b,  v9.16b
+	sub	w8, w8, #1			// sub		\$1,%rax			# nr--
+
+.Ldec_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b,  v0.16b,  #4		// vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	 and	v9.16b,  v8.16b,  v17.16b
+	 ushr	v8.16b,  v8.16b,  #4
+	tbl	v2.16b,  {$invhi},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	 tbl	v10.16b, {$invhi},v9.16b
+	eor	v1.16b,	 v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	 eor	v9.16b,	 v9.16b,  v8.16b
+	tbl	v3.16b,  {$invlo},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	 tbl	v11.16b, {$invlo},v8.16b
+	tbl	v4.16b,  {$invlo},v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	 tbl	v12.16b, {$invlo},v9.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	 eor	v11.16b, v11.16b, v10.16b
+	eor	v4.16b,  v4.16b,  v2.16b	// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	 eor	v12.16b, v12.16b, v10.16b
+	tbl	v2.16b,  {$invlo},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	 tbl	v10.16b, {$invlo},v11.16b
+	tbl	v3.16b,  {$invlo},v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	 tbl	v11.16b, {$invlo},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	 eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	 eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_2x_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b,  {$sbou}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	 tbl	v12.16b, {$sbou}, v10.16b
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	tbl	v1.16b,  {$sbot}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	 tbl	v9.16b,  {$sbot}, v11.16b
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	 eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v1.16b,  v4.16b	// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	 eor	v8.16b,  v9.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	 tbl	v1.16b,  {v8.16b},v2.16b
+	ret
+.size	_vpaes_decrypt_2x,.-_vpaes_decrypt_2x
+___
+}
+{
+my ($inp,$bits,$out,$dir)=("x0","w1","x2","w3");
+my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_.16b",(18..21,8));
+
+$code.=<<___;
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.type	_vpaes_key_preheat,%function
+.align	4
+_vpaes_key_preheat:
+	adr	x10, .Lk_inv
+	movi	v16.16b, #0x5b			// .Lk_s63
+	adr	x11, .Lk_sb1
+	movi	v17.16b, #0x0f			// .Lk_s0F
+	ld1	{v18.2d-v21.2d}, [x10]		// .Lk_inv, .Lk_ipt
+	adr	x10, .Lk_dksd
+	ld1	{v22.2d-v23.2d}, [x11]		// .Lk_sb1
+	adr	x11, .Lk_mc_forward
+	ld1	{v24.2d-v27.2d}, [x10],#64	// .Lk_dksd, .Lk_dksb
+	ld1	{v28.2d-v31.2d}, [x10],#64	// .Lk_dkse, .Lk_dks9
+	ld1	{v8.2d}, [x10]			// .Lk_rcon
+	ld1	{v9.2d}, [x11]			// .Lk_mc_forward[0]
+	ret
+.size	_vpaes_key_preheat,.-_vpaes_key_preheat
+
+.type	_vpaes_schedule_core,%function
+.align	4
+_vpaes_schedule_core:
+	stp	x29, x30, [sp,#-16]!
+	add	x29,sp,#0
+
+	bl	_vpaes_key_preheat		// load the tables
+
+	ld1	{v0.16b}, [$inp],#16		// vmovdqu	(%rdi),	%xmm0		# load key (unaligned)
+
+	// input transform
+	mov	v3.16b, v0.16b			// vmovdqa	%xmm0,	%xmm3
+	bl	_vpaes_schedule_transform
+	mov	v7.16b, v0.16b			// vmovdqa	%xmm0,	%xmm7
+
+	adr	x10, .Lk_sr			// lea	.Lk_sr(%rip),%r10
+	add	x8, x8, x10
+	cbnz	$dir, .Lschedule_am_decrypting
+
+	// encrypting, output zeroth round key after transform
+	st1	{v0.2d}, [$out]			// vmovdqu	%xmm0,	(%rdx)
+	b	.Lschedule_go
+
+.Lschedule_am_decrypting:
+	// decrypting, output zeroth round key after shiftrows
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb  %xmm1,	%xmm3,	%xmm3
+	st1	{v3.2d}, [$out]			// vmovdqu	%xmm3,	(%rdx)
+	eor	x8, x8, #0x30			// xor	\$0x30, %r8
+
+.Lschedule_go:
+	cmp	$bits, #192			// cmp	\$192,	%esi
+	b.hi	.Lschedule_256
+	b.eq	.Lschedule_192
+	// 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+.Lschedule_128:
+	mov	$inp, #10			// mov	\$10, %esi
+
+.Loop_schedule_128:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl 	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// write output
+	b 	.Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	4
+.Lschedule_192:
+	sub	$inp, $inp, #8
+	ld1	{v0.16b}, [$inp]		// vmovdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save short part
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4, %xmm4	# clear 4
+	ins	v6.d[0], v4.d[0]		// vmovhlps	%xmm4,	%xmm6,	%xmm6		# clobber low side with zeros
+	mov	$inp, #4			// mov	\$4,	%esi
+
+.Loop_schedule_192:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl	_vpaes_schedule_round
+	ext	v0.16b, v6.16b, v0.16b, #8	// vpalignr	\$8,%xmm6,%xmm0,%xmm0
+	bl	_vpaes_schedule_mangle		// save key n
+	bl	_vpaes_schedule_192_smear
+	bl	_vpaes_schedule_mangle		// save key n+1
+	bl	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// save key n+2
+	bl	_vpaes_schedule_192_smear
+	b	.Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	4
+.Lschedule_256:
+	ld1	{v0.16b}, [$inp]		// vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	$inp, #7			// mov	\$7, %esi
+	
+.Loop_schedule_256:
+	sub	$inp, $inp, #1			// dec	%esi
+	bl	_vpaes_schedule_mangle		// output low result
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	// high round
+	bl	_vpaes_schedule_round
+	cbz 	$inp, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle	
+
+	// low round. swap xmm7 and xmm6
+	dup	v0.4s, v0.s[3]			// vpshufd	\$0xFF,	%xmm0,	%xmm0
+	movi	v4.16b, #0
+	mov	v5.16b, v7.16b			// vmovdqa	%xmm7,	%xmm5
+	mov	v7.16b, v6.16b			// vmovdqa	%xmm6,	%xmm7
+	bl	_vpaes_schedule_low_round
+	mov	v7.16b, v5.16b			// vmovdqa	%xmm5,	%xmm7
+	
+	b	.Loop_schedule_256
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	4
+.Lschedule_mangle_last:
+	// schedule last round key from xmm0
+	adr	x11, .Lk_deskew			// lea	.Lk_deskew(%rip),%r11	# prepare to deskew
+	cbnz	$dir, .Lschedule_mangle_last_dec
+
+	// encrypting
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),%xmm1
+	adr	x11, .Lk_opt			// lea	.Lk_opt(%rip),	%r11		# prepare to output transform
+	add	$out, $out, #32			// add	\$32,	%rdx
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0		# output permute
+
+.Lschedule_mangle_last_dec:
+	ld1	{v20.2d-v21.2d}, [x11]		// reload constants
+	sub	$out, $out, #16			// add	\$-16,	%rdx 
+	eor	v0.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	// output transform
+	st1	{v0.2d}, [$out]			// vmovdqu	%xmm0,	(%rdx)		# save last key
+
+	// cleanup
+	eor	v0.16b, v0.16b, v0.16b		// vpxor	%xmm0,	%xmm0,	%xmm0
+	eor	v1.16b, v1.16b, v1.16b		// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v2.16b, v2.16b, v2.16b		// vpxor	%xmm2,	%xmm2,	%xmm2
+	eor	v3.16b, v3.16b, v3.16b		// vpxor	%xmm3,	%xmm3,	%xmm3
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4,	%xmm4
+	eor	v5.16b, v5.16b, v5.16b		// vpxor	%xmm5,	%xmm5,	%xmm5
+	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
+	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
+	ldp	x29, x30, [sp],#16
+	ret
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.type	_vpaes_schedule_192_smear,%function
+.align	4
+_vpaes_schedule_192_smear:
+	movi	v1.16b, #0
+	dup	v0.4s, v7.s[3]
+	ins	v1.s[3], v6.s[2]	// vpshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	ins	v0.s[0], v7.s[2]	// vpshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	eor	v6.16b, v6.16b, v1.16b	// vpxor	%xmm1,	%xmm6,	%xmm6	# -> c+d c 0 0
+	eor	v1.16b, v1.16b, v1.16b	// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v6.16b, v6.16b, v0.16b	// vpxor	%xmm0,	%xmm6,	%xmm6	# -> b+c+d b+c b a
+	mov	v0.16b, v6.16b		// vmovdqa	%xmm6,	%xmm0
+	ins	v6.d[0], v1.d[0]	// vmovhlps	%xmm1,	%xmm6,	%xmm6	# clobber low side with zeros
+	ret
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.type	_vpaes_schedule_round,%function
+.align	4
+_vpaes_schedule_round:
+	// extract rcon from xmm8
+	movi	v4.16b, #0			// vpxor	%xmm4,	%xmm4,	%xmm4
+	ext	v1.16b, $rcon, v4.16b, #15	// vpalignr	\$15,	%xmm8,	%xmm4,	%xmm1
+	ext	$rcon, $rcon, $rcon, #15	// vpalignr	\$15,	%xmm8,	%xmm8,	%xmm8
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+
+	// rotate
+	dup	v0.4s, v0.s[3]			// vpshufd	\$0xFF,	%xmm0,	%xmm0
+	ext	v0.16b, v0.16b, v0.16b, #1	// vpalignr	\$1,	%xmm0,	%xmm0,	%xmm0
+
+	// fall through...
+
+	// low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	// smear xmm7
+	ext	v1.16b, v4.16b, v7.16b, #12	// vpslldq	\$4,	%xmm7,	%xmm1
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+	ext	v4.16b, v4.16b, v7.16b, #8	// vpslldq	\$8,	%xmm7,	%xmm4
+
+	// subbytes
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1		# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0		# 1 = i
+	 eor	v7.16b, v7.16b, v4.16b		// vpxor	%xmm4,	%xmm7,	%xmm7
+	tbl	v2.16b, {$invhi}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2		# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1		# 0 = j
+	tbl	v3.16b, {$invlo}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3		# 3 = 1/i
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3		# 3 = iak = 1/i + a/k
+	tbl	v4.16b, {$invlo}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4		# 4 = 1/j
+	 eor	v7.16b, v7.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm7,	%xmm7
+	tbl	v3.16b, {$invlo}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm3		# 2 = 1/iak
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm4		# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {$invlo}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm2		# 3 = 1/jak
+	eor	v3.16b, v3.16b, v1.16b		// vpxor	%xmm1,	%xmm3,	%xmm3		# 2 = io
+	eor	v2.16b, v2.16b, v0.16b		// vpxor	%xmm0,	%xmm2,	%xmm2		# 3 = jo
+	tbl	v4.16b, {v23.16b}, v3.16b	// vpshufb	%xmm3,	%xmm13,	%xmm4		# 4 = sbou
+	tbl	v1.16b, {v22.16b}, v2.16b	// vpshufb	%xmm2,	%xmm12,	%xmm1		# 0 = sb1t
+	eor	v1.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm1		# 0 = sbox output
+
+	// add in smeared stuff
+	eor	v0.16b, v1.16b, v7.16b		// vpxor	%xmm7,	%xmm1,	%xmm0
+	eor	v7.16b, v1.16b, v7.16b		// vmovdqa	%xmm0,	%xmm7
+	ret
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+.type	_vpaes_schedule_transform,%function
+.align	4
+_vpaes_schedule_transform:
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	\$4,	%xmm0,	%xmm0
+						// vmovdqa	(%r11),	%xmm2 	# lo
+	tbl	v2.16b, {$iptlo}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+						// vmovdqa	16(%r11),	%xmm1 # hi
+	tbl	v0.16b, {$ipthi}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.type	_vpaes_schedule_mangle,%function
+.align	4
+_vpaes_schedule_mangle:
+	mov	v4.16b, v0.16b			// vmovdqa	%xmm0,	%xmm4	# save xmm0 for later
+						// vmovdqa	.Lk_mc_forward(%rip),%xmm5
+	cbnz	$dir, .Lschedule_mangle_dec
+
+	// encrypting
+	eor	v4.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm4
+	add	$out, $out, #16			// add	\$16,	%rdx
+	tbl	v4.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm4
+	tbl	v1.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm1
+	tbl	v3.16b, {v1.16b}, v9.16b	// vpshufb	%xmm5,	%xmm1,	%xmm3
+	eor	v4.16b, v4.16b, v1.16b		// vpxor	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v3.16b, v3.16b, v4.16b		// vpxor	%xmm4,	%xmm3,	%xmm3
+
+	b	.Lschedule_mangle_both
+.align	4
+.Lschedule_mangle_dec:
+	// inverse mix columns
+						// lea	.Lk_dksd(%rip),%r11
+	ushr	v1.16b, v4.16b, #4		// vpsrlb	\$4,	%xmm4,	%xmm1	# 1 = hi
+	and	v4.16b, v4.16b, v17.16b		// vpand	%xmm9,	%xmm4,	%xmm4	# 4 = lo
+
+						// vmovdqa	0x00(%r11),	%xmm2
+	tbl	v2.16b, {v24.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+						// vmovdqa	0x10(%r11),	%xmm3
+	tbl	v3.16b,	{v25.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x20(%r11),	%xmm2
+	tbl	v2.16b, {v26.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x30(%r11),	%xmm3
+	tbl	v3.16b, {v27.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x40(%r11),	%xmm2
+	tbl	v2.16b, {v28.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x50(%r11),	%xmm3
+	tbl	v3.16b, {v29.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+
+						// vmovdqa	0x60(%r11),	%xmm2
+	tbl	v2.16b, {v30.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+						// vmovdqa	0x70(%r11),	%xmm4
+	tbl	v4.16b, {v31.16b}, v1.16b	// vpshufb	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+	eor	v3.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm3
+
+	sub	$out, $out, #16			// add	\$-16,	%rdx
+
+.Lschedule_mangle_both:
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	add	x8, x8, #64-16			// add	\$-16,	%r8
+	and	x8, x8, #~(1<<6)		// and	\$0x30,	%r8
+	st1	{v3.2d}, [$out]			// vmovdqu	%xmm3,	(%rdx)
+	ret
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+.globl	vpaes_set_encrypt_key
+.type	vpaes_set_encrypt_key,%function
+.align	4
+vpaes_set_encrypt_key:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, $bits, #5		// shr	\$5,%eax
+	add	w9, w9, #5		// \$5,%eax
+	str	w9, [$out,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	mov	$dir, #0		// mov	\$0,%ecx
+	mov	x8, #0x30		// mov	\$0x30,%r8d
+	bl	_vpaes_schedule_core
+	eor	x0, x0, x0
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
+
+.globl	vpaes_set_decrypt_key
+.type	vpaes_set_decrypt_key,%function
+.align	4
+vpaes_set_decrypt_key:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, $bits, #5		// shr	\$5,%eax
+	add	w9, w9, #5		// \$5,%eax
+	str	w9, [$out,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+	lsl	w9, w9, #4		// shl	\$4,%eax
+	add	$out, $out, #16		// lea	16(%rdx,%rax),%rdx
+	add	$out, $out, x9
+
+	mov	$dir, #1		// mov	\$1,%ecx
+	lsr	w8, $bits, #1		// shr	\$1,%r8d
+	and	x8, x8, #32		// and	\$32,%r8d
+	eor	x8, x8, #32		// xor	\$32,%r8d	# nbits==192?0:32
+	bl	_vpaes_schedule_core
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
+___
+}
+{
+my ($inp,$out,$len,$key,$ivec,$dir) = map("x$_",(0..5));
+
+$code.=<<___;
+.globl	vpaes_cbc_encrypt
+.type	vpaes_cbc_encrypt,%function
+.align	4
+vpaes_cbc_encrypt:
+	cbz	$len, .Lcbc_abort
+	cmp	w5, #0			// check direction
+	b.eq	vpaes_cbc_decrypt
+
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	x17, $len		// reassign
+	mov	x2,  $key		// reassign
+
+	ld1	{v0.16b}, [$ivec]	// load ivec
+	bl	_vpaes_encrypt_preheat
+	b	.Lcbc_enc_loop
+
+.align	4
+.Lcbc_enc_loop:
+	ld1	{v7.16b}, [$inp],#16	// load input
+	eor	v7.16b, v7.16b, v0.16b	// xor with ivec
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16	// save output
+	subs	x17, x17, #16
+	b.hi	.Lcbc_enc_loop
+
+	st1	{v0.16b}, [$ivec]	// write ivec
+
+	ldp	x29,x30,[sp],#16
+.Lcbc_abort:
+	ret
+.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
+
+.type	vpaes_cbc_decrypt,%function
+.align	4
+vpaes_cbc_decrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len		// reassign
+	mov	x2,  $key		// reassign
+	ld1	{v6.16b}, [$ivec]	// load ivec
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lcbc_dec_loop2x
+
+	ld1	{v7.16b}, [$inp], #16	// load input
+	bl	_vpaes_decrypt_core
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	orr	v6.16b, v7.16b, v7.16b	// next ivec value
+	st1	{v0.16b}, [$out], #16
+	subs	x17, x17, #16
+	b.ls	.Lcbc_dec_done
+
+.align	4
+.Lcbc_dec_loop2x:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_decrypt_2x
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	eor	v1.16b, v1.16b, v14.16b
+	orr	v6.16b, v15.16b, v15.16b
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lcbc_dec_loop2x
+
+.Lcbc_dec_done:
+	st1	{v6.16b}, [$ivec]
+
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
+___
+if (1) {
+$code.=<<___;
+.globl	vpaes_ecb_encrypt
+.type	vpaes_ecb_encrypt,%function
+.align	4
+vpaes_ecb_encrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len
+	mov	x2,  $key
+	bl	_vpaes_encrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_enc_loop
+
+	ld1	{v7.16b}, [$inp],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_enc_done
+
+.align	4
+.Lecb_enc_loop:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_encrypt_2x
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_enc_loop
+
+.Lecb_enc_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
+
+.globl	vpaes_ecb_decrypt
+.type	vpaes_ecb_decrypt,%function
+.align	4
+vpaes_ecb_decrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, $len
+	mov	x2,  $key
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_dec_loop
+
+	ld1	{v7.16b}, [$inp],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [$out],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_dec_done
+
+.align	4
+.Lecb_dec_loop:
+	ld1	{v14.16b,v15.16b}, [$inp], #32
+	bl	_vpaes_decrypt_2x
+	st1	{v0.16b,v1.16b}, [$out], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_dec_loop
+
+.Lecb_dec_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+	ret
+.size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
+___
+}	}
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/vpaes-ppc.pl b/openssl-1.1.0h/crypto/aes/asm/vpaes-ppc.pl
new file mode 100644
index 0000000..bb38fbe
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/vpaes-ppc.pl
@@ -0,0 +1,1594 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+# CBC encrypt/decrypt performance in cycles per byte processed with
+# 128-bit key.
+#
+#		aes-ppc.pl		this
+# PPC74x0/G4e	35.5/52.1/(23.8)	11.9(*)/15.4
+# PPC970/G5	37.9/55.0/(28.5)	22.2/28.5
+# POWER6	42.7/54.3/(28.2)	63.0/92.8(**)
+# POWER7	32.3/42.9/(18.4)	18.5/23.3
+#
+# (*)	This is ~10% worse than reported in paper. The reason is
+#	twofold. This module doesn't make any assumption about
+#	key schedule (or data for that matter) alignment and handles
+#	it in-line. Secondly it, being transliterated from
+#	vpaes-x86_64.pl, relies on "nested inversion" better suited
+#	for Intel CPUs.
+# (**)	Inadequate POWER6 performance is due to astronomic AltiVec
+#	latency, 9 cycles per simple logical operation.
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$sp="r1";
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$code.=<<___;
+.machine	"any"
+
+.text
+
+.align	7	# totally strategic alignment
+_vpaes_consts:
+Lk_mc_forward:	# mc_forward
+	.long	0x01020300, 0x05060704, 0x090a0b08, 0x0d0e0f0c	?inv
+	.long	0x05060704, 0x090a0b08, 0x0d0e0f0c, 0x01020300	?inv
+	.long	0x090a0b08, 0x0d0e0f0c, 0x01020300, 0x05060704	?inv
+	.long	0x0d0e0f0c, 0x01020300, 0x05060704, 0x090a0b08	?inv
+Lk_mc_backward:	# mc_backward
+	.long	0x03000102, 0x07040506, 0x0b08090a, 0x0f0c0d0e	?inv
+	.long	0x0f0c0d0e, 0x03000102, 0x07040506, 0x0b08090a	?inv
+	.long	0x0b08090a, 0x0f0c0d0e, 0x03000102, 0x07040506	?inv
+	.long	0x07040506, 0x0b08090a, 0x0f0c0d0e, 0x03000102	?inv
+Lk_sr:		# sr
+	.long	0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f	?inv
+	.long	0x00050a0f, 0x04090e03, 0x080d0207, 0x0c01060b	?inv
+	.long	0x0009020b, 0x040d060f, 0x08010a03, 0x0c050e07	?inv
+	.long	0x000d0a07, 0x04010e0b, 0x0805020f, 0x0c090603	?inv
+
+##
+## "Hot" constants
+##
+Lk_inv:		# inv, inva
+	.long	0xf001080d, 0x0f06050e, 0x020c0b0a, 0x09030704	?rev
+	.long	0xf0070b0f, 0x060a0401, 0x09080502, 0x0c0e0d03	?rev
+Lk_ipt:		# input transform (lo, hi)
+	.long	0x00702a5a, 0x98e8b2c2, 0x08782252, 0x90e0baca	?rev
+	.long	0x004d7c31, 0x7d30014c, 0x81ccfdb0, 0xfcb180cd	?rev
+Lk_sbo:		# sbou, sbot
+	.long	0x00c7bd6f, 0x176dd2d0, 0x78a802c5, 0x7abfaa15	?rev
+	.long	0x006abb5f, 0xa574e4cf, 0xfa352b41, 0xd1901e8e	?rev
+Lk_sb1:		# sb1u, sb1t
+	.long	0x0023e2fa, 0x15d41836, 0xefd92e0d, 0xc1ccf73b	?rev
+	.long	0x003e50cb, 0x8fe19bb1, 0x44f52a14, 0x6e7adfa5	?rev
+Lk_sb2:		# sb2u, sb2t
+	.long	0x0029e10a, 0x4088eb69, 0x4a2382ab, 0xc863a1c2	?rev
+	.long	0x0024710b, 0xc6937ae2, 0xcd2f98bc, 0x55e9b75e	?rev
+
+##
+##  Decryption stuff
+##
+Lk_dipt:	# decryption input transform
+	.long	0x005f540b, 0x045b500f, 0x1a454e11, 0x1e414a15	?rev
+	.long	0x00650560, 0xe683e386, 0x94f191f4, 0x72177712	?rev
+Lk_dsbo:	# decryption sbox final output
+	.long	0x0040f97e, 0x53ea8713, 0x2d3e94d4, 0xb96daac7	?rev
+	.long	0x001d4493, 0x0f56d712, 0x9c8ec5d8, 0x59814bca	?rev
+Lk_dsb9:	# decryption sbox output *9*u, *9*t
+	.long	0x00d6869a, 0x53031c85, 0xc94c994f, 0x501fd5ca	?rev
+	.long	0x0049d7ec, 0x89173bc0, 0x65a5fbb2, 0x9e2c5e72	?rev
+Lk_dsbd:	# decryption sbox output *D*u, *D*t
+	.long	0x00a2b1e6, 0xdfcc577d, 0x39442a88, 0x139b6ef5	?rev
+	.long	0x00cbc624, 0xf7fae23c, 0xd3efde15, 0x0d183129	?rev
+Lk_dsbb:	# decryption sbox output *B*u, *B*t
+	.long	0x0042b496, 0x926422d0, 0x04d4f2b0, 0xf6462660	?rev
+	.long	0x006759cd, 0xa69894c1, 0x6baa5532, 0x3e0cfff3	?rev
+Lk_dsbe:	# decryption sbox output *E*u, *E*t
+	.long	0x00d0d426, 0x9692f246, 0xb0f6b464, 0x04604222	?rev
+	.long	0x00c1aaff, 0xcda6550c, 0x323e5998, 0x6bf36794	?rev
+
+##
+##  Key schedule constants
+##
+Lk_dksd:	# decryption key schedule: invskew x*D
+	.long	0x0047e4a3, 0x5d1ab9fe, 0xf9be1d5a, 0xa4e34007	?rev
+	.long	0x008336b5, 0xf477c241, 0x1e9d28ab, 0xea69dc5f	?rev
+Lk_dksb:	# decryption key schedule: invskew x*B
+	.long	0x00d55085, 0x1fca4f9a, 0x994cc91c, 0x8653d603	?rev
+	.long	0x004afcb6, 0xa7ed5b11, 0xc882347e, 0x6f2593d9	?rev
+Lk_dkse:	# decryption key schedule: invskew x*E + 0x63
+	.long	0x00d6c91f, 0xca1c03d5, 0x86504f99, 0x4c9a8553	?rev
+	.long	0xe87bdc4f, 0x059631a2, 0x8714b320, 0x6af95ecd	?rev
+Lk_dks9:	# decryption key schedule: invskew x*9
+	.long	0x00a7d97e, 0xc86f11b6, 0xfc5b2582, 0x3493ed4a	?rev
+	.long	0x00331427, 0x62517645, 0xcefddae9, 0xac9fb88b	?rev
+
+Lk_rcon:	# rcon
+	.long	0xb6ee9daf, 0xb991831f, 0x817d7c4d, 0x08982a70	?asis
+Lk_s63:
+	.long	0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b	?asis
+
+Lk_opt:		# output transform
+	.long	0x0060b6d6, 0x29499fff, 0x0868bede, 0x214197f7	?rev
+	.long	0x00ecbc50, 0x51bded01, 0xe00c5cb0, 0xb15d0de1	?rev
+Lk_deskew:	# deskew tables: inverts the sbox's "skew"
+	.long	0x00e3a447, 0x40a3e407, 0x1af9be5d, 0x5ab9fe1d	?rev
+	.long	0x0069ea83, 0xdcb5365f, 0x771e9df4, 0xabc24128	?rev
+.align	5
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12	#vvvvv "distance between . and _vpaes_consts
+	addi	r12,r12,-0x308
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.asciz  "Vector Permutation AES for AltiVec, Mike Hamburg (Stanford University)"
+.align	6
+___
+
+my ($inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm) = map("v$_",(26..31));
+{
+my ($inp,$out,$key) = map("r$_",(3..5));
+
+my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_",(10..15));
+my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_",(16..19));
+my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_",(16..23));
+
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.align	4
+_vpaes_encrypt_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0xe0		# Lk_ipt
+	li	r8,  0xf0
+	vxor	v7, v7, v7		# 0x00..00
+	vspltisb	v8,4		# 0x04..04
+	vspltisb	v9,0x0f		# 0x0f..0f
+	lvx	$invlo, r12, r11
+	li	r11, 0x100
+	lvx	$invhi, r12, r10
+	li	r10, 0x110
+	lvx	$iptlo, r12, r9
+	li	r9,  0x120
+	lvx	$ipthi, r12, r8
+	li	r8,  0x130
+	lvx	$sbou, r12, r11
+	li	r11, 0x140
+	lvx	$sbot, r12, r10
+	li	r10, 0x150
+	lvx	$sb1u, r12, r9
+	lvx	$sb1t, r12, r8
+	lvx	$sb2u, r12, r11
+	lvx	$sb2t, r12, r10
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm6, %r9, %r10, %r11, %rax
+##
+##
+.align 5
+_vpaes_encrypt_core:
+	lwz	r8, 240($key)		# pull rounds
+	li	r9, 16
+	lvx	v5, 0, $key		# vmovdqu	(%r9),	%xmm5		# round0 key
+	li	r11, 0x10
+	lvx	v6, r9, $key
+	addi	r9, r9, 16
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	addi	r10, r11, 0x40
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm1
+	vperm	v1, $ipthi, $ipthi, v1	# vpshufb	%xmm0,	%xmm3,	%xmm2
+	vxor	v0, v0, v5		# vpxor	%xmm5,	%xmm1,	%xmm0
+	vxor	v0, v0, v1		# vpxor	%xmm2,	%xmm0,	%xmm0
+	mtctr	r8
+	b	Lenc_entry
+
+.align 4
+Lenc_loop:
+	# middle of middle round
+	vperm	v4, $sb1t, v7, v2	# vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	lvx	v1, r12, r11		# vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	addi	r11, r11, 16
+	vperm	v0, $sb1u, v7, v3	# vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	andi.	r11, r11, 0x30		# and		\$0x30, %r11	# ... mod 4
+	vperm	v5, $sb2t, v7, v2	# vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0,	%xmm0	# 0 = A
+	vperm	v2, $sb2u, v7, v3	# vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	lvx	v4, r12, r10		# vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	addi	r10, r11, 0x40
+	vperm	v3, v0, v7, v1		# vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	vxor	v2, v2, v5		# vpxor		%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	vperm	v0, v0, v7, v4		# vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	vperm	v4, v3, v7, v1		# vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	vxor	v0, v0, v3		# vpxor		%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+
+Lenc_entry:
+	# top of round
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	vperm	v5, $invhi, $invhi, v0	# vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	vxor	v0, v0, v1		# vpxor		%xmm0,	%xmm1,	%xmm1	# 0 = j
+	vperm	v3, $invlo, $invlo, v1	# vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	vperm	v4, $invlo, $invlo, v0	# vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	vand	v0, v0, v9
+	vxor	v3, v3, v5		# vpxor		%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v7, v3	# vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	vmr	v5, v6
+	lvx	v6, r9, $key		# vmovdqu	(%r9), %xmm5
+	vperm	v3, $invlo, v7, v4	# vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	addi	r9, r9, 16
+	vxor	v2, v2, v0		# vpxor		%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vxor	v3, v3, v1		# vpxor		%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	bdnz	Lenc_loop
+
+	# middle of last round
+	addi	r10, r11, 0x80
+					# vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+					# vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	vperm	v4, $sbou, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	lvx	v1, r12, r10		# vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	vperm	v0, $sbot, v7, v3	# vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	vxor	v0, v0, v4		# vpxor		%xmm4,	%xmm0,	%xmm0	# 0 = A
+	vperm	v0, v0, v7, v1		# vpshufb	%xmm1,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_encrypt
+.align	5
+.vpaes_encrypt:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r6
+	mfspr	r7, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	# save vrsave
+	li	r0, -1
+	$PUSH	r6,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			# preserve all AltiVec registers
+
+	bl	_vpaes_encrypt_preheat
+
+	?lvsl	$inpperm, 0, $inp	# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not a typo
+	 ?lvsr	$outperm, 0, $out
+	?lvsl	$keyperm, 0, $key	# prepare for unaligned access
+	lvx	$inptail, 0, $inp	# redundant in aligned case
+	?vperm	v0, v0, $inptail, $inpperm
+
+	bl	_vpaes_encrypt_core
+
+	andi.	r8, $out, 15
+	li	r9, 16
+	beq	Lenc_out_aligned
+
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	mtctr	r9
+Lenc_out_unaligned:
+	stvebx	v0, 0, $out
+	addi	$out, $out, 1
+	bdnz	Lenc_out_unaligned
+	b	Lenc_done
+
+.align	4
+Lenc_out_aligned:
+	stvx	v0, 0, $out
+Lenc_done:
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r6
+	mtspr	256, r7			# restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_encrypt,.-.vpaes_encrypt
+
+.align	4
+_vpaes_decrypt_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0x160		# Ldipt
+	li	r8,  0x170
+	vxor	v7, v7, v7		# 0x00..00
+	vspltisb	v8,4		# 0x04..04
+	vspltisb	v9,0x0f		# 0x0f..0f
+	lvx	$invlo, r12, r11
+	li	r11, 0x180
+	lvx	$invhi, r12, r10
+	li	r10, 0x190
+	lvx	$iptlo, r12, r9
+	li	r9,  0x1a0
+	lvx	$ipthi, r12, r8
+	li	r8,  0x1b0
+	lvx	$sbou, r12, r11
+	li	r11, 0x1c0
+	lvx	$sbot, r12, r10
+	li	r10, 0x1d0
+	lvx	$sb9u, r12, r9
+	li	r9,  0x1e0
+	lvx	$sb9t, r12, r8
+	li	r8,  0x1f0
+	lvx	$sbdu, r12, r11
+	li	r11, 0x200
+	lvx	$sbdt, r12, r10
+	li	r10, 0x210
+	lvx	$sbbu, r12, r9
+	lvx	$sbbt, r12, r8
+	lvx	$sbeu, r12, r11
+	lvx	$sbet, r12, r10
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.align	4
+_vpaes_decrypt_core:
+	lwz	r8, 240($key)		# pull rounds
+	li	r9, 16
+	lvx	v5, 0, $key		# vmovdqu	(%r9),	%xmm4		# round0 key
+	li	r11, 0x30
+	lvx	v6, r9, $key
+	addi	r9, r9, 16
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm2
+	vperm	v1, $ipthi, $ipthi, v1	# vpshufb	%xmm0,	%xmm1,	%xmm0
+	vxor	v0, v0, v5		# vpxor	%xmm4,	%xmm2,	%xmm2
+	vxor	v0, v0, v1		# vpxor	%xmm2,	%xmm0,	%xmm0
+	mtctr	r8
+	b	Ldec_entry
+
+.align 4
+Ldec_loop:
+#
+#  Inverse mix columns
+#
+	lvx	v0, r12, r11		# v5 and v0 are flipped
+					# vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+					# vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	vperm	v4, $sb9u, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	subi	r11, r11, 16
+	vperm	v1, $sb9t, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	andi.	r11, r11, 0x30
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0
+					# vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	vperm	v4, $sbdu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	vperm 	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbdt, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+					# vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	vperm	v4, $sbbu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	vperm	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbbt, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	vxor	v5, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+					# vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	vxor	v5, v5, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+					# vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	vperm	v4, $sbeu, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	vperm	v5, v5, v7, v0		# vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	vperm	v1, $sbet, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	vxor	v0, v5, v4		# vpxor		%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	vxor	v0, v0, v1		# vpxor		%xmm1,	%xmm0,	%xmm0		# 0 = ch
+
+Ldec_entry:
+	# top of round
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0	# 1 = i
+	vperm	v2, $invhi, $invhi, v0	# vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	vxor	v0, v0, v1		# vpxor		%xmm0,	%xmm1,	%xmm1	# 0 = j
+	vperm	v3, $invlo, $invlo, v1	# vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	vperm	v4, $invlo, $invlo, v0	# vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	vand	v0, v0, v9
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	vxor	v4, v4, v2		# vpxor		%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v7, v3	# vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	vmr	v5, v6
+	lvx	v6, r9, $key		# vmovdqu	(%r9),	%xmm0
+	vperm	v3, $invlo, v7, v4	# vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	addi	r9, r9, 16
+	vxor	v2, v2, v0		# vpxor		%xmm1,	%xmm2,	%xmm2	# 2 = io
+	?vperm	v5, v5, v6, $keyperm	# align round key
+	vxor	v3, v3, v1		# vpxor		%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	bdnz	Ldec_loop
+
+	# middle of last round
+	addi	r10, r11, 0x80
+					# vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	vperm	v4, $sbou, v7, v2	# vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+					# vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	lvx	v2, r12, r10		# vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	vperm	v1, $sbot, v7, v3	# vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	vxor	v4, v4, v5		# vpxor		%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	vxor	v0, v1, v4		# vpxor		%xmm4,	%xmm1,	%xmm0	# 0 = A
+	vperm	v0, v0, v7, v2		# vpshufb	%xmm2,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_decrypt
+.align	5
+.vpaes_decrypt:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r6
+	mfspr	r7, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r7,`$FRAME-4`($sp)	# save vrsave
+	li	r0, -1
+	$PUSH	r6,`$FRAME+$LRSAVE`($sp)
+	mtspr	256, r0			# preserve all AltiVec registers
+
+	bl	_vpaes_decrypt_preheat
+
+	?lvsl	$inpperm, 0, $inp	# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not a typo
+	 ?lvsr	$outperm, 0, $out
+	?lvsl	$keyperm, 0, $key
+	lvx	$inptail, 0, $inp	# redundant in aligned case
+	?vperm	v0, v0, $inptail, $inpperm
+
+	bl	_vpaes_decrypt_core
+
+	andi.	r8, $out, 15
+	li	r9, 16
+	beq	Ldec_out_aligned
+
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	mtctr	r9
+Ldec_out_unaligned:
+	stvebx	v0, 0, $out
+	addi	$out, $out, 1
+	bdnz	Ldec_out_unaligned
+	b	Ldec_done
+
+.align	4
+Ldec_out_aligned:
+	stvx	v0, 0, $out
+Ldec_done:
+
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtlr	r6
+	mtspr	256, r7			# restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_decrypt,.-.vpaes_decrypt
+
+.globl	.vpaes_cbc_encrypt
+.align	5
+.vpaes_cbc_encrypt:
+	${UCMP}i r5,16
+	bltlr-
+
+	$STU	$sp,-`($FRAME+2*$SIZE_T)`($sp)
+	mflr	r0
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mfspr	r12, 256
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r12,`$FRAME-4`($sp)	# save vrsave
+	$PUSH	r30,`$FRAME+$SIZE_T*0`($sp)
+	$PUSH	r31,`$FRAME+$SIZE_T*1`($sp)
+	li	r9, -16
+	$PUSH	r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp)
+
+	and	r30, r5, r9		# copy length&-16
+	andi.	r9, $out, 15		# is $out aligned?
+	mr	r5, r6			# copy pointer to key
+	mr	r31, r7			# copy pointer to iv
+	li	r6, -1
+	mcrf	cr1, cr0		# put aside $out alignment flag
+	mr	r7, r12			# copy vrsave
+	mtspr	256, r6			# preserve all AltiVec registers
+
+	lvx	v24, 0, r31		# load [potentially unaligned] iv
+	li	r9, 15
+	?lvsl	$inpperm, 0, r31
+	lvx	v25, r9, r31
+	?vperm	v24, v24, v25, $inpperm
+
+	cmpwi	r8, 0			# test direction
+	neg	r8, $inp		# prepare for unaligned access
+	 vxor	v7, v7, v7
+	?lvsl	$keyperm, 0, $key
+	 ?lvsr	$outperm, 0, $out
+	?lvsr	$inpperm, 0, r8		# -$inp
+	 vnor	$outmask, v7, v7	# 0xff..ff
+	lvx	$inptail, 0, $inp
+	 ?vperm	$outmask, v7, $outmask, $outperm
+	addi	$inp, $inp, 15		# 15 is not a typo
+
+	beq	Lcbc_decrypt
+
+	bl	_vpaes_encrypt_preheat
+	li	r0, 16
+
+	beq	cr1, Lcbc_enc_loop	# $out is aligned
+
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vxor	v0, v0, v24		# ^= iv
+
+	bl	_vpaes_encrypt_core
+
+	andi.	r8, $out, 15
+	vmr	v24, v0			# put aside iv
+	sub	r9, $out, r8
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+
+Lcbc_enc_head:
+	stvebx	$outhead, r8, r9
+	cmpwi	r8, 15
+	addi	r8, r8, 1
+	bne	Lcbc_enc_head
+
+	sub.	r30, r30, r0		# len -= 16
+	addi	$out, $out, 16
+	beq	Lcbc_unaligned_done
+
+Lcbc_enc_loop:
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vxor	v0, v0, v24		# ^= iv
+
+	bl	_vpaes_encrypt_core
+
+	vmr	v24, v0			# put aside iv
+	sub.	r30, r30, r0		# len -= 16
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	vsel	v1, $outhead, v0, $outmask
+	vmr	$outhead, v0
+	stvx	v1, 0, $out
+	addi	$out, $out, 16
+	bne	Lcbc_enc_loop
+
+	b	Lcbc_done
+
+.align	5
+Lcbc_decrypt:
+	bl	_vpaes_decrypt_preheat
+	li	r0, 16
+
+	beq	cr1, Lcbc_dec_loop	# $out is aligned
+
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vmr	v25, v0			# put aside input
+
+	bl	_vpaes_decrypt_core
+
+	andi.	r8, $out, 15
+	vxor	v0, v0, v24		# ^= iv
+	vmr	v24, v25
+	sub	r9, $out, r8
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+
+Lcbc_dec_head:
+	stvebx	$outhead, r8, r9
+	cmpwi	r8, 15
+	addi	r8, r8, 1
+	bne	Lcbc_dec_head
+
+	sub.	r30, r30, r0		# len -= 16
+	addi	$out, $out, 16
+	beq	Lcbc_unaligned_done
+
+Lcbc_dec_loop:
+	vmr	v0, $inptail
+	lvx	$inptail, 0, $inp
+	addi	$inp, $inp, 16
+	?vperm	v0, v0, $inptail, $inpperm
+	vmr	v25, v0			# put aside input
+
+	bl	_vpaes_decrypt_core
+
+	vxor	v0, v0, v24		# ^= iv
+	vmr	v24, v25
+	sub.	r30, r30, r0		# len -= 16
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	vsel	v1, $outhead, v0, $outmask
+	vmr	$outhead, v0
+	stvx	v1, 0, $out
+	addi	$out, $out, 16
+	bne	Lcbc_dec_loop
+
+Lcbc_done:
+	beq	cr1, Lcbc_write_iv	# $out is aligned
+
+Lcbc_unaligned_done:
+	andi.	r8, $out, 15
+	sub	$out, $out, r8
+	li	r9, 0
+Lcbc_tail:
+	stvebx	$outhead, r9, $out
+	addi	r9, r9, 1
+	cmpw	r9, r8
+	bne	Lcbc_tail
+
+Lcbc_write_iv:
+	neg	r8, r31			# write [potentially unaligned] iv
+	li	r10, 4
+	?lvsl	$outperm, 0, r8
+	li	r11, 8
+	li	r12, 12
+	vperm	v24, v24, v24, $outperm	# rotate right/left
+	stvewx	v24, 0, r31		# ivp is at least 32-bit aligned
+	stvewx	v24, r10, r31
+	stvewx	v24, r11, r31
+	stvewx	v24, r12, r31
+
+	mtspr	256, r7			# restore vrsave
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+Lcbc_abort:
+	$POP	r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp)
+	$POP	r30,`$FRAME+$SIZE_T*0`($sp)
+	$POP	r31,`$FRAME+$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,`$FRAME+$SIZE_T*2`
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,2,6,0
+	.long	0
+.size	.vpaes_cbc_encrypt,.-.vpaes_cbc_encrypt
+___
+}
+{
+my ($inp,$bits,$out)=map("r$_",(3..5));
+my $dir="cr1";
+my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_",(10..13,24));
+
+$code.=<<___;
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.align	4
+_vpaes_key_preheat:
+	mflr	r8
+	bl	Lconsts
+	mtlr	r8
+	li	r11, 0xc0		# Lk_inv
+	li	r10, 0xd0
+	li	r9,  0xe0		# L_ipt
+	li	r8,  0xf0
+
+	vspltisb	v8,4		# 0x04..04
+	vxor	v9,v9,v9		# 0x00..00
+	lvx	$invlo, r12, r11	# Lk_inv
+	li	r11, 0x120
+	lvx	$invhi, r12, r10
+	li	r10, 0x130
+	lvx	$iptlo, r12, r9		# Lk_ipt
+	li	r9, 0x220
+	lvx	$ipthi, r12, r8
+	li	r8, 0x230
+
+	lvx	v14, r12, r11		# Lk_sb1
+	li	r11, 0x240
+	lvx	v15, r12, r10
+	li	r10, 0x250
+
+	lvx	v16, r12, r9		# Lk_dksd
+	li	r9, 0x260
+	lvx	v17, r12, r8
+	li	r8, 0x270
+	lvx	v18, r12, r11		# Lk_dksb
+	li	r11, 0x280
+	lvx	v19, r12, r10
+	li	r10, 0x290
+	lvx	v20, r12, r9		# Lk_dkse
+	li	r9, 0x2a0
+	lvx	v21, r12, r8
+	li	r8, 0x2b0
+	lvx	v22, r12, r11		# Lk_dks9
+	lvx	v23, r12, r10
+
+	lvx	v24, r12, r9		# Lk_rcon
+	lvx	v25, 0, r12		# Lk_mc_forward[0]
+	lvx	v26, r12, r8		# Lks63
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.align	4
+_vpaes_schedule_core:
+	mflr	r7
+
+	bl	_vpaes_key_preheat	# load the tables
+
+	#lvx	v0, 0, $inp		# vmovdqu	(%rdi),	%xmm0		# load key (unaligned)
+	neg	r8, $inp		# prepare for unaligned access
+	lvx	v0, 0, $inp
+	addi	$inp, $inp, 15		# 15 is not typo
+	?lvsr	$inpperm, 0, r8		# -$inp
+	lvx	v6, 0, $inp		# v6 serves as inptail
+	addi	$inp, $inp, 8
+	?vperm	v0, v0, v6, $inpperm
+
+	# input transform
+	vmr	v3, v0			# vmovdqa	%xmm0,	%xmm3
+	bl	_vpaes_schedule_transform
+	vmr	v7, v0			# vmovdqa	%xmm0,	%xmm7
+
+	bne	$dir, Lschedule_am_decrypting
+
+	# encrypting, output zeroth round key after transform
+	li	r8, 0x30		# mov	\$0x30,%r8d
+	li	r9, 4
+	li	r10, 8
+	li	r11, 12
+
+	?lvsr	$outperm, 0, $out	# prepare for unaligned access
+	vnor	$outmask, v9, v9	# 0xff..ff
+	?vperm	$outmask, v9, $outmask, $outperm
+
+	#stvx	v0, 0, $out		# vmovdqu	%xmm0,	(%rdx)
+	vperm	$outhead, v0, v0, $outperm	# rotate right/left
+	stvewx	$outhead, 0, $out	# some are superfluous
+	stvewx	$outhead, r9, $out
+	stvewx	$outhead, r10, $out
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	stvewx	$outhead, r11, $out
+	b	Lschedule_go
+
+Lschedule_am_decrypting:
+	srwi	r8, $bits, 1		# shr	\$1,%r8d
+	andi.	r8, r8, 32		# and	\$32,%r8d
+	xori	r8, r8, 32		# xor	\$32,%r8d	# nbits==192?0:32
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	# decrypting, output zeroth round key after shiftrows
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	li	r9, 4
+	li	r10, 8
+	li	r11, 12
+	vperm	v4, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+
+	neg	r0, $out		# prepare for unaligned access
+	?lvsl	$outperm, 0, r0
+	vnor	$outmask, v9, v9	# 0xff..ff
+	?vperm	$outmask, $outmask, v9, $outperm
+
+	#stvx	v4, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	$outhead, v4, v4, $outperm	# rotate right/left
+	stvewx	$outhead, 0, $out	# some are superfluous
+	stvewx	$outhead, r9, $out
+	stvewx	$outhead, r10, $out
+	addi	r10, r12, 0x80		# lea	.Lk_sr(%rip),%r10
+	stvewx	$outhead, r11, $out
+	addi	$out, $out, 15		# 15 is not typo
+	xori	r8, r8, 0x30		# xor	\$0x30, %r8
+
+Lschedule_go:
+	cmplwi	$bits, 192		# cmp	\$192,	%esi
+	bgt	Lschedule_256
+	beq	Lschedule_192
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+Lschedule_128:
+	li	r0, 10			# mov	\$10, %esi
+	mtctr	r0
+
+Loop_schedule_128:
+	bl 	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle	# write output
+	b 	Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	4
+Lschedule_192:
+	li	r0, 4			# mov	\$4,	%esi
+	lvx	v0, 0, $inp
+	?vperm	v0, v6, v0, $inpperm
+	?vsldoi	v0, v3, v0, 8		# vmovdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	bl	_vpaes_schedule_transform	# input transform
+	?vsldoi	v6, v0, v9, 8
+	?vsldoi	v6, v9, v6, 8		# clobber "low" side with zeros
+	mtctr	r0
+
+Loop_schedule_192:
+	bl	_vpaes_schedule_round
+	?vsldoi	v0, v6, v0, 8		# vpalignr	\$8,%xmm6,%xmm0,%xmm0
+	bl	_vpaes_schedule_mangle	# save key n
+	bl	_vpaes_schedule_192_smear
+	bl	_vpaes_schedule_mangle	# save key n+1
+	bl	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle	# save key n+2
+	bl	_vpaes_schedule_192_smear
+	b	Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	4
+Lschedule_256:
+	li	r0, 7			# mov	\$7, %esi
+	addi	$inp, $inp, 8
+	lvx	v0, 0, $inp		# vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	?vperm	v0, v6, v0, $inpperm
+	bl	_vpaes_schedule_transform	# input transform
+	mtctr	r0
+
+Loop_schedule_256:
+	bl	_vpaes_schedule_mangle	# output low result
+	vmr	v6, v0			# vmovdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	# high round
+	bl	_vpaes_schedule_round
+	bdz 	Lschedule_mangle_last	# dec	%esi
+	bl	_vpaes_schedule_mangle	
+
+	# low round. swap xmm7 and xmm6
+	?vspltw	v0, v0, 3		# vpshufd	\$0xFF,	%xmm0,	%xmm0
+	vmr	v5, v7			# vmovdqa	%xmm7,	%xmm5
+	vmr	v7, v6			# vmovdqa	%xmm6,	%xmm7
+	bl	_vpaes_schedule_low_round
+	vmr	v7, v5			# vmovdqa	%xmm5,	%xmm7
+	
+	b	Loop_schedule_256
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	4
+Lschedule_mangle_last:
+	# schedule last round key from xmm0
+	li	r11, 0x2e0		# lea	.Lk_deskew(%rip),%r11
+	li	r9,  0x2f0
+	bne	$dir, Lschedule_mangle_last_dec
+
+	# encrypting
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),%xmm1
+	li	r11, 0x2c0		# lea		.Lk_opt(%rip),	%r11	# prepare to output transform
+	li	r9,  0x2d0		# prepare to output transform
+	vperm	v0, v0, v0, v1		# vpshufb	%xmm1,	%xmm0,	%xmm0	# output permute
+
+	lvx	$iptlo, r11, r12	# reload $ipt
+	lvx	$ipthi, r9, r12
+	addi	$out, $out, 16		# add	\$16,	%rdx
+	vxor	v0, v0, v26		# vpxor		.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	# output transform
+
+	#stvx	v0, r0, $out		# vmovdqu	%xmm0,	(%rdx)		# save last key
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	li	r10, 4
+	vsel	v2, $outhead, v0, $outmask
+	li	r11, 8
+	stvx	v2, 0, $out
+	li	r12, 12
+	stvewx	v0, 0, $out		# some (or all) are redundant
+	stvewx	v0, r10, $out
+	stvewx	v0, r11, $out
+	stvewx	v0, r12, $out
+	b	Lschedule_mangle_done
+
+.align	4
+Lschedule_mangle_last_dec:
+	lvx	$iptlo, r11, r12	# reload $ipt
+	lvx	$ipthi, r9,  r12
+	addi	$out, $out, -16		# add	\$-16,	%rdx 
+	vxor	v0, v0, v26		# vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	# output transform
+
+	#stvx	v0, r0, $out		# vmovdqu	%xmm0,	(%rdx)		# save last key
+	addi	r9, $out, -15		# -15 is not typo
+	vperm	v0, v0, v0, $outperm	# rotate right/left
+	li	r10, 4
+	vsel	v2, $outhead, v0, $outmask
+	li	r11, 8
+	stvx	v2, 0, $out
+	li	r12, 12
+	stvewx	v0, 0, r9		# some (or all) are redundant
+	stvewx	v0, r10, r9
+	stvewx	v0, r11, r9
+	stvewx	v0, r12, r9
+
+
+Lschedule_mangle_done:
+	mtlr	r7
+	# cleanup
+	vxor	v0, v0, v0		# vpxor		%xmm0,	%xmm0,	%xmm0
+	vxor	v1, v1, v1		# vpxor		%xmm1,	%xmm1,	%xmm1
+	vxor	v2, v2, v2		# vpxor		%xmm2,	%xmm2,	%xmm2
+	vxor	v3, v3, v3		# vpxor		%xmm3,	%xmm3,	%xmm3
+	vxor	v4, v4, v4		# vpxor		%xmm4,	%xmm4,	%xmm4
+	vxor	v5, v5, v5		# vpxor		%xmm5,	%xmm5,	%xmm5
+	vxor	v6, v6, v6		# vpxor		%xmm6,	%xmm6,	%xmm6
+	vxor	v7, v7, v7		# vpxor		%xmm7,	%xmm7,	%xmm7
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.align	4
+_vpaes_schedule_192_smear:
+	?vspltw	v0, v7, 3
+	?vsldoi	v1, v9, v6, 12		# vpshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	?vsldoi	v0, v7, v0, 8		# vpshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	vxor	v6, v6, v1		# vpxor		%xmm1,	%xmm6,	%xmm6	# -> c+d c 0 0
+	vxor	v6, v6, v0		# vpxor		%xmm0,	%xmm6,	%xmm6	# -> b+c+d b+c b a
+	vmr	v0, v6
+	?vsldoi	v6, v6, v9, 8
+	?vsldoi	v6, v9, v6, 8		# clobber low side with zeros
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.align	4
+_vpaes_schedule_round:
+	# extract rcon from xmm8
+	#vxor	v4, v4, v4		# vpxor		%xmm4,	%xmm4,	%xmm4
+	?vsldoi	v1, $rcon, v9, 15	# vpalignr	\$15,	%xmm8,	%xmm4,	%xmm1
+	?vsldoi	$rcon, $rcon, $rcon, 15	# vpalignr	\$15,	%xmm8,	%xmm8,	%xmm8
+	vxor	v7, v7, v1		# vpxor		%xmm1,	%xmm7,	%xmm7
+
+	# rotate
+	?vspltw	v0, v0, 3		# vpshufd	\$0xFF,	%xmm0,	%xmm0
+	?vsldoi	v0, v0, v0, 1		# vpalignr	\$1,	%xmm0,	%xmm0,	%xmm0
+
+	# fall through...
+
+	# low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	# smear xmm7
+	?vsldoi	v1, v9, v7, 12		# vpslldq	\$4,	%xmm7,	%xmm1
+	vxor	v7, v7, v1		# vpxor		%xmm1,	%xmm7,	%xmm7
+	vspltisb	v1, 0x0f	# 0x0f..0f
+	?vsldoi	v4, v9, v7, 8		# vpslldq	\$8,	%xmm7,	%xmm4
+
+	# subbytes
+	vand	v1, v1, v0		# vpand		%xmm9,	%xmm0,	%xmm1		# 0 = k
+	vsrb	v0, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0		# 1 = i
+	 vxor	v7, v7, v4		# vpxor		%xmm4,	%xmm7,	%xmm7
+	vperm	v2, $invhi, v9, v1	# vpshufb	%xmm1,	%xmm11,	%xmm2		# 2 = a/k
+	vxor	v1, v1, v0		# vpxor		%xmm0,	%xmm1,	%xmm1		# 0 = j
+	vperm	v3, $invlo, v9, v0	# vpshufb	%xmm0, 	%xmm10,	%xmm3		# 3 = 1/i
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3		# 3 = iak = 1/i + a/k
+	vperm	v4, $invlo, v9, v1	# vpshufb	%xmm1,	%xmm10,	%xmm4		# 4 = 1/j
+	 vxor	v7, v7, v26		# vpxor		.Lk_s63(%rip),	%xmm7,	%xmm7
+	vperm	v3, $invlo, v9, v3	# vpshufb	%xmm3,	%xmm10,	%xmm3		# 2 = 1/iak
+	vxor	v4, v4, v2		# vpxor		%xmm2,	%xmm4,	%xmm4		# 4 = jak = 1/j + a/k
+	vperm	v2, $invlo, v9, v4	# vpshufb	%xmm4,	%xmm10,	%xmm2		# 3 = 1/jak
+	vxor	v3, v3, v1		# vpxor		%xmm1,	%xmm3,	%xmm3		# 2 = io
+	vxor	v2, v2, v0		# vpxor		%xmm0,	%xmm2,	%xmm2		# 3 = jo
+	vperm	v4, v15, v9, v3		# vpshufb	%xmm3,	%xmm13,	%xmm4		# 4 = sbou
+	vperm	v1, v14, v9, v2		# vpshufb	%xmm2,	%xmm12,	%xmm1		# 0 = sb1t
+	vxor	v1, v1, v4		# vpxor		%xmm4,	%xmm1,	%xmm1		# 0 = sbox output
+
+	# add in smeared stuff
+	vxor	v0, v1, v7		# vpxor		%xmm7,	%xmm1,	%xmm0
+	vxor	v7, v1, v7		# vmovdqa	%xmm0,	%xmm7
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm2
+##
+.align	4
+_vpaes_schedule_transform:
+	#vand	v1, v0, v9		# vpand		%xmm9,	%xmm0,	%xmm1
+	vsrb	v2, v0, v8		# vpsrlb	\$4,	%xmm0,	%xmm0
+					# vmovdqa	(%r11),	%xmm2 	# lo
+	vperm	v0, $iptlo, $iptlo, v0	# vpshufb	%xmm1,	%xmm2,	%xmm2
+					# vmovdqa	16(%r11),	%xmm1 # hi
+	vperm	v2, $ipthi, $ipthi, v2	# vpshufb	%xmm0,	%xmm1,	%xmm0
+	vxor	v0, v0, v2		# vpxor		%xmm2,	%xmm0,	%xmm0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.align	4
+_vpaes_schedule_mangle:
+	#vmr	v4, v0			# vmovdqa	%xmm0,	%xmm4	# save xmm0 for later
+					# vmovdqa	.Lk_mc_forward(%rip),%xmm5
+	bne	$dir, Lschedule_mangle_dec
+
+	# encrypting
+	vxor	v4, v0, v26		# vpxor	.Lk_s63(%rip),	%xmm0,	%xmm4
+	addi	$out, $out, 16		# add	\$16,	%rdx
+	vperm	v4, v4, v4, v25		# vpshufb	%xmm5,	%xmm4,	%xmm4
+	vperm	v1, v4, v4, v25		# vpshufb	%xmm5,	%xmm4,	%xmm1
+	vperm	v3, v1, v1, v25		# vpshufb	%xmm5,	%xmm1,	%xmm3
+	vxor	v4, v4, v1		# vpxor		%xmm1,	%xmm4,	%xmm4
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	vxor	v3, v3, v4		# vpxor		%xmm4,	%xmm3,	%xmm3
+
+	vperm	v3, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+	addi	r8, r8, -16		# add	\$-16,	%r8
+	andi.	r8, r8, 0x30		# and	\$0x30,	%r8
+
+	#stvx	v3, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	v1, v3, v3, $outperm	# rotate right/left
+	vsel	v2, $outhead, v1, $outmask
+	vmr	$outhead, v1
+	stvx	v2, 0, $out
+	blr
+
+.align	4
+Lschedule_mangle_dec:
+	# inverse mix columns
+					# lea	.Lk_dksd(%rip),%r11
+	vsrb	v1, v0, v8		# vpsrlb	\$4,	%xmm4,	%xmm1	# 1 = hi
+	#and	v4, v0, v9		# vpand		%xmm9,	%xmm4,	%xmm4	# 4 = lo
+
+					# vmovdqa	0x00(%r11),	%xmm2
+	vperm	v2, v16, v16, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+					# vmovdqa	0x10(%r11),	%xmm3
+	vperm	v3, v17, v17, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+
+					# vmovdqa	0x20(%r11),	%xmm2
+	vperm	v2, v18, v18, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+					# vmovdqa	0x30(%r11),	%xmm3
+	vperm	v3, v19, v19, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+
+					# vmovdqa	0x40(%r11),	%xmm2
+	vperm	v2, v20, v20, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+					# vmovdqa	0x50(%r11),	%xmm3
+	vperm	v3, v21, v21, v1	# vpshufb	%xmm1,	%xmm3,	%xmm3
+	vxor	v3, v3, v2		# vpxor		%xmm2,	%xmm3,	%xmm3
+
+					# vmovdqa	0x60(%r11),	%xmm2
+	vperm	v2, v22, v22, v0	# vpshufb	%xmm4,	%xmm2,	%xmm2
+	vperm	v3, v3, v9, v25		# vpshufb	%xmm5,	%xmm3,	%xmm3
+					# vmovdqa	0x70(%r11),	%xmm4
+	vperm	v4, v23, v23, v1	# vpshufb	%xmm1,	%xmm4,	%xmm4
+	lvx	v1, r8, r10		# vmovdqa	(%r8,%r10),	%xmm1
+	vxor	v2, v2, v3		# vpxor		%xmm3,	%xmm2,	%xmm2
+	vxor	v3, v4, v2		# vpxor		%xmm2,	%xmm4,	%xmm3
+
+	addi	$out, $out, -16		# add	\$-16,	%rdx
+
+	vperm	v3, v3, v3, v1		# vpshufb	%xmm1,	%xmm3,	%xmm3
+	addi	r8, r8, -16		# add	\$-16,	%r8
+	andi.	r8, r8, 0x30		# and	\$0x30,	%r8
+
+	#stvx	v3, 0, $out		# vmovdqu	%xmm3,	(%rdx)
+	vperm	v1, v3, v3, $outperm	# rotate right/left
+	vsel	v2, $outhead, v1, $outmask
+	vmr	$outhead, v1
+	stvx	v2, 0, $out
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.vpaes_set_encrypt_key
+.align	5
+.vpaes_set_encrypt_key:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r0
+	mfspr	r6, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r6,`$FRAME-4`($sp)	# save vrsave
+	li	r7, -1
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256, r7			# preserve all AltiVec registers
+
+	srwi	r9, $bits, 5		# shr	\$5,%eax
+	addi	r9, r9, 6		# add	\$5,%eax
+	stw	r9, 240($out)		# mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	cmplw	$dir, $bits, $bits	# set encrypt direction
+	li	r8, 0x30		# mov	\$0x30,%r8d
+	bl	_vpaes_schedule_core
+
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtspr	256, r6			# restore vrsave
+	mtlr	r0
+	xor	r3, r3, r3
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_set_encrypt_key,.-.vpaes_set_encrypt_key
+
+.globl	.vpaes_set_decrypt_key
+.align	4
+.vpaes_set_decrypt_key:
+	$STU	$sp,-$FRAME($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mflr	r0
+	mfspr	r6, 256			# save vrsave
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r6,`$FRAME-4`($sp)	# save vrsave
+	li	r7, -1
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256, r7			# preserve all AltiVec registers
+
+	srwi	r9, $bits, 5		# shr	\$5,%eax
+	addi	r9, r9, 6		# add	\$5,%eax
+	stw	r9, 240($out)		# mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	slwi	r9, r9, 4		# shl	\$4,%eax
+	add	$out, $out, r9		# lea	(%rdx,%rax),%rdx
+
+	cmplwi	$dir, $bits, 0		# set decrypt direction
+	srwi	r8, $bits, 1		# shr	\$1,%r8d
+	andi.	r8, r8, 32		# and	\$32,%r8d
+	xori	r8, r8, 32		# xor	\$32,%r8d	# nbits==192?0:32
+	bl	_vpaes_schedule_core
+
+	$POP	r0,  `$FRAME+$LRSAVE`($sp)
+	li	r10,`15+6*$SIZE_T`
+	li	r11,`31+6*$SIZE_T`
+	mtspr	256, r6			# restore vrsave
+	mtlr	r0
+	xor	r3, r3, r3
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,0,3,0
+	.long	0
+.size	.vpaes_set_decrypt_key,.-.vpaes_set_decrypt_key
+___
+}
+
+my $consts=1;
+foreach  (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	# constants table endian-specific conversion
+	if ($consts && m/\.long\s+(.+)\s+(\?[a-z]*)$/o) {
+	    my $conv=$2;
+	    my @bytes=();
+
+	    # convert to endian-agnostic format
+	    foreach (split(/,\s+/,$1)) {
+		my $l = /^0/?oct:int;
+		push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff;
+	    }
+
+	    # little-endian conversion
+	    if ($flavour =~ /le$/o) {
+		SWITCH: for($conv)  {
+		    /\?inv/ && do   { @bytes=map($_^0xf,@bytes); last; };
+		    /\?rev/ && do   { @bytes=reverse(@bytes);    last; }; 
+		}
+	    }
+
+	    #emit
+	    print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n";
+	    next;
+	}
+	$consts=0 if (m/Lconsts:/o);	# end of table
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/\?lvsr/lvsl/o or
+	    s/\?lvsl/lvsr/o or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or
+	    s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or
+	    s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o;
+	} else {			# big-endian
+	    s/\?([a-z]+)/$1/o;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/vpaes-x86.pl b/openssl-1.1.0h/crypto/aes/asm/vpaes-x86.pl
new file mode 100644
index 0000000..47615c0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/vpaes-x86.pl
@@ -0,0 +1,916 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+######################################################################
+# September 2011.
+#
+# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for
+# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt
+# doesn't handle partial vectors (doesn't have to if called from
+# EVP only). "Drop-in" implies that this module doesn't share key
+# schedule structure with the original nor does it make assumption
+# about its alignment...
+#
+# Performance summary. aes-586.pl column lists large-block CBC
+# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
+# byte processed with 128-bit key, and vpaes-x86.pl column - [also
+# large-block CBC] encrypt/decrypt.
+#
+#		aes-586.pl		vpaes-x86.pl
+#
+# Core 2(**)	28.1/41.4/18.3		21.9/25.2(***)
+# Nehalem	27.9/40.4/18.1		10.2/11.9
+# Atom		70.7/92.1/60.1		61.1/75.4(***)
+# Silvermont	45.4/62.9/24.1		49.2/61.1(***)
+#
+# (*)	"Hyper-threading" in the context refers rather to cache shared
+#	among multiple cores, than to specifically Intel HTT. As vast
+#	majority of contemporary cores share cache, slower code path
+#	is common place. In other words "with-hyper-threading-off"
+#	results are presented mostly for reference purposes.
+#
+# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
+#
+# (***)	Less impressive improvement on Core 2 and Atom is due to slow
+#	pshufb,	yet it's respectable +28%/64%  improvement on Core 2
+#	and +15% on Atom (as implied, over "hyper-threading-safe"
+#	code path).
+#
+#						<appro@openssl.org>
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
+
+$PREFIX="vpaes";
+
+my  ($round, $base, $magic, $key, $const, $inp, $out)=
+    ("eax",  "ebx", "ecx",  "edx","ebp",  "esi","edi");
+
+&static_label("_vpaes_consts");
+&static_label("_vpaes_schedule_low_round");
+
+&set_label("_vpaes_consts",64);
+$k_inv=-0x30;		# inv, inva
+	&data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309);
+	&data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C);
+
+$k_s0F=-0x10;		# s0F
+	&data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F);
+
+$k_ipt=0x00;		# input transform (lo, hi)
+	&data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090);
+	&data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC);
+
+$k_sb1=0x20;		# sb1u, sb1t
+	&data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E);
+	&data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1);
+$k_sb2=0x40;		# sb2u, sb2t
+	&data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955);
+	&data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8);
+$k_sbo=0x60;		# sbou, sbot
+	&data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A);
+	&data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1);
+
+$k_mc_forward=0x80;	# mc_forward
+	&data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D);
+	&data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201);
+	&data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605);
+	&data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09);
+
+$k_mc_backward=0xc0;	# mc_backward
+	&data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F);
+	&data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B);
+	&data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407);
+	&data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003);
+
+$k_sr=0x100;		# sr
+	&data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C);
+	&data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C);
+	&data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C);
+	&data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C);
+
+$k_rcon=0x140;		# rcon
+	&data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808);
+
+$k_s63=0x150;		# s63: all equal to 0x63 transformed
+	&data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B);
+
+$k_opt=0x160;		# output transform
+	&data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121);
+	&data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1);
+
+$k_deskew=0x180;	# deskew tables: inverts the sbox's "skew"
+	&data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A);
+	&data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB);
+##
+##  Decryption stuff
+##  Key schedule constants
+##
+$k_dksd=0x1a0;		# decryption key schedule: invskew x*D
+	&data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4);
+	&data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA);
+$k_dksb=0x1c0;		# decryption key schedule: invskew x*B
+	&data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386);
+	&data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F);
+$k_dkse=0x1e0;		# decryption key schedule: invskew x*E + 0x63
+	&data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C);
+	&data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A);
+$k_dks9=0x200;		# decryption key schedule: invskew x*9
+	&data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334);
+	&data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC);
+
+##
+##  Decryption stuff
+##  Round function constants
+##
+$k_dipt=0x220;		# decryption input transform
+	&data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E);
+	&data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772);
+
+$k_dsb9=0x240;		# decryption sbox output *9*u, *9*t
+	&data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50);
+	&data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E);
+$k_dsbd=0x260;		# decryption sbox output *D*u, *D*t
+	&data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13);
+	&data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D);
+$k_dsbb=0x280;		# decryption sbox output *B*u, *B*t
+	&data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6);
+	&data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E);
+$k_dsbe=0x2a0;		# decryption sbox output *E*u, *E*t
+	&data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004);
+	&data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B);
+$k_dsbo=0x2c0;		# decryption sbox final output
+	&data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9);
+	&data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159);
+&asciz	("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)");
+&align	(64);
+
+&function_begin_B("_vpaes_preheat");
+	&add	($const,&DWP(0,"esp"));
+	&movdqa	("xmm7",&QWP($k_inv,$const));
+	&movdqa	("xmm6",&QWP($k_s0F,$const));
+	&ret	();
+&function_end_B("_vpaes_preheat");
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm6-%xmm7 as in _vpaes_preheat
+##    (%edx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %eax, %ebx, %ecx, %edx
+##
+##
+&function_begin_B("_vpaes_encrypt_core");
+	&mov	($magic,16);
+	&mov	($round,&DWP(240,$key));
+	&movdqa	("xmm1","xmm6")
+	&movdqa	("xmm2",&QWP($k_ipt,$const));
+	&pandn	("xmm1","xmm0");
+	&pand	("xmm0","xmm6");
+	&movdqu	("xmm5",&QWP(0,$key));
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP($k_ipt+16,$const));
+	&pxor	("xmm2","xmm5");
+	&psrld	("xmm1",4);
+	&add	($key,16);
+	&pshufb	("xmm0","xmm1");
+	&lea	($base,&DWP($k_mc_backward,$const));
+	&pxor	("xmm0","xmm2");
+	&jmp	(&label("enc_entry"));
+
+
+&set_label("enc_loop",16);
+	# middle of middle round
+	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sb1u
+	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t
+	&pshufb	("xmm4","xmm2");		# 4 = sb1u
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
+	&movdqa	("xmm5",&QWP($k_sb2,$const));	# 4 : sb2u
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&movdqa	("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[]
+	&pshufb	("xmm5","xmm2");		# 4 = sb2u
+	&movdqa	("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t
+	&movdqa	("xmm4",&QWP(0,$base,$magic));	# .Lk_mc_backward[]
+	&pshufb	("xmm2","xmm3");		# 2 = sb2t
+	&movdqa	("xmm3","xmm0");		# 3 = A
+	&pxor	("xmm2","xmm5");		# 2 = 2A
+	&pshufb	("xmm0","xmm1");		# 0 = B
+	&add	($key,16);			# next key
+	&pxor	("xmm0","xmm2");		# 0 = 2A+B
+	&pshufb	("xmm3","xmm4");		# 3 = D
+	&add	($magic,16);			# next mc
+	&pxor	("xmm3","xmm0");		# 3 = 2A+B+D
+	&pshufb	("xmm0","xmm1");		# 0 = 2B+C
+	&and	($magic,0x30);			# ... mod 4
+	&sub	($round,1);			# nr--
+	&pxor	("xmm0","xmm3");		# 0 = 2A+3B+C+D
+
+&set_label("enc_entry");
+	# top of round
+	&movdqa	("xmm1","xmm6");		# 1 : i
+	&movdqa	("xmm5",&QWP($k_inv+16,$const));# 2 : a/k
+	&pandn	("xmm1","xmm0");		# 1 = i<<4
+	&psrld	("xmm1",4);			# 1 = i
+	&pand	("xmm0","xmm6");		# 0 = k
+	&pshufb	("xmm5","xmm0");		# 2 = a/k
+	&movdqa	("xmm3","xmm7");		# 3 : 1/i
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&movdqa	("xmm4","xmm7");		# 4 : 1/j
+	&pxor	("xmm3","xmm5");		# 3 = iak = 1/i + a/k
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
+	&pxor	("xmm4","xmm5");		# 4 = jak = 1/j + a/k
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&movdqu	("xmm5",&QWP(0,$key));
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&jnz	(&label("enc_loop"));
+
+	# middle of last round
+	&movdqa	("xmm4",&QWP($k_sbo,$const));	# 3 : sbou      .Lk_sbo
+	&movdqa	("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot      .Lk_sbo+16
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&movdqa	("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[]
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&pshufb	("xmm0","xmm1");
+	&ret	();
+&function_end_B("_vpaes_encrypt_core");
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+&function_begin_B("_vpaes_decrypt_core");
+	&lea	($base,&DWP($k_dsbd,$const));
+	&mov	($round,&DWP(240,$key));
+	&movdqa	("xmm1","xmm6");
+	&movdqa	("xmm2",&QWP($k_dipt-$k_dsbd,$base));
+	&pandn	("xmm1","xmm0");
+	&mov	($magic,$round);
+	&psrld	("xmm1",4)
+	&movdqu	("xmm5",&QWP(0,$key));
+	&shl	($magic,4);
+	&pand	("xmm0","xmm6");
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP($k_dipt-$k_dsbd+16,$base));
+	&xor	($magic,0x30);
+	&pshufb	("xmm0","xmm1");
+	&and	($magic,0x30);
+	&pxor	("xmm2","xmm5");
+	&movdqa	("xmm5",&QWP($k_mc_forward+48,$const));
+	&pxor	("xmm0","xmm2");
+	&add	($key,16);
+	&lea	($magic,&DWP($k_sr-$k_dsbd,$base,$magic));
+	&jmp	(&label("dec_entry"));
+
+&set_label("dec_loop",16);
+##
+##  Inverse mix columns
+##
+	&movdqa	("xmm4",&QWP(-0x20,$base));	# 4 : sb9u
+	&movdqa	("xmm1",&QWP(-0x10,$base));	# 0 : sb9t
+	&pshufb	("xmm4","xmm2");		# 4 = sb9u
+	&pshufb	("xmm1","xmm3");		# 0 = sb9t
+	&pxor	("xmm0","xmm4");
+	&movdqa	("xmm4",&QWP(0,$base));		# 4 : sbdu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x10,$base));	# 0 : sbdt
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbdu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbdt
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&movdqa	("xmm4",&QWP(0x20,$base));	# 4 : sbbu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x30,$base));	# 0 : sbbt
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbbu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbbt
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&movdqa	("xmm4",&QWP(0x40,$base));	# 4 : sbeu
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&movdqa	("xmm1",&QWP(0x50,$base));	# 0 : sbet
+
+	&pshufb	("xmm4","xmm2");		# 4 = sbeu
+	&pshufb	("xmm0","xmm5");		# MC ch
+	&pshufb	("xmm1","xmm3");		# 0 = sbet
+	&pxor	("xmm0","xmm4");		# 4 = ch
+	&add	($key,16);			# next round key
+	&palignr("xmm5","xmm5",12);
+	&pxor	("xmm0","xmm1");		# 0 = ch
+	&sub	($round,1);			# nr--
+
+&set_label("dec_entry");
+	# top of round
+	&movdqa	("xmm1","xmm6");		# 1 : i
+	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
+	&pandn	("xmm1","xmm0");		# 1 = i<<4
+	&pand	("xmm0","xmm6");		# 0 = k
+	&psrld	("xmm1",4);			# 1 = i
+	&pshufb	("xmm2","xmm0");		# 2 = a/k
+	&movdqa	("xmm3","xmm7");		# 3 : 1/i
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&movdqa	("xmm4","xmm7");		# 4 : 1/j
+	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
+	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&movdqu	("xmm0",&QWP(0,$key));
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&jnz	(&label("dec_loop"));
+
+	# middle of last round
+	&movdqa	("xmm4",&QWP(0x60,$base));	# 3 : sbou
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&pxor	("xmm4","xmm0");		# 4 = sb1u + k
+	&movdqa	("xmm0",&QWP(0x70,$base));	# 0 : sbot
+	&movdqa	("xmm2",&QWP(0,$magic));
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm0","xmm4");		# 0 = A
+	&pshufb	("xmm0","xmm2");
+	&ret	();
+&function_end_B("_vpaes_decrypt_core");
+
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+&function_begin_B("_vpaes_schedule_core");
+	&add	($const,&DWP(0,"esp"));
+	&movdqu	("xmm0",&QWP(0,$inp));		# load key (unaligned)
+	&movdqa	("xmm2",&QWP($k_rcon,$const));	# load rcon
+
+	# input transform
+	&movdqa	("xmm3","xmm0");
+	&lea	($base,&DWP($k_ipt,$const));
+	&movdqa	(&QWP(4,"esp"),"xmm2");		# xmm8
+	&call	("_vpaes_schedule_transform");
+	&movdqa	("xmm7","xmm0");
+
+	&test	($out,$out);
+	&jnz	(&label("schedule_am_decrypting"));
+
+	# encrypting, output zeroth round key after transform
+	&movdqu	(&QWP(0,$key),"xmm0");
+	&jmp	(&label("schedule_go"));
+
+&set_label("schedule_am_decrypting");
+	# decrypting, output zeroth round key after shiftrows
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm3","xmm1");
+	&movdqu	(&QWP(0,$key),"xmm3");
+	&xor	($magic,0x30);
+
+&set_label("schedule_go");
+	&cmp	($round,192);
+	&ja	(&label("schedule_256"));
+	&je	(&label("schedule_192"));
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+&set_label("schedule_128");
+	&mov	($round,10);
+
+&set_label("loop_schedule_128");
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");	# write output
+	&jmp	(&label("loop_schedule_128"));
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+&set_label("schedule_192",16);
+	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
+	&call	("_vpaes_schedule_transform");	# input transform	
+	&movdqa	("xmm6","xmm0");		# save short part
+	&pxor	("xmm4","xmm4");		# clear 4
+	&movhlps("xmm6","xmm4");		# clobber low side with zeros
+	&mov	($round,4);
+
+&set_label("loop_schedule_192");
+	&call	("_vpaes_schedule_round");
+	&palignr("xmm0","xmm6",8);
+	&call	("_vpaes_schedule_mangle");	# save key n
+	&call	("_vpaes_schedule_192_smear");
+	&call	("_vpaes_schedule_mangle");	# save key n+1
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");	# save key n+2
+	&call	("_vpaes_schedule_192_smear");
+	&jmp	(&label("loop_schedule_192"));
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+&set_label("schedule_256",16);
+	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
+	&call	("_vpaes_schedule_transform");	# input transform	
+	&mov	($round,7);
+
+&set_label("loop_schedule_256");
+	&call	("_vpaes_schedule_mangle");	# output low result
+	&movdqa	("xmm6","xmm0");		# save cur_lo in xmm6
+
+	# high round
+	&call	("_vpaes_schedule_round");
+	&dec	($round);
+	&jz	(&label("schedule_mangle_last"));
+	&call	("_vpaes_schedule_mangle");	
+
+	# low round. swap xmm7 and xmm6
+	&pshufd	("xmm0","xmm0",0xFF);
+	&movdqa	(&QWP(20,"esp"),"xmm7");
+	&movdqa	("xmm7","xmm6");
+	&call	("_vpaes_schedule_low_round");
+	&movdqa	("xmm7",&QWP(20,"esp"));
+
+	&jmp	(&label("loop_schedule_256"));
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+&set_label("schedule_mangle_last",16);
+	# schedule last round key from xmm0
+	&lea	($base,&DWP($k_deskew,$const));
+	&test	($out,$out);
+	&jnz	(&label("schedule_mangle_last_dec"));
+
+	# encrypting
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm0","xmm1");		# output permute
+	&lea	($base,&DWP($k_opt,$const));	# prepare to output transform
+	&add	($key,32);
+
+&set_label("schedule_mangle_last_dec");
+	&add	($key,-16);
+	&pxor	("xmm0",&QWP($k_s63,$const));
+	&call	("_vpaes_schedule_transform");	# output transform
+	&movdqu	(&QWP(0,$key),"xmm0");		# save last key
+
+	# cleanup
+	&pxor	("xmm0","xmm0");
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm2","xmm2");
+	&pxor	("xmm3","xmm3");
+	&pxor	("xmm4","xmm4");
+	&pxor	("xmm5","xmm5");
+	&pxor	("xmm6","xmm6");
+	&pxor	("xmm7","xmm7");
+	&ret	();
+&function_end_B("_vpaes_schedule_core");
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+&function_begin_B("_vpaes_schedule_192_smear");
+	&pshufd	("xmm1","xmm6",0x80);		# d c 0 0 -> c 0 0 0
+	&pshufd	("xmm0","xmm7",0xFE);		# b a _ _ -> b b b a
+	&pxor	("xmm6","xmm1");		# -> c+d c 0 0
+	&pxor	("xmm1","xmm1");
+	&pxor	("xmm6","xmm0");		# -> b+c+d b+c b a
+	&movdqa	("xmm0","xmm6");
+	&movhlps("xmm6","xmm1");		# clobber low side with zeros
+	&ret	();
+&function_end_B("_vpaes_schedule_192_smear");
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm5.
+##
+&function_begin_B("_vpaes_schedule_round");
+	# extract rcon from xmm8
+	&movdqa	("xmm2",&QWP(8,"esp"));		# xmm8
+	&pxor	("xmm1","xmm1");
+	&palignr("xmm1","xmm2",15);
+	&palignr("xmm2","xmm2",15);
+	&pxor	("xmm7","xmm1");
+
+	# rotate
+	&pshufd	("xmm0","xmm0",0xFF);
+	&palignr("xmm0","xmm0",1);
+
+	# fall through...
+	&movdqa	(&QWP(8,"esp"),"xmm2");		# xmm8
+
+	# low round: same as high round, but no rotation and no rcon.
+&set_label("_vpaes_schedule_low_round");
+	# smear xmm7
+	&movdqa	("xmm1","xmm7");
+	&pslldq	("xmm7",4);
+	&pxor	("xmm7","xmm1");
+	&movdqa	("xmm1","xmm7");
+	&pslldq	("xmm7",8);
+	&pxor	("xmm7","xmm1");
+	&pxor	("xmm7",&QWP($k_s63,$const));
+
+	# subbyte
+	&movdqa	("xmm4",&QWP($k_s0F,$const));
+	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
+	&movdqa	("xmm1","xmm4");	
+	&pandn	("xmm1","xmm0");
+	&psrld	("xmm1",4);			# 1 = i
+	&pand	("xmm0","xmm4");		# 0 = k
+	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
+	&pshufb	("xmm2","xmm0");		# 2 = a/k
+	&pxor	("xmm0","xmm1");		# 0 = j
+	&movdqa	("xmm3","xmm5");		# 3 : 1/i
+	&pshufb	("xmm3","xmm1");		# 3 = 1/i
+	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
+	&movdqa	("xmm4","xmm5");		# 4 : 1/j
+	&pshufb	("xmm4","xmm0");		# 4 = 1/j
+	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
+	&movdqa	("xmm2","xmm5");		# 2 : 1/iak
+	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
+	&pxor	("xmm2","xmm0");		# 2 = io
+	&movdqa	("xmm3","xmm5");		# 3 : 1/jak
+	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
+	&pxor	("xmm3","xmm1");		# 3 = jo
+	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sbou
+	&pshufb	("xmm4","xmm2");		# 4 = sbou
+	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot
+	&pshufb	("xmm0","xmm3");		# 0 = sb1t
+	&pxor	("xmm0","xmm4");		# 0 = sbox output
+
+	# add in smeared stuff
+	&pxor	("xmm0","xmm7");
+	&movdqa	("xmm7","xmm0");
+	&ret	();
+&function_end_B("_vpaes_schedule_round");
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%ebx)
+##
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+&function_begin_B("_vpaes_schedule_transform");
+	&movdqa	("xmm2",&QWP($k_s0F,$const));
+	&movdqa	("xmm1","xmm2");
+	&pandn	("xmm1","xmm0");
+	&psrld	("xmm1",4);
+	&pand	("xmm0","xmm2");
+	&movdqa	("xmm2",&QWP(0,$base));
+	&pshufb	("xmm2","xmm0");
+	&movdqa	("xmm0",&QWP(16,$base));
+	&pshufb	("xmm0","xmm1");
+	&pxor	("xmm0","xmm2");
+	&ret	();
+&function_end_B("_vpaes_schedule_transform");
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%edx), and increments or decrements it
+##  Keeps track of round number mod 4 in %ecx
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+&function_begin_B("_vpaes_schedule_mangle");
+	&movdqa	("xmm4","xmm0");	# save xmm0 for later
+	&movdqa	("xmm5",&QWP($k_mc_forward,$const));
+	&test	($out,$out);
+	&jnz	(&label("schedule_mangle_dec"));
+
+	# encrypting
+	&add	($key,16);
+	&pxor	("xmm4",&QWP($k_s63,$const));
+	&pshufb	("xmm4","xmm5");
+	&movdqa	("xmm3","xmm4");
+	&pshufb	("xmm4","xmm5");
+	&pxor	("xmm3","xmm4");
+	&pshufb	("xmm4","xmm5");
+	&pxor	("xmm3","xmm4");
+
+	&jmp	(&label("schedule_mangle_both"));
+
+&set_label("schedule_mangle_dec",16);
+	# inverse mix columns
+	&movdqa	("xmm2",&QWP($k_s0F,$const));
+	&lea	($inp,&DWP($k_dksd,$const));
+	&movdqa	("xmm1","xmm2");
+	&pandn	("xmm1","xmm4");
+	&psrld	("xmm1",4);			# 1 = hi
+	&pand	("xmm4","xmm2");		# 4 = lo
+
+	&movdqa	("xmm2",&QWP(0,$inp));
+	&pshufb	("xmm2","xmm4");
+	&movdqa	("xmm3",&QWP(0x10,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x20,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x30,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x40,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x50,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+	&pshufb	("xmm3","xmm5");
+
+	&movdqa	("xmm2",&QWP(0x60,$inp));
+	&pshufb	("xmm2","xmm4");
+	&pxor	("xmm2","xmm3");
+	&movdqa	("xmm3",&QWP(0x70,$inp));
+	&pshufb	("xmm3","xmm1");
+	&pxor	("xmm3","xmm2");
+
+	&add	($key,-16);
+
+&set_label("schedule_mangle_both");
+	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
+	&pshufb	("xmm3","xmm1");
+	&add	($magic,-16);
+	&and	($magic,0x30);
+	&movdqu	(&QWP(0,$key),"xmm3");
+	&ret	();
+&function_end_B("_vpaes_schedule_mangle");
+
+#
+# Interface to OpenSSL
+#
+&function_begin("${PREFIX}_set_encrypt_key");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($round,&wparam(1));		# bits
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	($base,$round);
+	&shr	($base,5);
+	&add	($base,5);
+	&mov	(&DWP(240,$key),$base);		# AES_KEY->rounds = nbits/32+5;
+	&mov	($magic,0x30);
+	&mov	($out,0);
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_schedule_core");
+&set_label("pic_point");
+
+	&mov	("esp",&DWP(48,"esp"));
+	&xor	("eax","eax");
+&function_end("${PREFIX}_set_encrypt_key");
+
+&function_begin("${PREFIX}_set_decrypt_key");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($round,&wparam(1));		# bits
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	($base,$round);
+	&shr	($base,5);
+	&add	($base,5);
+	&mov	(&DWP(240,$key),$base);	# AES_KEY->rounds = nbits/32+5;
+	&shl	($base,4);
+	&lea	($key,&DWP(16,$key,$base));
+
+	&mov	($out,1);
+	&mov	($magic,$round);
+	&shr	($magic,1);
+	&and	($magic,32);
+	&xor	($magic,32);			# nbist==192?0:32;
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_schedule_core");
+&set_label("pic_point");
+
+	&mov	("esp",&DWP(48,"esp"));
+	&xor	("eax","eax");
+&function_end("${PREFIX}_set_decrypt_key");
+
+&function_begin("${PREFIX}_encrypt");
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($out,&wparam(1));		# out
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&movdqu	("xmm0",&QWP(0,$inp));
+	&call	("_vpaes_encrypt_core");
+	&movdqu	(&QWP(0,$out),"xmm0");
+
+	&mov	("esp",&DWP(48,"esp"));
+&function_end("${PREFIX}_encrypt");
+
+&function_begin("${PREFIX}_decrypt");
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&mov	($inp,&wparam(0));		# inp
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($out,&wparam(1));		# out
+	&and	($base,-16);
+	&mov	($key,&wparam(2));		# key
+	&xchg	($base,"esp");			# alloca
+	&mov	(&DWP(48,"esp"),$base);
+
+	&movdqu	("xmm0",&QWP(0,$inp));
+	&call	("_vpaes_decrypt_core");
+	&movdqu	(&QWP(0,$out),"xmm0");
+
+	&mov	("esp",&DWP(48,"esp"));
+&function_end("${PREFIX}_decrypt");
+
+&function_begin("${PREFIX}_cbc_encrypt");
+	&mov	($inp,&wparam(0));		# inp
+	&mov	($out,&wparam(1));		# out
+	&mov	($round,&wparam(2));		# len
+	&mov	($key,&wparam(3));		# key
+	&sub	($round,16);
+	&jc	(&label("cbc_abort"));
+	&lea	($base,&DWP(-56,"esp"));
+	&mov	($const,&wparam(4));		# ivp
+	&and	($base,-16);
+	&mov	($magic,&wparam(5));		# enc
+	&xchg	($base,"esp");			# alloca
+	&movdqu	("xmm1",&QWP(0,$const));	# load IV
+	&sub	($out,$inp);
+	&mov	(&DWP(48,"esp"),$base);
+
+	&mov	(&DWP(0,"esp"),$out);		# save out
+	&mov	(&DWP(4,"esp"),$key)		# save key
+	&mov	(&DWP(8,"esp"),$const);		# save ivp
+	&mov	($out,$round);			# $out works as $len
+
+	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
+	&call	("_vpaes_preheat");
+&set_label("pic_point");
+	&cmp	($magic,0);
+	&je	(&label("cbc_dec_loop"));
+	&jmp	(&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+	&movdqu	("xmm0",&QWP(0,$inp));		# load input
+	&pxor	("xmm0","xmm1");		# inp^=iv
+	&call	("_vpaes_encrypt_core");
+	&mov	($base,&DWP(0,"esp"));		# restore out
+	&mov	($key,&DWP(4,"esp"));		# restore key
+	&movdqa	("xmm1","xmm0");
+	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
+	&lea	($inp,&DWP(16,$inp));
+	&sub	($out,16);
+	&jnc	(&label("cbc_enc_loop"));
+	&jmp	(&label("cbc_done"));
+
+&set_label("cbc_dec_loop",16);
+	&movdqu	("xmm0",&QWP(0,$inp));		# load input
+	&movdqa	(&QWP(16,"esp"),"xmm1");	# save IV
+	&movdqa	(&QWP(32,"esp"),"xmm0");	# save future IV
+	&call	("_vpaes_decrypt_core");
+	&mov	($base,&DWP(0,"esp"));		# restore out
+	&mov	($key,&DWP(4,"esp"));		# restore key
+	&pxor	("xmm0",&QWP(16,"esp"));	# out^=iv
+	&movdqa	("xmm1",&QWP(32,"esp"));	# load next IV
+	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
+	&lea	($inp,&DWP(16,$inp));
+	&sub	($out,16);
+	&jnc	(&label("cbc_dec_loop"));
+
+&set_label("cbc_done");
+	&mov	($base,&DWP(8,"esp"));		# restore ivp
+	&mov	("esp",&DWP(48,"esp"));
+	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
+&set_label("cbc_abort");
+&function_end("${PREFIX}_cbc_encrypt");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/asm/vpaes-x86_64.pl b/openssl-1.1.0h/crypto/aes/asm/vpaes-x86_64.pl
new file mode 100644
index 0000000..422e8ee
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/asm/vpaes-x86_64.pl
@@ -0,0 +1,1215 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+######################################################################
+## Constant-time SSSE3 AES core implementation.
+## version 0.1
+##
+## By Mike Hamburg (Stanford University), 2009
+## Public domain.
+##
+## For details see http://shiftleft.org/papers/vector_aes/ and
+## http://crypto.stanford.edu/vpaes/.
+
+######################################################################
+# September 2011.
+#
+# Interface to OpenSSL as "almost" drop-in replacement for
+# aes-x86_64.pl. "Almost" refers to the fact that AES_cbc_encrypt
+# doesn't handle partial vectors (doesn't have to if called from
+# EVP only). "Drop-in" implies that this module doesn't share key
+# schedule structure with the original nor does it make assumption
+# about its alignment...
+#
+# Performance summary. aes-x86_64.pl column lists large-block CBC
+# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
+# byte processed with 128-bit key, and vpaes-x86_64.pl column -
+# [also large-block CBC] encrypt/decrypt.
+#
+#		aes-x86_64.pl		vpaes-x86_64.pl
+#
+# Core 2(**)	29.6/41.1/14.3		21.9/25.2(***)
+# Nehalem	29.6/40.3/14.6		10.0/11.8
+# Atom		57.3/74.2/32.1		60.9/77.2(***)
+# Silvermont	52.7/64.0/19.5		48.8/60.8(***)
+# Goldmont	38.9/49.0/17.8		10.6/12.6
+#
+# (*)	"Hyper-threading" in the context refers rather to cache shared
+#	among multiple cores, than to specifically Intel HTT. As vast
+#	majority of contemporary cores share cache, slower code path
+#	is common place. In other words "with-hyper-threading-off"
+#	results are presented mostly for reference purposes.
+#
+# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
+#
+# (***)	Less impressive improvement on Core 2 and Atom is due to slow
+#	pshufb,	yet it's respectable +36%/62% improvement on Core 2
+#	(as implied, over "hyper-threading-safe" code path).
+#
+#						<appro@openssl.org>
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$PREFIX="vpaes";
+
+$code.=<<___;
+.text
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
+##  Preserves %xmm6 - %xmm8 so you get some local vectors
+##
+##
+.type	_vpaes_encrypt_core,\@abi-omnipotent
+.align 16
+_vpaes_encrypt_core:
+	mov	%rdx,	%r9
+	mov	\$16,	%r11
+	mov	240(%rdx),%eax
+	movdqa	%xmm9,	%xmm1
+	movdqa	.Lk_ipt(%rip), %xmm2	# iptlo
+	pandn	%xmm0,	%xmm1
+	movdqu	(%r9),	%xmm5		# round0 key
+	psrld	\$4,	%xmm1
+	pand	%xmm9,	%xmm0
+	pshufb	%xmm0,	%xmm2
+	movdqa	.Lk_ipt+16(%rip), %xmm0	# ipthi
+	pshufb	%xmm1,	%xmm0
+	pxor	%xmm5,	%xmm2
+	add	\$16,	%r9
+	pxor	%xmm2,	%xmm0
+	lea	.Lk_mc_backward(%rip),%r10
+	jmp	.Lenc_entry
+
+.align 16
+.Lenc_loop:
+	# middle of middle round
+	movdqa  %xmm13,	%xmm4	# 4 : sb1u
+	movdqa  %xmm12,	%xmm0	# 0 : sb1t
+	pshufb  %xmm2,	%xmm4	# 4 = sb1u
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	pxor	%xmm5,	%xmm4	# 4 = sb1u + k
+	movdqa  %xmm15,	%xmm5	# 4 : sb2u
+	pxor	%xmm4,	%xmm0	# 0 = A
+	movdqa	-0x40(%r11,%r10), %xmm1		# .Lk_mc_forward[]
+	pshufb	%xmm2,	%xmm5	# 4 = sb2u
+	movdqa	(%r11,%r10), %xmm4		# .Lk_mc_backward[]
+	movdqa	%xmm14, %xmm2	# 2 : sb2t
+	pshufb	%xmm3,  %xmm2	# 2 = sb2t
+	movdqa	%xmm0,  %xmm3	# 3 = A
+	pxor	%xmm5,	%xmm2	# 2 = 2A
+	pshufb  %xmm1,  %xmm0	# 0 = B
+	add	\$16,	%r9	# next key
+	pxor	%xmm2,  %xmm0	# 0 = 2A+B
+	pshufb	%xmm4,	%xmm3	# 3 = D
+	add	\$16,	%r11	# next mc
+	pxor	%xmm0,	%xmm3	# 3 = 2A+B+D
+	pshufb  %xmm1,	%xmm0	# 0 = 2B+C
+	and	\$0x30,	%r11	# ... mod 4
+	sub	\$1,%rax	# nr--
+	pxor	%xmm3,	%xmm0	# 0 = 2A+3B+C+D
+
+.Lenc_entry:
+	# top of round
+	movdqa  %xmm9, 	%xmm1	# 1 : i
+	movdqa	%xmm11, %xmm5	# 2 : a/k
+	pandn	%xmm0, 	%xmm1	# 1 = i<<4
+	psrld	\$4,   	%xmm1   # 1 = i
+	pand	%xmm9, 	%xmm0   # 0 = k
+	pshufb  %xmm0,  %xmm5	# 2 = a/k
+	movdqa	%xmm10,	%xmm3  	# 3 : 1/i
+	pxor	%xmm1,	%xmm0	# 0 = j
+	pshufb  %xmm1, 	%xmm3  	# 3 = 1/i
+	movdqa	%xmm10,	%xmm4  	# 4 : 1/j
+	pxor	%xmm5, 	%xmm3  	# 3 = iak = 1/i + a/k
+	pshufb	%xmm0, 	%xmm4  	# 4 = 1/j
+	movdqa	%xmm10,	%xmm2  	# 2 : 1/iak
+	pxor	%xmm5, 	%xmm4  	# 4 = jak = 1/j + a/k
+	pshufb  %xmm3,	%xmm2  	# 2 = 1/iak
+	movdqa	%xmm10, %xmm3   # 3 : 1/jak
+	pxor	%xmm0, 	%xmm2  	# 2 = io
+	pshufb  %xmm4,  %xmm3   # 3 = 1/jak
+	movdqu	(%r9),	%xmm5
+	pxor	%xmm1,  %xmm3   # 3 = jo
+	jnz	.Lenc_loop
+
+	# middle of last round
+	movdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+	movdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	pshufb  %xmm2,  %xmm4	# 4 = sbou
+	pxor	%xmm5,  %xmm4	# 4 = sb1u + k
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	movdqa	0x40(%r11,%r10), %xmm1		# .Lk_sr[]
+	pxor	%xmm4,	%xmm0	# 0 = A
+	pshufb	%xmm1,	%xmm0
+	ret
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+	
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.type	_vpaes_decrypt_core,\@abi-omnipotent
+.align	16
+_vpaes_decrypt_core:
+	mov	%rdx,	%r9		# load key
+	mov	240(%rdx),%eax
+	movdqa	%xmm9,	%xmm1
+	movdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	pandn	%xmm0,	%xmm1
+	mov	%rax,	%r11
+	psrld	\$4,	%xmm1
+	movdqu	(%r9),	%xmm5		# round0 key
+	shl	\$4,	%r11
+	pand	%xmm9,	%xmm0
+	pshufb	%xmm0,	%xmm2
+	movdqa	.Lk_dipt+16(%rip), %xmm0 # ipthi
+	xor	\$0x30,	%r11
+	lea	.Lk_dsbd(%rip),%r10
+	pshufb	%xmm1,	%xmm0
+	and	\$0x30,	%r11
+	pxor	%xmm5,	%xmm2
+	movdqa	.Lk_mc_forward+48(%rip), %xmm5
+	pxor	%xmm2,	%xmm0
+	add	\$16,	%r9
+	add	%r10,	%r11
+	jmp	.Ldec_entry
+
+.align 16
+.Ldec_loop:
+##
+##  Inverse mix columns
+##
+	movdqa  -0x20(%r10),%xmm4	# 4 : sb9u
+	movdqa  -0x10(%r10),%xmm1	# 0 : sb9t
+	pshufb	%xmm2,	%xmm4		# 4 = sb9u
+	pshufb	%xmm3,	%xmm1		# 0 = sb9t
+	pxor	%xmm4,	%xmm0
+	movdqa  0x00(%r10),%xmm4	# 4 : sbdu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x10(%r10),%xmm1	# 0 : sbdt
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbdu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbdt
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	movdqa  0x20(%r10),%xmm4	# 4 : sbbu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x30(%r10),%xmm1	# 0 : sbbt
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbbu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbbt
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	movdqa  0x40(%r10),%xmm4	# 4 : sbeu
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	movdqa  0x50(%r10),%xmm1	# 0 : sbet
+
+	pshufb	%xmm2,	%xmm4		# 4 = sbeu
+	pshufb	%xmm5,	%xmm0		# MC ch
+	pshufb	%xmm3,	%xmm1		# 0 = sbet
+	pxor	%xmm4,	%xmm0		# 4 = ch
+	add	\$16, %r9		# next round key
+	palignr	\$12,	%xmm5,	%xmm5
+	pxor	%xmm1,	%xmm0		# 0 = ch
+	sub	\$1,%rax		# nr--
+
+.Ldec_entry:
+	# top of round
+	movdqa  %xmm9, 	%xmm1	# 1 : i
+	pandn	%xmm0, 	%xmm1	# 1 = i<<4
+	movdqa	%xmm11, %xmm2	# 2 : a/k
+	psrld	\$4,    %xmm1	# 1 = i
+	pand	%xmm9, 	%xmm0	# 0 = k
+	pshufb  %xmm0,  %xmm2	# 2 = a/k
+	movdqa	%xmm10,	%xmm3	# 3 : 1/i
+	pxor	%xmm1,	%xmm0	# 0 = j
+	pshufb  %xmm1, 	%xmm3	# 3 = 1/i
+	movdqa	%xmm10,	%xmm4	# 4 : 1/j
+	pxor	%xmm2, 	%xmm3	# 3 = iak = 1/i + a/k
+	pshufb	%xmm0, 	%xmm4	# 4 = 1/j
+	pxor	%xmm2, 	%xmm4	# 4 = jak = 1/j + a/k
+	movdqa	%xmm10,	%xmm2	# 2 : 1/iak
+	pshufb  %xmm3,	%xmm2	# 2 = 1/iak
+	movdqa	%xmm10, %xmm3	# 3 : 1/jak
+	pxor	%xmm0, 	%xmm2	# 2 = io
+	pshufb  %xmm4,  %xmm3	# 3 = 1/jak
+	movdqu	(%r9),	%xmm0
+	pxor	%xmm1,  %xmm3	# 3 = jo
+	jnz	.Ldec_loop
+
+	# middle of last round
+	movdqa	0x60(%r10), %xmm4	# 3 : sbou
+	pshufb  %xmm2,  %xmm4	# 4 = sbou
+	pxor	%xmm0,  %xmm4	# 4 = sb1u + k
+	movdqa	0x70(%r10), %xmm0	# 0 : sbot
+	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	pshufb  %xmm3,	%xmm0	# 0 = sb1t
+	pxor	%xmm4,	%xmm0	# 0 = A
+	pshufb	%xmm2,	%xmm0
+	ret
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.type	_vpaes_schedule_core,\@abi-omnipotent
+.align	16
+_vpaes_schedule_core:
+	# rdi = key
+	# rsi = size in bits
+	# rdx = buffer
+	# rcx = direction.  0=encrypt, 1=decrypt
+
+	call	_vpaes_preheat		# load the tables
+	movdqa	.Lk_rcon(%rip), %xmm8	# load rcon
+	movdqu	(%rdi),	%xmm0		# load key (unaligned)
+
+	# input transform
+	movdqa	%xmm0,	%xmm3
+	lea	.Lk_ipt(%rip), %r11
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,	%xmm7
+
+	lea	.Lk_sr(%rip),%r10
+	test	%rcx,	%rcx
+	jnz	.Lschedule_am_decrypting
+
+	# encrypting, output zeroth round key after transform
+	movdqu	%xmm0,	(%rdx)
+	jmp	.Lschedule_go
+
+.Lschedule_am_decrypting:
+	# decrypting, output zeroth round key after shiftrows
+	movdqa	(%r8,%r10),%xmm1
+	pshufb  %xmm1,	%xmm3
+	movdqu	%xmm3,	(%rdx)
+	xor	\$0x30, %r8
+
+.Lschedule_go:
+	cmp	\$192,	%esi
+	ja	.Lschedule_256
+	je	.Lschedule_192
+	# 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+.Lschedule_128:
+	mov	\$10, %esi
+	
+.Loop_schedule_128:
+	call 	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle	# write output
+	jmp 	.Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	16
+.Lschedule_192:
+	movdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	call	_vpaes_schedule_transform	# input transform
+	movdqa	%xmm0,	%xmm6		# save short part
+	pxor	%xmm4,	%xmm4		# clear 4
+	movhlps	%xmm4,	%xmm6		# clobber low side with zeros
+	mov	\$4,	%esi
+
+.Loop_schedule_192:
+	call	_vpaes_schedule_round
+	palignr	\$8,%xmm6,%xmm0	
+	call	_vpaes_schedule_mangle	# save key n
+	call	_vpaes_schedule_192_smear
+	call	_vpaes_schedule_mangle	# save key n+1
+	call	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle	# save key n+2
+	call	_vpaes_schedule_192_smear
+	jmp	.Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	16
+.Lschedule_256:
+	movdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	call	_vpaes_schedule_transform	# input transform
+	mov	\$7, %esi
+	
+.Loop_schedule_256:
+	call	_vpaes_schedule_mangle	# output low result
+	movdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	# high round
+	call	_vpaes_schedule_round
+	dec	%rsi
+	jz 	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle	
+
+	# low round. swap xmm7 and xmm6
+	pshufd	\$0xFF,	%xmm0,	%xmm0
+	movdqa	%xmm7,	%xmm5
+	movdqa	%xmm6,	%xmm7
+	call	_vpaes_schedule_low_round
+	movdqa	%xmm5,	%xmm7
+	
+	jmp	.Loop_schedule_256
+
+	
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	16
+.Lschedule_mangle_last:
+	# schedule last round key from xmm0
+	lea	.Lk_deskew(%rip),%r11	# prepare to deskew
+	test	%rcx, 	%rcx
+	jnz	.Lschedule_mangle_last_dec
+
+	# encrypting
+	movdqa	(%r8,%r10),%xmm1
+	pshufb	%xmm1,	%xmm0		# output permute
+	lea	.Lk_opt(%rip),	%r11	# prepare to output transform
+	add	\$32,	%rdx
+
+.Lschedule_mangle_last_dec:
+	add	\$-16,	%rdx
+	pxor	.Lk_s63(%rip),	%xmm0
+	call	_vpaes_schedule_transform # output transform
+	movdqu	%xmm0,	(%rdx)		# save last key
+
+	# cleanup
+	pxor	%xmm0,  %xmm0
+	pxor	%xmm1,  %xmm1
+	pxor	%xmm2,  %xmm2
+	pxor	%xmm3,  %xmm3
+	pxor	%xmm4,  %xmm4
+	pxor	%xmm5,  %xmm5
+	pxor	%xmm6,  %xmm6
+	pxor	%xmm7,  %xmm7
+	ret
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.type	_vpaes_schedule_192_smear,\@abi-omnipotent
+.align	16
+_vpaes_schedule_192_smear:
+	pshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	pshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	pxor	%xmm1,	%xmm6		# -> c+d c 0 0
+	pxor	%xmm1,	%xmm1
+	pxor	%xmm0,	%xmm6		# -> b+c+d b+c b a
+	movdqa	%xmm6,	%xmm0
+	movhlps	%xmm1,	%xmm6		# clobber low side with zeros
+	ret
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.type	_vpaes_schedule_round,\@abi-omnipotent
+.align	16
+_vpaes_schedule_round:
+	# extract rcon from xmm8
+	pxor	%xmm1,	%xmm1
+	palignr	\$15,	%xmm8,	%xmm1
+	palignr	\$15,	%xmm8,	%xmm8
+	pxor	%xmm1,	%xmm7
+
+	# rotate
+	pshufd	\$0xFF,	%xmm0,	%xmm0
+	palignr	\$1,	%xmm0,	%xmm0
+	
+	# fall through...
+	
+	# low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	# smear xmm7
+	movdqa	%xmm7,	%xmm1
+	pslldq	\$4,	%xmm7
+	pxor	%xmm1,	%xmm7
+	movdqa	%xmm7,	%xmm1
+	pslldq	\$8,	%xmm7
+	pxor	%xmm1,	%xmm7
+	pxor	.Lk_s63(%rip), %xmm7
+
+	# subbytes
+	movdqa  %xmm9, 	%xmm1
+	pandn	%xmm0, 	%xmm1
+	psrld	\$4,    %xmm1		# 1 = i
+	pand	%xmm9, 	%xmm0		# 0 = k
+	movdqa	%xmm11, %xmm2		# 2 : a/k
+	pshufb  %xmm0,  %xmm2		# 2 = a/k
+	pxor	%xmm1,	%xmm0		# 0 = j
+	movdqa	%xmm10,	%xmm3		# 3 : 1/i
+	pshufb  %xmm1, 	%xmm3		# 3 = 1/i
+	pxor	%xmm2, 	%xmm3		# 3 = iak = 1/i + a/k
+	movdqa	%xmm10,	%xmm4		# 4 : 1/j
+	pshufb	%xmm0, 	%xmm4		# 4 = 1/j
+	pxor	%xmm2, 	%xmm4		# 4 = jak = 1/j + a/k
+	movdqa	%xmm10,	%xmm2		# 2 : 1/iak
+	pshufb  %xmm3,	%xmm2		# 2 = 1/iak
+	pxor	%xmm0, 	%xmm2		# 2 = io
+	movdqa	%xmm10, %xmm3		# 3 : 1/jak
+	pshufb  %xmm4,  %xmm3		# 3 = 1/jak
+	pxor	%xmm1,  %xmm3		# 3 = jo
+	movdqa	%xmm13, %xmm4		# 4 : sbou
+	pshufb  %xmm2,  %xmm4		# 4 = sbou
+	movdqa	%xmm12, %xmm0		# 0 : sbot
+	pshufb  %xmm3,	%xmm0		# 0 = sb1t
+	pxor	%xmm4, 	%xmm0		# 0 = sbox output
+
+	# add in smeared stuff
+	pxor	%xmm7,	%xmm0	
+	movdqa	%xmm0,	%xmm7
+	ret
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+.type	_vpaes_schedule_transform,\@abi-omnipotent
+.align	16
+_vpaes_schedule_transform:
+	movdqa	%xmm9,	%xmm1
+	pandn	%xmm0,	%xmm1
+	psrld	\$4,	%xmm1
+	pand	%xmm9,	%xmm0
+	movdqa	(%r11), %xmm2 	# lo
+	pshufb	%xmm0,	%xmm2
+	movdqa	16(%r11), %xmm0 # hi
+	pshufb	%xmm1,	%xmm0
+	pxor	%xmm2,	%xmm0
+	ret
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.type	_vpaes_schedule_mangle,\@abi-omnipotent
+.align	16
+_vpaes_schedule_mangle:
+	movdqa	%xmm0,	%xmm4	# save xmm0 for later
+	movdqa	.Lk_mc_forward(%rip),%xmm5
+	test	%rcx, 	%rcx
+	jnz	.Lschedule_mangle_dec
+
+	# encrypting
+	add	\$16,	%rdx
+	pxor	.Lk_s63(%rip),%xmm4
+	pshufb	%xmm5,	%xmm4
+	movdqa	%xmm4,	%xmm3
+	pshufb	%xmm5,	%xmm4
+	pxor	%xmm4,	%xmm3
+	pshufb	%xmm5,	%xmm4
+	pxor	%xmm4,	%xmm3
+
+	jmp	.Lschedule_mangle_both
+.align	16
+.Lschedule_mangle_dec:
+	# inverse mix columns
+	lea	.Lk_dksd(%rip),%r11
+	movdqa	%xmm9,	%xmm1
+	pandn	%xmm4,	%xmm1
+	psrld	\$4,	%xmm1	# 1 = hi
+	pand	%xmm9,	%xmm4	# 4 = lo
+
+	movdqa	0x00(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	movdqa	0x10(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x20(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x30(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x40(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x50(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+	pshufb	%xmm5,	%xmm3
+
+	movdqa	0x60(%r11), %xmm2
+	pshufb	%xmm4,	%xmm2
+	pxor	%xmm3,	%xmm2
+	movdqa	0x70(%r11), %xmm3
+	pshufb	%xmm1,	%xmm3
+	pxor	%xmm2,	%xmm3
+
+	add	\$-16,	%rdx
+
+.Lschedule_mangle_both:
+	movdqa	(%r8,%r10),%xmm1
+	pshufb	%xmm1,%xmm3
+	add	\$-16,	%r8
+	and	\$0x30,	%r8
+	movdqu	%xmm3,	(%rdx)
+	ret
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+#
+# Interface to OpenSSL
+#
+.globl	${PREFIX}_set_encrypt_key
+.type	${PREFIX}_set_encrypt_key,\@function,3
+.align	16
+${PREFIX}_set_encrypt_key:
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lenc_key_body:
+___
+$code.=<<___;
+	mov	%esi,%eax
+	shr	\$5,%eax
+	add	\$5,%eax
+	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	mov	\$0,%ecx
+	mov	\$0x30,%r8d
+	call	_vpaes_schedule_core
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lenc_key_epilogue:
+___
+$code.=<<___;
+	xor	%eax,%eax
+	ret
+.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+
+.globl	${PREFIX}_set_decrypt_key
+.type	${PREFIX}_set_decrypt_key,\@function,3
+.align	16
+${PREFIX}_set_decrypt_key:
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Ldec_key_body:
+___
+$code.=<<___;
+	mov	%esi,%eax
+	shr	\$5,%eax
+	add	\$5,%eax
+	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+	shl	\$4,%eax
+	lea	16(%rdx,%rax),%rdx
+
+	mov	\$1,%ecx
+	mov	%esi,%r8d
+	shr	\$1,%r8d
+	and	\$32,%r8d
+	xor	\$32,%r8d	# nbits==192?0:32
+	call	_vpaes_schedule_core
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Ldec_key_epilogue:
+___
+$code.=<<___;
+	xor	%eax,%eax
+	ret
+.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+
+.globl	${PREFIX}_encrypt
+.type	${PREFIX}_encrypt,\@function,3
+.align	16
+${PREFIX}_encrypt:
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lenc_body:
+___
+$code.=<<___;
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_encrypt_core
+	movdqu	%xmm0,(%rsi)
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lenc_epilogue:
+___
+$code.=<<___;
+	ret
+.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl	${PREFIX}_decrypt
+.type	${PREFIX}_decrypt,\@function,3
+.align	16
+${PREFIX}_decrypt:
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Ldec_body:
+___
+$code.=<<___;
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_decrypt_core
+	movdqu	%xmm0,(%rsi)
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Ldec_epilogue:
+___
+$code.=<<___;
+	ret
+.size	${PREFIX}_decrypt,.-${PREFIX}_decrypt
+___
+{
+my ($inp,$out,$len,$key,$ivp,$enc)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+#                       size_t length, const AES_KEY *key,
+#                       unsigned char *ivp,const int enc);
+$code.=<<___;
+.globl	${PREFIX}_cbc_encrypt
+.type	${PREFIX}_cbc_encrypt,\@function,6
+.align	16
+${PREFIX}_cbc_encrypt:
+	xchg	$key,$len
+___
+($len,$key)=($key,$len);
+$code.=<<___;
+	sub	\$16,$len
+	jc	.Lcbc_abort
+___
+$code.=<<___ if ($win64);
+	lea	-0xb8(%rsp),%rsp
+	movaps	%xmm6,0x10(%rsp)
+	movaps	%xmm7,0x20(%rsp)
+	movaps	%xmm8,0x30(%rsp)
+	movaps	%xmm9,0x40(%rsp)
+	movaps	%xmm10,0x50(%rsp)
+	movaps	%xmm11,0x60(%rsp)
+	movaps	%xmm12,0x70(%rsp)
+	movaps	%xmm13,0x80(%rsp)
+	movaps	%xmm14,0x90(%rsp)
+	movaps	%xmm15,0xa0(%rsp)
+.Lcbc_body:
+___
+$code.=<<___;
+	movdqu	($ivp),%xmm6		# load IV
+	sub	$inp,$out
+	call	_vpaes_preheat
+	cmp	\$0,${enc}d
+	je	.Lcbc_dec_loop
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movdqu	($inp),%xmm0
+	pxor	%xmm6,%xmm0
+	call	_vpaes_encrypt_core
+	movdqa	%xmm0,%xmm6
+	movdqu	%xmm0,($out,$inp)
+	lea	16($inp),$inp
+	sub	\$16,$len
+	jnc	.Lcbc_enc_loop
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_loop:
+	movdqu	($inp),%xmm0
+	movdqa	%xmm0,%xmm7
+	call	_vpaes_decrypt_core
+	pxor	%xmm6,%xmm0
+	movdqa	%xmm7,%xmm6
+	movdqu	%xmm0,($out,$inp)
+	lea	16($inp),$inp
+	sub	\$16,$len
+	jnc	.Lcbc_dec_loop
+.Lcbc_done:
+	movdqu	%xmm6,($ivp)		# save IV
+___
+$code.=<<___ if ($win64);
+	movaps	0x10(%rsp),%xmm6
+	movaps	0x20(%rsp),%xmm7
+	movaps	0x30(%rsp),%xmm8
+	movaps	0x40(%rsp),%xmm9
+	movaps	0x50(%rsp),%xmm10
+	movaps	0x60(%rsp),%xmm11
+	movaps	0x70(%rsp),%xmm12
+	movaps	0x80(%rsp),%xmm13
+	movaps	0x90(%rsp),%xmm14
+	movaps	0xa0(%rsp),%xmm15
+	lea	0xb8(%rsp),%rsp
+.Lcbc_epilogue:
+___
+$code.=<<___;
+.Lcbc_abort:
+	ret
+.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+}
+$code.=<<___;
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.type	_vpaes_preheat,\@abi-omnipotent
+.align	16
+_vpaes_preheat:
+	lea	.Lk_s0F(%rip), %r10
+	movdqa	-0x20(%r10), %xmm10	# .Lk_inv
+	movdqa	-0x10(%r10), %xmm11	# .Lk_inv+16
+	movdqa	0x00(%r10), %xmm9	# .Lk_s0F
+	movdqa	0x30(%r10), %xmm13	# .Lk_sb1
+	movdqa	0x40(%r10), %xmm12	# .Lk_sb1+16
+	movdqa	0x50(%r10), %xmm15	# .Lk_sb2
+	movdqa	0x60(%r10), %xmm14	# .Lk_sb2+16
+	ret
+.size	_vpaes_preheat,.-_vpaes_preheat
+########################################################
+##                                                    ##
+##                     Constants                      ##
+##                                                    ##
+########################################################
+.type	_vpaes_consts,\@object
+.align	64
+_vpaes_consts:
+.Lk_inv:	# inv, inva
+	.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+	.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+
+.Lk_s0F:	# s0F
+	.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
+
+.Lk_ipt:	# input transform (lo, hi)
+	.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+	.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+
+.Lk_sb1:	# sb1u, sb1t
+	.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+	.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+.Lk_sb2:	# sb2u, sb2t
+	.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+	.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+.Lk_sbo:	# sbou, sbot
+	.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+	.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+
+.Lk_mc_forward:	# mc_forward
+	.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+	.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+	.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+	.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+
+.Lk_mc_backward:# mc_backward
+	.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+	.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+	.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+	.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+
+.Lk_sr:		# sr
+	.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+	.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+	.quad	0x0F060D040B020900, 0x070E050C030A0108
+	.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+.Lk_rcon:	# rcon
+	.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_s63:	# s63: all equal to 0x63 transformed
+	.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
+
+.Lk_opt:	# output transform
+	.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+	.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+
+.Lk_deskew:	# deskew tables: inverts the sbox's "skew"
+	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+##
+##  Decryption stuff
+##  Key schedule constants
+##
+.Lk_dksd:	# decryption key schedule: invskew x*D
+	.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+	.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:	# decryption key schedule: invskew x*B
+	.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+	.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:	# decryption key schedule: invskew x*E + 0x63
+	.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+	.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:	# decryption key schedule: invskew x*9
+	.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+	.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+##
+##  Decryption stuff
+##  Round function constants
+##
+.Lk_dipt:	# decryption input transform
+	.quad	0x0F505B040B545F00, 0x154A411E114E451A
+	.quad	0x86E383E660056500, 0x12771772F491F194
+
+.Lk_dsb9:	# decryption sbox output *9*u, *9*t
+	.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+	.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:	# decryption sbox output *D*u, *D*t
+	.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+	.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:	# decryption sbox output *B*u, *B*t
+	.quad	0xD022649296B44200, 0x602646F6B0F2D404
+	.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:	# decryption sbox output *E*u, *E*t
+	.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+	.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+.Lk_dsbo:	# decryption sbox final output
+	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.asciz	"Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.align	64
+.size	_vpaes_consts,.-_vpaes_consts
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	16(%rax),%rsi		# %xmm save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+	lea	0xb8(%rax),%rax		# adjust stack pointer
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_${PREFIX}_set_encrypt_key
+	.rva	.LSEH_end_${PREFIX}_set_encrypt_key
+	.rva	.LSEH_info_${PREFIX}_set_encrypt_key
+
+	.rva	.LSEH_begin_${PREFIX}_set_decrypt_key
+	.rva	.LSEH_end_${PREFIX}_set_decrypt_key
+	.rva	.LSEH_info_${PREFIX}_set_decrypt_key
+
+	.rva	.LSEH_begin_${PREFIX}_encrypt
+	.rva	.LSEH_end_${PREFIX}_encrypt
+	.rva	.LSEH_info_${PREFIX}_encrypt
+
+	.rva	.LSEH_begin_${PREFIX}_decrypt
+	.rva	.LSEH_end_${PREFIX}_decrypt
+	.rva	.LSEH_info_${PREFIX}_decrypt
+
+	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
+	.rva	.LSEH_info_${PREFIX}_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_${PREFIX}_set_encrypt_key:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc_key_body,.Lenc_key_epilogue	# HandlerData[]
+.LSEH_info_${PREFIX}_set_decrypt_key:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec_key_body,.Ldec_key_epilogue	# HandlerData[]
+.LSEH_info_${PREFIX}_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lenc_body,.Lenc_epilogue		# HandlerData[]
+.LSEH_info_${PREFIX}_decrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Ldec_body,.Ldec_epilogue		# HandlerData[]
+.LSEH_info_${PREFIX}_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lcbc_body,.Lcbc_epilogue		# HandlerData[]
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/aes/build.info b/openssl-1.1.0h/crypto/aes/build.info
new file mode 100644
index 0000000..cf6cb5e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/aes/build.info
@@ -0,0 +1,57 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
+        aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
+
+GENERATE[aes-ia64.s]=asm/aes-ia64.S
+
+GENERATE[aes-586.s]=asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[aes-586.s]=../perlasm/x86asm.pl
+GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[vpaes-586.s]=../perlasm/x86asm.pl
+GENERATE[aesni-x86.s]=asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[aesni-586.s]=../perlasm/x86asm.pl
+
+GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[vpaes-x86_64.s]=asm/vpaes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[bsaes-x86_64.s]=asm/bsaes-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-x86_64.s]=asm/aesni-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-sha1-x86_64.s]=asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-sha256-x86_64.s]=asm/aesni-sha256-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-mb-x86_64.s]=asm/aesni-mb-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-sparcv9.S]=asm/aes-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aes-sparcv9.o]=..
+GENERATE[aest4-sparcv9.S]=asm/aest4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aest4-sparcv9.o]=..
+DEPEND[aest4-sparcv9.S]=../perlasm/sparcv9_modes.pl
+GENERATE[aesfx-sparcv9.S]=asm/aesfx-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[aesfx-sparcv9.o]=..
+
+GENERATE[aes-ppc.s]=asm/aes-ppc.pl $(PERLASM_SCHEME)
+GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl $(PERLASM_SCHEME)
+GENERATE[aesp8-ppc.s]=asm/aesp8-ppc.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-parisc.s]=asm/aes-parisc.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-mips.S]=asm/aes-mips.pl $(PERLASM_SCHEME)
+
+GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl $(PERLASM_SCHEME)
+INCLUDE[aesv8-armx.o]=..
+GENERATE[vpaes-armv8.S]=asm/vpaes-armv8.pl $(PERLASM_SCHEME)
+
+GENERATE[aes-armv4.S]=asm/aes-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[aes-armv4.o]=..
+GENERATE[bsaes-armv7.S]=asm/bsaes-armv7.pl $(PERLASM_SCHEME)
+INCLUDE[bsaes-armv7.o]=..
+
+BEGINRAW[Makefile]
+##### AES assembler implementations
+
+# GNU make "catch all"
+{- $builddir -}/aes-%.S:	{- $sourcedir -}/asm/aes-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/bsaes-%.S:	{- $sourcedir -}/asm/bsaes-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/alphacpuid.pl b/openssl-1.1.0h/crypto/alphacpuid.pl
new file mode 100644
index 0000000..6c7fd4c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/alphacpuid.pl
@@ -0,0 +1,257 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$output = pop;
+open STDOUT,">$output";
+
+print <<'___';
+.text
+
+.set	noat
+
+.globl	OPENSSL_cpuid_setup
+.ent	OPENSSL_cpuid_setup
+OPENSSL_cpuid_setup:
+	.frame	$30,0,$26
+	.prologue 0
+	ret	($26)
+.end	OPENSSL_cpuid_setup
+
+.globl	OPENSSL_wipe_cpu
+.ent	OPENSSL_wipe_cpu
+OPENSSL_wipe_cpu:
+	.frame	$30,0,$26
+	.prologue 0
+	clr	$1
+	clr	$2
+	clr	$3
+	clr	$4
+	clr	$5
+	clr	$6
+	clr	$7
+	clr	$8
+	clr	$16
+	clr	$17
+	clr	$18
+	clr	$19
+	clr	$20
+	clr	$21
+	clr	$22
+	clr	$23
+	clr	$24
+	clr	$25
+	clr	$27
+	clr	$at
+	clr	$29
+	fclr	$f0
+	fclr	$f1
+	fclr	$f10
+	fclr	$f11
+	fclr	$f12
+	fclr	$f13
+	fclr	$f14
+	fclr	$f15
+	fclr	$f16
+	fclr	$f17
+	fclr	$f18
+	fclr	$f19
+	fclr	$f20
+	fclr	$f21
+	fclr	$f22
+	fclr	$f23
+	fclr	$f24
+	fclr	$f25
+	fclr	$f26
+	fclr	$f27
+	fclr	$f28
+	fclr	$f29
+	fclr	$f30
+	mov	$sp,$0
+	ret	($26)
+.end	OPENSSL_wipe_cpu
+
+.globl	OPENSSL_atomic_add
+.ent	OPENSSL_atomic_add
+OPENSSL_atomic_add:
+	.frame	$30,0,$26
+	.prologue 0
+1:	ldl_l	$0,0($16)
+	addl	$0,$17,$1
+	stl_c	$1,0($16)
+	beq	$1,1b
+	addl	$0,$17,$0
+	ret	($26)
+.end	OPENSSL_atomic_add
+
+.globl	OPENSSL_rdtsc
+.ent	OPENSSL_rdtsc
+OPENSSL_rdtsc:
+	.frame	$30,0,$26
+	.prologue 0
+	rpcc	$0
+	ret	($26)
+.end	OPENSSL_rdtsc
+
+.globl	OPENSSL_cleanse
+.ent	OPENSSL_cleanse
+OPENSSL_cleanse:
+	.frame	$30,0,$26
+	.prologue 0
+	beq	$17,.Ldone
+	and	$16,7,$0
+	bic	$17,7,$at
+	beq	$at,.Little
+	beq	$0,.Laligned
+
+.Little:
+	subq	$0,8,$0
+	ldq_u	$1,0($16)
+	mov	$16,$2
+.Lalign:
+	mskbl	$1,$16,$1
+	lda	$16,1($16)
+	subq	$17,1,$17
+	addq	$0,1,$0
+	beq	$17,.Lout
+	bne	$0,.Lalign
+.Lout:	stq_u	$1,0($2)
+	beq	$17,.Ldone
+	bic	$17,7,$at
+	beq	$at,.Little
+
+.Laligned:
+	stq	$31,0($16)
+	subq	$17,8,$17
+	lda	$16,8($16)
+	bic	$17,7,$at
+	bne	$at,.Laligned
+	bne	$17,.Little
+.Ldone: ret	($26)
+.end	OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.ent	CRYPTO_memcmp
+CRYPTO_memcmp:
+	.frame	$30,0,$26
+	.prologue 0
+	xor	$0,$0,$0
+	beq	$18,.Lno_data
+
+	xor	$1,$1,$1
+	nop
+.Loop_cmp:
+	ldq_u	$2,0($16)
+	subq	$18,1,$18
+	ldq_u	$3,0($17)
+	extbl	$2,$16,$2
+	lda	$16,1($16)
+	extbl	$3,$17,$3
+	lda	$17,1($17)
+	xor	$3,$2,$2
+	or	$2,$0,$0
+	bne	$18,.Loop_cmp
+
+	subq	$31,$0,$0
+	srl	$0,63,$0
+.Lno_data:
+	ret	($26)
+.end	CRYPTO_memcmp
+___
+{
+my ($out,$cnt,$max)=("\$16","\$17","\$18");
+my ($tick,$lasttick)=("\$19","\$20");
+my ($diff,$lastdiff)=("\$21","\$22");
+my ($v0,$ra,$sp,$zero)=("\$0","\$26","\$30","\$31");
+
+print <<___;
+.globl	OPENSSL_instrument_bus
+.ent	OPENSSL_instrument_bus
+OPENSSL_instrument_bus:
+	.frame	$sp,0,$ra
+	.prologue 0
+	mov	$cnt,$v0
+
+	rpcc	$lasttick
+	mov	0,$diff
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+.Loop:	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	subl	$cnt,1,$cnt
+	lda	$out,4($out)
+	bne	$cnt,.Loop
+
+	ret	($ra)
+.end	OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.ent	OPENSSL_instrument_bus2
+OPENSSL_instrument_bus2:
+	.frame	$sp,0,$ra
+	.prologue 0
+	mov	$cnt,$v0
+
+	rpcc	$lasttick
+	mov	0,$diff
+
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+	mov	$diff,$lastdiff
+.Loop2:
+	ecb	($out)
+	ldl_l	$tick,0($out)
+	addl	$diff,$tick,$tick
+	mov	$tick,$diff
+	stl_c	$tick,0($out)
+	stl	$diff,0($out)
+
+	subl	$max,1,$max
+	beq	$max,.Ldone2
+
+	rpcc	$tick
+	subq	$tick,$lasttick,$diff
+	mov	$tick,$lasttick
+	subq	$lastdiff,$diff,$tick
+	mov	$diff,$lastdiff
+	cmovne	$tick,1,$tick
+	subl	$cnt,$tick,$cnt
+	s4addq	$tick,$out,$out
+	bne	$cnt,.Loop2
+
+.Ldone2:
+	subl	$v0,$cnt,$v0
+	ret	($ra)
+.end	OPENSSL_instrument_bus2
+___
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/arm64cpuid.pl b/openssl-1.1.0h/crypto/arm64cpuid.pl
new file mode 100755
index 0000000..caa3387
--- /dev/null
+++ b/openssl-1.1.0h/crypto/arm64cpuid.pl
@@ -0,0 +1,126 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+.arch	armv8-a+crypto
+
+.align	5
+.globl	_armv7_neon_probe
+.type	_armv7_neon_probe,%function
+_armv7_neon_probe:
+	orr	v15.16b, v15.16b, v15.16b
+	ret
+.size	_armv7_neon_probe,.-_armv7_neon_probe
+
+.globl	_armv7_tick
+.type	_armv7_tick,%function
+_armv7_tick:
+#ifdef	__APPLE__
+	mrs	x0, CNTPCT_EL0
+#else
+	mrs	x0, CNTVCT_EL0
+#endif
+	ret
+.size	_armv7_tick,.-_armv7_tick
+
+.globl	_armv8_aes_probe
+.type	_armv8_aes_probe,%function
+_armv8_aes_probe:
+	aese	v0.16b, v0.16b
+	ret
+.size	_armv8_aes_probe,.-_armv8_aes_probe
+
+.globl	_armv8_sha1_probe
+.type	_armv8_sha1_probe,%function
+_armv8_sha1_probe:
+	sha1h	s0, s0
+	ret
+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
+
+.globl	_armv8_sha256_probe
+.type	_armv8_sha256_probe,%function
+_armv8_sha256_probe:
+	sha256su0	v0.4s, v0.4s
+	ret
+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
+.globl	_armv8_pmull_probe
+.type	_armv8_pmull_probe,%function
+_armv8_pmull_probe:
+	pmull	v0.1q, v0.1d, v0.1d
+	ret
+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,%function
+.align	5
+OPENSSL_cleanse:
+	cbz	x1,.Lret	// len==0?
+	cmp	x1,#15
+	b.hi	.Lot		// len>15
+	nop
+.Little:
+	strb	wzr,[x0],#1	// store byte-by-byte
+	subs	x1,x1,#1
+	b.ne	.Little
+.Lret:	ret
+
+.align	4
+.Lot:	tst	x0,#7
+	b.eq	.Laligned	// inp is aligned
+	strb	wzr,[x0],#1	// store byte-by-byte
+	sub	x1,x1,#1
+	b	.Lot
+
+.align	4
+.Laligned:
+	str	xzr,[x0],#8	// store word-by-word
+	sub	x1,x1,#8
+	tst	x1,#-8
+	b.ne	.Laligned	// len>=8
+	cbnz	x1,.Little	// len!=0?
+	ret
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,%function
+.align	4
+CRYPTO_memcmp:
+	eor	w3,w3,w3
+	cbz	x2,.Lno_data	// len==0?
+.Loop_cmp:
+	ldrb	w4,[x0],#1
+	ldrb	w5,[x1],#1
+	eor	w4,w4,w5
+	orr	w3,w3,w4
+	subs	x2,x2,#1
+	b.ne	.Loop_cmp
+
+.Lno_data:
+	neg	w0,w3
+	lsr	w0,w0,#31
+	ret
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/arm_arch.h b/openssl-1.1.0h/crypto/arm_arch.h
new file mode 100644
index 0000000..3fc9e69
--- /dev/null
+++ b/openssl-1.1.0h/crypto/arm_arch.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __ARM_ARCH_H__
+# define __ARM_ARCH_H__
+
+# if !defined(__ARM_ARCH__)
+#  if defined(__CC_ARM)
+#   define __ARM_ARCH__ __TARGET_ARCH_ARM
+#   if defined(__BIG_ENDIAN)
+#    define __ARMEB__
+#   else
+#    define __ARMEL__
+#   endif
+#  elif defined(__GNUC__)
+#   if   defined(__aarch64__)
+#    define __ARM_ARCH__ 8
+#    if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define __ARMEB__
+#    else
+#     define __ARMEL__
+#    endif
+  /*
+   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
+   * bunch of below macros. See all_architectires[] table in
+   * gcc/config/arm/arm.c. On a side note it defines
+   * __ARMEL__/__ARMEB__ for little-/big-endian.
+   */
+#   elif defined(__ARM_ARCH)
+#    define __ARM_ARCH__ __ARM_ARCH
+#   elif defined(__ARM_ARCH_8A__)
+#    define __ARM_ARCH__ 8
+#   elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__)     || \
+        defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)     || \
+        defined(__ARM_ARCH_7EM__)
+#    define __ARM_ARCH__ 7
+#   elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__)     || \
+        defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)     || \
+        defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)    || \
+        defined(__ARM_ARCH_6T2__)
+#    define __ARM_ARCH__ 6
+#   elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__)     || \
+        defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)    || \
+        defined(__ARM_ARCH_5TEJ__)
+#    define __ARM_ARCH__ 5
+#   elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
+#    define __ARM_ARCH__ 4
+#   else
+#    error "unsupported ARM architecture"
+#   endif
+#  endif
+# endif
+
+# if !defined(__ARM_MAX_ARCH__)
+#  define __ARM_MAX_ARCH__ __ARM_ARCH__
+# endif
+
+# if __ARM_MAX_ARCH__<__ARM_ARCH__
+#  error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
+# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
+#  if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
+#   error "can't build universal big-endian binary"
+#  endif
+# endif
+
+# if !__ASSEMBLER__
+extern unsigned int OPENSSL_armcap_P;
+# endif
+
+# define ARMV7_NEON      (1<<0)
+# define ARMV7_TICK      (1<<1)
+# define ARMV8_AES       (1<<2)
+# define ARMV8_SHA1      (1<<3)
+# define ARMV8_SHA256    (1<<4)
+# define ARMV8_PMULL     (1<<5)
+
+#endif
diff --git a/openssl-1.1.0h/crypto/armcap.c b/openssl-1.1.0h/crypto/armcap.c
new file mode 100644
index 0000000..432a06c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/armcap.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <openssl/crypto.h>
+
+#include "arm_arch.h"
+
+unsigned int OPENSSL_armcap_P = 0;
+
+#if __ARM_MAX_ARCH__<7
+void OPENSSL_cpuid_setup(void)
+{
+}
+
+unsigned long OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+#else
+static sigset_t all_masked;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+/*
+ * Following subroutines could have been inlined, but it's not all
+ * ARM compilers support inline assembler...
+ */
+void _armv7_neon_probe(void);
+void _armv8_aes_probe(void);
+void _armv8_sha1_probe(void);
+void _armv8_sha256_probe(void);
+void _armv8_pmull_probe(void);
+unsigned long _armv7_tick(void);
+
+unsigned long OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_armcap_P & ARMV7_TICK)
+        return _armv7_tick();
+    else
+        return 0;
+}
+
+# if defined(__GNUC__) && __GNUC__>=2
+void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
+# endif
+/*
+ * Use a weak reference to getauxval() so we can use it if it is available but
+ * don't break the build if it is not.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
+extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
+# else
+static unsigned long (*getauxval) (unsigned long) = NULL;
+# endif
+
+/*
+ * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
+ * AArch64 used AT_HWCAP.
+ */
+# if defined(__arm__) || defined (__arm)
+#  define HWCAP                  16
+                                  /* AT_HWCAP */
+#  define HWCAP_NEON             (1 << 12)
+
+#  define HWCAP_CE               26
+                                  /* AT_HWCAP2 */
+#  define HWCAP_CE_AES           (1 << 0)
+#  define HWCAP_CE_PMULL         (1 << 1)
+#  define HWCAP_CE_SHA1          (1 << 2)
+#  define HWCAP_CE_SHA256        (1 << 3)
+# elif defined(__aarch64__)
+#  define HWCAP                  16
+                                  /* AT_HWCAP */
+#  define HWCAP_NEON             (1 << 1)
+
+#  define HWCAP_CE               HWCAP
+#  define HWCAP_CE_AES           (1 << 3)
+#  define HWCAP_CE_PMULL         (1 << 4)
+#  define HWCAP_CE_SHA1          (1 << 5)
+#  define HWCAP_CE_SHA256        (1 << 6)
+# endif
+
+void OPENSSL_cpuid_setup(void)
+{
+    char *e;
+    struct sigaction ill_oact, ill_act;
+    sigset_t oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_armcap"))) {
+        OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
+        return;
+    }
+
+# if defined(__APPLE__) && !defined(__aarch64__)
+    /*
+     * Capability probing by catching SIGILL appears to be problematic
+     * on iOS. But since Apple universe is "monocultural", it's actually
+     * possible to simply set pre-defined processor capability mask.
+     */
+    if (1) {
+        OPENSSL_armcap_P = ARMV7_NEON;
+        return;
+    }
+    /*
+     * One could do same even for __aarch64__ iOS builds. It's not done
+     * exclusively for reasons of keeping code unified across platforms.
+     * Unified code works because it never triggers SIGILL on Apple
+     * devices...
+     */
+# endif
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+
+    OPENSSL_armcap_P = 0;
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    ill_act.sa_mask = all_masked;
+
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &ill_oact);
+
+    if (getauxval != NULL) {
+        if (getauxval(HWCAP) & HWCAP_NEON) {
+            unsigned long hwcap = getauxval(HWCAP_CE);
+
+            OPENSSL_armcap_P |= ARMV7_NEON;
+
+            if (hwcap & HWCAP_CE_AES)
+                OPENSSL_armcap_P |= ARMV8_AES;
+
+            if (hwcap & HWCAP_CE_PMULL)
+                OPENSSL_armcap_P |= ARMV8_PMULL;
+
+            if (hwcap & HWCAP_CE_SHA1)
+                OPENSSL_armcap_P |= ARMV8_SHA1;
+
+            if (hwcap & HWCAP_CE_SHA256)
+                OPENSSL_armcap_P |= ARMV8_SHA256;
+        }
+    } else if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_neon_probe();
+        OPENSSL_armcap_P |= ARMV7_NEON;
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_pmull_probe();
+            OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
+        } else if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_aes_probe();
+            OPENSSL_armcap_P |= ARMV8_AES;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha1_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha256_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+        }
+    }
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_tick();
+        OPENSSL_armcap_P |= ARMV7_TICK;
+    }
+
+    sigaction(SIGILL, &ill_oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/armv4cpuid.pl b/openssl-1.1.0h/crypto/armv4cpuid.pl
new file mode 100644
index 0000000..f7d31a6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/armv4cpuid.pl
@@ -0,0 +1,296 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__) && !defined(__APPLE__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#undef	__thumb2__
+#endif
+
+.align	5
+.global	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,%function
+OPENSSL_atomic_add:
+#if __ARM_ARCH__>=6
+.Ladd:	ldrex	r2,[r0]
+	add	r3,r2,r1
+	strex	r2,r3,[r0]
+	cmp	r2,#0
+	bne	.Ladd
+	mov	r0,r3
+	bx	lr
+#else
+	stmdb	sp!,{r4-r6,lr}
+	ldr	r2,.Lspinlock
+	adr	r3,.Lspinlock
+	mov	r4,r0
+	mov	r5,r1
+	add	r6,r3,r2	@ &spinlock
+	b	.+8
+.Lspin:	bl	sched_yield
+	mov	r0,#-1
+	swp	r0,r0,[r6]
+	cmp	r0,#0
+	bne	.Lspin
+
+	ldr	r2,[r4]
+	add	r2,r2,r5
+	str	r2,[r4]
+	str	r0,[r6]		@ release spinlock
+	ldmia	sp!,{r4-r6,lr}
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.global	OPENSSL_cleanse
+.type	OPENSSL_cleanse,%function
+OPENSSL_cleanse:
+	eor	ip,ip,ip
+	cmp	r1,#7
+#ifdef	__thumb2__
+	itt	hs
+#endif
+	subhs	r1,r1,#4
+	bhs	.Lot
+	cmp	r1,#0
+	beq	.Lcleanse_done
+.Little:
+	strb	ip,[r0],#1
+	subs	r1,r1,#1
+	bhi	.Little
+	b	.Lcleanse_done
+
+.Lot:	tst	r0,#3
+	beq	.Laligned
+	strb	ip,[r0],#1
+	sub	r1,r1,#1
+	b	.Lot
+.Laligned:
+	str	ip,[r0],#4
+	subs	r1,r1,#4
+	bhs	.Laligned
+	adds	r1,r1,#4
+	bne	.Little
+.Lcleanse_done:
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.global	CRYPTO_memcmp
+.type	CRYPTO_memcmp,%function
+.align	4
+CRYPTO_memcmp:
+	eor	ip,ip,ip
+	cmp	r2,#0
+	beq	.Lno_data
+	stmdb	sp!,{r4,r5}
+
+.Loop_cmp:
+	ldrb	r4,[r0],#1
+	ldrb	r5,[r1],#1
+	eor	r4,r4,r5
+	orr	ip,ip,r4
+	subs	r2,r2,#1
+	bne	.Loop_cmp
+
+	ldmia	sp!,{r4,r5}
+.Lno_data:
+	neg	r0,ip
+	mov	r0,r0,lsr#31
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.align	5
+.global	_armv7_neon_probe
+.type	_armv7_neon_probe,%function
+_armv7_neon_probe:
+	vorr	q0,q0,q0
+	bx	lr
+.size	_armv7_neon_probe,.-_armv7_neon_probe
+
+.global	_armv7_tick
+.type	_armv7_tick,%function
+_armv7_tick:
+#ifdef	__APPLE__
+	mrrc	p15,0,r0,r1,c14		@ CNTPCT
+#else
+	mrrc	p15,1,r0,r1,c14		@ CNTVCT
+#endif
+	bx	lr
+.size	_armv7_tick,.-_armv7_tick
+
+.global	_armv8_aes_probe
+.type	_armv8_aes_probe,%function
+_armv8_aes_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0xb0,0xff,0x00,0x03	@ aese.8	q0,q0
+#else
+	.byte	0x00,0x03,0xb0,0xf3	@ aese.8	q0,q0
+#endif
+	bx	lr
+.size	_armv8_aes_probe,.-_armv8_aes_probe
+
+.global	_armv8_sha1_probe
+.type	_armv8_sha1_probe,%function
+_armv8_sha1_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0x00,0xef,0x40,0x0c	@ sha1c.32	q0,q0,q0
+#else
+	.byte	0x40,0x0c,0x00,0xf2	@ sha1c.32	q0,q0,q0
+#endif
+	bx	lr
+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
+
+.global	_armv8_sha256_probe
+.type	_armv8_sha256_probe,%function
+_armv8_sha256_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0x00,0xff,0x40,0x0c	@ sha256h.32	q0,q0,q0
+#else
+	.byte	0x40,0x0c,0x00,0xf3	@ sha256h.32	q0,q0,q0
+#endif
+	bx	lr
+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
+.global	_armv8_pmull_probe
+.type	_armv8_pmull_probe,%function
+_armv8_pmull_probe:
+#if defined(__thumb2__) && !defined(__APPLE__)
+	.byte	0xa0,0xef,0x00,0x0e	@ vmull.p64	q0,d0,d0
+#else
+	.byte	0x00,0x0e,0xa0,0xf2	@ vmull.p64	q0,d0,d0
+#endif
+	bx	lr
+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
+#endif
+
+.global	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,%function
+OPENSSL_wipe_cpu:
+#if __ARM_MAX_ARCH__>=7
+	ldr	r0,.LOPENSSL_armcap
+	adr	r1,.LOPENSSL_armcap
+	ldr	r0,[r1,r0]
+#ifdef	__APPLE__
+	ldr	r0,[r0]
+#endif
+#endif
+	eor	r2,r2,r2
+	eor	r3,r3,r3
+	eor	ip,ip,ip
+#if __ARM_MAX_ARCH__>=7
+	tst	r0,#1
+	beq	.Lwipe_done
+	veor	q0, q0, q0
+	veor	q1, q1, q1
+	veor	q2, q2, q2
+	veor	q3, q3, q3
+	veor	q8, q8, q8
+	veor	q9, q9, q9
+	veor	q10, q10, q10
+	veor	q11, q11, q11
+	veor	q12, q12, q12
+	veor	q13, q13, q13
+	veor	q14, q14, q14
+	veor	q15, q15, q15
+.Lwipe_done:
+#endif
+	mov	r0,sp
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.global	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,%function
+OPENSSL_instrument_bus:
+	eor	r0,r0,r0
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.global	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,%function
+OPENSSL_instrument_bus2:
+	eor	r0,r0,r0
+#if __ARM_ARCH__>=5
+	bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr
+	.word	0xe12fff1e	@ bx	lr
+#endif
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+
+.align	5
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.
+#endif
+#if __ARM_ARCH__>=6
+.align	5
+#else
+.Lspinlock:
+.word	atomic_add_spinlock-.Lspinlock
+.align	5
+
+.data
+.align	2
+atomic_add_spinlock:
+.word	0
+#endif
+
+.comm	OPENSSL_armcap_P,4,4
+.hidden	OPENSSL_armcap_P
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/asn1/a_bitstr.c b/openssl-1.1.0h/crypto/asn1/a_bitstr.c
new file mode 100644
index 0000000..b2e0fb6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_bitstr.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+    int ret, j, bits, len;
+    unsigned char *p, *d;
+
+    if (a == NULL)
+        return (0);
+
+    len = a->length;
+
+    if (len > 0) {
+        if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
+            bits = (int)a->flags & 0x07;
+        } else {
+            for (; len > 0; len--) {
+                if (a->data[len - 1])
+                    break;
+            }
+            j = a->data[len - 1];
+            if (j & 0x01)
+                bits = 0;
+            else if (j & 0x02)
+                bits = 1;
+            else if (j & 0x04)
+                bits = 2;
+            else if (j & 0x08)
+                bits = 3;
+            else if (j & 0x10)
+                bits = 4;
+            else if (j & 0x20)
+                bits = 5;
+            else if (j & 0x40)
+                bits = 6;
+            else if (j & 0x80)
+                bits = 7;
+            else
+                bits = 0;       /* should not happen */
+        }
+    } else
+        bits = 0;
+
+    ret = 1 + len;
+    if (pp == NULL)
+        return (ret);
+
+    p = *pp;
+
+    *(p++) = (unsigned char)bits;
+    d = a->data;
+    if (len > 0) {
+        memcpy(p, d, len);
+        p += len;
+        p[-1] &= (0xff << bits);
+    }
+    *pp = p;
+    return (ret);
+}
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long len)
+{
+    ASN1_BIT_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    int i;
+
+    if (len < 1) {
+        i = ASN1_R_STRING_TOO_SHORT;
+        goto err;
+    }
+
+    if (len > INT_MAX) {
+        i = ASN1_R_STRING_TOO_LONG;
+        goto err;
+    }
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_BIT_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    p = *pp;
+    i = *(p++);
+    if (i > 7) {
+        i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+        goto err;
+    }
+    /*
+     * We do this to preserve the settings.  If we modify the settings, via
+     * the _set_bit function, we will recalculate on output
+     */
+    ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+    ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+
+    if (len-- > 1) {            /* using one because of the bits left byte */
+        s = OPENSSL_malloc((int)len);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len - 1] &= (0xff << i);
+        p += len;
+    } else
+        s = NULL;
+
+    ret->length = (int)len;
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->type = V_ASN1_BIT_STRING;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_BIT_STRING_free(ret);
+    return (NULL);
+}
+
+/*
+ * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+{
+    int w, v, iv;
+    unsigned char *c;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    iv = ~v;
+    if (!value)
+        v = 0;
+
+    if (a == NULL)
+        return 0;
+
+    a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+
+    if ((a->length < (w + 1)) || (a->data == NULL)) {
+        if (!value)
+            return (1);         /* Don't need to set */
+        c = OPENSSL_clear_realloc(a->data, a->length, w + 1);
+        if (c == NULL) {
+            ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (w + 1 - a->length > 0)
+            memset(c + a->length, 0, w + 1 - a->length);
+        a->data = c;
+        a->length = w + 1;
+    }
+    a->data[w] = ((a->data[w]) & iv) | v;
+    while ((a->length > 0) && (a->data[a->length - 1] == 0))
+        a->length--;
+    return (1);
+}
+
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
+{
+    int w, v;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+        return (0);
+    return ((a->data[w] & v) != 0);
+}
+
+/*
+ * Checks if the given bit string contains only bits specified by
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len)
+{
+    int i, ok;
+    /* Check if there is one bit set at all. */
+    if (!a || !a->data)
+        return 1;
+
+    /*
+     * Check each byte of the internal representation of the bit string.
+     */
+    ok = 1;
+    for (i = 0; i < a->length && ok; ++i) {
+        unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+        /* We are done if there is an unneeded bit set. */
+        ok = (a->data[i] & mask) == 0;
+    }
+    return ok;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_d2i_fp.c b/openssl-1.1.0h/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000..e5c1d0e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+# ifndef OPENSSL_NO_STDIO
+
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_d2i_bio(xnew, d2i, b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (unsigned char *)b->data;
+    ret = d2i(x, &p, len);
+ err:
+    BUF_MEM_free(b);
+    return (ret);
+}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (const unsigned char *)b->data;
+    ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+    BUF_MEM_free(b);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+    BIO *b;
+    char *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_item_d2i_bio(it, b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+#define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+    BUF_MEM *b;
+    unsigned char *p;
+    int i;
+    size_t want = HEADER_SIZE;
+    uint32_t eos = 0;
+    size_t off = 0;
+    size_t len = 0;
+
+    const unsigned char *q;
+    long slen;
+    int inf, tag, xclass;
+
+    b = BUF_MEM_new();
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ERR_clear_error();
+    for (;;) {
+        if (want >= (len - off)) {
+            want -= (len - off);
+
+            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            i = BIO_read(in, &(b->data[len]), want);
+            if ((i < 0) && ((len - off) == 0)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+                goto err;
+            }
+            if (i > 0) {
+                if (len + i < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                len += i;
+            }
+        }
+        /* else data already loaded */
+
+        p = (unsigned char *)&(b->data[off]);
+        q = p;
+        inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
+        if (inf & 0x80) {
+            unsigned long e;
+
+            e = ERR_GET_REASON(ERR_peek_error());
+            if (e != ASN1_R_TOO_LONG)
+                goto err;
+            else
+                ERR_clear_error(); /* clear error */
+        }
+        i = q - p;            /* header length */
+        off += i;               /* end of data */
+
+        if (inf & 1) {
+            /* no data body so go round again */
+            if (eos == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+                goto err;
+            }
+            eos++;
+            want = HEADER_SIZE;
+        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
+            /* eos value, so go back and read another header */
+            eos--;
+            if (eos == 0)
+                break;
+            else
+                want = HEADER_SIZE;
+        } else {
+            /* suck in slen bytes of data */
+            want = slen;
+            if (want > (len - off)) {
+                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
+                want -= (len - off);
+                if (want > INT_MAX /* BIO_read takes an int length */  ||
+                    len + want < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                while (want > 0) {
+                    /*
+                     * Read content in chunks of increasing size
+                     * so we can return an error for EOF without
+                     * having to allocate the entire content length
+                     * in one go.
+                     */
+                    size_t chunk = want > chunk_max ? chunk_max : want;
+
+                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    want -= chunk;
+                    while (chunk > 0) {
+                        i = BIO_read(in, &(b->data[len]), chunk);
+                        if (i <= 0) {
+                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                    ASN1_R_NOT_ENOUGH_DATA);
+                            goto err;
+                        }
+                    /*
+                     * This can't overflow because |len+want| didn't
+                     * overflow.
+                     */
+                        len += i;
+                        chunk -= i;
+                    }
+                    if (chunk_max < INT_MAX/2)
+                        chunk_max *= 2;
+                }
+            }
+            if (off + slen < off) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                goto err;
+            }
+            off += slen;
+            if (eos == 0) {
+                break;
+            } else
+                want = HEADER_SIZE;
+        }
+    }
+
+    if (off > INT_MAX) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+        goto err;
+    }
+
+    *pb = b;
+    return off;
+ err:
+    BUF_MEM_free(b);
+    return -1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_digest.c b/openssl-1.1.0h/crypto/asn1/a_digest.c
new file mode 100644
index 0000000..c84ecc9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_digest.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str, *p;
+
+    i = i2d(data, NULL);
+    if ((str = OPENSSL_malloc(i)) == NULL) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    p = str;
+    i2d(data, &p);
+
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return (1);
+}
+
+#endif
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                     unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str = NULL;
+
+    i = ASN1_item_i2d(asn, &str, it);
+    if (!str)
+        return (0);
+
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_dup.c b/openssl-1.1.0h/crypto/asn1/a_dup.c
new file mode 100644
index 0000000..d9a57b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_dup.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
+{
+    unsigned char *b, *p;
+    const unsigned char *p2;
+    int i;
+    char *ret;
+
+    if (x == NULL)
+        return (NULL);
+
+    i = i2d(x, NULL);
+    b = OPENSSL_malloc(i + 10);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    p = b;
+    i = i2d(x, &p);
+    p2 = b;
+    ret = d2i(NULL, &p2, i);
+    OPENSSL_free(b);
+    return (ret);
+}
+
+#endif
+
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't
+ * need to allocate the buffer. At some point this could be rewritten to
+ * directly dup the underlying structure instead of doing and encode and
+ * decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+{
+    unsigned char *b = NULL;
+    const unsigned char *p;
+    long i;
+    void *ret;
+
+    if (x == NULL)
+        return (NULL);
+
+    i = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    p = b;
+    ret = ASN1_item_d2i(NULL, &p, i, it);
+    OPENSSL_free(b);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_gentm.c b/openssl-1.1.0h/crypto/asn1/a_gentm.c
new file mode 100644
index 0000000..ff1b695
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_gentm.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * GENERALIZEDTIME implementation. Based on UTCTIME
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
+{
+    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    char *a;
+    int n, i, l, o;
+
+    if (d->type != V_ASN1_GENERALIZEDTIME)
+        return (0);
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+    if (l < 13)
+        goto err;
+    for (i = 0; i < 7; i++) {
+        if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            if (tm)
+                tm->tm_sec = 0;
+            break;
+        }
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((n < min[i]) || (n > max[i]))
+            goto err;
+        if (tm) {
+            switch (i) {
+            case 0:
+                tm->tm_year = n * 100 - 1900;
+                break;
+            case 1:
+                tm->tm_year += n;
+                break;
+            case 2:
+                tm->tm_mon = n - 1;
+                break;
+            case 3:
+                tm->tm_mday = n;
+                break;
+            case 4:
+                tm->tm_hour = n;
+                break;
+            case 5:
+                tm->tm_min = n;
+                break;
+            case 6:
+                tm->tm_sec = n;
+                break;
+            }
+        }
+    }
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (a[o] == '.') {
+        if (++o > l)
+            goto err;
+        i = o;
+        while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+    }
+
+    if (a[o] == 'Z')
+        o++;
+    else if ((a[o] == '+') || (a[o] == '-')) {
+        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
+        o++;
+        if (o + 4 > l)
+            goto err;
+        for (i = 7; i < 9; i++) {
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            if ((n < min[i]) || (n > max[i]))
+                goto err;
+            if (tm) {
+                if (i == 7)
+                    offset = n * 3600;
+                else if (i == 8)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
+            return 0;
+    } else if (a[o]) {
+        /* Missing time zone information. */
+        goto err;
+    }
+    return (o == l);
+ err:
+    return (0);
+}
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+{
+    return asn1_generalizedtime_to_tm(NULL, d);
+}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+{
+    ASN1_GENERALIZEDTIME t;
+
+    t.type = V_ASN1_GENERALIZEDTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    if (ASN1_GENERALIZEDTIME_check(&t)) {
+        if (s != NULL) {
+            if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length))
+                return 0;
+            s->type = V_ASN1_GENERALIZEDTIME;
+        }
+        return (1);
+    } else
+        return (0);
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t)
+{
+    return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec)
+{
+    char *p;
+    struct tm *ts;
+    struct tm data;
+    size_t len = 20;
+    ASN1_GENERALIZEDTIME *tmps = NULL;
+
+    if (s == NULL)
+        tmps = ASN1_GENERALIZEDTIME_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        goto err;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            goto err;
+    }
+
+    p = (char *)tmps->data;
+    if ((p == NULL) || ((size_t)tmps->length < len)) {
+        p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        OPENSSL_free(tmps->data);
+        tmps->data = (unsigned char *)p;
+    }
+
+    BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
+                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+                 ts->tm_sec);
+    tmps->length = strlen(p);
+    tmps->type = V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
+#endif
+    return tmps;
+ err:
+    if (s == NULL)
+        ASN1_GENERALIZEDTIME_free(tmps);
+    return NULL;
+}
+
+const char *_asn1_mon[12] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
+{
+    char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+    char *f = NULL;
+    int f_len = 0;
+
+    i = tm->length;
+    v = (char *)tm->data;
+
+    if (i < 12)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 12; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
+        + (v[2] - '0') * 10 + (v[3] - '0');
+    M = (v[4] - '0') * 10 + (v[5] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[6] - '0') * 10 + (v[7] - '0');
+    h = (v[8] - '0') * 10 + (v[9] - '0');
+    m = (v[10] - '0') * 10 + (v[11] - '0');
+    if (tm->length >= 14 &&
+        (v[12] >= '0') && (v[12] <= '9') &&
+        (v[13] >= '0') && (v[13] <= '9')) {
+        s = (v[12] - '0') * 10 + (v[13] - '0');
+        /* Check for fractions of seconds. */
+        if (tm->length >= 15 && v[14] == '.') {
+            int l = tm->length;
+            f = &v[14];         /* The decimal point. */
+            f_len = 1;
+            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                ++f_len;
+        }
+    }
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                   _asn1_mon[M - 1], d, h, m, s, f_len, f, y,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_i2d_fp.c b/openssl-1.1.0h/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000..3b3f713
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+# ifndef OPENSSL_NO_STDIO
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_i2d_bio(i2d, b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+{
+    char *b;
+    unsigned char *p;
+    int i, j = 0, n, ret = 1;
+
+    n = i2d(x, NULL);
+    if (n <= 0)
+        return 0;
+
+    b = OPENSSL_malloc(n);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    p = (unsigned char *)b;
+    i2d(x, &p);
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return (ret);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_item_i2d_bio(it, b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+{
+    unsigned char *b = NULL;
+    int i, j = 0, n, ret = 1;
+
+    n = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_int.c b/openssl-1.1.0h/crypto/asn1/a_int.c
new file mode 100644
index 0000000..217650a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_int.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <limits.h>
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
+{
+    int neg, ret;
+    /* Compare signs */
+    neg = x->type & V_ASN1_NEG;
+    if (neg != (y->type & V_ASN1_NEG)) {
+        if (neg)
+            return -1;
+        else
+            return 1;
+    }
+
+    ret = ASN1_STRING_cmp(x, y);
+
+    if (neg)
+        return -ret;
+    else
+        return ret;
+}
+
+/*-
+ * This converts a big endian buffer and sign into its content encoding.
+ * This is used for INTEGER and ENUMERATED types.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+/*
+ * If |pad| is zero, the operation is effectively reduced to memcpy,
+ * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
+ * Note that in latter case sequence of zeros yields itself, and so
+ * does 0x80 followed by any number of zeros. These properties are
+ * used elsewhere below...
+ */
+static void twos_complement(unsigned char *dst, const unsigned char *src,
+                            size_t len, unsigned char pad)
+{
+    unsigned int carry = pad & 1;
+
+    /* Begin at the end of the encoding */
+    dst += len;
+    src += len;
+    /* two's complement value: ~value + 1 */
+    while (len-- != 0) {
+        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
+        carry >>= 8;
+    }
+}
+
+static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+                       unsigned char **pp)
+{
+    unsigned int pad = 0;
+    size_t ret, i;
+    unsigned char *p, pb = 0;
+
+    if (b != NULL && blen) {
+        ret = blen;
+        i = b[0];
+        if (!neg && (i > 127)) {
+            pad = 1;
+            pb = 0;
+        } else if (neg) {
+            pb = 0xFF;
+            if (i > 128) {
+                pad = 1;
+            } else if (i == 128) {
+                /*
+                 * Special case [of minimal negative for given length]:
+                 * if any other bytes non zero we pad, otherwise we don't.
+                 */
+                for (pad = 0, i = 1; i < blen; i++)
+                    pad |= b[i];
+                pb = pad != 0 ? 0xffU : 0;
+                pad = pb & 1;
+            }
+        }
+        ret += pad;
+    } else {
+        ret = 1;
+        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
+    }
+
+    if (pp == NULL || (p = *pp) == NULL)
+        return ret;
+
+    /*
+     * This magically handles all corner cases, such as '(b == NULL ||
+     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
+     * by any number of zeros...
+     */
+    *p = pb;
+    p += pad;       /* yes, p[0] can be written twice, but it's little
+                     * price to pay for eliminated branches */
+    twos_complement(p, b, blen, pb);
+
+    *pp += ret;
+    return ret;
+}
+
+/*
+ * convert content octets into a big endian buffer. Returns the length
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
+ * NULL just return length.
+ */
+
+static size_t c2i_ibuf(unsigned char *b, int *pneg,
+                       const unsigned char *p, size_t plen)
+{
+    int neg, pad;
+    /* Zero content length is illegal */
+    if (plen == 0) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
+        return 0;
+    }
+    neg = p[0] & 0x80;
+    if (pneg)
+        *pneg = neg;
+    /* Handle common case where length is 1 octet separately */
+    if (plen == 1) {
+        if (b != NULL) {
+            if (neg)
+                b[0] = (p[0] ^ 0xFF) + 1;
+            else
+                b[0] = p[0];
+        }
+        return 1;
+    }
+
+    pad = 0;
+    if (p[0] == 0) {
+        pad = 1;
+    } else if (p[0] == 0xFF) {
+        size_t i;
+
+        /*
+         * Special case [of "one less minimal negative" for given length]:
+         * if any other bytes non zero it was padded, otherwise not.
+         */
+        for (pad = 0, i = 1; i < plen; i++)
+            pad |= p[i];
+        pad = pad != 0 ? 1 : 0;
+    }
+    /* reject illegal padding: first two octets MSB can't match */
+    if (pad && (neg == (p[1] & 0x80))) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+
+    /* skip over pad */
+    p += pad;
+    plen -= pad;
+
+    if (b != NULL)
+        twos_complement(b, p, plen, neg ? 0xffU : 0);
+
+    return plen;
+}
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+}
+
+/* Convert big endian buffer into uint64_t, return 0 on error */
+static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
+{
+    size_t i;
+    uint64_t r;
+
+    if (blen > sizeof(*pr)) {
+        ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (b == NULL)
+        return 0;
+    for (r = 0, i = 0; i < blen; i++) {
+        r <<= 8;
+        r |= b[i];
+    }
+    *pr = r;
+    return 1;
+}
+
+/*
+ * Write uint64_t to big endian buffer and return offset to first
+ * written octet. In other words it returns offset in range from 0
+ * to 7, with 0 denoting 8 written octets and 7 - one.
+ */
+static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
+{
+    size_t off = sizeof(uint64_t);
+
+    do {
+        b[--off] = (unsigned char)r;
+    } while (r >>= 8);
+
+    return off;
+}
+
+/*
+ * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
+ * overflow warnings.
+ */
+#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
+
+/* signed version of asn1_get_uint64 */
+static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
+                          int neg)
+{
+    uint64_t r;
+    if (asn1_get_uint64(&r, b, blen) == 0)
+        return 0;
+    if (neg) {
+        if (r <= INT64_MAX) {
+            /* Most significant bit is guaranteed to be clear, negation
+             * is guaranteed to be meaningful in platform-neutral sense. */
+            *pr = -(int64_t)r;
+        } else if (r == ABS_INT64_MIN) {
+            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
+             * on ones'-complement system. */
+            *pr = (int64_t)(0 - r);
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+    } else {
+        if (r <= INT64_MAX) {
+            *pr = (int64_t)r;
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long len)
+{
+    ASN1_INTEGER *ret = NULL;
+    size_t r;
+    int neg;
+
+    r = c2i_ibuf(NULL, NULL, *pp, len);
+
+    if (r == 0)
+        return NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        ret = ASN1_INTEGER_new();
+        if (ret == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = *a;
+
+    if (ASN1_STRING_set(ret, NULL, r) == 0)
+        goto err;
+
+    c2i_ibuf(ret->data, &neg, *pp, len);
+
+    if (neg)
+        ret->type |= V_ASN1_NEG;
+
+    *pp += len;
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
+}
+
+static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    if (r < 0) {
+        /* Most obvious '-r' triggers undefined behaviour for most
+         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
+         * appear two's-complement centric, it does produce correct/
+         * expected result even on one's-complement. This is because
+         * cast to unsigned has to change bit pattern... */
+        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
+        a->type |= V_ASN1_NEG;
+    } else {
+        off = asn1_put_uint64(tbuf, r);
+        a->type &= ~V_ASN1_NEG;
+    }
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
+                                  int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    if (a->type & V_ASN1_NEG) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    return asn1_get_uint64(pr, a->data, a->length);
+}
+
+static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    off = asn1_put_uint64(tbuf, r);
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+/*
+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
+ * integers: some broken software can encode a positive INTEGER with its MSB
+ * set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length)
+{
+    ASN1_INTEGER *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_INTEGER_new()) == NULL)
+            return (NULL);
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_INTEGER) {
+        i = ASN1_R_EXPECTING_AN_INTEGER;
+        goto err;
+    }
+
+    /*
+     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+     * a missing NULL parameter.
+     */
+    s = OPENSSL_malloc((int)len + 1);
+    if (s == NULL) {
+        i = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+    ret->type = V_ASN1_INTEGER;
+    if (len) {
+        if ((*p == 0) && (len != 1)) {
+            p++;
+            len--;
+        }
+        memcpy(s, p, (int)len);
+        p += len;
+    }
+
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->length = (int)len;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return (NULL);
+}
+
+static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
+                                      int atype)
+{
+    ASN1_INTEGER *ret;
+    int len;
+
+    if (ai == NULL) {
+        ret = ASN1_STRING_type_new(atype);
+    } else {
+        ret = ai;
+        ret->type = atype;
+    }
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
+        ret->type |= V_ASN1_NEG_INTEGER;
+
+    len = BN_num_bytes(bn);
+
+    if (len == 0)
+        len = 1;
+
+    if (ASN1_STRING_set(ret, NULL, len) == 0) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Correct zero case */
+    if (BN_is_zero(bn))
+        ret->data[0] = 0;
+    else
+        len = BN_bn2bin(bn, ret->data);
+    ret->length = len;
+    return ret;
+ err:
+    if (ret != ai)
+        ASN1_INTEGER_free(ret);
+    return (NULL);
+}
+
+static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
+                                 int itype)
+{
+    BIGNUM *ret;
+
+    if ((ai->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
+        return NULL;
+    }
+
+    ret = BN_bin2bn(ai->data, ai->length, bn);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
+        return NULL;
+    }
+    if (ai->type & V_ASN1_NEG)
+        BN_set_negative(ret, 1);
+    return ret;
+}
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
+{
+    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+    return ASN1_INTEGER_set_int64(a, v);
+}
+
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    i = ASN1_INTEGER_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
+}
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+    return ASN1_ENUMERATED_set_int64(a, v);
+}
+
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
+        return -1;
+    if (a->length > (int)sizeof(long))
+        return 0xffffffffL;
+    i = ASN1_ENUMERATED_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
+}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
+}
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t buflen;
+
+    buflen = c2i_ibuf(NULL, NULL, *pp, len);
+    if (buflen == 0)
+        return 0;
+    if (buflen > sizeof(uint64_t)) {
+        ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    (void)c2i_ibuf(buf, neg, *pp, len);
+    return asn1_get_uint64(ret, buf, buflen);
+}
+
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t off;
+
+    off = asn1_put_uint64(buf, r);
+    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
+}
+
diff --git a/openssl-1.1.0h/crypto/asn1/a_mbstr.c b/openssl-1.1.0h/crypto/asn1/a_mbstr.c
new file mode 100644
index 0000000..7a035af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_mbstr.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_numeric(unsigned long value);
+static int is_printable(unsigned long value);
+
+/*
+ * These functions take a string in UTF8, ASCII or multibyte form and a mask
+ * of permissible ASN1 string types. It then works out the minimal type
+ * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data. Yes this is
+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
+ * size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask)
+{
+    return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize)
+{
+    int str_type;
+    int ret;
+    char free_out;
+    int outform, outlen = 0;
+    ASN1_STRING *dest;
+    unsigned char *p;
+    int nchar;
+    char strbuf[32];
+    int (*cpyfunc) (unsigned long, void *) = NULL;
+    if (len == -1)
+        len = strlen((const char *)in);
+    if (!mask)
+        mask = DIRSTRING_TYPE;
+
+    /* First do a string check and work out the number of characters */
+    switch (inform) {
+
+    case MBSTRING_BMP:
+        if (len & 1) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 1;
+        break;
+
+    case MBSTRING_UNIV:
+        if (len & 3) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 2;
+        break;
+
+    case MBSTRING_UTF8:
+        nchar = 0;
+        /* This counts the characters and does utf8 syntax checking */
+        ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+        if (ret < 0) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
+            return -1;
+        }
+        break;
+
+    case MBSTRING_ASC:
+        nchar = len;
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+        return -1;
+    }
+
+    if ((minsize > 0) && (nchar < minsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
+        ERR_add_error_data(2, "minsize=", strbuf);
+        return -1;
+    }
+
+    if ((maxsize > 0) && (nchar > maxsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
+        ERR_add_error_data(2, "maxsize=", strbuf);
+        return -1;
+    }
+
+    /* Now work out minimal type (if any) */
+    if (traverse_string(in, len, inform, type_str, &mask) < 0) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+        return -1;
+    }
+
+    /* Now work out output format and string type */
+    outform = MBSTRING_ASC;
+    if (mask & B_ASN1_NUMERICSTRING)
+        str_type = V_ASN1_NUMERICSTRING;
+    else if (mask & B_ASN1_PRINTABLESTRING)
+        str_type = V_ASN1_PRINTABLESTRING;
+    else if (mask & B_ASN1_IA5STRING)
+        str_type = V_ASN1_IA5STRING;
+    else if (mask & B_ASN1_T61STRING)
+        str_type = V_ASN1_T61STRING;
+    else if (mask & B_ASN1_BMPSTRING) {
+        str_type = V_ASN1_BMPSTRING;
+        outform = MBSTRING_BMP;
+    } else if (mask & B_ASN1_UNIVERSALSTRING) {
+        str_type = V_ASN1_UNIVERSALSTRING;
+        outform = MBSTRING_UNIV;
+    } else {
+        str_type = V_ASN1_UTF8STRING;
+        outform = MBSTRING_UTF8;
+    }
+    if (!out)
+        return str_type;
+    if (*out) {
+        free_out = 0;
+        dest = *out;
+        OPENSSL_free(dest->data);
+        dest->data = NULL;
+        dest->length = 0;
+        dest->type = str_type;
+    } else {
+        free_out = 1;
+        dest = ASN1_STRING_type_new(str_type);
+        if (dest == NULL) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = dest;
+    }
+    /* If both the same type just copy across */
+    if (inform == outform) {
+        if (!ASN1_STRING_set(dest, in, len)) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        return str_type;
+    }
+
+    /* Work out how much space the destination will need */
+    switch (outform) {
+    case MBSTRING_ASC:
+        outlen = nchar;
+        cpyfunc = cpy_asc;
+        break;
+
+    case MBSTRING_BMP:
+        outlen = nchar << 1;
+        cpyfunc = cpy_bmp;
+        break;
+
+    case MBSTRING_UNIV:
+        outlen = nchar << 2;
+        cpyfunc = cpy_univ;
+        break;
+
+    case MBSTRING_UTF8:
+        outlen = 0;
+        traverse_string(in, len, inform, out_utf8, &outlen);
+        cpyfunc = cpy_utf8;
+        break;
+    }
+    if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
+        if (free_out)
+            ASN1_STRING_free(dest);
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dest->length = outlen;
+    dest->data = p;
+    p[outlen] = 0;
+    traverse_string(in, len, inform, cpyfunc, &p);
+    return str_type;
+}
+
+/*
+ * This function traverses a string and passes the value of each character to
+ * an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg)
+{
+    unsigned long value;
+    int ret;
+    while (len) {
+        if (inform == MBSTRING_ASC) {
+            value = *p++;
+            len--;
+        } else if (inform == MBSTRING_BMP) {
+            value = *p++ << 8;
+            value |= *p++;
+            len -= 2;
+        } else if (inform == MBSTRING_UNIV) {
+            value = ((unsigned long)*p++) << 24;
+            value |= ((unsigned long)*p++) << 16;
+            value |= *p++ << 8;
+            value |= *p++;
+            len -= 4;
+        } else {
+            ret = UTF8_getc(p, len, &value);
+            if (ret < 0)
+                return -1;
+            len -= ret;
+            p += ret;
+        }
+        if (rfunc) {
+            ret = rfunc(value, arg);
+            if (ret <= 0)
+                return ret;
+        }
+    }
+    return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+    int *nchar;
+    nchar = arg;
+    (*nchar)++;
+    return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+    int *outlen;
+    outlen = arg;
+    *outlen += UTF8_putc(NULL, -1, value);
+    return 1;
+}
+
+/*
+ * Determine the "type" of a string: check each character against a supplied
+ * "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+    unsigned long types;
+    types = *((unsigned long *)arg);
+    if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value))
+        types &= ~B_ASN1_NUMERICSTRING;
+    if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+        types &= ~B_ASN1_PRINTABLESTRING;
+    if ((types & B_ASN1_IA5STRING) && (value > 127))
+        types &= ~B_ASN1_IA5STRING;
+    if ((types & B_ASN1_T61STRING) && (value > 0xff))
+        types &= ~B_ASN1_T61STRING;
+    if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+        types &= ~B_ASN1_BMPSTRING;
+    if (!types)
+        return -1;
+    *((unsigned long *)arg) = types;
+    return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q = (unsigned char)value;
+    (*p)++;
+    return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 2;
+    return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 24) & 0xff);
+    *q++ = (unsigned char)((value >> 16) & 0xff);
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 4;
+    return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+    unsigned char **p;
+    int ret;
+    p = arg;
+    /* We already know there is enough room so pass 0xff as the length */
+    ret = UTF8_putc(*p, 0xff, value);
+    *p += ret;
+    return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+    int ch;
+    if (value > 0x7f)
+        return 0;
+    ch = (int)value;
+    /*
+     * Note: we can't use 'isalnum' because certain accented characters may
+     * count as alphanumeric in some environments.
+     */
+#ifndef CHARSET_EBCDIC
+    if ((ch >= 'a') && (ch <= 'z'))
+        return 1;
+    if ((ch >= 'A') && (ch <= 'Z'))
+        return 1;
+    if ((ch >= '0') && (ch <= '9'))
+        return 1;
+    if ((ch == ' ') || strchr("'()+,-./:=?", ch))
+        return 1;
+#else                           /* CHARSET_EBCDIC */
+    if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
+        return 1;
+    if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
+        return 1;
+    if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
+        return 1;
+    if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
+        return 1;
+#endif                          /* CHARSET_EBCDIC */
+    return 0;
+}
+
+/* Return 1 if the character is a digit or space */
+static int is_numeric(unsigned long value)
+{
+    int ch;
+    if (value > 0x7f)
+        return 0;
+    ch = (int)value;
+#ifndef CHARSET_EBCDIC
+    if (!isdigit(ch) && ch != ' ')
+        return 0;
+#else
+    if (ch > os_toascii['9'])
+        return 0;
+    if (ch < os_toascii['0'] && ch != os_toascii[' '])
+        return 0;
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_object.c b/openssl-1.1.0h/crypto/asn1/a_object.c
new file mode 100644
index 0000000..1ec7a7e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_object.c
@@ -0,0 +1,370 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
+{
+    unsigned char *p;
+    int objsize;
+
+    if ((a == NULL) || (a->data == NULL))
+        return (0);
+
+    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL || objsize == -1)
+        return objsize;
+
+    p = *pp;
+    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    memcpy(p, a->data, a->length);
+    p += a->length;
+
+    *pp = p;
+    return (objsize);
+}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+{
+    int i, first, len = 0, c, use_bn;
+    char ftmp[24], *tmp = ftmp;
+    int tmpsize = sizeof(ftmp);
+    const char *p;
+    unsigned long l;
+    BIGNUM *bl = NULL;
+
+    if (num == 0)
+        return (0);
+    else if (num == -1)
+        num = strlen(buf);
+
+    p = buf;
+    c = *(p++);
+    num--;
+    if ((c >= '0') && (c <= '2')) {
+        first = c - '0';
+    } else {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+        goto err;
+    }
+
+    if (num <= 0) {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+        goto err;
+    }
+    c = *(p++);
+    num--;
+    for (;;) {
+        if (num <= 0)
+            break;
+        if ((c != '.') && (c != ' ')) {
+            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+            goto err;
+        }
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            if (num <= 0)
+                break;
+            num--;
+            c = *(p++);
+            if ((c == ' ') || (c == '.'))
+                break;
+            if ((c < '0') || (c > '9')) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+                goto err;
+            }
+            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+                use_bn = 1;
+                if (bl == NULL)
+                    bl = BN_new();
+                if (bl == NULL || !BN_set_word(bl, l))
+                    goto err;
+            }
+            if (use_bn) {
+                if (!BN_mul_word(bl, 10L)
+                    || !BN_add_word(bl, c - '0'))
+                    goto err;
+            } else
+                l = l * 10L + (long)(c - '0');
+        }
+        if (len == 0) {
+            if ((first < 2) && (l >= 40)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                goto err;
+            }
+            if (use_bn) {
+                if (!BN_add_word(bl, first * 40))
+                    goto err;
+            } else
+                l += (long)first *40;
+        }
+        i = 0;
+        if (use_bn) {
+            int blsize;
+            blsize = BN_num_bits(bl);
+            blsize = (blsize + 6) / 7;
+            if (blsize > tmpsize) {
+                if (tmp != ftmp)
+                    OPENSSL_free(tmp);
+                tmpsize = blsize + 32;
+                tmp = OPENSSL_malloc(tmpsize);
+                if (tmp == NULL)
+                    goto err;
+            }
+            while (blsize--) {
+                BN_ULONG t = BN_div_word(bl, 0x80L);
+                if (t == (BN_ULONG)-1)
+                    goto err;
+                tmp[i++] = (unsigned char)t;
+            }
+        } else {
+
+            for (;;) {
+                tmp[i++] = (unsigned char)l & 0x7f;
+                l >>= 7L;
+                if (l == 0L)
+                    break;
+            }
+
+        }
+        if (out != NULL) {
+            if (len + i > olen) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+                goto err;
+            }
+            while (--i > 0)
+                out[len++] = tmp[i] | 0x80;
+            out[len++] = tmp[0];
+        } else
+            len += i;
+    }
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return (len);
+ err:
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return (0);
+}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
+{
+    return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
+{
+    char buf[80], *p = buf;
+    int i;
+
+    if ((a == NULL) || (a->data == NULL))
+        return (BIO_write(bp, "NULL", 4));
+    i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
+    if (i > (int)(sizeof(buf) - 1)) {
+        p = OPENSSL_malloc(i + 1);
+        if (p == NULL)
+            return -1;
+        i2t_ASN1_OBJECT(p, i + 1, a);
+    }
+    if (i <= 0) {
+        i = BIO_write(bp, "<INVALID>", 9);
+        i += BIO_dump(bp, (const char *)a->data, a->length);
+        return i;
+    }
+    BIO_write(bp, p, i);
+    if (p != buf)
+        OPENSSL_free(p);
+    return (i);
+}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length)
+{
+    const unsigned char *p;
+    long len;
+    int tag, xclass;
+    int inf, i;
+    ASN1_OBJECT *ret = NULL;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_OBJECT) {
+        i = ASN1_R_EXPECTING_AN_OBJECT;
+        goto err;
+    }
+    ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret)
+        *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+    return (NULL);
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long len)
+{
+    ASN1_OBJECT *ret = NULL, tobj;
+    const unsigned char *p;
+    unsigned char *data;
+    int i, length;
+
+    /*
+     * Sanity check OID encoding. Need at least one content octet. MSB must
+     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+     * see: X.690 8.19.2
+     */
+    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+        p[len - 1] & 0x80) {
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+        return NULL;
+    }
+    /* Now 0 < len <= INT_MAX, so the cast is safe. */
+    length = (int)len;
+    /*
+     * Try to lookup OID in table: these are all valid encodings so if we get
+     * a match we know the OID is valid.
+     */
+    tobj.nid = NID_undef;
+    tobj.data = p;
+    tobj.length = length;
+    tobj.flags = 0;
+    i = OBJ_obj2nid(&tobj);
+    if (i != NID_undef) {
+        /*
+         * Return shared registered OID object: this improves efficiency
+         * because we don't have to return a dynamically allocated OID
+         * and NID lookups can use the cached value.
+         */
+        ret = OBJ_nid2obj(i);
+        if (a) {
+            ASN1_OBJECT_free(*a);
+            *a = ret;
+        }
+        *pp += len;
+        return ret;
+    }
+    for (i = 0; i < length; i++, p++) {
+        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+            return NULL;
+        }
+    }
+
+    /*
+     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
+     * ->ln
+     */
+    if ((a == NULL) || ((*a) == NULL) ||
+        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+        if ((ret = ASN1_OBJECT_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    p = *pp;
+    /* detach data from object */
+    data = (unsigned char *)ret->data;
+    ret->data = NULL;
+    /* once detached we can change it */
+    if ((data == NULL) || (ret->length < length)) {
+        ret->length = 0;
+        OPENSSL_free(data);
+        data = OPENSSL_malloc(length);
+        if (data == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    }
+    memcpy(data, p, length);
+    /* reattach data to object, after which it remains const */
+    ret->data = data;
+    ret->length = length;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+    p += length;
+
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_OBJECT_free(ret);
+    return (NULL);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+{
+    ASN1_OBJECT *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+    return (ret);
+}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT            /* disable purely for compile-time strict
+                                 * const checking. Doing this on a "real"
+                                 * compile will cause memory leaks */
+        OPENSSL_free((void*)a->sn);
+        OPENSSL_free((void*)a->ln);
+#endif
+        a->sn = a->ln = NULL;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+        OPENSSL_free((void*)a->data);
+        a->data = NULL;
+        a->length = 0;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+        OPENSSL_free(a);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln)
+{
+    ASN1_OBJECT o;
+
+    o.sn = sn;
+    o.ln = ln;
+    o.data = data;
+    o.nid = nid;
+    o.length = len;
+    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    return (OBJ_dup(&o));
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_octet.c b/openssl-1.1.0h/crypto/asn1/a_octet.c
new file mode 100644
index 0000000..2e1205c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_octet.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b)
+{
+    return ASN1_STRING_cmp(a, b);
+}
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
+                          int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_print.c b/openssl-1.1.0h/crypto/asn1/a_print.c
new file mode 100644
index 0000000..1aafe7c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_print.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+{
+    int c;
+    int ia5 = 0;
+    int t61 = 0;
+
+    if (len <= 0)
+        len = -1;
+    if (s == NULL)
+        return (V_ASN1_PRINTABLESTRING);
+
+    while ((*s) && (len-- != 0)) {
+        c = *(s++);
+#ifndef CHARSET_EBCDIC
+        if (!(((c >= 'a') && (c <= 'z')) ||
+              ((c >= 'A') && (c <= 'Z')) ||
+              ((c >= '0') && (c <= '9')) ||
+              (c == ' ') || (c == '\'') ||
+              (c == '(') || (c == ')') ||
+              (c == '+') || (c == ',') ||
+              (c == '-') || (c == '.') ||
+              (c == '/') || (c == ':') || (c == '=') || (c == '?')))
+            ia5 = 1;
+        if (c & 0x80)
+            t61 = 1;
+#else
+        if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
+            ia5 = 1;
+        if (os_toascii[c] & 0x80)
+            t61 = 1;
+#endif
+    }
+    if (t61)
+        return (V_ASN1_T61STRING);
+    if (ia5)
+        return (V_ASN1_IA5STRING);
+    return (V_ASN1_PRINTABLESTRING);
+}
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+{
+    int i;
+    unsigned char *p;
+
+    if (s->type != V_ASN1_UNIVERSALSTRING)
+        return (0);
+    if ((s->length % 4) != 0)
+        return (0);
+    p = s->data;
+    for (i = 0; i < s->length; i += 4) {
+        if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+            break;
+        else
+            p += 4;
+    }
+    if (i < s->length)
+        return (0);
+    p = s->data;
+    for (i = 3; i < s->length; i += 4) {
+        *(p++) = s->data[i];
+    }
+    *(p) = '\0';
+    s->length /= 4;
+    s->type = ASN1_PRINTABLE_type(s->data, s->length);
+    return (1);
+}
+
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
+{
+    int i, n;
+    char buf[80];
+    const char *p;
+
+    if (v == NULL)
+        return (0);
+    n = 0;
+    p = (const char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return (0);
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return (0);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_sign.c b/openssl-1.1.0h/crypto/asn1/a_sign.c
new file mode 100644
index 0000000..3b261eb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_sign.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
+    int i, inl = 0, outl = 0, outll = 0;
+    X509_ALGOR *a;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (i = 0; i < 2; i++) {
+        if (i == 0)
+            a = algor1;
+        else
+            a = algor2;
+        if (a == NULL)
+            continue;
+        if (type->pkey_type == NID_dsaWithSHA1) {
+            /*
+             * special case: RFC 2459 tells us to omit 'parameters' with
+             * id-dsa-with-sha1
+             */
+            ASN1_TYPE_free(a->parameter);
+            a->parameter = NULL;
+        } else if ((a->parameter == NULL) ||
+                   (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                goto err;
+            a->parameter->type = V_ASN1_NULL;
+        }
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm = OBJ_nid2obj(type->pkey_type);
+        if (a->algorithm == NULL) {
+            ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+            goto err;
+        }
+        if (a->algorithm->length == 0) {
+            ASN1err(ASN1_F_ASN1_SIGN,
+                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            goto err;
+        }
+    }
+    inl = i2d(data, NULL);
+    buf_in = OPENSSL_malloc((unsigned int)inl);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc((unsigned int)outl);
+    if ((buf_in == NULL) || (buf_out == NULL)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    if (!EVP_SignInit_ex(ctx, type, NULL)
+        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
+        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
+                          (unsigned int *)&outl, pkey)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return (outl);
+}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
+                   EVP_PKEY *pkey, const EVP_MD *type)
+{
+    int rv;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+
+    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
+
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
+
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+                       X509_ALGOR *algor1, X509_ALGOR *algor2,
+                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+{
+    const EVP_MD *type;
+    EVP_PKEY *pkey;
+    unsigned char *buf_in = NULL, *buf_out = NULL;
+    size_t inl = 0, outl = 0, outll = 0;
+    int signid, paramtype;
+    int rv;
+
+    type = EVP_MD_CTX_md(ctx);
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+
+    if (type == NULL || pkey == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+        goto err;
+    }
+
+    if (pkey->ameth == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+        goto err;
+    }
+
+    if (pkey->ameth->item_sign) {
+        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
+        if (rv == 1)
+            outl = signature->length;
+        /*-
+         * Return value meanings:
+         * <=0: error.
+         *   1: method does everything.
+         *   2: carry on as normal.
+         *   3: ASN1 method sets algorithm identifiers: just sign.
+         */
+        if (rv <= 0)
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        if (rv <= 1)
+            goto err;
+    } else
+        rv = 2;
+
+    if (rv == 2) {
+        if (!OBJ_find_sigid_by_algs(&signid,
+                                    EVP_MD_nid(type),
+                                    pkey->ameth->pkey_id)) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+            paramtype = V_ASN1_NULL;
+        else
+            paramtype = V_ASN1_UNDEF;
+
+        if (algor1)
+            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+
+    }
+
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc((unsigned int)outl);
+    if ((buf_in == NULL) || (buf_out == NULL)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
+        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return (outl);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_strex.c b/openssl-1.1.0h/crypto/asn1/a_strex.c
new file mode 100644
index 0000000..b91266b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_strex.c
@@ -0,0 +1,644 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/asn1_int.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/*
+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
+ * printing routines handling multibyte characters, RFC2253 and a host of
+ * other options.
+ */
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_2254 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/*
+ * Three IO functions for sending data to memory, a BIO and and a FILE
+ * pointer.
+ */
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (BIO_write(arg, buf, len) != len)
+        return 0;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (fwrite(buf, 1, len, arg) != (unsigned int)len)
+        return 0;
+    return 1;
+}
+#endif
+
+typedef int char_io (void *arg, const void *buf, int len);
+
+/*
+ * This function handles display of strings, one character at a time. It is
+ * passed an unsigned long for each character because it could come from 2 or
+ * even 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
+                       char_io *io_ch, void *arg)
+{
+    unsigned short chflgs;
+    unsigned char chtmp;
+    char tmphex[HEX_SIZE(long) + 3];
+
+    if (c > 0xffffffffL)
+        return -1;
+    if (c > 0xffff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
+        if (!io_ch(arg, tmphex, 10))
+            return -1;
+        return 10;
+    }
+    if (c > 0xff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
+        if (!io_ch(arg, tmphex, 6))
+            return -1;
+        return 6;
+    }
+    chtmp = (unsigned char)c;
+    if (chtmp > 0x7f)
+        chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+    else
+        chflgs = char_type[chtmp] & flags;
+    if (chflgs & CHARTYPE_BS_ESC) {
+        /* If we don't escape with quotes, signal we need quotes */
+        if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+            if (do_quotes)
+                *do_quotes = 1;
+            if (!io_ch(arg, &chtmp, 1))
+                return -1;
+            return 1;
+        }
+        if (!io_ch(arg, "\\", 1))
+            return -1;
+        if (!io_ch(arg, &chtmp, 1))
+            return -1;
+        return 2;
+    }
+    if (chflgs & (ASN1_STRFLGS_ESC_CTRL
+                  | ASN1_STRFLGS_ESC_MSB
+                  | ASN1_STRFLGS_ESC_2254)) {
+        BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+        if (!io_ch(arg, tmphex, 3))
+            return -1;
+        return 3;
+    }
+    /*
+     * If we get this far and do any escaping at all must escape the escape
+     * character itself: backslash.
+     */
+    if (chtmp == '\\' && (flags & ESC_FLAGS)) {
+        if (!io_ch(arg, "\\\\", 2))
+            return -1;
+        return 2;
+    }
+    if (!io_ch(arg, &chtmp, 1))
+        return -1;
+    return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/*
+ * This function sends each character in a buffer to do_esc_char(). It
+ * interprets the content formats and converts to or from UTF8 as
+ * appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                  int type, unsigned short flags, char *quotes, char_io *io_ch,
+                  void *arg)
+{
+    int i, outlen, len;
+    unsigned short orflags;
+    unsigned char *p, *q;
+    unsigned long c;
+
+    p = buf;
+    q = buf + buflen;
+    outlen = 0;
+    while (p != q) {
+        if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_FIRST_ESC_2253;
+        else
+            orflags = 0;
+        switch (type & BUF_TYPE_WIDTH_MASK) {
+        case 4:
+            c = ((unsigned long)*p++) << 24;
+            c |= ((unsigned long)*p++) << 16;
+            c |= ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 2:
+            c = ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 1:
+            c = *p++;
+            break;
+
+        case 0:
+            i = UTF8_getc(p, buflen, &c);
+            if (i < 0)
+                return -1;      /* Invalid UTF8String */
+            p += i;
+            break;
+        default:
+            return -1;          /* invalid width */
+        }
+        if (p == q && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_LAST_ESC_2253;
+        if (type & BUF_TYPE_CONVUTF8) {
+            unsigned char utfbuf[6];
+            int utflen;
+            utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+            for (i = 0; i < utflen; i++) {
+                /*
+                 * We don't need to worry about setting orflags correctly
+                 * because if utflen==1 its value will be correct anyway
+                 * otherwise each character will be > 0x7f and so the
+                 * character will never be escaped on first and last.
+                 */
+                len = do_esc_char(utfbuf[i], flags | orflags, quotes,
+                                  io_ch, arg);
+                if (len < 0)
+                    return -1;
+                outlen += len;
+            }
+        } else {
+            len = do_esc_char(c, flags | orflags, quotes,
+                              io_ch, arg);
+            if (len < 0)
+                return -1;
+            outlen += len;
+        }
+    }
+    return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
+                       int buflen)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    unsigned char *p, *q;
+    char hextmp[2];
+    if (arg) {
+        p = buf;
+        q = buf + buflen;
+        while (p != q) {
+            hextmp[0] = hexdig[*p >> 4];
+            hextmp[1] = hexdig[*p & 0xf];
+            if (!io_ch(arg, hextmp, 2))
+                return -1;
+            p++;
+        }
+    }
+    return buflen << 1;
+}
+
+/*
+ * "dump" a string. This is done when the type is unknown, or the flags
+ * request it. We can either dump the content octets or the entire DER
+ * encoding. This uses the RFC2253 #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+                   const ASN1_STRING *str)
+{
+    /*
+     * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
+     * readily obtained
+     */
+    ASN1_TYPE t;
+    unsigned char *der_buf, *p;
+    int outlen, der_len;
+
+    if (!io_ch(arg, "#", 1))
+        return -1;
+    /* If we don't dump DER encoding just dump content octets */
+    if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+        outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+        if (outlen < 0)
+            return -1;
+        return outlen + 1;
+    }
+    t.type = str->type;
+    t.value.ptr = (char *)str;
+    der_len = i2d_ASN1_TYPE(&t, NULL);
+    der_buf = OPENSSL_malloc(der_len);
+    if (der_buf == NULL)
+        return -1;
+    p = der_buf;
+    i2d_ASN1_TYPE(&t, &p);
+    outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+    OPENSSL_free(der_buf);
+    if (outlen < 0)
+        return -1;
+    return outlen + 1;
+}
+
+/*
+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
+ * used for non string types otherwise it is the number of bytes per
+ * character
+ */
+
+static const signed char tag2nbyte[] = {
+    -1, -1, -1, -1, -1,         /* 0-4 */
+    -1, -1, -1, -1, -1,         /* 5-9 */
+    -1, -1, 0, -1,              /* 10-13 */
+    -1, -1, -1, -1,             /* 15-17 */
+    1, 1, 1,                    /* 18-20 */
+    -1, 1, 1, 1,                /* 21-24 */
+    -1, 1, -1,                  /* 25-27 */
+    4, -1, 2                    /* 28-30 */
+};
+
+/*
+ * This is the main function, print out an ASN1_STRING taking note of various
+ * escape and display options. Returns number of characters written or -1 if
+ * an error occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+                       const ASN1_STRING *str)
+{
+    int outlen, len;
+    int type;
+    char quotes;
+    unsigned short flags;
+    quotes = 0;
+    /* Keep a copy of escape flags */
+    flags = (unsigned short)(lflags & ESC_FLAGS);
+
+    type = str->type;
+
+    outlen = 0;
+
+    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
+        const char *tagname;
+        tagname = ASN1_tag2str(type);
+        outlen += strlen(tagname);
+        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
+            return -1;
+        outlen++;
+    }
+
+    /* Decide what to do with type, either dump content or display it */
+
+    /* Dump everything */
+    if (lflags & ASN1_STRFLGS_DUMP_ALL)
+        type = -1;
+    /* Ignore the string type */
+    else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
+        type = 1;
+    else {
+        /* Else determine width based on type */
+        if ((type > 0) && (type < 31))
+            type = tag2nbyte[type];
+        else
+            type = -1;
+        if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
+            type = 1;
+    }
+
+    if (type == -1) {
+        len = do_dump(lflags, io_ch, arg, str);
+        if (len < 0)
+            return -1;
+        outlen += len;
+        return outlen;
+    }
+
+    if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+        /*
+         * Note: if string is UTF8 and we want to convert to UTF8 then we
+         * just interpret it as 1 byte per character to avoid converting
+         * twice.
+         */
+        if (!type)
+            type = 1;
+        else
+            type |= BUF_TYPE_CONVUTF8;
+    }
+
+    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+    if (len < 0)
+        return -1;
+    outlen += len;
+    if (quotes)
+        outlen += 2;
+    if (!arg)
+        return outlen;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+        return -1;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+    int i;
+    for (i = 0; i < indent; i++)
+        if (!io_ch(arg, " ", 1))
+            return 0;
+    return 1;
+}
+
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
+
+static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
+                      int indent, unsigned long flags)
+{
+    int i, prev = -1, orflags, cnt;
+    int fn_opt, fn_nid;
+    ASN1_OBJECT *fn;
+    const ASN1_STRING *val;
+    const X509_NAME_ENTRY *ent;
+    char objtmp[80];
+    const char *objbuf;
+    int outlen, len;
+    char *sep_dn, *sep_mv, *sep_eq;
+    int sep_dn_len, sep_mv_len, sep_eq_len;
+    if (indent < 0)
+        indent = 0;
+    outlen = indent;
+    if (!do_indent(io_ch, arg, indent))
+        return -1;
+    switch (flags & XN_FLAG_SEP_MASK) {
+    case XN_FLAG_SEP_MULTILINE:
+        sep_dn = "\n";
+        sep_dn_len = 1;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        break;
+
+    case XN_FLAG_SEP_COMMA_PLUS:
+        sep_dn = ",";
+        sep_dn_len = 1;
+        sep_mv = "+";
+        sep_mv_len = 1;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_CPLUS_SPC:
+        sep_dn = ", ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_SPLUS_SPC:
+        sep_dn = "; ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    default:
+        return -1;
+    }
+
+    if (flags & XN_FLAG_SPC_EQ) {
+        sep_eq = " = ";
+        sep_eq_len = 3;
+    } else {
+        sep_eq = "=";
+        sep_eq_len = 1;
+    }
+
+    fn_opt = flags & XN_FLAG_FN_MASK;
+
+    cnt = X509_NAME_entry_count(n);
+    for (i = 0; i < cnt; i++) {
+        if (flags & XN_FLAG_DN_REV)
+            ent = X509_NAME_get_entry(n, cnt - i - 1);
+        else
+            ent = X509_NAME_get_entry(n, i);
+        if (prev != -1) {
+            if (prev == X509_NAME_ENTRY_set(ent)) {
+                if (!io_ch(arg, sep_mv, sep_mv_len))
+                    return -1;
+                outlen += sep_mv_len;
+            } else {
+                if (!io_ch(arg, sep_dn, sep_dn_len))
+                    return -1;
+                outlen += sep_dn_len;
+                if (!do_indent(io_ch, arg, indent))
+                    return -1;
+                outlen += indent;
+            }
+        }
+        prev = X509_NAME_ENTRY_set(ent);
+        fn = X509_NAME_ENTRY_get_object(ent);
+        val = X509_NAME_ENTRY_get_data(ent);
+        fn_nid = OBJ_obj2nid(fn);
+        if (fn_opt != XN_FLAG_FN_NONE) {
+            int objlen, fld_len;
+            if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
+                OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
+                fld_len = 0;    /* XXX: what should this be? */
+                objbuf = objtmp;
+            } else {
+                if (fn_opt == XN_FLAG_FN_SN) {
+                    fld_len = FN_WIDTH_SN;
+                    objbuf = OBJ_nid2sn(fn_nid);
+                } else if (fn_opt == XN_FLAG_FN_LN) {
+                    fld_len = FN_WIDTH_LN;
+                    objbuf = OBJ_nid2ln(fn_nid);
+                } else {
+                    fld_len = 0; /* XXX: what should this be? */
+                    objbuf = "";
+                }
+            }
+            objlen = strlen(objbuf);
+            if (!io_ch(arg, objbuf, objlen))
+                return -1;
+            if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                if (!do_indent(io_ch, arg, fld_len - objlen))
+                    return -1;
+                outlen += fld_len - objlen;
+            }
+            if (!io_ch(arg, sep_eq, sep_eq_len))
+                return -1;
+            outlen += objlen + sep_eq_len;
+        }
+        /*
+         * If the field name is unknown then fix up the DER dump flag. We
+         * might want to limit this further so it will DER dump on anything
+         * other than a few 'standard' fields.
+         */
+        if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+            orflags = ASN1_STRFLGS_DUMP_ALL;
+        else
+            orflags = 0;
+
+        len = do_print_ex(io_ch, arg, flags | orflags, val);
+        if (len < 0)
+            return -1;
+        outlen += len;
+    }
+    return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT)
+        return X509_NAME_print(out, nm, indent);
+    return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT) {
+        BIO *btmp;
+        int ret;
+        btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+        if (!btmp)
+            return -1;
+        ret = X509_NAME_print(btmp, nm, indent);
+        BIO_free(btmp);
+        return ret;
+    }
+    return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/*
+ * Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
+{
+    ASN1_STRING stmp, *str = &stmp;
+    int mbflag, type, ret;
+    if (!in)
+        return -1;
+    type = in->type;
+    if ((type < 0) || (type > 30))
+        return -1;
+    mbflag = tag2nbyte[type];
+    if (mbflag == -1)
+        return -1;
+    mbflag |= MBSTRING_FLAG;
+    stmp.data = NULL;
+    stmp.length = 0;
+    stmp.flags = 0;
+    ret =
+        ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+                           B_ASN1_UTF8STRING);
+    if (ret < 0)
+        return ret;
+    *out = stmp.data;
+    return stmp.length;
+}
+
+/* Return 1 if host is a valid hostname and 0 otherwise */
+int asn1_valid_host(const ASN1_STRING *host)
+{
+    int hostlen = host->length;
+    const unsigned char *hostptr = host->data;
+    int type = host->type;
+    int i;
+    signed char width = -1;
+    unsigned short chflags = 0, prevchflags;
+
+    if (type > 0 && type < 31)
+        width = tag2nbyte[type];
+    if (width == -1 || hostlen == 0)
+        return 0;
+    /* Treat UTF8String as width 1 as any MSB set is invalid */
+    if (width == 0)
+        width = 1;
+    for (i = 0 ; i < hostlen; i+= width) {
+        prevchflags = chflags;
+        /* Value must be <= 0x7F: check upper bytes are all zeroes */
+        if (width == 4) {
+            if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
+                return 0;
+        } else if (width == 2) {
+            if (*hostptr++ != 0)
+                return 0;
+        }
+        if (*hostptr > 0x7f)
+            return 0;
+        chflags = char_type[*hostptr++];
+        if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
+            /* Nothing else allowed at start or end of string */
+            if (i == 0 || i == hostlen - 1)
+                return 0;
+            /* Otherwise invalid if not dot or hyphen */
+            if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
+                return 0;
+            /*
+             * If previous is dot or hyphen then illegal unless both
+             * are hyphens: as .- -. .. are all illegal
+             */
+            if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
+                && ((prevchflags & CHARTYPE_HOST_DOT)
+                    || (chflags & CHARTYPE_HOST_DOT)))
+                return 0;
+        }
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_strnid.c b/openssl-1.1.0h/crypto/asn1/a_strnid.c
new file mode 100644
index 0000000..ecf178e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_strnid.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b);
+
+/*
+ * This is the global mask for the mbstring functions: this is use to mask
+ * out certain types (such as BMPString and UTF8String) because certain
+ * software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+    global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+    return global_mask;
+}
+
+/*-
+ * This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(const char *p)
+{
+    unsigned long mask;
+    char *end;
+    if (strncmp(p, "MASK:", 5) == 0) {
+        if (!p[5])
+            return 0;
+        mask = strtoul(p + 5, &end, 0);
+        if (*end)
+            return 0;
+    } else if (strcmp(p, "nombstr") == 0)
+        mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
+    else if (strcmp(p, "pkix") == 0)
+        mask = ~((unsigned long)B_ASN1_T61STRING);
+    else if (strcmp(p, "utf8only") == 0)
+        mask = B_ASN1_UTF8STRING;
+    else if (strcmp(p, "default") == 0)
+        mask = 0xFFFFFFFFL;
+    else
+        return 0;
+    ASN1_STRING_set_default_mask(mask);
+    return 1;
+}
+
+/*
+ * The following function generates an ASN1_STRING based on limits in a
+ * table. Frequently the types and length of an ASN1_STRING are restricted by
+ * a corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid)
+{
+    ASN1_STRING_TABLE *tbl;
+    ASN1_STRING *str = NULL;
+    unsigned long mask;
+    int ret;
+    if (!out)
+        out = &str;
+    tbl = ASN1_STRING_TABLE_get(nid);
+    if (tbl) {
+        mask = tbl->mask;
+        if (!(tbl->flags & STABLE_NO_MASK))
+            mask &= global_mask;
+        ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                  tbl->minsize, tbl->maxsize);
+    } else
+        ret =
+            ASN1_mbstring_copy(out, in, inlen, inform,
+                               DIRSTRING_TYPE & global_mask);
+    if (ret <= 0)
+        return NULL;
+    return *out;
+}
+
+/*
+ * Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox               256
+
+/* This table must be kept in NID order */
+
+static const ASN1_STRING_TABLE tbl_standard[] = {
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b)
+{
+    return (*a)->nid - (*b)->nid;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
+{
+    return a->nid - b->nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+    int idx;
+    ASN1_STRING_TABLE fnd;
+    fnd.nid = nid;
+    if (stable) {
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if (idx >= 0)
+            return sk_ASN1_STRING_TABLE_value(stable, idx);
+    }
+    return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard));
+}
+
+/*
+ * Return a string table pointer which can be modified: either directly from
+ * table or a copy of an internal value added to the table.
+ */
+
+static ASN1_STRING_TABLE *stable_get(int nid)
+{
+    ASN1_STRING_TABLE *tmp, *rv;
+    /* Always need a string table so allocate one if NULL */
+    if (stable == NULL) {
+        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if (stable == NULL)
+            return NULL;
+    }
+    tmp = ASN1_STRING_TABLE_get(nid);
+    if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
+        return tmp;
+    rv = OPENSSL_zalloc(sizeof(*rv));
+    if (rv == NULL)
+        return NULL;
+    if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
+        OPENSSL_free(rv);
+        return NULL;
+    }
+    if (tmp) {
+        rv->nid = tmp->nid;
+        rv->minsize = tmp->minsize;
+        rv->maxsize = tmp->maxsize;
+        rv->mask = tmp->mask;
+        rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
+    } else {
+        rv->nid = nid;
+        rv->minsize = -1;
+        rv->maxsize = -1;
+        rv->flags = STABLE_FLAGS_MALLOC;
+    }
+    return rv;
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+                          long minsize, long maxsize, unsigned long mask,
+                          unsigned long flags)
+{
+    ASN1_STRING_TABLE *tmp;
+    tmp = stable_get(nid);
+    if (!tmp) {
+        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (minsize >= 0)
+        tmp->minsize = minsize;
+    if (maxsize >= 0)
+        tmp->maxsize = maxsize;
+    if (mask)
+        tmp->mask = mask;
+    if (flags)
+        tmp->flags = STABLE_FLAGS_MALLOC | flags;
+    return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+    STACK_OF(ASN1_STRING_TABLE) *tmp;
+    tmp = stable;
+    if (!tmp)
+        return;
+    stable = NULL;
+    sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+    if (tbl->flags & STABLE_FLAGS_MALLOC)
+        OPENSSL_free(tbl);
+}
+
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+    ASN1_STRING_TABLE *tmp;
+    int i, last_nid = -1;
+
+    for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) {
+        if (tmp->nid < last_nid) {
+            last_nid = 0;
+            break;
+        }
+        last_nid = tmp->nid;
+    }
+
+    if (last_nid != 0) {
+        printf("Table order OK\n");
+        exit(0);
+    }
+
+    for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++)
+        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+               OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/asn1/a_time.c b/openssl-1.1.0h/crypto/asn1/a_time.c
new file mode 100644
index 0000000..46f539c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_time.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include "asn1_locl.h"
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+{
+    return ASN1_TIME_adj(s, t, 0, 0);
+}
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL) {
+        ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
+        return NULL;
+    }
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+    if ((ts->tm_year >= 50) && (ts->tm_year < 150))
+        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+    return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+}
+
+int ASN1_TIME_check(const ASN1_TIME *t)
+{
+    if (t->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_check(t);
+    else if (t->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_check(t);
+    return 0;
+}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out)
+{
+    ASN1_GENERALIZEDTIME *ret = NULL;
+    char *str;
+    int newlen;
+
+    if (!ASN1_TIME_check(t))
+        return NULL;
+
+    if (out == NULL || *out == NULL) {
+        if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL)
+            goto err;
+    } else
+        ret = *out;
+
+    /* If already GeneralizedTime just copy across */
+    if (t->type == V_ASN1_GENERALIZEDTIME) {
+        if (!ASN1_STRING_set(ret, t->data, t->length))
+            goto err;
+        goto done;
+    }
+
+    /* grow the string */
+    if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+        goto err;
+    /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+    newlen = t->length + 2 + 1;
+    str = (char *)ret->data;
+    /* Work out the century and prepend */
+    if (t->data[0] >= '5')
+        OPENSSL_strlcpy(str, "19", newlen);
+    else
+        OPENSSL_strlcpy(str, "20", newlen);
+
+    OPENSSL_strlcat(str, (const char *)t->data, newlen);
+
+ done:
+   if (out != NULL && *out == NULL)
+       *out = ret;
+   return ret;
+
+ err:
+    if (out == NULL || *out != ret)
+        ASN1_GENERALIZEDTIME_free(ret);
+    return NULL;
+}
+
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+{
+    ASN1_TIME t;
+
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = 0;
+
+    t.type = V_ASN1_UTCTIME;
+
+    if (!ASN1_TIME_check(&t)) {
+        t.type = V_ASN1_GENERALIZEDTIME;
+        if (!ASN1_TIME_check(&t))
+            return 0;
+    }
+
+    if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+        return 0;
+
+    return 1;
+}
+
+static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
+{
+    if (t == NULL) {
+        time_t now_t;
+        time(&now_t);
+        if (OPENSSL_gmtime(&now_t, tm))
+            return 1;
+        return 0;
+    }
+
+    if (t->type == V_ASN1_UTCTIME)
+        return asn1_utctime_to_tm(tm, t);
+    else if (t->type == V_ASN1_GENERALIZEDTIME)
+        return asn1_generalizedtime_to_tm(tm, t);
+
+    return 0;
+}
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to)
+{
+    struct tm tm_from, tm_to;
+    if (!asn1_time_to_tm(&tm_from, from))
+        return 0;
+    if (!asn1_time_to_tm(&tm_to, to))
+        return 0;
+    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
+}
+
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
+{
+    if (tm->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_print(bp, tm);
+    if (tm->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_print(bp, tm);
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_type.c b/openssl-1.1.0h/crypto/asn1/a_type.c
new file mode 100644
index 0000000..df42360
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_type.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_locl.h"
+
+int ASN1_TYPE_get(const ASN1_TYPE *a)
+{
+    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+        return (a->type);
+    else
+        return (0);
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+    if (a->value.ptr != NULL) {
+        ASN1_TYPE **tmp_a = &a;
+        asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
+    }
+    a->type = type;
+    if (type == V_ASN1_BOOLEAN)
+        a->value.boolean = value ? 0xff : 0;
+    else
+        a->value.ptr = value;
+}
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+{
+    if (!value || (type == V_ASN1_BOOLEAN)) {
+        void *p = (void *)value;
+        ASN1_TYPE_set(a, type, p);
+    } else if (type == V_ASN1_OBJECT) {
+        ASN1_OBJECT *odup;
+        odup = OBJ_dup(value);
+        if (!odup)
+            return 0;
+        ASN1_TYPE_set(a, type, odup);
+    } else {
+        ASN1_STRING *sdup;
+        sdup = ASN1_STRING_dup(value);
+        if (!sdup)
+            return 0;
+        ASN1_TYPE_set(a, type, sdup);
+    }
+    return 1;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+
+    switch (a->type) {
+    case V_ASN1_OBJECT:
+        result = OBJ_cmp(a->value.object, b->value.object);
+        break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
+    case V_ASN1_NULL:
+        result = 0;             /* They do not have content. */
+        break;
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    default:
+        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+                                 (ASN1_STRING *)b->value.ptr);
+        break;
+    }
+
+    return result;
+}
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
+{
+    ASN1_OCTET_STRING *oct;
+    ASN1_TYPE *rt;
+
+    oct = ASN1_item_pack(s, it, NULL);
+    if (oct == NULL)
+        return NULL;
+
+    if (t && *t) {
+        rt = *t;
+    } else {
+        rt = ASN1_TYPE_new();
+        if (rt == NULL) {
+            ASN1_OCTET_STRING_free(oct);
+            return NULL;
+        }
+        if (t)
+            *t = rt;
+    }
+    ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
+    return rt;
+}
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
+{
+    if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
+        return NULL;
+    return ASN1_item_unpack(t->value.sequence, it);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_utctm.c b/openssl-1.1.0h/crypto/asn1/a_utctm.c
new file mode 100644
index 0000000..9797aa8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_utctm.c
@@ -0,0 +1,254 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
+{
+    static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
+    char *a;
+    int n, i, l, o;
+
+    if (d->type != V_ASN1_UTCTIME)
+        return (0);
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+
+    if (l < 11)
+        goto err;
+    for (i = 0; i < 6; i++) {
+        if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            if (tm)
+                tm->tm_sec = 0;
+            break;
+        }
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((n < min[i]) || (n > max[i]))
+            goto err;
+        if (tm) {
+            switch (i) {
+            case 0:
+                tm->tm_year = n < 50 ? n + 100 : n;
+                break;
+            case 1:
+                tm->tm_mon = n - 1;
+                break;
+            case 2:
+                tm->tm_mday = n;
+                break;
+            case 3:
+                tm->tm_hour = n;
+                break;
+            case 4:
+                tm->tm_min = n;
+                break;
+            case 5:
+                tm->tm_sec = n;
+                break;
+            }
+        }
+    }
+    if (a[o] == 'Z')
+        o++;
+    else if ((a[o] == '+') || (a[o] == '-')) {
+        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
+        o++;
+        if (o + 4 > l)
+            goto err;
+        for (i = 6; i < 8; i++) {
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            if ((n < min[i]) || (n > max[i]))
+                goto err;
+            if (tm) {
+                if (i == 6)
+                    offset = n * 3600;
+                else if (i == 7)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
+            return 0;
+    }
+    return o == l;
+ err:
+    return 0;
+}
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+{
+    return asn1_utctime_to_tm(NULL, d);
+}
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+{
+    ASN1_UTCTIME t;
+
+    t.type = V_ASN1_UTCTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    if (ASN1_UTCTIME_check(&t)) {
+        if (s != NULL) {
+            if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length))
+                return 0;
+            s->type = V_ASN1_UTCTIME;
+        }
+        return (1);
+    } else
+        return (0);
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+{
+    return ASN1_UTCTIME_adj(s, t, 0, 0);
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec)
+{
+    char *p;
+    struct tm *ts;
+    struct tm data;
+    size_t len = 20;
+    int free_s = 0;
+
+    if (s == NULL) {
+        s = ASN1_UTCTIME_new();
+        if (s == NULL)
+            goto err;
+        free_s = 1;
+    }
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        goto err;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            goto err;
+    }
+
+    if ((ts->tm_year < 50) || (ts->tm_year >= 150))
+        goto err;
+
+    p = (char *)s->data;
+    if ((p == NULL) || ((size_t)s->length < len)) {
+        p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        OPENSSL_free(s->data);
+        s->data = (unsigned char *)p;
+    }
+
+    BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
+                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+                 ts->tm_sec);
+    s->length = strlen(p);
+    s->type = V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+    ebcdic2ascii(s->data, s->data, s->length);
+#endif
+    return (s);
+ err:
+    if (free_s)
+        ASN1_UTCTIME_free(s);
+    return NULL;
+}
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!asn1_utctime_to_tm(&stm, s))
+        return -2;
+
+    if (!OPENSSL_gmtime(&t, &ttm))
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0)
+        return 1;
+    if (day < 0)
+        return -1;
+    if (sec > 0)
+        return 1;
+    if (sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
+{
+    const char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+    i = tm->length;
+    v = (const char *)tm->data;
+
+    if (i < 10)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 10; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 10 + (v[1] - '0');
+    if (y < 50)
+        y += 100;
+    M = (v[2] - '0') * 10 + (v[3] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[4] - '0') * 10 + (v[5] - '0');
+    h = (v[6] - '0') * 10 + (v[7] - '0');
+    m = (v[8] - '0') * 10 + (v[9] - '0');
+    if (tm->length >= 12 &&
+        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
+        s = (v[10] - '0') * 10 + (v[11] - '0');
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                   _asn1_mon[M - 1], d, h, m, s, y + 1900,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_utf8.c b/openssl-1.1.0h/crypto/asn1/a_utf8.c
new file mode 100644
index 0000000..e2dc09f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_utf8.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* UTF8 utilities */
+
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+    const unsigned char *p;
+    unsigned long value;
+    int ret;
+    if (len <= 0)
+        return 0;
+    p = str;
+
+    /* Check syntax and work out the encoded value (if correct) */
+    if ((*p & 0x80) == 0) {
+        value = *p++ & 0x7f;
+        ret = 1;
+    } else if ((*p & 0xe0) == 0xc0) {
+        if (len < 2)
+            return -1;
+        if ((p[1] & 0xc0) != 0x80)
+            return -3;
+        value = (*p++ & 0x1f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x80)
+            return -4;
+        ret = 2;
+    } else if ((*p & 0xf0) == 0xe0) {
+        if (len < 3)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80))
+            return -3;
+        value = (*p++ & 0xf) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x800)
+            return -4;
+        ret = 3;
+    } else if ((*p & 0xf8) == 0xf0) {
+        if (len < 4)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x7)) << 18;
+        value |= (*p++ & 0x3f) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x10000)
+            return -4;
+        ret = 4;
+    } else if ((*p & 0xfc) == 0xf8) {
+        if (len < 5)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x3)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x200000)
+            return -4;
+        ret = 5;
+    } else if ((*p & 0xfe) == 0xfc) {
+        if (len < 6)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80)
+            || ((p[5] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x1)) << 30;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x4000000)
+            return -4;
+        ret = 6;
+    } else
+        return -2;
+    *val = value;
+    return ret;
+}
+
+/*
+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
+ * where 'str' is a buffer containing 'len' characters. Returns the number of
+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
+ * in which case it just returns the number of characters. It will need at
+ * most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+    if (!str)
+        len = 6;                /* Maximum we will need */
+    else if (len <= 0)
+        return -1;
+    if (value < 0x80) {
+        if (str)
+            *str = (unsigned char)value;
+        return 1;
+    }
+    if (value < 0x800) {
+        if (len < 2)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 2;
+    }
+    if (value < 0x10000) {
+        if (len < 3)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 3;
+    }
+    if (value < 0x200000) {
+        if (len < 4)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 4;
+    }
+    if (value < 0x4000000) {
+        if (len < 5)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+            *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 5;
+    }
+    if (len < 6)
+        return -1;
+    if (str) {
+        *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+        *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+        *str = (unsigned char)((value & 0x3f) | 0x80);
+    }
+    return 6;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/a_verify.c b/openssl-1.1.0h/crypto/asn1/a_verify.c
new file mode 100644
index 0000000..fb3607c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/a_verify.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+                char *data, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    const EVP_MD *type;
+    unsigned char *p, *buf_in = NULL;
+    int ret = -1, i, inl;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = OBJ_obj2nid(a->algorithm);
+    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    if (type == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        goto err;
+    }
+
+    inl = i2d(data, NULL);
+    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    ret = EVP_VerifyInit_ex(ctx, type, NULL)
+        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = -1;
+
+    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
+                        (unsigned int)signature->length, pkey) <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return (ret);
+}
+
+#endif
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = NULL;
+    unsigned char *buf_in = NULL;
+    int ret = -1, inl;
+
+    int mdnid, pknid;
+
+    if (!pkey) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        return -1;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Convert signature OID into digest and public key OIDs */
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+        goto err;
+    }
+    if (mdnid == NID_undef) {
+        if (!pkey->ameth || !pkey->ameth->item_verify) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+            goto err;
+        }
+        ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
+        /*
+         * Return value of 2 means carry on, anything else means we exit
+         * straight away: either a fatal error of the underlying verification
+         * routine handles all verification.
+         */
+        if (ret != 2)
+            goto err;
+        ret = -1;
+    } else {
+        const EVP_MD *type;
+        type = EVP_get_digestbynid(mdnid);
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+            goto err;
+        }
+
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+            goto err;
+        }
+
+        if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+            ret = 0;
+            goto err;
+        }
+
+    }
+
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
+
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = -1;
+
+    if (EVP_DigestVerifyFinal(ctx, signature->data,
+                              (size_t)signature->length) <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/ameth_lib.c b/openssl-1.1.0h/crypto/asn1/ameth_lib.c
new file mode 100644
index 0000000..b8ba067
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/ameth_lib.c
@@ -0,0 +1,411 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/engine.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/* Keep this sorted in type order !! */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_asn1_meths[0],
+    &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_asn1_meths[0],
+    &dsa_asn1_meths[1],
+    &dsa_asn1_meths[2],
+    &dsa_asn1_meths[3],
+    &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+    &eckey_asn1_meth,
+#endif
+    &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ecx25519_asn1_meth
+#endif
+};
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
+
+#ifdef TEST
+void main()
+{
+    int i;
+    for (i = 0; i < OSSL_NELEM(standard_methods); i++)
+        fprintf(stderr, "Number %d id=%d (%s)\n", i,
+                standard_methods[i]->pkey_id,
+                OBJ_nid2sn(standard_methods[i]->pkey_id));
+}
+#endif
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                           const EVP_PKEY_ASN1_METHOD *, ameth);
+
+static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a,
+                     const EVP_PKEY_ASN1_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                             const EVP_PKEY_ASN1_METHOD *, ameth);
+
+int EVP_PKEY_asn1_get_count(void)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (app_methods)
+        num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
+    return num;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (idx < 0)
+        return NULL;
+    if (idx < num)
+        return standard_methods[idx];
+    idx -= num;
+    return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+}
+
+static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
+{
+    EVP_PKEY_ASN1_METHOD tmp;
+    const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+    }
+    ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+/*
+ * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also
+ * search through engines and set *pe to a functional reference to the engine
+ * implementing 'type' or NULL if no engine implements it.
+ */
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
+{
+    const EVP_PKEY_ASN1_METHOD *t;
+
+    for (;;) {
+        t = pkey_asn1_find(type);
+        if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
+            break;
+        type = t->pkey_base_id;
+    }
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        /* type will contain the final unaliased type */
+        e = ENGINE_get_pkey_asn1_meth_engine(type);
+        if (e) {
+            *pe = e;
+            return ENGINE_get_pkey_asn1_meth(e, type);
+        }
+#endif
+        *pe = NULL;
+    }
+    return t;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len)
+{
+    int i;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (len == -1)
+        len = strlen(str);
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
+        if (ameth) {
+            /*
+             * Convert structural into functional reference
+             */
+            if (!ENGINE_init(e))
+                ameth = NULL;
+            ENGINE_free(e);
+            *pe = e;
+            return ameth;
+        }
+#endif
+        *pe = NULL;
+    }
+    for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
+        ameth = EVP_PKEY_asn1_get0(i);
+        if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+            continue;
+        if ((int)strlen(ameth->pem_str) == len
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    EVP_PKEY_ASN1_METHOD tmp = { 0, };
+
+    if (app_methods == NULL) {
+        app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
+        if (app_methods == NULL)
+            return 0;
+    }
+
+    tmp.pkey_id = ameth->pkey_id;
+    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
+               EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
+        return 0;
+    }
+
+    if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
+        return 0;
+    sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
+    return 1;
+}
+
+int EVP_PKEY_asn1_add_alias(int to, int from)
+{
+    EVP_PKEY_ASN1_METHOD *ameth;
+    ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
+    if (ameth == NULL)
+        return 0;
+    ameth->pkey_base_id = to;
+    if (!EVP_PKEY_asn1_add0(ameth)) {
+        EVP_PKEY_asn1_free(ameth);
+        return 0;
+    }
+    return 1;
+}
+
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (!ameth)
+        return 0;
+    if (ppkey_id)
+        *ppkey_id = ameth->pkey_id;
+    if (ppkey_base_id)
+        *ppkey_base_id = ameth->pkey_base_id;
+    if (ppkey_flags)
+        *ppkey_flags = ameth->pkey_flags;
+    if (pinfo)
+        *pinfo = ameth->info;
+    if (ppem_str)
+        *ppem_str = ameth->pem_str;
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+{
+    return pkey->ameth;
+}
+
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info)
+{
+    EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth));
+
+    if (ameth == NULL)
+        return NULL;
+
+    ameth->pkey_id = id;
+    ameth->pkey_base_id = id;
+    ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
+
+    if (info) {
+        ameth->info = OPENSSL_strdup(info);
+        if (!ameth->info)
+            goto err;
+    }
+
+    if (pem_str) {
+        ameth->pem_str = OPENSSL_strdup(pem_str);
+        if (!ameth->pem_str)
+            goto err;
+    }
+
+    return ameth;
+
+ err:
+    EVP_PKEY_asn1_free(ameth);
+    return NULL;
+
+}
+
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src)
+{
+
+    dst->pub_decode = src->pub_decode;
+    dst->pub_encode = src->pub_encode;
+    dst->pub_cmp = src->pub_cmp;
+    dst->pub_print = src->pub_print;
+
+    dst->priv_decode = src->priv_decode;
+    dst->priv_encode = src->priv_encode;
+    dst->priv_print = src->priv_print;
+
+    dst->old_priv_encode = src->old_priv_encode;
+    dst->old_priv_decode = src->old_priv_decode;
+
+    dst->pkey_size = src->pkey_size;
+    dst->pkey_bits = src->pkey_bits;
+
+    dst->param_decode = src->param_decode;
+    dst->param_encode = src->param_encode;
+    dst->param_missing = src->param_missing;
+    dst->param_copy = src->param_copy;
+    dst->param_cmp = src->param_cmp;
+    dst->param_print = src->param_print;
+
+    dst->pkey_free = src->pkey_free;
+    dst->pkey_ctrl = src->pkey_ctrl;
+
+    dst->item_sign = src->item_sign;
+    dst->item_verify = src->item_verify;
+
+}
+
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) {
+        OPENSSL_free(ameth->pem_str);
+        OPENSSL_free(ameth->info);
+        OPENSSL_free(ameth);
+    }
+}
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk))
+{
+    ameth->pub_decode = pub_decode;
+    ameth->pub_encode = pub_encode;
+    ameth->pub_cmp = pub_cmp;
+    ameth->pub_print = pub_print;
+    ameth->pkey_size = pkey_size;
+    ameth->pkey_bits = pkey_bits;
+}
+
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx))
+{
+    ameth->priv_decode = priv_decode;
+    ameth->priv_encode = priv_encode;
+    ameth->priv_print = priv_print;
+}
+
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx))
+{
+    ameth->param_decode = param_decode;
+    ameth->param_encode = param_encode;
+    ameth->param_missing = param_missing;
+    ameth->param_copy = param_copy;
+    ameth->param_cmp = param_cmp;
+    ameth->param_print = param_print;
+}
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey))
+{
+    ameth->pkey_free = pkey_free;
+}
+
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2))
+{
+    ameth->pkey_ctrl = pkey_ctrl;
+}
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk))
+{
+    ameth->pkey_security_bits = pkey_security_bits;
+}
+
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig))
+{
+    ameth->item_sign = item_sign;
+    ameth->item_verify = item_verify;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn1_err.c b/openssl-1.1.0h/crypto/asn1/asn1_err.c
new file mode 100644
index 0000000..8602c40
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn1_err.c
@@ -0,0 +1,271 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
+static ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+    {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"},
+    {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+    {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"},
+    {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"},
+    {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"},
+    {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+    {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"},
+    {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"},
+    {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+    {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"},
+    {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"},
+    {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
+    {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"},
+    {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+    {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
+    {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
+    {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+    {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"},
+    {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
+    {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"},
+    {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+    {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"},
+    {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
+    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
+     "ASN1_TYPE_get_int_octetstring"},
+    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+    {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
+    {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+    {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"},
+    {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"},
+    {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
+    {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"},
+    {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"},
+    {ERR_FUNC(ASN1_F_C2I_UINT64_INT), "c2i_uint64_int"},
+    {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+    {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
+    {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+    {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+    {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
+    {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
+    {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+    {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
+    {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+    {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+    {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+    {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"},
+    {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"},
+    {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
+    {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"},
+    {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+    {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
+    {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
+    {ERR_FUNC(ASN1_F_UINT32_C2I), "uint32_c2i"},
+    {ERR_FUNC(ASN1_F_UINT64_C2I), "uint64_c2i"},
+    {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+    {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+    {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"},
+    {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"},
+    {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"},
+    {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
+    {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+     "bmpstring is wrong length"},
+    {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
+    {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
+    {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+     "cipher has no object identifier"},
+    {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
+    {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
+     "digest and key type not supported"},
+    {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
+    {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
+    {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+     "error setting cipher params"},
+    {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
+    {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
+    {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
+    {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+     "explicit tag not constructed"},
+    {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
+    {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
+    {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"},
+    {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"},
+    {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+     "illegal options on item template"},
+    {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
+    {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
+    {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"},
+    {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
+    {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+     "integer too large for long"},
+    {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+     "invalid bit string bits left"},
+    {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
+    {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
+    {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS),
+     "invalid scrypt parameters"},
+    {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),
+     "invalid string table value"},
+    {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+     "invalid universalstring length"},
+    {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
+    {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"},
+    {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
+    {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+    {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+    {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
+    {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
+    {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+    {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+    {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
+    {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
+    {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
+     "no multipart body failure"},
+    {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+    {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
+    {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
+    {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
+    {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
+    {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
+    {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
+    {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
+    {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+     "sequence or set needs config"},
+    {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
+    {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+    {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
+    {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+     "the asn1 object identifier is not known for this md"},
+    {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
+    {ERR_REASON(ASN1_R_TOO_LARGE), "too large"},
+    {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
+    {ERR_REASON(ASN1_R_TOO_SMALL), "too small"},
+    {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
+    {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
+    {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+     "universalstring is wrong length"},
+    {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+     "unknown message digest algorithm"},
+    {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
+    {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
+    {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
+     "unknown signature algorithm"},
+    {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+     "unsupported any defined by type"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+     "unsupported public key type"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"},
+    {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
+    {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASN1_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ASN1_str_functs);
+        ERR_load_strings(0, ASN1_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn1_gen.c b/openssl-1.1.0h/crypto/asn1/asn1_gen.c
new file mode 100644
index 0000000..493a693
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn1_gen.c
@@ -0,0 +1,789 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG           0x10000
+#define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX       20
+/* Maximum number of nested sequences */
+#define ASN1_GEN_SEQ_MAX_DEPTH  50
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII   1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8    2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX     3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+struct tag_name_st {
+    const char *strnam;
+    int len;
+    int tag;
+};
+
+typedef struct {
+    int exp_tag;
+    int exp_class;
+    int exp_constructed;
+    int exp_pad;
+    long exp_len;
+} tag_exp_type;
+
+typedef struct {
+    int imp_tag;
+    int imp_class;
+    int utype;
+    int format;
+    const char *str;
+    tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+    int exp_count;
+} tag_exp_arg;
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr);
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag,
+                         int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
+{
+    X509V3_CTX cnf;
+
+    if (!nconf)
+        return ASN1_generate_v3(str, NULL);
+
+    X509V3_set_nconf(&cnf, nconf);
+    return ASN1_generate_v3(str, &cnf);
+}
+
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
+{
+    int err = 0;
+    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+    if (err)
+        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
+    return ret;
+}
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr)
+{
+    ASN1_TYPE *ret;
+    tag_exp_arg asn1_tags;
+    tag_exp_type *etmp;
+
+    int i, len;
+
+    unsigned char *orig_der = NULL, *new_der = NULL;
+    const unsigned char *cpy_start;
+    unsigned char *p;
+    const unsigned char *cp;
+    int cpy_len;
+    long hdr_len = 0;
+    int hdr_constructed = 0, hdr_tag, hdr_class;
+    int r;
+
+    asn1_tags.imp_tag = -1;
+    asn1_tags.imp_class = -1;
+    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+    asn1_tags.exp_count = 0;
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+        *perr = ASN1_R_UNKNOWN_TAG;
+        return NULL;
+    }
+
+    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
+        || (asn1_tags.utype == V_ASN1_SET)) {
+        if (!cnf) {
+            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
+            return NULL;
+        }
+        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
+            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
+            return NULL;
+        }
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
+    } else
+        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+    if (!ret)
+        return NULL;
+
+    /* If no tagging return base type */
+    if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+        return ret;
+
+    /* Generate the encoding */
+    cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+    ASN1_TYPE_free(ret);
+    ret = NULL;
+    /* Set point to start copying for modified encoding */
+    cpy_start = orig_der;
+
+    /* Do we need IMPLICIT tagging? */
+    if (asn1_tags.imp_tag != -1) {
+        /* If IMPLICIT we will replace the underlying tag */
+        /* Skip existing tag+len */
+        r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
+                            cpy_len);
+        if (r & 0x80)
+            goto err;
+        /* Update copy length */
+        cpy_len -= cpy_start - orig_der;
+        /*
+         * For IMPLICIT tagging the length should match the original length
+         * and constructed flag should be consistent.
+         */
+        if (r & 0x1) {
+            /* Indefinite length constructed */
+            hdr_constructed = 2;
+            hdr_len = 0;
+        } else
+            /* Just retain constructed flag */
+            hdr_constructed = r & V_ASN1_CONSTRUCTED;
+        /*
+         * Work out new length with IMPLICIT tag: ignore constructed because
+         * it will mess up if indefinite length
+         */
+        len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+    } else
+        len = cpy_len;
+
+    /* Work out length in any EXPLICIT, starting from end */
+
+    for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
+         i < asn1_tags.exp_count; i++, etmp--) {
+        /* Content length: number of content octets + any padding */
+        len += etmp->exp_pad;
+        etmp->exp_len = len;
+        /* Total object length: length including new header */
+        len = ASN1_object_size(0, len, etmp->exp_tag);
+    }
+
+    /* Allocate buffer for new encoding */
+
+    new_der = OPENSSL_malloc(len);
+    if (new_der == NULL)
+        goto err;
+
+    /* Generate tagged encoding */
+
+    p = new_der;
+
+    /* Output explicit tags first */
+
+    for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
+         i++, etmp++) {
+        ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+                        etmp->exp_tag, etmp->exp_class);
+        if (etmp->exp_pad)
+            *p++ = 0;
+    }
+
+    /* If IMPLICIT, output tag */
+
+    if (asn1_tags.imp_tag != -1) {
+        if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
+            && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                || asn1_tags.imp_tag == V_ASN1_SET))
+            hdr_constructed = V_ASN1_CONSTRUCTED;
+        ASN1_put_object(&p, hdr_constructed, hdr_len,
+                        asn1_tags.imp_tag, asn1_tags.imp_class);
+    }
+
+    /* Copy across original encoding */
+    memcpy(p, cpy_start, cpy_len);
+
+    cp = new_der;
+
+    /* Obtain new ASN1_TYPE structure */
+    ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+    OPENSSL_free(orig_der);
+    OPENSSL_free(new_der);
+
+    return ret;
+
+}
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+{
+    tag_exp_arg *arg = bitstr;
+    int i;
+    int utype;
+    int vlen = 0;
+    const char *p, *vstart = NULL;
+
+    int tmp_tag, tmp_class;
+
+    if (elem == NULL)
+        return -1;
+
+    for (i = 0, p = elem; i < len; p++, i++) {
+        /* Look for the ':' in name value pairs */
+        if (*p == ':') {
+            vstart = p + 1;
+            vlen = len - (vstart - elem);
+            len = p - elem;
+            break;
+        }
+    }
+
+    utype = asn1_str2tag(elem, len);
+
+    if (utype == -1) {
+        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+        ERR_add_error_data(2, "tag=", elem);
+        return -1;
+    }
+
+    /* If this is not a modifier mark end of string and exit */
+    if (!(utype & ASN1_GEN_FLAG)) {
+        arg->utype = utype;
+        arg->str = vstart;
+        /* If no value and not end of string, error */
+        if (!vstart && elem[len]) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+            return -1;
+        }
+        return 0;
+    }
+
+    switch (utype) {
+
+    case ASN1_GEN_FLAG_IMP:
+        /* Check for illegal multiple IMPLICIT tagging */
+        if (arg->imp_tag != -1) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+            return -1;
+        }
+        if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_EXP:
+
+        if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+            return -1;
+        if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SEQWRAP:
+        if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SETWRAP:
+        if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_BITWRAP:
+        if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_OCTWRAP:
+        if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_FORMAT:
+        if (!vstart) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        if (strncmp(vstart, "ASCII", 5) == 0)
+            arg->format = ASN1_GEN_FORMAT_ASCII;
+        else if (strncmp(vstart, "UTF8", 4) == 0)
+            arg->format = ASN1_GEN_FORMAT_UTF8;
+        else if (strncmp(vstart, "HEX", 3) == 0)
+            arg->format = ASN1_GEN_FORMAT_HEX;
+        else if (strncmp(vstart, "BITLIST", 7) == 0)
+            arg->format = ASN1_GEN_FORMAT_BITLIST;
+        else {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        break;
+
+    }
+
+    return 1;
+
+}
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+{
+    char erch[2];
+    long tag_num;
+    char *eptr;
+    if (!vstart)
+        return 0;
+    tag_num = strtoul(vstart, &eptr, 10);
+    /* Check we haven't gone past max length: should be impossible */
+    if (eptr && *eptr && (eptr > vstart + vlen))
+        return 0;
+    if (tag_num < 0) {
+        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    *ptag = tag_num;
+    /* If we have non numeric characters, parse them */
+    if (eptr)
+        vlen -= eptr - vstart;
+    else
+        vlen = 0;
+    if (vlen) {
+        switch (*eptr) {
+
+        case 'U':
+            *pclass = V_ASN1_UNIVERSAL;
+            break;
+
+        case 'A':
+            *pclass = V_ASN1_APPLICATION;
+            break;
+
+        case 'P':
+            *pclass = V_ASN1_PRIVATE;
+            break;
+
+        case 'C':
+            *pclass = V_ASN1_CONTEXT_SPECIFIC;
+            break;
+
+        default:
+            erch[0] = *eptr;
+            erch[1] = 0;
+            ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+            ERR_add_error_data(2, "Char=", erch);
+            return 0;
+
+        }
+    } else
+        *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+    return 1;
+
+}
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr)
+{
+    ASN1_TYPE *ret = NULL;
+    STACK_OF(ASN1_TYPE) *sk = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    unsigned char *der = NULL;
+    int derlen;
+    int i;
+    sk = sk_ASN1_TYPE_new_null();
+    if (!sk)
+        goto bad;
+    if (section) {
+        if (!cnf)
+            goto bad;
+        sect = X509V3_get_section(cnf, (char *)section);
+        if (!sect)
+            goto bad;
+        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+            ASN1_TYPE *typ =
+                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
+                            depth + 1, perr);
+            if (!typ)
+                goto bad;
+            if (!sk_ASN1_TYPE_push(sk, typ))
+                goto bad;
+        }
+    }
+
+    /*
+     * Now we has a STACK of the components, convert to the correct form
+     */
+
+    if (utype == V_ASN1_SET)
+        derlen = i2d_ASN1_SET_ANY(sk, &der);
+    else
+        derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
+
+    if (derlen < 0)
+        goto bad;
+    if ((ret = ASN1_TYPE_new()) == NULL)
+        goto bad;
+    if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL)
+        goto bad;
+
+    ret->type = utype;
+    ret->value.asn1_string->data = der;
+    ret->value.asn1_string->length = derlen;
+
+    der = NULL;
+
+ bad:
+
+    OPENSSL_free(der);
+
+    sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    X509V3_section_free(cnf, sect);
+
+    return ret;
+}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok)
+{
+    tag_exp_type *exp_tmp;
+    /* Can only have IMPLICIT if permitted */
+    if ((arg->imp_tag != -1) && !imp_ok) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+        return 0;
+    }
+
+    if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+        return 0;
+    }
+
+    exp_tmp = &arg->exp_list[arg->exp_count++];
+
+    /*
+     * If IMPLICIT set tag to implicit value then reset implicit tag since it
+     * has been used.
+     */
+    if (arg->imp_tag != -1) {
+        exp_tmp->exp_tag = arg->imp_tag;
+        exp_tmp->exp_class = arg->imp_class;
+        arg->imp_tag = -1;
+        arg->imp_class = -1;
+    } else {
+        exp_tmp->exp_tag = exp_tag;
+        exp_tmp->exp_class = exp_class;
+    }
+    exp_tmp->exp_constructed = exp_constructed;
+    exp_tmp->exp_pad = exp_pad;
+
+    return 1;
+}
+
+static int asn1_str2tag(const char *tagstr, int len)
+{
+    unsigned int i;
+    static const struct tag_name_st *tntmp, tnst[] = {
+        ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("NULL", V_ASN1_NULL),
+        ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+        ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+        ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+        ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+        ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+        ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+        ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
+
+        /* Special cases */
+        ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SET", V_ASN1_SET),
+        /* type modifiers */
+        /* Explicit tag */
+        ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+        ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+        /* Implicit tag */
+        ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+        ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+        /* OCTET STRING wrapper */
+        ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+        /* SEQUENCE wrapper */
+        ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+        /* SET wrapper */
+        ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+        /* BIT STRING wrapper */
+        ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+        ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+        ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+    };
+
+    if (len == -1)
+        len = strlen(tagstr);
+
+    tntmp = tnst;
+    for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
+        if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0))
+            return tntmp->tag;
+    }
+
+    return -1;
+}
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+{
+    ASN1_TYPE *atmp = NULL;
+    CONF_VALUE vtmp;
+    unsigned char *rdata;
+    long rdlen;
+    int no_unused = 1;
+
+    if ((atmp = ASN1_TYPE_new()) == NULL) {
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!str)
+        str = "";
+
+    switch (utype) {
+
+    case V_ASN1_NULL:
+        if (str && *str) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+            goto bad_form;
+        }
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        vtmp.name = NULL;
+        vtmp.section = NULL;
+        vtmp.value = (char *)str;
+        if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.integer
+                    = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_OBJECT:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        atmp->value.asn1_string->type = utype;
+        if (!ASN1_TIME_check(atmp->value.asn1_string)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_NUMERICSTRING:
+        if (format == ASN1_GEN_FORMAT_ASCII)
+            format = MBSTRING_ASC;
+        else if (format == ASN1_GEN_FORMAT_UTF8)
+            format = MBSTRING_UTF8;
+        else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+            goto bad_form;
+        }
+
+        if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+                               -1, format, ASN1_tag2bit(utype)) <= 0) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_form;
+        }
+
+        if (format == ASN1_GEN_FORMAT_HEX) {
+            if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+                goto bad_str;
+            }
+            atmp->value.asn1_string->data = rdata;
+            atmp->value.asn1_string->length = rdlen;
+            atmp->value.asn1_string->type = utype;
+        } else if (format == ASN1_GEN_FORMAT_ASCII)
+            ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+        else if ((format == ASN1_GEN_FORMAT_BITLIST)
+                 && (utype == V_ASN1_BIT_STRING)) {
+            if (!CONF_parse_list
+                (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+                goto bad_str;
+            }
+            no_unused = 0;
+
+        } else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+            goto bad_form;
+        }
+
+        if ((utype == V_ASN1_BIT_STRING) && no_unused) {
+            atmp->value.asn1_string->flags
+                &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+            atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        }
+
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+        goto bad_str;
+    }
+
+    atmp->type = utype;
+    return atmp;
+
+ bad_str:
+    ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+    ASN1_TYPE_free(atmp);
+    return NULL;
+
+}
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+{
+    long bitnum;
+    char *eptr;
+    if (!elem)
+        return 0;
+    bitnum = strtoul(elem, &eptr, 10);
+    if (eptr && *eptr && (eptr != elem + len))
+        return 0;
+    if (bitnum < 0) {
+        ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
+        ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int mask_cb(const char *elem, int len, void *arg)
+{
+    unsigned long *pmask = arg, tmpmask;
+    int tag;
+    if (elem == NULL)
+        return 0;
+    if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) {
+        *pmask |= B_ASN1_DIRECTORYSTRING;
+        return 1;
+    }
+    tag = asn1_str2tag(elem, len);
+    if (!tag || (tag & ASN1_GEN_FLAG))
+        return 0;
+    tmpmask = ASN1_tag2bit(tag);
+    if (!tmpmask)
+        return 0;
+    *pmask |= tmpmask;
+    return 1;
+}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+{
+    *pmask = 0;
+    return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn1_lib.c b/openssl-1.1.0h/crypto/asn1/asn1_lib.c
new file mode 100644
index 0000000..8ca53b4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn1_lib.c
@@ -0,0 +1,384 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max);
+static void asn1_put_length(unsigned char **pp, int length);
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+{
+    /*
+     * If there is 0 or 1 byte left, the length check should pick things up
+     */
+    if (len <= 0)
+        return (1);
+    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+        (*p) += 2;
+        return (1);
+    }
+    return (0);
+}
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end(p, len);
+}
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax)
+{
+    int i, ret;
+    long l;
+    const unsigned char *p = *pp;
+    int tag, xclass, inf;
+    long max = omax;
+
+    if (!max)
+        goto err;
+    ret = (*p & V_ASN1_CONSTRUCTED);
+    xclass = (*p & V_ASN1_PRIVATE);
+    i = *p & V_ASN1_PRIMITIVE_TAG;
+    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+        p++;
+        if (--max == 0)
+            goto err;
+        l = 0;
+        while (*p & 0x80) {
+            l <<= 7L;
+            l |= *(p++) & 0x7f;
+            if (--max == 0)
+                goto err;
+            if (l > (INT_MAX >> 7L))
+                goto err;
+        }
+        l <<= 7L;
+        l |= *(p++) & 0x7f;
+        tag = (int)l;
+        if (--max == 0)
+            goto err;
+    } else {
+        tag = i;
+        p++;
+        if (--max == 0)
+            goto err;
+    }
+    *ptag = tag;
+    *pclass = xclass;
+    if (!asn1_get_length(&p, &inf, plength, max))
+        goto err;
+
+    if (inf && !(ret & V_ASN1_CONSTRUCTED))
+        goto err;
+
+    if (*plength > (omax - (p - *pp))) {
+        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+        /*
+         * Set this so that even if things are not long enough the values are
+         * set correctly
+         */
+        ret |= 0x80;
+    }
+    *pp = p;
+    return (ret | inf);
+ err:
+    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+    return (0x80);
+}
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max)
+{
+    const unsigned char *p = *pp;
+    unsigned long ret = 0;
+    unsigned long i;
+
+    if (max-- < 1)
+        return 0;
+    if (*p == 0x80) {
+        *inf = 1;
+        ret = 0;
+        p++;
+    } else {
+        *inf = 0;
+        i = *p & 0x7f;
+        if (*(p++) & 0x80) {
+            if (max < (long)i + 1)
+                return 0;
+            /* Skip leading zeroes */
+            while (i && *p == 0) {
+                p++;
+                i--;
+            }
+            if (i > sizeof(long))
+                return 0;
+            while (i-- > 0) {
+                ret <<= 8L;
+                ret |= *(p++);
+            }
+        } else
+            ret = i;
+    }
+    if (ret > LONG_MAX)
+        return 0;
+    *pp = p;
+    *rl = (long)ret;
+    return 1;
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+                     int xclass)
+{
+    unsigned char *p = *pp;
+    int i, ttag;
+
+    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+    i |= (xclass & V_ASN1_PRIVATE);
+    if (tag < 31)
+        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+    else {
+        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+        for (i = 0, ttag = tag; ttag > 0; i++)
+            ttag >>= 7;
+        ttag = i;
+        while (i-- > 0) {
+            p[i] = tag & 0x7f;
+            if (i != (ttag - 1))
+                p[i] |= 0x80;
+            tag >>= 7;
+        }
+        p += ttag;
+    }
+    if (constructed == 2)
+        *(p++) = 0x80;
+    else
+        asn1_put_length(&p, length);
+    *pp = p;
+}
+
+int ASN1_put_eoc(unsigned char **pp)
+{
+    unsigned char *p = *pp;
+    *p++ = 0;
+    *p++ = 0;
+    *pp = p;
+    return 2;
+}
+
+static void asn1_put_length(unsigned char **pp, int length)
+{
+    unsigned char *p = *pp;
+    int i, l;
+    if (length <= 127)
+        *(p++) = (unsigned char)length;
+    else {
+        l = length;
+        for (i = 0; l > 0; i++)
+            l >>= 8;
+        *(p++) = i | 0x80;
+        l = i;
+        while (i-- > 0) {
+            p[i] = length & 0xff;
+            length >>= 8;
+        }
+        p += l;
+    }
+    *pp = p;
+}
+
+int ASN1_object_size(int constructed, int length, int tag)
+{
+    int ret = 1;
+    if (length < 0)
+        return -1;
+    if (tag >= 31) {
+        while (tag > 0) {
+            tag >>= 7;
+            ret++;
+        }
+    }
+    if (constructed == 2) {
+        ret += 3;
+    } else {
+        ret++;
+        if (length > 127) {
+            int tmplen = length;
+            while (tmplen > 0) {
+                tmplen >>= 8;
+                ret++;
+            }
+        }
+    }
+    if (ret >= INT_MAX - length)
+        return -1;
+    return ret + length;
+}
+
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
+{
+    if (str == NULL)
+        return 0;
+    dst->type = str->type;
+    if (!ASN1_STRING_set(dst, str->data, str->length))
+        return 0;
+    /* Copy flags but preserve embed value */
+    dst->flags &= ASN1_STRING_FLAG_EMBED;
+    dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED;
+    return 1;
+}
+
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
+{
+    ASN1_STRING *ret;
+    if (!str)
+        return NULL;
+    ret = ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_STRING_copy(ret, str)) {
+        ASN1_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+{
+    unsigned char *c;
+    const char *data = _data;
+
+    if (len < 0) {
+        if (data == NULL)
+            return (0);
+        else
+            len = strlen(data);
+    }
+    if ((str->length <= len) || (str->data == NULL)) {
+        c = str->data;
+        str->data = OPENSSL_realloc(c, len + 1);
+        if (str->data == NULL) {
+            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+            str->data = c;
+            return (0);
+        }
+    }
+    str->length = len;
+    if (data != NULL) {
+        memcpy(str->data, data, len);
+        /* an allowance for strings :-) */
+        str->data[len] = '\0';
+    }
+    return (1);
+}
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+{
+    OPENSSL_free(str->data);
+    str->data = data;
+    str->length = len;
+}
+
+ASN1_STRING *ASN1_STRING_new(void)
+{
+    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+}
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+{
+    ASN1_STRING *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->type = type;
+    return (ret);
+}
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed)
+{
+    if (a == NULL)
+        return;
+    if (!(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_free(a->data);
+    if (embed == 0)
+        OPENSSL_free(a);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
+}
+
+void ASN1_STRING_clear_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_cleanse(a->data, a->length);
+    ASN1_STRING_free(a);
+}
+
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+    int i;
+
+    i = (a->length - b->length);
+    if (i == 0) {
+        i = memcmp(a->data, b->data, a->length);
+        if (i == 0)
+            return (a->type - b->type);
+        else
+            return (i);
+    } else
+        return (i);
+}
+
+int ASN1_STRING_length(const ASN1_STRING *x)
+{
+    return x->length;
+}
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{
+    x->length = len;
+}
+
+int ASN1_STRING_type(const ASN1_STRING *x)
+{
+    return x->type;
+}
+
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+    return x->data;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+    return x->data;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/asn1/asn1_locl.h b/openssl-1.1.0h/crypto/asn1/asn1_locl.h
new file mode 100644
index 0000000..9a47b1e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn1_locl.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+
+/* ASN1 scan context structure */
+
+struct asn1_sctx_st {
+    /* The ASN1_ITEM associated with this field */
+    const ASN1_ITEM *it;
+    /* If ASN1_TEMPLATE associated with this field */
+    const ASN1_TEMPLATE *tt;
+    /* Various flags associated with field and context */
+    unsigned long flags;
+    /* If SEQUENCE OF or SET OF, field index */
+    int skidx;
+    /* ASN1 depth of field */
+    int depth;
+    /* Structure and field name */
+    const char *sname, *fname;
+    /* If a primitive type the type of underlying field */
+    int prim_type;
+    /* The field value itself */
+    ASN1_VALUE **field;
+    /* Callback to pass information to */
+    int (*scan_cb) (ASN1_SCTX *ctx);
+    /* Context specific application data */
+    void *app_data;
+} /* ASN1_SCTX */ ;
+
+typedef struct mime_param_st MIME_PARAM;
+DEFINE_STACK_OF(MIME_PARAM)
+typedef struct mime_header_st MIME_HEADER;
+DEFINE_STACK_OF(MIME_HEADER)
+
+/* Month values for printing out times */
+extern const char *_asn1_mon[12];
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it);
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long length);
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long length);
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
diff --git a/openssl-1.1.0h/crypto/asn1/asn1_par.c b/openssl-1.1.0h/crypto/asn1/asn1_par.c
new file mode 100644
index 0000000..fabc8d6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn1_par.c
@@ -0,0 +1,375 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent)
+{
+    static const char fmt[] = "%-18s";
+    char str[128];
+    const char *p;
+
+    if (constructed & V_ASN1_CONSTRUCTED)
+        p = "cons: ";
+    else
+        p = "prim: ";
+    if (BIO_write(bp, p, 6) < 6)
+        goto err;
+    BIO_indent(bp, indent, 128);
+
+    p = str;
+    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+        BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
+    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+        BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
+    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+        BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
+    else if (tag > 30)
+        BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
+    else
+        p = ASN1_tag2str(tag);
+
+    if (BIO_printf(bp, fmt, p) <= 0)
+        goto err;
+    return (1);
+ err:
+    return (0);
+}
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+}
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump)
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+}
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump)
+{
+    const unsigned char *p, *ep, *tot, *op, *opp;
+    long len;
+    int tag, xclass, ret = 0;
+    int nl, hl, j, r;
+    ASN1_OBJECT *o = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    /* ASN1_BMPSTRING *bmp=NULL; */
+    int dump_indent, dump_cont = 0;
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+        BIO_puts(bp, "BAD RECURSION DEPTH\n");
+        return 0;
+    }
+
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
+    p = *pp;
+    tot = p + length;
+    while (length > 0) {
+        op = p;
+        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
+        if (j & 0x80) {
+            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+                goto end;
+            ret = 0;
+            goto end;
+        }
+        hl = (p - op);
+        length -= hl;
+        /*
+         * if j == 0x21 it is a constructed indefinite length object
+         */
+        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+            <= 0)
+            goto end;
+
+        if (j != (V_ASN1_CONSTRUCTED | 1)) {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+                           depth, (long)hl, len) <= 0)
+                goto end;
+        } else {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
+                goto end;
+        }
+        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+            goto end;
+        if (j & V_ASN1_CONSTRUCTED) {
+            const unsigned char *sp = p;
+
+            ep = p + len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+            if (len > length) {
+                BIO_printf(bp, "length is greater than %ld\n", length);
+                ret = 0;
+                goto end;
+            }
+            if ((j == 0x21) && (len == 0)) {
+                for (;;) {
+                    r = asn1_parse2(bp, &p, (long)(tot - p),
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    if ((r == 2) || (p >= tot)) {
+                        len = p - sp;
+                        break;
+                    }
+                }
+            } else {
+                long tmp = len;
+
+                while (p < ep) {
+                    sp = p;
+                    r = asn1_parse2(bp, &p, tmp,
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    tmp -= p - sp;
+                }
+            }
+        } else if (xclass != 0) {
+            p += len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+        } else {
+            nl = 0;
+            if ((tag == V_ASN1_PRINTABLESTRING) ||
+                (tag == V_ASN1_T61STRING) ||
+                (tag == V_ASN1_IA5STRING) ||
+                (tag == V_ASN1_VISIBLESTRING) ||
+                (tag == V_ASN1_NUMERICSTRING) ||
+                (tag == V_ASN1_UTF8STRING) ||
+                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+                if (BIO_write(bp, ":", 1) <= 0)
+                    goto end;
+                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+                    != (int)len)
+                    goto end;
+            } else if (tag == V_ASN1_OBJECT) {
+                opp = op;
+                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    i2a_ASN1_OBJECT(bp, o);
+                } else {
+                    if (BIO_puts(bp, ":BAD OBJECT") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+            } else if (tag == V_ASN1_BOOLEAN) {
+                if (len != 1) {
+                    if (BIO_puts(bp, ":BAD BOOLEAN") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                if (len > 0)
+                    BIO_printf(bp, ":%u", p[0]);
+            } else if (tag == V_ASN1_BMPSTRING) {
+                /* do the BMP thang */
+            } else if (tag == V_ASN1_OCTET_STRING) {
+                int i, printable = 1;
+
+                opp = op;
+                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+                if (os != NULL && os->length > 0) {
+                    opp = os->data;
+                    /*
+                     * testing whether the octet string is printable
+                     */
+                    for (i = 0; i < os->length; i++) {
+                        if (((opp[i] < ' ') &&
+                             (opp[i] != '\n') &&
+                             (opp[i] != '\r') &&
+                             (opp[i] != '\t')) || (opp[i] > '~')) {
+                            printable = 0;
+                            break;
+                        }
+                    }
+                    if (printable)
+                        /* printable string */
+                    {
+                        if (BIO_write(bp, ":", 1) <= 0)
+                            goto end;
+                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+                            goto end;
+                    } else if (!dump)
+                        /*
+                         * not printable => print octet string as hex dump
+                         */
+                    {
+                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+                            goto end;
+                        for (i = 0; i < os->length; i++) {
+                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+                                goto end;
+                        }
+                    } else
+                        /* print the normal dump */
+                    {
+                        if (!nl) {
+                            if (BIO_write(bp, "\n", 1) <= 0)
+                                goto end;
+                        }
+                        if (BIO_dump_indent(bp,
+                                            (const char *)opp,
+                                            ((dump == -1 || dump >
+                                              os->
+                                              length) ? os->length : dump),
+                                            dump_indent) <= 0)
+                            goto end;
+                        nl = 1;
+                    }
+                }
+                ASN1_OCTET_STRING_free(os);
+                os = NULL;
+            } else if (tag == V_ASN1_INTEGER) {
+                ASN1_INTEGER *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_INTEGER)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD INTEGER") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_INTEGER_free(bs);
+            } else if (tag == V_ASN1_ENUMERATED) {
+                ASN1_ENUMERATED *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_ENUMERATED)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_ENUMERATED_free(bs);
+            } else if (len > 0 && dump) {
+                if (!nl) {
+                    if (BIO_write(bp, "\n", 1) <= 0)
+                        goto end;
+                }
+                if (BIO_dump_indent(bp, (const char *)p,
+                                    ((dump == -1 || dump > len) ? len : dump),
+                                    dump_indent) <= 0)
+                    goto end;
+                nl = 1;
+            }
+            if (dump_cont) {
+                int i;
+                const unsigned char *tmp = op + hl;
+                if (BIO_puts(bp, ":[") <= 0)
+                    goto end;
+                for (i = 0; i < len; i++) {
+                    if (BIO_printf(bp, "%02X", tmp[i]) <= 0)
+                        goto end;
+                }
+                if (BIO_puts(bp, "]") <= 0)
+                    goto end;
+            }
+
+            if (!nl) {
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto end;
+            }
+            p += len;
+            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+                ret = 2;        /* End of sequence */
+                goto end;
+            }
+        }
+        length -= len;
+    }
+    ret = 1;
+ end:
+    ASN1_OBJECT_free(o);
+    ASN1_OCTET_STRING_free(os);
+    *pp = p;
+    return (ret);
+}
+
+const char *ASN1_tag2str(int tag)
+{
+    static const char *const tag2str[] = {
+        /* 0-4 */
+        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */
+        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+        /* 25-27 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+    };
+
+    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+        tag &= ~0x100;
+
+    if (tag < 0 || tag > 30)
+        return "(unknown)";
+    return tag2str[tag];
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn_mime.c b/openssl-1.1.0h/crypto/asn1/asn_mime.c
new file mode 100644
index 0000000..84475e9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn_mime.c
@@ -0,0 +1,981 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "internal/evp_int.h"
+#include "internal/bio.h"
+#include "asn1_locl.h"
+
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
+ */
+
+struct mime_param_st {
+    char *param_name;           /* Param name e.g. "micalg" */
+    char *param_value;          /* Param value e.g. "sha1" */
+};
+
+struct mime_header_st {
+    char *name;                 /* Name of line e.g. "content-type" */
+    char *value;                /* Value of line e.g. "text/plain" */
+    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+};
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it);
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen, int flags);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x)           /* x */
+
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it)
+{
+    /* If streaming create stream BIO and copy all content through it */
+    if (flags & SMIME_STREAM) {
+        BIO *bio, *tbio;
+        bio = BIO_new_NDEF(out, val, it);
+        if (!bio) {
+            ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        SMIME_crlf_copy(in, bio, flags);
+        (void)BIO_flush(bio);
+        /* Free up successive BIOs until we hit the old output BIO */
+        do {
+            tbio = BIO_pop(bio);
+            BIO_free(bio);
+            bio = tbio;
+        } while (bio != out);
+    }
+    /*
+     * else just write out ASN1 structure which will have all content stored
+     * internally
+     */
+    else
+        ASN1_item_i2d_bio(it, out, val);
+    return 1;
+}
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                          const ASN1_ITEM *it)
+{
+    BIO *b64;
+    int r;
+    b64 = BIO_new(BIO_f_base64());
+    if (b64 == NULL) {
+        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * prepend the b64 BIO so all data is base64 encoded.
+     */
+    out = BIO_push(b64, out);
+    r = i2d_ASN1_bio_stream(out, val, in, flags, it);
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(b64);
+    return r;
+}
+
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it)
+{
+    int r;
+    BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+    r = B64_write_ASN1(out, val, in, flags, it);
+    BIO_printf(out, "-----END %s-----\n", hdr);
+    return r;
+}
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+    BIO *b64;
+    ASN1_VALUE *val;
+
+    if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
+        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    bio = BIO_push(b64, bio);
+    val = ASN1_item_d2i_bio(it, bio, NULL);
+    if (!val)
+        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+    (void)BIO_flush(bio);
+    BIO_pop(bio);
+    BIO_free(b64);
+    return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+{
+    const EVP_MD *md;
+    int i, have_unknown = 0, write_comma, ret = 0, md_nid;
+    have_unknown = 0;
+    write_comma = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+        if (write_comma)
+            BIO_write(out, ",", 1);
+        write_comma = 1;
+        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+        md = EVP_get_digestbynid(md_nid);
+        if (md && md->md_ctrl) {
+            int rv;
+            char *micstr;
+            rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+            if (rv > 0) {
+                BIO_puts(out, micstr);
+                OPENSSL_free(micstr);
+                continue;
+            }
+            if (rv != -2)
+                goto err;
+        }
+        switch (md_nid) {
+        case NID_sha1:
+            BIO_puts(out, "sha1");
+            break;
+
+        case NID_md5:
+            BIO_puts(out, "md5");
+            break;
+
+        case NID_sha256:
+            BIO_puts(out, "sha-256");
+            break;
+
+        case NID_sha384:
+            BIO_puts(out, "sha-384");
+            break;
+
+        case NID_sha512:
+            BIO_puts(out, "sha-512");
+            break;
+
+        case NID_id_GostR3411_94:
+            BIO_puts(out, "gostr3411-94");
+            goto err;
+
+        default:
+            if (have_unknown)
+                write_comma = 0;
+            else {
+                BIO_puts(out, "unknown");
+                have_unknown = 1;
+            }
+            break;
+
+        }
+    }
+
+    ret = 1;
+ err:
+
+    return ret;
+
+}
+
+/* SMIME sender */
+
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
+{
+    char bound[33], c;
+    int i;
+    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+    const char *msg_type = NULL;
+    if (flags & SMIME_OLDMIME)
+        mime_prefix = "application/x-pkcs7-";
+    else
+        mime_prefix = "application/pkcs7-";
+
+    if (flags & SMIME_CRLFEOL)
+        mime_eol = "\r\n";
+    else
+        mime_eol = "\n";
+    if ((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+        /* Generate a random boundary */
+        if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+            return 0;
+        for (i = 0; i < 32; i++) {
+            c = bound[i] & 0xf;
+            if (c < 10)
+                c += '0';
+            else
+                c += 'A' - 10;
+            bound[i] = c;
+        }
+        bound[32] = 0;
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Type: multipart/signed;");
+        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+        BIO_puts(bio, " micalg=\"");
+        asn1_write_micalg(bio, mdalgs);
+        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                   bound, mime_eol, mime_eol);
+        BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                   mime_eol, mime_eol);
+        /* Now write out the first part */
+        BIO_printf(bio, "------%s%s", bound, mime_eol);
+        if (!asn1_output_data(bio, data, val, flags, it))
+            return 0;
+        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+        /* Headers for signature */
+
+        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+        B64_write_ASN1(bio, val, NULL, 0, it);
+        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+                   mime_eol, mime_eol);
+        return 1;
+    }
+
+    /* Determine smime-type header */
+
+    if (ctype_nid == NID_pkcs7_enveloped)
+        msg_type = "enveloped-data";
+    else if (ctype_nid == NID_pkcs7_signed) {
+        if (econt_nid == NID_id_smime_ct_receipt)
+            msg_type = "signed-receipt";
+        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+            msg_type = "signed-data";
+        else
+            msg_type = "certs-only";
+    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+        msg_type = "compressed-data";
+        cname = "smime.p7z";
+    }
+    /* MIME headers */
+    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+    BIO_printf(bio, "Content-Disposition: attachment;");
+    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+    if (msg_type)
+        BIO_printf(bio, " smime-type=%s;", msg_type);
+    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+               mime_eol, mime_eol);
+    if (!B64_write_ASN1(bio, val, data, flags, it))
+        return 0;
+    BIO_printf(bio, "%s", mime_eol);
+    return 1;
+}
+
+/* Handle output of ASN1 data */
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it)
+{
+    BIO *tmpbio;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+    int rv = 1;
+
+    /*
+     * If data is not detached or resigning then the output BIO is already
+     * set up to finalise when it is written through.
+     */
+    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return 0;
+    }
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    /* Let ASN1 code prepend any needed BIOs */
+
+    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+        return 0;
+
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+    /* Finalize structure */
+    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+        rv = 0;
+
+    /* Now remove any digests prepended to the BIO */
+
+    while (sarg.ndef_bio != out) {
+        tmpbio = BIO_pop(sarg.ndef_bio);
+        BIO_free(sarg.ndef_bio);
+        sarg.ndef_bio = tmpbio;
+    }
+
+    return rv;
+
+}
+
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+    BIO *asnin;
+    STACK_OF(MIME_HEADER) *headers = NULL;
+    STACK_OF(BIO) *parts = NULL;
+    MIME_HEADER *hdr;
+    MIME_PARAM *prm;
+    ASN1_VALUE *val;
+    int ret;
+
+    if (bcont)
+        *bcont = NULL;
+
+    if ((headers = mime_parse_hdr(bio)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+        return NULL;
+    }
+
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Handle multipart/signed */
+
+    if (strcmp(hdr->value, "multipart/signed") == 0) {
+        /* Split into two parts */
+        prm = mime_param_find(hdr, "boundary");
+        if (!prm || !prm->param_value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+            return NULL;
+        }
+        ret = multi_split(bio, prm->param_value, &parts);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        if (!ret || (sk_BIO_num(parts) != 2)) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Parse the signature piece */
+        asnin = sk_BIO_value(parts, 1);
+
+        if ((headers = mime_parse_hdr(asnin)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Get content type */
+
+        if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+            || hdr->value == NULL) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+            strcmp(hdr->value, "application/pkcs7-signature")) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+            ERR_add_error_data(2, "type: ", hdr->value);
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        /* Read in ASN1 */
+        if ((val = b64_read_asn1(asnin, it)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (bcont) {
+            *bcont = sk_BIO_value(parts, 0);
+            BIO_free(asnin);
+            sk_BIO_free(parts);
+        } else
+            sk_BIO_pop_free(parts, BIO_vfree);
+        return val;
+    }
+
+    /* OK, if not multipart/signed try opaque signature */
+
+    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+        strcmp(hdr->value, "application/pkcs7-mime")) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return NULL;
+    }
+
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+    if ((val = b64_read_asn1(bio, it)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+        return NULL;
+    }
+    return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+    BIO *bf;
+    char eol;
+    int len;
+    char linebuf[MAX_SMLEN];
+    /*
+     * Buffer output so we don't write one line at a time. This is useful
+     * when streaming as we don't end up with one OCTET STRING per line.
+     */
+    bf = BIO_new(BIO_f_buffer());
+    if (bf == NULL)
+        return 0;
+    out = BIO_push(bf, out);
+    if (flags & SMIME_BINARY) {
+        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+            BIO_write(out, linebuf, len);
+    } else {
+        int eolcnt = 0;
+        if (flags & SMIME_TEXT)
+            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+            eol = strip_eol(linebuf, &len, flags);
+            if (len) {
+                /* Not EOF: write out all CRLF */
+                if (flags & SMIME_ASCIICRLF) {
+                    int i;
+                    for (i = 0; i < eolcnt; i++)
+                        BIO_write(out, "\r\n", 2);
+                    eolcnt = 0;
+                }
+                BIO_write(out, linebuf, len);
+                if (eol)
+                    BIO_write(out, "\r\n", 2);
+            } else if (flags & SMIME_ASCIICRLF)
+                eolcnt++;
+            else if (eol)
+                BIO_write(out, "\r\n", 2);
+        }
+    }
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(bf);
+    return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+    char iobuf[4096];
+    int len;
+    STACK_OF(MIME_HEADER) *headers;
+    MIME_HEADER *hdr;
+
+    if ((headers = mime_parse_hdr(in)) == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+        return 0;
+    }
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    if (strcmp(hdr->value, "text/plain")) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+        BIO_write(out, iobuf, len);
+    if (len < 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
+{
+    char linebuf[MAX_SMLEN];
+    int len, blen;
+    int eol = 0, next_eol = 0;
+    BIO *bpart = NULL;
+    STACK_OF(BIO) *parts;
+    char state, part, first;
+
+    blen = strlen(bound);
+    part = 0;
+    state = 0;
+    first = 1;
+    parts = sk_BIO_new_null();
+    *ret = parts;
+    if (*ret == NULL)
+        return 0;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        state = mime_bound_check(linebuf, len, bound, blen);
+        if (state == 1) {
+            first = 1;
+            part++;
+        } else if (state == 2) {
+            if (!sk_BIO_push(parts, bpart)) {
+                BIO_free(bpart);
+                return 0;
+            }
+            return 1;
+        } else if (part) {
+            /* Strip CR+LF from linebuf */
+            next_eol = strip_eol(linebuf, &len, 0);
+            if (first) {
+                first = 0;
+                if (bpart)
+                    if (!sk_BIO_push(parts, bpart)) {
+                        BIO_free(bpart);
+                        return 0;
+                    }
+                bpart = BIO_new(BIO_s_mem());
+                if (bpart == NULL)
+                    return 0;
+                BIO_set_mem_eof_return(bpart, 0);
+            } else if (eol)
+                BIO_write(bpart, "\r\n", 2);
+            eol = next_eol;
+            if (len)
+                BIO_write(bpart, linebuf, len);
+        }
+    }
+    BIO_free(bpart);
+    return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+    char *p, *q, c;
+    char *ntmp;
+    char linebuf[MAX_SMLEN];
+    MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
+    STACK_OF(MIME_HEADER) *headers;
+    int len, state, save_state = 0;
+
+    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+    if (headers == NULL)
+        return NULL;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if (mhdr && isspace((unsigned char)linebuf[0]))
+            state = MIME_NAME;
+        else
+            state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+             p++) {
+
+            /*
+             * State machine to handle MIME headers if this looks horrible
+             * that's because it *is*
+             */
+
+            switch (state) {
+            case MIME_START:
+                if (c == ':') {
+                    state = MIME_TYPE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_TYPE:
+                if (c == ';') {
+                    mime_debug("Found End Value\n");
+                    *p = 0;
+                    new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+                    if (new_hdr == NULL)
+                        goto err;
+                    if (!sk_MIME_HEADER_push(headers, new_hdr))
+                        goto err;
+                    mhdr = new_hdr;
+                    new_hdr = NULL;
+                    ntmp = NULL;
+                    q = p + 1;
+                    state = MIME_NAME;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_COMMENT:
+                if (c == ')') {
+                    state = save_state;
+                }
+                break;
+
+            case MIME_NAME:
+                if (c == '=') {
+                    state = MIME_VALUE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_VALUE:
+                if (c == ';') {
+                    state = MIME_NAME;
+                    *p = 0;
+                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                    ntmp = NULL;
+                    q = p + 1;
+                } else if (c == '"') {
+                    mime_debug("Found Quote\n");
+                    state = MIME_QUOTE;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_QUOTE:
+                if (c == '"') {
+                    mime_debug("Found Match Quote\n");
+                    state = MIME_VALUE;
+                }
+                break;
+            }
+        }
+
+        if (state == MIME_TYPE) {
+            new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+            if (new_hdr == NULL)
+                goto err;
+            if (!sk_MIME_HEADER_push(headers, new_hdr))
+                goto err;
+            mhdr = new_hdr;
+            new_hdr = NULL;
+        } else if (state == MIME_VALUE)
+            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if (p == linebuf)
+            break;              /* Blank line means end of headers */
+    }
+
+    return headers;
+
+err:
+    mime_hdr_free(new_hdr);
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    return NULL;
+}
+
+static char *strip_ends(char *name)
+{
+    return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+    char *p, c;
+    /* Look for first non white space or quote */
+    for (p = name; (c = *p); p++) {
+        if (c == '"') {
+            /* Next char is start of string if non null */
+            if (p[1])
+                return p + 1;
+            /* Else null string */
+            return NULL;
+        }
+        if (!isspace((unsigned char)c))
+            return p;
+    }
+    return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+    char *p, c;
+    if (!name)
+        return NULL;
+    /* Look for first non white space or quote */
+    for (p = name + strlen(name) - 1; p >= name; p--) {
+        c = *p;
+        if (c == '"') {
+            if (p - 1 == name)
+                return NULL;
+            *p = 0;
+            return name;
+        }
+        if (isspace((unsigned char)c))
+            *p = 0;
+        else
+            return name;
+    }
+    return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
+{
+    MIME_HEADER *mhdr = NULL;
+    char *tmpname = NULL, *tmpval = NULL, *p;
+    int c;
+
+    if (name) {
+        if ((tmpname = OPENSSL_strdup(name)) == NULL)
+            return NULL;
+        for (p = tmpname; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    }
+    if (value) {
+        if ((tmpval = OPENSSL_strdup(value)) == NULL)
+            goto err;
+        for (p = tmpval; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    }
+    mhdr = OPENSSL_malloc(sizeof(*mhdr));
+    if (mhdr == NULL)
+        goto err;
+    mhdr->name = tmpname;
+    mhdr->value = tmpval;
+    if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL)
+        goto err;
+    return mhdr;
+
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mhdr);
+    return NULL;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
+{
+    char *tmpname = NULL, *tmpval = NULL, *p;
+    int c;
+    MIME_PARAM *mparam = NULL;
+    if (name) {
+        tmpname = OPENSSL_strdup(name);
+        if (!tmpname)
+            goto err;
+        for (p = tmpname; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    }
+    if (value) {
+        tmpval = OPENSSL_strdup(value);
+        if (!tmpval)
+            goto err;
+    }
+    /* Parameter values are case sensitive so leave as is */
+    mparam = OPENSSL_malloc(sizeof(*mparam));
+    if (mparam == NULL)
+        goto err;
+    mparam->param_name = tmpname;
+    mparam->param_value = tmpval;
+    if (!sk_MIME_PARAM_push(mhdr->params, mparam))
+        goto err;
+    return 1;
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mparam);
+    return 0;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b)
+{
+    if (!(*a)->name || !(*b)->name)
+        return ! !(*a)->name - ! !(*b)->name;
+
+    return (strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b)
+{
+    if (!(*a)->param_name || !(*b)->param_name)
+        return ! !(*a)->param_name - ! !(*b)->param_name;
+    return (strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
+{
+    MIME_HEADER htmp;
+    int idx;
+
+    htmp.name = (char *)name;
+    htmp.value = NULL;
+    htmp.params = NULL;
+
+    idx = sk_MIME_HEADER_find(hdrs, &htmp);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
+{
+    MIME_PARAM param;
+    int idx;
+
+    param.param_name = (char *)name;
+    param.param_value = NULL;
+    idx = sk_MIME_PARAM_find(hdr->params, &param);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+    if (hdr == NULL)
+        return;
+    OPENSSL_free(hdr->name);
+    OPENSSL_free(hdr->value);
+    if (hdr->params)
+        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+    OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+    OPENSSL_free(param->param_name);
+    OPENSSL_free(param->param_value);
+    OPENSSL_free(param);
+}
+
+/*-
+ * Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
+{
+    if (linelen == -1)
+        linelen = strlen(line);
+    if (blen == -1)
+        blen = strlen(bound);
+    /* Quickly eliminate if line length too short */
+    if (blen + 2 > linelen)
+        return 0;
+    /* Check for part boundary */
+    if ((strncmp(line, "--", 2) == 0)
+        && strncmp(line + 2, bound, blen) == 0) {
+        if (strncmp(line + blen + 2, "--", 2) == 0)
+            return 2;
+        else
+            return 1;
+    }
+    return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen, int flags)
+{
+    int len = *plen;
+    char *p, c;
+    int is_eol = 0;
+    p = linebuf + len - 1;
+    for (p = linebuf + len - 1; len > 0; len--, p--) {
+        c = *p;
+        if (c == '\n')
+            is_eol = 1;
+        else if (is_eol && flags & SMIME_ASCIICRLF && c < 33)
+            continue;
+        else if (c != '\r')
+            break;
+    }
+    *plen = len;
+    return is_eol;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn_moid.c b/openssl-1.1.0h/crypto/asn1/asn_moid.c
new file mode 100644
index 0000000..8176b76
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn_moid.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/objects.h"
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(const char *value, const char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_create(oval->value, oval->name)) {
+            ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void oid_module_finish(CONF_IMODULE *md)
+{
+}
+
+void ASN1_add_oid_module(void)
+{
+    CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+}
+
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+static int do_create(const char *value, const char *name)
+{
+    int nid;
+    ASN1_OBJECT *oid;
+    const char *ln, *ostr, *p;
+    char *lntmp;
+    p = strrchr(value, ',');
+    if (!p) {
+        ln = name;
+        ostr = value;
+    } else {
+        ln = NULL;
+        ostr = p + 1;
+        if (!*ostr)
+            return 0;
+        while (isspace((unsigned char)*ostr))
+            ostr++;
+    }
+
+    nid = OBJ_create(ostr, name, ln);
+
+    if (nid == NID_undef)
+        return 0;
+
+    if (p) {
+        ln = value;
+        while (isspace((unsigned char)*ln))
+            ln++;
+        p--;
+        while (isspace((unsigned char)*p)) {
+            if (p == ln)
+                return 0;
+            p--;
+        }
+        p++;
+        lntmp = OPENSSL_malloc((p - ln) + 1);
+        if (lntmp == NULL)
+            return 0;
+        memcpy(lntmp, ln, p - ln);
+        lntmp[p - ln] = 0;
+        oid = OBJ_nid2obj(nid);
+        oid->ln = lntmp;
+    }
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn_mstbl.c b/openssl-1.1.0h/crypto/asn1/asn_mstbl.c
new file mode 100644
index 0000000..8260939
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn_mstbl.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Multi string module: add table entries from a given section */
+
+static int do_tcreate(const char *value, const char *name);
+
+static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *stbl_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *mval;
+
+    stbl_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) {
+        ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        mval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_tcreate(mval->value, mval->name)) {
+            ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void stbl_module_finish(CONF_IMODULE *md)
+{
+    ASN1_STRING_TABLE_cleanup();
+}
+
+void ASN1_add_stable_module(void)
+{
+    CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish);
+}
+
+/*
+ * Create an table entry based on a name value pair. format is oid_name =
+ * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags".
+ */
+
+static int do_tcreate(const char *value, const char *name)
+{
+    char *eptr;
+    int nid, i, rv = 0;
+    long tbl_min = -1, tbl_max = -1;
+    unsigned long tbl_mask = 0, tbl_flags = 0;
+    STACK_OF(CONF_VALUE) *lst = NULL;
+    CONF_VALUE *cnf = NULL;
+    nid = OBJ_sn2nid(name);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(name);
+    if (nid == NID_undef)
+        goto err;
+    lst = X509V3_parse_list(value);
+    if (!lst)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
+        cnf = sk_CONF_VALUE_value(lst, i);
+        if (strcmp(cnf->name, "min") == 0) {
+            tbl_min = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "max") == 0) {
+            tbl_max = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "mask") == 0) {
+            if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask)
+                goto err;
+        } else if (strcmp(cnf->name, "flags") == 0) {
+            if (strcmp(cnf->value, "nomask") == 0)
+                tbl_flags = STABLE_NO_MASK;
+            else if (strcmp(cnf->value, "none") == 0)
+                tbl_flags = STABLE_FLAGS_CLEAR;
+            else
+                goto err;
+        } else
+            goto err;
+    }
+    rv = 1;
+ err:
+    if (rv == 0) {
+        ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE);
+        if (cnf)
+            ERR_add_error_data(4, "field=", cnf->name,
+                               ", value=", cnf->value);
+        else
+            ERR_add_error_data(4, "name=", name, ", value=", value);
+    } else {
+        rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max,
+                                   tbl_mask, tbl_flags);
+        if (!rv)
+            ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE);
+    }
+    sk_CONF_VALUE_pop_free(lst, X509V3_conf_free);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/asn_pack.c b/openssl-1.1.0h/crypto/asn1/asn_pack.c
new file mode 100644
index 0000000..63bc306
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/asn_pack.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* ASN1 packing and unpacking functions */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+    ASN1_STRING *octmp;
+
+     if (oct == NULL || *oct == NULL) {
+        if ((octmp = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        octmp = *oct;
+    }
+
+    OPENSSL_free(octmp->data);
+    octmp->data = NULL;
+
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (octmp->data == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
+    return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+    const unsigned char *p;
+    void *ret;
+
+    p = oct->data;
+    if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL)
+        ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/bio_asn1.c b/openssl-1.1.0h/crypto/asn1/bio_asn1.c
new file mode 100644
index 0000000..2a8a41f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/bio_asn1.c
@@ -0,0 +1,437 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Experimental ASN1 BIO. When written through the data is converted to an
+ * ASN1 string type: default is OCTET STRING. Additional functions can be
+ * provided to add prefix and suffix data.
+ */
+
+#include <string.h>
+#include <internal/bio.h>
+#include <openssl/asn1.h>
+
+/* Must be large enough for biggest tag+length */
+#define DEFAULT_ASN1_BUF_SIZE 20
+
+typedef enum {
+    ASN1_STATE_START,
+    ASN1_STATE_PRE_COPY,
+    ASN1_STATE_HEADER,
+    ASN1_STATE_HEADER_COPY,
+    ASN1_STATE_DATA_COPY,
+    ASN1_STATE_POST_COPY,
+    ASN1_STATE_DONE
+} asn1_bio_state_t;
+
+typedef struct BIO_ASN1_EX_FUNCS_st {
+    asn1_ps_func *ex_func;
+    asn1_ps_func *ex_free_func;
+} BIO_ASN1_EX_FUNCS;
+
+typedef struct BIO_ASN1_BUF_CTX_t {
+    /* Internal state */
+    asn1_bio_state_t state;
+    /* Internal buffer */
+    unsigned char *buf;
+    /* Size of buffer */
+    int bufsize;
+    /* Current position in buffer */
+    int bufpos;
+    /* Current buffer length */
+    int buflen;
+    /* Amount of data to copy */
+    int copylen;
+    /* Class and tag to use */
+    int asn1_class, asn1_tag;
+    asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
+    /* Extra buffer for prefix and suffix data */
+    unsigned char *ex_buf;
+    int ex_len;
+    int ex_pos;
+    void *ex_arg;
+} BIO_ASN1_BUF_CTX;
+
+static int asn1_bio_write(BIO *h, const char *buf, int num);
+static int asn1_bio_read(BIO *h, char *buf, int size);
+static int asn1_bio_puts(BIO *h, const char *str);
+static int asn1_bio_gets(BIO *h, char *str, int size);
+static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int asn1_bio_new(BIO *h);
+static int asn1_bio_free(BIO *data);
+static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next);
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state);
+
+static const BIO_METHOD methods_asn1 = {
+    BIO_TYPE_ASN1,
+    "asn1",
+    asn1_bio_write,
+    asn1_bio_read,
+    asn1_bio_puts,
+    asn1_bio_gets,
+    asn1_bio_ctrl,
+    asn1_bio_new,
+    asn1_bio_free,
+    asn1_bio_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_asn1(void)
+{
+    return (&methods_asn1);
+}
+
+static int asn1_bio_new(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+
+    return 1;
+}
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+{
+    ctx->buf = OPENSSL_malloc(size);
+    if (ctx->buf == NULL)
+        return 0;
+    ctx->bufsize = size;
+    ctx->asn1_class = V_ASN1_UNIVERSAL;
+    ctx->asn1_tag = V_ASN1_OCTET_STRING;
+    ctx->state = ASN1_STATE_START;
+    return 1;
+}
+
+static int asn1_bio_free(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+
+    if (b == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    OPENSSL_free(ctx->buf);
+    OPENSSL_free(ctx);
+    BIO_set_data(b, NULL);
+    BIO_set_init(b, 0);
+
+    return 1;
+}
+
+static int asn1_bio_write(BIO *b, const char *in, int inl)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    int wrmax, wrlen, ret;
+    unsigned char *p;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (in == NULL || inl < 0 || ctx == NULL || next == NULL)
+        return 0;
+
+    wrlen = 0;
+    ret = -1;
+
+    for (;;) {
+        switch (ctx->state) {
+
+            /* Setup prefix data, call it */
+        case ASN1_STATE_START:
+            if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
+                                   ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
+                return 0;
+            break;
+
+            /* Copy any pre data first */
+        case ASN1_STATE_PRE_COPY:
+
+            ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
+                                    ASN1_STATE_HEADER);
+
+            if (ret <= 0)
+                goto done;
+
+            break;
+
+        case ASN1_STATE_HEADER:
+            ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
+            OPENSSL_assert(ctx->buflen <= ctx->bufsize);
+            p = ctx->buf;
+            ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
+            ctx->copylen = inl;
+            ctx->state = ASN1_STATE_HEADER_COPY;
+
+            break;
+
+        case ASN1_STATE_HEADER_COPY:
+            ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen);
+            if (ret <= 0)
+                goto done;
+
+            ctx->buflen -= ret;
+            if (ctx->buflen)
+                ctx->bufpos += ret;
+            else {
+                ctx->bufpos = 0;
+                ctx->state = ASN1_STATE_DATA_COPY;
+            }
+
+            break;
+
+        case ASN1_STATE_DATA_COPY:
+
+            if (inl > ctx->copylen)
+                wrmax = ctx->copylen;
+            else
+                wrmax = inl;
+            ret = BIO_write(next, in, wrmax);
+            if (ret <= 0)
+                goto done;
+            wrlen += ret;
+            ctx->copylen -= ret;
+            in += ret;
+            inl -= ret;
+
+            if (ctx->copylen == 0)
+                ctx->state = ASN1_STATE_HEADER;
+
+            if (inl == 0)
+                goto done;
+
+            break;
+
+        default:
+            BIO_clear_retry_flags(b);
+            return 0;
+
+        }
+
+    }
+
+ done:
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+
+    return (wrlen > 0) ? wrlen : ret;
+
+}
+
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next)
+{
+    int ret;
+
+    if (ctx->ex_len <= 0)
+        return 1;
+    for (;;) {
+        ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len);
+        if (ret <= 0)
+            break;
+        ctx->ex_len -= ret;
+        if (ctx->ex_len > 0)
+            ctx->ex_pos += ret;
+        else {
+            if (cleanup)
+                cleanup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+            ctx->state = next;
+            ctx->ex_pos = 0;
+            break;
+        }
+    }
+    return ret;
+}
+
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state)
+{
+    if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) {
+        BIO_clear_retry_flags(b);
+        return 0;
+    }
+    if (ctx->ex_len > 0)
+        ctx->state = ex_state;
+    else
+        ctx->state = other_state;
+    return 1;
+}
+
+static int asn1_bio_read(BIO *b, char *in, int inl)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_read(next, in, inl);
+}
+
+static int asn1_bio_puts(BIO *b, const char *str)
+{
+    return asn1_bio_write(b, str, strlen(str));
+}
+
+static int asn1_bio_gets(BIO *b, char *str, int size)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_gets(next, str, size);
+}
+
+static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    BIO_ASN1_EX_FUNCS *ex_func;
+    long ret = 1;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+    next = BIO_next(b);
+    switch (cmd) {
+
+    case BIO_C_SET_PREFIX:
+        ex_func = arg2;
+        ctx->prefix = ex_func->ex_func;
+        ctx->prefix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_PREFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->prefix;
+        ex_func->ex_free_func = ctx->prefix_free;
+        break;
+
+    case BIO_C_SET_SUFFIX:
+        ex_func = arg2;
+        ctx->suffix = ex_func->ex_func;
+        ctx->suffix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_SUFFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->suffix;
+        ex_func->ex_free_func = ctx->suffix_free;
+        break;
+
+    case BIO_C_SET_EX_ARG:
+        ctx->ex_arg = arg2;
+        break;
+
+    case BIO_C_GET_EX_ARG:
+        *(void **)arg2 = ctx->ex_arg;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (next == NULL)
+            return 0;
+
+        /* Call post function if possible */
+        if (ctx->state == ASN1_STATE_HEADER) {
+            if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
+                                   ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
+                return 0;
+        }
+
+        if (ctx->state == ASN1_STATE_POST_COPY) {
+            ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
+                                    ASN1_STATE_DONE);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (ctx->state == ASN1_STATE_DONE)
+            return BIO_ctrl(next, cmd, arg1, arg2);
+        else {
+            BIO_clear_retry_flags(b);
+            return 0;
+        }
+
+    default:
+        if (next == NULL)
+            return 0;
+        return BIO_ctrl(next, cmd, arg1, arg2);
+
+    }
+
+    return ret;
+}
+
+static int asn1_bio_set_ex(BIO *b, int cmd,
+                           asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    extmp.ex_func = ex_func;
+    extmp.ex_free_func = ex_free_func;
+    return BIO_ctrl(b, cmd, 0, &extmp);
+}
+
+static int asn1_bio_get_ex(BIO *b, int cmd,
+                           asn1_ps_func **ex_func,
+                           asn1_ps_func **ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    int ret;
+    ret = BIO_ctrl(b, cmd, 0, &extmp);
+    if (ret > 0) {
+        *ex_func = extmp.ex_func;
+        *ex_free_func = extmp.ex_free_func;
+    }
+    return ret;
+}
+
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
+}
+
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
+}
+
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
+}
+
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/bio_ndef.c b/openssl-1.1.0h/crypto/asn1/bio_ndef.c
new file mode 100644
index 0000000..0f206b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/bio_ndef.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#include <stdio.h>
+
+/* Experimental NDEF ASN1 BIO support routines */
+
+/*
+ * The usage is quite simple, initialize an ASN1 structure, get a BIO from it
+ * then any data written through the BIO will end up translated to
+ * appropriate format on the fly. The data is streamed out and does *not*
+ * need to be all held in memory at once. When the BIO is flushed the output
+ * is finalized and any signatures etc written out. The BIO is a 'proper'
+ * BIO and can handle non blocking I/O correctly. The usage is simple. The
+ * implementation is *not*...
+ */
+
+/* BIO support data stored in the ASN1 BIO ex_arg */
+
+typedef struct ndef_aux_st {
+    /* ASN1 structure this BIO refers to */
+    ASN1_VALUE *val;
+    const ASN1_ITEM *it;
+    /* Top of the BIO chain */
+    BIO *ndef_bio;
+    /* Output BIO */
+    BIO *out;
+    /* Boundary where content is inserted */
+    unsigned char **boundary;
+    /* DER buffer start */
+    unsigned char *derbuf;
+} NDEF_SUPPORT;
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    NDEF_SUPPORT *ndef_aux = NULL;
+    BIO *asn_bio = NULL;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return NULL;
+    }
+    ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
+    asn_bio = BIO_new(BIO_f_asn1());
+    if (ndef_aux == NULL || asn_bio == NULL)
+        goto err;
+
+    /* ASN1 bio needs to be next to output BIO */
+    out = BIO_push(asn_bio, out);
+    if (out == NULL)
+        goto err;
+
+    BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+    BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+
+    /*
+     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
+     * needs.
+     */
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+        goto err;
+
+    ndef_aux->val = val;
+    ndef_aux->it = it;
+    ndef_aux->ndef_bio = sarg.ndef_bio;
+    ndef_aux->boundary = sarg.boundary;
+    ndef_aux->out = out;
+
+    BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+
+    return sarg.ndef_bio;
+
+ err:
+    BIO_free(asn_bio);
+    OPENSSL_free(ndef_aux);
+    return NULL;
+}
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    p = OPENSSL_malloc(derlen);
+    if (p == NULL)
+        return 0;
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+
+    *plen = *ndef_aux->boundary - *pbuf;
+
+    return 1;
+}
+
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    OPENSSL_free(ndef_aux->derbuf);
+
+    ndef_aux->derbuf = NULL;
+    *pbuf = NULL;
+    *plen = 0;
+    return 1;
+}
+
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+    if (!ndef_prefix_free(b, pbuf, plen, parg))
+        return 0;
+    OPENSSL_free(*pndef_aux);
+    *pndef_aux = NULL;
+    return 1;
+}
+
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+    const ASN1_AUX *aux;
+    ASN1_STREAM_ARG sarg;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    aux = ndef_aux->it->funcs;
+
+    /* Finalize structures */
+    sarg.ndef_bio = ndef_aux->ndef_bio;
+    sarg.out = ndef_aux->out;
+    sarg.boundary = ndef_aux->boundary;
+    if (aux->asn1_cb(ASN1_OP_STREAM_POST,
+                     &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
+        return 0;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    p = OPENSSL_malloc(derlen);
+    if (p == NULL)
+        return 0;
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+    *pbuf = *ndef_aux->boundary;
+    *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/build.info b/openssl-1.1.0h/crypto/asn1/build.info
new file mode 100644
index 0000000..c1afb71
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/build.info
@@ -0,0 +1,16 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_sig.c x_bignum.c \
+        x_long.c x_int64.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        tasn_prn.c tasn_scn.c ameth_lib.c \
+        f_int.c f_string.c n_pkey.c \
+        x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \
+        asn_moid.c asn_mstbl.c
diff --git a/openssl-1.1.0h/crypto/asn1/charmap.h b/openssl-1.1.0h/crypto/asn1/charmap.h
new file mode 100644
index 0000000..2a75925
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/charmap.h
@@ -0,0 +1,34 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CHARTYPE_HOST_ANY 4096
+#define CHARTYPE_HOST_DOT 8192
+#define CHARTYPE_HOST_HYPHEN 16384
+#define CHARTYPE_HOST_WILD 32768
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+    1026,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,  120,    0,    1,   40,
+       0,    0,    0,   16, 1040, 1040, 33792,   25,   25, 16400, 8208,   16,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,   16,    9,
+       9,   16,    9,   16,    0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112,    0, 1025,    0,    0,    0,
+       0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112,    0,    0,    0,    0,    2
+};
diff --git a/openssl-1.1.0h/crypto/asn1/charmap.pl b/openssl-1.1.0h/crypto/asn1/charmap.pl
new file mode 100644
index 0000000..26ca325
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/charmap.pl
@@ -0,0 +1,117 @@
+#! /usr/bin/env perl
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;	# Character escaped with \
+my $ESC_CTRL	= 2;	# Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE	= 8;	# Not escaped if quoted
+my $PSTRING_CHAR = 0x10;	# Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+my $RFC2254_ESC = 0x400;	# Character escaped \XX
+my $HOST_ANY = 0x1000;      # Valid hostname character anywhere in label
+my $HOST_DOT = 0x2000;  # Dot: hostname label separator
+my $HOST_HYPHEN = 0x4000; # Hyphen: not valid at start or end.
+my $HOST_WILD = 0x8000; # Wildcard character
+
+for($i = 0; $i < 128; $i++) {
+	# Set the RFC2253 escape characters (control)
+	$arr[$i] = 0;
+	if(($i < 32) || ($i > 126)) {
+		$arr[$i] |= $ESC_CTRL;
+	}
+
+	# Some PrintableString characters
+	if(		   ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+			|| (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+			|| (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+		$arr[$i] |= $PSTRING_CHAR | $HOST_ANY;
+	}
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining RFC2254 characters
+
+$arr[0] |= $RFC2254_ESC;
+$arr[ord("(")] |= $RFC2254_ESC;
+$arr[ord(")")] |= $RFC2254_ESC;
+$arr[ord("*")] |= $RFC2254_ESC | $HOST_WILD;
+$arr[ord("\\")] |= $RFC2254_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR | $HOST_HYPHEN;
+$arr[ord(".")] |= $PSTRING_CHAR | $HOST_DOT;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CHARTYPE_HOST_ANY $HOST_ANY
+#define CHARTYPE_HOST_DOT $HOST_DOT
+#define CHARTYPE_HOST_HYPHEN $HOST_HYPHEN
+#define CHARTYPE_HOST_WILD $HOST_WILD
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+EOF
+
+print "   ";
+for($i = 0; $i < 128; $i++) {
+	print("\n   ") if($i && (($i % 12) == 0));
+	printf(" %4d", $arr[$i]);
+	print(",") if ($i != 127);
+}
+print("\n};\n");
+
diff --git a/openssl-1.1.0h/crypto/asn1/d2i_pr.c b/openssl-1.1.0h/crypto/asn1/d2i_pr.c
new file mode 100644
index 0000000..e311b90
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/d2i_pr.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length)
+{
+    EVP_PKEY *ret;
+    const unsigned char *p = *pp;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            return (NULL);
+        }
+    } else {
+        ret = *a;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(ret->engine);
+        ret->engine = NULL;
+#endif
+    }
+
+    if (!EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->old_priv_decode ||
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
+        if (ret->ameth->priv_decode) {
+            EVP_PKEY *tmp;
+            PKCS8_PRIV_KEY_INFO *p8 = NULL;
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+            if (!p8)
+                goto err;
+            tmp = EVP_PKCS82PKEY(p8);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            if (tmp == NULL)
+                goto err;
+            EVP_PKEY_free(ret);
+            ret = tmp;
+        } else {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+    *pp = p;
+    if (a != NULL)
+        (*a) = ret;
+    return (ret);
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
+
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length)
+{
+    STACK_OF(ASN1_TYPE) *inkey;
+    const unsigned char *p;
+    int keytype;
+    p = *pp;
+    /*
+     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+     * analyzing it we can determine the passed structure: this assumes the
+     * input is surrounded by an ASN1 SEQUENCE.
+     */
+    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+    p = *pp;
+    /*
+     * Since we only need to discern "traditional format" RSA and DSA keys we
+     * can just count the elements.
+     */
+    if (sk_ASN1_TYPE_num(inkey) == 6)
+        keytype = EVP_PKEY_DSA;
+    else if (sk_ASN1_TYPE_num(inkey) == 4)
+        keytype = EVP_PKEY_EC;
+    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
+                                              * traditional format */
+        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+        EVP_PKEY *ret;
+
+        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+        if (!p8) {
+            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+            return NULL;
+        }
+        ret = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (ret == NULL)
+            return NULL;
+        *pp = p;
+        if (a) {
+            *a = ret;
+        }
+        return ret;
+    } else
+        keytype = EVP_PKEY_RSA;
+    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+    return d2i_PrivateKey(keytype, a, pp, length);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/d2i_pu.c b/openssl-1.1.0h/crypto/asn1/d2i_pu.c
new file mode 100644
index 0000000..dfdc1a6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/d2i_pu.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+#include "internal/evp_int.h"
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length)
+{
+    EVP_PKEY *ret;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+            return (NULL);
+        }
+    } else
+        ret = *a;
+
+    if (!EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    switch (EVP_PKEY_id(ret)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        /* TMP UGLY CAST */
+        if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+    default:
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+        /* break; */
+    }
+    if (a != NULL)
+        (*a) = ret;
+    return (ret);
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/evp_asn1.c b/openssl-1.1.0h/crypto/asn1/evp_asn1.c
new file mode 100644
index 0000000..a458367
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/evp_asn1.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+{
+    ASN1_STRING *os;
+
+    if ((os = ASN1_OCTET_STRING_new()) == NULL)
+        return (0);
+    if (!ASN1_OCTET_STRING_set(os, data, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
+    return (1);
+}
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
+{
+    int ret, num;
+    const unsigned char *p;
+
+    if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
+        ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+        return (-1);
+    }
+    p = ASN1_STRING_get0_data(a->value.octet_string);
+    ret = ASN1_STRING_length(a->value.octet_string);
+    if (ret < max_len)
+        num = ret;
+    else
+        num = max_len;
+    memcpy(data, p, num);
+    return (ret);
+}
+
+typedef struct {
+    long num;
+    ASN1_OCTET_STRING *oct;
+} asn1_int_oct;
+
+ASN1_SEQUENCE(asn1_int_oct) = {
+        ASN1_SIMPLE(asn1_int_oct, num, LONG),
+        ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(asn1_int_oct)
+
+DECLARE_ASN1_ITEM(asn1_int_oct)
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+                                  int len)
+{
+    asn1_int_oct atmp;
+    ASN1_OCTET_STRING oct;
+
+    atmp.num = num;
+    atmp.oct = &oct;
+    oct.data = data;
+    oct.type = V_ASN1_OCTET_STRING;
+    oct.length = len;
+    oct.flags = 0;
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a))
+        return 1;
+    return 0;
+}
+
+/*
+ * we return the actual length...
+ */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len)
+{
+    asn1_int_oct *atmp = NULL;
+    int ret = -1, n;
+
+    if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+        goto err;
+    }
+
+    atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a);
+
+    if (atmp == NULL)
+        goto err;
+
+    if (num != NULL)
+        *num = atmp->num;
+
+    ret = ASN1_STRING_length(atmp->oct);
+    if (max_len > ret)
+        n = ret;
+    else
+        n = max_len;
+
+    if (data != NULL)
+        memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
+    if (ret == -1) {
+ err:
+        ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+    }
+    M_ASN1_free_of(atmp, asn1_int_oct);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/f_int.c b/openssl-1.1.0h/crypto/asn1/f_int.c
new file mode 100644
index 0000000..ec556c9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/f_int.c
@@ -0,0 +1,167 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return (0);
+
+    if (a->type & V_ASN1_NEG) {
+        if (BIO_write(bp, "-", 1) != 1)
+            goto err;
+        n = 1;
+    }
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n += 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bs->type = V_ASN1_INTEGER;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = 0; j < i; j++) {
+#ifndef CHARSET_EBCDIC
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            if (!isxdigit(buf[j]))
+#endif
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (bufp[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_clear_realloc(s, slen, num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
+
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
+{
+    return i2a_ASN1_INTEGER(bp, a);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int rv = a2i_ASN1_INTEGER(bp, bs, buf, size);
+    if (rv == 1)
+        bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/f_string.c b/openssl-1.1.0h/crypto/asn1/f_string.c
new file mode 100644
index 0000000..b9258bb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/f_string.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return (0);
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "0", 1) != 1)
+            goto err;
+        n = 1;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize, spec_char;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1) {
+            if (first)
+                break;
+            else
+                goto err;
+        }
+        first = 0;
+
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = i - 1; j > 0; j--) {
+#ifndef CHARSET_EBCDIC
+            spec_char = (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))));
+#else
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            spec_char = (!isxdigit(buf[j]));
+#endif
+            if (spec_char) {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_realloc(s, (unsigned int)num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_STRING,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    OPENSSL_free(s);
+                    return 0;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/i2d_pr.c b/openssl-1.1.0h/crypto/asn1/i2d_pr.c
new file mode 100644
index 0000000..445b0c8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/i2d_pr.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+{
+    if (a->ameth && a->ameth->old_priv_encode) {
+        return a->ameth->old_priv_encode(a, pp);
+    }
+    if (a->ameth && a->ameth->priv_encode) {
+        PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+        int ret = 0;
+        if (p8 != NULL) {
+            ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+        }
+        return ret;
+    }
+    ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+    return -1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/i2d_pu.c b/openssl-1.1.0h/crypto/asn1/i2d_pu.c
new file mode 100644
index 0000000..8986c43
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/i2d_pu.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+{
+    switch (EVP_PKEY_id(a)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp);
+#endif
+    default:
+        ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return -1;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/asn1/n_pkey.c b/openssl-1.1.0h/crypto/asn1/n_pkey.c
new file mode 100644
index 0000000..267ce60
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/n_pkey.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "openssl/opensslconf.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "internal/cryptlib.h"
+# include <stdio.h>
+# include <openssl/rsa.h>
+# include <openssl/objects.h>
+# include <openssl/asn1t.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+
+# ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st {
+    long version;
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *private_key;
+} NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st {
+    ASN1_OCTET_STRING *os;
+    /*
+     * This is the same structure as DigestInfo so use it: although this
+     * isn't really anything to do with digests.
+     */
+    X509_SIG *enckey;
+} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+# endif                         /* OPENSSL_NO_RC4 */
+
+#endif
diff --git a/openssl-1.1.0h/crypto/asn1/nsseq.c b/openssl-1.1.0h/crypto/asn1/nsseq.c
new file mode 100644
index 0000000..c7baf40
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/nsseq.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    void *exarg)
+{
+    if (operation == ASN1_OP_NEW_POST) {
+        NETSCAPE_CERT_SEQUENCE *nsseq;
+        nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+        nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+    }
+    return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/openssl-1.1.0h/crypto/asn1/p5_pbe.c b/openssl-1.1.0h/crypto/asn1/p5_pbe.c
new file mode 100644
index 0000000..ab7e168
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/p5_pbe.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen)
+{
+    PBEPARAM *pbe = NULL;
+    ASN1_STRING *pbe_str = NULL;
+    unsigned char *sstr = NULL;
+
+    pbe = PBEPARAM_new();
+    if (pbe == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    sstr = OPENSSL_malloc(saltlen);
+    if (sstr == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (salt)
+        memcpy(sstr, salt, saltlen);
+    else if (RAND_bytes(sstr, saltlen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+    sstr = NULL;
+
+    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    PBEPARAM_free(pbe);
+    pbe = NULL;
+
+    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+        return 1;
+
+ err:
+    OPENSSL_free(sstr);
+    PBEPARAM_free(pbe);
+    ASN1_STRING_free(pbe_str);
+    return 0;
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen)
+{
+    X509_ALGOR *ret;
+    ret = X509_ALGOR_new();
+    if (ret == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
+        return ret;
+
+    X509_ALGOR_free(ret);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/p5_pbev2.c b/openssl-1.1.0h/crypto/asn1/p5_pbev2.c
new file mode 100644
index 0000000..14e8700
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible! Extended version to allow application supplied PRF NID
+ * and IV.
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid, keylen;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    if ((pbe2 = PBE2PARAM_new()) == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    if ((scheme->parameter = ASN1_TYPE_new()) == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV, and PRF */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    /*
+     * If prf NID unspecified see if cipher has a preference. An error is OK
+     * here: just means use default PRF.
+     */
+    if ((prf_nid == -1) &&
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        ERR_clear_error();
+        prf_nid = NID_hmacWithSHA256;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+    else
+        keylen = -1;
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+
+    if (!pbe2->keyfunc)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if ((ret = X509_ALGOR_new()) == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                 &ret->parameter))
+         goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    X509_ALGOR_free(ret);
+
+    return NULL;
+}
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen)
+{
+    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+}
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen)
+{
+    X509_ALGOR *keyfunc = NULL;
+    PBKDF2PARAM *kdf = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+
+    if ((kdf = PBKDF2PARAM_new()) == NULL)
+        goto merr;
+    if ((osalt = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+
+    if (saltlen == 0)
+        saltlen = PKCS5_SALT_LEN;
+    if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL)
+        goto merr;
+
+    osalt->length = saltlen;
+
+    if (salt)
+        memcpy(osalt->data, salt, saltlen);
+    else if (RAND_bytes(osalt->data, saltlen) <= 0)
+        goto merr;
+
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+
+    if (!ASN1_INTEGER_set(kdf->iter, iter))
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        if ((kdf->keylength = ASN1_INTEGER_new()) == NULL)
+            goto merr;
+        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
+            goto merr;
+    }
+
+    /* prf can stay NULL if we are using hmacWithSHA1 */
+    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
+        kdf->prf = X509_ALGOR_new();
+        if (kdf->prf == NULL)
+            goto merr;
+        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf,
+                                 &keyfunc->parameter))
+         goto merr;
+
+    PBKDF2PARAM_free(kdf);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
+    PBKDF2PARAM_free(kdf);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/p5_scrypt.c b/openssl-1.1.0h/crypto/asn1/p5_scrypt.c
new file mode 100644
index 0000000..4cb7837
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/p5_scrypt.c
@@ -0,0 +1,283 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_SCRYPT
+/* PKCS#5 scrypt password based encryption structures */
+
+typedef struct {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *costParameter;
+    ASN1_INTEGER *blockSize;
+    ASN1_INTEGER *parallelizationParameter;
+    ASN1_INTEGER *keyLength;
+} SCRYPT_PARAMS;
+
+ASN1_SEQUENCE(SCRYPT_PARAMS) = {
+        ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
+        ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
+} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p);
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid;
+    size_t keylen = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    if (!cipher) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_INVALID_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    pbe2 = PBE2PARAM_new();
+    if (pbe2 == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    scheme->parameter = ASN1_TYPE_new();
+    if (scheme->parameter == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV */
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p);
+
+    if (pbe2->keyfunc == NULL)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    ret = X509_ALGOR_new();
+    if (ret == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                &ret->parameter) == NULL)
+        goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    X509_ALGOR_free(ret);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return NULL;
+}
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p)
+{
+    X509_ALGOR *keyfunc = NULL;
+    SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new();
+
+    if (sparam == NULL)
+        goto merr;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    /* This will either copy salt or grow the buffer */
+    if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0)
+        goto merr;
+
+    if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0)
+        goto err;
+
+    if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0)
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        sparam->keyLength = ASN1_INTEGER_new();
+        if (sparam->keyLength == NULL)
+            goto merr;
+        if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0)
+            goto merr;
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt);
+
+    /* Encode SCRYPT_PARAMS into parameter of pbe2 */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam,
+                                &keyfunc->parameter) == NULL)
+        goto merr;
+
+    SCRYPT_PARAMS_free(sparam);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE);
+ err:
+    SCRYPT_PARAMS_free(sparam);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    uint64_t p, r, N;
+    size_t saltlen;
+    size_t keylen = 0;
+    int rv = 0;
+    SCRYPT_PARAMS *sparam = NULL;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+
+    /* Decode parameter */
+
+    sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param);
+
+    if (sparam == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of sparam */
+
+    if (sparam->keyLength) {
+        uint64_t spkeylen;
+        if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0)
+            || (spkeylen != keylen)) {
+            EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+                   EVP_R_UNSUPPORTED_KEYLENGTH);
+            goto err;
+        }
+    }
+    /* Check all parameters fit in uint64_t and are acceptable to scrypt */
+    if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0
+        || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0
+        || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0
+        || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+               EVP_R_ILLEGAL_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+
+    salt = sparam->salt->data;
+    saltlen = sparam->salt->length;
+    if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen)
+        == 0)
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    if (keylen)
+        OPENSSL_cleanse(key, keylen);
+    SCRYPT_PARAMS_free(sparam);
+    return rv;
+}
+#endif /* OPENSSL_NO_SCRYPT */
diff --git a/openssl-1.1.0h/crypto/asn1/p8_pkey.c b/openssl-1.1.0h/crypto/asn1/p8_pkey.c
new file mode 100644
index 0000000..dbee827
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/p8_pkey.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+    if (operation == ASN1_OP_FREE_PRE) {
+        PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+        if (key->pkey)
+            OPENSSL_cleanse(key->pkey->data, key->pkey->length);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version,
+                    int ptype, void *pval, unsigned char *penc, int penclen)
+{
+    if (version >= 0) {
+        if (!ASN1_INTEGER_set(priv->version, version))
+            return 0;
+    }
+    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+        return 0;
+    if (penc)
+        ASN1_STRING_set0(priv->pkey, penc, penclen);
+    return 1;
+}
+
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    if (ppkalg)
+        *ppkalg = p8->pkeyalg->algorithm;
+    if (pk) {
+        *pk = ASN1_STRING_get0_data(p8->pkey);
+        *ppklen = ASN1_STRING_length(p8->pkey);
+    }
+    if (pa)
+        *pa = p8->pkeyalg;
+    return 1;
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    return p8->attributes;
+}
+
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL)
+        return 1;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/t_bitst.c b/openssl-1.1.0h/crypto/asn1/t_bitst.c
new file mode 100644
index 0000000..c0aeca4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/t_bitst.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent)
+{
+    BIT_STRING_BITNAME *bnam;
+    char first = 1;
+    BIO_printf(out, "%*s", indent, "");
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+            if (!first)
+                BIO_puts(out, ", ");
+            BIO_puts(out, bnam->lname);
+            first = 0;
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl)
+{
+    int bitnum;
+    bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+    if (bitnum < 0)
+        return 0;
+    if (bs) {
+        if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+            return 0;
+    }
+    return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if ((strcmp(bnam->sname, name) == 0)
+            || (strcmp(bnam->lname, name) == 0))
+            return bnam->bitnum;
+    }
+    return -1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/t_pkey.c b/openssl-1.1.0h/crypto/asn1/t_pkey.c
new file mode 100644
index 0000000..3b2c9df
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/t_pkey.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/bn_int.h"
+
+/* Number of octets per line */
+#define ASN1_BUF_PRINT_WIDTH    15
+/* Maximum indent */
+#define ASN1_PRINT_MAX_INDENT 128
+
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
+{
+    size_t i;
+
+    for (i = 0; i < buflen; i++) {
+        if ((i % ASN1_BUF_PRINT_WIDTH) == 0) {
+            if (i > 0 && BIO_puts(bp, "\n") <= 0)
+                return 0;
+            if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+                return 0;
+        }
+        /*
+         * Use colon separators for each octet for compatibility as
+         * this function is used to print out key components.
+         */
+        if (BIO_printf(bp, "%02x%s", buf[i],
+                       (i == buflen - 1) ? "" : ":") <= 0)
+                return 0;
+    }
+    if (BIO_write(bp, "\n", 1) <= 0)
+        return 0;
+    return 1;
+}
+
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *ign, int indent)
+{
+    int n, rv = 0;
+    const char *neg;
+    unsigned char *buf = NULL, *tmp = NULL;
+    int buflen;
+
+    if (num == NULL)
+        return 1;
+    neg = BN_is_negative(num) ? "-" : "";
+    if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+        return 0;
+    if (BN_is_zero(num)) {
+        if (BIO_printf(bp, "%s 0\n", number) <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (BN_num_bytes(num) <= BN_BYTES) {
+        if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
+                       (unsigned long)bn_get_words(num)[0], neg,
+                       (unsigned long)bn_get_words(num)[0]) <= 0)
+            return 0;
+        return 1;
+    }
+
+    buflen = BN_num_bytes(num) + 1;
+    buf = tmp = OPENSSL_malloc(buflen);
+    if (buf == NULL)
+        goto err;
+    buf[0] = 0;
+    if (BIO_printf(bp, "%s%s\n", number,
+                   (neg[0] == '-') ? " (Negative)" : "") <= 0)
+        goto err;
+    n = BN_bn2bin(num, buf + 1);
+
+    if (buf[1] & 0x80)
+        n++;
+    else
+        tmp++;
+
+    if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0)
+        goto err;
+    rv = 1;
+    err:
+    OPENSSL_clear_free(buf, buflen);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/t_spki.c b/openssl-1.1.0h/crypto/asn1/t_spki.c
new file mode 100644
index 0000000..51b56d0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/t_spki.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+    EVP_PKEY *pkey;
+    ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
+    int i, n;
+    char *s;
+    BIO_printf(out, "Netscape SPKI:\n");
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
+    BIO_printf(out, "  Public Key Algorithm: %s\n",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (!pkey)
+        BIO_printf(out, "  Unable to load public key\n");
+    else {
+        EVP_PKEY_print_public(out, pkey, 4, NULL);
+        EVP_PKEY_free(pkey);
+    }
+    chal = spki->spkac->challenge;
+    if (chal->length)
+        BIO_printf(out, "  Challenge String: %s\n", chal->data);
+    i = OBJ_obj2nid(spki->sig_algor.algorithm);
+    BIO_printf(out, "  Signature Algorithm: %s",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+
+    n = spki->signature->length;
+    s = (char *)spki->signature->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0)
+            BIO_write(out, "\n      ", 7);
+        BIO_printf(out, "%02x%s", (unsigned char)s[i],
+                   ((i + 1) == n) ? "" : ":");
+    }
+    BIO_write(out, "\n", 1);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_dec.c b/openssl-1.1.0h/crypto/asn1/tasn_dec.c
new file mode 100644
index 0000000..af8641e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_dec.c
@@ -0,0 +1,1159 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+#include "asn1_locl.h"
+
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth);
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt,
+                                 ASN1_TLC *ctx);
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+    /* tags  0 -  3 */
+    0, 0, 0, B_ASN1_BIT_STRING,
+    /* tags  4- 7 */
+    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+    /* tags 23-24 */
+    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+    /* tags 28-31 */
+    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+    if ((tag < 0) || (tag > 30))
+        return 0;
+    return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
+
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+                          const unsigned char **in, long len,
+                          const ASN1_ITEM *it)
+{
+    ASN1_TLC c;
+    ASN1_VALUE *ptmpval = NULL;
+    if (!pval)
+        pval = &ptmpval;
+    asn1_tlc_clear_nc(&c);
+    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+        return *pval;
+    return NULL;
+}
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int rv;
+    rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+    if (rv <= 0)
+        ASN1_item_ex_free(pval, it);
+    return rv;
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
+ */
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth)
+{
+    const ASN1_TEMPLATE *tt, *errtt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    const unsigned char *p = NULL, *q;
+    unsigned char oclass;
+    char seq_eoc, seq_nolen, cst, isopt;
+    long tmplen;
+    int i;
+    int otag;
+    int ret = 0;
+    ASN1_VALUE **pchptr;
+    if (!pval)
+        return 0;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+        ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
+        goto err;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            /*
+             * tagging or OPTIONAL is currently illegal on an item template
+             * because the flags can't get passed down. In practice this
+             * isn't a problem: we include the relevant flags from the item
+             * template in the template itself.
+             */
+            if ((tag != -1) || opt) {
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I,
+                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                goto err;
+            }
+            return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx, depth);
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it,
+                                     tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_MSTRING:
+        p = *in;
+        /* Just read in tag and class */
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                              &p, len, -1, 0, 1, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Must be UNIVERSAL class */
+        if (oclass != V_ASN1_UNIVERSAL) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            goto err;
+        }
+        /* Check tag matches bit map */
+        if (!(ASN1_tag2bit(otag) & it->utype)) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            goto err;
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+    case ASN1_ITYPE_EXTERN:
+        /* Use new style d2i */
+        ef = it->funcs;
+        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                asn1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+        /* CHOICE type, try each possibility in turn */
+        p = *in;
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            pchptr = asn1_get_field_ptr(pval, tt);
+            /*
+             * We mark field as OPTIONAL so its absence can be recognised.
+             */
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
+            /* If field not present, try the next one */
+            if (ret == -1)
+                continue;
+            /* If positive return, read OK, break loop */
+            if (ret > 0)
+                break;
+            /*
+             * Must be an ASN1 parsing error.
+             * Free up any partial choice value
+             */
+            asn1_template_free(pchptr, tt);
+            errtt = tt;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Did we fall off the end without reading anything? */
+        if (i == it->tcount) {
+            /* If OPTIONAL, this is OK */
+            if (opt) {
+                /* Free and zero it */
+                ASN1_item_ex_free(pval, it);
+                return -1;
+            }
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            goto err;
+        }
+
+        asn1_set_choice_selector(pval, i, it);
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        p = *in;
+        tmplen = len;
+
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            aclass = V_ASN1_UNIVERSAL;
+        }
+        /* Get SEQUENCE length and update len, p */
+        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                              &p, len, tag, aclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+            len = tmplen - (p - *in);
+            seq_nolen = 1;
+        }
+        /* If indefinite we don't do a length check */
+        else
+            seq_nolen = seq_eoc;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            goto err;
+        }
+
+        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 0);
+                if (seqtt == NULL)
+                    continue;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            }
+        }
+
+        /* Get each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* Have we ran out of data? */
+            if (!len)
+                break;
+            q = p;
+            if (asn1_check_eoc(&p, len)) {
+                if (!seq_eoc) {
+                    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                seq_eoc = 0;
+                q = p;
+                break;
+            }
+            /*
+             * This determines the OPTIONAL flag value. The field cannot be
+             * omitted if it is the last of a SEQUENCE and there is still
+             * data to be read. This isn't strictly necessary but it
+             * increases efficiency in some cases.
+             */
+            if (i == (it->tcount - 1))
+                isopt = 0;
+            else
+                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+            /*
+             * attempt to read in field, allowing each to be OPTIONAL
+             */
+
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+                                       depth);
+            if (!ret) {
+                errtt = seqtt;
+                goto err;
+            } else if (ret == -1) {
+                /*
+                 * OPTIONAL component absent. Free and zero the field.
+                 */
+                asn1_template_free(pseqval, seqtt);
+                continue;
+            }
+            /* Update length */
+            len -= p - q;
+        }
+
+        /* Check for EOC if expecting one */
+        if (seq_eoc && !asn1_check_eoc(&p, len)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+        /* Check all data read */
+        if (!seq_nolen && len) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /*
+         * If we get here we've got no more data in the SEQUENCE, however we
+         * may not have read all fields so check all remaining are OPTIONAL
+         * and clear any that are.
+         */
+        for (; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                ASN1_VALUE **pseqval;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            } else {
+                errtt = seqtt;
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING);
+                goto err;
+            }
+        }
+        /* Save encoding */
+        if (!asn1_enc_save(pval, *in, p - *in, it))
+            goto auxerr;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    default:
+        return 0;
+    }
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR);
+ err:
+    if (errtt)
+        ERR_add_error_data(4, "Field=", errtt->field_name,
+                           ", Type=", it->sname);
+    else
+        ERR_add_error_data(2, "Type=", it->sname);
+    return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    long len;
+    const unsigned char *p, *q;
+    char exp_eoc;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+
+    /* Check if EXPLICIT tag expected */
+    if (flags & ASN1_TFLG_EXPTAG) {
+        char cst;
+        /*
+         * Need to work out amount of data available to the inner content and
+         * where it starts: so read in EXPLICIT header to get the info.
+         */
+        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                              &p, inlen, tt->tag, aclass, opt, ctx);
+        q = p;
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+            return 0;
+        }
+        /* We've found the field so it can't be OPTIONAL now */
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        /* We read the field in OK so update length */
+        len -= p - q;
+        if (exp_eoc) {
+            /* If NDEF we must have an EOC here */
+            if (!asn1_check_eoc(&p, len)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+                goto err;
+            }
+        } else {
+            /*
+             * Otherwise we must hit the EXPLICIT tag end or its an error
+             */
+            if (len) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    } else
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    ASN1_VALUE *tval;
+    const unsigned char *p, *q;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+    q = p;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (tt->flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)val;
+        val = &tval;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        int sktag, skaclass;
+        char sk_eoc;
+        /* First work out expected inner tag value */
+        if (flags & ASN1_TFLG_IMPTAG) {
+            sktag = tt->tag;
+            skaclass = aclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (flags & ASN1_TFLG_SET_OF)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+        /* Get the tag */
+        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                              &p, len, sktag, skaclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!*val)
+            *val = (ASN1_VALUE *)OPENSSL_sk_new_null();
+        else {
+            /*
+             * We've got a valid STACK: free up any items present
+             */
+            STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
+            ASN1_VALUE *vtmp;
+            while (sk_ASN1_VALUE_num(sktmp) > 0) {
+                vtmp = sk_ASN1_VALUE_pop(sktmp);
+                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+            }
+        }
+
+        if (!*val) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Read as many items as we can */
+        while (len > 0) {
+            ASN1_VALUE *skfield;
+            q = p;
+            /* See if EOC found */
+            if (asn1_check_eoc(&p, len)) {
+                if (!sk_eoc) {
+                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                            ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                sk_eoc = 0;
+                break;
+            }
+            skfield = NULL;
+            if (!asn1_item_embed_d2i(&skfield, &p, len,
+                                     ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
+                                     depth)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                        ERR_R_NESTED_ASN1_ERROR);
+                /* |skfield| may be partially allocated despite failure. */
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+            len -= p - q;
+            if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+        }
+        if (sk_eoc) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+    } else if (flags & ASN1_TFLG_IMPTAG) {
+        /* IMPLICIT tagging */
+        ret = asn1_item_embed_d2i(val, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                                  ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    } else {
+        /* Nothing special */
+        ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                                  -1, 0, opt, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    }
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int ret = 0, utype;
+    long plen;
+    char cst, inf, free_cont = 0;
+    const unsigned char *p;
+    BUF_MEM buf = { 0, NULL, 0, 0 };
+    const unsigned char *cont = NULL;
+    long len;
+    if (!pval) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+        return 0;               /* Should never happen */
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = tag;
+        tag = -1;
+    } else
+        utype = it->utype;
+
+    if (utype == V_ASN1_ANY) {
+        /* If type is ANY need to figure out type from tag */
+        unsigned char oclass;
+        if (tag >= 0) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+            return 0;
+        }
+        if (opt) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
+            return 0;
+        }
+        p = *in;
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                              &p, inlen, -1, 0, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (oclass != V_ASN1_UNIVERSAL)
+            utype = V_ASN1_OTHER;
+    }
+    if (tag == -1) {
+        tag = utype;
+        aclass = V_ASN1_UNIVERSAL;
+    }
+    p = *in;
+    /* Check header */
+    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                          &p, inlen, tag, aclass, opt, ctx);
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+    } else if (ret == -1)
+        return -1;
+    ret = 0;
+    /* SEQUENCE, SET and "OTHER" are left in encoded form */
+    if ((utype == V_ASN1_SEQUENCE)
+        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+        /*
+         * Clear context cache for type OTHER because the auto clear when we
+         * have a exact match won't work
+         */
+        if (utype == V_ASN1_OTHER) {
+            asn1_tlc_clear(ctx);
+        }
+        /* SEQUENCE and SET must be constructed */
+        else if (!cst) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_TYPE_NOT_CONSTRUCTED);
+            return 0;
+        }
+
+        cont = *in;
+        /* If indefinite length constructed find the real end */
+        if (inf) {
+            if (!asn1_find_end(&p, plen, inf))
+                goto err;
+            len = p - cont;
+        } else {
+            len = p - cont + plen;
+            p += plen;
+        }
+    } else if (cst) {
+        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+            || utype == V_ASN1_ENUMERATED) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+            return 0;
+        }
+
+        /* Free any returned 'buf' content */
+        free_cont = 1;
+        /*
+         * Should really check the internal tags are correct but some things
+         * may get this wrong. The relevant specs say that constructed string
+         * types should be OCTET STRINGs internally irrespective of the type.
+         * So instead just check for UNIVERSAL class and ignore the tag.
+         */
+        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+            goto err;
+        }
+        len = buf.length;
+        /* Append a final null to string */
+        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        buf.data[len] = 0;
+        cont = (const unsigned char *)buf.data;
+    } else {
+        cont = p;
+        len = plen;
+        p += plen;
+    }
+
+    /* We now have content length and type: translate into a structure */
+    /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
+    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        goto err;
+
+    *in = p;
+    ret = 1;
+ err:
+    if (free_cont)
+        OPENSSL_free(buf.data);
+    return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    ASN1_VALUE **opval = NULL;
+    ASN1_STRING *stmp;
+    ASN1_TYPE *typ = NULL;
+    int ret = 0;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    ASN1_INTEGER **tint;
+    pf = it->funcs;
+
+    if (pf && pf->prim_c2i)
+        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+    /* If ANY type clear type and set pointer to internal value */
+    if (it->utype == V_ASN1_ANY) {
+        if (!*pval) {
+            typ = ASN1_TYPE_new();
+            if (typ == NULL)
+                goto err;
+            *pval = (ASN1_VALUE *)typ;
+        } else
+            typ = (ASN1_TYPE *)*pval;
+
+        if (utype != typ->type)
+            ASN1_TYPE_set(typ, utype, NULL);
+        opval = pval;
+        pval = &typ->value.asn1_value;
+    }
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_NULL:
+        if (len) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+            goto err;
+        }
+        *pval = (ASN1_VALUE *)1;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (len != 1) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+            goto err;
+        } else {
+            ASN1_BOOLEAN *tbool;
+            tbool = (ASN1_BOOLEAN *)pval;
+            *tbool = *cont;
+        }
+        break;
+
+    case V_ASN1_BIT_STRING:
+        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        tint = (ASN1_INTEGER **)pval;
+        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+            goto err;
+        /* Fixup type to match the expected form */
+        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    case V_ASN1_SET:
+    case V_ASN1_SEQUENCE:
+    default:
+        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I,
+                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        /* All based on ASN1_STRING and handled the same */
+        if (!*pval) {
+            stmp = ASN1_STRING_type_new(utype);
+            if (stmp == NULL) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *pval = (ASN1_VALUE *)stmp;
+        } else {
+            stmp = (ASN1_STRING *)*pval;
+            stmp->type = utype;
+        }
+        /* If we've already allocated a buffer use it */
+        if (*free_cont) {
+            OPENSSL_free(stmp->data);
+            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+            stmp->length = len;
+            *free_cont = 0;
+        } else {
+            if (!ASN1_STRING_set(stmp, cont, len)) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(stmp);
+                *pval = NULL;
+                goto err;
+            }
+        }
+        break;
+    }
+    /* If ASN1_ANY and NULL type fix up value */
+    if (typ && (utype == V_ASN1_NULL))
+        typ->value.ptr = NULL;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        ASN1_TYPE_free(typ);
+        if (opval)
+            *opval = NULL;
+    }
+    return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+{
+    uint32_t expected_eoc;
+    long plen;
+    const unsigned char *p = *in, *q;
+    /* If not indefinite length constructed just add length */
+    if (inf == 0) {
+        *in += len;
+        return 1;
+    }
+    expected_eoc = 1;
+    /*
+     * Indefinite length constructed form. Find the end when enough EOCs are
+     * found. If more indefinite length constructed headers are encountered
+     * increment the expected eoc count otherwise just skip to the end of the
+     * data.
+     */
+    while (len > 0) {
+        if (asn1_check_eoc(&p, len)) {
+            expected_eoc--;
+            if (expected_eoc == 0)
+                break;
+            len -= 2;
+            continue;
+        }
+        q = p;
+        /* Just read in a header: only care about the length */
+        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                             -1, 0, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (inf) {
+            if (expected_eoc == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+            }
+            expected_eoc++;
+        } else {
+            p += plen;
+        }
+        len -= p - q;
+    }
+    if (expected_eoc) {
+        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructed string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
+ */
+# define ASN1_MAX_STRING_NEST 5
+#endif
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth)
+{
+    const unsigned char *p, *q;
+    long plen;
+    char cst, ininf;
+    p = *in;
+    inf &= 1;
+    /*
+     * If no buffer and not indefinite length constructed just pass over the
+     * encoded data
+     */
+    if (!buf && !inf) {
+        *in += len;
+        return 1;
+    }
+    while (len > 0) {
+        q = p;
+        /* Check for EOC */
+        if (asn1_check_eoc(&p, len)) {
+            /*
+             * EOC is illegal outside indefinite length constructed form
+             */
+            if (!inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                return 0;
+            }
+            inf = 0;
+            break;
+        }
+
+        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                             len, tag, aclass, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+
+        /* If indefinite length constructed update max length */
+        if (cst) {
+            if (depth >= ASN1_MAX_STRING_NEST) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                return 0;
+            }
+            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+                return 0;
+        } else if (plen && !collect_data(buf, &p, plen))
+            return 0;
+        len -= p - q;
+    }
+    if (inf) {
+        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+{
+    int len;
+    if (buf) {
+        len = buf->length;
+        if (!BUF_MEM_grow_clean(buf, len + plen)) {
+            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(buf->data + len, *p, plen);
+    }
+    *p += plen;
+    return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+{
+    const unsigned char *p;
+    if (len < 2)
+        return 0;
+    p = *in;
+    if (!p[0] && !p[1]) {
+        *in += 2;
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+    int i;
+    int ptag, pclass;
+    long plen;
+    const unsigned char *p, *q;
+    p = *in;
+    q = p;
+
+    if (ctx && ctx->valid) {
+        i = ctx->ret;
+        plen = ctx->plen;
+        pclass = ctx->pclass;
+        ptag = ctx->ptag;
+        p += ctx->hdrlen;
+    } else {
+        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+        if (ctx) {
+            ctx->ret = i;
+            ctx->plen = plen;
+            ctx->pclass = pclass;
+            ctx->ptag = ptag;
+            ctx->hdrlen = p - q;
+            ctx->valid = 1;
+            /*
+             * If definite length, and no error, length + header can't exceed
+             * total amount of data available.
+             */
+            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                asn1_tlc_clear(ctx);
+                return 0;
+            }
+        }
+    }
+
+    if (i & 0x80) {
+        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+        asn1_tlc_clear(ctx);
+        return 0;
+    }
+    if (exptag >= 0) {
+        if ((exptag != ptag) || (expclass != pclass)) {
+            /*
+             * If type is OPTIONAL, not an error: indicate missing type.
+             */
+            if (opt)
+                return -1;
+            asn1_tlc_clear(ctx);
+            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+            return 0;
+        }
+        /*
+         * We have a tag and class match: assume we are going to do something
+         * with it
+         */
+        asn1_tlc_clear(ctx);
+    }
+
+    if (i & 1)
+        plen = len - (p - q);
+
+    if (inf)
+        *inf = i & 1;
+
+    if (cst)
+        *cst = i & V_ASN1_CONSTRUCTED;
+
+    if (olen)
+        *olen = plen;
+
+    if (oclass)
+        *oclass = pclass;
+
+    if (otag)
+        *otag = ptag;
+
+    *in = p;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_enc.c b/openssl-1.1.0h/crypto/asn1/tasn_enc.c
new file mode 100644
index 0000000..caa4869
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_enc.c
@@ -0,0 +1,605 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags);
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it);
+
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags)
+{
+    if (out && !*out) {
+        unsigned char *p, *buf;
+        int len;
+        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+        if (len <= 0)
+            return len;
+        buf = OPENSSL_malloc(len);
+        if (buf == NULL)
+            return -1;
+        p = buf;
+        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        *out = buf;
+        return len;
+    }
+
+    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    int i, seqcontlen, seqlen, ndef = 1;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb = 0;
+
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return 0;
+
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            return asn1_template_ex_i2d(pval, out, it->templates,
+                                        tag, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_MSTRING:
+        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            const ASN1_TEMPLATE *chtt;
+            chtt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, chtt);
+            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+        }
+        /* Fixme: error condition if selector out of range */
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        /* If new style i2d it does all the work */
+        ef = it->funcs;
+        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        /* Use indefinite length constructed if requested */
+        if (aclass & ASN1_TFLG_NDEF)
+            ndef = 2;
+        /* fall through */
+
+    case ASN1_ITYPE_SEQUENCE:
+        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        /* An error occurred */
+        if (i < 0)
+            return 0;
+        /* We have a valid cached encoding... */
+        if (i > 0)
+            return seqcontlen;
+        /* Otherwise carry on */
+        seqcontlen = 0;
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            /* Retain any other flags in aclass */
+            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                | V_ASN1_UNIVERSAL;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        /* First work out sequence content length */
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            int tmplen;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+                return -1;
+            seqcontlen += tmplen;
+        }
+
+        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+        if (!out || seqlen == -1)
+            return seqlen;
+        /* Output SEQUENCE header */
+        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+        }
+        if (ndef == 2)
+            ASN1_put_eoc(out);
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        return seqlen;
+
+    default:
+        return 0;
+
+    }
+    return 0;
+}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+    int i, ret, flags, ttag, tclass, ndef;
+    ASN1_VALUE *tval;
+    flags = tt->flags;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    /*
+     * Work out tag and class to use: tagging may come either from the
+     * template or the arguments, not both because this would create
+     * ambiguity. Additionally the iclass argument may contain some
+     * additional flags which should be noted and passed down to other
+     * levels.
+     */
+    if (flags & ASN1_TFLG_TAG_MASK) {
+        /* Error if argument and template tagging */
+        if (tag != -1)
+            /* FIXME: error code here */
+            return -1;
+        /* Get tagging from template */
+        ttag = tt->tag;
+        tclass = flags & ASN1_TFLG_TAG_CLASS;
+    } else if (tag != -1) {
+        /* No template tagging, get from arguments */
+        ttag = tag;
+        tclass = iclass & ASN1_TFLG_TAG_CLASS;
+    } else {
+        ttag = -1;
+        tclass = 0;
+    }
+    /*
+     * Remove any class mask from iflag.
+     */
+    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    /*
+     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+     * class and iclass is any flags passed to this function.
+     */
+
+    /* if template and arguments require ndef, use it */
+    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+        ndef = 2;
+    else
+        ndef = 1;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int isset, sktag, skaclass;
+        int skcontlen, sklen;
+        ASN1_VALUE *skitem;
+
+        if (!*pval)
+            return 0;
+
+        if (flags & ASN1_TFLG_SET_OF) {
+            isset = 1;
+            /* 2 means we reorder */
+            if (flags & ASN1_TFLG_SEQUENCE_OF)
+                isset = 2;
+        } else
+            isset = 0;
+
+        /*
+         * Work out inner tag value: if EXPLICIT or no tagging use underlying
+         * type.
+         */
+        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+            sktag = ttag;
+            skaclass = tclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (isset)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+
+        /* Determine total length of items */
+        skcontlen = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+                return -1;
+            skcontlen += tmplen;
+        }
+        sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        if (sklen == -1)
+            return -1;
+        /* If EXPLICIT need length of surrounding tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ret = ASN1_object_size(ndef, sklen, ttag);
+        else
+            ret = sklen;
+
+        if (!out || ret == -1)
+            return ret;
+
+        /* Now encode this lot... */
+        /* EXPLICIT tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ASN1_put_object(out, ndef, sklen, ttag, tclass);
+        /* SET or SEQUENCE and IMPLICIT tag */
+        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+        /* And the stuff itself */
+        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                         isset, iclass);
+        if (ndef == 2) {
+            ASN1_put_eoc(out);
+            if (flags & ASN1_TFLG_EXPTAG)
+                ASN1_put_eoc(out);
+        }
+
+        return ret;
+    }
+
+    if (flags & ASN1_TFLG_EXPTAG) {
+        /* EXPLICIT tagging */
+        /* Find length of tagged item */
+        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+        if (!i)
+            return 0;
+        /* Find length of EXPLICIT tag */
+        ret = ASN1_object_size(ndef, i, ttag);
+        if (out && ret != -1) {
+            /* Output tag and item */
+            ASN1_put_object(out, ndef, i, ttag, tclass);
+            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ndef == 2)
+                ASN1_put_eoc(out);
+        }
+        return ret;
+    }
+
+    /* Either normal or IMPLICIT tagging: combine class and flags */
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+    unsigned char *data;
+    int length;
+    ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+    const DER_ENC *d1 = a, *d2 = b;
+    int cmplen, i;
+    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+    i = memcmp(d1->data, d2->data, cmplen);
+    if (i)
+        return i;
+    return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass)
+{
+    int i;
+    ASN1_VALUE *skitem;
+    unsigned char *tmpdat = NULL, *p = NULL;
+    DER_ENC *derlst = NULL, *tder;
+    if (do_sort) {
+        /* Don't need to sort less than 2 items */
+        if (sk_ASN1_VALUE_num(sk) < 2)
+            do_sort = 0;
+        else {
+            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                    * sizeof(*derlst));
+            if (derlst == NULL)
+                return 0;
+            tmpdat = OPENSSL_malloc(skcontlen);
+            if (tmpdat == NULL) {
+                OPENSSL_free(derlst);
+                return 0;
+            }
+        }
+    }
+    /* If not sorting just output each item */
+    if (!do_sort) {
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+        }
+        return 1;
+    }
+    p = tmpdat;
+
+    /* Doing sort: build up a list of each member's DER encoding */
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        skitem = sk_ASN1_VALUE_value(sk, i);
+        tder->data = p;
+        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+        tder->field = skitem;
+    }
+
+    /* Now sort them */
+    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+    /* Output sorted DER encoding */
+    p = *out;
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        memcpy(p, tder->data, tder->length);
+        p += tder->length;
+    }
+    *out = p;
+    /* If do_sort is 2 then reorder the STACK */
+    if (do_sort == 2) {
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+    }
+    OPENSSL_free(derlst);
+    OPENSSL_free(tmpdat);
+    return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass)
+{
+    int len;
+    int utype;
+    int usetag;
+    int ndef = 0;
+
+    utype = it->utype;
+
+    /*
+     * Get length of content octets and maybe find out the underlying type.
+     */
+
+    len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+    /*
+     * If SEQUENCE, SET or OTHER then header is included in pseudo content
+     * octets so don't include tag+length. We need to check here because the
+     * call to asn1_ex_i2c() could change utype.
+     */
+    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        (utype == V_ASN1_OTHER))
+        usetag = 0;
+    else
+        usetag = 1;
+
+    /* -1 means omit type */
+
+    if (len == -1)
+        return 0;
+
+    /* -2 return is special meaning use ndef */
+    if (len == -2) {
+        ndef = 2;
+        len = 0;
+    }
+
+    /* If not implicitly tagged get tag from underlying type */
+    if (tag == -1)
+        tag = utype;
+
+    /* Output tag+length followed by content octets */
+    if (out) {
+        if (usetag)
+            ASN1_put_object(out, ndef, len, tag, aclass);
+        asn1_ex_i2c(pval, *out, &utype, it);
+        if (ndef)
+            ASN1_put_eoc(out);
+        else
+            *out += len;
+    }
+
+    if (usetag)
+        return ASN1_object_size(ndef, len, tag);
+    return len;
+}
+
+/* Produce content octets from a structure */
+
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it)
+{
+    ASN1_BOOLEAN *tbool = NULL;
+    ASN1_STRING *strtmp;
+    ASN1_OBJECT *otmp;
+    int utype;
+    const unsigned char *cont;
+    unsigned char c;
+    int len;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (pf && pf->prim_i2c)
+        return pf->prim_i2c(pval, cout, putype, it);
+
+    /* Should type be omitted? */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        || (it->utype != V_ASN1_BOOLEAN)) {
+        if (!*pval)
+            return -1;
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        /* If MSTRING type set the underlying type */
+        strtmp = (ASN1_STRING *)*pval;
+        utype = strtmp->type;
+        *putype = utype;
+    } else if (it->utype == V_ASN1_ANY) {
+        /* If ANY set type and pointer to value */
+        ASN1_TYPE *typ;
+        typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        *putype = utype;
+        pval = &typ->value.asn1_value;
+    } else
+        utype = *putype;
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        otmp = (ASN1_OBJECT *)*pval;
+        cont = otmp->data;
+        len = otmp->length;
+        break;
+
+    case V_ASN1_NULL:
+        cont = NULL;
+        len = 0;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        tbool = (ASN1_BOOLEAN *)pval;
+        if (*tbool == -1)
+            return -1;
+        if (it->utype != V_ASN1_ANY) {
+            /*
+             * Default handling if value == size field then omit
+             */
+            if (*tbool && (it->size > 0))
+                return -1;
+            if (!*tbool && !it->size)
+                return -1;
+        }
+        c = (unsigned char)*tbool;
+        cont = &c;
+        len = 1;
+        break;
+
+    case V_ASN1_BIT_STRING:
+        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                   cout ? &cout : NULL);
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        /*
+         * These are all have the same content format as ASN1_INTEGER
+         */
+        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    default:
+        /* All based on ASN1_STRING and handled the same */
+        strtmp = (ASN1_STRING *)*pval;
+        /* Special handling for NDEF */
+        if ((it->size == ASN1_TFLG_NDEF)
+            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+            if (cout) {
+                strtmp->data = cout;
+                strtmp->length = 0;
+            }
+            /* Special return code */
+            return -2;
+        }
+        cont = strtmp->data;
+        len = strtmp->length;
+
+        break;
+
+    }
+    if (cout && len)
+        memcpy(cout, cont, len);
+    return len;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_fre.c b/openssl-1.1.0h/crypto/asn1/tasn_fre.c
new file mode 100644
index 0000000..bbce489
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_fre.c
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_locl.h"
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(pval, it, 0);
+}
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL, *seqtt;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    int i;
+
+    if (!pval)
+        return;
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_free(pval, it->templates);
+        else
+            asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+
+            tt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, tt);
+            asn1_template_free(pchval, tt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_free)
+            ef->asn1_ex_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+            return;
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        asn1_enc_free(pval, it);
+        /*
+         * If we free up as normal we will invalidate any ANY DEFINED BY
+         * field and we won't be able to determine the type of the field it
+         * defines. So free up in reverse order.
+         */
+        tt = it->templates + it->tcount;
+        for (i = 0; i < it->tcount; i++) {
+            ASN1_VALUE **pseqval;
+
+            tt--;
+            seqtt = asn1_do_adb(pval, tt, 0);
+            if (!seqtt)
+                continue;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            asn1_template_free(pseqval, seqtt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+    }
+}
+
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int i;
+
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
+
+            asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
+        }
+        sk_ASN1_VALUE_free(sk);
+        *pval = NULL;
+    } else {
+        asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
+    }
+}
+
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    int utype;
+
+    /* Special case: if 'it' is a primitive with a free_func, use that. */
+    if (it) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+
+        if (embed) {
+            if (pf && pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return;
+            }
+        } else if (pf && pf->prim_free) {
+            pf->prim_free(pval, it);
+            return;
+        }
+    }
+
+    /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */
+    if (!it) {
+        ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+
+        utype = typ->type;
+        pval = &typ->value.asn1_value;
+        if (!*pval)
+            return;
+    } else if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = -1;
+        if (!*pval)
+            return;
+    } else {
+        utype = it->utype;
+        if ((utype != V_ASN1_BOOLEAN) && !*pval)
+            return;
+    }
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (it)
+            *(ASN1_BOOLEAN *)pval = it->size;
+        else
+            *(ASN1_BOOLEAN *)pval = -1;
+        return;
+
+    case V_ASN1_NULL:
+        break;
+
+    case V_ASN1_ANY:
+        asn1_primitive_free(pval, NULL, 0);
+        OPENSSL_free(*pval);
+        break;
+
+    default:
+        asn1_string_embed_free((ASN1_STRING *)*pval, embed);
+        break;
+    }
+    *pval = NULL;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_new.c b/openssl-1.1.0h/crypto/asn1/tasn_new.c
new file mode 100644
index 0000000..11c8040
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_new.c
@@ -0,0 +1,348 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+#include "asn1_locl.h"
+
+static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                               int embed);
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+    ASN1_VALUE *ret = NULL;
+    if (ASN1_item_ex_new(&ret, it) > 0)
+        return ret;
+    return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    return asn1_item_embed_new(pval, it, 0);
+}
+
+int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_VALUE **pseqval;
+    int i;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new");
+#endif
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_new) {
+            if (!ef->asn1_ex_new(pval, it))
+                goto memerr;
+        }
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_new(pval, it->templates))
+                goto memerr;
+        } else if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        asn1_set_choice_selector(pval, -1, it);
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        /* 0 : init. lock */
+        if (asn1_do_lock(pval, 0, it) < 0) {
+            if (!embed) {
+                OPENSSL_free(*pval);
+                *pval = NULL;
+            }
+            goto memerr;
+        }
+        asn1_enc_init(pval, it);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            pseqval = asn1_get_field_ptr(pval, tt);
+            if (!asn1_template_new(pseqval, tt))
+                goto memerr2;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 1;
+
+ memerr2:
+    asn1_item_embed_free(pval, it, embed);
+ memerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+ auxerr2:
+    asn1_item_embed_free(pval, it, embed);
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_EXTERN_FUNCS *ef;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_clear)
+            ef->asn1_ex_clear(pval, it);
+        else
+            *pval = NULL;
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_clear(pval, it->templates);
+        else
+            asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        *pval = NULL;
+        break;
+    }
+}
+
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    int ret;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_OPTIONAL) {
+        asn1_template_clear(pval, tt);
+        return 1;
+    }
+    /* If ANY DEFINED BY nothing to do */
+
+    if (tt->flags & ASN1_TFLG_ADB_MASK) {
+        *pval = NULL;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(tt->field_name
+            ? tt->field_name : "asn1_template_new");
+#endif
+    /* If SET OF or SEQUENCE OF, its a STACK */
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *skval;
+        skval = sk_ASN1_VALUE_new_null();
+        if (!skval) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto done;
+        }
+        *pval = (ASN1_VALUE *)skval;
+        ret = 1;
+        goto done;
+    }
+    /* Otherwise pass it back to the item routine */
+    ret = asn1_item_embed_new(pval, it, embed);
+ done:
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    /* If ADB or STACK just NULL the field */
+    if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+        *pval = NULL;
+    else
+        asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+/*
+ * NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed)
+{
+    ASN1_TYPE *typ;
+    ASN1_STRING *str;
+    int utype;
+
+    if (!it)
+        return 0;
+
+    if (it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (embed) {
+            if (pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return 1;
+            }
+        } else if (pf->prim_new) {
+            return pf->prim_new(pval, it);
+        }
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING)
+        utype = -1;
+    else
+        utype = it->utype;
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+        return 1;
+
+    case V_ASN1_BOOLEAN:
+        *(ASN1_BOOLEAN *)pval = it->size;
+        return 1;
+
+    case V_ASN1_NULL:
+        *pval = (ASN1_VALUE *)1;
+        return 1;
+
+    case V_ASN1_ANY:
+        typ = OPENSSL_malloc(sizeof(*typ));
+        if (typ == NULL)
+            return 0;
+        typ->value.ptr = NULL;
+        typ->type = -1;
+        *pval = (ASN1_VALUE *)typ;
+        break;
+
+    default:
+        if (embed) {
+            str = *(ASN1_STRING **)pval;
+            memset(str, 0, sizeof(*str));
+            str->type = utype;
+            str->flags = ASN1_STRING_FLAG_EMBED;
+        } else {
+            str = ASN1_STRING_type_new(utype);
+            *pval = (ASN1_VALUE *)str;
+        }
+        if (it->itype == ASN1_ITYPE_MSTRING && str)
+            str->flags |= ASN1_STRING_FLAG_MSTRING;
+        break;
+    }
+    if (*pval)
+        return 1;
+    return 0;
+}
+
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int utype;
+    if (it && it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (pf->prim_clear)
+            pf->prim_clear(pval, it);
+        else
+            *pval = NULL;
+        return;
+    }
+    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        utype = -1;
+    else
+        utype = it->utype;
+    if (utype == V_ASN1_BOOLEAN)
+        *(ASN1_BOOLEAN *)pval = it->size;
+    else
+        *pval = NULL;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_prn.c b/openssl-1.1.0h/crypto/asn1/tasn_prn.c
new file mode 100644
index 0000000..53a9ee8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_prn.c
@@ -0,0 +1,538 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "asn1_locl.h"
+
+/*
+ * Print routines.
+ */
+
+/* ASN1_PCTX routines */
+
+static ASN1_PCTX default_pctx = {
+    ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
+    0,                          /* nm_flags */
+    0,                          /* cert_flags */
+    0,                          /* oid_flags */
+    0                           /* str_flags */
+};
+
+ASN1_PCTX *ASN1_PCTX_new(void)
+{
+    ASN1_PCTX *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ret;
+}
+
+void ASN1_PCTX_free(ASN1_PCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p)
+{
+    return p->nm_flags;
+}
+
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->nm_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p)
+{
+    return p->cert_flags;
+}
+
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->cert_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p)
+{
+    return p->oid_flags;
+}
+
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->oid_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p)
+{
+    return p->str_flags;
+}
+
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->str_flags = flags;
+}
+
+/* Main print routines */
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx);
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx);
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+{
+    const char *sname;
+    if (pctx == NULL)
+        pctx = &default_pctx;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    else
+        sname = it->sname;
+    return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx);
+}
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx)
+{
+    const ASN1_TEMPLATE *tt;
+    const ASN1_EXTERN_FUNCS *ef;
+    ASN1_VALUE **tmpfld;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_PRINT_ARG parg;
+    int i;
+    if (aux && aux->asn1_cb) {
+        parg.out = out;
+        parg.indent = indent;
+        parg.pctx = pctx;
+        asn1_cb = aux->asn1_cb;
+    } else
+        asn1_cb = 0;
+
+   if (((it->itype != ASN1_ITYPE_PRIMITIVE)
+       || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
+            if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                return 0;
+            if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_print_ctx(out, fld, indent,
+                                         it->templates, pctx))
+                return 0;
+            break;
+        }
+        /* fall through */
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        /* Use new style print routine if possible */
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_print) {
+            i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+            if (!i)
+                return 0;
+            if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+            return 1;
+        } else if (sname &&
+                   BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+            return 0;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        /* CHOICE type, get selector */
+        i = asn1_get_choice_selector(fld, it);
+        /* This should never happen... */
+        if ((i < 0) || (i >= it->tcount)) {
+            if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
+                return 0;
+            return 1;
+        }
+        tt = it->templates + i;
+        tmpfld = asn1_get_field_ptr(fld, tt);
+        if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        if (fname || sname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+                if (BIO_puts(out, " {\n") <= 0)
+                    return 0;
+            } else {
+                if (BIO_puts(out, "\n") <= 0)
+                    return 0;
+            }
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+            if (i == 0)
+                return 0;
+            if (i == 2)
+                return 1;
+        }
+
+        /* Print each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(fld, tt, 1);
+            if (!seqtt)
+                return 0;
+            tmpfld = asn1_get_field_ptr(fld, seqtt);
+            if (!asn1_template_print_ctx(out, tmpfld,
+                                         indent + 2, seqtt, pctx))
+                return 0;
+        }
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                return 0;
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+            if (i == 0)
+                return 0;
+        }
+        break;
+
+    default:
+        BIO_printf(out, "Unprocessed type %d\n", it->itype);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+{
+    int i, flags;
+    const char *sname, *fname;
+    ASN1_VALUE *tfld;
+    flags = tt->flags;
+    if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+        sname = ASN1_ITEM_ptr(tt->item)->sname;
+    else
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    else
+        fname = tt->field_name;
+
+    /*
+     * If field is embedded then fld needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tfld = (ASN1_VALUE *)fld;
+        fld = &tfld;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        char *tname;
+        ASN1_VALUE *skitem;
+        STACK_OF(ASN1_VALUE) *stack;
+
+        /* SET OF, SEQUENCE OF */
+        if (fname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
+                if (flags & ASN1_TFLG_SET_OF)
+                    tname = "SET";
+                else
+                    tname = "SEQUENCE";
+                if (BIO_printf(out, "%*s%s OF %s {\n",
+                               indent, "", tname, tt->field_name) <= 0)
+                    return 0;
+            } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0)
+                return 0;
+        }
+        stack = (STACK_OF(ASN1_VALUE) *)*fld;
+        for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
+            if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+
+            skitem = sk_ASN1_VALUE_value(stack, i);
+            if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                     ASN1_ITEM_ptr(tt->item), NULL, NULL, 1,
+                                     pctx))
+                return 0;
+        }
+        if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+            return 0;
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+    return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                               fname, sname, 0, pctx);
+}
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx)
+{
+    static const char spaces[] = "                    ";
+    static const int nspaces = sizeof(spaces) - 1;
+
+    while (indent > nspaces) {
+        if (BIO_write(out, spaces, nspaces) != nspaces)
+            return 0;
+        indent -= nspaces;
+    }
+    if (BIO_write(out, spaces, indent) != indent)
+        return 0;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    if (!sname && !fname)
+        return 1;
+    if (fname) {
+        if (BIO_puts(out, fname) <= 0)
+            return 0;
+    }
+    if (sname) {
+        if (fname) {
+            if (BIO_printf(out, " (%s)", sname) <= 0)
+                return 0;
+        } else {
+            if (BIO_puts(out, sname) <= 0)
+                return 0;
+        }
+    }
+    if (BIO_write(out, ": ", 2) != 2)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_boolean(BIO *out, int boolval)
+{
+    const char *str;
+    switch (boolval) {
+    case -1:
+        str = "BOOL ABSENT";
+        break;
+
+    case 0:
+        str = "FALSE";
+        break;
+
+    default:
+        str = "TRUE";
+        break;
+
+    }
+
+    if (BIO_puts(out, str) <= 0)
+        return 0;
+    return 1;
+
+}
+
+static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str)
+{
+    char *s;
+    int ret = 1;
+    s = i2s_ASN1_INTEGER(NULL, str);
+    if (s == NULL)
+        return 0;
+    if (BIO_puts(out, s) <= 0)
+        ret = 0;
+    OPENSSL_free(s);
+    return ret;
+}
+
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
+{
+    char objbuf[80];
+    const char *ln;
+    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+    if (!ln)
+        ln = "";
+    OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
+    if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent)
+{
+    if (str->type == V_ASN1_BIT_STRING) {
+        if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
+            return 0;
+    } else if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    if ((str->length > 0)
+        && BIO_dump_indent(out, (const char *)str->data, str->length,
+                           indent + 2) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+{
+    long utype;
+    ASN1_STRING *str;
+    int ret = 1, needlf = 1;
+    const char *pname;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+        return 0;
+    if (pf && pf->prim_print)
+        return pf->prim_print(out, fld, it, indent, pctx);
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        str = (ASN1_STRING *)*fld;
+        utype = str->type & ~V_ASN1_NEG;
+    } else {
+        utype = it->utype;
+        if (utype == V_ASN1_BOOLEAN)
+            str = NULL;
+        else
+            str = (ASN1_STRING *)*fld;
+    }
+    if (utype == V_ASN1_ANY) {
+        ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+        utype = atype->type;
+        fld = &atype->value.asn1_value;
+        str = (ASN1_STRING *)*fld;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+            pname = NULL;
+        else
+            pname = ASN1_tag2str(utype);
+    } else {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+            pname = ASN1_tag2str(utype);
+        else
+            pname = NULL;
+    }
+
+    if (utype == V_ASN1_NULL) {
+        if (BIO_puts(out, "NULL\n") <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (pname) {
+        if (BIO_puts(out, pname) <= 0)
+            return 0;
+        if (BIO_puts(out, ":") <= 0)
+            return 0;
+    }
+
+    switch (utype) {
+    case V_ASN1_BOOLEAN:
+        {
+            int boolval = *(int *)fld;
+            if (boolval == -1)
+                boolval = it->size;
+            ret = asn1_print_boolean(out, boolval);
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        ret = asn1_print_integer(out, str);
+        break;
+
+    case V_ASN1_UTCTIME:
+        ret = ASN1_UTCTIME_print(out, str);
+        break;
+
+    case V_ASN1_GENERALIZEDTIME:
+        ret = ASN1_GENERALIZEDTIME_print(out, str);
+        break;
+
+    case V_ASN1_OBJECT:
+        ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_BIT_STRING:
+        ret = asn1_print_obstring(out, str, indent);
+        needlf = 0;
+        break;
+
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_OTHER:
+        if (BIO_puts(out, "\n") <= 0)
+            return 0;
+        if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0)
+            ret = 0;
+        needlf = 0;
+        break;
+
+    default:
+        ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+
+    }
+    if (!ret)
+        return 0;
+    if (needlf && BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_scn.c b/openssl-1.1.0h/crypto/asn1/tasn_scn.c
new file mode 100644
index 0000000..e1df2cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_scn.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
+
+/*
+ * General ASN1 structure recursive scanner: iterate through all fields
+ * passing details to a callback.
+ */
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
+{
+    ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->scan_cb = scan_cb;
+    return ret;
+}
+
+void ASN1_SCTX_free(ASN1_SCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p)
+{
+    return p->it;
+}
+
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p)
+{
+    return p->tt;
+}
+
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data)
+{
+    p->app_data = data;
+}
+
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p)
+{
+    return p->app_data;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_typ.c b/openssl-1.1.0h/crypto/asn1/tasn_typ.c
new file mode 100644
index 0000000..98d9879
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_typ.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \
+    IMPLEMENT_ASN1_TYPE(sname) \
+    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \
+sname *sname##_new(void) \
+{ \
+    return ASN1_STRING_type_new(V_##sname); \
+} \
+void sname##_free(sname *x) \
+{ \
+    ASN1_STRING_free(x); \
+}
+
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/openssl-1.1.0h/crypto/asn1/tasn_utl.c b/openssl-1.1.0h/crypto/asn1/tasn_utl.c
new file mode 100644
index 0000000..f79d7d6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/tasn_utl.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <internal/cryptlib.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include "asn1_locl.h"
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/*
+ * Given an ASN1_ITEM CHOICE type return the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int *sel = offset2ptr(*pval, it->utype);
+    return *sel;
+}
+
+/*
+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it)
+{
+    int *sel, ret;
+    sel = offset2ptr(*pval, it->utype);
+    ret = *sel;
+    *sel = value;
+    return ret;
+}
+
+/*
+ * Do atomic reference counting. The value 'op' decides what to do.
+ * If it is +1 then the count is incremented.
+ * If |op| is 0, lock is initialised and count is set to 1.
+ * If |op| is -1, count is decremented and the return value is the current
+ * reference count or 0 if no reference count is active.
+ * It returns -1 on initialisation error.
+ * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
+ */
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    int *lck, ret;
+    CRYPTO_RWLOCK **lock;
+    if ((it->itype != ASN1_ITYPE_SEQUENCE)
+        && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+        return 0;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+        return 0;
+    lck = offset2ptr(*pval, aux->ref_offset);
+    lock = offset2ptr(*pval, aux->ref_lock);
+    if (op == 0) {
+        *lck = 1;
+        *lock = CRYPTO_THREAD_lock_new();
+        if (*lock == NULL) {
+            ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        return 1;
+    }
+    if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0)
+        return -1;  /* failed */
+#ifdef REF_PRINT
+    fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);
+#endif
+    REF_ASSERT_ISNT(ret < 0);
+    if (ret == 0) {
+        CRYPTO_THREAD_lock_free(*lock);
+        *lock = NULL;
+    }
+    return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    if (!pval || !*pval)
+        return NULL;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        return NULL;
+    return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        OPENSSL_free(enc->enc);
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc)
+        return 1;
+
+    OPENSSL_free(enc->enc);
+    enc->enc = OPENSSL_malloc(inlen);
+    if (enc->enc == NULL)
+        return 0;
+    memcpy(enc->enc, in, inlen);
+    enc->len = inlen;
+    enc->modified = 0;
+
+    return 1;
+}
+
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc || enc->modified)
+        return 0;
+    if (out) {
+        memcpy(*out, enc->enc, enc->len);
+        *out += enc->len;
+    }
+    if (len)
+        *len = enc->len;
+    return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    ASN1_VALUE **pvaltmp;
+    pvaltmp = offset2ptr(*pval, tt->offset);
+    /*
+     * NOTE for BOOLEAN types the field is just a plain int so we can't
+     * return int **, so settle for (int *).
+     */
+    return pvaltmp;
+}
+
+/*
+ * Handle ANY DEFINED BY template, find the selector, look up the relevant
+ * ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr)
+{
+    const ASN1_ADB *adb;
+    const ASN1_ADB_TABLE *atbl;
+    long selector;
+    ASN1_VALUE **sfld;
+    int i;
+    if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+        return tt;
+
+    /* Else ANY DEFINED BY ... get the table */
+    adb = ASN1_ADB_ptr(tt->item);
+
+    /* Get the selector field */
+    sfld = offset2ptr(*pval, adb->offset);
+
+    /* Check if NULL */
+    if (*sfld == NULL) {
+        if (!adb->null_tt)
+            goto err;
+        return adb->null_tt;
+    }
+
+    /*
+     * Convert type to a long: NB: don't check for NID_undef here because it
+     * might be a legitimate value in the table
+     */
+    if (tt->flags & ASN1_TFLG_ADB_OID)
+        selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+    else
+        selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+    /* Let application callback translate value */
+    if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) {
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+    }
+
+    /*
+     * Try to find matching entry in table Maybe should check application
+     * types first to allow application override? Might also be useful to
+     * have a flag which indicates table is sorted and we can do a binary
+     * search. For now stick to a linear search.
+     */
+
+    for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+        if (atbl->value == selector)
+            return &atbl->tt;
+
+    /* FIXME: need to search application table too */
+
+    /* No match, return default type */
+    if (!adb->default_tt)
+        goto err;
+    return adb->default_tt;
+
+ err:
+    /* FIXME: should log the value or OID of unsupported type */
+    if (nullerr)
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_algor.c b/openssl-1.1.0h/crypto/asn1/x_algor.c
new file mode 100644
index 0000000..72378db
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_algor.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "internal/evp_int.h"
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+{
+    if (!alg)
+        return 0;
+    if (ptype != V_ASN1_UNDEF) {
+        if (alg->parameter == NULL)
+            alg->parameter = ASN1_TYPE_new();
+        if (alg->parameter == NULL)
+            return 0;
+    }
+    if (alg) {
+        ASN1_OBJECT_free(alg->algorithm);
+        alg->algorithm = aobj;
+    }
+    if (ptype == 0)
+        return 1;
+    if (ptype == V_ASN1_UNDEF) {
+        ASN1_TYPE_free(alg->parameter);
+        alg->parameter = NULL;
+    } else
+        ASN1_TYPE_set(alg->parameter, ptype, pval);
+    return 1;
+}
+
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor)
+{
+    if (paobj)
+        *paobj = algor->algorithm;
+    if (pptype) {
+        if (algor->parameter == NULL) {
+            *pptype = V_ASN1_UNDEF;
+            return;
+        } else
+            *pptype = algor->parameter->type;
+        if (ppval)
+            *ppval = algor->parameter->value.ptr;
+    }
+}
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+{
+    int param_type;
+
+    if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
+        param_type = V_ASN1_UNDEF;
+    else
+        param_type = V_ASN1_NULL;
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+{
+    int rv;
+    rv = OBJ_cmp(a->algorithm, b->algorithm);
+    if (rv)
+        return rv;
+    if (!a->parameter && !b->parameter)
+        return 0;
+    return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_bignum.c b/openssl-1.1.0h/crypto/asn1/x_bignum.c
new file mode 100644
index 0000000..da57e77
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_bignum.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/*
+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER
+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem
+ * since all BIGNUMs used are non negative and anything that looks negative
+ * is normally due to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+    NULL, 0,
+    bn_new,
+    bn_free,
+    0,
+    bn_c2i,
+    bn_i2c,
+    bn_print
+};
+
+static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
+    NULL, 0,
+    bn_secure_new,
+    bn_free,
+    0,
+    bn_secure_c2i,
+    bn_i2c,
+    bn_print
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_secure_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if (!*pval)
+        return;
+    if (it->size & BN_SENSITIVE)
+        BN_clear_free((BIGNUM *)*pval);
+    else
+        BN_free((BIGNUM *)*pval);
+    *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+    int pad;
+    if (!*pval)
+        return -1;
+    bn = (BIGNUM *)*pval;
+    /* If MSB set in an octet we need a padding byte */
+    if (BN_num_bits(bn) & 0x7)
+        pad = 0;
+    else
+        pad = 1;
+    if (cont) {
+        if (pad)
+            *cont++ = 0;
+        BN_bn2bin(bn, cont);
+    }
+    return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+
+    if (*pval == NULL && !bn_new(pval, it))
+        return 0;
+    bn = (BIGNUM *)*pval;
+    if (!BN_bin2bn(cont, len, bn)) {
+        bn_free(pval, it);
+        return 0;
+    }
+    return 1;
+}
+
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    if (!*pval)
+        bn_secure_new(pval, it);
+    return bn_c2i(pval, cont, len, utype, free_cont, it);
+}
+
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx)
+{
+    if (!BN_print(out, *(BIGNUM **)pval))
+        return 0;
+    if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_info.c b/openssl-1.1.0h/crypto/asn1/x_info.c
new file mode 100644
index 0000000..8d99f07
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_info.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+{
+    X509_INFO *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void X509_INFO_free(X509_INFO *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_free(x->x509);
+    X509_CRL_free(x->crl);
+    X509_PKEY_free(x->x_pkey);
+    OPENSSL_free(x->enc_data);
+    OPENSSL_free(x);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_int64.c b/openssl-1.1.0h/crypto/asn1/x_int64.c
new file mode 100644
index 0000000..4433167
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_int64.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/asn1t.h"
+#include "internal/numbers.h"
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED       (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t));
+    if (*pval == NULL)
+        return 0;
+    return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint64_t **)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint64_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint64_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int64_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+            && !neg && utmp > INT64_MAX) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (neg)
+        /* c2i_uint64_int() returns positive values */
+        utmp = 0 - utmp;
+    memcpy(cp, &utmp, sizeof(utmp));
+    return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval);
+    return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t));
+    if (*pval == NULL)
+        return 0;
+    return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint32_t **)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint32_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint32_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int32_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+/*
+ * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
+ * overflow warnings.
+ */
+
+#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    uint32_t utmp2 = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if (neg) {
+        if (utmp > ABS_INT32_MIN) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+        utmp = 0 - utmp;
+    } else {
+        if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
+            || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+    utmp2 = (uint32_t)utmp;
+    memcpy(cp, &utmp2, sizeof(utmp2));
+    return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%d\n", **(int32_t **)pval);
+    return BIO_printf(out, "%u\n", **(uint32_t **)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+    NULL, 0,
+    uint32_new,
+    uint32_free,
+    uint32_clear,
+    uint32_c2i,
+    uint32_i2c,
+    uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+    NULL, 0,
+    uint64_new,
+    uint64_free,
+    uint64_clear,
+    uint64_c2i,
+    uint64_i2c,
+    uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/openssl-1.1.0h/crypto/asn1/x_long.c b/openssl-1.1.0h/crypto/asn1/x_long.c
new file mode 100644
index 0000000..5895345
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_long.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+
+/*
+ * Custom primitive type for long handling. This converts between an
+ * ASN1_INTEGER and a long directly.
+ */
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+    NULL, 0,
+    long_new,
+    long_free,
+    long_free,                  /* Clear should set to initial value */
+    long_c2i,
+    long_i2c,
+    long_print
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *(long *)pval = it->size;
+    return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *(long *)pval = it->size;
+}
+
+/*
+ * Originally BN_num_bits_word was called to perform this operation, but
+ * trouble is that there is no guarantee that sizeof(long) equals to
+ * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide
+ * as long, but also double or half...
+ */
+static int num_bits_ulong(unsigned long value)
+{
+    size_t i;
+    unsigned long ret = 0;
+
+    /*
+     * It is argued that *on average* constant counter loop performs
+     * not worse [if not better] than one with conditional break or
+     * mask-n-table-lookup-style, because of branch misprediction
+     * penalties.
+     */
+    for (i = 0; i < sizeof(value) * 8; i++) {
+        ret += (value != 0);
+        value >>= 1;
+    }
+
+    return (int)ret;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    long ltmp;
+    unsigned long utmp, sign;
+    int clen, pad, i;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)pval;
+
+    /* use memcpy, because we may not be long aligned */
+    memcpy(&ltmp, cp, sizeof(long));
+
+    if (ltmp == it->size)
+        return -1;
+    /*
+     * Convert the long to positive: we subtract one if negative so we can
+     * cleanly handle the padding if only the MSB of the leading octet is
+     * set.
+     */
+    if (ltmp < 0) {
+        sign = 0xff;
+        utmp = 0 - (unsigned long)ltmp - 1;
+    } else {
+        sign = 0;
+        utmp = ltmp;
+    }
+    clen = num_bits_ulong(utmp);
+    /* If MSB of leading octet set we need to pad */
+    if (!(clen & 0x7))
+        pad = 1;
+    else
+        pad = 0;
+
+    /* Convert number of bits to number of octets */
+    clen = (clen + 7) >> 3;
+
+    if (cont != NULL) {
+        if (pad)
+            *cont++ = (unsigned char)sign;
+        for (i = clen - 1; i >= 0; i--) {
+            cont[i] = (unsigned char)(utmp ^ sign);
+            utmp >>= 8;
+        }
+    }
+    return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    int i;
+    long ltmp;
+    unsigned long utmp = 0, sign = 0x100;
+    char *cp = (char *)pval;
+
+    if (len > 1) {
+        /*
+         * Check possible pad byte.  Worst case, we're skipping past actual
+         * content, but since that's only with 0x00 and 0xff and we set neg
+         * accordingly, the result will be correct in the end anyway.
+         */
+        switch (cont[0]) {
+        case 0xff:
+            cont++;
+            len--;
+            sign = 0xff;
+            break;
+        case 0:
+            cont++;
+            len--;
+            sign = 0;
+            break;
+        }
+    }
+    if (len > (int)sizeof(long)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+
+    if (sign == 0x100) {
+        /* Is it negative? */
+        if (len && (cont[0] & 0x80))
+            sign = 0xff;
+        else
+            sign = 0;
+    } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+    utmp = 0;
+    for (i = 0; i < len; i++) {
+        utmp <<= 8;
+        utmp |= cont[i] ^ sign;
+    }
+    ltmp = (long)utmp;
+    if (ltmp < 0) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    if (sign)
+        ltmp = -ltmp - 1;
+    if (ltmp == it->size) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    memcpy(cp, &ltmp, sizeof(long));
+    return 1;
+}
+
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx)
+{
+    return BIO_printf(out, "%ld\n", *(long *)pval);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_pkey.c b/openssl-1.1.0h/crypto/asn1/x_pkey.c
new file mode 100644
index 0000000..593049f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_pkey.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+X509_PKEY *X509_PKEY_new(void)
+{
+    X509_PKEY *ret = NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->enc_algor = X509_ALGOR_new();
+    ret->enc_pkey = ASN1_OCTET_STRING_new();
+    if (ret->enc_algor == NULL || ret->enc_pkey == NULL)
+        goto err;
+
+    return ret;
+err:
+    X509_PKEY_free(ret);
+    ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void X509_PKEY_free(X509_PKEY *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_ALGOR_free(x->enc_algor);
+    ASN1_OCTET_STRING_free(x->enc_pkey);
+    EVP_PKEY_free(x->dec_pkey);
+    if (x->key_free)
+        OPENSSL_free(x->key_data);
+    OPENSSL_free(x);
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_sig.c b/openssl-1.1.0h/crypto/asn1/x_sig.c
new file mode 100644
index 0000000..e465cf2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_sig.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
+
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
diff --git a/openssl-1.1.0h/crypto/asn1/x_spki.c b/openssl-1.1.0h/crypto/asn1/x_spki.c
new file mode 100644
index 0000000..c45400b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_spki.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /*
+  * This module was send to me my Pat Richards <patr@x509.com> who wrote it.
+  * It is under my Copyright with his permission
+  */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/openssl-1.1.0h/crypto/asn1/x_val.c b/openssl-1.1.0h/crypto/asn1/x_val.c
new file mode 100644
index 0000000..d1f1d3b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/asn1/x_val.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/openssl-1.1.0h/crypto/async/arch/async_null.c b/openssl-1.1.0h/crypto/async/arch/async_null.c
new file mode 100644
index 0000000..3eaf170
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_null.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_NULL
+int ASYNC_is_capable(void)
+{
+    return 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+#endif
+
diff --git a/openssl-1.1.0h/crypto/async/arch/async_null.h b/openssl-1.1.0h/crypto/async/arch/async_null.h
new file mode 100644
index 0000000..aef40b5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_null.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+/*
+ * If we haven't managed to detect any other async architecture then we default
+ * to NULL.
+ */
+#ifndef ASYNC_ARCH
+# define ASYNC_NULL
+# define ASYNC_ARCH
+
+typedef struct async_fibre_st {
+    int dummy;
+} async_fibre;
+
+
+# define async_fibre_swapcontext(o,n,r)         0
+# define async_fibre_makecontext(c)             0
+# define async_fibre_free(f)
+# define async_fibre_init_dispatcher(f)
+
+#endif
diff --git a/openssl-1.1.0h/crypto/async/arch/async_posix.c b/openssl-1.1.0h/crypto/async/arch/async_posix.c
new file mode 100644
index 0000000..02c342d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_posix.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_POSIX
+
+# include <stddef.h>
+# include <unistd.h>
+
+#define STACKSIZE       32768
+
+int ASYNC_is_capable(void)
+{
+    ucontext_t ctx;
+
+    /*
+     * Some platforms provide getcontext() but it does not work (notably
+     * MacOSX PPC64). Check for a working getcontext();
+     */
+    return getcontext(&ctx) == 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+
+int async_fibre_makecontext(async_fibre *fibre)
+{
+    fibre->env_init = 0;
+    if (getcontext(&fibre->fibre) == 0) {
+        fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
+        if (fibre->fibre.uc_stack.ss_sp != NULL) {
+            fibre->fibre.uc_stack.ss_size = STACKSIZE;
+            fibre->fibre.uc_link = NULL;
+            makecontext(&fibre->fibre, async_start_func, 0);
+            return 1;
+        }
+    } else {
+        fibre->fibre.uc_stack.ss_sp = NULL;
+    }
+    return 0;
+}
+
+void async_fibre_free(async_fibre *fibre)
+{
+    OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
+    fibre->fibre.uc_stack.ss_sp = NULL;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/async/arch/async_posix.h b/openssl-1.1.0h/crypto/async/arch/async_posix.h
new file mode 100644
index 0000000..76937a9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_posix.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_UNIX) \
+    && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
+    && !defined(__ANDROID__) && !defined(__OpenBSD__)
+
+# include <unistd.h>
+
+# if _POSIX_VERSION >= 200112L
+
+# include <pthread.h>
+
+#  define ASYNC_POSIX
+#  define ASYNC_ARCH
+
+#  include <ucontext.h>
+#  include <setjmp.h>
+#  include "e_os.h"
+
+typedef struct async_fibre_st {
+    ucontext_t fibre;
+    jmp_buf env;
+    int env_init;
+} async_fibre;
+
+static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
+{
+    o->env_init = 1;
+
+    if (!r || !_setjmp(o->env)) {
+        if (n->env_init)
+            _longjmp(n->env, 1);
+        else
+            setcontext(&n->fibre);
+    }
+
+    return 1;
+}
+
+#  define async_fibre_init_dispatcher(d)
+
+int async_fibre_makecontext(async_fibre *fibre);
+void async_fibre_free(async_fibre *fibre);
+
+# endif
+#endif
+#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */
diff --git a/openssl-1.1.0h/crypto/async/arch/async_win.c b/openssl-1.1.0h/crypto/async/arch/async_win.c
new file mode 100644
index 0000000..077d56c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_win.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_locl.h"
+
+#ifdef ASYNC_WIN
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+int ASYNC_is_capable(void)
+{
+    return 1;
+}
+
+void async_local_cleanup(void)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx != NULL) {
+        async_fibre *fibre = &ctx->dispatcher;
+        if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
+            ConvertFiberToThread();
+            fibre->fibre = NULL;
+        }
+    }
+}
+
+int async_fibre_init_dispatcher(async_fibre *fibre)
+{
+    fibre->fibre = ConvertThreadToFiber(NULL);
+    if (fibre->fibre == NULL) {
+        fibre->converted = 0;
+        fibre->fibre = GetCurrentFiber();
+        if (fibre->fibre == NULL)
+            return 0;
+    } else {
+        fibre->converted = 1;
+    }
+
+    return 1;
+}
+
+VOID CALLBACK async_start_func_win(PVOID unused)
+{
+    async_start_func();
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/async/arch/async_win.h b/openssl-1.1.0h/crypto/async/arch/async_win.h
new file mode 100644
index 0000000..61cfdd7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/arch/async_win.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the same detection used in cryptlib to set up the thread local
+ * storage that we depend on, so just copy that
+ */
+#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC)
+#include <openssl/async.h>
+# define ASYNC_WIN
+# define ASYNC_ARCH
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+typedef struct async_fibre_st {
+    LPVOID fibre;
+    int converted;
+} async_fibre;
+
+# define async_fibre_swapcontext(o,n,r) \
+        (SwitchToFiber((n)->fibre), 1)
+# define async_fibre_makecontext(c) \
+        ((c)->fibre = CreateFiber(0, async_start_func_win, 0))
+# define async_fibre_free(f)             (DeleteFiber((f)->fibre))
+
+int async_fibre_init_dispatcher(async_fibre *fibre);
+VOID CALLBACK async_start_func_win(PVOID unused);
+
+#endif
diff --git a/openssl-1.1.0h/crypto/async/async.c b/openssl-1.1.0h/crypto/async/async.c
new file mode 100644
index 0000000..9a4e6b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/async.c
@@ -0,0 +1,433 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Without this we start getting longjmp crashes because it thinks we're jumping
+ * up the stack when in fact we are jumping to an entirely different stack. The
+ * cost of this is not having certain buffer overrun/underrun checks etc for
+ * this source file :-(
+ */
+#undef _FORTIFY_SOURCE
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+#include <internal/cryptlib_int.h>
+#include <string.h>
+
+#define ASYNC_JOB_RUNNING   0
+#define ASYNC_JOB_PAUSING   1
+#define ASYNC_JOB_PAUSED    2
+#define ASYNC_JOB_STOPPING  3
+
+static CRYPTO_THREAD_LOCAL ctxkey;
+static CRYPTO_THREAD_LOCAL poolkey;
+
+static void async_free_pool_internal(async_pool *pool);
+
+static async_ctx *async_ctx_new(void)
+{
+    async_ctx *nctx = NULL;
+
+    nctx = OPENSSL_malloc(sizeof(async_ctx));
+    if (nctx == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    async_fibre_init_dispatcher(&nctx->dispatcher);
+    nctx->currjob = NULL;
+    nctx->blocked = 0;
+    if (!CRYPTO_THREAD_set_local(&ctxkey, nctx))
+        goto err;
+
+    return nctx;
+err:
+    OPENSSL_free(nctx);
+
+    return NULL;
+}
+
+async_ctx *async_get_ctx(void)
+{
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return NULL;
+
+    return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
+}
+
+static int async_ctx_free(void)
+{
+    async_ctx *ctx;
+
+    ctx = async_get_ctx();
+
+    if (!CRYPTO_THREAD_set_local(&ctxkey, NULL))
+        return 0;
+
+    OPENSSL_free(ctx);
+
+    return 1;
+}
+
+static ASYNC_JOB *async_job_new(void)
+{
+    ASYNC_JOB *job = NULL;
+
+    job = OPENSSL_zalloc(sizeof(ASYNC_JOB));
+    if (job == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    job->status = ASYNC_JOB_RUNNING;
+
+    return job;
+}
+
+static void async_job_free(ASYNC_JOB *job)
+{
+    if (job != NULL) {
+        OPENSSL_free(job->funcargs);
+        async_fibre_free(&job->fibrectx);
+        OPENSSL_free(job);
+    }
+}
+
+static ASYNC_JOB *async_get_pool_job(void) {
+    ASYNC_JOB *job;
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    if (pool == NULL) {
+        /*
+         * Pool has not been initialised, so init with the defaults, i.e.
+         * no max size and no pre-created jobs
+         */
+        if (ASYNC_init_thread(0, 0) == 0)
+            return NULL;
+        pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    }
+
+    job = sk_ASYNC_JOB_pop(pool->jobs);
+    if (job == NULL) {
+        /* Pool is empty */
+        if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size))
+            return NULL;
+
+        job = async_job_new();
+        if (job != NULL) {
+            if (! async_fibre_makecontext(&job->fibrectx)) {
+                async_job_free(job);
+                return NULL;
+            }
+            pool->curr_size++;
+        }
+    }
+    return job;
+}
+
+static void async_release_job(ASYNC_JOB *job) {
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    OPENSSL_free(job->funcargs);
+    job->funcargs = NULL;
+    sk_ASYNC_JOB_push(pool->jobs, job);
+}
+
+void async_start_func(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    while (1) {
+        /* Run the job */
+        job = ctx->currjob;
+        job->ret = job->func(job->funcargs);
+
+        /* Stop the job */
+        job->status = ASYNC_JOB_STOPPING;
+        if (!async_fibre_swapcontext(&job->fibrectx,
+                                     &ctx->dispatcher, 1)) {
+            /*
+             * Should not happen. Getting here will close the thread...can't do
+             * much about it
+             */
+            ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        }
+    }
+}
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
+                    int (*func)(void *), void *args, size_t size)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx == NULL)
+        ctx = async_ctx_new();
+    if (ctx == NULL) {
+        return ASYNC_ERR;
+    }
+
+    if (*job) {
+        ctx->currjob = *job;
+    }
+
+    for (;;) {
+        if (ctx->currjob != NULL) {
+            if (ctx->currjob->status == ASYNC_JOB_STOPPING) {
+                *ret = ctx->currjob->ret;
+                ctx->currjob->waitctx = NULL;
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                *job = NULL;
+                return ASYNC_FINISH;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSING) {
+                *job = ctx->currjob;
+                ctx->currjob->status = ASYNC_JOB_PAUSED;
+                ctx->currjob = NULL;
+                return ASYNC_PAUSE;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSED) {
+                ctx->currjob = *job;
+                /* Resume previous job */
+                if (!async_fibre_swapcontext(&ctx->dispatcher,
+                        &ctx->currjob->fibrectx, 1)) {
+                    ASYNCerr(ASYNC_F_ASYNC_START_JOB,
+                             ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+                    goto err;
+                }
+                continue;
+            }
+
+            /* Should not happen */
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR);
+            async_release_job(ctx->currjob);
+            ctx->currjob = NULL;
+            *job = NULL;
+            return ASYNC_ERR;
+        }
+
+        /* Start a new job */
+        if ((ctx->currjob = async_get_pool_job()) == NULL) {
+            return ASYNC_NO_JOBS;
+        }
+
+        if (args != NULL) {
+            ctx->currjob->funcargs = OPENSSL_malloc(size);
+            if (ctx->currjob->funcargs == NULL) {
+                ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE);
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                return ASYNC_ERR;
+            }
+            memcpy(ctx->currjob->funcargs, args, size);
+        } else {
+            ctx->currjob->funcargs = NULL;
+        }
+
+        ctx->currjob->func = func;
+        ctx->currjob->waitctx = wctx;
+        if (!async_fibre_swapcontext(&ctx->dispatcher,
+                &ctx->currjob->fibrectx, 1)) {
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+            goto err;
+        }
+    }
+
+err:
+    async_release_job(ctx->currjob);
+    ctx->currjob = NULL;
+    *job = NULL;
+    return ASYNC_ERR;
+}
+
+int ASYNC_pause_job(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    if (ctx == NULL
+            || ctx->currjob == NULL
+            || ctx->blocked) {
+        /*
+         * Could be we've deliberately not been started within a job so this is
+         * counted as success.
+         */
+        return 1;
+    }
+
+    job = ctx->currjob;
+    job->status = ASYNC_JOB_PAUSING;
+
+    if (!async_fibre_swapcontext(&job->fibrectx,
+                                 &ctx->dispatcher, 1)) {
+        ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        return 0;
+    }
+    /* Reset counts of added and deleted fds */
+    async_wait_ctx_reset_counts(job->waitctx);
+
+    return 1;
+}
+
+static void async_empty_pool(async_pool *pool)
+{
+    ASYNC_JOB *job;
+
+    if (!pool || !pool->jobs)
+        return;
+
+    do {
+        job = sk_ASYNC_JOB_pop(pool->jobs);
+        async_job_free(job);
+    } while (job);
+}
+
+int async_init(void)
+{
+    if (!CRYPTO_THREAD_init_local(&ctxkey, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) {
+        CRYPTO_THREAD_cleanup_local(&ctxkey);
+        return 0;
+    }
+
+    return 1;
+}
+
+void async_deinit(void)
+{
+    CRYPTO_THREAD_cleanup_local(&ctxkey);
+    CRYPTO_THREAD_cleanup_local(&poolkey);
+}
+
+int ASYNC_init_thread(size_t max_size, size_t init_size)
+{
+    async_pool *pool;
+    size_t curr_size = 0;
+
+    if (init_size > max_size) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE);
+        return 0;
+    }
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) {
+        return 0;
+    }
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
+        return 0;
+    }
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
+    if (pool == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pool->jobs = sk_ASYNC_JOB_new_null();
+    if (pool->jobs == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(pool);
+        return 0;
+    }
+
+    pool->max_size = max_size;
+
+    /* Pre-create jobs as required */
+    while (init_size--) {
+        ASYNC_JOB *job;
+        job = async_job_new();
+        if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) {
+            /*
+             * Not actually fatal because we already created the pool, just
+             * skip creation of any more jobs
+             */
+            async_job_free(job);
+            break;
+        }
+        job->funcargs = NULL;
+        sk_ASYNC_JOB_push(pool->jobs, job);
+        curr_size++;
+    }
+    pool->curr_size = curr_size;
+    if (!CRYPTO_THREAD_set_local(&poolkey, pool)) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL);
+        goto err;
+    }
+
+    return 1;
+err:
+    async_free_pool_internal(pool);
+    return 0;
+}
+
+static void async_free_pool_internal(async_pool *pool)
+{
+    if (pool == NULL)
+        return;
+
+    async_empty_pool(pool);
+    sk_ASYNC_JOB_free(pool->jobs);
+    OPENSSL_free(pool);
+    CRYPTO_THREAD_set_local(&poolkey, NULL);
+    async_local_cleanup();
+    async_ctx_free();
+}
+
+void ASYNC_cleanup_thread(void)
+{
+    async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey));
+}
+
+ASYNC_JOB *ASYNC_get_current_job(void)
+{
+    async_ctx *ctx;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        return NULL;
+
+    return ctx->currjob;
+}
+
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
+{
+    return job->waitctx;
+}
+
+void ASYNC_block_pause(void)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    ctx->blocked++;
+}
+
+void ASYNC_unblock_pause(void)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    if (ctx->blocked > 0)
+        ctx->blocked--;
+}
diff --git a/openssl-1.1.0h/crypto/async/async_err.c b/openssl-1.1.0h/crypto/async/async_err.c
new file mode 100644
index 0000000..ae97e96
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/async_err.c
@@ -0,0 +1,51 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/async.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASYNC,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASYNC,0,reason)
+
+static ERR_STRING_DATA ASYNC_str_functs[] = {
+    {ERR_FUNC(ASYNC_F_ASYNC_CTX_NEW), "async_ctx_new"},
+    {ERR_FUNC(ASYNC_F_ASYNC_INIT_THREAD), "ASYNC_init_thread"},
+    {ERR_FUNC(ASYNC_F_ASYNC_JOB_NEW), "async_job_new"},
+    {ERR_FUNC(ASYNC_F_ASYNC_PAUSE_JOB), "ASYNC_pause_job"},
+    {ERR_FUNC(ASYNC_F_ASYNC_START_FUNC), "async_start_func"},
+    {ERR_FUNC(ASYNC_F_ASYNC_START_JOB), "ASYNC_start_job"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA ASYNC_str_reasons[] = {
+    {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"},
+    {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"},
+    {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASYNC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ASYNC_str_functs);
+        ERR_load_strings(0, ASYNC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/async/async_locl.h b/openssl-1.1.0h/crypto/async/async_locl.h
new file mode 100644
index 0000000..f0ac05a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/async_locl.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Must do this before including any header files, because on MacOS/X <stlib.h>
+ * includes <signal.h> which includes <ucontext.h>
+ */
+#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE)
+# define _XOPEN_SOURCE          /* Otherwise incomplete ucontext_t structure */
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <internal/async.h>
+#include <openssl/crypto.h>
+
+typedef struct async_ctx_st async_ctx;
+typedef struct async_pool_st async_pool;
+
+#include "arch/async_win.h"
+#include "arch/async_posix.h"
+#include "arch/async_null.h"
+
+struct async_ctx_st {
+    async_fibre dispatcher;
+    ASYNC_JOB *currjob;
+    unsigned int blocked;
+};
+
+struct async_job_st {
+    async_fibre fibrectx;
+    int (*func) (void *);
+    void *funcargs;
+    int ret;
+    int status;
+    ASYNC_WAIT_CTX *waitctx;
+};
+
+struct fd_lookup_st {
+    const void *key;
+    OSSL_ASYNC_FD fd;
+    void *custom_data;
+    void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *);
+    int add;
+    int del;
+    struct fd_lookup_st *next;
+};
+
+struct async_wait_ctx_st {
+    struct fd_lookup_st *fds;
+    size_t numadd;
+    size_t numdel;
+};
+
+DEFINE_STACK_OF(ASYNC_JOB)
+
+struct async_pool_st {
+    STACK_OF(ASYNC_JOB) *jobs;
+    size_t curr_size;
+    size_t max_size;
+};
+
+void async_local_cleanup(void);
+void async_start_func(void);
+async_ctx *async_get_ctx(void);
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx);
+
diff --git a/openssl-1.1.0h/crypto/async/async_wait.c b/openssl-1.1.0h/crypto/async/async_wait.c
new file mode 100644
index 0000000..0a0bf87
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/async_wait.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "async_locl.h"
+
+#include <openssl/err.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX));
+}
+
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr;
+    struct fd_lookup_st *next;
+
+    if (ctx == NULL)
+        return;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (!curr->del) {
+            /* Only try and cleanup if it hasn't been marked deleted */
+            if (curr->cleanup != NULL)
+                curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data);
+        }
+        /* Always free the fd_lookup_st */
+        next = curr->next;
+        OPENSSL_free(curr);
+        curr = next;
+    }
+
+    OPENSSL_free(ctx);
+}
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd, void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *))
+{
+    struct fd_lookup_st *fdlookup;
+
+    fdlookup = OPENSSL_zalloc(sizeof(*fdlookup));
+    if (fdlookup == NULL)
+        return 0;
+
+    fdlookup->key = key;
+    fdlookup->fd = fd;
+    fdlookup->custom_data = custom_data;
+    fdlookup->cleanup = cleanup;
+    fdlookup->add = 1;
+    fdlookup->next = ctx->fds;
+    ctx->fds = fdlookup;
+    ctx->numadd++;
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            *fd = curr->fd;
+            *custom_data = curr->custom_data;
+            return 1;
+        }
+        curr = curr->next;
+    }
+    return 0;
+}
+
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    *numfds = 0;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (fd != NULL) {
+            *fd = curr->fd;
+            fd++;
+        }
+        (*numfds)++;
+        curr = curr->next;
+    }
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds)
+{
+    struct fd_lookup_st *curr;
+
+    *numaddfds = ctx->numadd;
+    *numdelfds = ctx->numdel;
+    if (addfd == NULL && delfd == NULL)
+        return 1;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        /* We ignore fds that have been marked as both added and deleted */
+        if (curr->del && !curr->add && (delfd != NULL)) {
+            *delfd = curr->fd;
+            delfd++;
+        }
+        if (curr->add && !curr->del && (addfd != NULL)) {
+            *addfd = curr->fd;
+            addfd++;
+        }
+        curr = curr->next;
+    }
+
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
+{
+    struct fd_lookup_st *curr, *prev;
+
+    curr = ctx->fds;
+    prev = NULL;
+    while (curr != NULL) {
+        if (curr->del == 1) {
+            /* This one has been marked deleted already so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            /* If fd has just been added, remove it from the list */
+            if (curr->add == 1) {
+                if (ctx->fds == curr) {
+                    ctx->fds = curr->next;
+                } else {
+                    prev->next = curr->next;
+                }
+
+                /* It is responsibility of the caller to cleanup before calling
+                 * ASYNC_WAIT_CTX_clear_fd
+                 */
+                OPENSSL_free(curr);
+                ctx->numadd--;
+                return 1;
+            }
+
+            /*
+             * Mark it as deleted. We don't call cleanup if explicitly asked
+             * to clear an fd. We assume the caller is going to do that (if
+             * appropriate).
+             */
+            curr->del = 1;
+            ctx->numdel++;
+            return 1;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+    return 0;
+}
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr, *prev = NULL;
+
+    ctx->numadd = 0;
+    ctx->numdel = 0;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        if (curr->del) {
+            if (prev == NULL)
+                ctx->fds = curr->next;
+            else
+                prev->next = curr->next;
+            OPENSSL_free(curr);
+            if (prev == NULL)
+                curr = ctx->fds;
+            else
+                curr = prev->next;
+            continue;
+        }
+        if (curr->add) {
+            curr->add = 0;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/async/build.info b/openssl-1.1.0h/crypto/async/build.info
new file mode 100644
index 0000000..278e3e9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/async/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        async.c async_wait.c async_err.c arch/async_posix.c arch/async_win.c \
+        arch/async_null.c
diff --git a/openssl-1.1.0h/crypto/bf/asm/bf-586.pl b/openssl-1.1.0h/crypto/bf/asm/bf-586.pl
new file mode 100644
index 0000000..ebc24f4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/asm/bf-586.pl
@@ -0,0 +1,149 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+
+close STDOUT;
+
+sub BF_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	&push("ebx");
+	&mov($tmp2,&wparam(0));
+	&mov($P,&wparam(1));
+	&push("esi");
+	&push("edi");
+
+	&comment("Load the 2 words");
+	&mov($L,&DWP(0,$tmp2,"",0));
+	&mov($R,&DWP(4,$tmp2,"",0));
+
+	&xor(	$tmp1,	$tmp1);
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &mov($tmp2,&DWP(0,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=0; $i<$BF_ROUNDS; $i+=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+
+			&comment("");
+			&comment("Round ".sprintf("%d",$i+1));
+			&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		}
+	else
+		{
+		 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+		&xor(	$tmp3,	$tmp3);
+
+		&xor($L,$tmp2);
+		for ($i=$BF_ROUNDS; $i>0; $i-=2)
+			{
+			&comment("");
+			&comment("Round $i");
+			&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			&comment("");
+			&comment("Round ".sprintf("%d",$i-1));
+			&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+			}
+		# &mov($tmp1,&wparam(0)); In last loop
+		&mov($tmp4,&DWP(0,$P,"",0));
+		}
+
+	&xor($R,$tmp4);
+	&mov(&DWP(4,$tmp1,"",0),$L);
+
+	&mov(&DWP(0,$tmp1,"",0),$R);
+	&function_end($name);
+	}
+
+sub BF_ENCRYPT
+	{
+	local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+
+	&mov(	$tmp4,		&DWP(&n2a($i*4),$P,"",0)); # for next round
+
+	&mov(	$tmp2,		$R);
+	&xor(	$L,		$tmp4);
+
+	&shr(	$tmp2,		16);
+	&mov(	$tmp4,		$R);
+
+	&movb(	&LB($tmp1),	&HB($tmp2));	# A
+	&and(	$tmp2,		0xff);		# B
+
+	&movb(	&LB($tmp3),	&HB($tmp4));	# C
+	&and(	$tmp4,		0xff);		# D
+
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+	&mov(	$tmp2,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+	&add(	$tmp2,		$tmp1);
+	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+
+	&xor(	$tmp2,		$tmp1);
+	&mov(	$tmp4,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+
+	&add(	$tmp2,		$tmp4);
+	if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+		{ &xor(	$tmp1,		$tmp1); }
+	else
+		{
+		&comment("Load parameter 0 ($i) enc=$enc");
+		&mov($tmp1,&wparam(0));
+		} # In last loop
+
+	&xor(	$L,		$tmp2);
+	# delay
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
diff --git a/openssl-1.1.0h/crypto/bf/bf_cbc.c b/openssl-1.1.0h/crypto/bf/bf_cbc.c
new file mode 100644
index 0000000..6ed6257
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_cbc.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+    register BF_LONG tin0, tin1;
+    register BF_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    BF_LONG tin[2];
+
+    if (encrypt) {
+        n2l(ivec, tout0);
+        n2l(ivec, tout1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, ivec);
+        l2n(tout1, ivec);
+    } else {
+        n2l(ivec, xor0);
+        n2l(ivec, xor1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, ivec);
+        l2n(xor1, ivec);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/bf/bf_cfb64.c b/openssl-1.1.0h/crypto/bf/bf_cfb64.c
new file mode 100644
index 0000000..ce6e13b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int encrypt)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    BF_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/bf/bf_ecb.c b/openssl-1.1.0h/crypto/bf/bf_ecb.c
new file mode 100644
index 0000000..aa73540
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_ecb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char *BF_options(void)
+{
+    return ("blowfish(ptr)");
+}
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int encrypt)
+{
+    BF_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        BF_encrypt(d, key);
+    else
+        BF_decrypt(d, key);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/bf/bf_enc.c b/openssl-1.1.0h/crypto/bf/bf_enc.c
new file mode 100644
index 0000000..9f80c56
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_enc.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[0];
+    BF_ENC(r, l, s, p[1]);
+    BF_ENC(l, r, s, p[2]);
+    BF_ENC(r, l, s, p[3]);
+    BF_ENC(l, r, s, p[4]);
+    BF_ENC(r, l, s, p[5]);
+    BF_ENC(l, r, s, p[6]);
+    BF_ENC(r, l, s, p[7]);
+    BF_ENC(l, r, s, p[8]);
+    BF_ENC(r, l, s, p[9]);
+    BF_ENC(l, r, s, p[10]);
+    BF_ENC(r, l, s, p[11]);
+    BF_ENC(l, r, s, p[12]);
+    BF_ENC(r, l, s, p[13]);
+    BF_ENC(l, r, s, p[14]);
+    BF_ENC(r, l, s, p[15]);
+    BF_ENC(l, r, s, p[16]);
+# if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[17]);
+    BF_ENC(l, r, s, p[18]);
+    BF_ENC(r, l, s, p[19]);
+    BF_ENC(l, r, s, p[20]);
+# endif
+    r ^= p[BF_ROUNDS + 1];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[BF_ROUNDS + 1];
+#  if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[20]);
+    BF_ENC(l, r, s, p[19]);
+    BF_ENC(r, l, s, p[18]);
+    BF_ENC(l, r, s, p[17]);
+#  endif
+    BF_ENC(r, l, s, p[16]);
+    BF_ENC(l, r, s, p[15]);
+    BF_ENC(r, l, s, p[14]);
+    BF_ENC(l, r, s, p[13]);
+    BF_ENC(r, l, s, p[12]);
+    BF_ENC(l, r, s, p[11]);
+    BF_ENC(r, l, s, p[10]);
+    BF_ENC(l, r, s, p[9]);
+    BF_ENC(r, l, s, p[8]);
+    BF_ENC(l, r, s, p[7]);
+    BF_ENC(r, l, s, p[6]);
+    BF_ENC(l, r, s, p[5]);
+    BF_ENC(r, l, s, p[4]);
+    BF_ENC(l, r, s, p[3]);
+    BF_ENC(r, l, s, p[2]);
+    BF_ENC(l, r, s, p[1]);
+    r ^= p[0];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+    register BF_LONG tin0, tin1;
+    register BF_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    BF_LONG tin[2];
+
+    if (encrypt) {
+        n2l(ivec, tout0);
+        n2l(ivec, tout1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, ivec);
+        l2n(tout1, ivec);
+    } else {
+        n2l(ivec, xor0);
+        n2l(ivec, xor1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, ivec);
+        l2n(xor1, ivec);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bf/bf_locl.h b/openssl-1.1.0h/crypto/bf/bf_locl.h
new file mode 100644
index 0000000..b1a415e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_locl.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BF_LOCL_H
+# define HEADER_BF_LOCL_H
+# include <openssl/opensslconf.h>
+
+/* NOTE - c is not incremented as per n2l */
+# define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+# define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+# undef n2l
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+# undef l2n
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/*
+ * This is actually a big endian algorithm, the most significant byte is used
+ * to lookup array 0
+ */
+
+# define BF_ENC(LL,R,S,P) ( \
+        LL^=P, \
+        LL^=((( S[       ((R>>24)&0xff)] + \
+                S[0x0100+((R>>16)&0xff)])^ \
+                S[0x0200+((R>> 8)&0xff)])+ \
+                S[0x0300+((R    )&0xff)])&0xffffffffU \
+        )
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bf/bf_ofb64.c b/openssl-1.1.0h/crypto/bf/bf_ofb64.c
new file mode 100644
index 0000000..6418217
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    BF_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            BF_encrypt((BF_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/bf/bf_pi.h b/openssl-1.1.0h/crypto/bf/bf_pi.h
new file mode 100644
index 0000000..a054b03
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_pi.h
@@ -0,0 +1,530 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static const BF_KEY bf_init = {
+    {
+     0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+     0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+     0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+     0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+     0x9216d5d9L, 0x8979fb1b}, {
+                                0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL,
+                                0xd01adfb7L,
+                                0xb8e1afedL, 0x6a267e96L, 0xba7c9045L,
+                                0xf12c7f99L,
+                                0x24a19947L, 0xb3916cf7L, 0x0801f2e2L,
+                                0x858efc16L,
+                                0x636920d8L, 0x71574e69L, 0xa458fea3L,
+                                0xf4933d7eL,
+                                0x0d95748fL, 0x728eb658L, 0x718bcd58L,
+                                0x82154aeeL,
+                                0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L,
+                                0x2af26013L,
+                                0xc5d1b023L, 0x286085f0L, 0xca417918L,
+                                0xb8db38efL,
+                                0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL,
+                                0xb01e8a3eL,
+                                0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
+                                0x55605c60L,
+                                0xe65525f3L, 0xaa55ab94L, 0x57489862L,
+                                0x63e81440L,
+                                0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L,
+                                0x1141e8ceL,
+                                0xa15486afL, 0x7c72e993L, 0xb3ee1411L,
+                                0x636fbc2aL,
+                                0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L,
+                                0x9b87931eL,
+                                0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
+                                0x28958677L,
+                                0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL,
+                                0x66282193L,
+                                0x61d809ccL, 0xfb21a991L, 0x487cac60L,
+                                0x5dec8032L,
+                                0xef845d5dL, 0xe98575b1L, 0xdc262302L,
+                                0xeb651b88L,
+                                0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L,
+                                0x83f44239L,
+                                0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
+                                0x9e1f9b5eL,
+                                0x21c66842L, 0xf6e96c9aL, 0x670c9c61L,
+                                0xabd388f0L,
+                                0x6a51a0d2L, 0xd8542f68L, 0x960fa728L,
+                                0xab5133a3L,
+                                0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L,
+                                0x7efb2a98L,
+                                0xa1f1651dL, 0x39af0176L, 0x66ca593eL,
+                                0x82430e88L,
+                                0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
+                                0x3b8b5ebeL,
+                                0xe06f75d8L, 0x85c12073L, 0x401a449fL,
+                                0x56c16aa6L,
+                                0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L,
+                                0x429b023dL,
+                                0x37d0d724L, 0xd00a1248L, 0xdb0fead3L,
+                                0x49f1c09bL,
+                                0x075372c9L, 0x80991b7bL, 0x25d479d8L,
+                                0xf6e8def7L,
+                                0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
+                                0x04c006baL,
+                                0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L,
+                                0x196a2463L,
+                                0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL,
+                                0x3b52ec6fL,
+                                0x6dfc511fL, 0x9b30952cL, 0xcc814544L,
+                                0xaf5ebd09L,
+                                0xbee3d004L, 0xde334afdL, 0x660f2807L,
+                                0x192e4bb3L,
+                                0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
+                                0xb9d3fbdbL,
+                                0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L,
+                                0x402c7279L,
+                                0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L,
+                                0xdb3222f8L,
+                                0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L,
+                                0xad0552abL,
+                                0x323db5faL, 0xfd238760L, 0x53317b48L,
+                                0x3e00df82L,
+                                0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
+                                0xdf1769dbL,
+                                0xd542a8f6L, 0x287effc3L, 0xac6732c6L,
+                                0x8c4f5573L,
+                                0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL,
+                                0xb8f011a0L,
+                                0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL,
+                                0x2dd1d35bL,
+                                0x9a53e479L, 0xb6f84565L, 0xd28e49bcL,
+                                0x4bfb9790L,
+                                0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
+                                0xcee4c6e8L,
+                                0xef20cadaL, 0x36774c01L, 0xd07e9efeL,
+                                0x2bf11fb4L,
+                                0x95dbda4dL, 0xae909198L, 0xeaad8e71L,
+                                0x6b93d5a0L,
+                                0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL,
+                                0x8e7594b7L,
+                                0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L,
+                                0x900df01cL,
+                                0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
+                                0xb3a8c1adL,
+                                0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL,
+                                0x8b021fa1L,
+                                0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L,
+                                0xce89e299L,
+                                0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L,
+                                0xd2ada8d9L,
+                                0x165fa266L, 0x80957705L, 0x93cc7314L,
+                                0x211a1477L,
+                                0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
+                                0xfb9d35cfL,
+                                0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L,
+                                0xae1e7e49L,
+                                0x00250e2dL, 0x2071b35eL, 0x226800bbL,
+                                0x57b8e0afL,
+                                0x2464369bL, 0xf009b91eL, 0x5563911dL,
+                                0x59dfa6aaL,
+                                0x78c14389L, 0xd95a537fL, 0x207d5ba2L,
+                                0x02e5b9c5L,
+                                0x83260376L, 0x6295cfa9L, 0x11c81968L,
+                                0x4e734a41L,
+                                0xb3472dcaL, 0x7b14a94aL, 0x1b510052L,
+                                0x9a532915L,
+                                0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L,
+                                0x81e67400L,
+                                0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL,
+                                0x2a0dd915L,
+                                0xb6636521L, 0xe7b9f9b6L, 0xff34052eL,
+                                0xc5855664L,
+                                0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
+                                0x6e85076aL,
+                                0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL,
+                                0xc4192623L,
+                                0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L,
+                                0x8fedb266L,
+                                0xecaa8c71L, 0x699a17ffL, 0x5664526cL,
+                                0xc2b19ee1L,
+                                0x193602a5L, 0x75094c29L, 0xa0591340L,
+                                0xe4183a3eL,
+                                0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
+                                0x99f73fd6L,
+                                0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L,
+                                0xf0255dc1L,
+                                0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L,
+                                0x021ecc5eL,
+                                0x09686b3fL, 0x3ebaefc9L, 0x3c971814L,
+                                0x6b6a70a1L,
+                                0x687f3584L, 0x52a0e286L, 0xb79c5305L,
+                                0xaa500737L,
+                                0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
+                                0x5716f2b8L,
+                                0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L,
+                                0x0200b3ffL,
+                                0xae0cf51aL, 0x3cb574b2L, 0x25837a58L,
+                                0xdc0921bdL,
+                                0xd19113f9L, 0x7ca92ff6L, 0x94324773L,
+                                0x22f54701L,
+                                0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L,
+                                0x9af3dda7L,
+                                0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
+                                0xa4751e41L,
+                                0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L,
+                                0x183eb331L,
+                                0x4e548b38L, 0x4f6db908L, 0x6f420d03L,
+                                0xf60a04bfL,
+                                0x2cb81290L, 0x24977c79L, 0x5679b072L,
+                                0xbcaf89afL,
+                                0xde9a771fL, 0xd9930810L, 0xb38bae12L,
+                                0xdccf3f2eL,
+                                0x5512721fL, 0x2e6b7124L, 0x501adde6L,
+                                0x9f84cd87L,
+                                0x7a584718L, 0x7408da17L, 0xbc9f9abcL,
+                                0xe94b7d8cL,
+                                0xec7aec3aL, 0xdb851dfaL, 0x63094366L,
+                                0xc464c3d2L,
+                                0xef1c1847L, 0x3215d908L, 0xdd433b37L,
+                                0x24c2ba16L,
+                                0x12a14d43L, 0x2a65c451L, 0x50940002L,
+                                0x133ae4ddL,
+                                0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
+                                0x5f11199bL,
+                                0x043556f1L, 0xd7a3c76bL, 0x3c11183bL,
+                                0x5924a509L,
+                                0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL,
+                                0x1e153c6eL,
+                                0x86e34570L, 0xeae96fb1L, 0x860e5e0aL,
+                                0x5a3e2ab3L,
+                                0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L,
+                                0x99e71d0fL,
+                                0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
+                                0x9c10b36aL,
+                                0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L,
+                                0x1e0a2df4L,
+                                0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL,
+                                0x19c27960L,
+                                0x5223a708L, 0xf71312b6L, 0xebadfe6eL,
+                                0xeac31f66L,
+                                0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L,
+                                0x018cff28L,
+                                0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
+                                0x68ab9802L,
+                                0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL,
+                                0x5b6e2f84L,
+                                0x1521b628L, 0x29076170L, 0xecdd4775L,
+                                0x619f1510L,
+                                0x13cca830L, 0xeb61bd96L, 0x0334fe1eL,
+                                0xaa0363cfL,
+                                0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL,
+                                0xcbaade14L,
+                                0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
+                                0xb2f3846eL,
+                                0x648b1eafL, 0x19bdf0caL, 0xa02369b9L,
+                                0x655abb50L,
+                                0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L,
+                                0xc021b8f7L,
+                                0x9b540b19L, 0x875fa099L, 0x95f7997eL,
+                                0x623d7da8L,
+                                0xf837889aL, 0x97e32d77L, 0x11ed935fL,
+                                0x16681281L,
+                                0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
+                                0x7858ba99L,
+                                0x57f584a5L, 0x1b227263L, 0x9b83c3ffL,
+                                0x1ac24696L,
+                                0xcdb30aebL, 0x532e3054L, 0x8fd948e4L,
+                                0x6dbc3128L,
+                                0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L,
+                                0xee7c3c73L,
+                                0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L,
+                                0x203e13e0L,
+                                0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
+                                0xfacb4fd0L,
+                                0xc742f442L, 0xef6abbb5L, 0x654f3b1dL,
+                                0x41cd2105L,
+                                0xd81e799eL, 0x86854dc7L, 0xe44b476aL,
+                                0x3d816250L,
+                                0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L,
+                                0xc1c7b6a3L,
+                                0x7f1524c3L, 0x69cb7492L, 0x47848a0bL,
+                                0x5692b285L,
+                                0x095bbf00L, 0xad19489dL, 0x1462b174L,
+                                0x23820e00L,
+                                0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL,
+                                0x233f7061L,
+                                0x3372f092L, 0x8d937e41L, 0xd65fecf1L,
+                                0x6c223bdbL,
+                                0x7cde3759L, 0xcbee7460L, 0x4085f2a7L,
+                                0xce77326eL,
+                                0xa6078084L, 0x19f8509eL, 0xe8efd855L,
+                                0x61d99735L,
+                                0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
+                                0x800bcadcL,
+                                0x9e447a2eL, 0xc3453484L, 0xfdd56705L,
+                                0x0e1e9ec9L,
+                                0xdb73dbd3L, 0x105588cdL, 0x675fda79L,
+                                0xe3674340L,
+                                0xc5c43465L, 0x713e38d8L, 0x3d28f89eL,
+                                0xf16dff20L,
+                                0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL,
+                                0xdb83adf7L,
+                                0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
+                                0x94692934L,
+                                0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL,
+                                0xd4a20068L,
+                                0xd4082471L, 0x3320f46aL, 0x43b7d4b7L,
+                                0x500061afL,
+                                0x1e39f62eL, 0x97244546L, 0x14214f74L,
+                                0xbf8b8840L,
+                                0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L,
+                                0x66a02f45L,
+                                0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
+                                0x31cb8504L,
+                                0x96eb27b3L, 0x55fd3941L, 0xda2547e6L,
+                                0xabca0a9aL,
+                                0x28507825L, 0x530429f4L, 0x0a2c86daL,
+                                0xe9b66dfbL,
+                                0x68dc1462L, 0xd7486900L, 0x680ec0a4L,
+                                0x27a18deeL,
+                                0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L,
+                                0x7af4d6b6L,
+                                0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
+                                0x406b2a42L,
+                                0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL,
+                                0x3b124e8bL,
+                                0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L,
+                                0xeae397b2L,
+                                0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L,
+                                0xca7820fbL,
+                                0xfb0af54eL, 0xd8feb397L, 0x454056acL,
+                                0xba489527L,
+                                0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
+                                0xd096954bL,
+                                0x55a867bcL, 0xa1159a58L, 0xcca92963L,
+                                0x99e1db33L,
+                                0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL,
+                                0x9029317cL,
+                                0xfdf8e802L, 0x04272f70L, 0x80bb155cL,
+                                0x05282ce3L,
+                                0x95c11548L, 0xe4c66d22L, 0x48c1133fL,
+                                0xc70f86dcL,
+                                0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
+                                0x5d886e17L,
+                                0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL,
+                                0x41113564L,
+                                0x257b7834L, 0x602a9c60L, 0xdff8e8a3L,
+                                0x1f636c1bL,
+                                0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L,
+                                0xcad18115L,
+                                0x6b2395e0L, 0x333e92e1L, 0x3b240b62L,
+                                0xeebeb922L,
+                                0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
+                                0x2da2f728L,
+                                0xd0127845L, 0x95b794fdL, 0x647d0862L,
+                                0xe7ccf5f0L,
+                                0x5449a36fL, 0x877d48faL, 0xc39dfd27L,
+                                0xf33e8d1eL,
+                                0x0a476341L, 0x992eff74L, 0x3a6f6eabL,
+                                0xf4f8fd37L,
+                                0xa812dc60L, 0xa1ebddf8L, 0x991be14cL,
+                                0xdb6e6b0dL,
+                                0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
+                                0xdcd0e804L,
+                                0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L,
+                                0x690fed0bL,
+                                0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL,
+                                0xd9155ea3L,
+                                0xbb132f88L, 0x515bad24L, 0x7b9479bfL,
+                                0x763bd6ebL,
+                                0x37392eb3L, 0xcc115979L, 0x8026e297L,
+                                0xf42e312dL,
+                                0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
+                                0x782ef11cL,
+                                0x6a124237L, 0xb79251e7L, 0x06a1bbe6L,
+                                0x4bfb6350L,
+                                0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L,
+                                0xe2e1c3c9L,
+                                0x44421659L, 0x0a121386L, 0xd90cec6eL,
+                                0xd5abea2aL,
+                                0x64af674eL, 0xda86a85fL, 0xbebfe988L,
+                                0x64e4c3feL,
+                                0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
+                                0x6003604dL,
+                                0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L,
+                                0xd736fcccL,
+                                0x83426b33L, 0xf01eab71L, 0xb0804187L,
+                                0x3c005e5fL,
+                                0x77a057beL, 0xbde8ae24L, 0x55464299L,
+                                0xbf582e61L,
+                                0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L,
+                                0x8789bdc2L,
+                                0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
+                                0x46fcd9b9L,
+                                0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L,
+                                0x915f95e2L,
+                                0x466e598eL, 0x20b45770L, 0x8cd55591L,
+                                0xc902de4cL,
+                                0xb90bace1L, 0xbb8205d0L, 0x11a86248L,
+                                0x7574a99eL,
+                                0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L,
+                                0xc4324633L,
+                                0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
+                                0x1d6efe10L,
+                                0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL,
+                                0x2868f169L,
+                                0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL,
+                                0x4fcd7f52L,
+                                0x50115e01L, 0xa70683faL, 0xa002b5c4L,
+                                0x0de6d027L,
+                                0x9af88c27L, 0x773f8641L, 0xc3604c06L,
+                                0x61a806b5L,
+                                0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
+                                0x30dc7d62L,
+                                0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L,
+                                0xc2c21634L,
+                                0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L,
+                                0xce591d76L,
+                                0x6f05e409L, 0x4b7c0188L, 0x39720a3dL,
+                                0x7c927c24L,
+                                0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L,
+                                0xd39eb8fcL,
+                                0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
+                                0x4dad0fc4L,
+                                0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L,
+                                0x6c51133cL,
+                                0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL,
+                                0xddc6c837L,
+                                0xd79a3234L, 0x92638212L, 0x670efa8eL,
+                                0x406000e0L,
+                                0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L,
+                                0x5ac52d1bL,
+                                0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
+                                0x99bc9bbeL,
+                                0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL,
+                                0xc700c47bL,
+                                0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL,
+                                0x6a366eb4L,
+                                0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L,
+                                0x6549c2c8L,
+                                0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL,
+                                0x4cd04dc6L,
+                                0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
+                                0xbe5ee304L,
+                                0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L,
+                                0x9a86ee22L,
+                                0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL,
+                                0x9cf2d0a4L,
+                                0x83c061baL, 0x9be96a4dL, 0x8fe51550L,
+                                0xba645bd6L,
+                                0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L,
+                                0xef5562e9L,
+                                0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
+                                0x77fa0a59L,
+                                0x80e4a915L, 0x87b08601L, 0x9b09e6adL,
+                                0x3b3ee593L,
+                                0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L,
+                                0x022b8b51L,
+                                0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L,
+                                0x7c7d2d28L,
+                                0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L,
+                                0x5a88f54cL,
+                                0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
+                                0xed93fa9bL,
+                                0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L,
+                                0x79132e28L,
+                                0x785f0191L, 0xed756055L, 0xf7960e44L,
+                                0xe3d35e8cL,
+                                0x15056dd4L, 0x88f46dbaL, 0x03a16125L,
+                                0x0564f0bdL,
+                                0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL,
+                                0xa93a072aL,
+                                0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
+                                0x26dcf319L,
+                                0x7533d928L, 0xb155fdf5L, 0x03563482L,
+                                0x8aba3cbbL,
+                                0x28517711L, 0xc20ad9f8L, 0xabcc5167L,
+                                0xccad925fL,
+                                0x4de81751L, 0x3830dc8eL, 0x379d5862L,
+                                0x9320f991L,
+                                0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L,
+                                0x774fbe32L,
+                                0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
+                                0x6413e680L,
+                                0xa2ae0810L, 0xdd6db224L, 0x69852dfdL,
+                                0x09072166L,
+                                0xb39a460aL, 0x6445c0ddL, 0x586cdecfL,
+                                0x1c20c8aeL,
+                                0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL,
+                                0x6bb4e3bbL,
+                                0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L,
+                                0xbcb4cdd5L,
+                                0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
+                                0xbf3c6f47L,
+                                0xd29be463L, 0x542f5d9eL, 0xaec2771bL,
+                                0xf64e6370L,
+                                0x740e0d8dL, 0xe75b1357L, 0xf8721671L,
+                                0xaf537d5dL,
+                                0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL,
+                                0x0115af84L,
+                                0xe1b00428L, 0x95983a1dL, 0x06b89fb4L,
+                                0xce6ea048L,
+                                0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
+                                0x277227f8L,
+                                0x611560b1L, 0xe7933fdcL, 0xbb3a792bL,
+                                0x344525bdL,
+                                0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L,
+                                0xa01fbac9L,
+                                0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L,
+                                0xa1e8aac7L,
+                                0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL,
+                                0xd50ada38L,
+                                0x0339c32aL, 0xc6913667L, 0x8df9317cL,
+                                0xe0b12b4fL,
+                                0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL,
+                                0x27d9459cL,
+                                0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L,
+                                0x9b941525L,
+                                0xfae59361L, 0xceb69cebL, 0xc2a86459L,
+                                0x12baa8d1L,
+                                0xb6c1075eL, 0xe3056a0cL, 0x10d25065L,
+                                0xcb03a442L,
+                                0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
+                                0x3278e964L,
+                                0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL,
+                                0x8971f21eL,
+                                0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L,
+                                0xc37632d8L,
+                                0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L,
+                                0x0fe3f11dL,
+                                0xe54cda54L, 0x1edad891L, 0xce6279cfL,
+                                0xcd3e7e6fL,
+                                0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
+                                0xf6fb2299L,
+                                0xf523f357L, 0xa6327623L, 0x93a83531L,
+                                0x56cccd02L,
+                                0xacf08162L, 0x5a75ebb5L, 0x6e163697L,
+                                0x88d273ccL,
+                                0xde966292L, 0x81b949d0L, 0x4c50901bL,
+                                0x71c65614L,
+                                0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L,
+                                0xc3f27b9aL,
+                                0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
+                                0x35bdd2f6L,
+                                0x71126905L, 0xb2040222L, 0xb6cbcf7cL,
+                                0xcd769c2bL,
+                                0x53113ec0L, 0x1640e3d3L, 0x38abbd60L,
+                                0x2547adf0L,
+                                0xba38209cL, 0xf746ce76L, 0x77afa1c5L,
+                                0x20756060L,
+                                0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L,
+                                0x4cf9aa7eL,
+                                0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
+                                0xd6ebe1f9L,
+                                0x90d4f869L, 0xa65cdea0L, 0x3f09252dL,
+                                0xc208e69fL,
+                                0xb74e6132L, 0xce77e25bL, 0x578fdfe3L,
+                                0x3ac372e6L,
+                                }
+};
diff --git a/openssl-1.1.0h/crypto/bf/bf_skey.c b/openssl-1.1.0h/crypto/bf/bf_skey.c
new file mode 100644
index 0000000..a4903a2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/bf_skey.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+{
+    int i;
+    BF_LONG *p, ri, in[2];
+    const unsigned char *d, *end;
+
+    memcpy(key, &bf_init, sizeof(BF_KEY));
+    p = key->P;
+
+    if (len > ((BF_ROUNDS + 2) * 4))
+        len = (BF_ROUNDS + 2) * 4;
+
+    d = data;
+    end = &(data[len]);
+    for (i = 0; i < (BF_ROUNDS + 2); i++) {
+        ri = *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        p[i] ^= ri;
+    }
+
+    in[0] = 0L;
+    in[1] = 0L;
+    for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+
+    p = key->S;
+    for (i = 0; i < 4 * 256; i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+}
diff --git a/openssl-1.1.0h/crypto/bf/build.info b/openssl-1.1.0h/crypto/bf/build.info
new file mode 100644
index 0000000..37a004e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bf/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \
+        {- $target{bf_asm_src} -}
+
+GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/openssl-1.1.0h/crypto/bio/b_addr.c b/openssl-1.1.0h/crypto/bio/b_addr.c
new file mode 100644
index 0000000..aea843a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/b_addr.c
@@ -0,0 +1,883 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "bio_lcl.h"
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SOCK
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#include <internal/thread_once.h>
+#include <ctype.h>
+
+CRYPTO_RWLOCK *bio_lookup_lock;
+static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
+
+/*
+ * Throughout this file and bio_lcl.h, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead, using gethostbyname,
+ * getservbyname and a few other.
+ */
+
+/**********************************************************************
+ *
+ * Address structure
+ *
+ */
+
+BIO_ADDR *BIO_ADDR_new(void)
+{
+    BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->sa.sa_family = AF_UNSPEC;
+    return ret;
+}
+
+void BIO_ADDR_free(BIO_ADDR *ap)
+{
+    OPENSSL_free(ap);
+}
+
+void BIO_ADDR_clear(BIO_ADDR *ap)
+{
+    memset(ap, 0, sizeof(*ap));
+    ap->sa.sa_family = AF_UNSPEC;
+}
+
+/*
+ * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents
+ * of a struct sockaddr.
+ */
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET) {
+        ap->s_in = *(const struct sockaddr_in *)sa;
+        return 1;
+    }
+#ifdef AF_INET6
+    if (sa->sa_family == AF_INET6) {
+        ap->s_in6 = *(const struct sockaddr_in6 *)sa;
+        return 1;
+    }
+#endif
+#ifdef AF_UNIX
+    if (sa->sa_family == AF_UNIX) {
+        ap->s_un = *(const struct sockaddr_un *)sa;
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen,
+                     unsigned short port)
+{
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (wherelen + 1 > sizeof(ap->s_un.sun_path))
+            return 0;
+        memset(&ap->s_un, 0, sizeof(ap->s_un));
+        ap->s_un.sun_family = family;
+        strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1);
+        return 1;
+    }
+#endif
+    if (family == AF_INET) {
+        if (wherelen != sizeof(struct in_addr))
+            return 0;
+        memset(&ap->s_in, 0, sizeof(ap->s_in));
+        ap->s_in.sin_family = family;
+        ap->s_in.sin_port = port;
+        ap->s_in.sin_addr = *(struct in_addr *)where;
+        return 1;
+    }
+#ifdef AF_INET6
+    if (family == AF_INET6) {
+        if (wherelen != sizeof(struct in6_addr))
+            return 0;
+        memset(&ap->s_in6, 0, sizeof(ap->s_in6));
+        ap->s_in6.sin6_family = family;
+        ap->s_in6.sin6_port = port;
+        ap->s_in6.sin6_addr = *(struct in6_addr *)where;
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_family(const BIO_ADDR *ap)
+{
+    return ap->sa.sa_family;
+}
+
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l)
+{
+    size_t len = 0;
+    const void *addrptr = NULL;
+
+    if (ap->sa.sa_family == AF_INET) {
+        len = sizeof(ap->s_in.sin_addr);
+        addrptr = &ap->s_in.sin_addr;
+    }
+#ifdef AF_INET6
+    else if (ap->sa.sa_family == AF_INET6) {
+        len = sizeof(ap->s_in6.sin6_addr);
+        addrptr = &ap->s_in6.sin6_addr;
+    }
+#endif
+#ifdef AF_UNIX
+    else if (ap->sa.sa_family == AF_UNIX) {
+        len = strlen(ap->s_un.sun_path);
+        addrptr = &ap->s_un.sun_path;
+    }
+#endif
+
+    if (addrptr == NULL)
+        return 0;
+
+    if (p != NULL) {
+        memcpy(p, addrptr, len);
+    }
+    if (l != NULL)
+        *l = len;
+
+    return 1;
+}
+
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return ap->s_in.sin_port;
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return ap->s_in6.sin6_port;
+#endif
+    return 0;
+}
+
+/*-
+ * addr_strings - helper function to get host and service names
+ * @ap: the BIO_ADDR that has the input info
+ * @numeric: 0 if actual names should be returned, 1 if the numeric
+ * representation should be returned.
+ * @hostname: a pointer to a pointer to a memory area to store the
+ * host name or numeric representation.  Unused if NULL.
+ * @service: a pointer to a pointer to a memory area to store the
+ * service name or numeric representation.  Unused if NULL.
+ *
+ * The return value is 0 on failure, with the error code in the error
+ * stack, and 1 on success.
+ */
+static int addr_strings(const BIO_ADDR *ap, int numeric,
+                        char **hostname, char **service)
+{
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int ret = 0;
+        char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = "";
+        int flags = 0;
+
+        if (numeric)
+            flags |= NI_NUMERICHOST | NI_NUMERICSERV;
+
+        if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap),
+                               BIO_ADDR_sockaddr_size(ap),
+                               host, sizeof(host), serv, sizeof(serv),
+                               flags)) != 0) {
+# ifdef EAI_SYSTEM
+            if (ret == EAI_SYSTEM) {
+                SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error());
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+            } else
+# endif
+            {
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, gai_strerror(ret));
+            }
+            return 0;
+        }
+
+        /* VMS getnameinfo() has a bug, it doesn't fill in serv, which
+         * leaves it with whatever garbage that happens to be there.
+         * However, we initialise serv with the empty string (serv[0]
+         * is therefore NUL), so it gets real easy to detect when things
+         * didn't go the way one might expect.
+         */
+        if (serv[0] == '\0') {
+            BIO_snprintf(serv, sizeof(serv), "%d",
+                         ntohs(BIO_ADDR_rawport(ap)));
+        }
+
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(host);
+        if (service != NULL)
+            *service = OPENSSL_strdup(serv);
+    } else {
+#endif
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr));
+        if (service != NULL) {
+            char serv[6];        /* port is 16 bits => max 5 decimal digits */
+            BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port));
+            *service = OPENSSL_strdup(serv);
+        }
+    }
+
+    if ((hostname != NULL && *hostname == NULL)
+            || (service != NULL && *service == NULL)) {
+        if (hostname != NULL) {
+            OPENSSL_free(*hostname);
+            *hostname = NULL;
+        }
+        if (service != NULL) {
+            OPENSSL_free(*service);
+            *service = NULL;
+        }
+        BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric)
+{
+    char *hostname = NULL;
+
+    if (addr_strings(ap, numeric, &hostname, NULL))
+        return hostname;
+
+    return NULL;
+}
+
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric)
+{
+    char *service = NULL;
+
+    if (addr_strings(ap, numeric, NULL, &service))
+        return service;
+
+    return NULL;
+}
+
+char *BIO_ADDR_path_string(const BIO_ADDR *ap)
+{
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return OPENSSL_strdup(ap->s_un.sun_path);
+#endif
+    return NULL;
+}
+
+/*
+ * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr
+ * for a given BIO_ADDR.  In reality, this is simply a type safe cast.
+ * The returned struct sockaddr is const, so it can't be tampered with.
+ */
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_noconst - non-public function that does the same
+ * as BIO_ADDR_sockaddr, but returns a non-const.  USE WITH CARE, as
+ * it allows you to tamper with the data (and thereby the contents
+ * of the input BIO_ADDR).
+ */
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr the BIO_ADDR is using.  If the protocol family
+ * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX,
+ * the size of the BIO_ADDR type is returned.
+ */
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return sizeof(ap->s_in);
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return sizeof(ap->s_in6);
+#endif
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return sizeof(ap->s_un);
+#endif
+    return sizeof(*ap);
+}
+
+/**********************************************************************
+ *
+ * Address info database
+ *
+ */
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_next;
+    return NULL;
+}
+
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_family;
+    return 0;
+}
+
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_socktype;
+    return 0;
+}
+
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL) {
+        if (bai->bai_protocol != 0)
+            return bai->bai_protocol;
+
+#ifdef AF_UNIX
+        if (bai->bai_family == AF_UNIX)
+            return 0;
+#endif
+
+        switch (bai->bai_socktype) {
+        case SOCK_STREAM:
+            return IPPROTO_TCP;
+        case SOCK_DGRAM:
+            return IPPROTO_UDP;
+        default:
+            break;
+        }
+    }
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr inside the BIO_ADDRINFO.
+ */
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addrlen;
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr
+ * as the struct sockaddr it is.
+ */
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addr;
+    return NULL;
+}
+
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return (BIO_ADDR *)bai->bai_addr;
+    return NULL;
+}
+
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai)
+{
+    if (bai == NULL)
+        return;
+
+#ifdef AI_PASSIVE
+# ifdef AF_UNIX
+#  define _cond bai->bai_family != AF_UNIX
+# else
+#  define _cond 1
+# endif
+    if (_cond) {
+        freeaddrinfo(bai);
+        return;
+    }
+#endif
+
+    /* Free manually when we know that addrinfo_wrap() was used.
+     * See further comment above addrinfo_wrap()
+     */
+    while (bai != NULL) {
+        BIO_ADDRINFO *next = bai->bai_next;
+        OPENSSL_free(bai->bai_addr);
+        OPENSSL_free(bai);
+        bai = next;
+    }
+}
+
+/**********************************************************************
+ *
+ * Service functions
+ *
+ */
+
+/*-
+ * The specs in hostserv can take these forms:
+ *
+ * host:service         => *host = "host", *service = "service"
+ * host:*               => *host = "host", *service = NULL
+ * host:                => *host = "host", *service = NULL
+ * :service             => *host = NULL, *service = "service"
+ * *:service            => *host = NULL, *service = "service"
+ *
+ * in case no : is present in the string, the result depends on
+ * hostserv_prio, as follows:
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_HOST
+ * host                 => *host = "host", *service untouched
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_SERV
+ * service              => *host untouched, *service = "service"
+ *
+ */
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio)
+{
+    const char *h = NULL; size_t hl = 0;
+    const char *p = NULL; size_t pl = 0;
+
+    if (*hostserv == '[') {
+        if ((p = strchr(hostserv, ']')) == NULL)
+            goto spec_err;
+        h = hostserv + 1;
+        hl = p - h;
+        p++;
+        if (*p == '\0')
+            p = NULL;
+        else if (*p != ':')
+            goto spec_err;
+        else {
+            p++;
+            pl = strlen(p);
+        }
+    } else {
+        const char *p2 = strrchr(hostserv, ':');
+        p = strchr(hostserv, ':');
+
+        /*-
+         * Check for more than one colon.  There are three possible
+         * interpretations:
+         * 1. IPv6 address with port number, last colon being separator.
+         * 2. IPv6 address only.
+         * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST,
+         *    IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV
+         * Because of this ambiguity, we currently choose to make it an
+         * error.
+         */
+        if (p != p2)
+            goto amb_err;
+
+        if (p != NULL) {
+            h = hostserv;
+            hl = p - h;
+            p++;
+            pl = strlen(p);
+        } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) {
+            h = hostserv;
+            hl = strlen(h);
+        } else {
+            p = hostserv;
+            pl = strlen(p);
+        }
+    }
+
+    if (p != NULL && strchr(p, ':'))
+        goto spec_err;
+
+    if (h != NULL && host != NULL) {
+        if (hl == 0
+            || (hl == 1 && h[0] == '*')) {
+            *host = NULL;
+        } else {
+            *host = OPENSSL_strndup(h, hl);
+            if (*host == NULL)
+                goto memerr;
+        }
+    }
+    if (p != NULL && service != NULL) {
+        if (pl == 0
+            || (pl == 1 && p[0] == '*')) {
+            *service = NULL;
+        } else {
+            *service = OPENSSL_strndup(p, pl);
+            if (*service == NULL)
+                goto memerr;
+        }
+    }
+
+    return 1;
+ amb_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE);
+    return 0;
+ spec_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE);
+    return 0;
+ memerr:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* addrinfo_wrap is used to build our own addrinfo "chain".
+ * (it has only one entry, so calling it a chain may be a stretch)
+ * It should ONLY be called when getaddrinfo() and friends
+ * aren't available, OR when dealing with a non IP protocol
+ * family, such as AF_UNIX
+ *
+ * the return value is 1 on success, or 0 on failure, which
+ * only happens if a memory allocation error occurred.
+ */
+static int addrinfo_wrap(int family, int socktype,
+                         const void *where, size_t wherelen,
+                         unsigned short port,
+                         BIO_ADDRINFO **bai)
+{
+    OPENSSL_assert(bai != NULL);
+
+    *bai = OPENSSL_zalloc(sizeof(**bai));
+    if (*bai == NULL)
+        return 0;
+
+    (*bai)->bai_family = family;
+    (*bai)->bai_socktype = socktype;
+    if (socktype == SOCK_STREAM)
+        (*bai)->bai_protocol = IPPROTO_TCP;
+    if (socktype == SOCK_DGRAM)
+        (*bai)->bai_protocol = IPPROTO_UDP;
+#ifdef AF_UNIX
+    if (family == AF_UNIX)
+        (*bai)->bai_protocol = 0;
+#endif
+    {
+        /* Magic: We know that BIO_ADDR_sockaddr_noconst is really
+           just an advanced cast of BIO_ADDR* to struct sockaddr *
+           by the power of union, so while it may seem that we're
+           creating a memory leak here, we are not.  It will be
+           all right. */
+        BIO_ADDR *addr = BIO_ADDR_new();
+        if (addr != NULL) {
+            BIO_ADDR_rawmake(addr, family, where, wherelen, port);
+            (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr);
+        }
+    }
+    (*bai)->bai_next = NULL;
+    if ((*bai)->bai_addr == NULL) {
+        BIO_ADDRINFO_free(*bai);
+        *bai = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
+{
+    OPENSSL_init_crypto(0, NULL);
+    bio_lookup_lock = CRYPTO_THREAD_lock_new();
+    return bio_lookup_lock != NULL;
+}
+
+/*-
+ * BIO_lookup - look up the node and service you want to connect to.
+ * @node: the node you want to connect to.
+ * @service: the service you want to connect to.
+ * @lookup_type: declare intent with the result, client or server.
+ * @family: the address family you want to use.  Use AF_UNSPEC for any, or
+ *  AF_INET, AF_INET6 or AF_UNIX.
+ * @socktype: The socket type you want to use.  Can be SOCK_STREAM, SOCK_DGRAM
+ *  or 0 for all.
+ * @res: Storage place for the resulting list of returned addresses
+ *
+ * This will do a lookup of the node and service that you want to connect to.
+ * It returns a linked list of different addresses you can try to connect to.
+ *
+ * When no longer needed you should call BIO_ADDRINFO_free() to free the result.
+ *
+ * The return value is 1 on success or 0 in case of error.
+ */
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res)
+{
+    int ret = 0;                 /* Assume failure */
+
+    switch(family) {
+    case AF_INET:
+#ifdef AF_INET6
+    case AF_INET6:
+#endif
+#ifdef AF_UNIX
+    case AF_UNIX:
+#endif
+#ifdef AF_UNSPEC
+    case AF_UNSPEC:
+#endif
+        break;
+    default:
+        BIOerr(BIO_F_BIO_LOOKUP, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
+        return 0;
+    }
+
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res))
+            return 1;
+        else
+            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#endif
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int gai_ret = 0;
+        struct addrinfo hints;
+
+        memset(&hints, 0, sizeof(hints));
+
+        hints.ai_family = family;
+        hints.ai_socktype = socktype;
+
+        if (lookup_type == BIO_LOOKUP_SERVER)
+            hints.ai_flags |= AI_PASSIVE;
+
+        /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
+         * macro magic in bio_lcl.h
+         */
+        switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
+# ifdef EAI_SYSTEM
+        case EAI_SYSTEM:
+            SYSerr(SYS_F_GETADDRINFO, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
+            break;
+# endif
+        case 0:
+            ret = 1;             /* Success */
+            break;
+        default:
+            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB);
+            ERR_add_error_data(1, gai_strerror(gai_ret));
+            break;
+        }
+    } else {
+#endif
+        const struct hostent *he;
+/*
+ * Because struct hostent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that '&he_fallback_address' and
+ * '&he_fallback_addresses' are 32-bit pointers
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        /* Windows doesn't seem to have in_addr_t */
+#ifdef OPENSSL_SYS_WINDOWS
+        static uint32_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#else
+        static in_addr_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#endif
+        static const struct hostent he_fallback =
+            { NULL, NULL, AF_INET, sizeof(he_fallback_address),
+              (char **)&he_fallback_addresses };
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+        struct servent *se;
+        /* Apparently, on WIN64, s_proto and s_port have traded places... */
+#ifdef _WIN64
+        struct servent se_fallback = { NULL, NULL, NULL, 0 };
+#else
+        struct servent se_fallback = { NULL, NULL, 0, NULL };
+#endif
+
+        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
+            BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto err;
+        }
+
+        CRYPTO_THREAD_write_lock(bio_lookup_lock);
+        he_fallback_address = INADDR_ANY;
+        if (host == NULL) {
+            he = &he_fallback;
+            switch(lookup_type) {
+            case BIO_LOOKUP_CLIENT:
+                he_fallback_address = INADDR_LOOPBACK;
+                break;
+            case BIO_LOOKUP_SERVER:
+                he_fallback_address = INADDR_ANY;
+                break;
+            default:
+                OPENSSL_assert(("We forgot to handle a lookup type!" == 0));
+                break;
+            }
+        } else {
+            he = gethostbyname(host);
+
+            if (he == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                /*
+                 * This might be misleading, because h_errno is used as if
+                 * it was errno. To minimize mixup add 1000. Underlying
+                 * reason for this is that hstrerror is declared obsolete,
+                 * not to mention that a) h_errno is not always guaranteed
+                 * to be meaningless; b) hstrerror can reside in yet another
+                 * library, linking for sake of hstrerror is an overkill;
+                 * c) this path is not executed on contemporary systems
+                 * anyway [above getaddrinfo/gai_strerror is]. We just let
+                 * system administrator figure this out...
+                 */
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+#else
+                SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
+#endif
+                ret = 0;
+                goto err;
+            }
+        }
+
+        if (service == NULL) {
+            se_fallback.s_port = 0;
+            se_fallback.s_proto = NULL;
+            se = &se_fallback;
+        } else {
+            char *endp = NULL;
+            long portnum = strtol(service, &endp, 10);
+
+/*
+ * Because struct servent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that 'proto' is a 32-bit pointer.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char *proto = NULL;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+            switch (socktype) {
+            case SOCK_STREAM:
+                proto = "tcp";
+                break;
+            case SOCK_DGRAM:
+                proto = "udp";
+                break;
+            }
+
+            if (endp != service && *endp == '\0'
+                    && portnum > 0 && portnum < 65536) {
+                se_fallback.s_port = htons(portnum);
+                se_fallback.s_proto = proto;
+                se = &se_fallback;
+            } else if (endp == service) {
+                se = getservbyname(service, proto);
+
+                if (se == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                    SYSerr(SYS_F_GETSERVBYNAME, errno);
+#else
+                    SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
+#endif
+                    goto err;
+                }
+            } else {
+                BIOerr(BIO_F_BIO_LOOKUP, BIO_R_MALFORMED_HOST_OR_SERVICE);
+                goto err;
+            }
+        }
+
+        *res = NULL;
+
+        {
+/*
+ * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C,
+ * we must make sure our iterator designates the same element type, hence
+ * the pointer size dance.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char **addrlistp;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+            size_t addresses;
+            BIO_ADDRINFO *tmp_bai = NULL;
+
+            /* The easiest way to create a linked list from an
+               array is to start from the back */
+            for(addrlistp = he->h_addr_list; *addrlistp != NULL;
+                addrlistp++)
+                ;
+
+            for(addresses = addrlistp - he->h_addr_list;
+                addrlistp--, addresses-- > 0; ) {
+                if (!addrinfo_wrap(he->h_addrtype, socktype,
+                                   *addrlistp, he->h_length,
+                                   se->s_port, &tmp_bai))
+                    goto addrinfo_malloc_err;
+                tmp_bai->bai_next = *res;
+                *res = tmp_bai;
+                continue;
+             addrinfo_malloc_err:
+                BIO_ADDRINFO_free(*res);
+                *res = NULL;
+                BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
+                ret = 0;
+                goto err;
+            }
+
+            ret = 1;
+        }
+     err:
+        CRYPTO_THREAD_unlock(bio_lookup_lock);
+    }
+
+    return ret;
+}
+
+#endif /* OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/crypto/bio/b_dump.c b/openssl-1.1.0h/crypto/bio/b_dump.c
new file mode 100644
index 0000000..424195e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/b_dump.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "bio_lcl.h"
+
+#define DUMP_WIDTH      16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len)
+{
+    return BIO_dump_indent_cb(cb, u, s, len, 0);
+}
+
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent)
+{
+    int ret = 0;
+    char buf[288 + 1], tmp[20], str[128 + 1];
+    int i, j, rows;
+    unsigned char ch;
+    int dump_width;
+
+    if (indent < 0)
+        indent = 0;
+    if (indent) {
+        if (indent > 128)
+            indent = 128;
+        memset(str, ' ', indent);
+    }
+    str[indent] = '\0';
+
+    dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+    rows = (len / dump_width);
+    if ((rows * dump_width) < len)
+        rows++;
+    for (i = 0; i < rows; i++) {
+        OPENSSL_strlcpy(buf, str, sizeof(buf));
+        BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
+        OPENSSL_strlcat(buf, tmp, sizeof(buf));
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len) {
+                OPENSSL_strlcat(buf, "   ", sizeof(buf));
+            } else {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
+                             j == 7 ? '-' : ' ');
+                OPENSSL_strlcat(buf, tmp, sizeof(buf));
+            }
+        }
+        OPENSSL_strlcat(buf, "  ", sizeof(buf));
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len)
+                break;
+            ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+            BIO_snprintf(tmp, sizeof(tmp), "%c",
+                         ((ch >= ' ') && (ch <= '~')) ? ch : '.');
+#else
+            BIO_snprintf(tmp, sizeof(tmp), "%c",
+                         ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                         ? os_toebcdic[ch]
+                         : '.');
+#endif
+            OPENSSL_strlcat(buf, tmp, sizeof(buf));
+        }
+        OPENSSL_strlcat(buf, "\n", sizeof(buf));
+        /*
+         * if this is the last call then update the ddt_dump thing so that we
+         * will move the selection point in the debug window
+         */
+        ret += cb((void *)buf, strlen(buf), u);
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int write_fp(const void *data, size_t len, void *fp)
+{
+    return UP_fwrite(data, len, 1, fp);
+}
+
+int BIO_dump_fp(FILE *fp, const char *s, int len)
+{
+    return BIO_dump_cb(write_fp, fp, s, len);
+}
+
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+}
+#endif
+
+static int write_bio(const void *data, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, (const char *)data, len);
+}
+
+int BIO_dump(BIO *bp, const char *s, int len)
+{
+    return BIO_dump_cb(write_bio, bp, s, len);
+}
+
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+}
+
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen)
+{
+    int i, j = 0;
+
+    if (datalen < 1)
+        return 1;
+
+    for (i = 0; i < datalen - 1; i++) {
+        if (i && !j)
+            BIO_printf(out, "%*s", indent, "");
+
+        BIO_printf(out, "%02X:", data[i]);
+
+        j = (j + 1) % width;
+        if (!j)
+            BIO_printf(out, "\n");
+    }
+
+    if (i && !j)
+        BIO_printf(out, "%*s", indent, "");
+    BIO_printf(out, "%02X", data[datalen - 1]);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bio/b_print.c b/openssl-1.1.0h/crypto/bio/b_print.c
new file mode 100644
index 0000000..cdfe05f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/b_print.c
@@ -0,0 +1,926 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include "internal/numbers.h"
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+# define LDOUBLE long double
+#else
+# define LDOUBLE double
+#endif
+
+static int fmtstr(char **, char **, size_t *, size_t *,
+                  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+                  int64_t, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+                 LDOUBLE, int, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+                 size_t *maxlen, size_t *retlen, int *truncated,
+                 const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+/* left-aligned padding */
+#define DP_F_MINUS      (1 << 0)
+/* print an explicit '+' for a value with positive sign */
+#define DP_F_PLUS       (1 << 1)
+/* print an explicit ' ' for a value with positive sign */
+#define DP_F_SPACE      (1 << 2)
+/* print 0/0x prefix for octal/hex and decimal point for floating point */
+#define DP_F_NUM        (1 << 3)
+/* print leading zeroes */
+#define DP_F_ZERO       (1 << 4)
+/* print HEX in UPPPERcase */
+#define DP_F_UP         (1 << 5)
+/* treat value as unsigned */
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+
+/* Floating point formats */
+#define F_FORMAT        0
+#define E_FORMAT        1
+#define G_FORMAT        2
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static int
+_dopr(char **sbuffer,
+      char **buffer,
+      size_t *maxlen,
+      size_t *retlen, int *truncated, const char *format, va_list args)
+{
+    char ch;
+    int64_t value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (isdigit((unsigned char)ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (isdigit((unsigned char)ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, int64_t);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                            max, flags))
+                    return 0;
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, uint64_t);
+                    break;
+                default:
+                    value = va_arg(args, unsigned int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            min, max, flags))
+                    return 0;
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, F_FORMAT))
+                    return 0;
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, E_FORMAT))
+                    return 0;
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, G_FORMAT))
+                    return 0;
+                break;
+            case 'c':
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                            va_arg(args, int)))
+                    return 0;
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                            flags, min, max))
+                    return 0;
+                break;
+            case 'p':
+                value = (size_t)va_arg(args, void *);
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                            value, 16, min, max, flags | DP_F_NUM))
+                    return 0;
+                break;
+            case 'n':          /* XXX */
+                if (cflags == DP_C_SHORT) {
+                    short int *num;
+                    num = va_arg(args, short int *);
+                    *num = currlen;
+                } else if (cflags == DP_C_LONG) { /* XXX */
+                    long int *num;
+                    num = va_arg(args, long int *);
+                    *num = (long int)currlen;
+                } else if (cflags == DP_C_LLONG) { /* XXX */
+                    int64_t *num;
+                    num = va_arg(args, int64_t *);
+                    *num = (int64_t)currlen;
+                } else {
+                    int *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    /*
+     * We have to truncate if there is no dynamic buffer and we have filled the
+     * static buffer.
+     */
+    if (buffer == NULL) {
+        *truncated = (currlen > *maxlen - 1);
+        if (*truncated)
+            currlen = *maxlen - 1;
+    }
+    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+        return 0;
+    *retlen = currlen - 1;
+    return 1;
+}
+
+static int
+fmtstr(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, const char *value, int flags, int min, int max)
+{
+    int padlen;
+    size_t strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+
+    strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
+
+    padlen = min - strln;
+    if (min < 0 || padlen < 0)
+        padlen = 0;
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (max < 0 || cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+        ++cnt;
+    }
+    while (strln > 0 && (max < 0 || cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+            return 0;
+        --strln;
+        ++cnt;
+    }
+    while ((padlen < 0) && (max < 0 || cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+        ++cnt;
+    }
+    return 1;
+}
+
+static int
+fmtint(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, int64_t value, int base, int min, int max, int flags)
+{
+    int signvalue = 0;
+    const char *prefix = "";
+    uint64_t uvalue;
+    char convert[DECIMAL_SIZE(value) + 3];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = 0 - (uint64_t)value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_NUM) {
+        if (base == 8)
+            prefix = "0";
+        if (base == 16)
+            prefix = "0x";
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned)base];
+        uvalue = (uvalue / (unsigned)base);
+    } while (uvalue && (place < (int)sizeof(convert)));
+    if (place == sizeof(convert))
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen =
+        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            return 0;
+
+    /* prefix */
+    while (*prefix) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+            return 0;
+        prefix++;
+    }
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+            return 0;
+    }
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++spadlen;
+    }
+    return 1;
+}
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE pow_10(int in_exp)
+{
+    LDOUBLE result = 1;
+    while (in_exp) {
+        result *= 10;
+        in_exp--;
+    }
+    return result;
+}
+
+static long roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long)value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static int
+fmtfp(char **sbuffer,
+      char **buffer,
+      size_t *currlen,
+      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    LDOUBLE tmpvalue;
+    char iconvert[20];
+    char fconvert[20];
+    char econvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int eplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    long exp = 0;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
+    int realstyle;
+
+    if (max < 0)
+        max = 6;
+
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    /*
+     * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
+     * depending on the number to be printed. Work out which one it is and use
+     * that from here on.
+     */
+    if (style == G_FORMAT) {
+        if (fvalue == 0.0) {
+            realstyle = F_FORMAT;
+        } else if (fvalue < 0.0001) {
+            realstyle = E_FORMAT;
+        } else if ((max == 0 && fvalue >= 10)
+                    || (max > 0 && fvalue >= pow_10(max))) {
+            realstyle = E_FORMAT;
+        } else {
+            realstyle = F_FORMAT;
+        }
+    } else {
+        realstyle = style;
+    }
+
+    if (style != F_FORMAT) {
+        tmpvalue = fvalue;
+        /* Calculate the exponent */
+        if (fvalue != 0.0) {
+            while (tmpvalue < 1) {
+                tmpvalue *= 10;
+                exp--;
+            }
+            while (tmpvalue > 10) {
+                tmpvalue /= 10;
+                exp++;
+            }
+        }
+        if (style == G_FORMAT) {
+            /*
+             * In G_FORMAT the "precision" represents significant digits. We
+             * always have at least 1 significant digit.
+             */
+            if (max == 0)
+                max = 1;
+            /* Now convert significant digits to decimal places */
+            if (realstyle == F_FORMAT) {
+                max -= (exp + 1);
+                if (max < 0) {
+                    /*
+                     * Should not happen. If we're in F_FORMAT then exp < max?
+                     */
+                    return 0;
+                }
+            } else {
+                /*
+                 * In E_FORMAT there is always one significant digit in front
+                 * of the decimal point, so:
+                 * significant digits == 1 + decimal places
+                 */
+                max--;
+            }
+        }
+        if (realstyle == E_FORMAT)
+            fvalue = tmpvalue;
+    }
+    ufvalue = abs_val(fvalue);
+    if (ufvalue > ULONG_MAX) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
+
+    /*
+     * sorry, we only support 9 digits past the decimal because of our
+     * conversion method
+     */
+    if (max > 9)
+        max = 9;
+
+    /*
+     * we "cheat" by converting the fractional part to integer by multiplying
+     * by a factor of 10
+     */
+    max10 = roundv(pow_10(max));
+    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+    if (fracpart >= max10) {
+        intpart++;
+        fracpart -= max10;
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] = "0123456789"[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    if (iplace == sizeof(iconvert))
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    while (fplace < max) {
+        if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
+            /* We strip trailing zeros in G_FORMAT */
+            max--;
+            fracpart = fracpart / 10;
+            if (fplace < max)
+                continue;
+            break;
+        }
+        fconvert[fplace++] = "0123456789"[fracpart % 10];
+        fracpart = (fracpart / 10);
+    }
+
+    if (fplace == sizeof(fconvert))
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* convert exponent part */
+    if (realstyle == E_FORMAT) {
+        int tmpexp;
+        if (exp < 0)
+            tmpexp = -exp;
+        else
+            tmpexp = exp;
+
+        do {
+            econvert[eplace++] = "0123456789"[tmpexp % 10];
+            tmpexp = (tmpexp / 10);
+        } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
+        /* Exponent is huge!! Too big to print */
+        if (tmpexp > 0)
+            return 0;
+        /* Add a leading 0 for single digit exponents */
+        if (eplace == 1)
+            econvert[eplace++] = '0';
+    }
+
+    /*
+     * -1 for decimal point (if we have one, i.e. max > 0),
+     * another -1 if we are printing a sign
+     */
+    padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
+    /* Take some off for exponent prefix "+e" and exponent */
+    if (realstyle == E_FORMAT)
+        padlen -= 2 + eplace;
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+                return 0;
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+    }
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        return 0;
+
+    while (iplace > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+            return 0;
+    }
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0 || (flags & DP_F_NUM)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+            return 0;
+
+        while (fplace > 0) {
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                            fconvert[--fplace]))
+                return 0;
+        }
+    }
+    while (zpadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            return 0;
+        --zpadlen;
+    }
+    if (realstyle == E_FORMAT) {
+        char ech;
+
+        if ((flags & DP_F_UP) == 0)
+            ech = 'e';
+        else
+            ech = 'E';
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
+                return 0;
+        if (exp < 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
+                    return 0;
+        } else {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
+                    return 0;
+        }
+        while (eplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             econvert[--eplace]))
+                return 0;
+        }
+    }
+
+    while (padlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+    }
+    return 1;
+}
+
+#define BUFFER_INC  1024
+
+static int
+doapr_outch(char **sbuffer,
+            char **buffer, size_t *currlen, size_t *maxlen, int c)
+{
+    /* If we haven't at least one buffer, someone has doe a big booboo */
+    OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
+
+    /* |currlen| must always be <= |*maxlen| */
+    OPENSSL_assert(*currlen <= *maxlen);
+
+    if (buffer && *currlen == *maxlen) {
+        if (*maxlen > INT_MAX - BUFFER_INC)
+            return 0;
+
+        *maxlen += BUFFER_INC;
+        if (*buffer == NULL) {
+            *buffer = OPENSSL_malloc(*maxlen);
+            if (*buffer == NULL)
+                return 0;
+            if (*currlen > 0) {
+                OPENSSL_assert(*sbuffer != NULL);
+                memcpy(*buffer, *sbuffer, *currlen);
+            }
+            *sbuffer = NULL;
+        } else {
+            char *tmpbuf;
+            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (tmpbuf == NULL)
+                return 0;
+            *buffer = tmpbuf;
+        }
+    }
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return 1;
+}
+
+/***************************************************************************/
+
+int BIO_printf(BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return (ret);
+}
+
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+{
+    int ret;
+    size_t retlen;
+    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
+                                 * in small-stack environments, like threads
+                                 * or DOS programs. */
+    char *hugebufp = hugebuf;
+    size_t hugebufsize = sizeof(hugebuf);
+    char *dynbuf = NULL;
+    int ignored;
+
+    dynbuf = NULL;
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+                args)) {
+        OPENSSL_free(dynbuf);
+        return -1;
+    }
+    if (dynbuf) {
+        ret = BIO_write(bio, dynbuf, (int)retlen);
+        OPENSSL_free(dynbuf);
+    } else {
+        ret = BIO_write(bio, hugebuf, (int)retlen);
+    }
+    return (ret);
+}
+
+/*
+ * As snprintf is not available everywhere, we provide our own
+ * implementation. This function has nothing to do with BIOs, but it's
+ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
+ * function should be renamed, but to what?)
+ */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vsnprintf(buf, n, format, args);
+
+    va_end(args);
+    return (ret);
+}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+{
+    size_t retlen;
+    int truncated;
+
+    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+        return -1;
+
+    if (truncated)
+        /*
+         * In case of truncation, return -1 like traditional snprintf.
+         * (Current drafts for ISO/IEC 9899 say snprintf should return the
+         * number of characters that would have been written, had the buffer
+         * been large enough.)
+         */
+        return -1;
+    else
+        return (retlen <= INT_MAX) ? (int)retlen : -1;
+}
diff --git a/openssl-1.1.0h/crypto/bio/b_sock.c b/openssl-1.1.0h/crypto/bio/b_sock.c
new file mode 100644
index 0000000..97dcc70
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/b_sock.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#if defined(NETWARE_CLIB)
+# include <sys/ioctl.h>
+NETDB_DEFINE_CONTEXT
+#endif
+#ifndef OPENSSL_NO_SOCK
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS)
+static int wsa_init_done = 0;
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        size_t l;
+
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_HOST_IP,
+                   BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+        } else {
+            BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l);
+            /* Because only AF_INET addresses will reach this far,
+               we can assert that l should be 4 */
+            OPENSSL_assert(l == 4);
+
+            BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
+            ret = 1;
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (str == NULL) {
+        BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
+        return (0);
+    }
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_PORT,
+                   BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET);
+        } else {
+            *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res)));
+            ret = 1;
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+# endif
+
+int BIO_sock_error(int sock)
+{
+    int j = 0, i;
+    socklen_t size = sizeof(j);
+
+    /*
+     * Note: under Windows the third parameter is of type (char *) whereas
+     * under other systems it is (void *) if you don't have a cast it will
+     * choke the compiler: if you do have a cast then you can either go for
+     * (char *) or (void *).
+     */
+    i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
+    if (i < 0)
+        return (get_last_socket_error());
+    else
+        return (j);
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+struct hostent *BIO_gethostbyname(const char *name)
+{
+    /*
+     * Caching gethostbyname() results forever is wrong, so we have to let
+     * the true gethostbyname() worry about this
+     */
+#  if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+    return gethostbyname((char *)name);
+#  else
+    return gethostbyname(name);
+#  endif
+}
+# endif
+
+int BIO_sock_init(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    static struct WSAData wsa_state;
+
+    if (!wsa_init_done) {
+        int err;
+
+        wsa_init_done = 1;
+        memset(&wsa_state, 0, sizeof(wsa_state));
+        /*
+         * Not making wsa_state available to the rest of the code is formally
+         * wrong. But the structures we use are [believed to be] invariable
+         * among Winsock DLLs, while API availability is [expected to be]
+         * probed at run-time with DSO_global_lookup.
+         */
+        if (WSAStartup(0x0202, &wsa_state) != 0) {
+            err = WSAGetLastError();
+            SYSerr(SYS_F_WSASTARTUP, err);
+            BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+            return (-1);
+        }
+    }
+# endif                         /* OPENSSL_SYS_WINDOWS */
+# ifdef WATT32
+    extern int _watt_do_exit;
+    _watt_do_exit = 0;          /* don't make sock_init() call exit() */
+    if (sock_init())
+        return (-1);
+# endif
+
+    return (1);
+}
+
+void bio_sock_cleanup_int(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    if (wsa_init_done) {
+        wsa_init_done = 0;
+        WSACleanup();
+    }
+# endif
+}
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+{
+    int i;
+
+#  ifdef __DJGPP__
+    i = ioctlsocket(fd, type, (char *)arg);
+#  else
+#   if defined(OPENSSL_SYS_VMS)
+    /*-
+     * 2011-02-18 SMS.
+     * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+     * observe that all the consumers pass in an "unsigned long *",
+     * so we arrange a local copy with a short pointer, and use
+     * that, instead.
+     */
+#    if __INITIAL_POINTER_SIZE == 64
+#     define ARG arg_32p
+#     pragma pointer_size save
+#     pragma pointer_size 32
+    unsigned long arg_32;
+    unsigned long *arg_32p;
+#     pragma pointer_size restore
+    arg_32p = &arg_32;
+    arg_32 = *((unsigned long *)arg);
+#    else                       /* __INITIAL_POINTER_SIZE == 64 */
+#     define ARG arg
+#    endif                      /* __INITIAL_POINTER_SIZE == 64 [else] */
+#   else                        /* defined(OPENSSL_SYS_VMS) */
+#    define ARG arg
+#   endif                       /* defined(OPENSSL_SYS_VMS) [else] */
+
+    i = ioctlsocket(fd, type, ARG);
+#  endif                        /* __DJGPP__ */
+    if (i < 0)
+        SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
+    return (i);
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_accept_socket(char *host, int bind_mode)
+{
+    int s = INVALID_SOCKET;
+    char *h = NULL, *p = NULL;
+    BIO_ADDRINFO *res = NULL;
+
+    if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV))
+        return INVALID_SOCKET;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
+        goto err;
+
+    if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
+                        BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) {
+        s = INVALID_SOCKET;
+        goto err;
+    }
+
+    if (!BIO_listen(s, BIO_ADDRINFO_address(res),
+                    bind_mode ? BIO_SOCK_REUSEADDR : 0)) {
+        BIO_closesocket(s);
+        s = INVALID_SOCKET;
+    }
+
+ err:
+    BIO_ADDRINFO_free(res);
+    OPENSSL_free(h);
+    OPENSSL_free(p);
+
+    return s;
+}
+
+int BIO_accept(int sock, char **ip_port)
+{
+    BIO_ADDR res;
+    int ret = -1;
+
+    ret = BIO_accept_ex(sock, &res, 0);
+    if (ret == (int)INVALID_SOCKET) {
+        if (BIO_sock_should_retry(ret)) {
+            ret = -2;
+            goto end;
+        }
+        SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
+        goto end;
+    }
+
+    if (ip_port != NULL) {
+        char *host = BIO_ADDR_hostname_string(&res, 1);
+        char *port = BIO_ADDR_service_string(&res, 1);
+        if (host != NULL && port != NULL)
+            *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
+        else
+            *ip_port = NULL;
+
+        if (*ip_port == NULL) {
+            BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+            BIO_closesocket(ret);
+            ret = (int)INVALID_SOCKET;
+        } else {
+            strcpy(*ip_port, host);
+            strcat(*ip_port, ":");
+            strcat(*ip_port, port);
+        }
+        OPENSSL_free(host);
+        OPENSSL_free(port);
+    }
+
+ end:
+    return ret;
+}
+# endif
+
+int BIO_set_tcp_ndelay(int s, int on)
+{
+    int ret = 0;
+# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+    int opt;
+
+#  ifdef SOL_TCP
+    opt = SOL_TCP;
+#  else
+#   ifdef IPPROTO_TCP
+    opt = IPPROTO_TCP;
+#   endif
+#  endif
+
+    ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on));
+# endif
+    return (ret == 0);
+}
+
+int BIO_socket_nbio(int s, int mode)
+{
+    int ret = -1;
+    int l;
+
+    l = mode;
+# ifdef FIONBIO
+    l = mode;
+
+    ret = BIO_socket_ioctl(s, FIONBIO, &l);
+# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY))
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+
+    l = fcntl(s, F_GETFL, 0);
+    if (l == -1) {
+        SYSerr(SYS_F_FCNTL, get_last_rtl_error());
+        ret = -1;
+    } else {
+#  if defined(O_NONBLOCK)
+        l &= ~O_NONBLOCK;
+#  else
+        l &= ~FNDELAY; /* BSD4.x */
+#  endif
+        if (mode) {
+#  if defined(O_NONBLOCK)
+            l |= O_NONBLOCK;
+#  else
+            l |= FNDELAY; /* BSD4.x */
+#  endif
+        }
+        ret = fcntl(s, F_SETFL, l);
+
+        if (ret < 0) {
+            SYSerr(SYS_F_FCNTL, get_last_rtl_error());
+        }
+    }
+# else
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+    BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT);
+# endif
+
+    return (ret == 0);
+}
+
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info)
+{
+    switch (type) {
+    case BIO_SOCK_INFO_ADDRESS:
+        {
+            socklen_t addr_len;
+            int ret = 0;
+            addr_len = sizeof(*info->addr);
+            ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr),
+                              &addr_len);
+            if (ret == -1) {
+                SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error());
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR);
+                return 0;
+            }
+            if ((size_t)addr_len > sizeof(*info->addr)) {
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS);
+                return 0;
+            }
+        }
+        break;
+    default:
+        BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE);
+        return 0;
+    }
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/b_sock2.c b/openssl-1.1.0h/crypto/bio/b_sock2.c
new file mode 100644
index 0000000..d8b49d0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/b_sock2.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+
+/*-
+ * BIO_socket - create a socket
+ * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...)
+ * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM)
+ * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP)
+ * @options: BIO socket options (currently unused)
+ *
+ * Creates a socket.  This should be called before calling any
+ * of BIO_connect and BIO_listen.
+ *
+ * Returns the file descriptor on success or INVALID_SOCKET on failure.  On
+ * failure errno is set, and a status is added to the OpenSSL error stack.
+ */
+int BIO_socket(int domain, int socktype, int protocol, int options)
+{
+    int sock = -1;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    sock = socket(domain, socktype, protocol);
+    if (sock == -1) {
+        SYSerr(SYS_F_SOCKET, get_last_socket_error());
+        BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+        return INVALID_SOCKET;
+    }
+
+    return sock;
+}
+
+/*-
+ * BIO_connect - connect to an address
+ * @sock: the socket to connect with
+ * @addr: the address to connect to
+ * @options: BIO socket options
+ *
+ * Connects to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ *
+ * options holds BIO socket options that can be used
+ * You should call this for every address returned by BIO_lookup
+ * until the connection is successful.
+ *
+ * Returns 1 on success or 0 on failure.  On failure errno is set
+ * and an error status is added to the OpenSSL error stack.
+ */
+int BIO_connect(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+    if (connect(sock, BIO_ADDR_sockaddr(addr),
+                BIO_ADDR_sockaddr_size(addr)) == -1) {
+        if (!BIO_sock_should_retry(-1)) {
+            SYSerr(SYS_F_CONNECT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR);
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*-
+ * BIO_listen - Creates a listen socket
+ * @sock: the socket to listen with
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options, then
+ * starts listening for incoming connections.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only
+ *   for IPv6 addresses and not IPv4 addresses mapped to IPv6.
+ *
+ * It's recommended that you set up both an IPv6 and IPv4 listen socket, and
+ * then check both for new clients that connect to it.  You want to set up
+ * the socket as non-blocking in that case since else it could hang.
+ *
+ * Not all operating systems support IPv4 addresses on an IPv6 socket, and for
+ * others it's an option.  If you pass the BIO_LISTEN_V6_ONLY it will try to
+ * create the IPv6 sockets to only listen for IPv6 connection.
+ *
+ * It could be that the first BIO_listen() call will listen to all the IPv6
+ * and IPv4 addresses and that then trying to bind to the IPv4 address will
+ * fail.  We can't tell the difference between already listening ourself to
+ * it and someone else listening to it when failing and errno is EADDRINUSE, so
+ * it's recommended to not give an error in that case if the first call was
+ * successful.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_listen(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+    int socktype;
+    socklen_t socktype_len = sizeof(socktype);
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (getsockopt(sock, SOL_SOCKET, SO_TYPE, &socktype, &socktype_len) != 0
+        || socktype_len != sizeof(socktype)) {
+        SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+# ifndef OPENSSL_SYS_WINDOWS
+    /*
+     * SO_REUSEADDR has different behavior on Windows than on
+     * other operating systems, don't set it there.
+     */
+    if (options & BIO_SOCK_REUSEADDR) {
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_REUSEADDR);
+            return 0;
+        }
+    }
+# endif
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+# ifdef IPV6_V6ONLY
+    if (BIO_ADDR_family(addr) == AF_INET6) {
+        /*
+         * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
+         * Therefore we always have to use setsockopt here.
+         */
+        on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
+        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);
+            return 0;
+        }
+    }
+# endif
+
+    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
+        SYSerr(SYS_F_BIND, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_BIND_SOCKET);
+        return 0;
+    }
+
+    if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) {
+        SYSerr(SYS_F_LISTEN, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_accept_ex - Accept new incoming connections
+ * @sock: the listening socket
+ * @addr: the BIO_ADDR to store the peer address in
+ * @options: BIO socket options, applied on the accepted socket.
+ *
+ */
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
+{
+    socklen_t len;
+    int accepted_sock;
+    BIO_ADDR locaddr;
+    BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_;
+
+    len = sizeof(*addr);
+    accepted_sock = accept(accept_sock,
+                           BIO_ADDR_sockaddr_noconst(addr), &len);
+    if (accepted_sock == -1) {
+        if (!BIO_sock_should_retry(accepted_sock)) {
+            SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR);
+        }
+        return INVALID_SOCKET;
+    }
+
+    if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) {
+        closesocket(accepted_sock);
+        return INVALID_SOCKET;
+    }
+
+    return accepted_sock;
+}
+
+/*-
+ * BIO_closesocket - Close a socket
+ * @sock: the socket to close
+ */
+int BIO_closesocket(int sock)
+{
+    if (closesocket(sock) < 0)
+        return 0;
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/bf_buff.c b/openssl-1.1.0h/crypto/bio/bf_buff.c
new file mode 100644
index 0000000..8509956
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bf_buff.c
@@ -0,0 +1,455 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int buffer_write(BIO *h, const char *buf, int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE     4096
+
+static const BIO_METHOD methods_buffer = {
+    BIO_TYPE_BUFFER,
+    "buffer",
+    buffer_write,
+    buffer_read,
+    buffer_puts,
+    buffer_gets,
+    buffer_ctrl,
+    buffer_new,
+    buffer_free,
+    buffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_buffer(void)
+{
+    return (&methods_buffer);
+}
+
+static int buffer_new(BIO *bi)
+{
+    BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return (0);
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->ibuf == NULL) {
+        OPENSSL_free(ctx);
+        return (0);
+    }
+    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        OPENSSL_free(ctx->ibuf);
+        OPENSSL_free(ctx);
+        return (0);
+    }
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
+
+static int buffer_free(BIO *a)
+{
+    BIO_F_BUFFER_CTX *b;
+
+    if (a == NULL)
+        return (0);
+    b = (BIO_F_BUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->ibuf);
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int buffer_read(BIO *b, char *out, int outl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+    num = 0;
+    BIO_clear_retry_flags(b);
+
+ start:
+    i = ctx->ibuf_len;
+    /* If there is stuff left over, grab it */
+    if (i != 0) {
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+        ctx->ibuf_off += i;
+        ctx->ibuf_len -= i;
+        num += i;
+        if (outl == i)
+            return (num);
+        outl -= i;
+        out += i;
+    }
+
+    /*
+     * We may have done a partial read. try to do more. We have nothing in
+     * the buffer. If we get an error and have read some data, just return it
+     * and let them retry to get the error again. copy direct to parent
+     * address space
+     */
+    if (outl > ctx->ibuf_size) {
+        for (;;) {
+            i = BIO_read(b->next_bio, out, outl);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            num += i;
+            if (outl == i)
+                return (num);
+            out += i;
+            outl -= i;
+        }
+    }
+    /* else */
+
+    /* we are going to be doing some buffering */
+    i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+    if (i <= 0) {
+        BIO_copy_next_retry(b);
+        if (i < 0)
+            return ((num > 0) ? num : i);
+        if (i == 0)
+            return (num);
+    }
+    ctx->ibuf_off = 0;
+    ctx->ibuf_len = i;
+
+    /* Lets re-read using ourselves :-) */
+    goto start;
+}
+
+static int buffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+
+    BIO_clear_retry_flags(b);
+ start:
+    i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off);
+    /* add to buffer and return */
+    if (i >= inl) {
+        memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        return (num + inl);
+    }
+    /* else */
+    /* stuff already in buffer, so add to it first, then flush */
+    if (ctx->obuf_len != 0) {
+        if (i > 0) {            /* lets fill it up if we can */
+            memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i);
+            in += i;
+            inl -= i;
+            num += i;
+            ctx->obuf_len += i;
+        }
+        /* we now have a full buffer needing flushing */
+        for (;;) {
+            i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]),
+                          ctx->obuf_len);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            ctx->obuf_off += i;
+            ctx->obuf_len -= i;
+            if (ctx->obuf_len == 0)
+                break;
+        }
+    }
+    /*
+     * we only get here if the buffer has been flushed and we still have
+     * stuff to write
+     */
+    ctx->obuf_off = 0;
+
+    /* we now have inl bytes to write */
+    while (inl >= ctx->obuf_size) {
+        i = BIO_write(b->next_bio, in, inl);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            if (i < 0)
+                return ((num > 0) ? num : i);
+            if (i == 0)
+                return (num);
+        }
+        num += i;
+        in += i;
+        inl -= i;
+        if (inl == 0)
+            return (num);
+    }
+
+    /*
+     * copy the rest into the buffer since we have only a small amount left
+     */
+    goto start;
+}
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_F_BUFFER_CTX *ctx;
+    long ret = 1;
+    char *p1, *p2;
+    int r, i, *ip;
+    int ibs, obs;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = 0;
+        ctx->obuf_off = 0;
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_C_GET_BUFF_NUM_LINES:
+        ret = 0;
+        p1 = ctx->ibuf;
+        for (i = 0; i < ctx->ibuf_len; i++) {
+            if (p1[ctx->ibuf_off + i] == '\n')
+                ret++;
+        }
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return (0);
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)ctx->ibuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return (0);
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_READ_DATA:
+        if (num > ctx->ibuf_size) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+        }
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = (int)num;
+        memcpy(ctx->ibuf, ptr, (int)num);
+        ret = 1;
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        if (ptr != NULL) {
+            ip = (int *)ptr;
+            if (*ip == 0) {
+                ibs = (int)num;
+                obs = ctx->obuf_size;
+            } else {            /* if (*ip == 1) */
+
+                ibs = ctx->ibuf_size;
+                obs = (int)num;
+            }
+        } else {
+            ibs = (int)num;
+            obs = (int)num;
+        }
+        p1 = ctx->ibuf;
+        p2 = ctx->obuf;
+        if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+        }
+        if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p2 = OPENSSL_malloc((int)num);
+            if (p2 == NULL) {
+                if (p1 != ctx->ibuf)
+                    OPENSSL_free(p1);
+                goto malloc_error;
+            }
+        }
+        if (ctx->ibuf != p1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+            ctx->ibuf_off = 0;
+            ctx->ibuf_len = 0;
+            ctx->ibuf_size = ibs;
+        }
+        if (ctx->obuf != p2) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p2;
+            ctx->obuf_off = 0;
+            ctx->obuf_len = 0;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return (0);
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return (0);
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio,
+                              &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return ((long)r);
+                ctx->obuf_off += r;
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                ctx->obuf_off = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
+            !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+ malloc_error:
+    BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return (0);
+}
+
+static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int buffer_gets(BIO *b, char *buf, int size)
+{
+    BIO_F_BUFFER_CTX *ctx;
+    int num = 0, i, flag;
+    char *p;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    size--;                     /* reserve space for a '\0' */
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        if (ctx->ibuf_len > 0) {
+            p = &(ctx->ibuf[ctx->ibuf_off]);
+            flag = 0;
+            for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) {
+                *(buf++) = p[i];
+                if (p[i] == '\n') {
+                    flag = 1;
+                    i++;
+                    break;
+                }
+            }
+            num += i;
+            size -= i;
+            ctx->ibuf_len -= i;
+            ctx->ibuf_off += i;
+            if (flag || size == 0) {
+                *buf = '\0';
+                return (num);
+            }
+        } else {                /* read another chunk */
+
+            i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                *buf = '\0';
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            ctx->ibuf_len = i;
+            ctx->ibuf_off = 0;
+        }
+    }
+}
+
+static int buffer_puts(BIO *b, const char *str)
+{
+    return (buffer_write(b, str, strlen(str)));
+}
diff --git a/openssl-1.1.0h/crypto/bio/bf_lbuf.c b/openssl-1.1.0h/crypto/bio/bf_lbuf.c
new file mode 100644
index 0000000..a80f899
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bf_lbuf.c
@@ -0,0 +1,320 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf, int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static const BIO_METHOD methods_linebuffer = {
+    BIO_TYPE_LINEBUFFER,
+    "linebuffer",
+    linebuffer_write,
+    linebuffer_read,
+    linebuffer_puts,
+    linebuffer_gets,
+    linebuffer_ctrl,
+    linebuffer_new,
+    linebuffer_free,
+    linebuffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_linebuffer(void)
+{
+    return (&methods_linebuffer);
+}
+
+typedef struct bio_linebuffer_ctx_struct {
+    char *obuf;                 /* the output char array */
+    int obuf_size;              /* how big is the output buffer */
+    int obuf_len;               /* how many bytes are in it */
+} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+{
+    BIO_LINEBUFFER_CTX *ctx;
+
+    ctx = OPENSSL_malloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return (0);
+    ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        OPENSSL_free(ctx);
+        return (0);
+    }
+    ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
+    ctx->obuf_len = 0;
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
+
+static int linebuffer_free(BIO *a)
+{
+    BIO_LINEBUFFER_CTX *b;
+
+    if (a == NULL)
+        return (0);
+    b = (BIO_LINEBUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int linebuffer_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0, foundnl;
+    BIO_LINEBUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+
+    BIO_clear_retry_flags(b);
+
+    do {
+        const char *p;
+        char c;
+
+        for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ;
+        if (c == '\n') {
+            p++;
+            foundnl = 1;
+        } else
+            foundnl = 0;
+
+        /*
+         * If a NL was found and we already have text in the save buffer,
+         * concatenate them and write
+         */
+        while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+               && ctx->obuf_len > 0) {
+            int orig_olen = ctx->obuf_len;
+
+            i = ctx->obuf_size - ctx->obuf_len;
+            if (p - in > 0) {
+                if (i >= p - in) {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in);
+                    ctx->obuf_len += p - in;
+                    inl -= p - in;
+                    num += p - in;
+                    in = p;
+                } else {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, i);
+                    ctx->obuf_len += i;
+                    inl -= i;
+                    in += i;
+                    num += i;
+                }
+            }
+            i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+            if (i <= 0) {
+                ctx->obuf_len = orig_olen;
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            if (i < ctx->obuf_len)
+                memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+            ctx->obuf_len -= i;
+        }
+
+        /*
+         * Now that the save buffer is emptied, let's write the input buffer
+         * if a NL was found and there is anything to write.
+         */
+        if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
+            i = BIO_write(b->next_bio, in, p - in);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            num += i;
+            in += i;
+            inl -= i;
+        }
+    }
+    while (foundnl && inl > 0);
+    /*
+     * We've written as much as we can.  The rest of the input buffer, if
+     * any, is text that doesn't and with a NL and therefore needs to be
+     * saved for the next trip.
+     */
+    if (inl > 0) {
+        memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        num += inl;
+    }
+    return num;
+}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_LINEBUFFER_CTX *ctx;
+    long ret = 1;
+    char *p;
+    int r;
+    int obs;
+
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return (0);
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        obs = (int)num;
+        p = ctx->obuf;
+        if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p = OPENSSL_malloc((int)num);
+            if (p == NULL)
+                goto malloc_error;
+        }
+        if (ctx->obuf != p) {
+            if (ctx->obuf_len > obs) {
+                ctx->obuf_len = obs;
+            }
+            memcpy(p, ctx->obuf, ctx->obuf_len);
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return (0);
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return (0);
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return ((long)r);
+                if (r < ctx->obuf_len)
+                    memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+ malloc_error:
+    BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return (0);
+}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+{
+    if (b->next_bio == NULL)
+        return (0);
+    return (BIO_gets(b->next_bio, buf, size));
+}
+
+static int linebuffer_puts(BIO *b, const char *str)
+{
+    return (linebuffer_write(b, str, strlen(str)));
+}
diff --git a/openssl-1.1.0h/crypto/bio/bf_nbio.c b/openssl-1.1.0h/crypto/bio/bf_nbio.c
new file mode 100644
index 0000000..3328506
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bf_nbio.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct nbio_test_st {
+    /* only set if we sent a 'should retry' error */
+    int lrn;
+    int lwn;
+} NBIO_TEST;
+
+static const BIO_METHOD methods_nbiof = {
+    BIO_TYPE_NBIO_TEST,
+    "non-blocking IO test filter",
+    nbiof_write,
+    nbiof_read,
+    nbiof_puts,
+    nbiof_gets,
+    nbiof_ctrl,
+    nbiof_new,
+    nbiof_free,
+    nbiof_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_nbio_test(void)
+{
+    return (&methods_nbiof);
+}
+
+static int nbiof_new(BIO *bi)
+{
+    NBIO_TEST *nt;
+
+    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL)
+        return (0);
+    nt->lrn = -1;
+    nt->lwn = -1;
+    bi->ptr = (char *)nt;
+    bi->init = 1;
+    return (1);
+}
+
+static int nbiof_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int nbiof_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+
+    BIO_clear_retry_flags(b);
+    if (RAND_bytes(&n, 1) <= 0)
+        return -1;
+    num = (n & 0x07);
+
+    if (outl > num)
+        outl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_read(b);
+    } else {
+        ret = BIO_read(b->next_bio, out, outl);
+        if (ret < 0)
+            BIO_copy_next_retry(b);
+    }
+    return (ret);
+}
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+{
+    NBIO_TEST *nt;
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    nt = (NBIO_TEST *)b->ptr;
+
+    BIO_clear_retry_flags(b);
+
+    if (nt->lwn > 0) {
+        num = nt->lwn;
+        nt->lwn = 0;
+    } else {
+        if (RAND_bytes(&n, 1) <= 0)
+            return -1;
+        num = (n & 7);
+    }
+
+    if (inl > num)
+        inl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_write(b);
+    } else {
+        ret = BIO_write(b->next_bio, in, inl);
+        if (ret < 0) {
+            BIO_copy_next_retry(b);
+            nt->lwn = inl;
+        }
+    }
+    return (ret);
+}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_gets(bp->next_bio, buf, size));
+}
+
+static int nbiof_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_puts(bp->next_bio, str));
+}
diff --git a/openssl-1.1.0h/crypto/bio/bf_null.c b/openssl-1.1.0h/crypto/bio/bf_null.c
new file mode 100644
index 0000000..6b86aa5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bf_null.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+static const BIO_METHOD methods_nullf = {
+    BIO_TYPE_NULL_FILTER,
+    "NULL filter",
+    nullf_write,
+    nullf_read,
+    nullf_puts,
+    nullf_gets,
+    nullf_ctrl,
+    NULL,
+    NULL,
+    nullf_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_null(void)
+{
+    return (&methods_nullf);
+}
+
+static int nullf_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static int nullf_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+    }
+    return (ret);
+}
+
+static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_gets(bp->next_bio, buf, size));
+}
+
+static int nullf_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_puts(bp->next_bio, str));
+}
diff --git a/openssl-1.1.0h/crypto/bio/bio_cb.c b/openssl-1.1.0h/crypto/bio/bio_cb.c
new file mode 100644
index 0000000..412387b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bio_cb.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/err.h>
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+                        int argi, long argl, long ret)
+{
+    BIO *b;
+    char buf[256];
+    char *p;
+    long r = 1;
+    int len;
+    size_t p_maxlen;
+
+    if (BIO_CB_RETURN & cmd)
+        r = ret;
+
+    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
+
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
+    p = buf + len;
+    p_maxlen = sizeof(buf) - len;
+
+    switch (cmd) {
+    case BIO_CB_FREE:
+        BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
+        break;
+    case BIO_CB_READ:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n",
+                         bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_WRITE:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n",
+                         bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_PUTS:
+        BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name);
+        break;
+    case BIO_CB_GETS:
+        BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_CTRL:
+        BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_RETURN | BIO_CB_READ:
+        BIO_snprintf(p, p_maxlen, "read return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_WRITE:
+        BIO_snprintf(p, p_maxlen, "write return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_GETS:
+        BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_PUTS:
+        BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_CTRL:
+        BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret);
+        break;
+    default:
+        BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd);
+        break;
+    }
+
+    b = (BIO *)bio->cb_arg;
+    if (b != NULL)
+        BIO_write(b, buf, strlen(buf));
+#if !defined(OPENSSL_NO_STDIO)
+    else
+        fputs(buf, stderr);
+#endif
+    return (r);
+}
diff --git a/openssl-1.1.0h/crypto/bio/bio_err.c b/openssl-1.1.0h/crypto/bio/bio_err.c
new file mode 100644
index 0000000..c914dcf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bio_err.c
@@ -0,0 +1,126 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+
+static ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"},
+    {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"},
+    {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+    {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"},
+    {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"},
+    {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
+    {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"},
+    {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+    {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+    {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+    {ERR_FUNC(BIO_F_BIO_GET_NEW_INDEX), "BIO_get_new_index"},
+    {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+    {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"},
+    {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"},
+    {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"},
+    {ERR_FUNC(BIO_F_BIO_METH_NEW), "BIO_meth_new"},
+    {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+    {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+    {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+    {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+    {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+    {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+    {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+    {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"},
+    {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+    {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+    {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"},
+    {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"},
+    {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"},
+    {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+    {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+    {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"},
+    {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"},
+    {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"},
+    {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"},
+    {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"},
+    {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"},
+    {ERR_FUNC(BIO_F_FILE_READ), "file_read"},
+    {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"},
+    {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"},
+    {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
+     "addrinfo addr is not af inet"},
+    {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
+     "ambiguous host or service"},
+    {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+     "gethostbyname addr is not af inet"},
+    {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
+    {ERR_REASON(BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
+     "getsockname truncated address"},
+    {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"},
+    {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"},
+    {ERR_REASON(BIO_R_IN_USE), "in use"},
+    {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
+    {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"},
+    {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE),
+     "malformed host or service"},
+    {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
+     "no accept addr or service specified"},
+    {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
+     "no hostname or service specified"},
+    {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
+    {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
+    {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"},
+    {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"},
+    {ERR_REASON(BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
+    {ERR_REASON(BIO_R_UNABLE_TO_REUSEADDR), "unable to reuseaddr"},
+    {ERR_REASON(BIO_R_UNAVAILABLE_IP_FAMILY), "unavailable ip family"},
+    {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_REASON(BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
+    {ERR_REASON(BIO_R_UNSUPPORTED_IP_FAMILY), "unsupported ip family"},
+    {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_REASON(BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
+     "unsupported protocol family"},
+    {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"},
+    {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BIO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BIO_str_functs);
+        ERR_load_strings(0, BIO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bio/bio_lcl.h b/openssl-1.1.0h/crypto/bio/bio_lcl.h
new file mode 100644
index 0000000..39178cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bio_lcl.h
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define USE_SOCKETS
+#include "e_os.h"
+
+/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#ifndef OPENSSL_NO_SOCK
+/*
+ * Throughout this file and b_addr.c, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead.
+ */
+
+/*
+ * It's imperative that these macros get defined before openssl/bio.h gets
+ * included.  Otherwise, the AI_PASSIVE hack will not work properly.
+ * For clarity, we check for internal/cryptlib.h since it's a common header
+ * that also includes bio.h.
+ */
+# ifdef HEADER_CRYPTLIB_H
+#  error internal/cryptlib.h included before bio_lcl.h
+# endif
+# ifdef HEADER_BIO_H
+#  error openssl/bio.h included before bio_lcl.h
+# endif
+
+/*
+ * Undefine AF_UNIX on systems that define it but don't support it.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS)
+#  undef AF_UNIX
+# endif
+
+# ifdef AI_PASSIVE
+
+/*
+ * There's a bug in VMS C header file netdb.h, where struct addrinfo
+ * always is the P32 variant, but the functions that handle that structure,
+ * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer
+ * size.  The easiest workaround is to force struct addrinfo to be the
+ * 64-bit variant when compiling in P64 mode.
+ */
+#  if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64
+#   define addrinfo __addrinfo64
+#  endif
+
+#  define bio_addrinfo_st addrinfo
+#  define bai_family      ai_family
+#  define bai_socktype    ai_socktype
+#  define bai_protocol    ai_protocol
+#  define bai_addrlen     ai_addrlen
+#  define bai_addr        ai_addr
+#  define bai_next        ai_next
+# else
+struct bio_addrinfo_st {
+    int bai_family;
+    int bai_socktype;
+    int bai_protocol;
+    size_t bai_addrlen;
+    struct sockaddr *bai_addr;
+    struct bio_addrinfo_st *bai_next;
+};
+# endif
+
+union bio_addr_st {
+    struct sockaddr sa;
+# ifdef AF_INET6
+    struct sockaddr_in6 s_in6;
+# endif
+    struct sockaddr_in s_in;
+# ifdef AF_UNIX
+    struct sockaddr_un s_un;
+# endif
+};
+#endif
+
+/* END BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#include "internal/cryptlib.h"
+#include <internal/bio.h>
+
+typedef struct bio_f_buffer_ctx_struct {
+    /*-
+     * Buffers are setup like this:
+     *
+     * <---------------------- size ----------------------->
+     * +---------------------------------------------------+
+     * | consumed | remaining          | free space        |
+     * +---------------------------------------------------+
+     * <-- off --><------- len ------->
+     */
+    /*- BIO *bio; *//*
+     * this is now in the BIO struct
+     */
+    int ibuf_size;              /* how big is the input buffer */
+    int obuf_size;              /* how big is the output buffer */
+    char *ibuf;                 /* the char array */
+    int ibuf_len;               /* how many bytes are in it */
+    int ibuf_off;               /* write/read offset */
+    char *obuf;                 /* the char array */
+    int obuf_len;               /* how many bytes are in it */
+    int obuf_off;               /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+struct bio_st {
+    const BIO_METHOD *method;
+    /* bio, mode, argp, argi, argl, ret */
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+    char *cb_arg;               /* first argument for the callback */
+    int init;
+    int shutdown;
+    int flags;                  /* extra storage */
+    int retry_reason;
+    int num;
+    void *ptr;
+    struct bio_st *next_bio;    /* used by filter BIOs */
+    struct bio_st *prev_bio;    /* used by filter BIOs */
+    int references;
+    uint64_t num_read;
+    uint64_t num_write;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef OPENSSL_SYS_VMS
+typedef unsigned int socklen_t;
+# endif
+
+extern CRYPTO_RWLOCK *bio_lookup_lock;
+
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa);
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap);
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap);
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap);
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai);
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai);
+#endif
+
+extern CRYPTO_RWLOCK *bio_type_lock;
+
+void bio_sock_cleanup_int(void);
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+# define UP_stdin        stdin
+# define UP_stdout       stdout
+# define UP_stderr       stderr
+# define UP_fprintf      fprintf
+# define UP_fgets        fgets
+# define UP_fread        fread
+# define UP_fwrite       fwrite
+# undef  UP_fsetmod
+# define UP_feof         feof
+# define UP_fclose       fclose
+
+# define UP_fopen        fopen
+# define UP_fseek        fseek
+# define UP_ftell        ftell
+# define UP_fflush       fflush
+# define UP_ferror       ferror
+# ifdef _WIN32
+#  define UP_fileno       _fileno
+#  define UP_open         _open
+#  define UP_read         _read
+#  define UP_write        _write
+#  define UP_lseek        _lseek
+#  define UP_close        _close
+# else
+#  define UP_fileno       fileno
+#  define UP_open         open
+#  define UP_read         read
+#  define UP_write        write
+#  define UP_lseek        lseek
+#  define UP_close        close
+# endif
+
+#endif
+
diff --git a/openssl-1.1.0h/crypto/bio/bio_lib.c b/openssl-1.1.0h/crypto/bio/bio_lib.c
new file mode 100644
index 0000000..7b98dc9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bio_lib.c
@@ -0,0 +1,600 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+BIO *BIO_new(const BIO_METHOD *method)
+{
+    BIO *bio = OPENSSL_zalloc(sizeof(*bio));
+
+    if (bio == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    bio->method = method;
+    bio->shutdown = 1;
+    bio->references = 1;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
+        goto err;
+
+    bio->lock = CRYPTO_THREAD_lock_new();
+    if (bio->lock == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        goto err;
+    }
+
+    if (method->create != NULL && !method->create(bio)) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        CRYPTO_THREAD_lock_free(bio->lock);
+        goto err;
+    }
+    if (method->create == NULL)
+        bio->init = 1;
+
+    return bio;
+
+err:
+    OPENSSL_free(bio);
+    return NULL;
+}
+
+int BIO_free(BIO *a)
+{
+    int i;
+
+    if (a == NULL)
+        return 0;
+
+    if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+    if ((a->callback != NULL) &&
+        ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
+        return i;
+
+    if ((a->method != NULL) && (a->method->destroy != NULL))
+        a->method->destroy(a);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+
+    return 1;
+}
+
+void BIO_set_data(BIO *a, void *ptr)
+{
+    a->ptr = ptr;
+}
+
+void *BIO_get_data(BIO *a)
+{
+    return a->ptr;
+}
+
+void BIO_set_init(BIO *a, int init)
+{
+    a->init = init;
+}
+
+int BIO_get_init(BIO *a)
+{
+    return a->init;
+}
+
+void BIO_set_shutdown(BIO *a, int shut)
+{
+    a->shutdown = shut;
+}
+
+int BIO_get_shutdown(BIO *a)
+{
+    return a->shutdown;
+}
+
+void BIO_vfree(BIO *a)
+{
+    BIO_free(a);
+}
+
+int BIO_up_ref(BIO *a)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void BIO_clear_flags(BIO *b, int flags)
+{
+    b->flags &= ~flags;
+}
+
+int BIO_test_flags(const BIO *b, int flags)
+{
+    return (b->flags & flags);
+}
+
+void BIO_set_flags(BIO *b, int flags)
+{
+    b->flags |= flags;
+}
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+                                        int, long, long) {
+    return b->callback;
+}
+
+void BIO_set_callback(BIO *b,
+                      long (*cb) (struct bio_st *, int, const char *, int,
+                                  long, long))
+{
+    b->callback = cb;
+}
+
+void BIO_set_callback_arg(BIO *b, char *arg)
+{
+    b->cb_arg = arg;
+}
+
+char *BIO_get_callback_arg(const BIO *b)
+{
+    return b->cb_arg;
+}
+
+const char *BIO_method_name(const BIO *b)
+{
+    return b->method->name;
+}
+
+int BIO_method_type(const BIO *b)
+{
+    return b->method->type;
+}
+
+int BIO_read(BIO *b, void *out, int outl)
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
+        BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+    if ((cb != NULL) &&
+        ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
+        return (i);
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
+
+    i = b->method->bread(b, out, outl);
+
+    if (i > 0)
+        b->num_read += (uint64_t)i;
+
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i);
+    return (i);
+}
+
+int BIO_write(BIO *b, const void *in, int inl)
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if (b == NULL)
+        return (0);
+
+    cb = b->callback;
+    if ((b->method == NULL) || (b->method->bwrite == NULL)) {
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    if ((cb != NULL) &&
+        ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
+        return (i);
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
+
+    i = b->method->bwrite(b, in, inl);
+
+    if (i > 0)
+        b->num_write += (uint64_t)i;
+
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i);
+    return (i);
+}
+
+int BIO_puts(BIO *b, const char *in)
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+
+    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
+        return (i);
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
+
+    i = b->method->bputs(b, in);
+
+    if (i > 0)
+        b->num_write += (uint64_t)i;
+
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i);
+    return (i);
+}
+
+int BIO_gets(BIO *b, char *in, int inl)
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+
+    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
+        return (i);
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
+
+    i = b->method->bgets(b, in, inl);
+
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i);
+    return (i);
+}
+
+int BIO_indent(BIO *b, int indent, int max)
+{
+    if (indent < 0)
+        indent = 0;
+    if (indent > max)
+        indent = max;
+    while (indent--)
+        if (BIO_puts(b, " ") != 1)
+            return 0;
+    return 1;
+}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+{
+    int i;
+
+    i = iarg;
+    return (BIO_ctrl(b, cmd, larg, (char *)&i));
+}
+
+void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+{
+    void *p = NULL;
+
+    if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
+        return (NULL);
+    else
+        return (p);
+}
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+{
+    long ret;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if (b == NULL)
+        return (0);
+
+    if ((b->method == NULL) || (b->method->ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+
+    if ((cb != NULL) &&
+        ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
+        return (ret);
+
+    ret = b->method->ctrl(b, cmd, larg, parg);
+
+    if (cb != NULL)
+        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret);
+    return (ret);
+}
+
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if (b == NULL)
+        return (0);
+
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+
+    if ((cb != NULL) &&
+        ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
+        return (ret);
+
+    ret = b->method->callback_ctrl(b, cmd, fp);
+
+    if (cb != NULL)
+        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret);
+    return (ret);
+}
+
+/*
+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway.
+ */
+size_t BIO_ctrl_pending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+}
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+{
+    BIO *lb;
+
+    if (b == NULL)
+        return (bio);
+    lb = b;
+    while (lb->next_bio != NULL)
+        lb = lb->next_bio;
+    lb->next_bio = bio;
+    if (bio != NULL)
+        bio->prev_bio = lb;
+    /* called to do internal processing */
+    BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
+    return (b);
+}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+{
+    BIO *ret;
+
+    if (b == NULL)
+        return (NULL);
+    ret = b->next_bio;
+
+    BIO_ctrl(b, BIO_CTRL_POP, 0, b);
+
+    if (b->prev_bio != NULL)
+        b->prev_bio->next_bio = b->next_bio;
+    if (b->next_bio != NULL)
+        b->next_bio->prev_bio = b->prev_bio;
+
+    b->next_bio = NULL;
+    b->prev_bio = NULL;
+    return (ret);
+}
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+{
+    BIO *b, *last;
+
+    b = last = bio;
+    for (;;) {
+        if (!BIO_should_retry(b))
+            break;
+        last = b;
+        b = b->next_bio;
+        if (b == NULL)
+            break;
+    }
+    if (reason != NULL)
+        *reason = last->retry_reason;
+    return (last);
+}
+
+int BIO_get_retry_reason(BIO *bio)
+{
+    return (bio->retry_reason);
+}
+
+void BIO_set_retry_reason(BIO *bio, int reason)
+{
+    bio->retry_reason = reason;
+}
+
+BIO *BIO_find_type(BIO *bio, int type)
+{
+    int mt, mask;
+
+    if (bio == NULL)
+        return NULL;
+    mask = type & 0xff;
+    do {
+        if (bio->method != NULL) {
+            mt = bio->method->type;
+
+            if (!mask) {
+                if (mt & type)
+                    return (bio);
+            } else if (mt == type)
+                return (bio);
+        }
+        bio = bio->next_bio;
+    } while (bio != NULL);
+    return (NULL);
+}
+
+BIO *BIO_next(BIO *b)
+{
+    if (b == NULL)
+        return NULL;
+    return b->next_bio;
+}
+
+void BIO_set_next(BIO *b, BIO *next)
+{
+    b->next_bio = next;
+}
+
+void BIO_free_all(BIO *bio)
+{
+    BIO *b;
+    int ref;
+
+    while (bio != NULL) {
+        b = bio;
+        ref = b->references;
+        bio = bio->next_bio;
+        BIO_free(b);
+        /* Since ref count > 1, don't free anyone else. */
+        if (ref > 1)
+            break;
+    }
+}
+
+BIO *BIO_dup_chain(BIO *in)
+{
+    BIO *ret = NULL, *eoc = NULL, *bio, *new_bio;
+
+    for (bio = in; bio != NULL; bio = bio->next_bio) {
+        if ((new_bio = BIO_new(bio->method)) == NULL)
+            goto err;
+        new_bio->callback = bio->callback;
+        new_bio->cb_arg = bio->cb_arg;
+        new_bio->init = bio->init;
+        new_bio->shutdown = bio->shutdown;
+        new_bio->flags = bio->flags;
+
+        /* This will let SSL_s_sock() work with stdin/stdout */
+        new_bio->num = bio->num;
+
+        if (!BIO_dup_state(bio, (char *)new_bio)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        /* copy app data */
+        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        if (ret == NULL) {
+            eoc = new_bio;
+            ret = eoc;
+        } else {
+            BIO_push(eoc, new_bio);
+            eoc = new_bio;
+        }
+    }
+    return (ret);
+ err:
+    BIO_free_all(ret);
+
+    return (NULL);
+}
+
+void BIO_copy_next_retry(BIO *b)
+{
+    BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
+    b->retry_reason = b->next_bio->retry_reason;
+}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+{
+    return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
+}
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+{
+    return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
+}
+
+uint64_t BIO_number_read(BIO *bio)
+{
+    if (bio)
+        return bio->num_read;
+    return 0;
+}
+
+uint64_t BIO_number_written(BIO *bio)
+{
+    if (bio)
+        return bio->num_write;
+    return 0;
+}
+
+void bio_free_ex_data(BIO *bio)
+{
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+}
+
+void bio_cleanup(void)
+{
+#ifndef OPENSSL_NO_SOCK
+    bio_sock_cleanup_int();
+    CRYPTO_THREAD_lock_free(bio_lookup_lock);
+    bio_lookup_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(bio_type_lock);
+    bio_type_lock = NULL;
+}
diff --git a/openssl-1.1.0h/crypto/bio/bio_meth.c b/openssl-1.1.0h/crypto/bio/bio_meth.c
new file mode 100644
index 0000000..1e785d3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bio_meth.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bio_lcl.h"
+#include <internal/thread_once.h>
+
+CRYPTO_RWLOCK *bio_type_lock = NULL;
+static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
+{
+    bio_type_lock = CRYPTO_THREAD_lock_new();
+    return bio_type_lock != NULL;
+}
+
+int BIO_get_new_index()
+{
+    static int bio_count = BIO_TYPE_START;
+    int newval;
+
+    if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) {
+        BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    if (!CRYPTO_atomic_add(&bio_count, 1, &newval, bio_type_lock))
+        return -1;
+    return newval;
+}
+
+BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+    BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
+
+    if (biom == NULL
+            || (biom->name = OPENSSL_strdup(name)) == NULL) {
+        OPENSSL_free(biom);
+        BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return biom;
+}
+
+void BIO_meth_free(BIO_METHOD *biom)
+{
+    if (biom != NULL) {
+        OPENSSL_free(biom->name);
+        OPENSSL_free(biom);
+    }
+}
+
+int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int)
+{
+    return biom->bwrite;
+}
+
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, int))
+{
+    biom->bwrite = bwrite;
+    return 1;
+}
+
+int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bread;
+}
+
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*bread) (BIO *, char *, int))
+{
+    biom->bread = bread;
+    return 1;
+}
+
+int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *)
+{
+    return biom->bputs;
+}
+
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*bputs) (BIO *, const char *))
+{
+    biom->bputs = bputs;
+    return 1;
+}
+
+int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bgets;
+}
+
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*bgets) (BIO *, char *, int))
+{
+    biom->bgets = bgets;
+    return 1;
+}
+
+long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *)
+{
+    return biom->ctrl;
+}
+
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *))
+{
+    biom->ctrl = ctrl;
+    return 1;
+}
+
+int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *)
+{
+    return biom->create;
+}
+
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+    biom->create = create;
+    return 1;
+}
+
+int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *)
+{
+    return biom->destroy;
+}
+
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+    biom->destroy = destroy;
+    return 1;
+}
+
+long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
+{
+    return biom->callback_ctrl;
+}
+
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *))
+{
+    biom->callback_ctrl = callback_ctrl;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bio/bss_acpt.c b/openssl-1.1.0h/crypto/bio/bss_acpt.c
new file mode 100644
index 0000000..21d21c1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_acpt.c
@@ -0,0 +1,562 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_accept_st {
+    int state;
+    int accept_family;
+    int bind_mode;     /* Socket mode for BIO_listen */
+    int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */
+    char *param_addr;
+    char *param_serv;
+
+    int accept_sock;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    BIO_ADDR cache_accepting_addr;   /* Useful if we asked for port 0 */
+    char *cache_accepting_name, *cache_accepting_serv;
+    BIO_ADDR cache_peer_addr;
+    char *cache_peer_name, *cache_peer_serv;
+
+    BIO *bio_chain;
+} BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+static BIO_ACCEPT *BIO_ACCEPT_new(void);
+static void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+# define ACPT_S_BEFORE                   1
+# define ACPT_S_GET_ADDR                 2
+# define ACPT_S_CREATE_SOCKET            3
+# define ACPT_S_LISTEN                   4
+# define ACPT_S_ACCEPT                   5
+# define ACPT_S_OK                       6
+
+static const BIO_METHOD methods_acceptp = {
+    BIO_TYPE_ACCEPT,
+    "socket accept",
+    acpt_write,
+    acpt_read,
+    acpt_puts,
+    NULL,                       /* connect_gets,         */
+    acpt_ctrl,
+    acpt_new,
+    acpt_free,
+    NULL,                       /* connect_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_accept(void)
+{
+    return (&methods_acceptp);
+}
+
+static int acpt_new(BIO *bi)
+{
+    BIO_ACCEPT *ba;
+
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((ba = BIO_ACCEPT_new()) == NULL)
+        return (0);
+    bi->ptr = (char *)ba;
+    ba->state = ACPT_S_BEFORE;
+    bi->shutdown = 1;
+    return (1);
+}
+
+static BIO_ACCEPT *BIO_ACCEPT_new(void)
+{
+    BIO_ACCEPT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return (NULL);
+    ret->accept_family = BIO_FAMILY_IPANY;
+    ret->accept_sock = (int)INVALID_SOCKET;
+    return (ret);
+}
+
+static void BIO_ACCEPT_free(BIO_ACCEPT *a)
+{
+    if (a == NULL)
+        return;
+
+    OPENSSL_free(a->param_addr);
+    OPENSSL_free(a->param_serv);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a->cache_accepting_name);
+    OPENSSL_free(a->cache_accepting_serv);
+    OPENSSL_free(a->cache_peer_name);
+    OPENSSL_free(a->cache_peer_serv);
+    BIO_free(a->bio_chain);
+    OPENSSL_free(a);
+}
+
+static void acpt_close_socket(BIO *bio)
+{
+    BIO_ACCEPT *c;
+
+    c = (BIO_ACCEPT *)bio->ptr;
+    if (c->accept_sock != (int)INVALID_SOCKET) {
+        shutdown(c->accept_sock, 2);
+        closesocket(c->accept_sock);
+        c->accept_sock = (int)INVALID_SOCKET;
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int acpt_free(BIO *a)
+{
+    BIO_ACCEPT *data;
+
+    if (a == NULL)
+        return (0);
+    data = (BIO_ACCEPT *)a->ptr;
+
+    if (a->shutdown) {
+        acpt_close_socket(a);
+        BIO_ACCEPT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return (1);
+}
+
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+{
+    BIO *bio = NULL, *dbio;
+    int s = -1, ret = -1;
+
+    for (;;) {
+        switch (c->state) {
+        case ACPT_S_BEFORE:
+            if (c->param_addr == NULL && c->param_serv == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                goto exit_loop;
+            }
+
+            /* Because we're starting a new bind, any cached name and serv
+             * are now obsolete and need to be cleaned out.
+             * QUESTION: should this be done in acpt_close_socket() instead?
+             */
+            OPENSSL_free(c->cache_accepting_name);
+            c->cache_accepting_name = NULL;
+            OPENSSL_free(c->cache_accepting_serv);
+            c->cache_accepting_serv = NULL;
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            c->state = ACPT_S_GET_ADDR;
+            break;
+
+        case ACPT_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->accept_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            /* We're currently not iterating, but set this as preparation
+             * for possible future development in that regard
+             */
+            c->addr_iter = c->addr_first;
+            c->state = ACPT_S_CREATE_SOCKET;
+            break;
+
+        case ACPT_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            c->accept_sock = ret;
+            b->num = ret;
+            c->state = ACPT_S_LISTEN;
+            break;
+
+        case ACPT_S_LISTEN:
+            {
+                if (!BIO_listen(c->accept_sock,
+                                BIO_ADDRINFO_address(c->addr_iter),
+                                c->bind_mode)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            {
+                union BIO_sock_info_u info;
+
+                info.addr = &c->cache_accepting_addr;
+                if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS,
+                                   &info)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            c->cache_accepting_name =
+                BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1);
+            c->cache_accepting_serv =
+                BIO_ADDR_service_string(&c->cache_accepting_addr, 1);
+            c->state = ACPT_S_ACCEPT;
+            s = -1;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_ACCEPT:
+            if (b->next_bio != NULL) {
+                c->state = ACPT_S_OK;
+                break;
+            }
+            BIO_clear_retry_flags(b);
+            b->retry_reason = 0;
+
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr,
+                              c->accepted_mode);
+
+            /* If the returned socket is invalid, this might still be
+             * retryable
+             */
+            if (s < 0) {
+                if (BIO_sock_should_retry(s)) {
+                    BIO_set_retry_special(b);
+                    b->retry_reason = BIO_RR_ACCEPT;
+                    goto end;
+                }
+            }
+
+            /* If it wasn't retryable, we fail */
+            if (s < 0) {
+                ret = s;
+                goto exit_loop;
+            }
+
+            bio = BIO_new_socket(s, BIO_CLOSE);
+            if (bio == NULL)
+                goto exit_loop;
+
+            BIO_set_callback(bio, BIO_get_callback(b));
+            BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+
+            /*
+             * If the accept BIO has an bio_chain, we dup it and put the new
+             * socket at the end.
+             */
+            if (c->bio_chain != NULL) {
+                if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
+                    goto exit_loop;
+                if (!BIO_push(dbio, bio))
+                    goto exit_loop;
+                bio = dbio;
+            }
+            if (BIO_push(b, bio) == NULL)
+                goto exit_loop;
+
+            c->cache_peer_name =
+                BIO_ADDR_hostname_string(&c->cache_peer_addr, 1);
+            c->cache_peer_serv =
+                BIO_ADDR_service_string(&c->cache_peer_addr, 1);
+            c->state = ACPT_S_OK;
+            bio = NULL;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_OK:
+            if (b->next_bio == NULL) {
+                c->state = ACPT_S_ACCEPT;
+                break;
+            }
+            ret = 1;
+            goto end;
+
+        default:
+            ret = 0;
+            goto end;
+        }
+    }
+
+  exit_loop:
+    if (bio != NULL)
+        BIO_free(bio);
+    else if (s >= 0)
+        BIO_closesocket(s);
+  end:
+    return ret;
+}
+
+static int acpt_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static int acpt_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    int *ip;
+    long ret = 1;
+    BIO_ACCEPT *data;
+    char **pp;
+
+    data = (BIO_ACCEPT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = ACPT_S_BEFORE;
+        acpt_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        ret = (long)acpt_state(b, data);
+        break;
+    case BIO_C_SET_ACCEPT:
+        if (ptr != NULL) {
+            if (num == 0) {
+                char *hold_serv = data->param_serv;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_addr);
+                data->param_addr = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_addr,
+                                         &data->param_serv,
+                                         BIO_PARSE_PRIO_SERV);
+                if (hold_serv != data->param_serv)
+                    OPENSSL_free(hold_serv);
+                b->init = 1;
+            } else if (num == 1) {
+                OPENSSL_free(data->param_serv);
+                data->param_serv = BUF_strdup(ptr);
+                b->init = 1;
+            } else if (num == 2) {
+                data->bind_mode |= BIO_SOCK_NONBLOCK;
+            } else if (num == 3) {
+                BIO_free(data->bio_chain);
+                data->bio_chain = (BIO *)ptr;
+            } else if (num == 4) {
+                data->accept_family = *(int *)ptr;
+            }
+        } else {
+            if (num == 2) {
+                data->bind_mode &= ~BIO_SOCK_NONBLOCK;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->accepted_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_FD:
+        b->init = 1;
+        b->num = *((int *)ptr);
+        data->accept_sock = b->num;
+        data->state = ACPT_S_ACCEPT;
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = data->accept_sock;
+            ret = data->accept_sock;
+        } else
+            ret = -1;
+        break;
+    case BIO_C_GET_ACCEPT:
+        if (b->init) {
+            if (num == 0 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_name;
+            } else if (num == 1 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_serv;
+            } else if (num == 2 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_name;
+            } else if (num == 3 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_serv;
+            } else if (num == 4) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+#ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+#endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->accept_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else
+                ret = -1;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_C_SET_BIND_MODE:
+        data->bind_mode = (int)num;
+        break;
+    case BIO_C_GET_BIND_MODE:
+        ret = (long)data->bind_mode;
+        break;
+    case BIO_CTRL_DUP:
+/*-     dbio=(BIO *)ptr;
+        if (data->param_port) EAY EAY
+                BIO_set_port(dbio,data->param_port);
+        if (data->param_hostname)
+                BIO_set_hostname(dbio,data->param_hostname);
+        BIO_set_nbio(dbio,data->nbio); */
+        break;
+
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int acpt_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = acpt_write(bp, str, n);
+    return (ret);
+}
+
+BIO *BIO_new_accept(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_accept());
+    if (ret == NULL)
+        return (NULL);
+    if (BIO_set_accept_name(ret, str))
+        return (ret);
+    BIO_free(ret);
+    return (NULL);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/bss_bio.c b/openssl-1.1.0h/crypto/bio/bss_bio.c
new file mode 100644
index 0000000..de34f6b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_bio.c
@@ -0,0 +1,805 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "bio_lcl.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static const BIO_METHOD methods_biop = {
+    BIO_TYPE_BIO,
+    "BIO pair",
+    bio_write,
+    bio_read,
+    bio_puts,
+    NULL /* no bio_gets */ ,
+    bio_ctrl,
+    bio_new,
+    bio_free,
+    NULL                        /* no bio_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_bio(void)
+{
+    return &methods_biop;
+}
+
+struct bio_bio_st {
+    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
+                                 * peer->ptr is also a bio_bio_st, and its
+                                 * "peer" member points back to us. peer !=
+                                 * NULL iff init != 0 in the BIO. */
+    /* This is for what we write (i.e. reading uses peer's struct): */
+    int closed;                 /* valid iff peer != NULL */
+    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
+    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
+    size_t size;
+    char *buf;                  /* "size" elements (if != NULL) */
+    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
+                                 * otherwise set by peer to number of bytes
+                                 * it (unsuccessfully) tried to read, never
+                                 * more than buffer space (size-len)
+                                 * warrants. */
+};
+
+static int bio_new(BIO *bio)
+{
+    struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
+
+    if (b == NULL)
+        return 0;
+
+    /* enough for one TLS record (just a default) */
+    b->size = 17 * 1024;
+
+    bio->ptr = b;
+    return 1;
+}
+
+static int bio_free(BIO *bio)
+{
+    struct bio_bio_st *b;
+
+    if (bio == NULL)
+        return 0;
+    b = bio->ptr;
+
+    assert(b != NULL);
+
+    if (b->peer)
+        bio_destroy_pair(bio);
+
+    OPENSSL_free(b->buf);
+    OPENSSL_free(b);
+
+    return 1;
+}
+
+static int bio_read(BIO *bio, char *buf, int size_)
+{
+    size_t size = size_;
+    size_t rest;
+    struct bio_bio_st *b, *peer_b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;        /* will be set in "retry_read" situation */
+
+    if (buf == NULL || size == 0)
+        return 0;
+
+    if (peer_b->len == 0) {
+        if (peer_b->closed)
+            return 0;           /* writer has closed, and no data is left */
+        else {
+            BIO_set_retry_read(bio); /* buffer is empty */
+            if (size <= peer_b->size)
+                peer_b->request = size;
+            else
+                /*
+                 * don't ask for more than the peer can deliver in one write
+                 */
+                peer_b->request = peer_b->size;
+            return -1;
+        }
+    }
+
+    /* we can read */
+    if (peer_b->len < size)
+        size = peer_b->len;
+
+    /* now read "size" bytes */
+
+    rest = size;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t chunk;
+
+        assert(rest <= peer_b->len);
+        if (peer_b->offset + rest <= peer_b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = peer_b->size - peer_b->offset;
+        assert(peer_b->offset + chunk <= peer_b->size);
+
+        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+        peer_b->len -= chunk;
+        if (peer_b->len) {
+            peer_b->offset += chunk;
+            assert(peer_b->offset <= peer_b->size);
+            if (peer_b->offset == peer_b->size)
+                peer_b->offset = 0;
+            buf += chunk;
+        } else {
+            /* buffer now empty, no need to advance "buf" */
+            assert(chunk == rest);
+            peer_b->offset = 0;
+        }
+        rest -= chunk;
+    }
+    while (rest);
+
+    return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
+static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;
+
+    if (peer_b->len == 0) {
+        char dummy;
+
+        /* avoid code duplication -- nothing available for reading */
+        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+    }
+
+    num = peer_b->len;
+    if (peer_b->size < peer_b->offset + num)
+        /* no ring buffer wrap-around for non-copying interface */
+        num = peer_b->size - peer_b->offset;
+    assert(num > 0);
+
+    if (buf != NULL)
+        *buf = peer_b->buf + peer_b->offset;
+    return num;
+}
+
+static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num, available;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    available = bio_nread0(bio, buf);
+    if (num > available)
+        num = available;
+    if (num <= 0)
+        return num;
+
+    b = bio->ptr;
+    peer_b = b->peer->ptr;
+
+    peer_b->len -= num;
+    if (peer_b->len) {
+        peer_b->offset += num;
+        assert(peer_b->offset <= peer_b->size);
+        if (peer_b->offset == peer_b->size)
+            peer_b->offset = 0;
+    } else
+        peer_b->offset = 0;
+
+    return num;
+}
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+{
+    size_t num = num_;
+    size_t rest;
+    struct bio_bio_st *b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init || buf == NULL || num == 0)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        /* we already closed */
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio); /* buffer is full */
+        return -1;
+    }
+
+    /* we can write */
+    if (num > b->size - b->len)
+        num = b->size - b->len;
+
+    /* now write "num" bytes */
+
+    rest = num;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t write_offset;
+        size_t chunk;
+
+        assert(b->len + rest <= b->size);
+
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+            write_offset -= b->size;
+        /* b->buf[write_offset] is the first byte we can write to. */
+
+        if (write_offset + rest <= b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = b->size - write_offset;
+
+        memcpy(b->buf + write_offset, buf, chunk);
+
+        b->len += chunk;
+
+        assert(b->len <= b->size);
+
+        rest -= chunk;
+        buf += chunk;
+    }
+    while (rest);
+
+    return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b;
+    size_t num;
+    size_t write_offset;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio);
+        return -1;
+    }
+
+    num = b->size - b->len;
+    write_offset = b->offset + b->len;
+    if (write_offset >= b->size)
+        write_offset -= b->size;
+    if (write_offset + num > b->size)
+        /*
+         * no ring buffer wrap-around for non-copying interface (to fulfil
+         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+         * to be called twice)
+         */
+        num = b->size - write_offset;
+
+    if (buf != NULL)
+        *buf = b->buf + write_offset;
+    assert(write_offset + num <= b->size);
+
+    return num;
+}
+
+static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b;
+    ossl_ssize_t num, space;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    space = bio_nwrite0(bio, buf);
+    if (num > space)
+        num = space;
+    if (num <= 0)
+        return num;
+    b = bio->ptr;
+    assert(b != NULL);
+    b->len += num;
+    assert(b->len <= b->size);
+
+    return num;
+}
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    struct bio_bio_st *b = bio->ptr;
+
+    assert(b != NULL);
+
+    switch (cmd) {
+        /* specific CTRL codes */
+
+    case BIO_C_SET_WRITE_BUF_SIZE:
+        if (b->peer) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+            ret = 0;
+        } else if (num == 0) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+            ret = 0;
+        } else {
+            size_t new_size = num;
+
+            if (b->size != new_size) {
+                OPENSSL_free(b->buf);
+                b->buf = NULL;
+                b->size = new_size;
+            }
+            ret = 1;
+        }
+        break;
+
+    case BIO_C_GET_WRITE_BUF_SIZE:
+        ret = (long)b->size;
+        break;
+
+    case BIO_C_MAKE_BIO_PAIR:
+        {
+            BIO *other_bio = ptr;
+
+            if (bio_make_pair(bio, other_bio))
+                ret = 1;
+            else
+                ret = 0;
+        }
+        break;
+
+    case BIO_C_DESTROY_BIO_PAIR:
+        /*
+         * Affects both BIOs in the pair -- call just once! Or let
+         * BIO_free(bio1); BIO_free(bio2); do the job.
+         */
+        bio_destroy_pair(bio);
+        ret = 1;
+        break;
+
+    case BIO_C_GET_WRITE_GUARANTEE:
+        /*
+         * How many bytes can the caller feed to the next write without
+         * having to keep any?
+         */
+        if (b->peer == NULL || b->closed)
+            ret = 0;
+        else
+            ret = (long)b->size - b->len;
+        break;
+
+    case BIO_C_GET_READ_REQUEST:
+        /*
+         * If the peer unsuccessfully tried to read, how many bytes were
+         * requested? (As with BIO_CTRL_PENDING, that number can usually be
+         * treated as boolean.)
+         */
+        ret = (long)b->request;
+        break;
+
+    case BIO_C_RESET_READ_REQUEST:
+        /*
+         * Reset request.  (Can be useful after read attempts at the other
+         * side that are meant to be non-blocking, e.g. when probing SSL_read
+         * to see if any data is available.)
+         */
+        b->request = 0;
+        ret = 1;
+        break;
+
+    case BIO_C_SHUTDOWN_WR:
+        /* similar to shutdown(..., SHUT_WR) */
+        b->closed = 1;
+        ret = 1;
+        break;
+
+    case BIO_C_NREAD0:
+        /* prepare for non-copying read */
+        ret = (long)bio_nread0(bio, ptr);
+        break;
+
+    case BIO_C_NREAD:
+        /* non-copying read */
+        ret = (long)bio_nread(bio, ptr, (size_t)num);
+        break;
+
+    case BIO_C_NWRITE0:
+        /* prepare for non-copying write */
+        ret = (long)bio_nwrite0(bio, ptr);
+        break;
+
+    case BIO_C_NWRITE:
+        /* non-copying write */
+        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+        break;
+
+        /* standard CTRL codes follow */
+
+    case BIO_CTRL_RESET:
+        if (b->buf != NULL) {
+            b->len = 0;
+            b->offset = 0;
+        }
+        ret = 0;
+        break;
+
+    case BIO_CTRL_GET_CLOSE:
+        ret = bio->shutdown;
+        break;
+
+    case BIO_CTRL_SET_CLOSE:
+        bio->shutdown = (int)num;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_PENDING:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            ret = (long)peer_b->len;
+        } else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (b->buf != NULL)
+            ret = (long)b->len;
+        else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_DUP:
+        /* See BIO_dup_chain for circumstances we have to expect. */
+        {
+            BIO *other_bio = ptr;
+            struct bio_bio_st *other_b;
+
+            assert(other_bio != NULL);
+            other_b = other_bio->ptr;
+            assert(other_b != NULL);
+
+            assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+            other_b->size = b->size;
+        }
+
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_EOF:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            if (peer_b->len == 0 && peer_b->closed)
+                ret = 1;
+            else
+                ret = 0;
+        } else {
+            ret = 1;
+        }
+        break;
+
+    default:
+        ret = 0;
+    }
+    return ret;
+}
+
+static int bio_puts(BIO *bio, const char *str)
+{
+    return bio_write(bio, str, strlen(str));
+}
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+    struct bio_bio_st *b1, *b2;
+
+    assert(bio1 != NULL);
+    assert(bio2 != NULL);
+
+    b1 = bio1->ptr;
+    b2 = bio2->ptr;
+
+    if (b1->peer != NULL || b2->peer != NULL) {
+        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+        return 0;
+    }
+
+    if (b1->buf == NULL) {
+        b1->buf = OPENSSL_malloc(b1->size);
+        if (b1->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b1->len = 0;
+        b1->offset = 0;
+    }
+
+    if (b2->buf == NULL) {
+        b2->buf = OPENSSL_malloc(b2->size);
+        if (b2->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b2->len = 0;
+        b2->offset = 0;
+    }
+
+    b1->peer = bio2;
+    b1->closed = 0;
+    b1->request = 0;
+    b2->peer = bio1;
+    b2->closed = 0;
+    b2->request = 0;
+
+    bio1->init = 1;
+    bio2->init = 1;
+
+    return 1;
+}
+
+static void bio_destroy_pair(BIO *bio)
+{
+    struct bio_bio_st *b = bio->ptr;
+
+    if (b != NULL) {
+        BIO *peer_bio = b->peer;
+
+        if (peer_bio != NULL) {
+            struct bio_bio_st *peer_b = peer_bio->ptr;
+
+            assert(peer_b != NULL);
+            assert(peer_b->peer == bio);
+
+            peer_b->peer = NULL;
+            peer_bio->init = 0;
+            assert(peer_b->buf != NULL);
+            peer_b->len = 0;
+            peer_b->offset = 0;
+
+            b->peer = NULL;
+            bio->init = 0;
+            assert(b->buf != NULL);
+            b->len = 0;
+            b->offset = 0;
+        }
+    }
+}
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+                     BIO **bio2_p, size_t writebuf2)
+{
+    BIO *bio1 = NULL, *bio2 = NULL;
+    long r;
+    int ret = 0;
+
+    bio1 = BIO_new(BIO_s_bio());
+    if (bio1 == NULL)
+        goto err;
+    bio2 = BIO_new(BIO_s_bio());
+    if (bio2 == NULL)
+        goto err;
+
+    if (writebuf1) {
+        r = BIO_set_write_buf_size(bio1, writebuf1);
+        if (!r)
+            goto err;
+    }
+    if (writebuf2) {
+        r = BIO_set_write_buf_size(bio2, writebuf2);
+        if (!r)
+            goto err;
+    }
+
+    r = BIO_make_bio_pair(bio1, bio2);
+    if (!r)
+        goto err;
+    ret = 1;
+
+ err:
+    if (ret == 0) {
+        BIO_free(bio1);
+        bio1 = NULL;
+        BIO_free(bio2);
+        bio2 = NULL;
+    }
+
+    *bio1_p = bio1;
+    *bio2_p = bio2;
+    return ret;
+}
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+{
+    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
+
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+    if (ret > 0)
+        bio->num_read += ret;
+    return ret;
+}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+    if (ret > 0)
+        bio->num_write += ret;
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bio/bss_conn.c b/openssl-1.1.0h/crypto/bio/bss_conn.c
new file mode 100644
index 0000000..e343bcd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_conn.c
@@ -0,0 +1,543 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_connect_st {
+    int state;
+    int connect_family;
+    char *param_hostname;
+    char *param_service;
+    int connect_mode;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    /*
+     * int socket; this will be kept in bio->num so that it is compatible
+     * with the bss_sock bio
+     */
+    /*
+     * called when the connection is initially made callback(BIO,state,ret);
+     * The callback should return 'ret'.  state is for compatibility with the
+     * ssl info_callback
+     */
+    BIO_info_cb *info_callback;
+} BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void);
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+#define BIO_CONN_S_BEFORE                1
+#define BIO_CONN_S_GET_ADDR              2
+#define BIO_CONN_S_CREATE_SOCKET         3
+#define BIO_CONN_S_CONNECT               4
+#define BIO_CONN_S_OK                    5
+#define BIO_CONN_S_BLOCKED_CONNECT       6
+
+static const BIO_METHOD methods_connectp = {
+    BIO_TYPE_CONNECT,
+    "socket connect",
+    conn_write,
+    conn_read,
+    conn_puts,
+    NULL,                       /* conn_gets, */
+    conn_ctrl,
+    conn_new,
+    conn_free,
+    conn_callback_ctrl,
+};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+{
+    int ret = -1, i;
+    BIO_info_cb *cb = NULL;
+
+    if (c->info_callback != NULL)
+        cb = c->info_callback;
+
+    for (;;) {
+        switch (c->state) {
+        case BIO_CONN_S_BEFORE:
+            if (c->param_hostname == NULL && c->param_service == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                goto exit_loop;
+            }
+            c->state = BIO_CONN_S_GET_ADDR;
+            break;
+
+        case BIO_CONN_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->connect_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_hostname, c->param_service,
+                               BIO_LOOKUP_CLIENT,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            c->addr_iter = c->addr_first;
+            c->state = BIO_CONN_S_CREATE_SOCKET;
+            break;
+
+        case BIO_CONN_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            b->num = ret;
+            c->state = BIO_CONN_S_CONNECT;
+            break;
+
+        case BIO_CONN_S_CONNECT:
+            BIO_clear_retry_flags(b);
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
+                              BIO_SOCK_KEEPALIVE | c->connect_mode);
+            b->retry_reason = 0;
+            if (ret == 0) {
+                if (BIO_sock_should_retry(ret)) {
+                    BIO_set_retry_special(b);
+                    c->state = BIO_CONN_S_BLOCKED_CONNECT;
+                    b->retry_reason = BIO_RR_CONNECT;
+                    ERR_clear_error();
+                } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter))
+                           != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    BIO_closesocket(b->num);
+                    c->state = BIO_CONN_S_CREATE_SOCKET;
+                    ERR_clear_error();
+                    break;
+                } else {
+                    SYSerr(SYS_F_CONNECT, get_last_socket_error());
+                    ERR_add_error_data(4,
+                                       "hostname=", c->param_hostname,
+                                       " service=", c->param_service);
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+                }
+                goto exit_loop;
+            } else {
+                c->state = BIO_CONN_S_OK;
+            }
+            break;
+
+        case BIO_CONN_S_BLOCKED_CONNECT:
+            i = BIO_sock_error(b->num);
+            if (i) {
+                BIO_clear_retry_flags(b);
+                SYSerr(SYS_F_CONNECT, i);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
+                ret = 0;
+                goto exit_loop;
+            } else
+                c->state = BIO_CONN_S_OK;
+            break;
+
+        case BIO_CONN_S_OK:
+            ret = 1;
+            goto exit_loop;
+        default:
+            /* abort(); */
+            goto exit_loop;
+        }
+
+        if (cb != NULL) {
+            if ((ret = cb((BIO *)b, c->state, ret)) == 0)
+                goto end;
+        }
+    }
+
+    /* Loop does not exit */
+ exit_loop:
+    if (cb != NULL)
+        ret = cb((BIO *)b, c->state, ret);
+ end:
+    return (ret);
+}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+{
+    BIO_CONNECT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return (NULL);
+    ret->state = BIO_CONN_S_BEFORE;
+    ret->connect_family = BIO_FAMILY_IPANY;
+    return (ret);
+}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+{
+    if (a == NULL)
+        return;
+
+    OPENSSL_free(a->param_hostname);
+    OPENSSL_free(a->param_service);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a);
+}
+
+const BIO_METHOD *BIO_s_connect(void)
+{
+    return (&methods_connectp);
+}
+
+static int conn_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
+        return (0);
+    else
+        return (1);
+}
+
+static void conn_close_socket(BIO *bio)
+{
+    BIO_CONNECT *c;
+
+    c = (BIO_CONNECT *)bio->ptr;
+    if (bio->num != (int)INVALID_SOCKET) {
+        /* Only do a shutdown if things were established */
+        if (c->state == BIO_CONN_S_OK)
+            shutdown(bio->num, 2);
+        BIO_closesocket(bio->num);
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int conn_free(BIO *a)
+{
+    BIO_CONNECT *data;
+
+    if (a == NULL)
+        return (0);
+    data = (BIO_CONNECT *)a->ptr;
+
+    if (a->shutdown) {
+        conn_close_socket(a);
+        BIO_CONNECT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return (1);
+}
+
+static int conn_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return (ret);
+}
+
+static int conn_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return (ret);
+}
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    int *ip;
+    const char **pptr = NULL;
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = BIO_CONN_S_BEFORE;
+        conn_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        if (data->state != BIO_CONN_S_OK)
+            ret = (long)conn_state(b, data);
+        else
+            ret = 1;
+        break;
+    case BIO_C_GET_CONNECT:
+        if (ptr != NULL) {
+            pptr = (const char **)ptr;
+            if (num == 0) {
+                *pptr = data->param_hostname;
+            } else if (num == 1) {
+                *pptr = data->param_service;
+            } else if (num == 2) {
+                *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter);
+            } else if (num == 3) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+# ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+# endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->connect_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else {
+                ret = 0;
+            }
+        } else {
+            ret = 0;
+        }
+        break;
+    case BIO_C_SET_CONNECT:
+        if (ptr != NULL) {
+            b->init = 1;
+            if (num == 0) {
+                char *hold_service = data->param_service;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_hostname);
+                data->param_hostname = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_hostname,
+                                         &data->param_service,
+                                         BIO_PARSE_PRIO_HOST);
+                if (hold_service != data->param_service)
+                    OPENSSL_free(hold_service);
+            } else if (num == 1) {
+                OPENSSL_free(data->param_service);
+                data->param_service = BUF_strdup(ptr);
+            } else if (num == 2) {
+                const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+                if (ret) {
+                    data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
+                    data->param_service = BIO_ADDR_service_string(addr, 1);
+                    BIO_ADDRINFO_free(data->addr_first);
+                    data->addr_first = NULL;
+                    data->addr_iter = NULL;
+                }
+            } else if (num == 3) {
+                data->connect_family = *(int *)ptr;
+            } else {
+                ret = 0;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->connect_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->connect_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_CONNECT_MODE:
+        data->connect_mode = (int)num;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_CTRL_DUP:
+        {
+            dbio = (BIO *)ptr;
+            if (data->param_hostname)
+                BIO_set_conn_hostname(dbio, data->param_hostname);
+            if (data->param_service)
+                BIO_set_conn_port(dbio, data->param_service);
+            BIO_set_conn_ip_family(dbio, data->connect_family);
+            BIO_set_conn_mode(dbio, data->connect_mode);
+            /*
+             * FIXME: the cast of the function seems unlikely to be a good
+             * idea
+             */
+            (void)BIO_set_info_callback(dbio, data->info_callback);
+        }
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        {
+# if 0                          /* FIXME: Should this be used? -- Richard
+                                 * Levitte */
+            BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            ret = -1;
+# else
+            ret = 0;
+# endif
+        }
+        break;
+    case BIO_CTRL_GET_CALLBACK:
+        {
+            BIO_info_cb **fptr;
+
+            fptr = (BIO_info_cb **)ptr;
+            *fptr = data->info_callback;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        {
+            data->info_callback = fp;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int conn_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = conn_write(bp, str, n);
+    return (ret);
+}
+
+BIO *BIO_new_connect(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_connect());
+    if (ret == NULL)
+        return (NULL);
+    if (BIO_set_conn_hostname(ret, str))
+        return (ret);
+    BIO_free(ret);
+    return (NULL);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/bss_dgram.c b/openssl-1.1.0h/crypto/bio/bss_dgram.c
new file mode 100644
index 0000000..c772d95
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_dgram.c
@@ -0,0 +1,1923 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+#ifndef OPENSSL_NO_DGRAM
+
+# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS))
+#  include <sys/time.h>
+# endif
+# if defined(OPENSSL_SYS_VMS)
+#  include <sys/timeb.h>
+# endif
+
+# ifndef OPENSSL_NO_SCTP
+#  include <netinet/sctp.h>
+#  include <fcntl.h>
+#  define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
+#  define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
+# endif
+
+# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
+#  define IP_MTU      14        /* linux is lame */
+# endif
+
+# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
+#  define IPPROTO_IPV6 41       /* windows is lame */
+# endif
+
+# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#  undef IN6_IS_ADDR_V4MAPPED
+#  define s6_addr32 __u6_addr.__u6_addr32
+#  define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+# endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+# ifndef OPENSSL_NO_SCTP
+static int dgram_sctp_write(BIO *h, const char *buf, int num);
+static int dgram_sctp_read(BIO *h, char *buf, int size);
+static int dgram_sctp_puts(BIO *h, const char *str);
+static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_sctp_new(BIO *h);
+static int dgram_sctp_free(BIO *data);
+#  ifdef SCTP_AUTHENTICATION_EVENT
+static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
+                                                  *snp);
+#  endif
+# endif
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static const BIO_METHOD methods_dgramp = {
+    BIO_TYPE_DGRAM,
+    "datagram socket",
+    dgram_write,
+    dgram_read,
+    dgram_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_ctrl,
+    dgram_new,
+    dgram_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+
+# ifndef OPENSSL_NO_SCTP
+static const BIO_METHOD methods_dgramp_sctp = {
+    BIO_TYPE_DGRAM_SCTP,
+    "datagram sctp socket",
+    dgram_sctp_write,
+    dgram_sctp_read,
+    dgram_sctp_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_sctp_ctrl,
+    dgram_sctp_new,
+    dgram_sctp_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+# endif
+
+typedef struct bio_dgram_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct timeval next_timeout;
+    struct timeval socket_timeout;
+    unsigned int peekmode;
+} bio_dgram_data;
+
+# ifndef OPENSSL_NO_SCTP
+typedef struct bio_dgram_sctp_save_message_st {
+    BIO *bio;
+    char *data;
+    int length;
+} bio_dgram_sctp_save_message;
+
+typedef struct bio_dgram_sctp_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct bio_dgram_sctp_sndinfo sndinfo;
+    struct bio_dgram_sctp_rcvinfo rcvinfo;
+    struct bio_dgram_sctp_prinfo prinfo;
+    void (*handle_notifications) (BIO *bio, void *context, void *buf);
+    void *notification_context;
+    int in_handshake;
+    int ccs_rcvd;
+    int ccs_sent;
+    int save_shutdown;
+    int peer_auth_tested;
+} bio_dgram_sctp_data;
+# endif
+
+const BIO_METHOD *BIO_s_datagram(void)
+{
+    return (&methods_dgramp);
+}
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_datagram());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
+
+static int dgram_new(BIO *bi)
+{
+    bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
+
+    if (data == NULL)
+        return 0;
+    bi->ptr = data;
+    return (1);
+}
+
+static int dgram_free(BIO *a)
+{
+    bio_dgram_data *data;
+
+    if (a == NULL)
+        return (0);
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_data *)a->ptr;
+    OPENSSL_free(data);
+
+    return (1);
+}
+
+static int dgram_clear(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return (1);
+}
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    union {
+        size_t s;
+        int i;
+    } sz = {
+        0
+    };
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+        struct timeval timenow, timeleft;
+
+        /* Read current socket timeout */
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout;
+
+        sz.i = sizeof(timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, &sz.i) < 0) {
+            perror("getsockopt");
+        } else {
+            data->socket_timeout.tv_sec = timeout / 1000;
+            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+        }
+#  else
+        sz.i = sizeof(data->socket_timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       &(data->socket_timeout), (void *)&sz) < 0) {
+            perror("getsockopt");
+        } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
+            OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
+#  endif
+
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* Calculate time left until timer expires */
+        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+        if (timeleft.tv_usec < timenow.tv_usec) {
+            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
+            timeleft.tv_sec--;
+        } else {
+            timeleft.tv_usec -= timenow.tv_usec;
+        }
+        if (timeleft.tv_sec < timenow.tv_sec) {
+            timeleft.tv_sec = 0;
+            timeleft.tv_usec = 1;
+        } else {
+            timeleft.tv_sec -= timenow.tv_sec;
+        }
+
+        /*
+         * Adjust socket timeout if next handshake message timer will expire
+         * earlier.
+         */
+        if ((data->socket_timeout.tv_sec == 0
+             && data->socket_timeout.tv_usec == 0)
+            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+            || (data->socket_timeout.tv_sec == timeleft.tv_sec
+                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+#  ifdef OPENSSL_SYS_WINDOWS
+            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+            }
+#  else
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                           sizeof(struct timeval)) < 0) {
+                perror("setsockopt");
+            }
+#  endif
+        }
+    }
+# endif
+}
+
+static void dgram_reset_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout = data->socket_timeout.tv_sec * 1000 +
+            data->socket_timeout.tv_usec / 1000;
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, sizeof(timeout)) < 0) {
+            perror("setsockopt");
+        }
+#  else
+        if (setsockopt
+            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+             sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+        }
+#  endif
+    }
+# endif
+}
+
+static int dgram_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int flags = 0;
+
+    BIO_ADDR peer;
+    socklen_t len = sizeof(peer);
+
+    if (out != NULL) {
+        clear_socket_error();
+        memset(&peer, 0, sizeof(peer));
+        dgram_adjust_rcv_timeout(b);
+        if (data->peekmode)
+            flags = MSG_PEEK;
+        ret = recvfrom(b->num, out, outl, flags,
+                       BIO_ADDR_sockaddr_noconst(&peer), &len);
+
+        if (!data->connected && ret >= 0)
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        dgram_reset_rcv_timeout(b);
+    }
+    return (ret);
+}
+
+static int dgram_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    clear_socket_error();
+
+    if (data->connected)
+        ret = writesocket(b->num, in, inl);
+    else {
+        int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
+
+# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+        ret = sendto(b->num, (char *)in, inl, 0,
+                     BIO_ADDR_sockaddr(&data->peer), peerlen);
+# else
+        ret = sendto(b->num, in, inl, 0,
+                     BIO_ADDR_sockaddr(&data->peer), peerlen);
+# endif
+    }
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return (ret);
+}
+
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+{
+    long ret;
+
+    switch (BIO_ADDR_family(&data->peer)) {
+    case AF_INET:
+        /*
+         * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+         */
+        ret = 28;
+        break;
+# ifdef AF_INET6
+    case AF_INET6:
+        {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+            struct in6_addr tmp_addr;
+            if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                /*
+                 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+                 */
+                ret = 28;
+            else
+#  endif
+            /*
+             * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
+             */
+            ret = 48;
+        }
+        break;
+# endif
+    default:
+        /* We don't know. Go with the historical default */
+        ret = 28;
+        break;
+    }
+    return ret;
+}
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+    bio_dgram_data *data = NULL;
+    int sockopt_val = 0;
+    int d_errno;
+# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+    socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
+    socklen_t addr_len;
+    BIO_ADDR addr;
+# endif
+
+    data = (bio_dgram_data *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        ret = 0;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SET_FD:
+        dgram_clear(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_DGRAM_CONNECT:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+        /* (Linux)kernel sets DF bit on outgoing IP packets */
+    case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            sockopt_val = IP_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+        case AF_INET6:
+            sockopt_val = IPV6_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  endif
+        default:
+            ret = -1;
+            break;
+        }
+# else
+        ret = -1;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                            &sockopt_len)) < 0 || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IP
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 20;
+                ret = data->mtu;
+            }
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
+        case AF_INET6:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+                            (void *)&sockopt_val, &sockopt_len)) < 0
+                || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IPV6
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 40;
+                ret = data->mtu;
+            }
+            break;
+#  endif
+        default:
+            ret = 0;
+            break;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+        ret = -dgram_get_mtu_overhead(data);
+        switch (BIO_ADDR_family(&data->peer)) {
+        case AF_INET:
+            ret += 576;
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+            {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+                struct in6_addr tmp_addr;
+                if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                    && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                    ret += 576;
+                else
+#  endif
+                    ret += 1280;
+            }
+            break;
+# endif
+        default:
+            ret += 576;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU:
+        return data->mtu;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        data->mtu = num;
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+        if (ptr != NULL) {
+            data->connected = 1;
+            BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        } else {
+            data->connected = 0;
+            memset(&data->peer, 0, sizeof(data->peer));
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_PEER:
+        ret = BIO_ADDR_sockaddr_size(&data->peer);
+        /* FIXME: if num < ret, we will only return part of an address.
+           That should bee an error, no? */
+        if (num == 0 || num > ret)
+            num = ret;
+        memcpy(ptr, &data->peer, (ret = num));
+        break;
+    case BIO_CTRL_DGRAM_SET_PEER:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+        break;
+# if defined(SO_RCVTIMEO)
+    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+# if defined(SO_SNDTIMEO)
+    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+        /* fall-through */
+    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+        d_errno = (data->_errno == WSAETIMEDOUT);
+# else
+        d_errno = (data->_errno == EAGAIN);
+# endif
+        if (d_errno) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# ifdef EMSGSIZE
+    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+        if (data->_errno == EMSGSIZE) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# endif
+    case BIO_CTRL_DGRAM_SET_DONT_FRAG:
+        sockopt_val = num ? 1 : 0;
+
+        switch (data->peer.sa.sa_family) {
+        case AF_INET:
+# if defined(IP_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
+                                  (const char *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# else
+            ret = -1;
+# endif
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+#  if defined(IPV6_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
+                                  (const void *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  else
+            ret = -1;
+#  endif
+            break;
+# endif
+        default:
+            ret = -1;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        ret = dgram_get_mtu_overhead(data);
+        break;
+
+    /*
+     * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+     * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+     * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+     * value has been updated to a non-clashing value. However to preserve
+     * binary compatiblity we now respond to both the old value and the new one
+     */
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+    case BIO_CTRL_DGRAM_SET_PEEK_MODE:
+        data->peekmode = (unsigned int)num;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_write(bp, str, n);
+    return (ret);
+}
+
+# ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void)
+{
+    return (&methods_dgramp_sctp);
+}
+
+BIO *BIO_new_dgram_sctp(int fd, int close_flag)
+{
+    BIO *bio;
+    int ret, optval = 20000;
+    int auth_data = 0, auth_forward = 0;
+    unsigned char *p;
+    struct sctp_authchunk auth;
+    struct sctp_authchunks *authchunks;
+    socklen_t sockopt_len;
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    struct sctp_event event;
+#   else
+    struct sctp_event_subscribe event;
+#   endif
+#  endif
+
+    bio = BIO_new(BIO_s_datagram_sctp());
+    if (bio == NULL)
+        return (NULL);
+    BIO_set_fd(bio, fd, close_flag);
+
+    /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
+    auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    /*
+     * Test if activation was successful. When using accept(), SCTP-AUTH has
+     * to be activated for the listening socket already, otherwise the
+     * connected socket won't use it.
+     */
+    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+    authchunks = OPENSSL_zalloc(sockopt_len);
+    if (authchunks == NULL) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+                   &sockopt_len);
+    if (ret < 0) {
+        OPENSSL_free(authchunks);
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    for (p = (unsigned char *)authchunks->gauth_chunks;
+         p < (unsigned char *)authchunks + sockopt_len;
+         p += sizeof(uint8_t)) {
+        if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+            auth_data = 1;
+        if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+            auth_forward = 1;
+    }
+
+    OPENSSL_free(authchunks);
+
+    OPENSSL_assert(auth_data);
+    OPENSSL_assert(auth_forward);
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_AUTHENTICATION_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+#   else
+    sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    event.sctp_authentication_event = 1;
+
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+#   endif
+#  endif
+
+    /*
+     * Disable partial delivery by setting the min size larger than the max
+     * record size of 2^14 + 2048 + 13
+     */
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
+                   sizeof(optval));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    return (bio);
+}
+
+int BIO_dgram_is_sctp(BIO *bio)
+{
+    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
+}
+
+static int dgram_sctp_new(BIO *bi)
+{
+    bio_dgram_sctp_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    data = OPENSSL_zalloc(sizeof(*data));
+    if (data == NULL)
+        return 0;
+#  ifdef SCTP_PR_SCTP_NONE
+    data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
+#  endif
+    bi->ptr = data;
+
+    bi->flags = 0;
+    return (1);
+}
+
+static int dgram_sctp_free(BIO *a)
+{
+    bio_dgram_sctp_data *data;
+
+    if (a == NULL)
+        return (0);
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_sctp_data *) a->ptr;
+    if (data != NULL)
+        OPENSSL_free(data);
+
+    return (1);
+}
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+void dgram_sctp_handle_auth_free_key_event(BIO *b,
+                                           union sctp_notification *snp)
+{
+    int ret;
+    struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
+
+    if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
+        struct sctp_authkeyid authkeyid;
+
+        /* delete key */
+        authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+    }
+}
+#  endif
+
+static int dgram_sctp_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, n = 0, i, optval;
+    socklen_t optlen;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    union sctp_notification *snp;
+    struct msghdr msg;
+    struct iovec iov;
+    struct cmsghdr *cmsg;
+    char cmsgbuf[512];
+
+    if (out != NULL) {
+        clear_socket_error();
+
+        do {
+            memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
+            iov.iov_base = out;
+            iov.iov_len = outl;
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = cmsgbuf;
+            msg.msg_controllen = 512;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (n <= 0) {
+                if (n < 0)
+                    ret = n;
+                break;
+            }
+
+            if (msg.msg_controllen > 0) {
+                for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
+                     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+                    if (cmsg->cmsg_level != IPPROTO_SCTP)
+                        continue;
+#  ifdef SCTP_RCVINFO
+                    if (cmsg->cmsg_type == SCTP_RCVINFO) {
+                        struct sctp_rcvinfo *rcvinfo;
+
+                        rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
+                        data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
+                        data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
+                        data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
+                        data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
+                        data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
+                        data->rcvinfo.rcv_context = rcvinfo->rcv_context;
+                    }
+#  endif
+#  ifdef SCTP_SNDRCV
+                    if (cmsg->cmsg_type == SCTP_SNDRCV) {
+                        struct sctp_sndrcvinfo *sndrcvinfo;
+
+                        sndrcvinfo =
+                            (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
+                        data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
+                        data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
+                        data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
+                        data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
+                        data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
+                        data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
+                    }
+#  endif
+                }
+            }
+
+            if (msg.msg_flags & MSG_NOTIFICATION) {
+                snp = (union sctp_notification *)out;
+                if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+#  ifdef SCTP_EVENT
+                    struct sctp_event event;
+#  else
+                    struct sctp_event_subscribe event;
+                    socklen_t eventsize;
+#  endif
+
+                    /* disable sender dry event */
+#  ifdef SCTP_EVENT
+                    memset(&event, 0, sizeof(event));
+                    event.se_assoc_id = 0;
+                    event.se_type = SCTP_SENDER_DRY_EVENT;
+                    event.se_on = 0;
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                                   sizeof(struct sctp_event));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  else
+                    eventsize = sizeof(struct sctp_event_subscribe);
+                    i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   &eventsize);
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+
+                    event.sctp_sender_dry_event = 0;
+
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   sizeof(struct sctp_event_subscribe));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  endif
+                }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+                if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                    dgram_sctp_handle_auth_free_key_event(b, snp);
+#  endif
+
+                if (data->handle_notifications != NULL)
+                    data->handle_notifications(b, data->notification_context,
+                                               (void *)out);
+
+                memset(out, 0, outl);
+            } else
+                ret += n;
+        }
+        while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
+               && (ret < outl));
+
+        if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
+            /* Partial message read, this should never happen! */
+
+            /*
+             * The buffer was too small, this means the peer sent a message
+             * that was larger than allowed.
+             */
+            if (ret == outl)
+                return -1;
+
+            /*
+             * Test if socket buffer can handle max record size (2^14 + 2048
+             * + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Test if SCTP doesn't partially deliver below max record size
+             * (2^14 + 2048 + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
+                           &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Partially delivered notification??? Probably a bug....
+             */
+            OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
+
+            /*
+             * Everything seems ok till now, so it's most likely a message
+             * dropped by PR-SCTP.
+             */
+            memset(out, 0, outl);
+            BIO_set_retry_read(b);
+            return -1;
+        }
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        /* Test if peer uses SCTP-AUTH before continuing */
+        if (!data->peer_auth_tested) {
+            int ii, auth_data = 0, auth_forward = 0;
+            unsigned char *p;
+            struct sctp_authchunks *authchunks;
+
+            optlen =
+                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+            authchunks = OPENSSL_malloc(optlen);
+            if (authchunks == NULL) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memset(authchunks, 0, optlen);
+            ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
+                            authchunks, &optlen);
+
+            if (ii >= 0)
+                for (p = (unsigned char *)authchunks->gauth_chunks;
+                     p < (unsigned char *)authchunks + optlen;
+                     p += sizeof(uint8_t)) {
+                    if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+                        auth_data = 1;
+                    if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+                        auth_forward = 1;
+                }
+
+            OPENSSL_free(authchunks);
+
+            if (!auth_data || !auth_forward) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
+                return -1;
+            }
+
+            data->peer_auth_tested = 1;
+        }
+    }
+    return (ret);
+}
+
+/*
+ * dgram_sctp_write - send message on SCTP socket
+ * @b: BIO to write to
+ * @in: data to send
+ * @inl: amount of bytes in @in to send
+ *
+ * Returns -1 on error or the sent amount of bytes on success
+ */
+static int dgram_sctp_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
+    struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
+    struct bio_dgram_sctp_sndinfo handshake_sinfo;
+    struct iovec iov[1];
+    struct msghdr msg;
+    struct cmsghdr *cmsg;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
+                 CMSG_SPACE(sizeof(struct sctp_prinfo))];
+    struct sctp_sndinfo *sndinfo;
+    struct sctp_prinfo *prinfo;
+#  else
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
+    struct sctp_sndrcvinfo *sndrcvinfo;
+#  endif
+
+    clear_socket_error();
+
+    /*
+     * If we're send anything else than application data, disable all user
+     * parameters and flags.
+     */
+    if (in[0] != 23) {
+        memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
+#  ifdef SCTP_SACK_IMMEDIATELY
+        handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
+#  endif
+        sinfo = &handshake_sinfo;
+    }
+
+    /* We can only send a shutdown alert if the socket is dry */
+    if (data->save_shutdown) {
+        ret = BIO_dgram_sctp_wait_for_dry(b);
+        if (ret < 0)
+            return -1;
+        if (ret == 0) {
+            BIO_clear_retry_flags(b);
+            BIO_set_retry_write(b);
+            return -1;
+        }
+    }
+
+    iov[0].iov_base = (char *)in;
+    iov[0].iov_len = inl;
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = (caddr_t) cmsgbuf;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
+    sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
+    memset(sndinfo, 0, sizeof(*sndinfo));
+    sndinfo->snd_sid = sinfo->snd_sid;
+    sndinfo->snd_flags = sinfo->snd_flags;
+    sndinfo->snd_ppid = sinfo->snd_ppid;
+    sndinfo->snd_context = sinfo->snd_context;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
+
+    cmsg =
+        (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_PRINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
+    prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
+    memset(prinfo, 0, sizeof(*prinfo));
+    prinfo->pr_policy = pinfo->pr_policy;
+    prinfo->pr_value = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
+#  else
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDRCV;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
+    sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+    memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
+    sndrcvinfo->sinfo_stream = sinfo->snd_sid;
+    sndrcvinfo->sinfo_flags = sinfo->snd_flags;
+#   ifdef __FreeBSD__
+    sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
+#   endif
+    sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
+    sndrcvinfo->sinfo_context = sinfo->snd_context;
+    sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
+#  endif
+
+    ret = sendmsg(b->num, &msg, 0);
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return (ret);
+}
+
+static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    bio_dgram_sctp_data *data = NULL;
+    socklen_t sockopt_len = 0;
+    struct sctp_authkeyid authkeyid;
+    struct sctp_authkey *authkey = NULL;
+
+    data = (bio_dgram_sctp_data *) b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+        /*
+         * Set to maximum (2^14) and ignore user input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        /*
+         * Set to maximum (2^14) and ignore input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+    case BIO_CTRL_DGRAM_CONNECT:
+        /* Returns always -1. */
+        ret = -1;
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        /*
+         * SCTP doesn't need the DTLS timer Returns always 1.
+         */
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        /*
+         * We allow transport protocol fragmentation so this is irrelevant
+         */
+        ret = 0;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+        if (num > 0)
+            data->in_handshake = 1;
+        else
+            data->in_handshake = 0;
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
+                       &data->in_handshake, sizeof(int));
+        break;
+    case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+        /*
+         * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
+         */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Add new key */
+        sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
+        authkey = OPENSSL_malloc(sockopt_len);
+        if (authkey == NULL) {
+            ret = -1;
+            break;
+        }
+        memset(authkey, 0, sockopt_len);
+        authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
+#  ifndef __FreeBSD__
+        /*
+         * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
+         * and higher work without it.
+         */
+        authkey->sca_keylength = 64;
+#  endif
+        memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+                       sockopt_len);
+        OPENSSL_free(authkey);
+        authkey = NULL;
+        if (ret < 0)
+            break;
+
+        /* Reset active key */
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        break;
+    case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Set active key */
+        authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        /*
+         * CCS has been sent, so remember that and fall through to check if
+         * we need to deactivate an old key
+         */
+        data->ccs_sent = 1;
+        /* fall-through */
+
+    case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /*
+         * Has this command really been called or is this just a
+         * fall-through?
+         */
+        if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
+            data->ccs_rcvd = 1;
+
+        /*
+         * CSS has been both, received and sent, so deactivate an old key
+         */
+        if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
+            /* Get active key */
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                           &authkeyid, &sockopt_len);
+            if (ret < 0)
+                break;
+
+            /*
+             * Deactivate key or delete second last key if
+             * SCTP_AUTHENTICATION_EVENT is not available.
+             */
+            authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+#  ifdef SCTP_AUTH_DEACTIVATE_KEY
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
+                             &authkeyid, sockopt_len);
+            if (ret < 0)
+                break;
+#  endif
+#  ifndef SCTP_AUTHENTICATION_EVENT
+            if (authkeyid.scact_keynumber > 0) {
+                authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                                 &authkeyid, sizeof(struct sctp_authkeyid));
+                if (ret < 0)
+                    break;
+            }
+#  endif
+
+            data->ccs_rcvd = 0;
+            data->ccs_sent = 0;
+        }
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(ptr, &(data->sndinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(&(data->sndinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(ptr, &data->rcvinfo, num);
+
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(&(data->rcvinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(ptr, &(data->prinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(&(data->prinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
+        /* Returns always 1. */
+        if (num > 0)
+            data->save_shutdown = 1;
+        else
+            data->save_shutdown = 0;
+        break;
+
+    default:
+        /*
+         * Pass to default ctrl function to process SCTP unspecific commands
+         */
+        ret = dgram_ctrl(b, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void
+                                                                 *context,
+                                                                 void *buf),
+                                   void *context)
+{
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    if (handle_notifications != NULL) {
+        data->handle_notifications = handle_notifications;
+        data->notification_context = context;
+    } else
+        return -1;
+
+    return 0;
+}
+
+/*
+ * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
+ * @b: The BIO to check for the dry event
+ *
+ * Wait until the peer confirms all packets have been received, and so that
+ * our kernel doesn't have anything to send anymore.  This is only received by
+ * the peer's kernel, not the application.
+ *
+ * Returns:
+ * -1 on error
+ *  0 when not dry yet
+ *  1 when dry
+ */
+int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+    int is_dry = 0;
+    int sockflags = 0;
+    int n, ret;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+#  ifdef SCTP_EVENT
+    struct sctp_event event;
+#  else
+    struct sctp_event_subscribe event;
+    socklen_t eventsize;
+#  endif
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* set sender dry event */
+#  ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_SENDER_DRY_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+#  else
+    eventsize = sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+    if (ret < 0)
+        return -1;
+
+    event.sctp_sender_dry_event = 1;
+
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+#  endif
+    if (ret < 0)
+        return -1;
+
+    /* peek for notification */
+    memset(&snp, 0, sizeof(snp));
+    iov.iov_base = (char *)&snp;
+    iov.iov_len = sizeof(union sctp_notification);
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = NULL;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+
+    n = recvmsg(b->num, &msg, MSG_PEEK);
+    if (n <= 0) {
+        if ((n < 0) && (get_last_socket_error() != EAGAIN)
+            && (get_last_socket_error() != EWOULDBLOCK))
+            return -1;
+        else
+            return 0;
+    }
+
+    /* if we find a notification, process it and try again if necessary */
+    while (msg.msg_flags & MSG_NOTIFICATION) {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        n = recvmsg(b->num, &msg, 0);
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+
+        if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+            is_dry = 1;
+
+            /* disable sender dry event */
+#  ifdef SCTP_EVENT
+            memset(&event, 0, sizeof(event));
+            event.se_assoc_id = 0;
+            event.se_type = SCTP_SENDER_DRY_EVENT;
+            event.se_on = 0;
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                           sizeof(struct sctp_event));
+#  else
+            eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           &eventsize);
+            if (ret < 0)
+                return -1;
+
+            event.sctp_sender_dry_event = 0;
+
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           sizeof(struct sctp_event_subscribe));
+#  endif
+            if (ret < 0)
+                return -1;
+        }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+        if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+            dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+        if (data->handle_notifications != NULL)
+            data->handle_notifications(b, data->notification_context,
+                                       (void *)&snp);
+
+        /* found notification, peek again */
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        /* if we have seen the dry already, don't wait */
+        if (is_dry) {
+            sockflags = fcntl(b->num, F_GETFL, 0);
+            fcntl(b->num, F_SETFL, O_NONBLOCK);
+        }
+
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+
+        if (is_dry) {
+            fcntl(b->num, F_SETFL, sockflags);
+        }
+
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+    }
+
+    /* read anything else */
+    return is_dry;
+}
+
+int BIO_dgram_sctp_msg_waiting(BIO *b)
+{
+    int n, sockflags;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* Check if there are any messages waiting to be read */
+    do {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        sockflags = fcntl(b->num, F_GETFL, 0);
+        fcntl(b->num, F_SETFL, O_NONBLOCK);
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+        fcntl(b->num, F_SETFL, sockflags);
+
+        /* if notification, process and try again */
+        if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
+#  ifdef SCTP_AUTHENTICATION_EVENT
+            if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+            memset(&snp, 0, sizeof(snp));
+            iov.iov_base = (char *)&snp;
+            iov.iov_len = sizeof(union sctp_notification);
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = NULL;
+            msg.msg_controllen = 0;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (data->handle_notifications != NULL)
+                data->handle_notifications(b, data->notification_context,
+                                           (void *)&snp);
+        }
+
+    } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
+
+    /* Return 1 if there is a message to be read, return 0 otherwise. */
+    if (n > 0)
+        return 1;
+    else
+        return 0;
+}
+
+static int dgram_sctp_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_sctp_write(bp, str, n);
+    return (ret);
+}
+# endif
+
+static int BIO_dgram_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+        /*
+         * If the socket return value (i) is -1 and err is unexpectedly 0 at
+         * this point, the error code was overwritten by another system call
+         * before this error handling is called.
+         */
+# endif
+
+        return (BIO_dgram_non_fatal_error(err));
+    }
+    return (0);
+}
+
+int BIO_dgram_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
+
+static void get_current_time(struct timeval *t)
+{
+# if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+#  ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+#  else
+    now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
+#  endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+# elif defined(OPENSSL_SYS_VMS)
+    struct timeb tb;
+    ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+# else
+    gettimeofday(t, NULL);
+# endif
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/bss_fd.c b/openssl-1.1.0h/crypto/bio/bss_fd.c
new file mode 100644
index 0000000..2bd3517
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_fd.c
@@ -0,0 +1,275 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+
+#if defined(OPENSSL_NO_POSIX_IO)
+/*
+ * Dummy placeholder for BIO_s_fd...
+ */
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    return NULL;
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    return 0;
+}
+
+int BIO_fd_should_retry(int i)
+{
+    return 0;
+}
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return NULL;
+}
+#else
+/*
+ * As for unconditional usage of "UPLINK" interface in this module.
+ * Trouble is that unlike Unix file descriptors [which are indexes
+ * in kernel-side per-process table], corresponding descriptors on
+ * platforms which require "UPLINK" interface seem to be indexes
+ * in a user-land, non-global table. Well, in fact they are indexes
+ * in stdio _iob[], and recall that _iob[] was the very reason why
+ * "UPLINK" interface was introduced in first place. But one way on
+ * another. Neither libcrypto or libssl use this BIO meaning that
+ * file descriptors can only be provided by application. Therefore
+ * "UPLINK" calls are due...
+ */
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static int fd_gets(BIO *h, char *buf, int size);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static const BIO_METHOD methods_fdp = {
+    BIO_TYPE_FD,
+    "file descriptor",
+    fd_write,
+    fd_read,
+    fd_puts,
+    fd_gets,
+    fd_ctrl,
+    fd_new,
+    fd_free,
+    NULL,                       /* fd_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return (&methods_fdp);
+}
+
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    BIO *ret;
+    ret = BIO_new(BIO_s_fd());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
+
+static int fd_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = -1;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
+    return (1);
+}
+
+static int fd_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            UP_close(a->num);
+        }
+        a->init = 0;
+        a->flags = BIO_FLAGS_UPLINK;
+    }
+    return (1);
+}
+
+static int fd_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_sys_error();
+        ret = UP_read(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_fd_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return (ret);
+}
+
+static int fd_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    clear_sys_error();
+    ret = UP_write(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_fd_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return (ret);
+}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        /* fall thru */
+    case BIO_C_FILE_SEEK:
+        ret = (long)UP_lseek(b->num, num, 0);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = (long)UP_lseek(b->num, 0, 1);
+        break;
+    case BIO_C_SET_FD:
+        fd_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int fd_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = fd_write(bp, str, n);
+    return (ret);
+}
+
+static int fd_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+    char *ptr = buf;
+    char *end = buf + size - 1;
+
+    while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n'))
+        ptr++;
+
+    ptr[0] = '\0';
+
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+    return (ret);
+}
+
+int BIO_fd_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_sys_error();
+
+        return (BIO_fd_non_fatal_error(err));
+    }
+    return (0);
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    switch (err) {
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bio/bss_file.c b/openssl-1.1.0h/crypto/bio/bss_file.c
new file mode 100644
index 0000000..2edf244
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_file.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *              with binary data (e.g. asn1parse -inform DER < xxx) under
+ *              Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+# define HEADER_BSS_FILE_C
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
+
+# include <stdio.h>
+# include <errno.h>
+# include "bio_lcl.h"
+# include <openssl/err.h>
+
+# if !defined(OPENSSL_NO_STDIO)
+
+static int file_write(BIO *h, const char *buf, int num);
+static int file_read(BIO *h, char *buf, int size);
+static int file_puts(BIO *h, const char *str);
+static int file_gets(BIO *h, char *str, int size);
+static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int file_new(BIO *h);
+static int file_free(BIO *data);
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    file_write,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    BIO  *ret;
+    FILE *file = openssl_fopen(filename, mode);
+    int fp_flags = BIO_CLOSE;
+
+    if (strchr(mode, 'b') == NULL)
+        fp_flags |= BIO_FP_TEXT;
+
+    if (file == NULL) {
+        SYSerr(SYS_F_FOPEN, get_last_sys_error());
+        ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
+        if (errno == ENOENT
+# ifdef ENXIO
+            || errno == ENXIO
+# endif
+            )
+            BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+        else
+            BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+        return (NULL);
+    }
+    if ((ret = BIO_new(BIO_s_file())) == NULL) {
+        fclose(file);
+        return (NULL);
+    }
+
+    BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                             * UPLINK */
+    BIO_set_fp(ret, file, fp_flags);
+    return (ret);
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+    BIO *ret;
+
+    if ((ret = BIO_new(BIO_s_file())) == NULL)
+        return (NULL);
+
+    /* redundant flag, left for documentation purposes */
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK);
+    BIO_set_fp(ret, stream, close_flag);
+    return (ret);
+}
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return (&methods_filep);
+}
+
+static int file_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
+    return (1);
+}
+
+static int file_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            if (a->flags & BIO_FLAGS_UPLINK)
+                UP_fclose(a->ptr);
+            else
+                fclose(a->ptr);
+            a->ptr = NULL;
+            a->flags = BIO_FLAGS_UPLINK;
+        }
+        a->init = 0;
+    }
+    return (1);
+}
+
+static int file_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (b->init && (out != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fread(out, 1, (int)outl, b->ptr);
+        else
+            ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+        if (ret == 0
+            && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
+                                               ferror((FILE *)b->ptr)) {
+            SYSerr(SYS_F_FREAD, get_last_sys_error());
+            BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+            ret = -1;
+        }
+    }
+    return (ret);
+}
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if (b->init && (in != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+        else
+            ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+        if (ret)
+            ret = inl;
+        /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+        /*
+         * according to Tim Hudson <tjh@cryptsoft.com>, the commented out
+         * version above can cause 'inl' write calls under some stupid stdio
+         * implementations (VMS)
+         */
+    }
+    return (ret);
+}
+
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    FILE *fp = (FILE *)b->ptr;
+    FILE **fpp;
+    char p[4];
+    int st;
+
+    switch (cmd) {
+    case BIO_C_FILE_SEEK:
+    case BIO_CTRL_RESET:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_fseek(b->ptr, num, 0);
+        else
+            ret = (long)fseek(fp, num, 0);
+        break;
+    case BIO_CTRL_EOF:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_feof(fp);
+        else
+            ret = (long)feof(fp);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_ftell(b->ptr);
+        else
+            ret = ftell(fp);
+        break;
+    case BIO_C_SET_FILE_PTR:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        b->ptr = ptr;
+        b->init = 1;
+#  if BIO_FLAGS_UPLINK!=0
+#   if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#    define _IOB_ENTRIES 20
+#   endif
+        /* Safety net to catch purely internal BIO_set_fp calls */
+#   if defined(_MSC_VER) && _MSC_VER>=1900
+        if (ptr == stdin || ptr == stdout || ptr == stderr)
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   elif defined(_IOB_ENTRIES)
+        if ((size_t)ptr >= (size_t)stdin &&
+            (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   endif
+#  endif
+#  ifdef UP_fsetmod
+        if (b->flags & BIO_FLAGS_UPLINK)
+            UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b'));
+        else
+#  endif
+        {
+#  if defined(OPENSSL_SYS_WINDOWS)
+            int fd = _fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            else
+                _setmode(fd, _O_BINARY);
+#  elif defined(OPENSSL_SYS_MSDOS)
+            int fd = fileno((FILE *)ptr);
+            /* Set correct text/binary mode */
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            /* Dangerous to set stdin/stdout to raw (unless redirected) */
+            else {
+                if (fd == STDIN_FILENO || fd == STDOUT_FILENO) {
+                    if (isatty(fd) <= 0)
+                        _setmode(fd, _O_BINARY);
+                } else
+                    _setmode(fd, _O_BINARY);
+            }
+#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+            int fd = fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                setmode(fd, O_TEXT);
+            else
+                setmode(fd, O_BINARY);
+#  endif
+        }
+        break;
+    case BIO_C_SET_FILENAME:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        if (num & BIO_FP_APPEND) {
+            if (num & BIO_FP_READ)
+                OPENSSL_strlcpy(p, "a+", sizeof(p));
+            else
+                OPENSSL_strlcpy(p, "a", sizeof(p));
+        } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+            OPENSSL_strlcpy(p, "r+", sizeof(p));
+        else if (num & BIO_FP_WRITE)
+            OPENSSL_strlcpy(p, "w", sizeof(p));
+        else if (num & BIO_FP_READ)
+            OPENSSL_strlcpy(p, "r", sizeof(p));
+        else {
+            BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+            ret = 0;
+            break;
+        }
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+        if (!(num & BIO_FP_TEXT))
+            strcat(p, "b");
+        else
+            strcat(p, "t");
+#  endif
+        fp = openssl_fopen(ptr, p);
+        if (fp == NULL) {
+            SYSerr(SYS_F_FOPEN, get_last_sys_error());
+            ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+            break;
+        }
+        b->ptr = fp;
+        b->init = 1;
+        BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                               * UPLINK */
+        break;
+    case BIO_C_GET_FILE_PTR:
+        /* the ptr parameter is actually a FILE ** in this case. */
+        if (ptr != NULL) {
+            fpp = (FILE **)ptr;
+            *fpp = (FILE *)b->ptr;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_FLUSH:
+        st = b->flags & BIO_FLAGS_UPLINK
+                ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr);
+        if (st == EOF) {
+            SYSerr(SYS_F_FFLUSH, get_last_sys_error());
+            ERR_add_error_data(1, "fflush()");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_WPENDING:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+
+    buf[0] = '\0';
+    if (bp->flags & BIO_FLAGS_UPLINK) {
+        if (!UP_fgets(buf, size, bp->ptr))
+            goto err;
+    } else {
+        if (!fgets(buf, size, (FILE *)bp->ptr))
+            goto err;
+    }
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+ err:
+    return (ret);
+}
+
+static int file_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = file_write(bp, str, n);
+    return (ret);
+}
+
+#else
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    return -1;
+}
+static int file_read(BIO *b, char *out, int outl)
+{
+    return -1;
+}
+static int file_puts(BIO *bp, const char *str)
+{
+    return -1;
+}
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    return 0;
+}
+static int file_new(BIO *bi)
+{
+    return 0;
+}
+static int file_free(BIO *a)
+{
+    return 0;
+}
+
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    file_write,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return (&methods_filep);
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+# endif                         /* OPENSSL_NO_STDIO */
+
+#endif                          /* HEADER_BSS_FILE_C */
diff --git a/openssl-1.1.0h/crypto/bio/bss_log.c b/openssl-1.1.0h/crypto/bio/bss_log.c
new file mode 100644
index 0000000..5221acc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_log.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Why BIO_s_log?
+ *
+ * BIO_s_log is useful for system daemons (or services under NT). It is
+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use
+ * that), or event log (on NT), or OPCOM (on OpenVMS).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+#elif defined(OPENSSL_SYS_VMS)
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+#elif defined(OPENSSL_SYS_NETWARE)
+# define NO_SYSLOG
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+# include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+# if defined(OPENSSL_SYS_WIN32)
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      (3<<3)
+# elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      OPC$M_NM_NTWORK
+# endif
+
+static int slg_write(BIO *h, const char *buf, int num);
+static int slg_puts(BIO *h, const char *str);
+static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int slg_new(BIO *h);
+static int slg_free(BIO *data);
+static void xopenlog(BIO *bp, char *name, int level);
+static void xsyslog(BIO *bp, int priority, const char *string);
+static void xcloselog(BIO *bp);
+
+static const BIO_METHOD methods_slg = {
+    BIO_TYPE_MEM,
+    "syslog",
+    slg_write,
+    NULL,                      /* slg_read,         */
+    slg_puts,
+    NULL,                      /* slg_gets,         */
+    slg_ctrl,
+    slg_new,
+    slg_free,
+    NULL,                      /* slg_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_log(void)
+{
+    return (&methods_slg);
+}
+
+static int slg_new(BIO *bi)
+{
+    bi->init = 1;
+    bi->num = 0;
+    bi->ptr = NULL;
+    xopenlog(bi, "application", LOG_DAEMON);
+    return (1);
+}
+
+static int slg_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    xcloselog(a);
+    return (1);
+}
+
+static int slg_write(BIO *b, const char *in, int inl)
+{
+    int ret = inl;
+    char *buf;
+    char *pp;
+    int priority, i;
+    static const struct {
+        int strl;
+        char str[10];
+        int log_level;
+    } mapping[] = {
+        {
+            6, "PANIC ", LOG_EMERG
+        },
+        {
+            6, "EMERG ", LOG_EMERG
+        },
+        {
+            4, "EMR ", LOG_EMERG
+        },
+        {
+            6, "ALERT ", LOG_ALERT
+        },
+        {
+            4, "ALR ", LOG_ALERT
+        },
+        {
+            5, "CRIT ", LOG_CRIT
+        },
+        {
+            4, "CRI ", LOG_CRIT
+        },
+        {
+            6, "ERROR ", LOG_ERR
+        },
+        {
+            4, "ERR ", LOG_ERR
+        },
+        {
+            8, "WARNING ", LOG_WARNING
+        },
+        {
+            5, "WARN ", LOG_WARNING
+        },
+        {
+            4, "WAR ", LOG_WARNING
+        },
+        {
+            7, "NOTICE ", LOG_NOTICE
+        },
+        {
+            5, "NOTE ", LOG_NOTICE
+        },
+        {
+            4, "NOT ", LOG_NOTICE
+        },
+        {
+            5, "INFO ", LOG_INFO
+        },
+        {
+            4, "INF ", LOG_INFO
+        },
+        {
+            6, "DEBUG ", LOG_DEBUG
+        },
+        {
+            4, "DBG ", LOG_DEBUG
+        },
+        {
+            0, "", LOG_ERR
+        }
+        /* The default */
+    };
+
+    if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
+        return (0);
+    }
+    strncpy(buf, in, inl);
+    buf[inl] = '\0';
+
+    i = 0;
+    while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
+        i++;
+    priority = mapping[i].log_level;
+    pp = buf + mapping[i].strl;
+
+    xsyslog(b, priority, pp);
+
+    OPENSSL_free(buf);
+    return (ret);
+}
+
+static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    switch (cmd) {
+    case BIO_CTRL_SET:
+        xcloselog(b);
+        xopenlog(b, ptr, num);
+        break;
+    default:
+        break;
+    }
+    return (0);
+}
+
+static int slg_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = slg_write(bp, str, n);
+    return (ret);
+}
+
+# if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    if (check_winnt())
+        bp->ptr = RegisterEventSourceA(NULL, name);
+    else
+        bp->ptr = NULL;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    LPCSTR lpszStrings[2];
+    WORD evtype = EVENTLOG_ERROR_TYPE;
+    char pidbuf[DECIMAL_SIZE(DWORD) + 4];
+
+    if (bp->ptr == NULL)
+        return;
+
+    switch (priority) {
+    case LOG_EMERG:
+    case LOG_ALERT:
+    case LOG_CRIT:
+    case LOG_ERR:
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    case LOG_WARNING:
+        evtype = EVENTLOG_WARNING_TYPE;
+        break;
+    case LOG_NOTICE:
+    case LOG_INFO:
+    case LOG_DEBUG:
+        evtype = EVENTLOG_INFORMATION_TYPE;
+        break;
+    default:
+        /*
+         * Should never happen, but set it
+         * as error anyway.
+         */
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    }
+
+    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
+    lpszStrings[0] = pidbuf;
+    lpszStrings[1] = string;
+
+    ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
+}
+
+static void xcloselog(BIO *bp)
+{
+    if (bp->ptr)
+        DeregisterEventSource((HANDLE) (bp->ptr));
+    bp->ptr = NULL;
+}
+
+# elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    VMS_OPC_target = level;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+#   define OPCDEF_TYPE __char_ptr32
+#   define OPCDEF_MALLOC _malloc32
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define OPCDEF_TYPE char *
+#   define OPCDEF_MALLOC OPENSSL_malloc
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    struct opcdef *opcdef_p;
+
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+
+    char buf[10240];
+    unsigned int len;
+    struct dsc$descriptor_s buf_dsc;
+    $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+    char *priority_tag;
+
+    switch (priority) {
+    case LOG_EMERG:
+        priority_tag = "Emergency";
+        break;
+    case LOG_ALERT:
+        priority_tag = "Alert";
+        break;
+    case LOG_CRIT:
+        priority_tag = "Critical";
+        break;
+    case LOG_ERR:
+        priority_tag = "Error";
+        break;
+    case LOG_WARNING:
+        priority_tag = "Warning";
+        break;
+    case LOG_NOTICE:
+        priority_tag = "Notice";
+        break;
+    case LOG_INFO:
+        priority_tag = "Info";
+        break;
+    case LOG_DEBUG:
+        priority_tag = "DEBUG";
+        break;
+    }
+
+    buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+    buf_dsc.dsc$a_pointer = buf;
+    buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+    lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+    /* We know there's an 8-byte header.  That's documented. */
+    opcdef_p = OPCDEF_MALLOC(8 + len);
+    opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+    memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+    opcdef_p->opc$l_ms_rqstid = 0;
+    memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+    opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+    opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
+    opc_dsc.dsc$w_length = len + 8;
+
+    sys$sndopr(opc_dsc, 0);
+
+    OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO *bp)
+{
+}
+
+# else                          /* Unix/Watt32 */
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+#  ifdef WATT32                 /* djgpp/DOS */
+    openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level);
+#  else
+    openlog(name, LOG_PID | LOG_CONS, level);
+#  endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO *bp)
+{
+    closelog();
+}
+
+# endif                         /* Unix */
+
+#endif                          /* NO_SYSLOG */
diff --git a/openssl-1.1.0h/crypto/bio/bss_mem.c b/openssl-1.1.0h/crypto/bio/bss_mem.c
new file mode 100644
index 0000000..ff9a3eb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_mem.c
@@ -0,0 +1,347 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int secmem_new(BIO *h);
+static int mem_free(BIO *data);
+static int mem_buf_free(BIO *data, int free_all);
+static int mem_buf_sync(BIO *h);
+
+static const BIO_METHOD mem_method = {
+    BIO_TYPE_MEM,
+    "memory buffer",
+    mem_write,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    mem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+static const BIO_METHOD secmem_method = {
+    BIO_TYPE_MEM,
+    "secure memory buffer",
+    mem_write,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    secmem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+/* BIO memory stores buffer and read pointer  */
+typedef struct bio_buf_mem_st {
+    struct buf_mem_st *buf;   /* allocated buffer */
+    struct buf_mem_st *readp; /* read pointer */
+} BIO_BUF_MEM;
+
+/*
+ * bio->num is used to hold the value to return on 'empty', if it is 0,
+ * should_retry is not set
+ */
+
+const BIO_METHOD *BIO_s_mem(void)
+{
+    return (&mem_method);
+}
+
+const BIO_METHOD *BIO_s_secmem(void)
+{
+    return(&secmem_method);
+}
+
+BIO *BIO_new_mem_buf(const void *buf, int len)
+{
+    BIO *ret;
+    BUF_MEM *b;
+    BIO_BUF_MEM *bb;
+    size_t sz;
+
+    if (buf == NULL) {
+        BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+        return NULL;
+    }
+    sz = (len < 0) ? strlen(buf) : (size_t)len;
+    if ((ret = BIO_new(BIO_s_mem())) == NULL)
+        return NULL;
+    bb = (BIO_BUF_MEM *)ret->ptr;
+    b = bb->buf;
+    /* Cast away const and trust in the MEM_RDONLY flag. */
+    b->data = (void *)buf;
+    b->length = sz;
+    b->max = sz;
+    *bb->readp = *bb->buf;
+    ret->flags |= BIO_FLAGS_MEM_RDONLY;
+    /* Since this is static data retrying won't help */
+    ret->num = 0;
+    return ret;
+}
+
+static int mem_init(BIO *bi, unsigned long flags)
+{
+    BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
+
+    if (bb == NULL)
+        return 0;
+    if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) {
+        OPENSSL_free(bb);
+        return 0;
+    }
+    if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) {
+        BUF_MEM_free(bb->buf);
+        OPENSSL_free(bb);
+        return 0;
+    }
+    *bb->readp = *bb->buf;
+    bi->shutdown = 1;
+    bi->init = 1;
+    bi->num = -1;
+    bi->ptr = (char *)bb;
+    return 1;
+}
+
+static int mem_new(BIO *bi)
+{
+    return (mem_init(bi, 0L));
+}
+
+static int secmem_new(BIO *bi)
+{
+    return (mem_init(bi, BUF_MEM_FLAG_SECURE));
+}
+
+static int mem_free(BIO *a)
+{
+    return (mem_buf_free(a, 1));
+}
+
+static int mem_buf_free(BIO *a, int free_all)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            BUF_MEM *b;
+            BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+
+            if (bb != NULL) {
+                b = bb->buf;
+                if (a->flags & BIO_FLAGS_MEM_RDONLY)
+                    b->data = NULL;
+                BUF_MEM_free(b);
+                if (free_all) {
+                    OPENSSL_free(bb->readp);
+                    OPENSSL_free(bb);
+                }
+            }
+            a->ptr = NULL;
+        }
+    }
+    return (1);
+}
+
+/*
+ * Reallocate memory buffer if read pointer differs
+ */
+static int mem_buf_sync(BIO *b)
+{
+    if (b != NULL && b->init != 0 && b->ptr != NULL) {
+        BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+        if (bbm->readp->data != bbm->buf->data) {
+            memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
+            bbm->buf->length = bbm->readp->length;
+            bbm->readp->data = bbm->buf->data;
+        }
+    }
+    return (0);
+}
+
+static int mem_read(BIO *b, char *out, int outl)
+{
+    int ret = -1;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    BIO_clear_retry_flags(b);
+    ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
+    if ((out != NULL) && (ret > 0)) {
+        memcpy(out, bm->data, ret);
+        bm->length -= ret;
+        bm->data += ret;
+    } else if (bm->length == 0) {
+        ret = b->num;
+        if (ret != 0)
+            BIO_set_retry_read(b);
+    }
+    return (ret);
+}
+
+static int mem_write(BIO *b, const char *in, int inl)
+{
+    int ret = -1;
+    int blen;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+    if (in == NULL) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+        goto end;
+    }
+    if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+        goto end;
+    }
+    BIO_clear_retry_flags(b);
+    blen = bbm->readp->length;
+    mem_buf_sync(b);
+    if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)
+        goto end;
+    memcpy(bbm->buf->data + blen, in, inl);
+    *bbm->readp = *bbm->buf;
+    ret = inl;
+ end:
+    return (ret);
+}
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    char **pptr;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        bm = bbm->buf;
+        if (bm->data != NULL) {
+            /* For read only case reset to the start again */
+            if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) {
+                bm->length = bm->max;
+            } else {
+                memset(bm->data, 0, bm->max);
+                bm->length = 0;
+            }
+            *bbm->readp = *bbm->buf;
+        }
+        break;
+    case BIO_CTRL_EOF:
+        bm = bbm->readp;
+        ret = (long)(bm->length == 0);
+        break;
+    case BIO_C_SET_BUF_MEM_EOF_RETURN:
+        b->num = (int)num;
+        break;
+    case BIO_CTRL_INFO:
+        bm = bbm->readp;
+        ret = (long)bm->length;
+        if (ptr != NULL) {
+            pptr = (char **)ptr;
+            *pptr = (char *)&(bm->data[0]);
+        }
+        break;
+    case BIO_C_SET_BUF_MEM:
+        mem_buf_free(b, 0);
+        b->shutdown = (int)num;
+        bbm->buf = ptr;
+        *bbm->readp = *bbm->buf;
+        b->ptr = bbm;
+        break;
+    case BIO_C_GET_BUF_MEM_PTR:
+        if (ptr != NULL) {
+            mem_buf_sync(b);
+            bm = bbm->readp;
+            pptr = (char **)ptr;
+            *pptr = (char *)bm;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = 0L;
+        break;
+    case BIO_CTRL_PENDING:
+        bm = bbm->readp;
+        ret = (long)bm->length;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int mem_gets(BIO *bp, char *buf, int size)
+{
+    int i, j;
+    int ret = -1;
+    char *p;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    BIO_clear_retry_flags(bp);
+    j = bm->length;
+    if ((size - 1) < j)
+        j = size - 1;
+    if (j <= 0) {
+        *buf = '\0';
+        return 0;
+    }
+    p = bm->data;
+    for (i = 0; i < j; i++) {
+        if (p[i] == '\n') {
+            i++;
+            break;
+        }
+    }
+
+    /*
+     * i is now the max num of bytes to copy, either j or up to
+     * and including the first newline
+     */
+
+    i = mem_read(bp, buf, i);
+    if (i > 0)
+        buf[i] = '\0';
+    ret = i;
+    return (ret);
+}
+
+static int mem_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = mem_write(bp, str, n);
+    /* memory semantics is that it will always work */
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bio/bss_null.c b/openssl-1.1.0h/crypto/bio/bss_null.c
new file mode 100644
index 0000000..56f95f9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_null.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static const BIO_METHOD null_method = {
+    BIO_TYPE_NULL,
+    "NULL",
+    null_write,
+    null_read,
+    null_puts,
+    null_gets,
+    null_ctrl,
+    NULL,
+    NULL,
+    NULL,                     /* null_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_null(void)
+{
+    return (&null_method);
+}
+
+static int null_read(BIO *b, char *out, int outl)
+{
+    return (0);
+}
+
+static int null_write(BIO *b, const char *in, int inl)
+{
+    return (inl);
+}
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+    case BIO_CTRL_EOF:
+    case BIO_CTRL_SET:
+    case BIO_CTRL_SET_CLOSE:
+    case BIO_CTRL_FLUSH:
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int null_gets(BIO *bp, char *buf, int size)
+{
+    return (0);
+}
+
+static int null_puts(BIO *bp, const char *str)
+{
+    if (str == NULL)
+        return (0);
+    return (strlen(str));
+}
diff --git a/openssl-1.1.0h/crypto/bio/bss_sock.c b/openssl-1.1.0h/crypto/bio/bss_sock.c
new file mode 100644
index 0000000..992266d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/bss_sock.c
@@ -0,0 +1,231 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "bio_lcl.h"
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+# include <openssl/bio.h>
+
+# ifdef WATT32
+/* Watt-32 uses same names */
+#  undef sock_write
+#  undef sock_read
+#  undef sock_puts
+#  define sock_write SockWrite
+#  define sock_read  SockRead
+#  define sock_puts  SockPuts
+# endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static const BIO_METHOD methods_sockp = {
+    BIO_TYPE_SOCKET,
+    "socket",
+    sock_write,
+    sock_read,
+    sock_puts,
+    NULL,                       /* sock_gets,         */
+    sock_ctrl,
+    sock_new,
+    sock_free,
+    NULL,                       /* sock_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_socket(void)
+{
+    return (&methods_sockp);
+}
+
+BIO *BIO_new_socket(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_socket());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
+
+static int sock_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = 0;
+    return (1);
+}
+
+static int sock_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return (1);
+}
+
+static int sock_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return (ret);
+}
+
+static int sock_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return (ret);
+}
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_C_SET_FD:
+        sock_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int sock_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = sock_write(bp, str, n);
+    return (ret);
+}
+
+int BIO_sock_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+        return (BIO_sock_non_fatal_error(err));
+    }
+    return (0);
+}
+
+int BIO_sock_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
+
+#endif                          /* #ifndef OPENSSL_NO_SOCK */
diff --git a/openssl-1.1.0h/crypto/bio/build.info b/openssl-1.1.0h/crypto/bio/build.info
new file mode 100644
index 0000000..d1e7d73
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bio/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c b_addr.c \
+        b_sock.c b_sock2.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
+        bss_dgram.c bio_meth.c bf_lbuf.c
diff --git a/openssl-1.1.0h/crypto/blake2/blake2_impl.h b/openssl-1.1.0h/crypto/blake2/blake2_impl.h
new file mode 100644
index 0000000..8fe5c95
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/blake2_impl.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+#include "e_os.h"
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint32_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint32_t w = ((uint32_t)src[0])
+                   | ((uint32_t)src[1] <<  8)
+                   | ((uint32_t)src[2] << 16)
+                   | ((uint32_t)src[3] << 24);
+        return w;
+    }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint64_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint64_t w = ((uint64_t)src[0])
+                   | ((uint64_t)src[1] <<  8)
+                   | ((uint64_t)src[2] << 16)
+                   | ((uint64_t)src[3] << 24)
+                   | ((uint64_t)src[4] << 32)
+                   | ((uint64_t)src[5] << 40)
+                   | ((uint64_t)src[6] << 48)
+                   | ((uint64_t)src[7] << 56);
+        return w;
+    }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 4; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 8; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+    uint64_t w = ((uint64_t)src[0])
+               | ((uint64_t)src[1] <<  8)
+               | ((uint64_t)src[2] << 16)
+               | ((uint64_t)src[3] << 24)
+               | ((uint64_t)src[4] << 32)
+               | ((uint64_t)src[5] << 40);
+    return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+    uint8_t *p = (uint8_t *)dst;
+    p[0] = (uint8_t)w;
+    p[1] = (uint8_t)(w>>8);
+    p[2] = (uint8_t)(w>>16);
+    p[3] = (uint8_t)(w>>24);
+    p[4] = (uint8_t)(w>>32);
+    p[5] = (uint8_t)(w>>40);
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (64 - c));
+}
diff --git a/openssl-1.1.0h/crypto/blake2/blake2_locl.h b/openssl-1.1.0h/crypto/blake2/blake2_locl.h
new file mode 100644
index 0000000..fb7beb9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/blake2_locl.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <stddef.h>
+#include "e_os.h"
+
+#define BLAKE2S_BLOCKBYTES    64
+#define BLAKE2S_OUTBYTES      32
+#define BLAKE2S_KEYBYTES      32
+#define BLAKE2S_SALTBYTES     8
+#define BLAKE2S_PERSONALBYTES 8
+
+#define BLAKE2B_BLOCKBYTES    128
+#define BLAKE2B_OUTBYTES      64
+#define BLAKE2B_KEYBYTES      64
+#define BLAKE2B_SALTBYTES     16
+#define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[6];/* 14 */
+    uint8_t  node_depth;    /* 15 */
+    uint8_t  inner_length;  /* 16 */
+    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
+    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+    uint32_t h[8];
+    uint32_t t[2];
+    uint32_t f[2];
+    uint8_t  buf[BLAKE2S_BLOCKBYTES];
+    size_t   buflen;
+};
+
+struct blake2b_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[8];/* 16 */
+    uint8_t  node_depth;    /* 17 */
+    uint8_t  inner_length;  /* 18 */
+    uint8_t  reserved[14];  /* 32 */
+    uint8_t  salt[BLAKE2B_SALTBYTES]; /* 48 */
+    uint8_t  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+    uint64_t h[8];
+    uint64_t t[2];
+    uint64_t f[2];
+    uint8_t  buf[BLAKE2B_BLOCKBYTES];
+    size_t   buflen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
+
+int BLAKE2s_Init(BLAKE2S_CTX *c);
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/openssl-1.1.0h/crypto/blake2/blake2b.c b/openssl-1.1.0h/crypto/blake2/blake2b.c
new file mode 100644
index 0000000..e77bd9a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/blake2b.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "e_os.h"
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+    0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
+    0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
+    0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
+    0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2B_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2b_IV[i];
+    }
+}
+
+/* init xors IV with input parameter block */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+    size_t i;
+    const uint8_t *p = (const uint8_t *)(P);
+    blake2b_init0(S);
+
+    /* The param struct is carefully hand packed, and should be 64 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2B_PARAM) == 64);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2b_Init(BLAKE2B_CTX *c)
+{
+    BLAKE2B_PARAM P[1];
+    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store64(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->reserved, 0, sizeof(P->reserved));
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2b_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint64_t m[16];
+    uint64_t v[16];
+    int i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2b_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2b_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load64(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2b_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[8]  = blake2b_IV[0];
+        v[9]  = blake2b_IV[1];
+        v[10] = blake2b_IV[2];
+        v[11] = blake2b_IV[3];
+        v[12] = S->t[0] ^ blake2b_IV[4];
+        v[13] = S->t[1] ^ blake2b_IV[5];
+        v[14] = S->f[0] ^ blake2b_IV[6];
+        v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+            d = rotr64(d ^ a, 32); \
+            c = c + d; \
+            b = rotr64(b ^ c, 24); \
+            a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+            d = rotr64(d ^ a, 16); \
+            c = c + d; \
+            b = rotr64(b ^ c, 63); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+        for (i = 0; i < 12; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+        ROUND(10);
+        ROUND(11);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2B_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2b_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
+{
+    int i;
+
+    blake2b_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2b_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to message digest */
+    for (i = 0; i < 8; ++i) {
+        store64(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/blake2/blake2s.c b/openssl-1.1.0h/crypto/blake2/blake2s.c
new file mode 100644
index 0000000..0b3503e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/blake2s.c
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include "e_os.h"
+
+#include "blake2_locl.h"
+#include "blake2_impl.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+    0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2S_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2s_IV[i];
+    }
+}
+
+/* init2 xors IV with input parameter block */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+    const uint8_t *p = (const uint8_t *)(P);
+    size_t i;
+
+    /* The param struct is carefully hand packed, and should be 32 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2S_PARAM) == 32);
+    blake2s_init0(S);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load32(&p[i*4]);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2s_Init(BLAKE2S_CTX *c)
+{
+    BLAKE2S_PARAM P[1];
+
+    P->digest_length = BLAKE2S_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store48(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2s_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint32_t m[16];
+    uint32_t v[16];
+    size_t i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2s_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2s_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load32(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2s_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[ 8] = blake2s_IV[0];
+        v[ 9] = blake2s_IV[1];
+        v[10] = blake2s_IV[2];
+        v[11] = blake2s_IV[3];
+        v[12] = S->t[0] ^ blake2s_IV[4];
+        v[13] = S->t[1] ^ blake2s_IV[5];
+        v[14] = S->f[0] ^ blake2s_IV[6];
+        v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+            d = rotr32(d ^ a, 16); \
+            c = c + d; \
+            b = rotr32(b ^ c, 12); \
+            a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+            d = rotr32(d ^ a, 8); \
+            c = c + d; \
+            b = rotr32(b ^ c, 7); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+        for (i = 0; i < 10; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2S_BLOCKBYTES)  {
+            size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2s_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
+{
+    int i;
+
+    blake2s_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2s_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to temp buffer */
+    for (i = 0; i < 8; ++i) {
+        store32(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/blake2/build.info b/openssl-1.1.0h/crypto/blake2/build.info
new file mode 100644
index 0000000..0036f08
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        blake2b.c blake2s.c m_blake2b.c m_blake2s.c
diff --git a/openssl-1.1.0h/crypto/blake2/m_blake2b.c b/openssl-1.1.0h/crypto/blake2/m_blake2b.c
new file mode 100644
index 0000000..82c6f6b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/m_blake2b.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2b_md = {
+    NID_blake2b512,
+    0,
+    BLAKE2B_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2B_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+};
+
+const EVP_MD *EVP_blake2b512(void)
+{
+    return (&blake2b_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/blake2/m_blake2s.c b/openssl-1.1.0h/crypto/blake2/m_blake2s.c
new file mode 100644
index 0000000..467e91a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/blake2/m_blake2s.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_locl.h"
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2s_md = {
+    NID_blake2s256,
+    0,
+    BLAKE2S_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2S_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
+};
+
+const EVP_MD *EVP_blake2s256(void)
+{
+    return (&blake2s_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/README.pod b/openssl-1.1.0h/crypto/bn/README.pod
new file mode 100644
index 0000000..109ab0d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/README.pod
@@ -0,0 +1,247 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+   BN_ULONG w);
+ void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+   int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+   int dna, int dnb, BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n, int tna, int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n2, BN_ULONG *tmp);
+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+   int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st BIGNUM;
+
+ struct bignum_st
+        {
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
+        int top;        /* Index of last used d +1. */
+        /* The next are internal book keeping for bn_expand. */
+        int dmax;       /* Size of the d array. */
+        int neg;        /* one if the number is negative */
+        int flags;
+        };
+
+
+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size, depending on the 'number of bits' (B<BITS2>) specified in
+C<openssl/bn.h>.
+
+B<dmax> is the size of the B<d> array that has been allocated.  B<top>
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
+BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution.  Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used.  This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>.  It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>.  It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>.  It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>.  It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>.  It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>.  B<n2> must be a power of 2.  It computes
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
+array B<tmp>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_lcl.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number.  bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number.  If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data.  They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word plus one when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
+
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+
+bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+
+=head1 SEE ALSO
+
+L<bn(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/crypto/bn/asm/alpha-mont.pl b/openssl-1.1.0h/crypto/bn/asm/alpha-mont.pl
new file mode 100644
index 0000000..1d68d6d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/alpha-mont.pl
@@ -0,0 +1,331 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# On 21264 RSA sign performance improves by 70/35/20/15 percent for
+# 512/1024/2048/4096 bit key lengths. This is against vendor compiler
+# instructed to '-tune host' code with in-line assembler. Other
+# benchmarks improve by 15-20%. To anchor it to something else, the
+# code provides approximately the same performance per GHz as AMD64.
+# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x
+# difference.
+
+$output=pop;
+open STDOUT,">$output";
+
+# int bn_mul_mont(
+$rp="a0";	# BN_ULONG *rp,
+$ap="a1";	# const BN_ULONG *ap,
+$bp="a2";	# const BN_ULONG *bp,
+$np="a3";	# const BN_ULONG *np,
+$n0="a4";	# const BN_ULONG *n0,
+$num="a5";	# int num);
+
+$lo0="t0";
+$hi0="t1";
+$lo1="t2";
+$hi1="t3";
+$aj="t4";
+$bi="t5";
+$nj="t6";
+$tp="t7";
+$alo="t8";
+$ahi="t9";
+$nlo="t10";
+$nhi="t11";
+$tj="t12";
+$i="s3";
+$j="s4";
+$m1="s5";
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+
+.globl	bn_mul_mont
+.align	5
+.ent	bn_mul_mont
+bn_mul_mont:
+	lda	sp,-48(sp)
+	stq	ra,0(sp)
+	stq	s3,8(sp)
+	stq	s4,16(sp)
+	stq	s5,24(sp)
+	stq	fp,32(sp)
+	mov	sp,fp
+	.mask	0x0400f000,-48
+	.frame	fp,48,ra
+	.prologue 0
+
+	.align	4
+	.set	reorder
+	sextl	$num,$num
+	mov	0,v0
+	cmplt	$num,4,AT
+	bne	AT,.Lexit
+
+	ldq	$hi0,0($ap)	# ap[0]
+	s8addq	$num,16,AT
+	ldq	$aj,8($ap)
+	subq	sp,AT,sp
+	ldq	$bi,0($bp)	# bp[0]
+	lda	AT,-4096(zero)	# mov	-4096,AT
+	ldq	$n0,0($n0)
+	and	sp,AT,sp
+
+	mulq	$hi0,$bi,$lo0
+	ldq	$hi1,0($np)	# np[0]
+	umulh	$hi0,$bi,$hi0
+	ldq	$nj,8($np)
+
+	mulq	$lo0,$n0,$m1
+
+	mulq	$hi1,$m1,$lo1
+	umulh	$hi1,$m1,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,AT
+	addq	$hi1,AT,$hi1
+
+	mulq	$aj,$bi,$alo
+	mov	2,$j
+	umulh	$aj,$bi,$ahi
+	mov	sp,$tp
+
+	mulq	$nj,$m1,$nlo
+	s8addq	$j,$ap,$aj
+	umulh	$nj,$m1,$nhi
+	s8addq	$j,$np,$nj
+.align	4
+.L1st:
+	.set	noreorder
+	ldq	$aj,0($aj)
+	addl	$j,1,$j
+	ldq	$nj,0($nj)
+	lda	$tp,8($tp)
+
+	addq	$alo,$hi0,$lo0
+	mulq	$aj,$bi,$alo
+	cmpult	$lo0,$hi0,AT
+	addq	$nlo,$hi1,$lo1
+
+	mulq	$nj,$m1,$nlo
+	addq	$ahi,AT,$hi0
+	cmpult	$lo1,$hi1,v0
+	cmplt	$j,$num,$tj
+
+	umulh	$aj,$bi,$ahi
+	addq	$nhi,v0,$hi1
+	addq	$lo1,$lo0,$lo1
+	s8addq	$j,$ap,$aj
+
+	umulh	$nj,$m1,$nhi
+	cmpult	$lo1,$lo0,v0
+	addq	$hi1,v0,$hi1
+	s8addq	$j,$np,$nj
+
+	stq	$lo1,-8($tp)
+	nop
+	unop
+	bne	$tj,.L1st
+	.set	reorder
+
+	addq	$alo,$hi0,$lo0
+	addq	$nlo,$hi1,$lo1
+	cmpult	$lo0,$hi0,AT
+	cmpult	$lo1,$hi1,v0
+	addq	$ahi,AT,$hi0
+	addq	$nhi,v0,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,v0
+	addq	$hi1,v0,$hi1
+
+	stq	$lo1,0($tp)
+
+	addq	$hi1,$hi0,$hi1
+	cmpult	$hi1,$hi0,AT
+	stq	$hi1,8($tp)
+	stq	AT,16($tp)
+
+	mov	1,$i
+.align	4
+.Louter:
+	s8addq	$i,$bp,$bi
+	ldq	$hi0,0($ap)
+	ldq	$aj,8($ap)
+	ldq	$bi,0($bi)
+	ldq	$hi1,0($np)
+	ldq	$nj,8($np)
+	ldq	$tj,0(sp)
+
+	mulq	$hi0,$bi,$lo0
+	umulh	$hi0,$bi,$hi0
+
+	addq	$lo0,$tj,$lo0
+	cmpult	$lo0,$tj,AT
+	addq	$hi0,AT,$hi0
+
+	mulq	$lo0,$n0,$m1
+
+	mulq	$hi1,$m1,$lo1
+	umulh	$hi1,$m1,$hi1
+
+	addq	$lo1,$lo0,$lo1
+	cmpult	$lo1,$lo0,AT
+	mov	2,$j
+	addq	$hi1,AT,$hi1
+
+	mulq	$aj,$bi,$alo
+	mov	sp,$tp
+	umulh	$aj,$bi,$ahi
+
+	mulq	$nj,$m1,$nlo
+	s8addq	$j,$ap,$aj
+	umulh	$nj,$m1,$nhi
+.align	4
+.Linner:
+	.set	noreorder
+	ldq	$tj,8($tp)	#L0
+	nop			#U1
+	ldq	$aj,0($aj)	#L1
+	s8addq	$j,$np,$nj	#U0
+
+	ldq	$nj,0($nj)	#L0
+	nop			#U1
+	addq	$alo,$hi0,$lo0	#L1
+	lda	$tp,8($tp)
+
+	mulq	$aj,$bi,$alo	#U1
+	cmpult	$lo0,$hi0,AT	#L0
+	addq	$nlo,$hi1,$lo1	#L1
+	addl	$j,1,$j
+
+	mulq	$nj,$m1,$nlo	#U1
+	addq	$ahi,AT,$hi0	#L0
+	addq	$lo0,$tj,$lo0	#L1
+	cmpult	$lo1,$hi1,v0	#U0
+
+	umulh	$aj,$bi,$ahi	#U1
+	cmpult	$lo0,$tj,AT	#L0
+	addq	$lo1,$lo0,$lo1	#L1
+	addq	$nhi,v0,$hi1	#U0
+
+	umulh	$nj,$m1,$nhi	#U1
+	s8addq	$j,$ap,$aj	#L0
+	cmpult	$lo1,$lo0,v0	#L1
+	cmplt	$j,$num,$tj	#U0	# borrow $tj
+
+	addq	$hi0,AT,$hi0	#L0
+	addq	$hi1,v0,$hi1	#U1
+	stq	$lo1,-8($tp)	#L1
+	bne	$tj,.Linner	#U0
+	.set	reorder
+
+	ldq	$tj,8($tp)
+	addq	$alo,$hi0,$lo0
+	addq	$nlo,$hi1,$lo1
+	cmpult	$lo0,$hi0,AT
+	cmpult	$lo1,$hi1,v0
+	addq	$ahi,AT,$hi0
+	addq	$nhi,v0,$hi1
+
+	addq	$lo0,$tj,$lo0
+	cmpult	$lo0,$tj,AT
+	addq	$hi0,AT,$hi0
+
+	ldq	$tj,16($tp)
+	addq	$lo1,$lo0,$j
+	cmpult	$j,$lo0,v0
+	addq	$hi1,v0,$hi1
+
+	addq	$hi1,$hi0,$lo1
+	stq	$j,0($tp)
+	cmpult	$lo1,$hi0,$hi1
+	addq	$lo1,$tj,$lo1
+	cmpult	$lo1,$tj,AT
+	addl	$i,1,$i
+	addq	$hi1,AT,$hi1
+	stq	$lo1,8($tp)
+	cmplt	$i,$num,$tj	# borrow $tj
+	stq	$hi1,16($tp)
+	bne	$tj,.Louter
+
+	s8addq	$num,sp,$tj	# &tp[num]
+	mov	$rp,$bp		# put rp aside
+	mov	sp,$tp
+	mov	sp,$ap
+	mov	0,$hi0		# clear borrow bit
+
+.align	4
+.Lsub:	ldq	$lo0,0($tp)
+	ldq	$lo1,0($np)
+	lda	$tp,8($tp)
+	lda	$np,8($np)
+	subq	$lo0,$lo1,$lo1	# tp[i]-np[i]
+	cmpult	$lo0,$lo1,AT
+	subq	$lo1,$hi0,$lo0
+	cmpult	$lo1,$lo0,$hi0
+	or	$hi0,AT,$hi0
+	stq	$lo0,0($rp)
+	cmpult	$tp,$tj,v0
+	lda	$rp,8($rp)
+	bne	v0,.Lsub
+
+	subq	$hi1,$hi0,$hi0	# handle upmost overflow bit
+	mov	sp,$tp
+	mov	$bp,$rp		# restore rp
+
+	and	sp,$hi0,$ap
+	bic	$bp,$hi0,$bp
+	bis	$bp,$ap,$ap	# ap=borrow?tp:rp
+
+.align	4
+.Lcopy:	ldq	$aj,0($ap)	# copy or in-place refresh
+	lda	$tp,8($tp)
+	lda	$rp,8($rp)
+	lda	$ap,8($ap)
+	stq	zero,-8($tp)	# zap tp
+	cmpult	$tp,$tj,AT
+	stq	$aj,-8($rp)
+	bne	AT,.Lcopy
+	mov	1,v0
+
+.Lexit:
+	.set	noreorder
+	mov	fp,sp
+	/*ldq	ra,0(sp)*/
+	ldq	s3,8(sp)
+	ldq	s4,16(sp)
+	ldq	s5,24(sp)
+	ldq	fp,32(sp)
+	lda	sp,48(sp)
+	ret	(ra)
+.end	bn_mul_mont
+.ascii	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/armv4-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/armv4-gf2m.pl
new file mode 100644
index 0000000..0bb5433
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/armv4-gf2m.pl
@@ -0,0 +1,332 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication
+# used in bn_gf2m.c. It's kind of low-hanging mechanical port from
+# C for the time being... Except that it has two code paths: pure
+# integer code suitable for any ARMv4 and later CPU and NEON code
+# suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs
+# in ~45 cycles on dual-issue core such as Cortex A8, which is ~50%
+# faster than compiler-generated code. For ECDH and ECDSA verify (but
+# not for ECDSA sign) it means 25%-45% improvement depending on key
+# length, more for longer keys. Even though NEON 1x1 multiplication
+# runs in even less cycles, ~30, improvement is measurable only on
+# longer keys. One has to optimize code elsewhere to get NEON glow...
+#
+# April 2014
+#
+# Double bn_GF2m_mul_2x2 performance by using algorithm from paper
+# referred below, which improves ECDH and ECDSA verify benchmarks
+# by 18-40%.
+#
+# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
+# Polynomial Multiplication on ARM Processors using the NEON Engine.
+# 
+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+___
+################
+# private interface to mul_1x1_ialu
+#
+$a="r1";
+$b="r0";
+
+($a0,$a1,$a2,$a12,$a4,$a14)=
+($hi,$lo,$t0,$t1, $i0,$i1 )=map("r$_",(4..9),12);
+
+$mask="r12";
+
+$code.=<<___;
+.type	mul_1x1_ialu,%function
+.align	5
+mul_1x1_ialu:
+	mov	$a0,#0
+	bic	$a1,$a,#3<<30		@ a1=a&0x3fffffff
+	str	$a0,[sp,#0]		@ tab[0]=0
+	add	$a2,$a1,$a1		@ a2=a1<<1
+	str	$a1,[sp,#4]		@ tab[1]=a1
+	eor	$a12,$a1,$a2		@ a1^a2
+	str	$a2,[sp,#8]		@ tab[2]=a2
+	mov	$a4,$a1,lsl#2		@ a4=a1<<2
+	str	$a12,[sp,#12]		@ tab[3]=a1^a2
+	eor	$a14,$a1,$a4		@ a1^a4
+	str	$a4,[sp,#16]		@ tab[4]=a4
+	eor	$a0,$a2,$a4		@ a2^a4
+	str	$a14,[sp,#20]		@ tab[5]=a1^a4
+	eor	$a12,$a12,$a4		@ a1^a2^a4
+	str	$a0,[sp,#24]		@ tab[6]=a2^a4
+	and	$i0,$mask,$b,lsl#2
+	str	$a12,[sp,#28]		@ tab[7]=a1^a2^a4
+
+	and	$i1,$mask,$b,lsr#1
+	ldr	$lo,[sp,$i0]		@ tab[b       & 0x7]
+	and	$i0,$mask,$b,lsr#4
+	ldr	$t1,[sp,$i1]		@ tab[b >>  3 & 0x7]
+	and	$i1,$mask,$b,lsr#7
+	ldr	$t0,[sp,$i0]		@ tab[b >>  6 & 0x7]
+	eor	$lo,$lo,$t1,lsl#3	@ stall
+	mov	$hi,$t1,lsr#29
+	ldr	$t1,[sp,$i1]		@ tab[b >>  9 & 0x7]
+
+	and	$i0,$mask,$b,lsr#10
+	eor	$lo,$lo,$t0,lsl#6
+	eor	$hi,$hi,$t0,lsr#26
+	ldr	$t0,[sp,$i0]		@ tab[b >> 12 & 0x7]
+
+	and	$i1,$mask,$b,lsr#13
+	eor	$lo,$lo,$t1,lsl#9
+	eor	$hi,$hi,$t1,lsr#23
+	ldr	$t1,[sp,$i1]		@ tab[b >> 15 & 0x7]
+
+	and	$i0,$mask,$b,lsr#16
+	eor	$lo,$lo,$t0,lsl#12
+	eor	$hi,$hi,$t0,lsr#20
+	ldr	$t0,[sp,$i0]		@ tab[b >> 18 & 0x7]
+
+	and	$i1,$mask,$b,lsr#19
+	eor	$lo,$lo,$t1,lsl#15
+	eor	$hi,$hi,$t1,lsr#17
+	ldr	$t1,[sp,$i1]		@ tab[b >> 21 & 0x7]
+
+	and	$i0,$mask,$b,lsr#22
+	eor	$lo,$lo,$t0,lsl#18
+	eor	$hi,$hi,$t0,lsr#14
+	ldr	$t0,[sp,$i0]		@ tab[b >> 24 & 0x7]
+
+	and	$i1,$mask,$b,lsr#25
+	eor	$lo,$lo,$t1,lsl#21
+	eor	$hi,$hi,$t1,lsr#11
+	ldr	$t1,[sp,$i1]		@ tab[b >> 27 & 0x7]
+
+	tst	$a,#1<<30
+	and	$i0,$mask,$b,lsr#28
+	eor	$lo,$lo,$t0,lsl#24
+	eor	$hi,$hi,$t0,lsr#8
+	ldr	$t0,[sp,$i0]		@ tab[b >> 30      ]
+
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	eorne	$lo,$lo,$b,lsl#30
+	eorne	$hi,$hi,$b,lsr#2
+	tst	$a,#1<<31
+	eor	$lo,$lo,$t1,lsl#27
+	eor	$hi,$hi,$t1,lsr#5
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	eorne	$lo,$lo,$b,lsl#31
+	eorne	$hi,$hi,$b,lsr#1
+	eor	$lo,$lo,$t0,lsl#30
+	eor	$hi,$hi,$t0,lsr#2
+
+	mov	pc,lr
+.size	mul_1x1_ialu,.-mul_1x1_ialu
+___
+################
+# void	bn_GF2m_mul_2x2(BN_ULONG *r,
+#	BN_ULONG a1,BN_ULONG a0,
+#	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0·b1b0
+{
+$code.=<<___;
+.global	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,%function
+.align	5
+bn_GF2m_mul_2x2:
+#if __ARM_MAX_ARCH__>=7
+	stmdb	sp!,{r10,lr}
+	ldr	r12,.LOPENSSL_armcap
+	adr	r10,.LOPENSSL_armcap
+	ldr	r12,[r12,r10]
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV7_NEON
+	itt	ne
+	ldrne	r10,[sp],#8
+	bne	.LNEON
+	stmdb	sp!,{r4-r9}
+#else
+	stmdb	sp!,{r4-r10,lr}
+#endif
+___
+$ret="r10";	# reassigned 1st argument
+$code.=<<___;
+	mov	$ret,r0			@ reassign 1st argument
+	mov	$b,r3			@ $b=b1
+	sub	r7,sp,#36
+	mov	r8,sp
+	and	r7,r7,#-32
+	ldr	r3,[sp,#32]		@ load b0
+	mov	$mask,#7<<2
+	mov	sp,r7			@ allocate tab[8]
+	str	r8,[r7,#32]
+
+	bl	mul_1x1_ialu		@ a1·b1
+	str	$lo,[$ret,#8]
+	str	$hi,[$ret,#12]
+
+	eor	$b,$b,r3		@ flip b0 and b1
+	 eor	$a,$a,r2		@ flip a0 and a1
+	eor	r3,r3,$b
+	 eor	r2,r2,$a
+	eor	$b,$b,r3
+	 eor	$a,$a,r2
+	bl	mul_1x1_ialu		@ a0·b0
+	str	$lo,[$ret]
+	str	$hi,[$ret,#4]
+
+	eor	$a,$a,r2
+	eor	$b,$b,r3
+	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
+___
+@r=map("r$_",(6..9));
+$code.=<<___;
+	ldmia	$ret,{@r[0]-@r[3]}
+	eor	$lo,$lo,$hi
+	ldr	sp,[sp,#32]		@ destroy tab[8]
+	eor	$hi,$hi,@r[1]
+	eor	$lo,$lo,@r[0]
+	eor	$hi,$hi,@r[2]
+	eor	$lo,$lo,@r[3]
+	eor	$hi,$hi,@r[3]
+	str	$hi,[$ret,#8]
+	eor	$lo,$lo,$hi
+	str	$lo,[$ret,#4]
+
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r10,pc}
+#else
+	ldmia	sp!,{r4-r10,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+___
+}
+{
+my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12));
+my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.align	5
+.LNEON:
+	ldr		r12, [sp]		@ 5th argument
+	vmov		$a, r2, r1
+	vmov		$b, r12, r3
+	vmov.i64	$k48, #0x0000ffffffffffff
+	vmov.i64	$k32, #0x00000000ffffffff
+	vmov.i64	$k16, #0x000000000000ffff
+
+	vext.8		$t0#lo, $a, $a, #1	@ A1
+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
+	vext.8		$r#lo, $b, $b, #1	@ B1
+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
+	vext.8		$t1#lo, $a, $a, #2	@ A2
+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
+	vext.8		$t3#lo, $b, $b, #2	@ B2
+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
+	vext.8		$t2#lo, $a, $a, #3	@ A3
+	veor		$t0, $t0, $r		@ L = E + F
+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
+	vext.8		$r#lo, $b, $b, #3	@ B3
+	veor		$t1, $t1, $t3		@ M = G + H
+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
+	vand		$t0#hi, $t0#hi, $k48
+	vext.8		$t3#lo, $b, $b, #4	@ B4
+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
+	vand		$t1#hi, $t1#hi, $k32
+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
+	veor		$t2, $t2, $r		@ N = I + J
+	veor		$t0#lo, $t0#lo, $t0#hi
+	veor		$t1#lo, $t1#lo, $t1#hi
+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
+	vand		$t2#hi, $t2#hi, $k16
+	vext.8		$t0, $t0, $t0, #15
+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
+	vmov.i64	$t3#hi, #0
+	vext.8		$t1, $t1, $t1, #14
+	veor		$t2#lo, $t2#lo, $t2#hi
+	vmull.p8	$r, $a, $b		@ D = A*B
+	vext.8		$t3, $t3, $t3, #12
+	vext.8		$t2, $t2, $t2, #13
+	veor		$t0, $t0, $t1
+	veor		$t2, $t2, $t3
+	veor		$r, $r, $t0
+	veor		$r, $r, $t2
+
+	vst1.32		{$r}, [r0]
+	ret		@ bx lr
+#endif
+___
+}
+$code.=<<___;
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+#if __ARM_MAX_ARCH__>=7
+.align	5
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.
+#endif
+.asciz	"GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT;   # enforce flush
diff --git a/openssl-1.1.0h/crypto/bn/asm/armv4-mont.pl b/openssl-1.1.0h/crypto/bn/asm/armv4-mont.pl
new file mode 100644
index 0000000..0dc4fe9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/armv4-mont.pl
@@ -0,0 +1,756 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2007.
+
+# Montgomery multiplication for ARMv4.
+#
+# Performance improvement naturally varies among CPU implementations
+# and compilers. The code was observed to provide +65-35% improvement
+# [depending on key length, less for longer keys] on ARM920T, and
+# +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code
+# base and compiler generated code with in-lined umull and even umlal
+# instructions. The latter means that this code didn't really have an 
+# "advantage" of utilizing some "secret" instruction.
+#
+# The code is interoperable with Thumb ISA and is rather compact, less
+# than 1/2KB. Windows CE port would be trivial, as it's exclusively
+# about decorations, ABI and instruction syntax are identical.
+
+# November 2013
+#
+# Add NEON code path, which handles lengths divisible by 8. RSA/DSA
+# performance improvement on Cortex-A8 is ~45-100% depending on key
+# length, more for longer keys. On Cortex-A15 the span is ~10-105%.
+# On Snapdragon S4 improvement was measured to vary from ~70% to
+# incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is
+# rather because original integer-only code seems to perform
+# suboptimally on S4. Situation on Cortex-A9 is unfortunately
+# different. It's being looked into, but the trouble is that
+# performance for vectors longer than 256 bits is actually couple
+# of percent worse than for integer-only code. The code is chosen
+# for execution on all NEON-capable processors, because gain on
+# others outweighs the marginal loss on Cortex-A9.
+
+# September 2015
+#
+# Align Cortex-A9 performance with November 2013 improvements, i.e.
+# NEON code is now ~20-105% faster than integer-only one on this
+# processor. But this optimization further improved performance even
+# on other processors: NEON code path is ~45-180% faster than original
+# integer-only on Cortex-A8, ~10-210% on Cortex-A15, ~70-450% on
+# Snapdragon S4.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$num="r0";	# starts as num argument, but holds &tp[num-1]
+$ap="r1";
+$bp="r2"; $bi="r2"; $rp="r2";
+$np="r3";
+$tp="r4";
+$aj="r5";
+$nj="r6";
+$tj="r7";
+$n0="r8";
+###########	# r9 is reserved by ELF as platform specific, e.g. TLS pointer
+$alo="r10";	# sl, gcc uses it to keep @GOT
+$ahi="r11";	# fp
+$nlo="r12";	# ip
+###########	# r13 is stack pointer
+$nhi="r14";	# lr
+###########	# r15 is program counter
+
+#### argument block layout relative to &tp[num-1], a.k.a. $num
+$_rp="$num,#12*4";
+# ap permanently resides in r1
+$_bp="$num,#13*4";
+# np permanently resides in r3
+$_n0="$num,#14*4";
+$_num="$num,#15*4";	$_bpend=$_num;
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+#if __ARM_MAX_ARCH__>=7
+.align	5
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lbn_mul_mont
+#endif
+
+.global	bn_mul_mont
+.type	bn_mul_mont,%function
+
+.align	5
+bn_mul_mont:
+.Lbn_mul_mont:
+	ldr	ip,[sp,#4]		@ load num
+	stmdb	sp!,{r0,r2}		@ sp points at argument block
+#if __ARM_MAX_ARCH__>=7
+	tst	ip,#7
+	bne	.Lialu
+	adr	r0,.Lbn_mul_mont
+	ldr	r2,.LOPENSSL_armcap
+	ldr	r0,[r0,r2]
+#ifdef	__APPLE__
+	ldr	r0,[r0]
+#endif
+	tst	r0,#ARMV7_NEON		@ NEON available?
+	ldmia	sp, {r0,r2}
+	beq	.Lialu
+	add	sp,sp,#8
+	b	bn_mul8x_mont_neon
+.align	4
+.Lialu:
+#endif
+	cmp	ip,#2
+	mov	$num,ip			@ load num
+#ifdef	__thumb2__
+	ittt	lt
+#endif
+	movlt	r0,#0
+	addlt	sp,sp,#2*4
+	blt	.Labrt
+
+	stmdb	sp!,{r4-r12,lr}		@ save 10 registers
+
+	mov	$num,$num,lsl#2		@ rescale $num for byte count
+	sub	sp,sp,$num		@ alloca(4*num)
+	sub	sp,sp,#4		@ +extra dword
+	sub	$num,$num,#4		@ "num=num-1"
+	add	$tp,$bp,$num		@ &bp[num-1]
+
+	add	$num,sp,$num		@ $num to point at &tp[num-1]
+	ldr	$n0,[$_n0]		@ &n0
+	ldr	$bi,[$bp]		@ bp[0]
+	ldr	$aj,[$ap],#4		@ ap[0],ap++
+	ldr	$nj,[$np],#4		@ np[0],np++
+	ldr	$n0,[$n0]		@ *n0
+	str	$tp,[$_bpend]		@ save &bp[num]
+
+	umull	$alo,$ahi,$aj,$bi	@ ap[0]*bp[0]
+	str	$n0,[$_n0]		@ save n0 value
+	mul	$n0,$alo,$n0		@ "tp[0]"*n0
+	mov	$nlo,#0
+	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"t[0]"
+	mov	$tp,sp
+
+.L1st:
+	ldr	$aj,[$ap],#4		@ ap[j],ap++
+	mov	$alo,$ahi
+	ldr	$nj,[$np],#4		@ np[j],np++
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[0]
+	mov	$nhi,#0
+	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
+	adds	$nlo,$nlo,$alo
+	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
+	adc	$nlo,$nhi,#0
+	cmp	$tp,$num
+	bne	.L1st
+
+	adds	$nlo,$nlo,$ahi
+	ldr	$tp,[$_bp]		@ restore bp
+	mov	$nhi,#0
+	ldr	$n0,[$_n0]		@ restore n0
+	adc	$nhi,$nhi,#0
+	str	$nlo,[$num]		@ tp[num-1]=
+	mov	$tj,sp
+	str	$nhi,[$num,#4]		@ tp[num]=
+
+.Louter:
+	sub	$tj,$num,$tj		@ "original" $num-1 value
+	sub	$ap,$ap,$tj		@ "rewind" ap to &ap[1]
+	ldr	$bi,[$tp,#4]!		@ *(++bp)
+	sub	$np,$np,$tj		@ "rewind" np to &np[1]
+	ldr	$aj,[$ap,#-4]		@ ap[0]
+	ldr	$alo,[sp]		@ tp[0]
+	ldr	$nj,[$np,#-4]		@ np[0]
+	ldr	$tj,[sp,#4]		@ tp[1]
+
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[0]*bp[i]+tp[0]
+	str	$tp,[$_bp]		@ save bp
+	mul	$n0,$alo,$n0
+	mov	$nlo,#0
+	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"tp[0]"
+	mov	$tp,sp
+
+.Linner:
+	ldr	$aj,[$ap],#4		@ ap[j],ap++
+	adds	$alo,$ahi,$tj		@ +=tp[j]
+	ldr	$nj,[$np],#4		@ np[j],np++
+	mov	$ahi,#0
+	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[i]
+	mov	$nhi,#0
+	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
+	adc	$ahi,$ahi,#0
+	ldr	$tj,[$tp,#8]		@ tp[j+1]
+	adds	$nlo,$nlo,$alo
+	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
+	adc	$nlo,$nhi,#0
+	cmp	$tp,$num
+	bne	.Linner
+
+	adds	$nlo,$nlo,$ahi
+	mov	$nhi,#0
+	ldr	$tp,[$_bp]		@ restore bp
+	adc	$nhi,$nhi,#0
+	ldr	$n0,[$_n0]		@ restore n0
+	adds	$nlo,$nlo,$tj
+	ldr	$tj,[$_bpend]		@ restore &bp[num]
+	adc	$nhi,$nhi,#0
+	str	$nlo,[$num]		@ tp[num-1]=
+	str	$nhi,[$num,#4]		@ tp[num]=
+
+	cmp	$tp,$tj
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	movne	$tj,sp
+	bne	.Louter
+
+	ldr	$rp,[$_rp]		@ pull rp
+	mov	$aj,sp
+	add	$num,$num,#4		@ $num to point at &tp[num]
+	sub	$aj,$num,$aj		@ "original" num value
+	mov	$tp,sp			@ "rewind" $tp
+	mov	$ap,$tp			@ "borrow" $ap
+	sub	$np,$np,$aj		@ "rewind" $np to &np[0]
+
+	subs	$tj,$tj,$tj		@ "clear" carry flag
+.Lsub:	ldr	$tj,[$tp],#4
+	ldr	$nj,[$np],#4
+	sbcs	$tj,$tj,$nj		@ tp[j]-np[j]
+	str	$tj,[$rp],#4		@ rp[j]=
+	teq	$tp,$num		@ preserve carry
+	bne	.Lsub
+	sbcs	$nhi,$nhi,#0		@ upmost carry
+	mov	$tp,sp			@ "rewind" $tp
+	sub	$rp,$rp,$aj		@ "rewind" $rp
+
+	and	$ap,$tp,$nhi
+	bic	$np,$rp,$nhi
+	orr	$ap,$ap,$np		@ ap=borrow?tp:rp
+
+.Lcopy:	ldr	$tj,[$ap],#4		@ copy or in-place refresh
+	str	sp,[$tp],#4		@ zap tp
+	str	$tj,[$rp],#4
+	cmp	$tp,$num
+	bne	.Lcopy
+
+	mov	sp,$num
+	add	sp,sp,#4		@ skip over tp[num+1]
+	ldmia	sp!,{r4-r12,lr}		@ restore registers
+	add	sp,sp,#2*4		@ skip over {r0,r2}
+	mov	r0,#1
+.Labrt:
+#if __ARM_ARCH__>=5
+	ret				@ bx lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{
+my ($A0,$A1,$A2,$A3)=map("d$_",(0..3));
+my ($N0,$N1,$N2,$N3)=map("d$_",(4..7));
+my ($Z,$Temp)=("q4","q5");
+my @ACC=map("q$_",(6..13));
+my ($Bi,$Ni,$M0)=map("d$_",(28..31));
+my $zero="$Z#lo";
+my $temp="$Temp#lo";
+
+my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5));
+my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("r$_",(6..11));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	bn_mul8x_mont_neon,%function
+.align	5
+bn_mul8x_mont_neon:
+	mov	ip,sp
+	stmdb	sp!,{r4-r11}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+	ldmia	ip,{r4-r5}		@ load rest of parameter block
+	mov	ip,sp
+
+	cmp	$num,#8
+	bhi	.LNEON_8n
+
+	@ special case for $num==8, everything is in register bank...
+
+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
+	veor		$zero,$zero,$zero
+	sub		$toutptr,sp,$num,lsl#4
+	vld1.32		{$A0-$A3},  [$aptr]!		@ can't specify :32 :-(
+	and		$toutptr,$toutptr,#-64
+	vld1.32		{${M0}[0]}, [$n0,:32]
+	mov		sp,$toutptr			@ alloca
+	vzip.16		$Bi,$zero
+
+	vmull.u32	@ACC[0],$Bi,${A0}[0]
+	vmull.u32	@ACC[1],$Bi,${A0}[1]
+	vmull.u32	@ACC[2],$Bi,${A1}[0]
+	vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmull.u32	@ACC[3],$Bi,${A1}[1]
+
+	vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	veor		$zero,$zero,$zero
+	vmul.u32	$Ni,$Ni,$M0
+
+	vmull.u32	@ACC[4],$Bi,${A2}[0]
+	 vld1.32	{$N0-$N3}, [$nptr]!
+	vmull.u32	@ACC[5],$Bi,${A2}[1]
+	vmull.u32	@ACC[6],$Bi,${A3}[0]
+	vzip.16		$Ni,$zero
+	vmull.u32	@ACC[7],$Bi,${A3}[1]
+
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	sub		$outer,$num,#1
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmov		$Temp,@ACC[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmov		@ACC[0],@ACC[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmov		@ACC[1],@ACC[2]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vmov		@ACC[2],@ACC[3]
+	vmov		@ACC[3],@ACC[4]
+	vshr.u64	$temp,$temp,#16
+	vmov		@ACC[4],@ACC[5]
+	vmov		@ACC[5],@ACC[6]
+	vadd.u64	$temp,$temp,$Temp#hi
+	vmov		@ACC[6],@ACC[7]
+	veor		@ACC[7],@ACC[7]
+	vshr.u64	$temp,$temp,#16
+
+	b	.LNEON_outer8
+
+.align	4
+.LNEON_outer8:
+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
+	veor		$zero,$zero,$zero
+	vzip.16		$Bi,$zero
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+
+	vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	veor		$zero,$zero,$zero
+	subs		$outer,$outer,#1
+	vmul.u32	$Ni,$Ni,$M0
+
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vzip.16		$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmov		$Temp,@ACC[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmov		@ACC[0],@ACC[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmov		@ACC[1],@ACC[2]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vmov		@ACC[2],@ACC[3]
+	vmov		@ACC[3],@ACC[4]
+	vshr.u64	$temp,$temp,#16
+	vmov		@ACC[4],@ACC[5]
+	vmov		@ACC[5],@ACC[6]
+	vadd.u64	$temp,$temp,$Temp#hi
+	vmov		@ACC[6],@ACC[7]
+	veor		@ACC[7],@ACC[7]
+	vshr.u64	$temp,$temp,#16
+
+	bne	.LNEON_outer8
+
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+	mov		$toutptr,sp
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	mov		$inner,$num
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	add		$tinptr,sp,#96
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+	b	.LNEON_tail_entry
+
+.align	4
+.LNEON_8n:
+	veor		@ACC[0],@ACC[0],@ACC[0]
+	 sub		$toutptr,sp,#128
+	veor		@ACC[1],@ACC[1],@ACC[1]
+	 sub		$toutptr,$toutptr,$num,lsl#4
+	veor		@ACC[2],@ACC[2],@ACC[2]
+	 and		$toutptr,$toutptr,#-64
+	veor		@ACC[3],@ACC[3],@ACC[3]
+	 mov		sp,$toutptr			@ alloca
+	veor		@ACC[4],@ACC[4],@ACC[4]
+	 add		$toutptr,$toutptr,#256
+	veor		@ACC[5],@ACC[5],@ACC[5]
+	 sub		$inner,$num,#8
+	veor		@ACC[6],@ACC[6],@ACC[6]
+	veor		@ACC[7],@ACC[7],@ACC[7]
+
+.LNEON_8n_init:
+	vst1.64		{@ACC[0]-@ACC[1]},[$toutptr,:256]!
+	subs		$inner,$inner,#8
+	vst1.64		{@ACC[2]-@ACC[3]},[$toutptr,:256]!
+	vst1.64		{@ACC[4]-@ACC[5]},[$toutptr,:256]!
+	vst1.64		{@ACC[6]-@ACC[7]},[$toutptr,:256]!
+	bne		.LNEON_8n_init
+
+	add		$tinptr,sp,#256
+	vld1.32		{$A0-$A3},[$aptr]!
+	add		$bnptr,sp,#8
+	vld1.32		{${M0}[0]},[$n0,:32]
+	mov		$outer,$num
+	b		.LNEON_8n_outer
+
+.align	4
+.LNEON_8n_outer:
+	vld1.32		{${Bi}[0]},[$bptr,:32]!	@ *b++
+	veor		$zero,$zero,$zero
+	vzip.16		$Bi,$zero
+	add		$toutptr,sp,#128
+	vld1.32		{$N0-$N3},[$nptr]!
+
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	 veor		$zero,$zero,$zero
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	 vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	 vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	 vmul.u32	$Ni,$Ni,$M0
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vst1.32		{$Bi},[sp,:64]		@ put aside smashed b[8*i+0]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	 vzip.16	$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+for ($i=0; $i<7;) {
+$code.=<<___;
+	vld1.32		{${Bi}[0]},[$bptr,:32]!	@ *b++
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	veor		$temp,$temp,$temp
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vzip.16		$Bi,$temp
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	 vadd.u64	@ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	 vadd.u64	@ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo
+	vst1.32		{$Ni},[$bnptr,:64]!	@ put aside smashed m[8*i+$i]
+___
+	push(@ACC,shift(@ACC));	$i++;
+$code.=<<___;
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]!
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	 veor		$zero,$zero,$zero
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	 vshl.i64	$Ni,@ACC[0]#hi,#16
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	 vadd.u64	$Ni,$Ni,@ACC[0]#lo
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	 vmul.u32	$Ni,$Ni,$M0
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vst1.32		{$Bi},[$bnptr,:64]!	@ put aside smashed b[8*i+$i]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	 vzip.16	$Ni,$zero
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	vld1.32		{$Bi},[sp,:64]		@ pull smashed b[8*i+0]
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vld1.32		{$A0-$A3},[$aptr]!
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	 vadd.u64	@ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	 vshr.u64	@ACC[0]#lo,@ACC[0]#lo,#16
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	 vadd.u64	@ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo
+	vst1.32		{$Ni},[$bnptr,:64]	@ put aside smashed m[8*i+$i]
+	add		$bnptr,sp,#8		@ rewind
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	sub		$inner,$num,#8
+	b		.LNEON_8n_inner
+
+.align	4
+.LNEON_8n_inner:
+	subs		$inner,$inner,#8
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vld1.32		{$Ni},[$bnptr,:64]!	@ pull smashed m[8*i+0]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	vld1.32		{$N0-$N3},[$nptr]!
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	it		ne
+	addne		$tinptr,$tinptr,#16	@ don't advance in last iteration
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	vld1.32		{$Bi},[$bnptr,:64]!	@ pull smashed b[8*i+$i]
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+	vst1.64		{@ACC[0]},[$toutptr,:128]!
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	vmlal.u32	@ACC[0],$Bi,${A0}[0]
+	vld1.64		{@ACC[7]},[$tinptr,:128]
+	vmlal.u32	@ACC[1],$Bi,${A0}[1]
+	vld1.32		{$Ni},[$bnptr,:64]!	@ pull smashed m[8*i+$i]
+	vmlal.u32	@ACC[2],$Bi,${A1}[0]
+	it		ne
+	addne		$tinptr,$tinptr,#16	@ don't advance in last iteration
+	vmlal.u32	@ACC[3],$Bi,${A1}[1]
+	vmlal.u32	@ACC[4],$Bi,${A2}[0]
+	vmlal.u32	@ACC[5],$Bi,${A2}[1]
+	vmlal.u32	@ACC[6],$Bi,${A3}[0]
+	vmlal.u32	@ACC[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	it		eq
+	subeq		$aptr,$aptr,$num,lsl#2	@ rewind
+	vmlal.u32	@ACC[0],$Ni,${N0}[0]
+	vld1.32		{$Bi},[sp,:64]		@ pull smashed b[8*i+0]
+	vmlal.u32	@ACC[1],$Ni,${N0}[1]
+	vld1.32		{$A0-$A3},[$aptr]!
+	vmlal.u32	@ACC[2],$Ni,${N1}[0]
+	add		$bnptr,sp,#8		@ rewind
+	vmlal.u32	@ACC[3],$Ni,${N1}[1]
+	vmlal.u32	@ACC[4],$Ni,${N2}[0]
+	vmlal.u32	@ACC[5],$Ni,${N2}[1]
+	vmlal.u32	@ACC[6],$Ni,${N3}[0]
+	vst1.64		{@ACC[0]},[$toutptr,:128]!
+	vmlal.u32	@ACC[7],$Ni,${N3}[1]
+
+	bne		.LNEON_8n_inner
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	add		$tinptr,sp,#128
+	vst1.64		{@ACC[0]-@ACC[1]},[$toutptr,:256]!
+	veor		q2,q2,q2		@ $N0-$N1
+	vst1.64		{@ACC[2]-@ACC[3]},[$toutptr,:256]!
+	veor		q3,q3,q3		@ $N2-$N3
+	vst1.64		{@ACC[4]-@ACC[5]},[$toutptr,:256]!
+	vst1.64		{@ACC[6]},[$toutptr,:128]
+
+	subs		$outer,$outer,#8
+	vld1.64		{@ACC[0]-@ACC[1]},[$tinptr,:256]!
+	vld1.64		{@ACC[2]-@ACC[3]},[$tinptr,:256]!
+	vld1.64		{@ACC[4]-@ACC[5]},[$tinptr,:256]!
+	vld1.64		{@ACC[6]-@ACC[7]},[$tinptr,:256]!
+
+	itt		ne
+	subne		$nptr,$nptr,$num,lsl#2	@ rewind
+	bne		.LNEON_8n_outer
+
+	add		$toutptr,sp,#128
+	vst1.64		{q2-q3}, [sp,:256]!	@ start wiping stack frame
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	vst1.64		{q2-q3},[sp,:256]!
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	vst1.64		{q2-q3}, [sp,:256]!
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vst1.64		{q2-q3}, [sp,:256]!
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+	mov		$inner,$num
+	b		.LNEON_tail_entry
+
+.align	4
+.LNEON_tail:
+	vadd.u64	@ACC[0]#lo,@ACC[0]#lo,$temp
+	vshr.u64	$temp,@ACC[0]#lo,#16
+	vld1.64		{@ACC[2]-@ACC[3]}, [$tinptr, :256]!
+	vadd.u64	@ACC[0]#hi,@ACC[0]#hi,$temp
+	vld1.64		{@ACC[4]-@ACC[5]}, [$tinptr, :256]!
+	vshr.u64	$temp,@ACC[0]#hi,#16
+	vld1.64		{@ACC[6]-@ACC[7]}, [$tinptr, :256]!
+	vzip.16		@ACC[0]#lo,@ACC[0]#hi
+
+.LNEON_tail_entry:
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	vadd.u64	@ACC[1]#lo,@ACC[1]#lo,$temp
+	vst1.32		{@ACC[0]#lo[0]}, [$toutptr, :32]!
+	vshr.u64	$temp,@ACC[1]#lo,#16
+	vadd.u64	@ACC[1]#hi,@ACC[1]#hi,$temp
+	vshr.u64	$temp,@ACC[1]#hi,#16
+	vzip.16		@ACC[1]#lo,@ACC[1]#hi
+___
+	push(@ACC,shift(@ACC));
+}
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	vld1.64		{@ACC[0]-@ACC[1]}, [$tinptr, :256]!
+	subs		$inner,$inner,#8
+	vst1.32		{@ACC[7]#lo[0]},   [$toutptr, :32]!
+	bne	.LNEON_tail
+
+	vst1.32	{${temp}[0]}, [$toutptr, :32]		@ top-most bit
+	sub	$nptr,$nptr,$num,lsl#2			@ rewind $nptr
+	subs	$aptr,sp,#0				@ clear carry flag
+	add	$bptr,sp,$num,lsl#2
+
+.LNEON_sub:
+	ldmia	$aptr!, {r4-r7}
+	ldmia	$nptr!, {r8-r11}
+	sbcs	r8, r4,r8
+	sbcs	r9, r5,r9
+	sbcs	r10,r6,r10
+	sbcs	r11,r7,r11
+	teq	$aptr,$bptr				@ preserves carry
+	stmia	$rptr!, {r8-r11}
+	bne	.LNEON_sub
+
+	ldr	r10, [$aptr]				@ load top-most bit
+	mov	r11,sp
+	veor	q0,q0,q0
+	sub	r11,$bptr,r11				@ this is num*4
+	veor	q1,q1,q1
+	mov	$aptr,sp
+	sub	$rptr,$rptr,r11				@ rewind $rptr
+	mov	$nptr,$bptr				@ second 3/4th of frame
+	sbcs	r10,r10,#0				@ result is carry flag
+
+.LNEON_copy_n_zap:
+	ldmia	$aptr!, {r4-r7}
+	ldmia	$rptr,  {r8-r11}
+	it	cc
+	movcc	r8, r4
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	itt	cc
+	movcc	r9, r5
+	movcc	r10,r6
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	it	cc
+	movcc	r11,r7
+	ldmia	$aptr, {r4-r7}
+	stmia	$rptr!, {r8-r11}
+	sub	$aptr,$aptr,#16
+	ldmia	$rptr, {r8-r11}
+	it	cc
+	movcc	r8, r4
+	vst1.64	{q0-q1}, [$aptr,:256]!			@ wipe
+	itt	cc
+	movcc	r9, r5
+	movcc	r10,r6
+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
+	it	cc
+	movcc	r11,r7
+	teq	$aptr,$bptr				@ preserves carry
+	stmia	$rptr!, {r8-r11}
+	bne	.LNEON_copy_n_zap
+
+	mov	sp,ip
+        vldmia  sp!,{d8-d15}
+        ldmia   sp!,{r4-r11}
+	ret						@ bx lr
+.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/ge	or
+	s/\bret\b/bx    lr/g						or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/g;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/armv8-mont.pl b/openssl-1.1.0h/crypto/bn/asm/armv8-mont.pl
new file mode 100755
index 0000000..5d5af1b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/armv8-mont.pl
@@ -0,0 +1,1510 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2015
+#
+# "Teaser" Montgomery multiplication module for ARMv8. Needs more
+# work. While it does improve RSA sign performance by 20-30% (less for
+# longer keys) on most processors, for some reason RSA2048 is not
+# faster and RSA4096 goes 15-20% slower on Cortex-A57. Multiplication
+# instruction issue rate is limited on processor in question, meaning
+# that dedicated squaring procedure is a must. Well, actually all
+# contemporary AArch64 processors seem to have limited multiplication
+# issue rate, i.e. they can't issue multiplication every cycle, which
+# explains moderate improvement coefficients in comparison to
+# compiler-generated code. Recall that compiler is instructed to use
+# umulh and therefore uses same amount of multiplication instructions
+# to do the job. Assembly's edge is to minimize number of "collateral"
+# instructions and of course instruction scheduling.
+#
+# April 2015
+#
+# Squaring procedure that handles lengths divisible by 8 improves
+# RSA/DSA performance by 25-40-60% depending on processor and key
+# length. Overall improvement coefficients are always positive in
+# comparison to compiler-generated code. On Cortex-A57 improvement
+# is still modest on longest key lengths, while others exhibit e.g.
+# 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster
+# on Cortex-A57 and ~60-100% faster on others.
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+($lo0,$hi0,$aj,$m0,$alo,$ahi,
+ $lo1,$hi1,$nj,$m1,$nlo,$nhi,
+ $ovf, $i,$j,$tp,$tj) = map("x$_",6..17,19..24);
+
+# int bn_mul_mont(
+$rp="x0";	# BN_ULONG *rp,
+$ap="x1";	# const BN_ULONG *ap,
+$bp="x2";	# const BN_ULONG *bp,
+$np="x3";	# const BN_ULONG *np,
+$n0="x4";	# const BN_ULONG *n0,
+$num="x5";	# int num);
+
+$code.=<<___;
+.text
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,%function
+.align	5
+bn_mul_mont:
+	tst	$num,#7
+	b.eq	__bn_sqr8x_mont
+	tst	$num,#3
+	b.eq	__bn_mul4x_mont
+.Lmul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	ldr	$m0,[$bp],#8		// bp[0]
+	sub	$tp,sp,$num,lsl#3
+	ldp	$hi0,$aj,[$ap],#16	// ap[0..1]
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	and	$tp,$tp,#-16		// ABI says so
+	ldp	$hi1,$nj,[$np],#16	// np[0..1]
+
+	mul	$lo0,$hi0,$m0		// ap[0]*bp[0]
+	sub	$j,$num,#16		// j=num-2
+	umulh	$hi0,$hi0,$m0
+	mul	$alo,$aj,$m0		// ap[1]*bp[0]
+	umulh	$ahi,$aj,$m0
+
+	mul	$m1,$lo0,$n0		// "tp[0]"*n0
+	mov	sp,$tp			// alloca
+
+	// (*)	mul	$lo1,$hi1,$m1	// np[0]*m1
+	umulh	$hi1,$hi1,$m1
+	mul	$nlo,$nj,$m1		// np[1]*m1
+	// (*)	adds	$lo1,$lo1,$lo0	// discarded
+	// (*)	As for removal of first multiplication and addition
+	//	instructions. The outcome of first addition is
+	//	guaranteed to be zero, which leaves two computationally
+	//	significant outcomes: it either carries or not. Then
+	//	question is when does it carry? Is there alternative
+	//	way to deduce it? If you follow operations, you can
+	//	observe that condition for carry is quite simple:
+	//	$lo0 being non-zero. So that carry can be calculated
+	//	by adding -1 to $lo0. That's what next instruction does.
+	subs	xzr,$lo0,#1		// (*)
+	umulh	$nhi,$nj,$m1
+	adc	$hi1,$hi1,xzr
+	cbz	$j,.L1st_skip
+
+.L1st:
+	ldr	$aj,[$ap],#8
+	adds	$lo0,$alo,$hi0
+	sub	$j,$j,#8		// j--
+	adc	$hi0,$ahi,xzr
+
+	ldr	$nj,[$np],#8
+	adds	$lo1,$nlo,$hi1
+	mul	$alo,$aj,$m0		// ap[j]*bp[0]
+	adc	$hi1,$nhi,xzr
+	umulh	$ahi,$aj,$m0
+
+	adds	$lo1,$lo1,$lo0
+	mul	$nlo,$nj,$m1		// np[j]*m1
+	adc	$hi1,$hi1,xzr
+	umulh	$nhi,$nj,$m1
+	str	$lo1,[$tp],#8		// tp[j-1]
+	cbnz	$j,.L1st
+
+.L1st_skip:
+	adds	$lo0,$alo,$hi0
+	sub	$ap,$ap,$num		// rewind $ap
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	sub	$np,$np,$num		// rewind $np
+	adc	$hi1,$nhi,xzr
+
+	adds	$lo1,$lo1,$lo0
+	sub	$i,$num,#8		// i=num-1
+	adcs	$hi1,$hi1,$hi0
+
+	adc	$ovf,xzr,xzr		// upmost overflow bit
+	stp	$lo1,$hi1,[$tp]
+
+.Louter:
+	ldr	$m0,[$bp],#8		// bp[i]
+	ldp	$hi0,$aj,[$ap],#16
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+
+	mul	$lo0,$hi0,$m0		// ap[0]*bp[i]
+	sub	$j,$num,#16		// j=num-2
+	umulh	$hi0,$hi0,$m0
+	ldp	$hi1,$nj,[$np],#16
+	mul	$alo,$aj,$m0		// ap[1]*bp[i]
+	adds	$lo0,$lo0,$tj
+	umulh	$ahi,$aj,$m0
+	adc	$hi0,$hi0,xzr
+
+	mul	$m1,$lo0,$n0
+	sub	$i,$i,#8		// i--
+
+	// (*)	mul	$lo1,$hi1,$m1	// np[0]*m1
+	umulh	$hi1,$hi1,$m1
+	mul	$nlo,$nj,$m1		// np[1]*m1
+	// (*)	adds	$lo1,$lo1,$lo0
+	subs	xzr,$lo0,#1		// (*)
+	umulh	$nhi,$nj,$m1
+	cbz	$j,.Linner_skip
+
+.Linner:
+	ldr	$aj,[$ap],#8
+	adc	$hi1,$hi1,xzr
+	ldr	$tj,[$tp],#8		// tp[j]
+	adds	$lo0,$alo,$hi0
+	sub	$j,$j,#8		// j--
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	ldr	$nj,[$np],#8
+	adc	$hi1,$nhi,xzr
+
+	mul	$alo,$aj,$m0		// ap[j]*bp[i]
+	adds	$lo0,$lo0,$tj
+	umulh	$ahi,$aj,$m0
+	adc	$hi0,$hi0,xzr
+
+	mul	$nlo,$nj,$m1		// np[j]*m1
+	adds	$lo1,$lo1,$lo0
+	umulh	$nhi,$nj,$m1
+	str	$lo1,[$tp,#-16]		// tp[j-1]
+	cbnz	$j,.Linner
+
+.Linner_skip:
+	ldr	$tj,[$tp],#8		// tp[j]
+	adc	$hi1,$hi1,xzr
+	adds	$lo0,$alo,$hi0
+	sub	$ap,$ap,$num		// rewind $ap
+	adc	$hi0,$ahi,xzr
+
+	adds	$lo1,$nlo,$hi1
+	sub	$np,$np,$num		// rewind $np
+	adcs	$hi1,$nhi,$ovf
+	adc	$ovf,xzr,xzr
+
+	adds	$lo0,$lo0,$tj
+	adc	$hi0,$hi0,xzr
+
+	adds	$lo1,$lo1,$lo0
+	adcs	$hi1,$hi1,$hi0
+	adc	$ovf,$ovf,xzr		// upmost overflow bit
+	stp	$lo1,$hi1,[$tp,#-16]
+
+	cbnz	$i,.Louter
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+	ldr	$nj,[$np],#8		// np[0]
+	subs	$j,$num,#8		// j=num-1 and clear borrow
+	mov	$ap,$rp
+.Lsub:
+	sbcs	$aj,$tj,$nj		// tp[j]-np[j]
+	ldr	$tj,[$tp],#8
+	sub	$j,$j,#8		// j--
+	ldr	$nj,[$np],#8
+	str	$aj,[$ap],#8		// rp[j]=tp[j]-np[j]
+	cbnz	$j,.Lsub
+
+	sbcs	$aj,$tj,$nj
+	sbcs	$ovf,$ovf,xzr		// did it borrow?
+	str	$aj,[$ap],#8		// rp[num-1]
+
+	ldr	$tj,[sp]		// tp[0]
+	add	$tp,sp,#8
+	ldr	$aj,[$rp],#8		// rp[0]
+	sub	$num,$num,#8		// num--
+	nop
+.Lcond_copy:
+	sub	$num,$num,#8		// num--
+	csel	$nj,$tj,$aj,lo		// did it borrow?
+	ldr	$tj,[$tp],#8
+	ldr	$aj,[$rp],#8
+	str	xzr,[$tp,#-16]		// wipe tp
+	str	$nj,[$rp,#-16]
+	cbnz	$num,.Lcond_copy
+
+	csel	$nj,$tj,$aj,lo
+	str	xzr,[$tp,#-8]		// wipe tp
+	str	$nj,[$rp,#-8]
+
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{
+########################################################################
+# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("x$_",(6..13));
+my ($t0,$t1,$t2,$t3)=map("x$_",(14..17));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("x$_",(19..26));
+my ($cnt,$carry,$topmost)=("x27","x28","x30");
+my ($tp,$ap_end,$na0)=($bp,$np,$carry);
+
+$code.=<<___;
+.type	__bn_sqr8x_mont,%function
+.align	5
+__bn_sqr8x_mont:
+	cmp	$ap,$bp
+	b.ne	__bn_mul4x_mont
+.Lsqr8x_mont:
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	stp	$rp,$np,[sp,#96]	// offload rp and np
+
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	ldp	$a4,$a5,[$ap,#8*4]
+	ldp	$a6,$a7,[$ap,#8*6]
+
+	sub	$tp,sp,$num,lsl#4
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	mov	sp,$tp			// alloca
+	sub	$cnt,$num,#8*8
+	b	.Lsqr8x_zero_start
+
+.Lsqr8x_zero:
+	sub	$cnt,$cnt,#8*8
+	stp	xzr,xzr,[$tp,#8*0]
+	stp	xzr,xzr,[$tp,#8*2]
+	stp	xzr,xzr,[$tp,#8*4]
+	stp	xzr,xzr,[$tp,#8*6]
+.Lsqr8x_zero_start:
+	stp	xzr,xzr,[$tp,#8*8]
+	stp	xzr,xzr,[$tp,#8*10]
+	stp	xzr,xzr,[$tp,#8*12]
+	stp	xzr,xzr,[$tp,#8*14]
+	add	$tp,$tp,#8*16
+	cbnz	$cnt,.Lsqr8x_zero
+
+	add	$ap_end,$ap,$num
+	add	$ap,$ap,#8*8
+	mov	$acc0,xzr
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	mov	$acc4,xzr
+	mov	$acc5,xzr
+	mov	$acc6,xzr
+	mov	$acc7,xzr
+	mov	$tp,sp
+	str	$n0,[x29,#112]		// offload n0
+
+	// Multiply everything but a[i]*a[i]
+.align	4
+.Lsqr8x_outer_loop:
+        //                                                 a[1]a[0]	(i)
+        //                                             a[2]a[0]
+        //                                         a[3]a[0]
+        //                                     a[4]a[0]
+        //                                 a[5]a[0]
+        //                             a[6]a[0]
+        //                         a[7]a[0]
+        //                                         a[2]a[1]		(ii)
+        //                                     a[3]a[1]
+        //                                 a[4]a[1]
+        //                             a[5]a[1]
+        //                         a[6]a[1]
+        //                     a[7]a[1]
+        //                                 a[3]a[2]			(iii)
+        //                             a[4]a[2]
+        //                         a[5]a[2]
+        //                     a[6]a[2]
+        //                 a[7]a[2]
+        //                         a[4]a[3]				(iv)
+        //                     a[5]a[3]
+        //                 a[6]a[3]
+        //             a[7]a[3]
+        //                 a[5]a[4]					(v)
+        //             a[6]a[4]
+        //         a[7]a[4]
+        //         a[6]a[5]						(vi)
+        //     a[7]a[5]
+        // a[7]a[6]							(vii)
+
+	mul	$t0,$a1,$a0		// lo(a[1..7]*a[0])		(i)
+	mul	$t1,$a2,$a0
+	mul	$t2,$a3,$a0
+	mul	$t3,$a4,$a0
+	adds	$acc1,$acc1,$t0		// t[1]+lo(a[1]*a[0])
+	mul	$t0,$a5,$a0
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$a6,$a0
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$a7,$a0
+	adcs	$acc4,$acc4,$t3
+	umulh	$t3,$a1,$a0		// hi(a[1..7]*a[0])
+	adcs	$acc5,$acc5,$t0
+	umulh	$t0,$a2,$a0
+	adcs	$acc6,$acc6,$t1
+	umulh	$t1,$a3,$a0
+	adcs	$acc7,$acc7,$t2
+	umulh	$t2,$a4,$a0
+	stp	$acc0,$acc1,[$tp],#8*2	// t[0..1]
+	adc	$acc0,xzr,xzr		// t[8]
+	adds	$acc2,$acc2,$t3		// t[2]+lo(a[1]*a[0])
+	umulh	$t3,$a5,$a0
+	adcs	$acc3,$acc3,$t0
+	umulh	$t0,$a6,$a0
+	adcs	$acc4,$acc4,$t1
+	umulh	$t1,$a7,$a0
+	adcs	$acc5,$acc5,$t2
+	 mul	$t2,$a2,$a1		// lo(a[2..7]*a[1])		(ii)
+	adcs	$acc6,$acc6,$t3
+	 mul	$t3,$a3,$a1
+	adcs	$acc7,$acc7,$t0
+	 mul	$t0,$a4,$a1
+	adc	$acc0,$acc0,$t1
+
+	mul	$t1,$a5,$a1
+	adds	$acc3,$acc3,$t2
+	mul	$t2,$a6,$a1
+	adcs	$acc4,$acc4,$t3
+	mul	$t3,$a7,$a1
+	adcs	$acc5,$acc5,$t0
+	umulh	$t0,$a2,$a1		// hi(a[2..7]*a[1])
+	adcs	$acc6,$acc6,$t1
+	umulh	$t1,$a3,$a1
+	adcs	$acc7,$acc7,$t2
+	umulh	$t2,$a4,$a1
+	adcs	$acc0,$acc0,$t3
+	umulh	$t3,$a5,$a1
+	stp	$acc2,$acc3,[$tp],#8*2	// t[2..3]
+	adc	$acc1,xzr,xzr		// t[9]
+	adds	$acc4,$acc4,$t0
+	umulh	$t0,$a6,$a1
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a7,$a1
+	adcs	$acc6,$acc6,$t2
+	 mul	$t2,$a3,$a2		// lo(a[3..7]*a[2])		(iii)
+	adcs	$acc7,$acc7,$t3
+	 mul	$t3,$a4,$a2
+	adcs	$acc0,$acc0,$t0
+	 mul	$t0,$a5,$a2
+	adc	$acc1,$acc1,$t1
+
+	mul	$t1,$a6,$a2
+	adds	$acc5,$acc5,$t2
+	mul	$t2,$a7,$a2
+	adcs	$acc6,$acc6,$t3
+	umulh	$t3,$a3,$a2		// hi(a[3..7]*a[2])
+	adcs	$acc7,$acc7,$t0
+	umulh	$t0,$a4,$a2
+	adcs	$acc0,$acc0,$t1
+	umulh	$t1,$a5,$a2
+	adcs	$acc1,$acc1,$t2
+	umulh	$t2,$a6,$a2
+	stp	$acc4,$acc5,[$tp],#8*2	// t[4..5]
+	adc	$acc2,xzr,xzr		// t[10]
+	adds	$acc6,$acc6,$t3
+	umulh	$t3,$a7,$a2
+	adcs	$acc7,$acc7,$t0
+	 mul	$t0,$a4,$a3		// lo(a[4..7]*a[3])		(iv)
+	adcs	$acc0,$acc0,$t1
+	 mul	$t1,$a5,$a3
+	adcs	$acc1,$acc1,$t2
+	 mul	$t2,$a6,$a3
+	adc	$acc2,$acc2,$t3
+
+	mul	$t3,$a7,$a3
+	adds	$acc7,$acc7,$t0
+	umulh	$t0,$a4,$a3		// hi(a[4..7]*a[3])
+	adcs	$acc0,$acc0,$t1
+	umulh	$t1,$a5,$a3
+	adcs	$acc1,$acc1,$t2
+	umulh	$t2,$a6,$a3
+	adcs	$acc2,$acc2,$t3
+	umulh	$t3,$a7,$a3
+	stp	$acc6,$acc7,[$tp],#8*2	// t[6..7]
+	adc	$acc3,xzr,xzr		// t[11]
+	adds	$acc0,$acc0,$t0
+	 mul	$t0,$a5,$a4		// lo(a[5..7]*a[4])		(v)
+	adcs	$acc1,$acc1,$t1
+	 mul	$t1,$a6,$a4
+	adcs	$acc2,$acc2,$t2
+	 mul	$t2,$a7,$a4
+	adc	$acc3,$acc3,$t3
+
+	umulh	$t3,$a5,$a4		// hi(a[5..7]*a[4])
+	adds	$acc1,$acc1,$t0
+	umulh	$t0,$a6,$a4
+	adcs	$acc2,$acc2,$t1
+	umulh	$t1,$a7,$a4
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a6,$a5		// lo(a[6..7]*a[5])		(vi)
+	adc	$acc4,xzr,xzr		// t[12]
+	adds	$acc2,$acc2,$t3
+	 mul	$t3,$a7,$a5
+	adcs	$acc3,$acc3,$t0
+	 umulh	$t0,$a6,$a5		// hi(a[6..7]*a[5])
+	adc	$acc4,$acc4,$t1
+
+	umulh	$t1,$a7,$a5
+	adds	$acc3,$acc3,$t2
+	 mul	$t2,$a7,$a6		// lo(a[7]*a[6])		(vii)
+	adcs	$acc4,$acc4,$t3
+	 umulh	$t3,$a7,$a6		// hi(a[7]*a[6])
+	adc	$acc5,xzr,xzr		// t[13]
+	adds	$acc4,$acc4,$t0
+	sub	$cnt,$ap_end,$ap	// done yet?
+	adc	$acc5,$acc5,$t1
+
+	adds	$acc5,$acc5,$t2
+	sub	$t0,$ap_end,$num	// rewinded ap
+	adc	$acc6,xzr,xzr		// t[14]
+	add	$acc6,$acc6,$t3
+
+	cbz	$cnt,.Lsqr8x_outer_break
+
+	mov	$n0,$a0
+	ldp	$a0,$a1,[$tp,#8*0]
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	adds	$acc0,$acc0,$a0
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$ap,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$ap,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$ap,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$rp,$ap
+	adcs	$acc7,xzr,$a7
+	ldp	$a6,$a7,[$ap,#8*6]
+	add	$ap,$ap,#8*8
+	//adc	$carry,xzr,xzr		// moved below
+	mov	$cnt,#-8*8
+
+	//                                                         a[8]a[0]
+	//                                                     a[9]a[0]
+	//                                                 a[a]a[0]
+	//                                             a[b]a[0]
+	//                                         a[c]a[0]
+	//                                     a[d]a[0]
+	//                                 a[e]a[0]
+	//                             a[f]a[0]
+	//                                                     a[8]a[1]
+	//                         a[f]a[1]........................
+	//                                                 a[8]a[2]
+	//                     a[f]a[2]........................
+	//                                             a[8]a[3]
+	//                 a[f]a[3]........................
+	//                                         a[8]a[4]
+	//             a[f]a[4]........................
+	//                                     a[8]a[5]
+	//         a[f]a[5]........................
+	//                                 a[8]a[6]
+	//     a[f]a[6]........................
+	//                             a[8]a[7]
+	// a[f]a[7]........................
+.Lsqr8x_mul:
+	mul	$t0,$a0,$n0
+	adc	$carry,xzr,xzr		// carry bit, modulo-scheduled
+	mul	$t1,$a1,$n0
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$n0
+	mul	$t3,$a3,$n0
+	adds	$acc0,$acc0,$t0
+	mul	$t0,$a4,$n0
+	adcs	$acc1,$acc1,$t1
+	mul	$t1,$a5,$n0
+	adcs	$acc2,$acc2,$t2
+	mul	$t2,$a6,$n0
+	adcs	$acc3,$acc3,$t3
+	mul	$t3,$a7,$n0
+	adcs	$acc4,$acc4,$t0
+	umulh	$t0,$a0,$n0
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a1,$n0
+	adcs	$acc6,$acc6,$t2
+	umulh	$t2,$a2,$n0
+	adcs	$acc7,$acc7,$t3
+	umulh	$t3,$a3,$n0
+	adc	$carry,$carry,xzr
+	str	$acc0,[$tp],#8
+	adds	$acc0,$acc1,$t0
+	umulh	$t0,$a4,$n0
+	adcs	$acc1,$acc2,$t1
+	umulh	$t1,$a5,$n0
+	adcs	$acc2,$acc3,$t2
+	umulh	$t2,$a6,$n0
+	adcs	$acc3,$acc4,$t3
+	umulh	$t3,$a7,$n0
+	ldr	$n0,[$rp,$cnt]
+	adcs	$acc4,$acc5,$t0
+	adcs	$acc5,$acc6,$t1
+	adcs	$acc6,$acc7,$t2
+	adcs	$acc7,$carry,$t3
+	//adc	$carry,xzr,xzr		// moved above
+	cbnz	$cnt,.Lsqr8x_mul
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	cmp	$ap,$ap_end		// done yet?
+	b.eq	.Lsqr8x_break
+
+	ldp	$a0,$a1,[$tp,#8*0]
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	adds	$acc0,$acc0,$a0
+	ldr	$n0,[$rp,#-8*8]
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$ap,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$ap,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$ap,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$cnt,#-8*8
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$ap,#8*6]
+	add	$ap,$ap,#8*8
+	//adc	$carry,xzr,xzr		// moved above
+	b	.Lsqr8x_mul
+
+.align	4
+.Lsqr8x_break:
+	ldp	$a0,$a1,[$rp,#8*0]
+	add	$ap,$rp,#8*8
+	ldp	$a2,$a3,[$rp,#8*2]
+	sub	$t0,$ap_end,$ap		// is it last iteration?
+	ldp	$a4,$a5,[$rp,#8*4]
+	sub	$t1,$tp,$t0
+	ldp	$a6,$a7,[$rp,#8*6]
+	cbz	$t0,.Lsqr8x_outer_loop
+
+	stp	$acc0,$acc1,[$tp,#8*0]
+	ldp	$acc0,$acc1,[$t1,#8*0]
+	stp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc2,$acc3,[$t1,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[$t1,#8*4]
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,$t1
+	ldp	$acc6,$acc7,[$t1,#8*6]
+	b	.Lsqr8x_outer_loop
+
+.align	4
+.Lsqr8x_outer_break:
+	// Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
+	ldp	$a1,$a3,[$t0,#8*0]	// recall that $t0 is &a[0]
+	ldp	$t1,$t2,[sp,#8*1]
+	ldp	$a5,$a7,[$t0,#8*2]
+	add	$ap,$t0,#8*4
+	ldp	$t3,$t0,[sp,#8*3]
+
+	stp	$acc0,$acc1,[$tp,#8*0]
+	mul	$acc0,$a1,$a1
+	stp	$acc2,$acc3,[$tp,#8*2]
+	umulh	$a1,$a1,$a1
+	stp	$acc4,$acc5,[$tp,#8*4]
+	mul	$a2,$a3,$a3
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,sp
+	umulh	$a3,$a3,$a3
+	adds	$acc1,$a1,$t1,lsl#1
+	extr	$t1,$t2,$t1,#63
+	sub	$cnt,$num,#8*4
+
+.Lsqr4x_shift_n_add:
+	adcs	$acc2,$a2,$t1
+	extr	$t2,$t3,$t2,#63
+	sub	$cnt,$cnt,#8*4
+	adcs	$acc3,$a3,$t2
+	ldp	$t1,$t2,[$tp,#8*5]
+	mul	$a4,$a5,$a5
+	ldp	$a1,$a3,[$ap],#8*2
+	umulh	$a5,$a5,$a5
+	mul	$a6,$a7,$a7
+	umulh	$a7,$a7,$a7
+	extr	$t3,$t0,$t3,#63
+	stp	$acc0,$acc1,[$tp,#8*0]
+	adcs	$acc4,$a4,$t3
+	extr	$t0,$t1,$t0,#63
+	stp	$acc2,$acc3,[$tp,#8*2]
+	adcs	$acc5,$a5,$t0
+	ldp	$t3,$t0,[$tp,#8*7]
+	extr	$t1,$t2,$t1,#63
+	adcs	$acc6,$a6,$t1
+	extr	$t2,$t3,$t2,#63
+	adcs	$acc7,$a7,$t2
+	ldp	$t1,$t2,[$tp,#8*9]
+	mul	$a0,$a1,$a1
+	ldp	$a5,$a7,[$ap],#8*2
+	umulh	$a1,$a1,$a1
+	mul	$a2,$a3,$a3
+	umulh	$a3,$a3,$a3
+	stp	$acc4,$acc5,[$tp,#8*4]
+	extr	$t3,$t0,$t3,#63
+	stp	$acc6,$acc7,[$tp,#8*6]
+	add	$tp,$tp,#8*8
+	adcs	$acc0,$a0,$t3
+	extr	$t0,$t1,$t0,#63
+	adcs	$acc1,$a1,$t0
+	ldp	$t3,$t0,[$tp,#8*3]
+	extr	$t1,$t2,$t1,#63
+	cbnz	$cnt,.Lsqr4x_shift_n_add
+___
+my ($np,$np_end)=($ap,$ap_end);
+$code.=<<___;
+	 ldp	$np,$n0,[x29,#104]	// pull np and n0
+
+	adcs	$acc2,$a2,$t1
+	extr	$t2,$t3,$t2,#63
+	adcs	$acc3,$a3,$t2
+	ldp	$t1,$t2,[$tp,#8*5]
+	mul	$a4,$a5,$a5
+	umulh	$a5,$a5,$a5
+	stp	$acc0,$acc1,[$tp,#8*0]
+	mul	$a6,$a7,$a7
+	umulh	$a7,$a7,$a7
+	stp	$acc2,$acc3,[$tp,#8*2]
+	extr	$t3,$t0,$t3,#63
+	adcs	$acc4,$a4,$t3
+	extr	$t0,$t1,$t0,#63
+	 ldp	$acc0,$acc1,[sp,#8*0]
+	adcs	$acc5,$a5,$t0
+	extr	$t1,$t2,$t1,#63
+	 ldp	$a0,$a1,[$np,#8*0]
+	adcs	$acc6,$a6,$t1
+	extr	$t2,xzr,$t2,#63
+	 ldp	$a2,$a3,[$np,#8*2]
+	adc	$acc7,$a7,$t2
+	 ldp	$a4,$a5,[$np,#8*4]
+
+	// Reduce by 512 bits per iteration
+	mul	$na0,$n0,$acc0		// t[0]*n0
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np_end,$np,$num
+	ldp	$acc2,$acc3,[sp,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[sp,#8*4]
+	stp	$acc6,$acc7,[$tp,#8*6]
+	ldp	$acc6,$acc7,[sp,#8*6]
+	add	$np,$np,#8*8
+	mov	$topmost,xzr		// initial top-most carry
+	mov	$tp,sp
+	mov	$cnt,#8
+
+.Lsqr8x_reduction:
+	// (*)	mul	$t0,$a0,$na0	// lo(n[0-7])*lo(t[0]*n0)
+	mul	$t1,$a1,$na0
+	sub	$cnt,$cnt,#1
+	mul	$t2,$a2,$na0
+	str	$na0,[$tp],#8		// put aside t[0]*n0 for tail processing
+	mul	$t3,$a3,$na0
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	mul	$t0,$a4,$na0
+	adcs	$acc0,$acc1,$t1
+	mul	$t1,$a5,$na0
+	adcs	$acc1,$acc2,$t2
+	mul	$t2,$a6,$na0
+	adcs	$acc2,$acc3,$t3
+	mul	$t3,$a7,$na0
+	adcs	$acc3,$acc4,$t0
+	umulh	$t0,$a0,$na0		// hi(n[0-7])*lo(t[0]*n0)
+	adcs	$acc4,$acc5,$t1
+	umulh	$t1,$a1,$na0
+	adcs	$acc5,$acc6,$t2
+	umulh	$t2,$a2,$na0
+	adcs	$acc6,$acc7,$t3
+	umulh	$t3,$a3,$na0
+	adc	$acc7,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a4,$na0
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a5,$na0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a6,$na0
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a7,$na0
+	mul	$na0,$n0,$acc0		// next t[0]*n0
+	adcs	$acc4,$acc4,$t0
+	adcs	$acc5,$acc5,$t1
+	adcs	$acc6,$acc6,$t2
+	adc	$acc7,$acc7,$t3
+	cbnz	$cnt,.Lsqr8x_reduction
+
+	ldp	$t0,$t1,[$tp,#8*0]
+	ldp	$t2,$t3,[$tp,#8*2]
+	mov	$rp,$tp
+	sub	$cnt,$np_end,$np	// done yet?
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	ldp	$t0,$t1,[$tp,#8*4]
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	ldp	$t2,$t3,[$tp,#8*6]
+	adcs	$acc4,$acc4,$t0
+	adcs	$acc5,$acc5,$t1
+	adcs	$acc6,$acc6,$t2
+	adcs	$acc7,$acc7,$t3
+	//adc	$carry,xzr,xzr		// moved below
+	cbz	$cnt,.Lsqr8x8_post_condition
+
+	ldr	$n0,[$tp,#-8*8]
+	ldp	$a0,$a1,[$np,#8*0]
+	ldp	$a2,$a3,[$np,#8*2]
+	ldp	$a4,$a5,[$np,#8*4]
+	mov	$cnt,#-8*8
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+
+.Lsqr8x_tail:
+	mul	$t0,$a0,$n0
+	adc	$carry,xzr,xzr		// carry bit, modulo-scheduled
+	mul	$t1,$a1,$n0
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$n0
+	mul	$t3,$a3,$n0
+	adds	$acc0,$acc0,$t0
+	mul	$t0,$a4,$n0
+	adcs	$acc1,$acc1,$t1
+	mul	$t1,$a5,$n0
+	adcs	$acc2,$acc2,$t2
+	mul	$t2,$a6,$n0
+	adcs	$acc3,$acc3,$t3
+	mul	$t3,$a7,$n0
+	adcs	$acc4,$acc4,$t0
+	umulh	$t0,$a0,$n0
+	adcs	$acc5,$acc5,$t1
+	umulh	$t1,$a1,$n0
+	adcs	$acc6,$acc6,$t2
+	umulh	$t2,$a2,$n0
+	adcs	$acc7,$acc7,$t3
+	umulh	$t3,$a3,$n0
+	adc	$carry,$carry,xzr
+	str	$acc0,[$tp],#8
+	adds	$acc0,$acc1,$t0
+	umulh	$t0,$a4,$n0
+	adcs	$acc1,$acc2,$t1
+	umulh	$t1,$a5,$n0
+	adcs	$acc2,$acc3,$t2
+	umulh	$t2,$a6,$n0
+	adcs	$acc3,$acc4,$t3
+	umulh	$t3,$a7,$n0
+	ldr	$n0,[$rp,$cnt]
+	adcs	$acc4,$acc5,$t0
+	adcs	$acc5,$acc6,$t1
+	adcs	$acc6,$acc7,$t2
+	adcs	$acc7,$carry,$t3
+	//adc	$carry,xzr,xzr		// moved above
+	cbnz	$cnt,.Lsqr8x_tail
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	ldp	$a0,$a1,[$tp,#8*0]
+	sub	$cnt,$np_end,$np	// done yet?
+	sub	$t2,$np_end,$num	// rewinded np
+	ldp	$a2,$a3,[$tp,#8*2]
+	ldp	$a4,$a5,[$tp,#8*4]
+	ldp	$a6,$a7,[$tp,#8*6]
+	cbz	$cnt,.Lsqr8x_tail_break
+
+	ldr	$n0,[$rp,#-8*8]
+	adds	$acc0,$acc0,$a0
+	adcs	$acc1,$acc1,$a1
+	ldp	$a0,$a1,[$np,#8*0]
+	adcs	$acc2,$acc2,$a2
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$np,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$np,#8*4]
+	adcs	$acc6,$acc6,$a6
+	mov	$cnt,#-8*8
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+	//adc	$carry,xzr,xzr		// moved above
+	b	.Lsqr8x_tail
+
+.align	4
+.Lsqr8x_tail_break:
+	ldr	$n0,[x29,#112]		// pull n0
+	add	$cnt,$tp,#8*8		// end of current t[num] window
+
+	subs	xzr,$topmost,#1		// "move" top-most carry to carry bit
+	adcs	$t0,$acc0,$a0
+	adcs	$t1,$acc1,$a1
+	ldp	$acc0,$acc1,[$rp,#8*0]
+	adcs	$acc2,$acc2,$a2
+	ldp	$a0,$a1,[$t2,#8*0]	// recall that $t2 is &n[0]
+	adcs	$acc3,$acc3,$a3
+	ldp	$a2,$a3,[$t2,#8*2]
+	adcs	$acc4,$acc4,$a4
+	adcs	$acc5,$acc5,$a5
+	ldp	$a4,$a5,[$t2,#8*4]
+	adcs	$acc6,$acc6,$a6
+	adcs	$acc7,$acc7,$a7
+	ldp	$a6,$a7,[$t2,#8*6]
+	add	$np,$t2,#8*8
+	adc	$topmost,xzr,xzr	// top-most carry
+	mul	$na0,$n0,$acc0
+	stp	$t0,$t1,[$tp,#8*0]
+	stp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc2,$acc3,[$rp,#8*2]
+	stp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc4,$acc5,[$rp,#8*4]
+	cmp	$cnt,x29		// did we hit the bottom?
+	stp	$acc6,$acc7,[$tp,#8*6]
+	mov	$tp,$rp			// slide the window
+	ldp	$acc6,$acc7,[$rp,#8*6]
+	mov	$cnt,#8
+	b.ne	.Lsqr8x_reduction
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	$rp,[x29,#96]		// pull rp
+	add	$tp,$tp,#8*8
+	subs	$t0,$acc0,$a0
+	sbcs	$t1,$acc1,$a1
+	sub	$cnt,$num,#8*8
+	mov	$ap_end,$rp		// $rp copy
+
+.Lsqr8x_sub:
+	sbcs	$t2,$acc2,$a2
+	ldp	$a0,$a1,[$np,#8*0]
+	sbcs	$t3,$acc3,$a3
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc4,$a4
+	ldp	$a2,$a3,[$np,#8*2]
+	sbcs	$t1,$acc5,$a5
+	stp	$t2,$t3,[$rp,#8*2]
+	sbcs	$t2,$acc6,$a6
+	ldp	$a4,$a5,[$np,#8*4]
+	sbcs	$t3,$acc7,$a7
+	ldp	$a6,$a7,[$np,#8*6]
+	add	$np,$np,#8*8
+	ldp	$acc0,$acc1,[$tp,#8*0]
+	sub	$cnt,$cnt,#8*8
+	ldp	$acc2,$acc3,[$tp,#8*2]
+	ldp	$acc4,$acc5,[$tp,#8*4]
+	ldp	$acc6,$acc7,[$tp,#8*6]
+	add	$tp,$tp,#8*8
+	stp	$t0,$t1,[$rp,#8*4]
+	sbcs	$t0,$acc0,$a0
+	stp	$t2,$t3,[$rp,#8*6]
+	add	$rp,$rp,#8*8
+	sbcs	$t1,$acc1,$a1
+	cbnz	$cnt,.Lsqr8x_sub
+
+	sbcs	$t2,$acc2,$a2
+	 mov	$tp,sp
+	 add	$ap,sp,$num
+	 ldp	$a0,$a1,[$ap_end,#8*0]
+	sbcs	$t3,$acc3,$a3
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc4,$a4
+	 ldp	$a2,$a3,[$ap_end,#8*2]
+	sbcs	$t1,$acc5,$a5
+	stp	$t2,$t3,[$rp,#8*2]
+	sbcs	$t2,$acc6,$a6
+	 ldp	$acc0,$acc1,[$ap,#8*0]
+	sbcs	$t3,$acc7,$a7
+	 ldp	$acc2,$acc3,[$ap,#8*2]
+	sbcs	xzr,$topmost,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+	stp	$t0,$t1,[$rp,#8*4]
+	stp	$t2,$t3,[$rp,#8*6]
+
+	sub	$cnt,$num,#8*4
+.Lsqr4x_cond_copy:
+	sub	$cnt,$cnt,#8*4
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	ldp	$a0,$a1,[$ap_end,#8*4]
+	ldp	$acc0,$acc1,[$ap,#8*4]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	 add	$tp,$tp,#8*4
+	csel	$t3,$acc3,$a3,lo
+	ldp	$a2,$a3,[$ap_end,#8*6]
+	ldp	$acc2,$acc3,[$ap,#8*6]
+	add	$ap,$ap,#8*4
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+	add	$ap_end,$ap_end,#8*4
+	 stp	xzr,xzr,[$ap,#8*0]
+	 stp	xzr,xzr,[$ap,#8*2]
+	cbnz	$cnt,.Lsqr4x_cond_copy
+
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	csel	$t2,$acc2,$a2,lo
+	csel	$t3,$acc3,$a3,lo
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+
+	b	.Lsqr8x_done
+
+.align	4
+.Lsqr8x8_post_condition:
+	adc	$carry,xzr,xzr
+	ldr	x30,[x29,#8]		// pull return address
+	// $acc0-7,$carry hold result, $a0-7 hold modulus
+	subs	$a0,$acc0,$a0
+	ldr	$ap,[x29,#96]		// pull rp
+	sbcs	$a1,$acc1,$a1
+	 stp	xzr,xzr,[sp,#8*0]
+	sbcs	$a2,$acc2,$a2
+	 stp	xzr,xzr,[sp,#8*2]
+	sbcs	$a3,$acc3,$a3
+	 stp	xzr,xzr,[sp,#8*4]
+	sbcs	$a4,$acc4,$a4
+	 stp	xzr,xzr,[sp,#8*6]
+	sbcs	$a5,$acc5,$a5
+	 stp	xzr,xzr,[sp,#8*8]
+	sbcs	$a6,$acc6,$a6
+	 stp	xzr,xzr,[sp,#8*10]
+	sbcs	$a7,$acc7,$a7
+	 stp	xzr,xzr,[sp,#8*12]
+	sbcs	$carry,$carry,xzr	// did it borrow?
+	 stp	xzr,xzr,[sp,#8*14]
+
+	// $a0-7 hold result-modulus
+	csel	$a0,$acc0,$a0,lo
+	csel	$a1,$acc1,$a1,lo
+	csel	$a2,$acc2,$a2,lo
+	csel	$a3,$acc3,$a3,lo
+	stp	$a0,$a1,[$ap,#8*0]
+	csel	$a4,$acc4,$a4,lo
+	csel	$a5,$acc5,$a5,lo
+	stp	$a2,$a3,[$ap,#8*2]
+	csel	$a6,$acc6,$a6,lo
+	csel	$a7,$acc7,$a7,lo
+	stp	$a4,$a5,[$ap,#8*4]
+	stp	$a6,$a7,[$ap,#8*6]
+
+.Lsqr8x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+	ret
+.size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
+___
+}
+
+{
+########################################################################
+# Even though this might look as ARMv8 adaptation of mulx4x_mont from
+# x86_64-mont5 module, it's different in sense that it performs
+# reduction 256 bits at a time.
+
+my ($a0,$a1,$a2,$a3,
+    $t0,$t1,$t2,$t3,
+    $m0,$m1,$m2,$m3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,
+    $bi,$mi,$tp,$ap_end,$cnt) = map("x$_",(6..17,19..28));
+my  $bp_end=$rp;
+my  ($carry,$topmost) = ($rp,"x30");
+
+$code.=<<___;
+.type	__bn_mul4x_mont,%function
+.align	5
+__bn_mul4x_mont:
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	sub	$tp,sp,$num,lsl#3
+	lsl	$num,$num,#3
+	ldr	$n0,[$n0]		// *n0
+	sub	sp,$tp,#8*4		// alloca
+
+	add	$t0,$bp,$num
+	add	$ap_end,$ap,$num
+	stp	$rp,$t0,[x29,#96]	// offload rp and &b[num]
+
+	ldr	$bi,[$bp,#8*0]		// b[0]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[0..3]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	mov	$acc0,xzr
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	ldp	$m0,$m1,[$np,#8*0]	// n[0..3]
+	ldp	$m2,$m3,[$np,#8*2]
+	adds	$np,$np,#8*4		// clear carry bit
+	mov	$carry,xzr
+	mov	$cnt,#0
+	mov	$tp,sp
+
+.Loop_mul4x_1st_reduction:
+	mul	$t0,$a0,$bi		// lo(a[0..3]*b[0])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[0..3]*b[0])
+	adcs	$acc1,$acc1,$t1
+	mul	$mi,$acc0,$n0		// t[0]*n0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t1,$a1,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t2,$a2,$bi
+	adc	$acc4,xzr,xzr
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,$cnt]		// next b[i] (or b[0])
+	adds	$acc1,$acc1,$t0
+	// (*)	mul	$t0,$m0,$mi	// lo(n[0..3]*t[0]*n0)
+	str	$mi,[$tp],#8		// put aside t[0]*n0 for tail processing
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	umulh	$t0,$m0,$mi		// hi(n[0..3]*t[0]*n0)
+	adcs	$acc0,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc1,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc2,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc3,$acc4,$carry
+	adc	$carry,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	sub	$t0,$ap_end,$ap
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_1st_reduction
+
+	cbz	$t0,.Lmul4x4_post_condition
+
+	ldp	$a0,$a1,[$ap,#8*0]	// a[4..7]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	ldr	$mi,[sp]		// a[0]*n0
+	ldp	$m0,$m1,[$np,#8*0]	// n[4..7]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+
+.Loop_mul4x_1st_tail:
+	mul	$t0,$a0,$bi		// lo(a[4..7]*b[i])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[4..7]*b[i])
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,xzr,xzr
+	ldr	$bi,[$bp,$cnt]		// next b[i] (or b[0])
+	adds	$acc1,$acc1,$t0
+	mul	$t0,$m0,$mi		// lo(n[4..7]*a[0]*n0)
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$m0,$mi		// hi(n[4..7]*a[0]*n0)
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc3,$acc3,$t3
+	adcs	$acc4,$acc4,$carry
+	umulh	$t3,$m3,$mi
+	adc	$carry,xzr,xzr
+	ldr	$mi,[sp,$cnt]		// next t[0]*n0
+	str	$acc0,[$tp],#8		// result!!!
+	adds	$acc0,$acc1,$t0
+	sub	$t0,$ap_end,$ap		// done yet?
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2
+	adcs	$acc3,$acc4,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_1st_tail
+
+	sub	$t1,$ap_end,$num	// rewinded $ap
+	cbz	$t0,.Lmul4x_proceed
+
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	ldp	$m0,$m1,[$np,#8*0]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Lmul4x_proceed:
+	ldr	$bi,[$bp,#8*4]!		// *++b
+	adc	$topmost,$carry,xzr
+	ldp	$a0,$a1,[$t1,#8*0]	// a[0..3]
+	sub	$np,$np,$num		// rewind np
+	ldp	$a2,$a3,[$t1,#8*2]
+	add	$ap,$t1,#8*4
+
+	stp	$acc0,$acc1,[$tp,#8*0]	// result!!!
+	ldp	$acc0,$acc1,[sp,#8*4]	// t[0..3]
+	stp	$acc2,$acc3,[$tp,#8*2]	// result!!!
+	ldp	$acc2,$acc3,[sp,#8*6]
+
+	ldp	$m0,$m1,[$np,#8*0]	// n[0..3]
+	mov	$tp,sp
+	ldp	$m2,$m3,[$np,#8*2]
+	adds	$np,$np,#8*4		// clear carry bit
+	mov	$carry,xzr
+
+.align	4
+.Loop_mul4x_reduction:
+	mul	$t0,$a0,$bi		// lo(a[0..3]*b[4])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[0..3]*b[4])
+	adcs	$acc1,$acc1,$t1
+	mul	$mi,$acc0,$n0		// t[0]*n0
+	adcs	$acc2,$acc2,$t2
+	umulh	$t1,$a1,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t2,$a2,$bi
+	adc	$acc4,xzr,xzr
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,$cnt]		// next b[i]
+	adds	$acc1,$acc1,$t0
+	// (*)	mul	$t0,$m0,$mi
+	str	$mi,[$tp],#8		// put aside t[0]*n0 for tail processing
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi		// lo(n[0..3]*t[0]*n0
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	// (*)	adds	xzr,$acc0,$t0
+	subs	xzr,$acc0,#1		// (*)
+	umulh	$t0,$m0,$mi		// hi(n[0..3]*t[0]*n0
+	adcs	$acc0,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc1,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc2,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc3,$acc4,$carry
+	adc	$carry,xzr,xzr
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_reduction
+
+	adc	$carry,$carry,xzr
+	ldp	$t0,$t1,[$tp,#8*4]	// t[4..7]
+	ldp	$t2,$t3,[$tp,#8*6]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[4..7]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+
+	ldr	$mi,[sp]		// t[0]*n0
+	ldp	$m0,$m1,[$np,#8*0]	// n[4..7]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+
+.align	4
+.Loop_mul4x_tail:
+	mul	$t0,$a0,$bi		// lo(a[4..7]*b[4])
+	adc	$carry,$carry,xzr	// modulo-scheduled
+	mul	$t1,$a1,$bi
+	add	$cnt,$cnt,#8
+	mul	$t2,$a2,$bi
+	and	$cnt,$cnt,#31
+	mul	$t3,$a3,$bi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$a0,$bi		// hi(a[4..7]*b[4])
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$a1,$bi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$a2,$bi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$a3,$bi
+	adc	$acc4,xzr,xzr
+	ldr	$bi,[$bp,$cnt]		// next b[i]
+	adds	$acc1,$acc1,$t0
+	mul	$t0,$m0,$mi		// lo(n[4..7]*t[0]*n0)
+	adcs	$acc2,$acc2,$t1
+	mul	$t1,$m1,$mi
+	adcs	$acc3,$acc3,$t2
+	mul	$t2,$m2,$mi
+	adc	$acc4,$acc4,$t3		// can't overflow
+	mul	$t3,$m3,$mi
+	adds	$acc0,$acc0,$t0
+	umulh	$t0,$m0,$mi		// hi(n[4..7]*t[0]*n0)
+	adcs	$acc1,$acc1,$t1
+	umulh	$t1,$m1,$mi
+	adcs	$acc2,$acc2,$t2
+	umulh	$t2,$m2,$mi
+	adcs	$acc3,$acc3,$t3
+	umulh	$t3,$m3,$mi
+	adcs	$acc4,$acc4,$carry
+	ldr	$mi,[sp,$cnt]		// next a[0]*n0
+	adc	$carry,xzr,xzr
+	str	$acc0,[$tp],#8		// result!!!
+	adds	$acc0,$acc1,$t0
+	sub	$t0,$ap_end,$ap		// done yet?
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2
+	adcs	$acc3,$acc4,$t3
+	//adc	$carry,$carry,xzr
+	cbnz	$cnt,.Loop_mul4x_tail
+
+	sub	$t1,$np,$num		// rewinded np?
+	adc	$carry,$carry,xzr
+	cbz	$t0,.Loop_mul4x_break
+
+	ldp	$t0,$t1,[$tp,#8*4]
+	ldp	$t2,$t3,[$tp,#8*6]
+	ldp	$a0,$a1,[$ap,#8*0]
+	ldp	$a2,$a3,[$ap,#8*2]
+	add	$ap,$ap,#8*4
+	adds	$acc0,$acc0,$t0
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	//adc	$carry,$carry,xzr
+	ldp	$m0,$m1,[$np,#8*0]
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	b	.Loop_mul4x_tail
+
+.align	4
+.Loop_mul4x_break:
+	ldp	$t2,$t3,[x29,#96]	// pull rp and &b[num]
+	adds	$acc0,$acc0,$topmost
+	add	$bp,$bp,#8*4		// bp++
+	adcs	$acc1,$acc1,xzr
+	sub	$ap,$ap,$num		// rewind ap
+	adcs	$acc2,$acc2,xzr
+	stp	$acc0,$acc1,[$tp,#8*0]	// result!!!
+	adcs	$acc3,$acc3,xzr
+	ldp	$acc0,$acc1,[sp,#8*4]	// t[0..3]
+	adc	$topmost,$carry,xzr
+	stp	$acc2,$acc3,[$tp,#8*2]	// result!!!
+	cmp	$bp,$t3			// done yet?
+	ldp	$acc2,$acc3,[sp,#8*6]
+	ldp	$m0,$m1,[$t1,#8*0]	// n[0..3]
+	ldp	$m2,$m3,[$t1,#8*2]
+	add	$np,$t1,#8*4
+	b.eq	.Lmul4x_post
+
+	ldr	$bi,[$bp]
+	ldp	$a0,$a1,[$ap,#8*0]	// a[0..3]
+	ldp	$a2,$a3,[$ap,#8*2]
+	adds	$ap,$ap,#8*4		// clear carry bit
+	mov	$carry,xzr
+	mov	$tp,sp
+	b	.Loop_mul4x_reduction
+
+.align	4
+.Lmul4x_post:
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	mov	$rp,$t2
+	mov	$ap_end,$t2		// $rp copy
+	subs	$t0,$acc0,$m0
+	add	$tp,sp,#8*8
+	sbcs	$t1,$acc1,$m1
+	sub	$cnt,$num,#8*4
+
+.Lmul4x_sub:
+	sbcs	$t2,$acc2,$m2
+	ldp	$m0,$m1,[$np,#8*0]
+	sub	$cnt,$cnt,#8*4
+	ldp	$acc0,$acc1,[$tp,#8*0]
+	sbcs	$t3,$acc3,$m3
+	ldp	$m2,$m3,[$np,#8*2]
+	add	$np,$np,#8*4
+	ldp	$acc2,$acc3,[$tp,#8*2]
+	add	$tp,$tp,#8*4
+	stp	$t0,$t1,[$rp,#8*0]
+	sbcs	$t0,$acc0,$m0
+	stp	$t2,$t3,[$rp,#8*2]
+	add	$rp,$rp,#8*4
+	sbcs	$t1,$acc1,$m1
+	cbnz	$cnt,.Lmul4x_sub
+
+	sbcs	$t2,$acc2,$m2
+	 mov	$tp,sp
+	 add	$ap,sp,#8*4
+	 ldp	$a0,$a1,[$ap_end,#8*0]
+	sbcs	$t3,$acc3,$m3
+	stp	$t0,$t1,[$rp,#8*0]
+	 ldp	$a2,$a3,[$ap_end,#8*2]
+	stp	$t2,$t3,[$rp,#8*2]
+	 ldp	$acc0,$acc1,[$ap,#8*0]
+	 ldp	$acc2,$acc3,[$ap,#8*2]
+	sbcs	xzr,$topmost,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+
+	sub	$cnt,$num,#8*4
+.Lmul4x_cond_copy:
+	sub	$cnt,$cnt,#8*4
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	ldp	$a0,$a1,[$ap_end,#8*4]
+	ldp	$acc0,$acc1,[$ap,#8*4]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	 add	$tp,$tp,#8*4
+	csel	$t3,$acc3,$a3,lo
+	ldp	$a2,$a3,[$ap_end,#8*6]
+	ldp	$acc2,$acc3,[$ap,#8*6]
+	add	$ap,$ap,#8*4
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+	add	$ap_end,$ap_end,#8*4
+	cbnz	$cnt,.Lmul4x_cond_copy
+
+	csel	$t0,$acc0,$a0,lo
+	 stp	xzr,xzr,[$tp,#8*0]
+	csel	$t1,$acc1,$a1,lo
+	 stp	xzr,xzr,[$tp,#8*2]
+	csel	$t2,$acc2,$a2,lo
+	 stp	xzr,xzr,[$tp,#8*3]
+	csel	$t3,$acc3,$a3,lo
+	 stp	xzr,xzr,[$tp,#8*4]
+	stp	$t0,$t1,[$ap_end,#8*0]
+	stp	$t2,$t3,[$ap_end,#8*2]
+
+	b	.Lmul4x_done
+
+.align	4
+.Lmul4x4_post_condition:
+	adc	$carry,$carry,xzr
+	ldr	$ap,[x29,#96]		// pull rp
+	// $acc0-3,$carry hold result, $m0-7 hold modulus
+	subs	$a0,$acc0,$m0
+	ldr	x30,[x29,#8]		// pull return address
+	sbcs	$a1,$acc1,$m1
+	 stp	xzr,xzr,[sp,#8*0]
+	sbcs	$a2,$acc2,$m2
+	 stp	xzr,xzr,[sp,#8*2]
+	sbcs	$a3,$acc3,$m3
+	 stp	xzr,xzr,[sp,#8*4]
+	sbcs	xzr,$carry,xzr		// did it borrow?
+	 stp	xzr,xzr,[sp,#8*6]
+
+	// $a0-3 hold result-modulus
+	csel	$a0,$acc0,$a0,lo
+	csel	$a1,$acc1,$a1,lo
+	csel	$a2,$acc2,$a2,lo
+	csel	$a3,$acc3,$a3,lo
+	stp	$a0,$a1,[$ap,#8*0]
+	stp	$a2,$a3,[$ap,#8*2]
+
+.Lmul4x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+	ret
+.size	__bn_mul4x_mont,.-__bn_mul4x_mont
+___
+}
+$code.=<<___;
+.asciz	"Montgomery Multiplication for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/bn-586.pl b/openssl-1.1.0h/crypto/bn/asm/bn-586.pl
new file mode 100644
index 0000000..1ca1bbf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/bn-586.pl
@@ -0,0 +1,785 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_sub_part_words("bn_sub_part_words");
+
+&asm_finish();
+
+close STDOUT;
+
+sub bn_mul_add_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("maw_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+		&movd("mm0",&wparam(3));	# mm0 = w
+		&pxor("mm1","mm1");		# mm1 = carry_in
+		&jmp(&label("maw_sse2_entry"));
+		
+	&set_label("maw_sse2_unrolled",16);
+		&movd("mm3",&DWP(0,$r,"",0));	# mm3 = r[0]
+		&paddq("mm1","mm3");		# mm1 = carry_in + r[0]
+		&movd("mm2",&DWP(0,$a,"",0));	# mm2 = a[0]
+		&pmuludq("mm2","mm0");		# mm2 = w*a[0]
+		&movd("mm4",&DWP(4,$a,"",0));	# mm4 = a[1]
+		&pmuludq("mm4","mm0");		# mm4 = w*a[1]
+		&movd("mm6",&DWP(8,$a,"",0));	# mm6 = a[2]
+		&pmuludq("mm6","mm0");		# mm6 = w*a[2]
+		&movd("mm7",&DWP(12,$a,"",0));	# mm7 = a[3]
+		&pmuludq("mm7","mm0");		# mm7 = w*a[3]
+		&paddq("mm1","mm2");		# mm1 = carry_in + r[0] + w*a[0]
+		&movd("mm3",&DWP(4,$r,"",0));	# mm3 = r[1]
+		&paddq("mm3","mm4");		# mm3 = r[1] + w*a[1]
+		&movd("mm5",&DWP(8,$r,"",0));	# mm5 = r[2]
+		&paddq("mm5","mm6");		# mm5 = r[2] + w*a[2]
+		&movd("mm4",&DWP(12,$r,"",0));	# mm4 = r[3]
+		&paddq("mm7","mm4");		# mm7 = r[3] + w*a[3]
+		&movd(&DWP(0,$r,"",0),"mm1");
+		&movd("mm2",&DWP(16,$a,"",0));	# mm2 = a[4]
+		&pmuludq("mm2","mm0");		# mm2 = w*a[4]
+		&psrlq("mm1",32);		# mm1 = carry0
+		&movd("mm4",&DWP(20,$a,"",0));	# mm4 = a[5]
+		&pmuludq("mm4","mm0");		# mm4 = w*a[5]
+		&paddq("mm1","mm3");		# mm1 = carry0 + r[1] + w*a[1]
+		&movd("mm6",&DWP(24,$a,"",0));	# mm6 = a[6]
+		&pmuludq("mm6","mm0");		# mm6 = w*a[6]
+		&movd(&DWP(4,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry1
+		&movd("mm3",&DWP(28,$a,"",0));	# mm3 = a[7]
+		&add($a,32);
+		&pmuludq("mm3","mm0");		# mm3 = w*a[7]
+		&paddq("mm1","mm5");		# mm1 = carry1 + r[2] + w*a[2]
+		&movd("mm5",&DWP(16,$r,"",0));	# mm5 = r[4]
+		&paddq("mm2","mm5");		# mm2 = r[4] + w*a[4]
+		&movd(&DWP(8,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry2
+		&paddq("mm1","mm7");		# mm1 = carry2 + r[3] + w*a[3]
+		&movd("mm5",&DWP(20,$r,"",0));	# mm5 = r[5]
+		&paddq("mm4","mm5");		# mm4 = r[5] + w*a[5]
+		&movd(&DWP(12,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry3
+		&paddq("mm1","mm2");		# mm1 = carry3 + r[4] + w*a[4]
+		&movd("mm5",&DWP(24,$r,"",0));	# mm5 = r[6]
+		&paddq("mm6","mm5");		# mm6 = r[6] + w*a[6]
+		&movd(&DWP(16,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry4
+		&paddq("mm1","mm4");		# mm1 = carry4 + r[5] + w*a[5]
+		&movd("mm5",&DWP(28,$r,"",0));	# mm5 = r[7]
+		&paddq("mm3","mm5");		# mm3 = r[7] + w*a[7]
+		&movd(&DWP(20,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry5
+		&paddq("mm1","mm6");		# mm1 = carry5 + r[6] + w*a[6]
+		&movd(&DWP(24,$r,"",0),"mm1");
+		&psrlq("mm1",32);		# mm1 = carry6
+		&paddq("mm1","mm3");		# mm1 = carry6 + r[7] + w*a[7]
+		&movd(&DWP(28,$r,"",0),"mm1");
+		&lea($r,&DWP(32,$r));
+		&psrlq("mm1",32);		# mm1 = carry_out
+
+		&sub($c,8);
+		&jz(&label("maw_sse2_exit"));
+	&set_label("maw_sse2_entry");
+		&test($c,0xfffffff8);
+		&jnz(&label("maw_sse2_unrolled"));
+
+	&set_label("maw_sse2_loop",4);
+		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
+		&movd("mm3",&DWP(0,$r));	# mm3 = r[i]
+		&pmuludq("mm2","mm0");		# a[i] *= w
+		&lea($a,&DWP(4,$a));
+		&paddq("mm1","mm3");		# carry += r[i]
+		&paddq("mm1","mm2");		# carry += a[i]*w
+		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
+		&sub($c,1);
+		&psrlq("mm1",32);		# carry = carry_high
+		&lea($r,&DWP(4,$r));
+		&jnz(&label("maw_sse2_loop"));
+	&set_label("maw_sse2_exit");
+		&movd("eax","mm1");		# c = carry_out
+		&emms();
+		&ret();
+
+	&set_label("maw_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ebp";
+	$r="edi";
+	$c="esi";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+
+	&mov("ecx",&wparam(2));	#
+	&mov($a,&wparam(1));	#
+
+	&and("ecx",0xfffffff8);	# num / 8
+	&mov($w,&wparam(3));	#
+
+	&push("ecx");		# Up the stack for a tmp variable
+
+	&jz(&label("maw_finish"));
+
+	&set_label("maw_loop",16);
+
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+= c
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",&DWP($i,$r));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r),"eax");	# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&sub("ecx",8);
+	&lea($a,&DWP(32,$a));
+	&lea($r,&DWP(32,$r));
+	&jnz(&label("maw_loop"));
+
+	&set_label("maw_finish",0);
+	&mov("ecx",&wparam(2));	# get num
+	&and("ecx",7);
+	&jnz(&label("maw_finish2"));	# helps branch prediction
+	&jmp(&label("maw_end"));
+
+	&set_label("maw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a));	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		&adc("edx",0);			# H(t)+=carry
+		 &add("eax",&DWP($i*4,$r));	# L(t)+= *r
+		&adc("edx",0);			# H(t)+=carry
+		 &dec("ecx") if ($i != 7-1);
+		&mov(&DWP($i*4,$r),"eax");	# *r= L(t);
+		 &mov($c,"edx");		# c=  H(t);
+		&jz(&label("maw_end")) if ($i != 7-1);
+		}
+	&set_label("maw_end",0);
+	&mov("eax",$c);
+
+	&pop("ecx");	# clear variable from
+
+	&function_end($name);
+	}
+
+sub bn_mul_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("mw_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+		&movd("mm0",&wparam(3));	# mm0 = w
+		&pxor("mm1","mm1");		# mm1 = carry = 0
+
+	&set_label("mw_sse2_loop",16);
+		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
+		&pmuludq("mm2","mm0");		# a[i] *= w
+		&lea($a,&DWP(4,$a));
+		&paddq("mm1","mm2");		# carry += a[i]*w
+		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
+		&sub($c,1);
+		&psrlq("mm1",32);		# carry = carry_high
+		&lea($r,&DWP(4,$r));
+		&jnz(&label("mw_sse2_loop"));
+
+		&movd("eax","mm1");		# return carry
+		&emms();
+		&ret();
+	&set_label("mw_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$Low="eax";
+	$High="edx";
+	$a="ebx";
+	$w="ecx";
+	$r="edi";
+	$c="esi";
+	$num="ebp";
+
+	&xor($c,$c);		# clear carry
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+	&mov($w,&wparam(3));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("mw_finish"));
+
+	&set_label("mw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+
+		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
+
+		&mov($c,"edx");			# c=  H(t);
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jz(&label("mw_finish"));
+	&jmp(&label("mw_loop"));
+
+	&set_label("mw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jnz(&label("mw_finish2"));
+	&jmp(&label("mw_end"));
+
+	&set_label("mw_finish2",1);
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		 &mov("eax",&DWP($i*4,$a,"",0));# *a
+		&mul($w);			# *a * w
+		&add("eax",$c);			# L(t)+=c
+		 # XXX
+		&adc("edx",0);			# H(t)+=carry
+		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+		&mov($c,"edx");			# c=  H(t);
+		 &dec($num) if ($i != 7-1);
+		&jz(&label("mw_end")) if ($i != 7-1);
+		}
+	&set_label("mw_end",0);
+	&mov("eax",$c);
+
+	&function_end($name);
+	}
+
+sub bn_sqr_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+
+	$r="eax";
+	$a="edx";
+	$c="ecx";
+
+	if ($sse2) {
+		&picmeup("eax","OPENSSL_ia32cap_P");
+		&bt(&DWP(0,"eax"),26);
+		&jnc(&label("sqr_non_sse2"));
+
+		&mov($r,&wparam(0));
+		&mov($a,&wparam(1));
+		&mov($c,&wparam(2));
+
+	&set_label("sqr_sse2_loop",16);
+		&movd("mm0",&DWP(0,$a));	# mm0 = a[i]
+		&pmuludq("mm0","mm0");		# a[i] *= a[i]
+		&lea($a,&DWP(4,$a));		# a++
+		&movq(&QWP(0,$r),"mm0");	# r[i] = a[i]*a[i]
+		&sub($c,1);
+		&lea($r,&DWP(8,$r));		# r += 2
+		&jnz(&label("sqr_sse2_loop"));
+
+		&emms();
+		&ret();
+	&set_label("sqr_non_sse2",16);
+	}
+
+	# function_begin prologue
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	$r="esi";
+	$a="edi";
+	$num="ebx";
+
+	&mov($r,&wparam(0));	#
+	&mov($a,&wparam(1));	#
+	&mov($num,&wparam(2));	#
+
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("sw_finish"));
+
+	&set_label("sw_loop",0);
+	for ($i=0; $i<32; $i+=4)
+		{
+		&comment("Round $i");
+		&mov("eax",&DWP($i,$a,"",0)); 	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*2,$r,"",0),"eax");	#
+		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+		}
+
+	&comment("");
+	&add($a,32);
+	&add($r,64);
+	&sub($num,8);
+	&jnz(&label("sw_loop"));
+
+	&set_label("sw_finish",0);
+	&mov($num,&wparam(2));	# get num
+	&and($num,7);
+	&jz(&label("sw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov("eax",&DWP($i*4,$a,"",0));	# *a
+		 # XXX
+		&mul("eax");			# *a * *a
+		&mov(&DWP($i*8,$r,"",0),"eax");	#
+		 &dec($num) if ($i != 7-1);
+		&mov(&DWP($i*8+4,$r,"",0),"edx");
+		 &jz(&label("sw_end")) if ($i != 7-1);
+		}
+	&set_label("sw_end",0);
+
+	&function_end($name);
+	}
+
+sub bn_div_words
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"");
+	&mov("edx",&wparam(0));	#
+	&mov("eax",&wparam(1));	#
+	&mov("ecx",&wparam(2));	#
+	&div("ecx");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_add_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&add($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &add($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_part_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP(0,$a,"",0));	# *a
+		 &mov($tmp2,&DWP(0,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		&mov(&DWP(0,$r,"",0),$tmp1);	# *r
+		&add($a, 4);
+		&add($b, 4);
+		&add($r, 4);
+		 &dec($num) if ($i != 6);
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+	&cmp(&wparam(4),0);
+	&je(&label("pw_end"));
+
+	&mov($num,&wparam(4));	# get dl
+	&cmp($num,0);
+	&je(&label("pw_end"));
+	&jge(&label("pw_pos"));
+
+	&comment("pw_neg");
+	&mov($tmp2,0);
+	&sub($tmp2,$num);
+	&mov($num,$tmp2);
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_neg_finish"));
+
+	&set_label("pw_neg_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl<0 Round $i");
+
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+	}
+	    
+	&comment("");
+	&add($b,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_neg_loop"));
+	    
+	&set_label("pw_neg_finish",0);
+	&mov($tmp2,&wparam(4));	# get dl
+	&mov($num,0);
+	&sub($num,$tmp2);
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl<0 Tail Round $i");
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &dec($num) if ($i != 6);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+
+	&jmp(&label("pw_end"));
+	
+	&set_label("pw_pos",0);
+	
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_pos_finish"));
+
+	&set_label("pw_pos_loop",0);
+
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl>0 Round $i");
+
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_nc".$i));
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_pos_loop"));
+	    
+	&set_label("pw_pos_finish",0);
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl>0 Tail Round $i");
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_tail_nc".$i));
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+	&mov($c,1);
+	&jmp(&label("pw_end"));
+
+	&set_label("pw_nc_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_nc".$i,0);
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_nc_loop"));
+	    
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_nc_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_tail_nc".$i,0);
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_nc_end")) if ($i != 6);
+	}
+
+	&set_label("pw_nc_end",0);
+	&mov($c,0);
+
+	&set_label("pw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
diff --git a/openssl-1.1.0h/crypto/bn/asm/bn-c64xplus.asm b/openssl-1.1.0h/crypto/bn/asm/bn-c64xplus.asm
new file mode 100644
index 0000000..de6d377
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/bn-c64xplus.asm
@@ -0,0 +1,382 @@
+;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+;;
+;; Licensed under the OpenSSL license (the "License").  You may not use
+;; this file except in compliance with the License.  You can obtain a copy
+;; in the file LICENSE in the source distribution or at
+;; https://www.openssl.org/source/license.html
+;;
+;;====================================================================
+;; Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+;; project.
+;;
+;; Rights for redistribution and usage in source and binary forms are
+;; granted according to the OpenSSL license. Warranty of any kind is
+;; disclaimed.
+;;====================================================================
+;; Compiler-generated multiply-n-add SPLOOP runs at 12*n cycles, n
+;; being the number of 32-bit words, addition - 8*n. Corresponding 4x
+;; unrolled SPLOOP-free loops - at ~8*n and ~5*n. Below assembler
+;; SPLOOPs spin at ... 2*n cycles [plus epilogue].
+;;====================================================================
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	bn_mul_add_words,_bn_mul_add_words
+	.asg	bn_mul_words,_bn_mul_words
+	.asg	bn_sqr_words,_bn_sqr_words
+	.asg	bn_add_words,_bn_add_words
+	.asg	bn_sub_words,_bn_sub_words
+	.asg	bn_div_words,_bn_div_words
+	.asg	bn_sqr_comba8,_bn_sqr_comba8
+	.asg	bn_mul_comba8,_bn_mul_comba8
+	.asg	bn_sqr_comba4,_bn_sqr_comba4
+	.asg	bn_mul_comba4,_bn_mul_comba4
+	.endif
+
+	.asg	B3,RA
+	.asg	A4,ARG0
+	.asg	B4,ARG1
+	.asg	A6,ARG2
+	.asg	B6,ARG3
+	.asg	A8,ARG4
+	.asg	B8,ARG5
+	.asg	A4,RET
+	.asg	A15,FP
+	.asg	B14,DP
+	.asg	B15,SP
+
+	.global	_bn_mul_add_words
+_bn_mul_add_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A19		; high part of accumulator
+|| [B0]	MV	ARG0,A2
+|| [B0]	MV	ARG3,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,B7	; ap[i]
+	NOP	3
+	LDW	*ARG0++,A7	; rp[i]
+	MPY32U	B7,A3,A17:A16
+	NOP	3		; [2,0] in epilogue
+	ADDU	A16,A7,A21:A20
+	ADDU	A19,A21:A20,A19:A18
+||	MV.S	A17,A23
+	SPKERNEL 2,1		; leave slot for "return value"
+||	STW	A18,*A2++	; rp[i]
+||	ADD	A19,A23,A19
+;;====================================================================
+	BNOP	RA,4
+	MV	A19,RET		; return value
+	.endasmfunc
+
+	.global	_bn_mul_words
+_bn_mul_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A19		; high part of accumulator
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,A7	; ap[i]
+	NOP	4
+	MPY32U	A7,ARG3,A17:A16
+	NOP	4		; [2,0] in epiloque
+	ADDU	A19,A16,A19:A18
+||	MV.S	A17,A21
+	SPKERNEL 2,1		; leave slot for "return value"
+||	STW	A18,*ARG0++	; rp[i]
+||	ADD.L	A19,A21,A19
+;;====================================================================
+	BNOP	RA,4
+	MV	A19,RET		; return value
+	.endasmfunc
+
+	.global	_bn_sqr_words
+_bn_sqr_words:
+	.asmfunc
+	MV	ARG2,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	MV	ARG0,B2
+|| [B0]	ADD	4,ARG0,ARG0
+	NOP	3
+
+	SPLOOP	2		; 2*n+10
+;;====================================================================
+	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	MPY32U	B7,B7,B1:B0
+	NOP	3		; [2,0] in epilogue
+	STW	B0,*B2++(8)	; rp[2*i]
+	MV	B1,A1
+	SPKERNEL 2,0		; fully overlap BNOP RA,5
+||	STW	A1,*ARG0++(8)	; rp[2*i+1]
+;;====================================================================
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_bn_add_words
+_bn_add_words:
+	.asmfunc
+	MV	ARG3,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A1		; carry flag
+|| [B0]	MV	ARG0,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+6
+;;====================================================================
+	LDW	*ARG2++,A7	; bp[i]
+||	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	ADDU	A7,B7,A9:A8
+	ADDU	A1,A9:A8,A1:A0
+	SPKERNEL 0,0		; fully overlap BNOP RA,5
+||	STW	A0,*A3++	; write result
+||	MV	A1,RET		; keep carry flag in RET
+;;====================================================================
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_bn_sub_words
+_bn_sub_words:
+	.asmfunc
+	MV	ARG3,B0
+  [!B0]	BNOP	RA
+||[!B0]	MVK	0,RET
+   [B0]	MVC	B0,ILC
+   [B0]	ZERO	A2		; borrow flag
+|| [B0]	MV	ARG0,A3
+	NOP	3
+
+	SPLOOP	2		; 2*n+6
+;;====================================================================
+	LDW	*ARG2++,A7	; bp[i]
+||	LDW	*ARG1++,B7	; ap[i]
+	NOP	4
+	SUBU	B7,A7,A1:A0
+  [A2]	SUB	A1:A0,1,A1:A0
+	SPKERNEL 0,1		; leave slot for "return borrow flag"
+||	STW	A0,*A3++	; write result
+||	AND	1,A1,A2		; pass on borrow flag
+;;====================================================================
+	BNOP	RA,4
+	AND	1,A1,RET	; return borrow flag
+	.endasmfunc
+
+	.global	_bn_div_words
+_bn_div_words:
+	.asmfunc
+	LMBD	1,A6,A0		; leading zero bits in dv
+	LMBD	1,A4,A1		; leading zero bits in hi
+||	MVK	32,B0
+	CMPLTU	A1,A0,A2
+||	ADD	A0,B0,B0
+  [ A2]	BNOP	RA
+||[ A2]	MVK	-1,A4		; return overflow
+||[!A2]	MV	A4,A3		; reassign hi
+  [!A2]	MV	B4,A4		; reassign lo, will be quotient
+||[!A2]	MVC	B0,ILC
+  [!A2]	SHL	A6,A0,A6	; normalize dv
+||	MVK	1,A1
+
+  [!A2]	CMPLTU	A3,A6,A1	; hi<dv?
+||[!A2]	SHL	A4,1,A5:A4	; lo<<1
+  [!A1]	SUB	A3,A6,A3	; hi-=dv
+||[!A1]	OR	1,A4,A4
+  [!A2]	SHRU	A3,31,A1	; upper bit
+||[!A2]	ADDAH	A5,A3,A3	; hi<<1|lo>>31
+
+	SPLOOP	3
+  [!A1]	CMPLTU	A3,A6,A1	; hi<dv?
+||[ A1]	ZERO	A1
+||	SHL	A4,1,A5:A4	; lo<<1
+  [!A1]	SUB	A3,A6,A3	; hi-=dv
+||[!A1]	OR	1,A4,A4		; quotient
+	SHRU	A3,31,A1	; upper bit
+||	ADDAH	A5,A3,A3	; hi<<1|lo>>31
+	SPKERNEL
+
+	BNOP	RA,5
+	.endasmfunc
+
+;;====================================================================
+;; Not really Comba algorithm, just straightforward NxM... Dedicated
+;; fully unrolled real Comba implementations are asymptotically 2x
+;; faster, but naturally larger undertaking. Purpose of this exercise
+;; was rather to learn to master nested SPLOOPs...
+;;====================================================================
+	.global	_bn_sqr_comba8
+	.global	_bn_mul_comba8
+_bn_sqr_comba8:
+	MV	ARG1,ARG2
+_bn_mul_comba8:
+	.asmfunc
+	MVK	8,B0		; N, RILC
+||	MVK	8,A0		; M, outer loop counter
+||	MV	ARG1,A5		; copy ap
+||	MV	ARG0,B4		; copy rp
+||	ZERO	B19		; high part of accumulator
+	MVC	B0,RILC
+||	SUB	B0,2,B1		; N-2, initial ILC
+||	SUB	B0,1,B2		; const B2=N-1
+||	LDW	*A5++,B6	; ap[0]
+||	MV	A0,A3		; const A3=M
+sploopNxM?:			; for best performance arrange M<=N
+   [A0]	SPLOOPD	2		; 2*n+10
+||	MVC	B1,ILC
+||	ADDAW	B4,B0,B5
+||	ZERO	B7
+||	LDW	*A5++,A9	; pre-fetch ap[1]
+||	ZERO	A1
+||	SUB	A0,1,A0
+;;====================================================================
+;; SPLOOP from bn_mul_add_words, but with flipped A<>B register files.
+;; This is because of Advisory 15 from TI publication SPRZ247I.
+	LDW	*ARG2++,A7	; bp[i]
+	NOP	3
+   [A1]	LDW	*B5++,B7	; rp[i]
+	MPY32U	A7,B6,B17:B16
+	NOP	3
+	ADDU	B16,B7,B21:B20
+	ADDU	B19,B21:B20,B19:B18
+||	MV.S	B17,B23
+	SPKERNEL
+||	STW	B18,*B4++	; rp[i]
+||	ADD.S	B19,B23,B19
+;;====================================================================
+outer?:				; m*2*(n+1)+10
+	SUBAW	ARG2,A3,ARG2	; rewind bp to bp[0]
+	SPMASKR
+||	CMPGT	A0,1,A2		; done pre-fetching ap[i+1]?
+	MVD	A9,B6		; move through .M unit(*)
+   [A2]	LDW	*A5++,A9	; pre-fetch ap[i+1]
+	SUBAW	B5,B2,B5	; rewind rp to rp[1]
+	MVK	1,A1
+   [A0]	BNOP.S1	outer?,4
+|| [A0]	SUB.L	A0,1,A0
+	STW	B19,*B4--[B2]	; rewind rp tp rp[1]
+||	ZERO.S	B19		; high part of accumulator
+;; end of outer?
+	BNOP	RA,5		; return
+	.endasmfunc
+;; (*)	It should be noted that B6 is used as input to MPY32U in
+;;	chronologically next cycle in *preceding* SPLOOP iteration.
+;;	Normally such arrangement would require DINT, but at this
+;;	point SPLOOP is draining and interrupts are disabled
+;;	implicitly.
+
+	.global	_bn_sqr_comba4
+	.global	_bn_mul_comba4
+_bn_sqr_comba4:
+	MV	ARG1,ARG2
+_bn_mul_comba4:
+	.asmfunc
+	.if	0
+	BNOP	sploopNxM?,3
+	;; Above mentioned m*2*(n+1)+10 does not apply in n=m=4 case,
+	;; because of low-counter effect, when prologue phase finishes
+	;; before SPKERNEL instruction is reached. As result it's 25%
+	;; slower than expected...
+	MVK	4,B0		; N, RILC
+||	MVK	4,A0		; M, outer loop counter
+||	MV	ARG1,A5		; copy ap
+||	MV	ARG0,B4		; copy rp
+||	ZERO	B19		; high part of accumulator
+	MVC	B0,RILC
+||	SUB	B0,2,B1		; first ILC
+||	SUB	B0,1,B2		; const B2=N-1
+||	LDW	*A5++,B6	; ap[0]
+||	MV	A0,A3		; const A3=M
+	.else
+	;; This alternative is an exercise in fully unrolled Comba
+	;; algorithm implementation that operates at n*(n+1)+12, or
+	;; as little as 32 cycles...
+	LDW	*ARG1[0],B16	; a[0]
+||	LDW	*ARG2[0],A16	; b[0]
+	LDW	*ARG1[1],B17	; a[1]
+||	LDW	*ARG2[1],A17	; b[1]
+	LDW	*ARG1[2],B18	; a[2]
+||	LDW	*ARG2[2],A18	; b[2]
+	LDW	*ARG1[3],B19	; a[3]
+||	LDW	*ARG2[3],A19	; b[3]
+	NOP
+	MPY32U	A16,B16,A1:A0	; a[0]*b[0]
+	MPY32U	A17,B16,A23:A22	; a[0]*b[1]
+	MPY32U	A16,B17,A25:A24	; a[1]*b[0]
+	MPY32U	A16,B18,A27:A26	; a[2]*b[0]
+	STW	A0,*ARG0[0]
+||	MPY32U	A17,B17,A29:A28	; a[1]*b[1]
+	MPY32U	A18,B16,A31:A30	; a[0]*b[2]
+||	ADDU	A22,A1,A1:A0
+	MV	A23,B0
+||	MPY32U	A19,B16,A21:A20	; a[3]*b[0]
+||	ADDU	A24,A1:A0,A1:A0
+	ADDU	A25,B0,B1:B0
+||	STW	A0,*ARG0[1]
+||	MPY32U	A18,B17,A23:A22	; a[2]*b[1]
+||	ADDU	A26,A1,A9:A8
+	ADDU	A27,B1,B9:B8
+||	MPY32U	A17,B18,A25:A24	; a[1]*b[2]
+||	ADDU	A28,A9:A8,A9:A8
+	ADDU	A29,B9:B8,B9:B8
+||	MPY32U	A16,B19,A27:A26	; a[0]*b[3]
+||	ADDU	A30,A9:A8,A9:A8
+	ADDU	A31,B9:B8,B9:B8
+||	ADDU	B0,A9:A8,A9:A8
+	STW	A8,*ARG0[2]
+||	ADDU	A20,A9,A1:A0
+	ADDU	A21,B9,B1:B0
+||	MPY32U	A19,B17,A21:A20	; a[3]*b[1]
+||	ADDU	A22,A1:A0,A1:A0
+	ADDU	A23,B1:B0,B1:B0
+||	MPY32U	A18,B18,A23:A22	; a[2]*b[2]
+||	ADDU	A24,A1:A0,A1:A0
+	ADDU	A25,B1:B0,B1:B0
+||	MPY32U	A17,B19,A25:A24	; a[1]*b[3]
+||	ADDU	A26,A1:A0,A1:A0
+	ADDU	A27,B1:B0,B1:B0
+||	ADDU	B8,A1:A0,A1:A0
+	STW	A0,*ARG0[3]
+||	MPY32U	A19,B18,A27:A26	; a[3]*b[2]
+||	ADDU	A20,A1,A9:A8
+	ADDU	A21,B1,B9:B8
+||	MPY32U	A18,B19,A29:A28	; a[2]*b[3]
+||	ADDU	A22,A9:A8,A9:A8
+	ADDU	A23,B9:B8,B9:B8
+||	MPY32U	A19,B19,A31:A30	; a[3]*b[3]
+||	ADDU	A24,A9:A8,A9:A8
+	ADDU	A25,B9:B8,B9:B8
+||	ADDU	B0,A9:A8,A9:A8
+	STW	A8,*ARG0[4]
+||	ADDU	A26,A9,A1:A0
+	ADDU	A27,B9,B1:B0
+||	ADDU	A28,A1:A0,A1:A0
+	ADDU	A29,B1:B0,B1:B0
+||	BNOP	RA
+||	ADDU	B8,A1:A0,A1:A0
+	STW	A0,*ARG0[5]
+||	ADDU	A30,A1,A9:A8
+	ADD	A31,B1,B8
+	ADDU	B0,A9:A8,A9:A8	; removed || to avoid cross-path stall below
+	ADD	B8,A9,A9
+||	STW	A8,*ARG0[6]
+	STW	A9,*ARG0[7]
+	.endif
+	.endasmfunc
diff --git a/openssl-1.1.0h/crypto/bn/asm/c64xplus-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/c64xplus-gf2m.pl
new file mode 100644
index 0000000..c0e5400
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/c64xplus-gf2m.pl
@@ -0,0 +1,160 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2012
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication
+# used in bn_gf2m.c. It's kind of low-hanging mechanical port from
+# C for the time being... The subroutine runs in 37 cycles, which is
+# 4.5x faster than compiler-generated code. Though comparison is
+# totally unfair, because this module utilizes Galois Field Multiply
+# instruction.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($rp,$a1,$a0,$b1,$b0)=("A4","B4","A6","B6","A8");   # argument vector
+
+($Alo,$Alox0,$Alox1,$Alox2,$Alox3)=map("A$_",(16..20));
+($Ahi,$Ahix0,$Ahix1,$Ahix2,$Ahix3)=map("B$_",(16..20));
+($B_0,$B_1,$B_2,$B_3)=("B5","A5","A7","B7");
+($A,$B)=($Alo,$B_1);
+$xFF="B1";
+
+sub mul_1x1_upper {
+my ($A,$B)=@_;
+$code.=<<___;
+	EXTU	$B,8,24,$B_2		; smash $B to 4 bytes
+||	AND	$B,$xFF,$B_0
+||	SHRU	$B,24,$B_3
+	SHRU	$A,16,   $Ahi		; smash $A to two halfwords
+||	EXTU	$A,16,16,$Alo
+
+	XORMPY	$Alo,$B_2,$Alox2	; 16x8 bits muliplication
+||	XORMPY	$Ahi,$B_2,$Ahix2
+||	EXTU	$B,16,24,$B_1
+	XORMPY	$Alo,$B_0,$Alox0
+||	XORMPY	$Ahi,$B_0,$Ahix0
+	XORMPY	$Alo,$B_3,$Alox3
+||	XORMPY	$Ahi,$B_3,$Ahix3
+	XORMPY	$Alo,$B_1,$Alox1
+||	XORMPY	$Ahi,$B_1,$Ahix1
+___
+}
+sub mul_1x1_merged {
+my ($OUTlo,$OUThi,$A,$B)=@_;
+$code.=<<___;
+	 EXTU	$B,8,24,$B_2		; smash $B to 4 bytes
+||	 AND	$B,$xFF,$B_0
+||	 SHRU	$B,24,$B_3
+	 SHRU	$A,16,   $Ahi		; smash $A to two halfwords
+||	 EXTU	$A,16,16,$Alo
+
+	XOR	$Ahix0,$Alox2,$Ahix0
+||	MV	$Ahix2,$OUThi
+||	 XORMPY	$Alo,$B_2,$Alox2
+	 XORMPY	$Ahi,$B_2,$Ahix2
+||	 EXTU	$B,16,24,$B_1
+||	 XORMPY	$Alo,$B_0,A1		; $Alox0
+	XOR	$Ahix1,$Alox3,$Ahix1
+||	SHL	$Ahix0,16,$OUTlo
+||	SHRU	$Ahix0,16,$Ahix0
+	XOR	$Alox0,$OUTlo,$OUTlo
+||	XOR	$Ahix0,$OUThi,$OUThi
+||	 XORMPY	$Ahi,$B_0,$Ahix0
+||	 XORMPY	$Alo,$B_3,$Alox3
+||	SHL	$Alox1,8,$Alox1
+||	SHL	$Ahix3,8,$Ahix3
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix3,$OUThi,$OUThi
+||	 XORMPY	$Ahi,$B_3,$Ahix3
+||	SHL	$Ahix1,24,$Alox1
+||	SHRU	$Ahix1,8, $Ahix1
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix1,$OUThi,$OUThi
+||	 XORMPY	$Alo,$B_1,$Alox1
+||	 XORMPY	$Ahi,$B_1,$Ahix1
+||	 MV	A1,$Alox0
+___
+}
+sub mul_1x1_lower {
+my ($OUTlo,$OUThi)=@_;
+$code.=<<___;
+	;NOP
+	XOR	$Ahix0,$Alox2,$Ahix0
+||	MV	$Ahix2,$OUThi
+	NOP
+	XOR	$Ahix1,$Alox3,$Ahix1
+||	SHL	$Ahix0,16,$OUTlo
+||	SHRU	$Ahix0,16,$Ahix0
+	XOR	$Alox0,$OUTlo,$OUTlo
+||	XOR	$Ahix0,$OUThi,$OUThi
+||	SHL	$Alox1,8,$Alox1
+||	SHL	$Ahix3,8,$Ahix3
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix3,$OUThi,$OUThi
+||	SHL	$Ahix1,24,$Alox1
+||	SHRU	$Ahix1,8, $Ahix1
+	XOR	$Alox1,$OUTlo,$OUTlo
+||	XOR	$Ahix1,$OUThi,$OUThi
+___
+}
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	bn_GF2m_mul_2x2,_bn_GF2m_mul_2x2
+	.endif
+
+	.global	_bn_GF2m_mul_2x2
+_bn_GF2m_mul_2x2:
+	.asmfunc
+	MVK	0xFF,$xFF
+___
+	&mul_1x1_upper($a0,$b0);		# a0·b0
+$code.=<<___;
+||	MV	$b1,$B
+	MV	$a1,$A
+___
+	&mul_1x1_merged("A28","B28",$A,$B);	# a0·b0/a1·b1
+$code.=<<___;
+||	XOR	$b0,$b1,$B
+	XOR	$a0,$a1,$A
+___
+	&mul_1x1_merged("A31","B31",$A,$B);	# a1·b1/(a0+a1)·(b0+b1)
+$code.=<<___;
+	XOR	A28,A31,A29
+||	XOR	B28,B31,B29			; a0·b0+a1·b1
+___
+	&mul_1x1_lower("A30","B30");		# (a0+a1)·(b0+b1)
+$code.=<<___;
+||	BNOP	B3
+	XOR	A29,A30,A30
+||	XOR	B29,B30,B30			; (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	XOR	B28,A30,A30
+||	STW	A28,*${rp}[0]
+	XOR	B30,A31,A31
+||	STW	A30,*${rp}[1]
+	STW	A31,*${rp}[2]
+	STW	B31,*${rp}[3]
+	.endasmfunc
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/co-586.pl b/openssl-1.1.0h/crypto/bn/asm/co-586.pl
new file mode 100644
index 0000000..60d0363
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/co-586.pl
@@ -0,0 +1,298 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+close STDOUT;
+
+sub mul_add_c
+	{
+	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("mul a[$ai]*b[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	&mul("edx");
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	}
+
+sub sqr_add_c
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
+	}
+
+sub sqr_add_c2
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$a,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add("eax","eax");
+	 ###
+	&adc("edx","edx");
+	 ###
+	&adc($c2,0);
+	 &add($c0,"eax");
+	&adc($c1,"edx");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
+	&adc($c2,0);
+	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+	 ###
+	}
+
+sub bn_mul_comba
+	{
+	local($name,$num)=@_;
+	local($a,$b,$c0,$c1,$c2);
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$b="edi";
+	
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	&push("esi");
+	 &mov($a,&wparam(1));
+	&push("edi");
+	 &mov($b,&wparam(2));
+	&push("ebp");
+	 &push("ebx");
+
+	&xor($c0,$c0);
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
+	&xor($c1,$c1);
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("################## Calculate word $i"); 
+
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($j+1) == $end)
+				{
+				$v=1;
+				$v=2 if (($i+1) == $tot);
+				}
+			else
+				{ $v=0; }
+			if (($j+1) != $end)
+				{
+				$na=($ai-1);
+				$nb=($bi+1);
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				# &mov("eax",&wparam(0));
+				# &mov(&DWP($i*4,"eax","",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&comment("save r[$i]");
+	# &mov("eax",&wparam(0));
+	&mov(&DWP($i*4,"eax","",0),$c0);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_sqr_comba
+	{
+	local($name,$num)=@_;
+	local($r,$a,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$r="edi";
+
+	&push("esi");
+	 &push("edi");
+	&push("ebp");
+	 &push("ebx");
+	&mov($r,&wparam(0));
+	 &mov($a,&wparam(1));
+	&xor($c0,$c0);
+	 &xor($c1,$c1);
+	&mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("############### Calculate word $i");
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($ai-1) < ($bi+1))
+				{
+				$v=1;
+				$v=2 if ($i+1) == $tot;
+				}
+			else
+				{ $v=0; }
+			if (!$v)
+				{
+				$na=$ai-1;
+				$nb=$bi+1;
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+			if ($ai == $bi)
+				{
+				&sqr_add_c($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			else
+				{
+				&sqr_add_c2($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				#&mov(&DWP($i*4,$r,"",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				last;
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&mov(&DWP($i*4,$r,"",0),$c0);
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
diff --git a/openssl-1.1.0h/crypto/bn/asm/ia64-mont.pl b/openssl-1.1.0h/crypto/bn/asm/ia64-mont.pl
new file mode 100644
index 0000000..5cc5c59
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/ia64-mont.pl
@@ -0,0 +1,860 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2010
+#
+# "Teaser" Montgomery multiplication module for IA-64. There are
+# several possibilities for improvement:
+#
+# - modulo-scheduling outer loop would eliminate quite a number of
+#   stalls after ldf8, xma and getf.sig outside inner loop and
+#   improve shorter key performance;
+# - shorter vector support [with input vectors being fetched only
+#   once] should be added;
+# - 2x unroll with help of n0[1] would make the code scalable on
+#   "wider" IA-64, "wider" than Itanium 2 that is, which is not of
+#   acute interest, because upcoming Tukwila's individual cores are
+#   reportedly based on Itanium 2 design;
+# - dedicated squaring procedure(?);
+#
+# January 2010
+#
+# Shorter vector support is implemented by zero-padding ap and np
+# vectors up to 8 elements, or 512 bits. This means that 256-bit
+# inputs will be processed only 2 times faster than 512-bit inputs,
+# not 4 [as one would expect, because algorithm complexity is n^2].
+# The reason for padding is that inputs shorter than 512 bits won't
+# be processed faster anyway, because minimal critical path of the
+# core loop happens to match 512-bit timing. Either way, it resulted
+# in >100% improvement of 512-bit RSA sign benchmark and 50% - of
+# 1024-bit one [in comparison to original version of *this* module].
+#
+# So far 'openssl speed rsa dsa' output on 900MHz Itanium 2 *with*
+# this module is:
+#                   sign    verify    sign/s verify/s
+# rsa  512 bits 0.000290s 0.000024s   3452.8  42031.4
+# rsa 1024 bits 0.000793s 0.000058s   1261.7  17172.0
+# rsa 2048 bits 0.005908s 0.000148s    169.3   6754.0
+# rsa 4096 bits 0.033456s 0.000469s     29.9   2133.6
+# dsa  512 bits 0.000253s 0.000198s   3949.9   5057.0
+# dsa 1024 bits 0.000585s 0.000607s   1708.4   1647.4
+# dsa 2048 bits 0.001453s 0.001703s    688.1    587.4
+#
+# ... and *without* (but still with ia64.S):
+#
+# rsa  512 bits 0.000670s 0.000041s   1491.8  24145.5
+# rsa 1024 bits 0.001988s 0.000080s    502.9  12499.3
+# rsa 2048 bits 0.008702s 0.000189s    114.9   5293.9
+# rsa 4096 bits 0.043860s 0.000533s     22.8   1875.9
+# dsa  512 bits 0.000441s 0.000427s   2265.3   2340.6
+# dsa 1024 bits 0.000823s 0.000867s   1215.6   1153.2
+# dsa 2048 bits 0.001894s 0.002179s    528.1    458.9
+#
+# As it can be seen, RSA sign performance improves by 130-30%,
+# hereafter less for longer keys, while verify - by 74-13%.
+# DSA performance improves by 115-30%.
+
+$output=pop;
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+
+$code=<<___;
+.explicit
+.text
+
+// int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap,
+//		    const BN_ULONG *bp,const BN_ULONG *np,
+//		    const BN_ULONG *n0p,int num);			
+.align	64
+.global	bn_mul_mont#
+.proc	bn_mul_mont#
+bn_mul_mont:
+	.prologue
+	.body
+{ .mmi;	cmp4.le		p6,p7=2,r37;;
+(p6)	cmp4.lt.unc	p8,p9=8,r37
+	mov		ret0=r0		};;
+{ .bbb;
+(p9)	br.cond.dptk.many	bn_mul_mont_8
+(p8)	br.cond.dpnt.many	bn_mul_mont_general
+(p7)	br.ret.spnt.many	b0	};;
+.endp	bn_mul_mont#
+
+prevfs=r2;	prevpr=r3;	prevlc=r10;	prevsp=r11;
+
+rptr=r8;	aptr=r9;	bptr=r14;	nptr=r15;
+tptr=r16;	// &tp[0]
+tp_1=r17;	// &tp[-1]
+num=r18;	len=r19;	lc=r20;
+topbit=r21;	// carry bit from tmp[num]
+
+n0=f6;
+m0=f7;
+bi=f8;
+
+.align	64
+.local	bn_mul_mont_general#
+.proc	bn_mul_mont_general#
+bn_mul_mont_general:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,6,2,0,8
+	$ADDP	aptr=0,in1
+	.save	ar.lc,prevlc
+	mov	prevlc=ar.lc		}
+{ .mmi;	.vframe	prevsp
+	mov	prevsp=sp
+	$ADDP	bptr=0,in2
+	.save	pr,prevpr
+	mov	prevpr=pr		};;
+
+	.body
+	.rotf		alo[6],nlo[4],ahi[8],nhi[6]
+	.rotr		a[3],n[3],t[2]
+
+{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
+	ldf8		alo[4]=[aptr],16	// ap[0]
+	$ADDP		r30=8,in1	};;
+{ .mmi;	ldf8		alo[3]=[r30],16		// ap[1]
+	ldf8		alo[2]=[aptr],16	// ap[2]
+	$ADDP		in4=0,in4	};;
+{ .mmi;	ldf8		alo[1]=[r30]		// ap[3]
+	ldf8		n0=[in4]		// n0
+	$ADDP		rptr=0,in0		}
+{ .mmi;	$ADDP		nptr=0,in3
+	mov		r31=16
+	zxt4		num=in5		};;
+{ .mmi;	ldf8		nlo[2]=[nptr],8		// np[0]
+	shladd		len=num,3,r0
+	shladd		r31=num,3,r31	};;
+{ .mmi;	ldf8		nlo[1]=[nptr],8		// np[1]
+	add		lc=-5,num
+	sub		r31=sp,r31	};;
+{ .mfb;	and		sp=-16,r31		// alloca
+	xmpy.hu		ahi[2]=alo[4],bi	// ap[0]*bp[0]
+	nop.b		0		}
+{ .mfb;	nop.m		0
+	xmpy.lu		alo[4]=alo[4],bi
+	brp.loop.imp	.L1st_ctop,.L1st_cend-16
+					};;
+{ .mfi;	nop.m		0
+	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[0]
+	add		tp_1=8,sp	}
+{ .mfi;	nop.m		0
+	xma.lu		alo[3]=alo[3],bi,ahi[2]
+	mov		pr.rot=0x20001f<<16
+			// ------^----- (p40) at first (p23)
+			// ----------^^ p[16:20]=1
+					};;
+{ .mfi;	nop.m		0
+	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[0])*n0
+	mov		ar.lc=lc	}
+{ .mfi;	nop.m		0
+	fcvt.fxu.s1	nhi[1]=f0
+	mov		ar.ec=8		};;
+
+.align	32
+.L1st_ctop:
+.pred.rel	"mutex",p40,p42
+{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
+	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
+	(p40)	add		n[2]=n[2],a[2]		}   // (p23)					}
+{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)(p16)
+	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
+	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
+{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
+	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
+	(p42)	cmp.leu		p41,p39=n[2],a[2]   	}   // (p23)
+{ .mfi;	(p23)	st8		[tp_1]=n[2],8
+	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
+	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
+{ .mmb;	(p21)	getf.sig	n[0]=nlo[3]
+	(p16)	nop.m		0
+	br.ctop.sptk	.L1st_ctop			};;
+.L1st_cend:
+
+{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
+	getf.sig	n[0]=nhi[4]
+	add		num=-1,num	};;	// num--
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	add		n[0]=n[0],a[0]
+(p42)	add		n[0]=n[0],a[0],1
+	sub		aptr=aptr,len	};;	// rewind
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	cmp.ltu		p41,p39=n[0],a[0]
+(p42)	cmp.leu		p41,p39=n[0],a[0]
+	sub		nptr=nptr,len	};;
+{ .mmi;	.pred.rel	"mutex",p39,p41
+(p39)	add		topbit=r0,r0
+(p41)	add		topbit=r0,r0,1
+	nop.i		0		}	
+{ .mmi;	st8		[tp_1]=n[0]
+	add		tptr=16,sp
+	add		tp_1=8,sp	};;
+
+.Louter:
+{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
+	ldf8		ahi[3]=[tptr]		// tp[0]
+	add		r30=8,aptr	};;
+{ .mmi;	ldf8		alo[4]=[aptr],16	// ap[0]
+	ldf8		alo[3]=[r30],16		// ap[1]
+	add		r31=8,nptr	};;
+{ .mfb;	ldf8		alo[2]=[aptr],16	// ap[2]
+	xma.hu		ahi[2]=alo[4],bi,ahi[3]	// ap[0]*bp[i]+tp[0]
+	brp.loop.imp	.Linner_ctop,.Linner_cend-16
+					}
+{ .mfb;	ldf8		alo[1]=[r30]		// ap[3]
+	xma.lu		alo[4]=alo[4],bi,ahi[3]
+	clrrrb.pr			};;
+{ .mfi;	ldf8		nlo[2]=[nptr],16	// np[0]
+	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[i]
+	nop.i		0		}
+{ .mfi;	ldf8		nlo[1]=[r31]		// np[1]
+	xma.lu		alo[3]=alo[3],bi,ahi[2]
+	mov		pr.rot=0x20101f<<16
+			// ------^----- (p40) at first (p23)
+			// --------^--- (p30) at first (p22)
+			// ----------^^ p[16:20]=1
+					};;
+{ .mfi;	st8		[tptr]=r0		// tp[0] is already accounted
+	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[i]+tp[0])*n0
+	mov		ar.lc=lc	}
+{ .mfi;
+	fcvt.fxu.s1	nhi[1]=f0
+	mov		ar.ec=8		};;
+
+// This loop spins in 4*(n+7) ticks on Itanium 2 and should spin in
+// 7*(n+7) ticks on Itanium (the one codenamed Merced). Factor of 7
+// in latter case accounts for two-tick pipeline stall, which means
+// that its performance would be ~20% lower than optimal one. No
+// attempt was made to address this, because original Itanium is
+// hardly represented out in the wild...
+.align	32
+.Linner_ctop:
+.pred.rel	"mutex",p40,p42
+.pred.rel	"mutex",p30,p32
+{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
+	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
+	(p40)	add		n[2]=n[2],a[2]		}   // (p23)
+{ .mfi;	(p16)	nop.m		0
+	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
+	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
+{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
+	(p16)	nop.f		0
+	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
+{ .mfi;	(p21)	ld8		t[0]=[tptr],8
+	(p16)	nop.f		0
+	(p42)	cmp.leu		p41,p39=n[2],a[2]	};; // (p23)
+{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)
+	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
+	(p30)	add		a[1]=a[1],t[1]		}   // (p22)
+{ .mfi;	(p16)	nop.m		0
+	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
+	(p32)	add		a[1]=a[1],t[1],1	};; // (p22)
+{ .mmi;	(p21)	getf.sig	n[0]=nlo[3]
+	(p16)	nop.m		0
+	(p30)	cmp.ltu		p31,p29=a[1],t[1]	}   // (p22)
+{ .mmb;	(p23)	st8		[tp_1]=n[2],8
+	(p32)	cmp.leu		p31,p29=a[1],t[1]	    // (p22)
+	br.ctop.sptk	.Linner_ctop			};;
+.Linner_cend:
+
+{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
+	getf.sig	n[0]=nhi[4]
+	nop.i		0		};;
+
+{ .mmi;	.pred.rel	"mutex",p31,p33
+(p31)	add		a[0]=a[0],topbit
+(p33)	add		a[0]=a[0],topbit,1
+	mov		topbit=r0	};;
+{ .mfi; .pred.rel	"mutex",p31,p33
+(p31)	cmp.ltu		p32,p30=a[0],topbit
+(p33)	cmp.leu		p32,p30=a[0],topbit
+					}
+{ .mfi;	.pred.rel	"mutex",p40,p42
+(p40)	add		n[0]=n[0],a[0]
+(p42)	add		n[0]=n[0],a[0],1
+					};;
+{ .mmi;	.pred.rel	"mutex",p44,p46
+(p40)	cmp.ltu		p41,p39=n[0],a[0]
+(p42)	cmp.leu		p41,p39=n[0],a[0]
+(p32)	add		topbit=r0,r0,1	}
+
+{ .mmi;	st8		[tp_1]=n[0],8
+	cmp4.ne		p6,p0=1,num
+	sub		aptr=aptr,len	};;	// rewind
+{ .mmi;	sub		nptr=nptr,len
+(p41)	add		topbit=r0,r0,1
+	add		tptr=16,sp	}
+{ .mmb;	add		tp_1=8,sp
+	add		num=-1,num		// num--
+(p6)	br.cond.sptk.many	.Louter	};;
+
+{ .mbb;	add		lc=4,lc
+	brp.loop.imp	.Lsub_ctop,.Lsub_cend-16
+	clrrrb.pr			};;
+{ .mii;	nop.m		0
+	mov		pr.rot=0x10001<<16
+			// ------^---- (p33) at first (p17)
+	mov		ar.lc=lc	}
+{ .mii;	nop.m		0
+	mov		ar.ec=3
+	nop.i		0		};;
+
+.Lsub_ctop:
+.pred.rel	"mutex",p33,p35
+{ .mfi;	(p16)	ld8		t[0]=[tptr],8		    // t=*(tp++)
+	(p16)	nop.f		0
+	(p33)	sub		n[1]=t[1],n[1]		}   // (p17)
+{ .mfi;	(p16)	ld8		n[0]=[nptr],8		    // n=*(np++)
+	(p16)	nop.f		0
+	(p35)	sub		n[1]=t[1],n[1],1	};; // (p17)
+{ .mib;	(p18)	st8		[rptr]=n[2],8		    // *(rp++)=r
+	(p33)	cmp.gtu		p34,p32=n[1],t[1]	    // (p17)
+	(p18)	nop.b		0			}
+{ .mib;	(p18)	nop.m		0
+	(p35)	cmp.geu		p34,p32=n[1],t[1]	    // (p17)
+	br.ctop.sptk	.Lsub_ctop			};;
+.Lsub_cend:
+
+{ .mmb;	.pred.rel	"mutex",p34,p36
+(p34)	sub	topbit=topbit,r0	// (p19)
+(p36)	sub	topbit=topbit,r0,1
+	brp.loop.imp	.Lcopy_ctop,.Lcopy_cend-16
+					}
+{ .mmb;	sub	rptr=rptr,len		// rewind
+	sub	tptr=tptr,len
+	clrrrb.pr			};;
+{ .mmi;	and	aptr=tptr,topbit
+	andcm	bptr=rptr,topbit
+	mov	pr.rot=1<<16		};;
+{ .mii;	or	nptr=aptr,bptr
+	mov	ar.lc=lc
+	mov	ar.ec=3			};;
+
+.Lcopy_ctop:
+{ .mmb;	(p16)	ld8	n[0]=[nptr],8
+	(p18)	st8	[tptr]=r0,8
+	(p16)	nop.b	0		}
+{ .mmb;	(p16)	nop.m	0
+	(p18)	st8	[rptr]=n[2],8
+	br.ctop.sptk	.Lcopy_ctop	};;
+.Lcopy_cend:
+
+{ .mmi;	mov		ret0=1			// signal "handled"
+	rum		1<<5			// clear um.mfh
+	mov		ar.lc=prevlc	}
+{ .mib;	.restore	sp
+	mov		sp=prevsp
+	mov		pr=prevpr,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_mont_general#
+
+a1=r16;  a2=r17;  a3=r18;  a4=r19;  a5=r20;  a6=r21;  a7=r22;  a8=r23;
+n1=r24;  n2=r25;  n3=r26;  n4=r27;  n5=r28;  n6=r29;  n7=r30;  n8=r31;
+t0=r15;
+
+ai0=f8;  ai1=f9;  ai2=f10; ai3=f11; ai4=f12; ai5=f13; ai6=f14; ai7=f15;
+ni0=f16; ni1=f17; ni2=f18; ni3=f19; ni4=f20; ni5=f21; ni6=f22; ni7=f23;
+
+.align	64
+.skip	48		// aligns loop body
+.local	bn_mul_mont_8#
+.proc	bn_mul_mont_8#
+bn_mul_mont_8:
+	.prologue
+{ .mmi;	.save		ar.pfs,prevfs
+	alloc		prevfs=ar.pfs,6,2,0,8
+	.vframe		prevsp
+	mov		prevsp=sp
+	.save		ar.lc,prevlc
+	mov		prevlc=ar.lc	}
+{ .mmi;	add		r17=-6*16,sp
+	add		sp=-7*16,sp
+	.save		pr,prevpr
+	mov		prevpr=pr	};;
+
+{ .mmi;	.save.gf	0,0x10
+	stf.spill	[sp]=f16,-16
+	.save.gf	0,0x20
+	stf.spill	[r17]=f17,32
+	add		r16=-5*16,prevsp};;
+{ .mmi;	.save.gf	0,0x40
+	stf.spill	[r16]=f18,32
+	.save.gf	0,0x80
+	stf.spill	[r17]=f19,32
+	$ADDP		aptr=0,in1	};;
+{ .mmi;	.save.gf	0,0x100
+	stf.spill	[r16]=f20,32
+	.save.gf	0,0x200
+	stf.spill	[r17]=f21,32
+	$ADDP		r29=8,in1	};;
+{ .mmi;	.save.gf	0,0x400
+	stf.spill	[r16]=f22
+	.save.gf	0,0x800
+	stf.spill	[r17]=f23
+	$ADDP		rptr=0,in0	};;
+
+	.body
+	.rotf		bj[8],mj[2],tf[2],alo[10],ahi[10],nlo[10],nhi[10]
+	.rotr		t[8]
+
+// load input vectors padding them to 8 elements
+{ .mmi;	ldf8		ai0=[aptr],16		// ap[0]
+	ldf8		ai1=[r29],16		// ap[1]
+	$ADDP		bptr=0,in2	}
+{ .mmi;	$ADDP		r30=8,in2
+	$ADDP		nptr=0,in3
+	$ADDP		r31=8,in3	};;
+{ .mmi;	ldf8		bj[7]=[bptr],16		// bp[0]
+	ldf8		bj[6]=[r30],16		// bp[1]
+	cmp4.le		p4,p5=3,in5	}
+{ .mmi;	ldf8		ni0=[nptr],16		// np[0]
+	ldf8		ni1=[r31],16		// np[1]
+	cmp4.le		p6,p7=4,in5	};;
+
+{ .mfi;	(p4)ldf8	ai2=[aptr],16		// ap[2]
+	(p5)fcvt.fxu	ai2=f0
+	cmp4.le		p8,p9=5,in5	}
+{ .mfi;	(p6)ldf8	ai3=[r29],16		// ap[3]
+	(p7)fcvt.fxu	ai3=f0
+	cmp4.le		p10,p11=6,in5	}
+{ .mfi;	(p4)ldf8	bj[5]=[bptr],16		// bp[2]
+	(p5)fcvt.fxu	bj[5]=f0
+	cmp4.le		p12,p13=7,in5	}
+{ .mfi;	(p6)ldf8	bj[4]=[r30],16		// bp[3]
+	(p7)fcvt.fxu	bj[4]=f0
+	cmp4.le		p14,p15=8,in5	}
+{ .mfi;	(p4)ldf8	ni2=[nptr],16		// np[2]
+	(p5)fcvt.fxu	ni2=f0
+	addp4		r28=-1,in5	}
+{ .mfi;	(p6)ldf8	ni3=[r31],16		// np[3]
+	(p7)fcvt.fxu	ni3=f0
+	$ADDP		in4=0,in4	};;
+
+{ .mfi;	ldf8		n0=[in4]
+	fcvt.fxu	tf[1]=f0
+	nop.i		0		}
+
+{ .mfi;	(p8)ldf8	ai4=[aptr],16		// ap[4]
+	(p9)fcvt.fxu	ai4=f0
+	mov		t[0]=r0		}
+{ .mfi;	(p10)ldf8	ai5=[r29],16		// ap[5]
+	(p11)fcvt.fxu	ai5=f0
+	mov		t[1]=r0		}
+{ .mfi;	(p8)ldf8	bj[3]=[bptr],16		// bp[4]
+	(p9)fcvt.fxu	bj[3]=f0
+	mov		t[2]=r0		}
+{ .mfi;	(p10)ldf8	bj[2]=[r30],16		// bp[5]
+	(p11)fcvt.fxu	bj[2]=f0
+	mov		t[3]=r0		}
+{ .mfi;	(p8)ldf8	ni4=[nptr],16		// np[4]
+	(p9)fcvt.fxu	ni4=f0
+	mov		t[4]=r0		}
+{ .mfi;	(p10)ldf8	ni5=[r31],16		// np[5]
+	(p11)fcvt.fxu	ni5=f0
+	mov		t[5]=r0		};;
+
+{ .mfi;	(p12)ldf8	ai6=[aptr],16		// ap[6]
+	(p13)fcvt.fxu	ai6=f0
+	mov		t[6]=r0		}
+{ .mfi;	(p14)ldf8	ai7=[r29],16		// ap[7]
+	(p15)fcvt.fxu	ai7=f0
+	mov		t[7]=r0		}
+{ .mfi;	(p12)ldf8	bj[1]=[bptr],16		// bp[6]
+	(p13)fcvt.fxu	bj[1]=f0
+	mov		ar.lc=r28	}
+{ .mfi;	(p14)ldf8	bj[0]=[r30],16		// bp[7]
+	(p15)fcvt.fxu	bj[0]=f0
+	mov		ar.ec=1		}
+{ .mfi;	(p12)ldf8	ni6=[nptr],16		// np[6]
+	(p13)fcvt.fxu	ni6=f0
+	mov		pr.rot=1<<16	}
+{ .mfb;	(p14)ldf8	ni7=[r31],16		// np[7]
+	(p15)fcvt.fxu	ni7=f0
+	brp.loop.imp	.Louter_8_ctop,.Louter_8_cend-16
+					};;
+
+// The loop is scheduled for 32*n ticks on Itanium 2. Actual attempt
+// to measure with help of Interval Time Counter indicated that the
+// factor is a tad higher: 33 or 34, if not 35. Exact measurement and
+// addressing the issue is problematic, because I don't have access
+// to platform-specific instruction-level profiler. On Itanium it
+// should run in 56*n ticks, because of higher xma latency...
+.Louter_8_ctop:
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 0:
+	(p16)	xma.hu		ahi[0]=ai0,bj[7],tf[1]	//	ap[0]*b[i]+t[0]
+	(p40)	add		a3=a3,n3	}	//	(p17) a3+=n3
+{ .mfi;	(p42)	add		a3=a3,n3,1
+	(p16)	xma.lu		alo[0]=ai0,bj[7],tf[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
+	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
+	(p50)	add		t[6]=t[6],a3,1	};;
+{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
+	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
+	(p40)	cmp.ltu		p43,p41=a3,n3	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
+	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
+	(p48)	cmp.ltu		p51,p49=t[6],a3
+	(p50)	cmp.leu		p51,p49=t[6],a3	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p16)	nop.m		0			// 4:
+	(p16)	xma.hu		ahi[1]=ai1,bj[7],ahi[0]	//	ap[1]*b[i]
+	(p41)	add		a4=a4,n4	}	//	(p17) a4+=n4
+{ .mfi;	(p43)	add		a4=a4,n4,1
+	(p16)	xma.lu		alo[1]=ai1,bj[7],ahi[0]
+	(p16)	nop.i		0		};;
+{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
+	(p16)	xmpy.lu		mj[0]=alo[0],n0		//	(ap[0]*b[i]+t[0])*n0
+	(p51)	add		t[5]=t[5],a4,1	};;
+{ .mfi;	(p16)	nop.m		0			// 6:
+	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
+	(p41)	cmp.ltu		p42,p40=a4,n4	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
+	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
+	(p49)	cmp.ltu		p50,p48=t[5],a4
+	(p51)	cmp.leu		p50,p48=t[5],a4	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 8:
+	(p16)	xma.hu		ahi[2]=ai2,bj[7],ahi[1]	//	ap[2]*b[i]
+	(p40)	add		a5=a5,n5	}	//	(p17) a5+=n5
+{ .mfi;	(p42)	add		a5=a5,n5,1
+	(p16)	xma.lu		alo[2]=ai2,bj[7],ahi[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a1=alo[1]		// 9:
+	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
+	(p50)	add		t[4]=t[4],a5,1	};;
+{ .mfi;	(p16)	nop.m		0			// 10:
+	(p16)	xma.hu		nhi[0]=ni0,mj[0],alo[0]	//	np[0]*m0
+	(p40)	cmp.ltu		p43,p41=a5,n5	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a5,n5
+	(p16)	xma.lu		nlo[0]=ni0,mj[0],alo[0]
+	(p16)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
+	(p48)	cmp.ltu		p51,p49=t[4],a5
+	(p50)	cmp.leu		p51,p49=t[4],a5	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p17)	getf.sig	n8=nhi[8]		// 12:
+	(p16)	xma.hu		ahi[3]=ai3,bj[7],ahi[2]	//	ap[3]*b[i]
+	(p41)	add		a6=a6,n6	}	//	(p17) a6+=n6
+{ .mfi;	(p43)	add		a6=a6,n6,1
+	(p16)	xma.lu		alo[3]=ai3,bj[7],ahi[2]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a2=alo[2]		// 13:
+	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
+	(p51)	add		t[3]=t[3],a6,1	};;
+{ .mfi;	(p16)	nop.m		0			// 14:
+	(p16)	xma.hu		nhi[1]=ni1,mj[0],nhi[0]	//	np[1]*m0
+	(p41)	cmp.ltu		p42,p40=a6,n6	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a6,n6
+	(p16)	xma.lu		nlo[1]=ni1,mj[0],nhi[0]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	nop.m		0			// 15:
+	(p49)	cmp.ltu		p50,p48=t[3],a6
+	(p51)	cmp.leu		p50,p48=t[3],a6	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 16:
+	(p16)	xma.hu		ahi[4]=ai4,bj[7],ahi[3]	//	ap[4]*b[i]
+	(p40)	add		a7=a7,n7	}	//	(p17) a7+=n7
+{ .mfi;	(p42)	add		a7=a7,n7,1
+	(p16)	xma.lu		alo[4]=ai4,bj[7],ahi[3]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a3=alo[3]		// 17:
+	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
+	(p50)	add		t[2]=t[2],a7,1	};;
+{ .mfi;	(p16)	nop.m		0			// 18:
+	(p16)	xma.hu		nhi[2]=ni2,mj[0],nhi[1]	//	np[2]*m0
+	(p40)	cmp.ltu		p43,p41=a7,n7	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a7,n7
+	(p16)	xma.lu		nlo[2]=ni2,mj[0],nhi[1]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n1=nlo[1]		// 19:
+	(p48)	cmp.ltu		p51,p49=t[2],a7
+	(p50)	cmp.leu		p51,p49=t[2],a7	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mfi;	(p16)	nop.m		0			// 20:
+	(p16)	xma.hu		ahi[5]=ai5,bj[7],ahi[4]	//	ap[5]*b[i]
+	(p41)	add		a8=a8,n8	}	//	(p17) a8+=n8
+{ .mfi;	(p43)	add		a8=a8,n8,1
+	(p16)	xma.lu		alo[5]=ai5,bj[7],ahi[4]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a4=alo[4]		// 21:
+	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
+	(p51)	add		t[1]=t[1],a8,1	};;
+{ .mfi;	(p16)	nop.m		0			// 22:
+	(p16)	xma.hu		nhi[3]=ni3,mj[0],nhi[2]	//	np[3]*m0
+	(p41)	cmp.ltu		p42,p40=a8,n8	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a8,n8
+	(p16)	xma.lu		nlo[3]=ni3,mj[0],nhi[2]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n2=nlo[2]		// 23:
+	(p49)	cmp.ltu		p50,p48=t[1],a8
+	(p51)	cmp.leu		p50,p48=t[1],a8	};;
+{ .mfi;	(p16)	nop.m		0			// 24:
+	(p16)	xma.hu		ahi[6]=ai6,bj[7],ahi[5]	//	ap[6]*b[i]
+	(p16)	add		a1=a1,n1	}	//	(p16) a1+=n1
+{ .mfi;	(p16)	nop.m		0
+	(p16)	xma.lu		alo[6]=ai6,bj[7],ahi[5]
+	(p17)	mov		t[0]=r0		};;
+{ .mii;	(p16)	getf.sig	a5=alo[5]		// 25:
+	(p16)	add		t0=t[7],a1		//	(p16) t[7]+=a1
+	(p42)	add		t[0]=t[0],r0,1	};;
+{ .mfi;	(p16)	setf.sig	tf[0]=t0		// 26:
+	(p16)	xma.hu		nhi[4]=ni4,mj[0],nhi[3]	//	np[4]*m0
+	(p50)	add		t[0]=t[0],r0,1	}
+{ .mfi;	(p16)	cmp.ltu.unc	p42,p40=a1,n1
+	(p16)	xma.lu		nlo[4]=ni4,mj[0],nhi[3]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	n3=nlo[3]		// 27:
+	(p16)	cmp.ltu.unc	p50,p48=t0,a1
+	(p16)	nop.i		0		};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mfi;	(p16)	nop.m		0			// 28:
+	(p16)	xma.hu		ahi[7]=ai7,bj[7],ahi[6]	//	ap[7]*b[i]
+	(p40)	add		a2=a2,n2	}	//	(p16) a2+=n2
+{ .mfi;	(p42)	add		a2=a2,n2,1
+	(p16)	xma.lu		alo[7]=ai7,bj[7],ahi[6]
+	(p16)	nop.i		0		};;
+{ .mii;	(p16)	getf.sig	a6=alo[6]		// 29:
+	(p48)	add		t[6]=t[6],a2		//	(p16) t[6]+=a2
+	(p50)	add		t[6]=t[6],a2,1	};;
+{ .mfi;	(p16)	nop.m		0			// 30:
+	(p16)	xma.hu		nhi[5]=ni5,mj[0],nhi[4]	//	np[5]*m0
+	(p40)	cmp.ltu		p41,p39=a2,n2	}
+{ .mfi;	(p42)	cmp.leu		p41,p39=a2,n2
+	(p16)	xma.lu		nlo[5]=ni5,mj[0],nhi[4]
+	(p16)	nop.i		0		};;
+{ .mfi;	(p16)	getf.sig	n4=nlo[4]		// 31:
+	(p16)	nop.f		0
+	(p48)	cmp.ltu		p49,p47=t[6],a2	}
+{ .mfb;	(p50)	cmp.leu		p49,p47=t[6],a2
+	(p16)	nop.f		0
+	br.ctop.sptk.many	.Louter_8_ctop	};;
+.Louter_8_cend:
+
+// above loop has to execute one more time, without (p16), which is
+// replaced with merged move of np[8] to GPR bank
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mmi;	(p0)	getf.sig	n1=ni0			// 0:
+	(p40)	add		a3=a3,n3		//	(p17) a3+=n3
+	(p42)	add		a3=a3,n3,1	};;
+{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
+	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
+	(p50)	add		t[6]=t[6],a3,1	};;
+{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
+	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
+	(p40)	cmp.ltu		p43,p41=a3,n3	}
+{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
+	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
+	(p0)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
+	(p48)	cmp.ltu		p51,p49=t[6],a3
+	(p50)	cmp.leu		p51,p49=t[6],a3	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mmi;	(p0)	getf.sig	n2=ni1			// 4:
+	(p41)	add		a4=a4,n4		//	(p17) a4+=n4
+	(p43)	add		a4=a4,n4,1	};;
+{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
+	(p0)	nop.f		0
+	(p51)	add		t[5]=t[5],a4,1	};;
+{ .mfi;	(p0)	getf.sig	n3=ni2			// 6:
+	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
+	(p41)	cmp.ltu		p42,p40=a4,n4	}
+{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
+	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
+	(p0)	nop.i		0		};;
+{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
+	(p49)	cmp.ltu		p50,p48=t[5],a4
+	(p51)	cmp.leu		p50,p48=t[5],a4	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mii;	(p0)	getf.sig	n4=ni3			// 8:
+	(p40)	add		a5=a5,n5		//	(p17) a5+=n5
+	(p42)	add		a5=a5,n5,1	};;
+{ .mii;	(p0)	nop.m		0			// 9:
+	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
+	(p50)	add		t[4]=t[4],a5,1	};;
+{ .mii;	(p0)	nop.m		0			// 10:
+	(p40)	cmp.ltu		p43,p41=a5,n5
+	(p42)	cmp.leu		p43,p41=a5,n5	};;
+{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
+	(p48)	cmp.ltu		p51,p49=t[4],a5
+	(p50)	cmp.leu		p51,p49=t[4],a5	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mii;	(p17)	getf.sig	n8=nhi[8]		// 12:
+	(p41)	add		a6=a6,n6		//	(p17) a6+=n6
+	(p43)	add		a6=a6,n6,1	};;
+{ .mii;	(p0)	getf.sig	n5=ni4			// 13:
+	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
+	(p51)	add		t[3]=t[3],a6,1	};;
+{ .mii;	(p0)	nop.m		0			// 14:
+	(p41)	cmp.ltu		p42,p40=a6,n6
+	(p43)	cmp.leu		p42,p40=a6,n6	};;
+{ .mii;	(p0)	getf.sig	n6=ni5			// 15:
+	(p49)	cmp.ltu		p50,p48=t[3],a6
+	(p51)	cmp.leu		p50,p48=t[3],a6	};;
+	.pred.rel		"mutex",p40,p42
+	.pred.rel		"mutex",p48,p50
+{ .mii;	(p0)	nop.m		0			// 16:
+	(p40)	add		a7=a7,n7		//	(p17) a7+=n7
+	(p42)	add		a7=a7,n7,1	};;
+{ .mii;	(p0)	nop.m		0			// 17:
+	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
+	(p50)	add		t[2]=t[2],a7,1	};;
+{ .mii;	(p0)	nop.m		0			// 18:
+	(p40)	cmp.ltu		p43,p41=a7,n7
+	(p42)	cmp.leu		p43,p41=a7,n7	};;
+{ .mii;	(p0)	getf.sig	n7=ni6			// 19:
+	(p48)	cmp.ltu		p51,p49=t[2],a7
+	(p50)	cmp.leu		p51,p49=t[2],a7	};;
+	.pred.rel		"mutex",p41,p43
+	.pred.rel		"mutex",p49,p51
+{ .mii;	(p0)	nop.m		0			// 20:
+	(p41)	add		a8=a8,n8		//	(p17) a8+=n8
+	(p43)	add		a8=a8,n8,1	};;
+{ .mmi;	(p0)	nop.m		0			// 21:
+	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
+	(p51)	add		t[1]=t[1],a8,1	}
+{ .mmi;	(p17)	mov		t[0]=r0
+	(p41)	cmp.ltu		p42,p40=a8,n8
+	(p43)	cmp.leu		p42,p40=a8,n8	};;
+{ .mmi;	(p0)	getf.sig	n8=ni7			// 22:
+	(p49)	cmp.ltu		p50,p48=t[1],a8
+	(p51)	cmp.leu		p50,p48=t[1],a8	}
+{ .mmi;	(p42)	add		t[0]=t[0],r0,1
+	(p0)	add		r16=-7*16,prevsp
+	(p0)	add		r17=-6*16,prevsp	};;
+
+// subtract np[8] from carrybit|tmp[8]
+// carrybit|tmp[8] layout upon exit from above loop is:
+//	t[0]|t[1]|t[2]|t[3]|t[4]|t[5]|t[6]|t[7]|t0 (least significant)
+{ .mmi;	(p50)add	t[0]=t[0],r0,1
+	add		r18=-5*16,prevsp
+	sub		n1=t0,n1	};;
+{ .mmi;	cmp.gtu		p34,p32=n1,t0;;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n2=t[7],n2
+	(p34)sub	n2=t[7],n2,1	};;
+{ .mii;	(p32)cmp.gtu	p35,p33=n2,t[7]
+	(p34)cmp.geu	p35,p33=n2,t[7];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	n3=t[6],n3	}
+{ .mmi;	(p35)sub	n3=t[6],n3,1;;
+	(p33)cmp.gtu	p34,p32=n3,t[6]
+	(p35)cmp.geu	p34,p32=n3,t[6]	};;
+	.pred.rel	"mutex",p32,p34
+{ .mii;	(p32)sub	n4=t[5],n4
+	(p34)sub	n4=t[5],n4,1;;
+	(p32)cmp.gtu	p35,p33=n4,t[5]	}
+{ .mmi;	(p34)cmp.geu	p35,p33=n4,t[5];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	n5=t[4],n5
+	(p35)sub	n5=t[4],n5,1	};;
+{ .mii;	(p33)cmp.gtu	p34,p32=n5,t[4]
+	(p35)cmp.geu	p34,p32=n5,t[4];;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n6=t[3],n6	}
+{ .mmi;	(p34)sub	n6=t[3],n6,1;;
+	(p32)cmp.gtu	p35,p33=n6,t[3]
+	(p34)cmp.geu	p35,p33=n6,t[3]	};;
+	.pred.rel	"mutex",p33,p35
+{ .mii;	(p33)sub	n7=t[2],n7
+	(p35)sub	n7=t[2],n7,1;;
+	(p33)cmp.gtu	p34,p32=n7,t[2]	}
+{ .mmi;	(p35)cmp.geu	p34,p32=n7,t[2];;
+	.pred.rel	"mutex",p32,p34
+	(p32)sub	n8=t[1],n8
+	(p34)sub	n8=t[1],n8,1	};;
+{ .mii;	(p32)cmp.gtu	p35,p33=n8,t[1]
+	(p34)cmp.geu	p35,p33=n8,t[1];;
+	.pred.rel	"mutex",p33,p35
+	(p33)sub	a8=t[0],r0	}
+{ .mmi;	(p35)sub	a8=t[0],r0,1;;
+	(p33)cmp.gtu	p34,p32=a8,t[0]
+	(p35)cmp.geu	p34,p32=a8,t[0]	};;
+
+// save the result, either tmp[num] or tmp[num]-np[num]
+	.pred.rel	"mutex",p32,p34
+{ .mmi;	(p32)st8	[rptr]=n1,8
+	(p34)st8	[rptr]=t0,8
+	add		r19=-4*16,prevsp};;
+{ .mmb;	(p32)st8	[rptr]=n2,8
+	(p34)st8	[rptr]=t[7],8
+	(p5)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n3,8
+	(p34)st8	[rptr]=t[6],8
+	(p7)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n4,8
+	(p34)st8	[rptr]=t[5],8
+	(p9)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n5,8
+	(p34)st8	[rptr]=t[4],8
+	(p11)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n6,8
+	(p34)st8	[rptr]=t[3],8
+	(p13)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n7,8
+	(p34)st8	[rptr]=t[2],8
+	(p15)br.cond.dpnt.few	.Ldone	};;
+{ .mmb;	(p32)st8	[rptr]=n8,8
+	(p34)st8	[rptr]=t[1],8
+	nop.b		0		};;
+.Ldone:						// epilogue
+{ .mmi;	ldf.fill	f16=[r16],64
+	ldf.fill	f17=[r17],64
+	nop.i		0		}
+{ .mmi;	ldf.fill	f18=[r18],64
+	ldf.fill	f19=[r19],64
+	mov		pr=prevpr,0x1ffff	};;
+{ .mmi;	ldf.fill	f20=[r16]
+	ldf.fill	f21=[r17]
+	mov		ar.lc=prevlc	}
+{ .mmi;	ldf.fill	f22=[r18]
+	ldf.fill	f23=[r19]
+	mov		ret0=1		}	// signal "handled"
+{ .mib;	rum		1<<5
+	.restore	sp
+	mov		sp=prevsp
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_mont_8#
+
+.type	copyright#,\@object
+copyright:
+stringz	"Montgomery multiplication for IA-64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+open STDOUT,">$output" if $output;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/ia64.S b/openssl-1.1.0h/crypto/bn/asm/ia64.S
new file mode 100644
index 0000000..f2404a3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/ia64.S
@@ -0,0 +1,1562 @@
+.explicit
+.text
+.ident	"ia64.S, Version 2.1"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+//
+// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
+// different from Itanium to this module viewpoint. Most notably, is it
+// "wider" than Itanium? Can you experience loop scalability as
+// discussed in commentary sections? Not really:-( Itanium2 has 6
+// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
+// spin twice as fast, as I need 8 IALU ports. Amount of floating point
+// ports is the same, i.e. 2, while I need 4. In other words, to this
+// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
+// essentially different in respect to this module, and a re-tune was
+// required. Well, because some instruction latencies has changed. Most
+// noticeably those intensively used:
+//
+//			Itanium	Itanium2
+//	ldf8		9	6		L2 hit
+//	ld8		2	1		L1 hit
+//	getf		2	5
+//	xma[->getf]	7[+1]	4[+0]
+//	add[->st8]	1[+1]	1[+0]
+//
+// What does it mean? You might ratiocinate that the original code
+// should run just faster... Because sum of latencies is smaller...
+// Wrong! Note that getf latency increased. This means that if a loop is
+// scheduled for lower latency (as they were), then it will suffer from
+// stall condition and the code will therefore turn anti-scalable, e.g.
+// original bn_mul_words spun at 5*n or 2.5 times slower than expected
+// on Itanium2! What to do? Reschedule loops for Itanium2? But then
+// Itanium would exhibit anti-scalability. So I've chosen to reschedule
+// for worst latency for every instruction aiming for best *all-round*
+// performance.  
+
+// Q.	How much faster does it get?
+// A.	Here is the output from 'openssl speed rsa dsa' for vanilla
+//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
+//	Linux 7.1 2.96-81):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
+//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
+//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
+//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8
+//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
+//
+//	And here is similar output but for this assembler
+//	implementation:-)
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
+//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
+//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
+//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6
+//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
+//	
+//	Yes, you may argue that it's not fair comparison as it's
+//	possible to craft the C implementation with BN_UMULT_HIGH
+//	inline assembler macro. But of course! Here is the output
+//	with the macro:
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
+//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
+//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
+//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5
+//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
+//
+//	My code is still way faster, huh:-) And I believe that even
+//	higher performance can be achieved. Note that as keys get
+//	longer, performance gain is larger. Why? According to the
+//	profiler there is another player in the field, namely
+//	BN_from_montgomery consuming larger and larger portion of CPU
+//	time as keysize decreases. I therefore consider putting effort
+//	to assembler implementation of the following routine:
+//
+//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
+//	{
+//	int      i,j;
+//	BN_ULONG v;
+//
+//	for (i=0; i<nl; i++)
+//		{
+//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+//		nrp++;
+//		rp++;
+//		if (((nrp[-1]+=v)&BN_MASK2) < v)
+//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
+//		}
+//	}
+//
+//	It might as well be beneficial to implement even combaX
+//	variants, as it appears as it can literally unleash the
+//	performance (see comment section to bn_mul_comba8 below).
+//
+//	And finally for your reference the output for 0.9.6a compiled
+//	with SGIcc version 0.01.0-12 (keep in mind that for the moment
+//	of this writing it's not possible to convince SGIcc to use
+//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,
+//	i.e. for a compiler generated one:-):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
+//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
+//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
+//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6
+//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
+//
+//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium
+//	system running Redhat Linux 7.1 (very special thanks to Ray
+//	McCaffity of Williams Communications for providing an account).
+//
+// Q.	What's the heck with 'rum 1<<5' at the end of every function?
+// A.	Well, by clearing the "upper FP registers written" bit of the
+//	User Mask I want to excuse the kernel from preserving upper
+//	(f32-f128) FP register bank over process context switch, thus
+//	minimizing bus bandwidth consumption during the switch (i.e.
+//	after PKI opration completes and the program is off doing
+//	something else like bulk symmetric encryption). Having said
+//	this, I also want to point out that it might be good idea
+//	to compile the whole toolkit (as well as majority of the
+//	programs for that matter) with -mfixed-range=f32-f127 command
+//	line option. No, it doesn't prevent the compiler from writing
+//	to upper bank, but at least discourages to do so. If you don't
+//	like the idea you have the option to compile the module with
+//	-Drum=nop.m in command line.
+//
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define	ADDP	addp4
+#else
+#define	ADDP	add
+#endif
+
+#if 1
+//
+// bn_[add|sub]_words routines.
+//
+// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
+// data reside in L1 cache, i.e. 2 ticks away). It's possible to
+// compress the epilogue and get down to 2*n+6, but at the cost of
+// scalability (the neat feature of this implementation is that it
+// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
+// I consider that the epilogue is short enough as it is to trade tiny
+// performance loss on Itanium for scalability.
+//
+// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_add_words#
+.proc	bn_add_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_add_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	sub		r10=r35,r0,1
+	.save	ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+					}
+{ .mib;	ADDP		r14=0,r32		// rp
+	.save	pr,r9
+	mov		r9=pr		};;
+	.body
+{ .mii;	ADDP		r15=0,r33		// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	ADDP		r16=0,r34		// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_add_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	add		r39=r37,r34
+	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)
+	(p58)	add		r41=1,r41	} // (p20)
+{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_add_words_ctop	};;
+.L_bn_add_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_add_words#
+
+//
+// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_sub_words#
+.proc	bn_sub_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_sub_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	sub		r10=r35,r0,1
+	.save	ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+					}
+{ .mib;	ADDP		r14=0,r32		// rp
+	.save	pr,r9
+	mov		r9=pr		};;
+	.body
+{ .mii;	ADDP		r15=0,r33		// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	ADDP		r16=0,r34		// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_sub_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	sub		r39=r37,r34
+	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)
+	(p58)	add		r41=-1,r41	} // (p20)
+{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.b		0x0
+	br.ctop.sptk	.L_bn_sub_words_ctop	};;
+.L_bn_sub_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sub_words#
+#endif
+
+#if 0
+#define XMA_TEMPTATION
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_words#
+.proc	bn_mul_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_mul_words:
+	.prologue
+	.save	ar.pfs,r2
+#ifdef XMA_TEMPTATION
+{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+#else
+{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
+#endif
+{ .mib;	mov		r8=r0			// return value
+	cmp4.le		p6,p0=r34,r0
+(p6)	br.ret.spnt.many	b0		};;
+
+{ .mii;	sub	r10=r34,r0,1
+	.save	ar.lc,r3
+	mov	r3=ar.lc
+	.save	pr,r9
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	setf.sig	f8=r35	// w
+	mov		pr.rot=0x800001<<16
+			// ------^----- serves as (p50) at first (p27)
+	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+					}
+
+#ifndef XMA_TEMPTATION
+
+{ .mmi;	ADDP		r14=0,r32	// rp
+	ADDP		r15=0,r33	// ap
+	mov		ar.lc=r10	}
+{ .mmi;	mov		r40=0		// serves as r35 at first (p27)
+	mov		ar.ec=13	};;
+
+// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+// bypass L1 cache and L2 latency is actually best-case scenario for
+// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+// would give us ~5% in *overall* performance improvement on "wider"
+// IA-64, but would hurt Itanium for about same because of longer
+// epilogue. As it's a matter of few percents in either case I've
+// chosen to trade the scalability for development time (you can see
+// this very instruction sequence in bn_mul_add_words loop which in
+// turn is scalable).
+.L_bn_mul_words_ctop:
+{ .mfi;	(p25)	getf.sig	r36=f52			// low
+	(p21)	xmpy.lu		f48=f37,f8
+	(p28)	cmp.ltu		p54,p50=r41,r39	}
+{ .mfi;	(p16)	ldf8		f32=[r15],8
+	(p21)	xmpy.hu		f40=f37,f8
+	(p0)	nop.i		0x0		};;
+{ .mii;	(p25)	getf.sig	r32=f44			// high
+	.pred.rel	"mutex",p50,p54
+	(p50)	add		r40=r38,r35		// (p27)
+	(p54)	add		r40=r38,r35,1	}	// (p27)
+{ .mfb;	(p28)	st8		[r14]=r41,8
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+{ .mii;	nop.m		0x0
+.pred.rel	"mutex",p51,p55
+(p51)	add		r8=r36,r0
+(p55)	add		r8=r36,r0,1	}
+{ .mfb;	nop.m	0x0
+	nop.f	0x0
+	nop.b	0x0			}
+
+#else	// XMA_TEMPTATION
+
+	setf.sig	f37=r0	// serves as carry at (p18) tick
+	mov		ar.lc=r10
+	mov		ar.ec=5;;
+
+// Most of you examining this code very likely wonder why in the name
+// of Intel the following loop is commented out? Indeed, it looks so
+// neat that you find it hard to believe that it's something wrong
+// with it, right? The catch is that every iteration depends on the
+// result from previous one and the latter isn't available instantly.
+// The loop therefore spins at the latency of xma minus 1, or in other
+// words at 6*(n+4) ticks:-( Compare to the "production" loop above
+// that runs in 2*(n+11) where the low latency problem is worked around
+// by moving the dependency to one-tick latent integer ALU. Note that
+// "distance" between ldf8 and xma is not latency of ldf8, but the
+// *difference* between xma and ldf8 latencies.
+.L_bn_mul_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p18)	xma.hu		f38=f34,f8,f39	}
+{ .mfb;	(p20)	stf8		[r32]=f37,8
+	(p18)	xma.lu		f35=f34,f8,f39
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+	getf.sig	r8=f41		// the return value
+
+#endif	// XMA_TEMPTATION
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_words#
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_add_words#
+.proc	bn_mul_add_words#
+.align	64
+.skip	48	// makes the loop body aligned at 64-byte boundary
+bn_mul_add_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mmi;	alloc		r2=ar.pfs,4,4,0,8
+	cmp4.le		p6,p0=r34,r0
+	.save	ar.lc,r3
+	mov		r3=ar.lc	};;
+{ .mib;	mov		r8=r0		// return value
+	sub		r10=r34,r0,1
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mib;	setf.sig	f8=r35		// w
+	.save	pr,r9
+	mov		r9=pr
+	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+					}
+	.body
+{ .mmi;	ADDP		r14=0,r32	// rp
+	ADDP		r15=0,r33	// ap
+	mov		ar.lc=r10	}
+{ .mii;	ADDP		r16=0,r32	// rp copy
+	mov		pr.rot=0x2001<<16
+			// ------^----- serves as (p40) at first (p27)
+	mov		ar.ec=11	};;
+
+// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
+// Itanium 2. Yes, unlike previous versions it scales:-) Previous
+// version was performing *all* additions in IALU and was starving
+// for those even on Itanium 2. In this version one addition is
+// moved to FPU and is folded with multiplication. This is at cost
+// of propagating the result from previous call to this subroutine
+// to L2 cache... In other words negligible even for shorter keys.
+// *Overall* performance improvement [over previous version] varies
+// from 11 to 22 percent depending on key length.
+.L_bn_mul_add_words_ctop:
+.pred.rel	"mutex",p40,p42
+{ .mfi;	(p23)	getf.sig	r36=f45			// low
+	(p20)	xma.lu		f42=f36,f8,f50		// low
+	(p40)	add		r39=r39,r35	}	// (p27)
+{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)
+	(p20)	xma.hu		f36=f36,f8,f50		// high
+	(p42)	add		r39=r39,r35,1	};;	// (p27)
+{ .mmi;	(p24)	getf.sig	r32=f40			// high
+	(p16)	ldf8		f46=[r16],8		// *(rp1++)
+	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)
+{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)
+	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)
+	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+.L_bn_mul_add_words_cend:
+
+{ .mmi;	.pred.rel	"mutex",p40,p42
+(p40)	add		r8=r35,r0
+(p42)	add		r8=r35,r0,1
+	mov		pr=r9,0x1ffff	}
+{ .mib;	rum		1<<5		// clear um.mfh
+	mov		ar.lc=r3
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_add_words#
+#endif
+
+#if 1
+//
+// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+//
+.global	bn_sqr_words#
+.proc	bn_sqr_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary 
+bn_sqr_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,3,0,0,0
+	sxt4		r34=r34		};;
+{ .mii;	cmp.le		p6,p0=r34,r0
+	mov		r8=r0		}	// return value
+{ .mfb;	ADDP		r32=0,r32
+	nop.f		0x0
+(p6)	br.ret.spnt.many	b0	};;
+
+{ .mii;	sub	r10=r34,r0,1
+	.save	ar.lc,r3
+	mov	r3=ar.lc
+	.save	pr,r9
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	ADDP		r33=0,r33
+	mov		pr.rot=1<<16
+	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+					}
+{ .mii;	add		r34=8,r32
+	mov		ar.lc=r10
+	mov		ar.ec=18	};;
+
+// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
+// possible to compress the epilogue (I'm getting tired to write this
+// comment over and over) and get down to 2*n+16 at the cost of
+// scalability. The decision will very likely be reconsidered after the
+// benchmark program is profiled. I.e. if perfomance gain on Itanium
+// will appear larger than loss on "wider" IA-64, then the loop should
+// be explicitly split and the epilogue compressed.
+.L_bn_sqr_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p25)	xmpy.lu		f42=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r32]=f50,16
+	(p0)	nop.i		0x0
+	(p0)	nop.b		0x0		}
+{ .mfi;	(p0)	nop.m		0x0
+	(p25)	xmpy.hu		f52=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r34]=f60,16
+	(p0)	nop.i		0x0
+	br.ctop.sptk	.L_bn_sqr_words_ctop	};;
+.L_bn_sqr_words_cend:
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sqr_words#
+#endif
+
+#if 1
+// Apparently we win nothing by implementing special bn_sqr_comba8.
+// Yes, it is possible to reduce the number of multiplications by
+// almost factor of two, but then the amount of additions would
+// increase by factor of two (as we would have to perform those
+// otherwise performed by xma ourselves). Normally we would trade
+// anyway as multiplications are way more expensive, but not this
+// time... Multiplication kernel is fully pipelined and as we drain
+// one 128-bit multiplication result per clock cycle multiplications
+// are effectively as inexpensive as additions. Special implementation
+// might become of interest for "wider" IA-64 implementation as you'll
+// be able to get through the multiplication phase faster (there won't
+// be any stall issues as discussed in the commentary section below and
+// you therefore will be able to employ all 4 FP units)... But these
+// Itanium days it's simply too hard to justify the effort so I just
+// drop down to bn_mul_comba8 code:-)
+//
+// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba8#
+.proc	bn_sqr_comba8#
+.align	64
+bn_sqr_comba8:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+	addp4	r33=0,r33
+	addp4	r32=0,r32		};;
+{ .mii;
+#else
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+#endif
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point8	};;
+.endp	bn_sqr_comba8#
+#endif
+
+#if 1
+// I've estimated this routine to run in ~120 ticks, but in reality
+// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
+// cycles consumed for instructions fetch? Or did I misinterpret some
+// clause in Itanium µ-architecture manual? Comments are welcomed and
+// highly appreciated.
+//
+// On Itanium 2 it takes ~190 ticks. This is because of stalls on
+// result from getf.sig. I do nothing about it at this point for
+// reasons depicted below.
+//
+// However! It should be noted that even 160 ticks is darn good result
+// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
+// C version (compiled with gcc with inline assembler). I really
+// kicked compiler's butt here, didn't I? Yeah! This brings us to the
+// following statement. It's damn shame that this routine isn't called
+// very often nowadays! According to the profiler most CPU time is
+// consumed by bn_mul_add_words called from BN_from_montgomery. In
+// order to estimate what we're missing, I've compared the performance
+// of this routine against "traditional" implementation, i.e. against
+// following routine:
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+// }
+//
+// The one below is over 8 times faster than the one above:-( Even
+// more reasons to "combafy" bn_mul_add_mont...
+//
+// And yes, this routine really made me wish there were an optimizing
+// assembler! It also feels like it deserves a dedication.
+//
+//	To my wife for being there and to my kids...
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+#define	carry3	r34
+.global	bn_mul_comba8#
+.proc	bn_mul_comba8#
+.align	64
+bn_mul_comba8:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+	addp4	r33=0,r33
+	addp4	r34=0,r34		};;
+{ .mii;	addp4	r32=0,r32
+#else
+{ .mii;	alloc   r2=ar.pfs,3,0,0,0
+#endif
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		}
+.L_cheat_entry_point8:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33],32		};;
+
+{ .mmi;	ldf8	f120=[r34],32
+	ldf8	f121=[r17],32		}
+{ .mmi;	ldf8	f122=[r18],32
+	ldf8	f123=[r19],32		};;
+{ .mmi;	ldf8	f124=[r34]
+	ldf8	f125=[r17]		}
+{ .mmi;	ldf8	f126=[r18]
+	ldf8	f127=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14],32
+	ldf8	f34=[r15],32		}
+{ .mmi;	ldf8	f35=[r16],32;;
+	ldf8	f36=[r33]		}
+{ .mmi;	ldf8	f37=[r14]
+	ldf8	f38=[r15]		}
+{ .mfi;	ldf8	f39=[r16]
+// -------\ Entering multiplier's heaven /-------
+// ------------\                    /------------
+// -----------------\          /-----------------
+// ----------------------\/----------------------
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;
+{ .mfi;		xma.hu	f81=f32,f124,f0		}
+{ .mfi;		xma.lu	f80=f32,f124,f0		};;
+{ .mfi;		xma.hu	f91=f32,f125,f0		}
+{ .mfi;		xma.lu	f90=f32,f125,f0		};;
+{ .mfi;		xma.hu	f101=f32,f126,f0	}
+{ .mfi;		xma.lu	f100=f32,f126,f0	};;
+{ .mfi;		xma.hu	f111=f32,f127,f0	}
+{ .mfi;		xma.lu	f110=f32,f127,f0	};;//
+// (*)	You can argue that splitting at every second bundle would
+//	prevent "wider" IA-64 implementations from achieving the peak
+//	performance. Well, not really... The catch is that if you
+//	intend to keep 4 FP units busy by splitting at every fourth
+//	bundle and thus perform these 16 multiplications in 4 ticks,
+//	the first bundle *below* would stall because the result from
+//	the first xma bundle *above* won't be available for another 3
+//	ticks (if not more, being an optimist, I assume that "wider"
+//	implementation will have same latency:-). This stall will hold
+//	you back and the performance would be as if every second bundle
+//	were split *anyway*...
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;
+{ .mfi;		xma.hu	f82=f33,f124,f81	}
+{ .mfi;		xma.lu	f81=f33,f124,f81	};;
+{ .mfi;		xma.hu	f92=f33,f125,f91	}
+{ .mfi;		xma.lu	f91=f33,f125,f91	};;
+{ .mfi;		xma.hu	f102=f33,f126,f101	}
+{ .mfi;		xma.lu	f101=f33,f126,f101	};;
+{ .mfi;		xma.hu	f112=f33,f127,f111	}
+{ .mfi;		xma.lu	f111=f33,f127,f111	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;		xma.lu	f62=f34,f122,f62
+	mov		carry1=0		};;
+{ .mfi;	cmp.ltu		p6,p0=r25,r24
+		xma.hu	f73=f34,f123,f72	}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f83=f34,f124,f82
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f82=f34,f124,f82	};;
+{ .mfi;		xma.hu	f93=f34,f125,f92	}
+{ .mfi;		xma.lu	f92=f34,f125,f92	};;
+{ .mfi;		xma.hu	f103=f34,f126,f102	}
+{ .mfi;		xma.lu	f102=f34,f126,f102	};;
+{ .mfi;		xma.hu	f113=f34,f127,f112	}
+{ .mfi;		xma.lu	f112=f34,f127,f112	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+	add		r17=r17,r16		}
+{ .mfi;		xma.lu	f43=f35,f120,f43	};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;	add		r18=r18,r17
+		xma.lu	f63=f35,f122,f63	};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+{ .mfi;
+		xma.hu	f84=f35,f124,f83
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,carry1
+		xma.lu	f83=f35,f124,f83	};;
+{ .mfi;	st8		[r32]=r18,16
+		xma.hu	f94=f35,f125,f93
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f93=f35,f125,f93	};;
+{ .mfi;		xma.hu	f104=f35,f126,f103	}
+{ .mfi;		xma.lu	f103=f35,f126,f103	};;
+{ .mfi;		xma.hu	f114=f35,f127,f113	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f113=f35,f127,f113
+	add		r25=r25,r24		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r27=f43
+		xma.hu	f45=f36,f120,f44
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f44=f36,f120,f44	
+	add		r26=r26,r25		};;
+{ .mfi;	getf.sig	r16=f80
+		xma.hu	f55=f36,f121,f54
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f54=f36,f121,f54	};;
+{ .mfi;	getf.sig	r17=f71
+		xma.hu	f65=f36,f122,f64
+	cmp.ltu		p6,p0=r26,r25		}
+{ .mfi;		xma.lu	f64=f36,f122,f64
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r18=f62
+		xma.hu	f75=f36,f123,f74
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f74=f36,f123,f74
+	add		r27=r27,carry2		};;
+{ .mfi;	getf.sig	r19=f53
+		xma.hu	f85=f36,f124,f84
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f84=f36,f124,f84
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+		xma.hu	f95=f36,f125,f94
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f94=f36,f125,f94	};;
+{ .mfi;		xma.hu	f105=f36,f126,f104	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f104=f36,f126,f104
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f115=f36,f127,f114
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f114=f36,f127,f114
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r20=f44
+		xma.hu	f46=f37,f120,f45
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f45=f37,f120,f45
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f90
+		xma.hu	f56=f37,f121,f55	}
+{ .mfi;		xma.lu	f55=f37,f121,f55	};;
+{ .mfi;	getf.sig	r25=f81
+		xma.hu	f66=f37,f122,f65
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f65=f37,f122,f65
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r26=f72
+		xma.hu	f76=f37,f123,f75
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f75=f37,f123,f75
+	add		r20=r20,carry1		};;
+{ .mfi;	getf.sig	r27=f63
+		xma.hu	f86=f37,f124,f85
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f85=f37,f124,f85
+	cmp.ltu		p7,p0=r20,carry1	};;
+{ .mfi;	getf.sig	r28=f54
+		xma.hu	f96=f37,f125,f95
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r20,16
+		xma.lu	f95=f37,f125,f95	};;
+{ .mfi;		xma.hu	f106=f37,f126,f105	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f105=f37,f126,f105
+	add		r25=r25,r24		};;
+{ .mfi;		xma.hu	f116=f37,f127,f115
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f115=f37,f127,f115
+	add		r26=r26,r25		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r29=f45
+		xma.hu	f47=f38,f120,f46
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r26,r25
+		xma.lu	f46=f38,f120,f46
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r16=f100
+		xma.hu	f57=f38,f121,f56
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f56=f38,f121,f56
+	add		r28=r28,r27		};;
+{ .mfi;	getf.sig	r17=f91
+		xma.hu	f67=f38,f122,f66
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r28,r27
+		xma.lu	f66=f38,f122,f66
+	add		r29=r29,r28		};;
+{ .mfi;	getf.sig	r18=f82
+		xma.hu	f77=f38,f123,f76
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r29,r28
+		xma.lu	f76=f38,f123,f76
+	add		r29=r29,carry2		};;
+{ .mfi;	getf.sig	r19=f73
+		xma.hu	f87=f38,f124,f86
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f86=f38,f124,f86
+	cmp.ltu		p6,p0=r29,carry2	};;
+{ .mfi;	getf.sig	r20=f64
+		xma.hu	f97=f38,f125,f96
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	st8		[r33]=r29,16
+		xma.lu	f96=f38,f125,f96	};;
+{ .mfi;	getf.sig	r21=f55
+		xma.hu	f107=f38,f126,f106	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f106=f38,f126,f106
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f117=f38,f127,f116
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f116=f38,f127,f116
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r22=f46
+		xma.hu	f48=f39,f120,f47
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f47=f39,f120,f47
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f110
+		xma.hu	f58=f39,f121,f57
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f57=f39,f121,f57
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r25=f101
+		xma.hu	f68=f39,f122,f67
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f67=f39,f122,f67
+	add		r21=r21,r20		};;
+{ .mfi;	getf.sig	r26=f92
+		xma.hu	f78=f39,f123,f77
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r21,r20
+		xma.lu	f77=f39,f123,f77
+	add		r22=r22,r21		};;
+{ .mfi;	getf.sig	r27=f83
+		xma.hu	f88=f39,f124,f87
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r22,r21
+		xma.lu	f87=f39,f124,f87
+	add		r22=r22,carry1		};;
+{ .mfi;	getf.sig	r28=f74
+		xma.hu	f98=f39,f125,f97
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f97=f39,f125,f97
+	cmp.ltu		p7,p0=r22,carry1	};;
+{ .mfi;	getf.sig	r29=f65
+		xma.hu	f108=f39,f126,f107
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r22,16
+		xma.lu	f107=f39,f126,f107	};;
+{ .mfi;	getf.sig	r30=f56
+		xma.hu	f118=f39,f127,f117	}
+{ .mfi;		xma.lu	f117=f39,f127,f117	};;//
+//-------------------------------------------------//
+// Leaving muliplier's heaven... Quite a ride, huh?
+
+{ .mii;	getf.sig	r31=f47
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f111
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f102	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mii;		getf.sig	r18=f93
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mii;		getf.sig	r19=f84
+		cmp.ltu		p7,p0=r17,r16	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r20=f75
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r31=r31,r30		};;
+{ .mfb;		getf.sig	r21=f66		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,r30
+	add		r31=r31,carry2		};;
+{ .mfb;		getf.sig	r22=f57		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,carry2	};;
+{ .mfb;		getf.sig	r23=f48		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	}
+{ .mii;
+(p6)	add		carry1=1,carry1		}
+{ .mfb;	st8		[r33]=r31,16		};;
+
+{ .mfb;	getf.sig	r24=f112		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r22=r22,r21	};;
+{ .mfb;	getf.sig	r25=f103		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r22,r21
+		add		r23=r23,r22	};;
+{ .mfb;	getf.sig	r26=f94			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r23,r22
+		add		r23=r23,carry1	};;
+{ .mfb;	getf.sig	r27=f85			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r23,carry1};;
+{ .mii;	getf.sig	r28=f76
+	add		r25=r25,r24
+	mov		carry1=0		}
+{ .mii;		st8		[r32]=r23,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	};;
+
+{ .mfb;	nop.m	0x0				}
+{ .mii;	getf.sig	r29=f67
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;	getf.sig	r30=f58			}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r16=f113	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r17=f104	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mfb;		getf.sig	r18=f95		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r19=f86
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r30=r30,carry2		};;
+{ .mii;		getf.sig	r20=f77
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,carry2	};;
+{ .mfb;		getf.sig	r21=f68		}
+{ .mii;	st8		[r33]=r30,16
+(p6)	add		carry1=1,carry1		};;
+
+{ .mfb;	getf.sig	r24=f114		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f105		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	};;
+{ .mfb;	getf.sig	r26=f96			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	};;
+{ .mfb;	getf.sig	r27=f87			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r21=r21,carry1	};;
+{ .mib;	getf.sig	r28=f78			
+	add		r25=r25,r24		}
+{ .mib;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r21,carry1};;
+{ .mii;		st8		[r32]=r21,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	}
+
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r16=f115	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r17=f106	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r18=f97		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r28=r28,carry2		};;
+{ .mib;		getf.sig	r19=f88
+		add		r17=r17,r16	}
+{ .mib;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,carry2	};;
+{ .mii;	st8		[r33]=r28,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mfb;	getf.sig	r24=f116		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f107		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mfb;	getf.sig	r26=f98			}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mfb;	add		r25=r25,r24		};;
+
+{ .mfb;		getf.sig	r16=f117	}
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f108	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mfb;		add		r17=r17,r16	};;
+{ .mfb;	getf.sig	r24=f118		}
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17
+	(p7)	add		carry2=1,carry2	};;
+{ .mfb;	add		r24=r24,carry2		};;
+{ .mib;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba8#
+#undef	carry3
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+// It's possible to make it faster (see comment to bn_sqr_comba8), but
+// I reckon it doesn't worth the effort. Basically because the routine
+// (actually both of them) practically never called... So I just play
+// same trick as with bn_sqr_comba8.
+//
+// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba4#
+.proc	bn_sqr_comba4#
+.align	64
+bn_sqr_comba4:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc   r2=ar.pfs,2,1,0,0
+	addp4	r32=0,r32
+	addp4	r33=0,r33		};;
+{ .mii;
+#else
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+#endif
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point4	};;
+.endp	bn_sqr_comba4#
+#endif
+
+#if 1
+// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
+//
+// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+.global	bn_mul_comba4#
+.proc	bn_mul_comba4#
+.align	64
+bn_mul_comba4:
+	.prologue
+	.save	ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii;	alloc   r2=ar.pfs,3,0,0,0
+	addp4	r33=0,r33
+	addp4	r34=0,r34		};;
+{ .mii;	addp4	r32=0,r32
+#else
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+#endif
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		};;
+.L_cheat_entry_point4:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33]		}
+
+{ .mmi;	ldf8	f120=[r34]
+	ldf8	f121=[r17]		};;
+{ .mmi;	ldf8	f122=[r18]
+	ldf8	f123=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14]
+	ldf8	f34=[r15]		}
+{ .mfi;	ldf8	f35=[r16]
+
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};;
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;//
+// Major stall takes place here, and 3 more places below. Result from
+// first xma is not available for another 3 ticks.
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;	mov		carry1=0
+		xma.lu	f62=f34,f122,f62	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f73=f34,f123,f72
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	add		r17=r17,r16
+		xma.lu	f43=f35,f120,f43
+	mov		carry2=0		};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	add		r18=r18,r17		}
+{ .mfi;		xma.lu	f63=f35,f122,f63
+(p7)	add		carry2=1,carry2		};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+	cmp.ltu		p7,p0=r18,r17		}
+{ .mfi;		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+//-------------------------------------------------//
+{ .mii;	st8		[r32]=r18,16
+(p7)	add		carry2=1,carry2
+	cmp.ltu		p7,p0=r18,carry1	};;
+
+{ .mfi;	getf.sig	r27=f43	// last major stall
+(p7)	add		carry2=1,carry2		};;
+{ .mii;		getf.sig	r16=f71
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r17=f62	
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r27=r27,carry2		};;
+{ .mii;		getf.sig	r18=f53
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		getf.sig	r19=f44
+		add		r17=r17,r16
+		mov		carry2=0	};;
+{ .mii;	getf.sig	r24=f72
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mii;	getf.sig	r25=f63
+	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mii;	getf.sig	r26=f54
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f73
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mii;		getf.sig	r17=f64
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;	getf.sig	r24=f74
+		add		r17=r17,r16	
+		mov		carry2=0	};;
+{ .mii;		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17,16
+	(p7)	add		carry2=1,carry2	};;
+
+{ .mii;	add		r24=r24,carry2		};;
+{ .mii;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba4#
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+//
+// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+//
+// In the nutshell it's a port of my MIPS III/IV implementation.
+//
+#define	AT	r14
+#define	H	r16
+#define	HH	r20
+#define	L	r17
+#define	D	r18
+#define	DH	r22
+#define	I	r21
+
+#if 0
+// Some preprocessors (most notably HP-UX) appear to be allergic to
+// macros enclosed to parenthesis [as these three were].
+#define	cont	p16
+#define	break	p0	// p20
+#define	equ	p24
+#else
+cont=p16
+break=p0
+equ=p24
+#endif
+
+.global	abort#
+.global	bn_div_words#
+.proc	bn_div_words#
+.align	64
+bn_div_words:
+	.prologue
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,3,5,0,8
+	.save	b0,r3
+	mov		r3=b0
+	.save	pr,r10
+	mov		r10=pr		};;
+{ .mmb;	cmp.eq		p6,p0=r34,r0
+	mov		r8=-1
+(p6)	br.ret.spnt.many	b0	};;
+
+	.body
+{ .mii;	mov		H=r32		// save h
+	mov		ar.ec=0		// don't rotate at exit
+	mov		pr.rot=0	}
+{ .mii;	mov		L=r33		// save l
+	mov		r36=r0		};;
+
+.L_divw_shift:	// -vv- note signed comparison
+{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d
+	(p0)	shladd		r33=r34,1,r0	}
+{ .mfb;	(p0)	add		r35=1,r36
+	(p0)	nop.f		0x0
+(p16)	br.wtop.dpnt		.L_divw_shift	};;
+
+{ .mii;	mov		D=r34
+	shr.u		DH=r34,32
+	sub		r35=64,r36		};;
+{ .mii;	setf.sig	f7=DH
+	shr.u		AT=H,r35
+	mov		I=r36			};;
+{ .mib;	cmp.ne		p6,p0=r0,AT
+	shl		H=H,r36
+(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...
+
+{ .mfi;	fcvt.xuf.s1	f7=f7
+	shr.u		AT=L,r35		};;
+{ .mii;	shl		L=L,r36
+	or		H=H,AT			};;
+
+{ .mii;	nop.m		0x0
+	cmp.leu		p6,p0=D,H;;
+(p6)	sub		H=H,D			}
+
+{ .mlx;	setf.sig	f14=D
+	movl		AT=0xffffffff		};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_1st_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_1st_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub		H=H,r35
+	shl		r8=r33,32
+	shl		L=L,32			};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_2nd_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub	H=H,r35
+	or	r8=r8,r33
+	mov	ar.pfs=r2		};;
+{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+	mov	pr=r10,0x1ffff		}
+{ .mfb;	br.ret.sptk.many	b0	};;
+
+// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+// procedure.
+//
+// inputs:	f6 = (double)a, f7 = (double)b
+// output:	f8 = (int)(a/b)
+// clobbered:	f8,f9,f10,f11,pred
+pred=p15
+// One can argue that this snippet is copyrighted to Intel
+// Corporation, as it's essentially identical to one of those
+// found in "Divide, Square Root and Remainder" section at
+// http://www.intel.com/software/products/opensource/libraries/num.htm.
+// Yes, I admit that the referred code was used as template,
+// but after I realized that there hardly is any other instruction
+// sequence which would perform this operation. I mean I figure that
+// any independent attempt to implement high-performance division
+// will result in code virtually identical to the Intel code. It
+// should be noted though that below division kernel is 1 cycle
+// faster than Intel one (note commented splits:-), not to mention
+// original prologue (rather lack of one) and epilogue.
+.align	32
+.skip	16
+.L_udiv64_32_b6:
+	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b
+
+(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0
+(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0
+(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0
+(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0
+(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0
+(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1
+(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1
+(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2
+(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2
+
+	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)
+	br.ret.sptk.many	b6;;
+.endp	bn_div_words#
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/asm/mips-mont.pl b/openssl-1.1.0h/crypto/bn/asm/mips-mont.pl
new file mode 100644
index 0000000..a907571
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/mips-mont.pl
@@ -0,0 +1,433 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# This module doesn't present direct interest for OpenSSL, because it
+# doesn't provide better performance for longer keys, at least not on
+# in-order-execution cores. While 512-bit RSA sign operations can be
+# 65% faster in 64-bit mode, 1024-bit ones are only 15% faster, and
+# 4096-bit ones are up to 15% slower. In 32-bit mode it varies from
+# 16% improvement for 512-bit RSA sign to -33% for 4096-bit RSA
+# verify:-( All comparisons are against bn_mul_mont-free assembler.
+# The module might be of interest to embedded system developers, as
+# the code is smaller than 1KB, yet offers >3x improvement on MIPS64
+# and 75-30% [less for longer keys] on MIPS32 over compiler-generated
+# code.
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_ADD="dadd";	# incidentally works even on n32
+	$PTR_SUB="dsub";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$SZREG=8;
+} else {
+	$PTR_ADD="add";
+	$PTR_SUB="sub";
+	$REG_S="sw";
+	$REG_L="lw";
+	$SZREG=4;
+}
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($flavour =~ /64|n32/i) {
+	$LD="ld";
+	$ST="sd";
+	$MULTU="dmultu";
+	$ADDU="daddu";
+	$SUBU="dsubu";
+	$BNSZ=8;
+} else {
+	$LD="lw";
+	$ST="sw";
+	$MULTU="multu";
+	$ADDU="addu";
+	$SUBU="subu";
+	$BNSZ=4;
+}
+
+# int bn_mul_mont(
+$rp=$a0;	# BN_ULONG *rp,
+$ap=$a1;	# const BN_ULONG *ap,
+$bp=$a2;	# const BN_ULONG *bp,
+$np=$a3;	# const BN_ULONG *np,
+$n0=$a4;	# const BN_ULONG *n0,
+$num=$a5;	# int num);
+
+$lo0=$a6;
+$hi0=$a7;
+$lo1=$t1;
+$hi1=$t2;
+$aj=$s0;
+$bi=$s1;
+$nj=$s2;
+$tp=$s3;
+$alo=$s4;
+$ahi=$s5;
+$nlo=$s6;
+$nhi=$s7;
+$tj=$s8;
+$i=$s9;
+$j=$s10;
+$m1=$s11;
+
+$FRAMESIZE=14;
+
+$code=<<___;
+.text
+
+.set	noat
+.set	noreorder
+
+.align	5
+.globl	bn_mul_mont
+.ent	bn_mul_mont
+bn_mul_mont:
+___
+$code.=<<___ if ($flavour =~ /o32/i);
+	lw	$n0,16($sp)
+	lw	$num,20($sp)
+___
+$code.=<<___;
+	slt	$at,$num,4
+	bnez	$at,1f
+	li	$t0,0
+	slt	$at,$num,17	# on in-order CPU
+	bnez	$at,bn_mul_mont_internal
+	nop
+1:	jr	$ra
+	li	$a0,0
+.end	bn_mul_mont
+
+.align	5
+.ent	bn_mul_mont_internal
+bn_mul_mont_internal:
+	.frame	$fp,$FRAMESIZE*$SZREG,$ra
+	.mask	0x40000000|$SAVED_REGS_MASK,-$SZREG
+	$PTR_SUB $sp,$FRAMESIZE*$SZREG
+	$REG_S	$fp,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_S	$s11,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_S	$s10,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_S	$s9,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_S	$s8,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_S	$s7,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_S	$s6,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_S	$s5,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_S	$s4,($FRAMESIZE-9)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_S	$s3,($FRAMESIZE-10)*$SZREG($sp)
+	$REG_S	$s2,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_S	$s1,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_S	$s0,($FRAMESIZE-13)*$SZREG($sp)
+___
+$code.=<<___;
+	move	$fp,$sp
+
+	.set	reorder
+	$LD	$n0,0($n0)
+	$LD	$bi,0($bp)	# bp[0]
+	$LD	$aj,0($ap)	# ap[0]
+	$LD	$nj,0($np)	# np[0]
+
+	$PTR_SUB $sp,2*$BNSZ	# place for two extra words
+	sll	$num,`log($BNSZ)/log(2)`
+	li	$at,-4096
+	$PTR_SUB $sp,$num
+	and	$sp,$at
+
+	$MULTU	$aj,$bi
+	$LD	$alo,$BNSZ($ap)
+	$LD	$nlo,$BNSZ($np)
+	mflo	$lo0
+	mfhi	$hi0
+	$MULTU	$lo0,$n0
+	mflo	$m1
+
+	$MULTU	$alo,$bi
+	mflo	$alo
+	mfhi	$ahi
+
+	$MULTU	$nj,$m1
+	mflo	$lo1
+	mfhi	$hi1
+	$MULTU	$nlo,$m1
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+	mflo	$nlo
+	mfhi	$nhi
+
+	move	$tp,$sp
+	li	$j,2*$BNSZ
+.align	4
+.L1st:
+	.set	noreorder
+	$PTR_ADD $aj,$ap,$j
+	$PTR_ADD $nj,$np,$j
+	$LD	$aj,($aj)
+	$LD	$nj,($nj)
+
+	$MULTU	$aj,$bi
+	$ADDU	$lo0,$alo,$hi0
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo0,$hi0
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$hi1,$nhi,$t0
+	mflo	$alo
+	mfhi	$ahi
+
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$MULTU	$nj,$m1
+	$ADDU	$hi1,$at
+	addu	$j,$BNSZ
+	$ST	$lo1,($tp)
+	sltu	$t0,$j,$num
+	mflo	$nlo
+	mfhi	$nhi
+
+	bnez	$t0,.L1st
+	$PTR_ADD $tp,$BNSZ
+	.set	reorder
+
+	$ADDU	$lo0,$alo,$hi0
+	sltu	$at,$lo0,$hi0
+	$ADDU	$hi0,$ahi,$at
+
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi1,$nhi,$t0
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+
+	$ST	$lo1,($tp)
+
+	$ADDU	$hi1,$hi0
+	sltu	$at,$hi1,$hi0
+	$ST	$hi1,$BNSZ($tp)
+	$ST	$at,2*$BNSZ($tp)
+
+	li	$i,$BNSZ
+.align	4
+.Louter:
+	$PTR_ADD $bi,$bp,$i
+	$LD	$bi,($bi)
+	$LD	$aj,($ap)
+	$LD	$alo,$BNSZ($ap)
+	$LD	$tj,($sp)
+
+	$MULTU	$aj,$bi
+	$LD	$nj,($np)
+	$LD	$nlo,$BNSZ($np)
+	mflo	$lo0
+	mfhi	$hi0
+	$ADDU	$lo0,$tj
+	$MULTU	$lo0,$n0
+	sltu	$at,$lo0,$tj
+	$ADDU	$hi0,$at
+	mflo	$m1
+
+	$MULTU	$alo,$bi
+	mflo	$alo
+	mfhi	$ahi
+
+	$MULTU	$nj,$m1
+	mflo	$lo1
+	mfhi	$hi1
+
+	$MULTU	$nlo,$m1
+	$ADDU	$lo1,$lo0
+	sltu	$at,$lo1,$lo0
+	$ADDU	$hi1,$at
+	mflo	$nlo
+	mfhi	$nhi
+
+	move	$tp,$sp
+	li	$j,2*$BNSZ
+	$LD	$tj,$BNSZ($tp)
+.align	4
+.Linner:
+	.set	noreorder
+	$PTR_ADD $aj,$ap,$j
+	$PTR_ADD $nj,$np,$j
+	$LD	$aj,($aj)
+	$LD	$nj,($nj)
+
+	$MULTU	$aj,$bi
+	$ADDU	$lo0,$alo,$hi0
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo0,$hi0
+	sltu	$t0,$lo1,$hi1
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$hi1,$nhi,$t0
+	mflo	$alo
+	mfhi	$ahi
+
+	$ADDU	$lo0,$tj
+	addu	$j,$BNSZ
+	$MULTU	$nj,$m1
+	sltu	$at,$lo0,$tj
+	$ADDU	$lo1,$lo0
+	$ADDU	$hi0,$at
+	sltu	$t0,$lo1,$lo0
+	$LD	$tj,2*$BNSZ($tp)
+	$ADDU	$hi1,$t0
+	sltu	$at,$j,$num
+	mflo	$nlo
+	mfhi	$nhi
+	$ST	$lo1,($tp)
+	bnez	$at,.Linner
+	$PTR_ADD $tp,$BNSZ
+	.set	reorder
+
+	$ADDU	$lo0,$alo,$hi0
+	sltu	$at,$lo0,$hi0
+	$ADDU	$hi0,$ahi,$at
+	$ADDU	$lo0,$tj
+	sltu	$t0,$lo0,$tj
+	$ADDU	$hi0,$t0
+
+	$LD	$tj,2*$BNSZ($tp)
+	$ADDU	$lo1,$nlo,$hi1
+	sltu	$at,$lo1,$hi1
+	$ADDU	$hi1,$nhi,$at
+	$ADDU	$lo1,$lo0
+	sltu	$t0,$lo1,$lo0
+	$ADDU	$hi1,$t0
+	$ST	$lo1,($tp)
+
+	$ADDU	$lo1,$hi1,$hi0
+	sltu	$hi1,$lo1,$hi0
+	$ADDU	$lo1,$tj
+	sltu	$at,$lo1,$tj
+	$ADDU	$hi1,$at
+	$ST	$lo1,$BNSZ($tp)
+	$ST	$hi1,2*$BNSZ($tp)
+
+	addu	$i,$BNSZ
+	sltu	$t0,$i,$num
+	bnez	$t0,.Louter
+
+	.set	noreorder
+	$PTR_ADD $tj,$sp,$num	# &tp[num]
+	move	$tp,$sp
+	move	$ap,$sp
+	li	$hi0,0		# clear borrow bit
+
+.align	4
+.Lsub:	$LD	$lo0,($tp)
+	$LD	$lo1,($np)
+	$PTR_ADD $tp,$BNSZ
+	$PTR_ADD $np,$BNSZ
+	$SUBU	$lo1,$lo0,$lo1	# tp[i]-np[i]
+	sgtu	$at,$lo1,$lo0
+	$SUBU	$lo0,$lo1,$hi0
+	sgtu	$hi0,$lo0,$lo1
+	$ST	$lo0,($rp)
+	or	$hi0,$at
+	sltu	$at,$tp,$tj
+	bnez	$at,.Lsub
+	$PTR_ADD $rp,$BNSZ
+
+	$SUBU	$hi0,$hi1,$hi0	# handle upmost overflow bit
+	move	$tp,$sp
+	$PTR_SUB $rp,$num	# restore rp
+	not	$hi1,$hi0
+
+	and	$ap,$hi0,$sp
+	and	$bp,$hi1,$rp
+	or	$ap,$ap,$bp	# ap=borrow?tp:rp
+
+.align	4
+.Lcopy:	$LD	$aj,($ap)
+	$PTR_ADD $ap,$BNSZ
+	$ST	$zero,($tp)
+	$PTR_ADD $tp,$BNSZ
+	sltu	$at,$tp,$tj
+	$ST	$aj,($rp)
+	bnez	$at,.Lcopy
+	$PTR_ADD $rp,$BNSZ
+
+	li	$a0,1
+	li	$t0,1
+
+	.set	noreorder
+	move	$sp,$fp
+	$REG_L	$fp,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_L	$s11,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_L	$s10,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_L	$s9,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_L	$s8,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_L	$s7,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_L	$s6,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_L	$s5,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_L	$s4,($FRAMESIZE-9)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,($FRAMESIZE-10)*$SZREG($sp)
+	$REG_L	$s2,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_L	$s1,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_L	$s0,($FRAMESIZE-13)*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE*$SZREG
+.end	bn_mul_mont_internal
+.rdata
+.asciiz	"Montgomery Multiplication for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/mips.pl b/openssl-1.1.0h/crypto/bn/asm/mips.pl
new file mode 100644
index 0000000..420f01f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/mips.pl
@@ -0,0 +1,2241 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project.
+#
+# Rights for redistribution and usage in source and binary forms are
+# granted according to the OpenSSL license. Warranty of any kind is
+# disclaimed.
+# ====================================================================
+
+
+# July 1999
+#
+# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c.
+#
+# The module is designed to work with either of the "new" MIPS ABI(5),
+# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under
+# IRIX 5.x not only because it doesn't support new ABIs but also
+# because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+# 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+# cause illegal instruction exception:-(
+#
+# In addition the code depends on preprocessor flags set up by MIPSpro
+# compiler driver (either as or cc) and therefore (probably?) can't be
+# compiled by the GNU assembler. GNU C driver manages fine though...
+# I mean as long as -mmips-as is specified or is the default option,
+# because then it simply invokes /usr/bin/as which in turn takes
+# perfect care of the preprocessor definitions. Another neat feature
+# offered by the MIPSpro assembler is an optimization pass. This gave
+# me the opportunity to have the code looking more regular as all those
+# architecture dependent instruction rescheduling details were left to
+# the assembler. Cool, huh?
+#
+# Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+# goes way over 3 times faster!
+#
+#					<appro@fy.chalmers.se>
+
+# October 2010
+#
+# Adapt the module even for 32-bit ABIs and other OSes. The former was
+# achieved by mechanical replacement of 64-bit arithmetic instructions
+# such as dmultu, daddu, etc. with their 32-bit counterparts and
+# adjusting offsets denoting multiples of BN_ULONG. Above mentioned
+# >3x performance improvement naturally does not apply to 32-bit code
+# [because there is no instruction 32-bit compiler can't use], one
+# has to content with 40-85% improvement depending on benchmark and
+# key length, more for longer keys.
+
+$flavour = shift || "o32";
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($flavour =~ /64|n32/i) {
+	$LD="ld";
+	$ST="sd";
+	$MULTU="dmultu";
+	$DIVU="ddivu";
+	$ADDU="daddu";
+	$SUBU="dsubu";
+	$SRL="dsrl";
+	$SLL="dsll";
+	$BNSZ=8;
+	$PTR_ADD="daddu";
+	$PTR_SUB="dsubu";
+	$SZREG=8;
+	$REG_S="sd";
+	$REG_L="ld";
+} else {
+	$LD="lw";
+	$ST="sw";
+	$MULTU="multu";
+	$DIVU="divu";
+	$ADDU="addu";
+	$SUBU="subu";
+	$SRL="srl";
+	$SLL="sll";
+	$BNSZ=4;
+	$PTR_ADD="addu";
+	$PTR_SUB="subu";
+	$SZREG=4;
+	$REG_S="sw";
+	$REG_L="lw";
+	$code=".set	mips2\n";
+}
+
+# Below is N32/64 register layout used in the original module.
+#
+($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+($ta0,$ta1,$ta2,$ta3)=($a4,$a5,$a6,$a7);
+#
+# No special adaptation is required for O32. NUBI on the other hand
+# is treated by saving/restoring ($v1,$t0..$t3).
+
+$gp=$v1 if ($flavour =~ /nubi/i);
+
+$minus4=$v1;
+
+$code.=<<___;
+.rdata
+.asciiz	"mips3.s, Version 1.2"
+.asciiz	"MIPS II/III/IV ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>"
+
+.text
+.set	noat
+
+.align	5
+.globl	bn_mul_add_words
+.ent	bn_mul_add_words
+bn_mul_add_words:
+	.set	noreorder
+	bgtz	$a2,bn_mul_add_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_add_words
+
+.align	5
+.ent	bn_mul_add_words_internal
+bn_mul_add_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$a3
+	$LD	$t1,0($a0)
+	$LD	$t2,$BNSZ($a1)
+	$LD	$t3,$BNSZ($a0)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta1,2*$BNSZ($a0)
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0	# All manuals say it "compares 32-bit
+				# values", but it seems to work fine
+				# even on 64-bit registers.
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	 $MULTU	$t2,$a3
+	sltu	$at,$t1,$at
+	$ST	$t1,0($a0)
+	$ADDU	$v0,$at
+
+	$LD	$ta2,3*$BNSZ($a1)
+	$LD	$ta3,3*$BNSZ($a0)
+	$ADDU	$t3,$v0
+	sltu	$v0,$t3,$v0
+	mflo	$at
+	mfhi	$t2
+	$ADDU	$t3,$at
+	$ADDU	$v0,$t2
+	 $MULTU	$ta0,$a3
+	sltu	$at,$t3,$at
+	$ST	$t3,$BNSZ($a0)
+	$ADDU	$v0,$at
+
+	subu	$a2,4
+	$PTR_ADD $a0,4*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	$ADDU	$ta1,$v0
+	sltu	$v0,$ta1,$v0
+	mflo	$at
+	mfhi	$ta0
+	$ADDU	$ta1,$at
+	$ADDU	$v0,$ta0
+	 $MULTU	$ta2,$a3
+	sltu	$at,$ta1,$at
+	$ST	$ta1,-2*$BNSZ($a0)
+	$ADDU	$v0,$at
+
+
+	and	$ta0,$a2,$minus4
+	$ADDU	$ta3,$v0
+	sltu	$v0,$ta3,$v0
+	mflo	$at
+	mfhi	$ta2
+	$ADDU	$ta3,$at
+	$ADDU	$v0,$ta2
+	sltu	$at,$ta3,$at
+	$ST	$ta3,-$BNSZ($a0)
+	.set	noreorder
+	bgtz	$ta0,.L_bn_mul_add_words_loop
+	$ADDU	$v0,$at
+
+	beqz	$a2,.L_bn_mul_add_words_return
+	nop
+
+.L_bn_mul_add_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$a3
+	$LD	$t1,0($a0)
+	subu	$a2,1
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,0($a0)
+	$ADDU	$v0,$at
+	beqz	$a2,.L_bn_mul_add_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	$t0,$a3
+	$LD	$t1,$BNSZ($a0)
+	subu	$a2,1
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$at
+	beqz	$a2,.L_bn_mul_add_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	$t0,$a3
+	$LD	$t1,2*$BNSZ($a0)
+	$ADDU	$t1,$v0
+	sltu	$v0,$t1,$v0
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$t1,$at
+	$ADDU	$v0,$t0
+	sltu	$at,$t1,$at
+	$ST	$t1,2*$BNSZ($a0)
+	$ADDU	$v0,$at
+
+.L_bn_mul_add_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_add_words_internal
+
+.align	5
+.globl	bn_mul_words
+.ent	bn_mul_words
+bn_mul_words:
+	.set	noreorder
+	bgtz	$a2,bn_mul_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_words
+
+.align	5
+.ent	bn_mul_words_internal
+bn_mul_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$a3
+	$LD	$t2,$BNSZ($a1)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta2,3*$BNSZ($a1)
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	 $MULTU	$t2,$a3
+	$ST	$v0,0($a0)
+	$ADDU	$v0,$t1,$t0
+
+	subu	$a2,4
+	$PTR_ADD $a0,4*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	mflo	$at
+	mfhi	$t2
+	$ADDU	$v0,$at
+	sltu	$t3,$v0,$at
+	 $MULTU	$ta0,$a3
+	$ST	$v0,-3*$BNSZ($a0)
+	$ADDU	$v0,$t3,$t2
+
+	mflo	$at
+	mfhi	$ta0
+	$ADDU	$v0,$at
+	sltu	$ta1,$v0,$at
+	 $MULTU	$ta2,$a3
+	$ST	$v0,-2*$BNSZ($a0)
+	$ADDU	$v0,$ta1,$ta0
+
+	and	$ta0,$a2,$minus4
+	mflo	$at
+	mfhi	$ta2
+	$ADDU	$v0,$at
+	sltu	$ta3,$v0,$at
+	$ST	$v0,-$BNSZ($a0)
+	.set	noreorder
+	bgtz	$ta0,.L_bn_mul_words_loop
+	$ADDU	$v0,$ta3,$ta2
+
+	beqz	$a2,.L_bn_mul_words_return
+	nop
+
+.L_bn_mul_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$a3
+	subu	$a2,1
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,0($a0)
+	$ADDU	$v0,$t1,$t0
+	beqz	$a2,.L_bn_mul_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	$t0,$a3
+	subu	$a2,1
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,$BNSZ($a0)
+	$ADDU	$v0,$t1,$t0
+	beqz	$a2,.L_bn_mul_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	$t0,$a3
+	mflo	$at
+	mfhi	$t0
+	$ADDU	$v0,$at
+	sltu	$t1,$v0,$at
+	$ST	$v0,2*$BNSZ($a0)
+	$ADDU	$v0,$t1,$t0
+
+.L_bn_mul_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_mul_words_internal
+
+.align	5
+.globl	bn_sqr_words
+.ent	bn_sqr_words
+bn_sqr_words:
+	.set	noreorder
+	bgtz	$a2,bn_sqr_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_sqr_words
+
+.align	5
+.ent	bn_sqr_words_internal
+bn_sqr_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$ta0,$a2,$minus4
+	beqz	$ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$t0
+	$LD	$t2,$BNSZ($a1)
+	$LD	$ta0,2*$BNSZ($a1)
+	$LD	$ta2,3*$BNSZ($a1)
+	mflo	$t1
+	mfhi	$t0
+	$ST	$t1,0($a0)
+	$ST	$t0,$BNSZ($a0)
+
+	$MULTU	$t2,$t2
+	subu	$a2,4
+	$PTR_ADD $a0,8*$BNSZ
+	$PTR_ADD $a1,4*$BNSZ
+	mflo	$t3
+	mfhi	$t2
+	$ST	$t3,-6*$BNSZ($a0)
+	$ST	$t2,-5*$BNSZ($a0)
+
+	$MULTU	$ta0,$ta0
+	mflo	$ta1
+	mfhi	$ta0
+	$ST	$ta1,-4*$BNSZ($a0)
+	$ST	$ta0,-3*$BNSZ($a0)
+
+
+	$MULTU	$ta2,$ta2
+	and	$ta0,$a2,$minus4
+	mflo	$ta3
+	mfhi	$ta2
+	$ST	$ta3,-2*$BNSZ($a0)
+
+	.set	noreorder
+	bgtz	$ta0,.L_bn_sqr_words_loop
+	$ST	$ta2,-$BNSZ($a0)
+
+	beqz	$a2,.L_bn_sqr_words_return
+	nop
+
+.L_bn_sqr_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$MULTU	$t0,$t0
+	subu	$a2,1
+	mflo	$t1
+	mfhi	$t0
+	$ST	$t1,0($a0)
+	$ST	$t0,$BNSZ($a0)
+	beqz	$a2,.L_bn_sqr_words_return
+
+	$LD	$t0,$BNSZ($a1)
+	$MULTU	$t0,$t0
+	subu	$a2,1
+	mflo	$t1
+	mfhi	$t0
+	$ST	$t1,2*$BNSZ($a0)
+	$ST	$t0,3*$BNSZ($a0)
+	beqz	$a2,.L_bn_sqr_words_return
+
+	$LD	$t0,2*$BNSZ($a1)
+	$MULTU	$t0,$t0
+	mflo	$t1
+	mfhi	$t0
+	$ST	$t1,4*$BNSZ($a0)
+	$ST	$t0,5*$BNSZ($a0)
+
+.L_bn_sqr_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+
+.end	bn_sqr_words_internal
+
+.align	5
+.globl	bn_add_words
+.ent	bn_add_words
+bn_add_words:
+	.set	noreorder
+	bgtz	$a3,bn_add_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$v0
+.end	bn_add_words
+
+.align	5
+.ent	bn_add_words_internal
+bn_add_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$at,$a3,$minus4
+	beqz	$at,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,4
+	$LD	$t1,$BNSZ($a1)
+	and	$at,$a3,$minus4
+	$LD	$t2,2*$BNSZ($a1)
+	$PTR_ADD $a2,4*$BNSZ
+	$LD	$t3,3*$BNSZ($a1)
+	$PTR_ADD $a0,4*$BNSZ
+	$LD	$ta1,-3*$BNSZ($a2)
+	$PTR_ADD $a1,4*$BNSZ
+	$LD	$ta2,-2*$BNSZ($a2)
+	$LD	$ta3,-$BNSZ($a2)
+	$ADDU	$ta0,$t0
+	sltu	$t8,$ta0,$t0
+	$ADDU	$t0,$ta0,$v0
+	sltu	$v0,$t0,$ta0
+	$ST	$t0,-4*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	$ADDU	$ta1,$t1
+	sltu	$t9,$ta1,$t1
+	$ADDU	$t1,$ta1,$v0
+	sltu	$v0,$t1,$ta1
+	$ST	$t1,-3*$BNSZ($a0)
+	$ADDU	$v0,$t9
+
+	$ADDU	$ta2,$t2
+	sltu	$t8,$ta2,$t2
+	$ADDU	$t2,$ta2,$v0
+	sltu	$v0,$t2,$ta2
+	$ST	$t2,-2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+	
+	$ADDU	$ta3,$t3
+	sltu	$t9,$ta3,$t3
+	$ADDU	$t3,$ta3,$v0
+	sltu	$v0,$t3,$ta3
+	$ST	$t3,-$BNSZ($a0)
+	
+	.set	noreorder
+	bgtz	$at,.L_bn_add_words_loop
+	$ADDU	$v0,$t9
+
+	beqz	$a3,.L_bn_add_words_return
+	nop
+
+.L_bn_add_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	$ADDU	$ta0,$t0
+	subu	$a3,1
+	sltu	$t8,$ta0,$t0
+	$ADDU	$t0,$ta0,$v0
+	sltu	$v0,$t0,$ta0
+	$ST	$t0,0($a0)
+	$ADDU	$v0,$t8
+	beqz	$a3,.L_bn_add_words_return
+
+	$LD	$t1,$BNSZ($a1)
+	$LD	$ta1,$BNSZ($a2)
+	$ADDU	$ta1,$t1
+	subu	$a3,1
+	sltu	$t9,$ta1,$t1
+	$ADDU	$t1,$ta1,$v0
+	sltu	$v0,$t1,$ta1
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$t9
+	beqz	$a3,.L_bn_add_words_return
+
+	$LD	$t2,2*$BNSZ($a1)
+	$LD	$ta2,2*$BNSZ($a2)
+	$ADDU	$ta2,$t2
+	sltu	$t8,$ta2,$t2
+	$ADDU	$t2,$ta2,$v0
+	sltu	$v0,$t2,$ta2
+	$ST	$t2,2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+.L_bn_add_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+
+.end	bn_add_words_internal
+
+.align	5
+.globl	bn_sub_words
+.ent	bn_sub_words
+bn_sub_words:
+	.set	noreorder
+	bgtz	$a3,bn_sub_words_internal
+	move	$v0,$zero
+	jr	$ra
+	move	$a0,$zero
+.end	bn_sub_words
+
+.align	5
+.ent	bn_sub_words_internal
+bn_sub_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	li	$minus4,-4
+	and	$at,$a3,$minus4
+	beqz	$at,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,4
+	$LD	$t1,$BNSZ($a1)
+	and	$at,$a3,$minus4
+	$LD	$t2,2*$BNSZ($a1)
+	$PTR_ADD $a2,4*$BNSZ
+	$LD	$t3,3*$BNSZ($a1)
+	$PTR_ADD $a0,4*$BNSZ
+	$LD	$ta1,-3*$BNSZ($a2)
+	$PTR_ADD $a1,4*$BNSZ
+	$LD	$ta2,-2*$BNSZ($a2)
+	$LD	$ta3,-$BNSZ($a2)
+	sltu	$t8,$t0,$ta0
+	$SUBU	$ta0,$t0,$ta0
+	$SUBU	$t0,$ta0,$v0
+	sgtu	$v0,$t0,$ta0
+	$ST	$t0,-4*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	sltu	$t9,$t1,$ta1
+	$SUBU	$ta1,$t1,$ta1
+	$SUBU	$t1,$ta1,$v0
+	sgtu	$v0,$t1,$ta1
+	$ST	$t1,-3*$BNSZ($a0)
+	$ADDU	$v0,$t9
+
+
+	sltu	$t8,$t2,$ta2
+	$SUBU	$ta2,$t2,$ta2
+	$SUBU	$t2,$ta2,$v0
+	sgtu	$v0,$t2,$ta2
+	$ST	$t2,-2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+	sltu	$t9,$t3,$ta3
+	$SUBU	$ta3,$t3,$ta3
+	$SUBU	$t3,$ta3,$v0
+	sgtu	$v0,$t3,$ta3
+	$ST	$t3,-$BNSZ($a0)
+
+	.set	noreorder
+	bgtz	$at,.L_bn_sub_words_loop
+	$ADDU	$v0,$t9
+
+	beqz	$a3,.L_bn_sub_words_return
+	nop
+
+.L_bn_sub_words_tail:
+	.set	reorder
+	$LD	$t0,0($a1)
+	$LD	$ta0,0($a2)
+	subu	$a3,1
+	sltu	$t8,$t0,$ta0
+	$SUBU	$ta0,$t0,$ta0
+	$SUBU	$t0,$ta0,$v0
+	sgtu	$v0,$t0,$ta0
+	$ST	$t0,0($a0)
+	$ADDU	$v0,$t8
+	beqz	$a3,.L_bn_sub_words_return
+
+	$LD	$t1,$BNSZ($a1)
+	subu	$a3,1
+	$LD	$ta1,$BNSZ($a2)
+	sltu	$t9,$t1,$ta1
+	$SUBU	$ta1,$t1,$ta1
+	$SUBU	$t1,$ta1,$v0
+	sgtu	$v0,$t1,$ta1
+	$ST	$t1,$BNSZ($a0)
+	$ADDU	$v0,$t9
+	beqz	$a3,.L_bn_sub_words_return
+
+	$LD	$t2,2*$BNSZ($a1)
+	$LD	$ta2,2*$BNSZ($a2)
+	sltu	$t8,$t2,$ta2
+	$SUBU	$ta2,$t2,$ta2
+	$SUBU	$t2,$ta2,$v0
+	sgtu	$v0,$t2,$ta2
+	$ST	$t2,2*$BNSZ($a0)
+	$ADDU	$v0,$t8
+
+.L_bn_sub_words_return:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_sub_words_internal
+
+.align 5
+.globl	bn_div_3_words
+.ent	bn_div_3_words
+bn_div_3_words:
+	.set	noreorder
+	move	$a3,$a0		# we know that bn_div_words does not
+				# touch $a3, $ta2, $ta3 and preserves $a2
+				# so that we can save two arguments
+				# and return address in registers
+				# instead of stack:-)
+				
+	$LD	$a0,($a3)
+	move	$ta2,$a1
+	bne	$a0,$a2,bn_div_3_words_internal
+	$LD	$a1,-$BNSZ($a3)
+	li	$v0,-1
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_3_words
+
+.align	5
+.ent	bn_div_3_words_internal
+bn_div_3_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	move	$ta3,$ra
+	bal	bn_div_words_internal
+	move	$ra,$ta3
+	$MULTU	$ta2,$v0
+	$LD	$t2,-2*$BNSZ($a3)
+	move	$ta0,$zero
+	mfhi	$t1
+	mflo	$t0
+	sltu	$t8,$t1,$a1
+.L_bn_div_3_words_inner_loop:
+	bnez	$t8,.L_bn_div_3_words_inner_loop_done
+	sgeu	$at,$t2,$t0
+	seq	$t9,$t1,$a1
+	and	$at,$t9
+	sltu	$t3,$t0,$ta2
+	$ADDU	$a1,$a2
+	$SUBU	$t1,$t3
+	$SUBU	$t0,$ta2
+	sltu	$t8,$t1,$a1
+	sltu	$ta0,$a1,$a2
+	or	$t8,$ta0
+	.set	noreorder
+	beqz	$at,.L_bn_div_3_words_inner_loop
+	$SUBU	$v0,1
+	$ADDU	$v0,1
+	.set	reorder
+.L_bn_div_3_words_inner_loop_done:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_3_words_internal
+
+.align	5
+.globl	bn_div_words
+.ent	bn_div_words
+bn_div_words:
+	.set	noreorder
+	bnez	$a2,bn_div_words_internal
+	li	$v0,-1		# I would rather signal div-by-zero
+				# which can be done with 'break 7'
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_words
+
+.align	5
+.ent	bn_div_words_internal
+bn_div_words_internal:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	move	$v1,$zero
+	bltz	$a2,.L_bn_div_words_body
+	move	$t9,$v1
+	$SLL	$a2,1
+	bgtz	$a2,.-4
+	addu	$t9,1
+
+	.set	reorder
+	negu	$t1,$t9
+	li	$t2,-1
+	$SLL	$t2,$t1
+	and	$t2,$a0
+	$SRL	$at,$a1,$t1
+	.set	noreorder
+	beqz	$t2,.+12
+	nop
+	break	6		# signal overflow
+	.set	reorder
+	$SLL	$a0,$t9
+	$SLL	$a1,$t9
+	or	$a0,$at
+___
+$QT=$ta0;
+$HH=$ta1;
+$DH=$v1;
+$code.=<<___;
+.L_bn_div_words_body:
+	$SRL	$DH,$a2,4*$BNSZ	# bits
+	sgeu	$at,$a0,$a2
+	.set	noreorder
+	beqz	$at,.+12
+	nop
+	$SUBU	$a0,$a2
+	.set	reorder
+
+	li	$QT,-1
+	$SRL	$HH,$a0,4*$BNSZ	# bits
+	$SRL	$QT,4*$BNSZ	# q=0xffffffff
+	beq	$DH,$HH,.L_bn_div_words_skip_div1
+	$DIVU	$zero,$a0,$DH
+	mflo	$QT
+.L_bn_div_words_skip_div1:
+	$MULTU	$a2,$QT
+	$SLL	$t3,$a0,4*$BNSZ	# bits
+	$SRL	$at,$a1,4*$BNSZ	# bits
+	or	$t3,$at
+	mflo	$t0
+	mfhi	$t1
+.L_bn_div_words_inner_loop1:
+	sltu	$t2,$t3,$t0
+	seq	$t8,$HH,$t1
+	sltu	$at,$HH,$t1
+	and	$t2,$t8
+	sltu	$v0,$t0,$a2
+	or	$at,$t2
+	.set	noreorder
+	beqz	$at,.L_bn_div_words_inner_loop1_done
+	$SUBU	$t1,$v0
+	$SUBU	$t0,$a2
+	b	.L_bn_div_words_inner_loop1
+	$SUBU	$QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop1_done:
+
+	$SLL	$a1,4*$BNSZ	# bits
+	$SUBU	$a0,$t3,$t0
+	$SLL	$v0,$QT,4*$BNSZ	# bits
+
+	li	$QT,-1
+	$SRL	$HH,$a0,4*$BNSZ	# bits
+	$SRL	$QT,4*$BNSZ	# q=0xffffffff
+	beq	$DH,$HH,.L_bn_div_words_skip_div2
+	$DIVU	$zero,$a0,$DH
+	mflo	$QT
+.L_bn_div_words_skip_div2:
+	$MULTU	$a2,$QT
+	$SLL	$t3,$a0,4*$BNSZ	# bits
+	$SRL	$at,$a1,4*$BNSZ	# bits
+	or	$t3,$at
+	mflo	$t0
+	mfhi	$t1
+.L_bn_div_words_inner_loop2:
+	sltu	$t2,$t3,$t0
+	seq	$t8,$HH,$t1
+	sltu	$at,$HH,$t1
+	and	$t2,$t8
+	sltu	$v1,$t0,$a2
+	or	$at,$t2
+	.set	noreorder
+	beqz	$at,.L_bn_div_words_inner_loop2_done
+	$SUBU	$t1,$v1
+	$SUBU	$t0,$a2
+	b	.L_bn_div_words_inner_loop2
+	$SUBU	$QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop2_done:
+
+	$SUBU	$a0,$t3,$t0
+	or	$v0,$QT
+	$SRL	$v1,$a0,$t9	# $v1 contains remainder if anybody wants it
+	$SRL	$a2,$t9		# restore $a2
+
+	.set	noreorder
+	move	$a1,$v1
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	move	$a0,$v0
+.end	bn_div_words_internal
+___
+undef $HH; undef $QT; undef $DH;
+
+($a_0,$a_1,$a_2,$a_3)=($t0,$t1,$t2,$t3);
+($b_0,$b_1,$b_2,$b_3)=($ta0,$ta1,$ta2,$ta3);
+
+($a_4,$a_5,$a_6,$a_7)=($s0,$s2,$s4,$a1); # once we load a[7], no use for $a1
+($b_4,$b_5,$b_6,$b_7)=($s1,$s3,$s5,$a2); # once we load b[7], no use for $a2
+
+($t_1,$t_2,$c_1,$c_2,$c_3)=($t8,$t9,$v0,$v1,$a3);
+
+$code.=<<___;
+
+.align	5
+.globl	bn_mul_comba8
+.ent	bn_mul_comba8
+bn_mul_comba8:
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,12*$SZREG,$ra
+	.mask	0x803ff008,-$SZREG
+	$PTR_SUB $sp,12*$SZREG
+	$REG_S	$ra,11*$SZREG($sp)
+	$REG_S	$s5,10*$SZREG($sp)
+	$REG_S	$s4,9*$SZREG($sp)
+	$REG_S	$s3,8*$SZREG($sp)
+	$REG_S	$s2,7*$SZREG($sp)
+	$REG_S	$s1,6*$SZREG($sp)
+	$REG_S	$s0,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___ if ($flavour !~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x003f0000,-$SZREG
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$s5,5*$SZREG($sp)
+	$REG_S	$s4,4*$SZREG($sp)
+	$REG_S	$s3,3*$SZREG($sp)
+	$REG_S	$s2,2*$SZREG($sp)
+	$REG_S	$s1,1*$SZREG($sp)
+	$REG_S	$s0,0*$SZREG($sp)
+___
+$code.=<<___;
+
+	.set	reorder
+	$LD	$a_0,0($a1)	# If compiled with -mips3 option on
+				# R5000 box assembler barks on this
+				# 1ine with "should not have mult/div
+				# as last instruction in bb (R10K
+				# bug)" warning. If anybody out there
+				# has a clue about how to circumvent
+				# this do send me a note.
+				#		<appro\@fy.chalmers.se>
+
+	$LD	$b_0,0($a2)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_3,3*$BNSZ($a1)
+	$LD	$b_1,$BNSZ($a2)
+	$LD	$b_2,2*$BNSZ($a2)
+	$LD	$b_3,3*$BNSZ($a2)
+	mflo	$c_1
+	mfhi	$c_2
+
+	$LD	$a_4,4*$BNSZ($a1)
+	$LD	$a_5,5*$BNSZ($a1)
+	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	$a_6,6*$BNSZ($a1)
+	$LD	$a_7,7*$BNSZ($a1)
+	$LD	$b_4,4*$BNSZ($a2)
+	$LD	$b_5,5*$BNSZ($a2)
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$ADDU	$c_3,$t_2,$at
+	$LD	$b_6,6*$BNSZ($a2)
+	$LD	$b_7,7*$BNSZ($a2)
+	$ST	$c_1,0($a0)	# r[0]=c1;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	$ST	$c_2,$BNSZ($a0)	# r[1]=c2;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)	# r[2]=c3;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_4,$b_0		# mul_add_c(a[4],b[0],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,3*$BNSZ($a0)	# r[3]=c1;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_0,$b_4		# mul_add_c(a[0],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_0,$b_5		# mul_add_c(a[0],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)	# r[4]=c2;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_1,$b_4		# mul_add_c(a[1],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_4,$b_1		# mul_add_c(a[4],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_5,$b_0		# mul_add_c(a[5],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_6,$b_0		# mul_add_c(a[6],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,5*$BNSZ($a0)	# r[5]=c3;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_5,$b_1		# mul_add_c(a[5],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_4,$b_2		# mul_add_c(a[4],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_2,$b_4		# mul_add_c(a[2],b[4],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_1,$b_5		# mul_add_c(a[1],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_0,$b_6		# mul_add_c(a[0],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_0,$b_7		# mul_add_c(a[0],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,6*$BNSZ($a0)	# r[6]=c1;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_1,$b_6		# mul_add_c(a[1],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_2,$b_5		# mul_add_c(a[2],b[5],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_3,$b_4		# mul_add_c(a[3],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_4,$b_3		# mul_add_c(a[4],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_5,$b_2		# mul_add_c(a[5],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_6,$b_1		# mul_add_c(a[6],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_7,$b_0		# mul_add_c(a[7],b[0],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_7,$b_1		# mul_add_c(a[7],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,7*$BNSZ($a0)	# r[7]=c2;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_6,$b_2		# mul_add_c(a[6],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_5,$b_3		# mul_add_c(a[5],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_4,$b_4		# mul_add_c(a[4],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_3,$b_5		# mul_add_c(a[3],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_2,$b_6		# mul_add_c(a[2],b[6],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_1,$b_7		# mul_add_c(a[1],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_2,$b_7		# mul_add_c(a[2],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,8*$BNSZ($a0)	# r[8]=c3;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_3,$b_6		# mul_add_c(a[3],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_4,$b_5		# mul_add_c(a[4],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_5,$b_4		# mul_add_c(a[5],b[4],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_6,$b_3		# mul_add_c(a[6],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_7,$b_2		# mul_add_c(a[7],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_7,$b_3		# mul_add_c(a[7],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,9*$BNSZ($a0)	# r[9]=c1;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_6,$b_4		# mul_add_c(a[6],b[4],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_5,$b_5		# mul_add_c(a[5],b[5],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_4,$b_6		# mul_add_c(a[4],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_3,$b_7		# mul_add_c(a[3],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_4,$b_7		# mul_add_c(a[4],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,10*$BNSZ($a0)	# r[10]=c2;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_5,$b_6		# mul_add_c(a[5],b[6],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_6,$b_5		# mul_add_c(a[6],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_7,$b_4		# mul_add_c(a[7],b[4],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_7,$b_5		# mul_add_c(a[7],b[5],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,11*$BNSZ($a0)	# r[11]=c3;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_6,$b_6		# mul_add_c(a[6],b[6],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_5,$b_7		# mul_add_c(a[5],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_6,$b_7		# mul_add_c(a[6],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,12*$BNSZ($a0)	# r[12]=c1;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_7,$b_6		# mul_add_c(a[7],b[6],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_7,$b_7		# mul_add_c(a[7],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,13*$BNSZ($a0)	# r[13]=c2;
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	$ST	$c_3,14*$BNSZ($a0)	# r[14]=c3;
+	$ST	$c_1,15*$BNSZ($a0)	# r[15]=c1;
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s5,10*$SZREG($sp)
+	$REG_L	$s4,9*$SZREG($sp)
+	$REG_L	$s3,8*$SZREG($sp)
+	$REG_L	$s2,7*$SZREG($sp)
+	$REG_L	$s1,6*$SZREG($sp)
+	$REG_L	$s0,5*$SZREG($sp)
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	jr	$ra
+	$PTR_ADD $sp,12*$SZREG
+___
+$code.=<<___ if ($flavour !~ /nubi/i);
+	$REG_L	$s5,5*$SZREG($sp)
+	$REG_L	$s4,4*$SZREG($sp)
+	$REG_L	$s3,3*$SZREG($sp)
+	$REG_L	$s2,2*$SZREG($sp)
+	$REG_L	$s1,1*$SZREG($sp)
+	$REG_L	$s0,0*$SZREG($sp)
+	jr	$ra
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+.end	bn_mul_comba8
+
+.align	5
+.globl	bn_mul_comba4
+.ent	bn_mul_comba4
+bn_mul_comba4:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$b_0,0($a2)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_3,3*$BNSZ($a1)
+	$LD	$b_1,$BNSZ($a2)
+	$LD	$b_2,2*$BNSZ($a2)
+	$LD	$b_3,3*$BNSZ($a2)
+	mflo	$c_1
+	mfhi	$c_2
+	$ST	$c_1,0($a0)
+
+	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
+	$ADDU	$c_3,$t_2,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	$ST	$c_2,$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$c_3,$c_2,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,3*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$c_1,$c_3,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$c_2,$c_1,$t_2
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,5*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	$ST	$c_1,6*$BNSZ($a0)
+	$ST	$c_2,7*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_mul_comba4
+___
+
+($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3);
+
+sub add_c2 () {
+my ($hi,$lo,$c0,$c1,$c2,
+    $warm,      # !$warm denotes first call with specific sequence of
+                # $c_[XYZ] when there is no Z-carry to accumulate yet;
+    $an,$bn     # these two are arguments for multiplication which
+                # result is used in *next* step [which is why it's
+                # commented as "forward multiplication" below];
+    )=@_;
+$code.=<<___;
+	mflo	$lo
+	mfhi	$hi
+	$ADDU	$c0,$lo
+	sltu	$at,$c0,$lo
+	 $MULTU	$an,$bn			# forward multiplication
+	$ADDU	$c0,$lo
+	$ADDU	$at,$hi
+	sltu	$lo,$c0,$lo
+	$ADDU	$c1,$at
+	$ADDU	$hi,$lo
+___
+$code.=<<___	if (!$warm);
+	sltu	$c2,$c1,$at
+	$ADDU	$c1,$hi
+	sltu	$hi,$c1,$hi
+	$ADDU	$c2,$hi
+___
+$code.=<<___	if ($warm);
+	sltu	$at,$c1,$at
+	$ADDU	$c1,$hi
+	$ADDU	$c2,$at
+	sltu	$hi,$c1,$hi
+	$ADDU	$c2,$hi
+___
+}
+
+$code.=<<___;
+
+.align	5
+.globl	bn_sqr_comba8
+.ent	bn_sqr_comba8
+bn_sqr_comba8:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$a_1,$BNSZ($a1)
+	$LD	$a_2,2*$BNSZ($a1)
+	$LD	$a_3,3*$BNSZ($a1)
+
+	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_4,4*$BNSZ($a1)
+	$LD	$a_5,5*$BNSZ($a1)
+	$LD	$a_6,6*$BNSZ($a1)
+	$LD	$a_7,7*$BNSZ($a1)
+	mflo	$c_1
+	mfhi	$c_2
+	$ST	$c_1,0($a0)
+
+	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	$t_1
+	mfhi	$t_2
+	slt	$c_1,$t_2,$zero
+	$SLL	$t_2,1
+	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	slt	$a2,$t_1,$zero
+	$ADDU	$t_2,$a2
+	$SLL	$t_1,1
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$ADDU	$c_3,$t_2,$at
+	$ST	$c_2,$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_1,$a_2);		# mul_add_c2(a[1],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_0);		# mul_add_c2(a[4],b[0],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,3*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_0,$a_5		# mul_add_c2(a[0],b[5],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_4);		# mul_add_c2(a[1],b[4],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_2,$a_3);		# mul_add_c2(a[2],b[3],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_6,$a_0);		# mul_add_c2(a[6],b[0],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,5*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_5,$a_1);		# mul_add_c2(a[5],b[1],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_2);		# mul_add_c2(a[4],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_0,$a_7		# mul_add_c2(a[0],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,6*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_1,$a_6);		# mul_add_c2(a[1],b[6],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_2,$a_5);		# mul_add_c2(a[2],b[5],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_3,$a_4);		# mul_add_c2(a[3],b[4],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_7,$a_1);		# mul_add_c2(a[7],b[1],c3,c1,c2);
+$code.=<<___;
+	$ST	$c_2,7*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_6,$a_2);		# mul_add_c2(a[6],b[2],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_5,$a_3);		# mul_add_c2(a[5],b[3],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_4,$a_4);		# mul_add_c(a[4],b[4],c3,c1,c2);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_2,$a_7		# mul_add_c2(a[2],b[7],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,8*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_3,$a_6);		# mul_add_c2(a[3],b[6],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_4,$a_5);		# mul_add_c2(a[4],b[5],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_7,$a_3);		# mul_add_c2(a[7],b[3],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,9*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_6,$a_4);		# mul_add_c2(a[6],b[4],c2,c3,c1);
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+		$a_5,$a_5);		# mul_add_c(a[5],b[5],c2,c3,c1);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_4,$a_7		# mul_add_c2(a[4],b[7],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,10*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_5,$a_6);		# mul_add_c2(a[5],b[6],c3,c1,c2);
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+		$a_7,$a_5);		# mul_add_c2(a[7],b[5],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,11*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_6,$a_6);		# mul_add_c(a[6],b[6],c1,c2,c3);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	 $MULTU	$a_6,$a_7		# mul_add_c2(a[6],b[7],c2,c3,c1);
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	sltu	$at,$c_2,$t_2
+	$ADDU	$c_3,$at
+	$ST	$c_1,12*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_7,$a_7);		# mul_add_c(a[7],b[7],c3,c1,c2);
+$code.=<<___;
+	$ST	$c_2,13*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	$ST	$c_3,14*$BNSZ($a0)
+	$ST	$c_1,15*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_sqr_comba8
+
+.align	5
+.globl	bn_sqr_comba4
+.ent	bn_sqr_comba4
+bn_sqr_comba4:
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	.frame	$sp,6*$SZREG,$ra
+	.mask	0x8000f008,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,6*$SZREG
+	$REG_S	$ra,5*$SZREG($sp)
+	$REG_S	$t3,4*$SZREG($sp)
+	$REG_S	$t2,3*$SZREG($sp)
+	$REG_S	$t1,2*$SZREG($sp)
+	$REG_S	$t0,1*$SZREG($sp)
+	$REG_S	$gp,0*$SZREG($sp)
+___
+$code.=<<___;
+	.set	reorder
+	$LD	$a_0,0($a1)
+	$LD	$a_1,$BNSZ($a1)
+	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	$a_2,2*$BNSZ($a1)
+	$LD	$a_3,3*$BNSZ($a1)
+	mflo	$c_1
+	mfhi	$c_2
+	$ST	$c_1,0($a0)
+
+	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
+	mflo	$t_1
+	mfhi	$t_2
+	slt	$c_1,$t_2,$zero
+	$SLL	$t_2,1
+	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
+	slt	$a2,$t_1,$zero
+	$ADDU	$t_2,$a2
+	$SLL	$t_1,1
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	$ADDU	$c_3,$t_2,$at
+	$ST	$c_2,$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_3,$t_1
+	sltu	$at,$c_3,$t_1
+	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
+	$ADDU	$t_2,$at
+	$ADDU	$c_1,$t_2
+	sltu	$at,$c_1,$t_2
+	$ADDU	$c_2,$at
+	$ST	$c_3,2*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+		$a_1,$a_2);		# mul_add_c2(a2[1],b[2],c1,c2,c3);
+	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
+$code.=<<___;
+	$ST	$c_1,3*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_2,$t_1
+	sltu	$at,$c_2,$t_1
+	 $MULTU	$a_2,$a_3		# mul_add_c2(a[2],b[3],c3,c1,c2);
+	$ADDU	$t_2,$at
+	$ADDU	$c_3,$t_2
+	sltu	$at,$c_3,$t_2
+	$ADDU	$c_1,$at
+	$ST	$c_2,4*$BNSZ($a0)
+___
+	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
+	$ST	$c_3,5*$BNSZ($a0)
+
+	mflo	$t_1
+	mfhi	$t_2
+	$ADDU	$c_1,$t_1
+	sltu	$at,$c_1,$t_1
+	$ADDU	$t_2,$at
+	$ADDU	$c_2,$t_2
+	$ST	$c_1,6*$BNSZ($a0)
+	$ST	$c_2,7*$BNSZ($a0)
+
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$t3,4*$SZREG($sp)
+	$REG_L	$t2,3*$SZREG($sp)
+	$REG_L	$t1,2*$SZREG($sp)
+	$REG_L	$t0,1*$SZREG($sp)
+	$REG_L	$gp,0*$SZREG($sp)
+	$PTR_ADD $sp,6*$SZREG
+___
+$code.=<<___;
+	jr	$ra
+	nop
+.end	bn_sqr_comba4
+___
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/pa-risc2.s b/openssl-1.1.0h/crypto/bn/asm/pa-risc2.s
new file mode 100644
index 0000000..413eac7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/pa-risc2.s
@@ -0,0 +1,1624 @@
+; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+;
+; Licensed under the OpenSSL license (the "License").  You may not use
+; this file except in compliance with the License.  You can obtain a copy
+; in the file LICENSE in the source distribution or at
+; https://www.openssl.org/source/license.html
+;
+; PA-RISC 2.0 implementation of bn_asm code, based on the
+; 64-bit version of the code.  This code is effectively the
+; same as the 64-bit version except the register model is
+; slightly different given all values must be 32-bit between
+; function calls.  Thus the 64-bit return values are returned
+; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
+;
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+	.level	2.0N
+	.space	$TEXT$
+	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 32-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28,r29  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+n           .reg %r23
+
+;
+; Note that the "w" argument for bn_mul_add_words and bn_mul_words
+; is passed on the stack at a delta of -56 from the top of stack
+; as the routine is entered.
+;
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r23
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;								int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg3 = num
+; -56(sp) =  w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+	.proc
+	.callinfo frame=128
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP                         ; Needed to make the loop 16-byte aligned
+	NOP                         ; needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+	NOP
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+
+    STD     %r8,40(%sp)         ; save r8  
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+	LDO     128(%sp),%sp        ; bump stack
+
+	;
+	; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+	;
+	CMPIB,= 1,num,bn_mul_add_words_single_top
+	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+	LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret1            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+	
+    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg3 = num
+; w on stack at -56(sp)
+
+bn_mul_words
+	.proc
+	.callinfo frame=128
+    .entry
+	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+	LDO     128(%sp),%sp    ; bump stack
+
+	;
+	; See if only 1 word to do, thus just do cleanup
+	;
+	CMPIB,= 1,num,bn_mul_words_single_top
+	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+	COPY    ht_1,%ret1                ; carry = ht
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret1                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; If only 1, the goto straight to cleanup
+	;
+	CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+	.proc
+    .entry
+	.callinfo
+	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_add_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_add_words_unroll2
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+	ADD     t,%ret1,t                    ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1                ; set c to carry
+	ADD     t,b,l                        ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1              ; c+= carry
+	STD     l,0(r_ptr)
+
+	LDD     8(a_ptr),t
+	LDD     8(b_ptr),b
+	ADD     t,%ret1,t                     ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1                 ; set c to carry
+	ADD     t,b,l                         ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1               ; c+= carry
+	STD     l,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_add_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+
+	ADD     t,%ret1,t                 ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
+	ADD     t,b,l                     ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1           ; c+= carry
+	STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+	.proc
+	.callinfo 
+	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_sub_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_sub_words_unroll2
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
+
+	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+	STD     sub_tmp1,0(r_ptr)
+
+	LDD     8(a_ptr),t1
+	LDD     8(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+	STD     sub_tmp1,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_sub_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+
+	STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just output from the HP C compiler.  
+;
+;------------------------------------------------------------------------------
+bn_div_words
+	.PROC
+	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+	.IMPORT	BN_num_bits_word,CODE
+	;--- not PIC	.IMPORT	__iob,DATA
+	;--- not PIC	.IMPORT	fprintf,CODE
+	.IMPORT	abort,CODE
+	.IMPORT	$$div2U,MILLICODE
+	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .ENTRY
+        STW     %r2,-20(%r30)   ;offset 0x8ec
+        STW,MA  %r3,192(%r30)   ;offset 0x8f0
+        STW     %r4,-188(%r30)  ;offset 0x8f4
+        DEPD    %r5,31,32,%r6   ;offset 0x8f8
+        STD     %r6,-184(%r30)  ;offset 0x8fc
+        DEPD    %r7,31,32,%r8   ;offset 0x900
+        STD     %r8,-176(%r30)  ;offset 0x904
+        STW     %r9,-168(%r30)  ;offset 0x908
+        LDD     -248(%r30),%r3  ;offset 0x90c
+        COPY    %r26,%r4        ;offset 0x910
+        COPY    %r24,%r5        ;offset 0x914
+        DEPD    %r25,31,32,%r4  ;offset 0x918
+        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
+        DEPD    %r23,31,32,%r5  ;offset 0x920
+        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
+        EXTRD,U %r29,31,32,%r28 ;offset 0x928
+$0006002A
+        LDO     -1(%r29),%r29   ;offset 0x92c
+        SUB     %r23,%r7,%r23   ;offset 0x930
+$00060024
+        SUB     %r4,%r31,%r25   ;offset 0x934
+        AND     %r25,%r19,%r26  ;offset 0x938
+        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
+        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
+        OR      %r20,%r24,%r21  ;offset 0x944
+        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
+        SUB     %r31,%r2,%r31   ;offset 0x94c
+$00060046
+$0006002E
+        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
+        EXTRD,U %r23,31,32,%r26 ;offset 0x954
+        AND     %r25,%r19,%r24  ;offset 0x958
+        ADD,L   %r31,%r26,%r31  ;offset 0x95c
+        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
+        LDO     1(%r31),%r31    ;offset 0x964
+$00060032
+        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
+        LDO     -1(%r29),%r29   ;offset 0x96c
+        ADD,L   %r4,%r3,%r4     ;offset 0x970
+$00060036
+        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
+        SUB     %r5,%r24,%r28   ;offset 0x978
+$0006003A
+        SUB     %r4,%r31,%r24   ;offset 0x97c
+        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
+        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
+        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
+$0006001C
+        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
+        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
+        MOVB,TR %r6,%r29,$D1    ;offset 0x994
+        STD     %r29,-152(%r30) ;offset 0x998
+$0006000C
+        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
+        COPY    %r3,%r26        ;offset 0x9a0
+        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
+        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
+        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
+        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
+        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
+        LDI     64,%r20 ;offset 0x9b4
+        DEPD    %r7,31,32,%r5   ;offset 0x9b8
+        DEPD    %r8,31,32,%r4   ;offset 0x9bc
+        DEPD    %r9,31,32,%r3   ;offset 0x9c0
+        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
+        COPY    %r28,%r24       ;offset 0x9c8
+        MTSARCM %r24    ;offset 0x9cc
+        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
+        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
+$00060012
+        SUBI    64,%r24,%r31    ;offset 0x9d8
+        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
+        SUB     %r4,%r3,%r4     ;offset 0x9e0
+$00060016
+        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
+        COPY    %r0,%r9 ;offset 0x9e8
+        MTSARCM %r31    ;offset 0x9ec
+        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
+        SUBI    64,%r31,%r26    ;offset 0x9f4
+        MTSAR   %r26    ;offset 0x9f8
+        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
+        MTSARCM %r31    ;offset 0xa00
+        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
+$0006001A
+        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
+        AND     %r3,%r19,%r29   ;offset 0xa0c
+        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
+        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
+        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+$D2
+        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
+        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
+        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+        .CALL           ;
+        B,L     abort,%r2       ;offset 0xa34
+        NOP             ;offset 0xa38
+        B       $D3     ;offset 0xa3c
+        LDW     -212(%r30),%r2  ;offset 0xa40
+$00060020
+        COPY    %r4,%r26        ;offset 0xa44
+        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
+        COPY    %r2,%r24        ;offset 0xa4c
+        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+        B,L     $$div2U,%r31    ;offset 0xa50
+        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
+        DEPD    %r28,31,32,%r29 ;offset 0xa58
+$00060022
+        STD     %r29,-152(%r30) ;offset 0xa5c
+$D1
+        AND     %r5,%r19,%r24   ;offset 0xa60
+        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
+        STW     %r2,-160(%r30)  ;offset 0xa68
+        STW     %r7,-128(%r30)  ;offset 0xa6c
+        FLDD    -152(%r30),%fr4 ;offset 0xa70
+        FLDD    -152(%r30),%fr7 ;offset 0xa74
+        FLDW    -160(%r30),%fr8L        ;offset 0xa78
+        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
+        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
+        FSTD    %fr10,-136(%r30)        ;offset 0xa84
+        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
+        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
+        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
+        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
+        FSTD    %fr11,-112(%r30)        ;offset 0xa98
+        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
+        LDD     -136(%r30),%r28 ;offset 0xaa0
+        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
+        LDD     -144(%r30),%r20 ;offset 0xaa8
+        ADD,L   %r20,%r31,%r31  ;offset 0xaac
+        LDD     -112(%r30),%r22 ;offset 0xab0
+        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
+        LDD     -120(%r30),%r21 ;offset 0xab8
+        B       $00060024       ;offset 0xabc
+        ADD,L   %r21,%r22,%r23  ;offset 0xac0
+$D0
+        OR      %r9,%r29,%r29   ;offset 0xac4
+$00060040
+        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
+$00060002
+$L2
+        LDW     -212(%r30),%r2  ;offset 0xacc
+$D3
+        LDW     -168(%r30),%r9  ;offset 0xad0
+        LDD     -176(%r30),%r8  ;offset 0xad4
+        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
+        LDD     -184(%r30),%r6  ;offset 0xadc
+        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
+        LDW     -188(%r30),%r4  ;offset 0xae4
+        BVE     (%r2)   ;offset 0xae8
+        .EXIT
+        LDW,MB  -192(%r30),%r3  ;offset 0xaec
+	.PROCEND	;in=23,25;out=28,29;fpin=105,107;
+
+
+
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+	.PROC
+	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+	STD     c2,32(r_ptr)          ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)          ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+	STD     c1,48(r_ptr)          ; r[6] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+	STD     c2,56(r_ptr)          ; r[7] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+	STD     c3,64(r_ptr)          ; r[8] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+	STD     c1,72(r_ptr)          ; r[9] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a5L,a5R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+	STD     c2,80(r_ptr)          ; r[10] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+	STD     c3,88(r_ptr)          ; r[11] = c3;
+	COPY    %r0,c3
+	
+	SQR_ADD_C a6L,a6R,c1,c2,c3
+	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+	STD     c1,96(r_ptr)          ; r[12] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+	STD     c2,104(r_ptr)         ; r[13] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a7L,a7R,c3,c1,c2
+	STD     c3, 112(r_ptr)       ; r[14] = c3
+	STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+	STD     c2,32(r_ptr)           ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)           ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	STD     c1,48(r_ptr)           ; r[6] = c1;
+	STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	COPY      %r0,c1
+	
+	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+	STD       c2,56(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+	STD       c3,64(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+	STD       c1,72(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+	STD       c2,80(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+	STD       c3,88(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+	STD       c1,96(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+	STD       c2,104(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+	STD       c3,112(r_ptr)
+	STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+;--- not PIC	.SPACE	$TEXT$
+;--- not PIC	.SUBSPA	$CODE$
+;--- not PIC	.SPACE	$PRIVATE$,SORT=16
+;--- not PIC	.IMPORT	$global$,DATA
+;--- not PIC	.SPACE	$TEXT$
+;--- not PIC	.SUBSPA	$CODE$
+;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
+;--- not PIC	C$7
+;--- not PIC	.ALIGN	8
+;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
+	.END
diff --git a/openssl-1.1.0h/crypto/bn/asm/pa-risc2W.s b/openssl-1.1.0h/crypto/bn/asm/pa-risc2W.s
new file mode 100644
index 0000000..9738117
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/pa-risc2W.s
@@ -0,0 +1,1612 @@
+; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+;
+; Licensed under the OpenSSL license (the "License").  You may not use
+; this file except in compliance with the License.  You can obtain a copy
+; in the file LICENSE in the source distribution or at
+; https://www.openssl.org/source/license.html
+
+;
+; PA-RISC 64-bit implementation of bn_asm code
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+	.level	2.0W
+	.space	$TEXT$
+	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 64-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     global data pointer    ; r27  (dp)
+;     argument pointer       ; r29  (ap)
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+w           .reg %r23
+n           .reg %r23
+
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r29
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;								int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = num
+; arg3 = w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+	.proc
+	.callinfo frame=128
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP                         ; Needed to make the loop 16-byte aligned
+	NOP                         ; Needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    STD     %r8,40(%sp)         ; save r8  
+
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+	STD     w,56(%sp)           ; store w on stack
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+	;
+	CMPIB,= 1,num,bn_mul_add_words_single_top
+	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+	LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret0            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+; arg3 = w
+
+bn_mul_words
+	.proc
+	.callinfo frame=128
+    .entry
+	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+	STD     w,56(%sp)           ; w on stack
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; See if only 1 word to do, thus just do cleanup
+	;
+	CMPIB,= 1,num,bn_mul_words_single_top
+	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+	COPY    ht_1,%ret0                ; carry = ht
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret0                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; If only 1, the goto straight to cleanup
+	;
+	CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+	.proc
+    .entry
+	.callinfo
+	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_add_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_add_words_unroll2
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+	ADD     t,%ret0,t                    ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0                ; set c to carry
+	ADD     t,b,l                        ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0              ; c+= carry
+	STD     l,0(r_ptr)
+
+	LDD     8(a_ptr),t
+	LDD     8(b_ptr),b
+	ADD     t,%ret0,t                     ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0                 ; set c to carry
+	ADD     t,b,l                         ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0               ; c+= carry
+	STD     l,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_add_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+
+	ADD     t,%ret0,t                 ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
+	ADD     t,b,l                     ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0           ; c+= carry
+	STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+	NOP
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+	.proc
+	.callinfo 
+	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_sub_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_sub_words_unroll2
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
+
+	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+	STD     sub_tmp1,0(r_ptr)
+
+	LDD     8(a_ptr),t1
+	LDD     8(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+	STD     sub_tmp1,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_sub_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+
+	STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+	NOP
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just modified assembly from the compiler, thus the
+; lack of variable names.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+	.proc
+	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION
+	.IMPORT	__iob,DATA
+	.IMPORT	fprintf,CODE,NO_RELOCATION
+	.IMPORT	abort,CODE,NO_RELOCATION
+	.IMPORT	$$div2U,MILLICODE
+    .entry
+    STD     %r2,-16(%r30)   
+    STD,MA  %r3,352(%r30)   
+    STD     %r4,-344(%r30)  
+    STD     %r5,-336(%r30)  
+    STD     %r6,-328(%r30)  
+    STD     %r7,-320(%r30)  
+    STD     %r8,-312(%r30)  
+    STD     %r9,-304(%r30)  
+    STD     %r10,-296(%r30)
+
+    STD     %r27,-288(%r30)             ; save gp
+
+    COPY    %r24,%r3           ; save d 
+    COPY    %r26,%r4           ; save h (high 64-bits)
+    LDO      -1(%r0),%ret0     ; return -1 by default	
+
+    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
+    COPY    %r25,%r5           ; save l (low 64-bits)
+
+    LDO     -48(%r30),%r29     ; create ap 
+    .CALL   ;in=26,29;out=28;
+    B,L     BN_num_bits_word,%r2 
+    COPY    %r3,%r26        
+    LDD     -288(%r30),%r27    ; restore gp 
+    LDI     64,%r21 
+
+    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
+    COPY    %ret0,%r24             ; i   
+    MTSARCM %r24    
+    DEPDI,Z -1,%sar,1,%r29  
+    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
+
+$00000012
+    SUBI    64,%r24,%r31                       ; i = 64 - i;
+    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
+    SUB     %r4,%r3,%r4                        ; h -= d
+    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
+    COPY    %r0,%r10                           ; ret = 0
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
+    SUBI    64,%r31,%r19                       ; 64 - i; redundent
+    MTSAR   %r19                               ; (64 -i) to shift
+    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
+
+$0000001A
+    DEPDI,Z -1,31,32,%r19                      
+    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
+    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
+    LDO     2(%r0),%r9
+    STD    %r3,-280(%r30)                      ; "d" to stack
+
+$0000001C
+    DEPDI,Z -1,63,32,%r29                      ; 
+    EXTRD,U %r4,31,32,%r31                     ; h >> 32
+    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div
+    COPY    %r4,%r26       
+    EXTRD,U %r4,31,32,%r25 
+    COPY    %r6,%r24      
+    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+    B,L     $$div2U,%r2     
+    EXTRD,U %r6,31,32,%r23  
+    DEPD    %r28,31,32,%r29 
+$D2
+    STD     %r29,-272(%r30)                   ; q
+    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
+    EXTRD,U %r24,31,32,%r24                 ; ??? 
+    FLDD    -272(%r30),%fr7                 ; q
+    FLDD    -280(%r30),%fr8                 ; d
+    XMPYU   %fr8L,%fr7L,%fr10  
+    FSTD    %fr10,-256(%r30)   
+    XMPYU   %fr8L,%fr7R,%fr22  
+    FSTD    %fr22,-264(%r30)   
+    XMPYU   %fr8R,%fr7L,%fr11 
+    XMPYU   %fr8R,%fr7R,%fr23
+    FSTD    %fr11,-232(%r30)
+    FSTD    %fr23,-240(%r30)
+    LDD     -256(%r30),%r28
+    DEPD,Z  %r28,31,32,%r2 
+    LDD     -264(%r30),%r20
+    ADD,L   %r20,%r2,%r31   
+    LDD     -232(%r30),%r22 
+    DEPD,Z  %r22,31,32,%r22 
+    LDD     -240(%r30),%r21 
+    B       $00000024       ; enter loop  
+    ADD,L   %r21,%r22,%r23 
+
+$0000002A
+    LDO     -1(%r29),%r29   
+    SUB     %r23,%r8,%r23   
+$00000024
+    SUB     %r4,%r31,%r25   
+    AND     %r25,%r19,%r26  
+    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
+    DEPD,Z  %r25,31,32,%r20 
+    OR      %r20,%r24,%r21  
+    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
+    SUB     %r31,%r6,%r31   
+;-------------Break path---------------------
+
+$00000046
+    DEPD,Z  %r23,31,32,%r25              ;tl
+    EXTRD,U %r23,31,32,%r26              ;t
+    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
+    ADD,L   %r31,%r26,%r31               ;th += t; 
+    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
+    LDO     1(%r31),%r31                 ; th++;
+    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
+    LDO     -1(%r29),%r29                ;q--; 
+    ADD,L   %r4,%r3,%r4                  ;h += d;
+$00000036
+    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
+    SUB     %r5,%r24,%r28                ; l -= tl;
+    SUB     %r4,%r31,%r24                ; h -= th;
+    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
+    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
+    b      $0000001C
+    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
+
+$D1
+    OR      %r10,%r29,%r28           ; ret |= q
+$D3
+    LDD     -368(%r30),%r2  
+$D0
+    LDD     -296(%r30),%r10 
+    LDD     -304(%r30),%r9  
+    LDD     -312(%r30),%r8  
+    LDD     -320(%r30),%r7  
+    LDD     -328(%r30),%r6  
+    LDD     -336(%r30),%r5  
+    LDD     -344(%r30),%r4  
+    BVE     (%r2)   
+        .EXIT
+    LDD,MB  -352(%r30),%r3 
+
+bn_div_err_case
+    MFIA    %r6     
+    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
+    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
+    ADDIL   LT'__iob,%r27,%r1       
+    LDD     RT'__iob(%r1),%r26      
+    ADDIL   L'C$4-bn_div_words,%r6,%r1    
+    LDO     R'C$4-bn_div_words(%r1),%r25  
+    LDO     64(%r26),%r26   
+    .CALL           ;in=24,25,26,29;out=28;
+    B,L     fprintf,%r2    
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    .CALL           ;in=29;
+    B,L     abort,%r2      
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    B       $D0         
+    LDD     -368(%r30),%r2  
+	.PROCEND	;in=24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+	.PROC
+	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+	STD     c2,32(r_ptr)          ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)          ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+	STD     c1,48(r_ptr)          ; r[6] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+	STD     c2,56(r_ptr)          ; r[7] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+	STD     c3,64(r_ptr)          ; r[8] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+	STD     c1,72(r_ptr)          ; r[9] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a5L,a5R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+	STD     c2,80(r_ptr)          ; r[10] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+	STD     c3,88(r_ptr)          ; r[11] = c3;
+	COPY    %r0,c3
+	
+	SQR_ADD_C a6L,a6R,c1,c2,c3
+	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+	STD     c1,96(r_ptr)          ; r[12] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+	STD     c2,104(r_ptr)         ; r[13] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a7L,a7R,c3,c1,c2
+	STD     c3, 112(r_ptr)       ; r[14] = c3
+	STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+	STD     c2,32(r_ptr)           ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)           ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	STD     c1,48(r_ptr)           ; r[6] = c1;
+	STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	COPY      %r0,c1
+	
+	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+	STD       c2,56(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+	STD       c3,64(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+	STD       c1,72(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+	STD       c2,80(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+	STD       c3,88(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+	STD       c1,96(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+	STD       c2,104(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+	STD       c3,112(r_ptr)
+	STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SPACE	$PRIVATE$,SORT=16
+	.IMPORT	$global$,DATA
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SUBSPA	$LIT$,ACCESS=0x2c
+C$4
+	.ALIGN	8
+	.STRINGZ	"Division would overflow (%d)\n"
+	.END
diff --git a/openssl-1.1.0h/crypto/bn/asm/parisc-mont.pl b/openssl-1.1.0h/crypto/bn/asm/parisc-mont.pl
new file mode 100644
index 0000000..8aa94e8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/parisc-mont.pl
@@ -0,0 +1,1002 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# On PA-7100LC this module performs ~90-50% better, less for longer
+# keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means
+# that compiler utilized xmpyu instruction to perform 32x32=64-bit
+# multiplication, which in turn means that "baseline" performance was
+# optimal in respect to instruction set capabilities. Fair comparison
+# with vendor compiler is problematic, because OpenSSL doesn't define
+# BN_LLONG [presumably] for historical reasons, which drives compiler
+# toward 4 times 16x16=32-bit multiplicatons [plus complementary
+# shifts and additions] instead. This means that you should observe
+# several times improvement over code generated by vendor compiler
+# for PA-RISC 1.1, but the "baseline" is far from optimal. The actual
+# improvement coefficient was never collected on PA-7100LC, or any
+# other 1.1 CPU, because I don't have access to such machine with
+# vendor compiler. But to give you a taste, PA-RISC 1.1 code path
+# reportedly outperformed code generated by cc +DA1.1 +O3 by factor
+# of ~5x on PA-8600.
+#
+# On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is
+# reportedly ~2x faster than vendor compiler generated code [according
+# to comment in pa-risc2[W].s]. Here comes a catch. Execution core of
+# this implementation is actually 32-bit one, in the sense that it
+# operates on 32-bit values. But pa-risc2[W].s operates on arrays of
+# 64-bit BN_LONGs... How do they interoperate then? No problem. This
+# module picks halves of 64-bit values in reverse order and pretends
+# they were 32-bit BN_LONGs. But can 32-bit core compete with "pure"
+# 64-bit code such as pa-risc2[W].s then? Well, the thing is that
+# 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do,
+# i.e. there is no "wider" multiplication like on most other 64-bit
+# platforms. This means that even being effectively 32-bit, this
+# implementation performs "64-bit" computational task in same amount
+# of arithmetic operations, most notably multiplications. It requires
+# more memory references, most notably to tp[num], but this doesn't
+# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
+# 2.0 code path provides virtually same performance as pa-risc2[W].s:
+# it's ~10% better for shortest key length and ~10% worse for longest
+# one.
+#
+# In case it wasn't clear. The module has two distinct code paths:
+# PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit
+# additions and 64-bit integer loads, not to mention specific
+# instruction scheduling. In 64-bit build naturally only 2.0 code path
+# is assembled. In 32-bit application context both code paths are
+# assembled, PA-RISC 2.0 CPU is detected at run-time and proper path
+# is taken automatically. Also, in 32-bit build the module imposes
+# couple of limitations: vector lengths has to be even and vector
+# addresses has to be 64-bit aligned. Normally neither is a problem:
+# most common key lengths are even and vectors are commonly malloc-ed,
+# which ensures alignment.
+#
+# Special thanks to polarhome.com for providing HP-UX account on
+# PA-RISC 1.1 machine, and to correspondent who chose to remain
+# anonymous for testing the code on PA-RISC 2.0 machine.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+
+$flavour = shift;
+$output = shift;
+
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+	$BN_SZ		=$SIZE_T;
+} else {
+	$LEVEL		="1.1";	#$LEVEL.="\n\t.ALLOW\t2.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+	$BN_SZ		=$SIZE_T;
+	if (open CONF,"<${dir}../../opensslconf.h") {
+	    while(<CONF>) {
+		if (m/#\s*define\s+SIXTY_FOUR_BIT/) {
+		    $BN_SZ=8;
+		    $LEVEL="2.0";
+		    last;
+		}
+	    }
+	    close CONF;
+	}
+}
+
+$FRAME=8*$SIZE_T+$FRAME_MARKER;	# 8 saved regs + frame marker
+				#                [+ argument transfer]
+$LOCALS=$FRAME-$FRAME_MARKER;
+$FRAME+=32;			# local variables
+
+$tp="%r31";
+$ti1="%r29";
+$ti0="%r28";
+
+$rp="%r26";
+$ap="%r25";
+$bp="%r24";
+$np="%r23";
+$n0="%r22";	# passed through stack in 32-bit
+$num="%r21";	# passed through stack in 32-bit
+$idx="%r20";
+$arrsz="%r19";
+
+$nm1="%r7";
+$nm0="%r6";
+$ab1="%r5";
+$ab0="%r4";
+
+$fp="%r3";
+$hi1="%r2";
+$hi0="%r1";
+
+$xfer=$n0;	# accommodates [-16..15] offset in fld[dw]s
+
+$fm0="%fr4";	$fti=$fm0;
+$fbi="%fr5L";
+$fn0="%fr5R";
+$fai="%fr6";	$fab0="%fr7";	$fab1="%fr8";
+$fni="%fr9";	$fnm0="%fr10";	$fnm1="%fr11";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+	.ALIGN	64
+bn_mul_mont
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)		; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	ldo	-$FRAME(%sp),$fp
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldw	`-$FRAME_MARKER-4`($fp),$n0
+	ldw	`-$FRAME_MARKER-8`($fp),$num
+	nop
+	nop					; alignment
+___
+$code.=<<___ if ($BN_SZ==4);
+	comiclr,<=	6,$num,%r0		; are vectors long enough?
+	b		L\$abort
+	ldi		0,%r28			; signal "unhandled"
+	add,ev		%r0,$num,$num		; is $num even?
+	b		L\$abort
+	nop
+	or		$ap,$np,$ti1
+	extru,=		$ti1,31,3,%r0		; are ap and np 64-bit aligned?
+	b		L\$abort
+	nop
+	nop					; alignment
+	nop
+
+	fldws		0($n0),${fn0}
+	fldws,ma	4($bp),${fbi}		; bp[0]
+___
+$code.=<<___ if ($BN_SZ==8);
+	comib,>		3,$num,L\$abort		; are vectors long enough?
+	ldi		0,%r28			; signal "unhandled"
+	addl		$num,$num,$num		; I operate on 32-bit values
+
+	fldws		4($n0),${fn0}		; only low part of n0
+	fldws		4($bp),${fbi}		; bp[0] in flipped word order
+___
+$code.=<<___;
+	fldds		0($ap),${fai}		; ap[0,1]
+	fldds		0($np),${fni}		; np[0,1]
+
+	sh2addl		$num,%r0,$arrsz
+	ldi		31,$hi0
+	ldo		36($arrsz),$hi1		; space for tp[num+1]
+	andcm		$hi1,$hi0,$hi1		; align
+	addl		$hi1,%sp,%sp
+	$PUSH		$fp,-$SIZE_T(%sp)
+
+	ldo		`$LOCALS+16`($fp),$xfer
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[0]
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[0]
+	xmpyu		${fn0},${fab0}R,${fm0}
+
+	addl		$arrsz,$ap,$ap		; point at the end
+	addl		$arrsz,$np,$np
+	subi		0,$arrsz,$idx		; j=0
+	ldo		8($idx),$idx		; j++++
+
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+	fstds		${fab1},0($xfer)
+	fstds		${fnm1},8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2,3]
+	 flddx		$idx($np),${fni}	; np[2,3]
+___
+$code.=<<___ if ($BN_SZ==4);
+	mtctl		$hi0,%cr11		; $hi0 still holds 31
+	extrd,u,*=	$hi0,%sar,1,$hi0	; executes on PA-RISC 1.0
+	b		L\$parisc11
+	nop
+___
+$code.=<<___;					# PA-RISC 2.0 code-path
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+
+	extrd,u		$ab0,31,32,$hi0
+	extrd,u		$ab0,63,32,$ab0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 ldo		8($idx),$idx		; j++++
+	 addl		$ab0,$nm0,$nm0		; low part is discarded
+	 extrd,u	$nm0,31,32,$hi1
+
+L\$1st
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,63,32,$ab1
+	 addl		$hi1,$nm1,$nm1
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 addl		$ab1,$nm1,$nm1
+	 extrd,u	$nm1,31,32,$hi1
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+	 addl		$hi0,$ab0,$ab0
+	 extrd,u	$ab0,31,32,$hi0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	stw		$nm1,-4($tp)		; tp[j-1]
+	 addl		$ab0,$nm0,$nm0
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$1st		; j++++
+	 extrd,u	$nm0,31,32,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,63,32,$ab1
+	 addl		$hi1,$nm1,$nm1
+	ldd		-16($xfer),$ab0
+	 addl		$ab1,$nm1,$nm1
+	ldd		-8($xfer),$nm0
+	 extrd,u	$nm1,31,32,$hi1
+
+	 addl		$hi0,$ab0,$ab0
+	 extrd,u	$ab0,31,32,$hi0
+	stw		$nm1,-4($tp)		; tp[j-1]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	ldd		0($xfer),$ab1
+	 addl		$ab0,$nm0,$nm0
+	ldd,mb		8($xfer),$nm1
+	 extrd,u	$nm0,31,32,$hi1
+	stw,ma		$nm0,8($tp)		; tp[j-1]
+
+	ldo		-1($num),$num		; i--
+	subi		0,$arrsz,$idx		; j=0
+___
+$code.=<<___ if ($BN_SZ==4);
+	fldws,ma	4($bp),${fbi}		; bp[1]
+___
+$code.=<<___ if ($BN_SZ==8);
+	fldws		0($bp),${fbi}		; bp[1] in flipped word order
+___
+$code.=<<___;
+	 flddx		$idx($ap),${fai}	; ap[0,1]
+	 flddx		$idx($np),${fni}	; np[0,1]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	addl		$hi0,$ab1,$ab1
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
+	addl		$hi1,$nm1,$nm1
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	addl		$hi1,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	xmpyu		${fn0},${fab0}R,${fm0}
+	ldo		`$LOCALS+32+4`($fp),$tp
+L\$outer
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)	; 33-bit value
+	fstds		${fnm0},-8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2]
+	 flddx		$idx($np),${fni}	; np[2]
+	 ldo		8($idx),$idx		; j++++
+	ldd		-16($xfer),$ab0		; 33-bit value
+	ldd		-8($xfer),$nm0
+	ldw		0($xfer),$hi0		; high part
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	 extrd,u	$ab0,31,32,$ti0		; carry bit
+	 extrd,u	$ab0,63,32,$ab0
+	fstds		${fab1},0($xfer)
+	 addl		$ti0,$hi0,$hi0		; account carry bit
+	fstds		${fnm1},8($xfer)
+	 addl		$ab0,$nm0,$nm0		; low part is discarded
+	ldw		0($tp),$ti1		; tp[1]
+	 extrd,u	$nm0,31,32,$hi1
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+
+L\$inner
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ti1,$ti1
+	 addl		$ti1,$ab1,$ab1
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 addl		$hi1,$nm1,$nm1
+	 addl		$ab1,$nm1,$nm1
+	ldw		4($tp),$ti0		; tp[j]
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldd		-16($xfer),$ab0
+	fstds		${fab0},-16($xfer)
+	 addl		$hi0,$ti0,$ti0
+	 addl		$ti0,$ab0,$ab0
+	ldd		-8($xfer),$nm0
+	fstds		${fnm0},-8($xfer)
+	 extrd,u	$ab0,31,32,$hi0
+	 extrd,u	$nm1,31,32,$hi1
+	ldw		8($tp),$ti1		; tp[j]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	 addl		$ab0,$nm0,$nm0
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$inner		; j++++
+	 extrd,u	$nm0,31,32,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldd		0($xfer),$ab1
+	fstds		${fab1},0($xfer)
+	 addl		$hi0,$ti1,$ti1
+	 addl		$ti1,$ab1,$ab1
+	ldd		8($xfer),$nm1
+	fstds		${fnm1},8($xfer)
+	 extrd,u	$ab1,31,32,$hi0
+	 extrd,u	$ab1,63,32,$ab1
+	ldw		4($tp),$ti0		; tp[j]
+	 addl		$hi1,$nm1,$nm1
+	 addl		$ab1,$nm1,$nm1
+	ldd		-16($xfer),$ab0
+	ldd		-8($xfer),$nm0
+	 extrd,u	$nm1,31,32,$hi1
+
+	addl		$hi0,$ab0,$ab0
+	 addl		$ti0,$ab0,$ab0
+	 stw		$nm1,-4($tp)		; tp[j-1]
+	 extrd,u	$ab0,31,32,$hi0
+	ldw		8($tp),$ti1		; tp[j]
+	 extrd,u	$ab0,63,32,$ab0
+	 addl		$hi1,$nm0,$nm0
+	ldd		0($xfer),$ab1
+	 addl		$ab0,$nm0,$nm0
+	ldd,mb		8($xfer),$nm1
+	 extrd,u	$nm0,31,32,$hi1
+	 stw,ma		$nm0,8($tp)		; tp[j-1]
+
+	addib,=		-1,$num,L\$outerdone	; i--
+	subi		0,$arrsz,$idx		; j=0
+___
+$code.=<<___ if ($BN_SZ==4);
+	fldws,ma	4($bp),${fbi}		; bp[i]
+___
+$code.=<<___ if ($BN_SZ==8);
+	ldi		12,$ti0			; bp[i] in flipped word order
+	addl,ev		%r0,$num,$num
+	ldi		-4,$ti0
+	addl		$ti0,$bp,$bp
+	fldws		0($bp),${fbi}
+___
+$code.=<<___;
+	 flddx		$idx($ap),${fai}	; ap[0]
+	addl		$hi0,$ab1,$ab1
+	 flddx		$idx($np),${fni}	; np[0]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	addl		$ti1,$ab1,$ab1
+	extrd,u		$ab1,31,32,$hi0
+	extrd,u		$ab1,63,32,$ab1
+
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
+	ldw		4($tp),$ti0		; tp[j]
+
+	addl		$hi1,$nm1,$nm1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	addl		$hi1,$hi0,$hi0
+	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	addl		$ti0,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+	 xmpyu		${fn0},${fab0}R,${fm0}
+
+	b		L\$outer
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+L\$outerdone
+	addl		$hi0,$ab1,$ab1
+	addl		$ti1,$ab1,$ab1
+	extrd,u		$ab1,31,32,$hi0
+	extrd,u		$ab1,63,32,$ab1
+
+	ldw		4($tp),$ti0		; tp[j]
+
+	addl		$hi1,$nm1,$nm1
+	addl		$ab1,$nm1,$nm1
+	extrd,u		$nm1,31,32,$hi1
+	stw		$nm1,-4($tp)		; tp[j-1]
+
+	addl		$hi1,$hi0,$hi0
+	addl		$ti0,$hi0,$hi0
+	extrd,u		$hi0,31,32,$hi1
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	ldo		`$LOCALS+32`($fp),$tp
+	sub		%r0,%r0,%r0		; clear borrow
+___
+$code.=<<___ if ($BN_SZ==4);
+	ldws,ma		4($tp),$ti0
+	extru,=		$rp,31,3,%r0		; is rp 64-bit aligned?
+	b		L\$sub_pa11
+	addl		$tp,$arrsz,$tp
+L\$sub
+	ldwx		$idx($np),$hi0
+	subb		$ti0,$hi0,$hi1
+	ldwx		$idx($tp),$ti0
+	addib,<>	4,$idx,L\$sub
+	stws,ma		$hi1,4($rp)
+
+	subb		$ti0,%r0,$hi1
+	ldo		-4($tp),$tp
+___
+$code.=<<___ if ($BN_SZ==8);
+	ldd,ma		8($tp),$ti0
+L\$sub
+	ldd		$idx($np),$hi0
+	shrpd		$ti0,$ti0,32,$ti0	; flip word order
+	std		$ti0,-8($tp)		; save flipped value
+	sub,db		$ti0,$hi0,$hi1
+	ldd,ma		8($tp),$ti0
+	addib,<>	8,$idx,L\$sub
+	std,ma		$hi1,8($rp)
+
+	extrd,u		$ti0,31,32,$ti0		; carry in flipped word order
+	sub,db		$ti0,%r0,$hi1
+	ldo		-8($tp),$tp
+___
+$code.=<<___;
+	and		$tp,$hi1,$ap
+	andcm		$rp,$hi1,$bp
+	or		$ap,$bp,$np
+
+	sub		$rp,$arrsz,$rp		; rewind rp
+	subi		0,$arrsz,$idx
+	ldo		`$LOCALS+32`($fp),$tp
+L\$copy
+	ldd		$idx($np),$hi0
+	std,ma		%r0,8($tp)
+	addib,<>	8,$idx,.-8		; L\$copy
+	std,ma		$hi0,8($rp)	
+___
+
+if ($BN_SZ==4) {				# PA-RISC 1.1 code-path
+$ablo=$ab0;
+$abhi=$ab1;
+$nmlo0=$nm0;
+$nmhi0=$nm1;
+$nmlo1="%r9";
+$nmhi1="%r8";
+
+$code.=<<___;
+	b		L\$done
+	nop
+
+	.ALIGN		8
+L\$parisc11
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-12($xfer),$ablo
+	ldw		-16($xfer),$hi0
+	ldw		-4($xfer),$nmlo0
+	ldw		-8($xfer),$nmhi0
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+
+	 ldo		8($idx),$idx		; j++++
+	 add		$ablo,$nmlo0,$nmlo0	; discarded
+	 addc		%r0,$nmhi0,$hi1
+	ldw		4($xfer),$ablo
+	ldw		0($xfer),$abhi
+	nop
+
+L\$1st_pa11
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 add		$hi0,$ablo,$ablo
+	ldw		12($xfer),$nmlo1
+	 addc		%r0,$abhi,$hi0
+	ldw		8($xfer),$nmhi1
+	 add		$ablo,$nmlo1,$nmlo1
+	fstds		${fab1},0($xfer)
+	 addc		%r0,$nmhi1,$nmhi1
+	fstds		${fnm1},8($xfer)
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-12($xfer),$ablo
+	 addc		%r0,$nmhi1,$hi1
+	ldw		-16($xfer),$abhi
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
+	ldw		-4($xfer),$nmlo0
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-8($xfer),$nmhi0
+	 add		$hi0,$ablo,$ablo
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 addc		%r0,$abhi,$hi0
+	fstds		${fab0},-16($xfer)
+	 add		$ablo,$nmlo0,$nmlo0
+	fstds		${fnm0},-8($xfer)
+	 addc		%r0,$nmhi0,$nmhi0
+	ldw		0($xfer),$abhi
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$1st_pa11	; j++++
+	 addc		%r0,$nmhi0,$hi1
+
+	 ldw		8($xfer),$nmhi1
+	 ldw		12($xfer),$nmlo1
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	 add		$hi0,$ablo,$ablo
+	fstds		${fab1},0($xfer)
+	 addc		%r0,$abhi,$hi0
+	fstds		${fnm1},8($xfer)
+	 add		$ablo,$nmlo1,$nmlo1
+	ldw		-16($xfer),$abhi
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-12($xfer),$ablo
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-8($xfer),$nmhi0
+	 addc		%r0,$nmhi1,$hi1
+	ldw		-4($xfer),$nmlo0
+
+	 add		$hi0,$ablo,$ablo
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 addc		%r0,$abhi,$hi0
+	ldw		0($xfer),$abhi
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldws,mb		8($xfer),$nmhi1
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$nmlo1
+	 addc		%r0,$nmhi0,$hi1
+	stws,ma		$nmlo0,8($tp)		; tp[j-1]
+
+	ldo		-1($num),$num		; i--
+	subi		0,$arrsz,$idx		; j=0
+
+	 fldws,ma	4($bp),${fbi}		; bp[1]
+	 flddx		$idx($ap),${fai}	; ap[0,1]
+	 flddx		$idx($np),${fni}	; np[0,1]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	xmpyu		${fn0},${fab0}R,${fm0}
+	ldo		`$LOCALS+32+4`($fp),$tp
+L\$outer_pa11
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
+	fstds		${fab0},-16($xfer)	; 33-bit value
+	fstds		${fnm0},-8($xfer)
+	 flddx		$idx($ap),${fai}	; ap[2,3]
+	 flddx		$idx($np),${fni}	; np[2,3]
+	ldw		-16($xfer),$abhi	; carry bit actually
+	 ldo		8($idx),$idx		; j++++
+	ldw		-12($xfer),$ablo
+	ldw		-8($xfer),$nmhi0
+	ldw		-4($xfer),$nmlo0
+	ldw		0($xfer),$hi0		; high part
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	fstds		${fab1},0($xfer)
+	 addl		$abhi,$hi0,$hi0		; account carry bit
+	fstds		${fnm1},8($xfer)
+	 add		$ablo,$nmlo0,$nmlo0	; discarded
+	ldw		0($tp),$ti1		; tp[1]
+	 addc		%r0,$nmhi0,$hi1
+	fstds		${fab0},-16($xfer)
+	fstds		${fnm0},-8($xfer)
+	ldw		4($xfer),$ablo
+	ldw		0($xfer),$abhi
+
+L\$inner_pa11
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
+	flddx		$idx($ap),${fai}	; ap[j,j+1]
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
+	flddx		$idx($np),${fni}	; np[j,j+1]
+	 add		$hi0,$ablo,$ablo
+	ldw		4($tp),$ti0		; tp[j]
+	 addc		%r0,$abhi,$abhi
+	ldw		12($xfer),$nmlo1
+	 add		$ti1,$ablo,$ablo
+	ldw		8($xfer),$nmhi1
+	 addc		%r0,$abhi,$hi0
+	fstds		${fab1},0($xfer)
+	 add		$ablo,$nmlo1,$nmlo1
+	fstds		${fnm1},8($xfer)
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-12($xfer),$ablo
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-16($xfer),$abhi
+	 addc		%r0,$nmhi1,$hi1
+
+	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
+	ldw		8($tp),$ti1		; tp[j]
+	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
+	ldw		-4($xfer),$nmlo0
+	 add		$hi0,$ablo,$ablo
+	ldw		-8($xfer),$nmhi0
+	 addc		%r0,$abhi,$abhi
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+	 add		$ti0,$ablo,$ablo
+	fstds		${fab0},-16($xfer)
+	 addc		%r0,$abhi,$hi0
+	fstds		${fnm0},-8($xfer)
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldw		0($xfer),$abhi
+	 add		$hi1,$nmlo0,$nmlo0
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+	addib,<>	8,$idx,L\$inner_pa11	; j++++
+	 addc		%r0,$nmhi0,$hi1
+
+	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
+	ldw		12($xfer),$nmlo1
+	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
+	ldw		8($xfer),$nmhi1
+	 add		$hi0,$ablo,$ablo
+	ldw		4($tp),$ti0		; tp[j]
+	 addc		%r0,$abhi,$abhi
+	fstds		${fab1},0($xfer)
+	 add		$ti1,$ablo,$ablo
+	fstds		${fnm1},8($xfer)
+	 addc		%r0,$abhi,$hi0
+	ldw		-16($xfer),$abhi
+	 add		$ablo,$nmlo1,$nmlo1
+	ldw		-12($xfer),$ablo
+	 addc		%r0,$nmhi1,$nmhi1
+	ldw		-8($xfer),$nmhi0
+	 add		$hi1,$nmlo1,$nmlo1
+	ldw		-4($xfer),$nmlo0
+	 addc		%r0,$nmhi1,$hi1
+
+	add		$hi0,$ablo,$ablo
+	 stw		$nmlo1,-4($tp)		; tp[j-1]
+	addc		%r0,$abhi,$abhi
+	 add		$ti0,$ablo,$ablo
+	ldw		8($tp),$ti1		; tp[j]
+	 addc		%r0,$abhi,$hi0
+	ldw		0($xfer),$abhi
+	 add		$ablo,$nmlo0,$nmlo0
+	ldw		4($xfer),$ablo
+	 addc		%r0,$nmhi0,$nmhi0
+	ldws,mb		8($xfer),$nmhi1
+	 add		$hi1,$nmlo0,$nmlo0
+	ldw		4($xfer),$nmlo1
+	 addc		%r0,$nmhi0,$hi1
+	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
+
+	addib,=		-1,$num,L\$outerdone_pa11; i--
+	subi		0,$arrsz,$idx		; j=0
+
+	 fldws,ma	4($bp),${fbi}		; bp[i]
+	 flddx		$idx($ap),${fai}	; ap[0]
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$abhi
+	 flddx		$idx($np),${fni}	; np[0]
+	 fldws		8($xfer),${fti}R	; tp[0]
+	add		$ti1,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+
+	 ldo		8($idx),$idx		; j++++
+	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
+	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
+	ldw		4($tp),$ti0		; tp[j]
+
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	 fstws,mb	${fab0}L,-8($xfer)	; save high part
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	 fcpy,sgl	%fr0,${fti}L		; zero high part
+	 fcpy,sgl	%fr0,${fab0}L
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
+	 fcnvxf,dbl,dbl	${fab0},${fab0}
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
+	add		$ti0,$hi0,$hi0
+	addc		%r0,$hi1,$hi1
+	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+	 xmpyu		${fn0},${fab0}R,${fm0}
+
+	b		L\$outer_pa11
+	ldo		`$LOCALS+32+4`($fp),$tp
+
+L\$outerdone_pa11
+	add		$hi0,$ablo,$ablo
+	addc		%r0,$abhi,$abhi
+	add		$ti1,$ablo,$ablo
+	addc		%r0,$abhi,$hi0
+
+	ldw		4($tp),$ti0		; tp[j]
+
+	add		$hi1,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$nmhi1
+	add		$ablo,$nmlo1,$nmlo1
+	addc		%r0,$nmhi1,$hi1
+	stw		$nmlo1,-4($tp)		; tp[j-1]
+
+	add		$hi1,$hi0,$hi0
+	addc		%r0,%r0,$hi1
+	add		$ti0,$hi0,$hi0
+	addc		%r0,$hi1,$hi1
+	stw		$hi0,0($tp)
+	stw		$hi1,4($tp)
+
+	ldo		`$LOCALS+32+4`($fp),$tp
+	sub		%r0,%r0,%r0		; clear borrow
+	ldw		-4($tp),$ti0
+	addl		$tp,$arrsz,$tp
+L\$sub_pa11
+	ldwx		$idx($np),$hi0
+	subb		$ti0,$hi0,$hi1
+	ldwx		$idx($tp),$ti0
+	addib,<>	4,$idx,L\$sub_pa11
+	stws,ma		$hi1,4($rp)
+
+	subb		$ti0,%r0,$hi1
+	ldo		-4($tp),$tp
+	and		$tp,$hi1,$ap
+	andcm		$rp,$hi1,$bp
+	or		$ap,$bp,$np
+
+	sub		$rp,$arrsz,$rp		; rewind rp
+	subi		0,$arrsz,$idx
+	ldo		`$LOCALS+32`($fp),$tp
+L\$copy_pa11
+	ldwx		$idx($np),$hi0
+	stws,ma		%r0,4($tp)
+	addib,<>	4,$idx,L\$copy_pa11
+	stws,ma		$hi0,4($rp)	
+
+	nop					; alignment
+L\$done
+___
+}
+
+$code.=<<___;
+	ldi		1,%r28			; signal "handled"
+	ldo		$FRAME($fp),%sp		; destroy tp[num+1]
+
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+L\$abort
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
+    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
+    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
+	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/)	# format 6
+    {	my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6);
+	$opcode|=(($2&0xF)<<1)|(($2&0x10)>>4);			# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $sub = sub {
+  my ($mod,$args) = @_;
+  my $orig = "sub$mod\t$args";
+
+    if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) {
+	my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3;
+	$opcode|=(1<<10);	# e1
+	$opcode|=(1<<8);	# e2
+	$opcode|=(1<<5);	# d
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	# flip word order in 64-bit mode...
+	s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8);
+	# assemble 2.0 instructions in 32-bit mode...
+	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
+
+	s/\bbv\b/bve/gm	if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/ppc-mont.pl b/openssl-1.1.0h/crypto/bn/asm/ppc-mont.pl
new file mode 100644
index 0000000..5802260
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/ppc-mont.pl
@@ -0,0 +1,342 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# April 2006
+
+# "Teaser" Montgomery multiplication module for PowerPC. It's possible
+# to gain a bit more by modulo-scheduling outer loop, then dedicated
+# squaring procedure should give further 20% and code can be adapted
+# for 32-bit application running on 64-bit CPU. As for the latter.
+# It won't be able to achieve "native" 64-bit performance, because in
+# 32-bit application context every addc instruction will have to be
+# expanded as addc, twice right shift by 32 and finally adde, etc.
+# So far RSA *sign* performance improvement over pre-bn_mul_mont asm
+# for 64-bit application running on PPC970/G5 is:
+#
+# 512-bit	+65%	
+# 1024-bit	+35%
+# 2048-bit	+18%
+# 4096-bit	+4%
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$BITS=	32;
+	$BNSZ=	$BITS/8;
+	$SIZE_T=4;
+	$RZONE=	224;
+
+	$LD=	"lwz";		# load
+	$LDU=	"lwzu";		# load and update
+	$LDX=	"lwzx";		# load indexed
+	$ST=	"stw";		# store
+	$STU=	"stwu";		# store and update
+	$STX=	"stwx";		# store indexed
+	$STUX=	"stwux";	# store indexed and update
+	$UMULL=	"mullw";	# unsigned multiply low
+	$UMULH=	"mulhwu";	# unsigned multiply high
+	$UCMP=	"cmplw";	# unsigned compare
+	$SHRI=	"srwi";		# unsigned shift right by immediate	
+	$PUSH=	$ST;
+	$POP=	$LD;
+} elsif ($flavour =~ /64/) {
+	$BITS=	64;
+	$BNSZ=	$BITS/8;
+	$SIZE_T=8;
+	$RZONE=	288;
+
+	# same as above, but 64-bit mnemonics...
+	$LD=	"ld";		# load
+	$LDU=	"ldu";		# load and update
+	$LDX=	"ldx";		# load indexed
+	$ST=	"std";		# store
+	$STU=	"stdu";		# store and update
+	$STX=	"stdx";		# store indexed
+	$STUX=	"stdux";	# store indexed and update
+	$UMULL=	"mulld";	# unsigned multiply low
+	$UMULH=	"mulhdu";	# unsigned multiply high
+	$UCMP=	"cmpld";	# unsigned compare
+	$SHRI=	"srdi";		# unsigned shift right by immediate	
+	$PUSH=	$ST;
+	$POP=	$LD;
+} else { die "nonsense $flavour"; }
+
+$FRAME=8*$SIZE_T+$RZONE;
+$LOCALS=8*$SIZE_T;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$sp="r1";
+$toc="r2";
+$rp="r3";	$ovf="r3";
+$ap="r4";
+$bp="r5";
+$np="r6";
+$n0="r7";
+$num="r8";
+$rp="r9";	# $rp is reassigned
+$aj="r10";
+$nj="r11";
+$tj="r12";
+# non-volatile registers
+$i="r20";
+$j="r21";
+$tp="r22";
+$m0="r23";
+$m1="r24";
+$lo0="r25";
+$hi0="r26";
+$lo1="r27";
+$hi1="r28";
+$alo="r29";
+$ahi="r30";
+$nlo="r31";
+#
+$nhi="r0";
+
+$code=<<___;
+.machine "any"
+.text
+
+.globl	.bn_mul_mont_int
+.align	4
+.bn_mul_mont_int:
+	cmpwi	$num,4
+	mr	$rp,r3		; $rp is reassigned
+	li	r3,0
+	bltlr
+___
+$code.=<<___ if ($BNSZ==4);
+	cmpwi	$num,32		; longer key performance is not better
+	bgelr
+___
+$code.=<<___;
+	slwi	$num,$num,`log($BNSZ)/log(2)`
+	li	$tj,-4096
+	addi	$ovf,$num,$FRAME
+	subf	$ovf,$ovf,$sp	; $sp-$ovf
+	and	$ovf,$ovf,$tj	; minimize TLB usage
+	subf	$ovf,$sp,$ovf	; $ovf-$sp
+	mr	$tj,$sp
+	srwi	$num,$num,`log($BNSZ)/log(2)`
+	$STUX	$sp,$sp,$ovf
+
+	$PUSH	r20,`-12*$SIZE_T`($tj)
+	$PUSH	r21,`-11*$SIZE_T`($tj)
+	$PUSH	r22,`-10*$SIZE_T`($tj)
+	$PUSH	r23,`-9*$SIZE_T`($tj)
+	$PUSH	r24,`-8*$SIZE_T`($tj)
+	$PUSH	r25,`-7*$SIZE_T`($tj)
+	$PUSH	r26,`-6*$SIZE_T`($tj)
+	$PUSH	r27,`-5*$SIZE_T`($tj)
+	$PUSH	r28,`-4*$SIZE_T`($tj)
+	$PUSH	r29,`-3*$SIZE_T`($tj)
+	$PUSH	r30,`-2*$SIZE_T`($tj)
+	$PUSH	r31,`-1*$SIZE_T`($tj)
+
+	$LD	$n0,0($n0)	; pull n0[0] value
+	addi	$num,$num,-2	; adjust $num for counter register
+
+	$LD	$m0,0($bp)	; m0=bp[0]
+	$LD	$aj,0($ap)	; ap[0]
+	addi	$tp,$sp,$LOCALS
+	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[0]
+	$UMULH	$hi0,$aj,$m0
+
+	$LD	$aj,$BNSZ($ap)	; ap[1]
+	$LD	$nj,0($np)	; np[0]
+
+	$UMULL	$m1,$lo0,$n0	; "tp[0]"*n0
+
+	$UMULL	$alo,$aj,$m0	; ap[1]*bp[0]
+	$UMULH	$ahi,$aj,$m0
+
+	$UMULL	$lo1,$nj,$m1	; np[0]*m1
+	$UMULH	$hi1,$nj,$m1
+	$LD	$nj,$BNSZ($np)	; np[1]
+	addc	$lo1,$lo1,$lo0
+	addze	$hi1,$hi1
+
+	$UMULL	$nlo,$nj,$m1	; np[1]*m1
+	$UMULH	$nhi,$nj,$m1
+
+	mtctr	$num
+	li	$j,`2*$BNSZ`
+.align	4
+L1st:
+	$LDX	$aj,$ap,$j	; ap[j]
+	addc	$lo0,$alo,$hi0
+	$LDX	$nj,$np,$j	; np[j]
+	addze	$hi0,$ahi
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[0]
+	addc	$lo1,$nlo,$hi1
+	$UMULH	$ahi,$aj,$m0
+	addze	$hi1,$nhi
+	$UMULL	$nlo,$nj,$m1	; np[j]*m1
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
+	$UMULH	$nhi,$nj,$m1
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	addi	$j,$j,$BNSZ	; j++
+	addi	$tp,$tp,$BNSZ	; tp++
+	bdnz	L1st
+;L1st
+	addc	$lo0,$alo,$hi0
+	addze	$hi0,$ahi
+
+	addc	$lo1,$nlo,$hi1
+	addze	$hi1,$nhi
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	li	$ovf,0
+	addc	$hi1,$hi1,$hi0
+	addze	$ovf,$ovf	; upmost overflow bit
+	$ST	$hi1,$BNSZ($tp)
+
+	li	$i,$BNSZ
+.align	4
+Louter:
+	$LDX	$m0,$bp,$i	; m0=bp[i]
+	$LD	$aj,0($ap)	; ap[0]
+	addi	$tp,$sp,$LOCALS
+	$LD	$tj,$LOCALS($sp); tp[0]
+	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[i]
+	$UMULH	$hi0,$aj,$m0
+	$LD	$aj,$BNSZ($ap)	; ap[1]
+	$LD	$nj,0($np)	; np[0]
+	addc	$lo0,$lo0,$tj	; ap[0]*bp[i]+tp[0]
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
+	addze	$hi0,$hi0
+	$UMULL	$m1,$lo0,$n0	; tp[0]*n0
+	$UMULH	$ahi,$aj,$m0
+	$UMULL	$lo1,$nj,$m1	; np[0]*m1
+	$UMULH	$hi1,$nj,$m1
+	$LD	$nj,$BNSZ($np)	; np[1]
+	addc	$lo1,$lo1,$lo0
+	$UMULL	$nlo,$nj,$m1	; np[1]*m1
+	addze	$hi1,$hi1
+	$UMULH	$nhi,$nj,$m1
+
+	mtctr	$num
+	li	$j,`2*$BNSZ`
+.align	4
+Linner:
+	$LDX	$aj,$ap,$j	; ap[j]
+	addc	$lo0,$alo,$hi0
+	$LD	$tj,$BNSZ($tp)	; tp[j]
+	addze	$hi0,$ahi
+	$LDX	$nj,$np,$j	; np[j]
+	addc	$lo1,$nlo,$hi1
+	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
+	addze	$hi1,$nhi
+	$UMULH	$ahi,$aj,$m0
+	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
+	$UMULL	$nlo,$nj,$m1	; np[j]*m1
+	addze	$hi0,$hi0
+	$UMULH	$nhi,$nj,$m1
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
+	addi	$j,$j,$BNSZ	; j++
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+	addi	$tp,$tp,$BNSZ	; tp++
+	bdnz	Linner
+;Linner
+	$LD	$tj,$BNSZ($tp)	; tp[j]
+	addc	$lo0,$alo,$hi0
+	addze	$hi0,$ahi
+	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
+	addze	$hi0,$hi0
+
+	addc	$lo1,$nlo,$hi1
+	addze	$hi1,$nhi
+	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
+	addze	$hi1,$hi1
+	$ST	$lo1,0($tp)	; tp[j-1]
+
+	addic	$ovf,$ovf,-1	; move upmost overflow to XER[CA]
+	li	$ovf,0
+	adde	$hi1,$hi1,$hi0
+	addze	$ovf,$ovf
+	$ST	$hi1,$BNSZ($tp)
+;
+	slwi	$tj,$num,`log($BNSZ)/log(2)`
+	$UCMP	$i,$tj
+	addi	$i,$i,$BNSZ
+	ble	Louter
+
+	addi	$num,$num,2	; restore $num
+	subfc	$j,$j,$j	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,$LOCALS
+	mtctr	$num
+
+.align	4
+Lsub:	$LDX	$tj,$tp,$j
+	$LDX	$nj,$np,$j
+	subfe	$aj,$nj,$tj	; tp[j]-np[j]
+	$STX	$aj,$rp,$j
+	addi	$j,$j,$BNSZ
+	bdnz	Lsub
+
+	li	$j,0
+	mtctr	$num
+	subfe	$ovf,$j,$ovf	; handle upmost overflow bit
+	and	$ap,$tp,$ovf
+	andc	$np,$rp,$ovf
+	or	$ap,$ap,$np	; ap=borrow?tp:rp
+
+.align	4
+Lcopy:				; copy or in-place refresh
+	$LDX	$tj,$ap,$j
+	$STX	$tj,$rp,$j
+	$STX	$j,$tp,$j	; zap at once
+	addi	$j,$j,$BNSZ
+	bdnz	Lcopy
+
+	$POP	$tj,0($sp)
+	li	r3,1
+	$POP	r20,`-12*$SIZE_T`($tj)
+	$POP	r21,`-11*$SIZE_T`($tj)
+	$POP	r22,`-10*$SIZE_T`($tj)
+	$POP	r23,`-9*$SIZE_T`($tj)
+	$POP	r24,`-8*$SIZE_T`($tj)
+	$POP	r25,`-7*$SIZE_T`($tj)
+	$POP	r26,`-6*$SIZE_T`($tj)
+	$POP	r27,`-5*$SIZE_T`($tj)
+	$POP	r28,`-4*$SIZE_T`($tj)
+	$POP	r29,`-3*$SIZE_T`($tj)
+	$POP	r30,`-2*$SIZE_T`($tj)
+	$POP	r31,`-1*$SIZE_T`($tj)
+	mr	$sp,$tj
+	blr
+	.long	0
+	.byte	0,12,4,0,0x80,12,6,0
+	.long	0
+.size	.bn_mul_mont_int,.-.bn_mul_mont_int
+
+.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/ppc.pl b/openssl-1.1.0h/crypto/bn/asm/ppc.pl
new file mode 100644
index 0000000..4ea534a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/ppc.pl
@@ -0,0 +1,2014 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Implemented as a Perl wrapper as we want to support several different
+# architectures with single file. We pick up the target based on the
+# file name we are asked to generate.
+#
+# It should be noted though that this perl code is nothing like
+# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
+# as pre-processor to cover for platform differences in name decoration,
+# linker tables, 32-/64-bit instruction sets...
+#
+# As you might know there're several PowerPC ABI in use. Most notably
+# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
+# are similar enough to implement leaf(!) functions, which would be ABI
+# neutral. And that's what you find here: ABI neutral leaf functions.
+# In case you wonder what that is...
+#
+#       AIX performance
+#
+#	MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
+#
+#	The following is the performance of 32-bit compiler
+#	generated code:
+#
+#	OpenSSL 0.9.6c 21 dec 2001
+#	built on: Tue Jun 11 11:06:51 EDT 2002
+#	options:bn(64,32) ...
+#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
+#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
+#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
+#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
+#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
+#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0	
+#
+#	Same bechmark with this assembler code:
+#
+#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
+#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
+#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
+#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
+#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
+#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
+#
+#	Number of operations increases by at almost 75%
+#
+#	Here are performance numbers for 64-bit compiler
+#	generated code:
+#
+#	OpenSSL 0.9.6g [engine] 9 Aug 2002
+#	built on: Fri Apr 18 16:59:20 EDT 2003
+#	options:bn(64,64) ...
+#	compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
+#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
+#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
+#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
+#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
+#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
+#
+#	Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
+#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
+#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
+#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
+#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
+#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
+#	
+#	Again, performance increases by at about 75%
+#
+#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
+#       OpenSSL 0.9.7c 30 Sep 2003
+#
+#       Original code.
+#
+#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
+#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
+#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
+#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
+#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
+#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
+#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
+#
+#       Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
+#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
+#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
+#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
+#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
+#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
+#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
+#
+#        Performance increase of ~60%
+#
+#	If you have comments or suggestions to improve code send
+#	me a note at schari@us.ibm.com
+#
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$BITS=	32;
+	$BNSZ=	$BITS/8;
+	$ISA=	"\"ppc\"";
+
+	$LD=	"lwz";		# load
+	$LDU=	"lwzu";		# load and update
+	$ST=	"stw";		# store
+	$STU=	"stwu";		# store and update
+	$UMULL=	"mullw";	# unsigned multiply low
+	$UMULH=	"mulhwu";	# unsigned multiply high
+	$UDIV=	"divwu";	# unsigned divide
+	$UCMPI=	"cmplwi";	# unsigned compare with immediate
+	$UCMP=	"cmplw";	# unsigned compare
+	$CNTLZ=	"cntlzw";	# count leading zeros
+	$SHL=	"slw";		# shift left
+	$SHR=	"srw";		# unsigned shift right
+	$SHRI=	"srwi";		# unsigned shift right by immediate	
+	$SHLI=	"slwi";		# shift left by immediate
+	$CLRU=	"clrlwi";	# clear upper bits
+	$INSR=	"insrwi";	# insert right
+	$ROTL=	"rotlwi";	# rotate left by immediate
+	$TR=	"tw";		# conditional trap
+} elsif ($flavour =~ /64/) {
+	$BITS=	64;
+	$BNSZ=	$BITS/8;
+	$ISA=	"\"ppc64\"";
+
+	# same as above, but 64-bit mnemonics...
+	$LD=	"ld";		# load
+	$LDU=	"ldu";		# load and update
+	$ST=	"std";		# store
+	$STU=	"stdu";		# store and update
+	$UMULL=	"mulld";	# unsigned multiply low
+	$UMULH=	"mulhdu";	# unsigned multiply high
+	$UDIV=	"divdu";	# unsigned divide
+	$UCMPI=	"cmpldi";	# unsigned compare with immediate
+	$UCMP=	"cmpld";	# unsigned compare
+	$CNTLZ=	"cntlzd";	# count leading zeros
+	$SHL=	"sld";		# shift left
+	$SHR=	"srd";		# unsigned shift right
+	$SHRI=	"srdi";		# unsigned shift right by immediate	
+	$SHLI=	"sldi";		# shift left by immediate
+	$CLRU=	"clrldi";	# clear upper bits
+	$INSR=	"insrdi";	# insert right 
+	$ROTL=	"rotldi";	# rotate left by immediate
+	$TR=	"td";		# conditional trap
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$data=<<EOF;
+#--------------------------------------------------------------------
+#
+#
+#
+#
+#	File:		ppc32.s
+#
+#	Created by:	Suresh Chari
+#			IBM Thomas J. Watson Research Library
+#			Hawthorne, NY
+#
+#
+#	Description:	Optimized assembly routines for OpenSSL crypto
+#			on the 32 bitPowerPC platform.
+#
+#
+#	Version History
+#
+#	2. Fixed bn_add,bn_sub and bn_div_words, added comments,
+#	   cleaned up code. Also made a single version which can
+#	   be used for both the AIX and Linux compilers. See NOTE
+#	   below.
+#				12/05/03		Suresh Chari
+#			(with lots of help from)        Andy Polyakov
+##	
+#	1. Initial version	10/20/02		Suresh Chari
+#
+#
+#	The following file works for the xlc,cc
+#	and gcc compilers.
+#
+#	NOTE:	To get the file to link correctly with the gcc compiler
+#	        you have to change the names of the routines and remove
+#		the first .(dot) character. This should automatically
+#		be done in the build process.
+#
+#	Hand optimized assembly code for the following routines
+#	
+#	bn_sqr_comba4
+#	bn_sqr_comba8
+#	bn_mul_comba4
+#	bn_mul_comba8
+#	bn_sub_words
+#	bn_add_words
+#	bn_div_words
+#	bn_sqr_words
+#	bn_mul_words
+#	bn_mul_add_words
+#
+#	NOTE:	It is possible to optimize this code more for
+#	specific PowerPC or Power architectures. On the Northstar
+#	architecture the optimizations in this file do
+#	 NOT provide much improvement.
+#
+#	If you have comments or suggestions to improve code send
+#	me a note at schari\@us.ibm.com
+#
+#--------------------------------------------------------------------------
+#
+#	Defines to be used in the assembly code.
+#	
+#.set r0,0	# we use it as storage for value of 0
+#.set SP,1	# preserved
+#.set RTOC,2	# preserved 
+#.set r3,3	# 1st argument/return value
+#.set r4,4	# 2nd argument/volatile register
+#.set r5,5	# 3rd argument/volatile register
+#.set r6,6	# ...
+#.set r7,7
+#.set r8,8
+#.set r9,9
+#.set r10,10
+#.set r11,11
+#.set r12,12
+#.set r13,13	# not used, nor any other "below" it...
+
+#	Declare function names to be global
+#	NOTE:	For gcc these names MUST be changed to remove
+#	        the first . i.e. for example change ".bn_sqr_comba4"
+#		to "bn_sqr_comba4". This should be automatically done
+#		in the build.
+	
+	.globl	.bn_sqr_comba4
+	.globl	.bn_sqr_comba8
+	.globl	.bn_mul_comba4
+	.globl	.bn_mul_comba8
+	.globl	.bn_sub_words
+	.globl	.bn_add_words
+	.globl	.bn_div_words
+	.globl	.bn_sqr_words
+	.globl	.bn_mul_words
+	.globl	.bn_mul_add_words
+	
+# .text section
+	
+	.machine	"any"
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_comba4" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_sqr_comba4:
+#
+# Optimized version of bn_sqr_comba4.
+#
+# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
+# 
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+# Here's the assembly
+#
+#
+	xor		r0,r0,r0		# set r0 = 0. Used in the addze
+						# instructions below
+	
+						#sqr_add_c(a,0,c1,c2,c3)
+	$LD		r5,`0*$BNSZ`(r4)		
+	$UMULL		r9,r5,r5		
+	$UMULH		r10,r5,r5		#in first iteration. No need
+						#to add since c1=c2=c3=0.
+						# Note c3(r11) is NOT set to 0
+						# but will be.
+
+	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
+						# sqr_add_c2(a,1,0,c2,c3,c1);
+	$LD		r6,`1*$BNSZ`(r4)		
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+					
+	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)
+	adde		r8,r8,r8
+	addze		r9,r0			# catch carry if any.
+						# r9= r0(=0) and carry 
+	
+	addc		r10,r7,r10		# now add to temp result.
+	addze		r11,r8                  # r8 added to r11 which is 0 
+	addze		r9,r9
+	
+	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2; 
+						#sqr_add_c(a,1,c3,c1,c2)
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,2,0,c3,c1,c2)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r10,r10
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3 
+						#sqr_add_c2(a,3,0,c1,c2,c3);
+	$LD		r6,`3*$BNSZ`(r4)		
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r11,r0
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,2,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1
+						#sqr_add_c(a,2,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,3,1,c2,c3,c1);
+	$LD		r6,`3*$BNSZ`(r4)		
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r9,r9
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2
+						#sqr_add_c2(a,3,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)		
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r7,r7,r7
+	adde		r8,r8,r8
+	addze		r10,r0
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3
+						#sqr_add_c(a,3,c1,c2,c3);
+	$UMULL		r7,r6,r6		
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+
+	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1
+	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.bn_sqr_comba4,.-.bn_sqr_comba4
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_comba8" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+	
+.align	4
+.bn_sqr_comba8:
+#
+# This is an optimized version of the bn_sqr_comba8 routine.
+# Tightly uses the adde instruction
+#
+#
+# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
+# 
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+#
+# Possible optimization of loading all 8 longs of a into registers
+# doesn't provide any speedup
+# 
+
+	xor		r0,r0,r0		#set r0 = 0.Used in addze
+						#instructions below.
+
+						#sqr_add_c(a,0,c1,c2,c3);
+	$LD		r5,`0*$BNSZ`(r4)
+	$UMULL		r9,r5,r5		#1st iteration:	no carries.
+	$UMULH		r10,r5,r5
+	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
+						#sqr_add_c2(a,1,0,c2,c3,c1);
+	$LD		r6,`1*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6	
+	
+	addc		r10,r7,r10		#add the two register number
+	adde		r11,r8,r0 		# (r8,r7) to the three register
+	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0
+	
+	addc		r10,r7,r10		#add the two register number
+	adde		r11,r8,r11 		# (r8,r7) to the three register
+	addze		r9,r9			# number (r9,r11,r10).
+	
+	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2
+				
+						#sqr_add_c(a,1,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,2,0,c3,c1,c2);
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	
+	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
+						#sqr_add_c2(a,3,0,c1,c2,c3);
+	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,2,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	
+	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;
+						#sqr_add_c(a,2,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,3,1,c2,c3,c1);
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,4,0,c2,c3,c1);
+	$LD		r5,`0*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2;
+						#sqr_add_c2(a,5,0,c3,c1,c2);
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,4,1,c3,c1,c2);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,3,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`3*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`5*$BNSZ`(r3)	#r[5]=c3;
+						#sqr_add_c(a,3,c1,c2,c3);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+						#sqr_add_c2(a,4,2,c1,c2,c3);
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,5,1,c1,c2,c3);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,6,0,c1,c2,c3);
+	$LD		r5,`0*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1;
+						#sqr_add_c2(a,7,0,c2,c3,c1);
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,6,1,c2,c3,c1);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,5,2,c2,c3,c1);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,4,3,c2,c3,c1);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2;
+						#sqr_add_c(a,4,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+						#sqr_add_c2(a,5,3,c3,c1,c2);
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,6,2,c3,c1,c2);
+	$LD		r5,`2*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,7,1,c3,c1,c2);
+	$LD		r5,`1*$BNSZ`(r4)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`8*$BNSZ`(r3)	#r[8]=c3;
+						#sqr_add_c2(a,7,2,c1,c2,c3);
+	$LD		r5,`2*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,6,3,c1,c2,c3);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+						#sqr_add_c2(a,5,4,c1,c2,c3);
+	$LD		r5,`4*$BNSZ`(r4)
+	$LD		r6,`5*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`9*$BNSZ`(r3)	#r[9]=c1;
+						#sqr_add_c(a,5,c2,c3,c1);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+						#sqr_add_c2(a,6,4,c2,c3,c1);
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+						#sqr_add_c2(a,7,3,c2,c3,c1);
+	$LD		r5,`3*$BNSZ`(r4)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`10*$BNSZ`(r3)	#r[10]=c2;
+						#sqr_add_c2(a,7,4,c3,c1,c2);
+	$LD		r5,`4*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r0
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+						#sqr_add_c2(a,6,5,c3,c1,c2);
+	$LD		r5,`5*$BNSZ`(r4)
+	$LD		r6,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	addze		r10,r10
+	$ST		r11,`11*$BNSZ`(r3)	#r[11]=c3;
+						#sqr_add_c(a,6,c1,c2,c3);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r0
+						#sqr_add_c2(a,7,5,c1,c2,c3)
+	$LD		r6,`7*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	addc		r9,r7,r9
+	adde		r10,r8,r10
+	addze		r11,r11
+	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;
+	
+						#sqr_add_c2(a,7,6,c2,c3,c1)
+	$LD		r5,`6*$BNSZ`(r4)
+	$UMULL		r7,r5,r6
+	$UMULH		r8,r5,r6
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r0
+	addc		r10,r7,r10
+	adde		r11,r8,r11
+	addze		r9,r9
+	$ST		r10,`13*$BNSZ`(r3)	#r[13]=c2;
+						#sqr_add_c(a,7,c3,c1,c2);
+	$UMULL		r7,r6,r6
+	$UMULH		r8,r6,r6
+	addc		r11,r7,r11
+	adde		r9,r8,r9
+	$ST		r11,`14*$BNSZ`(r3)	#r[14]=c3;
+	$ST		r9, `15*$BNSZ`(r3)	#r[15]=c1;
+
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.bn_sqr_comba8,.-.bn_sqr_comba8
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_comba4" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_comba4:
+#
+# This is an optimized version of the bn_mul_comba4 routine.
+#
+# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+	xor	r0,r0,r0		#r0=0. Used in addze below.
+					#mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)		
+	$LD	r7,`0*$BNSZ`(r5)		
+	$UMULL	r10,r6,r7		
+	$UMULH	r11,r6,r7		
+	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1
+					#mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r0
+	addze	r10,r0
+					#mul_add_c(a[1],b[0],c2,c3,c1);
+	$LD	r6, `1*$BNSZ`(r4)		
+	$LD	r7, `0*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2
+					#mul_add_c(a[2],b[0],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r0
+					#mul_add_c(a[1],b[1],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)		
+	$LD	r7,`1*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+					#mul_add_c(a[0],b[2],c3,c1,c2);
+	$LD	r6,`0*$BNSZ`(r4)		
+	$LD	r7,`2*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3
+					#mul_add_c(a[0],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r0
+					#mul_add_c(a[1],b[2],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+					#mul_add_c(a[2],b[1],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+					#mul_add_c(a[3],b[0],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+	addze	r12,r12
+	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1
+					#mul_add_c(a[3],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r0
+					#mul_add_c(a[2],b[2],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+					#mul_add_c(a[1],b[3],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r8,r11
+	adde	r12,r9,r12
+	addze	r10,r10
+	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2
+					#mul_add_c(a[2],b[3],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r0
+					#mul_add_c(a[3],b[2],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r8,r12
+	adde	r10,r9,r10
+	addze	r11,r11
+	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3
+					#mul_add_c(a[3],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)		
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r8,r10
+	adde	r11,r9,r11
+
+	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1
+	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_mul_comba4,.-.bn_mul_comba4
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_comba8" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+	
+.align	4
+.bn_mul_comba8:
+#
+# Optimized version of the bn_mul_comba8 routine.
+#
+# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+	xor	r0,r0,r0		#r0=0. Used in addze below.
+	
+					#mul_add_c(a[0],b[0],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)	#a[0]
+	$LD	r7,`0*$BNSZ`(r5)	#b[0]
+	$UMULL	r10,r6,r7
+	$UMULH	r11,r6,r7
+	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1;
+					#mul_add_c(a[0],b[1],c2,c3,c1);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	addze	r12,r9			# since we didn't set r12 to zero before.
+	addze	r10,r0
+					#mul_add_c(a[1],b[0],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2;
+					#mul_add_c(a[2],b[0],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[1],b[1],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[0],b[2],c3,c1,c2);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3;
+					#mul_add_c(a[0],b[3],c1,c2,c3);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[1],b[2],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+		
+					#mul_add_c(a[2],b[1],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[3],b[0],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1;
+					#mul_add_c(a[4],b[0],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[3],b[1],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[2],b[2],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[1],b[3],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[0],b[4],c2,c3,c1);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2;
+					#mul_add_c(a[0],b[5],c3,c1,c2);
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[1],b[4],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)		
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[2],b[3],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)		
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[3],b[2],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)		
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[4],b[1],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)		
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[5],b[0],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)		
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3;
+					#mul_add_c(a[6],b[0],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[5],b[1],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[4],b[2],c1,c2,c3);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[3],b[3],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[2],b[4],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[1],b[5],c1,c2,c3);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[0],b[6],c1,c2,c3);
+	$LD	r6,`0*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1;
+					#mul_add_c(a[0],b[7],c2,c3,c1);
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[1],b[6],c2,c3,c1);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[2],b[5],c2,c3,c1);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[3],b[4],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[4],b[3],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[5],b[2],c2,c3,c1);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[6],b[1],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[7],b[0],c2,c3,c1);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`0*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2;
+					#mul_add_c(a[7],b[1],c3,c1,c2);
+	$LD	r7,`1*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[6],b[2],c3,c1,c2);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[5],b[3],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[4],b[4],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[3],b[5],c3,c1,c2);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[2],b[6],c3,c1,c2);
+	$LD	r6,`2*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[1],b[7],c3,c1,c2);
+	$LD	r6,`1*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`8*$BNSZ`(r3)	#r[8]=c3;
+					#mul_add_c(a[2],b[7],c1,c2,c3);
+	$LD	r6,`2*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[3],b[6],c1,c2,c3);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[4],b[5],c1,c2,c3);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[5],b[4],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[6],b[3],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[7],b[2],c1,c2,c3);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`9*$BNSZ`(r3)	#r[9]=c1;
+					#mul_add_c(a[7],b[3],c2,c3,c1);
+	$LD	r7,`3*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[6],b[4],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[5],b[5],c2,c3,c1);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[4],b[6],c2,c3,c1);
+	$LD	r6,`4*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+					#mul_add_c(a[3],b[7],c2,c3,c1);
+	$LD	r6,`3*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`10*$BNSZ`(r3)	#r[10]=c2;
+					#mul_add_c(a[4],b[7],c3,c1,c2);
+	$LD	r6,`4*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r0
+					#mul_add_c(a[5],b[6],c3,c1,c2);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[6],b[5],c3,c1,c2);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+					#mul_add_c(a[7],b[4],c3,c1,c2);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`4*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	addze	r11,r11
+	$ST	r12,`11*$BNSZ`(r3)	#r[11]=c3;
+					#mul_add_c(a[7],b[5],c1,c2,c3);
+	$LD	r7,`5*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r0
+					#mul_add_c(a[6],b[6],c1,c2,c3);
+	$LD	r6,`6*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+					#mul_add_c(a[5],b[7],c1,c2,c3);
+	$LD	r6,`5*$BNSZ`(r4)
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r10,r10,r8
+	adde	r11,r11,r9
+	addze	r12,r12
+	$ST	r10,`12*$BNSZ`(r3)	#r[12]=c1;
+					#mul_add_c(a[6],b[7],c2,c3,c1);
+	$LD	r6,`6*$BNSZ`(r4)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r0
+					#mul_add_c(a[7],b[6],c2,c3,c1);
+	$LD	r6,`7*$BNSZ`(r4)
+	$LD	r7,`6*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r11,r11,r8
+	adde	r12,r12,r9
+	addze	r10,r10
+	$ST	r11,`13*$BNSZ`(r3)	#r[13]=c2;
+					#mul_add_c(a[7],b[7],c3,c1,c2);
+	$LD	r7,`7*$BNSZ`(r5)
+	$UMULL	r8,r6,r7
+	$UMULH	r9,r6,r7
+	addc	r12,r12,r8
+	adde	r10,r10,r9
+	$ST	r12,`14*$BNSZ`(r3)	#r[14]=c3;
+	$ST	r10,`15*$BNSZ`(r3)	#r[15]=c1;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_mul_comba8,.-.bn_mul_comba8
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sub_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+#
+.align	4
+.bn_sub_words:
+#
+#	Handcoded version of bn_sub_words
+#
+#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = b
+#	r6 = n
+#
+#       Note:	No loop unrolling done since this is not a performance
+#               critical loop.
+
+	xor	r0,r0,r0	#set r0 = 0
+#
+#	check for r6 = 0 AND set carry bit.
+#
+	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.
+				# if r6 > 0 then result !=0
+				# In either case carry bit is set.
+	beq	Lppcasm_sub_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	addi	r5,r5,-$BNSZ
+	mtctr	r6
+Lppcasm_sub_mainloop:	
+	$LDU	r7,$BNSZ(r4)
+	$LDU	r8,$BNSZ(r5)
+	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
+				# if carry = 1 this is r7-r8. Else it
+				# is r7-r8 -1 as we need.
+	$STU	r6,$BNSZ(r3)
+	bdnz	Lppcasm_sub_mainloop
+Lppcasm_sub_adios:	
+	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
+	andi.	r3,r3,1         # keep only last bit.
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_sub_words,.-.bn_sub_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_add_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_add_words:
+#
+#	Handcoded version of bn_add_words
+#
+#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = b
+#	r6 = n
+#
+#       Note:	No loop unrolling done since this is not a performance
+#               critical loop.
+
+	xor	r0,r0,r0
+#
+#	check for r6 = 0. Is this needed?
+#
+	addic.	r6,r6,0		#test r6 and clear carry bit.
+	beq	Lppcasm_add_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	addi	r5,r5,-$BNSZ
+	mtctr	r6
+Lppcasm_add_mainloop:	
+	$LDU	r7,$BNSZ(r4)
+	$LDU	r8,$BNSZ(r5)
+	adde	r8,r7,r8
+	$STU	r8,$BNSZ(r3)
+	bdnz	Lppcasm_add_mainloop
+Lppcasm_add_adios:	
+	addze	r3,r0			#return carry bit.
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_add_words,.-.bn_add_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_div_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_div_words:
+#
+#	This is a cleaned up version of code generated by
+#	the AIX compiler. The only optimization is to use
+#	the PPC instruction to count leading zeros instead
+#	of call to num_bits_word. Since this was compiled
+#	only at level -O2 we can possibly squeeze it more?
+#	
+#	r3 = h
+#	r4 = l
+#	r5 = d
+	
+	$UCMPI	0,r5,0			# compare r5 and 0
+	bne	Lppcasm_div1		# proceed if d!=0
+	li	r3,-1			# d=0 return -1
+	blr
+Lppcasm_div1:
+	xor	r0,r0,r0		#r0=0
+	li	r8,$BITS
+	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.
+	beq	Lppcasm_div2		#proceed if no leading zeros
+	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
+	$SHR.	r9,r3,r8		#are there any bits above r8'th?
+	$TR	16,r9,r0		#if there're, signal to dump core...
+Lppcasm_div2:
+	$UCMP	0,r3,r5			#h>=d?
+	blt	Lppcasm_div3		#goto Lppcasm_div3 if not
+	subf	r3,r5,r3		#h-=d ; 
+Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
+	cmpi	0,0,r7,0		# is (i == 0)?
+	beq	Lppcasm_div4
+	$SHL	r3,r3,r7		# h = (h<< i)
+	$SHR	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)
+	$SHL	r5,r5,r7		# d<<=i
+	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))
+	$SHL	r4,r4,r7		# l <<=i
+Lppcasm_div4:
+	$SHRI	r9,r5,`$BITS/2`		# r9 = dh
+					# dl will be computed when needed
+					# as it saves registers.
+	li	r6,2			#r6=2
+	mtctr	r6			#counter will be in count.
+Lppcasm_divouterloop: 
+	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)
+	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4
+					# compute here for innerloop.
+	$UCMP	0,r8,r9			# is (h>>BN_BITS4)==dh
+	bne	Lppcasm_div5		# goto Lppcasm_div5 if not
+
+	li	r8,-1
+	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l 
+	b	Lppcasm_div6
+Lppcasm_div5:
+	$UDIV	r8,r3,r9		#q = h/dh
+Lppcasm_div6:
+	$UMULL	r12,r9,r8		#th = q*dh
+	$CLRU	r10,r5,`$BITS/2`	#r10=dl
+	$UMULL	r6,r8,r10		#tl = q*dl
+	
+Lppcasm_divinnerloop:
+	subf	r10,r12,r3		#t = h -th
+	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...
+	addic.	r7,r7,0			#test if r7 == 0. used below.
+					# now want to compute
+					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
+					# the following 2 instructions do that
+	$SHLI	r7,r10,`$BITS/2`	# r7 = (t<<BN_BITS4)
+	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)
+	$UCMP	cr1,r6,r7		# compare (tl <= r7)
+	bne	Lppcasm_divinnerexit
+	ble	cr1,Lppcasm_divinnerexit
+	addi	r8,r8,-1		#q--
+	subf	r12,r9,r12		#th -=dh
+	$CLRU	r10,r5,`$BITS/2`	#r10=dl. t is no longer needed in loop.
+	subf	r6,r10,r6		#tl -=dl
+	b	Lppcasm_divinnerloop
+Lppcasm_divinnerexit:
+	$SHRI	r10,r6,`$BITS/2`	#t=(tl>>BN_BITS4)
+	$SHLI	r11,r6,`$BITS/2`	#tl=(tl<<BN_BITS4)&BN_MASK2h;
+	$UCMP	cr1,r4,r11		# compare l and tl
+	add	r12,r12,r10		# th+=t
+	bge	cr1,Lppcasm_div7	# if (l>=tl) goto Lppcasm_div7
+	addi	r12,r12,1		# th++
+Lppcasm_div7:
+	subf	r11,r11,r4		#r11=l-tl
+	$UCMP	cr1,r3,r12		#compare h and th
+	bge	cr1,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8
+	addi	r8,r8,-1		# q--
+	add	r3,r5,r3		# h+=d
+Lppcasm_div8:
+	subf	r12,r12,r3		#r12 = h-th
+	$SHLI	r4,r11,`$BITS/2`	#l=(l&BN_MASK2l)<<BN_BITS4
+					# want to compute
+					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
+					# the following 2 instructions will do this.
+	$INSR	r11,r12,`$BITS/2`,`$BITS/2`	# r11 is the value we want rotated $BITS/2.
+	$ROTL	r3,r11,`$BITS/2`	# rotate by $BITS/2 and store in r3
+	bdz	Lppcasm_div9		#if (count==0) break ;
+	$SHLI	r0,r8,`$BITS/2`		#ret =q<<BN_BITS4
+	b	Lppcasm_divouterloop
+Lppcasm_div9:
+	or	r3,r8,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_div_words,.-.bn_div_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_sqr_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+.align	4
+.bn_sqr_words:
+#
+#	Optimized version of bn_sqr_words
+#
+#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+#
+#	r3 = r
+#	r4 = a
+#	r5 = n
+#
+#	r6 = a[i].
+#	r7,r8 = product.
+#
+#	No unrolling done here. Not performance critical.
+
+	addic.	r5,r5,0			#test r5.
+	beq	Lppcasm_sqr_adios
+	addi	r4,r4,-$BNSZ
+	addi	r3,r3,-$BNSZ
+	mtctr	r5
+Lppcasm_sqr_mainloop:	
+					#sqr(r[0],r[1],a[0]);
+	$LDU	r6,$BNSZ(r4)
+	$UMULL	r7,r6,r6
+	$UMULH  r8,r6,r6
+	$STU	r7,$BNSZ(r3)
+	$STU	r8,$BNSZ(r3)
+	bdnz	Lppcasm_sqr_mainloop
+Lppcasm_sqr_adios:	
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.bn_sqr_words,.-.bn_sqr_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4	
+.bn_mul_words:
+#
+# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+	xor	r0,r0,r0
+	xor	r12,r12,r12		# used for carry
+	rlwinm.	r7,r5,30,2,31		# num >> 2
+	beq	Lppcasm_mw_REM
+	mtctr	r7
+Lppcasm_mw_LOOP:	
+					#mul(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	#addze	r10,r10			#carry is NOT ignored.
+					#will be taken care of
+					#in second spin below
+					#using adde.
+	$ST	r9,`0*$BNSZ`(r3)
+					#mul(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)	
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	#addze	r12,r12
+	$ST	r11,`1*$BNSZ`(r3)
+					#mul(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	adde	r9,r9,r12
+	#addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+					#mul_add(rp[3],ap[3],w,c1);
+	$LD	r8,`3*$BNSZ`(r4)
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	addze	r12,r12			#this spin we collect carry into
+					#r12
+	$ST	r11,`3*$BNSZ`(r3)
+	
+	addi	r3,r3,`4*$BNSZ`
+	addi	r4,r4,`4*$BNSZ`
+	bdnz	Lppcasm_mw_LOOP
+
+Lppcasm_mw_REM:
+	andi.	r5,r5,0x3
+	beq	Lppcasm_mw_OVER
+					#mul(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`0*$BNSZ`(r3)
+	addi	r12,r10,0
+	
+	addi	r5,r5,-1
+	cmpli	0,0,r5,0
+	beq	Lppcasm_mw_OVER
+
+	
+					#mul(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)	
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`1*$BNSZ`(r3)
+	addi	r12,r10,0
+	
+	addi	r5,r5,-1
+	cmpli	0,0,r5,0
+	beq	Lppcasm_mw_OVER
+	
+					#mul_add(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12
+	addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+	addi	r12,r10,0
+		
+Lppcasm_mw_OVER:	
+	addi	r3,r12,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	bn_mul_words,.-bn_mul_words
+
+#
+#	NOTE:	The following label name should be changed to
+#		"bn_mul_add_words" i.e. remove the first dot
+#		for the gcc compiler. This should be automatically
+#		done in the build
+#
+
+.align	4
+.bn_mul_add_words:
+#
+# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+#
+# empirical evidence suggests that unrolled version performs best!!
+#
+	xor	r0,r0,r0		#r0 = 0
+	xor	r12,r12,r12  		#r12 = 0 . used for carry		
+	rlwinm.	r7,r5,30,2,31		# num >> 2
+	beq	Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
+	mtctr	r7
+Lppcasm_maw_mainloop:	
+					#mul_add(rp[0],ap[0],w,c1);
+	$LD	r8,`0*$BNSZ`(r4)
+	$LD	r11,`0*$BNSZ`(r3)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	addc	r9,r9,r12		#r12 is carry.
+	addze	r10,r10
+	addc	r9,r9,r11
+	#addze	r10,r10
+					#the above instruction addze
+					#is NOT needed. Carry will NOT
+					#be ignored. It's not affected
+					#by multiply and will be collected
+					#in the next spin
+	$ST	r9,`0*$BNSZ`(r3)
+	
+					#mul_add(rp[1],ap[1],w,c1);
+	$LD	r8,`1*$BNSZ`(r4)	
+	$LD	r9,`1*$BNSZ`(r3)
+	$UMULL	r11,r6,r8
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10		#r10 is carry.
+	addze	r12,r12
+	addc	r11,r11,r9
+	#addze	r12,r12
+	$ST	r11,`1*$BNSZ`(r3)
+	
+					#mul_add(rp[2],ap[2],w,c1);
+	$LD	r8,`2*$BNSZ`(r4)
+	$UMULL	r9,r6,r8
+	$LD	r11,`2*$BNSZ`(r3)
+	$UMULH  r10,r6,r8
+	adde	r9,r9,r12
+	addze	r10,r10
+	addc	r9,r9,r11
+	#addze	r10,r10
+	$ST	r9,`2*$BNSZ`(r3)
+	
+					#mul_add(rp[3],ap[3],w,c1);
+	$LD	r8,`3*$BNSZ`(r4)
+	$UMULL	r11,r6,r8
+	$LD	r9,`3*$BNSZ`(r3)
+	$UMULH  r12,r6,r8
+	adde	r11,r11,r10
+	addze	r12,r12
+	addc	r11,r11,r9
+	addze	r12,r12
+	$ST	r11,`3*$BNSZ`(r3)
+	addi	r3,r3,`4*$BNSZ`
+	addi	r4,r4,`4*$BNSZ`
+	bdnz	Lppcasm_maw_mainloop
+	
+Lppcasm_maw_leftover:
+	andi.	r5,r5,0x3
+	beq	Lppcasm_maw_adios
+	addi	r3,r3,-$BNSZ
+	addi	r4,r4,-$BNSZ
+					#mul_add(rp[0],ap[0],w,c1);
+	mtctr	r5
+	$LDU	r8,$BNSZ(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+	
+	bdz	Lppcasm_maw_adios
+					#mul_add(rp[1],ap[1],w,c1);
+	$LDU	r8,$BNSZ(r4)	
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+	
+	bdz	Lppcasm_maw_adios
+					#mul_add(rp[2],ap[2],w,c1);
+	$LDU	r8,$BNSZ(r4)
+	$UMULL	r9,r6,r8
+	$UMULH  r10,r6,r8
+	$LDU	r11,$BNSZ(r3)
+	addc	r9,r9,r11
+	addze	r10,r10
+	addc	r9,r9,r12
+	addze	r12,r10
+	$ST	r9,0(r3)
+		
+Lppcasm_maw_adios:	
+	addi	r3,r12,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,4,0
+	.long	0
+.size	.bn_mul_add_words,.-.bn_mul_add_words
+	.align	4
+EOF
+$data =~ s/\`([^\`]*)\`/eval $1/gem;
+print $data;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/ppc64-mont.pl b/openssl-1.1.0h/crypto/bn/asm/ppc64-mont.pl
new file mode 100644
index 0000000..1e19c95
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/ppc64-mont.pl
@@ -0,0 +1,1635 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# December 2007
+
+# The reason for undertaken effort is basically following. Even though
+# Power 6 CPU operates at incredible 4.7GHz clock frequency, its PKI
+# performance was observed to be less than impressive, essentially as
+# fast as 1.8GHz PPC970, or 2.6 times(!) slower than one would hope.
+# Well, it's not surprising that IBM had to make some sacrifices to
+# boost the clock frequency that much, but no overall improvement?
+# Having observed how much difference did switching to FPU make on
+# UltraSPARC, playing same stunt on Power 6 appeared appropriate...
+# Unfortunately the resulting performance improvement is not as
+# impressive, ~30%, and in absolute terms is still very far from what
+# one would expect from 4.7GHz CPU. There is a chance that I'm doing
+# something wrong, but in the lack of assembler level micro-profiling
+# data or at least decent platform guide I can't tell... Or better
+# results might be achieved with VMX... Anyway, this module provides
+# *worse* performance on other PowerPC implementations, ~40-15% slower
+# on PPC970 depending on key length and ~40% slower on Power 5 for all
+# key lengths. As it's obviously inappropriate as "best all-round"
+# alternative, it has to be complemented with run-time CPU family
+# detection. Oh! It should also be noted that unlike other PowerPC
+# implementation IALU ppc-mont.pl module performs *suboptimaly* on
+# >=1024-bit key lengths on Power 6. It should also be noted that
+# *everything* said so far applies to 64-bit builds! As far as 32-bit
+# application executed on 64-bit CPU goes, this module is likely to
+# become preferred choice, because it's easy to adapt it for such
+# case and *is* faster than 32-bit ppc-mont.pl on *all* processors.
+
+# February 2008
+
+# Micro-profiling assisted optimization results in ~15% improvement
+# over original ppc64-mont.pl version, or overall ~50% improvement
+# over ppc.pl module on Power 6. If compared to ppc-mont.pl on same
+# Power 6 CPU, this module is 5-150% faster depending on key length,
+# [hereafter] more for longer keys. But if compared to ppc-mont.pl
+# on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive
+# in absolute terms, but it's apparently the way Power 6 is...
+
+# December 2009
+
+# Adapted for 32-bit build this module delivers 25-120%, yes, more
+# than *twice* for longer keys, performance improvement over 32-bit
+# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes
+# even 64-bit integer operations and the trouble is that most PPC
+# operating systems don't preserve upper halves of general purpose
+# registers upon 32-bit signal delivery. They do preserve them upon
+# context switch, but not signalling:-( This means that asynchronous
+# signals have to be blocked upon entry to this subroutine. Signal
+# masking (and of course complementary unmasking) has quite an impact
+# on performance, naturally larger for shorter keys. It's so severe
+# that 512-bit key performance can be as low as 1/3 of expected one.
+# This is why this routine can be engaged for longer key operations
+# only on these OSes, see crypto/ppccap.c for further details. MacOS X
+# is an exception from this and doesn't require signal masking, and
+# that's where above improvement coefficients were collected. For
+# others alternative would be to break dependence on upper halves of
+# GPRs by sticking to 32-bit integer operations...
+
+# December 2012
+
+# Remove above mentioned dependence on GPRs' upper halves in 32-bit
+# build. No signal masking overhead, but integer instructions are
+# *more* numerous... It's still "universally" faster than 32-bit
+# ppc-mont.pl, but improvement coefficient is not as impressive
+# for longer keys...
+
+$flavour = shift;
+
+if ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$RZONE=	224;
+	$fname=	"bn_mul_mont_fpu64";
+
+	$STUX=	"stwux";	# store indexed and update
+	$PUSH=	"stw";
+	$POP=	"lwz";
+} elsif ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$RZONE=	288;
+	$fname=	"bn_mul_mont_fpu64";
+
+	# same as above, but 64-bit mnemonics...
+	$STUX=	"stdux";	# store indexed and update
+	$PUSH=	"std";
+	$POP=	"ld";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=64;	# padded frame header
+$TRANSFER=16*8;
+
+$carry="r0";
+$sp="r1";
+$toc="r2";
+$rp="r3";	$ovf="r3";
+$ap="r4";
+$bp="r5";
+$np="r6";
+$n0="r7";
+$num="r8";
+$rp="r9";	# $rp is reassigned
+$tp="r10";
+$j="r11";
+$i="r12";
+# non-volatile registers
+$c1="r19";
+$n1="r20";
+$a1="r21";
+$nap_d="r22";	# interleaved ap and np in double format
+$a0="r23";	# ap[0]
+$t0="r24";	# temporary registers
+$t1="r25";
+$t2="r26";
+$t3="r27";
+$t4="r28";
+$t5="r29";
+$t6="r30";
+$t7="r31";
+
+# PPC offers enough register bank capacity to unroll inner loops twice
+#
+#     ..A3A2A1A0
+#           dcba
+#    -----------
+#            A0a
+#           A0b
+#          A0c
+#         A0d
+#          A1a
+#         A1b
+#        A1c
+#       A1d
+#        A2a
+#       A2b
+#      A2c
+#     A2d
+#      A3a
+#     A3b
+#    A3c
+#   A3d
+#    ..a
+#   ..b
+#
+$ba="f0";	$bb="f1";	$bc="f2";	$bd="f3";
+$na="f4";	$nb="f5";	$nc="f6";	$nd="f7";
+$dota="f8";	$dotb="f9";
+$A0="f10";	$A1="f11";	$A2="f12";	$A3="f13";
+$N0="f20";	$N1="f21";	$N2="f22";	$N3="f23";
+$T0a="f24";	$T0b="f25";
+$T1a="f26";	$T1b="f27";
+$T2a="f28";	$T2b="f29";
+$T3a="f30";	$T3b="f31";
+
+# sp----------->+-------------------------------+
+#		| saved sp			|
+#		+-------------------------------+
+#		.				.
+#   +64		+-------------------------------+
+#		| 16 gpr<->fpr transfer zone	|
+#		.				.
+#		.				.
+#   +16*8	+-------------------------------+
+#		| __int64 tmp[-1]		|
+#		+-------------------------------+
+#		| __int64 tmp[num]		|
+#		.				.
+#		.				.
+#		.				.
+#   +(num+1)*8	+-------------------------------+
+#		| padding to 64 byte boundary	|
+#		.				.
+#   +X		+-------------------------------+
+#		| double nap_d[4*num]		|
+#		.				.
+#		.				.
+#		.				.
+#		+-------------------------------+
+#		.				.
+#   -13*size_t	+-------------------------------+
+#		| 13 saved gpr, r19-r31		|
+#		.				.
+#		.				.
+#   -12*8	+-------------------------------+
+#		| 12 saved fpr, f20-f31		|
+#		.				.
+#		.				.
+#		+-------------------------------+
+
+$code=<<___;
+.machine "any"
+.text
+
+.globl	.$fname
+.align	5
+.$fname:
+	cmpwi	$num,`3*8/$SIZE_T`
+	mr	$rp,r3		; $rp is reassigned
+	li	r3,0		; possible "not handled" return code
+	bltlr-
+	andi.	r0,$num,`16/$SIZE_T-1`		; $num has to be "even"
+	bnelr-
+
+	slwi	$num,$num,`log($SIZE_T)/log(2)`	; num*=sizeof(BN_LONG)
+	li	$i,-4096
+	slwi	$tp,$num,2	; place for {an}p_{lh}[num], i.e. 4*num
+	add	$tp,$tp,$num	; place for tp[num+1]
+	addi	$tp,$tp,`$FRAME+$TRANSFER+8+64+$RZONE`
+	subf	$tp,$tp,$sp	; $sp-$tp
+	and	$tp,$tp,$i	; minimize TLB usage
+	subf	$tp,$sp,$tp	; $tp-$sp
+	mr	$i,$sp
+	$STUX	$sp,$sp,$tp	; alloca
+
+	$PUSH	r19,`-12*8-13*$SIZE_T`($i)
+	$PUSH	r20,`-12*8-12*$SIZE_T`($i)
+	$PUSH	r21,`-12*8-11*$SIZE_T`($i)
+	$PUSH	r22,`-12*8-10*$SIZE_T`($i)
+	$PUSH	r23,`-12*8-9*$SIZE_T`($i)
+	$PUSH	r24,`-12*8-8*$SIZE_T`($i)
+	$PUSH	r25,`-12*8-7*$SIZE_T`($i)
+	$PUSH	r26,`-12*8-6*$SIZE_T`($i)
+	$PUSH	r27,`-12*8-5*$SIZE_T`($i)
+	$PUSH	r28,`-12*8-4*$SIZE_T`($i)
+	$PUSH	r29,`-12*8-3*$SIZE_T`($i)
+	$PUSH	r30,`-12*8-2*$SIZE_T`($i)
+	$PUSH	r31,`-12*8-1*$SIZE_T`($i)
+	stfd	f20,`-12*8`($i)
+	stfd	f21,`-11*8`($i)
+	stfd	f22,`-10*8`($i)
+	stfd	f23,`-9*8`($i)
+	stfd	f24,`-8*8`($i)
+	stfd	f25,`-7*8`($i)
+	stfd	f26,`-6*8`($i)
+	stfd	f27,`-5*8`($i)
+	stfd	f28,`-4*8`($i)
+	stfd	f29,`-3*8`($i)
+	stfd	f30,`-2*8`($i)
+	stfd	f31,`-1*8`($i)
+
+	addi	$tp,$sp,`$FRAME+$TRANSFER+8+64`
+	li	$i,-64
+	add	$nap_d,$tp,$num
+	and	$nap_d,$nap_d,$i	; align to 64 bytes
+	; nap_d is off by 1, because it's used with stfdu/lfdu
+	addi	$nap_d,$nap_d,-8
+	srwi	$j,$num,`3+1`	; counter register, num/2
+	addi	$j,$j,-1
+	addi	$tp,$sp,`$FRAME+$TRANSFER-8`
+	li	$carry,0
+	mtctr	$j
+___
+
+$code.=<<___ if ($SIZE_T==8);
+	ld	$a0,0($ap)		; pull ap[0] value
+	ld	$t3,0($bp)		; bp[0]
+	ld	$n0,0($n0)		; pull n0[0] value
+
+	mulld	$t7,$a0,$t3		; ap[0]*bp[0]
+	; transfer bp[0] to FPU as 4x16-bit values
+	extrdi	$t0,$t3,16,48
+	extrdi	$t1,$t3,16,32
+	extrdi	$t2,$t3,16,16
+	extrdi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mulld	$t7,$t7,$n0		; tp[0]*n0
+	; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values
+	extrdi	$t4,$t7,16,48
+	extrdi	$t5,$t7,16,32
+	extrdi	$t6,$t7,16,16
+	extrdi	$t7,$t7,16,0
+	std	$t4,`$FRAME+32`($sp)
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+
+	extrdi	$t0,$a0,32,32		; lwz	$t0,4($ap)
+	extrdi	$t1,$a0,32,0		; lwz	$t1,0($ap)
+	lwz	$t2,`12^$LITTLE_ENDIAN`($ap)	; load a[1] as 32-bit word pair
+	lwz	$t3,`8^$LITTLE_ENDIAN`($ap)
+	lwz	$t4,`4^$LITTLE_ENDIAN`($np)	; load n[0] as 32-bit word pair
+	lwz	$t5,`0^$LITTLE_ENDIAN`($np)
+	lwz	$t6,`12^$LITTLE_ENDIAN`($np)	; load n[1] as 32-bit word pair
+	lwz	$t7,`8^$LITTLE_ENDIAN`($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+	lwz	$a0,0($ap)		; pull ap[0,1] value
+	mr	$n1,$n0
+	lwz	$a1,4($ap)
+	li	$c1,0
+	lwz	$t1,0($bp)		; bp[0,1]
+	lwz	$t3,4($bp)
+	lwz	$n0,0($n1)		; pull n0[0,1] value
+	lwz	$n1,4($n1)
+
+	mullw	$t4,$a0,$t1		; mulld ap[0]*bp[0]
+	mulhwu	$t5,$a0,$t1
+	mullw	$t6,$a1,$t1
+	mullw	$t7,$a0,$t3
+	add	$t5,$t5,$t6
+	add	$t5,$t5,$t7
+	; transfer bp[0] to FPU as 4x16-bit values
+	extrwi	$t0,$t1,16,16
+	extrwi	$t1,$t1,16,0
+	extrwi	$t2,$t3,16,16
+	extrwi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)	; yes, std in 32-bit build
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mullw	$t0,$t4,$n0		; mulld tp[0]*n0
+	mulhwu	$t1,$t4,$n0
+	mullw	$t2,$t5,$n0
+	mullw	$t3,$t4,$n1
+	add	$t1,$t1,$t2
+	add	$t1,$t1,$t3
+	; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values
+	extrwi	$t4,$t0,16,16
+	extrwi	$t5,$t0,16,0
+	extrwi	$t6,$t1,16,16
+	extrwi	$t7,$t1,16,0
+	std	$t4,`$FRAME+32`($sp)	; yes, std in 32-bit build
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+
+	mr	$t0,$a0			; lwz	$t0,0($ap)
+	mr	$t1,$a1			; lwz	$t1,4($ap)
+	lwz	$t2,8($ap)		; load a[j..j+3] as 32-bit word pairs
+	lwz	$t3,12($ap)
+	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
+	lwz	$t5,4($np)
+	lwz	$t6,8($np)
+	lwz	$t7,12($np)
+___
+$code.=<<___;
+	lfd	$ba,`$FRAME+0`($sp)
+	lfd	$bb,`$FRAME+8`($sp)
+	lfd	$bc,`$FRAME+16`($sp)
+	lfd	$bd,`$FRAME+24`($sp)
+	lfd	$na,`$FRAME+32`($sp)
+	lfd	$nb,`$FRAME+40`($sp)
+	lfd	$nc,`$FRAME+48`($sp)
+	lfd	$nd,`$FRAME+56`($sp)
+	std	$t0,`$FRAME+64`($sp)	; yes, std even in 32-bit build
+	std	$t1,`$FRAME+72`($sp)
+	std	$t2,`$FRAME+80`($sp)
+	std	$t3,`$FRAME+88`($sp)
+	std	$t4,`$FRAME+96`($sp)
+	std	$t5,`$FRAME+104`($sp)
+	std	$t6,`$FRAME+112`($sp)
+	std	$t7,`$FRAME+120`($sp)
+	fcfid	$ba,$ba
+	fcfid	$bb,$bb
+	fcfid	$bc,$bc
+	fcfid	$bd,$bd
+	fcfid	$na,$na
+	fcfid	$nb,$nb
+	fcfid	$nc,$nc
+	fcfid	$nd,$nd
+
+	lfd	$A0,`$FRAME+64`($sp)
+	lfd	$A1,`$FRAME+72`($sp)
+	lfd	$A2,`$FRAME+80`($sp)
+	lfd	$A3,`$FRAME+88`($sp)
+	lfd	$N0,`$FRAME+96`($sp)
+	lfd	$N1,`$FRAME+104`($sp)
+	lfd	$N2,`$FRAME+112`($sp)
+	lfd	$N3,`$FRAME+120`($sp)
+	fcfid	$A0,$A0
+	fcfid	$A1,$A1
+	fcfid	$A2,$A2
+	fcfid	$A3,$A3
+	fcfid	$N0,$N0
+	fcfid	$N1,$N1
+	fcfid	$N2,$N2
+	fcfid	$N3,$N3
+	addi	$ap,$ap,16
+	addi	$np,$np,16
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	stfd	$A0,8($nap_d)		; save a[j] in double format
+	stfd	$A1,16($nap_d)
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	stfd	$A2,24($nap_d)		; save a[j+1] in double format
+	stfd	$A3,32($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	fmul	$T0a,$A0,$ba
+	fmul	$T0b,$A0,$bb
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+
+.align	5
+L1st:
+___
+$code.=<<___ if ($SIZE_T==8);
+	lwz	$t0,`4^$LITTLE_ENDIAN`($ap)	; load a[j] as 32-bit word pair
+	lwz	$t1,`0^$LITTLE_ENDIAN`($ap)
+	lwz	$t2,`12^$LITTLE_ENDIAN`($ap)	; load a[j+1] as 32-bit word pair
+	lwz	$t3,`8^$LITTLE_ENDIAN`($ap)
+	lwz	$t4,`4^$LITTLE_ENDIAN`($np)	; load n[j] as 32-bit word pair
+	lwz	$t5,`0^$LITTLE_ENDIAN`($np)
+	lwz	$t6,`12^$LITTLE_ENDIAN`($np)	; load n[j+1] as 32-bit word pair
+	lwz	$t7,`8^$LITTLE_ENDIAN`($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+	lwz	$t0,0($ap)		; load a[j..j+3] as 32-bit word pairs
+	lwz	$t1,4($ap)
+	lwz	$t2,8($ap)
+	lwz	$t3,12($ap)
+	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
+	lwz	$t5,4($np)
+	lwz	$t6,8($np)
+	lwz	$t7,12($np)
+___
+$code.=<<___;
+	std	$t0,`$FRAME+64`($sp)	; yes, std even in 32-bit build
+	std	$t1,`$FRAME+72`($sp)
+	std	$t2,`$FRAME+80`($sp)
+	std	$t3,`$FRAME+88`($sp)
+	std	$t4,`$FRAME+96`($sp)
+	std	$t5,`$FRAME+104`($sp)
+	std	$t6,`$FRAME+112`($sp)
+	std	$t7,`$FRAME+120`($sp)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+___
+}
+$code.=<<___;
+	lfd	$A0,`$FRAME+64`($sp)
+	lfd	$A1,`$FRAME+72`($sp)
+	lfd	$A2,`$FRAME+80`($sp)
+	lfd	$A3,`$FRAME+88`($sp)
+	lfd	$N0,`$FRAME+96`($sp)
+	lfd	$N1,`$FRAME+104`($sp)
+	lfd	$N2,`$FRAME+112`($sp)
+	lfd	$N3,`$FRAME+120`($sp)
+	fcfid	$A0,$A0
+	fcfid	$A1,$A1
+	fcfid	$A2,$A2
+	fcfid	$A3,$A3
+	fcfid	$N0,$N0
+	fcfid	$N1,$N1
+	fcfid	$N2,$N2
+	fcfid	$N3,$N3
+	addi	$ap,$ap,16
+	addi	$np,$np,16
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	stfd	$A0,8($nap_d)		; save a[j] in double format
+	stfd	$A1,16($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmadd	$T0a,$A0,$ba,$dota
+	fmadd	$T0b,$A0,$bb,$dotb
+	stfd	$A2,24($nap_d)		; save a[j+1] in double format
+	stfd	$A3,32($nap_d)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	 add	$t0,$t0,$carry		; can not overflow
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+	 srdi	$carry,$t0,16
+	 add	$t1,$t1,$carry
+	 srdi	$carry,$t1,16
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 insrdi	$t0,$t1,16,32
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 add	$t2,$t2,$carry
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 srdi	$carry,$t2,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 insrdi	$t0,$t2,16,16
+	 add	$t3,$t3,$carry
+	 srdi	$carry,$t3,16
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 insrdi	$t0,$t3,16,0		; 0..63 bits
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 add	$t4,$t4,$carry
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 srdi	$carry,$t4,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 add	$t5,$t5,$carry
+	 srdi	$carry,$t5,16
+	 insrdi	$t4,$t5,16,32
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 add	$t6,$t6,$carry
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 srdi	$carry,$t6,16
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 insrdi	$t4,$t6,16,16
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 add	$t7,$t7,$carry
+	 insrdi	$t4,$t7,16,0		; 64..127 bits
+	 srdi	$carry,$t7,16		; upper 33 bits
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 std	$t0,8($tp)		; tp[j-1]
+	 stdu	$t4,16($tp)		; tp[j]
+___
+} else {
+$code.=<<___;
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	stfd	$N0,40($nap_d)		; save n[j] in double format
+	stfd	$N1,48($nap_d)
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	stfd	$N2,56($nap_d)		; save n[j+1] in double format
+	stfdu	$N3,64($nap_d)
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	 lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	 lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 stw	$t0,12($tp)		; tp[j-1]
+	 stw	$t4,8($tp)
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	 lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	 lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 stw	$t2,20($tp)		; tp[j]
+	 stwu	$t0,16($tp)
+___
+}
+$code.=<<___;
+	bdnz	L1st
+
+	fctid	$dota,$dota
+	fctid	$dotb,$dotb
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	add	$t0,$t0,$carry		; can not overflow
+	srdi	$carry,$t0,16
+	add	$t1,$t1,$carry
+	srdi	$carry,$t1,16
+	insrdi	$t0,$t1,16,32
+	add	$t2,$t2,$carry
+	srdi	$carry,$t2,16
+	insrdi	$t0,$t2,16,16
+	add	$t3,$t3,$carry
+	srdi	$carry,$t3,16
+	insrdi	$t0,$t3,16,0		; 0..63 bits
+	add	$t4,$t4,$carry
+	srdi	$carry,$t4,16
+	add	$t5,$t5,$carry
+	srdi	$carry,$t5,16
+	insrdi	$t4,$t5,16,32
+	add	$t6,$t6,$carry
+	srdi	$carry,$t6,16
+	insrdi	$t4,$t6,16,16
+	add	$t7,$t7,$carry
+	insrdi	$t4,$t7,16,0		; 64..127 bits
+	srdi	$carry,$t7,16		; upper 33 bits
+	ld	$t6,`$FRAME+64`($sp)
+	ld	$t7,`$FRAME+72`($sp)
+
+	std	$t0,8($tp)		; tp[j-1]
+	stdu	$t4,16($tp)		; tp[j]
+
+	add	$t6,$t6,$carry		; can not overflow
+	srdi	$carry,$t6,16
+	add	$t7,$t7,$carry
+	insrdi	$t6,$t7,48,0
+	srdi	$ovf,$t7,48
+	std	$t6,8($tp)		; tp[num-1]
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 stw	$t0,12($tp)		; tp[j-1]
+	 stw	$t4,8($tp)
+
+	lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	 stw	$t2,20($tp)		; tp[j]
+	 stwu	$t0,16($tp)
+
+	lwz	$t7,`$FRAME+64^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+68^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+72^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+76^$LITTLE_ENDIAN`($sp)
+
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+
+	insrwi	$t6,$t4,16,0
+	srwi	$t4,$t4,16
+	insrwi	$t4,$t5,16,0
+	srwi	$ovf,$t5,16
+	stw	$t6,12($tp)		; tp[num-1]
+	stw	$t4,8($tp)
+___
+}
+$code.=<<___;
+	slwi	$t7,$num,2
+	subf	$nap_d,$t7,$nap_d	; rewind pointer
+
+	li	$i,8			; i=1
+.align	5
+Louter:
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	li	$carry,0
+	mtctr	$j
+___
+$code.=<<___ if ($SIZE_T==8);
+	ldx	$t3,$bp,$i		; bp[i]
+
+	ld	$t6,`$FRAME+$TRANSFER+8`($sp)	; tp[0]
+	mulld	$t7,$a0,$t3		; ap[0]*bp[i]
+	add	$t7,$t7,$t6		; ap[0]*bp[i]+tp[0]
+	; transfer bp[i] to FPU as 4x16-bit values
+	extrdi	$t0,$t3,16,48
+	extrdi	$t1,$t3,16,32
+	extrdi	$t2,$t3,16,16
+	extrdi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mulld	$t7,$t7,$n0		; tp[0]*n0
+	; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values
+	extrdi	$t4,$t7,16,48
+	extrdi	$t5,$t7,16,32
+	extrdi	$t6,$t7,16,16
+	extrdi	$t7,$t7,16,0
+	std	$t4,`$FRAME+32`($sp)
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	add	$t0,$bp,$i
+	li	$c1,0
+	lwz	$t1,0($t0)		; bp[i,i+1]
+	lwz	$t3,4($t0)
+
+	mullw	$t4,$a0,$t1		; ap[0]*bp[i]
+	lwz	$t0,`$FRAME+$TRANSFER+8+4`($sp)	; tp[0]
+	mulhwu	$t5,$a0,$t1
+	lwz	$t2,`$FRAME+$TRANSFER+8`($sp)	; tp[0]
+	mullw	$t6,$a1,$t1
+	mullw	$t7,$a0,$t3
+	add	$t5,$t5,$t6
+	add	$t5,$t5,$t7
+	addc	$t4,$t4,$t0		; ap[0]*bp[i]+tp[0]
+	adde	$t5,$t5,$t2
+	; transfer bp[i] to FPU as 4x16-bit values
+	extrwi	$t0,$t1,16,16
+	extrwi	$t1,$t1,16,0
+	extrwi	$t2,$t3,16,16
+	extrwi	$t3,$t3,16,0
+	std	$t0,`$FRAME+0`($sp)	; yes, std in 32-bit build
+	std	$t1,`$FRAME+8`($sp)
+	std	$t2,`$FRAME+16`($sp)
+	std	$t3,`$FRAME+24`($sp)
+
+	mullw	$t0,$t4,$n0		; mulld tp[0]*n0
+	mulhwu	$t1,$t4,$n0
+	mullw	$t2,$t5,$n0
+	mullw	$t3,$t4,$n1
+	add	$t1,$t1,$t2
+	add	$t1,$t1,$t3
+	; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values
+	extrwi	$t4,$t0,16,16
+	extrwi	$t5,$t0,16,0
+	extrwi	$t6,$t1,16,16
+	extrwi	$t7,$t1,16,0
+	std	$t4,`$FRAME+32`($sp)	; yes, std in 32-bit build
+	std	$t5,`$FRAME+40`($sp)
+	std	$t6,`$FRAME+48`($sp)
+	std	$t7,`$FRAME+56`($sp)
+___
+$code.=<<___;
+	lfd	$A0,8($nap_d)		; load a[j] in double format
+	lfd	$A1,16($nap_d)
+	lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	lfd	$A3,32($nap_d)
+	lfd	$N0,40($nap_d)		; load n[j] in double format
+	lfd	$N1,48($nap_d)
+	lfd	$N2,56($nap_d)		; load n[j+1] in double format
+	lfdu	$N3,64($nap_d)
+
+	lfd	$ba,`$FRAME+0`($sp)
+	lfd	$bb,`$FRAME+8`($sp)
+	lfd	$bc,`$FRAME+16`($sp)
+	lfd	$bd,`$FRAME+24`($sp)
+	lfd	$na,`$FRAME+32`($sp)
+	lfd	$nb,`$FRAME+40`($sp)
+	lfd	$nc,`$FRAME+48`($sp)
+	lfd	$nd,`$FRAME+56`($sp)
+
+	fcfid	$ba,$ba
+	fcfid	$bb,$bb
+	fcfid	$bc,$bc
+	fcfid	$bd,$bd
+	fcfid	$na,$na
+	fcfid	$nb,$nb
+	fcfid	$nc,$nc
+	fcfid	$nd,$nd
+
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmul	$T0a,$A0,$ba
+	fmul	$T0b,$A0,$bb
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lfd	$A0,8($nap_d)		; load a[j] in double format
+	 lfd	$A1,16($nap_d)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	 lfd	$A3,32($nap_d)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+
+.align	5
+Linner:
+	fmul	$T1a,$A1,$ba
+	fmul	$T1b,$A1,$bb
+	fmul	$T2a,$A2,$ba
+	fmul	$T2b,$A2,$bb
+	lfd	$N0,40($nap_d)		; load n[j] in double format
+	lfd	$N1,48($nap_d)
+	fmul	$T3a,$A3,$ba
+	fmul	$T3b,$A3,$bb
+	fmadd	$T0a,$A0,$ba,$dota
+	fmadd	$T0b,$A0,$bb,$dotb
+	lfd	$N2,56($nap_d)		; load n[j+1] in double format
+	lfdu	$N3,64($nap_d)
+
+	fmadd	$T1a,$A0,$bc,$T1a
+	fmadd	$T1b,$A0,$bd,$T1b
+	fmadd	$T2a,$A1,$bc,$T2a
+	fmadd	$T2b,$A1,$bd,$T2b
+	 lfd	$A0,8($nap_d)		; load a[j] in double format
+	 lfd	$A1,16($nap_d)
+	fmadd	$T3a,$A2,$bc,$T3a
+	fmadd	$T3b,$A2,$bd,$T3b
+	fmul	$dota,$A3,$bc
+	fmul	$dotb,$A3,$bd
+	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
+	 lfd	$A3,32($nap_d)
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 ld	$t0,`$FRAME+0`($sp)
+	 ld	$t1,`$FRAME+8`($sp)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 ld	$t2,`$FRAME+16`($sp)
+	 ld	$t3,`$FRAME+24`($sp)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 add	$t0,$t0,$carry		; can not overflow
+	 ld	$t4,`$FRAME+32`($sp)
+	 ld	$t5,`$FRAME+40`($sp)
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 srdi	$carry,$t0,16
+	 add	$t1,$t1,$carry
+	 srdi	$carry,$t1,16
+	 ld	$t6,`$FRAME+48`($sp)
+	 ld	$t7,`$FRAME+56`($sp)
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 insrdi	$t0,$t1,16,32
+	 ld	$t1,8($tp)		; tp[j]
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 add	$t2,$t2,$carry
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 srdi	$carry,$t2,16
+	 insrdi	$t0,$t2,16,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 add	$t3,$t3,$carry
+	 ldu	$t2,16($tp)		; tp[j+1]
+	 srdi	$carry,$t3,16
+	 insrdi	$t0,$t3,16,0		; 0..63 bits
+	 add	$t4,$t4,$carry
+
+	fctid	$T0a,$T0a
+	fctid	$T0b,$T0b
+	 srdi	$carry,$t4,16
+	fctid	$T1a,$T1a
+	fctid	$T1b,$T1b
+	 add	$t5,$t5,$carry
+	fctid	$T2a,$T2a
+	fctid	$T2b,$T2b
+	 srdi	$carry,$t5,16
+	 insrdi	$t4,$t5,16,32
+	fctid	$T3a,$T3a
+	fctid	$T3b,$T3b
+	 add	$t6,$t6,$carry
+	 srdi	$carry,$t6,16
+	 insrdi	$t4,$t6,16,16
+
+	stfd	$T0a,`$FRAME+0`($sp)
+	stfd	$T0b,`$FRAME+8`($sp)
+	 add	$t7,$t7,$carry
+	 addc	$t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t0,$t0,32,0
+	extrdi	$t1,$t1,32,0
+	adde	$t0,$t0,$t1
+___
+$code.=<<___;
+	stfd	$T1a,`$FRAME+16`($sp)
+	stfd	$T1b,`$FRAME+24`($sp)
+	 insrdi	$t4,$t7,16,0		; 64..127 bits
+	 srdi	$carry,$t7,16		; upper 33 bits
+	stfd	$T2a,`$FRAME+32`($sp)
+	stfd	$T2b,`$FRAME+40`($sp)
+	 adde	$t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t4,$t4,32,0
+	extrdi	$t2,$t2,32,0
+	adde	$t4,$t4,$t2
+___
+$code.=<<___;
+	stfd	$T3a,`$FRAME+48`($sp)
+	stfd	$T3b,`$FRAME+56`($sp)
+	 addze	$carry,$carry
+	 std	$t3,-16($tp)		; tp[j-1]
+	 std	$t5,-8($tp)		; tp[j]
+___
+} else {
+$code.=<<___;
+	fmadd	$T1a,$N1,$na,$T1a
+	fmadd	$T1b,$N1,$nb,$T1b
+	 lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	 lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	fmadd	$T2a,$N2,$na,$T2a
+	fmadd	$T2b,$N2,$nb,$T2b
+	 lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	 lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	fmadd	$T3a,$N3,$na,$T3a
+	fmadd	$T3b,$N3,$nb,$T3b
+	 lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	 lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	 addc	$t0,$t0,$carry
+	 adde	$t1,$t1,$c1
+	 srwi	$carry,$t0,16
+	fmadd	$T0a,$N0,$na,$T0a
+	fmadd	$T0b,$N0,$nb,$T0b
+	 lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	 lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	 srwi	$c1,$t1,16
+	 insrwi	$carry,$t1,16,0
+
+	fmadd	$T1a,$N0,$nc,$T1a
+	fmadd	$T1b,$N0,$nd,$T1b
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	fmadd	$T2a,$N1,$nc,$T2a
+	fmadd	$T2b,$N1,$nd,$T2b
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	fmadd	$T3a,$N2,$nc,$T3a
+	fmadd	$T3b,$N2,$nd,$T3b
+	 lwz	$t2,12($tp)		; tp[j]
+	 lwz	$t3,8($tp)
+	 addc	$t4,$t4,$carry
+	 adde	$t5,$t5,$c1
+	 srwi	$carry,$t4,16
+	fmadd	$dota,$N3,$nc,$dota
+	fmadd	$dotb,$N3,$nd,$dotb
+	 srwi	$c1,$t5,16
+	 insrwi	$carry,$t5,16,0
+
+	fctid	$T0a,$T0a
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	fctid	$T0b,$T0b
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	 srwi	$c1,$t7,16
+	 insrwi	$carry,$t7,16,0
+	fctid	$T1a,$T1a
+	 addc	$t0,$t0,$t2
+	 adde	$t4,$t4,$t3
+	 lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	 lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	fctid	$T1b,$T1b
+	 addze	$carry,$carry
+	 addze	$c1,$c1
+	 stw	$t0,4($tp)		; tp[j-1]
+	 stw	$t4,0($tp)
+	fctid	$T2a,$T2a
+	 addc	$t2,$t2,$carry
+	 adde	$t3,$t3,$c1
+	 srwi	$carry,$t2,16
+	 lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	 lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	fctid	$T2b,$T2b
+	 srwi	$c1,$t3,16
+	 insrwi	$carry,$t3,16,0
+	 lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	 lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	fctid	$T3a,$T3a
+	 addc	$t6,$t6,$carry
+	 adde	$t7,$t7,$c1
+	 srwi	$carry,$t6,16
+	 lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	 lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+	fctid	$T3b,$T3b
+
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 lwz	$t6,20($tp)
+	 lwzu	$t7,16($tp)
+	addc	$t0,$t0,$carry
+	 stfd	$T0a,`$FRAME+0`($sp)
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	 stfd	$T0b,`$FRAME+8`($sp)
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	 stfd	$T1a,`$FRAME+16`($sp)
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	 stfd	$T1b,`$FRAME+24`($sp)
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+
+	addc	$t2,$t2,$t6
+	 stfd	$T2a,`$FRAME+32`($sp)
+	adde	$t0,$t0,$t7
+	 stfd	$T2b,`$FRAME+40`($sp)
+	addze	$carry,$carry
+	 stfd	$T3a,`$FRAME+48`($sp)
+	addze	$c1,$c1
+	 stfd	$T3b,`$FRAME+56`($sp)
+	 stw	$t2,-4($tp)		; tp[j]
+	 stw	$t0,-8($tp)
+___
+}
+$code.=<<___;
+	bdnz	Linner
+
+	fctid	$dota,$dota
+	fctid	$dotb,$dotb
+___
+if ($SIZE_T==8 or $flavour =~ /osx/) {
+$code.=<<___;
+	ld	$t0,`$FRAME+0`($sp)
+	ld	$t1,`$FRAME+8`($sp)
+	ld	$t2,`$FRAME+16`($sp)
+	ld	$t3,`$FRAME+24`($sp)
+	ld	$t4,`$FRAME+32`($sp)
+	ld	$t5,`$FRAME+40`($sp)
+	ld	$t6,`$FRAME+48`($sp)
+	ld	$t7,`$FRAME+56`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	add	$t0,$t0,$carry		; can not overflow
+	srdi	$carry,$t0,16
+	add	$t1,$t1,$carry
+	srdi	$carry,$t1,16
+	insrdi	$t0,$t1,16,32
+	add	$t2,$t2,$carry
+	ld	$t1,8($tp)		; tp[j]
+	srdi	$carry,$t2,16
+	insrdi	$t0,$t2,16,16
+	add	$t3,$t3,$carry
+	ldu	$t2,16($tp)		; tp[j+1]
+	srdi	$carry,$t3,16
+	insrdi	$t0,$t3,16,0		; 0..63 bits
+	add	$t4,$t4,$carry
+	srdi	$carry,$t4,16
+	add	$t5,$t5,$carry
+	srdi	$carry,$t5,16
+	insrdi	$t4,$t5,16,32
+	add	$t6,$t6,$carry
+	srdi	$carry,$t6,16
+	insrdi	$t4,$t6,16,16
+	add	$t7,$t7,$carry
+	insrdi	$t4,$t7,16,0		; 64..127 bits
+	srdi	$carry,$t7,16		; upper 33 bits
+	ld	$t6,`$FRAME+64`($sp)
+	ld	$t7,`$FRAME+72`($sp)
+
+	addc	$t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t0,$t0,32,0
+	extrdi	$t1,$t1,32,0
+	adde	$t0,$t0,$t1
+___
+$code.=<<___;
+	adde	$t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
+	extrdi	$t4,$t4,32,0
+	extrdi	$t2,$t2,32,0
+	adde	$t4,$t4,$t2
+___
+$code.=<<___;
+	addze	$carry,$carry
+
+	std	$t3,-16($tp)		; tp[j-1]
+	std	$t5,-8($tp)		; tp[j]
+
+	add	$carry,$carry,$ovf	; comsume upmost overflow
+	add	$t6,$t6,$carry		; can not overflow
+	srdi	$carry,$t6,16
+	add	$t7,$t7,$carry
+	insrdi	$t6,$t7,48,0
+	srdi	$ovf,$t7,48
+	std	$t6,0($tp)		; tp[num-1]
+___
+} else {
+$code.=<<___;
+	lwz	$t1,`$FRAME+0^$LITTLE_ENDIAN`($sp)
+	lwz	$t0,`$FRAME+4^$LITTLE_ENDIAN`($sp)
+	lwz	$t3,`$FRAME+8^$LITTLE_ENDIAN`($sp)
+	lwz	$t2,`$FRAME+12^$LITTLE_ENDIAN`($sp)
+	lwz	$t5,`$FRAME+16^$LITTLE_ENDIAN`($sp)
+	lwz	$t4,`$FRAME+20^$LITTLE_ENDIAN`($sp)
+	lwz	$t7,`$FRAME+24^$LITTLE_ENDIAN`($sp)
+	lwz	$t6,`$FRAME+28^$LITTLE_ENDIAN`($sp)
+	stfd	$dota,`$FRAME+64`($sp)
+	stfd	$dotb,`$FRAME+72`($sp)
+
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	 insrwi	$t0,$t2,16,0		; 0..31 bits
+	 lwz	$t2,12($tp)		; tp[j]
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	 lwz	$t3,8($tp)
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t4,$t6,16,0		; 32..63 bits
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+
+	addc	$t0,$t0,$t2
+	adde	$t4,$t4,$t3
+	addze	$carry,$carry
+	addze	$c1,$c1
+	 stw	$t0,4($tp)		; tp[j-1]
+	 stw	$t4,0($tp)
+
+	lwz	$t3,`$FRAME+32^$LITTLE_ENDIAN`($sp)	; permuted $t1
+	lwz	$t2,`$FRAME+36^$LITTLE_ENDIAN`($sp)	; permuted $t0
+	lwz	$t7,`$FRAME+40^$LITTLE_ENDIAN`($sp)	; permuted $t3
+	lwz	$t6,`$FRAME+44^$LITTLE_ENDIAN`($sp)	; permuted $t2
+	lwz	$t1,`$FRAME+48^$LITTLE_ENDIAN`($sp)	; permuted $t5
+	lwz	$t0,`$FRAME+52^$LITTLE_ENDIAN`($sp)	; permuted $t4
+	lwz	$t5,`$FRAME+56^$LITTLE_ENDIAN`($sp)	; permuted $t7
+	lwz	$t4,`$FRAME+60^$LITTLE_ENDIAN`($sp)	; permuted $t6
+
+	addc	$t2,$t2,$carry
+	adde	$t3,$t3,$c1
+	srwi	$carry,$t2,16
+	insrwi	$carry,$t3,16,0
+	srwi	$c1,$t3,16
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	srwi	$carry,$t6,16
+	 insrwi	$t2,$t6,16,0		; 64..95 bits
+	 lwz	$t6,20($tp)
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	 lwzu	$t7,16($tp)
+	addc	$t0,$t0,$carry
+	adde	$t1,$t1,$c1
+	srwi	$carry,$t0,16
+	insrwi	$carry,$t1,16,0
+	srwi	$c1,$t1,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+	srwi	$carry,$t4,16
+	 insrwi	$t0,$t4,16,0		; 96..127 bits
+	insrwi	$carry,$t5,16,0
+	srwi	$c1,$t5,16
+
+	addc	$t2,$t2,$t6
+	adde	$t0,$t0,$t7
+	 lwz	$t7,`$FRAME+64^$LITTLE_ENDIAN`($sp)
+	 lwz	$t6,`$FRAME+68^$LITTLE_ENDIAN`($sp)
+	addze	$carry,$carry
+	addze	$c1,$c1
+	 lwz	$t5,`$FRAME+72^$LITTLE_ENDIAN`($sp)
+	 lwz	$t4,`$FRAME+76^$LITTLE_ENDIAN`($sp)
+
+	addc	$t6,$t6,$carry
+	adde	$t7,$t7,$c1
+	 stw	$t2,-4($tp)		; tp[j]
+	 stw	$t0,-8($tp)
+	addc	$t6,$t6,$ovf
+	addze	$t7,$t7
+	srwi	$carry,$t6,16
+	insrwi	$carry,$t7,16,0
+	srwi	$c1,$t7,16
+	addc	$t4,$t4,$carry
+	adde	$t5,$t5,$c1
+
+	insrwi	$t6,$t4,16,0
+	srwi	$t4,$t4,16
+	insrwi	$t4,$t5,16,0
+	srwi	$ovf,$t5,16
+	stw	$t6,4($tp)		; tp[num-1]
+	stw	$t4,0($tp)
+___
+}
+$code.=<<___;
+	slwi	$t7,$num,2
+	addi	$i,$i,8
+	subf	$nap_d,$t7,$nap_d	; rewind pointer
+	cmpw	$i,$num
+	blt-	Louter
+___
+
+$code.=<<___ if ($SIZE_T==8);
+	subf	$np,$num,$np	; rewind np
+	addi	$j,$j,1		; restore counter
+	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,`$FRAME+$TRANSFER+8`
+	addi	$t4,$sp,`$FRAME+$TRANSFER+16`
+	addi	$t5,$np,8
+	addi	$t6,$rp,8
+	mtctr	$j
+
+.align	4
+Lsub:	ldx	$t0,$tp,$i
+	ldx	$t1,$np,$i
+	ldx	$t2,$t4,$i
+	ldx	$t3,$t5,$i
+	subfe	$t0,$t1,$t0	; tp[j]-np[j]
+	subfe	$t2,$t3,$t2	; tp[j+1]-np[j+1]
+	stdx	$t0,$rp,$i
+	stdx	$t2,$t6,$i
+	addi	$i,$i,16
+	bdnz	Lsub
+
+	li	$i,0
+	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
+	and	$ap,$tp,$ovf
+	andc	$np,$rp,$ovf
+	or	$ap,$ap,$np	; ap=borrow?tp:rp
+	addi	$t7,$ap,8
+	mtctr	$j
+
+.align	4
+Lcopy:				; copy or in-place refresh
+	ldx	$t0,$ap,$i
+	ldx	$t1,$t7,$i
+	std	$i,8($nap_d)	; zap nap_d
+	std	$i,16($nap_d)
+	std	$i,24($nap_d)
+	std	$i,32($nap_d)
+	std	$i,40($nap_d)
+	std	$i,48($nap_d)
+	std	$i,56($nap_d)
+	stdu	$i,64($nap_d)
+	stdx	$t0,$rp,$i
+	stdx	$t1,$t6,$i
+	stdx	$i,$tp,$i	; zap tp at once
+	stdx	$i,$t4,$i
+	addi	$i,$i,16
+	bdnz	Lcopy
+___
+$code.=<<___ if ($SIZE_T==4);
+	subf	$np,$num,$np	; rewind np
+	addi	$j,$j,1		; restore counter
+	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	addi	$np,$np,-4
+	addi	$rp,$rp,-4
+	addi	$ap,$sp,`$FRAME+$TRANSFER+4`
+	mtctr	$j
+
+.align	4
+Lsub:	lwz	$t0,12($tp)	; load tp[j..j+3] in 64-bit word order
+	lwz	$t1,8($tp)
+	lwz	$t2,20($tp)
+	lwzu	$t3,16($tp)
+	lwz	$t4,4($np)	; load np[j..j+3] in 32-bit word order
+	lwz	$t5,8($np)
+	lwz	$t6,12($np)
+	lwzu	$t7,16($np)
+	subfe	$t4,$t4,$t0	; tp[j]-np[j]
+	 stw	$t0,4($ap)	; save tp[j..j+3] in 32-bit word order
+	subfe	$t5,$t5,$t1	; tp[j+1]-np[j+1]
+	 stw	$t1,8($ap)
+	subfe	$t6,$t6,$t2	; tp[j+2]-np[j+2]
+	 stw	$t2,12($ap)
+	subfe	$t7,$t7,$t3	; tp[j+3]-np[j+3]
+	 stwu	$t3,16($ap)
+	stw	$t4,4($rp)
+	stw	$t5,8($rp)
+	stw	$t6,12($rp)
+	stwu	$t7,16($rp)
+	bdnz	Lsub
+
+	li	$i,0
+	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
+	addi	$tp,$sp,`$FRAME+$TRANSFER+4`
+	subf	$rp,$num,$rp	; rewind rp
+	and	$ap,$tp,$ovf
+	andc	$np,$rp,$ovf
+	or	$ap,$ap,$np	; ap=borrow?tp:rp
+	addi	$tp,$sp,`$FRAME+$TRANSFER`
+	mtctr	$j
+
+.align	4
+Lcopy:				; copy or in-place refresh
+	lwz	$t0,4($ap)
+	lwz	$t1,8($ap)
+	lwz	$t2,12($ap)
+	lwzu	$t3,16($ap)
+	std	$i,8($nap_d)	; zap nap_d
+	std	$i,16($nap_d)
+	std	$i,24($nap_d)
+	std	$i,32($nap_d)
+	std	$i,40($nap_d)
+	std	$i,48($nap_d)
+	std	$i,56($nap_d)
+	stdu	$i,64($nap_d)
+	stw	$t0,4($rp)
+	stw	$t1,8($rp)
+	stw	$t2,12($rp)
+	stwu	$t3,16($rp)
+	std	$i,8($tp)	; zap tp at once
+	stdu	$i,16($tp)
+	bdnz	Lcopy
+___
+
+$code.=<<___;
+	$POP	$i,0($sp)
+	li	r3,1	; signal "handled"
+	$POP	r19,`-12*8-13*$SIZE_T`($i)
+	$POP	r20,`-12*8-12*$SIZE_T`($i)
+	$POP	r21,`-12*8-11*$SIZE_T`($i)
+	$POP	r22,`-12*8-10*$SIZE_T`($i)
+	$POP	r23,`-12*8-9*$SIZE_T`($i)
+	$POP	r24,`-12*8-8*$SIZE_T`($i)
+	$POP	r25,`-12*8-7*$SIZE_T`($i)
+	$POP	r26,`-12*8-6*$SIZE_T`($i)
+	$POP	r27,`-12*8-5*$SIZE_T`($i)
+	$POP	r28,`-12*8-4*$SIZE_T`($i)
+	$POP	r29,`-12*8-3*$SIZE_T`($i)
+	$POP	r30,`-12*8-2*$SIZE_T`($i)
+	$POP	r31,`-12*8-1*$SIZE_T`($i)
+	lfd	f20,`-12*8`($i)
+	lfd	f21,`-11*8`($i)
+	lfd	f22,`-10*8`($i)
+	lfd	f23,`-9*8`($i)
+	lfd	f24,`-8*8`($i)
+	lfd	f25,`-7*8`($i)
+	lfd	f26,`-6*8`($i)
+	lfd	f27,`-5*8`($i)
+	lfd	f28,`-4*8`($i)
+	lfd	f29,`-3*8`($i)
+	lfd	f30,`-2*8`($i)
+	lfd	f31,`-1*8`($i)
+	mr	$sp,$i
+	blr
+	.long	0
+	.byte	0,12,4,0,0x8c,13,6,0
+	.long	0
+.size	.$fname,.-.$fname
+
+.asciz  "Montgomery Multiplication for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/rsaz-avx2.pl b/openssl-1.1.0h/crypto/bn/asm/rsaz-avx2.pl
new file mode 100755
index 0000000..46d746b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/rsaz-avx2.pl
@@ -0,0 +1,1967 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+##############################################################################
+#                                                                            #
+#  Copyright (c) 2012, Intel Corporation                                     #
+#                                                                            #
+#  All rights reserved.                                                      #
+#                                                                            #
+#  Redistribution and use in source and binary forms, with or without        #
+#  modification, are permitted provided that the following conditions are    #
+#  met:                                                                      #
+#                                                                            #
+#  *  Redistributions of source code must retain the above copyright         #
+#     notice, this list of conditions and the following disclaimer.          #
+#                                                                            #
+#  *  Redistributions in binary form must reproduce the above copyright      #
+#     notice, this list of conditions and the following disclaimer in the    #
+#     documentation and/or other materials provided with the                 #
+#     distribution.                                                          #
+#                                                                            #
+#  *  Neither the name of the Intel Corporation nor the names of its         #
+#     contributors may be used to endorse or promote products derived from   #
+#     this software without specific prior written permission.               #
+#                                                                            #
+#                                                                            #
+#  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          #
+#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         #
+#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        #
+#  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            #
+#  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     #
+#  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       #
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        #
+#  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    #
+#  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      #
+#  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        #
+#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              #
+#                                                                            #
+##############################################################################
+# Developers and authors:                                                    #
+# Shay Gueron (1, 2), and Vlad Krasnov (1)                                   #
+# (1) Intel Corporation, Israel Development Center, Haifa, Israel            #
+# (2) University of Haifa, Israel                                            #
+##############################################################################
+# Reference:                                                                 #
+# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular             #
+#     Exponentiation,  Using Advanced Vector Instructions Architectures",    #
+#     F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369,   #
+#     pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012              #
+# [2] S. Gueron: "Efficient Software Implementations of Modular              #
+#     Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012).  #
+# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE         #
+#     Proceedings of 9th International Conference on Information Technology: #
+#     New Generations (ITNG 2012), pp.821-823 (2012)                         #
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis    #
+#     resistant 1024-bit modular exponentiation, for optimizing RSA2048      #
+#     on AVX2 capable x86_64 platforms",                                     #
+#     http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest#
+##############################################################################
+#
+# +13% improvement over original submission by <appro@openssl.org>
+#
+# rsa2048 sign/sec	OpenSSL 1.0.1	scalar(*)	this
+# 2.3GHz Haswell	621		765/+23%	1113/+79%
+# 2.3GHz Broadwell(**)	688		1200(***)/+74%	1120/+63%
+#
+# (*)	if system doesn't support AVX2, for reference purposes;
+# (**)	scaled to 2.3GHz to simplify comparison;
+# (***)	scalar AD*X code is faster than AVX2 and is preferred code
+#	path for Broadwell;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT = *OUT;
+
+if ($avx>1) {{{
+{ # void AMS_WW(
+my $rp="%rdi";	# BN_ULONG *rp,
+my $ap="%rsi";	# const BN_ULONG *ap,
+my $np="%rdx";	# const BN_ULONG *np,
+my $n0="%ecx";	# const BN_ULONG n0,
+my $rep="%r8d";	# int repeat);
+
+# The registers that hold the accumulated redundant result
+# The AMM works on 1024 bit operands, and redundant word size is 29
+# Therefore: ceil(1024/29)/4 = 9
+my $ACC0="%ymm0";
+my $ACC1="%ymm1";
+my $ACC2="%ymm2";
+my $ACC3="%ymm3";
+my $ACC4="%ymm4";
+my $ACC5="%ymm5";
+my $ACC6="%ymm6";
+my $ACC7="%ymm7";
+my $ACC8="%ymm8";
+my $ACC9="%ymm9";
+# Registers that hold the broadcasted words of bp, currently used
+my $B1="%ymm10";
+my $B2="%ymm11";
+# Registers that hold the broadcasted words of Y, currently used
+my $Y1="%ymm12";
+my $Y2="%ymm13";
+# Helper registers
+my $TEMP1="%ymm14";
+my $AND_MASK="%ymm15";
+# alu registers that hold the first words of the ACC
+my $r0="%r9";
+my $r1="%r10";
+my $r2="%r11";
+my $r3="%r12";
+
+my $i="%r14d";			# loop counter
+my $tmp = "%r15";
+
+my $FrameSize=32*18+32*8;	# place for A^2 and 2*A
+
+my $aap=$r0;
+my $tp0="%rbx";
+my $tp1=$r3;
+my $tpa=$tmp;
+
+$np="%r13";			# reassigned argument
+
+$code.=<<___;
+.text
+
+.globl	rsaz_1024_sqr_avx2
+.type	rsaz_1024_sqr_avx2,\@function,5
+.align	64
+rsaz_1024_sqr_avx2:		# 702 cycles, 14% faster than rsaz_1024_mul_avx2
+	lea	(%rsp), %rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	vmovaps	%xmm6,-0xd8(%rax)
+	vmovaps	%xmm7,-0xc8(%rax)
+	vmovaps	%xmm8,-0xb8(%rax)
+	vmovaps	%xmm9,-0xa8(%rax)
+	vmovaps	%xmm10,-0x98(%rax)
+	vmovaps	%xmm11,-0x88(%rax)
+	vmovaps	%xmm12,-0x78(%rax)
+	vmovaps	%xmm13,-0x68(%rax)
+	vmovaps	%xmm14,-0x58(%rax)
+	vmovaps	%xmm15,-0x48(%rax)
+.Lsqr_1024_body:
+___
+$code.=<<___;
+	mov	%rax,%rbp
+	mov	%rdx, $np			# reassigned argument
+	sub	\$$FrameSize, %rsp
+	mov	$np, $tmp
+	sub	\$-128, $rp			# size optimization
+	sub	\$-128, $ap
+	sub	\$-128, $np
+
+	and	\$4095, $tmp			# see if $np crosses page
+	add	\$32*10, $tmp
+	shr	\$12, $tmp
+	vpxor	$ACC9,$ACC9,$ACC9
+	jz	.Lsqr_1024_no_n_copy
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause >2x performance degradation here, so if $np does
+	# cross page boundary, copy it to stack and make sure stack
+	# frame doesn't...
+	sub		\$32*10,%rsp
+	vmovdqu		32*0-128($np), $ACC0
+	and		\$-2048, %rsp
+	vmovdqu		32*1-128($np), $ACC1
+	vmovdqu		32*2-128($np), $ACC2
+	vmovdqu		32*3-128($np), $ACC3
+	vmovdqu		32*4-128($np), $ACC4
+	vmovdqu		32*5-128($np), $ACC5
+	vmovdqu		32*6-128($np), $ACC6
+	vmovdqu		32*7-128($np), $ACC7
+	vmovdqu		32*8-128($np), $ACC8
+	lea		$FrameSize+128(%rsp),$np
+	vmovdqu		$ACC0, 32*0-128($np)
+	vmovdqu		$ACC1, 32*1-128($np)
+	vmovdqu		$ACC2, 32*2-128($np)
+	vmovdqu		$ACC3, 32*3-128($np)
+	vmovdqu		$ACC4, 32*4-128($np)
+	vmovdqu		$ACC5, 32*5-128($np)
+	vmovdqu		$ACC6, 32*6-128($np)
+	vmovdqu		$ACC7, 32*7-128($np)
+	vmovdqu		$ACC8, 32*8-128($np)
+	vmovdqu		$ACC9, 32*9-128($np)	# $ACC9 is zero
+
+.Lsqr_1024_no_n_copy:
+	and		\$-1024, %rsp
+
+	vmovdqu		32*1-128($ap), $ACC1
+	vmovdqu		32*2-128($ap), $ACC2
+	vmovdqu		32*3-128($ap), $ACC3
+	vmovdqu		32*4-128($ap), $ACC4
+	vmovdqu		32*5-128($ap), $ACC5
+	vmovdqu		32*6-128($ap), $ACC6
+	vmovdqu		32*7-128($ap), $ACC7
+	vmovdqu		32*8-128($ap), $ACC8
+
+	lea	192(%rsp), $tp0			# 64+128=192
+	vmovdqu	.Land_mask(%rip), $AND_MASK
+	jmp	.LOOP_GRANDE_SQR_1024
+
+.align	32
+.LOOP_GRANDE_SQR_1024:
+	lea	32*18+128(%rsp), $aap		# size optimization
+	lea	448(%rsp), $tp1			# 64+128+256=448
+
+	# the squaring is performed as described in Variant B of
+	# "Speeding up Big-Number Squaring", so start by calculating
+	# the A*2=A+A vector
+	vpaddq		$ACC1, $ACC1, $ACC1
+	 vpbroadcastq	32*0-128($ap), $B1
+	vpaddq		$ACC2, $ACC2, $ACC2
+	vmovdqa		$ACC1, 32*0-128($aap)
+	vpaddq		$ACC3, $ACC3, $ACC3
+	vmovdqa		$ACC2, 32*1-128($aap)
+	vpaddq		$ACC4, $ACC4, $ACC4
+	vmovdqa		$ACC3, 32*2-128($aap)
+	vpaddq		$ACC5, $ACC5, $ACC5
+	vmovdqa		$ACC4, 32*3-128($aap)
+	vpaddq		$ACC6, $ACC6, $ACC6
+	vmovdqa		$ACC5, 32*4-128($aap)
+	vpaddq		$ACC7, $ACC7, $ACC7
+	vmovdqa		$ACC6, 32*5-128($aap)
+	vpaddq		$ACC8, $ACC8, $ACC8
+	vmovdqa		$ACC7, 32*6-128($aap)
+	vpxor		$ACC9, $ACC9, $ACC9
+	vmovdqa		$ACC8, 32*7-128($aap)
+
+	vpmuludq	32*0-128($ap), $B1, $ACC0
+	 vpbroadcastq	32*1-128($ap), $B2
+	 vmovdqu	$ACC9, 32*9-192($tp0)	# zero upper half
+	vpmuludq	$B1, $ACC1, $ACC1
+	 vmovdqu	$ACC9, 32*10-448($tp1)
+	vpmuludq	$B1, $ACC2, $ACC2
+	 vmovdqu	$ACC9, 32*11-448($tp1)
+	vpmuludq	$B1, $ACC3, $ACC3
+	 vmovdqu	$ACC9, 32*12-448($tp1)
+	vpmuludq	$B1, $ACC4, $ACC4
+	 vmovdqu	$ACC9, 32*13-448($tp1)
+	vpmuludq	$B1, $ACC5, $ACC5
+	 vmovdqu	$ACC9, 32*14-448($tp1)
+	vpmuludq	$B1, $ACC6, $ACC6
+	 vmovdqu	$ACC9, 32*15-448($tp1)
+	vpmuludq	$B1, $ACC7, $ACC7
+	 vmovdqu	$ACC9, 32*16-448($tp1)
+	vpmuludq	$B1, $ACC8, $ACC8
+	 vpbroadcastq	32*2-128($ap), $B1
+	 vmovdqu	$ACC9, 32*17-448($tp1)
+
+	mov	$ap, $tpa
+	mov 	\$4, $i
+	jmp	.Lsqr_entry_1024
+___
+$TEMP0=$Y1;
+$TEMP2=$Y2;
+$code.=<<___;
+.align	32
+.LOOP_SQR_1024:
+	 vpbroadcastq	32*1-128($tpa), $B2
+	vpmuludq	32*0-128($ap), $B1, $ACC0
+	vpaddq		32*0-192($tp0), $ACC0, $ACC0
+	vpmuludq	32*0-128($aap), $B1, $ACC1
+	vpaddq		32*1-192($tp0), $ACC1, $ACC1
+	vpmuludq	32*1-128($aap), $B1, $ACC2
+	vpaddq		32*2-192($tp0), $ACC2, $ACC2
+	vpmuludq	32*2-128($aap), $B1, $ACC3
+	vpaddq		32*3-192($tp0), $ACC3, $ACC3
+	vpmuludq	32*3-128($aap), $B1, $ACC4
+	vpaddq		32*4-192($tp0), $ACC4, $ACC4
+	vpmuludq	32*4-128($aap), $B1, $ACC5
+	vpaddq		32*5-192($tp0), $ACC5, $ACC5
+	vpmuludq	32*5-128($aap), $B1, $ACC6
+	vpaddq		32*6-192($tp0), $ACC6, $ACC6
+	vpmuludq	32*6-128($aap), $B1, $ACC7
+	vpaddq		32*7-192($tp0), $ACC7, $ACC7
+	vpmuludq	32*7-128($aap), $B1, $ACC8
+	 vpbroadcastq	32*2-128($tpa), $B1
+	vpaddq		32*8-192($tp0), $ACC8, $ACC8
+.Lsqr_entry_1024:
+	vmovdqu		$ACC0, 32*0-192($tp0)
+	vmovdqu		$ACC1, 32*1-192($tp0)
+
+	vpmuludq	32*1-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*1-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	32*2-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	32*3-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*4-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	32*5-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	32*6-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*7-128($aap), $B2, $ACC0
+	 vpbroadcastq	32*3-128($tpa), $B2
+	vpaddq		32*9-192($tp0), $ACC0, $ACC0
+
+	vmovdqu		$ACC2, 32*2-192($tp0)
+	vmovdqu		$ACC3, 32*3-192($tp0)
+
+	vpmuludq	32*2-128($ap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	32*2-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*3-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	32*4-128($aap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	32*5-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*6-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC0, $ACC0
+	vpmuludq	32*7-128($aap), $B1, $ACC1
+	 vpbroadcastq	32*4-128($tpa), $B1
+	vpaddq		32*10-448($tp1), $ACC1, $ACC1
+
+	vmovdqu		$ACC4, 32*4-192($tp0)
+	vmovdqu		$ACC5, 32*5-192($tp0)
+
+	vpmuludq	32*3-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC6, $ACC6
+	vpmuludq	32*3-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC7, $ACC7
+	vpmuludq	32*4-128($aap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC8, $ACC8
+	vpmuludq	32*5-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpmuludq	32*6-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpmuludq	32*7-128($aap), $B2, $ACC2
+	 vpbroadcastq	32*5-128($tpa), $B2
+	vpaddq		32*11-448($tp1), $ACC2, $ACC2	
+
+	vmovdqu		$ACC6, 32*6-192($tp0)
+	vmovdqu		$ACC7, 32*7-192($tp0)
+
+	vpmuludq	32*4-128($ap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	32*4-128($aap), $B1, $TEMP1
+	vpaddq		$TEMP1, $ACC0, $ACC0
+	vpmuludq	32*5-128($aap), $B1, $TEMP2
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*6-128($aap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*7-128($aap), $B1, $ACC3
+	 vpbroadcastq	32*6-128($tpa), $B1
+	vpaddq		32*12-448($tp1), $ACC3, $ACC3
+
+	vmovdqu		$ACC8, 32*8-192($tp0)
+	vmovdqu		$ACC0, 32*9-192($tp0)
+	lea		8($tp0), $tp0
+
+	vpmuludq	32*5-128($ap), $B2, $TEMP2
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*5-128($aap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	vpmuludq	32*6-128($aap), $B2, $TEMP1
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	32*7-128($aap), $B2, $ACC4
+	 vpbroadcastq	32*7-128($tpa), $B2
+	vpaddq		32*13-448($tp1), $ACC4, $ACC4
+
+	vmovdqu		$ACC1, 32*10-448($tp1)
+	vmovdqu		$ACC2, 32*11-448($tp1)
+
+	vpmuludq	32*6-128($ap), $B1, $TEMP0
+	vpaddq		$TEMP0, $ACC3, $ACC3
+	vpmuludq	32*6-128($aap), $B1, $TEMP1
+	 vpbroadcastq	32*8-128($tpa), $ACC0		# borrow $ACC0 for $B1
+	vpaddq		$TEMP1, $ACC4, $ACC4
+	vpmuludq	32*7-128($aap), $B1, $ACC5
+	 vpbroadcastq	32*0+8-128($tpa), $B1		# for next iteration
+	vpaddq		32*14-448($tp1), $ACC5, $ACC5
+
+	vmovdqu		$ACC3, 32*12-448($tp1)
+	vmovdqu		$ACC4, 32*13-448($tp1)
+	lea		8($tpa), $tpa
+
+	vpmuludq	32*7-128($ap), $B2, $TEMP0
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	32*7-128($aap), $B2, $ACC6
+	vpaddq		32*15-448($tp1), $ACC6, $ACC6
+
+	vpmuludq	32*8-128($ap), $ACC0, $ACC7
+	vmovdqu		$ACC5, 32*14-448($tp1)
+	vpaddq		32*16-448($tp1), $ACC7, $ACC7
+	vmovdqu		$ACC6, 32*15-448($tp1)
+	vmovdqu		$ACC7, 32*16-448($tp1)
+	lea		8($tp1), $tp1
+
+	dec	$i        
+	jnz	.LOOP_SQR_1024
+___
+$ZERO = $ACC9;
+$TEMP0 = $B1;
+$TEMP2 = $B2;
+$TEMP3 = $Y1;
+$TEMP4 = $Y2;
+$code.=<<___;
+	# we need to fix indices 32-39 to avoid overflow
+	vmovdqu		32*8(%rsp), $ACC8		# 32*8-192($tp0),
+	vmovdqu		32*9(%rsp), $ACC1		# 32*9-192($tp0)
+	vmovdqu		32*10(%rsp), $ACC2		# 32*10-192($tp0)
+	lea		192(%rsp), $tp0			# 64+128=192
+
+	vpsrlq		\$29, $ACC8, $TEMP1
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpxor		$ZERO, $ZERO, $ZERO
+	vpermq		\$0x93, $TEMP2, $TEMP2
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpblendd	\$3, $TEMP2, $ZERO, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vmovdqu		$ACC1, 32*9-192($tp0)
+	vmovdqu		$ACC2, 32*10-192($tp0)
+
+	mov	(%rsp), %rax
+	mov	8(%rsp), $r1
+	mov	16(%rsp), $r2
+	mov	24(%rsp), $r3
+	vmovdqu	32*1(%rsp), $ACC1
+	vmovdqu	32*2-192($tp0), $ACC2
+	vmovdqu	32*3-192($tp0), $ACC3
+	vmovdqu	32*4-192($tp0), $ACC4
+	vmovdqu	32*5-192($tp0), $ACC5
+	vmovdqu	32*6-192($tp0), $ACC6
+	vmovdqu	32*7-192($tp0), $ACC7
+
+	mov	%rax, $r0
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+	vmovd	%eax, $Y1
+
+	mov	%rax, %rdx
+	imulq	-128($np), %rax
+	 vpbroadcastq	$Y1, $Y1
+	add	%rax, $r0
+	mov	%rdx, %rax
+	imulq	8-128($np), %rax
+	shr	\$29, $r0
+	add	%rax, $r1
+	mov	%rdx, %rax
+	imulq	16-128($np), %rax
+	add	$r0, $r1
+	add	%rax, $r2
+	imulq	24-128($np), %rdx
+	add	%rdx, $r3
+
+	mov	$r1, %rax
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	mov \$9, $i
+	jmp .LOOP_REDUCE_1024
+
+.align	32
+.LOOP_REDUCE_1024:
+	vmovd	%eax, $Y2
+	vpbroadcastq	$Y2, $Y2
+
+	vpmuludq	32*1-128($np), $Y1, $TEMP0
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP0, $ACC1, $ACC1
+	 add	%rax, $r1
+	vpmuludq	32*2-128($np), $Y1, $TEMP1
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	vpaddq		$TEMP1, $ACC2, $ACC2
+	vpmuludq	32*3-128($np), $Y1, $TEMP2
+	 .byte	0x67
+	 add	%rax, $r2
+	 .byte	0x67
+	 mov	%rdx, %rax
+	 imulq	16-128($np), %rax
+	 shr	\$29, $r1
+	vpaddq		$TEMP2, $ACC3, $ACC3
+	vpmuludq	32*4-128($np), $Y1, $TEMP0
+	 add	%rax, $r3
+	 add	$r1, $r2
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpmuludq	32*5-128($np), $Y1, $TEMP1
+	 mov	$r2, %rax
+	 imull	$n0, %eax
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpmuludq	32*6-128($np), $Y1, $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpmuludq	32*7-128($np), $Y1, $TEMP0
+	vpaddq		$TEMP0, $ACC7, $ACC7
+	vpmuludq	32*8-128($np), $Y1, $TEMP1
+	 vmovd	%eax, $Y1
+	 #vmovdqu	32*1-8-128($np), $TEMP2		# moved below
+	vpaddq		$TEMP1, $ACC8, $ACC8
+	 #vmovdqu	32*2-8-128($np), $TEMP0		# moved below
+	 vpbroadcastq	$Y1, $Y1
+
+	vpmuludq	32*1-8-128($np), $Y2, $TEMP2	# see above
+	vmovdqu		32*3-8-128($np), $TEMP1
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP2, $ACC1, $ACC1
+	vpmuludq	32*2-8-128($np), $Y2, $TEMP0	# see above
+	vmovdqu		32*4-8-128($np), $TEMP2
+	 add	%rax, $r2
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	vpaddq		$TEMP0, $ACC2, $ACC2
+	 add	$r3, %rax
+	 shr	\$29, $r2
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*5-8-128($np), $TEMP0
+	 add	$r2, %rax
+	vpaddq		$TEMP1, $ACC3, $ACC3
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*6-8-128($np), $TEMP1
+	 .byte	0x67
+	 mov	%rax, $r3
+	 imull	$n0, %eax
+	vpaddq		$TEMP2, $ACC4, $ACC4
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	.byte	0xc4,0x41,0x7e,0x6f,0x9d,0x58,0x00,0x00,0x00	# vmovdqu		32*7-8-128($np), $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP0, $ACC5, $ACC5
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*8-8-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC6, $ACC6
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*9-8-128($np), $ACC9
+	 vmovd	%eax, $ACC0			# borrow ACC0 for Y2
+	 imulq	-128($np), %rax
+	vpaddq		$TEMP2, $ACC7, $ACC7
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	 vmovdqu	32*1-16-128($np), $TEMP1
+	 vpbroadcastq	$ACC0, $ACC0
+	vpaddq		$TEMP0, $ACC8, $ACC8
+	vpmuludq	$Y2, $ACC9, $ACC9
+	 vmovdqu	32*2-16-128($np), $TEMP2
+	 add	%rax, $r3
+
+___
+($ACC0,$Y2)=($Y2,$ACC0);
+$code.=<<___;
+	 vmovdqu	32*1-24-128($np), $ACC0
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	vmovdqu		32*3-16-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	 vpmuludq	$Y2, $ACC0, $ACC0
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	.byte	0xc4,0x41,0x7e,0x6f,0xb5,0xf0,0xff,0xff,0xff	# vmovdqu		32*4-16-128($np), $TEMP1
+	 vpaddq		$ACC1, $ACC0, $ACC0
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	vmovdqu		32*5-16-128($np), $TEMP2
+	 .byte	0x67
+	 vmovq		$ACC0, %rax
+	 vmovdqu	$ACC0, (%rsp)		# transfer $r0-$r3
+	vpaddq		$TEMP0, $ACC3, $ACC3
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	vmovdqu		32*6-16-128($np), $TEMP0
+	vpaddq		$TEMP1, $ACC4, $ACC4
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	vmovdqu		32*7-16-128($np), $TEMP1
+	vpaddq		$TEMP2, $ACC5, $ACC5
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	vmovdqu		32*8-16-128($np), $TEMP2
+	vpaddq		$TEMP0, $ACC6, $ACC6
+	vpmuludq	$Y1, $TEMP1, $TEMP1
+	 shr	\$29, $r3
+	vmovdqu		32*9-16-128($np), $TEMP0
+	 add	$r3, %rax
+	vpaddq		$TEMP1, $ACC7, $ACC7
+	vpmuludq	$Y1, $TEMP2, $TEMP2
+	 #vmovdqu	32*2-24-128($np), $TEMP1	# moved below
+	 mov	%rax, $r0
+	 imull	$n0, %eax
+	vpaddq		$TEMP2, $ACC8, $ACC8
+	vpmuludq	$Y1, $TEMP0, $TEMP0
+	 and	\$0x1fffffff, %eax
+	 vmovd	%eax, $Y1
+	 vmovdqu	32*3-24-128($np), $TEMP2
+	.byte	0x67
+	vpaddq		$TEMP0, $ACC9, $ACC9
+	 vpbroadcastq	$Y1, $Y1
+
+	vpmuludq	32*2-24-128($np), $Y2, $TEMP1	# see above
+	vmovdqu		32*4-24-128($np), $TEMP0
+	 mov	%rax, %rdx
+	 imulq	-128($np), %rax
+	 mov	8(%rsp), $r1
+	vpaddq		$TEMP1, $ACC2, $ACC1
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*5-24-128($np), $TEMP1
+	 add	%rax, $r0
+	 mov	%rdx, %rax
+	 imulq	8-128($np), %rax
+	 .byte	0x67
+	 shr	\$29, $r0
+	 mov	16(%rsp), $r2
+	vpaddq		$TEMP2, $ACC3, $ACC2
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	vmovdqu		32*6-24-128($np), $TEMP2
+	 add	%rax, $r1
+	 mov	%rdx, %rax
+	 imulq	16-128($np), %rax
+	vpaddq		$TEMP0, $ACC4, $ACC3
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	vmovdqu		32*7-24-128($np), $TEMP0
+	 imulq	24-128($np), %rdx		# future $r3
+	 add	%rax, $r2
+	 lea	($r0,$r1), %rax
+	vpaddq		$TEMP1, $ACC5, $ACC4
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vmovdqu		32*8-24-128($np), $TEMP1
+	 mov	%rax, $r1
+	 imull	$n0, %eax
+	vpmuludq	$Y2, $TEMP0, $TEMP0
+	vpaddq		$TEMP2, $ACC6, $ACC5
+	vmovdqu		32*9-24-128($np), $TEMP2
+	 and	\$0x1fffffff, %eax
+	vpaddq		$TEMP0, $ACC7, $ACC6
+	vpmuludq	$Y2, $TEMP1, $TEMP1
+	 add	24(%rsp), %rdx
+	vpaddq		$TEMP1, $ACC8, $ACC7
+	vpmuludq	$Y2, $TEMP2, $TEMP2
+	vpaddq		$TEMP2, $ACC9, $ACC8
+	 vmovq	$r3, $ACC9
+	 mov	%rdx, $r3
+
+	dec	$i
+	jnz	.LOOP_REDUCE_1024
+___
+($ACC0,$Y2)=($Y2,$ACC0);
+$code.=<<___;
+	lea	448(%rsp), $tp1			# size optimization
+	vpaddq	$ACC9, $Y2, $ACC0
+	vpxor	$ZERO, $ZERO, $ZERO
+
+	vpaddq		32*9-192($tp0), $ACC0, $ACC0
+	vpaddq		32*10-448($tp1), $ACC1, $ACC1
+	vpaddq		32*11-448($tp1), $ACC2, $ACC2
+	vpaddq		32*12-448($tp1), $ACC3, $ACC3
+	vpaddq		32*13-448($tp1), $ACC4, $ACC4
+	vpaddq		32*14-448($tp1), $ACC5, $ACC5
+	vpaddq		32*15-448($tp1), $ACC6, $ACC6
+	vpaddq		32*16-448($tp1), $ACC7, $ACC7
+	vpaddq		32*17-448($tp1), $ACC8, $ACC8
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vmovdqu		$ACC0, 32*0-128($rp)
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vmovdqu		$ACC1, 32*1-128($rp)
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vmovdqu		$ACC2, 32*2-128($rp)
+	vpaddq		$TEMP4, $ACC4, $ACC4
+	vmovdqu		$ACC3, 32*3-128($rp)
+___
+$TEMP5=$ACC0;
+$code.=<<___;
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+     
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vmovdqu		$ACC4, 32*4-128($rp)
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vmovdqu		$ACC5, 32*5-128($rp)
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vmovdqu		$ACC6, 32*6-128($rp)
+	vpaddq		$TEMP4, $ACC8, $ACC8
+	vmovdqu		$ACC7, 32*7-128($rp)
+	vmovdqu		$ACC8, 32*8-128($rp)
+
+	mov	$rp, $ap
+	dec	$rep
+	jne	.LOOP_GRANDE_SQR_1024
+
+	vzeroall
+	mov	%rbp, %rax
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.Lsqr_1024_epilogue:
+	ret
+.size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
+___
+}
+
+{ # void AMM_WW(
+my $rp="%rdi";	# BN_ULONG *rp,
+my $ap="%rsi";	# const BN_ULONG *ap,
+my $bp="%rdx";	# const BN_ULONG *bp,
+my $np="%rcx";	# const BN_ULONG *np,
+my $n0="%r8d";	# unsigned int n0);
+
+# The registers that hold the accumulated redundant result
+# The AMM works on 1024 bit operands, and redundant word size is 29
+# Therefore: ceil(1024/29)/4 = 9
+my $ACC0="%ymm0";
+my $ACC1="%ymm1";
+my $ACC2="%ymm2";
+my $ACC3="%ymm3";
+my $ACC4="%ymm4";
+my $ACC5="%ymm5";
+my $ACC6="%ymm6";
+my $ACC7="%ymm7";
+my $ACC8="%ymm8";
+my $ACC9="%ymm9";
+
+# Registers that hold the broadcasted words of multiplier, currently used
+my $Bi="%ymm10";
+my $Yi="%ymm11";
+
+# Helper registers
+my $TEMP0=$ACC0;
+my $TEMP1="%ymm12";
+my $TEMP2="%ymm13";
+my $ZERO="%ymm14";
+my $AND_MASK="%ymm15";
+
+# alu registers that hold the first words of the ACC
+my $r0="%r9";
+my $r1="%r10";
+my $r2="%r11";
+my $r3="%r12";
+
+my $i="%r14d";
+my $tmp="%r15";
+
+$bp="%r13";	# reassigned argument
+
+$code.=<<___;
+.globl	rsaz_1024_mul_avx2
+.type	rsaz_1024_mul_avx2,\@function,5
+.align	64
+rsaz_1024_mul_avx2:
+	lea	(%rsp), %rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	vzeroupper
+	lea	-0xa8(%rsp),%rsp
+	vmovaps	%xmm6,-0xd8(%rax)
+	vmovaps	%xmm7,-0xc8(%rax)
+	vmovaps	%xmm8,-0xb8(%rax)
+	vmovaps	%xmm9,-0xa8(%rax)
+	vmovaps	%xmm10,-0x98(%rax)
+	vmovaps	%xmm11,-0x88(%rax)
+	vmovaps	%xmm12,-0x78(%rax)
+	vmovaps	%xmm13,-0x68(%rax)
+	vmovaps	%xmm14,-0x58(%rax)
+	vmovaps	%xmm15,-0x48(%rax)
+.Lmul_1024_body:
+___
+$code.=<<___;
+	mov	%rax,%rbp
+	vzeroall
+	mov	%rdx, $bp	# reassigned argument
+	sub	\$64,%rsp
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause severe performance degradation here, so if $ap does
+	# cross page boundary, swap it with $bp [meaning that caller
+	# is advised to lay down $ap and $bp next to each other, so
+	# that only one can cross page boundary].
+	.byte	0x67,0x67
+	mov	$ap, $tmp
+	and	\$4095, $tmp
+	add	\$32*10, $tmp
+	shr	\$12, $tmp
+	mov	$ap, $tmp
+	cmovnz	$bp, $ap
+	cmovnz	$tmp, $bp
+
+	mov	$np, $tmp
+	sub	\$-128,$ap	# size optimization
+	sub	\$-128,$np
+	sub	\$-128,$rp
+
+	and	\$4095, $tmp	# see if $np crosses page
+	add	\$32*10, $tmp
+	.byte	0x67,0x67
+	shr	\$12, $tmp
+	jz	.Lmul_1024_no_n_copy
+
+	# unaligned 256-bit load that crosses page boundary can
+	# cause severe performance degradation here, so if $np does
+	# cross page boundary, copy it to stack and make sure stack
+	# frame doesn't...
+	sub		\$32*10,%rsp
+	vmovdqu		32*0-128($np), $ACC0
+	and		\$-512, %rsp
+	vmovdqu		32*1-128($np), $ACC1
+	vmovdqu		32*2-128($np), $ACC2
+	vmovdqu		32*3-128($np), $ACC3
+	vmovdqu		32*4-128($np), $ACC4
+	vmovdqu		32*5-128($np), $ACC5
+	vmovdqu		32*6-128($np), $ACC6
+	vmovdqu		32*7-128($np), $ACC7
+	vmovdqu		32*8-128($np), $ACC8
+	lea		64+128(%rsp),$np
+	vmovdqu		$ACC0, 32*0-128($np)
+	vpxor		$ACC0, $ACC0, $ACC0
+	vmovdqu		$ACC1, 32*1-128($np)
+	vpxor		$ACC1, $ACC1, $ACC1
+	vmovdqu		$ACC2, 32*2-128($np)
+	vpxor		$ACC2, $ACC2, $ACC2
+	vmovdqu		$ACC3, 32*3-128($np)
+	vpxor		$ACC3, $ACC3, $ACC3
+	vmovdqu		$ACC4, 32*4-128($np)
+	vpxor		$ACC4, $ACC4, $ACC4
+	vmovdqu		$ACC5, 32*5-128($np)
+	vpxor		$ACC5, $ACC5, $ACC5
+	vmovdqu		$ACC6, 32*6-128($np)
+	vpxor		$ACC6, $ACC6, $ACC6
+	vmovdqu		$ACC7, 32*7-128($np)
+	vpxor		$ACC7, $ACC7, $ACC7
+	vmovdqu		$ACC8, 32*8-128($np)
+	vmovdqa		$ACC0, $ACC8
+	vmovdqu		$ACC9, 32*9-128($np)	# $ACC9 is zero after vzeroall
+.Lmul_1024_no_n_copy:
+	and	\$-64,%rsp
+
+	mov	($bp), %rbx
+	vpbroadcastq ($bp), $Bi
+	vmovdqu	$ACC0, (%rsp)			# clear top of stack
+	xor	$r0, $r0
+	.byte	0x67
+	xor	$r1, $r1
+	xor	$r2, $r2
+	xor	$r3, $r3
+
+	vmovdqu	.Land_mask(%rip), $AND_MASK
+	mov	\$9, $i
+	vmovdqu	$ACC9, 32*9-128($rp)		# $ACC9 is zero after vzeroall
+	jmp	.Loop_mul_1024
+
+.align	32
+.Loop_mul_1024:
+	 vpsrlq		\$29, $ACC3, $ACC9		# correct $ACC3(*)
+	mov	%rbx, %rax
+	imulq	-128($ap), %rax
+	add	$r0, %rax
+	mov	%rbx, $r1
+	imulq	8-128($ap), $r1
+	add	8(%rsp), $r1
+
+	mov	%rax, $r0
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	 mov	%rbx, $r2
+	 imulq	16-128($ap), $r2
+	 add	16(%rsp), $r2
+
+	 mov	%rbx, $r3
+	 imulq	24-128($ap), $r3
+	 add	24(%rsp), $r3
+	vpmuludq	32*1-128($ap),$Bi,$TEMP0
+	 vmovd		%eax, $Yi
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	32*2-128($ap),$Bi,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	32*3-128($ap),$Bi,$TEMP2
+	 vpand		$AND_MASK, $ACC3, $ACC3		# correct $ACC3
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	32*4-128($ap),$Bi,$TEMP0
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	32*5-128($ap),$Bi,$TEMP1
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	32*6-128($ap),$Bi,$TEMP2
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	32*7-128($ap),$Bi,$TEMP0
+	 vpermq		\$0x93, $ACC9, $ACC9		# correct $ACC3
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	32*8-128($ap),$Bi,$TEMP1
+	 vpbroadcastq	8($bp), $Bi
+	vpaddq		$TEMP1,$ACC8,$ACC8
+
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r0
+	mov	%rdx,%rax
+	imulq	8-128($np),%rax
+	add	%rax,$r1
+	mov	%rdx,%rax
+	imulq	16-128($np),%rax
+	add	%rax,$r2
+	shr	\$29, $r0
+	imulq	24-128($np),%rdx
+	add	%rdx,$r3
+	add	$r0, $r1
+
+	vpmuludq	32*1-128($np),$Yi,$TEMP2
+	 vmovq		$Bi, %rbx
+	vpaddq		$TEMP2,$ACC1,$ACC1
+	vpmuludq	32*2-128($np),$Yi,$TEMP0
+	vpaddq		$TEMP0,$ACC2,$ACC2
+	vpmuludq	32*3-128($np),$Yi,$TEMP1
+	vpaddq		$TEMP1,$ACC3,$ACC3
+	vpmuludq	32*4-128($np),$Yi,$TEMP2
+	vpaddq		$TEMP2,$ACC4,$ACC4
+	vpmuludq	32*5-128($np),$Yi,$TEMP0
+	vpaddq		$TEMP0,$ACC5,$ACC5
+	vpmuludq	32*6-128($np),$Yi,$TEMP1
+	vpaddq		$TEMP1,$ACC6,$ACC6
+	vpmuludq	32*7-128($np),$Yi,$TEMP2
+	 vpblendd	\$3, $ZERO, $ACC9, $TEMP1	# correct $ACC3
+	vpaddq		$TEMP2,$ACC7,$ACC7
+	vpmuludq	32*8-128($np),$Yi,$TEMP0
+	 vpaddq		$TEMP1, $ACC3, $ACC3		# correct $ACC3
+	vpaddq		$TEMP0,$ACC8,$ACC8
+
+	mov	%rbx, %rax
+	imulq	-128($ap),%rax
+	add	%rax,$r1
+	 vmovdqu	-8+32*1-128($ap),$TEMP1
+	mov	%rbx, %rax
+	imulq	8-128($ap),%rax
+	add	%rax,$r2
+	 vmovdqu	-8+32*2-128($ap),$TEMP2
+
+	mov	$r1, %rax
+	 vpblendd	\$0xfc, $ZERO, $ACC9, $ACC9	# correct $ACC3
+	imull	$n0, %eax
+	 vpaddq		$ACC9,$ACC4,$ACC4		# correct $ACC3
+	and	\$0x1fffffff, %eax
+
+	 imulq	16-128($ap),%rbx
+	 add	%rbx,$r3
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vmovd		%eax, $Yi
+	vmovdqu		-8+32*3-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-8+32*4-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*5-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*6-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*7-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*8-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*9-128($ap),$ACC9
+	vpaddq		$TEMP1,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vpaddq		$TEMP2,$ACC8,$ACC8
+	vpmuludq	$Bi,$ACC9,$ACC9
+	 vpbroadcastq	16($bp), $Bi
+
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r1
+	 vmovdqu	-8+32*1-128($np),$TEMP0
+	mov	%rdx,%rax
+	imulq	8-128($np),%rax
+	add	%rax,$r2
+	 vmovdqu	-8+32*2-128($np),$TEMP1
+	shr	\$29, $r1
+	imulq	16-128($np),%rdx
+	add	%rdx,$r3
+	add	$r1, $r2
+
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-8+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*4-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-8+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-8+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-8+32*9-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	 vmovdqu	-16+32*1-128($ap),$TEMP0
+	mov	%rbx,%rax
+	imulq	-128($ap),%rax
+	add	$r2,%rax
+
+	 vmovdqu	-16+32*2-128($ap),$TEMP1
+	mov	%rax,$r2
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	 imulq	8-128($ap),%rbx
+	 add	%rbx,$r3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	 vmovd		%eax, $Yi
+	vmovdqu		-16+32*3-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-16+32*4-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*5-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*6-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*7-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*8-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*9-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	24($bp), $Bi
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	 vmovdqu	-16+32*1-128($np),$TEMP0
+	mov	%rax,%rdx
+	imulq	-128($np),%rax
+	add	%rax,$r2
+	 vmovdqu	-16+32*2-128($np),$TEMP1
+	imulq	8-128($np),%rdx
+	add	%rdx,$r3
+	shr	\$29, $r2
+
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-16+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*4-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-16+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-16+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-16+32*9-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 vmovdqu	-24+32*1-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	 vmovdqu	-24+32*2-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC9,$ACC9
+
+	add	$r2, $r3
+	imulq	-128($ap),%rbx
+	add	%rbx,$r3
+
+	mov	$r3, %rax
+	imull	$n0, %eax
+	and	\$0x1fffffff, %eax
+
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	 vmovd		%eax, $Yi
+	vmovdqu		-24+32*3-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC1
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	 vpbroadcastq	$Yi, $Yi
+	vmovdqu		-24+32*4-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC2,$ACC2
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*5-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC3
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*6-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC4
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vmovdqu		-24+32*7-128($ap),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC5
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*8-128($ap),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC6
+	vpmuludq	$Bi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*9-128($ap),$TEMP2
+	vpaddq		$TEMP0,$ACC7,$ACC7
+	vpmuludq	$Bi,$TEMP1,$TEMP1
+	vpaddq		$TEMP1,$ACC8,$ACC8
+	vpmuludq	$Bi,$TEMP2,$TEMP2
+	 vpbroadcastq	32($bp), $Bi
+	vpaddq		$TEMP2,$ACC9,$ACC9
+	 add		\$32, $bp			# $bp++
+
+	vmovdqu		-24+32*1-128($np),$TEMP0
+	imulq	-128($np),%rax
+	add	%rax,$r3
+	shr	\$29, $r3
+
+	vmovdqu		-24+32*2-128($np),$TEMP1
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	 vmovq		$Bi, %rbx
+	vmovdqu		-24+32*3-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC1,$ACC0		# $ACC0==$TEMP0
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 vmovdqu	$ACC0, (%rsp)			# transfer $r0-$r3
+	vpaddq		$TEMP1,$ACC2,$ACC1
+	vmovdqu		-24+32*4-128($np),$TEMP0
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*5-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC3,$ACC2
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*6-128($np),$TEMP2
+	vpaddq		$TEMP0,$ACC4,$ACC3
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	vmovdqu		-24+32*7-128($np),$TEMP0
+	vpaddq		$TEMP1,$ACC5,$ACC4
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	vmovdqu		-24+32*8-128($np),$TEMP1
+	vpaddq		$TEMP2,$ACC6,$ACC5
+	vpmuludq	$Yi,$TEMP0,$TEMP0
+	vmovdqu		-24+32*9-128($np),$TEMP2
+	 mov	$r3, $r0
+	vpaddq		$TEMP0,$ACC7,$ACC6
+	vpmuludq	$Yi,$TEMP1,$TEMP1
+	 add	(%rsp), $r0
+	vpaddq		$TEMP1,$ACC8,$ACC7
+	vpmuludq	$Yi,$TEMP2,$TEMP2
+	 vmovq	$r3, $TEMP1
+	vpaddq		$TEMP2,$ACC9,$ACC8
+
+	dec	$i
+	jnz	.Loop_mul_1024
+___
+
+# (*)	Original implementation was correcting ACC1-ACC3 for overflow
+#	after 7 loop runs, or after 28 iterations, or 56 additions.
+#	But as we underutilize resources, it's possible to correct in
+#	each iteration with marginal performance loss. But then, as
+#	we do it in each iteration, we can correct less digits, and
+#	avoid performance penalties completely.
+
+$TEMP0 = $ACC9;
+$TEMP3 = $Bi;
+$TEMP4 = $Yi;
+$code.=<<___;
+	vpaddq		(%rsp), $TEMP1, $ACC0
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vpsrlq		\$29, $ACC0, $TEMP1
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpsrlq		\$29, $ACC1, $TEMP2
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpsrlq		\$29, $ACC2, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpsrlq		\$29, $ACC3, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpermq		\$0x93, $TEMP3, $TEMP3
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP4, $TEMP4
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC0, $ACC0
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC1, $ACC1
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC2, $ACC2
+	vpblendd	\$3, $TEMP4, $ZERO, $TEMP4
+	vpaddq		$TEMP3, $ACC3, $ACC3
+	vpaddq		$TEMP4, $ACC4, $ACC4
+
+	vmovdqu		$ACC0, 0-128($rp)
+	vmovdqu		$ACC1, 32-128($rp)
+	vmovdqu		$ACC2, 64-128($rp)
+	vmovdqu		$ACC3, 96-128($rp)
+___
+
+$TEMP5=$ACC0;
+$code.=<<___;
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+
+	vpsrlq		\$29, $ACC4, $TEMP1
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpsrlq		\$29, $ACC5, $TEMP2
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpsrlq		\$29, $ACC6, $TEMP3
+	vpermq		\$0x93, $TEMP1, $TEMP1
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpsrlq		\$29, $ACC7, $TEMP4
+	vpermq		\$0x93, $TEMP2, $TEMP2
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpsrlq		\$29, $ACC8, $TEMP5
+	vpermq		\$0x93, $TEMP3, $TEMP3
+	vpand		$AND_MASK, $ACC8, $ACC8
+	vpermq		\$0x93, $TEMP4, $TEMP4
+
+	vpblendd	\$3, $ZERO, $TEMP1, $TEMP0
+	vpermq		\$0x93, $TEMP5, $TEMP5
+	vpblendd	\$3, $TEMP1, $TEMP2, $TEMP1
+	vpaddq		$TEMP0, $ACC4, $ACC4
+	vpblendd	\$3, $TEMP2, $TEMP3, $TEMP2
+	vpaddq		$TEMP1, $ACC5, $ACC5
+	vpblendd	\$3, $TEMP3, $TEMP4, $TEMP3
+	vpaddq		$TEMP2, $ACC6, $ACC6
+	vpblendd	\$3, $TEMP4, $TEMP5, $TEMP4
+	vpaddq		$TEMP3, $ACC7, $ACC7
+	vpaddq		$TEMP4, $ACC8, $ACC8
+
+	vmovdqu		$ACC4, 128-128($rp)
+	vmovdqu		$ACC5, 160-128($rp)    
+	vmovdqu		$ACC6, 192-128($rp)
+	vmovdqu		$ACC7, 224-128($rp)
+	vmovdqu		$ACC8, 256-128($rp)
+	vzeroupper
+
+	mov	%rbp, %rax
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.Lmul_1024_epilogue:
+	ret
+.size	rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2
+___
+}
+{
+my ($out,$inp) = $win64 ? ("%rcx","%rdx") : ("%rdi","%rsi");
+my @T = map("%r$_",(8..11));
+
+$code.=<<___;
+.globl	rsaz_1024_red2norm_avx2
+.type	rsaz_1024_red2norm_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_red2norm_avx2:
+	sub	\$-128,$inp	# size optimization
+	xor	%rax,%rax
+___
+
+for ($j=0,$i=0; $i<16; $i++) {
+    my $k=0;
+    while (29*$j<64*($i+1)) {	# load data till boundary
+	$code.="	mov	`8*$j-128`($inp), @T[0]\n";
+	$j++; $k++; push(@T,shift(@T));
+    }
+    $l=$k;
+    while ($k>1) {		# shift loaded data but last value
+	$code.="	shl	\$`29*($j-$k)`,@T[-$k]\n";
+	$k--;
+    }
+    $code.=<<___;		# shift last value
+	mov	@T[-1], @T[0]
+	shl	\$`29*($j-1)`, @T[-1]
+	shr	\$`-29*($j-1)`, @T[0]
+___
+    while ($l) {		# accumulate all values
+	$code.="	add	@T[-$l], %rax\n";
+	$l--;
+    }
+	$code.=<<___;
+	adc	\$0, @T[0]	# consume eventual carry
+	mov	%rax, 8*$i($out)
+	mov	@T[0], %rax
+___
+    push(@T,shift(@T));
+}
+$code.=<<___;
+	ret
+.size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
+
+.globl	rsaz_1024_norm2red_avx2
+.type	rsaz_1024_norm2red_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_norm2red_avx2:
+	sub	\$-128,$out	# size optimization
+	mov	($inp),@T[0]
+	mov	\$0x1fffffff,%eax
+___
+for ($j=0,$i=0; $i<16; $i++) {
+    $code.="	mov	`8*($i+1)`($inp),@T[1]\n"	if ($i<15);
+    $code.="	xor	@T[1],@T[1]\n"			if ($i==15);
+    my $k=1;
+    while (29*($j+1)<64*($i+1)) {
+    	$code.=<<___;
+	mov	@T[0],@T[-$k]
+	shr	\$`29*$j`,@T[-$k]
+	and	%rax,@T[-$k]				# &0x1fffffff
+	mov	@T[-$k],`8*$j-128`($out)
+___
+	$j++; $k++;
+    }
+    $code.=<<___;
+	shrd	\$`29*$j`,@T[1],@T[0]
+	and	%rax,@T[0]
+	mov	@T[0],`8*$j-128`($out)
+___
+    $j++;
+    push(@T,shift(@T));
+}
+$code.=<<___;
+	mov	@T[0],`8*$j-128`($out)			# zero
+	mov	@T[0],`8*($j+1)-128`($out)
+	mov	@T[0],`8*($j+2)-128`($out)
+	mov	@T[0],`8*($j+3)-128`($out)
+	ret
+.size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
+___
+}
+{
+my ($out,$inp,$power) = $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx");
+
+$code.=<<___;
+.globl	rsaz_1024_scatter5_avx2
+.type	rsaz_1024_scatter5_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_scatter5_avx2:
+	vzeroupper
+	vmovdqu	.Lscatter_permd(%rip),%ymm5
+	shl	\$4,$power
+	lea	($out,$power),$out
+	mov	\$9,%eax
+	jmp	.Loop_scatter_1024
+
+.align	32
+.Loop_scatter_1024:
+	vmovdqu		($inp),%ymm0
+	lea		32($inp),$inp
+	vpermd		%ymm0,%ymm5,%ymm0
+	vmovdqu		%xmm0,($out)
+	lea		16*32($out),$out
+	dec	%eax
+	jnz	.Loop_scatter_1024
+
+	vzeroupper
+	ret
+.size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
+
+.globl	rsaz_1024_gather5_avx2
+.type	rsaz_1024_gather5_avx2,\@abi-omnipotent
+.align	32
+rsaz_1024_gather5_avx2:
+	vzeroupper
+	mov	%rsp,%r11
+___
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_rsaz_1024_gather5:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		# lea	-0x20(%rax),%rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	# vmovaps %xmm6,-0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	# vmovaps %xmm7,-0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	# vmovaps %xmm8,0(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	# vmovaps %xmm9,0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	# vmovaps %xmm10,0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	# vmovaps %xmm11,0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	# vmovaps %xmm12,0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	# vmovaps %xmm13,0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	# vmovaps %xmm14,0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	# vmovaps %xmm15,0x70(%rax)
+___
+$code.=<<___;
+	lea	-0x100(%rsp),%rsp
+	and	\$-32, %rsp
+	lea	.Linc(%rip), %r10
+	lea	-128(%rsp),%rax			# control u-op density
+
+	vmovd		$power, %xmm4
+	vmovdqa		(%r10),%ymm0
+	vmovdqa		32(%r10),%ymm1
+	vmovdqa		64(%r10),%ymm5
+	vpbroadcastd	%xmm4,%ymm4
+
+	vpaddd		%ymm5, %ymm0, %ymm2
+	vpcmpeqd	%ymm4, %ymm0, %ymm0
+	vpaddd		%ymm5, %ymm1, %ymm3
+	vpcmpeqd	%ymm4, %ymm1, %ymm1
+	vmovdqa		%ymm0, 32*0+128(%rax)
+	vpaddd		%ymm5, %ymm2, %ymm0
+	vpcmpeqd	%ymm4, %ymm2, %ymm2
+	vmovdqa		%ymm1, 32*1+128(%rax)
+	vpaddd		%ymm5, %ymm3, %ymm1
+	vpcmpeqd	%ymm4, %ymm3, %ymm3
+	vmovdqa		%ymm2, 32*2+128(%rax)
+	vpaddd		%ymm5, %ymm0, %ymm2
+	vpcmpeqd	%ymm4, %ymm0, %ymm0
+	vmovdqa		%ymm3, 32*3+128(%rax)
+	vpaddd		%ymm5, %ymm1, %ymm3
+	vpcmpeqd	%ymm4, %ymm1, %ymm1
+	vmovdqa		%ymm0, 32*4+128(%rax)
+	vpaddd		%ymm5, %ymm2, %ymm8
+	vpcmpeqd	%ymm4, %ymm2, %ymm2
+	vmovdqa		%ymm1, 32*5+128(%rax)
+	vpaddd		%ymm5, %ymm3, %ymm9
+	vpcmpeqd	%ymm4, %ymm3, %ymm3
+	vmovdqa		%ymm2, 32*6+128(%rax)
+	vpaddd		%ymm5, %ymm8, %ymm10
+	vpcmpeqd	%ymm4, %ymm8, %ymm8
+	vmovdqa		%ymm3, 32*7+128(%rax)
+	vpaddd		%ymm5, %ymm9, %ymm11
+	vpcmpeqd	%ymm4, %ymm9, %ymm9
+	vpaddd		%ymm5, %ymm10, %ymm12
+	vpcmpeqd	%ymm4, %ymm10, %ymm10
+	vpaddd		%ymm5, %ymm11, %ymm13
+	vpcmpeqd	%ymm4, %ymm11, %ymm11
+	vpaddd		%ymm5, %ymm12, %ymm14
+	vpcmpeqd	%ymm4, %ymm12, %ymm12
+	vpaddd		%ymm5, %ymm13, %ymm15
+	vpcmpeqd	%ymm4, %ymm13, %ymm13
+	vpcmpeqd	%ymm4, %ymm14, %ymm14
+	vpcmpeqd	%ymm4, %ymm15, %ymm15
+
+	vmovdqa	-32(%r10),%ymm7			# .Lgather_permd
+	lea	128($inp), $inp
+	mov	\$9,$power
+
+.Loop_gather_1024:
+	vmovdqa		32*0-128($inp),	%ymm0
+	vmovdqa		32*1-128($inp),	%ymm1
+	vmovdqa		32*2-128($inp),	%ymm2
+	vmovdqa		32*3-128($inp),	%ymm3
+	vpand		32*0+128(%rax),	%ymm0,	%ymm0
+	vpand		32*1+128(%rax),	%ymm1,	%ymm1
+	vpand		32*2+128(%rax),	%ymm2,	%ymm2
+	vpor		%ymm0, %ymm1, %ymm4
+	vpand		32*3+128(%rax),	%ymm3,	%ymm3
+	vmovdqa		32*4-128($inp),	%ymm0
+	vmovdqa		32*5-128($inp),	%ymm1
+	vpor		%ymm2, %ymm3, %ymm5
+	vmovdqa		32*6-128($inp),	%ymm2
+	vmovdqa		32*7-128($inp),	%ymm3
+	vpand		32*4+128(%rax),	%ymm0,	%ymm0
+	vpand		32*5+128(%rax),	%ymm1,	%ymm1
+	vpand		32*6+128(%rax),	%ymm2,	%ymm2
+	vpor		%ymm0, %ymm4, %ymm4
+	vpand		32*7+128(%rax),	%ymm3,	%ymm3
+	vpand		32*8-128($inp),	%ymm8,	%ymm0
+	vpor		%ymm1, %ymm5, %ymm5
+	vpand		32*9-128($inp),	%ymm9,	%ymm1
+	vpor		%ymm2, %ymm4, %ymm4
+	vpand		32*10-128($inp),%ymm10,	%ymm2
+	vpor		%ymm3, %ymm5, %ymm5
+	vpand		32*11-128($inp),%ymm11,	%ymm3
+	vpor		%ymm0, %ymm4, %ymm4
+	vpand		32*12-128($inp),%ymm12,	%ymm0
+	vpor		%ymm1, %ymm5, %ymm5
+	vpand		32*13-128($inp),%ymm13,	%ymm1
+	vpor		%ymm2, %ymm4, %ymm4
+	vpand		32*14-128($inp),%ymm14,	%ymm2
+	vpor		%ymm3, %ymm5, %ymm5
+	vpand		32*15-128($inp),%ymm15,	%ymm3
+	lea		32*16($inp), $inp
+	vpor		%ymm0, %ymm4, %ymm4
+	vpor		%ymm1, %ymm5, %ymm5
+	vpor		%ymm2, %ymm4, %ymm4
+	vpor		%ymm3, %ymm5, %ymm5
+
+	vpor		%ymm5, %ymm4, %ymm4
+	vextracti128	\$1, %ymm4, %xmm5	# upper half is cleared
+	vpor		%xmm4, %xmm5, %xmm5
+	vpermd		%ymm5,%ymm7,%ymm5
+	vmovdqu		%ymm5,($out)
+	lea		32($out),$out
+	dec	$power
+	jnz	.Loop_gather_1024
+
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm0,($out)
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xa8(%r11),%xmm6
+	movaps	-0x98(%r11),%xmm7
+	movaps	-0x88(%r11),%xmm8
+	movaps	-0x78(%r11),%xmm9
+	movaps	-0x68(%r11),%xmm10
+	movaps	-0x58(%r11),%xmm11
+	movaps	-0x48(%r11),%xmm12
+	movaps	-0x38(%r11),%xmm13
+	movaps	-0x28(%r11),%xmm14
+	movaps	-0x18(%r11),%xmm15
+.LSEH_end_rsaz_1024_gather5:
+___
+$code.=<<___;
+	lea	(%r11),%rsp
+	ret
+.size	rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2
+___
+}
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	rsaz_avx2_eligible
+.type	rsaz_avx2_eligible,\@abi-omnipotent
+.align	32
+rsaz_avx2_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+___
+$code.=<<___	if ($addx);
+	mov	\$`1<<8|1<<19`,%ecx
+	mov	\$0,%edx
+	and	%eax,%ecx
+	cmp	\$`1<<8|1<<19`,%ecx	# check for BMI2+AD*X
+	cmove	%edx,%eax
+___
+$code.=<<___;
+	and	\$`1<<5`,%eax
+	shr	\$5,%eax
+	ret
+.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
+
+.align	64
+.Land_mask:
+	.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
+.Lscatter_permd:
+	.long	0,2,4,6,7,7,7,7
+.Lgather_permd:
+	.long	0,7,1,7,2,7,3,7
+.Linc:
+	.long	0,0,0,0, 1,1,1,1
+	.long	2,2,2,2, 3,3,3,3
+	.long	4,4,4,4, 4,4,4,4
+.align	64
+___
+
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___
+.extern	__imp_RtlVirtualUnwind
+.type	rsaz_se_handler,\@abi-omnipotent
+.align	16
+rsaz_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	160($context),%rax	# pull context->Rbp
+
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	mov	%r15,240($context)
+	mov	%r14,232($context)
+	mov	%r13,224($context)
+	mov	%r12,216($context)
+	mov	%rbp,160($context)
+	mov	%rbx,144($context)
+
+	lea	-0xd8(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	rsaz_se_handler,.-rsaz_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_rsaz_1024_sqr_avx2
+	.rva	.LSEH_end_rsaz_1024_sqr_avx2
+	.rva	.LSEH_info_rsaz_1024_sqr_avx2
+
+	.rva	.LSEH_begin_rsaz_1024_mul_avx2
+	.rva	.LSEH_end_rsaz_1024_mul_avx2
+	.rva	.LSEH_info_rsaz_1024_mul_avx2
+
+	.rva	.LSEH_begin_rsaz_1024_gather5
+	.rva	.LSEH_end_rsaz_1024_gather5
+	.rva	.LSEH_info_rsaz_1024_gather5
+.section	.xdata
+.align	8
+.LSEH_info_rsaz_1024_sqr_avx2:
+	.byte	9,0,0,0
+	.rva	rsaz_se_handler
+	.rva	.Lsqr_1024_body,.Lsqr_1024_epilogue
+.LSEH_info_rsaz_1024_mul_avx2:
+	.byte	9,0,0,0
+	.rva	rsaz_se_handler
+	.rva	.Lmul_1024_body,.Lmul_1024_epilogue
+.LSEH_info_rsaz_1024_gather5:
+	.byte	0x01,0x36,0x17,0x0b
+	.byte	0x36,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x31,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x2c,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x27,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x22,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x1d,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x18,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x13,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x0e,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x09,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	# sub	  rsp,0xa8
+	.byte	0x00,0xb3,0x00,0x00	# set_frame r11
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sh[rl]d?\s+\$)(-?[0-9]+)/$1.$2%64/ge		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+	print $_,"\n";
+}
+
+}}} else {{{
+print <<___;	# assembler is too old
+.text
+
+.globl	rsaz_avx2_eligible
+.type	rsaz_avx2_eligible,\@abi-omnipotent
+rsaz_avx2_eligible:
+	xor	%eax,%eax
+	ret
+.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
+
+.globl	rsaz_1024_sqr_avx2
+.globl	rsaz_1024_mul_avx2
+.globl	rsaz_1024_norm2red_avx2
+.globl	rsaz_1024_red2norm_avx2
+.globl	rsaz_1024_scatter5_avx2
+.globl	rsaz_1024_gather5_avx2
+.type	rsaz_1024_sqr_avx2,\@abi-omnipotent
+rsaz_1024_sqr_avx2:
+rsaz_1024_mul_avx2:
+rsaz_1024_norm2red_avx2:
+rsaz_1024_red2norm_avx2:
+rsaz_1024_scatter5_avx2:
+rsaz_1024_gather5_avx2:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
+___
+}}}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/rsaz-x86_64.pl b/openssl-1.1.0h/crypto/bn/asm/rsaz-x86_64.pl
new file mode 100755
index 0000000..6f3b664
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/rsaz-x86_64.pl
@@ -0,0 +1,2358 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+##############################################################################
+#                                                                            #
+#  Copyright (c) 2012, Intel Corporation                                     #
+#                                                                            #
+#  All rights reserved.                                                      #
+#                                                                            #
+#  Redistribution and use in source and binary forms, with or without        #
+#  modification, are permitted provided that the following conditions are    #
+#  met:                                                                      #
+#                                                                            #
+#  *  Redistributions of source code must retain the above copyright         #
+#     notice, this list of conditions and the following disclaimer.          #
+#                                                                            #
+#  *  Redistributions in binary form must reproduce the above copyright      #
+#     notice, this list of conditions and the following disclaimer in the    #
+#     documentation and/or other materials provided with the                 #
+#     distribution.                                                          #
+#                                                                            #
+#  *  Neither the name of the Intel Corporation nor the names of its         #
+#     contributors may be used to endorse or promote products derived from   #
+#     this software without specific prior written permission.               #
+#                                                                            #
+#                                                                            #
+#  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          #
+#  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         #
+#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        #
+#  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            #
+#  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     #
+#  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       #
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        #
+#  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    #
+#  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      #
+#  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        #
+#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              #
+#                                                                            #
+##############################################################################
+# Developers and authors:                                                    #
+# Shay Gueron (1, 2), and Vlad Krasnov (1)                                   #
+# (1) Intel Architecture Group, Microprocessor and Chipset Development,      #
+#     Israel Development Center, Haifa, Israel                               #
+# (2) University of Haifa                                                    #
+##############################################################################
+# Reference:                                                                 #
+# [1] S. Gueron, "Efficient Software Implementations of Modular              #
+#     Exponentiation", http://eprint.iacr.org/2011/239                       #
+# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring".             #
+#     IEEE Proceedings of 9th International Conference on Information        #
+#     Technology: New Generations (ITNG 2012), 821-823 (2012).               #
+# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation#
+#     Journal of Cryptographic Engineering 2:31-43 (2012).                   #
+# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis    #
+#     resistant 512-bit and 1024-bit modular exponentiation for optimizing   #
+#     RSA1024 and RSA2048 on x86_64 platforms",                              #
+#     http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest#
+##############################################################################
+
+# While original submission covers 512- and 1024-bit exponentiation,
+# this module is limited to 512-bit version only (and as such
+# accelerates RSA1024 sign). This is because improvement for longer
+# keys is not high enough to justify the effort, highest measured
+# was ~5% on Westmere. [This is relative to OpenSSL 1.0.2, upcoming
+# for the moment of this writing!] Nor does this module implement
+# "monolithic" complete exponentiation jumbo-subroutine, but adheres
+# to more modular mixture of C and assembly. And it's optimized even
+# for processors other than Intel Core family (see table below for
+# improvement coefficients).
+# 						<appro@openssl.org>
+#
+# RSA1024 sign/sec	this/original	|this/rsax(*)	this/fips(*)
+#			----------------+---------------------------
+# Opteron		+13%		|+5%		+20%
+# Bulldozer		-0%		|-1%		+10%
+# P4			+11%		|+7%		+8%
+# Westmere		+5%		|+14%		+17%
+# Sandy Bridge		+2%		|+12%		+29%
+# Ivy Bridge		+1%		|+11%		+35%
+# Haswell(**)		-0%		|+12%		+39%
+# Atom			+13%		|+11%		+4%
+# VIA Nano		+70%		|+9%		+25%
+#
+# (*)	rsax engine and fips numbers are presented for reference
+#	purposes;
+# (**)	MULX was attempted, but found to give only marginal improvement;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp");	# common internal API
+{
+my ($out,$inp,$mod,$n0,$times) = ("%rdi","%rsi","%rdx","%rcx","%r8d");
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	rsaz_512_sqr
+.type	rsaz_512_sqr,\@function,5
+.align	32
+rsaz_512_sqr:				# 25-29% faster than rsaz_512_mul
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	subq	\$128+24, %rsp
+.Lsqr_body:
+	movq	$mod, %rbp		# common argument
+	movq	($inp), %rdx
+	movq	8($inp), %rax
+	movq	$n0, 128(%rsp)
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Loop_sqrx
+___
+$code.=<<___;
+	jmp	.Loop_sqr
+
+.align	32
+.Loop_sqr:
+	movl	$times,128+8(%rsp)
+#first iteration
+	movq	%rdx, %rbx
+	mulq	%rdx
+	movq	%rax, %r8
+	movq	16($inp), %rax
+	movq	%rdx, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($inp), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($inp), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($inp), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($inp), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($inp), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	%rbx, %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	addq	%r8, %r8		#shlq	\$1, %r8
+	movq	%r9, %rcx
+	adcq	%r9, %r9		#shld	\$1, %r8, %r9
+
+	mulq	%rax
+	movq	%rax, (%rsp)
+	addq	%rdx, %r8
+	adcq	\$0, %r9
+
+	movq	%r8, 8(%rsp)
+	shrq	\$63, %rcx
+
+#second iteration
+	movq	8($inp), %r8
+	movq	16($inp), %rax
+	mulq	%r8
+	addq	%rax, %r10
+	movq	24($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r11
+	movq	32($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r11
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r12
+	movq	40($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r12
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r13
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r13
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r14
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r14
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r8
+	addq	%rax, %r15
+	movq	%r8, %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r15
+	movq	%rdx, %r8
+	movq	%r10, %rdx
+	adcq	\$0, %r8
+
+	add	%rdx, %rdx
+	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+	movq	%r11, %rbx
+	adcq	%r11, %r11		#shld	\$1, %r10, %r11
+
+	mulq	%rax
+	addq	%rax, %r9
+	adcq	%rdx, %r10
+	adcq	\$0, %r11
+
+	movq	%r9, 16(%rsp)
+	movq	%r10, 24(%rsp)
+	shrq	\$63, %rbx
+	
+#third iteration
+	movq	16($inp), %r9	
+	movq	24($inp), %rax
+	mulq	%r9
+	addq	%rax, %r12
+	movq	32($inp), %rax
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	addq	%rax, %r13
+	movq	40($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r13
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	addq	%rax, %r14
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r14
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	 movq	%r12, %r10
+	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
+	addq	%rax, %r15
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r15
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r9
+	 shrq	\$63, %r10
+	addq	%rax, %r8
+	movq	%r9, %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	movq	%r13, %rcx
+	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
+
+	mulq	%rax
+	addq	%rax, %r11
+	adcq	%rdx, %r12
+	adcq	\$0, %r13
+
+	movq	%r11, 32(%rsp)
+	movq	%r12, 40(%rsp)
+	shrq	\$63, %rcx
+
+#fourth iteration
+	movq	24($inp), %r10
+	movq	32($inp), %rax
+	mulq	%r10
+	addq	%rax, %r14
+	movq	40($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	addq	%rax, %r15
+	movq	48($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r15
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	 movq	%r14, %r12
+	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
+	addq	%rax, %r8
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r8
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r10
+	 shrq	\$63, %r12
+	addq	%rax, %r9
+	movq	%r10, %rax
+	adcq	\$0, %rdx
+	addq	%rbx, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	movq	%r15, %rbx
+	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
+
+	mulq	%rax
+	addq	%rax, %r13
+	adcq	%rdx, %r14
+	adcq	\$0, %r15
+
+	movq	%r13, 48(%rsp)
+	movq	%r14, 56(%rsp)
+	shrq	\$63, %rbx
+
+#fifth iteration
+	movq	32($inp), %r11
+	movq	40($inp), %rax
+	mulq	%r11
+	addq	%rax, %r8
+	movq	48($inp), %rax
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r11
+	addq	%rax, %r9
+	movq	56($inp), %rax
+	adcq	\$0, %rdx
+	 movq	%r8, %r12
+	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
+	addq	%rcx, %r9
+	movq	%rdx, %rcx
+	adcq	\$0, %rcx
+
+	mulq	%r11
+	 shrq	\$63, %r12
+	addq	%rax, %r10
+	movq	%r11, %rax
+	adcq	\$0, %rdx
+	addq	%rcx, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	movq	%r9, %rcx
+	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
+
+	mulq	%rax
+	addq	%rax, %r15
+	adcq	%rdx, %r8
+	adcq	\$0, %r9
+
+	movq	%r15, 64(%rsp)
+	movq	%r8, 72(%rsp)
+	shrq	\$63, %rcx
+
+#sixth iteration
+	movq	40($inp), %r12
+	movq	48($inp), %rax
+	mulq	%r12
+	addq	%rax, %r10
+	movq	56($inp), %rax
+	movq	%rdx, %rbx
+	adcq	\$0, %rbx
+
+	mulq	%r12
+	addq	%rax, %r11
+	movq	%r12, %rax
+	 movq	%r10, %r15
+	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+	adcq	\$0, %rdx
+	 shrq	\$63, %r15
+	addq	%rbx, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	movq	%r11, %rbx
+	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
+
+	mulq	%rax
+	addq	%rax, %r9
+	adcq	%rdx, %r10
+	adcq	\$0, %r11
+
+	movq	%r9, 80(%rsp)
+	movq	%r10, 88(%rsp)
+
+#seventh iteration
+	movq	48($inp), %r13
+	movq	56($inp), %rax
+	mulq	%r13
+	addq	%rax, %r12
+	movq	%r13, %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	xorq	%r14, %r14
+	shlq	\$1, %rbx
+	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
+	adcq	%r13, %r13		#shld	\$1, %r12, %r13
+	adcq	%r14, %r14		#shld	\$1, %r13, %r14
+
+	mulq	%rax
+	addq	%rax, %r11
+	adcq	%rdx, %r12
+	adcq	\$0, %r13
+
+	movq	%r11, 96(%rsp)
+	movq	%r12, 104(%rsp)
+
+#eighth iteration
+	movq	56($inp), %rax
+	mulq	%rax
+	addq	%rax, %r13
+	adcq	\$0, %rdx
+
+	addq	%rdx, %r14
+
+	movq	%r13, 112(%rsp)
+	movq	%r14, 120(%rsp)
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, %rdx
+	movq	%r9, %rax
+	movl	128+8(%rsp), $times
+	movq	$out, $inp
+
+	decl	$times
+	jnz	.Loop_sqr
+___
+if ($addx) {
+$code.=<<___;
+	jmp	.Lsqr_tail
+
+.align	32
+.Loop_sqrx:
+	movl	$times,128+8(%rsp)
+	movq	$out, %xmm0		# off-load
+	movq	%rbp, %xmm1		# off-load
+#first iteration	
+	mulx	%rax, %r8, %r9
+
+	mulx	16($inp), %rcx, %r10
+	xor	%rbp, %rbp		# cf=0, of=0
+
+	mulx	24($inp), %rax, %r11
+	adcx	%rcx, %r9
+
+	mulx	32($inp), %rcx, %r12
+	adcx	%rax, %r10
+
+	mulx	40($inp), %rax, %r13
+	adcx	%rcx, %r11
+
+	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
+	adcx	%rax, %r12
+	adcx	%rcx, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
+	adcx	%rax, %r14
+	adcx	%rbp, %r15		# %rbp is 0
+
+	mov	%r9, %rcx
+	shld	\$1, %r8, %r9
+	shl	\$1, %r8
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rdx, %r8
+	 mov	8($inp), %rdx
+	adcx	%rbp, %r9
+
+	mov	%rax, (%rsp)
+	mov	%r8, 8(%rsp)
+
+#second iteration	
+	mulx	16($inp), %rax, %rbx
+	adox	%rax, %r10
+	adcx	%rbx, %r11
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
+	adox	$out, %r11
+	adcx	%r8, %r12
+
+	mulx	32($inp), %rax, %rbx
+	adox	%rax, %r12
+	adcx	%rbx, %r13
+
+	mulx	40($inp), $out, %r8
+	adox	$out, %r13
+	adcx	%r8, %r14
+
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rbx
+	adox	%rax, %r14
+	adcx	%rbx, %r15
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
+	adox	$out, %r15
+	adcx	%rbp, %r8
+	adox	%rbp, %r8
+
+	mov	%r11, %rbx
+	shld	\$1, %r10, %r11
+	shld	\$1, %rcx, %r10
+
+	xor	%ebp,%ebp
+	mulx	%rdx, %rax, %rcx
+	 mov	16($inp), %rdx
+	adcx	%rax, %r9
+	adcx	%rcx, %r10
+	adcx	%rbp, %r11
+
+	mov	%r9, 16(%rsp)
+	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
+	
+#third iteration	
+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
+	adox	$out, %r12
+	adcx	%r9, %r13
+
+	mulx	32($inp), %rax, %rcx
+	adox	%rax, %r13
+	adcx	%rcx, %r14
+
+	mulx	40($inp), $out, %r9
+	adox	$out, %r14
+	adcx	%r9, %r15
+
+	.byte	0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rcx
+	adox	%rax, %r15
+	adcx	%rcx, %r8
+
+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
+	adox	$out, %r8
+	adcx	%rbp, %r9
+	adox	%rbp, %r9
+
+	mov	%r13, %rcx
+	shld	\$1, %r12, %r13
+	shld	\$1, %rbx, %r12
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r11
+	adcx	%rdx, %r12
+	 mov	24($inp), %rdx
+	adcx	%rbp, %r13
+
+	mov	%r11, 32(%rsp)
+	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
+	
+#fourth iteration	
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
+	adox	%rax, %r14
+	adcx	%rbx, %r15
+
+	mulx	40($inp), $out, %r10
+	adox	$out, %r15
+	adcx	%r10, %r8
+
+	mulx	48($inp), %rax, %rbx
+	adox	%rax, %r8
+	adcx	%rbx, %r9
+
+	mulx	56($inp), $out, %r10
+	adox	$out, %r9
+	adcx	%rbp, %r10
+	adox	%rbp, %r10
+
+	.byte	0x66
+	mov	%r15, %rbx
+	shld	\$1, %r14, %r15
+	shld	\$1, %rcx, %r14
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r13
+	adcx	%rdx, %r14
+	 mov	32($inp), %rdx
+	adcx	%rbp, %r15
+
+	mov	%r13, 48(%rsp)
+	mov	%r14, 56(%rsp)
+	
+#fifth iteration	
+	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
+	adox	$out, %r8
+	adcx	%r11, %r9
+
+	mulx	48($inp), %rax, %rcx
+	adox	%rax, %r9
+	adcx	%rcx, %r10
+
+	mulx	56($inp), $out, %r11
+	adox	$out, %r10
+	adcx	%rbp, %r11
+	adox	%rbp, %r11
+
+	mov	%r9, %rcx
+	shld	\$1, %r8, %r9
+	shld	\$1, %rbx, %r8
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r15
+	adcx	%rdx, %r8
+	 mov	40($inp), %rdx
+	adcx	%rbp, %r9
+
+	mov	%r15, 64(%rsp)
+	mov	%r8, 72(%rsp)
+	
+#sixth iteration	
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	48($inp), %rax, %rbx
+	adox	%rax, %r10
+	adcx	%rbx, %r11
+
+	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
+	adox	$out, %r11
+	adcx	%rbp, %r12
+	adox	%rbp, %r12
+
+	mov	%r11, %rbx
+	shld	\$1, %r10, %r11
+	shld	\$1, %rcx, %r10
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r9
+	adcx	%rdx, %r10
+	 mov	48($inp), %rdx
+	adcx	%rbp, %r11
+
+	mov	%r9, 80(%rsp)
+	mov	%r10, 88(%rsp)
+
+#seventh iteration
+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r13
+	adox	%rax, %r12
+	adox	%rbp, %r13
+
+	xor	%r14, %r14
+	shld	\$1, %r13, %r14
+	shld	\$1, %r12, %r13
+	shld	\$1, %rbx, %r12
+
+	xor	%ebp, %ebp
+	mulx	%rdx, %rax, %rdx
+	adcx	%rax, %r11
+	adcx	%rdx, %r12
+	 mov	56($inp), %rdx
+	adcx	%rbp, %r13
+
+	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
+	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
+
+#eighth iteration
+	mulx	%rdx, %rax, %rdx
+	adox	%rax, %r13
+	adox	%rbp, %rdx
+
+	.byte	0x66
+	add	%rdx, %r14
+
+	movq	%r13, 112(%rsp)
+	movq	%r14, 120(%rsp)
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, %rdx
+	movq	%r9, %rax
+	movl	128+8(%rsp), $times
+	movq	$out, $inp
+
+	decl	$times
+	jnz	.Loop_sqrx
+
+.Lsqr_tail:
+___
+}
+$code.=<<___;
+
+	leaq	128+24+48(%rsp), %rax
+	movq	-48(%rax), %r15
+	movq	-40(%rax), %r14
+	movq	-32(%rax), %r13
+	movq	-24(%rax), %r12
+	movq	-16(%rax), %rbp
+	movq	-8(%rax), %rbx
+	leaq	(%rax), %rsp
+.Lsqr_epilogue:
+	ret
+.size	rsaz_512_sqr,.-rsaz_512_sqr
+___
+}
+{
+my ($out,$ap,$bp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx","%r8");
+$code.=<<___;
+.globl	rsaz_512_mul
+.type	rsaz_512_mul,\@function,5
+.align	32
+rsaz_512_mul:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	subq	\$128+24, %rsp
+.Lmul_body:
+	movq	$out, %xmm0		# off-load arguments
+	movq	$mod, %xmm1
+	movq	$n0, 128(%rsp)
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx
+___
+$code.=<<___;
+	movq	($bp), %rbx		# pass b[0]
+	movq	$bp, %rbp		# pass argument
+	call	__rsaz_512_mul
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_tail
+
+.align	32
+.Lmulx:
+	movq	$bp, %rbp		# pass argument
+	movq	($bp), %rdx		# pass b[0]
+	call	__rsaz_512_mulx
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+.Lmul_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp), %rax
+	movq	-48(%rax), %r15
+	movq	-40(%rax), %r14
+	movq	-32(%rax), %r13
+	movq	-24(%rax), %r12
+	movq	-16(%rax), %rbp
+	movq	-8(%rax), %rbx
+	leaq	(%rax), %rsp
+.Lmul_epilogue:
+	ret
+.size	rsaz_512_mul,.-rsaz_512_mul
+___
+}
+{
+my ($out,$ap,$bp,$mod,$n0,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+$code.=<<___;
+.globl	rsaz_512_mul_gather4
+.type	rsaz_512_mul_gather4,\@function,6
+.align	32
+rsaz_512_mul_gather4:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	subq	\$`128+24+($win64?0xb0:0)`, %rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,0xa0(%rsp)
+	movaps	%xmm7,0xb0(%rsp)
+	movaps	%xmm8,0xc0(%rsp)
+	movaps	%xmm9,0xd0(%rsp)
+	movaps	%xmm10,0xe0(%rsp)
+	movaps	%xmm11,0xf0(%rsp)
+	movaps	%xmm12,0x100(%rsp)
+	movaps	%xmm13,0x110(%rsp)
+	movaps	%xmm14,0x120(%rsp)
+	movaps	%xmm15,0x130(%rsp)
+___
+$code.=<<___;
+.Lmul_gather4_body:
+	movd	$pwr,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1	# 00000002000000020000000200000002
+	movdqa	.Linc(%rip),%xmm0	# 00000001000000010000000000000000
+
+	pshufd	\$0,%xmm8,%xmm8		# broadcast $power
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..15 to $power
+#
+for($i=0;$i<4;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+	movdqa	%xmm7,%xmm`$i+3`
+___
+}
+for(;$i<7;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+___
+}
+$code.=<<___;
+	pcmpeqd	%xmm8,%xmm7
+
+	movdqa	16*0($bp),%xmm8
+	movdqa	16*1($bp),%xmm9
+	movdqa	16*2($bp),%xmm10
+	movdqa	16*3($bp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4($bp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5($bp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6($bp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7($bp),%xmm15
+	leaq	128($bp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx_gather
+___
+$code.=<<___;
+	movq	%xmm8,%rbx
+
+	movq	$n0, 128(%rsp)		# off-load arguments
+	movq	$out, 128+8(%rsp)
+	movq	$mod, 128+16(%rsp)
+
+	movq	($ap), %rax
+	 movq	8($ap), %rcx
+	mulq	%rbx			# 0 iteration
+	movq	%rax, (%rsp)
+	movq	%rcx, %rax
+	movq	%rdx, %r8
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	16($ap), %rax
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($ap), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($ap), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($ap), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($ap), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($ap), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+	
+	mulq	%rbx
+	addq	%rax, %r14
+	 movq	($ap), %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8(%rsp), %rdi
+	movl	\$7, %ecx
+	jmp	.Loop_mul_gather
+
+.align	32
+.Loop_mul_gather:
+	movdqa	16*0(%rbp),%xmm8
+	movdqa	16*1(%rbp),%xmm9
+	movdqa	16*2(%rbp),%xmm10
+	movdqa	16*3(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7(%rbp),%xmm15
+	leaq	128(%rbp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,%rbx
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	8($ap), %rax
+	movq	%r8, (%rdi)
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r15
+	 movq	($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15	
+	adcq	\$0, %r15
+
+	leaq	8(%rdi), %rdi
+
+	decl	%ecx
+	jnz	.Loop_mul_gather
+
+	movq	%r8, (%rdi)
+	movq	%r9, 8(%rdi)
+	movq	%r10, 16(%rdi)
+	movq	%r11, 24(%rdi)
+	movq	%r12, 32(%rdi)
+	movq	%r13, 40(%rdi)
+	movq	%r14, 48(%rdi)
+	movq	%r15, 56(%rdi)
+
+	movq	128+8(%rsp), $out
+	movq	128+16(%rsp), %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_gather_tail
+
+.align	32
+.Lmulx_gather:
+	movq	%xmm8,%rdx
+
+	mov	$n0, 128(%rsp)		# off-load arguments
+	mov	$out, 128+8(%rsp)
+	mov	$mod, 128+16(%rsp)
+
+	mulx	($ap), %rbx, %r8	# 0 iteration
+	mov	%rbx, (%rsp)
+	xor	%edi, %edi		# cf=0, of=0
+
+	mulx	8($ap), %rax, %r9
+
+	mulx	16($ap), %rbx, %r10
+	adcx	%rax, %r8
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rbx, %r9
+
+	mulx	32($ap), %rbx, %r12
+	adcx	%rax, %r10
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rbx, %r11
+
+	mulx	48($ap), %rbx, %r14
+	adcx	%rax, %r12
+	
+	mulx	56($ap), %rax, %r15
+	adcx	%rbx, %r13
+	adcx	%rax, %r14
+	.byte	0x67
+	mov	%r8, %rbx
+	adcx	%rdi, %r15		# %rdi is 0
+
+	mov	\$-7, %rcx
+	jmp	.Loop_mulx_gather
+
+.align	32
+.Loop_mulx_gather:
+	movdqa	16*0(%rbp),%xmm8
+	movdqa	16*1(%rbp),%xmm9
+	movdqa	16*2(%rbp),%xmm10
+	movdqa	16*3(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7(%rbp),%xmm15
+	leaq	128(%rbp), %rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,%rdx
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00	# mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00	# mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	.byte	0x67
+	adox	%r15, %r14
+
+	mulx	56($ap), %rax, %r15
+	 mov	%rbx, 64(%rsp,%rcx,8)
+	adcx	%rax, %r14
+	adox	%rdi, %r15
+	mov	%r8, %rbx
+	adcx	%rdi, %r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Loop_mulx_gather
+
+	mov	%r8, 64(%rsp)
+	mov	%r9, 64+8(%rsp)
+	mov	%r10, 64+16(%rsp)
+	mov	%r11, 64+24(%rsp)
+	mov	%r12, 64+32(%rsp)
+	mov	%r13, 64+40(%rsp)
+	mov	%r14, 64+48(%rsp)
+	mov	%r15, 64+56(%rsp)
+
+	mov	128(%rsp), %rdx		# pull arguments
+	mov	128+8(%rsp), $out
+	mov	128+16(%rsp), %rbp
+
+	mov	(%rsp), %r8
+	mov	8(%rsp), %r9
+	mov	16(%rsp), %r10
+	mov	24(%rsp), %r11
+	mov	32(%rsp), %r12
+	mov	40(%rsp), %r13
+	mov	48(%rsp), %r14
+	mov	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_gather_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp), %rax
+___
+$code.=<<___	if ($win64);
+	movaps	0xa0-0xc8(%rax),%xmm6
+	movaps	0xb0-0xc8(%rax),%xmm7
+	movaps	0xc0-0xc8(%rax),%xmm8
+	movaps	0xd0-0xc8(%rax),%xmm9
+	movaps	0xe0-0xc8(%rax),%xmm10
+	movaps	0xf0-0xc8(%rax),%xmm11
+	movaps	0x100-0xc8(%rax),%xmm12
+	movaps	0x110-0xc8(%rax),%xmm13
+	movaps	0x120-0xc8(%rax),%xmm14
+	movaps	0x130-0xc8(%rax),%xmm15
+	lea	0xb0(%rax),%rax
+___
+$code.=<<___;
+	movq	-48(%rax), %r15
+	movq	-40(%rax), %r14
+	movq	-32(%rax), %r13
+	movq	-24(%rax), %r12
+	movq	-16(%rax), %rbp
+	movq	-8(%rax), %rbx
+	leaq	(%rax), %rsp
+.Lmul_gather4_epilogue:
+	ret
+.size	rsaz_512_mul_gather4,.-rsaz_512_mul_gather4
+___
+}
+{
+my ($out,$ap,$mod,$n0,$tbl,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
+$code.=<<___;
+.globl	rsaz_512_mul_scatter4
+.type	rsaz_512_mul_scatter4,\@function,6
+.align	32
+rsaz_512_mul_scatter4:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	mov	$pwr, $pwr
+	subq	\$128+24, %rsp
+.Lmul_scatter4_body:
+	leaq	($tbl,$pwr,8), $tbl
+	movq	$out, %xmm0		# off-load arguments
+	movq	$mod, %xmm1
+	movq	$tbl, %xmm2
+	movq	$n0, 128(%rsp)
+
+	movq	$out, %rbp
+___
+$code.=<<___ if ($addx);
+	movl	\$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	\$0x80100,%r11d		# check for MULX and ADO/CX
+	je	.Lmulx_scatter
+___
+$code.=<<___;
+	movq	($out),%rbx		# pass b[0]
+	call	__rsaz_512_mul
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lmul_scatter_tail
+	
+.align	32
+.Lmulx_scatter:
+	movq	($out), %rdx		# pass b[0]
+	call	__rsaz_512_mulx
+
+	movq	%xmm0, $out
+	movq	%xmm1, %rbp
+
+	movq	128(%rsp), %rdx		# pull $n0
+	movq	(%rsp), %r8
+	movq	8(%rsp), %r9
+	movq	16(%rsp), %r10
+	movq	24(%rsp), %r11
+	movq	32(%rsp), %r12
+	movq	40(%rsp), %r13
+	movq	48(%rsp), %r14
+	movq	56(%rsp), %r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_scatter_tail:
+___
+$code.=<<___;
+	addq	64(%rsp), %r8
+	adcq	72(%rsp), %r9
+	adcq	80(%rsp), %r10
+	adcq	88(%rsp), %r11
+	adcq	96(%rsp), %r12
+	adcq	104(%rsp), %r13
+	adcq	112(%rsp), %r14
+	adcq	120(%rsp), %r15
+	movq	%xmm2, $inp
+	sbbq	%rcx, %rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8, 128*0($inp)	# scatter
+	movq	%r9, 128*1($inp)
+	movq	%r10, 128*2($inp)
+	movq	%r11, 128*3($inp)
+	movq	%r12, 128*4($inp)
+	movq	%r13, 128*5($inp)
+	movq	%r14, 128*6($inp)
+	movq	%r15, 128*7($inp)
+
+	leaq	128+24+48(%rsp), %rax
+	movq	-48(%rax), %r15
+	movq	-40(%rax), %r14
+	movq	-32(%rax), %r13
+	movq	-24(%rax), %r12
+	movq	-16(%rax), %rbp
+	movq	-8(%rax), %rbx
+	leaq	(%rax), %rsp
+.Lmul_scatter4_epilogue:
+	ret
+.size	rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4
+___
+}
+{
+my ($out,$inp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx");
+$code.=<<___;
+.globl	rsaz_512_mul_by_one
+.type	rsaz_512_mul_by_one,\@function,4
+.align	32
+rsaz_512_mul_by_one:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	subq	\$128+24, %rsp
+.Lmul_by_one_body:
+___
+$code.=<<___ if ($addx);
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+___
+$code.=<<___;
+	movq	$mod, %rbp	# reassign argument
+	movq	$n0, 128(%rsp)
+
+	movq	($inp), %r8
+	pxor	%xmm0, %xmm0
+	movq	8($inp), %r9
+	movq	16($inp), %r10
+	movq	24($inp), %r11
+	movq	32($inp), %r12
+	movq	40($inp), %r13
+	movq	48($inp), %r14
+	movq	56($inp), %r15
+
+	movdqa	%xmm0, (%rsp)
+	movdqa	%xmm0, 16(%rsp)
+	movdqa	%xmm0, 32(%rsp)
+	movdqa	%xmm0, 48(%rsp)
+	movdqa	%xmm0, 64(%rsp)
+	movdqa	%xmm0, 80(%rsp)
+	movdqa	%xmm0, 96(%rsp)
+___
+$code.=<<___ if ($addx);
+	andl	\$0x80100,%eax
+	cmpl	\$0x80100,%eax		# check for MULX and ADO/CX
+	je	.Lby_one_callx
+___
+$code.=<<___;
+	call	__rsaz_512_reduce
+___
+$code.=<<___ if ($addx);
+	jmp	.Lby_one_tail
+.align	32
+.Lby_one_callx:
+	movq	128(%rsp), %rdx		# pull $n0
+	call	__rsaz_512_reducex
+.Lby_one_tail:
+___
+$code.=<<___;
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	leaq	128+24+48(%rsp), %rax
+	movq	-48(%rax), %r15
+	movq	-40(%rax), %r14
+	movq	-32(%rax), %r13
+	movq	-24(%rax), %r12
+	movq	-16(%rax), %rbp
+	movq	-8(%rax), %rbx
+	leaq	(%rax), %rsp
+.Lmul_by_one_epilogue:
+	ret
+.size	rsaz_512_mul_by_one,.-rsaz_512_mul_by_one
+___
+}
+{	# __rsaz_512_reduce
+	#
+	# input:	%r8-%r15, %rbp - mod, 128(%rsp) - n0
+	# output:	%r8-%r15
+	# clobbers:	everything except %rbp and %rdi
+$code.=<<___;
+.type	__rsaz_512_reduce,\@abi-omnipotent
+.align	32
+__rsaz_512_reduce:
+	movq	%r8, %rbx
+	imulq	128+8(%rsp), %rbx
+	movq	0(%rbp), %rax
+	movl	\$8, %ecx
+	jmp	.Lreduction_loop
+
+.align	32
+.Lreduction_loop:
+	mulq	%rbx
+	movq	8(%rbp), %rax
+	negq	%r8
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	 movq	128+8(%rsp), %rsi
+	#movq	%rdx, %r11
+	#adcq	\$0, %r11
+	adcq	\$0, %rdx
+	movq	%rdx, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40(%rbp), %rax
+	adcq	\$0, %rdx
+	 imulq	%r8, %rsi
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	 movq	%rsi, %rbx
+	addq	%rax, %r15
+	 movq	0(%rbp), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	decl	%ecx
+	jne	.Lreduction_loop
+
+	ret
+.size	__rsaz_512_reduce,.-__rsaz_512_reduce
+___
+}
+if ($addx) {
+	# __rsaz_512_reducex
+	#
+	# input:	%r8-%r15, %rbp - mod, 128(%rsp) - n0
+	# output:	%r8-%r15
+	# clobbers:	everything except %rbp and %rdi
+$code.=<<___;
+.type	__rsaz_512_reducex,\@abi-omnipotent
+.align	32
+__rsaz_512_reducex:
+	#movq	128+8(%rsp), %rdx		# pull $n0
+	imulq	%r8, %rdx
+	xorq	%rsi, %rsi			# cf=0,of=0
+	movl	\$8, %ecx
+	jmp	.Lreduction_loopx
+
+.align	32
+.Lreduction_loopx:
+	mov	%r8, %rbx
+	mulx	0(%rbp), %rax, %r8
+	adcx	%rbx, %rax
+	adox	%r9, %r8
+
+	mulx	8(%rbp), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16(%rbp), %rbx, %r10
+	adcx	%rbx, %r9
+	adox	%r11, %r10
+
+	mulx	24(%rbp), %rbx, %r11
+	adcx	%rbx, %r10
+	adox	%r12, %r11
+
+	.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	32(%rbp), %rbx, %r12
+	 mov	%rdx, %rax
+	 mov	%r8, %rdx
+	adcx	%rbx, %r11
+	adox	%r13, %r12
+
+	 mulx	128+8(%rsp), %rbx, %rdx
+	 mov	%rax, %rdx
+
+	mulx	40(%rbp), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00	# mulx	48(%rbp), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	mulx	56(%rbp), %rax, %r15
+	 mov	%rbx, %rdx
+	adcx	%rax, %r14
+	adox	%rsi, %r15			# %rsi is 0
+	adcx	%rsi, %r15			# cf=0
+
+	decl	%ecx				# of=0
+	jne	.Lreduction_loopx
+
+	ret
+.size	__rsaz_512_reducex,.-__rsaz_512_reducex
+___
+}
+{	# __rsaz_512_subtract
+	# input: %r8-%r15, %rdi - $out, %rbp - $mod, %rcx - mask
+	# output:
+	# clobbers: everything but %rdi, %rsi and %rbp
+$code.=<<___;
+.type	__rsaz_512_subtract,\@abi-omnipotent
+.align	32
+__rsaz_512_subtract:
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	movq	0($mod), %r8
+	movq	8($mod), %r9
+	negq	%r8
+	notq	%r9
+	andq	%rcx, %r8
+	movq	16($mod), %r10
+	andq	%rcx, %r9
+	notq	%r10
+	movq	24($mod), %r11
+	andq	%rcx, %r10
+	notq	%r11
+	movq	32($mod), %r12
+	andq	%rcx, %r11
+	notq	%r12
+	movq	40($mod), %r13
+	andq	%rcx, %r12
+	notq	%r13
+	movq	48($mod), %r14
+	andq	%rcx, %r13
+	notq	%r14
+	movq	56($mod), %r15
+	andq	%rcx, %r14
+	notq	%r15
+	andq	%rcx, %r15
+
+	addq	($out), %r8
+	adcq	8($out), %r9
+	adcq	16($out), %r10
+	adcq	24($out), %r11
+	adcq	32($out), %r12
+	adcq	40($out), %r13
+	adcq	48($out), %r14
+	adcq	56($out), %r15
+
+	movq	%r8, ($out)
+	movq	%r9, 8($out)
+	movq	%r10, 16($out)
+	movq	%r11, 24($out)
+	movq	%r12, 32($out)
+	movq	%r13, 40($out)
+	movq	%r14, 48($out)
+	movq	%r15, 56($out)
+
+	ret
+.size	__rsaz_512_subtract,.-__rsaz_512_subtract
+___
+}
+{	# __rsaz_512_mul
+	#
+	# input: %rsi - ap, %rbp - bp
+	# output:
+	# clobbers: everything
+my ($ap,$bp) = ("%rsi","%rbp");
+$code.=<<___;
+.type	__rsaz_512_mul,\@abi-omnipotent
+.align	32
+__rsaz_512_mul:
+	leaq	8(%rsp), %rdi
+
+	movq	($ap), %rax
+	mulq	%rbx
+	movq	%rax, (%rdi)
+	movq	8($ap), %rax
+	movq	%rdx, %r8
+
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	16($ap), %rax
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	24($ap), %rax
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	32($ap), %rax
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	40($ap), %rax
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	48($ap), %rax
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	56($ap), %rax
+	movq	%rdx, %r14
+	adcq	\$0, %r14
+	
+	mulq	%rbx
+	addq	%rax, %r14
+	 movq	($ap), %rax
+	movq	%rdx, %r15
+	adcq	\$0, %r15
+
+	leaq	8($bp), $bp
+	leaq	8(%rdi), %rdi
+
+	movl	\$7, %ecx
+	jmp	.Loop_mul
+
+.align	32
+.Loop_mul:
+	movq	($bp), %rbx
+	mulq	%rbx
+	addq	%rax, %r8
+	movq	8($ap), %rax
+	movq	%r8, (%rdi)
+	movq	%rdx, %r8
+	adcq	\$0, %r8
+
+	mulq	%rbx
+	addq	%rax, %r9
+	movq	16($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r9, %r8
+	movq	%rdx, %r9
+	adcq	\$0, %r9
+
+	mulq	%rbx
+	addq	%rax, %r10
+	movq	24($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r10, %r9
+	movq	%rdx, %r10
+	adcq	\$0, %r10
+
+	mulq	%rbx
+	addq	%rax, %r11
+	movq	32($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r11, %r10
+	movq	%rdx, %r11
+	adcq	\$0, %r11
+
+	mulq	%rbx
+	addq	%rax, %r12
+	movq	40($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r12, %r11
+	movq	%rdx, %r12
+	adcq	\$0, %r12
+
+	mulq	%rbx
+	addq	%rax, %r13
+	movq	48($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r13, %r12
+	movq	%rdx, %r13
+	adcq	\$0, %r13
+
+	mulq	%rbx
+	addq	%rax, %r14
+	movq	56($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r14, %r13
+	movq	%rdx, %r14
+	 leaq	8($bp), $bp
+	adcq	\$0, %r14
+
+	mulq	%rbx
+	addq	%rax, %r15
+	 movq	($ap), %rax
+	adcq	\$0, %rdx
+	addq	%r15, %r14
+	movq	%rdx, %r15	
+	adcq	\$0, %r15
+
+	leaq	8(%rdi), %rdi
+
+	decl	%ecx
+	jnz	.Loop_mul
+
+	movq	%r8, (%rdi)
+	movq	%r9, 8(%rdi)
+	movq	%r10, 16(%rdi)
+	movq	%r11, 24(%rdi)
+	movq	%r12, 32(%rdi)
+	movq	%r13, 40(%rdi)
+	movq	%r14, 48(%rdi)
+	movq	%r15, 56(%rdi)
+
+	ret
+.size	__rsaz_512_mul,.-__rsaz_512_mul
+___
+}
+if ($addx) {
+	# __rsaz_512_mulx
+	#
+	# input: %rsi - ap, %rbp - bp
+	# output:
+	# clobbers: everything
+my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi");
+$code.=<<___;
+.type	__rsaz_512_mulx,\@abi-omnipotent
+.align	32
+__rsaz_512_mulx:
+	mulx	($ap), %rbx, %r8	# initial %rdx preloaded by caller
+	mov	\$-6, %rcx
+
+	mulx	8($ap), %rax, %r9
+	movq	%rbx, 8(%rsp)
+
+	mulx	16($ap), %rbx, %r10
+	adc	%rax, %r8
+
+	mulx	24($ap), %rax, %r11
+	adc	%rbx, %r9
+
+	mulx	32($ap), %rbx, %r12
+	adc	%rax, %r10
+
+	mulx	40($ap), %rax, %r13
+	adc	%rbx, %r11
+
+	mulx	48($ap), %rbx, %r14
+	adc	%rax, %r12
+
+	mulx	56($ap), %rax, %r15
+	 mov	8($bp), %rdx
+	adc	%rbx, %r13
+	adc	%rax, %r14
+	adc	\$0, %r15
+
+	xor	$zero, $zero		# cf=0,of=0
+	jmp	.Loop_mulx
+
+.align	32
+.Loop_mulx:
+	movq	%r8, %rbx
+	mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	.byte	0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	mulx	56($ap), %rax, %r15
+	 movq	64($bp,%rcx,8), %rdx
+	 movq	%rbx, 8+64-8(%rsp,%rcx,8)
+	adcx	%rax, %r14
+	adox	$zero, %r15
+	adcx	$zero, %r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Loop_mulx
+
+	movq	%r8, %rbx
+	mulx	($ap), %rax, %r8
+	adcx	%rax, %rbx
+	adox	%r9, %r8
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00	# mulx	8($ap), %rax, %r9
+	adcx	%rax, %r8
+	adox	%r10, %r9
+
+	.byte	0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00	# mulx	16($ap), %rax, %r10
+	adcx	%rax, %r9
+	adox	%r11, %r10
+
+	mulx	24($ap), %rax, %r11
+	adcx	%rax, %r10
+	adox	%r12, %r11
+
+	mulx	32($ap), %rax, %r12
+	adcx	%rax, %r11
+	adox	%r13, %r12
+
+	mulx	40($ap), %rax, %r13
+	adcx	%rax, %r12
+	adox	%r14, %r13
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($ap), %rax, %r14
+	adcx	%rax, %r13
+	adox	%r15, %r14
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($ap), %rax, %r15
+	adcx	%rax, %r14
+	adox	$zero, %r15
+	adcx	$zero, %r15
+
+	mov	%rbx, 8+64-8(%rsp)
+	mov	%r8, 8+64(%rsp)
+	mov	%r9, 8+64+8(%rsp)
+	mov	%r10, 8+64+16(%rsp)
+	mov	%r11, 8+64+24(%rsp)
+	mov	%r12, 8+64+32(%rsp)
+	mov	%r13, 8+64+40(%rsp)
+	mov	%r14, 8+64+48(%rsp)
+	mov	%r15, 8+64+56(%rsp)
+
+	ret
+.size	__rsaz_512_mulx,.-__rsaz_512_mulx
+___
+}
+{
+my ($out,$inp,$power)= $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx");
+$code.=<<___;
+.globl	rsaz_512_scatter4
+.type	rsaz_512_scatter4,\@abi-omnipotent
+.align	16
+rsaz_512_scatter4:
+	leaq	($out,$power,8), $out
+	movl	\$8, %r9d
+	jmp	.Loop_scatter
+.align	16
+.Loop_scatter:
+	movq	($inp), %rax
+	leaq	8($inp), $inp
+	movq	%rax, ($out)
+	leaq	128($out), $out
+	decl	%r9d
+	jnz	.Loop_scatter
+	ret
+.size	rsaz_512_scatter4,.-rsaz_512_scatter4
+
+.globl	rsaz_512_gather4
+.type	rsaz_512_gather4,\@abi-omnipotent
+.align	16
+rsaz_512_gather4:
+___
+$code.=<<___	if ($win64);
+.LSEH_begin_rsaz_512_gather4:
+	.byte	0x48,0x81,0xec,0xa8,0x00,0x00,0x00	# sub    $0xa8,%rsp
+	.byte	0x0f,0x29,0x34,0x24			# movaps %xmm6,(%rsp)
+	.byte	0x0f,0x29,0x7c,0x24,0x10		# movaps %xmm7,0x10(%rsp)
+	.byte	0x44,0x0f,0x29,0x44,0x24,0x20		# movaps %xmm8,0x20(%rsp)
+	.byte	0x44,0x0f,0x29,0x4c,0x24,0x30		# movaps %xmm9,0x30(%rsp)
+	.byte	0x44,0x0f,0x29,0x54,0x24,0x40		# movaps %xmm10,0x40(%rsp)
+	.byte	0x44,0x0f,0x29,0x5c,0x24,0x50		# movaps %xmm11,0x50(%rsp)
+	.byte	0x44,0x0f,0x29,0x64,0x24,0x60		# movaps %xmm12,0x60(%rsp)
+	.byte	0x44,0x0f,0x29,0x6c,0x24,0x70		# movaps %xmm13,0x70(%rsp)
+	.byte	0x44,0x0f,0x29,0xb4,0x24,0x80,0,0,0	# movaps %xmm14,0x80(%rsp)
+	.byte	0x44,0x0f,0x29,0xbc,0x24,0x90,0,0,0	# movaps %xmm15,0x90(%rsp)
+___
+$code.=<<___;
+	movd	$power,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1	# 00000002000000020000000200000002
+	movdqa	.Linc(%rip),%xmm0	# 00000001000000010000000000000000
+
+	pshufd	\$0,%xmm8,%xmm8		# broadcast $power
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..15 to $power
+#
+for($i=0;$i<4;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+	movdqa	%xmm7,%xmm`$i+3`
+___
+}
+for(;$i<7;$i++) {
+$code.=<<___;
+	paddd	%xmm`$i`,%xmm`$i+1`
+	pcmpeqd	%xmm8,%xmm`$i`
+___
+}
+$code.=<<___;
+	pcmpeqd	%xmm8,%xmm7
+	movl	\$8, %r9d
+	jmp	.Loop_gather
+.align	16
+.Loop_gather:
+	movdqa	16*0($inp),%xmm8
+	movdqa	16*1($inp),%xmm9
+	movdqa	16*2($inp),%xmm10
+	movdqa	16*3($inp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	16*4($inp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	16*5($inp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	16*6($inp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	16*7($inp),%xmm15
+	leaq	128($inp), $inp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	\$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,($out)
+	leaq	8($out), $out
+	decl	%r9d
+	jnz	.Loop_gather
+___
+$code.=<<___	if ($win64);
+	movaps	0x00(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	add	\$0xa8,%rsp
+___
+$code.=<<___;
+	ret
+.LSEH_end_rsaz_512_gather4:
+.size	rsaz_512_gather4,.-rsaz_512_gather4
+
+.align	64
+.Linc:
+	.long	0,0, 1,1
+	.long	2,2, 2,2
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	128+24+48(%rax),%rax
+
+	lea	.Lmul_gather4_epilogue(%rip),%rbx
+	cmp	%r10,%rbx
+	jne	.Lse_not_in_mul_gather4
+
+	lea	0xb0(%rax),%rax
+
+	lea	-48-0xa8(%rax),%rsi
+	lea	512($context),%rdi
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lse_not_in_mul_gather4:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_rsaz_512_sqr
+	.rva	.LSEH_end_rsaz_512_sqr
+	.rva	.LSEH_info_rsaz_512_sqr
+
+	.rva	.LSEH_begin_rsaz_512_mul
+	.rva	.LSEH_end_rsaz_512_mul
+	.rva	.LSEH_info_rsaz_512_mul
+
+	.rva	.LSEH_begin_rsaz_512_mul_gather4
+	.rva	.LSEH_end_rsaz_512_mul_gather4
+	.rva	.LSEH_info_rsaz_512_mul_gather4
+
+	.rva	.LSEH_begin_rsaz_512_mul_scatter4
+	.rva	.LSEH_end_rsaz_512_mul_scatter4
+	.rva	.LSEH_info_rsaz_512_mul_scatter4
+
+	.rva	.LSEH_begin_rsaz_512_mul_by_one
+	.rva	.LSEH_end_rsaz_512_mul_by_one
+	.rva	.LSEH_info_rsaz_512_mul_by_one
+
+	.rva	.LSEH_begin_rsaz_512_gather4
+	.rva	.LSEH_end_rsaz_512_gather4
+	.rva	.LSEH_info_rsaz_512_gather4
+
+.section	.xdata
+.align	8
+.LSEH_info_rsaz_512_sqr:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lsqr_body,.Lsqr_epilogue			# HandlerData[]
+.LSEH_info_rsaz_512_mul:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_body,.Lmul_epilogue			# HandlerData[]
+.LSEH_info_rsaz_512_mul_gather4:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_gather4_body,.Lmul_gather4_epilogue	# HandlerData[]
+.LSEH_info_rsaz_512_mul_scatter4:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_scatter4_body,.Lmul_scatter4_epilogue	# HandlerData[]
+.LSEH_info_rsaz_512_mul_by_one:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lmul_by_one_body,.Lmul_by_one_epilogue		# HandlerData[]
+.LSEH_info_rsaz_512_gather4:
+	.byte	0x01,0x46,0x16,0x00
+	.byte	0x46,0xf8,0x09,0x00	# vmovaps 0x90(rsp),xmm15
+	.byte	0x3d,0xe8,0x08,0x00	# vmovaps 0x80(rsp),xmm14
+	.byte	0x34,0xd8,0x07,0x00	# vmovaps 0x70(rsp),xmm13
+	.byte	0x2e,0xc8,0x06,0x00	# vmovaps 0x60(rsp),xmm12
+	.byte	0x28,0xb8,0x05,0x00	# vmovaps 0x50(rsp),xmm11
+	.byte	0x22,0xa8,0x04,0x00	# vmovaps 0x40(rsp),xmm10
+	.byte	0x1c,0x98,0x03,0x00	# vmovaps 0x30(rsp),xmm9
+	.byte	0x16,0x88,0x02,0x00	# vmovaps 0x20(rsp),xmm8
+	.byte	0x10,0x78,0x01,0x00	# vmovaps 0x10(rsp),xmm7
+	.byte	0x0b,0x68,0x00,0x00	# vmovaps 0x00(rsp),xmm6
+	.byte	0x07,0x01,0x15,0x00	# sub     rsp,0xa8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/s390x-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/s390x-gf2m.pl
new file mode 100644
index 0000000..cbd16f4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/s390x-gf2m.pl
@@ -0,0 +1,228 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... gcc 4.3 appeared to generate poor code, therefore
+# the effort. And indeed, the module delivers 55%-90%(*) improvement
+# on haviest ECDSA verify and ECDH benchmarks for 163- and 571-bit
+# key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196.
+# This is for 64-bit build. In 32-bit "highgprs" case improvement is
+# even higher, for example on z990 it was measured 80%-150%. ECDSA
+# sign is modest 9%-12% faster. Keep in mind that these coefficients
+# are not ones for bn_GF2m_mul_2x2 itself, as not all CPU time is
+# burnt in it...
+#
+# (*)	gcc 4.1 was observed to deliver better results than gcc 4.3,
+#	so that improvement coefficients can vary from one specific
+#	setup to another.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+        $SIZE_T=4;
+        $g="";
+} else {
+        $SIZE_T=8;
+        $g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$stdframe=16*$SIZE_T+4*8;
+
+$rp="%r2";
+$a1="%r3";
+$a0="%r4";
+$b1="%r5";
+$b0="%r6";
+
+$ra="%r14";
+$sp="%r15";
+
+@T=("%r0","%r1");
+@i=("%r12","%r13");
+
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(6..11));
+($lo,$hi,$b)=map("%r$_",(3..5)); $a=$lo; $mask=$a8;
+
+$code.=<<___;
+.text
+
+.type	_mul_1x1,\@function
+.align	16
+_mul_1x1:
+	lgr	$a1,$a
+	sllg	$a2,$a,1
+	sllg	$a4,$a,2
+	sllg	$a8,$a,3
+
+	srag	$lo,$a1,63			# broadcast 63rd bit
+	nihh	$a1,0x1fff
+	srag	@i[0],$a2,63			# broadcast 62nd bit
+	nihh	$a2,0x3fff
+	srag	@i[1],$a4,63			# broadcast 61st bit
+	nihh	$a4,0x7fff
+	ngr	$lo,$b
+	ngr	@i[0],$b
+	ngr	@i[1],$b
+
+	lghi	@T[0],0
+	lgr	$a12,$a1
+	stg	@T[0],`$stdframe+0*8`($sp)	# tab[0]=0
+	xgr	$a12,$a2
+	stg	$a1,`$stdframe+1*8`($sp)	# tab[1]=a1
+	 lgr	$a48,$a4
+	stg	$a2,`$stdframe+2*8`($sp)	# tab[2]=a2
+	 xgr	$a48,$a8
+	stg	$a12,`$stdframe+3*8`($sp)	# tab[3]=a1^a2
+	 xgr	$a1,$a4
+
+	stg	$a4,`$stdframe+4*8`($sp)	# tab[4]=a4
+	xgr	$a2,$a4
+	stg	$a1,`$stdframe+5*8`($sp)	# tab[5]=a1^a4
+	xgr	$a12,$a4
+	stg	$a2,`$stdframe+6*8`($sp)	# tab[6]=a2^a4
+	 xgr	$a1,$a48
+	stg	$a12,`$stdframe+7*8`($sp)	# tab[7]=a1^a2^a4
+	 xgr	$a2,$a48
+
+	stg	$a8,`$stdframe+8*8`($sp)	# tab[8]=a8
+	xgr	$a12,$a48
+	stg	$a1,`$stdframe+9*8`($sp)	# tab[9]=a1^a8
+	 xgr	$a1,$a4
+	stg	$a2,`$stdframe+10*8`($sp)	# tab[10]=a2^a8
+	 xgr	$a2,$a4
+	stg	$a12,`$stdframe+11*8`($sp)	# tab[11]=a1^a2^a8
+
+	xgr	$a12,$a4
+	stg	$a48,`$stdframe+12*8`($sp)	# tab[12]=a4^a8
+	 srlg	$hi,$lo,1
+	stg	$a1,`$stdframe+13*8`($sp)	# tab[13]=a1^a4^a8
+	 sllg	$lo,$lo,63
+	stg	$a2,`$stdframe+14*8`($sp)	# tab[14]=a2^a4^a8
+	 srlg	@T[0],@i[0],2
+	stg	$a12,`$stdframe+15*8`($sp)	# tab[15]=a1^a2^a4^a8
+
+	lghi	$mask,`0xf<<3`
+	sllg	$a1,@i[0],62
+	 sllg	@i[0],$b,3
+	srlg	@T[1],@i[1],3
+	 ngr	@i[0],$mask
+	sllg	$a2,@i[1],61
+	 srlg	@i[1],$b,4-3
+	xgr	$hi,@T[0]
+	 ngr	@i[1],$mask
+	xgr	$lo,$a1
+	xgr	$hi,@T[1]
+	xgr	$lo,$a2
+
+	xg	$lo,$stdframe(@i[0],$sp)
+	srlg	@i[0],$b,8-3
+	ngr	@i[0],$mask
+___
+for($n=1;$n<14;$n++) {
+$code.=<<___;
+	lg	@T[1],$stdframe(@i[1],$sp)
+	srlg	@i[1],$b,`($n+2)*4`-3
+	sllg	@T[0],@T[1],`$n*4`
+	ngr	@i[1],$mask
+	srlg	@T[1],@T[1],`64-$n*4`
+	xgr	$lo,@T[0]
+	xgr	$hi,@T[1]
+___
+	push(@i,shift(@i)); push(@T,shift(@T));
+}
+$code.=<<___;
+	lg	@T[1],$stdframe(@i[1],$sp)
+	sllg	@T[0],@T[1],`$n*4`
+	srlg	@T[1],@T[1],`64-$n*4`
+	xgr	$lo,@T[0]
+	xgr	$hi,@T[1]
+
+	lg	@T[0],$stdframe(@i[0],$sp)
+	sllg	@T[1],@T[0],`($n+1)*4`
+	srlg	@T[0],@T[0],`64-($n+1)*4`
+	xgr	$lo,@T[1]
+	xgr	$hi,@T[0]
+
+	br	$ra
+.size	_mul_1x1,.-_mul_1x1
+
+.globl	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,\@function
+.align	16
+bn_GF2m_mul_2x2:
+	stm${g}	%r3,%r15,3*$SIZE_T($sp)
+
+	lghi	%r1,-$stdframe-128
+	la	%r0,0($sp)
+	la	$sp,0(%r1,$sp)			# alloca
+	st${g}	%r0,0($sp)			# back chain
+___
+if ($SIZE_T==8) {
+my @r=map("%r$_",(6..9));
+$code.=<<___;
+	bras	$ra,_mul_1x1			# a1·b1
+	stmg	$lo,$hi,16($rp)
+
+	lg	$a,`$stdframe+128+4*$SIZE_T`($sp)
+	lg	$b,`$stdframe+128+6*$SIZE_T`($sp)
+	bras	$ra,_mul_1x1			# a0·b0
+	stmg	$lo,$hi,0($rp)
+
+	lg	$a,`$stdframe+128+3*$SIZE_T`($sp)
+	lg	$b,`$stdframe+128+5*$SIZE_T`($sp)
+	xg	$a,`$stdframe+128+4*$SIZE_T`($sp)
+	xg	$b,`$stdframe+128+6*$SIZE_T`($sp)
+	bras	$ra,_mul_1x1			# (a0+a1)·(b0+b1)
+	lmg	@r[0],@r[3],0($rp)
+
+	xgr	$lo,$hi
+	xgr	$hi,@r[1]
+	xgr	$lo,@r[0]
+	xgr	$hi,@r[2]
+	xgr	$lo,@r[3]	
+	xgr	$hi,@r[3]
+	xgr	$lo,$hi
+	stg	$hi,16($rp)
+	stg	$lo,8($rp)
+___
+} else {
+$code.=<<___;
+	sllg	%r3,%r3,32
+	sllg	%r5,%r5,32
+	or	%r3,%r4
+	or	%r5,%r6
+	bras	$ra,_mul_1x1
+	rllg	$lo,$lo,32
+	rllg	$hi,$hi,32
+	stmg	$lo,$hi,0($rp)
+___
+}
+$code.=<<___;
+	lm${g}	%r6,%r15,`$stdframe+128+6*$SIZE_T`($sp)
+	br	$ra
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.string	"GF(2^m) Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/s390x-mont.pl b/openssl-1.1.0h/crypto/bn/asm/s390x-mont.pl
new file mode 100644
index 0000000..2205bc2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/s390x-mont.pl
@@ -0,0 +1,284 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# April 2007.
+#
+# Performance improvement over vanilla C code varies from 85% to 45%
+# depending on key length and benchmark. Unfortunately in this context
+# these are not very impressive results [for code that utilizes "wide"
+# 64x64=128-bit multiplication, which is not commonly available to C
+# programmers], at least hand-coded bn_asm.c replacement is known to
+# provide 30-40% better results for longest keys. Well, on a second
+# thought it's not very surprising, because z-CPUs are single-issue
+# and _strictly_ in-order execution, while bn_mul_mont is more or less
+# dependent on CPU ability to pipe-line instructions and have several
+# of them "in-flight" at the same time. I mean while other methods,
+# for example Karatsuba, aim to minimize amount of multiplications at
+# the cost of other operations increase, bn_mul_mont aim to neatly
+# "overlap" multiplications and the other operations [and on most
+# platforms even minimize the amount of the other operations, in
+# particular references to memory]. But it's possible to improve this
+# module performance by implementing dedicated squaring code-path and
+# possibly by unrolling loops...
+
+# January 2009.
+#
+# Reschedule to minimize/avoid Address Generation Interlock hazard,
+# make inner loops counter-based.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. Compatibility with 32-bit BN_ULONG
+# is achieved by swapping words after 64-bit loads, follow _dswap-s.
+# On z990 it was measured to perform 2.6-2.2 times better than
+# compiler-generated code, less for longer keys...
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$stdframe=16*$SIZE_T+4*8;
+
+$mn0="%r0";
+$num="%r1";
+
+# int bn_mul_mont(
+$rp="%r2";		# BN_ULONG *rp,
+$ap="%r3";		# const BN_ULONG *ap,
+$bp="%r4";		# const BN_ULONG *bp,
+$np="%r5";		# const BN_ULONG *np,
+$n0="%r6";		# const BN_ULONG *n0,
+#$num="160(%r15)"	# int num);
+
+$bi="%r2";	# zaps rp
+$j="%r7";
+
+$ahi="%r8";
+$alo="%r9";
+$nhi="%r10";
+$nlo="%r11";
+$AHI="%r12";
+$NHI="%r13";
+$count="%r14";
+$sp="%r15";
+
+$code.=<<___;
+.text
+.globl	bn_mul_mont
+.type	bn_mul_mont,\@function
+bn_mul_mont:
+	lgf	$num,`$stdframe+$SIZE_T-4`($sp)	# pull $num
+	sla	$num,`log($SIZE_T)/log(2)`	# $num to enumerate bytes
+	la	$bp,0($num,$bp)
+
+	st${g}	%r2,2*$SIZE_T($sp)
+
+	cghi	$num,16		#
+	lghi	%r2,0		#
+	blr	%r14		# if($num<16) return 0;
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	tmll	$num,4
+	bnzr	%r14		# if ($num&1) return 0;
+___
+$code.=<<___ if ($flavour !~ /3[12]/);
+	cghi	$num,96		#
+	bhr	%r14		# if($num>96) return 0;
+___
+$code.=<<___;
+	stm${g}	%r3,%r15,3*$SIZE_T($sp)
+
+	lghi	$rp,-$stdframe-8	# leave room for carry bit
+	lcgr	$j,$num		# -$num
+	lgr	%r0,$sp
+	la	$rp,0($rp,$sp)
+	la	$sp,0($j,$rp)	# alloca
+	st${g}	%r0,0($sp)	# back chain
+
+	sra	$num,3		# restore $num
+	la	$bp,0($j,$bp)	# restore $bp
+	ahi	$num,-1		# adjust $num for inner loop
+	lg	$n0,0($n0)	# pull n0
+	_dswap	$n0
+
+	lg	$bi,0($bp)
+	_dswap	$bi
+	lg	$alo,0($ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[0]*bp[0]
+	lgr	$AHI,$ahi
+
+	lgr	$mn0,$alo	# "tp[0]"*n0
+	msgr	$mn0,$n0
+
+	lg	$nlo,0($np)	#
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[0]*m1
+	algr	$nlo,$alo	# +="tp[0]"
+	lghi	$NHI,0
+	alcgr	$NHI,$nhi
+
+	la	$j,8(%r0)	# j=1
+	lr	$count,$num
+
+.align	16
+.L1st:
+	lg	$alo,0($j,$ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[j]*bp[0]
+	algr	$alo,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$ahi
+
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[j]*m1
+	algr	$nlo,$NHI
+	lghi	$NHI,0
+	alcgr	$nhi,$NHI	# +="tp[j]"
+	algr	$nlo,$alo
+	alcgr	$NHI,$nhi
+
+	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
+	la	$j,8($j)	# j++
+	brct	$count,.L1st
+
+	algr	$NHI,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$AHI	# upmost overflow bit
+	stg	$NHI,$stdframe-8($j,$sp)
+	stg	$AHI,$stdframe($j,$sp)
+	la	$bp,8($bp)	# bp++
+
+.Louter:
+	lg	$bi,0($bp)	# bp[i]
+	_dswap	$bi
+	lg	$alo,0($ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[0]*bp[i]
+	alg	$alo,$stdframe($sp)	# +=tp[0]
+	lghi	$AHI,0
+	alcgr	$AHI,$ahi
+
+	lgr	$mn0,$alo
+	msgr	$mn0,$n0	# tp[0]*n0
+
+	lg	$nlo,0($np)	# np[0]
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[0]*m1
+	algr	$nlo,$alo	# +="tp[0]"
+	lghi	$NHI,0
+	alcgr	$NHI,$nhi
+
+	la	$j,8(%r0)	# j=1
+	lr	$count,$num
+
+.align	16
+.Linner:
+	lg	$alo,0($j,$ap)
+	_dswap	$alo
+	mlgr	$ahi,$bi	# ap[j]*bp[i]
+	algr	$alo,$AHI
+	lghi	$AHI,0
+	alcgr	$ahi,$AHI
+	alg	$alo,$stdframe($j,$sp)# +=tp[j]
+	alcgr	$AHI,$ahi
+
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	mlgr	$nhi,$mn0	# np[j]*m1
+	algr	$nlo,$NHI
+	lghi	$NHI,0
+	alcgr	$nhi,$NHI
+	algr	$nlo,$alo	# +="tp[j]"
+	alcgr	$NHI,$nhi
+
+	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
+	la	$j,8($j)	# j++
+	brct	$count,.Linner
+
+	algr	$NHI,$AHI
+	lghi	$AHI,0
+	alcgr	$AHI,$AHI
+	alg	$NHI,$stdframe($j,$sp)# accumulate previous upmost overflow bit
+	lghi	$ahi,0
+	alcgr	$AHI,$ahi	# new upmost overflow bit
+	stg	$NHI,$stdframe-8($j,$sp)
+	stg	$AHI,$stdframe($j,$sp)
+
+	la	$bp,8($bp)	# bp++
+	cl${g}	$bp,`$stdframe+8+4*$SIZE_T`($j,$sp)	# compare to &bp[num]
+	jne	.Louter
+
+	l${g}	$rp,`$stdframe+8+2*$SIZE_T`($j,$sp)	# reincarnate rp
+	la	$ap,$stdframe($sp)
+	ahi	$num,1		# restore $num, incidentally clears "borrow"
+
+	la	$j,0(%r0)
+	lr	$count,$num
+.Lsub:	lg	$alo,0($j,$ap)
+	lg	$nlo,0($j,$np)
+	_dswap	$nlo
+	slbgr	$alo,$nlo
+	stg	$alo,0($j,$rp)
+	la	$j,8($j)
+	brct	$count,.Lsub
+	lghi	$ahi,0
+	slbgr	$AHI,$ahi	# handle upmost carry
+
+	ngr	$ap,$AHI
+	lghi	$np,-1
+	xgr	$np,$AHI
+	ngr	$np,$rp
+	ogr	$ap,$np		# ap=borrow?tp:rp
+
+	la	$j,0(%r0)
+	lgr	$count,$num
+.Lcopy:	lg	$alo,0($j,$ap)		# copy or in-place refresh
+	_dswap	$alo
+	stg	$j,$stdframe($j,$sp)	# zap tp
+	stg	$alo,0($j,$rp)
+	la	$j,8($j)
+	brct	$count,.Lcopy
+
+	la	%r1,`$stdframe+8+6*$SIZE_T`($j,$sp)
+	lm${g}	%r6,%r15,0(%r1)
+	lghi	%r2,1		# signal "processed"
+	br	%r14
+.size	bn_mul_mont,.-bn_mul_mont
+.string	"Montgomery Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/s390x.S b/openssl-1.1.0h/crypto/bn/asm/s390x.S
new file mode 100644
index 0000000..292a7a9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/s390x.S
@@ -0,0 +1,713 @@
+.ident "s390x.S, version 1.1"
+// ====================================================================
+// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+// ====================================================================
+
+.text
+
+#define zero	%r0
+
+// BN_ULONG bn_mul_add_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
+.globl	bn_mul_add_words
+.type	bn_mul_add_words,@function
+.align	4
+bn_mul_add_words:
+	lghi	zero,0		// zero = 0
+	la	%r1,0(%r2)	// put rp aside [to give way to]
+	lghi	%r2,0		// return value
+	ltgfr	%r4,%r4
+	bler	%r14		// if (len<=0) return 0;
+
+	stmg	%r6,%r13,48(%r15)
+	lghi	%r2,3
+	lghi	%r12,0		// carry = 0
+	slgr	%r1,%r3		// rp-=ap
+	nr	%r2,%r4		// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_madd	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
+
+	lg	%r7,0(%r3)	// ap[0]
+	lg	%r9,8(%r3)	// ap[1]
+	mlgr	%r6,%r5		// *=w
+	brct	%r4,.Loop4_madd
+	j	.Loop4_madd_tail
+
+.Loop4_madd:
+	mlgr	%r8,%r5
+	lg	%r11,16(%r3)	// ap[i+2]
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	mlgr	%r10,%r5
+	lg	%r13,24(%r3)
+	alcgr	%r9,%r6
+	alcgr	%r8,zero
+	alg	%r9,8(%r3,%r1)
+	stg	%r9,8(%r3,%r1)
+
+	mlgr	%r12,%r5
+	lg	%r7,32(%r3)
+	alcgr	%r11,%r8
+	alcgr	%r10,zero
+	alg	%r11,16(%r3,%r1)
+	stg	%r11,16(%r3,%r1)
+
+	mlgr	%r6,%r5
+	lg	%r9,40(%r3)
+	alcgr	%r13,%r10
+	alcgr	%r12,zero
+	alg	%r13,24(%r3,%r1)
+	stg	%r13,24(%r3,%r1)
+
+	la	%r3,32(%r3)	// i+=4
+	brct	%r4,.Loop4_madd
+
+.Loop4_madd_tail:
+	mlgr	%r8,%r5
+	lg	%r11,16(%r3)
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	mlgr	%r10,%r5
+	lg	%r13,24(%r3)
+	alcgr	%r9,%r6
+	alcgr	%r8,zero
+	alg	%r9,8(%r3,%r1)
+	stg	%r9,8(%r3,%r1)
+
+	mlgr	%r12,%r5
+	alcgr	%r11,%r8
+	alcgr	%r10,zero
+	alg	%r11,16(%r3,%r1)
+	stg	%r11,16(%r3,%r1)
+
+	alcgr	%r13,%r10
+	alcgr	%r12,zero
+	alg	%r13,24(%r3,%r1)
+	stg	%r13,24(%r3,%r1)
+
+	la	%r3,32(%r3)	// i+=4
+
+	la	%r2,1(%r2)	// see if len%4 is zero ...
+	brct	%r2,.Loop1_madd	// without touching condition code:-)
+
+.Lend_madd:
+	lgr	%r2,zero	// return value
+	alcgr	%r2,%r12	// collect even carry bit
+	lmg	%r6,%r13,48(%r15)
+	br	%r14
+
+.Loop1_madd:
+	lg	%r7,0(%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r12	// +=carry
+	alcgr	%r6,zero
+	alg	%r7,0(%r3,%r1)	// +=rp[i]
+	stg	%r7,0(%r3,%r1)	// rp[i]=
+
+	lgr	%r12,%r6
+	la	%r3,8(%r3)	// i++
+	brct	%r2,.Loop1_madd
+
+	j	.Lend_madd
+.size	bn_mul_add_words,.-bn_mul_add_words
+
+// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
+.globl	bn_mul_words
+.type	bn_mul_words,@function
+.align	4
+bn_mul_words:
+	lghi	zero,0		// zero = 0
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0;
+	ltgfr	%r4,%r4
+	bler	%r14		// if (len<=0) return 0;
+
+	stmg	%r6,%r10,48(%r15)
+	lghi	%r10,3
+	lghi	%r8,0		// carry = 0
+	nr	%r10,%r4	// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_mul	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
+
+.Loop4_mul:
+	lg	%r7,0(%r2,%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r8		// +=carry
+	stg	%r7,0(%r2,%r1)	// rp[i]=
+
+	lg	%r9,8(%r2,%r3)
+	mlgr	%r8,%r5
+	alcgr	%r9,%r6
+	stg	%r9,8(%r2,%r1)
+
+	lg	%r7,16(%r2,%r3)
+	mlgr	%r6,%r5
+	alcgr	%r7,%r8
+	stg	%r7,16(%r2,%r1)
+
+	lg	%r9,24(%r2,%r3)
+	mlgr	%r8,%r5
+	alcgr	%r9,%r6
+	stg	%r9,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r4,.Loop4_mul
+
+	la	%r10,1(%r10)		// see if len%4 is zero ...
+	brct	%r10,.Loop1_mul		// without touching condition code:-)
+
+.Lend_mul:
+	alcgr	%r8,zero	// collect carry bit
+	lgr	%r2,%r8
+	lmg	%r6,%r10,48(%r15)
+	br	%r14
+
+.Loop1_mul:
+	lg	%r7,0(%r2,%r3)	// ap[i]
+	mlgr	%r6,%r5		// *=w
+	alcgr	%r7,%r8		// +=carry
+	stg	%r7,0(%r2,%r1)	// rp[i]=
+
+	lgr	%r8,%r6
+	la	%r2,8(%r2)	// i++
+	brct	%r10,.Loop1_mul
+
+	j	.Lend_mul
+.size	bn_mul_words,.-bn_mul_words
+
+// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
+.globl	bn_sqr_words
+.type	bn_sqr_words,@function
+.align	4
+bn_sqr_words:
+	ltgfr	%r4,%r4
+	bler	%r14
+
+	stmg	%r6,%r7,48(%r15)
+	srag	%r1,%r4,2	// cnt=len/4
+	jz	.Loop1_sqr
+
+.Loop4_sqr:
+	lg	%r7,0(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,0(%r2)
+	stg	%r6,8(%r2)
+
+	lg	%r7,8(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,16(%r2)
+	stg	%r6,24(%r2)
+
+	lg	%r7,16(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,32(%r2)
+	stg	%r6,40(%r2)
+
+	lg	%r7,24(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,48(%r2)
+	stg	%r6,56(%r2)
+
+	la	%r3,32(%r3)
+	la	%r2,64(%r2)
+	brct	%r1,.Loop4_sqr
+
+	lghi	%r1,3
+	nr	%r4,%r1		// cnt=len%4
+	jz	.Lend_sqr
+
+.Loop1_sqr:
+	lg	%r7,0(%r3)
+	mlgr	%r6,%r7
+	stg	%r7,0(%r2)
+	stg	%r6,8(%r2)
+
+	la	%r3,8(%r3)
+	la	%r2,16(%r2)
+	brct	%r4,.Loop1_sqr
+
+.Lend_sqr:
+	lmg	%r6,%r7,48(%r15)
+	br	%r14
+.size	bn_sqr_words,.-bn_sqr_words
+
+// BN_ULONG bn_div_words(BN_ULONG h,BN_ULONG l,BN_ULONG d);
+.globl	bn_div_words
+.type	bn_div_words,@function
+.align	4
+bn_div_words:
+	dlgr	%r2,%r4
+	lgr	%r2,%r3
+	br	%r14
+.size	bn_div_words,.-bn_div_words
+
+// BN_ULONG bn_add_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
+.globl	bn_add_words
+.type	bn_add_words,@function
+.align	4
+bn_add_words:
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0
+	ltgfr	%r5,%r5
+	bler	%r14		// if (len<=0) return 0;
+
+	stg	%r6,48(%r15)
+	lghi	%r6,3
+	nr	%r6,%r5		// len%4
+	sra	%r5,2		// len/4, use sra because it sets condition code
+	jz	.Loop1_add	// carry is incidentally cleared if branch taken
+	algr	%r2,%r2		// clear carry
+
+.Loop4_add:
+	lg	%r0,0(%r2,%r3)
+	alcg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+	lg	%r0,8(%r2,%r3)
+	alcg	%r0,8(%r2,%r4)
+	stg	%r0,8(%r2,%r1)
+	lg	%r0,16(%r2,%r3)
+	alcg	%r0,16(%r2,%r4)
+	stg	%r0,16(%r2,%r1)
+	lg	%r0,24(%r2,%r3)
+	alcg	%r0,24(%r2,%r4)
+	stg	%r0,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r5,.Loop4_add
+
+	la	%r6,1(%r6)	// see if len%4 is zero ...
+	brct	%r6,.Loop1_add	// without touching condition code:-)
+
+.Lexit_add:
+	lghi	%r2,0
+	alcgr	%r2,%r2
+	lg	%r6,48(%r15)
+	br	%r14
+
+.Loop1_add:
+	lg	%r0,0(%r2,%r3)
+	alcg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+
+	la	%r2,8(%r2)	// i++
+	brct	%r6,.Loop1_add
+
+	j	.Lexit_add
+.size	bn_add_words,.-bn_add_words
+
+// BN_ULONG bn_sub_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
+.globl	bn_sub_words
+.type	bn_sub_words,@function
+.align	4
+bn_sub_words:
+	la	%r1,0(%r2)	// put rp aside
+	lghi	%r2,0		// i=0
+	ltgfr	%r5,%r5
+	bler	%r14		// if (len<=0) return 0;
+
+	stg	%r6,48(%r15)
+	lghi	%r6,3
+	nr	%r6,%r5		// len%4
+	sra	%r5,2		// len/4, use sra because it sets condition code
+	jnz	.Loop4_sub	// borrow is incidentally cleared if branch taken
+	slgr	%r2,%r2		// clear borrow
+
+.Loop1_sub:
+	lg	%r0,0(%r2,%r3)
+	slbg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+
+	la	%r2,8(%r2)	// i++
+	brct	%r6,.Loop1_sub
+	j	.Lexit_sub
+
+.Loop4_sub:
+	lg	%r0,0(%r2,%r3)
+	slbg	%r0,0(%r2,%r4)
+	stg	%r0,0(%r2,%r1)
+	lg	%r0,8(%r2,%r3)
+	slbg	%r0,8(%r2,%r4)
+	stg	%r0,8(%r2,%r1)
+	lg	%r0,16(%r2,%r3)
+	slbg	%r0,16(%r2,%r4)
+	stg	%r0,16(%r2,%r1)
+	lg	%r0,24(%r2,%r3)
+	slbg	%r0,24(%r2,%r4)
+	stg	%r0,24(%r2,%r1)
+
+	la	%r2,32(%r2)	// i+=4
+	brct	%r5,.Loop4_sub
+
+	la	%r6,1(%r6)	// see if len%4 is zero ...
+	brct	%r6,.Loop1_sub	// without touching condition code:-)
+
+.Lexit_sub:
+	lghi	%r2,0
+	slbgr	%r2,%r2
+	lcgr	%r2,%r2
+	lg	%r6,48(%r15)
+	br	%r14
+.size	bn_sub_words,.-bn_sub_words
+
+#define c1	%r1
+#define c2	%r5
+#define c3	%r8
+
+#define mul_add_c(ai,bi,c1,c2,c3)	\
+	lg	%r7,ai*8(%r3);		\
+	mlg	%r6,bi*8(%r4);		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+// void bn_mul_comba8(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
+.globl	bn_mul_comba8
+.type	bn_mul_comba8,@function
+.align	4
+bn_mul_comba8:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	mul_add_c(0,0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(0,1,c2,c3,c1);
+	mul_add_c(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,0,c3,c1,c2);
+	mul_add_c(1,1,c3,c1,c2);
+	mul_add_c(0,2,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(0,3,c1,c2,c3);
+	mul_add_c(1,2,c1,c2,c3);
+	mul_add_c(2,1,c1,c2,c3);
+	mul_add_c(3,0,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(4,0,c2,c3,c1);
+	mul_add_c(3,1,c2,c3,c1);
+	mul_add_c(2,2,c2,c3,c1);
+	mul_add_c(1,3,c2,c3,c1);
+	mul_add_c(0,4,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(0,5,c3,c1,c2);
+	mul_add_c(1,4,c3,c1,c2);
+	mul_add_c(2,3,c3,c1,c2);
+	mul_add_c(3,2,c3,c1,c2);
+	mul_add_c(4,1,c3,c1,c2);
+	mul_add_c(5,0,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(6,0,c1,c2,c3);
+	mul_add_c(5,1,c1,c2,c3);
+	mul_add_c(4,2,c1,c2,c3);
+	mul_add_c(3,3,c1,c2,c3);
+	mul_add_c(2,4,c1,c2,c3);
+	mul_add_c(1,5,c1,c2,c3);
+	mul_add_c(0,6,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(0,7,c2,c3,c1);
+	mul_add_c(1,6,c2,c3,c1);
+	mul_add_c(2,5,c2,c3,c1);
+	mul_add_c(3,4,c2,c3,c1);
+	mul_add_c(4,3,c2,c3,c1);
+	mul_add_c(5,2,c2,c3,c1);
+	mul_add_c(6,1,c2,c3,c1);
+	mul_add_c(7,0,c2,c3,c1);
+	stg	c2,7*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(7,1,c3,c1,c2);
+	mul_add_c(6,2,c3,c1,c2);
+	mul_add_c(5,3,c3,c1,c2);
+	mul_add_c(4,4,c3,c1,c2);
+	mul_add_c(3,5,c3,c1,c2);
+	mul_add_c(2,6,c3,c1,c2);
+	mul_add_c(1,7,c3,c1,c2);
+	stg	c3,8*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(2,7,c1,c2,c3);
+	mul_add_c(3,6,c1,c2,c3);
+	mul_add_c(4,5,c1,c2,c3);
+	mul_add_c(5,4,c1,c2,c3);
+	mul_add_c(6,3,c1,c2,c3);
+	mul_add_c(7,2,c1,c2,c3);
+	stg	c1,9*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(7,3,c2,c3,c1);
+	mul_add_c(6,4,c2,c3,c1);
+	mul_add_c(5,5,c2,c3,c1);
+	mul_add_c(4,6,c2,c3,c1);
+	mul_add_c(3,7,c2,c3,c1);
+	stg	c2,10*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(4,7,c3,c1,c2);
+	mul_add_c(5,6,c3,c1,c2);
+	mul_add_c(6,5,c3,c1,c2);
+	mul_add_c(7,4,c3,c1,c2);
+	stg	c3,11*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(7,5,c1,c2,c3);
+	mul_add_c(6,6,c1,c2,c3);
+	mul_add_c(5,7,c1,c2,c3);
+	stg	c1,12*8(%r2)
+	lghi	c1,0
+
+
+	mul_add_c(6,7,c2,c3,c1);
+	mul_add_c(7,6,c2,c3,c1);
+	stg	c2,13*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(7,7,c3,c1,c2);
+	stg	c3,14*8(%r2)
+	stg	c1,15*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_mul_comba8,.-bn_mul_comba8
+
+// void bn_mul_comba4(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
+.globl	bn_mul_comba4
+.type	bn_mul_comba4,@function
+.align	4
+bn_mul_comba4:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	mul_add_c(0,0,c1,c2,c3);
+	stg	c1,0*8(%r3)
+	lghi	c1,0
+
+	mul_add_c(0,1,c2,c3,c1);
+	mul_add_c(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,0,c3,c1,c2);
+	mul_add_c(1,1,c3,c1,c2);
+	mul_add_c(0,2,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(0,3,c1,c2,c3);
+	mul_add_c(1,2,c1,c2,c3);
+	mul_add_c(2,1,c1,c2,c3);
+	mul_add_c(3,0,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	mul_add_c(3,1,c2,c3,c1);
+	mul_add_c(2,2,c2,c3,c1);
+	mul_add_c(1,3,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	mul_add_c(2,3,c3,c1,c2);
+	mul_add_c(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	mul_add_c(3,3,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	stg	c2,7*8(%r2)
+
+	stmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_mul_comba4,.-bn_mul_comba4
+
+#define sqr_add_c(ai,c1,c2,c3)		\
+	lg	%r7,ai*8(%r3);		\
+	mlgr	%r6,%r7;		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+#define sqr_add_c2(ai,aj,c1,c2,c3)	\
+	lg	%r7,ai*8(%r3);		\
+	mlg	%r6,aj*8(%r3);		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero;		\
+	algr	c1,%r7;			\
+	alcgr	c2,%r6;			\
+	alcgr	c3,zero
+
+// void bn_sqr_comba8(BN_ULONG *r2,BN_ULONG *r3);
+.globl	bn_sqr_comba8
+.type	bn_sqr_comba8,@function
+.align	4
+bn_sqr_comba8:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	sqr_add_c(0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(1,c3,c1,c2);
+	sqr_add_c2(2,0,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(3,0,c1,c2,c3);
+	sqr_add_c2(2,1,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(2,c2,c3,c1);
+	sqr_add_c2(3,1,c2,c3,c1);
+	sqr_add_c2(4,0,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(5,0,c3,c1,c2);
+	sqr_add_c2(4,1,c3,c1,c2);
+	sqr_add_c2(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(3,c1,c2,c3);
+	sqr_add_c2(4,2,c1,c2,c3);
+	sqr_add_c2(5,1,c1,c2,c3);
+	sqr_add_c2(6,0,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(7,0,c2,c3,c1);
+	sqr_add_c2(6,1,c2,c3,c1);
+	sqr_add_c2(5,2,c2,c3,c1);
+	sqr_add_c2(4,3,c2,c3,c1);
+	stg	c2,7*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(4,c3,c1,c2);
+	sqr_add_c2(5,3,c3,c1,c2);
+	sqr_add_c2(6,2,c3,c1,c2);
+	sqr_add_c2(7,1,c3,c1,c2);
+	stg	c3,8*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(7,2,c1,c2,c3);
+	sqr_add_c2(6,3,c1,c2,c3);
+	sqr_add_c2(5,4,c1,c2,c3);
+	stg	c1,9*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(5,c2,c3,c1);
+	sqr_add_c2(6,4,c2,c3,c1);
+	sqr_add_c2(7,3,c2,c3,c1);
+	stg	c2,10*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(7,4,c3,c1,c2);
+	sqr_add_c2(6,5,c3,c1,c2);
+	stg	c3,11*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(6,c1,c2,c3);
+	sqr_add_c2(7,5,c1,c2,c3);
+	stg	c1,12*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(7,6,c2,c3,c1);
+	stg	c2,13*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(7,c3,c1,c2);
+	stg	c3,14*8(%r2)
+	stg	c1,15*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_sqr_comba8,.-bn_sqr_comba8
+
+// void bn_sqr_comba4(BN_ULONG *r2,BN_ULONG *r3);
+.globl bn_sqr_comba4
+.type	bn_sqr_comba4,@function
+.align	4
+bn_sqr_comba4:
+	stmg	%r6,%r8,48(%r15)
+
+	lghi	c1,0
+	lghi	c2,0
+	lghi	c3,0
+	lghi	zero,0
+
+	sqr_add_c(0,c1,c2,c3);
+	stg	c1,0*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c2(1,0,c2,c3,c1);
+	stg	c2,1*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c(1,c3,c1,c2);
+	sqr_add_c2(2,0,c3,c1,c2);
+	stg	c3,2*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c2(3,0,c1,c2,c3);
+	sqr_add_c2(2,1,c1,c2,c3);
+	stg	c1,3*8(%r2)
+	lghi	c1,0
+
+	sqr_add_c(2,c2,c3,c1);
+	sqr_add_c2(3,1,c2,c3,c1);
+	stg	c2,4*8(%r2)
+	lghi	c2,0
+
+	sqr_add_c2(3,2,c3,c1,c2);
+	stg	c3,5*8(%r2)
+	lghi	c3,0
+
+	sqr_add_c(3,c1,c2,c3);
+	stg	c1,6*8(%r2)
+	stg	c2,7*8(%r2)
+
+	lmg	%r6,%r8,48(%r15)
+	br	%r14
+.size	bn_sqr_comba4,.-bn_sqr_comba4
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparct4-mont.pl b/openssl-1.1.0h/crypto/bn/asm/sparct4-mont.pl
new file mode 100755
index 0000000..4faf66f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparct4-mont.pl
@@ -0,0 +1,1232 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
+# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# license. November 2012. All rights reserved.
+# ====================================================================
+
+######################################################################
+# Montgomery squaring-n-multiplication module for SPARC T4.
+#
+# The module consists of three parts:
+#
+# 1) collection of "single-op" subroutines that perform single
+#    operation, Montgomery squaring or multiplication, on 512-,
+#    1024-, 1536- and 2048-bit operands;
+# 2) collection of "multi-op" subroutines that perform 5 squaring and
+#    1 multiplication operations on operands of above lengths;
+# 3) fall-back and helper VIS3 subroutines.
+#
+# RSA sign is dominated by multi-op subroutine, while RSA verify and
+# DSA - by single-op. Special note about 4096-bit RSA verify result.
+# Operands are too long for dedicated hardware and it's handled by
+# VIS3 code, which is why you don't see any improvement. It's surely
+# possible to improve it [by deploying 'mpmul' instruction], maybe in
+# the future...
+#
+# Performance improvement.
+#
+# 64-bit process, VIS3:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000628s 0.000028s   1592.4  35434.4
+# rsa 2048 bits 0.003282s 0.000106s    304.7   9438.3
+# rsa 4096 bits 0.025866s 0.000340s     38.7   2940.9
+# dsa 1024 bits 0.000301s 0.000332s   3323.7   3013.9
+# dsa 2048 bits 0.001056s 0.001233s    946.9    810.8
+#
+# 64-bit process, this module:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000256s 0.000016s   3904.4  61411.9
+# rsa 2048 bits 0.000946s 0.000029s   1056.8  34292.7
+# rsa 4096 bits 0.005061s 0.000340s    197.6   2940.5
+# dsa 1024 bits 0.000176s 0.000195s   5674.7   5130.5
+# dsa 2048 bits 0.000296s 0.000354s   3383.2   2827.6
+#
+######################################################################
+# 32-bit process, VIS3:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000665s 0.000028s   1504.8  35233.3
+# rsa 2048 bits 0.003349s 0.000106s    298.6   9433.4
+# rsa 4096 bits 0.025959s 0.000341s     38.5   2934.8
+# dsa 1024 bits 0.000320s 0.000341s   3123.3   2929.6
+# dsa 2048 bits 0.001101s 0.001260s    908.2    793.4
+#
+# 32-bit process, this module:
+#                   sign    verify    sign/s verify/s
+# rsa 1024 bits 0.000301s 0.000017s   3317.1  60240.0
+# rsa 2048 bits 0.001034s 0.000030s    966.9  33812.7
+# rsa 4096 bits 0.005244s 0.000341s    190.7   2935.4
+# dsa 1024 bits 0.000201s 0.000205s   4976.1   4879.2
+# dsa 2048 bits 0.000328s 0.000360s   3051.1   2774.2
+#
+# 32-bit code is prone to performance degradation as interrupt rate
+# dispatched to CPU executing the code grows. This is because in
+# standard process of handling interrupt in 32-bit process context
+# upper halves of most integer registers used as input or output are
+# zeroed. This renders result invalid, and operation has to be re-run.
+# If CPU is "bothered" with timer interrupts only, the penalty is
+# hardly measurable. But in order to mitigate this problem for higher
+# interrupt rates contemporary Linux kernel recognizes biased stack
+# even in 32-bit process context and preserves full register contents.
+# See http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517ffce4e1a03aea979fe3a18a3dd1761a24fafb
+# for details.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef	__PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+___
+
+########################################################################
+# Register layout for mont[mul|sqr] instructions.
+# For details see "Oracle SPARC Architecture 2011" manual at
+# http://www.oracle.com/technetwork/server-storage/sun-sparc-enterprise/documentation/.
+#
+my @R=map("%f".2*$_,(0..11,30,31,12..29));
+my @N=(map("%l$_",(0..7)),map("%o$_",(0..5))); @N=(@N,@N,@N[0..3]);
+my @A=(@N[0..13],@R[14..31]);
+my @B=(map("%i$_",(0..5)),map("%l$_",(0..7))); @B=(@B,@B,map("%o$_",(0..3)));
+
+########################################################################
+# int bn_mul_mont_t4_$NUM(u64 *rp,const u64 *ap,const u64 *bp,
+#			  const u64 *np,const BN_ULONG *n0);
+#
+sub generate_bn_mul_mont_t4() {
+my $NUM=shift;
+my ($rp,$ap,$bp,$np,$sentinel)=map("%g$_",(1..5));
+
+$code.=<<___;
+.globl	bn_mul_mont_t4_$NUM
+.align	32
+bn_mul_mont_t4_$NUM:
+#ifdef	__arch64__
+	mov	0,$sentinel
+	mov	-128,%g4
+#elif defined(SPARCV9_64BIT_STACK)
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+0],%g1	! OPENSSL_sparcv9_P[0]
+	mov	-2047,%g4
+	and	%g1,SPARCV9_64BIT_STACK,%g1
+	movrz	%g1,0,%g4
+	mov	-1,$sentinel
+	add	%g4,-128,%g4
+#else
+	mov	-1,$sentinel
+	mov	-128,%g4
+#endif
+	sllx	$sentinel,32,$sentinel
+	save	%sp,%g4,%sp
+#ifndef	__arch64__
+	save	%sp,-128,%sp	! warm it up
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	restore
+	restore
+	restore
+	restore
+	restore
+	restore
+#endif
+	and	%sp,1,%g4
+	or	$sentinel,%fp,%fp
+	or	%g4,$sentinel,$sentinel
+
+	! copy arguments to global registers
+	mov	%i0,$rp
+	mov	%i1,$ap
+	mov	%i2,$bp
+	mov	%i3,$np
+	ld	[%i4+0],%f1	! load *n0
+	ld	[%i4+4],%f0
+	fsrc2	%f0,%f60
+___
+
+# load ap[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@A[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$ap+$i*8+0],$lo
+	ld	[$ap+$i*8+4],@A[$i]
+	sllx	@A[$i],32,@A[$i]
+	or	$lo,@A[$i],@A[$i]
+___
+}
+for(; $i<$NUM; $i++) {
+my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1));
+$code.=<<___;
+	ld	[$ap+$i*8+0],$lo
+	ld	[$ap+$i*8+4],$hi
+	fsrc2	$hi,@A[$i]
+___
+}
+# load np[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<28 && $i<$NUM; $i++) {
+my $lo=$i<27?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+my $lo=($i<$NUM-1)?@N[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$np+$i*8+0],$lo
+	ld	[$np+$i*8+4],@N[$i]
+	sllx	@N[$i],32,@N[$i]
+	or	$lo,@N[$i],@N[$i]
+___
+}
+$code.=<<___;
+	cmp	$ap,$bp
+	be	SIZE_T_CC,.Lmsquare_$NUM
+	nop
+___
+
+# load bp[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+my $lo=$i<13?@B[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$bp+$i*8+0],$lo
+	ld	[$bp+$i*8+4],@B[$i]
+	sllx	@B[$i],32,@B[$i]
+	or	$lo,@B[$i],@B[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+my $lo=($i<$NUM-1)?@B[$i+1]:"%o7";
+$code.=<<___;
+	ld	[$bp+$i*8+0],$lo
+	ld	[$bp+$i*8+4],@B[$i]
+	sllx	@B[$i],32,@B[$i]
+	or	$lo,@B[$i],@B[$i]
+___
+}
+# magic ################################################################
+$code.=<<___;
+	.word	0x81b02920+$NUM-1	! montmul	$NUM-1
+.Lmresume_$NUM:
+	fbu,pn	%fcc3,.Lmabort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Lmabort_$NUM
+#endif
+	nop
+#ifdef	__arch64__
+	restore
+	restore
+	restore
+	restore
+	restore
+#else
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	 brz,pn	$sentinel,.Lmabort1_$NUM
+	restore
+#endif
+___
+
+# save tp[$NUM] ########################################################
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	movxtod	@A[$i],@R[$i]
+___
+}
+$code.=<<___;
+#ifdef	__arch64__
+	restore
+#else
+	 and	%fp,$sentinel,$sentinel
+	restore
+	 and	$sentinel,1,%o7
+	 and	%fp,$sentinel,$sentinel
+	 srl	%fp,0,%fp		! just in case?
+	 or	%o7,$sentinel,$sentinel
+	brz,a,pn $sentinel,.Lmdone_$NUM
+	mov	0,%i0		! return failure
+#endif
+___
+for($i=0; $i<12 && $i<$NUM; $i++) {
+@R[$i] =~ /%f([0-9]+)/;
+my $lo = "%f".($1+1);
+$code.=<<___;
+	st	$lo,[$rp+$i*8+0]
+	st	@R[$i],[$rp+$i*8+4]
+___
+}
+for(; $i<$NUM; $i++) {
+my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1));
+$code.=<<___;
+	fsrc2	@R[$i],$hi
+	st	$lo,[$rp+$i*8+0]
+	st	$hi,[$rp+$i*8+4]
+___
+}
+$code.=<<___;
+	mov	1,%i0		! return success
+.Lmdone_$NUM:
+	ret
+	restore
+
+.Lmabort_$NUM:
+	restore
+	restore
+	restore
+	restore
+	restore
+.Lmabort1_$NUM:
+	restore
+
+	mov	0,%i0		! return failure
+	ret
+	restore
+
+.align	32
+.Lmsquare_$NUM:
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+	.word   0x81b02940+$NUM-1	! montsqr	$NUM-1
+	ba	.Lmresume_$NUM
+	nop
+.type	bn_mul_mont_t4_$NUM, #function
+.size	bn_mul_mont_t4_$NUM, .-bn_mul_mont_t4_$NUM
+___
+}
+
+for ($i=8;$i<=32;$i+=8) {
+	&generate_bn_mul_mont_t4($i);
+}
+
+########################################################################
+#
+sub load_ccr {
+my ($ptbl,$pwr,$ccr,$skip_wr)=@_;
+$code.=<<___;
+	srl	$pwr,	2,	%o4
+	and	$pwr,	3,	%o5
+	and	%o4,	7,	%o4
+	sll	%o5,	3,	%o5	! offset within first cache line
+	add	%o5,	$ptbl,	$ptbl	! of the pwrtbl
+	or	%g0,	1,	%o5
+	sll	%o5,	%o4,	$ccr
+___
+$code.=<<___	if (!$skip_wr);
+	wr	$ccr,	%g0,	%ccr
+___
+}
+sub load_b_pair {
+my ($pwrtbl,$B0,$B1)=@_;
+
+$code.=<<___;
+	ldx	[$pwrtbl+0*32],	$B0
+	ldx	[$pwrtbl+8*32],	$B1
+	ldx	[$pwrtbl+1*32],	%o4
+	ldx	[$pwrtbl+9*32],	%o5
+	movvs	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+2*32],	%o4
+	movvs	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+10*32],%o5
+	move	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+3*32],	%o4
+	move	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+11*32],%o5
+	movneg	%icc,	%o4,	$B0
+	ldx	[$pwrtbl+4*32],	%o4
+	movneg	%icc,	%o5,	$B1
+	ldx	[$pwrtbl+12*32],%o5
+	movcs	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+5*32],%o4
+	movcs	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+13*32],%o5
+	movvs	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+6*32],	%o4
+	movvs	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+14*32],%o5
+	move	%xcc,	%o4,	$B0
+	ldx	[$pwrtbl+7*32],	%o4
+	move	%xcc,	%o5,	$B1
+	ldx	[$pwrtbl+15*32],%o5
+	movneg	%xcc,	%o4,	$B0
+	add	$pwrtbl,16*32,	$pwrtbl
+	movneg	%xcc,	%o5,	$B1
+___
+}
+sub load_b {
+my ($pwrtbl,$Bi)=@_;
+
+$code.=<<___;
+	ldx	[$pwrtbl+0*32],	$Bi
+	ldx	[$pwrtbl+1*32],	%o4
+	ldx	[$pwrtbl+2*32],	%o5
+	movvs	%icc,	%o4,	$Bi
+	ldx	[$pwrtbl+3*32],	%o4
+	move	%icc,	%o5,	$Bi
+	ldx	[$pwrtbl+4*32],	%o5
+	movneg	%icc,	%o4,	$Bi
+	ldx	[$pwrtbl+5*32],	%o4
+	movcs	%xcc,	%o5,	$Bi
+	ldx	[$pwrtbl+6*32],	%o5
+	movvs	%xcc,	%o4,	$Bi
+	ldx	[$pwrtbl+7*32],	%o4
+	move	%xcc,	%o5,	$Bi
+	add	$pwrtbl,8*32,	$pwrtbl
+	movneg	%xcc,	%o4,	$Bi
+___
+}
+
+########################################################################
+# int bn_pwr5_mont_t4_$NUM(u64 *tp,const u64 *np,const BN_ULONG *n0,
+#			   const u64 *pwrtbl,int pwr,int stride);
+#
+sub generate_bn_pwr5_mont_t4() {
+my $NUM=shift;
+my ($tp,$np,$pwrtbl,$pwr,$sentinel)=map("%g$_",(1..5));
+
+$code.=<<___;
+.globl	bn_pwr5_mont_t4_$NUM
+.align	32
+bn_pwr5_mont_t4_$NUM:
+#ifdef	__arch64__
+	mov	0,$sentinel
+	mov	-128,%g4
+#elif defined(SPARCV9_64BIT_STACK)
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+0],%g1	! OPENSSL_sparcv9_P[0]
+	mov	-2047,%g4
+	and	%g1,SPARCV9_64BIT_STACK,%g1
+	movrz	%g1,0,%g4
+	mov	-1,$sentinel
+	add	%g4,-128,%g4
+#else
+	mov	-1,$sentinel
+	mov	-128,%g4
+#endif
+	sllx	$sentinel,32,$sentinel
+	save	%sp,%g4,%sp
+#ifndef	__arch64__
+	save	%sp,-128,%sp	! warm it up
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	save	%sp,-128,%sp
+	restore
+	restore
+	restore
+	restore
+	restore
+	restore
+#endif
+	and	%sp,1,%g4
+	or	$sentinel,%fp,%fp
+	or	%g4,$sentinel,$sentinel
+
+	! copy arguments to global registers
+	mov	%i0,$tp
+	mov	%i1,$np
+	ld	[%i2+0],%f1	! load *n0
+	ld	[%i2+4],%f0
+	mov	%i3,$pwrtbl
+	srl	%i4,%g0,%i4	! pack last arguments
+	sllx	%i5,32,$pwr
+	or	%i4,$pwr,$pwr
+	fsrc2	%f0,%f60
+___
+
+# load tp[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$tp+$i*8],@A[$i]
+___
+}
+for(; $i<$NUM; $i++) {
+$code.=<<___;
+	ldd	[$tp+$i*8],@A[$i]
+___
+}
+# load np[$NUM] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<28 && $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i++) {
+$code.=<<___;
+	ldx	[$np+$i*8],@N[$i]
+___
+}
+# load pwrtbl[pwr] ########################################################
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+
+	srlx	$pwr,	32,	%o4		! unpack $pwr
+	srl	$pwr,	%g0,	%o5
+	sub	%o4,	5,	%o4
+	mov	$pwrtbl,	%o7
+	sllx	%o4,	32,	$pwr		! re-pack $pwr
+	or	%o5,	$pwr,	$pwr
+	srl	%o5,	%o4,	%o5
+___
+	&load_ccr("%o7","%o5","%o4");
+$code.=<<___;
+	b	.Lstride_$NUM
+	nop
+.align	16
+.Lstride_$NUM:
+___
+for($i=0; $i<14 && $i<$NUM; $i+=2) {
+	&load_b_pair("%o7",@B[$i],@B[$i+1]);
+}
+$code.=<<___;
+	save	%sp,-128,%sp;		or	$sentinel,%fp,%fp
+___
+for(; $i<$NUM; $i+=2) {
+	&load_b_pair("%i7",@B[$i],@B[$i+1]);
+}
+$code.=<<___;
+	srax	$pwr,	32,	%o4		! unpack $pwr
+	srl	$pwr,	%g0,	%o5
+	sub	%o4,	5,	%o4
+	mov	$pwrtbl,	%i7
+	sllx	%o4,	32,	$pwr		! re-pack $pwr
+	or	%o5,	$pwr,	$pwr
+	srl	%o5,	%o4,	%o5
+___
+	&load_ccr("%i7","%o5","%o4",1);
+
+# magic ################################################################
+for($i=0; $i<5; $i++) {
+$code.=<<___;
+	.word	0x81b02940+$NUM-1	! montsqr	$NUM-1
+	fbu,pn	%fcc3,.Labort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Labort_$NUM
+#endif
+	nop
+___
+}
+$code.=<<___;
+	wr	%o4,	%g0,	%ccr
+	.word	0x81b02920+$NUM-1	! montmul	$NUM-1
+	fbu,pn	%fcc3,.Labort_$NUM
+#ifndef	__arch64__
+	and	%fp,$sentinel,$sentinel
+	brz,pn	$sentinel,.Labort_$NUM
+#endif
+
+	srax	$pwr,	32,	%o4
+#ifdef	__arch64__
+	brgez	%o4,.Lstride_$NUM
+	restore
+	restore
+	restore
+	restore
+	restore
+#else
+	brgez	%o4,.Lstride_$NUM
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	restore;		and	%fp,$sentinel,$sentinel
+	 brz,pn	$sentinel,.Labort1_$NUM
+	restore
+#endif
+___
+
+# save tp[$NUM] ########################################################
+for($i=0; $i<14 && $i<$NUM; $i++) {
+$code.=<<___;
+	movxtod	@A[$i],@R[$i]
+___
+}
+$code.=<<___;
+#ifdef	__arch64__
+	restore
+#else
+	 and	%fp,$sentinel,$sentinel
+	restore
+	 and	$sentinel,1,%o7
+	 and	%fp,$sentinel,$sentinel
+	 srl	%fp,0,%fp		! just in case?
+	 or	%o7,$sentinel,$sentinel
+	brz,a,pn $sentinel,.Ldone_$NUM
+	mov	0,%i0		! return failure
+#endif
+___
+for($i=0; $i<$NUM; $i++) {
+$code.=<<___;
+	std	@R[$i],[$tp+$i*8]
+___
+}
+$code.=<<___;
+	mov	1,%i0		! return success
+.Ldone_$NUM:
+	ret
+	restore
+
+.Labort_$NUM:
+	restore
+	restore
+	restore
+	restore
+	restore
+.Labort1_$NUM:
+	restore
+
+	mov	0,%i0		! return failure
+	ret
+	restore
+.type	bn_pwr5_mont_t4_$NUM, #function
+.size	bn_pwr5_mont_t4_$NUM, .-bn_pwr5_mont_t4_$NUM
+___
+}
+
+for ($i=8;$i<=32;$i+=8) {
+	&generate_bn_pwr5_mont_t4($i);
+}
+
+{
+########################################################################
+# Fall-back subroutines
+#
+# copy of bn_mul_mont_vis3 adjusted for vectors of 64-bit values
+#
+($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)=
+	(map("%g$_",(1..5)),map("%o$_",(0..5,7)));
+
+# int bn_mul_mont(
+$rp="%o0";	# u64 *rp,
+$ap="%o1";	# const u64 *ap,
+$bp="%o2";	# const u64 *bp,
+$np="%o3";	# const u64 *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num);	# caller ensures that num is >=3
+$code.=<<___;
+.globl	bn_mul_mont_t4
+.align	32
+bn_mul_mont_t4:
+	add	%sp,	STACK_BIAS,	%g4	! real top of stack
+	sll	$num,	3,	$num		! size in bytes
+	add	$num,	63,	%g1
+	andn	%g1,	63,	%g1		! buffer size rounded up to 64 bytes
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1		! align at 64 byte
+	sub	%g1,	STACK_FRAME,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+
+	save	%sp,	%g1,	%sp
+___
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	.				.
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	ld	[$n0p+4],	$t1
+	add	%sp, STACK_BIAS+STACK_FRAME, $tp
+	ldx	[$bp+0],	$m0	! m0=bp[0]
+	sllx	$t1,	32,	$n0
+	add	$bp,	8,	$bp
+	or	$t0,	$n0,	$n0
+
+	ldx	[$ap+0],	$aj	! ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ldx	[$ap+8],	$aj	! ap[1]
+	add	$ap,	16,	$ap
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	ldx	[$np+8],	$nj	! np[1]
+
+	addcc	$lo0,	$lo1,	$lo1
+	add	$np,	16,	$np
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st:
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0
+
+	ldx	[$ap+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	add	$ap,	8,	$ap
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	ldx	[$np+0],	$nj	! np[j]
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stxa	$hi1,	[$tp]0xe2
+	add	$tp,	8,	$tp
+
+	ba	.Louter
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter:
+	ldx	[$bp+0],	$m0	! m0=bp[i]
+	add	$bp,	8,	$bp
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+
+	ldx	[$ap+0],	$aj	! ap[0]
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$ap+8],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	add	$ap,	16,	$ap
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$np+8],	$nj	! np[1]
+	add	$np,	16,	$np
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$ap+0],	$aj	! ap[j]
+	add	$ap,	8,	$ap
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$np+0],	$nj	! np[j]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner
+	sub	$cnt,	8,	$cnt
+!.Linner
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter
+	sub	$i,	8,	$i
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+	ba	.Lsub
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$np+0],	$nj
+	add	$np,	8,	$np
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub
+	sub	$cnt,	8,	$cnt
+
+	sub	$np,	$num,	$np	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$rp,	$num,	$rp
+
+	subc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	and	$tp,	$ovf,	$ap
+	andn	$rp,	$ovf,	$np
+	or	$np,	$ap,	$ap	! ap=borrow?tp:rp
+	ba	.Lcopy
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy:					! copy or in-place refresh
+	ldx	[$ap+0],	$t2
+	add	$ap,	8,	$ap
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	stx	$t2,	[$rp+0]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_t4, #function
+.size	bn_mul_mont_t4, .-bn_mul_mont_t4
+___
+
+# int bn_mul_mont_gather5(
+$rp="%o0";	# u64 *rp,
+$ap="%o1";	# const u64 *ap,
+$bp="%o2";	# const u64 *pwrtbl,
+$np="%o3";	# const u64 *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num,	# caller ensures that num is >=3
+		# int power);
+$code.=<<___;
+.globl	bn_mul_mont_gather5_t4
+.align	32
+bn_mul_mont_gather5_t4:
+	add	%sp,	STACK_BIAS,	%g4	! real top of stack
+	sll	$num,	3,	$num		! size in bytes
+	add	$num,	63,	%g1
+	andn	%g1,	63,	%g1		! buffer size rounded up to 64 bytes
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1		! align at 64 byte
+	sub	%g1,	STACK_FRAME,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+	LDPTR	[%sp+STACK_7thARG],	%g4	! load power, 7th argument
+
+	save	%sp,	%g1,	%sp
+___
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	.				.
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$ccr)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+	&load_ccr($bp,"%g4",$ccr);
+	&load_b($bp,$m0,"%o7");		# m0=bp[0]
+
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	ld	[$n0p+4],	$t1
+	add	%sp, STACK_BIAS+STACK_FRAME, $tp
+	sllx	$t1,	32,	$n0
+	or	$t0,	$n0,	$n0
+
+	ldx	[$ap+0],	$aj	! ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ldx	[$ap+8],	$aj	! ap[1]
+	add	$ap,	16,	$ap
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	ldx	[$np+8],	$nj	! np[1]
+
+	addcc	$lo0,	$lo1,	$lo1
+	add	$np,	16,	$np
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st_g5
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st_g5:
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0
+
+	ldx	[$ap+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	add	$ap,	8,	$ap
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	ldx	[$np+0],	$nj	! np[j]
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st_g5
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st_g5
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stxa	$lo1,	[$tp]0xe2	! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stxa	$hi1,	[$tp]0xe2
+	add	$tp,	8,	$tp
+
+	ba	.Louter_g5
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter_g5:
+	wr	$ccr,	%g0,	%ccr
+___
+	&load_b($bp,$m0);		# m0=bp[i]
+$code.=<<___;
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+
+	ldx	[$ap+0],	$aj	! ap[0]
+	ldx	[$np+0],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$ap+8],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	add	$ap,	16,	$ap
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$np+8],	$nj	! np[1]
+	add	$np,	16,	$np
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner_g5
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner_g5:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$ap+0],	$aj	! ap[j]
+	add	$ap,	8,	$ap
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$np+0],	$nj	! np[j]
+	add	$np,	8,	$np
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner_g5
+	sub	$cnt,	8,	$cnt
+!.Linner_g5
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter_g5
+	sub	$i,	8,	$i
+
+	sub	$ap,	$num,	$ap	! rewind
+	sub	$np,	$num,	$np
+	sub	$tp,	$num,	$tp
+	ba	.Lsub_g5
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub_g5:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$np+0],	$nj
+	add	$np,	8,	$np
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub_g5
+	sub	$cnt,	8,	$cnt
+
+	sub	$np,	$num,	$np	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$rp,	$num,	$rp
+
+	subc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	and	$tp,	$ovf,	$ap
+	andn	$rp,	$ovf,	$np
+	or	$np,	$ap,	$ap	! ap=borrow?tp:rp
+	ba	.Lcopy_g5
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy_g5:				! copy or in-place refresh
+	ldx	[$ap+0],	$t2
+	add	$ap,	8,	$ap
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	stx	$t2,	[$rp+0]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy_g5
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_gather5_t4, #function
+.size	bn_mul_mont_gather5_t4, .-bn_mul_mont_gather5_t4
+___
+}
+
+$code.=<<___;
+.globl	bn_flip_t4
+.align	32
+bn_flip_t4:
+.Loop_flip:
+	ld	[%o1+0],	%o4
+	sub	%o2,	1,	%o2
+	ld	[%o1+4],	%o5
+	add	%o1,	8,	%o1
+	st	%o5,	[%o0+0]
+	st	%o4,	[%o0+4]
+	brnz	%o2,	.Loop_flip
+	add	%o0,	8,	%o0
+	retl
+	nop
+.type	bn_flip_t4, #function
+.size	bn_flip_t4, .-bn_flip_t4
+
+.globl	bn_flip_n_scatter5_t4
+.align	32
+bn_flip_n_scatter5_t4:
+	sll	%o3,	3,	%o3
+	srl	%o1,	1,	%o1
+	add	%o3,	%o2,	%o2	! &pwrtbl[pwr]
+	sub	%o1,	1,	%o1
+.Loop_flip_n_scatter5:
+	ld	[%o0+0],	%o4	! inp[i]
+	ld	[%o0+4],	%o5
+	add	%o0,	8,	%o0
+	sllx	%o5,	32,	%o5
+	or	%o4,	%o5,	%o5
+	stx	%o5,	[%o2]
+	add	%o2,	32*8,	%o2
+	brnz	%o1,	.Loop_flip_n_scatter5
+	sub	%o1,	1,	%o1
+	retl
+	nop
+.type	bn_flip_n_scatter5_t4, #function
+.size	bn_flip_n_scatter5_t4, .-bn_flip_n_scatter5_t4
+
+.globl	bn_gather5_t4
+.align	32
+bn_gather5_t4:
+___
+	&load_ccr("%o2","%o3","%g1");
+$code.=<<___;
+	sub	%o1,	1,	%o1
+.Loop_gather5:
+___
+	&load_b("%o2","%g1");
+$code.=<<___;
+	stx	%g1,	[%o0]
+	add	%o0,	8,	%o0
+	brnz	%o1,	.Loop_gather5
+	sub	%o1,	1,	%o1
+
+	retl
+	nop
+.type	bn_gather5_t4, #function
+.size	bn_gather5_t4, .-bn_gather5_t4
+
+.asciz	"Montgomery Multiplication for SPARC T4, David S. Miller, Andy Polyakov"
+.align	4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparcv8.S b/openssl-1.1.0h/crypto/bn/asm/sparcv8.S
new file mode 100644
index 0000000..9c31073
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident	"sparcv8.s, Version 1.4"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1	- new loop unrolling model(*);
+ * 1.2	- made gas friendly;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- some retunes;
+ *
+ * (*)	see bn_asm.sparc.v8plus.S for details
+ */
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_add_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:
+	ld	[%o0],%o4
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0]
+	addx	%g1,0,%o5
+
+	ld	[%o0+4],%o4
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	dec	4,%o2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0+4]
+	addx	%g1,0,%o5
+
+	ld	[%o0+8],%o4
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	inc	16,%o1
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	addx	%g1,0,%o5
+
+	ld	[%o0+12],%o4
+	umul	%o3,%g3,%g3
+	inc	16,%o0
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0-4]
+	addx	%g1,0,%o5
+	andcc	%o2,-4,%g0
+	bnz,a	.L_bn_mul_add_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_add_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_add_words_tail:
+	ld	[%o0],%o4
+	umul	%o3,%g2,%g2
+	addcc	%o4,%o5,%o4
+	rd	%y,%g1
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0]
+
+	ld	[%o1+4],%g2
+	ld	[%o0+4],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0+4]
+
+	ld	[%o1+8],%g2
+	ld	[%o0+8],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	st	%g2,[%o0]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	dec	4,%o2
+	addx	%g1,0,%o5
+	st	%g3,[%o0+4]
+
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	inc	16,%o1
+	st	%g2,[%o0+8]
+	addx	%g1,0,%o5
+
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	inc	16,%o0
+	addx	%g1,0,%o5
+	st	%g3,[%o0-4]
+	andcc	%o2,-4,%g0
+	nop
+	bnz,a	.L_bn_mul_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_words_tail:
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0]
+	nop
+
+	ld	[%o1+4],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	st	%g2,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	cmp	%o2,0
+	bg,a	.L_bn_sqr_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_sqr_words_tail
+	clr	%o5
+
+.L_bn_sqr_words_loop:
+	ld	[%o1+4],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	rd	%y,%o5
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%g3,%g3,%o4
+	dec	4,%o2
+	st	%o4,[%o0+8]
+	rd	%y,%o5
+	st	%o5,[%o0+12]
+	nop
+
+	ld	[%o1+12],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	inc	16,%o1
+	st	%o5,[%o0+20]
+
+	umul	%g3,%g3,%o4
+	inc	32,%o0
+	st	%o4,[%o0-8]
+	rd	%y,%o5
+	st	%o5,[%o0-4]
+	andcc	%o2,-4,%g2
+	bnz,a	.L_bn_sqr_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	nop
+	bnz,a	.L_bn_sqr_words_tail
+	ld	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	deccc	%o2
+	rd	%y,%o5
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+4],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+8]
+	deccc	%o2
+	rd	%y,%o5
+	nop
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+12]
+
+	ld	[%o1+8],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	st	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	wr	%o0,%y
+	udiv	%o1,%o2,%o0
+	retl
+	nop
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	cmp	%o3,0
+	bg,a	.L_bn_add_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_add_words_tail
+	clr	%g1
+	ba	.L_bn_add_words_warn_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:
+	ld	[%o1],%o4
+.L_bn_add_words_warn_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_add_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	bnz,a	.L_bn_add_words_tail
+	ld	[%o1],%o4
+.L_bn_add_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_add_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0]
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.align	32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	cmp	%o3,0
+	bg,a	.L_bn_sub_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_sub_words_tail
+	clr	%g1
+	ba	.L_bn_sub_words_warm_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:
+	ld	[%o1],%o4
+.L_bn_sub_words_warm_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_sub_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	nop
+	bnz,a	.L_bn_sub_words_tail
+	ld	[%o1],%o4
+.L_bn_sub_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_sub_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0]
+	nop
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_1	%o2
+#define c_2	%o3
+#define c_3	%o4
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o5
+#define	b_4	%g1
+#define	b_5	%g2
+#define	b_6	%g3
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	bp(3),b_3
+	addx	c_2,%g0,c_2	!=
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(4),a_4
+	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	ld	bp(4),b_4
+	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	bp(5),b_5
+	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(5),a_5
+	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	ap(6),a_6
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	ld	bp(6),b_6
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	bp(7),b_7
+	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(6)	!r[6]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	ap(7),a_7
+	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!
+	addx	c_2,%g0,c_2
+	st	c_3,rp(8)	!r[8]=c3;
+
+	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(12)	!r[12]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(13)	!r[13]=c2;
+
+	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	nop			!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	bp(3),b_3
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	ap(1),a_1
+	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	ld	ap(4),a_4
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	ld	ap(5),a_5
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(4)	!r[4]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(6),a_6
+	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(7),a_7
+	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(6)	!r[6]=c1;
+
+	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(8)	!r[8]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	st	c_1,rp(12)	!r[12]=c1;
+
+	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2	!=
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(13)	!r[13]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
+	ld	ap(1),a_1	!=
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(2)	!r[2]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparcv8plus.S b/openssl-1.1.0h/crypto/bn/asm/sparcv8plus.S
new file mode 100644
index 0000000..714a136
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1562 @@
+.ident	"sparcv8plus.s, Version 1.4"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *	# cd crypto/bn
+ *	# cp /some/place/bn_asm.sparc.v8plus.S .
+ *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *	# cd crypto/bn
+ *	# touch bn_asm.c
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ * Q. V8plus architecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't address *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *	v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
+ *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
+ *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
+ *
+ *	v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
+ *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
+ *	egcs-1.1.2 -mv8 -O3			+35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)	
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0	- initial release;
+ * 1.1	- new loop unrolling model(*);
+ *	- some more fine tuning;
+ * 1.2	- made gas friendly;
+ *	- updates to documentation concerning v9;
+ *	- new performance comparison matrix;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
+ *	  resulting in slight overall performance kick;
+ *	- some retunes;
+ *	- support for GNU as added;
+ *
+ * (*)	Originally unrolled loop looked like this:
+ *	    for (;;) {
+ *		op(p+0); if (--n==0) break;
+ *		op(p+1); if (--n==0) break;
+ *		op(p+2); if (--n==0) break;
+ *		op(p+3); if (--n==0) break;
+ *		p+=4;
+ *	    }
+ *	I unroll according to following:
+ *	    while (n&~3) {
+ *		op(p+0); op(p+1); op(p+2); op(p+3);
+ *		p+=4; n=-4;
+ *	    }
+ *	    if (n) {
+ *		op(p+0); if (--n==0) return;
+ *		op(p+2); if (--n==0) return;
+ *		op(p+3); return;
+ *	    }
+ */
+
+#ifdef OPENSSL_FIPSCANISTER
+#include <openssl/fipssyms.h>
+#endif
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME_SIZE	-192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME_SIZE	-192
+#else 
+# define	FRAME_SIZE	-96
+#endif 
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8plus.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_mul_add_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_mul_add_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:	! wow! 32 aligned!
+	lduw	[%o0],%g1
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	nop
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+4],%g1
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	dec	4,%o2
+	add	%o4,%g3,%o4
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+8],%g1
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	inc	16,%o1
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+12],%g1
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	inc	16,%o0
+	add	%o4,%g3,%o4
+	andcc	%o2,-4,%g0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
+	lduw	[%o1],%g2
+
+	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_add_words_tail:
+	lduw	[%o0],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	lduw	[%o0+4],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	lduw	[%o0+8],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_mul_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_mul_words_proceeed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	nop
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	inc	16,%o1
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	inc	16,%o0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g0
+	bnz,a,pt	%icc,.L_bn_mul_words_loop
+	lduw	[%o1],%g2
+	nop
+	nop
+
+	brnz,a,pn	%o2,.L_bn_mul_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_words_tail:
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	sra	%o2,%g0,%o2	! signx %o2
+	brgz,a	%o2,.L_bn_sqr_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+	nop
+	nop
+	nop
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	nop
+	bz,pn	%icc,.L_bn_sqr_words_tail
+	nop
+
+.L_bn_sqr_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%g2,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+4]
+	nop
+
+	lduw	[%o1+8],%g2
+	mulx	%g3,%g3,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+12],%g3
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	inc	16,%o1
+	stuw	%o5,[%o0+20]
+
+	mulx	%g3,%g3,%o4
+	inc	32,%o0
+	stuw	%o4,[%o0-8]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g2
+	stuw	%o5,[%o0-4]
+	bnz,a,pt	%icc,.L_bn_sqr_words_loop
+	lduw	[%o1],%g2
+	nop
+
+	brnz,a,pn	%o2,.L_bn_sqr_words_tail
+	lduw	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+4],%g2
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+8],%g2
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	stuw	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	sllx	%o0,32,%o0
+	or	%o0,%o1,%o0
+	udivx	%o0,%o2,%o0
+	retl
+	srl	%o0,%g0,%o0	! clruw	%o0
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	sra	%o3,%g0,%o3	! signx %o3
+	brgz,a	%o3,.L_bn_add_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_add_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	addccc	%g1,%g2,%g1
+	stuw	%g1,[%o0+4]
+	
+	inc	16,%o2
+	addccc	%g3,%g4,%g3
+	stuw	%g3,[%o0+8]
+
+	inc	16,%o0
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_add_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_add_words_tail
+	lduw	[%o1],%o4
+.L_bn_add_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_add_words_tail:
+	lduw	[%o2],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	sra	%o3,%g0,%o3	! signx %o3
+	brgz,a	%o3,.L_bn_sub_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_sub_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	subccc	%g1,%g2,%g2
+	stuw	%g2,[%o0+4]
+
+	inc	16,%o2
+	subccc	%g3,%g4,%g4
+	stuw	%g4,[%o0+8]
+
+	inc	16,%o0
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_sub_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_sub_words_tail
+	lduw	[%o1],%o4
+.L_bn_sub_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_sub_words_tail:		! wow! 32 aligned!
+	lduw	[%o2],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *							Andy.
+ */
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_12	%o2
+#define c_3	%o3
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o4
+#define	b_4	%o5
+#define	b_5	%o7
+#define	b_6	%g1
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	bp(0),b_0	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(4),b_4	!=
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(5),b_5
+	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(6),b_6	!=
+	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(7),b_7
+	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0	!=
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	lduw	ap(0),a_0
+	mov	1,t_2
+	lduw	bp(0),b_0
+	sllx	t_2,32,t_2	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!=!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!=!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!=!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparcv9-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/sparcv9-gf2m.pl
new file mode 100644
index 0000000..dcf11a8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparcv9-gf2m.pl
@@ -0,0 +1,200 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# October 2012
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has two code paths: one suitable
+# for all SPARCv9 processors and one for VIS3-capable ones. Former
+# delivers ~25-45% more, more for longer keys, heaviest DH and DSA
+# verify operations on venerable UltraSPARC II. On T4 VIS3 code is
+# ~100-230% faster than gcc-generated code and ~35-90% faster than
+# the pure SPARCv9 code path.
+
+$output = pop;
+open STDOUT,">$output";
+
+$locals=16*8;
+
+$tab="%l0";
+
+@T=("%g2","%g3");
+@i=("%g4","%g5");
+
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%o$_",(0..5));
+($lo,$hi,$b)=("%g1",$a8,"%o7"); $a=$lo;
+
+$code.=<<___;
+#include <sparc_arch.h>
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	bn_GF2m_mul_2x2
+.align	16
+bn_GF2m_mul_2x2:
+        SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+        ld	[%g1+0],%g1             	! OPENSSL_sparcv9cap_P[0]
+
+        andcc	%g1, SPARCV9_VIS3, %g0
+        bz,pn	%icc,.Lsoftware
+        nop
+
+	sllx	%o1, 32, %o1
+	sllx	%o3, 32, %o3
+	or	%o2, %o1, %o1
+	or	%o4, %o3, %o3
+	.word	0x95b262ab			! xmulx   %o1, %o3, %o2
+	.word	0x99b262cb			! xmulxhi %o1, %o3, %o4
+	srlx	%o2, 32, %o1			! 13 cycles later
+	st	%o2, [%o0+0]
+	st	%o1, [%o0+4]
+	srlx	%o4, 32, %o3
+	st	%o4, [%o0+8]
+	retl
+	st	%o3, [%o0+12]
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME-$locals,%sp
+
+	sllx	%i1,32,$a
+	mov	-1,$a12
+	sllx	%i3,32,$b
+	or	%i2,$a,$a
+	srlx	$a12,1,$a48			! 0x7fff...
+	or	%i4,$b,$b
+	srlx	$a12,2,$a12			! 0x3fff...
+	add	%sp,STACK_BIAS+STACK_FRAME,$tab
+
+	sllx	$a,2,$a4
+	mov	$a,$a1
+	sllx	$a,1,$a2
+
+	srax	$a4,63,@i[1]			! broadcast 61st bit
+	and	$a48,$a4,$a4			! (a<<2)&0x7fff...
+	srlx	$a48,2,$a48
+	srax	$a2,63,@i[0]			! broadcast 62nd bit
+	and	$a12,$a2,$a2			! (a<<1)&0x3fff...
+	srax	$a1,63,$lo			! broadcast 63rd bit
+	and	$a48,$a1,$a1			! (a<<0)&0x1fff...
+
+	sllx	$a1,3,$a8
+	and	$b,$lo,$lo
+	and	$b,@i[0],@i[0]
+	and	$b,@i[1],@i[1]
+
+	stx	%g0,[$tab+0*8]			! tab[0]=0
+	xor	$a1,$a2,$a12
+	stx	$a1,[$tab+1*8]			! tab[1]=a1
+	stx	$a2,[$tab+2*8]			! tab[2]=a2
+	 xor	$a4,$a8,$a48
+	stx	$a12,[$tab+3*8]			! tab[3]=a1^a2
+	 xor	$a4,$a1,$a1
+
+	stx	$a4,[$tab+4*8]			! tab[4]=a4
+	xor	$a4,$a2,$a2
+	stx	$a1,[$tab+5*8]			! tab[5]=a1^a4
+	xor	$a4,$a12,$a12
+	stx	$a2,[$tab+6*8]			! tab[6]=a2^a4
+	 xor	$a48,$a1,$a1
+	stx	$a12,[$tab+7*8]			! tab[7]=a1^a2^a4
+	 xor	$a48,$a2,$a2
+
+	stx	$a8,[$tab+8*8]			! tab[8]=a8
+	xor	$a48,$a12,$a12
+	stx	$a1,[$tab+9*8]			! tab[9]=a1^a8
+	 xor	$a4,$a1,$a1
+	stx	$a2,[$tab+10*8]			! tab[10]=a2^a8
+	 xor	$a4,$a2,$a2
+	stx	$a12,[$tab+11*8]		! tab[11]=a1^a2^a8
+
+	xor	$a4,$a12,$a12
+	stx	$a48,[$tab+12*8]		! tab[12]=a4^a8
+	 srlx	$lo,1,$hi
+	stx	$a1,[$tab+13*8]			! tab[13]=a1^a4^a8
+	 sllx	$lo,63,$lo
+	stx	$a2,[$tab+14*8]			! tab[14]=a2^a4^a8
+	 srlx	@i[0],2,@T[0]
+	stx	$a12,[$tab+15*8]		! tab[15]=a1^a2^a4^a8
+
+	sllx	@i[0],62,$a1
+	 sllx	$b,3,@i[0]
+	srlx	@i[1],3,@T[1]
+	 and	@i[0],`0xf<<3`,@i[0]
+	sllx	@i[1],61,$a2
+	 ldx	[$tab+@i[0]],@i[0]
+	 srlx	$b,4-3,@i[1]
+	xor	@T[0],$hi,$hi
+	 and	@i[1],`0xf<<3`,@i[1]
+	xor	$a1,$lo,$lo
+	 ldx	[$tab+@i[1]],@i[1]
+	xor	@T[1],$hi,$hi
+
+	xor	@i[0],$lo,$lo
+	srlx	$b,8-3,@i[0]
+	 xor	$a2,$lo,$lo
+	and	@i[0],`0xf<<3`,@i[0]
+___
+for($n=1;$n<14;$n++) {
+$code.=<<___;
+	sllx	@i[1],`$n*4`,@T[0]
+	ldx	[$tab+@i[0]],@i[0]
+	srlx	@i[1],`64-$n*4`,@T[1]
+	xor	@T[0],$lo,$lo
+	srlx	$b,`($n+2)*4`-3,@i[1]
+	xor	@T[1],$hi,$hi
+	and	@i[1],`0xf<<3`,@i[1]
+___
+	push(@i,shift(@i)); push(@T,shift(@T));
+}
+$code.=<<___;
+	sllx	@i[1],`$n*4`,@T[0]
+	ldx	[$tab+@i[0]],@i[0]
+	srlx	@i[1],`64-$n*4`,@T[1]
+	xor	@T[0],$lo,$lo
+
+	sllx	@i[0],`($n+1)*4`,@T[0]
+	 xor	@T[1],$hi,$hi
+	srlx	@i[0],`64-($n+1)*4`,@T[1]
+	xor	@T[0],$lo,$lo
+	xor	@T[1],$hi,$hi
+
+	srlx	$lo,32,%i1
+	st	$lo,[%i0+0]
+	st	%i1,[%i0+4]
+	srlx	$hi,32,%i2
+	st	$hi,[%i0+8]
+	st	%i2,[%i0+12]
+
+	ret
+	restore
+.type	bn_GF2m_mul_2x2,#function
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.asciz	"GF(2^m) Multiplication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparcv9-mont.pl b/openssl-1.1.0h/crypto/bn/asm/sparcv9-mont.pl
new file mode 100644
index 0000000..6807c8b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparcv9-mont.pl
@@ -0,0 +1,619 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# December 2005
+#
+# Pure SPARCv9/8+ and IALU-only bn_mul_mont implementation. The reasons
+# for undertaken effort are multiple. First of all, UltraSPARC is not
+# the whole SPARCv9 universe and other VIS-free implementations deserve
+# optimized code as much. Secondly, newly introduced UltraSPARC T1,
+# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths,
+# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with
+# several integrated RSA/DSA accelerator circuits accessible through
+# kernel driver [only(*)], but having decent user-land software
+# implementation is important too. Finally, reasons like desire to
+# experiment with dedicated squaring procedure. Yes, this module
+# implements one, because it was easiest to draft it in SPARCv9
+# instructions...
+
+# (*)	Engine accessing the driver in question is on my TODO list.
+#	For reference, accelerator is estimated to give 6 to 10 times
+#	improvement on single-threaded RSA sign. It should be noted
+#	that 6-10x improvement coefficient does not actually mean
+#	something extraordinary in terms of absolute [single-threaded]
+#	performance, as SPARCv9 instruction set is by all means least
+#	suitable for high performance crypto among other 64 bit
+#	platforms. 6-10x factor simply places T1 in same performance
+#	domain as say AMD64 and IA-64. Improvement of RSA verify don't
+#	appear impressive at all, but it's the sign operation which is
+#	far more critical/interesting.
+
+# You might notice that inner loops are modulo-scheduled:-) This has
+# essentially negligible impact on UltraSPARC performance, it's
+# Fujitsu SPARC64 V users who should notice and hopefully appreciate
+# the advantage... Currently this module surpasses sparcv9a-mont.pl
+# by ~20% on UltraSPARC-III and later cores, but recall that sparcv9a
+# module still have hidden potential [see TODO list there], which is
+# estimated to be larger than 20%...
+
+$output = pop;
+open STDOUT,">$output";
+
+# int bn_mul_mont(
+$rp="%i0";	# BN_ULONG *rp,
+$ap="%i1";	# const BN_ULONG *ap,
+$bp="%i2";	# const BN_ULONG *bp,
+$np="%i3";	# const BN_ULONG *np,
+$n0="%i4";	# const BN_ULONG *n0,
+$num="%i5";	# int num);
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+
+$car0="%o0";
+$car1="%o1";
+$car2="%o2";	# 1 bit
+$acc0="%o3";
+$acc1="%o4";
+$mask="%g1";	# 32 bits, what a waste...
+$tmp0="%g4";
+$tmp1="%g5";
+
+$i="%l0";
+$j="%l1";
+$mul0="%l2";
+$mul1="%l3";
+$tp="%l4";
+$apj="%l5";
+$npj="%l6";
+$tpj="%l7";
+
+$fname="bn_mul_mont_int";
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.section	".text",#alloc,#execinstr
+
+.global	$fname
+.align	32
+$fname:
+	cmp	%o5,4			! 128 bits minimum
+	bge,pt	%icc,.Lenter
+	sethi	%hi(0xffffffff),$mask
+	retl
+	clr	%o0
+.align	32
+.Lenter:
+	save	%sp,-$frame,%sp
+	sll	$num,2,$num		! num*=4
+	or	$mask,%lo(0xffffffff),$mask
+	ld	[$n0],$n0
+	cmp	$ap,$bp
+	and	$num,$mask,$num
+	ld	[$bp],$mul0		! bp[0]
+	nop
+
+	add	%sp,$bias,%o7		! real top of stack
+	ld	[$ap],$car0		! ap[0] ! redundant in squaring context
+	sub	%o7,$num,%o7
+	ld	[$ap+4],$apj		! ap[1]
+	and	%o7,-1024,%o7
+	ld	[$np],$car1		! np[0]
+	sub	%o7,$bias,%sp		! alloca
+	ld	[$np+4],$npj		! np[1]
+	be,pt	SIZE_T_CC,.Lbn_sqr_mont
+	mov	12,$j
+
+	mulx	$car0,$mul0,$car0	! ap[0]*bp[0]
+	mulx	$apj,$mul0,$tmp0	!prologue! ap[1]*bp[0]
+	and	$car0,$mask,$acc0
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap+8],$apj		!prologue!
+
+	mulx	$n0,$acc0,$mul1		! "t[0]"*n0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1	! np[0]*"t[0]"*n0
+	mulx	$npj,$mul1,$acc1	!prologue! np[1]*"t[0]"*n0
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	ld	[$np+8],$npj		!prologue!
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0		!prologue!
+
+.L1st:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0
+	ld	[$ap+$j],$apj		! ap[j]
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj		! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	add	$j,4,$j			! j++
+	mov	$tmp0,$acc0
+	st	$car1,[$tp]
+	cmp	$j,$num
+	mov	$tmp1,$acc1
+	srlx	$car1,32,$car1
+	bl	%icc,.L1st
+	add	$tp,4,$tp		! tp++
+!.L1st
+
+	mulx	$apj,$mul0,$tmp0	!epilogue!
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$tmp0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car1,$car1
+	st	$car1,[$tp+8]
+	srlx	$car1,32,$car2
+
+	mov	4,$i			! i++
+	ld	[$bp+4],$mul0		! bp[1]
+.Louter:
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap],$car0		! ap[0]
+	ld	[$ap+4],$apj		! ap[1]
+	ld	[$np],$car1		! np[0]
+	ld	[$np+4],$npj		! np[1]
+	ld	[$tp],$tmp1		! tp[0]
+	ld	[$tp+4],$tpj		! tp[1]
+	mov	12,$j
+
+	mulx	$car0,$mul0,$car0
+	mulx	$apj,$mul0,$tmp0	!prologue!
+	add	$tmp1,$car0,$car0
+	ld	[$ap+8],$apj		!prologue!
+	and	$car0,$mask,$acc0
+
+	mulx	$n0,$acc0,$mul1
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1
+	mulx	$npj,$mul1,$acc1	!prologue!
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	ld	[$np+8],$npj		!prologue!
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0		!prologue!
+
+.Linner:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$tpj,$car0,$car0
+	ld	[$ap+$j],$apj		! ap[j]
+	add	$acc0,$car0,$car0
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj		! np[j]
+	and	$car0,$mask,$acc0
+	ld	[$tp+8],$tpj		! tp[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	add	$j,4,$j			! j++
+	mov	$tmp0,$acc0
+	st	$car1,[$tp]		! tp[j-1]
+	srlx	$car1,32,$car1
+	mov	$tmp1,$acc1
+	cmp	$j,$num
+	bl	%icc,.Linner
+	add	$tp,4,$tp		! tp++
+!.Linner
+
+	mulx	$apj,$mul0,$tmp0	!epilogue!
+	mulx	$npj,$mul1,$tmp1
+	add	$tpj,$car0,$car0
+	add	$acc0,$car0,$car0
+	ld	[$tp+8],$tpj		! tp[j]
+	and	$car0,$mask,$acc0
+	add	$acc1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]		! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$tpj,$car0,$car0
+	add	$tmp0,$car0,$car0
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]		! tp[j-1]
+	srlx	$car0,32,$car0
+	add	$i,4,$i			! i++
+	srlx	$car1,32,$car1
+
+	add	$car0,$car1,$car1
+	cmp	$i,$num
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+8]
+
+	srlx	$car1,32,$car2
+	bl,a	%icc,.Louter
+	ld	[$bp+$i],$mul0		! bp[i]
+!.Louter
+
+	add	$tp,12,$tp
+
+.Ltail:
+	add	$np,$num,$np
+	add	$rp,$num,$rp
+	mov	$tp,$ap
+	sub	%g0,$num,%o7		! k=-num
+	ba	.Lsub
+	subcc	%g0,%g0,%g0		! clear %icc.c
+.align	16
+.Lsub:
+	ld	[$tp+%o7],%o0
+	ld	[$np+%o7],%o1
+	subccc	%o0,%o1,%o1		! tp[j]-np[j]
+	add	$rp,%o7,$i
+	add	%o7,4,%o7
+	brnz	%o7,.Lsub
+	st	%o1,[$i]
+	subc	$car2,0,$car2		! handle upmost overflow bit
+	and	$tp,$car2,$ap
+	andn	$rp,$car2,$np
+	or	$ap,$np,$ap
+	sub	%g0,$num,%o7
+
+.Lcopy:
+	ld	[$ap+%o7],%o0		! copy or in-place refresh
+	st	%g0,[$tp+%o7]		! zap tp
+	st	%o0,[$rp+%o7]
+	add	%o7,4,%o7
+	brnz	%o7,.Lcopy
+	nop
+	mov	1,%i0
+	ret
+	restore
+___
+
+########
+######## .Lbn_sqr_mont gives up to 20% *overall* improvement over
+######## code without following dedicated squaring procedure.
+########
+$sbit="%o5";
+
+$code.=<<___;
+.align	32
+.Lbn_sqr_mont:
+	mulx	$mul0,$mul0,$car0		! ap[0]*ap[0]
+	mulx	$apj,$mul0,$tmp0		!prologue!
+	and	$car0,$mask,$acc0
+	add	%sp,$bias+$frame,$tp
+	ld	[$ap+8],$apj			!prologue!
+
+	mulx	$n0,$acc0,$mul1			! "t[0]"*n0
+	srlx	$car0,32,$car0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1		! np[0]*"t[0]"*n0
+	mulx	$npj,$mul1,$acc1		!prologue!
+	and	$car0,1,$sbit
+	ld	[$np+8],$npj			!prologue!
+	srlx	$car0,1,$car0
+	add	$acc0,$car1,$car1
+	srlx	$car1,32,$car1
+	mov	$tmp0,$acc0			!prologue!
+
+.Lsqr_1st:
+	mulx	$apj,$mul0,$tmp0
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0		! ap[j]*a0+c0
+	add	$acc1,$car1,$car1
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	mov	$tmp1,$acc1
+	srlx	$acc0,32,$sbit
+	add	$j,4,$j				! j++
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	mov	$tmp0,$acc0
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_1st
+	add	$tp,4,$tp			! tp++
+!.Lsqr_1st
+
+	mulx	$apj,$mul0,$tmp0		! epilogue
+	mulx	$npj,$mul1,$tmp1
+	add	$acc0,$car0,$car0		! ap[j]*a0+c0
+	add	$acc1,$car1,$car1
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$tmp0,$car0,$car0		! ap[j]*a0+c0
+	add	$tmp1,$car1,$car1
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	or	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	or	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	st	$car1,[$tp+8]
+	srlx	$car1,32,$car2
+
+	ld	[%sp+$bias+$frame],$tmp0	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tmp1	! tp[1]
+	ld	[%sp+$bias+$frame+8],$tpj	! tp[2]
+	ld	[$ap+4],$mul0			! ap[1]
+	ld	[$ap+8],$apj			! ap[2]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp0,$mul1
+
+	mulx	$mul0,$mul0,$car0
+	and	$mul1,$mask,$mul1
+
+	mulx	$car1,$mul1,$car1
+	mulx	$npj,$mul1,$acc1
+	add	$tmp0,$car1,$car1
+	and	$car0,$mask,$acc0
+	ld	[$np+8],$npj			! np[2]
+	srlx	$car1,32,$car1
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	$acc0,$car1,$car1
+	and	$car0,1,$sbit
+	add	$acc1,$car1,$car1
+	srlx	$car0,1,$car0
+	mov	12,$j
+	st	$car1,[%sp+$bias+$frame]	! tp[0]=
+	srlx	$car1,32,$car1
+	add	%sp,$bias+$frame+4,$tp
+
+.Lsqr_2nd:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$acc0,$car0,$car0
+	add	$tpj,$sbit,$sbit
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc1,$car1,$car1
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$acc0,$acc0,$acc0
+	add	$j,4,$j				! j++
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_2nd
+	add	$tp,4,$tp			! tp++
+!.Lsqr_2nd
+
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$acc0,$car0,$car0
+	add	$tpj,$sbit,$sbit
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc1,$car1,$car1
+	add	$acc0,$acc0,$acc0
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
+	ld	[$ap+8],$mul0			! ap[2]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp1,$mul1
+	and	$mul1,$mask,$mul1
+	mov	8,$i
+
+	mulx	$mul0,$mul0,$car0
+	mulx	$car1,$mul1,$car1
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	%sp,$bias+$frame,$tp
+	srlx	$car1,32,$car1
+	and	$car0,1,$sbit
+	srlx	$car0,1,$car0
+	mov	4,$j
+
+.Lsqr_outer:
+.Lsqr_inner1:
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	add	$j,4,$j
+	ld	[$tp+8],$tpj
+	cmp	$j,$i
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_inner1
+	add	$tp,4,$tp
+!.Lsqr_inner1
+
+	add	$j,4,$j
+	ld	[$ap+$j],$apj			! ap[j]
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	ld	[$np+$j],$npj			! np[j]
+	add	$acc0,$car1,$car1
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$j,4,$j
+	cmp	$j,$num
+	be,pn	%icc,.Lsqr_no_inner2
+	add	$tp,4,$tp
+
+.Lsqr_inner2:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$sbit,$sbit
+	add	$acc0,$car0,$car0
+	ld	[$ap+$j],$apj			! ap[j]
+	and	$car0,$mask,$acc0
+	ld	[$np+$j],$npj			! np[j]
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	ld	[$tp+8],$tpj			! tp[j]
+	add	$sbit,$acc0,$acc0
+	add	$j,4,$j				! j++
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	cmp	$j,$num
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_inner2
+	add	$tp,4,$tp			! tp++
+
+.Lsqr_no_inner2:
+	mulx	$apj,$mul0,$acc0
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$sbit,$sbit
+	add	$acc0,$car0,$car0
+	and	$car0,$mask,$acc0
+	srlx	$car0,32,$car0
+	add	$acc0,$acc0,$acc0
+	add	$sbit,$acc0,$acc0
+	srlx	$acc0,32,$sbit
+	and	$acc0,$mask,$acc0
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]			! tp[j-1]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	add	$i,4,$i				! i++
+	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
+	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
+	ld	[$ap+$i],$mul0			! ap[j]
+	ld	[$np],$car1			! np[0]
+	ld	[$np+4],$npj			! np[1]
+	mulx	$n0,$tmp1,$mul1
+	and	$mul1,$mask,$mul1
+	add	$i,4,$tmp0
+
+	mulx	$mul0,$mul0,$car0
+	mulx	$car1,$mul1,$car1
+	and	$car0,$mask,$acc0
+	add	$tmp1,$car1,$car1
+	srlx	$car0,32,$car0
+	add	%sp,$bias+$frame,$tp
+	srlx	$car1,32,$car1
+	and	$car0,1,$sbit
+	srlx	$car0,1,$car0
+
+	cmp	$tmp0,$num			! i<num-1
+	bl	%icc,.Lsqr_outer
+	mov	4,$j
+
+.Lsqr_last:
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$car1,$car1
+	add	$j,4,$j
+	ld	[$tp+8],$tpj
+	cmp	$j,$i
+	add	$acc1,$car1,$car1
+	ld	[$np+$j],$npj
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+	bl	%icc,.Lsqr_last
+	add	$tp,4,$tp
+!.Lsqr_last
+
+	mulx	$npj,$mul1,$acc1
+	add	$tpj,$acc0,$acc0
+	srlx	$acc0,32,$tmp0
+	and	$acc0,$mask,$acc0
+	add	$tmp0,$sbit,$sbit
+	add	$acc0,$car1,$car1
+	add	$acc1,$car1,$car1
+	st	$car1,[$tp]
+	srlx	$car1,32,$car1
+
+	add	$car0,$car0,$car0		! recover $car0
+	add	$sbit,$car0,$car0
+	add	$car0,$car1,$car1
+	add	$car2,$car1,$car1
+	st	$car1,[$tp+4]
+	srlx	$car1,32,$car2
+
+	ba	.Ltail
+	add	$tp,8,$tp
+.type	$fname,#function
+.size	$fname,(.-$fname)
+.asciz	"Montgomery Multipltication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	32
+___
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/sparcv9a-mont.pl b/openssl-1.1.0h/crypto/bn/asm/sparcv9a-mont.pl
new file mode 100755
index 0000000..50b6906
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/sparcv9a-mont.pl
@@ -0,0 +1,887 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# "Teaser" Montgomery multiplication module for UltraSPARC. Why FPU?
+# Because unlike integer multiplier, which simply stalls whole CPU,
+# FPU is fully pipelined and can effectively emit 48 bit partial
+# product every cycle. Why not blended SPARC v9? One can argue that
+# making this module dependent on UltraSPARC VIS extension limits its
+# binary compatibility. Well yes, it does exclude SPARC64 prior-V(!)
+# implementations from compatibility matrix. But the rest, whole Sun
+# UltraSPARC family and brand new Fujitsu's SPARC64 V, all support
+# VIS extension instructions used in this module. This is considered
+# good enough to not care about HAL SPARC64 users [if any] who have
+# integer-only pure SPARCv9 module to "fall down" to.
+
+# USI&II cores currently exhibit uniform 2x improvement [over pre-
+# bn_mul_mont codebase] for all key lengths and benchmarks. On USIII
+# performance improves few percents for shorter keys and worsens few
+# percents for longer keys. This is because USIII integer multiplier
+# is >3x faster than USI&II one, which is harder to match [but see
+# TODO list below]. It should also be noted that SPARC64 V features
+# out-of-order execution, which *might* mean that integer multiplier
+# is pipelined, which in turn *might* be impossible to match... On
+# additional note, SPARC64 V implements FP Multiply-Add instruction,
+# which is perfectly usable in this context... In other words, as far
+# as Fujitsu SPARC64 V goes, talk to the author:-)
+
+# The implementation implies following "non-natural" limitations on
+# input arguments:
+# - num may not be less than 4;
+# - num has to be even;
+# Failure to meet either condition has no fatal effects, simply
+# doesn't give any performance gain.
+
+# TODO:
+# - modulo-schedule inner loop for better performance (on in-order
+#   execution core such as UltraSPARC this shall result in further
+#   noticeable(!) improvement);
+# - dedicated squaring procedure[?];
+
+######################################################################
+# November 2006
+#
+# Modulo-scheduled inner loops allow to interleave floating point and
+# integer instructions and minimize Read-After-Write penalties. This
+# results in *further* 20-50% performance improvement [depending on
+# key length, more for longer keys] on USI&II cores and 30-80% - on
+# USIII&IV.
+
+$output = pop;
+open STDOUT,">$output";
+
+$fname="bn_mul_mont_fpu";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+$locals=64;
+
+# In order to provide for 32-/64-bit ABI duality, I keep integers wider
+# than 32 bit in %g1-%g4 and %o0-%o5. %l0-%l7 and %i0-%i5 are used
+# exclusively for pointers, indexes and other small values...
+# int bn_mul_mont(
+$rp="%i0";	# BN_ULONG *rp,
+$ap="%i1";	# const BN_ULONG *ap,
+$bp="%i2";	# const BN_ULONG *bp,
+$np="%i3";	# const BN_ULONG *np,
+$n0="%i4";	# const BN_ULONG *n0,
+$num="%i5";	# int num);
+
+$tp="%l0";	# t[num]
+$ap_l="%l1";	# a[num],n[num] are smashed to 32-bit words and saved
+$ap_h="%l2";	# to these four vectors as double-precision FP values.
+$np_l="%l3";	# This way a bunch of fxtods are eliminated in second
+$np_h="%l4";	# loop and L1-cache aliasing is minimized...
+$i="%l5";
+$j="%l6";
+$mask="%l7";	# 16-bit mask, 0xffff
+
+$n0="%g4";	# reassigned(!) to "64-bit" register
+$carry="%i4";	# %i4 reused(!) for a carry bit
+
+# FP register naming chart
+#
+#     ..HILO
+#       dcba
+#   --------
+#        LOa
+#       LOb
+#      LOc
+#     LOd
+#      HIa
+#     HIb
+#    HIc
+#   HId
+#    ..a
+#   ..b
+$ba="%f0";    $bb="%f2";    $bc="%f4";    $bd="%f6";
+$na="%f8";    $nb="%f10";   $nc="%f12";   $nd="%f14";
+$alo="%f16";  $alo_="%f17"; $ahi="%f18";  $ahi_="%f19";
+$nlo="%f20";  $nlo_="%f21"; $nhi="%f22";  $nhi_="%f23";
+
+$dota="%f24"; $dotb="%f26";
+
+$aloa="%f32"; $alob="%f34"; $aloc="%f36"; $alod="%f38";
+$ahia="%f40"; $ahib="%f42"; $ahic="%f44"; $ahid="%f46";
+$nloa="%f48"; $nlob="%f50"; $nloc="%f52"; $nlod="%f54";
+$nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62";
+
+$ASI_FL16_P=0xD2;	# magic ASI value to engage 16-bit FP load
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.section	".text",#alloc,#execinstr
+
+.global $fname
+.align  32
+$fname:
+	save	%sp,-$frame-$locals,%sp
+
+	cmp	$num,4
+	bl,a,pn %icc,.Lret
+	clr	%i0
+	andcc	$num,1,%g0		! $num has to be even...
+	bnz,a,pn %icc,.Lret
+	clr	%i0			! signal "unsupported input value"
+
+	srl	$num,1,$num
+	sethi	%hi(0xffff),$mask
+	ld	[%i4+0],$n0		! $n0 reassigned, remember?
+	or	$mask,%lo(0xffff),$mask
+	ld	[%i4+4],%o0
+	sllx	%o0,32,%o0
+	or	%o0,$n0,$n0		! $n0=n0[1].n0[0]
+
+	sll	$num,3,$num		! num*=8
+
+	add	%sp,$bias,%o0		! real top of stack
+	sll	$num,2,%o1
+	add	%o1,$num,%o1		! %o1=num*5
+	sub	%o0,%o1,%o0
+	and	%o0,-2048,%o0		! optimize TLB utilization
+	sub	%o0,$bias,%sp		! alloca(5*num*8)
+
+	rd	%asi,%o7		! save %asi
+	add	%sp,$bias+$frame+$locals,$tp
+	add	$tp,$num,$ap_l
+	add	$ap_l,$num,$ap_l	! [an]p_[lh] point at the vectors' ends !
+	add	$ap_l,$num,$ap_h
+	add	$ap_h,$num,$np_l
+	add	$np_l,$num,$np_h
+
+	wr	%g0,$ASI_FL16_P,%asi	! setup %asi for 16-bit FP loads
+
+	add	$rp,$num,$rp		! readjust input pointers to point
+	add	$ap,$num,$ap		! at the ends too...
+	add	$bp,$num,$bp
+	add	$np,$num,$np
+
+	stx	%o7,[%sp+$bias+$frame+48]	! save %asi
+
+	sub	%g0,$num,$i		! i=-num
+	sub	%g0,$num,$j		! j=-num
+
+	add	$ap,$j,%o3
+	add	$bp,$i,%o4
+
+	ld	[%o3+4],%g1		! bp[0]
+	ld	[%o3+0],%o0
+	ld	[%o4+4],%g5		! ap[0]
+	sllx	%g1,32,%g1
+	ld	[%o4+0],%o1
+	sllx	%g5,32,%g5
+	or	%g1,%o0,%o0
+	or	%g5,%o1,%o1
+
+	add	$np,$j,%o5
+
+	mulx	%o1,%o0,%o0		! ap[0]*bp[0]
+	mulx	$n0,%o0,%o0		! ap[0]*bp[0]*n0
+	stx	%o0,[%sp+$bias+$frame+0]
+
+	ld	[%o3+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o3+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	! transfer b[i] to FPU as 4x16-bit values
+	ldda	[%o4+2]%asi,$ba
+	fxtod	$alo,$alo
+	ldda	[%o4+0]%asi,$bb
+	fxtod	$ahi,$ahi
+	ldda	[%o4+6]%asi,$bc
+	fxtod	$nlo,$nlo
+	ldda	[%o4+4]%asi,$bd
+	fxtod	$nhi,$nhi
+
+	! transfer ap[0]*b[0]*n0 to FPU as 4x16-bit values
+	ldda	[%sp+$bias+$frame+6]%asi,$na
+	fxtod	$ba,$ba
+	ldda	[%sp+$bias+$frame+4]%asi,$nb
+	fxtod	$bb,$bb
+	ldda	[%sp+$bias+$frame+2]%asi,$nc
+	fxtod	$bc,$bc
+	ldda	[%sp+$bias+$frame+0]%asi,$nd
+	fxtod	$bd,$bd
+
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+	fxtod	$na,$na
+	std	$ahi,[$ap_h+$j]
+	fxtod	$nb,$nb
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+	fxtod	$nc,$nc
+	std	$nhi,[$np_h+$j]
+	fxtod	$nd,$nd
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+		fmuld	$alo,$bd,$alod
+	faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+		fmuld	$ahi,$ba,$ahia
+	faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+		fmuld	$ahi,$bb,$ahib
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	add	$j,8,$j
+	std	$nlob,[%sp+$bias+$frame+8]
+	add	$ap,$j,%o4
+	std	$nloc,[%sp+$bias+$frame+16]
+	add	$np,$j,%o5
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o4+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	fxtod	$alo,$alo
+	fxtod	$ahi,$ahi
+	fxtod	$nlo,$nlo
+	fxtod	$nhi,$nhi
+
+	ldx	[%sp+$bias+$frame+0],%o0
+		fmuld	$alo,$ba,$aloa
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$nlo,$na,$nloa
+	ldx	[%sp+$bias+$frame+16],%o2
+		fmuld	$alo,$bb,$alob
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$nlo,$nb,$nlob
+
+	srlx	%o0,16,%o7
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+		fmuld	$alo,$bc,$aloc
+	add	%o7,%o1,%o1
+	std	$ahi,[$ap_h+$j]
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	srlx	%o1,16,%o7
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+		fmuld	$alo,$bd,$alod
+	add	%o7,%o2,%o2
+	std	$nhi,[$np_h+$j]
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	srlx	%o2,16,%o7
+		fmuld	$ahi,$ba,$ahia
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	!and	%o0,$mask,%o0
+	!and	%o1,$mask,%o1
+	!and	%o2,$mask,%o2
+	!sllx	%o1,16,%o1
+	!sllx	%o2,32,%o2
+	!sllx	%o3,48,%o7
+	!or	%o1,%o0,%o0
+	!or	%o2,%o0,%o0
+	!or	%o7,%o0,%o0		! 64-bit result
+	srlx	%o3,16,%g1		! 34-bit carry
+		fmuld	$ahi,$bb,$ahib
+
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$dota,$nloa,$nloa
+	faddd	$dotb,$nlob,$nlob
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	addcc	$j,8,$j
+	std	$nloc,[%sp+$bias+$frame+16]
+	bz,pn	%icc,.L1stskip
+	std	$nlod,[%sp+$bias+$frame+24]
+
+.align	32			! incidentally already aligned !
+.L1st:
+	add	$ap,$j,%o4
+	add	$np,$j,%o5
+	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
+	fzeros	$alo
+	ld	[%o4+4],$ahi_
+	fzeros	$ahi
+	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
+	fzeros	$nlo
+	ld	[%o5+4],$nhi_
+	fzeros	$nhi
+
+	fxtod	$alo,$alo
+	fxtod	$ahi,$ahi
+	fxtod	$nlo,$nlo
+	fxtod	$nhi,$nhi
+
+	ldx	[%sp+$bias+$frame+0],%o0
+		fmuld	$alo,$ba,$aloa
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$nlo,$na,$nloa
+	ldx	[%sp+$bias+$frame+16],%o2
+		fmuld	$alo,$bb,$alob
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$nlo,$nb,$nlob
+
+	srlx	%o0,16,%o7
+	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
+		fmuld	$alo,$bc,$aloc
+	add	%o7,%o1,%o1
+	std	$ahi,[$ap_h+$j]
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	srlx	%o1,16,%o7
+	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
+		fmuld	$alo,$bd,$alod
+	add	%o7,%o2,%o2
+	std	$nhi,[$np_h+$j]
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	srlx	%o2,16,%o7
+		fmuld	$ahi,$ba,$ahia
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		fmuld	$ahi,$bb,$ahib
+	sllx	%o1,16,%o1
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	sllx	%o2,32,%o2
+		fmuld	$ahi,$bc,$ahic
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	or	%o2,%o0,%o0
+		fmuld	$ahi,$bd,$ahid
+	or	%o7,%o0,%o0		! 64-bit result
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	addcc	%g1,%o0,%o0
+		faddd	$dota,$nloa,$nloa
+	srlx	%o3,16,%g1		! 34-bit carry
+		faddd	$dotb,$nlob,$nlob
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]=
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	addcc	$j,8,$j
+	bnz,pt	%icc,.L1st
+	add	$tp,8,$tp
+
+.L1stskip:
+	fdtox	$dota,$dota
+	fdtox	$dotb,$dotb
+
+	ldx	[%sp+$bias+$frame+0],%o0
+	ldx	[%sp+$bias+$frame+8],%o1
+	ldx	[%sp+$bias+$frame+16],%o2
+	ldx	[%sp+$bias+$frame+24],%o3
+
+	srlx	%o0,16,%o7
+	std	$dota,[%sp+$bias+$frame+32]
+	add	%o7,%o1,%o1
+	std	$dotb,[%sp+$bias+$frame+40]
+	srlx	%o1,16,%o7
+	add	%o7,%o2,%o2
+	srlx	%o2,16,%o7
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+	sllx	%o1,16,%o1
+	sllx	%o2,32,%o2
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+	or	%o2,%o0,%o0
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[%sp+$bias+$frame+32],%o4
+	addcc	%g1,%o0,%o0
+	ldx	[%sp+$bias+$frame+40],%o5
+	srlx	%o3,16,%g1		! 34-bit carry
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]=
+	add	$tp,8,$tp
+
+	srlx	%o4,16,%o7
+	add	%o7,%o5,%o5
+	and	%o4,$mask,%o4
+	sllx	%o5,16,%o7
+	or	%o7,%o4,%o4
+	addcc	%g1,%o4,%o4
+	srlx	%o5,48,%g1
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	mov	%g1,$carry
+	stx	%o4,[$tp]		! tp[num-1]=
+
+	ba	.Louter
+	add	$i,8,$i
+.align	32
+.Louter:
+	sub	%g0,$num,$j		! j=-num
+	add	%sp,$bias+$frame+$locals,$tp
+
+	add	$ap,$j,%o3
+	add	$bp,$i,%o4
+
+	ld	[%o3+4],%g1		! bp[i]
+	ld	[%o3+0],%o0
+	ld	[%o4+4],%g5		! ap[0]
+	sllx	%g1,32,%g1
+	ld	[%o4+0],%o1
+	sllx	%g5,32,%g5
+	or	%g1,%o0,%o0
+	or	%g5,%o1,%o1
+
+	ldx	[$tp],%o2		! tp[0]
+	mulx	%o1,%o0,%o0
+	addcc	%o2,%o0,%o0
+	mulx	$n0,%o0,%o0		! (ap[0]*bp[i]+t[0])*n0
+	stx	%o0,[%sp+$bias+$frame+0]
+
+	! transfer b[i] to FPU as 4x16-bit values
+	ldda	[%o4+2]%asi,$ba
+	ldda	[%o4+0]%asi,$bb
+	ldda	[%o4+6]%asi,$bc
+	ldda	[%o4+4]%asi,$bd
+
+	! transfer (ap[0]*b[i]+t[0])*n0 to FPU as 4x16-bit values
+	ldda	[%sp+$bias+$frame+6]%asi,$na
+	fxtod	$ba,$ba
+	ldda	[%sp+$bias+$frame+4]%asi,$nb
+	fxtod	$bb,$bb
+	ldda	[%sp+$bias+$frame+2]%asi,$nc
+	fxtod	$bc,$bc
+	ldda	[%sp+$bias+$frame+0]%asi,$nd
+	fxtod	$bd,$bd
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	fxtod	$na,$na
+	ldd	[$ap_h+$j],$ahi
+	fxtod	$nb,$nb
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	fxtod	$nc,$nc
+	ldd	[$np_h+$j],$nhi
+	fxtod	$nd,$nd
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+		fmuld	$alo,$bd,$alod
+	faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+		fmuld	$ahi,$ba,$ahia
+	faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+		fmuld	$ahi,$bb,$ahib
+	faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+		fmuld	$ahi,$bc,$ahic
+	faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+		fmuld	$ahi,$bd,$ahid
+	faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+
+	faddd	$ahic,$nhic,$dota	! $nhic
+	faddd	$ahid,$nhid,$dotb	! $nhid
+
+	faddd	$nloc,$nhia,$nloc
+	faddd	$nlod,$nhib,$nlod
+
+	fdtox	$nloa,$nloa
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	add	$j,8,$j
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	ldd	[$ap_h+$j],$ahi
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	ldd	[$np_h+$j],$nhi
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	ldx	[%sp+$bias+$frame+0],%o0
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$alo,$bd,$alod
+	ldx	[%sp+$bias+$frame+16],%o2
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$ahi,$ba,$ahia
+
+	srlx	%o0,16,%o7
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	add	%o7,%o1,%o1
+		fmuld	$ahi,$bb,$ahib
+	srlx	%o1,16,%o7
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	add	%o7,%o2,%o2
+		fmuld	$ahi,$bc,$ahic
+	srlx	%o2,16,%o7
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	! why?
+	and	%o0,$mask,%o0
+		fmuld	$ahi,$bd,$ahid
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	sllx	%o1,16,%o1
+		faddd	$dota,$nloa,$nloa
+	sllx	%o2,32,%o2
+		faddd	$dotb,$nlob,$nlob
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahic,$nhic,$dota	! $nhic
+	or	%o2,%o0,%o0
+		faddd	$ahid,$nhid,$dotb	! $nhid
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[$tp],%o7
+		faddd	$nloc,$nhia,$nloc
+	addcc	%o7,%o0,%o0
+	! end-of-why?
+		faddd	$nlod,$nhib,$nlod
+	srlx	%o3,16,%g1		! 34-bit carry
+		fdtox	$nloa,$nloa
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	fdtox	$nlob,$nlob
+	fdtox	$nloc,$nloc
+	fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	addcc	$j,8,$j
+	std	$nloc,[%sp+$bias+$frame+16]
+	bz,pn	%icc,.Linnerskip
+	std	$nlod,[%sp+$bias+$frame+24]
+
+	ba	.Linner
+	nop
+.align	32
+.Linner:
+	ldd	[$ap_l+$j],$alo		! load a[j] in double format
+	ldd	[$ap_h+$j],$ahi
+	ldd	[$np_l+$j],$nlo		! load n[j] in double format
+	ldd	[$np_h+$j],$nhi
+
+		fmuld	$alo,$ba,$aloa
+		fmuld	$nlo,$na,$nloa
+		fmuld	$alo,$bb,$alob
+		fmuld	$nlo,$nb,$nlob
+		fmuld	$alo,$bc,$aloc
+	ldx	[%sp+$bias+$frame+0],%o0
+		faddd	$aloa,$nloa,$nloa
+		fmuld	$nlo,$nc,$nloc
+	ldx	[%sp+$bias+$frame+8],%o1
+		fmuld	$alo,$bd,$alod
+	ldx	[%sp+$bias+$frame+16],%o2
+		faddd	$alob,$nlob,$nlob
+		fmuld	$nlo,$nd,$nlod
+	ldx	[%sp+$bias+$frame+24],%o3
+		fmuld	$ahi,$ba,$ahia
+
+	srlx	%o0,16,%o7
+		faddd	$aloc,$nloc,$nloc
+		fmuld	$nhi,$na,$nhia
+	add	%o7,%o1,%o1
+		fmuld	$ahi,$bb,$ahib
+	srlx	%o1,16,%o7
+		faddd	$alod,$nlod,$nlod
+		fmuld	$nhi,$nb,$nhib
+	add	%o7,%o2,%o2
+		fmuld	$ahi,$bc,$ahic
+	srlx	%o2,16,%o7
+		faddd	$ahia,$nhia,$nhia
+		fmuld	$nhi,$nc,$nhic
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+		fmuld	$ahi,$bd,$ahid
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+		faddd	$ahib,$nhib,$nhib
+		fmuld	$nhi,$nd,$nhid
+	sllx	%o1,16,%o1
+		faddd	$dota,$nloa,$nloa
+	sllx	%o2,32,%o2
+		faddd	$dotb,$nlob,$nlob
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+		faddd	$ahic,$nhic,$dota	! $nhic
+	or	%o2,%o0,%o0
+		faddd	$ahid,$nhid,$dotb	! $nhid
+	or	%o7,%o0,%o0		! 64-bit result
+		faddd	$nloc,$nhia,$nloc
+	addcc	%g1,%o0,%o0
+	ldx	[$tp+8],%o7		! tp[j]
+		faddd	$nlod,$nhib,$nlod
+	srlx	%o3,16,%g1		! 34-bit carry
+		fdtox	$nloa,$nloa
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+		fdtox	$nlob,$nlob
+	addcc	%o7,%o0,%o0
+		fdtox	$nloc,$nloc
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]
+		fdtox	$nlod,$nlod
+
+	std	$nloa,[%sp+$bias+$frame+0]
+	std	$nlob,[%sp+$bias+$frame+8]
+	std	$nloc,[%sp+$bias+$frame+16]
+	addcc	$j,8,$j
+	std	$nlod,[%sp+$bias+$frame+24]
+	bnz,pt	%icc,.Linner
+	add	$tp,8,$tp
+
+.Linnerskip:
+	fdtox	$dota,$dota
+	fdtox	$dotb,$dotb
+
+	ldx	[%sp+$bias+$frame+0],%o0
+	ldx	[%sp+$bias+$frame+8],%o1
+	ldx	[%sp+$bias+$frame+16],%o2
+	ldx	[%sp+$bias+$frame+24],%o3
+
+	srlx	%o0,16,%o7
+	std	$dota,[%sp+$bias+$frame+32]
+	add	%o7,%o1,%o1
+	std	$dotb,[%sp+$bias+$frame+40]
+	srlx	%o1,16,%o7
+	add	%o7,%o2,%o2
+	srlx	%o2,16,%o7
+	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
+	and	%o0,$mask,%o0
+	and	%o1,$mask,%o1
+	and	%o2,$mask,%o2
+	sllx	%o1,16,%o1
+	sllx	%o2,32,%o2
+	sllx	%o3,48,%o7
+	or	%o1,%o0,%o0
+	or	%o2,%o0,%o0
+	ldx	[%sp+$bias+$frame+32],%o4
+	or	%o7,%o0,%o0		! 64-bit result
+	ldx	[%sp+$bias+$frame+40],%o5
+	addcc	%g1,%o0,%o0
+	ldx	[$tp+8],%o7		! tp[j]
+	srlx	%o3,16,%g1		! 34-bit carry
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	addcc	%o7,%o0,%o0
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	stx	%o0,[$tp]		! tp[j-1]
+	add	$tp,8,$tp
+
+	srlx	%o4,16,%o7
+	add	%o7,%o5,%o5
+	and	%o4,$mask,%o4
+	sllx	%o5,16,%o7
+	or	%o7,%o4,%o4
+	addcc	%g1,%o4,%o4
+	srlx	%o5,48,%g1
+	bcs,a	%xcc,.+8
+	add	%g1,1,%g1
+
+	addcc	$carry,%o4,%o4
+	stx	%o4,[$tp]		! tp[num-1]
+	mov	%g1,$carry
+	bcs,a	%xcc,.+8
+	add	$carry,1,$carry
+
+	addcc	$i,8,$i
+	bnz	%icc,.Louter
+	nop
+
+	add	$tp,8,$tp		! adjust tp to point at the end
+	orn	%g0,%g0,%g4
+	sub	%g0,$num,%o7		! n=-num
+	ba	.Lsub
+	subcc	%g0,%g0,%g0		! clear %icc.c
+
+.align	32
+.Lsub:
+	ldx	[$tp+%o7],%o0
+	add	$np,%o7,%g1
+	ld	[%g1+0],%o2
+	ld	[%g1+4],%o3
+	srlx	%o0,32,%o1
+	subccc	%o0,%o2,%o2
+	add	$rp,%o7,%g1
+	subccc	%o1,%o3,%o3
+	st	%o2,[%g1+0]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lsub
+	st	%o3,[%g1+4]
+	subc	$carry,0,%g4
+	sub	%g0,$num,%o7		! n=-num
+	ba	.Lcopy
+	nop
+
+.align	32
+.Lcopy:
+	ldx	[$tp+%o7],%o0
+	add	$rp,%o7,%g1
+	ld	[%g1+0],%o2
+	ld	[%g1+4],%o3
+	stx	%g0,[$tp+%o7]
+	and	%o0,%g4,%o0
+	srlx	%o0,32,%o1
+	andn	%o2,%g4,%o2
+	andn	%o3,%g4,%o3
+	or	%o2,%o0,%o0
+	or	%o3,%o1,%o1
+	st	%o0,[%g1+0]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lcopy
+	st	%o1,[%g1+4]
+	sub	%g0,$num,%o7		! n=-num
+
+.Lzap:
+	stx	%g0,[$ap_l+%o7]
+	stx	%g0,[$ap_h+%o7]
+	stx	%g0,[$np_l+%o7]
+	stx	%g0,[$np_h+%o7]
+	add	%o7,8,%o7
+	brnz,pt	%o7,.Lzap
+	nop
+
+	ldx	[%sp+$bias+$frame+48],%o7
+	wr	%g0,%o7,%asi		! restore %asi
+
+	mov	1,%i0
+.Lret:
+	ret
+	restore
+.type   $fname,#function
+.size	$fname,(.-$fname)
+.asciz	"Montgomery Multipltication for UltraSPARC, CRYPTOGAMS by <appro\@openssl.org>"
+.align	32
+___
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+# Below substitution makes it possible to compile without demanding
+# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
+# dare to do this, because VIS capability is detected at run-time now
+# and this routine is not called on CPU not capable to execute it. Do
+# note that fzeros is not the only VIS dependency! Another dependency
+# is implicit and is just _a_ numerical value loaded to %asi register,
+# which assembler can't recognize as VIS specific...
+$code =~ s/fzeros\s+%f([0-9]+)/
+	   sprintf(".word\t0x%x\t! fzeros %%f%d",0x81b00c20|($1<<25),$1)
+	  /gem;
+
+print $code;
+# flush
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/via-mont.pl b/openssl-1.1.0h/crypto/bn/asm/via-mont.pl
new file mode 100644
index 0000000..9f81bc8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/via-mont.pl
@@ -0,0 +1,254 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Wrapper around 'rep montmul', VIA-specific instruction accessing
+# PadLock Montgomery Multiplier. The wrapper is designed as drop-in
+# replacement for OpenSSL bn_mul_mont [first implemented in 0.9.9].
+#
+# Below are interleaved outputs from 'openssl speed rsa dsa' for 4
+# different software configurations on 1.5GHz VIA Esther processor.
+# Lines marked with "software integer" denote performance of hand-
+# coded integer-only assembler found in OpenSSL 0.9.7. "Software SSE2"
+# refers to hand-coded SSE2 Montgomery multiplication procedure found
+# OpenSSL 0.9.9. "Hardware VIA SDK" refers to padlock_pmm routine from
+# Padlock SDK 2.0.1 available for download from VIA, which naturally
+# utilizes the magic 'repz montmul' instruction. And finally "hardware
+# this" refers to *this* implementation which also uses 'repz montmul'
+#
+#                   sign    verify    sign/s verify/s
+# rsa  512 bits 0.001720s 0.000140s    581.4   7149.7	software integer
+# rsa  512 bits 0.000690s 0.000086s   1450.3  11606.0	software SSE2
+# rsa  512 bits 0.006136s 0.000201s    163.0   4974.5	hardware VIA SDK
+# rsa  512 bits 0.000712s 0.000050s   1404.9  19858.5	hardware this
+#
+# rsa 1024 bits 0.008518s 0.000413s    117.4   2420.8	software integer
+# rsa 1024 bits 0.004275s 0.000277s    233.9   3609.7	software SSE2
+# rsa 1024 bits 0.012136s 0.000260s     82.4   3844.5	hardware VIA SDK
+# rsa 1024 bits 0.002522s 0.000116s    396.5   8650.9	hardware this
+#
+# rsa 2048 bits 0.050101s 0.001371s     20.0    729.6	software integer
+# rsa 2048 bits 0.030273s 0.001008s     33.0    991.9	software SSE2
+# rsa 2048 bits 0.030833s 0.000976s     32.4   1025.1	hardware VIA SDK
+# rsa 2048 bits 0.011879s 0.000342s     84.2   2921.7	hardware this
+#
+# rsa 4096 bits 0.327097s 0.004859s      3.1    205.8	software integer
+# rsa 4096 bits 0.229318s 0.003859s      4.4    259.2	software SSE2
+# rsa 4096 bits 0.233953s 0.003274s      4.3    305.4	hardware VIA SDK
+# rsa 4096 bits 0.070493s 0.001166s     14.2    857.6	hardware this
+#
+# dsa  512 bits 0.001342s 0.001651s    745.2    605.7	software integer
+# dsa  512 bits 0.000844s 0.000987s   1185.3   1013.1	software SSE2
+# dsa  512 bits 0.001902s 0.002247s    525.6    444.9	hardware VIA SDK
+# dsa  512 bits 0.000458s 0.000524s   2182.2   1909.1	hardware this
+#
+# dsa 1024 bits 0.003964s 0.004926s    252.3    203.0	software integer
+# dsa 1024 bits 0.002686s 0.003166s    372.3    315.8	software SSE2
+# dsa 1024 bits 0.002397s 0.002823s    417.1    354.3	hardware VIA SDK
+# dsa 1024 bits 0.000978s 0.001170s   1022.2    855.0	hardware this
+#
+# dsa 2048 bits 0.013280s 0.016518s     75.3     60.5	software integer
+# dsa 2048 bits 0.009911s 0.011522s    100.9     86.8	software SSE2
+# dsa 2048 bits 0.009542s 0.011763s    104.8     85.0	hardware VIA SDK
+# dsa 2048 bits 0.002884s 0.003352s    346.8    298.3	hardware this
+#
+# To give you some other reference point here is output for 2.4GHz P4
+# running hand-coded SSE2 bn_mul_mont found in 0.9.9, i.e. "software
+# SSE2" in above terms.
+#
+# rsa  512 bits 0.000407s 0.000047s   2454.2  21137.0
+# rsa 1024 bits 0.002426s 0.000141s    412.1   7100.0
+# rsa 2048 bits 0.015046s 0.000491s     66.5   2034.9
+# rsa 4096 bits 0.109770s 0.002379s      9.1    420.3
+# dsa  512 bits 0.000438s 0.000525s   2281.1   1904.1
+# dsa 1024 bits 0.001346s 0.001595s    742.7    627.0
+# dsa 2048 bits 0.004745s 0.005582s    210.7    179.1
+#
+# Conclusions: 
+# - VIA SDK leaves a *lot* of room for improvement (which this
+#   implementation successfully fills:-);
+# - 'rep montmul' gives up to >3x performance improvement depending on
+#   key length;
+# - in terms of absolute performance it delivers approximately as much
+#   as modern out-of-order 32-bit cores [again, for longer keys].
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"via-mont.pl");
+
+# int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
+$func="bn_mul_mont_padlock";
+
+$pad=16*1;	# amount of reserved bytes on top of every vector
+
+# stack layout
+$mZeroPrime=&DWP(0,"esp");		# these are specified by VIA
+$A=&DWP(4,"esp");
+$B=&DWP(8,"esp");
+$T=&DWP(12,"esp");
+$M=&DWP(16,"esp");
+$scratch=&DWP(20,"esp");
+$rp=&DWP(24,"esp");			# these are mine
+$sp=&DWP(28,"esp");
+# &DWP(32,"esp")			# 32 byte scratch area
+# &DWP(64+(4*$num+$pad)*0,"esp")	# padded tp[num]
+# &DWP(64+(4*$num+$pad)*1,"esp")	# padded copy of ap[num]
+# &DWP(64+(4*$num+$pad)*2,"esp")	# padded copy of bp[num]
+# &DWP(64+(4*$num+$pad)*3,"esp")	# padded copy of np[num]
+# Note that SDK suggests to unconditionally allocate 2K per vector. This
+# has quite an impact on performance. It naturally depends on key length,
+# but to give an example 1024 bit private RSA key operations suffer >30%
+# penalty. I allocate only as much as actually required...
+
+&function_begin($func);
+	&xor	("eax","eax");
+	&mov	("ecx",&wparam(5));	# num
+	# meet VIA's limitations for num [note that the specification
+	# expresses them in bits, while we work with amount of 32-bit words]
+	&test	("ecx",3);
+	&jnz	(&label("leave"));	# num % 4 != 0
+	&cmp	("ecx",8);
+	&jb	(&label("leave"));	# num < 8
+	&cmp	("ecx",1024);
+	&ja	(&label("leave"));	# num > 1024
+
+	&pushf	();
+	&cld	();
+
+	&mov	("edi",&wparam(0));	# rp
+	&mov	("eax",&wparam(1));	# ap
+	&mov	("ebx",&wparam(2));	# bp
+	&mov	("edx",&wparam(3));	# np
+	&mov	("esi",&wparam(4));	# n0
+	&mov	("esi",&DWP(0,"esi"));	# *n0
+
+	&lea	("ecx",&DWP($pad,"","ecx",4));	# ecx becomes vector size in bytes
+	&lea	("ebp",&DWP(64,"","ecx",4));	# allocate 4 vectors + 64 bytes
+	&neg	("ebp");
+	&add	("ebp","esp");
+	&and	("ebp",-64);		# align to cache-line
+	&xchg	("ebp","esp");		# alloca
+
+	&mov	($rp,"edi");		# save rp
+	&mov	($sp,"ebp");		# save esp
+
+	&mov	($mZeroPrime,"esi");
+	&lea	("esi",&DWP(64,"esp"));	# tp
+	&mov	($T,"esi");
+	&lea	("edi",&DWP(32,"esp"));	# scratch area
+	&mov	($scratch,"edi");
+	&mov	("esi","eax");
+
+	&lea	("ebp",&DWP(-$pad,"ecx"));
+	&shr	("ebp",2);		# restore original num value in ebp
+
+	&xor	("eax","eax");
+
+	&mov	("ecx","ebp");
+	&lea	("ecx",&DWP((32+$pad)/4,"ecx"));# padded tp + scratch
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	&mov	("ecx","ebp");
+	&lea	("edi",&DWP(64+$pad,"esp","ecx",4));# pointer to ap copy
+	&mov	($A,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded ap copy...
+
+	&mov	("ecx","ebp");
+	&mov	("esi","ebx");
+	&mov	($B,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded bp copy...
+
+	&mov	("ecx","ebp");
+	&mov	("esi","edx");
+	&mov	($M,"edi");
+	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
+	&mov	("ecx",$pad/4);
+	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
+	# edi points at the end of padded np copy...
+
+	# let magic happen...
+	&mov	("ecx","ebp");
+	&mov	("esi","esp");
+	&shl	("ecx",5);		# convert word counter to bit counter
+	&align	(4);
+	&data_byte(0xf3,0x0f,0xa6,0xc0);# rep montmul
+
+	&mov	("ecx","ebp");
+	&lea	("esi",&DWP(64,"esp"));		# tp
+	# edi still points at the end of padded np copy...
+	&neg	("ebp");
+	&lea	("ebp",&DWP(-$pad,"edi","ebp",4));	# so just "rewind"
+	&mov	("edi",$rp);			# restore rp
+	&xor	("edx","edx");			# i=0 and clear CF
+
+&set_label("sub",8);
+	&mov	("eax",&DWP(0,"esi","edx",4));
+	&sbb	("eax",&DWP(0,"ebp","edx",4));
+	&mov	(&DWP(0,"edi","edx",4),"eax");	# rp[i]=tp[i]-np[i]
+	&lea	("edx",&DWP(1,"edx"));		# i++
+	&loop	(&label("sub"));		# doesn't affect CF!
+
+	&mov	("eax",&DWP(0,"esi","edx",4));	# upmost overflow bit
+	&sbb	("eax",0);
+	&and	("esi","eax");
+	&not	("eax");
+	&mov	("ebp","edi");
+	&and	("ebp","eax");
+	&or	("esi","ebp");			# tp=carry?tp:rp
+
+	&mov	("ecx","edx");			# num
+	&xor	("edx","edx");			# i=0
+
+&set_label("copy",8);
+	&mov	("eax",&DWP(0,"esi","edx",4));
+	&mov	(&DWP(64,"esp","edx",4),"ecx");	# zap tp
+	&mov	(&DWP(0,"edi","edx",4),"eax");
+	&lea	("edx",&DWP(1,"edx"));		# i++
+	&loop	(&label("copy"));
+
+	&mov	("ebp",$sp);
+	&xor	("eax","eax");
+
+	&mov	("ecx",64/4);
+	&mov	("edi","esp");		# zap frame including scratch area
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	# zap copies of ap, bp and np
+	&lea	("edi",&DWP(64+$pad,"esp","edx",4));# pointer to ap
+	&lea	("ecx",&DWP(3*$pad/4,"edx","edx",2));
+	&data_byte(0xf3,0xab);		# rep stosl, bzero
+
+	&mov	("esp","ebp");
+	&inc	("eax");		# signal "done"
+	&popf	();
+&set_label("leave");
+&function_end($func);
+
+&asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/vis3-mont.pl b/openssl-1.1.0h/crypto/bn/asm/vis3-mont.pl
new file mode 100644
index 0000000..64dba44
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/vis3-mont.pl
@@ -0,0 +1,384 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2012.
+#
+# SPARCv9 VIS3 Montgomery multiplicaion procedure suitable for T3 and
+# onward. There are three new instructions used here: umulxhi,
+# addxc[cc] and initializing store. On T3 RSA private key operations
+# are 1.54/1.87/2.11/2.26 times faster for 512/1024/2048/4096-bit key
+# lengths. This is without dedicated squaring procedure. On T4
+# corresponding coefficients are 1.47/2.10/2.80/2.90x, which is mostly
+# for reference purposes, because T4 has dedicated Montgomery
+# multiplication and squaring *instructions* that deliver even more.
+
+$output = pop;
+open STDOUT,">$output";
+
+$frame = "STACK_FRAME";
+$bias = "STACK_BIAS";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+___
+
+($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)=
+	(map("%g$_",(1..5)),map("%o$_",(0..5,7)));
+
+# int bn_mul_mont(
+$rp="%o0";	# BN_ULONG *rp,
+$ap="%o1";	# const BN_ULONG *ap,
+$bp="%o2";	# const BN_ULONG *bp,
+$np="%o3";	# const BN_ULONG *np,
+$n0p="%o4";	# const BN_ULONG *n0,
+$num="%o5";	# int num);	# caller ensures that num is even
+				# and >=6
+$code.=<<___;
+.globl	bn_mul_mont_vis3
+.align	32
+bn_mul_mont_vis3:
+	add	%sp,	$bias,	%g4	! real top of stack
+	sll	$num,	2,	$num	! size in bytes
+	add	$num,	63,	%g5
+	andn	%g5,	63,	%g5	! buffer size rounded up to 64 bytes
+	add	%g5,	%g5,	%g1
+	add	%g5,	%g1,	%g1	! 3*buffer size
+	sub	%g4,	%g1,	%g1
+	andn	%g1,	63,	%g1	! align at 64 byte
+	sub	%g1,	$frame,	%g1	! new top of stack
+	sub	%g1,	%g4,	%g1
+
+	save	%sp,	%g1,	%sp
+___
+
+#	+-------------------------------+<-----	%sp
+#	.				.
+#	+-------------------------------+<-----	aligned at 64 bytes
+#	| __int64 tmp[0]		|
+#	+-------------------------------+
+#	.				.
+#	.				.
+#	+-------------------------------+<----- aligned at 64 bytes
+#	| __int64 ap[1..0]		|	converted ap[]
+#	+-------------------------------+
+#	| __int64 np[1..0]		|	converted np[]
+#	+-------------------------------+
+#	| __int64 ap[3..2]		|
+#	.				.
+#	.				.
+#	+-------------------------------+
+($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5));
+($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$anp)=map("%l$_",(0..7));
+($ovf,$i)=($t0,$t1);
+$code.=<<___;
+	ld	[$n0p+0],	$t0	! pull n0[0..1] value
+	add	%sp, $bias+$frame, $tp
+	ld	[$n0p+4],	$t1
+	add	$tp,	%g5,	$anp
+	ld	[$bp+0],	$t2	! m0=bp[0]
+	sllx	$t1,	32,	$n0
+	ld	[$bp+4],	$t3
+	or	$t0,	$n0,	$n0
+	add	$bp,	8,	$bp
+
+	ld	[$ap+0],	$t0	! ap[0]
+	sllx	$t3,	32,	$m0
+	ld	[$ap+4],	$t1
+	or	$t2,	$m0,	$m0
+
+	ld	[$ap+8],	$t2	! ap[1]
+	sllx	$t1,	32,	$aj
+	ld	[$ap+12],	$t3
+	or	$t0,	$aj,	$aj
+	add	$ap,	16,	$ap
+	stx	$aj,	[$anp]		! converted ap[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[0]
+	umulxhi	$aj,	$m0,	$hi0
+
+	ld	[$np+0],	$t0	! np[0]
+	sllx	$t3,	32,	$aj
+	ld	[$np+4],	$t1
+	or	$t2,	$aj,	$aj
+
+	ld	[$np+8],	$t2	! np[1]
+	sllx	$t1,	32,	$nj
+	ld	[$np+12],	$t3
+	or	$t0, $nj,	$nj
+	add	$np,	16,	$np
+	stx	$nj,	[$anp+8]	! converted np[0]
+
+	mulx	$lo0,	$n0,	$m1	! "tp[0]"*n0
+	stx	$aj,	[$anp+16]	! converted ap[1]
+
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[0]
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+
+	sllx	$t3,	32,	$nj
+	or	$t2,	$nj,	$nj
+	stx	$nj,	[$anp+24]	! converted np[1]
+	add	$anp,	32,	$anp
+
+	addcc	$lo0,	$lo1,	$lo1
+	addxc	%g0,	$hi1,	$hi1
+
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.L1st
+	sub	$num,	24,	$cnt	! cnt=num-3
+
+.align	16
+.L1st:
+	ld	[$ap+0],	$t0	! ap[j]
+	addcc	$alo,	$hi0,	$lo0
+	ld	[$ap+4],	$t1
+	addxc	$aj,	%g0,	$hi0
+
+	sllx	$t1,	32,	$aj
+	add	$ap,	8,	$ap
+	or	$t0,	$aj,	$aj
+	stx	$aj,	[$anp]		! converted ap[j]
+
+	ld	[$np+0],	$t2	! np[j]
+	addcc	$nlo,	$hi1,	$lo1
+	ld	[$np+4],	$t3
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+
+	sllx	$t3,	32,	$nj
+	add	$np,	8,	$np
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[0]
+	or	$t2,	$nj,	$nj
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	stx	$nj,	[$anp+8]	! converted np[j]
+	add	$anp,	16,	$anp	! anp++
+
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp	! tp++
+
+	brnz,pt	$cnt,	.L1st
+	sub	$cnt,	8,	$cnt	! j--
+!.L1st
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1
+	addcc	$lo0,	$lo1,	$lo1	! np[j]*m1+ap[j]*bp[0]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+
+	addcc	$hi0,	$hi1,	$hi1
+	addxc	%g0,	%g0,	$ovf	! upmost overflow bit
+	stx	$hi1,	[$tp]
+	add	$tp,	8,	$tp
+
+	ba	.Louter
+	sub	$num,	16,	$i	! i=num-2
+
+.align	16
+.Louter:
+	ld	[$bp+0],	$t2	! m0=bp[i]
+	ld	[$bp+4],	$t3
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+
+	add	$bp,	8,	$bp
+	sllx	$t3,	32,	$m0
+	ldx	[$anp+0],	$aj	! ap[0]
+	or	$t2,	$m0,	$m0
+	ldx	[$anp+8],	$nj	! np[0]
+
+	mulx	$aj,	$m0,	$lo0	! ap[0]*bp[i]
+	ldx	[$tp],		$tj	! tp[0]
+	umulxhi	$aj,	$m0,	$hi0
+	ldx	[$anp+16],	$aj	! ap[1]
+	addcc	$lo0,	$tj,	$lo0	! ap[0]*bp[i]+tp[0]
+	mulx	$aj,	$m0,	$alo	! ap[1]*bp[i]
+	addxc	%g0,	$hi0,	$hi0
+	mulx	$lo0,	$n0,	$m1	! tp[0]*n0
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	mulx	$nj,	$m1,	$lo1	! np[0]*m1
+	umulxhi	$nj,	$m1,	$hi1
+	ldx	[$anp+24],	$nj	! np[1]
+	add	$anp,	32,	$anp
+	addcc	$lo1,	$lo0,	$lo1
+	mulx	$nj,	$m1,	$nlo	! np[1]*m1
+	addxc	%g0,	$hi1,	$hi1
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+
+	ba	.Linner
+	sub	$num,	24,	$cnt	! cnt=num-3
+.align	16
+.Linner:
+	addcc	$alo,	$hi0,	$lo0
+	ldx	[$tp+8],	$tj	! tp[j]
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	ldx	[$anp+0],	$aj	! ap[j]
+	addcc	$nlo,	$hi1,	$lo1
+	mulx	$aj,	$m0,	$alo	! ap[j]*bp[i]
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	ldx	[$anp+8],	$nj	! np[j]
+	add	$anp,	16,	$anp
+	umulxhi	$aj,	$m0,	$aj	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	mulx	$nj,	$m1,	$nlo	! np[j]*m1
+	addxc	%g0,	$hi0,	$hi0
+	umulxhi	$nj,	$m1,	$nj	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+	add	$tp,	8,	$tp
+	brnz,pt	$cnt,	.Linner
+	sub	$cnt,	8,	$cnt
+!.Linner
+	ldx	[$tp+8],	$tj	! tp[j]
+	addcc	$alo,	$hi0,	$lo0
+	addxc	$aj,	%g0,	$hi0	! ahi=aj
+	addcc	$lo0,	$tj,	$lo0	! ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi0,	$hi0
+
+	addcc	$nlo,	$hi1,	$lo1
+	addxc	$nj,	%g0,	$hi1	! nhi=nj
+	addcc	$lo1,	$lo0,	$lo1	! np[j]*m1+ap[j]*bp[i]+tp[j]
+	addxc	%g0,	$hi1,	$hi1
+	stx	$lo1,	[$tp]		! tp[j-1]
+
+	subcc	%g0,	$ovf,	%g0	! move upmost overflow to CCR.xcc
+	addxccc	$hi1,	$hi0,	$hi1
+	addxc	%g0,	%g0,	$ovf
+	stx	$hi1,	[$tp+8]
+	add	$tp,	16,	$tp
+
+	brnz,pt	$i,	.Louter
+	sub	$i,	8,	$i
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+	ba	.Lsub
+	subcc	$num,	8,	$cnt	! cnt=num-1 and clear CCR.xcc
+
+.align	16
+.Lsub:
+	ldx	[$tp],		$tj
+	add	$tp,	8,	$tp
+	ldx	[$anp+8],	$nj
+	add	$anp,	16,	$anp
+	subccc	$tj,	$nj,	$t2	! tp[j]-np[j]
+	srlx	$tj,	32,	$tj
+	srlx	$nj,	32,	$nj
+	subccc	$tj,	$nj,	$t3
+	add	$rp,	8,	$rp
+	st	$t2,	[$rp-4]		! reverse order
+	st	$t3,	[$rp-8]
+	brnz,pt	$cnt,	.Lsub
+	sub	$cnt,	8,	$cnt
+
+	sub	$anp,	$num,	$anp	! rewind
+	sub	$tp,	$num,	$tp
+	sub	$anp,	$num,	$anp
+	sub	$rp,	$num,	$rp
+
+	subc	$ovf,	%g0,	$ovf	! handle upmost overflow bit
+	and	$tp,	$ovf,	$ap
+	andn	$rp,	$ovf,	$np
+	or	$np,	$ap,	$ap	! ap=borrow?tp:rp
+	ba	.Lcopy
+	sub	$num,	8,	$cnt
+
+.align	16
+.Lcopy:					! copy or in-place refresh
+	ld	[$ap+0],	$t2
+	ld	[$ap+4],	$t3
+	add	$ap,	8,	$ap
+	stx	%g0,	[$tp]		! zap
+	add	$tp,	8,	$tp
+	stx	%g0,	[$anp]		! zap
+	stx	%g0,	[$anp+8]
+	add	$anp,	16,	$anp
+	st	$t3,	[$rp+0]		! flip order
+	st	$t2,	[$rp+4]
+	add	$rp,	8,	$rp
+	brnz	$cnt,	.Lcopy
+	sub	$cnt,	8,	$cnt
+
+	mov	1,	%o0
+	ret
+	restore
+.type	bn_mul_mont_vis3, #function
+.size	bn_mul_mont_vis3, .-bn_mul_mont_vis3
+.asciz  "Montgomery Multiplication for SPARCv9 VIS3, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/x86-gf2m.pl
new file mode 100644
index 0000000..f464368
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86-gf2m.pl
@@ -0,0 +1,325 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has three code paths: pure integer
+# code suitable for any x86 CPU, MMX code suitable for PIII and later
+# and PCLMULQDQ suitable for Westmere and later. Improvement varies
+# from one benchmark and µ-arch to another. Below are interval values
+# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
+# code:
+#
+# PIII		16%-30%
+# P4		12%-12%
+# Opteron	18%-40%
+# Core2		19%-44%
+# Atom		38%-64%
+# Westmere	53%-121%(PCLMULQDQ)/20%-32%(MMX)
+# Sandy Bridge	72%-127%(PCLMULQDQ)/27%-23%(MMX)
+#
+# Note that above improvement coefficients are not coefficients for
+# bn_GF2m_mul_2x2 itself. For example 120% ECDH improvement is result
+# of bn_GF2m_mul_2x2 being >4x faster. As it gets faster, benchmark
+# is more and more dominated by other subroutines, most notably by
+# BN_GF2m_mod[_mul]_arr...
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+$a="eax";
+$b="ebx";
+($a1,$a2,$a4)=("ecx","edx","ebp");
+
+$R="mm0";
+@T=("mm1","mm2");
+($A,$B,$B30,$B31)=("mm2","mm3","mm4","mm5");
+@i=("esi","edi");
+
+					if (!$x86only) {
+&function_begin_B("_mul_1x1_mmx");
+	&sub	("esp",32+4);
+	 &mov	($a1,$a);
+	 &lea	($a2,&DWP(0,$a,$a));
+	 &and	($a1,0x3fffffff);
+	 &lea	($a4,&DWP(0,$a2,$a2));
+	 &mov	(&DWP(0*4,"esp"),0);
+	 &and	($a2,0x7fffffff);
+	&movd	($A,$a);
+	&movd	($B,$b);
+	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
+	 &xor	($a1,$a2);		# a1^a2
+	&pxor	($B31,$B31);
+	&pxor	($B30,$B30);
+	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
+	 &xor	($a2,$a4);		# a2^a4
+	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
+	&pcmpgtd($B31,$A);		# broadcast 31st bit
+	&paddd	($A,$A);		# $A<<=1
+	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
+	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
+	 &xor	($a4,$a2);		# a2=a4^a2^a4
+	&pand	($B31,$B);
+	&pcmpgtd($B30,$A);		# broadcast 30th bit
+	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
+	 &xor	($a4,$a1);		# a1^a2^a4
+	&psllq	($B31,31);
+	&pand	($B30,$B);
+	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
+	&mov	(@i[0],0x7);
+	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
+	 &mov	($a4,@i[0]);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	&mov	(@i[1],$a4);
+	&psllq	($B30,30);
+	&and	(@i[1],$b);
+	&shr	($b,3);
+	&movd	($R,&DWP(0,"esp",@i[0],4));
+	&mov	(@i[0],$a4);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	for($n=1;$n<9;$n++) {
+		&movd	(@T[1],&DWP(0,"esp",@i[1],4));
+		&mov	(@i[1],$a4);
+		&psllq	(@T[1],3*$n);
+		&and	(@i[1],$b);
+		&shr	($b,3);
+		&pxor	($R,@T[1]);
+
+		push(@i,shift(@i)); push(@T,shift(@T));
+	}
+	&movd	(@T[1],&DWP(0,"esp",@i[1],4));
+	&pxor	($R,$B30);
+	&psllq	(@T[1],3*$n++);
+	&pxor	($R,@T[1]);
+
+	&movd	(@T[0],&DWP(0,"esp",@i[0],4));
+	&pxor	($R,$B31);
+	&psllq	(@T[0],3*$n);
+	&add	("esp",32+4);
+	&pxor	($R,@T[0]);
+	&ret	();
+&function_end_B("_mul_1x1_mmx");
+					}
+
+($lo,$hi)=("eax","edx");
+@T=("ecx","ebp");
+
+&function_begin_B("_mul_1x1_ialu");
+	&sub	("esp",32+4);
+	 &mov	($a1,$a);
+	 &lea	($a2,&DWP(0,$a,$a));
+	 &lea	($a4,&DWP(0,"",$a,4));
+	 &and	($a1,0x3fffffff);
+	&lea	(@i[1],&DWP(0,$lo,$lo));
+	&sar	($lo,31);		# broadcast 31st bit
+	 &mov	(&DWP(0*4,"esp"),0);
+	 &and	($a2,0x7fffffff);
+	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
+	 &xor	($a1,$a2);		# a1^a2
+	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
+	 &xor	($a2,$a4);		# a2^a4
+	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
+	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
+	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
+	 &xor	($a4,$a2);		# a2=a4^a2^a4
+	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
+	 &xor	($a4,$a1);		# a1^a2^a4
+	&sar	(@i[1],31);		# broardcast 30th bit
+	&and	($lo,$b);
+	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
+	&and	(@i[1],$b);
+	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
+	&mov	($hi,$lo);
+	&shl	($lo,31);
+	&mov	(@T[0],@i[1]);
+	&shr	($hi,1);
+
+	 &mov	(@i[0],0x7);
+	&shl	(@i[1],30);
+	 &and	(@i[0],$b);
+	&shr	(@T[0],2);
+	&xor	($lo,@i[1]);
+
+	&shr	($b,3);
+	&mov	(@i[1],0x7);		# 5-byte instruction!?
+	&and	(@i[1],$b);
+	&shr	($b,3);
+	 &xor	($hi,@T[0]);
+	&xor	($lo,&DWP(0,"esp",@i[0],4));
+	&mov	(@i[0],0x7);
+	&and	(@i[0],$b);
+	&shr	($b,3);
+	for($n=1;$n<9;$n++) {
+		&mov	(@T[1],&DWP(0,"esp",@i[1],4));
+		&mov	(@i[1],0x7);
+		&mov	(@T[0],@T[1]);
+		&shl	(@T[1],3*$n);
+		&and	(@i[1],$b);
+		&shr	(@T[0],32-3*$n);
+		&xor	($lo,@T[1]);
+		&shr	($b,3);
+		&xor	($hi,@T[0]);
+
+		push(@i,shift(@i)); push(@T,shift(@T));
+	}
+	&mov	(@T[1],&DWP(0,"esp",@i[1],4));
+	&mov	(@T[0],@T[1]);
+	&shl	(@T[1],3*$n);
+	&mov	(@i[1],&DWP(0,"esp",@i[0],4));
+	&shr	(@T[0],32-3*$n);	$n++;
+	&mov	(@i[0],@i[1]);
+	&xor	($lo,@T[1]);
+	&shl	(@i[1],3*$n);
+	&xor	($hi,@T[0]);
+	&shr	(@i[0],32-3*$n);
+	&xor	($lo,@i[1]);
+	&xor	($hi,@i[0]);
+
+	&add	("esp",32+4);
+	&ret	();
+&function_end_B("_mul_1x1_ialu");
+
+# void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
+&function_begin_B("bn_GF2m_mul_2x2");
+if (!$x86only) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&mov	("eax",&DWP(0,"edx"));
+	&mov	("edx",&DWP(4,"edx"));
+	&test	("eax",1<<23);		# check MMX bit
+	&jz	(&label("ialu"));
+if ($sse2) {
+	&test	("eax",1<<24);		# check FXSR bit
+	&jz	(&label("mmx"));
+	&test	("edx",1<<1);		# check PCLMULQDQ bit
+	&jz	(&label("mmx"));
+
+	&movups		("xmm0",&QWP(8,"esp"));
+	&shufps		("xmm0","xmm0",0b10110001);
+	&pclmulqdq	("xmm0","xmm0",1);
+	&mov		("eax",&DWP(4,"esp"));
+	&movups		(&QWP(0,"eax"),"xmm0");
+	&ret	();
+
+&set_label("mmx",16);
+}
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&call	("_mul_1x1_mmx");	# a1·b1
+	&movq	("mm7",$R);
+
+	&mov	($a,&wparam(2));
+	&mov	($b,&wparam(4));
+	&call	("_mul_1x1_mmx");	# a0·b0
+	&movq	("mm6",$R);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&xor	($a,&wparam(2));
+	&xor	($b,&wparam(4));
+	&call	("_mul_1x1_mmx");	# (a0+a1)·(b0+b1)
+	&pxor	($R,"mm7");
+	&mov	($a,&wparam(0));
+	&pxor	($R,"mm6");		# (a0+a1)·(b0+b1)-a1·b1-a0·b0
+
+	&movq	($A,$R);
+	&psllq	($R,32);
+	&pop	("edi");
+	&psrlq	($A,32);
+	&pop	("esi");
+	&pxor	($R,"mm6");
+	&pop	("ebx");
+	&pxor	($A,"mm7");
+	&movq	(&QWP(0,$a),$R);
+	&pop	("ebp");
+	&movq	(&QWP(8,$a),$A);
+	&emms	();
+	&ret	();
+&set_label("ialu",16);
+}
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+	&stack_push(4+1);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&call	("_mul_1x1_ialu");	# a1·b1
+	&mov	(&DWP(8,"esp"),$lo);
+	&mov	(&DWP(12,"esp"),$hi);
+
+	&mov	($a,&wparam(2));
+	&mov	($b,&wparam(4));
+	&call	("_mul_1x1_ialu");	# a0·b0
+	&mov	(&DWP(0,"esp"),$lo);
+	&mov	(&DWP(4,"esp"),$hi);
+
+	&mov	($a,&wparam(1));
+	&mov	($b,&wparam(3));
+	&xor	($a,&wparam(2));
+	&xor	($b,&wparam(4));
+	&call	("_mul_1x1_ialu");	# (a0+a1)·(b0+b1)
+
+	&mov	("ebp",&wparam(0));
+		 @r=("ebx","ecx","edi","esi");
+	&mov	(@r[0],&DWP(0,"esp"));
+	&mov	(@r[1],&DWP(4,"esp"));
+	&mov	(@r[2],&DWP(8,"esp"));
+	&mov	(@r[3],&DWP(12,"esp"));
+
+	&xor	($lo,$hi);
+	&xor	($hi,@r[1]);
+	&xor	($lo,@r[0]);
+	&mov	(&DWP(0,"ebp"),@r[0]);
+	&xor	($hi,@r[2]);
+	&mov	(&DWP(12,"ebp"),@r[3]);
+	&xor	($lo,@r[3]);
+	&stack_pop(4+1);
+	&xor	($hi,@r[3]);
+	&pop	("edi");
+	&xor	($lo,$hi);
+	&pop	("esi");
+	&mov	(&DWP(8,"ebp"),$hi);
+	&pop	("ebx");
+	&mov	(&DWP(4,"ebp"),$lo);
+	&pop	("ebp");
+	&ret	();
+&function_end_B("bn_GF2m_mul_2x2");
+
+&asciz	("GF(2^m) Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86-mont.pl b/openssl-1.1.0h/crypto/bn/asm/x86-mont.pl
new file mode 100755
index 0000000..6787503
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86-mont.pl
@@ -0,0 +1,629 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# This is a "teaser" code, as it can be improved in several ways...
+# First of all non-SSE2 path should be implemented (yes, for now it
+# performs Montgomery multiplication/convolution only on SSE2-capable
+# CPUs such as P4, others fall down to original code). Then inner loop
+# can be unrolled and modulo-scheduled to improve ILP and possibly
+# moved to 128-bit XMM register bank (though it would require input
+# rearrangement and/or increase bus bandwidth utilization). Dedicated
+# squaring procedure should give further performance improvement...
+# Yet, for being draft, the code improves rsa512 *sign* benchmark by
+# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
+
+# December 2006
+#
+# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
+# Integer-only code [being equipped with dedicated squaring procedure]
+# gives ~40% on rsa512 sign benchmark...
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open STDOUT,">$output";
+ 
+&asm_init($ARGV[0],$0);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&function_begin("bn_mul_mont");
+
+$i="edx";
+$j="ecx";
+$ap="esi";	$tp="esi";		# overlapping variables!!!
+$rp="edi";	$bp="edi";		# overlapping variables!!!
+$np="ebp";
+$num="ebx";
+
+$_num=&DWP(4*0,"esp");			# stack top layout
+$_rp=&DWP(4*1,"esp");
+$_ap=&DWP(4*2,"esp");
+$_bp=&DWP(4*3,"esp");
+$_np=&DWP(4*4,"esp");
+$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
+$_sp=&DWP(4*6,"esp");
+$_bpend=&DWP(4*7,"esp");
+$frame=32;				# size of above frame rounded up to 16n
+
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(5));	# int num
+	&cmp	("edi",4);
+	&jl	(&label("just_leave"));
+
+	&lea	("esi",&wparam(0));	# put aside pointer to argument block
+	&lea	("edx",&wparam(1));	# load ap
+	&add	("edi",2);		# extra two words on top of tp
+	&neg	("edi");
+	&lea	("ebp",&DWP(-$frame,"esp","edi",4));	# future alloca($frame+4*(num+2))
+	&neg	("edi");
+
+	# minimize cache contention by arraning 2K window between stack
+	# pointer and ap argument [np is also position sensitive vector,
+	# but it's assumed to be near ap, as it's allocated at ~same
+	# time].
+	&mov	("eax","ebp");
+	&sub	("eax","edx");
+	&and	("eax",2047);
+	&sub	("ebp","eax");		# this aligns sp and ap modulo 2048
+
+	&xor	("edx","ebp");
+	&and	("edx",2048);
+	&xor	("edx",2048);
+	&sub	("ebp","edx");		# this splits them apart modulo 4096
+
+	&and	("ebp",-64);		# align to cache line
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	&mov	("eax","esp");
+	&sub	("eax","ebp");
+	&and	("eax",-4096);
+	&mov	("edx","esp");		# saved stack pointer!
+	&lea	("esp",&DWP(0,"ebp","eax"));
+	&mov	("eax",&DWP(0,"esp"));
+	&cmp	("esp","ebp");
+	&ja	(&label("page_walk"));
+	&jmp	(&label("page_walk_done"));
+
+&set_label("page_walk",16);
+	&lea	("esp",&DWP(-4096,"esp"));
+	&mov	("eax",&DWP(0,"esp"));
+	&cmp	("esp","ebp");
+	&ja	(&label("page_walk"));
+&set_label("page_walk_done");
+
+	################################# load argument block...
+	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
+	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
+	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
+	&mov	("ebp",&DWP(3*4,"esi"));# const BN_ULONG *np
+	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
+	#&mov	("edi",&DWP(5*4,"esi"));# int num
+
+	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
+	&mov	($_rp,"eax");		# ... save a copy of argument block
+	&mov	($_ap,"ebx");
+	&mov	($_bp,"ecx");
+	&mov	($_np,"ebp");
+	&mov	($_n0,"esi");
+	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
+	#&mov	($_num,$num);		# redundant as $num is not reused
+	&mov	($_sp,"edx");		# saved stack pointer!
+
+if($sse2) {
+$acc0="mm0";	# mmx register bank layout
+$acc1="mm1";
+$car0="mm2";
+$car1="mm3";
+$mul0="mm4";
+$mul1="mm5";
+$temp="mm6";
+$mask="mm7";
+
+	&picmeup("eax","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"eax"),26);
+	&jnc	(&label("non_sse2"));
+
+	&mov	("eax",-1);
+	&movd	($mask,"eax");		# mask 32 lower bits
+
+	&mov	($ap,$_ap);		# load input pointers
+	&mov	($bp,$_bp);
+	&mov	($np,$_np);
+
+	&xor	($i,$i);		# i=0
+	&xor	($j,$j);		# j=0
+
+	&movd	($mul0,&DWP(0,$bp));		# bp[0]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
+	&movq	($car0,$mul1);
+	&movq	($acc0,$mul1);			# I wish movd worked for
+	&pand	($acc0,$mask);			# inter-register transfers
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
+	&paddq	($car1,$acc0);
+
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&inc	($j);				# j++
+&set_label("1st",16);
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
+	&psrlq	($car1,32);
+
+	&lea	($j,&DWP(1,$j));
+	&cmp	($j,$num);
+	&jl	(&label("1st"));
+
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&paddq	($car1,$car0);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+
+	&inc	($i);				# i++
+&set_label("outer");
+	&xor	($j,$j);			# j=0
+
+	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
+
+	&paddq	($mul1,$temp);			# +=tp[0]
+	&movq	($acc0,$mul1);
+	&movq	($car0,$mul1);
+	&pand	($acc0,$mask);
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);
+	&paddq	($car1,$acc0);
+
+	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[1]
+
+	&inc	($j);				# j++
+	&dec	($num);
+&set_label("inner");
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[j+1]
+
+	&dec	($num);
+	&lea	($j,&DWP(1,$j));		# j++
+	&jnz	(&label("inner"));
+
+	&mov	($num,$j);
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
+	&paddq	($car1,$car0);
+	&paddq	($car1,$temp);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+
+	&lea	($i,&DWP(1,$i));		# i++
+	&cmp	($i,$num);
+	&jle	(&label("outer"));
+
+	&emms	();				# done with mmx bank
+	&jmp	(&label("common_tail"));
+
+&set_label("non_sse2",16);
+}
+
+if (0) {
+	&mov	("esp",$_sp);
+	&xor	("eax","eax");	# signal "not fast enough [yet]"
+	&jmp	(&label("just_leave"));
+	# While the below code provides competitive performance for
+	# all key lengths on modern Intel cores, it's still more
+	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
+	# means compared to the original integer-only assembler.
+	# 512-bit RSA sign is better by ~40%, but that's about all
+	# one can say about all CPUs...
+} else {
+$inp="esi";	# integer path uses these registers differently
+$word="edi";
+$carry="ebp";
+
+	&mov	($inp,$_ap);
+	&lea	($carry,&DWP(1,$num));
+	&mov	($word,$_bp);
+	&xor	($j,$j);				# j=0
+	&mov	("edx",$inp);
+	&and	($carry,1);				# see if num is even
+	&sub	("edx",$word);				# see if ap==bp
+	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
+	&or	($carry,"edx");
+	&mov	($word,&DWP(0,$word));			# bp[0]
+	&jz	(&label("bn_sqr_mont"));
+	&mov	($_bpend,"eax");
+	&mov	("eax",&DWP(0,$inp));
+	&xor	("edx","edx");
+
+&set_label("mull",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[0]
+	&add	($carry,"eax");
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("mull"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[0]
+	 &mov	($word,$_n0);
+	&add	("eax",$carry);
+	 &mov	($inp,$_np);
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
+	&xor	($j,$j);
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&inc	($j);
+
+	&jmp	(&label("2ndmadd"));
+
+&set_label("1stmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[i]
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("1stmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[i]
+	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&xor	($j,$j);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
+	&adc	($j,0);
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&mov	($j,1);
+
+&set_label("2ndmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
+	&jl	(&label("2ndmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&xor	("eax","eax");
+	 &mov	($j,$_bp);				# &bp[i]
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	 &lea	($j,&DWP(4,$j));
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	 &cmp	($j,$_bpend);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+
+	&mov	($word,&DWP(0,$j));			# bp[i+1]
+	&mov	($inp,$_ap);
+	&mov	($_bp,$j);				# &bp[++i]
+	&xor	($j,$j);
+	&xor	("edx","edx");
+	&mov	("eax",&DWP(0,$inp));
+	&jmp	(&label("1stmadd"));
+
+&set_label("bn_sqr_mont",16);
+$sbit=$num;
+	&mov	($_num,$num);
+	&mov	($_bp,$j);				# i=0
+
+	&mov	("eax",$word);				# ap[0]
+	&mul	($word);				# ap[0]*ap[0]
+	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
+	&mov	($sbit,"edx");
+	&shr	("edx",1);
+	&and	($sbit,1);
+	&inc	($j);
+&set_label("sqr",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[0]
+	&add	("eax",$carry);
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	&shr	("eax",31);
+	&cmp	($j,$_num);
+	&mov	($sbit,"eax");
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("sqr"));
+
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*ap[0]
+	&add	("eax",$carry);
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+	&shr	("eax",31);
+	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
+
+	&lea	($carry,&DWP(0,"eax","edx",2));
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&shr	("edx",31);
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	($num,$j);
+	&adc	("edx",0);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&mov	($j,1);
+
+&set_label("3rdmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j+1]*m
+	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
+	&lea	($j,&DWP(2,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("3rdmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&mov	($j,$_bp);				# i
+	&xor	("eax","eax");
+	&mov	($inp,$_ap);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	&cmp	($j,$num);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+
+	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
+	&lea	($j,&DWP(1,$j));
+	&mov	("eax",$word);
+	&mov	($_bp,$j);				# ++i
+	&mul	($word);				# ap[i]*ap[i]
+	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
+	&adc	("edx",0);
+	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
+	&xor	($carry,$carry);
+	&cmp	($j,$num);
+	&lea	($j,&DWP(1,$j));
+	&je	(&label("sqrlast"));
+
+	&mov	($sbit,"edx");				# zaps $num
+	&shr	("edx",1);
+	&and	($sbit,1);
+&set_label("sqradd",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[i]
+	&add	("eax",$carry);
+	&lea	($carry,&DWP(0,"eax","eax"));
+	&adc	("edx",0);
+	&shr	("eax",31);
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("eax",0);
+	&add	($carry,$sbit);
+	&adc	("eax",0);
+	&cmp	($j,$_num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&mov	($sbit,"eax");
+	&jle	(&label("sqradd"));
+
+	&mov	($carry,"edx");
+	&add	("edx","edx");
+	&shr	($carry,31);
+	&add	("edx",$sbit);
+	&adc	($carry,0);
+&set_label("sqrlast");
+	&mov	($word,$_n0);
+	&mov	($inp,$_np);
+	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&adc	($carry,0);
+	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&lea	($num,&DWP(-1,$j));
+	&adc	("edx",0);
+	&mov	($j,1);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+
+	&jmp	(&label("3rdmadd"));
+}
+
+&set_label("common_tail",16);
+	&mov	($np,$_np);			# load modulus pointer
+	&mov	($rp,$_rp);			# load result pointer
+	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
+
+	&mov	("eax",&DWP(0,$tp));		# tp[0]
+	&mov	($j,$num);			# j=num-1
+	&xor	($i,$i);			# i=0 and clear CF!
+
+&set_label("sub",16);
+	&sbb	("eax",&DWP(0,$np,$i,4));
+	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
+	&dec	($j);				# doesn't affect CF!
+	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
+	&lea	($i,&DWP(1,$i));		# i++
+	&jge	(&label("sub"));
+
+	&sbb	("eax",0);			# handle upmost overflow bit
+	&and	($tp,"eax");
+	&not	("eax");
+	&mov	($np,$rp);
+	&and	($np,"eax");
+	&or	($tp,$np);			# tp=carry?tp:rp
+
+&set_label("copy",16);				# copy or in-place refresh
+	&mov	("eax",&DWP(0,$tp,$num,4));
+	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
+	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
+	&dec	($num);
+	&jge	(&label("copy"));
+
+	&mov	("esp",$_sp);		# pull saved stack pointer
+	&mov	("eax",1);
+&set_label("just_leave");
+&function_end("bn_mul_mont");
+
+&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86_64-gcc.c b/openssl-1.1.0h/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 0000000..0ff3805
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,649 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# include "../bn_asm.c"         /* kind of dirty hack for Sun Studio */
+#else
+/*-
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
+ */
+
+# if defined(_WIN64) || !defined(__LP64__)
+#  define BN_ULONG unsigned long long
+# else
+#  define BN_ULONG unsigned long
+# endif
+
+# undef mul
+# undef mul_add
+
+/*-
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "g"(0)               let the compiler to decide where does it
+ *                      want to keep the value of zero;
+ */
+# define mul_add(r,a,word,carry) do {   \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"m"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+m"(r),"+d"(high)    \
+                : "r"(carry),"g"(0)     \
+                : "cc");                \
+        carry=high;                     \
+        } while (0)
+
+# define mul(r,a,word,carry) do {       \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"g"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        (r)=carry, carry=high;          \
+        } while (0)
+# undef sqr
+# define sqr(r0,r1,a)                   \
+        asm ("mulq %2"                  \
+                : "=a"(r0),"=d"(r1)     \
+                : "a"(a)                \
+                : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return (c1);
+
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[2], ap[2], w, c1);
+        return c1;
+    }
+
+    return (c1);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return (c1);
+
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[2], ap[2], w, c1);
+    }
+    return (c1);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    if (n <= 0)
+        return;
+
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+    if (n) {
+        sqr(r[0], r[1], a[0]);
+        if (--n == 0)
+            return;
+        sqr(r[2], r[3], a[1]);
+        if (--n == 0)
+            return;
+        sqr(r[4], r[5], a[2]);
+    }
+}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG ret, waste;
+
+ asm("divq      %4":"=a"(ret), "=d"(waste)
+ :     "a"(l), "d"(h), "r"(d)
+ :     "cc");
+
+    return ret;
+}
+
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear carry */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       adcq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+
+# ifndef SIMICS
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear borrow */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       sbbq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+# else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#  define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+    for (;;) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return (c);
+}
+# endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# if 0
+/* original macros are kept for reference purposes */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+# else
+#  define mul_add_c(a,b,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define sqr_add_c(a,i,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %2"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a[i])             \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define mul_add_c2(a,b,c0,c1,c2) do { \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+# endif
+
+# define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86_64-gf2m.pl b/openssl-1.1.0h/crypto/bn/asm/x86_64-gf2m.pl
new file mode 100644
index 0000000..d962f62
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86_64-gf2m.pl
@@ -0,0 +1,397 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# May 2011
+#
+# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
+# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
+# the time being... Except that it has two code paths: code suitable
+# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
+# later. Improvement varies from one benchmark and µ-arch to another.
+# Vanilla code path is at most 20% faster than compiler-generated code
+# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
+# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
+# these coefficients are not ones for bn_GF2m_mul_2x2 itself, as not
+# all CPU time is burnt in it...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+($lo,$hi)=("%rax","%rdx");	$a=$lo;
+($i0,$i1)=("%rsi","%rdi");
+($t0,$t1)=("%rbx","%rcx");
+($b,$mask)=("%rbp","%r8");
+($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(9..15));
+($R,$Tx)=("%xmm0","%xmm1");
+
+$code.=<<___;
+.text
+
+.type	_mul_1x1,\@abi-omnipotent
+.align	16
+_mul_1x1:
+	sub	\$128+8,%rsp
+	mov	\$-1,$a1
+	lea	($a,$a),$i0
+	shr	\$3,$a1
+	lea	(,$a,4),$i1
+	and	$a,$a1			# a1=a&0x1fffffffffffffff
+	lea	(,$a,8),$a8
+	sar	\$63,$a			# broadcast 63rd bit
+	lea	($a1,$a1),$a2
+	sar	\$63,$i0		# broadcast 62nd bit
+	lea	(,$a1,4),$a4
+	and	$b,$a
+	sar	\$63,$i1		# boardcast 61st bit
+	mov	$a,$hi			# $a is $lo
+	shl	\$63,$lo
+	and	$b,$i0
+	shr	\$1,$hi
+	mov	$i0,$t1
+	shl	\$62,$i0
+	and	$b,$i1
+	shr	\$2,$t1
+	xor	$i0,$lo
+	mov	$i1,$t0
+	shl	\$61,$i1
+	xor	$t1,$hi
+	shr	\$3,$t0
+	xor	$i1,$lo
+	xor	$t0,$hi
+
+	mov	$a1,$a12
+	movq	\$0,0(%rsp)		# tab[0]=0
+	xor	$a2,$a12		# a1^a2
+	mov	$a1,8(%rsp)		# tab[1]=a1
+	 mov	$a4,$a48
+	mov	$a2,16(%rsp)		# tab[2]=a2
+	 xor	$a8,$a48		# a4^a8
+	mov	$a12,24(%rsp)		# tab[3]=a1^a2
+
+	xor	$a4,$a1
+	mov	$a4,32(%rsp)		# tab[4]=a4
+	xor	$a4,$a2
+	mov	$a1,40(%rsp)		# tab[5]=a1^a4
+	xor	$a4,$a12
+	mov	$a2,48(%rsp)		# tab[6]=a2^a4
+	 xor	$a48,$a1		# a1^a4^a4^a8=a1^a8
+	mov	$a12,56(%rsp)		# tab[7]=a1^a2^a4
+	 xor	$a48,$a2		# a2^a4^a4^a8=a1^a8
+
+	mov	$a8,64(%rsp)		# tab[8]=a8
+	xor	$a48,$a12		# a1^a2^a4^a4^a8=a1^a2^a8
+	mov	$a1,72(%rsp)		# tab[9]=a1^a8
+	 xor	$a4,$a1			# a1^a8^a4
+	mov	$a2,80(%rsp)		# tab[10]=a2^a8
+	 xor	$a4,$a2			# a2^a8^a4
+	mov	$a12,88(%rsp)		# tab[11]=a1^a2^a8
+
+	xor	$a4,$a12		# a1^a2^a8^a4
+	mov	$a48,96(%rsp)		# tab[12]=a4^a8
+	 mov	$mask,$i0
+	mov	$a1,104(%rsp)		# tab[13]=a1^a4^a8
+	 and	$b,$i0
+	mov	$a2,112(%rsp)		# tab[14]=a2^a4^a8
+	 shr	\$4,$b
+	mov	$a12,120(%rsp)		# tab[15]=a1^a2^a4^a8
+	 mov	$mask,$i1
+	 and	$b,$i1
+	 shr	\$4,$b
+
+	movq	(%rsp,$i0,8),$R		# half of calculations is done in SSE2
+	mov	$mask,$i0
+	and	$b,$i0
+	shr	\$4,$b
+___
+    for ($n=1;$n<8;$n++) {
+	$code.=<<___;
+	mov	(%rsp,$i1,8),$t1
+	mov	$mask,$i1
+	mov	$t1,$t0
+	shl	\$`8*$n-4`,$t1
+	and	$b,$i1
+	 movq	(%rsp,$i0,8),$Tx
+	shr	\$`64-(8*$n-4)`,$t0
+	xor	$t1,$lo
+	 pslldq	\$$n,$Tx
+	 mov	$mask,$i0
+	shr	\$4,$b
+	xor	$t0,$hi
+	 and	$b,$i0
+	 shr	\$4,$b
+	 pxor	$Tx,$R
+___
+    }
+$code.=<<___;
+	mov	(%rsp,$i1,8),$t1
+	mov	$t1,$t0
+	shl	\$`8*$n-4`,$t1
+	movq	$R,$i0
+	shr	\$`64-(8*$n-4)`,$t0
+	xor	$t1,$lo
+	psrldq	\$8,$R
+	xor	$t0,$hi
+	movq	$R,$i1
+	xor	$i0,$lo
+	xor	$i1,$hi
+
+	add	\$128+8,%rsp
+	ret
+.Lend_mul_1x1:
+.size	_mul_1x1,.-_mul_1x1
+___
+
+($rp,$a1,$a0,$b1,$b0) = $win64?	("%rcx","%rdx","%r8", "%r9","%r10") :	# Win64 order
+				("%rdi","%rsi","%rdx","%rcx","%r8");	# Unix order
+
+$code.=<<___;
+.extern	OPENSSL_ia32cap_P
+.globl	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,\@abi-omnipotent
+.align	16
+bn_GF2m_mul_2x2:
+	mov	OPENSSL_ia32cap_P(%rip),%rax
+	bt	\$33,%rax
+	jnc	.Lvanilla_mul_2x2
+
+	movq		$a1,%xmm0
+	movq		$b1,%xmm1
+	movq		$a0,%xmm2
+___
+$code.=<<___ if ($win64);
+	movq		40(%rsp),%xmm3
+___
+$code.=<<___ if (!$win64);
+	movq		$b0,%xmm3
+___
+$code.=<<___;
+	movdqa		%xmm0,%xmm4
+	movdqa		%xmm1,%xmm5
+	pclmulqdq	\$0,%xmm1,%xmm0	# a1·b1
+	pxor		%xmm2,%xmm4
+	pxor		%xmm3,%xmm5
+	pclmulqdq	\$0,%xmm3,%xmm2	# a0·b0
+	pclmulqdq	\$0,%xmm5,%xmm4	# (a0+a1)·(b0+b1)
+	xorps		%xmm0,%xmm4
+	xorps		%xmm2,%xmm4	# (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	movdqa		%xmm4,%xmm5
+	pslldq		\$8,%xmm4
+	psrldq		\$8,%xmm5
+	pxor		%xmm4,%xmm2
+	pxor		%xmm5,%xmm0
+	movdqu		%xmm2,0($rp)
+	movdqu		%xmm0,16($rp)
+	ret
+
+.align	16
+.Lvanilla_mul_2x2:
+	lea	-8*17(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	mov	`8*17+40`(%rsp),$b0
+	mov	%rdi,8*15(%rsp)
+	mov	%rsi,8*16(%rsp)
+___
+$code.=<<___;
+	mov	%r14,8*10(%rsp)
+	mov	%r13,8*11(%rsp)
+	mov	%r12,8*12(%rsp)
+	mov	%rbp,8*13(%rsp)
+	mov	%rbx,8*14(%rsp)
+.Lbody_mul_2x2:
+	mov	$rp,32(%rsp)		# save the arguments
+	mov	$a1,40(%rsp)
+	mov	$a0,48(%rsp)
+	mov	$b1,56(%rsp)
+	mov	$b0,64(%rsp)
+
+	mov	\$0xf,$mask
+	mov	$a1,$a
+	mov	$b1,$b
+	call	_mul_1x1		# a1·b1
+	mov	$lo,16(%rsp)
+	mov	$hi,24(%rsp)
+
+	mov	48(%rsp),$a
+	mov	64(%rsp),$b
+	call	_mul_1x1		# a0·b0
+	mov	$lo,0(%rsp)
+	mov	$hi,8(%rsp)
+
+	mov	40(%rsp),$a
+	mov	56(%rsp),$b
+	xor	48(%rsp),$a
+	xor	64(%rsp),$b
+	call	_mul_1x1		# (a0+a1)·(b0+b1)
+___
+	@r=("%rbx","%rcx","%rdi","%rsi");
+$code.=<<___;
+	mov	0(%rsp),@r[0]
+	mov	8(%rsp),@r[1]
+	mov	16(%rsp),@r[2]
+	mov	24(%rsp),@r[3]
+	mov	32(%rsp),%rbp
+
+	xor	$hi,$lo
+	xor	@r[1],$hi
+	xor	@r[0],$lo
+	mov	@r[0],0(%rbp)
+	xor	@r[2],$hi
+	mov	@r[3],24(%rbp)
+	xor	@r[3],$lo
+	xor	@r[3],$hi
+	xor	$hi,$lo
+	mov	$hi,16(%rbp)
+	mov	$lo,8(%rbp)
+
+	mov	8*10(%rsp),%r14
+	mov	8*11(%rsp),%r13
+	mov	8*12(%rsp),%r12
+	mov	8*13(%rsp),%rbp
+	mov	8*14(%rsp),%rbx
+___
+$code.=<<___ if ($win64);
+	mov	8*15(%rsp),%rdi
+	mov	8*16(%rsp),%rsi
+___
+$code.=<<___;
+	lea	8*17(%rsp),%rsp
+	ret
+.Lend_mul_2x2:
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.asciz	"GF(2^m) Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	152($context),%rax	# pull context->Rsp
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lbody_mul_2x2(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<"prologue" label
+	jb	.Lin_prologue
+
+	mov	8*10(%rax),%r14		# mimic epilogue
+	mov	8*11(%rax),%r13
+	mov	8*12(%rax),%r12
+	mov	8*13(%rax),%rbp
+	mov	8*14(%rax),%rbx
+	mov	8*15(%rax),%rdi
+	mov	8*16(%rax),%rsi
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+.Lin_prologue:
+	lea	8*17(%rax),%rax
+	mov	%rax,152($context)	# restore context->Rsp
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	_mul_1x1
+	.rva	.Lend_mul_1x1
+	.rva	.LSEH_info_1x1
+
+	.rva	.Lvanilla_mul_2x2
+	.rva	.Lend_mul_2x2
+	.rva	.LSEH_info_2x2
+.section	.xdata
+.align	8
+.LSEH_info_1x1:
+	.byte	0x01,0x07,0x02,0x00
+	.byte	0x07,0x01,0x11,0x00	# sub rsp,128+8
+.LSEH_info_2x2:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86_64-mont.pl b/openssl-1.1.0h/crypto/bn/asm/x86_64-mont.pl
new file mode 100755
index 0000000..df4cca5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86_64-mont.pl
@@ -0,0 +1,1521 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005.
+#
+# Montgomery multiplication routine for x86_64. While it gives modest
+# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
+# than twice, >2x, as fast. Most common rsa1024 sign is improved by
+# respectful 50%. It remains to be seen if loop unrolling and
+# dedicated squaring routine can provide further improvement...
+
+# July 2011.
+#
+# Add dedicated squaring procedure. Performance improvement varies
+# from platform to platform, but in average it's ~5%/15%/25%/33%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# August 2011.
+#
+# Unroll and modulo-schedule inner loops in such manner that they
+# are "fallen through" for input lengths of 8, which is critical for
+# 1024-bit RSA *sign*. Average performance improvement in comparison
+# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# June 2013.
+#
+# Optimize reduction in squaring procedure and improve 1024+-bit RSA
+# sign performance by 10-16% on Intel Sandy Bridge and later
+# (virtually same on non-Intel processors).
+
+# August 2013.
+#
+# Add MULX/ADOX/ADCX code path.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+# int bn_mul_mont(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num);
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,\@function,6
+.align	16
+bn_mul_mont:
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+	test	\$3,${num}d
+	jnz	.Lmul_enter
+	cmp	\$8,${num}d
+	jb	.Lmul_enter
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+___
+$code.=<<___;
+	cmp	$ap,$bp
+	jne	.Lmul4x_enter
+	test	\$7,${num}d
+	jz	.Lsqr8x_enter
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-16(%rsp,$num,8),%r10	# future alloca(8*(num+2))
+	neg	$num			# restore $num
+	and	\$-1024,%r10		# minimize TLB usage
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.align	16
+.Lmul_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul_body:
+	mov	$bp,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jb	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	lea	(%rsp),$ap		# borrow ap for tp
+	mov	$num,$j			# j=num
+	jmp	.Lsub
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8($ap,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	xor	$i,$i
+	and	%rax,$ap
+	not	%rax
+	mov	$rp,$np
+	and	%rax,$np
+	mov	$num,$j			# j=num
+	or	$np,$ap			# ap=borrow?tp:rp
+.align	16
+.Lcopy:					# copy or in-place refresh
+	mov	($ap,$i,8),%rax
+	mov	$i,(%rsp,$i,8)		# zap temporary vector
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmul_epilogue:
+	ret
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont,\@function,6
+.align	16
+bn_mul4x_mont:
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+.Lmul4x_enter:
+___
+$code.=<<___ if ($addx);
+	and	\$0x80100,%r11d
+	cmp	\$0x80100,%r11d
+	je	.Lmulx4x_enter
+___
+$code.=<<___;
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-32(%rsp,$num,8),%r10	# future alloca(8*(num+4))
+	neg	$num			# restore
+	and	\$-1024,%r10		# minimize TLB usage
+
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul4x_body:
+	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
+	mov	%rdx,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4($j),$j		# j++
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+.align	16
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jb	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+.align	4
+.Louter4x:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	(%rsp),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	add	8(%rsp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4($j),$j		# j+=2
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)		# tp[j-1]
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+.align	16
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jb	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	1($i),$i		# i++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	cmp	$num,$i
+	jb	.Louter4x
+___
+{
+my @ri=("%rax","%rdx",$m0,$m1);
+$code.=<<___;
+	mov	16(%rsp,$num,8),$rp	# restore $rp
+	mov	0(%rsp),@ri[0]		# tp[0]
+	pxor	%xmm0,%xmm0
+	mov	8(%rsp),@ri[1]		# tp[1]
+	shr	\$2,$num		# num/=4
+	lea	(%rsp),$ap		# borrow ap for tp
+	xor	$i,$i			# i=0 and clear CF!
+
+	sub	0($np),@ri[0]
+	mov	16($ap),@ri[2]		# tp[2]
+	mov	24($ap),@ri[3]		# tp[3]
+	sbb	8($np),@ri[1]
+	lea	-1($num),$j		# j=num/4-1
+	jmp	.Lsub4x
+.align	16
+.Lsub4x:
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	16($np,$i,8),@ri[2]
+	mov	32($ap,$i,8),@ri[0]	# tp[i+1]
+	mov	40($ap,$i,8),@ri[1]
+	sbb	24($np,$i,8),@ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	32($np,$i,8),@ri[0]
+	mov	48($ap,$i,8),@ri[2]
+	mov	56($ap,$i,8),@ri[3]
+	sbb	40($np,$i,8),@ri[1]
+	lea	4($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub4x
+
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	32($ap,$i,8),@ri[0]	# load overflow bit
+	sbb	16($np,$i,8),@ri[2]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	24($np,$i,8),@ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+
+	sbb	\$0,@ri[0]		# handle upmost overflow bit
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	xor	$i,$i			# i=0
+	and	@ri[0],$ap
+	not	@ri[0]
+	mov	$rp,$np
+	and	@ri[0],$np
+	lea	-1($num),$j
+	or	$np,$ap			# ap=borrow?tp:rp
+
+	movdqu	($ap),%xmm1
+	movdqa	%xmm0,(%rsp)
+	movdqu	%xmm1,($rp)
+	jmp	.Lcopy4x
+.align	16
+.Lcopy4x:					# copy or in-place refresh
+	movdqu	16($ap,$i),%xmm2
+	movdqu	32($ap,$i),%xmm1
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+	movdqa	%xmm0,32(%rsp,$i)
+	movdqu	%xmm1,32($rp,$i)
+	lea	32($i),$i
+	dec	$j
+	jnz	.Lcopy4x
+
+	shl	\$2,$num
+	movdqu	16($ap,$i),%xmm2
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+___
+}
+$code.=<<___;
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmul4x_epilogue:
+	ret
+.size	bn_mul4x_mont,.-bn_mul4x_mont
+___
+}}}
+{{{
+######################################################################
+# void bn_sqr8x_mont(
+my $rptr="%rdi";	# const BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# not used
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___	if ($addx);
+.extern	bn_sqrx8x_internal		# see x86_64-mont5 module
+___
+$code.=<<___;
+.extern	bn_sqr8x_internal		# see x86_64-mont5 module
+
+.type	bn_sqr8x_mont,\@function,6
+.align	32
+bn_sqr8x_mont:
+	mov	%rsp,%rax
+.Lsqr8x_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lsqr8x_prologue:
+
+	mov	${num}d,%r10d
+	shl	\$3,${num}d		# convert $num to bytes
+	shl	\$3+2,%r10		# 4*$num
+	neg	$num
+
+	##############################################################
+	# ensure that stack frame doesn't alias with $aptr modulo
+	# 4096. this is done to allow memory disambiguation logic
+	# do its job.
+	#
+	lea	-64(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	mov	($n0),$n0		# *n0
+	sub	$aptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lsqr8x_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-64(%rbp,$num,2),%rbp	# future alloca(frame+2*$num)
+	jmp	.Lsqr8x_sp_done
+
+.align	32
+.Lsqr8x_sp_alt:
+	lea	4096-64(,$num,2),%r10	# 4096-frame-2*$num
+	lea	-64(%rbp,$num,2),%rbp	# future alloca(frame+2*$num)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lsqr8x_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+	jmp	.Lsqr8x_page_walk_done
+
+.align	16
+.Lsqr8x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+.Lsqr8x_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.Lsqr8x_body:
+
+	movq	$nptr, %xmm2		# save pointer to modulus
+	pxor	%xmm0,%xmm0
+	movq	$rptr,%xmm1		# save $rptr
+	movq	%r10, %xmm3		# -$num
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+	and	\$0x80100,%eax
+	cmp	\$0x80100,%eax
+	jne	.Lsqr8x_nox
+
+	call	bn_sqrx8x_internal	# see x86_64-mont5 module
+					# %rax	top-most carry
+					# %rbp	nptr
+					# %rcx	-8*num
+					# %r8	end of tp[2*num]
+	lea	(%r8,%rcx),%rbx
+	mov	%rcx,$num
+	mov	%rcx,%rdx
+	movq	%xmm1,$rptr
+	sar	\$3+2,%rcx		# %cf=0
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_nox:
+___
+$code.=<<___;
+	call	bn_sqr8x_internal	# see x86_64-mont5 module
+					# %rax	top-most carry
+					# %rbp	nptr
+					# %r8	-8*num
+					# %rdi	end of tp[2*num]
+	lea	(%rdi,$num),%rbx
+	mov	$num,%rcx
+	mov	$num,%rdx
+	movq	%xmm1,$rptr
+	sar	\$3+2,%rcx		# %cf=0
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_sub:
+	mov	8*0(%rbx),%r12
+	mov	8*1(%rbx),%r13
+	mov	8*2(%rbx),%r14
+	mov	8*3(%rbx),%r15
+	lea	8*4(%rbx),%rbx
+	sbb	8*0(%rbp),%r12
+	sbb	8*1(%rbp),%r13
+	sbb	8*2(%rbp),%r14
+	sbb	8*3(%rbp),%r15
+	lea	8*4(%rbp),%rbp
+	mov	%r12,8*0($rptr)
+	mov	%r13,8*1($rptr)
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+	inc	%rcx			# preserves %cf
+	jnz	.Lsqr8x_sub
+
+	sbb	\$0,%rax		# top-most carry
+	lea	(%rbx,$num),%rbx	# rewind
+	lea	($rptr,$num),$rptr	# rewind
+
+	movq	%rax,%xmm1
+	pxor	%xmm0,%xmm0
+	pshufd	\$0,%xmm1,%xmm1
+	mov	40(%rsp),%rsi		# restore %rsp
+	jmp	.Lsqr8x_cond_copy
+
+.align	32
+.Lsqr8x_cond_copy:
+	movdqa	16*0(%rbx),%xmm2
+	movdqa	16*1(%rbx),%xmm3
+	lea	16*2(%rbx),%rbx
+	movdqu	16*0($rptr),%xmm4
+	movdqu	16*1($rptr),%xmm5
+	lea	16*2($rptr),$rptr
+	movdqa	%xmm0,-16*2(%rbx)	# zero tp
+	movdqa	%xmm0,-16*1(%rbx)
+	movdqa	%xmm0,-16*2(%rbx,%rdx)
+	movdqa	%xmm0,-16*1(%rbx,%rdx)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-16*2($rptr)
+	movdqu	%xmm5,-16*1($rptr)
+	add	\$32,$num
+	jnz	.Lsqr8x_cond_copy
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lsqr8x_epilogue:
+	ret
+.size	bn_sqr8x_mont,.-bn_sqr8x_mont
+___
+}}}
+
+if ($addx) {{{
+my $bp="%rdx";	# original value
+
+$code.=<<___;
+.type	bn_mulx4x_mont,\@function,6
+.align	32
+bn_mulx4x_mont:
+	mov	%rsp,%rax
+.Lmulx4x_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lmulx4x_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	xor	%r10,%r10
+	sub	$num,%r10		# -$num
+	mov	($n0),$n0		# *n0
+	lea	-72(%rsp,%r10),%rbp	# future alloca(frame+$num+8)
+	and	\$-128,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.align	16
+.Lmulx4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+	lea	($bp,$num),%r10
+	##############################################################
+	# Stack layout
+	# +0	num
+	# +8	off-loaded &b[i]
+	# +16	end of b[num]
+	# +24	saved n0
+	# +32	saved rp
+	# +40	saved %rsp
+	# +48	inner counter
+	# +56
+	# +64	tmp[num+1]
+	#
+	mov	$num,0(%rsp)		# save $num
+	shr	\$5,$num
+	mov	%r10,16(%rsp)		# end of b[num]
+	sub	\$1,$num
+	mov	$n0, 24(%rsp)		# save *n0
+	mov	$rp, 32(%rsp)		# save $rp
+	mov	%rax,40(%rsp)		# save original %rsp
+	mov	$num,48(%rsp)		# inner counter
+	jmp	.Lmulx4x_body
+
+.align	32
+.Lmulx4x_body:
+___
+my ($aptr, $bptr, $nptr, $tptr, $mi,  $bi,  $zero, $num)=
+   ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax");
+my $rptr=$bptr;
+$code.=<<___;
+	lea	8($bp),$bptr
+	mov	($bp),%rdx		# b[0], $bp==%rdx actually
+	lea	64+32(%rsp),$tptr
+	mov	%rdx,$bi
+
+	mulx	0*8($aptr),$mi,%rax	# a[0]*b[0]
+	mulx	1*8($aptr),%r11,%r14	# a[1]*b[0]
+	add	%rax,%r11
+	mov	$bptr,8(%rsp)		# off-load &b[i]
+	mulx	2*8($aptr),%r12,%r13	# ...
+	adc	%r14,%r12
+	adc	\$0,%r13
+
+	mov	$mi,$bptr		# borrow $bptr
+	imulq	24(%rsp),$mi		# "t[0]"*n0
+	xor	$zero,$zero		# cf=0, of=0
+
+	mulx	3*8($aptr),%rax,%r14
+	 mov	$mi,%rdx
+	lea	4*8($aptr),$aptr
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,$bptr		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	.byte	0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00	# mulx	2*8($nptr),%rax,%r12
+	mov	48(%rsp),$bptr		# counter value
+	mov	%r10,-4*8($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-3*8($tptr)
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	lea	4*8($nptr),$nptr
+	mov	%r12,-2*8($tptr)
+
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[0]
+	adcx	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[0]
+	adcx	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 .byte	0x67,0x67
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-4*8($tptr)
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_1st
+
+	mov	0(%rsp),$num		# load num
+	mov	8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,%r15		# modulo-scheduled
+	add	%r15,%r14
+	sbb	%r15,%r15		# top-most carry
+	mov	%r14,-1*8($tptr)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	mov	($bptr),%rdx		# b[i]
+	lea	8($bptr),$bptr		# b++
+	sub	$num,$aptr		# rewind $aptr
+	mov	%r15,($tptr)		# save top-most carry
+	lea	64+4*8(%rsp),$tptr
+	sub	$num,$nptr		# rewind $nptr
+
+	mulx	0*8($aptr),$mi,%r11	# a[0]*b[i]
+	xor	%ebp,%ebp		# xor	$zero,$zero	# cf=0, of=0
+	mov	%rdx,$bi
+	mulx	1*8($aptr),%r14,%r12	# a[1]*b[i]
+	adox	-4*8($tptr),$mi
+	adcx	%r14,%r11
+	mulx	2*8($aptr),%r15,%r13	# ...
+	adox	-3*8($tptr),%r11
+	adcx	%r15,%r12
+	adox	-2*8($tptr),%r12
+	adcx	$zero,%r13
+	adox	$zero,%r13
+
+	mov	$bptr,8(%rsp)		# off-load &b[i]
+	mov	$mi,%r15
+	imulq	24(%rsp),$mi		# "t[0]"*n0
+	xor	%ebp,%ebp		# xor	$zero,$zero	# cf=0, of=0
+
+	mulx	3*8($aptr),%rax,%r14
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adox	-1*8($tptr),%r13
+	adcx	$zero,%r14
+	lea	4*8($aptr),$aptr
+	adox	$zero,%r14
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	mov	%r10,-4*8($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-3*8($tptr)
+	lea	4*8($nptr),$nptr
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	mov	48(%rsp),$bptr		# counter value
+	mov	%r12,-2*8($tptr)
+
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[i]
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	adox	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[i]
+	adcx	0*8($tptr),%r10
+	adox	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	1*8($tptr),%r11
+	adox	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 mov	$mi,%rdx
+	adcx	2*8($tptr),%r12
+	adox	%rax,%r13
+	adcx	3*8($tptr),%r13
+	adox	$zero,%r14		# of=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+	adcx	$zero,%r14		# cf=0
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-4*8($tptr)
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_inner
+
+	mov	0(%rsp),$num		# load num
+	mov	8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,%r15		# modulo-scheduled
+	sub	0*8($tptr),$zero	# pull top-most carry
+	adc	%r15,%r14
+	sbb	%r15,%r15		# top-most carry
+	mov	%r14,-1*8($tptr)
+
+	cmp	16(%rsp),$bptr
+	jne	.Lmulx4x_outer
+
+	lea	64(%rsp),$tptr
+	sub	$num,$nptr		# rewind $nptr
+	neg	%r15
+	mov	$num,%rdx
+	shr	\$3+2,$num		# %cf=0
+	mov	32(%rsp),$rptr		# restore rp
+	jmp	.Lmulx4x_sub
+
+.align	32
+.Lmulx4x_sub:
+	mov	8*0($tptr),%r11
+	mov	8*1($tptr),%r12
+	mov	8*2($tptr),%r13
+	mov	8*3($tptr),%r14
+	lea	8*4($tptr),$tptr
+	sbb	8*0($nptr),%r11
+	sbb	8*1($nptr),%r12
+	sbb	8*2($nptr),%r13
+	sbb	8*3($nptr),%r14
+	lea	8*4($nptr),$nptr
+	mov	%r11,8*0($rptr)
+	mov	%r12,8*1($rptr)
+	mov	%r13,8*2($rptr)
+	mov	%r14,8*3($rptr)
+	lea	8*4($rptr),$rptr
+	dec	$num			# preserves %cf
+	jnz	.Lmulx4x_sub
+
+	sbb	\$0,%r15		# top-most carry
+	lea	64(%rsp),$tptr
+	sub	%rdx,$rptr		# rewind
+
+	movq	%r15,%xmm1
+	pxor	%xmm0,%xmm0
+	pshufd	\$0,%xmm1,%xmm1
+	mov	40(%rsp),%rsi		# restore %rsp
+	jmp	.Lmulx4x_cond_copy
+
+.align	32
+.Lmulx4x_cond_copy:
+	movdqa	16*0($tptr),%xmm2
+	movdqa	16*1($tptr),%xmm3
+	lea	16*2($tptr),$tptr
+	movdqu	16*0($rptr),%xmm4
+	movdqu	16*1($rptr),%xmm5
+	lea	16*2($rptr),$rptr
+	movdqa	%xmm0,-16*2($tptr)	# zero tp
+	movdqa	%xmm0,-16*1($tptr)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-16*2($rptr)
+	movdqu	%xmm5,-16*1($rptr)
+	sub	\$32,%rdx
+	jnz	.Lmulx4x_cond_copy
+
+	mov	%rdx,($tptr)
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmulx4x_epilogue:
+	ret
+.size	bn_mulx4x_mont,.-bn_mulx4x_mont
+___
+}}}
+$code.=<<___;
+.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+
+	jmp	.Lcommon_pop_regs
+.size	mul_handler,.-mul_handler
+
+.type	sqr_handler,\@abi-omnipotent
+.align	16
+sqr_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# body label
+	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
+	jb	.Lcommon_pop_regs
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
+	jae	.Lcommon_seh_tail
+
+	mov	40(%rax),%rax		# pull saved stack pointer
+
+.Lcommon_pop_regs:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	sqr_handler,.-sqr_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont
+	.rva	.LSEH_end_bn_mul_mont
+	.rva	.LSEH_info_bn_mul_mont
+
+	.rva	.LSEH_begin_bn_mul4x_mont
+	.rva	.LSEH_end_bn_mul4x_mont
+	.rva	.LSEH_info_bn_mul4x_mont
+
+	.rva	.LSEH_begin_bn_sqr8x_mont
+	.rva	.LSEH_end_bn_sqr8x_mont
+	.rva	.LSEH_info_bn_sqr8x_mont
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_bn_mulx4x_mont
+	.rva	.LSEH_end_bn_mulx4x_mont
+	.rva	.LSEH_info_bn_mulx4x_mont
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_body,.Lmul_epilogue	# HandlerData[]
+.LSEH_info_bn_mul4x_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
+.LSEH_info_bn_sqr8x_mont:
+	.byte	9,0,0,0
+	.rva	sqr_handler
+	.rva	.Lsqr8x_prologue,.Lsqr8x_body,.Lsqr8x_epilogue		# HandlerData[]
+.align	8
+___
+$code.=<<___ if ($addx);
+.LSEH_info_bn_mulx4x_mont:
+	.byte	9,0,0,0
+	.rva	sqr_handler
+	.rva	.Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue	# HandlerData[]
+.align	8
+___
+}
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/asm/x86_64-mont5.pl b/openssl-1.1.0h/crypto/bn/asm/x86_64-mont5.pl
new file mode 100755
index 0000000..5779059
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/asm/x86_64-mont5.pl
@@ -0,0 +1,3835 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# August 2011.
+#
+# Companion to x86_64-mont.pl that optimizes cache-timing attack
+# countermeasures. The subroutines are produced by replacing bp[i]
+# references in their x86_64-mont.pl counterparts with cache-neutral
+# references to powers table computed in BN_mod_exp_mont_consttime.
+# In addition subroutine that scatters elements of the powers table
+# is implemented, so that scatter-/gathering can be tuned without
+# bn_exp.c modifications.
+
+# August 2013.
+#
+# Add MULX/AD*X code paths and additional interfaces to optimize for
+# branch prediction unit. For input lengths that are multiples of 8
+# the np argument is not just modulus value, but one interleaved
+# with 0. This is to optimize post-condition...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$addx = ($ver>=3.03);
+}
+
+# int bn_mul_mont_gather5(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num,
+		# int idx);	# 0 to 2^5-1, "index" in $bp holding
+				# pre-computed powers of a', interlaced
+				# in such manner that b[0] is $bp[idx],
+				# b[1] is [2^5+idx], etc.
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	bn_mul_mont_gather5
+.type	bn_mul_mont_gather5,\@function,6
+.align	64
+bn_mul_mont_gather5:
+	mov	${num}d,${num}d
+	mov	%rsp,%rax
+	test	\$7,${num}d
+	jnz	.Lmul_enter
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+___
+$code.=<<___;
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	neg	$num
+	mov	%rsp,%r11
+	lea	-280(%rsp,$num,8),%r10	# future alloca(8*(num+2)+256+8)
+	neg	$num			# restore $num
+	and	\$-1024,%r10		# minimize TLB usage
+
+	# An OS-agnostic version of __chkstk.
+	#
+	# Some OSes (Windows) insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%r10,%r11
+	and	\$-4096,%r11
+	lea	(%r10,%r11),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.Lmul_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r11
+	cmp	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	lea	.Linc(%rip),%r10
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul_body:
+
+	lea	128($bp),%r12		# reassign $bp (+size optimization)
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	lea	24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
+	and	\$-16,%r10
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($k+1)-128`($bp),%xmm1
+	pand	`16*($k+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	pand	`16*($k+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm4
+	movdqa	`16*($k+1)-128`($bp),%xmm5
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	pand	`16*($k+0)+112`(%r10),%xmm4
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($k+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($k+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st			# note that upon exit $j==$num, so
+					# they can be used interchangeably
+
+	add	%rax,$hi1
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$num,8)	# tp[num-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	lea	24+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
+	and	\$-16,%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($k=0;$k<$STRIDE/16;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm0
+	movdqa	`16*($k+1)-128`($bp),%xmm1
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+0)-128`(%rdx),%xmm0
+	pand	`16*($k+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($k+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($k+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+
+	mov	($ap),%rax		# ap[0]
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner			# note that upon exit $j==$num, so
+					# they can be used interchangeably
+	add	%rax,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$num,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$num,8)	# tp[num-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jb	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	lea	(%rsp),$ap		# borrow ap for tp
+	mov	$num,$j			# j=num
+	jmp	.Lsub
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8($ap,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	xor	$i,$i
+	and	%rax,$ap
+	not	%rax
+	mov	$rp,$np
+	and	%rax,$np
+	mov	$num,$j			# j=num
+	or	$np,$ap			# ap=borrow?tp:rp
+.align	16
+.Lcopy:					# copy or in-place refresh
+	mov	($ap,$i,8),%rax
+	mov	$i,(%rsp,$i,8)		# zap temporary vector
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmul_epilogue:
+	ret
+.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont_gather5,\@function,6
+.align	32
+bn_mul4x_mont_gather5:
+	.byte	0x67
+	mov	%rsp,%rax
+.Lmul4x_enter:
+___
+$code.=<<___ if ($addx);
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	je	.Lmulx4x_enter
+___
+$code.=<<___;
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lmul4x_prologue:
+
+	.byte	0x67
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num			# -$num
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra [num] is allocated in order
+	# to align with bn_power5's frame, which is cleansed after
+	# completing exponentiation. Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rp,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lmul4xsp_alt
+	sub	%r11,%rbp		# align with $rp
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	jmp	.Lmul4xsp_done
+
+.align	32
+.Lmul4xsp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lmul4xsp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	neg	$num
+
+	mov	%rax,40(%rsp)
+.Lmul4x_body:
+
+	call	mul4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmul4x_epilogue:
+	ret
+.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
+
+.type	mul4x_internal,\@abi-omnipotent
+.align	32
+mul4x_internal:
+	shl	\$5,$num		# $num was in bytes
+	movd	`($win64?56:8)`(%rax),%xmm5	# load 7th argument, index
+	lea	.Linc(%rip),%rax
+	lea	128(%rdx,$num),%r13	# end of powers table (+size optimization)
+	shr	\$5,$num		# restore $num
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+		$tp=$i;
+$code.=<<___;
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	88-112(%rsp,$num),%r10	# place the mask after tp[num+1] (+ICache optimization)
+	lea	128(%rdx),$bp		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	.byte	0x67,0x67
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	pand	`16*($i+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($i+1)-128`($bp),%xmm1
+	pand	`16*($i+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	pand	`16*($i+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bp),%xmm4
+	movdqa	`16*($i+1)-128`($bp),%xmm5
+	movdqa	`16*($i+2)-128`($bp),%xmm2
+	pand	`16*($i+0)+112`(%r10),%xmm4
+	movdqa	`16*($i+3)-128`($bp),%xmm3
+	pand	`16*($i+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($i+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($i+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	%r13,16+8(%rsp)		# save end of b[num]
+	mov	$rp, 56+8(%rsp)		# save $rp
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+	lea	($ap,$num),$ap		# end of a[num]
+	neg	$num
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	lea	64+8(%rsp),$tp
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap,$num),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap,$num),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4*8($num),$j		# j=4
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[1],($tp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+
+.align	32
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	8*0($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[1],($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	add	\$32,$j			# j+=4
+	jnz	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$num),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	lea	($np,$num),$np		# rewind $np
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8($tp)
+
+	jmp	.Louter4x
+
+.align	32
+.Louter4x:
+	lea	16+128($tp),%rdx	# where 256-byte mask is (+size optimization)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bp),%xmm0
+	movdqa	`16*($i+1)-128`($bp),%xmm1
+	movdqa	`16*($i+2)-128`($bp),%xmm2
+	movdqa	`16*($i+3)-128`($bp),%xmm3
+	pand	`16*($i+0)-128`(%rdx),%xmm0
+	pand	`16*($i+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	mov	($tp,$num),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+	mov	$N[1],($tp)		# store upmost overflow bit
+
+	lea	($tp,$num),$tp		# rewind $tp
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap,$num),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	add	8($tp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$num),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4*8($num),$j		# j=4
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+
+.align	32
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	adc	\$0,%rdx
+	add	16($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8*1($np),%rax
+	adc	\$0,%rdx
+	add	-8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	8*0($np),%rax
+	adc	\$0,%rdx
+	add	($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8*1($np),%rax
+	adc	\$0,%rdx
+	add	8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap,$j),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	8*4($np),$np
+	adc	\$0,%rdx
+	mov	$N[0],-8($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	add	\$32,$j			# j+=4
+	jnz	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-8*2($np),%rax
+	adc	\$0,%rdx
+	add	16($tp),$A[0]		# ap[j]*bp[i]+tp[j]
+	lea	32($tp),$tp
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32($tp)		# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	$m1,%rax
+	mov	-8*1($np),$m1
+	adc	\$0,%rdx
+	add	-8($tp),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$num),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24($tp)		# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mov	$N[1],-16($tp)		# tp[j-1]
+	lea	($np,$num),$np		# rewind $np
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	($tp),$N[0]		# pull upmost overflow bit
+	adc	\$0,$N[1]		# upmost overflow bit
+	mov	$N[0],-8($tp)
+
+	cmp	16+8(%rsp),$bp
+	jb	.Louter4x
+___
+if (1) {
+$code.=<<___;
+	xor	%rax,%rax
+	sub	$N[0],$m1		# compare top-most words
+	adc	$j,$j			# $j is zero
+	or	$j,$N[1]
+	sub	$N[1],%rax		# %rax=-$N[1]
+	lea	($tp,$num),%rbx		# tptr in .sqr4x_sub
+	mov	($np),%r12
+	lea	($np),%rbp		# nptr in .sqr4x_sub
+	mov	%r9,%rcx
+	sar	\$3+2,%rcx
+	mov	56+8(%rsp),%rdi		# rptr in .sqr4x_sub
+	dec	%r12			# so that after 'not' we get -n[0]
+	xor	%r10,%r10
+	mov	8*1(%rbp),%r13
+	mov	8*2(%rbp),%r14
+	mov	8*3(%rbp),%r15
+	jmp	.Lsqr4x_sub_entry
+___
+} else {
+my @ri=("%rax",$bp,$m0,$m1);
+my $rp="%rdx";
+$code.=<<___
+	xor	\$1,$N[1]
+	lea	($tp,$num),$tp		# rewind $tp
+	sar	\$5,$num		# cf=0
+	lea	($np,$N[1],8),$np
+	mov	56+8(%rsp),$rp		# restore $rp
+	jmp	.Lsub4x
+
+.align	32
+.Lsub4x:
+	.byte	0x66
+	mov	8*0($tp),@ri[0]
+	mov	8*1($tp),@ri[1]
+	.byte	0x66
+	sbb	16*0($np),@ri[0]
+	mov	8*2($tp),@ri[2]
+	sbb	16*1($np),@ri[1]
+	mov	3*8($tp),@ri[3]
+	lea	4*8($tp),$tp
+	sbb	16*2($np),@ri[2]
+	mov	@ri[0],8*0($rp)
+	sbb	16*3($np),@ri[3]
+	lea	16*4($np),$np
+	mov	@ri[1],8*1($rp)
+	mov	@ri[2],8*2($rp)
+	mov	@ri[3],8*3($rp)
+	lea	8*4($rp),$rp
+
+	inc	$num
+	jnz	.Lsub4x
+
+	ret
+___
+}
+$code.=<<___;
+.size	mul4x_internal,.-mul4x_internal
+___
+}}}
+{{{
+######################################################################
+# void bn_power5(
+my $rptr="%rdi";	# BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# const void *table,
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+			# int pwr 
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.globl	bn_power5
+.type	bn_power5,\@function,6
+.align	32
+bn_power5:
+	mov	%rsp,%rax
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	je	.Lpowerx5_enter
+___
+$code.=<<___;
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lpower5_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10d	# 3*$num
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lpwr_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	jmp	.Lpwr_sp_done
+
+.align	32
+.Lpwr_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lpwr_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwr_page_walk
+	jmp	.Lpwr_page_walk_done
+
+.Lpwr_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwr_page_walk
+.Lpwr_page_walk_done:
+
+	mov	$num,%r10	
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.Lpower5_body:
+	movq	$rptr,%xmm1		# save $rptr, used in sqr8x
+	movq	$nptr,%xmm2		# save $nptr
+	movq	%r10, %xmm3		# -$num, used in sqr8x
+	movq	$bptr,%xmm4
+
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+
+	movq	%xmm2,$nptr
+	movq	%xmm4,$bptr
+	mov	$aptr,$rptr
+	mov	40(%rsp),%rax
+	lea	32(%rsp),$n0
+
+	call	mul4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lpower5_epilogue:
+	ret
+.size	bn_power5,.-bn_power5
+
+.globl	bn_sqr8x_internal
+.hidden	bn_sqr8x_internal
+.type	bn_sqr8x_internal,\@abi-omnipotent
+.align	32
+bn_sqr8x_internal:
+__bn_sqr8x_internal:
+	##############################################################
+	# Squaring part:
+	#
+	# a) multiply-n-add everything but a[i]*a[i];
+	# b) shift result of a) by 1 to the left and accumulate
+	#    a[i]*a[i] products;
+	#
+	##############################################################
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                             a[2]a[1]
+	#                                         a[4]a[0]
+	#                                         a[3]a[1]
+	#                                     a[5]a[0]
+	#                                     a[4]a[1]
+	#                                     a[3]a[2]
+	#                                 a[6]a[0]
+	#                                 a[5]a[1]
+	#                                 a[4]a[2]
+	#                             a[7]a[0]
+	#                             a[6]a[1]
+	#                             a[5]a[2]
+	#                             a[4]a[3]
+	#                         a[7]a[1]
+	#                         a[6]a[2]
+	#                         a[5]a[3]
+	#                     a[7]a[2]
+	#                     a[6]a[3]
+	#                     a[5]a[4]
+	#                 a[7]a[3]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                         a[4]a[0]
+	#                                     a[5]a[0]
+	#                                 a[6]a[0]
+	#                             a[7]a[0]
+	#                                             a[2]a[1]
+	#                                         a[3]a[1]
+	#                                     a[4]a[1]
+	#                                 a[5]a[1]
+	#                             a[6]a[1]
+	#                         a[7]a[1]
+	#                                     a[3]a[2]
+	#                                 a[4]a[2]
+	#                             a[5]a[2]
+	#                         a[6]a[2]
+	#                     a[7]a[2]
+	#                             a[4]a[3]
+	#                         a[5]a[3]
+	#                     a[6]a[3]
+	#                 a[7]a[3]
+	#                     a[5]a[4]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	#                                                         a[0]a[0]
+	#                                                 a[1]a[1]
+	#                                         a[2]a[2]
+	#                                 a[3]a[3]
+	#                         a[4]a[4]
+	#                 a[5]a[5]
+	#         a[6]a[6]
+	# a[7]a[7]
+
+	lea	32(%r10),$i		# $i=-($num-32)
+	lea	($aptr,$num),$aptr	# end of a[] buffer, ($aptr,$i)=&ap[2]
+
+	mov	$num,$j			# $j=$num
+
+					# comments apply to $num==8 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	mov	%rax,$A0[0]		# a[1]*a[0]
+	 mov	$ai,%rax		# a[2]
+	mov	%rdx,$A0[1]
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+	mov	%rdx,$A0[0]
+
+
+	 mov	-8($aptr,$i),$ai	# a[3]
+	mul	$a1			# a[2]*a[1]
+	mov	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[1]
+
+	 lea	($i),$j
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[3]
+	jmp	.Lsqr4x_1st
+
+.align	32
+.Lsqr4x_1st:
+	 mov	($aptr,$j),$ai		# a[4]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	 mov	8($aptr,$j),$ai		# a[5]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	 mov	$A0[1],($tptr,$j)	# t[4]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	 mov	16($aptr,$j),$ai	# a[6]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]		# a[5]*a[3]+t[6]
+	 mov	$ai,%rax
+	 mov	$A0[0],8($tptr,$j)	# t[5]
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+
+	mul	$a0			# a[6]*a[2]
+	add	%rax,$A0[1]		# a[6]*a[2]+a[5]*a[3]+t[6]
+	 mov	$ai,%rax		# a[3]
+	 mov	24($aptr,$j),$ai	# a[7]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+
+	mul	$a1			# a[6]*a[5]
+	add	%rax,$A1[0]		# a[6]*a[5]+t[7]
+	 mov	$ai,%rax
+	 mov	$A0[1],16($tptr,$j)	# t[6]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+	 lea	32($j),$j
+
+	mul	$a0			# a[7]*a[4]
+	add	%rax,$A0[0]		# a[7]*a[4]+a[6]*a[5]+t[6]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[7]
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_1st
+
+	mul	$a1			# a[7]*a[5]
+	add	%rax,$A1[1]
+	lea	16($i),$i
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[8]
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[9]
+	jmp	.Lsqr4x_outer
+
+.align	32
+.Lsqr4x_outer:				# comments apply to $num==6 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	mov	-24($tptr,$i),$A0[0]	# t[1]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1]
+	 mov	$ai,%rax		# a[2]
+	adc	\$0,%rdx
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+	mov	%rdx,$A0[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	-16($tptr,$i),$A0[1]	# a[2]*a[0]+t[2]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+
+	xor	$A1[0],$A1[0]
+
+	 mov	-8($aptr,$i),$ai	# a[3]
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	-8($tptr,$i),$A1[0]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	$A1[0],$A0[0]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$i)	# t[3]
+
+	lea	($i),$j
+	jmp	.Lsqr4x_inner
+
+.align	32
+.Lsqr4x_inner:
+	 mov	($aptr,$j),$ai		# a[4]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[0]
+	adc	\$0,$A1[0]
+	add	($tptr,$j),$A1[1]
+	adc	\$0,$A1[0]
+
+	.byte	0x67
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	 mov	8($aptr,$j),$ai		# a[5]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	mov	$A0[1],($tptr,$j)	# t[4]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+	add	8($tptr,$j),$A1[0]
+	lea	16($j),$j		# j++
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+	add	$A1[0],$A0[0]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[5], "preloaded t[1]" below
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_inner
+
+	.byte	0x67
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[6], "preloaded t[2]" below
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[7], "preloaded t[3]" below
+
+	add	\$16,$i
+	jnz	.Lsqr4x_outer
+
+					# comments apply to $num==4 case
+	mov	-32($aptr),$a0		# a[0]
+	lea	48+8(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr),%rax		# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr),$ai		# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1], preloaded t[1]
+	 mov	$ai,%rax		# a[2]
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	 mov	$A0[0],-24($tptr)	# t[1]
+	mov	%rdx,$A0[0]
+	adc	\$0,$A0[0]
+	add	$A1[1],$A0[1]		# a[2]*a[0]+t[2], preloaded t[2]
+	 mov	-8($aptr),$ai		# a[3]
+	adc	\$0,$A0[0]
+
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3], preloaded t[3]
+	 mov	$ai,%rax
+	 mov	$A0[1],-16($tptr)	# t[2]
+	mov	%rdx,$A1[1]
+	adc	\$0,$A1[1]
+
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A0[1]
+	adc	\$0,$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mov	$A0[0],-8($tptr)	# t[3]
+
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]
+	 mov	-16($aptr),%rax		# a[2]
+	adc	\$0,%rdx
+	add	$A0[1],$A1[1]
+	adc	\$0,%rdx
+
+	mov	$A1[1],($tptr)		# t[4]
+	mov	%rdx,$A1[0]
+	mov	%rdx,8($tptr)		# t[5]
+
+	mul	$ai			# a[2]*a[3]
+___
+{
+my ($shift,$carry)=($a0,$a1);
+my @S=(@A1,$ai,$n0);
+$code.=<<___;
+	 add	\$16,$i
+	 xor	$shift,$shift
+	 sub	$num,$i			# $i=16-$num
+	 xor	$carry,$carry
+
+	add	$A1[0],%rax		# t[5]
+	adc	\$0,%rdx
+	mov	%rax,8($tptr)		# t[5]
+	mov	%rdx,16($tptr)		# t[6]
+	mov	$carry,24($tptr)	# t[7]
+
+	 mov	-16($aptr,$i),%rax	# a[0]
+	lea	48+8(%rsp),$tptr
+	 xor	$A0[0],$A0[0]		# t[0]
+	 mov	8($tptr),$A0[1]		# t[1]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	24($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	32($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	40($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],16($tptr)
+	adc	%rdx,$S[3]
+	lea	16($i),$i
+	mov	$S[3],24($tptr)
+	sbb	$carry,$carry		# mov cf,$carry
+	lea	64($tptr),$tptr
+	jmp	.Lsqr4x_shift_n_add
+
+.align	32
+.Lsqr4x_shift_n_add:
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],-24($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	0($tptr),$A0[0]		# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	8($tptr),$A0[1]		# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],-16($tptr)
+	adc	%rdx,$S[3]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	 mov	$S[3],-8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	24($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],0($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],8($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	32($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	40($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	16($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],16($tptr)
+	adc	%rdx,$S[3]
+	mov	$S[3],24($tptr)
+	sbb	$carry,$carry		# mov cf,$carry
+	lea	64($tptr),$tptr
+	add	\$32,$i
+	jnz	.Lsqr4x_shift_n_add
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	.byte	0x67
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr),%rax		# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1|shift
+	 mov	$S[1],-24($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	adc	%rax,$S[2]
+	adc	%rdx,$S[3]
+	mov	$S[2],-16($tptr)
+	mov	$S[3],-8($tptr)
+___
+}
+######################################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+# This new path is inspired by multiple submissions from Intel, by
+# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford,
+# Vinodh Gopal...
+{
+my ($nptr,$tptr,$carry,$m0)=("%rbp","%rdi","%rsi","%rbx");
+
+$code.=<<___;
+	movq	%xmm2,$nptr
+__bn_sqr8x_reduction:
+	xor	%rax,%rax
+	lea	($nptr,$num),%rcx	# end of n[]
+	lea	48+8(%rsp,$num,2),%rdx	# end of t[] buffer
+	mov	%rcx,0+8(%rsp)
+	lea	48+8(%rsp,$num),$tptr	# end of initial t[] window
+	mov	%rdx,8+8(%rsp)
+	neg	$num
+	jmp	.L8x_reduction_loop
+
+.align	32
+.L8x_reduction_loop:
+	lea	($tptr,$num),$tptr	# start of current t[] window
+	.byte	0x66
+	mov	8*0($tptr),$m0
+	mov	8*1($tptr),%r9
+	mov	8*2($tptr),%r10
+	mov	8*3($tptr),%r11
+	mov	8*4($tptr),%r12
+	mov	8*5($tptr),%r13
+	mov	8*6($tptr),%r14
+	mov	8*7($tptr),%r15
+	mov	%rax,(%rdx)		# store top-most carry bit
+	lea	8*8($tptr),$tptr
+
+	.byte	0x67
+	mov	$m0,%r8
+	imulq	32+8(%rsp),$m0		# n0*a[0]
+	mov	8*0($nptr),%rax		# n[0]
+	mov	\$8,%ecx
+	jmp	.L8x_reduce
+
+.align	32
+.L8x_reduce:
+	mulq	$m0
+	 mov	8*1($nptr),%rax		# n[1]
+	neg	%r8
+	mov	%rdx,%r8
+	adc	\$0,%r8
+
+	mulq	$m0
+	add	%rax,%r9
+	 mov	8*2($nptr),%rax
+	adc	\$0,%rdx
+	add	%r9,%r8
+	 mov	$m0,48-8+8(%rsp,%rcx,8)	# put aside n0*a[i]
+	mov	%rdx,%r9
+	adc	\$0,%r9
+
+	mulq	$m0
+	add	%rax,%r10
+	 mov	8*3($nptr),%rax
+	adc	\$0,%rdx
+	add	%r10,%r9
+	 mov	32+8(%rsp),$carry	# pull n0, borrow $carry
+	mov	%rdx,%r10
+	adc	\$0,%r10
+
+	mulq	$m0
+	add	%rax,%r11
+	 mov	8*4($nptr),%rax
+	adc	\$0,%rdx
+	 imulq	%r8,$carry		# modulo-scheduled
+	add	%r11,%r10
+	mov	%rdx,%r11
+	adc	\$0,%r11
+
+	mulq	$m0
+	add	%rax,%r12
+	 mov	8*5($nptr),%rax
+	adc	\$0,%rdx
+	add	%r12,%r11
+	mov	%rdx,%r12
+	adc	\$0,%r12
+
+	mulq	$m0
+	add	%rax,%r13
+	 mov	8*6($nptr),%rax
+	adc	\$0,%rdx
+	add	%r13,%r12
+	mov	%rdx,%r13
+	adc	\$0,%r13
+
+	mulq	$m0
+	add	%rax,%r14
+	 mov	8*7($nptr),%rax
+	adc	\$0,%rdx
+	add	%r14,%r13
+	mov	%rdx,%r14
+	adc	\$0,%r14
+
+	mulq	$m0
+	 mov	$carry,$m0		# n0*a[i]
+	add	%rax,%r15
+	 mov	8*0($nptr),%rax		# n[0]
+	adc	\$0,%rdx
+	add	%r15,%r14
+	mov	%rdx,%r15
+	adc	\$0,%r15
+
+	dec	%ecx
+	jnz	.L8x_reduce
+
+	lea	8*8($nptr),$nptr
+	xor	%rax,%rax
+	mov	8+8(%rsp),%rdx		# pull end of t[]
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.L8x_no_tail
+
+	.byte	0x66
+	add	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	sbb	$carry,$carry		# top carry
+
+	mov	48+56+8(%rsp),$m0	# pull n0*a[0]
+	mov	\$8,%ecx
+	mov	8*0($nptr),%rax
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail:
+	mulq	$m0
+	add	%rax,%r8
+	 mov	8*1($nptr),%rax
+	 mov	%r8,($tptr)		# save result
+	mov	%rdx,%r8
+	adc	\$0,%r8
+
+	mulq	$m0
+	add	%rax,%r9
+	 mov	8*2($nptr),%rax
+	adc	\$0,%rdx
+	add	%r9,%r8
+	 lea	8($tptr),$tptr		# $tptr++
+	mov	%rdx,%r9
+	adc	\$0,%r9
+
+	mulq	$m0
+	add	%rax,%r10
+	 mov	8*3($nptr),%rax
+	adc	\$0,%rdx
+	add	%r10,%r9
+	mov	%rdx,%r10
+	adc	\$0,%r10
+
+	mulq	$m0
+	add	%rax,%r11
+	 mov	8*4($nptr),%rax
+	adc	\$0,%rdx
+	add	%r11,%r10
+	mov	%rdx,%r11
+	adc	\$0,%r11
+
+	mulq	$m0
+	add	%rax,%r12
+	 mov	8*5($nptr),%rax
+	adc	\$0,%rdx
+	add	%r12,%r11
+	mov	%rdx,%r12
+	adc	\$0,%r12
+
+	mulq	$m0
+	add	%rax,%r13
+	 mov	8*6($nptr),%rax
+	adc	\$0,%rdx
+	add	%r13,%r12
+	mov	%rdx,%r13
+	adc	\$0,%r13
+
+	mulq	$m0
+	add	%rax,%r14
+	 mov	8*7($nptr),%rax
+	adc	\$0,%rdx
+	add	%r14,%r13
+	mov	%rdx,%r14
+	adc	\$0,%r14
+
+	mulq	$m0
+	 mov	48-16+8(%rsp,%rcx,8),$m0# pull n0*a[i]
+	add	%rax,%r15
+	adc	\$0,%rdx
+	add	%r15,%r14
+	 mov	8*0($nptr),%rax		# pull n[0]
+	mov	%rdx,%r15
+	adc	\$0,%r15
+
+	dec	%ecx
+	jnz	.L8x_tail
+
+	lea	8*8($nptr),$nptr
+	mov	8+8(%rsp),%rdx		# pull end of t[]
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.L8x_tail_done		# break out of loop
+
+	 mov	48+56+8(%rsp),$m0	# pull n0*a[0]
+	neg	$carry
+	 mov	8*0($nptr),%rax		# pull n[0]
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	sbb	$carry,$carry		# top carry
+
+	mov	\$8,%ecx
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail_done:
+	xor	%rax,%rax
+	add	(%rdx),%r8		# can this overflow?
+	adc	\$0,%r9
+	adc	\$0,%r10
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	adc	\$0,%rax
+
+	neg	$carry
+.L8x_no_tail:
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	adc	\$0,%rax		# top-most carry
+	 mov	-8($nptr),%rcx		# np[num-1]
+	 xor	$carry,$carry
+
+	movq	%xmm2,$nptr		# restore $nptr
+
+	mov	%r8,8*0($tptr)		# store top 512 bits
+	mov	%r9,8*1($tptr)
+	 movq	%xmm3,$num		# $num is %r9, can't be moved upwards
+	mov	%r10,8*2($tptr)
+	mov	%r11,8*3($tptr)
+	mov	%r12,8*4($tptr)
+	mov	%r13,8*5($tptr)
+	mov	%r14,8*6($tptr)
+	mov	%r15,8*7($tptr)
+	lea	8*8($tptr),$tptr
+
+	cmp	%rdx,$tptr		# end of t[]?
+	jb	.L8x_reduction_loop
+	ret
+.size	bn_sqr8x_internal,.-bn_sqr8x_internal
+___
+}
+##############################################################
+# Post-condition, 4x unrolled
+#
+{
+my ($tptr,$nptr)=("%rbx","%rbp");
+$code.=<<___;
+.type	__bn_post4x_internal,\@abi-omnipotent
+.align	32
+__bn_post4x_internal:
+	mov	8*0($nptr),%r12
+	lea	(%rdi,$num),$tptr	# %rdi was $tptr above
+	mov	$num,%rcx
+	movq	%xmm1,$rptr		# restore $rptr
+	neg	%rax
+	movq	%xmm1,$aptr		# prepare for back-to-back call
+	sar	\$3+2,%rcx
+	dec	%r12			# so that after 'not' we get -n[0]
+	xor	%r10,%r10
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+	jmp	.Lsqr4x_sub_entry
+
+.align	16
+.Lsqr4x_sub:
+	mov	8*0($nptr),%r12
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+.Lsqr4x_sub_entry:
+	lea	8*4($nptr),$nptr
+	not	%r12
+	not	%r13
+	not	%r14
+	not	%r15
+	and	%rax,%r12
+	and	%rax,%r13
+	and	%rax,%r14
+	and	%rax,%r15
+
+	neg	%r10			# mov %r10,%cf
+	adc	8*0($tptr),%r12
+	adc	8*1($tptr),%r13
+	adc	8*2($tptr),%r14
+	adc	8*3($tptr),%r15
+	mov	%r12,8*0($rptr)
+	lea	8*4($tptr),$tptr
+	mov	%r13,8*1($rptr)
+	sbb	%r10,%r10		# mov %cf,%r10
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+
+	inc	%rcx			# pass %cf
+	jnz	.Lsqr4x_sub
+
+	mov	$num,%r10		# prepare for back-to-back call
+	neg	$num			# restore $num	
+	ret
+.size	__bn_post4x_internal,.-__bn_post4x_internal
+___
+}
+{
+$code.=<<___;
+.globl	bn_from_montgomery
+.type	bn_from_montgomery,\@abi-omnipotent
+.align	32
+bn_from_montgomery:
+	testl	\$7,`($win64?"48(%rsp)":"%r9d")`
+	jz	bn_from_mont8x
+	xor	%eax,%eax
+	ret
+.size	bn_from_montgomery,.-bn_from_montgomery
+
+.type	bn_from_mont8x,\@function,6
+.align	32
+bn_from_mont8x:
+	.byte	0x67
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lfrom_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). The stack is allocated to aligned with
+	# bn_power5's frame, and as bn_from_montgomery happens to be
+	# last operation, we use the opportunity to cleanse it.
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lfrom_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lfrom_sp_done
+
+.align	32
+.Lfrom_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lfrom_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lfrom_page_walk
+	jmp	.Lfrom_page_walk_done
+
+.Lfrom_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lfrom_page_walk
+.Lfrom_page_walk_done:
+
+	mov	$num,%r10
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.Lfrom_body:
+	mov	$num,%r11
+	lea	48(%rsp),%rax
+	pxor	%xmm0,%xmm0
+	jmp	.Lmul_by_1
+
+.align	32
+.Lmul_by_1:
+	movdqu	($aptr),%xmm1
+	movdqu	16($aptr),%xmm2
+	movdqu	32($aptr),%xmm3
+	movdqa	%xmm0,(%rax,$num)
+	movdqu	48($aptr),%xmm4
+	movdqa	%xmm0,16(%rax,$num)
+	.byte	0x48,0x8d,0xb6,0x40,0x00,0x00,0x00	# lea	64($aptr),$aptr
+	movdqa	%xmm1,(%rax)
+	movdqa	%xmm0,32(%rax,$num)
+	movdqa	%xmm2,16(%rax)
+	movdqa	%xmm0,48(%rax,$num)
+	movdqa	%xmm3,32(%rax)
+	movdqa	%xmm4,48(%rax)
+	lea	64(%rax),%rax
+	sub	\$64,%r11
+	jnz	.Lmul_by_1
+
+	movq	$rptr,%xmm1
+	movq	$nptr,%xmm2
+	.byte	0x67
+	mov	$nptr,%rbp
+	movq	%r10, %xmm3		# -num
+___
+$code.=<<___ if ($addx);
+	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+	and	\$0x80108,%r11d
+	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+	jne	.Lfrom_mont_nox
+
+	lea	(%rax,$num),$rptr
+	call	__bn_sqrx8x_reduction
+	call	__bn_postx4x_internal
+
+	pxor	%xmm0,%xmm0
+	lea	48(%rsp),%rax
+	mov	40(%rsp),%rsi		# restore %rsp
+	jmp	.Lfrom_mont_zero
+
+.align	32
+.Lfrom_mont_nox:
+___
+$code.=<<___;
+	call	__bn_sqr8x_reduction
+	call	__bn_post4x_internal
+
+	pxor	%xmm0,%xmm0
+	lea	48(%rsp),%rax
+	mov	40(%rsp),%rsi		# restore %rsp
+	jmp	.Lfrom_mont_zero
+
+.align	32
+.Lfrom_mont_zero:
+	movdqa	%xmm0,16*0(%rax)
+	movdqa	%xmm0,16*1(%rax)
+	movdqa	%xmm0,16*2(%rax)
+	movdqa	%xmm0,16*3(%rax)
+	lea	16*4(%rax),%rax
+	sub	\$32,$num
+	jnz	.Lfrom_mont_zero
+
+	mov	\$1,%rax
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lfrom_epilogue:
+	ret
+.size	bn_from_mont8x,.-bn_from_mont8x
+___
+}
+}}}
+
+if ($addx) {{{
+my $bp="%rdx";	# restore original value
+
+$code.=<<___;
+.type	bn_mulx4x_mont_gather5,\@function,6
+.align	32
+bn_mulx4x_mont_gather5:
+	mov	%rsp,%rax
+.Lmulx4x_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lmulx4x_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num			# -$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra [num] is allocated in order
+	# to align with bn_power5's frame, which is cleansed after
+	# completing exponentiation. Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rp,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lmulx4xsp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lmulx4xsp_done
+
+.Lmulx4xsp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lmulx4xsp_done:	
+	and	\$-64,%rbp		# ensure alignment
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.Lmulx4x_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+	##############################################################
+	# Stack layout
+	# +0	-num
+	# +8	off-loaded &b[i]
+	# +16	end of b[num]
+	# +24	inner counter
+	# +32	saved n0
+	# +40	saved %rsp
+	# +48
+	# +56	saved rp
+	# +64	tmp[num+1]
+	#
+	mov	$n0, 32(%rsp)		# save *n0
+	mov	%rax,40(%rsp)		# save original %rsp
+.Lmulx4x_body:
+	call	mulx4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lmulx4x_epilogue:
+	ret
+.size	bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5
+
+.type	mulx4x_internal,\@abi-omnipotent
+.align	32
+mulx4x_internal:
+	mov	$num,8(%rsp)		# save -$num (it was in bytes)
+	mov	$num,%r10
+	neg	$num			# restore $num
+	shl	\$5,$num
+	neg	%r10			# restore $num
+	lea	128($bp,$num),%r13	# end of powers table (+size optimization)
+	shr	\$5+5,$num
+	movd	`($win64?56:8)`(%rax),%xmm5	# load 7th argument
+	sub	\$1,$num
+	lea	.Linc(%rip),%rax
+	mov	%r13,16+8(%rsp)		# end of b[num]
+	mov	$num,24+8(%rsp)		# inner counter
+	mov	$rp, 56+8(%rsp)		# save $rp
+___
+my ($aptr, $bptr, $nptr, $tptr, $mi,  $bi,  $zero, $num)=
+   ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax");
+my $rptr=$bptr;
+my $STRIDE=2**5*8;		# 5 is "window size"
+my $N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	88-112(%rsp,%r10),%r10	# place the mask after tp[num+1] (+ICache optimizaton)
+	lea	128($bp),$bptr		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	.byte	0x67
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	.byte	0x67
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	movdqa	%xmm4,%xmm3
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	.byte	0x67
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($i+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($i+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($i+2)+112`(%r10)
+
+	pand	`16*($i+0)-128`($bptr),%xmm0	# while it's still in register
+	pand	`16*($i+1)-128`($bptr),%xmm1
+	pand	`16*($i+2)-128`($bptr),%xmm2
+	movdqa	%xmm3,`16*($i+3)+112`(%r10)
+	pand	`16*($i+3)-128`($bptr),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($i=0;$i<$STRIDE/16-4;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bptr),%xmm4
+	movdqa	`16*($i+1)-128`($bptr),%xmm5
+	movdqa	`16*($i+2)-128`($bptr),%xmm2
+	pand	`16*($i+0)+112`(%r10),%xmm4
+	movdqa	`16*($i+3)-128`($bptr),%xmm3
+	pand	`16*($i+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($i+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($i+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	pxor	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bptr),$bptr
+	movq	%xmm0,%rdx		# bp[0]
+	lea	64+8*4+8(%rsp),$tptr
+
+	mov	%rdx,$bi
+	mulx	0*8($aptr),$mi,%rax	# a[0]*b[0]
+	mulx	1*8($aptr),%r11,%r12	# a[1]*b[0]
+	add	%rax,%r11
+	mulx	2*8($aptr),%rax,%r13	# ...
+	adc	%rax,%r12
+	adc	\$0,%r13
+	mulx	3*8($aptr),%rax,%r14
+
+	mov	$mi,%r15
+	imulq	32+8(%rsp),$mi		# "t[0]"*n0
+	xor	$zero,$zero		# cf=0, of=0
+	mov	$mi,%rdx
+
+	mov	$bptr,8+8(%rsp)		# off-load &b[i]
+
+	lea	4*8($aptr),$aptr
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	mov	24+8(%rsp),$bptr	# counter value
+	mov	%r10,-8*4($tptr)
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r11,-8*3($tptr)
+	adcx	%rax,%r12
+	adox	$zero,%r15		# of=0
+	lea	4*8($nptr),$nptr
+	mov	%r12,-8*2($tptr)
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[0]
+	adcx	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[0]
+	adcx	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 .byte	0x67,0x67
+	 mov	$mi,%rdx
+	adcx	%rax,%r13
+	adcx	$zero,%r14		# cf=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-4*8($tptr)
+	adox	%r15,%r13
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	lea	4*8($nptr),$nptr
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_1st
+
+	mov	8(%rsp),$num		# load -num
+	adc	$zero,%r15		# modulo-scheduled
+	lea	($aptr,$num),$aptr	# rewind $aptr
+	add	%r15,%r14
+	mov	8+8(%rsp),$bptr		# re-load &b[i]
+	adc	$zero,$zero		# top-most carry
+	mov	%r14,-1*8($tptr)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	lea	16-256($tptr),%r10	# where 256-byte mask is (+density control)
+	pxor	%xmm4,%xmm4
+	.byte	0x67,0x67
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`($bptr),%xmm0
+	movdqa	`16*($i+1)-128`($bptr),%xmm1
+	movdqa	`16*($i+2)-128`($bptr),%xmm2
+	pand	`16*($i+0)+256`(%r10),%xmm0
+	movdqa	`16*($i+3)-128`($bptr),%xmm3
+	pand	`16*($i+1)+256`(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)+256`(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)+256`(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bptr),$bptr
+	movq	%xmm0,%rdx		# m0=bp[i]
+
+	mov	$zero,($tptr)		# save top-most carry
+	lea	4*8($tptr,$num),$tptr	# rewind $tptr
+	mulx	0*8($aptr),$mi,%r11	# a[0]*b[i]
+	xor	$zero,$zero		# cf=0, of=0
+	mov	%rdx,$bi
+	mulx	1*8($aptr),%r14,%r12	# a[1]*b[i]
+	adox	-4*8($tptr),$mi		# +t[0]
+	adcx	%r14,%r11
+	mulx	2*8($aptr),%r15,%r13	# ...
+	adox	-3*8($tptr),%r11
+	adcx	%r15,%r12
+	mulx	3*8($aptr),%rdx,%r14
+	adox	-2*8($tptr),%r12
+	adcx	%rdx,%r13
+	lea	($nptr,$num),$nptr	# rewind $nptr
+	lea	4*8($aptr),$aptr
+	adox	-1*8($tptr),%r13
+	adcx	$zero,%r14
+	adox	$zero,%r14
+
+	mov	$mi,%r15
+	imulq	32+8(%rsp),$mi		# "t[0]"*n0
+
+	mov	$mi,%rdx
+	xor	$zero,$zero		# cf=0, of=0
+	mov	$bptr,8+8(%rsp)		# off-load &b[i]
+
+	mulx	0*8($nptr),%rax,%r10
+	adcx	%rax,%r15		# discarded
+	adox	%r11,%r10
+	mulx	1*8($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+	mulx	2*8($nptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	mov	24+8(%rsp),$bptr	# counter value
+	mov	%r10,-8*4($tptr)
+	adcx	%rax,%r12
+	mov	%r11,-8*3($tptr)
+	adox	$zero,%r15		# of=0
+	mov	%r12,-8*2($tptr)
+	lea	4*8($nptr),$nptr
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulx	0*8($aptr),%r10,%rax	# a[4]*b[i]
+	adcx	$zero,%r15		# cf=0, modulo-scheduled
+	adox	%r14,%r10
+	mulx	1*8($aptr),%r11,%r14	# a[5]*b[i]
+	adcx	0*8($tptr),%r10
+	adox	%rax,%r11
+	mulx	2*8($aptr),%r12,%rax	# ...
+	adcx	1*8($tptr),%r11
+	adox	%r14,%r12
+	mulx	3*8($aptr),%r13,%r14
+	 mov	$mi,%rdx
+	adcx	2*8($tptr),%r12
+	adox	%rax,%r13
+	adcx	3*8($tptr),%r13
+	adox	$zero,%r14		# of=0
+	lea	4*8($aptr),$aptr
+	lea	4*8($tptr),$tptr
+	adcx	$zero,%r14		# cf=0
+
+	adox	%r15,%r10
+	mulx	0*8($nptr),%rax,%r15
+	adcx	%rax,%r10
+	adox	%r15,%r11
+	mulx	1*8($nptr),%rax,%r15
+	adcx	%rax,%r11
+	adox	%r15,%r12
+	mulx	2*8($nptr),%rax,%r15
+	mov	%r10,-5*8($tptr)
+	adcx	%rax,%r12
+	adox	%r15,%r13
+	mov	%r11,-4*8($tptr)
+	mulx	3*8($nptr),%rax,%r15
+	 mov	$bi,%rdx
+	lea	4*8($nptr),$nptr
+	mov	%r12,-3*8($tptr)
+	adcx	%rax,%r13
+	adox	$zero,%r15
+	mov	%r13,-2*8($tptr)
+
+	dec	$bptr			# of=0, pass cf
+	jnz	.Lmulx4x_inner
+
+	mov	0+8(%rsp),$num		# load -num
+	adc	$zero,%r15		# modulo-scheduled
+	sub	0*8($tptr),$bptr	# pull top-most carry to %cf
+	mov	8+8(%rsp),$bptr		# re-load &b[i]
+	mov	16+8(%rsp),%r10
+	adc	%r15,%r14
+	lea	($aptr,$num),$aptr	# rewind $aptr
+	adc	$zero,$zero		# top-most carry
+	mov	%r14,-1*8($tptr)
+
+	cmp	%r10,$bptr
+	jb	.Lmulx4x_outer
+
+	mov	-8($nptr),%r10
+	mov	$zero,%r8
+	mov	($nptr,$num),%r12
+	lea	($nptr,$num),%rbp	# rewind $nptr
+	mov	$num,%rcx
+	lea	($tptr,$num),%rdi	# rewind $tptr
+	xor	%eax,%eax
+	xor	%r15,%r15
+	sub	%r14,%r10		# compare top-most words
+	adc	%r15,%r15
+	or	%r15,%r8
+	sar	\$3+2,%rcx
+	sub	%r8,%rax		# %rax=-%r8
+	mov	56+8(%rsp),%rdx		# restore rp
+	dec	%r12			# so that after 'not' we get -n[0]
+	mov	8*1(%rbp),%r13
+	xor	%r8,%r8
+	mov	8*2(%rbp),%r14
+	mov	8*3(%rbp),%r15
+	jmp	.Lsqrx4x_sub_entry	# common post-condition
+.size	mulx4x_internal,.-mulx4x_internal
+___
+}{
+######################################################################
+# void bn_power5(
+my $rptr="%rdi";	# BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# const void *table,
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 8
+			# int pwr);
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.type	bn_powerx5,\@function,6
+.align	32
+bn_powerx5:
+	mov	%rsp,%rax
+.Lpowerx5_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lpowerx5_prologue:
+
+	shl	\$3,${num}d		# convert $num to bytes
+	lea	($num,$num,2),%r10	# 3*$num in bytes
+	neg	$num
+	mov	($n0),$n0		# *n0
+
+	##############################################################
+	# Ensure that stack frame doesn't alias with $rptr+3*$num
+	# modulo 4096, which covers ret[num], am[num] and n[num]
+	# (see bn_exp.c). This is done to allow memory disambiguation
+	# logic do its magic. [Extra 256 bytes is for power mask
+	# calculated from 7th argument, the index.]
+	#
+	lea	-320(%rsp,$num,2),%r11
+	mov	%rsp,%rbp
+	sub	$rptr,%r11
+	and	\$4095,%r11
+	cmp	%r11,%r10
+	jb	.Lpwrx_sp_alt
+	sub	%r11,%rbp		# align with $aptr
+	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+	jmp	.Lpwrx_sp_done
+
+.align	32
+.Lpwrx_sp_alt:
+	lea	4096-320(,$num,2),%r10
+	lea	-320(%rbp,$num,2),%rbp	# alloca(frame+2*$num*8+256)
+	sub	%r10,%r11
+	mov	\$0,%r10
+	cmovc	%r10,%r11
+	sub	%r11,%rbp
+.Lpwrx_sp_done:
+	and	\$-64,%rbp
+	mov	%rsp,%r11
+	sub	%rbp,%r11
+	and	\$-4096,%r11
+	lea	(%rbp,%r11),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+	jmp	.Lpwrx_page_walk_done
+
+.Lpwrx_page_walk:
+	lea	-4096(%rsp),%rsp
+	mov	(%rsp),%r10
+	cmp	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+.Lpwrx_page_walk_done:
+
+	mov	$num,%r10	
+	neg	$num
+
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +16	intermediate carry bit
+	# +24	top-most carry bit, used in reduction section
+	# +32	saved *n0
+	# +40	saved %rsp
+	# +48	t[2*$num]
+	#
+	pxor	%xmm0,%xmm0
+	movq	$rptr,%xmm1		# save $rptr
+	movq	$nptr,%xmm2		# save $nptr
+	movq	%r10, %xmm3		# -$num
+	movq	$bptr,%xmm4
+	mov	$n0,  32(%rsp)
+	mov	%rax, 40(%rsp)		# save original %rsp
+.Lpowerx5_body:
+
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+
+	mov	%r10,$num		# -num
+	mov	$aptr,$rptr
+	movq	%xmm2,$nptr
+	movq	%xmm4,$bptr
+	mov	40(%rsp),%rax
+
+	call	mulx4x_internal
+
+	mov	40(%rsp),%rsi		# restore %rsp
+	mov	\$1,%rax
+
+	mov	-48(%rsi),%r15
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lpowerx5_epilogue:
+	ret
+.size	bn_powerx5,.-bn_powerx5
+
+.globl	bn_sqrx8x_internal
+.hidden	bn_sqrx8x_internal
+.type	bn_sqrx8x_internal,\@abi-omnipotent
+.align	32
+bn_sqrx8x_internal:
+__bn_sqrx8x_internal:
+	##################################################################
+	# Squaring part:
+	#
+	# a) multiply-n-add everything but a[i]*a[i];
+	# b) shift result of a) by 1 to the left and accumulate
+	#    a[i]*a[i] products;
+	#
+	##################################################################
+	# a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0]
+	#                                                     a[1]a[0]
+	#                                                 a[2]a[0]
+	#                                             a[3]a[0]
+	#                                             a[2]a[1]
+	#                                         a[3]a[1]
+	#                                     a[3]a[2]
+	#
+	#                                         a[4]a[0]
+	#                                     a[5]a[0]
+	#                                 a[6]a[0]
+	#                             a[7]a[0]
+	#                                     a[4]a[1]
+	#                                 a[5]a[1]
+	#                             a[6]a[1]
+	#                         a[7]a[1]
+	#                                 a[4]a[2]
+	#                             a[5]a[2]
+	#                         a[6]a[2]
+	#                     a[7]a[2]
+	#                             a[4]a[3]
+	#                         a[5]a[3]
+	#                     a[6]a[3]
+	#                 a[7]a[3]
+	#
+	#                     a[5]a[4]
+	#                 a[6]a[4]
+	#             a[7]a[4]
+	#             a[6]a[5]
+	#         a[7]a[5]
+	#     a[7]a[6]
+	# a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0]
+___
+{
+my ($zero,$carry)=("%rbp","%rcx");
+my $aaptr=$zero;
+$code.=<<___;
+	lea	48+8(%rsp),$tptr
+	lea	($aptr,$num),$aaptr
+	mov	$num,0+8(%rsp)			# save $num
+	mov	$aaptr,8+8(%rsp)		# save end of $aptr
+	jmp	.Lsqr8x_zero_start
+
+.align	32
+.byte	0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00
+.Lsqrx8x_zero:
+	.byte	0x3e
+	movdqa	%xmm0,0*8($tptr)
+	movdqa	%xmm0,2*8($tptr)
+	movdqa	%xmm0,4*8($tptr)
+	movdqa	%xmm0,6*8($tptr)
+.Lsqr8x_zero_start:			# aligned at 32
+	movdqa	%xmm0,8*8($tptr)
+	movdqa	%xmm0,10*8($tptr)
+	movdqa	%xmm0,12*8($tptr)
+	movdqa	%xmm0,14*8($tptr)
+	lea	16*8($tptr),$tptr
+	sub	\$64,$num
+	jnz	.Lsqrx8x_zero
+
+	mov	0*8($aptr),%rdx		# a[0], modulo-scheduled
+	#xor	%r9,%r9			# t[1], ex-$num, zero already
+	xor	%r10,%r10
+	xor	%r11,%r11
+	xor	%r12,%r12
+	xor	%r13,%r13
+	xor	%r14,%r14
+	xor	%r15,%r15
+	lea	48+8(%rsp),$tptr
+	xor	$zero,$zero		# cf=0, cf=0
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_loop:
+	mulx	1*8($aptr),%r8,%rax	# a[1]*a[0]
+	adcx	%r9,%r8			# a[1]*a[0]+=t[1]
+	adox	%rax,%r10
+	mulx	2*8($aptr),%r9,%rax	# a[2]*a[0]
+	adcx	%r10,%r9
+	adox	%rax,%r11
+	.byte	0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	3*8($aptr),%r10,%rax	# ...
+	adcx	%r11,%r10
+	adox	%rax,%r12
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00	# mulx	4*8($aptr),%r11,%rax
+	adcx	%r12,%r11
+	adox	%rax,%r13
+	mulx	5*8($aptr),%r12,%rax
+	adcx	%r13,%r12
+	adox	%rax,%r14
+	mulx	6*8($aptr),%r13,%rax
+	adcx	%r14,%r13
+	adox	%r15,%rax
+	mulx	7*8($aptr),%r14,%r15
+	 mov	1*8($aptr),%rdx		# a[1]
+	adcx	%rax,%r14
+	adox	$zero,%r15
+	adc	8*8($tptr),%r15
+	mov	%r8,1*8($tptr)		# t[1]
+	mov	%r9,2*8($tptr)		# t[2]
+	sbb	$carry,$carry		# mov %cf,$carry
+	xor	$zero,$zero		# cf=0, of=0
+
+
+	mulx	2*8($aptr),%r8,%rbx	# a[2]*a[1]
+	mulx	3*8($aptr),%r9,%rax	# a[3]*a[1]
+	adcx	%r10,%r8
+	adox	%rbx,%r9
+	mulx	4*8($aptr),%r10,%rbx	# ...
+	adcx	%r11,%r9
+	adox	%rax,%r10
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00	# mulx	5*8($aptr),%r11,%rax
+	adcx	%r12,%r10
+	adox	%rbx,%r11
+	.byte	0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00	# mulx	6*8($aptr),%r12,%rbx
+	adcx	%r13,%r11
+	adox	%r14,%r12
+	.byte	0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00	# mulx	7*8($aptr),%r13,%r14
+	 mov	2*8($aptr),%rdx		# a[2]
+	adcx	%rax,%r12
+	adox	%rbx,%r13
+	adcx	%r15,%r13
+	adox	$zero,%r14		# of=0
+	adcx	$zero,%r14		# cf=0
+
+	mov	%r8,3*8($tptr)		# t[3]
+	mov	%r9,4*8($tptr)		# t[4]
+
+	mulx	3*8($aptr),%r8,%rbx	# a[3]*a[2]
+	mulx	4*8($aptr),%r9,%rax	# a[4]*a[2]
+	adcx	%r10,%r8
+	adox	%rbx,%r9
+	mulx	5*8($aptr),%r10,%rbx	# ...
+	adcx	%r11,%r9
+	adox	%rax,%r10
+	.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00	# mulx	6*8($aptr),%r11,%rax
+	adcx	%r12,%r10
+	adox	%r13,%r11
+	.byte	0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00	# mulx	7*8($aptr),%r12,%r13
+	.byte	0x3e
+	 mov	3*8($aptr),%rdx		# a[3]
+	adcx	%rbx,%r11
+	adox	%rax,%r12
+	adcx	%r14,%r12
+	mov	%r8,5*8($tptr)		# t[5]
+	mov	%r9,6*8($tptr)		# t[6]
+	 mulx	4*8($aptr),%r8,%rax	# a[4]*a[3]
+	adox	$zero,%r13		# of=0
+	adcx	$zero,%r13		# cf=0
+
+	mulx	5*8($aptr),%r9,%rbx	# a[5]*a[3]
+	adcx	%r10,%r8
+	adox	%rax,%r9
+	mulx	6*8($aptr),%r10,%rax	# ...
+	adcx	%r11,%r9
+	adox	%r12,%r10
+	mulx	7*8($aptr),%r11,%r12
+	 mov	4*8($aptr),%rdx		# a[4]
+	 mov	5*8($aptr),%r14		# a[5]
+	adcx	%rbx,%r10
+	adox	%rax,%r11
+	 mov	6*8($aptr),%r15		# a[6]
+	adcx	%r13,%r11
+	adox	$zero,%r12		# of=0
+	adcx	$zero,%r12		# cf=0
+
+	mov	%r8,7*8($tptr)		# t[7]
+	mov	%r9,8*8($tptr)		# t[8]
+
+	mulx	%r14,%r9,%rax		# a[5]*a[4]
+	 mov	7*8($aptr),%r8		# a[7]
+	adcx	%r10,%r9
+	mulx	%r15,%r10,%rbx		# a[6]*a[4]
+	adox	%rax,%r10
+	adcx	%r11,%r10
+	mulx	%r8,%r11,%rax		# a[7]*a[4]
+	 mov	%r14,%rdx		# a[5]
+	adox	%rbx,%r11
+	adcx	%r12,%r11
+	#adox	$zero,%rax		# of=0
+	adcx	$zero,%rax		# cf=0
+
+	mulx	%r15,%r14,%rbx		# a[6]*a[5]
+	mulx	%r8,%r12,%r13		# a[7]*a[5]
+	 mov	%r15,%rdx		# a[6]
+	 lea	8*8($aptr),$aptr
+	adcx	%r14,%r11
+	adox	%rbx,%r12
+	adcx	%rax,%r12
+	adox	$zero,%r13
+
+	.byte	0x67,0x67
+	mulx	%r8,%r8,%r14		# a[7]*a[6]
+	adcx	%r8,%r13
+	adcx	$zero,%r14
+
+	cmp	8+8(%rsp),$aptr
+	je	.Lsqrx8x_outer_break
+
+	neg	$carry			# mov $carry,%cf
+	mov	\$-8,%rcx
+	mov	$zero,%r15
+	mov	8*8($tptr),%r8
+	adcx	9*8($tptr),%r9		# +=t[9]
+	adcx	10*8($tptr),%r10	# ...
+	adcx	11*8($tptr),%r11
+	adc	12*8($tptr),%r12
+	adc	13*8($tptr),%r13
+	adc	14*8($tptr),%r14
+	adc	15*8($tptr),%r15
+	lea	($aptr),$aaptr
+	lea	2*64($tptr),$tptr
+	sbb	%rax,%rax		# mov %cf,$carry
+
+	mov	-64($aptr),%rdx		# a[0]
+	mov	%rax,16+8(%rsp)		# offload $carry
+	mov	$tptr,24+8(%rsp)
+
+	#lea	8*8($tptr),$tptr	# see 2*8*8($tptr) above
+	xor	%eax,%eax		# cf=0, of=0
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_loop:
+	mov	%r8,%rbx
+	mulx	0*8($aaptr),%rax,%r8	# a[8]*a[i]
+	adcx	%rax,%rbx		# +=t[8]
+	adox	%r9,%r8
+
+	mulx	1*8($aaptr),%rax,%r9	# ...
+	adcx	%rax,%r8
+	adox	%r10,%r9
+
+	mulx	2*8($aaptr),%rax,%r10
+	adcx	%rax,%r9
+	adox	%r11,%r10
+
+	mulx	3*8($aaptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	4*8($aaptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+
+	mulx	5*8($aaptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	6*8($aaptr),%rax,%r14
+	 mov	%rbx,($tptr,%rcx,8)	# store t[8+i]
+	 mov	\$0,%ebx
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00	# mulx	7*8($aaptr),%rax,%r15
+	 mov	8($aptr,%rcx,8),%rdx	# a[i]
+	adcx	%rax,%r14
+	adox	%rbx,%r15		# %rbx is 0, of=0
+	adcx	%rbx,%r15		# cf=0
+
+	.byte	0x67
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_loop
+
+	lea	8*8($aaptr),$aaptr
+	mov	\$-8,%rcx
+	cmp	8+8(%rsp),$aaptr	# done?
+	je	.Lsqrx8x_break
+
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
+	.byte	0x66
+	mov	-64($aptr),%rdx
+	adcx	0*8($tptr),%r8
+	adcx	1*8($tptr),%r9
+	adc	2*8($tptr),%r10
+	adc	3*8($tptr),%r11
+	adc	4*8($tptr),%r12
+	adc	5*8($tptr),%r13
+	adc	6*8($tptr),%r14
+	adc	7*8($tptr),%r15
+	lea	8*8($tptr),$tptr
+	.byte	0x67
+	sbb	%rax,%rax		# mov %cf,%rax
+	xor	%ebx,%ebx		# cf=0, of=0
+	mov	%rax,16+8(%rsp)		# offload carry
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_break:
+	xor	$zero,$zero
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
+	adcx	$zero,%r8
+	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
+	adcx	$zero,%r9
+	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
+	adc	\$0,%r10
+	mov	%r8,0*8($tptr)
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	cmp	$carry,$tptr		# cf=0, of=0
+	je	.Lsqrx8x_outer_loop
+
+	mov	%r9,1*8($tptr)
+	 mov	1*8($carry),%r9
+	mov	%r10,2*8($tptr)
+	 mov	2*8($carry),%r10
+	mov	%r11,3*8($tptr)
+	 mov	3*8($carry),%r11
+	mov	%r12,4*8($tptr)
+	 mov	4*8($carry),%r12
+	mov	%r13,5*8($tptr)
+	 mov	5*8($carry),%r13
+	mov	%r14,6*8($tptr)
+	 mov	6*8($carry),%r14
+	mov	%r15,7*8($tptr)
+	 mov	7*8($carry),%r15
+	mov	$carry,$tptr
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_break:
+	mov	%r9,9*8($tptr)		# t[9]
+	 movq	%xmm3,%rcx		# -$num
+	mov	%r10,10*8($tptr)	# ...
+	mov	%r11,11*8($tptr)
+	mov	%r12,12*8($tptr)
+	mov	%r13,13*8($tptr)
+	mov	%r14,14*8($tptr)
+___
+}{
+my $i="%rcx";
+$code.=<<___;
+	lea	48+8(%rsp),$tptr
+	mov	($aptr,$i),%rdx		# a[0]
+
+	mov	8($tptr),$A0[1]		# t[1]
+	xor	$A0[0],$A0[0]		# t[0], of=0, cf=0
+	mov	0+8(%rsp),$num		# restore $num
+	adox	$A0[1],$A0[1]
+	 mov	16($tptr),$A1[0]	# t[2]	# prefetch
+	 mov	24($tptr),$A1[1]	# t[3]	# prefetch
+	#jmp	.Lsqrx4x_shift_n_add	# happens to be aligned
+
+.align	32
+.Lsqrx4x_shift_n_add:
+	mulx	%rdx,%rax,%rbx
+	 adox	$A1[0],$A1[0]
+	adcx	$A0[0],%rax
+	 .byte	0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00	# mov	8($aptr,$i),%rdx	# a[i+1]	# prefetch
+	 .byte	0x4c,0x8b,0x97,0x20,0x00,0x00,0x00	# mov	32($tptr),$A0[0]	# t[2*i+4]	# prefetch
+	 adox	$A1[1],$A1[1]
+	adcx	$A0[1],%rbx
+	 mov	40($tptr),$A0[1]		# t[2*i+4+1]	# prefetch
+	mov	%rax,0($tptr)
+	mov	%rbx,8($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A0[0],$A0[0]
+	adcx	$A1[0],%rax
+	 mov	16($aptr,$i),%rdx	# a[i+2]	# prefetch
+	 mov	48($tptr),$A1[0]	# t[2*i+6]	# prefetch
+	 adox	$A0[1],$A0[1]
+	adcx	$A1[1],%rbx
+	 mov	56($tptr),$A1[1]	# t[2*i+6+1]	# prefetch
+	mov	%rax,16($tptr)
+	mov	%rbx,24($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A1[0],$A1[0]
+	adcx	$A0[0],%rax
+	 mov	24($aptr,$i),%rdx	# a[i+3]	# prefetch
+	 lea	32($i),$i
+	 mov	64($tptr),$A0[0]	# t[2*i+8]	# prefetch
+	 adox	$A1[1],$A1[1]
+	adcx	$A0[1],%rbx
+	 mov	72($tptr),$A0[1]	# t[2*i+8+1]	# prefetch
+	mov	%rax,32($tptr)
+	mov	%rbx,40($tptr)
+
+	mulx	%rdx,%rax,%rbx
+	 adox	$A0[0],$A0[0]
+	adcx	$A1[0],%rax
+	jrcxz	.Lsqrx4x_shift_n_add_break
+	 .byte	0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00	# mov	0($aptr,$i),%rdx	# a[i+4]	# prefetch
+	 adox	$A0[1],$A0[1]
+	adcx	$A1[1],%rbx
+	 mov	80($tptr),$A1[0]	# t[2*i+10]	# prefetch
+	 mov	88($tptr),$A1[1]	# t[2*i+10+1]	# prefetch
+	mov	%rax,48($tptr)
+	mov	%rbx,56($tptr)
+	lea	64($tptr),$tptr
+	nop
+	jmp	.Lsqrx4x_shift_n_add
+
+.align	32
+.Lsqrx4x_shift_n_add_break:
+	adcx	$A1[1],%rbx
+	mov	%rax,48($tptr)
+	mov	%rbx,56($tptr)
+	lea	64($tptr),$tptr		# end of t[] buffer
+___
+}
+######################################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+# This new path is inspired by multiple submissions from Intel, by
+# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford,
+# Vinodh Gopal...
+{
+my ($nptr,$carry,$m0)=("%rbp","%rsi","%rdx");
+
+$code.=<<___;
+	movq	%xmm2,$nptr
+__bn_sqrx8x_reduction:
+	xor	%eax,%eax		# initial top-most carry bit
+	mov	32+8(%rsp),%rbx		# n0
+	mov	48+8(%rsp),%rdx		# "%r8", 8*0($tptr)
+	lea	-8*8($nptr,$num),%rcx	# end of n[]
+	#lea	48+8(%rsp,$num,2),$tptr	# end of t[] buffer
+	mov	%rcx, 0+8(%rsp)		# save end of n[]
+	mov	$tptr,8+8(%rsp)		# save end of t[]
+
+	lea	48+8(%rsp),$tptr		# initial t[] window
+	jmp	.Lsqrx8x_reduction_loop
+
+.align	32
+.Lsqrx8x_reduction_loop:
+	mov	8*1($tptr),%r9
+	mov	8*2($tptr),%r10
+	mov	8*3($tptr),%r11
+	mov	8*4($tptr),%r12
+	mov	%rdx,%r8
+	imulq	%rbx,%rdx		# n0*a[i]
+	mov	8*5($tptr),%r13
+	mov	8*6($tptr),%r14
+	mov	8*7($tptr),%r15
+	mov	%rax,24+8(%rsp)		# store top-most carry bit
+
+	lea	8*8($tptr),$tptr
+	xor	$carry,$carry		# cf=0,of=0
+	mov	\$-8,%rcx
+	jmp	.Lsqrx8x_reduce
+
+.align	32
+.Lsqrx8x_reduce:
+	mov	%r8, %rbx
+	mulx	8*0($nptr),%rax,%r8	# n[0]
+	adcx	%rbx,%rax		# discarded
+	adox	%r9,%r8
+
+	mulx	8*1($nptr),%rbx,%r9	# n[1]
+	adcx	%rbx,%r8
+	adox	%r10,%r9
+
+	mulx	8*2($nptr),%rbx,%r10
+	adcx	%rbx,%r9
+	adox	%r11,%r10
+
+	mulx	8*3($nptr),%rbx,%r11
+	adcx	%rbx,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	8*4($nptr),%rbx,%r12
+	 mov	%rdx,%rax
+	 mov	%r8,%rdx
+	adcx	%rbx,%r11
+	adox	%r13,%r12
+
+	 mulx	32+8(%rsp),%rbx,%rdx	# %rdx discarded
+	 mov	%rax,%rdx
+	 mov	%rax,64+48+8(%rsp,%rcx,8)	# put aside n0*a[i]
+
+	mulx	8*5($nptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	8*6($nptr),%rax,%r14
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	mulx	8*7($nptr),%rax,%r15
+	 mov	%rbx,%rdx
+	adcx	%rax,%r14
+	adox	$carry,%r15		# $carry is 0
+	adcx	$carry,%r15		# cf=0
+
+	.byte	0x67,0x67,0x67
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_reduce
+
+	mov	$carry,%rax		# xor	%rax,%rax
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.Lsqrx8x_no_tail
+
+	mov	48+8(%rsp),%rdx		# pull n0*a[0]
+	add	8*0($tptr),%r8
+	lea	8*8($nptr),$nptr
+	mov	\$-8,%rcx
+	adcx	8*1($tptr),%r9
+	adcx	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	lea	8*8($tptr),$tptr
+	sbb	%rax,%rax		# top carry
+
+	xor	$carry,$carry		# of=0, cf=0
+	mov	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail:
+	mov	%r8,%rbx
+	mulx	8*0($nptr),%rax,%r8
+	adcx	%rax,%rbx
+	adox	%r9,%r8
+
+	mulx	8*1($nptr),%rax,%r9
+	adcx	%rax,%r8
+	adox	%r10,%r9
+
+	mulx	8*2($nptr),%rax,%r10
+	adcx	%rax,%r9
+	adox	%r11,%r10
+
+	mulx	8*3($nptr),%rax,%r11
+	adcx	%rax,%r10
+	adox	%r12,%r11
+
+	.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00	# mulx	8*4($nptr),%rax,%r12
+	adcx	%rax,%r11
+	adox	%r13,%r12
+
+	mulx	8*5($nptr),%rax,%r13
+	adcx	%rax,%r12
+	adox	%r14,%r13
+
+	mulx	8*6($nptr),%rax,%r14
+	adcx	%rax,%r13
+	adox	%r15,%r14
+
+	mulx	8*7($nptr),%rax,%r15
+	 mov	72+48+8(%rsp,%rcx,8),%rdx	# pull n0*a[i]
+	adcx	%rax,%r14
+	adox	$carry,%r15
+	 mov	%rbx,($tptr,%rcx,8)	# save result
+	 mov	%r8,%rbx
+	adcx	$carry,%r15		# cf=0
+
+	inc	%rcx			# of=0
+	jnz	.Lsqrx8x_tail
+
+	cmp	0+8(%rsp),$nptr		# end of n[]?
+	jae	.Lsqrx8x_tail_done	# break out of loop
+
+	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
+	 mov	48+8(%rsp),%rdx		# pull n0*a[0]
+	 lea	8*8($nptr),$nptr
+	adc	8*0($tptr),%r8
+	adc	8*1($tptr),%r9
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	lea	8*8($tptr),$tptr
+	sbb	%rax,%rax
+	sub	\$8,%rcx		# mov	\$-8,%rcx
+
+	xor	$carry,$carry		# of=0, cf=0
+	mov	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail_done:
+	xor	%rax,%rax
+	add	24+8(%rsp),%r8		# can this overflow?
+	adc	\$0,%r9
+	adc	\$0,%r10
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
+	adc	\$0,%rax
+
+	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
+.Lsqrx8x_no_tail:			# %cf is 0 if jumped here
+	adc	8*0($tptr),%r8
+	 movq	%xmm3,%rcx
+	adc	8*1($tptr),%r9
+	 mov	8*7($nptr),$carry
+	 movq	%xmm2,$nptr		# restore $nptr
+	adc	8*2($tptr),%r10
+	adc	8*3($tptr),%r11
+	adc	8*4($tptr),%r12
+	adc	8*5($tptr),%r13
+	adc	8*6($tptr),%r14
+	adc	8*7($tptr),%r15
+	adc	\$0,%rax		# top-most carry
+
+	mov	32+8(%rsp),%rbx		# n0
+	mov	8*8($tptr,%rcx),%rdx	# modulo-scheduled "%r8"
+
+	mov	%r8,8*0($tptr)		# store top 512 bits
+	 lea	8*8($tptr),%r8		# borrow %r8
+	mov	%r9,8*1($tptr)
+	mov	%r10,8*2($tptr)
+	mov	%r11,8*3($tptr)
+	mov	%r12,8*4($tptr)
+	mov	%r13,8*5($tptr)
+	mov	%r14,8*6($tptr)
+	mov	%r15,8*7($tptr)
+
+	lea	8*8($tptr,%rcx),$tptr	# start of current t[] window
+	cmp	8+8(%rsp),%r8		# end of t[]?
+	jb	.Lsqrx8x_reduction_loop
+	ret
+.size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
+___
+}
+##############################################################
+# Post-condition, 4x unrolled
+#
+{
+my ($rptr,$nptr)=("%rdx","%rbp");
+$code.=<<___;
+.align	32
+__bn_postx4x_internal:
+	mov	8*0($nptr),%r12
+	mov	%rcx,%r10		# -$num
+	mov	%rcx,%r9		# -$num
+	neg	%rax
+	sar	\$3+2,%rcx
+	#lea	48+8(%rsp,%r9),$tptr
+	movq	%xmm1,$rptr		# restore $rptr
+	movq	%xmm1,$aptr		# prepare for back-to-back call
+	dec	%r12			# so that after 'not' we get -n[0]
+	mov	8*1($nptr),%r13
+	xor	%r8,%r8
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+	jmp	.Lsqrx4x_sub_entry
+
+.align	16
+.Lsqrx4x_sub:
+	mov	8*0($nptr),%r12
+	mov	8*1($nptr),%r13
+	mov	8*2($nptr),%r14
+	mov	8*3($nptr),%r15
+.Lsqrx4x_sub_entry:
+	andn	%rax,%r12,%r12
+	lea	8*4($nptr),$nptr
+	andn	%rax,%r13,%r13
+	andn	%rax,%r14,%r14
+	andn	%rax,%r15,%r15
+
+	neg	%r8			# mov %r8,%cf
+	adc	8*0($tptr),%r12
+	adc	8*1($tptr),%r13
+	adc	8*2($tptr),%r14
+	adc	8*3($tptr),%r15
+	mov	%r12,8*0($rptr)
+	lea	8*4($tptr),$tptr
+	mov	%r13,8*1($rptr)
+	sbb	%r8,%r8			# mov %cf,%r8
+	mov	%r14,8*2($rptr)
+	mov	%r15,8*3($rptr)
+	lea	8*4($rptr),$rptr
+
+	inc	%rcx
+	jnz	.Lsqrx4x_sub
+
+	neg	%r9			# restore $num
+
+	ret
+.size	__bn_postx4x_internal,.-__bn_postx4x_internal
+___
+}
+}}}
+{
+my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%edx","%r8", "%r9d") : # Win64 order
+				("%rdi","%esi","%rdx","%ecx");  # Unix order
+my $out=$inp;
+my $STRIDE=2**5*8;
+my $N=$STRIDE/4;
+
+$code.=<<___;
+.globl	bn_get_bits5
+.type	bn_get_bits5,\@abi-omnipotent
+.align	16
+bn_get_bits5:
+	lea	0($inp),%r10
+	lea	1($inp),%r11
+	mov	$num,%ecx
+	shr	\$4,$num
+	and	\$15,%ecx
+	lea	-8(%ecx),%eax
+	cmp	\$11,%ecx
+	cmova	%r11,%r10
+	cmova	%eax,%ecx
+	movzw	(%r10,$num,2),%eax
+	shrl	%cl,%eax
+	and	\$31,%eax
+	ret
+.size	bn_get_bits5,.-bn_get_bits5
+
+.globl	bn_scatter5
+.type	bn_scatter5,\@abi-omnipotent
+.align	16
+bn_scatter5:
+	cmp	\$0, $num
+	jz	.Lscatter_epilogue
+	lea	($tbl,$idx,8),$tbl
+.Lscatter:
+	mov	($inp),%rax
+	lea	8($inp),$inp
+	mov	%rax,($tbl)
+	lea	32*8($tbl),$tbl
+	sub	\$1,$num
+	jnz	.Lscatter
+.Lscatter_epilogue:
+	ret
+.size	bn_scatter5,.-bn_scatter5
+
+.globl	bn_gather5
+.type	bn_gather5,\@abi-omnipotent
+.align	32
+bn_gather5:
+.LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x4c,0x8d,0x14,0x24			#lea    (%rsp),%r10
+	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	#sub	$0x108,%rsp
+	lea	.Linc(%rip),%rax
+	and	\$-16,%rsp		# shouldn't be formally required
+
+	movd	$idx,%xmm5
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	128($tbl),%r11		# size optimization
+	lea	128(%rsp),%rax		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast $idx
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to $idx and save result to stack
+#
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+___
+$code.=<<___	if ($i);
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+___
+$code.=<<___;
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)-128`(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)-128`(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)-128`(%rax)
+	movdqa	%xmm4,%xmm2
+___
+}
+$code.=<<___;
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+	jmp	.Lgather
+
+.align	32
+.Lgather:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`(%r11),%xmm0
+	movdqa	`16*($i+1)-128`(%r11),%xmm1
+	movdqa	`16*($i+2)-128`(%r11),%xmm2
+	pand	`16*($i+0)-128`(%rax),%xmm0
+	movdqa	`16*($i+3)-128`(%r11),%xmm3
+	pand	`16*($i+1)-128`(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)-128`(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)-128`(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	lea	$STRIDE(%r11),%r11
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	movq	%xmm0,($out)		# m0=bp[0]
+	lea	8($out),$out
+	sub	\$1,$num
+	jnz	.Lgather
+
+	lea	(%r10),%rsp
+	ret
+.LSEH_end_bn_gather5:
+.size	bn_gather5,.-bn_gather5
+___
+}
+$code.=<<___;
+.align	64
+.Linc:
+	.long	0,0, 1,1
+	.long	2,2, 2,2
+.asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jb	.Lcommon_pop_regs
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	lea	.Lmul_epilogue(%rip),%r10
+	cmp	%r10,%rbx
+	ja	.Lbody_40
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+
+	jmp	.Lcommon_pop_regs
+
+.Lbody_40:
+	mov	40(%rax),%rax		# pull saved stack pointer
+.Lcommon_pop_regs:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	mul_handler,.-mul_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont_gather5
+	.rva	.LSEH_end_bn_mul_mont_gather5
+	.rva	.LSEH_info_bn_mul_mont_gather5
+
+	.rva	.LSEH_begin_bn_mul4x_mont_gather5
+	.rva	.LSEH_end_bn_mul4x_mont_gather5
+	.rva	.LSEH_info_bn_mul4x_mont_gather5
+
+	.rva	.LSEH_begin_bn_power5
+	.rva	.LSEH_end_bn_power5
+	.rva	.LSEH_info_bn_power5
+
+	.rva	.LSEH_begin_bn_from_mont8x
+	.rva	.LSEH_end_bn_from_mont8x
+	.rva	.LSEH_info_bn_from_mont8x
+___
+$code.=<<___ if ($addx);
+	.rva	.LSEH_begin_bn_mulx4x_mont_gather5
+	.rva	.LSEH_end_bn_mulx4x_mont_gather5
+	.rva	.LSEH_info_bn_mulx4x_mont_gather5
+
+	.rva	.LSEH_begin_bn_powerx5
+	.rva	.LSEH_end_bn_powerx5
+	.rva	.LSEH_info_bn_powerx5
+___
+$code.=<<___;
+	.rva	.LSEH_begin_bn_gather5
+	.rva	.LSEH_end_bn_gather5
+	.rva	.LSEH_info_bn_gather5
+
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_body,.Lmul_body,.Lmul_epilogue		# HandlerData[]
+.align	8
+.LSEH_info_bn_mul4x_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_prologue,.Lmul4x_body,.Lmul4x_epilogue		# HandlerData[]
+.align	8
+.LSEH_info_bn_power5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue	# HandlerData[]
+.align	8
+.LSEH_info_bn_from_mont8x:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue		# HandlerData[]
+___
+$code.=<<___ if ($addx);
+.align	8
+.LSEH_info_bn_mulx4x_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue	# HandlerData[]
+.align	8
+.LSEH_info_bn_powerx5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue	# HandlerData[]
+___
+$code.=<<___;
+.align	8
+.LSEH_info_bn_gather5:
+	.byte	0x01,0x0b,0x03,0x0a
+	.byte	0x0b,0x01,0x21,0x00	# sub	rsp,0x108
+	.byte	0x04,0xa3,0x00,0x00	# lea	r10,(rsp)
+.align	8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/bn/bn_add.c b/openssl-1.1.0h/crypto/bn/bn_add.c
new file mode 100644
index 0000000..7cdefa7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_add.c
@@ -0,0 +1,209 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int a_neg = a->neg, ret;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    /*-
+     *  a +  b      a+b
+     *  a + -b      a-b
+     * -a +  b      b-a
+     * -a + -b      -(a+b)
+     */
+    if (a_neg ^ b->neg) {
+        /* only one is negative */
+        if (a_neg) {
+            const BIGNUM *tmp;
+
+            tmp = a;
+            a = b;
+            b = tmp;
+        }
+
+        /* we are now a - b */
+
+        if (BN_ucmp(a, b) < 0) {
+            if (!BN_usub(r, b, a))
+                return 0;
+            r->neg = 1;
+        } else {
+            if (!BN_usub(r, a, b))
+                return 0;
+            r->neg = 0;
+        }
+        return 1;
+    }
+
+    ret = BN_uadd(r, a, b);
+    r->neg = a_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* unsigned add of b to a */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    const BN_ULONG *ap, *bp;
+    BN_ULONG *rp, carry, t1, t2;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        const BIGNUM *tmp;
+
+        tmp = a;
+        a = b;
+        b = tmp;
+    }
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (bn_wexpand(r, max + 1) == NULL)
+        return 0;
+
+    r->top = max;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    carry = bn_add_words(rp, ap, bp, min);
+    rp += min;
+    ap += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 + carry) & BN_MASK2;
+        *(rp++) = t2;
+        carry &= (t2 == 0);
+    }
+    *rp = carry;
+    r->top += carry;
+
+    r->neg = 0;
+    bn_check_top(r);
+    return 1;
+}
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    BN_ULONG t1, t2, borrow, *rp;
+    const BN_ULONG *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (dif < 0) {              /* hmm... should not be happening */
+        BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+        return 0;
+    }
+
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    borrow = bn_sub_words(rp, ap, bp, min);
+    ap += min;
+    rp += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 - borrow) & BN_MASK2;
+        *(rp++) = t2;
+        borrow &= (t1 == 0);
+    }
+
+    while (max && *--rp == 0)
+        max--;
+
+    r->top = max;
+    r->neg = 0;
+    bn_pollute(r);
+
+    return 1;
+}
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max;
+    int add = 0, neg = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    /*-
+     *  a -  b      a-b
+     *  a - -b      a+b
+     * -a -  b      -(a+b)
+     * -a - -b      b-a
+     */
+    if (a->neg) {
+        if (b->neg) {
+            const BIGNUM *tmp;
+
+            tmp = a;
+            a = b;
+            b = tmp;
+        } else {
+            add = 1;
+            neg = 1;
+        }
+    } else {
+        if (b->neg) {
+            add = 1;
+            neg = 0;
+        }
+    }
+
+    if (add) {
+        if (!BN_uadd(r, a, b))
+            return 0;
+        r->neg = neg;
+        return 1;
+    }
+
+    /* We are actually doing a - b :-) */
+
+    max = (a->top > b->top) ? a->top : b->top;
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+    if (BN_ucmp(a, b) < 0) {
+        if (!BN_usub(r, b, a))
+            return 0;
+        r->neg = 1;
+    } else {
+        if (!BN_usub(r, a, b))
+            return 0;
+        r->neg = 0;
+    }
+    bn_check_top(r);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_asm.c b/openssl-1.1.0h/crypto/bn/bn_asm.c
new file mode 100644
index 0000000..39c6c21
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_asm.c
@@ -0,0 +1,1039 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (c1);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+
+    return (c1);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (c1);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+    return (c1);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#else                           /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return ((BN_ULONG)0);
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        mul_add(rp[1], ap[1], bl, bh, c);
+        mul_add(rp[2], ap[2], bl, bh, c);
+        mul_add(rp[3], ap[3], bl, bh, c);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        ap++;
+        rp++;
+        num--;
+    }
+    return (c);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG carry = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return ((BN_ULONG)0);
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        mul(rp[1], ap[1], bl, bh, carry);
+        mul(rp[2], ap[2], bl, bh, carry);
+        mul(rp[3], ap[3], bl, bh, carry);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        ap++;
+        rp++;
+        num--;
+    }
+    return (carry);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr64(r[0], r[1], a[0]);
+        sqr64(r[2], r[3], a[1]);
+        sqr64(r[4], r[5], a[2]);
+        sqr64(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr64(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#endif                          /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+}
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+    int i, count = 2;
+
+    if (d == 0)
+        return (BN_MASK2);
+
+    i = BN_num_bits_word(d);
+    assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+    i = BN_BITS2 - i;
+    if (h >= d)
+        h -= d;
+
+    if (i) {
+        d <<= i;
+        h = (h << i) | (l >> (BN_BITS2 - i));
+        l <<= i;
+    }
+    dh = (d & BN_MASK2h) >> BN_BITS4;
+    dl = (d & BN_MASK2l);
+    for (;;) {
+        if ((h >> BN_BITS4) == dh)
+            q = BN_MASK2l;
+        else
+            q = h / dh;
+
+        th = q * dh;
+        tl = dl * q;
+        for (;;) {
+            t = h - th;
+            if ((t & BN_MASK2h) ||
+                ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+                break;
+            q--;
+            th -= dh;
+            tl -= dl;
+        }
+        t = (tl >> BN_BITS4);
+        tl = (tl << BN_BITS4) & BN_MASK2h;
+        th += t;
+
+        if (l < tl)
+            th++;
+        l -= tl;
+        if (h < th) {
+            h += d;
+            q--;
+        }
+        h -= th;
+
+        if (--count == 0)
+            break;
+
+        ret = q << BN_BITS4;
+        h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+        l = (l & BN_MASK2l) << BN_BITS4;
+    }
+    ret |= q;
+    return (ret);
+}
+#endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULLONG ll = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[1] + b[1];
+        r[1] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[2] + b[2];
+        r[2] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[3] + b[3];
+        r[3] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return ((BN_ULONG)ll);
+}
+#else                           /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG c, l, t;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+    c = 0;
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        t = a[1];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[1]) & BN_MASK2;
+        c += (l < t);
+        r[1] = l;
+        t = a[2];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[2]) & BN_MASK2;
+        c += (l < t);
+        r[2] = l;
+        t = a[3];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[3]) & BN_MASK2;
+        c += (l < t);
+        r[3] = l;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return ((BN_ULONG)c);
+}
+#endif                          /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+#endif
+    while (n) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return (c);
+}
+
+#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
+
+# undef bn_mul_comba8
+# undef bn_mul_comba4
+# undef bn_sqr_comba8
+# undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+# ifdef BN_LLONG
+/*
+ * Keep in mind that additions to multiplication result can not
+ * overflow, because its high half cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        BN_ULLONG tt = t+c0;    /* no carry */  \
+        c0 = (BN_ULONG)Lw(tt);                  \
+        hi = (BN_ULONG)Hw(tt);                  \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)a[i]*a[i];     \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_LOHI)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)    \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_HIGH)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b), tt;        \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; tt = hi + ((c0<lo)?1:0);      \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo = ta * ta;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,ta);     \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# else                          /* !BN_LLONG */
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG tt;                            \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        tt = hi;                                \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
+        c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG lo, hi;                        \
+        sqr64(lo,hi,(a)[i]);                    \
+        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+# endif                         /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+/*
+ * This is essentially reference implementation, which may or may not
+ * result in performance improvement. E.g. on IA-32 this routine was
+ * observed to give 40% faster rsa1024 private key operations and 10%
+ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
+ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
+ * reference implementation, one to be used as starting point for
+ * platform-specific assembler. Mentioned numbers apply to compiler
+ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
+ * can vary not only from platform to platform, but even for compiler
+ * versions. Assembler vs. assembler improvement coefficients can
+ * [and are known to] differ and are to be documented elsewhere.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, ml, *tp, n0;
+#   ifdef mul64
+    BN_ULONG mh;
+#   endif
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+#   if 0                        /* template for platform-specific
+                                 * implementation */
+    if (ap == bp)
+        return bn_sqr_mont(rp, ap, np, n0p, num);
+#   endif
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    n0 = *n0p;
+
+    c0 = 0;
+    ml = bp[0];
+#   ifdef mul64
+    mh = HBITS(ml);
+    ml = LBITS(ml);
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, mh, c0);
+#   else
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, c0);
+#   endif
+
+    tp[num] = c0;
+    tp[num + 1] = 0;
+    goto enter;
+
+    for (i = 0; i < num; i++) {
+        c0 = 0;
+        ml = bp[i];
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, mh, c0);
+#   else
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, c0);
+#   endif
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+ enter:
+        c1 = tp[0];
+        ml = (c1 * n0) & BN_MASK2;
+        c0 = 0;
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        mul_add(c1, np[0], ml, mh, c0);
+#   else
+        mul_add(c1, ml, np[0], c0);
+#   endif
+        for (j = 1; j < num; j++) {
+            c1 = tp[j];
+#   ifdef mul64
+            mul_add(c1, np[j], ml, mh, c0);
+#   else
+            mul_add(c1, ml, np[j], c0);
+#   endif
+            tp[j - 1] = c1 & BN_MASK2;
+        }
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num - 1] = c1;
+        tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+/*
+ * Return value of 0 indicates that multiplication/convolution was not
+ * performed to signal the caller to fall down to alternative/original
+ * code-path.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#else                           /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+# undef bn_sqr_comba4
+# undef bn_sqr_comba8
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[8];
+    bn_sqr_normal(r, a, 4, t);
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[16];
+    bn_sqr_normal(r, a, 8, t);
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+    r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+    r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+    r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+    r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+    r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+    r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+    r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+    r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+    r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+    r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, *tp, n0 = *n0p;
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    for (i = 0; i <= num; i++)
+        tp[i] = 0;
+
+    for (i = 0; i < num; i++) {
+        c0 = bn_mul_add_words(tp, ap, num, bp[i]);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+
+        c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] += (c1 < c0 ? 1 : 0);
+        for (j = 0; j <= num; j++)
+            tp[j] = tp[j + 1];
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#endif                          /* !BN_MUL_COMBA */
diff --git a/openssl-1.1.0h/crypto/bn/bn_blind.c b/openssl-1.1.0h/crypto/bn/bn_blind.c
new file mode 100644
index 0000000..24d1383
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_blind.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define BN_BLINDING_COUNTER     32
+
+struct bn_blinding_st {
+    BIGNUM *A;
+    BIGNUM *Ai;
+    BIGNUM *e;
+    BIGNUM *mod;                /* just a reference */
+    CRYPTO_THREAD_ID tid;
+    int counter;
+    unsigned long flags;
+    BN_MONT_CTX *m_ctx;
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    CRYPTO_RWLOCK *lock;
+};
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+    BN_BLINDING *ret = NULL;
+
+    bn_check_top(mod);
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+    if (A != NULL) {
+        if ((ret->A = BN_dup(A)) == NULL)
+            goto err;
+    }
+
+    if (Ai != NULL) {
+        if ((ret->Ai = BN_dup(Ai)) == NULL)
+            goto err;
+    }
+
+    /* save a copy of mod in the BN_BLINDING structure */
+    if ((ret->mod = BN_dup(mod)) == NULL)
+        goto err;
+
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+    /*
+     * Set the counter to the special value -1 to indicate that this is
+     * never-used fresh blinding that does not need updating before first
+     * use.
+     */
+    ret->counter = -1;
+
+    return ret;
+
+ err:
+    BN_BLINDING_free(ret);
+    return NULL;
+}
+
+void BN_BLINDING_free(BN_BLINDING *r)
+{
+    if (r == NULL)
+        return;
+
+    BN_free(r->A);
+    BN_free(r->Ai);
+    BN_free(r->e);
+    BN_free(r->mod);
+    CRYPTO_THREAD_lock_free(r->lock);
+    OPENSSL_free(r);
+}
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+        goto err;
+    }
+
+    if (b->counter == -1)
+        b->counter = 0;
+
+    if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+        !(b->flags & BN_BLINDING_NO_RECREATE)) {
+        /* re-create blinding parameters */
+        if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+            goto err;
+    } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+        if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+            goto err;
+        if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
+            goto err;
+    }
+
+    ret = 1;
+ err:
+    if (b->counter == BN_BLINDING_COUNTER)
+        b->counter = 0;
+    return (ret);
+}
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 1;
+
+    bn_check_top(n);
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+        return (0);
+    }
+
+    if (b->counter == -1)
+        /* Fresh blinding, doesn't need updating. */
+        b->counter = 0;
+    else if (!BN_BLINDING_update(b, ctx))
+        return (0);
+
+    if (r != NULL) {
+        if (!BN_copy(r, b->Ai))
+            ret = 0;
+    }
+
+    if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
+        ret = 0;
+
+    return ret;
+}
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(n);
+
+    if (r != NULL)
+        ret = BN_mod_mul(n, n, r, b->mod, ctx);
+    else {
+        if (b->Ai == NULL) {
+            BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+            return (0);
+        }
+        ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+    }
+
+    bn_check_top(n);
+    return (ret);
+}
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid);
+}
+
+void BN_BLINDING_set_current_thread(BN_BLINDING *b)
+{
+    b->tid = CRYPTO_THREAD_get_current_id();
+}
+
+int BN_BLINDING_lock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_write_lock(b->lock);
+}
+
+int BN_BLINDING_unlock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_unlock(b->lock);
+}
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
+    return b->flags;
+}
+
+void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
+    b->flags = flags;
+}
+
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx)
+{
+    int retry_counter = 32;
+    BN_BLINDING *ret = NULL;
+
+    if (b == NULL)
+        ret = BN_BLINDING_new(NULL, NULL, m);
+    else
+        ret = b;
+
+    if (ret == NULL)
+        goto err;
+
+    if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+        goto err;
+    if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+        goto err;
+
+    if (e != NULL) {
+        BN_free(ret->e);
+        ret->e = BN_dup(e);
+    }
+    if (ret->e == NULL)
+        goto err;
+
+    if (bn_mod_exp != NULL)
+        ret->bn_mod_exp = bn_mod_exp;
+    if (m_ctx != NULL)
+        ret->m_ctx = m_ctx;
+
+    do {
+        int rv;
+        if (!BN_rand_range(ret->A, ret->mod))
+            goto err;
+        if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) {
+            /*
+             * this should almost never happen for good RSA keys
+             */
+            if (rv) {
+                if (retry_counter-- == 0) {
+                    BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
+                          BN_R_TOO_MANY_ITERATIONS);
+                    goto err;
+                }
+            } else
+                goto err;
+        } else
+            break;
+    } while (1);
+
+    if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+        if (!ret->bn_mod_exp
+            (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+            goto err;
+    } else {
+        if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+            goto err;
+    }
+
+    return ret;
+ err:
+    if (b == NULL) {
+        BN_BLINDING_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_const.c b/openssl-1.1.0h/crypto/bn/bn_const.c
new file mode 100644
index 0000000..39dd612
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_const.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_768[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
+
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_1024[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
+
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_1536[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
+
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_2048[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
+
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_3072[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
+
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_4096[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
+
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_6144[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
+
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_8192[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
+        0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+        0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
+        0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
+        0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+        0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
+        0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
+        0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+        0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
+        0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
+        0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+        0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
+        0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
+        0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+        0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
+        0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
+        0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+        0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
+        0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
+        0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+        0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
+        0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
+        0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+        0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
+        0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
+        0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+        0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
+        0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
+        0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+        0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
+        0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
+        0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+        0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_ctx.c b/openssl-1.1.0h/crypto/bn/bn_ctx.c
new file mode 100644
index 0000000..68c0468
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_ctx.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*-
+ * TODO list
+ *
+ * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
+ * check they can be safely removed.
+ *  - Check +1 and other ugliness in BN_from_montgomery()
+ *
+ * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
+ * appropriate 'block' size that will be honoured by bn_expand_internal() to
+ * prevent piddly little reallocations. OTOH, profiling bignum expansions in
+ * BN_CTX doesn't show this to be a big issue.
+ */
+
+/* How many bignums are in each "pool item"; */
+#define BN_CTX_POOL_SIZE        16
+/* The stack frame info is resizing, set a first-time expansion size; */
+#define BN_CTX_START_FRAMES     32
+
+/***********/
+/* BN_POOL */
+/***********/
+
+/* A bundle of bignums that can be linked with other bundles */
+typedef struct bignum_pool_item {
+    /* The bignum values */
+    BIGNUM vals[BN_CTX_POOL_SIZE];
+    /* Linked-list admin */
+    struct bignum_pool_item *prev, *next;
+} BN_POOL_ITEM;
+/* A linked-list of bignums grouped in bundles */
+typedef struct bignum_pool {
+    /* Linked-list admin */
+    BN_POOL_ITEM *head, *current, *tail;
+    /* Stack depth and allocation size */
+    unsigned used, size;
+} BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
+static BIGNUM *BN_POOL_get(BN_POOL *, int);
+static void BN_POOL_release(BN_POOL *, unsigned int);
+
+/************/
+/* BN_STACK */
+/************/
+
+/* A wrapper to manage the "stack frames" */
+typedef struct bignum_ctx_stack {
+    /* Array of indexes into the bignum stack */
+    unsigned int *indexes;
+    /* Number of stack frames, and the size of the allocated array */
+    unsigned int depth, size;
+} BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
+
+/**********/
+/* BN_CTX */
+/**********/
+
+/* The opaque BN_CTX type */
+struct bignum_ctx {
+    /* The bignum bundles */
+    BN_POOL pool;
+    /* The "stack frames", if you will */
+    BN_STACK stack;
+    /* The number of bignums currently assigned */
+    unsigned int used;
+    /* Depth of stack overflow */
+    int err_stack;
+    /* Block "gets" until an "end" (compatibility behaviour) */
+    int too_many;
+    /* Flags. */
+    int flags;
+};
+
+/* Enable this to find BN_CTX bugs */
+#ifdef BN_CTX_DEBUG
+static const char *ctxdbg_cur = NULL;
+static void ctxdbg(BN_CTX *ctx)
+{
+    unsigned int bnidx = 0, fpidx = 0;
+    BN_POOL_ITEM *item = ctx->pool.head;
+    BN_STACK *stack = &ctx->stack;
+    fprintf(stderr, "(%16p): ", ctx);
+    while (bnidx < ctx->used) {
+        fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+        if (!(bnidx % BN_CTX_POOL_SIZE))
+            item = item->next;
+    }
+    fprintf(stderr, "\n");
+    bnidx = 0;
+    fprintf(stderr, "          : ");
+    while (fpidx < stack->depth) {
+        while (bnidx++ < stack->indexes[fpidx])
+            fprintf(stderr, "    ");
+        fprintf(stderr, "^^^ ");
+        bnidx++;
+        fpidx++;
+    }
+    fprintf(stderr, "\n");
+}
+
+# define CTXDBG_ENTRY(str, ctx)  do { \
+                                ctxdbg_cur = (str); \
+                                fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_EXIT(ctx)        do { \
+                                fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_RET(ctx,ret)
+#else
+# define CTXDBG_ENTRY(str, ctx)
+# define CTXDBG_EXIT(ctx)
+# define CTXDBG_RET(ctx,ret)
+#endif
+
+
+BN_CTX *BN_CTX_new(void)
+{
+    BN_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* Initialise the structure */
+    BN_POOL_init(&ret->pool);
+    BN_STACK_init(&ret->stack);
+    return ret;
+}
+
+BN_CTX *BN_CTX_secure_new(void)
+{
+    BN_CTX *ret = BN_CTX_new();
+
+    if (ret != NULL)
+        ret->flags = BN_FLG_SECURE;
+    return ret;
+}
+
+void BN_CTX_free(BN_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+#ifdef BN_CTX_DEBUG
+    {
+        BN_POOL_ITEM *pool = ctx->pool.head;
+        fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+                ctx->stack.size, ctx->pool.size);
+        fprintf(stderr, "dmaxs: ");
+        while (pool) {
+            unsigned loop = 0;
+            while (loop < BN_CTX_POOL_SIZE)
+                fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+            pool = pool->next;
+        }
+        fprintf(stderr, "\n");
+    }
+#endif
+    BN_STACK_finish(&ctx->stack);
+    BN_POOL_finish(&ctx->pool);
+    OPENSSL_free(ctx);
+}
+
+void BN_CTX_start(BN_CTX *ctx)
+{
+    CTXDBG_ENTRY("BN_CTX_start", ctx);
+    /* If we're already overflowing ... */
+    if (ctx->err_stack || ctx->too_many)
+        ctx->err_stack++;
+    /* (Try to) get a new frame pointer */
+    else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+        BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        ctx->err_stack++;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+void BN_CTX_end(BN_CTX *ctx)
+{
+    CTXDBG_ENTRY("BN_CTX_end", ctx);
+    if (ctx->err_stack)
+        ctx->err_stack--;
+    else {
+        unsigned int fp = BN_STACK_pop(&ctx->stack);
+        /* Does this stack frame have anything to release? */
+        if (fp < ctx->used)
+            BN_POOL_release(&ctx->pool, ctx->used - fp);
+        ctx->used = fp;
+        /* Unjam "too_many" in case "get" had failed */
+        ctx->too_many = 0;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+{
+    BIGNUM *ret;
+
+    CTXDBG_ENTRY("BN_CTX_get", ctx);
+    if (ctx->err_stack || ctx->too_many)
+        return NULL;
+    if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
+        /*
+         * Setting too_many prevents repeated "get" attempts from cluttering
+         * the error stack.
+         */
+        ctx->too_many = 1;
+        BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        return NULL;
+    }
+    /* OK, make sure the returned bignum is "zero" */
+    BN_zero(ret);
+    ctx->used++;
+    CTXDBG_RET(ctx, ret);
+    return ret;
+}
+
+/************/
+/* BN_STACK */
+/************/
+
+static void BN_STACK_init(BN_STACK *st)
+{
+    st->indexes = NULL;
+    st->depth = st->size = 0;
+}
+
+static void BN_STACK_finish(BN_STACK *st)
+{
+    OPENSSL_free(st->indexes);
+    st->indexes = NULL;
+}
+
+
+static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+    if (st->depth == st->size) {
+        /* Need to expand */
+        unsigned int newsize =
+            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
+        unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize);
+        if (newitems == NULL)
+            return 0;
+        if (st->depth)
+            memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
+        OPENSSL_free(st->indexes);
+        st->indexes = newitems;
+        st->size = newsize;
+    }
+    st->indexes[(st->depth)++] = idx;
+    return 1;
+}
+
+static unsigned int BN_STACK_pop(BN_STACK *st)
+{
+    return st->indexes[--(st->depth)];
+}
+
+/***********/
+/* BN_POOL */
+/***********/
+
+static void BN_POOL_init(BN_POOL *p)
+{
+    p->head = p->current = p->tail = NULL;
+    p->used = p->size = 0;
+}
+
+static void BN_POOL_finish(BN_POOL *p)
+{
+    unsigned int loop;
+    BIGNUM *bn;
+
+    while (p->head) {
+        for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
+            if (bn->d)
+                BN_clear_free(bn);
+        p->current = p->head->next;
+        OPENSSL_free(p->head);
+        p->head = p->current;
+    }
+}
+
+
+static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
+{
+    BIGNUM *bn;
+    unsigned int loop;
+
+    /* Full; allocate a new pool item and link it in. */
+    if (p->used == p->size) {
+        BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item));
+        if (item == NULL)
+            return NULL;
+        for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
+            bn_init(bn);
+            if ((flag & BN_FLG_SECURE) != 0)
+                BN_set_flags(bn, BN_FLG_SECURE);
+        }
+        item->prev = p->tail;
+        item->next = NULL;
+
+        if (p->head == NULL)
+            p->head = p->current = p->tail = item;
+        else {
+            p->tail->next = item;
+            p->tail = item;
+            p->current = item;
+        }
+        p->size += BN_CTX_POOL_SIZE;
+        p->used++;
+        /* Return the first bignum from the new pool */
+        return item->vals;
+    }
+
+    if (!p->used)
+        p->current = p->head;
+    else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+        p->current = p->current->next;
+    return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+}
+
+static void BN_POOL_release(BN_POOL *p, unsigned int num)
+{
+    unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
+    p->used -= num;
+    while (num--) {
+        bn_check_top(p->current->vals + offset);
+        if (offset == 0) {
+            offset = BN_CTX_POOL_SIZE - 1;
+            p->current = p->current->prev;
+        } else
+            offset--;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_depr.c b/openssl-1.1.0h/crypto/bn/bn_depr.c
new file mode 100644
index 0000000..7d89214
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_depr.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for deprecated functions goes here - static linkage will only
+ * slurp this code if applications are using them directly.
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include "bn_lcl.h"
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    BIGNUM *rnd = NULL;
+
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+
+    if (ret == NULL) {
+        if ((rnd = BN_new()) == NULL)
+            goto err;
+    } else
+        rnd = ret;
+    if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+        goto err;
+
+    /* we have a prime :-) */
+    return ret;
+ err:
+    BN_free(rnd);
+    return NULL;
+}
+
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback) (int, int, void *), BN_CTX *ctx_passed,
+                void *cb_arg)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+}
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                         void (*callback) (int, int, void *),
+                         BN_CTX *ctx_passed, void *cb_arg,
+                         int do_trial_division)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+                                   do_trial_division, &cb);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_dh.c b/openssl-1.1.0h/crypto/bn/bn_dh.c
new file mode 100644
index 0000000..17d0559
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_dh.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#include "internal/bn_dh.h"
+/* DH parameters from RFC5114 */
+
+# if BN_BITS2 == 64
+static const BN_ULONG dh1024_160_p[] = {
+    0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
+    0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
+    0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
+    0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
+    0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
+    0xB10B8F96A080E01DULL
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
+    0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
+    0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
+    0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
+    0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
+    0xA4D1CBD5C3FD3412ULL
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
+    0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
+    0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
+    0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
+    0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
+    0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
+    0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
+    0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
+    0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
+    0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
+    0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
+    0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
+    0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
+    0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
+    0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
+    0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
+    0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
+    0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
+    0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
+    0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
+    0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
+    0x00000000801C0D34ULL
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
+    0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
+    0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
+    0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
+    0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
+    0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
+    0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
+    0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
+    0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
+    0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
+    0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
+    0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
+    0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
+    0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
+    0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
+    0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
+    0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
+    0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
+    0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
+    0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
+    0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
+    0x8CF83642A709A097ULL
+};
+
+# elif BN_BITS2 == 32
+
+static const BN_ULONG dh1024_160_p[] = {
+    0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
+    0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
+    0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
+    0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
+    0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
+    0xA080E01D, 0xB10B8F96
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
+    0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
+    0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
+    0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
+    0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
+    0xC3FD3412, 0xA4D1CBD5
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
+    0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
+    0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
+    0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
+    0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
+    0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
+    0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
+    0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
+    0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
+    0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
+    0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
+    0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
+    0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
+    0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
+    0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
+    0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
+    0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
+    0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
+    0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
+    0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
+    0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
+    0x801C0D34
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
+    0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
+    0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
+    0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
+    0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
+    0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
+    0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
+    0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
+    0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
+    0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
+    0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
+    0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
+    0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
+    0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
+    0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
+    0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
+    0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
+    0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
+    0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
+    0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
+    0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
+    0xA709A097, 0x8CF83642
+};
+
+# else
+#  error "unsupported BN_BITS2"
+# endif
+
+/* Macro to make a BIGNUM from static data */
+
+# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \
+                       const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
+                        OSSL_NELEM(x),\
+                        OSSL_NELEM(x),\
+                        0, BN_FLG_STATIC_DATA };
+
+
+make_dh_bn(dh1024_160_p)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_g)
+make_dh_bn(dh2048_256_q)
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_div.c b/openssl-1.1.0h/crypto/bn/bn_div.c
new file mode 100644
index 0000000..5e620b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_div.c
@@ -0,0 +1,423 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx)
+{
+    int i, nm, nd;
+    int ret = 0;
+    BIGNUM *D;
+
+    bn_check_top(m);
+    bn_check_top(d);
+    if (BN_is_zero(d)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return (0);
+    }
+
+    if (BN_ucmp(m, d) < 0) {
+        if (rem != NULL) {
+            if (BN_copy(rem, m) == NULL)
+                return (0);
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return (1);
+    }
+
+    BN_CTX_start(ctx);
+    D = BN_CTX_get(ctx);
+    if (dv == NULL)
+        dv = BN_CTX_get(ctx);
+    if (rem == NULL)
+        rem = BN_CTX_get(ctx);
+    if (D == NULL || dv == NULL || rem == NULL)
+        goto end;
+
+    nd = BN_num_bits(d);
+    nm = BN_num_bits(m);
+    if (BN_copy(D, d) == NULL)
+        goto end;
+    if (BN_copy(rem, m) == NULL)
+        goto end;
+
+    /*
+     * The next 2 are needed so we can do a dv->d[0]|=1 later since
+     * BN_lshift1 will only work once there is a value :-)
+     */
+    BN_zero(dv);
+    if (bn_wexpand(dv, 1) == NULL)
+        goto end;
+    dv->top = 1;
+
+    if (!BN_lshift(D, D, nm - nd))
+        goto end;
+    for (i = nm - nd; i >= 0; i--) {
+        if (!BN_lshift1(dv, dv))
+            goto end;
+        if (BN_ucmp(rem, D) >= 0) {
+            dv->d[0] |= 1;
+            if (!BN_usub(rem, rem, D))
+                goto end;
+        }
+/* CAN IMPROVE (and have now :=) */
+        if (!BN_rshift1(D, D))
+            goto end;
+    }
+    rem->neg = BN_is_zero(rem) ? 0 : m->neg;
+    dv->neg = m->neg ^ d->neg;
+    ret = 1;
+ end:
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+#else
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
+#  if defined(__GNUC__) && __GNUC__>=2
+#   if defined(__i386) || defined (__i386__)
+   /*-
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    *
+    *                                   <appro@fy.chalmers.se>
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+   /*
+    * Same story here, but it's 128-bit by 64-bit division. Wow!
+    *                                   <appro@fy.chalmers.se>
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divq   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   endif                       /* __<cpu> */
+#  endif                        /* __GNUC__ */
+# endif                         /* OPENSSL_NO_ASM */
+
+/*-
+ * BN_div computes  dv := num / divisor, rounding towards
+ * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+           BN_CTX *ctx)
+{
+    int norm_shift, i, loop;
+    BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnump;
+    BN_ULONG d0, d1;
+    int num_n, div_n;
+    int no_branch = 0;
+
+    /*
+     * Invalid zero-padding would have particularly bad consequences so don't
+     * just rely on bn_check_top() here (bn_check_top() works only for
+     * BN_DEBUG builds)
+     */
+    if ((num->top > 0 && num->d[num->top - 1] == 0) ||
+        (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) {
+        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    bn_check_top(num);
+    bn_check_top(divisor);
+
+    if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+        no_branch = 1;
+    }
+
+    bn_check_top(dv);
+    bn_check_top(rm);
+    /*- bn_check_top(num); *//*
+     * 'num' has been checked already
+     */
+    /*- bn_check_top(divisor); *//*
+     * 'divisor' has been checked already
+     */
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return (0);
+    }
+
+    if (!no_branch && BN_ucmp(num, divisor) < 0) {
+        if (rm != NULL) {
+            if (BN_copy(rm, num) == NULL)
+                return (0);
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return (1);
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    snum = BN_CTX_get(ctx);
+    sdiv = BN_CTX_get(ctx);
+    if (dv == NULL)
+        res = BN_CTX_get(ctx);
+    else
+        res = dv;
+    if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+        goto err;
+
+    /* First we normalise the numbers */
+    norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+    if (!(BN_lshift(sdiv, divisor, norm_shift)))
+        goto err;
+    sdiv->neg = 0;
+    norm_shift += BN_BITS2;
+    if (!(BN_lshift(snum, num, norm_shift)))
+        goto err;
+    snum->neg = 0;
+
+    if (no_branch) {
+        /*
+         * Since we don't know whether snum is larger than sdiv, we pad snum
+         * with enough zeroes without changing its value.
+         */
+        if (snum->top <= sdiv->top + 1) {
+            if (bn_wexpand(snum, sdiv->top + 2) == NULL)
+                goto err;
+            for (i = snum->top; i < sdiv->top + 2; i++)
+                snum->d[i] = 0;
+            snum->top = sdiv->top + 2;
+        } else {
+            if (bn_wexpand(snum, snum->top + 1) == NULL)
+                goto err;
+            snum->d[snum->top] = 0;
+            snum->top++;
+        }
+    }
+
+    div_n = sdiv->top;
+    num_n = snum->top;
+    loop = num_n - div_n;
+    /*
+     * Lets setup a 'window' into snum This is the part that corresponds to
+     * the current 'area' being divided
+     */
+    wnum.neg = 0;
+    wnum.d = &(snum->d[loop]);
+    wnum.top = div_n;
+    /*
+     * only needed when BN_ucmp messes up the values between top and max
+     */
+    wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+    /* Get the top 2 words of sdiv */
+    /* div_n=sdiv->top; */
+    d0 = sdiv->d[div_n - 1];
+    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+    /* pointer to the 'top' of snum */
+    wnump = &(snum->d[num_n - 1]);
+
+    /* Setup to 'res' */
+    if (!bn_wexpand(res, (loop + 1)))
+        goto err;
+    res->neg = (num->neg ^ divisor->neg);
+    res->top = loop - no_branch;
+    resp = &(res->d[loop - 1]);
+
+    /* space for temp */
+    if (!bn_wexpand(tmp, (div_n + 1)))
+        goto err;
+
+    if (!no_branch) {
+        if (BN_ucmp(&wnum, sdiv) >= 0) {
+            /*
+             * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute)
+             * the const bignum arguments => clean the values between top and
+             * max again
+             */
+            bn_clear_top2max(&wnum);
+            bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
+            *resp = 1;
+        } else
+            res->top--;
+    }
+
+    /* Increase the resp pointer so that we never create an invalid pointer. */
+    resp++;
+
+    /*
+     * if res->top == 0 then clear the neg value otherwise decrease the resp
+     * pointer
+     */
+    if (res->top == 0)
+        res->neg = 0;
+    else
+        resp--;
+
+    for (i = 0; i < loop - 1; i++, wnump--) {
+        BN_ULONG q, l0;
+        /*
+         * the first part of the loop uses the top two words of snum and sdiv
+         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+         */
+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+        BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+        q = bn_div_3_words(wnump, d1, d0);
+# else
+        BN_ULONG n0, n1, rem = 0;
+
+        n0 = wnump[0];
+        n1 = wnump[-1];
+        if (n0 == d0)
+            q = BN_MASK2;
+        else {                  /* n0 < d0 */
+
+#  ifdef BN_LLONG
+            BN_ULLONG t2;
+
+#   if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+            q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+#   else
+            q = bn_div_words(n0, n1, d0);
+#   endif
+
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            /*
+             * rem doesn't have to be BN_ULLONG. The least we
+             * know it's less that d0, isn't it?
+             */
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+            t2 = (BN_ULLONG) d1 *q;
+
+            for (;;) {
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                t2 -= d1;
+            }
+#  else                         /* !BN_LLONG */
+            BN_ULONG t2l, t2h;
+
+            q = bn_div_words(n0, n1, d0);
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+
+#   if defined(BN_UMULT_LOHI)
+            BN_UMULT_LOHI(t2l, t2h, d1, q);
+#   elif defined(BN_UMULT_HIGH)
+            t2l = d1 * q;
+            t2h = BN_UMULT_HIGH(d1, q);
+#   else
+            {
+                BN_ULONG ql, qh;
+                t2l = LBITS(d1);
+                t2h = HBITS(d1);
+                ql = LBITS(q);
+                qh = HBITS(q);
+                mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+            }
+#   endif
+
+            for (;;) {
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                if (t2l < d1)
+                    t2h--;
+                t2l -= d1;
+            }
+#  endif                        /* !BN_LLONG */
+        }
+# endif                         /* !BN_DIV3W */
+
+        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+        tmp->d[div_n] = l0;
+        wnum.d--;
+        /*
+         * ingore top values of the bignums just sub the two BN_ULONG arrays
+         * with bn_sub_words
+         */
+        if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+            /*
+             * Note: As we have considered only the leading two BN_ULONGs in
+             * the calculation of q, sdiv * q might be greater than wnum (but
+             * then (q-1) * sdiv is less or equal than wnum)
+             */
+            q--;
+            if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+                /*
+                 * we can't have an overflow here (assuming that q != 0, but
+                 * if q == 0 then tmp is zero anyway)
+                 */
+                (*wnump)++;
+        }
+        /* store part of the result */
+        resp--;
+        *resp = q;
+    }
+    bn_correct_top(snum);
+    if (rm != NULL) {
+        /*
+         * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+         * will overwrite it.
+         */
+        int neg = num->neg;
+        BN_rshift(rm, snum, norm_shift);
+        if (!BN_is_zero(rm))
+            rm->neg = neg;
+        bn_check_top(rm);
+    }
+    if (no_branch)
+        bn_correct_top(res);
+    BN_CTX_end(ctx);
+    return (1);
+ err:
+    bn_check_top(rm);
+    BN_CTX_end(ctx);
+    return (0);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_err.c b/openssl-1.1.0h/crypto/bn/bn_err.c
new file mode 100644
index 0000000..5fe9db9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_err.c
@@ -0,0 +1,107 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+
+static ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_FUNC(BN_F_BNRAND), "bnrand"},
+    {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+    {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+    {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+    {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+    {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+    {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+    {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+    {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"},
+    {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+    {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+    {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+    {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+    {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+    {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+    {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"},
+    {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"},
+    {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"},
+    {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+    {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+    {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+    {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+    {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+    {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+    {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+    {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+    {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+    {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+    {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
+    {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"},
+    {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
+    {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
+    {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+     "expand on static bignum data"},
+    {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
+    {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
+    {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
+    {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"},
+    {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+     "too many temporary variables"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BN_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BN_str_functs);
+        ERR_load_strings(0, BN_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_exp.c b/openssl-1.1.0h/crypto/bn/bn_exp.c
new file mode 100644
index 0000000..0d2d1ec
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_exp.c
@@ -0,0 +1,1376 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/constant_time_locl.h"
+#include "bn_lcl.h"
+
+#include <stdlib.h>
+#ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+#elif defined(__GNUC__)
+# ifndef alloca
+#  define alloca(s) __builtin_alloca((s))
+# endif
+#elif defined(__sun)
+# include <alloca.h>
+#endif
+
+#include "rsaz_exp.h"
+
+#undef SPARC_T4_MONT
+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
+# include "sparc_arch.h"
+extern unsigned int OPENSSL_sparcv9cap_P[];
+# define SPARC_T4_MONT
+#endif
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE      32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int i, bits, ret = 0;
+    BIGNUM *v, *rr;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == p))
+        rr = BN_CTX_get(ctx);
+    else
+        rr = r;
+    v = BN_CTX_get(ctx);
+    if (rr == NULL || v == NULL)
+        goto err;
+
+    if (BN_copy(v, a) == NULL)
+        goto err;
+    bits = BN_num_bits(p);
+
+    if (BN_is_odd(p)) {
+        if (BN_copy(rr, a) == NULL)
+            goto err;
+    } else {
+        if (!BN_one(rr))
+            goto err;
+    }
+
+    for (i = 1; i < bits; i++) {
+        if (!BN_sqr(v, v, ctx))
+            goto err;
+        if (BN_is_bit_set(p, i)) {
+            if (!BN_mul(rr, rr, v, ctx))
+                goto err;
+        }
+    }
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    /*-
+     * For even modulus  m = 2^k*m_odd, it might make sense to compute
+     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+     * exponentiation for the odd part), using appropriate exponent
+     * reductions, and combine the results using the CRT.
+     *
+     * For now, we use Montgomery only if the modulus is odd; otherwise,
+     * exponentiation using the reciprocal-based quick remaindering
+     * algorithm is used.
+     *
+     * (Timing obtained with expspeed.c [computations  a^p mod m
+     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+     * 4096, 8192 bits], compared to the running time of the
+     * standard algorithm:
+     *
+     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+     *                     55 .. 77 %  [UltraSparc processor, but
+     *                                  debug-solaris-sparcv8-gcc conf.]
+     *
+     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+     *
+     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+     * at 2048 and more bits, but at 512 and 1024 bits, it was
+     * slower even than the standard algorithm!
+     *
+     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+     * should be obtained when the new Montgomery reduction code
+     * has been integrated into OpenSSL.)
+     */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+    /*
+     * I have finally been able to take out this pre-condition of the top bit
+     * being set.  It was caused by an error in BN_div with negatives.  There
+     * was also another problem when for a^b%m a >= m.  eay 07-May-97
+     */
+    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+    if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+        if (a->top == 1 && !a->neg
+            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
+            BN_ULONG A = a->d[0];
+            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+        } else
+# endif
+            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+    } else
+#endif
+#ifdef RECP_MUL_MOD
+    {
+        ret = BN_mod_exp_recp(r, a, p, m, ctx);
+    }
+#else
+    {
+        ret = BN_mod_exp_simple(r, a, p, m, ctx);
+    }
+#endif
+
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_RECP_CTX recp;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    aa = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!aa || !val[0])
+        goto err;
+
+    BN_RECP_CTX_init(&recp);
+    if (m->neg) {
+        /* ignore sign of 'm' */
+        if (!BN_copy(aa, m))
+            goto err;
+        aa->neg = 0;
+        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+            goto err;
+    } else {
+        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+            goto err;
+    }
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_RECP_CTX_free(&recp);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+    }
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !r || !val[0])
+        goto err;
+
+    /*
+     * If this is not done, things will break in the montgomery part
+     */
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_nnmod(val[0], a, m, ctx))
+            goto err;
+        aa = val[0];
+    } else
+        aa = a;
+    if (BN_is_zero(aa)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val[0], aa, mont, ctx))
+        goto err;               /* 1 */
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+#if 1                           /* by Shay Gueron's suggestion */
+    j = m->top;                 /* borrow j */
+    if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        if (bn_wexpand(r, j) == NULL)
+            goto err;
+        /* 2^(top*BN_BITS2) - m */
+        r->d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < j; i++)
+            r->d[i] = (~m->d[i]) & BN_MASK2;
+        r->top = j;
+        /*
+         * Upper words will be zero if the corresponding words of 'm' were
+         * 0xfff[...], so decrement r->top accordingly.
+         */
+        bn_correct_top(r);
+    } else
+#endif
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        j = mont->N.top;        /* borrow j */
+        val[0]->d[0] = 1;       /* borrow val[0] */
+        for (i = 1; i < j; i++)
+            val[0]->d[i] = 0;
+        val[0]->top = j;
+        if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
+
+#if defined(SPARC_T4_MONT)
+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
+{
+    BN_ULONG ret = 0;
+    int wordpos;
+
+    wordpos = bitpos / BN_BITS2;
+    bitpos %= BN_BITS2;
+    if (wordpos >= 0 && wordpos < a->top) {
+        ret = a->d[wordpos] & BN_MASK2;
+        if (bitpos) {
+            ret >>= bitpos;
+            if (++wordpos < a->top)
+                ret |= a->d[wordpos] << (BN_BITS2 - bitpos);
+        }
+    }
+
+    return ret & BN_MASK2;
+}
+#endif
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned.  The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int window)
+{
+    int i, j;
+    int width = 1 << window;
+    BN_ULONG *table = (BN_ULONG *)buf;
+
+    if (top > b->top)
+        top = b->top;           /* this works because 'buf' is explicitly
+                                 * zeroed */
+    for (i = 0, j = idx; i < top; i++, j += width) {
+        table[j] = b->d[i];
+    }
+
+    return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int window)
+{
+    int i, j;
+    int width = 1 << window;
+    /*
+     * We declare table 'volatile' in order to discourage compiler
+     * from reordering loads from the table. Concern is that if
+     * reordered in specific manner loads might give away the
+     * information we are trying to conceal. Some would argue that
+     * compiler can reorder them anyway, but it can as well be
+     * argued that doing so would be violation of standard...
+     */
+    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    if (window <= 3) {
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < width; j++) {
+                acc |= table[j] &
+                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    } else {
+        int xstride = 1 << (window - 2);
+        BN_ULONG y0, y1, y2, y3;
+
+        i = idx >> (window - 2);        /* equivalent of idx / xstride */
+        idx &= xstride - 1;             /* equivalent of idx % xstride */
+
+        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < xstride; j++) {
+                acc |= ( (table[j + 0 * xstride] & y0) |
+                         (table[j + 1 * xstride] & y1) |
+                         (table[j + 2 * xstride] & y2) |
+                         (table[j + 3 * xstride] & y3) )
+                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    }
+
+    b->top = top;
+    bn_correct_top(b);
+    return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    int i, bits, ret = 0, window, wvalue;
+    int top;
+    BN_MONT_CTX *mont = NULL;
+
+    int numPowers;
+    unsigned char *powerbufFree = NULL;
+    int powerbufLen = 0;
+    unsigned char *powerbuf = NULL;
+    BIGNUM tmp, am;
+#if defined(SPARC_T4_MONT)
+    unsigned int t4 = 0;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+
+    top = m->top;
+
+    /*
+     * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
+     * whether the top bits are zero.
+     */
+    bits = p->top * BN_BITS2;
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+
+    /*
+     * Allocate a montgomery context if it was not supplied by the caller. If
+     * this is not done, things will break in the montgomery part.
+     */
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+#ifdef RSAZ_ENABLED
+    /*
+     * If the size of the operands allow it, perform the optimized
+     * RSAZ exponentiation. For further information see
+     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+     */
+    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+        && rsaz_avx2_eligible()) {
+        if (NULL == bn_wexpand(rr, 16))
+            goto err;
+        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                               mont->n0[0]);
+        rr->top = 16;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+        if (NULL == bn_wexpand(rr, 8))
+            goto err;
+        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+        rr->top = 8;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    }
+#endif
+
+    /* Get the window size to use with size of p. */
+    window = BN_window_bits_for_ctime_exponent_size(bits);
+#if defined(SPARC_T4_MONT)
+    if (window >= 5 && (top & 15) == 0 && top <= 64 &&
+        (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
+        (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0]))
+        window = 5;
+    else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window >= 5) {
+        window = 5;             /* ~5% improvement for RSA2048 sign, and even
+                                 * for RSA4096 */
+        /* reserve space for mont->N.d[] copy */
+        powerbufLen += top * sizeof(mont->N.d[0]);
+    }
+#endif
+    (void)0;
+
+    /*
+     * Allocate a buffer large enough to hold all of the pre-computed powers
+     * of am, am itself and tmp.
+     */
+    numPowers = 1 << window;
+    powerbufLen += sizeof(m->d[0]) * (top * numPowers +
+                                      ((2 * top) >
+                                       numPowers ? (2 * top) : numPowers));
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree =
+            alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+    else
+#endif
+        if ((powerbufFree =
+             OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+            == NULL)
+        goto err;
+
+    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+    memset(powerbuf, 0, powerbufLen);
+
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree = NULL;
+#endif
+
+    /* lay down tmp and am right after powers table */
+    tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+    am.d = tmp.d + top;
+    tmp.top = am.top = 0;
+    tmp.dmax = am.dmax = top;
+    tmp.neg = am.neg = 0;
+    tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+    /* prepare a^0 in Montgomery domain */
+#if 1                           /* by Shay Gueron's suggestion */
+    if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        /* 2^(top*BN_BITS2) - m */
+        tmp.d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < top; i++)
+            tmp.d[i] = (~m->d[i]) & BN_MASK2;
+        tmp.top = top;
+    } else
+#endif
+    if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+        goto err;
+
+    /* prepare a^1 in Montgomery domain */
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_mod(&am, a, m, ctx))
+            goto err;
+        if (!BN_to_montgomery(&am, &am, mont, ctx))
+            goto err;
+    } else if (!BN_to_montgomery(&am, a, mont, ctx))
+        goto err;
+
+#if defined(SPARC_T4_MONT)
+    if (t4) {
+        typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
+                                       const BN_ULONG *n0, const void *table,
+                                       int power, int bits);
+        int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
+                              const BN_ULONG *n0, const void *table,
+                              int power, int bits);
+        int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        static const bn_pwr5_mont_f pwr5_funcs[4] = {
+            bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
+            bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32
+        };
+        bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];
+
+        typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
+                                      const void *bp, const BN_ULONG *np,
+                                      const BN_ULONG *n0);
+        int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
+                             const BN_ULONG *np, const BN_ULONG *n0);
+        int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        static const bn_mul_mont_f mul_funcs[4] = {
+            bn_mul_mont_t4_8, bn_mul_mont_t4_16,
+            bn_mul_mont_t4_24, bn_mul_mont_t4_32
+        };
+        bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
+
+        void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0, int num);
+        void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                            const void *bp, const BN_ULONG *np,
+                            const BN_ULONG *n0, int num);
+        void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                                    const void *table, const BN_ULONG *np,
+                                    const BN_ULONG *n0, int num, int power);
+        void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
+                                   void *table, size_t power);
+        void bn_gather5_t4(BN_ULONG *out, size_t num,
+                           void *table, size_t power);
+        void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
+
+        BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+        int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
+                                                * than 32 */
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);
+        bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);
+        if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) &&
+            !(*mul_worker) (tmp.d, am.d, am.d, np, n0))
+            bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);
+
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) &&
+                !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0))
+                bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);
+            bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);
+        }
+
+        /* switch to 64-bit domain */
+        np = alloca(top * sizeof(BN_ULONG));
+        top /= 2;
+        bn_flip_t4(np, mont->N.d, top);
+
+        bits--;
+        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits >= 0) {
+            if (bits < stride)
+                stride = bits + 1;
+            bits -= stride;
+            wvalue = bn_get_bits(p, bits + 1);
+
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+            /* retry once and fall back */
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+
+            bits += stride - 5;
+            wvalue >>= stride - 5;
+            wvalue &= 31;
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                   wvalue);
+        }
+
+        bn_flip_t4(tmp.d, tmp.d, top);
+        top *= 2;
+        /* back to 32-bit domain */
+        tmp.top = top;
+        bn_correct_top(&tmp);
+        OPENSSL_cleanse(np, top * sizeof(BN_ULONG));
+    } else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window == 5 && top > 1) {
+        /*
+         * This optimization uses ideas from http://eprint.iacr.org/2011/239,
+         * specifically optimization of cache-timing attack countermeasures
+         * and pre-computation optimization.
+         */
+
+        /*
+         * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+         * 512-bit RSA is hardly relevant, we omit it to spare size...
+         */
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const void *table, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num, int power);
+        void bn_scatter5(const BN_ULONG *inp, size_t num,
+                         void *table, size_t power);
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+        void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
+                       const void *table, const BN_ULONG *np,
+                       const BN_ULONG *n0, int num, int power);
+        int bn_get_bits5(const BN_ULONG *ap, int off);
+        int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
+                               const BN_ULONG *not_used, const BN_ULONG *np,
+                               const BN_ULONG *n0, int num);
+
+        BN_ULONG *n0 = mont->n0, *np;
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        /*
+         * copy mont->N.d[] to improve cache locality
+         */
+        for (np = am.d + top, i = 0; i < top; i++)
+            np[i] = mont->N.d[i];
+
+        bn_scatter5(tmp.d, top, powerbuf, 0);
+        bn_scatter5(am.d, am.top, powerbuf, 1);
+        bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+        bn_scatter5(tmp.d, top, powerbuf, 2);
+
+# if 0
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# else
+        /* same as above, but uses squaring for 1/2 of operations */
+        for (i = 4; i < 32; i *= 2) {
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+        for (i = 3; i < 8; i += 2) {
+            int j;
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            for (j = 2 * i; j < 32; j *= 2) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_scatter5(tmp.d, top, powerbuf, j);
+            }
+        }
+        for (; i < 16; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
+        }
+        for (; i < 32; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# endif
+        bits--;
+        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        bn_gather5(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        if (top & 7)
+            while (bits >= 0) {
+                for (wvalue = 0, i = 0; i < 5; i++, bits--)
+                    wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                    wvalue);
+        } else {
+            while (bits >= 0) {
+                wvalue = bn_get_bits5(p->d, bits - 4);
+                bits -= 5;
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
+            }
+        }
+
+        ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
+        tmp.top = top;
+        bn_correct_top(&tmp);
+        if (ret) {
+            if (!BN_copy(rr, &tmp))
+                ret = 0;
+            goto err;           /* non-zero ret means it's not error */
+        }
+    } else
+#endif
+    {
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+            goto err;
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+            goto err;
+
+        /*
+         * If the window size is greater than 1, then calculate
+         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
+         * powers could instead be computed as (a^(i/2))^2 to use the slight
+         * performance advantage of sqr over mul).
+         */
+        if (window > 1) {
+            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+                                              window))
+                goto err;
+            for (i = 3; i < numPowers; i++) {
+                /* Calculate a^i = a^(i-1) * a */
+                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
+                    goto err;
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                                                  window))
+                    goto err;
+            }
+        }
+
+        bits--;
+        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+                                            window))
+            goto err;
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits >= 0) {
+            wvalue = 0;         /* The 'value' of the window */
+
+            /* Scan the window, squaring the result as we go */
+            for (i = 0; i < window; i++, bits--) {
+                if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
+                    goto err;
+                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+            }
+
+            /*
+             * Fetch the appropriate pre-computed value from the pre-buf
+             */
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+                                                window))
+                goto err;
+
+            /* Multiply the result into the intermediate result */
+            if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+                goto err;
+        }
+    }
+
+    /* Convert the final result from montgomery to standard format */
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        am.d[0] = 1;            /* borrow am */
+        for (i = 1; i < top; i++)
+            am.d[i] = 0;
+        if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    if (powerbuf != NULL) {
+        OPENSSL_cleanse(powerbuf, powerbufLen);
+        OPENSSL_free(powerbufFree);
+    }
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    BN_MONT_CTX *mont = NULL;
+    int b, bits, ret = 0;
+    int r_is_one;
+    BN_ULONG w, next_w;
+    BIGNUM *d, *r, *t;
+    BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+    /*
+     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+     * probably more overhead than always using BN_mod (which uses BN_copy if
+     * a similar test returns true).
+     */
+    /*
+     * We can use BN_mod and do not need BN_nnmod because our accumulator is
+     * never negative (the result of BN_mod does not depend on the sign of
+     * the modulus).
+     */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    if (m->top == 1)
+        a %= m->d[0];           /* make sure that 'a' is reduced */
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+    if (a == 0) {
+        BN_zero(rr);
+        ret = 1;
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (d == NULL || r == NULL || t == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    r_is_one = 1;               /* except for Montgomery factor */
+
+    /* bits-1 >= 0 */
+
+    /* The result is accumulated in the product r*w. */
+    w = a;                      /* bit 'bits-1' of 'p' is always set */
+    for (b = bits - 2; b >= 0; b--) {
+        /* First, square r*w. */
+        next_w = w * w;
+        if ((next_w / w) != w) { /* overflow */
+            if (r_is_one) {
+                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                    goto err;
+                r_is_one = 0;
+            } else {
+                if (!BN_MOD_MUL_WORD(r, w, m))
+                    goto err;
+            }
+            next_w = 1;
+        }
+        w = next_w;
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        /* Second, multiply r*w by 'a' if exponent bit is set. */
+        if (BN_is_bit_set(p, b)) {
+            next_w = w * a;
+            if ((next_w / a) != w) { /* overflow */
+                if (r_is_one) {
+                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                        goto err;
+                    r_is_one = 0;
+                } else {
+                    if (!BN_MOD_MUL_WORD(r, w, m))
+                        goto err;
+                }
+                next_w = a;
+            }
+            w = next_w;
+        }
+    }
+
+    /* Finally, set r:=r*w. */
+    if (w != 1) {
+        if (r_is_one) {
+            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                goto err;
+            r_is_one = 0;
+        } else {
+            if (!BN_MOD_MUL_WORD(r, w, m))
+                goto err;
+        }
+    }
+
+    if (r_is_one) {             /* can happen only if a == 1 */
+        if (!BN_one(rr))
+            goto err;
+    } else {
+        if (!BN_from_montgomery(rr, r, mont, ctx))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+   if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !val[0])
+        goto err;
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_exp2.c b/openssl-1.1.0h/crypto/bn/bn_exp2.c
new file mode 100644
index 0000000..5141c21
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_exp2.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE      32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, b, bits1, bits2, ret =
+        0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+    int r_is_one = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *a_mod_m;
+    /* Tables of variables obtained from 'ctx' */
+    BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    bn_check_top(a1);
+    bn_check_top(p1);
+    bn_check_top(a2);
+    bn_check_top(p2);
+    bn_check_top(m);
+
+    if (!(m->d[0] & 1)) {
+        BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits1 = BN_num_bits(p1);
+    bits2 = BN_num_bits(p2);
+    if ((bits1 == 0) && (bits2 == 0)) {
+        ret = BN_one(rr);
+        return ret;
+    }
+
+    bits = (bits1 > bits2) ? bits1 : bits2;
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val1[0] = BN_CTX_get(ctx);
+    val2[0] = BN_CTX_get(ctx);
+    if (!d || !r || !val1[0] || !val2[0])
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    window1 = BN_window_bits_for_exponent_size(bits1);
+    window2 = BN_window_bits_for_exponent_size(bits2);
+
+    /*
+     * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+     */
+    if (a1->neg || BN_ucmp(a1, m) >= 0) {
+        if (!BN_mod(val1[0], a1, m, ctx))
+            goto err;
+        a_mod_m = val1[0];
+    } else
+        a_mod_m = a1;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+
+    if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window1 > 1) {
+        if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window1 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /*
+     * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+     */
+    if (a2->neg || BN_ucmp(a2, m) >= 0) {
+        if (!BN_mod(val2[0], a2, m, ctx))
+            goto err;
+        a_mod_m = val2[0];
+    } else
+        a_mod_m = a2;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window2 > 1) {
+        if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window2 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /* Now compute the power product, using independent windows. */
+    r_is_one = 1;
+    wvalue1 = 0;                /* The 'value' of the first window */
+    wvalue2 = 0;                /* The 'value' of the second window */
+    wpos1 = 0;                  /* If wvalue1 > 0, the bottom bit of the
+                                 * first window */
+    wpos2 = 0;                  /* If wvalue2 > 0, the bottom bit of the
+                                 * second window */
+
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (b = bits - 1; b >= 0; b--) {
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        if (!wvalue1)
+            if (BN_is_bit_set(p1, b)) {
+                /*
+                 * consider bits b-window1+1 .. b for this window
+                 */
+                i = b - window1 + 1;
+                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                    i++;
+                wpos1 = i;
+                wvalue1 = 1;
+                for (i = b - 1; i >= wpos1; i--) {
+                    wvalue1 <<= 1;
+                    if (BN_is_bit_set(p1, i))
+                        wvalue1++;
+                }
+            }
+
+        if (!wvalue2)
+            if (BN_is_bit_set(p2, b)) {
+                /*
+                 * consider bits b-window2+1 .. b for this window
+                 */
+                i = b - window2 + 1;
+                while (!BN_is_bit_set(p2, i))
+                    i++;
+                wpos2 = i;
+                wvalue2 = 1;
+                for (i = b - 1; i >= wpos2; i--) {
+                    wvalue2 <<= 1;
+                    if (BN_is_bit_set(p2, i))
+                        wvalue2++;
+                }
+            }
+
+        if (wvalue1 && b == wpos1) {
+            /* wvalue1 is odd and < 2^window1 */
+            if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
+                goto err;
+            wvalue1 = 0;
+            r_is_one = 0;
+        }
+
+        if (wvalue2 && b == wpos2) {
+            /* wvalue2 is odd and < 2^window2 */
+            if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
+                goto err;
+            wvalue2 = 0;
+            r_is_one = 0;
+        }
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_gcd.c b/openssl-1.1.0h/crypto/bn/bn_gcd.c
new file mode 100644
index 0000000..0676426
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_gcd.c
@@ -0,0 +1,616 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *t;
+    int ret = 0;
+
+    bn_check_top(in_a);
+    bn_check_top(in_b);
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (a == NULL || b == NULL)
+        goto err;
+
+    if (BN_copy(a, in_a) == NULL)
+        goto err;
+    if (BN_copy(b, in_b) == NULL)
+        goto err;
+    a->neg = 0;
+    b->neg = 0;
+
+    if (BN_cmp(a, b) < 0) {
+        t = a;
+        a = b;
+        b = t;
+    }
+    t = euclid(a, b);
+    if (t == NULL)
+        goto err;
+
+    if (BN_copy(r, t) == NULL)
+        goto err;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+{
+    BIGNUM *t;
+    int shifts = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    /* 0 <= b <= a */
+    while (!BN_is_zero(b)) {
+        /* 0 < b <= a */
+
+        if (BN_is_odd(a)) {
+            if (BN_is_odd(b)) {
+                if (!BN_sub(a, a, b))
+                    goto err;
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a odd - b even */
+
+                if (!BN_rshift1(b, b))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            }
+        } else {                /* a is even */
+
+            if (BN_is_odd(b)) {
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a even - b even */
+
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (!BN_rshift1(b, b))
+                    goto err;
+                shifts++;
+            }
+        }
+        /* 0 <= b <= a */
+    }
+
+    if (shifts) {
+        if (!BN_lshift(a, a, shifts))
+            goto err;
+    }
+    bn_check_top(a);
+    return (a);
+ err:
+    return (NULL);
+}
+
+/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx);
+
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+{
+    BIGNUM *rv;
+    int noinv;
+    rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
+    if (noinv)
+        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+    return rv;
+}
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *pnoinv)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    if (pnoinv)
+        *pnoinv = 0;
+
+    if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
+        return BN_mod_inverse_no_branch(in, a, n, ctx);
+    }
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        if (!BN_nnmod(B, B, A, ctx))
+            goto err;
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {
+        /*
+         * Binary inversion algorithm; requires odd modulus. This is faster
+         * than the general algorithm if the modulus is sufficiently small
+         * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
+         * systems)
+         */
+        int shift;
+
+        while (!BN_is_zero(B)) {
+            /*-
+             *      0 < B < |n|,
+             *      0 < A <= |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /*
+             * Now divide B by the maximum possible power of two in the
+             * integers, and divide X by the same value mod |n|. When we're
+             * done, (1) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
+                shift++;
+
+                if (BN_is_odd(X)) {
+                    if (!BN_uadd(X, X, n))
+                        goto err;
+                }
+                /*
+                 * now X is even, so we can easily divide it by two
+                 */
+                if (!BN_rshift1(X, X))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(B, B, shift))
+                    goto err;
+            }
+
+            /*
+             * Same for A and Y.  Afterwards, (2) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
+                shift++;
+
+                if (BN_is_odd(Y)) {
+                    if (!BN_uadd(Y, Y, n))
+                        goto err;
+                }
+                /* now Y is even */
+                if (!BN_rshift1(Y, Y))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(A, A, shift))
+                    goto err;
+            }
+
+            /*-
+             * We still have (1) and (2).
+             * Both  A  and  B  are odd.
+             * The following computations ensure that
+             *
+             *     0 <= B < |n|,
+             *      0 < A < |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|),
+             *
+             * and that either  A  or  B  is even in the next iteration.
+             */
+            if (BN_ucmp(B, A) >= 0) {
+                /* -sign*(X + Y)*a == B - A  (mod |n|) */
+                if (!BN_uadd(X, X, Y))
+                    goto err;
+                /*
+                 * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+                 * actually makes the algorithm slower
+                 */
+                if (!BN_usub(B, B, A))
+                    goto err;
+            } else {
+                /*  sign*(X + Y)*a == A - B  (mod |n|) */
+                if (!BN_uadd(Y, Y, X))
+                    goto err;
+                /*
+                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
+                 */
+                if (!BN_usub(A, A, B))
+                    goto err;
+            }
+        }
+    } else {
+        /* general inversion algorithm */
+
+        while (!BN_is_zero(B)) {
+            BIGNUM *tmp;
+
+            /*-
+             *      0 < B < A,
+             * (*) -sign*X*a  ==  B   (mod |n|),
+             *      sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (BN_num_bits(A) == BN_num_bits(B)) {
+                if (!BN_one(D))
+                    goto err;
+                if (!BN_sub(M, A, B))
+                    goto err;
+            } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
+                /* A/B is 1, 2, or 3 */
+                if (!BN_lshift1(T, B))
+                    goto err;
+                if (BN_ucmp(A, T) < 0) {
+                    /* A < 2*B, so D=1 */
+                    if (!BN_one(D))
+                        goto err;
+                    if (!BN_sub(M, A, B))
+                        goto err;
+                } else {
+                    /* A >= 2*B, so D=2 or D=3 */
+                    if (!BN_sub(M, A, T))
+                        goto err;
+                    if (!BN_add(D, T, B))
+                        goto err; /* use D (:= 3*B) as temp */
+                    if (BN_ucmp(A, D) < 0) {
+                        /* A < 3*B, so D=2 */
+                        if (!BN_set_word(D, 2))
+                            goto err;
+                        /*
+                         * M (= A - 2*B) already has the correct value
+                         */
+                    } else {
+                        /* only D=3 remains */
+                        if (!BN_set_word(D, 3))
+                            goto err;
+                        /*
+                         * currently M = A - 2*B, but we need M = A - 3*B
+                         */
+                        if (!BN_sub(M, M, B))
+                            goto err;
+                    }
+                }
+            } else {
+                if (!BN_div(D, M, A, B, ctx))
+                    goto err;
+            }
+
+            /*-
+             * Now
+             *      A = D*B + M;
+             * thus we have
+             * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+             */
+
+            tmp = A;    /* keep the BIGNUM object, the value does not matter */
+
+            /* (A, B) := (B, A mod B) ... */
+            A = B;
+            B = M;
+            /* ... so we have  0 <= B < A  again */
+
+            /*-
+             * Since the former  M  is now  B  and the former  B  is now  A,
+             * (**) translates into
+             *       sign*Y*a  ==  D*A + B    (mod |n|),
+             * i.e.
+             *       sign*Y*a - D*A  ==  B    (mod |n|).
+             * Similarly, (*) translates into
+             *      -sign*X*a  ==  A          (mod |n|).
+             *
+             * Thus,
+             *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+             * i.e.
+             *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+             *
+             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+             *      -sign*X*a  ==  B   (mod |n|),
+             *       sign*Y*a  ==  A   (mod |n|).
+             * Note that  X  and  Y  stay non-negative all the time.
+             */
+
+            /*
+             * most of the time D is very small, so we can optimize tmp := D*X+Y
+             */
+            if (BN_is_one(D)) {
+                if (!BN_add(tmp, X, Y))
+                    goto err;
+            } else {
+                if (BN_is_word(D, 2)) {
+                    if (!BN_lshift1(tmp, X))
+                        goto err;
+                } else if (BN_is_word(D, 4)) {
+                    if (!BN_lshift(tmp, X, 2))
+                        goto err;
+                } else if (D->top == 1) {
+                    if (!BN_copy(tmp, X))
+                        goto err;
+                    if (!BN_mul_word(tmp, D->d[0]))
+                        goto err;
+                } else {
+                    if (!BN_mul(tmp, D, X, ctx))
+                        goto err;
+                }
+                if (!BN_add(tmp, tmp, Y))
+                    goto err;
+            }
+
+            M = Y;      /* keep the BIGNUM object, the value does not matter */
+            Y = X;
+            X = tmp;
+            sign = -sign;
+        }
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        if (pnoinv)
+            *pnoinv = 1;
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return (ret);
+}
+
+/*
+ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
+ */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+         {
+            BIGNUM local_B;
+            bn_init(&local_B);
+            BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
+            if (!BN_nnmod(B, &local_B, A, ctx))
+                goto err;
+            /* Ensure local_B goes out of scope before any further use of B */
+        }
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    while (!BN_is_zero(B)) {
+        BIGNUM *tmp;
+
+        /*-
+         *      0 < B < A,
+         * (*) -sign*X*a  ==  B   (mod |n|),
+         *      sign*Y*a  ==  A   (mod |n|)
+         */
+
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+        {
+            BIGNUM local_A;
+            bn_init(&local_A);
+            BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (!BN_div(D, M, &local_A, B, ctx))
+                goto err;
+            /* Ensure local_A goes out of scope before any further use of A */
+        }
+
+        /*-
+         * Now
+         *      A = D*B + M;
+         * thus we have
+         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+         */
+
+        tmp = A;                /* keep the BIGNUM object, the value does not
+                                 * matter */
+
+        /* (A, B) := (B, A mod B) ... */
+        A = B;
+        B = M;
+        /* ... so we have  0 <= B < A  again */
+
+        /*-
+         * Since the former  M  is now  B  and the former  B  is now  A,
+         * (**) translates into
+         *       sign*Y*a  ==  D*A + B    (mod |n|),
+         * i.e.
+         *       sign*Y*a - D*A  ==  B    (mod |n|).
+         * Similarly, (*) translates into
+         *      -sign*X*a  ==  A          (mod |n|).
+         *
+         * Thus,
+         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+         * i.e.
+         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+         *
+         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+         *      -sign*X*a  ==  B   (mod |n|),
+         *       sign*Y*a  ==  A   (mod |n|).
+         * Note that  X  and  Y  stay non-negative all the time.
+         */
+
+        if (!BN_mul(tmp, D, X, ctx))
+            goto err;
+        if (!BN_add(tmp, tmp, Y))
+            goto err;
+
+        M = Y;                  /* keep the BIGNUM object, the value does not
+                                 * matter */
+        Y = X;
+        X = tmp;
+        sign = -sign;
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_gf2m.c b/openssl-1.1.0h/crypto/bn/bn_gf2m.c
new file mode 100644
index 0000000..b1987f5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_gf2m.c
@@ -0,0 +1,1224 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+ * fail.
+ */
+# define MAX_ITERATIONS 50
+
+static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
+    64, 65, 68, 69, 80, 81, 84, 85
+};
+
+/* Platform-specific macros to accelerate squaring. */
+# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#  define SQR1(w) \
+    SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
+    SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
+    SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
+    SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]
+#  define SQR0(w) \
+    SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
+    SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
+    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
+    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
+# endif
+# ifdef THIRTY_TWO_BIT
+#  define SQR1(w) \
+    SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
+    SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]
+#  define SQR0(w) \
+    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
+    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
+# endif
+
+# if !defined(OPENSSL_BN_ASM_GF2m)
+/*
+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
+ * the variables have the right amount of space allocated.
+ */
+#  ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[8], top2b = a >> 30;
+    register BN_ULONG a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+
+    s = tab[b & 0x7];
+    l = s;
+    s = tab[b >> 3 & 0x7];
+    l ^= s << 3;
+    h = s >> 29;
+    s = tab[b >> 6 & 0x7];
+    l ^= s << 6;
+    h ^= s >> 26;
+    s = tab[b >> 9 & 0x7];
+    l ^= s << 9;
+    h ^= s >> 23;
+    s = tab[b >> 12 & 0x7];
+    l ^= s << 12;
+    h ^= s >> 20;
+    s = tab[b >> 15 & 0x7];
+    l ^= s << 15;
+    h ^= s >> 17;
+    s = tab[b >> 18 & 0x7];
+    l ^= s << 18;
+    h ^= s >> 14;
+    s = tab[b >> 21 & 0x7];
+    l ^= s << 21;
+    h ^= s >> 11;
+    s = tab[b >> 24 & 0x7];
+    l ^= s << 24;
+    h ^= s >> 8;
+    s = tab[b >> 27 & 0x7];
+    l ^= s << 27;
+    h ^= s >> 5;
+    s = tab[b >> 30];
+    l ^= s << 30;
+    h ^= s >> 2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) {
+        l ^= b << 30;
+        h ^= b >> 2;
+    }
+    if (top2b & 02) {
+        l ^= b << 31;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+#  if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[16], top3b = a >> 61;
+    register BN_ULONG a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+    a8 = a4 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+    tab[8] = a8;
+    tab[9] = a1 ^ a8;
+    tab[10] = a2 ^ a8;
+    tab[11] = a1 ^ a2 ^ a8;
+    tab[12] = a4 ^ a8;
+    tab[13] = a1 ^ a4 ^ a8;
+    tab[14] = a2 ^ a4 ^ a8;
+    tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+    s = tab[b & 0xF];
+    l = s;
+    s = tab[b >> 4 & 0xF];
+    l ^= s << 4;
+    h = s >> 60;
+    s = tab[b >> 8 & 0xF];
+    l ^= s << 8;
+    h ^= s >> 56;
+    s = tab[b >> 12 & 0xF];
+    l ^= s << 12;
+    h ^= s >> 52;
+    s = tab[b >> 16 & 0xF];
+    l ^= s << 16;
+    h ^= s >> 48;
+    s = tab[b >> 20 & 0xF];
+    l ^= s << 20;
+    h ^= s >> 44;
+    s = tab[b >> 24 & 0xF];
+    l ^= s << 24;
+    h ^= s >> 40;
+    s = tab[b >> 28 & 0xF];
+    l ^= s << 28;
+    h ^= s >> 36;
+    s = tab[b >> 32 & 0xF];
+    l ^= s << 32;
+    h ^= s >> 32;
+    s = tab[b >> 36 & 0xF];
+    l ^= s << 36;
+    h ^= s >> 28;
+    s = tab[b >> 40 & 0xF];
+    l ^= s << 40;
+    h ^= s >> 24;
+    s = tab[b >> 44 & 0xF];
+    l ^= s << 44;
+    h ^= s >> 20;
+    s = tab[b >> 48 & 0xF];
+    l ^= s << 48;
+    h ^= s >> 16;
+    s = tab[b >> 52 & 0xF];
+    l ^= s << 52;
+    h ^= s >> 12;
+    s = tab[b >> 56 & 0xF];
+    l ^= s << 56;
+    h ^= s >> 8;
+    s = tab[b >> 60];
+    l ^= s << 60;
+    h ^= s >> 4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) {
+        l ^= b << 61;
+        h ^= b >> 3;
+    }
+    if (top3b & 02) {
+        l ^= b << 62;
+        h ^= b >> 2;
+    }
+    if (top3b & 04) {
+        l ^= b << 63;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+
+/*
+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
+ * ensure that the variables have the right amount of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+                            const BN_ULONG b1, const BN_ULONG b0)
+{
+    BN_ULONG m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+    bn_GF2m_mul_1x1(r + 1, r, a0, b0);
+    bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];   /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+# else
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
+                     BN_ULONG b0);
+# endif
+
+/*
+ * Add polynomials a and b and store result in r; r could be a or b, a and b
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    const BIGNUM *at, *bt;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        at = b;
+        bt = a;
+    } else {
+        at = a;
+        bt = b;
+    }
+
+    if (bn_wexpand(r, at->top) == NULL)
+        return 0;
+
+    for (i = 0; i < bt->top; i++) {
+        r->d[i] = at->d[i] ^ bt->d[i];
+    }
+    for (; i < at->top; i++) {
+        r->d[i] = at->d[i];
+    }
+
+    r->top = at->top;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+/* Performs modular reduction of a and store result in r.  r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
+{
+    int j, k;
+    int n, dN, d0, d1;
+    BN_ULONG zz, *z;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    /*
+     * Since the algorithm does reduction in the r value, if a != r, copy the
+     * contents of a into r so we can do reduction in r.
+     */
+    if (a != r) {
+        if (!bn_wexpand(r, a->top))
+            return 0;
+        for (j = 0; j < a->top; j++) {
+            r->d[j] = a->d[j];
+        }
+        r->top = a->top;
+    }
+    z = r->d;
+
+    /* start reduction */
+    dN = p[0] / BN_BITS2;
+    for (j = r->top - 1; j > dN;) {
+        zz = z[j];
+        if (z[j] == 0) {
+            j--;
+            continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] != 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            d0 = n % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            n /= BN_BITS2;
+            z[j - n] ^= (zz >> d0);
+            if (d0)
+                z[j - n - 1] ^= (zz << d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;
+        d0 = p[0] % BN_BITS2;
+        d1 = BN_BITS2 - d0;
+        z[j - n] ^= (zz >> d0);
+        if (d0)
+            z[j - n - 1] ^= (zz << d1);
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        d0 = p[0] % BN_BITS2;
+        zz = z[dN] >> d0;
+        if (zz == 0)
+            break;
+        d1 = BN_BITS2 - d0;
+
+        /* clear up the top d1 bits */
+        if (d0)
+            z[dN] = (z[dN] << d1) >> d1;
+        else
+            z[dN] = 0;
+        z[0] ^= zz;             /* reduction t^0 component */
+
+        for (k = 1; p[k] != 0; k++) {
+            BN_ULONG tmp_ulong;
+
+            /* reducing component t^p[k] */
+            n = p[k] / BN_BITS2;
+            d0 = p[k] % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            z[n] ^= (zz << d0);
+            if (d0 && (tmp_ulong = zz >> d1))
+                z[n + 1] ^= tmp_ulong;
+        }
+
+    }
+
+    bn_correct_top(r);
+    return 1;
+}
+
+/*
+ * Performs modular reduction of a by p and store result in r.  r could be a.
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_arr function.
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
+    int ret = 0;
+    int arr[6];
+    bn_check_top(a);
+    bn_check_top(p);
+    ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr));
+    if (!ret || ret > (int)OSSL_NELEM(arr)) {
+        BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+        return 0;
+    }
+    ret = BN_GF2m_mod_arr(r, a, arr);
+    bn_check_top(r);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could be b.
+ */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int zlen, i, j, k, ret = 0;
+    BIGNUM *s;
+    BN_ULONG x1, x0, y1, y0, zz[4];
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a == b) {
+        return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+    }
+
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    zlen = a->top + b->top + 4;
+    if (!bn_wexpand(s, zlen))
+        goto err;
+    s->top = zlen;
+
+    for (i = 0; i < zlen; i++)
+        s->d[i] = 0;
+
+    for (j = 0; j < b->top; j += 2) {
+        y0 = b->d[j];
+        y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+        for (i = 0; i < a->top; i += 2) {
+            x0 = a->d[i];
+            x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
+            bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+            for (k = 0; k < 4; k++)
+                s->d[i + j + k] ^= zz[k];
+        }
+    }
+
+    bn_correct_top(s);
+    if (BN_GF2m_mod_arr(r, s, p))
+        ret = 1;
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could equal b. This function calls
+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
+ * only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_mul_arr function.
+ */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/* Square a, reduce the result mod p, and store it in a.  r could be a. */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *s;
+
+    bn_check_top(a);
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!bn_wexpand(s, 2 * a->top))
+        goto err;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        s->d[2 * i + 1] = SQR1(a->d[i]);
+        s->d[2 * i] = SQR0(a->d[i]);
+    }
+
+    s->top = 2 * a->top;
+    bn_correct_top(s);
+    if (!BN_GF2m_mod_arr(r, s, p))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Square a, reduce the result mod p, and store it in a.  r could be a. This
+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_sqr_arr function.
+ */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+ * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
+ * Curve Cryptography Over Binary Fields".
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    if ((b = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if ((c = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if ((v = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod(u, a, p))
+        goto err;
+    if (BN_is_zero(u))
+        goto err;
+
+    if (!BN_copy(v, p))
+        goto err;
+# if 0
+    if (!BN_one(b))
+        goto err;
+
+    while (1) {
+        while (!BN_is_odd(u)) {
+            if (BN_is_zero(u))
+                goto err;
+            if (!BN_rshift1(u, u))
+                goto err;
+            if (BN_is_odd(b)) {
+                if (!BN_GF2m_add(b, b, p))
+                    goto err;
+            }
+            if (!BN_rshift1(b, b))
+                goto err;
+        }
+
+        if (BN_abs_is_word(u, 1))
+            break;
+
+        if (BN_num_bits(u) < BN_num_bits(v)) {
+            tmp = u;
+            u = v;
+            v = tmp;
+            tmp = b;
+            b = c;
+            c = tmp;
+        }
+
+        if (!BN_GF2m_add(u, u, v))
+            goto err;
+        if (!BN_GF2m_add(b, b, c))
+            goto err;
+    }
+# else
+    {
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
+        BN_ULONG *udp, *bdp, *vdp, *cdp;
+
+        if (!bn_wexpand(u, top))
+            goto err;
+        udp = u->d;
+        for (i = u->top; i < top; i++)
+            udp[i] = 0;
+        u->top = top;
+        if (!bn_wexpand(b, top))
+          goto err;
+        bdp = b->d;
+        bdp[0] = 1;
+        for (i = 1; i < top; i++)
+            bdp[i] = 0;
+        b->top = top;
+        if (!bn_wexpand(c, top))
+          goto err;
+        cdp = c->d;
+        for (i = 0; i < top; i++)
+            cdp[i] = 0;
+        c->top = top;
+        vdp = v->d;             /* It pays off to "cache" *->d pointers,
+                                 * because it allows optimizer to be more
+                                 * aggressive. But we don't have to "cache"
+                                 * p->d, because *p is declared 'const'... */
+        while (1) {
+            while (ubits && !(udp[0] & 1)) {
+                BN_ULONG u0, u1, b0, b1, mask;
+
+                u0 = udp[0];
+                b0 = bdp[0];
+                mask = (BN_ULONG)0 - (b0 & 1);
+                b0 ^= p->d[0] & mask;
+                for (i = 0; i < top - 1; i++) {
+                    u1 = udp[i + 1];
+                    udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    u0 = u1;
+                    b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
+                    bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    b0 = b1;
+                }
+                udp[i] = u0 >> 1;
+                bdp[i] = b0 >> 1;
+                ubits--;
+            }
+
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }
+
+            if (ubits < vbits) {
+                i = ubits;
+                ubits = vbits;
+                vbits = i;
+                tmp = u;
+                u = v;
+                v = tmp;
+                tmp = b;
+                b = c;
+                c = tmp;
+                udp = vdp;
+                vdp = v->d;
+                bdp = cdp;
+                cdp = c->d;
+            }
+            for (i = 0; i < top; i++) {
+                udp[i] ^= vdp[i];
+                bdp[i] ^= cdp[i];
+            }
+            if (ubits == vbits) {
+                BN_ULONG ul;
+                int utop = (ubits - 1) / BN_BITS2;
+
+                while ((ul = udp[utop]) == 0 && utop)
+                    utop--;
+                ubits = utop * BN_BITS2 + BN_num_bits_word(ul);
+            }
+        }
+        bn_correct_top(b);
+    }
+# endif
+
+    if (!BN_copy(r, b))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+# ifdef BN_DEBUG                /* BN_CTX_end would complain about the
+                                 * expanded form */
+    bn_correct_top(c);
+    bn_correct_top(u);
+    bn_correct_top(v);
+# endif
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ * This function calls down to the BN_GF2m_mod_inv implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
+                        BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(xx);
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+# ifndef OPENSSL_SUN_GF2M_DIV
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *xinv = NULL;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+    xinv = BN_CTX_get(ctx);
+    if (xinv == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+        goto err;
+    if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+# else
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to the
+ * Great Divide".
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *u, *v;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
+        goto err;
+
+    /* reduce x and y mod p */
+    if (!BN_GF2m_mod(u, y, p))
+        goto err;
+    if (!BN_GF2m_mod(a, x, p))
+        goto err;
+    if (!BN_copy(b, p))
+        goto err;
+
+    while (!BN_is_odd(a)) {
+        if (!BN_rshift1(a, a))
+            goto err;
+        if (BN_is_odd(u))
+            if (!BN_GF2m_add(u, u, p))
+                goto err;
+        if (!BN_rshift1(u, u))
+            goto err;
+    }
+
+    do {
+        if (BN_GF2m_cmp(b, a) > 0) {
+            if (!BN_GF2m_add(b, b, a))
+                goto err;
+            if (!BN_GF2m_add(v, v, u))
+                goto err;
+            do {
+                if (!BN_rshift1(b, b))
+                    goto err;
+                if (BN_is_odd(v))
+                    if (!BN_GF2m_add(v, v, p))
+                        goto err;
+                if (!BN_rshift1(v, v))
+                    goto err;
+            } while (!BN_is_odd(b));
+        } else if (BN_abs_is_word(a, 1))
+            break;
+        else {
+            if (!BN_GF2m_add(a, a, b))
+                goto err;
+            if (!BN_GF2m_add(u, u, v))
+                goto err;
+            do {
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_is_odd(u))
+                    if (!BN_GF2m_add(u, u, p))
+                        goto err;
+                if (!BN_rshift1(u, u))
+                    goto err;
+            } while (!BN_is_odd(a));
+        }
+    } while (1);
+
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+# endif
+
+/*
+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * * or yy, xx could equal yy. This function calls down to the
+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for
+ * convenience; for best performance, use the BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+                        const int p[], BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(yy);
+    bn_check_top(xx);
+
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
+ * P1363.
+ */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int ret = 0, i, n;
+    BIGNUM *u;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (BN_is_zero(b))
+        return (BN_one(r));
+
+    if (BN_abs_is_word(b, 1))
+        return (BN_copy(r, a) != NULL);
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(u, a, p))
+        goto err;
+
+    n = BN_num_bits(b) - 1;
+    for (i = n - 1; i >= 0; i--) {
+        if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+            goto err;
+        if (BN_is_bit_set(b, i)) {
+            if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+                goto err;
+        }
+    }
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                         BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *u;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(u, p[0] - 1))
+        goto err;
+    ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
+                               BN_CTX *ctx)
+{
+    int ret = 0, count = 0, j;
+    BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+    bn_check_top(a_);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    w = BN_CTX_get(ctx);
+    if (w == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(a, a_, p))
+        goto err;
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    if (p[0] & 0x1) {           /* m is odd */
+        /* compute half-trace of a */
+        if (!BN_copy(z, a))
+            goto err;
+        for (j = 1; j <= (p[0] - 1) / 2; j++) {
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_add(z, z, a))
+                goto err;
+        }
+
+    } else {                    /* m is even */
+
+        rho = BN_CTX_get(ctx);
+        w2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        if (tmp == NULL)
+            goto err;
+        do {
+            if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+            if (!BN_GF2m_mod_arr(rho, rho, p))
+                goto err;
+            BN_zero(z);
+            if (!BN_copy(w, rho))
+                goto err;
+            for (j = 1; j <= p[0] - 1; j++) {
+                if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+                    goto err;
+                if (!BN_GF2m_add(z, z, tmp))
+                    goto err;
+                if (!BN_GF2m_add(w, w2, rho))
+                    goto err;
+            }
+            count++;
+        } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+        if (BN_is_zero(w)) {
+            BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    }
+
+    if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+        goto err;
+    if (!BN_GF2m_add(w, z, w))
+        goto err;
+    if (BN_GF2m_cmp(w, a)) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+        goto err;
+    }
+
+    if (!BN_copy(r, z))
+        goto err;
+    bn_check_top(r);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i) into an array of integers corresponding to the bits with non-zero
+ * coefficient.  Array is terminated with -1. Up to max elements of the array
+ * will be filled.  Return value is total number of array elements that would
+ * be filled if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+{
+    int i, j, k = 0;
+    BN_ULONG mask;
+
+    if (BN_is_zero(a))
+        return 0;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        if (!a->d[i])
+            /* skip word if a->d[i] == 0 */
+            continue;
+        mask = BN_TBIT;
+        for (j = BN_BITS2 - 1; j >= 0; j--) {
+            if (a->d[i] & mask) {
+                if (k < max)
+                    p[k] = BN_BITS2 * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    if (k < max) {
+        p[k] = -1;
+        k++;
+    }
+
+    return k;
+}
+
+/*
+ * Convert the coefficient array representation of a polynomial to a
+ * bit-string.  The array must be terminated by -1.
+ */
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
+{
+    int i;
+
+    bn_check_top(a);
+    BN_zero(a);
+    for (i = 0; p[i] != -1; i++) {
+        if (BN_set_bit(a, p[i]) == 0)
+            return 0;
+    }
+    bn_check_top(a);
+
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_intern.c b/openssl-1.1.0h/crypto/bn/bn_intern.c
new file mode 100644
index 0000000..2c97064
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_intern.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+{
+    int window_val;
+    signed char *r = NULL;
+    int sign = 1;
+    int bit, next_bit, mask;
+    size_t len = 0, j;
+
+    if (BN_is_zero(scalar)) {
+        r = OPENSSL_malloc(1);
+        if (r == NULL) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        r[0] = 0;
+        *ret_len = 1;
+        return r;
+    }
+
+    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
+                                 * absolute values less than 2^7 */
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    bit = 1 << w;               /* at most 128 */
+    next_bit = bit << 1;        /* at most 256 */
+    mask = next_bit - 1;        /* at most 255 */
+
+    if (BN_is_negative(scalar)) {
+        sign = -1;
+    }
+
+    if (scalar->d == NULL || scalar->top == 0) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    len = BN_num_bits(scalar);
+    r = OPENSSL_malloc(len + 1); /*
+                                  * Modified wNAF may be one digit longer than binary representation
+                                  * (*ret_len will be set to the actual length, i.e. at most
+                                  * BN_num_bits(scalar) + 1)
+                                  */
+    if (r == NULL) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    window_val = scalar->d[0] & mask;
+    j = 0;
+    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+                                                      * window_val will not
+                                                      * increase */
+        int digit = 0;
+
+        /* 0 <= window_val <= 2^(w+1) */
+
+        if (window_val & 1) {
+            /* 0 < window_val < 2^(w+1) */
+
+            if (window_val & bit) {
+                digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1                           /* modified wNAF */
+                if (j + w + 1 >= len) {
+                    /*
+                     * Special case for generating modified wNAFs:
+                     * no new bits will be added into window_val,
+                     * so using a positive digit here will decrease
+                     * the total length of the representation
+                     */
+
+                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+                }
+#endif
+            } else {
+                digit = window_val; /* 0 < digit < 2^w */
+            }
+
+            if (digit <= -bit || digit >= bit || !(digit & 1)) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            window_val -= digit;
+
+            /*
+             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+             * for modified window NAFs, it may also be 2^w
+             */
+            if (window_val != 0 && window_val != next_bit
+                && window_val != bit) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        r[j++] = sign * digit;
+
+        window_val >>= 1;
+        window_val += bit * BN_is_bit_set(scalar, j + w);
+
+        if (window_val > next_bit) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (j > len + 1) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    *ret_len = j;
+    return r;
+
+ err:
+    OPENSSL_free(r);
+    return NULL;
+}
+
+int bn_get_top(const BIGNUM *a)
+{
+    return a->top;
+}
+
+void bn_set_top(BIGNUM *a, int top)
+{
+    a->top = top;
+}
+
+int bn_get_dmax(const BIGNUM *a)
+{
+    return a->dmax;
+}
+
+void bn_set_all_zero(BIGNUM *a)
+{
+    int i;
+
+    for (i = a->top; i < a->dmax; i++)
+        a->d[i] = 0;
+}
+
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size)
+{
+    if (in->top > size)
+        return 0;
+
+    memset(out, 0, sizeof(*out) * size);
+    if (in->d != NULL)
+        memcpy(out, in->d, sizeof(*out) * in->top);
+    return 1;
+}
+
+BN_ULONG *bn_get_words(const BIGNUM *a)
+{
+    return a->d;
+}
+
+void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size)
+{
+    a->d = words;
+    a->dmax = a->top = size;
+    a->neg = 0;
+    a->flags |= BN_FLG_STATIC_DATA;
+    bn_correct_top(a);
+}
+
+int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words)
+{
+    if (bn_wexpand(a, num_words) == NULL) {
+        BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(a->d, words, sizeof(BN_ULONG) * num_words);
+    a->top = num_words;
+    bn_correct_top(a);
+    return 1;
+}
+
+size_t bn_sizeof_BIGNUM(void)
+{
+    return sizeof(BIGNUM);
+}
+
+BIGNUM *bn_array_el(BIGNUM *base, int el)
+{
+    return &base[el];
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_kron.c b/openssl-1.1.0h/crypto/bn/bn_kron.c
new file mode 100644
index 0000000..b9bc6cc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_kron.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int i;
+    int ret = -2;               /* avoid 'uninitialized' warning */
+    int err = 0;
+    BIGNUM *A, *B, *tmp;
+    /*-
+     * In 'tab', only odd-indexed entries are relevant:
+     * For any odd BIGNUM n,
+     *     tab[BN_lsw(n) & 7]
+     * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+     * Note that the sign of n does not matter.
+     */
+    static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    if (B == NULL)
+        goto end;
+
+    err = !BN_copy(A, a);
+    if (err)
+        goto end;
+    err = !BN_copy(B, b);
+    if (err)
+        goto end;
+
+    /*
+     * Kronecker symbol, implemented according to Henri Cohen,
+     * "A Course in Computational Algebraic Number Theory"
+     * (algorithm 1.4.10).
+     */
+
+    /* Cohen's step 1: */
+
+    if (BN_is_zero(B)) {
+        ret = BN_abs_is_word(A, 1);
+        goto end;
+    }
+
+    /* Cohen's step 2: */
+
+    if (!BN_is_odd(A) && !BN_is_odd(B)) {
+        ret = 0;
+        goto end;
+    }
+
+    /* now  B  is non-zero */
+    i = 0;
+    while (!BN_is_bit_set(B, i))
+        i++;
+    err = !BN_rshift(B, B, i);
+    if (err)
+        goto end;
+    if (i & 1) {
+        /* i is odd */
+        /* (thus  B  was even, thus  A  must be odd!)  */
+
+        /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+        ret = tab[BN_lsw(A) & 7];
+    } else {
+        /* i is even */
+        ret = 1;
+    }
+
+    if (B->neg) {
+        B->neg = 0;
+        if (A->neg)
+            ret = -ret;
+    }
+
+    /*
+     * now B is positive and odd, so what remains to be done is to compute
+     * the Jacobi symbol (A/B) and multiply it by 'ret'
+     */
+
+    while (1) {
+        /* Cohen's step 3: */
+
+        /*  B  is positive and odd */
+
+        if (BN_is_zero(A)) {
+            ret = BN_is_one(B) ? ret : 0;
+            goto end;
+        }
+
+        /* now  A  is non-zero */
+        i = 0;
+        while (!BN_is_bit_set(A, i))
+            i++;
+        err = !BN_rshift(A, A, i);
+        if (err)
+            goto end;
+        if (i & 1) {
+            /* i is odd */
+            /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+            ret = ret * tab[BN_lsw(B) & 7];
+        }
+
+        /* Cohen's step 4: */
+        /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+        if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+            ret = -ret;
+
+        /* (A, B) := (B mod |A|, |A|) */
+        err = !BN_nnmod(B, B, A, ctx);
+        if (err)
+            goto end;
+        tmp = A;
+        A = B;
+        B = tmp;
+        tmp->neg = 0;
+    }
+ end:
+    BN_CTX_end(ctx);
+    if (err)
+        return -2;
+    else
+        return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_lcl.h b/openssl-1.1.0h/crypto/bn/bn_lcl.h
new file mode 100644
index 0000000..5fb3814
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_lcl.h
@@ -0,0 +1,689 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_LCL_H
+# define HEADER_BN_LCL_H
+
+/*
+ * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
+ * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our
+ * Configure script and needs to support both 32-bit and 64-bit.
+ */
+# include <openssl/opensslconf.h>
+
+# if !defined(OPENSSL_SYS_UEFI)
+#  include "internal/bn_conf.h"
+# endif
+
+# include "internal/bn_int.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+#  define BN_MUL_COMBA
+#  define BN_SQR_COMBA
+#  define BN_RECURSION
+# endif
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc.  This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on.  Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+#  define BN_DIV2W
+# endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULLONG       unsigned long long
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000L)
+#  define BN_MASK2h1      (0xffffffff80000000L)
+#  define BN_DEC_CONV     (10000000000000000000UL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%lu"
+#  define BN_DEC_FMT2     "%019lu"
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  undef BN_LLONG
+#  undef BN_ULLONG
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffLL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000LL)
+#  define BN_MASK2h1      (0xffffffff80000000LL)
+#  define BN_DEC_CONV     (10000000000000000000ULL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%llu"
+#  define BN_DEC_FMT2     "%019llu"
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  ifdef BN_LLONG
+#   if defined(_WIN32) && !defined(__GNUC__)
+#    define BN_ULLONG     unsigned __int64
+#   else
+#    define BN_ULLONG     unsigned long long
+#   endif
+#  endif
+#  define BN_BITS4        16
+#  define BN_MASK2        (0xffffffffL)
+#  define BN_MASK2l       (0xffff)
+#  define BN_MASK2h1      (0xffff8000L)
+#  define BN_MASK2h       (0xffff0000L)
+#  define BN_DEC_CONV     (1000000000L)
+#  define BN_DEC_NUM      9
+#  define BN_DEC_FMT1     "%u"
+#  define BN_DEC_FMT2     "%09u"
+# endif
+
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+
+#  ifdef BN_DEBUG_RAND
+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
+#   ifndef RAND_bytes
+int RAND_bytes(unsigned char *buf, int num);
+#    define BN_DEBUG_TRIX
+#   endif
+#   define bn_pollute(a) \
+        do { \
+            const BIGNUM *_bnum1 = (a); \
+            if (_bnum1->top < _bnum1->dmax) { \
+                unsigned char _tmp_char; \
+                /* We cast away const without the compiler knowing, any \
+                 * *genuinely* constant variables that aren't mutable \
+                 * wouldn't be constructed with top!=dmax. */ \
+                BN_ULONG *_not_const; \
+                memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
+                RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+                memset(_not_const + _bnum1->top, _tmp_char, \
+                       sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
+            } \
+        } while(0)
+#   ifdef BN_DEBUG_TRIX
+#    undef RAND_bytes
+#   endif
+#  else
+#   define bn_pollute(a)
+#  endif
+#  define bn_check_top(a) \
+        do { \
+                const BIGNUM *_bnum2 = (a); \
+                if (_bnum2 != NULL) { \
+                        OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \
+                                (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \
+                        bn_pollute(_bnum2); \
+                } \
+        } while(0)
+
+#  define bn_fix_top(a)           bn_check_top(a)
+
+#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#  define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                OPENSSL_assert((words) <= (_bnum2)->dmax && \
+                        (words) >= (_bnum2)->top); \
+                /* avoid unused variable warning with NDEBUG */ \
+                (void)(_bnum2); \
+        } while(0)
+
+# else                          /* !BN_DEBUG */
+
+#  define bn_pollute(a)
+#  define bn_check_top(a)
+#  define bn_fix_top(a)           bn_correct_top(a)
+#  define bn_check_size(bn, bits)
+#  define bn_wcheck_size(bn, words)
+
+# endif
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+
+struct bignum_st {
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
+                                 * chunks. */
+    int top;                    /* Index of last used d +1. */
+    /* The next are internal book keeping for bn_expand. */
+    int dmax;                   /* Size of the d array. */
+    int neg;                    /* one if the number is negative */
+    int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+    int ri;                     /* number of bits in R */
+    BIGNUM RR;                  /* used to convert to montgomery form */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+    BIGNUM N;                   /* the divisor */
+    BIGNUM Nr;                  /* the reciprocal */
+    int num_bits;
+    int shift;
+    int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+    unsigned int ver;           /* To handle binary (in)compatibility */
+    void *arg;                  /* callback-specific data */
+    union {
+        /* if (ver==1) - handles old style callbacks */
+        void (*cb_1) (int, int, void *);
+        /* if (ver==2) - new callback style */
+        int (*cb_2) (int, int, BN_GENCB *);
+    } cb;
+};
+
+/*-
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+# define BN_window_bits_for_exponent_size(b) \
+                ((b) > 671 ? 6 : \
+                 (b) > 239 ? 5 : \
+                 (b) >  79 ? 4 : \
+                 (b) >  23 ? 3 : 1)
+
+/*
+ * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
+ * line width of the target processor is at least the following value.
+ */
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH      ( 64 )
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK       (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/*
+ * Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of
+ * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are
+ * defined for cache line sizes of 32 and 64, cache line sizes where
+ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be
+ * used on processors that have a 128 byte or greater cache line size.
+ */
+# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 937 ? 6 : \
+                 (b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (6)
+
+# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (5)
+
+# endif
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+# define BN_MULL_SIZE_NORMAL                     (16)/* 32 */
+# define BN_MUL_RECURSIVE_SIZE_NORMAL            (16)/* 32 less than */
+# define BN_SQR_RECURSIVE_SIZE_NORMAL            (16)/* 32 */
+# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL        (32)/* 32 */
+# define BN_MONT_CTX_SET_SIZE_WORD               (64)/* 32 */
+
+/*
+ * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
+ * size_t was used to perform integer-only operations on pointers.  This
+ * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
+ * is still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. The
+ * only fix here is VMS-specific.
+ */
+# if defined(OPENSSL_SYS_VMS)
+#  if __INITIAL_POINTER_SIZE == 64
+#   define PTR_SIZE_INT long long
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define PTR_SIZE_INT int
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+# elif !defined(PTR_SIZE_INT)   /* defined(OPENSSL_SYS_VMS) */
+#  define PTR_SIZE_INT size_t
+# endif                         /* defined(OPENSSL_SYS_VMS) [else] */
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ *
+ * No, I'm not trying to overwhelm you when stating that the
+ * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
+ * you to be impressed when I say that if the compiler doesn't
+ * support 2*N integer type, then you have to replace every N*N
+ * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
+ * and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of
+ * producing 2*N result... That's when you normally start
+ * considering assembler implementation. However! It should be
+ * pointed out that some CPUs (most notably Alpha, PowerPC and
+ * upcoming IA-64 family:-) provide *separate* instruction
+ * calculating the upper half of the product placing the result
+ * into a general purpose register. Now *if* the compiler supports
+ * inline assembler, then it's not impossible to implement the
+ * "bignum" routines (and have the compiler optimize 'em)
+ * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
+ * macro is about:-)
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+#  if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__DECC)
+#    include <c_asm.h>
+#    define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+#   elif defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret;          \
+        asm ("umulh     %1,%2,%0"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                    })
+#   endif                       /* compiler */
+#  elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret;          \
+        asm ("mulhdu    %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                    })
+#   endif                       /* compiler */
+#  elif (defined(__x86_64) || defined(__x86_64__)) && \
+       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret,discard;  \
+        asm ("mulq      %3"             \
+             : "=a"(discard),"=d"(ret)  \
+             : "a"(a), "g"(b)           \
+             : "cc");                   \
+        ret;                    })
+#    define BN_UMULT_LOHI(low,high,a,b)  \
+        asm ("mulq      %3"             \
+                : "=a"(low),"=d"(high)  \
+                : "a"(a),"g"(b)         \
+                : "cc");
+#   endif
+#  elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+#   if defined(_MSC_VER) && _MSC_VER>=1400
+unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b);
+unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+                          unsigned __int64 *h);
+#    pragma intrinsic(__umulh,_umul128)
+#    define BN_UMULT_HIGH(a,b)           __umulh((a),(b))
+#    define BN_UMULT_LOHI(low,high,a,b)  ((low)=_umul128((a),(b),&(high)))
+#   endif
+#  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+      /* "h" constraint is not an option on R6 and was removed in 4.4 */
+#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#     define BN_UMULT_LOHI(low,high,a,b) ({     \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;       })
+#    else
+#     define BN_UMULT_HIGH(a,b) ({      \
+        register BN_ULONG ret;          \
+        asm ("dmultu    %1,%2"          \
+             : "=h"(ret)                \
+             : "r"(a), "r"(b) : "l");   \
+        ret;                    })
+#     define BN_UMULT_LOHI(low,high,a,b)\
+        asm ("dmultu    %2,%3"          \
+             : "=l"(low),"=h"(high)     \
+             : "r"(a), "r"(b));
+#    endif
+#   endif
+#  elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret;          \
+        asm ("umulh     %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                    })
+#   endif
+#  endif                        /* cpu */
+# endif                         /* OPENSSL_NO_ASM */
+
+/*************************************************************
+ * Using the long long type
+ */
+# define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+# define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+# ifdef BN_DEBUG_RAND
+#  define bn_clear_top2max(a) \
+        { \
+        int      ind = (a)->dmax - (a)->top; \
+        BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+        for (; ind != 0; ind--) \
+                *(++ftl) = 0x0; \
+        }
+# else
+#  define bn_clear_top2max(a)
+# endif
+
+# ifdef BN_LLONG
+#  define mul_add(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (r) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define mul(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define sqr(r0,r1,a) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)(a)*(a); \
+        (r0)=Lw(t); \
+        (r1)=Hw(t); \
+        }
+
+# elif defined(BN_UMULT_LOHI)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        BN_UMULT_LOHI(low,high,w,tmp);  \
+        ret += (c);                     \
+        (c) =  (ret<(c))?1:0;           \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        BN_UMULT_LOHI(low,high,w,ta);   \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
+        }
+
+# elif defined(BN_UMULT_HIGH)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        high=  BN_UMULT_HIGH(w,tmp);    \
+        ret += (c);                     \
+        low =  (w) * tmp;               \
+        (c) =  (ret<(c))?1:0;           \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        low =  (w) * ta;                \
+        high=  BN_UMULT_HIGH(w,ta);     \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        (r0) = tmp * tmp;               \
+        (r1) = BN_UMULT_HIGH(tmp,tmp);  \
+        }
+
+# else
+/*************************************************************
+ * No long long type
+ */
+
+#  define LBITS(a)        ((a)&BN_MASK2l)
+#  define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
+#  define L2HBITS(a)      (((a)<<BN_BITS4)&BN_MASK2)
+
+#  define LLBITS(a)       ((a)&BN_MASKl)
+#  define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
+#  define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+#  define mul64(l,h,bl,bh) \
+        { \
+        BN_ULONG m,m1,lt,ht; \
+ \
+        lt=l; \
+        ht=h; \
+        m =(bh)*(lt); \
+        lt=(bl)*(lt); \
+        m1=(bl)*(ht); \
+        ht =(bh)*(ht); \
+        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+        ht+=HBITS(m); \
+        m1=L2HBITS(m); \
+        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+        (l)=lt; \
+        (h)=ht; \
+        }
+
+#  define sqr64(lo,ho,in) \
+        { \
+        BN_ULONG l,h,m; \
+ \
+        h=(in); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        m =(l)*(h); \
+        l*=l; \
+        h*=h; \
+        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+        l=(l+m)&BN_MASK2; if (l < m) h++; \
+        (lo)=l; \
+        (ho)=h; \
+        }
+
+#  define mul_add(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=(r); \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l; \
+        }
+
+#  define mul(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l&BN_MASK2; \
+        }
+# endif                         /* !BN_LLONG */
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+
+void bn_init(BIGNUM *a);
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+                           int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+                 BN_ULONG *t);
+BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *noinv);
+
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx);
+int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx);
+
+static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
+{
+    if (bits > (INT_MAX - BN_BITS2 + 1))
+        return NULL;
+
+    if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
+        return a;
+
+    return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
+}
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_lib.c b/openssl-1.1.0h/crypto/bn/bn_lib.c
new file mode 100644
index 0000000..7058494
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_lib.c
@@ -0,0 +1,1016 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/opensslconf.h>
+
+/* This stuff appears to be completely unused, so is deprecated */
+#if OPENSSL_API_COMPAT < 0x00908000L
+/*-
+ * For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+{
+    if (mult >= 0) {
+        if (mult > (int)(sizeof(int) * 8) - 1)
+            mult = sizeof(int) * 8 - 1;
+        bn_limit_bits = mult;
+        bn_limit_num = 1 << mult;
+    }
+    if (high >= 0) {
+        if (high > (int)(sizeof(int) * 8) - 1)
+            high = sizeof(int) * 8 - 1;
+        bn_limit_bits_high = high;
+        bn_limit_num_high = 1 << high;
+    }
+    if (low >= 0) {
+        if (low > (int)(sizeof(int) * 8) - 1)
+            low = sizeof(int) * 8 - 1;
+        bn_limit_bits_low = low;
+        bn_limit_num_low = 1 << low;
+    }
+    if (mont >= 0) {
+        if (mont > (int)(sizeof(int) * 8) - 1)
+            mont = sizeof(int) * 8 - 1;
+        bn_limit_bits_mont = mont;
+        bn_limit_num_mont = 1 << mont;
+    }
+}
+
+int BN_get_params(int which)
+{
+    if (which == 0)
+        return (bn_limit_bits);
+    else if (which == 1)
+        return (bn_limit_bits_high);
+    else if (which == 2)
+        return (bn_limit_bits_low);
+    else if (which == 3)
+        return (bn_limit_bits_mont);
+    else
+        return (0);
+}
+#endif
+
+const BIGNUM *BN_value_one(void)
+{
+    static const BN_ULONG data_one = 1L;
+    static const BIGNUM const_one =
+        { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+    return (&const_one);
+}
+
+int BN_num_bits_word(BN_ULONG l)
+{
+    BN_ULONG x, mask;
+    int bits = (l != 0);
+
+#if BN_BITS2 > 32
+    x = l >> 32;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 32 & mask;
+    l ^= (x ^ l) & mask;
+#endif
+
+    x = l >> 16;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 16 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 8;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 8 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 4;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 4 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 2;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 2 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 1;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 1 & mask;
+
+    return bits;
+}
+
+int BN_num_bits(const BIGNUM *a)
+{
+    int i = a->top - 1;
+    bn_check_top(a);
+
+    if (BN_is_zero(a))
+        return 0;
+    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
+
+static void bn_free_d(BIGNUM *a)
+{
+    if (BN_get_flags(a, BN_FLG_SECURE))
+        OPENSSL_secure_free(a->d);
+    else
+        OPENSSL_free(a->d);
+}
+
+
+void BN_clear_free(BIGNUM *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if (a->d != NULL) {
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+        if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+            bn_free_d(a);
+    }
+    i = BN_get_flags(a, BN_FLG_MALLOCED);
+    OPENSSL_cleanse(a, sizeof(*a));
+    if (i)
+        OPENSSL_free(a);
+}
+
+void BN_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+        bn_free_d(a);
+    if (a->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(a);
+    else {
+#if OPENSSL_API_COMPAT < 0x00908000L
+        a->flags |= BN_FLG_FREE;
+#endif
+        a->d = NULL;
+    }
+}
+
+void bn_init(BIGNUM *a)
+{
+    static BIGNUM nilbn;
+
+    *a = nilbn;
+    bn_check_top(a);
+}
+
+BIGNUM *BN_new(void)
+{
+    BIGNUM *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->flags = BN_FLG_MALLOCED;
+    bn_check_top(ret);
+    return (ret);
+}
+
+ BIGNUM *BN_secure_new(void)
+ {
+     BIGNUM *ret = BN_new();
+     if (ret != NULL)
+         ret->flags |= BN_FLG_SECURE;
+     return (ret);
+ }
+
+/* This is used by bn_expand2() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+{
+    BN_ULONG *A, *a = NULL;
+    const BN_ULONG *B;
+    int i;
+
+    bn_check_top(b);
+
+    if (words > (INT_MAX / (4 * BN_BITS2))) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+        return (NULL);
+    }
+    if (BN_get_flags(b, BN_FLG_SECURE))
+        a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
+    else
+        a = A = OPENSSL_zalloc(words * sizeof(*a));
+    if (A == NULL) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+#if 1
+    B = b->d;
+    /* Check if the previous number needs to be copied */
+    if (B != NULL) {
+        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+            /*
+             * The fact that the loop is unrolled
+             * 4-wise is a tribute to Intel. It's
+             * the one that doesn't have enough
+             * registers to accommodate more data.
+             * I'd unroll it 8-wise otherwise:-)
+             *
+             *              <appro@fy.chalmers.se>
+             */
+            BN_ULONG a0, a1, a2, a3;
+            a0 = B[0];
+            a1 = B[1];
+            a2 = B[2];
+            a3 = B[3];
+            A[0] = a0;
+            A[1] = a1;
+            A[2] = a2;
+            A[3] = a3;
+        }
+        switch (b->top & 3) {
+        case 3:
+            A[2] = B[2];
+            /* fall thru */
+        case 2:
+            A[1] = B[1];
+            /* fall thru */
+        case 1:
+            A[0] = B[0];
+            /* fall thru */
+        case 0:
+            /* Without the "case 0" some old optimizers got this wrong. */
+            ;
+        }
+    }
+#else
+    memset(A, 0, sizeof(*A) * words);
+    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+    return (a);
+}
+
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+{
+    bn_check_top(b);
+
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+        if (!a)
+            return NULL;
+        if (b->d) {
+            OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+            bn_free_d(b);
+        }
+        b->d = a;
+        b->dmax = words;
+    }
+
+    bn_check_top(b);
+    return b;
+}
+
+BIGNUM *BN_dup(const BIGNUM *a)
+{
+    BIGNUM *t;
+
+    if (a == NULL)
+        return NULL;
+    bn_check_top(a);
+
+    t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
+    if (t == NULL)
+        return NULL;
+    if (!BN_copy(t, a)) {
+        BN_free(t);
+        return NULL;
+    }
+    bn_check_top(t);
+    return t;
+}
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG *A;
+    const BN_ULONG *B;
+
+    bn_check_top(b);
+
+    if (a == b)
+        return (a);
+    if (bn_wexpand(a, b->top) == NULL)
+        return (NULL);
+
+#if 1
+    A = a->d;
+    B = b->d;
+    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+        BN_ULONG a0, a1, a2, a3;
+        a0 = B[0];
+        a1 = B[1];
+        a2 = B[2];
+        a3 = B[3];
+        A[0] = a0;
+        A[1] = a1;
+        A[2] = a2;
+        A[3] = a3;
+    }
+    /* ultrix cc workaround, see comments in bn_expand_internal */
+    switch (b->top & 3) {
+    case 3:
+        A[2] = B[2];
+        /* fall thru */
+    case 2:
+        A[1] = B[1];
+        /* fall thru */
+    case 1:
+        A[0] = B[0];
+        /* fall thru */
+    case 0:;
+    }
+#else
+    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+    a->top = b->top;
+    a->neg = b->neg;
+    bn_check_top(a);
+    return (a);
+}
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+{
+    int flags_old_a, flags_old_b;
+    BN_ULONG *tmp_d;
+    int tmp_top, tmp_dmax, tmp_neg;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    flags_old_a = a->flags;
+    flags_old_b = b->flags;
+
+    tmp_d = a->d;
+    tmp_top = a->top;
+    tmp_dmax = a->dmax;
+    tmp_neg = a->neg;
+
+    a->d = b->d;
+    a->top = b->top;
+    a->dmax = b->dmax;
+    a->neg = b->neg;
+
+    b->d = tmp_d;
+    b->top = tmp_top;
+    b->dmax = tmp_dmax;
+    b->neg = tmp_neg;
+
+    a->flags =
+        (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+    b->flags =
+        (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+    bn_check_top(a);
+    bn_check_top(b);
+}
+
+void BN_clear(BIGNUM *a)
+{
+    bn_check_top(a);
+    if (a->d != NULL)
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
+    a->top = 0;
+    a->neg = 0;
+}
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+{
+    if (a->top > 1)
+        return BN_MASK2;
+    else if (a->top == 1)
+        return a->d[0];
+    /* a->top == 0 */
+    return 0;
+}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+    bn_check_top(a);
+    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+        return (0);
+    a->neg = 0;
+    a->d[0] = w;
+    a->top = (w ? 1 : 0);
+    bn_check_top(a);
+    return (1);
+}
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return (NULL);
+    bn_check_top(ret);
+    /* Skip leading zero's. */
+    for ( ; len > 0 && *s == 0; s++, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return (ret);
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        l = (l << 8L) | *(s++);
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return (ret);
+}
+
+/* ignore negative */
+static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    int i;
+    BN_ULONG l;
+
+    bn_check_top(a);
+    i = BN_num_bytes(a);
+    if (tolen == -1)
+        tolen = i;
+    else if (tolen < i)
+        return -1;
+    /* Add leading zeroes if necessary */
+    if (tolen > i) {
+        memset(to, 0, tolen - i);
+        to += tolen - i;
+    }
+    while (i--) {
+        l = a->d[i / BN_BYTES];
+        *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+    }
+    return tolen;
+}
+
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    if (tolen < 0)
+        return -1;
+    return bn2binpad(a, to, tolen);
+}
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+    return bn2binpad(a, to, -1);
+}
+
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return (NULL);
+    bn_check_top(ret);
+    s += len;
+    /* Skip trailing zeroes. */
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        s--;
+        l = (l << 8L) | *s;
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    int i;
+    BN_ULONG l;
+    bn_check_top(a);
+    i = BN_num_bytes(a);
+    if (tolen < i)
+        return -1;
+    /* Add trailing zeroes if necessary */
+    if (tolen > i)
+        memset(to + i, 0, tolen - i);
+    to += i;
+    while (i--) {
+        l = a->d[i / BN_BYTES];
+        to--;
+        *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+    }
+    return tolen;
+}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG t1, t2, *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    i = a->top - b->top;
+    if (i != 0)
+        return (i);
+    ap = a->d;
+    bp = b->d;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = ap[i];
+        t2 = bp[i];
+        if (t1 != t2)
+            return ((t1 > t2) ? 1 : -1);
+    }
+    return (0);
+}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    int gt, lt;
+    BN_ULONG t1, t2;
+
+    if ((a == NULL) || (b == NULL)) {
+        if (a != NULL)
+            return (-1);
+        else if (b != NULL)
+            return (1);
+        else
+            return (0);
+    }
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        if (a->neg)
+            return (-1);
+        else
+            return (1);
+    }
+    if (a->neg == 0) {
+        gt = 1;
+        lt = -1;
+    } else {
+        gt = -1;
+        lt = 1;
+    }
+
+    if (a->top > b->top)
+        return (gt);
+    if (a->top < b->top)
+        return (lt);
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = a->d[i];
+        t2 = b->d[i];
+        if (t1 > t2)
+            return (gt);
+        if (t1 < t2)
+            return (lt);
+    }
+    return (0);
+}
+
+int BN_set_bit(BIGNUM *a, int n)
+{
+    int i, j, k;
+
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i) {
+        if (bn_wexpand(a, i + 1) == NULL)
+            return (0);
+        for (k = a->top; k < i + 1; k++)
+            a->d[k] = 0;
+        a->top = i + 1;
+    }
+
+    a->d[i] |= (((BN_ULONG)1) << j);
+    bn_check_top(a);
+    return (1);
+}
+
+int BN_clear_bit(BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return (0);
+
+    a->d[i] &= (~(((BN_ULONG)1) << j));
+    bn_correct_top(a);
+    return (1);
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
+
+int BN_mask_bits(BIGNUM *a, int n)
+{
+    int b, w;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    w = n / BN_BITS2;
+    b = n % BN_BITS2;
+    if (w >= a->top)
+        return 0;
+    if (b == 0)
+        a->top = w;
+    else {
+        a->top = w + 1;
+        a->d[w] &= ~(BN_MASK2 << b);
+    }
+    bn_correct_top(a);
+    return (1);
+}
+
+void BN_set_negative(BIGNUM *a, int b)
+{
+    if (b && !BN_is_zero(a))
+        a->neg = 1;
+    else
+        a->neg = 0;
+}
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+    int i;
+    BN_ULONG aa, bb;
+
+    aa = a[n - 1];
+    bb = b[n - 1];
+    if (aa != bb)
+        return ((aa > bb) ? 1 : -1);
+    for (i = n - 2; i >= 0; i--) {
+        aa = a[i];
+        bb = b[i];
+        if (aa != bb)
+            return ((aa > bb) ? 1 : -1);
+    }
+    return (0);
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words().  It has the
+ * capability of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+    int n, i;
+    n = cl - 1;
+
+    if (dl < 0) {
+        for (i = dl; i < 0; i++) {
+            if (b[n - i] != 0)
+                return -1;      /* a < b */
+        }
+    }
+    if (dl > 0) {
+        for (i = dl; i > 0; i--) {
+            if (a[n + i] != 0)
+                return 1;       /* a > b */
+        }
+    }
+    return bn_cmp_words(a, b, cl);
+}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
+    BN_ULONG t;
+    int i;
+
+    bn_wcheck_size(a, nwords);
+    bn_wcheck_size(b, nwords);
+
+    assert(a != b);
+    assert((condition & (condition - 1)) == 0);
+    assert(sizeof(BN_ULONG) >= sizeof(int));
+
+    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+    t = (a->top ^ b->top) & condition;
+    a->top ^= t;
+    b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+    switch (nwords) {
+    default:
+        for (i = 10; i < nwords; i++)
+            BN_CONSTTIME_SWAP(i);
+        /* Fallthrough */
+    case 10:
+        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
+    case 9:
+        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
+    case 8:
+        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
+    case 7:
+        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
+    case 6:
+        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
+    case 5:
+        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
+    case 4:
+        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
+    case 3:
+        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
+    case 2:
+        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
+    case 1:
+        BN_CONSTTIME_SWAP(0);
+    }
+#undef BN_CONSTTIME_SWAP
+}
+
+/* Bits of security, see SP800-57 */
+
+int BN_security_bits(int L, int N)
+{
+    int secbits, bits;
+    if (L >= 15360)
+        secbits = 256;
+    else if (L >= 7680)
+        secbits = 192;
+    else if (L >= 3072)
+        secbits = 128;
+    else if (L >= 2048)
+        secbits = 112;
+    else if (L >= 1024)
+        secbits = 80;
+    else
+        return 0;
+    if (N == -1)
+        return secbits;
+    bits = N / 2;
+    if (bits < 80)
+        return 0;
+    return bits >= secbits ? secbits : bits;
+}
+
+void BN_zero_ex(BIGNUM *a)
+{
+    a->top = 0;
+    a->neg = 0;
+}
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
+}
+
+int BN_is_zero(const BIGNUM *a)
+{
+    return a->top == 0;
+}
+
+int BN_is_one(const BIGNUM *a)
+{
+    return BN_abs_is_word(a, 1) && !a->neg;
+}
+
+int BN_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return BN_abs_is_word(a, w) && (!w || !a->neg);
+}
+
+int BN_is_odd(const BIGNUM *a)
+{
+    return (a->top > 0) && (a->d[0] & 1);
+}
+
+int BN_is_negative(const BIGNUM *a)
+{
+    return (a->neg != 0);
+}
+
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx)
+{
+    return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
+}
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
+{
+    dest->d = b->d;
+    dest->top = b->top;
+    dest->dmax = b->dmax;
+    dest->neg = b->neg;
+    dest->flags = ((dest->flags & BN_FLG_MALLOCED)
+                   | (b->flags & ~BN_FLG_MALLOCED)
+                   | BN_FLG_STATIC_DATA | flags);
+}
+
+BN_GENCB *BN_GENCB_new(void)
+{
+    BN_GENCB *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    return ret;
+}
+
+void BN_GENCB_free(BN_GENCB *cb)
+{
+    if (cb == NULL)
+        return;
+    OPENSSL_free(cb);
+}
+
+void BN_set_flags(BIGNUM *b, int n)
+{
+    b->flags |= n;
+}
+
+int BN_get_flags(const BIGNUM *b, int n)
+{
+    return b->flags & n;
+}
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 1;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_1 = callback;
+}
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 2;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_2 = callback;
+}
+
+void *BN_GENCB_get_arg(BN_GENCB *cb)
+{
+    return cb->arg;
+}
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words)
+{
+    return (words <= a->dmax) ? a : bn_expand2(a, words);
+}
+
+void bn_correct_top(BIGNUM *a)
+{
+    BN_ULONG *ftl;
+    int tmp_top = a->top;
+
+    if (tmp_top > 0) {
+        for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+            ftl--;
+            if (*ftl != 0)
+                break;
+        }
+        a->top = tmp_top;
+    }
+    if (a->top == 0)
+        a->neg = 0;
+    bn_pollute(a);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_mod.c b/openssl-1.1.0h/crypto/bn/bn_mod.c
new file mode 100644
index 0000000..13b583f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_mod.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+    /*
+     * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+     * always holds)
+     */
+
+    if (!(BN_mod(r, m, d, ctx)))
+        return 0;
+    if (!r->neg)
+        return 1;
+    /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+    return (d->neg ? BN_sub : BN_add) (r, r, d);
+}
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_add(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_add variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_uadd(r, a, b))
+        return 0;
+    if (BN_ucmp(r, m) >= 0)
+        return BN_usub(r, r, m);
+    return 1;
+}
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    if (r->neg)
+        return BN_add(r, r, m);
+    return 1;
+}
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(m);
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (a == b) {
+        if (!BN_sqr(t, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(t, a, b, ctx))
+            goto err;
+    }
+    if (!BN_nnmod(r, t, m, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_sqr(r, a, ctx))
+        return 0;
+    /* r->neg == 0,  thus we don't need BN_nnmod */
+    return BN_mod(r, r, m, ctx);
+}
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    if (BN_cmp(r, m) >= 0)
+        return BN_sub(r, r, m);
+    return 1;
+}
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx)
+{
+    BIGNUM *abs_m = NULL;
+    int ret;
+
+    if (!BN_nnmod(r, a, m, ctx))
+        return 0;
+
+    if (m->neg) {
+        abs_m = BN_dup(m);
+        if (abs_m == NULL)
+            return 0;
+        abs_m->neg = 0;
+    }
+
+    ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+    bn_check_top(r);
+
+    BN_free(abs_m);
+    return ret;
+}
+
+/*
+ * BN_mod_lshift variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+    if (r != a) {
+        if (BN_copy(r, a) == NULL)
+            return 0;
+    }
+
+    while (n > 0) {
+        int max_shift;
+
+        /* 0 < r < m */
+        max_shift = BN_num_bits(m) - BN_num_bits(r);
+        /* max_shift >= 0 */
+
+        if (max_shift < 0) {
+            BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+            return 0;
+        }
+
+        if (max_shift > n)
+            max_shift = n;
+
+        if (max_shift) {
+            if (!BN_lshift(r, r, max_shift))
+                return 0;
+            n -= max_shift;
+        } else {
+            if (!BN_lshift1(r, r))
+                return 0;
+            --n;
+        }
+
+        /* BN_num_bits(r) <= BN_num_bits(m) */
+
+        if (BN_cmp(r, m) >= 0) {
+            if (!BN_sub(r, r, m))
+                return 0;
+        }
+    }
+    bn_check_top(r);
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_mont.c b/openssl-1.1.0h/crypto/bn/bn_mont.c
new file mode 100644
index 0000000..faef581
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_mont.c
@@ -0,0 +1,422 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD               /* use the faster word-based algorithm */
+
+#ifdef MONT_WORD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+#endif
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    BIGNUM *tmp;
+    int ret = 0;
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+    int num = mont->N.top;
+
+    if (num > 1 && a->top == num && b->top == num) {
+        if (bn_wexpand(r, num) == NULL)
+            return (0);
+        if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
+            r->neg = a->neg ^ b->neg;
+            r->top = num;
+            bn_correct_top(r);
+            return (1);
+        }
+    }
+#endif
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    bn_check_top(tmp);
+    if (a == b) {
+        if (!BN_sqr(tmp, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(tmp, a, b, ctx))
+            goto err;
+    }
+    /* reduce from aRR to aR */
+#ifdef MONT_WORD
+    if (!BN_from_montgomery_word(r, tmp, mont))
+        goto err;
+#else
+    if (!BN_from_montgomery(r, tmp, mont, ctx))
+        goto err;
+#endif
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+#ifdef MONT_WORD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
+    BIGNUM *n;
+    BN_ULONG *ap, *np, *rp, n0, v, carry;
+    int nl, max, i;
+
+    n = &(mont->N);
+    nl = n->top;
+    if (nl == 0) {
+        ret->top = 0;
+        return (1);
+    }
+
+    max = (2 * nl);             /* carry is stored separately */
+    if (bn_wexpand(r, max) == NULL)
+        return (0);
+
+    r->neg ^= n->neg;
+    np = n->d;
+    rp = r->d;
+
+    /* clear the top words of T */
+    i = max - r->top;
+    if (i)
+        memset(&rp[r->top], 0, sizeof(*rp) * i);
+
+    r->top = max;
+    n0 = mont->n0[0];
+
+    /*
+     * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
+     * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
+     * includes |carry| which is stored separately.
+     */
+    for (carry = 0, i = 0; i < nl; i++, rp++) {
+        v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+        v = (v + carry + rp[nl]) & BN_MASK2;
+        carry |= (v != rp[nl]);
+        carry &= (v <= rp[nl]);
+        rp[nl] = v;
+    }
+
+    if (bn_wexpand(ret, nl) == NULL)
+        return (0);
+    ret->top = nl;
+    ret->neg = r->neg;
+
+    rp = ret->d;
+
+    /*
+     * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
+     * includes |carry| which is stored separately.
+     */
+    ap = &(r->d[nl]);
+
+    /*
+     * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
+     * cannot be -1. That would imply the subtraction did not fit in |nl| words,
+     * and we know at most one subtraction is needed.
+     */
+    v = bn_sub_words(rp, ap, np, nl) - carry;
+    v = 0 - v;
+    for (i = 0; i < nl; i++) {
+        rp[i] = (v & ap[i]) | (~v & rp[i]);
+        ap[i] = 0;
+    }
+    bn_correct_top(r);
+    bn_correct_top(ret);
+    bn_check_top(ret);
+
+    return (1);
+}
+#endif                          /* MONT_WORD */
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx)
+{
+    int retn = 0;
+#ifdef MONT_WORD
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
+        retn = BN_from_montgomery_word(ret, t, mont);
+    BN_CTX_end(ctx);
+#else                           /* !MONT_WORD */
+    BIGNUM *t1, *t2;
+
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t1 == NULL || t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, a))
+        goto err;
+    BN_mask_bits(t1, mont->ri);
+
+    if (!BN_mul(t2, t1, &mont->Ni, ctx))
+        goto err;
+    BN_mask_bits(t2, mont->ri);
+
+    if (!BN_mul(t1, t2, &mont->N, ctx))
+        goto err;
+    if (!BN_add(t2, a, t1))
+        goto err;
+    if (!BN_rshift(ret, t2, mont->ri))
+        goto err;
+
+    if (BN_ucmp(ret, &(mont->N)) >= 0) {
+        if (!BN_usub(ret, ret, &(mont->N)))
+            goto err;
+    }
+    retn = 1;
+    bn_check_top(ret);
+ err:
+    BN_CTX_end(ctx);
+#endif                          /* MONT_WORD */
+    return (retn);
+}
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+{
+    BN_MONT_CTX *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        return (NULL);
+
+    BN_MONT_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return (ret);
+}
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+    ctx->ri = 0;
+    bn_init(&(ctx->RR));
+    bn_init(&(ctx->N));
+    bn_init(&(ctx->Ni));
+    ctx->n0[0] = ctx->n0[1] = 0;
+    ctx->flags = 0;
+}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+    if (mont == NULL)
+        return;
+
+    BN_clear_free(&(mont->RR));
+    BN_clear_free(&(mont->N));
+    BN_clear_free(&(mont->Ni));
+    if (mont->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(mont);
+}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *Ri, *R;
+
+    if (BN_is_zero(mod))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((Ri = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    R = &(mont->RR);            /* grab RR as a temp */
+    if (!BN_copy(&(mont->N), mod))
+        goto err;               /* Set N */
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
+    mont->N.neg = 0;
+
+#ifdef MONT_WORD
+    {
+        BIGNUM tmod;
+        BN_ULONG buf[2];
+
+        bn_init(&tmod);
+        tmod.d = buf;
+        tmod.dmax = 2;
+        tmod.neg = 0;
+
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
+        mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+
+# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+        /*
+         * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
+         * and we could use the #else case (with a shorter R value) for the
+         * others.  However, currently only the assembler files do know which
+         * is which.
+         */
+
+        BN_zero(R);
+        if (!(BN_set_bit(R, 2 * BN_BITS2)))
+            goto err;
+
+        tmod.top = 0;
+        if ((buf[0] = mod->d[0]))
+            tmod.top = 1;
+        if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+            tmod.top = 2;
+
+        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
+                goto err;
+            /* Ri-- (mod double word size) */
+            Ri->neg = 0;
+            Ri->d[0] = BN_MASK2;
+            Ri->d[1] = BN_MASK2;
+            Ri->top = 2;
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+# else
+        BN_zero(R);
+        if (!(BN_set_bit(R, BN_BITS2)))
+            goto err;           /* R */
+
+        buf[0] = mod->d[0];     /* tmod = N mod word size */
+        buf[1] = 0;
+        tmod.top = buf[0] != 0 ? 1 : 0;
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (!BN_set_word(Ri, BN_MASK2))
+                goto err;       /* Ri-- (mod word size) */
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only least significant word:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = 0;
+# endif
+    }
+#else                           /* !MONT_WORD */
+    {                           /* bignum version */
+        mont->ri = BN_num_bits(&mont->N);
+        BN_zero(R);
+        if (!BN_set_bit(R, mont->ri))
+            goto err;           /* R = 2^ri */
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, mont->ri))
+            goto err;           /* R*Ri */
+        if (!BN_sub_word(Ri, 1))
+            goto err;
+        /*
+         * Ni = (R*Ri-1) / N
+         */
+        if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+            goto err;
+    }
+#endif
+
+    /* setup RR for conversions */
+    BN_zero(&(mont->RR));
+    if (!BN_set_bit(&(mont->RR), mont->ri * 2))
+        goto err;
+    if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+    if (to == from)
+        return (to);
+
+    if (!BN_copy(&(to->RR), &(from->RR)))
+        return NULL;
+    if (!BN_copy(&(to->N), &(from->N)))
+        return NULL;
+    if (!BN_copy(&(to->Ni), &(from->Ni)))
+        return NULL;
+    to->ri = from->ri;
+    to->n0[0] = from->n0[0];
+    to->n0[1] = from->n0[1];
+    return (to);
+}
+
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx)
+{
+    BN_MONT_CTX *ret;
+
+    CRYPTO_THREAD_read_lock(lock);
+    ret = *pmont;
+    CRYPTO_THREAD_unlock(lock);
+    if (ret)
+        return ret;
+
+    /*
+     * We don't want to serialise globally while doing our lazy-init math in
+     * BN_MONT_CTX_set. That punishes threads that are doing independent
+     * things. Instead, punish the case where more than one thread tries to
+     * lazy-init the same 'pmont', by having each do the lazy-init math work
+     * independently and only use the one from the thread that wins the race
+     * (the losers throw away the work they've done).
+     */
+    ret = BN_MONT_CTX_new();
+    if (ret == NULL)
+        return NULL;
+    if (!BN_MONT_CTX_set(ret, mod, ctx)) {
+        BN_MONT_CTX_free(ret);
+        return NULL;
+    }
+
+    /* The locked compare-and-set, after the local work is done. */
+    CRYPTO_THREAD_write_lock(lock);
+    if (*pmont) {
+        BN_MONT_CTX_free(ret);
+        ret = *pmont;
+    } else
+        *pmont = ret;
+    CRYPTO_THREAD_unlock(lock);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_mpi.c b/openssl-1.1.0h/crypto/bn/bn_mpi.c
new file mode 100644
index 0000000..043e21d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_mpi.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
+    int bits;
+    int num = 0;
+    int ext = 0;
+    long l;
+
+    bits = BN_num_bits(a);
+    num = (bits + 7) / 8;
+    if (bits > 0) {
+        ext = ((bits & 0x07) == 0);
+    }
+    if (d == NULL)
+        return (num + 4 + ext);
+
+    l = num + ext;
+    d[0] = (unsigned char)(l >> 24) & 0xff;
+    d[1] = (unsigned char)(l >> 16) & 0xff;
+    d[2] = (unsigned char)(l >> 8) & 0xff;
+    d[3] = (unsigned char)(l) & 0xff;
+    if (ext)
+        d[4] = 0;
+    num = BN_bn2bin(a, &(d[4 + ext]));
+    if (a->neg)
+        d[4] |= 0x80;
+    return (num + 4 + ext);
+}
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
+{
+    long len;
+    int neg = 0;
+    BIGNUM *a = NULL;
+
+    if (n < 4) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+        return NULL;
+    }
+    len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
+        d[3];
+    if ((len + 4) != n) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+        return NULL;
+    }
+
+    if (ain == NULL)
+        a = BN_new();
+    else
+        a = ain;
+
+    if (a == NULL)
+        return NULL;
+
+    if (len == 0) {
+        a->neg = 0;
+        a->top = 0;
+        return a;
+    }
+    d += 4;
+    if ((*d) & 0x80)
+        neg = 1;
+    if (BN_bin2bn(d, (int)len, a) == NULL) {
+        if (ain == NULL)
+            BN_free(a);
+        return NULL;
+    }
+    a->neg = neg;
+    if (neg) {
+        BN_clear_bit(a, BN_num_bits(a) - 1);
+    }
+    bn_check_top(a);
+    return a;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_mul.c b/openssl-1.1.0h/crypto/bn/bn_mul.c
new file mode 100644
index 0000000..a1abc5b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_mul.c
@@ -0,0 +1,1011 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
+/*
+ * Here follows specialised variants of bn_add_words() and bn_sub_words().
+ * They have the property performing operations on arrays of different sizes.
+ * The sizes of those arrays is expressed through cl, which is the common
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
+ * between the two lengths, calculated as len(a)-len(b). All lengths are the
+ * number of BN_ULONGs...  For the operations that require a result array as
+ * parameter, it must have the length cl+abs(dl). These functions should
+ * probably end up in bn_asm.c as soon as there are assembler counterparts
+ * for the systems that use assembler files.
+ */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, t;
+
+    assert(cl >= 0);
+    c = bn_sub_words(r, a, b, cl);
+
+    if (dl == 0)
+        return c;
+
+    r += cl;
+    a += cl;
+    b += cl;
+
+    if (dl < 0) {
+        for (;;) {
+            t = b[0];
+            r[0] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[1];
+            r[1] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[2];
+            r[2] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[3];
+            r[3] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            b += 4;
+            r += 4;
+        }
+    } else {
+        int save_dl = dl;
+        while (c) {
+            t = a[0];
+            r[0] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[1];
+            r[1] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[2];
+            r[2] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[3];
+            r[3] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
+        if (dl > 0) {
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
+#endif
+
+BN_ULONG bn_add_part_words(BN_ULONG *r,
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, l, t;
+
+    assert(cl >= 0);
+    c = bn_add_words(r, a, b, cl);
+
+    if (dl == 0)
+        return c;
+
+    r += cl;
+    a += cl;
+    b += cl;
+
+    if (dl < 0) {
+        int save_dl = dl;
+        while (c) {
+            l = (c + b[0]) & BN_MASK2;
+            c = (l < c);
+            r[0] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[1]) & BN_MASK2;
+            c = (l < c);
+            r[1] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[2]) & BN_MASK2;
+            c = (l < c);
+            r[2] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[3]) & BN_MASK2;
+            c = (l < c);
+            r[3] = l;
+            if (++dl >= 0)
+                break;
+
+            save_dl = dl;
+            b += 4;
+            r += 4;
+        }
+        if (dl < 0) {
+            if (save_dl < dl) {
+                switch (dl - save_dl) {
+                case 1:
+                    r[1] = b[1];
+                    if (++dl >= 0)
+                        break;
+                    /* fall thru */
+                case 2:
+                    r[2] = b[2];
+                    if (++dl >= 0)
+                        break;
+                    /* fall thru */
+                case 3:
+                    r[3] = b[3];
+                    if (++dl >= 0)
+                        break;
+                }
+                b += 4;
+                r += 4;
+            }
+        }
+        if (dl < 0) {
+            for (;;) {
+                r[0] = b[0];
+                if (++dl >= 0)
+                    break;
+                r[1] = b[1];
+                if (++dl >= 0)
+                    break;
+                r[2] = b[2];
+                if (++dl >= 0)
+                    break;
+                r[3] = b[3];
+                if (++dl >= 0)
+                    break;
+
+                b += 4;
+                r += 4;
+            }
+        }
+    } else {
+        int save_dl = dl;
+        while (c) {
+            t = (a[0] + c) & BN_MASK2;
+            c = (t < c);
+            r[0] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[1] + c) & BN_MASK2;
+            c = (t < c);
+            r[1] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[2] + c) & BN_MASK2;
+            c = (t < c);
+            r[2] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[3] + c) & BN_MASK2;
+            c = (t < c);
+            r[3] = t;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
+        if (dl > 0) {
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
+
+#ifdef BN_RECURSION
+/*
+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
+ * Computer Programming, Vol. 2)
+ */
+
+/*-
+ * r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+/* dnX may not be positive, but n2/2+dnX has to be */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t)
+{
+    int n = n2 / 2, c1, c2;
+    int tna = n + dna, tnb = n + dnb;
+    unsigned int neg, zero;
+    BN_ULONG ln, lo, *p;
+
+# ifdef BN_MUL_COMBA
+#  if 0
+    if (n2 == 4) {
+        bn_mul_comba4(r, a, b);
+        return;
+    }
+#  endif
+    /*
+     * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
+     * [steve]
+     */
+    if (n2 == 8 && dna == 0 && dnb == 0) {
+        bn_mul_comba8(r, a, b);
+        return;
+    }
+# endif                         /* BN_MUL_COMBA */
+    /* Else do normal multiply */
+    if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
+        if ((dna + dnb) < 0)
+            memset(&r[2 * n2 + dna + dnb], 0,
+                   sizeof(BN_ULONG) * -(dna + dnb));
+        return;
+    }
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    zero = neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+
+# ifdef BN_MUL_COMBA
+    if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
+                                           * extra args to do this well */
+        if (!zero)
+            bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 8);
+
+        bn_mul_comba4(r, a, b);
+        bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+    } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
+                                                  * take extra args to do
+                                                  * this well */
+        if (!zero)
+            bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 16);
+
+        bn_mul_comba8(r, a, b);
+        bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+    } else
+# endif                         /* BN_MUL_COMBA */
+    {
+        p = &(t[n2 * 2]);
+        if (!zero)
+            bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        else
+            memset(&t[n2], 0, sizeof(*t) * n2);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*
+ * n+tn is the word length t needs to be n*4 is size, as does r
+ */
+/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+                           int tna, int tnb, BN_ULONG *t)
+{
+    int i, j, n2 = n * 2;
+    int c1, c2, neg;
+    BN_ULONG ln, lo, *p;
+
+    if (n < 8) {
+        bn_mul_normal(r, a, n + tna, b, n + tnb);
+        return;
+    }
+
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        /* break; */
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        /* break; */
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        /* break; */
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+    /*
+     * The zero case isn't yet implemented here. The speedup would probably
+     * be negligible.
+     */
+# if 0
+    if (n == 4) {
+        bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        bn_mul_comba4(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+        memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2));
+    } else
+# endif
+    if (n == 8) {
+        bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        bn_mul_comba8(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+        memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb));
+    } else {
+        p = &(t[n2 * 2]);
+        bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        i = n / 2;
+        /*
+         * If there is only a bottom half to the number, just do it
+         */
+        if (tna > tnb)
+            j = tna - i;
+        else
+            j = tnb - i;
+        if (j == 0) {
+            bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                             i, tna - i, tnb - i, p);
+            memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2));
+        } else if (j > 0) {     /* eg, n == 16, i == 8 and tn == 11 */
+            bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                                  i, tna - i, tnb - i, p);
+            memset(&(r[n2 + tna + tnb]), 0,
+                   sizeof(BN_ULONG) * (n2 - tna - tnb));
+        } else {                /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+
+            memset(&r[n2], 0, sizeof(*r) * n2);
+            if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+                && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+                bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+            } else {
+                for (;;) {
+                    i /= 2;
+                    /*
+                     * these simplified conditions work exclusively because
+                     * difference between tna and tnb is 1 or 0
+                     */
+                    if (i < tna || i < tnb) {
+                        bn_mul_part_recursive(&(r[n2]),
+                                              &(a[n]), &(b[n]),
+                                              i, tna - i, tnb - i, p);
+                        break;
+                    } else if (i == tna || i == tnb) {
+                        bn_mul_recursive(&(r[n2]),
+                                         &(a[n]), &(b[n]),
+                                         i, tna - i, tnb - i, p);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t)
+{
+    int n = n2 / 2;
+
+    bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+    if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+    } else {
+        bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+        bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+                 BN_ULONG *t)
+{
+    int i, n;
+    int c1, c2;
+    int neg, oneg, zero;
+    BN_ULONG ll, lc, *lp, *mp;
+
+    n = n2 / 2;
+
+    /* Calculate (al-ah)*(bh-bl) */
+    neg = zero = 0;
+    c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
+    c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+        break;
+    }
+
+    oneg = neg;
+    /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+    /* r[10] = (a[1]*b[1]) */
+# ifdef BN_MUL_COMBA
+    if (n == 8) {
+        bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
+        bn_mul_comba8(r, &(a[n]), &(b[n]));
+    } else
+# endif
+    {
+        bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
+        bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
+    }
+
+    /*-
+     * s0 == low(al*bl)
+     * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+     * We know s0 and s1 so the only unknown is high(al*bl)
+     * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+     * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+     */
+    if (l != NULL) {
+        lp = &(t[n2 + n]);
+        bn_add_words(lp, &(r[0]), &(l[0]), n);
+    } else {
+        lp = &(r[0]);
+    }
+
+    if (neg)
+        neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
+    else {
+        bn_add_words(&(t[n2]), lp, &(t[0]), n);
+        neg = 0;
+    }
+
+    if (l != NULL) {
+        bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
+    } else {
+        lp = &(t[n2 + n]);
+        mp = &(t[n2]);
+        for (i = 0; i < n; i++)
+            lp[i] = ((~mp[i]) + 1) & BN_MASK2;
+    }
+
+    /*-
+     * s[0] = low(al*bl)
+     * t[3] = high(al*bl)
+     * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+     * r[10] = (a[1]*b[1])
+     */
+    /*-
+     * R[10] = al*bl
+     * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+     * R[32] = ah*bh
+     */
+    /*-
+     * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+     * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+     * R[3]=r[1]+(carry/borrow)
+     */
+    if (l != NULL) {
+        lp = &(t[n2]);
+        c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
+    } else {
+        lp = &(t[n2 + n]);
+        c1 = 0;
+    }
+    c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
+    if (oneg)
+        c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+    else
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+
+    c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
+    c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
+    if (oneg)
+        c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
+    else
+        c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+
+    if (c1 != 0) {              /* Add starting at r[0], could be +ve or -ve */
+        i = 0;
+        if (c1 > 0) {
+            lc = c1;
+            do {
+                ll = (r[i] + lc) & BN_MASK2;
+                r[i++] = ll;
+                lc = (lc > ll);
+            } while (lc);
+        } else {
+            lc = -c1;
+            do {
+                ll = r[i];
+                r[i++] = (ll - lc) & BN_MASK2;
+                lc = (lc > ll);
+            } while (lc);
+        }
+    }
+    if (c2 != 0) {              /* Add starting at r[1] */
+        i = n;
+        if (c2 > 0) {
+            lc = c2;
+            do {
+                ll = (r[i] + lc) & BN_MASK2;
+                r[i++] = ll;
+                lc = (lc > ll);
+            } while (lc);
+        } else {
+            lc = -c2;
+            do {
+                ll = r[i];
+                r[i++] = (ll - lc) & BN_MASK2;
+                lc = (lc > ll);
+            } while (lc);
+        }
+    }
+}
+#endif                          /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    int top, al, bl;
+    BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    int i;
+#endif
+#ifdef BN_RECURSION
+    BIGNUM *t = NULL;
+    int j = 0, k;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(r);
+
+    al = a->top;
+    bl = b->top;
+
+    if ((al == 0) || (bl == 0)) {
+        BN_zero(r);
+        return (1);
+    }
+    top = al + bl;
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == b)) {
+        if ((rr = BN_CTX_get(ctx)) == NULL)
+            goto err;
+    } else
+        rr = r;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    i = al - bl;
+#endif
+#ifdef BN_MUL_COMBA
+    if (i == 0) {
+# if 0
+        if (al == 4) {
+            if (bn_wexpand(rr, 8) == NULL)
+                goto err;
+            rr->top = 8;
+            bn_mul_comba4(rr->d, a->d, b->d);
+            goto end;
+        }
+# endif
+        if (al == 8) {
+            if (bn_wexpand(rr, 16) == NULL)
+                goto err;
+            rr->top = 16;
+            bn_mul_comba8(rr->d, a->d, b->d);
+            goto end;
+        }
+    }
+#endif                          /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+    if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+        if (i >= -1 && i <= 1) {
+            /*
+             * Find out the power of two lower or equal to the longest of the
+             * two numbers
+             */
+            if (i >= 0) {
+                j = BN_num_bits_word((BN_ULONG)al);
+            }
+            if (i == -1) {
+                j = BN_num_bits_word((BN_ULONG)bl);
+            }
+            j = 1 << (j - 1);
+            assert(j <= al || j <= bl);
+            k = j + j;
+            t = BN_CTX_get(ctx);
+            if (t == NULL)
+                goto err;
+            if (al > j || bl > j) {
+                if (bn_wexpand(t, k * 4) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 4) == NULL)
+                    goto err;
+                bn_mul_part_recursive(rr->d, a->d, b->d,
+                                      j, al - j, bl - j, t->d);
+            } else {            /* al <= j || bl <= j */
+
+                if (bn_wexpand(t, k * 2) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 2) == NULL)
+                    goto err;
+                bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+            }
+            rr->top = top;
+            goto end;
+        }
+    }
+#endif                          /* BN_RECURSION */
+    if (bn_wexpand(rr, top) == NULL)
+        goto err;
+    rr->top = top;
+    bn_mul_normal(rr->d, a->d, al, b->d, bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ end:
+#endif
+    rr->neg = a->neg ^ b->neg;
+    bn_correct_top(rr);
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
+    BN_ULONG *rr;
+
+    if (na < nb) {
+        int itmp;
+        BN_ULONG *ltmp;
+
+        itmp = na;
+        na = nb;
+        nb = itmp;
+        ltmp = a;
+        a = b;
+        b = ltmp;
+
+    }
+    rr = &(r[na]);
+    if (nb <= 0) {
+        (void)bn_mul_words(r, a, na, 0);
+        return;
+    } else
+        rr[0] = bn_mul_words(r, a, na, b[0]);
+
+    for (;;) {
+        if (--nb <= 0)
+            return;
+        rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+        if (--nb <= 0)
+            return;
+        rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+        if (--nb <= 0)
+            return;
+        rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+        if (--nb <= 0)
+            return;
+        rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+        rr += 4;
+        r += 4;
+        b += 4;
+    }
+}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    bn_mul_words(r, a, n, b[0]);
+
+    for (;;) {
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[1]), a, n, b[1]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[2]), a, n, b[2]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[3]), a, n, b[3]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[4]), a, n, b[4]);
+        r += 4;
+        b += 4;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_nist.c b/openssl-1.1.0h/crypto/bn/bn_nist.c
new file mode 100644
index 0000000..53598f9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_nist.c
@@ -0,0 +1,1239 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "internal/cryptlib.h"
+
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
+#if BN_BITS2 == 64
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
+    0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
+    {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
+                                                    * "carry-full" */
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
+    0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
+    {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
+    {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
+    0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
+    0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
+    0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
+    0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_521[] =
+    { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0x00000000000001FFULL
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
+};
+#elif BN_BITS2 == 32
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
+    0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
+    0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+     0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
+     0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
+     0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
+    {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
+     0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
+    {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
+     0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
+    0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
+    0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+    0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
+    0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0x000001FF
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
+};
+#else
+# error "unsupported BN_BITS2"
+#endif
+
+static const BIGNUM _bignum_nist_p_192 = {
+    (BN_ULONG *)_nist_p_192[0],
+    BN_NIST_192_TOP,
+    BN_NIST_192_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_224 = {
+    (BN_ULONG *)_nist_p_224[0],
+    BN_NIST_224_TOP,
+    BN_NIST_224_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_256 = {
+    (BN_ULONG *)_nist_p_256[0],
+    BN_NIST_256_TOP,
+    BN_NIST_256_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_384 = {
+    (BN_ULONG *)_nist_p_384[0],
+    BN_NIST_384_TOP,
+    BN_NIST_384_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_521 = {
+    (BN_ULONG *)_nist_p_521,
+    BN_NIST_521_TOP,
+    BN_NIST_521_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+{
+    return &_bignum_nist_p_192;
+}
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+{
+    return &_bignum_nist_p_224;
+}
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+{
+    return &_bignum_nist_p_256;
+}
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+{
+    return &_bignum_nist_p_384;
+}
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+{
+    return &_bignum_nist_p_521;
+}
+
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
+{
+    int i;
+
+#ifdef BN_DEBUG
+    OPENSSL_assert(top <= max);
+#endif
+    for (i = 0; i < top; i++)
+        dst[i] = src[i];
+    for (; i < max; i++)
+        dst[i] = 0;
+}
+
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
+{
+    int i;
+
+    for (i = 0; i < top; i++)
+        dst[i] = src[i];
+}
+
+#if BN_BITS2 == 64
+# define bn_cp_64(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_64_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+# define bn_cp_32_naked(to, n, from, m)  (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+# define bn_32_set_0(to, n)              (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+# define bn_cp_32(to,n,from,m)           ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+# if defined(L_ENDIAN)
+#  if defined(__arch64__)
+#   define NIST_INT64 long
+#  else
+#   define NIST_INT64 long long
+#  endif
+# endif
+#else
+# define bn_cp_64(to, n, from, m) \
+        { \
+        bn_cp_32(to, (n)*2, from, (m)*2); \
+        bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+        }
+# define bn_64_set_0(to, n) \
+        { \
+        bn_32_set_0(to, (n)*2); \
+        bn_32_set_0(to, (n)*2+1); \
+        }
+# define bn_cp_32(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_32_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+# if defined(_WIN32) && !defined(__GNUC__)
+#  define NIST_INT64 __int64
+# elif defined(BN_LLONG)
+#  define NIST_INT64 long long
+# endif
+#endif                          /* BN_BITS2 != 64 */
+
+#define nist_set_192(to, from, a1, a2, a3) \
+        { \
+        bn_cp_64(to, 0, from, (a3) - 3) \
+        bn_cp_64(to, 1, from, (a2) - 3) \
+        bn_cp_64(to, 2, from, (a1) - 3) \
+        }
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_192_TOP];
+        unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_192_TOP], *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_192_sqr = {
+        (BN_ULONG *)_nist_p_192_sqr,
+        OSSL_NELEM(_nist_p_192_sqr),
+        OSSL_NELEM(_nist_p_192_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_192; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_192_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
+                 BN_NIST_192_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[3 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[3 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[3 * 2 - 6];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[3 * 2 - 5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[5] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_192_TOP];
+
+        nist_set_192(t_d, buf.bn, 0, 3, 3);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 4, 4, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 5, 5, 5)
+            carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+    }
+#endif
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
+                              BN_NIST_192_TOP);
+    else
+        carry = 1;
+
+    /*
+     * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+     * as comparison implies subtraction, we can write
+     * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+     * this is what happens below, but without explicit if:-) a.
+     */
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
+                                        BN_NIST_192_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)
+        (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+    r->top = BN_NIST_192_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
+                                 const BN_ULONG *, int);
+
+#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
+        { \
+        bn_cp_32(to, 0, from, (a7) - 7) \
+        bn_cp_32(to, 1, from, (a6) - 7) \
+        bn_cp_32(to, 2, from, (a5) - 7) \
+        bn_cp_32(to, 3, from, (a4) - 7) \
+        bn_cp_32(to, 4, from, (a3) - 7) \
+        bn_cp_32(to, 5, from, (a2) - 7) \
+        bn_cp_32(to, 6, from, (a1) - 7) \
+        }
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_224_TOP];
+        unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_224_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_224_sqr = {
+        (BN_ULONG *)_nist_p_224_sqr,
+        OSSL_NELEM(_nist_p_224_sqr),
+        OSSL_NELEM(_nist_p_224_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_224; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_224_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+    } else
+        r_d = a_d;
+
+#if BN_BITS2==64
+    /* copy upper 256 bits of 448 bit number ... */
+    nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1),
+                 top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
+    /* ... and right shift by 32 to obtain upper 224 bits */
+    nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
+    /* truncate lower part to 224 bits too */
+    r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
+#else
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
+                 BN_NIST_224_TOP);
+#endif
+
+#if defined(NIST_INT64) && BN_BITS2!=64
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc -= bp[7 - 7];
+        acc -= bp[11 - 7];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc -= bp[8 - 7];
+        acc -= bp[12 - 7];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc -= bp[9 - 7];
+        acc -= bp[13 - 7];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[7 - 7];
+        acc += bp[11 - 7];
+        acc -= bp[10 - 7];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[8 - 7];
+        acc += bp[12 - 7];
+        acc -= bp[11 - 7];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[9 - 7];
+        acc += bp[13 - 7];
+        acc -= bp[12 - 7];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[10 - 7];
+        acc -= bp[13 - 7];
+        rp[6] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+# if BN_BITS2==64
+        rp[7] = carry;
+# endif
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_224_TOP];
+
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+
+# if BN_BITS2==64
+        carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
+# endif
+    }
+#endif
+    u.f = bn_sub_words;
+    if (carry > 0) {
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
+                              BN_NIST_224_TOP);
+#if BN_BITS2==64
+        carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
+#endif
+    } else if (carry < 0) {
+        /*
+         * it's a bit more complicated logic in this case. if bn_add_words
+         * yields no carry, then result has to be adjusted by unconditionally
+         * *adding* the modulus. but if it does, then result has to be
+         * compared to the modulus and conditionally adjusted by
+         * *subtracting* the latter.
+         */
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
+                              BN_NIST_224_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    /* otherwise it's effectively same as in BN_nist_mod_192... */
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+    r->top = BN_NIST_224_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
+        { \
+        bn_cp_32(to, 0, from, (a8) - 8) \
+        bn_cp_32(to, 1, from, (a7) - 8) \
+        bn_cp_32(to, 2, from, (a6) - 8) \
+        bn_cp_32(to, 3, from, (a5) - 8) \
+        bn_cp_32(to, 4, from, (a4) - 8) \
+        bn_cp_32(to, 5, from, (a3) - 8) \
+        bn_cp_32(to, 6, from, (a2) - 8) \
+        bn_cp_32(to, 7, from, (a1) - 8) \
+        }
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *a_d = a->d, *r_d;
+    union {
+        BN_ULONG bn[BN_NIST_256_TOP];
+        unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_256_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_256_sqr = {
+        (BN_ULONG *)_nist_p_256_sqr,
+        OSSL_NELEM(_nist_p_256_sqr),
+        OSSL_NELEM(_nist_p_256_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_256; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_256_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
+                 BN_NIST_256_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[8 - 8];
+        acc += bp[9 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[9 - 8];
+        acc += bp[10 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[10 - 8];
+        acc += bp[11 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[11 - 8];
+        acc += bp[11 - 8];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[15 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc -= bp[9 - 8];
+        acc -= bp[10 - 8];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[14 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[8 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        rp[7] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_256_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
+        /*
+         * S2
+         */
+        nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
+        carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = BN_NIST_256_TOP; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            carry <<= 1;
+            carry |= c;
+        }
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S3
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S4
+         */
+        nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D1
+         */
+        nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D2
+         */
+        nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D3
+         */
+        nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D4
+         */
+        nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
+                              BN_NIST_256_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
+                              BN_NIST_256_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+    r->top = BN_NIST_256_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+        { \
+        bn_cp_32(to, 0, from,  (a12) - 12) \
+        bn_cp_32(to, 1, from,  (a11) - 12) \
+        bn_cp_32(to, 2, from,  (a10) - 12) \
+        bn_cp_32(to, 3, from,  (a9) - 12)  \
+        bn_cp_32(to, 4, from,  (a8) - 12)  \
+        bn_cp_32(to, 5, from,  (a7) - 12)  \
+        bn_cp_32(to, 6, from,  (a6) - 12)  \
+        bn_cp_32(to, 7, from,  (a5) - 12)  \
+        bn_cp_32(to, 8, from,  (a4) - 12)  \
+        bn_cp_32(to, 9, from,  (a3) - 12)  \
+        bn_cp_32(to, 10, from, (a2) - 12)  \
+        bn_cp_32(to, 11, from, (a1) - 12)  \
+        }
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_384_TOP];
+        unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_384_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_384_sqr = {
+        (BN_ULONG *)_nist_p_384_sqr,
+        OSSL_NELEM(_nist_p_384_sqr),
+        OSSL_NELEM(_nist_p_384_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_384; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_384_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
+                 BN_NIST_384_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[12 - 12];
+        acc += bp[21 - 12];
+        acc += bp[20 - 12];
+        acc -= bp[23 - 12];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[13 - 12];
+        acc += bp[22 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[12 - 12];
+        acc -= bp[20 - 12];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[14 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[13 - 12];
+        acc -= bp[21 - 12];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[15 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[21 - 12];
+        acc -= bp[14 - 12];
+        acc -= bp[22 - 12];
+        acc -= bp[23 - 12];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[21 - 12];
+        acc += bp[21 - 12];
+        acc += bp[16 - 12];
+        acc += bp[13 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[15 - 12];
+        acc -= bp[23 - 12];
+        acc -= bp[23 - 12];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[22 - 12];
+        acc += bp[22 - 12];
+        acc += bp[17 - 12];
+        acc += bp[14 - 12];
+        acc += bp[13 - 12];
+        acc += bp[21 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[16 - 12];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[23 - 12];
+        acc += bp[23 - 12];
+        acc += bp[18 - 12];
+        acc += bp[15 - 12];
+        acc += bp[14 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[17 - 12];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[19 - 12];
+        acc += bp[16 - 12];
+        acc += bp[15 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[18 - 12];
+        rp[7] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[8];
+        acc += bp[20 - 12];
+        acc += bp[17 - 12];
+        acc += bp[16 - 12];
+        acc -= bp[19 - 12];
+        rp[8] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[9];
+        acc += bp[21 - 12];
+        acc += bp[18 - 12];
+        acc += bp[17 - 12];
+        acc -= bp[20 - 12];
+        rp[9] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[10];
+        acc += bp[22 - 12];
+        acc += bp[19 - 12];
+        acc += bp[18 - 12];
+        acc -= bp[21 - 12];
+        rp[10] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[11];
+        acc += bp[23 - 12];
+        acc += bp[20 - 12];
+        acc += bp[19 - 12];
+        acc -= bp[22 - 12];
+        rp[11] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_384_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = 3; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            *ap = c;
+        }
+        carry =
+            (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
+                              t_d, BN_NIST_256_TOP);
+        /*
+         * S2
+         */
+        carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
+        /*
+         * S3
+         */
+        nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22,
+                     21);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S4
+         */
+        nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23,
+                     0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S5
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S6
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D1
+         */
+        nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12,
+                     23);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D2
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D3
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
+                              BN_NIST_384_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
+                              BN_NIST_384_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+    r->top = BN_NIST_384_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define BN_NIST_521_RSHIFT      (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT      (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK    ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_521_sqr = {
+        (BN_ULONG *)_nist_p_521_sqr,
+        OSSL_NELEM(_nist_p_521_sqr),
+        OSSL_NELEM(_nist_p_521_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_521; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_521_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
+    } else
+        r_d = a_d;
+
+    /* upper 521 bits, copy ... */
+    nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
+                 top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
+    /* ... and right shift */
+    for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+#if 0
+        /*
+         * MSC ARM compiler [version 2013, presumably even earlier,
+         * much earlier] miscompiles this code, but not one in
+         * #else section. See RT#3541.
+         */
+        tmp = val >> BN_NIST_521_RSHIFT;
+        val = t_d[i + 1];
+        t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
+        t_d[i] = (val >> BN_NIST_521_RSHIFT |
+                  (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2;
+        val = tmp;
+#endif
+    }
+    t_d[i] = val >> BN_NIST_521_RSHIFT;
+    /* lower 521 bits */
+    r_d[i] &= BN_NIST_521_TOP_MASK;
+
+    bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
+                                        BN_NIST_521_TOP);
+    res = t_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_521_TOP);
+    r->top = BN_NIST_521_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx) {
+    if (BN_ucmp(&_bignum_nist_p_192, p) == 0)
+        return BN_nist_mod_192;
+    if (BN_ucmp(&_bignum_nist_p_224, p) == 0)
+        return BN_nist_mod_224;
+    if (BN_ucmp(&_bignum_nist_p_256, p) == 0)
+        return BN_nist_mod_256;
+    if (BN_ucmp(&_bignum_nist_p_384, p) == 0)
+        return BN_nist_mod_384;
+    if (BN_ucmp(&_bignum_nist_p_521, p) == 0)
+        return BN_nist_mod_521;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_prime.c b/openssl-1.1.0h/crypto/bn/bn_prime.c
new file mode 100644
index 0000000..616389c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_prime.c
@@ -0,0 +1,596 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * The quick sieve algorithm approach to weeding out primes is Philip
+ * Zimmermann's, as implemented in PGP.  I have had a read of his comments
+ * and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+                                  const BIGNUM *add, const BIGNUM *rem,
+                                  BN_CTX *ctx);
+
+static const int prime_offsets[480] = {
+    13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83,
+    89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163,
+    167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229,
+    233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293,
+    299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367,
+    373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433,
+    437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499,
+    503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569,
+    571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631,
+    641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701,
+    703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769,
+    773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839,
+    841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901,
+    907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971,
+    977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031,
+    1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087,
+    1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151,
+    1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213,
+    1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271,
+    1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319,
+    1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373,
+    1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433,
+    1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489,
+    1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549,
+    1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609,
+    1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667,
+    1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721,
+    1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781,
+    1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843,
+    1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901,
+    1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951,
+    1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017,
+    2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071,
+    2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131,
+    2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197,
+    2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249,
+    2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297,
+    2309, 2311
+};
+
+static const int prime_offset_count = 480;
+static const int prime_multiplier = 2310;
+static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <=
+                                              * |prime_multiplier| */
+static const int first_prime_index = 5;
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
+    /* No callback means continue */
+    if (!cb)
+        return 1;
+    switch (cb->ver) {
+    case 1:
+        /* Deprecated-style callbacks */
+        if (!cb->cb.cb_1)
+            return 1;
+        cb->cb.cb_1(a, b, cb->arg);
+        return 1;
+    case 2:
+        /* New-style callbacks */
+        return cb->cb.cb_2(a, b, cb);
+    default:
+        break;
+    }
+    /* Unrecognised callback type */
+    return 0;
+}
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+    BIGNUM *t;
+    int found = 0;
+    int i, j, c1 = 0;
+    BN_CTX *ctx = NULL;
+    prime_t *mods = NULL;
+    int checks = BN_prime_checks_for_size(bits);
+
+    if (bits < 2) {
+        /* There are no prime numbers this small. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    } else if (bits == 2 && safe) {
+        /* The smallest safe prime (7) is three bits. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
+    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (!t)
+        goto err;
+ loop:
+    /* make a random number and set the top and bottom bits */
+    if (add == NULL) {
+        if (!probable_prime(ret, bits, mods))
+            goto err;
+    } else {
+        if (safe) {
+            if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+                goto err;
+        } else {
+            if (!bn_probable_prime_dh(ret, bits, add, rem, ctx))
+                goto err;
+        }
+    }
+
+    if (!BN_GENCB_call(cb, 0, c1++))
+        /* aborted */
+        goto err;
+
+    if (!safe) {
+        i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+        if (i == -1)
+            goto err;
+        if (i == 0)
+            goto loop;
+    } else {
+        /*
+         * for "safe prime" generation, check that (p-1)/2 is prime. Since a
+         * prime is odd, We just need to divide by 2
+         */
+        if (!BN_rshift1(t, ret))
+            goto err;
+
+        for (i = 0; i < checks; i++) {
+            j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            if (!BN_GENCB_call(cb, 2, c1 - 1))
+                goto err;
+            /* We have a safe prime test pass */
+        }
+    }
+    /* we have a prime :-) */
+    found = 1;
+ err:
+    OPENSSL_free(mods);
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    bn_check_top(ret);
+    return found;
+}
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                   BN_GENCB *cb)
+{
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+}
+
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                            int do_trial_division, BN_GENCB *cb)
+{
+    int i, j, ret = -1;
+    int k;
+    BN_CTX *ctx = NULL;
+    BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+    BN_MONT_CTX *mont = NULL;
+
+    if (BN_cmp(a, BN_value_one()) <= 0)
+        return 0;
+
+    if (checks == BN_prime_checks)
+        checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+    /* first look for small factors */
+    if (!BN_is_odd(a))
+        /* a is even => a is prime if and only if a == 2 */
+        return BN_is_word(a, 2);
+    if (do_trial_division) {
+        for (i = 1; i < NUMPRIMES; i++) {
+            BN_ULONG mod = BN_mod_word(a, primes[i]);
+            if (mod == (BN_ULONG)-1)
+                goto err;
+            if (mod == 0)
+                return 0;
+        }
+        if (!BN_GENCB_call(cb, 1, -1))
+            goto err;
+    }
+
+    if (ctx_passed != NULL)
+        ctx = ctx_passed;
+    else if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    A1 = BN_CTX_get(ctx);
+    A1_odd = BN_CTX_get(ctx);
+    check = BN_CTX_get(ctx);
+    if (check == NULL)
+        goto err;
+
+    /* compute A1 := a - 1 */
+    if (!BN_copy(A1, a))
+        goto err;
+    if (!BN_sub_word(A1, 1))
+        goto err;
+    if (BN_is_zero(A1)) {
+        ret = 0;
+        goto err;
+    }
+
+    /* write  A1  as  A1_odd * 2^k */
+    k = 1;
+    while (!BN_is_bit_set(A1, k))
+        k++;
+    if (!BN_rshift(A1_odd, A1, k))
+        goto err;
+
+    /* Montgomery setup for computations mod a */
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, a, ctx))
+        goto err;
+
+    for (i = 0; i < checks; i++) {
+        if (!BN_pseudo_rand_range(check, A1))
+            goto err;
+        if (!BN_add_word(check, 1))
+            goto err;
+        /* now 1 <= check < a */
+
+        j = witness(check, a, A1, A1_odd, k, ctx, mont);
+        if (j == -1)
+            goto err;
+        if (j) {
+            ret = 0;
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 1, i))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        if (ctx_passed == NULL)
+            BN_CTX_free(ctx);
+    }
+    BN_MONT_CTX_free(mont);
+
+    return (ret);
+}
+
+int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx)
+{
+    int i;
+    int ret = 0;
+
+ loop:
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we now have a random number 'rand' to test. */
+
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        if (mod <= 1) {
+            goto loop;
+        }
+    }
+    ret = 1;
+
+ err:
+    bn_check_top(rnd);
+    return (ret);
+}
+
+int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
+{
+    int i;
+    BIGNUM *offset_index;
+    BIGNUM *offset_count;
+    int ret = 0;
+
+    OPENSSL_assert(bits > prime_multiplier_bits);
+
+    BN_CTX_start(ctx);
+    if ((offset_index = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if ((offset_count = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_add_word(offset_count, prime_offset_count))
+        goto err;
+
+ loop:
+    if (!BN_rand(rnd, bits - prime_multiplier_bits,
+                 BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+    if (BN_is_bit_set(rnd, bits))
+        goto loop;
+    if (!BN_rand_range(offset_index, offset_count))
+        goto err;
+
+    if (!BN_mul_word(rnd, prime_multiplier)
+        || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]))
+        goto err;
+
+    /* we now have a random number 'rand' to test. */
+
+    /* skip coprimes */
+    for (i = first_prime_index; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        if (mod <= 1)
+            goto loop;
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(rnd);
+    return ret;
+}
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont)
+{
+    if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+        return -1;
+    if (BN_is_one(w))
+        return 0;               /* probably prime */
+    if (BN_cmp(w, a1) == 0)
+        return 0;               /* w == -1 (mod a), 'a' is probably prime */
+    while (--k) {
+        if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+            return -1;
+        if (BN_is_one(w))
+            return 1;           /* 'a' is composite, otherwise a previous 'w'
+                                 * would have been == -1 (mod 'a') */
+        if (BN_cmp(w, a1) == 0)
+            return 0;           /* w == -1 (mod a), 'a' is probably prime */
+    }
+    /*
+     * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
+     * it is neither -1 nor +1 -- so 'a' cannot be prime
+     */
+    bn_check_top(w);
+    return 1;
+}
+
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
+{
+    int i;
+    BN_ULONG delta;
+    BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+    char is_single_word = bits <= BN_BITS2;
+
+ again:
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+        return (0);
+    /* we now have a random number 'rnd' to test. */
+    for (i = 1; i < NUMPRIMES; i++) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            return 0;
+        mods[i] = (prime_t) mod;
+    }
+    /*
+     * If bits is so small that it fits into a single word then we
+     * additionally don't want to exceed that many bits.
+     */
+    if (is_single_word) {
+        BN_ULONG size_limit;
+
+        if (bits == BN_BITS2) {
+            /*
+             * Shifting by this much has undefined behaviour so we do it a
+             * different way
+             */
+            size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
+        } else {
+            size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
+        }
+        if (size_limit < maxdelta)
+            maxdelta = size_limit;
+    }
+    delta = 0;
+ loop:
+    if (is_single_word) {
+        BN_ULONG rnd_word = BN_get_word(rnd);
+
+        /*-
+         * In the case that the candidate prime is a single word then
+         * we check that:
+         *   1) It's greater than primes[i] because we shouldn't reject
+         *      3 as being a prime number because it's a multiple of
+         *      three.
+         *   2) That it's not a multiple of a known prime. We don't
+         *      check that rnd-1 is also coprime to all the known
+         *      primes because there aren't many small primes where
+         *      that's true.
+         */
+        for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
+            if ((mods[i] + delta) % primes[i] == 0) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
+        }
+    } else {
+        for (i = 1; i < NUMPRIMES; i++) {
+            /*
+             * check that rnd is not a prime and also that gcd(rnd-1,primes)
+             * == 1 (except for 2)
+             */
+            if (((mods[i] + delta) % primes[i]) <= 1) {
+                delta += 2;
+                if (delta > maxdelta)
+                    goto again;
+                goto loop;
+            }
+        }
+    }
+    if (!BN_add_word(rnd, delta))
+        return (0);
+    if (BN_num_bits(rnd) != bits)
+        goto again;
+    bn_check_top(rnd);
+    return (1);
+}
+
+int bn_probable_prime_dh(BIGNUM *rnd, int bits,
+                         const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1;
+
+    BN_CTX_start(ctx);
+    if ((t1 = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+
+    if (!BN_mod(t1, rnd, add, ctx))
+        goto err;
+    if (!BN_sub(rnd, rnd, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(rnd, 1))
+            goto err;
+    } else {
+        if (!BN_add(rnd, rnd, rem))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        if (mod <= 1) {
+            if (!BN_add(rnd, rnd, add))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(rnd);
+    return (ret);
+}
+
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+                                  const BIGNUM *rem, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1, *qadd, *q;
+
+    bits--;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    qadd = BN_CTX_get(ctx);
+    if (qadd == NULL)
+        goto err;
+
+    if (!BN_rshift1(qadd, padd))
+        goto err;
+
+    if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+    if (!BN_mod(t1, q, qadd, ctx))
+        goto err;
+    if (!BN_sub(q, q, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(q, 1))
+            goto err;
+    } else {
+        if (!BN_rshift1(t1, rem))
+            goto err;
+        if (!BN_add(q, q, t1))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+    if (!BN_lshift1(p, q))
+        goto err;
+    if (!BN_add_word(p, 1))
+        goto err;
+
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that p and q are prime */
+        /*
+         * check that for p and q gcd(p-1,primes) == 1 (except for 2)
+         */
+        BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
+        BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
+        if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
+            goto err;
+        if (pmod == 0 || qmod == 0) {
+            if (!BN_add(p, p, padd))
+                goto err;
+            if (!BN_add(q, q, qadd))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(p);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_prime.h b/openssl-1.1.0h/crypto/bn/bn_prime.h
new file mode 100644
index 0000000..41440fa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_prime.h
@@ -0,0 +1,274 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ *
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef unsigned short prime_t;
+# define NUMPRIMES 2048
+
+static const prime_t primes[2048] = {
+
+       2,    3,    5,    7,   11,   13,   17,   19, 
+      23,   29,   31,   37,   41,   43,   47,   53, 
+      59,   61,   67,   71,   73,   79,   83,   89, 
+      97,  101,  103,  107,  109,  113,  127,  131, 
+     137,  139,  149,  151,  157,  163,  167,  173, 
+     179,  181,  191,  193,  197,  199,  211,  223, 
+     227,  229,  233,  239,  241,  251,  257,  263, 
+     269,  271,  277,  281,  283,  293,  307,  311, 
+     313,  317,  331,  337,  347,  349,  353,  359, 
+     367,  373,  379,  383,  389,  397,  401,  409, 
+     419,  421,  431,  433,  439,  443,  449,  457, 
+     461,  463,  467,  479,  487,  491,  499,  503, 
+     509,  521,  523,  541,  547,  557,  563,  569, 
+     571,  577,  587,  593,  599,  601,  607,  613, 
+     617,  619,  631,  641,  643,  647,  653,  659, 
+     661,  673,  677,  683,  691,  701,  709,  719, 
+     727,  733,  739,  743,  751,  757,  761,  769, 
+     773,  787,  797,  809,  811,  821,  823,  827, 
+     829,  839,  853,  857,  859,  863,  877,  881, 
+     883,  887,  907,  911,  919,  929,  937,  941, 
+     947,  953,  967,  971,  977,  983,  991,  997, 
+    1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 
+    1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 
+    1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 
+    1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 
+    1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 
+    1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, 
+    1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, 
+    1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, 
+    1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 
+    1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, 
+    1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, 
+    1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 
+    1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, 
+    1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, 
+    1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, 
+    1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 
+    1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 
+    2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, 
+    2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, 
+    2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 
+    2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, 
+    2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, 
+    2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 
+    2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, 
+    2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, 
+    2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, 
+    2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 
+    2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, 
+    2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, 
+    2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, 
+    2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 
+    2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, 
+    2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, 
+    3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 
+    3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, 
+    3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, 
+    3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, 
+    3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, 
+    3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, 
+    3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, 
+    3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, 
+    3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, 
+    3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, 
+    3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, 
+    3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, 
+    3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, 
+    3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, 
+    3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, 
+    4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 
+    4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, 
+    4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, 
+    4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, 
+    4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, 
+    4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, 
+    4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, 
+    4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, 
+    4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, 
+    4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, 
+    4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, 
+    4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, 
+    4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 
+    4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, 
+    4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, 
+    5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, 
+    5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, 
+    5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, 
+    5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, 
+    5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, 
+    5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, 
+    5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, 
+    5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, 
+    5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, 
+    5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, 
+    5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, 
+    5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, 
+    5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, 
+    5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, 
+    6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, 
+    6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, 
+    6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, 
+    6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, 
+    6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, 
+    6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, 
+    6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, 
+    6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, 
+    6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, 
+    6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, 
+    6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, 
+    6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, 
+    6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, 
+    6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, 
+    6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, 
+    7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, 
+    7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, 
+    7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, 
+    7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, 
+    7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, 
+    7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, 
+    7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, 
+    7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, 
+    7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, 
+    7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, 
+    7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, 
+    7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, 
+    7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, 
+    8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, 
+    8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, 
+    8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, 
+    8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, 
+    8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, 
+    8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, 
+    8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, 
+    8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, 
+    8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, 
+    8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, 
+    8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, 
+    8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, 
+    8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, 
+    8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, 
+    9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, 
+    9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, 
+    9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, 
+    9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, 
+    9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, 
+    9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, 
+    9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, 
+    9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, 
+    9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, 
+    9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, 
+    9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, 
+    9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, 
+    9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, 
+    9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, 
+    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, 
+    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, 
+    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, 
+    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, 
+    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, 
+    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, 
+    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, 
+    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, 
+    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, 
+    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, 
+    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, 
+    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, 
+    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, 
+    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, 
+    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, 
+    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, 
+    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, 
+    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, 
+    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, 
+    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, 
+    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, 
+    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, 
+    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, 
+    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, 
+    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, 
+    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, 
+    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, 
+    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, 
+    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, 
+    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, 
+    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, 
+    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, 
+    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, 
+    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, 
+    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, 
+    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, 
+    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, 
+    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, 
+    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, 
+    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, 
+    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, 
+    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, 
+    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, 
+    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, 
+    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, 
+    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, 
+    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, 
+    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, 
+    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, 
+    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, 
+    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, 
+    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, 
+    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, 
+    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, 
+    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, 
+    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, 
+    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, 
+    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, 
+    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, 
+    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, 
+    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, 
+    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, 
+    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, 
+    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, 
+    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, 
+    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, 
+    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, 
+    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, 
+    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, 
+    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, 
+    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, 
+    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, 
+    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, 
+    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, 
+    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, 
+    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, 
+    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, 
+    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, 
+    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, 
+    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, 
+    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, 
+    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, 
+    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, 
+    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, 
+    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, 
+    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, 
+    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, 
+    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, 
+    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, 
+    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, 
+    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, 
+    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, 
+    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, 
+    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, 
+    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, 
+    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, 
+    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, 
+    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, 
+    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, 
+    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, 
+    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, 
+    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, 
+};
diff --git a/openssl-1.1.0h/crypto/bn/bn_prime.pl b/openssl-1.1.0h/crypto/bn/bn_prime.pl
new file mode 100644
index 0000000..163d4a9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_prime.pl
@@ -0,0 +1,46 @@
+#! /usr/bin/env perl
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ *
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+EOF
+
+
+my $num = shift || 2048;
+my @primes = ( 2 );
+my $p = 1;
+loop: while ($#primes < $num-1) {
+    $p += 2;
+    my $s = int(sqrt($p));
+
+    for (my $i = 0; defined($primes[$i]) && $primes[$i] <= $s; $i++) {
+        next loop if ($p % $primes[$i]) == 0;
+    }
+    push(@primes, $p);
+}
+
+print "typedef unsigned short prime_t;\n";
+printf "# define NUMPRIMES %d\n\n", $num;
+
+printf "static const prime_t primes[%d] = {\n", $num;
+for (my $i = 0; $i <= $#primes; $i++) {
+    printf "\n    " if ($i % 8) == 0;
+    printf "%4d, ", $primes[$i];
+}
+print "\n};\n";
diff --git a/openssl-1.1.0h/crypto/bn/bn_print.c b/openssl-1.1.0h/crypto/bn/bn_print.c
new file mode 100644
index 0000000..5ffe2fc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_print.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char Hex[] = "0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    char *buf;
+    char *p;
+
+    if (BN_is_zero(a))
+        return OPENSSL_strdup("0");
+    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (buf == NULL) {
+        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (a->neg)
+        *(p++) = '-';
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0xff;
+            if (z || (v != 0)) {
+                *(p++) = Hex[v >> 4];
+                *(p++) = Hex[v & 0x0f];
+                z = 1;
+            }
+        }
+    }
+    *p = '\0';
+ err:
+    return (buf);
+}
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+{
+    int i = 0, num, ok = 0;
+    char *buf = NULL;
+    char *p;
+    BIGNUM *t = NULL;
+    BN_ULONG *bn_data = NULL, *lp;
+    int bn_data_num;
+
+    /*-
+     * get an upper bound for the length of the decimal integer
+     * num <= (BN_num_bits(a) + 1) * log(2)
+     *     <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1     (rounding error)
+     *     <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
+     */
+    i = BN_num_bits(a) * 3;
+    num = (i / 10 + i / 1000 + 1) + 1;
+    bn_data_num = num / BN_DEC_NUM + 1;
+    bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+    buf = OPENSSL_malloc(num + 3);
+    if ((buf == NULL) || (bn_data == NULL)) {
+        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((t = BN_dup(a)) == NULL)
+        goto err;
+
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
+    p = buf;
+    lp = bn_data;
+    if (BN_is_zero(t)) {
+        *(p++) = '0';
+        *(p++) = '\0';
+    } else {
+        if (BN_is_negative(t))
+            *p++ = '-';
+
+        while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
+            *lp = BN_div_word(t, BN_DEC_CONV);
+            if (*lp == (BN_ULONG)-1)
+                goto err;
+            lp++;
+        }
+        lp--;
+        /*
+         * We now have a series of blocks, BN_DEC_NUM chars in length, where
+         * the last one needs truncation. The blocks need to be reversed in
+         * order.
+         */
+        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+        while (*p)
+            p++;
+        while (lp != bn_data) {
+            lp--;
+            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+            while (*p)
+                p++;
+        }
+    }
+    ok = 1;
+ err:
+    OPENSSL_free(bn_data);
+    BN_free(t);
+    if (ok)
+        return buf;
+    OPENSSL_free(buf);
+    return NULL;
+}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, h, m, i, j, k, c;
+    int num;
+
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
+
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
+
+    /* a is the start of the hex digits, and it is 'i' long */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of hex digits */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = i;                      /* least significant 'hex' */
+    m = 0;
+    h = 0;
+    while (j > 0) {
+        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+        l = 0;
+        for (;;) {
+            c = a[j - m];
+            k = OPENSSL_hexchar2int(c);
+            if (k < 0)
+                k = 0;          /* paranoia */
+            l = (l << 4) | k;
+
+            if (--m <= 0) {
+                ret->d[h++] = l;
+                break;
+            }
+        }
+        j -= (BN_BYTES * 2);
+    }
+    ret->top = h;
+    bn_correct_top(ret);
+
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, i, j;
+    int num;
+
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
+
+    /*
+     * a is the start of the digits, and it is 'i' long. We chop it into
+     * BN_DEC_NUM digits at a time
+     */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of digits, a bit of an over expand */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = BN_DEC_NUM - (i % BN_DEC_NUM);
+    if (j == BN_DEC_NUM)
+        j = 0;
+    l = 0;
+    while (--i >= 0) {
+        l *= 10;
+        l += *a - '0';
+        a++;
+        if (++j == BN_DEC_NUM) {
+            if (!BN_mul_word(ret, BN_DEC_CONV)
+                || !BN_add_word(ret, l))
+                goto err;
+            l = 0;
+            j = 0;
+        }
+    }
+
+    bn_correct_top(ret);
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
+
+int BN_asc2bn(BIGNUM **bn, const char *a)
+{
+    const char *p = a;
+
+    if (*p == '-')
+        p++;
+
+    if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
+        if (!BN_hex2bn(bn, p + 2))
+            return 0;
+    } else {
+        if (!BN_dec2bn(bn, p))
+            return 0;
+    }
+    /* Don't set the negative flag if it's zero. */
+    if (*a == '-' && (*bn)->top != 0)
+        (*bn)->neg = 1;
+    return 1;
+}
+
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL)
+        return (0);
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = BN_print(b, a);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    int ret = 0;
+
+    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+        goto end;
+    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+        goto end;
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+            if (z || (v != 0)) {
+                if (BIO_write(bp, &(Hex[v]), 1) != 1)
+                    goto end;
+                z = 1;
+            }
+        }
+    }
+    ret = 1;
+ end:
+    return (ret);
+}
+
+char *BN_options(void)
+{
+    static int init = 0;
+    static char data[16];
+
+    if (!init) {
+        init++;
+#ifdef BN_LLONG
+        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
+                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#else
+        BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
+                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#endif
+    }
+    return (data);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_rand.c b/openssl-1.1.0h/crypto/bn/bn_rand.c
new file mode 100644
index 0000000..9ce4c5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_rand.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+{
+    unsigned char *buf = NULL;
+    int ret = 0, bit, bytes, mask;
+    time_t tim;
+
+    if (bits == 0) {
+        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
+            goto toosmall;
+        BN_zero(rnd);
+        return 1;
+    }
+    if (bits < 0 || (bits == 1 && top > 0))
+        goto toosmall;
+
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
+
+    buf = OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make a random number and set the top and bottom bits */
+    time(&tim);
+    RAND_add(&tim, sizeof(tim), 0.0);
+
+    if (RAND_bytes(buf, bytes) <= 0)
+        goto err;
+
+    if (pseudorand == 2) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
+
+        for (i = 0; i < bytes; i++) {
+            if (RAND_bytes(&c, 1) <= 0)
+                goto err;
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
+
+    if (top >= 0) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_clear_free(buf, bytes);
+    bn_check_top(rnd);
+    return (ret);
+
+toosmall:
+    BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+    return 0;
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(0, rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(1, rnd, bits, top, bottom);
+}
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(2, rnd, bits, top, bottom);
+}
+
+/* random number r:  0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+{
+    int (*bn_rand) (BIGNUM *, int, int, int) =
+        pseudo ? BN_pseudo_rand : BN_rand;
+    int n;
+    int count = 100;
+
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
+
+    n = BN_num_bits(range);     /* n > 0 */
+
+    /* BN_is_bit_set(range, n - 1) always holds */
+
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
+
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(0, r, range);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(1, r, range);
+}
+
+/*
+ * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
+ * BN_rand_range, it also includes the contents of |priv| and |message| in
+ * the generation so that an RNG failure isn't fatal as long as |priv|
+ * remains secret. This is intended for use in DSA and ECDSA where an RNG
+ * weakness leads directly to private key exposure unless this function is
+ * used.
+ */
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx)
+{
+    SHA512_CTX sha;
+    /*
+     * We use 512 bits of random data per iteration to ensure that we have at
+     * least |range| bits of randomness.
+     */
+    unsigned char random_bytes[64];
+    unsigned char digest[SHA512_DIGEST_LENGTH];
+    unsigned done, todo;
+    /* We generate |range|+8 bytes of random output. */
+    const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+    unsigned char private_bytes[96];
+    unsigned char *k_bytes;
+    int ret = 0;
+
+    k_bytes = OPENSSL_malloc(num_k_bytes);
+    if (k_bytes == NULL)
+        goto err;
+
+    /* We copy |priv| into a local buffer to avoid exposing its length. */
+    todo = sizeof(priv->d[0]) * priv->top;
+    if (todo > sizeof(private_bytes)) {
+        /*
+         * No reasonable DSA or ECDSA key should have a private key this
+         * large and we don't handle this case in order to avoid leaking the
+         * length of the private key.
+         */
+        BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
+        goto err;
+    }
+    memcpy(private_bytes, priv->d, todo);
+    memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+
+    for (done = 0; done < num_k_bytes;) {
+        if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
+            goto err;
+        SHA512_Init(&sha);
+        SHA512_Update(&sha, &done, sizeof(done));
+        SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
+        SHA512_Update(&sha, message, message_len);
+        SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
+        SHA512_Final(digest, &sha);
+
+        todo = num_k_bytes - done;
+        if (todo > SHA512_DIGEST_LENGTH)
+            todo = SHA512_DIGEST_LENGTH;
+        memcpy(k_bytes + done, digest, todo);
+        done += todo;
+    }
+
+    if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+        goto err;
+    if (BN_mod(out, out, range, ctx) != 1)
+        goto err;
+    ret = 1;
+
+ err:
+    OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_recp.c b/openssl-1.1.0h/crypto/bn/bn_recp.c
new file mode 100644
index 0000000..20585b9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_recp.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
+    memset(recp, 0, sizeof(*recp));
+    bn_init(&(recp->N));
+    bn_init(&(recp->Nr));
+}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+{
+    BN_RECP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return (NULL);
+
+    bn_init(&(ret->N));
+    bn_init(&(ret->Nr));
+    ret->flags = BN_FLG_MALLOCED;
+    return (ret);
+}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+    if (recp == NULL)
+        return;
+
+    BN_free(&(recp->N));
+    BN_free(&(recp->Nr));
+    if (recp->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(recp);
+}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+    if (!BN_copy(&(recp->N), d))
+        return 0;
+    BN_zero(&(recp->Nr));
+    recp->num_bits = BN_num_bits(d);
+    recp->shift = 0;
+    return (1);
+}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a;
+    const BIGNUM *ca;
+
+    BN_CTX_start(ctx);
+    if ((a = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (y != NULL) {
+        if (x == y) {
+            if (!BN_sqr(a, x, ctx))
+                goto err;
+        } else {
+            if (!BN_mul(a, x, y, ctx))
+                goto err;
+        }
+        ca = a;
+    } else
+        ca = x;                 /* Just do the mod */
+
+    ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int i, j, ret = 0;
+    BIGNUM *a, *b, *d, *r;
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (dv != NULL)
+        d = dv;
+    else
+        d = BN_CTX_get(ctx);
+    if (rem != NULL)
+        r = rem;
+    else
+        r = BN_CTX_get(ctx);
+    if (a == NULL || b == NULL || d == NULL || r == NULL)
+        goto err;
+
+    if (BN_ucmp(m, &(recp->N)) < 0) {
+        BN_zero(d);
+        if (!BN_copy(r, m)) {
+            BN_CTX_end(ctx);
+            return 0;
+        }
+        BN_CTX_end(ctx);
+        return (1);
+    }
+
+    /*
+     * We want the remainder Given input of ABCDEF / ab we need multiply
+     * ABCDEF by 3 digests of the reciprocal of ab
+     */
+
+    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+    i = BN_num_bits(m);
+    j = recp->num_bits << 1;
+    if (j > i)
+        i = j;
+
+    /* Nr := round(2^i / N) */
+    if (i != recp->shift)
+        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+    /* BN_reciprocal could have returned -1 for an error */
+    if (recp->shift == -1)
+        goto err;
+
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
+    if (!BN_rshift(a, m, recp->num_bits))
+        goto err;
+    if (!BN_mul(b, a, &(recp->Nr), ctx))
+        goto err;
+    if (!BN_rshift(d, b, i - recp->num_bits))
+        goto err;
+    d->neg = 0;
+
+    if (!BN_mul(b, &(recp->N), d, ctx))
+        goto err;
+    if (!BN_usub(r, m, b))
+        goto err;
+    r->neg = 0;
+
+    j = 0;
+    while (BN_ucmp(r, &(recp->N)) >= 0) {
+        if (j++ > 2) {
+            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+            goto err;
+        }
+        if (!BN_usub(r, r, &(recp->N)))
+            goto err;
+        if (!BN_add_word(d, 1))
+            goto err;
+    }
+
+    r->neg = BN_is_zero(r) ? 0 : m->neg;
+    d->neg = m->neg ^ recp->N.neg;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(dv);
+    bn_check_top(rem);
+    return (ret);
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+    int ret = -1;
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(t, len))
+        goto err;
+
+    if (!BN_div(r, NULL, t, m, ctx))
+        goto err;
+
+    ret = len;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_shift.c b/openssl-1.1.0h/crypto/bn/bn_shift.c
new file mode 100644
index 0000000..6a1eec8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_shift.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+    register BN_ULONG *ap, *rp, t, c;
+    int i;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (r != a) {
+        r->neg = a->neg;
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return (0);
+        r->top = a->top;
+    } else {
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return (0);
+    }
+    ap = a->d;
+    rp = r->d;
+    c = 0;
+    for (i = 0; i < a->top; i++) {
+        t = *(ap++);
+        *(rp++) = ((t << 1) | c) & BN_MASK2;
+        c = (t & BN_TBIT) ? 1 : 0;
+    }
+    if (c) {
+        *rp = 1;
+        r->top++;
+    }
+    bn_check_top(r);
+    return (1);
+}
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+    BN_ULONG *ap, *rp, t, c;
+    int i, j;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        return (1);
+    }
+    i = a->top;
+    ap = a->d;
+    j = i - (ap[i - 1] == 1);
+    if (a != r) {
+        if (bn_wexpand(r, j) == NULL)
+            return (0);
+        r->neg = a->neg;
+    }
+    rp = r->d;
+    t = ap[--i];
+    c = (t & 1) ? BN_TBIT : 0;
+    if (t >>= 1)
+        rp[i] = t;
+    while (i > 0) {
+        t = ap[--i];
+        rp[i] = ((t >> 1) & BN_MASK2) | c;
+        c = (t & 1) ? BN_TBIT : 0;
+    }
+    r->top = j;
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
+    bn_check_top(r);
+    return (1);
+}
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, nw, lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (n < 0) {
+        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    nw = n / BN_BITS2;
+    if (bn_wexpand(r, a->top + nw + 1) == NULL)
+        return (0);
+    r->neg = a->neg;
+    lb = n % BN_BITS2;
+    rb = BN_BITS2 - lb;
+    f = a->d;
+    t = r->d;
+    t[a->top + nw] = 0;
+    if (lb == 0)
+        for (i = a->top - 1; i >= 0; i--)
+            t[nw + i] = f[i];
+    else
+        for (i = a->top - 1; i >= 0; i--) {
+            l = f[i];
+            t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+            t[nw + i] = (l << lb) & BN_MASK2;
+        }
+    memset(t, 0, sizeof(*t) * nw);
+    r->top = a->top + nw + 1;
+    bn_correct_top(r);
+    bn_check_top(r);
+    return (1);
+}
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, j, nw, lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, tmp;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (n < 0) {
+        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    nw = n / BN_BITS2;
+    rb = n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    if (nw >= a->top || a->top == 0) {
+        BN_zero(r);
+        return (1);
+    }
+    i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
+    if (r != a) {
+        if (bn_wexpand(r, i) == NULL)
+            return (0);
+        r->neg = a->neg;
+    } else {
+        if (n == 0)
+            return 1;           /* or the copying loop will go berserk */
+    }
+
+    f = &(a->d[nw]);
+    t = r->d;
+    j = a->top - nw;
+    r->top = i;
+
+    if (rb == 0) {
+        for (i = j; i != 0; i--)
+            *(t++) = *(f++);
+    } else {
+        l = *(f++);
+        for (i = j - 1; i != 0; i--) {
+            tmp = (l >> rb) & BN_MASK2;
+            l = *(f++);
+            *(t++) = (tmp | (l << lb)) & BN_MASK2;
+        }
+        if ((l = (l >> rb) & BN_MASK2))
+            *(t) = l;
+    }
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
+    bn_check_top(r);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_sqr.c b/openssl-1.1.0h/crypto/bn/bn_sqr.c
new file mode 100644
index 0000000..44e7332
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_sqr.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/*
+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
+ */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+    int max, al;
+    int ret = 0;
+    BIGNUM *tmp, *rr;
+
+    bn_check_top(a);
+
+    al = a->top;
+    if (al <= 0) {
+        r->top = 0;
+        r->neg = 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    rr = (a != r) ? r : BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (!rr || !tmp)
+        goto err;
+
+    max = 2 * al;               /* Non-zero (from above) */
+    if (bn_wexpand(rr, max) == NULL)
+        goto err;
+
+    if (al == 4) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[8];
+        bn_sqr_normal(rr->d, a->d, 4, t);
+#else
+        bn_sqr_comba4(rr->d, a->d);
+#endif
+    } else if (al == 8) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[16];
+        bn_sqr_normal(rr->d, a->d, 8, t);
+#else
+        bn_sqr_comba8(rr->d, a->d);
+#endif
+    } else {
+#if defined(BN_RECURSION)
+        if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+            BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+            bn_sqr_normal(rr->d, a->d, al, t);
+        } else {
+            int j, k;
+
+            j = BN_num_bits_word((BN_ULONG)al);
+            j = 1 << (j - 1);
+            k = j + j;
+            if (al == j) {
+                if (bn_wexpand(tmp, k * 2) == NULL)
+                    goto err;
+                bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+            } else {
+                if (bn_wexpand(tmp, max) == NULL)
+                    goto err;
+                bn_sqr_normal(rr->d, a->d, al, tmp->d);
+            }
+        }
+#else
+        if (bn_wexpand(tmp, max) == NULL)
+            goto err;
+        bn_sqr_normal(rr->d, a->d, al, tmp->d);
+#endif
+    }
+
+    rr->neg = 0;
+    /*
+     * If the most-significant half of the top word of 'a' is zero, then the
+     * square of 'a' will max-1 words.
+     */
+    if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+        rr->top = max - 1;
+    else
+        rr->top = max;
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(rr);
+    bn_check_top(tmp);
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+    int i, j, max;
+    const BN_ULONG *ap;
+    BN_ULONG *rp;
+
+    max = n * 2;
+    ap = a;
+    rp = r;
+    rp[0] = rp[max - 1] = 0;
+    rp++;
+    j = n;
+
+    if (--j > 0) {
+        ap++;
+        rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    for (i = n - 2; i > 0; i--) {
+        j--;
+        ap++;
+        rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    bn_add_words(r, r, r, max);
+
+    /* There will not be a carry */
+
+    bn_sqr_words(tmp, a, n);
+
+    bn_add_words(r, r, tmp, max);
+}
+
+#ifdef BN_RECURSION
+/*-
+ * r is 2*n words in size,
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+    int n = n2 / 2;
+    int zero, c1;
+    BN_ULONG ln, lo, *p;
+
+    if (n2 == 4) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 4, t);
+# else
+        bn_sqr_comba4(r, a);
+# endif
+        return;
+    } else if (n2 == 8) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 8, t);
+# else
+        bn_sqr_comba8(r, a);
+# endif
+        return;
+    }
+    if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+        bn_sqr_normal(r, a, n2, t);
+        return;
+    }
+    /* r=(a[0]-a[1])*(a[1]-a[0]) */
+    c1 = bn_cmp_words(a, &(a[n]), n);
+    zero = 0;
+    if (c1 > 0)
+        bn_sub_words(t, a, &(a[n]), n);
+    else if (c1 < 0)
+        bn_sub_words(t, &(a[n]), a, n);
+    else
+        zero = 1;
+
+    /* The result will always be negative unless it is zero */
+    p = &(t[n2 * 2]);
+
+    if (!zero)
+        bn_sqr_recursive(&(t[n2]), t, n, p);
+    else
+        memset(&t[n2], 0, sizeof(*t) * n2);
+    bn_sqr_recursive(r, a, n, p);
+    bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    /* t[32] is negative */
+    c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+     * r[10] holds (a[0]*a[0])
+     * r[32] holds (a[1]*a[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_sqrt.c b/openssl-1.1.0h/crypto/bn/bn_sqrt.c
new file mode 100644
index 0000000..84376c7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_sqrt.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+ * Theory", algorithm 1.5.1). 'p' must be prime!
+ */
+{
+    BIGNUM *ret = in;
+    int err = 1;
+    int r;
+    BIGNUM *A, *b, *q, *t, *x, *y;
+    int e, i, j;
+
+    if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+        if (BN_abs_is_word(p, 2)) {
+            if (ret == NULL)
+                ret = BN_new();
+            if (ret == NULL)
+                goto end;
+            if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
+                if (ret != in)
+                    BN_free(ret);
+                return NULL;
+            }
+            bn_check_top(ret);
+            return ret;
+        }
+
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        return (NULL);
+    }
+
+    if (BN_is_zero(a) || BN_is_one(a)) {
+        if (ret == NULL)
+            ret = BN_new();
+        if (ret == NULL)
+            goto end;
+        if (!BN_set_word(ret, BN_is_one(a))) {
+            if (ret != in)
+                BN_free(ret);
+            return NULL;
+        }
+        bn_check_top(ret);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto end;
+
+    if (ret == NULL)
+        ret = BN_new();
+    if (ret == NULL)
+        goto end;
+
+    /* A = a mod p */
+    if (!BN_nnmod(A, a, p, ctx))
+        goto end;
+
+    /* now write  |p| - 1  as  2^e*q  where  q  is odd */
+    e = 1;
+    while (!BN_is_bit_set(p, e))
+        e++;
+    /* we'll set  q  later (if needed) */
+
+    if (e == 1) {
+        /*-
+         * The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+         * modulo  (|p|-1)/2,  and square roots can be computed
+         * directly by modular exponentiation.
+         * We have
+         *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+         * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+         */
+        if (!BN_rshift(q, p, 2))
+            goto end;
+        q->neg = 0;
+        if (!BN_add_word(q, 1))
+            goto end;
+        if (!BN_mod_exp(ret, A, q, p, ctx))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    if (e == 2) {
+        /*-
+         * |p| == 5  (mod 8)
+         *
+         * In this case  2  is always a non-square since
+         * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+         * So if  a  really is a square, then  2*a  is a non-square.
+         * Thus for
+         *      b := (2*a)^((|p|-5)/8),
+         *      i := (2*a)*b^2
+         * we have
+         *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+         *         = (2*a)^((p-1)/2)
+         *         = -1;
+         * so if we set
+         *      x := a*b*(i-1),
+         * then
+         *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+         *         = a^2 * b^2 * (-2*i)
+         *         = a*(-i)*(2*a*b^2)
+         *         = a*(-i)*i
+         *         = a.
+         *
+         * (This is due to A.O.L. Atkin,
+         * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+         * November 1992.)
+         */
+
+        /* t := 2*a */
+        if (!BN_mod_lshift1_quick(t, A, p))
+            goto end;
+
+        /* b := (2*a)^((|p|-5)/8) */
+        if (!BN_rshift(q, p, 3))
+            goto end;
+        q->neg = 0;
+        if (!BN_mod_exp(b, t, q, p, ctx))
+            goto end;
+
+        /* y := b^2 */
+        if (!BN_mod_sqr(y, b, p, ctx))
+            goto end;
+
+        /* t := (2*a)*b^2 - 1 */
+        if (!BN_mod_mul(t, t, y, p, ctx))
+            goto end;
+        if (!BN_sub_word(t, 1))
+            goto end;
+
+        /* x = a*b*t */
+        if (!BN_mod_mul(x, A, b, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+
+        if (!BN_copy(ret, x))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    /*
+     * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
+     * find some y that is not a square.
+     */
+    if (!BN_copy(q, p))
+        goto end;               /* use 'q' as temp */
+    q->neg = 0;
+    i = 2;
+    do {
+        /*
+         * For efficiency, try small numbers first; if this fails, try random
+         * numbers.
+         */
+        if (i < 22) {
+            if (!BN_set_word(y, i))
+                goto end;
+        } else {
+            if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+                goto end;
+            if (BN_ucmp(y, p) >= 0) {
+                if (!(p->neg ? BN_add : BN_sub) (y, y, p))
+                    goto end;
+            }
+            /* now 0 <= y < |p| */
+            if (BN_is_zero(y))
+                if (!BN_set_word(y, i))
+                    goto end;
+        }
+
+        r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+        if (r < -1)
+            goto end;
+        if (r == 0) {
+            /* m divides p */
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+            goto end;
+        }
+    }
+    while (r == 1 && ++i < 82);
+
+    if (r != -1) {
+        /*
+         * Many rounds and still no non-square -- this is more likely a bug
+         * than just bad luck. Even if p is not prime, we should have found
+         * some y such that r == -1.
+         */
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+        goto end;
+    }
+
+    /* Here's our actual 'q': */
+    if (!BN_rshift(q, q, e))
+        goto end;
+
+    /*
+     * Now that we have some non-square, we can find an element of order 2^e
+     * by computing its q'th power.
+     */
+    if (!BN_mod_exp(y, y, q, p, ctx))
+        goto end;
+    if (BN_is_one(y)) {
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        goto end;
+    }
+
+    /*-
+     * Now we know that (if  p  is indeed prime) there is an integer
+     * k,  0 <= k < 2^e,  such that
+     *
+     *      a^q * y^k == 1   (mod p).
+     *
+     * As  a^q  is a square and  y  is not,  k  must be even.
+     * q+1  is even, too, so there is an element
+     *
+     *     X := a^((q+1)/2) * y^(k/2),
+     *
+     * and it satisfies
+     *
+     *     X^2 = a^q * a     * y^k
+     *         = a,
+     *
+     * so it is the square root that we are looking for.
+     */
+
+    /* t := (q-1)/2  (note that  q  is odd) */
+    if (!BN_rshift1(t, q))
+        goto end;
+
+    /* x := a^((q-1)/2) */
+    if (BN_is_zero(t)) {        /* special case: p = 2^e + 1 */
+        if (!BN_nnmod(t, A, p, ctx))
+            goto end;
+        if (BN_is_zero(t)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        } else if (!BN_one(x))
+            goto end;
+    } else {
+        if (!BN_mod_exp(x, A, t, p, ctx))
+            goto end;
+        if (BN_is_zero(x)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        }
+    }
+
+    /* b := a*x^2  (= a^q) */
+    if (!BN_mod_sqr(b, x, p, ctx))
+        goto end;
+    if (!BN_mod_mul(b, b, A, p, ctx))
+        goto end;
+
+    /* x := a*x    (= a^((q+1)/2)) */
+    if (!BN_mod_mul(x, x, A, p, ctx))
+        goto end;
+
+    while (1) {
+        /*-
+         * Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+         * where  E  refers to the original value of  e,  which we
+         * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+         *
+         * We have  a*b = x^2,
+         *    y^2^(e-1) = -1,
+         *    b^2^(e-1) = 1.
+         */
+
+        if (BN_is_one(b)) {
+            if (!BN_copy(ret, x))
+                goto end;
+            err = 0;
+            goto vrfy;
+        }
+
+        /* find smallest  i  such that  b^(2^i) = 1 */
+        i = 1;
+        if (!BN_mod_sqr(t, b, p, ctx))
+            goto end;
+        while (!BN_is_one(t)) {
+            i++;
+            if (i == e) {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                goto end;
+            }
+            if (!BN_mod_mul(t, t, t, p, ctx))
+                goto end;
+        }
+
+        /* t := y^2^(e - i - 1) */
+        if (!BN_copy(t, y))
+            goto end;
+        for (j = e - i - 1; j > 0; j--) {
+            if (!BN_mod_sqr(t, t, p, ctx))
+                goto end;
+        }
+        if (!BN_mod_mul(y, t, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(b, b, y, p, ctx))
+            goto end;
+        e = i;
+    }
+
+ vrfy:
+    if (!err) {
+        /*
+         * verify the result -- the input might have been not a square (test
+         * added in 0.9.8)
+         */
+
+        if (!BN_mod_sqr(x, ret, p, ctx))
+            err = 1;
+
+        if (!err && 0 != BN_cmp(x, A)) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            err = 1;
+        }
+    }
+
+ end:
+    if (err) {
+        if (ret != in)
+            BN_clear_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_srp.c b/openssl-1.1.0h/crypto/bn/bn_srp.c
new file mode 100644
index 0000000..58b1691
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_srp.c
@@ -0,0 +1,545 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_lcl.h"
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_SRP
+
+#include <openssl/srp.h>
+#include <internal/bn_srp.h>
+
+# if (BN_BYTES == 8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+#  elif defined(__arch64__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+#  else
+#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+#  endif
+# elif (BN_BYTES == 4)
+#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+# else
+#  error "unsupported BN_BYTES"
+# endif
+
+static const BN_ULONG bn_group_1024_value[] = {
+    bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3),
+    bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B),
+    bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A),
+    bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0),
+    bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC),
+    bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885),
+    bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49),
+    bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6),
+    bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1),
+    bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4),
+    bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0),
+    bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3),
+    bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576),
+    bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B),
+    bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8),
+    bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6)
+};
+
+const BIGNUM bn_group_1024 = {
+    (BN_ULONG *)bn_group_1024_value,
+    OSSL_NELEM(bn_group_1024_value),
+    OSSL_NELEM(bn_group_1024_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_1536_value[] = {
+    bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB),
+    bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D),
+    bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3),
+    bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E),
+    bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E),
+    bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8),
+    bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE),
+    bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C),
+    bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486),
+    bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627),
+    bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5),
+    bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1),
+    bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC),
+    bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D),
+    bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914),
+    bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0),
+    bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC),
+    bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843),
+    bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29),
+    bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE),
+    bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D),
+    bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80),
+    bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB),
+    bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A)
+};
+
+const BIGNUM bn_group_1536 = {
+    (BN_ULONG *)bn_group_1536_value,
+    OSSL_NELEM(bn_group_1536_value),
+    OSSL_NELEM(bn_group_1536_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_2048_value[] = {
+    bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73),
+    bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2),
+    bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475),
+    bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4),
+    bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6),
+    bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382),
+    bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8),
+    bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329),
+    bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6),
+    bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378),
+    bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA),
+    bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D),
+    bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748),
+    bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A),
+    bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481),
+    bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016),
+    bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B),
+    bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7),
+    bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74),
+    bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA),
+    bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8),
+    bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8),
+    bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3),
+    bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0),
+    bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50),
+    bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D),
+    bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D),
+    bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED),
+    bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050),
+    bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07),
+    bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F),
+    bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B)
+};
+
+const BIGNUM bn_group_2048 = {
+    (BN_ULONG *)bn_group_2048_value,
+    OSSL_NELEM(bn_group_2048_value),
+    OSSL_NELEM(bn_group_2048_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_3072_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_3072 = {
+    (BN_ULONG *)bn_group_3072_value,
+    OSSL_NELEM(bn_group_3072_value),
+    OSSL_NELEM(bn_group_3072_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_4096_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_4096 = {
+    (BN_ULONG *)bn_group_4096_value,
+    OSSL_NELEM(bn_group_4096_value),
+    OSSL_NELEM(bn_group_4096_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_6144_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_6144 = {
+    (BN_ULONG *)bn_group_6144_value,
+    OSSL_NELEM(bn_group_6144_value),
+    OSSL_NELEM(bn_group_6144_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_8192_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF),
+    bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71),
+    bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF),
+    bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA),
+    bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47),
+    bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B),
+    bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7),
+    bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92),
+    bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268),
+    bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73),
+    bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1),
+    bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D),
+    bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1),
+    bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36),
+    bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D),
+    bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6),
+    bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A),
+    bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8),
+    bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD),
+    bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B),
+    bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7),
+    bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07),
+    bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9),
+    bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D),
+    bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978),
+    bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568),
+    bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466),
+    bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED),
+    bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300),
+    bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA),
+    bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C),
+    bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4),
+    bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_8192 = {
+    (BN_ULONG *)bn_group_8192_value,
+    OSSL_NELEM(bn_group_8192_value),
+    OSSL_NELEM(bn_group_8192_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_generator_19_value[] = { 19 };
+
+const BIGNUM bn_generator_19 = {
+    (BN_ULONG *)bn_generator_19_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_5_value[] = { 5 };
+
+const BIGNUM bn_generator_5 = {
+    (BN_ULONG *)bn_generator_5_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_2_value[] = { 2 };
+
+const BIGNUM bn_generator_2 = {
+    (BN_ULONG *)bn_generator_2_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/bn_word.c b/openssl-1.1.0h/crypto/bn/bn_word.c
new file mode 100644
index 0000000..1af13a5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_word.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
+#ifndef BN_LLONG
+    BN_ULONG ret = 0;
+#else
+    BN_ULLONG ret = 0;
+#endif
+    int i;
+
+    if (w == 0)
+        return (BN_ULONG)-1;
+
+#ifndef BN_LLONG
+    /*
+     * If |w| is too long and we don't have BN_ULLONG then we need to fall
+     * back to using BN_div_word
+     */
+    if (w > ((BN_ULONG)1 << BN_BITS4)) {
+        BIGNUM *tmp = BN_dup(a);
+        if (tmp == NULL)
+            return (BN_ULONG)-1;
+
+        ret = BN_div_word(tmp, w);
+        BN_free(tmp);
+
+        return ret;
+    }
+#endif
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    for (i = a->top - 1; i >= 0; i--) {
+#ifndef BN_LLONG
+        /*
+         * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
+         * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
+         * safe and will not overflow
+         */
+        ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+        ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
+#else
+        ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
+                           (BN_ULLONG) w);
+#endif
+    }
+    return ((BN_ULONG)ret);
+}
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ret = 0;
+    int i, j;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    if (!w)
+        /* actually this an error (division by zero) */
+        return (BN_ULONG)-1;
+    if (a->top == 0)
+        return 0;
+
+    /* normalize input (so bn_div_words doesn't complain) */
+    j = BN_BITS2 - BN_num_bits_word(w);
+    w <<= j;
+    if (!BN_lshift(a, a, j))
+        return (BN_ULONG)-1;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        BN_ULONG l, d;
+
+        l = a->d[i];
+        d = bn_div_words(ret, l, w);
+        ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
+        a->d[i] = d;
+    }
+    if ((a->top > 0) && (a->d[a->top - 1] == 0))
+        a->top--;
+    ret >>= j;
+    if (!a->top)
+        a->neg = 0; /* don't allow negative zero */
+    bn_check_top(a);
+    return (ret);
+}
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG l;
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a))
+        return BN_set_word(a, w);
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_sub_word(a, w);
+        if (!BN_is_zero(a))
+            a->neg = !(a->neg);
+        return (i);
+    }
+    for (i = 0; w != 0 && i < a->top; i++) {
+        a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+        w = (w > l) ? 1 : 0;
+    }
+    if (w && i == a->top) {
+        if (bn_wexpand(a, a->top + 1) == NULL)
+            return 0;
+        a->top++;
+        a->d[i] = w;
+    }
+    bn_check_top(a);
+    return (1);
+}
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a)) {
+        i = BN_set_word(a, w);
+        if (i != 0)
+            BN_set_negative(a, 1);
+        return i;
+    }
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_add_word(a, w);
+        a->neg = 1;
+        return (i);
+    }
+
+    if ((a->top == 1) && (a->d[0] < w)) {
+        a->d[0] = w - a->d[0];
+        a->neg = 1;
+        return (1);
+    }
+    i = 0;
+    for (;;) {
+        if (a->d[i] >= w) {
+            a->d[i] -= w;
+            break;
+        } else {
+            a->d[i] = (a->d[i] - w) & BN_MASK2;
+            i++;
+            w = 1;
+        }
+    }
+    if ((a->d[i] == 0) && (i == (a->top - 1)))
+        a->top--;
+    bn_check_top(a);
+    return (1);
+}
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ll;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    if (a->top) {
+        if (w == 0)
+            BN_zero(a);
+        else {
+            ll = bn_mul_words(a->d, a->d, a->top, w);
+            if (ll) {
+                if (bn_wexpand(a, a->top + 1) == NULL)
+                    return (0);
+                a->d[a->top++] = ll;
+            }
+        }
+    }
+    bn_check_top(a);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/bn/bn_x931p.c b/openssl-1.1.0h/crypto/bn/bn_x931p.c
new file mode 100644
index 0000000..8bfbcac
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/bn_x931p.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "bn_lcl.h"
+
+/* X9.31 routines for prime derivation */
+
+/*
+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
+ * q1, q2) from a parameter Xpi by checking successive odd integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+                             BN_GENCB *cb)
+{
+    int i = 0, is_prime;
+    if (!BN_copy(pi, Xpi))
+        return 0;
+    if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+        return 0;
+    for (;;) {
+        i++;
+        BN_GENCB_call(cb, 0, i);
+        /* NB 27 MR is specified in X9.31 */
+        is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
+        if (is_prime < 0)
+            return 0;
+        if (is_prime)
+            break;
+        if (!BN_add_word(pi, 2))
+            return 0;
+    }
+    BN_GENCB_call(cb, 2, i);
+    return 1;
+}
+
+/*
+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
+ * will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BIGNUM *t, *p1p2, *pm1;
+
+    /* Only even e supported */
+    if (!BN_is_odd(e))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if (!p1)
+        p1 = BN_CTX_get(ctx);
+
+    if (!p2)
+        p2 = BN_CTX_get(ctx);
+
+    t = BN_CTX_get(ctx);
+
+    p1p2 = BN_CTX_get(ctx);
+
+    pm1 = BN_CTX_get(ctx);
+
+    if (pm1 == NULL)
+        goto err;
+
+    if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+        goto err;
+
+    if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+        goto err;
+
+    if (!BN_mul(p1p2, p1, p2, ctx))
+        goto err;
+
+    /* First set p to value of Rp */
+
+    if (!BN_mod_inverse(p, p2, p1, ctx))
+        goto err;
+
+    if (!BN_mul(p, p, p2, ctx))
+        goto err;
+
+    if (!BN_mod_inverse(t, p1, p2, ctx))
+        goto err;
+
+    if (!BN_mul(t, t, p1, ctx))
+        goto err;
+
+    if (!BN_sub(p, p, t))
+        goto err;
+
+    if (p->neg && !BN_add(p, p, p1p2))
+        goto err;
+
+    /* p now equals Rp */
+
+    if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+        goto err;
+
+    if (!BN_add(p, p, Xp))
+        goto err;
+
+    /* p now equals Yp0 */
+
+    for (;;) {
+        int i = 1;
+        BN_GENCB_call(cb, 0, i++);
+        if (!BN_copy(pm1, p))
+            goto err;
+        if (!BN_sub_word(pm1, 1))
+            goto err;
+        if (!BN_gcd(t, pm1, e, ctx))
+            goto err;
+        if (BN_is_one(t)) {
+            /*
+             * X9.31 specifies 8 MR and 1 Lucas test or any prime test
+             * offering similar or better guarantees 50 MR is considerably
+             * better.
+             */
+            int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
+            if (r < 0)
+                goto err;
+            if (r)
+                break;
+        }
+        if (!BN_add(p, p, p1p2))
+            goto err;
+    }
+
+    BN_GENCB_call(cb, 3, 0);
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_end(ctx);
+
+    return ret;
+}
+
+/*
+ * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits
+ * parameter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int i;
+    /*
+     * Number of bits for each prime is of the form 512+128s for s = 0, 1,
+     * ...
+     */
+    if ((nbits < 1024) || (nbits & 0xff))
+        return 0;
+    nbits >>= 1;
+    /*
+     * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
+     * - 1. By setting the top two bits we ensure that the lower bound is
+     * exceeded.
+     */
+    if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+        goto err;
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    for (i = 0; i < 1000; i++) {
+        if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+            goto err;
+        /* Check that |Xp - Xq| > 2^(nbits - 100) */
+        BN_sub(t, Xp, Xq);
+        if (BN_num_bits(t) > (nbits - 100))
+            break;
+    }
+
+    BN_CTX_end(ctx);
+
+    if (i < 1000)
+        return 1;
+
+    return 0;
+
+ err:
+    BN_CTX_end(ctx);
+    return 0;
+}
+
+/*
+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
+ * previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                              BIGNUM *Xp1, BIGNUM *Xp2,
+                              const BIGNUM *Xp,
+                              const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if (Xp1 == NULL)
+        Xp1 = BN_CTX_get(ctx);
+    if (Xp2 == NULL)
+        Xp2 = BN_CTX_get(ctx);
+    if (Xp1 == NULL || Xp2 == NULL)
+        goto error;
+
+    if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+        goto error;
+
+    ret = 1;
+
+ error:
+    BN_CTX_end(ctx);
+
+    return ret;
+
+}
diff --git a/openssl-1.1.0h/crypto/bn/build.info b/openssl-1.1.0h/crypto/bn/build.info
new file mode 100644
index 0000000..c608ecc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/build.info
@@ -0,0 +1,84 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
+        {- $target{bn_asm_src} -} \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+        bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
+INCLUDE[../../libcrypto]=../../crypto/include
+
+INCLUDE[bn_exp.o]=..
+
+GENERATE[bn-586.s]=asm/bn-586.pl \
+	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[bn-586.s]=../perlasm/x86asm.pl
+GENERATE[co-586.s]=asm/co-586.pl \
+	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[co-586.s]=../perlasm/x86asm.pl
+GENERATE[x86-mont.s]=asm/x86-mont.pl \
+	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[x86-mont.s]=../perlasm/x86asm.pl
+GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl \
+	$(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl
+
+GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9a-mont.o]=..
+GENERATE[sparcv9-mont.S]=asm/sparcv9-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9-mont.o]=..
+GENERATE[vis3-mont.S]=asm/vis3-mont.pl $(PERLASM_SCHEME)
+INCLUDE[vis3-mont.o]=..
+GENERATE[sparct4-mont.S]=asm/sparct4-mont.pl $(PERLASM_SCHEME)
+INCLUDE[sparct4-mont.o]=..
+GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl $(PERLASM_SCHEME)
+INCLUDE[sparcv9-gf2m.o]=..
+
+GENERATE[bn-mips.s]=asm/mips.pl $(PERLASM_SCHEME)
+GENERATE[mips-mont.s]=asm/mips-mont.pl $(PERLASM_SCHEME)
+
+GENERATE[s390x-mont.S]=asm/s390x-mont.pl $(PERLASM_SCHEME)
+GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl $(PERLASM_SCHEME)
+
+GENERATE[x86_64-mont.s]=asm/x86_64-mont.pl $(PERLASM_SCHEME)
+GENERATE[x86_64-mont5.s]=asm/x86_64-mont5.pl $(PERLASM_SCHEME)
+GENERATE[x86_64-gf2m.s]=asm/x86_64-gf2m.pl $(PERLASM_SCHEME)
+GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl $(PERLASM_SCHEME)
+
+GENERATE[bn-ia64.s]=asm/ia64.S
+GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(CFLAGS) $(LIB_CFLAGS)
+
+GENERATE[parisc-mont.s]=asm/parisc-mont.pl $(PERLASM_SCHEME)
+
+# ppc - AIX, Linux, MacOS X...
+GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_SCHEME)
+GENERATE[ppc-mont.s]=asm/ppc-mont.pl $(PERLASM_SCHEME)
+GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl $(PERLASM_SCHEME)
+
+GENERATE[alpha-mont.S]=asm/alpha-mont.pl $(PERLASM_SCHEME)
+
+GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME)
+INCLUDE[armv4-mont.o]=..
+GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME)
+INCLUDE[armv4-gf2m.o]=..
+GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME)
+
+OVERRIDES=bn-mips3.o pa-risc2W.o pa-risc2.c
+BEGINRAW[Makefile]
+##### BN assembler implementations
+
+{- $builddir -}/bn-mips3.o:	{- $sourcedir -}/asm/mips3.s
+	@if [ "$(CC)" = "gcc" ]; then \
+		ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
+		as -$$ABI -O -o $@ {- $sourcedir -}/asm/mips3.s; \
+	else	$(CC) -c $(CFLAGS) $(LIB_CFLAGS) -o $@ {- $sourcedir -}/asm/mips3.s; fi
+
+# GNU assembler fails to compile PA-RISC2 modules, insist on calling
+# vendor assembler...
+{- $builddir -}/pa-risc2W.o: {- $sourcedir -}/asm/pa-risc2W.s
+	CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2W.o {- $sourcedir -}/asm/pa-risc2W.s
+{- $builddir -}/pa-risc2.o: {- $sourcedir -}/asm/pa-risc2.s
+	CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2.o {- $sourcedir -}/asm/pa-risc2.s
+
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/bn/rsaz_exp.c b/openssl-1.1.0h/crypto/bn/rsaz_exp.c
new file mode 100644
index 0000000..1a70f6c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/rsaz_exp.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+*                                                                            *
+*  Copyright (c) 2012, Intel Corporation                                     *
+*                                                                            *
+*  All rights reserved.                                                      *
+*                                                                            *
+*  Redistribution and use in source and binary forms, with or without        *
+*  modification, are permitted provided that the following conditions are    *
+*  met:                                                                      *
+*                                                                            *
+*  *  Redistributions of source code must retain the above copyright         *
+*     notice, this list of conditions and the following disclaimer.          *
+*                                                                            *
+*  *  Redistributions in binary form must reproduce the above copyright      *
+*     notice, this list of conditions and the following disclaimer in the    *
+*     documentation and/or other materials provided with the                 *
+*     distribution.                                                          *
+*                                                                            *
+*  *  Neither the name of the Intel Corporation nor the names of its         *
+*     contributors may be used to endorse or promote products derived from   *
+*     this software without specific prior written permission.               *
+*                                                                            *
+*                                                                            *
+*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
+*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
+*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
+*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
+*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
+*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
+*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
+*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
+*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
+*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
+*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
+*                                                                            *
+******************************************************************************
+* Developers and authors:                                                    *
+* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
+* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
+* (2) University of Haifa, Israel                                            *
+*****************************************************************************/
+
+#include <openssl/opensslconf.h>
+#include "rsaz_exp.h"
+
+#ifndef RSAZ_ENABLED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * See crypto/bn/asm/rsaz-avx2.pl for further details.
+ */
+void rsaz_1024_norm2red_avx2(void *red, const void *norm);
+void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b,
+                        const void *n, BN_ULONG k);
+void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k,
+                        int cnt);
+void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i);
+void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i);
+void rsaz_1024_red2norm_avx2(void *norm, const void *red);
+
+#if defined(__GNUC__)
+# define ALIGN64        __attribute__((aligned(64)))
+#elif defined(_MSC_VER)
+# define ALIGN64        __declspec(align(64))
+#elif defined(__SUNPRO_C)
+# define ALIGN64
+# pragma align 64(one,two80)
+#else
+/* not fatal, might hurt performance a little */
+# define ALIGN64
+#endif
+
+ALIGN64 static const BN_ULONG one[40] = {
+    1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+ALIGN64 static const BN_ULONG two80[40] = {
+    0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0)
+{
+    unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */
+    unsigned char *p_str = storage + (64 - ((size_t)storage % 64));
+    unsigned char *a_inv, *m, *result;
+    unsigned char *table_s = p_str + 320 * 3;
+    unsigned char *R2 = table_s; /* borrow */
+    int index;
+    int wvalue;
+
+    if ((((size_t)p_str & 4095) + 320) >> 12) {
+        result = p_str;
+        a_inv = p_str + 320;
+        m = p_str + 320 * 2;    /* should not cross page */
+    } else {
+        m = p_str;              /* should not cross page */
+        result = p_str + 320;
+        a_inv = p_str + 320 * 2;
+    }
+
+    rsaz_1024_norm2red_avx2(m, m_norm);
+    rsaz_1024_norm2red_avx2(a_inv, base_norm);
+    rsaz_1024_norm2red_avx2(R2, RR);
+
+    rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
+    rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
+
+    /* table[0] = 1 */
+    rsaz_1024_mul_avx2(result, R2, one, m, k0);
+    /* table[1] = a_inv^1 */
+    rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
+
+    rsaz_1024_scatter5_avx2(table_s, result, 0);
+    rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
+
+    /* table[2] = a_inv^2 */
+    rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 2);
+#if 0
+    /* this is almost 2x smaller and less than 1% slower */
+    for (index = 3; index < 32; index++) {
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+        rsaz_1024_scatter5_avx2(table_s, result, index);
+    }
+#else
+    /* table[4] = a_inv^4 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 4);
+    /* table[8] = a_inv^8 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 8);
+    /* table[16] = a_inv^16 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 16);
+    /* table[17] = a_inv^17 */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 17);
+
+    /* table[3] */
+    rsaz_1024_gather5_avx2(result, table_s, 2);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 3);
+    /* table[6] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 6);
+    /* table[12] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 12);
+    /* table[24] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 24);
+    /* table[25] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 25);
+
+    /* table[5] */
+    rsaz_1024_gather5_avx2(result, table_s, 4);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 5);
+    /* table[10] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 10);
+    /* table[20] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 20);
+    /* table[21] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 21);
+
+    /* table[7] */
+    rsaz_1024_gather5_avx2(result, table_s, 6);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 7);
+    /* table[14] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 14);
+    /* table[28] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 28);
+    /* table[29] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 29);
+
+    /* table[9] */
+    rsaz_1024_gather5_avx2(result, table_s, 8);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 9);
+    /* table[18] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 18);
+    /* table[19] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 19);
+
+    /* table[11] */
+    rsaz_1024_gather5_avx2(result, table_s, 10);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 11);
+    /* table[22] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 22);
+    /* table[23] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 23);
+
+    /* table[13] */
+    rsaz_1024_gather5_avx2(result, table_s, 12);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 13);
+    /* table[26] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 26);
+    /* table[27] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 27);
+
+    /* table[15] */
+    rsaz_1024_gather5_avx2(result, table_s, 14);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 15);
+    /* table[30] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 30);
+    /* table[31] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 31);
+#endif
+
+    /* load first window */
+    p_str = (unsigned char *)exponent;
+    wvalue = p_str[127] >> 3;
+    rsaz_1024_gather5_avx2(result, table_s, wvalue);
+
+    index = 1014;
+
+    while (index > -1) {        /* loop for the remaining 127 windows */
+
+        rsaz_1024_sqr_avx2(result, result, m, k0, 5);
+
+        wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
+        wvalue = (wvalue >> (index % 8)) & 31;
+        index -= 5;
+
+        rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    }
+
+    /* square four times */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 4);
+
+    wvalue = p_str[0] & 15;
+
+    rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+
+    /* from Montgomery */
+    rsaz_1024_mul_avx2(result, result, one, m, k0);
+
+    rsaz_1024_red2norm_avx2(result_norm, result);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+}
+
+/*
+ * See crypto/bn/rsaz-x86_64.pl for further details.
+ */
+void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n,
+                  BN_ULONG k);
+void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n,
+                           BN_ULONG k, const void *tbl, unsigned int power);
+void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl,
+                          const void *n, BN_ULONG k, unsigned int power);
+void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k);
+void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k,
+                  int cnt);
+void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power);
+void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power);
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8])
+{
+    unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */
+    unsigned char *table = storage + (64 - ((size_t)storage % 64));
+    BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8);
+    BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8);
+    unsigned char *p_str = (unsigned char *)exponent;
+    int index;
+    unsigned int wvalue;
+
+    /* table[0] = 1_inv */
+    temp[0] = 0 - m[0];
+    temp[1] = ~m[1];
+    temp[2] = ~m[2];
+    temp[3] = ~m[3];
+    temp[4] = ~m[4];
+    temp[5] = ~m[5];
+    temp[6] = ~m[6];
+    temp[7] = ~m[7];
+    rsaz_512_scatter4(table, temp, 0);
+
+    /* table [1] = a_inv^1 */
+    rsaz_512_mul(a_inv, base, RR, m, k0);
+    rsaz_512_scatter4(table, a_inv, 1);
+
+    /* table [2] = a_inv^2 */
+    rsaz_512_sqr(temp, a_inv, m, k0, 1);
+    rsaz_512_scatter4(table, temp, 2);
+
+    for (index = 3; index < 16; index++)
+        rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index);
+
+    /* load first window */
+    wvalue = p_str[63];
+
+    rsaz_512_gather4(temp, table, wvalue >> 4);
+    rsaz_512_sqr(temp, temp, m, k0, 4);
+    rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf);
+
+    for (index = 62; index >= 0; index--) {
+        wvalue = p_str[index];
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4);
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f);
+    }
+
+    /* from Montgomery */
+    rsaz_512_mul_by_one(result, temp, m, k0);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/bn/rsaz_exp.h b/openssl-1.1.0h/crypto/bn/rsaz_exp.h
new file mode 100644
index 0000000..9501cc8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/bn/rsaz_exp.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+*                                                                            *
+*  Copyright (c) 2012, Intel Corporation                                     *
+*                                                                            *
+*  All rights reserved.                                                      *
+*                                                                            *
+*  Redistribution and use in source and binary forms, with or without        *
+*  modification, are permitted provided that the following conditions are    *
+*  met:                                                                      *
+*                                                                            *
+*  *  Redistributions of source code must retain the above copyright         *
+*     notice, this list of conditions and the following disclaimer.          *
+*                                                                            *
+*  *  Redistributions in binary form must reproduce the above copyright      *
+*     notice, this list of conditions and the following disclaimer in the    *
+*     documentation and/or other materials provided with the                 *
+*     distribution.                                                          *
+*                                                                            *
+*  *  Neither the name of the Intel Corporation nor the names of its         *
+*     contributors may be used to endorse or promote products derived from   *
+*     this software without specific prior written permission.               *
+*                                                                            *
+*                                                                            *
+*  THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY          *
+*  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
+*  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR        *
+*  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR            *
+*  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,     *
+*  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,       *
+*  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR        *
+*  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF    *
+*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING      *
+*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS        *
+*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.              *
+*                                                                            *
+******************************************************************************
+* Developers and authors:                                                    *
+* Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
+* (1) Intel Corporation, Israel Development Center, Haifa, Israel            *
+* (2) University of Haifa, Israel                                            *
+*****************************************************************************/
+
+#ifndef RSAZ_EXP_H
+# define RSAZ_EXP_H
+
+# undef RSAZ_ENABLED
+# if defined(OPENSSL_BN_ASM_MONT) && \
+        (defined(__x86_64) || defined(__x86_64__) || \
+         defined(_M_AMD64) || defined(_M_X64))
+#  define RSAZ_ENABLED
+
+#  include <openssl/bn.h>
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0);
+int rsaz_avx2_eligible();
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m_norm[8], BN_ULONG k0,
+                      const BN_ULONG RR[8]);
+
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/buffer/buf_err.c b/openssl-1.1.0h/crypto/buffer/buf_err.c
new file mode 100644
index 0000000..a6a2ab8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/buffer/buf_err.c
@@ -0,0 +1,44 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+
+static ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+    {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
+    {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA BUF_str_reasons[] = {
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BUF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BUF_str_functs);
+        ERR_load_strings(0, BUF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/buffer/buffer.c b/openssl-1.1.0h/crypto/buffer/buffer.c
new file mode 100644
index 0000000..f3f8a1b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/buffer/buffer.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+
+/*
+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit
+ * ensures that the result fits in an int.
+ */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
+{
+    BUF_MEM *ret;
+
+    ret = BUF_MEM_new();
+    if (ret != NULL)
+        ret->flags = flags;
+    return (ret);
+}
+
+BUF_MEM *BUF_MEM_new(void)
+{
+    BUF_MEM *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    return (ret);
+}
+
+void BUF_MEM_free(BUF_MEM *a)
+{
+    if (a == NULL)
+        return;
+
+    if (a->data != NULL) {
+        if (a->flags & BUF_MEM_FLAG_SECURE)
+            OPENSSL_secure_clear_free(a->data, a->max);
+        else
+            OPENSSL_clear_free(a->data, a->max);
+    }
+    OPENSSL_free(a);
+}
+
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+    char *ret;
+
+    ret = OPENSSL_secure_malloc(len);
+    if (str->data != NULL) {
+        if (ret != NULL) {
+            memcpy(ret, str->data, str->length);
+            OPENSSL_secure_clear_free(str->data, str->length);
+            str->data = NULL;
+        }
+    }
+    return (ret);
+}
+
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        str->length = len;
+        return (len);
+    }
+    if (str->max >= len) {
+        if (str->data != NULL)
+            memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return (len);
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_realloc(str->data, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return (len);
+}
+
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        if (str->data != NULL)
+            memset(&str->data[len], 0, str->length - len);
+        str->length = len;
+        return (len);
+    }
+    if (str->max >= len) {
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return (len);
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_clear_realloc(str->data, str->max, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return (len);
+}
+
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
+{
+    size_t i;
+    if (in) {
+        out += size - 1;
+        for (i = 0; i < size; i++)
+            *out-- = *in++;
+    } else {
+        unsigned char *q;
+        char c;
+        q = out + size - 1;
+        for (i = 0; i < size / 2; i++) {
+            c = *q;
+            *q-- = *out;
+            *out++ = c;
+        }
+    }
+}
diff --git a/openssl-1.1.0h/crypto/buffer/build.info b/openssl-1.1.0h/crypto/buffer/build.info
new file mode 100644
index 0000000..54da1f9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/buffer/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=buffer.c buf_err.c
diff --git a/openssl-1.1.0h/crypto/build.info b/openssl-1.1.0h/crypto/build.info
new file mode 100644
index 0000000..916d24f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/build.info
@@ -0,0 +1,37 @@
+{- use File::Spec::Functions qw/catdir catfile/; -}
+LIBS=../libcrypto
+SOURCE[../libcrypto]=\
+        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
+        threads_pthread.c threads_win.c threads_none.c \
+        o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
+        {- $target{uplink_aux_src} -}
+EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+        x86cpuid.pl x86_64cpuid.pl ia64cpuid.S \
+        ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+
+DEPEND[cversion.o]=buildinf.h
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS_Q)" "$(PLATFORM)"
+DEPEND[buildinf.h]=../configdata.pm
+
+GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
+GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl $(PERLASM_SCHEME)
+
+GENERATE[x86cpuid.s]=x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[x86cpuid.s]=perlasm/x86asm.pl
+
+GENERATE[x86_64cpuid.s]=x86_64cpuid.pl $(PERLASM_SCHEME)
+
+GENERATE[ia64cpuid.s]=ia64cpuid.S
+GENERATE[ppccpuid.s]=ppccpuid.pl $(PERLASM_SCHEME)
+GENERATE[pariscid.s]=pariscid.pl $(PERLASM_SCHEME)
+GENERATE[alphacpuid.s]=alphacpuid.pl
+GENERATE[arm64cpuid.S]=arm64cpuid.pl $(PERLASM_SCHEME)
+INCLUDE[arm64cpuid.o]=.
+GENERATE[armv4cpuid.S]=armv4cpuid.pl $(PERLASM_SCHEME)
+INCLUDE[armv4cpuid.o]=.
+
+IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+  SHARED_SOURCE[../libcrypto]=dllmain.c
+ENDIF
diff --git a/openssl-1.1.0h/crypto/c64xpluscpuid.pl b/openssl-1.1.0h/crypto/c64xpluscpuid.pl
new file mode 100644
index 0000000..9efe120
--- /dev/null
+++ b/openssl-1.1.0h/crypto/c64xpluscpuid.pl
@@ -0,0 +1,287 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	OPENSSL_rdtsc,_OPENSSL_rdtsc
+	.asg	OPENSSL_cleanse,_OPENSSL_cleanse
+	.asg	CRYPTO_memcmp,_CRYPTO_memcmp
+	.asg	OPENSSL_atomic_add,_OPENSSL_atomic_add
+	.asg	OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
+	.asg	OPENSSL_instrument_bus,_OPENSSL_instrument_bus
+	.asg	OPENSSL_instrument_bus2,_OPENSSL_instrument_bus2
+	.endif
+
+	.asg	B3,RA
+
+	.global	_OPENSSL_rdtsc
+_OPENSSL_rdtsc:
+	.asmfunc
+	B	RA
+	MVC	TSCL,B0
+	MVC	TSCH,B1
+  [!B0]	MVC	B0,TSCL		; start TSC
+	MV	B0,A4
+	MV	B1,A5
+	.endasmfunc
+
+	.global	_OPENSSL_cleanse
+_OPENSSL_cleanse:
+	.asmfunc
+	ZERO	A3:A2
+||	ZERO	B2
+||	SHRU	B4,3,B0		; is length >= 8
+||	ADD	1,A4,B6
+  [!B0]	BNOP	RA
+||	ZERO	A1
+||	ZERO	B1
+   [B0]	MVC	B0,ILC
+||[!B0]	CMPLT	0,B4,A1
+||[!B0]	CMPLT	1,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	2,B4,A1
+||[!B0]	CMPLT	3,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	4,B4,A1
+||[!B0]	CMPLT	5,B4,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+||[!B0]	CMPLT	6,B4,A1
+   [A1]	STB	A2,*A4++[2]
+
+	SPLOOP	1
+	STNDW	A3:A2,*A4++
+||	SUB	B4,8,B4
+	SPKERNEL
+
+	MV	B4,B0		; remaining bytes
+||	ADD	1,A4,B6
+||	BNOP	RA
+   [B0]	CMPLT	0,B0,A1
+|| [B0]	CMPLT	1,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	2,B0,A1
+|| [B0]	CMPLT	3,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	4,B0,A1
+|| [B0]	CMPLT	5,B0,B1
+   [A1]	STB	A2,*A4++[2]
+|| [B1] STB	B2,*B6++[2]
+|| [B0]	CMPLT	6,B0,A1
+   [A1]	STB	A2,*A4++[2]
+	.endasmfunc
+
+	.global	_CRYPTO_memcmp
+_CRYPTO_memcmp:
+	.asmfunc
+	MV	A6,B0
+  [!B0]	BNOP	RA
+||[!B0]	ZERO	A4
+   [B0]	MVC	B0,ILC
+|| [B0]	ZERO	A0
+	NOP	4
+
+	SPLOOP	1
+	LDBU	*A4++,A1
+||	LDBU	*B4++,B1
+	NOP	4
+	XOR.L	B1,A1,A2
+	SPKERNEL 1,0
+||	OR.S	A2,A0,A0
+
+	BNOP	RA,3
+	ZERO.L	A4
+  [A0]	MVK	1,A4
+	.endasmfunc
+
+	.global	_OPENSSL_atomic_add
+_OPENSSL_atomic_add:
+	.asmfunc
+	MV	A4,B0
+atomic_add?:
+	LL	*B0,B5
+	NOP	4
+	ADD	B4,B5,B5
+	SL	B5,*B0
+	CMTL	*B0,B1
+	NOP	4
+  [!B1]	B	atomic_add?
+   [B1]	BNOP	RA,4
+	MV	B5,A4
+	.endasmfunc
+
+	.global	_OPENSSL_wipe_cpu
+_OPENSSL_wipe_cpu:
+	.asmfunc
+	ZERO	A0
+||	ZERO	B0
+||	ZERO	A1
+||	ZERO	B1
+	ZERO	A3:A2
+||	MVD	B0,B2
+||	ZERO	A4
+||	ZERO	B4
+||	ZERO	A5
+||	ZERO	B5
+||	BNOP	RA
+	ZERO	A7:A6
+||	ZERO	B7:B6
+||	ZERO	A8
+||	ZERO	B8
+||	ZERO	A9
+||	ZERO	B9
+	ZERO	A17:A16
+||	ZERO	B17:B16
+||	ZERO	A18
+||	ZERO	B18
+||	ZERO	A19
+||	ZERO	B19
+	ZERO	A21:A20
+||	ZERO	B21:B20
+||	ZERO	A22
+||	ZERO	B22
+||	ZERO	A23
+||	ZERO	B23
+	ZERO	A25:A24
+||	ZERO	B25:B24
+||	ZERO	A26
+||	ZERO	B26
+||	ZERO	A27
+||	ZERO	B27
+	ZERO	A29:A28
+||	ZERO	B29:B28
+||	ZERO	A30
+||	ZERO	B30
+||	ZERO	A31
+||	ZERO	B31
+	.endasmfunc
+
+CLFLUSH	.macro	CONTROL,ADDR,LEN
+	B	passthrough?
+||	STW	ADDR,*CONTROL[0]
+	STW	LEN,*CONTROL[1]
+spinlock?:
+	LDW	*CONTROL[1],A0
+	NOP	3
+passthrough?:
+	NOP
+  [A0]	BNOP	spinlock?,5
+	.endm
+
+	.global	_OPENSSL_instrument_bus
+_OPENSSL_instrument_bus:
+	.asmfunc
+	MV	B4,B0			; reassign sizeof(output)
+||	MV	A4,B4			; reassign output
+||	MVK	0x00004030,A3
+	MV	B0,A4			; return value
+||	MVK	1,A1
+||	MVKH	0x01840000,A3		; L1DWIBAR
+	MVC	TSCL,B8			; collect 1st tick
+||	MVK	0x00004010,A5
+	MV	B8,B9			; lasttick = tick
+||	MVK	0,B7			; lastdiff = 0
+||	MVKH	0x01840000,A5		; L2WIBAR
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	NOP	4
+	STW	B5,*B4
+bus_loop1?:
+	MVC	TSCL,B8
+|| [B0]	SUB	B0,1,B0
+	SUB	B8,B9,B7		; lastdiff = tick - lasttick
+||	MV	B8,B9			; lasttick = tick
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	STW	B5,*B4			; [!B1] is removed to flatten samples
+||	ADDK	4,B4
+|| [B0]	BNOP	bus_loop1?,5
+
+	BNOP	RA,5
+	.endasmfunc
+
+	.global	_OPENSSL_instrument_bus2
+_OPENSSL_instrument_bus2:
+	.asmfunc
+	MV	A6,B0			; reassign max
+||	MV	B4,A6			; reassing sizeof(output)
+||	MVK	0x00004030,A3
+	MV	A4,B4			; reassign output
+||	MVK	0,A4			; return value
+||	MVK	1,A1
+||	MVKH	0x01840000,A3		; L1DWIBAR
+
+	MVC	TSCL,B8			; collect 1st tick
+||	MVK	0x00004010,A5
+	MV	B8,B9			; lasttick = tick
+||	MVK	0,B7			; lastdiff = 0
+||	MVKH	0x01840000,A5		; L2WIBAR
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	NOP	4
+	STW	B5,*B4
+
+	MVC	TSCL,B8			; collect 1st diff
+	SUB	B8,B9,B7		; lastdiff = tick - lasttick
+||	MV	B8,B9			; lasttick = tick
+||	SUB	B0,1,B0
+bus_loop2?:
+	CLFLUSH	A3,B4,A1		; write-back and invalidate L1D line
+	CLFLUSH	A5,B4,A1		; write-back and invalidate L2 line
+	LL	*B4,B5
+	NOP	4
+	ADD	B7,B5,B5
+	SL	B5,*B4
+	CMTL	*B4,B1
+	STW	B5,*B4			; [!B1] is removed to flatten samples
+||[!B0]	BNOP	bus_loop2_done?,2
+||	SUB	B0,1,B0
+	MVC	TSCL,B8
+	SUB	B8,B9,B8
+||	MV	B8,B9
+	CMPEQ	B8,B7,B2
+||	MV	B8,B7
+  [!B2]	ADDAW	B4,1,B4
+||[!B2]	ADDK	1,A4
+	CMPEQ	A4,A6,A2
+  [!A2]	BNOP	bus_loop2?,5
+
+bus_loop2_done?:
+	BNOP	RA,5
+	.endasmfunc
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/camellia/asm/cmll-x86.pl b/openssl-1.1.0h/crypto/camellia/asm/cmll-x86.pl
new file mode 100644
index 0000000..59f9ed9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/asm/cmll-x86.pl
@@ -0,0 +1,1150 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
+#
+# This module may be used under the terms of either the GNU General
+# Public License version 2 or later, the GNU Lesser General Public
+# License version 2.1 or later, the Mozilla Public License version
+# 1.1 or the BSD License. The exact terms of either license are
+# distributed along with this module. For further details see
+# http://www.openssl.org/~appro/camellia/.
+# ====================================================================
+
+# Performance in cycles per processed byte (less is better) in
+# 'openssl speed ...' benchmark:
+#
+#			AMD K8	Core2	PIII	P4
+# -evp camellia-128-ecb	21.5	22.8	27.0	28.9
+# + over gcc 3.4.6	+90/11% +70/10%	+53/4%	+160/64%
+# + over icc 8.0	+48/19% +21/15%	+21/17%	+55/37%
+#
+# camellia-128-cbc	17.3	21.1	23.9	25.9
+#
+# 128-bit key setup	196	280	256	240	cycles/key
+# + over gcc 3.4.6	+30/0%	+17/11%	+11/0%	+63/40%
+# + over icc 8.0	+18/3%	+10/0%	+10/3%	+21/10%
+#
+# Pairs of numbers in "+" rows represent performance improvement over
+# compiler generated position-independent code, PIC, and non-PIC
+# respectively. PIC results are of greater relevance, as this module
+# is position-independent, i.e. suitable for a shared library or PIE.
+# Position independence "costs" one register, which is why compilers
+# are so close with non-PIC results, they have an extra register to
+# spare. CBC results are better than ECB ones thanks to "zero-copy"
+# private _x86_* interface, and are ~30-40% better than with compiler
+# generated cmll_cbc.o, and reach ~80-90% of x86_64 performance on
+# same CPU (where applicable).
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$OPENSSL=1;
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"cmll-586.pl",$ARGV[$#ARGV] eq "386");
+
+@T=("eax","ebx","ecx","edx");
+$idx="esi";
+$key="edi";
+$Tbl="ebp";
+
+# stack frame layout in _x86_Camellia_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp");	# return address
+$__s0=&DWP(4,"esp");	# s0 backing store
+$__s1=&DWP(8,"esp");	# s1 backing store
+$__s2=&DWP(12,"esp");	# s2 backing store
+$__s3=&DWP(16,"esp");	# s3 backing store
+$__end=&DWP(20,"esp");	# pointer to end/start of key schedule
+
+# stack frame layout in Camellia_[en|crypt] routines, which differs from
+# above by 4 and overlaps by pointer to end/start of key schedule
+$_end=&DWP(16,"esp");
+$_esp=&DWP(20,"esp");
+
+# const unsigned int Camellia_SBOX[4][256];
+# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
+# and [2][] - with [3][]. This is done to optimize code size.
+$SBOX1_1110=0;		# Camellia_SBOX[0]
+$SBOX4_4404=4;		# Camellia_SBOX[1]
+$SBOX2_0222=2048;	# Camellia_SBOX[2]
+$SBOX3_3033=2052;	# Camellia_SBOX[3]
+&static_label("Camellia_SIGMA");
+&static_label("Camellia_SBOX");
+
+sub Camellia_Feistel {
+my $i=@_[0];
+my $seed=defined(@_[1])?@_[1]:0;
+my $scale=$seed<0?-8:8;
+my $frame=defined(@_[2])?@_[2]:0;
+my $j=($i&1)*2;
+my $t0=@T[($j)%4],$t1=@T[($j+1)%4],$t2=@T[($j+2)%4],$t3=@T[($j+3)%4];
+
+	&xor	($t0,$idx);				# t0^=key[0]
+	&xor	($t1,&DWP($seed+$i*$scale+4,$key));	# t1^=key[1]
+	&movz	($idx,&HB($t0));			# (t0>>8)&0xff
+	&mov	($t3,&DWP($SBOX3_3033,$Tbl,$idx,8));	# t3=SBOX3_3033[0]
+	&movz	($idx,&LB($t0));			# (t0>>0)&0xff
+	&xor	($t3,&DWP($SBOX4_4404,$Tbl,$idx,8));	# t3^=SBOX4_4404[0]
+	&shr	($t0,16);
+	&movz	($idx,&LB($t1));			# (t1>>0)&0xff
+	&mov	($t2,&DWP($SBOX1_1110,$Tbl,$idx,8));	# t2=SBOX1_1110[1]
+	&movz	($idx,&HB($t0));			# (t0>>24)&0xff
+	&xor	($t3,&DWP($SBOX1_1110,$Tbl,$idx,8));	# t3^=SBOX1_1110[0]
+	&movz	($idx,&HB($t1));			# (t1>>8)&0xff
+	&xor	($t2,&DWP($SBOX4_4404,$Tbl,$idx,8));	# t2^=SBOX4_4404[1]
+	&shr	($t1,16);
+	&movz	($t0,&LB($t0));				# (t0>>16)&0xff
+	&xor	($t3,&DWP($SBOX2_0222,$Tbl,$t0,8));	# t3^=SBOX2_0222[0]
+	&movz	($idx,&HB($t1));			# (t1>>24)&0xff
+	&mov	($t0,&DWP($frame+4*(($j+3)%4),"esp"));	# prefetch "s3"
+	&xor	($t2,$t3);				# t2^=t3
+	&rotr	($t3,8);				# t3=RightRotate(t3,8)
+	&xor	($t2,&DWP($SBOX2_0222,$Tbl,$idx,8));	# t2^=SBOX2_0222[1]
+	&movz	($idx,&LB($t1));			# (t1>>16)&0xff
+	&mov	($t1,&DWP($frame+4*(($j+2)%4),"esp"));	# prefetch "s2"
+	&xor	($t3,$t0);				# t3^=s3
+	&xor	($t2,&DWP($SBOX3_3033,$Tbl,$idx,8));	# t2^=SBOX3_3033[1]
+	&mov	($idx,&DWP($seed+($i+1)*$scale,$key));	# prefetch key[i+1]
+	&xor	($t3,$t2);				# t3^=t2
+	&mov	(&DWP($frame+4*(($j+3)%4),"esp"),$t3);	# s3=t3
+	&xor	($t2,$t1);				# t2^=s2
+	&mov	(&DWP($frame+4*(($j+2)%4),"esp"),$t2);	# s2=t2
+}
+
+# void Camellia_EncryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte plaintext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte ciphertext[])
+&function_begin("Camellia_EncryptBlock_Rounds");
+	&mov	("eax",&wparam(0));	# load grandRounds
+	&mov	($idx,&wparam(1));	# load plaintext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&lea	("eax",&DWP(0,$key,"eax"));
+	&mov	($_esp,"ebx");	# save %esp
+	&mov	($_end,"eax");	# save keyEnd
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load plaintext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_encrypt");
+
+	&mov	("esp",$_esp);
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(3));	# load ciphertext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write ciphertext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_EncryptBlock_Rounds");
+# V1.x API
+&function_begin_B("Camellia_EncryptBlock");
+	&mov	("eax",128);
+	&sub	("eax",&wparam(0));	# load keyBitLength
+	&mov	("eax",3);
+	&adc	("eax",0);		# keyBitLength==128?3:4
+	&mov	(&wparam(0),"eax");
+	&jmp	(&label("Camellia_EncryptBlock_Rounds"));
+&function_end_B("Camellia_EncryptBlock");
+
+if ($OPENSSL) {
+# void Camellia_encrypt(
+#		const unsigned char *in,
+#		unsigned char *out,
+#		const CAMELLIA_KEY *key)
+&function_begin("Camellia_encrypt");
+	&mov	($idx,&wparam(0));	# load plaintext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+	&mov	("eax",&DWP(272,$key));	# load grandRounds counter
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&lea	("eax",&DWP(0,$key,"eax"));
+	&mov	($_esp,"ebx");	# save %esp
+	&mov	($_end,"eax");	# save keyEnd
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load plaintext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_encrypt");
+
+	&mov	("esp",$_esp);
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(1));	# load ciphertext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write ciphertext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_encrypt");
+}
+
+&function_begin_B("_x86_Camellia_encrypt");
+	&xor	(@T[0],&DWP(0,$key));	# ^=key[0-3]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&mov	($idx,&DWP(16,$key));	# prefetch key[4]
+
+	&mov	($__s0,@T[0]);		# save s[0-3]
+	&mov	($__s1,@T[1]);
+	&mov	($__s2,@T[2]);
+	&mov	($__s3,@T[3]);
+
+&set_label("loop",16);
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16,4); }
+
+	&add	($key,16*4);
+	&cmp	($key,$__end);
+	&je	(&label("done"));
+
+	# @T[0-1] are preloaded, $idx is preloaded with key[0]
+	&and	($idx,@T[0]);
+	 &mov	 (@T[3],$__s3);
+	&rotl	($idx,1);
+	 &mov	 (@T[2],@T[3]);
+	&xor	(@T[1],$idx);
+	 &or	 (@T[2],&DWP(12,$key));
+	&mov	($__s1,@T[1]);		# s1^=LeftRotate(s0&key[0],1);
+	 &xor	 (@T[2],$__s2);
+
+	&mov	($idx,&DWP(4,$key));
+	 &mov	 ($__s2,@T[2]);		# s2^=s3|key[3];
+	&or	($idx,@T[1]);
+	 &and	 (@T[2],&DWP(8,$key));
+	&xor	(@T[0],$idx);
+	 &rotl	 (@T[2],1);
+	&mov	($__s0,@T[0]);		# s0^=s1|key[1];
+	 &xor	 (@T[3],@T[2]);
+	&mov	($idx,&DWP(16,$key));		# prefetch key[4]
+	 &mov	 ($__s3,@T[3]);		# s3^=LeftRotate(s2&key[2],1);
+	&jmp	(&label("loop"));
+
+&set_label("done",8);
+	&mov	(@T[2],@T[0]);		# SwapHalf
+	&mov	(@T[3],@T[1]);
+	&mov	(@T[0],$__s2);
+	&mov	(@T[1],$__s3);
+	&xor	(@T[0],$idx);		# $idx is preloaded with key[0]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&ret	();
+&function_end_B("_x86_Camellia_encrypt");
+
+# void Camellia_DecryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte ciphertext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte plaintext[])
+&function_begin("Camellia_DecryptBlock_Rounds");
+	&mov	("eax",&wparam(0));	# load grandRounds
+	&mov	($idx,&wparam(1));	# load ciphertext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&mov	(&DWP(4*4,"esp"),$key);	# save keyStart
+	&lea	($key,&DWP(0,$key,"eax"));
+	&mov	(&DWP(5*4,"esp"),"ebx");# save %esp
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load ciphertext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_decrypt");
+
+	&mov	("esp",&DWP(5*4,"esp"));
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(3));	# load plaintext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write plaintext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_DecryptBlock_Rounds");
+# V1.x API
+&function_begin_B("Camellia_DecryptBlock");
+	&mov	("eax",128);
+	&sub	("eax",&wparam(0));	# load keyBitLength
+	&mov	("eax",3);
+	&adc	("eax",0);		# keyBitLength==128?3:4
+	&mov	(&wparam(0),"eax");
+	&jmp	(&label("Camellia_DecryptBlock_Rounds"));
+&function_end_B("Camellia_DecryptBlock");
+
+if ($OPENSSL) {
+# void Camellia_decrypt(
+#		const unsigned char *in,
+#		unsigned char *out,
+#		const CAMELLIA_KEY *key)
+&function_begin("Camellia_decrypt");
+	&mov	($idx,&wparam(0));	# load ciphertext pointer
+	&mov	($key,&wparam(2));	# load key schedule pointer
+
+	&mov	("ebx","esp");
+	&sub	("esp",7*4);		# place for s[0-3],keyEnd,esp and ra
+	&and	("esp",-64);
+	&mov	("eax",&DWP(272,$key));	# load grandRounds counter
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	("ecx",&DWP(-64-63,$key));
+	&sub	("ecx","esp");
+	&neg	("ecx");
+	&and	("ecx",0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	("esp","ecx");
+	&add	("esp",4);	# 4 is reserved for callee's return address
+
+	&shl	("eax",6);
+	&mov	(&DWP(4*4,"esp"),$key);	# save keyStart
+	&lea	($key,&DWP(0,$key,"eax"));
+	&mov	(&DWP(5*4,"esp"),"ebx");# save %esp
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	(@T[0],&DWP(0,$idx));	# load ciphertext
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&bswap	(@T[0]);
+	&mov	(@T[3],&DWP(12,$idx));
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&call	("_x86_Camellia_decrypt");
+
+	&mov	("esp",&DWP(5*4,"esp"));
+	&bswap	(@T[0]);
+	&mov	($idx,&wparam(1));	# load plaintext pointer
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+	&mov	(&DWP(0,$idx),@T[0]);	# write plaintext
+	&mov	(&DWP(4,$idx),@T[1]);
+	&mov	(&DWP(8,$idx),@T[2]);
+	&mov	(&DWP(12,$idx),@T[3]);
+&function_end("Camellia_decrypt");
+}
+
+&function_begin_B("_x86_Camellia_decrypt");
+	&xor	(@T[0],&DWP(0,$key));	# ^=key[0-3]
+	&xor	(@T[1],&DWP(4,$key));
+	&xor	(@T[2],&DWP(8,$key));
+	&xor	(@T[3],&DWP(12,$key));
+	&mov	($idx,&DWP(-8,$key));	# prefetch key[-2]
+
+	&mov	($__s0,@T[0]);		# save s[0-3]
+	&mov	($__s1,@T[1]);
+	&mov	($__s2,@T[2]);
+	&mov	($__s3,@T[3]);
+
+&set_label("loop",16);
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8,4); }
+
+	&sub	($key,16*4);
+	&cmp	($key,$__end);
+	&je	(&label("done"));
+
+	# @T[0-1] are preloaded, $idx is preloaded with key[2]
+	&and	($idx,@T[0]);
+	 &mov	 (@T[3],$__s3);
+	&rotl	($idx,1);
+	 &mov	 (@T[2],@T[3]);
+	&xor	(@T[1],$idx);
+	 &or	 (@T[2],&DWP(4,$key));
+	&mov	($__s1,@T[1]);		# s1^=LeftRotate(s0&key[0],1);
+	 &xor	 (@T[2],$__s2);
+
+	&mov	($idx,&DWP(12,$key));
+	 &mov	 ($__s2,@T[2]);		# s2^=s3|key[3];
+	&or	($idx,@T[1]);
+	 &and	 (@T[2],&DWP(0,$key));
+	&xor	(@T[0],$idx);
+	 &rotl	 (@T[2],1);
+	&mov	($__s0,@T[0]);		# s0^=s1|key[1];
+	 &xor	 (@T[3],@T[2]);
+	&mov	($idx,&DWP(-8,$key));	# prefetch key[4]
+	 &mov	 ($__s3,@T[3]);		# s3^=LeftRotate(s2&key[2],1);
+	&jmp	(&label("loop"));
+
+&set_label("done",8);
+	&mov	(@T[2],@T[0]);		# SwapHalf
+	&mov	(@T[3],@T[1]);
+	&mov	(@T[0],$__s2);
+	&mov	(@T[1],$__s3);
+	&xor	(@T[2],$idx);		# $idx is preloaded with key[2]
+	&xor	(@T[3],&DWP(12,$key));
+	&xor	(@T[0],&DWP(0,$key));
+	&xor	(@T[1],&DWP(4,$key));
+	&ret	();
+&function_end_B("_x86_Camellia_decrypt");
+
+# shld is very slow on Intel P4 family. Even on AMD it limits
+# instruction decode rate [because it's VectorPath] and consequently
+# performance. PIII, PM and Core[2] seem to be the only ones which
+# execute this code ~7% faster...
+sub __rotl128 {
+  my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_;
+
+    $rnd *= 2;
+    if ($rot) {
+	&mov	($idx,$i0);
+	&shld	($i0,$i1,$rot);
+	&shld	($i1,$i2,$rot);
+	&shld	($i2,$i3,$rot);
+	&shld	($i3,$idx,$rot);
+    }
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+    &mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+}
+
+# ... Implementing 128-bit rotate without shld gives >3x performance
+# improvement on P4, only ~7% degradation on other Intel CPUs and
+# not worse performance on AMD. This is therefore preferred.
+sub _rotl128 {
+  my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_;
+
+    $rnd *= 2;
+    if ($rot) {
+	&mov	($Tbl,$i0);
+	&shl	($i0,$rot);
+	&mov	($idx,$i1);
+	&shr	($idx,32-$rot);
+	&shl	($i1,$rot);
+	&or	($i0,$idx);
+	&mov	($idx,$i2);
+	&shl	($i2,$rot);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+	&shr	($idx,32-$rot);
+	&or	($i1,$idx);
+	&shr	($Tbl,32-$rot);
+	&mov	($idx,$i3);
+	&shr	($idx,32-$rot);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+	&shl	($i3,$rot);
+	&or	($i2,$idx);
+	&or	($i3,$Tbl);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+    } else {
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i0 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i1 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i2 eq @T[0]);
+	&mov	(&DWP(-128+4*$rnd++,$key),shift(@T))	if ($i3 eq @T[0]);
+    }
+}
+
+sub _saveround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+	&mov	(&DWP($bias+$rnd*8+0,$key),@T[0]);
+	&mov	(&DWP($bias+$rnd*8+4,$key),@T[1])	if ($#T>=1);
+	&mov	(&DWP($bias+$rnd*8+8,$key),@T[2])	if ($#T>=2);
+	&mov	(&DWP($bias+$rnd*8+12,$key),@T[3])	if ($#T>=3);
+}
+
+sub _loadround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+	&mov	(@T[0],&DWP($bias+$rnd*8+0,$key));
+	&mov	(@T[1],&DWP($bias+$rnd*8+4,$key))	if ($#T>=1);
+	&mov	(@T[2],&DWP($bias+$rnd*8+8,$key))	if ($#T>=2);
+	&mov	(@T[3],&DWP($bias+$rnd*8+12,$key))	if ($#T>=3);
+}
+
+# void Camellia_Ekeygen(
+#		const int keyBitLength,
+#		const Byte *rawKey,
+#		KEY_TABLE_TYPE keyTable)
+&function_begin("Camellia_Ekeygen");
+{ my $step=0;
+
+	&stack_push(4);				# place for s[0-3]
+
+	&mov	($Tbl,&wparam(0));		# load arguments
+	&mov	($idx,&wparam(1));
+	&mov	($key,&wparam(2));
+
+	&mov	(@T[0],&DWP(0,$idx));		# load 0-127 bits
+	&mov	(@T[1],&DWP(4,$idx));
+	&mov	(@T[2],&DWP(8,$idx));
+	&mov	(@T[3],&DWP(12,$idx));
+
+	&bswap	(@T[0]);
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&_saveround	(0,$key,@T);		# KL<<<0
+
+	&cmp	($Tbl,128);
+	&je	(&label("1st128"));
+
+	&mov	(@T[0],&DWP(16,$idx));		# load 128-191 bits
+	&mov	(@T[1],&DWP(20,$idx));
+	&cmp	($Tbl,192);
+	&je	(&label("1st192"));
+	&mov	(@T[2],&DWP(24,$idx));		# load 192-255 bits
+	&mov	(@T[3],&DWP(28,$idx));
+	&jmp	(&label("1st256"));
+&set_label("1st192",4);
+	&mov	(@T[2],@T[0]);
+	&mov	(@T[3],@T[1]);
+	&not	(@T[2]);
+	&not	(@T[3]);
+&set_label("1st256",4);
+	&bswap	(@T[0]);
+	&bswap	(@T[1]);
+	&bswap	(@T[2]);
+	&bswap	(@T[3]);
+
+	&_saveround	(4,$key,@T);		# temporary storage for KR!
+
+	&xor	(@T[0],&DWP(0*8+0,$key));	# KR^KL
+	&xor	(@T[1],&DWP(0*8+4,$key));
+	&xor	(@T[2],&DWP(1*8+0,$key));
+	&xor	(@T[3],&DWP(1*8+4,$key));
+
+&set_label("1st128",4);
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea	($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+	&lea	($key,&DWP(&label("Camellia_SIGMA")."-".&label("Camellia_SBOX"),$Tbl));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[0]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($idx,&wparam(2));
+	&xor	(@T[0],&DWP(0*8+0,$idx));	# ^KL
+	&xor	(@T[1],&DWP(0*8+4,$idx));
+	&xor	(@T[2],&DWP(1*8+0,$idx));
+	&xor	(@T[3],&DWP(1*8+4,$idx));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[4]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($idx,&wparam(0));
+	&cmp	($idx,128);
+	&jne	(&label("2nd256"));
+
+	&mov	($key,&wparam(2));
+	&lea	($key,&DWP(128,$key));		# size optimization
+
+	####### process KA
+	&_saveround	(2,$key,-128,@T);	# KA<<<0
+	&_rotl128	(@T,15,6,@T);		# KA<<<15
+	&_rotl128	(@T,15,8,@T);		# KA<<<(15+15=30)
+	&_rotl128	(@T,15,12,@T[0],@T[1]);	# KA<<<(30+15=45)
+	&_rotl128	(@T,15,14,@T);		# KA<<<(45+15=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,20,@T);		# KA<<<(60+32+2=94)
+	&_rotl128	(@T,17,24,@T);		# KA<<<(94+17=111)
+
+	####### process KL
+	&_loadround	(0,$key,-128,@T);	# load KL
+	&_rotl128	(@T,15,4,@T);		# KL<<<15
+	&_rotl128	(@T,30,10,@T);		# KL<<<(15+30=45)
+	&_rotl128	(@T,15,13,@T[2],@T[3]);	# KL<<<(45+15=60)
+	&_rotl128	(@T,17,16,@T);		# KL<<<(60+17=77)
+	&_rotl128	(@T,17,18,@T);		# KL<<<(77+17=94)
+	&_rotl128	(@T,17,22,@T);		# KL<<<(94+17=111)
+
+	while (@T[0] ne "eax")			# restore order
+	{   unshift	(@T,pop(@T));   }
+
+	&mov	("eax",3);			# 3 grandRounds
+	&jmp	(&label("done"));
+
+&set_label("2nd256",16);
+	&mov	($idx,&wparam(2));
+	&_saveround	(6,$idx,@T);		# temporary storage for KA!
+
+	&xor	(@T[0],&DWP(4*8+0,$idx));	# KA^KR
+	&xor	(@T[1],&DWP(4*8+4,$idx));
+	&xor	(@T[2],&DWP(5*8+0,$idx));
+	&xor	(@T[3],&DWP(5*8+4,$idx));
+
+	&mov	($idx,&DWP($step*8,$key));	# prefetch SIGMA[8]
+	&mov	(&swtmp(0),@T[0]);		# save s[0-3]
+	&mov	(&swtmp(1),@T[1]);
+	&mov	(&swtmp(2),@T[2]);
+	&mov	(&swtmp(3),@T[3]);
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+	&mov	(@T[2],&swtmp(2));
+	&mov	(@T[3],&swtmp(3));
+
+	&mov	($key,&wparam(2));
+	&lea	($key,&DWP(128,$key));		# size optimization
+
+	####### process KB
+	&_saveround	(2,$key,-128,@T);	# KB<<<0
+	&_rotl128	(@T,30,10,@T);		# KB<<<30
+	&_rotl128	(@T,30,20,@T);		# KB<<<(30+30=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,19,32,@T);		# KB<<<(60+32+19=111)
+
+	####### process KR
+	&_loadround	(4,$key,-128,@T);	# load KR
+	&_rotl128	(@T,15,4,@T);		# KR<<<15
+	&_rotl128	(@T,15,8,@T);		# KR<<<(15+15=30)
+	&_rotl128	(@T,30,18,@T);		# KR<<<(30+30=60)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,26,@T);		# KR<<<(60+32+2=94)
+
+	####### process KA
+	&_loadround	(6,$key,-128,@T);	# load KA
+	&_rotl128	(@T,15,6,@T);		# KA<<<15
+	&_rotl128	(@T,30,14,@T);		# KA<<<(15+30=45)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,0,24,@T);		# KA<<<(45+32+0=77)
+	&_rotl128	(@T,17,28,@T);		# KA<<<(77+17=94)
+
+	####### process KL
+	&_loadround	(0,$key,-128,@T);	# load KL
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,13,12,@T);		# KL<<<(32+13=45)
+	&_rotl128	(@T,15,16,@T);		# KL<<<(45+15=60)
+	&_rotl128	(@T,17,22,@T);		# KL<<<(60+17=77)
+	push		(@T,shift(@T));		# rotl128(@T,32);
+	&_rotl128	(@T,2,30,@T);		# KL<<<(77+32+2=111)
+
+	while (@T[0] ne "eax")			# restore order
+	{   unshift	(@T,pop(@T));   }
+
+	&mov	("eax",4);			# 4 grandRounds
+&set_label("done");
+	&lea	("edx",&DWP(272-128,$key));	# end of key schedule
+	&stack_pop(4);
+}
+&function_end("Camellia_Ekeygen");
+
+if ($OPENSSL) {
+# int Camellia_set_key (
+#		const unsigned char *userKey,
+#		int bits,
+#		CAMELLIA_KEY *key)
+&function_begin_B("Camellia_set_key");
+	&push	("ebx");
+	&mov	("ecx",&wparam(0));	# pull arguments
+	&mov	("ebx",&wparam(1));
+	&mov	("edx",&wparam(2));
+
+	&mov	("eax",-1);
+	&test	("ecx","ecx");
+	&jz	(&label("done"));	# userKey==NULL?
+	&test	("edx","edx");
+	&jz	(&label("done"));	# key==NULL?
+
+	&mov	("eax",-2);
+	&cmp	("ebx",256);
+	&je	(&label("arg_ok"));	# bits==256?
+	&cmp	("ebx",192);
+	&je	(&label("arg_ok"));	# bits==192?
+	&cmp	("ebx",128);
+	&jne	(&label("done"));	# bits!=128?
+&set_label("arg_ok",4);
+
+	&push	("edx");		# push arguments
+	&push	("ecx");
+	&push	("ebx");
+	&call	("Camellia_Ekeygen");
+	&stack_pop(3);
+
+	# eax holds grandRounds and edx points at where to put it
+	&mov	(&DWP(0,"edx"),"eax");
+	&xor	("eax","eax");
+&set_label("done",4);
+	&pop	("ebx");
+	&ret	();
+&function_end_B("Camellia_set_key");
+}
+
+@SBOX=(
+112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
+ 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
+134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
+166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
+139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
+223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
+ 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
+254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
+170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
+ 16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
+135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
+ 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
+233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
+120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
+114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
+ 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
+
+sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; }
+sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; }	
+sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; }	
+sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; }	
+
+&set_label("Camellia_SIGMA",64);
+&data_word(
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2,
+    0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c,
+    0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd,
+    0,          0,          0,          0);
+&set_label("Camellia_SBOX",64);
+# tables are interleaved, remember?
+for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
+for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
+
+# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const CAMELLIA_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+# stack frame layout
+#             -4(%esp)		# return address	 0(%esp)
+#              0(%esp)		# s0			 4(%esp)
+#              4(%esp)		# s1			 8(%esp)
+#              8(%esp)		# s2			12(%esp)
+#             12(%esp)		# s3			16(%esp)
+#             16(%esp)		# end of key schedule	20(%esp)
+#             20(%esp)		# %esp backup
+my $_inp=&DWP(24,"esp");	#copy of wparam(0)
+my $_out=&DWP(28,"esp");	#copy of wparam(1)
+my $_len=&DWP(32,"esp");	#copy of wparam(2)
+my $_key=&DWP(36,"esp");	#copy of wparam(3)
+my $_ivp=&DWP(40,"esp");	#copy of wparam(4)
+my $ivec=&DWP(44,"esp");	#ivec[16]
+my $_tmp=&DWP(44,"esp");	#volatile variable [yes, aliases with ivec]
+my ($s0,$s1,$s2,$s3) = @T;
+
+&function_begin("Camellia_cbc_encrypt");
+	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
+	&cmp	($s2,0);
+	&je	(&label("enc_out"));
+
+	&pushf	();
+	&cld	();
+
+	&mov	($s0,&wparam(0));	# load inp
+	&mov	($s1,&wparam(1));	# load out
+	#&mov	($s2,&wparam(2));	# load len
+	&mov	($s3,&wparam(3));	# load key
+	&mov	($Tbl,&wparam(4));	# load ivp
+
+	# allocate aligned stack frame...
+	&lea	($idx,&DWP(-64,"esp"));
+	&and	($idx,-64);
+
+	# place stack frame just "above mod 1024" the key schedule
+	# this ensures that cache associativity of 2 suffices
+	&lea	($key,&DWP(-64-63,$s3));
+	&sub	($key,$idx);
+	&neg	($key);
+	&and	($key,0x3C0);	# modulo 1024, but aligned to cache-line
+	&sub	($idx,$key);
+
+	&mov	($key,&wparam(5));	# load enc
+
+	&exch	("esp",$idx);
+	&add	("esp",4);		# reserve for return address!
+	&mov	($_esp,$idx);		# save %esp
+
+	&mov	($_inp,$s0);		# save copy of inp
+	&mov	($_out,$s1);		# save copy of out
+	&mov	($_len,$s2);		# save copy of len
+	&mov	($_key,$s3);		# save copy of key
+	&mov	($_ivp,$Tbl);		# save copy of ivp
+
+	&call   (&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($Tbl);
+	&lea    ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl));
+
+	&mov	($idx,32);
+	&set_label("prefetch_sbox",4);
+		&mov	($s0,&DWP(0,$Tbl));
+		&mov	($s1,&DWP(32,$Tbl));
+		&mov	($s2,&DWP(64,$Tbl));
+		&mov	($s3,&DWP(96,$Tbl));
+		&lea	($Tbl,&DWP(128,$Tbl));
+		&dec	($idx);
+	&jnz	(&label("prefetch_sbox"));
+	&mov	($s0,$_key);
+	&sub	($Tbl,4096);
+	&mov	($idx,$_inp);
+	&mov	($s3,&DWP(272,$s0));		# load grandRounds
+
+	&cmp	($key,0);
+	&je	(&label("DECRYPT"));
+
+	&mov	($s2,$_len);
+	&mov	($key,$_ivp);
+	&shl	($s3,6);
+	&lea	($s3,&DWP(0,$s0,$s3));
+	&mov	($_end,$s3);
+
+	&test	($s2,0xFFFFFFF0);
+	&jz	(&label("enc_tail"));		# short input...
+
+	&mov	($s0,&DWP(0,$key));		# load iv
+	&mov	($s1,&DWP(4,$key));
+
+	&set_label("enc_loop",4);
+		&mov	($s2,&DWP(8,$key));
+		&mov	($s3,&DWP(12,$key));
+
+		&xor	($s0,&DWP(0,$idx));	# xor input data
+		&xor	($s1,&DWP(4,$idx));
+		&xor	($s2,&DWP(8,$idx));
+		&bswap	($s0);
+		&xor	($s3,&DWP(12,$idx));
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_encrypt");
+
+		&mov	($idx,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&mov	(&DWP(0,$key),$s0);	# save output data
+		&bswap	($s3);
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($s2,$_len);		# load len
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&lea	($s3,&DWP(16,$key));
+		&mov	($_out,$s3);		# save out
+
+		&sub	($s2,16);
+		&test	($s2,0xFFFFFFF0);
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("enc_loop"));
+	&test	($s2,15);
+	&jnz	(&label("enc_tail"));
+	&mov	($idx,$_ivp);		# load ivp
+	&mov	($s2,&DWP(8,$key));	# restore last dwords
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$idx),$s0);	# save ivec
+	&mov	(&DWP(4,$idx),$s1);
+	&mov	(&DWP(8,$idx),$s2);
+	&mov	(&DWP(12,$idx),$s3);
+
+	&mov	("esp",$_esp);
+	&popf	();
+    &set_label("enc_out");
+	&function_end_A();
+	&pushf	();			# kludge, never executed
+
+    &set_label("enc_tail",4);
+	&mov	($s0,$key eq "edi" ? $key : "");
+	&mov	($key,$_out);			# load out
+	&push	($s0);				# push ivp
+	&mov	($s1,16);
+	&sub	($s1,$s2);
+	&cmp	($key,$idx);			# compare with inp
+	&je	(&label("enc_in_place"));
+	&align	(4);
+	&data_word(0xA4F3F689);	# rep movsb	# copy input
+	&jmp	(&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
+	&lea	($key,&DWP(0,$key,$s2));
+    &set_label("enc_skip_in_place");
+	&mov	($s2,$s1);
+	&xor	($s0,$s0);
+	&align	(4);
+	&data_word(0xAAF3F689);	# rep stosb	# zero tail
+	&pop	($key);				# pop ivp
+
+	&mov	($idx,$_out);			# output as input
+	&mov	($s0,&DWP(0,$key));
+	&mov	($s1,&DWP(4,$key));
+	&mov	($_len,16);			# len=16
+	&jmp	(&label("enc_loop"));		# one more spin...
+
+#----------------------------- DECRYPT -----------------------------#
+&set_label("DECRYPT",16);
+	&shl	($s3,6);
+	&lea	($s3,&DWP(0,$s0,$s3));
+	&mov	($_end,$s0);
+	&mov	($_key,$s3);
+
+	&cmp	($idx,$_out);
+	&je	(&label("dec_in_place"));	# in-place processing...
+
+	&mov	($key,$_ivp);			# load ivp
+	&mov	($_tmp,$key);
+
+	&set_label("dec_loop",4);
+		&mov	($s0,&DWP(0,$idx));	# read input
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&bswap	($s0);
+		&mov	($s3,&DWP(12,$idx));
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_decrypt");
+
+		&mov	($key,$_tmp);		# load ivp
+		&mov	($idx,$_len);		# load len
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&bswap	($s3);
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&sub	($idx,16);
+		&jc	(&label("dec_partial"));
+		&mov	($_len,$idx);		# save len
+		&mov	($idx,$_inp);		# load inp
+		&mov	($key,$_out);		# load out
+
+		&mov	(&DWP(0,$key),$s0);	# write output
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($_tmp,$idx);		# save ivp
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&lea	($key,&DWP(16,$key));
+		&mov	($_out,$key);		# save out
+
+	&jnz	(&label("dec_loop"));
+	&mov	($key,$_tmp);		# load temp ivp
+    &set_label("dec_end");
+	&mov	($idx,$_ivp);		# load user ivp
+	&mov	($s0,&DWP(0,$key));	# load iv
+	&mov	($s1,&DWP(4,$key));
+	&mov	($s2,&DWP(8,$key));
+	&mov	($s3,&DWP(12,$key));
+	&mov	(&DWP(0,$idx),$s0);	# copy back to user
+	&mov	(&DWP(4,$idx),$s1);
+	&mov	(&DWP(8,$idx),$s2);
+	&mov	(&DWP(12,$idx),$s3);
+	&jmp	(&label("dec_out"));
+
+    &set_label("dec_partial",4);
+	&lea	($key,$ivec);
+	&mov	(&DWP(0,$key),$s0);	# dump output to stack
+	&mov	(&DWP(4,$key),$s1);
+	&mov	(&DWP(8,$key),$s2);
+	&mov	(&DWP(12,$key),$s3);
+	&lea	($s2 eq "ecx" ? $s2 : "",&DWP(16,$idx));
+	&mov	($idx eq "esi" ? $idx : "",$key);
+	&mov	($key eq "edi" ? $key : "",$_out);	# load out
+	&data_word(0xA4F3F689);	# rep movsb		# copy output
+	&mov	($key,$_inp);				# use inp as temp ivp
+	&jmp	(&label("dec_end"));
+
+    &set_label("dec_in_place",4);
+	&set_label("dec_in_place_loop");
+		&lea	($key,$ivec);
+		&mov	($s0,&DWP(0,$idx));	# read input
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&mov	($s3,&DWP(12,$idx));
+
+		&mov	(&DWP(0,$key),$s0);	# copy to temp
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&bswap	($s0);
+		&mov	(&DWP(12,$key),$s3);
+		&bswap	($s1);
+		&mov	($key,$_key);		# load key
+		&bswap	($s2);
+		&bswap	($s3);
+
+		&call	("_x86_Camellia_decrypt");
+
+		&mov	($key,$_ivp);		# load ivp
+		&mov	($idx,$_out);		# load out
+
+		&bswap	($s0);
+		&bswap	($s1);
+		&bswap	($s2);
+		&xor	($s0,&DWP(0,$key));	# xor iv
+		&bswap	($s3);
+		&xor	($s1,&DWP(4,$key));
+		&xor	($s2,&DWP(8,$key));
+		&xor	($s3,&DWP(12,$key));
+
+		&mov	(&DWP(0,$idx),$s0);	# write output
+		&mov	(&DWP(4,$idx),$s1);
+		&mov	(&DWP(8,$idx),$s2);
+		&mov	(&DWP(12,$idx),$s3);
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_out,$idx);		# save out
+
+		&lea	($idx,$ivec);
+		&mov	($s0,&DWP(0,$idx));	# read temp
+		&mov	($s1,&DWP(4,$idx));
+		&mov	($s2,&DWP(8,$idx));
+		&mov	($s3,&DWP(12,$idx));
+
+		&mov	(&DWP(0,$key),$s0);	# copy iv
+		&mov	(&DWP(4,$key),$s1);
+		&mov	(&DWP(8,$key),$s2);
+		&mov	(&DWP(12,$key),$s3);
+
+		&mov	($idx,$_inp);		# load inp
+
+		&lea	($idx,&DWP(16,$idx));
+		&mov	($_inp,$idx);		# save inp
+
+		&mov	($s2,$_len);		# load len
+		&sub	($s2,16);
+		&jc	(&label("dec_in_place_partial"));
+		&mov	($_len,$s2);		# save len
+	&jnz	(&label("dec_in_place_loop"));
+	&jmp	(&label("dec_out"));
+
+    &set_label("dec_in_place_partial",4);
+	# one can argue if this is actually required...
+	&mov	($key eq "edi" ? $key : "",$_out);
+	&lea	($idx eq "esi" ? $idx : "",$ivec);
+	&lea	($key,&DWP(0,$key,$s2));
+	&lea	($idx,&DWP(16,$idx,$s2));
+	&neg	($s2 eq "ecx" ? $s2 : "");
+	&data_word(0xA4F3F689);	# rep movsb	# restore tail
+
+    &set_label("dec_out",4);
+    &mov	("esp",$_esp);
+    &popf	();
+&function_end("Camellia_cbc_encrypt");
+}
+
+&asciz("Camellia for x86 by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/camellia/asm/cmll-x86_64.pl b/openssl-1.1.0h/crypto/camellia/asm/cmll-x86_64.pl
new file mode 100644
index 0000000..da5ad7b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/asm/cmll-x86_64.pl
@@ -0,0 +1,1088 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
+#
+# This module may be used under the terms of either the GNU General
+# Public License version 2 or later, the GNU Lesser General Public
+# License version 2.1 or later, the Mozilla Public License version
+# 1.1 or the BSD License. The exact terms of either license are
+# distributed along with this module. For further details see
+# http://www.openssl.org/~appro/camellia/.
+# ====================================================================
+
+# Performance in cycles per processed byte (less is better) in
+# 'openssl speed ...' benchmark:
+#
+#			AMD64	Core2	EM64T
+# -evp camellia-128-ecb	16.7	21.0	22.7
+# + over gcc 3.4.6	+25%	+5%	0%
+#
+# camellia-128-cbc	15.7	20.4	21.1
+#
+# 128-bit key setup	128	216	205	cycles/key
+# + over gcc 3.4.6	+54%	+39%	+15%
+#
+# Numbers in "+" rows represent performance improvement over compiler
+# generated code. Key setup timings are impressive on AMD and Core2
+# thanks to 64-bit operations being covertly deployed. Improvement on
+# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it
+# apparently emulates some of 64-bit operations in [32-bit] microcode.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/;    $r; }
+sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
+                        $r =~ s/%[er]([sd]i)/%\1l/;
+                        $r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+
+$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx";
+@S=("%r8d","%r9d","%r10d","%r11d");
+$i0="%esi";
+$i1="%edi";
+$Tbl="%rbp";	# size optimization
+$inp="%r12";
+$out="%r13";
+$key="%r14";
+$keyend="%r15";
+$arg0d=$win64?"%ecx":"%edi";
+
+# const unsigned int Camellia_SBOX[4][256];
+# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
+# and [2][] - with [3][]. This is done to minimize code size.
+$SBOX1_1110=0;		# Camellia_SBOX[0]
+$SBOX4_4404=4;		# Camellia_SBOX[1]
+$SBOX2_0222=2048;	# Camellia_SBOX[2]
+$SBOX3_3033=2052;	# Camellia_SBOX[3]
+
+sub Camellia_Feistel {
+my $i=@_[0];
+my $seed=defined(@_[1])?@_[1]:0;
+my $scale=$seed<0?-8:8;
+my $j=($i&1)*2;
+my ($s0,$s1,$s2,$s3)=(@S[($j)%4],@S[($j+1)%4],@S[($j+2)%4],@S[($j+3)%4]);
+
+$code.=<<___;
+	xor	$s0,$t0				# t0^=key[0]
+	xor	$s1,$t1				# t1^=key[1]
+	movz	`&hi("$t0")`,$i0		# (t0>>8)&0xff
+	movz	`&lo("$t1")`,$i1		# (t1>>0)&0xff
+	mov	$SBOX3_3033($Tbl,$i0,8),$t3	# t3=SBOX3_3033[0]
+	mov	$SBOX1_1110($Tbl,$i1,8),$t2	# t2=SBOX1_1110[1]
+	movz	`&lo("$t0")`,$i0		# (t0>>0)&0xff
+	shr	\$16,$t0
+	movz	`&hi("$t1")`,$i1		# (t1>>8)&0xff
+	xor	$SBOX4_4404($Tbl,$i0,8),$t3	# t3^=SBOX4_4404[0]
+	shr	\$16,$t1
+	xor	$SBOX4_4404($Tbl,$i1,8),$t2	# t2^=SBOX4_4404[1]
+	movz	`&hi("$t0")`,$i0		# (t0>>24)&0xff
+	movz	`&lo("$t1")`,$i1		# (t1>>16)&0xff
+	xor	$SBOX1_1110($Tbl,$i0,8),$t3	# t3^=SBOX1_1110[0]
+	xor	$SBOX3_3033($Tbl,$i1,8),$t2	# t2^=SBOX3_3033[1]
+	movz	`&lo("$t0")`,$i0		# (t0>>16)&0xff
+	movz	`&hi("$t1")`,$i1		# (t1>>24)&0xff
+	xor	$SBOX2_0222($Tbl,$i0,8),$t3	# t3^=SBOX2_0222[0]
+	xor	$SBOX2_0222($Tbl,$i1,8),$t2	# t2^=SBOX2_0222[1]
+	mov	`$seed+($i+1)*$scale`($key),$t1	# prefetch key[i+1]
+	mov	`$seed+($i+1)*$scale+4`($key),$t0
+	xor	$t3,$t2				# t2^=t3
+	ror	\$8,$t3				# t3=RightRotate(t3,8)
+	xor	$t2,$s2
+	xor	$t2,$s3
+	xor	$t3,$s3
+___
+}
+
+# void Camellia_EncryptBlock_Rounds(
+#		int grandRounds,
+#		const Byte plaintext[],
+#		const KEY_TABLE_TYPE keyTable,
+#		Byte ciphertext[])
+$code=<<___;
+.text
+
+# V1.x API
+.globl	Camellia_EncryptBlock
+.type	Camellia_EncryptBlock,\@abi-omnipotent
+.align	16
+Camellia_EncryptBlock:
+	movl	\$128,%eax
+	subl	$arg0d,%eax
+	movl	\$3,$arg0d
+	adcl	\$0,$arg0d	# keyBitLength==128?3:4
+	jmp	.Lenc_rounds
+.size	Camellia_EncryptBlock,.-Camellia_EncryptBlock
+# V2
+.globl	Camellia_EncryptBlock_Rounds
+.type	Camellia_EncryptBlock_Rounds,\@function,4
+.align	16
+.Lenc_rounds:
+Camellia_EncryptBlock_Rounds:
+	push	%rbx
+	push	%rbp
+	push	%r13
+	push	%r14
+	push	%r15
+.Lenc_prologue:
+
+	#mov	%rsi,$inp		# put away arguments
+	mov	%rcx,$out
+	mov	%rdx,$key
+
+	shl	\$6,%edi		# process grandRounds
+	lea	.LCamellia_SBOX(%rip),$Tbl
+	lea	($key,%rdi),$keyend
+
+	mov	0(%rsi),@S[0]		# load plaintext
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	bswap	@S[0]
+	mov	12(%rsi),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_encrypt
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%rbp
+	mov	32(%rsp),%rbx
+	lea	40(%rsp),%rsp
+.Lenc_epilogue:
+	ret
+.size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
+
+.type	_x86_64_Camellia_encrypt,\@abi-omnipotent
+.align	16
+_x86_64_Camellia_encrypt:
+	xor	0($key),@S[1]
+	xor	4($key),@S[0]		# ^=key[0-3]
+	xor	8($key),@S[3]
+	xor	12($key),@S[2]
+.align	16
+.Leloop:
+	mov	16($key),$t1		# prefetch key[4-5]
+	mov	20($key),$t0
+
+___
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); }
+$code.=<<___;
+	lea	16*4($key),$key
+	cmp	$keyend,$key
+	mov	8($key),$t3		# prefetch key[2-3]
+	mov	12($key),$t2
+	je	.Ledone
+
+	and	@S[0],$t0
+	or	@S[3],$t3
+	rol	\$1,$t0
+	xor	$t3,@S[2]		# s2^=s3|key[3];
+	xor	$t0,@S[1]		# s1^=LeftRotate(s0&key[0],1);
+	and	@S[2],$t2
+	or	@S[1],$t1
+	rol	\$1,$t2
+	xor	$t1,@S[0]		# s0^=s1|key[1];
+	xor	$t2,@S[3]		# s3^=LeftRotate(s2&key[2],1);
+	jmp	.Leloop
+
+.align	16
+.Ledone:
+	xor	@S[2],$t0		# SwapHalf
+	xor	@S[3],$t1
+	xor	@S[0],$t2
+	xor	@S[1],$t3
+
+	mov	$t0,@S[0]
+	mov	$t1,@S[1]
+	mov	$t2,@S[2]
+	mov	$t3,@S[3]
+
+	.byte	0xf3,0xc3		# rep ret
+.size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
+
+# V1.x API
+.globl	Camellia_DecryptBlock
+.type	Camellia_DecryptBlock,\@abi-omnipotent
+.align	16
+Camellia_DecryptBlock:
+	movl	\$128,%eax
+	subl	$arg0d,%eax
+	movl	\$3,$arg0d
+	adcl	\$0,$arg0d	# keyBitLength==128?3:4
+	jmp	.Ldec_rounds
+.size	Camellia_DecryptBlock,.-Camellia_DecryptBlock
+# V2
+.globl	Camellia_DecryptBlock_Rounds
+.type	Camellia_DecryptBlock_Rounds,\@function,4
+.align	16
+.Ldec_rounds:
+Camellia_DecryptBlock_Rounds:
+	push	%rbx
+	push	%rbp
+	push	%r13
+	push	%r14
+	push	%r15
+.Ldec_prologue:
+
+	#mov	%rsi,$inp		# put away arguments
+	mov	%rcx,$out
+	mov	%rdx,$keyend
+
+	shl	\$6,%edi		# process grandRounds
+	lea	.LCamellia_SBOX(%rip),$Tbl
+	lea	($keyend,%rdi),$key
+
+	mov	0(%rsi),@S[0]		# load plaintext
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	bswap	@S[0]
+	mov	12(%rsi),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_decrypt
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%rbp
+	mov	32(%rsp),%rbx
+	lea	40(%rsp),%rsp
+.Ldec_epilogue:
+	ret
+.size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
+
+.type	_x86_64_Camellia_decrypt,\@abi-omnipotent
+.align	16
+_x86_64_Camellia_decrypt:
+	xor	0($key),@S[1]
+	xor	4($key),@S[0]		# ^=key[0-3]
+	xor	8($key),@S[3]
+	xor	12($key),@S[2]
+.align	16
+.Ldloop:
+	mov	-8($key),$t1		# prefetch key[4-5]
+	mov	-4($key),$t0
+
+___
+	for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); }
+$code.=<<___;
+	lea	-16*4($key),$key
+	cmp	$keyend,$key
+	mov	0($key),$t3		# prefetch key[2-3]
+	mov	4($key),$t2
+	je	.Lddone
+
+	and	@S[0],$t0
+	or	@S[3],$t3
+	rol	\$1,$t0
+	xor	$t3,@S[2]		# s2^=s3|key[3];
+	xor	$t0,@S[1]		# s1^=LeftRotate(s0&key[0],1);
+	and	@S[2],$t2
+	or	@S[1],$t1
+	rol	\$1,$t2
+	xor	$t1,@S[0]		# s0^=s1|key[1];
+	xor	$t2,@S[3]		# s3^=LeftRotate(s2&key[2],1);
+
+	jmp	.Ldloop
+
+.align	16
+.Lddone:
+	xor	@S[2],$t2
+	xor	@S[3],$t3
+	xor	@S[0],$t0
+	xor	@S[1],$t1
+
+	mov	$t2,@S[0]		# SwapHalf
+	mov	$t3,@S[1]
+	mov	$t0,@S[2]
+	mov	$t1,@S[3]
+
+	.byte	0xf3,0xc3		# rep ret
+.size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
+___
+
+sub _saveround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+    if ($#T==3) {
+	$code.=<<___;
+	mov	@T[1],`$bias+$rnd*8+0`($key)
+	mov	@T[0],`$bias+$rnd*8+4`($key)
+	mov	@T[3],`$bias+$rnd*8+8`($key)
+	mov	@T[2],`$bias+$rnd*8+12`($key)
+___
+    } else {
+	$code.="	mov	@T[0],`$bias+$rnd*8+0`($key)\n";
+	$code.="	mov	@T[1],`$bias+$rnd*8+8`($key)\n"	if ($#T>=1);
+    }
+}
+
+sub _loadround {
+my ($rnd,$key,@T)=@_;
+my $bias=int(@T[0])?shift(@T):0;
+
+$code.="	mov	`$bias+$rnd*8+0`($key),@T[0]\n";
+$code.="	mov	`$bias+$rnd*8+8`($key),@T[1]\n"	if ($#T>=1);
+}
+
+# shld is very slow on Intel EM64T family. Even on AMD it limits
+# instruction decode rate [because it's VectorPath] and consequently
+# performance...
+sub __rotl128 {
+my ($i0,$i1,$rot)=@_;
+
+    if ($rot) {
+	$code.=<<___;
+	mov	$i0,%r11
+	shld	\$$rot,$i1,$i0
+	shld	\$$rot,%r11,$i1
+___
+    }
+}
+
+# ... Implementing 128-bit rotate without shld gives 80% better
+# performance EM64T, +15% on AMD64 and only ~7% degradation on
+# Core2. This is therefore preferred.
+sub _rotl128 {
+my ($i0,$i1,$rot)=@_;
+
+    if ($rot) {
+	$code.=<<___;
+	mov	$i0,%r11
+	shl	\$$rot,$i0
+	mov	$i1,%r9
+	shr	\$`64-$rot`,%r9
+	shr	\$`64-$rot`,%r11
+	or	%r9,$i0
+	shl	\$$rot,$i1
+	or	%r11,$i1
+___
+    }
+}
+
+{ my $step=0;
+
+$code.=<<___;
+.globl	Camellia_Ekeygen
+.type	Camellia_Ekeygen,\@function,3
+.align	16
+Camellia_Ekeygen:
+	push	%rbx
+	push	%rbp
+	push	%r13
+	push	%r14
+	push	%r15
+.Lkey_prologue:
+
+	mov	%edi,${keyend}d		# put away arguments, keyBitLength
+	mov	%rdx,$out		# keyTable
+
+	mov	0(%rsi),@S[0]		# load 0-127 bits
+	mov	4(%rsi),@S[1]
+	mov	8(%rsi),@S[2]
+	mov	12(%rsi),@S[3]
+
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+___
+	&_saveround	(0,$out,@S);	# KL<<<0
+$code.=<<___;
+	cmp	\$128,$keyend		# check keyBitLength
+	je	.L1st128
+
+	mov	16(%rsi),@S[0]		# load 128-191 bits
+	mov	20(%rsi),@S[1]
+	cmp	\$192,$keyend
+	je	.L1st192
+	mov	24(%rsi),@S[2]		# load 192-255 bits
+	mov	28(%rsi),@S[3]
+	jmp	.L1st256
+.L1st192:
+	mov	@S[0],@S[2]
+	mov	@S[1],@S[3]
+	not	@S[2]
+	not	@S[3]
+.L1st256:
+	bswap	@S[0]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+___
+	&_saveround	(4,$out,@S);	# temp storage for KR!
+$code.=<<___;
+	xor	0($out),@S[1]		# KR^KL
+	xor	4($out),@S[0]
+	xor	8($out),@S[3]
+	xor	12($out),@S[2]
+
+.L1st128:
+	lea	.LCamellia_SIGMA(%rip),$key
+	lea	.LCamellia_SBOX(%rip),$Tbl
+
+	mov	0($key),$t1
+	mov	4($key),$t0
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+$code.=<<___;
+	xor	0($out),@S[1]		# ^KL
+	xor	4($out),@S[0]
+	xor	8($out),@S[3]
+	xor	12($out),@S[2]
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+$code.=<<___;
+	cmp	\$128,$keyend
+	jne	.L2nd256
+
+	lea	128($out),$out		# size optimization
+	shl	\$32,%r8		# @S[0]||
+	shl	\$32,%r10		# @S[2]||
+	or	%r9,%r8			# ||@S[1]
+	or	%r11,%r10		# ||@S[3]
+___
+	&_loadround	(0,$out,-128,"%rax","%rbx");	# KL
+	&_saveround	(2,$out,-128,"%r8","%r10");	# KA<<<0
+	&_rotl128	("%rax","%rbx",15);
+	&_saveround	(4,$out,-128,"%rax","%rbx");	# KL<<<15
+	&_rotl128	("%r8","%r10",15);
+	&_saveround	(6,$out,-128,"%r8","%r10");	# KA<<<15
+	&_rotl128	("%r8","%r10",15);		# 15+15=30
+	&_saveround	(8,$out,-128,"%r8","%r10");	# KA<<<30
+	&_rotl128	("%rax","%rbx",30);		# 15+30=45
+	&_saveround	(10,$out,-128,"%rax","%rbx");	# KL<<<45
+	&_rotl128	("%r8","%r10",15);		# 30+15=45
+	&_saveround	(12,$out,-128,"%r8");		# KA<<<45
+	&_rotl128	("%rax","%rbx",15);		# 45+15=60
+	&_saveround	(13,$out,-128,"%rbx");		# KL<<<60
+	&_rotl128	("%r8","%r10",15);		# 45+15=60
+	&_saveround	(14,$out,-128,"%r8","%r10");	# KA<<<60
+	&_rotl128	("%rax","%rbx",17);		# 60+17=77
+	&_saveround	(16,$out,-128,"%rax","%rbx");	# KL<<<77
+	&_rotl128	("%rax","%rbx",17);		# 77+17=94
+	&_saveround	(18,$out,-128,"%rax","%rbx");	# KL<<<94
+	&_rotl128	("%r8","%r10",34);		# 60+34=94
+	&_saveround	(20,$out,-128,"%r8","%r10");	# KA<<<94
+	&_rotl128	("%rax","%rbx",17);		# 94+17=111
+	&_saveround	(22,$out,-128,"%rax","%rbx");	# KL<<<111
+	&_rotl128	("%r8","%r10",17);		# 94+17=111
+	&_saveround	(24,$out,-128,"%r8","%r10");	# KA<<<111
+$code.=<<___;
+	mov	\$3,%eax
+	jmp	.Ldone
+.align	16
+.L2nd256:
+___
+	&_saveround	(6,$out,@S);	# temp storage for KA!
+$code.=<<___;
+	xor	`4*8+0`($out),@S[1]	# KA^KR
+	xor	`4*8+4`($out),@S[0]
+	xor	`5*8+0`($out),@S[3]
+	xor	`5*8+4`($out),@S[2]
+___
+	&Camellia_Feistel($step++);
+	&Camellia_Feistel($step++);
+
+	&_loadround	(0,$out,"%rax","%rbx");	# KL
+	&_loadround	(4,$out,"%rcx","%rdx");	# KR
+	&_loadround	(6,$out,"%r14","%r15");	# KA
+$code.=<<___;
+	lea	128($out),$out		# size optimization
+	shl	\$32,%r8		# @S[0]||
+	shl	\$32,%r10		# @S[2]||
+	or	%r9,%r8			# ||@S[1]
+	or	%r11,%r10		# ||@S[3]
+___
+	&_saveround	(2,$out,-128,"%r8","%r10");	# KB<<<0
+	&_rotl128	("%rcx","%rdx",15);
+	&_saveround	(4,$out,-128,"%rcx","%rdx");	# KR<<<15
+	&_rotl128	("%r14","%r15",15);
+	&_saveround	(6,$out,-128,"%r14","%r15");	# KA<<<15
+	&_rotl128	("%rcx","%rdx",15);		# 15+15=30
+	&_saveround	(8,$out,-128,"%rcx","%rdx");	# KR<<<30
+	&_rotl128	("%r8","%r10",30);
+	&_saveround	(10,$out,-128,"%r8","%r10");	# KB<<<30
+	&_rotl128	("%rax","%rbx",45);
+	&_saveround	(12,$out,-128,"%rax","%rbx");	# KL<<<45
+	&_rotl128	("%r14","%r15",30);		# 15+30=45
+	&_saveround	(14,$out,-128,"%r14","%r15");	# KA<<<45
+	&_rotl128	("%rax","%rbx",15);		# 45+15=60
+	&_saveround	(16,$out,-128,"%rax","%rbx");	# KL<<<60
+	&_rotl128	("%rcx","%rdx",30);		# 30+30=60
+	&_saveround	(18,$out,-128,"%rcx","%rdx");	# KR<<<60
+	&_rotl128	("%r8","%r10",30);		# 30+30=60
+	&_saveround	(20,$out,-128,"%r8","%r10");	# KB<<<60
+	&_rotl128	("%rax","%rbx",17);		# 60+17=77
+	&_saveround	(22,$out,-128,"%rax","%rbx");	# KL<<<77
+	&_rotl128	("%r14","%r15",32);		# 45+32=77
+	&_saveround	(24,$out,-128,"%r14","%r15");	# KA<<<77
+	&_rotl128	("%rcx","%rdx",34);		# 60+34=94
+	&_saveround	(26,$out,-128,"%rcx","%rdx");	# KR<<<94
+	&_rotl128	("%r14","%r15",17);		# 77+17=94
+	&_saveround	(28,$out,-128,"%r14","%r15");	# KA<<<77
+	&_rotl128	("%rax","%rbx",34);		# 77+34=111
+	&_saveround	(30,$out,-128,"%rax","%rbx");	# KL<<<111
+	&_rotl128	("%r8","%r10",51);		# 60+51=111
+	&_saveround	(32,$out,-128,"%r8","%r10");	# KB<<<111
+$code.=<<___;
+	mov	\$4,%eax
+.Ldone:
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%rbp
+	mov	32(%rsp),%rbx
+	lea	40(%rsp),%rsp
+.Lkey_epilogue:
+	ret
+.size	Camellia_Ekeygen,.-Camellia_Ekeygen
+___
+}
+
+@SBOX=(
+112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
+ 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
+134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
+166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
+139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
+223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
+ 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
+254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
+170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
+ 16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
+135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
+ 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
+233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
+120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
+114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
+ 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
+
+sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }
+sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }
+sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }
+sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
+
+$code.=<<___;
+.align	64
+.LCamellia_SIGMA:
+.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
+.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
+.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
+.long	0,          0,          0,          0
+.LCamellia_SBOX:
+___
+# tables are interleaved, remember?
+sub data_word { $code.=".long\t".join(',',@_)."\n"; }
+for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
+for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
+
+# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
+#			size_t length, const CAMELLIA_KEY *key,
+#			unsigned char *ivp,const int enc);
+{
+$_key="0(%rsp)";
+$_end="8(%rsp)";	# inp+len&~15
+$_res="16(%rsp)";	# len&15
+$ivec="24(%rsp)";
+$_ivp="40(%rsp)";
+$_rsp="48(%rsp)";
+
+$code.=<<___;
+.globl	Camellia_cbc_encrypt
+.type	Camellia_cbc_encrypt,\@function,6
+.align	16
+Camellia_cbc_encrypt:
+	cmp	\$0,%rdx
+	je	.Lcbc_abort
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lcbc_prologue:
+
+	mov	%rsp,%rbp
+	sub	\$64,%rsp
+	and	\$-64,%rsp
+
+	# place stack frame just "above mod 1024" the key schedule,
+	# this ensures that cache associativity suffices
+	lea	-64-63(%rcx),%r10
+	sub	%rsp,%r10
+	neg	%r10
+	and	\$0x3C0,%r10
+	sub	%r10,%rsp
+	#add	\$8,%rsp		# 8 is reserved for callee's ra
+
+	mov	%rdi,$inp		# inp argument
+	mov	%rsi,$out		# out argument
+	mov	%r8,%rbx		# ivp argument
+	mov	%rcx,$key		# key argument
+	mov	272(%rcx),${keyend}d	# grandRounds
+
+	mov	%r8,$_ivp
+	mov	%rbp,$_rsp
+
+.Lcbc_body:
+	lea	.LCamellia_SBOX(%rip),$Tbl
+
+	mov	\$32,%ecx
+.align	4
+.Lcbc_prefetch_sbox:
+	mov	0($Tbl),%rax
+	mov	32($Tbl),%rsi
+	mov	64($Tbl),%rdi
+	mov	96($Tbl),%r11
+	lea	128($Tbl),$Tbl
+	loop	.Lcbc_prefetch_sbox
+	sub	\$4096,$Tbl
+	shl	\$6,$keyend
+	mov	%rdx,%rcx		# len argument
+	lea	($key,$keyend),$keyend
+
+	cmp	\$0,%r9d		# enc argument
+	je	.LCBC_DECRYPT
+
+	and	\$-16,%rdx
+	and	\$15,%rcx		# length residue
+	lea	($inp,%rdx),%rdx
+	mov	$key,$_key
+	mov	%rdx,$_end
+	mov	%rcx,$_res
+
+	cmp	$inp,%rdx
+	mov	0(%rbx),@S[0]		# load IV
+	mov	4(%rbx),@S[1]
+	mov	8(%rbx),@S[2]
+	mov	12(%rbx),@S[3]
+	je	.Lcbc_enc_tail
+	jmp	.Lcbc_eloop
+
+.align	16
+.Lcbc_eloop:
+	xor	0($inp),@S[0]
+	xor	4($inp),@S[1]
+	xor	8($inp),@S[2]
+	bswap	@S[0]
+	xor	12($inp),@S[3]
+	bswap	@S[1]
+	bswap	@S[2]
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_encrypt
+
+	mov	$_key,$key		# "rewind" the key
+	bswap	@S[0]
+	mov	$_end,%rdx
+	bswap	@S[1]
+	mov	$_res,%rcx
+	bswap	@S[2]
+	mov	@S[0],0($out)
+	bswap	@S[3]
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	lea	16($inp),$inp
+	mov	@S[3],12($out)
+	cmp	%rdx,$inp
+	lea	16($out),$out
+	jne	.Lcbc_eloop
+
+	cmp	\$0,%rcx
+	jne	.Lcbc_enc_tail
+
+	mov	$_ivp,$out
+	mov	@S[0],0($out)		# write out IV residue
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_enc_tail:
+	xor	%rax,%rax
+	mov	%rax,0+$ivec
+	mov	%rax,8+$ivec
+	mov	%rax,$_res
+
+.Lcbc_enc_pushf:
+	pushfq
+	cld
+	mov	$inp,%rsi
+	lea	8+$ivec,%rdi
+	.long	0x9066A4F3		# rep movsb
+	popfq
+.Lcbc_enc_popf:
+
+	lea	$ivec,$inp
+	lea	16+$ivec,%rax
+	mov	%rax,$_end
+	jmp	.Lcbc_eloop		# one more time
+
+.align	16
+.LCBC_DECRYPT:
+	xchg	$key,$keyend
+	add	\$15,%rdx
+	and	\$15,%rcx		# length residue
+	and	\$-16,%rdx
+	mov	$key,$_key
+	lea	($inp,%rdx),%rdx
+	mov	%rdx,$_end
+	mov	%rcx,$_res
+
+	mov	(%rbx),%rax		# load IV
+	mov	8(%rbx),%rbx
+	jmp	.Lcbc_dloop
+.align	16
+.Lcbc_dloop:
+	mov	0($inp),@S[0]
+	mov	4($inp),@S[1]
+	mov	8($inp),@S[2]
+	bswap	@S[0]
+	mov	12($inp),@S[3]
+	bswap	@S[1]
+	mov	%rax,0+$ivec		# save IV to temporary storage
+	bswap	@S[2]
+	mov	%rbx,8+$ivec
+	bswap	@S[3]
+
+	call	_x86_64_Camellia_decrypt
+
+	mov	$_key,$key		# "rewind" the key
+	mov	$_end,%rdx
+	mov	$_res,%rcx
+
+	bswap	@S[0]
+	mov	($inp),%rax		# load IV for next iteration
+	bswap	@S[1]
+	mov	8($inp),%rbx
+	bswap	@S[2]
+	xor	0+$ivec,@S[0]
+	bswap	@S[3]
+	xor	4+$ivec,@S[1]
+	xor	8+$ivec,@S[2]
+	lea	16($inp),$inp
+	xor	12+$ivec,@S[3]
+	cmp	%rdx,$inp
+	je	.Lcbc_ddone
+
+	mov	@S[0],0($out)
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	lea	16($out),$out
+	jmp	.Lcbc_dloop
+
+.align	16
+.Lcbc_ddone:
+	mov	$_ivp,%rdx
+	cmp	\$0,%rcx
+	jne	.Lcbc_dec_tail
+
+	mov	@S[0],0($out)
+	mov	@S[1],4($out)
+	mov	@S[2],8($out)
+	mov	@S[3],12($out)
+
+	mov	%rax,(%rdx)		# write out IV residue
+	mov	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_tail:
+	mov	@S[0],0+$ivec
+	mov	@S[1],4+$ivec
+	mov	@S[2],8+$ivec
+	mov	@S[3],12+$ivec
+
+.Lcbc_dec_pushf:
+	pushfq
+	cld
+	lea	8+$ivec,%rsi
+	lea	($out),%rdi
+	.long	0x9066A4F3		# rep movsb
+	popfq
+.Lcbc_dec_popf:
+
+	mov	%rax,(%rdx)		# write out IV residue
+	mov	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_done:
+	mov	$_rsp,%rcx
+	mov	0(%rcx),%r15
+	mov	8(%rcx),%r14
+	mov	16(%rcx),%r13
+	mov	24(%rcx),%r12
+	mov	32(%rcx),%rbp
+	mov	40(%rcx),%rbx
+	lea	48(%rcx),%rsp
+.Lcbc_abort:
+	ret
+.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+
+.asciz	"Camellia for x86_64 by <appro\@openssl.org>"
+___
+}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	common_se_handler,\@abi-omnipotent
+.align	16
+common_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	lea	-64(%rsp),%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	40(%rax),%rax
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r13
+	mov	-32(%rax),%r14
+	mov	-40(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	common_se_handler,.-common_se_handler
+
+.type	cbc_se_handler,\@abi-omnipotent
+.align	16
+cbc_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	lea	-64(%rsp),%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lcbc_prologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue
+	jb	.Lin_cbc_prologue
+
+	lea	.Lcbc_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_body
+	jb	.Lin_cbc_frame_setup
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lcbc_abort(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lcbc_abort
+	jae	.Lin_cbc_prologue
+
+	# handle pushf/popf in Camellia_cbc_encrypt
+	lea	.Lcbc_enc_pushf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<=.Lcbc_enc_pushf
+	jbe	.Lin_cbc_no_flag
+	lea	8(%rax),%rax
+	lea	.Lcbc_enc_popf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_enc_popf
+	jb	.Lin_cbc_no_flag
+	lea	-8(%rax),%rax
+	lea	.Lcbc_dec_pushf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<=.Lcbc_dec_pushf
+	jbe	.Lin_cbc_no_flag
+	lea	8(%rax),%rax
+	lea	.Lcbc_dec_popf(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lcbc_dec_popf
+	jb	.Lin_cbc_no_flag
+	lea	-8(%rax),%rax
+
+.Lin_cbc_no_flag:
+	mov	48(%rax),%rax		# $_rsp
+	lea	48(%rax),%rax
+
+.Lin_cbc_frame_setup:
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_cbc_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.align	4
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	lea	64(%rsp),%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	cbc_se_handler,.-cbc_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_Camellia_EncryptBlock_Rounds
+	.rva	.LSEH_end_Camellia_EncryptBlock_Rounds
+	.rva	.LSEH_info_Camellia_EncryptBlock_Rounds
+
+	.rva	.LSEH_begin_Camellia_DecryptBlock_Rounds
+	.rva	.LSEH_end_Camellia_DecryptBlock_Rounds
+	.rva	.LSEH_info_Camellia_DecryptBlock_Rounds
+
+	.rva	.LSEH_begin_Camellia_Ekeygen
+	.rva	.LSEH_end_Camellia_Ekeygen
+	.rva	.LSEH_info_Camellia_Ekeygen
+
+	.rva	.LSEH_begin_Camellia_cbc_encrypt
+	.rva	.LSEH_end_Camellia_cbc_encrypt
+	.rva	.LSEH_info_Camellia_cbc_encrypt
+
+.section	.xdata
+.align	8
+.LSEH_info_Camellia_EncryptBlock_Rounds:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
+.LSEH_info_Camellia_DecryptBlock_Rounds:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
+.LSEH_info_Camellia_Ekeygen:
+	.byte	9,0,0,0
+	.rva	common_se_handler
+	.rva	.Lkey_prologue,.Lkey_epilogue	# HandlerData[]
+.LSEH_info_Camellia_cbc_encrypt:
+	.byte	9,0,0,0
+	.rva	cbc_se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/camellia/asm/cmllt4-sparcv9.pl b/openssl-1.1.0h/crypto/camellia/asm/cmllt4-sparcv9.pl
new file mode 100644
index 0000000..ffe4a7d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -0,0 +1,939 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
+# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# license. October 2012. All rights reserved.
+# ====================================================================
+
+######################################################################
+# Camellia for SPARC T4.
+#
+# As with AES below results [for aligned data] are virtually identical
+# to critical path lenths for 3-cycle instruction latency:
+#
+#		128-bit key	192/256-
+# CBC encrypt	4.14/4.21(*)	5.46/5.52
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# As with Intel AES-NI, question is if it's possible to improve
+# performance of parallelizeable modes by interleaving round
+# instructions. In Camellia every instruction is dependent on
+# previous, which means that there is place for 2 additional ones
+# in between two dependent. Can we expect 3x performance improvement?
+# At least one can argue that it should be possible to break 2x
+# barrier... For some reason not even 2x appears to be possible:
+#
+#		128-bit key	192/256-
+# CBC decrypt	2.21/2.74	2.99/3.40
+# CTR		2.15/2.68(*)	2.93/3.34
+#			 (*) numbers after slash are for
+#			     misaligned data.
+#
+# This is for 2x interleave. But compared to 1x interleave CBC decrypt
+# improved by ... 0% for 128-bit key, and 11% for 192/256-bit one.
+# So that out-of-order execution logic can take non-interleaved code
+# to 1.87x, but can't take 2x interleaved one any further. There
+# surely is some explanation... As result 3x interleave was not even
+# attempted. Instead an effort was made to share specific modes
+# implementations with AES module (therefore sparct4_modes.pl).
+#
+# To anchor to something else, software C implementation processes
+# one byte in 38 cycles with 128-bit key on same processor.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+$::evp=1;	# if $evp is set to 0, script generates module with
+# Camellia_[en|de]crypt, Camellia_set_key and Camellia_cbc_encrypt
+# entry points. These are fully compatible with openssl/camellia.h.
+
+######################################################################
+# single-round subroutines
+#
+{
+my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
+
+$code=<<___;
+#include "sparc_arch.h"
+
+.text
+
+.globl	cmll_t4_encrypt
+.align	32
+cmll_t4_encrypt:
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %o3
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %o3, %o5
+	srlx		$inp, %o3, %o3
+	or		%o5, %o4, %o4
+	or		%o3, %g1, %o5
+1:
+	ld		[$key + 272], $rounds	! grandRounds, 3 or 4
+	ldd		[$key + 16], %f12
+	ldd		[$key + 24], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	ldd		[$key + 32], %f16
+	ldd		[$key + 40], %f18
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	ldd		[$key + 48], %f20
+	ldd		[$key + 56], %f22
+	sub		$rounds, 1, $rounds
+	ldd		[$key + 64], %f24
+	ldd		[$key + 72], %f26
+	add		$key, 80, $key
+
+.Lenc:
+	camellia_f	%f12, %f2, %f0, %f2
+	ldd		[$key + 0], %f12
+	sub		$rounds,1,$rounds
+	camellia_f	%f14, %f0, %f2, %f0
+	ldd		[$key + 8], %f14
+	camellia_f	%f16, %f2, %f0, %f2
+	ldd		[$key + 16], %f16
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	ldd		[$key + 32], %f20
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 40], %f22
+	camellia_fl	%f24, %f0, %f0
+	ldd		[$key + 48], %f24
+	camellia_fli	%f26, %f2, %f2
+	ldd		[$key + 56], %f26
+	brnz,pt		$rounds, .Lenc
+	add		$key, 64, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	camellia_f	%f12, %f2, %f0, %f2
+	camellia_f	%f14, %f0, %f2, %f0
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f20, %f2, %f0, %f4
+	camellia_f	%f22, %f0, %f4, %f2
+	fxor		%f24, %f4, %f0
+	fxor		%f26, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	cmll_t4_encrypt,#function
+.size	cmll_t4_encrypt,.-cmll_t4_encrypt
+
+.globl	cmll_t4_decrypt
+.align	32
+cmll_t4_decrypt:
+	ld		[$key + 272], $rounds	! grandRounds, 3 or 4
+	andcc		$inp, 7, %g1		! is input aligned?
+	andn		$inp, 7, $inp
+
+	sll		$rounds, 6, $rounds
+	add		$rounds, $key, $key
+
+	ldx		[$inp + 0], %o4
+	bz,pt		%icc, 1f
+	ldx		[$inp + 8], %o5
+	ldx		[$inp + 16], $inp
+	sll		%g1, 3, %g1
+	sub		%g0, %g1, %g4
+	sllx		%o4, %g1, %o4
+	sllx		%o5, %g1, %g1
+	srlx		%o5, %g4, %o5
+	srlx		$inp, %g4, %g4
+	or		%o5, %o4, %o4
+	or		%g4, %g1, %o5
+1:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+	ldd		[$key - 8], %f12
+	ldd		[$key - 16], %f14
+	xor		%g4, %o4, %o4
+	xor		%g5, %o5, %o5
+	ldd		[$key - 24], %f16
+	ldd		[$key - 32], %f18
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	ldd		[$key - 40], %f20
+	ldd		[$key - 48], %f22
+	sub		$rounds, 64, $rounds
+	ldd		[$key - 56], %f24
+	ldd		[$key - 64], %f26
+	sub		$key, 64, $key
+
+.Ldec:
+	camellia_f	%f12, %f2, %f0, %f2
+	ldd		[$key - 8], %f12
+	sub		$rounds, 64, $rounds
+	camellia_f	%f14, %f0, %f2, %f0
+	ldd		[$key - 16], %f14
+	camellia_f	%f16, %f2, %f0, %f2
+	ldd		[$key - 24], %f16
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key - 32], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	ldd		[$key - 40], %f20
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key - 48], %f22
+	camellia_fl	%f24, %f0, %f0
+	ldd		[$key - 56], %f24
+	camellia_fli	%f26, %f2, %f2
+	ldd		[$key - 64], %f26
+	brnz,pt		$rounds, .Ldec
+	sub		$key, 64, $key
+
+	andcc		$out, 7, $tmp		! is output aligned?
+	camellia_f	%f12, %f2, %f0, %f2
+	camellia_f	%f14, %f0, %f2, %f0
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f20, %f2, %f0, %f4
+	camellia_f	%f22, %f0, %f4, %f2
+	fxor		%f26, %f4, %f0
+	fxor		%f24, %f2, %f2
+
+	bnz,pn		%icc, 2f
+	nop
+
+	std		%f0, [$out + 0]
+	retl
+	std		%f2, [$out + 8]
+
+2:	alignaddrl	$out, %g0, $out
+	mov		0xff, $mask
+	srl		$mask, $tmp, $mask
+
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $mask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $mask, $mask
+	retl
+	stda		%f8, [$out + $mask]0xc0	! partial store
+.type	cmll_t4_decrypt,#function
+.size	cmll_t4_decrypt,.-cmll_t4_decrypt
+___
+}
+
+######################################################################
+# key setup subroutines
+#
+{
+sub ROTL128 {
+  my $rot = shift;
+
+	"srlx	%o4, 64-$rot, %g4\n\t".
+	"sllx	%o4, $rot, %o4\n\t".
+	"srlx	%o5, 64-$rot, %g5\n\t".
+	"sllx	%o5, $rot, %o5\n\t".
+	"or	%o4, %g5, %o4\n\t".
+	"or	%o5, %g4, %o5";
+}
+
+my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
+$code.=<<___;
+.globl	cmll_t4_set_key
+.align	32
+cmll_t4_set_key:
+	and		$inp, 7, $tmp
+	alignaddr	$inp, %g0, $inp
+	cmp		$bits, 192
+	ldd		[$inp + 0], %f0
+	bl,pt		%icc,.L128
+	ldd		[$inp + 8], %f2
+
+	be,pt		%icc,.L192
+	ldd		[$inp + 16], %f4
+
+	brz,pt		$tmp, .L256aligned
+	ldd		[$inp + 24], %f6
+
+	ldd		[$inp + 32], %f8
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	b		.L256aligned
+	faligndata	%f6, %f8, %f6
+
+.align	16
+.L192:
+	brz,a,pt	$tmp, .L256aligned
+	fnot2		%f4, %f6
+
+	ldd		[$inp + 24], %f6
+	nop
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	fnot2		%f4, %f6
+
+.L256aligned:
+	std		%f0, [$out + 0]		! k[0, 1]
+	fsrc2		%f0, %f28
+	std		%f2, [$out + 8]		! k[2, 3]
+	fsrc2		%f2, %f30
+	fxor		%f4, %f0, %f0
+	b		.L128key
+	fxor		%f6, %f2, %f2
+
+.align	16
+.L128:
+	brz,pt		$tmp, .L128aligned
+	nop
+
+	ldd		[$inp + 16], %f4
+	nop
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+
+.L128aligned:
+	std		%f0, [$out + 0]		! k[0, 1]
+	fsrc2		%f0, %f28
+	std		%f2, [$out + 8]		! k[2, 3]
+	fsrc2		%f2, %f30
+
+.L128key:
+	mov		%o7, %o5
+1:	call		.+8
+	add		%o7, SIGMA-1b, %o4
+	mov		%o5, %o7
+
+	ldd		[%o4 + 0], %f16
+	ldd		[%o4 + 8], %f18
+	ldd		[%o4 + 16], %f20
+	ldd		[%o4 + 24], %f22
+
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	fxor		%f28, %f0, %f0
+	fxor		%f30, %f2, %f2
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+
+	bge,pn		%icc, .L256key
+	nop
+	std	%f0, [$out + 0x10]	! k[ 4,  5]
+	std	%f2, [$out + 0x18]	! k[ 6,  7]
+
+	movdtox	%f0, %o4
+	movdtox	%f2, %o5
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x30]	! k[12, 13]
+	stx	%o5, [$out + 0x38]	! k[14, 15]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x40]	! k[16, 17]
+	stx	%o5, [$out + 0x48]	! k[18, 19]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x60]	! k[24, 25]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x70]	! k[28, 29]
+	stx	%o5, [$out + 0x78]	! k[30, 31]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xa0]	! k[40, 41]
+	stx	%o5, [$out + 0xa8]	! k[42, 43]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xc0]	! k[48, 49]
+	stx	%o5, [$out + 0xc8]	! k[50, 51]
+
+	movdtox	%f28, %o4		! k[ 0,  1]
+	movdtox	%f30, %o5		! k[ 2,  3]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x20]	! k[ 8,  9]
+	stx	%o5, [$out + 0x28]	! k[10, 11]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x50]	! k[20, 21]
+	stx	%o5, [$out + 0x58]	! k[22, 23]
+	`&ROTL128(15)`
+	stx	%o5, [$out + 0x68]	! k[26, 27]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0x80]	! k[32, 33]
+	stx	%o5, [$out + 0x88]	! k[34, 35]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0x90]	! k[36, 37]
+	stx	%o5, [$out + 0x98]	! k[38, 39]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xb0]	! k[44, 45]
+	stx	%o5, [$out + 0xb8]	! k[46, 47]
+
+	mov		3, $tmp
+	st		$tmp, [$out + 0x110]
+	retl
+	xor		%o0, %o0, %o0
+
+.align	16
+.L256key:
+	ldd		[%o4 + 32], %f24
+	ldd		[%o4 + 40], %f26
+
+	std		%f0, [$out + 0x30]	! k[12, 13]
+	std		%f2, [$out + 0x38]	! k[14, 15]
+
+	fxor		%f4, %f0, %f0
+	fxor		%f6, %f2, %f2
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+
+	std	%f0, [$out + 0x10]	! k[ 4,  5]
+	std	%f2, [$out + 0x18]	! k[ 6,  7]
+
+	movdtox	%f0, %o4
+	movdtox	%f2, %o5
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x50]	! k[20, 21]
+	stx	%o5, [$out + 0x58]	! k[22, 23]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0xa0]	! k[40, 41]
+	stx	%o5, [$out + 0xa8]	! k[42, 43]
+	`&ROTL128(51)`
+	stx	%o4, [$out + 0x100]	! k[64, 65]
+	stx	%o5, [$out + 0x108]	! k[66, 67]
+
+	movdtox	%f4, %o4		! k[ 8,  9]
+	movdtox	%f6, %o5		! k[10, 11]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x20]	! k[ 8,  9]
+	stx	%o5, [$out + 0x28]	! k[10, 11]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x40]	! k[16, 17]
+	stx	%o5, [$out + 0x48]	! k[18, 19]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x90]	! k[36, 37]
+	stx	%o5, [$out + 0x98]	! k[38, 39]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xd0]	! k[52, 53]
+	stx	%o5, [$out + 0xd8]	! k[54, 55]
+	ldx	[$out + 0x30], %o4	! k[12, 13]
+	ldx	[$out + 0x38], %o5	! k[14, 15]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x30]	! k[12, 13]
+	stx	%o5, [$out + 0x38]	! k[14, 15]
+	`&ROTL128(30)`
+	stx	%o4, [$out + 0x70]	! k[28, 29]
+	stx	%o5, [$out + 0x78]	! k[30, 31]
+	srlx	%o4, 32, %g4
+	srlx	%o5, 32, %g5
+	st	%o4, [$out + 0xc0]	! k[48]
+	st	%g5, [$out + 0xc4]	! k[49]
+	st	%o5, [$out + 0xc8]	! k[50]
+	st	%g4, [$out + 0xcc]	! k[51]
+	`&ROTL128(49)`
+	stx	%o4, [$out + 0xe0]	! k[56, 57]
+	stx	%o5, [$out + 0xe8]	! k[58, 59]
+
+	movdtox	%f28, %o4		! k[ 0,  1]
+	movdtox	%f30, %o5		! k[ 2,  3]
+	`&ROTL128(45)`
+	stx	%o4, [$out + 0x60]	! k[24, 25]
+	stx	%o5, [$out + 0x68]	! k[26, 27]
+	`&ROTL128(15)`
+	stx	%o4, [$out + 0x80]	! k[32, 33]
+	stx	%o5, [$out + 0x88]	! k[34, 35]
+	`&ROTL128(17)`
+	stx	%o4, [$out + 0xb0]	! k[44, 45]
+	stx	%o5, [$out + 0xb8]	! k[46, 47]
+	`&ROTL128(34)`
+	stx	%o4, [$out + 0xf0]	! k[60, 61]
+	stx	%o5, [$out + 0xf8]	! k[62, 63]
+
+	mov		4, $tmp
+	st		$tmp, [$out + 0x110]
+	retl
+	xor		%o0, %o0, %o0
+.type	cmll_t4_set_key,#function
+.size	cmll_t4_set_key,.-cmll_t4_set_key
+.align	32
+SIGMA:
+	.long	0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2
+	.long	0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c
+	.long	0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+.type	SIGMA,#object
+.size	SIGMA,.-SIGMA
+.asciz	"Camellia for SPARC T4, David S. Miller, Andy Polyakov"
+___
+}
+
+{{{
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
+my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
+
+$code.=<<___;
+.align	32
+_cmll128_load_enckey:
+	ldx		[$key + 0], %g4
+	ldx		[$key + 8], %g5
+___
+for ($i=2; $i<26;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`12+2*$i`
+___
+}
+$code.=<<___;
+	retl
+	nop
+.type	_cmll128_load_enckey,#function
+.size	_cmll128_load_enckey,.-_cmll128_load_enckey
+_cmll256_load_enckey=_cmll128_load_enckey
+
+.align	32
+_cmll256_load_deckey:
+	ldd		[$key + 64], %f62
+	ldd		[$key + 72], %f60
+	b		.Load_deckey
+	add		$key, 64, $key
+_cmll128_load_deckey:
+	ldd		[$key + 0], %f60
+	ldd		[$key + 8], %f62
+.Load_deckey:
+___
+for ($i=2; $i<24;$i++) {			# load key schedule
+    $code.=<<___;
+	ldd		[$key + `8*$i`], %f`62-2*$i`
+___
+}
+$code.=<<___;
+	ldx		[$key + 192], %g4
+	retl
+	ldx		[$key + 200], %g5
+.type	_cmll256_load_deckey,#function
+.size	_cmll256_load_deckey,.-_cmll256_load_deckey
+
+.align	32
+_cmll128_encrypt_1x:
+___
+for ($i=0; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+___
+$code.=<<___ if ($i<2);
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f56, %f2, %f0, %f4
+	camellia_f	%f58, %f0, %f4, %f2
+	fxor		%f60, %f4, %f0
+	retl
+	fxor		%f62, %f2, %f2
+.type	_cmll128_encrypt_1x,#function
+.size	_cmll128_encrypt_1x,.-_cmll128_encrypt_1x
+_cmll128_decrypt_1x=_cmll128_encrypt_1x
+
+.align	32
+_cmll128_encrypt_2x:
+___
+for ($i=0; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+___
+$code.=<<___ if ($i<2);
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f56, %f2, %f0, %f8
+	camellia_f	%f56, %f6, %f4, %f10
+	camellia_f	%f58, %f0, %f8, %f2
+	camellia_f	%f58, %f4, %f10, %f6
+	fxor		%f60, %f8, %f0
+	fxor		%f60, %f10, %f4
+	fxor		%f62, %f2, %f2
+	retl
+	fxor		%f62, %f6, %f6
+.type	_cmll128_encrypt_2x,#function
+.size	_cmll128_encrypt_2x,.-_cmll128_encrypt_2x
+_cmll128_decrypt_2x=_cmll128_encrypt_2x
+
+.align	32
+_cmll256_encrypt_1x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+	ldd		[$key + 240], %f24
+	ldd		[$key + 248], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fli	%f30, %f2, %f2
+	ldd		[$key + 256], %f28
+	ldd		[$key + 264], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 32], %f20
+	ldd		[$key + 40], %f22
+	camellia_f	%f24, %f2, %f0, %f4
+	camellia_f	%f26, %f0, %f4, %f2
+	ldd		[$key + 48], %f24
+	ldd		[$key + 56], %f26
+	fxor		%f28, %f4, %f0
+	fxor		%f30, %f2, %f2
+	ldd		[$key + 64], %f28
+	retl
+	ldd		[$key + 72], %f30
+.type	_cmll256_encrypt_1x,#function
+.size	_cmll256_encrypt_1x,.-_cmll256_encrypt_1x
+
+.align	32
+_cmll256_encrypt_2x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 208], %f16
+	ldd		[$key + 216], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 224], %f20
+	ldd		[$key + 232], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f24, %f6, %f4, %f6
+	camellia_f	%f26, %f0, %f2, %f0
+	camellia_f	%f26, %f4, %f6, %f4
+	ldd		[$key + 240], %f24
+	ldd		[$key + 248], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fl	%f28, %f4, %f4
+	camellia_fli	%f30, %f2, %f2
+	camellia_fli	%f30, %f6, %f6
+	ldd		[$key + 256], %f28
+	ldd		[$key + 264], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 16], %f16
+	ldd		[$key + 24], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 32], %f20
+	ldd		[$key + 40], %f22
+	camellia_f	%f24, %f2, %f0, %f8
+	camellia_f	%f24, %f6, %f4, %f10
+	camellia_f	%f26, %f0, %f8, %f2
+	camellia_f	%f26, %f4, %f10, %f6
+	ldd		[$key + 48], %f24
+	ldd		[$key + 56], %f26
+	fxor		%f28, %f8, %f0
+	fxor		%f28, %f10, %f4
+	fxor		%f30, %f2, %f2
+	fxor		%f30, %f6, %f6
+	ldd		[$key + 64], %f28
+	retl
+	ldd		[$key + 72], %f30
+.type	_cmll256_encrypt_2x,#function
+.size	_cmll256_encrypt_2x,.-_cmll256_encrypt_2x
+
+.align	32
+_cmll256_decrypt_1x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key - 8], %f16
+	ldd		[$key - 16], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key - 24], %f20
+	ldd		[$key - 32], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f26, %f0, %f2, %f0
+	ldd		[$key - 40], %f24
+	ldd		[$key - 48], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fli	%f30, %f2, %f2
+	ldd		[$key - 56], %f28
+	ldd		[$key - 64], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f18, %f0, %f2, %f0
+	ldd		[$key + 184], %f16
+	ldd		[$key + 176], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f22, %f0, %f2, %f0
+	ldd		[$key + 168], %f20
+	ldd		[$key + 160], %f22
+	camellia_f	%f24, %f2, %f0, %f4
+	camellia_f	%f26, %f0, %f4, %f2
+	ldd		[$key + 152], %f24
+	ldd		[$key + 144], %f26
+	fxor		%f30, %f4, %f0
+	fxor		%f28, %f2, %f2
+	ldd		[$key + 136], %f28
+	retl
+	ldd		[$key + 128], %f30
+.type	_cmll256_decrypt_1x,#function
+.size	_cmll256_decrypt_1x,.-_cmll256_decrypt_1x
+
+.align	32
+_cmll256_decrypt_2x:
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key - 8], %f16
+	ldd		[$key - 16], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key - 24], %f20
+	ldd		[$key - 32], %f22
+	camellia_f	%f24, %f2, %f0, %f2
+	camellia_f	%f24, %f6, %f4, %f6
+	camellia_f	%f26, %f0, %f2, %f0
+	camellia_f	%f26, %f4, %f6, %f4
+	ldd		[$key - 40], %f24
+	ldd		[$key - 48], %f26
+	camellia_fl	%f28, %f0, %f0
+	camellia_fl	%f28, %f4, %f4
+	camellia_fli	%f30, %f2, %f2
+	camellia_fli	%f30, %f6, %f6
+	ldd		[$key - 56], %f28
+	ldd		[$key - 64], %f30
+___
+for ($i=1; $i<3; $i++) {
+    $code.=<<___;
+	camellia_f	%f`16+16*$i+0`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+0`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+2`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+2`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+4`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+4`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+6`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+6`, %f4, %f6, %f4
+	camellia_f	%f`16+16*$i+8`, %f2, %f0, %f2
+	camellia_f	%f`16+16*$i+8`, %f6, %f4, %f6
+	camellia_f	%f`16+16*$i+10`, %f0, %f2, %f0
+	camellia_f	%f`16+16*$i+10`, %f4, %f6, %f4
+	camellia_fl	%f`16+16*$i+12`, %f0,      %f0
+	camellia_fl	%f`16+16*$i+12`, %f4,      %f4
+	camellia_fli	%f`16+16*$i+14`, %f2,      %f2
+	camellia_fli	%f`16+16*$i+14`, %f6,      %f6
+___
+}
+$code.=<<___;
+	camellia_f	%f16, %f2, %f0, %f2
+	camellia_f	%f16, %f6, %f4, %f6
+	camellia_f	%f18, %f0, %f2, %f0
+	camellia_f	%f18, %f4, %f6, %f4
+	ldd		[$key + 184], %f16
+	ldd		[$key + 176], %f18
+	camellia_f	%f20, %f2, %f0, %f2
+	camellia_f	%f20, %f6, %f4, %f6
+	camellia_f	%f22, %f0, %f2, %f0
+	camellia_f	%f22, %f4, %f6, %f4
+	ldd		[$key + 168], %f20
+	ldd		[$key + 160], %f22
+	camellia_f	%f24, %f2, %f0, %f8
+	camellia_f	%f24, %f6, %f4, %f10
+	camellia_f	%f26, %f0, %f8, %f2
+	camellia_f	%f26, %f4, %f10, %f6
+	ldd		[$key + 152], %f24
+	ldd		[$key + 144], %f26
+	fxor		%f30, %f8, %f0
+	fxor		%f30, %f10, %f4
+	fxor		%f28, %f2, %f2
+	fxor		%f28, %f6, %f6
+	ldd		[$key + 136], %f28
+	retl
+	ldd		[$key + 128], %f30
+.type	_cmll256_decrypt_2x,#function
+.size	_cmll256_decrypt_2x,.-_cmll256_decrypt_2x
+___
+
+&alg_cbc_encrypt_implement("cmll",128);
+&alg_cbc_encrypt_implement("cmll",256);
+
+&alg_cbc_decrypt_implement("cmll",128);
+&alg_cbc_decrypt_implement("cmll",256);
+
+if ($::evp) {
+    &alg_ctr32_implement("cmll",128);
+    &alg_ctr32_implement("cmll",256);
+}
+}}}
+
+if (!$::evp) {
+$code.=<<___;
+.global	Camellia_encrypt
+Camellia_encrypt=cmll_t4_encrypt
+.global	Camellia_decrypt
+Camellia_decrypt=cmll_t4_decrypt
+.global	Camellia_set_key
+.align	32
+Camellia_set_key:
+	andcc		%o2, 7, %g0		! double-check alignment
+	bnz,a,pn	%icc, 1f
+	mov		-1, %o0
+	brz,a,pn	%o0, 1f
+	mov		-1, %o0
+	brz,a,pn	%o2, 1f
+	mov		-1, %o0
+	andncc		%o1, 0x1c0, %g0
+	bnz,a,pn	%icc, 1f
+	mov		-2, %o0
+	cmp		%o1, 128
+	bl,a,pn		%icc, 1f
+	mov		-2, %o0
+	b		cmll_t4_set_key
+	nop
+1:	retl
+	nop
+.type	Camellia_set_key,#function
+.size	Camellia_set_key,.-Camellia_set_key
+___
+
+my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
+
+$code.=<<___;
+.globl	Camellia_cbc_encrypt
+.align	32
+Camellia_cbc_encrypt:
+	ld		[$key + 272], %g1
+	nop
+	brz		$enc, .Lcbc_decrypt
+	cmp		%g1, 3
+
+	be,pt		%icc, cmll128_t4_cbc_encrypt
+	nop
+	ba		cmll256_t4_cbc_encrypt
+	nop
+
+.Lcbc_decrypt:
+	be,pt		%icc, cmll128_t4_cbc_decrypt
+	nop
+	ba		cmll256_t4_cbc_decrypt
+	nop
+.type	Camellia_cbc_encrypt,#function
+.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+___
+}
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/camellia/build.info b/openssl-1.1.0h/crypto/camellia/build.info
new file mode 100644
index 0000000..fd78272
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/build.info
@@ -0,0 +1,11 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c \
+        {- $target{cmll_asm_src} -}
+
+GENERATE[cmll-x86.s]=asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
+GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[cmllt4-sparcv9.o]=..
+DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl
diff --git a/openssl-1.1.0h/crypto/camellia/camellia.c b/openssl-1.1.0h/crypto/camellia/camellia.c
new file mode 100644
index 0000000..6641a62
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/camellia.c
@@ -0,0 +1,541 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+/*
+ * This release balances code size and performance. In particular key
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include <string.h>
+#include <stdlib.h>
+
+/* 32-bit rotations */
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define RightRotate(x, s) _lrotr(x, s)
+#  define LeftRotate(x, s)  _lrotl(x, s)
+#  if _MSC_VER >= 1400
+#   define SWAP(x) _byteswap_ulong(x)
+#  else
+#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  endif
+#  define GETU32(p)   SWAP(*((u32 *)(p)))
+#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined(__x86_64)
+#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   if defined(B_ENDIAN)        /* stratus.com does it */
+#    define GETU32(p)   (*(u32 *)(p))
+#    define PUTU32(p,v) (*(u32 *)(p)=(v))
+#   else
+#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
+#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
+#   endif
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#  elif defined(__s390x__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#   define GETU32(p)   (*(u32 *)(p))
+#   define PUTU32(p,v) (*(u32 *)(p)=(v))
+#  endif
+# endif
+#endif
+
+#if !defined(RightRotate) && !defined(LeftRotate)
+# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+#endif
+
+#if !defined(GETU32) && !defined(PUTU32)
+# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+#endif
+
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+    {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
+     0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
+     0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
+     0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
+     0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
+     0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
+     0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
+     0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
+     0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
+     0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
+     0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
+     0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
+     0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
+     0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
+     0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
+     0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
+     0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
+     0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
+     0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
+     0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
+     0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
+     0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00},
+    {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
+     0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
+     0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
+     0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
+     0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
+     0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
+     0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
+     0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
+     0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
+     0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
+     0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
+     0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
+     0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
+     0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
+     0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
+     0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
+     0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
+     0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
+     0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
+     0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
+     0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
+     0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e},
+    {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
+     0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
+     0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
+     0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
+     0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
+     0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
+     0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
+     0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
+     0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
+     0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
+     0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
+     0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
+     0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+     0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
+     0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
+     0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
+     0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
+     0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
+     0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
+     0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
+     0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
+     0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
+     0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d},
+    {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
+     0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
+     0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
+     0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
+     0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
+     0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
+     0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
+     0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
+     0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
+     0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
+     0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+     0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
+     0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
+     0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+     0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
+     0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
+     0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
+     0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
+     0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
+     0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
+     0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
+     0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
+     0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
+     0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f}
+};
+
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
+/*
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
+ */
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
+        register u32 _t0,_t1,_t2,_t3;\
+\
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
+        _t1  = _s1 ^ (_key)[1];\
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
+        _t2  = SBOX1_1110[_t1&0xff];\
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
+        _t3  = RightRotate(_t3,8);\
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
+        _s3 ^= _t3;\
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
+        _s2 ^= _t2; \
+        _s3 ^= _t2;\
+} while(0)
+
+/*
+ * Note that n has to be less than 32. Rotations for larger amount
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
+ */
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
+        u32 _t0=_s0>>(32-_n);\
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
+        _s3 = (_s3<<_n) | _t0;\
+} while (0)
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
+{
+    register u32 s0, s1, s2, s3;
+
+    k[0] = s0 = GETU32(rawKey);
+    k[1] = s1 = GETU32(rawKey + 4);
+    k[2] = s2 = GETU32(rawKey + 8);
+    k[3] = s3 = GETU32(rawKey + 12);
+
+    if (keyBitLength != 128) {
+        k[8] = s0 = GETU32(rawKey + 16);
+        k[9] = s1 = GETU32(rawKey + 20);
+        if (keyBitLength == 192) {
+            k[10] = s2 = ~s0;
+            k[11] = s3 = ~s1;
+        } else {
+            k[10] = s2 = GETU32(rawKey + 24);
+            k[11] = s3 = GETU32(rawKey + 28);
+        }
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    }
+
+    /* Use the Feistel routine to scramble the key material */
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2);
+
+    s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6);
+
+    /* Fill the keyTable. Requires many block rotations. */
+    if (keyBitLength == 128) {
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */
+        k[24] = s0, k[25] = s1;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */
+        k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */
+        k[26] = s2, k[27] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */
+        k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */
+        k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
+
+        return 3;               /* grand rounds */
+    } else {
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11];
+        Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8));
+        Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10));
+
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */
+        k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
+        RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */
+        k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
+
+        s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11];
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */
+        k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
+
+        s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        /* KA <<< 77 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */
+        k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */
+        k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
+        RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */
+        k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */
+        k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
+        RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */
+        k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
+
+        return 4;               /* grand rounds */
+    }
+    /*
+     * It is possible to perform certain precalculations, which
+     * would spare few cycles in block procedure. It's not done,
+     * because it upsets the performance balance between key
+     * setup and block procedures, negatively affecting overall
+     * throughput in applications operating on short messages
+     * and volatile keys.
+     */
+}
+
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[])
+{
+    register u32 s0, s1, s2, s3;
+    const u32 *k = keyTable, *kend = keyTable + grandRounds * 16;
+
+    s0 = GETU32(plaintext) ^ k[0];
+    s1 = GETU32(plaintext + 4) ^ k[1];
+    s2 = GETU32(plaintext + 8) ^ k[2];
+    s3 = GETU32(plaintext + 12) ^ k[3];
+    k += 4;
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        Camellia_Feistel(s0, s1, s2, s3, k + 0);
+        Camellia_Feistel(s2, s3, s0, s1, k + 2);
+        Camellia_Feistel(s0, s1, s2, s3, k + 4);
+        Camellia_Feistel(s2, s3, s0, s1, k + 6);
+        Camellia_Feistel(s0, s1, s2, s3, k + 8);
+        Camellia_Feistel(s2, s3, s0, s1, k + 10);
+        k += 12;
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        s1 ^= LeftRotate(s0 & k[0], 1);
+        s2 ^= s3 | k[3];
+        s0 ^= s1 | k[1];
+        s3 ^= LeftRotate(s2 & k[2], 1);
+        k += 4;
+    }
+
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(ciphertext, s2);
+    PUTU32(ciphertext + 4, s3);
+    PUTU32(ciphertext + 8, s0);
+    PUTU32(ciphertext + 12, s1);
+}
+
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
+
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[])
+{
+    u32 s0, s1, s2, s3;
+    const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4;
+
+    s0 = GETU32(ciphertext) ^ k[0];
+    s1 = GETU32(ciphertext + 4) ^ k[1];
+    s2 = GETU32(ciphertext + 8) ^ k[2];
+    s3 = GETU32(ciphertext + 12) ^ k[3];
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        k -= 12;
+        Camellia_Feistel(s0, s1, s2, s3, k + 10);
+        Camellia_Feistel(s2, s3, s0, s1, k + 8);
+        Camellia_Feistel(s0, s1, s2, s3, k + 6);
+        Camellia_Feistel(s2, s3, s0, s1, k + 4);
+        Camellia_Feistel(s0, s1, s2, s3, k + 2);
+        Camellia_Feistel(s2, s3, s0, s1, k + 0);
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        k -= 4;
+        s1 ^= LeftRotate(s0 & k[2], 1);
+        s2 ^= s3 | k[1];
+        s0 ^= s1 | k[3];
+        s3 ^= LeftRotate(s2 & k[0], 1);
+    }
+
+    k -= 4;
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(plaintext, s2);
+    PUTU32(plaintext + 4, s3);
+    PUTU32(plaintext + 8, s0);
+    PUTU32(plaintext + 12, s1);
+}
+
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_cbc.c b/openssl-1.1.0h/crypto/camellia/cmll_cbc.c
new file mode 100644
index 0000000..b19171d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t len, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_decrypt);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_cfb.c b/openssl-1.1.0h/crypto/camellia/cmll_cfb.c
new file mode 100644
index 0000000..4f49ead
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) Camellia_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_ctr.c b/openssl-1.1.0h/crypto/camellia/cmll_ctr.c
new file mode 100644
index 0000000..161d1e1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_ctr.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num)
+{
+
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_ecb.c b/openssl-1.1.0h/crypto/camellia/cmll_ecb.c
new file mode 100644
index 0000000..d932f1b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_ecb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc)
+{
+    if (CAMELLIA_ENCRYPT == enc)
+        Camellia_encrypt(in, out, key);
+    else
+        Camellia_decrypt(in, out, key);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_locl.h b/openssl-1.1.0h/crypto/camellia/cmll_locl.h
new file mode 100644
index 0000000..6403b39
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_locl.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+# define HEADER_CAMELLIA_LOCL_H
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
+                     KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
+                           const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+#endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_misc.c b/openssl-1.1.0h/crypto/camellia/cmll_misc.c
new file mode 100644
index 0000000..e5f014b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_misc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key)
+{
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+    key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
+    return 0;
+}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
diff --git a/openssl-1.1.0h/crypto/camellia/cmll_ofb.c b/openssl-1.1.0h/crypto/camellia/cmll_ofb.c
new file mode 100644
index 0000000..b43c685
--- /dev/null
+++ b/openssl-1.1.0h/crypto/camellia/cmll_ofb.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/cast/asm/cast-586.pl b/openssl-1.1.0h/crypto/cast/asm/cast-586.pl
new file mode 100644
index 0000000..6beb9c5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/asm/cast-586.pl
@@ -0,0 +1,192 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# This flag makes the inner loop one cycle longer, but generates 
+# code that runs %30 faster on the pentium pro/II, 44% faster
+# of PIII, while only %7 slower on the pentium.
+# By default, this flag is on.
+$ppro=1;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
+
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+
+@F1=("add","xor","sub");
+@F2=("xor","sub","add");
+@F3=("sub","add","xor");
+
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+close STDOUT;
+
+sub CAST_encrypt {
+    local($name,$enc)=@_;
+
+    local($win_ex)=<<"EOF";
+EXTERN	_CAST_S_table0:DWORD
+EXTERN	_CAST_S_table1:DWORD
+EXTERN	_CAST_S_table2:DWORD
+EXTERN	_CAST_S_table3:DWORD
+EOF
+    &main::external_label(
+			  "CAST_S_table0",
+			  "CAST_S_table1",
+			  "CAST_S_table2",
+			  "CAST_S_table3",
+			  );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+	&push($tmp3);
+    } else {
+	&or($tmp3,$tmp3);
+	&jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3,	$tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&comment('test short key flag');
+	&pop($tmp4);
+	&or($tmp4,$tmp4);
+	&jnz(&label('cast_enc_done'));
+	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&set_label('cast_dec_skip');
+	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(	$tmp4,		&DWP($i*8,$K,"",1));
+
+    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));
+    &$OP1(	$tmp4,		$R);
+
+    &rotl(	$tmp4,		&LB($tmp1));
+
+    if ($ppro) {
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$tmp2,		0xff);
+	
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A
+	&and(	$tmp2,		$tmp4);
+
+	&shr(	$tmp4,		16); 		#
+	&xor(	$tmp3,		$tmp3);
+    } else {
+	&mov(	$tmp2,		$tmp4);		# B
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
+	
+	&shr(	$tmp4,		16); 		#
+	&and(	$tmp2,		0xff);
+    }
+
+    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
+    &and(	$tmp4,		0xff);		# D
+
+    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
+    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
+
+    &$OP2(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
+
+    &$OP3(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
+
+    &$OP1(	$tmp1,		$tmp2);
+    # XXX
+
+    &xor(	$L,		$tmp1);
+    # XXX
+}
+
diff --git a/openssl-1.1.0h/crypto/cast/build.info b/openssl-1.1.0h/crypto/cast/build.info
new file mode 100644
index 0000000..f6a25c9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        c_skey.c c_ecb.c {- $target{cast_asm_src} -} c_cfb64.c c_ofb64.c
+
+GENERATE[cast-586.s]=asm/cast-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/openssl-1.1.0h/crypto/cast/c_cfb64.c b/openssl-1.1.0h/crypto/cast/c_cfb64.c
new file mode 100644
index 0000000..bd7cb2f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/c_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    CAST_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = ivec;
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/cast/c_ecb.c b/openssl-1.1.0h/crypto/cast/c_ecb.c
new file mode 100644
index 0000000..da41794
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/c_ecb.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include <openssl/opensslv.h>
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *ks, int enc)
+{
+    CAST_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (enc)
+        CAST_encrypt(d, ks);
+    else
+        CAST_decrypt(d, ks);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/cast/c_enc.c b/openssl-1.1.0h/crypto/cast/c_enc.c
new file mode 100644
index 0000000..700b6d1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/c_enc.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    E_CAST(0, k, l, r, +, ^, -);
+    E_CAST(1, k, r, l, ^, -, +);
+    E_CAST(2, k, l, r, -, +, ^);
+    E_CAST(3, k, r, l, +, ^, -);
+    E_CAST(4, k, l, r, ^, -, +);
+    E_CAST(5, k, r, l, -, +, ^);
+    E_CAST(6, k, l, r, +, ^, -);
+    E_CAST(7, k, r, l, ^, -, +);
+    E_CAST(8, k, l, r, -, +, ^);
+    E_CAST(9, k, r, l, +, ^, -);
+    E_CAST(10, k, l, r, ^, -, +);
+    E_CAST(11, k, r, l, -, +, ^);
+    if (!key->short_key) {
+        E_CAST(12, k, l, r, +, ^, -);
+        E_CAST(13, k, r, l, ^, -, +);
+        E_CAST(14, k, l, r, -, +, ^);
+        E_CAST(15, k, r, l, +, ^, -);
+    }
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    if (!key->short_key) {
+        E_CAST(15, k, l, r, +, ^, -);
+        E_CAST(14, k, r, l, -, +, ^);
+        E_CAST(13, k, l, r, ^, -, +);
+        E_CAST(12, k, r, l, +, ^, -);
+    }
+    E_CAST(11, k, l, r, -, +, ^);
+    E_CAST(10, k, r, l, ^, -, +);
+    E_CAST(9, k, l, r, +, ^, -);
+    E_CAST(8, k, r, l, -, +, ^);
+    E_CAST(7, k, l, r, ^, -, +);
+    E_CAST(6, k, r, l, +, ^, -);
+    E_CAST(5, k, l, r, -, +, ^);
+    E_CAST(4, k, r, l, ^, -, +);
+    E_CAST(3, k, l, r, +, ^, -);
+    E_CAST(2, k, r, l, -, +, ^);
+    E_CAST(1, k, l, r, ^, -, +);
+    E_CAST(0, k, r, l, +, ^, -);
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc)
+{
+    register CAST_LONG tin0, tin1;
+    register CAST_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    CAST_LONG tin[2];
+
+    if (enc) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/cast/c_ofb64.c b/openssl-1.1.0h/crypto/cast/c_ofb64.c
new file mode 100644
index 0000000..dffb074
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/c_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    CAST_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            CAST_encrypt((CAST_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/cast/c_skey.c b/openssl-1.1.0h/crypto/cast/c_skey.c
new file mode 100644
index 0000000..962d2a6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/c_skey.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+{
+    CAST_LONG x[16];
+    CAST_LONG z[16];
+    CAST_LONG k[32];
+    CAST_LONG X[4], Z[4];
+    CAST_LONG l, *K;
+    int i;
+
+    for (i = 0; i < 16; i++)
+        x[i] = 0;
+    if (len > 16)
+        len = 16;
+    for (i = 0; i < len; i++)
+        x[i] = data[i];
+    if (len <= 10)
+        key->short_key = 1;
+    else
+        key->short_key = 0;
+
+    K = &k[0];
+    X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
+    X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
+    X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
+    X[3] =
+        ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
+
+    for (;;) {
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
+        K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
+        K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
+        K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
+        K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
+        K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
+        K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
+
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
+        K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
+        K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
+        K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
+        K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
+        K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
+        K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
+        if (K != k)
+            break;
+        K += 16;
+    }
+
+    for (i = 0; i < 16; i++) {
+        key->data[i * 2] = k[i];
+        key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/cast/cast_lcl.h b/openssl-1.1.0h/crypto/cast/cast_lcl.h
new file mode 100644
index 0000000..e8cf322
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/cast_lcl.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_WIN32
+# include <stdlib.h>
+#endif
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+# define ROTL(a,n)     (_lrotl(a,n))
+#else
+# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
+#endif
+
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L              /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        t=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        t=ROTL(t,i); \
+        L^= (((((*(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+        }
+#elif defined(CAST_PTR2)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        CAST_LONG u,v,w; \
+        w=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        w=ROTL(w,i); \
+        u=w>>C_2; \
+        v=w<<C_3; \
+        u&=C_M; \
+        v&=C_M; \
+        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+        u=w>>C_0; \
+        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+        v=w>>C_1; \
+        u&=C_M; \
+        v&=C_M; \
+        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+        L^=(t&0xffffffff); \
+        }
+#else
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        CAST_LONG a,b,c,d; \
+        t=(key[n*2] OP1 R)&0xffffffff; \
+        t=ROTL(t,(key[n*2+1])); \
+        a=CAST_S_table0[(t>> 8)&0xff]; \
+        b=CAST_S_table1[(t    )&0xff]; \
+        c=CAST_S_table2[(t>>24)&0xff]; \
+        d=CAST_S_table3[(t>>16)&0xff]; \
+        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+        }
+#endif
+
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
diff --git a/openssl-1.1.0h/crypto/cast/cast_s.h b/openssl-1.1.0h/crypto/cast/cast_s.h
new file mode 100644
index 0000000..d9fd6ac
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cast/cast_s.h
@@ -0,0 +1,544 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
+    0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
+    0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+    0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
+    0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+    0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2,
+    0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+    0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f,
+    0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+    0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de,
+    0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+    0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f,
+    0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+    0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d,
+    0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+    0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165,
+    0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+    0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272,
+    0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+    0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d,
+    0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+    0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a,
+    0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+    0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f,
+    0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+    0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9,
+    0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+    0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6,
+    0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+    0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9,
+    0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+    0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e,
+    0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+    0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e,
+    0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+    0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82,
+    0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+    0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac,
+    0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+    0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f,
+    0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+    0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491,
+    0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+    0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de,
+    0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+    0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a,
+    0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+    0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79,
+    0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+    0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779,
+    0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+    0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755,
+    0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+    0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb,
+    0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+    0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0,
+    0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+    0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79,
+    0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+    0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298,
+    0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+    0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571,
+    0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+    0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d,
+    0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
+    0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
+    0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+    0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
+    0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+    0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909,
+    0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+    0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b,
+    0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+    0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4,
+    0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+    0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f,
+    0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+    0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21,
+    0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+    0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d,
+    0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+    0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f,
+    0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+    0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d,
+    0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+    0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4,
+    0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+    0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801,
+    0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+    0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755,
+    0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+    0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709,
+    0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+    0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b,
+    0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+    0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c,
+    0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+    0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9,
+    0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+    0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3,
+    0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+    0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9,
+    0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+    0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab,
+    0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+    0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4,
+    0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+    0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43,
+    0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+    0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8,
+    0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+    0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171,
+    0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+    0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89,
+    0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+    0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b,
+    0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+    0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb,
+    0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+    0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e,
+    0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+    0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea,
+    0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+    0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea,
+    0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+    0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd,
+    0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+    0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef,
+    0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
+    0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
+    0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+    0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
+    0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+    0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e,
+    0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+    0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc,
+    0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+    0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e,
+    0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+    0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f,
+    0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+    0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99,
+    0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+    0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f,
+    0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+    0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380,
+    0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+    0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8,
+    0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+    0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504,
+    0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+    0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6,
+    0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+    0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e,
+    0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+    0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d,
+    0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+    0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1,
+    0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+    0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c,
+    0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+    0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15,
+    0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+    0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4,
+    0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+    0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b,
+    0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+    0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392,
+    0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+    0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231,
+    0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+    0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889,
+    0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+    0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67,
+    0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+    0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49,
+    0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+    0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d,
+    0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+    0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d,
+    0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+    0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e,
+    0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+    0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767,
+    0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+    0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce,
+    0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+    0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24,
+    0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+    0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0,
+    0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+    0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5,
+    0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
+    0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
+    0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+    0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
+    0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+    0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220,
+    0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+    0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe,
+    0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+    0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701,
+    0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+    0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b,
+    0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+    0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93,
+    0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+    0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746,
+    0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+    0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9,
+    0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+    0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb,
+    0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+    0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c,
+    0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+    0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7,
+    0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+    0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340,
+    0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+    0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327,
+    0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+    0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec,
+    0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+    0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205,
+    0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+    0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031,
+    0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+    0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5,
+    0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+    0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c,
+    0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+    0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69,
+    0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+    0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9,
+    0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+    0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff,
+    0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+    0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3,
+    0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+    0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2,
+    0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+    0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff,
+    0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+    0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
+    0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+    0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df,
+    0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+    0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf,
+    0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+    0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
+    0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+    0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c,
+    0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+    0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43,
+    0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+    0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
+    0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
+    0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
+    0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+    0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
+    0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+    0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180,
+    0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+    0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2,
+    0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+    0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725,
+    0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+    0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b,
+    0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+    0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571,
+    0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+    0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec,
+    0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+    0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea,
+    0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+    0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263,
+    0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+    0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468,
+    0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+    0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b,
+    0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+    0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284,
+    0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+    0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4,
+    0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+    0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7,
+    0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+    0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce,
+    0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+    0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6,
+    0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+    0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4,
+    0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+    0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561,
+    0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+    0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6,
+    0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+    0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406,
+    0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+    0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472,
+    0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+    0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487,
+    0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+    0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288,
+    0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+    0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2,
+    0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+    0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78,
+    0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+    0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76,
+    0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+    0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0,
+    0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+    0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58,
+    0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+    0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2,
+    0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+    0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be,
+    0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+    0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55,
+    0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
+    0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
+    0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+    0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
+    0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+    0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e,
+    0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+    0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866,
+    0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+    0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c,
+    0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+    0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd,
+    0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+    0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53,
+    0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+    0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d,
+    0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+    0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf,
+    0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+    0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807,
+    0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+    0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a,
+    0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+    0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563,
+    0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+    0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0,
+    0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+    0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be,
+    0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+    0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0,
+    0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+    0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2,
+    0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+    0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853,
+    0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+    0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa,
+    0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+    0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9,
+    0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+    0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751,
+    0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+    0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358,
+    0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+    0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397,
+    0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+    0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459,
+    0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+    0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4,
+    0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+    0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f,
+    0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+    0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb,
+    0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+    0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2,
+    0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+    0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab,
+    0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+    0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b,
+    0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+    0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b,
+    0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+    0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855,
+    0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+    0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454,
+    0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
+    0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
+    0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+    0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
+    0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+    0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd,
+    0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+    0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f,
+    0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+    0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9,
+    0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+    0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e,
+    0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+    0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83,
+    0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+    0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e,
+    0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+    0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a,
+    0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+    0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f,
+    0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+    0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b,
+    0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+    0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78,
+    0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+    0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d,
+    0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+    0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802,
+    0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+    0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9,
+    0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+    0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302,
+    0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+    0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858,
+    0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+    0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a,
+    0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+    0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4,
+    0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+    0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df,
+    0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+    0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9,
+    0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+    0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c,
+    0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+    0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07,
+    0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+    0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939,
+    0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+    0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e,
+    0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+    0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378,
+    0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+    0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd,
+    0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+    0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567,
+    0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+    0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2,
+    0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+    0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf,
+    0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+    0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2,
+    0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+    0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada,
+    0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256] = {
+    0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
+    0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+    0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
+    0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+    0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940,
+    0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+    0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42,
+    0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+    0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164,
+    0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+    0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4,
+    0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+    0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0,
+    0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+    0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6,
+    0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+    0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491,
+    0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+    0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b,
+    0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+    0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8,
+    0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+    0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006,
+    0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+    0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564,
+    0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+    0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab,
+    0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+    0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc,
+    0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+    0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8,
+    0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+    0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441,
+    0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+    0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f,
+    0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+    0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504,
+    0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+    0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c,
+    0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+    0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6,
+    0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+    0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd,
+    0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+    0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4,
+    0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+    0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc,
+    0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+    0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba,
+    0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+    0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf,
+    0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+    0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603,
+    0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+    0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37,
+    0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+    0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819,
+    0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+    0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d,
+    0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+    0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347,
+    0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+    0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d,
+    0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+};
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-armv4.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-armv4.pl
new file mode 100755
index 0000000..b5e21e4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-armv4.pl
@@ -0,0 +1,1158 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2014
+# 
+# ChaCha20 for ARMv4.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.4    1xNEON      3xNEON+1xIALU
+#
+# Cortex-A5		19.3(*)/+95%    21.8        14.1
+# Cortex-A8		10.5(*)/+160%   13.9        6.35
+# Cortex-A9		12.9(**)/+110%  14.3        6.50
+# Cortex-A15		11.0/+40%       16.0        5.00
+# Snapdragon S4		11.5/+125%      13.6        4.90
+#
+# (*)	most "favourable" result for aligned data on little-endian
+#	processor, result for misaligned data is 10-15% lower;
+# (**)	this result is a trade-off: it can be improved by 20%,
+#	but then Snapdragon S4 and Cortex-A8 results get
+#	20-25% worse;
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+my @x=map("r$_",(0..7,"x","x","x","x",12,"x",14,"x"));
+my @t=map("r$_",(8..11));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my $odd = $d0&1;
+my ($xc,$xc_) = (@t[0..1]);
+my ($xd,$xd_) = $odd ? (@t[2],@x[$d1]) : (@x[$d0],@t[2]);
+my @ret;
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+	#
+	# 'a', 'b' are permanently allocated in registers, @x[0..7],
+	# while 'c's and pair of 'd's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end. If you observe 'd' column, you'll
+	# notice that 15 and 13 are reused in next pair of rounds.
+	# This is why these two are chosen for offloading to memory,
+	# to make loads count more.
+							push @ret,(
+	"&add	(@x[$a0],@x[$a0],@x[$b0])",
+	"&mov	($xd,$xd,'ror#16')",
+	 "&add	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&mov	($xd_,$xd_,'ror#16')",
+	"&eor	($xd,$xd,@x[$a0],'ror#16')",
+	 "&eor	($xd_,$xd_,@x[$a1],'ror#16')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b0],@x[$b0],'ror#20')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b1],@x[$b1],'ror#20')",
+	"&eor	(@x[$b0],@x[$b0],$xc,'ror#20')",
+	 "&eor	(@x[$b1],@x[$b1],$xc_,'ror#20')",
+
+	"&add	(@x[$a0],@x[$a0],@x[$b0])",
+	"&mov	($xd,$xd,'ror#24')",
+	 "&add	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&mov	($xd_,$xd_,'ror#24')",
+	"&eor	($xd,$xd,@x[$a0],'ror#24')",
+	 "&eor	($xd_,$xd_,@x[$a1],'ror#24')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b0],@x[$b0],'ror#25')"		);
+							push @ret,(
+	"&str	($xd,'[sp,#4*(16+$d0)]')",
+	"&ldr	($xd,'[sp,#4*(16+$d2)]')"		) if ($odd);
+							push @ret,(
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b1],@x[$b1],'ror#25')"		);
+							push @ret,(
+	 "&str	($xd_,'[sp,#4*(16+$d1)]')",
+	 "&ldr	($xd_,'[sp,#4*(16+$d3)]')"		) if (!$odd);
+							push @ret,(
+	"&eor	(@x[$b0],@x[$b0],$xc,'ror#25')",
+	 "&eor	(@x[$b1],@x[$b1],$xc_,'ror#25')"	);
+
+	$xd=@x[$d2]					if (!$odd);
+	$xd_=@x[$d3]					if ($odd);
+							push @ret,(
+	"&str	($xc,'[sp,#4*(16+$c0)]')",
+	"&ldr	($xc,'[sp,#4*(16+$c2)]')",
+	"&add	(@x[$a2],@x[$a2],@x[$b2])",
+	"&mov	($xd,$xd,'ror#16')",
+	 "&str	($xc_,'[sp,#4*(16+$c1)]')",
+	 "&ldr	($xc_,'[sp,#4*(16+$c3)]')",
+	 "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&mov	($xd_,$xd_,'ror#16')",
+	"&eor	($xd,$xd,@x[$a2],'ror#16')",
+	 "&eor	($xd_,$xd_,@x[$a3],'ror#16')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b2],@x[$b2],'ror#20')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b3],@x[$b3],'ror#20')",
+	"&eor	(@x[$b2],@x[$b2],$xc,'ror#20')",
+	 "&eor	(@x[$b3],@x[$b3],$xc_,'ror#20')",
+
+	"&add	(@x[$a2],@x[$a2],@x[$b2])",
+	"&mov	($xd,$xd,'ror#24')",
+	 "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&mov	($xd_,$xd_,'ror#24')",
+	"&eor	($xd,$xd,@x[$a2],'ror#24')",
+	 "&eor	($xd_,$xd_,@x[$a3],'ror#24')",
+
+	"&add	($xc,$xc,$xd)",
+	"&mov	(@x[$b2],@x[$b2],'ror#25')",
+	 "&add	($xc_,$xc_,$xd_)",
+	 "&mov	(@x[$b3],@x[$b3],'ror#25')",
+	"&eor	(@x[$b2],@x[$b2],$xc,'ror#25')",
+	 "&eor	(@x[$b3],@x[$b3],$xc_,'ror#25')"	);
+
+	@ret;
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+#if defined(__thumb2__) || defined(__clang__)
+#define ldrhsb	ldrbhs
+#endif
+
+.align	5
+.Lsigma:
+.long	0x61707865,0x3320646e,0x79622d32,0x6b206574	@ endian-neutral
+.Lone:
+.long	1,0,0,0
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word   OPENSSL_armcap_P-.LChaCha20_ctr32
+#else
+.word	-1
+#endif
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,%function
+.align	5
+ChaCha20_ctr32:
+.LChaCha20_ctr32:
+	ldr	r12,[sp,#0]		@ pull pointer to counter and nonce
+	stmdb	sp!,{r0-r2,r4-r11,lr}
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r14,pc,#16		@ ChaCha20_ctr32
+#else
+	adr	r14,.LChaCha20_ctr32
+#endif
+	cmp	r2,#0			@ len==0?
+#ifdef	__thumb2__
+	itt	eq
+#endif
+	addeq	sp,sp,#4*3
+	beq	.Lno_data
+#if __ARM_MAX_ARCH__>=7
+	cmp	r2,#192			@ test len
+	bls	.Lshort
+	ldr	r4,[r14,#-32]
+	ldr	r4,[r14,r4]
+# ifdef	__APPLE__
+	ldr	r4,[r4]
+# endif
+	tst	r4,#ARMV7_NEON
+	bne	.LChaCha20_neon
+.Lshort:
+#endif
+	ldmia	r12,{r4-r7}		@ load counter and nonce
+	sub	sp,sp,#4*(16)		@ off-load area
+	sub	r14,r14,#64		@ .Lsigma
+	stmdb	sp!,{r4-r7}		@ copy counter and nonce
+	ldmia	r3,{r4-r11}		@ load key
+	ldmia	r14,{r0-r3}		@ load sigma
+	stmdb	sp!,{r4-r11}		@ copy key
+	stmdb	sp!,{r0-r3}		@ copy sigma
+	str	r10,[sp,#4*(16+10)]	@ off-load "@x[10]"
+	str	r11,[sp,#4*(16+11)]	@ off-load "@x[11]"
+	b	.Loop_outer_enter
+
+.align	4
+.Loop_outer:
+	ldmia	sp,{r0-r9}		@ load key material
+	str	@t[3],[sp,#4*(32+2)]	@ save len
+	str	r12,  [sp,#4*(32+1)]	@ save inp
+	str	r14,  [sp,#4*(32+0)]	@ save out
+.Loop_outer_enter:
+	ldr	@t[3], [sp,#4*(15)]
+	ldr	@x[12],[sp,#4*(12)]	@ modulo-scheduled load
+	ldr	@t[2], [sp,#4*(13)]
+	ldr	@x[14],[sp,#4*(14)]
+	str	@t[3], [sp,#4*(16+15)]
+	mov	@t[3],#10
+	b	.Loop
+
+.align	4
+.Loop:
+	subs	@t[3],@t[3],#1
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bne	.Loop
+
+	ldr	@t[3],[sp,#4*(32+2)]	@ load len
+
+	str	@t[0], [sp,#4*(16+8)]	@ modulo-scheduled store
+	str	@t[1], [sp,#4*(16+9)]
+	str	@x[12],[sp,#4*(16+12)]
+	str	@t[2], [sp,#4*(16+13)]
+	str	@x[14],[sp,#4*(16+14)]
+
+	@ at this point we have first half of 512-bit result in
+	@ @x[0-7] and second half at sp+4*(16+8)
+
+	cmp	@t[3],#64		@ done yet?
+#ifdef	__thumb2__
+	itete	lo
+#endif
+	addlo	r12,sp,#4*(0)		@ shortcut or ...
+	ldrhs	r12,[sp,#4*(32+1)]	@ ... load inp
+	addlo	r14,sp,#4*(0)		@ shortcut or ...
+	ldrhs	r14,[sp,#4*(32+0)]	@ ... load out
+
+	ldr	@t[0],[sp,#4*(0)]	@ load key material
+	ldr	@t[1],[sp,#4*(1)]
+
+#if __ARM_ARCH__>=6 || !defined(__ARMEB__)
+# if __ARM_ARCH__<7
+	orr	@t[2],r12,r14
+	tst	@t[2],#3		@ are input and output aligned?
+	ldr	@t[2],[sp,#4*(2)]
+	bne	.Lunaligned
+	cmp	@t[3],#64		@ restore flags
+# else
+	ldr	@t[2],[sp,#4*(2)]
+# endif
+	ldr	@t[3],[sp,#4*(3)]
+
+	add	@x[0],@x[0],@t[0]	@ accumulate key material
+	add	@x[1],@x[1],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+
+	add	@x[2],@x[2],@t[2]
+	add	@x[3],@x[3],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[0],@x[0]
+	rev	@x[1],@x[1]
+	rev	@x[2],@x[2]
+	rev	@x[3],@x[3]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[0],@x[0],@t[0]	@ xor with input
+	eorhs	@x[1],@x[1],@t[1]
+	 add	@t[0],sp,#4*(4)
+	str	@x[0],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[2],@x[2],@t[2]
+	eorhs	@x[3],@x[3],@t[3]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[1],[r14,#-12]
+	str	@x[2],[r14,#-8]
+	str	@x[3],[r14,#-4]
+
+	add	@x[4],@x[4],@t[0]	@ accumulate key material
+	add	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+	add	@x[6],@x[6],@t[2]
+	add	@x[7],@x[7],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[4],@x[4]
+	rev	@x[5],@x[5]
+	rev	@x[6],@x[6]
+	rev	@x[7],@x[7]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[4],@x[4],@t[0]
+	eorhs	@x[5],@x[5],@t[1]
+	 add	@t[0],sp,#4*(8)
+	str	@x[4],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[6],@x[6],@t[2]
+	eorhs	@x[7],@x[7],@t[3]
+	str	@x[5],[r14,#-12]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[6],[r14,#-8]
+	 add	@x[0],sp,#4*(16+8)
+	str	@x[7],[r14,#-4]
+
+	ldmia	@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add	@x[0],@x[0],@t[0]	@ accumulate key material
+	add	@x[1],@x[1],@t[1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	 strhi	@t[2],[sp,#4*(16+10)]	@ copy "@x[10]" while at it
+	 strhi	@t[3],[sp,#4*(16+11)]	@ copy "@x[11]" while at it
+	add	@x[2],@x[2],@t[2]
+	add	@x[3],@x[3],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[0],@x[0]
+	rev	@x[1],@x[1]
+	rev	@x[2],@x[2]
+	rev	@x[3],@x[3]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[0],@x[0],@t[0]
+	eorhs	@x[1],@x[1],@t[1]
+	 add	@t[0],sp,#4*(12)
+	str	@x[0],[r14],#16		@ store output
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[2],@x[2],@t[2]
+	eorhs	@x[3],@x[3],@t[3]
+	str	@x[1],[r14,#-12]
+	 ldmia	@t[0],{@t[0]-@t[3]}	@ load key material
+	str	@x[2],[r14,#-8]
+	str	@x[3],[r14,#-4]
+
+	add	@x[4],@x[4],@t[0]	@ accumulate key material
+	add	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	 addhi	@t[0],@t[0],#1		@ next counter value
+	 strhi	@t[0],[sp,#4*(12)]	@ save next counter value
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[0],[r12],#16		@ load input
+	ldrhs	@t[1],[r12,#-12]
+	add	@x[6],@x[6],@t[2]
+	add	@x[7],@x[7],@t[3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhs	@t[2],[r12,#-8]
+	ldrhs	@t[3],[r12,#-4]
+# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+	rev	@x[4],@x[4]
+	rev	@x[5],@x[5]
+	rev	@x[6],@x[6]
+	rev	@x[7],@x[7]
+# endif
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[4],@x[4],@t[0]
+	eorhs	@x[5],@x[5],@t[1]
+# ifdef	__thumb2__
+	 it	ne
+# endif
+	 ldrne	@t[0],[sp,#4*(32+2)]	@ re-load len
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	eorhs	@x[6],@x[6],@t[2]
+	eorhs	@x[7],@x[7],@t[3]
+	str	@x[4],[r14],#16		@ store output
+	str	@x[5],[r14,#-12]
+# ifdef	__thumb2__
+	it	hs
+# endif
+	 subhs	@t[3],@t[0],#64		@ len-=64
+	str	@x[6],[r14,#-8]
+	str	@x[7],[r14,#-4]
+	bhi	.Loop_outer
+
+	beq	.Ldone
+# if __ARM_ARCH__<7
+	b	.Ltail
+
+.align	4
+.Lunaligned:				@ unaligned endian-neutral path
+	cmp	@t[3],#64		@ restore flags
+# endif
+#endif
+#if __ARM_ARCH__<7
+	ldr	@t[3],[sp,#4*(3)]
+___
+for ($i=0;$i<16;$i+=4) {
+my $j=$i&0x7;
+
+$code.=<<___	if ($i==4);
+	add	@x[0],sp,#4*(16+8)
+___
+$code.=<<___	if ($i==8);
+	ldmia	@x[0],{@x[0]-@x[7]}		@ load second half
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	strhi	@t[2],[sp,#4*(16+10)]		@ copy "@x[10]"
+	strhi	@t[3],[sp,#4*(16+11)]		@ copy "@x[11]"
+___
+$code.=<<___;
+	add	@x[$j+0],@x[$j+0],@t[0]		@ accumulate key material
+___
+$code.=<<___	if ($i==12);
+# ifdef	__thumb2__
+	itt	hi
+# endif
+	addhi	@t[0],@t[0],#1			@ next counter value
+	strhi	@t[0],[sp,#4*(12)]		@ save next counter value
+___
+$code.=<<___;
+	add	@x[$j+1],@x[$j+1],@t[1]
+	add	@x[$j+2],@x[$j+2],@t[2]
+# ifdef	__thumb2__
+	itete	lo
+# endif
+	eorlo	@t[0],@t[0],@t[0]		@ zero or ...
+	ldrhsb	@t[0],[r12],#16			@ ... load input
+	eorlo	@t[1],@t[1],@t[1]
+	ldrhsb	@t[1],[r12,#-12]
+
+	add	@x[$j+3],@x[$j+3],@t[3]
+# ifdef	__thumb2__
+	itete	lo
+# endif
+	eorlo	@t[2],@t[2],@t[2]
+	ldrhsb	@t[2],[r12,#-8]
+	eorlo	@t[3],@t[3],@t[3]
+	ldrhsb	@t[3],[r12,#-4]
+
+	eor	@x[$j+0],@t[0],@x[$j+0]		@ xor with input (or zero)
+	eor	@x[$j+1],@t[1],@x[$j+1]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-15]		@ load more input
+	ldrhsb	@t[1],[r12,#-11]
+	eor	@x[$j+2],@t[2],@x[$j+2]
+	 strb	@x[$j+0],[r14],#16		@ store output
+	eor	@x[$j+3],@t[3],@x[$j+3]
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-7]
+	ldrhsb	@t[3],[r12,#-3]
+	 strb	@x[$j+1],[r14,#-12]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+2],[r14,#-8]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-14]		@ load more input
+	ldrhsb	@t[1],[r12,#-10]
+	 strb	@x[$j+3],[r14,#-4]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+0],[r14,#-15]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-6]
+	ldrhsb	@t[3],[r12,#-2]
+	 strb	@x[$j+1],[r14,#-11]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+2],[r14,#-7]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[0],[r12,#-13]		@ load more input
+	ldrhsb	@t[1],[r12,#-9]
+	 strb	@x[$j+3],[r14,#-3]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+0],[r14,#-14]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+# ifdef	__thumb2__
+	itt	hs
+# endif
+	ldrhsb	@t[2],[r12,#-5]
+	ldrhsb	@t[3],[r12,#-1]
+	 strb	@x[$j+1],[r14,#-10]
+	 strb	@x[$j+2],[r14,#-6]
+	eor	@x[$j+0],@t[0],@x[$j+0],lsr#8
+	 strb	@x[$j+3],[r14,#-2]
+	eor	@x[$j+1],@t[1],@x[$j+1],lsr#8
+	 strb	@x[$j+0],[r14,#-13]
+	eor	@x[$j+2],@t[2],@x[$j+2],lsr#8
+	 strb	@x[$j+1],[r14,#-9]
+	eor	@x[$j+3],@t[3],@x[$j+3],lsr#8
+	 strb	@x[$j+2],[r14,#-5]
+	 strb	@x[$j+3],[r14,#-1]
+___
+$code.=<<___	if ($i<12);
+	add	@t[0],sp,#4*(4+$i)
+	ldmia	@t[0],{@t[0]-@t[3]}		@ load key material
+___
+}
+$code.=<<___;
+# ifdef	__thumb2__
+	it	ne
+# endif
+	ldrne	@t[0],[sp,#4*(32+2)]		@ re-load len
+# ifdef	__thumb2__
+	it	hs
+# endif
+	subhs	@t[3],@t[0],#64			@ len-=64
+	bhi	.Loop_outer
+
+	beq	.Ldone
+#endif
+
+.Ltail:
+	ldr	r12,[sp,#4*(32+1)]	@ load inp
+	add	@t[1],sp,#4*(0)
+	ldr	r14,[sp,#4*(32+0)]	@ load out
+
+.Loop_tail:
+	ldrb	@t[2],[@t[1]],#1	@ read buffer on stack
+	ldrb	@t[3],[r12],#1		@ read input
+	subs	@t[0],@t[0],#1
+	eor	@t[3],@t[3],@t[2]
+	strb	@t[3],[r14],#1		@ store output
+	bne	.Loop_tail
+
+.Ldone:
+	add	sp,sp,#4*(32+3)
+.Lno_data:
+	ldmia	sp!,{r4-r11,pc}
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+{{{
+my ($a0,$b0,$c0,$d0,$a1,$b1,$c1,$d1,$a2,$b2,$c2,$d2,$t0,$t1,$t2,$t3) =
+    map("q$_",(0..15));
+
+sub NEONROUND {
+my $odd = pop;
+my ($a,$b,$c,$d,$t)=@_;
+
+	(
+	"&vadd_i32	($a,$a,$b)",
+	"&veor		($d,$d,$a)",
+	"&vrev32_16	($d,$d)",	# vrot ($d,16)
+
+	"&vadd_i32	($c,$c,$d)",
+	"&veor		($t,$b,$c)",
+	"&vshr_u32	($b,$t,20)",
+	"&vsli_32	($b,$t,12)",
+
+	"&vadd_i32	($a,$a,$b)",
+	"&veor		($t,$d,$a)",
+	"&vshr_u32	($d,$t,24)",
+	"&vsli_32	($d,$t,8)",
+
+	"&vadd_i32	($c,$c,$d)",
+	"&veor		($t,$b,$c)",
+	"&vshr_u32	($b,$t,25)",
+	"&vsli_32	($b,$t,7)",
+
+	"&vext_8	($c,$c,$c,8)",
+	"&vext_8	($b,$b,$b,$odd?12:4)",
+	"&vext_8	($d,$d,$d,$odd?4:12)"
+	);
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	ChaCha20_neon,%function
+.align	5
+ChaCha20_neon:
+	ldr		r12,[sp,#0]		@ pull pointer to counter and nonce
+	stmdb		sp!,{r0-r2,r4-r11,lr}
+.LChaCha20_neon:
+	adr		r14,.Lsigma
+	vstmdb		sp!,{d8-d15}		@ ABI spec says so
+	stmdb		sp!,{r0-r3}
+
+	vld1.32		{$b0-$c0},[r3]		@ load key
+	ldmia		r3,{r4-r11}		@ load key
+
+	sub		sp,sp,#4*(16+16)
+	vld1.32		{$d0},[r12]		@ load counter and nonce
+	add		r12,sp,#4*8
+	ldmia		r14,{r0-r3}		@ load sigma
+	vld1.32		{$a0},[r14]!		@ load sigma
+	vld1.32		{$t0},[r14]		@ one
+	vst1.32		{$c0-$d0},[r12]		@ copy 1/2key|counter|nonce
+	vst1.32		{$a0-$b0},[sp]		@ copy sigma|1/2key
+
+	str		r10,[sp,#4*(16+10)]	@ off-load "@x[10]"
+	str		r11,[sp,#4*(16+11)]	@ off-load "@x[11]"
+	vshl.i32	$t1#lo,$t0#lo,#1	@ two
+	vstr		$t0#lo,[sp,#4*(16+0)]
+	vshl.i32	$t2#lo,$t0#lo,#2	@ four
+	vstr		$t1#lo,[sp,#4*(16+2)]
+	vmov		$a1,$a0
+	vstr		$t2#lo,[sp,#4*(16+4)]
+	vmov		$a2,$a0
+	vmov		$b1,$b0
+	vmov		$b2,$b0
+	b		.Loop_neon_enter
+
+.align	4
+.Loop_neon_outer:
+	ldmia		sp,{r0-r9}		@ load key material
+	cmp		@t[3],#64*2		@ if len<=64*2
+	bls		.Lbreak_neon		@ switch to integer-only
+	vmov		$a1,$a0
+	str		@t[3],[sp,#4*(32+2)]	@ save len
+	vmov		$a2,$a0
+	str		r12,  [sp,#4*(32+1)]	@ save inp
+	vmov		$b1,$b0
+	str		r14,  [sp,#4*(32+0)]	@ save out
+	vmov		$b2,$b0
+.Loop_neon_enter:
+	ldr		@t[3], [sp,#4*(15)]
+	vadd.i32	$d1,$d0,$t0		@ counter+1
+	ldr		@x[12],[sp,#4*(12)]	@ modulo-scheduled load
+	vmov		$c1,$c0
+	ldr		@t[2], [sp,#4*(13)]
+	vmov		$c2,$c0
+	ldr		@x[14],[sp,#4*(14)]
+	vadd.i32	$d2,$d1,$t0		@ counter+2
+	str		@t[3], [sp,#4*(16+15)]
+	mov		@t[3],#10
+	add		@x[12],@x[12],#3	@ counter+3 
+	b		.Loop_neon
+
+.align	4
+.Loop_neon:
+	subs		@t[3],@t[3],#1
+___
+	my @thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,0);
+	my @thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,0);
+	my @thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+
+	@thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,1);
+	@thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,1);
+	@thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+$code.=<<___;
+	bne		.Loop_neon
+
+	add		@t[3],sp,#32
+	vld1.32		{$t0-$t1},[sp]		@ load key material
+	vld1.32		{$t2-$t3},[@t[3]]
+
+	ldr		@t[3],[sp,#4*(32+2)]	@ load len
+
+	str		@t[0], [sp,#4*(16+8)]	@ modulo-scheduled store
+	str		@t[1], [sp,#4*(16+9)]
+	str		@x[12],[sp,#4*(16+12)]
+	str		@t[2], [sp,#4*(16+13)]
+	str		@x[14],[sp,#4*(16+14)]
+
+	@ at this point we have first half of 512-bit result in
+	@ @x[0-7] and second half at sp+4*(16+8)
+
+	ldr		r12,[sp,#4*(32+1)]	@ load inp
+	ldr		r14,[sp,#4*(32+0)]	@ load out
+
+	vadd.i32	$a0,$a0,$t0		@ accumulate key material
+	vadd.i32	$a1,$a1,$t0
+	vadd.i32	$a2,$a2,$t0
+	vldr		$t0#lo,[sp,#4*(16+0)]	@ one
+
+	vadd.i32	$b0,$b0,$t1
+	vadd.i32	$b1,$b1,$t1
+	vadd.i32	$b2,$b2,$t1
+	vldr		$t1#lo,[sp,#4*(16+2)]	@ two
+
+	vadd.i32	$c0,$c0,$t2
+	vadd.i32	$c1,$c1,$t2
+	vadd.i32	$c2,$c2,$t2
+	vadd.i32	$d1#lo,$d1#lo,$t0#lo	@ counter+1
+	vadd.i32	$d2#lo,$d2#lo,$t1#lo	@ counter+2
+
+	vadd.i32	$d0,$d0,$t3
+	vadd.i32	$d1,$d1,$t3
+	vadd.i32	$d2,$d2,$t3
+
+	cmp		@t[3],#64*4
+	blo		.Ltail_neon
+
+	vld1.8		{$t0-$t1},[r12]!	@ load input
+	 mov		@t[3],sp
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0		@ xor with input
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	 vst1.8		{$a0-$b0},[r14]!	@ store output
+	veor		$b1,$b1,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$d1,$d1,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a2,$a2,$t0
+	 vld1.32	{$a0-$b0},[@t[3]]!	@ load for next iteration
+	 veor		$t0#hi,$t0#hi,$t0#hi
+	 vldr		$t0#lo,[sp,#4*(16+4)]	@ four
+	veor		$b2,$b2,$t1
+	 vld1.32	{$c0-$d0},[@t[3]]
+	veor		$c2,$c2,$t2
+	 vst1.8		{$a1-$b1},[r14]!
+	veor		$d2,$d2,$t3
+	 vst1.8		{$c1-$d1},[r14]!
+
+	vadd.i32	$d0#lo,$d0#lo,$t0#lo	@ next counter value
+	vldr		$t0#lo,[sp,#4*(16+0)]	@ one
+
+	ldmia		sp,{@t[0]-@t[3]}	@ load key material
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	 vst1.8		{$a2-$b2},[r14]!
+	add		@x[1],@x[1],@t[1]
+	ldr		@t[1],[r12,#-12]
+	 vst1.8		{$c2-$d2},[r14]!
+	add		@x[2],@x[2],@t[2]
+	ldr		@t[2],[r12,#-8]
+	add		@x[3],@x[3],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+# endif
+	eor		@x[0],@x[0],@t[0]	@ xor with input
+	 add		@t[0],sp,#4*(4)
+	eor		@x[1],@x[1],@t[1]
+	str		@x[0],[r14],#16		@ store output
+	eor		@x[2],@x[2],@t[2]
+	str		@x[1],[r14,#-12]
+	eor		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[2],[r14,#-8]
+	str		@x[3],[r14,#-4]
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[5],@x[5],@t[1]
+	ldr		@t[1],[r12,#-12]
+	add		@x[6],@x[6],@t[2]
+	ldr		@t[2],[r12,#-8]
+	add		@x[7],@x[7],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	eor		@x[4],@x[4],@t[0]
+	 add		@t[0],sp,#4*(8)
+	eor		@x[5],@x[5],@t[1]
+	str		@x[4],[r14],#16		@ store output
+	eor		@x[6],@x[6],@t[2]
+	str		@x[5],[r14,#-12]
+	eor		@x[7],@x[7],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[6],[r14,#-8]
+	 add		@x[0],sp,#4*(16+8)
+	str		@x[7],[r14,#-4]
+
+	ldmia		@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[1],@x[1],@t[1]
+	ldr		@t[1],[r12,#-12]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 strhi		@t[2],[sp,#4*(16+10)]	@ copy "@x[10]" while at it
+	add		@x[2],@x[2],@t[2]
+	ldr		@t[2],[r12,#-8]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 strhi		@t[3],[sp,#4*(16+11)]	@ copy "@x[11]" while at it
+	add		@x[3],@x[3],@t[3]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+# endif
+	eor		@x[0],@x[0],@t[0]
+	 add		@t[0],sp,#4*(12)
+	eor		@x[1],@x[1],@t[1]
+	str		@x[0],[r14],#16		@ store output
+	eor		@x[2],@x[2],@t[2]
+	str		@x[1],[r14,#-12]
+	eor		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+	str		@x[2],[r14,#-8]
+	str		@x[3],[r14,#-4]
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],@t[0],#4		@ next counter value
+	add		@x[5],@x[5],@t[1]
+	 str		@t[0],[sp,#4*(12)]	@ save next counter value
+	ldr		@t[0],[r12],#16		@ load input
+	add		@x[6],@x[6],@t[2]
+	 add		@x[4],@x[4],#3		@ counter+3
+	ldr		@t[1],[r12,#-12]
+	add		@x[7],@x[7],@t[3]
+	ldr		@t[2],[r12,#-8]
+	ldr		@t[3],[r12,#-4]
+# ifdef	__ARMEB__
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	eor		@x[4],@x[4],@t[0]
+# ifdef	__thumb2__
+	it	hi
+# endif
+	 ldrhi		@t[0],[sp,#4*(32+2)]	@ re-load len
+	eor		@x[5],@x[5],@t[1]
+	eor		@x[6],@x[6],@t[2]
+	str		@x[4],[r14],#16		@ store output
+	eor		@x[7],@x[7],@t[3]
+	str		@x[5],[r14,#-12]
+	 sub		@t[3],@t[0],#64*4	@ len-=64*4
+	str		@x[6],[r14,#-8]
+	str		@x[7],[r14,#-4]
+	bhi		.Loop_neon_outer
+
+	b		.Ldone_neon
+
+.align	4
+.Lbreak_neon:
+	@ harmonize NEON and integer-only stack frames: load data
+	@ from NEON frame, but save to integer-only one; distance
+	@ between the two is 4*(32+4+16-32)=4*(20).
+
+	str		@t[3], [sp,#4*(20+32+2)]	@ save len
+	 add		@t[3],sp,#4*(32+4)
+	str		r12,   [sp,#4*(20+32+1)]	@ save inp
+	str		r14,   [sp,#4*(20+32+0)]	@ save out
+
+	ldr		@x[12],[sp,#4*(16+10)]
+	ldr		@x[14],[sp,#4*(16+11)]
+	 vldmia		@t[3],{d8-d15}			@ fulfill ABI requirement
+	str		@x[12],[sp,#4*(20+16+10)]	@ copy "@x[10]"
+	str		@x[14],[sp,#4*(20+16+11)]	@ copy "@x[11]"
+
+	ldr		@t[3], [sp,#4*(15)]
+	ldr		@x[12],[sp,#4*(12)]		@ modulo-scheduled load
+	ldr		@t[2], [sp,#4*(13)]
+	ldr		@x[14],[sp,#4*(14)]
+	str		@t[3], [sp,#4*(20+16+15)]
+	add		@t[3],sp,#4*(20)
+	vst1.32		{$a0-$b0},[@t[3]]!		@ copy key
+	add		sp,sp,#4*(20)			@ switch frame
+	vst1.32		{$c0-$d0},[@t[3]]
+	mov		@t[3],#10
+	b		.Loop				@ go integer-only
+
+.align	4
+.Ltail_neon:
+	cmp		@t[3],#64*3
+	bhs		.L192_or_more_neon
+	cmp		@t[3],#64*2
+	bhs		.L128_or_more_neon
+	cmp		@t[3],#64*1
+	bhs		.L64_or_more_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a0-$b0},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c0-$d0},[@t[0]]
+	b		.Loop_tail_neon
+
+.align	4
+.L64_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vst1.8		{$a0-$b0},[r14]!
+	vst1.8		{$c0-$d0},[r14]!
+
+	beq		.Ldone_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a1-$b1},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c1-$d1},[@t[0]]
+	sub		@t[3],@t[3],#64*1	@ len-=64*1
+	b		.Loop_tail_neon
+
+.align	4
+.L128_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	veor		$b1,$b1,$t1
+	 vst1.8		{$a0-$b0},[r14]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$d1,$d1,$t3
+	vst1.8		{$a1-$b1},[r14]!
+	vst1.8		{$c1-$d1},[r14]!
+
+	beq		.Ldone_neon
+
+	add		@t[0],sp,#4*(8)
+	vst1.8		{$a2-$b2},[sp]
+	add		@t[2],sp,#4*(0)
+	vst1.8		{$c2-$d2},[@t[0]]
+	sub		@t[3],@t[3],#64*2	@ len-=64*2
+	b		.Loop_tail_neon
+
+.align	4
+.L192_or_more_neon:
+	vld1.8		{$t0-$t1},[r12]!
+	vld1.8		{$t2-$t3},[r12]!
+	veor		$a0,$a0,$t0
+	veor		$b0,$b0,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c0,$c0,$t2
+	veor		$d0,$d0,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a1,$a1,$t0
+	veor		$b1,$b1,$t1
+	vld1.8		{$t0-$t1},[r12]!
+	veor		$c1,$c1,$t2
+	 vst1.8		{$a0-$b0},[r14]!
+	veor		$d1,$d1,$t3
+	vld1.8		{$t2-$t3},[r12]!
+
+	veor		$a2,$a2,$t0
+	 vst1.8		{$c0-$d0},[r14]!
+	veor		$b2,$b2,$t1
+	 vst1.8		{$a1-$b1},[r14]!
+	veor		$c2,$c2,$t2
+	 vst1.8		{$c1-$d1},[r14]!
+	veor		$d2,$d2,$t3
+	vst1.8		{$a2-$b2},[r14]!
+	vst1.8		{$c2-$d2},[r14]!
+
+	beq		.Ldone_neon
+
+	ldmia		sp,{@t[0]-@t[3]}	@ load key material
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(4)
+	add		@x[1],@x[1],@t[1]
+	add		@x[2],@x[2],@t[2]
+	add		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(8)
+	add		@x[5],@x[5],@t[1]
+	add		@x[6],@x[6],@t[2]
+	add		@x[7],@x[7],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	stmia		sp,{@x[0]-@x[7]}
+	 add		@x[0],sp,#4*(16+8)
+
+	ldmia		@x[0],{@x[0]-@x[7]}	@ load second half
+
+	add		@x[0],@x[0],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(12)
+	add		@x[1],@x[1],@t[1]
+	add		@x[2],@x[2],@t[2]
+	add		@x[3],@x[3],@t[3]
+	 ldmia		@t[0],{@t[0]-@t[3]}	@ load key material
+
+	add		@x[4],@x[4],@t[0]	@ accumulate key material
+	 add		@t[0],sp,#4*(8)
+	add		@x[5],@x[5],@t[1]
+	 add		@x[4],@x[4],#3		@ counter+3
+	add		@x[6],@x[6],@t[2]
+	add		@x[7],@x[7],@t[3]
+	 ldr		@t[3],[sp,#4*(32+2)]	@ re-load len
+# ifdef	__ARMEB__
+	rev		@x[0],@x[0]
+	rev		@x[1],@x[1]
+	rev		@x[2],@x[2]
+	rev		@x[3],@x[3]
+	rev		@x[4],@x[4]
+	rev		@x[5],@x[5]
+	rev		@x[6],@x[6]
+	rev		@x[7],@x[7]
+# endif
+	stmia		@t[0],{@x[0]-@x[7]}
+	 add		@t[2],sp,#4*(0)
+	 sub		@t[3],@t[3],#64*3	@ len-=64*3
+
+.Loop_tail_neon:
+	ldrb		@t[0],[@t[2]],#1	@ read buffer on stack
+	ldrb		@t[1],[r12],#1		@ read input
+	subs		@t[3],@t[3],#1
+	eor		@t[0],@t[0],@t[1]
+	strb		@t[0],[r14],#1		@ store output
+	bne		.Loop_tail_neon
+
+.Ldone_neon:
+	add		sp,sp,#4*(32+4)
+	vldmia		sp,{d8-d15}
+	add		sp,sp,#4*(16+3)
+	ldmia		sp!,{r4-r11,pc}
+.size	ChaCha20_neon,.-ChaCha20_neon
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-armv8.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-armv8.pl
new file mode 100755
index 0000000..f7e1074
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-armv8.pl
@@ -0,0 +1,1135 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# June 2015
+# 
+# ChaCha20 for ARMv8.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.9    3xNEON+1xIALU	6xNEON+2xIALU
+#
+# Apple A7		5.50/+49%       3.33            1.70
+# Cortex-A53		8.40/+80%       4.72		4.72(*)
+# Cortex-A57		8.06/+43%       4.90            4.43(**)
+# Denver		4.50/+82%       2.63		2.67(*)
+# X-Gene		9.50/+46%       8.82		8.89(*)
+# Mongoose		8.00/+44%	3.64		3.25
+#
+# (*)	it's expected that doubling interleave factor doesn't help
+#	all processors, only those with higher NEON latency and
+#	higher instruction issue rate;
+# (**)	expected improvement was actually higher;
+
+$flavour=shift;
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+my ($out,$inp,$len,$key,$ctr) = map("x$_",(0..4));
+
+my @x=map("x$_",(5..17,19..21));
+my @d=map("x$_",(22..28,30));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+
+    (
+	"&add_32	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add_32	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add_32	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add_32	(@x[$a3],@x[$a3],@x[$b3])",
+	"&eor_32	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&eor_32	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&eor_32	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&eor_32	(@x[$d3],@x[$d3],@x[$a3])",
+	"&ror_32	(@x[$d0],@x[$d0],16)",
+	 "&ror_32	(@x[$d1],@x[$d1],16)",
+	  "&ror_32	(@x[$d2],@x[$d2],16)",
+	   "&ror_32	(@x[$d3],@x[$d3],16)",
+
+	"&add_32	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add_32	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add_32	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add_32	(@x[$c3],@x[$c3],@x[$d3])",
+	"&eor_32	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&eor_32	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&eor_32	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&eor_32	(@x[$b3],@x[$b3],@x[$c3])",
+	"&ror_32	(@x[$b0],@x[$b0],20)",
+	 "&ror_32	(@x[$b1],@x[$b1],20)",
+	  "&ror_32	(@x[$b2],@x[$b2],20)",
+	   "&ror_32	(@x[$b3],@x[$b3],20)",
+
+	"&add_32	(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add_32	(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add_32	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add_32	(@x[$a3],@x[$a3],@x[$b3])",
+	"&eor_32	(@x[$d0],@x[$d0],@x[$a0])",
+	 "&eor_32	(@x[$d1],@x[$d1],@x[$a1])",
+	  "&eor_32	(@x[$d2],@x[$d2],@x[$a2])",
+	   "&eor_32	(@x[$d3],@x[$d3],@x[$a3])",
+	"&ror_32	(@x[$d0],@x[$d0],24)",
+	 "&ror_32	(@x[$d1],@x[$d1],24)",
+	  "&ror_32	(@x[$d2],@x[$d2],24)",
+	   "&ror_32	(@x[$d3],@x[$d3],24)",
+
+	"&add_32	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add_32	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add_32	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add_32	(@x[$c3],@x[$c3],@x[$d3])",
+	"&eor_32	(@x[$b0],@x[$b0],@x[$c0])",
+	 "&eor_32	(@x[$b1],@x[$b1],@x[$c1])",
+	  "&eor_32	(@x[$b2],@x[$b2],@x[$c2])",
+	   "&eor_32	(@x[$b3],@x[$b3],@x[$c3])",
+	"&ror_32	(@x[$b0],@x[$b0],25)",
+	 "&ror_32	(@x[$b1],@x[$b1],25)",
+	  "&ror_32	(@x[$b2],@x[$b2],25)",
+	   "&ror_32	(@x[$b3],@x[$b3],25)"
+    );
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+.extern	OPENSSL_armcap_P
+
+.align	5
+.Lsigma:
+.quad	0x3320646e61707865,0x6b20657479622d32		// endian-neutral
+.Lone:
+.long	1,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"ChaCha20 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,%function
+.align	5
+ChaCha20_ctr32:
+	cbz	$len,.Labort
+	adr	@x[0],.LOPENSSL_armcap_P
+	cmp	$len,#192
+	b.lo	.Lshort
+#ifdef	__ILP32__
+	ldrsw	@x[1],[@x[0]]
+#else
+	ldr	@x[1],[@x[0]]
+#endif
+	ldr	w17,[@x[1],@x[0]]
+	tst	w17,#ARMV7_NEON
+	b.ne	ChaCha20_neon
+
+.Lshort:
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+#ifdef	__ARMEB__
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+
+.Loop_outer:
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	mov.32	@x[6],@d[3]
+	lsr	@x[7],@d[3],#32
+	mov.32	@x[8],@d[4]
+	lsr	@x[9],@d[4],#32
+	mov.32	@x[10],@d[5]
+	lsr	@x[11],@d[5],#32
+	mov.32	@x[12],@d[6]
+	lsr	@x[13],@d[6],#32
+	mov.32	@x[14],@d[7]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#10
+	subs	$len,$len,#64
+.Loop:
+	sub	$ctr,$ctr,#1	
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	cbnz	$ctr,.Loop
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	add	@x[1],@x[1],@d[0],lsr#32
+	add.32	@x[2],@x[2],@d[1]
+	add	@x[3],@x[3],@d[1],lsr#32
+	add.32	@x[4],@x[4],@d[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	add.32	@x[6],@x[6],@d[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	add	@x[15],@x[15],@d[7],lsr#32
+
+	b.lo	.Ltail
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#1			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+
+	b.hi	.Loop_outer
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.Labort:
+	ret
+
+.align	4
+.Ltail:
+	add	$len,$len,#64
+.Less_than_64:
+	sub	$out,$out,#1
+	add	$inp,$inp,$len
+	add	$out,$out,$len
+	add	$ctr,sp,$len
+	neg	$len,$len
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	stp	@x[0],@x[2],[sp,#0]
+	stp	@x[4],@x[6],[sp,#16]
+	stp	@x[8],@x[10],[sp,#32]
+	stp	@x[12],@x[14],[sp,#48]
+
+.Loop_tail:
+	ldrb	w10,[$inp,$len]
+	ldrb	w11,[$ctr,$len]
+	add	$len,$len,#1
+	eor	w10,w10,w11
+	strb	w10,[$out,$len]
+	cbnz	$len,.Loop_tail
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	ret
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+{{{
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2,$T3) =
+    map("v$_.4s",(0..7,16..23));
+my (@K)=map("v$_.4s",(24..30));
+my $ONE="v31.4s";
+
+sub NEONROUND {
+my $odd = pop;
+my ($a,$b,$c,$d,$t)=@_;
+
+	(
+	"&add		('$a','$a','$b')",
+	"&eor		('$d','$d','$a')",
+	"&rev32_16	('$d','$d')",		# vrot ($d,16)
+
+	"&add		('$c','$c','$d')",
+	"&eor		('$t','$b','$c')",
+	"&ushr		('$b','$t',20)",
+	"&sli		('$b','$t',12)",
+
+	"&add		('$a','$a','$b')",
+	"&eor		('$t','$d','$a')",
+	"&ushr		('$d','$t',24)",
+	"&sli		('$d','$t',8)",
+
+	"&add		('$c','$c','$d')",
+	"&eor		('$t','$b','$c')",
+	"&ushr		('$b','$t',25)",
+	"&sli		('$b','$t',7)",
+
+	"&ext		('$c','$c','$c',8)",
+	"&ext		('$d','$d','$d',$odd?4:12)",
+	"&ext		('$b','$b','$b',$odd?12:4)"
+	);
+}
+
+$code.=<<___;
+
+.type	ChaCha20_neon,%function
+.align	5
+ChaCha20_neon:
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	cmp	$len,#512
+	b.hs	.L512_or_more_neon
+
+	sub	sp,sp,#64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ld1	{@K[0]},[@x[0]],#16
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ld1	{@K[1],@K[2]},[$key]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+	ld1	{@K[3]},[$ctr]
+	ld1	{$ONE},[@x[0]]
+#ifdef	__ARMEB__
+	rev64	@K[0],@K[0]
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+	add	@K[3],@K[3],$ONE		// += 1
+	add	@K[4],@K[3],$ONE
+	add	@K[5],@K[4],$ONE
+	shl	$ONE,$ONE,#2			// 1 -> 4
+
+.Loop_outer_neon:
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	 mov	$A0,@K[0]
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	 mov	$A1,@K[0]
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	 mov	$A2,@K[0]
+	mov.32	@x[6],@d[3]
+	 mov	$B0,@K[1]
+	lsr	@x[7],@d[3],#32
+	 mov	$B1,@K[1]
+	mov.32	@x[8],@d[4]
+	 mov	$B2,@K[1]
+	lsr	@x[9],@d[4],#32
+	 mov	$D0,@K[3]
+	mov.32	@x[10],@d[5]
+	 mov	$D1,@K[4]
+	lsr	@x[11],@d[5],#32
+	 mov	$D2,@K[5]
+	mov.32	@x[12],@d[6]
+	 mov	$C0,@K[2]
+	lsr	@x[13],@d[6],#32
+	 mov	$C1,@K[2]
+	mov.32	@x[14],@d[7]
+	 mov	$C2,@K[2]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#10
+	subs	$len,$len,#256
+.Loop_neon:
+	sub	$ctr,$ctr,#1
+___
+	my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	 add	$A0,$A0,@K[0]
+	add	@x[1],@x[1],@d[0],lsr#32
+	 add	$A1,$A1,@K[0]
+	add.32	@x[2],@x[2],@d[1]
+	 add	$A2,$A2,@K[0]
+	add	@x[3],@x[3],@d[1],lsr#32
+	 add	$C0,$C0,@K[2]
+	add.32	@x[4],@x[4],@d[2]
+	 add	$C1,$C1,@K[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	 add	$C2,$C2,@K[2]
+	add.32	@x[6],@x[6],@d[3]
+	 add	$D0,$D0,@K[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	 add	$D1,$D1,@K[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	 add	$D2,$D2,@K[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	 add	$B0,$B0,@K[1]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	 add	$B1,$B1,@K[1]
+	add	@x[15],@x[15],@d[7],lsr#32
+	 add	$B2,$B2,@K[1]
+
+	b.lo	.Ltail_neon
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	 eor	$A0,$A0,$T0
+	eor	@x[10],@x[10],@x[11]
+	 eor	$B0,$B0,$T1
+	eor	@x[12],@x[12],@x[13]
+	 eor	$C0,$C0,$T2
+	eor	@x[14],@x[14],@x[15]
+	 eor	$D0,$D0,$T3
+	 ld1.8	{$T0-$T3},[$inp],#64
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#4			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	 add	@K[3],@K[3],$ONE		// += 4
+	stp	@x[8],@x[10],[$out,#32]
+	 add	@K[4],@K[4],$ONE
+	stp	@x[12],@x[14],[$out,#48]
+	 add	@K[5],@K[5],$ONE
+	add	$out,$out,#64
+
+	st1.8	{$A0-$D0},[$out],#64
+	ld1.8	{$A0-$D0},[$inp],#64
+
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+
+	eor	$A2,$A2,$A0
+	eor	$B2,$B2,$B0
+	eor	$C2,$C2,$C0
+	eor	$D2,$D2,$D0
+	st1.8	{$A2-$D2},[$out],#64
+
+	b.hi	.Loop_outer_neon
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	ret
+
+.Ltail_neon:
+	add	$len,$len,#256
+	cmp	$len,#64
+	b.lo	.Less_than_64
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#4			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+	cmp	$len,#64
+	b.lo	.Less_than_128
+
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	$A0,$A0,$T0
+	eor	$B0,$B0,$T1
+	eor	$C0,$C0,$T2
+	eor	$D0,$D0,$T3
+	st1.8	{$A0-$D0},[$out],#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+	cmp	$len,#64
+	b.lo	.Less_than_192
+
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+	b.eq	.Ldone_neon
+	sub	$len,$len,#64
+
+	st1.8	{$A2-$D2},[sp]
+	b	.Last_neon
+
+.Less_than_128:
+	st1.8	{$A0-$D0},[sp]
+	b	.Last_neon
+.Less_than_192:
+	st1.8	{$A1-$D1},[sp]
+	b	.Last_neon
+
+.align	4
+.Last_neon:
+	sub	$out,$out,#1
+	add	$inp,$inp,$len
+	add	$out,$out,$len
+	add	$ctr,sp,$len
+	neg	$len,$len
+
+.Loop_tail_neon:
+	ldrb	w10,[$inp,$len]
+	ldrb	w11,[$ctr,$len]
+	add	$len,$len,#1
+	eor	w10,w10,w11
+	strb	w10,[$out,$len]
+	cbnz	$len,.Loop_tail_neon
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+.Ldone_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	ret
+.size	ChaCha20_neon,.-ChaCha20_neon
+___
+{
+my ($T0,$T1,$T2,$T3,$T4,$T5)=@K;
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,
+    $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(0..23));
+
+$code.=<<___;
+.type	ChaCha20_512_neon,%function
+.align	5
+ChaCha20_512_neon:
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	@x[0],.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+.L512_or_more_neon:
+	sub	sp,sp,#128+64
+
+	ldp	@d[0],@d[1],[@x[0]]		// load sigma
+	ld1	{@K[0]},[@x[0]],#16
+	ldp	@d[2],@d[3],[$key]		// load key
+	ldp	@d[4],@d[5],[$key,#16]
+	ld1	{@K[1],@K[2]},[$key]
+	ldp	@d[6],@d[7],[$ctr]		// load counter
+	ld1	{@K[3]},[$ctr]
+	ld1	{$ONE},[@x[0]]
+#ifdef	__ARMEB__
+	rev64	@K[0],@K[0]
+	ror	@d[2],@d[2],#32
+	ror	@d[3],@d[3],#32
+	ror	@d[4],@d[4],#32
+	ror	@d[5],@d[5],#32
+	ror	@d[6],@d[6],#32
+	ror	@d[7],@d[7],#32
+#endif
+	add	@K[3],@K[3],$ONE		// += 1
+	stp	@K[0],@K[1],[sp,#0]		// off-load key block, invariant part
+	add	@K[3],@K[3],$ONE		// not typo
+	str	@K[2],[sp,#32]
+	add	@K[4],@K[3],$ONE
+	add	@K[5],@K[4],$ONE
+	add	@K[6],@K[5],$ONE
+	shl	$ONE,$ONE,#2			// 1 -> 4
+
+	stp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	stp	d10,d11,[sp,#128+16]
+	stp	d12,d13,[sp,#128+32]
+	stp	d14,d15,[sp,#128+48]
+
+	sub	$len,$len,#512			// not typo
+
+.Loop_outer_512_neon:
+	 mov	$A0,@K[0]
+	 mov	$A1,@K[0]
+	 mov	$A2,@K[0]
+	 mov	$A3,@K[0]
+	 mov	$A4,@K[0]
+	 mov	$A5,@K[0]
+	 mov	$B0,@K[1]
+	mov.32	@x[0],@d[0]			// unpack key block
+	 mov	$B1,@K[1]
+	lsr	@x[1],@d[0],#32
+	 mov	$B2,@K[1]
+	mov.32	@x[2],@d[1]
+	 mov	$B3,@K[1]
+	lsr	@x[3],@d[1],#32
+	 mov	$B4,@K[1]
+	mov.32	@x[4],@d[2]
+	 mov	$B5,@K[1]
+	lsr	@x[5],@d[2],#32
+	 mov	$D0,@K[3]
+	mov.32	@x[6],@d[3]
+	 mov	$D1,@K[4]
+	lsr	@x[7],@d[3],#32
+	 mov	$D2,@K[5]
+	mov.32	@x[8],@d[4]
+	 mov	$D3,@K[6]
+	lsr	@x[9],@d[4],#32
+	 mov	$C0,@K[2]
+	mov.32	@x[10],@d[5]
+	 mov	$C1,@K[2]
+	lsr	@x[11],@d[5],#32
+	 add	$D4,$D0,$ONE			// +4
+	mov.32	@x[12],@d[6]
+	 add	$D5,$D1,$ONE			// +4
+	lsr	@x[13],@d[6],#32
+	 mov	$C2,@K[2]
+	mov.32	@x[14],@d[7]
+	 mov	$C3,@K[2]
+	lsr	@x[15],@d[7],#32
+	 mov	$C4,@K[2]
+	 stp	@K[3],@K[4],[sp,#48]		// off-load key block, variable part
+	 mov	$C5,@K[2]
+	 str	@K[5],[sp,#80]
+
+	mov	$ctr,#5
+	subs	$len,$len,#512
+.Loop_upper_neon:
+	sub	$ctr,$ctr,#1
+___
+	my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0);
+	my @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0);
+	my @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0);
+	my @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+	my $diff = ($#thread0+1)*6 - $#thread67 - 1;
+	my $i = 0;
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_upper_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	add	@x[1],@x[1],@d[0],lsr#32
+	add.32	@x[2],@x[2],@d[1]
+	add	@x[3],@x[3],@d[1],lsr#32
+	add.32	@x[4],@x[4],@d[2]
+	add	@x[5],@x[5],@d[2],lsr#32
+	add.32	@x[6],@x[6],@d[3]
+	add	@x[7],@x[7],@d[3],lsr#32
+	add.32	@x[8],@x[8],@d[4]
+	add	@x[9],@x[9],@d[4],lsr#32
+	add.32	@x[10],@x[10],@d[5]
+	add	@x[11],@x[11],@d[5],lsr#32
+	add.32	@x[12],@x[12],@d[6]
+	add	@x[13],@x[13],@d[6],lsr#32
+	add.32	@x[14],@x[14],@d[7]
+	add	@x[15],@x[15],@d[7],lsr#32
+
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	add	@x[2],@x[2],@x[3],lsl#32
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	add	@x[4],@x[4],@x[5],lsl#32
+	add	@x[6],@x[6],@x[7],lsl#32
+	ldp	@x[5],@x[7],[$inp,#16]
+	add	@x[8],@x[8],@x[9],lsl#32
+	add	@x[10],@x[10],@x[11],lsl#32
+	ldp	@x[9],@x[11],[$inp,#32]
+	add	@x[12],@x[12],@x[13],lsl#32
+	add	@x[14],@x[14],@x[15],lsl#32
+	ldp	@x[13],@x[15],[$inp,#48]
+	add	$inp,$inp,#64
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	eor	@x[10],@x[10],@x[11]
+	eor	@x[12],@x[12],@x[13]
+	eor	@x[14],@x[14],@x[15]
+
+	 stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#1			// increment counter
+	mov.32	@x[0],@d[0]			// unpack key block
+	lsr	@x[1],@d[0],#32
+	 stp	@x[4],@x[6],[$out,#16]
+	mov.32	@x[2],@d[1]
+	lsr	@x[3],@d[1],#32
+	 stp	@x[8],@x[10],[$out,#32]
+	mov.32	@x[4],@d[2]
+	lsr	@x[5],@d[2],#32
+	 stp	@x[12],@x[14],[$out,#48]
+	 add	$out,$out,#64
+	mov.32	@x[6],@d[3]
+	lsr	@x[7],@d[3],#32
+	mov.32	@x[8],@d[4]
+	lsr	@x[9],@d[4],#32
+	mov.32	@x[10],@d[5]
+	lsr	@x[11],@d[5],#32
+	mov.32	@x[12],@d[6]
+	lsr	@x[13],@d[6],#32
+	mov.32	@x[14],@d[7]
+	lsr	@x[15],@d[7],#32
+
+	mov	$ctr,#5
+.Loop_lower_neon:
+	sub	$ctr,$ctr,#1
+___
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+
+	@thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1);
+	@thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1);
+	@thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1);
+	@thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15));
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread67));
+		eval(shift(@thread1));	eval(shift(@thread67));
+		eval(shift(@thread2));	eval(shift(@thread67));
+		eval(shift(@thread3));	eval(shift(@thread67));
+		eval(shift(@thread4));	eval(shift(@thread67));
+		eval(shift(@thread5));	eval(shift(@thread67));
+	}
+$code.=<<___;
+	cbnz	$ctr,.Loop_lower_neon
+
+	add.32	@x[0],@x[0],@d[0]		// accumulate key block
+	 ldp	@K[0],@K[1],[sp,#0]
+	add	@x[1],@x[1],@d[0],lsr#32
+	 ldp	@K[2],@K[3],[sp,#32]
+	add.32	@x[2],@x[2],@d[1]
+	 ldp	@K[4],@K[5],[sp,#64]
+	add	@x[3],@x[3],@d[1],lsr#32
+	 add	$A0,$A0,@K[0]
+	add.32	@x[4],@x[4],@d[2]
+	 add	$A1,$A1,@K[0]
+	add	@x[5],@x[5],@d[2],lsr#32
+	 add	$A2,$A2,@K[0]
+	add.32	@x[6],@x[6],@d[3]
+	 add	$A3,$A3,@K[0]
+	add	@x[7],@x[7],@d[3],lsr#32
+	 add	$A4,$A4,@K[0]
+	add.32	@x[8],@x[8],@d[4]
+	 add	$A5,$A5,@K[0]
+	add	@x[9],@x[9],@d[4],lsr#32
+	 add	$C0,$C0,@K[2]
+	add.32	@x[10],@x[10],@d[5]
+	 add	$C1,$C1,@K[2]
+	add	@x[11],@x[11],@d[5],lsr#32
+	 add	$C2,$C2,@K[2]
+	add.32	@x[12],@x[12],@d[6]
+	 add	$C3,$C3,@K[2]
+	add	@x[13],@x[13],@d[6],lsr#32
+	 add	$C4,$C4,@K[2]
+	add.32	@x[14],@x[14],@d[7]
+	 add	$C5,$C5,@K[2]
+	add	@x[15],@x[15],@d[7],lsr#32
+	 add	$D4,$D4,$ONE			// +4
+	add	@x[0],@x[0],@x[1],lsl#32	// pack
+	 add	$D5,$D5,$ONE			// +4
+	add	@x[2],@x[2],@x[3],lsl#32
+	 add	$D0,$D0,@K[3]
+	ldp	@x[1],@x[3],[$inp,#0]		// load input
+	 add	$D1,$D1,@K[4]
+	add	@x[4],@x[4],@x[5],lsl#32
+	 add	$D2,$D2,@K[5]
+	add	@x[6],@x[6],@x[7],lsl#32
+	 add	$D3,$D3,@K[6]
+	ldp	@x[5],@x[7],[$inp,#16]
+	 add	$D4,$D4,@K[3]
+	add	@x[8],@x[8],@x[9],lsl#32
+	 add	$D5,$D5,@K[4]
+	add	@x[10],@x[10],@x[11],lsl#32
+	 add	$B0,$B0,@K[1]
+	ldp	@x[9],@x[11],[$inp,#32]
+	 add	$B1,$B1,@K[1]
+	add	@x[12],@x[12],@x[13],lsl#32
+	 add	$B2,$B2,@K[1]
+	add	@x[14],@x[14],@x[15],lsl#32
+	 add	$B3,$B3,@K[1]
+	ldp	@x[13],@x[15],[$inp,#48]
+	 add	$B4,$B4,@K[1]
+	add	$inp,$inp,#64
+	 add	$B5,$B5,@K[1]
+
+#ifdef	__ARMEB__
+	rev	@x[0],@x[0]
+	rev	@x[2],@x[2]
+	rev	@x[4],@x[4]
+	rev	@x[6],@x[6]
+	rev	@x[8],@x[8]
+	rev	@x[10],@x[10]
+	rev	@x[12],@x[12]
+	rev	@x[14],@x[14]
+#endif
+	ld1.8	{$T0-$T3},[$inp],#64
+	eor	@x[0],@x[0],@x[1]
+	eor	@x[2],@x[2],@x[3]
+	eor	@x[4],@x[4],@x[5]
+	eor	@x[6],@x[6],@x[7]
+	eor	@x[8],@x[8],@x[9]
+	 eor	$A0,$A0,$T0
+	eor	@x[10],@x[10],@x[11]
+	 eor	$B0,$B0,$T1
+	eor	@x[12],@x[12],@x[13]
+	 eor	$C0,$C0,$T2
+	eor	@x[14],@x[14],@x[15]
+	 eor	$D0,$D0,$T3
+	 ld1.8	{$T0-$T3},[$inp],#64
+
+	stp	@x[0],@x[2],[$out,#0]		// store output
+	 add	@d[6],@d[6],#7			// increment counter
+	stp	@x[4],@x[6],[$out,#16]
+	stp	@x[8],@x[10],[$out,#32]
+	stp	@x[12],@x[14],[$out,#48]
+	add	$out,$out,#64
+	st1.8	{$A0-$D0},[$out],#64
+
+	ld1.8	{$A0-$D0},[$inp],#64
+	eor	$A1,$A1,$T0
+	eor	$B1,$B1,$T1
+	eor	$C1,$C1,$T2
+	eor	$D1,$D1,$T3
+	st1.8	{$A1-$D1},[$out],#64
+
+	ld1.8	{$A1-$D1},[$inp],#64
+	eor	$A2,$A2,$A0
+	 ldp	@K[0],@K[1],[sp,#0]
+	eor	$B2,$B2,$B0
+	 ldp	@K[2],@K[3],[sp,#32]
+	eor	$C2,$C2,$C0
+	eor	$D2,$D2,$D0
+	st1.8	{$A2-$D2},[$out],#64
+
+	ld1.8	{$A2-$D2},[$inp],#64
+	eor	$A3,$A3,$A1
+	eor	$B3,$B3,$B1
+	eor	$C3,$C3,$C1
+	eor	$D3,$D3,$D1
+	st1.8	{$A3-$D3},[$out],#64
+
+	ld1.8	{$A3-$D3},[$inp],#64
+	eor	$A4,$A4,$A2
+	eor	$B4,$B4,$B2
+	eor	$C4,$C4,$C2
+	eor	$D4,$D4,$D2
+	st1.8	{$A4-$D4},[$out],#64
+
+	shl	$A0,$ONE,#1			// 4 -> 8
+	eor	$A5,$A5,$A3
+	eor	$B5,$B5,$B3
+	eor	$C5,$C5,$C3
+	eor	$D5,$D5,$D3
+	st1.8	{$A5-$D5},[$out],#64
+
+	add	@K[3],@K[3],$A0			// += 8
+	add	@K[4],@K[4],$A0
+	add	@K[5],@K[5],$A0
+	add	@K[6],@K[6],$A0
+
+	b.hs	.Loop_outer_512_neon
+
+	adds	$len,$len,#512
+	ushr	$A0,$ONE,#2			// 4 -> 1
+
+	ldp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	ldp	d10,d11,[sp,#128+16]
+	ldp	d12,d13,[sp,#128+32]
+	ldp	d14,d15,[sp,#128+48]
+
+	stp	@K[0],$ONE,[sp,#0]		// wipe off-load area
+	stp	@K[0],$ONE,[sp,#32]
+	stp	@K[0],$ONE,[sp,#64]
+
+	b.eq	.Ldone_512_neon
+
+	cmp	$len,#192
+	sub	@K[3],@K[3],$A0			// -= 1
+	sub	@K[4],@K[4],$A0
+	sub	@K[5],@K[5],$A0
+	add	sp,sp,#128
+	b.hs	.Loop_outer_neon
+
+	eor	@K[1],@K[1],@K[1]
+	eor	@K[2],@K[2],@K[2]
+	eor	@K[3],@K[3],@K[3]
+	eor	@K[4],@K[4],@K[4]
+	eor	@K[5],@K[5],@K[5]
+	eor	@K[6],@K[6],@K[6]
+	b	.Loop_outer
+
+.Ldone_512_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#128+64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+	ret
+.size	ChaCha20_512_neon,.-ChaCha20_512_neon
+___
+}
+}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	(s/\b([a-z]+)\.32\b/$1/ and (s/x([0-9]+)/w$1/g or 1))	or
+	(m/\b(eor|ext|mov)\b/ and (s/\.4s/\.16b/g or 1))	or
+	(s/\b((?:ld|st)1)\.8\b/$1/ and (s/\.4s/\.16b/g or 1))	or
+	(m/\b(ld|st)[rp]\b/ and (s/v([0-9]+)\.4s/q$1/g or 1))	or
+	(s/\brev32\.16\b/rev32/ and (s/\.4s/\.8h/g or 1));
+
+	#s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;	# flush
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-c64xplus.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-c64xplus.pl
new file mode 100755
index 0000000..bdb3804
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-c64xplus.pl
@@ -0,0 +1,926 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ChaCha20 for C64x+.
+#
+# October 2015
+#
+# Performance is 3.54 cycles per processed byte, which is ~4.3 times
+# faster than code generated by TI compiler. Compiler also disables
+# interrupts for some reason, thus making interrupt response time
+# dependent on input length. This module on the other hand is free
+# from such limiation.
+
+$output=pop;
+open STDOUT,">$output";
+
+($OUT,$INP,$LEN,$KEYB,$COUNTERA)=("A4","B4","A6","B6","A8");
+($KEYA,$COUNTERB,$STEP)=("A7","B7","A3");
+
+@X=  ("A16","B16","A17","B17","A18","B18","A19","B19",
+      "A20","B20","A21","B21","A22","B22","A23","B23");
+@Y=  ("A24","B24","A25","B25","A26","B26","A27","B27",
+      "A28","B28","A29","B29","A30","B30","A31","B31");
+@DAT=("A6", "A7", "B6", "B7", "A8", "A9", "B8", "B9",
+      "A10","A11","B10","B11","A12","A13","B12","B13");
+
+# yes, overlaps with @DAT, used only in 2x interleave code path...
+@K2x=("A6", "B6", "A7", "B7", "A8", "B8", "A9", "B9",
+      "A10","B10","A11","B11","A2", "B2", "A13","B13");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	ChaCha20_ctr32,_ChaCha20_ctr32
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.global	_ChaCha20_ctr32
+	.align	32
+_ChaCha20_ctr32:
+	.asmfunc	stack_usage(40+64)
+	MV	$LEN,A0			; reassign
+  [!A0]	BNOP	RA			; no data
+|| [A0]	STW	FP,*SP--(40+64)		; save frame pointer and alloca(40+64)
+|| [A0]	MV	SP,FP
+   [A0]	STDW	B13:B12,*SP[4+8]	; ABI says so
+|| [A0]	MV	$KEYB,$KEYA
+|| [A0]	MV	$COUNTERA,$COUNTERB
+   [A0]	STDW	B11:B10,*SP[3+8]
+|| [A0]	STDW	A13:A12,*FP[-3]
+   [A0]	STDW	A11:A10,*FP[-4]
+|| [A0]	MVK	128,$STEP		; 2 * input block size
+
+   [A0]	LDW	*${KEYA}[0],@Y[4]	; load key
+|| [A0]	LDW	*${KEYB}[1],@Y[5]
+|| [A0]	MVK	0x00007865,@Y[0]	; synthesize sigma
+|| [A0]	MVK	0x0000646e,@Y[1]
+   [A0]	LDW	*${KEYA}[2],@Y[6]
+|| [A0]	LDW	*${KEYB}[3],@Y[7]
+|| [A0]	MVKH	0x61700000,@Y[0]
+|| [A0]	MVKH	0x33200000,@Y[1]
+	LDW	*${KEYA}[4],@Y[8]
+||	LDW	*${KEYB}[5],@Y[9]
+||	MVK	0x00002d32,@Y[2]
+||	MVK	0x00006574,@Y[3]
+	LDW	*${KEYA}[6],@Y[10]
+||	LDW	*${KEYB}[7],@Y[11]
+||	MVKH	0x79620000,@Y[2]
+||	MVKH	0x6b200000,@Y[3]
+	LDW	*${COUNTERA}[0],@Y[12]	; load counter||nonce
+||	LDW	*${COUNTERB}[1],@Y[13]
+||	CMPLTU	A0,$STEP,A1		; is length < 2*blocks?
+	LDW	*${COUNTERA}[2],@Y[14]
+||	LDW	*${COUNTERB}[3],@Y[15]
+|| [A1]	BNOP	top1x?
+   [A1]	MVK	64,$STEP		; input block size
+||	MVK	10,B0			; inner loop counter
+
+	DMV	@Y[2],@Y[0],@X[2]:@X[0]	; copy block
+||	DMV	@Y[3],@Y[1],@X[3]:@X[1]
+||[!A1]	STDW	@Y[2]:@Y[0],*FP[-12]	; offload key material to stack
+||[!A1]	STDW	@Y[3]:@Y[1],*SP[2]
+	DMV	@Y[6],@Y[4],@X[6]:@X[4]
+||	DMV	@Y[7],@Y[5],@X[7]:@X[5]
+||[!A1]	STDW	@Y[6]:@Y[4],*FP[-10]
+||[!A1]	STDW	@Y[7]:@Y[5],*SP[4]
+	DMV	@Y[10],@Y[8],@X[10]:@X[8]
+||	DMV	@Y[11],@Y[9],@X[11]:@X[9]
+||[!A1]	STDW	@Y[10]:@Y[8],*FP[-8]
+||[!A1]	STDW	@Y[11]:@Y[9],*SP[6]
+	DMV	@Y[14],@Y[12],@X[14]:@X[12]
+||	DMV	@Y[15],@Y[13],@X[15]:@X[13]
+||[!A1]	MV	@Y[12],@K2x[12]		; counter
+||[!A1]	MV	@Y[13],@K2x[13]
+||[!A1]	STW	@Y[14],*FP[-6*2]
+||[!A1]	STW	@Y[15],*SP[8*2]
+___
+{	################################################################
+	# 2x interleave gives 50% performance improvement
+	#
+my ($a0,$a1,$a2,$a3) = (0..3);
+my ($b0,$b1,$b2,$b3) = (4..7);
+my ($c0,$c1,$c2,$c3) = (8..11);
+my ($d0,$d1,$d2,$d3) = (12..15);
+
+$code.=<<___;
+outer2x?:
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	 DMV	@Y[2],@Y[0],@K2x[2]:@K2x[0]
+||	 DMV	@Y[3],@Y[1],@K2x[3]:@K2x[1]
+	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 DMV	@Y[6],@Y[4],@K2x[6]:@K2x[4]
+||	 DMV	@Y[7],@Y[5],@K2x[7]:@K2x[5]
+	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+||	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d0],@X[$d0]
+||	SWAP2	@X[$d3],@X[$d3]
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+||	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	 DMV	@Y[10],@Y[8],@K2x[10]:@K2x[8]
+||	 DMV	@Y[11],@Y[9],@K2x[11]:@K2x[9]
+	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	 ADD	1,@Y[12],@Y[12]		; adjust counter for 2nd block
+	ROTL	@X[$b1],12,@X[$b1]
+||	ROTL	@X[$b2],12,@X[$b2]
+||	 MV	@Y[14],@K2x[14]
+||	 MV	@Y[15],@K2x[15]
+top2x?:
+	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b3],12,@X[$b3]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+||	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	ROTL	@X[$d2],8,@X[$d2]
+||	 SWAP2	@Y[$d1],@Y[$d1]		; rotate by 16
+||	 SWAP2	@Y[$d2],@Y[$d2]
+||	 SWAP2	@Y[$d0],@Y[$d0]
+||	 SWAP2	@Y[$d3],@Y[$d3]
+	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	 ADD	@Y[$d1],@Y[$c1],@Y[$c1]
+||	 ADD	@Y[$d2],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d0],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c3],@Y[$c3]
+||	BNOP	middle2x1?		; protect from interrupt
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+||	 XOR	@Y[$c1],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c2],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c0],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b3],@Y[$b3]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	ROTL	@X[$d1],0,@X[$d2]	; moved to avoid cross-path stall
+||	ROTL	@X[$d2],0,@X[$d3]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	MV	@X[$d0],@X[$d1]
+||	MV	@X[$d3],@X[$d0]
+||	 ROTL	@Y[$b1],12,@Y[$b1]
+||	 ROTL	@Y[$b2],12,@Y[$b2]
+	ROTL	@X[$b1],7,@X[$b0]	; avoided cross-path stall
+||	ROTL	@X[$b2],7,@X[$b1]
+	ROTL	@X[$b0],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b2]
+middle2x1?:
+
+	 ROTL	@Y[$b0],12,@Y[$b0]
+||	 ROTL	@Y[$b3],12,@Y[$b3]
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+||	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	 ROTL	@Y[$d1],8,@Y[$d1]
+||	 ROTL	@Y[$d2],8,@Y[$d2]
+||	SWAP2	@X[$d0],@X[$d0]		; rotate by 16
+||	SWAP2	@X[$d1],@X[$d1]
+||	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d3],@X[$d3]
+	 ROTL	@Y[$d0],8,@Y[$d0]
+||	 ROTL	@Y[$d3],8,@Y[$d3]
+||	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+||	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	BNOP	middle2x2?		; protect from interrupt
+
+	 ADD	@Y[$d1],@Y[$c1],@Y[$c1]
+||	 ADD	@Y[$d2],@Y[$c2],@Y[$c2]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+	 ADD	@Y[$d0],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c3],@Y[$c3]
+||	 XOR	@Y[$c1],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c2],@Y[$b2],@Y[$b2]
+||	 ROTL	@Y[$d1],0,@Y[$d2]	; moved to avoid cross-path stall
+||	 ROTL	@Y[$d2],0,@Y[$d3]
+	 XOR	@Y[$c0],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b3],@Y[$b3]
+||	 MV	@Y[$d0],@Y[$d1]
+||	 MV	@Y[$d3],@Y[$d0]
+||	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b1],12,@X[$b1]
+	 ROTL	@Y[$b1],7,@Y[$b0]	; avoided cross-path stall
+||	 ROTL	@Y[$b2],7,@Y[$b1]
+	 ROTL	@Y[$b0],7,@Y[$b3]
+||	 ROTL	@Y[$b3],7,@Y[$b2]
+middle2x2?:
+
+	ROTL	@X[$b2],12,@X[$b2]
+||	ROTL	@X[$b3],12,@X[$b3]
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+
+||	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	 SWAP2	@Y[$d0],@Y[$d0]		; rotate by 16
+||	 SWAP2	@Y[$d1],@Y[$d1]
+||	 SWAP2	@Y[$d2],@Y[$d2]
+||	 SWAP2	@Y[$d3],@Y[$d3]
+	ROTL	@X[$d2],8,@X[$d2]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	 ADD	@Y[$d0],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d1],@Y[$c3],@Y[$c3]
+||	 ADD	@Y[$d2],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c1],@Y[$c1]
+||	BNOP	bottom2x1?		; protect from interrupt
+
+	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+||	 XOR	@Y[$c2],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b1],@Y[$b1]
+||	 XOR	@Y[$c0],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c1],@Y[$b3],@Y[$b3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	ROTL	@X[$d0],0,@X[$d3]	; moved to avoid cross-path stall
+||	ROTL	@X[$d1],0,@X[$d0]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	MV	@X[$d2],@X[$d1]
+||	MV	@X[$d3],@X[$d2]
+||	 ROTL	@Y[$b0],12,@Y[$b0]
+||	 ROTL	@Y[$b1],12,@Y[$b1]
+	ROTL	@X[$b0],7,@X[$b1]	; avoided cross-path stall
+||	ROTL	@X[$b1],7,@X[$b2]
+	ROTL	@X[$b2],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b0]
+|| [B0]	SUB	B0,1,B0			; decrement inner loop counter
+bottom2x1?:
+
+	 ROTL	@Y[$b2],12,@Y[$b2]
+||	 ROTL	@Y[$b3],12,@Y[$b3]
+|| [B0]	ADD	@X[$b1],@X[$a1],@X[$a1]	; modulo-scheduled
+|| [B0]	ADD	@X[$b2],@X[$a2],@X[$a2]
+   [B0]	ADD	@X[$b0],@X[$a0],@X[$a0]
+|| [B0]	ADD	@X[$b3],@X[$a3],@X[$a3]
+
+||	 ADD	@Y[$b0],@Y[$a0],@Y[$a0]
+||	 ADD	@Y[$b1],@Y[$a1],@Y[$a1]
+|| [B0]	XOR	@X[$a1],@X[$d1],@X[$d1]
+|| [B0]	XOR	@X[$a2],@X[$d2],@X[$d2]
+   [B0]	XOR	@X[$a0],@X[$d0],@X[$d0]
+|| [B0]	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	 ADD	@Y[$b2],@Y[$a2],@Y[$a2]
+||	 ADD	@Y[$b3],@Y[$a3],@Y[$a3]
+||	 XOR	@Y[$a0],@Y[$d0],@Y[$d0]
+||	 XOR	@Y[$a1],@Y[$d1],@Y[$d1]
+	 XOR	@Y[$a2],@Y[$d2],@Y[$d2]
+||	 XOR	@Y[$a3],@Y[$d3],@Y[$d3]
+||	 ROTL	@Y[$d0],8,@Y[$d0]
+||	 ROTL	@Y[$d1],8,@Y[$d1]
+|| [B0]	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+|| [B0]	SWAP2	@X[$d2],@X[$d2]
+|| [B0]	SWAP2	@X[$d0],@X[$d0]
+|| [B0]	SWAP2	@X[$d3],@X[$d3]
+	 ROTL	@Y[$d2],8,@Y[$d2]
+||	 ROTL	@Y[$d3],8,@Y[$d3]
+|| [B0]	ADD	@X[$d1],@X[$c1],@X[$c1]
+|| [B0]	ADD	@X[$d2],@X[$c2],@X[$c2]
+|| [B0]	ADD	@X[$d0],@X[$c0],@X[$c0]
+|| [B0]	ADD	@X[$d3],@X[$c3],@X[$c3]
+|| [B0]	BNOP	top2x?			; even protects from interrupt
+
+	 ADD	@Y[$d0],@Y[$c2],@Y[$c2]
+||	 ADD	@Y[$d1],@Y[$c3],@Y[$c3]
+|| [B0]	XOR	@X[$c1],@X[$b1],@X[$b1]
+|| [B0]	XOR	@X[$c2],@X[$b2],@X[$b2]
+|| [B0]	XOR	@X[$c0],@X[$b0],@X[$b0]
+|| [B0]	XOR	@X[$c3],@X[$b3],@X[$b3]
+	 ADD	@Y[$d2],@Y[$c0],@Y[$c0]
+||	 ADD	@Y[$d3],@Y[$c1],@Y[$c1]
+||	 XOR	@Y[$c2],@Y[$b0],@Y[$b0]
+||	 XOR	@Y[$c3],@Y[$b1],@Y[$b1]
+||	 ROTL	@Y[$d0],0,@Y[$d3]	; moved to avoid cross-path stall
+||	 ROTL	@Y[$d1],0,@Y[$d0]
+	 XOR	@Y[$c0],@Y[$b2],@Y[$b2]
+||	 XOR	@Y[$c1],@Y[$b3],@Y[$b3]
+||	 MV	@Y[$d2],@Y[$d1]
+||	 MV	@Y[$d3],@Y[$d2]
+|| [B0]	ROTL	@X[$b1],12,@X[$b1]
+|| [B0]	ROTL	@X[$b2],12,@X[$b2]
+	 ROTL	@Y[$b0],7,@Y[$b1]	; avoided cross-path stall
+||	 ROTL	@Y[$b1],7,@Y[$b2]
+	 ROTL	@Y[$b2],7,@Y[$b3]
+||	 ROTL	@Y[$b3],7,@Y[$b0]
+bottom2x2?:
+___
+}
+
+$code.=<<___;
+	ADD	@K2x[0],@X[0],@X[0]	; accumulate key material
+||	ADD	@K2x[1],@X[1],@X[1]
+||	ADD	@K2x[2],@X[2],@X[2]
+||	ADD	@K2x[3],@X[3],@X[3]
+	 ADD	@K2x[0],@Y[0],@Y[0]
+||	 ADD	@K2x[1],@Y[1],@Y[1]
+||	 ADD	@K2x[2],@Y[2],@Y[2]
+||	 ADD	@K2x[3],@Y[3],@Y[3]
+||	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+	ADD	@K2x[4],@X[4],@X[4]
+||	ADD	@K2x[5],@X[5],@X[5]
+||	ADD	@K2x[6],@X[6],@X[6]
+||	ADD	@K2x[7],@X[7],@X[7]
+||	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	 ADD	@K2x[4],@Y[4],@Y[4]
+||	 ADD	@K2x[5],@Y[5],@Y[5]
+||	 ADD	@K2x[6],@Y[6],@Y[6]
+||	 ADD	@K2x[7],@Y[7],@Y[7]
+||	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	ADD	@K2x[8],@X[8],@X[8]
+||	ADD	@K2x[9],@X[9],@X[9]
+||	ADD	@K2x[10],@X[10],@X[10]
+||	ADD	@K2x[11],@X[11],@X[11]
+||	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+	 ADD	@K2x[8],@Y[8],@Y[8]
+||	 ADD	@K2x[9],@Y[9],@Y[9]
+||	 ADD	@K2x[10],@Y[10],@Y[10]
+||	 ADD	@K2x[11],@Y[11],@Y[11]
+||	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+	ADD	@K2x[12],@X[12],@X[12]
+||	ADD	@K2x[13],@X[13],@X[13]
+||	ADD	@K2x[14],@X[14],@X[14]
+||	ADD	@K2x[15],@X[15],@X[15]
+||	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	 ADD	@K2x[12],@Y[12],@Y[12]
+||	 ADD	@K2x[13],@Y[13],@Y[13]
+||	 ADD	@K2x[14],@Y[14],@Y[14]
+||	 ADD	@K2x[15],@Y[15],@Y[15]
+||	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+	 ADD	1,@Y[12],@Y[12]		; adjust counter for 2nd block
+||	ADD	2,@K2x[12],@K2x[12]	; increment counter
+||	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	.if	.BIG_ENDIAN
+	SWAP2	@X[0],@X[0]
+||	SWAP2	@X[1],@X[1]
+||	SWAP2	@X[2],@X[2]
+||	SWAP2	@X[3],@X[3]
+	SWAP2	@X[4],@X[4]
+||	SWAP2	@X[5],@X[5]
+||	SWAP2	@X[6],@X[6]
+||	SWAP2	@X[7],@X[7]
+	SWAP2	@X[8],@X[8]
+||	SWAP2	@X[9],@X[9]
+||	SWAP4	@X[0],@X[1]
+||	SWAP4	@X[1],@X[0]
+	SWAP2	@X[10],@X[10]
+||	SWAP2	@X[11],@X[11]
+||	SWAP4	@X[2],@X[3]
+||	SWAP4	@X[3],@X[2]
+	SWAP2	@X[12],@X[12]
+||	SWAP2	@X[13],@X[13]
+||	SWAP4	@X[4],@X[5]
+||	SWAP4	@X[5],@X[4]
+	SWAP2	@X[14],@X[14]
+||	SWAP2	@X[15],@X[15]
+||	SWAP4	@X[6],@X[7]
+||	SWAP4	@X[7],@X[6]
+	SWAP4	@X[8],@X[9]
+||	SWAP4	@X[9],@X[8]
+||	 SWAP2	@Y[0],@Y[0]
+||	 SWAP2	@Y[1],@Y[1]
+	SWAP4	@X[10],@X[11]
+||	SWAP4	@X[11],@X[10]
+||	 SWAP2	@Y[2],@Y[2]
+||	 SWAP2	@Y[3],@Y[3]
+	SWAP4	@X[12],@X[13]
+||	SWAP4	@X[13],@X[12]
+||	 SWAP2	@Y[4],@Y[4]
+||	 SWAP2	@Y[5],@Y[5]
+	SWAP4	@X[14],@X[15]
+||	SWAP4	@X[15],@X[14]
+||	 SWAP2	@Y[6],@Y[6]
+||	 SWAP2	@Y[7],@Y[7]
+	 SWAP2	@Y[8],@Y[8]
+||	 SWAP2	@Y[9],@Y[9]
+||	 SWAP4	@Y[0],@Y[1]
+||	 SWAP4	@Y[1],@Y[0]
+	 SWAP2	@Y[10],@Y[10]
+||	 SWAP2	@Y[11],@Y[11]
+||	 SWAP4	@Y[2],@Y[3]
+||	 SWAP4	@Y[3],@Y[2]
+	 SWAP2	@Y[12],@Y[12]
+||	 SWAP2	@Y[13],@Y[13]
+||	 SWAP4	@Y[4],@Y[5]
+||	 SWAP4	@Y[5],@Y[4]
+	 SWAP2	@Y[14],@Y[14]
+||	 SWAP2	@Y[15],@Y[15]
+||	 SWAP4	@Y[6],@Y[7]
+||	 SWAP4	@Y[7],@Y[6]
+	 SWAP4	@Y[8],@Y[9]
+||	 SWAP4	@Y[9],@Y[8]
+	 SWAP4	@Y[10],@Y[11]
+||	 SWAP4	@Y[11],@Y[10]
+	 SWAP4	@Y[12],@Y[13]
+||	 SWAP4	@Y[13],@Y[12]
+	 SWAP4	@Y[14],@Y[15]
+||	 SWAP4	@Y[15],@Y[14]
+	.endif
+
+	XOR	@DAT[0],@X[0],@X[0]	; xor 1st block
+||	XOR	@DAT[3],@X[3],@X[3]
+||	XOR	@DAT[2],@X[2],@X[1]
+||	XOR	@DAT[1],@X[1],@X[2]
+||	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+	XOR	@DAT[4],@X[4],@X[4]
+||	XOR	@DAT[7],@X[7],@X[7]
+||	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	XOR	@DAT[6],@X[6],@X[5]
+||	XOR	@DAT[5],@X[5],@X[6]
+||	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	XOR	@DAT[8],@X[8],@X[8]
+||	XOR	@DAT[11],@X[11],@X[11]
+||	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+	XOR	@DAT[10],@X[10],@X[9]
+||	XOR	@DAT[9],@X[9],@X[10]
+||	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+	XOR	@DAT[12],@X[12],@X[12]
+||	XOR	@DAT[15],@X[15],@X[15]
+||	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	XOR	@DAT[14],@X[14],@X[13]
+||	XOR	@DAT[13],@X[13],@X[14]
+||	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+   [A0]	SUB	A0,$STEP,A0		; SUB	A0,128,A0
+||	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	XOR	@Y[0],@DAT[0],@DAT[0]	; xor 2nd block
+||	XOR	@Y[1],@DAT[1],@DAT[1]
+||	STNDW	@X[2]:@X[0],*${OUT}++[8]
+	XOR	@Y[2],@DAT[2],@DAT[2]
+||	XOR	@Y[3],@DAT[3],@DAT[3]
+||	STNDW	@X[3]:@X[1],*${OUT}[-7]
+	XOR	@Y[4],@DAT[4],@DAT[4]
+|| [A0]	LDDW	*FP[-12],@X[2]:@X[0]	; re-load key material from stack
+|| [A0]	LDDW	*SP[2],  @X[3]:@X[1]
+	XOR	@Y[5],@DAT[5],@DAT[5]
+||	STNDW	@X[6]:@X[4],*${OUT}[-6]
+	XOR	@Y[6],@DAT[6],@DAT[6]
+||	XOR	@Y[7],@DAT[7],@DAT[7]
+||	STNDW	@X[7]:@X[5],*${OUT}[-5]
+	XOR	@Y[8],@DAT[8],@DAT[8]
+|| [A0]	LDDW	*FP[-10],@X[6]:@X[4]
+|| [A0]	LDDW	*SP[4],  @X[7]:@X[5]
+	XOR	@Y[9],@DAT[9],@DAT[9]
+||	STNDW	@X[10]:@X[8],*${OUT}[-4]
+	XOR	@Y[10],@DAT[10],@DAT[10]
+||	XOR	@Y[11],@DAT[11],@DAT[11]
+||	STNDW	@X[11]:@X[9],*${OUT}[-3]
+	XOR	@Y[12],@DAT[12],@DAT[12]
+|| [A0]	LDDW	*FP[-8], @X[10]:@X[8]
+|| [A0]	LDDW	*SP[6],  @X[11]:@X[9]
+	XOR	@Y[13],@DAT[13],@DAT[13]
+||	STNDW	@X[14]:@X[12],*${OUT}[-2]
+	XOR	@Y[14],@DAT[14],@DAT[14]
+||	XOR	@Y[15],@DAT[15],@DAT[15]
+||	STNDW	@X[15]:@X[13],*${OUT}[-1]
+
+   [A0]	MV	@K2x[12],@X[12]
+|| [A0]	MV	@K2x[13],@X[13]
+|| [A0]	LDW	*FP[-6*2], @X[14]
+|| [A0]	LDW	*SP[8*2],  @X[15]
+
+   [A0]	DMV	@X[2],@X[0],@Y[2]:@Y[0]	; duplicate key material
+||	STNDW	@DAT[1]:@DAT[0],*${OUT}++[8]
+   [A0]	DMV	@X[3],@X[1],@Y[3]:@Y[1]
+||	STNDW	@DAT[3]:@DAT[2],*${OUT}[-7]
+   [A0]	DMV	@X[6],@X[4],@Y[6]:@Y[4]
+||	STNDW	@DAT[5]:@DAT[4],*${OUT}[-6]
+||	CMPLTU	A0,$STEP,A1		; is remaining length < 2*blocks?
+||[!A0]	BNOP	epilogue?
+   [A0]	DMV	@X[7],@X[5],@Y[7]:@Y[5]
+||	STNDW	@DAT[7]:@DAT[6],*${OUT}[-5]
+||[!A1]	BNOP	outer2x?
+   [A0]	DMV	@X[10],@X[8],@Y[10]:@Y[8]
+||	STNDW	@DAT[9]:@DAT[8],*${OUT}[-4]
+   [A0]	DMV	@X[11],@X[9],@Y[11]:@Y[9]
+||	STNDW	@DAT[11]:@DAT[10],*${OUT}[-3]
+   [A0]	DMV	@X[14],@X[12],@Y[14]:@Y[12]
+||	STNDW	@DAT[13]:@DAT[12],*${OUT}[-2]
+   [A0]	DMV	@X[15],@X[13],@Y[15]:@Y[13]
+||	STNDW	@DAT[15]:@DAT[14],*${OUT}[-1]
+;;===== branch to epilogue? is taken here
+   [A1]	MVK	64,$STEP
+|| [A0]	MVK	10,B0			; inner loop counter
+;;===== branch to outer2x? is taken here
+___
+{
+my ($a0,$a1,$a2,$a3) = (0..3);
+my ($b0,$b1,$b2,$b3) = (4..7);
+my ($c0,$c1,$c2,$c3) = (8..11);
+my ($d0,$d1,$d2,$d3) = (12..15);
+
+$code.=<<___;
+top1x?:
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	SWAP2	@X[$d1],@X[$d1]		; rotate by 16
+||	SWAP2	@X[$d2],@X[$d2]
+	SWAP2	@X[$d0],@X[$d0]
+||	SWAP2	@X[$d3],@X[$d3]
+
+||	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	ROTL	@X[$b1],12,@X[$b1]
+||	ROTL	@X[$b2],12,@X[$b2]
+	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b3],12,@X[$b3]
+
+	ADD	@X[$b1],@X[$a1],@X[$a1]
+||	ADD	@X[$b2],@X[$a2],@X[$a2]
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+||	XOR	@X[$a2],@X[$d2],@X[$d2]
+	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d1],8,@X[$d1]
+||	ROTL	@X[$d2],8,@X[$d2]
+	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d3],8,@X[$d3]
+||	BNOP	middle1x?		; protect from interrupt
+
+	ADD	@X[$d1],@X[$c1],@X[$c1]
+||	ADD	@X[$d2],@X[$c2],@X[$c2]
+	ADD	@X[$d0],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c3],@X[$c3]
+||	XOR	@X[$c1],@X[$b1],@X[$b1]
+||	XOR	@X[$c2],@X[$b2],@X[$b2]
+||	ROTL	@X[$d1],0,@X[$d2]	; moved to avoid cross-path stall
+||	ROTL	@X[$d2],0,@X[$d3]
+	XOR	@X[$c0],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b3],@X[$b3]
+||	ROTL	@X[$d0],0,@X[$d1]
+||	ROTL	@X[$d3],0,@X[$d0]
+	ROTL	@X[$b1],7,@X[$b0]	; avoided cross-path stall
+||	ROTL	@X[$b2],7,@X[$b1]
+	ROTL	@X[$b0],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b2]
+middle1x?:
+
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	SWAP2	@X[$d0],@X[$d0]		; rotate by 16
+||	SWAP2	@X[$d1],@X[$d1]
+	SWAP2	@X[$d2],@X[$d2]
+||	SWAP2	@X[$d3],@X[$d3]
+
+||	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	ROTL	@X[$b0],12,@X[$b0]
+||	ROTL	@X[$b1],12,@X[$b1]
+	ROTL	@X[$b2],12,@X[$b2]
+||	ROTL	@X[$b3],12,@X[$b3]
+
+	ADD	@X[$b0],@X[$a0],@X[$a0]
+||	ADD	@X[$b1],@X[$a1],@X[$a1]
+|| [B0]	SUB	B0,1,B0			; decrement inner loop counter
+	ADD	@X[$b2],@X[$a2],@X[$a2]
+||	ADD	@X[$b3],@X[$a3],@X[$a3]
+||	XOR	@X[$a0],@X[$d0],@X[$d0]
+||	XOR	@X[$a1],@X[$d1],@X[$d1]
+	XOR	@X[$a2],@X[$d2],@X[$d2]
+||	XOR	@X[$a3],@X[$d3],@X[$d3]
+||	ROTL	@X[$d0],8,@X[$d0]
+||	ROTL	@X[$d1],8,@X[$d1]
+	ROTL	@X[$d2],8,@X[$d2]
+||	ROTL	@X[$d3],8,@X[$d3]
+|| [B0]	BNOP	top1x?			; even protects from interrupt
+
+	ADD	@X[$d0],@X[$c2],@X[$c2]
+||	ADD	@X[$d1],@X[$c3],@X[$c3]
+	ADD	@X[$d2],@X[$c0],@X[$c0]
+||	ADD	@X[$d3],@X[$c1],@X[$c1]
+||	XOR	@X[$c2],@X[$b0],@X[$b0]
+||	XOR	@X[$c3],@X[$b1],@X[$b1]
+||	ROTL	@X[$d0],0,@X[$d3]	; moved to avoid cross-path stall
+||	ROTL	@X[$d1],0,@X[$d0]
+	XOR	@X[$c0],@X[$b2],@X[$b2]
+||	XOR	@X[$c1],@X[$b3],@X[$b3]
+||	ROTL	@X[$d2],0,@X[$d1]
+||	ROTL	@X[$d3],0,@X[$d2]
+	ROTL	@X[$b0],7,@X[$b1]	; avoided cross-path stall
+||	ROTL	@X[$b1],7,@X[$b2]
+	ROTL	@X[$b2],7,@X[$b3]
+||	ROTL	@X[$b3],7,@X[$b0]
+||[!B0]	CMPLTU	A0,$STEP,A1		; less than 64 bytes left?
+bottom1x?:
+___
+}
+
+$code.=<<___;
+	ADD	@Y[0],@X[0],@X[0]	; accumulate key material
+||	ADD	@Y[1],@X[1],@X[1]
+||	ADD	@Y[2],@X[2],@X[2]
+||	ADD	@Y[3],@X[3],@X[3]
+||[!A1]	LDNDW	*${INP}++[8],@DAT[1]:@DAT[0]
+|| [A1]	BNOP	tail?
+	ADD	@Y[4],@X[4],@X[4]
+||	ADD	@Y[5],@X[5],@X[5]
+||	ADD	@Y[6],@X[6],@X[6]
+||	ADD	@Y[7],@X[7],@X[7]
+||[!A1]	LDNDW	*${INP}[-7],@DAT[3]:@DAT[2]
+	ADD	@Y[8],@X[8],@X[8]
+||	ADD	@Y[9],@X[9],@X[9]
+||	ADD	@Y[10],@X[10],@X[10]
+||	ADD	@Y[11],@X[11],@X[11]
+||[!A1]	LDNDW	*${INP}[-6],@DAT[5]:@DAT[4]
+	ADD	@Y[12],@X[12],@X[12]
+||	ADD	@Y[13],@X[13],@X[13]
+||	ADD	@Y[14],@X[14],@X[14]
+||	ADD	@Y[15],@X[15],@X[15]
+||[!A1]	LDNDW	*${INP}[-5],@DAT[7]:@DAT[6]
+  [!A1]	LDNDW	*${INP}[-4],@DAT[9]:@DAT[8]
+  [!A1]	LDNDW	*${INP}[-3],@DAT[11]:@DAT[10]
+	LDNDW	*${INP}[-2],@DAT[13]:@DAT[12]
+	LDNDW	*${INP}[-1],@DAT[15]:@DAT[14]
+
+	.if	.BIG_ENDIAN
+	SWAP2	@X[0],@X[0]
+||	SWAP2	@X[1],@X[1]
+||	SWAP2	@X[2],@X[2]
+||	SWAP2	@X[3],@X[3]
+	SWAP2	@X[4],@X[4]
+||	SWAP2	@X[5],@X[5]
+||	SWAP2	@X[6],@X[6]
+||	SWAP2	@X[7],@X[7]
+	SWAP2	@X[8],@X[8]
+||	SWAP2	@X[9],@X[9]
+||	SWAP4	@X[0],@X[1]
+||	SWAP4	@X[1],@X[0]
+	SWAP2	@X[10],@X[10]
+||	SWAP2	@X[11],@X[11]
+||	SWAP4	@X[2],@X[3]
+||	SWAP4	@X[3],@X[2]
+	SWAP2	@X[12],@X[12]
+||	SWAP2	@X[13],@X[13]
+||	SWAP4	@X[4],@X[5]
+||	SWAP4	@X[5],@X[4]
+	SWAP2	@X[14],@X[14]
+||	SWAP2	@X[15],@X[15]
+||	SWAP4	@X[6],@X[7]
+||	SWAP4	@X[7],@X[6]
+	SWAP4	@X[8],@X[9]
+||	SWAP4	@X[9],@X[8]
+	SWAP4	@X[10],@X[11]
+||	SWAP4	@X[11],@X[10]
+	SWAP4	@X[12],@X[13]
+||	SWAP4	@X[13],@X[12]
+	SWAP4	@X[14],@X[15]
+||	SWAP4	@X[15],@X[14]
+	.else
+	NOP	1
+	.endif
+
+	XOR	@X[0],@DAT[0],@DAT[0]	; xor with input
+||	XOR	@X[1],@DAT[1],@DAT[1]
+||	XOR	@X[2],@DAT[2],@DAT[2]
+||	XOR	@X[3],@DAT[3],@DAT[3]
+|| [A0]	SUB	A0,$STEP,A0		; SUB	A0,64,A0
+	XOR	@X[4],@DAT[4],@DAT[4]
+||	XOR	@X[5],@DAT[5],@DAT[5]
+||	XOR	@X[6],@DAT[6],@DAT[6]
+||	XOR	@X[7],@DAT[7],@DAT[7]
+||	STNDW	@DAT[1]:@DAT[0],*${OUT}++[8]
+	XOR	@X[8],@DAT[8],@DAT[8]
+||	XOR	@X[9],@DAT[9],@DAT[9]
+||	XOR	@X[10],@DAT[10],@DAT[10]
+||	XOR	@X[11],@DAT[11],@DAT[11]
+||	STNDW	@DAT[3]:@DAT[2],*${OUT}[-7]
+	XOR	@X[12],@DAT[12],@DAT[12]
+||	XOR	@X[13],@DAT[13],@DAT[13]
+||	XOR	@X[14],@DAT[14],@DAT[14]
+||	XOR	@X[15],@DAT[15],@DAT[15]
+||	STNDW	@DAT[5]:@DAT[4],*${OUT}[-6]
+|| [A0]	BNOP	top1x?
+   [A0]	DMV	@Y[2],@Y[0],@X[2]:@X[0]	; duplicate key material
+|| [A0]	DMV	@Y[3],@Y[1],@X[3]:@X[1]
+||	STNDW	@DAT[7]:@DAT[6],*${OUT}[-5]
+   [A0]	DMV	@Y[6],@Y[4],@X[6]:@X[4]
+|| [A0]	DMV	@Y[7],@Y[5],@X[7]:@X[5]
+||	STNDW	@DAT[9]:@DAT[8],*${OUT}[-4]
+   [A0]	DMV	@Y[10],@Y[8],@X[10]:@X[8]
+|| [A0]	DMV	@Y[11],@Y[9],@X[11]:@X[9]
+|| [A0]	ADD	1,@Y[12],@Y[12]		; increment counter
+||	STNDW	@DAT[11]:@DAT[10],*${OUT}[-3]
+   [A0]	DMV	@Y[14],@Y[12],@X[14]:@X[12]
+|| [A0]	DMV	@Y[15],@Y[13],@X[15]:@X[13]
+||	STNDW	@DAT[13]:@DAT[12],*${OUT}[-2]
+   [A0]	MVK	10,B0			; inner loop counter
+||	STNDW	@DAT[15]:@DAT[14],*${OUT}[-1]
+;;===== branch to top1x? is taken here
+
+epilogue?:
+	LDDW	*FP[-4],A11:A10		; ABI says so
+	LDDW	*FP[-3],A13:A12
+||	LDDW	*SP[3+8],B11:B10
+	LDDW	*SP[4+8],B13:B12
+||	BNOP	RA
+	LDW	*++SP(40+64),FP		; restore frame pointer
+	NOP	4
+
+tail?:
+	LDBU	*${INP}++[1],B24	; load byte by byte
+||	SUB	A0,1,A0
+||	SUB	A0,1,B1
+  [!B1]	BNOP	epilogue?		; interrupts are disabled for whole time
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],0,A24
+|| [A0] LDBU	*${INP}++[1],B24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],24,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+  [!B1]	BNOP	epilogue?
+||	ROTL	@X[0],16,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]	; store byte by byte
+||[!B1]	BNOP	epilogue?
+||	ROTL	@X[0],8,A24
+|| [A0] LDBU	*${INP}++[1],A24
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]
+___
+sub TAIL_STEP {
+my $Xi= shift;
+my $T = ($Xi=~/^B/?"B24":"A24");	# match @X[i] to avoid cross path
+my $D = $T; $D=~tr/AB/BA/;
+my $O = $D; $O=~s/24/25/;
+
+$code.=<<___;
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,0,$T
+|| [A0] LDBU	*${INP}++[1],$D
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,24,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,16,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+||[!B1]	BNOP	epilogue?
+||	ROTL	$Xi,8,$T
+|| [A0] LDBU	*${INP}++[1],$T
+|| [A0]	SUB	A0,1,A0
+||	SUB	B1,1,B1
+||	XOR	A24,B24,$O
+	STB	$O,*${OUT}++[1]
+___
+}
+	foreach (1..14) { TAIL_STEP(@X[$_]); }
+$code.=<<___;
+||[!B1]	BNOP	epilogue?
+||	ROTL	@X[15],0,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	ROTL	@X[15],24,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	ROTL	@X[15],16,B24
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	XOR	A24,B24,A25
+	STB	A25,*${OUT}++[1]
+||	XOR	A24,B24,B25
+	STB	B25,*${OUT}++[1]
+	.endasmfunc
+
+	.sect	.const
+	.cstring "ChaCha20 for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-ppc.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-ppc.pl
new file mode 100755
index 0000000..181decd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-ppc.pl
@@ -0,0 +1,953 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# October 2015
+# 
+# ChaCha20 for PowerPC/AltiVec.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#			IALU/gcc-4.x    3xAltiVec+1xIALU
+#
+# Freescale e300	13.6/+115%	-
+# PPC74x0/G4e		6.81/+310%	4.66
+# PPC970/G5		9.29/+160%	4.60
+# POWER7		8.62/+61%	4.27
+# POWER8		8.70/+51%	3.96
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+	$UCMP	="cmpld";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+	$UCMP	="cmplw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$LOCALS=6*$SIZE_T;
+$FRAME=$LOCALS+64+18*$SIZE_T;	# 64 is for local variables
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+    $code .= "\t$opcode\t".join(',',@_)."\n";
+}
+
+my $sp = "r1";
+
+my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7));
+
+my @x=map("r$_",(16..31));
+my @d=map("r$_",(11,12,14,15));
+my @t=map("r$_",(7..10));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+
+    (
+	"&add		(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add		(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add		(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	"&xor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&xor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&xor		(@x[$d2],@x[$d2],@x[$a2])",
+	   "&xor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&rotlwi	(@x[$d0],@x[$d0],16)",
+	 "&rotlwi	(@x[$d1],@x[$d1],16)",
+	  "&rotlwi	(@x[$d2],@x[$d2],16)",
+	   "&rotlwi	(@x[$d3],@x[$d3],16)",
+
+	"&add		(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add		(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add		(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add	(@x[$c3],@x[$c3],@x[$d3])",
+	"&xor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&xor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&xor		(@x[$b2],@x[$b2],@x[$c2])",
+	   "&xor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&rotlwi	(@x[$b0],@x[$b0],12)",
+	 "&rotlwi	(@x[$b1],@x[$b1],12)",
+	  "&rotlwi	(@x[$b2],@x[$b2],12)",
+	   "&rotlwi	(@x[$b3],@x[$b3],12)",
+
+	"&add		(@x[$a0],@x[$a0],@x[$b0])",
+	 "&add		(@x[$a1],@x[$a1],@x[$b1])",
+	  "&add		(@x[$a2],@x[$a2],@x[$b2])",
+	   "&add	(@x[$a3],@x[$a3],@x[$b3])",
+	"&xor		(@x[$d0],@x[$d0],@x[$a0])",
+	 "&xor		(@x[$d1],@x[$d1],@x[$a1])",
+	  "&xor		(@x[$d2],@x[$d2],@x[$a2])",
+	   "&xor	(@x[$d3],@x[$d3],@x[$a3])",
+	"&rotlwi	(@x[$d0],@x[$d0],8)",
+	 "&rotlwi	(@x[$d1],@x[$d1],8)",
+	  "&rotlwi	(@x[$d2],@x[$d2],8)",
+	   "&rotlwi	(@x[$d3],@x[$d3],8)",
+
+	"&add		(@x[$c0],@x[$c0],@x[$d0])",
+	 "&add		(@x[$c1],@x[$c1],@x[$d1])",
+	  "&add		(@x[$c2],@x[$c2],@x[$d2])",
+	   "&add	(@x[$c3],@x[$c3],@x[$d3])",
+	"&xor		(@x[$b0],@x[$b0],@x[$c0])",
+	 "&xor		(@x[$b1],@x[$b1],@x[$c1])",
+	  "&xor		(@x[$b2],@x[$b2],@x[$c2])",
+	   "&xor	(@x[$b3],@x[$b3],@x[$c3])",
+	"&rotlwi	(@x[$b0],@x[$b0],7)",
+	 "&rotlwi	(@x[$b1],@x[$b1],7)",
+	  "&rotlwi	(@x[$b2],@x[$b2],7)",
+	   "&rotlwi	(@x[$b3],@x[$b3],7)"
+    );
+}
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.globl	.ChaCha20_ctr32_int
+.align	5
+.ChaCha20_ctr32_int:
+__ChaCha20_ctr32_int:
+	${UCMP}i $len,0
+	beqlr-
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	@d[0],0($ctr)			# load counter
+	lwz	@d[1],4($ctr)
+	lwz	@d[2],8($ctr)
+	lwz	@d[3],12($ctr)
+
+	bl	__ChaCha20_1x
+
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,5,0
+	.long	0
+.size	.ChaCha20_ctr32_int,.-.ChaCha20_ctr32_int
+
+.align	5
+__ChaCha20_1x:
+Loop_outer:
+	lis	@x[0],0x6170			# synthesize sigma
+	lis	@x[1],0x3320
+	lis	@x[2],0x7962
+	lis	@x[3],0x6b20
+	ori	@x[0],@x[0],0x7865
+	ori	@x[1],@x[1],0x646e
+	ori	@x[2],@x[2],0x2d32
+	ori	@x[3],@x[3],0x6574
+
+	li	r0,10				# inner loop counter
+	lwz	@x[4],0($key)			# load key
+	lwz	@x[5],4($key)
+	lwz	@x[6],8($key)
+	lwz	@x[7],12($key)
+	lwz	@x[8],16($key)
+	mr	@x[12],@d[0]			# copy counter
+	lwz	@x[9],20($key)
+	mr	@x[13],@d[1]
+	lwz	@x[10],24($key)
+	mr	@x[14],@d[2]
+	lwz	@x[11],28($key)
+	mr	@x[15],@d[3]
+
+	mr	@t[0],@x[4]
+	mr	@t[1],@x[5]
+	mr	@t[2],@x[6]
+	mr	@t[3],@x[7]
+
+	mtctr	r0
+Loop:
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	bdnz	Loop
+
+	subic	$len,$len,64			# $len-=64
+	addi	@x[0],@x[0],0x7865		# accumulate key block
+	addi	@x[1],@x[1],0x646e
+	addi	@x[2],@x[2],0x2d32
+	addi	@x[3],@x[3],0x6574
+	addis	@x[0],@x[0],0x6170
+	addis	@x[1],@x[1],0x3320
+	addis	@x[2],@x[2],0x7962
+	addis	@x[3],@x[3],0x6b20
+
+	subfe.	r0,r0,r0			# borrow?-1:0
+	add	@x[4],@x[4],@t[0]
+	lwz	@t[0],16($key)
+	add	@x[5],@x[5],@t[1]
+	lwz	@t[1],20($key)
+	add	@x[6],@x[6],@t[2]
+	lwz	@t[2],24($key)
+	add	@x[7],@x[7],@t[3]
+	lwz	@t[3],28($key)
+	add	@x[8],@x[8],@t[0]
+	add	@x[9],@x[9],@t[1]
+	add	@x[10],@x[10],@t[2]
+	add	@x[11],@x[11],@t[3]
+
+	add	@x[12],@x[12],@d[0]
+	add	@x[13],@x[13],@d[1]
+	add	@x[14],@x[14],@d[2]
+	add	@x[15],@x[15],@d[3]
+	addi	@d[0],@d[0],1			# increment counter
+___
+if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) {	# flip byte order
+$code.=<<___;
+	mr	@t[$i&3],@x[$i]
+	rotlwi	@x[$i],@x[$i],8
+	rlwimi	@x[$i],@t[$i&3],24,0,7
+	rlwimi	@x[$i],@t[$i&3],24,16,23
+___
+} }
+$code.=<<___;
+	bne	Ltail				# $len-=64 borrowed
+
+	lwz	@t[0],0($inp)			# load input, aligned or not
+	lwz	@t[1],4($inp)
+	${UCMP}i $len,0				# done already?
+	lwz	@t[2],8($inp)
+	lwz	@t[3],12($inp)
+	xor	@x[0],@x[0],@t[0]		# xor with input
+	lwz	@t[0],16($inp)
+	xor	@x[1],@x[1],@t[1]
+	lwz	@t[1],20($inp)
+	xor	@x[2],@x[2],@t[2]
+	lwz	@t[2],24($inp)
+	xor	@x[3],@x[3],@t[3]
+	lwz	@t[3],28($inp)
+	xor	@x[4],@x[4],@t[0]
+	lwz	@t[0],32($inp)
+	xor	@x[5],@x[5],@t[1]
+	lwz	@t[1],36($inp)
+	xor	@x[6],@x[6],@t[2]
+	lwz	@t[2],40($inp)
+	xor	@x[7],@x[7],@t[3]
+	lwz	@t[3],44($inp)
+	xor	@x[8],@x[8],@t[0]
+	lwz	@t[0],48($inp)
+	xor	@x[9],@x[9],@t[1]
+	lwz	@t[1],52($inp)
+	xor	@x[10],@x[10],@t[2]
+	lwz	@t[2],56($inp)
+	xor	@x[11],@x[11],@t[3]
+	lwz	@t[3],60($inp)
+	xor	@x[12],@x[12],@t[0]
+	stw	@x[0],0($out)			# store output, aligned or not
+	xor	@x[13],@x[13],@t[1]
+	stw	@x[1],4($out)
+	xor	@x[14],@x[14],@t[2]
+	stw	@x[2],8($out)
+	xor	@x[15],@x[15],@t[3]
+	stw	@x[3],12($out)
+	stw	@x[4],16($out)
+	stw	@x[5],20($out)
+	stw	@x[6],24($out)
+	stw	@x[7],28($out)
+	stw	@x[8],32($out)
+	stw	@x[9],36($out)
+	stw	@x[10],40($out)
+	stw	@x[11],44($out)
+	stw	@x[12],48($out)
+	stw	@x[13],52($out)
+	stw	@x[14],56($out)
+	addi	$inp,$inp,64
+	stw	@x[15],60($out)
+	addi	$out,$out,64
+
+	bne	Loop_outer
+
+	blr
+
+.align	4
+Ltail:
+	addi	$len,$len,64			# restore tail length
+	subi	$inp,$inp,1			# prepare for *++ptr
+	subi	$out,$out,1
+	addi	@t[0],$sp,$LOCALS-1
+	mtctr	$len
+
+	stw	@x[0],`$LOCALS+0`($sp)		# save whole block to stack
+	stw	@x[1],`$LOCALS+4`($sp)
+	stw	@x[2],`$LOCALS+8`($sp)
+	stw	@x[3],`$LOCALS+12`($sp)
+	stw	@x[4],`$LOCALS+16`($sp)
+	stw	@x[5],`$LOCALS+20`($sp)
+	stw	@x[6],`$LOCALS+24`($sp)
+	stw	@x[7],`$LOCALS+28`($sp)
+	stw	@x[8],`$LOCALS+32`($sp)
+	stw	@x[9],`$LOCALS+36`($sp)
+	stw	@x[10],`$LOCALS+40`($sp)
+	stw	@x[11],`$LOCALS+44`($sp)
+	stw	@x[12],`$LOCALS+48`($sp)
+	stw	@x[13],`$LOCALS+52`($sp)
+	stw	@x[14],`$LOCALS+56`($sp)
+	stw	@x[15],`$LOCALS+60`($sp)
+
+Loop_tail:					# byte-by-byte loop
+	lbzu	@d[0],1($inp)
+	lbzu	@x[0],1(@t[0])
+	xor	@d[1],@d[0],@x[0]
+	stbu	@d[1],1($out)
+	bdnz	Loop_tail
+
+	stw	$sp,`$LOCALS+0`($sp)		# wipe block on stack
+	stw	$sp,`$LOCALS+4`($sp)
+	stw	$sp,`$LOCALS+8`($sp)
+	stw	$sp,`$LOCALS+12`($sp)
+	stw	$sp,`$LOCALS+16`($sp)
+	stw	$sp,`$LOCALS+20`($sp)
+	stw	$sp,`$LOCALS+24`($sp)
+	stw	$sp,`$LOCALS+28`($sp)
+	stw	$sp,`$LOCALS+32`($sp)
+	stw	$sp,`$LOCALS+36`($sp)
+	stw	$sp,`$LOCALS+40`($sp)
+	stw	$sp,`$LOCALS+44`($sp)
+	stw	$sp,`$LOCALS+48`($sp)
+	stw	$sp,`$LOCALS+52`($sp)
+	stw	$sp,`$LOCALS+56`($sp)
+	stw	$sp,`$LOCALS+60`($sp)
+
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+___
+
+{{{
+my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2) =
+    map("v$_",(0..14));
+my (@K)=map("v$_",(15..20));
+my ($FOUR,$sixteen,$twenty4,$twenty,$twelve,$twenty5,$seven) =
+    map("v$_",(21..27));
+my ($inpperm,$outperm,$outmask) = map("v$_",(28..30));
+my @D=("v31",$seven,$T0,$T1,$T2);
+
+my $FRAME=$LOCALS+64+13*16+18*$SIZE_T;	# 13*16 is for v20-v31 offload
+
+sub VMXROUND {
+my $odd = pop;
+my ($a,$b,$c,$d,$t)=@_;
+
+	(
+	"&vadduwm	('$a','$a','$b')",
+	"&vxor		('$d','$d','$a')",
+	"&vperm		('$d','$d','$d','$sixteen')",
+
+	"&vadduwm	('$c','$c','$d')",
+	"&vxor		('$t','$b','$c')",
+	"&vsrw		('$b','$t','$twenty')",
+	"&vslw		('$t','$t','$twelve')",
+	"&vor		('$b','$b','$t')",
+
+	"&vadduwm	('$a','$a','$b')",
+	"&vxor		('$d','$d','$a')",
+	"&vperm		('$d','$d','$d','$twenty4')",
+
+	"&vadduwm	('$c','$c','$d')",
+	"&vxor		('$t','$b','$c')",
+	"&vsrw		('$b','$t','$twenty5')",
+	"&vslw		('$t','$t','$seven')",
+	"&vor		('$b','$b','$t')",
+
+	"&vsldoi	('$c','$c','$c',8)",
+	"&vsldoi	('$b','$b','$b',$odd?4:12)",
+	"&vsldoi	('$d','$d','$d',$odd?12:4)"
+	);
+}
+
+$code.=<<___;
+
+.globl	.ChaCha20_ctr32_vmx
+.align	5
+.ChaCha20_ctr32_vmx:
+	${UCMP}i $len,256
+	blt	__ChaCha20_ctr32_int
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mfspr	r12,256
+	stvx	v20,r10,$sp
+	addi	r10,r10,32
+	stvx	v21,r11,$sp
+	addi	r11,r11,32
+	stvx	v22,r10,$sp
+	addi	r10,r10,32
+	stvx	v23,r11,$sp
+	addi	r11,r11,32
+	stvx	v24,r10,$sp
+	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
+	stvx	v26,r10,$sp
+	addi	r10,r10,32
+	stvx	v27,r11,$sp
+	addi	r11,r11,32
+	stvx	v28,r10,$sp
+	addi	r10,r10,32
+	stvx	v29,r11,$sp
+	addi	r11,r11,32
+	stvx	v30,r10,$sp
+	stvx	v31,r11,$sp
+	stw	r12,`$FRAME-$SIZE_T*18-4`($sp)	# save vrsave
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	li	r12,-1
+	$PUSH	r0, `$FRAME+$LRSAVE`($sp)
+	mtspr	256,r12				# preserve all AltiVec registers
+
+	bl	Lconsts				# returns pointer Lsigma in r12
+	li	@x[0],16
+	li	@x[1],32
+	li	@x[2],48
+	li	@x[3],64
+	li	@x[4],31			# 31 is not a typo
+	li	@x[5],15			# nor is 15
+
+	lvx	@K[1],0,$key			# load key
+	?lvsr	$T0,0,$key			# prepare unaligned load
+	lvx	@K[2],@x[0],$key
+	lvx	@D[0],@x[4],$key
+
+	lvx	@K[3],0,$ctr			# load counter
+	?lvsr	$T1,0,$ctr			# prepare unaligned load
+	lvx	@D[1],@x[5],$ctr
+
+	lvx	@K[0],0,r12			# load constants
+	lvx	@K[5],@x[0],r12			# one
+	lvx	$FOUR,@x[1],r12
+	lvx	$sixteen,@x[2],r12
+	lvx	$twenty4,@x[3],r12
+
+	?vperm	@K[1],@K[2],@K[1],$T0		# align key
+	?vperm	@K[2],@D[0],@K[2],$T0
+	?vperm	@K[3],@D[1],@K[3],$T1		# align counter
+
+	lwz	@d[0],0($ctr)			# load counter to GPR
+	lwz	@d[1],4($ctr)
+	vadduwm	@K[3],@K[3],@K[5]		# adjust AltiVec counter
+	lwz	@d[2],8($ctr)
+	vadduwm	@K[4],@K[3],@K[5]
+	lwz	@d[3],12($ctr)
+	vadduwm	@K[5],@K[4],@K[5]
+
+	vspltisw $twenty,-12			# synthesize constants 
+	vspltisw $twelve,12
+	vspltisw $twenty5,-7
+	#vspltisw $seven,7			# synthesized in the loop
+
+	vxor	$T0,$T0,$T0			# 0x00..00
+	vspltisw $outmask,-1			# 0xff..ff
+	?lvsr	$inpperm,0,$inp			# prepare for unaligned load
+	?lvsl	$outperm,0,$out			# prepare for unaligned store
+	?vperm	$outmask,$outmask,$T0,$outperm
+
+	be?lvsl	$T0,0,@x[0]			# 0x00..0f
+	be?vspltisb $T1,3			# 0x03..03
+	be?vxor	$T0,$T0,$T1			# swap bytes within words
+	be?vxor	$outperm,$outperm,$T1
+	be?vperm $inpperm,$inpperm,$inpperm,$T0
+
+	b	Loop_outer_vmx
+
+.align	4
+Loop_outer_vmx:
+	lis	@x[0],0x6170			# synthesize sigma
+	lis	@x[1],0x3320
+	 vmr	$A0,@K[0]
+	lis	@x[2],0x7962
+	lis	@x[3],0x6b20
+	 vmr	$A1,@K[0]
+	ori	@x[0],@x[0],0x7865
+	ori	@x[1],@x[1],0x646e
+	 vmr	$A2,@K[0]
+	ori	@x[2],@x[2],0x2d32
+	ori	@x[3],@x[3],0x6574
+	 vmr	$B0,@K[1]
+
+	li	r0,10				# inner loop counter
+	lwz	@x[4],0($key)			# load key to GPR
+	 vmr	$B1,@K[1]
+	lwz	@x[5],4($key)
+	 vmr	$B2,@K[1]
+	lwz	@x[6],8($key)
+	 vmr	$C0,@K[2]
+	lwz	@x[7],12($key)
+	 vmr	$C1,@K[2]
+	lwz	@x[8],16($key)
+	 vmr	$C2,@K[2]
+	mr	@x[12],@d[0]			# copy GPR counter
+	lwz	@x[9],20($key)
+	 vmr	$D0,@K[3]
+	mr	@x[13],@d[1]
+	lwz	@x[10],24($key)
+	 vmr	$D1,@K[4]
+	mr	@x[14],@d[2]
+	lwz	@x[11],28($key)
+	 vmr	$D2,@K[5]
+	mr	@x[15],@d[3]
+
+	mr	@t[0],@x[4]
+	mr	@t[1],@x[5]
+	mr	@t[2],@x[6]
+	mr	@t[3],@x[7]
+	vspltisw $seven,7
+
+	mtctr	r0
+	nop
+Loop_vmx:
+___
+	my @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,0);
+	my @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,0);
+	my @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,0);
+	my @thread3=&ROUND(0,4,8,12);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+
+	@thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,1);
+	@thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,1);
+	@thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,1);
+	@thread3=&ROUND(0,5,10,15);
+
+	foreach (@thread0) {
+		eval;			eval(shift(@thread3));
+		eval(shift(@thread1));	eval(shift(@thread3));
+		eval(shift(@thread2));	eval(shift(@thread3));
+	}
+$code.=<<___;
+	bdnz	Loop_vmx
+
+	subi	$len,$len,256			# $len-=256
+	addi	@x[0],@x[0],0x7865		# accumulate key block
+	addi	@x[1],@x[1],0x646e
+	addi	@x[2],@x[2],0x2d32
+	addi	@x[3],@x[3],0x6574
+	addis	@x[0],@x[0],0x6170
+	addis	@x[1],@x[1],0x3320
+	addis	@x[2],@x[2],0x7962
+	addis	@x[3],@x[3],0x6b20
+	add	@x[4],@x[4],@t[0]
+	lwz	@t[0],16($key)
+	add	@x[5],@x[5],@t[1]
+	lwz	@t[1],20($key)
+	add	@x[6],@x[6],@t[2]
+	lwz	@t[2],24($key)
+	add	@x[7],@x[7],@t[3]
+	lwz	@t[3],28($key)
+	add	@x[8],@x[8],@t[0]
+	add	@x[9],@x[9],@t[1]
+	add	@x[10],@x[10],@t[2]
+	add	@x[11],@x[11],@t[3]
+	add	@x[12],@x[12],@d[0]
+	add	@x[13],@x[13],@d[1]
+	add	@x[14],@x[14],@d[2]
+	add	@x[15],@x[15],@d[3]
+
+	vadduwm	$A0,$A0,@K[0]			# accumulate key block
+	vadduwm	$A1,$A1,@K[0]
+	vadduwm	$A2,$A2,@K[0]
+	vadduwm	$B0,$B0,@K[1]
+	vadduwm	$B1,$B1,@K[1]
+	vadduwm	$B2,$B2,@K[1]
+	vadduwm	$C0,$C0,@K[2]
+	vadduwm	$C1,$C1,@K[2]
+	vadduwm	$C2,$C2,@K[2]
+	vadduwm	$D0,$D0,@K[3]
+	vadduwm	$D1,$D1,@K[4]
+	vadduwm	$D2,$D2,@K[5]
+
+	addi	@d[0],@d[0],4			# increment counter
+	vadduwm	@K[3],@K[3],$FOUR
+	vadduwm	@K[4],@K[4],$FOUR
+	vadduwm	@K[5],@K[5],$FOUR
+
+___
+if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) {	# flip byte order
+$code.=<<___;
+	mr	@t[$i&3],@x[$i]
+	rotlwi	@x[$i],@x[$i],8
+	rlwimi	@x[$i],@t[$i&3],24,0,7
+	rlwimi	@x[$i],@t[$i&3],24,16,23
+___
+} }
+$code.=<<___;
+	lwz	@t[0],0($inp)			# load input, aligned or not
+	lwz	@t[1],4($inp)
+	lwz	@t[2],8($inp)
+	lwz	@t[3],12($inp)
+	xor	@x[0],@x[0],@t[0]		# xor with input
+	lwz	@t[0],16($inp)
+	xor	@x[1],@x[1],@t[1]
+	lwz	@t[1],20($inp)
+	xor	@x[2],@x[2],@t[2]
+	lwz	@t[2],24($inp)
+	xor	@x[3],@x[3],@t[3]
+	lwz	@t[3],28($inp)
+	xor	@x[4],@x[4],@t[0]
+	lwz	@t[0],32($inp)
+	xor	@x[5],@x[5],@t[1]
+	lwz	@t[1],36($inp)
+	xor	@x[6],@x[6],@t[2]
+	lwz	@t[2],40($inp)
+	xor	@x[7],@x[7],@t[3]
+	lwz	@t[3],44($inp)
+	xor	@x[8],@x[8],@t[0]
+	lwz	@t[0],48($inp)
+	xor	@x[9],@x[9],@t[1]
+	lwz	@t[1],52($inp)
+	xor	@x[10],@x[10],@t[2]
+	lwz	@t[2],56($inp)
+	xor	@x[11],@x[11],@t[3]
+	lwz	@t[3],60($inp)
+	xor	@x[12],@x[12],@t[0]
+	stw	@x[0],0($out)			# store output, aligned or not
+	xor	@x[13],@x[13],@t[1]
+	stw	@x[1],4($out)
+	xor	@x[14],@x[14],@t[2]
+	stw	@x[2],8($out)
+	xor	@x[15],@x[15],@t[3]
+	stw	@x[3],12($out)
+	addi	$inp,$inp,64
+	stw	@x[4],16($out)
+	li	@t[0],16
+	stw	@x[5],20($out)
+	li	@t[1],32
+	stw	@x[6],24($out)
+	li	@t[2],48
+	stw	@x[7],28($out)
+	li	@t[3],64
+	stw	@x[8],32($out)
+	stw	@x[9],36($out)
+	stw	@x[10],40($out)
+	stw	@x[11],44($out)
+	stw	@x[12],48($out)
+	stw	@x[13],52($out)
+	stw	@x[14],56($out)
+	stw	@x[15],60($out)
+	addi	$out,$out,64
+
+	lvx	@D[0],0,$inp			# load input
+	lvx	@D[1],@t[0],$inp
+	lvx	@D[2],@t[1],$inp
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[4],@t[3],$inp
+	addi	$inp,$inp,64
+
+	?vperm	@D[0],@D[1],@D[0],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[4],@D[3],$inpperm
+	vxor	$A0,$A0,@D[0]			# xor with input
+	vxor	$B0,$B0,@D[1]
+	lvx	@D[1],@t[0],$inp		# keep loading input
+	vxor	$C0,$C0,@D[2]
+	lvx	@D[2],@t[1],$inp
+	vxor	$D0,$D0,@D[3]
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[0],@t[3],$inp
+	addi	$inp,$inp,64
+	li	@t[3],63			# 63 is not a typo
+	vperm	$A0,$A0,$A0,$outperm		# pre-misalign output
+	vperm	$B0,$B0,$B0,$outperm
+	vperm	$C0,$C0,$C0,$outperm
+	vperm	$D0,$D0,$D0,$outperm
+
+	?vperm	@D[4],@D[1],@D[4],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[0],@D[3],$inpperm
+	vxor	$A1,$A1,@D[4]
+	vxor	$B1,$B1,@D[1]
+	lvx	@D[1],@t[0],$inp		# keep loading input
+	vxor	$C1,$C1,@D[2]
+	lvx	@D[2],@t[1],$inp
+	vxor	$D1,$D1,@D[3]
+	lvx	@D[3],@t[2],$inp
+	lvx	@D[4],@t[3],$inp		# redundant in aligned case
+	addi	$inp,$inp,64
+	vperm	$A1,$A1,$A1,$outperm		# pre-misalign output
+	vperm	$B1,$B1,$B1,$outperm
+	vperm	$C1,$C1,$C1,$outperm
+	vperm	$D1,$D1,$D1,$outperm
+
+	?vperm	@D[0],@D[1],@D[0],$inpperm	# align input
+	?vperm	@D[1],@D[2],@D[1],$inpperm
+	?vperm	@D[2],@D[3],@D[2],$inpperm
+	?vperm	@D[3],@D[4],@D[3],$inpperm
+	vxor	$A2,$A2,@D[0]
+	vxor	$B2,$B2,@D[1]
+	vxor	$C2,$C2,@D[2]
+	vxor	$D2,$D2,@D[3]
+	vperm	$A2,$A2,$A2,$outperm		# pre-misalign output
+	vperm	$B2,$B2,$B2,$outperm
+	vperm	$C2,$C2,$C2,$outperm
+	vperm	$D2,$D2,$D2,$outperm
+
+	andi.	@x[1],$out,15			# is $out aligned?
+	mr	@x[0],$out
+
+	vsel	@D[0],$A0,$B0,$outmask		# collect pre-misaligned output
+	vsel	@D[1],$B0,$C0,$outmask
+	vsel	@D[2],$C0,$D0,$outmask
+	vsel	@D[3],$D0,$A1,$outmask
+	vsel	$B0,$A1,$B1,$outmask
+	vsel	$C0,$B1,$C1,$outmask
+	vsel	$D0,$C1,$D1,$outmask
+	vsel	$A1,$D1,$A2,$outmask
+	vsel	$B1,$A2,$B2,$outmask
+	vsel	$C1,$B2,$C2,$outmask
+	vsel	$D1,$C2,$D2,$outmask
+
+	#stvx	$A0,0,$out			# take it easy on the edges
+	stvx	@D[0],@t[0],$out		# store output
+	stvx	@D[1],@t[1],$out
+	stvx	@D[2],@t[2],$out
+	addi	$out,$out,64
+	stvx	@D[3],0,$out
+	stvx	$B0,@t[0],$out
+	stvx	$C0,@t[1],$out
+	stvx	$D0,@t[2],$out
+	addi	$out,$out,64
+	stvx	$A1,0,$out
+	stvx	$B1,@t[0],$out
+	stvx	$C1,@t[1],$out
+	stvx	$D1,@t[2],$out
+	addi	$out,$out,64
+
+	beq	Laligned_vmx
+
+	sub	@x[2],$out,@x[1]		# in misaligned case edges
+	li	@x[3],0				# are written byte-by-byte
+Lunaligned_tail_vmx:
+	stvebx	$D2,@x[3],@x[2]
+	addi	@x[3],@x[3],1
+	cmpw	@x[3],@x[1]
+	bne	Lunaligned_tail_vmx
+
+	sub	@x[2],@x[0],@x[1]
+Lunaligned_head_vmx:
+	stvebx	$A0,@x[1],@x[2]
+	cmpwi	@x[1],15
+	addi	@x[1],@x[1],1
+	bne	Lunaligned_head_vmx
+
+	${UCMP}i $len,255			# done with 256-byte blocks yet?
+	bgt	Loop_outer_vmx
+
+	b	Ldone_vmx
+
+.align	4
+Laligned_vmx:
+	stvx	$A0,0,@x[0]			# head hexaword was not stored
+
+	${UCMP}i $len,255			# done with 256-byte blocks yet?
+	bgt	Loop_outer_vmx
+	nop
+
+Ldone_vmx:
+	${UCMP}i $len,0				# done yet?
+	bnel	__ChaCha20_1x
+
+	lwz	r12,`$FRAME-$SIZE_T*18-4`($sp)	# pull vrsave
+	li	r10,`15+$LOCALS+64`
+	li	r11,`31+$LOCALS+64`
+	mtspr	256,r12				# restore vrsave
+	lvx	v20,r10,$sp
+	addi	r10,r10,32
+	lvx	v21,r11,$sp
+	addi	r11,r11,32
+	lvx	v22,r10,$sp
+	addi	r10,r10,32
+	lvx	v23,r11,$sp
+	addi	r11,r11,32
+	lvx	v24,r10,$sp
+	addi	r10,r10,32
+	lvx	v25,r11,$sp
+	addi	r11,r11,32
+	lvx	v26,r10,$sp
+	addi	r10,r10,32
+	lvx	v27,r11,$sp
+	addi	r11,r11,32
+	lvx	v28,r10,$sp
+	addi	r10,r10,32
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
+	$POP	r0, `$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,0x04,1,0x80,18,5,0
+	.long	0
+.size	.ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx
+
+.align	5
+Lconsts:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	r12	#vvvvv "distance between . and _vpaes_consts
+	addi	r12,r12,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+Lsigma:
+	.long   0x61707865,0x3320646e,0x79622d32,0x6b206574
+	.long	1,0,0,0
+	.long	4,0,0,0
+___
+$code.=<<___ 	if ($LITTLE_ENDIAN);
+	.long	0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001
+	.long	0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300
+___
+$code.=<<___ 	if (!$LITTLE_ENDIAN);	# flipped words
+	.long	0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d
+	.long	0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c
+___
+$code.=<<___;
+.asciz  "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	# instructions prefixed with '?' are endian-specific and need
+	# to be adjusted accordingly...
+	if ($flavour !~ /le$/) {	# big-endian
+	    s/be\?//		or
+	    s/le\?/#le#/	or
+	    s/\?lvsr/lvsl/	or
+	    s/\?lvsl/lvsr/	or
+	    s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or
+	    s/(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/;
+	} else {			# little-endian
+	    s/le\?//		or
+	    s/be\?/#be#/	or
+	    s/\?([a-z]+)/$1/;
+	}
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-s390x.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-s390x.pl
new file mode 100755
index 0000000..c315264
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-s390x.pl
@@ -0,0 +1,326 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2015
+#
+# ChaCha20 for s390x.
+#
+# 3 times faster than compiler-generated code.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+    $code .= "\t$opcode\t".join(',',@_)."\n";
+}
+
+my $sp="%r15";
+
+my $stdframe=16*$SIZE_T+4*8;
+my $frame=$stdframe+4*20;
+
+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
+
+my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
+my @t=map("%r$_",(8,9));
+
+sub ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_)=map("\"$_\"",@t);
+my @x=map("\"$_\"",@x);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# 'c' stores and loads in the middle, but none in the beginning
+	# or end.
+
+	(
+	"&alr	(@x[$a0],@x[$b0])",	# Q1
+	 "&alr	(@x[$a1],@x[$b1])",	# Q2
+	"&xr	(@x[$d0],@x[$a0])",
+	 "&xr	(@x[$d1],@x[$a1])",
+	"&rll	(@x[$d0],@x[$d0],16)",
+	 "&rll	(@x[$d1],@x[$d1],16)",
+
+	"&alr	($xc,@x[$d0])",
+	 "&alr	($xc_,@x[$d1])",
+	"&xr	(@x[$b0],$xc)",
+	 "&xr	(@x[$b1],$xc_)",
+	"&rll	(@x[$b0],@x[$b0],12)",
+	 "&rll	(@x[$b1],@x[$b1],12)",
+
+	"&alr	(@x[$a0],@x[$b0])",
+	 "&alr	(@x[$a1],@x[$b1])",
+	"&xr	(@x[$d0],@x[$a0])",
+	 "&xr	(@x[$d1],@x[$a1])",
+	"&rll	(@x[$d0],@x[$d0],8)",
+	 "&rll	(@x[$d1],@x[$d1],8)",
+
+	"&alr	($xc,@x[$d0])",
+	 "&alr	($xc_,@x[$d1])",
+	"&xr	(@x[$b0],$xc)",
+	 "&xr	(@x[$b1],$xc_)",
+	"&rll	(@x[$b0],@x[$b0],7)",
+	 "&rll	(@x[$b1],@x[$b1],7)",
+
+	"&stm	($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')",	# reload pair of 'c's
+	"&lm	($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
+
+	"&alr	(@x[$a2],@x[$b2])",	# Q3
+	 "&alr	(@x[$a3],@x[$b3])",	# Q4
+	"&xr	(@x[$d2],@x[$a2])",
+	 "&xr	(@x[$d3],@x[$a3])",
+	"&rll	(@x[$d2],@x[$d2],16)",
+	 "&rll	(@x[$d3],@x[$d3],16)",
+
+	"&alr	($xc,@x[$d2])",
+	 "&alr	($xc_,@x[$d3])",
+	"&xr	(@x[$b2],$xc)",
+	 "&xr	(@x[$b3],$xc_)",
+	"&rll	(@x[$b2],@x[$b2],12)",
+	 "&rll	(@x[$b3],@x[$b3],12)",
+
+	"&alr	(@x[$a2],@x[$b2])",
+	 "&alr	(@x[$a3],@x[$b3])",
+	"&xr	(@x[$d2],@x[$a2])",
+	 "&xr	(@x[$d3],@x[$a3])",
+	"&rll	(@x[$d2],@x[$d2],8)",
+	 "&rll	(@x[$d3],@x[$d3],8)",
+
+	"&alr	($xc,@x[$d2])",
+	 "&alr	($xc_,@x[$d3])",
+	"&xr	(@x[$b2],$xc)",
+	 "&xr	(@x[$b3],$xc_)",
+	"&rll	(@x[$b2],@x[$b2],7)",
+	 "&rll	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+$code.=<<___;
+.text
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,\@function
+.align	32
+ChaCha20_ctr32:
+	lt${g}r	$len,$len			# $len==0?
+	bzr	%r14
+	a${g}hi	$len,-64
+	l${g}hi	%r1,-$frame
+	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
+	sl${g}r	$out,$inp			# difference
+	la	$len,0($inp,$len)		# end of input minus 64
+	larl	%r7,.Lsigma
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	lmg	%r8,%r11,0($key)		# load key
+	lmg	%r12,%r13,0($counter)		# load counter
+	lmg	%r6,%r7,0(%r7)			# load sigma constant
+
+	la	%r14,0($inp)
+	st${g}	$out,$frame+3*$SIZE_T($sp)
+	st${g}	$len,$frame+4*$SIZE_T($sp)
+	stmg	%r6,%r13,$stdframe($sp)		# copy key schedule to stack
+	srlg	@x[12],%r12,32			# 32-bit counter value
+	j	.Loop_outer
+
+.align	16
+.Loop_outer:
+	lm	@x[0],@x[7],$stdframe+4*0($sp)		# load x[0]-x[7]
+	lm	@t[0],@t[1],$stdframe+4*10($sp)		# load x[10]-x[11]
+	lm	@x[13],@x[15],$stdframe+4*13($sp)	# load x[13]-x[15]
+	stm	@t[0],@t[1],$stdframe+4*8+4*10($sp)	# offload x[10]-x[11]
+	lm	@t[0],@t[1],$stdframe+4*8($sp)		# load x[8]-x[9]
+	st	@x[12],$stdframe+4*12($sp)		# save counter
+	st${g}	%r14,$frame+2*$SIZE_T($sp)		# save input pointer
+	lhi	%r14,10
+	j	.Loop
+
+.align	4
+.Loop:
+___
+	foreach (&ROUND(0, 4, 8,12)) { eval; }
+	foreach (&ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	brct	%r14,.Loop
+
+	l${g}	%r14,$frame+2*$SIZE_T($sp)		# pull input pointer
+	stm	@t[0],@t[1],$stdframe+4*8+4*8($sp)	# offload x[8]-x[9]
+	lm${g}	@t[0],@t[1],$frame+3*$SIZE_T($sp)
+
+	al	@x[0],$stdframe+4*0($sp)	# accumulate key schedule
+	al	@x[1],$stdframe+4*1($sp)
+	al	@x[2],$stdframe+4*2($sp)
+	al	@x[3],$stdframe+4*3($sp)
+	al	@x[4],$stdframe+4*4($sp)
+	al	@x[5],$stdframe+4*5($sp)
+	al	@x[6],$stdframe+4*6($sp)
+	al	@x[7],$stdframe+4*7($sp)
+	lrvr	@x[0],@x[0]
+	lrvr	@x[1],@x[1]
+	lrvr	@x[2],@x[2]
+	lrvr	@x[3],@x[3]
+	lrvr	@x[4],@x[4]
+	lrvr	@x[5],@x[5]
+	lrvr	@x[6],@x[6]
+	lrvr	@x[7],@x[7]
+	al	@x[12],$stdframe+4*12($sp)
+	al	@x[13],$stdframe+4*13($sp)
+	al	@x[14],$stdframe+4*14($sp)
+	al	@x[15],$stdframe+4*15($sp)
+	lrvr	@x[12],@x[12]
+	lrvr	@x[13],@x[13]
+	lrvr	@x[14],@x[14]
+	lrvr	@x[15],@x[15]
+
+	la	@t[0],0(@t[0],%r14)		# reconstruct output pointer
+	cl${g}r	%r14,@t[1]
+	jh	.Ltail
+
+	x	@x[0],4*0(%r14)			# xor with input
+	x	@x[1],4*1(%r14)
+	st	@x[0],4*0(@t[0])		# store output
+	x	@x[2],4*2(%r14)
+	st	@x[1],4*1(@t[0])
+	x	@x[3],4*3(%r14)
+	st	@x[2],4*2(@t[0])
+	x	@x[4],4*4(%r14)
+	st	@x[3],4*3(@t[0])
+	 lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)	# load x[8]-x[11]
+	x	@x[5],4*5(%r14)
+	st	@x[4],4*4(@t[0])
+	x	@x[6],4*6(%r14)
+	 al	@x[0],$stdframe+4*8($sp)
+	st	@x[5],4*5(@t[0])
+	x	@x[7],4*7(%r14)
+	 al	@x[1],$stdframe+4*9($sp)
+	st	@x[6],4*6(@t[0])
+	x	@x[12],4*12(%r14)
+	 al	@x[2],$stdframe+4*10($sp)
+	st	@x[7],4*7(@t[0])
+	x	@x[13],4*13(%r14)
+	 al	@x[3],$stdframe+4*11($sp)
+	st	@x[12],4*12(@t[0])
+	x	@x[14],4*14(%r14)
+	st	@x[13],4*13(@t[0])
+	x	@x[15],4*15(%r14)
+	st	@x[14],4*14(@t[0])
+	 lrvr	@x[0],@x[0]
+	st	@x[15],4*15(@t[0])
+	 lrvr	@x[1],@x[1]
+	 lrvr	@x[2],@x[2]
+	 lrvr	@x[3],@x[3]
+	lhi	@x[12],1
+	 x	@x[0],4*8(%r14)
+	al	@x[12],$stdframe+4*12($sp)	# increment counter
+	 x	@x[1],4*9(%r14)
+	 st	@x[0],4*8(@t[0])
+	 x	@x[2],4*10(%r14)
+	 st	@x[1],4*9(@t[0])
+	 x	@x[3],4*11(%r14)
+	 st	@x[2],4*10(@t[0])
+	 st	@x[3],4*11(@t[0])
+
+	cl${g}r	%r14,@t[1]			# done yet?
+	la	%r14,64(%r14)
+	jl	.Loop_outer
+
+.Ldone:
+	xgr	%r0,%r0
+	xgr	%r1,%r1
+	xgr	%r2,%r2
+	xgr	%r3,%r3
+	stmg	%r0,%r3,$stdframe+4*4($sp)	# wipe key copy
+	stmg	%r0,%r3,$stdframe+4*12($sp)
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+	br	%r14
+
+.align	16
+.Ltail:
+	la	@t[1],64($t[1])
+	stm	@x[0],@x[7],$stdframe+4*0($sp)
+	sl${g}r	@t[1],%r14
+	lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)
+	l${g}hi	@x[6],0
+	stm	@x[12],@x[15],$stdframe+4*12($sp)
+	al	@x[0],$stdframe+4*8($sp)
+	al	@x[1],$stdframe+4*9($sp)
+	al	@x[2],$stdframe+4*10($sp)
+	al	@x[3],$stdframe+4*11($sp)
+	lrvr	@x[0],@x[0]
+	lrvr	@x[1],@x[1]
+	lrvr	@x[2],@x[2]
+	lrvr	@x[3],@x[3]
+	stm	@x[0],@x[3],$stdframe+4*8($sp)
+
+.Loop_tail:
+	llgc	@x[4],0(@x[6],%r14)
+	llgc	@x[5],$stdframe(@x[6],$sp)
+	xr	@x[5],@x[4]
+	stc	@x[5],0(@x[6],@t[0])
+	la	@x[6],1(@x[6])
+	brct	@t[1],.Loop_tail
+
+	j	.Ldone
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+
+.align	32
+.Lsigma:
+.long	0x61707865,0x3320646e,0x79622d32,0x6b206574	# endian-neutral
+.asciz	"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-x86.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-x86.pl
new file mode 100755
index 0000000..61b3286
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-x86.pl
@@ -0,0 +1,1154 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# January 2015
+#
+# ChaCha20 for x86.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#		1xIALU/gcc	4xSSSE3
+# Pentium	17.5/+80%
+# PIII		14.2/+60%
+# P4		18.6/+84%
+# Core2		9.56/+89%	4.83
+# Westmere	9.50/+45%	3.35
+# Sandy Bridge	10.5/+47%	3.20
+# Haswell	8.15/+50%	2.83
+# Silvermont	17.4/+36%	8.35
+# Goldmont	13.4/+40%	4.36
+# Sledgehammer	10.2/+54%
+# Bulldozer	13.4/+50%	4.38(*)
+#
+# (*)	Bulldozer actually executes 4xXOP code path that delivers 3.55;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"chacha-x86.pl",$ARGV[$#ARGV] eq "386");
+
+$xmm=$ymm=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+$ymm=1 if ($xmm &&
+		`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+		($gasver=$1)>=2.19);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" &&
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+		$1>=2.03);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./ &&
+		$1>=10);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm &&
+		`$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+		$2>=3.0);	# first version supporting AVX
+
+$a="eax";
+($b,$b_)=("ebx","ebp");
+($c,$c_)=("ecx","esi");
+($d,$d_)=("edx","edi");
+
+sub QUARTERROUND {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&add	($a,$b);			# see elsewhere
+	&xor	($d,$a);
+	 &mov	(&DWP(4*$cp,"esp"),$c_)		if ($ai>0 && $ai<3);
+	&rol	($d,16);
+	 &mov	(&DWP(4*$bp,"esp"),$b_)		if ($i!=0);
+	&add	($c,$d);
+	 &mov	($c_,&DWP(4*$cn,"esp"))		if ($ai>0 && $ai<3);
+	&xor	($b,$c);
+	 &mov	($d_,&DWP(4*$dn,"esp"))		if ($di!=$dn);
+	&rol	($b,12);
+	 &mov	($b_,&DWP(4*$bn,"esp"))		if ($i<7);
+	 &mov	($b_,&DWP(128,"esp"))		if ($i==7);	# loop counter
+	&add	($a,$b);
+	&xor	($d,$a);
+	&mov	(&DWP(4*$ai,"esp"),$a);
+	&rol	($d,8);
+	&mov	($a,&DWP(4*$an,"esp"));
+	&add	($c,$d);
+	&mov	(&DWP(4*$di,"esp"),$d)		if ($di!=$dn);
+	&mov	($d_,$d)			if ($di==$dn);
+	&xor	($b,$c);
+	 &add	($a,$b_)			if ($i<7);	# elsewhere
+	&rol	($b,7);
+
+	($b,$b_)=($b_,$b);
+	($c,$c_)=($c_,$c);
+	($d,$d_)=($d_,$d);
+}
+
+&static_label("ssse3_shortcut");
+&static_label("xop_shortcut");
+&static_label("ssse3_data");
+&static_label("pic_point");
+
+&function_begin("ChaCha20_ctr32");
+	&xor	("eax","eax");
+	&cmp	("eax",&wparam(2));		# len==0?
+	&je	(&label("no_data"));
+if ($xmm) {
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("eax");
+	&picmeup("ebp","OPENSSL_ia32cap_P","eax",&label("pic_point"));
+	&test	(&DWP(0,"ebp"),1<<24);		# test FXSR bit
+	&jz	(&label("x86"));
+	&test	(&DWP(4,"ebp"),1<<9);		# test SSSE3 bit
+	&jz	(&label("x86"));
+	&jmp	(&label("ssse3_shortcut"));
+&set_label("x86");
+}
+	&mov	("esi",&wparam(3));		# key
+	&mov	("edi",&wparam(4));		# counter and nonce
+
+	&stack_push(33);
+
+	&mov	("eax",&DWP(4*0,"esi"));	# copy key
+	&mov	("ebx",&DWP(4*1,"esi"));
+	&mov	("ecx",&DWP(4*2,"esi"));
+	&mov	("edx",&DWP(4*3,"esi"));
+	&mov	(&DWP(64+4*4,"esp"),"eax");
+	&mov	(&DWP(64+4*5,"esp"),"ebx");
+	&mov	(&DWP(64+4*6,"esp"),"ecx");
+	&mov	(&DWP(64+4*7,"esp"),"edx");
+	&mov	("eax",&DWP(4*4,"esi"));
+	&mov	("ebx",&DWP(4*5,"esi"));
+	&mov	("ecx",&DWP(4*6,"esi"));
+	&mov	("edx",&DWP(4*7,"esi"));
+	&mov	(&DWP(64+4*8,"esp"),"eax");
+	&mov	(&DWP(64+4*9,"esp"),"ebx");
+	&mov	(&DWP(64+4*10,"esp"),"ecx");
+	&mov	(&DWP(64+4*11,"esp"),"edx");
+	&mov	("eax",&DWP(4*0,"edi"));	# copy counter and nonce
+	&mov	("ebx",&DWP(4*1,"edi"));
+	&mov	("ecx",&DWP(4*2,"edi"));
+	&mov	("edx",&DWP(4*3,"edi"));
+	&sub	("eax",1);
+	&mov	(&DWP(64+4*12,"esp"),"eax");
+	&mov	(&DWP(64+4*13,"esp"),"ebx");
+	&mov	(&DWP(64+4*14,"esp"),"ecx");
+	&mov	(&DWP(64+4*15,"esp"),"edx");
+	&jmp	(&label("entry"));
+
+&set_label("outer_loop",16);
+	&mov	(&wparam(1),$b);		# save input
+	&mov	(&wparam(0),$a);		# save output
+	&mov	(&wparam(2),$c);		# save len
+&set_label("entry");
+	&mov	($a,0x61707865);
+	&mov	(&DWP(4*1,"esp"),0x3320646e);
+	&mov	(&DWP(4*2,"esp"),0x79622d32);
+	&mov	(&DWP(4*3,"esp"),0x6b206574);
+
+	&mov	($b, &DWP(64+4*5,"esp"));	# copy key material
+	&mov	($b_,&DWP(64+4*6,"esp"));
+	&mov	($c, &DWP(64+4*10,"esp"));
+	&mov	($c_,&DWP(64+4*11,"esp"));
+	&mov	($d, &DWP(64+4*13,"esp"));
+	&mov	($d_,&DWP(64+4*14,"esp"));
+	&mov	(&DWP(4*5,"esp"),$b);
+	&mov	(&DWP(4*6,"esp"),$b_);
+	&mov	(&DWP(4*10,"esp"),$c);
+	&mov	(&DWP(4*11,"esp"),$c_);
+	&mov	(&DWP(4*13,"esp"),$d);
+	&mov	(&DWP(4*14,"esp"),$d_);
+
+	&mov	($b, &DWP(64+4*7,"esp"));
+	&mov	($d_,&DWP(64+4*15,"esp"));
+	&mov	($d, &DWP(64+4*12,"esp"));
+	&mov	($b_,&DWP(64+4*4,"esp"));
+	&mov	($c, &DWP(64+4*8,"esp"));
+	&mov	($c_,&DWP(64+4*9,"esp"));
+	&add	($d,1);				# counter value
+	&mov	(&DWP(4*7,"esp"),$b);
+	&mov	(&DWP(4*15,"esp"),$d_);
+	&mov	(&DWP(64+4*12,"esp"),$d);	# save counter value
+
+	&mov	($b,10);			# loop counter
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&add	($a,$b_);			# elsewhere
+	&mov	(&DWP(128,"esp"),$b);		# save loop counter
+	&mov	($b,$b_);
+	&QUARTERROUND(0, 4, 8, 12, 0);
+	&QUARTERROUND(1, 5, 9, 13, 1);
+	&QUARTERROUND(2, 6,10, 14, 2);
+	&QUARTERROUND(3, 7,11, 15, 3);
+	&QUARTERROUND(0, 5,10, 15, 4);
+	&QUARTERROUND(1, 6,11, 12, 5);
+	&QUARTERROUND(2, 7, 8, 13, 6);
+	&QUARTERROUND(3, 4, 9, 14, 7);
+	&dec	($b);
+	&jnz	(&label("loop"));
+
+	&mov	($b,&wparam(2));		# load len
+
+	&add	($a,0x61707865);		# accumulate key material
+	&add	($b_,&DWP(64+4*4,"esp"));
+	&add	($c, &DWP(64+4*8,"esp"));
+	&add	($c_,&DWP(64+4*9,"esp"));
+
+	&cmp	($b,64);
+	&jb	(&label("tail"));
+
+	&mov	($b,&wparam(1));		# load input pointer
+	&add	($d, &DWP(64+4*12,"esp"));
+	&add	($d_,&DWP(64+4*14,"esp"));
+
+	&xor	($a, &DWP(4*0,$b));		# xor with input
+	&xor	($b_,&DWP(4*4,$b));
+	&mov	(&DWP(4*0,"esp"),$a);
+	&mov	($a,&wparam(0));		# load output pointer
+	&xor	($c, &DWP(4*8,$b));
+	&xor	($c_,&DWP(4*9,$b));
+	&xor	($d, &DWP(4*12,$b));
+	&xor	($d_,&DWP(4*14,$b));
+	&mov	(&DWP(4*4,$a),$b_);		# write output
+	&mov	(&DWP(4*8,$a),$c);
+	&mov	(&DWP(4*9,$a),$c_);
+	&mov	(&DWP(4*12,$a),$d);
+	&mov	(&DWP(4*14,$a),$d_);
+
+	&mov	($b_,&DWP(4*1,"esp"));
+	&mov	($c, &DWP(4*2,"esp"));
+	&mov	($c_,&DWP(4*3,"esp"));
+	&mov	($d, &DWP(4*5,"esp"));
+	&mov	($d_,&DWP(4*6,"esp"));
+	&add	($b_,0x3320646e);		# accumulate key material
+	&add	($c, 0x79622d32);
+	&add	($c_,0x6b206574);
+	&add	($d, &DWP(64+4*5,"esp"));
+	&add	($d_,&DWP(64+4*6,"esp"));
+	&xor	($b_,&DWP(4*1,$b));
+	&xor	($c, &DWP(4*2,$b));
+	&xor	($c_,&DWP(4*3,$b));
+	&xor	($d, &DWP(4*5,$b));
+	&xor	($d_,&DWP(4*6,$b));
+	&mov	(&DWP(4*1,$a),$b_);
+	&mov	(&DWP(4*2,$a),$c);
+	&mov	(&DWP(4*3,$a),$c_);
+	&mov	(&DWP(4*5,$a),$d);
+	&mov	(&DWP(4*6,$a),$d_);
+
+	&mov	($b_,&DWP(4*7,"esp"));
+	&mov	($c, &DWP(4*10,"esp"));
+	&mov	($c_,&DWP(4*11,"esp"));
+	&mov	($d, &DWP(4*13,"esp"));
+	&mov	($d_,&DWP(4*15,"esp"));
+	&add	($b_,&DWP(64+4*7,"esp"));
+	&add	($c, &DWP(64+4*10,"esp"));
+	&add	($c_,&DWP(64+4*11,"esp"));
+	&add	($d, &DWP(64+4*13,"esp"));
+	&add	($d_,&DWP(64+4*15,"esp"));
+	&xor	($b_,&DWP(4*7,$b));
+	&xor	($c, &DWP(4*10,$b));
+	&xor	($c_,&DWP(4*11,$b));
+	&xor	($d, &DWP(4*13,$b));
+	&xor	($d_,&DWP(4*15,$b));
+	&lea	($b,&DWP(4*16,$b));
+	&mov	(&DWP(4*7,$a),$b_);
+	&mov	($b_,&DWP(4*0,"esp"));
+	&mov	(&DWP(4*10,$a),$c);
+	&mov	($c,&wparam(2));		# len
+	&mov	(&DWP(4*11,$a),$c_);
+	&mov	(&DWP(4*13,$a),$d);
+	&mov	(&DWP(4*15,$a),$d_);
+	&mov	(&DWP(4*0,$a),$b_);
+	&lea	($a,&DWP(4*16,$a));
+	&sub	($c,64);
+	&jnz	(&label("outer_loop"));
+
+	&jmp	(&label("done"));
+
+&set_label("tail");
+	&add	($d, &DWP(64+4*12,"esp"));
+	&add	($d_,&DWP(64+4*14,"esp"));
+	&mov	(&DWP(4*0,"esp"),$a);
+	&mov	(&DWP(4*4,"esp"),$b_);
+	&mov	(&DWP(4*8,"esp"),$c);
+	&mov	(&DWP(4*9,"esp"),$c_);
+	&mov	(&DWP(4*12,"esp"),$d);
+	&mov	(&DWP(4*14,"esp"),$d_);
+
+	&mov	($b_,&DWP(4*1,"esp"));
+	&mov	($c, &DWP(4*2,"esp"));
+	&mov	($c_,&DWP(4*3,"esp"));
+	&mov	($d, &DWP(4*5,"esp"));
+	&mov	($d_,&DWP(4*6,"esp"));
+	&add	($b_,0x3320646e);		# accumulate key material
+	&add	($c, 0x79622d32);
+	&add	($c_,0x6b206574);
+	&add	($d, &DWP(64+4*5,"esp"));
+	&add	($d_,&DWP(64+4*6,"esp"));
+	&mov	(&DWP(4*1,"esp"),$b_);
+	&mov	(&DWP(4*2,"esp"),$c);
+	&mov	(&DWP(4*3,"esp"),$c_);
+	&mov	(&DWP(4*5,"esp"),$d);
+	&mov	(&DWP(4*6,"esp"),$d_);
+
+	&mov	($b_,&DWP(4*7,"esp"));
+	&mov	($c, &DWP(4*10,"esp"));
+	&mov	($c_,&DWP(4*11,"esp"));
+	&mov	($d, &DWP(4*13,"esp"));
+	&mov	($d_,&DWP(4*15,"esp"));
+	&add	($b_,&DWP(64+4*7,"esp"));
+	&add	($c, &DWP(64+4*10,"esp"));
+	&add	($c_,&DWP(64+4*11,"esp"));
+	&add	($d, &DWP(64+4*13,"esp"));
+	&add	($d_,&DWP(64+4*15,"esp"));
+	&mov	(&DWP(4*7,"esp"),$b_);
+	&mov	($b_,&wparam(1));		# load input
+	&mov	(&DWP(4*10,"esp"),$c);
+	&mov	($c,&wparam(0));		# load output
+	&mov	(&DWP(4*11,"esp"),$c_);
+	&xor	($c_,$c_);
+	&mov	(&DWP(4*13,"esp"),$d);
+	&mov	(&DWP(4*15,"esp"),$d_);
+
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+&set_label("tail_loop");
+	&movb	("al",&BP(0,$c_,$b_));
+	&movb	("dl",&BP(0,"esp",$c_));
+	&lea	($c_,&DWP(1,$c_));
+	&xor	("al","dl");
+	&mov	(&BP(-1,$c,$c_),"al");
+	&dec	($b);
+	&jnz	(&label("tail_loop"));
+
+&set_label("done");
+	&stack_pop(33);
+&set_label("no_data");
+&function_end("ChaCha20_ctr32");
+
+if ($xmm) {
+my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
+my ($out,$inp,$len)=("edi","esi","ecx");
+
+sub QUARTERROUND_SSSE3 {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&paddd	($xa,$xb);			# see elsewhere
+	#&pxor	($xd,$xa);			# see elsewhere
+	 &movdqa(&QWP(16*$cp-128,"ebx"),$xc_)	if ($ai>0 && $ai<3);
+	&pshufb	($xd,&QWP(0,"eax"));		# rot16
+	 &movdqa(&QWP(16*$bp-128,"ebx"),$xb_)	if ($i!=0);
+	&paddd	($xc,$xd);
+	 &movdqa($xc_,&QWP(16*$cn-128,"ebx"))	if ($ai>0 && $ai<3);
+	&pxor	($xb,$xc);
+	 &movdqa($xb_,&QWP(16*$bn-128,"ebx"))	if ($i<7);
+	&movdqa	($xa_,$xb);			# borrow as temporary
+	&pslld	($xb,12);
+	&psrld	($xa_,20);
+	&por	($xb,$xa_);
+	 &movdqa($xa_,&QWP(16*$an-128,"ebx"));
+	&paddd	($xa,$xb);
+	 &movdqa($xd_,&QWP(16*$dn-128,"ebx"))	if ($di!=$dn);
+	&pxor	($xd,$xa);
+	&movdqa	(&QWP(16*$ai-128,"ebx"),$xa);
+	&pshufb	($xd,&QWP(16,"eax"));		# rot8
+	&paddd	($xc,$xd);
+	&movdqa	(&QWP(16*$di-128,"ebx"),$xd)	if ($di!=$dn);
+	&movdqa	($xd_,$xd)			if ($di==$dn);
+	&pxor	($xb,$xc);
+	 &paddd	($xa_,$xb_)			if ($i<7);	# elsewhere
+	&movdqa	($xa,$xb);			# borrow as temporary
+	&pslld	($xb,7);
+	&psrld	($xa,25);
+	 &pxor	($xd_,$xa_)			if ($i<7);	# elsewhere
+	&por	($xb,$xa);
+
+	($xa,$xa_)=($xa_,$xa);
+	($xb,$xb_)=($xb_,$xb);
+	($xc,$xc_)=($xc_,$xc);
+	($xd,$xd_)=($xd_,$xd);
+}
+
+&function_begin("ChaCha20_ssse3");
+&set_label("ssse3_shortcut");
+if ($ymm) {
+	&test		(&DWP(4,"ebp"),1<<11);		# test XOP bit
+	&jnz		(&label("xop_shortcut"));
+}
+
+	&mov		($out,&wparam(0));
+	&mov		($inp,&wparam(1));
+	&mov		($len,&wparam(2));
+	&mov		("edx",&wparam(3));		# key
+	&mov		("ebx",&wparam(4));		# counter and nonce
+
+	&mov		("ebp","esp");
+	&stack_push	(131);
+	&and		("esp",-64);
+	&mov		(&DWP(512,"esp"),"ebp");
+
+	&lea		("eax",&DWP(&label("ssse3_data")."-".
+				    &label("pic_point"),"eax"));
+	&movdqu		("xmm3",&QWP(0,"ebx"));		# counter and nonce
+
+if (defined($gasver) && $gasver>=2.17) {		# even though we encode
+							# pshufb manually, we
+							# handle only register
+							# operands, while this
+							# segment uses memory
+							# operand...
+	&cmp		($len,64*4);
+	&jb		(&label("1x"));
+
+	&mov		(&DWP(512+4,"esp"),"edx");	# offload pointers
+	&mov		(&DWP(512+8,"esp"),"ebx");
+	&sub		($len,64*4);			# bias len
+	&lea		("ebp",&DWP(256+128,"esp"));	# size optimization
+
+	&movdqu		("xmm7",&QWP(0,"edx"));		# key
+	&pshufd		("xmm0","xmm3",0x00);
+	&pshufd		("xmm1","xmm3",0x55);
+	&pshufd		("xmm2","xmm3",0xaa);
+	&pshufd		("xmm3","xmm3",0xff);
+	 &paddd		("xmm0",&QWP(16*3,"eax"));	# fix counters
+	&pshufd		("xmm4","xmm7",0x00);
+	&pshufd		("xmm5","xmm7",0x55);
+	 &psubd		("xmm0",&QWP(16*4,"eax"));
+	&pshufd		("xmm6","xmm7",0xaa);
+	&pshufd		("xmm7","xmm7",0xff);
+	&movdqa		(&QWP(16*12-128,"ebp"),"xmm0");
+	&movdqa		(&QWP(16*13-128,"ebp"),"xmm1");
+	&movdqa		(&QWP(16*14-128,"ebp"),"xmm2");
+	&movdqa		(&QWP(16*15-128,"ebp"),"xmm3");
+	 &movdqu	("xmm3",&QWP(16,"edx"));	# key
+	&movdqa		(&QWP(16*4-128,"ebp"),"xmm4");
+	&movdqa		(&QWP(16*5-128,"ebp"),"xmm5");
+	&movdqa		(&QWP(16*6-128,"ebp"),"xmm6");
+	&movdqa		(&QWP(16*7-128,"ebp"),"xmm7");
+	 &movdqa	("xmm7",&QWP(16*2,"eax"));	# sigma
+	 &lea		("ebx",&DWP(128,"esp"));	# size optimization
+
+	&pshufd		("xmm0","xmm3",0x00);
+	&pshufd		("xmm1","xmm3",0x55);
+	&pshufd		("xmm2","xmm3",0xaa);
+	&pshufd		("xmm3","xmm3",0xff);
+	&pshufd		("xmm4","xmm7",0x00);
+	&pshufd		("xmm5","xmm7",0x55);
+	&pshufd		("xmm6","xmm7",0xaa);
+	&pshufd		("xmm7","xmm7",0xff);
+	&movdqa		(&QWP(16*8-128,"ebp"),"xmm0");
+	&movdqa		(&QWP(16*9-128,"ebp"),"xmm1");
+	&movdqa		(&QWP(16*10-128,"ebp"),"xmm2");
+	&movdqa		(&QWP(16*11-128,"ebp"),"xmm3");
+	&movdqa		(&QWP(16*0-128,"ebp"),"xmm4");
+	&movdqa		(&QWP(16*1-128,"ebp"),"xmm5");
+	&movdqa		(&QWP(16*2-128,"ebp"),"xmm6");
+	&movdqa		(&QWP(16*3-128,"ebp"),"xmm7");
+
+	&lea		($inp,&DWP(128,$inp));		# size optimization
+	&lea		($out,&DWP(128,$out));		# size optimization
+	&jmp		(&label("outer_loop"));
+
+&set_label("outer_loop",16);
+	#&movdqa	("xmm0",&QWP(16*0-128,"ebp"));	# copy key material
+	&movdqa		("xmm1",&QWP(16*1-128,"ebp"));
+	&movdqa		("xmm2",&QWP(16*2-128,"ebp"));
+	&movdqa		("xmm3",&QWP(16*3-128,"ebp"));
+	#&movdqa	("xmm4",&QWP(16*4-128,"ebp"));
+	&movdqa		("xmm5",&QWP(16*5-128,"ebp"));
+	&movdqa		("xmm6",&QWP(16*6-128,"ebp"));
+	&movdqa		("xmm7",&QWP(16*7-128,"ebp"));
+	#&movdqa	(&QWP(16*0-128,"ebx"),"xmm0");
+	&movdqa		(&QWP(16*1-128,"ebx"),"xmm1");
+	&movdqa		(&QWP(16*2-128,"ebx"),"xmm2");
+	&movdqa		(&QWP(16*3-128,"ebx"),"xmm3");
+	#&movdqa	(&QWP(16*4-128,"ebx"),"xmm4");
+	&movdqa		(&QWP(16*5-128,"ebx"),"xmm5");
+	&movdqa		(&QWP(16*6-128,"ebx"),"xmm6");
+	&movdqa		(&QWP(16*7-128,"ebx"),"xmm7");
+	#&movdqa	("xmm0",&QWP(16*8-128,"ebp"));
+	#&movdqa	("xmm1",&QWP(16*9-128,"ebp"));
+	&movdqa		("xmm2",&QWP(16*10-128,"ebp"));
+	&movdqa		("xmm3",&QWP(16*11-128,"ebp"));
+	&movdqa		("xmm4",&QWP(16*12-128,"ebp"));
+	&movdqa		("xmm5",&QWP(16*13-128,"ebp"));
+	&movdqa		("xmm6",&QWP(16*14-128,"ebp"));
+	&movdqa		("xmm7",&QWP(16*15-128,"ebp"));
+	&paddd		("xmm4",&QWP(16*4,"eax"));	# counter value
+	#&movdqa	(&QWP(16*8-128,"ebx"),"xmm0");
+	#&movdqa	(&QWP(16*9-128,"ebx"),"xmm1");
+	&movdqa		(&QWP(16*10-128,"ebx"),"xmm2");
+	&movdqa		(&QWP(16*11-128,"ebx"),"xmm3");
+	&movdqa		(&QWP(16*12-128,"ebx"),"xmm4");
+	&movdqa		(&QWP(16*13-128,"ebx"),"xmm5");
+	&movdqa		(&QWP(16*14-128,"ebx"),"xmm6");
+	&movdqa		(&QWP(16*15-128,"ebx"),"xmm7");
+	&movdqa		(&QWP(16*12-128,"ebp"),"xmm4");	# save counter value
+
+	&movdqa		($xa, &QWP(16*0-128,"ebp"));
+	&movdqa		($xd, "xmm4");
+	&movdqa		($xb_,&QWP(16*4-128,"ebp"));
+	&movdqa		($xc, &QWP(16*8-128,"ebp"));
+	&movdqa		($xc_,&QWP(16*9-128,"ebp"));
+
+	&mov		("edx",10);			# loop counter
+	&nop		();
+
+&set_label("loop",16);
+	&paddd		($xa,$xb_);			# elsewhere
+	&movdqa		($xb,$xb_);
+	&pxor		($xd,$xa);			# elsewhere
+	&QUARTERROUND_SSSE3(0, 4, 8, 12, 0);
+	&QUARTERROUND_SSSE3(1, 5, 9, 13, 1);
+	&QUARTERROUND_SSSE3(2, 6,10, 14, 2);
+	&QUARTERROUND_SSSE3(3, 7,11, 15, 3);
+	&QUARTERROUND_SSSE3(0, 5,10, 15, 4);
+	&QUARTERROUND_SSSE3(1, 6,11, 12, 5);
+	&QUARTERROUND_SSSE3(2, 7, 8, 13, 6);
+	&QUARTERROUND_SSSE3(3, 4, 9, 14, 7);
+	&dec		("edx");
+	&jnz		(&label("loop"));
+
+	&movdqa		(&QWP(16*4-128,"ebx"),$xb_);
+	&movdqa		(&QWP(16*8-128,"ebx"),$xc);
+	&movdqa		(&QWP(16*9-128,"ebx"),$xc_);
+	&movdqa		(&QWP(16*12-128,"ebx"),$xd);
+	&movdqa		(&QWP(16*14-128,"ebx"),$xd_);
+
+    my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
+
+	#&movdqa	($xa0,&QWP(16*0-128,"ebx"));	# it's there
+	&movdqa		($xa1,&QWP(16*1-128,"ebx"));
+	&movdqa		($xa2,&QWP(16*2-128,"ebx"));
+	&movdqa		($xa3,&QWP(16*3-128,"ebx"));
+
+    for($i=0;$i<256;$i+=64) {
+	&paddd		($xa0,&QWP($i+16*0-128,"ebp"));	# accumulate key material
+	&paddd		($xa1,&QWP($i+16*1-128,"ebp"));
+	&paddd		($xa2,&QWP($i+16*2-128,"ebp"));
+	&paddd		($xa3,&QWP($i+16*3-128,"ebp"));
+
+	&movdqa		($xt2,$xa0);		# "de-interlace" data
+	&punpckldq	($xa0,$xa1);
+	&movdqa		($xt3,$xa2);
+	&punpckldq	($xa2,$xa3);
+	&punpckhdq	($xt2,$xa1);
+	&punpckhdq	($xt3,$xa3);
+	&movdqa		($xa1,$xa0);
+	&punpcklqdq	($xa0,$xa2);		# "a0"
+	&movdqa		($xa3,$xt2);
+	&punpcklqdq	($xt2,$xt3);		# "a2"
+	&punpckhqdq	($xa1,$xa2);		# "a1"
+	&punpckhqdq	($xa3,$xt3);		# "a3"
+
+	#($xa2,$xt2)=($xt2,$xa2);
+
+	&movdqu		($xt0,&QWP(64*0-128,$inp));	# load input
+	&movdqu		($xt1,&QWP(64*1-128,$inp));
+	&movdqu		($xa2,&QWP(64*2-128,$inp));
+	&movdqu		($xt3,&QWP(64*3-128,$inp));
+	&lea		($inp,&QWP($i<192?16:(64*4-16*3),$inp));
+	&pxor		($xt0,$xa0);
+	&movdqa		($xa0,&QWP($i+16*4-128,"ebx"))	if ($i<192);
+	&pxor		($xt1,$xa1);
+	&movdqa		($xa1,&QWP($i+16*5-128,"ebx"))	if ($i<192);
+	&pxor		($xt2,$xa2);
+	&movdqa		($xa2,&QWP($i+16*6-128,"ebx"))	if ($i<192);
+	&pxor		($xt3,$xa3);
+	&movdqa		($xa3,&QWP($i+16*7-128,"ebx"))	if ($i<192);
+	&movdqu		(&QWP(64*0-128,$out),$xt0);	# store output
+	&movdqu		(&QWP(64*1-128,$out),$xt1);
+	&movdqu		(&QWP(64*2-128,$out),$xt2);
+	&movdqu		(&QWP(64*3-128,$out),$xt3);
+	&lea		($out,&QWP($i<192?16:(64*4-16*3),$out));
+    }
+	&sub		($len,64*4);
+	&jnc		(&label("outer_loop"));
+
+	&add		($len,64*4);
+	&jz		(&label("done"));
+
+	&mov		("ebx",&DWP(512+8,"esp"));	# restore pointers
+	&lea		($inp,&DWP(-128,$inp));
+	&mov		("edx",&DWP(512+4,"esp"));
+	&lea		($out,&DWP(-128,$out));
+
+	&movd		("xmm2",&DWP(16*12-128,"ebp"));	# counter value
+	&movdqu		("xmm3",&QWP(0,"ebx"));
+	&paddd		("xmm2",&QWP(16*6,"eax"));	# +four
+	&pand		("xmm3",&QWP(16*7,"eax"));
+	&por		("xmm3","xmm2");		# counter value
+}
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
+
+sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
+	&paddd		($a,$b);
+	&pxor		($d,$a);
+	&pshufb		($d,$rot16);
+
+	&paddd		($c,$d);
+	&pxor		($b,$c);
+	&movdqa		($t,$b);
+	&psrld		($b,20);
+	&pslld		($t,12);
+	&por		($b,$t);
+
+	&paddd		($a,$b);
+	&pxor		($d,$a);
+	&pshufb		($d,$rot24);
+
+	&paddd		($c,$d);
+	&pxor		($b,$c);
+	&movdqa		($t,$b);
+	&psrld		($b,25);
+	&pslld		($t,7);
+	&por		($b,$t);
+}
+
+&set_label("1x");
+	&movdqa		($a,&QWP(16*2,"eax"));		# sigma
+	&movdqu		($b,&QWP(0,"edx"));
+	&movdqu		($c,&QWP(16,"edx"));
+	#&movdqu	($d,&QWP(0,"ebx"));		# already loaded
+	&movdqa		($rot16,&QWP(0,"eax"));
+	&movdqa		($rot24,&QWP(16,"eax"));
+	&mov		(&DWP(16*3,"esp"),"ebp");
+
+	&movdqa		(&QWP(16*0,"esp"),$a);
+	&movdqa		(&QWP(16*1,"esp"),$b);
+	&movdqa		(&QWP(16*2,"esp"),$c);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+	&mov		("edx",10);
+	&jmp		(&label("loop1x"));
+
+&set_label("outer1x",16);
+	&movdqa		($d,&QWP(16*5,"eax"));		# one
+	&movdqa		($a,&QWP(16*0,"esp"));
+	&movdqa		($b,&QWP(16*1,"esp"));
+	&movdqa		($c,&QWP(16*2,"esp"));
+	&paddd		($d,&QWP(16*3,"esp"));
+	&mov		("edx",10);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+	&jmp		(&label("loop1x"));
+
+&set_label("loop1x",16);
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&nop	();
+
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+
+	&dec		("edx");
+	&jnz		(&label("loop1x"));
+
+	&paddd		($a,&QWP(16*0,"esp"));
+	&paddd		($b,&QWP(16*1,"esp"));
+	&paddd		($c,&QWP(16*2,"esp"));
+	&paddd		($d,&QWP(16*3,"esp"));
+
+	&cmp		($len,64);
+	&jb		(&label("tail"));
+
+	&movdqu		($t,&QWP(16*0,$inp));
+	&movdqu		($t1,&QWP(16*1,$inp));
+	&pxor		($a,$t);		# xor with input
+	&movdqu		($t,&QWP(16*2,$inp));
+	&pxor		($b,$t1);
+	&movdqu		($t1,&QWP(16*3,$inp));
+	&pxor		($c,$t);
+	&pxor		($d,$t1);
+	&lea		($inp,&DWP(16*4,$inp));	# inp+=64
+
+	&movdqu		(&QWP(16*0,$out),$a);	# write output
+	&movdqu		(&QWP(16*1,$out),$b);
+	&movdqu		(&QWP(16*2,$out),$c);
+	&movdqu		(&QWP(16*3,$out),$d);
+	&lea		($out,&DWP(16*4,$out));	# inp+=64
+
+	&sub		($len,64);
+	&jnz		(&label("outer1x"));
+
+	&jmp		(&label("done"));
+
+&set_label("tail");
+	&movdqa		(&QWP(16*0,"esp"),$a);
+	&movdqa		(&QWP(16*1,"esp"),$b);
+	&movdqa		(&QWP(16*2,"esp"),$c);
+	&movdqa		(&QWP(16*3,"esp"),$d);
+
+	&xor		("eax","eax");
+	&xor		("edx","edx");
+	&xor		("ebp","ebp");
+
+&set_label("tail_loop");
+	&movb		("al",&BP(0,"esp","ebp"));
+	&movb		("dl",&BP(0,$inp,"ebp"));
+	&lea		("ebp",&DWP(1,"ebp"));
+	&xor		("al","dl");
+	&movb		(&BP(-1,$out,"ebp"),"al");
+	&dec		($len);
+	&jnz		(&label("tail_loop"));
+}
+&set_label("done");
+	&mov		("esp",&DWP(512,"esp"));
+&function_end("ChaCha20_ssse3");
+
+&align	(64);
+&set_label("ssse3_data");
+&data_byte(0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd);
+&data_byte(0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe);
+&data_word(0x61707865,0x3320646e,0x79622d32,0x6b206574);
+&data_word(0,1,2,3);
+&data_word(4,4,4,4);
+&data_word(1,0,0,0);
+&data_word(4,0,0,0);
+&data_word(0,-1,-1,-1);
+&align	(64);
+}
+&asciz	("ChaCha20 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+if ($ymm) {
+my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
+my ($out,$inp,$len)=("edi","esi","ecx");
+
+sub QUARTERROUND_XOP {
+my ($ai,$bi,$ci,$di,$i)=@_;
+my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di));	# next
+my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di));	# previous
+
+	#       a   b   c   d
+	#
+	#       0   4   8  12 < even round
+	#       1   5   9  13
+	#       2   6  10  14
+	#       3   7  11  15
+	#       0   5  10  15 < odd round
+	#       1   6  11  12
+	#       2   7   8  13
+	#       3   4   9  14
+
+	if ($i==0) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==3) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
+	} elsif ($i==4) {
+            my $j=4;
+	    ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
+	} elsif ($i==7) {
+            my $j=0;
+	    ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
+	}
+
+	#&vpaddd	($xa,$xa,$xb);			# see elsewhere
+	#&vpxor		($xd,$xd,$xa);			# see elsewhere
+	 &vmovdqa	(&QWP(16*$cp-128,"ebx"),$xc_)	if ($ai>0 && $ai<3);
+	&vprotd		($xd,$xd,16);
+	 &vmovdqa	(&QWP(16*$bp-128,"ebx"),$xb_)	if ($i!=0);
+	&vpaddd		($xc,$xc,$xd);
+	 &vmovdqa	($xc_,&QWP(16*$cn-128,"ebx"))	if ($ai>0 && $ai<3);
+	&vpxor		($xb,$i!=0?$xb:$xb_,$xc);
+	 &vmovdqa	($xa_,&QWP(16*$an-128,"ebx"));
+	&vprotd		($xb,$xb,12);
+	 &vmovdqa	($xb_,&QWP(16*$bn-128,"ebx"))	if ($i<7);
+	&vpaddd		($xa,$xa,$xb);
+	 &vmovdqa	($xd_,&QWP(16*$dn-128,"ebx"))	if ($di!=$dn);
+	&vpxor		($xd,$xd,$xa);
+	 &vpaddd	($xa_,$xa_,$xb_)		if ($i<7);	# elsewhere
+	&vprotd		($xd,$xd,8);
+	&vmovdqa	(&QWP(16*$ai-128,"ebx"),$xa);
+	&vpaddd		($xc,$xc,$xd);
+	&vmovdqa	(&QWP(16*$di-128,"ebx"),$xd)	if ($di!=$dn);
+	&vpxor		($xb,$xb,$xc);
+	 &vpxor		($xd_,$di==$dn?$xd:$xd_,$xa_)	if ($i<7);	# elsewhere
+	&vprotd		($xb,$xb,7);
+
+	($xa,$xa_)=($xa_,$xa);
+	($xb,$xb_)=($xb_,$xb);
+	($xc,$xc_)=($xc_,$xc);
+	($xd,$xd_)=($xd_,$xd);
+}
+
+&function_begin("ChaCha20_xop");
+&set_label("xop_shortcut");
+	&mov		($out,&wparam(0));
+	&mov		($inp,&wparam(1));
+	&mov		($len,&wparam(2));
+	&mov		("edx",&wparam(3));		# key
+	&mov		("ebx",&wparam(4));		# counter and nonce
+	&vzeroupper	();
+
+	&mov		("ebp","esp");
+	&stack_push	(131);
+	&and		("esp",-64);
+	&mov		(&DWP(512,"esp"),"ebp");
+
+	&lea		("eax",&DWP(&label("ssse3_data")."-".
+				    &label("pic_point"),"eax"));
+	&vmovdqu	("xmm3",&QWP(0,"ebx"));		# counter and nonce
+
+	&cmp		($len,64*4);
+	&jb		(&label("1x"));
+
+	&mov		(&DWP(512+4,"esp"),"edx");	# offload pointers
+	&mov		(&DWP(512+8,"esp"),"ebx");
+	&sub		($len,64*4);			# bias len
+	&lea		("ebp",&DWP(256+128,"esp"));	# size optimization
+
+	&vmovdqu	("xmm7",&QWP(0,"edx"));		# key
+	&vpshufd	("xmm0","xmm3",0x00);
+	&vpshufd	("xmm1","xmm3",0x55);
+	&vpshufd	("xmm2","xmm3",0xaa);
+	&vpshufd	("xmm3","xmm3",0xff);
+	 &vpaddd	("xmm0","xmm0",&QWP(16*3,"eax"));	# fix counters
+	&vpshufd	("xmm4","xmm7",0x00);
+	&vpshufd	("xmm5","xmm7",0x55);
+	 &vpsubd	("xmm0","xmm0",&QWP(16*4,"eax"));
+	&vpshufd	("xmm6","xmm7",0xaa);
+	&vpshufd	("xmm7","xmm7",0xff);
+	&vmovdqa	(&QWP(16*12-128,"ebp"),"xmm0");
+	&vmovdqa	(&QWP(16*13-128,"ebp"),"xmm1");
+	&vmovdqa	(&QWP(16*14-128,"ebp"),"xmm2");
+	&vmovdqa	(&QWP(16*15-128,"ebp"),"xmm3");
+	 &vmovdqu	("xmm3",&QWP(16,"edx"));	# key
+	&vmovdqa	(&QWP(16*4-128,"ebp"),"xmm4");
+	&vmovdqa	(&QWP(16*5-128,"ebp"),"xmm5");
+	&vmovdqa	(&QWP(16*6-128,"ebp"),"xmm6");
+	&vmovdqa	(&QWP(16*7-128,"ebp"),"xmm7");
+	 &vmovdqa	("xmm7",&QWP(16*2,"eax"));	# sigma
+	 &lea		("ebx",&DWP(128,"esp"));	# size optimization
+
+	&vpshufd	("xmm0","xmm3",0x00);
+	&vpshufd	("xmm1","xmm3",0x55);
+	&vpshufd	("xmm2","xmm3",0xaa);
+	&vpshufd	("xmm3","xmm3",0xff);
+	&vpshufd	("xmm4","xmm7",0x00);
+	&vpshufd	("xmm5","xmm7",0x55);
+	&vpshufd	("xmm6","xmm7",0xaa);
+	&vpshufd	("xmm7","xmm7",0xff);
+	&vmovdqa	(&QWP(16*8-128,"ebp"),"xmm0");
+	&vmovdqa	(&QWP(16*9-128,"ebp"),"xmm1");
+	&vmovdqa	(&QWP(16*10-128,"ebp"),"xmm2");
+	&vmovdqa	(&QWP(16*11-128,"ebp"),"xmm3");
+	&vmovdqa	(&QWP(16*0-128,"ebp"),"xmm4");
+	&vmovdqa	(&QWP(16*1-128,"ebp"),"xmm5");
+	&vmovdqa	(&QWP(16*2-128,"ebp"),"xmm6");
+	&vmovdqa	(&QWP(16*3-128,"ebp"),"xmm7");
+
+	&lea		($inp,&DWP(128,$inp));		# size optimization
+	&lea		($out,&DWP(128,$out));		# size optimization
+	&jmp		(&label("outer_loop"));
+
+&set_label("outer_loop",32);
+	#&vmovdqa	("xmm0",&QWP(16*0-128,"ebp"));	# copy key material
+	&vmovdqa	("xmm1",&QWP(16*1-128,"ebp"));
+	&vmovdqa	("xmm2",&QWP(16*2-128,"ebp"));
+	&vmovdqa	("xmm3",&QWP(16*3-128,"ebp"));
+	#&vmovdqa	("xmm4",&QWP(16*4-128,"ebp"));
+	&vmovdqa	("xmm5",&QWP(16*5-128,"ebp"));
+	&vmovdqa	("xmm6",&QWP(16*6-128,"ebp"));
+	&vmovdqa	("xmm7",&QWP(16*7-128,"ebp"));
+	#&vmovdqa	(&QWP(16*0-128,"ebx"),"xmm0");
+	&vmovdqa	(&QWP(16*1-128,"ebx"),"xmm1");
+	&vmovdqa	(&QWP(16*2-128,"ebx"),"xmm2");
+	&vmovdqa	(&QWP(16*3-128,"ebx"),"xmm3");
+	#&vmovdqa	(&QWP(16*4-128,"ebx"),"xmm4");
+	&vmovdqa	(&QWP(16*5-128,"ebx"),"xmm5");
+	&vmovdqa	(&QWP(16*6-128,"ebx"),"xmm6");
+	&vmovdqa	(&QWP(16*7-128,"ebx"),"xmm7");
+	#&vmovdqa	("xmm0",&QWP(16*8-128,"ebp"));
+	#&vmovdqa	("xmm1",&QWP(16*9-128,"ebp"));
+	&vmovdqa	("xmm2",&QWP(16*10-128,"ebp"));
+	&vmovdqa	("xmm3",&QWP(16*11-128,"ebp"));
+	&vmovdqa	("xmm4",&QWP(16*12-128,"ebp"));
+	&vmovdqa	("xmm5",&QWP(16*13-128,"ebp"));
+	&vmovdqa	("xmm6",&QWP(16*14-128,"ebp"));
+	&vmovdqa	("xmm7",&QWP(16*15-128,"ebp"));
+	&vpaddd		("xmm4","xmm4",&QWP(16*4,"eax"));	# counter value
+	#&vmovdqa	(&QWP(16*8-128,"ebx"),"xmm0");
+	#&vmovdqa	(&QWP(16*9-128,"ebx"),"xmm1");
+	&vmovdqa	(&QWP(16*10-128,"ebx"),"xmm2");
+	&vmovdqa	(&QWP(16*11-128,"ebx"),"xmm3");
+	&vmovdqa	(&QWP(16*12-128,"ebx"),"xmm4");
+	&vmovdqa	(&QWP(16*13-128,"ebx"),"xmm5");
+	&vmovdqa	(&QWP(16*14-128,"ebx"),"xmm6");
+	&vmovdqa	(&QWP(16*15-128,"ebx"),"xmm7");
+	&vmovdqa	(&QWP(16*12-128,"ebp"),"xmm4");	# save counter value
+
+	&vmovdqa	($xa, &QWP(16*0-128,"ebp"));
+	&vmovdqa	($xd, "xmm4");
+	&vmovdqa	($xb_,&QWP(16*4-128,"ebp"));
+	&vmovdqa	($xc, &QWP(16*8-128,"ebp"));
+	&vmovdqa	($xc_,&QWP(16*9-128,"ebp"));
+
+	&mov		("edx",10);			# loop counter
+	&nop		();
+
+&set_label("loop",32);
+	&vpaddd		($xa,$xa,$xb_);			# elsewhere
+	&vpxor		($xd,$xd,$xa);			# elsewhere
+	&QUARTERROUND_XOP(0, 4, 8, 12, 0);
+	&QUARTERROUND_XOP(1, 5, 9, 13, 1);
+	&QUARTERROUND_XOP(2, 6,10, 14, 2);
+	&QUARTERROUND_XOP(3, 7,11, 15, 3);
+	&QUARTERROUND_XOP(0, 5,10, 15, 4);
+	&QUARTERROUND_XOP(1, 6,11, 12, 5);
+	&QUARTERROUND_XOP(2, 7, 8, 13, 6);
+	&QUARTERROUND_XOP(3, 4, 9, 14, 7);
+	&dec		("edx");
+	&jnz		(&label("loop"));
+
+	&vmovdqa	(&QWP(16*4-128,"ebx"),$xb_);
+	&vmovdqa	(&QWP(16*8-128,"ebx"),$xc);
+	&vmovdqa	(&QWP(16*9-128,"ebx"),$xc_);
+	&vmovdqa	(&QWP(16*12-128,"ebx"),$xd);
+	&vmovdqa	(&QWP(16*14-128,"ebx"),$xd_);
+
+    my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
+
+	#&vmovdqa	($xa0,&QWP(16*0-128,"ebx"));	# it's there
+	&vmovdqa	($xa1,&QWP(16*1-128,"ebx"));
+	&vmovdqa	($xa2,&QWP(16*2-128,"ebx"));
+	&vmovdqa	($xa3,&QWP(16*3-128,"ebx"));
+
+    for($i=0;$i<256;$i+=64) {
+	&vpaddd		($xa0,$xa0,&QWP($i+16*0-128,"ebp"));	# accumulate key material
+	&vpaddd		($xa1,$xa1,&QWP($i+16*1-128,"ebp"));
+	&vpaddd		($xa2,$xa2,&QWP($i+16*2-128,"ebp"));
+	&vpaddd		($xa3,$xa3,&QWP($i+16*3-128,"ebp"));
+
+	&vpunpckldq	($xt2,$xa0,$xa1);	# "de-interlace" data
+	&vpunpckldq	($xt3,$xa2,$xa3);
+	&vpunpckhdq	($xa0,$xa0,$xa1);
+	&vpunpckhdq	($xa2,$xa2,$xa3);
+	&vpunpcklqdq	($xa1,$xt2,$xt3);	# "a0"
+	&vpunpckhqdq	($xt2,$xt2,$xt3);	# "a1"
+	&vpunpcklqdq	($xt3,$xa0,$xa2);	# "a2"
+	&vpunpckhqdq	($xa3,$xa0,$xa2);	# "a3"
+
+	&vpxor		($xt0,$xa1,&QWP(64*0-128,$inp));
+	&vpxor		($xt1,$xt2,&QWP(64*1-128,$inp));
+	&vpxor		($xt2,$xt3,&QWP(64*2-128,$inp));
+	&vpxor		($xt3,$xa3,&QWP(64*3-128,$inp));
+	&lea		($inp,&QWP($i<192?16:(64*4-16*3),$inp));
+	&vmovdqa	($xa0,&QWP($i+16*4-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa1,&QWP($i+16*5-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa2,&QWP($i+16*6-128,"ebx"))	if ($i<192);
+	&vmovdqa	($xa3,&QWP($i+16*7-128,"ebx"))	if ($i<192);
+	&vmovdqu	(&QWP(64*0-128,$out),$xt0);	# store output
+	&vmovdqu	(&QWP(64*1-128,$out),$xt1);
+	&vmovdqu	(&QWP(64*2-128,$out),$xt2);
+	&vmovdqu	(&QWP(64*3-128,$out),$xt3);
+	&lea		($out,&QWP($i<192?16:(64*4-16*3),$out));
+    }
+	&sub		($len,64*4);
+	&jnc		(&label("outer_loop"));
+
+	&add		($len,64*4);
+	&jz		(&label("done"));
+
+	&mov		("ebx",&DWP(512+8,"esp"));	# restore pointers
+	&lea		($inp,&DWP(-128,$inp));
+	&mov		("edx",&DWP(512+4,"esp"));
+	&lea		($out,&DWP(-128,$out));
+
+	&vmovd		("xmm2",&DWP(16*12-128,"ebp"));	# counter value
+	&vmovdqu	("xmm3",&QWP(0,"ebx"));
+	&vpaddd		("xmm2","xmm2",&QWP(16*6,"eax"));# +four
+	&vpand		("xmm3","xmm3",&QWP(16*7,"eax"));
+	&vpor		("xmm3","xmm3","xmm2");		# counter value
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
+
+sub XOPROUND {
+	&vpaddd		($a,$a,$b);
+	&vpxor		($d,$d,$a);
+	&vprotd		($d,$d,16);
+
+	&vpaddd		($c,$c,$d);
+	&vpxor		($b,$b,$c);
+	&vprotd		($b,$b,12);
+
+	&vpaddd		($a,$a,$b);
+	&vpxor		($d,$d,$a);
+	&vprotd		($d,$d,8);
+
+	&vpaddd		($c,$c,$d);
+	&vpxor		($b,$b,$c);
+	&vprotd		($b,$b,7);
+}
+
+&set_label("1x");
+	&vmovdqa	($a,&QWP(16*2,"eax"));		# sigma
+	&vmovdqu	($b,&QWP(0,"edx"));
+	&vmovdqu	($c,&QWP(16,"edx"));
+	#&vmovdqu	($d,&QWP(0,"ebx"));		# already loaded
+	&vmovdqa	($rot16,&QWP(0,"eax"));
+	&vmovdqa	($rot24,&QWP(16,"eax"));
+	&mov		(&DWP(16*3,"esp"),"ebp");
+
+	&vmovdqa	(&QWP(16*0,"esp"),$a);
+	&vmovdqa	(&QWP(16*1,"esp"),$b);
+	&vmovdqa	(&QWP(16*2,"esp"),$c);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+	&mov		("edx",10);
+	&jmp		(&label("loop1x"));
+
+&set_label("outer1x",16);
+	&vmovdqa	($d,&QWP(16*5,"eax"));		# one
+	&vmovdqa	($a,&QWP(16*0,"esp"));
+	&vmovdqa	($b,&QWP(16*1,"esp"));
+	&vmovdqa	($c,&QWP(16*2,"esp"));
+	&vpaddd		($d,$d,&QWP(16*3,"esp"));
+	&mov		("edx",10);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+	&jmp		(&label("loop1x"));
+
+&set_label("loop1x",16);
+	&XOPROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b00111001);
+	&vpshufd	($d,$d,0b10010011);
+
+	&XOPROUND();
+	&vpshufd	($c,$c,0b01001110);
+	&vpshufd	($b,$b,0b10010011);
+	&vpshufd	($d,$d,0b00111001);
+
+	&dec		("edx");
+	&jnz		(&label("loop1x"));
+
+	&vpaddd		($a,$a,&QWP(16*0,"esp"));
+	&vpaddd		($b,$b,&QWP(16*1,"esp"));
+	&vpaddd		($c,$c,&QWP(16*2,"esp"));
+	&vpaddd		($d,$d,&QWP(16*3,"esp"));
+
+	&cmp		($len,64);
+	&jb		(&label("tail"));
+
+	&vpxor		($a,$a,&QWP(16*0,$inp));	# xor with input
+	&vpxor		($b,$b,&QWP(16*1,$inp));
+	&vpxor		($c,$c,&QWP(16*2,$inp));
+	&vpxor		($d,$d,&QWP(16*3,$inp));
+	&lea		($inp,&DWP(16*4,$inp));		# inp+=64
+
+	&vmovdqu	(&QWP(16*0,$out),$a);		# write output
+	&vmovdqu	(&QWP(16*1,$out),$b);
+	&vmovdqu	(&QWP(16*2,$out),$c);
+	&vmovdqu	(&QWP(16*3,$out),$d);
+	&lea		($out,&DWP(16*4,$out));		# inp+=64
+
+	&sub		($len,64);
+	&jnz		(&label("outer1x"));
+
+	&jmp		(&label("done"));
+
+&set_label("tail");
+	&vmovdqa	(&QWP(16*0,"esp"),$a);
+	&vmovdqa	(&QWP(16*1,"esp"),$b);
+	&vmovdqa	(&QWP(16*2,"esp"),$c);
+	&vmovdqa	(&QWP(16*3,"esp"),$d);
+
+	&xor		("eax","eax");
+	&xor		("edx","edx");
+	&xor		("ebp","ebp");
+
+&set_label("tail_loop");
+	&movb		("al",&BP(0,"esp","ebp"));
+	&movb		("dl",&BP(0,$inp,"ebp"));
+	&lea		("ebp",&DWP(1,"ebp"));
+	&xor		("al","dl");
+	&movb		(&BP(-1,$out,"ebp"),"al");
+	&dec		($len);
+	&jnz		(&label("tail_loop"));
+}
+&set_label("done");
+	&vzeroupper	();
+	&mov		("esp",&DWP(512,"esp"));
+&function_end("ChaCha20_xop");
+}
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/asm/chacha-x86_64.pl b/openssl-1.1.0h/crypto/chacha/asm/chacha-x86_64.pl
new file mode 100755
index 0000000..347dfcb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/asm/chacha-x86_64.pl
@@ -0,0 +1,2245 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# November 2014
+#
+# ChaCha20 for x86_64.
+#
+# Performance in cycles per byte out of large buffer.
+#
+#		IALU/gcc 4.8(i)	1xSSSE3/SSE2	4xSSSE3	    8xAVX2
+#
+# P4		9.48/+99%	-/22.7(ii)	-
+# Core2		7.83/+55%	7.90/8.08	4.35
+# Westmere	7.19/+50%	5.60/6.70	3.00
+# Sandy Bridge	8.31/+42%	5.45/6.76	2.72
+# Ivy Bridge	6.71/+46%	5.40/6.49	2.41
+# Haswell	5.92/+43%	5.20/6.45	2.42	    1.23
+# Silvermont	12.0/+33%	7.75/7.40	7.03(iii)
+# Goldmont	10.6/+17%	5.10/-		3.28
+# Sledgehammer	7.28/+52%	-/14.2(ii)	-
+# Bulldozer	9.66/+28%	9.85/11.1	3.06(iv)
+# VIA Nano	10.5/+46%	6.72/8.60	6.05
+#
+# (i)	compared to older gcc 3.x one can observe >2x improvement on
+#	most platforms;
+# (ii)	as it can be seen, SSE2 performance is too low on legacy
+#	processors; NxSSE2 results are naturally better, but not
+#	impressively better than IALU ones, which is why you won't
+#	find SSE2 code below;
+# (iii)	this is not optimal result for Atom because of MSROM
+#	limitations, SSE2 can do better, but gain is considered too
+#	low to justify the [maintenance] effort;
+# (iv)	Bulldozer actually executes 4xXOP code path that delivers 2.20;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# input parameter block
+($out,$inp,$len,$key,$counter)=("%rdi","%rsi","%rdx","%rcx","%r8");
+
+$code.=<<___;
+.text
+
+.extern OPENSSL_ia32cap_P
+
+.align	64
+.Lzero:
+.long	0,0,0,0
+.Lone:
+.long	1,0,0,0
+.Linc:
+.long	0,1,2,3
+.Lfour:
+.long	4,4,4,4
+.Lincy:
+.long	0,2,4,6,1,3,5,7
+.Leight:
+.long	8,8,8,8,8,8,8,8
+.Lrot16:
+.byte	0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
+.Lrot24:
+.byte	0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
+.Lsigma:
+.asciz	"expand 32-byte k"
+.asciz	"ChaCha20 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+sub AUTOLOAD()          # thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+@x=("%eax","%ebx","%ecx","%edx",map("%r${_}d",(8..11)),
+    "%nox","%nox","%nox","%nox",map("%r${_}d",(12..15)));
+@t=("%esi","%edi");
+
+sub ROUND {			# critical path is 24 cycles per round
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_)=map("\"$_\"",@t);
+my @x=map("\"$_\"",@x);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	# Normally instructions would be interleaved to favour in-order
+	# execution. Generally out-of-order cores manage it gracefully,
+	# but not this time for some reason. As in-order execution
+	# cores are dying breed, old Atom is the only one around,
+	# instructions are left uninterleaved. Besides, Atom is better
+	# off executing 1xSSSE3 code anyway...
+
+	(
+	"&add	(@x[$a0],@x[$b0])",	# Q1
+	"&xor	(@x[$d0],@x[$a0])",
+	"&rol	(@x[$d0],16)",
+	 "&add	(@x[$a1],@x[$b1])",	# Q2
+	 "&xor	(@x[$d1],@x[$a1])",
+	 "&rol	(@x[$d1],16)",
+
+	"&add	($xc,@x[$d0])",
+	"&xor	(@x[$b0],$xc)",
+	"&rol	(@x[$b0],12)",
+	 "&add	($xc_,@x[$d1])",
+	 "&xor	(@x[$b1],$xc_)",
+	 "&rol	(@x[$b1],12)",
+
+	"&add	(@x[$a0],@x[$b0])",
+	"&xor	(@x[$d0],@x[$a0])",
+	"&rol	(@x[$d0],8)",
+	 "&add	(@x[$a1],@x[$b1])",
+	 "&xor	(@x[$d1],@x[$a1])",
+	 "&rol	(@x[$d1],8)",
+
+	"&add	($xc,@x[$d0])",
+	"&xor	(@x[$b0],$xc)",
+	"&rol	(@x[$b0],7)",
+	 "&add	($xc_,@x[$d1])",
+	 "&xor	(@x[$b1],$xc_)",
+	 "&rol	(@x[$b1],7)",
+
+	"&mov	(\"4*$c0(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&mov	(\"4*$c1(%rsp)\",$xc_)",
+	"&mov	($xc,\"4*$c2(%rsp)\")",
+	 "&mov	($xc_,\"4*$c3(%rsp)\")",
+
+	"&add	(@x[$a2],@x[$b2])",	# Q3
+	"&xor	(@x[$d2],@x[$a2])",
+	"&rol	(@x[$d2],16)",
+	 "&add	(@x[$a3],@x[$b3])",	# Q4
+	 "&xor	(@x[$d3],@x[$a3])",
+	 "&rol	(@x[$d3],16)",
+
+	"&add	($xc,@x[$d2])",
+	"&xor	(@x[$b2],$xc)",
+	"&rol	(@x[$b2],12)",
+	 "&add	($xc_,@x[$d3])",
+	 "&xor	(@x[$b3],$xc_)",
+	 "&rol	(@x[$b3],12)",
+
+	"&add	(@x[$a2],@x[$b2])",
+	"&xor	(@x[$d2],@x[$a2])",
+	"&rol	(@x[$d2],8)",
+	 "&add	(@x[$a3],@x[$b3])",
+	 "&xor	(@x[$d3],@x[$a3])",
+	 "&rol	(@x[$d3],8)",
+
+	"&add	($xc,@x[$d2])",
+	"&xor	(@x[$b2],$xc)",
+	"&rol	(@x[$b2],7)",
+	 "&add	($xc_,@x[$d3])",
+	 "&xor	(@x[$b3],$xc_)",
+	 "&rol	(@x[$b3],7)"
+	);
+}
+
+########################################################################
+# Generic code path that handles all lengths on pre-SSSE3 processors.
+$code.=<<___;
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,\@function,5
+.align	64
+ChaCha20_ctr32:
+	cmp	\$0,$len
+	je	.Lno_data
+	mov	OPENSSL_ia32cap_P+4(%rip),%r10
+	test	\$`1<<(41-32)`,%r10d
+	jnz	.LChaCha20_ssse3
+
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$64+24,%rsp
+
+	#movdqa	.Lsigma(%rip),%xmm0
+	movdqu	($key),%xmm1
+	movdqu	16($key),%xmm2
+	movdqu	($counter),%xmm3
+	movdqa	.Lone(%rip),%xmm4
+
+	#movdqa	%xmm0,4*0(%rsp)		# key[0]
+	movdqa	%xmm1,4*4(%rsp)		# key[1]
+	movdqa	%xmm2,4*8(%rsp)		# key[2]
+	movdqa	%xmm3,4*12(%rsp)	# key[3]
+	mov	$len,%rbp		# reassign $len
+	jmp	.Loop_outer
+
+.align	32
+.Loop_outer:
+	mov	\$0x61707865,@x[0]      # 'expa'
+	mov	\$0x3320646e,@x[1]      # 'nd 3'
+	mov	\$0x79622d32,@x[2]      # '2-by'
+	mov	\$0x6b206574,@x[3]      # 'te k'
+	mov	4*4(%rsp),@x[4]
+	mov	4*5(%rsp),@x[5]
+	mov	4*6(%rsp),@x[6]
+	mov	4*7(%rsp),@x[7]
+	movd	%xmm3,@x[12]
+	mov	4*13(%rsp),@x[13]
+	mov	4*14(%rsp),@x[14]
+	mov	4*15(%rsp),@x[15]
+
+	mov	%rbp,64+0(%rsp)		# save len
+	mov	\$10,%ebp
+	mov	$inp,64+8(%rsp)		# save inp
+	movq	%xmm2,%rsi		# "@x[8]"
+	mov	$out,64+16(%rsp)	# save out
+	mov	%rsi,%rdi
+	shr	\$32,%rdi		# "@x[9]"
+	jmp	.Loop
+
+.align	32
+.Loop:
+___
+	foreach (&ROUND (0, 4, 8,12)) { eval; }
+	foreach (&ROUND	(0, 5,10,15)) { eval; }
+	&dec	("%ebp");
+	&jnz	(".Loop");
+
+$code.=<<___;
+	mov	@t[1],4*9(%rsp)		# modulo-scheduled
+	mov	@t[0],4*8(%rsp)
+	mov	64(%rsp),%rbp		# load len
+	movdqa	%xmm2,%xmm1
+	mov	64+8(%rsp),$inp		# load inp
+	paddd	%xmm4,%xmm3		# increment counter
+	mov	64+16(%rsp),$out	# load out
+
+	add	\$0x61707865,@x[0]      # 'expa'
+	add	\$0x3320646e,@x[1]      # 'nd 3'
+	add	\$0x79622d32,@x[2]      # '2-by'
+	add	\$0x6b206574,@x[3]      # 'te k'
+	add	4*4(%rsp),@x[4]
+	add	4*5(%rsp),@x[5]
+	add	4*6(%rsp),@x[6]
+	add	4*7(%rsp),@x[7]
+	add	4*12(%rsp),@x[12]
+	add	4*13(%rsp),@x[13]
+	add	4*14(%rsp),@x[14]
+	add	4*15(%rsp),@x[15]
+	paddd	4*8(%rsp),%xmm1
+
+	cmp	\$64,%rbp
+	jb	.Ltail
+
+	xor	4*0($inp),@x[0]		# xor with input
+	xor	4*1($inp),@x[1]
+	xor	4*2($inp),@x[2]
+	xor	4*3($inp),@x[3]
+	xor	4*4($inp),@x[4]
+	xor	4*5($inp),@x[5]
+	xor	4*6($inp),@x[6]
+	xor	4*7($inp),@x[7]
+	movdqu	4*8($inp),%xmm0
+	xor	4*12($inp),@x[12]
+	xor	4*13($inp),@x[13]
+	xor	4*14($inp),@x[14]
+	xor	4*15($inp),@x[15]
+	lea	4*16($inp),$inp		# inp+=64
+	pxor	%xmm1,%xmm0
+
+	movdqa	%xmm2,4*8(%rsp)
+	movd	%xmm3,4*12(%rsp)
+
+	mov	@x[0],4*0($out)		# write output
+	mov	@x[1],4*1($out)
+	mov	@x[2],4*2($out)
+	mov	@x[3],4*3($out)
+	mov	@x[4],4*4($out)
+	mov	@x[5],4*5($out)
+	mov	@x[6],4*6($out)
+	mov	@x[7],4*7($out)
+	movdqu	%xmm0,4*8($out)
+	mov	@x[12],4*12($out)
+	mov	@x[13],4*13($out)
+	mov	@x[14],4*14($out)
+	mov	@x[15],4*15($out)
+	lea	4*16($out),$out		# out+=64
+
+	sub	\$64,%rbp
+	jnz	.Loop_outer
+
+	jmp	.Ldone
+
+.align	16
+.Ltail:
+	mov	@x[0],4*0(%rsp)
+	mov	@x[1],4*1(%rsp)
+	xor	%rbx,%rbx
+	mov	@x[2],4*2(%rsp)
+	mov	@x[3],4*3(%rsp)
+	mov	@x[4],4*4(%rsp)
+	mov	@x[5],4*5(%rsp)
+	mov	@x[6],4*6(%rsp)
+	mov	@x[7],4*7(%rsp)
+	movdqa	%xmm1,4*8(%rsp)
+	mov	@x[12],4*12(%rsp)
+	mov	@x[13],4*13(%rsp)
+	mov	@x[14],4*14(%rsp)
+	mov	@x[15],4*15(%rsp)
+
+.Loop_tail:
+	movzb	($inp,%rbx),%eax
+	movzb	(%rsp,%rbx),%edx
+	lea	1(%rbx),%rbx
+	xor	%edx,%eax
+	mov	%al,-1($out,%rbx)
+	dec	%rbp
+	jnz	.Loop_tail
+
+.Ldone:
+	add	\$64+24,%rsp
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+.Lno_data:
+	ret
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+___
+
+########################################################################
+# SSSE3 code path that handles shorter lengths
+{
+my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(0..7));
+
+sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	&pshufb	($d,$rot16);
+
+	&paddd	($c,$d);
+	&pxor	($b,$c);
+	&movdqa	($t,$b);
+	&psrld	($b,20);
+	&pslld	($t,12);
+	&por	($b,$t);
+
+	&paddd	($a,$b);
+	&pxor	($d,$a);
+	&pshufb	($d,$rot24);
+
+	&paddd	($c,$d);
+	&pxor	($b,$c);
+	&movdqa	($t,$b);
+	&psrld	($b,25);
+	&pslld	($t,7);
+	&por	($b,$t);
+}
+
+my $xframe = $win64 ? 32+32+8 : 24;
+
+$code.=<<___;
+.type	ChaCha20_ssse3,\@function,5
+.align	32
+ChaCha20_ssse3:
+.LChaCha20_ssse3:
+___
+$code.=<<___	if ($avx);
+	test	\$`1<<(43-32)`,%r10d
+	jnz	.LChaCha20_4xop		# XOP is fastest even if we use 1/4
+___
+$code.=<<___;
+	cmp	\$128,$len		# we might throw away some data,
+	ja	.LChaCha20_4x		# but overall it won't be slower
+
+.Ldo_sse3_after_all:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	sub	\$64+$xframe,%rsp
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6,64+32(%rsp)
+	movaps	%xmm7,64+48(%rsp)
+___
+$code.=<<___;
+	movdqa	.Lsigma(%rip),$a
+	movdqu	($key),$b
+	movdqu	16($key),$c
+	movdqu	($counter),$d
+	movdqa	.Lrot16(%rip),$rot16
+	movdqa	.Lrot24(%rip),$rot24
+
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,0x20(%rsp)
+	movdqa	$d,0x30(%rsp)
+	mov	\$10,%ebp
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_outer_ssse3:
+	movdqa	.Lone(%rip),$d
+	movdqa	0x00(%rsp),$a
+	movdqa	0x10(%rsp),$b
+	movdqa	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+	mov	\$10,%ebp
+	movdqa	$d,0x30(%rsp)
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_ssse3:
+___
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b00111001);
+	&pshufd	($d,$d,0b10010011);
+	&nop	();
+
+	&SSSE3ROUND();
+	&pshufd	($c,$c,0b01001110);
+	&pshufd	($b,$b,0b10010011);
+	&pshufd	($d,$d,0b00111001);
+
+	&dec	("%ebp");
+	&jnz	(".Loop_ssse3");
+
+$code.=<<___;
+	paddd	0x00(%rsp),$a
+	paddd	0x10(%rsp),$b
+	paddd	0x20(%rsp),$c
+	paddd	0x30(%rsp),$d
+
+	cmp	\$64,$len
+	jb	.Ltail_ssse3
+
+	movdqu	0x00($inp),$t
+	movdqu	0x10($inp),$t1
+	pxor	$t,$a			# xor with input
+	movdqu	0x20($inp),$t
+	pxor	$t1,$b
+	movdqu	0x30($inp),$t1
+	lea	0x40($inp),$inp		# inp+=64
+	pxor	$t,$c
+	pxor	$t1,$d
+
+	movdqu	$a,0x00($out)		# write output
+	movdqu	$b,0x10($out)
+	movdqu	$c,0x20($out)
+	movdqu	$d,0x30($out)
+	lea	0x40($out),$out		# out+=64
+
+	sub	\$64,$len
+	jnz	.Loop_outer_ssse3
+
+	jmp	.Ldone_ssse3
+
+.align	16
+.Ltail_ssse3:
+	movdqa	$a,0x00(%rsp)
+	movdqa	$b,0x10(%rsp)
+	movdqa	$c,0x20(%rsp)
+	movdqa	$d,0x30(%rsp)
+	xor	%rbx,%rbx
+
+.Loop_tail_ssse3:
+	movzb	($inp,%rbx),%eax
+	movzb	(%rsp,%rbx),%ecx
+	lea	1(%rbx),%rbx
+	xor	%ecx,%eax
+	mov	%al,-1($out,%rbx)
+	dec	$len
+	jnz	.Loop_tail_ssse3
+
+.Ldone_ssse3:
+___
+$code.=<<___	if ($win64);
+	movaps	64+32(%rsp),%xmm6
+	movaps	64+48(%rsp),%xmm7
+___
+$code.=<<___;
+	add	\$64+$xframe,%rsp
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	ret
+.size	ChaCha20_ssse3,.-ChaCha20_ssse3
+___
+}
+
+########################################################################
+# SSSE3 code path that handles longer messages.
+{
+# assign variables to favor Atom front-end
+my ($xd0,$xd1,$xd2,$xd3, $xt0,$xt1,$xt2,$xt3,
+    $xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3)=map("%xmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	"%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3);
+
+sub SSSE3_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3);
+my @x=map("\"$_\"",@xx);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	(
+	"&paddd		(@x[$a0],@x[$b0])",	# Q1
+	 "&paddd	(@x[$a1],@x[$b1])",	# Q2
+	"&pxor		(@x[$d0],@x[$a0])",
+	 "&pxor		(@x[$d1],@x[$a1])",
+	"&pshufb	(@x[$d0],$t1)",
+	 "&pshufb	(@x[$d1],$t1)",
+
+	"&paddd		($xc,@x[$d0])",
+	 "&paddd	($xc_,@x[$d1])",
+	"&pxor		(@x[$b0],$xc)",
+	 "&pxor		(@x[$b1],$xc_)",
+	"&movdqa	($t0,@x[$b0])",
+	"&pslld		(@x[$b0],12)",
+	"&psrld		($t0,20)",
+	 "&movdqa	($t1,@x[$b1])",
+	 "&pslld	(@x[$b1],12)",
+	"&por		(@x[$b0],$t0)",
+	 "&psrld	($t1,20)",
+	"&movdqa	($t0,'(%r11)')",	# .Lrot24(%rip)
+	 "&por		(@x[$b1],$t1)",
+
+	"&paddd		(@x[$a0],@x[$b0])",
+	 "&paddd	(@x[$a1],@x[$b1])",
+	"&pxor		(@x[$d0],@x[$a0])",
+	 "&pxor		(@x[$d1],@x[$a1])",
+	"&pshufb	(@x[$d0],$t0)",
+	 "&pshufb	(@x[$d1],$t0)",
+
+	"&paddd		($xc,@x[$d0])",
+	 "&paddd	($xc_,@x[$d1])",
+	"&pxor		(@x[$b0],$xc)",
+	 "&pxor		(@x[$b1],$xc_)",
+	"&movdqa	($t1,@x[$b0])",
+	"&pslld		(@x[$b0],7)",
+	"&psrld		($t1,25)",
+	 "&movdqa	($t0,@x[$b1])",
+	 "&pslld	(@x[$b1],7)",
+	"&por		(@x[$b0],$t1)",
+	 "&psrld	($t0,25)",
+	"&movdqa	($t1,'(%r10)')",	# .Lrot16(%rip)
+	 "&por		(@x[$b1],$t0)",
+
+	"&movdqa	(\"`16*($c0-8)`(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&movdqa	(\"`16*($c1-8)`(%rsp)\",$xc_)",
+	"&movdqa	($xc,\"`16*($c2-8)`(%rsp)\")",
+	 "&movdqa	($xc_,\"`16*($c3-8)`(%rsp)\")",
+
+	"&paddd		(@x[$a2],@x[$b2])",	# Q3
+	 "&paddd	(@x[$a3],@x[$b3])",	# Q4
+	"&pxor		(@x[$d2],@x[$a2])",
+	 "&pxor		(@x[$d3],@x[$a3])",
+	"&pshufb	(@x[$d2],$t1)",
+	 "&pshufb	(@x[$d3],$t1)",
+
+	"&paddd		($xc,@x[$d2])",
+	 "&paddd	($xc_,@x[$d3])",
+	"&pxor		(@x[$b2],$xc)",
+	 "&pxor		(@x[$b3],$xc_)",
+	"&movdqa	($t0,@x[$b2])",
+	"&pslld		(@x[$b2],12)",
+	"&psrld		($t0,20)",
+	 "&movdqa	($t1,@x[$b3])",
+	 "&pslld	(@x[$b3],12)",
+	"&por		(@x[$b2],$t0)",
+	 "&psrld	($t1,20)",
+	"&movdqa	($t0,'(%r11)')",	# .Lrot24(%rip)
+	 "&por		(@x[$b3],$t1)",
+
+	"&paddd		(@x[$a2],@x[$b2])",
+	 "&paddd	(@x[$a3],@x[$b3])",
+	"&pxor		(@x[$d2],@x[$a2])",
+	 "&pxor		(@x[$d3],@x[$a3])",
+	"&pshufb	(@x[$d2],$t0)",
+	 "&pshufb	(@x[$d3],$t0)",
+
+	"&paddd		($xc,@x[$d2])",
+	 "&paddd	($xc_,@x[$d3])",
+	"&pxor		(@x[$b2],$xc)",
+	 "&pxor		(@x[$b3],$xc_)",
+	"&movdqa	($t1,@x[$b2])",
+	"&pslld		(@x[$b2],7)",
+	"&psrld		($t1,25)",
+	 "&movdqa	($t0,@x[$b3])",
+	 "&pslld	(@x[$b3],7)",
+	"&por		(@x[$b2],$t1)",
+	 "&psrld	($t0,25)",
+	"&movdqa	($t1,'(%r10)')",	# .Lrot16(%rip)
+	 "&por		(@x[$b3],$t0)"
+	);
+}
+
+my $xframe = $win64 ? 0xa0 : 0;
+
+$code.=<<___;
+.type	ChaCha20_4x,\@function,5
+.align	32
+ChaCha20_4x:
+.LChaCha20_4x:
+	mov		%r10,%r11
+___
+$code.=<<___	if ($avx>1);
+	shr		\$32,%r10		# OPENSSL_ia32cap_P+8
+	test		\$`1<<5`,%r10		# test AVX2
+	jnz		.LChaCha20_8x
+___
+$code.=<<___;
+	cmp		\$192,$len
+	ja		.Lproceed4x
+
+	and		\$`1<<26|1<<22`,%r11	# isolate XSAVE+MOVBE
+	cmp		\$`1<<22`,%r11		# check for MOVBE without XSAVE
+	je		.Ldo_sse3_after_all	# to detect Atom
+
+.Lproceed4x:
+	lea		-0x78(%rsp),%r11
+	sub		\$0x148+$xframe,%rsp
+___
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x40		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x100	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x140
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0x30(%r11)
+	movaps		%xmm7,-0x20(%r11)
+	movaps		%xmm8,-0x10(%r11)
+	movaps		%xmm9,0x00(%r11)
+	movaps		%xmm10,0x10(%r11)
+	movaps		%xmm11,0x20(%r11)
+	movaps		%xmm12,0x30(%r11)
+	movaps		%xmm13,0x40(%r11)
+	movaps		%xmm14,0x50(%r11)
+	movaps		%xmm15,0x60(%r11)
+___
+$code.=<<___;
+	movdqa		.Lsigma(%rip),$xa3	# key[0]
+	movdqu		($key),$xb3		# key[1]
+	movdqu		16($key),$xt3		# key[2]
+	movdqu		($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+	lea		.Lrot16(%rip),%r10
+	lea		.Lrot24(%rip),%r11
+
+	pshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	pshufd		\$0x55,$xa3,$xa1
+	movdqa		$xa0,0x40(%rsp)		# ... and offload
+	pshufd		\$0xaa,$xa3,$xa2
+	movdqa		$xa1,0x50(%rsp)
+	pshufd		\$0xff,$xa3,$xa3
+	movdqa		$xa2,0x60(%rsp)
+	movdqa		$xa3,0x70(%rsp)
+
+	pshufd		\$0x00,$xb3,$xb0
+	pshufd		\$0x55,$xb3,$xb1
+	movdqa		$xb0,0x80-0x100(%rcx)
+	pshufd		\$0xaa,$xb3,$xb2
+	movdqa		$xb1,0x90-0x100(%rcx)
+	pshufd		\$0xff,$xb3,$xb3
+	movdqa		$xb2,0xa0-0x100(%rcx)
+	movdqa		$xb3,0xb0-0x100(%rcx)
+
+	pshufd		\$0x00,$xt3,$xt0	# "$xc0"
+	pshufd		\$0x55,$xt3,$xt1	# "$xc1"
+	movdqa		$xt0,0xc0-0x100(%rcx)
+	pshufd		\$0xaa,$xt3,$xt2	# "$xc2"
+	movdqa		$xt1,0xd0-0x100(%rcx)
+	pshufd		\$0xff,$xt3,$xt3	# "$xc3"
+	movdqa		$xt2,0xe0-0x100(%rcx)
+	movdqa		$xt3,0xf0-0x100(%rcx)
+
+	pshufd		\$0x00,$xd3,$xd0
+	pshufd		\$0x55,$xd3,$xd1
+	paddd		.Linc(%rip),$xd0	# don't save counters yet
+	pshufd		\$0xaa,$xd3,$xd2
+	movdqa		$xd1,0x110-0x100(%rcx)
+	pshufd		\$0xff,$xd3,$xd3
+	movdqa		$xd2,0x120-0x100(%rcx)
+	movdqa		$xd3,0x130-0x100(%rcx)
+
+	jmp		.Loop_enter4x
+
+.align	32
+.Loop_outer4x:
+	movdqa		0x40(%rsp),$xa0		# re-load smashed key
+	movdqa		0x50(%rsp),$xa1
+	movdqa		0x60(%rsp),$xa2
+	movdqa		0x70(%rsp),$xa3
+	movdqa		0x80-0x100(%rcx),$xb0
+	movdqa		0x90-0x100(%rcx),$xb1
+	movdqa		0xa0-0x100(%rcx),$xb2
+	movdqa		0xb0-0x100(%rcx),$xb3
+	movdqa		0xc0-0x100(%rcx),$xt0	# "$xc0"
+	movdqa		0xd0-0x100(%rcx),$xt1	# "$xc1"
+	movdqa		0xe0-0x100(%rcx),$xt2	# "$xc2"
+	movdqa		0xf0-0x100(%rcx),$xt3	# "$xc3"
+	movdqa		0x100-0x100(%rcx),$xd0
+	movdqa		0x110-0x100(%rcx),$xd1
+	movdqa		0x120-0x100(%rcx),$xd2
+	movdqa		0x130-0x100(%rcx),$xd3
+	paddd		.Lfour(%rip),$xd0	# next SIMD counters
+
+.Loop_enter4x:
+	movdqa		$xt2,0x20(%rsp)		# SIMD equivalent of "@x[10]"
+	movdqa		$xt3,0x30(%rsp)		# SIMD equivalent of "@x[11]"
+	movdqa		(%r10),$xt3		# .Lrot16(%rip)
+	mov		\$10,%eax
+	movdqa		$xd0,0x100-0x100(%rcx)	# save SIMD counters
+	jmp		.Loop4x
+
+.align	32
+.Loop4x:
+___
+	foreach (&SSSE3_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&SSSE3_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop4x
+
+	paddd		0x40(%rsp),$xa0		# accumulate key material
+	paddd		0x50(%rsp),$xa1
+	paddd		0x60(%rsp),$xa2
+	paddd		0x70(%rsp),$xa3
+
+	movdqa		$xa0,$xt2		# "de-interlace" data
+	punpckldq	$xa1,$xa0
+	movdqa		$xa2,$xt3
+	punpckldq	$xa3,$xa2
+	punpckhdq	$xa1,$xt2
+	punpckhdq	$xa3,$xt3
+	movdqa		$xa0,$xa1
+	punpcklqdq	$xa2,$xa0		# "a0"
+	movdqa		$xt2,$xa3
+	punpcklqdq	$xt3,$xt2		# "a2"
+	punpckhqdq	$xa2,$xa1		# "a1"
+	punpckhqdq	$xt3,$xa3		# "a3"
+___
+	($xa2,$xt2)=($xt2,$xa2);
+$code.=<<___;
+	paddd		0x80-0x100(%rcx),$xb0
+	paddd		0x90-0x100(%rcx),$xb1
+	paddd		0xa0-0x100(%rcx),$xb2
+	paddd		0xb0-0x100(%rcx),$xb3
+
+	movdqa		$xa0,0x00(%rsp)		# offload $xaN
+	movdqa		$xa1,0x10(%rsp)
+	movdqa		0x20(%rsp),$xa0		# "xc2"
+	movdqa		0x30(%rsp),$xa1		# "xc3"
+
+	movdqa		$xb0,$xt2
+	punpckldq	$xb1,$xb0
+	movdqa		$xb2,$xt3
+	punpckldq	$xb3,$xb2
+	punpckhdq	$xb1,$xt2
+	punpckhdq	$xb3,$xt3
+	movdqa		$xb0,$xb1
+	punpcklqdq	$xb2,$xb0		# "b0"
+	movdqa		$xt2,$xb3
+	punpcklqdq	$xt3,$xt2		# "b2"
+	punpckhqdq	$xb2,$xb1		# "b1"
+	punpckhqdq	$xt3,$xb3		# "b3"
+___
+	($xb2,$xt2)=($xt2,$xb2);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	paddd		0xc0-0x100(%rcx),$xc0
+	paddd		0xd0-0x100(%rcx),$xc1
+	paddd		0xe0-0x100(%rcx),$xc2
+	paddd		0xf0-0x100(%rcx),$xc3
+
+	movdqa		$xa2,0x20(%rsp)		# keep offloading $xaN
+	movdqa		$xa3,0x30(%rsp)
+
+	movdqa		$xc0,$xt2
+	punpckldq	$xc1,$xc0
+	movdqa		$xc2,$xt3
+	punpckldq	$xc3,$xc2
+	punpckhdq	$xc1,$xt2
+	punpckhdq	$xc3,$xt3
+	movdqa		$xc0,$xc1
+	punpcklqdq	$xc2,$xc0		# "c0"
+	movdqa		$xt2,$xc3
+	punpcklqdq	$xt3,$xt2		# "c2"
+	punpckhqdq	$xc2,$xc1		# "c1"
+	punpckhqdq	$xt3,$xc3		# "c3"
+___
+	($xc2,$xt2)=($xt2,$xc2);
+	($xt0,$xt1)=($xa2,$xa3);		# use $xaN as temporary
+$code.=<<___;
+	paddd		0x100-0x100(%rcx),$xd0
+	paddd		0x110-0x100(%rcx),$xd1
+	paddd		0x120-0x100(%rcx),$xd2
+	paddd		0x130-0x100(%rcx),$xd3
+
+	movdqa		$xd0,$xt2
+	punpckldq	$xd1,$xd0
+	movdqa		$xd2,$xt3
+	punpckldq	$xd3,$xd2
+	punpckhdq	$xd1,$xt2
+	punpckhdq	$xd3,$xt3
+	movdqa		$xd0,$xd1
+	punpcklqdq	$xd2,$xd0		# "d0"
+	movdqa		$xt2,$xd3
+	punpcklqdq	$xt3,$xt2		# "d2"
+	punpckhqdq	$xd2,$xd1		# "d1"
+	punpckhqdq	$xt3,$xd3		# "d3"
+___
+	($xd2,$xt2)=($xt2,$xd2);
+$code.=<<___;
+	cmp		\$64*4,$len
+	jb		.Ltail4x
+
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# size optimization
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+
+	 movdqu		$xt0,0x40($out)
+	movdqu		0x00($inp),$xt0
+	 movdqu		$xt1,0x50($out)
+	movdqu		0x10($inp),$xt1
+	 movdqu		$xt2,0x60($out)
+	movdqu		0x20($inp),$xt2
+	 movdqu		$xt3,0x70($out)
+	 lea		0x80($out),$out		# size optimization
+	movdqu		0x30($inp),$xt3
+	pxor		0x20(%rsp),$xt0
+	pxor		$xb2,$xt1
+	pxor		$xc2,$xt2
+	pxor		$xd2,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# inp+=64*4
+	pxor		0x30(%rsp),$xt0
+	pxor		$xb3,$xt1
+	pxor		$xc3,$xt2
+	pxor		$xd3,$xt3
+	movdqu		$xt0,0x40($out)
+	movdqu		$xt1,0x50($out)
+	movdqu		$xt2,0x60($out)
+	movdqu		$xt3,0x70($out)
+	lea		0x80($out),$out		# out+=64*4
+
+	sub		\$64*4,$len
+	jnz		.Loop_outer4x
+
+	jmp		.Ldone4x
+
+.Ltail4x:
+	cmp		\$192,$len
+	jae		.L192_or_more4x
+	cmp		\$128,$len
+	jae		.L128_or_more4x
+	cmp		\$64,$len
+	jae		.L64_or_more4x
+
+	#movdqa		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	xor		%r10,%r10
+	#movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb0,0x10(%rsp)
+	movdqa		$xc0,0x20(%rsp)
+	movdqa		$xd0,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L64_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaxN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+	movdqu		$xt0,0x00($out)
+	movdqu		$xt1,0x10($out)
+	movdqu		$xt2,0x20($out)
+	movdqu		$xt3,0x30($out)
+	je		.Ldone4x
+
+	movdqa		0x10(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x40($inp),$inp		# inp+=64*1
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb1,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	movdqa		$xc1,0x20(%rsp)
+	sub		\$64,$len		# len-=64*1
+	movdqa		$xd1,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L128_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+	movdqu		$xt0,0x40($out)
+	movdqu		$xt1,0x50($out)
+	movdqu		$xt2,0x60($out)
+	movdqu		$xt3,0x70($out)
+	je		.Ldone4x
+
+	movdqa		0x20(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x80($inp),$inp		# inp+=64*2
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb2,0x10(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	movdqa		$xc2,0x20(%rsp)
+	sub		\$128,$len		# len-=64*2
+	movdqa		$xd2,0x30(%rsp)
+	jmp		.Loop_tail4x
+
+.align	32
+.L192_or_more4x:
+	movdqu		0x00($inp),$xt0		# xor with input
+	movdqu		0x10($inp),$xt1
+	movdqu		0x20($inp),$xt2
+	movdqu		0x30($inp),$xt3
+	pxor		0x00(%rsp),$xt0		# $xaN is offloaded, remember?
+	pxor		$xb0,$xt1
+	pxor		$xc0,$xt2
+	pxor		$xd0,$xt3
+
+	 movdqu		$xt0,0x00($out)
+	movdqu		0x40($inp),$xt0
+	 movdqu		$xt1,0x10($out)
+	movdqu		0x50($inp),$xt1
+	 movdqu		$xt2,0x20($out)
+	movdqu		0x60($inp),$xt2
+	 movdqu		$xt3,0x30($out)
+	movdqu		0x70($inp),$xt3
+	lea		0x80($inp),$inp		# size optimization
+	pxor		0x10(%rsp),$xt0
+	pxor		$xb1,$xt1
+	pxor		$xc1,$xt2
+	pxor		$xd1,$xt3
+
+	 movdqu		$xt0,0x40($out)
+	movdqu		0x00($inp),$xt0
+	 movdqu		$xt1,0x50($out)
+	movdqu		0x10($inp),$xt1
+	 movdqu		$xt2,0x60($out)
+	movdqu		0x20($inp),$xt2
+	 movdqu		$xt3,0x70($out)
+	 lea		0x80($out),$out		# size optimization
+	movdqu		0x30($inp),$xt3
+	pxor		0x20(%rsp),$xt0
+	pxor		$xb2,$xt1
+	pxor		$xc2,$xt2
+	pxor		$xd2,$xt3
+	movdqu		$xt0,0x00($out)
+	movdqu		$xt1,0x10($out)
+	movdqu		$xt2,0x20($out)
+	movdqu		$xt3,0x30($out)
+	je		.Ldone4x
+
+	movdqa		0x30(%rsp),$xt0		# $xaN is offloaded, remember?
+	lea		0x40($inp),$inp		# inp+=64*3
+	xor		%r10,%r10
+	movdqa		$xt0,0x00(%rsp)
+	movdqa		$xb3,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*3
+	movdqa		$xc3,0x20(%rsp)
+	sub		\$192,$len		# len-=64*3
+	movdqa		$xd3,0x30(%rsp)
+
+.Loop_tail4x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail4x
+
+.Ldone4x:
+___
+$code.=<<___	if ($win64);
+	lea		0x140+0x30(%rsp),%r11
+	movaps		-0x30(%r11),%xmm6
+	movaps		-0x20(%r11),%xmm7
+	movaps		-0x10(%r11),%xmm8
+	movaps		0x00(%r11),%xmm9
+	movaps		0x10(%r11),%xmm10
+	movaps		0x20(%r11),%xmm11
+	movaps		0x30(%r11),%xmm12
+	movaps		0x40(%r11),%xmm13
+	movaps		0x50(%r11),%xmm14
+	movaps		0x60(%r11),%xmm15
+___
+$code.=<<___;
+	add		\$0x148+$xframe,%rsp
+	ret
+.size	ChaCha20_4x,.-ChaCha20_4x
+___
+}
+
+########################################################################
+# XOP code path that handles all lengths.
+if ($avx) {
+# There is some "anomaly" observed depending on instructions' size or
+# alignment. If you look closely at below code you'll notice that
+# sometimes argument order varies. The order affects instruction
+# encoding by making it larger, and such fiddling gives 5% performance
+# improvement. This is on FX-4100...
+
+my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3,
+    $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%xmm$_",(0..15));
+my  @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	 $xt0,$xt1,$xt2,$xt3, $xd0,$xd1,$xd2,$xd3);
+
+sub XOP_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my @x=map("\"$_\"",@xx);
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	  "&vpxor	(@x[$d2],@x[$a2],@x[$d2])",
+	   "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	"&vprotd	(@x[$d0],@x[$d0],16)",
+	 "&vprotd	(@x[$d1],@x[$d1],16)",
+	  "&vprotd	(@x[$d2],@x[$d2],16)",
+	   "&vprotd	(@x[$d3],@x[$d3],16)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxor		(@x[$b0],@x[$c0],@x[$b0])",
+	 "&vpxor	(@x[$b1],@x[$c1],@x[$b1])",
+	  "&vpxor	(@x[$b2],@x[$b2],@x[$c2])",	# flip
+	   "&vpxor	(@x[$b3],@x[$b3],@x[$c3])",	# flip
+	"&vprotd	(@x[$b0],@x[$b0],12)",
+	 "&vprotd	(@x[$b1],@x[$b1],12)",
+	  "&vprotd	(@x[$b2],@x[$b2],12)",
+	   "&vprotd	(@x[$b3],@x[$b3],12)",
+
+	"&vpaddd	(@x[$a0],@x[$b0],@x[$a0])",	# flip
+	 "&vpaddd	(@x[$a1],@x[$b1],@x[$a1])",	# flip
+	  "&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	   "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	  "&vpxor	(@x[$d2],@x[$a2],@x[$d2])",
+	   "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	"&vprotd	(@x[$d0],@x[$d0],8)",
+	 "&vprotd	(@x[$d1],@x[$d1],8)",
+	  "&vprotd	(@x[$d2],@x[$d2],8)",
+	   "&vprotd	(@x[$d3],@x[$d3],8)",
+
+	"&vpaddd	(@x[$c0],@x[$c0],@x[$d0])",
+	 "&vpaddd	(@x[$c1],@x[$c1],@x[$d1])",
+	  "&vpaddd	(@x[$c2],@x[$c2],@x[$d2])",
+	   "&vpaddd	(@x[$c3],@x[$c3],@x[$d3])",
+	"&vpxor		(@x[$b0],@x[$c0],@x[$b0])",
+	 "&vpxor	(@x[$b1],@x[$c1],@x[$b1])",
+	  "&vpxor	(@x[$b2],@x[$b2],@x[$c2])",	# flip
+	   "&vpxor	(@x[$b3],@x[$b3],@x[$c3])",	# flip
+	"&vprotd	(@x[$b0],@x[$b0],7)",
+	 "&vprotd	(@x[$b1],@x[$b1],7)",
+	  "&vprotd	(@x[$b2],@x[$b2],7)",
+	   "&vprotd	(@x[$b3],@x[$b3],7)"
+	);
+}
+
+my $xframe = $win64 ? 0xa0 : 0;
+
+$code.=<<___;
+.type	ChaCha20_4xop,\@function,5
+.align	32
+ChaCha20_4xop:
+.LChaCha20_4xop:
+	lea		-0x78(%rsp),%r11
+	sub		\$0x148+$xframe,%rsp
+___
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x40		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x100	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x140
+$code.=<<___	if ($win64);
+	movaps		%xmm6,-0x30(%r11)
+	movaps		%xmm7,-0x20(%r11)
+	movaps		%xmm8,-0x10(%r11)
+	movaps		%xmm9,0x00(%r11)
+	movaps		%xmm10,0x10(%r11)
+	movaps		%xmm11,0x20(%r11)
+	movaps		%xmm12,0x30(%r11)
+	movaps		%xmm13,0x40(%r11)
+	movaps		%xmm14,0x50(%r11)
+	movaps		%xmm15,0x60(%r11)
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqa		.Lsigma(%rip),$xa3	# key[0]
+	vmovdqu		($key),$xb3		# key[1]
+	vmovdqu		16($key),$xt3		# key[2]
+	vmovdqu		($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vmovdqa		$xa0,0x40(%rsp)		# ... and offload
+	vpshufd		\$0xaa,$xa3,$xa2
+	vmovdqa		$xa1,0x50(%rsp)
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa		$xa2,0x60(%rsp)
+	vmovdqa		$xa3,0x70(%rsp)
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vmovdqa		$xb0,0x80-0x100(%rcx)
+	vpshufd		\$0xaa,$xb3,$xb2
+	vmovdqa		$xb1,0x90-0x100(%rcx)
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa		$xb2,0xa0-0x100(%rcx)
+	vmovdqa		$xb3,0xb0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xt3,$xt0	# "$xc0"
+	vpshufd		\$0x55,$xt3,$xt1	# "$xc1"
+	vmovdqa		$xt0,0xc0-0x100(%rcx)
+	vpshufd		\$0xaa,$xt3,$xt2	# "$xc2"
+	vmovdqa		$xt1,0xd0-0x100(%rcx)
+	vpshufd		\$0xff,$xt3,$xt3	# "$xc3"
+	vmovdqa		$xt2,0xe0-0x100(%rcx)
+	vmovdqa		$xt3,0xf0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpaddd		.Linc(%rip),$xd0,$xd0	# don't save counters yet
+	vpshufd		\$0xaa,$xd3,$xd2
+	vmovdqa		$xd1,0x110-0x100(%rcx)
+	vpshufd		\$0xff,$xd3,$xd3
+	vmovdqa		$xd2,0x120-0x100(%rcx)
+	vmovdqa		$xd3,0x130-0x100(%rcx)
+
+	jmp		.Loop_enter4xop
+
+.align	32
+.Loop_outer4xop:
+	vmovdqa		0x40(%rsp),$xa0		# re-load smashed key
+	vmovdqa		0x50(%rsp),$xa1
+	vmovdqa		0x60(%rsp),$xa2
+	vmovdqa		0x70(%rsp),$xa3
+	vmovdqa		0x80-0x100(%rcx),$xb0
+	vmovdqa		0x90-0x100(%rcx),$xb1
+	vmovdqa		0xa0-0x100(%rcx),$xb2
+	vmovdqa		0xb0-0x100(%rcx),$xb3
+	vmovdqa		0xc0-0x100(%rcx),$xt0	# "$xc0"
+	vmovdqa		0xd0-0x100(%rcx),$xt1	# "$xc1"
+	vmovdqa		0xe0-0x100(%rcx),$xt2	# "$xc2"
+	vmovdqa		0xf0-0x100(%rcx),$xt3	# "$xc3"
+	vmovdqa		0x100-0x100(%rcx),$xd0
+	vmovdqa		0x110-0x100(%rcx),$xd1
+	vmovdqa		0x120-0x100(%rcx),$xd2
+	vmovdqa		0x130-0x100(%rcx),$xd3
+	vpaddd		.Lfour(%rip),$xd0,$xd0	# next SIMD counters
+
+.Loop_enter4xop:
+	mov		\$10,%eax
+	vmovdqa		$xd0,0x100-0x100(%rcx)	# save SIMD counters
+	jmp		.Loop4xop
+
+.align	32
+.Loop4xop:
+___
+	foreach (&XOP_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&XOP_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop4xop
+
+	vpaddd		0x40(%rsp),$xa0,$xa0	# accumulate key material
+	vpaddd		0x50(%rsp),$xa1,$xa1
+	vpaddd		0x60(%rsp),$xa2,$xa2
+	vpaddd		0x70(%rsp),$xa3,$xa3
+
+	vmovdqa		$xt2,0x20(%rsp)		# offload $xc2,3
+	vmovdqa		$xt3,0x30(%rsp)
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+        ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		0x80-0x100(%rcx),$xb0,$xb0
+	vpaddd		0x90-0x100(%rcx),$xb1,$xb1
+	vpaddd		0xa0-0x100(%rcx),$xb2,$xb2
+	vpaddd		0xb0-0x100(%rcx),$xb3,$xb3
+
+	vmovdqa		$xa0,0x00(%rsp)		# offload $xa0,1
+	vmovdqa		$xa1,0x10(%rsp)
+	vmovdqa		0x20(%rsp),$xa0		# "xc2"
+	vmovdqa		0x30(%rsp),$xa1		# "xc3"
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	vpaddd		0xc0-0x100(%rcx),$xc0,$xc0
+	vpaddd		0xd0-0x100(%rcx),$xc1,$xc1
+	vpaddd		0xe0-0x100(%rcx),$xc2,$xc2
+	vpaddd		0xf0-0x100(%rcx),$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		0x100-0x100(%rcx),$xd0,$xd0
+	vpaddd		0x110-0x100(%rcx),$xd1,$xd1
+	vpaddd		0x120-0x100(%rcx),$xd2,$xd2
+	vpaddd		0x130-0x100(%rcx),$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+	($xa0,$xa1)=($xt2,$xt3);
+$code.=<<___;
+	vmovdqa		0x00(%rsp),$xa0		# restore $xa0,1
+	vmovdqa		0x10(%rsp),$xa1
+
+	cmp		\$64*4,$len
+	jb		.Ltail4xop
+
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x10($inp),$xb2,$xb2
+	vpxor		0x20($inp),$xc2,$xc2
+	vpxor		0x30($inp),$xd2,$xd2
+	vpxor		0x40($inp),$xa3,$xa3
+	vpxor		0x50($inp),$xb3,$xb3
+	vpxor		0x60($inp),$xc3,$xc3
+	vpxor		0x70($inp),$xd3,$xd3
+	lea		0x80($inp),$inp		# inp+=64*4
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	lea		0x80($out),$out		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x10($out)
+	vmovdqu		$xc2,0x20($out)
+	vmovdqu		$xd2,0x30($out)
+	vmovdqu		$xa3,0x40($out)
+	vmovdqu		$xb3,0x50($out)
+	vmovdqu		$xc3,0x60($out)
+	vmovdqu		$xd3,0x70($out)
+	lea		0x80($out),$out		# out+=64*4
+
+	sub		\$64*4,$len
+	jnz		.Loop_outer4xop
+
+	jmp		.Ldone4xop
+
+.align	32
+.Ltail4xop:
+	cmp		\$192,$len
+	jae		.L192_or_more4xop
+	cmp		\$128,$len
+	jae		.L128_or_more4xop
+	cmp		\$64,$len
+	jae		.L64_or_more4xop
+
+	xor		%r10,%r10
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x10(%rsp)
+	vmovdqa		$xc0,0x20(%rsp)
+	vmovdqa		$xd0,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L64_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	je		.Ldone4xop
+
+	lea		0x40($inp),$inp		# inp+=64*1
+	vmovdqa		$xa1,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb1,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	vmovdqa		$xc1,0x20(%rsp)
+	sub		\$64,$len		# len-=64*1
+	vmovdqa		$xd1,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L128_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	je		.Ldone4xop
+
+	lea		0x80($inp),$inp		# inp+=64*2
+	vmovdqa		$xa2,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb2,0x10(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	vmovdqa		$xc2,0x20(%rsp)
+	sub		\$128,$len		# len-=64*2
+	vmovdqa		$xd2,0x30(%rsp)
+	jmp		.Loop_tail4xop
+
+.align	32
+.L192_or_more4xop:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x10($inp),$xb0,$xb0
+	vpxor		0x20($inp),$xc0,$xc0
+	vpxor		0x30($inp),$xd0,$xd0
+	vpxor		0x40($inp),$xa1,$xa1
+	vpxor		0x50($inp),$xb1,$xb1
+	vpxor		0x60($inp),$xc1,$xc1
+	vpxor		0x70($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x10($inp),$xb2,$xb2
+	vpxor		0x20($inp),$xc2,$xc2
+	vpxor		0x30($inp),$xd2,$xd2
+
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x10($out)
+	vmovdqu		$xc0,0x20($out)
+	vmovdqu		$xd0,0x30($out)
+	vmovdqu		$xa1,0x40($out)
+	vmovdqu		$xb1,0x50($out)
+	vmovdqu		$xc1,0x60($out)
+	vmovdqu		$xd1,0x70($out)
+	lea		0x80($out),$out		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x10($out)
+	vmovdqu		$xc2,0x20($out)
+	vmovdqu		$xd2,0x30($out)
+	je		.Ldone4xop
+
+	lea		0x40($inp),$inp		# inp+=64*3
+	vmovdqa		$xa3,0x00(%rsp)
+	xor		%r10,%r10
+	vmovdqa		$xb3,0x10(%rsp)
+	lea		0x40($out),$out		# out+=64*3
+	vmovdqa		$xc3,0x20(%rsp)
+	sub		\$192,$len		# len-=64*3
+	vmovdqa		$xd3,0x30(%rsp)
+
+.Loop_tail4xop:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail4xop
+
+.Ldone4xop:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea		0x140+0x30(%rsp),%r11
+	movaps		-0x30(%r11),%xmm6
+	movaps		-0x20(%r11),%xmm7
+	movaps		-0x10(%r11),%xmm8
+	movaps		0x00(%r11),%xmm9
+	movaps		0x10(%r11),%xmm10
+	movaps		0x20(%r11),%xmm11
+	movaps		0x30(%r11),%xmm12
+	movaps		0x40(%r11),%xmm13
+	movaps		0x50(%r11),%xmm14
+	movaps		0x60(%r11),%xmm15
+___
+$code.=<<___;
+	add		\$0x148+$xframe,%rsp
+	ret
+.size	ChaCha20_4xop,.-ChaCha20_4xop
+___
+}
+
+########################################################################
+# AVX2 code path
+if ($avx>1) {
+my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3,
+    $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%ymm$_",(0..15));
+my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
+	"%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3);
+
+sub AVX2_lane_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3);
+my @x=map("\"$_\"",@xx);
+
+	# Consider order in which variables are addressed by their
+	# index:
+	#
+	#	a   b   c   d
+	#
+	#	0   4   8  12 < even round
+	#	1   5   9  13
+	#	2   6  10  14
+	#	3   7  11  15
+	#	0   5  10  15 < odd round
+	#	1   6  11  12
+	#	2   7   8  13
+	#	3   4   9  14
+	#
+	# 'a', 'b' and 'd's are permanently allocated in registers,
+	# @x[0..7,12..15], while 'c's are maintained in memory. If
+	# you observe 'c' column, you'll notice that pair of 'c's is
+	# invariant between rounds. This means that we have to reload
+	# them once per round, in the middle. This is why you'll see
+	# bunch of 'c' stores and loads in the middle, but none in
+	# the beginning or end.
+
+	(
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",	# Q1
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	"&vpshufb	(@x[$d0],@x[$d0],$t1)",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",	# Q2
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	 "&vpshufb	(@x[$d1],@x[$d1],$t1)",
+
+	"&vpaddd	($xc,$xc,@x[$d0])",
+	"&vpxor		(@x[$b0],$xc,@x[$b0])",
+	"&vpslld	($t0,@x[$b0],12)",
+	"&vpsrld	(@x[$b0],@x[$b0],20)",
+	"&vpor		(@x[$b0],$t0,@x[$b0])",
+	"&vbroadcasti128($t0,'(%r11)')",		# .Lrot24(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d1])",
+	 "&vpxor	(@x[$b1],$xc_,@x[$b1])",
+	 "&vpslld	($t1,@x[$b1],12)",
+	 "&vpsrld	(@x[$b1],@x[$b1],20)",
+	 "&vpor		(@x[$b1],$t1,@x[$b1])",
+
+	"&vpaddd	(@x[$a0],@x[$a0],@x[$b0])",
+	"&vpxor		(@x[$d0],@x[$a0],@x[$d0])",
+	"&vpshufb	(@x[$d0],@x[$d0],$t0)",
+	 "&vpaddd	(@x[$a1],@x[$a1],@x[$b1])",
+	 "&vpxor	(@x[$d1],@x[$a1],@x[$d1])",
+	 "&vpshufb	(@x[$d1],@x[$d1],$t0)",
+
+	"&vpaddd	($xc,$xc,@x[$d0])",
+	"&vpxor		(@x[$b0],$xc,@x[$b0])",
+	"&vpslld	($t1,@x[$b0],7)",
+	"&vpsrld	(@x[$b0],@x[$b0],25)",
+	"&vpor		(@x[$b0],$t1,@x[$b0])",
+	"&vbroadcasti128($t1,'(%r10)')",		# .Lrot16(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d1])",
+	 "&vpxor	(@x[$b1],$xc_,@x[$b1])",
+	 "&vpslld	($t0,@x[$b1],7)",
+	 "&vpsrld	(@x[$b1],@x[$b1],25)",
+	 "&vpor		(@x[$b1],$t0,@x[$b1])",
+
+	"&vmovdqa	(\"`32*($c0-8)`(%rsp)\",$xc)",	# reload pair of 'c's
+	 "&vmovdqa	(\"`32*($c1-8)`(%rsp)\",$xc_)",
+	"&vmovdqa	($xc,\"`32*($c2-8)`(%rsp)\")",
+	 "&vmovdqa	($xc_,\"`32*($c3-8)`(%rsp)\")",
+
+	"&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",	# Q3
+	"&vpxor		(@x[$d2],@x[$a2],@x[$d2])",
+	"&vpshufb	(@x[$d2],@x[$d2],$t1)",
+	 "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",	# Q4
+	 "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	 "&vpshufb	(@x[$d3],@x[$d3],$t1)",
+
+	"&vpaddd	($xc,$xc,@x[$d2])",
+	"&vpxor		(@x[$b2],$xc,@x[$b2])",
+	"&vpslld	($t0,@x[$b2],12)",
+	"&vpsrld	(@x[$b2],@x[$b2],20)",
+	"&vpor		(@x[$b2],$t0,@x[$b2])",
+	"&vbroadcasti128($t0,'(%r11)')",		# .Lrot24(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d3])",
+	 "&vpxor	(@x[$b3],$xc_,@x[$b3])",
+	 "&vpslld	($t1,@x[$b3],12)",
+	 "&vpsrld	(@x[$b3],@x[$b3],20)",
+	 "&vpor		(@x[$b3],$t1,@x[$b3])",
+
+	"&vpaddd	(@x[$a2],@x[$a2],@x[$b2])",
+	"&vpxor		(@x[$d2],@x[$a2],@x[$d2])",
+	"&vpshufb	(@x[$d2],@x[$d2],$t0)",
+	 "&vpaddd	(@x[$a3],@x[$a3],@x[$b3])",
+	 "&vpxor	(@x[$d3],@x[$a3],@x[$d3])",
+	 "&vpshufb	(@x[$d3],@x[$d3],$t0)",
+
+	"&vpaddd	($xc,$xc,@x[$d2])",
+	"&vpxor		(@x[$b2],$xc,@x[$b2])",
+	"&vpslld	($t1,@x[$b2],7)",
+	"&vpsrld	(@x[$b2],@x[$b2],25)",
+	"&vpor		(@x[$b2],$t1,@x[$b2])",
+	"&vbroadcasti128($t1,'(%r10)')",		# .Lrot16(%rip)
+	 "&vpaddd	($xc_,$xc_,@x[$d3])",
+	 "&vpxor	(@x[$b3],$xc_,@x[$b3])",
+	 "&vpslld	($t0,@x[$b3],7)",
+	 "&vpsrld	(@x[$b3],@x[$b3],25)",
+	 "&vpor		(@x[$b3],$t0,@x[$b3])"
+	);
+}
+
+my $xframe = $win64 ? 0xb0 : 8;
+
+$code.=<<___;
+.type	ChaCha20_8x,\@function,5
+.align	32
+ChaCha20_8x:
+.LChaCha20_8x:
+	mov		%rsp,%r10
+	sub		\$0x280+$xframe,%rsp
+	and		\$-32,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		0x290+0x30(%rsp),%r11
+	movaps		%xmm6,-0x30(%r11)
+	movaps		%xmm7,-0x20(%r11)
+	movaps		%xmm8,-0x10(%r11)
+	movaps		%xmm9,0x00(%r11)
+	movaps		%xmm10,0x10(%r11)
+	movaps		%xmm11,0x20(%r11)
+	movaps		%xmm12,0x30(%r11)
+	movaps		%xmm13,0x40(%r11)
+	movaps		%xmm14,0x50(%r11)
+	movaps		%xmm15,0x60(%r11)
+___
+$code.=<<___;
+	vzeroupper
+	mov		%r10,0x280(%rsp)
+
+	################ stack layout
+	# +0x00		SIMD equivalent of @x[8-12]
+	# ...
+	# +0x80		constant copy of key[0-2] smashed by lanes
+	# ...
+	# +0x200	SIMD counters (with nonce smashed by lanes)
+	# ...
+	# +0x280	saved %rsp
+
+	vbroadcasti128	.Lsigma(%rip),$xa3	# key[0]
+	vbroadcasti128	($key),$xb3		# key[1]
+	vbroadcasti128	16($key),$xt3		# key[2]
+	vbroadcasti128	($counter),$xd3		# key[3]
+	lea		0x100(%rsp),%rcx	# size optimization
+	lea		0x200(%rsp),%rax	# size optimization
+	lea		.Lrot16(%rip),%r10
+	lea		.Lrot24(%rip),%r11
+
+	vpshufd		\$0x00,$xa3,$xa0	# smash key by lanes...
+	vpshufd		\$0x55,$xa3,$xa1
+	vmovdqa		$xa0,0x80-0x100(%rcx)	# ... and offload
+	vpshufd		\$0xaa,$xa3,$xa2
+	vmovdqa		$xa1,0xa0-0x100(%rcx)
+	vpshufd		\$0xff,$xa3,$xa3
+	vmovdqa		$xa2,0xc0-0x100(%rcx)
+	vmovdqa		$xa3,0xe0-0x100(%rcx)
+
+	vpshufd		\$0x00,$xb3,$xb0
+	vpshufd		\$0x55,$xb3,$xb1
+	vmovdqa		$xb0,0x100-0x100(%rcx)
+	vpshufd		\$0xaa,$xb3,$xb2
+	vmovdqa		$xb1,0x120-0x100(%rcx)
+	vpshufd		\$0xff,$xb3,$xb3
+	vmovdqa		$xb2,0x140-0x100(%rcx)
+	vmovdqa		$xb3,0x160-0x100(%rcx)
+
+	vpshufd		\$0x00,$xt3,$xt0	# "xc0"
+	vpshufd		\$0x55,$xt3,$xt1	# "xc1"
+	vmovdqa		$xt0,0x180-0x200(%rax)
+	vpshufd		\$0xaa,$xt3,$xt2	# "xc2"
+	vmovdqa		$xt1,0x1a0-0x200(%rax)
+	vpshufd		\$0xff,$xt3,$xt3	# "xc3"
+	vmovdqa		$xt2,0x1c0-0x200(%rax)
+	vmovdqa		$xt3,0x1e0-0x200(%rax)
+
+	vpshufd		\$0x00,$xd3,$xd0
+	vpshufd		\$0x55,$xd3,$xd1
+	vpaddd		.Lincy(%rip),$xd0,$xd0	# don't save counters yet
+	vpshufd		\$0xaa,$xd3,$xd2
+	vmovdqa		$xd1,0x220-0x200(%rax)
+	vpshufd		\$0xff,$xd3,$xd3
+	vmovdqa		$xd2,0x240-0x200(%rax)
+	vmovdqa		$xd3,0x260-0x200(%rax)
+
+	jmp		.Loop_enter8x
+
+.align	32
+.Loop_outer8x:
+	vmovdqa		0x80-0x100(%rcx),$xa0	# re-load smashed key
+	vmovdqa		0xa0-0x100(%rcx),$xa1
+	vmovdqa		0xc0-0x100(%rcx),$xa2
+	vmovdqa		0xe0-0x100(%rcx),$xa3
+	vmovdqa		0x100-0x100(%rcx),$xb0
+	vmovdqa		0x120-0x100(%rcx),$xb1
+	vmovdqa		0x140-0x100(%rcx),$xb2
+	vmovdqa		0x160-0x100(%rcx),$xb3
+	vmovdqa		0x180-0x200(%rax),$xt0	# "xc0"
+	vmovdqa		0x1a0-0x200(%rax),$xt1	# "xc1"
+	vmovdqa		0x1c0-0x200(%rax),$xt2	# "xc2"
+	vmovdqa		0x1e0-0x200(%rax),$xt3	# "xc3"
+	vmovdqa		0x200-0x200(%rax),$xd0
+	vmovdqa		0x220-0x200(%rax),$xd1
+	vmovdqa		0x240-0x200(%rax),$xd2
+	vmovdqa		0x260-0x200(%rax),$xd3
+	vpaddd		.Leight(%rip),$xd0,$xd0	# next SIMD counters
+
+.Loop_enter8x:
+	vmovdqa		$xt2,0x40(%rsp)		# SIMD equivalent of "@x[10]"
+	vmovdqa		$xt3,0x60(%rsp)		# SIMD equivalent of "@x[11]"
+	vbroadcasti128	(%r10),$xt3
+	vmovdqa		$xd0,0x200-0x200(%rax)	# save SIMD counters
+	mov		\$10,%eax
+	jmp		.Loop8x
+
+.align	32
+.Loop8x:
+___
+	foreach (&AVX2_lane_ROUND(0, 4, 8,12)) { eval; }
+	foreach (&AVX2_lane_ROUND(0, 5,10,15)) { eval; }
+$code.=<<___;
+	dec		%eax
+	jnz		.Loop8x
+
+	lea		0x200(%rsp),%rax	# size optimization
+	vpaddd		0x80-0x100(%rcx),$xa0,$xa0	# accumulate key
+	vpaddd		0xa0-0x100(%rcx),$xa1,$xa1
+	vpaddd		0xc0-0x100(%rcx),$xa2,$xa2
+	vpaddd		0xe0-0x100(%rcx),$xa3,$xa3
+
+	vpunpckldq	$xa1,$xa0,$xt2		# "de-interlace" data
+	vpunpckldq	$xa3,$xa2,$xt3
+	vpunpckhdq	$xa1,$xa0,$xa0
+	vpunpckhdq	$xa3,$xa2,$xa2
+	vpunpcklqdq	$xt3,$xt2,$xa1		# "a0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "a1"
+	vpunpcklqdq	$xa2,$xa0,$xa3		# "a2"
+	vpunpckhqdq	$xa2,$xa0,$xa0		# "a3"
+___
+	($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2);
+$code.=<<___;
+	vpaddd		0x100-0x100(%rcx),$xb0,$xb0
+	vpaddd		0x120-0x100(%rcx),$xb1,$xb1
+	vpaddd		0x140-0x100(%rcx),$xb2,$xb2
+	vpaddd		0x160-0x100(%rcx),$xb3,$xb3
+
+	vpunpckldq	$xb1,$xb0,$xt2
+	vpunpckldq	$xb3,$xb2,$xt3
+	vpunpckhdq	$xb1,$xb0,$xb0
+	vpunpckhdq	$xb3,$xb2,$xb2
+	vpunpcklqdq	$xt3,$xt2,$xb1		# "b0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "b1"
+	vpunpcklqdq	$xb2,$xb0,$xb3		# "b2"
+	vpunpckhqdq	$xb2,$xb0,$xb0		# "b3"
+___
+	($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xb0,$xa0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xb0,$xa0,$xb0
+	vperm2i128	\$0x20,$xb1,$xa1,$xa0
+	vperm2i128	\$0x31,$xb1,$xa1,$xb1
+	vperm2i128	\$0x20,$xb2,$xa2,$xa1
+	vperm2i128	\$0x31,$xb2,$xa2,$xb2
+	vperm2i128	\$0x20,$xb3,$xa3,$xa2
+	vperm2i128	\$0x31,$xb3,$xa3,$xb3
+___
+	($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3);
+	my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1);
+$code.=<<___;
+	vmovdqa		$xa0,0x00(%rsp)		# offload $xaN
+	vmovdqa		$xa1,0x20(%rsp)
+	vmovdqa		0x40(%rsp),$xc2		# $xa0
+	vmovdqa		0x60(%rsp),$xc3		# $xa1
+
+	vpaddd		0x180-0x200(%rax),$xc0,$xc0
+	vpaddd		0x1a0-0x200(%rax),$xc1,$xc1
+	vpaddd		0x1c0-0x200(%rax),$xc2,$xc2
+	vpaddd		0x1e0-0x200(%rax),$xc3,$xc3
+
+	vpunpckldq	$xc1,$xc0,$xt2
+	vpunpckldq	$xc3,$xc2,$xt3
+	vpunpckhdq	$xc1,$xc0,$xc0
+	vpunpckhdq	$xc3,$xc2,$xc2
+	vpunpcklqdq	$xt3,$xt2,$xc1		# "c0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "c1"
+	vpunpcklqdq	$xc2,$xc0,$xc3		# "c2"
+	vpunpckhqdq	$xc2,$xc0,$xc0		# "c3"
+___
+	($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2);
+$code.=<<___;
+	vpaddd		0x200-0x200(%rax),$xd0,$xd0
+	vpaddd		0x220-0x200(%rax),$xd1,$xd1
+	vpaddd		0x240-0x200(%rax),$xd2,$xd2
+	vpaddd		0x260-0x200(%rax),$xd3,$xd3
+
+	vpunpckldq	$xd1,$xd0,$xt2
+	vpunpckldq	$xd3,$xd2,$xt3
+	vpunpckhdq	$xd1,$xd0,$xd0
+	vpunpckhdq	$xd3,$xd2,$xd2
+	vpunpcklqdq	$xt3,$xt2,$xd1		# "d0"
+	vpunpckhqdq	$xt3,$xt2,$xt2		# "d1"
+	vpunpcklqdq	$xd2,$xd0,$xd3		# "d2"
+	vpunpckhqdq	$xd2,$xd0,$xd0		# "d3"
+___
+	($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2);
+$code.=<<___;
+	vperm2i128	\$0x20,$xd0,$xc0,$xt3	# "de-interlace" further
+	vperm2i128	\$0x31,$xd0,$xc0,$xd0
+	vperm2i128	\$0x20,$xd1,$xc1,$xc0
+	vperm2i128	\$0x31,$xd1,$xc1,$xd1
+	vperm2i128	\$0x20,$xd2,$xc2,$xc1
+	vperm2i128	\$0x31,$xd2,$xc2,$xd2
+	vperm2i128	\$0x20,$xd3,$xc3,$xc2
+	vperm2i128	\$0x31,$xd3,$xc3,$xd3
+___
+	($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3);
+	($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)=
+	($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3);
+	($xa0,$xa1)=($xt2,$xt3);
+$code.=<<___;
+	vmovdqa		0x00(%rsp),$xa0		# $xaN was offloaded, remember?
+	vmovdqa		0x20(%rsp),$xa1
+
+	cmp		\$64*8,$len
+	jb		.Ltail8x
+
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa1,$xa1
+	vpxor		0x20($inp),$xb1,$xb1
+	vpxor		0x40($inp),$xc1,$xc1
+	vpxor		0x60($inp),$xd1,$xd1
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa1,0x00($out)
+	vmovdqu		$xb1,0x20($out)
+	vmovdqu		$xc1,0x40($out)
+	vmovdqu		$xd1,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa2,$xa2
+	vpxor		0x20($inp),$xb2,$xb2
+	vpxor		0x40($inp),$xc2,$xc2
+	vpxor		0x60($inp),$xd2,$xd2
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa2,0x00($out)
+	vmovdqu		$xb2,0x20($out)
+	vmovdqu		$xc2,0x40($out)
+	vmovdqu		$xd2,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	vpxor		0x00($inp),$xa3,$xa3
+	vpxor		0x20($inp),$xb3,$xb3
+	vpxor		0x40($inp),$xc3,$xc3
+	vpxor		0x60($inp),$xd3,$xd3
+	lea		0x80($inp),$inp		# size optimization
+	vmovdqu		$xa3,0x00($out)
+	vmovdqu		$xb3,0x20($out)
+	vmovdqu		$xc3,0x40($out)
+	vmovdqu		$xd3,0x60($out)
+	lea		0x80($out),$out		# size optimization
+
+	sub		\$64*8,$len
+	jnz		.Loop_outer8x
+
+	jmp		.Ldone8x
+
+.Ltail8x:
+	cmp		\$448,$len
+	jae		.L448_or_more8x
+	cmp		\$384,$len
+	jae		.L384_or_more8x
+	cmp		\$320,$len
+	jae		.L320_or_more8x
+	cmp		\$256,$len
+	jae		.L256_or_more8x
+	cmp		\$192,$len
+	jae		.L192_or_more8x
+	cmp		\$128,$len
+	jae		.L128_or_more8x
+	cmp		\$64,$len
+	jae		.L64_or_more8x
+
+	xor		%r10,%r10
+	vmovdqa		$xa0,0x00(%rsp)
+	vmovdqa		$xb0,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L64_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	je		.Ldone8x
+
+	lea		0x40($inp),$inp		# inp+=64*1
+	xor		%r10,%r10
+	vmovdqa		$xc0,0x00(%rsp)
+	lea		0x40($out),$out		# out+=64*1
+	sub		\$64,$len		# len-=64*1
+	vmovdqa		$xd0,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L128_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	je		.Ldone8x
+
+	lea		0x80($inp),$inp		# inp+=64*2
+	xor		%r10,%r10
+	vmovdqa		$xa1,0x00(%rsp)
+	lea		0x80($out),$out		# out+=64*2
+	sub		\$128,$len		# len-=64*2
+	vmovdqa		$xb1,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L192_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	je		.Ldone8x
+
+	lea		0xc0($inp),$inp		# inp+=64*3
+	xor		%r10,%r10
+	vmovdqa		$xc1,0x00(%rsp)
+	lea		0xc0($out),$out		# out+=64*3
+	sub		\$192,$len		# len-=64*3
+	vmovdqa		$xd1,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L256_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	je		.Ldone8x
+
+	lea		0x100($inp),$inp	# inp+=64*4
+	xor		%r10,%r10
+	vmovdqa		$xa2,0x00(%rsp)
+	lea		0x100($out),$out	# out+=64*4
+	sub		\$256,$len		# len-=64*4
+	vmovdqa		$xb2,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L320_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	je		.Ldone8x
+
+	lea		0x140($inp),$inp	# inp+=64*5
+	xor		%r10,%r10
+	vmovdqa		$xc2,0x00(%rsp)
+	lea		0x140($out),$out	# out+=64*5
+	sub		\$320,$len		# len-=64*5
+	vmovdqa		$xd2,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L384_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vpxor		0x140($inp),$xc2,$xc2
+	vpxor		0x160($inp),$xd2,$xd2
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	vmovdqu		$xc2,0x140($out)
+	vmovdqu		$xd2,0x160($out)
+	je		.Ldone8x
+
+	lea		0x180($inp),$inp	# inp+=64*6
+	xor		%r10,%r10
+	vmovdqa		$xa3,0x00(%rsp)
+	lea		0x180($out),$out	# out+=64*6
+	sub		\$384,$len		# len-=64*6
+	vmovdqa		$xb3,0x20(%rsp)
+	jmp		.Loop_tail8x
+
+.align	32
+.L448_or_more8x:
+	vpxor		0x00($inp),$xa0,$xa0	# xor with input
+	vpxor		0x20($inp),$xb0,$xb0
+	vpxor		0x40($inp),$xc0,$xc0
+	vpxor		0x60($inp),$xd0,$xd0
+	vpxor		0x80($inp),$xa1,$xa1
+	vpxor		0xa0($inp),$xb1,$xb1
+	vpxor		0xc0($inp),$xc1,$xc1
+	vpxor		0xe0($inp),$xd1,$xd1
+	vpxor		0x100($inp),$xa2,$xa2
+	vpxor		0x120($inp),$xb2,$xb2
+	vpxor		0x140($inp),$xc2,$xc2
+	vpxor		0x160($inp),$xd2,$xd2
+	vpxor		0x180($inp),$xa3,$xa3
+	vpxor		0x1a0($inp),$xb3,$xb3
+	vmovdqu		$xa0,0x00($out)
+	vmovdqu		$xb0,0x20($out)
+	vmovdqu		$xc0,0x40($out)
+	vmovdqu		$xd0,0x60($out)
+	vmovdqu		$xa1,0x80($out)
+	vmovdqu		$xb1,0xa0($out)
+	vmovdqu		$xc1,0xc0($out)
+	vmovdqu		$xd1,0xe0($out)
+	vmovdqu		$xa2,0x100($out)
+	vmovdqu		$xb2,0x120($out)
+	vmovdqu		$xc2,0x140($out)
+	vmovdqu		$xd2,0x160($out)
+	vmovdqu		$xa3,0x180($out)
+	vmovdqu		$xb3,0x1a0($out)
+	je		.Ldone8x
+
+	lea		0x1c0($inp),$inp	# inp+=64*7
+	xor		%r10,%r10
+	vmovdqa		$xc3,0x00(%rsp)
+	lea		0x1c0($out),$out	# out+=64*7
+	sub		\$448,$len		# len-=64*7
+	vmovdqa		$xd3,0x20(%rsp)
+
+.Loop_tail8x:
+	movzb		($inp,%r10),%eax
+	movzb		(%rsp,%r10),%ecx
+	lea		1(%r10),%r10
+	xor		%ecx,%eax
+	mov		%al,-1($out,%r10)
+	dec		$len
+	jnz		.Loop_tail8x
+
+.Ldone8x:
+	vzeroall
+___
+$code.=<<___	if ($win64);
+	lea		0x290+0x30(%rsp),%r11
+	movaps		-0x30(%r11),%xmm6
+	movaps		-0x20(%r11),%xmm7
+	movaps		-0x10(%r11),%xmm8
+	movaps		0x00(%r11),%xmm9
+	movaps		0x10(%r11),%xmm10
+	movaps		0x20(%r11),%xmm11
+	movaps		0x30(%r11),%xmm12
+	movaps		0x40(%r11),%xmm13
+	movaps		0x50(%r11),%xmm14
+	movaps		0x60(%r11),%xmm15
+___
+$code.=<<___;
+	mov		0x280(%rsp),%rsp
+	ret
+.size	ChaCha20_8x,.-ChaCha20_8x
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/%x#%y/%x/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/chacha/build.info b/openssl-1.1.0h/crypto/chacha/build.info
new file mode 100644
index 0000000..f99114c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/build.info
@@ -0,0 +1,17 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]={- $target{chacha_asm_src} -}
+
+GENERATE[chacha-x86.s]=asm/chacha-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl $(PERLASM_SCHEME)
+GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[chacha-armv4.o]=..
+GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[chacha-armv8.o]=..
+
+BEGINRAW[Makefile(unix)]
+##### CHACHA assembler implementations
+
+{- $builddir -}/chacha-%.S:	{- $sourcedir -}/asm/chacha-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/openssl-1.1.0h/crypto/chacha/chacha_enc.c b/openssl-1.1.0h/crypto/chacha/chacha_enc.c
new file mode 100644
index 0000000..239f68a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/chacha/chacha_enc.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
+
+#include <string.h>
+
+#include "internal/chacha.h"
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+typedef union {
+    u32 u[16];
+    u8 c[64];
+} chacha_buf;
+
+# define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+
+# define U32TO8_LITTLE(p, v) do { \
+                                (p)[0] = (u8)(v >>  0); \
+                                (p)[1] = (u8)(v >>  8); \
+                                (p)[2] = (u8)(v >> 16); \
+                                (p)[3] = (u8)(v >> 24); \
+                                } while(0)
+
+/* QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. */
+# define QUARTERROUND(a,b,c,d) ( \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]),16), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]),12), \
+                x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \
+                x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7)  )
+
+/* chacha_core performs 20 rounds of ChaCha on the input words in
+ * |input| and writes the 64 output bytes to |output|. */
+static void chacha20_core(chacha_buf *output, const u32 input[16])
+{
+    u32 x[16];
+    int i;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memcpy(x, input, sizeof(x));
+
+    for (i = 20; i > 0; i -= 2) {
+        QUARTERROUND(0, 4, 8, 12);
+        QUARTERROUND(1, 5, 9, 13);
+        QUARTERROUND(2, 6, 10, 14);
+        QUARTERROUND(3, 7, 11, 15);
+        QUARTERROUND(0, 5, 10, 15);
+        QUARTERROUND(1, 6, 11, 12);
+        QUARTERROUND(2, 7, 8, 13);
+        QUARTERROUND(3, 4, 9, 14);
+    }
+
+    if (is_endian.little) {
+        for (i = 0; i < 16; ++i)
+            output->u[i] = x[i] + input[i];
+    } else {
+        for (i = 0; i < 16; ++i)
+            U32TO8_LITTLE(output->c + 4 * i, (x[i] + input[i]));
+    }
+}
+
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    u32 input[16];
+    chacha_buf buf;
+    size_t todo, i;
+
+    /* sigma constant "expand 32-byte k" in little-endian encoding */
+    input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24);
+    input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24);
+    input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24);
+    input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24);
+
+    input[4] = key[0];
+    input[5] = key[1];
+    input[6] = key[2];
+    input[7] = key[3];
+    input[8] = key[4];
+    input[9] = key[5];
+    input[10] = key[6];
+    input[11] = key[7];
+
+    input[12] = counter[0];
+    input[13] = counter[1];
+    input[14] = counter[2];
+    input[15] = counter[3];
+
+    while (len > 0) {
+        todo = sizeof(buf);
+        if (len < todo)
+            todo = len;
+
+        chacha20_core(&buf, input);
+
+        for (i = 0; i < todo; i++)
+            out[i] = inp[i] ^ buf.c[i];
+        out += todo;
+        inp += todo;
+        len -= todo;
+
+        /*
+         * Advance 32-bit counter. Note that as subroutine is so to
+         * say nonce-agnostic, this limited counter width doesn't
+         * prevent caller from implementing wider counter. It would
+         * simply take two calls split on counter overflow...
+         */
+        input[12]++;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/cmac/build.info b/openssl-1.1.0h/crypto/cmac/build.info
new file mode 100644
index 0000000..c8a4949
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cmac/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=cmac.c cm_ameth.c cm_pmeth.c
diff --git a/openssl-1.1.0h/crypto/cmac/cm_ameth.c b/openssl-1.1.0h/crypto/cmac/cm_ameth.c
new file mode 100644
index 0000000..a58454a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cmac/cm_ameth.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "internal/asn1_int.h"
+
+/*
+ * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
+ * length and to free up a CMAC key.
+ */
+
+static int cmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_BLOCK_LENGTH;
+}
+
+static void cmac_key_free(EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+    CMAC_CTX_free(cmctx);
+}
+
+const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_CMAC,
+    0,
+
+    "CMAC",
+    "OpenSSL CMAC method",
+
+    0, 0, 0, 0,
+
+    0, 0, 0,
+
+    cmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    cmac_key_free,
+    0,
+    0, 0
+};
diff --git a/openssl-1.1.0h/crypto/cmac/cm_pmeth.c b/openssl-1.1.0h/crypto/cmac/cm_pmeth.c
new file mode 100644
index 0000000..10748f1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cmac/cm_pmeth.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "internal/evp_int.h"
+
+/* The context structure and "key" is simply a CMAC_CTX */
+
+static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
+{
+    ctx->data = CMAC_CTX_new();
+    if (ctx->data == NULL)
+        return 0;
+    ctx->keygen_info_count = 0;
+    return 1;
+}
+
+static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    if (!pkey_cmac_init(dst))
+        return 0;
+    if (!CMAC_CTX_copy(dst->data, src->data))
+        return 0;
+    return 1;
+}
+
+static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    CMAC_CTX_free(ctx->data);
+}
+
+static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmkey = CMAC_CTX_new();
+    CMAC_CTX *cmctx = ctx->data;
+    if (cmkey == NULL)
+        return 0;
+    if (!CMAC_CTX_copy(cmkey, cmctx)) {
+        CMAC_CTX_free(cmkey);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
+        return 0;
+    return 1;
+}
+
+static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    return CMAC_Final(ctx->data, sig, siglen);
+}
+
+static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    CMAC_CTX *cmctx = ctx->data;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if (!p2 || p1 < 0)
+            return 0;
+        if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_CIPHER:
+        if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        if (ctx->pkey && !CMAC_CTX_copy(ctx->data,
+                                        (CMAC_CTX *)ctx->pkey->pkey.ptr))
+            return 0;
+        if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "cipher") == 0) {
+        const EVP_CIPHER *c;
+        c = EVP_get_cipherbyname(value);
+        if (!c)
+            return 0;
+        return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD cmac_pkey_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    pkey_cmac_init,
+    pkey_cmac_copy,
+    pkey_cmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_cmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    cmac_signctx_init,
+    cmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_cmac_ctrl,
+    pkey_cmac_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/cmac/cmac.c b/openssl-1.1.0h/crypto/cmac/cmac.c
new file mode 100644
index 0000000..46e3cb7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cmac/cmac.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/cmac.h>
+
+struct CMAC_CTX_st {
+    /* Cipher context to use */
+    EVP_CIPHER_CTX *cctx;
+    /* Keys k1 and k2 */
+    unsigned char k1[EVP_MAX_BLOCK_LENGTH];
+    unsigned char k2[EVP_MAX_BLOCK_LENGTH];
+    /* Temporary block */
+    unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
+    /* Last (possibly partial) block */
+    unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
+    /* Number of bytes in last block: -1 means context not initialised */
+    int nlast_block;
+};
+
+/* Make temporary keys K1 and K2 */
+
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
+{
+    int i;
+    unsigned char c = l[0], carry = c >> 7, cnext;
+
+    /* Shift block to left, including carry */
+    for (i = 0; i < bl - 1; i++, c = cnext)
+        k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);
+
+    /* If MSB set fixup with R */
+    k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
+}
+
+CMAC_CTX *CMAC_CTX_new(void)
+{
+    CMAC_CTX *ctx;
+
+    ctx = OPENSSL_malloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return NULL;
+    ctx->cctx = EVP_CIPHER_CTX_new();
+    if (ctx->cctx == NULL) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
+    ctx->nlast_block = -1;
+    return ctx;
+}
+
+void CMAC_CTX_cleanup(CMAC_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx->cctx);
+    OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
+    ctx->nlast_block = -1;
+}
+
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
+{
+    return ctx->cctx;
+}
+
+void CMAC_CTX_free(CMAC_CTX *ctx)
+{
+    if (!ctx)
+        return;
+    CMAC_CTX_cleanup(ctx);
+    EVP_CIPHER_CTX_free(ctx->cctx);
+    OPENSSL_free(ctx);
+}
+
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
+{
+    int bl;
+    if (in->nlast_block == -1)
+        return 0;
+    if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(in->cctx);
+    memcpy(out->k1, in->k1, bl);
+    memcpy(out->k2, in->k2, bl);
+    memcpy(out->tbl, in->tbl, bl);
+    memcpy(out->last_block, in->last_block, bl);
+    out->nlast_block = in->nlast_block;
+    return 1;
+}
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl)
+{
+    static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
+    /* All zeros means restart */
+    if (!key && !cipher && !impl && keylen == 0) {
+        /* Not initialised */
+        if (ctx->nlast_block == -1)
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
+        ctx->nlast_block = 0;
+        return 1;
+    }
+    /* Initialise context */
+    if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
+        return 0;
+    /* Non-NULL key means initialisation complete */
+    if (key) {
+        int bl;
+        if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
+            return 0;
+        if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
+            return 0;
+        bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
+            return 0;
+        make_kn(ctx->k1, ctx->tbl, bl);
+        make_kn(ctx->k2, ctx->k1, bl);
+        OPENSSL_cleanse(ctx->tbl, bl);
+        /* Reset context again ready for first data block */
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        /* Zero tbl so resume works */
+        memset(ctx->tbl, 0, bl);
+        ctx->nlast_block = 0;
+    }
+    return 1;
+}
+
+int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
+{
+    const unsigned char *data = in;
+    size_t bl;
+    if (ctx->nlast_block == -1)
+        return 0;
+    if (dlen == 0)
+        return 1;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    /* Copy into partial block if we need to */
+    if (ctx->nlast_block > 0) {
+        size_t nleft;
+        nleft = bl - ctx->nlast_block;
+        if (dlen < nleft)
+            nleft = dlen;
+        memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
+        dlen -= nleft;
+        ctx->nlast_block += nleft;
+        /* If no more to process return */
+        if (dlen == 0)
+            return 1;
+        data += nleft;
+        /* Else not final block so encrypt it */
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
+            return 0;
+    }
+    /* Encrypt all but one of the complete blocks left */
+    while (dlen > bl) {
+        if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
+            return 0;
+        dlen -= bl;
+        data += bl;
+    }
+    /* Copy any data left to last block buffer */
+    memcpy(ctx->last_block, data, dlen);
+    ctx->nlast_block = dlen;
+    return 1;
+
+}
+
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
+{
+    int i, bl, lb;
+    if (ctx->nlast_block == -1)
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    *poutlen = (size_t)bl;
+    if (!out)
+        return 1;
+    lb = ctx->nlast_block;
+    /* Is last block complete? */
+    if (lb == bl) {
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k1[i];
+    } else {
+        ctx->last_block[lb] = 0x80;
+        if (bl - lb > 1)
+            memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k2[i];
+    }
+    if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
+        OPENSSL_cleanse(out, bl);
+        return 0;
+    }
+    return 1;
+}
+
+int CMAC_resume(CMAC_CTX *ctx)
+{
+    if (ctx->nlast_block == -1)
+        return 0;
+    /*
+     * The buffer "tbl" contains the last fully encrypted block which is the
+     * last IV (or all zeroes if no last encrypted block). The last block has
+     * not been modified since CMAC_final(). So reinitialising using the last
+     * decrypted block will allow CMAC to continue after calling
+     * CMAC_Final().
+     */
+    return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+}
diff --git a/openssl-1.1.0h/crypto/cms/build.info b/openssl-1.1.0h/crypto/cms/build.info
new file mode 100644
index 0000000..cb67543
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
+        cms_pwri.c cms_kari.c
diff --git a/openssl-1.1.0h/crypto/cms/cms_asn1.c b/openssl-1.1.0h/crypto/cms/cms_asn1.c
new file mode 100644
index 0000000..0a594f4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_asn1.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+        ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+        ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+        ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+        ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+        ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+        ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+        ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+        ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+        ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+        EVP_PKEY_free(si->pkey);
+        X509_free(si->signer);
+        EVP_MD_CTX_free(si->mctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+        ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+        ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+        ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+        ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+        ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+        ASN1_SIMPLE(CMS_SignedData, version, LONG),
+        ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+        ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+        ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+        ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+        ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
+    if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_free(rek->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = {
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
+    if (operation == ASN1_OP_NEW_POST) {
+        kari->ctx = EVP_CIPHER_CTX_new();
+        if (kari->ctx == NULL)
+            return 0;
+        EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+        kari->pctx = NULL;
+    } else if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_CTX_free(kari->pctx);
+        EVP_CIPHER_CTX_free(kari->ctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
+        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+        ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+        ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+        ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+        ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+        if (ri->type == CMS_RECIPINFO_TRANS) {
+            CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+            EVP_PKEY_free(ktri->pkey);
+            X509_free(ktri->recip);
+            EVP_PKEY_CTX_free(ktri->pctx);
+        } else if (ri->type == CMS_RECIPINFO_KEK) {
+            CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+            OPENSSL_clear_free(kekri->key, kekri->keylen);
+        } else if (ri->type == CMS_RECIPINFO_PASS) {
+            CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
+            OPENSSL_clear_free(pwri->pass, pwri->passlen);
+        }
+    }
+    return 1;
+}
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+        ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+        ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+        ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+        ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+        ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+        ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+        ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+        ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+        ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+        ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+        ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+        ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+        ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+        ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+        ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+        ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+        ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+        ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    CMS_ContentInfo *cms = NULL;
+    if (pval)
+        cms = (CMS_ContentInfo *)*pval;
+    else
+        return 1;
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (CMS_stream(&sarg->boundary, cms) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
+        ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+  ASN1_SIMPLE(CMS_Receipt, version, LONG),
+  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
+
+/*
+ * Utilities to encode the CMS_SharedInfo structure used during key
+ * derivation.
+ */
+
+typedef struct {
+    X509_ALGOR *keyInfo;
+    ASN1_OCTET_STRING *entityUInfo;
+    ASN1_OCTET_STRING *suppPubInfo;
+} CMS_SharedInfo;
+
+ASN1_SEQUENCE(CMS_SharedInfo) = {
+  ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
+  ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
+  ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
+} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen)
+{
+    union {
+        CMS_SharedInfo *pecsi;
+        ASN1_VALUE *a;
+    } intsi = {
+        NULL
+    };
+
+    ASN1_OCTET_STRING oklen;
+    unsigned char kl[4];
+    CMS_SharedInfo ecsi;
+
+    keylen <<= 3;
+    kl[0] = (keylen >> 24) & 0xff;
+    kl[1] = (keylen >> 16) & 0xff;
+    kl[2] = (keylen >> 8) & 0xff;
+    kl[3] = keylen & 0xff;
+    oklen.length = 4;
+    oklen.data = kl;
+    oklen.type = V_ASN1_OCTET_STRING;
+    oklen.flags = 0;
+    ecsi.keyInfo = kekalg;
+    ecsi.entityUInfo = ukm;
+    ecsi.suppPubInfo = &oklen;
+    intsi.pecsi = &ecsi;
+    return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo));
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_att.c b/openssl-1.1.0h/crypto/cms/cms_att.c
new file mode 100644
index 0000000..664e649
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_att.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->signedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type, const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos)
+{
+    return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->unsignedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
diff --git a/openssl-1.1.0h/crypto/cms/cms_cd.c b/openssl-1.1.0h/crypto/cms/cms_cd.c
new file mode 100644
index 0000000..f05e308
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_cd.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_lcl.h"
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+{
+    CMS_ContentInfo *cms;
+    CMS_CompressedData *cd;
+    /*
+     * Will need something cleverer if there is ever more than one
+     * compression algorithm or parameters have some meaning...
+     */
+    if (comp_nid != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    cd = M_ASN1_new_of(CMS_CompressedData);
+
+    if (cd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+    cms->d.compressedData = cd;
+
+    cd->version = 0;
+
+    X509_ALGOR_set0(cd->compressionAlgorithm,
+                    OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL);
+
+    cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_CompressedData *cd;
+    const ASN1_OBJECT *compoid;
+    if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+        return NULL;
+    }
+    cd = cms->d.compressedData;
+    X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+    if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    return BIO_new(BIO_f_zlib());
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/cms/cms_dd.c b/openssl-1.1.0h/crypto/cms/cms_dd.c
new file mode 100644
index 0000000..5da6802
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_dd.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+{
+    CMS_ContentInfo *cms;
+    CMS_DigestedData *dd;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    dd = M_ASN1_new_of(CMS_DigestedData);
+
+    if (dd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+    cms->d.digestedData = dd;
+
+    dd->version = 0;
+    dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    X509_ALGOR_set_md(dd->digestAlgorithm, md);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_DigestedData *dd;
+    dd = cms->d.digestedData;
+    return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+}
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdlen;
+    int r = 0;
+    CMS_DigestedData *dd;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    dd = cms->d.digestedData;
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
+        goto err;
+
+    if (verify) {
+        if (mdlen != (unsigned int)dd->digest->length) {
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(md, dd->digest->data, mdlen))
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_VERIFICATION_FAILURE);
+        else
+            r = 1;
+    } else {
+        if (!ASN1_STRING_set(dd->digest, md, mdlen))
+            goto err;
+        r = 1;
+    }
+
+ err:
+    EVP_MD_CTX_free(mctx);
+
+    return r;
+
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_enc.c b/openssl-1.1.0h/crypto/cms/cms_enc.c
new file mode 100644
index 0000000..ed91342
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_enc.c
@@ -0,0 +1,212 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
+    BIO *b;
+    EVP_CIPHER_CTX *ctx;
+    const EVP_CIPHER *ciph;
+    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+    unsigned char *tkey = NULL;
+    size_t tkeylen = 0;
+
+    int ok = 0;
+
+    int enc, keep_key = 0;
+
+    enc = ec->cipher ? 1 : 0;
+
+    b = BIO_new(BIO_f_cipher());
+    if (b == NULL) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BIO_get_cipher_ctx(b, &ctx);
+
+    if (enc) {
+        ciph = ec->cipher;
+        /*
+         * If not keeping key set cipher to NULL so subsequent calls decrypt.
+         */
+        if (ec->key)
+            ec->cipher = NULL;
+    } else {
+        ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+        if (!ciph) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
+            goto err;
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    if (enc) {
+        int ivlen;
+        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+        /* Generate a random IV if we need one */
+        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+        if (ivlen > 0) {
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+            piv = iv;
+        }
+    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+    /* Generate random session key */
+    if (!enc || !ec->key) {
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+            goto err;
+    }
+
+    if (!ec->key) {
+        ec->key = tkey;
+        ec->keylen = tkeylen;
+        tkey = NULL;
+        if (enc)
+            keep_key = 1;
+        else
+            ERR_clear_error();
+
+    }
+
+    if (ec->keylen != tkeylen) {
+        /* If necessary set key length */
+        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+            /*
+             * Only reveal failure if debugging so we don't leak information
+             * which may be useful in MMA.
+             */
+            if (enc || ec->debug) {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                       CMS_R_INVALID_KEY_LENGTH);
+                goto err;
+            } else {
+                /* Use random key */
+                OPENSSL_clear_free(ec->key, ec->keylen);
+                ec->key = tkey;
+                ec->keylen = tkeylen;
+                tkey = NULL;
+                ERR_clear_error();
+            }
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+    if (enc) {
+        calg->parameter = ASN1_TYPE_new();
+        if (calg->parameter == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+        /* If parameter type not set omit parameter */
+        if (calg->parameter->type == V_ASN1_UNDEF) {
+            ASN1_TYPE_free(calg->parameter);
+            calg->parameter = NULL;
+        }
+    }
+    ok = 1;
+
+ err:
+    if (!keep_key || !ok) {
+        OPENSSL_clear_free(ec->key, ec->keylen);
+        ec->key = NULL;
+    }
+    OPENSSL_clear_free(tkey, tkeylen);
+    if (ok)
+        return b;
+    BIO_free(b);
+    return NULL;
+}
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen)
+{
+    ec->cipher = cipher;
+    if (key) {
+        ec->key = OPENSSL_malloc(keylen);
+        if (ec->key == NULL)
+            return 0;
+        memcpy(ec->key, key, keylen);
+    }
+    ec->keylen = keylen;
+    if (cipher)
+        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+    return 1;
+}
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen)
+{
+    CMS_EncryptedContentInfo *ec;
+    if (!key || !keylen) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+        return 0;
+    }
+    if (ciph) {
+        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+        if (!cms->d.encryptedData) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+        cms->d.encryptedData->version = 0;
+    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+    ec = cms->d.encryptedData->encryptedContentInfo;
+    return cms_EncryptedContent_init(ec, ciph, key, keylen);
+}
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedData *enc = cms->d.encryptedData;
+    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+        enc->version = 2;
+    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_env.c b/openssl-1.1.0h/crypto/cms/cms_env.c
new file mode 100644
index 0000000..8d45943
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_env.c
@@ -0,0 +1,902 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/* CMS EnvelopedData Utilities */
+
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+               CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+        return NULL;
+    }
+    return cms->d.envelopedData;
+}
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+        if (!cms->d.envelopedData) {
+            CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.envelopedData->version = 0;
+        cms->d.envelopedData->encryptedContentInfo->contentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+        return cms->d.envelopedData;
+    }
+    return cms_get0_enveloped(cms);
+}
+
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
+{
+    EVP_PKEY *pkey;
+    int i;
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        pkey = ri->d.ktri->pkey;
+    else if (ri->type == CMS_RECIPINFO_AGREE) {
+        EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
+        if (!pctx)
+            return 0;
+        pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pkey)
+            return 0;
+    } else
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+{
+    CMS_EnvelopedData *env;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+    return env->recipientInfos;
+}
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+{
+    return ri->type;
+}
+
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        return ri->d.ktri->pctx;
+    else if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->pctx;
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+{
+    CMS_ContentInfo *cms;
+    CMS_EnvelopedData *env;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        goto merr;
+    env = cms_enveloped_data_init(cms);
+    if (env == NULL)
+        goto merr;
+    if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+                                   cipher, NULL, 0))
+        goto merr;
+    return cms;
+ merr:
+    CMS_ContentInfo_free(cms);
+    CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/* Initialise a ktri based on passed certificate and key */
+
+static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+                                       EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    int idtype;
+
+    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+    if (!ri->d.ktri)
+        return 0;
+    ri->type = CMS_RECIPINFO_TRANS;
+
+    ktri = ri->d.ktri;
+
+    if (flags & CMS_USE_KEYID) {
+        ktri->version = 2;
+        idtype = CMS_RECIPINFO_KEYIDENTIFIER;
+    } else {
+        ktri->version = 0;
+        idtype = CMS_RECIPINFO_ISSUER_SERIAL;
+    }
+
+    /*
+     * Not a typo: RecipientIdentifier and SignerIdentifier are the same
+     * structure.
+     */
+
+    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
+        return 0;
+
+    X509_up_ref(recip);
+    EVP_PKEY_up_ref(pk);
+
+    ktri->pkey = pk;
+    ktri->recip = recip;
+
+    if (flags & CMS_KEY_PARAM) {
+        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (ktri->pctx == NULL)
+            return 0;
+        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
+            return 0;
+    } else if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Add a recipient certificate using appropriate type of RecipientInfo
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    EVP_PKEY *pk = NULL;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    pk = X509_get0_pubkey(recip);
+    if (!pk) {
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
+        goto err;
+    }
+
+    switch (cms_pkey_get_ri_type(pk)) {
+
+    case CMS_RECIPINFO_TRANS:
+        if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    case CMS_RECIPINFO_AGREE:
+        if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+
+    ktri = ri->d.ktri;
+
+    if (pk)
+        *pk = ktri->pkey;
+    if (recip)
+        *recip = ktri->recip;
+    if (palg)
+        *palg = ktri->keyEncryptionAlgorithm;
+    return 1;
+}
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+
+    return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
+}
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return -2;
+    }
+    return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+}
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ri->d.ktri->pkey = pkey;
+    return 1;
+}
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    CMS_EncryptedContentInfo *ec;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = 0;
+
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pctx = ktri->pctx;
+
+    if (pctx) {
+        if (!cms_env_asn1_ctrl(ri, 0))
+            goto err;
+    } else {
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (pctx == NULL)
+            return 0;
+
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    ktri->pctx = NULL;
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+    EVP_PKEY *pkey = ktri->pkey;
+    unsigned char *ek = NULL;
+    size_t eklen;
+    int ret = 0;
+    CMS_EncryptedContentInfo *ec;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    if (ktri->pkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
+        return 0;
+    }
+
+    ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (ktri->pctx == NULL)
+        return 0;
+
+    if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
+        goto err;
+
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = ek;
+    ec->keylen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(ktri->pctx);
+    ktri->pctx = NULL;
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen)
+{
+    ASN1_OCTET_STRING tmp_os;
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+        return -2;
+    }
+    kekri = ri->d.kekri;
+    tmp_os.type = V_ASN1_OCTET_STRING;
+    tmp_os.flags = 0;
+    tmp_os.data = (unsigned char *)id;
+    tmp_os.length = (int)idlen;
+    return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+}
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+{
+    switch (nid) {
+    case NID_id_aes128_wrap:
+        return 16;
+
+    case NID_id_aes192_wrap:
+        return 24;
+
+    case NID_id_aes256_wrap:
+        return 32;
+
+    default:
+        return 0;
+    }
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_KEKRecipientInfo *kekri;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    if (nid == NID_undef) {
+        switch (keylen) {
+        case 16:
+            nid = NID_id_aes128_wrap;
+            break;
+
+        case 24:
+            nid = NID_id_aes192_wrap;
+            break;
+
+        case 32:
+            nid = NID_id_aes256_wrap;
+            break;
+
+        default:
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    } else {
+
+        size_t exp_keylen = aes_wrap_keylen(nid);
+
+        if (!exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                   CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+            goto err;
+        }
+
+        if (keylen != exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    }
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+    if (!ri->d.kekri)
+        goto merr;
+    ri->type = CMS_RECIPINFO_KEK;
+
+    kekri = ri->d.kekri;
+
+    if (otherTypeId) {
+        kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+        if (kekri->kekid->other == NULL)
+            goto merr;
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    /* After this point no calls can fail */
+
+    kekri->version = 4;
+
+    kekri->key = key;
+    kekri->keylen = keylen;
+
+    ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+    kekri->kekid->date = date;
+
+    if (kekri->kekid->other) {
+        kekri->kekid->other->keyAttrId = otherTypeId;
+        kekri->kekid->other->keyAttr = otherType;
+    }
+
+    X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+                    OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype)
+{
+    CMS_KEKIdentifier *rkid;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+        return 0;
+    }
+    rkid = ri->d.kekri->kekid;
+    if (palg)
+        *palg = ri->d.kekri->keyEncryptionAlgorithm;
+    if (pid)
+        *pid = rkid->keyIdentifier;
+    if (pdate)
+        *pdate = rkid->date;
+    if (potherid) {
+        if (rkid->other)
+            *potherid = rkid->other->keyAttrId;
+        else
+            *potherid = NULL;
+    }
+    if (pothertype) {
+        if (rkid->other)
+            *pothertype = rkid->other->keyAttr;
+        else
+            *pothertype = NULL;
+    }
+    return 1;
+}
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen)
+{
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+        return 0;
+    }
+
+    kekri = ri->d.kekri;
+    kekri->key = key;
+    kekri->keylen = keylen;
+    return 1;
+}
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *wkey = NULL;
+    int wkeylen;
+    int r = 0;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    wkey = OPENSSL_malloc(ec->keylen + 8);
+
+    if (wkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+    if (wkeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+        goto err;
+    }
+
+    ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(wkey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *ukey = NULL;
+    int ukeylen;
+    int r = 0, wrap_nid;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+    if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    /* If encrypted key length is invalid don't bother */
+
+    if (kekri->encryptedKey->length < 16) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+        goto err;
+    }
+
+    if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+    if (ukey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+                             kekri->encryptedKey->data,
+                             kekri->encryptedKey->length);
+
+    if (ukeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
+        goto err;
+    }
+
+    ec->key = ukey;
+    ec->keylen = ukeylen;
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(ukey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+               CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+        return 0;
+    }
+}
+
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_AGREE:
+        return cms_RecipientInfo_kari_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
+               CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+        return 0;
+    }
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
+{
+    CMS_OriginatorInfo *org = env->originatorInfo;
+    int i;
+    if (org == NULL)
+        return;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
+        CMS_CertificateChoices *cch;
+        cch = sk_CMS_CertificateChoices_value(org->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (env->version < 3)
+                env->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
+        CMS_RevocationInfoChoice *rch;
+        rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        }
+    }
+}
+
+static void cms_env_set_version(CMS_EnvelopedData *env)
+{
+    int i;
+    CMS_RecipientInfo *ri;
+
+    /*
+     * Can't set version higher than 4 so if 4 or more already nothing to do.
+     */
+    if (env->version >= 4)
+        return;
+
+    cms_env_set_originfo_version(env);
+
+    if (env->version >= 3)
+        return;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
+        if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
+            env->version = 3;
+            return;
+        } else if (ri->type != CMS_RECIPINFO_TRANS
+                   || ri->d.ktri->version != 0) {
+            env->version = 2;
+        }
+    }
+    if (env->originatorInfo || env->unprotectedAttrs)
+        env->version = 2;
+    if (env->version == 2)
+        return;
+    env->version = 0;
+}
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedContentInfo *ec;
+    STACK_OF(CMS_RecipientInfo) *rinfos;
+    CMS_RecipientInfo *ri;
+    int i, ok = 0;
+    BIO *ret;
+
+    /* Get BIO first to set up key */
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    ret = cms_EncryptedContent_init_bio(ec);
+
+    /* If error or no cipher end of processing */
+
+    if (!ret || !ec->cipher)
+        return ret;
+
+    /* Now encrypt content key according to each RecipientInfo type */
+
+    rinfos = cms->d.envelopedData->recipientInfos;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(rinfos, i);
+        if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
+            CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+                   CMS_R_ERROR_SETTING_RECIPIENTINFO);
+            goto err;
+        }
+    }
+    cms_env_set_version(cms->d.envelopedData);
+
+    ok = 1;
+
+ err:
+    ec->cipher = NULL;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = NULL;
+    ec->keylen = 0;
+    if (ok)
+        return ret;
+    BIO_free(ret);
+    return NULL;
+
+}
+
+/*
+ * Get RecipientInfo type (if any) supported by a key (public or private). To
+ * retain compatibility with previous behaviour if the ctrl value isn't
+ * supported we assume key transport.
+ */
+int cms_pkey_get_ri_type(EVP_PKEY *pk)
+{
+    if (pk->ameth && pk->ameth->pkey_ctrl) {
+        int i, r;
+        i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
+        if (i > 0)
+            return r;
+    }
+    return CMS_RECIPINFO_TRANS;
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_err.c b/openssl-1.1.0h/crypto/cms/cms_err.c
new file mode 100644
index 0000000..c6df1b5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_err.c
@@ -0,0 +1,258 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
+
+static ERR_STRING_DATA CMS_str_functs[] = {
+    {ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"},
+    {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
+    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
+    {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),
+     "CMS_add0_recipient_password"},
+    {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
+    {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
+    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
+    {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"},
+    {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
+    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
+    {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
+     "cms_CompressedData_init_bio"},
+    {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"},
+    {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"},
+    {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
+    {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
+    {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
+    {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
+    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
+    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
+    {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
+    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),
+     "cms_DigestAlgorithm_find_ctx"},
+    {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),
+     "cms_DigestAlgorithm_init_bio"},
+    {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
+    {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
+    {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
+    {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),
+     "cms_EncryptedContent_init_bio"},
+    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
+    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),
+     "CMS_EncryptedData_set1_key"},
+    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
+    {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
+     "cms_EnvelopedData_init_bio"},
+    {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"},
+    {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"},
+    {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
+    {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
+     "cms_get0_certificate_choices"},
+    {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
+    {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"},
+    {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
+    {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
+     "cms_get0_revocation_choices"},
+    {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"},
+    {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
+    {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
+     "CMS_ReceiptRequest_create0"},
+    {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_ENCRYPT), "CMS_RecipientInfo_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT),
+     "cms_RecipientInfo_kari_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG),
+     "CMS_RecipientInfo_kari_get0_alg"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID),
+     "CMS_RecipientInfo_kari_get0_orig_id"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS),
+     "CMS_RecipientInfo_kari_get0_reks"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP),
+     "CMS_RecipientInfo_kari_orig_id_cmp"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
+     "cms_RecipientInfo_kekri_decrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
+     "cms_RecipientInfo_kekri_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
+     "CMS_RecipientInfo_kekri_get0_id"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
+     "CMS_RecipientInfo_kekri_id_cmp"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
+     "CMS_RecipientInfo_ktri_cert_cmp"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
+     "cms_RecipientInfo_ktri_decrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
+     "cms_RecipientInfo_ktri_encrypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
+     "CMS_RecipientInfo_ktri_get0_algs"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
+     "CMS_RecipientInfo_ktri_get0_signer_id"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),
+     "cms_RecipientInfo_pwri_crypt"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),
+     "CMS_RecipientInfo_set0_key"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),
+     "CMS_RecipientInfo_set0_password"},
+    {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
+     "CMS_RecipientInfo_set0_pkey"},
+    {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"},
+    {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"},
+    {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"},
+    {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
+    {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
+    {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
+    {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"},
+    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
+     "cms_SignerInfo_content_sign"},
+    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
+    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
+    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
+     "cms_signerinfo_verify_cert"},
+    {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
+     "CMS_SignerInfo_verify_content"},
+    {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
+    {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
+    {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
+    {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CMS_str_reasons[] = {
+    {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+    {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),
+     "certificate already present"},
+    {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
+    {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+    {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),
+     "cipher initialisation error"},
+    {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+     "cipher parameter initialisation error"},
+    {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"},
+    {ERR_REASON(CMS_R_CMS_LIB), "cms lib"},
+    {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),
+     "contentidentifier mismatch"},
+    {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"},
+    {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"},
+    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+     "content type not compressed data"},
+    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+     "content type not enveloped data"},
+    {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+     "content type not signed data"},
+    {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"},
+    {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
+    {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
+    {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
+    {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+     "error reading messagedigest attribute"},
+    {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"},
+    {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),
+     "error setting recipientinfo"},
+    {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+     "invalid encrypted key length"},
+    {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+     "invalid key encryption parameter"},
+    {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+    {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+     "messagedigest attribute wrong length"},
+    {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+     "messagedigest wrong length"},
+    {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+    {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+     "msgsigdigest verification failure"},
+    {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+     "msgsigdigest wrong length"},
+    {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"},
+    {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"},
+    {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+    {ERR_REASON(CMS_R_NOT_KEK), "not kek"},
+    {ERR_REASON(CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+    {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+    {ERR_REASON(CMS_R_NOT_PWRI), "not pwri"},
+    {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+     "not supported for this key type"},
+    {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"},
+    {ERR_REASON(CMS_R_NO_CONTENT), "no content"},
+    {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_REASON(CMS_R_NO_KEY), "no key"},
+    {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+    {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+    {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"},
+    {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"},
+    {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+    {ERR_REASON(CMS_R_NO_PASSWORD), "no password"},
+    {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"},
+    {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+    {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"},
+    {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"},
+    {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"},
+    {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+     "signer certificate not found"},
+    {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+    {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"},
+    {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
+    {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"},
+    {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
+    {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
+    {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
+    {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+     "unable to finalize context"},
+    {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
+    {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+     "unsupported compression algorithm"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+     "unsupported kek algorithm"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+     "unsupported key encryption algorithm"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+     "unsupported recipient type"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),
+     "unsupported recpientinfo type"},
+    {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"},
+    {ERR_REASON(CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+    {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"},
+    {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CMS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CMS_str_functs);
+        ERR_load_strings(0, CMS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_ess.c b/openssl-1.1.0h/crypto/cms/cms_ess.c
new file mode 100644
index 0000000..4780231
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_ess.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
+    ASN1_STRING *str;
+    CMS_ReceiptRequest *rr = NULL;
+    if (prr)
+        *prr = NULL;
+    str = CMS_signed_get0_data_by_OBJ(si,
+                                      OBJ_nid2obj
+                                      (NID_id_smime_aa_receiptRequest), -3,
+                                      V_ASN1_SEQUENCE);
+    if (!str)
+        return 0;
+
+    rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+    if (!rr)
+        return -1;
+    if (prr)
+        *prr = rr;
+    else
+        CMS_ReceiptRequest_free(rr);
+    return 1;
+}
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo)
+{
+    CMS_ReceiptRequest *rr = NULL;
+
+    rr = CMS_ReceiptRequest_new();
+    if (rr == NULL)
+        goto merr;
+    if (id)
+        ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+    else {
+        if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+            goto merr;
+        if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
+            goto err;
+    }
+
+    sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+    rr->receiptsTo = receiptsTo;
+
+    if (receiptList) {
+        rr->receiptsFrom->type = 1;
+        rr->receiptsFrom->d.receiptList = receiptList;
+    } else {
+        rr->receiptsFrom->type = 0;
+        rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+    }
+
+    return rr;
+
+ merr:
+    CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return NULL;
+
+}
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
+    unsigned char *rrder = NULL;
+    int rrderlen, r = 0;
+
+    rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+    if (rrderlen < 0)
+        goto merr;
+
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                     V_ASN1_SEQUENCE, rrder, rrderlen))
+        goto merr;
+
+    r = 1;
+
+ merr:
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+    OPENSSL_free(rrder);
+
+    return r;
+
+}
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto)
+{
+    if (pcid)
+        *pcid = rr->signedContentIdentifier;
+    if (rr->receiptsFrom->type == 0) {
+        if (pallorfirst)
+            *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+        if (plist)
+            *plist = NULL;
+    } else {
+        if (pallorfirst)
+            *pallorfirst = -1;
+        if (plist)
+            *plist = rr->receiptsFrom->d.receiptList;
+    }
+    if (prto)
+        *prto = rr->receiptsTo;
+}
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+                            unsigned char *dig, unsigned int *diglen)
+{
+    const EVP_MD *md;
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+    if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                          si->signedAttrs, dig, diglen))
+        return 0;
+    return 1;
+}
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+    if (!cms_msgSigDigest(src, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+        return 0;
+    }
+    if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+                                     V_ASN1_OCTET_STRING, dig, diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
+    int r = 0, i;
+    CMS_ReceiptRequest *rr = NULL;
+    CMS_Receipt *rct = NULL;
+    STACK_OF(CMS_SignerInfo) *sis, *osis;
+    CMS_SignerInfo *si, *osi = NULL;
+    ASN1_OCTET_STRING *msig, **pcont;
+    ASN1_OBJECT *octype;
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    /* Get SignerInfos, also checks SignedData content type */
+    osis = CMS_get0_SignerInfos(req_cms);
+    sis = CMS_get0_SignerInfos(cms);
+    if (!osis || !sis)
+        goto err;
+
+    if (sk_CMS_SignerInfo_num(sis) != 1) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+        goto err;
+    }
+
+    /* Check receipt content type */
+    if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+        goto err;
+    }
+
+    /* Extract and decode receipt content */
+    pcont = CMS_get0_content(cms);
+    if (!pcont || !*pcont) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+        goto err;
+    }
+
+    rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+    if (!rct) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Locate original request */
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
+        osi = sk_CMS_SignerInfo_value(osis, i);
+        if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
+            break;
+    }
+
+    if (i == sk_CMS_SignerInfo_num(osis)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+        goto err;
+    }
+
+    si = sk_CMS_SignerInfo_value(sis, 0);
+
+    /* Get msgSigDigest value and compare */
+
+    msig = CMS_signed_get0_data_by_OBJ(si,
+                                       OBJ_nid2obj
+                                       (NID_id_smime_aa_msgSigDigest), -3,
+                                       V_ASN1_OCTET_STRING);
+
+    if (!msig) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+        goto err;
+    }
+
+    if (!cms_msgSigDigest(osi, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+        goto err;
+    }
+
+    if (diglen != (unsigned int)msig->length) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+        goto err;
+    }
+
+    if (memcmp(dig, msig->data, diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+        goto err;
+    }
+
+    /* Compare content types */
+
+    octype = CMS_signed_get0_data_by_OBJ(osi,
+                                         OBJ_nid2obj(NID_pkcs9_contentType),
+                                         -3, V_ASN1_OBJECT);
+    if (!octype) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Compare details in receipt request */
+
+    if (OBJ_cmp(octype, rct->contentType)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+        goto err;
+    }
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+                        rct->signedContentIdentifier)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
+        goto err;
+    }
+
+    r = 1;
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    M_ASN1_free_of(rct, CMS_Receipt);
+    return r;
+
+}
+
+/*
+ * Encode a Receipt into an OCTET STRING read for including into content of a
+ * SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+{
+    CMS_Receipt rct;
+    CMS_ReceiptRequest *rr = NULL;
+    ASN1_OBJECT *ctype;
+    ASN1_OCTET_STRING *os = NULL;
+
+    /* Get original receipt request */
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    /* Get original content type */
+
+    ctype = CMS_signed_get0_data_by_OBJ(si,
+                                        OBJ_nid2obj(NID_pkcs9_contentType),
+                                        -3, V_ASN1_OBJECT);
+    if (!ctype) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    rct.version = 1;
+    rct.contentType = ctype;
+    rct.signedContentIdentifier = rr->signedContentIdentifier;
+    rct.originatorSignatureValue = si->signature;
+
+    os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return os;
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_io.c b/openssl-1.1.0h/crypto/cms/cms_io.c
new file mode 100644
index 0000000..d18f980
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_io.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (pos == NULL)
+        return 0;
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+        *boundary = &(*pos)->data;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+                        ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+/* CMS wrappers round generalised stream and MIME routines */
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                               ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                     "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(cms->contentType);
+    int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = cms->d.signedData->digestAlgorithms;
+    else
+        mdalgs = NULL;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+                            ctype_nid, econt_nid, mdalgs,
+                            ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+{
+    return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+                                              ASN1_ITEM_rptr
+                                              (CMS_ContentInfo));
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_kari.c b/openssl-1.1.0h/crypto/cms/cms_kari.c
new file mode 100644
index 0000000..3bc46fe
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_kari.c
@@ -0,0 +1,411 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+/* Key Agreement Recipient Info (KARI) routines */
+
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    if (palg)
+        *palg = ri->d.kari->keyEncryptionAlgorithm;
+    if (pukm)
+        *pukm = ri->d.kari->ukm;
+    return 1;
+}
+
+/* Retrieve recipient encrypted keys from a kari */
+
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return NULL;
+    }
+    return ri->d.kari->recipientEncryptedKeys;
+}
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    oik = ri->d.kari->originator;
+    if (issuer)
+        *issuer = NULL;
+    if (sno)
+        *sno = NULL;
+    if (keyid)
+        *keyid = NULL;
+    if (pubalg)
+        *pubalg = NULL;
+    if (pubkey)
+        *pubkey = NULL;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = oik->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = oik->d.issuerAndSerialNumber->serialNumber;
+    } else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = oik->d.subjectKeyIdentifier;
+    } else if (oik->type == CMS_OIK_PUBKEY) {
+        if (pubalg)
+            *pubalg = oik->d.originatorKey->algorithm;
+        if (pubkey)
+            *pubkey = oik->d.originatorKey->publicKey;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return -2;
+    }
+    oik = ri->d.kari->originator;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
+    else if (oik->type == CMS_OIK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
+    return -1;
+}
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = rid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = rid->d.issuerAndSerialNumber->serialNumber;
+        if (keyid)
+            *keyid = NULL;
+        if (tm)
+            *tm = NULL;
+        if (other)
+            *other = NULL;
+    } else if (rid->type == CMS_REK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = rid->d.rKeyId->subjectKeyIdentifier;
+        if (tm)
+            *tm = rid->d.rKeyId->date;
+        if (other)
+            *other = rid->d.rKeyId->other;
+        if (issuer)
+            *issuer = NULL;
+        if (sno)
+            *sno = NULL;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
+    else if (rid->type == CMS_REK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx;
+    CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
+
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    if (!pk)
+        return 1;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx || !EVP_PKEY_derive_init(pctx))
+        goto err;
+    kari->pctx = pctx;
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return 0;
+}
+
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->ctx;
+    return NULL;
+}
+
+/*
+ * Derive KEK and decrypt/encrypt with it to produce either the original CEK
+ * or the encrypted CEK.
+ */
+
+static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
+                          const unsigned char *in, size_t inlen,
+                          CMS_KeyAgreeRecipientInfo *kari, int enc)
+{
+    /* Key encryption key */
+    unsigned char kek[EVP_MAX_KEY_LENGTH];
+    size_t keklen;
+    int rv = 0;
+    unsigned char *out = NULL;
+    int outlen;
+    keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
+    if (keklen > EVP_MAX_KEY_LENGTH)
+        return 0;
+    /* Derive KEK */
+    if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
+        goto err;
+    /* Set KEK in context */
+    if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
+        goto err;
+    /* obtain output length of ciphered key */
+    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
+        goto err;
+    out = OPENSSL_malloc(outlen);
+    if (out == NULL)
+        goto err;
+    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
+        goto err;
+    *pout = out;
+    *poutlen = (size_t)outlen;
+    rv = 1;
+
+ err:
+    OPENSSL_cleanse(kek, keklen);
+    if (!rv)
+        OPENSSL_free(out);
+    EVP_CIPHER_CTX_reset(kari->ctx);
+    /* FIXME: WHY IS kari->pctx freed here?  /RL */
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    return rv;
+}
+
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek)
+{
+    int rv = 0;
+    unsigned char *enckey = NULL, *cek = NULL;
+    size_t enckeylen;
+    size_t ceklen;
+    CMS_EncryptedContentInfo *ec;
+    enckeylen = rek->encryptedKey->length;
+    enckey = rek->encryptedKey->data;
+    /* Setup all parameters to derive KEK */
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+    /* Attempt to decrypt CEK */
+    if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
+        goto err;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = cek;
+    ec->keylen = ceklen;
+    cek = NULL;
+    rv = 1;
+ err:
+    OPENSSL_free(cek);
+    return rv;
+}
+
+/* Create ephemeral key and initialise context based on it */
+static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
+                                         EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *ekey = NULL;
+    int rv = 0;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
+        goto err;
+    EVP_PKEY_CTX_free(pctx);
+    pctx = EVP_PKEY_CTX_new(ekey, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_derive_init(pctx) <= 0)
+        goto err;
+    kari->pctx = pctx;
+    rv = 1;
+ err:
+    if (!rv)
+        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_free(ekey);
+    return rv;
+}
+
+/* Initialise a ktri based on passed certificate and key */
+
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_RecipientEncryptedKey *rek = NULL;
+
+    ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo);
+    if (!ri->d.kari)
+        return 0;
+    ri->type = CMS_RECIPINFO_AGREE;
+
+    kari = ri->d.kari;
+    kari->version = 3;
+
+    rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
+    if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
+        M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
+        return 0;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        rek->rid->type = CMS_REK_KEYIDENTIFIER;
+        rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier);
+        if (rek->rid->d.rKeyId == NULL)
+            return 0;
+        if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
+            return 0;
+    } else {
+        rek->rid->type = CMS_REK_ISSUER_SERIAL;
+        if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
+            return 0;
+    }
+
+    /* Create ephemeral key */
+    if (!cms_kari_create_ephemeral_key(kari, pk))
+        return 0;
+
+    EVP_PKEY_up_ref(pk);
+    rek->pkey = pk;
+    return 1;
+}
+
+static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
+                         const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER_CTX *ctx = kari->ctx;
+    const EVP_CIPHER *kekcipher;
+    int keylen = EVP_CIPHER_key_length(cipher);
+    /* If a suitable wrap algorithm is already set nothing to do */
+    kekcipher = EVP_CIPHER_CTX_cipher(ctx);
+
+    if (kekcipher) {
+        if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
+            return 0;
+        return 1;
+    }
+    /*
+     * Pick a cipher based on content encryption cipher. If it is DES3 use
+     * DES3 wrap otherwise use AES wrap similar to key size.
+     */
+#ifndef OPENSSL_NO_DES
+    if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
+        kekcipher = EVP_des_ede3_wrap();
+    else
+#endif
+    if (keylen <= 16)
+        kekcipher = EVP_aes_128_wrap();
+    else if (keylen <= 24)
+        kekcipher = EVP_aes_192_wrap();
+    else
+        kekcipher = EVP_aes_256_wrap();
+    return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
+}
+
+/* Encrypt content key in key agreement recipient info */
+
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_EncryptedContentInfo *ec;
+    CMS_RecipientEncryptedKey *rek;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    int i;
+
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    kari = ri->d.kari;
+    reks = kari->recipientEncryptedKeys;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    /* Initialise wrap algorithm parameters */
+    if (!cms_wrap_init(kari, ec->cipher))
+        return 0;
+    /*
+     * If no originator key set up initialise for ephemeral key the public key
+     * ASN1 structure will set the actual public key value.
+     */
+    if (kari->originator->type == -1) {
+        CMS_OriginatorIdentifierOrKey *oik = kari->originator;
+        oik->type = CMS_OIK_PUBKEY;
+        oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
+        if (!oik->d.originatorKey)
+            return 0;
+    }
+    /* Initialise KDF algorithm */
+    if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    /* For each rek, derive KEK, encrypt CEK */
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        unsigned char *enckey;
+        size_t enckeylen;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
+            return 0;
+        if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
+                            kari, 1))
+            return 0;
+        ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
+    }
+
+    return 1;
+
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_lcl.h b/openssl-1.1.0h/crypto/cms/cms_lcl.h
new file mode 100644
index 0000000..d0c0e81
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_lcl.h
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_LCL_H
+# define HEADER_CMS_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/x509.h>
+
+/*
+ * Cryptographic message syntax (CMS) structures: taken from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st
+    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st {
+    ASN1_OBJECT *contentType;
+    union {
+        ASN1_OCTET_STRING *data;
+        CMS_SignedData *signedData;
+        CMS_EnvelopedData *envelopedData;
+        CMS_DigestedData *digestedData;
+        CMS_EncryptedData *encryptedData;
+        CMS_AuthenticatedData *authenticatedData;
+        CMS_CompressedData *compressedData;
+        ASN1_TYPE *other;
+        /* Other types ... */
+        void *otherData;
+    } d;
+};
+
+DEFINE_STACK_OF(CMS_CertificateChoices)
+
+struct CMS_SignedData_st {
+    long version;
+    STACK_OF(X509_ALGOR) *digestAlgorithms;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+    STACK_OF(CMS_SignerInfo) *signerInfos;
+};
+
+struct CMS_EncapsulatedContentInfo_st {
+    ASN1_OBJECT *eContentType;
+    ASN1_OCTET_STRING *eContent;
+    /* Set to 1 if incomplete structure only part set up */
+    int partial;
+};
+
+struct CMS_SignerInfo_st {
+    long version;
+    CMS_SignerIdentifier *sid;
+    X509_ALGOR *digestAlgorithm;
+    STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+    X509_ALGOR *signatureAlgorithm;
+    ASN1_OCTET_STRING *signature;
+    STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+    /* Signing certificate and key */
+    X509 *signer;
+    EVP_PKEY *pkey;
+    /* Digest and public key context for alternative parameters */
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_SignerIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+    } d;
+};
+
+struct CMS_EnvelopedData_st {
+    long version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_OriginatorInfo_st {
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+};
+
+struct CMS_EncryptedContentInfo_st {
+    ASN1_OBJECT *contentType;
+    X509_ALGOR *contentEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedContent;
+    /* Content encryption algorithm and key */
+    const EVP_CIPHER *cipher;
+    unsigned char *key;
+    size_t keylen;
+    /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+    int debug;
+};
+
+struct CMS_RecipientInfo_st {
+    int type;
+    union {
+        CMS_KeyTransRecipientInfo *ktri;
+        CMS_KeyAgreeRecipientInfo *kari;
+        CMS_KEKRecipientInfo *kekri;
+        CMS_PasswordRecipientInfo *pwri;
+        CMS_OtherRecipientInfo *ori;
+    } d;
+};
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st {
+    long version;
+    CMS_RecipientIdentifier *rid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Recipient Key and cert */
+    X509 *recip;
+    EVP_PKEY *pkey;
+    /* Public key context for this operation */
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_KeyAgreeRecipientInfo_st {
+    long version;
+    CMS_OriginatorIdentifierOrKey *originator;
+    ASN1_OCTET_STRING *ukm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+    /* Public key context associated with current operation */
+    EVP_PKEY_CTX *pctx;
+    /* Cipher context for CEK wrapping */
+    EVP_CIPHER_CTX *ctx;
+};
+
+struct CMS_OriginatorIdentifierOrKey_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+        CMS_OriginatorPublicKey *originatorKey;
+    } d;
+};
+
+struct CMS_OriginatorPublicKey_st {
+    X509_ALGOR *algorithm;
+    ASN1_BIT_STRING *publicKey;
+};
+
+struct CMS_RecipientEncryptedKey_st {
+    CMS_KeyAgreeRecipientIdentifier *rid;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Public key associated with this recipient */
+    EVP_PKEY *pkey;
+};
+
+struct CMS_KeyAgreeRecipientIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        CMS_RecipientKeyIdentifier *rKeyId;
+    } d;
+};
+
+struct CMS_RecipientKeyIdentifier_st {
+    ASN1_OCTET_STRING *subjectKeyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_KEKRecipientInfo_st {
+    long version;
+    CMS_KEKIdentifier *kekid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: symmetric key to use */
+    unsigned char *key;
+    size_t keylen;
+};
+
+struct CMS_KEKIdentifier_st {
+    ASN1_OCTET_STRING *keyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_PasswordRecipientInfo_st {
+    long version;
+    X509_ALGOR *keyDerivationAlgorithm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: password to use */
+    unsigned char *pass;
+    size_t passlen;
+};
+
+struct CMS_OtherRecipientInfo_st {
+    ASN1_OBJECT *oriType;
+    ASN1_TYPE *oriValue;
+};
+
+struct CMS_DigestedData_st {
+    long version;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct CMS_EncryptedData_st {
+    long version;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_AuthenticatedData_st {
+    long version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    X509_ALGOR *macAlgorithm;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *authAttrs;
+    ASN1_OCTET_STRING *mac;
+    STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+};
+
+struct CMS_CompressedData_st {
+    long version;
+    X509_ALGOR *compressionAlgorithm;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+};
+
+struct CMS_RevocationInfoChoice_st {
+    int type;
+    union {
+        X509_CRL *crl;
+        CMS_OtherRevocationInfoFormat *other;
+    } d;
+};
+
+# define CMS_REVCHOICE_CRL               0
+# define CMS_REVCHOICE_OTHER             1
+
+struct CMS_OtherRevocationInfoFormat_st {
+    ASN1_OBJECT *otherRevInfoFormat;
+    ASN1_TYPE *otherRevInfo;
+};
+
+struct CMS_CertificateChoices {
+    int type;
+    union {
+        X509 *certificate;
+        ASN1_STRING *extendedCertificate; /* Obsolete */
+        ASN1_STRING *v1AttrCert; /* Left encoded for now */
+        ASN1_STRING *v2AttrCert; /* Left encoded for now */
+        CMS_OtherCertificateFormat *other;
+    } d;
+};
+
+# define CMS_CERTCHOICE_CERT             0
+# define CMS_CERTCHOICE_EXCERT           1
+# define CMS_CERTCHOICE_V1ACERT          2
+# define CMS_CERTCHOICE_V2ACERT          3
+# define CMS_CERTCHOICE_OTHER            4
+
+struct CMS_OtherCertificateFormat_st {
+    ASN1_OBJECT *otherCertFormat;
+    ASN1_TYPE *otherCert;
+};
+
+/*
+ * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
+ * to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serialNumber;
+};
+
+struct CMS_OtherKeyAttribute_st {
+    ASN1_OBJECT *keyAttrId;
+    ASN1_TYPE *keyAttr;
+};
+
+/* ESS structures */
+
+# ifdef HEADER_X509V3_H
+
+struct CMS_ReceiptRequest_st {
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    CMS_ReceiptsFrom *receiptsFrom;
+    STACK_OF(GENERAL_NAMES) *receiptsTo;
+};
+
+struct CMS_ReceiptsFrom_st {
+    int type;
+    union {
+        long allOrFirstTier;
+        STACK_OF(GENERAL_NAMES) *receiptList;
+    } d;
+};
+# endif
+
+struct CMS_Receipt_st {
+    long version;
+    ASN1_OBJECT *contentType;
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    ASN1_OCTET_STRING *originatorSignatureValue;
+};
+
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_ISSUER_SERIAL     0
+# define CMS_RECIPINFO_KEYIDENTIFIER     1
+
+# define CMS_REK_ISSUER_SERIAL           0
+# define CMS_REK_KEYIDENTIFIER           1
+
+# define CMS_OIK_ISSUER_SERIAL           0
+# define CMS_OIK_KEYIDENTIFIER           1
+# define CMS_OIK_PUBKEY                  2
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
+                              int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg);
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
+int cms_pkey_get_ri_type(EVP_PKEY *pk);
+/* KARI routines */
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags);
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri);
+
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de);
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/crypto/cms/cms_lib.c b/openssl-1.1.0h/crypto/cms/cms_lib.c
new file mode 100644
index 0000000..7395684
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_lib.c
@@ -0,0 +1,587 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
+{
+    return cms->contentType;
+}
+
+CMS_ContentInfo *cms_Data_create(void)
+{
+    CMS_ContentInfo *cms;
+    cms = CMS_ContentInfo_new();
+    if (cms != NULL) {
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+        /* Never detached */
+        CMS_set_detached(cms, 0);
+    }
+    return cms;
+}
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return NULL;
+    /* If content detached data goes nowhere: create NULL BIO */
+    if (!*pos)
+        return BIO_new(BIO_s_null());
+    /*
+     * If content not detached and created return memory BIO
+     */
+    if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+        return BIO_new(BIO_s_mem());
+    /* Else content was read in: return read only BIO for it */
+    return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+}
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+{
+    BIO *cmsbio, *cont;
+    if (icont)
+        cont = icont;
+    else
+        cont = cms_content_bio(cms);
+    if (!cont) {
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+        return NULL;
+    }
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return cont;
+
+    case NID_pkcs7_signed:
+        cmsbio = cms_SignedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_digest:
+        cmsbio = cms_DigestedData_init_bio(cms);
+        break;
+#ifdef ZLIB
+    case NID_id_smime_ct_compressedData:
+        cmsbio = cms_CompressedData_init_bio(cms);
+        break;
+#endif
+
+    case NID_pkcs7_encrypted:
+        cmsbio = cms_EncryptedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_enveloped:
+        cmsbio = cms_EnvelopedData_init_bio(cms);
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+        return NULL;
+    }
+
+    if (cmsbio)
+        return BIO_push(cmsbio, cont);
+
+    if (!icont)
+        BIO_free(cont);
+    return NULL;
+
+}
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    /* If embedded content find memory BIO and set content */
+    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
+        BIO *mbio;
+        unsigned char *cont;
+        long contlen;
+        mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+        if (!mbio) {
+            CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+            return 0;
+        }
+        contlen = BIO_get_mem_data(mbio, &cont);
+        /* Set bio as read only so its content can't be clobbered */
+        BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+        BIO_set_mem_eof_return(mbio, 0);
+        ASN1_STRING_set0(*pos, cont, contlen);
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+    }
+
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_encrypted:
+    case NID_id_smime_ct_compressedData:
+        /* Nothing to do */
+        return 1;
+
+    case NID_pkcs7_signed:
+        return cms_SignedData_final(cms, cmsbio);
+
+    case NID_pkcs7_digest:
+        return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+        return 0;
+    }
+}
+
+/*
+ * Return an OCTET STRING pointer to content. This allows it to be accessed
+ * or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return &cms->d.data;
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContent;
+
+    default:
+        if (cms->d.other->type == V_ASN1_OCTET_STRING)
+            return &cms->d.other->value.octet_string;
+        CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+/*
+ * Return an ASN1_OBJECT pointer to content type. This allows it to be
+ * accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContentType;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+{
+    ASN1_OBJECT **petype;
+    petype = cms_get0_econtent_type(cms);
+    if (petype)
+        return *petype;
+    return NULL;
+}
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+{
+    ASN1_OBJECT **petype, *etype;
+    petype = cms_get0_econtent_type(cms);
+    if (!petype)
+        return 0;
+    if (!oid)
+        return 1;
+    etype = OBJ_dup(oid);
+    if (!etype)
+        return 0;
+    ASN1_OBJECT_free(*petype);
+    *petype = etype;
+    return 1;
+}
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return -1;
+    if (*pos)
+        return 0;
+    return 1;
+}
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    if (detached) {
+        ASN1_OCTET_STRING_free(*pos);
+        *pos = NULL;
+        return 1;
+    }
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        /*
+         * NB: special flag to show content is created and not read in.
+         */
+        (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+{
+    BIO *mdbio = NULL;
+    const ASN1_OBJECT *digestoid;
+    const EVP_MD *digest;
+    X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+    digest = EVP_get_digestbyobj(digestoid);
+    if (!digest) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+               CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+        goto err;
+    }
+    mdbio = BIO_new(BIO_f_md());
+    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
+        goto err;
+    }
+    return mdbio;
+ err:
+    BIO_free(mdbio);
+    return NULL;
+}
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg)
+{
+    int nid;
+    const ASN1_OBJECT *mdoid;
+    X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+    nid = OBJ_obj2nid(mdoid);
+    /* Look for digest type to match signature */
+    for (;;) {
+        EVP_MD_CTX *mtmp;
+        chain = BIO_find_type(chain, BIO_TYPE_MD);
+        if (chain == NULL) {
+            CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                   CMS_R_NO_MATCHING_DIGEST);
+            return 0;
+        }
+        BIO_get_md_ctx(chain, &mtmp);
+        if (EVP_MD_CTX_type(mtmp) == nid
+            /*
+             * Workaround for broken implementations that use signature
+             * algorithm OID instead of digest.
+             */
+            || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+            return EVP_MD_CTX_copy_ex(mctx, mtmp);
+        chain = BIO_next(chain);
+    }
+}
+
+static STACK_OF(CMS_CertificateChoices)
+**cms_get0_certificate_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->certificates;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->certificates;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    CMS_CertificateChoices *cch;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    if (!*pcerts)
+        *pcerts = sk_CMS_CertificateChoices_new_null();
+    if (!*pcerts)
+        return NULL;
+    cch = M_ASN1_new_of(CMS_CertificateChoices);
+    if (!cch)
+        return NULL;
+    if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
+        M_ASN1_free_of(cch, CMS_CertificateChoices);
+        return NULL;
+    }
+    return cch;
+}
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return 0;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == CMS_CERTCHOICE_CERT) {
+            if (!X509_cmp(cch->d.certificate, cert)) {
+                CMSerr(CMS_F_CMS_ADD0_CERT,
+                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
+                return 0;
+            }
+        }
+    }
+    cch = CMS_add0_CertificateChoices(cms);
+    if (!cch)
+        return 0;
+    cch->type = CMS_CERTCHOICE_CERT;
+    cch->d.certificate = cert;
+    return 1;
+}
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    int r;
+    r = CMS_add0_cert(cms, cert);
+    if (r > 0)
+        X509_up_ref(cert);
+    return r;
+}
+
+static STACK_OF(CMS_RevocationInfoChoice)
+**cms_get0_revocation_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->crls;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->crls;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    if (!*pcrls)
+        *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+    if (!*pcrls)
+        return NULL;
+    rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+    if (!rch)
+        return NULL;
+    if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
+        M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+        return NULL;
+    }
+    return rch;
+}
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    CMS_RevocationInfoChoice *rch;
+    rch = CMS_add0_RevocationInfoChoice(cms);
+    if (!rch)
+        return 0;
+    rch->type = CMS_REVCHOICE_CRL;
+    rch->d.crl = crl;
+    return 1;
+}
+
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    int r;
+    r = CMS_add0_crl(cms, crl);
+    if (r > 0)
+        X509_CRL_up_ref(crl);
+    return r;
+}
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *certs = NULL;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == 0) {
+            if (!certs) {
+                certs = sk_X509_new_null();
+                if (!certs)
+                    return NULL;
+            }
+            if (!sk_X509_push(certs, cch->d.certificate)) {
+                sk_X509_pop_free(certs, X509_free);
+                return NULL;
+            }
+            X509_up_ref(cch->d.certificate);
+        }
+    }
+    return certs;
+
+}
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509_CRL) *crls = NULL;
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    int i;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+        if (rch->type == 0) {
+            if (!crls) {
+                crls = sk_X509_CRL_new_null();
+                if (!crls)
+                    return NULL;
+            }
+            if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+                sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                return NULL;
+            }
+            X509_CRL_up_ref(rch->d.crl);
+        }
+    }
+    return crls;
+}
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+}
+
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+{
+    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+    if (cert_keyid == NULL)
+        return -1;
+    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
+}
+
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+{
+    CMS_IssuerAndSerialNumber *ias;
+    ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+    if (!ias)
+        goto err;
+    if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+        goto err;
+    if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+        goto err;
+    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+    *pias = ias;
+    return 1;
+ err:
+    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+    CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+{
+    ASN1_OCTET_STRING *keyid = NULL;
+    const ASN1_OCTET_STRING *cert_keyid;
+    cert_keyid = X509_get0_subject_key_id(cert);
+    if (cert_keyid == NULL) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+        return 0;
+    }
+    keyid = ASN1_STRING_dup(cert_keyid);
+    if (!keyid) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OCTET_STRING_free(*pkeyid);
+    *pkeyid = keyid;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_pwri.c b/openssl-1.1.0h/crypto/cms/cms_pwri.c
new file mode 100644
index 0000000..0571bb8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_pwri.c
@@ -0,0 +1,392 @@
+/*
+ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass, ossl_ssize_t passlen)
+{
+    CMS_PasswordRecipientInfo *pwri;
+    if (ri->type != CMS_RECIPINFO_PASS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
+        return 0;
+    }
+
+    pwri = ri->d.pwri;
+    pwri->pass = pass;
+    if (pass && passlen < 0)
+        passlen = strlen((char *)pass);
+    pwri->passlen = passlen;
+    return 1;
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_PasswordRecipientInfo *pwri;
+    EVP_CIPHER_CTX *ctx = NULL;
+    X509_ALGOR *encalg = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    int ivlen;
+
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+
+    if (wrap_nid <= 0)
+        wrap_nid = NID_id_alg_PWRI_KEK;
+
+    if (pbe_nid <= 0)
+        pbe_nid = NID_id_pbkdf2;
+
+    /* Get from enveloped data */
+    if (kekciph == NULL)
+        kekciph = env->encryptedContentInfo->cipher;
+
+    if (kekciph == NULL) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    if (wrap_nid != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return NULL;
+    }
+
+    /* Setup algorithm identifier for cipher */
+    encalg = X509_ALGOR_new();
+    if (encalg == NULL) {
+        goto merr;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+
+    if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (ivlen > 0) {
+        if (RAND_bytes(iv, ivlen) <= 0)
+            goto err;
+        if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+            goto err;
+        }
+        encalg->parameter = ASN1_TYPE_new();
+        if (!encalg->parameter) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+    }
+
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (ri == NULL)
+        goto merr;
+
+    ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
+    if (ri->d.pwri == NULL)
+        goto merr;
+    ri->type = CMS_RECIPINFO_PASS;
+
+    pwri = ri->d.pwri;
+    /* Since this is overwritten, free up empty structure already there */
+    X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
+    pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
+    if (pwri->keyEncryptionAlgorithm == NULL)
+        goto merr;
+    pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
+    pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
+    if (pwri->keyEncryptionAlgorithm->parameter == NULL)
+        goto merr;
+
+    if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
+                        &pwri->keyEncryptionAlgorithm->parameter->
+                        value.sequence))
+         goto merr;
+    pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
+
+    X509_ALGOR_free(encalg);
+    encalg = NULL;
+
+    /* Setup PBE algorithm */
+
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+
+    if (!pwri->keyDerivationAlgorithm)
+        goto err;
+
+    CMS_RecipientInfo_set0_password(ri, pass, passlen);
+    pwri->version = 0;
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (ri)
+        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    X509_ALGOR_free(encalg);
+    return NULL;
+
+}
+
+/*
+ * This is an implementation of the key wrapping mechanism in RFC3211, at
+ * some point this should go into EVP.
+ */
+
+static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+                          const unsigned char *in, size_t inlen,
+                          EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    unsigned char *tmp;
+    int outl, rv = 0;
+    if (inlen < 2 * blocklen) {
+        /* too small */
+        return 0;
+    }
+    if (inlen % blocklen) {
+        /* Invalid size */
+        return 0;
+    }
+    tmp = OPENSSL_malloc(inlen);
+    if (tmp == NULL)
+        return 0;
+    /* setup IV by decrypting last two blocks */
+    if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                           in + inlen - 2 * blocklen, blocklen * 2)
+        /*
+         * Do a decrypt of last decrypted block to set IV to correct value
+         * output it to start of buffer so we don't corrupt decrypted block
+         * this works because buffer is at least two block lengths long.
+         */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl,
+                              tmp + inlen - blocklen, blocklen)
+        /* Can now decrypt first n - 1 blocks */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+
+        /* Reset IV to original value */
+        || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
+        /* Decrypt again */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+        goto err;
+    /* Check check bytes */
+    if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
+        /* Check byte failure */
+        goto err;
+    }
+    if (inlen < (size_t)(tmp[0] - 4)) {
+        /* Invalid length value */
+        goto err;
+    }
+    *outlen = (size_t)tmp[0];
+    memcpy(out, tmp + 4, *outlen);
+    rv = 1;
+ err:
+    OPENSSL_clear_free(tmp, inlen);
+    return rv;
+
+}
+
+static int kek_wrap_key(unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen,
+                        EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t olen;
+    int dummy;
+    /*
+     * First decide length of output buffer: need header and round up to
+     * multiple of block length.
+     */
+    olen = (inlen + 4 + blocklen - 1) / blocklen;
+    olen *= blocklen;
+    if (olen < 2 * blocklen) {
+        /* Key too small */
+        return 0;
+    }
+    if (inlen > 0xFF) {
+        /* Key too large */
+        return 0;
+    }
+    if (out) {
+        /* Set header */
+        out[0] = (unsigned char)inlen;
+        out[1] = in[0] ^ 0xFF;
+        out[2] = in[1] ^ 0xFF;
+        out[3] = in[2] ^ 0xFF;
+        memcpy(out + 4, in, inlen);
+        /* Add random padding to end */
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
+        /* Encrypt twice */
+        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+            || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+            return 0;
+    }
+
+    *outlen = olen;
+
+    return 1;
+}
+
+/* Encrypt/Decrypt content key in PWRI recipient info */
+
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_PasswordRecipientInfo *pwri;
+    int r = 0;
+    X509_ALGOR *algtmp, *kekalg = NULL;
+    EVP_CIPHER_CTX *kekctx = NULL;
+    const EVP_CIPHER *kekcipher;
+    unsigned char *key = NULL;
+    size_t keylen;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pwri = ri->d.pwri;
+
+    if (!pwri->pass) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
+        return 0;
+    }
+    algtmp = pwri->keyEncryptionAlgorithm;
+
+    if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return 0;
+    }
+
+    kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                       algtmp->parameter);
+
+    if (kekalg == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+        return 0;
+    }
+
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+
+    if (!kekcipher) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
+        return 0;
+    }
+
+    kekctx = EVP_CIPHER_CTX_new();
+    if (kekctx == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
+    if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
+        goto err;
+    EVP_CIPHER_CTX_set_padding(kekctx, 0);
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    algtmp = pwri->keyDerivationAlgorithm;
+
+    /* Finish password based key derivation to setup key in "ctx" */
+
+    if (EVP_PBE_CipherInit(algtmp->algorithm,
+                           (char *)pwri->pass, pwri->passlen,
+                           algtmp->parameter, kekctx, en_de) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    /* Finally wrap/unwrap the key */
+
+    if (en_de) {
+
+        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+
+        key = OPENSSL_malloc(keylen);
+
+        if (key == NULL)
+            goto err;
+
+        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+        pwri->encryptedKey->data = key;
+        pwri->encryptedKey->length = keylen;
+    } else {
+        key = OPENSSL_malloc(pwri->encryptedKey->length);
+
+        if (key == NULL) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!kek_unwrap_key(key, &keylen,
+                            pwri->encryptedKey->data,
+                            pwri->encryptedKey->length, kekctx)) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
+            goto err;
+        }
+
+        ec->key = key;
+        ec->keylen = keylen;
+
+    }
+
+    r = 1;
+
+ err:
+
+    EVP_CIPHER_CTX_free(kekctx);
+
+    if (!r)
+        OPENSSL_free(key);
+    X509_ALGOR_free(kekalg);
+
+    return r;
+
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_sd.c b/openssl-1.1.0h/crypto/cms/cms_sd.c
new file mode 100644
index 0000000..4108fe7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_sd.c
@@ -0,0 +1,925 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+/* CMS SignedData Utilities */
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
+        CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+        return NULL;
+    }
+    return cms->d.signedData;
+}
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+        if (!cms->d.signedData) {
+            CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.signedData->version = 1;
+        cms->d.signedData->encapContentInfo->eContentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        cms->d.signedData->encapContentInfo->partial = 1;
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+        return cms->d.signedData;
+    }
+    return cms_get0_signed(cms);
+}
+
+/* Just initialise SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+{
+    if (cms_signed_data_init(cms))
+        return 1;
+    else
+        return 0;
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+{
+    int i;
+    CMS_CertificateChoices *cch;
+    CMS_RevocationInfoChoice *rch;
+    CMS_SignerInfo *si;
+
+    for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
+        cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (sd->version < 4)
+                sd->version = 4;
+        } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
+            if (sd->version < 3)
+                sd->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        }
+    }
+
+    if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+        && (sd->version < 3))
+        sd->version = 3;
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+            if (si->version < 3)
+                si->version = 3;
+            if (sd->version < 3)
+                sd->version = 3;
+        } else if (si->version < 1)
+            si->version = 1;
+    }
+
+    if (sd->version < 1)
+        sd->version = 1;
+
+}
+
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *sitmp;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        ASN1_OCTET_STRING *messageDigest;
+        sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+        if (sitmp == si)
+            continue;
+        if (CMS_signed_get_attr_count(sitmp) < 0)
+            continue;
+        if (OBJ_cmp(si->digestAlgorithm->algorithm,
+                    sitmp->digestAlgorithm->algorithm))
+            continue;
+        messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+                                                    OBJ_nid2obj
+                                                    (NID_pkcs9_messageDigest),
+                                                    -3, V_ASN1_OCTET_STRING);
+        if (!messageDigest) {
+            CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            return 0;
+        }
+
+        if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                        V_ASN1_OCTET_STRING,
+                                        messageDigest, -1))
+            return 1;
+        else
+            return 0;
+    }
+    CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+    return 0;
+}
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+{
+    switch (type) {
+    case CMS_SIGNERINFO_ISSUER_SERIAL:
+        if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
+            return 0;
+        break;
+
+    case CMS_SIGNERINFO_KEYIDENTIFIER:
+        if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
+            return 0;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+        return 0;
+    }
+
+    sid->type = type;
+
+    return 1;
+}
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = sid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = sid->d.issuerAndSerialNumber->serialNumber;
+    } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = sid->d.subjectKeyIdentifier;
+    } else
+        return 0;
+    return 1;
+}
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
+    else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
+{
+    EVP_PKEY *pkey = si->pkey;
+    int i;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si = NULL;
+    X509_ALGOR *alg;
+    int i, type;
+    if (!X509_check_private_key(signer, pk)) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER,
+               CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+    sd = cms_signed_data_init(cms);
+    if (!sd)
+        goto err;
+    si = M_ASN1_new_of(CMS_SignerInfo);
+    if (!si)
+        goto merr;
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(signer, -1, -1);
+
+    X509_up_ref(signer);
+    EVP_PKEY_up_ref(pk);
+
+    si->pkey = pk;
+    si->signer = signer;
+    si->mctx = EVP_MD_CTX_new();
+    si->pctx = NULL;
+
+    if (si->mctx == NULL) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        si->version = 3;
+        if (sd->version < 3)
+            sd->version = 3;
+        type = CMS_SIGNERINFO_KEYIDENTIFIER;
+    } else {
+        type = CMS_SIGNERINFO_ISSUER_SERIAL;
+        si->version = 1;
+    }
+
+    if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+        goto err;
+
+    if (md == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+            goto err;
+        md = EVP_get_digestbynid(def_nid);
+        if (md == NULL) {
+            CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if (!md) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
+        goto err;
+    }
+
+    X509_ALGOR_set_md(si->digestAlgorithm, md);
+
+    /* See if digest is present in digestAlgorithms */
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        const ASN1_OBJECT *aoid;
+        alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+        if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+            break;
+    }
+
+    if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto merr;
+        X509_ALGOR_set_md(alg, md);
+        if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
+            X509_ALGOR_free(alg);
+            goto merr;
+        }
+    }
+
+    if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+    if (!(flags & CMS_NOATTR)) {
+        /*
+         * Initialize signed attributes structure so other attributes
+         * such as signing time etc are added later even if we add none here.
+         */
+        if (!si->signedAttrs) {
+            si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+            if (!si->signedAttrs)
+                goto merr;
+        }
+
+        if (!(flags & CMS_NOSMIMECAP)) {
+            STACK_OF(X509_ALGOR) *smcap = NULL;
+            i = CMS_add_standard_smimecap(&smcap);
+            if (i)
+                i = CMS_add_smimecap(si, smcap);
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            if (!i)
+                goto merr;
+        }
+        if (flags & CMS_REUSE_DIGEST) {
+            if (!cms_copy_messageDigest(cms, si))
+                goto err;
+            if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
+                !CMS_SignerInfo_sign(si))
+                goto err;
+        }
+    }
+
+    if (!(flags & CMS_NOCERTS)) {
+        /* NB ignore -1 return for duplicate cert */
+        if (!CMS_add1_cert(cms, signer))
+            goto merr;
+    }
+
+    if (flags & CMS_KEY_PARAM) {
+        if (flags & CMS_NOATTR) {
+            si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+            if (si->pctx == NULL)
+                goto err;
+            if (EVP_PKEY_sign_init(si->pctx) <= 0)
+                goto err;
+            if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
+                goto err;
+        } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
+                   0)
+            goto err;
+    }
+
+    if (!sd->signerInfos)
+        sd->signerInfos = sk_CMS_SignerInfo_new_null();
+    if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+        goto merr;
+
+    return si;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(si, CMS_SignerInfo);
+    return NULL;
+
+}
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+{
+    ASN1_TIME *tt;
+    int r = 0;
+    if (t)
+        tt = t;
+    else
+        tt = X509_gmtime_adj(NULL, 0);
+
+    if (!tt)
+        goto merr;
+
+    if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+                                    tt->type, tt, -1) <= 0)
+        goto merr;
+
+    r = 1;
+
+ merr:
+
+    if (!t)
+        ASN1_TIME_free(tt);
+
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+    return r;
+
+}
+
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
+{
+    return si->pctx;
+}
+
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
+{
+    return si->mctx;
+}
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+{
+    CMS_SignedData *sd;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    return sd->signerInfos;
+}
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *signers = NULL;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (si->signer) {
+            if (!signers) {
+                signers = sk_X509_new_null();
+                if (!signers)
+                    return NULL;
+            }
+            if (!sk_X509_push(signers, si->signer)) {
+                sk_X509_free(signers);
+                return NULL;
+            }
+        }
+    }
+    return signers;
+}
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+{
+    if (signer) {
+        X509_up_ref(signer);
+        EVP_PKEY_free(si->pkey);
+        si->pkey = X509_get_pubkey(signer);
+    }
+    X509_free(si->signer);
+    si->signer = signer;
+}
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+}
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+{
+    return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+}
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+                           unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) *certs;
+    X509 *x;
+    int i, j;
+    int ret = 0;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return -1;
+    certs = sd->certificates;
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->signer)
+            continue;
+
+        for (j = 0; j < sk_X509_num(scerts); j++) {
+            x = sk_X509_value(scerts, j);
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+
+        if (si->signer || (flags & CMS_NOINTERN))
+            continue;
+
+        for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
+            cch = sk_CMS_CertificateChoices_value(certs, j);
+            if (cch->type != 0)
+                continue;
+            x = cch->d.certificate;
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+    }
+    return ret;
+}
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (signer)
+        *signer = si->signer;
+    if (pdig)
+        *pdig = si->digestAlgorithm;
+    if (psig)
+        *psig = si->signatureAlgorithm;
+}
+
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
+{
+    return si->signature;
+}
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+                                       CMS_SignerInfo *si, BIO *chain)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int r = 0;
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+        goto err;
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+    /* Set SignerInfo algorithm details if we used custom parameter */
+    if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+
+    /*
+     * If any signed attributes calculate and add messageDigest attribute
+     */
+
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        ASN1_OBJECT *ctype =
+            cms->d.signedData->encapContentInfo->eContentType;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                         V_ASN1_OCTET_STRING, md, mdlen))
+            goto err;
+        /* Copy content type across */
+        if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                        V_ASN1_OBJECT, ctype, -1) <= 0)
+            goto err;
+        if (!CMS_SignerInfo_sign(si))
+            goto err;
+    } else if (si->pctx) {
+        unsigned char *sig;
+        size_t siglen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        pctx = si->pctx;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        siglen = EVP_PKEY_size(si->pkey);
+        sig = OPENSSL_malloc(siglen);
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    } else {
+        unsigned char *sig;
+        unsigned int siglen;
+        sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    }
+
+    r = 1;
+
+ err:
+    EVP_MD_CTX_free(mctx);
+    EVP_PKEY_CTX_free(pctx);
+    return r;
+
+}
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (!cms_SignerInfo_content_sign(cms, si, chain))
+            return 0;
+    }
+    cms->d.signedData->encapContentInfo->partial = 0;
+    return 1;
+}
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = si->mctx;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+
+    if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
+        if (!cms_add1_signingTime(si, NULL))
+            goto err;
+    }
+
+    if (si->pctx)
+        pctx = si->pctx;
+    else {
+        EVP_MD_CTX_reset(mctx);
+        if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Sign));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_reset(mctx);
+
+    ASN1_STRING_set0(si->signature, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_reset(mctx);
+    return 0;
+
+}
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen, r = -1;
+    const EVP_MD *md = NULL;
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+        return -1;
+    }
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return -1;
+    if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    mctx = si->mctx;
+    if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (!cms_sd_asn1_ctrl(si, 1))
+        goto err;
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Verify));
+    if (!abuf)
+        goto err;
+    r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
+    OPENSSL_free(abuf);
+    if (r <= 0) {
+        r = -1;
+        goto err;
+    }
+    r = EVP_DigestVerifyFinal(mctx,
+                              si->signature->data, si->signature->length);
+    if (r <= 0)
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ err:
+    EVP_MD_CTX_reset(mctx);
+    return r;
+}
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+{
+    int i;
+    CMS_SignedData *sd;
+    BIO *chain = NULL;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    if (cms->d.signedData->encapContentInfo->partial)
+        cms_sd_set_version(sd);
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        X509_ALGOR *digestAlgorithm;
+        BIO *mdbio;
+        digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+        if (!mdbio)
+            goto err;
+        if (chain)
+            BIO_push(chain, mdbio);
+        else
+            chain = mdbio;
+    }
+    return chain;
+ err:
+    BIO_free_all(chain);
+    return NULL;
+}
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int r = -1;
+    unsigned char mval[EVP_MAX_MD_SIZE];
+    unsigned int mlen;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* If we have any signed attributes look for messageDigest value */
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        os = CMS_signed_get0_data_by_OBJ(si,
+                                         OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                         -3, V_ASN1_OCTET_STRING);
+        if (!os) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            goto err;
+        }
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+               CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+        goto err;
+    }
+
+    /* If messageDigest found compare it */
+
+    if (os) {
+        if (mlen != (unsigned int)os->length) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(mval, os->data, mlen)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        } else
+            r = 1;
+    } else {
+        const EVP_MD *md = EVP_MD_CTX_md(mctx);
+        pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+        if (pkctx == NULL)
+            goto err;
+        if (EVP_PKEY_verify_init(pkctx) <= 0)
+            goto err;
+        if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
+            goto err;
+        si->pctx = pkctx;
+        if (!cms_sd_asn1_ctrl(si, 1))
+            goto err;
+        r = EVP_PKEY_verify(pkctx, si->signature->data,
+                            si->signature->length, mval, mlen);
+        if (r <= 0) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        }
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    EVP_MD_CTX_free(mctx);
+    return r;
+
+}
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+{
+    unsigned char *smder = NULL;
+    int smderlen, r;
+    smderlen = i2d_X509_ALGORS(algs, &smder);
+    if (smderlen <= 0)
+        return 0;
+    r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+                                    V_ASN1_SEQUENCE, smder, smderlen);
+    OPENSSL_free(smder);
+    return r;
+}
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize)
+{
+    X509_ALGOR *alg;
+    ASN1_INTEGER *key = NULL;
+    if (keysize > 0) {
+        key = ASN1_INTEGER_new();
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+            return 0;
+    }
+    alg = X509_ALGOR_new();
+    if (alg == NULL) {
+        ASN1_INTEGER_free(key);
+        return 0;
+    }
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+                    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+    if (*algs == NULL)
+        *algs = sk_X509_ALGOR_new_null();
+    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
+        X509_ALGOR_free(alg);
+        return 0;
+    }
+    return 1;
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+    if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+        || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+        || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+        return 0;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/cms/cms_smime.c b/openssl-1.1.0h/crypto/cms/cms_smime.c
new file mode 100644
index 0000000..7e7b6e5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cms/cms_smime.c
@@ -0,0 +1,842 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "internal/asn1_int.h"
+
+static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+{
+    BIO *rbio;
+    if (out == NULL)
+        rbio = BIO_new(BIO_s_null());
+    else if (flags & CMS_TEXT) {
+        rbio = BIO_new(BIO_s_mem());
+        BIO_set_mem_eof_return(rbio, 0);
+    } else
+        rbio = out;
+    return rbio;
+}
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+{
+    unsigned char buf[4096];
+    int r = 0, i;
+    BIO *tmpout;
+
+    tmpout = cms_get_text_bio(out, flags);
+
+    if (tmpout == NULL) {
+        CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Read all content through chain to process digest, decrypt etc */
+    for (;;) {
+        i = BIO_read(in, buf, sizeof(buf));
+        if (i <= 0) {
+            if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(in))
+                    goto err;
+            }
+            if (i < 0)
+                goto err;
+            break;
+        }
+
+        if (tmpout && (BIO_write(tmpout, buf, i) != i))
+            goto err;
+    }
+
+    if (flags & CMS_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
+            goto err;
+        }
+    }
+
+    r = 1;
+
+ err:
+    if (tmpout != out)
+        BIO_free(tmpout);
+    return r;
+
+}
+
+static int check_content(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos || !*pos) {
+        CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+        return 0;
+    }
+    return 1;
+}
+
+static void do_free_upto(BIO *f, BIO *upto)
+{
+    if (upto) {
+        BIO *tbio;
+        do {
+            tbio = BIO_pop(f);
+            BIO_free(f);
+            f = tbio;
+        }
+        while (f && f != upto);
+    } else
+        BIO_free_all(f);
+}
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
+        CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+        return 0;
+    }
+    cont = CMS_dataInit(cms, NULL);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    BIO_free_all(cont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    cms = cms_Data_create();
+    if (!cms)
+        return NULL;
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+
+    return NULL;
+}
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
+        CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    if (r)
+        r = cms_DigestedData_do_final(cms, cont, 1);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!md)
+        md = EVP_sha1();
+    cms = cms_DigestedData_create(md);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+               CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!cipher) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+    if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+                                      X509_STORE *store,
+                                      STACK_OF(X509) *certs,
+                                      STACK_OF(X509_CRL) *crls)
+{
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+    X509 *signer;
+    int i, j, r = 0;
+
+    if (ctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+    if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
+        goto err;
+    }
+    X509_STORE_CTX_set_default(ctx, "smime_sign");
+    if (crls)
+        X509_STORE_CTX_set0_crls(ctx, crls);
+
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        j = X509_STORE_CTX_get_error(ctx);
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+               CMS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    r = 1;
+ err:
+    X509_STORE_CTX_free(ctx);
+    return r;
+
+}
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+{
+    CMS_SignerInfo *si;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    STACK_OF(X509) *cms_certs = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *signer;
+    int i, scount = 0, ret = 0;
+    BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
+
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (dcont && !(flags & CMS_BINARY)) {
+        const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+        if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+            flags |= CMS_ASCIICRLF;
+    }
+
+    /* Attempt to find all signer certificates */
+
+    sinfos = CMS_get0_SignerInfos(cms);
+
+    if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+        goto err;
+    }
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+        if (signer)
+            scount++;
+    }
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos))
+        scount += CMS_set1_signers_certs(cms, certs, flags);
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos)) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+
+    /* Attempt to verify all signers certs */
+
+    if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
+        cms_certs = CMS_get1_certs(cms);
+        if (!(flags & CMS_NOCRL))
+            crls = CMS_get1_crls(cms);
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
+                goto err;
+        }
+    }
+
+    /* Attempt to verify all SignerInfo signed attribute signatures */
+
+    if (!(flags & CMS_NO_ATTR_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_signed_get_attr_count(si) < 0)
+                continue;
+            if (CMS_SignerInfo_verify(si) <= 0)
+                goto err;
+        }
+    }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(dcont, &ptr);
+        tmpin = BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err2;
+        }
+    } else
+        tmpin = dcont;
+    /*
+     * If not binary mode and detached generate digests by *writing* through
+     * the BIO. That makes it possible to canonicalise the input.
+     */
+    if (!(flags & SMIME_BINARY) && dcont) {
+        /*
+         * Create output BIO so we can either handle text or to ensure
+         * included content doesn't override detached content.
+         */
+        tmpout = cms_get_text_bio(out, flags);
+        if (!tmpout) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        cmsbio = CMS_dataInit(cms, tmpout);
+        if (!cmsbio)
+            goto err;
+        /*
+         * Don't use SMIME_TEXT for verify: it adds headers and we want to
+         * remove them.
+         */
+        SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
+
+        if (flags & CMS_TEXT) {
+            if (!SMIME_text(tmpout, out)) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+                goto err;
+            }
+        }
+    } else {
+        cmsbio = CMS_dataInit(cms, tmpin);
+        if (!cmsbio)
+            goto err;
+
+        if (!cms_copy_content(out, cmsbio, flags))
+            goto err;
+
+    }
+    if (!(flags & CMS_NO_CONTENT_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
+                goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    if (!(flags & SMIME_BINARY) && dcont) {
+        do_free_upto(cmsbio, tmpout);
+        if (tmpin != dcont)
+            BIO_free(tmpin);
+    } else {
+        if (dcont && (tmpin == dcont))
+            do_free_upto(cmsbio, dcont);
+        else
+            BIO_free_all(cmsbio);
+    }
+
+    if (out != tmpout)
+        BIO_free_all(tmpout);
+
+ err2:
+    sk_X509_pop_free(cms_certs, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+    return ret;
+}
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags)
+{
+    int r;
+    flags &= ~(CMS_DETACHED | CMS_TEXT);
+    r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+    if (r <= 0)
+        return r;
+    return cms_Receipt_verify(rcms, ocms);
+}
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL || !CMS_SignedData_init(cms))
+        goto merr;
+    if (flags & CMS_ASCIICRLF
+        && !CMS_set1_eContentType(cms,
+                                  OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+        goto err;
+
+    if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
+        CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        X509 *x = sk_X509_value(certs, i);
+        if (!CMS_add1_cert(cms, x))
+            goto merr;
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags)
+{
+    CMS_SignerInfo *rct_si;
+    CMS_ContentInfo *cms = NULL;
+    ASN1_OCTET_STRING **pos, *os;
+    BIO *rct_cont = NULL;
+    int r = 0;
+
+    flags &= ~(CMS_STREAM | CMS_TEXT);
+    /* Not really detached but avoids content being allocated */
+    flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
+    if (!pkey || !signcert) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+        return NULL;
+    }
+
+    /* Initialize signed data */
+
+    cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+    if (!cms)
+        goto err;
+
+    /* Set inner content type to signed receipt */
+    if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+        goto err;
+
+    rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+    if (!rct_si) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    os = cms_encode_Receipt(si);
+
+    if (!os)
+        goto err;
+
+    /* Set content to digest */
+    rct_cont = BIO_new_mem_buf(os->data, os->length);
+    if (!rct_cont)
+        goto err;
+
+    /* Add msgSigDigest attribute */
+
+    if (!cms_msgSigDigest_add1(rct_si, si))
+        goto err;
+
+    /* Finalize structure */
+    if (!CMS_final(cms, rct_cont, NULL, flags))
+        goto err;
+
+    /* Set embedded content */
+    pos = CMS_get0_content(cms);
+    *pos = os;
+
+    r = 1;
+
+ err:
+    BIO_free(rct_cont);
+    if (r)
+        return cms;
+    CMS_ContentInfo_free(cms);
+    return NULL;
+
+}
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+                             const EVP_CIPHER *cipher, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+    X509 *recip;
+    cms = CMS_EnvelopedData_create(cipher);
+    if (!cms)
+        goto merr;
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        recip = sk_X509_value(certs, i);
+        if (!CMS_add1_recipient_cert(cms, recip, flags)) {
+            CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+            goto err;
+        }
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                              EVP_PKEY *pk, X509 *cert)
+{
+    int i;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    CMS_RecipientEncryptedKey *rek;
+    reks = CMS_RecipientInfo_kari_get0_reks(ri);
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        int rv;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+            continue;
+        CMS_RecipientInfo_kari_set0_pkey(ri, pk);
+        rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
+        CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
+        if (rv > 0)
+            return 1;
+        return cert == NULL ? 0 : -1;
+    }
+    return 0;
+}
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r, ri_type;
+    int debug = 0, match_ri = 0;
+    ris = CMS_get0_RecipientInfos(cms);
+    if (ris)
+        debug = cms->d.envelopedData->encryptedContentInfo->debug;
+    ri_type = cms_pkey_get_ri_type(pk);
+    if (ri_type == CMS_RECIPINFO_NONE) {
+        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != ri_type)
+            continue;
+        match_ri = 1;
+        if (ri_type == CMS_RECIPINFO_AGREE) {
+            r = cms_kari_set1_pkey(cms, ri, pk, cert);
+            if (r > 0)
+                return 1;
+            if (r < 0)
+                return 0;
+        }
+        /*
+         * If we have a cert try matching RecipientInfo otherwise try them
+         * all.
+         */
+        else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            CMS_RecipientInfo_set0_pkey(ri, pk);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_pkey(ri, NULL);
+            if (cert) {
+                /*
+                 * If not debugging clear any error and return success to
+                 * avoid leaking of information useful to MMA
+                 */
+                if (!debug) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (r > 0)
+                    return 1;
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            /*
+             * If no cert and not debugging don't leave loop after first
+             * successful decrypt. Always attempt to decrypt all recipients
+             * to avoid leaking timing of a successful decrypt.
+             */
+            else if (r > 0 && debug)
+                return 1;
+        }
+    }
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+            continue;
+
+        /*
+         * If we have an id try matching RecipientInfo otherwise try them
+         * all.
+         */
+        if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
+            CMS_RecipientInfo_set0_key(ri, key, keylen);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_key(ri, NULL, 0);
+            if (r > 0)
+                return 1;
+            if (id) {
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            ERR_clear_error();
+        }
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
+            continue;
+        CMS_RecipientInfo_set0_password(ri, pass, passlen);
+        r = CMS_RecipientInfo_decrypt(cms, ri);
+        CMS_RecipientInfo_set0_password(ri, NULL, 0);
+        if (r > 0)
+            return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags)
+{
+    int r;
+    BIO *cont;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+        return 0;
+    }
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (flags & CMS_DEBUG_DECRYPT)
+        cms->d.envelopedData->encryptedContentInfo->debug = 1;
+    else
+        cms->d.envelopedData->encryptedContentInfo->debug = 0;
+    if (!pk && !cert && !dcont && !out)
+        return 1;
+    if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+{
+    BIO *cmsbio;
+    int ret = 0;
+
+    if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, cmsbio, flags);
+
+    (void)BIO_flush(cmsbio);
+
+    if (!CMS_dataFinal(cms, cmsbio)) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    do_free_upto(cmsbio, dcont);
+
+    return ret;
+
+}
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (comp_nid <= 0)
+        comp_nid = NID_zlib_compression;
+    cms = cms_CompressedData_create(comp_nid);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return 0;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return NULL;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/comp/build.info b/openssl-1.1.0h/crypto/comp/build.info
new file mode 100644
index 0000000..65df46a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/comp/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        comp_lib.c comp_err.c \
+        c_zlib.c
diff --git a/openssl-1.1.0h/crypto/comp/c_zlib.c b/openssl-1.1.0h/crypto/comp/c_zlib.c
new file mode 100644
index 0000000..821dc09
--- /dev/null
+++ b/openssl-1.1.0h/crypto/comp/c_zlib.c
@@ -0,0 +1,615 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include "internal/comp.h"
+#include <openssl/err.h>
+#include "internal/cryptlib_int.h"
+#include "internal/bio.h"
+#include "comp_lcl.h"
+
+COMP_METHOD *COMP_zlib(void);
+
+static COMP_METHOD zlib_method_nozlib = {
+    NID_undef,
+    "(undef)",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+};
+
+#ifndef ZLIB
+# undef ZLIB_SHARED
+#else
+
+# include <zlib.h>
+
+static int zlib_stateful_init(COMP_CTX *ctx);
+static void zlib_stateful_finish(COMP_CTX *ctx);
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen);
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen);
+
+/* memory allocations functions for zlib initialisation */
+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
+{
+    void *p;
+
+    p = OPENSSL_zalloc(no * size);
+    return p;
+}
+
+static void zlib_zfree(void *opaque, void *address)
+{
+    OPENSSL_free(address);
+}
+
+
+static COMP_METHOD zlib_stateful_method = {
+    NID_zlib_compression,
+    LN_zlib_compression,
+    zlib_stateful_init,
+    zlib_stateful_finish,
+    zlib_stateful_compress_block,
+    zlib_stateful_expand_block
+};
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#  include <windows.h>
+# endif                         /* !(OPENSSL_SYS_WINDOWS ||
+                                 * OPENSSL_SYS_WIN32) */
+
+# ifdef ZLIB_SHARED
+#  include "internal/dso.h"
+
+/* Function pointers */
+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
+                            const Bytef *source, uLong sourceLen);
+typedef int (*inflateEnd_ft) (z_streamp strm);
+typedef int (*inflate_ft) (z_streamp strm, int flush);
+typedef int (*inflateInit__ft) (z_streamp strm,
+                                const char *version, int stream_size);
+typedef int (*deflateEnd_ft) (z_streamp strm);
+typedef int (*deflate_ft) (z_streamp strm, int flush);
+typedef int (*deflateInit__ft) (z_streamp strm, int level,
+                                const char *version, int stream_size);
+typedef const char *(*zError__ft) (int err);
+static compress_ft p_compress = NULL;
+static inflateEnd_ft p_inflateEnd = NULL;
+static inflate_ft p_inflate = NULL;
+static inflateInit__ft p_inflateInit_ = NULL;
+static deflateEnd_ft p_deflateEnd = NULL;
+static deflate_ft p_deflate = NULL;
+static deflateInit__ft p_deflateInit_ = NULL;
+static zError__ft p_zError = NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#  define compress                p_compress
+#  define inflateEnd              p_inflateEnd
+#  define inflate                 p_inflate
+#  define inflateInit_            p_inflateInit_
+#  define deflateEnd              p_deflateEnd
+#  define deflate                 p_deflate
+#  define deflateInit_            p_deflateInit_
+#  define zError                  p_zError
+# endif                         /* ZLIB_SHARED */
+
+struct zlib_state {
+    z_stream istream;
+    z_stream ostream;
+};
+
+static int zlib_stateful_init(COMP_CTX *ctx)
+{
+    int err;
+    struct zlib_state *state = OPENSSL_zalloc(sizeof(*state));
+
+    if (state == NULL)
+        goto err;
+
+    state->istream.zalloc = zlib_zalloc;
+    state->istream.zfree = zlib_zfree;
+    state->istream.opaque = Z_NULL;
+    state->istream.next_in = Z_NULL;
+    state->istream.next_out = Z_NULL;
+    err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    state->ostream.zalloc = zlib_zalloc;
+    state->ostream.zfree = zlib_zfree;
+    state->ostream.opaque = Z_NULL;
+    state->ostream.next_in = Z_NULL;
+    state->ostream.next_out = Z_NULL;
+    err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
+                       ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    ctx->data = state;
+    return 1;
+ err:
+    OPENSSL_free(state);
+    return 0;
+}
+
+static void zlib_stateful_finish(COMP_CTX *ctx)
+{
+    struct zlib_state *state = ctx->data;
+    inflateEnd(&state->istream);
+    deflateEnd(&state->ostream);
+    OPENSSL_free(state);
+}
+
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return -1;
+
+    state->ostream.next_in = in;
+    state->ostream.avail_in = ilen;
+    state->ostream.next_out = out;
+    state->ostream.avail_out = olen;
+    if (ilen > 0)
+        err = deflate(&state->ostream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->ostream.avail_out;
+}
+
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return 0;
+
+    state->istream.next_in = in;
+    state->istream.avail_in = ilen;
+    state->istream.next_out = out;
+    state->istream.avail_out = olen;
+    if (ilen > 0)
+        err = inflate(&state->istream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->istream.avail_out;
+}
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+{
+    COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+    /* LIBZ may be externally defined, and we should respect that value */
+# ifndef LIBZ
+#  if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#   define LIBZ "ZLIB1"
+#  elif defined(OPENSSL_SYS_VMS)
+#   define LIBZ "LIBZ"
+#  else
+#   define LIBZ "z"
+#  endif
+# endif
+
+    if (!zlib_loaded) {
+        zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
+        if (zlib_dso != NULL) {
+            p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+            p_inflateEnd
+                = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+            p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+            p_inflateInit_
+                = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
+            p_deflateEnd
+                = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+            p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+            p_deflateInit_
+                = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
+            p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+            if (p_compress && p_inflateEnd && p_inflate
+                && p_inflateInit_ && p_deflateEnd
+                && p_deflate && p_deflateInit_ && p_zError)
+                zlib_loaded++;
+
+            if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
+                comp_zlib_cleanup_int();
+                return meth;
+            }
+            if (zlib_loaded)
+                meth = &zlib_stateful_method;
+        }
+    }
+#endif
+#if defined(ZLIB)
+    meth = &zlib_stateful_method;
+#endif
+
+    return (meth);
+}
+
+void comp_zlib_cleanup_int(void)
+{
+#ifdef ZLIB_SHARED
+    if (zlib_dso != NULL)
+        DSO_free(zlib_dso);
+    zlib_dso = NULL;
+#endif
+}
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct {
+    unsigned char *ibuf;        /* Input buffer */
+    int ibufsize;               /* Buffer size */
+    z_stream zin;               /* Input decompress context */
+    unsigned char *obuf;        /* Output buffer */
+    int obufsize;               /* Output buffer size */
+    unsigned char *optr;        /* Position in output buffer */
+    int ocount;                 /* Amount of data in output buffer */
+    int odone;                  /* deflate EOF */
+    int comp_level;             /* Compression level to use */
+    z_stream zout;              /* Output compression context */
+} BIO_ZLIB_CTX;
+
+# define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD bio_meth_zlib = {
+    BIO_TYPE_COMP,
+    "zlib",
+    bio_zlib_write,
+    bio_zlib_read,
+    NULL,                      /* bio_zlib_puts, */
+    NULL,                      /* bio_zlib_gets, */
+    bio_zlib_ctrl,
+    bio_zlib_new,
+    bio_zlib_free,
+    bio_zlib_callback_ctrl
+};
+
+const BIO_METHOD *BIO_f_zlib(void)
+{
+    return &bio_meth_zlib;
+}
+
+static int bio_zlib_new(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+# ifdef ZLIB_SHARED
+    (void)COMP_zlib();
+    if (!zlib_loaded) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+        return 0;
+    }
+# endif
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->zin.zalloc = Z_NULL;
+    ctx->zin.zfree = Z_NULL;
+    ctx->zout.zalloc = Z_NULL;
+    ctx->zout.zfree = Z_NULL;
+    ctx->comp_level = Z_DEFAULT_COMPRESSION;
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int bio_zlib_free(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+    if (!bi)
+        return 0;
+    ctx = BIO_get_data(bi);
+    if (ctx->ibuf) {
+        /* Destroy decompress context */
+        inflateEnd(&ctx->zin);
+        OPENSSL_free(ctx->ibuf);
+    }
+    if (ctx->obuf) {
+        /* Destroy compress context */
+        deflateEnd(&ctx->zout);
+        OPENSSL_free(ctx->obuf);
+    }
+    OPENSSL_free(ctx);
+    BIO_set_data(bi, NULL);
+    BIO_set_init(bi, 0);
+
+    return 1;
+}
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zin;
+    BIO *next = BIO_next(b);
+
+    if (!out || !outl)
+        return 0;
+    ctx = BIO_get_data(b);
+    zin = &ctx->zin;
+    BIO_clear_retry_flags(b);
+    if (!ctx->ibuf) {
+        ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+        if (ctx->ibuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        inflateInit(zin);
+        zin->next_in = ctx->ibuf;
+        zin->avail_in = 0;
+    }
+
+    /* Copy output data directly to supplied buffer */
+    zin->next_out = (unsigned char *)out;
+    zin->avail_out = (unsigned int)outl;
+    for (;;) {
+        /* Decompress while data available */
+        while (zin->avail_in) {
+            ret = inflate(zin, 0);
+            if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
+                COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR);
+                ERR_add_error_data(2, "zlib error:", zError(ret));
+                return 0;
+            }
+            /* If EOF or we've read everything then return */
+            if ((ret == Z_STREAM_END) || !zin->avail_out)
+                return outl - zin->avail_out;
+        }
+
+        /*
+         * No data in input buffer try to read some in, if an error then
+         * return the total data read.
+         */
+        ret = BIO_read(next, ctx->ibuf, ctx->ibufsize);
+        if (ret <= 0) {
+            /* Total data read */
+            int tot = outl - zin->avail_out;
+            BIO_copy_next_retry(b);
+            if (ret < 0)
+                return (tot > 0) ? tot : ret;
+            return tot;
+        }
+        zin->avail_in = ret;
+        zin->next_in = ctx->ibuf;
+    }
+}
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    if (!in || !inl)
+        return 0;
+    ctx = BIO_get_data(b);
+    if (ctx->odone)
+        return 0;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    if (!ctx->obuf) {
+        ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+        /* Need error here */
+        if (ctx->obuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ctx->optr = ctx->obuf;
+        ctx->ocount = 0;
+        deflateInit(zout, ctx->comp_level);
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+    }
+    /* Obtain input data directly from supplied buffer */
+    zout->next_in = (void *)in;
+    zout->avail_in = inl;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                /* Total data written */
+                int tot = inl - zout->avail_in;
+                BIO_copy_next_retry(b);
+                if (ret < 0)
+                    return (tot > 0) ? tot : ret;
+                return tot;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+
+        /* Have we consumed all supplied data? */
+        if (!zout->avail_in)
+            return inl;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, 0);
+        if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static int bio_zlib_flush(BIO *b)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    ctx = BIO_get_data(b);
+    /* If no data written or already flush show success */
+    if (!ctx->obuf || (ctx->odone && !ctx->ocount))
+        return 1;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    /* No more input data */
+    zout->next_in = NULL;
+    zout->avail_in = 0;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                BIO_copy_next_retry(b);
+                return ret;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+        if (ctx->odone)
+            return 1;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, Z_FINISH);
+        if (ret == Z_STREAM_END)
+            ctx->odone = 1;
+        else if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret, *ip;
+    int ibs, obs;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    ctx = BIO_get_data(b);
+    switch (cmd) {
+
+    case BIO_CTRL_RESET:
+        ctx->ocount = 0;
+        ctx->odone = 0;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = bio_zlib_flush(b);
+        if (ret > 0)
+            ret = BIO_flush(next);
+        break;
+
+    case BIO_C_SET_BUFF_SIZE:
+        ibs = -1;
+        obs = -1;
+        if (ptr != NULL) {
+            ip = ptr;
+            if (*ip == 0)
+                ibs = (int)num;
+            else
+                obs = (int)num;
+        } else {
+            ibs = (int)num;
+            obs = ibs;
+        }
+
+        if (ibs != -1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = NULL;
+            ctx->ibufsize = ibs;
+        }
+
+        if (obs != -1) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = NULL;
+            ctx->obufsize = obs;
+        }
+        ret = 1;
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    }
+
+    return ret;
+}
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/comp/comp_err.c b/openssl-1.1.0h/crypto/comp/comp_err.c
new file mode 100644
index 0000000..8e2e695
--- /dev/null
+++ b/openssl-1.1.0h/crypto/comp/comp_err.c
@@ -0,0 +1,48 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/comp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
+
+static ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"},
+    {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"},
+    {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_COMP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, COMP_str_functs);
+        ERR_load_strings(0, COMP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/comp/comp_lcl.h b/openssl-1.1.0h/crypto/comp/comp_lcl.h
new file mode 100644
index 0000000..aa45fca
--- /dev/null
+++ b/openssl-1.1.0h/crypto/comp/comp_lcl.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+};
+
+struct comp_ctx_st {
+    struct comp_method_st *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+    void* data;
+};
diff --git a/openssl-1.1.0h/crypto/comp/comp_lib.c b/openssl-1.1.0h/crypto/comp/comp_lib.c
new file mode 100644
index 0000000..32afd0d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/comp/comp_lib.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include "comp_lcl.h"
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+{
+    COMP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return (NULL);
+    ret->meth = meth;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
+
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
+{
+    return ctx->meth;
+}
+
+int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+
+const char *COMP_get_name(const COMP_METHOD *meth)
+{
+    return meth->name;
+}
+
+void COMP_CTX_free(COMP_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    if (ctx->meth->finish != NULL)
+        ctx->meth->finish(ctx);
+
+    OPENSSL_free(ctx);
+}
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen)
+{
+    int ret;
+    if (ctx->meth->compress == NULL) {
+        return (-1);
+    }
+    ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->compress_in += ilen;
+        ctx->compress_out += ret;
+    }
+    return (ret);
+}
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen)
+{
+    int ret;
+
+    if (ctx->meth->expand == NULL) {
+        return (-1);
+    }
+    ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->expand_in += ilen;
+        ctx->expand_out += ret;
+    }
+    return (ret);
+}
+
+int COMP_CTX_get_type(const COMP_CTX* comp)
+{
+    return comp->meth ? comp->meth->type : NID_undef;
+}
diff --git a/openssl-1.1.0h/crypto/conf/build.info b/openssl-1.1.0h/crypto/conf/build.info
new file mode 100644
index 0000000..4438eb4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+        conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+        conf_mall.c conf_sap.c
diff --git a/openssl-1.1.0h/crypto/conf/conf_api.c b/openssl-1.1.0h/crypto/conf/conf_api.c
new file mode 100644
index 0000000..5535416
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_api.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "e_os.h"
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
+static void value_free_stack_doall(CONF_VALUE *a);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+{
+    CONF_VALUE *v, vv;
+
+    if ((conf == NULL) || (section == NULL))
+        return (NULL);
+    vv.name = NULL;
+    vv.section = (char *)section;
+    v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+    return (v);
+}
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section)
+{
+    CONF_VALUE *v;
+
+    v = _CONF_get_section(conf, section);
+    if (v != NULL)
+        return ((STACK_OF(CONF_VALUE) *)v->value);
+    else
+        return (NULL);
+}
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+{
+    CONF_VALUE *v = NULL;
+    STACK_OF(CONF_VALUE) *ts;
+
+    ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+    value->section = section->section;
+    if (!sk_CONF_VALUE_push(ts, value)) {
+        return 0;
+    }
+
+    v = lh_CONF_VALUE_insert(conf->data, value);
+    if (v != NULL) {
+        (void)sk_CONF_VALUE_delete_ptr(ts, v);
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 1;
+}
+
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name)
+{
+    CONF_VALUE *v, vv;
+    char *p;
+
+    if (name == NULL)
+        return (NULL);
+    if (conf != NULL) {
+        if (section != NULL) {
+            vv.name = (char *)name;
+            vv.section = (char *)section;
+            v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+            if (v != NULL)
+                return (v->value);
+            if (strcmp(section, "ENV") == 0) {
+                p = getenv(name);
+                if (p != NULL)
+                    return (p);
+            }
+        }
+        vv.section = "default";
+        vv.name = (char *)name;
+        v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+        if (v != NULL)
+            return (v->value);
+        else
+            return (NULL);
+    } else
+        return (getenv(name));
+}
+
+static unsigned long conf_value_hash(const CONF_VALUE *v)
+{
+    return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
+}
+
+static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
+{
+    int i;
+
+    if (a->section != b->section) {
+        i = strcmp(a->section, b->section);
+        if (i)
+            return (i);
+    }
+
+    if ((a->name != NULL) && (b->name != NULL)) {
+        i = strcmp(a->name, b->name);
+        return (i);
+    } else if (a->name == b->name)
+        return (0);
+    else
+        return ((a->name == NULL) ? -1 : 1);
+}
+
+int _CONF_new_data(CONF *conf)
+{
+    if (conf == NULL) {
+        return 0;
+    }
+    if (conf->data == NULL) {
+        conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
+        if (conf->data == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE;
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
+
+void _CONF_free_data(CONF *conf)
+{
+    if (conf == NULL || conf->data == NULL)
+        return;
+
+    /* evil thing to make sure the 'OPENSSL_free()' works as expected */
+    lh_CONF_VALUE_set_down_load(conf->data, 0);
+    lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data);
+
+    /*
+     * We now have only 'section' entries in the hash table. Due to problems
+     * with
+     */
+
+    lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
+    lh_CONF_VALUE_free(conf->data);
+}
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
+{
+    if (a->name != NULL)
+        (void)lh_CONF_VALUE_delete(conf, a);
+}
+
+static void value_free_stack_doall(CONF_VALUE *a)
+{
+    CONF_VALUE *vv;
+    STACK_OF(CONF_VALUE) *sk;
+    int i;
+
+    if (a->name != NULL)
+        return;
+
+    sk = (STACK_OF(CONF_VALUE) *)a->value;
+    for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) {
+        vv = sk_CONF_VALUE_value(sk, i);
+        OPENSSL_free(vv->value);
+        OPENSSL_free(vv->name);
+        OPENSSL_free(vv);
+    }
+    sk_CONF_VALUE_free(sk);
+    OPENSSL_free(a->section);
+    OPENSSL_free(a);
+}
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    int i;
+    CONF_VALUE *v = NULL, *vv;
+
+    if ((sk = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
+        goto err;
+    i = strlen(section) + 1;
+    if ((v->section = OPENSSL_malloc(i)) == NULL)
+        goto err;
+
+    memcpy(v->section, section, i);
+    v->name = NULL;
+    v->value = (char *)sk;
+
+    vv = lh_CONF_VALUE_insert(conf->data, v);
+    OPENSSL_assert(vv == NULL);
+    return v;
+
+ err:
+    sk_CONF_VALUE_free(sk);
+    OPENSSL_free(v);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_def.c b/openssl-1.1.0h/crypto/conf/conf_def.c
new file mode 100644
index 0000000..b443903
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_def.c
@@ -0,0 +1,642 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+/*
+ * The maximum length we can grow a value to after variable expansion. 64k
+ * should be more than enough for all reasonable uses.
+ */
+#define MAX_CONF_VALUE_LENGTH       65536
+
+static char *eat_ws(CONF *conf, char *p);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf, char *section, char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+static CONF_METHOD default_method = {
+    "OpenSSL default",
+    def_create,
+    def_init_default,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+static CONF_METHOD WIN32_method = {
+    "WIN32",
+    def_create,
+    def_init_WIN32,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+CONF_METHOD *NCONF_default()
+{
+    return &default_method;
+}
+
+CONF_METHOD *NCONF_WIN32()
+{
+    return &WIN32_method;
+}
+
+static CONF *def_create(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    ret = OPENSSL_malloc(sizeof(*ret));
+    if (ret != NULL)
+        if (meth->init(ret) == 0) {
+            OPENSSL_free(ret);
+            ret = NULL;
+        }
+    return ret;
+}
+
+static int def_init_default(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &default_method;
+    conf->meth_data = (void *)CONF_type_default;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_init_WIN32(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &WIN32_method;
+    conf->meth_data = (void *)CONF_type_win32;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_destroy(CONF *conf)
+{
+    if (def_destroy_data(conf)) {
+        OPENSSL_free(conf);
+        return 1;
+    }
+    return 0;
+}
+
+static int def_destroy_data(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+    _CONF_free_data(conf);
+    return 1;
+}
+
+static int def_load(CONF *conf, const char *name, long *line)
+{
+    int ret;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(name, "r");
+#else
+    in = BIO_new_file(name, "rb");
+#endif
+    if (in == NULL) {
+        if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+            CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+        else
+            CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+        return 0;
+    }
+
+    ret = def_load_bio(conf, in, line);
+    BIO_free(in);
+
+    return ret;
+}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE     512
+    int bufnum = 0, i, ii;
+    BUF_MEM *buff = NULL;
+    char *s, *p, *end;
+    int again;
+    long eline = 0;
+    char btmp[DECIMAL_SIZE(eline) + 1];
+    CONF_VALUE *v = NULL, *tv;
+    CONF_VALUE *sv = NULL;
+    char *section = NULL, *buf;
+    char *start, *psection, *pname;
+    void *h = (void *)(conf->data);
+
+    if ((buff = BUF_MEM_new()) == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+        goto err;
+    }
+
+    section = OPENSSL_strdup("default");
+    if (section == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (_CONF_new_data(conf) == 0) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    sv = _CONF_new_section(conf, section);
+    if (sv == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+        goto err;
+    }
+
+    bufnum = 0;
+    again = 0;
+    for (;;) {
+        if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
+            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+            goto err;
+        }
+        p = &(buff->data[bufnum]);
+        *p = '\0';
+        BIO_gets(in, p, CONFBUFSIZE - 1);
+        p[CONFBUFSIZE - 1] = '\0';
+        ii = i = strlen(p);
+        if (i == 0 && !again)
+            break;
+        again = 0;
+        while (i > 0) {
+            if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
+                break;
+            else
+                i--;
+        }
+        /*
+         * we removed some trailing stuff so there is a new line on the end.
+         */
+        if (ii && i == ii)
+            again = 1;          /* long line */
+        else {
+            p[i] = '\0';
+            eline++;            /* another input line */
+        }
+
+        /* we now have a line with trailing \r\n removed */
+
+        /* i is the number of bytes */
+        bufnum += i;
+
+        v = NULL;
+        /* check for line continuation */
+        if (bufnum >= 1) {
+            /*
+             * If we have bytes and the last char '\\' and second last char
+             * is not '\\'
+             */
+            p = &(buff->data[bufnum - 1]);
+            if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
+                bufnum--;
+                again = 1;
+            }
+        }
+        if (again)
+            continue;
+        bufnum = 0;
+        buf = buff->data;
+
+        clear_comments(conf, buf);
+        s = eat_ws(conf, buf);
+        if (IS_EOF(conf, *s))
+            continue;           /* blank line */
+        if (*s == '[') {
+            char *ss;
+
+            s++;
+            start = eat_ws(conf, s);
+            ss = start;
+ again:
+            end = eat_alpha_numeric(conf, ss);
+            p = eat_ws(conf, end);
+            if (*p != ']') {
+                if (*p != '\0' && ss != p) {
+                    ss = p;
+                    goto again;
+                }
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                goto err;
+            }
+            *end = '\0';
+            if (!str_copy(conf, NULL, &section, start))
+                goto err;
+            if ((sv = _CONF_get_section(conf, section)) == NULL)
+                sv = _CONF_new_section(conf, section);
+            if (sv == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+            }
+            continue;
+        } else {
+            pname = s;
+            psection = NULL;
+            end = eat_alpha_numeric(conf, s);
+            if ((end[0] == ':') && (end[1] == ':')) {
+                *end = '\0';
+                end += 2;
+                psection = pname;
+                pname = end;
+                end = eat_alpha_numeric(conf, end);
+            }
+            p = eat_ws(conf, end);
+            if (*p != '=') {
+                CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
+                goto err;
+            }
+            *end = '\0';
+            p++;
+            start = eat_ws(conf, p);
+            while (!IS_EOF(conf, *p))
+                p++;
+            p--;
+            while ((p != start) && (IS_WS(conf, *p)))
+                p--;
+            p++;
+            *p = '\0';
+
+            if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (psection == NULL)
+                psection = section;
+            v->name = OPENSSL_malloc(strlen(pname) + 1);
+            v->value = NULL;
+            if (v->name == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            OPENSSL_strlcpy(v->name, pname, strlen(pname) + 1);
+            if (!str_copy(conf, psection, &(v->value), start))
+                goto err;
+
+            if (strcmp(psection, section) != 0) {
+                if ((tv = _CONF_get_section(conf, psection))
+                    == NULL)
+                    tv = _CONF_new_section(conf, psection);
+                if (tv == NULL) {
+                    CONFerr(CONF_F_DEF_LOAD_BIO,
+                            CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                    goto err;
+                }
+            } else
+                tv = sv;
+            if (_CONF_add_string(conf, tv, v) == 0) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            v = NULL;
+        }
+    }
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    return (1);
+ err:
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    if (line != NULL)
+        *line = eline;
+    BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
+    ERR_add_error_data(2, "line ", btmp);
+    if (h != conf->data) {
+        CONF_free(conf->data);
+        conf->data = NULL;
+    }
+    if (v != NULL) {
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return (0);
+}
+
+static void clear_comments(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_FCOMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (!IS_WS(conf, *p)) {
+            break;
+        }
+        p++;
+    }
+
+    for (;;) {
+        if (IS_COMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (IS_DQUOTE(conf, *p)) {
+            p = scan_dquote(conf, p);
+            continue;
+        }
+        if (IS_QUOTE(conf, *p)) {
+            p = scan_quote(conf, p);
+            continue;
+        }
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (IS_EOF(conf, *p))
+            return;
+        else
+            p++;
+    }
+}
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+{
+    int q, r, rr = 0, to = 0, len = 0;
+    char *s, *e, *rp, *p, *rrp, *np, *cp, v;
+    BUF_MEM *buf;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        return (0);
+
+    len = strlen(from) + 1;
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    for (;;) {
+        if (IS_QUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from) && (*from != q)) {
+                if (IS_ESC(conf, *from)) {
+                    from++;
+                    if (IS_EOF(conf, *from))
+                        break;
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_DQUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from)) {
+                if (*from == q) {
+                    if (*(from + 1) == q) {
+                        from++;
+                    } else {
+                        break;
+                    }
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_ESC(conf, *from)) {
+            from++;
+            v = *(from++);
+            if (IS_EOF(conf, v))
+                break;
+            else if (v == 'r')
+                v = '\r';
+            else if (v == 'n')
+                v = '\n';
+            else if (v == 'b')
+                v = '\b';
+            else if (v == 't')
+                v = '\t';
+            buf->data[to++] = v;
+        } else if (IS_EOF(conf, *from))
+            break;
+        else if (*from == '$') {
+            size_t newsize;
+
+            /* try to expand it */
+            rrp = NULL;
+            s = &(from[1]);
+            if (*s == '{')
+                q = '}';
+            else if (*s == '(')
+                q = ')';
+            else
+                q = 0;
+
+            if (q)
+                s++;
+            cp = section;
+            e = np = s;
+            while (IS_ALPHA_NUMERIC(conf, *e))
+                e++;
+            if ((e[0] == ':') && (e[1] == ':')) {
+                cp = np;
+                rrp = e;
+                rr = *e;
+                *rrp = '\0';
+                e += 2;
+                np = e;
+                while (IS_ALPHA_NUMERIC(conf, *e))
+                    e++;
+            }
+            r = *e;
+            *e = '\0';
+            rp = e;
+            if (q) {
+                if (r != q) {
+                    CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
+                    goto err;
+                }
+                e++;
+            }
+            /*-
+             * So at this point we have
+             * np which is the start of the name string which is
+             *   '\0' terminated.
+             * cp which is the start of the section string which is
+             *   '\0' terminated.
+             * e is the 'next point after'.
+             * r and rr are the chars replaced by the '\0'
+             * rp and rrp is where 'r' and 'rr' came from.
+             */
+            p = _CONF_get_string(conf, cp, np);
+            if (rrp != NULL)
+                *rrp = rr;
+            *rp = r;
+            if (p == NULL) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
+                goto err;
+            }
+            newsize = strlen(p) + buf->length - (e - from);
+            if (newsize > MAX_CONF_VALUE_LENGTH) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
+                goto err;
+            }
+            if (!BUF_MEM_grow_clean(buf, newsize)) {
+                CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            while (*p)
+                buf->data[to++] = *(p++);
+
+            /*
+             * Since we change the pointer 'from', we also have to change the
+             * perceived length of the string it points at.  /RL
+             */
+            len -= e - from;
+            from = e;
+
+            /*
+             * In case there were no braces or parenthesis around the
+             * variable reference, we have to put back the character that was
+             * replaced with a '\0'.  /RL
+             */
+            *rp = r;
+        } else
+            buf->data[to++] = *(from++);
+    }
+    buf->data[to] = '\0';
+    OPENSSL_free(*pto);
+    *pto = buf->data;
+    OPENSSL_free(buf);
+    return (1);
+ err:
+    BUF_MEM_free(buf);
+    return (0);
+}
+
+static char *eat_ws(CONF *conf, char *p)
+{
+    while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
+        p++;
+    return (p);
+}
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
+            return (p);
+        p++;
+    }
+}
+
+static char *scan_quote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p)) && (*p != q)) {
+        if (IS_ESC(conf, *p)) {
+            p++;
+            if (IS_EOF(conf, *p))
+                return (p);
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return (p);
+}
+
+static char *scan_dquote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p))) {
+        if (*p == q) {
+            if (*(p + 1) == q) {
+                p++;
+            } else {
+                break;
+            }
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return (p);
+}
+
+static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
+{
+    if (a->name)
+        BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+    else
+        BIO_printf(out, "[[%s]]\n", a->section);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO);
+
+static int def_dump(const CONF *conf, BIO *out)
+{
+    lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out);
+    return 1;
+}
+
+static int def_is_number(const CONF *conf, char c)
+{
+    return IS_NUMBER(conf, c);
+}
+
+static int def_to_int(const CONF *conf, char c)
+{
+    return c - '0';
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_def.h b/openssl-1.1.0h/crypto/conf/conf_def.h
new file mode 100644
index 0000000..da4767e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_def.h
@@ -0,0 +1,129 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CONF_NUMBER             1
+#define CONF_UPPER              2
+#define CONF_LOWER              4
+#define CONF_UNDER              256
+#define CONF_PUNCTUATION        512
+#define CONF_WS                 16
+#define CONF_ESC                32
+#define CONF_QUOTE              64
+#define CONF_DQUOTE             1024
+#define CONF_COMMENT            128
+#define CONF_FCOMMENT           2048
+#define CONF_EOF                8
+#define CONF_HIGHBIT            4096
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((const unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+# define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+# define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+# define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else                           /* CHARSET_EBCDIC */
+
+# define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
+# define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
+# define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
+# define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
+# define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
+# define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
+#endif                          /* CHARSET_EBCDIC */
+
+static const unsigned short CONF_type_default[256] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100,
+    0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+};
+
+static const unsigned short CONF_type_win32[256] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100,
+    0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+    0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+};
diff --git a/openssl-1.1.0h/crypto/conf/conf_err.c b/openssl-1.1.0h/crypto/conf/conf_err.c
new file mode 100644
index 0000000..0863bc4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_err.c
@@ -0,0 +1,81 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
+
+static ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
+    {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
+    {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
+    {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"},
+    {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"},
+    {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"},
+    {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"},
+    {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"},
+    {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"},
+    {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
+    {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
+    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
+    {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
+    {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
+    {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
+    {ERR_FUNC(CONF_F_STR_COPY), "str_copy"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL), "list cannot be null"},
+    {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+     "missing close square bracket"},
+    {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
+    {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
+    {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
+     "module initialization error"},
+    {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_REASON(CONF_R_NO_CONF), "no conf"},
+    {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+     "no conf or environment variable"},
+    {ERR_REASON(CONF_R_NO_SECTION), "no section"},
+    {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_REASON(CONF_R_NO_VALUE), "no value"},
+    {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+     "unable to create new section"},
+    {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
+    {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG),
+     "variable expansion too long"},
+    {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CONF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CONF_str_functs);
+        ERR_load_strings(0, CONF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_lib.c b/openssl-1.1.0h/crypto/conf/conf_lib.c
new file mode 100644
index 0000000..3532114
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_lib.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <internal/conf.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+#include "e_os.h"
+
+static CONF_METHOD *default_CONF_method = NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
+{
+    if (default_CONF_method == NULL)
+        default_CONF_method = NCONF_default();
+
+    default_CONF_method->init(conf);
+    conf->data = hash;
+}
+
+/*
+ * The following section contains the "CONF classic" functions, rewritten in
+ * terms of the new CONF interface.
+ */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+{
+    default_CONF_method = meth;
+    return 1;
+}
+
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline)
+{
+    LHASH_OF(CONF_VALUE) *ltmp;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(file, "r");
+#else
+    in = BIO_new_file(file, "rb");
+#endif
+    if (in == NULL) {
+        CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+        return NULL;
+    }
+
+    ltmp = CONF_load_bio(conf, in, eline);
+    BIO_free(in);
+
+    return ltmp;
+}
+
+#ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline)
+{
+    BIO *btmp;
+    LHASH_OF(CONF_VALUE) *ltmp;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ltmp = CONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ltmp;
+}
+#endif
+
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline)
+{
+    CONF ctmp;
+    int ret;
+
+    CONF_set_nconf(&ctmp, conf);
+
+    ret = NCONF_load_bio(&ctmp, bp, eline);
+    if (ret)
+        return ctmp.data;
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section)
+{
+    if (conf == NULL) {
+        return NULL;
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_section(&ctmp, section);
+    }
+}
+
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name)
+{
+    if (conf == NULL) {
+        return NCONF_get_string(NULL, group, name);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_string(&ctmp, group, name);
+    }
+}
+
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name)
+{
+    int status;
+    long result = 0;
+
+    if (conf == NULL) {
+        status = NCONF_get_number_e(NULL, group, name, &result);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        status = NCONF_get_number_e(&ctmp, group, name, &result);
+    }
+
+    if (status == 0) {
+        /* This function does not believe in errors... */
+        ERR_clear_error();
+    }
+    return result;
+}
+
+void CONF_free(LHASH_OF(CONF_VALUE) *conf)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    NCONF_free_data(&ctmp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = CONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return NCONF_dump_bio(&ctmp, out);
+}
+
+/*
+ * The following section contains the "New CONF" functions.  They are
+ * completely centralised around a new CONF structure that may contain
+ * basically anything, but at least a method pointer and a table of data.
+ * These functions are also written in terms of the bridge functions used by
+ * the "CONF classic" functions, for consistency.
+ */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    if (meth == NULL)
+        meth = NCONF_default();
+
+    ret = meth->create(meth);
+    if (ret == NULL) {
+        CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    return ret;
+}
+
+void NCONF_free(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy(conf);
+}
+
+void NCONF_free_data(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy_data(conf);
+}
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load(conf, file, eline);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load_bio(conf, bp, eline);
+}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+        return NULL;
+    }
+
+    if (section == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+        return NULL;
+    }
+
+    return _CONF_get_section_values(conf, section);
+}
+
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
+{
+    char *s = _CONF_get_string(conf, group, name);
+
+    /*
+     * Since we may get a value from an environment variable even if conf is
+     * NULL, let's check the value first
+     */
+    if (s)
+        return s;
+
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_STRING,
+                CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+        return NULL;
+    }
+    CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+    ERR_add_error_data(4, "group=", group, " name=", name);
+    return NULL;
+}
+
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result)
+{
+    char *str;
+
+    if (result == NULL) {
+        CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    str = NCONF_get_string(conf, group, name);
+
+    if (str == NULL)
+        return 0;
+
+    for (*result = 0; conf->meth->is_number(conf, *str);) {
+        *result = (*result) * 10 + conf->meth->to_int(conf, *str);
+        str++;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->dump(conf, out);
+}
+
+/*
+ * These routines call the C malloc/free, to avoid intermixing with
+ * OpenSSL function pointers before the library is initialized.
+ */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
+{
+    OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
+
+    if (ret != NULL)
+        memset(ret, 0, sizeof(*ret));
+    return ret;
+}
+
+
+#ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *appname)
+{
+    char *newappname = NULL;
+
+    if (appname != NULL) {
+        newappname = strdup(appname);
+        if (newappname == NULL)
+            return 0;
+    }
+
+    free(settings->appname);
+    settings->appname = newappname;
+
+    return 1;
+}
+#endif
+
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
+{
+    free(settings->appname);
+    free(settings);
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_mall.c b/openssl-1.1.0h/crypto/conf/conf_mall.c
new file mode 100644
index 0000000..4e7a434
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_mall.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+{
+    /* Add builtin modules here */
+    ASN1_add_oid_module();
+    ASN1_add_stable_module();
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_add_conf_module();
+#endif
+    EVP_add_alg_module();
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_mod.c b/openssl-1.1.0h/crypto/conf/conf_mod.c
new file mode 100644
index 0000000..543a8ea
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_mod.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/conf.h"
+#include "internal/dso.h"
+#include <openssl/x509.h>
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+/*
+ * This structure contains a data about supported modules. entries in this
+ * table correspond to either dynamic or static modules.
+ */
+
+struct conf_module_st {
+    /* DSO of this module or NULL if static */
+    DSO *dso;
+    /* Name of the module */
+    char *name;
+    /* Init function */
+    conf_init_func *init;
+    /* Finish function */
+    conf_finish_func *finish;
+    /* Number of successfully initialized modules */
+    int links;
+    void *usr_data;
+};
+
+/*
+ * This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a given
+ * module.
+ */
+
+struct conf_imodule_st {
+    CONF_MODULE *pmod;
+    char *name;
+    char *value;
+    unsigned long flags;
+    void *usr_data;
+};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc,
+                               conf_finish_func *ffunc);
+static CONF_MODULE *module_find(const char *name);
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
+                                    const char *value);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags)
+{
+    STACK_OF(CONF_VALUE) *values;
+    CONF_VALUE *vl;
+    char *vsection = NULL;
+
+    int ret, i;
+
+    if (!cnf)
+        return 1;
+
+    if (appname)
+        vsection = NCONF_get_string(cnf, NULL, appname);
+
+    if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+        vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+
+    if (!vsection) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    values = NCONF_get_section(cnf, vsection);
+
+    if (!values)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        vl = sk_CONF_VALUE_value(values, i);
+        ret = module_run(cnf, vl->name, vl->value, flags);
+        if (ret <= 0)
+            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+                return ret;
+    }
+
+    return 1;
+
+}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags)
+{
+    char *file = NULL;
+    CONF *conf = NULL;
+    int ret = 0;
+    conf = NCONF_new(NULL);
+    if (conf == NULL)
+        goto err;
+
+    if (filename == NULL) {
+        file = CONF_get1_default_config_file();
+        if (!file)
+            goto err;
+    } else
+        file = (char *)filename;
+
+    if (NCONF_load(conf, file, NULL) <= 0) {
+        if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+            (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
+            ERR_clear_error();
+            ret = 1;
+        }
+        goto err;
+    }
+
+    ret = CONF_modules_load(conf, appname, flags);
+
+ err:
+    if (filename == NULL)
+        OPENSSL_free(file);
+    NCONF_free(conf);
+
+    return ret;
+}
+
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags)
+{
+    CONF_MODULE *md;
+    int ret;
+
+    md = module_find(name);
+
+    /* Module not found: try to load DSO */
+    if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+        md = module_load_dso(cnf, name, value);
+
+    if (!md) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+            ERR_add_error_data(2, "module=", name);
+        }
+        return -1;
+    }
+
+    ret = module_init(md, name, value, cnf);
+
+    if (ret <= 0) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            char rcode[DECIMAL_SIZE(ret) + 1];
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+            BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
+            ERR_add_error_data(6, "module=", name, ", value=", value,
+                               ", retcode=", rcode);
+        }
+    }
+
+    return ret;
+}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf,
+                                    const char *name, const char *value)
+{
+    DSO *dso = NULL;
+    conf_init_func *ifunc;
+    conf_finish_func *ffunc;
+    const char *path = NULL;
+    int errcode = 0;
+    CONF_MODULE *md;
+    /* Look for alternative path in module section */
+    path = NCONF_get_string(cnf, value, "path");
+    if (!path) {
+        ERR_clear_error();
+        path = name;
+    }
+    dso = DSO_load(NULL, path, NULL, 0);
+    if (!dso) {
+        errcode = CONF_R_ERROR_LOADING_DSO;
+        goto err;
+    }
+    ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+    if (!ifunc) {
+        errcode = CONF_R_MISSING_INIT_FUNCTION;
+        goto err;
+    }
+    ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+    /* All OK, add module */
+    md = module_add(dso, name, ifunc, ffunc);
+
+    if (!md)
+        goto err;
+
+    return md;
+
+ err:
+    DSO_free(dso);
+    CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+    ERR_add_error_data(4, "module=", name, ", path=", path);
+    return NULL;
+}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc, conf_finish_func *ffunc)
+{
+    CONF_MODULE *tmod = NULL;
+    if (supported_modules == NULL)
+        supported_modules = sk_CONF_MODULE_new_null();
+    if (supported_modules == NULL)
+        return NULL;
+    tmod = OPENSSL_zalloc(sizeof(*tmod));
+    if (tmod == NULL)
+        return NULL;
+
+    tmod->dso = dso;
+    tmod->name = OPENSSL_strdup(name);
+    tmod->init = ifunc;
+    tmod->finish = ffunc;
+    if (tmod->name == NULL) {
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+        OPENSSL_free(tmod->name);
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    return tmod;
+}
+
+/*
+ * Find a module from the list. We allow module names of the form
+ * modname.XXXX to just search for modname to allow the same module to be
+ * initialized more than once.
+ */
+
+static CONF_MODULE *module_find(const char *name)
+{
+    CONF_MODULE *tmod;
+    int i, nchar;
+    char *p;
+    p = strrchr(name, '.');
+
+    if (p)
+        nchar = p - name;
+    else
+        nchar = strlen(name);
+
+    for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
+        tmod = sk_CONF_MODULE_value(supported_modules, i);
+        if (strncmp(tmod->name, name, nchar) == 0)
+            return tmod;
+    }
+
+    return NULL;
+
+}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf)
+{
+    int ret = 1;
+    int init_called = 0;
+    CONF_IMODULE *imod = NULL;
+
+    /* Otherwise add initialized module to list */
+    imod = OPENSSL_malloc(sizeof(*imod));
+    if (imod == NULL)
+        goto err;
+
+    imod->pmod = pmod;
+    imod->name = OPENSSL_strdup(name);
+    imod->value = OPENSSL_strdup(value);
+    imod->usr_data = NULL;
+
+    if (!imod->name || !imod->value)
+        goto memerr;
+
+    /* Try to initialize module */
+    if (pmod->init) {
+        ret = pmod->init(imod, cnf);
+        init_called = 1;
+        /* Error occurred, exit */
+        if (ret <= 0)
+            goto err;
+    }
+
+    if (initialized_modules == NULL) {
+        initialized_modules = sk_CONF_IMODULE_new_null();
+        if (!initialized_modules) {
+            CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
+        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pmod->links++;
+
+    return ret;
+
+ err:
+
+    /* We've started the module so we'd better finish it */
+    if (pmod->finish && init_called)
+        pmod->finish(imod);
+
+ memerr:
+    if (imod) {
+        OPENSSL_free(imod->name);
+        OPENSSL_free(imod->value);
+        OPENSSL_free(imod);
+    }
+
+    return -1;
+
+}
+
+/*
+ * Unload any dynamic modules that have a link count of zero: i.e. have no
+ * active initialized modules. If 'all' is set then all modules are unloaded
+ * including static ones.
+ */
+
+void CONF_modules_unload(int all)
+{
+    int i;
+    CONF_MODULE *md;
+    CONF_modules_finish();
+    /* unload modules in reverse order */
+    for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
+        md = sk_CONF_MODULE_value(supported_modules, i);
+        /* If static or in use and 'all' not set ignore it */
+        if (((md->links > 0) || !md->dso) && !all)
+            continue;
+        /* Since we're working in reverse this is OK */
+        (void)sk_CONF_MODULE_delete(supported_modules, i);
+        module_free(md);
+    }
+    if (sk_CONF_MODULE_num(supported_modules) == 0) {
+        sk_CONF_MODULE_free(supported_modules);
+        supported_modules = NULL;
+    }
+}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+{
+    DSO_free(md->dso);
+    OPENSSL_free(md->name);
+    OPENSSL_free(md);
+}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+{
+    CONF_IMODULE *imod;
+    while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
+        imod = sk_CONF_IMODULE_pop(initialized_modules);
+        module_finish(imod);
+    }
+    sk_CONF_IMODULE_free(initialized_modules);
+    initialized_modules = NULL;
+}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+{
+    if (!imod)
+        return;
+    if (imod->pmod->finish)
+        imod->pmod->finish(imod);
+    imod->pmod->links--;
+    OPENSSL_free(imod->name);
+    OPENSSL_free(imod->value);
+    OPENSSL_free(imod);
+}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc)
+{
+    if (module_add(NULL, name, ifunc, ffunc))
+        return 1;
+    else
+        return 0;
+}
+
+void conf_modules_free_int(void)
+{
+    CONF_modules_finish();
+    CONF_modules_unload(1);
+}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+{
+    return md->name;
+}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+{
+    return md->value;
+}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+{
+    return md->usr_data;
+}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+{
+    md->usr_data = usr_data;
+}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+{
+    return md->pmod;
+}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+{
+    return md->flags;
+}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+{
+    md->flags = flags;
+}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+{
+    return pmod->usr_data;
+}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+{
+    pmod->usr_data = usr_data;
+}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+{
+    char *file;
+    int len;
+
+    file = getenv("OPENSSL_CONF");
+    if (file)
+        return OPENSSL_strdup(file);
+
+    len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+    len++;
+#endif
+    len += strlen(OPENSSL_CONF);
+
+    file = OPENSSL_malloc(len + 1);
+
+    if (file == NULL)
+        return NULL;
+    OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1);
+#ifndef OPENSSL_SYS_VMS
+    OPENSSL_strlcat(file, "/", len + 1);
+#endif
+    OPENSSL_strlcat(file, OPENSSL_CONF, len + 1);
+
+    return file;
+}
+
+/*
+ * This function takes a list separated by 'sep' and calls the callback
+ * function giving the start and length of each member optionally stripping
+ * leading and trailing whitespace. This can be used to parse comma separated
+ * lists for example.
+ */
+
+int CONF_parse_list(const char *list_, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg)
+{
+    int ret;
+    const char *lstart, *tmpend, *p;
+
+    if (list_ == NULL) {
+        CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+        return 0;
+    }
+
+    lstart = list_;
+    for (;;) {
+        if (nospc) {
+            while (*lstart && isspace((unsigned char)*lstart))
+                lstart++;
+        }
+        p = strchr(lstart, sep);
+        if (p == lstart || !*lstart)
+            ret = list_cb(NULL, 0, arg);
+        else {
+            if (p)
+                tmpend = p - 1;
+            else
+                tmpend = lstart + strlen(lstart) - 1;
+            if (nospc) {
+                while (isspace((unsigned char)*tmpend))
+                    tmpend--;
+            }
+            ret = list_cb(lstart, tmpend - lstart + 1, arg);
+        }
+        if (ret <= 0)
+            return ret;
+        if (p == NULL)
+            return 1;
+        lstart = p + 1;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/conf/conf_sap.c b/openssl-1.1.0h/crypto/conf/conf_sap.c
new file mode 100644
index 0000000..bed95ab
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/conf_sap.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <internal/conf.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/*
+ * This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are
+ * called, unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname)
+{
+    OPENSSL_INIT_SETTINGS settings;
+
+    memset(&settings, 0, sizeof(settings));
+    if (appname != NULL)
+        settings.appname = strdup(appname);
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
+}
+#endif
+
+void openssl_config_int(const char *appname)
+{
+    if (openssl_configured)
+        return;
+
+    OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+    /* Need to load ENGINEs */
+    ENGINE_load_builtin_engines();
+#endif
+    ERR_clear_error();
+#ifndef OPENSSL_SYS_UEFI
+    CONF_modules_load_file(NULL, appname,
+                               CONF_MFLAGS_DEFAULT_SECTION |
+                               CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
+    openssl_configured = 1;
+}
+
+void openssl_no_config_int(void)
+{
+    openssl_configured = 1;
+}
diff --git a/openssl-1.1.0h/crypto/conf/keysets.pl b/openssl-1.1.0h/crypto/conf/keysets.pl
new file mode 100644
index 0000000..5af08ae
--- /dev/null
+++ b/openssl-1.1.0h/crypto/conf/keysets.pl
@@ -0,0 +1,141 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$NUMBER=0x01;
+$UPPER=0x02;
+$LOWER=0x04;
+$UNDER=0x100;
+$PUNCTUATION=0x200;
+$WS=0x10;
+$ESC=0x20;
+$QUOTE=0x40;
+$DQUOTE=0x400;
+$COMMENT=0x80;
+$FCOMMENT=0x800;
+$EOF=0x08;
+$HIGHBIT=0x1000;
+
+foreach (0 .. 255)
+	{
+	$v=0;
+	$c=sprintf("%c",$_);
+	$v|=$NUMBER	if ($c =~ /[0-9]/);
+	$v|=$UPPER	if ($c =~ /[A-Z]/);
+	$v|=$LOWER	if ($c =~ /[a-z]/);
+	$v|=$UNDER	if ($c =~ /_/);
+	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+	$v|=$WS		if ($c =~ /[ \t\r\n]/);
+	$v|=$ESC	if ($c =~ /\\/);
+	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
+	$v|=$COMMENT	if ($c =~ /\#/);
+	$v|=$EOF	if ($c =~ /\0/);
+	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+
+	push(@V_def,$v);
+	}
+
+foreach (0 .. 255)
+	{
+	$v=0;
+	$c=sprintf("%c",$_);
+	$v|=$NUMBER	if ($c =~ /[0-9]/);
+	$v|=$UPPER	if ($c =~ /[A-Z]/);
+	$v|=$LOWER	if ($c =~ /[a-z]/);
+	$v|=$UNDER	if ($c =~ /_/);
+	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+	$v|=$WS		if ($c =~ /[ \t\r\n]/);
+	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
+	$v|=$FCOMMENT	if ($c =~ /;/);
+	$v|=$EOF	if ($c =~ /\0/);
+	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+
+	push(@V_w32,$v);
+	}
+
+print <<"EOF";
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CONF_NUMBER             $NUMBER
+#define CONF_UPPER              $UPPER
+#define CONF_LOWER              $LOWER
+#define CONF_UNDER              $UNDER
+#define CONF_PUNCTUATION        $PUNCTUATION
+#define CONF_WS                 $WS
+#define CONF_ESC                $ESC
+#define CONF_QUOTE              $QUOTE
+#define CONF_DQUOTE             $DQUOTE
+#define CONF_COMMENT            $COMMENT
+#define CONF_FCOMMENT           $FCOMMENT
+#define CONF_EOF                $EOF
+#define CONF_HIGHBIT            $HIGHBIT
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((const unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+# define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+# define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+# define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else                           /* CHARSET_EBCDIC */
+
+# define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
+# define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
+# define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
+# define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
+# define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
+# define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
+#endif                          /* CHARSET_EBCDIC */
+
+EOF
+
+print "static const unsigned short CONF_type_default[256] = {";
+
+for ($i=0; $i<256; $i++)
+	{
+	print "\n   " if ($i % 8) == 0;
+	printf " 0x%04X,",$V_def[$i];
+	}
+
+print "\n};\n\n";
+
+print "static const unsigned short CONF_type_win32[256] = {";
+
+for ($i=0; $i<256; $i++)
+	{
+	print "\n   " if ($i % 8) == 0;
+	printf " 0x%04X,",$V_w32[$i];
+	}
+
+print "\n};\n";
diff --git a/openssl-1.1.0h/crypto/cpt_err.c b/openssl-1.1.0h/crypto/cpt_err.c
new file mode 100644
index 0000000..c28dcf1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cpt_err.c
@@ -0,0 +1,55 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
+
+static ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
+    {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"},
+    {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"},
+    {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"},
+    {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"},
+    {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
+    {ERR_REASON(CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"},
+    {ERR_REASON(CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CRYPTO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CRYPTO_str_functs);
+        ERR_load_strings(0, CRYPTO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/cryptlib.c b/openssl-1.1.0h/crypto/cryptlib.c
new file mode 100644
index 0000000..d93bcd3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cryptlib.c
@@ -0,0 +1,356 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "internal/cryptlib_int.h"
+#include <openssl/safestack.h>
+
+#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__x86_64) || defined(__x86_64__) || \
+        defined(_M_AMD64) || defined(_M_X64)
+
+extern unsigned int OPENSSL_ia32cap_P[4];
+
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#include <stdio.h>
+#  define OPENSSL_CPUID_SETUP
+typedef uint64_t IA32CAP;
+void OPENSSL_cpuid_setup(void)
+{
+    static int trigger = 0;
+    IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
+    IA32CAP vec;
+    char *env;
+
+    if (trigger)
+        return;
+
+    trigger = 1;
+    if ((env = getenv("OPENSSL_ia32cap"))) {
+        int off = (env[0] == '~') ? 1 : 0;
+#  if defined(_WIN32)
+        if (!sscanf(env + off, "%I64i", &vec))
+            vec = strtoul(env + off, NULL, 0);
+#  else
+        if (!sscanf(env + off, "%lli", (long long *)&vec))
+            vec = strtoul(env + off, NULL, 0);
+#  endif
+        if (off) {
+            IA32CAP mask = vec;
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
+            if (mask & (1<<24)) {
+                /*
+                 * User disables FXSR bit, mask even other capabilities
+                 * that operate exclusively on XMM, so we don't have to
+                 * double-check all the time. We mask PCLMULQDQ, AMD XOP,
+                 * AES-NI and AVX. Formally speaking we don't have to
+                 * do it in x86_64 case, but we can safely assume that
+                 * x86_64 users won't actually flip this flag.
+                 */
+                vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32);
+            }
+        } else if (env[0] == ':') {
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+        }
+
+        if ((env = strchr(env, ':'))) {
+            unsigned int vecx;
+            env++;
+            off = (env[0] == '~') ? 1 : 0;
+            vecx = strtoul(env + off, NULL, 0);
+            if (off)
+                OPENSSL_ia32cap_P[2] &= ~vecx;
+            else
+                OPENSSL_ia32cap_P[2] = vecx;
+        } else {
+            OPENSSL_ia32cap_P[2] = 0;
+        }
+    } else {
+        vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+    }
+
+    /*
+     * |(1<<10) sets a reserved bit to signal that variable
+     * was initialized already... This is to avoid interference
+     * with cpuid snippets in ELF .init segment.
+     */
+    OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10);
+    OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32);
+}
+# else
+unsigned int OPENSSL_ia32cap_P[4];
+# endif
+#endif
+int OPENSSL_NONPIC_relocated = 0;
+#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
+void OPENSSL_cpuid_setup(void)
+{
+}
+#endif
+
+#if defined(_WIN32)
+# include <tchar.h>
+# include <signal.h>
+# ifdef __WATCOMC__
+#  if defined(_UNICODE) || defined(__UNICODE__)
+#   define _vsntprintf _vsnwprintf
+#  else
+#   define _vsntprintf _vsnprintf
+#  endif
+# endif
+# ifdef _MSC_VER
+#  define alloca _alloca
+# endif
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+int OPENSSL_isservice(void)
+{
+    HWINSTA h;
+    DWORD len;
+    WCHAR *name;
+    static union {
+        void *p;
+        FARPROC f;
+    } _OPENSSL_isservice = {
+        NULL
+    };
+
+    if (_OPENSSL_isservice.p == NULL) {
+        HANDLE mod = GetModuleHandle(NULL);
+        if (mod != NULL)
+            _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice");
+        if (_OPENSSL_isservice.p == NULL)
+            _OPENSSL_isservice.p = (void *)-1;
+    }
+
+    if (_OPENSSL_isservice.p != (void *)-1)
+        return (*_OPENSSL_isservice.f) ();
+
+    h = GetProcessWindowStation();
+    if (h == NULL)
+        return -1;
+
+    if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) ||
+        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+        return -1;
+
+    if (len > 512)
+        return -1;              /* paranoia */
+    len++, len &= ~1;           /* paranoia */
+    name = (WCHAR *)alloca(len + sizeof(WCHAR));
+    if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len))
+        return -1;
+
+    len++, len &= ~1;           /* paranoia */
+    name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
+#  if 1
+    /*
+     * This doesn't cover "interactive" services [working with real
+     * WinSta0's] nor programs started non-interactively by Task Scheduler
+     * [those are working with SAWinSta].
+     */
+    if (wcsstr(name, L"Service-0x"))
+        return 1;
+#  else
+    /* This covers all non-interactive programs such as services. */
+    if (!wcsstr(name, L"WinSta0"))
+        return 1;
+#  endif
+    else
+        return 0;
+}
+# else
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+# endif
+
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+    va_list ap;
+    TCHAR buf[256];
+    const TCHAR *fmt;
+# ifdef STD_ERROR_HANDLE        /* what a dirty trick! */
+    HANDLE h;
+
+    if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+        GetFileType(h) != FILE_TYPE_UNKNOWN) {
+        /* must be console application */
+        int len;
+        DWORD out;
+
+        va_start(ap, fmta);
+        len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap);
+        WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL);
+        va_end(ap);
+        return;
+    }
+# endif
+
+    if (sizeof(TCHAR) == sizeof(char))
+        fmt = (const TCHAR *)fmta;
+    else
+        do {
+            int keepgoing;
+            size_t len_0 = strlen(fmta) + 1, i;
+            WCHAR *fmtw;
+
+            fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+            if (fmtw == NULL) {
+                fmt = (const TCHAR *)L"no stack?";
+                break;
+            }
+            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+                for (i = 0; i < len_0; i++)
+                    fmtw[i] = (WCHAR)fmta[i];
+            for (i = 0; i < len_0; i++) {
+                if (fmtw[i] == L'%')
+                    do {
+                        keepgoing = 0;
+                        switch (fmtw[i + 1]) {
+                        case L'0':
+                        case L'1':
+                        case L'2':
+                        case L'3':
+                        case L'4':
+                        case L'5':
+                        case L'6':
+                        case L'7':
+                        case L'8':
+                        case L'9':
+                        case L'.':
+                        case L'*':
+                        case L'-':
+                            i++;
+                            keepgoing = 1;
+                            break;
+                        case L's':
+                            fmtw[i + 1] = L'S';
+                            break;
+                        case L'S':
+                            fmtw[i + 1] = L's';
+                            break;
+                        case L'c':
+                            fmtw[i + 1] = L'C';
+                            break;
+                        case L'C':
+                            fmtw[i + 1] = L'c';
+                            break;
+                        }
+                    } while (keepgoing);
+            }
+            fmt = (const TCHAR *)fmtw;
+        } while (0);
+
+    va_start(ap, fmta);
+    _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap);
+    buf[OSSL_NELEM(buf) - 1] = _T('\0');
+    va_end(ap);
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+    /* this -------------v--- guards NT-specific calls */
+    if (check_winnt() && OPENSSL_isservice() > 0) {
+        HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+        if (hEventLog != NULL) {
+            const TCHAR *pmsg = buf;
+
+            if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+                             1, 0, &pmsg, NULL)) {
+#if defined(DEBUG)
+                /*
+                 * We are in a situation where we tried to report a critical
+                 * error and this failed for some reason. As a last resort,
+                 * in debug builds, send output to the debugger or any other
+                 * tool like DebugView which can monitor the output.
+                 */
+                OutputDebugString(pmsg);
+#endif
+            }
+
+            (void)DeregisterEventSource(hEventLog);
+        }
+    } else
+# endif
+        MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+}
+#else
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+#ifndef OPENSSL_NO_STDIO
+    va_list ap;
+
+    va_start(ap, fmta);
+    vfprintf(stderr, fmta, ap);
+    va_end(ap);
+#endif
+}
+
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+#endif
+
+void OPENSSL_die(const char *message, const char *file, int line)
+{
+    OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n",
+                      file, line, message);
+#if !defined(_WIN32)
+    abort();
+#else
+    /*
+     * Win32 abort() customarily shows a dialog, but we just did that...
+     */
+# if !defined(_WIN32_WCE)
+    raise(SIGABRT);
+# endif
+    _exit(3);
+#endif
+}
+
+#if !defined(OPENSSL_CPUID_OBJ)
+/* volatile unsigned char* pointers are there because
+ * 1. Accessing a variable declared volatile via a pointer
+ *    that lacks a volatile qualifier causes undefined behavior.
+ * 2. When the variable itself is not volatile the compiler is
+ *    not required to keep all those reads and can convert
+ *    this into canonical memcmp() which doesn't read the whole block.
+ * Pointers to volatile resolve the first problem fully. The second
+ * problem cannot be resolved in any Standard-compliant way but this
+ * works the problem around. Compilers typically react to
+ * pointers to volatile by preserving the reads and writes through them.
+ * The latter is not required by the Standard if the memory pointed to
+ * is not volatile.
+ * Pointers themselves are volatile in the function signature to work
+ * around a subtle bug in gcc 4.6+ which causes writes through
+ * pointers to volatile to not be emitted in some rare,
+ * never needed in real life, pieces of code.
+ */
+int CRYPTO_memcmp(const volatile void * volatile in_a,
+                  const volatile void * volatile in_b,
+                  size_t len)
+{
+    size_t i;
+    const volatile unsigned char *a = in_a;
+    const volatile unsigned char *b = in_b;
+    unsigned char x = 0;
+
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
+
+    return x;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ct/build.info b/openssl-1.1.0h/crypto/ct/build.info
new file mode 100644
index 0000000..3ca0e31
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c \
+                         ct_prn.c ct_sct.c ct_sct_ctx.c ct_vfy.c ct_x509v3.c
diff --git a/openssl-1.1.0h/crypto/ct/ct_b64.c b/openssl-1.1.0h/crypto/ct/ct_b64.c
new file mode 100644
index 0000000..f0bf3af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_b64.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "ct_locl.h"
+
+/*
+ * Decodes the base64 string |in| into |out|.
+ * A new string will be malloc'd and assigned to |out|. This will be owned by
+ * the caller. Do not provide a pre-allocated string in |out|.
+ */
+static int ct_base64_decode(const char *in, unsigned char **out)
+{
+    size_t inlen = strlen(in);
+    int outlen;
+    unsigned char *outbuf = NULL;
+
+    if (inlen == 0) {
+        *out = NULL;
+        return 0;
+    }
+
+    outlen = (inlen / 4) * 3;
+    outbuf = OPENSSL_malloc(outlen);
+    if (outbuf == NULL) {
+        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+    if (outlen < 0) {
+        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Subtract padding bytes from |outlen| */
+    while (in[--inlen] == '=') {
+        --outlen;
+    }
+
+    *out = outbuf;
+    return outlen;
+err:
+    OPENSSL_free(outbuf);
+    return -1;
+}
+
+SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+                         ct_log_entry_type_t entry_type, uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64)
+{
+    SCT *sct = SCT_new();
+    unsigned char *dec = NULL;
+    const unsigned char* p = NULL;
+    int declen;
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
+     * can only construct SCT versions that have been defined.
+     */
+    if (!SCT_set_version(sct, version)) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    declen = ct_base64_decode(logid_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    if (!SCT_set0_log_id(sct, dec, declen))
+        goto err;
+    dec = NULL;
+
+    declen = ct_base64_decode(extensions_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    SCT_set0_extensions(sct, dec, declen);
+    dec = NULL;
+
+    declen = ct_base64_decode(signature_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    p = dec;
+    if (o2i_SCT_signature(sct, &p, declen) <= 0)
+        goto err;
+    OPENSSL_free(dec);
+    dec = NULL;
+
+    SCT_set_timestamp(sct, timestamp);
+
+    if (!SCT_set_log_entry_type(sct, entry_type))
+        goto err;
+
+    return sct;
+
+ err:
+    OPENSSL_free(dec);
+    SCT_free(sct);
+    return NULL;
+}
+
+/*
+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
+ * It returns 1 on success,
+ * 0 on decoding failure, or invalid parameter if any
+ * -1 on internal (malloc) failure
+ */
+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+{
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    const unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+
+    if (ct_log == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    if (pkey_der_len <= 0) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    p = pkey_der;
+    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+    OPENSSL_free(pkey_der);
+    if (pkey == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    *ct_log = CTLOG_new(pkey, name);
+    if (*ct_log == NULL) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_err.c b/openssl-1.1.0h/crypto/ct/ct_err.c
new file mode 100644
index 0000000..fe0778b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_err.c
@@ -0,0 +1,87 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ct.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CT,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CT,0,reason)
+
+static ERR_STRING_DATA CT_str_functs[] = {
+    {ERR_FUNC(CT_F_CTLOG_NEW), "CTLOG_new"},
+    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"},
+    {ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "ctlog_new_from_conf"},
+    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "ctlog_store_load_ctx_new"},
+    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"},
+    {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_LOG), "ctlog_store_load_log"},
+    {ERR_FUNC(CT_F_CTLOG_STORE_NEW), "CTLOG_STORE_new"},
+    {ERR_FUNC(CT_F_CT_BASE64_DECODE), "ct_base64_decode"},
+    {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_NEW), "CT_POLICY_EVAL_CTX_new"},
+    {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "ct_v1_log_id_from_pkey"},
+    {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},
+    {ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"},
+    {ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"},
+    {ERR_FUNC(CT_F_O2I_SCT), "o2i_SCT"},
+    {ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
+    {ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
+    {ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},
+    {ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"},
+    {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
+    {ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},
+    {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
+    {ERR_FUNC(CT_F_SCT_SET1_EXTENSIONS), "SCT_set1_extensions"},
+    {ERR_FUNC(CT_F_SCT_SET1_LOG_ID), "SCT_set1_log_id"},
+    {ERR_FUNC(CT_F_SCT_SET1_SIGNATURE), "SCT_set1_signature"},
+    {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
+    {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
+    {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CT_str_reasons[] = {
+    {ERR_REASON(CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_REASON(CT_R_INVALID_LOG_ID_LENGTH), "invalid log id length"},
+    {ERR_REASON(CT_R_LOG_CONF_INVALID), "log conf invalid"},
+    {ERR_REASON(CT_R_LOG_CONF_INVALID_KEY), "log conf invalid key"},
+    {ERR_REASON(CT_R_LOG_CONF_MISSING_DESCRIPTION),
+     "log conf missing description"},
+    {ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},
+    {ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},
+    {ERR_REASON(CT_R_SCT_FUTURE_TIMESTAMP), "sct future timestamp"},
+    {ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},
+    {ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},
+    {ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},
+    {ERR_REASON(CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+    {ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"},
+    {ERR_REASON(CT_R_SCT_UNSUPPORTED_VERSION), "sct unsupported version"},
+    {ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID),
+     "unrecognized signature nid"},
+    {ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},
+    {ERR_REASON(CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CT_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CT_str_functs);
+        ERR_load_strings(0, CT_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_locl.h b/openssl-1.1.0h/crypto/ct/ct_locl.h
new file mode 100644
index 0000000..9f983c9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_locl.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/ct.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+/*
+ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+ * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
+ */
+# define MAX_SCT_SIZE            65535
+# define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
+
+/*
+ * Macros to read and write integers in network-byte order.
+ */
+
+#define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                            (((unsigned int)((c)[1]))    )),c+=2)
+
+#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+#define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* Signed Certificate Timestamp */
+struct sct_st {
+    sct_version_t version;
+    /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
+    unsigned char *sct;
+    size_t sct_len;
+    /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
+    unsigned char *log_id;
+    size_t log_id_len;
+    /*
+    * Note, we cannot distinguish between an unset timestamp, and one
+    * that is set to 0.  However since CT didn't exist in 1970, no real
+    * SCT should ever be set as such.
+    */
+    uint64_t timestamp;
+    unsigned char *ext;
+    size_t ext_len;
+    unsigned char hash_alg;
+    unsigned char sig_alg;
+    unsigned char *sig;
+    size_t sig_len;
+    /* Log entry type */
+    ct_log_entry_type_t entry_type;
+    /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
+    sct_source_t source;
+    /* The result of the last attempt to validate this SCT. */
+    sct_validation_status_t validation_status;
+};
+
+/* Miscellaneous data that is useful when verifying an SCT  */
+struct sct_ctx_st {
+    /* Public key */
+    EVP_PKEY *pkey;
+    /* Hash of public key */
+    unsigned char *pkeyhash;
+    size_t pkeyhashlen;
+    /* For pre-certificate: issuer public key hash */
+    unsigned char *ihash;
+    size_t ihashlen;
+    /* certificate encoding */
+    unsigned char *certder;
+    size_t certderlen;
+    /* pre-certificate encoding */
+    unsigned char *preder;
+    size_t prederlen;
+    /* milliseconds since epoch (to check that the SCT isn't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/* Context when evaluating whether a Certificate Transparency policy is met */
+struct ct_policy_eval_ctx_st {
+    X509 *cert;
+    X509 *issuer;
+    CTLOG_STORE *log_store;
+    /* milliseconds since epoch (to check that SCTs aren't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/*
+ * Creates a new context for verifying an SCT.
+ */
+SCT_CTX *SCT_CTX_new(void);
+/*
+ * Deletes an SCT verification context.
+ */
+void SCT_CTX_free(SCT_CTX *sctx);
+
+/*
+ * Sets the certificate that the SCT was created for.
+ * If *cert does not have a poison extension, presigner must be NULL.
+ * If *cert does not have a poison extension, it may have a single SCT
+ * (NID_ct_precert_scts) extension.
+ * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
+ * extension, both must have one.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+
+/*
+ * Sets the issuer of the certificate that the SCT was created for.
+ * This is just a convenience method to save extracting the public key and
+ * calling SCT_CTX_set1_issuer_pubkey().
+ * Issuer must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+
+/*
+ * Sets the public key of the issuer of the certificate that the SCT was created
+ * for.
+ * The public key must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the public key of the CT log that the SCT is from.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the time to evaluate the SCT against, in milliseconds since the Unix
+ * epoch. If the SCT's timestamp is after this time, it will be interpreted as
+ * having been issued in the future. RFC6962 states that "TLS clients MUST
+ * reject SCTs whose timestamp is in the future", so an SCT will not validate
+ * in this case.
+ */
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
+
+/*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
+ * Does this SCT have the minimum fields populated to be usable?
+ * Returns 1 if so, 0 otherwise.
+ */
+__owur int SCT_is_complete(const SCT *sct);
+
+/*
+ * Does this SCT have the signature-related fields populated?
+ * Returns 1 if so, 0 otherwise.
+ * This checks that the signature and hash algorithms are set to supported
+ * values and that the signature field is set.
+ */
+__owur int SCT_signature_is_complete(const SCT *sct);
+
+/*
+ * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
+ * and o2i_SCT_signature conform to the i2d/d2i conventions.
+ */
+
+/*
+* Serialize (to TLS format) an |sct| signature and write it to |out|.
+* If |out| is null, no signature will be output but the length will be returned.
+* If |out| points to a null pointer, a string will be allocated to hold the
+* TLS-format signature. It is the responsibility of the caller to free it.
+* If |out| points to an allocated string, the signature will be written to it.
+* The length of the signature in TLS format will be returned.
+*/
+__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+
+/*
+* Parses an SCT signature in TLS format and populates the |sct| with it.
+* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| will be advanced to the end of the signature if parsing succeeds.
+* |len| should be the length of the signature in |in|.
+* Returns the number of bytes parsed, or a negative integer if an error occurs.
+* If an error occurs, the SCT's signature NID may be updated whilst the
+* signature field itself remains unset.
+*/
+__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
+
+/*
+ * Handlers for Certificate Transparency X509v3/OCSP extensions
+ */
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
diff --git a/openssl-1.1.0h/crypto/ct/ct_log.c b/openssl-1.1.0h/crypto/ct/ct_log.c
new file mode 100644
index 0000000..d442322
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_log.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/conf.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/safestack.h>
+
+#include "internal/cryptlib.h"
+
+/*
+ * Information about a CT log server.
+ */
+struct ctlog_st {
+    char *name;
+    uint8_t log_id[CT_V1_HASHLEN];
+    EVP_PKEY *public_key;
+};
+
+/*
+ * A store for multiple CTLOG instances.
+ * It takes ownership of any CTLOG instances added to it.
+ */
+struct ctlog_store_st {
+    STACK_OF(CTLOG) *logs;
+};
+
+/* The context when loading a CT log list from a CONF file. */
+typedef struct ctlog_store_load_ctx_st {
+    CTLOG_STORE *log_store;
+    CONF *conf;
+    size_t invalid_log_entries;
+} CTLOG_STORE_LOAD_CTX;
+
+/*
+ * Creates an empty context for loading a CT log store.
+ * It should be populated before use.
+ */
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new();
+
+/*
+ * Deletes a CT log store load context.
+ * Does not delete any of the fields.
+ */
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
+
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new()
+{
+    CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return ctx;
+}
+
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+/* Converts a log's public key into a SHA256 log ID */
+static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
+                                  unsigned char log_id[CT_V1_HASHLEN])
+{
+    int ret = 0;
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
+
+    if (pkey_der_len <= 0) {
+        CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
+        goto err;
+    }
+
+    SHA256(pkey_der, pkey_der_len, log_id);
+    ret = 1;
+err:
+    OPENSSL_free(pkey_der);
+    return ret;
+}
+
+CTLOG_STORE *CTLOG_STORE_new(void)
+{
+    CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->logs = sk_CTLOG_new_null();
+    if (ret->logs == NULL)
+        goto err;
+
+    return ret;
+err:
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void CTLOG_STORE_free(CTLOG_STORE *store)
+{
+    if (store != NULL) {
+        sk_CTLOG_pop_free(store->logs, CTLOG_free);
+        OPENSSL_free(store);
+    }
+}
+
+static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
+{
+    const char *description = NCONF_get_string(conf, section, "description");
+    char *pkey_base64;
+
+    if (description == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+        return 0;
+    }
+
+    pkey_base64 = NCONF_get_string(conf, section, "key");
+    if (pkey_base64 == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+        return 0;
+    }
+
+    return CTLOG_new_from_base64(ct_log, pkey_base64, description);
+}
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
+{
+    const char *fpath = getenv(CTLOG_FILE_EVP);
+
+    if (fpath == NULL)
+      fpath = CTLOG_FILE;
+
+    return CTLOG_STORE_load_file(store, fpath);
+}
+
+/*
+ * Called by CONF_parse_list, which stops if this returns <= 0,
+ * Otherwise, one bad log entry would stop loading of any of
+ * the following log entries.
+ * It may stop parsing and returns -1 on any internal (malloc) error.
+ */
+static int ctlog_store_load_log(const char *log_name, int log_name_len,
+                                void *arg)
+{
+    CTLOG_STORE_LOAD_CTX *load_ctx = arg;
+    CTLOG *ct_log = NULL;
+    /* log_name may not be null-terminated, so fix that before using it */
+    char *tmp;
+    int ret = 0;
+
+    /* log_name will be NULL for empty list entries */
+    if (log_name == NULL)
+        return 1;
+
+    tmp = OPENSSL_strndup(log_name, log_name_len);
+    if (tmp == NULL)
+        goto mem_err;
+
+    ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
+    OPENSSL_free(tmp);
+
+    if (ret < 0) {
+        /* Propagate any internal error */
+        return ret;
+    }
+    if (ret == 0) {
+        /* If we can't load this log, record that fact and skip it */
+        ++load_ctx->invalid_log_entries;
+        return 1;
+    }
+
+    if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
+        goto mem_err;
+    }
+    return 1;
+
+mem_err:
+    CTLOG_free(ct_log);
+    CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
+{
+    int ret = 0;
+    char *enabled_logs;
+    CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
+
+    if (load_ctx == NULL)
+        return 0;
+    load_ctx->log_store = store;
+    load_ctx->conf = NCONF_new(NULL);
+    if (load_ctx->conf == NULL)
+        goto end;
+
+    if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
+    if (enabled_logs == NULL) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
+        load_ctx->invalid_log_entries > 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    ret = 1;
+end:
+    NCONF_free(load_ctx->conf);
+    ctlog_store_load_ctx_free(load_ctx);
+    return ret;
+}
+
+/*
+ * Initialize a new CTLOG object.
+ * Takes ownership of the public key.
+ * Copies the name.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
+{
+    CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->name = OPENSSL_strdup(name);
+    if (ret->name == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
+        goto err;
+
+    ret->public_key = public_key;
+    return ret;
+err:
+    CTLOG_free(ret);
+    return NULL;
+}
+
+/* Frees CT log and associated structures */
+void CTLOG_free(CTLOG *log)
+{
+    if (log != NULL) {
+        OPENSSL_free(log->name);
+        EVP_PKEY_free(log->public_key);
+        OPENSSL_free(log);
+    }
+}
+
+const char *CTLOG_get0_name(const CTLOG *log)
+{
+    return log->name;
+}
+
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len)
+{
+    *log_id = log->log_id;
+    *log_id_len = CT_V1_HASHLEN;
+}
+
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log)
+{
+    return log->public_key;
+}
+
+/*
+ * Given a log ID, finds the matching log.
+ * Returns NULL if no match found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len)
+{
+    int i;
+
+    for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
+        const CTLOG *log = sk_CTLOG_value(store->logs, i);
+        if (memcmp(log->log_id, log_id, log_id_len) == 0)
+            return log;
+    }
+
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_oct.c b/openssl-1.1.0h/crypto/ct/ct_oct.c
new file mode 100644
index 0000000..0dd691c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_oct.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/asn1.h>
+#include <openssl/buffer.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+
+#include "ct_locl.h"
+
+int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+{
+    size_t siglen;
+    size_t len_remaining = len;
+    const unsigned char *p;
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        return -1;
+    }
+    /*
+     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+     * Signature algorithm (2 bytes + ?) Signature
+     *
+     * This explicitly rejects empty signatures: they're invalid for
+     * all supported algorithms.
+     */
+    if (len <= 4) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    p = *in;
+    /* Get hash and signature algorithm */
+    sct->hash_alg = *p++;
+    sct->sig_alg = *p++;
+    if (SCT_get_signature_nid(sct) == NID_undef) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+    /* Retrieve signature and check it is consistent with the buffer length */
+    n2s(p, siglen);
+    len_remaining -= (p - *in);
+    if (siglen > len_remaining) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    if (SCT_set1_signature(sct, p, siglen) != 1)
+        return -1;
+    len_remaining -= siglen;
+    *in = p + siglen;
+
+    return len - len_remaining;
+}
+
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+{
+    SCT *sct = NULL;
+    const unsigned char *p;
+
+    if (len == 0 || len > MAX_SCT_SIZE) {
+        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+        goto err;
+    }
+
+    if ((sct = SCT_new()) == NULL)
+        goto err;
+
+    p = *in;
+
+    sct->version = *p;
+    if (sct->version == SCT_VERSION_V1) {
+        int sig_len;
+        size_t len2;
+        /*-
+         * Fixed-length header:
+         *   struct {
+         *     Version sct_version;     (1 byte)
+         *     log_id id;               (32 bytes)
+         *     uint64 timestamp;        (8 bytes)
+         *     CtExtensions extensions; (2 bytes + ?)
+         *   }
+         */
+        if (len < 43) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= 43;
+        p++;
+        sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+        if (sct->log_id == NULL)
+            goto err;
+        sct->log_id_len = CT_V1_HASHLEN;
+        p += CT_V1_HASHLEN;
+
+        n2l8(p, sct->timestamp);
+
+        n2s(p, len2);
+        if (len < len2) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        if (len2 > 0) {
+            sct->ext = BUF_memdup(p, len2);
+            if (sct->ext == NULL)
+                goto err;
+        }
+        sct->ext_len = len2;
+        p += len2;
+        len -= len2;
+
+        sig_len = o2i_SCT_signature(sct, &p, len);
+        if (sig_len <= 0) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= sig_len;
+        *in = p + len;
+    } else {
+        /* If not V1 just cache encoding */
+        sct->sct = BUF_memdup(p, len);
+        if (sct->sct == NULL)
+            goto err;
+        sct->sct_len = len;
+        *in = p + len;
+    }
+
+    if (psct != NULL) {
+        SCT_free(*psct);
+        *psct = sct;
+    }
+
+    return sct;
+err:
+    SCT_free(sct);
+    return NULL;
+}
+
+int i2o_SCT_signature(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_signature_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        goto err;
+    }
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    /*
+    * (1 byte) Hash algorithm
+    * (1 byte) Signature algorithm
+    * (2 bytes + ?) Signature
+    */
+    len = 4 + sct->sig_len;
+
+    if (out != NULL) {
+        if (*out != NULL) {
+            p = *out;
+            *out += len;
+        } else {
+            pstart = p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *out = p;
+        }
+
+        *p++ = sct->hash_alg;
+        *p++ = sct->sig_alg;
+        s2n(sct->sig_len, p);
+        memcpy(p, sct->sig, sct->sig_len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+int i2o_SCT(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+        goto err;
+    }
+    /*
+     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
+     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
+     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
+     * bytes + ?) Signature
+     */
+    if (sct->version == SCT_VERSION_V1)
+        len = 43 + sct->ext_len + 4 + sct->sig_len;
+    else
+        len = sct->sct_len;
+
+    if (out == NULL)
+        return len;
+
+    if (*out != NULL) {
+        p = *out;
+        *out += len;
+    } else {
+        pstart = p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        *out = p;
+    }
+
+    if (sct->version == SCT_VERSION_V1) {
+        *p++ = sct->version;
+        memcpy(p, sct->log_id, CT_V1_HASHLEN);
+        p += CT_V1_HASHLEN;
+        l2n8(sct->timestamp, p);
+        s2n(sct->ext_len, p);
+        if (sct->ext_len > 0) {
+            memcpy(p, sct->ext, sct->ext_len);
+            p += sct->ext_len;
+        }
+        if (i2o_SCT_signature(sct, &p) <= 0)
+            goto err;
+    } else {
+        memcpy(p, sct->sct, len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len)
+{
+    STACK_OF(SCT) *sk = NULL;
+    size_t list_len, sct_len;
+
+    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    n2s(*pp, list_len);
+    if (list_len != len - 2) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        sk = sk_SCT_new_null();
+        if (sk == NULL)
+            return NULL;
+    } else {
+        SCT *sct;
+
+        /* Use the given stack, but empty it first. */
+        sk = *a;
+        while ((sct = sk_SCT_pop(sk)) != NULL)
+            SCT_free(sct);
+    }
+
+    while (list_len > 0) {
+        SCT *sct;
+
+        if (list_len < 2) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        n2s(*pp, sct_len);
+        list_len -= 2;
+
+        if (sct_len == 0 || sct_len > list_len) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        list_len -= sct_len;
+
+        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
+            goto err;
+        if (!sk_SCT_push(sk, sct)) {
+            SCT_free(sct);
+            goto err;
+        }
+    }
+
+    if (a != NULL && *a == NULL)
+        *a = sk;
+    return sk;
+
+ err:
+    if (a == NULL || *a == NULL)
+        SCT_LIST_free(sk);
+    return NULL;
+}
+
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+{
+    int len, sct_len, i, is_pp_new = 0;
+    size_t len2;
+    unsigned char *p = NULL, *p2;
+
+    if (pp != NULL) {
+        if (*pp == NULL) {
+            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
+                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                return -1;
+            }
+            if ((*pp = OPENSSL_malloc(len)) == NULL) {
+                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            is_pp_new = 1;
+        }
+        p = *pp + 2;
+    }
+
+    len2 = 2;
+    for (i = 0; i < sk_SCT_num(a); i++) {
+        if (pp != NULL) {
+            p2 = p;
+            p += 2;
+            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
+                goto err;
+            s2n(sct_len, p2);
+        } else {
+          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
+              goto err;
+        }
+        len2 += 2 + sct_len;
+    }
+
+    if (len2 > MAX_SCT_LIST_SIZE)
+        goto err;
+
+    if (pp != NULL) {
+        p = *pp;
+        s2n(len2 - 2, p);
+        if (!is_pp_new)
+            *pp += len2;
+    }
+    return len2;
+
+ err:
+    if (is_pp_new) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return -1;
+}
+
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    STACK_OF(SCT) *sk = NULL;
+    const unsigned char *p;
+
+    p = *pp;
+    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
+        return NULL;
+
+    p = oct->data;
+    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
+        *pp += len;
+
+    ASN1_OCTET_STRING_free(oct);
+    return sk;
+}
+
+int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
+{
+    ASN1_OCTET_STRING oct;
+    int len;
+
+    oct.data = NULL;
+    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
+        return -1;
+
+    len = i2d_ASN1_OCTET_STRING(&oct, out);
+    OPENSSL_free(oct.data);
+    return len;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_policy.c b/openssl-1.1.0h/crypto/ct/ct_policy.c
new file mode 100644
index 0000000..0d7b346
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_policy.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <time.h>
+
+#include "ct_locl.h"
+
+/*
+ * Number of seconds in the future that an SCT timestamp can be, by default,
+ * without being considered invalid. This is added to time() when setting a
+ * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+ * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+ */
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
+{
+    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+
+    if (ctx == NULL) {
+        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
+    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
+            1000;
+
+    return ctx;
+}
+
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    X509_free(ctx->cert);
+    X509_free(ctx->issuer);
+    OPENSSL_free(ctx);
+}
+
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+{
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
+}
+
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+{
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
+}
+
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store)
+{
+    ctx->log_store = log_store;
+}
+
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
+{
+    ctx->epoch_time_in_ms = time_in_ms;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->issuer;
+}
+
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->log_store;
+}
+
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->epoch_time_in_ms;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_prn.c b/openssl-1.1.0h/crypto/ct/ct_prn.c
new file mode 100644
index 0000000..376e045
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_prn.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+
+#include "ct_locl.h"
+
+static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
+{
+    int nid = SCT_get_signature_nid(sct);
+
+    if (nid == NID_undef)
+        BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
+    else
+        BIO_printf(out, "%s", OBJ_nid2ln(nid));
+}
+
+static void timestamp_print(uint64_t timestamp, BIO *out)
+{
+    ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
+    char genstr[20];
+
+    if (gen == NULL)
+        return;
+    ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
+                             (int)(timestamp / 86400000),
+                             (timestamp % 86400000) / 1000);
+    /*
+     * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
+     * characters long with a final Z. Update it with fractional seconds.
+     */
+    BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
+                 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
+    if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
+        ASN1_GENERALIZEDTIME_print(out, gen);
+    ASN1_GENERALIZEDTIME_free(gen);
+}
+
+const char *SCT_validation_status_string(const SCT *sct)
+{
+
+    switch (SCT_get_validation_status(sct)) {
+    case SCT_VALIDATION_STATUS_NOT_SET:
+        return "not set";
+    case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
+        return "unknown version";
+    case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
+        return "unknown log";
+    case SCT_VALIDATION_STATUS_UNVERIFIED:
+        return "unverified";
+    case SCT_VALIDATION_STATUS_INVALID:
+        return "invalid";
+    case SCT_VALIDATION_STATUS_VALID:
+        return "valid";
+    }
+    return "unknown status";
+}
+
+void SCT_print(const SCT *sct, BIO *out, int indent,
+               const CTLOG_STORE *log_store)
+{
+    const CTLOG *log = NULL;
+
+    if (log_store != NULL) {
+        log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
+                                         sct->log_id_len);
+    }
+
+    BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
+    BIO_printf(out, "\n%*sVersion   : ", indent + 4, "");
+
+    if (sct->version != SCT_VERSION_V1) {
+        BIO_printf(out, "unknown\n%*s", indent + 16, "");
+        BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
+        return;
+    }
+
+    BIO_printf(out, "v1 (0x0)");
+
+    if (log != NULL) {
+        BIO_printf(out, "\n%*sLog       : %s", indent + 4, "",
+                   CTLOG_get0_name(log));
+    }
+
+    BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
+
+    BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
+    timestamp_print(sct->timestamp, out);
+
+    BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
+    if (sct->ext_len == 0)
+        BIO_printf(out, "none");
+    else
+        BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
+
+    BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
+    SCT_signature_algorithms_print(sct, out);
+    BIO_printf(out, "\n%*s            ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
+}
+
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *log_store)
+{
+    int sct_count = sk_SCT_num(sct_list);
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        SCT *sct = sk_SCT_value(sct_list, i);
+
+        SCT_print(sct, out, indent, log_store);
+        if (i < sk_SCT_num(sct_list) - 1)
+            BIO_printf(out, "%s", separator);
+    }
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_sct.c b/openssl-1.1.0h/crypto/ct/ct_sct.c
new file mode 100644
index 0000000..cd2cf60
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_sct.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT *SCT_new(void)
+{
+    SCT *sct = OPENSSL_zalloc(sizeof(*sct));
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
+    sct->version = SCT_VERSION_NOT_SET;
+    return sct;
+}
+
+void SCT_free(SCT *sct)
+{
+    if (sct == NULL)
+        return;
+
+    OPENSSL_free(sct->log_id);
+    OPENSSL_free(sct->ext);
+    OPENSSL_free(sct->sig);
+    OPENSSL_free(sct->sct);
+    OPENSSL_free(sct);
+}
+
+void SCT_LIST_free(STACK_OF(SCT) *a)
+{
+    sk_SCT_pop_free(a, SCT_free);
+}
+
+int SCT_set_version(SCT *sct, sct_version_t version)
+{
+    if (version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    sct->version = version;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
+{
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    switch (entry_type) {
+    case CT_LOG_ENTRY_TYPE_X509:
+    case CT_LOG_ENTRY_TYPE_PRECERT:
+        sct->entry_type = entry_type;
+        return 1;
+    default:
+        CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+        return 0;
+    }
+}
+
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = log_id;
+    sct->log_id_len = log_id_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = NULL;
+    sct->log_id_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (log_id != NULL && log_id_len > 0) {
+        sct->log_id = OPENSSL_memdup(log_id, log_id_len);
+        if (sct->log_id == NULL) {
+            CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->log_id_len = log_id_len;
+    }
+    return 1;
+}
+
+
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
+{
+    sct->timestamp = timestamp;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set_signature_nid(SCT *sct, int nid)
+{
+    switch (nid) {
+    case NID_sha256WithRSAEncryption:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_rsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    case NID_ecdsa_with_SHA256:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_ecdsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    default:
+        CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
+        return 0;
+    }
+}
+
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = ext;
+    sct->ext_len = ext_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = NULL;
+    sct->ext_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (ext != NULL && ext_len > 0) {
+        sct->ext = OPENSSL_memdup(ext, ext_len);
+        if (sct->ext == NULL) {
+            CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->ext_len = ext_len;
+    }
+    return 1;
+}
+
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = sig;
+    sct->sig_len = sig_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = NULL;
+    sct->sig_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (sig != NULL && sig_len > 0) {
+        sct->sig = OPENSSL_memdup(sig, sig_len);
+        if (sct->sig == NULL) {
+            CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->sig_len = sig_len;
+    }
+    return 1;
+}
+
+sct_version_t SCT_get_version(const SCT *sct)
+{
+    return sct->version;
+}
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
+{
+    return sct->entry_type;
+}
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
+{
+    *log_id = sct->log_id;
+    return sct->log_id_len;
+}
+
+uint64_t SCT_get_timestamp(const SCT *sct)
+{
+    return sct->timestamp;
+}
+
+int SCT_get_signature_nid(const SCT *sct)
+{
+    if (sct->version == SCT_VERSION_V1) {
+        if (sct->hash_alg == TLSEXT_hash_sha256) {
+            switch (sct->sig_alg) {
+            case TLSEXT_signature_ecdsa:
+                return NID_ecdsa_with_SHA256;
+            case TLSEXT_signature_rsa:
+                return NID_sha256WithRSAEncryption;
+            default:
+                return NID_undef;
+            }
+        }
+    }
+    return NID_undef;
+}
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)
+{
+    *ext = sct->ext;
+    return sct->ext_len;
+}
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)
+{
+    *sig = sct->sig;
+    return sct->sig_len;
+}
+
+int SCT_is_complete(const SCT *sct)
+{
+    switch (sct->version) {
+    case SCT_VERSION_NOT_SET:
+        return 0;
+    case SCT_VERSION_V1:
+        return sct->log_id != NULL && SCT_signature_is_complete(sct);
+    default:
+        return sct->sct != NULL; /* Just need cached encoding */
+    }
+}
+
+int SCT_signature_is_complete(const SCT *sct)
+{
+    return SCT_get_signature_nid(sct) != NID_undef &&
+        sct->sig != NULL && sct->sig_len > 0;
+}
+
+sct_source_t SCT_get_source(const SCT *sct)
+{
+    return sct->source;
+}
+
+int SCT_set_source(SCT *sct, sct_source_t source)
+{
+    sct->source = source;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    switch (source) {
+    case SCT_SOURCE_TLS_EXTENSION:
+    case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
+    case SCT_SOURCE_X509V3_EXTENSION:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
+    default: /* if we aren't sure, leave the log entry type alone */
+        return 1;
+    }
+}
+
+sct_validation_status_t SCT_get_validation_status(const SCT *sct)
+{
+    return sct->validation_status;
+}
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
+{
+    int is_sct_valid = -1;
+    SCT_CTX *sctx = NULL;
+    X509_PUBKEY *pub = NULL, *log_pkey = NULL;
+    const CTLOG *log;
+
+    /*
+     * With an unrecognized SCT version we don't know what such an SCT means,
+     * let alone validate one.  So we return validation failure (0).
+     */
+    if (sct->version != SCT_VERSION_V1) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
+        return 0;
+    }
+
+    log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
+                                     sct->log_id, sct->log_id_len);
+
+    /* Similarly, an SCT from an unknown log also cannot be validated. */
+    if (log == NULL) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
+        return 0;
+    }
+
+    sctx = SCT_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
+        goto err;
+    if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
+        goto err;
+
+    if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
+        EVP_PKEY *issuer_pkey;
+
+        if (ctx->issuer == NULL) {
+            sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+            goto end;
+        }
+
+        issuer_pkey = X509_get0_pubkey(ctx->issuer);
+
+        if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
+            goto err;
+        if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
+            goto err;
+    }
+
+    SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
+
+    /*
+     * XXX: Potential for optimization.  This repeats some idempotent heavy
+     * lifting on the certificate for each candidate SCT, and appears to not
+     * use any information in the SCT itself, only the certificate is
+     * processed.  So it may make more sense to to do this just once, perhaps
+     * associated with the shared (by all SCTs) policy eval ctx.
+     *
+     * XXX: Failure here is global (SCT independent) and represents either an
+     * issue with the certificate (e.g. duplicate extensions) or an out of
+     * memory condition.  When the certificate is incompatible with CT, we just
+     * mark the SCTs invalid, rather than report a failure to determine the
+     * validation status.  That way, callbacks that want to do "soft" SCT
+     * processing will not abort handshakes with false positive internal
+     * errors.  Since the function does not distinguish between certificate
+     * issues (peer's fault) and internal problems (out fault) the safe thing
+     * to do is to report a validation failure and let the callback or
+     * application decide what to do.
+     */
+    if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
+        sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+    else
+        sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
+            SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
+
+end:
+    is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
+err:
+    X509_PUBKEY_free(pub);
+    X509_PUBKEY_free(log_pkey);
+    SCT_CTX_free(sctx);
+
+    return is_sct_valid;
+}
+
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
+{
+    int are_scts_valid = 1;
+    int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        int is_sct_valid = -1;
+        SCT *sct = sk_SCT_value(scts, i);
+
+        if (sct == NULL)
+            continue;
+
+        is_sct_valid = SCT_validate(sct, ctx);
+        if (is_sct_valid < 0)
+            return is_sct_valid;
+        are_scts_valid &= is_sct_valid;
+    }
+
+    return are_scts_valid;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_sct_ctx.c b/openssl-1.1.0h/crypto/ct/ct_sct_ctx.c
new file mode 100644
index 0000000..75a5027
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_sct_ctx.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+SCT_CTX *SCT_CTX_new(void)
+{
+    SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
+
+    if (sctx == NULL)
+        CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return sctx;
+}
+
+void SCT_CTX_free(SCT_CTX *sctx)
+{
+    if (sctx == NULL)
+        return;
+    EVP_PKEY_free(sctx->pkey);
+    OPENSSL_free(sctx->pkeyhash);
+    OPENSSL_free(sctx->ihash);
+    OPENSSL_free(sctx->certder);
+    OPENSSL_free(sctx->preder);
+    OPENSSL_free(sctx);
+}
+
+/*
+ * Finds the index of the first extension with the given NID in cert.
+ * If there is more than one extension with that NID, *is_duplicated is set to
+ * 1, otherwise 0 (unless it is NULL).
+ */
+static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
+{
+    int ret = X509_get_ext_by_NID(cert, nid, -1);
+
+    if (is_duplicated != NULL)
+        *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
+
+    return ret;
+}
+
+/*
+ * Modifies a certificate by deleting extensions and copying the issuer and
+ * AKID from the presigner certificate, if necessary.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
+{
+    int preidx, certidx;
+    int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
+
+    if (presigner == NULL)
+        return 1;
+
+    preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
+                             &pre_akid_ext_is_dup);
+    certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
+                              &cert_akid_ext_is_dup);
+
+    /* An error occurred whilst searching for the extension */
+    if (preidx < -1 || certidx < -1)
+        return 0;
+    /* Invalid certificate if they contain duplicate extensions */
+    if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
+        return 0;
+    /* AKID must be present in both certificate or absent in both */
+    if (preidx >= 0 && certidx == -1)
+        return 0;
+    if (preidx == -1 && certidx >= 0)
+        return 0;
+    /* Copy issuer name */
+    if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
+        return 0;
+    if (preidx != -1) {
+        /* Retrieve and copy AKID encoding */
+        X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
+        X509_EXTENSION *certext = X509_get_ext(cert, certidx);
+        ASN1_OCTET_STRING *preextdata;
+
+        /* Should never happen */
+        if (preext == NULL || certext == NULL)
+            return 0;
+        preextdata = X509_EXTENSION_get_data(preext);
+        if (preextdata == NULL ||
+            !X509_EXTENSION_set_data(certext, preextdata))
+            return 0;
+    }
+    return 1;
+}
+
+int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
+{
+    unsigned char *certder = NULL, *preder = NULL;
+    X509 *pretmp = NULL;
+    int certderlen = 0, prederlen = 0;
+    int idx = -1;
+    int poison_ext_is_dup, sct_ext_is_dup;
+    int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
+
+    /* Duplicate poison extensions are present - error */
+    if (poison_ext_is_dup)
+        goto err;
+
+    /* If *cert doesn't have a poison extension, it isn't a precert */
+    if (poison_idx == -1) {
+        /* cert isn't a precert, so we shouldn't have a presigner */
+        if (presigner != NULL)
+            goto err;
+
+        certderlen = i2d_X509(cert, &certder);
+        if (certderlen < 0)
+            goto err;
+    }
+
+    /* See if cert has a precert SCTs extension */
+    idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
+    /* Duplicate SCT extensions are present - error */
+    if (sct_ext_is_dup)
+        goto err;
+
+    if (idx >= 0 && poison_idx >= 0) {
+        /*
+         * cert can't both contain SCTs (i.e. have an SCT extension) and be a
+         * precert (i.e. have a poison extension).
+         */
+        goto err;
+    }
+
+    if (idx == -1) {
+        idx = poison_idx;
+    }
+
+    /*
+     * If either a poison or SCT extension is present, remove it before encoding
+     * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
+     * RFC5280) from cert, which is what the CT log signed when it produced the
+     * SCT.
+     */
+    if (idx >= 0) {
+        X509_EXTENSION *ext;
+
+        /* Take a copy of certificate so we don't modify passed version */
+        pretmp = X509_dup(cert);
+        if (pretmp == NULL)
+            goto err;
+
+        ext = X509_delete_ext(pretmp, idx);
+        X509_EXTENSION_free(ext);
+
+        if (!ct_x509_cert_fixup(pretmp, presigner))
+            goto err;
+
+        prederlen = i2d_re_X509_tbs(pretmp, &preder);
+        if (prederlen <= 0)
+            goto err;
+    }
+
+    X509_free(pretmp);
+
+    OPENSSL_free(sctx->certder);
+    sctx->certder = certder;
+    sctx->certderlen = certderlen;
+
+    OPENSSL_free(sctx->preder);
+    sctx->preder = preder;
+    sctx->prederlen = prederlen;
+
+    return 1;
+err:
+    OPENSSL_free(certder);
+    OPENSSL_free(preder);
+    X509_free(pretmp);
+    return 0;
+}
+
+__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
+                                     size_t *hash_len)
+{
+    int ret = 0;
+    unsigned char *md = NULL, *der = NULL;
+    int der_len;
+    unsigned int md_len;
+
+    /* Reuse buffer if possible */
+    if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
+        md = *hash;
+    } else {
+        md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
+        if (md == NULL)
+            goto err;
+    }
+
+    /* Calculate key hash */
+    der_len = i2d_X509_PUBKEY(pkey, &der);
+    if (der_len <= 0)
+        goto err;
+
+    if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
+        goto err;
+
+    if (md != *hash) {
+        OPENSSL_free(*hash);
+        *hash = md;
+        *hash_len = SHA256_DIGEST_LENGTH;
+    }
+
+    md = NULL;
+    ret = 1;
+ err:
+    OPENSSL_free(md);
+    OPENSSL_free(der);
+    return ret;
+}
+
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
+{
+    return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
+}
+
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
+}
+
+int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
+
+    if (pkey == NULL)
+        return 0;
+
+    if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    EVP_PKEY_free(sctx->pkey);
+    sctx->pkey = pkey;
+    return 1;
+}
+
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
+{
+    sctx->epoch_time_in_ms = time_in_ms;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_vfy.c b/openssl-1.1.0h/crypto/ct/ct_vfy.c
new file mode 100644
index 0000000..cabcf57
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_vfy.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include "ct_locl.h"
+
+typedef enum sct_signature_type_t {
+    SIGNATURE_TYPE_NOT_SET = -1,
+    SIGNATURE_TYPE_CERT_TIMESTAMP,
+    SIGNATURE_TYPE_TREE_HASH
+} SCT_SIGNATURE_TYPE;
+
+/*
+ * Update encoding for SCT signature verification/generation to supplied
+ * EVP_MD_CTX.
+ */
+static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
+{
+    unsigned char tmpbuf[12];
+    unsigned char *p, *der;
+    size_t derlen;
+    /*+
+     * digitally-signed struct {
+     *   (1 byte) Version sct_version;
+     *   (1 byte) SignatureType signature_type = certificate_timestamp;
+     *   (8 bytes) uint64 timestamp;
+     *   (2 bytes) LogEntryType entry_type;
+     *   (? bytes) select(entry_type) {
+     *     case x509_entry: ASN.1Cert;
+     *     case precert_entry: PreCert;
+     *   } signed_entry;
+     *   (2 bytes + sct->ext_len) CtExtensions extensions;
+     * }
+     */
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
+        return 0;
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
+        return 0;
+
+    p = tmpbuf;
+    *p++ = sct->version;
+    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
+    l2n8(sct->timestamp, p);
+    s2n(sct->entry_type, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
+        return 0;
+
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
+        der = sctx->certder;
+        derlen = sctx->certderlen;
+    } else {
+        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
+            return 0;
+        der = sctx->preder;
+        derlen = sctx->prederlen;
+    }
+
+    /* If no encoding available, fatal error */
+    if (der == NULL)
+        return 0;
+
+    /* Include length first */
+    p = tmpbuf;
+    l2n3(derlen, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
+        return 0;
+    if (!EVP_DigestUpdate(ctx, der, derlen))
+        return 0;
+
+    /* Add any extensions */
+    p = tmpbuf;
+    s2n(sct->ext_len, p);
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
+        return 0;
+
+    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
+        return 0;
+
+    return 1;
+}
+
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
+{
+    EVP_MD_CTX *ctx = NULL;
+    int ret = 0;
+
+    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
+        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
+        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
+        return 0;
+    }
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    if (sct->log_id_len != sctx->pkeyhashlen ||
+        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+        return 0;
+    }
+    if (sct->timestamp > sctx->epoch_time_in_ms) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto end;
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
+        goto end;
+
+    if (!sct_ctx_update(ctx, sctx, sct))
+        goto end;
+
+    /* Verify signature */
+    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
+    /* If ret < 0 some other error: fall through without setting error */
+    if (ret == 0)
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+
+end:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ct/ct_x509v3.c b/openssl-1.1.0h/crypto/ct/ct_x509v3.c
new file mode 100644
index 0000000..ec186d1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ct/ct_x509v3.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include "ct_locl.h"
+
+static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+
+static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+                 BIO *out, int indent)
+{
+    SCT_LIST_print(sct_list, out, indent, "\n", NULL);
+    return 1;
+}
+
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+
+/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+const X509V3_EXT_METHOD v3_ct_scts[3] = {
+    /* X509v3 extension in certificates that contains SCTs */
+    { NID_ct_precert_scts, 0, NULL,
+    NULL, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+
+    /* X509v3 extension to mark a certificate as a pre-certificate */
+    { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+    NULL, NULL, NULL, NULL,
+    i2s_poison, s2i_poison,
+    NULL, NULL,
+    NULL, NULL,
+    NULL },
+
+    /* OCSP extension that contains SCTs */
+    { NID_ct_cert_scts, 0, NULL,
+    0, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+};
diff --git a/openssl-1.1.0h/crypto/cversion.c b/openssl-1.1.0h/crypto/cversion.c
new file mode 100644
index 0000000..96d8a5b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/cversion.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef NO_WINDOWS_BRAINDEATH
+# include "buildinf.h"
+#endif
+
+unsigned long OpenSSL_version_num(void)
+{
+    return OPENSSL_VERSION_NUMBER;
+}
+
+const char *OpenSSL_version(int t)
+{
+    if (t == OPENSSL_VERSION)
+        return OPENSSL_VERSION_TEXT;
+    if (t == OPENSSL_BUILT_ON) {
+#ifdef DATE
+# ifdef OPENSSL_USE_BUILD_DATE
+        return (DATE);
+# else
+        return ("built on: reproducible build, date unspecified");
+# endif
+#else
+        return ("built on: date not available");
+#endif
+    }
+    if (t == OPENSSL_CFLAGS) {
+#ifdef CFLAGS
+        return (CFLAGS);
+#else
+        return ("compiler: information not available");
+#endif
+    }
+    if (t == OPENSSL_PLATFORM) {
+#ifdef PLATFORM
+        return (PLATFORM);
+#else
+        return ("platform: information not available");
+#endif
+    }
+    if (t == OPENSSL_DIR) {
+#ifdef OPENSSLDIR
+        return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+        return "OPENSSLDIR: N/A";
+#endif
+    }
+    if (t == OPENSSL_ENGINES_DIR) {
+#ifdef ENGINESDIR
+        return "ENGINESDIR: \"" ENGINESDIR "\"";
+#else
+        return "ENGINESDIR: N/A";
+#endif
+    }
+    return ("not available");
+}
diff --git a/openssl-1.1.0h/crypto/des/asm/crypt586.pl b/openssl-1.1.0h/crypto/des/asm/crypt586.pl
new file mode 100644
index 0000000..d5911a1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/asm/crypt586.pl
@@ -0,0 +1,217 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"crypt586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("DES_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+
+close STDOUT;
+
+sub fcrypt_body
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name);
+
+	&comment("");
+	&comment("Load the 2 words");
+	$trans="ebp";
+
+	&xor(	$L,	$L);
+	&xor(	$R,	$R);
+
+	# PIC-ification:-)
+	&picmeup("edx","DES_SPtrans");
+	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+	#else		{ &lea("edx",&DWP("DES_SPtrans")); }
+	&push("edx");	# becomes &swtmp(1)
+	#
+	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+
+	&push(&DWC(25)); # add a variable
+
+	&set_label("start");
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
+		}
+	 &mov("ebx",	&swtmp(0));
+	&mov("eax",	$L);
+	 &dec("ebx");
+	&mov($L,	$R);
+	 &mov($R,	"eax");
+	&mov(&swtmp(0),	"ebx");
+	 &jnz(&label("start"));
+
+	&comment("");
+	&comment("FP");
+	&mov("edx",&wparam(0));
+
+	&FP_new($R,$L,"eax",3);
+	&mov(&DWP(0,"edx","",0),"eax");
+	&mov(&DWP(4,"edx","",0),$L);
+
+	&add("esp",8);	# remove variables
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&wparam(2));			# 2
+	&mov(	$t,		$R);
+	&shr(	$t,		16);				# 1
+	&mov(	$tmp2,		&wparam(3));			# 2
+	&xor(	$t,		$R);				# 1
+
+	&and(	$u,		$t);				# 2
+	&and(	$t,		$tmp2);				# 2
+
+	&mov(	$tmp1,		$u);
+	&shl(	$tmp1,		16); 				# 1
+	&mov(	$tmp2,		$t);
+	&shl(	$tmp2,		16); 				# 1
+	&xor(	$u,		$tmp1);				# 2
+	&xor(	$t,		$tmp2);				# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$trans,"",0));	# 2
+	&xor(	$u,		$tmp1);
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$trans,"",0));	# 2
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&xor(	$t,		$tmp2);
+
+	&and(	$u,		"0xfcfcfcfc"	);		# 2
+	&xor(	$tmp1,		$tmp1);				# 1
+	&and(	$t,		"0xcfcfcfcf"	);		# 2
+	&xor(	$tmp2,		$tmp2);	
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$trans,		&swtmp(1));
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600",$trans,$tmp1,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700",$trans,$tmp2,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400",$trans,$u,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500",$trans,$t,0));
+	&xor(	$L,		$tmp1);
+	&mov(	$trans,		&wparam(1));
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/openssl-1.1.0h/crypto/des/asm/des-586.pl b/openssl-1.1.0h/crypto/des/asm/des-586.pl
new file mode 100644
index 0000000..3d7c7f1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/asm/des-586.pl
@@ -0,0 +1,465 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"des-586.pl");
+
+$L="edi";
+$R="esi";
+$trans="ebp";
+$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
+# one can discuss setting this variable to 1 unconditionally, as
+# the folded loop is only 3% slower than unrolled, but >7 times smaller
+
+&public_label("DES_SPtrans");
+&static_label("des_sptrans");
+
+&DES_encrypt_internal();
+&DES_decrypt_internal();
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
+&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+&DES_SPtrans();
+
+&asm_finish();
+
+close STDOUT;
+
+sub DES_encrypt_internal()
+	{
+	&function_begin_B("_x86_DES_encrypt");
+
+	if ($small_footprint)
+	    {
+	    &lea("edx",&DWP(128,"ecx"));
+	    &push("edx");
+	    &push("ecx");
+	    &set_label("eloop");
+		&D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&add("ecx",16);
+		&cmp("ecx",&swtmp(1));
+		&mov(&swtmp(0),"ecx");
+		&jb(&label("eloop"));
+	    &add("esp",8);
+	    }
+	else
+	    {
+	    &push("ecx");
+	    for ($i=0; $i<16; $i+=2)
+		{
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		}
+	    &add("esp",4);
+	}
+	&ret();
+
+	&function_end_B("_x86_DES_encrypt");
+	}
+	
+sub DES_decrypt_internal()
+	{
+	&function_begin_B("_x86_DES_decrypt");
+
+	if ($small_footprint)
+	    {
+	    &push("ecx");
+	    &lea("ecx",&DWP(128,"ecx"));
+	    &push("ecx");
+	    &set_label("dloop");
+		&D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("");
+		&sub("ecx",16);
+		&cmp("ecx",&swtmp(1));
+		&mov(&swtmp(0),"ecx");
+		&ja(&label("dloop"));
+	    &add("esp",8);
+	    }
+	else
+	    {
+	    &push("ecx");
+	    for ($i=15; $i>0; $i-=2)
+		{
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+		}
+	    &add("esp",4);
+	    }
+	&ret();
+
+	&function_end_B("_x86_DES_decrypt");
+	}
+	
+sub DES_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin_B($name);
+
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	&comment("Load the 2 words");
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	# PIC-ification:-)
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop($trans);
+	&lea	($trans,&DWP(&label("des_sptrans")."-".&label("pic_point"),$trans));
+
+	&mov(	"ecx",	&wparam(1)	);
+
+	&cmp("ebx","0");
+	&je(&label("decrypt"));
+	&call("_x86_DES_encrypt");
+	&jmp(&label("done"));
+	&set_label("decrypt");
+	&call("_x86_DES_decrypt");
+	&set_label("done");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+	&pop("ebp");
+	&pop("ebx");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+
+	&function_end_B($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
+
+	 &mov(	$u,		&DWP(&n2a($S*4),$tmp2,"",0));
+	&xor(	$tmp1,		$tmp1);
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$tmp2,"",0));
+	&xor(	$u,		$R);
+	&xor(	$tmp2,		$tmp2);
+	 &xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	 &movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	 &xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
+	 &movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	 &xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	 &and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	 &xor(	$L,		&DWP("0x600",$trans,$tmp1,0));
+	 &xor(	$L,		&DWP("0x700",$trans,$tmp2,0));
+	&mov(	$tmp2,		$wp1	);
+	 &xor(	$L,		&DWP("0x400",$trans,$u,0));
+	 &xor(	$L,		&DWP("0x500",$trans,$t,0));
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
+	if (!$last eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
+sub DES_SPtrans
+	{
+	&set_label("DES_SPtrans",64);
+	&set_label("des_sptrans");
+	&data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
+	&data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
+	&data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
+	&data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
+	&data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
+	&data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
+	&data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
+	&data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
+	&data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
+	&data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
+	&data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
+	&data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
+	&data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
+	&data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
+	&data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
+	&data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
+	# nibble 1
+	&data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
+	&data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
+	&data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
+	&data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
+	&data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
+	&data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
+	&data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
+	&data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
+	&data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
+	&data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
+	&data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
+	&data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
+	&data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
+	&data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
+	&data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
+	&data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
+	# nibble 2
+	&data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
+	&data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
+	&data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
+	&data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
+	&data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
+	&data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
+	&data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
+	&data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
+	&data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
+	&data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
+	&data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
+	&data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
+	&data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
+	&data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
+	&data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
+	&data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
+	# nibble 3
+	&data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
+	&data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
+	&data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
+	&data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
+	&data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
+	&data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
+	&data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
+	&data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
+	&data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
+	&data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
+	&data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
+	&data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
+	&data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
+	&data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
+	&data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
+	&data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
+	# nibble 4
+	&data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
+	&data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
+	&data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
+	&data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
+	&data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
+	&data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
+	&data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
+	&data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
+	&data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
+	&data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
+	&data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
+	&data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
+	&data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
+	&data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
+	&data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
+	&data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
+	# nibble 5
+	&data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
+	&data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
+	&data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
+	&data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
+	&data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
+	&data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
+	&data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
+	&data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
+	&data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
+	&data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
+	&data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
+	&data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
+	&data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
+	&data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
+	&data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
+	&data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
+	# nibble 6
+	&data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
+	&data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
+	&data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
+	&data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
+	&data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
+	&data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
+	&data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
+	&data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
+	&data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
+	&data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
+	&data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
+	&data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
+	&data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
+	&data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
+	&data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
+	&data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
+	# nibble 7
+	&data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
+	&data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
+	&data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
+	&data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
+	&data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
+	&data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
+	&data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
+	&data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
+	&data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
+	&data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
+	&data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
+	&data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
+	&data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
+	&data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
+	&data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
+	&data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
+	}
diff --git a/openssl-1.1.0h/crypto/des/asm/des_enc.m4 b/openssl-1.1.0h/crypto/des/asm/des_enc.m4
new file mode 100644
index 0000000..2d794d3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/asm/des_enc.m4
@@ -0,0 +1,1972 @@
+! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+!
+! Licensed under the OpenSSL license (the "License").  You may not use
+! this file except in compliance with the License.  You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
+!
+!  To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
+!
+!  Global registers 1 to 5 are used. This is the same as done by the
+!  cc compiler. The UltraSPARC load/store little endian feature is used.
+!
+!  Instruction grouping often refers to one CPU cycle.
+!
+!  Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S
+!
+!  Assemble through cc:  cc -c -xarch=v8plusa -o des_enc.o des_enc.S
+!
+!  Performance improvement according to './apps/openssl speed des'
+!
+!	32-bit build:
+!		23%  faster than cc-5.2 -xarch=v8plus -xO5
+!		115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5
+!	64-bit build:
+!		50%  faster than cc-5.2 -xarch=v9 -xO5
+!		100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5
+!
+
+.ident "des_enc.m4 2.1"
+.file  "des_enc-sparc.S"
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPSCANISTER
+#include <openssl/fipssyms.h>
+#endif
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+# define ABI64  /* They've said -xarch=v9 at command line */
+#elif defined(__GNUC__) && defined(__arch64__)
+# define ABI64  /* They've said -m64 at command line */
+#endif
+
+#ifdef ABI64
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+# define	BIAS	2047
+# define	LDPTR	ldx
+# define	STPTR	stx
+# define	ARG0	128
+# define	ARGSZ	8
+#else
+# define	FRAME	-96
+# define	BIAS	0
+# define	LDPTR	ld
+# define	STPTR	st
+# define	ARG0	68
+# define	ARGSZ	4
+#endif
+
+#define LOOPS 7
+
+#define global0 %g0
+#define global1 %g1
+#define global2 %g2
+#define global3 %g3
+#define global4 %g4
+#define global5 %g5
+
+#define local0 %l0
+#define local1 %l1
+#define local2 %l2
+#define local3 %l3
+#define local4 %l4
+#define local5 %l5
+#define local7 %l6
+#define local6 %l7
+
+#define in0 %i0
+#define in1 %i1
+#define in2 %i2
+#define in3 %i3
+#define in4 %i4
+#define in5 %i5
+#define in6 %i6
+#define in7 %i7
+
+#define out0 %o0
+#define out1 %o1
+#define out2 %o2
+#define out3 %o3
+#define out4 %o4
+#define out5 %o5
+#define out6 %o6
+#define out7 %o7
+
+#define stub stb
+
+changequote({,})
+
+
+! Macro definitions:
+
+
+! {ip_macro}
+!
+! The logic used in initial and final permutations is the same as in
+! the C code. The permutations are done with a clever shift, xor, and
+! technique.
+!
+! The macro also loads address sbox 1 to 5 to global 1 to 5, address
+! sbox 6 to local6, and addres sbox 8 to out3.
+!
+! Rotates the halfs 3 left to bring the sbox bits in convenient positions.
+!
+! Loads key first round from address in parameter 5 to out0, out1.
+!
+! After the the original LibDES initial permutation, the resulting left
+! is in the variable initially used for right and vice versa. The macro
+! implements the possibility to keep the halfs in the original registers.
+!
+! parameter 1  left
+! parameter 2  right
+! parameter 3  result left (modify in first round)
+! parameter 4  result right (use in first round)
+! parameter 5  key address
+! parameter 6  1/2 for include encryption/decryption
+! parameter 7  1 for move in1 to in3
+! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+define(ip_macro, {
+
+! {ip_macro}
+! $1 $2 $4 $3 $5 $6 $7 $8 $9
+
+	ld	[out2+256], local1
+	srl	$2, 4, local4
+
+	xor	local4, $1, local4
+	ifelse($7,1,{mov in1, in3},{nop})
+
+	ld	[out2+260], local2
+	and	local4, local1, local4
+	ifelse($8,1,{mov in3, in4},{})
+	ifelse($8,2,{mov in4, in3},{})
+
+	ld	[out2+280], out4          ! loop counter
+	sll	local4, 4, local1
+	xor	$1, local4, $1
+
+	ld	[out2+264], local3
+	srl	$1, 16, local4
+	xor	$2, local1, $2
+
+	ifelse($9,1,{LDPTR	KS3, in4},{})
+	xor	local4, $2, local4
+	nop	!sethi	%hi(DES_SPtrans), global1 ! sbox addr
+
+	ifelse($9,1,{LDPTR	KS2, in3},{})
+	and	local4, local2, local4
+	nop	!or	global1, %lo(DES_SPtrans), global1   ! sbox addr
+
+	sll	local4, 16, local1
+	xor	$2, local4, $2
+
+	srl	$2, 2, local4
+	xor	$1, local1, $1
+
+	sethi	%hi(16711680), local5
+	xor	local4, $1, local4
+
+	and	local4, local3, local4
+	or	local5, 255, local5
+
+	sll	local4, 2, local2
+	xor	$1, local4, $1
+
+	srl	$1, 8, local4
+	xor	$2, local2, $2
+
+	xor	local4, $2, local4
+	add	global1, 768, global4
+
+	and	local4, local5, local4
+	add	global1, 1024, global5
+
+	ld	[out2+272], local7
+	sll	local4, 8, local1
+	xor	$2, local4, $2
+
+	srl	$2, 1, local4
+	xor	$1, local1, $1
+
+	ld	[$5], out0                ! key 7531
+	xor	local4, $1, local4
+	add	global1, 256, global2
+
+	ld	[$5+4], out1              ! key 8642
+	and	local4, local7, local4
+	add	global1, 512, global3
+
+	sll	local4, 1, local1
+	xor	$1, local4, $1
+
+	sll	$1, 3, local3
+	xor	$2, local1, $2
+
+	sll	$2, 3, local2
+	add	global1, 1280, local6     ! address sbox 8
+
+	srl	$1, 29, local4
+	add	global1, 1792, out3       ! address sbox 8
+
+	srl	$2, 29, local1
+	or	local4, local3, $4
+
+	or	local2, local1, $3
+
+	ifelse($6, 1, {
+
+		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
+		or	local2, local1, $3
+		xor	$4, out0, local1
+
+		call .des_enc.1
+		and	local1, 252, local1
+
+	},{})
+
+	ifelse($6, 2, {
+
+		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
+		or	local2, local1, $3
+		xor	$4, out0, local1
+
+		call .des_dec.1
+		and	local1, 252, local1
+
+	},{})
+})
+
+
+! {rounds_macro}
+!
+! The logic used in the DES rounds is the same as in the C code,
+! except that calculations for sbox 1 and sbox 5 begin before
+! the previous round is finished.
+!
+! In each round one half (work) is modified based on key and the
+! other half (use).
+!
+! In this version we do two rounds in a loop repeated 7 times
+! and two rounds separately.
+!
+! One half has the bits for the sboxes in the following positions:
+!
+!	777777xx555555xx333333xx111111xx
+!
+!	88xx666666xx444444xx222222xx8888
+!
+! The bits for each sbox are xor-ed with the key bits for that box.
+! The above xx bits are cleared, and the result used for lookup in
+! the sbox table. Each sbox entry contains the 4 output bits permuted
+! into 32 bits according to the P permutation.
+!
+! In the description of DES, left and right are switched after
+! each round, except after last round. In this code the original
+! left and right are kept in the same register in all rounds, meaning
+! that after the 16 rounds the result for right is in the register
+! originally used for left.
+!
+! parameter 1  first work (left in first round)
+! parameter 2  first use (right in first round)
+! parameter 3  enc/dec  1/-1
+! parameter 4  loop label
+! parameter 5  key address register
+! parameter 6  optional address for key next encryption/decryption
+! parameter 7  not empty for include retl
+!
+! also compares in2 to 8
+
+define(rounds_macro, {
+
+! {rounds_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	xor	$2, out0, local1
+
+	ld	[out2+284], local5        ! 0x0000FC00
+	ba	$4
+	and	local1, 252, local1
+
+	.align 32
+
+$4:
+	! local6 is address sbox 6
+	! out3   is address sbox 8
+	! out4   is loop counter
+
+	ld	[global1+local1], local1
+	xor	$2, out1, out1            ! 8642
+	xor	$2, out0, out0            ! 7531
+	! fmovs	%f0, %f0                  ! fxor used for alignment
+
+	srl	out1, 4, local0           ! rotate 4 right
+	and	out0, local5, local3      ! 3
+	! fmovs	%f0, %f0
+
+	ld	[$5+$3*8], local7         ! key 7531 next round
+	srl	local3, 8, local3         ! 3
+	and	local0, 252, local2       ! 2
+	! fmovs	%f0, %f0
+
+	ld	[global3+local3],local3   ! 3
+	sll	out1, 28, out1            ! rotate
+	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
+
+	ld	[global2+local2], local2  ! 2 
+	srl	out0, 24, local1          ! 7
+	or	out1, local0, out1        ! rotate
+
+	ldub	[out2+local1], local1     ! 7 (and 0xFC)
+	srl	out1, 24, local0          ! 8
+	and	out1, local5, local4      ! 4
+
+	ldub	[out2+local0], local0     ! 8 (and 0xFC)
+	srl	local4, 8, local4         ! 4
+	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
+
+	ld	[global4+local4],local4   ! 4
+	srl	out1, 16, local2          ! 6
+	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
+
+	ld	[out3+local0],local0      ! 8
+	and	local2, 252, local2       ! 6
+	add	global1, 1536, local5     ! address sbox 7
+
+	ld	[local6+local2], local2   ! 6
+	srl	out0, 16, local3          ! 5
+	xor	$1, local4, $1            ! 4 finished
+
+	ld	[local5+local1],local1    ! 7
+	and	local3, 252, local3       ! 5
+	xor	$1, local0, $1            ! 8 finished
+
+	ld	[global5+local3],local3   ! 5
+	xor	$1, local2, $1            ! 6 finished
+	subcc	out4, 1, out4
+
+	ld	[$5+$3*8+4], out0         ! key 8642 next round
+	xor	$1, local7, local2        ! sbox 5 next round
+	xor	$1, local1, $1            ! 7 finished
+
+	srl	local2, 16, local2        ! sbox 5 next round
+	xor	$1, local3, $1            ! 5 finished
+
+	ld	[$5+$3*16+4], out1        ! key 8642 next round again
+	and	local2, 252, local2       ! sbox5 next round
+! next round
+	xor	$1, local7, local7        ! 7531
+
+	ld	[global5+local2], local2  ! 5
+	srl	local7, 24, local3        ! 7
+	xor	$1, out0, out0            ! 8642
+
+	ldub	[out2+local3], local3     ! 7 (and 0xFC)
+	srl	out0, 4, local0           ! rotate 4 right
+	and	local7, 252, local1       ! 1
+
+	sll	out0, 28, out0            ! rotate
+	xor	$2, local2, $2            ! 5 finished local2 used
+
+	srl	local0, 8, local4         ! 4
+	and	local0, 252, local2       ! 2
+	ld	[local5+local3], local3   ! 7
+
+	srl	local0, 16, local5        ! 6
+	or	out0, local0, out0        ! rotate
+	ld	[global2+local2], local2  ! 2
+
+	srl	out0, 24, local0
+	ld	[$5+$3*16], out0          ! key 7531 next round
+	and	local4, 252, local4	  ! 4
+
+	and	local5, 252, local5       ! 6
+	ld	[global4+local4], local4  ! 4
+	xor	$2, local3, $2            ! 7 finished local3 used
+
+	and	local0, 252, local0       ! 8
+	ld	[local6+local5], local5   ! 6
+	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
+
+	srl	local7, 8, local2         ! 3 start
+	ld	[out3+local0], local0     ! 8
+	xor	$2, local4, $2            ! 4 finished
+
+	and	local2, 252, local2       ! 3
+	ld	[global1+local1], local1  ! 1
+	xor	$2, local5, $2            ! 6 finished local5 used
+
+	ld	[global3+local2], local2  ! 3
+	xor	$2, local0, $2            ! 8 finished
+	add	$5, $3*16, $5             ! enc add 8, dec add -8 to key pointer
+
+	ld	[out2+284], local5        ! 0x0000FC00
+	xor	$2, out0, local4          ! sbox 1 next round
+	xor	$2, local1, $2            ! 1 finished
+
+	xor	$2, local2, $2            ! 3 finished
+	bne	$4
+	and	local4, 252, local1       ! sbox 1 next round
+
+! two rounds more:
+
+	ld	[global1+local1], local1
+	xor	$2, out1, out1
+	xor	$2, out0, out0
+
+	srl	out1, 4, local0           ! rotate
+	and	out0, local5, local3
+
+	ld	[$5+$3*8], local7         ! key 7531
+	srl	local3, 8, local3
+	and	local0, 252, local2
+
+	ld	[global3+local3],local3
+	sll	out1, 28, out1            ! rotate
+	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
+
+	ld	[global2+local2], local2
+	srl	out0, 24, local1
+	or	out1, local0, out1        ! rotate
+
+	ldub	[out2+local1], local1
+	srl	out1, 24, local0
+	and	out1, local5, local4
+
+	ldub	[out2+local0], local0
+	srl	local4, 8, local4
+	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
+
+	ld	[global4+local4],local4
+	srl	out1, 16, local2
+	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
+
+	ld	[out3+local0],local0
+	and	local2, 252, local2
+	add	global1, 1536, local5     ! address sbox 7
+
+	ld	[local6+local2], local2
+	srl	out0, 16, local3
+	xor	$1, local4, $1            ! 4 finished
+
+	ld	[local5+local1],local1
+	and	local3, 252, local3
+	xor	$1, local0, $1
+
+	ld	[global5+local3],local3
+	xor	$1, local2, $1            ! 6 finished
+	cmp	in2, 8
+
+	ifelse($6,{}, {}, {ld	[out2+280], out4})  ! loop counter
+	xor	$1, local7, local2        ! sbox 5 next round
+	xor	$1, local1, $1            ! 7 finished
+
+	ld	[$5+$3*8+4], out0
+	srl	local2, 16, local2        ! sbox 5 next round
+	xor	$1, local3, $1            ! 5 finished
+
+	and	local2, 252, local2
+! next round (two rounds more)
+	xor	$1, local7, local7        ! 7531
+
+	ld	[global5+local2], local2
+	srl	local7, 24, local3
+	xor	$1, out0, out0            ! 8642
+
+	ldub	[out2+local3], local3
+	srl	out0, 4, local0           ! rotate
+	and	local7, 252, local1
+
+	sll	out0, 28, out0            ! rotate
+	xor	$2, local2, $2            ! 5 finished local2 used
+
+	srl	local0, 8, local4
+	and	local0, 252, local2
+	ld	[local5+local3], local3
+
+	srl	local0, 16, local5
+	or	out0, local0, out0        ! rotate
+	ld	[global2+local2], local2
+
+	srl	out0, 24, local0
+	ifelse($6,{}, {}, {ld	[$6], out0})   ! key next encryption/decryption
+	and	local4, 252, local4
+
+	and	local5, 252, local5
+	ld	[global4+local4], local4
+	xor	$2, local3, $2            ! 7 finished local3 used
+
+	and	local0, 252, local0
+	ld	[local6+local5], local5
+	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
+
+	srl	local7, 8, local2         ! 3 start
+	ld	[out3+local0], local0
+	xor	$2, local4, $2
+
+	and	local2, 252, local2
+	ld	[global1+local1], local1
+	xor	$2, local5, $2            ! 6 finished local5 used
+
+	ld	[global3+local2], local2
+	srl	$1, 3, local3
+	xor	$2, local0, $2
+
+	ifelse($6,{}, {}, {ld	[$6+4], out1}) ! key next encryption/decryption
+	sll	$1, 29, local4
+	xor	$2, local1, $2
+
+	ifelse($7,{}, {}, {retl})
+	xor	$2, local2, $2
+})
+
+
+! {fp_macro}
+!
+!  parameter 1   right (original left)
+!  parameter 2   left (original right)
+!  parameter 3   1 for optional store to [in0]
+!  parameter 4   1 for load input/output address to local5/7
+!
+!  The final permutation logic switches the halfes, meaning that
+!  left and right ends up the the registers originally used.
+
+define(fp_macro, {
+
+! {fp_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! initially undo the rotate 3 left done after initial permutation
+	! original left is received shifted 3 right and 29 left in local3/4
+
+	sll	$2, 29, local1
+	or	local3, local4, $1
+
+	srl	$2, 3, $2
+	sethi	%hi(0x55555555), local2
+
+	or	$2, local1, $2
+	or	local2, %lo(0x55555555), local2
+
+	srl	$2, 1, local3
+	sethi	%hi(0x00ff00ff), local1
+	xor	local3, $1, local3
+	or	local1, %lo(0x00ff00ff), local1
+	and	local3, local2, local3
+	sethi	%hi(0x33333333), local4
+	sll	local3, 1, local2
+
+	xor	$1, local3, $1
+
+	srl	$1, 8, local3
+	xor	$2, local2, $2
+	xor	local3, $2, local3
+	or	local4, %lo(0x33333333), local4
+	and	local3, local1, local3
+	sethi	%hi(0x0000ffff), local1
+	sll	local3, 8, local2
+
+	xor	$2, local3, $2
+
+	srl	$2, 2, local3
+	xor	$1, local2, $1
+	xor	local3, $1, local3
+	or	local1, %lo(0x0000ffff), local1
+	and	local3, local4, local3
+	sethi	%hi(0x0f0f0f0f), local4
+	sll	local3, 2, local2
+
+	ifelse($4,1, {LDPTR INPUT, local5})
+	xor	$1, local3, $1
+
+	ifelse($4,1, {LDPTR OUTPUT, local7})
+	srl	$1, 16, local3
+	xor	$2, local2, $2
+	xor	local3, $2, local3
+	or	local4, %lo(0x0f0f0f0f), local4
+	and	local3, local1, local3
+	sll	local3, 16, local2
+
+	xor	$2, local3, local1
+
+	srl	local1, 4, local3
+	xor	$1, local2, $1
+	xor	local3, $1, local3
+	and	local3, local4, local3
+	sll	local3, 4, local2
+
+	xor	$1, local3, $1
+
+	! optional store:
+
+	ifelse($3,1, {st $1, [in0]})
+
+	xor	local1, local2, $2
+
+	ifelse($3,1, {st $2, [in0+4]})
+
+})
+
+
+! {fp_ip_macro}
+!
+! Does initial permutation for next block mixed with
+! final permutation for current block.
+!
+! parameter 1   original left
+! parameter 2   original right
+! parameter 3   left ip
+! parameter 4   right ip
+! parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+!                2: mov in4 to in3
+!
+! also adds -8 to length in2 and loads loop counter to out4
+
+define(fp_ip_macro, {
+
+! {fp_ip_macro}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	define({temp1},{out4})
+	define({temp2},{local3})
+
+	define({ip1},{local1})
+	define({ip2},{local2})
+	define({ip4},{local4})
+	define({ip5},{local5})
+
+	! $1 in local3, local4
+
+	ld	[out2+256], ip1
+	sll	out5, 29, temp1
+	or	local3, local4, $1
+
+	srl	out5, 3, $2
+	ifelse($5,2,{mov in4, in3})
+
+	ld	[out2+272], ip5
+	srl	$4, 4, local0
+	or	$2, temp1, $2
+
+	srl	$2, 1, temp1
+	xor	temp1, $1, temp1
+
+	and	temp1, ip5, temp1
+	xor	local0, $3, local0
+
+	sll	temp1, 1, temp2
+	xor	$1, temp1, $1
+
+	and	local0, ip1, local0
+	add	in2, -8, in2
+
+	sll	local0, 4, local7
+	xor	$3, local0, $3
+
+	ld	[out2+268], ip4
+	srl	$1, 8, temp1
+	xor	$2, temp2, $2
+	ld	[out2+260], ip2
+	srl	$3, 16, local0
+	xor	$4, local7, $4
+	xor	temp1, $2, temp1
+	xor	local0, $4, local0
+	and	temp1, ip4, temp1
+	and	local0, ip2, local0
+	sll	temp1, 8, temp2
+	xor	$2, temp1, $2
+	sll	local0, 16, local7
+	xor	$4, local0, $4
+
+	srl	$2, 2, temp1
+	xor	$1, temp2, $1
+
+	ld	[out2+264], temp2         ! ip3
+	srl	$4, 2, local0
+	xor	$3, local7, $3
+	xor	temp1, $1, temp1
+	xor	local0, $3, local0
+	and	temp1, temp2, temp1
+	and	local0, temp2, local0
+	sll	temp1, 2, temp2
+	xor	$1, temp1, $1
+	sll	local0, 2, local7
+	xor	$3, local0, $3
+
+	srl	$1, 16, temp1
+	xor	$2, temp2, $2
+	srl	$3, 8, local0
+	xor	$4, local7, $4
+	xor	temp1, $2, temp1
+	xor	local0, $4, local0
+	and	temp1, ip2, temp1
+	and	local0, ip4, local0
+	sll	temp1, 16, temp2
+	xor	$2, temp1, local4
+	sll	local0, 8, local7
+	xor	$4, local0, $4
+
+	srl	$4, 1, local0
+	xor	$3, local7, $3
+
+	srl	local4, 4, temp1
+	xor	local0, $3, local0
+
+	xor	$1, temp2, $1
+	and	local0, ip5, local0
+
+	sll	local0, 1, local7
+	xor	temp1, $1, temp1
+
+	xor	$3, local0, $3
+	xor	$4, local7, $4
+
+	sll	$3, 3, local5
+	and	temp1, ip1, temp1
+
+	sll	temp1, 4, temp2
+	xor	$1, temp1, $1
+
+	ifelse($5,1,{LDPTR	KS2, in4})
+	sll	$4, 3, local2
+	xor	local4, temp2, $2
+
+	! reload since used as temporar:
+
+	ld	[out2+280], out4          ! loop counter
+
+	srl	$3, 29, local0
+	ifelse($5,1,{add in4, 120, in4})
+
+	ifelse($5,1,{LDPTR	KS1, in3})
+	srl	$4, 29, local7
+
+	or	local0, local5, $4
+	or	local2, local7, $3
+
+})
+
+
+
+! {load_little_endian}
+!
+! parameter 1  address
+! parameter 2  destination left
+! parameter 3  destination right
+! parameter 4  temporar
+! parameter 5  label
+
+define(load_little_endian, {
+
+! {load_little_endian}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! first in memory to rightmost in register
+
+$5:
+	ldub	[$1+3], $2
+
+	ldub	[$1+2], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+1], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+0], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+
+	ldub	[$1+3+4], $3
+
+	ldub	[$1+2+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+1+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+0+4], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+$5a:
+
+})
+
+
+! {load_little_endian_inc}
+!
+! parameter 1  address
+! parameter 2  destination left
+! parameter 3  destination right
+! parameter 4  temporar
+! parameter 4  label
+!
+! adds 8 to address
+
+define(load_little_endian_inc, {
+
+! {load_little_endian_inc}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! first in memory to rightmost in register
+
+$5:
+	ldub	[$1+3], $2
+
+	ldub	[$1+2], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+1], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+0], $4
+	sll	$2, 8, $2
+	or	$2, $4, $2
+
+	ldub	[$1+3+4], $3
+	add	$1, 8, $1
+
+	ldub	[$1+2+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+1+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+
+	ldub	[$1+0+4-8], $4
+	sll	$3, 8, $3
+	or	$3, $4, $3
+$5a:
+
+})
+
+
+! {load_n_bytes}
+!
+! Loads 1 to 7 bytes little endian
+! Remaining bytes are zeroed.
+!
+! parameter 1  address
+! parameter 2  length
+! parameter 3  destination register left
+! parameter 4  destination register right
+! parameter 5  temp
+! parameter 6  temp2
+! parameter 7  label
+! parameter 8  return label
+
+define(load_n_bytes, {
+
+! {load_n_bytes}
+! $1 $2 $5 $6 $7 $8 $7 $8 $9
+
+$7.0:	call	.+8
+	sll	$2, 2, $6
+
+	add	%o7,$7.jmp.table-$7.0,$5
+
+	add	$5, $6, $5
+	mov	0, $4
+
+	ld	[$5], $5
+
+	jmp	%o7+$5
+	mov	0, $3
+
+$7.7:
+	ldub	[$1+6], $5
+	sll	$5, 16, $5
+	or	$3, $5, $3
+$7.6:
+	ldub	[$1+5], $5
+	sll	$5, 8, $5
+	or	$3, $5, $3
+$7.5:
+	ldub	[$1+4], $5
+	or	$3, $5, $3
+$7.4:
+	ldub	[$1+3], $5
+	sll	$5, 24, $5
+	or	$4, $5, $4
+$7.3:
+	ldub	[$1+2], $5
+	sll	$5, 16, $5
+	or	$4, $5, $4
+$7.2:
+	ldub	[$1+1], $5
+	sll	$5, 8, $5
+	or	$4, $5, $4
+$7.1:
+	ldub	[$1+0], $5
+	ba	$8
+	or	$4, $5, $4
+
+	.align 4
+
+$7.jmp.table:
+	.word	0
+	.word	$7.1-$7.0
+	.word	$7.2-$7.0
+	.word	$7.3-$7.0
+	.word	$7.4-$7.0
+	.word	$7.5-$7.0
+	.word	$7.6-$7.0
+	.word	$7.7-$7.0
+})
+
+
+! {store_little_endian}
+!
+! parameter 1  address
+! parameter 2  source left
+! parameter 3  source right
+! parameter 4  temporar
+
+define(store_little_endian, {
+
+! {store_little_endian}
+! $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+	! rightmost in register to first in memory
+
+$5:
+	and	$2, 255, $4
+	stub	$4, [$1+0]
+
+	srl	$2, 8, $4
+	and	$4, 255, $4
+	stub	$4, [$1+1]
+
+	srl	$2, 16, $4
+	and	$4, 255, $4
+	stub	$4, [$1+2]
+
+	srl	$2, 24, $4
+	stub	$4, [$1+3]
+
+
+	and	$3, 255, $4
+	stub	$4, [$1+0+4]
+
+	srl	$3, 8, $4
+	and	$4, 255, $4
+	stub	$4, [$1+1+4]
+
+	srl	$3, 16, $4
+	and	$4, 255, $4
+	stub	$4, [$1+2+4]
+
+	srl	$3, 24, $4
+	stub	$4, [$1+3+4]
+
+$5a:
+
+})
+
+
+! {store_n_bytes}
+!
+! Stores 1 to 7 bytes little endian
+!
+! parameter 1  address
+! parameter 2  length
+! parameter 3  source register left
+! parameter 4  source register right
+! parameter 5  temp
+! parameter 6  temp2
+! parameter 7  label
+! parameter 8  return label
+
+define(store_n_bytes, {
+
+! {store_n_bytes}
+! $1 $2 $5 $6 $7 $8 $7 $8 $9
+
+$7.0:	call	.+8
+	sll	$2, 2, $6
+
+	add	%o7,$7.jmp.table-$7.0,$5
+
+	add	$5, $6, $5
+
+	ld	[$5], $5
+
+	jmp	%o7+$5
+	nop
+
+$7.7:
+	srl	$3, 16, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+6]
+$7.6:
+	srl	$3, 8, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+5]
+$7.5:
+	and	$3, 0xff, $5
+	stub	$5, [$1+4]
+$7.4:
+	srl	$4, 24, $5
+	stub	$5, [$1+3]
+$7.3:
+	srl	$4, 16, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+2]
+$7.2:
+	srl	$4, 8, $5
+	and	$5, 0xff, $5
+	stub	$5, [$1+1]
+$7.1:
+	and	$4, 0xff, $5
+
+
+	ba	$8
+	stub	$5, [$1]
+
+	.align 4
+
+$7.jmp.table:
+
+	.word	0
+	.word	$7.1-$7.0
+	.word	$7.2-$7.0
+	.word	$7.3-$7.0
+	.word	$7.4-$7.0
+	.word	$7.5-$7.0
+	.word	$7.6-$7.0
+	.word	$7.7-$7.0
+})
+
+
+define(testvalue,{1})
+
+define(register_init, {
+
+! For test purposes:
+
+	sethi	%hi(testvalue), local0
+	or	local0, %lo(testvalue), local0
+
+	ifelse($1,{},{}, {mov	local0, $1})
+	ifelse($2,{},{}, {mov	local0, $2})
+	ifelse($3,{},{}, {mov	local0, $3})
+	ifelse($4,{},{}, {mov	local0, $4})
+	ifelse($5,{},{}, {mov	local0, $5})
+	ifelse($6,{},{}, {mov	local0, $6})
+	ifelse($7,{},{}, {mov	local0, $7})
+	ifelse($8,{},{}, {mov	local0, $8})
+
+	mov	local0, local1
+	mov	local0, local2
+	mov	local0, local3
+	mov	local0, local4
+	mov	local0, local5
+	mov	local0, local7
+	mov	local0, local6
+	mov	local0, out0
+	mov	local0, out1
+	mov	local0, out2
+	mov	local0, out3
+	mov	local0, out4
+	mov	local0, out5
+	mov	local0, global1
+	mov	local0, global2
+	mov	local0, global3
+	mov	local0, global4
+	mov	local0, global5
+
+})
+
+.section	".text"
+
+	.align 32
+
+.des_enc:
+
+	! key address in3
+	! loads key next encryption/decryption first round from [in4]
+
+	rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl)
+
+
+	.align 32
+
+.des_dec:
+
+	! implemented with out5 as first parameter to avoid
+	! register exchange in ede modes
+
+	! key address in4
+	! loads key next encryption/decryption first round from [in3]
+
+	rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl)
+
+
+
+! void DES_encrypt1(data, ks, enc)
+! *******************************
+
+	.align 32
+	.global DES_encrypt1
+	.type	 DES_encrypt1,#function
+
+DES_encrypt1:
+
+	save	%sp, FRAME, %sp
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	cmp	in2, 0                    ! enc
+
+	be	.encrypt.dec
+	ld	[in0+4], out5             ! right
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for move in1 to in3
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+
+	ip_macro(in5, out5, in5, out5, in3, 0, 1, 1)
+
+	rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used
+
+	fp_macro(in5, out5, 1)            ! 1 for store to [in0]
+
+	ret
+	restore
+
+.encrypt.dec:
+
+	add	in1, 120, in3             ! use last subkey for first round
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for move in1 to in3
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec,  ks in4
+
+	fp_macro(out5, in5, 1)            ! 1 for store to [in0]
+
+	ret
+	restore
+
+.DES_encrypt1.end:
+	.size	 DES_encrypt1,.DES_encrypt1.end-DES_encrypt1
+
+
+! void DES_encrypt2(data, ks, enc)
+!*********************************
+
+	! encrypts/decrypts without initial/final permutation
+
+	.align 32
+	.global DES_encrypt2
+	.type	 DES_encrypt2,#function
+
+DES_encrypt2:
+
+	save	%sp, FRAME, %sp
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	! Set sbox address 1 to 6 and rotate halfs 3 left
+	! Errors caught by destest? Yes. Still? *NO*
+
+	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1
+
+	!or	global1, %lo(DES_SPtrans), global1  ! sbox 1
+
+	add	global1, 256, global2     ! sbox 2
+	add	global1, 512, global3     ! sbox 3
+
+	ld	[in0], out5               ! right
+	add	global1, 768, global4     ! sbox 4
+	add	global1, 1024, global5    ! sbox 5
+
+	ld	[in0+4], in5              ! left
+	add	global1, 1280, local6     ! sbox 6
+	add	global1, 1792, out3       ! sbox 8
+
+	! rotate
+
+	sll	in5, 3, local5
+	mov	in1, in3                  ! key address to in3
+
+	sll	out5, 3, local7
+	srl	in5, 29, in5
+
+	srl	out5, 29, out5
+	add	in5, local5, in5
+
+	add	out5, local7, out5
+	cmp	in2, 0
+
+	! we use our own stackframe
+
+	be	.encrypt2.dec
+	STPTR	in0, [%sp+BIAS+ARG0+0*ARGSZ]
+
+	ld	[in3], out0               ! key 7531 first round
+	mov	LOOPS, out4               ! loop counter
+
+	ld	[in3+4], out1             ! key 8642 first round
+	sethi	%hi(0x0000FC00), local5
+
+	call .des_enc
+	mov	in3, in4
+
+	! rotate
+	sll	in5, 29, in0
+	srl	in5, 3, in5
+	sll	out5, 29, in1
+	add	in5, in0, in5
+	srl	out5, 3, out5
+	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
+	add	out5, in1, out5
+	st	in5, [in0]
+	st	out5, [in0+4]
+
+	ret
+	restore
+
+
+.encrypt2.dec:
+
+	add in3, 120, in4
+
+	ld	[in4], out0               ! key 7531 first round
+	mov	LOOPS, out4               ! loop counter
+
+	ld	[in4+4], out1             ! key 8642 first round
+	sethi	%hi(0x0000FC00), local5
+
+	mov	in5, local1               ! left expected in out5
+	mov	out5, in5
+
+	call .des_dec
+	mov	local1, out5
+
+.encrypt2.finish:
+
+	! rotate
+	sll	in5, 29, in0
+	srl	in5, 3, in5
+	sll	out5, 29, in1
+	add	in5, in0, in5
+	srl	out5, 3, out5
+	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
+	add	out5, in1, out5
+	st	out5, [in0]
+	st	in5, [in0+4]
+
+	ret
+	restore
+
+.DES_encrypt2.end:
+	.size	 DES_encrypt2, .DES_encrypt2.end-DES_encrypt2
+
+
+! void DES_encrypt3(data, ks1, ks2, ks3)
+! **************************************
+
+	.align 32
+	.global DES_encrypt3
+	.type	 DES_encrypt3,#function
+
+DES_encrypt3:
+
+	save	%sp, FRAME, %sp
+	
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	add	in2, 120, in4             ! ks2
+
+	ld	[in0+4], out5             ! right
+	mov	in3, in2                  ! save ks3
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0)
+
+	call	.des_dec
+	mov	in2, in3                  ! preload ks3
+
+	call	.des_enc
+	nop
+
+	fp_macro(in5, out5, 1)
+
+	ret
+	restore
+
+.DES_encrypt3.end:
+	.size	 DES_encrypt3,.DES_encrypt3.end-DES_encrypt3
+
+
+! void DES_decrypt3(data, ks1, ks2, ks3)
+! **************************************
+
+	.align 32
+	.global DES_decrypt3
+	.type	 DES_decrypt3,#function
+
+DES_decrypt3:
+
+	save	%sp, FRAME, %sp
+	
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	ld	[in0], in5                ! left
+	add	in3, 120, in4             ! ks3
+
+	ld	[in0+4], out5             ! right
+	mov	in2, in3                  ! ks2
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0)
+
+	call	.des_enc
+	add	in1, 120, in4             ! preload ks1
+
+	call	.des_dec
+	nop
+
+	fp_macro(out5, in5, 1)
+
+	ret
+	restore
+
+.DES_decrypt3.end:
+	.size	 DES_decrypt3,.DES_decrypt3.end-DES_decrypt3
+
+! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+! *****************************************************************
+
+
+	.align 32
+	.global DES_ncbc_encrypt
+	.type	 DES_ncbc_encrypt,#function
+
+DES_ncbc_encrypt:
+
+	save	%sp, FRAME, %sp
+	
+	define({INPUT},  { [%sp+BIAS+ARG0+0*ARGSZ] })
+	define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] })
+	define({IVEC},   { [%sp+BIAS+ARG0+4*ARGSZ] })
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	cmp	in5, 0                    ! enc   
+
+	be	.ncbc.dec
+	STPTR	in4, IVEC
+
+	! addr  left  right  temp  label
+	load_little_endian(in4, in5, out5, local3, .LLE1)  ! iv
+
+	addcc	in2, -8, in2              ! bytes missing when first block done
+
+	bl	.ncbc.enc.seven.or.less
+	mov	in3, in4                  ! schedule
+
+.ncbc.enc.next.block:
+
+	load_little_endian(in0, out4, global4, local3, .LLE2)  ! block
+
+.ncbc.enc.next.block_1:
+
+	xor	in5, out4, in5            ! iv xor
+	xor	out5, global4, out5       ! iv xor
+
+	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
+	ip_macro(in5, out5, in5, out5, in3, 0, 0, 2)
+
+.ncbc.enc.next.block_2:
+
+!//	call .des_enc                     ! compares in2 to 8
+!	rounds inlined for alignment purposes
+
+	add	global1, 768, global4     ! address sbox 4 since register used below
+
+	rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption  ks in3
+
+	bl	.ncbc.enc.next.block_fp
+	add	in0, 8, in0               ! input address
+
+	! If 8 or more bytes are to be encrypted after this block,
+	! we combine final permutation for this block with initial
+	! permutation for next block. Load next block:
+
+	load_little_endian(in0, global3, global4, local5, .LLE12)
+
+	!  parameter 1   original left
+	!  parameter 2   original right
+	!  parameter 3   left ip
+	!  parameter 4   right ip
+	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+	!                2: mov in4 to in3
+	!
+	! also adds -8 to length in2 and loads loop counter to out4
+
+	fp_ip_macro(out0, out1, global3, global4, 2)
+
+	store_little_endian(in1, out0, out1, local3, .SLE10)  ! block
+
+	ld	[in3], out0               ! key 7531 first round next block
+	mov 	in5, local1
+	xor	global3, out5, in5        ! iv xor next block
+
+	ld	[in3+4], out1             ! key 8642
+	add	global1, 512, global3     ! address sbox 3 since register used
+	xor	global4, local1, out5     ! iv xor next block
+
+	ba	.ncbc.enc.next.block_2
+	add	in1, 8, in1               ! output address
+
+.ncbc.enc.next.block_fp:
+
+	fp_macro(in5, out5)
+
+	store_little_endian(in1, in5, out5, local3, .SLE1)  ! block
+
+	addcc   in2, -8, in2              ! bytes missing when next block done
+
+	bpos	.ncbc.enc.next.block
+	add	in1, 8, in1
+
+.ncbc.enc.seven.or.less:
+
+	cmp	in2, -8
+
+	ble	.ncbc.enc.finish
+	nop
+
+	add	in2, 8, local1            ! bytes to load
+
+	! addr, length, dest left, dest right, temp, temp2, label, ret label
+	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1)
+
+	! Loads 1 to 7 bytes little endian to global4, out4
+
+
+.ncbc.enc.finish:
+
+	LDPTR	IVEC, local4
+	store_little_endian(local4, in5, out5, local5, .SLE2)  ! ivec
+
+	ret
+	restore
+
+
+.ncbc.dec:
+
+	STPTR	in0, INPUT
+	cmp	in2, 0                    ! length
+	add	in3, 120, in3
+
+	LDPTR	IVEC, local7              ! ivec
+	ble	.ncbc.dec.finish
+	mov	in3, in4                  ! schedule
+
+	STPTR	in1, OUTPUT
+	mov	in0, local5               ! input
+
+	load_little_endian(local7, in0, in1, local3, .LLE3)   ! ivec
+
+.ncbc.dec.next.block:
+
+	load_little_endian(local5, in5, out5, local3, .LLE4)  ! block
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion  ks in4
+
+	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7
+
+	! in2 is bytes left to be stored
+	! in2 is compared to 8 in the rounds
+
+	xor	out5, in0, out4           ! iv xor
+	bl	.ncbc.dec.seven.or.less
+	xor	in5, in1, global4         ! iv xor
+
+	! Load ivec next block now, since input and output address might be the same.
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE5)  ! iv
+
+	store_little_endian(local7, out4, global4, local3, .SLE3)
+
+	STPTR	local5, INPUT
+	add	local7, 8, local7
+	addcc   in2, -8, in2
+
+	bg	.ncbc.dec.next.block
+	STPTR	local7, OUTPUT
+
+
+.ncbc.dec.store.iv:
+
+	LDPTR	IVEC, local4              ! ivec
+	store_little_endian(local4, in0, in1, local5, .SLE4)
+
+.ncbc.dec.finish:
+
+	ret
+	restore
+
+.ncbc.dec.seven.or.less:
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE13)     ! ivec
+
+	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv)
+
+
+.DES_ncbc_encrypt.end:
+	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt
+
+
+! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc)
+! **************************************************************************
+
+
+	.align 32
+	.global DES_ede3_cbc_encrypt
+	.type	 DES_ede3_cbc_encrypt,#function
+
+DES_ede3_cbc_encrypt:
+
+	save	%sp, FRAME, %sp
+
+	define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] })
+	define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] })
+	define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] })
+
+	sethi	%hi(.PIC.DES_SPtrans-1f),global1
+	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
+1:	call	.+8
+	add	%o7,global1,global1
+	sub	global1,.PIC.DES_SPtrans-.des_and,out2
+
+	LDPTR	[%fp+BIAS+ARG0+7*ARGSZ], local3          ! enc
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	cmp	local3, 0                 ! enc
+
+	be	.ede3.dec
+	STPTR	in4, KS2
+
+	STPTR	in5, KS3
+
+	load_little_endian(local4, in5, out5, local3, .LLE6)  ! ivec
+
+	addcc	in2, -8, in2              ! bytes missing after next block
+
+	bl	.ede3.enc.seven.or.less
+	STPTR	in3, KS1
+
+.ede3.enc.next.block:
+
+	load_little_endian(in0, out4, global4, local3, .LLE7)
+
+.ede3.enc.next.block_1:
+
+	LDPTR	KS2, in4
+	xor	in5, out4, in5            ! iv xor
+	xor	out5, global4, out5       ! iv xor
+
+	LDPTR	KS1, in3
+	add	in4, 120, in4             ! for decryption we use last subkey first
+	nop
+
+	ip_macro(in5, out5, in5, out5, in3)
+
+.ede3.enc.next.block_2:
+
+	call .des_enc                     ! ks1 in3
+	nop
+
+	call .des_dec                     ! ks2 in4
+	LDPTR	KS3, in3
+
+	call .des_enc                     ! ks3 in3  compares in2 to 8
+	nop
+
+	bl	.ede3.enc.next.block_fp
+	add	in0, 8, in0
+
+	! If 8 or more bytes are to be encrypted after this block,
+	! we combine final permutation for this block with initial
+	! permutation for next block. Load next block:
+
+	load_little_endian(in0, global3, global4, local5, .LLE11)
+
+	!  parameter 1   original left
+	!  parameter 2   original right
+	!  parameter 3   left ip
+	!  parameter 4   right ip
+	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
+	!                2: mov in4 to in3
+	!
+	! also adds -8 to length in2 and loads loop counter to out4
+
+	fp_ip_macro(out0, out1, global3, global4, 1)
+
+	store_little_endian(in1, out0, out1, local3, .SLE9)  ! block
+
+	mov 	in5, local1
+	xor	global3, out5, in5        ! iv xor next block
+
+	ld	[in3], out0               ! key 7531
+	add	global1, 512, global3     ! address sbox 3
+	xor	global4, local1, out5     ! iv xor next block
+
+	ld	[in3+4], out1             ! key 8642
+	add	global1, 768, global4     ! address sbox 4
+	ba	.ede3.enc.next.block_2
+	add	in1, 8, in1
+
+.ede3.enc.next.block_fp:
+
+	fp_macro(in5, out5)
+
+	store_little_endian(in1, in5, out5, local3, .SLE5)  ! block
+
+	addcc   in2, -8, in2              ! bytes missing when next block done
+
+	bpos	.ede3.enc.next.block
+	add	in1, 8, in1
+
+.ede3.enc.seven.or.less:
+
+	cmp	in2, -8
+
+	ble	.ede3.enc.finish
+	nop
+
+	add	in2, 8, local1            ! bytes to load
+
+	! addr, length, dest left, dest right, temp, temp2, label, ret label
+	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1)
+
+.ede3.enc.finish:
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	store_little_endian(local4, in5, out5, local5, .SLE6)  ! ivec
+
+	ret
+	restore
+
+.ede3.dec:
+
+	STPTR	in0, INPUT
+	add	in5, 120, in5
+
+	STPTR	in1, OUTPUT
+	mov	in0, local5
+	add	in3, 120, in3
+
+	STPTR	in3, KS1
+	cmp	in2, 0
+
+	ble	.ede3.dec.finish
+	STPTR	in5, KS3
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local7          ! iv
+	load_little_endian(local7, in0, in1, local3, .LLE8)
+
+.ede3.dec.next.block:
+
+	load_little_endian(local5, in5, out5, local3, .LLE9)
+
+	! parameter 6  1/2 for include encryption/decryption
+	! parameter 7  1 for mov in1 to in3
+	! parameter 8  1 for mov in3 to in4
+	! parameter 9  1 for load ks3 and ks2 to in4 and in3
+
+	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4
+
+	call .des_enc                     ! ks2 in3
+	LDPTR	KS1, in4
+
+	call .des_dec                     ! ks1 in4
+	nop
+
+	fp_macro(out5, in5, 0, 1)   ! 1 for input and output address local5/7
+
+	! in2 is bytes left to be stored
+	! in2 is compared to 8 in the rounds
+
+	xor	out5, in0, out4
+	bl	.ede3.dec.seven.or.less
+	xor	in5, in1, global4
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE10)   ! iv next block
+
+	store_little_endian(local7, out4, global4, local3, .SLE7)  ! block
+
+	STPTR	local5, INPUT
+	addcc   in2, -8, in2
+	add	local7, 8, local7
+
+	bg	.ede3.dec.next.block
+	STPTR	local7, OUTPUT
+
+.ede3.dec.store.iv:
+
+	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
+	store_little_endian(local4, in0, in1, local5, .SLE8)  ! ivec
+
+.ede3.dec.finish:
+
+	ret
+	restore
+
+.ede3.dec.seven.or.less:
+
+	load_little_endian_inc(local5, in0, in1, local3, .LLE14)     ! iv
+
+	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv)
+
+
+.DES_ede3_cbc_encrypt.end:
+	.size	 DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt
+
+	.align	256
+	.type	 .des_and,#object
+	.size	 .des_and,284
+
+.des_and:
+
+! This table is used for AND 0xFC when it is known that register
+! bits 8-31 are zero. Makes it possible to do three arithmetic
+! operations in one cycle.
+
+	.byte  0, 0, 0, 0, 4, 4, 4, 4
+	.byte  8, 8, 8, 8, 12, 12, 12, 12
+	.byte  16, 16, 16, 16, 20, 20, 20, 20
+	.byte  24, 24, 24, 24, 28, 28, 28, 28
+	.byte  32, 32, 32, 32, 36, 36, 36, 36
+	.byte  40, 40, 40, 40, 44, 44, 44, 44
+	.byte  48, 48, 48, 48, 52, 52, 52, 52
+	.byte  56, 56, 56, 56, 60, 60, 60, 60
+	.byte  64, 64, 64, 64, 68, 68, 68, 68
+	.byte  72, 72, 72, 72, 76, 76, 76, 76
+	.byte  80, 80, 80, 80, 84, 84, 84, 84
+	.byte  88, 88, 88, 88, 92, 92, 92, 92
+	.byte  96, 96, 96, 96, 100, 100, 100, 100
+	.byte  104, 104, 104, 104, 108, 108, 108, 108
+	.byte  112, 112, 112, 112, 116, 116, 116, 116
+	.byte  120, 120, 120, 120, 124, 124, 124, 124
+	.byte  128, 128, 128, 128, 132, 132, 132, 132
+	.byte  136, 136, 136, 136, 140, 140, 140, 140
+	.byte  144, 144, 144, 144, 148, 148, 148, 148
+	.byte  152, 152, 152, 152, 156, 156, 156, 156
+	.byte  160, 160, 160, 160, 164, 164, 164, 164
+	.byte  168, 168, 168, 168, 172, 172, 172, 172
+	.byte  176, 176, 176, 176, 180, 180, 180, 180
+	.byte  184, 184, 184, 184, 188, 188, 188, 188
+	.byte  192, 192, 192, 192, 196, 196, 196, 196
+	.byte  200, 200, 200, 200, 204, 204, 204, 204
+	.byte  208, 208, 208, 208, 212, 212, 212, 212
+	.byte  216, 216, 216, 216, 220, 220, 220, 220
+	.byte  224, 224, 224, 224, 228, 228, 228, 228
+	.byte  232, 232, 232, 232, 236, 236, 236, 236
+	.byte  240, 240, 240, 240, 244, 244, 244, 244
+	.byte  248, 248, 248, 248, 252, 252, 252, 252
+
+	! 5 numbers for initil/final permutation
+
+	.word   0x0f0f0f0f                ! offset 256
+	.word	0x0000ffff                ! 260
+	.word	0x33333333                ! 264
+	.word	0x00ff00ff                ! 268
+	.word	0x55555555                ! 272
+
+	.word	0                         ! 276
+	.word	LOOPS                     ! 280
+	.word	0x0000FC00                ! 284
+
+	.global	DES_SPtrans
+	.type	DES_SPtrans,#object
+	.size	DES_SPtrans,2048
+.align	64
+DES_SPtrans:
+.PIC.DES_SPtrans:
+	! nibble 0
+	.word	0x02080800, 0x00080000, 0x02000002, 0x02080802
+	.word	0x02000000, 0x00080802, 0x00080002, 0x02000002
+	.word	0x00080802, 0x02080800, 0x02080000, 0x00000802
+	.word	0x02000802, 0x02000000, 0x00000000, 0x00080002
+	.word	0x00080000, 0x00000002, 0x02000800, 0x00080800
+	.word	0x02080802, 0x02080000, 0x00000802, 0x02000800
+	.word	0x00000002, 0x00000800, 0x00080800, 0x02080002
+	.word	0x00000800, 0x02000802, 0x02080002, 0x00000000
+	.word	0x00000000, 0x02080802, 0x02000800, 0x00080002
+	.word	0x02080800, 0x00080000, 0x00000802, 0x02000800
+	.word	0x02080002, 0x00000800, 0x00080800, 0x02000002
+	.word	0x00080802, 0x00000002, 0x02000002, 0x02080000
+	.word	0x02080802, 0x00080800, 0x02080000, 0x02000802
+	.word	0x02000000, 0x00000802, 0x00080002, 0x00000000
+	.word	0x00080000, 0x02000000, 0x02000802, 0x02080800
+	.word	0x00000002, 0x02080002, 0x00000800, 0x00080802
+	! nibble 1
+	.word	0x40108010, 0x00000000, 0x00108000, 0x40100000
+	.word	0x40000010, 0x00008010, 0x40008000, 0x00108000
+	.word	0x00008000, 0x40100010, 0x00000010, 0x40008000
+	.word	0x00100010, 0x40108000, 0x40100000, 0x00000010
+	.word	0x00100000, 0x40008010, 0x40100010, 0x00008000
+	.word	0x00108010, 0x40000000, 0x00000000, 0x00100010
+	.word	0x40008010, 0x00108010, 0x40108000, 0x40000010
+	.word	0x40000000, 0x00100000, 0x00008010, 0x40108010
+	.word	0x00100010, 0x40108000, 0x40008000, 0x00108010
+	.word	0x40108010, 0x00100010, 0x40000010, 0x00000000
+	.word	0x40000000, 0x00008010, 0x00100000, 0x40100010
+	.word	0x00008000, 0x40000000, 0x00108010, 0x40008010
+	.word	0x40108000, 0x00008000, 0x00000000, 0x40000010
+	.word	0x00000010, 0x40108010, 0x00108000, 0x40100000
+	.word	0x40100010, 0x00100000, 0x00008010, 0x40008000
+	.word	0x40008010, 0x00000010, 0x40100000, 0x00108000
+	! nibble 2
+	.word	0x04000001, 0x04040100, 0x00000100, 0x04000101
+	.word	0x00040001, 0x04000000, 0x04000101, 0x00040100
+	.word	0x04000100, 0x00040000, 0x04040000, 0x00000001
+	.word	0x04040101, 0x00000101, 0x00000001, 0x04040001
+	.word	0x00000000, 0x00040001, 0x04040100, 0x00000100
+	.word	0x00000101, 0x04040101, 0x00040000, 0x04000001
+	.word	0x04040001, 0x04000100, 0x00040101, 0x04040000
+	.word	0x00040100, 0x00000000, 0x04000000, 0x00040101
+	.word	0x04040100, 0x00000100, 0x00000001, 0x00040000
+	.word	0x00000101, 0x00040001, 0x04040000, 0x04000101
+	.word	0x00000000, 0x04040100, 0x00040100, 0x04040001
+	.word	0x00040001, 0x04000000, 0x04040101, 0x00000001
+	.word	0x00040101, 0x04000001, 0x04000000, 0x04040101
+	.word	0x00040000, 0x04000100, 0x04000101, 0x00040100
+	.word	0x04000100, 0x00000000, 0x04040001, 0x00000101
+	.word	0x04000001, 0x00040101, 0x00000100, 0x04040000
+	! nibble 3
+	.word	0x00401008, 0x10001000, 0x00000008, 0x10401008
+	.word	0x00000000, 0x10400000, 0x10001008, 0x00400008
+	.word	0x10401000, 0x10000008, 0x10000000, 0x00001008
+	.word	0x10000008, 0x00401008, 0x00400000, 0x10000000
+	.word	0x10400008, 0x00401000, 0x00001000, 0x00000008
+	.word	0x00401000, 0x10001008, 0x10400000, 0x00001000
+	.word	0x00001008, 0x00000000, 0x00400008, 0x10401000
+	.word	0x10001000, 0x10400008, 0x10401008, 0x00400000
+	.word	0x10400008, 0x00001008, 0x00400000, 0x10000008
+	.word	0x00401000, 0x10001000, 0x00000008, 0x10400000
+	.word	0x10001008, 0x00000000, 0x00001000, 0x00400008
+	.word	0x00000000, 0x10400008, 0x10401000, 0x00001000
+	.word	0x10000000, 0x10401008, 0x00401008, 0x00400000
+	.word	0x10401008, 0x00000008, 0x10001000, 0x00401008
+	.word	0x00400008, 0x00401000, 0x10400000, 0x10001008
+	.word	0x00001008, 0x10000000, 0x10000008, 0x10401000
+	! nibble 4
+	.word	0x08000000, 0x00010000, 0x00000400, 0x08010420
+	.word	0x08010020, 0x08000400, 0x00010420, 0x08010000
+	.word	0x00010000, 0x00000020, 0x08000020, 0x00010400
+	.word	0x08000420, 0x08010020, 0x08010400, 0x00000000
+	.word	0x00010400, 0x08000000, 0x00010020, 0x00000420
+	.word	0x08000400, 0x00010420, 0x00000000, 0x08000020
+	.word	0x00000020, 0x08000420, 0x08010420, 0x00010020
+	.word	0x08010000, 0x00000400, 0x00000420, 0x08010400
+	.word	0x08010400, 0x08000420, 0x00010020, 0x08010000
+	.word	0x00010000, 0x00000020, 0x08000020, 0x08000400
+	.word	0x08000000, 0x00010400, 0x08010420, 0x00000000
+	.word	0x00010420, 0x08000000, 0x00000400, 0x00010020
+	.word	0x08000420, 0x00000400, 0x00000000, 0x08010420
+	.word	0x08010020, 0x08010400, 0x00000420, 0x00010000
+	.word	0x00010400, 0x08010020, 0x08000400, 0x00000420
+	.word	0x00000020, 0x00010420, 0x08010000, 0x08000020
+	! nibble 5
+	.word	0x80000040, 0x00200040, 0x00000000, 0x80202000
+	.word	0x00200040, 0x00002000, 0x80002040, 0x00200000
+	.word	0x00002040, 0x80202040, 0x00202000, 0x80000000
+	.word	0x80002000, 0x80000040, 0x80200000, 0x00202040
+	.word	0x00200000, 0x80002040, 0x80200040, 0x00000000
+	.word	0x00002000, 0x00000040, 0x80202000, 0x80200040
+	.word	0x80202040, 0x80200000, 0x80000000, 0x00002040
+	.word	0x00000040, 0x00202000, 0x00202040, 0x80002000
+	.word	0x00002040, 0x80000000, 0x80002000, 0x00202040
+	.word	0x80202000, 0x00200040, 0x00000000, 0x80002000
+	.word	0x80000000, 0x00002000, 0x80200040, 0x00200000
+	.word	0x00200040, 0x80202040, 0x00202000, 0x00000040
+	.word	0x80202040, 0x00202000, 0x00200000, 0x80002040
+	.word	0x80000040, 0x80200000, 0x00202040, 0x00000000
+	.word	0x00002000, 0x80000040, 0x80002040, 0x80202000
+	.word	0x80200000, 0x00002040, 0x00000040, 0x80200040
+	! nibble 6
+	.word	0x00004000, 0x00000200, 0x01000200, 0x01000004
+	.word	0x01004204, 0x00004004, 0x00004200, 0x00000000
+	.word	0x01000000, 0x01000204, 0x00000204, 0x01004000
+	.word	0x00000004, 0x01004200, 0x01004000, 0x00000204
+	.word	0x01000204, 0x00004000, 0x00004004, 0x01004204
+	.word	0x00000000, 0x01000200, 0x01000004, 0x00004200
+	.word	0x01004004, 0x00004204, 0x01004200, 0x00000004
+	.word	0x00004204, 0x01004004, 0x00000200, 0x01000000
+	.word	0x00004204, 0x01004000, 0x01004004, 0x00000204
+	.word	0x00004000, 0x00000200, 0x01000000, 0x01004004
+	.word	0x01000204, 0x00004204, 0x00004200, 0x00000000
+	.word	0x00000200, 0x01000004, 0x00000004, 0x01000200
+	.word	0x00000000, 0x01000204, 0x01000200, 0x00004200
+	.word	0x00000204, 0x00004000, 0x01004204, 0x01000000
+	.word	0x01004200, 0x00000004, 0x00004004, 0x01004204
+	.word	0x01000004, 0x01004200, 0x01004000, 0x00004004
+	! nibble 7
+	.word	0x20800080, 0x20820000, 0x00020080, 0x00000000
+	.word	0x20020000, 0x00800080, 0x20800000, 0x20820080
+	.word	0x00000080, 0x20000000, 0x00820000, 0x00020080
+	.word	0x00820080, 0x20020080, 0x20000080, 0x20800000
+	.word	0x00020000, 0x00820080, 0x00800080, 0x20020000
+	.word	0x20820080, 0x20000080, 0x00000000, 0x00820000
+	.word	0x20000000, 0x00800000, 0x20020080, 0x20800080
+	.word	0x00800000, 0x00020000, 0x20820000, 0x00000080
+	.word	0x00800000, 0x00020000, 0x20000080, 0x20820080
+	.word	0x00020080, 0x20000000, 0x00000000, 0x00820000
+	.word	0x20800080, 0x20020080, 0x20020000, 0x00800080
+	.word	0x20820000, 0x00000080, 0x00800080, 0x20020000
+	.word	0x20820080, 0x00800000, 0x20800000, 0x20000080
+	.word	0x00820000, 0x00020080, 0x20020080, 0x20800000
+	.word	0x00000080, 0x20820000, 0x00820080, 0x00000000
+	.word	0x20000000, 0x20800080, 0x00020000, 0x00820080
+
diff --git a/openssl-1.1.0h/crypto/des/asm/desboth.pl b/openssl-1.1.0h/crypto/des/asm/desboth.pl
new file mode 100644
index 0000000..76759fb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/asm/desboth.pl
@@ -0,0 +1,86 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$L="edi";
+$R="esi";
+
+sub DES_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+	&push("ebx");
+	&mov("ebx",&wparam(0));
+
+	&push("ebp");
+	&push("esi");
+
+	&push("edi");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+	&stack_push(3);
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+	
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"eax");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
+	&mov(&swtmp(1),	"edi");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"esi");
+	&mov(&swtmp(0),	"ebx");
+	&call("DES_encrypt2");
+
+	&stack_pop(3);
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&pop("edi");
+	&pop("esi");
+	&pop("ebp");
+	&pop("ebx");
+	&ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/openssl-1.1.0h/crypto/des/asm/dest4-sparcv9.pl b/openssl-1.1.0h/crypto/des/asm/dest4-sparcv9.pl
new file mode 100644
index 0000000..4a6e29f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/asm/dest4-sparcv9.pl
@@ -0,0 +1,627 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
+# <appro@openssl.org>. The module is licensed under 2-clause BSD
+# license. March 2013. All rights reserved.
+# ====================================================================
+
+######################################################################
+# DES for SPARC T4.
+#
+# As with other hardware-assisted ciphers CBC encrypt results [for
+# aligned data] are virtually identical to critical path lengths:
+#
+#		DES		Triple-DES
+# CBC encrypt	4.14/4.15(*)	11.7/11.7
+# CBC decrypt	1.77/4.11(**)	6.42/7.47
+#
+#			 (*)	numbers after slash are for
+#				misaligned data;
+#			 (**)	this is result for largest
+#				block size, unlike all other
+#				cases smaller blocks results
+#				are better[?];
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "sparcv9_modes.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register       %g2,#scratch
+.register       %g3,#scratch
+#endif
+
+.text
+___
+
+{ my ($inp,$out)=("%o0","%o1");
+
+$code.=<<___;
+.align	32
+.globl	des_t4_key_expand
+.type	des_t4_key_expand,#function
+des_t4_key_expand:
+	andcc		$inp, 0x7, %g0
+	alignaddr	$inp, %g0, $inp
+	bz,pt		%icc, 1f
+	ldd		[$inp + 0x00], %f0
+	ldd		[$inp + 0x08], %f2
+	faligndata	%f0, %f2, %f0
+1:	des_kexpand	%f0, 0, %f0
+	des_kexpand	%f0, 1, %f2
+	std		%f0, [$out + 0x00]
+	des_kexpand	%f2, 3, %f6
+	std		%f2, [$out + 0x08]
+	des_kexpand	%f2, 2, %f4
+	des_kexpand	%f6, 3, %f10
+	std		%f6, [$out + 0x18]
+	des_kexpand	%f6, 2, %f8
+	std		%f4, [$out + 0x10]
+	des_kexpand	%f10, 3, %f14
+	std		%f10, [$out + 0x28]
+	des_kexpand	%f10, 2, %f12
+	std		%f8, [$out + 0x20]
+	des_kexpand	%f14, 1, %f16
+	std		%f14, [$out + 0x38]
+	des_kexpand	%f16, 3, %f20
+	std		%f12, [$out + 0x30]
+	des_kexpand	%f16, 2, %f18
+	std		%f16, [$out + 0x40]
+	des_kexpand	%f20, 3, %f24
+	std		%f20, [$out + 0x50]
+	des_kexpand	%f20, 2, %f22
+	std		%f18, [$out + 0x48]
+	des_kexpand	%f24, 3, %f28
+	std		%f24, [$out + 0x60]
+	des_kexpand	%f24, 2, %f26
+	std		%f22, [$out + 0x58]
+	des_kexpand	%f28, 1, %f30
+	std		%f28, [$out + 0x70]
+	std		%f26, [$out + 0x68]
+	retl
+	std		%f30, [$out + 0x78]
+.size	des_t4_key_expand,.-des_t4_key_expand
+___
+}
+{ my ($inp,$out,$len,$key,$ivec) = map("%o$_",(0..4));
+  my ($ileft,$iright,$omask) = map("%g$_",(1..3));
+
+$code.=<<___;
+.globl	des_t4_cbc_encrypt
+.align	32
+des_t4_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f0	! load ivec
+	ld		[$ivec + 4], %f1
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x00], %f4	! load key schedule
+	ldd		[$key + 0x08], %f6
+	ldd		[$key + 0x10], %f8
+	ldd		[$key + 0x18], %f10
+	ldd		[$key + 0x20], %f12
+	ldd		[$key + 0x28], %f14
+	ldd		[$key + 0x30], %f16
+	ldd		[$key + 0x38], %f18
+	ldd		[$key + 0x40], %f20
+	ldd		[$key + 0x48], %f22
+	ldd		[$key + 0x50], %f24
+	ldd		[$key + 0x58], %f26
+	ldd		[$key + 0x60], %f28
+	ldd		[$key + 0x68], %f30
+	ldd		[$key + 0x70], %f32
+	ldd		[$key + 0x78], %f34
+
+.Ldes_cbc_enc_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f2
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	fxor		%f2, %f0, %f0		! ^= ivec
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	des_round	%f20, %f22, %f0, %f0
+	des_round	%f24, %f26, %f0, %f0
+	des_round	%f28, %f30, %f0, %f0
+	des_round	%f32, %f34, %f0, %f0
+	des_iip		%f0, %f0
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_cbc_enc_loop
+	add		$out, 8, $out
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.Lcbc_abort:
+	retl
+	nop
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~4x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f2		! handle unaligned output
+
+	stda		%f2, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f2, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.type	des_t4_cbc_encrypt,#function
+.size	des_t4_cbc_encrypt,.-des_t4_cbc_encrypt
+
+.globl	des_t4_cbc_decrypt
+.align	32
+des_t4_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f2	! load ivec
+	ld		[$ivec + 4], %f3
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x78], %f4	! load key schedule
+	ldd		[$key + 0x70], %f6
+	ldd		[$key + 0x68], %f8
+	ldd		[$key + 0x60], %f10
+	ldd		[$key + 0x58], %f12
+	ldd		[$key + 0x50], %f14
+	ldd		[$key + 0x48], %f16
+	ldd		[$key + 0x40], %f18
+	ldd		[$key + 0x38], %f20
+	ldd		[$key + 0x30], %f22
+	ldd		[$key + 0x28], %f24
+	ldd		[$key + 0x20], %f26
+	ldd		[$key + 0x18], %f28
+	ldd		[$key + 0x10], %f30
+	ldd		[$key + 0x08], %f32
+	ldd		[$key + 0x00], %f34
+
+.Ldes_cbc_dec_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f0
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	des_round	%f20, %f22, %f0, %f0
+	des_round	%f24, %f26, %f0, %f0
+	des_round	%f28, %f30, %f0, %f0
+	des_round	%f32, %f34, %f0, %f0
+	des_iip		%f0, %f0
+
+	fxor		%f2, %f0, %f0		! ^= ivec
+	movxtod		%g4, %f2
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_cbc_dec_loop
+	add		$out, 8, $out
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~4x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f0		! handle unaligned output
+
+	stda		%f0, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_cbc_dec_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+.type	des_t4_cbc_decrypt,#function
+.size	des_t4_cbc_decrypt,.-des_t4_cbc_decrypt
+___
+
+# One might wonder why does one have back-to-back des_iip/des_ip
+# pairs between EDE passes. Indeed, aren't they inverse of each other?
+# They almost are. Outcome of the pair is 32-bit words being swapped
+# in target register. Consider pair of des_iip/des_ip as a way to
+# perform the due swap, it's actually fastest way in this case.
+
+$code.=<<___;
+.globl	des_t4_ede3_cbc_encrypt
+.align	32
+des_t4_ede3_cbc_encrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f0	! load ivec
+	ld		[$ivec + 4], %f1
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x00], %f4	! load key schedule
+	ldd		[$key + 0x08], %f6
+	ldd		[$key + 0x10], %f8
+	ldd		[$key + 0x18], %f10
+	ldd		[$key + 0x20], %f12
+	ldd		[$key + 0x28], %f14
+	ldd		[$key + 0x30], %f16
+	ldd		[$key + 0x38], %f18
+	ldd		[$key + 0x40], %f20
+	ldd		[$key + 0x48], %f22
+	ldd		[$key + 0x50], %f24
+	ldd		[$key + 0x58], %f26
+	ldd		[$key + 0x60], %f28
+	ldd		[$key + 0x68], %f30
+	ldd		[$key + 0x70], %f32
+	ldd		[$key + 0x78], %f34
+
+.Ldes_ede3_cbc_enc_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f2
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	fxor		%f2, %f0, %f0		! ^= ivec
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	ldd		[$key + 0x100-0x08], %f36
+	ldd		[$key + 0x100-0x10], %f38
+	des_round	%f20, %f22, %f0, %f0
+	ldd		[$key + 0x100-0x18], %f40
+	ldd		[$key + 0x100-0x20], %f42
+	des_round	%f24, %f26, %f0, %f0
+	ldd		[$key + 0x100-0x28], %f44
+	ldd		[$key + 0x100-0x30], %f46
+	des_round	%f28, %f30, %f0, %f0
+	ldd		[$key + 0x100-0x38], %f48
+	ldd		[$key + 0x100-0x40], %f50
+	des_round	%f32, %f34, %f0, %f0
+	ldd		[$key + 0x100-0x48], %f52
+	ldd		[$key + 0x100-0x50], %f54
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x100-0x58], %f56
+	ldd		[$key + 0x100-0x60], %f58
+	des_ip		%f0, %f0
+	ldd		[$key + 0x100-0x68], %f60
+	ldd		[$key + 0x100-0x70], %f62
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x100-0x78], %f36
+	ldd		[$key + 0x100-0x80], %f38
+	des_round	%f40, %f42, %f0, %f0
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	ldd		[$key + 0x100+0x00], %f40
+	ldd		[$key + 0x100+0x08], %f42
+	des_round	%f52, %f54, %f0, %f0
+	ldd		[$key + 0x100+0x10], %f44
+	ldd		[$key + 0x100+0x18], %f46
+	des_round	%f56, %f58, %f0, %f0
+	ldd		[$key + 0x100+0x20], %f48
+	ldd		[$key + 0x100+0x28], %f50
+	des_round	%f60, %f62, %f0, %f0
+	ldd		[$key + 0x100+0x30], %f52
+	ldd		[$key + 0x100+0x38], %f54
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x100+0x40], %f56
+	ldd		[$key + 0x100+0x48], %f58
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x100+0x50], %f60
+	ldd		[$key + 0x100+0x58], %f62
+	des_ip		%f0, %f0
+	ldd		[$key + 0x100+0x60], %f36
+	ldd		[$key + 0x100+0x68], %f38
+	des_round	%f40, %f42, %f0, %f0
+	ldd		[$key + 0x100+0x70], %f40
+	ldd		[$key + 0x100+0x78], %f42
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	des_round	%f52, %f54, %f0, %f0
+	des_round	%f56, %f58, %f0, %f0
+	des_round	%f60, %f62, %f0, %f0
+	des_round	%f36, %f38, %f0, %f0
+	des_round	%f40, %f42, %f0, %f0
+	des_iip		%f0, %f0
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_ede3_cbc_enc_loop
+	add		$out, 8, $out
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~2x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f2		! handle unaligned output
+
+	stda		%f2, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f2, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_ede3_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f0, [$ivec + 0]	! write out ivec
+	retl
+	st		%f1, [$ivec + 4]
+.type	des_t4_ede3_cbc_encrypt,#function
+.size	des_t4_ede3_cbc_encrypt,.-des_t4_ede3_cbc_encrypt
+
+.globl	des_t4_ede3_cbc_decrypt
+.align	32
+des_t4_ede3_cbc_decrypt:
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .Lcbc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	ld		[$ivec + 0], %f2	! load ivec
+	ld		[$ivec + 4], %f3
+
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		0xff, $omask
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	sub		%g0, $ileft, $iright
+	and		$out, 7, %g4
+	alignaddrl	$out, %g0, $out
+	srl		$omask, %g4, $omask
+	srlx		$len, 3, $len
+	movrz		%g4, 0, $omask
+	prefetch	[$out], 22
+
+	ldd		[$key + 0x100+0x78], %f4	! load key schedule
+	ldd		[$key + 0x100+0x70], %f6
+	ldd		[$key + 0x100+0x68], %f8
+	ldd		[$key + 0x100+0x60], %f10
+	ldd		[$key + 0x100+0x58], %f12
+	ldd		[$key + 0x100+0x50], %f14
+	ldd		[$key + 0x100+0x48], %f16
+	ldd		[$key + 0x100+0x40], %f18
+	ldd		[$key + 0x100+0x38], %f20
+	ldd		[$key + 0x100+0x30], %f22
+	ldd		[$key + 0x100+0x28], %f24
+	ldd		[$key + 0x100+0x20], %f26
+	ldd		[$key + 0x100+0x18], %f28
+	ldd		[$key + 0x100+0x10], %f30
+	ldd		[$key + 0x100+0x08], %f32
+	ldd		[$key + 0x100+0x00], %f34
+
+.Ldes_ede3_cbc_dec_loop:
+	ldx		[$inp + 0], %g4
+	brz,pt		$ileft, 4f
+	nop
+
+	ldx		[$inp + 8], %g5
+	sllx		%g4, $ileft, %g4
+	srlx		%g5, $iright, %g5
+	or		%g5, %g4, %g4
+4:
+	movxtod		%g4, %f0
+	prefetch	[$inp + 8+63], 20
+	add		$inp, 8, $inp
+	prefetch	[$out + 63], 22
+
+	des_ip		%f0, %f0
+	des_round	%f4, %f6, %f0, %f0
+	des_round	%f8, %f10, %f0, %f0
+	des_round	%f12, %f14, %f0, %f0
+	des_round	%f16, %f18, %f0, %f0
+	ldd		[$key + 0x80+0x00], %f36
+	ldd		[$key + 0x80+0x08], %f38
+	des_round	%f20, %f22, %f0, %f0
+	ldd		[$key + 0x80+0x10], %f40
+	ldd		[$key + 0x80+0x18], %f42
+	des_round	%f24, %f26, %f0, %f0
+	ldd		[$key + 0x80+0x20], %f44
+	ldd		[$key + 0x80+0x28], %f46
+	des_round	%f28, %f30, %f0, %f0
+	ldd		[$key + 0x80+0x30], %f48
+	ldd		[$key + 0x80+0x38], %f50
+	des_round	%f32, %f34, %f0, %f0
+	ldd		[$key + 0x80+0x40], %f52
+	ldd		[$key + 0x80+0x48], %f54
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x80+0x50], %f56
+	ldd		[$key + 0x80+0x58], %f58
+	des_ip		%f0, %f0
+	ldd		[$key + 0x80+0x60], %f60
+	ldd		[$key + 0x80+0x68], %f62
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x80+0x70], %f36
+	ldd		[$key + 0x80+0x78], %f38
+	des_round	%f40, %f42, %f0, %f0
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	ldd		[$key + 0x80-0x08], %f40
+	ldd		[$key + 0x80-0x10], %f42
+	des_round	%f52, %f54, %f0, %f0
+	ldd		[$key + 0x80-0x18], %f44
+	ldd		[$key + 0x80-0x20], %f46
+	des_round	%f56, %f58, %f0, %f0
+	ldd		[$key + 0x80-0x28], %f48
+	ldd		[$key + 0x80-0x30], %f50
+	des_round	%f60, %f62, %f0, %f0
+	ldd		[$key + 0x80-0x38], %f52
+	ldd		[$key + 0x80-0x40], %f54
+	des_round	%f36, %f38, %f0, %f0
+	ldd		[$key + 0x80-0x48], %f56
+	ldd		[$key + 0x80-0x50], %f58
+	des_iip		%f0, %f0
+
+	ldd		[$key + 0x80-0x58], %f60
+	ldd		[$key + 0x80-0x60], %f62
+	des_ip		%f0, %f0
+	ldd		[$key + 0x80-0x68], %f36
+	ldd		[$key + 0x80-0x70], %f38
+	des_round	%f40, %f42, %f0, %f0
+	ldd		[$key + 0x80-0x78], %f40
+	ldd		[$key + 0x80-0x80], %f42
+	des_round	%f44, %f46, %f0, %f0
+	des_round	%f48, %f50, %f0, %f0
+	des_round	%f52, %f54, %f0, %f0
+	des_round	%f56, %f58, %f0, %f0
+	des_round	%f60, %f62, %f0, %f0
+	des_round	%f36, %f38, %f0, %f0
+	des_round	%f40, %f42, %f0, %f0
+	des_iip		%f0, %f0
+
+	fxor		%f2, %f0, %f0		! ^= ivec
+	movxtod		%g4, %f2
+
+	brnz,pn		$omask, 2f
+	sub		$len, 1, $len
+
+	std		%f0, [$out + 0]
+	brnz,pt		$len, .Ldes_ede3_cbc_dec_loop
+	add		$out, 8, $out
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+
+.align	16
+2:	ldxa		[$inp]0x82, %g4		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f0		! handle unaligned output
+
+	stda		%f0, [$out + $omask]0xc0	! partial store
+	add		$out, 8, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .Ldes_ede3_cbc_dec_loop+4
+	orn		%g0, $omask, $omask
+
+	st		%f2, [$ivec + 0]	! write out ivec
+	retl
+	st		%f3, [$ivec + 4]
+.type	des_t4_ede3_cbc_decrypt,#function
+.size	des_t4_ede3_cbc_decrypt,.-des_t4_ede3_cbc_decrypt
+___
+}
+$code.=<<___;
+.asciz  "DES for SPARC T4, David S. Miller, Andy Polyakov"
+.align  4
+___
+
+&emit_assembler();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/des/build.info b/openssl-1.1.0h/crypto/des/build.info
new file mode 100644
index 0000000..c0306cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/build.info
@@ -0,0 +1,17 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        set_key.c  ecb_enc.c  cbc_enc.c \
+        ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c \
+        ofb64ede.c ofb64enc.c ofb_enc.c \
+        str2key.c  pcbc_enc.c qud_cksm.c rand_key.c \
+        {- $target{des_asm_src} -} \
+        fcrypt.c xcbc_enc.c rpc_enc.c  cbc_cksm.c
+
+GENERATE[des_enc-sparc.S]=asm/des_enc.m4
+GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[dest4-sparcv9.o]=..
+
+GENERATE[des-586.s]=asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+DEPEND[des-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
+GENERATE[crypt586.s]=asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+DEPEND[crypt586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/openssl-1.1.0h/crypto/des/cbc_cksm.c b/openssl-1.1.0h/crypto/des/cbc_cksm.c
new file mode 100644
index 0000000..a7bf068
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/cbc_cksm.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec)
+{
+    register DES_LONG tout0, tout1, tin0, tin1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *out = &(*output)[0];
+    const unsigned char *iv = &(*ivec)[0];
+
+    c2l(iv, tout0);
+    c2l(iv, tout1);
+    for (; l > 0; l -= 8) {
+        if (l >= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+        } else
+            c2ln(in, tin0, tin1, l);
+
+        tin0 ^= tout0;
+        tin[0] = tin0;
+        tin1 ^= tout1;
+        tin[1] = tin1;
+        DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+        /* fix 15/10/91 eay - thanks to keithr@sco.COM */
+        tout0 = tin[0];
+        tout1 = tin[1];
+    }
+    if (out != NULL) {
+        l2c(tout0, out);
+        l2c(tout1, out);
+    }
+    tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
+    /*
+     * Transform the data in tout1 so that it will match the return value
+     * that the MIT Kerberos mit_des_cbc_cksum API returns.
+     */
+    tout1 = ((tout1 >> 24L) & 0x000000FF)
+        | ((tout1 >> 8L) & 0x0000FF00)
+        | ((tout1 << 8L) & 0x00FF0000)
+        | ((tout1 << 24L) & 0xFF000000);
+    return (tout1);
+}
diff --git a/openssl-1.1.0h/crypto/des/cbc_enc.c b/openssl-1.1.0h/crypto/des/cbc_enc.c
new file mode 100644
index 0000000..92e773f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/cbc_enc.c
@@ -0,0 +1,12 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c"           /* des_cbc_encrypt */
diff --git a/openssl-1.1.0h/crypto/des/cfb64ede.c b/openssl-1.1.0h/crypto/des/cfb64ede.c
new file mode 100644
index 0000000..5edb979
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/cfb64ede.c
@@ -0,0 +1,190 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+#include "e_os.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
+
+/*
+ * This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
+    register int num = numbits, i;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    unsigned char ovec[16];
+
+    if (num > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+        }
+    } else {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/cfb64enc.c b/openssl-1.1.0h/crypto/des/cfb64enc.c
new file mode 100644
index 0000000..96de51b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/cfb64enc.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/des/cfb_enc.c b/openssl-1.1.0h/crypto/des/cfb_enc.c
new file mode 100644
index 0000000..6c428ba
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/cfb_enc.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "des_locl.h"
+#include <assert.h>
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+/*
+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben.
+ */
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length;
+    register int num = numbits / 8, n = (numbits + 7) / 8, i, rem =
+        numbits % 8;
+    DES_LONG ti[2];
+    unsigned char *iv;
+#ifndef L_ENDIAN
+    unsigned char ovec[16];
+#else
+    unsigned int sh[4];
+    unsigned char *ovec = (unsigned char *)sh;
+
+    /* I kind of count that compiler optimizes away this assertioni, */
+    assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
+    /* but 16-bit platforms...      */
+
+#endif
+
+    if (numbits <= 0 || numbits > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+        }
+    } else {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/des_enc.c b/openssl-1.1.0h/crypto/des/des_enc.c
new file mode 100644
index 0000000..600f6df
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/des_enc.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+#include "spr.h"
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    IP(r, l);
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge
+     * <71755.204@CompuServe.COM> for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    /* shift left by 2 */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+
+    /* rotate and clear the top bits on machines with 8byte longs */
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge
+     * <71755.204@CompuServe.COM> for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+    /* rotate and clear the top bits on machines with 8byte longs */
+    data[0] = ROTATE(l, 3) & 0xffffffffL;
+    data[1] = ROTATE(r, 3) & 0xffffffffL;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+# undef CBC_ENC_C__DONT_UPDATE_IV
+# include "ncbc_enc.c"          /* DES_ncbc_encrypt */
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register const unsigned char *in;
+    unsigned char *out;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        register DES_LONG t0, t1;
+
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = t0;
+            xor1 = t1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = t0;
+            xor1 = t1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+#endif                          /* DES_DEFAULT_OPTIONS */
diff --git a/openssl-1.1.0h/crypto/des/des_locl.h b/openssl-1.1.0h/crypto/des/des_locl.h
new file mode 100644
index 0000000..1fe4768
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/des_locl.h
@@ -0,0 +1,231 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_LOCL_H
+# define HEADER_DES_LOCL_H
+
+# include <openssl/e_os2.h>
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/des.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define ITERATIONS 16
+# define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+# define MAXWRITE        (1024*16)
+# define BSIZE           (MAXWRITE+4)
+
+# define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 5: l2|=((DES_LONG)(*(--(c))));      \
+                        /* fall thru */                          \
+                        case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 1: l1|=((DES_LONG)(*(--(c))));      \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/*
+ * replacements for htonl and ntohl since I have no idea what to do when
+ * faced with machines with 8 byte longs.
+ */
+# define HDRSIZE 4
+
+# define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++))))
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+#  define ROTATE(a,n)     (_lrotr(a,n))
+# elif defined(__ICC)
+#  define ROTATE(a,n)     (_rotr(a,n))
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)   ({ register unsigned int ret;   \
+                                asm ("rorl %1,%0"       \
+                                        : "=r"(ret)     \
+                                        : "I"(n),"0"(a) \
+                                        : "cc");        \
+                           ret;                         \
+                        })
+#  endif
+# endif
+# ifndef ROTATE
+#  define ROTATE(a,n)     (((a)>>(n))+((a)<<(32-(n))))
+# endif
+
+/*
+ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add
+ * it's little bit to the front
+ */
+
+# ifdef DES_FCRYPT
+
+#  define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+        { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        t=R^(R>>16L); \
+        u=t&E0; t&=E1; \
+        tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+        tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+# else
+#  define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        u=R^s[S  ]; \
+        t=R^s[S+1]
+# endif
+
+/*
+ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason
+ * to not xor all the sub items together.  This potentially saves a register
+ * since things can be xored directly into L
+ */
+
+# define D_ENCRYPT(LL,R,S) { \
+        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+        t=ROTATE(t,4); \
+        LL^= \
+            DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+            DES_SPtrans[2][(u>>10L)&0x3f]^ \
+            DES_SPtrans[4][(u>>18L)&0x3f]^ \
+            DES_SPtrans[6][(u>>26L)&0x3f]^ \
+            DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+            DES_SPtrans[3][(t>>10L)&0x3f]^ \
+            DES_SPtrans[5][(t>>18L)&0x3f]^ \
+            DES_SPtrans[7][(t>>26L)&0x3f]; }
+
+        /*-
+         * IP and FP
+         * The problem is more of a geometric problem that random bit fiddling.
+         0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+         8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+        16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+        24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+        32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+        40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+        48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+        56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+        The output has been subject to swaps of the form
+        0 1 -> 3 1 but the odd and even bits have been put into
+        2 3    2 0
+        different words.  The main trick is to remember that
+        t=((l>>size)^r)&(mask);
+        r^=t;
+        l^=(t<<size);
+        can be used to swap and move bits between words.
+
+        So l =  0  1  2  3  r = 16 17 18 19
+                4  5  6  7      20 21 22 23
+                8  9 10 11      24 25 26 27
+               12 13 14 15      28 29 30 31
+        becomes (for size == 2 and mask == 0x3333)
+           t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+                 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+                10^24 11^25 -- --        8  9 24 25      10 11 24 25
+                14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+        Thanks for hints from Richard Outerbridge - he told me IP&FP
+        could be done in 15 xor, 10 shifts and 5 ands.
+        When I finally started to think of the problem in 2D
+        I first got ~42 operations without xors.  When I remembered
+        how to use xors :-) I got it to its final state.
+        */
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+# define IP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+        PERM_OP(l,r,tt,16,0x0000ffffL); \
+        PERM_OP(r,l,tt, 2,0x33333333L); \
+        PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+        PERM_OP(r,l,tt, 1,0x55555555L); \
+        }
+
+# define FP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(l,r,tt, 1,0x55555555L); \
+        PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+        PERM_OP(l,r,tt, 2,0x33333333L); \
+        PERM_OP(r,l,tt,16,0x0000ffffL); \
+        PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+        }
+
+extern const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
+
+#endif
diff --git a/openssl-1.1.0h/crypto/des/ecb3_enc.c b/openssl-1.1.0h/crypto/des/ecb3_enc.c
new file mode 100644
index 0000000..6ac89d4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ecb3_enc.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc)
+{
+    register DES_LONG l0, l1;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l0);
+    c2l(in, l1);
+    ll[0] = l0;
+    ll[1] = l1;
+    if (enc)
+        DES_encrypt3(ll, ks1, ks2, ks3);
+    else
+        DES_decrypt3(ll, ks1, ks2, ks3);
+    l0 = ll[0];
+    l1 = ll[1];
+    l2c(l0, out);
+    l2c(l1, out);
+}
diff --git a/openssl-1.1.0h/crypto/des/ecb_enc.c b/openssl-1.1.0h/crypto/des/ecb_enc.c
new file mode 100644
index 0000000..32df460
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ecb_enc.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+
+const char *DES_options(void)
+{
+    static int init = 1;
+    static char buf[32];
+
+    if (init) {
+        const char *size;
+
+        if (sizeof(DES_LONG) != sizeof(long))
+            size = "int";
+        else
+            size = "long";
+        BIO_snprintf(buf, sizeof(buf), "des(%s)", size);
+        init = 0;
+    }
+    return (buf);
+}
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l);
+    ll[0] = l;
+    c2l(in, l);
+    ll[1] = l;
+    DES_encrypt1(ll, ks, enc);
+    l = ll[0];
+    l2c(l, out);
+    l = ll[1];
+    l2c(l, out);
+    l = ll[0] = ll[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/fcrypt.c b/openssl-1.1.0h/crypto/des/fcrypt.c
new file mode 100644
index 0000000..baede4f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/fcrypt.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* NOCW */
+#include <stdio.h>
+#ifdef _OSD_POSIX
+# ifndef CHARSET_EBCDIC
+#  define CHARSET_EBCDIC 1
+# endif
+#endif
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+/*
+ * Added more values to handle illegal salt values the way normal crypt()
+ * implementations do.  The patch was sent by Bjorn Gronvall <bg@sics.se>
+ */
+static unsigned const char con_salt[128] = {
+    0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
+    0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
+    0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
+    0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
+    0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
+    0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+    0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+    0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+    0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
+    0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
+    0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+    0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+    0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+    0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+};
+
+static unsigned const char cov_2char[64] = {
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+char *DES_crypt(const char *buf, const char *salt)
+{
+    static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+    return (DES_fcrypt(buf, salt, buff));
+#else
+    char e_salt[2 + 1];
+    char e_buf[32 + 1];         /* replace 32 by 8 ? */
+    char *ret;
+
+    if (salt[0] == '\0' || salt[1] == '\0')
+        return NULL;
+
+    /* Copy salt, convert to ASCII. */
+    e_salt[0] = salt[0];
+    e_salt[1] = salt[1];
+    e_salt[2] = '\0';
+    ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
+
+    /* Convert password to ASCII. */
+    OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
+    ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
+
+    /* Encrypt it (from/to ASCII); if it worked, convert back. */
+    ret = DES_fcrypt(e_buf, e_salt, buff);
+    if (ret != NULL)
+        ascii2ebcdic(ret, ret, strlen(ret));
+
+    return ret;
+#endif
+}
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+{
+    unsigned int i, j, x, y;
+    DES_LONG Eswap0, Eswap1;
+    DES_LONG out[2], ll;
+    DES_cblock key;
+    DES_key_schedule ks;
+    unsigned char bb[9];
+    unsigned char *b = bb;
+    unsigned char c, u;
+
+    x = ret[0] = salt[0];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap0 = con_salt[x] << 2;
+    x = ret[1] = salt[1];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap1 = con_salt[x] << 6;
+
+    /*
+     * EAY r=strlen(buf); r=(r+7)/8;
+     */
+    for (i = 0; i < 8; i++) {
+        c = *(buf++);
+        if (!c)
+            break;
+        key[i] = (c << 1);
+    }
+    for (; i < 8; i++)
+        key[i] = 0;
+
+    DES_set_key_unchecked(&key, &ks);
+    fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
+
+    ll = out[0];
+    l2c(ll, b);
+    ll = out[1];
+    l2c(ll, b);
+    y = 0;
+    u = 0x80;
+    bb[8] = 0;
+    for (i = 2; i < 13; i++) {
+        c = 0;
+        for (j = 0; j < 6; j++) {
+            c <<= 1;
+            if (bb[y] & u)
+                c |= 1;
+            u >>= 1;
+            if (!u) {
+                y++;
+                u = 0x80;
+            }
+        }
+        ret[i] = cov_2char[c];
+    }
+    ret[13] = '\0';
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/des/fcrypt_b.c b/openssl-1.1.0h/crypto/des/fcrypt_b.c
new file mode 100644
index 0000000..fe2369a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/fcrypt_b.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+                 DES_LONG Eswap1)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+    register int j;
+    register DES_LONG E0, E1;
+
+    l = 0;
+    r = 0;
+
+    s = (DES_LONG *)ks;
+    E0 = Eswap0;
+    E1 = Eswap1;
+
+    for (j = 0; j < 25; j++) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+        t = l;
+        l = r;
+        r = t;
+    }
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    PERM_OP(l, r, t,  1, 0x55555555L);
+    PERM_OP(r, l, t,  8, 0x00ff00ffL);
+    PERM_OP(l, r, t,  2, 0x33333333L);
+    PERM_OP(r, l, t, 16, 0x0000ffffL);
+    PERM_OP(l, r, t,  4, 0x0f0f0f0fL);
+
+    out[0] = r;
+    out[1] = l;
+}
diff --git a/openssl-1.1.0h/crypto/des/ncbc_enc.c b/openssl-1.1.0h/crypto/des/ncbc_enc.c
new file mode 100644
index 0000000..244f15c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ncbc_enc.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * #included by:
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *_schedule,
+                      DES_cblock *ivec, int enc)
+#endif
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+#endif
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+            xor0 = tin0;
+            xor1 = tin1;
+#endif
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+#endif
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/ofb64ede.c b/openssl-1.1.0h/crypto/des/ofb64ede.c
new file mode 100644
index 0000000..a551a07
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ofb64ede.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+                            register unsigned char *out, long length,
+                            DES_key_schedule *k1, DES_key_schedule *k2,
+                            DES_key_schedule *k3, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            /* ti[0]=v0; */
+            /* ti[1]=v1; */
+            DES_encrypt3(ti, k1, k2, k3);
+            v0 = ti[0];
+            v1 = ti[1];
+
+            dp = (char *)d;
+            l2c(v0, dp);
+            l2c(v1, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/des/ofb64enc.c b/openssl-1.1.0h/crypto/des/ofb64enc.c
new file mode 100644
index 0000000..30976c8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ofb64enc.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ofb64_encrypt(register const unsigned char *in,
+                       register unsigned char *out, long length,
+                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register unsigned char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            DES_encrypt1(ti, schedule, DES_ENCRYPT);
+            dp = d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/des/ofb_enc.c b/openssl-1.1.0h/crypto/des/ofb_enc.c
new file mode 100644
index 0000000..65a9b86
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/ofb_enc.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you have numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec)
+{
+    register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8;
+    register DES_LONG mask0, mask1;
+    register long l = length;
+    register int num = numbits;
+    DES_LONG ti[2];
+    unsigned char *iv;
+
+    if (num > 64)
+        return;
+    if (num > 32) {
+        mask0 = 0xffffffffL;
+        if (num >= 64)
+            mask1 = mask0;
+        else
+            mask1 = (1L << (num - 32)) - 1;
+    } else {
+        if (num == 32)
+            mask0 = 0xffffffffL;
+        else
+            mask0 = (1L << num) - 1;
+        mask1 = 0x00000000L;
+    }
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    while (l-- > 0) {
+        ti[0] = v0;
+        ti[1] = v1;
+        DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+        vv0 = ti[0];
+        vv1 = ti[1];
+        c2ln(in, d0, d1, n);
+        in += n;
+        d0 = (d0 ^ vv0) & mask0;
+        d1 = (d1 ^ vv1) & mask1;
+        l2cn(d0, d1, out, n);
+        out += n;
+
+        if (num == 32) {
+            v0 = v1;
+            v1 = vv0;
+        } else if (num == 64) {
+            v0 = vv0;
+            v1 = vv1;
+        } else if (num > 32) {  /* && num != 64 */
+            v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL;
+            v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL;
+        } else {                /* num < 32 */
+
+            v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL;
+            v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/pcbc_enc.c b/openssl-1.1.0h/crypto/des/pcbc_enc.c
new file mode 100644
index 0000000..0fa058f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/pcbc_enc.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc)
+{
+    register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
+    DES_LONG tin[2];
+    const unsigned char *in;
+    unsigned char *out, *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            if (length >= 8) {
+                c2l(in, sin0);
+                c2l(in, sin1);
+            } else
+                c2ln(in, sin0, sin1, length);
+            tin[0] = sin0 ^ xor0;
+            tin[1] = sin1 ^ xor1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            xor0 = sin0 ^ tout0;
+            xor1 = sin1 ^ tout1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            c2l(in, sin0);
+            c2l(in, sin1);
+            tin[0] = sin0;
+            tin[1] = sin1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            if (length >= 8) {
+                l2c(tout0, out);
+                l2c(tout1, out);
+            } else
+                l2cn(tout0, tout1, out, length);
+            xor0 = tout0 ^ sin0;
+            xor1 = tout1 ^ sin1;
+        }
+    }
+    tin[0] = tin[1] = 0;
+    sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
+}
diff --git a/openssl-1.1.0h/crypto/des/qud_cksm.c b/openssl-1.1.0h/crypto/des/qud_cksm.c
new file mode 100644
index 0000000..8710cec
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/qud_cksm.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+ * only based on the code in this paper and is almost definitely not the same
+ * as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE   ((DES_LONG)83653421L)
+
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed)
+{
+    DES_LONG z0, z1, t0, t1;
+    int i;
+    long l;
+    const unsigned char *cp;
+    DES_LONG *lp;
+
+    if (out_count < 1)
+        out_count = 1;
+    lp = (DES_LONG *)&(output[0])[0];
+
+    z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
+        Q_B3((*seed)[3]);
+    z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) |
+        Q_B3((*seed)[7]);
+
+    for (i = 0; ((i < 4) && (i < out_count)); i++) {
+        cp = input;
+        l = length;
+        while (l > 0) {
+            if (l > 1) {
+                t0 = (DES_LONG)(*(cp++));
+                t0 |= (DES_LONG)Q_B1(*(cp++));
+                l--;
+            } else
+                t0 = (DES_LONG)(*(cp++));
+            l--;
+            /* add */
+            t0 += z0;
+            t0 &= 0xffffffffL;
+            t1 = z1;
+            /* square, well sort of square */
+            z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL))
+                  & 0xffffffffL) % 0x7fffffffL;
+            z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
+                0x7fffffffL;
+        }
+        if (lp != NULL) {
+            /*
+             * The MIT library assumes that the checksum is composed of
+             * 2*out_count 32 bit ints
+             */
+            *lp++ = z0;
+            *lp++ = z1;
+        }
+    }
+    return (z0);
+}
diff --git a/openssl-1.1.0h/crypto/des/rand_key.c b/openssl-1.1.0h/crypto/des/rand_key.c
new file mode 100644
index 0000000..61e4f9d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/rand_key.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+int DES_random_key(DES_cblock *ret)
+{
+    do {
+        if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return (0);
+    } while (DES_is_weak_key(ret));
+    DES_set_odd_parity(ret);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/des/rpc_des.h b/openssl-1.1.0h/crypto/des/rpc_des.h
new file mode 100644
index 0000000..fe59e22
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/rpc_des.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*-
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ *
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ *
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ *
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ *
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ *
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+
+#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt */
+#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
+
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+    unsigned char des_key[8];   /* key (with low bit parity) */
+    enum desdir des_dir;        /* direction */
+    enum desmode des_mode;      /* mode */
+    unsigned char des_ivec[8];  /* input vector */
+    unsigned des_len;           /* number of bytes to crypt */
+    union {
+        unsigned char UDES_data[DES_QUICKLEN];
+        unsigned char *UDES_buf;
+    } UDES;
+#define des_data UDES.UDES_data /* direct data here if quick */
+#define des_buf  UDES.UDES_buf  /* otherwise, pointer to data */
+};
+
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
+
+/*
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK     _IOWR('d', 7, struct desparams)
diff --git a/openssl-1.1.0h/crypto/des/rpc_enc.c b/openssl-1.1.0h/crypto/des/rpc_enc.c
new file mode 100644
index 0000000..bfa8511
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/rpc_enc.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "rpc_des.h"
+#include "des_locl.h"
+
+int _des_crypt(char *buf, int len, struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp)
+{
+    DES_key_schedule ks;
+    int enc;
+
+    DES_set_key_unchecked(&desp->des_key, &ks);
+    enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT;
+
+    if (desp->des_mode == CBC)
+        DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+                        (DES_cblock *)desp->UDES.UDES_buf, &ks, enc);
+    else {
+        DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf,
+                         len, &ks, &desp->des_ivec, enc);
+    }
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/des/set_key.c b/openssl-1.1.0h/crypto/des/set_key.c
new file mode 100644
index 0000000..dc88b8d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/set_key.c
@@ -0,0 +1,389 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
+                                                    /*
+                                                     * defaults to false
+                                                     */
+static const unsigned char odd_parity[256] = {
+    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+    110,
+    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+    127,
+    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+    143,
+    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+    158,
+    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+    174,
+    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+    191,
+    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+    206,
+    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+    223,
+    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+    239,
+    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+    254
+};
+
+void DES_set_odd_parity(DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++)
+        (*key)[i] = odd_parity[(*key)[i]];
+}
+
+int DES_check_key_parity(const_DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++) {
+        if ((*key)[i] != odd_parity[(*key)[i]])
+            return (0);
+    }
+    return (1);
+}
+
+/*-
+ * Weak and semi weak keys as taken from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY    16
+static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
+    /* weak keys */
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+    /* semi-weak keys */
+    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
+};
+
+int DES_is_weak_key(const_DES_cblock *key)
+{
+    int i;
+
+    for (i = 0; i < NUM_WEAK_KEY; i++)
+        /*
+         * Added == 0 to comparison, I obviously don't run this section very
+         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
+         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
+         * 97/03/18
+         */
+        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
+            return (1);
+    return (0);
+}
+
+/*-
+ * NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64] = {
+    {
+     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+     }
+};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (DES_check_key) {
+        return DES_set_key_checked(key, schedule);
+    } else {
+        DES_set_key_unchecked(key, schedule);
+        return 0;
+    }
+}
+
+/*-
+ * return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (!DES_check_key_parity(key))
+        return (-1);
+    if (DES_is_weak_key(key))
+        return (-2);
+    DES_set_key_unchecked(key, schedule);
+    return 0;
+}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    static const int shifts2[16] =
+        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+    register DES_LONG c, d, t, s, t2;
+    register const unsigned char *in;
+    register DES_LONG *k;
+    register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+    memcpy(schedule->key, key, sizeof(schedule->key));
+    schedule->session = NULL;
+#endif
+    k = &schedule->ks->deslong[0];
+    in = &(*key)[0];
+
+    c2l(in, c);
+    c2l(in, d);
+
+    /*
+     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
+     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
+     */
+    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+    HPERM_OP(c, t, -2, 0xcccc0000L);
+    HPERM_OP(d, t, -2, 0xcccc0000L);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    PERM_OP(c, d, t, 8, 0x00ff00ffL);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+    c &= 0x0fffffffL;
+
+    for (i = 0; i < ITERATIONS; i++) {
+        if (shifts2[i]) {
+            c = ((c >> 2L) | (c << 26L));
+            d = ((d >> 2L) | (d << 26L));
+        } else {
+            c = ((c >> 1L) | (c << 27L));
+            d = ((d >> 1L) | (d << 27L));
+        }
+        c &= 0x0fffffffL;
+        d &= 0x0fffffffL;
+        /*
+         * could be a few less shifts but I am to lazy at this point in time
+         * to investigate
+         */
+        s = des_skb[0][(c) & 0x3f] |
+            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+                       ((c >> 22L) & 0x38)];
+        t = des_skb[4][(d) & 0x3f] |
+            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+            des_skb[6][(d >> 15L) & 0x3f] |
+            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+        /* table contained 0213 4657 */
+        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+        t2 = ((s >> 16L) | (t & 0xffff0000L));
+        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+    }
+}
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    return (DES_set_key(key, schedule));
+}
+
+/*-
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
+        {
+        des_set_odd_parity(key);
+        }
+*/
diff --git a/openssl-1.1.0h/crypto/des/spr.h b/openssl-1.1.0h/crypto/des/spr.h
new file mode 100644
index 0000000..42adfbf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/spr.h
@@ -0,0 +1,163 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
+    {
+        /* nibble 0 */
+        0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+        0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+        0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+        0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+        0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+        0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+        0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+        0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+        0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+        0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+        0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+        0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+        0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+        0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+        0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+        0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+    },
+    {
+        /* nibble 1 */
+        0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+        0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+        0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+        0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+        0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+        0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+        0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+        0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+        0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+        0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+        0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+        0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+        0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+        0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+        0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+        0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+    },
+    {
+        /* nibble 2 */
+        0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+        0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+        0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+        0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+        0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+        0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+        0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+        0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+        0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+        0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+        0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+        0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+        0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+        0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+    },
+    {
+        /* nibble 3 */
+        0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+        0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+        0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+        0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+        0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+        0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+        0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+        0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+        0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+        0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+        0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+        0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+        0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+        0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+        0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+        0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+    },
+    {
+        /* nibble 4 */
+        0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+        0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+        0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+        0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+        0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+        0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+        0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+        0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+        0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+        0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+        0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+        0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+        0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+        0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+    },
+    {
+        /* nibble 5 */
+        0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+        0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+        0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+        0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+        0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+        0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+        0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+        0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+        0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+        0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+        0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+        0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+        0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+        0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+        0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+        0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+    },
+    {
+        /* nibble 6 */
+        0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+        0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+        0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+        0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+        0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+        0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+        0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+        0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+        0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+        0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+        0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+        0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+        0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+        0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+        0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+        0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+    },
+    {
+        /* nibble 7 */
+        0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+        0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+        0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+        0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+        0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+        0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+        0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+        0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+        0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+        0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+        0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+        0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+        0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+        0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+    }
+};
diff --git a/openssl-1.1.0h/crypto/des/str2key.c b/openssl-1.1.0h/crypto/des/str2key.c
new file mode 100644
index 0000000..78998a1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/str2key.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_locl.h"
+
+void DES_string_to_key(const char *str, DES_cblock *key)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key, 0, 8);
+    length = strlen(str);
+#ifdef OLD_STR_TO_KEY
+    for (i = 0; i < length; i++)
+        (*key)[i % 8] ^= (str[i] << 1);
+#else                           /* MIT COMPATIBLE */
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 16) < 8)
+            (*key)[i % 8] ^= (j << 1);
+        else {
+            /* Reverse the bit order 05/05/92 eay */
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            (*key)[7 - (i % 8)] ^= j;
+        }
+    }
+#endif
+    DES_set_odd_parity(key);
+    DES_set_key_unchecked(key, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key);
+}
+
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key1, 0, 8);
+    memset(key2, 0, 8);
+    length = strlen(str);
+#ifdef OLD_STR_TO_KEY
+    if (length <= 8) {
+        for (i = 0; i < length; i++) {
+            (*key2)[i] = (*key1)[i] = (str[i] << 1);
+        }
+    } else {
+        for (i = 0; i < length; i++) {
+            if ((i / 8) & 1)
+                (*key2)[i % 8] ^= (str[i] << 1);
+            else
+                (*key1)[i % 8] ^= (str[i] << 1);
+        }
+    }
+#else                           /* MIT COMPATIBLE */
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 32) < 16) {
+            if ((i % 16) < 8)
+                (*key1)[i % 8] ^= (j << 1);
+            else
+                (*key2)[i % 8] ^= (j << 1);
+        } else {
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            if ((i % 16) < 8)
+                (*key1)[7 - (i % 8)] ^= j;
+            else
+                (*key2)[7 - (i % 8)] ^= j;
+        }
+    }
+    if (length <= 8)
+        memcpy(key2, key1, 8);
+#endif
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+    DES_set_key_unchecked(key1, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
+    DES_set_key_unchecked(key2, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+}
diff --git a/openssl-1.1.0h/crypto/des/xcbc_enc.c b/openssl-1.1.0h/crypto/des/xcbc_enc.c
new file mode 100644
index 0000000..c4e455d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/des/xcbc_enc.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register DES_LONG inW0, inW1, outW0, outW1;
+    register const unsigned char *in2;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in2 = &(*inw)[0];
+    c2l(in2, inW0);
+    c2l(in2, inW1);
+    in2 = &(*outw)[0];
+    c2l(in2, outW0);
+    c2l(in2, outW1);
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l > 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    inW0 = inW1 = outW0 = outW1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/dh/build.info b/openssl-1.1.0h/crypto/dh/build.info
new file mode 100644
index 0000000..dba9306
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
+        dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c
diff --git a/openssl-1.1.0h/crypto/dh/dh1024.pem b/openssl-1.1.0h/crypto/dh/dh1024.pem
new file mode 100644
index 0000000..81d43f6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/openssl-1.1.0h/crypto/dh/dh192.pem b/openssl-1.1.0h/crypto/dh/dh192.pem
new file mode 100644
index 0000000..521c072
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/openssl-1.1.0h/crypto/dh/dh2048.pem b/openssl-1.1.0h/crypto/dh/dh2048.pem
new file mode 100644
index 0000000..295460f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/openssl-1.1.0h/crypto/dh/dh4096.pem b/openssl-1.1.0h/crypto/dh/dh4096.pem
new file mode 100644
index 0000000..390943a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/openssl-1.1.0h/crypto/dh/dh512.pem b/openssl-1.1.0h/crypto/dh/dh512.pem
new file mode 100644
index 0000000..0a4d863
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/openssl-1.1.0h/crypto/dh/dh_ameth.c b/openssl-1.1.0h/crypto/dh/dh_ameth.c
new file mode 100644
index 0000000..cd77867
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_ameth.c
@@ -0,0 +1,870 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include <openssl/cms.h>
+
+/*
+ * i2d/d2i like DH parameter functions which use the appropriate routine for
+ * PKCS#3 DH or X9.42 DH.
+ */
+
+static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
+                   long length)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return d2i_DHxparams(NULL, pp, length);
+    return d2i_DHparams(NULL, pp, length);
+}
+
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return i2d_DHxparams(a, pp);
+    return i2d_DHparams(a, pp);
+}
+
+static void int_dh_free(EVP_PKEY *pkey)
+{
+    DH_free(pkey->pkey.dh);
+}
+
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DH *dh = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DH_free(dh);
+    return 0;
+
+}
+
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DH *dh;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str;
+    ASN1_INTEGER *pub_key = NULL;
+
+    dh = pkey->pkey.dh;
+
+    str = ASN1_STRING_new();
+    if (str == NULL) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    str->length = i2d_dhp(pkey, dh, &str->data);
+    if (str->length <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ptype = V_ASN1_SEQUENCE;
+
+    pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+    if (!pub_key)
+        goto err;
+
+    penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+    ASN1_INTEGER_free(pub_key);
+
+    if (penclen <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
+ * the AlgorithmIdentifier contains the parameters, the private key is
+ * explicitly included and the pubkey must be recalculated.
+ */
+
+static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+
+    DH *dh = NULL;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
+        goto decerr;
+
+    /* We have parameters now set private key */
+    if ((dh->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
+        DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+        goto dherr;
+    }
+    /* Calculate public key */
+    if (!DH_generate_key(dh))
+        goto dherr;
+
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+
+    ASN1_STRING_clear_free(privkey);
+
+    return 1;
+
+ decerr:
+    DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dherr:
+    DH_free(dh);
+    ASN1_STRING_clear_free(privkey);
+    return 0;
+}
+
+static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
+    if (params->length <= 0) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+    if (!prkey) {
+        DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int dh_param_decode(EVP_PKEY *pkey,
+                           const unsigned char **pder, int derlen)
+{
+    DH *dh;
+
+    if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) {
+        DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+}
+
+static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_dhp(pkey, pkey->pkey.dh, pder);
+}
+
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
+{
+    int reason = ERR_R_BUF_LIB;
+    const char *ktype = NULL;
+    BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+            || (ptype > 0 && pub_key == NULL)) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    if (ptype == 2)
+        ktype = "DH Private-Key";
+    else if (ptype == 1)
+        ktype = "DH Public-Key";
+    else
+        ktype = "DH Parameters";
+
+    BIO_indent(bp, indent, 128);
+    if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+        goto err;
+    indent += 4;
+
+    if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
+        goto err;
+
+    if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
+        goto err;
+    if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
+        goto err;
+    if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
+        goto err;
+    if (x->seed) {
+        int i;
+        BIO_indent(bp, indent, 128);
+        BIO_puts(bp, "seed:");
+        for (i = 0; i < x->seedlen; i++) {
+            if ((i % 15) == 0) {
+                if (BIO_puts(bp, "\n") <= 0
+                    || !BIO_indent(bp, indent + 4, 128))
+                    goto err;
+            }
+            if (BIO_printf(bp, "%02x%s", x->seed[i],
+                           ((i + 1) == x->seedlen) ? "" : ":") <= 0)
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return (0);
+    }
+    if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
+        goto err;
+    if (x->length != 0) {
+        BIO_indent(bp, indent, 128);
+        if (BIO_printf(bp, "recommended-private-length: %d bits\n",
+                       (int)x->length) <= 0)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    DHerr(DH_F_DO_DH_PRINT, reason);
+    return 0;
+}
+
+static int int_dh_size(const EVP_PKEY *pkey)
+{
+    return (DH_size(pkey->pkey.dh));
+}
+
+static int dh_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.dh->p);
+}
+
+static int dh_security_bits(const EVP_PKEY *pkey)
+{
+    return DH_security_bits(pkey->pkey.dh);
+}
+
+static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
+        BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
+        return 0;
+    else if (a->ameth == &dhx_asn1_meth) {
+        if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q))
+            return 0;
+    }
+    return 1;
+}
+
+static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
+{
+    BIGNUM *a;
+    if (src) {
+        a = BN_dup(src);
+        if (!a)
+            return 0;
+    } else
+        a = NULL;
+    BN_free(*dst);
+    *dst = a;
+    return 1;
+}
+
+static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
+{
+    if (is_x942 == -1)
+        is_x942 = ! !from->q;
+    if (!int_dh_bn_cpy(&to->p, from->p))
+        return 0;
+    if (!int_dh_bn_cpy(&to->g, from->g))
+        return 0;
+    if (is_x942) {
+        if (!int_dh_bn_cpy(&to->q, from->q))
+            return 0;
+        if (!int_dh_bn_cpy(&to->j, from->j))
+            return 0;
+        OPENSSL_free(to->seed);
+        to->seed = NULL;
+        to->seedlen = 0;
+        if (from->seed) {
+            to->seed = OPENSSL_memdup(from->seed, from->seedlen);
+            if (!to->seed)
+                return 0;
+            to->seedlen = from->seedlen;
+        }
+    } else
+        to->length = from->length;
+    return 1;
+}
+
+DH *DHparams_dup(DH *dh)
+{
+    DH *ret;
+    ret = DH_new();
+    if (ret == NULL)
+        return NULL;
+    if (!int_dh_param_copy(ret, dh, -1)) {
+        DH_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->pkey.dh == NULL) {
+        to->pkey.dh = DH_new();
+        if (to->pkey.dh == NULL)
+            return 0;
+    }
+    return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
+                             from->ameth == &dhx_asn1_meth);
+}
+
+static int dh_missing_parameters(const EVP_PKEY *a)
+{
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (dh_cmp_parameters(a, b) == 0)
+        return 0;
+    if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 0);
+}
+
+static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 1);
+}
+
+static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 2);
+}
+
+int DHparams_print(BIO *bp, const DH *x)
+{
+    return do_dh_print(bp, x, 4, 0);
+}
+
+#ifndef OPENSSL_NO_CMS
+static int dh_cms_decrypt(CMS_RecipientInfo *ri);
+static int dh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+#ifndef OPENSSL_NO_CMS
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return dh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return dh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+    default:
+        return -2;
+    }
+
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+    EVP_PKEY_DH,
+    EVP_PKEY_DH,
+    0,
+
+    "DH",
+    "OpenSSL PKCS#3 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    0
+};
+
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+    EVP_PKEY_DHX,
+    EVP_PKEY_DHX,
+    0,
+
+    "X9.42 DH",
+    "OpenSSL X9.42 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    dh_pkey_ctrl
+};
+
+#ifndef OPENSSL_NO_CMS
+
+static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                              X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    ASN1_INTEGER *public_key = NULL;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL, *pk = NULL;
+    DH *dhpeer = NULL;
+    const unsigned char *p;
+    int plen;
+
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
+        goto err;
+    /* Only absent parameters allowed in RFC XXXX */
+    if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+        goto err;
+
+    pk = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!pk)
+        goto err;
+    if (pk->type != EVP_PKEY_DHX)
+        goto err;
+    /* Get parameters from parent key */
+    dhpeer = DHparams_dup(pk->pkey.dh);
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (!p || !plen)
+        goto err;
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+    EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
+    dhpeer = NULL;
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_free(pkpeer);
+    DH_free(dhpeer);
+    return rv;
+}
+
+static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *dukm = NULL;
+    size_t dukmlen = 0;
+    int keylen, plen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        goto err;
+
+    /*
+     * For DH we only have one OID permissible. If ever any more get defined
+     * we will need something cleverer.
+     */
+    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+        DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+        goto err;
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        goto err;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+    /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
+                                     OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+        <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(dukm);
+    return rv;
+}
+
+static int dh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
+            DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set DH derivation parameters and initialise unwrap context */
+    if (!dh_cms_set_shared_info(pctx, ri)) {
+        DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int dh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL, *dukm = NULL;
+    int penclen;
+    size_t dukmlen = 0;
+    int rv = 0;
+    int kdf_type, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+        ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+        if (!pubk)
+            goto err;
+        /* Set the key */
+
+        penclen = i2d_ASN1_INTEGER(pubk, &penc);
+        ASN1_INTEGER_free(pubk);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
+        goto err;
+
+    if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        kdf_type = EVP_PKEY_DH_KDF_X9_42;
+        if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Only SHA1 supported */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    } else if (EVP_MD_type(kdf_md) != NID_sha1)
+        /* Unsupported digest */
+        goto err;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
+        goto err;
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penc = NULL;
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
+                    V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    return rv;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/dh/dh_asn1.c b/openssl-1.1.0h/crypto/dh/dh_asn1.c
new file mode 100644
index 0000000..7c72fd6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_asn1.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DH_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DH_free((DH *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+        ASN1_SIMPLE(DH, p, BIGNUM),
+        ASN1_SIMPLE(DH, g, BIGNUM),
+        ASN1_OPT(DH, length, ZLONG),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+
+/*
+ * Internal only structures for handling X9.42 DH: this gets translated to or
+ * from a DH structure straight away.
+ */
+
+typedef struct {
+    ASN1_BIT_STRING *seed;
+    BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *g;
+    BIGNUM *j;
+    int_dhvparams *vparams;
+} int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+        ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+        ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+        ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
+                           const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application public function: read in X9.42 DH parameters into DH structure */
+
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
+{
+    int_dhx942_dh *dhx = NULL;
+    DH *dh = NULL;
+    dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dhx = d2i_int_dhx(NULL, pp, length);
+    if (dhx == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+
+    if (a) {
+        DH_free(*a);
+        *a = dh;
+    }
+
+    dh->p = dhx->p;
+    dh->q = dhx->q;
+    dh->g = dhx->g;
+    dh->j = dhx->j;
+
+    if (dhx->vparams) {
+        dh->seed = dhx->vparams->seed->data;
+        dh->seedlen = dhx->vparams->seed->length;
+        dh->counter = dhx->vparams->counter;
+        dhx->vparams->seed->data = NULL;
+        ASN1_BIT_STRING_free(dhx->vparams->seed);
+        OPENSSL_free(dhx->vparams);
+        dhx->vparams = NULL;
+    }
+
+    OPENSSL_free(dhx);
+    return dh;
+}
+
+int i2d_DHxparams(const DH *dh, unsigned char **pp)
+{
+    int_dhx942_dh dhx;
+    int_dhvparams dhv;
+    ASN1_BIT_STRING bs;
+    dhx.p = dh->p;
+    dhx.g = dh->g;
+    dhx.q = dh->q;
+    dhx.j = dh->j;
+    if (dh->counter && dh->seed && dh->seedlen > 0) {
+        bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+        bs.data = dh->seed;
+        bs.length = dh->seedlen;
+        dhv.seed = &bs;
+        dhv.counter = dh->counter;
+        dhx.vparams = &dhv;
+    } else
+        dhx.vparams = NULL;
+
+    return i2d_int_dhx(&dhx, pp);
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_check.c b/openssl-1.1.0h/crypto/dh/dh_check.c
new file mode 100644
index 0000000..3b0fa59
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_check.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+
+/*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+
+int DH_check_params(const DH *dh, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (!BN_is_odd(dh->p))
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g))
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(dh->g, tmp) >= 0)
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return (ok);
+}
+
+/*-
+ * Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that it is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+int DH_check(const DH *dh, int *ret)
+{
+    int ok = 0, r;
+    BN_CTX *ctx = NULL;
+    BN_ULONG l;
+    BIGNUM *t1 = NULL, *t2 = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    if (t1 == NULL)
+        goto err;
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (dh->q) {
+        if (BN_cmp(dh->g, BN_value_one()) <= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else if (BN_cmp(dh->g, dh->p) >= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else {
+            /* Check g^q == 1 mod p */
+            if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+                goto err;
+            if (!BN_is_one(t1))
+                *ret |= DH_NOT_SUITABLE_GENERATOR;
+        }
+        r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
+            *ret |= DH_CHECK_Q_NOT_PRIME;
+        /* Check p == 1 mod q  i.e. q divides p - 1 */
+        if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+            goto err;
+        if (!BN_is_one(t2))
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+        if (dh->j && BN_cmp(dh->j, t1))
+            *ret |= DH_CHECK_INVALID_J_VALUE;
+
+    } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+        l = BN_mod_word(dh->p, 24);
+        if (l == (BN_ULONG)-1)
+            goto err;
+        if (l != 11)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+        l = BN_mod_word(dh->p, 10);
+        if (l == (BN_ULONG)-1)
+            goto err;
+        if ((l != 3) && (l != 7))
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    } else
+        *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
+
+    r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
+    if (r < 0)
+        goto err;
+    if (!r)
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    else if (!dh->q) {
+        if (!BN_rshift1(t1, dh->p))
+            goto err;
+        r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
+        if (r < 0)
+            goto err;
+	if (!r)
+            *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+    }
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return (ok);
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL || !BN_set_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) <= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) >= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+    if (dh->q != NULL) {
+        /* Check pub_key^q == 1 mod p */
+        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
+            goto err;
+        if (!BN_is_one(tmp))
+            *ret |= DH_CHECK_PUBKEY_INVALID;
+    }
+
+    ok = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return (ok);
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_depr.c b/openssl-1.1.0h/crypto/dh/dh_depr.c
new file mode 100644
index 0000000..f8ed1b7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_depr.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This file contains deprecated functions as wrappers to the new ones */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+
+DH *DH_generate_parameters(int prime_len, int generator,
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB *cb;
+    DH *ret = NULL;
+
+    if ((ret = DH_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL) {
+        DH_free(ret);
+        return NULL;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+    DH_free(ret);
+    return NULL;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/dh/dh_err.c b/openssl-1.1.0h/crypto/dh/dh_err.c
new file mode 100644
index 0000000..4e21f28
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_err.c
@@ -0,0 +1,73 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+
+static ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"},
+    {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+    {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"},
+    {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
+    {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
+    {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"},
+    {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"},
+    {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"},
+    {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"},
+    {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
+    {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"},
+    {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"},
+    {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"},
+    {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"},
+    {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"},
+    {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"},
+    {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"},
+    {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"},
+    {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_REASON(DH_R_BN_ERROR), "bn error"},
+    {ERR_REASON(DH_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+    {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DH_str_functs);
+        ERR_load_strings(0, DH_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_gen.c b/openssl-1.1.0h/crypto/dh/dh_gen.c
new file mode 100644
index 0000000..27ecb98
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_gen.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.  - Geoff
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+                              BN_GENCB *cb)
+{
+    if (ret->meth->generate_params)
+        return ret->meth->generate_params(ret, prime_len, generator, cb);
+    return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb)
+{
+    BIGNUM *t1, *t2;
+    int g, ok = -1;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t1 == NULL || t2 == NULL)
+        goto err;
+
+    /* Make sure 'ret' has the necessary elements */
+    if (!ret->p && ((ret->p = BN_new()) == NULL))
+        goto err;
+    if (!ret->g && ((ret->g = BN_new()) == NULL))
+        goto err;
+
+    if (generator <= 1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+        goto err;
+    }
+    if (generator == DH_GENERATOR_2) {
+        if (!BN_set_word(t1, 24))
+            goto err;
+        if (!BN_set_word(t2, 11))
+            goto err;
+        g = 2;
+    } else if (generator == DH_GENERATOR_5) {
+        if (!BN_set_word(t1, 10))
+            goto err;
+        if (!BN_set_word(t2, 3))
+            goto err;
+        /*
+         * BN_set_word(t3,7); just have to miss out on these ones :-(
+         */
+        g = 5;
+    } else {
+        /*
+         * in the general case, don't worry if 'generator' is a generator or
+         * not: since we are using safe primes, it will generate either an
+         * order-q or an order-2q group, which both is OK
+         */
+        if (!BN_set_word(t1, 2))
+            goto err;
+        if (!BN_set_word(t2, 1))
+            goto err;
+        g = generator;
+    }
+
+    if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+        goto err;
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    if (!BN_set_word(ret->g, g))
+        goto err;
+    ok = 1;
+ err:
+    if (ok == -1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+        ok = 0;
+    }
+
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_kdf.c b/openssl-1.1.0h/crypto/dh/dh_kdf.c
new file mode 100644
index 0000000..2782eee
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_kdf.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <e_os.h>
+
+#ifndef OPENSSL_NO_CMS
+#include <string.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+
+
+/* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
+
+#define DH_KDF_MAX      (1L << 30)
+
+/* Skip past an ASN1 structure: for OBJECT skip content octets too */
+
+static int skip_asn1(unsigned char **pp, long *plen, int exptag)
+{
+    const unsigned char *q = *pp;
+    int i, tag, xclass;
+    long tmplen;
+    i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
+    if (i & 0x80)
+        return 0;
+    if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
+        return 0;
+    if (tag == V_ASN1_OBJECT)
+        q += tmplen;
+    *plen -= q - *pp;
+    *pp = (unsigned char *)q;
+    return 1;
+}
+
+/*
+ * Encode the DH shared info structure, return an offset to the counter value
+ * so we can update the structure without reencoding it.
+ */
+
+static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr,
+                                ASN1_OBJECT *key_oid, size_t outlen,
+                                const unsigned char *ukm, size_t ukmlen)
+{
+    unsigned char *p;
+    int derlen;
+    long tlen;
+    /* "magic" value to check offset is sane */
+    static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 };
+    X509_ALGOR atmp;
+    ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
+    ASN1_TYPE ctr_atype;
+    if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
+        return 0;
+    ctr_oct.data = ctr;
+    ctr_oct.length = 4;
+    ctr_oct.flags = 0;
+    ctr_oct.type = V_ASN1_OCTET_STRING;
+    ctr_atype.type = V_ASN1_OCTET_STRING;
+    ctr_atype.value.octet_string = &ctr_oct;
+    atmp.algorithm = key_oid;
+    atmp.parameter = &ctr_atype;
+    if (ukm) {
+        ukm_oct.type = V_ASN1_OCTET_STRING;
+        ukm_oct.flags = 0;
+        ukm_oct.data = (unsigned char *)ukm;
+        ukm_oct.length = ukmlen;
+        pukm_oct = &ukm_oct;
+    } else
+        pukm_oct = NULL;
+    derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
+    if (derlen <= 0)
+        return 0;
+    p = *pder;
+    tlen = derlen;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
+        return 0;
+    if (CRYPTO_memcmp(p, ctr, 4))
+        return 0;
+    *pctr = p;
+    return derlen;
+}
+
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char *der = NULL, *ctr;
+    int derlen;
+    if (Zlen > DH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
+    if (derlen == 0)
+        goto err;
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL)
+            || !EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, der, derlen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    OPENSSL_free(der);
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/dh/dh_key.c b/openssl-1.1.0h/crypto/dh/dh_key.c
new file mode 100644
index 0000000..fce9ff4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_key.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include "internal/bn_int.h"
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+    return dh->meth->generate_key(dh);
+}
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dh->meth->compute_key(key, pub_key, dh);
+}
+
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    int rv, pad;
+    rv = dh->meth->compute_key(key, pub_key, dh);
+    if (rv <= 0)
+        return rv;
+    pad = BN_num_bytes(dh->p) - rv;
+    if (pad > 0) {
+        memmove(key + pad, key, rv);
+        memset(key, 0, pad);
+    }
+    return rv + pad;
+}
+
+static DH_METHOD dh_ossl = {
+    "OpenSSL DH Method",
+    generate_key,
+    compute_key,
+    dh_bn_mod_exp,
+    dh_init,
+    dh_finish,
+    DH_FLAG_FIPS_METHOD,
+    NULL,
+    NULL
+};
+
+static const DH_METHOD *default_DH_method = &dh_ossl;
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+    return &dh_ossl;
+}
+
+void DH_set_default_method(const DH_METHOD *meth)
+{
+    default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+    return default_DH_method;
+}
+
+static int generate_key(DH *dh)
+{
+    int ok = 0;
+    int generate_new_key = 0;
+    unsigned l;
+    BN_CTX *ctx;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        priv_key = BN_secure_new();
+        if (priv_key == NULL)
+            goto err;
+        generate_new_key = 1;
+    } else
+        priv_key = dh->priv_key;
+
+    if (dh->pub_key == NULL) {
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = dh->pub_key;
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (generate_new_key) {
+        if (dh->q) {
+            do {
+                if (!BN_rand_range(priv_key, dh->q))
+                    goto err;
+            }
+            while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+        } else {
+            /* secret exponent length */
+            l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+            if (!BN_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+        }
+    }
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+            BN_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
+    }
+
+    dh->pub_key = pub_key;
+    dh->priv_key = priv_key;
+    ok = 1;
+ err:
+    if (ok != 1)
+        DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+    if (pub_key != dh->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dh->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return (ok);
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *tmp;
+    int ret = -1;
+    int check_result;
+
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+        if (!mont)
+            goto err;
+    }
+
+    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+        goto err;
+    }
+
+    if (!dh->
+        meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    ret = BN_bn2bin(tmp, key);
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return (ret);
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+    dh->flags |= DH_FLAG_CACHE_MONT_P;
+    return (1);
+}
+
+static int dh_finish(DH *dh)
+{
+    BN_MONT_CTX_free(dh->method_mont_p);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_lib.c b/openssl-1.1.0h/crypto/dh/dh_lib.c
new file mode 100644
index 0000000..716f4a4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_lib.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_locl.h"
+#include <openssl/engine.h>
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DH_METHOD *mtmp;
+    mtmp = dh->meth;
+    if (mtmp->finish)
+        mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dh->engine);
+    dh->engine = NULL;
+#endif
+    dh->meth = meth;
+    if (meth->init)
+        meth->init(dh);
+    return 1;
+}
+
+DH *DH_new(void)
+{
+    return DH_new_method(NULL);
+}
+
+DH *DH_new_method(ENGINE *engine)
+{
+    DH *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags;  /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DH();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DH(ret->engine);
+        if (ret->meth == NULL) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
+err:
+        DH_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+void DH_free(DH *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    REF_PRINT_COUNT("DH", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth->finish)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->g);
+    BN_clear_free(r->q);
+    BN_clear_free(r->j);
+    OPENSSL_free(r->seed);
+    BN_clear_free(r->counter);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DH_up_ref(DH *r)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DH", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
+
+void *DH_get_ex_data(DH *d, int idx)
+{
+    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
+
+int DH_bits(const DH *dh)
+{
+    return BN_num_bits(dh->p);
+}
+
+int DH_size(const DH *dh)
+{
+    return (BN_num_bytes(dh->p));
+}
+
+int DH_security_bits(const DH *dh)
+{
+    int N;
+    if (dh->q)
+        N = BN_num_bits(dh->q);
+    else if (dh->length)
+        N = dh->length;
+    else
+        N = -1;
+    return BN_security_bits(BN_num_bits(dh->p), N);
+}
+
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = dh->p;
+    if (q != NULL)
+        *q = dh->q;
+    if (g != NULL)
+        *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.  q may remain NULL.
+     */
+    if ((dh->p == NULL && p == NULL)
+        || (dh->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(dh->p);
+        dh->p = p;
+    }
+    if (q != NULL) {
+        BN_free(dh->q);
+        dh->q = q;
+    }
+    if (g != NULL) {
+        BN_free(dh->g);
+        dh->g = g;
+    }
+
+    if (q != NULL) {
+        dh->length = BN_num_bits(q);
+    }
+
+    return 1;
+}
+
+long DH_get_length(const DH *dh)
+{
+    return dh->length;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+    dh->length = length;
+    return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = dh->pub_key;
+    if (priv_key != NULL)
+        *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (pub_key != NULL) {
+        BN_free(dh->pub_key);
+        dh->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(dh->priv_key);
+        dh->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+void DH_clear_flags(DH *dh, int flags)
+{
+    dh->flags &= ~flags;
+}
+
+int DH_test_flags(const DH *dh, int flags)
+{
+    return dh->flags & flags;
+}
+
+void DH_set_flags(DH *dh, int flags)
+{
+    dh->flags |= flags;
+}
+
+ENGINE *DH_get0_engine(DH *dh)
+{
+    return dh->engine;
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_locl.h b/openssl-1.1.0h/crypto/dh/dh_locl.h
new file mode 100644
index 0000000..19301c3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_locl.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dh.h>
+
+struct dh_st {
+    /*
+     * This first argument is used to pick up errors when a DH is passed
+     * instead of a EVP_PKEY
+     */
+    int pad;
+    int version;
+    BIGNUM *p;
+    BIGNUM *g;
+    long length;                /* optional */
+    BIGNUM *pub_key;            /* g^x % p */
+    BIGNUM *priv_key;           /* x */
+    int flags;
+    BN_MONT_CTX *method_mont_p;
+    /* Place holders if we want to do X9.42 DH */
+    BIGNUM *q;
+    BIGNUM *j;
+    unsigned char *seed;
+    int seedlen;
+    BIGNUM *counter;
+    int references;
+    CRYPTO_EX_DATA ex_data;
+    const DH_METHOD *meth;
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dh_method {
+    char *name;
+    /* Methods here */
+    int (*generate_key) (DH *dh);
+    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+    /* Can be null */
+    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx);
+    int (*init) (DH *dh);
+    int (*finish) (DH *dh);
+    int flags;
+    char *app_data;
+    /* If this is non-NULL, it will be used to generate parameters */
+    int (*generate_params) (DH *dh, int prime_len, int generator,
+                            BN_GENCB *cb);
+};
diff --git a/openssl-1.1.0h/crypto/dh/dh_meth.c b/openssl-1.1.0h/crypto/dh/dh_meth.c
new file mode 100644
index 0000000..ce6114c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_meth.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dh_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags)
+{
+    DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm));
+
+    if (dhm != NULL) {
+        dhm->flags = flags;
+
+        dhm->name = OPENSSL_strdup(name);
+        if (dhm->name != NULL)
+            return dhm;
+
+        OPENSSL_free(dhm);
+    }
+
+    DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DH_meth_free(DH_METHOD *dhm)
+{
+    if (dhm != NULL) {
+        OPENSSL_free(dhm->name);
+        OPENSSL_free(dhm);
+    }
+}
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)
+{
+    DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dhm, sizeof(*dhm));
+
+        ret->name = OPENSSL_strdup(dhm->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm)
+{
+    return dhm->name;
+}
+
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dhm->name);
+    dhm->name = tmpname;
+
+    return 1;
+}
+
+int DH_meth_get_flags(DH_METHOD *dhm)
+{
+    return dhm->flags;
+}
+
+int DH_meth_set_flags(DH_METHOD *dhm, int flags)
+{
+    dhm->flags = flags;
+    return 1;
+}
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm)
+{
+    return dhm->app_data;
+}
+
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)
+{
+    dhm->app_data = app_data;
+    return 1;
+}
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->generate_key;
+}
+
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *))
+{
+    dhm->generate_key = generate_key;
+    return 1;
+}
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dhm->compute_key;
+}
+
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh))
+{
+    dhm->compute_key = compute_key;
+    return 1;
+}
+
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *)
+{
+    return dhm->bn_mod_exp;
+}
+
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dhm->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)
+{
+    return dhm->init;
+}
+
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))
+{
+    dhm->init = init;
+    return 1;
+}
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->finish;
+}
+
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))
+{
+    dhm->finish = finish;
+    return 1;
+}
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *)
+{
+    return dhm->generate_params;
+}
+
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *))
+{
+    dhm->generate_params = generate_params;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/dh/dh_pmeth.c b/openssl-1.1.0h/crypto/dh/dh_pmeth.c
new file mode 100644
index 0000000..c3e03c7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_pmeth.c
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+
+/* DH pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int prime_len;
+    int generator;
+    int use_dsa;
+    int subprime_len;
+    /* message digest used for parameter generation */
+    const EVP_MD *md;
+    int rfc5114_param;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* KDF (if any) to use for DH */
+    char kdf_type;
+    /* OID to use for KDF */
+    ASN1_OBJECT *kdf_oid;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} DH_PKEY_CTX;
+
+static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx;
+
+    dctx = OPENSSL_zalloc(sizeof(*dctx));
+    if (dctx == NULL)
+        return 0;
+    dctx->prime_len = 1024;
+    dctx->subprime_len = -1;
+    dctx->generator = 2;
+    dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        OPENSSL_free(dctx->kdf_ukm);
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        OPENSSL_free(dctx);
+    }
+}
+
+
+static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DH_PKEY_CTX *dctx, *sctx;
+    if (!pkey_dh_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->prime_len = sctx->prime_len;
+    dctx->subprime_len = sctx->subprime_len;
+    dctx->generator = sctx->generator;
+    dctx->use_dsa = sctx->use_dsa;
+    dctx->md = sctx->md;
+    dctx->rfc5114_param = sctx->rfc5114_param;
+
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
+    if (dctx->kdf_oid == NULL)
+        return 0;
+    dctx->kdf_md = sctx->kdf_md;
+    if (sctx->kdf_ukm != NULL) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (dctx->kdf_ukm == NULL)
+          return 0;
+        dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    }
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    return 1;
+}
+
+static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+        if (p1 < 256)
+            return -2;
+        dctx->prime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+        if (dctx->use_dsa == 0)
+            return -2;
+        dctx->subprime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+        if (dctx->use_dsa)
+            return -2;
+        dctx->generator = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+#ifdef OPENSSL_NO_DSA
+        if (p1 != 0)
+            return -2;
+#else
+        if (p1 < 0 || p1 > 2)
+            return -2;
+#endif
+        dctx->use_dsa = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_RFC5114:
+        if (p1 < 1 || p1 > 3)
+            return -2;
+        dctx->rfc5114_param = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
+        if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_DH_KDF_OID:
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        dctx->kdf_oid = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OID:
+        *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "dh_paramgen_prime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_rfc5114") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int len;
+        len = atoi(value);
+        if (len < 0 || len > 3)
+            return -2;
+        dctx->rfc5114_param = len;
+        return 1;
+    }
+    if (strcmp(type, "dh_paramgen_generator") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_subprime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_type") == 0) {
+        int typ;
+        typ = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
+    }
+    return -2;
+}
+
+#ifndef OPENSSL_NO_DSA
+
+extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                                const EVP_MD *evpmd,
+                                const unsigned char *seed_in, size_t seed_len,
+                                unsigned char *seed_out, int *counter_ret,
+                                unsigned long *h_ret, BN_GENCB *cb);
+
+extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                                 const EVP_MD *evpmd,
+                                 const unsigned char *seed_in,
+                                 size_t seed_len, int idx,
+                                 unsigned char *seed_out, int *counter_ret,
+                                 unsigned long *h_ret, BN_GENCB *cb);
+
+static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
+{
+    DSA *ret;
+    int rv = 0;
+    int prime_len = dctx->prime_len;
+    int subprime_len = dctx->subprime_len;
+    const EVP_MD *md = dctx->md;
+    if (dctx->use_dsa > 2)
+        return NULL;
+    ret = DSA_new();
+    if (ret == NULL)
+        return NULL;
+    if (subprime_len == -1) {
+        if (prime_len >= 2048)
+            subprime_len = 256;
+        else
+            subprime_len = 160;
+    }
+    if (md == NULL) {
+        if (prime_len >= 2048)
+            md = EVP_sha256();
+        else
+            md = EVP_sha1();
+    }
+    if (dctx->use_dsa == 1)
+        rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
+                                  NULL, 0, NULL, NULL, NULL, pcb);
+    else if (dctx->use_dsa == 2)
+        rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
+                                   NULL, 0, -1, NULL, NULL, NULL, pcb);
+    if (rv <= 0) {
+        DSA_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+#endif
+
+static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH *dh = NULL;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+    if (dctx->rfc5114_param) {
+        switch (dctx->rfc5114_param) {
+        case 1:
+            dh = DH_get_1024_160();
+            break;
+
+        case 2:
+            dh = DH_get_2048_224();
+            break;
+
+        case 3:
+            dh = DH_get_2048_256();
+            break;
+
+        default:
+            return -2;
+        }
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+#ifndef OPENSSL_NO_DSA
+    if (dctx->use_dsa) {
+        DSA *dsa_dh;
+        dsa_dh = dsa_dh_generate(dctx, pcb);
+        BN_GENCB_free(pcb);
+        if (dsa_dh == NULL)
+            return 0;
+        dh = DSA_dup_DH(dsa_dh);
+        DSA_free(dsa_dh);
+        if (!dh)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+#endif
+    dh = DH_new();
+    if (dh == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = DH_generate_parameters_ex(dh,
+                                    dctx->prime_len, dctx->generator, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DH(pkey, dh);
+    else
+        DH_free(dh);
+    return ret;
+}
+
+static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH *dh = NULL;
+    if (ctx->pkey == NULL) {
+        DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    dh = DH_new();
+    if (dh == NULL)
+        return 0;
+    EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DH_generate_key(pkey->pkey.dh);
+}
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                          size_t *keylen)
+{
+    int ret;
+    DH *dh;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BIGNUM *dhpub;
+    if (!ctx->pkey || !ctx->peerkey) {
+        DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+        return 0;
+    }
+    dh = ctx->pkey->pkey.dh;
+    dhpub = ctx->peerkey->pkey.dh->pub_key;
+    if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        if (key == NULL) {
+            *keylen = DH_size(dh);
+            return 1;
+        }
+        ret = DH_compute_key(key, dhpub, dh);
+        if (ret < 0)
+            return ret;
+        *keylen = ret;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
+        unsigned char *Z = NULL;
+        size_t Zlen = 0;
+        if (!dctx->kdf_outlen || !dctx->kdf_oid)
+            return 0;
+        if (key == NULL) {
+            *keylen = dctx->kdf_outlen;
+            return 1;
+        }
+        if (*keylen != dctx->kdf_outlen)
+            return 0;
+        ret = 0;
+        Zlen = DH_size(dh);
+        Z = OPENSSL_malloc(Zlen);
+        if (Z == NULL) {
+            goto err;
+        }
+        if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+            goto err;
+        if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
+                          dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+            goto err;
+        *keylen = dctx->kdf_outlen;
+        ret = 1;
+ err:
+        OPENSSL_clear_free(Z, Zlen);
+        return ret;
+    }
+#endif
+    return 0;
+}
+
+const EVP_PKEY_METHOD dh_pkey_meth = {
+    EVP_PKEY_DH,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
+
+const EVP_PKEY_METHOD dhx_pkey_meth = {
+    EVP_PKEY_DHX,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/dh/dh_prn.c b/openssl-1.1.0h/crypto/dh/dh_prn.c
new file mode 100644
index 0000000..283fb0f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_prn.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DHparams_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/dh/dh_rfc5114.c b/openssl-1.1.0h/crypto/dh/dh_rfc5114.c
new file mode 100644
index 0000000..c4a2195
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dh/dh_rfc5114.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_locl.h"
+#include <openssl/bn.h>
+#include "internal/bn_dh.h"
+
+/*
+ * Macro to make a DH structure from BIGNUM data. NB: although just copying
+ * the BIGNUM static pointers would be more efficient, we can't do that
+ * because they get wiped using BN_clear_free() when DH_free() is called.
+ */
+
+#define make_dh(x) \
+DH *DH_get_##x(void) \
+{ \
+    DH *dh = DH_new(); \
+\
+    if (dh == NULL) \
+        return NULL; \
+    dh->p = BN_dup(&_bignum_dh##x##_p); \
+    dh->g = BN_dup(&_bignum_dh##x##_g); \
+    dh->q = BN_dup(&_bignum_dh##x##_q); \
+    if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\
+        DH_free(dh); \
+        return NULL; \
+    } \
+    return dh; \
+}
+
+make_dh(1024_160)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/openssl-1.1.0h/crypto/dllmain.c b/openssl-1.1.0h/crypto/dllmain.c
new file mode 100644
index 0000000..91904aa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dllmain.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib_int.h"
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+# ifdef __CYGWIN__
+/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
+#  include <windows.h>
+/*
+ * this has side-effect of _WIN32 getting defined, which otherwise is
+ * mutually exclusive with __CYGWIN__...
+ */
+# endif
+
+/*
+ * All we really need to do is remove the 'error' state when a thread
+ * detaches
+ */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+    switch (fdwReason) {
+    case DLL_PROCESS_ATTACH:
+        OPENSSL_cpuid_setup();
+# if defined(_WIN32_WINNT)
+        {
+            IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL;
+            IMAGE_NT_HEADERS *nt_headers;
+
+            if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+                nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header
+                                                   + dos_header->e_lfanew);
+                if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
+                    hinstDLL !=
+                    (HINSTANCE) (nt_headers->OptionalHeader.ImageBase))
+                    OPENSSL_NONPIC_relocated = 1;
+            }
+        }
+# endif
+        break;
+    case DLL_THREAD_ATTACH:
+        break;
+    case DLL_THREAD_DETACH:
+        OPENSSL_thread_stop();
+        break;
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return (TRUE);
+}
+#endif
+
diff --git a/openssl-1.1.0h/crypto/dsa/build.info b/openssl-1.1.0h/crypto/dsa/build.info
new file mode 100644
index 0000000..2e75985
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
+        dsa_meth.c
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_ameth.c b/openssl-1.1.0h/crypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000..d4e4066
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_ameth.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dsa_locl.h"
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DSA *dsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        pstr = pval;
+        pm = pstr->data;
+        pmlen = pstr->length;
+
+        if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+            goto err;
+        }
+
+    } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
+        if ((dsa = DSA_new()) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DSA_free(dsa);
+    return 0;
+
+}
+
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str = NULL;
+    ASN1_INTEGER *pubint = NULL;
+    ASN1_OBJECT *aobj;
+
+    dsa = pkey->pkey.dsa;
+    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+        str = ASN1_STRING_new();
+        if (str == NULL) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        str->length = i2d_DSAparams(dsa, &str->data);
+        if (str->length <= 0) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptype = V_ASN1_SEQUENCE;
+    } else
+        ptype = V_ASN1_UNDEF;
+
+    pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
+
+    if (pubint == NULL) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    penclen = i2d_ASN1_INTEGER(pubint, &penc);
+    ASN1_INTEGER_free(pubint);
+
+    if (penclen <= 0) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+    if (aobj == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+    BN_CTX *ctx = NULL;
+
+    DSA *dsa = NULL;
+
+    int ret = 0;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
+        goto decerr;
+    /* We have parameters now set private key */
+    if ((dsa->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    /* Calculate public key */
+    if ((dsa->pub_key = BN_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    if ((ctx = BN_CTX_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
+    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+
+    EVP_PKEY_assign_DSA(pkey, dsa);
+
+    ret = 1;
+    goto done;
+
+ decerr:
+    DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
+ dsaerr:
+    DSA_free(dsa);
+ done:
+    BN_CTX_free(ctx);
+    ASN1_STRING_clear_free(privkey);
+    return ret;
+}
+
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+    if (params->length <= 0) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+
+    if (!prkey) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int int_dsa_size(const EVP_PKEY *pkey)
+{
+    return (DSA_size(pkey->pkey.dsa));
+}
+
+static int dsa_bits(const EVP_PKEY *pkey)
+{
+    return DSA_bits(pkey->pkey.dsa);
+}
+
+static int dsa_security_bits(const EVP_PKEY *pkey)
+{
+    return DSA_security_bits(pkey->pkey.dsa);
+}
+
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    dsa = pkey->pkey.dsa;
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    BIGNUM *a;
+
+    if (to->pkey.dsa == NULL) {
+        to->pkey.dsa = DSA_new();
+        if (to->pkey.dsa == NULL)
+            return 0;
+    }
+
+    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->p);
+    to->pkey.dsa->p = a;
+
+    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->q);
+    to->pkey.dsa->q = a;
+
+    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->g);
+    to->pkey.dsa->g = a;
+    return 1;
+}
+
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+        return 0;
+    else
+        return 1;
+}
+
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static void int_dsa_free(EVP_PKEY *pkey)
+{
+    DSA_free(pkey->pkey.dsa);
+}
+
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+{
+    int ret = 0;
+    const char *ktype = NULL;
+    const BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (ptype == 2)
+        ktype = "Private-Key";
+    else if (ptype == 1)
+        ktype = "Public-Key";
+    else
+        ktype = "DSA-Parameters";
+
+    if (priv_key) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
+            <= 0)
+            goto err;
+    }
+
+    if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "P:   ", x->p, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "G:   ", x->g, NULL, off))
+        goto err;
+    ret = 1;
+ err:
+    return (ret);
+}
+
+static int dsa_param_decode(EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAparams(pkey->pkey.dsa, pder);
+}
+
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+}
+
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+}
+
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+}
+
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+}
+
+static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    DSA_SIG *dsa_sig;
+    const unsigned char *p;
+
+    if (!sig) {
+        if (BIO_puts(bp, "\n") <= 0)
+            return 0;
+        else
+            return 1;
+    }
+    p = sig->data;
+    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
+    if (dsa_sig) {
+        int rv = 0;
+        const BIGNUM *r, *s;
+
+        DSA_SIG_get0(dsa_sig, &r, &s);
+
+        if (BIO_write(bp, "\n", 1) != 1)
+            goto err;
+
+        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
+            goto err;
+        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
+            goto err;
+        rv = 1;
+ err:
+        DSA_SIG_free(dsa_sig);
+        return rv;
+    }
+    return X509_signature_dump(bp, sig, indent);
+}
+
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_NONE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+
+}
+
+/* NB these are sorted in pkey_id order, lowest first */
+
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+
+    {
+     EVP_PKEY_DSA2,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA1,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA4,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA3,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA,
+     EVP_PKEY_DSA,
+     0,
+
+     "DSA",
+     "OpenSSL DSA method",
+
+     dsa_pub_decode,
+     dsa_pub_encode,
+     dsa_pub_cmp,
+     dsa_pub_print,
+
+     dsa_priv_decode,
+     dsa_priv_encode,
+     dsa_priv_print,
+
+     int_dsa_size,
+     dsa_bits,
+     dsa_security_bits,
+
+     dsa_param_decode,
+     dsa_param_encode,
+     dsa_missing_parameters,
+     dsa_copy_parameters,
+     dsa_cmp_parameters,
+     dsa_param_print,
+     dsa_sig_print,
+
+     int_dsa_free,
+     dsa_pkey_ctrl,
+     old_dsa_priv_decode,
+     old_dsa_priv_encode}
+};
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_asn1.c b/openssl-1.1.0h/crypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000..551c107
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/rand.h>
+
+ASN1_SEQUENCE(DSA_SIG) = {
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
+
+DSA_SIG *DSA_SIG_new(void)
+{
+    DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DSA_free((DSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+DSA *DSAparams_dup(DSA *dsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
+}
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+    RAND_seed(dgst, dlen);
+    s = DSA_do_sign(dgst, dlen, dsa);
+    if (s == NULL) {
+        *siglen = 0;
+        return (0);
+    }
+    *siglen = i2d_DSA_SIG(s, &sig);
+    DSA_SIG_free(s);
+    return (1);
+}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = DSA_SIG_new();
+    if (s == NULL)
+        return (ret);
+    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_DSA_SIG(s, &der);
+    if (derlen != siglen || memcmp(sigbuf, der, derlen))
+        goto err;
+    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    DSA_SIG_free(s);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_depr.c b/openssl-1.1.0h/crypto/dsa/dsa_depr.c
new file mode 100644
index 0000000..f51aea7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_depr.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file contains deprecated function(s) that are now wrappers to the new
+ * version(s).
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/sha.h>
+
+DSA *DSA_generate_parameters(int bits,
+                             unsigned char *seed_in, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback) (int, int, void *),
+                             void *cb_arg)
+{
+    BN_GENCB *cb;
+    DSA *ret;
+
+    if ((ret = DSA_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL)
+        goto err;
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+                                   counter_ret, h_ret, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+err:
+    DSA_free(ret);
+    return NULL;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_err.c b/openssl-1.1.0h/crypto/dsa/dsa_err.c
new file mode 100644
index 0000000..b8f0af4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_err.c
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+
+static ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
+    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
+    {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
+    {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+    {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"},
+    {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"},
+    {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"},
+    {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
+    {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"},
+    {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+    {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "dsa_priv_decode"},
+    {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "dsa_priv_encode"},
+    {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "dsa_pub_decode"},
+    {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"},
+    {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
+    {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+    {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+    {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"},
+    {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"},
+    {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_REASON(DSA_R_BN_ERROR), "bn error"},
+    {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+    {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_REASON(DSA_R_SEED_LEN_SMALL),
+     "seed_len is less than the length of q"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DSA_str_functs);
+        ERR_load_strings(0, DSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_gen.c b/openssl-1.1.0h/crypto/dsa/dsa_gen.c
new file mode 100644
index 0000000..e58ad8d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_gen.c
@@ -0,0 +1,603 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "dsa_locl.h"
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                               const unsigned char *seed_in, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+    if (ret->meth->dsa_paramgen)
+        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                       counter_ret, h_ret, cb);
+    else {
+        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+        size_t qbits = EVP_MD_size(evpmd) * 8;
+
+        return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                    seed_in, seed_len, NULL, counter_ret,
+                                    h_ret, cb);
+    }
+}
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+{
+    int ok = 0;
+    unsigned char seed[SHA256_DIGEST_LENGTH];
+    unsigned char md[SHA256_DIGEST_LENGTH];
+    unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = qbits >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    unsigned int h = 2;
+
+    if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+        qsize != SHA256_DIGEST_LENGTH)
+        /* invalid q size */
+        return 0;
+
+    if (evpmd == NULL)
+        /* use SHA1 as default */
+        evpmd = EVP_sha1();
+
+    if (bits < 512)
+        bits = 512;
+
+    bits = (bits + 63) / 64 * 64;
+
+    if (seed_in != NULL) {
+        if (seed_len < (size_t)qsize) {
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
+            return 0;
+        }
+        if (seed_len > (size_t)qsize) {
+            /* Only consume as much seed as is expected. */
+            seed_len = qsize;
+        }
+        memcpy(seed, seed_in, seed_len);
+    }
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+
+    if (test == NULL)
+        goto err;
+
+    if (!BN_lshift(test, BN_value_one(), bits - 1))
+        goto err;
+
+    for (;;) {
+        for (;;) {              /* find q */
+            int use_random_seed = (seed_in == NULL);
+
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (use_random_seed) {
+                if (RAND_bytes(seed, qsize) <= 0)
+                    goto err;
+            } else {
+                /* If we come back through, use random seed next time. */
+                seed_in = NULL;
+            }
+            memcpy(buf, seed, qsize);
+            memcpy(buf2, seed, qsize);
+            /* precompute "SEED + 1" for step 7: */
+            for (i = qsize - 1; i >= 0; i--) {
+                buf[i]++;
+                if (buf[i] != 0)
+                    break;
+            }
+
+            /* step 2 */
+            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
+                goto err;
+            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
+                goto err;
+            for (i = 0; i < qsize; i++)
+                md[i] ^= buf2[i];
+
+            /* step 3 */
+            md[0] |= 0x80;
+            md[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(md, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        use_random_seed, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+
+            /* do a callback call */
+            /* step 5 */
+        }
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 2" */
+
+        n = (bits - 1) / 160;
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = qsize - 1; i >= 0; i--) {
+                    buf[i]++;
+                    if (buf[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, qsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (qsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, bits - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= 4096)
+                break;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (!BN_set_word(test, h))
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (!BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok) {
+        BN_free(ret->p);
+        BN_free(ret->q);
+        BN_free(ret->g);
+        ret->p = BN_dup(p);
+        ret->q = BN_dup(q);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = 0;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+        if (seed_out)
+            memcpy(seed_out, seed, qsize);
+    }
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    return ok;
+}
+
+/*
+ * This is a parameter generation algorithm for the DSA2 algorithm as
+ * described in FIPS 186-3.
+ */
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb)
+{
+    int ok = -1;
+    unsigned char *seed = NULL, *seed_tmp = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdsize;
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = N >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned int h = 2;
+
+    if (mctx == NULL)
+        goto err;
+
+    if (evpmd == NULL) {
+        if (N == 160)
+            evpmd = EVP_sha1();
+        else if (N == 224)
+            evpmd = EVP_sha224();
+        else
+            evpmd = EVP_sha256();
+    }
+
+    mdsize = EVP_MD_size(evpmd);
+    /* If unverifiable g generation only don't need seed */
+    if (!ret->p || !ret->q || idx >= 0) {
+        if (seed_len == 0)
+            seed_len = mdsize;
+
+        seed = OPENSSL_malloc(seed_len);
+
+        if (seed_out)
+            seed_tmp = seed_out;
+        else
+            seed_tmp = OPENSSL_malloc(seed_len);
+
+        if (seed == NULL || seed_tmp == NULL)
+            goto err;
+
+        if (seed_in)
+            memcpy(seed, seed_in, seed_len);
+
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
+
+    /* if p, q already supplied generate g only */
+    if (ret->p && ret->q) {
+        p = ret->p;
+        q = ret->q;
+        if (idx >= 0)
+            memcpy(seed_tmp, seed, seed_len);
+        goto g_only;
+    } else {
+        p = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        if (q == NULL)
+            goto err;
+    }
+
+    if (!BN_lshift(test, BN_value_one(), L - 1))
+        goto err;
+    for (;;) {
+        for (;;) {              /* find q */
+            unsigned char *pmd;
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (!seed_in) {
+                if (RAND_bytes(seed, seed_len) <= 0)
+                    goto err;
+            }
+            /* step 2 */
+            if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                goto err;
+            /* Take least significant bits of md */
+            if (mdsize > qsize)
+                pmd = md + mdsize - qsize;
+            else
+                pmd = md;
+
+            if (mdsize < qsize)
+                memset(md + mdsize, 0, qsize - mdsize);
+
+            /* step 3 */
+            pmd[0] |= 0x80;
+            pmd[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(pmd, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_in ? 1 : 0, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+            /* Provided seed didn't produce a prime: error */
+            if (seed_in) {
+                ok = 0;
+                DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
+                goto err;
+            }
+
+            /* do a callback call */
+            /* step 5 */
+        }
+        /* Copy seed to seed_out before we mess with it */
+        if (seed_out)
+            memcpy(seed_out, seed, seed_len);
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 1" */
+
+        n = (L - 1) / (mdsize << 3);
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = seed_len - 1; i >= 0; i--) {
+                    seed[i]++;
+                    if (seed[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, mdsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (mdsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, L - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= (int)(4 * L))
+                break;
+        }
+        if (seed_in) {
+            ok = 0;
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+            goto err;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+ g_only:
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (idx < 0) {
+        if (!BN_set_word(test, h))
+            goto err;
+    } else
+        h = 1;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e };
+        if (idx >= 0) {
+            md[0] = idx & 0xff;
+            md[1] = (h >> 8) & 0xff;
+            md[2] = h & 0xff;
+            if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, md, 3))
+                goto err;
+            if (!EVP_DigestFinal_ex(mctx, md, NULL))
+                goto err;
+            if (!BN_bin2bn(md, mdsize, test))
+                goto err;
+        }
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (idx < 0 && !BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+        if (idx >= 0 && h > 0xffff)
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok == 1) {
+        if (p != ret->p) {
+            BN_free(ret->p);
+            ret->p = BN_dup(p);
+        }
+        if (q != ret->q) {
+            BN_free(ret->q);
+            ret->q = BN_dup(q);
+        }
+        BN_free(ret->g);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = -1;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+    }
+    OPENSSL_free(seed);
+    if (seed_out != seed_tmp)
+        OPENSSL_free(seed_tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    EVP_MD_CTX_free(mctx);
+    return ok;
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_key.c b/openssl-1.1.0h/crypto/dsa/dsa_key.c
new file mode 100644
index 0000000..31442b1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_key.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dsa_locl.h"
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int DSA_generate_key(DSA *dsa)
+{
+    if (dsa->meth->dsa_keygen)
+        return dsa->meth->dsa_keygen(dsa);
+    return dsa_builtin_keygen(dsa);
+}
+
+static int dsa_builtin_keygen(DSA *dsa)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (dsa->priv_key == NULL) {
+        if ((priv_key = BN_secure_new()) == NULL)
+            goto err;
+    } else
+        priv_key = dsa->priv_key;
+
+    do
+        if (!BN_rand_range(priv_key, dsa->q))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (dsa->pub_key == NULL) {
+        if ((pub_key = BN_new()) == NULL)
+            goto err;
+    } else
+        pub_key = dsa->pub_key;
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+            BN_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
+    }
+
+    dsa->priv_key = priv_key;
+    dsa->pub_key = pub_key;
+    ok = 1;
+
+ err:
+    if (pub_key != dsa->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dsa->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return (ok);
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_lib.c b/openssl-1.1.0h/crypto/dsa/dsa_lib.c
new file mode 100644
index 0000000..9598846
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_lib.c
@@ -0,0 +1,332 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+
+DSA *DSA_new(void)
+{
+    return DSA_new_method(NULL);
+}
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DSA_METHOD *mtmp;
+    mtmp = dsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dsa->engine);
+    dsa->engine = NULL;
+#endif
+    dsa->meth = meth;
+    if (meth->init)
+        meth->init(dsa);
+    return 1;
+}
+
+const DSA_METHOD *DSA_get_method(DSA *d)
+{
+    return d->meth;
+}
+
+DSA *DSA_new_method(ENGINE *engine)
+{
+    DSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DSA(ret->engine);
+        if (ret->meth == NULL) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
+err:
+        DSA_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+void DSA_free(DSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    REF_PRINT_COUNT("DSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth->finish)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->g);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DSA_up_ref(DSA *r)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DSA_size(const DSA *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];       /* 4 bytes looks really small. However,
+                                 * i2d_ASN1_INTEGER() will not look beyond
+                                 * the first byte, as long as the second
+                                 * parameter is NULL. */
+
+    i = BN_num_bits(r->q);
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return (ret);
+}
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
+
+void *DSA_get_ex_data(DSA *d, int idx)
+{
+    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
+
+int DSA_security_bits(const DSA *d)
+{
+    if (d->p && d->q)
+        return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    return -1;
+}
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+{
+    /*
+     * DSA has p, q, g, optional pub_key, optional priv_key. DH has p,
+     * optional length, g, optional pub_key, optional priv_key, optional q.
+     */
+
+    DH *ret = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+    if (r == NULL)
+        goto err;
+    ret = DH_new();
+    if (ret == NULL)
+        goto err;
+    if (r->p != NULL || r->g != NULL || r->q != NULL) {
+        if (r->p == NULL || r->g == NULL || r->q == NULL) {
+            /* Shouldn't happen */
+            goto err;
+        }
+        p = BN_dup(r->p);
+        g = BN_dup(r->g);
+        q = BN_dup(r->q);
+        if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g))
+            goto err;
+        p = g = q = NULL;
+    }
+
+    if (r->pub_key != NULL) {
+        pub_key = BN_dup(r->pub_key);
+        if (pub_key == NULL)
+            goto err;
+        if (r->priv_key != NULL) {
+            priv_key = BN_dup(r->priv_key);
+            if (priv_key == NULL)
+                goto err;
+        }
+        if (!DH_set0_key(ret, pub_key, priv_key))
+            goto err;
+    } else if (r->priv_key != NULL) {
+        /* Shouldn't happen */
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(q);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    DH_free(ret);
+    return NULL;
+}
+#endif
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = d->p;
+    if (q != NULL)
+        *q = d->q;
+    if (g != NULL)
+        *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p, q and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((d->p == NULL && p == NULL)
+        || (d->q == NULL && q == NULL)
+        || (d->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(d->p);
+        d->p = p;
+    }
+    if (q != NULL) {
+        BN_free(d->q);
+        d->q = q;
+    }
+    if (g != NULL) {
+        BN_free(d->g);
+        d->g = g;
+    }
+
+    return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = d->pub_key;
+    if (priv_key != NULL)
+        *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    /* If the field pub_key in d is NULL, the corresponding input
+     * parameters MUST be non-NULL.  The priv_key field may
+     * be left NULL.
+     */
+    if (d->pub_key == NULL && pub_key == NULL)
+        return 0;
+
+    if (pub_key != NULL) {
+        BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+void DSA_clear_flags(DSA *d, int flags)
+{
+    d->flags &= ~flags;
+}
+
+int DSA_test_flags(const DSA *d, int flags)
+{
+    return d->flags & flags;
+}
+
+void DSA_set_flags(DSA *d, int flags)
+{
+    d->flags |= flags;
+}
+
+ENGINE *DSA_get0_engine(DSA *d)
+{
+    return d->engine;
+}
+
+int DSA_bits(const DSA *dsa)
+{
+    return BN_num_bits(dsa->p);
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_locl.h b/openssl-1.1.0h/crypto/dsa/dsa_locl.h
new file mode 100644
index 0000000..9021fce
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_locl.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dsa.h>
+
+struct dsa_st {
+    /*
+     * This first variable is used to pick up errors where a DSA is passed
+     * instead of of a EVP_PKEY
+     */
+    int pad;
+    long version;
+    BIGNUM *p;
+    BIGNUM *q;                  /* == 20 */
+    BIGNUM *g;
+    BIGNUM *pub_key;            /* y public key */
+    BIGNUM *priv_key;           /* x private key */
+    int flags;
+    /* Normally used to cache montgomery values */
+    BN_MONT_CTX *method_mont_p;
+    int references;
+    CRYPTO_EX_DATA ex_data;
+    const DSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+struct dsa_method {
+    char *name;
+    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                           BIGNUM **rp);
+    int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
+                        const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+    /* Can be null */
+    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    int (*init) (DSA *dsa);
+    int (*finish) (DSA *dsa);
+    int flags;
+    void *app_data;
+    /* If this is non-NULL, it is used to generate DSA parameters */
+    int (*dsa_paramgen) (DSA *dsa, int bits,
+                         const unsigned char *seed, int seed_len,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+    /* If this is non-NULL, it is used to generate DSA keys */
+    int (*dsa_keygen) (DSA *dsa);
+};
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb);
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_meth.c b/openssl-1.1.0h/crypto/dsa/dsa_meth.c
new file mode 100644
index 0000000..f0188f2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_meth.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include "dsa_locl.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags)
+{
+    DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
+
+    if (dsam != NULL) {
+        dsam->flags = flags;
+
+        dsam->name = OPENSSL_strdup(name);
+        if (dsam->name != NULL)
+            return dsam;
+
+        OPENSSL_free(dsam);
+    }
+
+    DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DSA_meth_free(DSA_METHOD *dsam)
+{
+    if (dsam != NULL) {
+        OPENSSL_free(dsam->name);
+        OPENSSL_free(dsam);
+    }
+}
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+{
+    DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dsam, sizeof(*dsam));
+
+        ret->name = OPENSSL_strdup(dsam->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+{
+    return dsam->name;
+}
+
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dsam->name);
+    dsam->name = tmpname;
+
+    return 1;
+}
+
+int DSA_meth_get_flags(DSA_METHOD *dsam)
+{
+    return dsam->flags;
+}
+
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
+{
+    dsam->flags = flags;
+    return 1;
+}
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)
+{
+    return dsam->app_data;
+}
+
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)
+{
+    dsam->app_data = app_data;
+    return 1;
+}
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *)
+{
+    return dsam->dsa_do_sign;
+}
+
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
+{
+    dsam->dsa_do_sign = sign;
+    return 1;
+}
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
+{
+    return dsam->dsa_sign_setup;
+}
+
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+{
+    dsam->dsa_sign_setup = sign_setup;
+    return 1;
+}
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int , DSA_SIG *, DSA *)
+{
+    return dsam->dsa_do_verify;
+}
+
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
+{
+    dsam->dsa_do_verify = verify;
+    return 1;
+}
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)
+{
+    return dsam->dsa_mod_exp;
+}
+
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *))
+{
+    dsam->dsa_mod_exp = mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+     BN_MONT_CTX *)
+{
+    return dsam->bn_mod_exp;
+}
+
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dsam->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
+{
+    return dsam->init;
+}
+
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
+{
+    dsam->init = init;
+    return 1;
+}
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->finish;
+}
+
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
+{
+    dsam->finish = finish;
+    return 1;
+}
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *)
+{
+    return dsam->dsa_paramgen;
+}
+
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *))
+{
+    dsam->dsa_paramgen = paramgen;
+    return 1;
+}
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->dsa_keygen;
+}
+
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
+{
+    dsam->dsa_keygen = keygen;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_ossl.c b/openssl-1.1.0h/crypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000..7f48cf2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_ossl.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include "dsa_locl.h"
+#include <openssl/asn1.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                    BIGNUM **rp);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp, const unsigned char *dgst, int dlen);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+
+static DSA_METHOD openssl_dsa_meth = {
+    "OpenSSL DSA method",
+    dsa_do_sign,
+    dsa_sign_setup_no_digest,
+    dsa_do_verify,
+    NULL,                       /* dsa_mod_exp, */
+    NULL,                       /* dsa_bn_mod_exp, */
+    dsa_init,
+    dsa_finish,
+    DSA_FLAG_FIPS_METHOD,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+    default_DSA_method = meth;
+}
+
+const DSA_METHOD *DSA_get_default_method(void)
+{
+    return default_DSA_method;
+}
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+    return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    BIGNUM *kinv = NULL;
+    BIGNUM *m;
+    BIGNUM *xr;
+    BN_CTX *ctx = NULL;
+    int reason = ERR_R_BN_LIB;
+    DSA_SIG *ret = NULL;
+    int rv = 0;
+
+    m = BN_new();
+    xr = BN_new();
+    if (m == NULL || xr == NULL)
+        goto err;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        reason = DSA_R_MISSING_PARAMETERS;
+        goto err;
+    }
+
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+ redo:
+    if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
+        goto err;
+
+    if (dlen > BN_num_bytes(dsa->q))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dlen = BN_num_bytes(dsa->q);
+    if (BN_bin2bn(dgst, dlen, m) == NULL)
+        goto err;
+
+    /* Compute  s = inv(k) (m + xr) mod q */
+    if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx))
+        goto err;               /* s = xr */
+    if (!BN_add(ret->s, xr, m))
+        goto err;               /* s = m + xr */
+    if (BN_cmp(ret->s, dsa->q) > 0)
+        if (!BN_sub(ret->s, ret->s, dsa->q))
+            goto err;
+    if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
+        goto err;
+
+    /*
+     * Redo if r or s is zero as required by FIPS 186-3: this is very
+     * unlikely.
+     */
+    if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
+        goto redo;
+
+    rv = 1;
+
+ err:
+    if (rv == 0) {
+        DSAerr(DSA_F_DSA_DO_SIGN, reason);
+        DSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(m);
+    BN_clear_free(xr);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
+                                    BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+                          BIGNUM **kinvp, BIGNUM **rp,
+                          const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k, *kinv = NULL, *r = *rp;
+    BIGNUM *l, *m;
+    int ret = 0;
+    int q_bits;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    if (k == NULL || l == NULL || m == NULL)
+        goto err;
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto err;
+    } else
+        ctx = ctx_in;
+
+    /* Preallocate space */
+    q_bits = BN_num_bits(dsa->q);
+    if (!BN_set_bit(k, q_bits)
+        || !BN_set_bit(l, q_bits)
+        || !BN_set_bit(m, q_bits))
+        goto err;
+
+    /* Get random k */
+    do {
+        if (dgst != NULL) {
+            /*
+             * We calculate k from SHA512(private_key + H(message) + random).
+             * This protects the private key from a weak PRNG.
+             */
+            if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
+                                       dlen, ctx))
+                goto err;
+        } else if (!BN_rand_range(k, dsa->q))
+            goto err;
+    } while (BN_is_zero(k));
+
+    BN_set_flags(k, BN_FLG_CONSTTIME);
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                    dsa->lock, dsa->p, ctx))
+            goto err;
+    }
+
+    /* Compute r = (g^k mod p) mod q */
+
+    /*
+     * We do not want timing information to leak the length of k, so we
+     * compute G^k using an equivalent scalar of fixed bit-length.
+     *
+     * We unconditionally perform both of these additions to prevent a
+     * small timing information leakage.  We then choose the sum that is
+     * one bit longer than the modulus.
+     *
+     * TODO: revisit the BN_copy aiming for a memory access agnostic
+     * conditional copy.
+     */
+    if (!BN_add(l, k, dsa->q)
+        || !BN_add(m, l, dsa->q)
+        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+        goto err;
+
+    if ((dsa)->meth->bn_mod_exp != NULL) {
+            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                       dsa->method_mont_p))
+                goto err;
+    } else {
+            if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
+                goto err;
+    }
+
+    if (!BN_mod(r, r, dsa->q, ctx))
+        goto err;
+
+    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+        goto err;
+
+    BN_clear_free(*kinvp);
+    *kinvp = kinv;
+    kinv = NULL;
+    ret = 1;
+ err:
+    if (!ret)
+        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    BN_clear_free(k);
+    BN_clear_free(l);
+    BN_clear_free(m);
+    return ret;
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM *u1, *u2, *t1;
+    BN_MONT_CTX *mont = NULL;
+    const BIGNUM *r, *s;
+    int ret = -1, i;
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    i = BN_num_bits(dsa->q);
+    /* fips 186-3 allows only different sizes for q */
+    if (i != 160 && i != 224 && i != 256) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+    u1 = BN_new();
+    u2 = BN_new();
+    t1 = BN_new();
+    ctx = BN_CTX_new();
+    if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
+        goto err;
+
+    DSA_SIG_get0(sig, &r, &s);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+
+    /*
+     * Calculate W = inv(S) mod Q save W in u2
+     */
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
+        goto err;
+
+    /* save M in u1 */
+    if (dgst_len > (i >> 3))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dgst_len = (i >> 3);
+    if (BN_bin2bn(dgst, dgst_len, u1) == NULL)
+        goto err;
+
+    /* u1 = M * w mod q */
+    if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx))
+        goto err;
+
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
+        goto err;
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                      dsa->lock, dsa->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (dsa->meth->dsa_mod_exp != NULL) {
+        if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
+                                    dsa->p, ctx, mont))
+            goto err;
+    } else {
+        if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
+                              mont))
+            goto err;
+    }
+
+    /* let u1 = u1 mod q */
+    if (!BN_mod(u1, t1, dsa->q, ctx))
+        goto err;
+
+    /*
+     * V is now in u1.  If the signature is correct, it will be equal to R.
+     */
+    ret = (BN_ucmp(u1, r) == 0);
+
+ err:
+    if (ret < 0)
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+    BN_CTX_free(ctx);
+    BN_free(u1);
+    BN_free(u2);
+    BN_free(t1);
+    return (ret);
+}
+
+static int dsa_init(DSA *dsa)
+{
+    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+    return (1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+    BN_MONT_CTX_free(dsa->method_mont_p);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_pmeth.c b/openssl-1.1.0h/crypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000..95f088a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_pmeth.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "internal/evp_int.h"
+#include "dsa_locl.h"
+
+/* DSA pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int nbits;                  /* size of p in bits (default: 1024) */
+    int qbits;                  /* size of q in bits (default: 160) */
+    const EVP_MD *pmd;          /* MD for parameter generation */
+    /* Keygen callback info */
+    int gentmp[2];
+    /* message digest */
+    const EVP_MD *md;           /* MD for the signature */
+} DSA_PKEY_CTX;
+
+static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx;
+    dctx = OPENSSL_malloc(sizeof(*dctx));
+    if (dctx == NULL)
+        return 0;
+    dctx->nbits = 1024;
+    dctx->qbits = 160;
+    dctx->pmd = NULL;
+    dctx->md = NULL;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DSA_PKEY_CTX *dctx, *sctx;
+    if (!pkey_dsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    dctx->qbits = sctx->qbits;
+    dctx->pmd = sctx->pmd;
+    dctx->md = sctx->md;
+    return 1;
+}
+
+static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+    OPENSSL_free(dctx);
+}
+
+static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(dctx->md))
+            return 0;
+    } else {
+        if (tbslen != SHA_DIGEST_LENGTH)
+            return 0;
+    }
+
+    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = sltmp;
+    return 1;
+}
+
+static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(dctx->md))
+            return 0;
+    } else {
+        if (tbslen != SHA_DIGEST_LENGTH)
+            return 0;
+    }
+
+    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
+
+    return ret;
+}
+
+static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
+        if (p1 < 256)
+            return -2;
+        dctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+        if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+            return -2;
+        dctx->qbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->pmd = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        DSAerr(DSA_F_PKEY_DSA_CTRL,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "dsa_paramgen_bits") == 0) {
+        int nbits;
+        nbits = atoi(value);
+        return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
+    }
+    if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
+        int qbits = atoi(value);
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
+                                 NULL);
+    }
+    if (strcmp(type, "dsa_paramgen_md") == 0) {
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
+                                 (void *)EVP_get_digestbyname(value));
+    }
+    return -2;
+}
+
+static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+    dsa = DSA_new();
+    if (dsa == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                               NULL, 0, NULL, NULL, NULL, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DSA(pkey, dsa);
+    else
+        DSA_free(dsa);
+    return ret;
+}
+
+static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+    if (ctx->pkey == NULL) {
+        DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    dsa = DSA_new();
+    if (dsa == NULL)
+        return 0;
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DSA_generate_key(pkey->pkey.dsa);
+}
+
+const EVP_PKEY_METHOD dsa_pkey_meth = {
+    EVP_PKEY_DSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_dsa_init,
+    pkey_dsa_copy,
+    pkey_dsa_cleanup,
+
+    0,
+    pkey_dsa_paramgen,
+
+    0,
+    pkey_dsa_keygen,
+
+    0,
+    pkey_dsa_sign,
+
+    0,
+    pkey_dsa_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_dsa_ctrl,
+    pkey_dsa_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_prn.c b/openssl-1.1.0h/crypto/dsa/dsa_prn.c
new file mode 100644
index 0000000..f3c20ea
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_prn.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSA_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSAparams_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
+
+int DSAparams_print(BIO *bp, const DSA *x)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_sign.c b/openssl-1.1.0h/crypto/dsa/dsa_sign.c
new file mode 100644
index 0000000..2e29d40
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_sign.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+#include <openssl/bn.h>
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+}
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+}
diff --git a/openssl-1.1.0h/crypto/dsa/dsa_vrf.c b/openssl-1.1.0h/crypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000..a84d521
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include "internal/cryptlib.h"
+#include "dsa_locl.h"
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+{
+    return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+}
diff --git a/openssl-1.1.0h/crypto/dso/build.info b/openssl-1.1.0h/crypto/dso/build.info
new file mode 100644
index 0000000..82b592d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c \
+        dso_openssl.c dso_win32.c dso_vms.c
diff --git a/openssl-1.1.0h/crypto/dso/dso_dl.c b/openssl-1.1.0h/crypto/dso/dso_dl.c
new file mode 100644
index 0000000..d80bf56
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_dl.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#ifdef DSO_DL
+
+# include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1,
+                       const char *filespec2);
+static int dl_pathbyaddr(void *addr, char *path, int sz);
+static void *dl_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dl = {
+    "OpenSSL 'dl' shared library method",
+    dl_load,
+    dl_unload,
+    dl_bind_func,
+    NULL,                       /* ctrl */
+    dl_name_converter,
+    dl_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dl_pathbyaddr,
+    dl_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_dl;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+{
+    shl_t ptr = NULL;
+    /*
+     * We don't do any fancy retries or anything, just take the method's (or
+     * DSO's if it has the callback set) best translation of the
+     * platform-independent filename and try once with that.
+     */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    ptr = shl_load(filename, BIND_IMMEDIATE |
+                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+                    DYNAMIC_PATH), 0L);
+    if (ptr == NULL) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "filename(", filename, "): ", errbuf);
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /*
+     * Success, stick the converted filename we've loaded under into the DSO
+     * (it also serves as the indicator that we are currently loaded).
+     */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    OPENSSL_free(filename);
+    if (ptr != NULL)
+        shl_unload(ptr);
+    return (0);
+}
+
+static int dl_unload(DSO *dso)
+{
+    shl_t ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    /* Is this statement legal? */
+    ptr = (shl_t) sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return (0);
+    }
+    shl_unload(ptr);
+    return (1);
+}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+{
+    shl_t ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym);
+}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
+
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
+
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independent.
+ */
+static char *dl_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    {
+        /* We will convert this to "%s.s?" or "lib%s.s?" */
+        rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s%s", filename, DSO_EXTENSION);
+        else
+            sprintf(translated, "%s%s", filename, DSO_EXTENSION);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+static int dl_pathbyaddr(void *addr, char *path, int sz)
+{
+    struct shl_descriptor inf;
+    int i, len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dl_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
+        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
+            len = (int)strlen(inf.filename);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            memcpy(path, inf.filename, len);
+            path[len++] = 0;
+            return len;
+        }
+    }
+
+    return -1;
+}
+
+static void *dl_globallookup(const char *name)
+{
+    void *ret;
+    shl_t h = NULL;
+
+    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
+}
+#endif                          /* DSO_DL */
diff --git a/openssl-1.1.0h/crypto/dso/dso_dlfcn.c b/openssl-1.1.0h/crypto/dso/dso_dlfcn.c
new file mode 100644
index 0000000..a4b0cdd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_dlfcn.c
@@ -0,0 +1,354 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * We need to do this early, because stdio.h includes the header files that
+ * handle _GNU_SOURCE and other similar macros.  Defining it later is simply
+ * too late, because those headers are protected from re- inclusion.
+ */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE            /* make sure dladdr is declared */
+#endif
+
+#include "dso_locl.h"
+
+#ifdef DSO_DLFCN
+
+# ifdef HAVE_DLFCN_H
+#  ifdef __osf__
+#   define __EXTENSIONS__
+#  endif
+#  include <dlfcn.h>
+#  define HAVE_DLINFO 1
+#  if defined(_AIX) || defined(__CYGWIN__) || \
+     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
+        defined(__ANDROID__)
+#   undef HAVE_DLINFO
+#  endif
+# endif
+
+/* Part of the hack in "dlfcn_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz);
+static void *dlfcn_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dlfcn = {
+    "OpenSSL 'dlfcn' shared library method",
+    dlfcn_load,
+    dlfcn_unload,
+    dlfcn_bind_func,
+    NULL,                       /* ctrl */
+    dlfcn_name_converter,
+    dlfcn_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dlfcn_pathbyaddr,
+    dlfcn_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_dlfcn;
+}
+
+/*
+ * Prior to using the dlopen() function, we should decide on the flag we
+ * send. There's a few different ways of doing this and it's a messy
+ * venn-diagram to match up which platforms support what. So as we don't have
+ * autoconf yet, I'm implementing a hack that could be hacked further
+ * relatively easily to deal with cases as we find them. Initially this is to
+ * cope with OpenBSD.
+ */
+# if defined(__OpenBSD__) || defined(__NetBSD__)
+#  ifdef DL_LAZY
+#   define DLOPEN_FLAG DL_LAZY
+#  else
+#   ifdef RTLD_NOW
+#    define DLOPEN_FLAG RTLD_NOW
+#   else
+#    define DLOPEN_FLAG 0
+#   endif
+#  endif
+# else
+#  define DLOPEN_FLAG RTLD_NOW  /* Hope this works everywhere else */
+# endif
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+    int flags = DLOPEN_FLAG;
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+# ifdef RTLD_GLOBAL
+    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
+        flags |= RTLD_GLOBAL;
+# endif
+    ptr = dlopen(filename, flags);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+        goto err;
+    }
+    if (!sk_void_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    OPENSSL_free(filename);
+    if (ptr != NULL)
+        dlclose(ptr);
+    return (0);
+}
+
+static int dlfcn_unload(DSO *dso)
+{
+    void *ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    ptr = sk_void_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, ptr);
+        return (0);
+    }
+    /* For now I'm not aware of any errors associated with dlclose() */
+    dlclose(ptr);
+    return (1);
+}
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+{
+    void *ptr;
+    union {
+        DSO_FUNC_TYPE sym;
+        void *dlret;
+    } u;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    u.dlret = dlsym(ptr, symname);
+    if (u.dlret == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return (NULL);
+    }
+    return u.sym;
+}
+
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else {
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+        int spec2len, len;
+
+        spec2len = strlen(filespec2);
+        len = spec2len + strlen(filespec1);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    if (transform) {
+        /* We will convert this to "%s.so" or "lib%s.so" etc */
+        rsize += strlen(DSO_EXTENSION);    /* The length of ".so" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s" DSO_EXTENSION, filename);
+        else
+            sprintf(translated, "%s" DSO_EXTENSION, filename);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+# ifdef __sgi
+/*-
+This is a quote from IRIX manual for dladdr(3c):
+
+     <dlfcn.h> does not contain a prototype for dladdr or definition of
+     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
+     but contains no dladdr prototype and no IRIX library contains an
+     implementation.  Write your own declaration based on the code below.
+
+     The following code is dependent on internal interfaces that are not
+     part of the IRIX compatibility guarantee; however, there is no future
+     intention to change this interface, so on a practical level, the code
+     below is safe to use on IRIX.
+*/
+#  include <rld_interface.h>
+#  ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
+#   define _RLD_INTERFACE_DLFCN_H_DLADDR
+typedef struct Dl_info {
+    const char *dli_fname;
+    void *dli_fbase;
+    const char *dli_sname;
+    void *dli_saddr;
+    int dli_version;
+    int dli_reserved1;
+    long dli_reserved[4];
+} Dl_info;
+#  else
+typedef struct Dl_info Dl_info;
+#  endif
+#  define _RLD_DLADDR             14
+
+static int dladdr(void *address, Dl_info *dl)
+{
+    void *v;
+    v = _rld_new_interface(_RLD_DLADDR, address, dl);
+    return (int)v;
+}
+# endif                         /* __sgi */
+
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz)
+{
+# ifdef HAVE_DLINFO
+    Dl_info dli;
+    int len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dlfcn_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    if (dladdr(addr, &dli)) {
+        len = (int)strlen(dli.dli_fname);
+        if (sz <= 0)
+            return len + 1;
+        if (len >= sz)
+            len = sz - 1;
+        memcpy(path, dli.dli_fname, len);
+        path[len++] = 0;
+        return len;
+    }
+
+    ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
+# endif
+    return -1;
+}
+
+static void *dlfcn_globallookup(const char *name)
+{
+    void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY);
+
+    if (handle) {
+        ret = dlsym(handle, name);
+        dlclose(handle);
+    }
+
+    return ret;
+}
+#endif                          /* DSO_DLFCN */
diff --git a/openssl-1.1.0h/crypto/dso/dso_err.c b/openssl-1.1.0h/crypto/dso/dso_err.c
new file mode 100644
index 0000000..07588d5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_err.c
@@ -0,0 +1,93 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "internal/dso.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
+
+static ERR_STRING_DATA DSO_str_functs[] = {
+    {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"},
+    {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"},
+    {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"},
+    {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"},
+    {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"},
+    {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"},
+    {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"},
+    {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"},
+    {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"},
+    {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"},
+    {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
+    {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
+    {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
+    {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
+    {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
+    {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"},
+    {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
+    {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
+    {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
+    {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"},
+    {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
+    {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
+    {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"},
+    {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"},
+    {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"},
+    {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"},
+    {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"},
+    {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"},
+    {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"},
+    {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"},
+    {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"},
+    {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"},
+    {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"},
+    {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"},
+    {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DSO_str_reasons[] = {
+    {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"},
+    {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+    {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"},
+    {ERR_REASON(DSO_R_FAILURE), "failure"},
+    {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"},
+    {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"},
+    {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"},
+    {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"},
+    {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"},
+    {ERR_REASON(DSO_R_NO_FILENAME), "no filename"},
+    {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"},
+    {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"},
+    {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"},
+    {ERR_REASON(DSO_R_SYM_FAILURE),
+     "could not bind to the requested symbol name"},
+    {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"},
+    {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DSO_str_functs);
+        ERR_load_strings(0, DSO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/dso/dso_lib.c b/openssl-1.1.0h/crypto/dso/dso_lib.c
new file mode 100644
index 0000000..f58237d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_lib.c
@@ -0,0 +1,349 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+static DSO *DSO_new_method(DSO_METHOD *meth)
+{
+    DSO *ret;
+
+    if (default_DSO_meth == NULL) {
+        /*
+         * We default to DSO_METH_openssl() which in turn defaults to
+         * stealing the "best available" method. Will fallback to
+         * DSO_METH_null() in the worst case.
+         */
+        default_DSO_meth = DSO_METHOD_openssl();
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->meth_data = sk_void_new_null();
+    if (ret->meth_data == NULL) {
+        /* sk_new doesn't generate any errors so we do */
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return (NULL);
+    }
+    ret->meth = default_DSO_meth;
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        sk_void_free(ret->meth_data);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSO_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+DSO *DSO_new(void)
+{
+    return DSO_new_method(NULL);
+}
+
+int DSO_free(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL)
+        return (1);
+
+    if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", dso);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+
+    if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) {
+        if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+            DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+            return 0;
+        }
+    }
+
+    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+        return 0;
+    }
+
+    sk_void_free(dso->meth_data);
+    OPENSSL_free(dso->filename);
+    OPENSSL_free(dso->loaded_filename);
+    CRYPTO_THREAD_lock_free(dso->lock);
+    OPENSSL_free(dso);
+    return 1;
+}
+
+int DSO_flags(DSO *dso)
+{
+    return ((dso == NULL) ? 0 : dso->flags);
+}
+
+int DSO_up_ref(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+{
+    DSO *ret;
+    int allocated = 0;
+
+    if (dso == NULL) {
+        ret = DSO_new_method(meth);
+        if (ret == NULL) {
+            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        allocated = 1;
+        /* Pass the provided flags to the new DSO object */
+        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+            goto err;
+        }
+    } else
+        ret = dso;
+    /* Don't load if we're currently already loaded */
+    if (ret->filename != NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+        goto err;
+    }
+    /*
+     * filename can only be NULL if we were passed a dso that already has one
+     * set.
+     */
+    if (filename != NULL)
+        if (!DSO_set_filename(ret, filename)) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+            goto err;
+        }
+    filename = ret->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    if (ret->meth->dso_load == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+        goto err;
+    }
+    if (!ret->meth->dso_load(ret)) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+        goto err;
+    }
+    /* Load succeeded */
+    return (ret);
+ err:
+    if (allocated)
+        DSO_free(ret);
+    return (NULL);
+}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (dso->meth->dso_bind_func == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+        return (NULL);
+    }
+    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+        return (NULL);
+    }
+    /* Success */
+    return (ret);
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return (-1);
+    }
+    /*
+     * We should intercept certain generic commands and only pass control to
+     * the method-specific ctrl() function if it's something we don't handle.
+     */
+    switch (cmd) {
+    case DSO_CTRL_GET_FLAGS:
+        return dso->flags;
+    case DSO_CTRL_SET_FLAGS:
+        dso->flags = (int)larg;
+        return (0);
+    case DSO_CTRL_OR_FLAGS:
+        dso->flags |= (int)larg;
+        return (0);
+    default:
+        break;
+    }
+    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+        return (-1);
+    }
+    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
+}
+
+const char *DSO_get_filename(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    return (dso->filename);
+}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+{
+    char *copied;
+
+    if ((dso == NULL) || (filename == NULL)) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (dso->loaded_filename) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+        return (0);
+    }
+    /* We'll duplicate filename */
+    copied = OPENSSL_strdup(filename);
+    if (copied == NULL) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    OPENSSL_free(dso->filename);
+    dso->filename = copied;
+    return (1);
+}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *result = NULL;
+
+    if (dso == NULL || filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->merger != NULL)
+            result = dso->merger(dso, filespec1, filespec2);
+        else if (dso->meth->dso_merger != NULL)
+            result = dso->meth->dso_merger(dso, filespec1, filespec2);
+    }
+    return (result);
+}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+{
+    char *result = NULL;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (filename == NULL)
+        filename = dso->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->name_converter != NULL)
+            result = dso->name_converter(dso, filename);
+        else if (dso->meth->dso_name_converter != NULL)
+            result = dso->meth->dso_name_converter(dso, filename);
+    }
+    if (result == NULL) {
+        result = OPENSSL_strdup(filename);
+        if (result == NULL) {
+            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    }
+    return (result);
+}
+
+int DSO_pathbyaddr(void *addr, char *path, int sz)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->pathbyaddr == NULL) {
+        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return (*meth->pathbyaddr) (addr, path, sz);
+}
+
+DSO *DSO_dsobyaddr(void *addr, int flags)
+{
+    DSO *ret = NULL;
+    char *filename = NULL;
+    int len = DSO_pathbyaddr(addr, NULL, 0);
+
+    if (len < 0)
+        return NULL;
+
+    filename = OPENSSL_malloc(len);
+    if (filename != NULL
+            && DSO_pathbyaddr(addr, filename, len) == len)
+        ret = DSO_load(NULL, filename, NULL, flags);
+
+    OPENSSL_free(filename);
+    return ret;
+}
+
+void *DSO_global_lookup(const char *name)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->globallookup == NULL) {
+        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    return (*meth->globallookup) (name);
+}
diff --git a/openssl-1.1.0h/crypto/dso/dso_locl.h b/openssl-1.1.0h/crypto/dso/dso_locl.h
new file mode 100644
index 0000000..fbfad05
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_locl.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/dso.h"
+#include "internal/dso_conf.h"
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+    DSO_METHOD *meth;
+    /*
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+     * anything but will need to cache the filename for use in the dso_bind
+     * handler. All in all, let each method control its own destiny.
+     * "Handles" and such go in a STACK.
+     */
+    STACK_OF(void) *meth_data;
+    int references;
+    int flags;
+    /*
+     * For use by applications etc ... use this for your bits'n'pieces, don't
+     * touch meth_data!
+     */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * should normally set using DSO_set_name_converter().
+     */
+    DSO_NAME_CONVERTER_FUNC name_converter;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
+     * normally set using DSO_set_merger().
+     */
+    DSO_MERGER_FUNC merger;
+    /*
+     * This is populated with (a copy of) the platform-independent filename
+     * used for this DSO.
+     */
+    char *filename;
+    /*
+     * This is populated with (a copy of) the translated filename by which
+     * the DSO was actually loaded. It is NULL iff the DSO is not currently
+     * loaded. NB: This is here because the filename translation process may
+     * involve a callback being invoked more than once not only to convert to
+     * a platform-specific form, but also to try different filenames in the
+     * process of trying to perform a load. As such, this variable can be
+     * used to indicate (a) whether this DSO structure corresponds to a
+     * loaded library or not, and (b) the filename with which it was actually
+     * loaded.
+     */
+    char *loaded_filename;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dso_meth_st {
+    const char *name;
+    /*
+     * Loads a shared library, NB: new DSO_METHODs must ensure that a
+     * successful load populates the loaded_filename field, and likewise a
+     * successful unload OPENSSL_frees and NULLs it out.
+     */
+    int (*dso_load) (DSO *dso);
+    /* Unloads a shared library */
+    int (*dso_unload) (DSO *dso);
+    /*
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+     * be cast to the real function prototype by the caller. Platforms that
+     * don't have compatible representations for different prototypes (this
+     * is possible within ANSI C) are highly unlikely to have shared
+     * libraries at all, let alone a DSO_METHOD implemented for them.
+     */
+    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+    /*
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
+     * (rather than zero) indicate errors.
+     */
+    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_NAME_CONVERTER_FUNC dso_name_converter;
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_MERGER_FUNC dso_merger;
+    /* [De]Initialisation handlers. */
+    int (*init) (DSO *dso);
+    int (*finish) (DSO *dso);
+    /* Return pathname of the module containing location */
+    int (*pathbyaddr) (void *addr, char *path, int sz);
+    /* Perform global symbol lookup, i.e. among *all* modules */
+    void *(*globallookup) (const char *symname);
+};
diff --git a/openssl-1.1.0h/crypto/dso/dso_openssl.c b/openssl-1.1.0h/crypto/dso/dso_openssl.c
new file mode 100644
index 0000000..6626331
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_openssl.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN)
+
+static DSO_METHOD dso_meth_null = {
+    "NULL shared library method"
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_null;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/dso/dso_vms.c b/openssl-1.1.0h/crypto/dso/dso_vms.c
new file mode 100644
index 0000000..b9a98dd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_vms.c
@@ -0,0 +1,468 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#ifdef OPENSSL_SYS_VMS
+
+# pragma message disable DOLLARID
+# include <errno.h>
+# include <rms.h>
+# include <lib$routines.h>
+# include <libfisdef.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
+# include "../vms_rms.h"
+
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+
+# pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+    "OpenSSL 'VMS' shared library method",
+    vms_load,
+    NULL,                       /* unload */
+    vms_bind_func,
+    NULL,                       /* ctrl */
+    vms_name_converter,
+    vms_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    NULL,                       /* pathbyaddr */
+    NULL                        /* globallookup */
+};
+
+/*
+ * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st {
+    /*
+     * This should contain the name only, no directory, no extension, nothing
+     * but a name.
+     */
+    struct dsc$descriptor_s filename_dsc;
+    char filename[NAMX_MAXRSS + 1];
+    /*
+     * This contains whatever is not in filename, if needed. Normally not
+     * defined.
+     */
+    struct dsc$descriptor_s imagename_dsc;
+    char imagename[NAMX_MAXRSS + 1];
+} DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_vms;
+}
+
+static int vms_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define DSO_MALLOC _malloc32
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define DSO_MALLOC OPENSSL_malloc
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    DSO_VMS_INTERNAL *p = NULL;
+
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif                         /* __INITIAL_POINTER_SIZE == 64 */
+
+    const char *sp1, *sp2;      /* Search result */
+    const char *ext = NULL;     /* possible extension to add */
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+
+    /*-
+     * A file specification may look like this:
+     *
+     *      node::dev:[dir-spec]name.type;ver
+     *
+     * or (for compatibility with TOPS-20):
+     *
+     *      node::dev:<dir-spec>name.type;ver
+     *
+     * and the dir-spec uses '.' as separator.  Also, a dir-spec
+     * may consist of several parts, with mixed use of [] and <>:
+     *
+     *      [dir1.]<dir2>
+     *
+     * We need to split the file specification into the name and
+     * the rest (both before and after the name itself).
+     */
+    /*
+     * Start with trying to find the end of a dir-spec, and save the position
+     * of the byte after in sp1
+     */
+    sp1 = strrchr(filename, ']');
+    sp2 = strrchr(filename, '>');
+    if (sp1 == NULL)
+        sp1 = sp2;
+    if (sp2 != NULL && sp2 > sp1)
+        sp1 = sp2;
+    if (sp1 == NULL)
+        sp1 = strrchr(filename, ':');
+    if (sp1 == NULL)
+        sp1 = filename;
+    else
+        sp1++;                  /* The byte after the found character */
+    /* Now, let's see if there's a type, and save the position in sp2 */
+    sp2 = strchr(sp1, '.');
+    /*
+     * If there is a period and the next character is a semi-colon,
+     * we need to add an extension
+     */
+    if (sp2 != NULL && sp2[1] == ';')
+        ext = ".EXE";
+    /*
+     * If we found it, that's where we'll cut.  Otherwise, look for a version
+     * number and save the position in sp2
+     */
+    if (sp2 == NULL) {
+        sp2 = strchr(sp1, ';');
+        ext = ".EXE";
+    }
+    /*
+     * If there was still nothing to find, set sp2 to point at the end of the
+     * string
+     */
+    if (sp2 == NULL)
+        sp2 = sp1 + strlen(sp1);
+
+    /* Check that we won't get buffer overflows */
+    if (sp2 - sp1 > FILENAME_MAX
+        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+        goto err;
+    }
+
+    p = DSO_MALLOC(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    strncpy(p->filename, sp1, sp2 - sp1);
+    p->filename[sp2 - sp1] = '\0';
+
+    strncpy(p->imagename, filename, sp1 - filename);
+    p->imagename[sp1 - filename] = '\0';
+    if (ext) {
+        strcat(p->imagename, ext);
+        if (*sp2 == '.')
+            sp2++;
+    }
+    strcat(p->imagename, sp2);
+
+    p->filename_dsc.dsc$w_length = strlen(p->filename);
+    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->filename_dsc.dsc$a_pointer = p->filename;
+    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+    if (!sk_void_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+
+    /* Success (for now, we lie.  We actually do not know...) */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    OPENSSL_free(p);
+    OPENSSL_free(filename);
+    return (0);
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+{
+    DSO_VMS_INTERNAL *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+                          struct dsc$descriptor_s *symname_dsc, void **sym,
+                          unsigned long flags)
+{
+    /*
+     * Make sure that signals are caught and returned instead of aborting the
+     * program.  The exception handler gets unestablished automatically on
+     * return from this function.
+     */
+    lib$establish(lib$sig_to_ret);
+
+    if (ptr->imagename_dsc.dsc$w_length)
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym,
+                                     &ptr->imagename_dsc, flags);
+    else
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym, 0, flags);
+}
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+{
+    DSO_VMS_INTERNAL *ptr;
+    int status;
+# ifdef LIB$M_FIS_MIXEDCASE
+    int flags = LIB$M_FIS_MIXEDCASE;
+# else
+    int flags = (1 << 4);
+# endif
+    struct dsc$descriptor_s symname_dsc;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define SYMNAME symname_32p
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *symname_32p;
+#  pragma pointer_size restore
+    char symname_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define SYMNAME ((char *) symname)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    *sym = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+        return;
+    }
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the symbol name to storage with a 32-bit pointer. */
+    symname_32p = symname_32;
+    strcpy(symname_32p, symname);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    symname_dsc.dsc$w_length = strlen(SYMNAME);
+    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+    symname_dsc.dsc$a_pointer = SYMNAME;
+
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+        return;
+    }
+    ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
+                                            sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+        return;
+    }
+
+    if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
+        flags = 0;
+
+    status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        *sym = NULL;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+            if (ptr->imagename_dsc.dsc$w_length)
+                ERR_add_error_data(9,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename,
+                                   " (", ptr->imagename, ")",
+                                   ": ", errstring);
+            else
+                ERR_add_error_data(6,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename, ": ", errstring);
+        }
+        return;
+    }
+    return;
+}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE sym = 0;
+    vms_bind_sym(dso, symname, (void **)&sym);
+    return sym;
+}
+
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2)
+{
+    int status;
+    int filespec1len, filespec2len;
+    struct FAB fab;
+    struct NAMX_STRUCT nam;
+    char esa[NAMX_MAXRSS + 1];
+    char *merged;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define FILESPEC1 filespec1_32p;
+#  define FILESPEC2 filespec2_32p;
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *filespec1_32p;
+    char *filespec2_32p;
+#  pragma pointer_size restore
+    char filespec1_32[NAMX_MAXRSS + 1];
+    char filespec2_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define FILESPEC1 ((char *) filespec1)
+#  define FILESPEC2 ((char *) filespec2)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    if (!filespec1)
+        filespec1 = "";
+    if (!filespec2)
+        filespec2 = "";
+    filespec1len = strlen(filespec1);
+    filespec2len = strlen(filespec2);
+
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the file names to storage with a 32-bit pointer. */
+    filespec1_32p = filespec1_32;
+    filespec2_32p = filespec2_32;
+    strcpy(filespec1_32p, filespec1);
+    strcpy(filespec2_32p, filespec2);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    fab = cc$rms_fab;
+    nam = CC_RMS_NAMX;
+
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
+    NAMX_DNA_FNA_SET(fab)
+
+        nam.NAMX_ESA = esa;
+    nam.NAMX_ESS = NAMX_MAXRSS;
+    nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+    SET_NAMX_NO_SHORT_UPCASE(nam);
+
+    fab.FAB_NAMX = &nam;
+
+    status = sys$parse(&fab, 0, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+            ERR_add_error_data(7,
+                               "filespec \"", filespec1, "\", ",
+                               "defaults \"", filespec2, "\": ", errstring);
+        }
+        return (NULL);
+    }
+
+    merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
+    if (merged == NULL)
+        goto malloc_err;
+    strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
+    merged[nam.NAMX_ESL] = '\0';
+    return (merged);
+ malloc_err:
+    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+{
+    int len = strlen(filename);
+    char *not_translated = OPENSSL_malloc(len + 1);
+    if (not_translated != NULL)
+        strcpy(not_translated, filename);
+    return (not_translated);
+}
+
+#endif                          /* OPENSSL_SYS_VMS */
diff --git a/openssl-1.1.0h/crypto/dso/dso_win32.c b/openssl-1.1.0h/crypto/dso/dso_win32.c
new file mode 100644
index 0000000..4a4c34a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/dso/dso_win32.c
@@ -0,0 +1,573 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_locl.h"
+
+#if defined(DSO_WIN32)
+
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+    WCHAR lpProcNameW[64];
+    int i;
+
+    for (i = 0; lpProcName[i] && i < 64; i++)
+        lpProcNameW[i] = (WCHAR)lpProcName[i];
+    if (i == 64)
+        return NULL;
+    lpProcNameW[i] = 0;
+
+    return GetProcAddressW(hModule, lpProcNameW);
+}
+#  endif
+#  undef GetProcAddress
+#  define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+{
+    WCHAR *fnamw;
+    size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+#  ifdef _MSC_VER
+    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+#  else
+    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+#  endif
+    if (fnamw == NULL) {
+        SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+        return NULL;
+    }
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            fnamw[i] = (WCHAR)lpLibFileName[i];
+
+    return LoadLibraryW(fnamw);
+}
+# endif
+
+/* Part of the hack in "win32_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static void *win32_globallookup(const char *name);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+    "OpenSSL 'win32' shared library method",
+    win32_load,
+    win32_unload,
+    win32_bind_func,
+    NULL,                       /* ctrl */
+    win32_name_converter,
+    win32_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    NULL,                       /* pathbyaddr */
+    win32_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_win32;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+{
+    HINSTANCE h = NULL, *p = NULL;
+    /* See applicable comments from dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    h = LoadLibraryA(filename);
+    if (h == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(3, "filename(", filename, ")");
+        goto err;
+    }
+    p = OPENSSL_malloc(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    *p = h;
+    if (!sk_void_push(dso->meth_data, p)) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup ! */
+    OPENSSL_free(filename);
+    OPENSSL_free(p);
+    if (h != NULL)
+        FreeLibrary(h);
+    return (0);
+}
+
+static int win32_unload(DSO *dso)
+{
+    HINSTANCE *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    p = sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    if (!FreeLibrary(*p)) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+        /*
+         * We should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, p);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+{
+    HINSTANCE *ptr;
+    union {
+        void *p;
+        FARPROC f;
+    } sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym.f = GetProcAddress(*ptr, symname);
+    if (sym.p == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym.f);
+}
+
+struct file_st {
+    const char *node;
+    int nodelen;
+    const char *device;
+    int devicelen;
+    const char *predir;
+    int predirlen;
+    const char *dir;
+    int dirlen;
+    const char *file;
+    int filelen;
+};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+                                      int assume_last_is_dir)
+{
+    struct file_st *result = NULL;
+    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+    const char *start = filename;
+    char last;
+
+    if (!filename) {
+        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+        /*
+         * goto err;
+         */
+        return (NULL);
+    }
+
+    result = OPENSSL_zalloc(sizeof(*result));
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    position = IN_DEVICE;
+
+    if ((filename[0] == '\\' && filename[1] == '\\')
+        || (filename[0] == '/' && filename[1] == '/')) {
+        position = IN_NODE;
+        filename += 2;
+        start = filename;
+        result->node = start;
+    }
+
+    do {
+        last = filename[0];
+        switch (last) {
+        case ':':
+            if (position != IN_DEVICE) {
+                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+                /*
+                 * goto err;
+                 */
+                OPENSSL_free(result);
+                return (NULL);
+            }
+            result->device = start;
+            result->devicelen = (int)(filename - start);
+            position = IN_FILE;
+            start = ++filename;
+            result->dir = start;
+            break;
+        case '\\':
+        case '/':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+                position = IN_FILE;
+                start = ++filename;
+                result->dir = start;
+            } else if (position == IN_DEVICE) {
+                position = IN_FILE;
+                filename++;
+                result->dir = start;
+                result->dirlen = (int)(filename - start);
+                start = filename;
+            } else {
+                filename++;
+                result->dirlen += (int)(filename - start);
+                start = filename;
+            }
+            break;
+        case '\0':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+            } else {
+                if (filename - start > 0) {
+                    if (assume_last_is_dir) {
+                        if (position == IN_DEVICE) {
+                            result->dir = start;
+                            result->dirlen = 0;
+                        }
+                        result->dirlen += (int)(filename - start);
+                    } else {
+                        result->file = start;
+                        result->filelen = (int)(filename - start);
+                    }
+                }
+            }
+            break;
+        default:
+            filename++;
+            break;
+        }
+    }
+    while (last);
+
+    if (!result->nodelen)
+        result->node = NULL;
+    if (!result->devicelen)
+        result->device = NULL;
+    if (!result->dirlen)
+        result->dir = NULL;
+    if (!result->filelen)
+        result->file = NULL;
+
+    return (result);
+}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+{
+    int len = 0, offset = 0;
+    char *result = NULL;
+    const char *start;
+
+    if (!file_split) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (file_split->node) {
+        len += 2 + file_split->nodelen; /* 2 for starting \\ */
+        if (file_split->predir || file_split->dir || file_split->file)
+            len++;              /* 1 for ending \ */
+    } else if (file_split->device) {
+        len += file_split->devicelen + 1; /* 1 for ending : */
+    }
+    len += file_split->predirlen;
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->dirlen;
+    if (file_split->dir && file_split->file) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->filelen;
+
+    if (!len) {
+        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+        return (NULL);
+    }
+
+    result = OPENSSL_malloc(len + 1);
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    if (file_split->node) {
+        strcpy(&result[offset], "\\\\");
+        offset += 2;
+        strncpy(&result[offset], file_split->node, file_split->nodelen);
+        offset += file_split->nodelen;
+        if (file_split->predir || file_split->dir || file_split->file) {
+            result[offset] = '\\';
+            offset++;
+        }
+    } else if (file_split->device) {
+        strncpy(&result[offset], file_split->device, file_split->devicelen);
+        offset += file_split->devicelen;
+        result[offset] = ':';
+        offset++;
+    }
+    start = file_split->predir;
+    while (file_split->predirlen > (start - file_split->predir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->predirlen - (start -
+                                                                   file_split->predir));
+        if (!end)
+            end = start
+                + file_split->predirlen - (start - file_split->predir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    start = file_split->dir;
+    while (file_split->dirlen > (start - file_split->dir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->dirlen - (start -
+                                                                file_split->dir));
+        if (!end)
+            end = start + file_split->dirlen - (start - file_split->dir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    strncpy(&result[offset], file_split->file, file_split->filelen);
+    offset += file_split->filelen;
+    result[offset] = '\0';
+    return (result);
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged = NULL;
+    struct file_st *filespec1_split = NULL;
+    struct file_st *filespec2_split = NULL;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (!filespec2) {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    } else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else {
+        filespec1_split = win32_splitter(dso, filespec1, 0);
+        if (!filespec1_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        filespec2_split = win32_splitter(dso, filespec2, 1);
+        if (!filespec2_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(filespec1_split);
+            return (NULL);
+        }
+
+        /* Fill in into filespec1_split */
+        if (!filespec1_split->node && !filespec1_split->device) {
+            filespec1_split->node = filespec2_split->node;
+            filespec1_split->nodelen = filespec2_split->nodelen;
+            filespec1_split->device = filespec2_split->device;
+            filespec1_split->devicelen = filespec2_split->devicelen;
+        }
+        if (!filespec1_split->dir) {
+            filespec1_split->dir = filespec2_split->dir;
+            filespec1_split->dirlen = filespec2_split->dirlen;
+        } else if (filespec1_split->dir[0] != '\\'
+                   && filespec1_split->dir[0] != '/') {
+            filespec1_split->predir = filespec2_split->dir;
+            filespec1_split->predirlen = filespec2_split->dirlen;
+        }
+        if (!filespec1_split->file) {
+            filespec1_split->file = filespec2_split->file;
+            filespec1_split->filelen = filespec2_split->filelen;
+        }
+
+        merged = win32_joiner(dso, filespec1_split);
+    }
+    OPENSSL_free(filespec1_split);
+    OPENSSL_free(filespec2_split);
+    return (merged);
+}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, transform;
+
+    len = strlen(filename);
+    transform = ((strstr(filename, "/") == NULL) &&
+                 (strstr(filename, "\\") == NULL) &&
+                 (strstr(filename, ":") == NULL));
+    if (transform)
+        /* We will convert this to "%s.dll" */
+        translated = OPENSSL_malloc(len + 5);
+    else
+        /* We will simply duplicate filename */
+        translated = OPENSSL_malloc(len + 1);
+    if (translated == NULL) {
+        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform)
+        sprintf(translated, "%s.dll", filename);
+    else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+{
+    size_t i;
+    const char *p;
+    for (i = 0, p = string; i < len && *p; i++, p++) {
+        if (*p == c)
+            return p;
+    }
+    return NULL;
+}
+
+# include <tlhelp32.h>
+# ifdef _WIN32_WCE
+#  define DLLNAME "TOOLHELP.DLL"
+# else
+#  ifdef MODULEENTRY32
+#   undef MODULEENTRY32         /* unmask the ASCII version! */
+#  endif
+#  define DLLNAME "KERNEL32.DLL"
+# endif
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
+
+static void *win32_globallookup(const char *name)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+    union {
+        void *p;
+        FARPROC f;
+    } ret = { NULL };
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        return NULL;
+    }
+
+    do {
+        if ((ret.f = GetProcAddress(me32.hModule, name))) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+            return ret.p;
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return NULL;
+}
+#endif                          /* DSO_WIN32 */
diff --git a/openssl-1.1.0h/crypto/ebcdic.c b/openssl-1.1.0h/crypto/ebcdic.c
new file mode 100644
index 0000000..6871953
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ebcdic.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <openssl/e_os2.h>
+#ifndef CHARSET_EBCDIC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/ebcdic.h>
+
+/*-
+ *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+ *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
+ */
+
+# ifdef CHARSET_EBCDIC_TEST
+/*
+ * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
+ * any translation in these tables at all.
+ */
+
+/* The ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+# elif defined(_OSD_POSIX)
+/*
+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
+ * subsystem, the same character set was chosen as in "native BS2000", namely
+ * EBCDIC. (EDF04)
+ *
+ * The name "ASCII" in these routines is misleading: actually, conversion is
+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means
+ * that (western european) national characters are preserved.
+ *
+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX
+ * tools.
+ */
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    /*
+     * 30
+     */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    /*
+     * 40
+     */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+    0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */
+    /*
+     * 50
+     */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */
+    /*
+     * 60
+     */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+    0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f,    /*-/........^,%_>?*/
+    /*
+     * 70
+     */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+    0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */
+    /*
+     * 80
+     */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    /*
+     * 90
+     */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    /*
+     * a0
+     */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */
+    /*
+     * b0
+     */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+    0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */
+    /*
+     * c0
+     */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */
+    /*
+     * d0
+     */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */
+    /*
+     * e0
+     */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */
+    /*
+     * f0
+     */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    /*
+     * 30
+     */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    /*
+     * 40
+     */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    /*
+     * 50
+     */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+    0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    /*
+     * 60
+     */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    /*
+     * 70
+     */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+    0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */
+    /*
+     * 80
+     */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    /*
+     * 90
+     */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */
+    /*
+     * a0
+     */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+    0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */
+    /*
+     * b0
+     */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    /*
+     * c0
+     */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    /*
+     * d0
+     */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+    0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */
+    /*
+     * e0
+     */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    /*
+     * f0
+     */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+    0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+
+# else /*_OSD_POSIX*/
+
+/*
+ * This code does basic character mapping for IBM's TPF and OS/390 operating
+ * systems. It is a modified version of the BS2000 table.
+ *
+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
+ * bijective - there are no ambiguous or duplicate characters.
+ */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
+};
+
+/*
+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is
+ * bijective (no ambiguous or duplicate characters)
+ */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+# endif/*_OSD_POSIX*/
+
+/*
+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but should not
+ * overlap. These functions intentionally have an interface compatible to
+ * memcpy(3).
+ */
+
+void *ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+
+    return dest;
+}
+
+void *ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+
+    return dest;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv4.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv4.pl
new file mode 100755
index 0000000..2314b75
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -0,0 +1,1865 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for ARMv4.
+#
+# October 2014.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#			with/without -DECP_NISTZ256_ASM
+# Cortex-A8		+53-170%
+# Cortex-A9		+76-205%
+# Cortex-A15		+100-316%
+# Snapdragon S4		+66-187%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,%object
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	5
+.LRR:	@ 2^512 mod P precomputed for NIST P256 polynomial
+.long	0x00000003, 0x00000000, 0xffffffff, 0xfffffffb
+.long	0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004
+.Lone:
+.long	1,0,0,0,0,0,0,0
+.asciz	"ECP_NISTZ256 for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align	6
+___
+
+########################################################################
+# common register layout, note that $t2 is link register, so that if
+# internal subroutine uses $t2, then it has to offload lr...
+
+($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)=
+		map("r$_",(0..12,14));
+($t0,$t3)=($ff,$a_ptr);
+
+$code.=<<___;
+@ void	ecp_nistz256_to_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,%function
+ecp_nistz256_to_mont:
+	adr	$b_ptr,.LRR
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+@ void	ecp_nistz256_from_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,%function
+ecp_nistz256_from_mont:
+	adr	$b_ptr,.Lone
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+@ void	ecp_nistz256_mul_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,%function
+.align	4
+ecp_nistz256_mul_by_2:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_by_2
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+.type	__ecp_nistz256_mul_by_2,%function
+.align	4
+__ecp_nistz256_mul_by_2:
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7], i.e. add with itself
+	ldr	$a3,[$a_ptr,#12]
+	adcs	$a1,$a1,$a1
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a2,$a2,$a2
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a3,$a3,$a3
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a4,$a4,$a4
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	b	.Lreduce_by_sub
+.size	__ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
+
+@ void	ecp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8],
+@					const BN_ULONG r2[8]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,%function
+.align	4
+ecp_nistz256_add:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_add
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+.type	__ecp_nistz256_add,%function
+.align	4
+__ecp_nistz256_add:
+	str	lr,[sp,#-4]!		@ push lr
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	ldr	$a3,[$a_ptr,#12]
+	ldr	$a4,[$a_ptr,#16]
+	 ldr	$t0,[$b_ptr,#0]
+	ldr	$a5,[$a_ptr,#20]
+	 ldr	$t1,[$b_ptr,#4]
+	ldr	$a6,[$a_ptr,#24]
+	 ldr	$t2,[$b_ptr,#8]
+	ldr	$a7,[$a_ptr,#28]
+	 ldr	$t3,[$b_ptr,#12]
+	adds	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	adcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	adcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	adcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	adcs	$a4,$a4,$t0
+	adcs	$a5,$a5,$t1
+	adcs	$a6,$a6,$t2
+	mov	$ff,#0
+	adcs	$a7,$a7,$t3
+	adc	$ff,$ff,#0
+	ldr	lr,[sp],#4		@ pop lr
+
+.Lreduce_by_sub:
+
+	@ if a+b >= modulus, subtract modulus.
+	@
+	@ But since comparison implies subtraction, we subtract
+	@ modulus and then add it back if subraction borrowed.
+
+	subs	$a0,$a0,#-1
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ using value of borrow as a whole or extracting single bit.
+	@ Follow $ff register...
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+@ void	ecp_nistz256_mul_by_3(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,%function
+.align	4
+ecp_nistz256_mul_by_3:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_by_3
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+.type	__ecp_nistz256_mul_by_3,%function
+.align	4
+__ecp_nistz256_mul_by_3:
+	str	lr,[sp,#-4]!		@ push lr
+
+	@ As multiplication by 3 is performed as 2*n+n, below are inline
+	@ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see
+	@ corresponding subroutines for details.
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7]
+	ldr	$a3,[$a_ptr,#12]
+	adcs	$a1,$a1,$a1
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a2,$a2,$a2
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a3,$a3,$a3
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a4,$a4,$a4
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	subs	$a0,$a0,#-1		@ .Lreduce_by_sub but without stores
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	adcs	$a2,$a2,$ff
+	adcs	$a3,$a3,#0
+	adcs	$a4,$a4,#0
+	 ldr	$b_ptr,[$a_ptr,#0]
+	adcs	$a5,$a5,#0
+	 ldr	$t1,[$a_ptr,#4]
+	adcs	$a6,$a6,$ff,lsr#31
+	 ldr	$t2,[$a_ptr,#8]
+	adc	$a7,$a7,$ff
+
+	ldr	$t0,[$a_ptr,#12]
+	adds	$a0,$a0,$b_ptr		@ 2*a[0:7]+=a[0:7]
+	ldr	$b_ptr,[$a_ptr,#16]
+	adcs	$a1,$a1,$t1
+	ldr	$t1,[$a_ptr,#20]
+	adcs	$a2,$a2,$t2
+	ldr	$t2,[$a_ptr,#24]
+	adcs	$a3,$a3,$t0
+	ldr	$t3,[$a_ptr,#28]
+	adcs	$a4,$a4,$b_ptr
+	adcs	$a5,$a5,$t1
+	adcs	$a6,$a6,$t2
+	mov	$ff,#0
+	adcs	$a7,$a7,$t3
+	adc	$ff,$ff,#0
+	ldr	lr,[sp],#4		@ pop lr
+
+	b	.Lreduce_by_sub
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+@ void	ecp_nistz256_div_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,%function
+.align	4
+ecp_nistz256_div_by_2:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_div_by_2
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+.type	__ecp_nistz256_div_by_2,%function
+.align	4
+__ecp_nistz256_div_by_2:
+	@ ret = (a is odd ? a+mod : a) >> 1
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	mov	$ff,$a0,lsl#31		@ place least significant bit to most
+					@ significant position, now arithmetic
+					@ right shift by 31 will produce -1 or
+					@ 0, while logical right shift 1 or 0,
+					@ this is how modulus is conditionally
+					@ synthesized in this case...
+	ldr	$a3,[$a_ptr,#12]
+	adds	$a0,$a0,$ff,asr#31
+	ldr	$a4,[$a_ptr,#16]
+	adcs	$a1,$a1,$ff,asr#31
+	ldr	$a5,[$a_ptr,#20]
+	adcs	$a2,$a2,$ff,asr#31
+	ldr	$a6,[$a_ptr,#24]
+	adcs	$a3,$a3,#0
+	ldr	$a7,[$a_ptr,#28]
+	adcs	$a4,$a4,#0
+	 mov	$a0,$a0,lsr#1		@ a[0:7]>>=1, we can start early
+					@ because it doesn't affect flags
+	adcs	$a5,$a5,#0
+	 orr	$a0,$a0,$a1,lsl#31
+	adcs	$a6,$a6,$ff,lsr#31
+	mov	$b_ptr,#0
+	adcs	$a7,$a7,$ff,asr#31
+	 mov	$a1,$a1,lsr#1
+	adc	$b_ptr,$b_ptr,#0	@ top-most carry bit from addition
+
+	orr	$a1,$a1,$a2,lsl#31
+	mov	$a2,$a2,lsr#1
+	str	$a0,[$r_ptr,#0]
+	orr	$a2,$a2,$a3,lsl#31
+	mov	$a3,$a3,lsr#1
+	str	$a1,[$r_ptr,#4]
+	orr	$a3,$a3,$a4,lsl#31
+	mov	$a4,$a4,lsr#1
+	str	$a2,[$r_ptr,#8]
+	orr	$a4,$a4,$a5,lsl#31
+	mov	$a5,$a5,lsr#1
+	str	$a3,[$r_ptr,#12]
+	orr	$a5,$a5,$a6,lsl#31
+	mov	$a6,$a6,lsr#1
+	str	$a4,[$r_ptr,#16]
+	orr	$a6,$a6,$a7,lsl#31
+	mov	$a7,$a7,lsr#1
+	str	$a5,[$r_ptr,#20]
+	orr	$a7,$a7,$b_ptr,lsl#31	@ don't forget the top-most carry bit
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+
+@ void	ecp_nistz256_sub(BN_ULONG r0[8],const BN_ULONG r1[8],
+@				        const BN_ULONG r2[8]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,%function
+.align	4
+ecp_nistz256_sub:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_sub
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+.type	__ecp_nistz256_sub,%function
+.align	4
+__ecp_nistz256_sub:
+	str	lr,[sp,#-4]!		@ push lr
+
+	ldr	$a0,[$a_ptr,#0]
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	ldr	$a3,[$a_ptr,#12]
+	ldr	$a4,[$a_ptr,#16]
+	 ldr	$t0,[$b_ptr,#0]
+	ldr	$a5,[$a_ptr,#20]
+	 ldr	$t1,[$b_ptr,#4]
+	ldr	$a6,[$a_ptr,#24]
+	 ldr	$t2,[$b_ptr,#8]
+	ldr	$a7,[$a_ptr,#28]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$a4,$t0
+	sbcs	$a5,$a5,$t1
+	sbcs	$a6,$a6,$t2
+	sbcs	$a7,$a7,$t3
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+.Lreduce_by_add:
+
+	@ if a-b borrows, add modulus.
+	@
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ broadcasting borrow bit to a register, $ff, and using it as
+	@ a whole or extracting single bit.
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub,.-__ecp_nistz256_sub
+
+@ void	ecp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,%function
+.align	4
+ecp_nistz256_neg:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_neg
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+.type	__ecp_nistz256_neg,%function
+.align	4
+__ecp_nistz256_neg:
+	ldr	$a0,[$a_ptr,#0]
+	eor	$ff,$ff,$ff
+	ldr	$a1,[$a_ptr,#4]
+	ldr	$a2,[$a_ptr,#8]
+	subs	$a0,$ff,$a0
+	ldr	$a3,[$a_ptr,#12]
+	sbcs	$a1,$ff,$a1
+	ldr	$a4,[$a_ptr,#16]
+	sbcs	$a2,$ff,$a2
+	ldr	$a5,[$a_ptr,#20]
+	sbcs	$a3,$ff,$a3
+	ldr	$a6,[$a_ptr,#24]
+	sbcs	$a4,$ff,$a4
+	ldr	$a7,[$a_ptr,#28]
+	sbcs	$a5,$ff,$a5
+	sbcs	$a6,$ff,$a6
+	sbcs	$a7,$ff,$a7
+	sbc	$ff,$ff,$ff
+
+	b	.Lreduce_by_add
+.size	__ecp_nistz256_neg,.-__ecp_nistz256_neg
+___
+{
+my @acc=map("r$_",(3..11));
+my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14));
+
+$code.=<<___;
+@ void	ecp_nistz256_sqr_mont(BN_ULONG r0[8],const BN_ULONG r1[8]);
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,%function
+.align	4
+ecp_nistz256_sqr_mont:
+	mov	$b_ptr,$a_ptr
+	b	.Lecp_nistz256_mul_mont
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+@ void	ecp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8],
+@					     const BN_ULONG r2[8]);
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,%function
+.align	4
+ecp_nistz256_mul_mont:
+.Lecp_nistz256_mul_mont:
+	stmdb	sp!,{r4-r12,lr}
+	bl	__ecp_nistz256_mul_mont
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+.type	__ecp_nistz256_mul_mont,%function
+.align	4
+__ecp_nistz256_mul_mont:
+	stmdb	sp!,{r0-r2,lr}			@ make a copy of arguments too
+
+	ldr	$bj,[$b_ptr,#0]			@ b[0]
+	ldmia	$a_ptr,{@acc[1]-@acc[8]}
+
+	umull	@acc[0],$t3,@acc[1],$bj		@ r[0]=a[0]*b[0]
+	stmdb	sp!,{$acc[1]-@acc[8]}		@ copy a[0-7] to stack, so
+						@ that it can be addressed
+						@ without spending register
+						@ on address
+	umull	@acc[1],$t0,@acc[2],$bj		@ r[1]=a[1]*b[0]
+	umull	@acc[2],$t1,@acc[3],$bj
+	adds	@acc[1],@acc[1],$t3		@ accumulate high part of mult
+	umull	@acc[3],$t2,@acc[4],$bj
+	adcs	@acc[2],@acc[2],$t0
+	umull	@acc[4],$t3,@acc[5],$bj
+	adcs	@acc[3],@acc[3],$t1
+	umull	@acc[5],$t0,@acc[6],$bj
+	adcs	@acc[4],@acc[4],$t2
+	umull	@acc[6],$t1,@acc[7],$bj
+	adcs	@acc[5],@acc[5],$t3
+	umull	@acc[7],$t2,@acc[8],$bj
+	adcs	@acc[6],@acc[6],$t0
+	adcs	@acc[7],@acc[7],$t1
+	eor	$t3,$t3,$t3			@ first overflow bit is zero
+	adc	@acc[8],$t2,#0
+___
+for(my $i=1;$i<8;$i++) {
+my $t4=@acc[0];
+
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+$code.=<<___;
+	@ multiplication-less reduction $i
+	adds	@acc[3],@acc[3],@acc[0]		@ r[3]+=r[0]
+	 ldr	$bj,[sp,#40]			@ restore b_ptr
+	adcs	@acc[4],@acc[4],#0		@ r[4]+=0
+	adcs	@acc[5],@acc[5],#0		@ r[5]+=0
+	adcs	@acc[6],@acc[6],@acc[0]		@ r[6]+=r[0]
+	 ldr	$t1,[sp,#0]			@ load a[0]
+	adcs	@acc[7],@acc[7],#0		@ r[7]+=0
+	 ldr	$bj,[$bj,#4*$i]			@ load b[i]
+	adcs	@acc[8],@acc[8],@acc[0]		@ r[8]+=r[0]
+	 eor	$t0,$t0,$t0
+	adc	$t3,$t3,#0			@ overflow bit
+	subs	@acc[7],@acc[7],@acc[0]		@ r[7]-=r[0]
+	 ldr	$t2,[sp,#4]			@ a[1]
+	sbcs	@acc[8],@acc[8],#0		@ r[8]-=0
+	 umlal	@acc[1],$t0,$t1,$bj		@ "r[0]"+=a[0]*b[i]
+	 eor	$t1,$t1,$t1
+	sbc	@acc[0],$t3,#0			@ overflow bit, keep in mind
+						@ that netto result is
+						@ addition of a value which
+						@ makes underflow impossible
+
+	ldr	$t3,[sp,#8]			@ a[2]
+	umlal	@acc[2],$t1,$t2,$bj		@ "r[1]"+=a[1]*b[i]
+	 str	@acc[0],[sp,#36]		@ temporarily offload overflow
+	eor	$t2,$t2,$t2
+	ldr	$t4,[sp,#12]			@ a[3], $t4 is alias @acc[0]
+	umlal	@acc[3],$t2,$t3,$bj		@ "r[2]"+=a[2]*b[i]
+	eor	$t3,$t3,$t3
+	adds	@acc[2],@acc[2],$t0		@ accumulate high part of mult
+	ldr	$t0,[sp,#16]			@ a[4]
+	umlal	@acc[4],$t3,$t4,$bj		@ "r[3]"+=a[3]*b[i]
+	eor	$t4,$t4,$t4
+	adcs	@acc[3],@acc[3],$t1
+	ldr	$t1,[sp,#20]			@ a[5]
+	umlal	@acc[5],$t4,$t0,$bj		@ "r[4]"+=a[4]*b[i]
+	eor	$t0,$t0,$t0
+	adcs	@acc[4],@acc[4],$t2
+	ldr	$t2,[sp,#24]			@ a[6]
+	umlal	@acc[6],$t0,$t1,$bj		@ "r[5]"+=a[5]*b[i]
+	eor	$t1,$t1,$t1
+	adcs	@acc[5],@acc[5],$t3
+	ldr	$t3,[sp,#28]			@ a[7]
+	umlal	@acc[7],$t1,$t2,$bj		@ "r[6]"+=a[6]*b[i]
+	eor	$t2,$t2,$t2
+	adcs	@acc[6],@acc[6],$t4
+	 ldr	@acc[0],[sp,#36]		@ restore overflow bit
+	umlal	@acc[8],$t2,$t3,$bj		@ "r[7]"+=a[7]*b[i]
+	eor	$t3,$t3,$t3
+	adcs	@acc[7],@acc[7],$t0
+	adcs	@acc[8],@acc[8],$t1
+	adcs	@acc[0],$acc[0],$t2
+	adc	$t3,$t3,#0			@ new overflow bit
+___
+	push(@acc,shift(@acc));			# rotate registers, so that
+						# "r[i]" becomes r[i]
+}
+$code.=<<___;
+	@ last multiplication-less reduction
+	adds	@acc[3],@acc[3],@acc[0]
+	ldr	$r_ptr,[sp,#32]			@ restore r_ptr
+	adcs	@acc[4],@acc[4],#0
+	adcs	@acc[5],@acc[5],#0
+	adcs	@acc[6],@acc[6],@acc[0]
+	adcs	@acc[7],@acc[7],#0
+	adcs	@acc[8],@acc[8],@acc[0]
+	adc	$t3,$t3,#0
+	subs	@acc[7],@acc[7],@acc[0]
+	sbcs	@acc[8],@acc[8],#0
+	sbc	@acc[0],$t3,#0			@ overflow bit
+
+	@ Final step is "if result > mod, subtract mod", but we do it
+	@ "other way around", namely subtract modulus from result
+	@ and if it borrowed, add modulus back.
+
+	adds	@acc[1],@acc[1],#1		@ subs	@acc[1],@acc[1],#-1
+	adcs	@acc[2],@acc[2],#0		@ sbcs	@acc[2],@acc[2],#-1
+	adcs	@acc[3],@acc[3],#0		@ sbcs	@acc[3],@acc[3],#-1
+	sbcs	@acc[4],@acc[4],#0
+	sbcs	@acc[5],@acc[5],#0
+	sbcs	@acc[6],@acc[6],#0
+	sbcs	@acc[7],@acc[7],#1
+	adcs	@acc[8],@acc[8],#0		@ sbcs	@acc[8],@acc[8],#-1
+	ldr	lr,[sp,#44]			@ restore lr
+	sbc	@acc[0],@acc[0],#0		@ broadcast borrow bit
+	add	sp,sp,#48
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ broadcasting borrow bit to a register, @acc[0], and using it as
+	@ a whole or extracting single bit.
+
+	adds	@acc[1],@acc[1],@acc[0]		@ add modulus or zero
+	adcs	@acc[2],@acc[2],@acc[0]
+	str	@acc[1],[$r_ptr,#0]
+	adcs	@acc[3],@acc[3],@acc[0]
+	str	@acc[2],[$r_ptr,#4]
+	adcs	@acc[4],@acc[4],#0
+	str	@acc[3],[$r_ptr,#8]
+	adcs	@acc[5],@acc[5],#0
+	str	@acc[4],[$r_ptr,#12]
+	adcs	@acc[6],@acc[6],#0
+	str	@acc[5],[$r_ptr,#16]
+	adcs	@acc[7],@acc[7],@acc[0],lsr#31
+	str	@acc[6],[$r_ptr,#20]
+	adc	@acc[8],@acc[8],@acc[0]
+	str	@acc[7],[$r_ptr,#24]
+	str	@acc[8],[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+___
+}
+
+{
+my ($out,$inp,$index,$mask)=map("r$_",(0..3));
+$code.=<<___;
+@ void	ecp_nistz256_scatter_w5(void *r0,const P256_POINT *r1,
+@					 int r2);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,%function
+.align	5
+ecp_nistz256_scatter_w5:
+	stmdb	sp!,{r4-r11}
+
+	add	$out,$out,$index,lsl#2
+
+	ldmia	$inp!,{r4-r11}		@ X
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldmia	$inp!,{r4-r11}		@ Y
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldmia	$inp,{r4-r11}		@ Z
+	str	r4,[$out,#64*0-4]
+	str	r5,[$out,#64*1-4]
+	str	r6,[$out,#64*2-4]
+	str	r7,[$out,#64*3-4]
+	str	r8,[$out,#64*4-4]
+	str	r9,[$out,#64*5-4]
+	str	r10,[$out,#64*6-4]
+	str	r11,[$out,#64*7-4]
+
+	ldmia	sp!,{r4-r11}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+@ void	ecp_nistz256_gather_w5(P256_POINT *r0,const void *r1,
+@					      int r2);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,%function
+.align	5
+ecp_nistz256_gather_w5:
+	stmdb	sp!,{r4-r11}
+
+	cmp	$index,#0
+	mov	$mask,#0
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	subne	$index,$index,#1
+	movne	$mask,#-1
+	add	$inp,$inp,$index,lsl#2
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out!,{r4-r11}	@ X
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out!,{r4-r11}	@ Y
+
+	ldr	r4,[$inp,#64*0]
+	ldr	r5,[$inp,#64*1]
+	ldr	r6,[$inp,#64*2]
+	and	r4,r4,$mask
+	ldr	r7,[$inp,#64*3]
+	and	r5,r5,$mask
+	ldr	r8,[$inp,#64*4]
+	and	r6,r6,$mask
+	ldr	r9,[$inp,#64*5]
+	and	r7,r7,$mask
+	ldr	r10,[$inp,#64*6]
+	and	r8,r8,$mask
+	ldr	r11,[$inp,#64*7]
+	and	r9,r9,$mask
+	and	r10,r10,$mask
+	and	r11,r11,$mask
+	stmia	$out,{r4-r11}		@ Z
+
+	ldmia	sp!,{r4-r11}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+@ void	ecp_nistz256_scatter_w7(void *r0,const P256_POINT_AFFINE *r1,
+@					 int r2);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,%function
+.align	5
+ecp_nistz256_scatter_w7:
+	add	$out,$out,$index
+	mov	$index,#64/4
+.Loop_scatter_w7:
+	ldr	$mask,[$inp],#4
+	subs	$index,$index,#1
+	strb	$mask,[$out,#64*0-1]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*1-1]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*2-1]
+	mov	$mask,$mask,lsr#8
+	strb	$mask,[$out,#64*3-1]
+	add	$out,$out,#64*4
+	bne	.Loop_scatter_w7
+
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+@ void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *r0,const void *r1,
+@						     int r2);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,%function
+.align	5
+ecp_nistz256_gather_w7:
+	stmdb	sp!,{r4-r7}
+
+	cmp	$index,#0
+	mov	$mask,#0
+#ifdef	__thumb2__
+	itt	ne
+#endif
+	subne	$index,$index,#1
+	movne	$mask,#-1
+	add	$inp,$inp,$index
+	mov	$index,#64/4
+	nop
+.Loop_gather_w7:
+	ldrb	r4,[$inp,#64*0]
+	subs	$index,$index,#1
+	ldrb	r5,[$inp,#64*1]
+	ldrb	r6,[$inp,#64*2]
+	ldrb	r7,[$inp,#64*3]
+	add	$inp,$inp,#64*4
+	orr	r4,r4,r5,lsl#8
+	orr	r4,r4,r6,lsl#16
+	orr	r4,r4,r7,lsl#24
+	and	r4,r4,$mask
+	str	r4,[$out],#4
+	bne	.Loop_gather_w7
+
+	ldmia	sp!,{r4-r7}
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	bx	lr
+#else
+	mov	pc,lr
+#endif
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+if (0) {
+# In comparison to integer-only equivalent of below subroutine:
+#
+# Cortex-A8	+10%
+# Cortex-A9	-10%
+# Snapdragon S4	+5%
+#
+# As not all time is spent in multiplication, overall impact is deemed
+# too low to care about.
+
+my ($A0,$A1,$A2,$A3,$Bi,$zero,$temp)=map("d$_",(0..7));
+my $mask="q4";
+my $mult="q5";
+my @AxB=map("q$_",(8..15));
+
+my ($rptr,$aptr,$bptr,$toutptr)=map("r$_",(0..3));
+
+$code.=<<___;
+#if __ARM_ARCH__>=7
+.fpu	neon
+
+.globl	ecp_nistz256_mul_mont_neon
+.type	ecp_nistz256_mul_mont_neon,%function
+.align	5
+ecp_nistz256_mul_mont_neon:
+	mov	ip,sp
+	stmdb	sp!,{r4-r9}
+	vstmdb	sp!,{q4-q5}		@ ABI specification says so
+
+	sub		$toutptr,sp,#40
+	vld1.32		{${Bi}[0]},[$bptr,:32]!
+	veor		$zero,$zero,$zero
+	vld1.32		{$A0-$A3}, [$aptr]		@ can't specify :32 :-(
+	vzip.16		$Bi,$zero
+	mov		sp,$toutptr			@ alloca
+	vmov.i64	$mask,#0xffff
+
+	vmull.u32	@AxB[0],$Bi,${A0}[0]
+	vmull.u32	@AxB[1],$Bi,${A0}[1]
+	vmull.u32	@AxB[2],$Bi,${A1}[0]
+	vmull.u32	@AxB[3],$Bi,${A1}[1]
+	 vshr.u64	$temp,@AxB[0]#lo,#16
+	vmull.u32	@AxB[4],$Bi,${A2}[0]
+	 vadd.u64	@AxB[0]#hi,@AxB[0]#hi,$temp
+	vmull.u32	@AxB[5],$Bi,${A2}[1]
+	 vshr.u64	$temp,@AxB[0]#hi,#16		@ upper 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[6],$Bi,${A3}[0]
+	 vand.u64	@AxB[0],@AxB[0],$mask		@ lower 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[7],$Bi,${A3}[1]
+___
+for($i=1;$i<8;$i++) {
+$code.=<<___;
+	 vld1.32	{${Bi}[0]},[$bptr,:32]!
+	 veor		$zero,$zero,$zero
+	vadd.u64	@AxB[1]#lo,@AxB[1]#lo,$temp	@ reduction
+	vshl.u64	$mult,@AxB[0],#32
+	vadd.u64	@AxB[3],@AxB[3],@AxB[0]
+	vsub.u64	$mult,$mult,@AxB[0]
+	 vzip.16	$Bi,$zero
+	vadd.u64	@AxB[6],@AxB[6],@AxB[0]
+	vadd.u64	@AxB[7],@AxB[7],$mult
+___
+	push(@AxB,shift(@AxB));
+$code.=<<___;
+	vmlal.u32	@AxB[0],$Bi,${A0}[0]
+	vmlal.u32	@AxB[1],$Bi,${A0}[1]
+	vmlal.u32	@AxB[2],$Bi,${A1}[0]
+	vmlal.u32	@AxB[3],$Bi,${A1}[1]
+	 vshr.u64	$temp,@AxB[0]#lo,#16
+	vmlal.u32	@AxB[4],$Bi,${A2}[0]
+	 vadd.u64	@AxB[0]#hi,@AxB[0]#hi,$temp
+	vmlal.u32	@AxB[5],$Bi,${A2}[1]
+	 vshr.u64	$temp,@AxB[0]#hi,#16		@ upper 33 bits of a[0]*b[i]+t[0]
+	vmlal.u32	@AxB[6],$Bi,${A3}[0]
+	 vand.u64	@AxB[0],@AxB[0],$mask		@ lower 32 bits of a[0]*b[0]
+	vmull.u32	@AxB[7],$Bi,${A3}[1]
+___
+}
+$code.=<<___;
+	vadd.u64	@AxB[1]#lo,@AxB[1]#lo,$temp	@ last reduction
+	vshl.u64	$mult,@AxB[0],#32
+	vadd.u64	@AxB[3],@AxB[3],@AxB[0]
+	vsub.u64	$mult,$mult,@AxB[0]
+	vadd.u64	@AxB[6],@AxB[6],@AxB[0]
+	vadd.u64	@AxB[7],@AxB[7],$mult
+
+	vshr.u64	$temp,@AxB[1]#lo,#16		@ convert
+	vadd.u64	@AxB[1]#hi,@AxB[1]#hi,$temp
+	vshr.u64	$temp,@AxB[1]#hi,#16
+	vzip.16		@AxB[1]#lo,@AxB[1]#hi
+___
+foreach (2..7) {
+$code.=<<___;
+	vadd.u64	@AxB[$_]#lo,@AxB[$_]#lo,$temp
+	vst1.32		{@AxB[$_-1]#lo[0]},[$toutptr,:32]!
+	vshr.u64	$temp,@AxB[$_]#lo,#16
+	vadd.u64	@AxB[$_]#hi,@AxB[$_]#hi,$temp
+	vshr.u64	$temp,@AxB[$_]#hi,#16
+	vzip.16		@AxB[$_]#lo,@AxB[$_]#hi
+___
+}
+$code.=<<___;
+	vst1.32		{@AxB[7]#lo[0]},[$toutptr,:32]!
+	vst1.32		{$temp},[$toutptr]		@ upper 33 bits
+
+	ldr	r1,[sp,#0]
+	ldr	r2,[sp,#4]
+	ldr	r3,[sp,#8]
+	subs	r1,r1,#-1
+	ldr	r4,[sp,#12]
+	sbcs	r2,r2,#-1
+	ldr	r5,[sp,#16]
+	sbcs	r3,r3,#-1
+	ldr	r6,[sp,#20]
+	sbcs	r4,r4,#0
+	ldr	r7,[sp,#24]
+	sbcs	r5,r5,#0
+	ldr	r8,[sp,#28]
+	sbcs	r6,r6,#0
+	ldr	r9,[sp,#32]				@ top-most bit
+	sbcs	r7,r7,#1
+	sub	sp,ip,#40+16
+	sbcs	r8,r8,#-1
+	sbc	r9,r9,#0
+        vldmia  sp!,{q4-q5}
+
+	adds	r1,r1,r9
+	adcs	r2,r2,r9
+	str	r1,[$rptr,#0]
+	adcs	r3,r3,r9
+	str	r2,[$rptr,#4]
+	adcs	r4,r4,#0
+	str	r3,[$rptr,#8]
+	adcs	r5,r5,#0
+	str	r4,[$rptr,#12]
+	adcs	r6,r6,#0
+	str	r5,[$rptr,#16]
+	adcs	r7,r7,r9,lsr#31
+	str	r6,[$rptr,#20]
+	adcs	r8,r8,r9
+	str	r7,[$rptr,#24]
+	str	r8,[$rptr,#28]
+
+        ldmia   sp!,{r4-r9}
+	bx	lr
+.size	ecp_nistz256_mul_mont_neon,.-ecp_nistz256_mul_mont_neon
+#endif
+___
+}
+
+{{{
+########################################################################
+# Below $aN assignment matches order in which 256-bit result appears in
+# register bank at return from __ecp_nistz256_mul_mont, so that we can
+# skip over reloading it from memory. This means that below functions
+# use custom calling sequence accepting 256-bit input in registers,
+# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr.
+#
+# See their "normal" counterparts for insights on calculations.
+
+my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,
+    $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1));
+my $ff=$b_ptr;
+
+$code.=<<___;
+.type	__ecp_nistz256_sub_from,%function
+.align	5
+__ecp_nistz256_sub_from:
+	str	lr,[sp,#-4]!		@ push lr
+
+	 ldr	$t0,[$b_ptr,#0]
+	 ldr	$t1,[$b_ptr,#4]
+	 ldr	$t2,[$b_ptr,#8]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$a0,$t0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$a1,$t1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$a2,$t2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$a3,$t3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$a4,$t0
+	sbcs	$a5,$a5,$t1
+	sbcs	$a6,$a6,$t2
+	sbcs	$a7,$a7,$t3
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,%function
+.align	5
+__ecp_nistz256_sub_morf:
+	str	lr,[sp,#-4]!		@ push lr
+
+	 ldr	$t0,[$b_ptr,#0]
+	 ldr	$t1,[$b_ptr,#4]
+	 ldr	$t2,[$b_ptr,#8]
+	 ldr	$t3,[$b_ptr,#12]
+	subs	$a0,$t0,$a0
+	 ldr	$t0,[$b_ptr,#16]
+	sbcs	$a1,$t1,$a1
+	 ldr	$t1,[$b_ptr,#20]
+	sbcs	$a2,$t2,$a2
+	 ldr	$t2,[$b_ptr,#24]
+	sbcs	$a3,$t3,$a3
+	 ldr	$t3,[$b_ptr,#28]
+	sbcs	$a4,$t0,$a4
+	sbcs	$a5,$t1,$a5
+	sbcs	$a6,$t2,$a6
+	sbcs	$a7,$t3,$a7
+	sbc	$ff,$ff,$ff		@ broadcast borrow bit
+	ldr	lr,[sp],#4		@ pop lr
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_add_self,%function
+.align	4
+__ecp_nistz256_add_self:
+	adds	$a0,$a0,$a0		@ a[0:7]+=a[0:7]
+	adcs	$a1,$a1,$a1
+	adcs	$a2,$a2,$a2
+	adcs	$a3,$a3,$a3
+	adcs	$a4,$a4,$a4
+	adcs	$a5,$a5,$a5
+	adcs	$a6,$a6,$a6
+	mov	$ff,#0
+	adcs	$a7,$a7,$a7
+	adc	$ff,$ff,#0
+
+	@ if a+b >= modulus, subtract modulus.
+	@
+	@ But since comparison implies subtraction, we subtract
+	@ modulus and then add it back if subraction borrowed.
+
+	subs	$a0,$a0,#-1
+	sbcs	$a1,$a1,#-1
+	sbcs	$a2,$a2,#-1
+	sbcs	$a3,$a3,#0
+	sbcs	$a4,$a4,#0
+	sbcs	$a5,$a5,#0
+	sbcs	$a6,$a6,#1
+	sbcs	$a7,$a7,#-1
+	sbc	$ff,$ff,#0
+
+	@ Note that because mod has special form, i.e. consists of
+	@ 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	@ using value of borrow as a whole or extracting single bit.
+	@ Follow $ff register...
+
+	adds	$a0,$a0,$ff		@ add synthesized modulus
+	adcs	$a1,$a1,$ff
+	str	$a0,[$r_ptr,#0]
+	adcs	$a2,$a2,$ff
+	str	$a1,[$r_ptr,#4]
+	adcs	$a3,$a3,#0
+	str	$a2,[$r_ptr,#8]
+	adcs	$a4,$a4,#0
+	str	$a3,[$r_ptr,#12]
+	adcs	$a5,$a5,#0
+	str	$a4,[$r_ptr,#16]
+	adcs	$a6,$a6,$ff,lsr#31
+	str	$a5,[$r_ptr,#20]
+	adcs	$a7,$a7,$ff
+	str	$a6,[$r_ptr,#24]
+	str	$a7,[$r_ptr,#28]
+
+	mov	pc,lr
+.size	__ecp_nistz256_add_self,.-__ecp_nistz256_add_self
+
+___
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+# above map() describes stack layout with 5 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,%function
+.align	5
+ecp_nistz256_point_double:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*5
+
+.Lpoint_double_shortcut:
+	add	r3,sp,#$in_x
+	ldmia	$a_ptr!,{r4-r11}	@ copy in_x
+	stmia	r3,{r4-r11}
+
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_by_2	@ p256_mul_by_2(S, in_y);
+
+	add	$b_ptr,$a_ptr,#32
+	add	$a_ptr,$a_ptr,#32
+	add	$r_ptr,sp,#$Zsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Zsqr, in_z);
+
+	add	$a_ptr,sp,#$S
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(S, S);
+
+	ldr	$b_ptr,[sp,#32*5+4]
+	add	$a_ptr,$b_ptr,#32
+	add	$b_ptr,$b_ptr,#64
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(tmp0, in_z, in_y);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$r_ptr,$r_ptr,#64
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(res_z, tmp0);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$Zsqr
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_add	@ p256_add(M, in_x, Zsqr);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$Zsqr
+	add	$r_ptr,sp,#$Zsqr
+	bl	__ecp_nistz256_sub	@ p256_sub(Zsqr, in_x, Zsqr);
+
+	add	$a_ptr,sp,#$S
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(tmp0, S);
+
+	add	$a_ptr,sp,#$Zsqr
+	add	$b_ptr,sp,#$M
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(M, M, Zsqr);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$a_ptr,sp,#$tmp0
+	add	$r_ptr,$r_ptr,#32
+	bl	__ecp_nistz256_div_by_2	@ p256_div_by_2(res_y, tmp0);
+
+	add	$a_ptr,sp,#$M
+	add	$r_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_by_3	@ p256_mul_by_3(M, M);
+
+	add	$a_ptr,sp,#$in_x
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S, S, in_x);
+
+	add	$r_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(tmp0, S);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$a_ptr,sp,#$M
+	add	$b_ptr,sp,#$M
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(res_x, M);
+
+	add	$b_ptr,sp,#$tmp0
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_x, res_x, tmp0);
+
+	add	$b_ptr,sp,#$S
+	add	$r_ptr,sp,#$S
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(S, S, res_x);
+
+	add	$a_ptr,sp,#$M
+	add	$b_ptr,sp,#$S
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S, S, M);
+
+	ldr	$r_ptr,[sp,#32*5]
+	add	$b_ptr,$r_ptr,#32
+	add	$r_ptr,$r_ptr,#32
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, S, res_y);
+
+	add	sp,sp,#32*5+16		@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,$in2_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+# We use three of them for !in1infty, !in2intfy and
+# result of check for zero.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,%function
+.align	5
+ecp_nistz256_point_add:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*18+16
+
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_x
+	add	r3,sp,#$in2_x
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_y
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr,{r4-r11}		@ copy in2_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*18+8]	@ !in2infty
+
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_x
+	add	r3,sp,#$in1_x
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_y
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr,{r4-r11}		@ copy in1_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*18+4]	@ !in1infty
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$in2_z
+	add	$r_ptr,sp,#$Z2sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z2sqr, in2_z);
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$Z1sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$Z2sqr
+	add	$r_ptr,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S1, Z2sqr, in2_z);
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$Z1sqr
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$in1_y
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S1, S1, in1_y);
+
+	add	$a_ptr,sp,#$in2_y
+	add	$b_ptr,sp,#$S2
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S2, in2_y);
+
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$R
+	bl	__ecp_nistz256_sub_from	@ p256_sub(R, S2, S1);
+
+	orr	$a0,$a0,$a1		@ see if result is zero
+	orr	$a2,$a2,$a3
+	orr	$a4,$a4,$a5
+	orr	$a0,$a0,$a2
+	orr	$a4,$a4,$a6
+	orr	$a0,$a0,$a7
+	 add	$a_ptr,sp,#$in1_x
+	orr	$a0,$a0,$a4
+	 add	$b_ptr,sp,#$Z2sqr
+	str	$a0,[sp,#32*18+12]
+
+	add	$r_ptr,sp,#$U1
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U1, in1_x, Z2sqr);
+
+	add	$a_ptr,sp,#$in2_x
+	add	$b_ptr,sp,#$Z1sqr
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, in2_x, Z1sqr);
+
+	add	$b_ptr,sp,#$U1
+	add	$r_ptr,sp,#$H
+	bl	__ecp_nistz256_sub_from	@ p256_sub(H, U2, U1);
+
+	orr	$a0,$a0,$a1		@ see if result is zero
+	orr	$a2,$a2,$a3
+	orr	$a4,$a4,$a5
+	orr	$a0,$a0,$a2
+	orr	$a4,$a4,$a6
+	orr	$a0,$a0,$a7
+	orrs	$a0,$a0,$a4
+
+	bne	.Ladd_proceed		@ is_equal(U1,U2)?
+
+	ldr	$t0,[sp,#32*18+4]
+	ldr	$t1,[sp,#32*18+8]
+	ldr	$t2,[sp,#32*18+12]
+	tst	$t0,$t1
+	beq	.Ladd_proceed		@ (in1infty || in2infty)?
+	tst	$t2,$t2
+	beq	.Ladd_double		@ is_equal(S1,S2)?
+
+	ldr	$r_ptr,[sp,#32*18+16]
+	eor	r4,r4,r4
+	eor	r5,r5,r5
+	eor	r6,r6,r6
+	eor	r7,r7,r7
+	eor	r8,r8,r8
+	eor	r9,r9,r9
+	eor	r10,r10,r10
+	eor	r11,r11,r11
+	stmia	$r_ptr!,{r4-r11}
+	stmia	$r_ptr!,{r4-r11}
+	stmia	$r_ptr!,{r4-r11}
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	ldr	$a_ptr,[sp,#32*18+20]
+	add	sp,sp,#32*(18-5)+16	@ difference in frame sizes
+	b	.Lpoint_double_shortcut
+
+.align	4
+.Ladd_proceed:
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$R
+	add	$r_ptr,sp,#$Rsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Rsqr, R);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, H, in1_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$H
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Hsqr, H);
+
+	add	$a_ptr,sp,#$in2_z
+	add	$b_ptr,sp,#$res_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, res_z, in2_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$Hsqr
+	add	$r_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(Hcub, Hsqr, H);
+
+	add	$a_ptr,sp,#$Hsqr
+	add	$b_ptr,sp,#$U1
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, U1, Hsqr);
+
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(Hsqr, U2);
+
+	add	$b_ptr,sp,#$Rsqr
+	add	$r_ptr,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$b_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	@  p256_sub(res_x, res_x, Hcub);
+
+	add	$b_ptr,sp,#$U2
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_y, U2, res_x);
+
+	add	$a_ptr,sp,#$Hcub
+	add	$b_ptr,sp,#$S1
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S1, Hcub);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$res_y
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_y, res_y, R);
+
+	add	$b_ptr,sp,#$S2
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
+
+	ldr	r11,[sp,#32*18+4]	@ !in1intfy
+	ldr	r12,[sp,#32*18+8]	@ !in2intfy
+	add	r1,sp,#$res_x
+	add	r2,sp,#$in2_x
+	and	r10,r11,r12
+	mvn	r11,r11
+	add	r3,sp,#$in1_x
+	and	r11,r11,r12
+	mvn	r12,r12
+	ldr	$r_ptr,[sp,#32*18+16]
+___
+for($i=0;$i<96;$i+=8) {			# conditional moves
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_x
+	ldmia	r2!,{r6-r7}		@ in2_x
+	ldmia	r3!,{r8-r9}		@ in1_x
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r6,r11
+	and	r7,r7,r11
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+$code.=<<___;
+.Ladd_done:
+	add	sp,sp,#32*18+16+16	@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then note that we push
+# starting from r0, which means that we have copy of
+# input arguments just below these temporary vectors.
+# We use two of them for !in1infty, !in2intfy.
+
+my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,%function
+.align	5
+ecp_nistz256_point_add_affine:
+	stmdb	sp!,{r0-r12,lr}		@ push from r0, unusual, but intentional
+	sub	sp,sp,#32*15
+
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_x
+	add	r3,sp,#$in1_x
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr!,{r4-r11}	@ copy in1_y
+	stmia	r3!,{r4-r11}
+	ldmia	$a_ptr,{r4-r11}		@ copy in1_z
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	stmia	r3,{r4-r11}
+	str	r12,[sp,#32*15+4]	@ !in1infty
+
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_x
+	add	r3,sp,#$in2_x
+	orr	r12,r4,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	stmia	r3!,{r4-r11}
+	ldmia	$b_ptr!,{r4-r11}	@ copy in2_y
+	orr	r12,r12,r4
+	orr	r12,r12,r5
+	orr	r12,r12,r6
+	orr	r12,r12,r7
+	orr	r12,r12,r8
+	orr	r12,r12,r9
+	orr	r12,r12,r10
+	orr	r12,r12,r11
+	stmia	r3!,{r4-r11}
+	cmp	r12,#0
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	r12,#-1
+	str	r12,[sp,#32*15+8]	@ !in2infty
+
+	add	$a_ptr,sp,#$in1_z
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$Z1sqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$Z1sqr
+	add	$b_ptr,sp,#$in2_x
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, Z1sqr, in2_x);
+
+	add	$b_ptr,sp,#$in1_x
+	add	$r_ptr,sp,#$H
+	bl	__ecp_nistz256_sub_from	@ p256_sub(H, U2, in1_x);
+
+	add	$a_ptr,sp,#$Z1sqr
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, Z1sqr, in1_z);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$in1_z
+	add	$r_ptr,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_z, H, in1_z);
+
+	add	$a_ptr,sp,#$in2_y
+	add	$b_ptr,sp,#$S2
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, S2, in2_y);
+
+	add	$b_ptr,sp,#$in1_y
+	add	$r_ptr,sp,#$R
+	bl	__ecp_nistz256_sub_from	@ p256_sub(R, S2, in1_y);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$H
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Hsqr, H);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$R
+	add	$r_ptr,sp,#$Rsqr
+	bl	__ecp_nistz256_mul_mont	@ p256_sqr_mont(Rsqr, R);
+
+	add	$a_ptr,sp,#$H
+	add	$b_ptr,sp,#$Hsqr
+	add	$r_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(Hcub, Hsqr, H);
+
+	add	$a_ptr,sp,#$Hsqr
+	add	$b_ptr,sp,#$in1_x
+	add	$r_ptr,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(U2, in1_x, Hsqr);
+
+	add	$r_ptr,sp,#$Hsqr
+	bl	__ecp_nistz256_add_self	@ p256_mul_by_2(Hsqr, U2);
+
+	add	$b_ptr,sp,#$Rsqr
+	add	$r_ptr,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$b_ptr,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	@  p256_sub(res_x, res_x, Hcub);
+
+	add	$b_ptr,sp,#$U2
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	@ p256_sub(res_y, U2, res_x);
+
+	add	$a_ptr,sp,#$Hcub
+	add	$b_ptr,sp,#$in1_y
+	add	$r_ptr,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(S2, in1_y, Hcub);
+
+	add	$a_ptr,sp,#$R
+	add	$b_ptr,sp,#$res_y
+	add	$r_ptr,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	@ p256_mul_mont(res_y, res_y, R);
+
+	add	$b_ptr,sp,#$S2
+	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
+
+	ldr	r11,[sp,#32*15+4]	@ !in1intfy
+	ldr	r12,[sp,#32*15+8]	@ !in2intfy
+	add	r1,sp,#$res_x
+	add	r2,sp,#$in2_x
+	and	r10,r11,r12
+	mvn	r11,r11
+	add	r3,sp,#$in1_x
+	and	r11,r11,r12
+	mvn	r12,r12
+	ldr	$r_ptr,[sp,#32*15]
+___
+for($i=0;$i<64;$i+=8) {			# conditional moves
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_x
+	ldmia	r2!,{r6-r7}		@ in2_x
+	ldmia	r3!,{r8-r9}		@ in1_x
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r6,r11
+	and	r7,r7,r11
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+for(;$i<96;$i+=8) {
+my $j=($i-64)/4;
+$code.=<<___;
+	ldmia	r1!,{r4-r5}		@ res_z
+	ldmia	r3!,{r8-r9}		@ in1_z
+	and	r4,r4,r10
+	and	r5,r5,r10
+	and	r6,r11,#@ONE_mont[$j]
+	and	r7,r11,#@ONE_mont[$j+1]
+	and	r8,r8,r12
+	and	r9,r9,r12
+	orr	r4,r4,r6
+	orr	r5,r5,r7
+	orr	r4,r4,r8
+	orr	r5,r5,r9
+	stmia	$r_ptr!,{r4-r5}
+___
+}
+$code.=<<___;
+	add	sp,sp,#32*15+16		@ +16 means "skip even over saved r0-r3"
+#if __ARM_ARCH__>=5 || !defined(__thumb__)
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}					}}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv8.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv8.pl
new file mode 100644
index 0000000..cdc9161
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -0,0 +1,1558 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for ARMv8.
+#
+# February 2015.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816.
+#
+#			with/without -DECP_NISTZ256_ASM
+# Apple A7		+120-360%
+# Cortex-A53		+120-400%
+# Cortex-A57		+120-350%
+# X-Gene		+200-330%
+# Denver		+140-400%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +400% means 5x improvement.
+
+$flavour = shift;
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+{
+my ($rp,$ap,$bp,$bi,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3,$poly1,$poly3,
+    $acc0,$acc1,$acc2,$acc3,$acc4,$acc5) =
+    map("x$_",(0..17,19,20));
+
+my ($acc6,$acc7)=($ap,$bp);	# used in __ecp_nistz256_sqr_mont
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,%object
+.align	12
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+$code.=<<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	5
+.Lpoly:
+.quad	0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001
+.LRR:	// 2^512 mod P precomputed for NIST P256 polynomial
+.quad	0x0000000000000003,0xfffffffbffffffff,0xfffffffffffffffe,0x00000004fffffffd
+.Lone_mont:
+.quad	0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe
+.Lone:
+.quad	1,0,0,0
+.asciz	"ECP_NISTZ256 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+
+// void	ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,%function
+.align	6
+ecp_nistz256_to_mont:
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	$bi,.LRR		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	adr	$bp,.LRR		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	ret
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+// void	ecp_nistz256_from_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,%function
+.align	4
+ecp_nistz256_from_mont:
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	mov	$bi,#1			// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	adr	$bp,.Lone		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	ret
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+// void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					     const BN_ULONG x2[4]);
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,%function
+.align	4
+ecp_nistz256_mul_mont:
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	$bi,[$bp]		// bp[0]
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	ret
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+// void	ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,%function
+.align	4
+ecp_nistz256_sqr_mont:
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldp	$a0,$a1,[$ap]
+	ldp	$a2,$a3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sqr_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+	ret
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+// void	ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					const BN_ULONG x2[4]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,%function
+.align	4
+ecp_nistz256_add:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$t0,$t1,[$bp]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldp	$t2,$t3,[$bp,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_add
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+// void	ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,%function
+.align	4
+ecp_nistz256_div_by_2:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_div_by_2
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+// void	ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,%function
+.align	4
+ecp_nistz256_mul_by_2:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+// void	ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,%function
+.align	4
+ecp_nistz256_mul_by_3:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	mov	$a0,$acc0
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	mov	$t0,$a0
+	mov	$t1,$a1
+	mov	$t2,$a2
+	mov	$t3,$a3
+
+	bl	__ecp_nistz256_add	// ret += a	// 2*a+a=3*a
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+// void	ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4],
+//				        const BN_ULONG x2[4]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,%function
+.align	4
+ecp_nistz256_sub:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	$acc0,$acc1,[$ap]
+	ldp	$acc2,$acc3,[$ap,#16]
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+// void	ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,%function
+.align	4
+ecp_nistz256_neg:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	$bp,$ap
+	mov	$acc0,xzr		// a = 0
+	mov	$acc1,xzr
+	mov	$acc2,xzr
+	mov	$acc3,xzr
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+	ret
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded
+// to $a0-$a3 and b[0] - to $bi
+.type	__ecp_nistz256_mul_mont,%function
+.align	4
+__ecp_nistz256_mul_mont:
+	mul	$acc0,$a0,$bi		// a[0]*b[0]
+	umulh	$t0,$a0,$bi
+
+	mul	$acc1,$a1,$bi		// a[1]*b[0]
+	umulh	$t1,$a1,$bi
+
+	mul	$acc2,$a2,$bi		// a[2]*b[0]
+	umulh	$t2,$a2,$bi
+
+	mul	$acc3,$a3,$bi		// a[3]*b[0]
+	umulh	$t3,$a3,$bi
+	ldr	$bi,[$bp,#8]		// b[1]
+
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc2,$t1
+	 lsr	$t1,$acc0,#32
+	adcs	$acc3,$acc3,$t2
+	adc	$acc4,xzr,$t3
+	mov	$acc5,xzr
+___
+for($i=1;$i<4;$i++) {
+        # Reduction iteration is normally performed by accumulating
+        # result of multiplication of modulus by "magic" digit [and
+        # omitting least significant word, which is guaranteed to
+        # be 0], but thanks to special form of modulus and "magic"
+        # digit being equal to least significant word, it can be
+        # performed with additions and subtractions alone. Indeed:
+        #
+        #            ffff0001.00000000.0000ffff.ffffffff
+        # *                                     abcdefgh
+        # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+        #
+        # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+        # rewrite above as:
+        #
+        #   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+        # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+        # - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+        #
+        # or marking redundant operations:
+        #
+        #   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+        # + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+        # - 0000abcd.efgh0000.--------.--------.--------
+
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	 mul	$t0,$a0,$bi		// lo(a[0]*b[i])
+	adcs	$acc1,$acc2,$t1
+	 mul	$t1,$a1,$bi		// lo(a[1]*b[i])
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	 mul	$t2,$a2,$bi		// lo(a[2]*b[i])
+	adcs	$acc3,$acc4,$t3
+	 mul	$t3,$a3,$bi		// lo(a[3]*b[i])
+	adc	$acc4,$acc5,xzr
+
+	adds	$acc0,$acc0,$t0		// accumulate low parts of multiplication
+	 umulh	$t0,$a0,$bi		// hi(a[0]*b[i])
+	adcs	$acc1,$acc1,$t1
+	 umulh	$t1,$a1,$bi		// hi(a[1]*b[i])
+	adcs	$acc2,$acc2,$t2
+	 umulh	$t2,$a2,$bi		// hi(a[2]*b[i])
+	adcs	$acc3,$acc3,$t3
+	 umulh	$t3,$a3,$bi		// hi(a[3]*b[i])
+	adc	$acc4,$acc4,xzr
+___
+$code.=<<___	if ($i<3);
+	ldr	$bi,[$bp,#8*($i+1)]	// b[$i+1]
+___
+$code.=<<___;
+	adds	$acc1,$acc1,$t0		// accumulate high parts of multiplication
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc2,$t1
+	 lsr	$t1,$acc0,#32
+	adcs	$acc3,$acc3,$t2
+	adcs	$acc4,$acc4,$t3
+	adc	$acc5,xzr,xzr
+___
+}
+$code.=<<___;
+	// last reduction
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	adcs	$acc3,$acc4,$t3
+	adc	$acc4,$acc5,xzr
+
+	adds	$t0,$acc0,#1		// subs	$t0,$acc0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$acc4,xzr		// did it borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded
+// to $a0-$a3
+.type	__ecp_nistz256_sqr_mont,%function
+.align	4
+__ecp_nistz256_sqr_mont:
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	$acc1,$a1,$a0		// a[1]*a[0]
+	umulh	$t1,$a1,$a0
+	mul	$acc2,$a2,$a0		// a[2]*a[0]
+	umulh	$t2,$a2,$a0
+	mul	$acc3,$a3,$a0		// a[3]*a[0]
+	umulh	$acc4,$a3,$a0
+
+	adds	$acc2,$acc2,$t1		// accumulate high parts of multiplication
+	 mul	$t0,$a2,$a1		// a[2]*a[1]
+	 umulh	$t1,$a2,$a1
+	adcs	$acc3,$acc3,$t2
+	 mul	$t2,$a3,$a1		// a[3]*a[1]
+	 umulh	$t3,$a3,$a1
+	adc	$acc4,$acc4,xzr		// can't overflow
+
+	mul	$acc5,$a3,$a2		// a[3]*a[2]
+	umulh	$acc6,$a3,$a2
+
+	adds	$t1,$t1,$t2		// accumulate high parts of multiplication
+	 mul	$acc0,$a0,$a0		// a[0]*a[0]
+	adc	$t2,$t3,xzr		// can't overflow
+
+	adds	$acc3,$acc3,$t0		// accumulate low parts of multiplication
+	 umulh	$a0,$a0,$a0
+	adcs	$acc4,$acc4,$t1
+	 mul	$t1,$a1,$a1		// a[1]*a[1]
+	adcs	$acc5,$acc5,$t2
+	 umulh	$a1,$a1,$a1
+	adc	$acc6,$acc6,xzr		// can't overflow
+
+	adds	$acc1,$acc1,$acc1	// acc[1-6]*=2
+	 mul	$t2,$a2,$a2		// a[2]*a[2]
+	adcs	$acc2,$acc2,$acc2
+	 umulh	$a2,$a2,$a2
+	adcs	$acc3,$acc3,$acc3
+	 mul	$t3,$a3,$a3		// a[3]*a[3]
+	adcs	$acc4,$acc4,$acc4
+	 umulh	$a3,$a3,$a3
+	adcs	$acc5,$acc5,$acc5
+	adcs	$acc6,$acc6,$acc6
+	adc	$acc7,xzr,xzr
+
+	adds	$acc1,$acc1,$a0		// +a[i]*a[i]
+	adcs	$acc2,$acc2,$t1
+	adcs	$acc3,$acc3,$a1
+	adcs	$acc4,$acc4,$t2
+	adcs	$acc5,$acc5,$a2
+	 lsl	$t0,$acc0,#32
+	adcs	$acc6,$acc6,$t3
+	 lsr	$t1,$acc0,#32
+	adc	$acc7,$acc7,$a3
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary in
+					# multiplication for details
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	 lsl	$t0,$acc0,#32
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	 lsr	$t1,$acc0,#32
+	adc	$acc3,$t3,xzr		// can't overflow
+___
+}
+$code.=<<___;
+	subs	$t2,$acc0,$t0		// "*0xffff0001"
+	sbc	$t3,$acc0,$t1
+	adds	$acc0,$acc1,$t0		// +=acc[0]<<96 and omit acc[0]
+	adcs	$acc1,$acc2,$t1
+	adcs	$acc2,$acc3,$t2		// +=acc[0]*0xffff0001
+	adc	$acc3,$t3,xzr		// can't overflow
+
+	adds	$acc0,$acc0,$acc4	// accumulate upper half
+	adcs	$acc1,$acc1,$acc5
+	adcs	$acc2,$acc2,$acc6
+	adcs	$acc3,$acc3,$acc7
+	adc	$acc4,xzr,xzr
+
+	adds	$t0,$acc0,#1		// subs	$t0,$acc0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$acc4,xzr		// did it borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont
+
+// Note that __ecp_nistz256_add expects both input vectors pre-loaded to
+// $a0-$a3 and $t0-$t3. This is done because it's used in multiple
+// contexts, e.g. in multiplication by 2 and 3...
+.type	__ecp_nistz256_add,%function
+.align	4
+__ecp_nistz256_add:
+	adds	$acc0,$acc0,$t0		// ret = a+b
+	adcs	$acc1,$acc1,$t1
+	adcs	$acc2,$acc2,$t2
+	adcs	$acc3,$acc3,$t3
+	adc	$ap,xzr,xzr		// zap $ap
+
+	adds	$t0,$acc0,#1		// subs	$t0,$a0,#-1 // tmp = ret-modulus
+	sbcs	$t1,$acc1,$poly1
+	sbcs	$t2,$acc2,xzr
+	sbcs	$t3,$acc3,$poly3
+	sbcs	xzr,$ap,xzr		// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,lo	// ret = borrow ? ret : ret-modulus
+	csel	$acc1,$acc1,$t1,lo
+	csel	$acc2,$acc2,$t2,lo
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,lo
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+.type	__ecp_nistz256_sub_from,%function
+.align	4
+__ecp_nistz256_sub_from:
+	ldp	$t0,$t1,[$bp]
+	ldp	$t2,$t3,[$bp,#16]
+	subs	$acc0,$acc0,$t0		// ret = a-b
+	sbcs	$acc1,$acc1,$t1
+	sbcs	$acc2,$acc2,$t2
+	sbcs	$acc3,$acc3,$t3
+	sbc	$ap,xzr,xzr		// zap $ap
+
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = ret+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adc	$t3,$acc3,$poly3
+	cmp	$ap,xzr			// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = borrow ? ret+modulus : ret
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,eq
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,%function
+.align	4
+__ecp_nistz256_sub_morf:
+	ldp	$t0,$t1,[$bp]
+	ldp	$t2,$t3,[$bp,#16]
+	subs	$acc0,$t0,$acc0		// ret = b-a
+	sbcs	$acc1,$t1,$acc1
+	sbcs	$acc2,$t2,$acc2
+	sbcs	$acc3,$t3,$acc3
+	sbc	$ap,xzr,xzr		// zap $ap
+
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = ret+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adc	$t3,$acc3,$poly3
+	cmp	$ap,xzr			// did subtraction borrow?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = borrow ? ret+modulus : ret
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	stp	$acc0,$acc1,[$rp]
+	csel	$acc3,$acc3,$t3,eq
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_div_by_2,%function
+.align	4
+__ecp_nistz256_div_by_2:
+	subs	$t0,$acc0,#1		// adds	$t0,$a0,#-1 // tmp = a+modulus
+	adcs	$t1,$acc1,$poly1
+	adcs	$t2,$acc2,xzr
+	adcs	$t3,$acc3,$poly3
+	adc	$ap,xzr,xzr		// zap $ap
+	tst	$acc0,#1		// is a even?
+
+	csel	$acc0,$acc0,$t0,eq	// ret = even ? a : a+modulus 
+	csel	$acc1,$acc1,$t1,eq
+	csel	$acc2,$acc2,$t2,eq
+	csel	$acc3,$acc3,$t3,eq
+	csel	$ap,xzr,$ap,eq
+
+	lsr	$acc0,$acc0,#1		// ret >>= 1
+	orr	$acc0,$acc0,$acc1,lsl#63
+	lsr	$acc1,$acc1,#1
+	orr	$acc1,$acc1,$acc2,lsl#63
+	lsr	$acc2,$acc2,#1
+	orr	$acc2,$acc2,$acc3,lsl#63
+	lsr	$acc3,$acc3,#1
+	stp	$acc0,$acc1,[$rp]
+	orr	$acc3,$acc3,$ap,lsl#63
+	stp	$acc2,$acc3,[$rp,#16]
+
+	ret
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real) = map("x$_",(21,22));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,%function
+.align	5
+ecp_nistz256_point_double:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	sub	sp,sp,#32*4
+
+.Ldouble_shortcut:
+	ldp	$acc0,$acc1,[$ap,#32]
+	 mov	$rp_real,$rp
+	ldp	$acc2,$acc3,[$ap,#48]
+	 mov	$ap_real,$ap
+	 ldr	$poly1,.Lpoly+8
+	mov	$t0,$acc0
+	 ldr	$poly3,.Lpoly+24
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[$ap_real,#64]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[$ap_real,#64+16]
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_add	// p256_mul_by_2(S, in_y);
+
+	add	$rp,sp,#$Zsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Zsqr, in_z);
+
+	ldp	$t0,$t1,[$ap_real]
+	ldp	$t2,$t3,[$ap_real,#16]
+	mov	$a0,$acc0		// put Zsqr aside for p256_sub
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_add	// p256_add(M, Zsqr, in_x);
+
+	add	$bp,$ap_real,#0
+	mov	$acc0,$a0		// restore Zsqr
+	mov	$acc1,$a1
+	 ldp	$a0,$a1,[sp,#$S]	// forward load for p256_sqr_mont
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	add	$rp,sp,#$Zsqr
+	bl	__ecp_nistz256_sub_morf	// p256_sub(Zsqr, in_x, Zsqr);
+
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(S, S);
+
+	ldr	$bi,[$ap_real,#32]
+	ldp	$a0,$a1,[$ap_real,#64]
+	ldp	$a2,$a3,[$ap_real,#64+16]
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(tmp0, in_z, in_y);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[sp,#$S]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	add	$rp,$rp_real,#64
+	bl	__ecp_nistz256_add	// p256_mul_by_2(res_z, tmp0);
+
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(tmp0, S);
+
+	 ldr	$bi,[sp,#$Zsqr]		// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$M]
+	 ldp	$a2,$a3,[sp,#$M+16]
+	add	$rp,$rp_real,#32
+	bl	__ecp_nistz256_div_by_2	// p256_div_by_2(res_y, tmp0);
+
+	add	$bp,sp,#$Zsqr
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(M, M, Zsqr);
+
+	mov	$t0,$acc0		// duplicate M
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	mov	$a0,$acc0		// put M aside
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$rp,sp,#$M
+	bl	__ecp_nistz256_add
+	mov	$t0,$a0			// restore M
+	mov	$t1,$a1
+	 ldr	$bi,[$ap_real]		// forward load for p256_mul_mont
+	mov	$t2,$a2
+	 ldp	$a0,$a1,[sp,#$S]
+	mov	$t3,$a3
+	 ldp	$a2,$a3,[sp,#$S+16]
+	bl	__ecp_nistz256_add	// p256_mul_by_3(M, M);
+
+	add	$bp,$ap_real,#0
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, in_x);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	 ldp	$a0,$a1,[sp,#$M]	// forward load for p256_sqr_mont
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	 ldp	$a2,$a3,[sp,#$M+16]
+	add	$rp,sp,#$tmp0
+	bl	__ecp_nistz256_add	// p256_mul_by_2(tmp0, S);
+
+	add	$rp,$rp_real,#0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(res_x, M);
+
+	add	$bp,sp,#$tmp0
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_x, res_x, tmp0);
+
+	add	$bp,sp,#$S
+	add	$rp,sp,#$S
+	bl	__ecp_nistz256_sub_morf	// p256_sub(S, S, res_x);
+
+	ldr	$bi,[sp,#$M]
+	mov	$a0,$acc0		// copy S
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	add	$bp,sp,#$M
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, M);
+
+	add	$bp,$rp_real,#32
+	add	$rp,$rp_real,#32
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, S, res_y);
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x29,x30,[sp],#80
+	ret
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,%function
+.align	5
+ecp_nistz256_point_add:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	sub	sp,sp,#32*12
+
+	ldp	$a0,$a1,[$bp,#64]	// in2_z
+	ldp	$a2,$a3,[$bp,#64+16]
+	 mov	$rp_real,$rp
+	 mov	$ap_real,$ap
+	 mov	$bp_real,$bp
+	 ldr	$poly1,.Lpoly+8
+	 ldr	$poly3,.Lpoly+24
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in2infty,$t0,$t2
+	cmp	$in2infty,#0
+	csetm	$in2infty,ne		// !in2infty
+	add	$rp,sp,#$Z2sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z2sqr, in2_z);
+
+	ldp	$a0,$a1,[$ap_real,#64]	// in1_z
+	ldp	$a2,$a3,[$ap_real,#64+16]
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in1infty,$t0,$t2
+	cmp	$in1infty,#0
+	csetm	$in1infty,ne		// !in1infty
+	add	$rp,sp,#$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	ldr	$bi,[$bp_real,#64]
+	ldp	$a0,$a1,[sp,#$Z2sqr]
+	ldp	$a2,$a3,[sp,#$Z2sqr+16]
+	add	$bp,$bp_real,#64
+	add	$rp,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, Z2sqr, in2_z);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$Z1sqr]
+	ldp	$a2,$a3,[sp,#$Z1sqr+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	$bi,[$ap_real,#32]
+	ldp	$a0,$a1,[sp,#$S1]
+	ldp	$a2,$a3,[sp,#$S1+16]
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$S1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, S1, in1_y);
+
+	ldr	$bi,[$bp_real,#32]
+	ldp	$a0,$a1,[sp,#$S2]
+	ldp	$a2,$a3,[sp,#$S2+16]
+	add	$bp,$bp_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	$bp,sp,#$S1
+	 ldr	$bi,[sp,#$Z2sqr]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[$ap_real]
+	 ldp	$a2,$a3,[$ap_real,#16]
+	add	$rp,sp,#$R
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, S1);
+
+	orr	$acc0,$acc0,$acc1	// see if result is zero
+	orr	$acc2,$acc2,$acc3
+	orr	$temp,$acc0,$acc2
+
+	add	$bp,sp,#$Z2sqr
+	add	$rp,sp,#$U1
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U1, in1_x, Z2sqr);
+
+	ldr	$bi,[sp,#$Z1sqr]
+	ldp	$a0,$a1,[$bp_real]
+	ldp	$a2,$a3,[$bp_real,#16]
+	add	$bp,sp,#$Z1sqr
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in2_x, Z1sqr);
+
+	add	$bp,sp,#$U1
+	 ldp	$a0,$a1,[sp,#$R]	// forward load for p256_sqr_mont
+	 ldp	$a2,$a3,[sp,#$R+16]
+	add	$rp,sp,#$H
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, U1);
+
+	orr	$acc0,$acc0,$acc1	// see if result is zero
+	orr	$acc2,$acc2,$acc3
+	orr	$acc0,$acc0,$acc2
+	tst	$acc0,$acc0
+	b.ne	.Ladd_proceed		// is_equal(U1,U2)?
+
+	tst	$in1infty,$in2infty
+	b.eq	.Ladd_proceed		// (in1infty || in2infty)?
+
+	tst	$temp,$temp
+	b.eq	.Ladd_double		// is_equal(S1,S2)?
+
+	eor	$a0,$a0,$a0
+	eor	$a1,$a1,$a1
+	stp	$a0,$a1,[$rp_real]
+	stp	$a0,$a1,[$rp_real,#16]
+	stp	$a0,$a1,[$rp_real,#32]
+	stp	$a0,$a1,[$rp_real,#48]
+	stp	$a0,$a1,[$rp_real,#64]
+	stp	$a0,$a1,[$rp_real,#80]
+	b	.Ladd_done
+
+.align	4
+.Ladd_double:
+	mov	$ap,$ap_real
+	mov	$rp,$rp_real
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	add	sp,sp,#32*(12-4)	// difference in stack frames
+	b	.Ldouble_shortcut
+
+.align	4
+.Ladd_proceed:
+	add	$rp,sp,#$Rsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldr	$bi,[$bp_real,#64]
+	ldp	$a0,$a1,[sp,#$res_z]
+	ldp	$a2,$a3,[sp,#$res_z+16]
+	add	$bp,$bp_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, res_z, in2_z);
+
+	ldr	$bi,[sp,#$H]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,sp,#$H
+	add	$rp,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	$bi,[sp,#$Hsqr]
+	ldp	$a0,$a1,[sp,#$U1]
+	ldp	$a2,$a3,[sp,#$U1+16]
+	add	$bp,sp,#$Hsqr
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, U1, Hsqr);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	$bp,sp,#$Rsqr
+	add	$rp,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$bp,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	$bp,sp,#$U2
+	 ldr	$bi,[sp,#$Hcub]		// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$S1]
+	 ldp	$a2,$a3,[sp,#$S1+16]
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	$bp,sp,#$Hcub
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S1, Hcub);
+
+	ldr	$bi,[sp,#$R]
+	ldp	$a0,$a1,[sp,#$res_y]
+	ldp	$a2,$a3,[sp,#$res_y+16]
+	add	$bp,sp,#$R
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	$bp,sp,#$S2
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	$a0,$a1,[sp,#$res_x]		// res
+	ldp	$a2,$a3,[sp,#$res_x+16]
+	ldp	$t0,$t1,[$bp_real]		// in2
+	ldp	$t2,$t3,[$bp_real,#16]
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	ldp	$a2,$a3,[sp,#$res_x+$i+48]
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	ldp	$t0,$t1,[$bp_real,#$i+32]	// in2
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	ldp	$t2,$t3,[$bp_real,#$i+48]
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+___
+}
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+
+.Ladd_done:
+	add	sp,x29,#0	// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x29,x30,[sp],#80
+	ret
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26));
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,%function
+.align	5
+ecp_nistz256_point_add_affine:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	sub	sp,sp,#32*10
+
+	mov	$rp_real,$rp
+	mov	$ap_real,$ap
+	mov	$bp_real,$bp
+	ldr	$poly1,.Lpoly+8
+	ldr	$poly3,.Lpoly+24
+
+	ldp	$a0,$a1,[$ap,#64]	// in1_z
+	ldp	$a2,$a3,[$ap,#64+16]
+	orr	$t0,$a0,$a1
+	orr	$t2,$a2,$a3
+	orr	$in1infty,$t0,$t2
+	cmp	$in1infty,#0
+	csetm	$in1infty,ne		// !in1infty
+
+	ldp	$acc0,$acc1,[$bp]	// in2_x
+	ldp	$acc2,$acc3,[$bp,#16]
+	ldp	$t0,$t1,[$bp,#32]	// in2_y
+	ldp	$t2,$t3,[$bp,#48]
+	orr	$acc0,$acc0,$acc1
+	orr	$acc2,$acc2,$acc3
+	orr	$t0,$t0,$t1
+	orr	$t2,$t2,$t3
+	orr	$acc0,$acc0,$acc2
+	orr	$t0,$t0,$t2
+	orr	$in2infty,$acc0,$t0
+	cmp	$in2infty,#0
+	csetm	$in2infty,ne		// !in2infty
+
+	add	$rp,sp,#$Z1sqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	mov	$a0,$acc0
+	mov	$a1,$acc1
+	mov	$a2,$acc2
+	mov	$a3,$acc3
+	ldr	$bi,[$bp_real]
+	add	$bp,$bp_real,#0
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, Z1sqr, in2_x);
+
+	add	$bp,$ap_real,#0
+	 ldr	$bi,[$ap_real,#64]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$Z1sqr]
+	 ldp	$a2,$a3,[sp,#$Z1sqr+16]
+	add	$rp,sp,#$H
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, in1_x);
+
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	$bi,[$ap_real,#64]
+	ldp	$a0,$a1,[sp,#$H]
+	ldp	$a2,$a3,[sp,#$H+16]
+	add	$bp,$ap_real,#64
+	add	$rp,sp,#$res_z
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldr	$bi,[$bp_real,#32]
+	ldp	$a0,$a1,[sp,#$S2]
+	ldp	$a2,$a3,[sp,#$S2+16]
+	add	$bp,$bp_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	$bp,$ap_real,#32
+	 ldp	$a0,$a1,[sp,#$H]	// forward load for p256_sqr_mont
+	 ldp	$a2,$a3,[sp,#$H+16]
+	add	$rp,sp,#$R
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, in1_y);
+
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldp	$a0,$a1,[sp,#$R]
+	ldp	$a2,$a3,[sp,#$R+16]
+	add	$rp,sp,#$Rsqr
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	$bi,[sp,#$H]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,sp,#$H
+	add	$rp,sp,#$Hcub
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	$bi,[$ap_real]
+	ldp	$a0,$a1,[sp,#$Hsqr]
+	ldp	$a2,$a3,[sp,#$Hsqr+16]
+	add	$bp,$ap_real,#0
+	add	$rp,sp,#$U2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in1_x, Hsqr);
+
+	mov	$t0,$acc0
+	mov	$t1,$acc1
+	mov	$t2,$acc2
+	mov	$t3,$acc3
+	add	$rp,sp,#$Hsqr
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	$bp,sp,#$Rsqr
+	add	$rp,sp,#$res_x
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	$bp,sp,#$Hcub
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	$bp,sp,#$U2
+	 ldr	$bi,[$ap_real,#32]	// forward load for p256_mul_mont
+	 ldp	$a0,$a1,[sp,#$Hcub]
+	 ldp	$a2,$a3,[sp,#$Hcub+16]
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	$bp,$ap_real,#32
+	add	$rp,sp,#$S2
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, in1_y, Hcub);
+
+	ldr	$bi,[sp,#$R]
+	ldp	$a0,$a1,[sp,#$res_y]
+	ldp	$a2,$a3,[sp,#$res_y+16]
+	add	$bp,sp,#$R
+	add	$rp,sp,#$res_y
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	$bp,sp,#$S2
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	$a0,$a1,[sp,#$res_x]		// res
+	ldp	$a2,$a3,[sp,#$res_x+16]
+	ldp	$t0,$t1,[$bp_real]		// in2
+	ldp	$t2,$t3,[$bp_real,#16]
+___
+for($i=0;$i<64;$i+=32) {		# conditional moves
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	ldp	$a2,$a3,[sp,#$res_x+$i+48]
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	ldp	$t0,$t1,[$bp_real,#$i+32]	// in2
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	ldp	$t2,$t3,[$bp_real,#$i+48]
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+___
+$code.=<<___	if ($i == 0);
+	adr	$bp_real,.Lone_mont-64
+___
+}
+$code.=<<___;
+	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
+	cmp	$in1infty,#0			// !$in1intfy, remember?
+	ldp	$acc2,$acc3,[$ap_real,#$i+16]
+	csel	$t0,$a0,$t0,ne
+	csel	$t1,$a1,$t1,ne
+	csel	$t2,$a2,$t2,ne
+	csel	$t3,$a3,$t3,ne
+	cmp	$in2infty,#0			// !$in2intfy, remember?
+	csel	$acc0,$t0,$acc0,ne
+	csel	$acc1,$t1,$acc1,ne
+	csel	$acc2,$t2,$acc2,ne
+	csel	$acc3,$t3,$acc3,ne
+	stp	$acc0,$acc1,[$rp_real,#$i]
+	stp	$acc2,$acc3,[$rp_real,#$i+16]
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x29,x30,[sp],#80
+	ret
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}	}
+
+########################################################################
+# scatter-gather subroutines
+{
+my ($out,$inp,$index,$mask)=map("x$_",(0..3));
+$code.=<<___;
+// void	ecp_nistz256_scatter_w5(void *x0,const P256_POINT *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,%function
+.align	4
+ecp_nistz256_scatter_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	$out,$out,$index,lsl#2
+
+	ldp	x4,x5,[$inp]		// X
+	ldp	x6,x7,[$inp,#16]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldp	x4,x5,[$inp,#32]	// Y
+	ldp	x6,x7,[$inp,#48]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+	add	$out,$out,#64*8
+
+	ldp	x4,x5,[$inp,#64]	// Z
+	ldp	x6,x7,[$inp,#80]
+	str	w4,[$out,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[$out,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[$out,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[$out,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[$out,#64*4-4]
+	str	w5,[$out,#64*5-4]
+	str	w6,[$out,#64*6-4]
+	str	w7,[$out,#64*7-4]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+// void	ecp_nistz256_gather_w5(P256_POINT *x0,const void *x1,
+//					      int x2);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,%function
+.align	4
+ecp_nistz256_gather_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	$index,xzr
+	csetm	x3,ne
+	add	$index,$index,x3
+	add	$inp,$inp,$index,lsl#2
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out]		// X
+	stp	x6,x7,[$out,#16]
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out,#32]	// Y
+	stp	x6,x7,[$out,#48]
+
+	ldr	w4,[$inp,#64*0]
+	ldr	w5,[$inp,#64*1]
+	ldr	w6,[$inp,#64*2]
+	ldr	w7,[$inp,#64*3]
+	ldr	w8,[$inp,#64*4]
+	ldr	w9,[$inp,#64*5]
+	ldr	w10,[$inp,#64*6]
+	ldr	w11,[$inp,#64*7]
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[$out,#64]	// Z
+	stp	x6,x7,[$out,#80]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+// void	ecp_nistz256_scatter_w7(void *x0,const P256_POINT_AFFINE *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,%function
+.align	4
+ecp_nistz256_scatter_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	$out,$out,$index
+	mov	$index,#64/8
+.Loop_scatter_w7:
+	ldr	x3,[$inp],#8
+	subs	$index,$index,#1
+	prfm	pstl1strm,[$out,#4096+64*0]
+	prfm	pstl1strm,[$out,#4096+64*1]
+	prfm	pstl1strm,[$out,#4096+64*2]
+	prfm	pstl1strm,[$out,#4096+64*3]
+	prfm	pstl1strm,[$out,#4096+64*4]
+	prfm	pstl1strm,[$out,#4096+64*5]
+	prfm	pstl1strm,[$out,#4096+64*6]
+	prfm	pstl1strm,[$out,#4096+64*7]
+	strb	w3,[$out,#64*0-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*1-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*2-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*3-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*4-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*5-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*6-1]
+	lsr	x3,x3,#8
+	strb	w3,[$out,#64*7-1]
+	add	$out,$out,#64*8
+	b.ne	.Loop_scatter_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+// void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *x0,const void *x1,
+//						     int x2);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,%function
+.align	4
+ecp_nistz256_gather_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	$index,xzr
+	csetm	x3,ne
+	add	$index,$index,x3
+	add	$inp,$inp,$index
+	mov	$index,#64/8
+	nop
+.Loop_gather_w7:
+	ldrb	w4,[$inp,#64*0]
+	prfm	pldl1strm,[$inp,#4096+64*0]
+	subs	$index,$index,#1
+	ldrb	w5,[$inp,#64*1]
+	prfm	pldl1strm,[$inp,#4096+64*1]
+	ldrb	w6,[$inp,#64*2]
+	prfm	pldl1strm,[$inp,#4096+64*2]
+	ldrb	w7,[$inp,#64*3]
+	prfm	pldl1strm,[$inp,#4096+64*3]
+	ldrb	w8,[$inp,#64*4]
+	prfm	pldl1strm,[$inp,#4096+64*4]
+	ldrb	w9,[$inp,#64*5]
+	prfm	pldl1strm,[$inp,#4096+64*5]
+	ldrb	w10,[$inp,#64*6]
+	prfm	pldl1strm,[$inp,#4096+64*6]
+	ldrb	w11,[$inp,#64*7]
+	prfm	pldl1strm,[$inp,#4096+64*7]
+	add	$inp,$inp,#64*8
+	orr	x4,x4,x5,lsl#8
+	orr	x6,x6,x7,lsl#8
+	orr	x8,x8,x9,lsl#8
+	orr	x4,x4,x6,lsl#16
+	orr	x10,x10,x11,lsl#8
+	orr	x4,x4,x8,lsl#32
+	orr	x4,x4,x10,lsl#48
+	and	x4,x4,x3
+	str	x4,[$out],#8
+	b.ne	.Loop_gather_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	print $_,"\n";
+}
+close STDOUT;	# enforce flush
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-avx2.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-avx2.pl
new file mode 100755
index 0000000..3bdd2cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -0,0 +1,2100 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+##############################################################################
+#                                                                            #
+# Copyright 2014 Intel Corporation                                           #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you may not use this file except in compliance with the License.           #
+# You may obtain a copy of the License at                                    #
+#                                                                            #
+#    http://www.apache.org/licenses/LICENSE-2.0                              #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#                                                                            #
+##############################################################################
+#                                                                            #
+#  Developers and authors:                                                   #
+#  Shay Gueron (1, 2), and Vlad Krasnov (1)                                  #
+#  (1) Intel Corporation, Israel Development Center                          #
+#  (2) University of Haifa                                                   #
+#  Reference:                                                                #
+#  S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with#
+#                           256 Bit Primes"                                  #
+#                                                                            #
+##############################################################################
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+if ($avx>=2) {{
+$digit_size = "\$29";
+$n_digits = "\$9";
+
+$code.=<<___;
+.text
+
+.align 64
+.LAVX2_AND_MASK:
+.LAVX2_POLY:
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000
+.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000
+.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff
+
+.LAVX2_POLY_x2:
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC
+.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE
+.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE
+.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE
+.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE
+.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC
+
+.LAVX2_POLY_x8:
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8
+.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC
+.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC
+.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC
+.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8
+
+.LONE:
+.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff
+.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+
+# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL
+# Montgomery form (*2^256) to our format (*2^261)
+
+.LTO_MONT_AVX2:
+.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003
+
+.LFROM_MONT_AVX2:
+.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff
+.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff
+.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff
+.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000
+
+.LIntOne:
+.long 1,1,1,1,1,1,1,1
+___
+
+{
+# This function receives a pointer to an array of four affine points
+# (X, Y, <1>) and rearanges the data for AVX2 execution, while
+# converting it to 2^29 radix redundant form
+
+my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3,
+    $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15));
+
+$code.=<<___;
+.globl	ecp_nistz256_avx2_transpose_convert
+.type	ecp_nistz256_avx2_transpose_convert,\@function,2
+.align 64
+ecp_nistz256_avx2_transpose_convert:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	# Load the data
+	vmovdqa		32*0(%rsi), $X0
+	lea		112(%rsi), %rax		# size optimization
+	vmovdqa		32*1(%rsi), $Y0
+	lea		.LAVX2_AND_MASK(%rip), %rdx
+	vmovdqa		32*2(%rsi), $X1
+	vmovdqa		32*3(%rsi), $Y1
+	vmovdqa		32*4-112(%rax), $X2
+	vmovdqa		32*5-112(%rax), $Y2
+	vmovdqa		32*6-112(%rax), $X3
+	vmovdqa		32*7-112(%rax), $Y3
+
+	# Transpose X and Y independently
+	vpunpcklqdq	$X1, $X0, $T0		# T0 = [B2 A2 B0 A0]
+	vpunpcklqdq	$X3, $X2, $T1		# T1 = [D2 C2 D0 C0]
+	vpunpckhqdq	$X1, $X0, $T2		# T2 = [B3 A3 B1 A1]
+	vpunpckhqdq	$X3, $X2, $T3		# T3 = [D3 C3 D1 C1]
+
+	vpunpcklqdq	$Y1, $Y0, $T4
+	vpunpcklqdq	$Y3, $Y2, $T5
+	vpunpckhqdq	$Y1, $Y0, $T6
+	vpunpckhqdq	$Y3, $Y2, $T7
+
+	vperm2i128	\$0x20, $T1, $T0, $X0	# X0 = [D0 C0 B0 A0]
+	vperm2i128	\$0x20, $T3, $T2, $X1	# X1 = [D1 C1 B1 A1]
+	vperm2i128	\$0x31, $T1, $T0, $X2	# X2 = [D2 C2 B2 A2]
+	vperm2i128	\$0x31, $T3, $T2, $X3	# X3 = [D3 C3 B3 A3]
+
+	vperm2i128	\$0x20, $T5, $T4, $Y0
+	vperm2i128	\$0x20, $T7, $T6, $Y1
+	vperm2i128	\$0x31, $T5, $T4, $Y2
+	vperm2i128	\$0x31, $T7, $T6, $Y3
+	vmovdqa		(%rdx), $T7
+
+	vpand		(%rdx), $X0, $T0	# out[0] = in[0] & mask;
+	vpsrlq		\$29, $X0, $X0
+	vpand		$T7, $X0, $T1		# out[1] = (in[0] >> shift) & mask;
+	vpsrlq		\$29, $X0, $X0
+	vpsllq		\$6, $X1, $T2
+	vpxor		$X0, $T2, $T2
+	vpand		$T7, $T2, $T2		# out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask;
+	vpsrlq		\$23, $X1, $X1
+	vpand		$T7, $X1, $T3		# out[3] = (in[1] >> ((shift*3)%64)) & mask;
+	vpsrlq		\$29, $X1, $X1
+	vpsllq		\$12, $X2, $T4
+	vpxor		$X1, $T4, $T4
+	vpand		$T7, $T4, $T4		# out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask;
+	vpsrlq		\$17, $X2, $X2
+	vpand		$T7, $X2, $T5		# out[5] = (in[2] >> ((shift*5)%64)) & mask;
+	vpsrlq		\$29, $X2, $X2
+	vpsllq		\$18, $X3, $T6
+	vpxor		$X2, $T6, $T6
+	vpand		$T7, $T6, $T6		# out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask;
+	vpsrlq		\$11, $X3, $X3
+	 vmovdqa	$T0, 32*0(%rdi)
+	 lea		112(%rdi), %rax		# size optimization
+	vpand		$T7, $X3, $T0		# out[7] = (in[3] >> ((shift*7)%64)) & mask;
+	vpsrlq		\$29, $X3, $X3		# out[8] = (in[3] >> ((shift*8)%64)) & mask;
+
+	vmovdqa		$T1, 32*1(%rdi)
+	vmovdqa		$T2, 32*2(%rdi)
+	vmovdqa		$T3, 32*3(%rdi)
+	vmovdqa		$T4, 32*4-112(%rax)
+	vmovdqa		$T5, 32*5-112(%rax)
+	vmovdqa		$T6, 32*6-112(%rax)
+	vmovdqa		$T0, 32*7-112(%rax)
+	vmovdqa		$X3, 32*8-112(%rax)
+	lea		448(%rdi), %rax		# size optimization
+
+	vpand		$T7, $Y0, $T0		# out[0] = in[0] & mask;
+	vpsrlq		\$29, $Y0, $Y0
+	vpand		$T7, $Y0, $T1		# out[1] = (in[0] >> shift) & mask;
+	vpsrlq		\$29, $Y0, $Y0
+	vpsllq		\$6, $Y1, $T2
+	vpxor		$Y0, $T2, $T2
+	vpand		$T7, $T2, $T2		# out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask;
+	vpsrlq		\$23, $Y1, $Y1
+	vpand		$T7, $Y1, $T3		# out[3] = (in[1] >> ((shift*3)%64)) & mask;
+	vpsrlq		\$29, $Y1, $Y1
+	vpsllq		\$12, $Y2, $T4
+	vpxor		$Y1, $T4, $T4
+	vpand		$T7, $T4, $T4		# out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask;
+	vpsrlq		\$17, $Y2, $Y2
+	vpand		$T7, $Y2, $T5		# out[5] = (in[2] >> ((shift*5)%64)) & mask;
+	vpsrlq		\$29, $Y2, $Y2
+	vpsllq		\$18, $Y3, $T6
+	vpxor		$Y2, $T6, $T6
+	vpand		$T7, $T6, $T6		# out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask;
+	vpsrlq		\$11, $Y3, $Y3
+	 vmovdqa	$T0, 32*9-448(%rax)
+	vpand		$T7, $Y3, $T0		# out[7] = (in[3] >> ((shift*7)%64)) & mask;
+	vpsrlq		\$29, $Y3, $Y3		# out[8] = (in[3] >> ((shift*8)%64)) & mask;
+
+	vmovdqa		$T1, 32*10-448(%rax)
+	vmovdqa		$T2, 32*11-448(%rax)
+	vmovdqa		$T3, 32*12-448(%rax)
+	vmovdqa		$T4, 32*13-448(%rax)
+	vmovdqa		$T5, 32*14-448(%rax)
+	vmovdqa		$T6, 32*15-448(%rax)
+	vmovdqa		$T0, 32*16-448(%rax)
+	vmovdqa		$Y3, 32*17-448(%rax)
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert
+___
+}
+{
+################################################################################
+# This function receives a pointer to an array of four AVX2 formatted points
+# (X, Y, Z) convert the data to normal representation, and rearanges the data
+
+my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8));
+my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15));
+
+$code.=<<___;
+
+.globl	ecp_nistz256_avx2_convert_transpose_back
+.type	ecp_nistz256_avx2_convert_transpose_back,\@function,2
+.align	32
+ecp_nistz256_avx2_convert_transpose_back:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	mov	\$3, %ecx
+
+.Lconv_loop:
+	vmovdqa		32*0(%rsi), $D0
+	lea		160(%rsi), %rax		# size optimization
+	vmovdqa		32*1(%rsi), $D1
+	vmovdqa		32*2(%rsi), $D2
+	vmovdqa		32*3(%rsi), $D3
+	vmovdqa		32*4-160(%rax), $D4
+	vmovdqa		32*5-160(%rax), $D5
+	vmovdqa		32*6-160(%rax), $D6
+	vmovdqa		32*7-160(%rax), $D7
+	vmovdqa		32*8-160(%rax), $D8
+
+	vpsllq		\$29, $D1, $D1
+	vpsllq		\$58, $D2, $T0
+	vpaddq		$D1, $D0, $D0
+	vpaddq		$T0, $D0, $D0		# out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2);
+
+	vpsrlq		\$6, $D2, $D2
+	vpsllq		\$23, $D3, $D3
+	vpsllq		\$52, $D4, $T1
+	vpaddq		$D2, $D3, $D3
+	vpaddq		$D3, $T1, $D1		# out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64);
+
+	vpsrlq		\$12, $D4, $D4
+	vpsllq		\$17, $D5, $D5
+	vpsllq		\$46, $D6, $T2
+	vpaddq		$D4, $D5, $D5
+	vpaddq		$D5, $T2, $D2		# out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64);
+
+	vpsrlq		\$18, $D6, $D6
+	vpsllq		\$11, $D7, $D7
+	vpsllq		\$40, $D8, $T3
+	vpaddq		$D6, $D7, $D7
+	vpaddq		$D7, $T3, $D3		# out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64);
+
+	vpunpcklqdq	$D1, $D0, $T0		# T0 = [B2 A2 B0 A0]
+	vpunpcklqdq	$D3, $D2, $T1		# T1 = [D2 C2 D0 C0]
+	vpunpckhqdq	$D1, $D0, $T2		# T2 = [B3 A3 B1 A1]
+	vpunpckhqdq	$D3, $D2, $T3		# T3 = [D3 C3 D1 C1]
+
+	vperm2i128	\$0x20, $T1, $T0, $D0	# X0 = [D0 C0 B0 A0]
+	vperm2i128	\$0x20, $T3, $T2, $D1	# X1 = [D1 C1 B1 A1]
+	vperm2i128	\$0x31, $T1, $T0, $D2	# X2 = [D2 C2 B2 A2]
+	vperm2i128	\$0x31, $T3, $T2, $D3	# X3 = [D3 C3 B3 A3]
+
+	vmovdqa		$D0, 32*0(%rdi)
+	vmovdqa		$D1, 32*3(%rdi)
+	vmovdqa		$D2, 32*6(%rdi)
+	vmovdqa		$D3, 32*9(%rdi)
+
+	lea		32*9(%rsi), %rsi
+	lea		32*1(%rdi), %rdi
+
+	dec	%ecx
+	jnz	.Lconv_loop
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back
+___
+}
+{
+my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx");
+my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8));
+my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13));
+
+sub NORMALIZE {
+my $ret=<<___;
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+___
+    $ret;
+}
+
+sub STORE {
+my $ret=<<___;
+	vmovdqa		$ACC0, 32*0(%rdi)
+	lea		160(%rdi), %rax		# size optimization
+	vmovdqa		$ACC1, 32*1(%rdi)
+	vmovdqa		$ACC2, 32*2(%rdi)
+	vmovdqa		$ACC3, 32*3(%rdi)
+	vmovdqa		$ACC4, 32*4-160(%rax)
+	vmovdqa		$ACC5, 32*5-160(%rax)
+	vmovdqa		$ACC6, 32*6-160(%rax)
+	vmovdqa		$ACC7, 32*7-160(%rax)
+	vmovdqa		$ACC8, 32*8-160(%rax)
+___
+    $ret;
+}
+
+$code.=<<___;
+.type	avx2_normalize,\@abi-omnipotent
+.align	32
+avx2_normalize:
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+
+	ret
+.size	avx2_normalize,.-avx2_normalize
+
+.type	avx2_normalize_n_store,\@abi-omnipotent
+.align	32
+avx2_normalize_n_store:
+	vpsrlq		$digit_size, $ACC0, $T0
+	vpand		$AND_MASK, $ACC0, $ACC0
+	vpaddq		$T0, $ACC1, $ACC1
+
+	vpsrlq		$digit_size, $ACC1, $T0
+	vpand		$AND_MASK, $ACC1, $ACC1
+	 vmovdqa	$ACC0, 32*0(%rdi)
+	 lea		160(%rdi), %rax		# size optimization
+	vpaddq		$T0, $ACC2, $ACC2
+
+	vpsrlq		$digit_size, $ACC2, $T0
+	vpand		$AND_MASK, $ACC2, $ACC2
+	 vmovdqa	$ACC1, 32*1(%rdi)
+	vpaddq		$T0, $ACC3, $ACC3
+
+	vpsrlq		$digit_size, $ACC3, $T0
+	vpand		$AND_MASK, $ACC3, $ACC3
+	 vmovdqa	$ACC2, 32*2(%rdi)
+	vpaddq		$T0, $ACC4, $ACC4
+
+	vpsrlq		$digit_size, $ACC4, $T0
+	vpand		$AND_MASK, $ACC4, $ACC4
+	 vmovdqa	$ACC3, 32*3(%rdi)
+	vpaddq		$T0, $ACC5, $ACC5
+
+	vpsrlq		$digit_size, $ACC5, $T0
+	vpand		$AND_MASK, $ACC5, $ACC5
+	 vmovdqa	$ACC4, 32*4-160(%rax)
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpsrlq		$digit_size, $ACC6, $T0
+	vpand		$AND_MASK, $ACC6, $ACC6
+	 vmovdqa	$ACC5, 32*5-160(%rax)
+	vpaddq		$T0, $ACC7, $ACC7
+
+	vpsrlq		$digit_size, $ACC7, $T0
+	vpand		$AND_MASK, $ACC7, $ACC7
+	 vmovdqa	$ACC6, 32*6-160(%rax)
+	vpaddq		$T0, $ACC8, $ACC8
+	#vpand		$AND_MASK, $ACC8, $ACC8
+	 vmovdqa	$ACC7, 32*7-160(%rax)
+	 vmovdqa	$ACC8, 32*8-160(%rax)
+
+	ret
+.size	avx2_normalize_n_store,.-avx2_normalize_n_store
+
+################################################################################
+# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_mul_x4,\@abi-omnipotent
+.align	32
+avx2_mul_x4:
+	lea	.LAVX2_POLY(%rip), %rax
+
+	vpxor	$ACC0, $ACC0, $ACC0
+	vpxor	$ACC1, $ACC1, $ACC1
+	vpxor	$ACC2, $ACC2, $ACC2
+	vpxor	$ACC3, $ACC3, $ACC3
+	vpxor	$ACC4, $ACC4, $ACC4
+	vpxor	$ACC5, $ACC5, $ACC5
+	vpxor	$ACC6, $ACC6, $ACC6
+	vpxor	$ACC7, $ACC7, $ACC7
+
+	vmovdqa	32*7(%rax), %ymm14
+	vmovdqa	32*8(%rax), %ymm15
+
+	mov	$n_digits, $itr
+	lea	-512($a_ptr), $a_ptr	# strategic bias to control u-op density
+	jmp	.Lavx2_mul_x4_loop
+
+.align	32
+.Lavx2_mul_x4_loop:
+	vmovdqa		32*0($b_ptr), $B
+	lea		32*1($b_ptr), $b_ptr
+
+	vpmuludq	32*0+512($a_ptr), $B, $T0
+	vpmuludq	32*1+512($a_ptr), $B, $OVERFLOW	# borrow $OVERFLOW
+	vpaddq		$T0, $ACC0, $ACC0
+	vpmuludq	32*2+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC1, $ACC1
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*3+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*4+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*5+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*6+512($a_ptr), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*7+512($a_ptr), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	# Skip some multiplications, optimizing for the constant poly
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*8+512($a_ptr), $B, $ACC8
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	.byte		0x67
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $OVERFLOW
+	.byte		0x67
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC7, $ACC6
+	vpaddq		$OVERFLOW, $ACC8, $ACC7
+
+	dec	$itr
+	jnz	.Lavx2_mul_x4_loop
+
+	vpxor	$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_mul_x4,.-avx2_mul_x4
+
+# Function optimized for the constant 1
+################################################################################
+# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4);
+.type	avx2_mul_by1_x4,\@abi-omnipotent
+.align	32
+avx2_mul_by1_x4:
+	lea	.LAVX2_POLY(%rip), %rax
+
+	vpxor	$ACC0, $ACC0, $ACC0
+	vpxor	$ACC1, $ACC1, $ACC1
+	vpxor	$ACC2, $ACC2, $ACC2
+	vpxor	$ACC3, $ACC3, $ACC3
+	vpxor	$ACC4, $ACC4, $ACC4
+	vpxor	$ACC5, $ACC5, $ACC5
+	vpxor	$ACC6, $ACC6, $ACC6
+	vpxor	$ACC7, $ACC7, $ACC7
+	vpxor	$ACC8, $ACC8, $ACC8
+
+	vmovdqa	32*3+.LONE(%rip), %ymm14
+	vmovdqa	32*7+.LONE(%rip), %ymm15
+
+	mov	$n_digits, $itr
+	jmp	.Lavx2_mul_by1_x4_loop
+
+.align	32
+.Lavx2_mul_by1_x4_loop:
+	vmovdqa		32*0($a_ptr), $B
+	.byte		0x48,0x8d,0xb6,0x20,0,0,0	# lea	32*1($a_ptr), $a_ptr
+
+	vpsllq		\$5, $B, $OVERFLOW
+	vpmuludq	%ymm14, $B, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC3
+	.byte		0x67
+	vpmuludq	$AND_MASK, $B, $T0
+	vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$T0, $ACC4, $ACC4
+	vpaddq		$T0, $ACC5, $ACC5
+	vpaddq		$T0, $ACC6, $ACC6
+	vpsllq		\$23, $B, $T0
+
+	.byte		0x67,0x67
+	vpmuludq	%ymm15, $B, $OVERFLOW
+	vpsubq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC7
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	.byte		0x67,0x67
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $OVERFLOW
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	32*7(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC6, $ACC5
+	vpaddq		$T0, $ACC7, $ACC6
+	vpmuludq	32*8(%rax), $Y, $ACC7
+
+	dec	$itr
+	jnz	.Lavx2_mul_by1_x4_loop
+
+	ret
+.size	avx2_mul_by1_x4,.-avx2_mul_by1_x4
+
+################################################################################
+# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_sqr_x4,\@abi-omnipotent
+.align	32
+avx2_sqr_x4:
+	lea		.LAVX2_POLY(%rip), %rax
+
+	vmovdqa		32*7(%rax), %ymm14
+	vmovdqa		32*8(%rax), %ymm15
+
+	vmovdqa		32*0($a_ptr), $B
+	vmovdqa		32*1($a_ptr), $ACC1
+	vmovdqa		32*2($a_ptr), $ACC2
+	vmovdqa		32*3($a_ptr), $ACC3
+	vmovdqa		32*4($a_ptr), $ACC4
+	vmovdqa		32*5($a_ptr), $ACC5
+	vmovdqa		32*6($a_ptr), $ACC6
+	vmovdqa		32*7($a_ptr), $ACC7
+	vpaddq		$ACC1, $ACC1, $ACC1	# 2*$ACC0..7
+	vmovdqa		32*8($a_ptr), $ACC8
+	vpaddq		$ACC2, $ACC2, $ACC2
+	vmovdqa		$ACC1, 32*0(%rcx)
+	vpaddq		$ACC3, $ACC3, $ACC3
+	vmovdqa		$ACC2, 32*1(%rcx)
+	vpaddq		$ACC4, $ACC4, $ACC4
+	vmovdqa		$ACC3, 32*2(%rcx)
+	vpaddq		$ACC5, $ACC5, $ACC5
+	vmovdqa		$ACC4, 32*3(%rcx)
+	vpaddq		$ACC6, $ACC6, $ACC6
+	vmovdqa		$ACC5, 32*4(%rcx)
+	vpaddq		$ACC7, $ACC7, $ACC7
+	vmovdqa		$ACC6, 32*5(%rcx)
+	vpaddq		$ACC8, $ACC8, $ACC8
+	vmovdqa		$ACC7, 32*6(%rcx)
+	vmovdqa		$ACC8, 32*7(%rcx)
+
+	#itr		1
+	vpmuludq	$B, $B, $ACC0
+	vpmuludq	$B, $ACC1, $ACC1
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	$B, $ACC2, $ACC2
+	vpmuludq	$B, $ACC3, $ACC3
+	vpmuludq	$B, $ACC4, $ACC4
+	vpmuludq	$B, $ACC5, $ACC5
+	vpmuludq	$B, $ACC6, $ACC6
+	 vpmuludq	$AND_MASK, $Y, $T0
+	vpmuludq	$B, $ACC7, $ACC7
+	vpmuludq	$B, $ACC8, $ACC8
+	 vmovdqa	32*1($a_ptr), $B
+
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		2
+	vpmuludq	$B, $B, $OVERFLOW
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*1(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC1, $ACC1
+	vpmuludq	32*2(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*2($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		3
+	vpmuludq	$B, $B, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpmuludq	32*2(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC2
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*3($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		4
+	vpmuludq	$B, $B, $OVERFLOW
+	vpmuludq	32*3(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC3, $ACC3
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*4($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		5
+	vpmuludq	$B, $B, $T0
+	vpmuludq	32*4(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC4, $ACC4
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*5($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3+.LAVX2_POLY(%rip), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		6
+	vpmuludq	$B, $B, $OVERFLOW
+	vpmuludq	32*5(%rcx), $B, $T0
+	vpaddq		$OVERFLOW, $ACC5, $ACC5
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*6($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		7
+	vpmuludq	$B, $B, $T0
+	vpmuludq	32*6(%rcx), $B, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC6
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*7($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		8
+	vpmuludq	$B, $B, $OVERFLOW
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	 vpaddq		$OVERFLOW, $ACC7, $ACC7
+	 vpmuludq	32*7(%rcx), $B, $ACC8
+	 vmovdqa	32*8($a_ptr), $B
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	 vpand		$AND_MASK, $ACC0, $Y
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	#itr		9
+	vpmuludq	$B, $B, $ACC8
+
+	vpmuludq	$AND_MASK, $Y, $T0
+	vpaddq		$T0, $ACC0, $OVERFLOW
+	vpsrlq		$digit_size, $OVERFLOW, $OVERFLOW
+	vpaddq		$T0, $ACC1, $ACC0
+	vpaddq		$T0, $ACC2, $ACC1
+	vpmuludq	32*3(%rax), $Y, $T0
+	vpaddq		$OVERFLOW, $ACC0, $ACC0
+	vpaddq		$T0, $ACC3, $ACC2
+	vmovdqa		$ACC4, $ACC3
+	vpsllq		\$18, $Y, $T0
+	vmovdqa		$ACC5, $ACC4
+	vpmuludq	%ymm14, $Y, $OVERFLOW
+	vpaddq		$T0, $ACC6, $ACC5
+	vpmuludq	%ymm15, $Y, $T0
+	vpaddq		$OVERFLOW, $ACC7, $ACC6
+	vpaddq		$T0, $ACC8, $ACC7
+
+	vpxor		$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_sqr_x4,.-avx2_sqr_x4
+
+################################################################################
+# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.type	avx2_sub_x4,\@abi-omnipotent
+.align	32
+avx2_sub_x4:
+	vmovdqa	32*0($a_ptr), $ACC0
+	lea	160($a_ptr), $a_ptr
+	lea	.LAVX2_POLY_x8+128(%rip), %rax
+	lea	128($b_ptr), $b_ptr
+	vmovdqa	32*1-160($a_ptr), $ACC1
+	vmovdqa	32*2-160($a_ptr), $ACC2
+	vmovdqa	32*3-160($a_ptr), $ACC3
+	vmovdqa	32*4-160($a_ptr), $ACC4
+	vmovdqa	32*5-160($a_ptr), $ACC5
+	vmovdqa	32*6-160($a_ptr), $ACC6
+	vmovdqa	32*7-160($a_ptr), $ACC7
+	vmovdqa	32*8-160($a_ptr), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128($b_ptr), $ACC0, $ACC0
+	vpsubq	32*1-128($b_ptr), $ACC1, $ACC1
+	vpsubq	32*2-128($b_ptr), $ACC2, $ACC2
+	vpsubq	32*3-128($b_ptr), $ACC3, $ACC3
+	vpsubq	32*4-128($b_ptr), $ACC4, $ACC4
+	vpsubq	32*5-128($b_ptr), $ACC5, $ACC5
+	vpsubq	32*6-128($b_ptr), $ACC6, $ACC6
+	vpsubq	32*7-128($b_ptr), $ACC7, $ACC7
+	vpsubq	32*8-128($b_ptr), $ACC8, $ACC8
+
+	ret
+.size	avx2_sub_x4,.-avx2_sub_x4
+
+.type	avx2_select_n_store,\@abi-omnipotent
+.align	32
+avx2_select_n_store:
+	vmovdqa	`8+32*9*8`(%rsp), $Y
+	vpor	`8+32*9*8+32`(%rsp), $Y, $Y
+
+	vpandn	$ACC0, $Y, $ACC0
+	vpandn	$ACC1, $Y, $ACC1
+	vpandn	$ACC2, $Y, $ACC2
+	vpandn	$ACC3, $Y, $ACC3
+	vpandn	$ACC4, $Y, $ACC4
+	vpandn	$ACC5, $Y, $ACC5
+	vpandn	$ACC6, $Y, $ACC6
+	vmovdqa	`8+32*9*8+32`(%rsp), $B
+	vpandn	$ACC7, $Y, $ACC7
+	vpandn	`8+32*9*8`(%rsp), $B, $B
+	vpandn	$ACC8, $Y, $ACC8
+
+	vpand	32*0(%rsi), $B, $T0
+	lea	160(%rsi), %rax
+	vpand	32*1(%rsi), $B, $Y
+	vpxor	$T0, $ACC0, $ACC0
+	vpand	32*2(%rsi), $B, $T0
+	vpxor	$Y, $ACC1, $ACC1
+	vpand	32*3(%rsi), $B, $Y
+	vpxor	$T0, $ACC2, $ACC2
+	vpand	32*4-160(%rax), $B, $T0
+	vpxor	$Y, $ACC3, $ACC3
+	vpand	32*5-160(%rax), $B, $Y
+	vpxor	$T0, $ACC4, $ACC4
+	vpand	32*6-160(%rax), $B, $T0
+	vpxor	$Y, $ACC5, $ACC5
+	vpand	32*7-160(%rax), $B, $Y
+	vpxor	$T0, $ACC6, $ACC6
+	vpand	32*8-160(%rax), $B, $T0
+	vmovdqa	`8+32*9*8+32`(%rsp), $B
+	vpxor	$Y, $ACC7, $ACC7
+
+	vpand	32*0(%rdx), $B, $Y
+	lea	160(%rdx), %rax
+	vpxor	$T0, $ACC8, $ACC8
+	vpand	32*1(%rdx), $B, $T0
+	vpxor	$Y, $ACC0, $ACC0
+	vpand	32*2(%rdx), $B, $Y
+	vpxor	$T0, $ACC1, $ACC1
+	vpand	32*3(%rdx), $B, $T0
+	vpxor	$Y, $ACC2, $ACC2
+	vpand	32*4-160(%rax), $B, $Y
+	vpxor	$T0, $ACC3, $ACC3
+	vpand	32*5-160(%rax), $B, $T0
+	vpxor	$Y, $ACC4, $ACC4
+	vpand	32*6-160(%rax), $B, $Y
+	vpxor	$T0, $ACC5, $ACC5
+	vpand	32*7-160(%rax), $B, $T0
+	vpxor	$Y, $ACC6, $ACC6
+	vpand	32*8-160(%rax), $B, $Y
+	vpxor	$T0, $ACC7, $ACC7
+	vpxor	$Y, $ACC8, $ACC8
+	`&STORE`
+
+	ret
+.size	avx2_select_n_store,.-avx2_select_n_store
+___
+$code.=<<___	if (0);				# inlined
+################################################################################
+# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4);
+.type	avx2_mul_by2_x4,\@abi-omnipotent
+.align	32
+avx2_mul_by2_x4:
+	vmovdqa	32*0($a_ptr), $ACC0
+	lea	160($a_ptr), %rax
+	vmovdqa	32*1($a_ptr), $ACC1
+	vmovdqa	32*2($a_ptr), $ACC2
+	vmovdqa	32*3($a_ptr), $ACC3
+	vmovdqa	32*4-160(%rax), $ACC4
+	vmovdqa	32*5-160(%rax), $ACC5
+	vmovdqa	32*6-160(%rax), $ACC6
+	vmovdqa	32*7-160(%rax), $ACC7
+	vmovdqa	32*8-160(%rax), $ACC8
+
+	vpaddq	$ACC0, $ACC0, $ACC0
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+
+	ret
+.size	avx2_mul_by2_x4,.-avx2_mul_by2_x4
+___
+my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx");
+my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10");
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.globl	ecp_nistz256_avx2_point_add_affine_x4
+.type	ecp_nistz256_avx2_point_add_affine_x4,\@function,3
+.align	32
+ecp_nistz256_avx2_point_add_affine_x4:
+	mov	%rsp, %rax
+	push    %rbp
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	-8(%rax), %rbp
+
+# Result + 32*0 = Result.X
+# Result + 32*9 = Result.Y
+# Result + 32*18 = Result.Z
+
+# A + 32*0 = A.X
+# A + 32*9 = A.Y
+# A + 32*18 = A.Z
+
+# B + 32*0 = B.X
+# B + 32*9 = B.Y
+
+	sub	\$`32*9*8+32*2+32*8`, %rsp
+	and	\$-64, %rsp
+
+	mov	$r_ptr_in, $r_ptr
+	mov	$a_ptr_in, $a_ptr
+	mov	$b_ptr_in, $b_ptr
+
+	vmovdqa	32*0($a_ptr_in), %ymm0
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	vpxor	%ymm1, %ymm1, %ymm1
+	lea	256($a_ptr_in), %rax		# size optimization
+	vpor	32*1($a_ptr_in), %ymm0, %ymm0
+	vpor	32*2($a_ptr_in), %ymm0, %ymm0
+	vpor	32*3($a_ptr_in), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8`(%rsp)
+
+	vpxor	%ymm1, %ymm1, %ymm1
+	vmovdqa	32*0($b_ptr), %ymm0
+	lea	256($b_ptr), %rax		# size optimization
+	vpor	32*1($b_ptr), %ymm0, %ymm0
+	vpor	32*2($b_ptr), %ymm0, %ymm0
+	vpor	32*3($b_ptr), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8+32`(%rsp)
+
+	#	Z1^2 = Z1*Z1
+	lea	`32*9*2`($a_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = X2*Z1^2
+	lea	`32*9*0`($b_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	S2 = Z1*Z1^2 = Z1^3
+	lea	`32*9*2`($a_ptr), %rsi
+	lea	`32*9*2`(%rsp), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	S2 = S2*Y2 = Y2*Z1^3
+	lea	`32*9*1`($b_ptr), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	H = U2 - U1 = U2 - X1
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($a_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	R = S2 - S1 = S2 - Y1
+	lea	`32*9*1`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*4`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	Z3 = H*Z1*Z2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*2`($a_ptr), %rdx
+	lea	`32*9*2`($r_ptr), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize
+
+	lea	.LONE(%rip), %rsi
+	lea	`32*9*2`($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	R^2 = R^2
+	lea	`32*9*4`(%rsp), %rsi
+	lea	`32*9*6`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^2 = H^2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdi
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^3 = H^2*H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*7`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = U1*H^2
+	lea	`32*9*0`($a_ptr), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	Hsqr = U2*2
+	#lea	32*9*0(%rsp), %rsi
+	#lea	32*9*5(%rsp), %rdi
+	#call	avx2_mul_by2_x4
+
+	vpaddq	$ACC0, $ACC0, $ACC0	# inlined avx2_mul_by2_x4
+	lea	`32*9*5`(%rsp), %rdi
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+	call	avx2_normalize_n_store
+
+	#	X3 = R^2 - H^3
+	#lea	32*9*6(%rsp), %rsi
+	#lea	32*9*7(%rsp), %rdx
+	#lea	32*9*5(%rsp), %rcx
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	#	X3 = X3 - U2*2
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*6+128`(%rsp), %rsi
+	lea	.LAVX2_POLY_x2+128(%rip), %rax
+	lea	`32*9*7+128`(%rsp), %rdx
+	lea	`32*9*5+128`(%rsp), %rcx
+	lea	`32*9*0`($r_ptr), %rdi
+
+	vmovdqa	32*0-128(%rsi), $ACC0
+	vmovdqa	32*1-128(%rsi), $ACC1
+	vmovdqa	32*2-128(%rsi), $ACC2
+	vmovdqa	32*3-128(%rsi), $ACC3
+	vmovdqa	32*4-128(%rsi), $ACC4
+	vmovdqa	32*5-128(%rsi), $ACC5
+	vmovdqa	32*6-128(%rsi), $ACC6
+	vmovdqa	32*7-128(%rsi), $ACC7
+	vmovdqa	32*8-128(%rsi), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rdx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rdx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rdx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rdx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rdx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rdx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rdx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rdx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rdx), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rcx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rcx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rcx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rcx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rcx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rcx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rcx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rcx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rcx), $ACC8, $ACC8
+	call	avx2_normalize
+
+	lea	32*0($b_ptr), %rsi
+	lea	32*0($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	H = U2 - X3
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($r_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*4`(%rsp), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*7`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize
+
+	lea	32*9($b_ptr), %rsi
+	lea	32*9($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_mul_by1_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*1`($r_ptr), %rsi
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6, -16*10(%rbp)
+	movaps	%xmm7, -16*9(%rbp)
+	movaps	%xmm8, -16*8(%rbp)
+	movaps	%xmm9, -16*7(%rbp)
+	movaps	%xmm10, -16*6(%rbp)
+	movaps	%xmm11, -16*5(%rbp)
+	movaps	%xmm12, -16*4(%rbp)
+	movaps	%xmm13, -16*3(%rbp)
+	movaps	%xmm14, -16*2(%rbp)
+	movaps	%xmm15, -16*1(%rbp)
+___
+$code.=<<___;
+	mov	%rbp, %rsp
+	pop	%rbp
+	ret
+.size	ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4
+
+################################################################################
+# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4);
+.globl	ecp_nistz256_avx2_point_add_affines_x4
+.type	ecp_nistz256_avx2_point_add_affines_x4,\@function,3
+.align	32
+ecp_nistz256_avx2_point_add_affines_x4:
+	mov	%rsp, %rax
+	push    %rbp
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	-8(%rax), %rbp
+
+# Result + 32*0 = Result.X
+# Result + 32*9 = Result.Y
+# Result + 32*18 = Result.Z
+
+# A + 32*0 = A.X
+# A + 32*9 = A.Y
+
+# B + 32*0 = B.X
+# B + 32*9 = B.Y
+
+	sub	\$`32*9*8+32*2+32*8`, %rsp
+	and	\$-64, %rsp
+
+	mov	$r_ptr_in, $r_ptr
+	mov	$a_ptr_in, $a_ptr
+	mov	$b_ptr_in, $b_ptr
+
+	vmovdqa	32*0($a_ptr_in), %ymm0
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	vpxor	%ymm1, %ymm1, %ymm1
+	lea	256($a_ptr_in), %rax		# size optimization
+	vpor	32*1($a_ptr_in), %ymm0, %ymm0
+	vpor	32*2($a_ptr_in), %ymm0, %ymm0
+	vpor	32*3($a_ptr_in), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8`(%rsp)
+
+	vpxor	%ymm1, %ymm1, %ymm1
+	vmovdqa	32*0($b_ptr), %ymm0
+	lea	256($b_ptr), %rax		# size optimization
+	vpor	32*1($b_ptr), %ymm0, %ymm0
+	vpor	32*2($b_ptr), %ymm0, %ymm0
+	vpor	32*3($b_ptr), %ymm0, %ymm0
+	vpor	32*4-256(%rax), %ymm0, %ymm0
+	lea	256(%rax), %rcx			# size optimization
+	vpor	32*5-256(%rax), %ymm0, %ymm0
+	vpor	32*6-256(%rax), %ymm0, %ymm0
+	vpor	32*7-256(%rax), %ymm0, %ymm0
+	vpor	32*8-256(%rax), %ymm0, %ymm0
+	vpor	32*9-256(%rax), %ymm0, %ymm0
+	vpor	32*10-256(%rax), %ymm0, %ymm0
+	vpor	32*11-256(%rax), %ymm0, %ymm0
+	vpor	32*12-512(%rcx), %ymm0, %ymm0
+	vpor	32*13-512(%rcx), %ymm0, %ymm0
+	vpor	32*14-512(%rcx), %ymm0, %ymm0
+	vpor	32*15-512(%rcx), %ymm0, %ymm0
+	vpor	32*16-512(%rcx), %ymm0, %ymm0
+	vpor	32*17-512(%rcx), %ymm0, %ymm0
+	vpcmpeqq %ymm1, %ymm0, %ymm0
+	vmovdqa	%ymm0, `32*9*8+32`(%rsp)
+
+	#	H = U2 - U1 = X2 - X1
+	lea	`32*9*0`($b_ptr), %rsi
+	lea	`32*9*0`($a_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	R = S2 - S1 = Y2 - Y1
+	lea	`32*9*1`($b_ptr), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*4`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	Z3 = H*Z1*Z2 = H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*2`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize
+
+	vmovdqa	`32*9*8`(%rsp), $B
+	vpor	`32*9*8+32`(%rsp), $B, $B
+
+	vpandn	$ACC0, $B, $ACC0
+	lea	.LONE+128(%rip), %rax
+	vpandn	$ACC1, $B, $ACC1
+	vpandn	$ACC2, $B, $ACC2
+	vpandn	$ACC3, $B, $ACC3
+	vpandn	$ACC4, $B, $ACC4
+	vpandn	$ACC5, $B, $ACC5
+	vpandn	$ACC6, $B, $ACC6
+	vpandn	$ACC7, $B, $ACC7
+
+	vpand	32*0-128(%rax), $B, $T0
+	 vpandn	$ACC8, $B, $ACC8
+	vpand	32*1-128(%rax), $B, $Y
+	vpxor	$T0, $ACC0, $ACC0
+	vpand	32*2-128(%rax), $B, $T0
+	vpxor	$Y, $ACC1, $ACC1
+	vpand	32*3-128(%rax), $B, $Y
+	vpxor	$T0, $ACC2, $ACC2
+	vpand	32*4-128(%rax), $B, $T0
+	vpxor	$Y, $ACC3, $ACC3
+	vpand	32*5-128(%rax), $B, $Y
+	vpxor	$T0, $ACC4, $ACC4
+	vpand	32*6-128(%rax), $B, $T0
+	vpxor	$Y, $ACC5, $ACC5
+	vpand	32*7-128(%rax), $B, $Y
+	vpxor	$T0, $ACC6, $ACC6
+	vpand	32*8-128(%rax), $B, $T0
+	vpxor	$Y, $ACC7, $ACC7
+	vpxor	$T0, $ACC8, $ACC8
+	`&STORE`
+
+	#	R^2 = R^2
+	lea	`32*9*4`(%rsp), %rsi
+	lea	`32*9*6`(%rsp), %rdi
+	lea	`32*9*8+32*2`(%rsp), %rcx	# temporary vector
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^2 = H^2
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdi
+	call	avx2_sqr_x4
+	call	avx2_normalize_n_store
+
+	#	H^3 = H^2*H
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*7`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	U2 = U1*H^2
+	lea	`32*9*0`($a_ptr), %rsi
+	lea	`32*9*5`(%rsp), %rdx
+	lea	`32*9*0`(%rsp), %rdi
+	call	avx2_mul_x4
+	#call	avx2_normalize
+	`&STORE`
+
+	#	Hsqr = U2*2
+	#lea	32*9*0(%rsp), %rsi
+	#lea	32*9*5(%rsp), %rdi
+	#call	avx2_mul_by2_x4
+
+	vpaddq	$ACC0, $ACC0, $ACC0	# inlined avx2_mul_by2_x4
+	lea	`32*9*5`(%rsp), %rdi
+	vpaddq	$ACC1, $ACC1, $ACC1
+	vpaddq	$ACC2, $ACC2, $ACC2
+	vpaddq	$ACC3, $ACC3, $ACC3
+	vpaddq	$ACC4, $ACC4, $ACC4
+	vpaddq	$ACC5, $ACC5, $ACC5
+	vpaddq	$ACC6, $ACC6, $ACC6
+	vpaddq	$ACC7, $ACC7, $ACC7
+	vpaddq	$ACC8, $ACC8, $ACC8
+	call	avx2_normalize_n_store
+
+	#	X3 = R^2 - H^3
+	#lea	32*9*6(%rsp), %rsi
+	#lea	32*9*7(%rsp), %rdx
+	#lea	32*9*5(%rsp), %rcx
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	#	X3 = X3 - U2*2
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_sub_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*6+128`(%rsp), %rsi
+	lea	.LAVX2_POLY_x2+128(%rip), %rax
+	lea	`32*9*7+128`(%rsp), %rdx
+	lea	`32*9*5+128`(%rsp), %rcx
+	lea	`32*9*0`($r_ptr), %rdi
+
+	vmovdqa	32*0-128(%rsi), $ACC0
+	vmovdqa	32*1-128(%rsi), $ACC1
+	vmovdqa	32*2-128(%rsi), $ACC2
+	vmovdqa	32*3-128(%rsi), $ACC3
+	vmovdqa	32*4-128(%rsi), $ACC4
+	vmovdqa	32*5-128(%rsi), $ACC5
+	vmovdqa	32*6-128(%rsi), $ACC6
+	vmovdqa	32*7-128(%rsi), $ACC7
+	vmovdqa	32*8-128(%rsi), $ACC8
+
+	vpaddq	32*0-128(%rax), $ACC0, $ACC0
+	vpaddq	32*1-128(%rax), $ACC1, $ACC1
+	vpaddq	32*2-128(%rax), $ACC2, $ACC2
+	vpaddq	32*3-128(%rax), $ACC3, $ACC3
+	vpaddq	32*4-128(%rax), $ACC4, $ACC4
+	vpaddq	32*5-128(%rax), $ACC5, $ACC5
+	vpaddq	32*6-128(%rax), $ACC6, $ACC6
+	vpaddq	32*7-128(%rax), $ACC7, $ACC7
+	vpaddq	32*8-128(%rax), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rdx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rdx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rdx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rdx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rdx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rdx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rdx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rdx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rdx), $ACC8, $ACC8
+
+	vpsubq	32*0-128(%rcx), $ACC0, $ACC0
+	vpsubq	32*1-128(%rcx), $ACC1, $ACC1
+	vpsubq	32*2-128(%rcx), $ACC2, $ACC2
+	vpsubq	32*3-128(%rcx), $ACC3, $ACC3
+	vpsubq	32*4-128(%rcx), $ACC4, $ACC4
+	vpsubq	32*5-128(%rcx), $ACC5, $ACC5
+	vpsubq	32*6-128(%rcx), $ACC6, $ACC6
+	vpsubq	32*7-128(%rcx), $ACC7, $ACC7
+	vpsubq	32*8-128(%rcx), $ACC8, $ACC8
+	call	avx2_normalize
+
+	lea	32*0($b_ptr), %rsi
+	lea	32*0($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#	H = U2 - X3
+	lea	`32*9*0`(%rsp), %rsi
+	lea	`32*9*0`($r_ptr), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize_n_store
+
+	#	H = H*R
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*4`(%rsp), %rdx
+	lea	`32*9*3`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#	S2 = S1 * H^3
+	lea	`32*9*7`(%rsp), %rsi
+	lea	`32*9*1`($a_ptr), %rdx
+	lea	`32*9*1`(%rsp), %rdi
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	#
+	lea	`32*9*3`(%rsp), %rsi
+	lea	`32*9*1`(%rsp), %rdx
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_sub_x4
+	call	avx2_normalize
+
+	lea	32*9($b_ptr), %rsi
+	lea	32*9($a_ptr), %rdx
+	call	avx2_select_n_store
+
+	#lea	32*9*0($r_ptr), %rsi
+	#lea	32*9*0($r_ptr), %rdi
+	#call	avx2_mul_by1_x4
+	#NORMALIZE
+	#STORE
+
+	lea	`32*9*1`($r_ptr), %rsi
+	lea	`32*9*1`($r_ptr), %rdi
+	call	avx2_mul_by1_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	%xmm6, -16*10(%rbp)
+	movaps	%xmm7, -16*9(%rbp)
+	movaps	%xmm8, -16*8(%rbp)
+	movaps	%xmm9, -16*7(%rbp)
+	movaps	%xmm10, -16*6(%rbp)
+	movaps	%xmm11, -16*5(%rbp)
+	movaps	%xmm12, -16*4(%rbp)
+	movaps	%xmm13, -16*3(%rbp)
+	movaps	%xmm14, -16*2(%rbp)
+	movaps	%xmm15, -16*1(%rbp)
+___
+$code.=<<___;
+	mov	%rbp, %rsp
+	pop	%rbp
+	ret
+.size	ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4
+
+################################################################################
+# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4);
+.globl	ecp_nistz256_avx2_to_mont
+.type	ecp_nistz256_avx2_to_mont,\@function,2
+.align	32
+ecp_nistz256_avx2_to_mont:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	lea	.LTO_MONT_AVX2(%rip), %rdx
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont
+
+################################################################################
+# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4);
+.globl	ecp_nistz256_avx2_from_mont
+.type	ecp_nistz256_avx2_from_mont,\@function,2
+.align	32
+ecp_nistz256_avx2_from_mont:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LAVX2_AND_MASK(%rip), $AND_MASK
+	lea	.LFROM_MONT_AVX2(%rip), %rdx
+	call	avx2_mul_x4
+	call	avx2_normalize_n_store
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont
+
+################################################################################
+# void ecp_nistz256_avx2_set1(void* RESULTx4);
+.globl	ecp_nistz256_avx2_set1
+.type	ecp_nistz256_avx2_set1,\@function,1
+.align	32
+ecp_nistz256_avx2_set1:
+	lea	.LONE+128(%rip), %rax
+	lea	128(%rdi), %rdi
+	vzeroupper
+	vmovdqa	32*0-128(%rax), %ymm0
+	vmovdqa	32*1-128(%rax), %ymm1
+	vmovdqa	32*2-128(%rax), %ymm2
+	vmovdqa	32*3-128(%rax), %ymm3
+	vmovdqa	32*4-128(%rax), %ymm4
+	vmovdqa	32*5-128(%rax), %ymm5
+	vmovdqa	%ymm0, 32*0-128(%rdi)
+	vmovdqa	32*6-128(%rax), %ymm0
+	vmovdqa	%ymm1, 32*1-128(%rdi)
+	vmovdqa	32*7-128(%rax), %ymm1
+	vmovdqa	%ymm2, 32*2-128(%rdi)
+	vmovdqa	32*8-128(%rax), %ymm2
+	vmovdqa	%ymm3, 32*3-128(%rdi)
+	vmovdqa	%ymm4, 32*4-128(%rdi)
+	vmovdqa	%ymm5, 32*5-128(%rdi)
+	vmovdqa	%ymm0, 32*6-128(%rdi)
+	vmovdqa	%ymm1, 32*7-128(%rdi)
+	vmovdqa	%ymm2, 32*8-128(%rdi)
+
+	vzeroupper
+	ret
+.size	ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1
+___
+}
+{
+################################################################################
+# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in,
+#			    int index0, int index1, int index2, int index3);
+################################################################################
+
+my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d");
+my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3));
+my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11));
+my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15));
+
+$code.=<<___;
+.globl	ecp_nistz256_avx2_multi_gather_w7
+.type	ecp_nistz256_avx2_multi_gather_w7,\@function,6
+.align	32
+ecp_nistz256_avx2_multi_gather_w7:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-8-16*10(%rsp), %rsp
+	vmovaps	%xmm6, -8-16*10(%rax)
+	vmovaps	%xmm7, -8-16*9(%rax)
+	vmovaps	%xmm8, -8-16*8(%rax)
+	vmovaps	%xmm9, -8-16*7(%rax)
+	vmovaps	%xmm10, -8-16*6(%rax)
+	vmovaps	%xmm11, -8-16*5(%rax)
+	vmovaps	%xmm12, -8-16*4(%rax)
+	vmovaps	%xmm13, -8-16*3(%rax)
+	vmovaps	%xmm14, -8-16*2(%rax)
+	vmovaps	%xmm15, -8-16*1(%rax)
+___
+$code.=<<___;
+	lea	.LIntOne(%rip), %rax
+
+	vmovd	$index0, %xmm0
+	vmovd	$index1, %xmm1
+	vmovd	$index2, %xmm2
+	vmovd	$index3, %xmm3
+
+	vpxor	$R0a, $R0a, $R0a
+	vpxor	$R0b, $R0b, $R0b
+	vpxor	$R1a, $R1a, $R1a
+	vpxor	$R1b, $R1b, $R1b
+	vpxor	$R2a, $R2a, $R2a
+	vpxor	$R2b, $R2b, $R2b
+	vpxor	$R3a, $R3a, $R3a
+	vpxor	$R3b, $R3b, $R3b
+	vmovdqa	(%rax), $M0
+
+	vpermd	$INDEX0, $R0a, $INDEX0
+	vpermd	$INDEX1, $R0a, $INDEX1
+	vpermd	$INDEX2, $R0a, $INDEX2
+	vpermd	$INDEX3, $R0a, $INDEX3
+
+	mov	\$64, %ecx
+	lea	112($val), $val		# size optimization
+	jmp	.Lmulti_select_loop_avx2
+
+# INDEX=0, corresponds to the point at infty (0,0)
+.align	32
+.Lmulti_select_loop_avx2:
+	vpcmpeqd	$INDEX0, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*0`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*0`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R0a, $R0a
+	vpxor		$T1, $R0b, $R0b
+
+	vpcmpeqd	$INDEX1, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*1`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*1`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R1a, $R1a
+	vpxor		$T1, $R1b, $R1b
+
+	vpcmpeqd	$INDEX2, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*2`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*2`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R2a, $R2a
+	vpxor		$T1, $R2b, $R2b
+
+	vpcmpeqd	$INDEX3, $M0, $TMP0
+
+	vmovdqa		`32*0+32*64*2*3`($in_t), $T0
+	vmovdqa		`32*1+32*64*2*3`($in_t), $T1
+	vpand		$TMP0, $T0, $T0
+	vpand		$TMP0, $T1, $T1
+	vpxor		$T0, $R3a, $R3a
+	vpxor		$T1, $R3b, $R3b
+
+	vpaddd		(%rax), $M0, $M0	# increment
+	lea		32*2($in_t), $in_t
+
+        dec	%ecx
+	jnz	.Lmulti_select_loop_avx2
+
+	vmovdqu	$R0a, 32*0-112($val)
+	vmovdqu	$R0b, 32*1-112($val)
+	vmovdqu	$R1a, 32*2-112($val)
+	vmovdqu	$R1b, 32*3-112($val)
+	vmovdqu	$R2a, 32*4-112($val)
+	vmovdqu	$R2b, 32*5-112($val)
+	vmovdqu	$R3a, 32*6-112($val)
+	vmovdqu	$R3b, 32*7-112($val)
+
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	16*0(%rsp), %xmm6
+	movaps	16*1(%rsp), %xmm7
+	movaps	16*2(%rsp), %xmm8
+	movaps	16*3(%rsp), %xmm9
+	movaps	16*4(%rsp), %xmm10
+	movaps	16*5(%rsp), %xmm11
+	movaps	16*6(%rsp), %xmm12
+	movaps	16*7(%rsp), %xmm13
+	movaps	16*8(%rsp), %xmm14
+	movaps	16*9(%rsp), %xmm15
+	lea	8+16*10(%rsp), %rsp
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7
+
+.extern	OPENSSL_ia32cap_P
+.globl	ecp_nistz_avx2_eligible
+.type	ecp_nistz_avx2_eligible,\@abi-omnipotent
+.align	32
+ecp_nistz_avx2_eligible:
+	mov	OPENSSL_ia32cap_P+8(%rip),%eax
+	shr	\$5,%eax
+	and	\$1,%eax
+	ret
+.size	ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible
+___
+}
+}} else {{	# assembler is too old
+$code.=<<___;
+.text
+
+.globl	ecp_nistz256_avx2_transpose_convert
+.globl	ecp_nistz256_avx2_convert_transpose_back
+.globl	ecp_nistz256_avx2_point_add_affine_x4
+.globl	ecp_nistz256_avx2_point_add_affines_x4
+.globl	ecp_nistz256_avx2_to_mont
+.globl	ecp_nistz256_avx2_from_mont
+.globl	ecp_nistz256_avx2_set1
+.globl	ecp_nistz256_avx2_multi_gather_w7
+.type	ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent
+ecp_nistz256_avx2_transpose_convert:
+ecp_nistz256_avx2_convert_transpose_back:
+ecp_nistz256_avx2_point_add_affine_x4:
+ecp_nistz256_avx2_point_add_affines_x4:
+ecp_nistz256_avx2_to_mont:
+ecp_nistz256_avx2_from_mont:
+ecp_nistz256_avx2_set1:
+ecp_nistz256_avx2_multi_gather_w7:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7
+
+.globl	ecp_nistz_avx2_eligible
+.type	ecp_nistz_avx2_eligible,\@abi-omnipotent
+ecp_nistz_avx2_eligible:
+	xor	%eax,%eax
+	ret
+.size	ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible
+___
+}}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-sparcv9.pl
new file mode 100755
index 0000000..97201cb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -0,0 +1,3061 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for SPARCv9.
+#
+# February 2015.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#			with/without -DECP_NISTZ256_ASM
+# UltraSPARC III	+12-18%
+# SPARC T4		+99-550% (+66-150% on 32-bit Solaris)
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$output = pop;
+open STDOUT,">$output";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#define LOCALS	(STACK_BIAS+STACK_FRAME)
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+# define STACK64_FRAME	STACK_FRAME
+# define LOCALS64	LOCALS
+#else
+# define STACK64_FRAME	(2047+192)
+# define LOCALS64	STACK64_FRAME
+#endif
+
+.section	".text",#alloc,#execinstr
+___
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+$code.=<<___;
+.globl	ecp_nistz256_precomputed
+.align	4096
+ecp_nistz256_precomputed:
+___
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		$code.=".byte\t";
+		$code.=join(',',map { sprintf "0x%02x",$_} @line);
+		$code.="\n";
+	}
+}
+
+{{{
+my ($rp,$ap,$bp)=map("%i$_",(0..2));
+my @acc=map("%l$_",(0..7));
+my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7)=(map("%o$_",(0..5)),"%g4","%g5");
+my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1");
+my ($rp_real,$ap_real)=("%g2","%g3");
+
+$code.=<<___;
+.type	ecp_nistz256_precomputed,#object
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	64
+.LRR:	! 2^512 mod P precomputed for NIST P256 polynomial
+.long	0x00000003, 0x00000000, 0xffffffff, 0xfffffffb
+.long	0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004
+.Lone:
+.long	1,0,0,0,0,0,0,0
+.asciz	"ECP_NISTZ256 for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+
+! void	ecp_nistz256_to_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_to_mont
+.align	64
+ecp_nistz256_to_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+1:	call	.+8
+	add	%o7,.LRR-1b,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_to_mont,#function
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+! void	ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_from_mont
+.align	32
+ecp_nistz256_from_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+1:	call	.+8
+	add	%o7,.Lone-1b,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_from_mont,#function
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+! void	ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!					      const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_mul_mont
+.align	32
+ecp_nistz256_mul_mont:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_mul_mont,#function
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+! void	ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_sqr_mont
+.align	32
+ecp_nistz256_sqr_mont:
+	save	%sp,-STACK_FRAME,%sp
+	mov	$ap,$bp
+	call	__ecp_nistz256_mul_mont
+	nop
+	ret
+	restore
+.type	ecp_nistz256_sqr_mont,#function
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+___
+
+########################################################################
+# Special thing to keep in mind is that $t0-$t7 hold 64-bit values,
+# while all others are meant to keep 32. "Meant to" means that additions
+# to @acc[0-7] do "contaminate" upper bits, but they are cleared before
+# they can affect outcome (follow 'and' with $mask). Also keep in mind
+# that addition with carry is addition with 32-bit carry, even though
+# CPU is 64-bit. [Addition with 64-bit carry was introduced in T3, see
+# below for VIS3 code paths.]
+
+$code.=<<___;
+.align	32
+__ecp_nistz256_mul_mont:
+	ld	[$bp+0],$bi		! b[0]
+	mov	-1,$mask
+	ld	[$ap+0],$a0
+	srl	$mask,0,$mask		! 0xffffffff
+	ld	[$ap+4],$t1
+	ld	[$ap+8],$t2
+	ld	[$ap+12],$t3
+	ld	[$ap+16],$t4
+	ld	[$ap+20],$t5
+	ld	[$ap+24],$t6
+	ld	[$ap+28],$t7
+	mulx	$a0,$bi,$t0		! a[0-7]*b[0], 64-bit results
+	mulx	$t1,$bi,$t1
+	mulx	$t2,$bi,$t2
+	mulx	$t3,$bi,$t3
+	mulx	$t4,$bi,$t4
+	mulx	$t5,$bi,$t5
+	mulx	$t6,$bi,$t6
+	mulx	$t7,$bi,$t7
+	srlx	$t0,32,@acc[1]		! extract high parts
+	srlx	$t1,32,@acc[2]
+	srlx	$t2,32,@acc[3]
+	srlx	$t3,32,@acc[4]
+	srlx	$t4,32,@acc[5]
+	srlx	$t5,32,@acc[6]
+	srlx	$t6,32,@acc[7]
+	srlx	$t7,32,@acc[0]		! "@acc[8]"
+	mov	0,$carry
+___
+for($i=1;$i<8;$i++) {
+$code.=<<___;
+	addcc	@acc[1],$t1,@acc[1]	! accumulate high parts
+	ld	[$bp+4*$i],$bi		! b[$i]
+	ld	[$ap+4],$t1		! re-load a[1-7]
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	ld	[$ap+8],$t2
+	ld	[$ap+12],$t3
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	ld	[$ap+16],$t4
+	ld	[$ap+20],$t5
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	ld	[$ap+24],$t6
+	ld	[$ap+28],$t7
+	addccc	@acc[0],$carry,@acc[0]	! "@acc[8]"
+	addc	%g0,%g0,$carry
+___
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+$code.=<<___;
+	! multiplication-less reduction
+	addcc	@acc[3],$t0,@acc[3]	! r[3]+=r[0]
+	addccc	@acc[4],%g0,@acc[4]	! r[4]+=0
+	 and	@acc[1],$mask,@acc[1]
+	 and	@acc[2],$mask,@acc[2]
+	addccc	@acc[5],%g0,@acc[5]	! r[5]+=0
+	addccc	@acc[6],$t0,@acc[6]	! r[6]+=r[0]
+	 and	@acc[3],$mask,@acc[3]
+	 and	@acc[4],$mask,@acc[4]
+	addccc	@acc[7],%g0,@acc[7]	! r[7]+=0
+	addccc	@acc[0],$t0,@acc[0]	! r[8]+=r[0]	"@acc[8]"
+	 and	@acc[5],$mask,@acc[5]
+	 and	@acc[6],$mask,@acc[6]
+	addc	$carry,%g0,$carry	! top-most carry
+	subcc	@acc[7],$t0,@acc[7]	! r[7]-=r[0]
+	subccc	@acc[0],%g0,@acc[0]	! r[8]-=0	"@acc[8]"
+	subc	$carry,%g0,$carry	! top-most carry
+	 and	@acc[7],$mask,@acc[7]
+	 and	@acc[0],$mask,@acc[0]	! "@acc[8]"
+___
+	push(@acc,shift(@acc));		# rotate registers to "omit" acc[0]
+$code.=<<___;
+	mulx	$a0,$bi,$t0		! a[0-7]*b[$i], 64-bit results
+	mulx	$t1,$bi,$t1
+	mulx	$t2,$bi,$t2
+	mulx	$t3,$bi,$t3
+	mulx	$t4,$bi,$t4
+	mulx	$t5,$bi,$t5
+	mulx	$t6,$bi,$t6
+	mulx	$t7,$bi,$t7
+	add	@acc[0],$t0,$t0		! accumulate low parts, can't overflow
+	add	@acc[1],$t1,$t1
+	srlx	$t0,32,@acc[1]		! extract high parts
+	add	@acc[2],$t2,$t2
+	srlx	$t1,32,@acc[2]
+	add	@acc[3],$t3,$t3
+	srlx	$t2,32,@acc[3]
+	add	@acc[4],$t4,$t4
+	srlx	$t3,32,@acc[4]
+	add	@acc[5],$t5,$t5
+	srlx	$t4,32,@acc[5]
+	add	@acc[6],$t6,$t6
+	srlx	$t5,32,@acc[6]
+	add	@acc[7],$t7,$t7
+	srlx	$t6,32,@acc[7]
+	srlx	$t7,32,@acc[0]		! "@acc[8]"
+___
+}
+$code.=<<___;
+	addcc	@acc[1],$t1,@acc[1]	! accumulate high parts
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	addccc	@acc[0],$carry,@acc[0]	! "@acc[8]"
+	addc	%g0,%g0,$carry
+
+	addcc	@acc[3],$t0,@acc[3]	! multiplication-less reduction
+	addccc	@acc[4],%g0,@acc[4]
+	addccc	@acc[5],%g0,@acc[5]
+	addccc	@acc[6],$t0,@acc[6]
+	addccc	@acc[7],%g0,@acc[7]
+	addccc	@acc[0],$t0,@acc[0]	! "@acc[8]"
+	addc	$carry,%g0,$carry
+	subcc	@acc[7],$t0,@acc[7]
+	subccc	@acc[0],%g0,@acc[0]	! "@acc[8]"
+	subc	$carry,%g0,$carry	! top-most carry
+___
+	push(@acc,shift(@acc));		# rotate registers to omit acc[0]
+$code.=<<___;
+	! Final step is "if result > mod, subtract mod", but we do it
+	! "other way around", namely subtract modulus from result
+	! and if it borrowed, add modulus back.
+
+	subcc	@acc[0],-1,@acc[0]	! subtract modulus
+	subccc	@acc[1],-1,@acc[1]
+	subccc	@acc[2],-1,@acc[2]
+	subccc	@acc[3],0,@acc[3]
+	subccc	@acc[4],0,@acc[4]
+	subccc	@acc[5],0,@acc[5]
+	subccc	@acc[6],1,@acc[6]
+	subccc	@acc[7],-1,@acc[7]
+	subc	$carry,0,$carry		! broadcast borrow bit
+
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of broadcasted borrow and the borrow bit itself.
+	! To minimize dependency chain we first broadcast and then
+	! extract the bit by negating (follow $bi).
+
+	addcc	@acc[0],$carry,@acc[0]	! add modulus or zero
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_mul_mont,#function
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+! void	ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!					 const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_add
+.align	32
+ecp_nistz256_add:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_add
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_add,#function
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+.align	32
+__ecp_nistz256_add:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	addcc	@acc[0],$t0,@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	addccc	@acc[1],$t1,@acc[1]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	addccc	@acc[2],$t2,@acc[2]
+	addccc	@acc[3],$t3,@acc[3]
+	addccc	@acc[4],$t4,@acc[4]
+	addccc	@acc[5],$t5,@acc[5]
+	addccc	@acc[6],$t6,@acc[6]
+	addccc	@acc[7],$t7,@acc[7]
+	addc	%g0,%g0,$carry
+
+.Lreduce_by_sub:
+
+	! if a+b >= modulus, subtract modulus.
+	!
+	! But since comparison implies subtraction, we subtract
+	! modulus and then add it back if subraction borrowed.
+
+	subcc	@acc[0],-1,@acc[0]
+	subccc	@acc[1],-1,@acc[1]
+	subccc	@acc[2],-1,@acc[2]
+	subccc	@acc[3], 0,@acc[3]
+	subccc	@acc[4], 0,@acc[4]
+	subccc	@acc[5], 0,@acc[5]
+	subccc	@acc[6], 1,@acc[6]
+	subccc	@acc[7],-1,@acc[7]
+	subc	$carry,0,$carry
+
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of borrow and its negative.
+
+	addcc	@acc[0],$carry,@acc[0]	! add synthesized modulus
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_add,#function
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+! void	ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_mul_by_2
+.align	32
+ecp_nistz256_mul_by_2:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_mul_by_2
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_mul_by_2,#function
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+.align	32
+__ecp_nistz256_mul_by_2:
+	addcc	@acc[0],@acc[0],@acc[0]	! a+a=2*a
+	addccc	@acc[1],@acc[1],@acc[1]
+	addccc	@acc[2],@acc[2],@acc[2]
+	addccc	@acc[3],@acc[3],@acc[3]
+	addccc	@acc[4],@acc[4],@acc[4]
+	addccc	@acc[5],@acc[5],@acc[5]
+	addccc	@acc[6],@acc[6],@acc[6]
+	addccc	@acc[7],@acc[7],@acc[7]
+	b	.Lreduce_by_sub
+	addc	%g0,%g0,$carry
+.type	__ecp_nistz256_mul_by_2,#function
+.size	__ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
+
+! void	ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_mul_by_3
+.align	32
+ecp_nistz256_mul_by_3:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_mul_by_3
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_mul_by_3,#function
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+.align	32
+__ecp_nistz256_mul_by_3:
+	addcc	@acc[0],@acc[0],$t0	! a+a=2*a
+	addccc	@acc[1],@acc[1],$t1
+	addccc	@acc[2],@acc[2],$t2
+	addccc	@acc[3],@acc[3],$t3
+	addccc	@acc[4],@acc[4],$t4
+	addccc	@acc[5],@acc[5],$t5
+	addccc	@acc[6],@acc[6],$t6
+	addccc	@acc[7],@acc[7],$t7
+	addc	%g0,%g0,$carry
+
+	subcc	$t0,-1,$t0		! .Lreduce_by_sub but without stores
+	subccc	$t1,-1,$t1
+	subccc	$t2,-1,$t2
+	subccc	$t3, 0,$t3
+	subccc	$t4, 0,$t4
+	subccc	$t5, 0,$t5
+	subccc	$t6, 1,$t6
+	subccc	$t7,-1,$t7
+	subc	$carry,0,$carry
+
+	addcc	$t0,$carry,$t0		! add synthesized modulus
+	addccc	$t1,$carry,$t1
+	neg	$carry,$bi
+	addccc	$t2,$carry,$t2
+	addccc	$t3,0,$t3
+	addccc	$t4,0,$t4
+	addccc	$t5,0,$t5
+	addccc	$t6,$bi,$t6
+	addc	$t7,$carry,$t7
+
+	addcc	$t0,@acc[0],@acc[0]	! 2*a+a=3*a
+	addccc	$t1,@acc[1],@acc[1]
+	addccc	$t2,@acc[2],@acc[2]
+	addccc	$t3,@acc[3],@acc[3]
+	addccc	$t4,@acc[4],@acc[4]
+	addccc	$t5,@acc[5],@acc[5]
+	addccc	$t6,@acc[6],@acc[6]
+	addccc	$t7,@acc[7],@acc[7]
+	b	.Lreduce_by_sub
+	addc	%g0,%g0,$carry
+.type	__ecp_nistz256_mul_by_3,#function
+.size	__ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
+
+! void	ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
+!				         const BN_ULONG %i2[8]);
+.globl	ecp_nistz256_sub
+.align	32
+ecp_nistz256_sub:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_sub_from
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_sub,#function
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+! void	ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_neg
+.align	32
+ecp_nistz256_neg:
+	save	%sp,-STACK_FRAME,%sp
+	mov	$ap,$bp
+	mov	0,@acc[0]
+	mov	0,@acc[1]
+	mov	0,@acc[2]
+	mov	0,@acc[3]
+	mov	0,@acc[4]
+	mov	0,@acc[5]
+	mov	0,@acc[6]
+	call	__ecp_nistz256_sub_from
+	mov	0,@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_neg,#function
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+.align	32
+__ecp_nistz256_sub_from:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	subcc	@acc[0],$t0,@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	subccc	@acc[1],$t1,@acc[1]
+	subccc	@acc[2],$t2,@acc[2]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	subccc	@acc[3],$t3,@acc[3]
+	subccc	@acc[4],$t4,@acc[4]
+	subccc	@acc[5],$t5,@acc[5]
+	subccc	@acc[6],$t6,@acc[6]
+	subccc	@acc[7],$t7,@acc[7]
+	subc	%g0,%g0,$carry		! broadcast borrow bit
+
+.Lreduce_by_add:
+
+	! if a-b borrows, add modulus.
+	!
+	! Note that because mod has special form, i.e. consists of
+	! 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	! using value of broadcasted borrow and the borrow bit itself.
+	! To minimize dependency chain we first broadcast and then
+	! extract the bit by negating (follow $bi).
+
+	addcc	@acc[0],$carry,@acc[0]	! add synthesized modulus
+	addccc	@acc[1],$carry,@acc[1]
+	neg	$carry,$bi
+	st	@acc[0],[$rp]
+	addccc	@acc[2],$carry,@acc[2]
+	st	@acc[1],[$rp+4]
+	addccc	@acc[3],0,@acc[3]
+	st	@acc[2],[$rp+8]
+	addccc	@acc[4],0,@acc[4]
+	st	@acc[3],[$rp+12]
+	addccc	@acc[5],0,@acc[5]
+	st	@acc[4],[$rp+16]
+	addccc	@acc[6],$bi,@acc[6]
+	st	@acc[5],[$rp+20]
+	addc	@acc[7],$carry,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_sub_from,#function
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.align	32
+__ecp_nistz256_sub_morf:
+	ld	[$bp+0],$t0		! b[0]
+	ld	[$bp+4],$t1
+	ld	[$bp+8],$t2
+	ld	[$bp+12],$t3
+	subcc	$t0,@acc[0],@acc[0]
+	ld	[$bp+16],$t4
+	ld	[$bp+20],$t5
+	subccc	$t1,@acc[1],@acc[1]
+	subccc	$t2,@acc[2],@acc[2]
+	ld	[$bp+24],$t6
+	ld	[$bp+28],$t7
+	subccc	$t3,@acc[3],@acc[3]
+	subccc	$t4,@acc[4],@acc[4]
+	subccc	$t5,@acc[5],@acc[5]
+	subccc	$t6,@acc[6],@acc[6]
+	subccc	$t7,@acc[7],@acc[7]
+	b	.Lreduce_by_add
+	subc	%g0,%g0,$carry		! broadcast borrow bit
+.type	__ecp_nistz256_sub_morf,#function
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+! void	ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
+.globl	ecp_nistz256_div_by_2
+.align	32
+ecp_nistz256_div_by_2:
+	save	%sp,-STACK_FRAME,%sp
+	ld	[$ap],@acc[0]
+	ld	[$ap+4],@acc[1]
+	ld	[$ap+8],@acc[2]
+	ld	[$ap+12],@acc[3]
+	ld	[$ap+16],@acc[4]
+	ld	[$ap+20],@acc[5]
+	ld	[$ap+24],@acc[6]
+	call	__ecp_nistz256_div_by_2
+	ld	[$ap+28],@acc[7]
+	ret
+	restore
+.type	ecp_nistz256_div_by_2,#function
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+.align	32
+__ecp_nistz256_div_by_2:
+	! ret = (a is odd ? a+mod : a) >> 1
+
+	and	@acc[0],1,$bi
+	neg	$bi,$carry
+	addcc	@acc[0],$carry,@acc[0]
+	addccc	@acc[1],$carry,@acc[1]
+	addccc	@acc[2],$carry,@acc[2]
+	addccc	@acc[3],0,@acc[3]
+	addccc	@acc[4],0,@acc[4]
+	addccc	@acc[5],0,@acc[5]
+	addccc	@acc[6],$bi,@acc[6]
+	addccc	@acc[7],$carry,@acc[7]
+	addc	%g0,%g0,$carry
+
+	! ret >>= 1
+
+	srl	@acc[0],1,@acc[0]
+	sll	@acc[1],31,$t0
+	srl	@acc[1],1,@acc[1]
+	or	@acc[0],$t0,@acc[0]
+	sll	@acc[2],31,$t1
+	srl	@acc[2],1,@acc[2]
+	or	@acc[1],$t1,@acc[1]
+	sll	@acc[3],31,$t2
+	st	@acc[0],[$rp]
+	srl	@acc[3],1,@acc[3]
+	or	@acc[2],$t2,@acc[2]
+	sll	@acc[4],31,$t3
+	st	@acc[1],[$rp+4]
+	srl	@acc[4],1,@acc[4]
+	or	@acc[3],$t3,@acc[3]
+	sll	@acc[5],31,$t4
+	st	@acc[2],[$rp+8]
+	srl	@acc[5],1,@acc[5]
+	or	@acc[4],$t4,@acc[4]
+	sll	@acc[6],31,$t5
+	st	@acc[3],[$rp+12]
+	srl	@acc[6],1,@acc[6]
+	or	@acc[5],$t5,@acc[5]
+	sll	@acc[7],31,$t6
+	st	@acc[4],[$rp+16]
+	srl	@acc[7],1,@acc[7]
+	or	@acc[6],$t6,@acc[6]
+	sll	$carry,31,$t7
+	st	@acc[5],[$rp+20]
+	or	@acc[7],$t7,@acc[7]
+	st	@acc[6],[$rp+24]
+	retl
+	st	@acc[7],[$rp+28]
+.type	__ecp_nistz256_div_by_2,#function
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+___
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3));
+# above map() describes stack layout with 4 temporary
+# 256-bit vectors on top.
+
+$code.=<<___;
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	ecp_nistz256_point_double
+.align	32
+ecp_nistz256_point_double:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_double_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*4,%sp
+
+	mov	$rp,$rp_real
+	mov	$ap,$ap_real
+
+.Lpoint_double_shortcut:
+	ld	[$ap+32],@acc[0]
+	ld	[$ap+32+4],@acc[1]
+	ld	[$ap+32+8],@acc[2]
+	ld	[$ap+32+12],@acc[3]
+	ld	[$ap+32+16],@acc[4]
+	ld	[$ap+32+20],@acc[5]
+	ld	[$ap+32+24],@acc[6]
+	ld	[$ap+32+28],@acc[7]
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(S, in_y);
+	add	%sp,LOCALS+$S,$rp
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Zsqr, in_z);
+	add	%sp,LOCALS+$Zsqr,$rp
+
+	add	$ap_real,0,$bp
+	call	__ecp_nistz256_add	! p256_add(M, Zsqr, in_x);
+	add	%sp,LOCALS+$M,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(S, S);
+	add	%sp,LOCALS+$S,$rp
+
+	ld	[$ap_real],@acc[0]
+	add	%sp,LOCALS+$Zsqr,$bp
+	ld	[$ap_real+4],@acc[1]
+	ld	[$ap_real+8],@acc[2]
+	ld	[$ap_real+12],@acc[3]
+	ld	[$ap_real+16],@acc[4]
+	ld	[$ap_real+20],@acc[5]
+	ld	[$ap_real+24],@acc[6]
+	ld	[$ap_real+28],@acc[7]
+	call	__ecp_nistz256_sub_from	! p256_sub(Zsqr, in_x, Zsqr);
+	add	%sp,LOCALS+$Zsqr,$rp
+
+	add	$ap_real,32,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(tmp0, in_z, in_y);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(res_z, tmp0);
+	add	$rp_real,64,$rp
+
+	add	%sp,LOCALS+$Zsqr,$bp
+	add	%sp,LOCALS+$M,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(M, M, Zsqr);
+	add	%sp,LOCALS+$M,$rp
+
+	call	__ecp_nistz256_mul_by_3	! p256_mul_by_3(M, M);
+	add	%sp,LOCALS+$M,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(tmp0, S);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	call	__ecp_nistz256_div_by_2	! p256_div_by_2(res_y, tmp0);
+	add	$rp_real,32,$rp
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S, S, in_x);
+	add	%sp,LOCALS+$S,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(tmp0, S);
+	add	%sp,LOCALS+$tmp0,$rp
+
+	add	%sp,LOCALS+$M,$bp
+	add	%sp,LOCALS+$M,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(res_x, M);
+	add	$rp_real,0,$rp
+
+	add	%sp,LOCALS+$tmp0,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_x, res_x, tmp0);
+	add	$rp_real,0,$rp
+
+	add	%sp,LOCALS+$S,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(S, S, res_x);
+	add	%sp,LOCALS+$S,$rp
+
+	add	%sp,LOCALS+$M,$bp
+	add	%sp,LOCALS+$S,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S, S, M);
+	add	%sp,LOCALS+$S,$rp
+
+	add	$rp_real,32,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, S, res_y);
+	add	$rp_real,32,$rp
+
+	ret
+	restore
+.type	ecp_nistz256_point_double,#function
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..11));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+# above map() describes stack layout with 12 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty, result of check for zero and return pointer.
+
+my $bp_real=$rp_real;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.align	32
+ecp_nistz256_point_add:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_add_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*12-32,%sp
+
+	stx	$rp,[%fp+STACK_BIAS-8]	! off-load $rp
+	mov	$ap,$ap_real
+	mov	$bp,$bp_real
+
+	ld	[$bp+64],$t0		! in2_z
+	ld	[$bp+64+4],$t1
+	ld	[$bp+64+8],$t2
+	ld	[$bp+64+12],$t3
+	ld	[$bp+64+16],$t4
+	ld	[$bp+64+20],$t5
+	ld	[$bp+64+24],$t6
+	ld	[$bp+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in2infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-12]
+
+	ld	[$ap+64],$t0		! in1_z
+	ld	[$ap+64+4],$t1
+	ld	[$ap+64+8],$t2
+	ld	[$ap+64+12],$t3
+	ld	[$ap+64+16],$t4
+	ld	[$ap+64+20],$t5
+	ld	[$ap+64+24],$t6
+	ld	[$ap+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in1infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-16]
+
+	add	$bp_real,64,$bp
+	add	$bp_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z2sqr, in2_z);
+	add	%sp,LOCALS+$Z2sqr,$rp
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS+$Z1sqr,$rp
+
+	add	$bp_real,64,$bp
+	add	%sp,LOCALS+$Z2sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S1, Z2sqr, in2_z);
+	add	%sp,LOCALS+$S1,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,32,$bp
+	add	%sp,LOCALS+$S1,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S1, S1, in1_y);
+	add	%sp,LOCALS+$S1,$rp
+
+	add	$bp_real,32,$bp
+	add	%sp,LOCALS+$S2,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$S1,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(R, S2, S1);
+	add	%sp,LOCALS+$R,$rp
+
+	or	@acc[1],@acc[0],@acc[0]	! see if result is zero
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	or	@acc[4],@acc[0],@acc[0]
+	st	@acc[0],[%fp+STACK_BIAS-20]
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$Z2sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U1, in1_x, Z2sqr);
+	add	%sp,LOCALS+$U1,$rp
+
+	add	$bp_real,0,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, in2_x, Z1sqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	add	%sp,LOCALS+$U1,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(H, U2, U1);
+	add	%sp,LOCALS+$H,$rp
+
+	or	@acc[1],@acc[0],@acc[0]	! see if result is zero
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	orcc	@acc[4],@acc[0],@acc[0]
+
+	bne,pt	%icc,.Ladd_proceed	! is_equal(U1,U2)?
+	nop
+
+	ld	[%fp+STACK_BIAS-12],$t0
+	ld	[%fp+STACK_BIAS-16],$t1
+	ld	[%fp+STACK_BIAS-20],$t2
+	andcc	$t0,$t1,%g0
+	be,pt	%icc,.Ladd_proceed	! (in1infty || in2infty)?
+	nop
+	andcc	$t2,$t2,%g0
+	be,pt	%icc,.Ladd_double	! is_equal(S1,S2)?
+	nop
+
+	ldx	[%fp+STACK_BIAS-8],$rp
+	st	%g0,[$rp]
+	st	%g0,[$rp+4]
+	st	%g0,[$rp+8]
+	st	%g0,[$rp+12]
+	st	%g0,[$rp+16]
+	st	%g0,[$rp+20]
+	st	%g0,[$rp+24]
+	st	%g0,[$rp+28]
+	st	%g0,[$rp+32]
+	st	%g0,[$rp+32+4]
+	st	%g0,[$rp+32+8]
+	st	%g0,[$rp+32+12]
+	st	%g0,[$rp+32+16]
+	st	%g0,[$rp+32+20]
+	st	%g0,[$rp+32+24]
+	st	%g0,[$rp+32+28]
+	st	%g0,[$rp+64]
+	st	%g0,[$rp+64+4]
+	st	%g0,[$rp+64+8]
+	st	%g0,[$rp+64+12]
+	st	%g0,[$rp+64+16]
+	st	%g0,[$rp+64+20]
+	st	%g0,[$rp+64+24]
+	st	%g0,[$rp+64+28]
+	b	.Ladd_done
+	nop
+
+.align	16
+.Ladd_double:
+	ldx	[%fp+STACK_BIAS-8],$rp_real
+	mov	$ap_real,$ap
+	b	.Lpoint_double_shortcut
+	add	%sp,32*(12-4)+32,%sp	! difference in frame sizes
+
+.align	16
+.Ladd_proceed:
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$R,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS+$Rsqr,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	$bp_real,64,$bp
+	add	%sp,LOCALS+$res_z,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, res_z, in2_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS+$Hcub,$rp
+
+	add	%sp,LOCALS+$U1,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, U1, Hsqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	call	__ecp_nistz256_sub_from	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$U2,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	add	%sp,LOCALS+$S1,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S1, Hcub);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$res_y,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$S2,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS+$res_y,$rp
+
+	ld	[%fp+STACK_BIAS-16],$t1	! !in1infty
+	ld	[%fp+STACK_BIAS-12],$t2	! !in2infty
+	ldx	[%fp+STACK_BIAS-8],$rp
+___
+for($i=0;$i<96;$i+=8) {			# conditional moves
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$bp_real+$i],@acc[2]		! in2
+	ld	[$bp_real+$i+4],@acc[3]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@acc[2],@acc[0]
+	movrz	$t1,@acc[3],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+$code.=<<___;
+.Ladd_done:
+	ret
+	restore
+.type	ecp_nistz256_point_add,#function
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+___
+}
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty, result of check for zero and return pointer.
+
+my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+my $bp_real=$rp_real;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.align	32
+ecp_nistz256_point_add_affine:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1],%g1		! OPENSSL_sparcv9cap_P[0]
+	and	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1
+	cmp	%g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK)
+	be	ecp_nistz256_point_add_affine_vis3
+	nop
+
+	save	%sp,-STACK_FRAME-32*10-32,%sp
+
+	stx	$rp,[%fp+STACK_BIAS-8]	! off-load $rp
+	mov	$ap,$ap_real
+	mov	$bp,$bp_real
+
+	ld	[$ap+64],$t0		! in1_z
+	ld	[$ap+64+4],$t1
+	ld	[$ap+64+8],$t2
+	ld	[$ap+64+12],$t3
+	ld	[$ap+64+16],$t4
+	ld	[$ap+64+20],$t5
+	ld	[$ap+64+24],$t6
+	ld	[$ap+64+28],$t7
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0		! !in1infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-16]
+
+	ld	[$bp],@acc[0]		! in2_x
+	ld	[$bp+4],@acc[1]
+	ld	[$bp+8],@acc[2]
+	ld	[$bp+12],@acc[3]
+	ld	[$bp+16],@acc[4]
+	ld	[$bp+20],@acc[5]
+	ld	[$bp+24],@acc[6]
+	ld	[$bp+28],@acc[7]
+	ld	[$bp+32],$t0		! in2_y
+	ld	[$bp+32+4],$t1
+	ld	[$bp+32+8],$t2
+	ld	[$bp+32+12],$t3
+	ld	[$bp+32+16],$t4
+	ld	[$bp+32+20],$t5
+	ld	[$bp+32+24],$t6
+	ld	[$bp+32+28],$t7
+	or	@acc[1],@acc[0],@acc[0]
+	or	@acc[3],@acc[2],@acc[2]
+	or	@acc[5],@acc[4],@acc[4]
+	or	@acc[7],@acc[6],@acc[6]
+	or	@acc[2],@acc[0],@acc[0]
+	or	@acc[6],@acc[4],@acc[4]
+	or	@acc[4],@acc[0],@acc[0]
+	or	$t1,$t0,$t0
+	or	$t3,$t2,$t2
+	or	$t5,$t4,$t4
+	or	$t7,$t6,$t6
+	or	$t2,$t0,$t0
+	or	$t6,$t4,$t4
+	or	$t4,$t0,$t0
+	or	@acc[0],$t0,$t0		! !in2infty
+	movrnz	$t0,-1,$t0
+	st	$t0,[%fp+STACK_BIAS-12]
+
+	add	$ap_real,64,$bp
+	add	$ap_real,64,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS+$Z1sqr,$rp
+
+	add	$bp_real,0,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, Z1sqr, in2_x);
+	add	%sp,LOCALS+$U2,$rp
+
+	add	$ap_real,0,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(H, U2, in1_x);
+	add	%sp,LOCALS+$H,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$Z1sqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,64,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS+$res_z,$rp
+
+	add	$bp_real,32,$bp
+	add	%sp,LOCALS+$S2,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	$ap_real,32,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(R, S2, in1_y);
+	add	%sp,LOCALS+$R,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$H,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$R,$ap
+	call	__ecp_nistz256_mul_mont	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS+$Rsqr,$rp
+
+	add	%sp,LOCALS+$H,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS+$Hcub,$rp
+
+	add	$ap_real,0,$bp
+	add	%sp,LOCALS+$Hsqr,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(U2, in1_x, Hsqr);
+	add	%sp,LOCALS+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS+$Hsqr,$rp
+
+	add	%sp,LOCALS+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$Hcub,$bp
+	call	__ecp_nistz256_sub_from	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS+$res_x,$rp
+
+	add	%sp,LOCALS+$U2,$bp
+	call	__ecp_nistz256_sub_morf	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	$ap_real,32,$bp
+	add	%sp,LOCALS+$Hcub,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(S2, in1_y, Hcub);
+	add	%sp,LOCALS+$S2,$rp
+
+	add	%sp,LOCALS+$R,$bp
+	add	%sp,LOCALS+$res_y,$ap
+	call	__ecp_nistz256_mul_mont	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS+$res_y,$rp
+
+	add	%sp,LOCALS+$S2,$bp
+	call	__ecp_nistz256_sub_from	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS+$res_y,$rp
+
+	ld	[%fp+STACK_BIAS-16],$t1	! !in1infty
+	ld	[%fp+STACK_BIAS-12],$t2	! !in2infty
+	ldx	[%fp+STACK_BIAS-8],$rp
+___
+for($i=0;$i<64;$i+=8) {			# conditional moves
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$bp_real+$i],@acc[2]		! in2
+	ld	[$bp_real+$i+4],@acc[3]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@acc[2],@acc[0]
+	movrz	$t1,@acc[3],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+for(;$i<96;$i+=8) {
+my $j=($i-64)/4;
+$code.=<<___;
+	ld	[%sp+LOCALS+$i],@acc[0]		! res
+	ld	[%sp+LOCALS+$i+4],@acc[1]
+	ld	[$ap_real+$i],@acc[4]		! in1
+	ld	[$ap_real+$i+4],@acc[5]
+	movrz	$t1,@ONE_mont[$j],@acc[0]
+	movrz	$t1,@ONE_mont[$j+1],@acc[1]
+	movrz	$t2,@acc[4],@acc[0]
+	movrz	$t2,@acc[5],@acc[1]
+	st	@acc[0],[$rp+$i]
+	st	@acc[1],[$rp+$i+4]
+___
+}
+$code.=<<___;
+	ret
+	restore
+.type	ecp_nistz256_point_add_affine,#function
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+___
+}								}}}
+{{{
+my ($out,$inp,$index)=map("%i$_",(0..2));
+my $mask="%o0";
+
+$code.=<<___;
+! void	ecp_nistz256_scatter_w5(void *%i0,const P256_POINT *%i1,
+!					  int %i2);
+.globl	ecp_nistz256_scatter_w5
+.align	32
+ecp_nistz256_scatter_w5:
+	save	%sp,-STACK_FRAME,%sp
+
+	sll	$index,2,$index
+	add	$out,$index,$out
+
+	ld	[$inp],%l0		! X
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	add	$inp,32,$inp
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+	add	$out,64*8,$out
+
+	ld	[$inp],%l0		! Y
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	add	$inp,32,$inp
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+	add	$out,64*8,$out
+
+	ld	[$inp],%l0		! Z
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	ld	[$inp+28],%l7
+	st	%l0,[$out+64*0-4]
+	st	%l1,[$out+64*1-4]
+	st	%l2,[$out+64*2-4]
+	st	%l3,[$out+64*3-4]
+	st	%l4,[$out+64*4-4]
+	st	%l5,[$out+64*5-4]
+	st	%l6,[$out+64*6-4]
+	st	%l7,[$out+64*7-4]
+
+	ret
+	restore
+.type	ecp_nistz256_scatter_w5,#function
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+! void	ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
+!					       int %i2);
+.globl	ecp_nistz256_gather_w5
+.align	32
+ecp_nistz256_gather_w5:
+	save	%sp,-STACK_FRAME,%sp
+
+	neg	$index,$mask
+	srax	$mask,63,$mask
+
+	add	$index,$mask,$index
+	sll	$index,2,$index
+	add	$inp,$index,$inp
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	add	$inp,64*8,$inp
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! X
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+	add	$out,32,$out
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	add	$inp,64*8,$inp
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! Y
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+	add	$out,32,$out
+
+	ld	[$inp+64*0],%l0
+	ld	[$inp+64*1],%l1
+	ld	[$inp+64*2],%l2
+	ld	[$inp+64*3],%l3
+	ld	[$inp+64*4],%l4
+	ld	[$inp+64*5],%l5
+	ld	[$inp+64*6],%l6
+	ld	[$inp+64*7],%l7
+	and	%l0,$mask,%l0
+	and	%l1,$mask,%l1
+	st	%l0,[$out]		! Z
+	and	%l2,$mask,%l2
+	st	%l1,[$out+4]
+	and	%l3,$mask,%l3
+	st	%l2,[$out+8]
+	and	%l4,$mask,%l4
+	st	%l3,[$out+12]
+	and	%l5,$mask,%l5
+	st	%l4,[$out+16]
+	and	%l6,$mask,%l6
+	st	%l5,[$out+20]
+	and	%l7,$mask,%l7
+	st	%l6,[$out+24]
+	st	%l7,[$out+28]
+
+	ret
+	restore
+.type	ecp_nistz256_gather_w5,#function
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+! void	ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
+!					  int %i2);
+.globl	ecp_nistz256_scatter_w7
+.align	32
+ecp_nistz256_scatter_w7:
+	save	%sp,-STACK_FRAME,%sp
+	nop
+	add	$out,$index,$out
+	mov	64/4,$index
+.Loop_scatter_w7:
+	ld	[$inp],%l0
+	add	$inp,4,$inp
+	subcc	$index,1,$index
+	stb	%l0,[$out+64*0-1]
+	srl	%l0,8,%l1
+	stb	%l1,[$out+64*1-1]
+	srl	%l0,16,%l2
+	stb	%l2,[$out+64*2-1]
+	srl	%l0,24,%l3
+	stb	%l3,[$out+64*3-1]
+	bne	.Loop_scatter_w7
+	add	$out,64*4,$out
+
+	ret
+	restore
+.type	ecp_nistz256_scatter_w7,#function
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+! void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
+!						      int %i2);
+.globl	ecp_nistz256_gather_w7
+.align	32
+ecp_nistz256_gather_w7:
+	save	%sp,-STACK_FRAME,%sp
+
+	neg	$index,$mask
+	srax	$mask,63,$mask
+
+	add	$index,$mask,$index
+	add	$inp,$index,$inp
+	mov	64/4,$index
+
+.Loop_gather_w7:
+	ldub	[$inp+64*0],%l0
+	prefetch [$inp+3840+64*0],1
+	subcc	$index,1,$index
+	ldub	[$inp+64*1],%l1
+	prefetch [$inp+3840+64*1],1
+	ldub	[$inp+64*2],%l2
+	prefetch [$inp+3840+64*2],1
+	ldub	[$inp+64*3],%l3
+	prefetch [$inp+3840+64*3],1
+	add	$inp,64*4,$inp
+	sll	%l1,8,%l1
+	sll	%l2,16,%l2
+	or	%l0,%l1,%l0
+	sll	%l3,24,%l3
+	or	%l0,%l2,%l0
+	or	%l0,%l3,%l0
+	and	%l0,$mask,%l0
+	st	%l0,[$out]
+	bne	.Loop_gather_w7
+	add	$out,4,$out
+
+	ret
+	restore
+.type	ecp_nistz256_gather_w7,#function
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}}}
+{{{
+########################################################################
+# Following subroutines are VIS3 counterparts of those above that
+# implement ones found in ecp_nistz256.c. Key difference is that they
+# use 128-bit muliplication and addition with 64-bit carry, and in order
+# to do that they perform conversion from uin32_t[8] to uint64_t[4] upon
+# entry and vice versa on return.
+#
+my ($rp,$ap,$bp)=map("%i$_",(0..2));
+my ($t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("%l$_",(0..7));
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5)=map("%o$_",(0..5));
+my ($bi,$poly1,$poly3,$minus1)=(map("%i$_",(3..5)),"%g1");
+my ($rp_real,$ap_real)=("%g2","%g3");
+my ($acc6,$acc7)=($bp,$bi);	# used in squaring
+
+$code.=<<___;
+.align	32
+__ecp_nistz256_mul_by_2_vis3:
+	addcc	$acc0,$acc0,$acc0
+	addxccc	$acc1,$acc1,$acc1
+	addxccc	$acc2,$acc2,$acc2
+	addxccc	$acc3,$acc3,$acc3
+	b	.Lreduce_by_sub_vis3
+	addxc	%g0,%g0,$acc4		! did it carry?
+.type	__ecp_nistz256_mul_by_2_vis3,#function
+.size	__ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
+
+.align	32
+__ecp_nistz256_add_vis3:
+	ldx	[$bp+0],$t0
+	ldx	[$bp+8],$t1
+	ldx	[$bp+16],$t2
+	ldx	[$bp+24],$t3
+
+__ecp_nistz256_add_noload_vis3:
+
+	addcc	$t0,$acc0,$acc0
+	addxccc	$t1,$acc1,$acc1
+	addxccc	$t2,$acc2,$acc2
+	addxccc	$t3,$acc3,$acc3
+	addxc	%g0,%g0,$acc4		! did it carry?
+
+.Lreduce_by_sub_vis3:
+
+	addcc	$acc0,1,$t0		! add -modulus, i.e. subtract
+	addxccc	$acc1,$poly1,$t1
+	addxccc	$acc2,$minus1,$t2
+	addxccc	$acc3,$poly3,$t3
+	addxc	$acc4,$minus1,$acc4
+
+	movrz	$acc4,$t0,$acc0		! ret = borrow ? ret : ret-modulus
+	movrz	$acc4,$t1,$acc1
+	stx	$acc0,[$rp]
+	movrz	$acc4,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movrz	$acc4,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_add_vis3,#function
+.size	__ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
+
+! Trouble with subtraction is that there is no subtraction with 64-bit
+! borrow, only with 32-bit one. For this reason we "decompose" 64-bit
+! $acc0-$acc3 to 32-bit values and pick b[4] in 32-bit pieces. But
+! recall that SPARC is big-endian, which is why you'll observe that
+! b[4] is accessed as 4-0-12-8-20-16-28-24. And prior reduction we
+! "collect" result back to 64-bit $acc0-$acc3.
+.align	32
+__ecp_nistz256_sub_from_vis3:
+	ld	[$bp+4],$t0
+	ld	[$bp+0],$t1
+	ld	[$bp+12],$t2
+	ld	[$bp+8],$t3
+
+	srlx	$acc0,32,$acc4
+	not	$poly1,$poly1
+	srlx	$acc1,32,$acc5
+	subcc	$acc0,$t0,$acc0
+	ld	[$bp+20],$t0
+	subccc	$acc4,$t1,$acc4
+	ld	[$bp+16],$t1
+	subccc	$acc1,$t2,$acc1
+	ld	[$bp+28],$t2
+	and	$acc0,$poly1,$acc0
+	subccc	$acc5,$t3,$acc5
+	ld	[$bp+24],$t3
+	sllx	$acc4,32,$acc4
+	and	$acc1,$poly1,$acc1
+	sllx	$acc5,32,$acc5
+	or	$acc0,$acc4,$acc0
+	srlx	$acc2,32,$acc4
+	or	$acc1,$acc5,$acc1
+	srlx	$acc3,32,$acc5
+	subccc	$acc2,$t0,$acc2
+	subccc	$acc4,$t1,$acc4
+	subccc	$acc3,$t2,$acc3
+	and	$acc2,$poly1,$acc2
+	subccc	$acc5,$t3,$acc5
+	sllx	$acc4,32,$acc4
+	and	$acc3,$poly1,$acc3
+	sllx	$acc5,32,$acc5
+	or	$acc2,$acc4,$acc2
+	subc	%g0,%g0,$acc4		! did it borrow?
+	b	.Lreduce_by_add_vis3
+	or	$acc3,$acc5,$acc3
+.type	__ecp_nistz256_sub_from_vis3,#function
+.size	__ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
+
+.align	32
+__ecp_nistz256_sub_morf_vis3:
+	ld	[$bp+4],$t0
+	ld	[$bp+0],$t1
+	ld	[$bp+12],$t2
+	ld	[$bp+8],$t3
+
+	srlx	$acc0,32,$acc4
+	not	$poly1,$poly1
+	srlx	$acc1,32,$acc5
+	subcc	$t0,$acc0,$acc0
+	ld	[$bp+20],$t0
+	subccc	$t1,$acc4,$acc4
+	ld	[$bp+16],$t1
+	subccc	$t2,$acc1,$acc1
+	ld	[$bp+28],$t2
+	and	$acc0,$poly1,$acc0
+	subccc	$t3,$acc5,$acc5
+	ld	[$bp+24],$t3
+	sllx	$acc4,32,$acc4
+	and	$acc1,$poly1,$acc1
+	sllx	$acc5,32,$acc5
+	or	$acc0,$acc4,$acc0
+	srlx	$acc2,32,$acc4
+	or	$acc1,$acc5,$acc1
+	srlx	$acc3,32,$acc5
+	subccc	$t0,$acc2,$acc2
+	subccc	$t1,$acc4,$acc4
+	subccc	$t2,$acc3,$acc3
+	and	$acc2,$poly1,$acc2
+	subccc	$t3,$acc5,$acc5
+	sllx	$acc4,32,$acc4
+	and	$acc3,$poly1,$acc3
+	sllx	$acc5,32,$acc5
+	or	$acc2,$acc4,$acc2
+	subc	%g0,%g0,$acc4		! did it borrow?
+	or	$acc3,$acc5,$acc3
+
+.Lreduce_by_add_vis3:
+
+	addcc	$acc0,-1,$t0		! add modulus
+	not	$poly3,$t3
+	addxccc	$acc1,$poly1,$t1
+	not	$poly1,$poly1		! restore $poly1
+	addxccc	$acc2,%g0,$t2
+	addxc	$acc3,$t3,$t3
+
+	movrnz	$acc4,$t0,$acc0		! if a-b borrowed, ret = ret+mod
+	movrnz	$acc4,$t1,$acc1
+	stx	$acc0,[$rp]
+	movrnz	$acc4,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movrnz	$acc4,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_sub_morf_vis3,#function
+.size	__ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
+
+.align	32
+__ecp_nistz256_div_by_2_vis3:
+	! ret = (a is odd ? a+mod : a) >> 1
+
+	not	$poly1,$t1
+	not	$poly3,$t3
+	and	$acc0,1,$acc5
+	addcc	$acc0,-1,$t0		! add modulus
+	addxccc	$acc1,$t1,$t1
+	addxccc	$acc2,%g0,$t2
+	addxccc	$acc3,$t3,$t3
+	addxc	%g0,%g0,$acc4		! carry bit
+
+	movrnz	$acc5,$t0,$acc0
+	movrnz	$acc5,$t1,$acc1
+	movrnz	$acc5,$t2,$acc2
+	movrnz	$acc5,$t3,$acc3
+	movrz	$acc5,%g0,$acc4
+
+	! ret >>= 1
+
+	srlx	$acc0,1,$acc0
+	sllx	$acc1,63,$t0
+	srlx	$acc1,1,$acc1
+	or	$acc0,$t0,$acc0
+	sllx	$acc2,63,$t1
+	srlx	$acc2,1,$acc2
+	or	$acc1,$t1,$acc1
+	sllx	$acc3,63,$t2
+	stx	$acc0,[$rp]
+	srlx	$acc3,1,$acc3
+	or	$acc2,$t2,$acc2
+	sllx	$acc4,63,$t3		! don't forget carry bit
+	stx	$acc1,[$rp+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_div_by_2_vis3,#function
+.size	__ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
+
+! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
+! 4x faster [on T4]...
+.align	32
+__ecp_nistz256_mul_mont_vis3:
+	mulx	$a0,$bi,$acc0
+	not	$poly3,$poly3		! 0xFFFFFFFF00000001
+	umulxhi	$a0,$bi,$t0
+	mulx	$a1,$bi,$acc1
+	umulxhi	$a1,$bi,$t1
+	mulx	$a2,$bi,$acc2
+	umulxhi	$a2,$bi,$t2
+	mulx	$a3,$bi,$acc3
+	umulxhi	$a3,$bi,$t3
+	ldx	[$bp+8],$bi		! b[1]
+
+	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc2
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc3
+	addxc	%g0,$t3,$acc4
+	mov	0,$acc5
+___
+for($i=1;$i<4;$i++) {
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#            ffff0001.00000000.0000ffff.ffffffff
+	# *                                     abcdefgh
+	# + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000
+	# - 0000abcd.efgh0000.00000000.00000000.abcdefgh
+	#
+	# or marking redundant operations:
+	#
+	#   xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.--------
+	# + abcdefgh.abcdefgh.0000abcd.efgh0000.--------
+	# - 0000abcd.efgh0000.--------.--------.--------
+	#   ^^^^^^^^ but this word is calculated with umulxhi, because
+	#            there is no subtract with 64-bit borrow:-(
+
+$code.=<<___;
+	sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	mulx	$a0,$bi,$t0
+	addxccc	$acc2,$t1,$acc1
+	mulx	$a1,$bi,$t1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	mulx	$a2,$bi,$t2
+	addxccc	$acc4,$t3,$acc3
+	mulx	$a3,$bi,$t3
+	addxc	$acc5,%g0,$acc4
+
+	addcc	$acc0,$t0,$acc0		! accumulate low parts of multiplication
+	umulxhi	$a0,$bi,$t0
+	addxccc	$acc1,$t1,$acc1
+	umulxhi	$a1,$bi,$t1
+	addxccc	$acc2,$t2,$acc2
+	umulxhi	$a2,$bi,$t2
+	addxccc	$acc3,$t3,$acc3
+	umulxhi	$a3,$bi,$t3
+	addxc	$acc4,%g0,$acc4
+___
+$code.=<<___	if ($i<3);
+	ldx	[$bp+8*($i+1)],$bi	! bp[$i+1]
+___
+$code.=<<___;
+	addcc	$acc1,$t0,$acc1		! accumulate high parts of multiplication 
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc2
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc3
+	addxccc	$acc4,$t3,$acc4
+	addxc	%g0,%g0,$acc5
+___
+}
+$code.=<<___;
+	sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	addxccc	$acc2,$t1,$acc1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	addxccc	$acc4,$t3,$acc3
+	b	.Lmul_final_vis3	! see below
+	addxc	$acc5,%g0,$acc4
+.type	__ecp_nistz256_mul_mont_vis3,#function
+.size	__ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
+
+! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
+! instructions, but only 14% faster [on T4]...
+.align	32
+__ecp_nistz256_sqr_mont_vis3:
+	!  |  |  |  |  |  |a1*a0|  |
+	!  |  |  |  |  |a2*a0|  |  |
+	!  |  |a3*a2|a3*a0|  |  |  |
+	!  |  |  |  |a2*a1|  |  |  |
+	!  |  |  |a3*a1|  |  |  |  |
+	! *|  |  |  |  |  |  |  | 2|
+	! +|a3*a3|a2*a2|a1*a1|a0*a0|
+	!  |--+--+--+--+--+--+--+--|
+	!  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx
+	!
+	!  "can't overflow" below mark carrying into high part of
+	!  multiplication result, which can't overflow, because it
+	!  can never be all ones.
+
+	mulx	$a1,$a0,$acc1		! a[1]*a[0]
+	umulxhi	$a1,$a0,$t1
+	mulx	$a2,$a0,$acc2		! a[2]*a[0]
+	umulxhi	$a2,$a0,$t2
+	mulx	$a3,$a0,$acc3		! a[3]*a[0]
+	umulxhi	$a3,$a0,$acc4
+
+	addcc	$acc2,$t1,$acc2		! accumulate high parts of multiplication
+	mulx	$a2,$a1,$t0		! a[2]*a[1]
+	umulxhi	$a2,$a1,$t1
+	addxccc	$acc3,$t2,$acc3
+	mulx	$a3,$a1,$t2		! a[3]*a[1]
+	umulxhi	$a3,$a1,$t3
+	addxc	$acc4,%g0,$acc4		! can't overflow
+
+	mulx	$a3,$a2,$acc5		! a[3]*a[2]
+	not	$poly3,$poly3		! 0xFFFFFFFF00000001
+	umulxhi	$a3,$a2,$acc6
+
+	addcc	$t2,$t1,$t1		! accumulate high parts of multiplication
+	mulx	$a0,$a0,$acc0		! a[0]*a[0]
+	addxc	$t3,%g0,$t2		! can't overflow
+
+	addcc	$acc3,$t0,$acc3		! accumulate low parts of multiplication
+	umulxhi	$a0,$a0,$a0
+	addxccc	$acc4,$t1,$acc4
+	mulx	$a1,$a1,$t1		! a[1]*a[1]
+	addxccc	$acc5,$t2,$acc5
+	umulxhi	$a1,$a1,$a1
+	addxc	$acc6,%g0,$acc6		! can't overflow
+
+	addcc	$acc1,$acc1,$acc1	! acc[1-6]*=2
+	mulx	$a2,$a2,$t2		! a[2]*a[2]
+	addxccc	$acc2,$acc2,$acc2
+	umulxhi	$a2,$a2,$a2
+	addxccc	$acc3,$acc3,$acc3
+	mulx	$a3,$a3,$t3		! a[3]*a[3]
+	addxccc	$acc4,$acc4,$acc4
+	umulxhi	$a3,$a3,$a3
+	addxccc	$acc5,$acc5,$acc5
+	addxccc	$acc6,$acc6,$acc6
+	addxc	%g0,%g0,$acc7
+
+	addcc	$acc1,$a0,$acc1		! +a[i]*a[i]
+	addxccc	$acc2,$t1,$acc2
+	addxccc	$acc3,$a1,$acc3
+	addxccc	$acc4,$t2,$acc4
+	 sllx	$acc0,32,$t0
+	addxccc	$acc5,$a2,$acc5
+	 srlx	$acc0,32,$t1
+	addxccc	$acc6,$t3,$acc6
+	 sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	addxc	$acc7,$a3,$acc7
+___
+for($i=0;$i<3;$i++) {			# reductions, see commentary
+					# in multiplication for details
+$code.=<<___;
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	 sllx	$acc0,32,$t0
+	addxccc	$acc2,$t1,$acc1
+	 srlx	$acc0,32,$t1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	 sub	$acc0,$t0,$t2		! acc0*0xFFFFFFFF00000001, low part
+	addxc	%g0,$t3,$acc3		! cant't overflow
+___
+}
+$code.=<<___;
+	umulxhi	$acc0,$poly3,$t3	! acc0*0xFFFFFFFF00000001, high part
+	addcc	$acc1,$t0,$acc0		! +=acc[0]<<96 and omit acc[0]
+	addxccc	$acc2,$t1,$acc1
+	addxccc	$acc3,$t2,$acc2		! +=acc[0]*0xFFFFFFFF00000001
+	addxc	%g0,$t3,$acc3		! can't overflow
+
+	addcc	$acc0,$acc4,$acc0	! accumulate upper half
+	addxccc	$acc1,$acc5,$acc1
+	addxccc	$acc2,$acc6,$acc2
+	addxccc	$acc3,$acc7,$acc3
+	addxc	%g0,%g0,$acc4
+
+.Lmul_final_vis3:
+
+	! Final step is "if result > mod, subtract mod", but as comparison
+	! means subtraction, we do the subtraction and then copy outcome
+	! if it didn't borrow. But note that as we [have to] replace
+	! subtraction with addition with negative, carry/borrow logic is
+	! inverse.
+
+	addcc	$acc0,1,$t0		! add -modulus, i.e. subtract
+	not	$poly3,$poly3		! restore 0x00000000FFFFFFFE
+	addxccc	$acc1,$poly1,$t1
+	addxccc	$acc2,$minus1,$t2
+	addxccc	$acc3,$poly3,$t3
+	addxccc	$acc4,$minus1,%g0	! did it carry?
+
+	movcs	%xcc,$t0,$acc0
+	movcs	%xcc,$t1,$acc1
+	stx	$acc0,[$rp]
+	movcs	%xcc,$t2,$acc2
+	stx	$acc1,[$rp+8]
+	movcs	%xcc,$t3,$acc3
+	stx	$acc2,[$rp+16]
+	retl
+	stx	$acc3,[$rp+24]
+.type	__ecp_nistz256_sqr_mont_vis3,#function
+.size	__ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
+___
+
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+{
+my ($res_x,$res_y,$res_z,
+    $in_x,$in_y,$in_z,
+    $S,$M,$Zsqr,$tmp0)=map(32*$_,(0..9));
+# above map() describes stack layout with 10 temporary
+# 256-bit vectors on top.
+
+$code.=<<___;
+.align	32
+ecp_nistz256_point_double_vis3:
+	save	%sp,-STACK64_FRAME-32*10,%sp
+
+	mov	$rp,$rp_real
+.Ldouble_shortcut_vis3:
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$ap],$a0			! in_x
+	ld	[$ap+4],$t0
+	ld	[$ap+8],$a1
+	ld	[$ap+12],$t1
+	ld	[$ap+16],$a2
+	ld	[$ap+20],$t2
+	ld	[$ap+24],$a3
+	ld	[$ap+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap+32],$acc0			! in_y
+	or	$a0,$t0,$a0
+	ld	[$ap+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$ap+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$ap+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in_y+24]
+
+	ld	[$ap+64],$a0			! in_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$a1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$a2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$a3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$a0,$t0,$a0
+	sllx	$t2,32,$t2
+	or	$a1,$t1,$a1
+	sllx	$t3,32,$t3
+	or	$a2,$t2,$a2
+	or	$a3,$t3,$a3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in_z]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in_z+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in_z+16]
+	stx	$a3,[%sp+LOCALS64+$in_z+24]
+
+	! in_y is still in $acc0-$acc3
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(S, in_y);
+	add	%sp,LOCALS64+$S,$rp
+
+	! in_z is still in $a0-$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Zsqr, in_z);
+	add	%sp,LOCALS64+$Zsqr,$rp
+
+	mov	$acc0,$a0			! put Zsqr aside
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+
+	add	%sp,LOCALS64+$in_x,$bp
+	call	__ecp_nistz256_add_vis3		! p256_add(M, Zsqr, in_x);
+	add	%sp,LOCALS64+$M,$rp
+
+	mov	$a0,$acc0			! restore Zsqr
+	ldx	[%sp+LOCALS64+$S],$a0		! forward load
+	mov	$a1,$acc1
+	ldx	[%sp+LOCALS64+$S+8],$a1
+	mov	$a2,$acc2
+	ldx	[%sp+LOCALS64+$S+16],$a2
+	mov	$a3,$acc3
+	ldx	[%sp+LOCALS64+$S+24],$a3
+
+	add	%sp,LOCALS64+$in_x,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(Zsqr, in_x, Zsqr);
+	add	%sp,LOCALS64+$Zsqr,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(S, S);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$in_z],$bi
+	ldx	[%sp+LOCALS64+$in_y],$a0
+	ldx	[%sp+LOCALS64+$in_y+8],$a1
+	ldx	[%sp+LOCALS64+$in_y+16],$a2
+	ldx	[%sp+LOCALS64+$in_y+24],$a3
+	add	%sp,LOCALS64+$in_z,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(tmp0, in_z, in_y);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	ldx	[%sp+LOCALS64+$M],$bi		! forward load
+	ldx	[%sp+LOCALS64+$Zsqr],$a0
+	ldx	[%sp+LOCALS64+$Zsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Zsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Zsqr+24],$a3
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(res_z, tmp0);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	add	%sp,LOCALS64+$M,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(M, M, Zsqr);
+	add	%sp,LOCALS64+$M,$rp
+
+	mov	$acc0,$a0			! put aside M
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	call	__ecp_nistz256_mul_by_2_vis3
+	add	%sp,LOCALS64+$M,$rp
+	mov	$a0,$t0				! copy M
+	ldx	[%sp+LOCALS64+$S],$a0		! forward load
+	mov	$a1,$t1
+	ldx	[%sp+LOCALS64+$S+8],$a1
+	mov	$a2,$t2
+	ldx	[%sp+LOCALS64+$S+16],$a2
+	mov	$a3,$t3
+	ldx	[%sp+LOCALS64+$S+24],$a3
+	call	__ecp_nistz256_add_noload_vis3	! p256_mul_by_3(M, M);
+	add	%sp,LOCALS64+$M,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(tmp0, S);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	ldx	[%sp+LOCALS64+$S],$bi		! forward load
+	ldx	[%sp+LOCALS64+$in_x],$a0
+	ldx	[%sp+LOCALS64+$in_x+8],$a1
+	ldx	[%sp+LOCALS64+$in_x+16],$a2
+	ldx	[%sp+LOCALS64+$in_x+24],$a3
+
+	call	__ecp_nistz256_div_by_2_vis3	! p256_div_by_2(res_y, tmp0);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S, S, in_x);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$M],$a0		! forward load
+	ldx	[%sp+LOCALS64+$M+8],$a1
+	ldx	[%sp+LOCALS64+$M+16],$a2
+	ldx	[%sp+LOCALS64+$M+24],$a3
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(tmp0, S);
+	add	%sp,LOCALS64+$tmp0,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(res_x, M);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$tmp0,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_x, res_x, tmp0);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$M],$a0		! forward load
+	ldx	[%sp+LOCALS64+$M+8],$a1
+	ldx	[%sp+LOCALS64+$M+16],$a2
+	ldx	[%sp+LOCALS64+$M+24],$a3
+
+	add	%sp,LOCALS64+$S,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(S, S, res_x);
+	add	%sp,LOCALS64+$S,$rp
+
+	mov	$acc0,$bi
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S, S, M);
+	add	%sp,LOCALS64+$S,$rp
+
+	ldx	[%sp+LOCALS64+$res_x],$a0	! forward load
+	ldx	[%sp+LOCALS64+$res_x+8],$a1
+	ldx	[%sp+LOCALS64+$res_x+16],$a2
+	ldx	[%sp+LOCALS64+$res_x+24],$a3
+
+	add	%sp,LOCALS64+$res_y,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, S, res_y);
+	add	%sp,LOCALS64+$res_y,$bp
+
+	! convert output to uint_32[8]
+	srlx	$a0,32,$t0
+	srlx	$a1,32,$t1
+	st	$a0,[$rp_real]			! res_x
+	srlx	$a2,32,$t2
+	st	$t0,[$rp_real+4]
+	srlx	$a3,32,$t3
+	st	$a1,[$rp_real+8]
+	st	$t1,[$rp_real+12]
+	st	$a2,[$rp_real+16]
+	st	$t2,[$rp_real+20]
+	st	$a3,[$rp_real+24]
+	st	$t3,[$rp_real+28]
+
+	ldx	[%sp+LOCALS64+$res_z],$a0	! forward load
+	srlx	$acc0,32,$t0
+	ldx	[%sp+LOCALS64+$res_z+8],$a1
+	srlx	$acc1,32,$t1
+	ldx	[%sp+LOCALS64+$res_z+16],$a2
+	srlx	$acc2,32,$t2
+	ldx	[%sp+LOCALS64+$res_z+24],$a3
+	srlx	$acc3,32,$t3
+	st	$acc0,[$rp_real+32]		! res_y
+	st	$t0,  [$rp_real+32+4]
+	st	$acc1,[$rp_real+32+8]
+	st	$t1,  [$rp_real+32+12]
+	st	$acc2,[$rp_real+32+16]
+	st	$t2,  [$rp_real+32+20]
+	st	$acc3,[$rp_real+32+24]
+	st	$t3,  [$rp_real+32+28]
+
+	srlx	$a0,32,$t0
+	srlx	$a1,32,$t1
+	st	$a0,[$rp_real+64]		! res_z
+	srlx	$a2,32,$t2
+	st	$t0,[$rp_real+64+4]
+	srlx	$a3,32,$t3
+	st	$a1,[$rp_real+64+8]
+	st	$t1,[$rp_real+64+12]
+	st	$a2,[$rp_real+64+16]
+	st	$t2,[$rp_real+64+20]
+	st	$a3,[$rp_real+64+24]
+	st	$t3,[$rp_real+64+28]
+
+	ret
+	restore
+.type	ecp_nistz256_point_double_vis3,#function
+.size	ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
+___
+}
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#			      const P256_POINT *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,$in2_z,
+    $H,$Hsqr,$R,$Rsqr,$Hcub,
+    $U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+# above map() describes stack layout with 18 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty, !in2infty and result of check for zero.
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_vis3
+.align	32
+ecp_nistz256_point_add_vis3:
+	save	%sp,-STACK64_FRAME-32*18-32,%sp
+
+	mov	$rp,$rp_real
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$bp],$a0			! in2_x
+	ld	[$bp+4],$t0
+	ld	[$bp+8],$a1
+	ld	[$bp+12],$t1
+	ld	[$bp+16],$a2
+	ld	[$bp+20],$t2
+	ld	[$bp+24],$a3
+	ld	[$bp+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$bp+32],$acc0			! in2_y
+	or	$a0,$t0,$a0
+	ld	[$bp+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$bp+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$bp+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$bp+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$bp+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$bp+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$bp+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in2_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in2_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in2_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in2_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in2_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in2_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in2_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_y+24]
+
+	ld	[$bp+64],$acc0			! in2_z
+	ld	[$bp+64+4],$t0
+	ld	[$bp+64+8],$acc1
+	ld	[$bp+64+12],$t1
+	ld	[$bp+64+16],$acc2
+	ld	[$bp+64+20],$t2
+	ld	[$bp+64+24],$acc3
+	ld	[$bp+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap],$a0			! in1_x
+	or	$acc0,$t0,$acc0
+	ld	[$ap+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+8],$a1
+	or	$acc1,$t1,$acc1
+	ld	[$ap+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+16],$a2
+	or	$acc2,$t2,$acc2
+	ld	[$ap+20],$t2
+	or	$acc3,$t3,$acc3
+	ld	[$ap+24],$a3
+	sllx	$t0,32,$t0
+	ld	[$ap+28],$t3
+	sllx	$t1,32,$t1
+	stx	$acc0,[%sp+LOCALS64+$in2_z]
+	sllx	$t2,32,$t2
+	stx	$acc1,[%sp+LOCALS64+$in2_z+8]
+	sllx	$t3,32,$t3
+	stx	$acc2,[%sp+LOCALS64+$in2_z+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_z+24]
+
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	movrnz	$acc0,-1,$acc0			! !in2infty
+	stx	$acc0,[%fp+STACK_BIAS-8]
+
+	or	$a0,$t0,$a0
+	ld	[$ap+32],$acc0			! in1_y
+	or	$a1,$t1,$a1
+	ld	[$ap+32+4],$t0
+	or	$a2,$t2,$a2
+	ld	[$ap+32+8],$acc1
+	or	$a3,$t3,$a3
+	ld	[$ap+32+12],$t1
+	ld	[$ap+32+16],$acc2
+	ld	[$ap+32+20],$t2
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in1_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in1_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in1_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in1_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in1_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_y+24]
+
+	ldx	[%sp+LOCALS64+$in2_z],$a0	! forward load
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+
+	ld	[$ap+64],$acc0			! in1_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$acc1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$acc2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$acc3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$acc0,$t0,$acc0
+	sllx	$t2,32,$t2
+	or	$acc1,$t1,$acc1
+	sllx	$t3,32,$t3
+	stx	$acc0,[%sp+LOCALS64+$in1_z]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_z+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_z+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_z+24]
+
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	movrnz	$acc0,-1,$acc0			! !in1infty
+	stx	$acc0,[%fp+STACK_BIAS-16]
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z2sqr, in2_z);
+	add	%sp,LOCALS64+$Z2sqr,$rp
+
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS64+$Z1sqr,$rp
+
+	ldx	[%sp+LOCALS64+$Z2sqr],$bi
+	ldx	[%sp+LOCALS64+$in2_z],$a0
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+	add	%sp,LOCALS64+$Z2sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S1, Z2sqr, in2_z);
+	add	%sp,LOCALS64+$S1,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$S1],$bi
+	ldx	[%sp+LOCALS64+$in1_y],$a0
+	ldx	[%sp+LOCALS64+$in1_y+8],$a1
+	ldx	[%sp+LOCALS64+$in1_y+16],$a2
+	ldx	[%sp+LOCALS64+$in1_y+24],$a3
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S1, S1, in1_y);
+	add	%sp,LOCALS64+$S1,$rp
+
+	ldx	[%sp+LOCALS64+$S2],$bi
+	ldx	[%sp+LOCALS64+$in2_y],$a0
+	ldx	[%sp+LOCALS64+$in2_y+8],$a1
+	ldx	[%sp+LOCALS64+$in2_y+16],$a2
+	ldx	[%sp+LOCALS64+$in2_y+24],$a3
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$Z2sqr],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_x],$a0
+	ldx	[%sp+LOCALS64+$in1_x+8],$a1
+	ldx	[%sp+LOCALS64+$in1_x+16],$a2
+	ldx	[%sp+LOCALS64+$in1_x+24],$a3
+
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(R, S2, S1);
+	add	%sp,LOCALS64+$R,$rp
+
+	or	$acc1,$acc0,$acc0		! see if result is zero
+	or	$acc3,$acc2,$acc2
+	or	$acc2,$acc0,$acc0
+	stx	$acc0,[%fp+STACK_BIAS-24]
+
+	add	%sp,LOCALS64+$Z2sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U1, in1_x, Z2sqr);
+	add	%sp,LOCALS64+$U1,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi
+	ldx	[%sp+LOCALS64+$in2_x],$a0
+	ldx	[%sp+LOCALS64+$in2_x+8],$a1
+	ldx	[%sp+LOCALS64+$in2_x+16],$a2
+	ldx	[%sp+LOCALS64+$in2_x+24],$a3
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, in2_x, Z1sqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$a0		! forward load
+	ldx	[%sp+LOCALS64+$R+8],$a1
+	ldx	[%sp+LOCALS64+$R+16],$a2
+	ldx	[%sp+LOCALS64+$R+24],$a3
+
+	add	%sp,LOCALS64+$U1,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(H, U2, U1);
+	add	%sp,LOCALS64+$H,$rp
+
+	or	$acc1,$acc0,$acc0		! see if result is zero
+	or	$acc3,$acc2,$acc2
+	orcc	$acc2,$acc0,$acc0
+
+	bne,pt	%xcc,.Ladd_proceed_vis3		! is_equal(U1,U2)?
+	nop
+
+	ldx	[%fp+STACK_BIAS-8],$t0
+	ldx	[%fp+STACK_BIAS-16],$t1
+	ldx	[%fp+STACK_BIAS-24],$t2
+	andcc	$t0,$t1,%g0
+	be,pt	%xcc,.Ladd_proceed_vis3		! (in1infty || in2infty)?
+	nop
+	andcc	$t2,$t2,%g0
+	be,a,pt	%xcc,.Ldouble_shortcut_vis3	! is_equal(S1,S2)?
+	add	%sp,32*(12-10)+32,%sp		! difference in frame sizes
+
+	st	%g0,[$rp_real]
+	st	%g0,[$rp_real+4]
+	st	%g0,[$rp_real+8]
+	st	%g0,[$rp_real+12]
+	st	%g0,[$rp_real+16]
+	st	%g0,[$rp_real+20]
+	st	%g0,[$rp_real+24]
+	st	%g0,[$rp_real+28]
+	st	%g0,[$rp_real+32]
+	st	%g0,[$rp_real+32+4]
+	st	%g0,[$rp_real+32+8]
+	st	%g0,[$rp_real+32+12]
+	st	%g0,[$rp_real+32+16]
+	st	%g0,[$rp_real+32+20]
+	st	%g0,[$rp_real+32+24]
+	st	%g0,[$rp_real+32+28]
+	st	%g0,[$rp_real+64]
+	st	%g0,[$rp_real+64+4]
+	st	%g0,[$rp_real+64+8]
+	st	%g0,[$rp_real+64+12]
+	st	%g0,[$rp_real+64+16]
+	st	%g0,[$rp_real+64+20]
+	st	%g0,[$rp_real+64+24]
+	st	%g0,[$rp_real+64+28]
+	b	.Ladd_done_vis3
+	nop
+
+.align	16
+.Ladd_proceed_vis3:
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS64+$Rsqr,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$H],$a0
+	ldx	[%sp+LOCALS64+$H+8],$a1
+	ldx	[%sp+LOCALS64+$H+16],$a2
+	ldx	[%sp+LOCALS64+$H+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	ldx	[%sp+LOCALS64+$res_z],$bi
+	ldx	[%sp+LOCALS64+$in2_z],$a0
+	ldx	[%sp+LOCALS64+$in2_z+8],$a1
+	ldx	[%sp+LOCALS64+$in2_z+16],$a2
+	ldx	[%sp+LOCALS64+$in2_z+24],$a3
+	add	%sp,LOCALS64+$res_z,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, res_z, in2_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS64+$Hcub,$rp
+
+	ldx	[%sp+LOCALS64+$U1],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$U1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, U1, Hsqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	add	%sp,LOCALS64+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_sub_from_vis3	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$S1],$bi		! forward load
+	ldx	[%sp+LOCALS64+$Hcub],$a0
+	ldx	[%sp+LOCALS64+$Hcub+8],$a1
+	ldx	[%sp+LOCALS64+$Hcub+16],$a2
+	ldx	[%sp+LOCALS64+$Hcub+24],$a3
+
+	add	%sp,LOCALS64+$U2,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S1,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S1, Hcub);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$bi
+	ldx	[%sp+LOCALS64+$res_y],$a0
+	ldx	[%sp+LOCALS64+$res_y+8],$a1
+	ldx	[%sp+LOCALS64+$res_y+16],$a2
+	ldx	[%sp+LOCALS64+$res_y+24],$a3
+	add	%sp,LOCALS64+$R,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	ldx	[%fp+STACK_BIAS-16],$t1		! !in1infty
+	ldx	[%fp+STACK_BIAS-8],$t2		! !in2infty
+___
+for($i=0;$i<96;$i+=16) {			# conditional moves
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[%sp+LOCALS64+$in2_x+$i],$acc2	! in2
+	ldx	[%sp+LOCALS64+$in2_x+$i+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+$code.=<<___;
+.Ladd_done_vis3:
+	ret
+	restore
+.type	ecp_nistz256_point_add_vis3,#function
+.size	ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
+___
+}
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+{
+my ($res_x,$res_y,$res_z,
+    $in1_x,$in1_y,$in1_z,
+    $in2_x,$in2_y,
+    $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+my $Z1sqr = $S2;
+# above map() describes stack layout with 15 temporary
+# 256-bit vectors on top. Then we reserve some space for
+# !in1infty and !in2infty.
+
+$code.=<<___;
+.align	32
+ecp_nistz256_point_add_affine_vis3:
+	save	%sp,-STACK64_FRAME-32*15-32,%sp
+
+	mov	$rp,$rp_real
+	mov	-1,$minus1
+	mov	-2,$poly3
+	sllx	$minus1,32,$poly1		! 0xFFFFFFFF00000000
+	srl	$poly3,0,$poly3			! 0x00000000FFFFFFFE
+
+	! convert input to uint64_t[4]
+	ld	[$bp],$a0			! in2_x
+	ld	[$bp+4],$t0
+	ld	[$bp+8],$a1
+	ld	[$bp+12],$t1
+	ld	[$bp+16],$a2
+	ld	[$bp+20],$t2
+	ld	[$bp+24],$a3
+	ld	[$bp+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$bp+32],$acc0			! in2_y
+	or	$a0,$t0,$a0
+	ld	[$bp+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$bp+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$bp+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$bp+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$bp+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$bp+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$bp+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in2_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in2_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in2_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in2_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in2_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in2_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in2_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in2_y+24]
+
+	or	$a1,$a0,$a0
+	or	$a3,$a2,$a2
+	or	$acc1,$acc0,$acc0
+	or	$acc3,$acc2,$acc2
+	or	$a2,$a0,$a0
+	or	$acc2,$acc0,$acc0
+	or	$acc0,$a0,$a0
+	movrnz	$a0,-1,$a0			! !in2infty
+	stx	$a0,[%fp+STACK_BIAS-8]
+
+	ld	[$ap],$a0			! in1_x
+	ld	[$ap+4],$t0
+	ld	[$ap+8],$a1
+	ld	[$ap+12],$t1
+	ld	[$ap+16],$a2
+	ld	[$ap+20],$t2
+	ld	[$ap+24],$a3
+	ld	[$ap+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	ld	[$ap+32],$acc0			! in1_y
+	or	$a0,$t0,$a0
+	ld	[$ap+32+4],$t0
+	sllx	$t2,32,$t2
+	ld	[$ap+32+8],$acc1
+	or	$a1,$t1,$a1
+	ld	[$ap+32+12],$t1
+	sllx	$t3,32,$t3
+	ld	[$ap+32+16],$acc2
+	or	$a2,$t2,$a2
+	ld	[$ap+32+20],$t2
+	or	$a3,$t3,$a3
+	ld	[$ap+32+24],$acc3
+	sllx	$t0,32,$t0
+	ld	[$ap+32+28],$t3
+	sllx	$t1,32,$t1
+	stx	$a0,[%sp+LOCALS64+$in1_x]
+	sllx	$t2,32,$t2
+	stx	$a1,[%sp+LOCALS64+$in1_x+8]
+	sllx	$t3,32,$t3
+	stx	$a2,[%sp+LOCALS64+$in1_x+16]
+	or	$acc0,$t0,$acc0
+	stx	$a3,[%sp+LOCALS64+$in1_x+24]
+	or	$acc1,$t1,$acc1
+	stx	$acc0,[%sp+LOCALS64+$in1_y]
+	or	$acc2,$t2,$acc2
+	stx	$acc1,[%sp+LOCALS64+$in1_y+8]
+	or	$acc3,$t3,$acc3
+	stx	$acc2,[%sp+LOCALS64+$in1_y+16]
+	stx	$acc3,[%sp+LOCALS64+$in1_y+24]
+
+	ld	[$ap+64],$a0			! in1_z
+	ld	[$ap+64+4],$t0
+	ld	[$ap+64+8],$a1
+	ld	[$ap+64+12],$t1
+	ld	[$ap+64+16],$a2
+	ld	[$ap+64+20],$t2
+	ld	[$ap+64+24],$a3
+	ld	[$ap+64+28],$t3
+	sllx	$t0,32,$t0
+	sllx	$t1,32,$t1
+	or	$a0,$t0,$a0
+	sllx	$t2,32,$t2
+	or	$a1,$t1,$a1
+	sllx	$t3,32,$t3
+	stx	$a0,[%sp+LOCALS64+$in1_z]
+	or	$a2,$t2,$a2
+	stx	$a1,[%sp+LOCALS64+$in1_z+8]
+	or	$a3,$t3,$a3
+	stx	$a2,[%sp+LOCALS64+$in1_z+16]
+	stx	$a3,[%sp+LOCALS64+$in1_z+24]
+
+	or	$a1,$a0,$t0
+	or	$a3,$a2,$t2
+	or	$t2,$t0,$t0
+	movrnz	$t0,-1,$t0			! !in1infty
+	stx	$t0,[%fp+STACK_BIAS-16]
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Z1sqr, in1_z);
+	add	%sp,LOCALS64+$Z1sqr,$rp
+
+	ldx	[%sp+LOCALS64+$in2_x],$bi
+	mov	$acc0,$a0
+	mov	$acc1,$a1
+	mov	$acc2,$a2
+	mov	$acc3,$a3
+	add	%sp,LOCALS64+$in2_x,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, Z1sqr, in2_x);
+	add	%sp,LOCALS64+$U2,$rp
+
+	ldx	[%sp+LOCALS64+$Z1sqr],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+
+	add	%sp,LOCALS64+$in1_x,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(H, U2, in1_x);
+	add	%sp,LOCALS64+$H,$rp
+
+	add	%sp,LOCALS64+$Z1sqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, Z1sqr, in1_z);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$in1_z],$a0
+	ldx	[%sp+LOCALS64+$in1_z+8],$a1
+	ldx	[%sp+LOCALS64+$in1_z+16],$a2
+	ldx	[%sp+LOCALS64+$in1_z+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_z, H, in1_z);
+	add	%sp,LOCALS64+$res_z,$rp
+
+	ldx	[%sp+LOCALS64+$S2],$bi
+	ldx	[%sp+LOCALS64+$in2_y],$a0
+	ldx	[%sp+LOCALS64+$in2_y+8],$a1
+	ldx	[%sp+LOCALS64+$in2_y+16],$a2
+	ldx	[%sp+LOCALS64+$in2_y+24],$a3
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, S2, in2_y);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$H],$a0		! forward load
+	ldx	[%sp+LOCALS64+$H+8],$a1
+	ldx	[%sp+LOCALS64+$H+16],$a2
+	ldx	[%sp+LOCALS64+$H+24],$a3
+
+	add	%sp,LOCALS64+$in1_y,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(R, S2, in1_y);
+	add	%sp,LOCALS64+$R,$rp
+
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Hsqr, H);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	ldx	[%sp+LOCALS64+$R],$a0
+	ldx	[%sp+LOCALS64+$R+8],$a1
+	ldx	[%sp+LOCALS64+$R+16],$a2
+	ldx	[%sp+LOCALS64+$R+24],$a3
+	call	__ecp_nistz256_sqr_mont_vis3	! p256_sqr_mont(Rsqr, R);
+	add	%sp,LOCALS64+$Rsqr,$rp
+
+	ldx	[%sp+LOCALS64+$H],$bi
+	ldx	[%sp+LOCALS64+$Hsqr],$a0
+	ldx	[%sp+LOCALS64+$Hsqr+8],$a1
+	ldx	[%sp+LOCALS64+$Hsqr+16],$a2
+	ldx	[%sp+LOCALS64+$Hsqr+24],$a3
+	add	%sp,LOCALS64+$H,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(Hcub, Hsqr, H);
+	add	%sp,LOCALS64+$Hcub,$rp
+
+	ldx	[%sp+LOCALS64+$Hsqr],$bi
+	ldx	[%sp+LOCALS64+$in1_x],$a0
+	ldx	[%sp+LOCALS64+$in1_x+8],$a1
+	ldx	[%sp+LOCALS64+$in1_x+16],$a2
+	ldx	[%sp+LOCALS64+$in1_x+24],$a3
+	add	%sp,LOCALS64+$Hsqr,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(U2, in1_x, Hsqr);
+	add	%sp,LOCALS64+$U2,$rp
+
+	call	__ecp_nistz256_mul_by_2_vis3	! p256_mul_by_2(Hsqr, U2);
+	add	%sp,LOCALS64+$Hsqr,$rp
+
+	add	%sp,LOCALS64+$Rsqr,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_x, Rsqr, Hsqr);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_sub_from_vis3	!  p256_sub(res_x, res_x, Hcub);
+	add	%sp,LOCALS64+$res_x,$rp
+
+	ldx	[%sp+LOCALS64+$Hcub],$bi	! forward load
+	ldx	[%sp+LOCALS64+$in1_y],$a0
+	ldx	[%sp+LOCALS64+$in1_y+8],$a1
+	ldx	[%sp+LOCALS64+$in1_y+16],$a2
+	ldx	[%sp+LOCALS64+$in1_y+24],$a3
+
+	add	%sp,LOCALS64+$U2,$bp
+	call	__ecp_nistz256_sub_morf_vis3	! p256_sub(res_y, U2, res_x);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$Hcub,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(S2, in1_y, Hcub);
+	add	%sp,LOCALS64+$S2,$rp
+
+	ldx	[%sp+LOCALS64+$R],$bi
+	ldx	[%sp+LOCALS64+$res_y],$a0
+	ldx	[%sp+LOCALS64+$res_y+8],$a1
+	ldx	[%sp+LOCALS64+$res_y+16],$a2
+	ldx	[%sp+LOCALS64+$res_y+24],$a3
+	add	%sp,LOCALS64+$R,$bp
+	call	__ecp_nistz256_mul_mont_vis3	! p256_mul_mont(res_y, res_y, R);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	add	%sp,LOCALS64+$S2,$bp
+	call	__ecp_nistz256_sub_from_vis3	! p256_sub(res_y, res_y, S2);
+	add	%sp,LOCALS64+$res_y,$rp
+
+	ldx	[%fp+STACK_BIAS-16],$t1		! !in1infty
+	ldx	[%fp+STACK_BIAS-8],$t2		! !in2infty
+1:	call	.+8
+	add	%o7,.Lone_mont_vis3-1b,$bp
+___
+for($i=0;$i<64;$i+=16) {			# conditional moves
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[%sp+LOCALS64+$in2_x+$i],$acc2	! in2
+	ldx	[%sp+LOCALS64+$in2_x+$i+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+for(;$i<96;$i+=16) {
+$code.=<<___;
+	ldx	[%sp+LOCALS64+$res_x+$i],$acc0	! res
+	ldx	[%sp+LOCALS64+$res_x+$i+8],$acc1
+	ldx	[$bp+$i-64],$acc2		! "in2"
+	ldx	[$bp+$i-64+8],$acc3
+	ldx	[%sp+LOCALS64+$in1_x+$i],$acc4	! in1
+	ldx	[%sp+LOCALS64+$in1_x+$i+8],$acc5
+	movrz	$t1,$acc2,$acc0
+	movrz	$t1,$acc3,$acc1
+	movrz	$t2,$acc4,$acc0
+	movrz	$t2,$acc5,$acc1
+	srlx	$acc0,32,$acc2
+	srlx	$acc1,32,$acc3
+	st	$acc0,[$rp_real+$i]
+	st	$acc2,[$rp_real+$i+4]
+	st	$acc1,[$rp_real+$i+8]
+	st	$acc3,[$rp_real+$i+12]
+___
+}
+$code.=<<___;
+	ret
+	restore
+.type	ecp_nistz256_point_add_affine_vis3,#function
+.size	ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
+.align	64
+.Lone_mont_vis3:
+.long	0x00000000,0x00000001, 0xffffffff,0x00000000
+.long	0xffffffff,0xffffffff, 0x00000000,0xfffffffe
+.align	64
+___
+}								}}}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86.pl
new file mode 100755
index 0000000..1d9e006
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -0,0 +1,1866 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# ECP_NISTZ256 module for x86/SSE2.
+#
+# October 2014.
+#
+# Original ECP_NISTZ256 submission targeting x86_64 is detailed in
+# http://eprint.iacr.org/2013/816. In the process of adaptation
+# original .c module was made 32-bit savvy in order to make this
+# implementation possible.
+#
+#		with/without -DECP_NISTZ256_ASM
+# Pentium	+66-163%
+# PIII		+72-172%
+# P4		+65-132%
+# Core2		+90-215%
+# Sandy Bridge	+105-265% (contemporary i[57]-* are all close to this)
+# Atom		+65-155%
+# Opteron	+54-110%
+# Bulldozer	+99-240%
+# VIA Nano	+93-290%
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, server-side
+# operation. Keep in mind that +200% means 3x improvement.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+open TABLE,"<ecp_nistz256_table.c"		or
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+# See ecp_nistz256_table.c for explanation for why it's 64*16*37.
+# 64*16*37-1 is because $#arr returns last valid index or @arr, not
+# amount of elements.
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+&public_label("ecp_nistz256_precomputed");
+&align(4096);
+&set_label("ecp_nistz256_precomputed");
+
+########################################################################
+# this conversion smashes P256_POINT_AFFINE by individual bytes with
+# 64 byte interval, similar to
+#	1111222233334444
+#	1234123412341234
+for(1..37) {
+	@tbl = splice(@arr,0,64*16);
+	for($i=0;$i<64;$i++) {
+		undef @line;
+		for($j=0;$j<64;$j++) {
+			push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff;
+		}
+		&data_byte(join(',',map { sprintf "0x%02x",$_} @line));
+	}
+}
+
+########################################################################
+# Keep in mind that constants are stored least to most significant word
+&static_label("RR");
+&set_label("RR",64);
+&data_word(3,0,-1,-5,-2,-1,-3,4);	# 2^512 mod P-256
+
+&static_label("ONE_mont");
+&set_label("ONE_mont");
+&data_word(1,0,0,-1,-1,-1,-2,0);
+
+&static_label("ONE");
+&set_label("ONE");
+&data_word(1,0,0,0,0,0,0,0);
+&asciz("ECP_NISZ256 for x86/SSE2, CRYPTOGAMS by <appro\@openssl.org>");
+&align(64);
+
+########################################################################
+# void ecp_nistz256_mul_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_mul_by_2");
+	&mov	("esi",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&mov	("ebp","esi");
+########################################################################
+# common pattern for internal functions is that %edi is result pointer,
+# %esi and %ebp are input ones, %ebp being optional. %edi is preserved.
+	&call	("_ecp_nistz256_add");
+&function_end("ecp_nistz256_mul_by_2");
+
+########################################################################
+# void ecp_nistz256_mul_by_3(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_mul_by_3");
+	&mov	("esi",&wparam(1));
+					# multiplication by 3 is performed
+					# as 2*n+n, but we can't use output
+					# to store 2*n, because if output
+					# pointer equals to input, then
+					# we'll get 2*n+2*n.
+	&stack_push(8);			# therefore we need to allocate
+					# 256-bit intermediate buffer.
+	&mov	("edi","esp");
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_add");
+	&lea	("esi",&DWP(0,"edi"));
+	&mov	("ebp",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");
+	&stack_pop(8);
+&function_end("ecp_nistz256_mul_by_3");
+
+########################################################################
+# void ecp_nistz256_div_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_div_by_2");
+	&mov	("esi",&wparam(1));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_div_by_2");
+&function_end("ecp_nistz256_div_by_2");
+
+&function_begin_B("_ecp_nistz256_div_by_2");
+	# tmp = a is odd ? a+mod : a
+	#
+	# note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning least significant bit of input to one register,
+	# %ebp, and its negative to another, %edx.
+
+	&mov	("ebp",&DWP(0,"esi"));
+	&xor	("edx","edx");
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("eax","ebp");
+	&and	("ebp",1);
+	&mov	("ecx",&DWP(8,"esi"));
+	&sub	("edx","ebp");
+
+	&add	("eax","edx");
+	&adc	("ebx","edx");
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx","edx");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&mov	(&DWP(8,"edi"),"ecx");
+
+	&mov	("eax",&DWP(12,"esi"));
+	&mov	("ebx",&DWP(16,"esi"));
+	&adc	("eax",0);
+	&mov	("ecx",&DWP(20,"esi"));
+	&adc	("ebx",0);
+	&mov	(&DWP(12,"edi"),"eax");
+	&adc	("ecx",0);
+	&mov	(&DWP(16,"edi"),"ebx");
+	&mov	(&DWP(20,"edi"),"ecx");
+
+	&mov	("eax",&DWP(24,"esi"));
+	&mov	("ebx",&DWP(28,"esi"));
+	&adc	("eax","ebp");
+	&adc	("ebx","edx");
+	&mov	(&DWP(24,"edi"),"eax");
+	&sbb	("esi","esi");			# broadcast carry bit
+	&mov	(&DWP(28,"edi"),"ebx");
+
+	# ret = tmp >> 1
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&mov	("ecx",&DWP(8,"edi"));
+	&mov	("edx",&DWP(12,"edi"));
+
+	&shr	("eax",1);
+	&mov	("ebp","ebx");
+	&shl	("ebx",31);
+	&or	("eax","ebx");
+
+	&shr	("ebp",1);
+	&mov	("ebx","ecx");
+	&shl	("ecx",31);
+	&mov	(&DWP(0,"edi"),"eax");
+	&or	("ebp","ecx");
+	&mov	("eax",&DWP(16,"edi"));
+
+	&shr	("ebx",1);
+	&mov	("ecx","edx");
+	&shl	("edx",31);
+	&mov	(&DWP(4,"edi"),"ebp");
+	&or	("ebx","edx");
+	&mov	("ebp",&DWP(20,"edi"));
+
+	&shr	("ecx",1);
+	&mov	("edx","eax");
+	&shl	("eax",31);
+	&mov	(&DWP(8,"edi"),"ebx");
+	&or	("ecx","eax");
+	&mov	("ebx",&DWP(24,"edi"));
+
+	&shr	("edx",1);
+	&mov	("eax","ebp");
+	&shl	("ebp",31);
+	&mov	(&DWP(12,"edi"),"ecx");
+	&or	("edx","ebp");
+	&mov	("ecx",&DWP(28,"edi"));
+
+	&shr	("eax",1);
+	&mov	("ebp","ebx");
+	&shl	("ebx",31);
+	&mov	(&DWP(16,"edi"),"edx");
+	&or	("eax","ebx");
+
+	&shr	("ebp",1);
+	&mov	("ebx","ecx");
+	&shl	("ecx",31);
+	&mov	(&DWP(20,"edi"),"eax");
+	&or	("ebp","ecx");
+
+	&shr	("ebx",1);
+	&shl	("esi",31);
+	&mov	(&DWP(24,"edi"),"ebp");
+	&or	("ebx","esi");			# handle top-most carry bit
+	&mov	(&DWP(28,"edi"),"ebx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_div_by_2");
+
+########################################################################
+# void ecp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_add");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");
+&function_end("ecp_nistz256_add");
+
+&function_begin_B("_ecp_nistz256_add");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&add	("eax",&DWP(0,"ebp"));
+	&mov	("edx",&DWP(12,"esi"));
+	&adc	("ebx",&DWP(4,"ebp"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx",&DWP(8,"ebp"));
+	&mov	(&DWP(4,"edi"),"ebx");
+	&adc	("edx",&DWP(12,"ebp"));
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&adc	("eax",&DWP(16,"ebp"));
+	&mov	("edx",&DWP(28,"esi"));
+	&adc	("ebx",&DWP(20,"ebp"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&adc	("ecx",&DWP(24,"ebp"));
+	&mov	(&DWP(20,"edi"),"ebx");
+	&mov	("esi",0);
+	&adc	("edx",&DWP(28,"ebp"));
+	&mov	(&DWP(24,"edi"),"ecx");
+	&adc	("esi",0);
+	&mov	(&DWP(28,"edi"),"edx");
+
+	# if a+b >= modulus, subtract modulus.
+	#
+	# But since comparison implies subtraction, we subtract modulus
+	# to see if it borrows, and then subtract it for real if
+	# subtraction didn't borrow.
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&mov	("ecx",&DWP(8,"edi"));
+	&sub	("eax",-1);
+	&mov	("edx",&DWP(12,"edi"));
+	&sbb	("ebx",-1);
+	&mov	("eax",&DWP(16,"edi"));
+	&sbb	("ecx",-1);
+	&mov	("ebx",&DWP(20,"edi"));
+	&sbb	("edx",0);
+	&mov	("ecx",&DWP(24,"edi"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&sbb	("ebx",0);
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("esi",0);
+
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# by using borrow.
+
+	&not	("esi");
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebp","esi");
+	&mov	("ebx",&DWP(4,"edi"));
+	&shr	("ebp",31);
+	&mov	("ecx",&DWP(8,"edi"));
+	&sub	("eax","esi");
+	&mov	("edx",&DWP(12,"edi"));
+	&sbb	("ebx","esi");
+	&mov	(&DWP(0,"edi"),"eax");
+	&sbb	("ecx","esi");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&sbb	("edx",0);
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"edi"));
+	&mov	("ebx",&DWP(20,"edi"));
+	&mov	("ecx",&DWP(24,"edi"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&sbb	("ebx",0);
+	&mov	(&DWP(16,"edi"),"eax");
+	&sbb	("ecx","ebp");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&sbb	("edx","esi");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_add");
+
+########################################################################
+# void ecp_nistz256_sub(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_sub");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_sub");
+&function_end("ecp_nistz256_sub");
+
+&function_begin_B("_ecp_nistz256_sub");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&sub	("eax",&DWP(0,"ebp"));
+	&mov	("edx",&DWP(12,"esi"));
+	&sbb	("ebx",&DWP(4,"ebp"));
+	&mov	(&DWP(0,"edi"),"eax");
+	&sbb	("ecx",&DWP(8,"ebp"));
+	&mov	(&DWP(4,"edi"),"ebx");
+	&sbb	("edx",&DWP(12,"ebp"));
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&sbb	("eax",&DWP(16,"ebp"));
+	&mov	("edx",&DWP(28,"esi"));
+	&sbb	("ebx",&DWP(20,"ebp"));
+	&sbb	("ecx",&DWP(24,"ebp"));
+	&mov	(&DWP(16,"edi"),"eax");
+	&sbb	("edx",&DWP(28,"ebp"));
+	&mov	(&DWP(20,"edi"),"ebx");
+	&sbb	("esi","esi");			# broadcast borrow bit
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	# if a-b borrows, add modulus.
+	#
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebp","esi");
+	&mov	("ebx",&DWP(4,"edi"));
+	&shr	("ebp",31);
+	&mov	("ecx",&DWP(8,"edi"));
+	&add	("eax","esi");
+	&mov	("edx",&DWP(12,"edi"));
+	&adc	("ebx","esi");
+	&mov	(&DWP(0,"edi"),"eax");
+	&adc	("ecx","esi");
+	&mov	(&DWP(4,"edi"),"ebx");
+	&adc	("edx",0);
+	&mov	(&DWP(8,"edi"),"ecx");
+	&mov	(&DWP(12,"edi"),"edx");
+
+	&mov	("eax",&DWP(16,"edi"));
+	&mov	("ebx",&DWP(20,"edi"));
+	&mov	("ecx",&DWP(24,"edi"));
+	&adc	("eax",0);
+	&mov	("edx",&DWP(28,"edi"));
+	&adc	("ebx",0);
+	&mov	(&DWP(16,"edi"),"eax");
+	&adc	("ecx","ebp");
+	&mov	(&DWP(20,"edi"),"ebx");
+	&adc	("edx","esi");
+	&mov	(&DWP(24,"edi"),"ecx");
+	&mov	(&DWP(28,"edi"),"edx");
+
+	&ret	();
+&function_end_B("_ecp_nistz256_sub");
+
+########################################################################
+# void ecp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_neg");
+	&mov	("ebp",&wparam(1));
+	&mov	("edi",&wparam(0));
+
+	&xor	("eax","eax");
+	&stack_push(8);
+	&mov	(&DWP(0,"esp"),"eax");
+	&mov	("esi","esp");
+	&mov	(&DWP(4,"esp"),"eax");
+	&mov	(&DWP(8,"esp"),"eax");
+	&mov	(&DWP(12,"esp"),"eax");
+	&mov	(&DWP(16,"esp"),"eax");
+	&mov	(&DWP(20,"esp"),"eax");
+	&mov	(&DWP(24,"esp"),"eax");
+	&mov	(&DWP(28,"esp"),"eax");
+	
+	&call	("_ecp_nistz256_sub");
+
+	&stack_pop(8);
+&function_end("ecp_nistz256_neg");
+
+&function_begin_B("_picup_eax");
+	&mov	("eax",&DWP(0,"esp"));
+	&ret	();
+&function_end_B("_picup_eax");
+
+########################################################################
+# void ecp_nistz256_to_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_to_mont");
+	&mov	("esi",&wparam(1));
+	&call	("_picup_eax");
+    &set_label("pic");
+	&lea	("ebp",&DWP(&label("RR")."-".&label("pic"),"eax"));
+						if ($sse2) {
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_to_mont");
+
+########################################################################
+# void ecp_nistz256_from_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_from_mont");
+	&mov	("esi",&wparam(1));
+	&call	("_picup_eax");
+    &set_label("pic");
+	&lea	("ebp",&DWP(&label("ONE")."-".&label("pic"),"eax"));
+						if ($sse2) {
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_from_mont");
+
+########################################################################
+# void ecp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8],
+#					     const BN_ULONG ebp[8]);
+&function_begin("ecp_nistz256_mul_mont");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_mul_mont");
+
+########################################################################
+# void ecp_nistz256_sqr_mont(BN_ULONG edi[8],const BN_ULONG esi[8]);
+&function_begin("ecp_nistz256_sqr_mont");
+	&mov	("esi",&wparam(1));
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("eax",&DWP(0,"eax"));		}
+	&mov	("edi",&wparam(0));
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_mul_mont");
+&function_end("ecp_nistz256_sqr_mont");
+
+&function_begin_B("_ecp_nistz256_mul_mont");
+						if ($sse2) {
+	&and	("eax",1<<24|1<<26);
+	&cmp	("eax",1<<24|1<<26);		# see if XMM+SSE2 is on
+	&jne	(&label("mul_mont_ialu"));
+
+	########################################
+	# SSE2 code path featuring 32x16-bit
+	# multiplications is ~2x faster than
+	# IALU counterpart (except on Atom)...
+	########################################
+	# stack layout:
+	# +------------------------------------+< %esp
+	# | 7 16-byte temporary XMM words,     |
+	# | "sliding" toward lower address     |
+	# .                                    .
+	# +------------------------------------+
+	# | unused XMM word                    |
+	# +------------------------------------+< +128,%ebx
+	# | 8 16-byte XMM words holding copies |
+	# | of a[i]<<64|a[i]                   |
+	# .                                    .
+	# .                                    .
+	# +------------------------------------+< +256
+	&mov	("edx","esp");
+	&sub	("esp",0x100);
+
+	&movd	("xmm7",&DWP(0,"ebp"));		# b[0] -> 0000.00xy
+	&lea	("ebp",&DWP(4,"ebp"));
+	&pcmpeqd("xmm6","xmm6");
+	&psrlq	("xmm6",48);			# compose 0xffff<<64|0xffff
+
+	&pshuflw("xmm7","xmm7",0b11011100);	# 0000.00xy -> 0000.0x0y
+	&and	("esp",-64);
+	&pshufd	("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+	&lea	("ebx",&DWP(0x80,"esp"));
+
+	&movd	("xmm0",&DWP(4*0,"esi"));	# a[0] -> 0000.00xy
+	&pshufd	("xmm0","xmm0",0b11001100);	# 0000.00xy -> 00xy.00xy
+	&movd	("xmm1",&DWP(4*1,"esi"));	# a[1] -> ...
+	&movdqa	(&QWP(0x00,"ebx"),"xmm0");	# offload converted a[0]
+	&pmuludq("xmm0","xmm7");		# a[0]*b[0]
+
+	&movd	("xmm2",&DWP(4*2,"esi"));
+	&pshufd	("xmm1","xmm1",0b11001100);
+	&movdqa	(&QWP(0x10,"ebx"),"xmm1");
+	&pmuludq("xmm1","xmm7");		# a[1]*b[0]
+
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 32 bits of a[0]*b[0]
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[0]
+
+	# Upper half of a[0]*b[i] is carried into next multiplication
+	# iteration, while lower one "participates" in actual reduction.
+	# Normally latter is done by accumulating result of multiplication
+	# of modulus by "magic" digit, but thanks to special form of modulus
+	# and "magic" digit it can be performed only with additions and
+	# subtractions (see note in IALU section below). Note that we are
+	# not bothered with carry bits, they are accumulated in "flatten"
+	# phase after all multiplications and reductions.
+
+	&movd	("xmm3",&DWP(4*3,"esi"));
+	&pshufd	("xmm2","xmm2",0b11001100);
+	&movdqa	(&QWP(0x20,"ebx"),"xmm2");
+	&pmuludq("xmm2","xmm7");		# a[2]*b[0]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[0]+hw(a[0]*b[0]), carry
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");	# t[0]
+
+	&movd	("xmm0",&DWP(4*4,"esi"));
+	&pshufd	("xmm3","xmm3",0b11001100);
+	&movdqa	(&QWP(0x30,"ebx"),"xmm3");
+	&pmuludq("xmm3","xmm7");		# a[3]*b[0]
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+
+	&movd	("xmm1",&DWP(4*5,"esi"));
+	&pshufd	("xmm0","xmm0",0b11001100);
+	&movdqa	(&QWP(0x40,"ebx"),"xmm0");
+	&pmuludq("xmm0","xmm7");		# a[4]*b[0]
+	 &paddq	("xmm3","xmm5");		# a[3]*b[0]+lw(a[0]*b[0]), reduction step
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+
+	&movd	("xmm2",&DWP(4*6,"esi"));
+	&pshufd	("xmm1","xmm1",0b11001100);
+	&movdqa	(&QWP(0x50,"ebx"),"xmm1");
+	&pmuludq("xmm1","xmm7");		# a[5]*b[0]
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movd	("xmm3",&DWP(4*7,"esi"));
+	&pshufd	("xmm2","xmm2",0b11001100);
+	&movdqa	(&QWP(0x60,"ebx"),"xmm2");
+	&pmuludq("xmm2","xmm7");		# a[6]*b[0]
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+
+	&movd	("xmm0",&DWP(0,"ebp"));		# b[1] -> 0000.00xy
+	&pshufd	("xmm3","xmm3",0b11001100);
+	&movdqa	(&QWP(0x70,"ebx"),"xmm3");
+	&pmuludq("xmm3","xmm7");		# a[7]*b[0]
+
+	&pshuflw("xmm7","xmm0",0b11011100);	# 0000.00xy -> 0000.0x0y
+	&movdqa	("xmm0",&QWP(0x00,"ebx"));	# pre-load converted a[0]
+	&pshufd	("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+
+	&mov	("ecx",6);
+	&lea	("ebp",&DWP(4,"ebp"));
+	&jmp	(&label("madd_sse2"));
+
+&set_label("madd_sse2",16);
+	 &paddq	("xmm2","xmm5");		# a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled]
+	 &paddq	("xmm3","xmm4");		# a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled]
+	&movdqa	("xmm1",&QWP(0x10,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[0]*b[i]
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+
+	&movdqa	("xmm2",&QWP(0x20,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[1]*b[i]
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+	&paddq	("xmm0",&QWP(0x00,"esp"));
+
+	&movdqa	("xmm3",&QWP(0x30,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[2]*b[i]
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	&paddq	("xmm1",&QWP(0x10,"esp"));
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 33 bits of a[0]*b[i]+t[0]
+
+	&movdqa	("xmm0",&QWP(0x40,"ebx"));
+	&pmuludq("xmm3","xmm7");		# a[3]*b[i]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[i]+hw(a[0]*b[i]), carry
+	&paddq	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");
+
+	&movdqa	("xmm1",&QWP(0x50,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[4]*b[i]
+	&paddq	("xmm3",&QWP(0x30,"esp"));
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[i]
+
+	&movdqa	("xmm2",&QWP(0x60,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[5]*b[i]
+	 &paddq	("xmm3","xmm5");		# a[3]*b[i]+lw(a[0]*b[i]), reduction step
+	&paddq	("xmm0",&QWP(0x40,"esp"));
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movdqa	("xmm3","xmm7");
+	&pmuludq("xmm2","xmm7");		# a[6]*b[i]
+	 &movd	("xmm7",&DWP(0,"ebp"));		# b[i++] -> 0000.00xy
+	 &lea	("ebp",&DWP(4,"ebp"));
+	&paddq	("xmm1",&QWP(0x50,"esp"));
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+	 &pshuflw("xmm7","xmm7",0b11011100);	# 0000.00xy -> 0000.0x0y
+
+	&pmuludq("xmm3",&QWP(0x70,"ebx"));	# a[7]*b[i]
+	 &pshufd("xmm7","xmm7",0b11011100);	# 0000.0x0y -> 000x.000y
+	 &movdqa("xmm0",&QWP(0x00,"ebx"));	# pre-load converted a[0]
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	&paddq	("xmm2",&QWP(0x60,"esp"));
+
+	&dec	("ecx");
+	&jnz	(&label("madd_sse2"));
+
+	 &paddq	("xmm2","xmm5");		# a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled]
+	 &paddq	("xmm3","xmm4");		# a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled]
+	&movdqa	("xmm1",&QWP(0x10,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[0]*b[7]
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+
+	&movdqa	("xmm2",&QWP(0x20,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[1]*b[7]
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+	&paddq	("xmm0",&QWP(0x00,"esp"));
+
+	&movdqa	("xmm3",&QWP(0x30,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[2]*b[7]
+	 &movq	("xmm4","xmm0");		# clear upper 64 bits
+	 &pslldq("xmm4",6);
+	&paddq	("xmm1",&QWP(0x10,"esp"));
+	 &paddq	("xmm4","xmm0");
+	 &movdqa("xmm5","xmm4");
+	 &psrldq("xmm4",10);			# upper 33 bits of a[0]*b[i]+t[0]
+
+	&movdqa	("xmm0",&QWP(0x40,"ebx"));
+	&pmuludq("xmm3","xmm7");		# a[3]*b[7]
+	 &paddq	("xmm1","xmm4");		# a[1]*b[7]+hw(a[0]*b[7]), carry
+	&paddq	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	(&QWP(0x00,"esp"),"xmm1");
+
+	&movdqa	("xmm1",&QWP(0x50,"ebx"));
+	&pmuludq("xmm0","xmm7");		# a[4]*b[7]
+	&paddq	("xmm3",&QWP(0x30,"esp"));
+	&movdqa	(&QWP(0x10,"esp"),"xmm2");
+	 &pand	("xmm5","xmm6");		# lower 32 bits of a[0]*b[i]
+
+	&movdqa	("xmm2",&QWP(0x60,"ebx"));
+	&pmuludq("xmm1","xmm7");		# a[5]*b[7]
+	 &paddq	("xmm3","xmm5");		# reduction step
+	&paddq	("xmm0",&QWP(0x40,"esp"));
+	&movdqa	(&QWP(0x20,"esp"),"xmm3");
+	 &pshufd("xmm4","xmm5",0b10110001);	# xmm4 = xmm5<<32, reduction step
+
+	&movdqa	("xmm3",&QWP(0x70,"ebx"));
+	&pmuludq("xmm2","xmm7");		# a[6]*b[7]
+	&paddq	("xmm1",&QWP(0x50,"esp"));
+	 &psubq	("xmm4","xmm5");		# xmm4 = xmm5*0xffffffff, reduction step
+	&movdqa	(&QWP(0x30,"esp"),"xmm0");
+
+	&pmuludq("xmm3","xmm7");		# a[7]*b[7]
+	&pcmpeqd("xmm7","xmm7");
+	&movdqa	("xmm0",&QWP(0x00,"esp"));
+	&pslldq	("xmm7",8);
+	&movdqa	(&QWP(0x40,"esp"),"xmm1");
+	&paddq	("xmm2",&QWP(0x60,"esp"));
+
+	 &paddq	("xmm2","xmm5");		# a[6]*b[7]+lw(a[0]*b[7]), reduction step
+	 &paddq	("xmm3","xmm4");		# a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step
+	 &movdqa(&QWP(0x50,"esp"),"xmm2");
+	 &movdqa(&QWP(0x60,"esp"),"xmm3");
+
+	&movdqa	("xmm1",&QWP(0x10,"esp"));
+	&movdqa	("xmm2",&QWP(0x20,"esp"));
+	&movdqa	("xmm3",&QWP(0x30,"esp"));
+
+	&movq	("xmm4","xmm0");		# "flatten"
+	&pand	("xmm0","xmm7");
+	&xor	("ebp","ebp");
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm1");
+	&paddq	("xmm0","xmm4");
+	 &pand	("xmm1","xmm7");
+	&psrldq	("xmm0",6);
+	&movd	("eax","xmm0");
+	&psrldq	("xmm0",4);
+
+	&paddq	("xmm5","xmm0");
+	&movdqa	("xmm0",&QWP(0x40,"esp"));
+	&sub	("eax",-1);			# start subtracting modulus,
+						# this is used to determine
+						# if result is larger/smaller
+						# than modulus (see below)
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm2");
+	&paddq	("xmm1","xmm5");
+	 &pand	("xmm2","xmm7");
+	&psrldq	("xmm1",6);
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&movd	("eax","xmm1");
+	&psrldq	("xmm1",4);
+
+	&paddq	("xmm4","xmm1");
+	&movdqa	("xmm1",&QWP(0x50,"esp"));
+	&sbb	("eax",-1);
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm3");
+	&paddq	("xmm2","xmm4");
+	 &pand	("xmm3","xmm7");
+	&psrldq	("xmm2",6);
+	&mov	(&DWP(4*1,"edi"),"eax");
+	&movd	("eax","xmm2");
+	&psrldq	("xmm2",4);
+
+	&paddq	("xmm5","xmm2");
+	&movdqa	("xmm2",&QWP(0x60,"esp"));
+	&sbb	("eax",-1);
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm0");
+	&paddq	("xmm3","xmm5");
+	 &pand	("xmm0","xmm7");
+	&psrldq	("xmm3",6);
+	&mov	(&DWP(4*2,"edi"),"eax");
+	&movd	("eax","xmm3");
+	&psrldq	("xmm3",4);
+
+	&paddq	("xmm4","xmm3");
+	&sbb	("eax",0);
+	&pslldq	("xmm4",6);
+	 &movq	("xmm5","xmm1");
+	&paddq	("xmm0","xmm4");
+	 &pand	("xmm1","xmm7");
+	&psrldq	("xmm0",6);
+	&mov	(&DWP(4*3,"edi"),"eax");
+	&movd	("eax","xmm0");
+	&psrldq	("xmm0",4);
+
+	&paddq	("xmm5","xmm0");
+	&sbb	("eax",0);
+	&pslldq	("xmm5",6);
+	 &movq	("xmm4","xmm2");
+	&paddq	("xmm1","xmm5");
+	 &pand	("xmm2","xmm7");
+	&psrldq	("xmm1",6);
+	&movd	("ebx","xmm1");
+	&psrldq	("xmm1",4);
+	&mov	("esp","edx");
+
+	&paddq	("xmm4","xmm1");
+	&pslldq	("xmm4",6);
+	&paddq	("xmm2","xmm4");
+	&psrldq	("xmm2",6);
+	&movd	("ecx","xmm2");
+	&psrldq	("xmm2",4);
+	&sbb	("ebx",0);
+	&movd	("edx","xmm2");
+	&pextrw	("esi","xmm2",2);		# top-most overflow bit
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("esi",0);			# borrow from subtraction
+
+	# Final step is "if result > mod, subtract mod", and at this point
+	# we have result - mod written to output buffer, as well as borrow
+	# bit from this subtraction, and if borrow bit is set, we add
+	# modulus back.
+	#
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&sub	("ebp","esi");
+	&add	(&DWP(4*0,"edi"),"esi");	# add modulus or zero
+	&adc	(&DWP(4*1,"edi"),"esi");
+	&adc	(&DWP(4*2,"edi"),"esi");
+	&adc	(&DWP(4*3,"edi"),0);
+	&adc	("eax",0);
+	&adc	("ebx",0);
+	&mov	(&DWP(4*4,"edi"),"eax");
+	&adc	("ecx","ebp");
+	&mov	(&DWP(4*5,"edi"),"ebx");
+	&adc	("edx","esi");
+	&mov	(&DWP(4*6,"edi"),"ecx");
+	&mov	(&DWP(4*7,"edi"),"edx");
+
+	&ret	();
+
+&set_label("mul_mont_ialu",16);			}
+
+	########################################
+	# IALU code path suitable for all CPUs.
+	########################################
+	# stack layout:
+	# +------------------------------------+< %esp
+	# | 8 32-bit temporary words, accessed |
+	# | as circular buffer                 |
+	# .                                    .
+	# .                                    .
+	# +------------------------------------+< +32
+	# | offloaded destination pointer      |
+	# +------------------------------------+
+	# | unused                             |
+	# +------------------------------------+< +40
+	&sub	("esp",10*4);
+
+	&mov	("eax",&DWP(0*4,"esi"));		# a[0]
+	&mov	("ebx",&DWP(0*4,"ebp"));		# b[0]
+	&mov	(&DWP(8*4,"esp"),"edi");		# off-load dst ptr
+
+	&mul	("ebx");				# a[0]*b[0]
+	&mov	(&DWP(0*4,"esp"),"eax");		# t[0]
+	&mov	("eax",&DWP(1*4,"esi"));
+	&mov	("ecx","edx")
+
+	&mul	("ebx");				# a[1]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(2*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(1*4,"esp"),"ecx");		# t[1]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[2]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(3*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(2*4,"esp"),"ecx");		# t[2]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[3]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(4*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(3*4,"esp"),"ecx");		# t[3]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[4]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(5*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(4*4,"esp"),"ecx");		# t[4]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[5]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(6*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(5*4,"esp"),"ecx");		# t[5]
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[6]*b[0]
+	&add	("ecx","eax");
+	&mov	("eax",&DWP(7*4,"esi"));
+	&adc	("edx",0);
+	&mov	(&DWP(6*4,"esp"),"ecx");		# t[6]
+	&mov	("ecx","edx");
+
+	&xor	("edi","edi");				# initial top-most carry
+	&mul	("ebx");				# a[7]*b[0]
+	&add	("ecx","eax");				# t[7]
+	&mov	("eax",&DWP(0*4,"esp"));		# t[0]
+	&adc	("edx",0);				# t[8]
+
+for ($i=0;$i<7;$i++) {
+	my $j=$i+1;
+
+	# Reduction iteration is normally performed by accumulating
+	# result of multiplication of modulus by "magic" digit [and
+	# omitting least significant word, which is guaranteed to
+	# be 0], but thanks to special form of modulus and "magic"
+	# digit being equal to least significant word, it can be
+	# performed with additions and subtractions alone. Indeed:
+	#
+	#        ffff.0001.0000.0000.0000.ffff.ffff.ffff
+	# *                                         abcd
+	# + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	#
+	# Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we
+	# rewrite above as:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd
+	# + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000
+	# -      abcd.0000.0000.0000.0000.0000.0000.abcd
+	#
+	# or marking redundant operations:
+	#
+	#   xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.----
+	# + abcd.0000.abcd.0000.0000.abcd.----.----.----
+	# -      abcd.----.----.----.----.----.----.----
+
+	&add	(&DWP((($i+3)%8)*4,"esp"),"eax");	# t[3]+=t[0]
+	&adc	(&DWP((($i+4)%8)*4,"esp"),0);		# t[4]+=0
+	&adc	(&DWP((($i+5)%8)*4,"esp"),0);		# t[5]+=0
+	&adc	(&DWP((($i+6)%8)*4,"esp"),"eax");	# t[6]+=t[0]
+	&adc	("ecx",0);				# t[7]+=0
+	&adc	("edx","eax");				# t[8]+=t[0]
+	&adc	("edi",0);				# top-most carry
+	 &mov	("ebx",&DWP($j*4,"ebp"));		# b[i]
+	&sub	("ecx","eax");				# t[7]-=t[0]
+	 &mov	("eax",&DWP(0*4,"esi"));		# a[0]
+	&sbb	("edx",0);				# t[8]-=0
+	&mov	(&DWP((($i+7)%8)*4,"esp"),"ecx");
+	&sbb	("edi",0);				# top-most carry,
+							# keep in mind that
+							# netto result is
+							# *addition* of value
+							# with (abcd<<32)-abcd
+							# on top, so that
+							# underflow is
+							# impossible, because
+							# (abcd<<32)-abcd
+							# doesn't underflow
+	&mov	(&DWP((($i+8)%8)*4,"esp"),"edx");
+
+	&mul	("ebx");				# a[0]*b[i]
+	&add	("eax",&DWP((($j+0)%8)*4,"esp"));
+	&adc	("edx",0);
+	&mov	(&DWP((($j+0)%8)*4,"esp"),"eax");
+	&mov	("eax",&DWP(1*4,"esi"));
+	&mov	("ecx","edx")
+
+	&mul	("ebx");				# a[1]*b[i]
+	&add	("ecx",&DWP((($j+1)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(2*4,"esi"));
+	&mov	(&DWP((($j+1)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[2]*b[i]
+	&add	("ecx",&DWP((($j+2)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(3*4,"esi"));
+	&mov	(&DWP((($j+2)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[3]*b[i]
+	&add	("ecx",&DWP((($j+3)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(4*4,"esi"));
+	&mov	(&DWP((($j+3)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[4]*b[i]
+	&add	("ecx",&DWP((($j+4)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(5*4,"esi"));
+	&mov	(&DWP((($j+4)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[5]*b[i]
+	&add	("ecx",&DWP((($j+5)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(6*4,"esi"));
+	&mov	(&DWP((($j+5)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[6]*b[i]
+	&add	("ecx",&DWP((($j+6)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");
+	&adc	("edx",0);
+	&mov	("eax",&DWP(7*4,"esi"));
+	&mov	(&DWP((($j+6)%8)*4,"esp"),"ecx");
+	&mov	("ecx","edx");
+
+	&mul	("ebx");				# a[7]*b[i]
+	&add	("ecx",&DWP((($j+7)%8)*4,"esp"));
+	&adc	("edx",0);
+	&add	("ecx","eax");				# t[7]
+	&mov	("eax",&DWP((($j+0)%8)*4,"esp"));	# t[0]
+	&adc	("edx","edi");				# t[8]
+	&mov	("edi",0);
+	&adc	("edi",0);				# top-most carry
+}
+	&mov	("ebp",&DWP(8*4,"esp"));		# restore dst ptr
+	&xor	("esi","esi");
+	my $j=$i+1;
+
+	# last multiplication-less reduction
+	&add	(&DWP((($i+3)%8)*4,"esp"),"eax");	# t[3]+=t[0]
+	&adc	(&DWP((($i+4)%8)*4,"esp"),0);		# t[4]+=0
+	&adc	(&DWP((($i+5)%8)*4,"esp"),0);		# t[5]+=0
+	&adc	(&DWP((($i+6)%8)*4,"esp"),"eax");	# t[6]+=t[0]
+	&adc	("ecx",0);				# t[7]+=0
+	&adc	("edx","eax");				# t[8]+=t[0]
+	&adc	("edi",0);				# top-most carry
+	 &mov	("ebx",&DWP((($j+1)%8)*4,"esp"));
+	&sub	("ecx","eax");				# t[7]-=t[0]
+	 &mov	("eax",&DWP((($j+0)%8)*4,"esp"));
+	&sbb	("edx",0);				# t[8]-=0
+	&mov	(&DWP((($i+7)%8)*4,"esp"),"ecx");
+	&sbb	("edi",0);				# top-most carry
+	&mov	(&DWP((($i+8)%8)*4,"esp"),"edx");
+
+	# Final step is "if result > mod, subtract mod", but we do it
+	# "other way around", namely write result - mod to output buffer
+	# and if subtraction borrowed, add modulus back.
+
+	&mov	("ecx",&DWP((($j+2)%8)*4,"esp"));
+	&sub	("eax",-1);
+	&mov	("edx",&DWP((($j+3)%8)*4,"esp"));
+	&sbb	("ebx",-1);
+	&mov	(&DWP(0*4,"ebp"),"eax");
+	&sbb	("ecx",-1);
+	&mov	(&DWP(1*4,"ebp"),"ebx");
+	&sbb	("edx",0);
+	&mov	(&DWP(2*4,"ebp"),"ecx");
+	&mov	(&DWP(3*4,"ebp"),"edx");
+
+	&mov	("eax",&DWP((($j+4)%8)*4,"esp"));
+	&mov	("ebx",&DWP((($j+5)%8)*4,"esp"));
+	&mov	("ecx",&DWP((($j+6)%8)*4,"esp"));
+	&sbb	("eax",0);
+	&mov	("edx",&DWP((($j+7)%8)*4,"esp"));
+	&sbb	("ebx",0);
+	&sbb	("ecx",1);
+	&sbb	("edx",-1);
+	&sbb	("edi",0);
+
+	# Note that because mod has special form, i.e. consists of
+	# 0xffffffff, 1 and 0s, we can conditionally synthesize it by
+	# assigning borrow bit to one register, %ebp, and its negative
+	# to another, %esi. But we started by calculating %esi...
+
+	&sub	("esi","edi");
+	&add	(&DWP(0*4,"ebp"),"edi");		# add modulus or zero
+	&adc	(&DWP(1*4,"ebp"),"edi");
+	&adc	(&DWP(2*4,"ebp"),"edi");
+	&adc	(&DWP(3*4,"ebp"),0);
+	&adc	("eax",0);
+	&adc	("ebx",0);
+	&mov	(&DWP(4*4,"ebp"),"eax");
+	&adc	("ecx","esi");
+	&mov	(&DWP(5*4,"ebp"),"ebx");
+	&adc	("edx","edi");
+	&mov	(&DWP(6*4,"ebp"),"ecx");
+	&mov	("edi","ebp");				# fulfill contract
+	&mov	(&DWP(7*4,"ebp"),"edx");
+
+	&add	("esp",10*4);
+	&ret	();
+&function_end_B("_ecp_nistz256_mul_mont");
+
+########################################################################
+# void ecp_nistz256_scatter_w5(void *edi,const P256_POINT *esi,
+#					 int ebp);
+&function_begin("ecp_nistz256_scatter_w5");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("edi",&DWP(128-4,"edi","ebp",4));
+	&mov	("ebp",96/16);
+&set_label("scatter_w5_loop");
+	&mov	("eax",&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&lea	("esi",&DWP(16,"esi"));
+	&mov	(&DWP(64*0-128,"edi"),"eax");
+	&mov	(&DWP(64*1-128,"edi"),"ebx");
+	&mov	(&DWP(64*2-128,"edi"),"ecx");
+	&mov	(&DWP(64*3-128,"edi"),"edx");
+	&lea	("edi",&DWP(64*4,"edi"));
+	&dec	("ebp");
+	&jnz	(&label("scatter_w5_loop"));
+&function_end("ecp_nistz256_scatter_w5");
+
+########################################################################
+# void ecp_nistz256_gather_w5(P256_POINT *edi,const void *esi,
+#					      int ebp);
+&function_begin("ecp_nistz256_gather_w5");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("esi",&DWP(0,"esi","ebp",4));
+	&neg	("ebp");
+	&sar	("ebp",31);
+	&mov	("edi",&wparam(0));
+	&lea	("esi",&DWP(0,"esi","ebp",4));
+
+    for($i=0;$i<24;$i+=4) {
+	&mov	("eax",&DWP(64*($i+0),"esi"));
+	&mov	("ebx",&DWP(64*($i+1),"esi"));
+	&mov	("ecx",&DWP(64*($i+2),"esi"));
+	&mov	("edx",&DWP(64*($i+3),"esi"));
+	&and	("eax","ebp");
+	&and	("ebx","ebp");
+	&and	("ecx","ebp");
+	&and	("edx","ebp");
+	&mov	(&DWP(4*($i+0),"edi"),"eax");
+	&mov	(&DWP(4*($i+1),"edi"),"ebx");
+	&mov	(&DWP(4*($i+2),"edi"),"ecx");
+	&mov	(&DWP(4*($i+3),"edi"),"edx");
+    }
+&function_end("ecp_nistz256_gather_w5");
+
+########################################################################
+# void ecp_nistz256_scatter_w7(void *edi,const P256_POINT_AFFINE *esi,
+#					 int ebp);
+&function_begin("ecp_nistz256_scatter_w7");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&lea	("edi",&DWP(-1,"edi","ebp"));
+	&mov	("ebp",64/4);
+&set_label("scatter_w7_loop");
+	&mov	("eax",&DWP(0,"esi"));
+	&lea	("esi",&DWP(4,"esi"));
+	&mov	(&BP(64*0,"edi"),"al");
+	&mov	(&BP(64*1,"edi"),"ah");
+	&shr	("eax",16);
+	&mov	(&BP(64*2,"edi"),"al");
+	&mov	(&BP(64*3,"edi"),"ah");
+	&lea	("edi",&DWP(64*4,"edi"));
+	&dec	("ebp");
+	&jnz	(&label("scatter_w7_loop"));
+&function_end("ecp_nistz256_scatter_w7");
+
+########################################################################
+# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *edi,const void *esi,
+#						     int ebp);
+&function_begin("ecp_nistz256_gather_w7");
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&wparam(2));
+
+	&add	("esi","ebp");
+	&neg	("ebp"),
+	&sar	("ebp",31);
+	&mov	("edi",&wparam(0));
+	&lea	("esi",&DWP(0,"esi","ebp"));
+
+    for($i=0;$i<64;$i+=4) {
+	&movz	("eax",&BP(64*($i+0),"esi"));
+	&movz	("ebx",&BP(64*($i+1),"esi"));
+	&movz	("ecx",&BP(64*($i+2),"esi"));
+	&and	("eax","ebp");
+	&movz	("edx",&BP(64*($i+3),"esi"));
+	&and	("ebx","ebp");
+	&mov	(&BP($i+0,"edi"),"al");
+	&and	("ecx","ebp");
+	&mov	(&BP($i+1,"edi"),"bl");
+	&and	("edx","ebp");
+	&mov	(&BP($i+2,"edi"),"cl");
+	&mov	(&BP($i+3,"edi"),"dl");
+    }
+&function_end("ecp_nistz256_gather_w7");
+
+########################################################################
+# following subroutines are "literal" implementation of those found in
+# ecp_nistz256.c
+#
+########################################################################
+# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp);
+#
+&static_label("point_double_shortcut");
+&function_begin("ecp_nistz256_point_double");
+{   my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+
+	&mov	("esi",&wparam(1));
+
+	# above map() describes stack layout with 5 temporary
+	# 256-bit vectors on top, then we take extra word for
+	# OPENSSL_ia32cap_P copy.
+	&stack_push(8*5+1);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+&set_label("point_double_shortcut");
+	&mov	("eax",&DWP(0,"esi"));		# copy in_x
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edx",&DWP(12,"esi"));
+	&mov	(&DWP($in_x+0,"esp"),"eax");
+	&mov	(&DWP($in_x+4,"esp"),"ebx");
+	&mov	(&DWP($in_x+8,"esp"),"ecx");
+	&mov	(&DWP($in_x+12,"esp"),"edx");
+	&mov	("eax",&DWP(16,"esi"));
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edx",&DWP(28,"esi"));
+	&mov	(&DWP($in_x+16,"esp"),"eax");
+	&mov	(&DWP($in_x+20,"esp"),"ebx");
+	&mov	(&DWP($in_x+24,"esp"),"ecx");
+	&mov	(&DWP($in_x+28,"esp"),"edx");
+	&mov	(&DWP(32*5,"esp"),"ebp");	# OPENSSL_ia32cap_P copy
+
+	&lea	("ebp",&DWP(32,"esi"));
+	&lea	("esi",&DWP(32,"esi"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(S, in_y);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("esi",64);
+	&add	("esi",&wparam(1));
+	&lea	("edi",&DWP($Zsqr,"esp"));
+	&mov	("ebp","esi");
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Zsqr, in_z);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(S, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("ebp",&wparam(1));
+	&lea	("esi",&DWP(32,"ebp"));
+	&lea	("ebp",&DWP(64,"ebp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(tmp0, in_z, in_y);
+
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_add(M, in_x, Zsqr);
+
+	&mov	("edi",64);
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&lea	("ebp",&DWP($tmp0,"esp"));
+	&add	("edi",&wparam(0));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(res_z, tmp0);
+
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($Zsqr,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(Zsqr, in_x, Zsqr);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(tmp0, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($Zsqr,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(M, M, Zsqr);
+
+	&mov	("edi",32);
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&add	("edi",&wparam(0));
+	&call	("_ecp_nistz256_div_by_2");	# p256_div_by_2(res_y, tmp0);
+
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_add");		# 1/2 p256_mul_by_3(M, M);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in_x,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S, S, in_x);
+
+	&lea	("esi",&DWP($tmp0,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&lea	("edi",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_add");		# 2/2 p256_mul_by_3(M, M);
+
+	&lea	("esi",&DWP($S,"esp"));
+	&lea	("ebp",&DWP($S,"esp"));
+	&lea	("edi",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(tmp0, S);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($M,"esp"));
+	&lea	("ebp",&DWP($M,"esp"));
+	&mov	("edi",&wparam(0));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(res_x, M);
+
+	&mov	("esi","edi");			# %edi is still res_x here
+	&lea	("ebp",&DWP($tmp0,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, tmp0);
+
+	&lea	("esi",&DWP($S,"esp"));
+	&mov	("ebp","edi");			# %edi is still res_x
+	&lea	("edi",&DWP($S,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(S, S, res_x);
+
+	&mov	("eax",&DWP(32*5,"esp"));	# OPENSSL_ia32cap_P copy
+	&mov	("esi","edi");			# %edi is still &S
+	&lea	("ebp",&DWP($M,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S, S, M);
+
+	&mov	("ebp",32);
+	&lea	("esi",&DWP($S,"esp"));
+	&add	("ebp",&wparam(0));
+	&mov	("edi","ebp");
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, S, res_y);
+
+	&stack_pop(8*5+1);
+} &function_end("ecp_nistz256_point_double");
+
+########################################################################
+# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1,
+#					      const P256_POINT *in2);
+&function_begin("ecp_nistz256_point_add");
+{   my ($res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,$in2_z,
+	$H,$Hsqr,$R,$Rsqr,$Hcub,
+	$U1,$U2,$S1,$S2)=map(32*$_,(0..17));
+    my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+	&mov	("esi",&wparam(2));
+
+	# above map() describes stack layout with 18 temporary
+	# 256-bit vectors on top, then we take extra words for
+	# !in1infty, !in2infty, result of check for zero and
+	# OPENSSL_ia32cap_P copy. [one unused word for padding]
+	&stack_push(8*18+5);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+	&lea	("edi",&DWP($in2_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in2
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	(&DWP(32*18+12,"esp"),"ebp")	if ($i==0);
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(1));
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*18+4,"esp"),"ebp");	# !in2infty
+
+	&lea	("edi",&DWP($in1_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in1
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*18+0,"esp"),"ebp");	# !in1infty
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_z,"esp"));
+	&lea	("ebp",&DWP($in2_z,"esp"));
+	&lea	("edi",&DWP($Z2sqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z2sqr, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($Z1sqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Z2sqr,"esp"));
+	&lea	("ebp",&DWP($in2_z,"esp"));
+	&lea	("edi",&DWP($S1,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Z1sqr,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_y,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($S1,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S1, S1, in1_y);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S2, in2_y);
+
+	&lea	("esi",&DWP($S2,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($R,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(R, S2, S1);
+
+	&or	("ebx","eax");			# see if result is zero
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&or	("ebx","ecx");
+	&or	("ebx","edx");
+	&or	("ebx",&DWP(0,"edi"));
+	&or	("ebx",&DWP(4,"edi"));
+	 &lea	("esi",&DWP($in1_x,"esp"));
+	&or	("ebx",&DWP(8,"edi"));
+	 &lea	("ebp",&DWP($Z2sqr,"esp"));
+	&or	("ebx",&DWP(12,"edi"));
+	 &lea	("edi",&DWP($U1,"esp"));
+	&mov	(&DWP(32*18+8,"esp"),"ebx");
+
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_x,"esp"));
+	&lea	("ebp",&DWP($Z1sqr,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U1,"esp"));
+	&lea	("edi",&DWP($H,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(H, U2, U1);
+
+	&or	("eax","ebx");			# see if result is zero
+	&or	("eax","ecx");
+	&or	("eax","edx");
+	&or	("eax",&DWP(0,"edi"));
+	&or	("eax",&DWP(4,"edi"));
+	&or	("eax",&DWP(8,"edi"));
+	&or	("eax",&DWP(12,"edi"));
+
+	&data_byte(0x3e);			# predict taken
+	&jnz	(&label("add_proceed"));	# is_equal(U1,U2)?
+
+	&mov	("eax",&DWP(32*18+0,"esp"));
+	&and	("eax",&DWP(32*18+4,"esp"));
+	&mov	("ebx",&DWP(32*18+8,"esp"));
+	&jz	(&label("add_proceed"));	# (in1infty || in2infty)?
+	&test	("ebx","ebx");
+	&jz	(&label("add_double"));		# is_equal(S1,S2)?
+
+	&mov	("edi",&wparam(0));
+	&xor	("eax","eax");
+	&mov	("ecx",96/4);
+	&data_byte(0xfc,0xf3,0xab);		# cld; stosd
+	&jmp	(&label("add_done"));
+
+&set_label("add_double",16);
+	&mov	("esi",&wparam(1));
+	&mov	("ebp",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&add	("esp",4*((8*18+5)-(8*5+1)));	# difference in frame sizes
+	&jmp	(&label("point_double_shortcut"));
+
+&set_label("add_proceed",16);
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($R,"esp"));
+	&lea	("edi",&DWP($Rsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Rsqr, R);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($in1_z,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, H, in1_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Hsqr, H);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_z,"esp"));
+	&lea	("ebp",&DWP($res_z,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, res_z, in2_z);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hsqr,"esp"));
+	&lea	("ebp",&DWP($U1,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, U1, Hsqr);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($Hcub,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(Hcub, Hsqr, H);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U2,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(Hsqr, U2);
+
+	&lea	("esi",&DWP($Rsqr,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, Rsqr, Hsqr);
+
+	&lea	("esi",&DWP($res_x,"esp"));
+	&lea	("ebp",&DWP($Hcub,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, Hcub);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($res_x,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, U2, res_x);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hcub,"esp"));
+	&lea	("ebp",&DWP($S1,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S1, Hcub);
+
+	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($res_y,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_y, R, res_y);
+
+	&lea	("esi",&DWP($res_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
+
+	&mov	("ebp",&DWP(32*18+0,"esp"));	# !in1infty
+	&mov	("esi",&DWP(32*18+4,"esp"));	# !in2infty
+	&mov	("edi",&wparam(0));
+	&mov	("edx","ebp");
+	&not	("ebp");
+	&and	("edx","esi");
+	&and	("ebp","esi");
+	&not	("esi");
+
+	########################################
+	# conditional moves
+    for($i=64;$i<96;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    for($i=0;$i<64;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    &set_label("add_done");
+	&stack_pop(8*18+5);
+} &function_end("ecp_nistz256_point_add");
+
+########################################################################
+# void ecp_nistz256_point_add_affine(P256_POINT *out,
+#				     const P256_POINT *in1,
+#				     const P256_POINT_AFFINE *in2);
+&function_begin("ecp_nistz256_point_add_affine");
+{
+    my ($res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,
+	$U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14));
+    my $Z1sqr = $S2;
+    my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
+
+	&mov	("esi",&wparam(1));
+
+	# above map() describes stack layout with 15 temporary
+	# 256-bit vectors on top, then we take extra words for
+	# !in1infty, !in2infty, and OPENSSL_ia32cap_P copy.
+	&stack_push(8*15+3);
+						if ($sse2) {
+	&call	("_picup_eax");
+    &set_label("pic");
+	&picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic"));
+	&mov	("ebp",&DWP(0,"edx"));		}
+
+	&lea	("edi",&DWP($in1_x,"esp"));
+    for($i=0;$i<96;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in1
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	(&DWP(32*15+8,"esp"),"ebp")	if ($i==0);
+	&mov	("ebp","eax")			if ($i==64);
+	&or	("ebp","eax")			if ($i>64);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx")			if ($i>=64);
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx")			if ($i>=64);
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx")			if ($i>=64);
+    }
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(2));
+	&sub	("eax","ebp");
+	&or	("ebp","eax");
+	&sar	("ebp",31);
+	&mov	(&DWP(32*15+0,"esp"),"ebp");	# !in1infty
+
+	&lea	("edi",&DWP($in2_x,"esp"));
+    for($i=0;$i<64;$i+=16) {
+	&mov	("eax",&DWP($i+0,"esi"));	# copy in2
+	&mov	("ebx",&DWP($i+4,"esi"));
+	&mov	("ecx",&DWP($i+8,"esi"));
+	&mov	("edx",&DWP($i+12,"esi"));
+	&mov	(&DWP($i+0,"edi"),"eax");
+	&mov	("ebp","eax")			if ($i==0);
+	&or	("ebp","eax")			if ($i!=0);
+	&mov	(&DWP($i+4,"edi"),"ebx");
+	&or	("ebp","ebx");
+	&mov	(&DWP($i+8,"edi"),"ecx");
+	&or	("ebp","ecx");
+	&mov	(&DWP($i+12,"edi"),"edx");
+	&or	("ebp","edx");
+    }
+	&xor	("ebx","ebx");
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&sub	("ebx","ebp");
+	 &lea	("esi",&DWP($in1_z,"esp"));
+	&or	("ebx","ebp");
+	 &lea	("ebp",&DWP($in1_z,"esp"));
+	&sar	("ebx",31);
+	 &lea	("edi",&DWP($Z1sqr,"esp"));
+	&mov	(&DWP(32*15+4,"esp"),"ebx");	# !in2infty
+
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z1sqr, in1_z);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_x,"esp"));
+	&mov	("ebp","edi");			# %esi is stull &Z1sqr
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($Z1sqr,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($in1_x,"esp"));
+	&lea	("edi",&DWP($H,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(H, U2, in1_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in2_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, S2, in2_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_z,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($res_z,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_z, H, in1_z);
+
+	&lea	("esi",&DWP($S2,"esp"));
+	&lea	("ebp",&DWP($in1_y,"esp"));
+	&lea	("edi",&DWP($R,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(R, S2, in1_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($H,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Hsqr, H);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($R,"esp"));
+	&lea	("edi",&DWP($Rsqr,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Rsqr, R);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($in1_x,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($U2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(U2, in1_x, Hsqr);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($H,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($Hcub,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(Hcub, Hsqr, H);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($U2,"esp"));
+	&lea	("edi",&DWP($Hsqr,"esp"));
+	&call	("_ecp_nistz256_add");		# p256_mul_by_2(Hsqr, U2);
+
+	&lea	("esi",&DWP($Rsqr,"esp"));
+	&lea	("ebp",&DWP($Hsqr,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, Rsqr, Hsqr);
+
+	&lea	("esi",&DWP($res_x,"esp"));
+	&lea	("ebp",&DWP($Hcub,"esp"));
+	&lea	("edi",&DWP($res_x,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_x, res_x, Hcub);
+
+	&lea	("esi",&DWP($U2,"esp"));
+	&lea	("ebp",&DWP($res_x,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, U2, res_x);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($Hcub,"esp"));
+	&lea	("ebp",&DWP($in1_y,"esp"));
+	&lea	("edi",&DWP($S2,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(S2, Hcub, in1_y);
+
+	&mov	("eax",&DWP(32*15+8,"esp"));	# OPENSSL_ia32cap_P copy
+	&lea	("esi",&DWP($R,"esp"));
+	&lea	("ebp",&DWP($res_y,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_mul_mont");	# p256_mul_mont(res_y, res_y, R);
+
+	&lea	("esi",&DWP($res_y,"esp"));
+	&lea	("ebp",&DWP($S2,"esp"));
+	&lea	("edi",&DWP($res_y,"esp"));
+	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
+
+	&mov	("ebp",&DWP(32*15+0,"esp"));	# !in1infty
+	&mov	("esi",&DWP(32*15+4,"esp"));	# !in2infty
+	&mov	("edi",&wparam(0));
+	&mov	("edx","ebp");
+	&not	("ebp");
+	&and	("edx","esi");
+	&and	("ebp","esi");
+	&not	("esi");
+
+	########################################
+	# conditional moves
+    for($i=64;$i<96;$i+=4) {
+	my $one=@ONE_mont[($i-64)/4];
+
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp")			if ($one && $one!=-1);
+	&and	("ebx",$one)			if ($one && $one!=-1);
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax",$one==-1?"ebp":"ebx")	if ($one);
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+    for($i=0;$i<64;$i+=4) {
+	&mov	("eax","edx");
+	&and	("eax",&DWP($res_x+$i,"esp"));
+	&mov	("ebx","ebp");
+	&and	("ebx",&DWP($in2_x+$i,"esp"));
+	&mov	("ecx","esi");
+	&and	("ecx",&DWP($in1_x+$i,"esp"));
+	&or	("eax","ebx");
+	&or	("eax","ecx");
+	&mov	(&DWP($i,"edi"),"eax");
+    }
+	&stack_pop(8*15+3);
+} &function_end("ecp_nistz256_point_add_affine");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86_64.pl b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86_64.pl
new file mode 100755
index 0000000..714e852
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -0,0 +1,3083 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+##############################################################################
+#                                                                            #
+# Copyright 2014 Intel Corporation                                           #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you may not use this file except in compliance with the License.           #
+# You may obtain a copy of the License at                                    #
+#                                                                            #
+#    http://www.apache.org/licenses/LICENSE-2.0                              #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#                                                                            #
+##############################################################################
+#                                                                            #
+#  Developers and authors:                                                   #
+#  Shay Gueron (1, 2), and Vlad Krasnov (1)                                  #
+#  (1) Intel Corporation, Israel Development Center                          #
+#  (2) University of Haifa                                                   #
+#  Reference:                                                                #
+#  S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with#
+#                           256 Bit Primes"                                  #
+#                                                                            #
+##############################################################################
+
+# Further optimization by <appro@openssl.org>:
+#
+#		this/original	with/without -DECP_NISTZ256_ASM(*)
+# Opteron	+12-49%		+110-150%
+# Bulldozer	+14-45%		+175-210%
+# P4		+18-46%		n/a :-(
+# Westmere	+12-34%		+80-87%
+# Sandy Bridge	+9-35%		+110-120%
+# Ivy Bridge	+9-35%		+110-125%
+# Haswell	+8-37%		+140-160%
+# Broadwell	+18-58%		+145-210%
+# Atom		+15-50%		+130-180%
+# VIA Nano	+43-160%	+300-480%
+#
+# (*)	"without -DECP_NISTZ256_ASM" refers to build with
+#	"enable-ec_nistp_64_gcc_128";
+#
+# Ranges denote minimum and maximum improvement coefficients depending
+# on benchmark. Lower coefficients are for ECDSA sign, relatively fastest
+# server-side operation. Keep in mind that +100% means 2x improvement.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+	$addx = ($1>=2.23);
+}
+
+if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	$addx = ($1>=2.10);
+}
+
+if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+	$addx = ($1>=12);
+}
+
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
+	$avx = ($ver>=3.0) + ($ver>=3.01);
+	$addx = ($ver>=3.03);
+}
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+# The polynomial
+.align 64
+.Lpoly:
+.quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001
+
+# 2^512 mod P precomputed for NIST P256 polynomial
+.LRR:
+.quad 0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd
+
+.LOne:
+.long 1,1,1,1,1,1,1,1
+.LTwo:
+.long 2,2,2,2,2,2,2,2
+.LThree:
+.long 3,3,3,3,3,3,3,3
+.LONE_mont:
+.quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe
+___
+
+{
+################################################################################
+# void ecp_nistz256_mul_by_2(uint64_t res[4], uint64_t a[4]);
+
+my ($a0,$a1,$a2,$a3)=map("%r$_",(8..11));
+my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rdx","%rcx","%r12","%r13");
+my ($r_ptr,$a_ptr,$b_ptr)=("%rdi","%rsi","%rdx");
+
+$code.=<<___;
+
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,\@function,2
+.align	64
+ecp_nistz256_mul_by_2:
+	push	%r12
+	push	%r13
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4,$t4
+	mov	8*1($a_ptr), $a1
+	add	$a0, $a0		# a0:a3+a0:a3
+	mov	8*2($a_ptr), $a2
+	adc	$a1, $a1
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	sbb	8*3($a_ptr), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop	%r13
+	pop	%r12
+	ret
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+################################################################################
+# void ecp_nistz256_div_by_2(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,\@function,2
+.align	32
+ecp_nistz256_div_by_2:
+	push	%r12
+	push	%r13
+
+	mov	8*0($a_ptr), $a0
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	 mov	$a0, $t0
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	 mov	$a1, $t1
+	xor	$t4, $t4
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	adc	\$0, $t4
+	xor	$a_ptr, $a_ptr		# borrow $a_ptr
+	test	\$1, $t0
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	cmovz	$t2, $a2
+	cmovz	$t3, $a3
+	cmovz	$a_ptr, $t4
+
+	mov	$a1, $t0		# a0:a3>>1
+	shr	\$1, $a0
+	shl	\$63, $t0
+	mov	$a2, $t1
+	shr	\$1, $a1
+	or	$t0, $a0
+	shl	\$63, $t1
+	mov	$a3, $t2
+	shr	\$1, $a2
+	or	$t1, $a1
+	shl	\$63, $t2
+	shr	\$1, $a3
+	shl	\$63, $t4
+	or	$t2, $a2
+	or	$t4, $a3
+
+	mov	$a0, 8*0($r_ptr)
+	mov	$a1, 8*1($r_ptr)
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop	%r13
+	pop	%r12
+	ret
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+################################################################################
+# void ecp_nistz256_mul_by_3(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,\@function,2
+.align	32
+ecp_nistz256_mul_by_3:
+	push	%r12
+	push	%r13
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	add	$a0, $a0		# a0:a3+a0:a3
+	mov	8*2($a_ptr), $a2
+	adc	$a1, $a1
+	mov	8*3($a_ptr), $a3
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	.Lpoly+8*1(%rip), $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	.Lpoly+8*3(%rip), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	cmovc	$t2, $a2
+	cmovc	$t3, $a3
+
+	xor	$t4, $t4
+	add	8*0($a_ptr), $a0	# a0:a3+=a_ptr[0:3]
+	adc	8*1($a_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($a_ptr), $a2
+	adc	8*3($a_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	.Lpoly+8*1(%rip), $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	.Lpoly+8*3(%rip), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop %r13
+	pop %r12
+	ret
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+################################################################################
+# void ecp_nistz256_add(uint64_t res[4], uint64_t a[4], uint64_t b[4]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,\@function,3
+.align	32
+ecp_nistz256_add:
+	push	%r12
+	push	%r13
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	add	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	sbb	8*3($a_ptr), $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop %r13
+	pop %r12
+	ret
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+################################################################################
+# void ecp_nistz256_sub(uint64_t res[4], uint64_t a[4], uint64_t b[4]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,\@function,3
+.align	32
+ecp_nistz256_sub:
+	push	%r12
+	push	%r13
+
+	mov	8*0($a_ptr), $a0
+	xor	$t4, $t4
+	mov	8*1($a_ptr), $a1
+	mov	8*2($a_ptr), $a2
+	mov	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+
+	sub	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop %r13
+	pop %r12
+	ret
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+################################################################################
+# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,\@function,2
+.align	32
+ecp_nistz256_neg:
+	push	%r12
+	push	%r13
+
+	xor	$a0, $a0
+	xor	$a1, $a1
+	xor	$a2, $a2
+	xor	$a3, $a3
+	xor	$t4, $t4
+
+	sub	8*0($a_ptr), $a0
+	sbb	8*1($a_ptr), $a1
+	sbb	8*2($a_ptr), $a2
+	 mov	$a0, $t0
+	sbb	8*3($a_ptr), $a3
+	lea	.Lpoly(%rip), $a_ptr
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	add	8*0($a_ptr), $a0
+	 mov	$a2, $t2
+	adc	8*1($a_ptr), $a1
+	adc	8*2($a_ptr), $a2
+	 mov	$a3, $t3
+	adc	8*3($a_ptr), $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	pop %r13
+	pop %r12
+	ret
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+___
+}
+{
+my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx");
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15));
+my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax");
+my ($poly1,$poly3)=($acc6,$acc7);
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_to_mont(
+#   uint64_t res[4],
+#   uint64_t in[4]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,\@function,2
+.align	32
+ecp_nistz256_to_mont:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+	lea	.LRR(%rip), $b_org
+	jmp	.Lmul_mont
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+################################################################################
+# void ecp_nistz256_mul_mont(
+#   uint64_t res[4],
+#   uint64_t a[4],
+#   uint64_t b[4]);
+
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,\@function,3
+.align	32
+ecp_nistz256_mul_mont:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+.Lmul_mont:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___	if ($addx);
+	cmp	\$0x80100, %ecx
+	je	.Lmul_montx
+___
+$code.=<<___;
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rax
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+
+	call	__ecp_nistz256_mul_montq
+___
+$code.=<<___	if ($addx);
+	jmp	.Lmul_mont_done
+
+.align	32
+.Lmul_montx:
+	mov	$b_org, $b_ptr
+	mov	8*0($b_org), %rdx
+	mov	8*0($a_ptr), $acc1
+	mov	8*1($a_ptr), $acc2
+	mov	8*2($a_ptr), $acc3
+	mov	8*3($a_ptr), $acc4
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+
+	call	__ecp_nistz256_mul_montx
+___
+$code.=<<___;
+.Lmul_mont_done:
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+.type	__ecp_nistz256_mul_montq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_montq:
+	########################################################################
+	# Multiply a by b[0]
+	mov	%rax, $t1
+	mulq	$acc1
+	mov	.Lpoly+8*1(%rip),$poly1
+	mov	%rax, $acc0
+	mov	$t1, %rax
+	mov	%rdx, $acc1
+
+	mulq	$acc2
+	mov	.Lpoly+8*3(%rip),$poly3
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc2
+
+	mulq	$acc3
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mulq	$acc4
+	add	%rax, $acc3
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	xor	$acc5, $acc5
+	mov	%rdx, $acc4
+
+	########################################################################
+	# First reduction step
+	# Basically now we want to multiply acc[0] by p256,
+	# and add the result to the acc.
+	# Due to the special form of p256 we do some optimizations
+	#
+	# acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0]
+	# then we add acc[0] and get acc[0] x 2^96
+
+	mov	$acc0, $t1
+	shl	\$32, $acc0
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc0, $acc1		# +=acc[0]<<96
+	adc	$t1, $acc2
+	adc	%rax, $acc3
+	 mov	8*1($b_ptr), %rax
+	adc	%rdx, $acc4
+	adc	\$0, $acc5
+	xor	$acc0, $acc0
+
+	########################################################################
+	# Multiply by b[1]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc1
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc2
+	adc	\$0, %rdx
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	 mov	$acc1, %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+
+	########################################################################
+	# Second reduction step	
+	mov	$acc1, $t1
+	shl	\$32, $acc1
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc1, $acc2
+	adc	$t1, $acc3
+	adc	%rax, $acc4
+	 mov	8*2($b_ptr), %rax
+	adc	%rdx, $acc5
+	adc	\$0, $acc0
+	xor	$acc1, $acc1
+
+	########################################################################
+	# Multiply by b[2]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc2
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc3
+	adc	\$0, %rdx
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	 mov	$acc2, %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+
+	########################################################################
+	# Third reduction step	
+	mov	$acc2, $t1
+	shl	\$32, $acc2
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc2, $acc3
+	adc	$t1, $acc4
+	adc	%rax, $acc5
+	 mov	8*3($b_ptr), %rax
+	adc	%rdx, $acc0
+	adc	\$0, $acc1
+	xor	$acc2, $acc2
+
+	########################################################################
+	# Multiply by b[3]
+	mov	%rax, $t1
+	mulq	8*0($a_ptr)
+	add	%rax, $acc3
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*1($a_ptr)
+	add	$t0, $acc4
+	adc	\$0, %rdx
+	add	%rax, $acc4
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*2($a_ptr)
+	add	$t0, $acc5
+	adc	\$0, %rdx
+	add	%rax, $acc5
+	mov	$t1, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	8*3($a_ptr)
+	add	$t0, $acc0
+	adc	\$0, %rdx
+	add	%rax, $acc0
+	 mov	$acc3, %rax
+	adc	%rdx, $acc1
+	adc	\$0, $acc2
+
+	########################################################################
+	# Final reduction step	
+	mov	$acc3, $t1
+	shl	\$32, $acc3
+	mulq	$poly3
+	shr	\$32, $t1
+	add	$acc3, $acc4
+	adc	$t1, $acc5
+	 mov	$acc4, $t0
+	adc	%rax, $acc0
+	adc	%rdx, $acc1
+	 mov	$acc5, $t1
+	adc	\$0, $acc2
+
+	########################################################################	
+	# Branch-less conditional subtraction of P
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc0, $t2
+	sbb	$poly1, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc0		# .Lpoly[2]
+	 mov	$acc1, $t3
+	sbb	$poly3, $acc1		# .Lpoly[3]
+	sbb	\$0, $acc2
+
+	cmovc	$t0, $acc4
+	cmovc	$t1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$t2, $acc0
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t3, $acc1
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
+
+################################################################################
+# void ecp_nistz256_sqr_mont(
+#   uint64_t res[4],
+#   uint64_t a[4]);
+
+# we optimize the square according to S.Gueron and V.Krasnov,
+# "Speeding up Big-Number Squaring"
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,\@function,2
+.align	32
+ecp_nistz256_sqr_mont:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+___
+$code.=<<___;
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___	if ($addx);
+	cmp	\$0x80100, %ecx
+	je	.Lsqr_montx
+___
+$code.=<<___;
+	mov	8*0($a_ptr), %rax
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+
+	call	__ecp_nistz256_sqr_montq
+___
+$code.=<<___	if ($addx);
+	jmp	.Lsqr_mont_done
+
+.align	32
+.Lsqr_montx:
+	mov	8*0($a_ptr), %rdx
+	mov	8*1($a_ptr), $acc6
+	mov	8*2($a_ptr), $acc7
+	mov	8*3($a_ptr), $acc0
+	lea	-128($a_ptr), $a_ptr	# control u-op density
+
+	call	__ecp_nistz256_sqr_montx
+___
+$code.=<<___;
+.Lsqr_mont_done:
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+.type	__ecp_nistz256_sqr_montq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sqr_montq:
+	mov	%rax, $acc5
+	mulq	$acc6			# a[1]*a[0]
+	mov	%rax, $acc1
+	mov	$acc7, %rax
+	mov	%rdx, $acc2
+
+	mulq	$acc5			# a[0]*a[2]
+	add	%rax, $acc2
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc3
+
+	mulq	$acc5			# a[0]*a[3]
+	add	%rax, $acc3
+	 mov	$acc7, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $acc4
+
+	#################################
+	mulq	$acc6			# a[1]*a[2]
+	add	%rax, $acc3
+	mov	$acc0, %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t1
+
+	mulq	$acc6			# a[1]*a[3]
+	add	%rax, $acc4
+	 mov	$acc0, %rax
+	adc	\$0, %rdx
+	add	$t1, $acc4
+	mov	%rdx, $acc5
+	adc	\$0, $acc5
+
+	#################################
+	mulq	$acc7			# a[2]*a[3]
+	xor	$acc7, $acc7
+	add	%rax, $acc5
+	 mov	8*0($a_ptr), %rax
+	mov	%rdx, $acc6
+	adc	\$0, $acc6
+
+	add	$acc1, $acc1		# acc1:6<<1
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	adc	$acc4, $acc4
+	adc	$acc5, $acc5
+	adc	$acc6, $acc6
+	adc	\$0, $acc7
+
+	mulq	%rax
+	mov	%rax, $acc0
+	mov	8*1($a_ptr), %rax
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc1
+	adc	%rax, $acc2
+	mov	8*2($a_ptr), %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc3
+	adc	%rax, $acc4
+	mov	8*3($a_ptr), %rax
+	adc	\$0, %rdx
+	mov	%rdx, $t0
+
+	mulq	%rax
+	add	$t0, $acc5
+	adc	%rax, $acc6
+	 mov	$acc0, %rax
+	adc	%rdx, $acc7
+
+	mov	.Lpoly+8*1(%rip), $a_ptr
+	mov	.Lpoly+8*3(%rip), $t1
+
+	##########################################
+	# Now the reduction
+	# First iteration
+	mov	$acc0, $t0
+	shl	\$32, $acc0
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc0, $acc1		# +=acc[0]<<96
+	adc	$t0, $acc2
+	adc	%rax, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Second iteration
+	mov	$acc1, $t0
+	shl	\$32, $acc1
+	mov	%rdx, $acc0
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc1, $acc2
+	adc	$t0, $acc3
+	adc	%rax, $acc0
+	 mov	$acc2, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Third iteration
+	mov	$acc2, $t0
+	shl	\$32, $acc2
+	mov	%rdx, $acc1
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc2, $acc3
+	adc	$t0, $acc0
+	adc	%rax, $acc1
+	 mov	$acc3, %rax
+	adc	\$0, %rdx
+
+	###########################################
+	# Last iteration
+	mov	$acc3, $t0
+	shl	\$32, $acc3
+	mov	%rdx, $acc2
+	mulq	$t1
+	shr	\$32, $t0
+	add	$acc3, $acc0
+	adc	$t0, $acc1
+	adc	%rax, $acc2
+	adc	\$0, %rdx
+	xor	$acc3, $acc3
+
+	############################################
+	# Add the rest of the acc
+	add	$acc0, $acc4
+	adc	$acc1, $acc5
+	 mov	$acc4, $acc0
+	adc	$acc2, $acc6
+	adc	%rdx, $acc7
+	 mov	$acc5, $acc1
+	adc	\$0, $acc3
+
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc6, $acc2
+	sbb	$a_ptr, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc6		# .Lpoly[2]
+	 mov	$acc7, $t0
+	sbb	$t1, $acc7		# .Lpoly[3]
+	sbb	\$0, $acc3
+
+	cmovc	$acc0, $acc4
+	cmovc	$acc1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$acc2, $acc6
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t0, $acc7
+	mov	$acc6, 8*2($r_ptr)
+	mov	$acc7, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
+___
+
+if ($addx) {
+$code.=<<___;
+.type	__ecp_nistz256_mul_montx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_montx:
+	########################################################################
+	# Multiply by b[0]
+	mulx	$acc1, $acc0, $acc1
+	mulx	$acc2, $t0, $acc2
+	mov	\$32, $poly1
+	xor	$acc5, $acc5		# cf=0
+	mulx	$acc3, $t1, $acc3
+	mov	.Lpoly+8*3(%rip), $poly3
+	adc	$t0, $acc1
+	mulx	$acc4, $t0, $acc4
+	 mov	$acc0, %rdx
+	adc	$t1, $acc2
+	 shlx	$poly1,$acc0,$t1
+	adc	$t0, $acc3
+	 shrx	$poly1,$acc0,$t0
+	adc	\$0, $acc4
+
+	########################################################################
+	# First reduction step
+	add	$t1, $acc1
+	adc	$t0, $acc2
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*1($b_ptr), %rdx
+	adc	$t0, $acc3
+	adc	$t1, $acc4
+	adc	\$0, $acc5
+	xor	$acc0, $acc0		# $acc0=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[1]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc1
+	adox	$t1, $acc2
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc1, %rdx
+	adcx	$t0, $acc4
+	 shlx	$poly1, $acc1, $t0
+	adox	$t1, $acc5
+	 shrx	$poly1, $acc1, $t1
+
+	adcx	$acc0, $acc5
+	adox	$acc0, $acc0
+	adc	\$0, $acc0
+
+	########################################################################
+	# Second reduction step
+	add	$t0, $acc2
+	adc	$t1, $acc3
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*2($b_ptr), %rdx
+	adc	$t0, $acc4
+	adc	$t1, $acc5
+	adc	\$0, $acc0
+	xor	$acc1 ,$acc1		# $acc1=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[2]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc2
+	adox	$t1, $acc3
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc2, %rdx
+	adcx	$t0, $acc5
+	 shlx	$poly1, $acc2, $t0
+	adox	$t1, $acc0
+	 shrx	$poly1, $acc2, $t1
+
+	adcx	$acc1, $acc0
+	adox	$acc1, $acc1
+	adc	\$0, $acc1
+
+	########################################################################
+	# Third reduction step
+	add	$t0, $acc3
+	adc	$t1, $acc4
+
+	mulx	$poly3, $t0, $t1
+	 mov	8*3($b_ptr), %rdx
+	adc	$t0, $acc5
+	adc	$t1, $acc0
+	adc	\$0, $acc1
+	xor	$acc2, $acc2		# $acc2=0,cf=0,of=0
+
+	########################################################################
+	# Multiply by b[3]
+	mulx	8*0+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	8*1+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+
+	mulx	8*2+128($a_ptr), $t0, $t1
+	adcx	$t0, $acc5
+	adox	$t1, $acc0
+
+	mulx	8*3+128($a_ptr), $t0, $t1
+	 mov	$acc3, %rdx
+	adcx	$t0, $acc0
+	 shlx	$poly1, $acc3, $t0
+	adox	$t1, $acc1
+	 shrx	$poly1, $acc3, $t1
+
+	adcx	$acc2, $acc1
+	adox	$acc2, $acc2
+	adc	\$0, $acc2
+
+	########################################################################
+	# Fourth reduction step
+	add	$t0, $acc4
+	adc	$t1, $acc5
+
+	mulx	$poly3, $t0, $t1
+	 mov	$acc4, $t2
+	mov	.Lpoly+8*1(%rip), $poly1
+	adc	$t0, $acc0
+	 mov	$acc5, $t3
+	adc	$t1, $acc1
+	adc	\$0, $acc2
+
+	########################################################################
+	# Branch-less conditional subtraction of P
+	xor	%eax, %eax
+	 mov	$acc0, $t0
+	sbb	\$-1, $acc4		# .Lpoly[0]
+	sbb	$poly1, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc0		# .Lpoly[2]
+	 mov	$acc1, $t1
+	sbb	$poly3, $acc1		# .Lpoly[3]
+	sbb	\$0, $acc2
+
+	cmovc	$t2, $acc4
+	cmovc	$t3, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$t0, $acc0
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$t1, $acc1
+	mov	$acc0, 8*2($r_ptr)
+	mov	$acc1, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
+
+.type	__ecp_nistz256_sqr_montx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sqr_montx:
+	mulx	$acc6, $acc1, $acc2	# a[0]*a[1]
+	mulx	$acc7, $t0, $acc3	# a[0]*a[2]
+	xor	%eax, %eax
+	adc	$t0, $acc2
+	mulx	$acc0, $t1, $acc4	# a[0]*a[3]
+	 mov	$acc6, %rdx
+	adc	$t1, $acc3
+	adc	\$0, $acc4
+	xor	$acc5, $acc5		# $acc5=0,cf=0,of=0
+
+	#################################
+	mulx	$acc7, $t0, $t1		# a[1]*a[2]
+	adcx	$t0, $acc3
+	adox	$t1, $acc4
+
+	mulx	$acc0, $t0, $t1		# a[1]*a[3]
+	 mov	$acc7, %rdx
+	adcx	$t0, $acc4
+	adox	$t1, $acc5
+	adc	\$0, $acc5
+
+	#################################
+	mulx	$acc0, $t0, $acc6	# a[2]*a[3]
+	 mov	8*0+128($a_ptr), %rdx
+	xor	$acc7, $acc7		# $acc7=0,cf=0,of=0
+	 adcx	$acc1, $acc1		# acc1:6<<1
+	adox	$t0, $acc5
+	 adcx	$acc2, $acc2
+	adox	$acc7, $acc6		# of=0
+
+	mulx	%rdx, $acc0, $t1
+	mov	8*1+128($a_ptr), %rdx
+	 adcx	$acc3, $acc3
+	adox	$t1, $acc1
+	 adcx	$acc4, $acc4
+	mulx	%rdx, $t0, $t4
+	mov	8*2+128($a_ptr), %rdx
+	 adcx	$acc5, $acc5
+	adox	$t0, $acc2
+	 adcx	$acc6, $acc6
+	.byte	0x67
+	mulx	%rdx, $t0, $t1
+	mov	8*3+128($a_ptr), %rdx
+	adox	$t4, $acc3
+	 adcx	$acc7, $acc7
+	adox	$t0, $acc4
+	 mov	\$32, $a_ptr
+	adox	$t1, $acc5
+	.byte	0x67,0x67
+	mulx	%rdx, $t0, $t4
+	 mov	.Lpoly+8*3(%rip), %rdx
+	adox	$t0, $acc6
+	 shlx	$a_ptr, $acc0, $t0
+	adox	$t4, $acc7
+	 shrx	$a_ptr, $acc0, $t4
+	mov	%rdx,$t1
+
+	# reduction step 1
+	add	$t0, $acc1
+	adc	$t4, $acc2
+
+	mulx	$acc0, $t0, $acc0
+	adc	$t0, $acc3
+	 shlx	$a_ptr, $acc1, $t0
+	adc	\$0, $acc0
+	 shrx	$a_ptr, $acc1, $t4
+
+	# reduction step 2
+	add	$t0, $acc2
+	adc	$t4, $acc3
+
+	mulx	$acc1, $t0, $acc1
+	adc	$t0, $acc0
+	 shlx	$a_ptr, $acc2, $t0
+	adc	\$0, $acc1
+	 shrx	$a_ptr, $acc2, $t4
+
+	# reduction step 3
+	add	$t0, $acc3
+	adc	$t4, $acc0
+
+	mulx	$acc2, $t0, $acc2
+	adc	$t0, $acc1
+	 shlx	$a_ptr, $acc3, $t0
+	adc	\$0, $acc2
+	 shrx	$a_ptr, $acc3, $t4
+
+	# reduction step 4
+	add	$t0, $acc0
+	adc	$t4, $acc1
+
+	mulx	$acc3, $t0, $acc3
+	adc	$t0, $acc2
+	adc	\$0, $acc3
+
+	xor	$t3, $t3
+	add	$acc0, $acc4		# accumulate upper half
+	 mov	.Lpoly+8*1(%rip), $a_ptr
+	adc	$acc1, $acc5
+	 mov	$acc4, $acc0
+	adc	$acc2, $acc6
+	adc	$acc3, $acc7
+	 mov	$acc5, $acc1
+	adc	\$0, $t3
+
+	sub	\$-1, $acc4		# .Lpoly[0]
+	 mov	$acc6, $acc2
+	sbb	$a_ptr, $acc5		# .Lpoly[1]
+	sbb	\$0, $acc6		# .Lpoly[2]
+	 mov	$acc7, $acc3
+	sbb	$t1, $acc7		# .Lpoly[3]
+	sbb	\$0, $t3
+
+	cmovc	$acc0, $acc4
+	cmovc	$acc1, $acc5
+	mov	$acc4, 8*0($r_ptr)
+	cmovc	$acc2, $acc6
+	mov	$acc5, 8*1($r_ptr)
+	cmovc	$acc3, $acc7
+	mov	$acc6, 8*2($r_ptr)
+	mov	$acc7, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
+___
+}
+}
+{
+my ($r_ptr,$in_ptr)=("%rdi","%rsi");
+my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11));
+my ($t0,$t1,$t2)=("%rcx","%r12","%r13");
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_from_mont(
+#   uint64_t res[4],
+#   uint64_t in[4]);
+# This one performs Montgomery multiplication by 1, so we only need the reduction
+
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,\@function,2
+.align	32
+ecp_nistz256_from_mont:
+	push	%r12
+	push	%r13
+
+	mov	8*0($in_ptr), %rax
+	mov	.Lpoly+8*3(%rip), $t2
+	mov	8*1($in_ptr), $acc1
+	mov	8*2($in_ptr), $acc2
+	mov	8*3($in_ptr), $acc3
+	mov	%rax, $acc0
+	mov	.Lpoly+8*1(%rip), $t1
+
+	#########################################
+	# First iteration
+	mov	%rax, $t0
+	shl	\$32, $acc0
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc0, $acc1
+	adc	$t0, $acc2
+	adc	%rax, $acc3
+	 mov	$acc1, %rax
+	adc	\$0, %rdx
+
+	#########################################
+	# Second iteration
+	mov	$acc1, $t0
+	shl	\$32, $acc1
+	mov	%rdx, $acc0
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc1, $acc2
+	adc	$t0, $acc3
+	adc	%rax, $acc0
+	 mov	$acc2, %rax
+	adc	\$0, %rdx
+
+	##########################################
+	# Third iteration
+	mov	$acc2, $t0
+	shl	\$32, $acc2
+	mov	%rdx, $acc1
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc2, $acc3
+	adc	$t0, $acc0
+	adc	%rax, $acc1
+	 mov	$acc3, %rax
+	adc	\$0, %rdx
+
+	###########################################
+	# Last iteration
+	mov	$acc3, $t0
+	shl	\$32, $acc3
+	mov	%rdx, $acc2
+	mulq	$t2
+	shr	\$32, $t0
+	add	$acc3, $acc0
+	adc	$t0, $acc1
+	 mov	$acc0, $t0
+	adc	%rax, $acc2
+	 mov	$acc1, $in_ptr
+	adc	\$0, %rdx
+
+	###########################################
+	# Branch-less conditional subtraction
+	sub	\$-1, $acc0
+	 mov	$acc2, %rax
+	sbb	$t1, $acc1
+	sbb	\$0, $acc2
+	 mov	%rdx, $acc3
+	sbb	$t2, %rdx
+	sbb	$t2, $t2
+
+	cmovnz	$t0, $acc0
+	cmovnz	$in_ptr, $acc1
+	mov	$acc0, 8*0($r_ptr)
+	cmovnz	%rax, $acc2
+	mov	$acc1, 8*1($r_ptr)
+	cmovz	%rdx, $acc3
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+
+	pop	%r13
+	pop	%r12
+	ret
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+___
+}
+{
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($ONE,$INDEX,$Ra,$Rb,$Rc,$Rd,$Re,$Rf)=map("%xmm$_",(0..7));
+my ($M0,$T0a,$T0b,$T0c,$T0d,$T0e,$T0f,$TMP0)=map("%xmm$_",(8..15));
+my ($M1,$T2a,$T2b,$TMP2,$M2,$T2a,$T2b,$TMP2)=map("%xmm$_",(8..15));
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_scatter_w5(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_scatter_w5:
+	lea	-3($index,$index,2), $index
+	movdqa	0x00($in_t), %xmm0
+	shl	\$5, $index
+	movdqa	0x10($in_t), %xmm1
+	movdqa	0x20($in_t), %xmm2
+	movdqa	0x30($in_t), %xmm3
+	movdqa	0x40($in_t), %xmm4
+	movdqa	0x50($in_t), %xmm5
+	movdqa	%xmm0, 0x00($val,$index)
+	movdqa	%xmm1, 0x10($val,$index)
+	movdqa	%xmm2, 0x20($val,$index)
+	movdqa	%xmm3, 0x30($val,$index)
+	movdqa	%xmm4, 0x40($val,$index)
+	movdqa	%xmm5, 0x50($val,$index)
+
+	ret
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+################################################################################
+# void ecp_nistz256_gather_w5(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_gather_w5:
+___
+$code.=<<___	if ($avx>1);
+	mov	OPENSSL_ia32cap_P+8(%rip), %eax
+	test	\$`1<<5`, %eax
+	jnz	.Lavx2_gather_w5
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_gather_w5:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6, -0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7, -0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8, 0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9, 0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10, 0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11, 0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12, 0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13, 0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14, 0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	movdqa	.LOne(%rip), $ONE
+	movd	$index, $INDEX
+
+	pxor	$Ra, $Ra
+	pxor	$Rb, $Rb
+	pxor	$Rc, $Rc
+	pxor	$Rd, $Rd
+	pxor	$Re, $Re
+	pxor	$Rf, $Rf
+
+	movdqa	$ONE, $M0
+	pshufd	\$0, $INDEX, $INDEX
+
+	mov	\$16, %rax
+.Lselect_loop_sse_w5:
+
+	movdqa	$M0, $TMP0
+	paddd	$ONE, $M0
+	pcmpeqd $INDEX, $TMP0
+
+	movdqa	16*0($in_t), $T0a
+	movdqa	16*1($in_t), $T0b
+	movdqa	16*2($in_t), $T0c
+	movdqa	16*3($in_t), $T0d
+	movdqa	16*4($in_t), $T0e
+	movdqa	16*5($in_t), $T0f
+	lea 16*6($in_t), $in_t
+
+	pand	$TMP0, $T0a
+	pand	$TMP0, $T0b
+	por	$T0a, $Ra
+	pand	$TMP0, $T0c
+	por	$T0b, $Rb
+	pand	$TMP0, $T0d
+	por	$T0c, $Rc
+	pand	$TMP0, $T0e
+	por	$T0d, $Rd
+	pand	$TMP0, $T0f
+	por	$T0e, $Re
+	por	$T0f, $Rf
+
+	dec	%rax
+	jnz	.Lselect_loop_sse_w5
+
+	movdqu	$Ra, 16*0($val)
+	movdqu	$Rb, 16*1($val)
+	movdqu	$Rc, 16*2($val)
+	movdqu	$Rd, 16*3($val)
+	movdqu	$Re, 16*4($val)
+	movdqu	$Rf, 16*5($val)
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+.LSEH_end_ecp_nistz256_gather_w5:
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+################################################################################
+# void ecp_nistz256_scatter_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_scatter_w7:
+	movdqu	0x00($in_t), %xmm0
+	shl	\$6, $index
+	movdqu	0x10($in_t), %xmm1
+	movdqu	0x20($in_t), %xmm2
+	movdqu	0x30($in_t), %xmm3
+	movdqa	%xmm0, 0x00($val,$index)
+	movdqa	%xmm1, 0x10($val,$index)
+	movdqa	%xmm2, 0x20($val,$index)
+	movdqa	%xmm3, 0x30($val,$index)
+
+	ret
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+################################################################################
+# void ecp_nistz256_gather_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_gather_w7:
+___
+$code.=<<___	if ($avx>1);
+	mov	OPENSSL_ia32cap_P+8(%rip), %eax
+	test	\$`1<<5`, %eax
+	jnz	.Lavx2_gather_w7
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_gather_w7:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6, -0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7, -0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8, 0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9, 0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10, 0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11, 0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12, 0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13, 0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14, 0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	movdqa	.LOne(%rip), $M0
+	movd	$index, $INDEX
+
+	pxor	$Ra, $Ra
+	pxor	$Rb, $Rb
+	pxor	$Rc, $Rc
+	pxor	$Rd, $Rd
+
+	movdqa	$M0, $ONE
+	pshufd	\$0, $INDEX, $INDEX
+	mov	\$64, %rax
+
+.Lselect_loop_sse_w7:
+	movdqa	$M0, $TMP0
+	paddd	$ONE, $M0
+	movdqa	16*0($in_t), $T0a
+	movdqa	16*1($in_t), $T0b
+	pcmpeqd	$INDEX, $TMP0
+	movdqa	16*2($in_t), $T0c
+	movdqa	16*3($in_t), $T0d
+	lea	16*4($in_t), $in_t
+
+	pand	$TMP0, $T0a
+	pand	$TMP0, $T0b
+	por	$T0a, $Ra
+	pand	$TMP0, $T0c
+	por	$T0b, $Rb
+	pand	$TMP0, $T0d
+	por	$T0c, $Rc
+	prefetcht0	255($in_t)
+	por	$T0d, $Rd
+
+	dec	%rax
+	jnz	.Lselect_loop_sse_w7
+
+	movdqu	$Ra, 16*0($val)
+	movdqu	$Rb, 16*1($val)
+	movdqu	$Rc, 16*2($val)
+	movdqu	$Rd, 16*3($val)
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+.LSEH_end_ecp_nistz256_gather_w7:
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+___
+}
+if ($avx>1) {
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($TWO,$INDEX,$Ra,$Rb,$Rc)=map("%ymm$_",(0..4));
+my ($M0,$T0a,$T0b,$T0c,$TMP0)=map("%ymm$_",(5..9));
+my ($M1,$T1a,$T1b,$T1c,$TMP1)=map("%ymm$_",(10..14));
+
+$code.=<<___;
+################################################################################
+# void ecp_nistz256_avx2_gather_w5(uint64_t *val, uint64_t *in_t, int index);
+.type	ecp_nistz256_avx2_gather_w5,\@abi-omnipotent
+.align	32
+ecp_nistz256_avx2_gather_w5:
+.Lavx2_gather_w5:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_avx2_gather_w5:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	#vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	#vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	#vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	#vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	#vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	#vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	#vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	#vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	#vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	#vmovaps %xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LTwo(%rip), $TWO
+
+	vpxor	$Ra, $Ra, $Ra
+	vpxor	$Rb, $Rb, $Rb
+	vpxor	$Rc, $Rc, $Rc
+
+	vmovdqa .LOne(%rip), $M0
+	vmovdqa .LTwo(%rip), $M1
+
+	vmovd	$index, %xmm1
+	vpermd	$INDEX, $Ra, $INDEX
+
+	mov	\$8, %rax
+.Lselect_loop_avx2_w5:
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+	vmovdqa	32*2($in_t), $T0c
+
+	vmovdqa	32*3($in_t), $T1a
+	vmovdqa	32*4($in_t), $T1b
+	vmovdqa	32*5($in_t), $T1c
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+	vpcmpeqd	$INDEX, $M1, $TMP1
+
+	vpaddd	$TWO, $M0, $M0
+	vpaddd	$TWO, $M1, $M1
+	lea	32*6($in_t), $in_t
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+	vpand	$TMP0, $T0c, $T0c
+	vpand	$TMP1, $T1a, $T1a
+	vpand	$TMP1, $T1b, $T1b
+	vpand	$TMP1, $T1c, $T1c
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+	vpxor	$T0c, $Rc, $Rc
+	vpxor	$T1a, $Ra, $Ra
+	vpxor	$T1b, $Rb, $Rb
+	vpxor	$T1c, $Rc, $Rc
+
+	dec %rax
+	jnz .Lselect_loop_avx2_w5
+
+	vmovdqu $Ra, 32*0($val)
+	vmovdqu $Rb, 32*1($val)
+	vmovdqu $Rc, 32*2($val)
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+.LSEH_end_ecp_nistz256_avx2_gather_w5:
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
+___
+}
+if ($avx>1) {
+my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx");
+my ($THREE,$INDEX,$Ra,$Rb)=map("%ymm$_",(0..3));
+my ($M0,$T0a,$T0b,$TMP0)=map("%ymm$_",(4..7));
+my ($M1,$T1a,$T1b,$TMP1)=map("%ymm$_",(8..11));
+my ($M2,$T2a,$T2b,$TMP2)=map("%ymm$_",(12..15));
+
+$code.=<<___;
+
+################################################################################
+# void ecp_nistz256_avx2_gather_w7(uint64_t *val, uint64_t *in_t, int index);
+.globl	ecp_nistz256_avx2_gather_w7
+.type	ecp_nistz256_avx2_gather_w7,\@abi-omnipotent
+.align	32
+ecp_nistz256_avx2_gather_w7:
+.Lavx2_gather_w7:
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	lea	-0x88(%rsp), %rax
+.LSEH_begin_ecp_nistz256_avx2_gather_w7:
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax), %rsp
+	.byte	0xc5,0xf8,0x29,0x70,0xe0	#vmovaps %xmm6, -0x20(%rax)
+	.byte	0xc5,0xf8,0x29,0x78,0xf0	#vmovaps %xmm7, -0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x40,0x00	#vmovaps %xmm8, 8(%rax)
+	.byte	0xc5,0x78,0x29,0x48,0x10	#vmovaps %xmm9, 0x10(%rax)
+	.byte	0xc5,0x78,0x29,0x50,0x20	#vmovaps %xmm10, 0x20(%rax)
+	.byte	0xc5,0x78,0x29,0x58,0x30	#vmovaps %xmm11, 0x30(%rax)
+	.byte	0xc5,0x78,0x29,0x60,0x40	#vmovaps %xmm12, 0x40(%rax)
+	.byte	0xc5,0x78,0x29,0x68,0x50	#vmovaps %xmm13, 0x50(%rax)
+	.byte	0xc5,0x78,0x29,0x70,0x60	#vmovaps %xmm14, 0x60(%rax)
+	.byte	0xc5,0x78,0x29,0x78,0x70	#vmovaps %xmm15, 0x70(%rax)
+___
+$code.=<<___;
+	vmovdqa	.LThree(%rip), $THREE
+
+	vpxor	$Ra, $Ra, $Ra
+	vpxor	$Rb, $Rb, $Rb
+
+	vmovdqa .LOne(%rip), $M0
+	vmovdqa .LTwo(%rip), $M1
+	vmovdqa .LThree(%rip), $M2
+
+	vmovd	$index, %xmm1
+	vpermd	$INDEX, $Ra, $INDEX
+	# Skip index = 0, because it is implicitly the point at infinity
+
+	mov	\$21, %rax
+.Lselect_loop_avx2_w7:
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+
+	vmovdqa	32*2($in_t), $T1a
+	vmovdqa	32*3($in_t), $T1b
+
+	vmovdqa	32*4($in_t), $T2a
+	vmovdqa	32*5($in_t), $T2b
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+	vpcmpeqd	$INDEX, $M1, $TMP1
+	vpcmpeqd	$INDEX, $M2, $TMP2
+
+	vpaddd	$THREE, $M0, $M0
+	vpaddd	$THREE, $M1, $M1
+	vpaddd	$THREE, $M2, $M2
+	lea	32*6($in_t), $in_t
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+	vpand	$TMP1, $T1a, $T1a
+	vpand	$TMP1, $T1b, $T1b
+	vpand	$TMP2, $T2a, $T2a
+	vpand	$TMP2, $T2b, $T2b
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+	vpxor	$T1a, $Ra, $Ra
+	vpxor	$T1b, $Rb, $Rb
+	vpxor	$T2a, $Ra, $Ra
+	vpxor	$T2b, $Rb, $Rb
+
+	dec %rax
+	jnz .Lselect_loop_avx2_w7
+
+
+	vmovdqa	32*0($in_t), $T0a
+	vmovdqa	32*1($in_t), $T0b
+
+	vpcmpeqd	$INDEX, $M0, $TMP0
+
+	vpand	$TMP0, $T0a, $T0a
+	vpand	$TMP0, $T0b, $T0b
+
+	vpxor	$T0a, $Ra, $Ra
+	vpxor	$T0b, $Rb, $Rb
+
+	vmovdqu $Ra, 32*0($val)
+	vmovdqu $Rb, 32*1($val)
+	vzeroupper
+___
+$code.=<<___	if ($win64);
+	movaps	(%rsp), %xmm6
+	movaps	0x10(%rsp), %xmm7
+	movaps	0x20(%rsp), %xmm8
+	movaps	0x30(%rsp), %xmm9
+	movaps	0x40(%rsp), %xmm10
+	movaps	0x50(%rsp), %xmm11
+	movaps	0x60(%rsp), %xmm12
+	movaps	0x70(%rsp), %xmm13
+	movaps	0x80(%rsp), %xmm14
+	movaps	0x90(%rsp), %xmm15
+	lea	0xa8(%rsp), %rsp
+.LSEH_end_ecp_nistz256_avx2_gather_w7:
+___
+$code.=<<___;
+	ret
+.size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
+___
+} else {
+$code.=<<___;
+.globl	ecp_nistz256_avx2_gather_w7
+.type	ecp_nistz256_avx2_gather_w7,\@function,3
+.align	32
+ecp_nistz256_avx2_gather_w7:
+	.byte	0x0f,0x0b	# ud2
+	ret
+.size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
+___
+}
+{{{
+########################################################################
+# This block implements higher level point_double, point_add and
+# point_add_affine. The key to performance in this case is to allow
+# out-of-order execution logic to overlap computations from next step
+# with tail processing from current step. By using tailored calling
+# sequence we minimize inter-step overhead to give processor better
+# shot at overlapping operations...
+#
+# You will notice that input data is copied to stack. Trouble is that
+# there are no registers to spare for holding original pointers and
+# reloading them, pointers, would create undesired dependencies on
+# effective addresses calculation paths. In other words it's too done
+# to favour out-of-order execution logic.
+#						<appro@openssl.org>
+
+my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx");
+my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15));
+my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rbp","%rcx",$acc4,$acc4);
+my ($poly1,$poly3)=($acc6,$acc7);
+
+sub load_for_mul () {
+my ($a,$b,$src0) = @_;
+my $bias = $src0 eq "%rax" ? 0 : -128;
+
+"	mov	$b, $src0
+	lea	$b, $b_ptr
+	mov	8*0+$a, $acc1
+	mov	8*1+$a, $acc2
+	lea	$bias+$a, $a_ptr
+	mov	8*2+$a, $acc3
+	mov	8*3+$a, $acc4"
+}
+
+sub load_for_sqr () {
+my ($a,$src0) = @_;
+my $bias = $src0 eq "%rax" ? 0 : -128;
+
+"	mov	8*0+$a, $src0
+	mov	8*1+$a, $acc6
+	lea	$bias+$a, $a_ptr
+	mov	8*2+$a, $acc7
+	mov	8*3+$a, $acc0"
+}
+
+									{
+########################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+
+$code.=<<___;
+.type	__ecp_nistz256_add_toq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_add_toq:
+	xor	$t4,$t4
+	add	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
+
+.type	__ecp_nistz256_sub_fromq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sub_fromq:
+	sub	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	$t4, $t4
+
+	add	\$-1, $a0
+	 mov	$a2, $t2
+	adc	$poly1, $a1
+	adc	\$0, $a2
+	 mov	$a3, $t3
+	adc	$poly3, $a3
+	test	$t4, $t4
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovz	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovz	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
+
+.type	__ecp_nistz256_subq,\@abi-omnipotent
+.align	32
+__ecp_nistz256_subq:
+	sub	$a0, $t0
+	sbb	$a1, $t1
+	 mov	$t0, $a0
+	sbb	$a2, $t2
+	sbb	$a3, $t3
+	 mov	$t1, $a1
+	sbb	$t4, $t4
+
+	add	\$-1, $t0
+	 mov	$t2, $a2
+	adc	$poly1, $t1
+	adc	\$0, $t2
+	 mov	$t3, $a3
+	adc	$poly3, $t3
+	test	$t4, $t4
+
+	cmovnz	$t0, $a0
+	cmovnz	$t1, $a1
+	cmovnz	$t2, $a2
+	cmovnz	$t3, $a3
+
+	ret
+.size	__ecp_nistz256_subq,.-__ecp_nistz256_subq
+
+.type	__ecp_nistz256_mul_by_2q,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_by_2q:
+	xor	$t4, $t4
+	add	$a0, $a0		# a0:a3+a0:a3
+	adc	$a1, $a1
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
+___
+									}
+sub gen_double () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4));
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,\@function,2
+.align	32
+ecp_nistz256_point_double:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_doublex
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_doublex,\@function,2
+.align	32
+ecp_nistz256_point_doublex:
+.Lpoint_doublex:
+___
+    }
+$code.=<<___;
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$32*5+8, %rsp
+
+.Lpoint_double_shortcut$x:
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr.x
+	mov	$a_ptr, $b_ptr			# backup copy
+	movdqu	0x10($a_ptr), %xmm1
+	 mov	0x20+8*0($a_ptr), $acc4		# load in_y in "5-4-0-1" order
+	 mov	0x20+8*1($a_ptr), $acc5
+	 mov	0x20+8*2($a_ptr), $acc0
+	 mov	0x20+8*3($a_ptr), $acc1
+	 mov	.Lpoly+8*1(%rip), $poly1
+	 mov	.Lpoly+8*3(%rip), $poly3
+	movdqa	%xmm0, $in_x(%rsp)
+	movdqa	%xmm1, $in_x+0x10(%rsp)
+	lea	0x20($r_ptr), $acc2
+	lea	0x40($r_ptr), $acc3
+	movq	$r_ptr, %xmm0
+	movq	$acc2, %xmm1
+	movq	$acc3, %xmm2
+
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(S, in_y);
+
+	mov	0x40+8*0($a_ptr), $src0
+	mov	0x40+8*1($a_ptr), $acc6
+	mov	0x40+8*2($a_ptr), $acc7
+	mov	0x40+8*3($a_ptr), $acc0
+	lea	0x40-$bias($a_ptr), $a_ptr
+	lea	$Zsqr(%rsp), $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Zsqr, in_z);
+
+	`&load_for_sqr("$S(%rsp)", "$src0")`
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(S, S);
+
+	mov	0x20($b_ptr), $src0		# $b_ptr is still valid
+	mov	0x40+8*0($b_ptr), $acc1
+	mov	0x40+8*1($b_ptr), $acc2
+	mov	0x40+8*2($b_ptr), $acc3
+	mov	0x40+8*3($b_ptr), $acc4
+	lea	0x40-$bias($b_ptr), $a_ptr
+	lea	0x20($b_ptr), $b_ptr
+	movq	%xmm2, $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, in_z, in_y);
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(res_z, res_z);
+
+	mov	$in_x+8*0(%rsp), $acc4		# "5-4-0-1" order
+	mov	$in_x+8*1(%rsp), $acc5
+	lea	$Zsqr(%rsp), $b_ptr
+	mov	$in_x+8*2(%rsp), $acc0
+	mov	$in_x+8*3(%rsp), $acc1
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_add_to$x		# p256_add(M, in_x, Zsqr);
+
+	mov	$in_x+8*0(%rsp), $acc4		# "5-4-0-1" order
+	mov	$in_x+8*1(%rsp), $acc5
+	lea	$Zsqr(%rsp), $b_ptr
+	mov	$in_x+8*2(%rsp), $acc0
+	mov	$in_x+8*3(%rsp), $acc1
+	lea	$Zsqr(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(Zsqr, in_x, Zsqr);
+
+	`&load_for_sqr("$S(%rsp)", "$src0")`
+	movq	%xmm1, $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(res_y, S);
+___
+{	
+######## ecp_nistz256_div_by_2(res_y, res_y); ##########################
+# operate in 4-5-6-7 "name space" that matches squaring output
+#
+my ($poly1,$poly3)=($a_ptr,$t1);
+my ($a0,$a1,$a2,$a3,$t3,$t4,$t1)=($acc4,$acc5,$acc6,$acc7,$acc0,$acc1,$acc2);
+
+$code.=<<___;
+	xor	$t4, $t4
+	mov	$a0, $t0
+	add	\$-1, $a0
+	mov	$a1, $t1
+	adc	$poly1, $a1
+	mov	$a2, $t2
+	adc	\$0, $a2
+	mov	$a3, $t3
+	adc	$poly3, $a3
+	adc	\$0, $t4
+	xor	$a_ptr, $a_ptr		# borrow $a_ptr
+	test	\$1, $t0
+
+	cmovz	$t0, $a0
+	cmovz	$t1, $a1
+	cmovz	$t2, $a2
+	cmovz	$t3, $a3
+	cmovz	$a_ptr, $t4
+
+	mov	$a1, $t0		# a0:a3>>1
+	shr	\$1, $a0
+	shl	\$63, $t0
+	mov	$a2, $t1
+	shr	\$1, $a1
+	or	$t0, $a0
+	shl	\$63, $t1
+	mov	$a3, $t2
+	shr	\$1, $a2
+	or	$t1, $a1
+	shl	\$63, $t2
+	mov	$a0, 8*0($r_ptr)
+	shr	\$1, $a3
+	mov	$a1, 8*1($r_ptr)
+	shl	\$63, $t4
+	or	$t2, $a2
+	or	$t4, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$M(%rsp)", "$Zsqr(%rsp)", "$src0")`
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(M, M, Zsqr);
+
+	lea	$tmp0(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x
+
+	lea	$M(%rsp), $b_ptr
+	lea	$M(%rsp), $r_ptr
+	call	__ecp_nistz256_add_to$x		# p256_mul_by_3(M, M);
+
+	`&load_for_mul("$S(%rsp)", "$in_x(%rsp)", "$src0")`
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S, S, in_x);
+
+	lea	$tmp0(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_by_2$x	# p256_mul_by_2(tmp0, S);
+
+	`&load_for_sqr("$M(%rsp)", "$src0")`
+	movq	%xmm0, $r_ptr
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(res_x, M);
+
+	lea	$tmp0(%rsp), $b_ptr
+	mov	$acc6, $acc0			# harmonize sqr output and sub input
+	mov	$acc7, $acc1
+	mov	$a_ptr, $poly1
+	mov	$t1, $poly3
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, tmp0);
+
+	mov	$S+8*0(%rsp), $t0
+	mov	$S+8*1(%rsp), $t1
+	mov	$S+8*2(%rsp), $t2
+	mov	$S+8*3(%rsp), $acc2		# "4-5-0-1" order
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_sub$x		# p256_sub(S, S, res_x);
+
+	mov	$M(%rsp), $src0
+	lea	$M(%rsp), $b_ptr
+	mov	$acc4, $acc6			# harmonize sub output and mul input
+	xor	%ecx, %ecx
+	mov	$acc4, $S+8*0(%rsp)		# have to save:-(	
+	mov	$acc5, $acc2
+	mov	$acc5, $S+8*1(%rsp)
+	cmovz	$acc0, $acc3
+	mov	$acc0, $S+8*2(%rsp)
+	lea	$S-$bias(%rsp), $a_ptr
+	cmovz	$acc1, $acc4
+	mov	$acc1, $S+8*3(%rsp)
+	mov	$acc6, $acc1
+	lea	$S(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S, S, M);
+
+	movq	%xmm1, $b_ptr
+	movq	%xmm1, $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, S, res_y);
+
+	add	\$32*5+8, %rsp
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx
+___
+}
+&gen_double("q");
+
+sub gen_add () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($H,$Hsqr,$R,$Rsqr,$Hcub,
+	$U1,$U2,$S1,$S2,
+	$res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y,$in2_z)=map(32*$_,(0..17));
+    my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,\@function,3
+.align	32
+ecp_nistz256_point_add:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_addx
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_addx,\@function,3
+.align	32
+ecp_nistz256_point_addx:
+.Lpoint_addx:
+___
+    }
+$code.=<<___;
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$32*18+8, %rsp
+
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$a_ptr
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	movdqu	0x30($a_ptr), %xmm3
+	movdqu	0x40($a_ptr), %xmm4
+	movdqu	0x50($a_ptr), %xmm5
+	mov	$a_ptr, $b_ptr			# reassign
+	mov	$b_org, $a_ptr			# reassign
+	movdqa	%xmm0, $in1_x(%rsp)
+	movdqa	%xmm1, $in1_x+0x10(%rsp)
+	movdqa	%xmm2, $in1_y(%rsp)
+	movdqa	%xmm3, $in1_y+0x10(%rsp)
+	movdqa	%xmm4, $in1_z(%rsp)
+	movdqa	%xmm5, $in1_z+0x10(%rsp)
+	por	%xmm4, %xmm5
+
+	movdqu	0x00($a_ptr), %xmm0		# copy	*(P256_POINT *)$b_ptr
+	 pshufd	\$0xb1, %xmm5, %xmm3
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	 por	%xmm3, %xmm5
+	movdqu	0x30($a_ptr), %xmm3
+	 mov	0x40+8*0($a_ptr), $src0		# load original in2_z
+	 mov	0x40+8*1($a_ptr), $acc6
+	 mov	0x40+8*2($a_ptr), $acc7
+	 mov	0x40+8*3($a_ptr), $acc0
+	movdqa	%xmm0, $in2_x(%rsp)
+	 pshufd	\$0x1e, %xmm5, %xmm4
+	movdqa	%xmm1, $in2_x+0x10(%rsp)
+	movdqu	0x40($a_ptr),%xmm0		# in2_z again
+	movdqu	0x50($a_ptr),%xmm1
+	movdqa	%xmm2, $in2_y(%rsp)
+	movdqa	%xmm3, $in2_y+0x10(%rsp)
+	 por	%xmm4, %xmm5
+	 pxor	%xmm4, %xmm4
+	por	%xmm0, %xmm1
+	 movq	$r_ptr, %xmm0			# save $r_ptr
+
+	lea	0x40-$bias($a_ptr), $a_ptr	# $a_ptr is still valid
+	 mov	$src0, $in2_z+8*0(%rsp)		# make in2_z copy
+	 mov	$acc6, $in2_z+8*1(%rsp)
+	 mov	$acc7, $in2_z+8*2(%rsp)
+	 mov	$acc0, $in2_z+8*3(%rsp)
+	lea	$Z2sqr(%rsp), $r_ptr		# Z2^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z2sqr, in2_z);
+
+	pcmpeqd	%xmm4, %xmm5
+	pshufd	\$0xb1, %xmm1, %xmm4
+	por	%xmm1, %xmm4
+	pshufd	\$0, %xmm5, %xmm5		# in1infty
+	pshufd	\$0x1e, %xmm4, %xmm3
+	por	%xmm3, %xmm4
+	pxor	%xmm3, %xmm3
+	pcmpeqd	%xmm3, %xmm4
+	pshufd	\$0, %xmm4, %xmm4		# in2infty
+	 mov	0x40+8*0($b_ptr), $src0		# load original in1_z
+	 mov	0x40+8*1($b_ptr), $acc6
+	 mov	0x40+8*2($b_ptr), $acc7
+	 mov	0x40+8*3($b_ptr), $acc0
+	movq	$b_ptr, %xmm1
+
+	lea	0x40-$bias($b_ptr), $a_ptr
+	lea	$Z1sqr(%rsp), $r_ptr		# Z1^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z1sqr, in1_z);
+
+	`&load_for_mul("$Z2sqr(%rsp)", "$in2_z(%rsp)", "$src0")`
+	lea	$S1(%rsp), $r_ptr		# S1 = Z2^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S1, Z2sqr, in2_z);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	`&load_for_mul("$S1(%rsp)", "$in1_y(%rsp)", "$src0")`
+	lea	$S1(%rsp), $r_ptr		# S1 = Y1*Z2^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S1, S1, in1_y);
+
+	`&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Y2*Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S2, in2_y);
+
+	lea	$S1(%rsp), $b_ptr
+	lea	$R(%rsp), $r_ptr		# R = S2 - S1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(R, S2, S1);
+
+	or	$acc5, $acc4			# see if result is zero
+	movdqa	%xmm4, %xmm2
+	or	$acc0, $acc4
+	or	$acc1, $acc4
+	por	%xmm5, %xmm2			# in1infty || in2infty
+	movq	$acc4, %xmm3
+
+	`&load_for_mul("$Z2sqr(%rsp)", "$in1_x(%rsp)", "$src0")`
+	lea	$U1(%rsp), $r_ptr		# U1 = X1*Z2^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U1, in1_x, Z2sqr);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in2_x(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U2 = X2*Z1^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, in2_x, Z1sqr);
+
+	lea	$U1(%rsp), $b_ptr
+	lea	$H(%rsp), $r_ptr		# H = U2 - U1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(H, U2, U1);
+
+	or	$acc5, $acc4			# see if result is zero
+	or	$acc0, $acc4
+	or	$acc1, $acc4
+
+	.byte	0x3e				# predict taken
+	jnz	.Ladd_proceed$x			# is_equal(U1,U2)?
+	movq	%xmm2, $acc0
+	movq	%xmm3, $acc1
+	test	$acc0, $acc0
+	jnz	.Ladd_proceed$x			# (in1infty || in2infty)?
+	test	$acc1, $acc1
+	jz	.Ladd_double$x			# is_equal(S1,S2)?
+
+	movq	%xmm0, $r_ptr			# restore $r_ptr
+	pxor	%xmm0, %xmm0
+	movdqu	%xmm0, 0x00($r_ptr)
+	movdqu	%xmm0, 0x10($r_ptr)
+	movdqu	%xmm0, 0x20($r_ptr)
+	movdqu	%xmm0, 0x30($r_ptr)
+	movdqu	%xmm0, 0x40($r_ptr)
+	movdqu	%xmm0, 0x50($r_ptr)
+	jmp	.Ladd_done$x
+
+.align	32
+.Ladd_double$x:
+	movq	%xmm1, $a_ptr			# restore $a_ptr
+	movq	%xmm0, $r_ptr			# restore $r_ptr
+	add	\$`32*(18-5)`, %rsp		# difference in frame sizes
+	jmp	.Lpoint_double_shortcut$x
+
+.align	32
+.Ladd_proceed$x:
+	`&load_for_sqr("$R(%rsp)", "$src0")`
+	lea	$Rsqr(%rsp), $r_ptr		# R^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Rsqr, R);
+
+	`&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, H, in1_z);
+
+	`&load_for_sqr("$H(%rsp)", "$src0")`
+	lea	$Hsqr(%rsp), $r_ptr		# H^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Hsqr, H);
+
+	`&load_for_mul("$res_z(%rsp)", "$in2_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, res_z, in2_z);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$H(%rsp)", "$src0")`
+	lea	$Hcub(%rsp), $r_ptr		# H^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(Hcub, Hsqr, H);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$U1(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U1*H^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, U1, Hsqr);
+___
+{
+#######################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+my ($poly1, $poly3)=($acc6,$acc7);
+
+$code.=<<___;
+	#lea	$U2(%rsp), $a_ptr
+	#lea	$Hsqr(%rsp), $r_ptr	# 2*U1*H^2
+	#call	__ecp_nistz256_mul_by_2	# ecp_nistz256_mul_by_2(Hsqr, U2);
+
+	xor	$t4, $t4
+	add	$acc0, $acc0		# a0:a3+a0:a3
+	lea	$Rsqr(%rsp), $a_ptr
+	adc	$acc1, $acc1
+	 mov	$acc0, $t0
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	 mov	$acc1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $acc0
+	 mov	$acc2, $t2
+	sbb	$poly1, $acc1
+	sbb	\$0, $acc2
+	 mov	$acc3, $t3
+	sbb	$poly3, $acc3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $acc0
+	mov	8*0($a_ptr), $t0
+	cmovc	$t1, $acc1
+	mov	8*1($a_ptr), $t1
+	cmovc	$t2, $acc2
+	mov	8*2($a_ptr), $t2
+	cmovc	$t3, $acc3
+	mov	8*3($a_ptr), $t3
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_x, Rsqr, Hsqr);
+
+	lea	$Hcub(%rsp), $b_ptr
+	lea	$res_x(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, Hcub);
+
+	mov	$U2+8*0(%rsp), $t0
+	mov	$U2+8*1(%rsp), $t1
+	mov	$U2+8*2(%rsp), $t2
+	mov	$U2+8*3(%rsp), $t3
+	lea	$res_y(%rsp), $r_ptr
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_y, U2, res_x);
+
+	mov	$acc0, 8*0($r_ptr)		# save the result, as
+	mov	$acc1, 8*1($r_ptr)		# __ecp_nistz256_sub doesn't
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$S1(%rsp)", "$Hcub(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S1, Hcub);
+
+	`&load_for_mul("$R(%rsp)", "$res_y(%rsp)", "$src0")`
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_y, R, res_y);
+
+	lea	$S2(%rsp), $b_ptr
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, res_y, S2);
+
+	movq	%xmm0, $r_ptr		# restore $r_ptr
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_z, in2_z, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_z(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_z+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_z(%rsp), %xmm2
+	pand	$in2_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_z, in1_z, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_z(%rsp), %xmm2
+	pand	$in1_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x40($r_ptr)
+	movdqu	%xmm3, 0x50($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_x, in2_x, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_x(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_x+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_x(%rsp), %xmm2
+	pand	$in2_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_x, in1_x, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_x(%rsp), %xmm2
+	pand	$in1_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x00($r_ptr)
+	movdqu	%xmm3, 0x10($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_y, in2_y, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_y(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_y+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_y(%rsp), %xmm2
+	pand	$in2_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_y, in1_y, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_y(%rsp), %xmm2
+	pand	$in1_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x20($r_ptr)
+	movdqu	%xmm3, 0x30($r_ptr)
+
+.Ladd_done$x:
+	add	\$32*18+8, %rsp
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx
+___
+}
+&gen_add("q");
+
+sub gen_add_affine () {
+    my $x = shift;
+    my ($src0,$sfx,$bias);
+    my ($U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr,
+	$res_x,$res_y,$res_z,
+	$in1_x,$in1_y,$in1_z,
+	$in2_x,$in2_y)=map(32*$_,(0..14));
+    my $Z1sqr = $S2;
+
+    if ($x ne "x") {
+	$src0 = "%rax";
+	$sfx  = "";
+	$bias = 0;
+
+$code.=<<___;
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,\@function,3
+.align	32
+ecp_nistz256_point_add_affine:
+___
+$code.=<<___	if ($addx);
+	mov	\$0x80100, %ecx
+	and	OPENSSL_ia32cap_P+8(%rip), %ecx
+	cmp	\$0x80100, %ecx
+	je	.Lpoint_add_affinex
+___
+    } else {
+	$src0 = "%rdx";
+	$sfx  = "x";
+	$bias = 128;
+
+$code.=<<___;
+.type	ecp_nistz256_point_add_affinex,\@function,3
+.align	32
+ecp_nistz256_point_add_affinex:
+.Lpoint_add_affinex:
+___
+    }
+$code.=<<___;
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$32*15+8, %rsp
+
+	movdqu	0x00($a_ptr), %xmm0	# copy	*(P256_POINT *)$a_ptr
+	mov	$b_org, $b_ptr		# reassign
+	movdqu	0x10($a_ptr), %xmm1
+	movdqu	0x20($a_ptr), %xmm2
+	movdqu	0x30($a_ptr), %xmm3
+	movdqu	0x40($a_ptr), %xmm4
+	movdqu	0x50($a_ptr), %xmm5
+	 mov	0x40+8*0($a_ptr), $src0	# load original in1_z
+	 mov	0x40+8*1($a_ptr), $acc6
+	 mov	0x40+8*2($a_ptr), $acc7
+	 mov	0x40+8*3($a_ptr), $acc0
+	movdqa	%xmm0, $in1_x(%rsp)
+	movdqa	%xmm1, $in1_x+0x10(%rsp)
+	movdqa	%xmm2, $in1_y(%rsp)
+	movdqa	%xmm3, $in1_y+0x10(%rsp)
+	movdqa	%xmm4, $in1_z(%rsp)
+	movdqa	%xmm5, $in1_z+0x10(%rsp)
+	por	%xmm4, %xmm5
+
+	movdqu	0x00($b_ptr), %xmm0	# copy	*(P256_POINT_AFFINE *)$b_ptr
+	 pshufd	\$0xb1, %xmm5, %xmm3
+	movdqu	0x10($b_ptr), %xmm1
+	movdqu	0x20($b_ptr), %xmm2
+	 por	%xmm3, %xmm5
+	movdqu	0x30($b_ptr), %xmm3
+	movdqa	%xmm0, $in2_x(%rsp)
+	 pshufd	\$0x1e, %xmm5, %xmm4
+	movdqa	%xmm1, $in2_x+0x10(%rsp)
+	por	%xmm0, %xmm1
+	 movq	$r_ptr, %xmm0		# save $r_ptr
+	movdqa	%xmm2, $in2_y(%rsp)
+	movdqa	%xmm3, $in2_y+0x10(%rsp)
+	por	%xmm2, %xmm3
+	 por	%xmm4, %xmm5
+	 pxor	%xmm4, %xmm4
+	por	%xmm1, %xmm3
+
+	lea	0x40-$bias($a_ptr), $a_ptr	# $a_ptr is still valid
+	lea	$Z1sqr(%rsp), $r_ptr		# Z1^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Z1sqr, in1_z);
+
+	pcmpeqd	%xmm4, %xmm5
+	pshufd	\$0xb1, %xmm3, %xmm4
+	 mov	0x00($b_ptr), $src0		# $b_ptr is still valid
+	 #lea	0x00($b_ptr), $b_ptr
+	 mov	$acc4, $acc1			# harmonize sqr output and mul input
+	por	%xmm3, %xmm4
+	pshufd	\$0, %xmm5, %xmm5		# in1infty
+	pshufd	\$0x1e, %xmm4, %xmm3
+	 mov	$acc5, $acc2
+	por	%xmm3, %xmm4
+	pxor	%xmm3, %xmm3
+	 mov	$acc6, $acc3
+	pcmpeqd	%xmm3, %xmm4
+	pshufd	\$0, %xmm4, %xmm4		# in2infty
+
+	lea	$Z1sqr-$bias(%rsp), $a_ptr
+	mov	$acc7, $acc4
+	lea	$U2(%rsp), $r_ptr		# U2 = X2*Z1^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, Z1sqr, in2_x);
+
+	lea	$in1_x(%rsp), $b_ptr
+	lea	$H(%rsp), $r_ptr		# H = U2 - U1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(H, U2, in1_x);
+
+	`&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Z1sqr, in1_z);
+
+	`&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")`
+	lea	$res_z(%rsp), $r_ptr		# Z3 = H*Z1*Z2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(res_z, H, in1_z);
+
+	`&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr		# S2 = Y2*Z1^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, S2, in2_y);
+
+	lea	$in1_y(%rsp), $b_ptr
+	lea	$R(%rsp), $r_ptr		# R = S2 - S1
+	call	__ecp_nistz256_sub_from$x	# p256_sub(R, S2, in1_y);
+
+	`&load_for_sqr("$H(%rsp)", "$src0")`
+	lea	$Hsqr(%rsp), $r_ptr		# H^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Hsqr, H);
+
+	`&load_for_sqr("$R(%rsp)", "$src0")`
+	lea	$Rsqr(%rsp), $r_ptr		# R^2
+	call	__ecp_nistz256_sqr_mont$x	# p256_sqr_mont(Rsqr, R);
+
+	`&load_for_mul("$H(%rsp)", "$Hsqr(%rsp)", "$src0")`
+	lea	$Hcub(%rsp), $r_ptr		# H^3
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(Hcub, Hsqr, H);
+
+	`&load_for_mul("$Hsqr(%rsp)", "$in1_x(%rsp)", "$src0")`
+	lea	$U2(%rsp), $r_ptr		# U1*H^2
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(U2, in1_x, Hsqr);
+___
+{
+#######################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+my ($poly1, $poly3)=($acc6,$acc7);
+
+$code.=<<___;
+	#lea	$U2(%rsp), $a_ptr
+	#lea	$Hsqr(%rsp), $r_ptr	# 2*U1*H^2
+	#call	__ecp_nistz256_mul_by_2	# ecp_nistz256_mul_by_2(Hsqr, U2);
+
+	xor	$t4, $t4
+	add	$acc0, $acc0		# a0:a3+a0:a3
+	lea	$Rsqr(%rsp), $a_ptr
+	adc	$acc1, $acc1
+	 mov	$acc0, $t0
+	adc	$acc2, $acc2
+	adc	$acc3, $acc3
+	 mov	$acc1, $t1
+	adc	\$0, $t4
+
+	sub	\$-1, $acc0
+	 mov	$acc2, $t2
+	sbb	$poly1, $acc1
+	sbb	\$0, $acc2
+	 mov	$acc3, $t3
+	sbb	$poly3, $acc3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $acc0
+	mov	8*0($a_ptr), $t0
+	cmovc	$t1, $acc1
+	mov	8*1($a_ptr), $t1
+	cmovc	$t2, $acc2
+	mov	8*2($a_ptr), $t2
+	cmovc	$t3, $acc3
+	mov	8*3($a_ptr), $t3
+
+	call	__ecp_nistz256_sub$x		# p256_sub(res_x, Rsqr, Hsqr);
+
+	lea	$Hcub(%rsp), $b_ptr
+	lea	$res_x(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_x, res_x, Hcub);
+
+	mov	$U2+8*0(%rsp), $t0
+	mov	$U2+8*1(%rsp), $t1
+	mov	$U2+8*2(%rsp), $t2
+	mov	$U2+8*3(%rsp), $t3
+	lea	$H(%rsp), $r_ptr
+
+	call	__ecp_nistz256_sub$x		# p256_sub(H, U2, res_x);
+
+	mov	$acc0, 8*0($r_ptr)		# save the result, as
+	mov	$acc1, 8*1($r_ptr)		# __ecp_nistz256_sub doesn't
+	mov	$acc2, 8*2($r_ptr)
+	mov	$acc3, 8*3($r_ptr)
+___
+}
+$code.=<<___;
+	`&load_for_mul("$Hcub(%rsp)", "$in1_y(%rsp)", "$src0")`
+	lea	$S2(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(S2, Hcub, in1_y);
+
+	`&load_for_mul("$H(%rsp)", "$R(%rsp)", "$src0")`
+	lea	$H(%rsp), $r_ptr
+	call	__ecp_nistz256_mul_mont$x	# p256_mul_mont(H, H, R);
+
+	lea	$S2(%rsp), $b_ptr
+	lea	$res_y(%rsp), $r_ptr
+	call	__ecp_nistz256_sub_from$x	# p256_sub(res_y, H, S2);
+
+	movq	%xmm0, $r_ptr		# restore $r_ptr
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_z, ONE, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_z(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_z+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	.LONE_mont(%rip), %xmm2
+	pand	.LONE_mont+0x10(%rip), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_z, in1_z, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_z(%rsp), %xmm2
+	pand	$in1_z+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x40($r_ptr)
+	movdqu	%xmm3, 0x50($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_x, in2_x, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_x(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_x+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_x(%rsp), %xmm2
+	pand	$in2_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_x, in1_x, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_x(%rsp), %xmm2
+	pand	$in1_x+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x00($r_ptr)
+	movdqu	%xmm3, 0x10($r_ptr)
+
+	movdqa	%xmm5, %xmm0		# copy_conditional(res_y, in2_y, in1infty);
+	movdqa	%xmm5, %xmm1
+	pandn	$res_y(%rsp), %xmm0
+	movdqa	%xmm5, %xmm2
+	pandn	$res_y+0x10(%rsp), %xmm1
+	movdqa	%xmm5, %xmm3
+	pand	$in2_y(%rsp), %xmm2
+	pand	$in2_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+
+	movdqa	%xmm4, %xmm0		# copy_conditional(res_y, in1_y, in2infty);
+	movdqa	%xmm4, %xmm1
+	pandn	%xmm2, %xmm0
+	movdqa	%xmm4, %xmm2
+	pandn	%xmm3, %xmm1
+	movdqa	%xmm4, %xmm3
+	pand	$in1_y(%rsp), %xmm2
+	pand	$in1_y+0x10(%rsp), %xmm3
+	por	%xmm0, %xmm2
+	por	%xmm1, %xmm3
+	movdqu	%xmm2, 0x20($r_ptr)
+	movdqu	%xmm3, 0x30($r_ptr)
+
+	add	\$32*15+8, %rsp
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx
+___
+}
+&gen_add_affine("q");
+
+########################################################################
+# AD*X magic
+#
+if ($addx) {								{
+########################################################################
+# operate in 4-5-0-1 "name space" that matches multiplication output
+#
+my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3);
+
+$code.=<<___;
+.type	__ecp_nistz256_add_tox,\@abi-omnipotent
+.align	32
+__ecp_nistz256_add_tox:
+	xor	$t4, $t4
+	adc	8*0($b_ptr), $a0
+	adc	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	adc	8*2($b_ptr), $a2
+	adc	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	xor	$t3, $t3
+	sbb	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
+
+.type	__ecp_nistz256_sub_fromx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_sub_fromx:
+	xor	$t4, $t4
+	sbb	8*0($b_ptr), $a0
+	sbb	8*1($b_ptr), $a1
+	 mov	$a0, $t0
+	sbb	8*2($b_ptr), $a2
+	sbb	8*3($b_ptr), $a3
+	 mov	$a1, $t1
+	sbb	\$0, $t4
+
+	xor	$t3, $t3
+	adc	\$-1, $a0
+	 mov	$a2, $t2
+	adc	$poly1, $a1
+	adc	\$0, $a2
+	 mov	$a3, $t3
+	adc	$poly3, $a3
+
+	bt	\$0, $t4
+	cmovnc	$t0, $a0
+	cmovnc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovnc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovnc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
+
+.type	__ecp_nistz256_subx,\@abi-omnipotent
+.align	32
+__ecp_nistz256_subx:
+	xor	$t4, $t4
+	sbb	$a0, $t0
+	sbb	$a1, $t1
+	 mov	$t0, $a0
+	sbb	$a2, $t2
+	sbb	$a3, $t3
+	 mov	$t1, $a1
+	sbb	\$0, $t4
+
+	xor	$a3 ,$a3
+	adc	\$-1, $t0
+	 mov	$t2, $a2
+	adc	$poly1, $t1
+	adc	\$0, $t2
+	 mov	$t3, $a3
+	adc	$poly3, $t3
+
+	bt	\$0, $t4
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	cmovc	$t2, $a2
+	cmovc	$t3, $a3
+
+	ret
+.size	__ecp_nistz256_subx,.-__ecp_nistz256_subx
+
+.type	__ecp_nistz256_mul_by_2x,\@abi-omnipotent
+.align	32
+__ecp_nistz256_mul_by_2x:
+	xor	$t4, $t4
+	adc	$a0, $a0		# a0:a3+a0:a3
+	adc	$a1, $a1
+	 mov	$a0, $t0
+	adc	$a2, $a2
+	adc	$a3, $a3
+	 mov	$a1, $t1
+	adc	\$0, $t4
+
+	xor	$t3, $t3
+	sbb	\$-1, $a0
+	 mov	$a2, $t2
+	sbb	$poly1, $a1
+	sbb	\$0, $a2
+	 mov	$a3, $t3
+	sbb	$poly3, $a3
+	sbb	\$0, $t4
+
+	cmovc	$t0, $a0
+	cmovc	$t1, $a1
+	mov	$a0, 8*0($r_ptr)
+	cmovc	$t2, $a2
+	mov	$a1, 8*1($r_ptr)
+	cmovc	$t3, $a3
+	mov	$a2, 8*2($r_ptr)
+	mov	$a3, 8*3($r_ptr)
+
+	ret
+.size	__ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
+___
+									}
+&gen_double("x");
+&gen_add("x");
+&gen_add_affine("x");
+}
+}}}
+
+########################################################################
+# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7
+#
+open TABLE,"<ecp_nistz256_table.c"		or 
+open TABLE,"<${dir}../ecp_nistz256_table.c"	or 
+die "failed to open ecp_nistz256_table.c:",$!;
+
+use integer;
+
+foreach(<TABLE>) {
+	s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo;
+}
+close TABLE;
+
+die "insane number of elements" if ($#arr != 64*16*37-1);
+
+print <<___;
+.text
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,\@object
+.align	4096
+ecp_nistz256_precomputed:
+___
+while (@line=splice(@arr,0,16)) {
+	print ".long\t",join(',',map { sprintf "0x%08x",$_} @line),"\n";
+}
+print <<___;
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/ec/build.info b/openssl-1.1.0h/crypto/ec/build.info
new file mode 100644
index 0000000..970c292
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/build.info
@@ -0,0 +1,28 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
+        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \
+        ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \
+        ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
+        ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
+        ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
+        {- $target{ec_asm_src} -}
+
+GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+
+GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[ecp_nistz256-avx2.s]=asm/ecp_nistz256-avx2.pl $(PERLASM_SCHEME)
+
+GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-sparcv9.o]=..
+
+GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-armv4.o]=..
+GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[ecp_nistz256-armv8.o]=..
+
+BEGINRAW[Makefile]
+{- $builddir -}/ecp_nistz256-%.S:	{- $sourcedir -}/asm/ecp_nistz256-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/ec/curve25519.c b/openssl-1.1.0h/crypto/ec/curve25519.c
new file mode 100644
index 0000000..c8aa9aa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/curve25519.c
@@ -0,0 +1,3400 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
+ * 20141124 (http://bench.cr.yp.to/supercop.html).
+ *
+ * The field functions are shared by Ed25519 and X25519 where possible. */
+
+#include <string.h>
+#include "ec_lcl.h"
+
+
+/* fe means field element. Here the field is \Z/(2^255-19). An element t,
+ * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+ * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+ * context.  */
+typedef int32_t fe[10];
+
+static const int64_t kBottom25Bits = 0x1ffffffLL;
+static const int64_t kBottom26Bits = 0x3ffffffLL;
+static const int64_t kTop39Bits = 0xfffffffffe000000LL;
+static const int64_t kTop38Bits = 0xfffffffffc000000LL;
+
+static uint64_t load_3(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  return result;
+}
+
+static uint64_t load_4(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  result |= ((uint64_t)in[3]) << 24;
+  return result;
+}
+
+static void fe_frombytes(fe h, const uint8_t *s) {
+  /* Ignores top bit of h. */
+  int64_t h0 = load_4(s);
+  int64_t h1 = load_3(s + 4) << 6;
+  int64_t h2 = load_3(s + 7) << 5;
+  int64_t h3 = load_3(s + 10) << 3;
+  int64_t h4 = load_3(s + 13) << 2;
+  int64_t h5 = load_4(s + 16);
+  int64_t h6 = load_3(s + 20) << 7;
+  int64_t h7 = load_3(s + 23) << 5;
+  int64_t h8 = load_3(s + 26) << 4;
+  int64_t h9 = (load_3(s + 29) & 8388607) << 2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/* Preconditions:
+ *  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Write p=2^255-19; q=floor(h/p).
+ * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+ *
+ * Proof:
+ *   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+ *   Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+ *
+ *   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+ *   Then 0<y<1.
+ *
+ *   Write r=h-pq.
+ *   Have 0<=r<=p-1=2^255-20.
+ *   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+ *
+ *   Write x=r+19(2^-255)r+y.
+ *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+ *
+ *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+ *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. */
+static void fe_tobytes(uint8_t *s, const fe h) {
+  int32_t h0 = h[0];
+  int32_t h1 = h[1];
+  int32_t h2 = h[2];
+  int32_t h3 = h[3];
+  int32_t h4 = h[4];
+  int32_t h5 = h[5];
+  int32_t h6 = h[6];
+  int32_t h7 = h[7];
+  int32_t h8 = h[8];
+  int32_t h9 = h[9];
+  int32_t q;
+
+  q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
+  q = (h0 + q) >> 26;
+  q = (h1 + q) >> 25;
+  q = (h2 + q) >> 26;
+  q = (h3 + q) >> 25;
+  q = (h4 + q) >> 26;
+  q = (h5 + q) >> 25;
+  q = (h6 + q) >> 26;
+  q = (h7 + q) >> 25;
+  q = (h8 + q) >> 26;
+  q = (h9 + q) >> 25;
+
+  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+  h0 += 19 * q;
+  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+  h1 += h0 >> 26; h0 &= kBottom26Bits;
+  h2 += h1 >> 25; h1 &= kBottom25Bits;
+  h3 += h2 >> 26; h2 &= kBottom26Bits;
+  h4 += h3 >> 25; h3 &= kBottom25Bits;
+  h5 += h4 >> 26; h4 &= kBottom26Bits;
+  h6 += h5 >> 25; h5 &= kBottom25Bits;
+  h7 += h6 >> 26; h6 &= kBottom26Bits;
+  h8 += h7 >> 25; h7 &= kBottom25Bits;
+  h9 += h8 >> 26; h8 &= kBottom26Bits;
+                  h9 &= kBottom25Bits;
+                  /* h10 = carry9 */
+
+  /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+   * Have h0+...+2^230 h9 between 0 and 2^255-1;
+   * evidently 2^255 h10-2^255 q = 0.
+   * Goal: Output h0+...+2^230 h9.  */
+
+  s[0] = h0 >> 0;
+  s[1] = h0 >> 8;
+  s[2] = h0 >> 16;
+  s[3] = (h0 >> 24) | ((uint32_t)(h1) << 2);
+  s[4] = h1 >> 6;
+  s[5] = h1 >> 14;
+  s[6] = (h1 >> 22) | ((uint32_t)(h2) << 3);
+  s[7] = h2 >> 5;
+  s[8] = h2 >> 13;
+  s[9] = (h2 >> 21) | ((uint32_t)(h3) << 5);
+  s[10] = h3 >> 3;
+  s[11] = h3 >> 11;
+  s[12] = (h3 >> 19) | ((uint32_t)(h4) << 6);
+  s[13] = h4 >> 2;
+  s[14] = h4 >> 10;
+  s[15] = h4 >> 18;
+  s[16] = h5 >> 0;
+  s[17] = h5 >> 8;
+  s[18] = h5 >> 16;
+  s[19] = (h5 >> 24) | ((uint32_t)(h6) << 1);
+  s[20] = h6 >> 7;
+  s[21] = h6 >> 15;
+  s[22] = (h6 >> 23) | ((uint32_t)(h7) << 3);
+  s[23] = h7 >> 5;
+  s[24] = h7 >> 13;
+  s[25] = (h7 >> 21) | ((uint32_t)(h8) << 4);
+  s[26] = h8 >> 4;
+  s[27] = h8 >> 12;
+  s[28] = (h8 >> 20) | ((uint32_t)(h9) << 6);
+  s[29] = h9 >> 2;
+  s[30] = h9 >> 10;
+  s[31] = h9 >> 18;
+}
+
+/* h = f */
+static void fe_copy(fe h, const fe f) {
+  memmove(h, f, sizeof(int32_t) * 10);
+}
+
+/* h = 0 */
+static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); }
+
+/* h = 1 */
+static void fe_1(fe h) {
+  memset(h, 0, sizeof(int32_t) * 10);
+  h[0] = 1;
+}
+
+/* h = f + g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static void fe_add(fe h, const fe f, const fe g) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = f[i] + g[i];
+  }
+}
+
+/* h = f - g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */
+static void fe_sub(fe h, const fe f, const fe g) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = f[i] - g[i];
+  }
+}
+
+/* h = f * g
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *    |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * Notes on implementation strategy:
+ *
+ * Using schoolbook multiplication.
+ * Karatsuba would save a little in some cost models.
+ *
+ * Most multiplications by 2 and 19 are 32-bit precomputations;
+ * cheaper than 64-bit postcomputations.
+ *
+ * There is one remaining multiplication by 19 in the carry chain;
+ * one *19 precomputation can be merged into this,
+ * but the resulting data flow is considerably less clean.
+ *
+ * There are 12 carries below.
+ * 10 of them are 2-way parallelizable and vectorizable.
+ * Can get away with 11 carries, but then data flow is much deeper.
+ *
+ * With tighter constraints on inputs can squeeze carries into int32. */
+static void fe_mul(fe h, const fe f, const fe g) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t g0 = g[0];
+  int32_t g1 = g[1];
+  int32_t g2 = g[2];
+  int32_t g3 = g[3];
+  int32_t g4 = g[4];
+  int32_t g5 = g[5];
+  int32_t g6 = g[6];
+  int32_t g7 = g[7];
+  int32_t g8 = g[8];
+  int32_t g9 = g[9];
+  int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+  int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+  int32_t g3_19 = 19 * g3;
+  int32_t g4_19 = 19 * g4;
+  int32_t g5_19 = 19 * g5;
+  int32_t g6_19 = 19 * g6;
+  int32_t g7_19 = 19 * g7;
+  int32_t g8_19 = 19 * g8;
+  int32_t g9_19 = 19 * g9;
+  int32_t f1_2 = 2 * f1;
+  int32_t f3_2 = 2 * f3;
+  int32_t f5_2 = 2 * f5;
+  int32_t f7_2 = 2 * f7;
+  int32_t f9_2 = 2 * f9;
+  int64_t f0g0    = f0   * (int64_t) g0;
+  int64_t f0g1    = f0   * (int64_t) g1;
+  int64_t f0g2    = f0   * (int64_t) g2;
+  int64_t f0g3    = f0   * (int64_t) g3;
+  int64_t f0g4    = f0   * (int64_t) g4;
+  int64_t f0g5    = f0   * (int64_t) g5;
+  int64_t f0g6    = f0   * (int64_t) g6;
+  int64_t f0g7    = f0   * (int64_t) g7;
+  int64_t f0g8    = f0   * (int64_t) g8;
+  int64_t f0g9    = f0   * (int64_t) g9;
+  int64_t f1g0    = f1   * (int64_t) g0;
+  int64_t f1g1_2  = f1_2 * (int64_t) g1;
+  int64_t f1g2    = f1   * (int64_t) g2;
+  int64_t f1g3_2  = f1_2 * (int64_t) g3;
+  int64_t f1g4    = f1   * (int64_t) g4;
+  int64_t f1g5_2  = f1_2 * (int64_t) g5;
+  int64_t f1g6    = f1   * (int64_t) g6;
+  int64_t f1g7_2  = f1_2 * (int64_t) g7;
+  int64_t f1g8    = f1   * (int64_t) g8;
+  int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+  int64_t f2g0    = f2   * (int64_t) g0;
+  int64_t f2g1    = f2   * (int64_t) g1;
+  int64_t f2g2    = f2   * (int64_t) g2;
+  int64_t f2g3    = f2   * (int64_t) g3;
+  int64_t f2g4    = f2   * (int64_t) g4;
+  int64_t f2g5    = f2   * (int64_t) g5;
+  int64_t f2g6    = f2   * (int64_t) g6;
+  int64_t f2g7    = f2   * (int64_t) g7;
+  int64_t f2g8_19 = f2   * (int64_t) g8_19;
+  int64_t f2g9_19 = f2   * (int64_t) g9_19;
+  int64_t f3g0    = f3   * (int64_t) g0;
+  int64_t f3g1_2  = f3_2 * (int64_t) g1;
+  int64_t f3g2    = f3   * (int64_t) g2;
+  int64_t f3g3_2  = f3_2 * (int64_t) g3;
+  int64_t f3g4    = f3   * (int64_t) g4;
+  int64_t f3g5_2  = f3_2 * (int64_t) g5;
+  int64_t f3g6    = f3   * (int64_t) g6;
+  int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+  int64_t f3g8_19 = f3   * (int64_t) g8_19;
+  int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+  int64_t f4g0    = f4   * (int64_t) g0;
+  int64_t f4g1    = f4   * (int64_t) g1;
+  int64_t f4g2    = f4   * (int64_t) g2;
+  int64_t f4g3    = f4   * (int64_t) g3;
+  int64_t f4g4    = f4   * (int64_t) g4;
+  int64_t f4g5    = f4   * (int64_t) g5;
+  int64_t f4g6_19 = f4   * (int64_t) g6_19;
+  int64_t f4g7_19 = f4   * (int64_t) g7_19;
+  int64_t f4g8_19 = f4   * (int64_t) g8_19;
+  int64_t f4g9_19 = f4   * (int64_t) g9_19;
+  int64_t f5g0    = f5   * (int64_t) g0;
+  int64_t f5g1_2  = f5_2 * (int64_t) g1;
+  int64_t f5g2    = f5   * (int64_t) g2;
+  int64_t f5g3_2  = f5_2 * (int64_t) g3;
+  int64_t f5g4    = f5   * (int64_t) g4;
+  int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+  int64_t f5g6_19 = f5   * (int64_t) g6_19;
+  int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+  int64_t f5g8_19 = f5   * (int64_t) g8_19;
+  int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+  int64_t f6g0    = f6   * (int64_t) g0;
+  int64_t f6g1    = f6   * (int64_t) g1;
+  int64_t f6g2    = f6   * (int64_t) g2;
+  int64_t f6g3    = f6   * (int64_t) g3;
+  int64_t f6g4_19 = f6   * (int64_t) g4_19;
+  int64_t f6g5_19 = f6   * (int64_t) g5_19;
+  int64_t f6g6_19 = f6   * (int64_t) g6_19;
+  int64_t f6g7_19 = f6   * (int64_t) g7_19;
+  int64_t f6g8_19 = f6   * (int64_t) g8_19;
+  int64_t f6g9_19 = f6   * (int64_t) g9_19;
+  int64_t f7g0    = f7   * (int64_t) g0;
+  int64_t f7g1_2  = f7_2 * (int64_t) g1;
+  int64_t f7g2    = f7   * (int64_t) g2;
+  int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+  int64_t f7g4_19 = f7   * (int64_t) g4_19;
+  int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+  int64_t f7g6_19 = f7   * (int64_t) g6_19;
+  int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+  int64_t f7g8_19 = f7   * (int64_t) g8_19;
+  int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+  int64_t f8g0    = f8   * (int64_t) g0;
+  int64_t f8g1    = f8   * (int64_t) g1;
+  int64_t f8g2_19 = f8   * (int64_t) g2_19;
+  int64_t f8g3_19 = f8   * (int64_t) g3_19;
+  int64_t f8g4_19 = f8   * (int64_t) g4_19;
+  int64_t f8g5_19 = f8   * (int64_t) g5_19;
+  int64_t f8g6_19 = f8   * (int64_t) g6_19;
+  int64_t f8g7_19 = f8   * (int64_t) g7_19;
+  int64_t f8g8_19 = f8   * (int64_t) g8_19;
+  int64_t f8g9_19 = f8   * (int64_t) g9_19;
+  int64_t f9g0    = f9   * (int64_t) g0;
+  int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+  int64_t f9g2_19 = f9   * (int64_t) g2_19;
+  int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+  int64_t f9g4_19 = f9   * (int64_t) g4_19;
+  int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+  int64_t f9g6_19 = f9   * (int64_t) g6_19;
+  int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+  int64_t f9g8_19 = f9   * (int64_t) g8_19;
+  int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+  int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
+  int64_t h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
+  int64_t h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
+  int64_t h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
+  int64_t h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
+  int64_t h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
+  int64_t h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
+  int64_t h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
+  int64_t h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
+  int64_t h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+   *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+   * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+   *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  /* |h0| <= 2^25 */
+  /* |h4| <= 2^25 */
+  /* |h1| <= 1.71*2^59 */
+  /* |h5| <= 1.71*2^59 */
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  /* |h1| <= 2^24; from now on fits into int32 */
+  /* |h5| <= 2^24; from now on fits into int32 */
+  /* |h2| <= 1.41*2^60 */
+  /* |h6| <= 1.41*2^60 */
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  /* |h2| <= 2^25; from now on fits into int32 unchanged */
+  /* |h6| <= 2^25; from now on fits into int32 unchanged */
+  /* |h3| <= 1.71*2^59 */
+  /* |h7| <= 1.71*2^59 */
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+  /* |h3| <= 2^24; from now on fits into int32 unchanged */
+  /* |h7| <= 2^24; from now on fits into int32 unchanged */
+  /* |h4| <= 1.72*2^34 */
+  /* |h8| <= 1.41*2^60 */
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+  /* |h4| <= 2^25; from now on fits into int32 unchanged */
+  /* |h8| <= 2^25; from now on fits into int32 unchanged */
+  /* |h5| <= 1.01*2^24 */
+  /* |h9| <= 1.71*2^59 */
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  /* |h9| <= 2^24; from now on fits into int32 unchanged */
+  /* |h0| <= 1.1*2^39 */
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  /* |h0| <= 2^25; from now on fits into int32 unchanged */
+  /* |h1| <= 1.01*2^24 */
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/* h = f * f
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy. */
+static void fe_sq(fe h, const fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t f0_2 = 2 * f0;
+  int32_t f1_2 = 2 * f1;
+  int32_t f2_2 = 2 * f2;
+  int32_t f3_2 = 2 * f3;
+  int32_t f4_2 = 2 * f4;
+  int32_t f5_2 = 2 * f5;
+  int32_t f6_2 = 2 * f6;
+  int32_t f7_2 = 2 * f7;
+  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+  int64_t f0f0    = f0   * (int64_t) f0;
+  int64_t f0f1_2  = f0_2 * (int64_t) f1;
+  int64_t f0f2_2  = f0_2 * (int64_t) f2;
+  int64_t f0f3_2  = f0_2 * (int64_t) f3;
+  int64_t f0f4_2  = f0_2 * (int64_t) f4;
+  int64_t f0f5_2  = f0_2 * (int64_t) f5;
+  int64_t f0f6_2  = f0_2 * (int64_t) f6;
+  int64_t f0f7_2  = f0_2 * (int64_t) f7;
+  int64_t f0f8_2  = f0_2 * (int64_t) f8;
+  int64_t f0f9_2  = f0_2 * (int64_t) f9;
+  int64_t f1f1_2  = f1_2 * (int64_t) f1;
+  int64_t f1f2_2  = f1_2 * (int64_t) f2;
+  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+  int64_t f1f4_2  = f1_2 * (int64_t) f4;
+  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+  int64_t f1f6_2  = f1_2 * (int64_t) f6;
+  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+  int64_t f1f8_2  = f1_2 * (int64_t) f8;
+  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+  int64_t f2f2    = f2   * (int64_t) f2;
+  int64_t f2f3_2  = f2_2 * (int64_t) f3;
+  int64_t f2f4_2  = f2_2 * (int64_t) f4;
+  int64_t f2f5_2  = f2_2 * (int64_t) f5;
+  int64_t f2f6_2  = f2_2 * (int64_t) f6;
+  int64_t f2f7_2  = f2_2 * (int64_t) f7;
+  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+  int64_t f2f9_38 = f2   * (int64_t) f9_38;
+  int64_t f3f3_2  = f3_2 * (int64_t) f3;
+  int64_t f3f4_2  = f3_2 * (int64_t) f4;
+  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+  int64_t f3f6_2  = f3_2 * (int64_t) f6;
+  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+  int64_t f4f4    = f4   * (int64_t) f4;
+  int64_t f4f5_2  = f4_2 * (int64_t) f5;
+  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+  int64_t f4f7_38 = f4   * (int64_t) f7_38;
+  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+  int64_t f4f9_38 = f4   * (int64_t) f9_38;
+  int64_t f5f5_38 = f5   * (int64_t) f5_38;
+  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+  int64_t f6f6_19 = f6   * (int64_t) f6_19;
+  int64_t f6f7_38 = f6   * (int64_t) f7_38;
+  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+  int64_t f6f9_38 = f6   * (int64_t) f9_38;
+  int64_t f7f7_38 = f7   * (int64_t) f7_38;
+  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+  int64_t f8f8_19 = f8   * (int64_t) f8_19;
+  int64_t f8f9_38 = f8   * (int64_t) f9_38;
+  int64_t f9f9_38 = f9   * (int64_t) f9_38;
+  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+static void fe_invert(fe out, const fe z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+  /*
+   * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+   * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+   */
+
+  /* t0 = z ** 2 */
+  fe_sq(t0, z);
+
+  /* t1 = t0 ** (2 ** 2) = z ** 8 */
+  fe_sq(t1, t0);
+  fe_sq(t1, t1);
+
+  /* t1 = z * t1 = z ** 9 */
+  fe_mul(t1, z, t1);
+  /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+  fe_mul(t0, t0, t1);
+
+  /* t2 = t0 ** 2 = z ** 22 */
+  fe_sq(t2, t0);
+
+  /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+  fe_mul(t1, t1, t2);
+
+  /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t2, t2);
+  }
+
+  /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* Continuing similarly... */
+
+  /* t2 = z ** (2 ** 20 - 1) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t2, t2, t1);
+
+  /* t2 = z ** (2 ** 40 - 1) */
+  fe_sq(t3, t2);
+  for (i = 1; i < 20; ++i) {
+    fe_sq(t3, t3);
+  }
+  fe_mul(t2, t3, t2);
+
+  /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+  for (i = 0; i < 10; ++i) {
+    fe_sq(t2, t2);
+  }
+  /* t1 = z ** (2 ** 50 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* t2 = z ** (2 ** 100 - 1) */
+  fe_sq(t2, t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t2, t2);
+  }
+  fe_mul(t2, t2, t1);
+
+  /* t2 = z ** (2 ** 200 - 1) */
+  fe_sq(t3, t2);
+  for (i = 1; i < 100; ++i) {
+    fe_sq(t3, t3);
+  }
+  fe_mul(t2, t3, t2);
+
+  /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+  fe_sq(t2, t2);
+  for (i = 1; i < 50; ++i) {
+    fe_sq(t2, t2);
+  }
+
+  /* t1 = z ** (2 ** 250 - 1) */
+  fe_mul(t1, t2, t1);
+
+  /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+  fe_sq(t1, t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq(t1, t1);
+  }
+
+  /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+  fe_mul(out, t1, t0);
+}
+
+/* h = -f
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
+static void fe_neg(fe h, const fe f) {
+  unsigned i;
+  for (i = 0; i < 10; i++) {
+    h[i] = -f[i];
+  }
+}
+
+/* Replace (f,g) with (g,g) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}. */
+static void fe_cmov(fe f, const fe g, unsigned b) {
+  size_t i;
+  b = 0-b;
+  for (i = 0; i < 10; i++) {
+    int32_t x = f[i] ^ g[i];
+    x &= b;
+    f[i] ^= x;
+  }
+}
+
+/* h = 2 * f * f
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy. */
+static void fe_sq2(fe h, const fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int32_t f0_2 = 2 * f0;
+  int32_t f1_2 = 2 * f1;
+  int32_t f2_2 = 2 * f2;
+  int32_t f3_2 = 2 * f3;
+  int32_t f4_2 = 2 * f4;
+  int32_t f5_2 = 2 * f5;
+  int32_t f6_2 = 2 * f6;
+  int32_t f7_2 = 2 * f7;
+  int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+  int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+  int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+  int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+  int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+  int64_t f0f0    = f0   * (int64_t) f0;
+  int64_t f0f1_2  = f0_2 * (int64_t) f1;
+  int64_t f0f2_2  = f0_2 * (int64_t) f2;
+  int64_t f0f3_2  = f0_2 * (int64_t) f3;
+  int64_t f0f4_2  = f0_2 * (int64_t) f4;
+  int64_t f0f5_2  = f0_2 * (int64_t) f5;
+  int64_t f0f6_2  = f0_2 * (int64_t) f6;
+  int64_t f0f7_2  = f0_2 * (int64_t) f7;
+  int64_t f0f8_2  = f0_2 * (int64_t) f8;
+  int64_t f0f9_2  = f0_2 * (int64_t) f9;
+  int64_t f1f1_2  = f1_2 * (int64_t) f1;
+  int64_t f1f2_2  = f1_2 * (int64_t) f2;
+  int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+  int64_t f1f4_2  = f1_2 * (int64_t) f4;
+  int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+  int64_t f1f6_2  = f1_2 * (int64_t) f6;
+  int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+  int64_t f1f8_2  = f1_2 * (int64_t) f8;
+  int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+  int64_t f2f2    = f2   * (int64_t) f2;
+  int64_t f2f3_2  = f2_2 * (int64_t) f3;
+  int64_t f2f4_2  = f2_2 * (int64_t) f4;
+  int64_t f2f5_2  = f2_2 * (int64_t) f5;
+  int64_t f2f6_2  = f2_2 * (int64_t) f6;
+  int64_t f2f7_2  = f2_2 * (int64_t) f7;
+  int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+  int64_t f2f9_38 = f2   * (int64_t) f9_38;
+  int64_t f3f3_2  = f3_2 * (int64_t) f3;
+  int64_t f3f4_2  = f3_2 * (int64_t) f4;
+  int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+  int64_t f3f6_2  = f3_2 * (int64_t) f6;
+  int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+  int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+  int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+  int64_t f4f4    = f4   * (int64_t) f4;
+  int64_t f4f5_2  = f4_2 * (int64_t) f5;
+  int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+  int64_t f4f7_38 = f4   * (int64_t) f7_38;
+  int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+  int64_t f4f9_38 = f4   * (int64_t) f9_38;
+  int64_t f5f5_38 = f5   * (int64_t) f5_38;
+  int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+  int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+  int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+  int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+  int64_t f6f6_19 = f6   * (int64_t) f6_19;
+  int64_t f6f7_38 = f6   * (int64_t) f7_38;
+  int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+  int64_t f6f9_38 = f6   * (int64_t) f9_38;
+  int64_t f7f7_38 = f7   * (int64_t) f7_38;
+  int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+  int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+  int64_t f8f8_19 = f8   * (int64_t) f8_19;
+  int64_t f8f9_38 = f8   * (int64_t) f9_38;
+  int64_t f9f9_38 = f9   * (int64_t) f9_38;
+  int64_t h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  int64_t h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  h0 += h0;
+  h1 += h1;
+  h2 += h2;
+  h3 += h3;
+  h4 += h4;
+  h5 += h5;
+  h6 += h6;
+  h7 += h7;
+  h8 += h8;
+  h9 += h9;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/* ge means group element.
+
+ * Here the group is the set of pairs (x,y) of field elements (see fe.h)
+ * satisfying -x^2 + y^2 = 1 + d x^2y^2
+ * where d = -121665/121666.
+ *
+ * Representations:
+ *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ *   ge_precomp (Duif): (y+x,y-x,2dxy) */
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p1p1;
+
+typedef struct {
+  fe yplusx;
+  fe yminusx;
+  fe xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe YplusX;
+  fe YminusX;
+  fe Z;
+  fe T2d;
+} ge_cached;
+
+static void ge_p3_0(ge_p3 *h) {
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+  fe_0(h->T);
+}
+
+static void ge_precomp_0(ge_precomp *h) {
+  fe_1(h->yplusx);
+  fe_1(h->yminusx);
+  fe_0(h->xy2d);
+}
+
+/* r = p */
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
+  fe_copy(r->X, p->X);
+  fe_copy(r->Y, p->Y);
+  fe_copy(r->Z, p->Z);
+}
+
+/* r = p */
+static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
+  fe_mul(r->X, p->X, p->T);
+  fe_mul(r->Y, p->Y, p->Z);
+  fe_mul(r->Z, p->Z, p->T);
+}
+
+/* r = p */
+static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
+  fe_mul(r->X, p->X, p->T);
+  fe_mul(r->Y, p->Y, p->Z);
+  fe_mul(r->Z, p->Z, p->T);
+  fe_mul(r->T, p->X, p->Y);
+}
+
+/* r = 2 * p */
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
+  fe t0;
+
+  fe_sq(r->X, p->X);
+  fe_sq(r->Z, p->Y);
+  fe_sq2(r->T, p->Z);
+  fe_add(r->Y, p->X, p->Y);
+  fe_sq(t0, r->Y);
+  fe_add(r->Y, r->Z, r->X);
+  fe_sub(r->Z, r->Z, r->X);
+  fe_sub(r->X, t0, r->Y);
+  fe_sub(r->T, r->T, r->Z);
+}
+
+/* r = 2 * p */
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
+  ge_p2 q;
+  ge_p3_to_p2(&q, p);
+  ge_p2_dbl(r, &q);
+}
+
+/* r = p + q */
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
+  fe t0;
+
+  fe_add(r->X, p->Y, p->X);
+  fe_sub(r->Y, p->Y, p->X);
+  fe_mul(r->Z, r->X, q->yplusx);
+  fe_mul(r->Y, r->Y, q->yminusx);
+  fe_mul(r->T, q->xy2d, p->T);
+  fe_add(t0, p->Z, p->Z);
+  fe_sub(r->X, r->Z, r->Y);
+  fe_add(r->Y, r->Z, r->Y);
+  fe_add(r->Z, t0, r->T);
+  fe_sub(r->T, t0, r->T);
+}
+
+static uint8_t equal(signed char b, signed char c) {
+  uint8_t ub = b;
+  uint8_t uc = c;
+  uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
+  uint32_t y = x;      /* 0: yes; 1..255: no */
+  y -= 1;              /* 4294967295: yes; 0..254: no */
+  y >>= 31;            /* 1: yes; 0: no */
+  return y;
+}
+
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
+  fe_cmov(t->yplusx, u->yplusx, b);
+  fe_cmov(t->yminusx, u->yminusx, b);
+  fe_cmov(t->xy2d, u->xy2d, b);
+}
+
+/* k25519Precomp[i][j] = (j+1)*256^i*B */
+static const ge_precomp k25519Precomp[32][8] = {
+    {
+        {
+            {25967493, -14356035, 29566456, 3660896, -12694345, 4014787,
+             27544626, -11754271, -6079156, 2047605},
+            {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+             5043384, 19500929, -15469378},
+            {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380,
+             29287919, 11864899, -24514362, -4438546},
+        },
+        {
+            {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717,
+             -11717903, -3814571, -358445, -10211303},
+            {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005,
+             -15616551, 11189268, -26829678, -5319081},
+            {26966642, 11152617, 32442495, 15396054, 14353839, -12752335,
+             -3128826, -9541118, -15472047, -4166697},
+        },
+        {
+            {15636291, -9688557, 24204773, -7912398, 616977, -16685262,
+             27787600, -14772189, 28944400, -1550024},
+            {16568933, 4717097, -11556148, -1102322, 15682896, -11807043,
+             16354577, -11775962, 7689662, 11199574},
+            {30464156, -5976125, -11779434, -15670865, 23220365, 15915852,
+             7512774, 10017326, -17749093, -9920357},
+        },
+        {
+            {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379,
+             -28926210, 15006023, 3284568, -6276540},
+            {23599295, -8306047, -11193664, -7687416, 13236774, 10506355,
+             7464579, 9656445, 13059162, 10374397},
+            {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664,
+             -3839045, -641708, -101325},
+        },
+        {
+            {10861363, 11473154, 27284546, 1981175, -30064349, 12577861,
+             32867885, 14515107, -15438304, 10819380},
+            {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+             12483688, -12668491, 5581306},
+            {19563160, 16186464, -29386857, 4097519, 10237984, -4348115,
+             28542350, 13850243, -23678021, -15815942},
+        },
+        {
+            {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511,
+             -19188627, -15224819, -9818940, -12085777},
+            {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240,
+             -15689887, 1762328, 14866737},
+            {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101,
+             -28236412, 3959421, 27914454, 4383652},
+        },
+        {
+            {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+             5230134, -23952439, -15175766},
+            {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722,
+             20654025, 16520125, 30598449, 7715701},
+            {28881845, 14381568, 9657904, 3680757, -20181635, 7843316,
+             -31400660, 1370708, 29794553, -1409300},
+        },
+        {
+            {14499471, -2729599, -33191113, -4254652, 28494862, 14271267,
+             30290735, 10876454, -33154098, 2381726},
+            {-7195431, -2655363, -14730155, 462251, -27724326, 3941372,
+             -6236617, 3696005, -32300832, 15351955},
+            {27431194, 8222322, 16448760, -3907995, -18707002, 11938355,
+             -32961401, -2970515, 29551813, 10109425},
+        },
+    },
+    {
+        {
+            {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384,
+             -2378284, -1627556, 10092783, -4764171},
+            {27939166, 14210322, 4677035, 16277044, -22964462, -12398139,
+             -32508754, 12005538, -17810127, 12803510},
+            {17228999, -15661624, -1233527, 300140, -1224870, -11714777,
+             30364213, -9038194, 18016357, 4397660},
+        },
+        {
+            {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212,
+             -26619106, 14544525, -17477504, 982639},
+            {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899,
+             -4120128, -21047696, 9934963},
+            {5793303, 16271923, -24131614, -10116404, 29188560, 1206517,
+             -14747930, 4559895, -30123922, -10897950},
+        },
+        {
+            {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264,
+             24191034, 4541697, -13338309, 5500568},
+            {12650548, -1497113, 9052871, 11355358, -17680037, -8400164,
+             -17430592, 12264343, 10874051, 13524335},
+            {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038,
+             5080568, -22528059, 5376628},
+        },
+        {
+            {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897,
+             -22321305, -9447443, 4535768, 1569007},
+            {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819,
+             -30494562, 3044290, 31848280, 12543772},
+            {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203,
+             -27377195, -2062731, 7718482, 14474653},
+        },
+        {
+            {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965,
+             -7236665, 24316168, -5253567},
+            {13741529, 10911568, -33233417, -8603737, -20177830, -1033297,
+             33040651, -13424532, -20729456, 8321686},
+            {21060490, -2212744, 15712757, -4336099, 1639040, 10656336,
+             23845965, -11874838, -9984458, 608372},
+        },
+        {
+            {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547,
+             1123968, -6780577, 27229399, 23887},
+            {-23244140, -294205, -11744728, 14712571, -29465699, -2029617,
+             12797024, -6440308, -1633405, 16678954},
+            {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805,
+             -1508144, -4795045, -17169265, 4904953},
+        },
+        {
+            {24059557, 14617003, 19037157, -15039908, 19766093, -14906429,
+             5169211, 16191880, 2128236, -4326833},
+            {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247,
+             -29806336, 916033, -6882542, -2986532},
+            {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175,
+             285431, 2763829, 15736322, 4143876},
+        },
+        {
+            {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801,
+             -14594663, 23527084, -16458268},
+            {33431127, -11130478, -17838966, -15626900, 8909499, 8376530,
+             -32625340, 4087881, -15188911, -14416214},
+            {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055,
+             4357868, -4774191, -16323038},
+        },
+    },
+    {
+        {
+            {6721966, 13833823, -23523388, -1551314, 26354293, -11863321,
+             23365147, -3949732, 7390890, 2759800},
+            {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353,
+             -4264057, 1244380, -12919645},
+            {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413,
+             9208236, 15886429, 16489664},
+        },
+        {
+            {1996075, 10375649, 14346367, 13311202, -6874135, -16438411,
+             -13693198, 398369, -30606455, -712933},
+            {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363,
+             13348553, 12076947, -30836462, 5113182},
+            {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344,
+             -30341101, -7336386, 13847711, 5387222},
+        },
+        {
+            {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611,
+             8763061, 3617786, -19600662, 10370991},
+            {20246567, -14369378, 22358229, -543712, 18507283, -10413996,
+             14554437, -8746092, 32232924, 16763880},
+            {9648505, 10094563, 26416693, 14745928, -30374318, -6472621,
+             11094161, 15689506, 3140038, -16510092},
+        },
+        {
+            {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685,
+             -27224800, 9448613, -28774454, 366295},
+            {19153450, 11523972, -11096490, -6503142, -24647631, 5420647,
+             28344573, 8041113, 719605, 11671788},
+            {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916,
+             -15266516, 27000813, -10195553},
+        },
+        {
+            {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065,
+             5336097, 6750977, -14521026},
+            {11836410, -3979488, 26297894, 16080799, 23455045, 15735944,
+             1695823, -8819122, 8169720, 16220347},
+            {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763,
+             -11144307, -2627664, -5990708, -14166033},
+        },
+        {
+            {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004,
+             27884329, 2847284, 2655861, 1738395},
+            {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821,
+             21651608, -3239336, -19087449, -11005278},
+            {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092,
+             5821408, 10478196, 8544890},
+        },
+        {
+            {32173121, -16129311, 24896207, 3921497, 22579056, -3410854,
+             19270449, 12217473, 17789017, -3395995},
+            {-30552961, -2228401, -15578829, -10147201, 13243889, 517024,
+             15479401, -3853233, 30460520, 1052596},
+            {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687,
+             27491595, -4612359, 3179268, -9478891},
+        },
+        {
+            {31947069, -14366651, -4640583, -15339921, -15125977, -6039709,
+             -14756777, -16411740, 19072640, -9511060},
+            {11685058, 11822410, 3158003, -13952594, 33402194, -4165066,
+             5977896, -5215017, 473099, 5040608},
+            {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760,
+             28326862, 1721092, -19558642, -3131606},
+        },
+    },
+    {
+        {
+            {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786,
+             8076149, -27868496, 11538389},
+            {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211,
+             8754525, 7446702, -5676054, 5797016},
+            {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199,
+             2014099, -9050574, -2369172, -5877341},
+        },
+        {
+            {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559,
+             1192730, -3714199, 15123619, 10811505},
+            {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363,
+             15776356, -28886779, -11974553},
+            {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569,
+             -20654173, -16484855, 4714547, -9600655},
+        },
+        {
+            {15200332, 8368572, 19679101, 15970074, -31872674, 1959451,
+             24611599, -4543832, -11745876, 12340220},
+            {12876937, -10480056, 33134381, 6590940, -6307776, 14872440,
+             9613953, 8241152, 15370987, 9608631},
+            {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868,
+             15866074, -28210621, -8814099},
+        },
+        {
+            {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233,
+             858697, 20571223, 8420556},
+            {14620715, 13067227, -15447274, 8264467, 14106269, 15080814,
+             33531827, 12516406, -21574435, -12476749},
+            {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519,
+             7256740, 8791136, 15069930},
+        },
+        {
+            {1276410, -9371918, 22949635, -16322807, -23493039, -5702186,
+             14711875, 4874229, -30663140, -2331391},
+            {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175,
+             -7912378, -33069337, 9234253},
+            {20590503, -9018988, 31529744, -7352666, -2706834, 10650548,
+             31559055, -11609587, 18979186, 13396066},
+        },
+        {
+            {24474287, 4968103, 22267082, 4407354, 24063882, -8325180,
+             -18816887, 13594782, 33514650, 7021958},
+            {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421,
+             -25948728, -3916677, -21480480, 12868082},
+            {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208,
+             -21446107, 2244500, -12455797, -8089383},
+        },
+        {
+            {-30595528, 13793479, -5852820, 319136, -25723172, -6263899,
+             33086546, 8957937, -15233648, 5540521},
+            {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908,
+             -23710744, -1568984, -16128528, -14962807},
+            {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819,
+             892185, -11513277, -15205948},
+        },
+        {
+            {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819,
+             4763127, -19179614, 5867134},
+            {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500,
+             27846559, 5931263, -29749703, -16108455},
+            {27461885, -2977536, 22380810, 1815854, -23033753, -3031938,
+             7283490, -15148073, -19526700, 7734629},
+        },
+    },
+    {
+        {
+            {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885,
+             7585295, -3176626, 18549497, 15302069},
+            {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381,
+             10458790, -6418461, -8872242, 8424746},
+            {24687205, 8613276, -30667046, -3233545, 1863892, -1830544,
+             19206234, 7134917, -11284482, -828919},
+        },
+        {
+            {11334899, -9218022, 8025293, 12707519, 17523892, -10476071,
+             10243738, -14685461, -5066034, 16498837},
+            {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925,
+             -14124238, 6536641, 10543906},
+            {-28946384, 15479763, -17466835, 568876, -1497683, 11223454,
+             -2669190, -16625574, -27235709, 8876771},
+        },
+        {
+            {-25742899, -12566864, -15649966, -846607, -33026686, -796288,
+             -33481822, 15824474, -604426, -9039817},
+            {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697,
+             -4890037, 1657394, 3084098},
+            {10477963, -7470260, 12119566, -13250805, 29016247, -5365589,
+             31280319, 14396151, -30233575, 15272409},
+        },
+        {
+            {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466,
+             -25173957, -12636138, -25014757, 1950504},
+            {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630,
+             -8384306, -8767532, 15341279, 8373727},
+            {28685821, 7759505, -14378516, -12002860, -31971820, 4079242,
+             298136, -10232602, -2878207, 15190420},
+        },
+        {
+            {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928,
+             8669718, 2742393, -26033313, -6875003},
+            {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854,
+             9291594, -16247779, -12154742, 6048605},
+            {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163,
+             13934231, 5128323, 11213262, 9168384},
+        },
+        {
+            {-26280513, 11007847, 19408960, -940758, -18592965, -4328580,
+             -5088060, -11105150, 20470157, -16398701},
+            {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560,
+             -22783952, 14461608, 14042978, 5230683},
+            {29969567, -2741594, -16711867, -8552442, 9175486, -2468974,
+             21556951, 3506042, -5933891, -12449708},
+        },
+        {
+            {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683,
+             -21284170, 8971513, -28539189, 15326563},
+            {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669,
+             -15523050, 15300988, -20514118, 9168260},
+            {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939,
+             -28948358, 9601605, 33087103, -9011387},
+        },
+        {
+            {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461,
+             -27444329, -15000531, -5996870, 15664672},
+            {23294591, -16632613, -22650781, -8470978, 27844204, 11461195,
+             13099750, -2460356, 18151676, 13417686},
+            {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065,
+             1661597, -12551441, 15271676, -15452665},
+        },
+    },
+    {
+        {
+            {11433042, -13228665, 8239631, -5279517, -1985436, -725718,
+             -18698764, 2167544, -6921301, -13440182},
+            {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379,
+             -9917708, -8638997, 12215110, 12028277},
+            {14098400, 6555944, 23007258, 5757252, -15427832, -12950502,
+             30123440, 4617780, -16900089, -655628},
+        },
+        {
+            {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385,
+             -15819999, 10154009, 23973261, -12684474},
+            {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355,
+             18341390, -11419951, 32013174, -10103539},
+            {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104,
+             21911214, 6354752, 4425632, -837822},
+        },
+        {
+            {-10433389, -14612966, 22229858, -3091047, -13191166, 776729,
+             -17415375, -12020462, 4725005, 14044970},
+            {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390,
+             -1411784, -19522291, -16109756},
+            {-24864089, 12986008, -10898878, -5558584, -11312371, -148526,
+             19541418, 8180106, 9282262, 10282508},
+        },
+        {
+            {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257,
+             15522535, 8372215, 5542595, -10702683},
+            {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360,
+             -2781891, 6993761, -18093885, 10114655},
+            {-20107055, -929418, 31422704, 10427861, -7110749, 6150669,
+             -29091755, -11529146, 25953725, -106158},
+        },
+        {
+            {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294,
+             19390020, 6094296, -3315279, 12831125},
+            {-15998678, 7578152, 5310217, 14408357, -33548620, -224739,
+             31575954, 6326196, 7381791, -2421839},
+            {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640,
+             6295303, 8082724, -15362489, 12339664},
+        },
+        {
+            {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414,
+             15768922, 25091167, 14856294},
+            {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300,
+             -12695493, -22182473, -9012899},
+            {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039,
+             -27260765, 13866390, 30146206, 9142070},
+        },
+        {
+            {3924129, -15307516, -13817122, -10054960, 12291820, -668366,
+             -27702774, 9326384, -8237858, 4171294},
+            {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944,
+             26396185, 3731949, 345228, -5462949},
+            {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387,
+             2031539, -12391231, -16253183, -13582083},
+        },
+        {
+            {31016211, -16722429, 26371392, -14451233, -5027349, 14854137,
+             17477601, 3842657, 28012650, -16405420},
+            {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560,
+             -9189873, 16292057, -8867157, 3507940},
+            {29439664, 3537914, 23333589, 6997794, -17555561, -11018068,
+             -15209202, -15051267, -9164929, 6580396},
+        },
+    },
+    {
+        {
+            {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611,
+             17860444, -9273846, -2095802, 9304567},
+            {20714564, -4336911, 29088195, 7406487, 11426967, -5095705,
+             14792667, -14608617, 5289421, -477127},
+            {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462,
+             17271490, 12349094, 26939669, -3752294},
+        },
+        {
+            {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525,
+             -27283495, -12348559, -3698806, 117887},
+            {22263325, -6560050, 3984570, -11174646, -15114008, -566785,
+             28311253, 5358056, -23319780, 541964},
+            {16259219, 3261970, 2309254, -15534474, -16885711, -4581916,
+             24134070, -16705829, -13337066, -13552195},
+        },
+        {
+            {9378160, -13140186, -22845982, -12745264, 28198281, -7244098,
+             -2399684, -717351, 690426, 14876244},
+            {24977353, -314384, -8223969, -13465086, 28432343, -1176353,
+             -13068804, -12297348, -22380984, 6618999},
+            {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193,
+             8044829, -13817328, 32239829, -5652762},
+        },
+        {
+            {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647,
+             -10350059, 32779359, 5095274},
+            {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423,
+             -24601656, 14506724, 21639561, -2630236},
+            {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318,
+             -1289502, -6863535, 17874574, 558605},
+        },
+        {
+            {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700,
+             33499487, 5080151, 2085892, 5119761},
+            {-22205145, -2519528, -16381601, 414691, -25019550, 2170430,
+             30634760, -8363614, -31999993, -5759884},
+            {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256,
+             27534430, -7192145, -22351378, 12961482},
+        },
+        {
+            {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287,
+             16533930, 8206996, -30194652, -5159638},
+            {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630,
+             7031275, 7589640, 8945490},
+            {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393,
+             7251489, -11182180, 24099109, -14456170},
+        },
+        {
+            {5019558, -7907470, 4244127, -14714356, -26933272, 6453165,
+             -19118182, -13289025, -6231896, -10280736},
+            {10853594, 10721687, 26480089, 5861829, -22995819, 1972175,
+             -1866647, -10557898, -3363451, -6441124},
+            {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661,
+             -2008168, -13866408, 7421392},
+        },
+        {
+            {8139927, -6546497, 32257646, -5890546, 30375719, 1886181,
+             -21175108, 15441252, 28826358, -4123029},
+            {6267086, 9695052, 7709135, -16603597, -32869068, -1886135,
+             14795160, -7840124, 13746021, -1742048},
+            {28584902, 7787108, -6732942, -15050729, 22846041, -7571236,
+             -3181936, -363524, 4771362, -8419958},
+        },
+    },
+    {
+        {
+            {24949256, 6376279, -27466481, -8174608, -18646154, -9930606,
+             33543569, -12141695, 3569627, 11342593},
+            {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886,
+             4608608, 7325975, -14801071},
+            {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312,
+             -27400540, 10258390, -17646694, -8186692},
+        },
+        {
+            {11431204, 15823007, 26570245, 14329124, 18029990, 4796082,
+             -31446179, 15580664, 9280358, -3973687},
+            {-160783, -10326257, -22855316, -4304997, -20861367, -13621002,
+             -32810901, -11181622, -15545091, 4387441},
+            {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370,
+             -24513992, 8548137, 20617071, -7482001},
+        },
+        {
+            {-938825, -3930586, -8714311, 16124718, 24603125, -6225393,
+             -13775352, -11875822, 24345683, 10325460},
+            {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528,
+             16318175, -1010689, 4766743, 3552007},
+            {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514,
+             14481909, 10988822, -3994762},
+        },
+        {
+            {15564307, -14311570, 3101243, 5684148, 30446780, -8051356,
+             12677127, -6505343, -8295852, 13296005},
+            {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379,
+             31521204, 9614054, -30000824, 12074674},
+            {4771191, -135239, 14290749, -13089852, 27992298, 14998318,
+             -1413936, -1556716, 29832613, -16391035},
+        },
+        {
+            {7064884, -7541174, -19161962, -5067537, -18891269, -2912736,
+             25825242, 5293297, -27122660, 13101590},
+            {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445,
+             32512469, -5317593, -30356070, -4190957},
+            {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044,
+             14413974, 9515896, 19568978, 9628812},
+        },
+        {
+            {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894,
+             -6106839, -6291786, 3437740},
+            {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290,
+             -22961733, 70104, 7463304, 4176122},
+            {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117,
+             -32719404, -5322751, 24216882, 5944158},
+        },
+        {
+            {8894125, 7450974, -2664149, -9765752, -28080517, -12389115,
+             19345746, 14680796, 11632993, 5847885},
+            {26942781, -2315317, 9129564, -4906607, 26024105, 11769399,
+             -11518837, 6367194, -9727230, 4782140},
+            {19916461, -4828410, -22910704, -11414391, 25606324, -5972441,
+             33253853, 8220911, 6358847, -1873857},
+        },
+        {
+            {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388,
+             -4480480, -13538503, 1387155},
+            {19646058, 5720633, -11416706, 12814209, 11607948, 12749789,
+             14147075, 15156355, -21866831, 11835260},
+            {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523,
+             15467869, -26560550, 5052483},
+        },
+    },
+    {
+        {
+            {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123,
+             -12618185, 12228557, -7003677},
+            {32944382, 14922211, -22844894, 5188528, 21913450, -8719943,
+             4001465, 13238564, -6114803, 8653815},
+            {22865569, -4652735, 27603668, -12545395, 14348958, 8234005,
+             24808405, 5719875, 28483275, 2841751},
+        },
+        {
+            {-16420968, -1113305, -327719, -12107856, 21886282, -15552774,
+             -1887966, -315658, 19932058, -12739203},
+            {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912,
+             3999228, 13239134, -4777469, -13910208},
+            {1382174, -11694719, 17266790, 9194690, -13324356, 9720081,
+             20403944, 11284705, -14013818, 3093230},
+        },
+        {
+            {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424,
+             16271225, -24049421, -6691850},
+            {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293,
+             24123614, 15193618, -21652117, -16739389},
+            {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484,
+             31870908, 14690798, 17361620, 11864968},
+        },
+        {
+            {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200,
+             -12331205, -7486601, -25578460, -16240689},
+            {14668462, -12270235, 26039039, 15305210, 25515617, 4542480,
+             10453892, 6577524, 9145645, -6443880},
+            {5974874, 3053895, -9433049, -10385191, -31865124, 3225009,
+             -7972642, 3936128, -5652273, -3050304},
+        },
+        {
+            {30625386, -4729400, -25555961, -12792866, -20484575, 7695099,
+             17097188, -16303496, -27999779, 1803632},
+            {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700,
+             14911344, 12196514, -21405489, 7047412},
+            {20093277, 9920966, -11138194, -5343857, 13161587, 12044805,
+             -32856851, 4124601, -32343828, -10257566},
+        },
+        {
+            {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605,
+             4752377, -8714640, -21679658, 2288038},
+            {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457,
+             29457502, 14625692, -24819617, 12570232},
+            {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109,
+             -21159943, -3498680, -11974704, 4724943},
+        },
+        {
+            {17960970, -11775534, -4140968, -9702530, -8876562, -1410617,
+             -12907383, -8659932, -29576300, 1903856},
+            {23134274, -14279132, -10681997, -1611936, 20684485, 15770816,
+             -12989750, 3190296, 26955097, 14109738},
+            {15308788, 5320727, -30113809, -14318877, 22902008, 7767164,
+             29425325, -11277562, 31960942, 11934971},
+        },
+        {
+            {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669,
+             20638173, 4875028, 10491392, 1379718},
+            {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801,
+             33518459, 16176658, 21432314, 12180697},
+            {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205,
+             1465425, 12689540, -10301319, -13872883},
+        },
+    },
+    {
+        {
+            {5414091, -15386041, -21007664, 9643570, 12834970, 1186149,
+             -2622916, -1342231, 26128231, 6032912},
+            {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156,
+             3604025, 8316894, -25875034, -10437358},
+            {3296484, 6223048, 24680646, -12246460, -23052020, 5903205,
+             -8862297, -4639164, 12376617, 3188849},
+        },
+        {
+            {29190488, -14659046, 27549113, -1183516, 3520066, -10697301,
+             32049515, -7309113, -16109234, -9852307},
+            {-14744486, -9309156, 735818, -598978, -20407687, -5057904,
+             25246078, -15795669, 18640741, -960977},
+            {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252,
+             -31638386, -494430, 10530747, 1053335},
+        },
+        {
+            {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384,
+             -31462369, -2948985, 24018831, 15026644},
+            {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631,
+             25310643, 13003497, -2314791, -15145616},
+            {-27419985, -603321, -8043984, -1669117, -26092265, 13987819,
+             -27297622, 187899, -23166419, -2531735},
+        },
+        {
+            {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473,
+             9716667, 16266922, -5070217, 726099},
+            {29370922, -6053998, 7334071, -15342259, 9385287, 2247707,
+             -13661962, -4839461, 30007388, -15823341},
+            {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109,
+             730663, 9835848, 4555336},
+        },
+        {
+            {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977,
+             17693930, 544696, -11985298, 12422646},
+            {31117226, -12215734, -13502838, 6561947, -9876867, -12757670,
+             -5118685, -4096706, 29120153, 13924425},
+            {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820,
+             -9383939, -11317700, 7240931, -237388},
+        },
+        {
+            {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771,
+             1222336, 4389483, 3293637, -15551743},
+            {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533,
+             -24319580, 7733547, 12796905, -6335822},
+            {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811,
+             -28253339, 3647836, 3222231, -11160462},
+        },
+        {
+            {18606113, 1693100, -25448386, -15170272, 4112353, 10045021,
+             23603893, -2048234, -7550776, 2484985},
+            {9255317, -3131197, -12156162, -1004256, 13098013, -9214866,
+             16377220, -2102812, -19802075, -3034702},
+            {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502,
+             -31718148, 9936966, -30097688, -10618797},
+        },
+        {
+            {21878590, -5001297, 4338336, 13643897, -3036865, 13160960,
+             19708896, 5415497, -7360503, -4109293},
+            {27736861, 10103576, 12500508, 8502413, -3413016, -9633558,
+             10436918, -1550276, -23659143, -8132100},
+            {19492550, -12104365, -29681976, -852630, -3208171, 12403437,
+             30066266, 8367329, 13243957, 8709688},
+        },
+    },
+    {
+        {
+            {12015105, 2801261, 28198131, 10151021, 24818120, -4743133,
+             -11194191, -5645734, 5150968, 7274186},
+            {2831366, -12492146, 1478975, 6122054, 23825128, -12733586,
+             31097299, 6083058, 31021603, -9793610},
+            {-2529932, -2229646, 445613, 10720828, -13849527, -11505937,
+             -23507731, 16354465, 15067285, -14147707},
+        },
+        {
+            {7840942, 14037873, -33364863, 15934016, -728213, -3642706,
+             21403988, 1057586, -19379462, -12403220},
+            {915865, -16469274, 15608285, -8789130, -24357026, 6060030,
+             -17371319, 8410997, -7220461, 16527025},
+            {32922597, -556987, 20336074, -16184568, 10903705, -5384487,
+             16957574, 52992, 23834301, 6588044},
+        },
+        {
+            {32752030, 11232950, 3381995, -8714866, 22652988, -10744103,
+             17159699, 16689107, -20314580, -1305992},
+            {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943,
+             7924251, -2752281, 1976123, -7249027},
+            {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041,
+             -3371252, 12331345, -8237197},
+        },
+        {
+            {8651614, -4477032, -16085636, -4996994, 13002507, 2950805,
+             29054427, -5106970, 10008136, -4667901},
+            {31486080, 15114593, -14261250, 12951354, 14369431, -7387845,
+             16347321, -13662089, 8684155, -10532952},
+            {19443825, 11385320, 24468943, -9659068, -23919258, 2187569,
+             -26263207, -6086921, 31316348, 14219878},
+        },
+        {
+            {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801,
+             27146014, 6992409, 29126555, 9207390},
+            {32382935, 1110093, 18477781, 11028262, -27411763, -7548111,
+             -4980517, 10843782, -7957600, -14435730},
+            {2814918, 7836403, 27519878, -7868156, -20894015, -11553689,
+             -21494559, 8550130, 28346258, 1994730},
+        },
+        {
+            {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307,
+             -19516951, 7174894, 22628102, 8115180},
+            {-30405132, 955511, -11133838, -15078069, -32447087, -13278079,
+             -25651578, 3317160, -9943017, 930272},
+            {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177,
+             24091212, -1388970, -22765376, -10650715},
+        },
+        {
+            {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053,
+             -14839018, -16554220, -1867018, 8398970},
+            {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670,
+             22981545, -6291273, 18009408, -15772772},
+            {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469,
+             29551787, -3727419, 19288549, 1325865},
+        },
+        {
+            {15100157, -15835752, -23923978, -1005098, -26450192, 15509408,
+             12376730, -3479146, 33166107, -8042750},
+            {20909231, 13023121, -9209752, 16251778, -5778415, -8094914,
+             12412151, 10018715, 2213263, -13878373},
+            {32529814, -11074689, 30361439, -16689753, -9135940, 1513226,
+             22922121, 6382134, -5766928, 8371348},
+        },
+    },
+    {
+        {
+            {9923462, 11271500, 12616794, 3544722, -29998368, -1721626,
+             12891687, -8193132, -26442943, 10486144},
+            {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726,
+             2610596, -23921530, -11455195},
+            {5408411, -1136691, -4969122, 10561668, 24145918, 14240566,
+             31319731, -4235541, 19985175, -3436086},
+        },
+        {
+            {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976,
+             -17577068, 8849297, 65030, 8370684},
+            {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277,
+             -19442942, 6922164, 12743482, -9800518},
+            {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717,
+             23783145, 11038569, 18800704, 255233},
+        },
+        {
+            {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847,
+             9066957, 19258688, -14753793},
+            {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541,
+             -31934921, 2209390, -1524053, 2055794},
+            {580882, 16705327, 5468415, -2683018, -30926419, -14696000,
+             -7203346, -8994389, -30021019, 7394435},
+        },
+        {
+            {23838809, 1822728, -15738443, 15242727, 8318092, -3733104,
+             -21672180, -3492205, -4821741, 14799921},
+            {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804,
+             13496856, -9056018, 7402518},
+            {2286874, -4435931, -20042458, -2008336, -13696227, 5038122,
+             11006906, -15760352, 8205061, 1607563},
+        },
+        {
+            {14414086, -8002132, 3331830, -3208217, 22249151, -5594188,
+             18364661, -2906958, 30019587, -9029278},
+            {-27688051, 1585953, -10775053, 931069, -29120221, -11002319,
+             -14410829, 12029093, 9944378, 8024},
+            {4368715, -3709630, 29874200, -15022983, -20230386, -11410704,
+             -16114594, -999085, -8142388, 5640030},
+        },
+        {
+            {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887,
+             -16694564, 15219798, -14327783},
+            {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605,
+             -1173195, -18342183, 9742717},
+            {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614,
+             7406442, 12420155, 1994844},
+        },
+        {
+            {14012521, -5024720, -18384453, -9578469, -26485342, -3936439,
+             -13033478, -10909803, 24319929, -6446333},
+            {16412690, -4507367, 10772641, 15929391, -17068788, -4658621,
+             10555945, -10484049, -30102368, -4739048},
+            {22397382, -7767684, -9293161, -12792868, 17166287, -9755136,
+             -27333065, 6199366, 21880021, -12250760},
+        },
+        {
+            {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128,
+             16557151, 8890729, 8840445, 4957760},
+            {-15447727, 709327, -6919446, -10870178, -29777922, 6522332,
+             -21720181, 12130072, -14796503, 5005757},
+            {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752,
+             10183197, -13239326, -16395286, -2176112},
+        },
+    },
+    {
+        {
+            {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537,
+             -32013908, -3057104, 22208662, 2000468},
+            {3065073, -1412761, -25598674, -361432, -17683065, -5703415,
+             -8164212, 11248527, -3691214, -7414184},
+            {10379208, -6045554, 8877319, 1473647, -29291284, -12507580,
+             16690915, 2553332, -3132688, 16400289},
+        },
+        {
+            {15716668, 1254266, -18472690, 7446274, -8448918, 6344164,
+             -22097271, -7285580, 26894937, 9132066},
+            {24158887, 12938817, 11085297, -8177598, -28063478, -4457083,
+             -30576463, 64452, -6817084, -2692882},
+            {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710,
+             -3418511, -4688006, 2364226},
+        },
+        {
+            {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024,
+             -11697457, 15445875, -7798101},
+            {29004207, -7867081, 28661402, -640412, -12794003, -7943086,
+             31863255, -4135540, -278050, -15759279},
+            {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829,
+             10343412, -6976290, -29828287, -10815811},
+        },
+        {
+            {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636,
+             15372179, 17293797, 960709},
+            {20263915, 11434237, -5765435, 11236810, 13505955, -10857102,
+             -16111345, 6493122, -19384511, 7639714},
+            {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699,
+             18006287, -16043750, 29994677, -15808121},
+        },
+        {
+            {9769828, 5202651, -24157398, -13631392, -28051003, -11561624,
+             -24613141, -13860782, -31184575, 709464},
+            {12286395, 13076066, -21775189, -1176622, -25003198, 4057652,
+             -32018128, -8890874, 16102007, 13205847},
+            {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170,
+             8525972, 10151379, 10394400},
+        },
+        {
+            {4024660, -16137551, 22436262, 12276534, -9099015, -2686099,
+             19698229, 11743039, -33302334, 8934414},
+            {-15879800, -4525240, -8580747, -2934061, 14634845, -698278,
+             -9449077, 3137094, -11536886, 11721158},
+            {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229,
+             8835153, -9205489, -1280045},
+        },
+        {
+            {-461409, -7830014, 20614118, 16688288, -7514766, -4807119,
+             22300304, 505429, 6108462, -6183415},
+            {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642,
+             29880583, -13483331, -26898490, -7867459},
+            {-31975283, 5726539, 26934134, 10237677, -3173717, -605053,
+             24199304, 3795095, 7592688, -14992079},
+        },
+        {
+            {21594432, -14964228, 17466408, -4077222, 32537084, 2739898,
+             6407723, 12018833, -28256052, 4298412},
+            {-20650503, -11961496, -27236275, 570498, 3767144, -1717540,
+             13891942, -1569194, 13717174, 10805743},
+            {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568,
+             -796431, 14860609, -26938930, -5863836},
+        },
+    },
+    {
+        {
+            {12962541, 5311799, -10060768, 11658280, 18855286, -7954201,
+             13286263, -12808704, -4381056, 9882022},
+            {18512079, 11319350, -20123124, 15090309, 18818594, 5271736,
+             -22727904, 3666879, -23967430, -3299429},
+            {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114,
+             -10084880, -6661110, -2403099, 5276065},
+        },
+        {
+            {30169808, -5317648, 26306206, -11750859, 27814964, 7069267,
+             7152851, 3684982, 1449224, 13082861},
+            {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382,
+             15056736, -21016438, -8202000},
+            {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665,
+             -26171976, 6482814, -10300080, -11060101},
+        },
+        {
+            {32869458, -5408545, 25609743, 15678670, -10687769, -15471071,
+             26112421, 2521008, -22664288, 6904815},
+            {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737,
+             3841096, -29003639, -6657642},
+            {10340844, -6630377, -18656632, -2278430, 12621151, -13339055,
+             30878497, -11824370, -25584551, 5181966},
+        },
+        {
+            {25940115, -12658025, 17324188, -10307374, -8671468, 15029094,
+             24396252, -16450922, -2322852, -12388574},
+            {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390,
+             12641087, 20603771, -6561742},
+            {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874,
+             1925523, 11914390, 4662781, 7820689},
+        },
+        {
+            {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456,
+             12172924, 16136752, 15264020},
+            {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780,
+             10658213, 6671822, 19012087, 3772772},
+            {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732,
+             -15762884, 20527771, 12988982},
+        },
+        {
+            {-14822485, -5797269, -3707987, 12689773, -898983, -10914866,
+             -24183046, -10564943, 3299665, -12424953},
+            {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197,
+             6461331, -25583147, 8991218},
+            {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991,
+             -32948145, 7417950, -30242287, 1507265},
+        },
+        {
+            {29692663, 6829891, -10498800, 4334896, 20945975, -11906496,
+             -28887608, 8209391, 14606362, -10647073},
+            {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695,
+             9761487, 4170404, -2085325},
+            {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046,
+             22186522, 16002000, -14276837, -8400798},
+        },
+        {
+            {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047,
+             -7113572, -9620092, 13240845, 10965870},
+            {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166,
+             4498947, 14147411, 29514390, 4302863},
+            {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368,
+             -5061276, -2144373, 17846988, -13971927},
+        },
+    },
+    {
+        {
+            {-2244452, -754728, -4597030, -1066309, -6247172, 1455299,
+             -21647728, -9214789, -5222701, 12650267},
+            {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813,
+             13770293, -19134326, 10958663},
+            {22470984, 12369526, 23446014, -5441109, -21520802, -9698723,
+             -11772496, -11574455, -25083830, 4271862},
+        },
+        {
+            {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192,
+             75375, -4278529, -32526221, 8469673},
+            {15854970, 4148314, -8893890, 7259002, 11666551, 13824734,
+             -30531198, 2697372, 24154791, -9460943},
+            {15446137, -15806644, 29759747, 14019369, 30811221, -9610191,
+             -31582008, 12840104, 24913809, 9815020},
+        },
+        {
+            {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414,
+             -9103676, 13438769, 18735128, 9466238},
+            {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821,
+             -10896103, -22728655, 16199064},
+            {14576810, 379472, -26786533, -8317236, -29426508, -10812974,
+             -102766, 1876699, 30801119, 2164795},
+        },
+        {
+            {15995086, 3199873, 13672555, 13712240, -19378835, -4647646,
+             -13081610, -15496269, -13492807, 1268052},
+            {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475,
+             -3470338, -12600221, -17055369, 3565904},
+            {29210088, -9419337, -5919792, -4952785, 10834811, -13327726,
+             -16512102, -10820713, -27162222, -14030531},
+        },
+        {
+            {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123,
+             -29183421, -3769423, 2244111, -14001979},
+            {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434,
+             -25673088, -16180800, 13491506, 4641841},
+            {10813417, 643330, -19188515, -728916, 30292062, -16600078,
+             27548447, -7721242, 14476989, -12767431},
+        },
+        {
+            {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937,
+             -1644259, -27912810, 12651324},
+            {-31185513, -813383, 22271204, 11835308, 10201545, 15351028,
+             17099662, 3988035, 21721536, -3148940},
+            {10202177, -6545839, -31373232, -9574638, -32150642, -8119683,
+             -12906320, 3852694, 13216206, 14842320},
+        },
+        {
+            {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778,
+             -31500847, 13765824, -27434397, 9900184},
+            {14465505, -13833331, -32133984, -14738873, -27443187, 12990492,
+             33046193, 15796406, -7051866, -8040114},
+            {30924417, -8279620, 6359016, -12816335, 16508377, 9071735,
+             -25488601, 15413635, 9524356, -7018878},
+        },
+        {
+            {12274201, -13175547, 32627641, -1785326, 6736625, 13267305,
+             5237659, -5109483, 15663516, 4035784},
+            {-2951309, 8903985, 17349946, 601635, -16432815, -4612556,
+             -13732739, -15889334, -22258478, 4659091},
+            {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498,
+             5736189, 15026997, -2178256, -13455585},
+        },
+    },
+    {
+        {
+            {-8858980, -2219056, 28571666, -10155518, -474467, -10105698,
+             -3801496, 278095, 23440562, -290208},
+            {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275,
+             11551483, -16571960, -7442864},
+            {17932739, -12437276, -24039557, 10749060, 11316803, 7535897,
+             22503767, 5561594, -3646624, 3898661},
+        },
+        {
+            {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531,
+             7152530, 21831162, 1245233},
+            {26958459, -14658026, 4314586, 8346991, -5677764, 11960072,
+             -32589295, -620035, -30402091, -16716212},
+            {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535,
+             6280834, 14587357, -22338025, 13987525},
+        },
+        {
+            {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778,
+             -4300898, -5124639, -7469781, -2858068},
+            {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781,
+             6439245, -14581012, 4091397},
+            {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623,
+             -19622683, 12092163, 29077877, -14741988},
+        },
+        {
+            {5269168, -6859726, -13230211, -8020715, 25932563, 1763552,
+             -5606110, -5505881, -20017847, 2357889},
+            {32264008, -15407652, -5387735, -1160093, -2091322, -3946900,
+             23104804, -12869908, 5727338, 189038},
+            {14609123, -8954470, -6000566, -16622781, -14577387, -7743898,
+             -26745169, 10942115, -25888931, -14884697},
+        },
+        {
+            {20513500, 5557931, -15604613, 7829531, 26413943, -2019404,
+             -21378968, 7471781, 13913677, -5137875},
+            {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227,
+             -8940970, 14059180, 12878652, 8511905},
+            {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908,
+             -30223418, 6812974, 5568676, -3127656},
+        },
+        {
+            {11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
+             -17408753, -13504373, -14395196, 8070818},
+            {27117696, -10007378, -31282771, -5570088, 1127282, 12772488,
+             -29845906, 10483306, -11552749, -1028714},
+            {10637467, -5688064, 5674781, 1072708, -26343588, -6982302,
+             -1683975, 9177853, -27493162, 15431203},
+        },
+        {
+            {20525145, 10892566, -12742472, 12779443, -29493034, 16150075,
+             -28240519, 14943142, -15056790, -7935931},
+            {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767,
+             -3239766, -3356550, 9594024},
+            {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683,
+             -6492290, 13352335, -10977084},
+        },
+        {
+            {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091,
+             -29783850, -7752482, -13215537, -319204},
+            {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742,
+             15077870, -22750759, 14523817},
+            {27406042, -6041657, 27423596, -4497394, 4996214, 10002360,
+             -28842031, -4545494, -30172742, -4805667},
+        },
+    },
+    {
+        {
+            {11374242, 12660715, 17861383, -12540833, 10935568, 1099227,
+             -13886076, -9091740, -27727044, 11358504},
+            {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702,
+             32676003, 11149336, -26123651, 4985768},
+            {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043,
+             13794114, -19414307, -15621255},
+        },
+        {
+            {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603,
+             6970005, -1691065, -9004790},
+            {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622,
+             -5475723, -16796596, -5031438},
+            {-22273315, -13524424, -64685, -4334223, -18605636, -10921968,
+             -20571065, -7007978, -99853, -10237333},
+        },
+        {
+            {17747465, 10039260, 19368299, -4050591, -20630635, -16041286,
+             31992683, -15857976, -29260363, -5511971},
+            {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999,
+             -3744247, 4882242, -10626905},
+            {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198,
+             3272828, -5190932, -4162409},
+        },
+        {
+            {12501286, 4044383, -8612957, -13392385, -32430052, 5136599,
+             -19230378, -3529697, 330070, -3659409},
+            {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522,
+             -8573892, -271295, 12071499},
+            {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927,
+             -32769618, 1936675, -5159697, 3829363},
+        },
+        {
+            {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550,
+             -6567787, 26333140, 14267664},
+            {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312,
+             10004786, -8709488, -21761224, 8930324},
+            {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919,
+             1541940, 4757911, -26491501, -16408940},
+        },
+        {
+            {13537262, -7759490, -20604840, 10961927, -5922820, -13218065,
+             -13156584, 6217254, -15943699, 13814990},
+            {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681,
+             9257833, -1956526, -1776914},
+            {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556,
+             -29171540, 12361135, -18685978, 4578290},
+        },
+        {
+            {24579768, 3711570, 1342322, -11180126, -27005135, 14124956,
+             -22544529, 14074919, 21964432, 8235257},
+            {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420,
+             -2981514, -1669206, 13006806, 2355433},
+            {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083,
+             27202044, 1719366, 1141648, -12796236},
+        },
+        {
+            {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894,
+             13475066, -3133972, 32674895, 13715045},
+            {11423335, -5468059, 32344216, 8962751, 24989809, 9241752,
+             -13265253, 16086212, -28740881, -15642093},
+            {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160,
+             -11709148, 7791794, -27245943, 4383347},
+        },
+    },
+    {
+        {
+            {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599,
+             -4862407, -4906449, 27193557, 6245191},
+            {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898,
+             3260492, 22510453, 8577507},
+            {-12632451, 11257346, -32692994, 13548177, -721004, 10879011,
+             31168030, 13952092, -29571492, -3635906},
+        },
+        {
+            {3877321, -9572739, 32416692, 5405324, -11004407, -13656635,
+             3759769, 11935320, 5611860, 8164018},
+            {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718,
+             32003002, -8832289, 5773085, -8422109},
+            {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725,
+             12376320, 31632953, 190926},
+        },
+        {
+            {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328,
+             -8288749, 4508564, -25341555, -3627528},
+            {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941,
+             -14786005, -1672488, 827625},
+            {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080,
+             -1800575, -14108036, -24878478, 1541286},
+        },
+        {
+            {2901347, -1117687, 3880376, -10059388, -17620940, -3612781,
+             -21802117, -3567481, 20456845, -1885033},
+            {27019610, 12299467, -13658288, -1603234, -12861660, -4861471,
+             -19540150, -5016058, 29439641, 15138866},
+            {21536104, -6626420, -32447818, -10690208, -22408077, 5175814,
+             -5420040, -16361163, 7779328, 109896},
+        },
+        {
+            {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390,
+             12180118, 23177719, -554075},
+            {26572847, 3405927, -31701700, 12890905, -19265668, 5335866,
+             -6493768, 2378492, 4439158, -13279347},
+            {-22716706, 3489070, -9225266, -332753, 18875722, -1140095,
+             14819434, -12731527, -17717757, -5461437},
+        },
+        {
+            {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060,
+             -820954, 2177225, 8550082, -15114165},
+            {-18473302, 16596775, -381660, 15663611, 22860960, 15585581,
+             -27844109, -3582739, -23260460, -8428588},
+            {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815,
+             -22725137, 15860482, -21902570, 1494193},
+        },
+        {
+            {-19562091, -14087393, -25583872, -9299552, 13127842, 759709,
+             21923482, 16529112, 8742704, 12967017},
+            {-28464899, 1553205, 32536856, -10473729, -24691605, -406174,
+             -8914625, -2933896, -29903758, 15553883},
+            {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572,
+             14513274, 19375923, -12647961},
+        },
+        {
+            {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818,
+             -6222716, 2862653, 9455043},
+            {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124,
+             -2990080, 15511449, 4789663},
+            {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736,
+             -5754762, 108893, 23513200, 16652362},
+        },
+    },
+    {
+        {
+            {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542,
+             -6650416, -12936300, -18319198, 10212860},
+            {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801,
+             2600940, -9988298, -12506466},
+            {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657,
+             11344424, 864440, -2499677, -16710063},
+        },
+        {
+            {-26432803, 6148329, -17184412, -14474154, 18782929, -275997,
+             -22561534, 211300, 2719757, 4940997},
+            {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207,
+             21690126, 8518463, 26699843, 5276295},
+            {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586,
+             149635, -15452774, 7159369},
+        },
+        {
+            {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009,
+             8312176, 22477218, -8403385},
+            {18155857, -16504990, 19744716, 9006923, 15154154, -10538976,
+             24256460, -4864995, -22548173, 9334109},
+            {2986088, -4911893, 10776628, -3473844, 10620590, -7083203,
+             -21413845, 14253545, -22587149, 536906},
+        },
+        {
+            {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551,
+             10589625, 10838060, -15420424},
+            {-19342404, 867880, 9277171, -3218459, -14431572, -1986443,
+             19295826, -15796950, 6378260, 699185},
+            {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039,
+             15693155, -5045064, -13373962},
+        },
+        {
+            {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616,
+             31730678, -10962840, -3918636, -9669325},
+            {10188286, -15770834, -7336361, 13427543, 22223443, 14896287,
+             30743455, 7116568, -21786507, 5427593},
+            {696102, 13206899, 27047647, -10632082, 15285305, -9853179,
+             10798490, -4578720, 19236243, 12477404},
+        },
+        {
+            {-11229439, 11243796, -17054270, -8040865, -788228, -8167967,
+             -3897669, 11180504, -23169516, 7733644},
+            {17800790, -14036179, -27000429, -11766671, 23887827, 3149671,
+             23466177, -10538171, 10322027, 15313801},
+            {26246234, 11968874, 32263343, -5468728, 6830755, -13323031,
+             -15794704, -101982, -24449242, 10890804},
+        },
+        {
+            {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544,
+             -14982212, 16484931, 25180797, -5334884},
+            {-586574, 10376444, -32586414, -11286356, 19801893, 10997610,
+             2276632, 9482883, 316878, 13820577},
+            {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996,
+             30756178, -7515054, 30696930, -3712849},
+        },
+        {
+            {32988917, -9603412, 12499366, 7910787, -10617257, -11931514,
+             -7342816, -9985397, -32349517, 7392473},
+            {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781,
+             -30409476, -9134995, 25112947, -2926644},
+            {-2504044, -436966, 25621774, -5678772, 15085042, -5479877,
+             -24884878, -13526194, 5537438, -13914319},
+        },
+    },
+    {
+        {
+            {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648,
+             -14876251, -1729667, 31234590, 6090599},
+            {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721,
+             15878753, -6970405, -9034768},
+            {-27757857, 247744, -15194774, -9002551, 23288161, -10011936,
+             -23869595, 6503646, 20650474, 1804084},
+        },
+        {
+            {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995,
+             -10329713, 27842616, -202328},
+            {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656,
+             5031932, -11375082, 12714369},
+            {20807691, -7270825, 29286141, 11421711, -27876523, -13868230,
+             -21227475, 1035546, -19733229, 12796920},
+        },
+        {
+            {12076899, -14301286, -8785001, -11848922, -25012791, 16400684,
+             -17591495, -12899438, 3480665, -15182815},
+            {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545,
+             -24363064, -15921875, -33374054, 2771025},
+            {-21389266, 421932, 26597266, 6860826, 22486084, -6737172,
+             -17137485, -4210226, -24552282, 15673397},
+        },
+        {
+            {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893,
+             -20271184, 4733254, 3727144, -12934448},
+            {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594,
+             7975683, 31123697, -10958981},
+            {30069250, -11435332, 30434654, 2958439, 18399564, -976289,
+             12296869, 9204260, -16432438, 9648165},
+        },
+        {
+            {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266,
+             5248604, -26008332, -11377501},
+            {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711,
+             15298639, 2662509, -16297073},
+            {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326,
+             32087529, -1222777, 32247248, -14389861},
+        },
+        {
+            {14312628, 1221556, 17395390, -8700143, -4945741, -8684635,
+             -28197744, -9637817, -16027623, -13378845},
+            {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502,
+             9803137, 17597934, 2346211},
+            {18510800, 15337574, 26171504, 981392, -22241552, 7827556,
+             -23491134, -11323352, 3059833, -11782870},
+        },
+        {
+            {10141598, 6082907, 17829293, -1947643, 9830092, 13613136,
+             -25556636, -5544586, -33502212, 3592096},
+            {33114168, -15889352, -26525686, -13343397, 33076705, 8716171,
+             1151462, 1521897, -982665, -6837803},
+            {-32939165, -4255815, 23947181, -324178, -33072974, -12305637,
+             -16637686, 3891704, 26353178, 693168},
+        },
+        {
+            {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294,
+             -400668, 31375464, 14369965},
+            {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728,
+             32732230, -13108839, 17901441, 16011505},
+            {18171223, -11934626, -12500402, 15197122, -11038147, -15230035,
+             -19172240, -16046376, 8764035, 12309598},
+        },
+    },
+    {
+        {
+            {5975908, -5243188, -19459362, -9681747, -11541277, 14015782,
+             -23665757, 1228319, 17544096, -10593782},
+            {5811932, -1715293, 3442887, -2269310, -18367348, -8359541,
+             -18044043, -15410127, -5565381, 12348900},
+            {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274,
+             -24849353, 8141295, -10632534, -585479},
+        },
+        {
+            {-12675304, 694026, -5076145, 13300344, 14015258, -14451394,
+             -9698672, -11329050, 30944593, 1130208},
+            {8247766, -6710942, -26562381, -7709309, -14401939, -14648910,
+             4652152, 2488540, 23550156, -271232},
+            {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737,
+             -5908146, -408818, -137719},
+        },
+        {
+            {16091085, -16253926, 18599252, 7340678, 2137637, -1221657,
+             -3364161, 14550936, 3260525, -7166271},
+            {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596,
+             -23028869, -13204905, -12748722, 2701326},
+            {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432,
+             -10018363, 9276971, 11329923, 1862132},
+        },
+        {
+            {14763076, -15903608, -30918270, 3689867, 3511892, 10313526,
+             -21951088, 12219231, -9037963, -940300},
+            {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216,
+             -2909717, -15438168, 11595570},
+            {15214962, 3537601, -26238722, -14058872, 4418657, -15230761,
+             13947276, 10730794, -13489462, -4363670},
+        },
+        {
+            {-2538306, 7682793, 32759013, 263109, -29984731, -7955452,
+             -22332124, -10188635, 977108, 699994},
+            {-12466472, 4195084, -9211532, 550904, -15565337, 12917920,
+             19118110, -439841, -30534533, -14337913},
+            {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237,
+             -10051775, 12493932, -5409317},
+        },
+        {
+            {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087,
+             27218280, 2607121, 29375955, 6024730},
+            {842132, -2794693, -4763381, -8722815, 26332018, -12405641,
+             11831880, 6985184, -9940361, 2854096},
+            {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645,
+             960770, 12121869, 16648078},
+        },
+        {
+            {-15218652, 14667096, -13336229, 2013717, 30598287, -464137,
+             -31504922, -7882064, 20237806, 2838411},
+            {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604,
+             12544294, -13470457, 1068881, -12499905},
+            {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596,
+             -8486907, -2630053, 12521378, 4845654},
+        },
+        {
+            {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600,
+             3409348, -873400, -6482306, -12885870},
+            {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172,
+             10477734, -1240216, -3113227, 13974498},
+            {12966261, 15550616, -32038948, -1615346, 21025980, -629444,
+             5642325, 7188737, 18895762, 12629579},
+        },
+    },
+    {
+        {
+            {14741879, -14946887, 22177208, -11721237, 1279741, 8058600,
+             11758140, 789443, 32195181, 3895677},
+            {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575,
+             -3566119, -8982069, 4429647},
+            {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220,
+             -7135870, -11642895, 18047436, -15281743},
+        },
+        {
+            {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455,
+             10993114, -12850837, -17620701, -9408468},
+            {21987233, 700364, -24505048, 14972008, -7774265, -5718395,
+             32155026, 2581431, -29958985, 8773375},
+            {-25568350, 454463, -13211935, 16126715, 25240068, 8594567,
+             20656846, 12017935, -7874389, -13920155},
+        },
+        {
+            {6028182, 6263078, -31011806, -11301710, -818919, 2461772,
+             -31841174, -5468042, -1721788, -2776725},
+            {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845,
+             -4166698, 28408820, 6816612},
+            {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817,
+             20613181, 13982702, -10339570, 5067943},
+        },
+        {
+            {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951,
+             -19719286, 12746132, 5331210, -10105944},
+            {30528811, 3601899, -1957090, 4619785, -27361822, -15436388,
+             24180793, -12570394, 27679908, -1648928},
+            {9402404, -13957065, 32834043, 10838634, -26580150, -13237195,
+             26653274, -8685565, 22611444, -12715406},
+        },
+        {
+            {22190590, 1118029, 22736441, 15130463, -30460692, -5991321,
+             19189625, -4648942, 4854859, 6622139},
+            {-8310738, -2953450, -8262579, -3388049, -10401731, -271929,
+             13424426, -3567227, 26404409, 13001963},
+            {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670,
+             -26064365, -11621720, -15405155, 11020693},
+        },
+        {
+            {1866042, -7949489, -7898649, -10301010, 12483315, 13477547,
+             3175636, -12424163, 28761762, 1406734},
+            {-448555, -1777666, 13018551, 3194501, -9580420, -11161737,
+             24760585, -4347088, 25577411, -13378680},
+            {-24290378, 4759345, -690653, -1852816, 2066747, 10693769,
+             -29595790, 9884936, -9368926, 4745410},
+        },
+        {
+            {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276,
+             -15462008, -11311852, 10931924, -11931931},
+            {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606,
+             -22853429, 10856641, -20470770, 13434654},
+            {22759489, -10073434, -16766264, -1871422, 13637442, -10168091,
+             1765144, -12654326, 28445307, -5364710},
+        },
+        {
+            {29875063, 12493613, 2795536, -3786330, 1710620, 15181182,
+             -10195717, -8788675, 9074234, 1167180},
+            {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294,
+             -18716888, -9535498, 3843903, 9367684},
+            {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123,
+             8601684, -139197, 4242895},
+        },
+    },
+    {
+        {
+            {22092954, -13191123, -2042793, -11968512, 32186753, -11517388,
+             -6574341, 2470660, -27417366, 16625501},
+            {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857,
+             2602725, -27351616, 14247413},
+            {6314175, -10264892, -32772502, 15957557, -10157730, 168750,
+             -8618807, 14290061, 27108877, -1180880},
+        },
+        {
+            {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596,
+             33547976, -11058889, -27148451, 981874},
+            {22833440, 9293594, -32649448, -13618667, -9136966, 14756819,
+             -22928859, -13970780, -10479804, -16197962},
+            {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060,
+             22680049, 13906969, -15933690, 3797899},
+        },
+        {
+            {21721356, -4212746, -12206123, 9310182, -3882239, -13653110,
+             23740224, -2709232, 20491983, -8042152},
+            {9209270, -15135055, -13256557, -6167798, -731016, 15289673,
+             25947805, 15286587, 30997318, -6703063},
+            {7392032, 16618386, 23946583, -8039892, -13265164, -1533858,
+             -14197445, -2321576, 17649998, -250080},
+        },
+        {
+            {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752,
+             -15241566, -9525724, -2233253, 7662146},
+            {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295,
+             7335080, -8472199, -3174674, 3440183},
+            {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957,
+             40450, -4431835, 4862400, 1133},
+        },
+        {
+            {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142,
+             7258061, 311861, -30594991, -7379421},
+            {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763,
+             16527196, 18278453, 15405622},
+            {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970,
+             -13313598, 843523, -21875062, 13626197},
+        },
+        {
+            {2281448, -13487055, -10915418, -2609910, 1879358, 16164207,
+             -10783882, 3953792, 13340839, 15928663},
+            {31727126, -7179855, -18437503, -8283652, 2875793, -16390330,
+             -25269894, -7014826, -23452306, 5964753},
+            {4100420, -5959452, -17179337, 6017714, -18705837, 12227141,
+             -26684835, 11344144, 2538215, -7570755},
+        },
+        {
+            {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241,
+             -20474983, 1485421, -629256, -15958862},
+            {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492,
+             -20205425, -13191288, 11659922, -11115118},
+            {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568,
+             -10170080, 33100372, -1306171},
+        },
+        {
+            {15121113, -5201871, -10389905, 15427821, -27509937, -15992507,
+             21670947, 4486675, -5931810, -14466380},
+            {16166486, -9483733, -11104130, 6023908, -31926798, -1364923,
+             2340060, -16254968, -10735770, -10039824},
+            {28042865, -3557089, -12126526, 12259706, -3717498, -6945899,
+             6766453, -8689599, 18036436, 5803270},
+        },
+    },
+    {
+        {
+            {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391,
+             4598332, -6159431, -14117438},
+            {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183,
+             696309, 50292, -20095739, 11763584},
+            {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117,
+             -12613632, -19773211, -10713562},
+        },
+        {
+            {30464590, -11262872, -4127476, -12734478, 19835327, -7105613,
+             -24396175, 2075773, -17020157, 992471},
+            {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841,
+             8080033, -11574335, -10601610},
+            {19598397, 10334610, 12555054, 2555664, 18821899, -10339780,
+             21873263, 16014234, 26224780, 16452269},
+        },
+        {
+            {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804,
+             -7618186, -20533829, 3698650},
+            {14187449, 3448569, -10636236, -10810935, -22663880, -3433596,
+             7268410, -10890444, 27394301, 12015369},
+            {19695761, 16087646, 28032085, 12999827, 6817792, 11427614,
+             20244189, -1312777, -13259127, -3402461},
+        },
+        {
+            {30860103, 12735208, -1888245, -4699734, -16974906, 2256940,
+             -8166013, 12298312, -8550524, -10393462},
+            {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760,
+             -5789354, -15118654, -4976164, 12651793},
+            {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089,
+             -13118820, -16517902, 9768698, -2533218},
+        },
+        {
+            {-24719459, 1894651, -287698, -4704085, 15348719, -8156530,
+             32767513, 12765450, 4940095, 10678226},
+            {18860224, 15980149, -18987240, -1562570, -26233012, -11071856,
+             -7843882, 13944024, -24372348, 16582019},
+            {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756,
+             -11704054, 15444560, -11003761, 7989037},
+        },
+        {
+            {31490452, 5568061, -2412803, 2182383, -32336847, 4531686,
+             -32078269, 6200206, -19686113, -14800171},
+            {-17308668, -15879940, -31522777, -2831, -32887382, 16375549,
+             8680158, -16371713, 28550068, -6857132},
+            {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016,
+             -30039981, 4364038, 1155602, 5988841},
+        },
+        {
+            {21890435, -13272907, -12624011, 12154349, -7831873, 15300496,
+             23148983, -4470481, 24618407, 8283181},
+            {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536,
+             3070187, -7025928, 1466169, 10740210},
+            {-1509399, -15488185, -13503385, -10655916, 32799044, 909394,
+             -13938903, -5779719, -32164649, -15327040},
+        },
+        {
+            {3960823, -14267803, -28026090, -15918051, -19404858, 13146868,
+             15567327, 951507, -3260321, -573935},
+            {24740841, 5052253, -30094131, 8961361, 25877428, 6165135,
+             -24368180, 14397372, -7380369, -6144105},
+            {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454,
+             -15441463, -14453128, -1625486, -6494814},
+        },
+    },
+    {
+        {
+            {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843,
+             -4885251, -9906200, -621852},
+            {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374,
+             1468826, -6171428, -15186581},
+            {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288,
+             -30404353, -9871238, -1558923, -9863646},
+        },
+        {
+            {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958,
+             14783338, -30581476, -15757844},
+            {10566929, 12612572, -31944212, 11118703, -12633376, 12362879,
+             21752402, 8822496, 24003793, 14264025},
+            {27713862, -7355973, -11008240, 9227530, 27050101, 2504721,
+             23886875, -13117525, 13958495, -5732453},
+        },
+        {
+            {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291,
+             -31889399, -10041781, 7340521, -15410068},
+            {4646514, -8011124, -22766023, -11532654, 23184553, 8566613,
+             31366726, -1381061, -15066784, -10375192},
+            {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576,
+             27584817, 3093888, -8843694, 3849921},
+        },
+        {
+            {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958,
+             32477045, -9017955, 5002294, -15550259},
+            {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708,
+             16489530, 13378448, -25845716, 12741426},
+            {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677,
+             24306472, 15852464, 28834118, -7646072},
+        },
+        {
+            {-17335748, -9107057, -24531279, 9434953, -8472084, -583362,
+             -13090771, 455841, 20461858, 5491305},
+            {13669248, -16095482, -12481974, -10203039, -14569770, -11893198,
+             -24995986, 11293807, -28588204, -9421832},
+            {28497928, 6272777, -33022994, 14470570, 8906179, -1225630,
+             18504674, -14165166, 29867745, -8795943},
+        },
+        {
+            {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891,
+             -6367600, -13175392, 22853429, -4012011},
+            {24191378, 16712145, -13931797, 15217831, 14542237, 1646131,
+             18603514, -11037887, 12876623, -2112447},
+            {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753,
+             608397, 16031844, 3723494},
+        },
+        {
+            {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745,
+             17558842, -7872890, 23896954, -4314245},
+            {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064,
+             7229064, -9919646, -8826859},
+            {28816045, 298879, -28165016, -15920938, 19000928, -1665890,
+             -12680833, -2949325, -18051778, -2082915},
+        },
+        {
+            {16000882, -344896, 3493092, -11447198, -29504595, -13159789,
+             12577740, 16041268, -19715240, 7847707},
+            {10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
+             -32855931, -6519018, -10020567, 3852848},
+            {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598,
+             16514493, -15932110, 29330899, -15076224},
+        },
+    },
+    {
+        {
+            {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784,
+             3303702, 15490, -27548796, 12314391},
+            {15683520, -6003043, 18109120, -9980648, 15337968, -5997823,
+             -16717435, 15921866, 16103996, -3731215},
+            {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929,
+             -19273607, 5402699, -29815713, -9841101},
+        },
+        {
+            {23190676, 2384583, -32714340, 3462154, -29903655, -1529132,
+             -11266856, 8911517, -25205859, 2739713},
+            {21374101, -3554250, -33524649, 9874411, 15377179, 11831242,
+             -33529904, 6134907, 4931255, 11987849},
+            {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539,
+             13861388, -30076310, 10117930},
+        },
+        {
+            {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643,
+             -6325503, 6704079, 12890019, 15728940},
+            {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376,
+             -10428139, 12885167, 8311031},
+            {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191,
+             26423267, 4384730, 1888765, -5435404},
+        },
+        {
+            {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729,
+             -32251644, -12707869, -19464434, -3340243},
+            {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245,
+             14845197, 17151279, -9854116},
+            {-24830458, -12733720, -15165978, 10367250, -29530908, -265356,
+             22825805, -7087279, -16866484, 16176525},
+        },
+        {
+            {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182,
+             -10363426, -28746253, -10197509},
+            {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229,
+             23632037, -1940610, 32808310, 1099883},
+            {15030977, 5768825, -27451236, -2887299, -6427378, -15361371,
+             -15277896, -6809350, 2051441, -15225865},
+        },
+        {
+            {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398,
+             -14154188, -22686354, 16633660},
+            {4577086, -16752288, 13249841, -15304328, 19958763, -14537274,
+             18559670, -10759549, 8402478, -9864273},
+            {-28406330, -1051581, -26790155, -907698, -17212414, -11030789,
+             9453451, -14980072, 17983010, 9967138},
+        },
+        {
+            {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990,
+             7806337, 17507396, 3651560},
+            {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010,
+             26556809, -5574557, -18553322, -11357135},
+            {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121,
+             8459447, -5605463, -7621941},
+        },
+        {
+            {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813,
+             -849066, 17258084, -7977739},
+            {18164541, -10595176, -17154882, -1542417, 19237078, -9745295,
+             23357533, -15217008, 26908270, 12150756},
+            {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168,
+             -5537701, -32302074, 16215819},
+        },
+    },
+    {
+        {
+            {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835,
+             32574489, 12532905, -7503072, -8675347},
+            {-27343522, -16515468, -27151524, -10722951, 946346, 16291093,
+             254968, 7168080, 21676107, -1943028},
+            {21260961, -8424752, -16831886, -11920822, -23677961, 3968121,
+             -3651949, -6215466, -3556191, -7913075},
+        },
+        {
+            {16544754, 13250366, -16804428, 15546242, -4583003, 12757258,
+             -2462308, -8680336, -18907032, -9662799},
+            {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564,
+             26820651, 16690659, 25459437, -4564609},
+            {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224,
+             9142795, -2391602, -6432418, -1644817},
+        },
+        {
+            {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437,
+             -27457225, -16344658, 6335692, 7249989},
+            {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693,
+             -30272269, 2682242, 25993170, -12478523},
+            {4364628, 5930691, 32304656, -10044554, -8054781, 15091131,
+             22857016, -10598955, 31820368, 15075278},
+        },
+        {
+            {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788,
+             -9650886, -17970238, 12833045},
+            {19073683, 14851414, -24403169, -11860168, 7625278, 11091125,
+             -19619190, 2074449, -9413939, 14905377},
+            {24483667, -11935567, -2518866, -11547418, -1553130, 15355506,
+             -25282080, 9253129, 27628530, -7555480},
+        },
+        {
+            {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324,
+             -9157582, -14110875, 15297016},
+            {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417,
+             -11864220, 8683221, 2921426},
+            {18606791, 11874196, 27155355, -5281482, -24031742, 6265446,
+             -25178240, -1278924, 4674690, 13890525},
+        },
+        {
+            {13609624, 13069022, -27372361, -13055908, 24360586, 9592974,
+             14977157, 9835105, 4389687, 288396},
+            {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062,
+             8317628, 23388070, 16052080},
+            {12720016, 11937594, -31970060, -5028689, 26900120, 8561328,
+             -20155687, -11632979, -14754271, -10812892},
+        },
+        {
+            {15961858, 14150409, 26716931, -665832, -22794328, 13603569,
+             11829573, 7467844, -28822128, 929275},
+            {11038231, -11582396, -27310482, -7316562, -10498527, -16307831,
+             -23479533, -9371869, -21393143, 2465074},
+            {20017163, -4323226, 27915242, 1529148, 12396362, 15675764,
+             13817261, -9658066, 2463391, -4622140},
+        },
+        {
+            {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572,
+             9583558, 12851107, 4003896, 12673717},
+            {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325,
+             14741514, -9103726, 7903886, 2348101},
+            {24536016, -16515207, 12715592, -3862155, 1511293, 10047386,
+             -3842346, -7129159, -28377538, 10048127},
+        },
+    },
+    {
+        {
+            {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840,
+             18873298, -7297090, -32297756, 15221632},
+            {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409,
+             -21343950, 2095755, 29769758, 6593415},
+            {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345,
+             -6118678, 30958054, 8292160},
+        },
+        {
+            {31429822, -13959116, 29173532, 15632448, 12174511, -2760094,
+             32808831, 3977186, 26143136, -3148876},
+            {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633,
+             -1674433, -3758243, -2304625},
+            {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029,
+             -1612713, -1535569, -16664475, 8194478},
+        },
+        {
+            {27338066, -7507420, -7414224, 10140405, -19026427, -6589889,
+             27277191, 8855376, 28572286, 3005164},
+            {26287124, 4821776, 25476601, -4145903, -3764513, -15788984,
+             -18008582, 1182479, -26094821, -13079595},
+            {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192,
+             -21876275, -13982627, 32208683, -1198248},
+        },
+        {
+            {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505,
+             -27315504, -10497842, -27672585, -11539858},
+            {15941029, -9405932, -21367050, 8062055, 31876073, -238629,
+             -15278393, -1444429, 15397331, -4130193},
+            {8934485, -13485467, -23286397, -13423241, -32446090, 14047986,
+             31170398, -1441021, -27505566, 15087184},
+        },
+        {
+            {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776,
+             -15502406, 11461896, 16788528, -5868942},
+            {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433,
+             -3770287, -10323320, 31322514, -11615635},
+            {21426655, -5650218, -13648287, -5347537, -28812189, -4920970,
+             -18275391, -14621414, 13040862, -12112948},
+        },
+        {
+            {11293895, 12478086, -27136401, 15083750, -29307421, 14748872,
+             14555558, -13417103, 1613711, 4896935},
+            {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460,
+             2825960, -4897045, -23971776, -11267415},
+            {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618,
+             20615400, 12405433, -23753030, -8436416},
+        },
+        {
+            {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801,
+             4378436, 2432030, 23097949, -566018},
+            {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264,
+             10103221, -18512313, 2424778},
+            {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678,
+             1344109, -3642553, 12412659},
+        },
+        {
+            {-24001791, 7690286, 14929416, -168257, -32210835, -13412986,
+             24162697, -15326504, -3141501, 11179385},
+            {18289522, -14724954, 8056945, 16430056, -21729724, 7842514,
+             -6001441, -1486897, -18684645, -11443503},
+            {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959,
+             13403813, 11052904, 5219329},
+        },
+    },
+    {
+        {
+            {20678546, -8375738, -32671898, 8849123, -5009758, 14574752,
+             31186971, -3973730, 9014762, -8579056},
+            {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600,
+             -33102500, 9160280, 8473550, -3256838},
+            {24900749, 14435722, 17209120, -15292541, -22592275, 9878983,
+             -7689309, -16335821, -24568481, 11788948},
+        },
+        {
+            {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904,
+             -20037437, 10410733, -24568470, -1458691},
+            {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911,
+             11871841, -12505194, -18513325, 8464118},
+            {-23400612, 8348507, -14585951, -861714, -3950205, -6373419,
+             14325289, 8628612, 33313881, -8370517},
+        },
+        {
+            {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838,
+             -24805667, -10236854, -8940735, -5818269},
+            {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245,
+             15989197, -12838188, 28358192, -4253904},
+            {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267,
+             -16637684, 4072016, -5351664, 5596589},
+        },
+        {
+            {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565,
+             29266239, 2557221, 1768301, 15373193},
+            {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902,
+             -4504991, -24660491, 3442910},
+            {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093,
+             22597931, 7176455, -18585478, 13365930},
+        },
+        {
+            {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107,
+             -8570186, -9689599, -3031667},
+            {25008904, -10771599, -4305031, -9638010, 16265036, 15721635,
+             683793, -11823784, 15723479, -15163481},
+            {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514,
+             11879682, 5400171, 519526, -1235876},
+        },
+        {
+            {22258397, -16332233, -7869817, 14613016, -22520255, -2950923,
+             -20353881, 7315967, 16648397, 7605640},
+            {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212,
+             23994942, -5281555, -9468848, 4763278},
+            {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390,
+             31088447, -7764523, -11356529, 728112},
+        },
+        {
+            {26047220, -11751471, -6900323, -16521798, 24092068, 9158119,
+             -4273545, -12555558, -29365436, -5498272},
+            {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007,
+             12327945, 10750447, 10014012},
+            {-10312768, 3936952, 9156313, -8897683, 16498692, -994647,
+             -27481051, -666732, 3424691, 7540221},
+        },
+        {
+            {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422,
+             -16317219, -9244265, 15258046},
+            {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406,
+             2711395, 1062915, -5136345},
+            {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411,
+             -6066489, 12194497, 32960380, 1459310},
+        },
+    },
+    {
+        {
+            {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197,
+             -6101885, 18638003, -11174937},
+            {31395534, 15098109, 26581030, 8030562, -16527914, -5007134,
+             9012486, -7584354, -6643087, -5442636},
+            {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222,
+             9677543, -32294889, -6456008},
+        },
+        {
+            {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579,
+             -7839692, -7852844, -8138429},
+            {-15236356, -15433509, 7766470, 746860, 26346930, -10221762,
+             -27333451, 10754588, -9431476, 5203576},
+            {31834314, 14135496, -770007, 5159118, 20917671, -16768096,
+             -7467973, -7337524, 31809243, 7347066},
+        },
+        {
+            {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881,
+             19797970, -12211255, 15192876, -2087490},
+            {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091,
+             10609330, 12694420, 33473243, -13382104},
+            {33184999, 11180355, 15832085, -11385430, -1633671, 225884,
+             15089336, -11023903, -6135662, 14480053},
+        },
+        {
+            {31308717, -5619998, 31030840, -1897099, 15674547, -6582883,
+             5496208, 13685227, 27595050, 8737275},
+            {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022,
+             -31008351, -12610604, 26498114, 66511},
+            {22644454, -8761729, -16671776, 4884562, -3105614, -13559366,
+             30540766, -4286747, -13327787, -7515095},
+        },
+        {
+            {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506,
+             8205540, 13585437, -17127465, 15115439},
+            {23711543, -672915, 31206561, -8362711, 6164647, -9709987,
+             -33535882, -1426096, 8236921, 16492939},
+            {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270,
+             19574902, 10071562, 6708380, -6222424},
+        },
+        {
+            {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017,
+             9328700, 29955601, -11678310},
+            {3096359, 9271816, -21620864, -15521844, -14847996, -7592937,
+             -25892142, -12635595, -9917575, 6216608},
+            {-32615849, 338663, -25195611, 2510422, -29213566, -13820213,
+             24822830, -6146567, -26767480, 7525079},
+        },
+        {
+            {-23066649, -13985623, 16133487, -7896178, -3389565, 778788,
+             -910336, -2782495, -19386633, 11994101},
+            {21691500, -13624626, -641331, -14367021, 3285881, -3483596,
+             -25064666, 9718258, -7477437, 13381418},
+            {18445390, -4202236, 14979846, 11622458, -1727110, -3582980,
+             23111648, -6375247, 28535282, 15779576},
+        },
+        {
+            {30098053, 3089662, -9234387, 16662135, -21306940, 11308411,
+             -14068454, 12021730, 9955285, -16303356},
+            {9734894, -14576830, -7473633, -9138735, 2060392, 11313496,
+             -18426029, 9924399, 20194861, 13380996},
+            {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792,
+             -1984914, 15707771, 26342023, 10146099},
+        },
+    },
+    {
+        {
+            {-26016874, -219943, 21339191, -41388, 19745256, -2878700,
+             -29637280, 2227040, 21612326, -545728},
+            {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714,
+             25764461, 12243797, -20856566, 11649658},
+            {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944,
+             6114064, 33514190, 2333242},
+        },
+        {
+            {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134,
+             -6679750, -12670638, 24350578, -13450001},
+            {-4116307, -11271533, -23886186, 4843615, -30088339, 690623,
+             -31536088, -10406836, 8317860, 12352766},
+            {18200138, -14475911, -33087759, -2696619, -23702521, -9102511,
+             -23552096, -2287550, 20712163, 6719373},
+        },
+        {
+            {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530,
+             -3763210, 26224235, -3297458},
+            {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420,
+             21728352, 9493610, 18620611, -16428628},
+            {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965,
+             -5269471, -9725556, -30701573, -16479657},
+        },
+        {
+            {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940,
+             12248509, -5240639, 13735342, 1934062},
+            {25089769, 6742589, 17081145, -13406266, 21909293, -16067981,
+             -15136294, -3765346, -21277997, 5473616},
+            {31883677, -7961101, 1083432, -11572403, 22828471, 13290673,
+             -7125085, 12469656, 29111212, -5451014},
+        },
+        {
+            {24244947, -15050407, -26262976, 2791540, -14997599, 16666678,
+             24367466, 6388839, -10295587, 452383},
+            {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269,
+             -24236251, -5915248, 15766062, 8407814},
+            {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495,
+             -8917023, -4388953, -8067909, 2276718},
+        },
+        {
+            {30157918, 12924066, -17712050, 9245753, 19895028, 3368142,
+             -23827587, 5096219, 22740376, -7303417},
+            {2041139, -14256350, 7783687, 13876377, -25946985, -13352459,
+             24051124, 13742383, -15637599, 13295222},
+            {33338237, -8505733, 12532113, 7977527, 9106186, -1715251,
+             -17720195, -4612972, -4451357, -14669444},
+        },
+        {
+            {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651,
+             -2469266, -4141880, 7770569, 9620597},
+            {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528,
+             -1694323, -33502340, -14767970},
+            {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801,
+             1220118, 30494170, -11440799},
+        },
+        {
+            {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666,
+             -26739026, 926050, -1684339, -13333647},
+            {13908495, -3549272, 30919928, -6273825, -21521863, 7989039,
+             9021034, 9078865, 3353509, 4033511},
+            {-29663431, -15113610, 32259991, -344482, 24295849, -12912123,
+             23161163, 8839127, 27485041, 7356032},
+        },
+    },
+    {
+        {
+            {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142,
+             2625015, 28431036, -16771834},
+            {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183,
+             -22545972, 14150565, 15970762, 4099461},
+            {29262576, 16756590, 26350592, -8793563, 8529671, -11208050,
+             13617293, -9937143, 11465739, 8317062},
+        },
+        {
+            {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222,
+             14898637, 3848455, 20969334, -5157516},
+            {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114,
+             -21610826, -3649888, 11177095, 14989547},
+            {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771,
+             13515641, 2581286, -28487508, 9930240},
+        },
+        {
+            {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081,
+             18345767, -13403753, 16291481, -5314038},
+            {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774,
+             6957617, 4368891, 9788741},
+            {16660756, 7281060, -10830758, 12911820, 20108584, -8101676,
+             -21722536, -8613148, 16250552, -11111103},
+        },
+        {
+            {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584,
+             10604807, -30190403, 4782747},
+            {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590,
+             -9981571, 4383045, 22546403, 437323},
+            {31665577, -12180464, -16186830, 1491339, -18368625, 3294682,
+             27343084, 2786261, -30633590, -14097016},
+        },
+        {
+            {-14467279, -683715, -33374107, 7448552, 19294360, 14334329,
+             -19690631, 2355319, -19284671, -6114373},
+            {15121312, -15796162, 6377020, -6031361, -10798111, -12957845,
+             18952177, 15496498, -29380133, 11754228},
+            {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493,
+             7141596, 11724556, 22761615, -10134141},
+        },
+        {
+            {16918416, 11729663, -18083579, 3022987, -31015732, -13339659,
+             -28741185, -12227393, 32851222, 11717399},
+            {11166634, 7338049, -6722523, 4531520, -29468672, -7302055,
+             31474879, 3483633, -1193175, -4030831},
+            {-185635, 9921305, 31456609, -13536438, -12013818, 13348923,
+             33142652, 6546660, -19985279, -3948376},
+        },
+        {
+            {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903,
+             -8537131, -12833048, -30772034, -15486313},
+            {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425,
+             -31135347, -16049879, 10928917, 3011958},
+            {-6957757, -15594337, 31696059, 334240, 29576716, 14796075,
+             -30831056, -12805180, 18008031, 10258577},
+        },
+        {
+            {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591,
+             -1853465, 1367120, 25127874, 6671743},
+            {29701166, -14373934, -10878120, 9279288, -17568, 13127210,
+             21382910, 11042292, 25838796, 4642684},
+            {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470,
+             30468147, -13900640, 18423289, 4177476},
+        },
+    },
+};
+
+static uint8_t negative(signed char b) {
+  uint32_t x = b;
+  x >>= 31; /* 1: yes; 0: no */
+  return x;
+}
+
+static void table_select(ge_precomp *t, int pos, signed char b) {
+  ge_precomp minust;
+  uint8_t bnegative = negative(b);
+  uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+  ge_precomp_0(t);
+  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+  fe_copy(minust.yplusx, t->yminusx);
+  fe_copy(minust.yminusx, t->yplusx);
+  fe_neg(minust.xy2d, t->xy2d);
+  cmov(t, &minust, bnegative);
+}
+
+/* h = a * B
+ * where a = a[0]+256*a[1]+...+256^31 a[31]
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ *
+ * Preconditions:
+ *   a[31] <= 127 */
+static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
+  signed char e[64];
+  signed char carry;
+  ge_p1p1 r;
+  ge_p2 s;
+  ge_precomp t;
+  int i;
+
+  for (i = 0; i < 32; ++i) {
+    e[2 * i + 0] = (a[i] >> 0) & 15;
+    e[2 * i + 1] = (a[i] >> 4) & 15;
+  }
+  /* each e[i] is between 0 and 15 */
+  /* e[63] is between 0 and 7 */
+
+  carry = 0;
+  for (i = 0; i < 63; ++i) {
+    e[i] += carry;
+    carry = e[i] + 8;
+    carry >>= 4;
+    e[i] -= carry << 4;
+  }
+  e[63] += carry;
+  /* each e[i] is between -8 and 8 */
+
+  ge_p3_0(h);
+  for (i = 1; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    ge_p1p1_to_p3(h, &r);
+  }
+
+  ge_p3_dbl(&r, h);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  ge_p1p1_to_p3(h, &r);
+
+  for (i = 0; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    ge_p1p1_to_p3(h, &r);
+  }
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
+
+/* Replace (f,g) with (g,f) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}. */
+static void fe_cswap(fe f, fe g, unsigned int b) {
+  size_t i;
+  b = 0-b;
+  for (i = 0; i < 10; i++) {
+    int32_t x = f[i] ^ g[i];
+    x &= b;
+    f[i] ^= x;
+    g[i] ^= x;
+  }
+}
+
+/* h = f * 121666
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */
+static void fe_mul121666(fe h, fe f) {
+  int32_t f0 = f[0];
+  int32_t f1 = f[1];
+  int32_t f2 = f[2];
+  int32_t f3 = f[3];
+  int32_t f4 = f[4];
+  int32_t f5 = f[5];
+  int32_t f6 = f[6];
+  int32_t f7 = f[7];
+  int32_t f8 = f[8];
+  int32_t f9 = f[9];
+  int64_t h0 = f0 * (int64_t) 121666;
+  int64_t h1 = f1 * (int64_t) 121666;
+  int64_t h2 = f2 * (int64_t) 121666;
+  int64_t h3 = f3 * (int64_t) 121666;
+  int64_t h4 = f4 * (int64_t) 121666;
+  int64_t h5 = f5 * (int64_t) 121666;
+  int64_t h6 = f6 * (int64_t) 121666;
+  int64_t h7 = f7 * (int64_t) 121666;
+  int64_t h8 = f8 * (int64_t) 121666;
+  int64_t h9 = f9 * (int64_t) 121666;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+
+  carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+  carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+  carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+  carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+  carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+  carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+  carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+  carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+  carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+  carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+static void x25519_scalar_mult_generic(uint8_t out[32],
+                                       const uint8_t scalar[32],
+                                       const uint8_t point[32]) {
+  fe x1, x2, z2, x3, z3, tmp0, tmp1;
+  uint8_t e[32];
+  unsigned swap = 0;
+  int pos;
+
+  memcpy(e, scalar, 32);
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fe_frombytes(x1, point);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3, x1);
+  fe_1(z3);
+
+  for (pos = 254; pos >= 0; --pos) {
+    unsigned b = 1 & (e[pos / 8] >> (pos & 7));
+    swap ^= b;
+    fe_cswap(x2, x3, swap);
+    fe_cswap(z2, z3, swap);
+    swap = b;
+    fe_sub(tmp0, x3, z3);
+    fe_sub(tmp1, x2, z2);
+    fe_add(x2, x2, z2);
+    fe_add(z2, x3, z3);
+    fe_mul(z3, tmp0, x2);
+    fe_mul(z2, z2, tmp1);
+    fe_sq(tmp0, tmp1);
+    fe_sq(tmp1, x2);
+    fe_add(x3, z3, z2);
+    fe_sub(z2, z3, z2);
+    fe_mul(x2, tmp1, tmp0);
+    fe_sub(tmp1, tmp1, tmp0);
+    fe_sq(z2, z2);
+    fe_mul121666(z3, tmp1);
+    fe_sq(x3, x3);
+    fe_add(tmp0, tmp0, z3);
+    fe_mul(z3, x1, z2);
+    fe_mul(z2, tmp1, tmp0);
+  }
+  fe_cswap(x2, x3, swap);
+  fe_cswap(z2, z3, swap);
+
+  fe_invert(z2, z2);
+  fe_mul(x2, x2, z2);
+  fe_tobytes(out, x2);
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
+
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32]) {
+  x25519_scalar_mult_generic(out, scalar, point);
+}
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]) {
+  static const uint8_t kZeros[32] = {0};
+  x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
+  /* The all-zero output results when the input is a point of small order. */
+  return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
+}
+
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]) {
+  uint8_t e[32];
+  ge_p3 A;
+  fe zplusy, zminusy, zminusy_inv;
+
+  memcpy(e, private_key, 32);
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  ge_scalarmult_base(&A, e);
+
+  /* We only need the u-coordinate of the curve25519 point. The map is
+   * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */
+  fe_add(zplusy, A.Z, A.Y);
+  fe_sub(zminusy, A.Z, A.Y);
+  fe_invert(zminusy_inv, zminusy);
+  fe_mul(zplusy, zplusy, zminusy_inv);
+  fe_tobytes(out_public_value, zplusy);
+
+  OPENSSL_cleanse(e, sizeof(e));
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec2_mult.c b/openssl-1.1.0h/crypto/ec/ec2_mult.c
new file mode 100644
index 0000000..e4a1ec5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec2_mult.c
@@ -0,0 +1,418 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*-
+ * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
+ * coordinates.
+ * Uses algorithm Mdouble in appendix of
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ * modified to not require precomputation of c=b^{2^{m-1}}.
+ */
+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z,
+                        BN_CTX *ctx)
+{
+    BIGNUM *t1;
+    int ret = 0;
+
+    /* Since Mdouble is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    if (t1 == NULL)
+        goto err;
+
+    if (!group->meth->field_sqr(group, x, x, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t1, z, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, z, x, t1, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, x, x, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t1, t1, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t1, group->b, t1, ctx))
+        goto err;
+    if (!BN_GF2m_add(x, x, t1))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
+ * projective coordinates.
+ * Uses algorithm Madd in appendix of
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ */
+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1,
+                     BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2,
+                     BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2;
+    int ret = 0;
+
+    /* Since Madd is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, x))
+        goto err;
+    if (!group->meth->field_mul(group, x1, x1, z2, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, z1, z1, x2, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t2, x1, z1, ctx))
+        goto err;
+    if (!BN_GF2m_add(z1, z1, x1))
+        goto err;
+    if (!group->meth->field_sqr(group, z1, z1, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x1, z1, t1, ctx))
+        goto err;
+    if (!BN_GF2m_add(x1, x1, t2))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+ * using Montgomery point multiplication algorithm Mxy() in appendix of
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ * Returns:
+ *     0 on error
+ *     1 if return value should be the point at infinity
+ *     2 otherwise
+ */
+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y,
+                    BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2,
+                    BN_CTX *ctx)
+{
+    BIGNUM *t3, *t4, *t5;
+    int ret = 0;
+
+    if (BN_is_zero(z1)) {
+        BN_zero(x2);
+        BN_zero(z2);
+        return 1;
+    }
+
+    if (BN_is_zero(z2)) {
+        if (!BN_copy(x2, x))
+            return 0;
+        if (!BN_GF2m_add(z2, x, y))
+            return 0;
+        return 2;
+    }
+
+    /* Since Mxy is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    if (t5 == NULL)
+        goto err;
+
+    if (!BN_one(t5))
+        goto err;
+
+    if (!group->meth->field_mul(group, t3, z1, z2, ctx))
+        goto err;
+
+    if (!group->meth->field_mul(group, z1, z1, x, ctx))
+        goto err;
+    if (!BN_GF2m_add(z1, z1, x1))
+        goto err;
+    if (!group->meth->field_mul(group, z2, z2, x, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x1, z2, x1, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, z2, x2))
+        goto err;
+
+    if (!group->meth->field_mul(group, z2, z2, z1, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t4, x, ctx))
+        goto err;
+    if (!BN_GF2m_add(t4, t4, y))
+        goto err;
+    if (!group->meth->field_mul(group, t4, t4, t3, ctx))
+        goto err;
+    if (!BN_GF2m_add(t4, t4, z2))
+        goto err;
+
+    if (!group->meth->field_mul(group, t3, t3, x, ctx))
+        goto err;
+    if (!group->meth->field_div(group, t3, t5, t3, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t4, t3, t4, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x2, x1, t3, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, x2, x))
+        goto err;
+
+    if (!group->meth->field_mul(group, z2, z2, t4, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, z2, y))
+        goto err;
+
+    ret = 2;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Computes scalar*point and stores the result in r.
+ * point can not equal r.
+ * Uses a modified algorithm 2P of
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
+ */
+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
+                                             EC_POINT *r,
+                                             const BIGNUM *scalar,
+                                             const EC_POINT *point,
+                                             BN_CTX *ctx)
+{
+    BIGNUM *x1, *x2, *z1, *z2;
+    int ret = 0, i, group_top;
+    BN_ULONG mask, word;
+
+    if (r == point) {
+        ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    /* if result should be point at infinity */
+    if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
+        EC_POINT_is_at_infinity(group, point)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return 0;
+
+    /*
+     * Since point_multiply is static we can guarantee that ctx != NULL.
+     */
+    BN_CTX_start(ctx);
+    x1 = BN_CTX_get(ctx);
+    z1 = BN_CTX_get(ctx);
+    if (z1 == NULL)
+        goto err;
+
+    x2 = r->X;
+    z2 = r->Y;
+
+    group_top = bn_get_top(group->field);
+    if (bn_wexpand(x1, group_top) == NULL
+        || bn_wexpand(z1, group_top) == NULL
+        || bn_wexpand(x2, group_top) == NULL
+        || bn_wexpand(z2, group_top) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(x1, point->X, group->poly))
+        goto err;               /* x1 = x */
+    if (!BN_one(z1))
+        goto err;               /* z1 = 1 */
+    if (!group->meth->field_sqr(group, z2, x1, ctx))
+        goto err;               /* z2 = x1^2 = x^2 */
+    if (!group->meth->field_sqr(group, x2, z2, ctx))
+        goto err;
+    if (!BN_GF2m_add(x2, x2, group->b))
+        goto err;               /* x2 = x^4 + b */
+
+    /* find top most bit and go one past it */
+    i = bn_get_top(scalar) - 1;
+    mask = BN_TBIT;
+    word = bn_get_words(scalar)[i];
+    while (!(word & mask))
+        mask >>= 1;
+    mask >>= 1;
+    /* if top most bit was at word break, go to next word */
+    if (!mask) {
+        i--;
+        mask = BN_TBIT;
+    }
+
+    for (; i >= 0; i--) {
+        word = bn_get_words(scalar)[i];
+        while (mask) {
+            BN_consttime_swap(word & mask, x1, x2, group_top);
+            BN_consttime_swap(word & mask, z1, z2, group_top);
+            if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx))
+                goto err;
+            if (!gf2m_Mdouble(group, x1, z1, ctx))
+                goto err;
+            BN_consttime_swap(word & mask, x1, x2, group_top);
+            BN_consttime_swap(word & mask, z1, z2, group_top);
+            mask >>= 1;
+        }
+        mask = BN_TBIT;
+    }
+
+    /* convert out of "projective" coordinates */
+    i = gf2m_Mxy(group, point->X, point->Y, x1, z1, x2, z2, ctx);
+    if (i == 0)
+        goto err;
+    else if (i == 1) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (!BN_one(r->Z))
+            goto err;
+        r->Z_is_one = 1;
+    }
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(r->X, 0);
+    BN_set_negative(r->Y, 0);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Computes the sum
+ *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
+ * gracefully ignoring NULL scalar values.
+ */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+                       const BIGNUM *scalar, size_t num,
+                       const EC_POINT *points[], const BIGNUM *scalars[],
+                       BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+    size_t i;
+    EC_POINT *p = NULL;
+    EC_POINT *acc = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    /*
+     * This implementation is more efficient than the wNAF implementation for
+     * 2 or fewer points.  Use the ec_wNAF_mul implementation for 3 or more
+     * points, or if we can perform a fast multiplication based on
+     * precomputation.
+     */
+    if ((scalar && (num > 1)) || (num > 2)
+        || (num == 0 && EC_GROUP_have_precompute_mult(group))) {
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+        goto err;
+    }
+
+    if ((p = EC_POINT_new(group)) == NULL)
+        goto err;
+    if ((acc = EC_POINT_new(group)) == NULL)
+        goto err;
+
+    if (!EC_POINT_set_to_infinity(group, acc))
+        goto err;
+
+    if (scalar) {
+        if (!ec_GF2m_montgomery_point_multiply
+            (group, p, scalar, group->generator, ctx))
+            goto err;
+        if (BN_is_negative(scalar))
+            if (!group->meth->invert(group, p, ctx))
+                goto err;
+        if (!group->meth->add(group, acc, acc, p, ctx))
+            goto err;
+    }
+
+    for (i = 0; i < num; i++) {
+        if (!ec_GF2m_montgomery_point_multiply
+            (group, p, scalars[i], points[i], ctx))
+            goto err;
+        if (BN_is_negative(scalars[i]))
+            if (!group->meth->invert(group, p, ctx))
+                goto err;
+        if (!group->meth->add(group, acc, acc, p, ctx))
+            goto err;
+    }
+
+    if (!EC_POINT_copy(r, acc))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(p);
+    EC_POINT_free(acc);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Precomputation for point multiplication: fall back to wNAF methods because
+ * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate
+ */
+
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    return ec_wNAF_precompute_mult(group, ctx);
+}
+
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
+{
+    return ec_wNAF_have_precompute_mult(group);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ec2_oct.c b/openssl-1.1.0h/crypto/ec/ec2_oct.c
new file mode 100644
index 0000000..ea88ce8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec2_oct.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*-
+ * Calculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * The method is from the following publication:
+ *
+ *     Harper, Menezes, Vanstone:
+ *     "Public-Key Cryptosystems with Very Small Key Lengths",
+ *     EUROCRYPT '92, Springer-Verlag LNCS 658,
+ *     published February 1993
+ *
+ * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
+ * the same method, but claim no priority date earlier than July 29, 1994
+ * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                              EC_POINT *point,
+                                              const BIGNUM *x_, int y_bit,
+                                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *x, *y, *z;
+    int ret = 0, z0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0) ? 1 : 0;
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    if (z == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(x, x_, group->poly))
+        goto err;
+    if (BN_is_zero(x)) {
+        if (!BN_GF2m_mod_sqrt_arr(y, group->b, group->poly, ctx))
+            goto err;
+    } else {
+        if (!group->meth->field_sqr(group, tmp, x, ctx))
+            goto err;
+        if (!group->meth->field_div(group, tmp, group->b, tmp, ctx))
+            goto err;
+        if (!BN_GF2m_add(tmp, group->a, tmp))
+            goto err;
+        if (!BN_GF2m_add(tmp, x, tmp))
+            goto err;
+        if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
+            unsigned long err = ERR_peek_last_error();
+
+            if (ERR_GET_LIB(err) == ERR_LIB_BN
+                && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
+                ERR_clear_error();
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            } else
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      ERR_R_BN_LIB);
+            goto err;
+        }
+        z0 = (BN_is_odd(z)) ? 1 : 0;
+        if (!group->meth->field_mul(group, y, x, z, ctx))
+            goto err;
+        if (z0 != y_bit) {
+            if (!BN_GF2m_add(y, y, x))
+                goto err;
+        }
+    }
+
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded
+ * length will be returned. If the length len of buf is smaller than required
+ * an error will be returned.
+ */
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        yxi = BN_CTX_get(ctx);
+        if (yxi == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+            goto err;
+
+        buf[0] = form;
+        if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (BN_is_odd(yxi))
+                buf[0]++;
+        }
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+/*
+ * Converts an octet string representation to an EC_POINT. Note that the
+ * simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                             const unsigned char *buf, size_t len,
+                             BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    yxi = BN_CTX_get(ctx);
+    if (yxi == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, group->field) >= 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates_GF2m
+            (group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, group->field) >= 0) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (y_bit != BN_is_odd(yxi)) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ec2_smpl.c b/openssl-1.1.0h/crypto/ec/ec2_smpl.c
new file mode 100644
index 0000000..cfeef5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec2_smpl.c
@@ -0,0 +1,758 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0 /* set_Jprojective_coordinates_GFp */ ,
+        0 /* get_Jprojective_coordinates_GFp */ ,
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+
+        /*
+         * the following three method functions are defined in ec2_mult.c
+         */
+        ec_GF2m_simple_mul,
+        ec_GF2m_precompute_mult,
+        ec_GF2m_have_precompute_mult,
+
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+/*
+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
+ * are handled by EC_GROUP_new.
+ */
+int ec_GF2m_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_free.
+ */
+void ec_GF2m_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+/*
+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other
+ * members are handled by EC_GROUP_clear_free.
+ */
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+    group->poly[0] = 0;
+    group->poly[1] = 0;
+    group->poly[2] = 0;
+    group->poly[3] = 0;
+    group->poly[4] = 0;
+    group->poly[5] = -1;
+}
+
+/*
+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_copy.
+ */
+int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+    dest->poly[0] = src->poly[0];
+    dest->poly[1] = src->poly[1];
+    dest->poly[2] = src->poly[2];
+    dest->poly[3] = src->poly[3];
+    dest->poly[4] = src->poly[4];
+    dest->poly[5] = src->poly[5];
+    if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    bn_set_all_zero(dest->a);
+    bn_set_all_zero(dest->b);
+    return 1;
+}
+
+/* Set the curve parameters of an EC_GROUP structure. */
+int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
+                                   const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0, i;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1;
+    if ((i != 5) && (i != 3)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    /* group->a */
+    if (!BN_GF2m_mod_arr(group->a, a, group->poly))
+        goto err;
+    if (bn_wexpand(group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->a);
+
+    /* group->b */
+    if (!BN_GF2m_mod_arr(group->b, b, group->poly))
+        goto err;
+    if (bn_wexpand(group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->b);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL
+ * then there values will not be set but the method will return with success.
+ */
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
+                                   BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL) {
+        if (!BN_copy(a, group->a))
+            goto err;
+    }
+
+    if (b != NULL) {
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the degree of the field.  For a curve over GF(2^m) this is the value
+ * m.
+ */
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field) - 1;
+}
+
+/*
+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an
+ * elliptic curve <=> b != 0 (mod p)
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
+                                            BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *b;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(b, group->b, group->poly))
+        goto err;
+
+    /*
+     * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
+     * curve <=> b != 0 (mod p)
+     */
+    if (BN_is_zero(b))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Initializes an EC_POINT. */
+int ec_GF2m_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+/* Frees an EC_POINT. */
+void ec_GF2m_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+/* Clears and frees an EC_POINT. */
+void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+/*
+ * Copy the contents of one EC_POINT into another.  Assumes dest is
+ * initialized.
+ */
+int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+
+    return 1;
+}
+
+/*
+ * Set an EC_POINT to the point at infinity. A point at infinity is
+ * represented by having Z=0.
+ */
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
+                                         EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+/*
+ * Set the coordinates of an EC_POINT using affine coordinates. Note that
+ * the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                                EC_POINT *point,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *ctx)
+{
+    int ret = 0;
+    if (x == NULL || y == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!BN_copy(point->X, x))
+        goto err;
+    BN_set_negative(point->X, 0);
+    if (!BN_copy(point->Y, y))
+        goto err;
+    BN_set_negative(point->Y, 0);
+    if (!BN_copy(point->Z, BN_value_one()))
+        goto err;
+    BN_set_negative(point->Z, 0);
+    point->Z_is_one = 1;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the affine coordinates of an EC_POINT. Note that the simple
+ * implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                                const EC_POINT *point,
+                                                BIGNUM *x, BIGNUM *y,
+                                                BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (BN_cmp(point->Z, BN_value_one())) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (x != NULL) {
+        if (!BN_copy(x, point->X))
+            goto err;
+        BN_set_negative(x, 0);
+    }
+    if (y != NULL) {
+        if (!BN_copy(y, point->Y))
+            goto err;
+        BN_set_negative(y, 0);
+    }
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Computes a + b and stores the result in r.  r could be a or b, a could be
+ * b. Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        if (!EC_POINT_copy(r, b))
+            return 0;
+        return 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b)) {
+        if (!EC_POINT_copy(r, a))
+            return 0;
+        return 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x0 = BN_CTX_get(ctx);
+    y0 = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+    s = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (a->Z_is_one) {
+        if (!BN_copy(x0, a->X))
+            goto err;
+        if (!BN_copy(y0, a->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
+            goto err;
+    }
+    if (b->Z_is_one) {
+        if (!BN_copy(x1, b->X))
+            goto err;
+        if (!BN_copy(y1, b->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
+            goto err;
+    }
+
+    if (BN_GF2m_cmp(x0, x1)) {
+        if (!BN_GF2m_add(t, x0, x1))
+            goto err;
+        if (!BN_GF2m_add(s, y0, y1))
+            goto err;
+        if (!group->meth->field_div(group, s, s, t, ctx))
+            goto err;
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, t))
+            goto err;
+    } else {
+        if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
+            if (!EC_POINT_set_to_infinity(group, r))
+                goto err;
+            ret = 1;
+            goto err;
+        }
+        if (!group->meth->field_div(group, s, y1, x1, ctx))
+            goto err;
+        if (!BN_GF2m_add(s, s, x1))
+            goto err;
+
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+    }
+
+    if (!BN_GF2m_add(y2, x1, x2))
+        goto err;
+    if (!group->meth->field_mul(group, y2, y2, s, ctx))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, x2))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, y1))
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Computes 2 * a and stores the result in r.  r could be a. Uses algorithm
+ * A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *ctx)
+{
+    return ec_GF2m_simple_add(group, r, a, a, ctx);
+}
+
+int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    if (!EC_POINT_make_affine(group, point, ctx))
+        return 0;
+    return BN_GF2m_add(point->Y, point->X, point->Y);
+}
+
+/* Indicates whether the given point is the point at infinity. */
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
+                                  const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
+ * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
+ *      y^2 + x*y = x^3 + a*x^2 + b.
+ */
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    int ret = -1;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *lh, *y2;
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return -1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    y2 = BN_CTX_get(ctx);
+    lh = BN_CTX_get(ctx);
+    if (lh == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 + x*y = x^3 + a*x^2 + b.
+     *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+     *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
+     */
+    if (!BN_GF2m_add(lh, point->X, group->a))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, point->Y))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, group->b))
+        goto err;
+    if (!field_sqr(group, y2, point->Y, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, y2))
+        goto err;
+    ret = BN_is_zero(lh);
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Indicates whether two points are equal.
+ * Return values:
+ *  -1   error
+ *   0   equal (in affine coordinates)
+ *   1   not equal
+ */
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BIGNUM *aX, *aY, *bX, *bY;
+    BN_CTX *new_ctx = NULL;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    aX = BN_CTX_get(ctx);
+    aY = BN_CTX_get(ctx);
+    bX = BN_CTX_get(ctx);
+    bY = BN_CTX_get(ctx);
+    if (bY == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
+        goto err;
+    ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
+
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Forces the given EC_POINT to internally use affine coordinates. */
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+        goto err;
+    if (!BN_copy(point->X, x))
+        goto err;
+    if (!BN_copy(point->Y, y))
+        goto err;
+    if (!BN_one(point->Z))
+        goto err;
+    point->Z_is_one = 1;
+
+    ret = 1;
+
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Forces each of the EC_POINTs in the given array to use affine coordinates.
+ */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                      EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    for (i = 0; i < num; i++) {
+        if (!group->meth->make_affine(group, points[i], ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field division implementation. */
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_div(r, a, b, group->field, ctx);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ec_ameth.c b/openssl-1.1.0h/crypto/ec/ec_ameth.c
new file mode 100644
index 0000000..b66adf2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_ameth.c
@@ -0,0 +1,885 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include <openssl/asn1t.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "ec_lcl.h"
+
+#ifndef OPENSSL_NO_CMS
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
+{
+    const EC_GROUP *group;
+    int nid;
+    if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+    if (EC_GROUP_get_asn1_flag(group)
+        && (nid = EC_GROUP_get_curve_name(group)))
+        /* we have a 'named curve' => just set the OID */
+    {
+        *ppval = OBJ_nid2obj(nid);
+        *pptype = V_ASN1_OBJECT;
+    } else {                    /* explicit parameters */
+
+        ASN1_STRING *pstr = NULL;
+        pstr = ASN1_STRING_new();
+        if (pstr == NULL)
+            return 0;
+        pstr->length = i2d_ECParameters(ec_key, &pstr->data);
+        if (pstr->length <= 0) {
+            ASN1_STRING_free(pstr);
+            ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+            return 0;
+        }
+        *ppval = pstr;
+        *pptype = V_ASN1_SEQUENCE;
+    }
+    return 1;
+}
+
+static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    EC_KEY *ec_key = pkey->pkey.ec;
+    void *pval = NULL;
+    int ptype;
+    unsigned char *penc = NULL, *p;
+    int penclen;
+
+    if (!eckey_param2type(&ptype, &pval, ec_key)) {
+        ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    penclen = i2o_ECPublicKey(ec_key, NULL);
+    if (penclen <= 0)
+        goto err;
+    penc = OPENSSL_malloc(penclen);
+    if (penc == NULL)
+        goto err;
+    p = penc;
+    penclen = i2o_ECPublicKey(ec_key, &p);
+    if (penclen <= 0)
+        goto err;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
+                               ptype, pval, penc, penclen))
+        return 1;
+ err:
+    if (ptype == V_ASN1_OBJECT)
+        ASN1_OBJECT_free(pval);
+    else
+        ASN1_STRING_free(pval);
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static EC_KEY *eckey_type2param(int ptype, const void *pval)
+{
+    EC_KEY *eckey = NULL;
+    if (ptype == V_ASN1_SEQUENCE) {
+        const ASN1_STRING *pstr = pval;
+        const unsigned char *pm = NULL;
+        int pmlen;
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+            goto ecerr;
+        }
+    } else if (ptype == V_ASN1_OBJECT) {
+        const ASN1_OBJECT *poid = pval;
+        EC_GROUP *group;
+
+        /*
+         * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
+         */
+        if ((eckey = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+            goto ecerr;
+        }
+        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
+        if (group == NULL)
+            goto ecerr;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (EC_KEY_set_group(eckey, group) == 0)
+            goto ecerr;
+        EC_GROUP_free(group);
+    } else {
+        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    return eckey;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    return NULL;
+}
+
+static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    /* We have parameters now set public key */
+    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    int r;
+    const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+    const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+        *pb = EC_KEY_get0_public_key(b->pkey.ec);
+    if (group == NULL || pa == NULL || pb == NULL)
+        return -2;
+    r = EC_POINT_cmp(group, pa, pb, NULL);
+    if (r == 0)
+        return 1;
+    if (r == 1)
+        return 0;
+    return -2;
+}
+
+static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    const X509_ALGOR *palg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey)
+        goto ecliberr;
+
+    /* We have parameters now set private key */
+    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecliberr:
+    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    EC_KEY ec_key = *(pkey->pkey.ec);
+    unsigned char *ep, *p;
+    int eplen, ptype;
+    void *pval;
+    unsigned int old_flags;
+
+    if (!eckey_param2type(&ptype, &pval, &ec_key)) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+
+    /* set the private key */
+
+    /*
+     * do not include the parameters in the SEC1 private key see PKCS#11
+     * 12.11
+     */
+    old_flags = EC_KEY_get_enc_flags(&ec_key);
+    EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
+
+    eplen = i2d_ECPrivateKey(&ec_key, NULL);
+    if (!eplen) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    ep = OPENSSL_malloc(eplen);
+    if (ep == NULL) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = ep;
+    if (!i2d_ECPrivateKey(&ec_key, &p)) {
+        OPENSSL_free(ep);
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+                         ptype, pval, ep, eplen)) {
+        OPENSSL_free(ep);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int int_ec_size(const EVP_PKEY *pkey)
+{
+    return ECDSA_size(pkey->pkey.ec);
+}
+
+static int ec_bits(const EVP_PKEY *pkey)
+{
+    return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec));
+}
+
+static int ec_security_bits(const EVP_PKEY *pkey)
+{
+    int ecbits = ec_bits(pkey);
+    if (ecbits >= 512)
+        return 256;
+    if (ecbits >= 384)
+        return 192;
+    if (ecbits >= 256)
+        return 128;
+    if (ecbits >= 224)
+        return 112;
+    if (ecbits >= 160)
+        return 80;
+    return ecbits / 2;
+}
+
+static int ec_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+        return 1;
+    return 0;
+}
+
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
+    if (group == NULL)
+        return 0;
+    if (to->pkey.ec == NULL) {
+        to->pkey.ec = EC_KEY_new();
+        if (to->pkey.ec == NULL)
+            goto err;
+    }
+    if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+        goto err;
+    EC_GROUP_free(group);
+    return 1;
+ err:
+    EC_GROUP_free(group);
+    return 0;
+}
+
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+        *group_b = EC_KEY_get0_group(b->pkey.ec);
+    if (group_a == NULL || group_b == NULL)
+        return -2;
+    if (EC_GROUP_cmp(group_a, group_b, NULL))
+        return 0;
+    else
+        return 1;
+}
+
+static void int_ec_free(EVP_PKEY *pkey)
+{
+    EC_KEY_free(pkey->pkey.ec);
+}
+
+typedef enum {
+    EC_KEY_PRINT_PRIVATE,
+    EC_KEY_PRINT_PUBLIC,
+    EC_KEY_PRINT_PARAM
+} ec_print_t;
+
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
+{
+    const char *ecstr;
+    unsigned char *priv = NULL, *pub = NULL;
+    size_t privlen = 0, publen = 0;
+    int ret = 0;
+    const EC_GROUP *group;
+
+    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
+        publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
+        if (publen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) {
+        privlen = EC_KEY_priv2buf(x, &priv);
+        if (privlen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE)
+        ecstr = "Private-Key";
+    else if (ktype == EC_KEY_PRINT_PUBLIC)
+        ecstr = "Public-Key";
+    else
+        ecstr = "ECDSA-Parameters";
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+    if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                   EC_GROUP_order_bits(group)) <= 0)
+        goto err;
+
+    if (privlen != 0) {
+        if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0)
+            goto err;
+    }
+
+    if (publen != 0) {
+        if (BIO_printf(bp, "%*spub:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, pub, publen, off + 4) == 0)
+            goto err;
+    }
+
+    if (!ECPKParameters_print(bp, group, off))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB);
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    return ret;
+}
+
+static int eckey_param_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *eckey;
+
+    if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+}
+
+static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECParameters(pkey->pkey.ec, pder);
+}
+
+static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                             ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM);
+}
+
+static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC);
+}
+
+static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE);
+}
+
+static int old_ec_priv_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *ec;
+
+    if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, ec);
+    return 1;
+}
+
+static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECPrivateKey(pkey->pkey.ec, pder);
+}
+
+static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return ecdh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return ecdh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 2;
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
+                              POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
+
+    default:
+        return -2;
+
+    }
+
+}
+
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
+    EVP_PKEY_EC,
+    EVP_PKEY_EC,
+    0,
+    "EC",
+    "OpenSSL EC algorithm",
+
+    eckey_pub_decode,
+    eckey_pub_encode,
+    eckey_pub_cmp,
+    eckey_pub_print,
+
+    eckey_priv_decode,
+    eckey_priv_encode,
+    eckey_priv_print,
+
+    int_ec_size,
+    ec_bits,
+    ec_security_bits,
+
+    eckey_param_decode,
+    eckey_param_encode,
+    ec_missing_parameters,
+    ec_copy_parameters,
+    ec_cmp_parameters,
+    eckey_param_print,
+    0,
+
+    int_ec_free,
+    ec_pkey_ctrl,
+    old_ec_priv_decode,
+    old_ec_priv_encode
+};
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+{
+    int private = EC_KEY_get0_private_key(x) != NULL;
+
+    return do_EC_KEY_print(bp, x, off,
+                private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
+}
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+{
+    return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
+}
+
+#ifndef OPENSSL_NO_CMS
+
+static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                                X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL;
+    EC_KEY *ecpeer = NULL;
+    const unsigned char *p;
+    int plen;
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey)
+        goto err;
+    /* If absent parameters get group from main key */
+    if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) {
+        const EC_GROUP *grp;
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pk)
+            goto err;
+        grp = EC_KEY_get0_group(pk->pkey.ec);
+        ecpeer = EC_KEY_new();
+        if (ecpeer == NULL)
+            goto err;
+        if (!EC_KEY_set_group(ecpeer, grp))
+            goto err;
+    } else {
+        ecpeer = eckey_type2param(atype, aval);
+        if (!ecpeer)
+            goto err;
+    }
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (!p || !plen)
+        goto err;
+    if (!o2i_ECPublicKey(&ecpeer, &p, plen))
+        goto err;
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+    EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    EC_KEY_free(ecpeer);
+    EVP_PKEY_free(pkpeer);
+    return rv;
+}
+
+/* Set KDF parameters based on KDF NID */
+static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
+{
+    int kdf_nid, kdfmd_nid, cofactor;
+    const EVP_MD *kdf_md;
+    if (eckdf_nid == NID_undef)
+        return 0;
+
+    /* Lookup KDF type, cofactor mode and digest */
+    if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid))
+        return 0;
+
+    if (kdf_nid == NID_dh_std_kdf)
+        cofactor = 0;
+    else if (kdf_nid == NID_dh_cofactor_kdf)
+        cofactor = 1;
+    else
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+        return 0;
+
+    kdf_md = EVP_get_digestbynid(kdfmd_nid);
+    if (!kdf_md)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+        return 0;
+    return 1;
+}
+
+static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *der = NULL;
+    int plen, keylen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        return 0;
+
+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+        ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);
+        return 0;
+    }
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        return 0;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen);
+
+    if (!plen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0)
+        goto err;
+    der = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(der);
+    return rv;
+}
+
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) {
+            ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set ECDH derivation parameters and initialise unwrap context */
+    if (!ecdh_cms_set_shared_info(pctx, ri)) {
+        ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL;
+    int penclen;
+    int rv = 0;
+    int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+
+        EC_KEY *eckey = pkey->pkey.ec;
+        /* Set the key */
+        unsigned char *p;
+
+        penclen = i2o_ECPublicKey(eckey, NULL);
+        if (penclen <= 0)
+            goto err;
+        penc = OPENSSL_malloc(penclen);
+        if (penc == NULL)
+            goto err;
+        p = penc;
+        penclen = i2o_ECPublicKey(eckey, &p);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
+        goto err;
+    ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
+    if (ecdh_nid < 0)
+        goto err;
+    else if (ecdh_nid == 0)
+        ecdh_nid = NID_dh_std_kdf;
+    else if (ecdh_nid == 1)
+        ecdh_nid = NID_dh_cofactor_kdf;
+
+    if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
+        kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Fixme later for better MD */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    }
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Lookup NID for KDF+cofactor+digest */
+
+    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))
+        goto err;
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
+
+    if (!penclen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
+        goto err;
+    penc = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    return rv;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ec_asn1.c b/openssl-1.1.0h/crypto/ec/ec_asn1.c
new file mode 100644
index 0000000..271178f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_asn1.c
@@ -0,0 +1,1237 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int EC_GROUP_get_basis_type(const EC_GROUP *group)
+{
+    int i;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field)
+        /* everything else is currently not supported */
+        return 0;
+
+    /* Find the last non-zero element of group->poly[] */
+    for (i = 0;
+         i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
+         i++)
+        continue;
+
+    if (i == 4)
+        return NID_X9_62_ppBasis;
+    else if (i == 2)
+        return NID_X9_62_tpBasis;
+    else
+        /* everything else is currently not supported */
+        return 0;
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k)
+        *k = group->poly[1];
+
+    return 1;
+}
+
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] != 0) && (group->poly[3] != 0)
+             && (group->poly[4] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k1)
+        *k1 = group->poly[3];
+    if (k2)
+        *k2 = group->poly[2];
+    if (k3)
+        *k3 = group->poly[1];
+
+    return 1;
+}
+#endif
+
+/* some structures needed for the asn1 encoding */
+typedef struct x9_62_pentanomial_st {
+    long k1;
+    long k2;
+    long k3;
+} X9_62_PENTANOMIAL;
+
+typedef struct x9_62_characteristic_two_st {
+    long m;
+    ASN1_OBJECT *type;
+    union {
+        char *ptr;
+        /* NID_X9_62_onBasis */
+        ASN1_NULL *onBasis;
+        /* NID_X9_62_tpBasis */
+        ASN1_INTEGER *tpBasis;
+        /* NID_X9_62_ppBasis */
+        X9_62_PENTANOMIAL *ppBasis;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_CHARACTERISTIC_TWO;
+
+typedef struct x9_62_fieldid_st {
+    ASN1_OBJECT *fieldType;
+    union {
+        char *ptr;
+        /* NID_X9_62_prime_field */
+        ASN1_INTEGER *prime;
+        /* NID_X9_62_characteristic_two_field */
+        X9_62_CHARACTERISTIC_TWO *char_two;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_FIELDID;
+
+typedef struct x9_62_curve_st {
+    ASN1_OCTET_STRING *a;
+    ASN1_OCTET_STRING *b;
+    ASN1_BIT_STRING *seed;
+} X9_62_CURVE;
+
+struct ec_parameters_st {
+    long version;
+    X9_62_FIELDID *fieldID;
+    X9_62_CURVE *curve;
+    ASN1_OCTET_STRING *base;
+    ASN1_INTEGER *order;
+    ASN1_INTEGER *cofactor;
+} /* ECPARAMETERS */ ;
+
+struct ecpk_parameters_st {
+    int type;
+    union {
+        ASN1_OBJECT *named_curve;
+        ECPARAMETERS *parameters;
+        ASN1_NULL *implicitlyCA;
+    } value;
+} /* ECPKPARAMETERS */ ;
+
+/* SEC1 ECPrivateKey */
+typedef struct ec_privatekey_st {
+    long version;
+    ASN1_OCTET_STRING *privateKey;
+    ECPKPARAMETERS *parameters;
+    ASN1_BIT_STRING *publicKey;
+} EC_PRIVATEKEY;
+
+/* the OpenSSL ASN.1 definitions */
+ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+
+ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
+        ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
+        ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
+} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
+} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+
+ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_FIELDID) = {
+        ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
+} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_FIELDID) = {
+        ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_FIELDID)
+} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
+
+ASN1_SEQUENCE(X9_62_CURVE) = {
+        ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+        ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(X9_62_CURVE)
+
+ASN1_SEQUENCE(ECPARAMETERS) = {
+        ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+        ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+        ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+        ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+        ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ECPARAMETERS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+ASN1_CHOICE(ECPKPARAMETERS) = {
+        ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+} ASN1_CHOICE_END(ECPKPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+
+ASN1_SEQUENCE(EC_PRIVATEKEY) = {
+        ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+        ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+
+/* some declarations of internal function */
+
+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
+static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
+static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
+
+/* the function definitions */
+
+static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
+{
+    int ok = 0, nid;
+    BIGNUM *tmp = NULL;
+
+    if (group == NULL || field == NULL)
+        return 0;
+
+    /* clear the old values (if necessary) */
+    ASN1_OBJECT_free(field->fieldType);
+    ASN1_TYPE_free(field->p.other);
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+    /* set OID for the field */
+    if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+        goto err;
+    }
+
+    if (nid == NID_X9_62_prime_field) {
+        if ((tmp = BN_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        /* the parameters are specified by the prime number p */
+        if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set the prime number */
+        field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
+        if (field->p.prime == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else if (nid == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        int field_type;
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
+        char_two = field->p.char_two;
+
+        if (char_two == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        char_two->m = (long)EC_GROUP_get_degree(group);
+
+        field_type = EC_GROUP_get_basis_type(group);
+
+        if (field_type == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set base type OID */
+        if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+            goto err;
+        }
+
+        if (field_type == NID_X9_62_tpBasis) {
+            unsigned int k;
+
+            if (!EC_GROUP_get_trinomial_basis(group, &k))
+                goto err;
+
+            char_two->p.tpBasis = ASN1_INTEGER_new();
+            if (char_two->p.tpBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        } else if (field_type == NID_X9_62_ppBasis) {
+            unsigned int k1, k2, k3;
+
+            if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+                goto err;
+
+            char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
+            if (char_two->p.ppBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            /* set k? values */
+            char_two->p.ppBasis->k1 = (long)k1;
+            char_two->p.ppBasis->k2 = (long)k2;
+            char_two->p.ppBasis->k3 = (long)k3;
+        } else {                /* field_type == NID_X9_62_onBasis */
+
+            /* for ONB the parameters are (asn1) NULL */
+            char_two->p.onBasis = ASN1_NULL_new();
+            if (char_two->p.onBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+#endif
+    else {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:
+    BN_free(tmp);
+    return (ok);
+}
+
+static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
+{
+    int ok = 0, nid;
+    BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
+    unsigned char *buffer_1 = NULL, *buffer_2 = NULL,
+        *a_buf = NULL, *b_buf = NULL;
+    size_t len_1, len_2;
+    unsigned char char_zero = 0;
+
+    if (!group || !curve || !curve->a || !curve->b)
+        return 0;
+
+    if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+
+    /* get a and b */
+    if (nid == NID_X9_62_prime_field) {
+        if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {                      /* nid == NID_X9_62_characteristic_two_field */
+
+        if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#endif
+    len_1 = (size_t)BN_num_bytes(tmp_1);
+    len_2 = (size_t)BN_num_bytes(tmp_2);
+
+    if (len_1 == 0) {
+        /* len_1 == 0 => a == 0 */
+        a_buf = &char_zero;
+        len_1 = 1;
+    } else {
+        if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+            goto err;
+        }
+        a_buf = buffer_1;
+    }
+
+    if (len_2 == 0) {
+        /* len_2 == 0 => b == 0 */
+        b_buf = &char_zero;
+        len_2 = 1;
+    } else {
+        if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+            goto err;
+        }
+        b_buf = buffer_2;
+    }
+
+    /* set a and b */
+    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
+        !ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the seed (optional) */
+    if (group->seed) {
+        if (!curve->seed)
+            if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
+                                 (int)group->seed_len)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else {
+        ASN1_BIT_STRING_free(curve->seed);
+        curve->seed = NULL;
+    }
+
+    ok = 1;
+
+ err:
+    OPENSSL_free(buffer_1);
+    OPENSSL_free(buffer_2);
+    BN_free(tmp_1);
+    BN_free(tmp_2);
+    return (ok);
+}
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                               ECPARAMETERS *params)
+{
+    size_t len = 0;
+    ECPARAMETERS *ret = NULL;
+    const BIGNUM *tmp;
+    unsigned char *buffer = NULL;
+    const EC_POINT *point = NULL;
+    point_conversion_form_t form;
+
+    if (params == NULL) {
+        if ((ret = ECPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = params;
+
+    /* set the version (always one) */
+    ret->version = (long)0x1;
+
+    /* set the fieldID */
+    if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the curve */
+    if (!ec_asn1_group2curve(group, ret->curve)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the base point */
+    if ((point = EC_GROUP_get0_generator(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    form = EC_GROUP_get_point_conversion_form(group);
+
+    len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
+    if (len == 0) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+        OPENSSL_free(buffer);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ASN1_STRING_set0(ret->base, buffer, len);
+
+    /* set the order */
+    tmp = EC_GROUP_get0_order(group);
+    if (tmp == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+    if (ret->order == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the cofactor (optional) */
+    tmp = EC_GROUP_get0_cofactor(group);
+    if (tmp != NULL) {
+        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+        if (ret->cofactor == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+
+    return ret;
+
+ err:
+    if (params == NULL)
+        ECPARAMETERS_free(ret);
+    return NULL;
+}
+
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params)
+{
+    int ok = 1, tmp;
+    ECPKPARAMETERS *ret = params;
+
+    if (ret == NULL) {
+        if ((ret = ECPKPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        if (ret->type == 0)
+            ASN1_OBJECT_free(ret->value.named_curve);
+        else if (ret->type == 1 && ret->value.parameters)
+            ECPARAMETERS_free(ret->value.parameters);
+    }
+
+    if (EC_GROUP_get_asn1_flag(group)) {
+        /*
+         * use the asn1 OID to describe the the elliptic curve parameters
+         */
+        tmp = EC_GROUP_get_curve_name(group);
+        if (tmp) {
+            ret->type = 0;
+            if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
+                ok = 0;
+        } else
+            /* we don't know the nid => ERROR */
+            ok = 0;
+    } else {
+        /* use the ECPARAMETERS structure */
+        ret->type = 1;
+        if ((ret->value.parameters =
+             EC_GROUP_get_ecparameters(group, NULL)) == NULL)
+            ok = 0;
+    }
+
+    if (!ok) {
+        ECPKPARAMETERS_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+{
+    int ok = 0, tmp;
+    EC_GROUP *ret = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    EC_POINT *point = NULL;
+    long field_bits;
+
+    if (!params->fieldID || !params->fieldID->fieldType ||
+        !params->fieldID->p.ptr) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    /* now extract the curve parameters a and b */
+    if (!params->curve || !params->curve->a ||
+        !params->curve->a->data || !params->curve->b ||
+        !params->curve->b->data) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+    a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+    if (a == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+    b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+    if (b == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* get the field parameters */
+    tmp = OBJ_obj2nid(params->fieldID->fieldType);
+    if (tmp == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        char_two = params->fieldID->p.char_two;
+
+        field_bits = char_two->m;
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        if ((p = BN_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* get the base type */
+        tmp = OBJ_obj2nid(char_two->type);
+
+        if (tmp == NID_X9_62_tpBasis) {
+            long tmp_long;
+
+            if (!char_two->p.tpBasis) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
+
+            if (!(char_two->m > tmp_long && tmp_long > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_TRINOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)tmp_long))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_ppBasis) {
+            X9_62_PENTANOMIAL *penta;
+
+            penta = char_two->p.ppBasis;
+            if (!penta) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            if (!
+                (char_two->m > penta->k3 && penta->k3 > penta->k2
+                 && penta->k2 > penta->k1 && penta->k1 > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_PENTANOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k1))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k2))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k3))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_onBasis) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
+            goto err;
+        } else {                /* error */
+
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+    }
+#endif
+    else if (tmp == NID_X9_62_prime_field) {
+        /* we have a curve over a prime field */
+        /* extract the prime number */
+        if (!params->fieldID->p.prime) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+        p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
+        if (p == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        if (BN_is_negative(p) || BN_is_zero(p)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+            goto err;
+        }
+
+        field_bits = BN_num_bits(p);
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+        goto err;
+    }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract seed (optional) */
+    if (params->curve->seed != NULL) {
+        OPENSSL_free(ret->seed);
+        if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        memcpy(ret->seed, params->curve->seed->data,
+               params->curve->seed->length);
+        ret->seed_len = params->curve->seed->length;
+    }
+
+    if (!params->order || !params->base || !params->base->data) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(ret)) == NULL)
+        goto err;
+
+    /* set the point conversion form */
+    EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+                                       (params->base->data[0] & ~0x01));
+
+    /* extract the ec point */
+    if (!EC_POINT_oct2point(ret, point, params->base->data,
+                            params->base->length, NULL)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract the order */
+    if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    if (BN_is_negative(a) || BN_is_zero(a)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    /* extract the cofactor (optional) */
+    if (params->cofactor == NULL) {
+        BN_free(b);
+        b = NULL;
+    } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    /* set the generator, order and cofactor (if present) */
+    if (!EC_GROUP_set_generator(ret, point, a, b)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_clear_free(ret);
+        ret = NULL;
+    }
+
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_POINT_free(point);
+    return (ret);
+}
+
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+{
+    EC_GROUP *ret = NULL;
+    int tmp = 0;
+
+    if (params == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
+        return NULL;
+    }
+
+    if (params->type == 0) {    /* the curve is given by an OID */
+        tmp = OBJ_obj2nid(params->value.named_curve);
+        if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
+                  EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+    } else if (params->type == 1) { /* the parameters are given by a
+                                     * ECPARAMETERS structure */
+        ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
+        if (!ret) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, 0x0);
+    } else if (params->type == 2) { /* implicitlyCA */
+        return NULL;
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
+        return NULL;
+    }
+
+    return ret;
+}
+
+/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+{
+    EC_GROUP *group = NULL;
+    ECPKPARAMETERS *params = NULL;
+    const unsigned char *p = *in;
+
+    if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if (a) {
+        EC_GROUP_clear_free(*a);
+        *a = group;
+    }
+
+    ECPKPARAMETERS_free(params);
+    *in = p;
+    return (group);
+}
+
+int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
+{
+    int ret = 0;
+    ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
+    if (tmp == NULL) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+        return 0;
+    }
+    if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(tmp);
+        return 0;
+    }
+    ECPKPARAMETERS_free(tmp);
+    return (ret);
+}
+
+/* some EC_KEY functions */
+
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+    EC_PRIVATEKEY *priv_key = NULL;
+    const unsigned char *p = *in;
+
+    if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = *a;
+
+    if (priv_key->parameters) {
+        EC_GROUP_clear_free(ret->group);
+        ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
+    }
+
+    if (ret->group == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ret->version = priv_key->version;
+
+    if (priv_key->privateKey) {
+        ASN1_OCTET_STRING *pkey = priv_key->privateKey;
+        if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
+                            ASN1_STRING_length(pkey)) == 0)
+            goto err;
+    } else {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
+        goto err;
+    }
+
+    EC_POINT_clear_free(ret->pub_key);
+    ret->pub_key = EC_POINT_new(ret->group);
+    if (ret->pub_key == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (priv_key->publicKey) {
+        const unsigned char *pub_oct;
+        int pub_oct_len;
+
+        pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
+        pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
+        if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (ret->group->meth->keygenpub == NULL
+            || ret->group->meth->keygenpub(ret) == 0)
+                goto err;
+        /* Remember the original private-key-only encoding. */
+        ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+    }
+
+    if (a)
+        *a = ret;
+    EC_PRIVATEKEY_free(priv_key);
+    *in = p;
+    return (ret);
+
+ err:
+    if (a == NULL || *a != ret)
+        EC_KEY_free(ret);
+    EC_PRIVATEKEY_free(priv_key);
+    return NULL;
+}
+
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+{
+    int ret = 0, ok = 0;
+    unsigned char *priv= NULL, *pub= NULL;
+    size_t privlen = 0, publen = 0;
+
+    EC_PRIVATEKEY *priv_key = NULL;
+
+    if (a == NULL || a->group == NULL ||
+        (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key->version = a->version;
+
+    privlen = EC_KEY_priv2buf(a, &priv);
+
+    if (privlen == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
+    priv = NULL;
+
+    if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+        if ((priv_key->parameters =
+             EC_GROUP_get_ecpkparameters(a->group,
+                                        priv_key->parameters)) == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
+        priv_key->publicKey = ASN1_BIT_STRING_new();
+        if (priv_key->publicKey == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
+
+        if (publen == 0) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        ASN1_STRING_set0(priv_key->publicKey, pub, publen);
+        pub = NULL;
+    }
+
+    if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    ok = 1;
+ err:
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    EC_PRIVATEKEY_free(priv_key);
+    return (ok ? ret : 0);
+}
+
+int i2d_ECParameters(EC_KEY *a, unsigned char **out)
+{
+    if (a == NULL) {
+        ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return i2d_ECPKParameters(a->group, out);
+}
+
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret;
+
+    if (in == NULL || *in == NULL) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (!d2i_ECPKParameters(&ret->group, in, len)) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
+        return NULL;
+    }
+
+    if (a)
+        *a = ret;
+
+    return ret;
+}
+
+EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+
+    if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
+        /*
+         * sorry, but a EC_GROUP-structure is necessary to set the public key
+         */
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = *a;
+    if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+        return 0;
+    }
+    *in += len;
+    return ret;
+}
+
+int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
+{
+    size_t buf_len = 0;
+    int new_buffer = 0;
+
+    if (a == NULL) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    buf_len = EC_POINT_point2oct(a->group, a->pub_key,
+                                 a->conv_form, NULL, 0, NULL);
+
+    if (out == NULL || buf_len == 0)
+        /* out == NULL => just return the length of the octet string */
+        return buf_len;
+
+    if (*out == NULL) {
+        if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
+            ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        new_buffer = 1;
+    }
+    if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+                            *out, buf_len, NULL)) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+        if (new_buffer) {
+            OPENSSL_free(*out);
+            *out = NULL;
+        }
+        return 0;
+    }
+    if (!new_buffer)
+        *out += buf_len;
+    return buf_len;
+}
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
+
+ECDSA_SIG *ECDSA_SIG_new(void)
+{
+    ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];
+    const EC_GROUP *group;
+
+    if (r == NULL)
+        return 0;
+    group = EC_KEY_get0_group(r);
+    if (group == NULL)
+        return 0;
+
+    i = EC_GROUP_order_bits(group);
+    if (i == 0)
+        return 0;
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_check.c b/openssl-1.1.0h/crypto/ec/ec_check.c
new file mode 100644
index 0000000..eeb06ec
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_check.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    const BIGNUM *order;
+    BN_CTX *new_ctx = NULL;
+    EC_POINT *point = NULL;
+
+    /* Custom curves assumed to be correct */
+    if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    /* check the discriminant */
+    if (!EC_GROUP_check_discriminant(group, ctx)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+        goto err;
+    }
+
+    /* check the generator */
+    if (group->generator == NULL) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+
+    /* check the order of the generator */
+    if ((point = EC_POINT_new(group)) == NULL)
+        goto err;
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+        goto err;
+    if (!EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_curve.c b/openssl-1.1.0h/crypto/ec/ec_curve.c
new file mode 100644
index 0000000..f8a3846
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_curve.c
@@ -0,0 +1,3169 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/opensslconf.h>
+#include "e_os.h"
+
+typedef struct {
+    int field_type,             /* either NID_X9_62_prime_field or
+                                 * NID_X9_62_characteristic_two_field */
+     seed_len, param_len;
+    unsigned int cofactor;      /* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_NIST_PRIME_192 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
+        0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
+        0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
+        /* x */
+        0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
+        0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
+        /* y */
+        0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
+        0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 28 * 6];
+} _EC_NIST_PRIME_224 = {
+    {
+        NID_X9_62_prime_field, 20, 28, 1
+    },
+    {
+        /* seed */
+        0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
+        0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 48 * 6];
+} _EC_NIST_PRIME_384 = {
+    {
+        NID_X9_62_prime_field, 20, 48, 1
+    },
+    {
+        /* seed */
+        0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
+        0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
+        0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
+        0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
+        0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
+        /* x */
+        0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
+        0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
+        0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
+        0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
+        /* y */
+        0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
+        0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+        0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
+        0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
+        0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 66 * 6];
+} _EC_NIST_PRIME_521 = {
+    {
+        NID_X9_62_prime_field, 20, 66, 1
+    },
+    {
+        /* seed */
+        0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
+        0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
+        /* p */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
+        0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
+        0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
+        0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
+        0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
+        0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
+        /* x */
+        0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
+        0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
+        0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
+        0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
+        0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
+        0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
+        /* y */
+        0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
+        0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+        0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
+        0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+        0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
+        0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
+        0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
+        0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
+        0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
+    }
+};
+
+/* the x9.62 prime curves (minus the nist prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V2 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
+        0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63,
+        0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53,
+        /* x */
+        0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69,
+        0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A,
+        /* y */
+        0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a,
+        0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V3 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
+        0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE,
+        0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16,
+        /* x */
+        0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16,
+        0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96,
+        /* y */
+        0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6,
+        0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V1 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
+        0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92,
+        0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79,
+        0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
+        /* x */
+        0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64,
+        0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB,
+        0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
+        /* y */
+        0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca,
+        0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39,
+        0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
+        0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V2 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
+        0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99,
+        0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A,
+        0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
+        /* x */
+        0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB,
+        0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0,
+        0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
+        /* y */
+        0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc,
+        0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60,
+        0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
+        0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V3 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
+        0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03,
+        0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17,
+        0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
+        /* x */
+        0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94,
+        0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54,
+        0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
+        /* y */
+        0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b,
+        0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99,
+        0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
+        0x43, 0x21, 0x46, 0x52, 0x65, 0x51
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 32 * 6];
+} _EC_X9_62_PRIME_256V1 = {
+    {
+        NID_X9_62_prime_field, 20, 32, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
+        0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
+        0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
+        0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
+        /* x */
+        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
+        0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
+        0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+        /* y */
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
+        0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+        0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
+        0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+    }
+};
+
+/* the secg prime curves (minus the nist and x9.62 prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R1 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 1
+    },
+    {
+        /* seed */
+        0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x88,
+        /* b */
+        0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70,
+        0x2B, 0x22,
+        /* x */
+        0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2,
+        0xF0, 0x98,
+        /* y */
+        0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7,
+        0x75, 0x00,
+        /* order */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
+        0x61, 0xC5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R2 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 4
+    },
+    {
+        /* seed */
+        0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E,
+        0xF0, 0x2C,
+        /* b */
+        0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85,
+        0xD7, 0x09,
+        /* x */
+        0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92,
+        0x86, 0x43,
+        /* y */
+        0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95,
+        0x6e, 0x97,
+        /* order */
+        0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
+        0xD0, 0x4B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R1 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 1
+    },
+    {
+        /* seed */
+        0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C,
+        0x2C, 0xEE, 0x5E, 0xD3,
+        /* x */
+        0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C,
+        0xA5, 0x2C, 0x5B, 0x86,
+        /* y */
+        0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92,
+        0xdd, 0xed, 0x7a, 0x83,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
+        0x90, 0x38, 0xA1, 0x15
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R2 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 4
+    },
+    {
+        /* seed */
+        0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
+        0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B,
+        0xBF, 0xF9, 0xAE, 0xE1,
+        /* b */
+        0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58,
+        0xBB, 0x6D, 0x8A, 0x5D,
+        /* x */
+        0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7,
+        0xCD, 0xEB, 0xC1, 0x40,
+        /* y */
+        0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80,
+        0x5f, 0xc3, 0x4b, 0x44,
+        /* order */
+        0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
+        0x06, 0x13, 0xB5, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_PRIME_160K1 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E,
+        0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB,
+        /* y */
+        0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82,
+        0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
+        0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R1 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8,
+        0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45,
+        /* x */
+        0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69,
+        0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82,
+        /* y */
+        0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9,
+        0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
+        0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R2 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70,
+        /* b */
+        0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27,
+        0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA,
+        /* x */
+        0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1,
+        0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D,
+        /* y */
+        0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa,
+        0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
+        0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_SECG_PRIME_192K1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02,
+        0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D,
+        /* y */
+        0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0,
+        0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 29 * 6];
+} _EC_SECG_PRIME_224K1 = {
+    {
+        NID_X9_62_prime_field, 0, 29, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x05,
+        /* x */
+        0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28,
+        0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65,
+        0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
+        /* y */
+        0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb,
+        0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b,
+        0xdb, 0x55, 0x6d, 0x61, 0xa5,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
+        0x71, 0x76, 0x9F, 0xB1, 0xF7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_SECG_PRIME_256K1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
+        0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
+        0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
+        /* y */
+        0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
+        0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
+        0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
+        0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
+    }
+};
+
+/* some wap/wtls curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_8 = {
+    {
+        NID_X9_62_prime_field, 0, 15, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFD, 0xE7,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
+        0xD8, 0x37, 0xE9
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_WTLS_9 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
+        0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_WTLS_12 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+#ifndef OPENSSL_NO_EC2M
+
+/* characteristic two curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,
+        0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64, 0x9C, 0xE8,
+        0x58, 0x20, 0xF7,
+        /* b */
+        0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18, 0x8B, 0xE0,
+        0xE9, 0xC7, 0x23,
+        /* x */
+        0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07, 0xD7, 0x35,
+        0x62, 0xC1, 0x0F,
+        /* y */
+        0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1, 0x31, 0x5E,
+        0xD3, 0x18, 0x86,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, 0xEC, 0x8A,
+        0x39, 0xE5, 0x6F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6, 0xDF, 0xC0,
+        0xAA, 0x55, 0xC7,
+        /* b */
+        0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF, 0x36, 0xE0,
+        0x59, 0x18, 0x4F,
+        /* x */
+        0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F, 0xCD, 0xB8,
+        0x16, 0x47, 0x97,
+        /* y */
+        0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06, 0xE6, 0x95,
+        0xBA, 0xBA, 0x1D,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, 0x9B, 0x24,
+        0x96, 0xAF, 0x93
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, 0x5B, 0xD3,
+        0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41, 0x8F, 0xF3,
+        0xFF, 0x8C, 0x25, 0x70, 0xB8,
+        /* b */
+        0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6, 0xC7, 0x29,
+        0x16, 0x78, 0xF9, 0xD3, 0x41,
+        /* x */
+        0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F, 0x9C, 0x18,
+        0x13, 0x43, 0x63, 0x83, 0x99,
+        /* y */
+        0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8, 0x13, 0x4B,
+        0x1B, 0x4E, 0xF9, 0xE1, 0x50,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, 0x23, 0x95,
+        0x3A, 0x94, 0x64, 0xB5, 0x4D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41, 0x5F, 0x07,
+        0xC2, 0x17, 0x65, 0x73, 0xB2,
+        /* b */
+        0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73, 0x4C, 0xE3,
+        0x8F, 0x01, 0x8F, 0x21, 0x92,
+        /* x */
+        0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65, 0x2D, 0x23,
+        0x95, 0x1B, 0xB3, 0x66, 0xA8,
+        /* y */
+        0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D, 0x9E, 0x26,
+        0x5D, 0xE9, 0xEB, 0x24, 0x0F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, 0x54, 0xA2,
+        0x33, 0x04, 0x9B, 0xA9, 0x8F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA, 0x07, 0xD7,
+        0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE, 0xE8,
+        /* y */
+        0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32, 0x1F, 0x2E,
+        0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, 0xD9,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_CHAR2_163R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54, 0xFF, 0x84,
+        0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A, 0xE2,
+        /* b */
+        0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94, 0x6B, 0xDA,
+        0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF, 0xD9,
+        /* x */
+        0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89, 0x56, 0x67,
+        0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6, 0x54,
+        /* y */
+        0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D, 0x51, 0xFE,
+        0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, 0x83,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x48,
+        0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163B = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14, 0x81, 0xEB,
+        0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05, 0xFD,
+        /* x */
+        0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0, 0x99, 0x11,
+        0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E, 0x36,
+        /* y */
+        0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2, 0xCD, 0xD5,
+        0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, 0xF1,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x92,
+        0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51,
+        0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69, 0xE1, 0x71,
+        0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B,
+        0x01,
+        /* b */
+        0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC, 0xAD, 0xAA,
+        0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88,
+        0x14,
+        /* x */
+        0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD, 0x6C, 0xDF,
+        0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5,
+        0xE1,
+        /* y */
+        0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3, 0xEA, 0x9E,
+        0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B,
+        0x05,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA,
+        0x49
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6, 0xED, 0x86,
+        0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70,
+        0x9B,
+        /* b */
+        0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37, 0x7E, 0x2A,
+        0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16,
+        0xAE,
+        /* x */
+        0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03, 0xF3, 0x9E,
+        0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E,
+        0x8F,
+        /* y */
+        0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29, 0xE7, 0xDE,
+        0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF,
+        0x6C,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99,
+        0xD5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_NIST_CHAR2_233K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
+        0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
+        0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
+        /* y */
+        0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
+        0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
+        0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3,
+        /* order */
+        0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
+        0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_NIST_CHAR2_233B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 2
+    },
+    {
+        /* seed */
+        0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, 0x4B, 0x34,
+        0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C, 0x09, 0x23,
+        0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE,
+        0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD,
+        /* x */
+        0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21, 0x39, 0xF1,
+        0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8,
+        0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B,
+        /* y */
+        0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78, 0xE5, 0x85,
+        0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71,
+        0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03,
+        0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_SECG_CHAR2_239K1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09, 0x88, 0xA6,
+        0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A,
+        0x65, 0x55, 0x19, 0x30, 0x35, 0xDC,
+        /* y */
+        0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01, 0x1C, 0x10,
+        0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D,
+        0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C,
+        0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 36 * 6];
+} _EC_NIST_CHAR2_283K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 36, 4
+    },
+    {
+        /* no seed */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, 0x3B, 0x81,
+        0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A,
+        0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36,
+        /* y */
+        0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, 0xF9, 0x5D,
+        0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98,
+        0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77,
+        0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 36 * 6];
+} _EC_NIST_CHAR2_283B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 36, 2
+    },
+    {
+        /* no seed */
+        0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6,
+        0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4, 0xAF, 0x8A,
+        0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2,
+        0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5,
+        /* x */
+        0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93, 0x4F, 0x8C,
+        0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C,
+        0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53,
+        /* y */
+        0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F, 0xE6, 0xD4,
+        0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0,
+        0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC,
+        0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 52 * 6];
+} _EC_NIST_CHAR2_409K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 52, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A, 0xB1, 0x89,
+        0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C,
+        0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E,
+        0xB5, 0xAA, 0xAA, 0x62, 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF,
+        0xE9, 0x02, 0x37, 0x46,
+        /* y */
+        0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA, 0x1D, 0xAC,
+        0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27,
+        0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42,
+        0xE9, 0xC5, 0x52, 0x15, 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48,
+        0xD8, 0xE0, 0x28, 0x6B,
+        /* order */
+        0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4,
+        0x55, 0x7D, 0x5E, 0xD3, 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8,
+        0xE0, 0x1E, 0x5F, 0xCF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 52 * 6];
+} _EC_NIST_CHAR2_409B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 52, 2
+    },
+    {
+        /* seed */
+        0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, 0x3D, 0x09,
+        0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B, 0x9A, 0x75,
+        0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67,
+        0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2,
+        0x72, 0x82, 0x2F, 0x6C, 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31,
+        0x7B, 0x13, 0x54, 0x5F,
+        /* x */
+        0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B, 0x0C, 0x60,
+        0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D,
+        0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86,
+        0x8A, 0x11, 0x80, 0x51, 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54,
+        0xBB, 0x79, 0x96, 0xA7,
+        /* y */
+        0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF, 0xA7, 0x83,
+        0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D,
+        0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F,
+        0xDF, 0x4B, 0x4F, 0x40, 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA,
+        0x02, 0x73, 0xC7, 0x06,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE,
+        0x5F, 0xA4, 0x7C, 0x3C, 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37,
+        0xD9, 0xA2, 0x11, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 72 * 6];
+} _EC_NIST_CHAR2_571K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 72, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18, 0x96, 0x31,
+        0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4,
+        0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84,
+        0x93, 0xB2, 0x05, 0xE6, 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C,
+        0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17,
+        0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72,
+        /* y */
+        0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A, 0xEA, 0xDE,
+        0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54,
+        0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0,
+        0xAC, 0x44, 0xAE, 0xA7, 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC,
+        0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8,
+        0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3,
+        /* order */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x13, 0x18, 0x50, 0xE1, 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB,
+        0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38,
+        0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 72 * 6];
+} _EC_NIST_CHAR2_571B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 72, 2
+    },
+    {
+        /* seed */
+        0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, 0x0F, 0x61,
+        0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29, 0x71, 0x17,
+        0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1,
+        0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD,
+        0x8E, 0xFA, 0x59, 0x33, 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29,
+        0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7,
+        0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A,
+        /* x */
+        0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16, 0xC0, 0xD4,
+        0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A,
+        0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50,
+        0xF4, 0xC0, 0xD2, 0x93, 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14,
+        0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4,
+        0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19,
+        /* y */
+        0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC, 0xFF, 0xFE,
+        0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA,
+        0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43,
+        0xBA, 0xB0, 0x8A, 0x57, 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8,
+        0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51,
+        0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xE6, 0x61, 0xCE, 0x18, 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18,
+        0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D,
+        0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0, 0x78, 0x96,
+        0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52, 0x42,
+        /* b */
+        0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF, 0x38, 0xC7,
+        0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4, 0xD9,
+        /* x */
+        0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32, 0x9F, 0xCC,
+        0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03, 0xCB,
+        /* y */
+        0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D, 0x3F, 0x87,
+        0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, 0x9F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE6,
+        0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9, 0x81, 0xED,
+        0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0, 0x72,
+        /* b */
+        0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40, 0x74, 0x33,
+        0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF, 0x20,
+        /* x */
+        0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96, 0x4D, 0x92,
+        0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C, 0xC5,
+        /* y */
+        0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25, 0x8B, 0x38,
+        0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, 0xC5,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xF6,
+        0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
+        0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0, 0x07, 0x69,
+        0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5, 0x0E,
+        /* b */
+        0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD, 0x6F, 0x1B,
+        0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25, 0x2B,
+        /* x */
+        0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF, 0x8A, 0x22,
+        0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD, 0xCB,
+        /* y */
+        0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48, 0xEB, 0x3F,
+        0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, 0xD0,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x1A,
+        0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 23 * 6];
+} _EC_X9_62_CHAR2_176V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D, 0x9D, 0x39,
+        0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B,
+        /* b */
+        0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E, 0xC1, 0x33,
+        0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2,
+        /* x */
+        0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9, 0xF0, 0x8B,
+        0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98,
+        /* y */
+        0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA, 0xB5, 0x16,
+        0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, 0xF6, 0x14,
+        0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 2
+    },
+    {
+        /* seed */
+        0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68, 0xF5, 0x65,
+        0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67,
+        /* b */
+        0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0, 0x08, 0x1B,
+        0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC,
+        /* x */
+        0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2, 0x99, 0xD7,
+        0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D,
+        /* y */
+        0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29, 0x32, 0xE7,
+        0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB,
+        /* order */
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 4
+    },
+    {
+        /* seed */
+        0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66, 0x6D, 0x13,
+        0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18,
+        /* b */
+        0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24, 0x9C, 0x99,
+        0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01,
+        /* x */
+        0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87, 0x92, 0x6A,
+        0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10,
+        /* y */
+        0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0, 0x17, 0x60,
+        0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 6
+    },
+    {
+        /* seed */
+        0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10, 0x56, 0x91,
+        0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB,
+        /* b */
+        0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF, 0xEF, 0x8D,
+        0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8,
+        /* x */
+        0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE, 0x87, 0x46,
+        0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD,
+        /* y */
+        0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59, 0x99, 0x36,
+        0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 27 * 6];
+} _EC_X9_62_CHAR2_208W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 27, 0xFE48
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E, 0x11, 0x60,
+        0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1,
+        0x63, 0x8F, 0x9E,
+        /* x */
+        0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95, 0x59, 0xEC,
+        0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E,
+        0xD1, 0xA5, 0x7A,
+        /* y */
+        0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3, 0x8A, 0x03,
+        0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08,
+        0x61, 0x7D, 0xE3,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, 0x7B, 0x6C,
+        0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E,
+        0x21, 0x2F, 0x9D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 4
+    },
+    {
+        /* seed */
+        0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A, 0x46, 0xB8,
+        0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75,
+        0x78, 0x12, 0x57, 0x78, 0xAC, 0x76,
+        /* b */
+        0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12, 0xED, 0xEF,
+        0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3,
+        0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16,
+        /* x */
+        0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96, 0xD3, 0xFD,
+        0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C,
+        0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D,
+        /* y */
+        0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1, 0xA1, 0x6B,
+        0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64,
+        0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93,
+        0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 6
+    },
+    {
+        /* seed */
+        0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23, 0x98, 0x56,
+        0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64,
+        0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F,
+        /* b */
+        0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82, 0xB2, 0xC1,
+        0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72,
+        0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B,
+        /* x */
+        0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47, 0xA0, 0x85,
+        0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70,
+        0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05,
+        /* y */
+        0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B, 0xAD, 0x9D,
+        0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7,
+        0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC,
+        0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 0xA
+    },
+    {
+        /* seed */
+        0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66, 0x76, 0xF7,
+        0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66,
+        0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F,
+        /* b */
+        0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99, 0xAC, 0xFC,
+        0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8,
+        0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40,
+        /* x */
+        0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91, 0x3C, 0xE3,
+        0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39,
+        0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92,
+        /* y */
+        0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00, 0x4D, 0xCE,
+        0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8,
+        0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61,
+        /* order */
+        0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+        0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9,
+        0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 35 * 6];
+} _EC_X9_62_CHAR2_272W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 35, 0xFF06
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B,
+        /* a */
+        0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2, 0xCC, 0xF4,
+        0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75,
+        0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, 0x86, 0xFB, 0x20,
+        /* b */
+        0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C, 0x8A, 0xAA,
+        0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F,
+        0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, 0xE5, 0x40, 0xF7,
+        /* x */
+        0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87, 0x05, 0x8A,
+        0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0,
+        0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, 0x71, 0xDD, 0x8D,
+        /* y */
+        0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B, 0xA7, 0xF6,
+        0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC,
+        0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, 0xDE, 0x9D, 0x23,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, 0x9E, 0x48,
+        0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45,
+        0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 39 * 6];
+} _EC_X9_62_CHAR2_304W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x08, 0x07,
+        /* a */
+        0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51, 0xE6, 0xDC,
+        0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B,
+        0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, 0x36, 0x5A, 0x03, 0x96,
+        0xC8, 0xE6, 0x81,
+        /* b */
+        0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E, 0x43, 0xB0,
+        0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E,
+        0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, 0x60, 0x1E, 0x55, 0x82,
+        0x73, 0x40, 0xBE,
+        /* x */
+        0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A, 0xDB, 0x0F,
+        0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3,
+        0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74,
+        0x0A, 0x26, 0x14,
+        /* y */
+        0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51, 0x7E, 0xCF,
+        0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A,
+        0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B,
+        0x92, 0xC0, 0x3B,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01,
+        0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C,
+        0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44,
+        0x43, 0x05, 0x1D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 45 * 6];
+} _EC_X9_62_CHAR2_359V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 45, 0x4C
+    },
+    {
+        /* seed */
+        0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35, 0x6E, 0xA9,
+        0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95,
+        0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56,
+        0xFB, 0x54, 0x90, 0x16, 0xA9, 0x66, 0x56, 0xA5, 0x57,
+        /* b */
+        0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F, 0xE7, 0xF5,
+        0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4,
+        0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, 0x08, 0x96, 0x87, 0x74,
+        0x2B, 0x63, 0x29, 0xE7, 0x06, 0x80, 0x23, 0x19, 0x88,
+        /* x */
+        0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0, 0xF1, 0xFD,
+        0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A,
+        0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8,
+        0xE7, 0x07, 0xC0, 0x7A, 0x22, 0x39, 0xB1, 0xB0, 0x97,
+        /* y */
+        0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E, 0x9C, 0x95,
+        0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B,
+        0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE,
+        0x2D, 0xE2, 0x11, 0x30, 0x5A, 0x40, 0x71, 0x04, 0xBD,
+        /* order */
+        0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28,
+        0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB,
+        0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F,
+        0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 47 * 6];
+} _EC_X9_62_CHAR2_368W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 47, 0xFF70
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2, 0xA4, 0xF9,
+        0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97,
+        0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F,
+        0x0A, 0xB7, 0x51, 0x9C, 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D,
+        /* b */
+        0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C, 0x76, 0x0A,
+        0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38,
+        0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D,
+        0x84, 0xD1, 0x64, 0xF4, 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A,
+        /* x */
+        0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3, 0xC1, 0x55,
+        0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3,
+        0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89,
+        0xE9, 0x27, 0xBE, 0x21, 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F,
+        /* y */
+        0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8, 0xB2, 0x05,
+        0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62,
+        0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A,
+        0xDA, 0xA8, 0x1E, 0x2A, 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, 0xB0, 0x83,
+        0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE,
+        0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09,
+        0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 54 * 6];
+} _EC_X9_62_CHAR2_431R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 54, 0x2760
+    },
+    {
+        /* no seed */
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C, 0xAF, 0x04,
+        0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C,
+        0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99,
+        0x06, 0xD0, 0x95, 0x7F, 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF,
+        0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F,
+        /* b */
+        0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43, 0x59, 0xAB,
+        0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD,
+        0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D,
+        0x4E, 0x50, 0xA8, 0xDD, 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F,
+        0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18,
+        /* x */
+        0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61, 0xD2, 0xF4,
+        0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58,
+        0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7,
+        0xC5, 0xEF, 0xE9, 0x65, 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47,
+        0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7,
+        /* y */
+        0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2, 0xC2, 0x55,
+        0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4,
+        0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD,
+        0xCB, 0xB0, 0xBC, 0x4C, 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62,
+        0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60,
+        /* order */
+        0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89,
+        0x70, 0x3B, 0x5E, 0xC6, 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C,
+        0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 15, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5, 0xC2, 0x70,
+        0x78, 0x06, 0x17,
+        /* y */
+        0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08, 0x78, 0x5C,
+        0xEB, 0xCC, 0x15,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, 0x91, 0xAF,
+        0x6D, 0xEA, 0x73
+    }
+};
+
+/* IPSec curves */
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_IPSEC_155_ID3 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 20, 3
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8,
+        /* order */
+        0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xC7, 0xF3,
+        0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C
+    }
+};
+
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_IPSEC_185_ID4 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 24, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xe9,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
+    }
+};
+
+#endif
+
+/*
+ * These curves were added by Annie Yousar <a.yousar@informatik.hu-berlin.de>
+ * For the definition of RFC 5639 curves see
+ * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable
+ * at random, nevertheless the seed is omitted as parameter because the
+ * generation mechanism is different from those defined in ANSI X9.62.
+ */
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160r1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA,
+        0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
+        /* b */
+        0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D,
+        0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
+        /* x */
+        0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46,
+        0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
+        /* y */
+        0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41,
+        0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160t1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
+        /* b */
+        0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D,
+        0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
+        /* x */
+        0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA,
+        0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
+        /* y */
+        0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84,
+        0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192r1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31,
+        0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF,
+        /* b */
+        0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04,
+        0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9,
+        /* x */
+        0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5,
+        0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6,
+        /* y */
+        0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28,
+        0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192t1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94,
+        /* b */
+        0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4,
+        0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79,
+        /* x */
+        0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7,
+        0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29,
+        /* y */
+        0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA,
+        0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224r1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6,
+        0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59,
+        0xCA, 0xD2, 0x9F, 0x43,
+        /* b */
+        0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1,
+        0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72,
+        0x38, 0x6C, 0x40, 0x0B,
+        /* x */
+        0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2,
+        0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD,
+        0xEE, 0x12, 0xC0, 0x7D,
+        /* y */
+        0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E,
+        0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3,
+        0x76, 0x14, 0x02, 0xCD,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224t1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFC,
+        /* b */
+        0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6,
+        0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1,
+        0x8A, 0x60, 0x88, 0x8D,
+        /* x */
+        0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F,
+        0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60,
+        0x29, 0xB4, 0xD5, 0x80,
+        /* y */
+        0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D,
+        0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F,
+        0x1A, 0x46, 0xDB, 0x4C,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256r1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, 0x75, 0x30,
+        0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C,
+        0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        /* b */
+        0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE,
+        0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6,
+        /* x */
+        0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, 0x48, 0x2F,
+        0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2,
+        0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62,
+        /* y */
+        0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, 0x46, 0x1A,
+        0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54,
+        0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256t1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74,
+        /* b */
+        0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, 0xA7, 0x73,
+        0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25,
+        0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04,
+        /* x */
+        0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, 0x13, 0xB2,
+        0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B,
+        0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4,
+        /* y */
+        0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, 0x22, 0xE1,
+        0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00,
+        0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320r1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, 0xEB, 0xD4,
+        0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA,
+        0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9,
+        0x7D, 0x86, 0x0E, 0xB4,
+        /* b */
+        0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, 0x19, 0x86,
+        0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A,
+        0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC,
+        0x8F, 0xB1, 0xF1, 0xA6,
+        /* x */
+        0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, 0xBC, 0xC4,
+        0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6,
+        0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D,
+        0x39, 0xE2, 0x06, 0x11,
+        /* y */
+        0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, 0x93, 0x24,
+        0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA,
+        0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1,
+        0x69, 0x2E, 0x8E, 0xE1,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320t1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x24,
+        /* b */
+        0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, 0xD1, 0x47,
+        0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67,
+        0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4,
+        0x22, 0x34, 0x03, 0x53,
+        /* x */
+        0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, 0x7D, 0x49,
+        0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB,
+        0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24,
+        0xA2, 0x1B, 0xED, 0x52,
+        /* y */
+        0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, 0xDB, 0xEF,
+        0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD,
+        0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45,
+        0x5F, 0xB0, 0xD2, 0xC3,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384r1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, 0x08, 0x0A,
+        0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87,
+        0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A,
+        0x50, 0x3A, 0xD4, 0xEB, 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26,
+        /* b */
+        0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, 0xB5, 0x54,
+        0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6,
+        0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02,
+        0x95, 0xDB, 0xC9, 0x94, 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11,
+        /* x */
+        0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, 0x3A, 0x81,
+        0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3,
+        0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34,
+        0x36, 0xD6, 0x46, 0xAA, 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E,
+        /* y */
+        0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, 0xEB, 0x8E,
+        0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64,
+        0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21,
+        0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384t1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50,
+        /* b */
+        0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, 0xDB, 0xA6,
+        0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E,
+        0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26,
+        0x3B, 0x88, 0x80, 0x5C, 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE,
+        /* x */
+        0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, 0xCD, 0x72,
+        0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17,
+        0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B,
+        0x94, 0x6A, 0x5F, 0x54, 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC,
+        /* y */
+        0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, 0xAF, 0xD2,
+        0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA,
+        0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58,
+        0x4D, 0xC2, 0xB2, 0x91, 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512r1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, 0x71, 0x45,
+        0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10,
+        0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A,
+        0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5,
+        0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D,
+        0x77, 0xFC, 0x94, 0xCA,
+        /* b */
+        0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC,
+        0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9,
+        0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9,
+        0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67,
+        0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63,
+        0x80, 0x16, 0xF7, 0x23,
+        /* x */
+        0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, 0x32, 0x2E,
+        0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1,
+        0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, 0xFF, 0x3B, 0x1F, 0x78,
+        0xE2, 0xD0, 0xD4, 0x8D, 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F,
+        0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09,
+        0xBC, 0xB9, 0xF8, 0x22,
+        /* y */
+        0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, 0xBF, 0xA9,
+        0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A,
+        0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, 0xB2, 0xDC, 0xDE, 0x49,
+        0x4A, 0x5F, 0x48, 0x5E, 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE,
+        0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F,
+        0x3A, 0xD8, 0x08, 0x92,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512t1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF0,
+        /* b */
+        0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, 0x90, 0xE4,
+        0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52,
+        0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, 0x2B, 0xCD, 0xFA, 0x23,
+        0x04, 0x97, 0x65, 0x40, 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45,
+        0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57,
+        0x18, 0x67, 0x42, 0x3E,
+        /* x */
+        0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, 0xBA, 0x06,
+        0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE,
+        0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, 0x82, 0xBA, 0x51, 0x73,
+        0x5C, 0xDB, 0x3E, 0xA4, 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64,
+        0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96,
+        0xFA, 0x90, 0x35, 0xDA,
+        /* y */
+        0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, 0x92, 0x37,
+        0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0,
+        0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, 0xD9, 0x93, 0x21, 0x84,
+        0xBE, 0xEF, 0x21, 0x6B, 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27,
+        0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E,
+        0x00, 0xF8, 0xB3, 0x32,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+typedef struct _ec_list_element_st {
+    int nid;
+    const EC_CURVE_DATA *data;
+    const EC_METHOD *(*meth) (void);
+    const char *comment;
+} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+    /* prime field curves */
+    /* secg curves */
+    {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+     "SECG curve over a 112 bit prime field"},
+    {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+    {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+     "SECG curve over a 192 bit prime field"},
+    {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+     "SECG curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+     "NIST/SECG curve over a 224 bit prime field"},
+#else
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+     "NIST/SECG curve over a 224 bit prime field"},
+#endif
+    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+     "SECG curve over a 256 bit prime field"},
+    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+    {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
+     "NIST/SECG curve over a 384 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
+     "NIST/SECG curve over a 521 bit prime field"},
+#else
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
+     "NIST/SECG curve over a 521 bit prime field"},
+#endif
+    /* X9.62 curves */
+    {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+     "NIST/X9.62/SECG curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+#if defined(ECP_NISTZ256_ASM)
+     EC_GFp_nistz256_method,
+#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp256_method,
+#else
+     0,
+#endif
+     "X9.62/SECG curve over a 256 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* characteristic two field curves */
+    /* NIST/SECG curves */
+    {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0,
+     "SECG/WTLS curve over a 131 bit binary field"},
+    {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0,
+     "SECG curve over a 131 bit binary field"},
+    {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0,
+     "SECG curve over a 163 bit binary field"},
+    {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
+     "NIST/SECG curve over a 163 bit binary field"},
+    {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0,
+     "SECG curve over a 239 bit binary field"},
+    {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    /* X9.62 curves */
+    {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0,
+     "X9.62 curve over a 176 bit binary field"},
+    {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0,
+     "X9.62 curve over a 208 bit binary field"},
+    {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0,
+     "X9.62 curve over a 272 bit binary field"},
+    {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0,
+     "X9.62 curve over a 304 bit binary field"},
+    {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0,
+     "X9.62 curve over a 359 bit binary field"},
+    {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0,
+     "X9.62 curve over a 368 bit binary field"},
+    {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
+     "X9.62 curve over a 431 bit binary field"},
+    /*
+     * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+     * from X9.62]
+     */
+    {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
+     "WTLS curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+     "WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+     "WTLS curve over a 160 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+     "WTLS curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* IPSec curves */
+    {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+    {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+#endif
+    /* brainpool curves */
+    {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+    {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+};
+
+#define curve_list_length OSSL_NELEM(curve_list)
+
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+{
+    EC_GROUP *group = NULL;
+    EC_POINT *P = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+        NULL;
+    int ok = 0;
+    int seed_len, param_len;
+    const EC_METHOD *meth;
+    const EC_CURVE_DATA *data;
+    const unsigned char *params;
+
+    /* If no curve data curve method must handle everything */
+    if (curve.data == NULL)
+        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+
+    if ((ctx = BN_CTX_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    data = curve.data;
+    seed_len = data->seed_len;
+    param_len = data->param_len;
+    params = (const unsigned char *)(data + 1); /* skip header */
+    params += seed_len;         /* skip seed */
+
+    if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
+        || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
+        || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (curve.meth != 0) {
+        meth = curve.meth();
+        if (((group = EC_GROUP_new(meth)) == NULL) ||
+            (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (data->field_type == NID_X9_62_prime_field) {
+        if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {                      /* field_type ==
+                                 * NID_X9_62_characteristic_two_field */
+
+        if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    if ((P = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
+        || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
+        || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_GROUP_set_generator(group, P, order, x)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (seed_len) {
+        if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    if (!ok) {
+        EC_GROUP_free(group);
+        group = NULL;
+    }
+    EC_POINT_free(P);
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(order);
+    BN_free(x);
+    BN_free(y);
+    return group;
+}
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+    size_t i;
+    EC_GROUP *ret = NULL;
+
+    if (nid <= 0)
+        return NULL;
+
+    for (i = 0; i < curve_list_length; i++)
+        if (curve_list[i].nid == nid) {
+            ret = ec_group_new_from_data(curve_list[i]);
+            break;
+        }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+        return NULL;
+    }
+
+    EC_GROUP_set_curve_name(ret, nid);
+
+    return ret;
+}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+{
+    size_t i, min;
+
+    if (r == NULL || nitems == 0)
+        return curve_list_length;
+
+    min = nitems < curve_list_length ? nitems : curve_list_length;
+
+    for (i = 0; i < min; i++) {
+        r[i].nid = curve_list[i].nid;
+        r[i].comment = curve_list[i].comment;
+    }
+
+    return curve_list_length;
+}
+
+/* Functions to translate between common NIST curve names and NIDs */
+
+typedef struct {
+    const char *name;           /* NIST Name of curve */
+    int nid;                    /* Curve NID */
+} EC_NIST_NAME;
+
+static EC_NIST_NAME nist_curves[] = {
+    {"B-163", NID_sect163r2},
+    {"B-233", NID_sect233r1},
+    {"B-283", NID_sect283r1},
+    {"B-409", NID_sect409r1},
+    {"B-571", NID_sect571r1},
+    {"K-163", NID_sect163k1},
+    {"K-233", NID_sect233k1},
+    {"K-283", NID_sect283k1},
+    {"K-409", NID_sect409k1},
+    {"K-571", NID_sect571k1},
+    {"P-192", NID_X9_62_prime192v1},
+    {"P-224", NID_secp224r1},
+    {"P-256", NID_X9_62_prime256v1},
+    {"P-384", NID_secp384r1},
+    {"P-521", NID_secp521r1}
+};
+
+const char *EC_curve_nid2nist(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (nist_curves[i].nid == nid)
+            return nist_curves[i].name;
+    }
+    return NULL;
+}
+
+int EC_curve_nist2nid(const char *name)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (strcmp(nist_curves[i].name, name) == 0)
+            return nist_curves[i].nid;
+    }
+    return NID_undef;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_cvt.c b/openssl-1.1.0h/crypto/ec/ec_cvt.c
new file mode 100644
index 0000000..bfff6d6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_cvt.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+#if defined(OPENSSL_BN_ASM_MONT)
+    /*
+     * This might appear controversial, but the fact is that generic
+     * prime method was observed to deliver better performance even
+     * for NIST primes on a range of platforms, e.g.: 60%-15%
+     * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25%
+     * in 32-bit build and 35%--12% in 64-bit build on Core2...
+     * Coefficients are relative to optimized bn_nist.c for most
+     * intensive ECDSA verify and ECDH operations for 192- and 521-
+     * bit keys respectively. Choice of these boundary values is
+     * arguable, because the dependency of improvement coefficient
+     * from key length is not a "monotone" curve. For example while
+     * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's
+     * generally faster, sometimes "respectfully" faster, sometimes
+     * "tolerably" slower... What effectively happens is that loop
+     * with bn_mul_add_words is put against bn_mul_mont, and the
+     * latter "wins" on short vectors. Correct solution should be
+     * implementing dedicated NxN multiplication subroutines for
+     * small N. But till it materializes, let's stick to generic
+     * prime method...
+     *                                              <appro>
+     */
+    meth = EC_GFp_mont_method();
+#else
+    if (BN_nist_mod_func(p))
+        meth = EC_GFp_nist_method();
+    else
+        meth = EC_GFp_mont_method();
+#endif
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC2M
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+    meth = EC_GF2m_simple_method();
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ec_err.c b/openssl-1.1.0h/crypto/ec/ec_err.c
new file mode 100644
index 0000000..e4c2c1c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_err.c
@@ -0,0 +1,290 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
+
+static ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_to_felem"},
+    {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
+    {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
+    {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
+    {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "do_EC_KEY_print"},
+    {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"},
+    {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"},
+    {ERR_FUNC(EC_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+    {ERR_FUNC(EC_F_ECDH_SIMPLE_COMPUTE_KEY), "ecdh_simple_compute_key"},
+    {ERR_FUNC(EC_F_ECDSA_DO_SIGN_EX), "ECDSA_do_sign_ex"},
+    {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
+    {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
+    {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
+    {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
+    {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
+    {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
+    {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
+    {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "eckey_priv_decode"},
+    {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "eckey_priv_encode"},
+    {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "eckey_pub_decode"},
+    {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "eckey_pub_encode"},
+    {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "eckey_type2param"},
+    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
+    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
+    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
+    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
+    {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"},
+    {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE),
+     "ecp_nistz256_mult_precompute"},
+    {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"},
+    {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"},
+    {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"},
+    {ERR_FUNC(EC_F_ECX_KEY_OP), "ecx_key_op"},
+    {ERR_FUNC(EC_F_ECX_PRIV_ENCODE), "ecx_priv_encode"},
+    {ERR_FUNC(EC_F_ECX_PUB_ENCODE), "ecx_pub_encode"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "ec_asn1_group2curve"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "ec_asn1_group2fieldid"},
+    {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
+     "ec_GF2m_montgomery_point_multiply"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+     "ec_GF2m_simple_group_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),
+     "ec_GF2m_simple_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+     "ec_GF2m_simple_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+     "ec_GF2m_simple_point_set_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),
+     "ec_GF2m_simple_set_compressed_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),
+     "ec_GFp_mont_field_set_to_one"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
+     "ec_GFp_mont_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),
+     "ec_GFp_nistp224_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES),
+     "ec_GFp_nistp224_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE),
+     "ec_GFp_nistp256_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES),
+     "ec_GFp_nistp256_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE),
+     "ec_GFp_nistp521_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES),
+     "ec_GFp_nistp521_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),
+     "ec_GFp_nist_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+     "ec_GFp_simple_group_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
+     "ec_GFp_simple_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),
+     "ec_GFp_simple_points_make_affine"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+     "ec_GFp_simple_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+     "ec_GFp_simple_point_set_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
+     "ec_GFp_simple_set_compressed_coordinates"},
+    {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
+    {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
+     "EC_GROUP_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_ECPARAMETERS), "EC_GROUP_get_ecparameters"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_ECPKPARAMETERS),
+     "EC_GROUP_get_ecpkparameters"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
+     "EC_GROUP_get_pentanomial_basis"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
+     "EC_GROUP_get_trinomial_basis"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "ec_group_new_from_data"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS),
+     "EC_GROUP_new_from_ecparameters"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS),
+     "EC_GROUP_new_from_ecpkparameters"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
+    {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
+    {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
+    {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
+    {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
+    {ERR_FUNC(EC_F_EC_KEY_NEW_METHOD), "EC_KEY_new_method"},
+    {ERR_FUNC(EC_F_EC_KEY_OCT2PRIV), "EC_KEY_oct2priv"},
+    {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
+    {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
+    {ERR_FUNC(EC_F_EC_KEY_PRIV2OCT), "EC_KEY_priv2oct"},
+    {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),
+     "EC_KEY_set_public_key_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_CHECK_KEY), "ec_key_simple_check_key"},
+    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_OCT2PRIV), "ec_key_simple_oct2priv"},
+    {ERR_FUNC(EC_F_EC_KEY_SIMPLE_PRIV2OCT), "ec_key_simple_priv2oct"},
+    {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
+    {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
+    {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
+    {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
+    {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),
+     "EC_POINT_get_affine_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),
+     "EC_POINT_get_affine_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),
+     "EC_POINT_get_Jprojective_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
+    {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
+    {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
+    {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
+    {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
+    {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
+    {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),
+     "EC_POINT_set_affine_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),
+     "EC_POINT_set_affine_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),
+     "EC_POINT_set_compressed_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),
+     "EC_POINT_set_compressed_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
+     "EC_POINT_set_Jprojective_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
+    {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"},
+    {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
+    {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
+    {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
+    {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
+    {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
+    {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
+    {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "nistp224_pre_comp_new"},
+    {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "nistp256_pre_comp_new"},
+    {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "nistp521_pre_comp_new"},
+    {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
+    {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "old_ec_priv_decode"},
+    {ERR_FUNC(EC_F_OSSL_ECDH_COMPUTE_KEY), "ossl_ecdh_compute_key"},
+    {ERR_FUNC(EC_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
+    {ERR_FUNC(EC_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"},
+    {ERR_FUNC(EC_F_PKEY_ECX_DERIVE), "pkey_ecx_derive"},
+    {ERR_FUNC(EC_F_PKEY_EC_CTRL), "pkey_ec_ctrl"},
+    {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "pkey_ec_ctrl_str"},
+    {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "pkey_ec_derive"},
+    {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "pkey_ec_keygen"},
+    {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "pkey_ec_paramgen"},
+    {ERR_FUNC(EC_F_PKEY_EC_SIGN), "pkey_ec_sign"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
+    {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
+    {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+     "curve does not support ecdh"},
+    {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+     "curve does not support signing"},
+    {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),
+     "d2i ecpkparameters failure"},
+    {ERR_REASON(EC_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
+    {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+     "ec group new by name failure"},
+    {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
+     "group2pkparameters failure"},
+    {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
+     "i2d ecpkparameters failure"},
+    {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
+    {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
+    {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
+    {ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"},
+    {ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
+    {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_REASON(EC_R_INVALID_KEY), "invalid key"},
+    {ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
+    {ERR_REASON(EC_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
+    {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+    {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
+    {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
+    {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
+    {ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
+     "pkparameters2group failure"},
+    {ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
+    {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
+    {ERR_REASON(EC_R_RANDOM_NUMBER_GENERATION_FAILED),
+     "random number generation failed"},
+    {ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_REASON(EC_R_SLOT_FULL), "slot full"},
+    {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"},
+    {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, EC_str_functs);
+        ERR_load_strings(0, EC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_key.c b/openssl-1.1.0h/crypto/ec/ec_key.c
new file mode 100644
index 0000000..f1f0afb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_key.c
@@ -0,0 +1,637 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and
+ * contributed to the OpenSSL project.
+ */
+
+#include <internal/cryptlib.h>
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+EC_KEY *EC_KEY_new(void)
+{
+    return EC_KEY_new_method(NULL);
+}
+
+EC_KEY *EC_KEY_new_by_curve_name(int nid)
+{
+    EC_KEY *ret = EC_KEY_new();
+    if (ret == NULL)
+        return NULL;
+    ret->group = EC_GROUP_new_by_curve_name(nid);
+    if (ret->group == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    if (ret->meth->set_group != NULL
+        && ret->meth->set_group(ret, ret->group) == 0) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void EC_KEY_free(EC_KEY *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    REF_PRINT_COUNT("EC_KEY", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth->finish != NULL)
+        r->meth->finish(r);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    if (r->group && r->group->meth->keyfinish)
+        r->group->meth->keyfinish(r);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
+    CRYPTO_THREAD_lock_free(r->lock);
+    EC_GROUP_free(r->group);
+    EC_POINT_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+
+    OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
+}
+
+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+{
+    if (dest == NULL || src == NULL) {
+        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (src->meth != dest->meth) {
+        if (dest->meth->finish != NULL)
+            dest->meth->finish(dest);
+        if (dest->group && dest->group->meth->keyfinish)
+            dest->group->meth->keyfinish(dest);
+#ifndef OPENSSL_NO_ENGINE
+        if (ENGINE_finish(dest->engine) == 0)
+            return 0;
+        dest->engine = NULL;
+#endif
+    }
+    /* copy the parameters */
+    if (src->group != NULL) {
+        const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+        /* clear the old group */
+        EC_GROUP_free(dest->group);
+        dest->group = EC_GROUP_new(meth);
+        if (dest->group == NULL)
+            return NULL;
+        if (!EC_GROUP_copy(dest->group, src->group))
+            return NULL;
+
+        /*  copy the public key */
+        if (src->pub_key != NULL) {
+            EC_POINT_free(dest->pub_key);
+            dest->pub_key = EC_POINT_new(src->group);
+            if (dest->pub_key == NULL)
+                return NULL;
+            if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+                return NULL;
+        }
+        /* copy the private key */
+        if (src->priv_key != NULL) {
+            if (dest->priv_key == NULL) {
+                dest->priv_key = BN_new();
+                if (dest->priv_key == NULL)
+                    return NULL;
+            }
+            if (!BN_copy(dest->priv_key, src->priv_key))
+                return NULL;
+            if (src->group->meth->keycopy
+                && src->group->meth->keycopy(dest, src) == 0)
+                return NULL;
+        }
+    }
+
+
+    /* copy the rest */
+    dest->enc_flag = src->enc_flag;
+    dest->conv_form = src->conv_form;
+    dest->version = src->version;
+    dest->flags = src->flags;
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
+                            &dest->ex_data, &src->ex_data))
+        return NULL;
+
+    if (src->meth != dest->meth) {
+#ifndef OPENSSL_NO_ENGINE
+        if (src->engine != NULL && ENGINE_init(src->engine) == 0)
+            return NULL;
+        dest->engine = src->engine;
+#endif
+        dest->meth = src->meth;
+    }
+
+    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
+        return NULL;
+
+    return dest;
+}
+
+EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
+{
+    EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
+
+    if (ret == NULL)
+        return NULL;
+
+    if (EC_KEY_copy(ret, ec_key) == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EC_KEY_up_ref(EC_KEY *r)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EC_KEY", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int EC_KEY_generate_key(EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL) {
+        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (eckey->meth->keygen != NULL)
+        return eckey->meth->keygen(eckey);
+    ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ossl_ec_key_gen(EC_KEY *eckey)
+{
+    OPENSSL_assert(eckey->group->meth->keygen != NULL);
+    return eckey->group->meth->keygen(eckey);
+}
+
+int ec_key_simple_generate_key(EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *priv_key = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *pub_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (eckey->priv_key == NULL) {
+        priv_key = BN_new();
+        if (priv_key == NULL)
+            goto err;
+    } else
+        priv_key = eckey->priv_key;
+
+    order = EC_GROUP_get0_order(eckey->group);
+    if (order == NULL)
+        goto err;
+
+    do
+        if (!BN_rand_range(priv_key, order))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (eckey->pub_key == NULL) {
+        pub_key = EC_POINT_new(eckey->group);
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = eckey->pub_key;
+
+    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+        goto err;
+
+    eckey->priv_key = priv_key;
+    eckey->pub_key = pub_key;
+
+    ok = 1;
+
+ err:
+    if (eckey->pub_key == NULL)
+        EC_POINT_free(pub_key);
+    if (eckey->priv_key != priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+int ec_key_simple_generate_public_key(EC_KEY *eckey)
+{
+    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+                        NULL, NULL);
+}
+
+int EC_KEY_check_key(const EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (eckey->group->meth->keycheck == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->keycheck(eckey);
+}
+
+int ec_key_simple_check_key(const EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *point = NULL;
+
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    if ((point = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
+    /* testing whether the pub_key is on the elliptic curve */
+    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+    /* testing whether pub_key * order is the point at infinity */
+    order = eckey->group->order;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_POINT_is_at_infinity(eckey->group, point)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+        goto err;
+    }
+    /*
+     * in case the priv_key is present : check if generator * priv_key ==
+     * pub_key
+     */
+    if (eckey->priv_key != NULL) {
+        if (BN_cmp(eckey->priv_key, order) >= 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+            goto err;
+        }
+        if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+                          NULL, NULL, ctx)) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+}
+
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *tx, *ty;
+    EC_POINT *point = NULL;
+    int ok = 0;
+#ifndef OPENSSL_NO_EC2M
+    int tmp_nid, is_char_two = 0;
+#endif
+
+    if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    point = EC_POINT_new(key->group);
+
+    if (point == NULL)
+        goto err;
+
+    tx = BN_CTX_get(ctx);
+    ty = BN_CTX_get(ctx);
+    if (ty == NULL)
+        goto err;
+
+#ifndef OPENSSL_NO_EC2M
+    tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
+
+    if (tmp_nid == NID_X9_62_characteristic_two_field)
+        is_char_two = 1;
+
+    if (is_char_two) {
+        if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
+                                                  x, y, ctx))
+            goto err;
+        if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
+                                                  tx, ty, ctx))
+            goto err;
+    } else
+#endif
+    {
+        if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
+                                                 x, y, ctx))
+            goto err;
+        if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
+                                                 tx, ty, ctx))
+            goto err;
+    }
+    /*
+     * Check if retrieved coordinates match originals and are less than field
+     * order: if not values are out of range.
+     */
+    if (BN_cmp(x, tx) || BN_cmp(y, ty)
+        || (BN_cmp(x, key->group->field) >= 0)
+        || (BN_cmp(y, key->group->field) >= 0)) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    if (!EC_KEY_set_public_key(key, point))
+        goto err;
+
+    if (EC_KEY_check_key(key) == 0)
+        goto err;
+
+    ok = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+
+}
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
+{
+    return key->group;
+}
+
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
+{
+    if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
+        return 0;
+    EC_GROUP_free(key->group);
+    key->group = EC_GROUP_dup(group);
+    return (key->group == NULL) ? 0 : 1;
+}
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
+{
+    return key->priv_key;
+}
+
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+{
+    if (key->group == NULL || key->group->meth == NULL)
+        return 0;
+    if (key->group->meth->set_private != NULL
+        && key->group->meth->set_private(key, priv_key) == 0)
+        return 0;
+    if (key->meth->set_private != NULL
+        && key->meth->set_private(key, priv_key) == 0)
+        return 0;
+    BN_clear_free(key->priv_key);
+    key->priv_key = BN_dup(priv_key);
+    return (key->priv_key == NULL) ? 0 : 1;
+}
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
+{
+    return key->pub_key;
+}
+
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
+{
+    if (key->meth->set_public != NULL
+        && key->meth->set_public(key, pub_key) == 0)
+        return 0;
+    EC_POINT_free(key->pub_key);
+    key->pub_key = EC_POINT_dup(pub_key, key->group);
+    return (key->pub_key == NULL) ? 0 : 1;
+}
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
+{
+    return key->enc_flag;
+}
+
+void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
+{
+    key->enc_flag = flags;
+}
+
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
+{
+    return key->conv_form;
+}
+
+void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+{
+    key->conv_form = cform;
+    if (key->group != NULL)
+        EC_GROUP_set_point_conversion_form(key->group, cform);
+}
+
+void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+{
+    if (key->group != NULL)
+        EC_GROUP_set_asn1_flag(key->group, flag);
+}
+
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
+{
+    if (key->group == NULL)
+        return 0;
+    return EC_GROUP_precompute_mult(key->group, ctx);
+}
+
+int EC_KEY_get_flags(const EC_KEY *key)
+{
+    return key->flags;
+}
+
+void EC_KEY_set_flags(EC_KEY *key, int flags)
+{
+    key->flags |= flags;
+}
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags)
+{
+    key->flags &= ~flags;
+}
+
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                        unsigned char **pbuf, BN_CTX *ctx)
+{
+    if (key == NULL || key->pub_key == NULL || key->group == NULL)
+        return 0;
+    return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx);
+}
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx)
+{
+    if (key == NULL || key->group == NULL)
+        return 0;
+    if (key->pub_key == NULL)
+        key->pub_key = EC_POINT_new(key->group);
+    if (key->pub_key == NULL)
+        return 0;
+    if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
+        return 0;
+    /*
+     * Save the point conversion form.
+     * For non-custom curves the first octet of the buffer (excluding
+     * the last significant bit) contains the point conversion form.
+     * EC_POINT_oct2point() has already performed sanity checking of
+     * the buffer so we know it is valid.
+     */
+    if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
+        key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
+    return 1;
+}
+
+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+                       unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->priv2oct == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->priv2oct(eckey, buf, len);
+}
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len)
+{
+    size_t buf_len;
+
+    buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
+    if (eckey->priv_key == NULL)
+        return 0;
+    if (buf == NULL)
+        return buf_len;
+    else if (len < buf_len)
+        return 0;
+
+    /* Octetstring may need leading zeros if BN is to short */
+
+    if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
+        ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    return buf_len;
+}
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->oct2priv == NULL) {
+        ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return eckey->group->meth->oct2priv(eckey, buf, len);
+}
+
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->priv_key == NULL)
+        eckey->priv_key = BN_secure_new();
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+        return 0;
+    }
+    return 1;
+}
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
+{
+    size_t len;
+    unsigned char *buf;
+    len = EC_KEY_priv2oct(eckey, NULL, 0);
+    if (len == 0)
+        return 0;
+    buf = OPENSSL_malloc(len);
+    if (buf == NULL)
+        return 0;
+    len = EC_KEY_priv2oct(eckey, buf, len);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
+
+int EC_KEY_can_sign(const EC_KEY *eckey)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL
+        || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
+        return 0;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_kmeth.c b/openssl-1.1.0h/crypto/ec/ec_kmeth.c
new file mode 100644
index 0000000..5e5d1ae
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_kmeth.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+
+static const EC_KEY_METHOD openssl_ec_key_method = {
+    "OpenSSL EC_KEY method",
+    0,
+    0,0,0,0,0,0,
+    ossl_ec_key_gen,
+    ossl_ecdh_compute_key,
+    ossl_ecdsa_sign,
+    ossl_ecdsa_sign_setup,
+    ossl_ecdsa_sign_sig,
+    ossl_ecdsa_verify,
+    ossl_ecdsa_verify_sig
+};
+
+static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void)
+{
+    return &openssl_ec_key_method;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_default_method(void)
+{
+    return default_ec_key_meth;
+}
+
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
+{
+    if (meth == NULL)
+        default_ec_key_meth = &openssl_ec_key_method;
+    else
+        default_ec_key_meth = meth;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key)
+{
+    return key->meth;
+}
+
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
+{
+    void (*finish)(EC_KEY *key) = key->meth->finish;
+
+    if (finish != NULL)
+        finish(key);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(key->engine);
+    key->engine = NULL;
+#endif
+
+    key->meth = meth;
+    if (meth->init != NULL)
+        return meth->init(key);
+    return 1;
+}
+
+EC_KEY *EC_KEY_new_method(ENGINE *engine)
+{
+    EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = EC_KEY_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (!ENGINE_init(engine)) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_EC();
+    if (ret->engine != NULL) {
+        ret->meth = ENGINE_get_EC(ret->engine);
+        if (ret->meth == NULL) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->version = 1;
+    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+    return ret;
+
+err:
+    EC_KEY_free(ret);
+    return NULL;
+}
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
+{
+    unsigned char *sec = NULL;
+    size_t seclen;
+    if (eckey->meth->compute_key == NULL) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+        return 0;
+    }
+    if (outlen > INT_MAX) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+        return 0;
+    }
+    if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+        return 0;
+    if (KDF != NULL) {
+        KDF(sec, seclen, out, &outlen);
+    } else {
+        if (outlen > seclen)
+            outlen = seclen;
+        memcpy(out, sec, outlen);
+    }
+    OPENSSL_clear_free(sec, seclen);
+    return outlen;
+}
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
+{
+    EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth));
+
+    if (ret == NULL)
+        return NULL;
+    if (meth != NULL)
+        *ret = *meth;
+    ret->flags |= EC_KEY_METHOD_DYNAMIC;
+    return ret;
+}
+
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
+{
+    if (meth->flags & EC_KEY_METHOD_DYNAMIC)
+        OPENSSL_free(meth);
+}
+
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key))
+{
+    meth->init = init;
+    meth->finish = finish;
+    meth->copy = copy;
+    meth->set_group = set_group;
+    meth->set_private = set_private;
+    meth->set_public = set_public;
+}
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key))
+{
+    meth->keygen = keygen;
+}
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    meth->compute_key = ckey;
+}
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey))
+{
+    meth->sign = sign;
+    meth->sign_setup = sign_setup;
+    meth->sign_sig = sign_sig;
+}
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey))
+{
+    meth->verify = verify;
+    meth->verify_sig = verify_sig;
+}
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key))
+{
+    if (pinit != NULL)
+        *pinit = meth->init;
+    if (pfinish != NULL)
+        *pfinish = meth->finish;
+    if (pcopy != NULL)
+        *pcopy = meth->copy;
+    if (pset_group != NULL)
+        *pset_group = meth->set_group;
+    if (pset_private != NULL)
+        *pset_private = meth->set_private;
+    if (pset_public != NULL)
+        *pset_public = meth->set_public;
+}
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key))
+{
+    if (pkeygen != NULL)
+        *pkeygen = meth->keygen;
+}
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **pout,
+                                               size_t *poutlen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    if (pck != NULL)
+        *pck = meth->compute_key;
+}
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey))
+{
+    if (psign != NULL)
+        *psign = meth->sign;
+    if (psign_setup != NULL)
+        *psign_setup = meth->sign_setup;
+    if (psign_sig != NULL)
+        *psign_sig = meth->sign_sig;
+}
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey))
+{
+    if (pverify != NULL)
+        *pverify = meth->verify;
+    if (pverify_sig != NULL)
+        *pverify_sig = meth->verify_sig;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_lcl.h b/openssl-1.1.0h/crypto/ec/ec_lcl.h
new file mode 100644
index 0000000..ded35a7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_lcl.h
@@ -0,0 +1,613 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdlib.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#include "e_os.h"
+
+#if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+#  pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+#endif
+
+/* Use default functions for poin2oct, oct2point and compressed coordinates */
+#define EC_FLAGS_DEFAULT_OCT    0x1
+
+/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */
+#define EC_FLAGS_CUSTOM_CURVE   0x2
+
+/* Curve does not support signing operations */
+#define EC_FLAGS_NO_SIGN        0x4
+
+/*
+ * Structure details are not part of the exported interface, so all this may
+ * change in future versions.
+ */
+
+struct ec_method_st {
+    /* Various method flags */
+    int flags;
+    /* used by EC_METHOD_get_field_type: */
+    int field_type;             /* a NID */
+    /*
+     * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
+     * EC_GROUP_copy:
+     */
+    int (*group_init) (EC_GROUP *);
+    void (*group_finish) (EC_GROUP *);
+    void (*group_clear_finish) (EC_GROUP *);
+    int (*group_copy) (EC_GROUP *, const EC_GROUP *);
+    /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
+    /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+    int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+    int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                            BN_CTX *);
+    /* used by EC_GROUP_get_degree: */
+    int (*group_get_degree) (const EC_GROUP *);
+    int (*group_order_bits) (const EC_GROUP *);
+    /* used by EC_GROUP_check: */
+    int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
+    /*
+     * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+     * EC_POINT_copy:
+     */
+    int (*point_init) (EC_POINT *);
+    void (*point_finish) (EC_POINT *);
+    void (*point_clear_finish) (EC_POINT *);
+    int (*point_copy) (EC_POINT *, const EC_POINT *);
+    /*-
+     * used by EC_POINT_set_to_infinity,
+     * EC_POINT_set_Jprojective_coordinates_GFp,
+     * EC_POINT_get_Jprojective_coordinates_GFp,
+     * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
+     * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
+     * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
+     */
+    int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
+    int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+    int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+    int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *);
+    int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *);
+    int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+    /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+    size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, unsigned char *buf,
+                         size_t len, BN_CTX *);
+    int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
+                      size_t len, BN_CTX *);
+    /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+    int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                const EC_POINT *b, BN_CTX *);
+    int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+    int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    /*
+     * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
+     */
+    int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
+    int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
+    int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+    /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+    int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
+                               BN_CTX *);
+    /*
+     * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
+     * EC_POINT_have_precompute_mult (default implementations are used if the
+     * 'mul' pointer is 0):
+     */
+    int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+    int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
+    int (*have_precompute_mult) (const EC_GROUP *group);
+    /* internal functions */
+    /*
+     * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
+     * 'dbl' so that the same implementations of point operations can be used
+     * with different optimized implementations of expensive field
+     * operations:
+     */
+    int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+    int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    /* e.g. to Montgomery */
+    int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    /* e.g. from Montgomery */
+    int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
+    /* private key operations */
+    size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
+    int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
+    int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
+    int (*keygen)(EC_KEY *eckey);
+    int (*keycheck)(const EC_KEY *eckey);
+    int (*keygenpub)(EC_KEY *eckey);
+    int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
+    void (*keyfinish)(EC_KEY *eckey);
+    /* custom ECDH operation */
+    int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+};
+
+/*
+ * Types and functions to manipulate pre-computed values.
+ */
+typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP;
+typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP;
+typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP;
+typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP;
+typedef struct ec_pre_comp_st EC_PRE_COMP;
+
+struct ec_group_st {
+    const EC_METHOD *meth;
+    EC_POINT *generator;        /* optional */
+    BIGNUM *order, *cofactor;
+    int curve_name;             /* optional NID for named curve */
+    int asn1_flag;              /* flag to control the asn1 encoding */
+    point_conversion_form_t asn1_form;
+    unsigned char *seed;        /* optional seed for parameters (appears in
+                                 * ASN1) */
+    size_t seed_len;
+    /*
+     * The following members are handled by the method functions, even if
+     * they appear generic
+     */
+    /*
+     * Field specification. For curves over GF(p), this is the modulus; for
+     * curves over GF(2^m), this is the irreducible polynomial defining the
+     * field.
+     */
+    BIGNUM *field;
+    /*
+     * Field specification for curves over GF(2^m). The irreducible f(t) is
+     * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
+     * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with
+     * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero
+     * terms.
+     */
+    int poly[6];
+    /*
+     * Curve coefficients. (Here the assumption is that BIGNUMs can be used
+     * or abused for all kinds of fields, not just GF(p).) For characteristic
+     * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
+     * x^3 + a*x + b. For characteristic 2, the curve is defined by an
+     * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
+     */
+    BIGNUM *a, *b;
+    /* enable optimized point arithmetics for special case */
+    int a_is_minus3;
+    /* method-specific (e.g., Montgomery structure) */
+    void *field_data1;
+    /* method-specific */
+    void *field_data2;
+    /* method-specific */
+    int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
+                           BN_CTX *);
+    /* data for ECDSA inverse */
+    BN_MONT_CTX *mont_data;
+
+    /*
+     * Precomputed values for speed. The PCT_xxx names match the
+     * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP
+     * macros, below.
+     */
+    enum {
+        PCT_none,
+        PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256,
+        PCT_ec
+    } pre_comp_type;
+    union {
+        NISTP224_PRE_COMP *nistp224;
+        NISTP256_PRE_COMP *nistp256;
+        NISTP521_PRE_COMP *nistp521;
+        NISTZ256_PRE_COMP *nistz256;
+        EC_PRE_COMP *ec;
+    } pre_comp;
+};
+
+#define SETPRECOMP(g, type, pre) \
+    g->pre_comp_type = PCT_##type, g->pre_comp.type = pre
+#define HAVEPRECOMP(g, type) \
+    g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL
+
+struct ec_key_st {
+    const EC_KEY_METHOD *meth;
+    ENGINE *engine;
+    int version;
+    EC_GROUP *group;
+    EC_POINT *pub_key;
+    BIGNUM *priv_key;
+    unsigned int enc_flag;
+    point_conversion_form_t conv_form;
+    int references;
+    int flags;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct ec_point_st {
+    const EC_METHOD *meth;
+    /*
+     * All members except 'meth' are handled by the method functions, even if
+     * they appear generic
+     */
+    BIGNUM *X;
+    BIGNUM *Y;
+    BIGNUM *Z;                  /* Jacobian projective coordinates: * (X, Y,
+                                 * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
+    int Z_is_one;               /* enable optimized point arithmetics for
+                                 * special case */
+};
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *);
+
+void EC_pre_comp_free(EC_GROUP *group);
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *);
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *);
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *);
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *);
+void EC_ec_pre_comp_free(EC_PRE_COMP *);
+
+/*
+ * method functions in ec_mult.c (ec_lib.c uses these as defaults if
+ * group->method->mul is 0)
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                  const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                               const EC_POINT *, BIGNUM *x,
+                                               BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                            const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                     EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                   const BIGNUM *a, const BIGNUM *b,
+                                   BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                   BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                                const EC_POINT *, BIGNUM *x,
+                                                BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                             const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                       BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                      EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+
+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+                       const BIGNUM *scalar, size_t num,
+                       const EC_POINT *points[], const BIGNUM *scalars[],
+                       BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* method functions in ecp_nistp224.c */
+int ec_GFp_nistp224_group_init(EC_GROUP *group);
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp256.c */
+int ec_GFp_nistp256_group_init(EC_GROUP *group);
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp521.c */
+int ec_GFp_nistp521_group_init(EC_GROUP *group);
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
+
+/* utility functions in ecp_nistputil.c */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in));
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in);
+#endif
+int ec_precompute_mont_data(EC_GROUP *);
+int ec_group_simple_order_bits(const EC_GROUP *group);
+
+#ifdef ECP_NISTZ256_ASM
+/** Returns GFp methods using montgomery multiplication, with x86-64 optimized
+ * P256. See http://eprint.iacr.org/2013/816.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistz256_method(void);
+#endif
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len);
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+int ec_key_simple_generate_key(EC_KEY *eckey);
+int ec_key_simple_generate_public_key(EC_KEY *eckey);
+int ec_key_simple_check_key(const EC_KEY *eckey);
+
+/* EC_METHOD definitions */
+
+struct ec_key_method_st {
+    const char *name;
+    int32_t flags;
+    int (*init)(EC_KEY *key);
+    void (*finish)(EC_KEY *key);
+    int (*copy)(EC_KEY *dest, const EC_KEY *src);
+    int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
+    int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
+    int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
+    int (*keygen)(EC_KEY *key);
+    int (*compute_key)(unsigned char **pout, size_t *poutlen,
+                       const EC_POINT *pub_key, const EC_KEY *ecdh);
+    int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
+                *sig, unsigned int *siglen, const BIGNUM *kinv,
+                const BIGNUM *r, EC_KEY *eckey);
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                      BIGNUM **rp);
+    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
+                           const BIGNUM *in_kinv, const BIGNUM *in_r,
+                           EC_KEY *eckey);
+
+    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+                  const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+                      const ECDSA_SIG *sig, EC_KEY *eckey);
+};
+
+#define EC_KEY_METHOD_DYNAMIC   1
+
+int ossl_ec_key_gen(EC_KEY *eckey);
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+
+struct ECDSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey);
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey);
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]);
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]);
diff --git a/openssl-1.1.0h/crypto/ec/ec_lib.c b/openssl-1.1.0h/crypto/ec/ec_lib.c
new file mode 100644
index 0000000..7cb4bfe
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_lib.c
@@ -0,0 +1,1004 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+{
+    EC_GROUP *ret;
+
+    if (meth == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
+        return NULL;
+    }
+    if (meth->group_init == 0) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = meth;
+    if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        ret->order = BN_new();
+        if (ret->order == NULL)
+            goto err;
+        ret->cofactor = BN_new();
+        if (ret->cofactor == NULL)
+            goto err;
+    }
+    ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
+    ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+    if (!meth->group_init(ret))
+        goto err;
+    return ret;
+
+ err:
+    BN_free(ret->order);
+    BN_free(ret->cofactor);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void EC_pre_comp_free(EC_GROUP *group)
+{
+    switch (group->pre_comp_type) {
+    default:
+        break;
+#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+    case PCT_nistz256:
+        EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
+        break;
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
+        break;
+#endif
+    case PCT_ec:
+        EC_ec_pre_comp_free(group->pre_comp.ec);
+        break;
+    }
+    group->pre_comp.ec = NULL;
+}
+
+void EC_GROUP_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_free(group->generator);
+    BN_free(group->order);
+    BN_free(group->cofactor);
+    OPENSSL_free(group->seed);
+    OPENSSL_free(group);
+}
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_clear_finish != 0)
+        group->meth->group_clear_finish(group);
+    else if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_clear_free(group->generator);
+    BN_clear_free(group->order);
+    BN_clear_free(group->cofactor);
+    OPENSSL_clear_free(group->seed, group->seed_len);
+    OPENSSL_clear_free(group, sizeof(*group));
+}
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (dest->meth->group_copy == 0) {
+        ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+
+    /* Copy precomputed */
+    dest->pre_comp_type = src->pre_comp_type;
+    switch (src->pre_comp_type) {
+    default:
+        dest->pre_comp.ec = NULL;
+        break;
+#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+    case PCT_nistz256:
+        dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
+        break;
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
+        break;
+#endif
+    case PCT_ec:
+        dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
+        break;
+    }
+
+    if (src->mont_data != NULL) {
+        if (dest->mont_data == NULL) {
+            dest->mont_data = BN_MONT_CTX_new();
+            if (dest->mont_data == NULL)
+                return 0;
+        }
+        if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        BN_MONT_CTX_free(dest->mont_data);
+        dest->mont_data = NULL;
+    }
+
+    if (src->generator != NULL) {
+        if (dest->generator == NULL) {
+            dest->generator = EC_POINT_new(dest);
+            if (dest->generator == NULL)
+                return 0;
+        }
+        if (!EC_POINT_copy(dest->generator, src->generator))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        EC_POINT_clear_free(dest->generator);
+        dest->generator = NULL;
+    }
+
+    if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        if (!BN_copy(dest->order, src->order))
+            return 0;
+        if (!BN_copy(dest->cofactor, src->cofactor))
+            return 0;
+    }
+
+    dest->curve_name = src->curve_name;
+    dest->asn1_flag = src->asn1_flag;
+    dest->asn1_form = src->asn1_form;
+
+    if (src->seed) {
+        OPENSSL_free(dest->seed);
+        dest->seed = OPENSSL_malloc(src->seed_len);
+        if (dest->seed == NULL)
+            return 0;
+        if (!memcpy(dest->seed, src->seed, src->seed_len))
+            return 0;
+        dest->seed_len = src->seed_len;
+    } else {
+        OPENSSL_free(dest->seed);
+        dest->seed = NULL;
+        dest->seed_len = 0;
+    }
+
+    return dest->meth->group_copy(dest, src);
+}
+
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+{
+    EC_GROUP *t = NULL;
+    int ok = 0;
+
+    if (a == NULL)
+        return NULL;
+
+    if ((t = EC_GROUP_new(a->meth)) == NULL)
+        return (NULL);
+    if (!EC_GROUP_copy(t, a))
+        goto err;
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_free(t);
+        return NULL;
+    }
+        return t;
+}
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+{
+    return group->meth;
+}
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+{
+    return meth->field_type;
+}
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor)
+{
+    if (generator == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (group->generator == NULL) {
+        group->generator = EC_POINT_new(group);
+        if (group->generator == NULL)
+            return 0;
+    }
+    if (!EC_POINT_copy(group->generator, generator))
+        return 0;
+
+    if (order != NULL) {
+        if (!BN_copy(group->order, order))
+            return 0;
+    } else
+        BN_zero(group->order);
+
+    if (cofactor != NULL) {
+        if (!BN_copy(group->cofactor, cofactor))
+            return 0;
+    } else
+        BN_zero(group->cofactor);
+
+    /*
+     * Some groups have an order with
+     * factors of two, which makes the Montgomery setup fail.
+     * |group->mont_data| will be NULL in this case.
+     */
+    if (BN_is_odd(group->order)) {
+        return ec_precompute_mont_data(group);
+    }
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+    return 1;
+}
+
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+{
+    return group->generator;
+}
+
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
+{
+    return group->mont_data;
+}
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+{
+    if (group->order == NULL)
+        return 0;
+    if (!BN_copy(order, group->order))
+        return 0;
+
+    return !BN_is_zero(order);
+}
+
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
+{
+    return group->order;
+}
+
+int EC_GROUP_order_bits(const EC_GROUP *group)
+{
+    OPENSSL_assert(group->meth->group_order_bits != NULL);
+    return group->meth->group_order_bits(group);
+}
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx)
+{
+
+    if (group->cofactor == NULL)
+        return 0;
+    if (!BN_copy(cofactor, group->cofactor))
+        return 0;
+
+    return !BN_is_zero(group->cofactor);
+}
+
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
+{
+    return group->cofactor;
+}
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
+{
+    group->curve_name = nid;
+}
+
+int EC_GROUP_get_curve_name(const EC_GROUP *group)
+{
+    return group->curve_name;
+}
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
+{
+    group->asn1_flag = flag;
+}
+
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
+{
+    return group->asn1_flag;
+}
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form)
+{
+    group->asn1_form = form;
+}
+
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
+                                                           *group)
+{
+    return group->asn1_form;
+}
+
+size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(group->seed);
+    group->seed = NULL;
+    group->seed_len = 0;
+
+    if (!len || !p)
+        return 1;
+
+    if ((group->seed = OPENSSL_malloc(len)) == NULL)
+        return 0;
+    memcpy(group->seed, p, len);
+    group->seed_len = len;
+
+    return len;
+}
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
+{
+    return group->seed;
+}
+
+size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
+{
+    return group->seed_len;
+}
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == 0) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                            BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == 0) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+#endif
+
+int EC_GROUP_get_degree(const EC_GROUP *group)
+{
+    if (group->meth->group_get_degree == 0) {
+        ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_degree(group);
+}
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->group_check_discriminant == 0) {
+        ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_check_discriminant(group, ctx);
+}
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+{
+    int r = 0;
+    BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+    BN_CTX *ctx_new = NULL;
+
+    /* compare the field types */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+        EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+        return 1;
+    /* compare the curve name (if present in both) */
+    if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+        EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+        return 1;
+    if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
+        return 0;
+
+    if (ctx == NULL)
+        ctx_new = ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    BN_CTX_start(ctx);
+    a1 = BN_CTX_get(ctx);
+    a2 = BN_CTX_get(ctx);
+    a3 = BN_CTX_get(ctx);
+    b1 = BN_CTX_get(ctx);
+    b2 = BN_CTX_get(ctx);
+    b3 = BN_CTX_get(ctx);
+    if (b3 == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx_new);
+        return -1;
+    }
+
+    /*
+     * XXX This approach assumes that the external representation of curves
+     * over the same field type is the same.
+     */
+    if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
+        !b->meth->group_get_curve(b, b1, b2, b3, ctx))
+        r = 1;
+
+    if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
+        r = 1;
+
+    /* XXX EC_POINT_cmp() assumes that the methods are equal */
+    if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
+                          EC_GROUP_get0_generator(b), ctx))
+        r = 1;
+
+    if (!r) {
+        const BIGNUM *ao, *bo, *ac, *bc;
+        /* compare the order and cofactor */
+        ao = EC_GROUP_get0_order(a);
+        bo = EC_GROUP_get0_order(b);
+        ac = EC_GROUP_get0_cofactor(a);
+        bc = EC_GROUP_get0_cofactor(b);
+        if (ao == NULL || bo == NULL) {
+            BN_CTX_end(ctx);
+            BN_CTX_free(ctx_new);
+            return -1;
+        }
+        if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
+            r = 1;
+    }
+
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx_new);
+
+    return r;
+}
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+{
+    EC_POINT *ret;
+
+    if (group == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (group->meth->point_init == 0) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = group->meth;
+
+    if (!ret->meth->point_init(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void EC_POINT_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_free(point);
+}
+
+void EC_POINT_clear_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_clear_finish != 0)
+        point->meth->point_clear_finish(point);
+    else if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_clear_free(point, sizeof(*point));
+}
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (dest->meth->point_copy == 0) {
+        ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+    return dest->meth->point_copy(dest, src);
+}
+
+EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
+{
+    EC_POINT *t;
+    int r;
+
+    if (a == NULL)
+        return NULL;
+
+    t = EC_POINT_new(group);
+    if (t == NULL)
+        return (NULL);
+    r = EC_POINT_copy(t, a);
+    if (!r) {
+        EC_POINT_free(t);
+        return NULL;
+    }
+    return t;
+}
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+{
+    return point->meth;
+}
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+{
+    if (group->meth->point_set_to_infinity == 0) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_to_infinity(group, point);
+}
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *point, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
+        return 0;
+
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+              EC_R_POINT_IS_NOT_ON_CURVE);
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         EC_POINT *point, const BIGNUM *x,
+                                         const BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
+        return 0;
+
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+              EC_R_POINT_IS_NOT_ON_CURVE);
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *point, BIGNUM *x,
+                                         BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+#endif
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx)
+{
+    if (group->meth->add == 0) {
+        ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if ((group->meth != r->meth) || (r->meth != a->meth)
+        || (a->meth != b->meth)) {
+        ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->add(group, r, a, b, ctx);
+}
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx)
+{
+    if (group->meth->dbl == 0) {
+        ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if ((group->meth != r->meth) || (r->meth != a->meth)) {
+        ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->dbl(group, r, a, ctx);
+}
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+{
+    if (group->meth->invert == 0) {
+        ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != a->meth) {
+        ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->invert(group, a, ctx);
+}
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    if (group->meth->is_at_infinity == 0) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_at_infinity(group, point);
+}
+
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ *  1: The point is on the curve
+ *  0: The point is not on the curve
+ * -1: An error occurred
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    if (group->meth->is_on_curve == 0) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx)
+{
+    if (group->meth->point_cmp == 0) {
+        ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+    if ((group->meth != a->meth) || (a->meth != b->meth)) {
+        ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+        return -1;
+    }
+    return group->meth->point_cmp(group, a, b, ctx);
+}
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (group->meth->make_affine == 0) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->make_affine(group, point, ctx);
+}
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    if (group->meth->points_make_affine == 0) {
+        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (group->meth != points[i]->meth) {
+            ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+    return group->meth->points_make_affine(group, num, points, ctx);
+}
+
+/*
+ * Functions for point multiplication. If group->meth->mul is 0, we use the
+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
+ * methods.
+ */
+
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                  size_t num, const EC_POINT *points[],
+                  const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+}
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+                 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+{
+    /* just a convenient interface to EC_POINTs_mul() */
+
+    const EC_POINT *points[1];
+    const BIGNUM *scalars[1];
+
+    points[0] = point;
+    scalars[0] = p_scalar;
+
+    return EC_POINTs_mul(group, r, g_scalar,
+                         (point != NULL
+                          && p_scalar != NULL), points, scalars, ctx);
+}
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_precompute_mult(group, ctx);
+
+    if (group->meth->precompute_mult != 0)
+        return group->meth->precompute_mult(group, ctx);
+    else
+        return 1;               /* nothing to do, so report success */
+}
+
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_have_precompute_mult(group);
+
+    if (group->meth->have_precompute_mult != 0)
+        return group->meth->have_precompute_mult(group);
+    else
+        return 0;               /* cannot tell whether precomputation has
+                                 * been performed */
+}
+
+/*
+ * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
+ * returns one on success. On error it returns zero.
+ */
+int ec_precompute_mont_data(EC_GROUP *group)
+{
+    BN_CTX *ctx = BN_CTX_new();
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+
+    if (ctx == NULL)
+        goto err;
+
+    group->mont_data = BN_MONT_CTX_new();
+    if (group->mont_data == NULL)
+        goto err;
+
+    if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
+        BN_MONT_CTX_free(group->mont_data);
+        group->mont_data = NULL;
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
+}
+
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
+{
+    return CRYPTO_get_ex_data(&key->ex_data, idx);
+}
+
+int ec_group_simple_order_bits(const EC_GROUP *group)
+{
+    if (group->order == NULL)
+        return 0;
+    return BN_num_bits(group->order);
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_mult.c b/openssl-1.1.0h/crypto/ec/ec_mult.c
new file mode 100644
index 0000000..b39777f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_mult.c
@@ -0,0 +1,684 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+/*
+ * This file implements the wNAF-based interleaving multi-exponentiation method
+ * Formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp
+ * You might now find it here:
+ *   http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13
+ *   http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf
+ * For multiplication with precomputation, we use wNAF splitting, formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp
+ */
+
+/* structure for precomputed multiples of the generator */
+struct ec_pre_comp_st {
+    const EC_GROUP *group;      /* parent EC_GROUP object */
+    size_t blocksize;           /* block size for wNAF splitting */
+    size_t numblocks;           /* max. number of blocks for which we have
+                                 * precomputation */
+    size_t w;                   /* window size */
+    EC_POINT **points;          /* array with pre-calculated multiples of
+                                 * generator: 'num' pointers to EC_POINT
+                                 * objects followed by a NULL */
+    size_t num;                 /* numblocks * 2^(w-1) */
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
+{
+    EC_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->blocksize = 8;         /* default */
+    ret->w = 4;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
+{
+    int i;
+    if (pre != NULL)
+        CRYPTO_atomic_add(&pre->references, 1, &i, pre->lock);
+    return pre;
+}
+
+void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    REF_PRINT_COUNT("EC_ec", pre);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (pre->points != NULL) {
+        EC_POINT **pts;
+
+        for (pts = pre->points; *pts != NULL; pts++)
+            EC_POINT_free(*pts);
+        OPENSSL_free(pre->points);
+    }
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+/*
+ * TODO: table should be optimised for the wNAF-based implementation,
+ * sometimes smaller windows will give better performance (thus the
+ * boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+                ((size_t) \
+                 ((b) >= 2000 ? 6 : \
+                  (b) >=  800 ? 5 : \
+                  (b) >=  300 ? 4 : \
+                  (b) >=   70 ? 3 : \
+                  (b) >=   20 ? 2 : \
+                  1))
+
+/*-
+ * Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    const EC_POINT *generator = NULL;
+    EC_POINT *tmp = NULL;
+    size_t totalnum;
+    size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
+    size_t pre_points_per_block = 0;
+    size_t i, j;
+    int k;
+    int r_is_inverted = 0;
+    int r_is_at_infinity = 1;
+    size_t *wsize = NULL;       /* individual window sizes */
+    signed char **wNAF = NULL;  /* individual wNAFs */
+    size_t *wNAF_len = NULL;
+    size_t max_len = 0;
+    size_t num_val;
+    EC_POINT **val = NULL;      /* precomputation */
+    EC_POINT **v;
+    EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or
+                                 * 'pre_comp->points' */
+    const EC_PRE_COMP *pre_comp = NULL;
+    int num_scalar = 0;         /* flag: will be set to 1 if 'scalar' must be
+                                 * treated like other scalars, i.e.
+                                 * precomputation is not available */
+    int ret = 0;
+
+    if (group->meth != r->meth) {
+        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+
+    if ((scalar == NULL) && (num == 0)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    for (i = 0; i < num; i++) {
+        if (group->meth != points[i]->meth) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    if (scalar != NULL) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+
+        pre_comp = group->pre_comp.ec;
+        if (pre_comp && pre_comp->numblocks
+            && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
+                0)) {
+            blocksize = pre_comp->blocksize;
+
+            /*
+             * determine maximum number of blocks that wNAF splitting may
+             * yield (NB: maximum wNAF length is bit length plus one)
+             */
+            numblocks = (BN_num_bits(scalar) / blocksize) + 1;
+
+            /*
+             * we cannot use more blocks than we have precomputation for
+             */
+            if (numblocks > pre_comp->numblocks)
+                numblocks = pre_comp->numblocks;
+
+            pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
+
+            /* check that pre_comp looks sane */
+            if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        } else {
+            /* can't use precomputation */
+            pre_comp = NULL;
+            numblocks = 1;
+            num_scalar = 1;     /* treat 'scalar' like 'num'-th element of
+                                 * 'scalars' */
+        }
+    }
+
+    totalnum = num + numblocks;
+
+    wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
+    wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
+    /* include space for pivot */
+    wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
+    val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
+
+    /* Ensure wNAF is initialised in case we end up going to err */
+    if (wNAF != NULL)
+        wNAF[0] = NULL;         /* preliminary pivot */
+
+    if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * num_val will be the total number of temporarily precomputed points
+     */
+    num_val = 0;
+
+    for (i = 0; i < num + num_scalar; i++) {
+        size_t bits;
+
+        bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+        wsize[i] = EC_window_bits_for_scalar_size(bits);
+        num_val += (size_t)1 << (wsize[i] - 1);
+        wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
+        wNAF[i] =
+            bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+                            &wNAF_len[i]);
+        if (wNAF[i] == NULL)
+            goto err;
+        if (wNAF_len[i] > max_len)
+            max_len = wNAF_len[i];
+    }
+
+    if (numblocks) {
+        /* we go here iff scalar != NULL */
+
+        if (pre_comp == NULL) {
+            if (num_scalar != 1) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /* we have already generated a wNAF for 'scalar' */
+        } else {
+            signed char *tmp_wNAF = NULL;
+            size_t tmp_len = 0;
+
+            if (num_scalar != 0) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /*
+             * use the window size for which we have precomputation
+             */
+            wsize[num] = pre_comp->w;
+            tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len);
+            if (!tmp_wNAF)
+                goto err;
+
+            if (tmp_len <= max_len) {
+                /*
+                 * One of the other wNAFs is at least as long as the wNAF
+                 * belonging to the generator, so wNAF splitting will not buy
+                 * us anything.
+                 */
+
+                numblocks = 1;
+                totalnum = num + 1; /* don't use wNAF splitting */
+                wNAF[num] = tmp_wNAF;
+                wNAF[num + 1] = NULL;
+                wNAF_len[num] = tmp_len;
+                /*
+                 * pre_comp->points starts with the points that we need here:
+                 */
+                val_sub[num] = pre_comp->points;
+            } else {
+                /*
+                 * don't include tmp_wNAF directly into wNAF array - use wNAF
+                 * splitting and include the blocks
+                 */
+
+                signed char *pp;
+                EC_POINT **tmp_points;
+
+                if (tmp_len < numblocks * blocksize) {
+                    /*
+                     * possibly we can do with fewer blocks than estimated
+                     */
+                    numblocks = (tmp_len + blocksize - 1) / blocksize;
+                    if (numblocks > pre_comp->numblocks) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    totalnum = num + numblocks;
+                }
+
+                /* split wNAF in 'numblocks' parts */
+                pp = tmp_wNAF;
+                tmp_points = pre_comp->points;
+
+                for (i = num; i < totalnum; i++) {
+                    if (i < totalnum - 1) {
+                        wNAF_len[i] = blocksize;
+                        if (tmp_len < blocksize) {
+                            ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
+                            goto err;
+                        }
+                        tmp_len -= blocksize;
+                    } else
+                        /*
+                         * last block gets whatever is left (this could be
+                         * more or less than 'blocksize'!)
+                         */
+                        wNAF_len[i] = tmp_len;
+
+                    wNAF[i + 1] = NULL;
+                    wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+                    if (wNAF[i] == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    memcpy(wNAF[i], pp, wNAF_len[i]);
+                    if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
+
+                    if (*tmp_points == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    val_sub[i] = tmp_points;
+                    tmp_points += pre_points_per_block;
+                    pp += blocksize;
+                }
+                OPENSSL_free(tmp_wNAF);
+            }
+        }
+    }
+
+    /*
+     * All points we precompute now go into a single array 'val'.
+     * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
+     * subarray of 'pre_comp->points' if we already have precomputation.
+     */
+    val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
+    if (val == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    val[num_val] = NULL;        /* pivot element */
+
+    /* allocate points for precomputation */
+    v = val;
+    for (i = 0; i < num + num_scalar; i++) {
+        val_sub[i] = v;
+        for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+            *v = EC_POINT_new(group);
+            if (*v == NULL)
+                goto err;
+            v++;
+        }
+    }
+    if (!(v == val + num_val)) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL)
+        goto err;
+
+    /*-
+     * prepare precomputed values:
+     *    val_sub[i][0] :=     points[i]
+     *    val_sub[i][1] := 3 * points[i]
+     *    val_sub[i][2] := 5 * points[i]
+     *    ...
+     */
+    for (i = 0; i < num + num_scalar; i++) {
+        if (i < num) {
+            if (!EC_POINT_copy(val_sub[i][0], points[i]))
+                goto err;
+        } else {
+            if (!EC_POINT_copy(val_sub[i][0], generator))
+                goto err;
+        }
+
+        if (wsize[i] > 1) {
+            if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))
+                goto err;
+            for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+                if (!EC_POINT_add
+                    (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+        goto err;
+
+    r_is_at_infinity = 1;
+
+    for (k = max_len - 1; k >= 0; k--) {
+        if (!r_is_at_infinity) {
+            if (!EC_POINT_dbl(group, r, r, ctx))
+                goto err;
+        }
+
+        for (i = 0; i < totalnum; i++) {
+            if (wNAF_len[i] > (size_t)k) {
+                int digit = wNAF[i][k];
+                int is_neg;
+
+                if (digit) {
+                    is_neg = digit < 0;
+
+                    if (is_neg)
+                        digit = -digit;
+
+                    if (is_neg != r_is_inverted) {
+                        if (!r_is_at_infinity) {
+                            if (!EC_POINT_invert(group, r, ctx))
+                                goto err;
+                        }
+                        r_is_inverted = !r_is_inverted;
+                    }
+
+                    /* digit > 0 */
+
+                    if (r_is_at_infinity) {
+                        if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+                            goto err;
+                        r_is_at_infinity = 0;
+                    } else {
+                        if (!EC_POINT_add
+                            (group, r, r, val_sub[i][digit >> 1], ctx))
+                            goto err;
+                    }
+                }
+            }
+        }
+    }
+
+    if (r_is_at_infinity) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (r_is_inverted)
+            if (!EC_POINT_invert(group, r, ctx))
+                goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    EC_POINT_free(tmp);
+    OPENSSL_free(wsize);
+    OPENSSL_free(wNAF_len);
+    if (wNAF != NULL) {
+        signed char **w;
+
+        for (w = wNAF; *w != NULL; w++)
+            OPENSSL_free(*w);
+
+        OPENSSL_free(wNAF);
+    }
+    if (val != NULL) {
+        for (v = val; *v != NULL; v++)
+            EC_POINT_clear_free(*v);
+
+        OPENSSL_free(val);
+    }
+    OPENSSL_free(val_sub);
+    return ret;
+}
+
+/*-
+ * ec_wNAF_precompute_mult()
+ * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
+ * for use with wNAF splitting as implemented in ec_wNAF_mul().
+ *
+ * 'pre_comp->points' is an array of multiples of the generator
+ * of the following form:
+ * points[0] =     generator;
+ * points[1] = 3 * generator;
+ * ...
+ * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;
+ * points[2^(w-1)]   =     2^blocksize * generator;
+ * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
+ * ...
+ * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator
+ * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator
+ * ...
+ * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator
+ * points[2^(w-1)*numblocks]       = NULL
+ */
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    const EC_POINT *generator;
+    EC_POINT *tmp_point = NULL, *base = NULL, **var;
+    BN_CTX *new_ctx = NULL;
+    const BIGNUM *order;
+    size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
+    EC_POINT **points = NULL;
+    EC_PRE_COMP *pre_comp;
+    int ret = 0;
+
+    /* if there is an old EC_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    if ((pre_comp = ec_pre_comp_new(group)) == NULL)
+        return 0;
+
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    bits = BN_num_bits(order);
+    /*
+     * The following parameters mean we precompute (approximately) one point
+     * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other
+     * bit lengths, other parameter combinations might provide better
+     * efficiency.
+     */
+    blocksize = 8;
+    w = 4;
+    if (EC_window_bits_for_scalar_size(bits) > w) {
+        /* let's not make the window too small ... */
+        w = EC_window_bits_for_scalar_size(bits);
+    }
+
+    numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks
+                                                     * to use for wNAF
+                                                     * splitting */
+
+    pre_points_per_block = (size_t)1 << (w - 1);
+    num = pre_points_per_block * numblocks; /* number of points to compute
+                                             * and store */
+
+    points = OPENSSL_malloc(sizeof(*points) * (num + 1));
+    if (points == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    var = points;
+    var[num] = NULL;            /* pivot */
+    for (i = 0; i < num; i++) {
+        if ((var[i] = EC_POINT_new(group)) == NULL) {
+            ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if ((tmp_point = EC_POINT_new(group)) == NULL
+        || (base = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_copy(base, generator))
+        goto err;
+
+    /* do the precomputation */
+    for (i = 0; i < numblocks; i++) {
+        size_t j;
+
+        if (!EC_POINT_dbl(group, tmp_point, base, ctx))
+            goto err;
+
+        if (!EC_POINT_copy(*var++, base))
+            goto err;
+
+        for (j = 1; j < pre_points_per_block; j++, var++) {
+            /*
+             * calculate odd multiples of the current base point
+             */
+            if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
+                goto err;
+        }
+
+        if (i < numblocks - 1) {
+            /*
+             * get the next base (multiply current one by 2^blocksize)
+             */
+            size_t k;
+
+            if (blocksize <= 2) {
+                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!EC_POINT_dbl(group, base, tmp_point, ctx))
+                goto err;
+            for (k = 2; k < blocksize; k++) {
+                if (!EC_POINT_dbl(group, base, base, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num, points, ctx))
+        goto err;
+
+    pre_comp->group = group;
+    pre_comp->blocksize = blocksize;
+    pre_comp->numblocks = numblocks;
+    pre_comp->w = w;
+    pre_comp->points = points;
+    points = NULL;
+    pre_comp->num = num;
+    SETPRECOMP(group, ec, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    EC_ec_pre_comp_free(pre_comp);
+    if (points) {
+        EC_POINT **p;
+
+        for (p = points; *p != NULL; p++)
+            EC_POINT_free(*p);
+        OPENSSL_free(points);
+    }
+    EC_POINT_free(tmp_point);
+    EC_POINT_free(base);
+    return ret;
+}
+
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, ec);
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_oct.c b/openssl-1.1.0h/crypto/ec/ec_oct.c
new file mode 100644
index 0000000..effc42a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_oct.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
+                                                            y_bit, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+                  EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
+                                                             y_bit, ctx);
+#endif
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
+                                                            y_bit, ctx);
+        else
+            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
+                                                             y_bit, ctx);
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+#endif
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form, unsigned char *buf,
+                          size_t len, BN_CTX *ctx)
+{
+    if (group->meth->point2oct == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_point2oct(group, point,
+                                            form, buf, len, ctx);
+#endif
+    }
+
+    return group->meth->point2oct(group, point, form, buf, len, ctx);
+}
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    if (group->meth->oct2point == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_oct2point(group, point, buf, len, ctx);
+#endif
+    }
+    return group->meth->oct2point(group, point, buf, len, ctx);
+}
+
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx)
+{
+    size_t len;
+    unsigned char *buf;
+    len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
+    if (len == 0)
+        return 0;
+    buf = OPENSSL_malloc(len);
+    if (buf == NULL)
+        return 0;
+    len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ec_pmeth.c b/openssl-1.1.0h/crypto/ec/ec_pmeth.c
new file mode 100644
index 0000000..68ff2bb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_pmeth.c
@@ -0,0 +1,463 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Duplicate key if custom cofactor needed */
+    EC_KEY *co_key;
+    /* Cofactor mode */
+    signed char cofactor_mode;
+    /* KDF (if any) to use for ECDH */
+    char kdf_type;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} EC_PKEY_CTX;
+
+static int pkey_ec_init(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx;
+
+    dctx = OPENSSL_zalloc(sizeof(*dctx));
+    if (dctx == NULL)
+        return 0;
+
+    dctx->cofactor_mode = -1;
+    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
+    ctx->data = dctx;
+    return 1;
+}
+
+static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    EC_PKEY_CTX *dctx, *sctx;
+    if (!pkey_ec_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (!dctx->gen_group)
+            return 0;
+    }
+    dctx->md = sctx->md;
+
+    if (sctx->co_key) {
+        dctx->co_key = EC_KEY_dup(sctx->co_key);
+        if (!dctx->co_key)
+            return 0;
+    }
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_md = sctx->kdf_md;
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    if (sctx->kdf_ukm) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (!dctx->kdf_ukm)
+            return 0;
+    } else
+        dctx->kdf_ukm = NULL;
+    dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    return 1;
+}
+
+static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (dctx) {
+        EC_GROUP_free(dctx->gen_group);
+        EC_KEY_free(dctx->co_key);
+        OPENSSL_free(dctx->kdf_ukm);
+        OPENSSL_free(dctx);
+    }
+}
+
+static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    unsigned int sltmp;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    if (!sig) {
+        *siglen = ECDSA_size(ec);
+        return 1;
+    } else if (*siglen < (size_t)ECDSA_size(ec)) {
+        ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (dctx->md)
+        type = EVP_MD_type(dctx->md);
+    else
+        type = NID_sha1;
+
+    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
+                          const unsigned char *sig, size_t siglen,
+                          const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    if (dctx->md)
+        type = EVP_MD_type(dctx->md);
+    else
+        type = NID_sha1;
+
+    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                          size_t *keylen)
+{
+    int ret;
+    size_t outlen;
+    const EC_POINT *pubkey = NULL;
+    EC_KEY *eckey;
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (!ctx->pkey || !ctx->peerkey) {
+        ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+
+    eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+
+    if (!key) {
+        const EC_GROUP *group;
+        group = EC_KEY_get0_group(eckey);
+        *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
+        return 1;
+    }
+    pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+
+    /*
+     * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not
+     * an error, the result is truncated.
+     */
+
+    outlen = *keylen;
+
+    ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
+    if (ret <= 0)
+        return 0;
+    *keylen = ret;
+    return 1;
+}
+
+static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
+                              unsigned char *key, size_t *keylen)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    unsigned char *ktmp = NULL;
+    size_t ktmplen;
+    int rv = 0;
+    if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE)
+        return pkey_ec_derive(ctx, key, keylen);
+    if (!key) {
+        *keylen = dctx->kdf_outlen;
+        return 1;
+    }
+    if (*keylen != dctx->kdf_outlen)
+        return 0;
+    if (!pkey_ec_derive(ctx, NULL, &ktmplen))
+        return 0;
+    ktmp = OPENSSL_malloc(ktmplen);
+    if (ktmp == NULL)
+        return 0;
+    if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
+        goto err;
+    /* Do KDF stuff */
+    if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+                        dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+        goto err;
+    rv = 1;
+
+ err:
+    OPENSSL_clear_free(ktmp, ktmplen);
+    return rv;
+}
+#endif
+
+static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_GROUP *group;
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(dctx->gen_group);
+        dctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (!dctx->gen_group) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
+        return 1;
+
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
+        if (p1 == -2) {
+            if (dctx->cofactor_mode != -1)
+                return dctx->cofactor_mode;
+            else {
+                EC_KEY *ec_key = ctx->pkey->pkey.ec;
+                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 :
+                    0;
+            }
+        } else if (p1 < -1 || p1 > 1)
+            return -2;
+        dctx->cofactor_mode = p1;
+        if (p1 != -1) {
+            EC_KEY *ec_key = ctx->pkey->pkey.ec;
+            if (!ec_key->group)
+                return -2;
+            /* If cofactor is 1 cofactor mode does nothing */
+            if (BN_is_one(ec_key->group->cofactor))
+                return 1;
+            if (!dctx->co_key) {
+                dctx->co_key = EC_KEY_dup(ec_key);
+                if (!dctx->co_key)
+                    return 0;
+            }
+            if (p1)
+                EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+            else
+                EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+        } else {
+            EC_KEY_free(dctx->co_key);
+            dctx->co_key = NULL;
+        }
+        return 1;
+#endif
+
+    case EVP_PKEY_CTRL_EC_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid;
+        nid = EC_curve_nist2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_sn2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_ln2nid(value);
+        if (nid == NID_undef) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    } else if (strcmp(type, "ecdh_kdf_md") == 0) {
+        const EVP_MD *md;
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
+    } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
+        int co_mode;
+        co_mode = atoi(value);
+        return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
+    }
+
+    return -2;
+}
+
+static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    int ret = 0;
+    if (dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (ec == NULL)
+        return 0;
+    ret = EC_KEY_set_group(ec, dctx->gen_group);
+    if (ret)
+        EVP_PKEY_assign_EC_KEY(pkey, ec);
+    else
+        EC_KEY_free(ec);
+    return ret;
+}
+
+static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (ctx->pkey == NULL && dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (!ec)
+        return 0;
+    EVP_PKEY_assign_EC_KEY(pkey, ec);
+    if (ctx->pkey) {
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+            return 0;
+    } else {
+        if (!EC_KEY_set_group(ec, dctx->gen_group))
+            return 0;
+    }
+    return EC_KEY_generate_key(pkey->pkey.ec);
+}
+
+const EVP_PKEY_METHOD ec_pkey_meth = {
+    EVP_PKEY_EC,
+    0,
+    pkey_ec_init,
+    pkey_ec_copy,
+    pkey_ec_cleanup,
+
+    0,
+    pkey_ec_paramgen,
+
+    0,
+    pkey_ec_keygen,
+
+    0,
+    pkey_ec_sign,
+
+    0,
+    pkey_ec_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+#ifndef OPENSSL_NO_EC
+    pkey_ec_kdf_derive,
+#else
+    0,
+#endif
+    pkey_ec_ctrl,
+    pkey_ec_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/ec/ec_print.c b/openssl-1.1.0h/crypto/ec/ec_print.c
new file mode 100644
index 0000000..1afa2ce
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ec_print.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "ec_lcl.h"
+
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
+                          const EC_POINT *point,
+                          point_conversion_form_t form,
+                          BIGNUM *ret, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = BN_bin2bn(buf, buf_len, ret);
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
+                            const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+    EC_POINT *ret;
+
+    if ((buf_len = BN_num_bytes(bn)) == 0)
+        return NULL;
+    buf = OPENSSL_malloc(buf_len);
+    if (buf == NULL)
+        return NULL;
+
+    if (!BN_bn2bin(bn, buf)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    if (point == NULL) {
+        if ((ret = EC_POINT_new(group)) == NULL) {
+            OPENSSL_free(buf);
+            return NULL;
+        }
+    } else
+        ret = point;
+
+    if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+        if (ret != point)
+            EC_POINT_clear_free(ret);
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static const char *HEX_DIGITS = "0123456789ABCDEF";
+
+/* the return value must be freed (using OPENSSL_free()) */
+char *EC_POINT_point2hex(const EC_GROUP *group,
+                         const EC_POINT *point,
+                         point_conversion_form_t form, BN_CTX *ctx)
+{
+    char *ret, *p;
+    size_t buf_len = 0, i;
+    unsigned char *buf = NULL, *pbuf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = OPENSSL_malloc(buf_len * 2 + 2);
+    if (ret == NULL) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+    p = ret;
+    pbuf = buf;
+    for (i = buf_len; i > 0; i--) {
+        int v = (int)*(pbuf++);
+        *(p++) = HEX_DIGITS[v >> 4];
+        *(p++) = HEX_DIGITS[v & 0x0F];
+    }
+    *p = '\0';
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
+                             const char *buf, EC_POINT *point, BN_CTX *ctx)
+{
+    EC_POINT *ret = NULL;
+    BIGNUM *tmp_bn = NULL;
+
+    if (!BN_hex2bn(&tmp_bn, buf))
+        return NULL;
+
+    ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+
+    BN_clear_free(tmp_bn);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecdh_kdf.c b/openssl-1.1.0h/crypto/ec/ecdh_kdf.c
new file mode 100644
index 0000000..d47486e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecdh_kdf.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+
+/* Key derivation function from X9.62/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX    (1 << 30)
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char ctr[4];
+    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+        || Zlen > ECDH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecdh_ossl.c b/openssl-1.1.0h/crypto/ec/ecdh_ossl.c
new file mode 100644
index 0000000..a865145
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecdh_ossl.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+
+#include <string.h>
+#include <limits.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    if (ecdh->group->meth->ecdh_compute_key == NULL) {
+        ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
+        return 0;
+    }
+
+    return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
+}
+
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ */
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL, *y = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group;
+    int ret = 0;
+    size_t buflen, len;
+    unsigned char *buf = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+
+    if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
+        if (!EC_GROUP_get_cofactor(group, x, NULL) ||
+            !BN_mul(x, x, priv_key, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        priv_key = x;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+    }
+#endif
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    memset(buf, 0, buflen - len);
+    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    *pout = buf;
+    *poutlen = buflen;
+    buf = NULL;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_free(buf);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecdsa_ossl.c b/openssl-1.1.0h/crypto/ec/ecdsa_ossl.c
new file mode 100644
index 0000000..72e2f0f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecdsa_ossl.c
@@ -0,0 +1,476 @@
+/*
+ * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    RAND_seed(dgst, dlen);
+    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+    ECDSA_SIG_free(s);
+    return 1;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
+                            BIGNUM **kinvp, BIGNUM **rp,
+                            const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL, *r = NULL, *X = NULL;
+    const BIGNUM *order;
+    EC_POINT *tmp_point = NULL;
+    const EC_GROUP *group;
+    int ret = 0;
+    int order_bits;
+
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return 0;
+    }
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else
+        ctx = ctx_in;
+
+    k = BN_new();               /* this value is later returned in *kinvp */
+    r = BN_new();               /* this value is later returned in *rp */
+    X = BN_new();
+    if (k == NULL || r == NULL || X == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((tmp_point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Preallocate space */
+    order_bits = BN_num_bits(order);
+    if (!BN_set_bit(k, order_bits)
+        || !BN_set_bit(r, order_bits)
+        || !BN_set_bit(X, order_bits))
+        goto err;
+
+    do {
+        /* get random k */
+        do
+            if (dgst != NULL) {
+                if (!BN_generate_dsa_nonce
+                    (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
+                     ctx)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            } else {
+                if (!BN_rand_range(k, order)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            }
+        while (BN_is_zero(k));
+
+        /*
+         * We do not want timing information to leak the length of k, so we
+         * compute G*k using an equivalent scalar of fixed bit-length.
+         *
+         * We unconditionally perform both of these additions to prevent a
+         * small timing information leakage.  We then choose the sum that is
+         * one bit longer than the order.  This guarantees the code
+         * path used in the constant time implementations elsewhere.
+         *
+         * TODO: revisit the BN_copy aiming for a memory access agnostic
+         * conditional copy.
+         */
+        if (!BN_add(r, k, order)
+            || !BN_add(X, r, order)
+            || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
+            goto err;
+
+        /* compute r the x-coordinate of generator * k */
+        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+            NID_X9_62_prime_field) {
+            if (!EC_POINT_get_affine_coordinates_GFp
+                (group, tmp_point, X, NULL, ctx)) {
+                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                goto err;
+            }
+        }
+#ifndef OPENSSL_NO_EC2M
+        else {                  /* NID_X9_62_characteristic_two_field */
+
+            if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                      tmp_point, X, NULL,
+                                                      ctx)) {
+                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                goto err;
+            }
+        }
+#endif
+        if (!BN_nnmod(r, X, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
+    while (BN_is_zero(r));
+
+    /* compute the inverse of k */
+    if (EC_GROUP_get_mont_data(group) != NULL) {
+        /*
+         * We want inverse in constant time, therefore we utilize the fact
+         * order must be prime and use Fermats Little Theorem instead.
+         */
+        if (!BN_set_word(X, 2)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!BN_mod_sub(X, order, X, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+        BN_set_flags(X, BN_FLG_CONSTTIME);
+        if (!BN_mod_exp_mont_consttime
+            (k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    } else {
+        if (!BN_mod_inverse(k, k, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
+
+    /* clear old values if necessary */
+    BN_clear_free(*rp);
+    BN_clear_free(*kinvp);
+    /* save the pre-computed values  */
+    *rp = r;
+    *kinvp = k;
+    ret = 1;
+ err:
+    if (!ret) {
+        BN_clear_free(k);
+        BN_clear_free(r);
+    }
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    EC_POINT_free(tmp_point);
+    BN_clear_free(X);
+    return (ret);
+}
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
+}
+
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey)
+{
+    int ok = 0, i;
+    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;
+    const BIGNUM *order, *ckinv;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    ECDSA_SIG *ret;
+    const BIGNUM *priv_key;
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (group == NULL || priv_key == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return NULL;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (ret == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    s = ret->s;
+
+    if ((ctx = BN_CTX_new()) == NULL ||
+        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    do {
+        if (in_kinv == NULL || in_r == NULL) {
+            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            ckinv = kinv;
+        } else {
+            ckinv = in_kinv;
+            if (BN_copy(ret->r, in_r) == NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+
+        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!BN_mod_add_quick(s, tmp, m, order)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (BN_is_zero(s)) {
+            /*
+             * if kinv and r have been supplied by the caller don't to
+             * generate new kinv and r values
+             */
+            if (in_kinv != NULL && in_r != NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
+                goto err;
+            }
+        } else
+            /* s != 0 => we have a valid signature */
+            break;
+    }
+    while (1);
+
+    ok = 1;
+ err:
+    if (!ok) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(m);
+    BN_clear_free(tmp);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        return (ret);
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0)
+        goto err;
+    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    ECDSA_SIG_free(s);
+    return (ret);
+}
+
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    int ret = -1, i;
+    BN_CTX *ctx;
+    const BIGNUM *order;
+    BIGNUM *u1, *u2, *m, *X;
+    EC_POINT *point = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *pub_key;
+
+    /* check input values */
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return -1;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    BN_CTX_start(ctx);
+    u1 = BN_CTX_get(ctx);
+    u2 = BN_CTX_get(ctx);
+    m = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    if (X == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
+        ret = 0;                /* signature is invalid */
+        goto err;
+    }
+    /* calculate tmp1 = inv(S) mod order */
+    if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* digest -> m */
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u1 = m * tmp mod order */
+    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {                      /* NID_X9_62_characteristic_two_field */
+
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#endif
+    if (!BN_nnmod(u1, X, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*  if the signature is correct u1 is equal to sig->r */
+    ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecdsa_sign.c b/openssl-1.1.0h/crypto/ec/ecdsa_sign.c
new file mode 100644
index 0000000..aee06e9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecdsa_sign.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey)
+{
+    if (eckey->meth->sign_sig != NULL)
+        return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey);
+    ECerr(EC_F_ECDSA_DO_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return NULL;
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+               *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen,
+                  unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  const BIGNUM *r, EC_KEY *eckey)
+{
+    if (eckey->meth->sign != NULL)
+        return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
+    ECerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                     BIGNUM **rp)
+{
+    if (eckey->meth->sign_setup != NULL)
+        return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp);
+    ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecdsa_vrf.c b/openssl-1.1.0h/crypto/ec/ecdsa_vrf.c
new file mode 100644
index 0000000..f61a200
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecdsa_vrf.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    if (eckey->meth->verify_sig != NULL)
+        return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
+    ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    if (eckey->meth->verify != NULL)
+        return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
+                                   eckey);
+    ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/ec/eck_prn.c b/openssl-1.1.0h/crypto/ec/eck_prn.c
new file mode 100644
index 0000000..3e826cb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/eck_prn.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and
+ * contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECPKParameters_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = EC_KEY_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECParameters_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                     size_t len, int off);
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+{
+    int ret = 0, reason = ERR_R_BIO_LIB;
+    BN_CTX *ctx = NULL;
+    const EC_POINT *point = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL;
+    const BIGNUM *order = NULL, *cofactor = NULL;
+    const unsigned char *seed;
+    size_t seed_len = 0;
+
+    static const char *gen_compressed = "Generator (compressed):";
+    static const char *gen_uncompressed = "Generator (uncompressed):";
+    static const char *gen_hybrid = "Generator (hybrid):";
+
+    if (!x) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (EC_GROUP_get_asn1_flag(x)) {
+        /* the curve parameter are given by an asn1 OID */
+        int nid;
+        const char *nname;
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        nid = EC_GROUP_get_curve_name(x);
+        if (nid == 0)
+            goto err;
+        if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+            goto err;
+        if (BIO_printf(bp, "\n") <= 0)
+            goto err;
+        nname = EC_curve_nid2nist(nid);
+        if (nname) {
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+            if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
+                goto err;
+        }
+    } else {
+        /* explicit parameters */
+        int is_char_two = 0;
+        point_conversion_form_t form;
+        int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+        if (tmp_nid == NID_X9_62_characteristic_two_field)
+            is_char_two = 1;
+
+        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+            (b = BN_new()) == NULL) {
+            reason = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+#ifndef OPENSSL_NO_EC2M
+        if (is_char_two) {
+            if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
+                reason = ERR_R_EC_LIB;
+                goto err;
+            }
+        } else                  /* prime field */
+#endif
+        {
+            if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
+                reason = ERR_R_EC_LIB;
+                goto err;
+            }
+        }
+
+        if ((point = EC_GROUP_get0_generator(x)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+        order = EC_GROUP_get0_order(x);
+        cofactor = EC_GROUP_get0_cofactor(x);
+        if (order == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        form = EC_GROUP_get_point_conversion_form(x);
+
+        if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+            seed_len = EC_GROUP_get_seed_len(x);
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        /* print the 'short name' of the field type */
+        if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+            <= 0)
+            goto err;
+
+        if (is_char_two) {
+            /* print the 'short name' of the base type OID */
+            int basis_type = EC_GROUP_get_basis_type(x);
+            if (basis_type == 0)
+                goto err;
+
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+
+            if (BIO_printf(bp, "Basis Type: %s\n",
+                           OBJ_nid2sn(basis_type)) <= 0)
+                goto err;
+
+            /* print the polynomial */
+            if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
+                                              off))
+                goto err;
+        } else {
+            if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
+                goto err;
+        }
+        if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, NULL, off))
+            goto err;
+        if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, NULL, off))
+            goto err;
+        if (form == POINT_CONVERSION_COMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
+                                                NULL, off))
+                goto err;
+        } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
+                                                NULL, off))
+                goto err;
+        } else {                /* form == POINT_CONVERSION_HYBRID */
+
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
+                                                NULL, off))
+                goto err;
+        }
+        if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
+                                              NULL, off))
+            goto err;
+        if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
+                                                 NULL, off))
+            goto err;
+        if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(gen);
+    BN_CTX_free(ctx);
+    return (ret);
+}
+
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                     size_t len, int off)
+{
+    size_t i;
+    char str[128 + 1 + 4];
+
+    if (buf == NULL)
+        return 1;
+    if (off > 0) {
+        if (off > 128)
+            off = 128;
+        memset(str, ' ', off);
+        if (BIO_write(fp, str, off) <= 0)
+            return 0;
+    } else {
+        off = 0;
+    }
+
+    if (BIO_printf(fp, "%s", name) <= 0)
+        return 0;
+
+    for (i = 0; i < len; i++) {
+        if ((i % 15) == 0) {
+            str[0] = '\n';
+            memset(&(str[1]), ' ', off + 4);
+            if (BIO_write(fp, str, off + 1 + 4) <= 0)
+                return 0;
+        }
+        if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <=
+            0)
+            return 0;
+    }
+    if (BIO_write(fp, "\n", 1) <= 0)
+        return 0;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecp_mont.c b/openssl-1.1.0h/crypto/ec/ecp_mont.c
new file mode 100644
index 0000000..994cc1d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_mont.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_mont_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+{
+    int ok;
+
+    ok = ec_GFp_simple_group_init(group);
+    group->field_data1 = NULL;
+    group->field_data2 = NULL;
+    return ok;
+}
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_finish(group);
+}
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_clear_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_clear_finish(group);
+}
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    BN_clear_free(dest->field_data2);
+    dest->field_data2 = NULL;
+
+    if (!ec_GFp_simple_group_copy(dest, src))
+        return 0;
+
+    if (src->field_data1 != NULL) {
+        dest->field_data1 = BN_MONT_CTX_new();
+        if (dest->field_data1 == NULL)
+            return 0;
+        if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
+            goto err;
+    }
+    if (src->field_data2 != NULL) {
+        dest->field_data2 = BN_dup(src->field_data2);
+        if (dest->field_data2 == NULL)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    return 0;
+}
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *one = NULL;
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx)) {
+        ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+    one = BN_new();
+    if (one == NULL)
+        goto err;
+    if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+        goto err;
+
+    group->field_data1 = mont;
+    mont = NULL;
+    group->field_data2 = one;
+    one = NULL;
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+    if (!ret) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+
+ err:
+    BN_free(one);
+    BN_CTX_free(new_ctx);
+    BN_MONT_CTX_free(mont);
+    return ret;
+}
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_from_montgomery(r, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+                                 BN_CTX *ctx)
+{
+    if (group->field_data2 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (!BN_copy(r, group->field_data2))
+        return 0;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nist.c b/openssl-1.1.0h/crypto/ec/ecp_nist.c
new file mode 100644
index 0000000..615563b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nist.c
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <limits.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_nist_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nist_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    dest->field_mod_func = src->field_mod_func;
+
+    return ec_GFp_simple_group_copy(dest, src);
+}
+
+int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+
+    BN_CTX_start(ctx);
+
+    if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+        group->field_mod_func = BN_nist_mod_192;
+    else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
+        group->field_mod_func = BN_nist_mod_224;
+    else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
+        group->field_mod_func = BN_nist_mod_256;
+    else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
+        group->field_mod_func = BN_nist_mod_384;
+    else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+        group->field_mod_func = BN_nist_mod_521;
+    else {
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+        goto err;
+    }
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a || !b) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_mul(r, a, b, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_sqr(r, a, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistp224.c b/openssl-1.1.0h/crypto/ec/ecp_nistp224.c
new file mode 100644
index 0000000..0cd994f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistp224.c
@@ -0,0 +1,1715 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
+ *
+ * Inspired by Daniel J. Bernstein's public domain nistp224 implementation
+ * and Adam Langley's public domain 64-bit C implementation of curve25519
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Need GCC 3.1 or later to define type uint128_t"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/******************************************************************************/
+/*-
+ * INTERNAL REPRESENTATION OF FIELD ELEMENTS
+ *
+ * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
+ * using 64-bit coefficients called 'limbs',
+ * and sometimes (for multiplication results) as
+ * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6
+ * using 128-bit coefficients called 'widelimbs'.
+ * A 4-limb representation is an 'felem';
+ * a 7-widelimb representation is a 'widefelem'.
+ * Even within felems, bits of adjacent limbs overlap, and we don't always
+ * reduce the representations: we ensure that inputs to each felem
+ * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60,
+ * and fit into a 128-bit word without overflow. The coefficients are then
+ * again partially reduced to obtain an felem satisfying a_i < 2^57.
+ * We only reduce to the unique minimal representation at the end of the
+ * computation.
+ */
+
+typedef uint64_t limb;
+typedef uint128_t widelimb;
+
+typedef limb felem[4];
+typedef widelimb widefelem[7];
+
+/*
+ * Field element represented as a byte arrary. 28*8 = 224 bits is also the
+ * group order size for the elliptic curve, and we also use this type for
+ * scalars for point multiplication.
+ */
+typedef u8 felem_bytearray[28];
+
+static const felem_bytearray nistp224_curve_params[5] = {
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE},
+    {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */
+     0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA,
+     0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4},
+    {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */
+     0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22,
+     0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21},
+    {0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */
+     0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
+     0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34}
+};
+
+/*-
+ * Precomputed multiples of the standard generator
+ * Points are given in coordinates (X, Y, Z) where Z normally is 1
+ * (0 for the point at infinity).
+ * For each field element, slice a_0 is word 0, etc.
+ *
+ * The table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^56G
+ *     3 | 0 0 1 1 | (2^56 + 1)G
+ *     4 | 0 1 0 0 | 2^112G
+ *     5 | 0 1 0 1 | (2^112 + 1)G
+ *     6 | 0 1 1 0 | (2^112 + 2^56)G
+ *     7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
+ *     8 | 1 0 0 0 | 2^168G
+ *     9 | 1 0 0 1 | (2^168 + 1)G
+ *    10 | 1 0 1 0 | (2^168 + 2^56)G
+ *    11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
+ *    12 | 1 1 0 0 | (2^168 + 2^112)G
+ *    13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
+ *    14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
+ *    15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
+ * followed by a copy of this with each element multiplied by 2^28.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ */
+static const felem gmul[2][16][3] = {
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
+  {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
+  {1, 0, 0, 0}},
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
+  {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
+  {1, 0, 0, 0}},
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
+  {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
+  {1, 0, 0, 0}},
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
+  {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
+  {1, 0, 0, 0}},
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
+  {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
+  {1, 0, 0, 0}},
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
+  {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
+  {1, 0, 0, 0}},
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
+  {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
+  {1, 0, 0, 0}},
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
+  {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
+  {1, 0, 0, 0}},
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
+  {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
+  {1, 0, 0, 0}},
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
+  {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
+  {1, 0, 0, 0}},
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
+  {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
+  {1, 0, 0, 0}},
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
+  {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
+  {1, 0, 0, 0}},
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
+  {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
+  {1, 0, 0, 0}},
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
+  {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
+  {1, 0, 0, 0}},
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
+  {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
+  {1, 0, 0, 0}}},
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
+  {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
+  {1, 0, 0, 0}},
+ {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
+  {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
+  {1, 0, 0, 0}},
+ {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
+  {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
+  {1, 0, 0, 0}},
+ {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
+  {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
+  {1, 0, 0, 0}},
+ {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
+  {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
+  {1, 0, 0, 0}},
+ {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
+  {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
+  {1, 0, 0, 0}},
+ {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
+  {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
+  {1, 0, 0, 0}},
+ {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
+  {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
+  {1, 0, 0, 0}},
+ {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
+  {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
+  {1, 0, 0, 0}},
+ {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
+  {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
+  {1, 0, 0, 0}},
+ {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
+  {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
+  {1, 0, 0, 0}},
+ {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
+  {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
+  {1, 0, 0, 0}},
+ {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
+  {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
+  {1, 0, 0, 0}},
+ {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
+  {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
+  {1, 0, 0, 0}},
+ {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
+  {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
+  {1, 0, 0, 0}}}
+};
+
+/* Precomputation for the group generator. */
+struct nistp224_pre_comp_st {
+    felem g_pre_comp[2][16][3];
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp224_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp224_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp224_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp224_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp224_points_mul,
+        ec_GFp_nistp224_precompute_mult,
+        ec_GFp_nistp224_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+/*
+ * Helper functions to convert field elements to/from internal representation
+ */
+static void bin28_to_felem(felem out, const u8 in[28])
+{
+    out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
+    out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
+    out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
+    out[3] = (*((const uint64_t *)(in+20))) >> 8;
+}
+
+static void felem_to_bin28(u8 out[28], const felem in)
+{
+    unsigned i;
+    for (i = 0; i < 7; ++i) {
+        out[i] = in[0] >> (8 * i);
+        out[i + 7] = in[1] >> (8 * i);
+        out[i + 14] = in[2] >> (8 * i);
+        out[i + 21] = in[3] >> (8 * i);
+    }
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* From OpenSSL BIGNUM to internal representation */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin28_to_felem(out, b_out);
+    return 1;
+}
+
+/* From internal representation to OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_in, b_out;
+    felem_to_bin28(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/******************************************************************************/
+/*-
+ *                              FIELD OPERATIONS
+ *
+ * Field operations, using the internal representation of field elements.
+ * NB! These operations are specific to our point multiplication and cannot be
+ * expected to be correct in general - e.g., multiplication with a large scalar
+ * will cause an overflow.
+ *
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* Sum two field elements: out += in */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* Get negative value: out = -in */
+/* Assumes in[i] < 2^57 */
+static void felem_neg(felem out, const felem in)
+{
+    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
+    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
+    static const limb two58m42m2 = (((limb) 1) << 58) -
+        (((limb) 1) << 42) - (((limb) 1) << 2);
+
+    /* Set to 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] = two58p2 - in[0];
+    out[1] = two58m42m2 - in[1];
+    out[2] = two58m2 - in[2];
+    out[3] = two58m2 - in[3];
+}
+
+/* Subtract field elements: out -= in */
+/* Assumes in[i] < 2^57 */
+static void felem_diff(felem out, const felem in)
+{
+    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
+    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
+    static const limb two58m42m2 = (((limb) 1) << 58) -
+        (((limb) 1) << 42) - (((limb) 1) << 2);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two58p2;
+    out[1] += two58m42m2;
+    out[2] += two58m2;
+    out[3] += two58m2;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/* Subtract in unreduced 128-bit mode: out -= in */
+/* Assumes in[i] < 2^119 */
+static void widefelem_diff(widefelem out, const widefelem in)
+{
+    static const widelimb two120 = ((widelimb) 1) << 120;
+    static const widelimb two120m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 64);
+    static const widelimb two120m104m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 104) - (((widelimb) 1) << 64);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two120;
+    out[1] += two120m64;
+    out[2] += two120m64;
+    out[3] += two120;
+    out[4] += two120m104m64;
+    out[5] += two120m64;
+    out[6] += two120m64;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+}
+
+/* Subtract in mixed mode: out128 -= in64 */
+/* in[i] < 2^63 */
+static void felem_diff_128_64(widefelem out, const felem in)
+{
+    static const widelimb two64p8 = (((widelimb) 1) << 64) +
+        (((widelimb) 1) << 8);
+    static const widelimb two64m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 8);
+    static const widelimb two64m48m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 48) - (((widelimb) 1) << 8);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two64p8;
+    out[1] += two64m48m8;
+    out[2] += two64m8;
+    out[3] += two64m8;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*
+ * Multiply a field element by a scalar: out = out * scalar The scalars we
+ * actually use are small, so results fit without overflow
+ */
+static void felem_scalar(felem out, const limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/*
+ * Multiply an unreduced field element by a scalar: out = out * scalar The
+ * scalars we actually use are small, so results fit without overflow
+ */
+static void widefelem_scalar(widefelem out, const widelimb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+}
+
+/* Square a field element: out = in^2 */
+static void felem_square(widefelem out, const felem in)
+{
+    limb tmp0, tmp1, tmp2;
+    tmp0 = 2 * in[0];
+    tmp1 = 2 * in[1];
+    tmp2 = 2 * in[2];
+    out[0] = ((widelimb) in[0]) * in[0];
+    out[1] = ((widelimb) in[0]) * tmp1;
+    out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1];
+    out[3] = ((widelimb) in[3]) * tmp0 + ((widelimb) in[1]) * tmp2;
+    out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2];
+    out[5] = ((widelimb) in[3]) * tmp2;
+    out[6] = ((widelimb) in[3]) * in[3];
+}
+
+/* Multiply two field elements: out = in1 * in2 */
+static void felem_mul(widefelem out, const felem in1, const felem in2)
+{
+    out[0] = ((widelimb) in1[0]) * in2[0];
+    out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
+    out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
+             ((widelimb) in1[2]) * in2[0];
+    out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
+             ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
+    out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
+             ((widelimb) in1[3]) * in2[1];
+    out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
+    out[6] = ((widelimb) in1[3]) * in2[3];
+}
+
+/*-
+ * Reduce seven 128-bit coefficients to four 64-bit coefficients.
+ * Requires in[i] < 2^126,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
+static void felem_reduce(felem out, const widefelem in)
+{
+    static const widelimb two127p15 = (((widelimb) 1) << 127) +
+        (((widelimb) 1) << 15);
+    static const widelimb two127m71 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71);
+    static const widelimb two127m71m55 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71) - (((widelimb) 1) << 55);
+    widelimb output[5];
+
+    /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */
+    output[0] = in[0] + two127p15;
+    output[1] = in[1] + two127m71m55;
+    output[2] = in[2] + two127m71;
+    output[3] = in[3];
+    output[4] = in[4];
+
+    /* Eliminate in[4], in[5], in[6] */
+    output[4] += in[6] >> 16;
+    output[3] += (in[6] & 0xffff) << 40;
+    output[2] -= in[6];
+
+    output[3] += in[5] >> 16;
+    output[2] += (in[5] & 0xffff) << 40;
+    output[1] -= in[5];
+
+    output[2] += output[4] >> 16;
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 2 -> 3 -> 4 */
+    output[3] += output[2] >> 56;
+    output[2] &= 0x00ffffffffffffff;
+
+    output[4] = output[3] >> 56;
+    output[3] &= 0x00ffffffffffffff;
+
+    /* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */
+
+    /* Eliminate output[4] */
+    output[2] += output[4] >> 16;
+    /* output[2] < 2^56 + 2^56 = 2^57 */
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 0 -> 1 -> 2 -> 3 */
+    output[1] += output[0] >> 56;
+    out[0] = output[0] & 0x00ffffffffffffff;
+
+    output[2] += output[1] >> 56;
+    /* output[2] < 2^57 + 2^72 */
+    out[1] = output[1] & 0x00ffffffffffffff;
+    output[3] += output[2] >> 56;
+    /* output[3] <= 2^56 + 2^16 */
+    out[2] = output[2] & 0x00ffffffffffffff;
+
+    /*-
+     * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
+     * out[3] <= 2^56 + 2^16 (due to final carry),
+     * so out < 2*p
+     */
+    out[3] = output[3];
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    widefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*
+ * Reduce to unique minimal representation. Requires 0 <= in < 2*p (always
+ * call felem_reduce first)
+ */
+static void felem_contract(felem out, const felem in)
+{
+    static const int64_t two56 = ((limb) 1) << 56;
+    /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */
+    /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */
+    int64_t tmp[4], a;
+    tmp[0] = in[0];
+    tmp[1] = in[1];
+    tmp[2] = in[2];
+    tmp[3] = in[3];
+    /* Case 1: a = 1 iff in >= 2^224 */
+    a = (in[3] >> 56);
+    tmp[0] -= a;
+    tmp[1] += a << 40;
+    tmp[3] &= 0x00ffffffffffffff;
+    /*
+     * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1
+     * and the lower part is non-zero
+     */
+    a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
+        (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
+    a &= 0x00ffffffffffffff;
+    /* turn a into an all-one mask (if a = 0) or an all-zero mask */
+    a = (a - 1) >> 63;
+    /* subtract 2^224 - 2^96 + 1 if a is all-one */
+    tmp[3] &= a ^ 0xffffffffffffffff;
+    tmp[2] &= a ^ 0xffffffffffffffff;
+    tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
+    tmp[0] -= 1 & a;
+
+    /*
+     * eliminate negative coefficients: if tmp[0] is negative, tmp[1] must be
+     * non-zero, so we only need one step
+     */
+    a = tmp[0] >> 63;
+    tmp[0] += two56 & a;
+    tmp[1] -= 1 & a;
+
+    /* carry 1 -> 2 -> 3 */
+    tmp[2] += tmp[1] >> 56;
+    tmp[1] &= 0x00ffffffffffffff;
+
+    tmp[3] += tmp[2] >> 56;
+    tmp[2] &= 0x00ffffffffffffff;
+
+    /* Now 0 <= out < p */
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/*
+ * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
+ * elements are reduced to in < 2^225, so we only need to check three cases:
+ * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
+ */
+static limb felem_is_zero(const felem in)
+{
+    limb zero, two224m96p1, two225m97p2;
+
+    zero = in[0] | in[1] | in[2] | in[3];
+    zero = (((int64_t) (zero) - 1) >> 63) & 1;
+    two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff);
+    two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1;
+    two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff);
+    two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1;
+    return (zero | two224m96p1 | two225m97p2);
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/* Invert a field element */
+/* Computation chain copied from djb's code */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    widefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^4 - 2 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^5 - 4 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^6 - 8 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^7 - 2 */
+    for (i = 0; i < 5; ++i) {   /* 2^12 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^12 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^13 - 2 */
+    for (i = 0; i < 11; ++i) {  /* 2^24 - 2^12 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^24 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^25 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^48 - 2^24 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^48 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^49 - 2 */
+    for (i = 0; i < 47; ++i) {  /* 2^96 - 2^48 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^96 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^97 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^120 - 2^24 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp4);
+    felem_reduce(ftmp2, tmp);   /* 2^120 - 1 */
+    for (i = 0; i < 6; ++i) {   /* 2^126 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^126 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 2 */
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 1 */
+    for (i = 0; i < 97; ++i) {  /* 2^224 - 2^97 */
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }
+    felem_mul(tmp, ftmp, ftmp3);
+    felem_reduce(out, tmp);     /* 2^224 - 2^96 - 1 */
+}
+
+/*
+ * Copy in constant time: if icopy == 1, copy in to out, if icopy == 0, copy
+ * out to itself.
+ */
+static void copy_conditional(felem out, const felem in, limb icopy)
+{
+    unsigned i;
+    /*
+     * icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one
+     */
+    const limb copy = -icopy;
+    for (i = 0; i < 4; ++i) {
+        const limb tmp = copy & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/******************************************************************************/
+/*-
+ *                       ELLIPTIC CURVE POINT OPERATIONS
+ *
+ * Points are represented in Jacobian projective coordinates:
+ * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
+ * or to the point at infinity if Z == 0.
+ *
+ */
+
+/*-
+ * Double an elliptic curve point:
+ * (X', Y', Z') = 2 * (X, Y, Z), where
+ * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
+ * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
+ * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    widefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^57 + 2^57 = 2^58 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^58 < 2^60 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^57 = 2^60 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^57 + 2^57 = 2^58 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^57 + 2^57 = 2^58 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^57 = 2^59 */
+    felem_diff(beta, x_out);
+    /* beta[i] < 2^59 + 2^58 + 2 < 2^60 */
+    felem_mul(tmp, alpha, beta);
+    /* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */
+    felem_square(tmp2, gamma);
+    /* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */
+    widefelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 2^116 = 2^119 */
+    widefelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^119 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp);
+}
+
+/*-
+ * Add two elliptic curve points:
+ * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
+ * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
+ * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
+ * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) -
+ *        Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
+ * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
+ *
+ * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
+ */
+
+/*
+ * This function is not entirely constant-time: it includes a branch for
+ * checking whether the two input points are equal, (while not equal to the
+ * point at infinity). This case never happens during single point
+ * multiplication, so there is no timing leak for ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
+    widefelem tmp, tmp2;
+    limb z1_is_zero, z2_is_zero, x_equal, y_equal;
+
+    if (!mixed) {
+        /* ftmp2 = z2^2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* ftmp4 = z2^3 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp4, tmp);
+
+        /* ftmp4 = z2^3*y1 */
+        felem_mul(tmp2, ftmp4, y1);
+        felem_reduce(ftmp4, tmp2);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_mul(tmp2, ftmp2, x1);
+        felem_reduce(ftmp2, tmp2);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* ftmp4 = z2^3*y1 */
+        felem_assign(ftmp4, y1);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_assign(ftmp2, x1);
+    }
+
+    /* ftmp = z1^2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp3 = z1^3 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^3*y2 */
+    felem_mul(tmp, ftmp3, y2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp3 = z1^3*y2 - z2^3*y1 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^2*x2 */
+    felem_mul(tmp, ftmp, x2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp = z1^2*x2 - z2^2*x1 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp, tmp);
+
+    /*
+     * the formulae are incorrect if the points are equal so we check for
+     * this and do doubling if this happens
+     */
+    x_equal = felem_is_zero(ftmp);
+    y_equal = felem_is_zero(ftmp3);
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+    /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* ftmp5 = z1*z2 */
+    if (!mixed) {
+        felem_mul(tmp, z1, z2);
+        felem_reduce(ftmp5, tmp);
+    } else {
+        /* special case z2 = 0 is handled later */
+        felem_assign(ftmp5, z1);
+    }
+
+    /* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = (z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(ftmp5, tmp);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp4, ftmp5);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 */
+    felem_square(tmp2, ftmp3);
+    /* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */
+
+    /* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp2);
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2 * 2^57 = 2^58 */
+
+    /*-
+     * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
+     *  2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
+     */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */
+    felem_reduce(x_out, tmp2);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */
+    felem_diff(ftmp2, x_out);
+    /* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */
+
+    /*
+     * tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out)
+     */
+    felem_mul(tmp2, ftmp3, ftmp2);
+    /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */
+
+    /*-
+     * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
+     *  z2^3*y1*(z1^2*x2 - z2^2*x1)^3
+     */
+    widefelem_diff(tmp2, tmp);
+    /* tmp2[i] < 2^118 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp2);
+
+    /*
+     * the result (x_out, y_out, z_out) is incorrect if one of the inputs is
+     * the point at infinity, so we need to check for this separately
+     */
+
+    /*
+     * if point 1 is at infinity, copy point 2 to output, and vice versa
+     */
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ * The pre_comp array argument should be size of |size| argument
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < 4 * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, unsigned i)
+{
+    if (i >= 224)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num;
+    unsigned gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 28 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 220 : 27); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 27)) {
+            /* first, look 28 bits upwards */
+            bits = get_bit(g_scalar, i + 196) << 3;
+            bits |= get_bit(g_scalar, i + 140) << 2;
+            bits |= get_bit(g_scalar, i + 84) << 1;
+            bits |= get_bit(g_scalar, i + 28);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* value 1 below is argument for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 168) << 3;
+            bits |= get_bit(g_scalar, i + 112) << 2;
+            bits |= get_bit(g_scalar, i + 56) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2],
+                      1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /* select the point to add or subtract */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], sign);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP224_PRE_COMP *nistp224_pre_comp_new()
+{
+    NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (!ret) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+    return p;
+}
+
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp224", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp224_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_b = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_224;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    widefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void make_points_affine(size_t num, felem points[ /* num */ ][3],
+                               felem tmp_felems[ /* num+1 */ ])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    unsigned i;
+    int mixed = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    felem_bytearray tmp;
+    unsigned num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP224_PRE_COMP *pre = NULL;
+    const felem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) ||
+        ((y = BN_CTX_get(ctx)) == NULL) ||
+        ((z = BN_CTX_get(ctx)) == NULL) ||
+        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp224;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const felem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !felem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !felem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points = num_points + 1;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /* the generator */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^224 */
+                if ((BN_num_bits(p_scalar) > 224)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_assign(pre_comp[i][1][0], x_out);
+                felem_assign(pre_comp[i][1][1], y_out);
+                felem_assign(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^224 */
+        if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp, g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP224_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[32];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp224_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
+        goto err;
+    /*
+     * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
+     * 2^140*G, 2^196*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                     pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                     pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                         pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0],
+                         pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double(pre->g_pre_comp[0][2 * i][0],
+                     pre->g_pre_comp[0][2 * i][1],
+                     pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0],
+                     pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2],
+                         pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */
+        point_add(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                  pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                  pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                  pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                  pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                  pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + 2^196*G
+         */
+        point_add(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                  pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                  pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^28*G */
+            point_add(pre->g_pre_comp[i][2 * j + 1][0],
+                      pre->g_pre_comp[i][2 * j + 1][1],
+                      pre->g_pre_comp[i][2 * j + 1][2],
+                      pre->g_pre_comp[i][2 * j][0],
+                      pre->g_pre_comp[i][2 * j][1],
+                      pre->g_pre_comp[i][2 * j][2], 0,
+                      pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1],
+                      pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp224, pre);
+    pre = NULL;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp224_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp224);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistp256.c b/openssl-1.1.0h/crypto/ec/ecp_nistp256.c
new file mode 100644
index 0000000..ffd2a7d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistp256.c
@@ -0,0 +1,2350 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+typedef __int128_t int128_t;
+# else
+#  error "Need GCC 3.1 or later to define type uint128_t"
+# endif
+
+typedef uint8_t u8;
+typedef uint32_t u32;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
+ * can serialise an element of this field into 32 bytes. We call this an
+ * felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[32];
+
+/*
+ * These are the parameters of P256, taken from FIPS 186-3, page 86. These
+ * values are big-endian.
+ */
+static const felem_bytearray nistp256_curve_params[5] = {
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */
+    {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
+     0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
+     0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
+     0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b},
+    {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */
+     0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
+     0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+     0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96},
+    {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */
+     0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+     0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+     0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with either four 128-bit values, eight 128-bit
+ * values, or four 64-bit values. The field element represented is:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192  (mod p)
+ * or:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512  (mod p)
+ *
+ * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits
+ * apart, but are 128-bits wide, the most significant bits of each limb overlap
+ * with the least significant bits of the next.
+ *
+ * A field element with four limbs is an 'felem'. One with eight limbs is a
+ * 'longfelem'
+ *
+ * A field element with four, 64-bit values is called a 'smallfelem'. Small
+ * values are used as intermediate values before multiplication.
+ */
+
+# define NLIMBS 4
+
+typedef uint128_t limb;
+typedef limb felem[NLIMBS];
+typedef limb longfelem[NLIMBS * 2];
+typedef u64 smallfelem[NLIMBS];
+
+/* This is the value of the prime as four 64-bit words, little-endian. */
+static const u64 kPrime[4] =
+    { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul };
+static const u64 bottom63bits = 0x7ffffffffffffffful;
+
+/*
+ * bin32_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin32_to_felem(felem out, const u8 in[32])
+{
+    out[0] = *((u64 *)&in[0]);
+    out[1] = *((u64 *)&in[8]);
+    out[2] = *((u64 *)&in[16]);
+    out[3] = *((u64 *)&in[24]);
+}
+
+/*
+ * smallfelem_to_bin32 takes a smallfelem and serialises into a little
+ * endian, 32 byte array. This assumes that the CPU is little-endian.
+ */
+static void smallfelem_to_bin32(u8 out[32], const smallfelem in)
+{
+    *((u64 *)&out[0]) = in[0];
+    *((u64 *)&out[8]) = in[1];
+    *((u64 *)&out[16]) = in[2];
+    *((u64 *)&out[24]) = in[3];
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin32_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
+{
+    felem_bytearray b_in, b_out;
+    smallfelem_to_bin32(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void smallfelem_one(smallfelem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void smallfelem_assign(smallfelem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* felem_sum sets out = out + in. */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_small_sum sets out = out + in. */
+static void felem_small_sum(felem out, const smallfelem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_scalar sets out = out * scalar */
+static void felem_scalar(felem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/* longfelem_scalar sets out = out * scalar */
+static void longfelem_scalar(longfelem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+}
+
+# define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
+# define two105 (((limb)1) << 105)
+# define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9)
+
+/* zero105 is 0 mod p */
+static const felem zero105 =
+    { two105m41m9, two105, two105m41p9, two105m41p9 };
+
+/*-
+ * smallfelem_neg sets |out| to |-small|
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void smallfelem_neg(felem out, const smallfelem small)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    out[0] = zero105[0] - small[0];
+    out[1] = zero105[1] - small[1];
+    out[2] = zero105[2] - small[2];
+    out[3] = zero105[3] - small[3];
+}
+
+/*-
+ * felem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^104
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void felem_diff(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero105[0];
+    out[1] += zero105[1];
+    out[2] += zero105[2];
+    out[3] += zero105[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+# define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11)
+# define two107 (((limb)1) << 107)
+# define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11)
+
+/* zero107 is 0 mod p */
+static const felem zero107 =
+    { two107m43m11, two107, two107m43p11, two107m43p11 };
+
+/*-
+ * An alternative felem_diff for larger inputs |in|
+ * felem_diff_zero107 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^106
+ * On exit:
+ *   out[i] < out[i] + 2^107
+ */
+static void felem_diff_zero107(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero107[0];
+    out[1] += zero107[1];
+    out[2] += zero107[2];
+    out[3] += zero107[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*-
+ * longfelem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 7*2^67
+ * On exit:
+ *   out[i] < out[i] + 2^70 + 2^40
+ */
+static void longfelem_diff(longfelem out, const longfelem in)
+{
+    static const limb two70m8p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6);
+    static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40);
+    static const limb two70 = (((limb) 1) << 70);
+    static const limb two70m40m38p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) +
+        (((limb) 1) << 6);
+    static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6);
+
+    /* add 0 mod p to avoid underflow */
+    out[0] += two70m8p6;
+    out[1] += two70p40;
+    out[2] += two70;
+    out[3] += two70m40m38p6;
+    out[4] += two70m6;
+    out[5] += two70m6;
+    out[6] += two70m6;
+    out[7] += two70m6;
+
+    /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+    out[7] -= in[7];
+}
+
+# define two64m0 (((limb)1) << 64) - 1
+# define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1
+# define two64m46 (((limb)1) << 64) - (((limb)1) << 46)
+# define two64m32 (((limb)1) << 64) - (((limb)1) << 32)
+
+/* zero110 is 0 mod p */
+static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 };
+
+/*-
+ * felem_shrink converts an felem into a smallfelem. The result isn't quite
+ * minimal as the value may be greater than p.
+ *
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 2^64
+ */
+static void felem_shrink(smallfelem out, const felem in)
+{
+    felem tmp;
+    u64 a, b, mask;
+    u64 high, low;
+    static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
+
+    /* Carry 2->3 */
+    tmp[3] = zero110[3] + in[3] + ((u64)(in[2] >> 64));
+    /* tmp[3] < 2^110 */
+
+    tmp[2] = zero110[2] + (u64)in[2];
+    tmp[0] = zero110[0] + in[0];
+    tmp[1] = zero110[1] + in[1];
+    /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */
+
+    /*
+     * We perform two partial reductions where we eliminate the high-word of
+     * tmp[3]. We don't update the other words till the end.
+     */
+    a = tmp[3] >> 64;           /* a < 2^46 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^79 */
+
+    b = a;
+    a = tmp[3] >> 64;           /* a < 2^15 */
+    b += a;                     /* b < 2^46 + 2^15 < 2^47 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^64 + 2^47 */
+
+    /*
+     * This adjusts the other two words to complete the two partial
+     * reductions.
+     */
+    tmp[0] += b;
+    tmp[1] -= (((limb) b) << 32);
+
+    /*
+     * In order to make space in tmp[3] for the carry from 2 -> 3, we
+     * conditionally subtract kPrime if tmp[3] is large enough.
+     */
+    high = (u64)(tmp[3] >> 64);
+    /* As tmp[3] < 2^65, high is either 1 or 0 */
+    high = 0 - high;
+    /*-
+     * high is:
+     *   all ones   if the high word of tmp[3] is 1
+     *   all zeros  if the high word of tmp[3] if 0
+     */
+    low = (u64)tmp[3];
+    mask = 0 - (low >> 63);
+    /*-
+     * mask is:
+     *   all ones   if the MSB of low is 1
+     *   all zeros  if the MSB of low if 0
+     */
+    low &= bottom63bits;
+    low -= kPrime3Test;
+    /* if low was greater than kPrime3Test then the MSB is zero */
+    low = ~low;
+    low = 0 - (low >> 63);
+    /*-
+     * low is:
+     *   all ones   if low was > kPrime3Test
+     *   all zeros  if low was <= kPrime3Test
+     */
+    mask = (mask & low) | high;
+    tmp[0] -= mask & kPrime[0];
+    tmp[1] -= mask & kPrime[1];
+    /* kPrime[2] is zero, so omitted */
+    tmp[3] -= mask & kPrime[3];
+    /* tmp[3] < 2**64 - 2**32 + 1 */
+
+    tmp[1] += ((u64)(tmp[0] >> 64));
+    tmp[0] = (u64)tmp[0];
+    tmp[2] += ((u64)(tmp[1] >> 64));
+    tmp[1] = (u64)tmp[1];
+    tmp[3] += ((u64)(tmp[2] >> 64));
+    tmp[2] = (u64)tmp[2];
+    /* tmp[i] < 2^64 */
+
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/* smallfelem_expand converts a smallfelem to an felem */
+static void smallfelem_expand(felem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/*-
+ * smallfelem_square sets |out| = |small|^2
+ * On entry:
+ *   small[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_square(longfelem out, const smallfelem small)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small[0]) * small[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small[0]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small[0]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[2] *= 2;
+    out[3] = high;
+
+    a = ((uint128_t) small[0]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small[1]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[3] *= 2;
+    out[4] += high;
+
+    a = ((uint128_t) small[1]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small[1]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[4] *= 2;
+    out[5] = high;
+
+    a = ((uint128_t) small[2]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[5] *= 2;
+    out[6] = high;
+    out[6] += high;
+
+    a = ((uint128_t) small[2]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small[3]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_square(longfelem out, const felem in)
+{
+    u64 small[4];
+    felem_shrink(small, in);
+    smallfelem_square(out, small);
+}
+
+/*-
+ * smallfelem_mul sets |out| = |small1| * |small2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   small2[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_mul(longfelem out, const smallfelem small1,
+                           const smallfelem small2)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small1[0]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small1[0]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small1[1]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] += high;
+
+    a = ((uint128_t) small1[0]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] = high;
+
+    a = ((uint128_t) small1[1]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[2]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[0]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small1[1]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[2]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[3]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[1]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] = high;
+
+    a = ((uint128_t) small1[2]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[3]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[2]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] = high;
+
+    a = ((uint128_t) small1[3]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] += high;
+
+    a = ((uint128_t) small1[3]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^109
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_mul(longfelem out, const felem in1, const felem in2)
+{
+    smallfelem small1, small2;
+    felem_shrink(small1, in1);
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+/*-
+ * felem_small_mul sets |out| = |small1| * |in2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_small_mul(longfelem out, const smallfelem small1,
+                            const felem in2)
+{
+    smallfelem small2;
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+# define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4)
+# define two100 (((limb)1) << 100)
+# define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4)
+/* zero100 is 0 mod p */
+static const felem zero100 =
+    { two100m36m4, two100, two100m36p4, two100m36p4 };
+
+/*-
+ * Internal function for the different flavours of felem_reduce.
+ * felem_reduce_ reduces the higher coefficients in[4]-in[7].
+ * On entry:
+ *   out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
+ *   out[1] >= in[7] + 2^32*in[4]
+ *   out[2] >= in[5] + 2^32*in[5]
+ *   out[3] >= in[4] + 2^32*in[5] + 2^32*in[6]
+ * On exit:
+ *   out[0] <= out[0] + in[4] + 2^32*in[5]
+ *   out[1] <= out[1] + in[5] + 2^33*in[6]
+ *   out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
+ *   out[3] <= out[3] + 2^32*in[4] + 3*in[7]
+ */
+static void felem_reduce_(felem out, const longfelem in)
+{
+    int128_t c;
+    /* combine common terms from below */
+    c = in[4] + (in[5] << 32);
+    out[0] += c;
+    out[3] -= c;
+
+    c = in[5] - in[7];
+    out[1] += c;
+    out[2] -= c;
+
+    /* the remaining terms */
+    /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */
+    out[1] -= (in[4] << 32);
+    out[3] += (in[4] << 32);
+
+    /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */
+    out[2] -= (in[5] << 32);
+
+    /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */
+    out[0] -= in[6];
+    out[0] -= (in[6] << 32);
+    out[1] += (in[6] << 33);
+    out[2] += (in[6] * 2);
+    out[3] -= (in[6] << 32);
+
+    /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */
+    out[0] -= in[7];
+    out[0] -= (in[7] << 32);
+    out[2] += (in[7] << 33);
+    out[3] += (in[7] * 3);
+}
+
+/*-
+ * felem_reduce converts a longfelem into an felem.
+ * To be called directly after felem_square or felem_mul.
+ * On entry:
+ *   in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64
+ *   in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64
+ * On exit:
+ *   out[i] < 2^101
+ */
+static void felem_reduce(felem out, const longfelem in)
+{
+    out[0] = zero100[0] + in[0];
+    out[1] = zero100[1] + in[1];
+    out[2] = zero100[2] + in[2];
+    out[3] = zero100[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
+     * out[1] > 2^100 - 2^64 - 7*2^96 > 0
+     * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
+     * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
+     *
+     * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
+     * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
+     * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
+     * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
+     */
+}
+
+/*-
+ * felem_reduce_zero105 converts a larger longfelem into an felem.
+ * On entry:
+ *   in[0] < 2^71
+ * On exit:
+ *   out[i] < 2^106
+ */
+static void felem_reduce_zero105(felem out, const longfelem in)
+{
+    out[0] = zero105[0] + in[0];
+    out[1] = zero105[1] + in[1];
+    out[2] = zero105[2] + in[2];
+    out[3] = zero105[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
+     * out[1] > 2^105 - 2^71 - 2^103 > 0
+     * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
+     * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
+     *
+     * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
+     */
+}
+
+/*
+ * subtract_u64 sets *result = *result - v and *carry to one if the
+ * subtraction underflowed.
+ */
+static void subtract_u64(u64 *result, u64 *carry, u64 v)
+{
+    uint128_t r = *result;
+    r -= v;
+    *carry = (r >> 64) & 1;
+    *result = (u64)r;
+}
+
+/*
+ * felem_contract converts |in| to its unique, minimal representation. On
+ * entry: in[i] < 2^109
+ */
+static void felem_contract(smallfelem out, const felem in)
+{
+    unsigned i;
+    u64 all_equal_so_far = 0, result = 0, carry;
+
+    felem_shrink(out, in);
+    /* small is minimal except that the value might be > p */
+
+    all_equal_so_far--;
+    /*
+     * We are doing a constant time test if out >= kPrime. We need to compare
+     * each u64, from most-significant to least significant. For each one, if
+     * all words so far have been equal (m is all ones) then a non-equal
+     * result is the answer. Otherwise we continue.
+     */
+    for (i = 3; i < 4; i--) {
+        u64 equal;
+        uint128_t a = ((uint128_t) kPrime[i]) - out[i];
+        /*
+         * if out[i] > kPrime[i] then a will underflow and the high 64-bits
+         * will all be set.
+         */
+        result |= all_equal_so_far & ((u64)(a >> 64));
+
+        /*
+         * if kPrime[i] == out[i] then |equal| will be all zeros and the
+         * decrement will make it all ones.
+         */
+        equal = kPrime[i] ^ out[i];
+        equal--;
+        equal &= equal << 32;
+        equal &= equal << 16;
+        equal &= equal << 8;
+        equal &= equal << 4;
+        equal &= equal << 2;
+        equal &= equal << 1;
+        equal = 0 - (equal >> 63);
+
+        all_equal_so_far &= equal;
+    }
+
+    /*
+     * if all_equal_so_far is still all ones then the two values are equal
+     * and so out >= kPrime is true.
+     */
+    result |= all_equal_so_far;
+
+    /* if out >= kPrime then we subtract kPrime. */
+    subtract_u64(&out[0], &carry, result & kPrime[0]);
+    subtract_u64(&out[1], &carry, carry);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[1], &carry, result & kPrime[1]);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[2], &carry, result & kPrime[2]);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[3], &carry, result & kPrime[3]);
+}
+
+static void smallfelem_square_contract(smallfelem out, const smallfelem in)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_square(longtmp, in);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+static void smallfelem_mul_contract(smallfelem out, const smallfelem in1,
+                                    const smallfelem in2)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_mul(longtmp, in1, in2);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   small[i] < 2^64
+ */
+static limb smallfelem_is_zero(const smallfelem small)
+{
+    limb result;
+    u64 is_p;
+
+    u64 is_zero = small[0] | small[1] | small[2] | small[3];
+    is_zero--;
+    is_zero &= is_zero << 32;
+    is_zero &= is_zero << 16;
+    is_zero &= is_zero << 8;
+    is_zero &= is_zero << 4;
+    is_zero &= is_zero << 2;
+    is_zero &= is_zero << 1;
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = (small[0] ^ kPrime[0]) |
+        (small[1] ^ kPrime[1]) |
+        (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]);
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+
+    result = is_zero;
+    result |= ((limb) is_zero) << 64;
+    return result;
+}
+
+static int smallfelem_is_zero_int(const void *small)
+{
+    return (int)(smallfelem_is_zero(small) & ((limb) 1));
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2;
+    /* each e_I will hold |in|^{2^I - 1} */
+    felem e2, e4, e8, e16, e32, e64;
+    longfelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(e2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp, e2);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^0 */
+    felem_assign(e4, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^4 */
+    felem_mul(tmp, ftmp, e4);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^0 */
+    felem_assign(e8, ftmp);
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^16 - 2^8 */
+    felem_mul(tmp, ftmp, e8);
+    felem_reduce(ftmp, tmp);    /* 2^16 - 2^0 */
+    felem_assign(e16, ftmp);
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^32 - 2^16 */
+    felem_mul(tmp, ftmp, e16);
+    felem_reduce(ftmp, tmp);    /* 2^32 - 2^0 */
+    felem_assign(e32, ftmp);
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^64 - 2^32 */
+    felem_assign(e64, ftmp);
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^64 - 2^32 + 2^0 */
+    for (i = 0; i < 192; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^256 - 2^224 + 2^192 */
+
+    felem_mul(tmp, e64, e32);
+    felem_reduce(ftmp2, tmp);   /* 2^64 - 2^0 */
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^80 - 2^16 */
+    felem_mul(tmp, ftmp2, e16);
+    felem_reduce(ftmp2, tmp);   /* 2^80 - 2^0 */
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^88 - 2^8 */
+    felem_mul(tmp, ftmp2, e8);
+    felem_reduce(ftmp2, tmp);   /* 2^88 - 2^0 */
+    for (i = 0; i < 4; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^92 - 2^4 */
+    felem_mul(tmp, ftmp2, e4);
+    felem_reduce(ftmp2, tmp);   /* 2^92 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^93 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^2 */
+    felem_mul(tmp, ftmp2, e2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^95 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 2^2 */
+    felem_mul(tmp, ftmp2, in);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 3 */
+
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(out, tmp);     /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
+}
+
+static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
+{
+    felem tmp;
+
+    smallfelem_expand(tmp, in);
+    felem_inv(tmp, tmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates
+ */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    longfelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+    smallfelem small1, small2;
+
+    felem_assign(ftmp, x_in);
+    /* ftmp[i] < 2^106 */
+    felem_assign(ftmp2, x_in);
+    /* ftmp2[i] < 2^106 */
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+    /* delta[i] < 2^101 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+    /* gamma[i] < 2^101 */
+    felem_shrink(small1, gamma);
+
+    /* beta = x*gamma */
+    felem_small_mul(tmp, small1, x_in);
+    felem_reduce(beta, tmp);
+    /* beta[i] < 2^101 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^105 + 2^106 < 2^107 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^105 + 2^106 < 2^107 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^107 < 2^109 */
+    felem_mul(tmp, ftmp, ftmp2);
+    felem_reduce(alpha, tmp);
+    /* alpha[i] < 2^101 */
+    felem_shrink(small2, alpha);
+
+    /* x' = alpha^2 - 8*beta */
+    smallfelem_square(tmp, small2);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^101 = 2^104 */
+    felem_diff(x_out, ftmp);
+    /* x_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^101 + 2^101 = 2^102 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^106 + 2^106 = 2^107 */
+    felem_square(tmp, ftmp);
+    felem_reduce(z_out, tmp);
+    felem_diff(z_out, delta);
+    /* z_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^101 = 2^103 */
+    felem_diff_zero107(beta, x_out);
+    /* beta[i] < 2^107 + 2^103 < 2^108 */
+    felem_small_mul(tmp, small2, beta);
+    /* tmp[i] < 7 * 2^64 < 2^67 */
+    smallfelem_square(tmp2, small1);
+    /* tmp2[i] < 7 * 2^64 */
+    longfelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+}
+
+/*
+ * point_double_small is the same as point_double, except that it operates on
+ * smallfelems
+ */
+static void
+point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out,
+                   const smallfelem x_in, const smallfelem y_in,
+                   const smallfelem z_in)
+{
+    felem felem_x_out, felem_y_out, felem_z_out;
+    felem felem_x_in, felem_y_in, felem_z_in;
+
+    smallfelem_expand(felem_x_in, x_in);
+    smallfelem_expand(felem_y_in, y_in);
+    smallfelem_expand(felem_z_in, z_in);
+    point_double(felem_x_out, felem_y_out, felem_z_out,
+                 felem_x_in, felem_y_in, felem_z_in);
+    felem_shrink(x_out, felem_x_out);
+    felem_shrink(y_out, felem_y_out);
+    felem_shrink(z_out, felem_z_out);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/* copy_small_conditional copies in to out iff mask is all ones. */
+static void copy_small_conditional(felem out, const smallfelem in, limb mask)
+{
+    unsigned i;
+    const u64 mask64 = mask;
+    for (i = 0; i < NLIMBS; ++i) {
+        out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask);
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal, (while not equal to the point at infinity). This case never
+ * happens during single point multiplication, so there is no timing leak for
+ * ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const smallfelem x2,
+                      const smallfelem y2, const smallfelem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    longfelem tmp, tmp2;
+    smallfelem small1, small2, small3, small4, small5;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+
+    felem_shrink(small3, z1);
+
+    z1_is_zero = smallfelem_is_zero(small3);
+    z2_is_zero = smallfelem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    smallfelem_square(tmp, small3);
+    felem_reduce(ftmp, tmp);
+    /* ftmp[i] < 2^101 */
+    felem_shrink(small1, ftmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        smallfelem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+        /* ftmp2[i] < 2^101 */
+        felem_shrink(small2, ftmp2);
+
+        felem_shrink(small5, x1);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        smallfelem_mul(tmp, small5, small2);
+        felem_reduce(ftmp3, tmp);
+        /* ftmp3[i] < 2^101 */
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_small_sum(ftmp5, z2);
+        /* ftmp5[i] < 2^107 */
+
+        /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */
+        felem_square(tmp, ftmp5);
+        felem_reduce(ftmp5, tmp);
+        /* ftmp2 = z2z2 + z1z1 */
+        felem_sum(ftmp2, ftmp);
+        /* ftmp2[i] < 2^101 + 2^101 = 2^102 */
+        felem_diff(ftmp5, ftmp2);
+        /* ftmp5[i] < 2^105 + 2^101 < 2^106 */
+
+        /* ftmp2 = z2 * z2z2 */
+        smallfelem_mul(tmp, small2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+        /* ftmp6[i] < 2^101 */
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+        /* ftmp3[i] < 2^106 */
+
+        /* ftmp5 = 2z1z2 */
+        felem_assign(ftmp5, z1);
+        felem_scalar(ftmp5, 2);
+        /* ftmp5[i] < 2*2^106 = 2^107 */
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+        /* ftmp6[i] < 2^106 */
+    }
+
+    /* u2 = x2*z1z1 */
+    smallfelem_mul(tmp, x2, small1);
+    felem_reduce(ftmp4, tmp);
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_zero107(ftmp4, ftmp3);
+    /* ftmp4[i] < 2^107 + 2^101 < 2^108 */
+    felem_shrink(small4, ftmp4);
+
+    x_equal = smallfelem_is_zero(small4);
+
+    /* z_out = ftmp5 * h */
+    felem_small_mul(tmp, small4, ftmp5);
+    felem_reduce(z_out, tmp);
+    /* z_out[i] < 2^101 */
+
+    /* ftmp = z1 * z1z1 */
+    smallfelem_mul(tmp, small1, small3);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_small_mul(tmp, y2, ftmp);
+    felem_reduce(ftmp5, tmp);
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_zero107(ftmp5, ftmp6);
+    /* ftmp5[i] < 2^107 + 2^107 = 2^108 */
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2^109 */
+    felem_shrink(small1, ftmp5);
+    y_equal = smallfelem_is_zero(small1);
+
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar(ftmp, 2);
+    /* ftmp[i] < 2*2^108 = 2^109 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    smallfelem_square(tmp, small1);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar(ftmp4, 2);
+    felem_sum(ftmp4, ftmp2);
+    /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */
+    felem_diff(x_out, ftmp4);
+    /* x_out[i] < 2^105 + 2^101 */
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff_zero107(ftmp3, x_out);
+    /* ftmp3[i] < 2^107 + 2^101 < 2^108 */
+    felem_small_mul(tmp, small1, ftmp3);
+    felem_mul(tmp2, ftmp6, ftmp2);
+    longfelem_scalar(tmp2, 2);
+    /* tmp2[i] < 2*2^67 = 2^68 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+
+    copy_small_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_small_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_small_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * point_add_small is the same as point_add, except that it operates on
+ * smallfelems
+ */
+static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3,
+                            smallfelem x1, smallfelem y1, smallfelem z1,
+                            smallfelem x2, smallfelem y2, smallfelem z2)
+{
+    felem felem_x3, felem_y3, felem_z3;
+    felem felem_x1, felem_y1, felem_z1;
+    smallfelem_expand(felem_x1, x1);
+    smallfelem_expand(felem_y1, y1);
+    smallfelem_expand(felem_z1, z1);
+    point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0,
+              x2, y2, z2);
+    felem_shrink(x3, felem_x3);
+    felem_shrink(y3, felem_y3);
+    felem_shrink(z3, felem_z3);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^64G
+ *     3 | 0 0 1 1 | (2^64 + 1)G
+ *     4 | 0 1 0 0 | 2^128G
+ *     5 | 0 1 0 1 | (2^128 + 1)G
+ *     6 | 0 1 1 0 | (2^128 + 2^64)G
+ *     7 | 0 1 1 1 | (2^128 + 2^64 + 1)G
+ *     8 | 1 0 0 0 | 2^192G
+ *     9 | 1 0 0 1 | (2^192 + 1)G
+ *    10 | 1 0 1 0 | (2^192 + 2^64)G
+ *    11 | 1 0 1 1 | (2^192 + 2^64 + 1)G
+ *    12 | 1 1 0 0 | (2^192 + 2^128)G
+ *    13 | 1 1 0 1 | (2^192 + 2^128 + 1)G
+ *    14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G
+ *    15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G
+ * followed by a copy of this with each element multiplied by 2^32.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const smallfelem gmul[2][16][3] = {
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2,
+       0x6b17d1f2e12c4247},
+      {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16,
+       0x4fe342e2fe1a7f9b},
+      {1, 0, 0, 0}},
+     {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de,
+       0x0fa822bc2811aaa5},
+      {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b,
+       0xbff44ae8f5dba80d},
+      {1, 0, 0, 0}},
+     {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789,
+       0x300a4bbc89d6726f},
+      {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f,
+       0x72aac7e0d09b4644},
+      {1, 0, 0, 0}},
+     {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e,
+       0x447d739beedb5e67},
+      {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7,
+       0x2d4825ab834131ee},
+      {1, 0, 0, 0}},
+     {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60,
+       0xef9519328a9c72ff},
+      {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c,
+       0x611e9fc37dbb2c9b},
+      {1, 0, 0, 0}},
+     {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf,
+       0x550663797b51f5d8},
+      {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5,
+       0x157164848aecb851},
+      {1, 0, 0, 0}},
+     {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391,
+       0xeb5d7745b21141ea},
+      {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee,
+       0xeafd72ebdbecc17b},
+      {1, 0, 0, 0}},
+     {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5,
+       0xa6d39677a7849276},
+      {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf,
+       0x674f84749b0b8816},
+      {1, 0, 0, 0}},
+     {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb,
+       0x4e769e7672c9ddad},
+      {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281,
+       0x42b99082de830663},
+      {1, 0, 0, 0}},
+     {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478,
+       0x78878ef61c6ce04d},
+      {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def,
+       0xb6cb3f5d7b72c321},
+      {1, 0, 0, 0}},
+     {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae,
+       0x0c88bc4d716b1287},
+      {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa,
+       0xdd5ddea3f3901dc6},
+      {1, 0, 0, 0}},
+     {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3,
+       0x68f344af6b317466},
+      {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3,
+       0x31b9c405f8540a20},
+      {1, 0, 0, 0}},
+     {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0,
+       0x4052bf4b6f461db9},
+      {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8,
+       0xfecf4d5190b0fc61},
+      {1, 0, 0, 0}},
+     {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a,
+       0x1eddbae2c802e41a},
+      {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0,
+       0x43104d86560ebcfc},
+      {1, 0, 0, 0}},
+     {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a,
+       0xb48e26b484f7a21c},
+      {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668,
+       0xfac015404d4d3dab},
+      {1, 0, 0, 0}}},
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da,
+       0x7fe36b40af22af89},
+      {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1,
+       0xe697d45825b63624},
+      {1, 0, 0, 0}},
+     {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902,
+       0x4a5b506612a677a6},
+      {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40,
+       0xeb13461ceac089f1},
+      {1, 0, 0, 0}},
+     {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857,
+       0x0781b8291c6a220a},
+      {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434,
+       0x690cde8df0151593},
+      {1, 0, 0, 0}},
+     {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326,
+       0x8a535f566ec73617},
+      {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf,
+       0x0455c08468b08bd7},
+      {1, 0, 0, 0}},
+     {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279,
+       0x06bada7ab77f8276},
+      {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70,
+       0x5b476dfd0e6cb18a},
+      {1, 0, 0, 0}},
+     {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8,
+       0x3e29864e8a2ec908},
+      {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed,
+       0x239b90ea3dc31e7e},
+      {1, 0, 0, 0}},
+     {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4,
+       0x820f4dd949f72ff7},
+      {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3,
+       0x140406ec783a05ec},
+      {1, 0, 0, 0}},
+     {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe,
+       0x68f6b8542783dfee},
+      {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028,
+       0xcbe1feba92e40ce6},
+      {1, 0, 0, 0}},
+     {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927,
+       0xd0b2f94d2f420109},
+      {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a,
+       0x971459828b0719e5},
+      {1, 0, 0, 0}},
+     {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687,
+       0x961610004a866aba},
+      {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c,
+       0x7acb9fadcee75e44},
+      {1, 0, 0, 0}},
+     {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea,
+       0x24eb9acca333bf5b},
+      {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d,
+       0x69f891c5acd079cc},
+      {1, 0, 0, 0}},
+     {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514,
+       0xe51f547c5972a107},
+      {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06,
+       0x1c309a2b25bb1387},
+      {1, 0, 0, 0}},
+     {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828,
+       0x20b87b8aa2c4e503},
+      {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044,
+       0xf5c6fa49919776be},
+      {1, 0, 0, 0}},
+     {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56,
+       0x1ed7d1b9332010b9},
+      {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24,
+       0x3a2b03f03217257a},
+      {1, 0, 0, 0}},
+     {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b,
+       0x15fee545c78dd9f6},
+      {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb,
+       0x4ab5b6b2b8753f81},
+      {1, 0, 0, 0}}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const smallfelem pre_comp[16][3], smallfelem out[3])
+{
+    unsigned i, j;
+    u64 *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const u64 *inlimbs = (u64 *)&pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if ((i < 0) || (i >= 256))
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const smallfelem pre_comp[][17][3],
+                      const smallfelem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], ftmp;
+    smallfelem tmp[3];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 32 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 255 : 31); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 31)) {
+            /* first, look 32 bits upwards */
+            bits = get_bit(g_scalar, i + 224) << 3;
+            bits |= get_bit(g_scalar, i + 160) << 2;
+            bits |= get_bit(g_scalar, i + 96) << 1;
+            bits |= get_bit(g_scalar, i + 32);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* Arg 1 below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                smallfelem_expand(nq[0], tmp[0]);
+                smallfelem_expand(nq[1], tmp[1]);
+                smallfelem_expand(nq[2], tmp[2]);
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 192) << 3;
+            bits |= get_bit(g_scalar, i + 128) << 2;
+            bits |= get_bit(g_scalar, i + 64) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            /* Arg 1 below is for "mixed" */
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative
+                                               * point */
+                copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1));
+                felem_contract(tmp[1], ftmp);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    smallfelem_expand(nq[0], tmp[0]);
+                    smallfelem_expand(nq[1], tmp[1]);
+                    smallfelem_expand(nq[2], tmp[2]);
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp256_pre_comp_st {
+    smallfelem g_pre_comp[2][16][3];
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp256_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp256_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp256_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp256_points_mul,
+        ec_GFp_nistp256_precompute_mult,
+        ec_GFp_nistp256_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP256_PRE_COMP *nistp256_pre_comp_new()
+{
+    NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+    return p;
+}
+
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistp256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp256_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_b = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_256;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in;
+    smallfelem x_out, y_out;
+    longfelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!smallfelem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!smallfelem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_smallfelems is of size |num+1| */
+static void make_points_affine(size_t num, smallfelem points[][3],
+                               smallfelem tmp_smallfelems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(smallfelem),
+                                             tmp_smallfelems,
+                                             (void (*)(void *))smallfelem_one,
+                                             smallfelem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_square_contract,
+                                             (void (*)
+                                              (void *, const void *,
+                                               const void *))
+                                             smallfelem_mul_contract,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_inv_contract,
+                                             /* nothing to contract */
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    smallfelem (*pre_comp)[17][3] = NULL;
+    smallfelem *tmp_smallfelems = NULL;
+    felem_bytearray tmp;
+    unsigned i, num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    smallfelem x_in, y_in, z_in;
+    felem x_out, y_out, z_out;
+    NISTP256_PRE_COMP *pre = NULL;
+    const smallfelem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) ||
+        ((y = BN_CTX_get(ctx)) == NULL) ||
+        ((z = BN_CTX_get(ctx)) == NULL) ||
+        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp256;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const smallfelem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_smallfelems =
+              OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_smallfelems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        memset(secrets, 0, sizeof(*secrets) * num_points);
+        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^256 */
+                if ((BN_num_bits(p_scalar) > 256)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_shrink(pre_comp[i][1][0], x_out);
+                felem_shrink(pre_comp[i][1][1], y_out);
+                felem_shrink(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add_small(pre_comp[i][j][0], pre_comp[i][j][1],
+                                        pre_comp[i][j][2], pre_comp[i][1][0],
+                                        pre_comp[i][1][1], pre_comp[i][1][2],
+                                        pre_comp[i][j - 1][0],
+                                        pre_comp[i][j - 1][1],
+                                        pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double_small(pre_comp[i][j][0],
+                                           pre_comp[i][j][1],
+                                           pre_comp[i][j][2],
+                                           pre_comp[i][j / 2][0],
+                                           pre_comp[i][j / 2][1],
+                                           pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^256 */
+        if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
+        (!smallfelem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_smallfelems);
+    return ret;
+}
+
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP256_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    smallfelem tmp_smallfelems[32];
+    felem x_tmp, y_tmp, z_tmp;
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp256_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+        (!BN_to_felem(y_tmp, group->generator->Y)) ||
+        (!BN_to_felem(z_tmp, group->generator->Z)))
+        goto err;
+    felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][2], z_tmp);
+    /*
+     * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G, 2^96*G,
+     * 2^160*G, 2^224*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double_small(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                           pre->g_pre_comp[0][i][1],
+                           pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2],
+                               pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double_small(pre->g_pre_comp[0][2 * i][0],
+                           pre->g_pre_comp[0][2 * i][1],
+                           pre->g_pre_comp[0][2 * i][2],
+                           pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2],
+                               pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */
+        point_add_small(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                        pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                        pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                        pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                        pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                        pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + 2^224*G
+         */
+        point_add_small(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                        pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                        pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^32*G */
+            point_add_small(pre->g_pre_comp[i][2 * j + 1][0],
+                            pre->g_pre_comp[i][2 * j + 1][1],
+                            pre->g_pre_comp[i][2 * j + 1][2],
+                            pre->g_pre_comp[i][2 * j][0],
+                            pre->g_pre_comp[i][2 * j][1],
+                            pre->g_pre_comp[i][2 * j][2],
+                            pre->g_pre_comp[i][1][0],
+                            pre->g_pre_comp[i][1][1],
+                            pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);
+
+ done:
+    SETPRECOMP(group, nistp256, pre);
+    pre = NULL;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp256_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp256);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistp521.c b/openssl-1.1.0h/crypto/ec/ecp_nistp521.c
new file mode 100644
index 0000000..133f089
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistp521.c
@@ -0,0 +1,2138 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_lcl.h"
+
+# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1))
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Need GCC 3.1 or later to define type uint128_t"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P521 operates over GF(2^521-1). We can serialise an
+ * element of this field into 66 bytes where the most significant byte
+ * contains only a single bit. We call this an felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[66];
+
+/*
+ * These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5.
+ * These values are big-endian.
+ */
+static const felem_bytearray nistp521_curve_params[5] = {
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff},
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xfc},
+    {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */
+     0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
+     0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3,
+     0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
+     0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
+     0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
+     0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c,
+     0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
+     0x3f, 0x00},
+    {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */
+     0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
+     0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
+     0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
+     0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
+     0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
+     0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a,
+     0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
+     0xbd, 0x66},
+    {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */
+     0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
+     0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+     0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
+     0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
+     0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+     0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72,
+     0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
+     0x66, 0x50}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with nine values. These values are either 64 or
+ * 128 bits and the field element represented is:
+ *   v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464  (mod p)
+ * Each of the nine values is called a 'limb'. Since the limbs are spaced only
+ * 58 bits apart, but are greater than 58 bits in length, the most significant
+ * bits of each limb overlap with the least significant bits of the next.
+ *
+ * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a
+ * 'largefelem' */
+
+# define NLIMBS 9
+
+typedef uint64_t limb;
+typedef limb felem[NLIMBS];
+typedef uint128_t largefelem[NLIMBS];
+
+static const limb bottom57bits = 0x1ffffffffffffff;
+static const limb bottom58bits = 0x3ffffffffffffff;
+
+/*
+ * bin66_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin66_to_felem(felem out, const u8 in[66])
+{
+    out[0] = (*((limb *) & in[0])) & bottom58bits;
+    out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits;
+    out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits;
+    out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits;
+    out[4] = (*((limb *) & in[29])) & bottom58bits;
+    out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits;
+    out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits;
+    out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits;
+    out[8] = (*((limb *) & in[58])) & bottom57bits;
+}
+
+/*
+ * felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
+ * array. This assumes that the CPU is little-endian.
+ */
+static void felem_to_bin66(u8 out[66], const felem in)
+{
+    memset(out, 0, 66);
+    (*((limb *) & out[0])) = in[0];
+    (*((limb *) & out[7])) |= in[1] << 2;
+    (*((limb *) & out[14])) |= in[2] << 4;
+    (*((limb *) & out[21])) |= in[3] << 6;
+    (*((limb *) & out[29])) = in[4];
+    (*((limb *) & out[36])) |= in[5] << 2;
+    (*((limb *) & out[43])) |= in[6] << 4;
+    (*((limb *) & out[50])) |= in[7] << 6;
+    (*((limb *) & out[58])) = in[8];
+}
+
+/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
+static void flip_endian(u8 *out, const u8 *in, unsigned len)
+{
+    unsigned i;
+    for (i = 0; i < len; ++i)
+        out[i] = in[len - 1 - i];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_in;
+    felem_bytearray b_out;
+    unsigned num_bytes;
+
+    /* BN_bn2bin eats leading zeroes */
+    memset(b_out, 0, sizeof(b_out));
+    num_bytes = BN_num_bytes(bn);
+    if (num_bytes > sizeof(b_out)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2bin(bn, b_in);
+    flip_endian(b_out, b_in, num_bytes);
+    bin66_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_in, b_out;
+    felem_to_bin66(b_in, in);
+    flip_endian(b_out, b_in, sizeof(b_out));
+    return BN_bin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+    out[4] = 0;
+    out[5] = 0;
+    out[6] = 0;
+    out[7] = 0;
+    out[8] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+    out[4] = in[4];
+    out[5] = in[5];
+    out[6] = in[6];
+    out[7] = in[7];
+    out[8] = in[8];
+}
+
+/* felem_sum64 sets out = out + in. */
+static void felem_sum64(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+    out[4] += in[4];
+    out[5] += in[5];
+    out[6] += in[6];
+    out[7] += in[7];
+    out[8] += in[8];
+}
+
+/* felem_scalar sets out = in * scalar */
+static void felem_scalar(felem out, const felem in, limb scalar)
+{
+    out[0] = in[0] * scalar;
+    out[1] = in[1] * scalar;
+    out[2] = in[2] * scalar;
+    out[3] = in[3] * scalar;
+    out[4] = in[4] * scalar;
+    out[5] = in[5] * scalar;
+    out[6] = in[6] * scalar;
+    out[7] = in[7] * scalar;
+    out[8] = in[8] * scalar;
+}
+
+/* felem_scalar64 sets out = out * scalar */
+static void felem_scalar64(felem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/* felem_scalar128 sets out = out * scalar */
+static void felem_scalar128(largefelem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/*-
+ * felem_neg sets |out| to |-in|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < 2^62
+ */
+static void felem_neg(felem out, const felem in)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] = two62m3 - in[0];
+    out[1] = two62m2 - in[1];
+    out[2] = two62m2 - in[2];
+    out[3] = two62m2 - in[3];
+    out[4] = two62m2 - in[4];
+    out[5] = two62m2 - in[5];
+    out[6] = two62m2 - in[6];
+    out[7] = two62m2 - in[7];
+    out[8] = two62m2 - in[8];
+}
+
+/*-
+ * felem_diff64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < out[i] + 2^62
+ */
+static void felem_diff64(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] += two62m3 - in[0];
+    out[1] += two62m2 - in[1];
+    out[2] += two62m2 - in[2];
+    out[3] += two62m2 - in[3];
+    out[4] += two62m2 - in[4];
+    out[5] += two62m2 - in[5];
+    out[6] += two62m2 - in[6];
+    out[7] += two62m2 - in[7];
+    out[8] += two62m2 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^62 + 2^17
+ * On exit:
+ *   out[i] < out[i] + 2^63
+ */
+static void felem_diff_128_64(largefelem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] += two63m6 - in[0];
+    out[1] += two63m5 - in[1];
+    out[2] += two63m5 - in[2];
+    out[3] += two63m5 - in[3];
+    out[4] += two63m5 - in[4];
+    out[5] += two63m5 - in[5];
+    out[6] += two63m5 - in[6];
+    out[7] += two63m5 - in[7];
+    out[8] += two63m5 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^126
+ * On exit:
+ *   out[i] < out[i] + 2^127 - 2^69
+ */
+static void felem_diff128(largefelem out, const largefelem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const uint128_t two127m70 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70);
+    static const uint128_t two127m69 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69);
+
+    out[0] += (two127m70 - in[0]);
+    out[1] += (two127m69 - in[1]);
+    out[2] += (two127m69 - in[2]);
+    out[3] += (two127m69 - in[3]);
+    out[4] += (two127m69 - in[4]);
+    out[5] += (two127m69 - in[5]);
+    out[6] += (two127m69 - in[6]);
+    out[7] += (two127m69 - in[7]);
+    out[8] += (two127m69 - in[8]);
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^62
+ * On exit:
+ *   out[i] < 17 * max(in[i]) * max(in[i])
+ */
+static void felem_square(largefelem out, const felem in)
+{
+    felem inx2, inx4;
+    felem_scalar(inx2, in, 2);
+    felem_scalar(inx4, in, 4);
+
+    /*-
+     * We have many cases were we want to do
+     *   in[x] * in[y] +
+     *   in[y] * in[x]
+     * This is obviously just
+     *   2 * in[x] * in[y]
+     * However, rather than do the doubling on the 128 bit result, we
+     * double one of the inputs to the multiplication by reading from
+     * |inx2|
+     */
+
+    out[0] = ((uint128_t) in[0]) * in[0];
+    out[1] = ((uint128_t) in[0]) * inx2[1];
+    out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1];
+    out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2];
+    out[4] = ((uint128_t) in[0]) * inx2[4] +
+             ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
+    out[5] = ((uint128_t) in[0]) * inx2[5] +
+             ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
+    out[6] = ((uint128_t) in[0]) * inx2[6] +
+             ((uint128_t) in[1]) * inx2[5] +
+             ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
+    out[7] = ((uint128_t) in[0]) * inx2[7] +
+             ((uint128_t) in[1]) * inx2[6] +
+             ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
+    out[8] = ((uint128_t) in[0]) * inx2[8] +
+             ((uint128_t) in[1]) * inx2[7] +
+             ((uint128_t) in[2]) * inx2[6] +
+             ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
+
+    /*
+     * The remaining limbs fall above 2^521, with the first falling at 2^522.
+     * They correspond to locations one bit up from the limbs produced above
+     * so we would have to multiply by two to align them. Again, rather than
+     * operate on the 128-bit result, we double one of the inputs to the
+     * multiplication. If we want to double for both this reason, and the
+     * reason above, then we end up multiplying by four.
+     */
+
+    /* 9 */
+    out[0] += ((uint128_t) in[1]) * inx4[8] +
+              ((uint128_t) in[2]) * inx4[7] +
+              ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
+
+    /* 10 */
+    out[1] += ((uint128_t) in[2]) * inx4[8] +
+              ((uint128_t) in[3]) * inx4[7] +
+              ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
+
+    /* 11 */
+    out[2] += ((uint128_t) in[3]) * inx4[8] +
+              ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
+
+    /* 12 */
+    out[3] += ((uint128_t) in[4]) * inx4[8] +
+              ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
+
+    /* 13 */
+    out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7];
+
+    /* 14 */
+    out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7];
+
+    /* 15 */
+    out[6] += ((uint128_t) in[7]) * inx4[8];
+
+    /* 16 */
+    out[7] += ((uint128_t) in[8]) * inx2[8];
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^64
+ *   in2[i] < 2^63
+ * On exit:
+ *   out[i] < 17 * max(in1[i]) * max(in2[i])
+ */
+static void felem_mul(largefelem out, const felem in1, const felem in2)
+{
+    felem in2x2;
+    felem_scalar(in2x2, in2, 2);
+
+    out[0] = ((uint128_t) in1[0]) * in2[0];
+
+    out[1] = ((uint128_t) in1[0]) * in2[1] +
+             ((uint128_t) in1[1]) * in2[0];
+
+    out[2] = ((uint128_t) in1[0]) * in2[2] +
+             ((uint128_t) in1[1]) * in2[1] +
+             ((uint128_t) in1[2]) * in2[0];
+
+    out[3] = ((uint128_t) in1[0]) * in2[3] +
+             ((uint128_t) in1[1]) * in2[2] +
+             ((uint128_t) in1[2]) * in2[1] +
+             ((uint128_t) in1[3]) * in2[0];
+
+    out[4] = ((uint128_t) in1[0]) * in2[4] +
+             ((uint128_t) in1[1]) * in2[3] +
+             ((uint128_t) in1[2]) * in2[2] +
+             ((uint128_t) in1[3]) * in2[1] +
+             ((uint128_t) in1[4]) * in2[0];
+
+    out[5] = ((uint128_t) in1[0]) * in2[5] +
+             ((uint128_t) in1[1]) * in2[4] +
+             ((uint128_t) in1[2]) * in2[3] +
+             ((uint128_t) in1[3]) * in2[2] +
+             ((uint128_t) in1[4]) * in2[1] +
+             ((uint128_t) in1[5]) * in2[0];
+
+    out[6] = ((uint128_t) in1[0]) * in2[6] +
+             ((uint128_t) in1[1]) * in2[5] +
+             ((uint128_t) in1[2]) * in2[4] +
+             ((uint128_t) in1[3]) * in2[3] +
+             ((uint128_t) in1[4]) * in2[2] +
+             ((uint128_t) in1[5]) * in2[1] +
+             ((uint128_t) in1[6]) * in2[0];
+
+    out[7] = ((uint128_t) in1[0]) * in2[7] +
+             ((uint128_t) in1[1]) * in2[6] +
+             ((uint128_t) in1[2]) * in2[5] +
+             ((uint128_t) in1[3]) * in2[4] +
+             ((uint128_t) in1[4]) * in2[3] +
+             ((uint128_t) in1[5]) * in2[2] +
+             ((uint128_t) in1[6]) * in2[1] +
+             ((uint128_t) in1[7]) * in2[0];
+
+    out[8] = ((uint128_t) in1[0]) * in2[8] +
+             ((uint128_t) in1[1]) * in2[7] +
+             ((uint128_t) in1[2]) * in2[6] +
+             ((uint128_t) in1[3]) * in2[5] +
+             ((uint128_t) in1[4]) * in2[4] +
+             ((uint128_t) in1[5]) * in2[3] +
+             ((uint128_t) in1[6]) * in2[2] +
+             ((uint128_t) in1[7]) * in2[1] +
+             ((uint128_t) in1[8]) * in2[0];
+
+    /* See comment in felem_square about the use of in2x2 here */
+
+    out[0] += ((uint128_t) in1[1]) * in2x2[8] +
+              ((uint128_t) in1[2]) * in2x2[7] +
+              ((uint128_t) in1[3]) * in2x2[6] +
+              ((uint128_t) in1[4]) * in2x2[5] +
+              ((uint128_t) in1[5]) * in2x2[4] +
+              ((uint128_t) in1[6]) * in2x2[3] +
+              ((uint128_t) in1[7]) * in2x2[2] +
+              ((uint128_t) in1[8]) * in2x2[1];
+
+    out[1] += ((uint128_t) in1[2]) * in2x2[8] +
+              ((uint128_t) in1[3]) * in2x2[7] +
+              ((uint128_t) in1[4]) * in2x2[6] +
+              ((uint128_t) in1[5]) * in2x2[5] +
+              ((uint128_t) in1[6]) * in2x2[4] +
+              ((uint128_t) in1[7]) * in2x2[3] +
+              ((uint128_t) in1[8]) * in2x2[2];
+
+    out[2] += ((uint128_t) in1[3]) * in2x2[8] +
+              ((uint128_t) in1[4]) * in2x2[7] +
+              ((uint128_t) in1[5]) * in2x2[6] +
+              ((uint128_t) in1[6]) * in2x2[5] +
+              ((uint128_t) in1[7]) * in2x2[4] +
+              ((uint128_t) in1[8]) * in2x2[3];
+
+    out[3] += ((uint128_t) in1[4]) * in2x2[8] +
+              ((uint128_t) in1[5]) * in2x2[7] +
+              ((uint128_t) in1[6]) * in2x2[6] +
+              ((uint128_t) in1[7]) * in2x2[5] +
+              ((uint128_t) in1[8]) * in2x2[4];
+
+    out[4] += ((uint128_t) in1[5]) * in2x2[8] +
+              ((uint128_t) in1[6]) * in2x2[7] +
+              ((uint128_t) in1[7]) * in2x2[6] +
+              ((uint128_t) in1[8]) * in2x2[5];
+
+    out[5] += ((uint128_t) in1[6]) * in2x2[8] +
+              ((uint128_t) in1[7]) * in2x2[7] +
+              ((uint128_t) in1[8]) * in2x2[6];
+
+    out[6] += ((uint128_t) in1[7]) * in2x2[8] +
+              ((uint128_t) in1[8]) * in2x2[7];
+
+    out[7] += ((uint128_t) in1[8]) * in2x2[8];
+}
+
+static const limb bottom52bits = 0xfffffffffffff;
+
+/*-
+ * felem_reduce converts a largefelem to an felem.
+ * On entry:
+ *   in[i] < 2^128
+ * On exit:
+ *   out[i] < 2^59 + 2^14
+ */
+static void felem_reduce(felem out, const largefelem in)
+{
+    u64 overflow1, overflow2;
+
+    out[0] = ((limb) in[0]) & bottom58bits;
+    out[1] = ((limb) in[1]) & bottom58bits;
+    out[2] = ((limb) in[2]) & bottom58bits;
+    out[3] = ((limb) in[3]) & bottom58bits;
+    out[4] = ((limb) in[4]) & bottom58bits;
+    out[5] = ((limb) in[5]) & bottom58bits;
+    out[6] = ((limb) in[6]) & bottom58bits;
+    out[7] = ((limb) in[7]) & bottom58bits;
+    out[8] = ((limb) in[8]) & bottom58bits;
+
+    /* out[i] < 2^58 */
+
+    out[1] += ((limb) in[0]) >> 58;
+    out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[1] < 2^58 + 2^6 + 2^58
+     *        = 2^59 + 2^6
+     */
+    out[2] += ((limb) (in[0] >> 64)) >> 52;
+
+    out[2] += ((limb) in[1]) >> 58;
+    out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6;
+    out[3] += ((limb) (in[1] >> 64)) >> 52;
+
+    out[3] += ((limb) in[2]) >> 58;
+    out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6;
+    out[4] += ((limb) (in[2] >> 64)) >> 52;
+
+    out[4] += ((limb) in[3]) >> 58;
+    out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6;
+    out[5] += ((limb) (in[3] >> 64)) >> 52;
+
+    out[5] += ((limb) in[4]) >> 58;
+    out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6;
+    out[6] += ((limb) (in[4] >> 64)) >> 52;
+
+    out[6] += ((limb) in[5]) >> 58;
+    out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6;
+    out[7] += ((limb) (in[5] >> 64)) >> 52;
+
+    out[7] += ((limb) in[6]) >> 58;
+    out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6;
+    out[8] += ((limb) (in[6] >> 64)) >> 52;
+
+    out[8] += ((limb) in[7]) >> 58;
+    out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+     *            < 2^59 + 2^13
+     */
+    overflow1 = ((limb) (in[7] >> 64)) >> 52;
+
+    overflow1 += ((limb) in[8]) >> 58;
+    overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6;
+    overflow2 = ((limb) (in[8] >> 64)) >> 52;
+
+    overflow1 <<= 1;            /* overflow1 < 2^13 + 2^7 + 2^59 */
+    overflow2 <<= 1;            /* overflow2 < 2^13 */
+
+    out[0] += overflow1;        /* out[0] < 2^60 */
+    out[1] += overflow2;        /* out[1] < 2^59 + 2^6 + 2^13 */
+
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    /*-
+     * out[0] < 2^58
+     * out[1] < 2^59 + 2^6 + 2^13 + 2^2
+     *        < 2^59 + 2^14
+     */
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    largefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    largefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    largefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(ftmp2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^0 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^1 */
+
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^0 */
+
+    felem_assign(ftmp2, ftmp3);
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^4 */
+    felem_assign(ftmp4, ftmp3);
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);   /* 2^8 - 2^1 */
+    felem_square(tmp, ftmp4);
+    felem_reduce(ftmp4, tmp);   /* 2^9 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^16 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^32 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^64 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 64; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^128 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 128; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^256 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 256; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^0 */
+
+    for (i = 0; i < 9; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^2 */
+    felem_mul(tmp, ftmp3, in);
+    felem_reduce(out, tmp);     /* 2^512 - 3 */
+}
+
+/* This is 2^521-1, expressed as an felem */
+static const felem kPrime = {
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff
+};
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static limb felem_is_zero(const felem in)
+{
+    felem ftmp;
+    limb is_zero, is_p;
+    felem_assign(ftmp, in);
+
+    ftmp[0] += ftmp[8] >> 57;
+    ftmp[8] &= bottom57bits;
+    /* ftmp[8] < 2^57 */
+    ftmp[1] += ftmp[0] >> 58;
+    ftmp[0] &= bottom58bits;
+    ftmp[2] += ftmp[1] >> 58;
+    ftmp[1] &= bottom58bits;
+    ftmp[3] += ftmp[2] >> 58;
+    ftmp[2] &= bottom58bits;
+    ftmp[4] += ftmp[3] >> 58;
+    ftmp[3] &= bottom58bits;
+    ftmp[5] += ftmp[4] >> 58;
+    ftmp[4] &= bottom58bits;
+    ftmp[6] += ftmp[5] >> 58;
+    ftmp[5] &= bottom58bits;
+    ftmp[7] += ftmp[6] >> 58;
+    ftmp[6] &= bottom58bits;
+    ftmp[8] += ftmp[7] >> 58;
+    ftmp[7] &= bottom58bits;
+    /* ftmp[8] < 2^57 + 4 */
+
+    /*
+     * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is greater
+     * than our bound for ftmp[8]. Therefore we only have to check if the
+     * zero is zero or 2^521-1.
+     */
+
+    is_zero = 0;
+    is_zero |= ftmp[0];
+    is_zero |= ftmp[1];
+    is_zero |= ftmp[2];
+    is_zero |= ftmp[3];
+    is_zero |= ftmp[4];
+    is_zero |= ftmp[5];
+    is_zero |= ftmp[6];
+    is_zero |= ftmp[7];
+    is_zero |= ftmp[8];
+
+    is_zero--;
+    /*
+     * We know that ftmp[i] < 2^63, therefore the only way that the top bit
+     * can be set is if is_zero was 0 before the decrement.
+     */
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = ftmp[0] ^ kPrime[0];
+    is_p |= ftmp[1] ^ kPrime[1];
+    is_p |= ftmp[2] ^ kPrime[2];
+    is_p |= ftmp[3] ^ kPrime[3];
+    is_p |= ftmp[4] ^ kPrime[4];
+    is_p |= ftmp[5] ^ kPrime[5];
+    is_p |= ftmp[6] ^ kPrime[6];
+    is_p |= ftmp[7] ^ kPrime[7];
+    is_p |= ftmp[8] ^ kPrime[8];
+
+    is_p--;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+    return is_zero;
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/*-
+ * felem_contract converts |in| to its unique, minimal representation.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static void felem_contract(felem out, const felem in)
+{
+    limb is_p, is_greater, sign;
+    static const limb two58 = ((limb) 1) << 58;
+
+    felem_assign(out, in);
+
+    out[0] += out[8] >> 57;
+    out[8] &= bottom57bits;
+    /* out[8] < 2^57 */
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    out[2] += out[1] >> 58;
+    out[1] &= bottom58bits;
+    out[3] += out[2] >> 58;
+    out[2] &= bottom58bits;
+    out[4] += out[3] >> 58;
+    out[3] &= bottom58bits;
+    out[5] += out[4] >> 58;
+    out[4] &= bottom58bits;
+    out[6] += out[5] >> 58;
+    out[5] &= bottom58bits;
+    out[7] += out[6] >> 58;
+    out[6] &= bottom58bits;
+    out[8] += out[7] >> 58;
+    out[7] &= bottom58bits;
+    /* out[8] < 2^57 + 4 */
+
+    /*
+     * If the value is greater than 2^521-1 then we have to subtract 2^521-1
+     * out. See the comments in felem_is_zero regarding why we don't test for
+     * other multiples of the prime.
+     */
+
+    /*
+     * First, if |out| is equal to 2^521-1, we subtract it out to get zero.
+     */
+
+    is_p = out[0] ^ kPrime[0];
+    is_p |= out[1] ^ kPrime[1];
+    is_p |= out[2] ^ kPrime[2];
+    is_p |= out[3] ^ kPrime[3];
+    is_p |= out[4] ^ kPrime[4];
+    is_p |= out[5] ^ kPrime[5];
+    is_p |= out[6] ^ kPrime[6];
+    is_p |= out[7] ^ kPrime[7];
+    is_p |= out[8] ^ kPrime[8];
+
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+    is_p = ~is_p;
+
+    /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
+
+    out[0] &= is_p;
+    out[1] &= is_p;
+    out[2] &= is_p;
+    out[3] &= is_p;
+    out[4] &= is_p;
+    out[5] &= is_p;
+    out[6] &= is_p;
+    out[7] &= is_p;
+    out[8] &= is_p;
+
+    /*
+     * In order to test that |out| >= 2^521-1 we need only test if out[8] >>
+     * 57 is greater than zero as (2^521-1) + x >= 2^522
+     */
+    is_greater = out[8] >> 57;
+    is_greater |= is_greater << 32;
+    is_greater |= is_greater << 16;
+    is_greater |= is_greater << 8;
+    is_greater |= is_greater << 4;
+    is_greater |= is_greater << 2;
+    is_greater |= is_greater << 1;
+    is_greater = 0 - (is_greater >> 63);
+
+    out[0] -= kPrime[0] & is_greater;
+    out[1] -= kPrime[1] & is_greater;
+    out[2] -= kPrime[2] & is_greater;
+    out[3] -= kPrime[3] & is_greater;
+    out[4] -= kPrime[4] & is_greater;
+    out[5] -= kPrime[5] & is_greater;
+    out[6] -= kPrime[6] & is_greater;
+    out[7] -= kPrime[7] & is_greater;
+    out[8] -= kPrime[8] & is_greater;
+
+    /* Eliminate negative coefficients */
+    sign = -(out[0] >> 63);
+    out[0] += (two58 & sign);
+    out[1] -= (1 & sign);
+    sign = -(out[1] >> 63);
+    out[1] += (two58 & sign);
+    out[2] -= (1 & sign);
+    sign = -(out[2] >> 63);
+    out[2] += (two58 & sign);
+    out[3] -= (1 & sign);
+    sign = -(out[3] >> 63);
+    out[3] += (two58 & sign);
+    out[4] -= (1 & sign);
+    sign = -(out[4] >> 63);
+    out[4] += (two58 & sign);
+    out[5] -= (1 & sign);
+    sign = -(out[0] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+    sign = -(out[5] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested). */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    largefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);   /* delta[i] < 2^59 + 2^14 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);   /* gamma[i] < 2^59 + 2^14 */
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);    /* beta[i] < 2^59 + 2^14 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff64(ftmp, delta);
+    /* ftmp[i] < 2^61 */
+    felem_sum64(ftmp2, delta);
+    /* ftmp2[i] < 2^60 + 2^15 */
+    felem_scalar64(ftmp2, 3);
+    /* ftmp2[i] < 3*2^60 + 3*2^15 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /*-
+     * tmp[i] < 17(3*2^121 + 3*2^76)
+     *        = 61*2^121 + 61*2^76
+     *        < 64*2^121 + 64*2^76
+     *        = 2^127 + 2^82
+     *        < 2^128
+     */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /*
+     * tmp[i] < 17*2^120 < 2^125
+     */
+    felem_assign(ftmp, beta);
+    felem_scalar64(ftmp, 8);
+    /* ftmp[i] < 2^62 + 2^17 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum64(delta, gamma);
+    /* delta[i] < 2^60 + 2^15 */
+    felem_assign(ftmp, y_in);
+    felem_sum64(ftmp, z_in);
+    /* ftmp[i] < 2^60 + 2^15 */
+    felem_square(tmp, ftmp);
+    /*
+     * tmp[i] < 17(2^122) < 2^127
+     */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^127 + 2^63 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar64(beta, 4);
+    /* beta[i] < 2^61 + 2^16 */
+    felem_diff64(beta, x_out);
+    /* beta[i] < 2^61 + 2^60 + 2^16 */
+    felem_mul(tmp, alpha, beta);
+    /*-
+     * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16))
+     *        = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30)
+     *        = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        < 2^128
+     */
+    felem_square(tmp2, gamma);
+    /*-
+     * tmp2[i] < 17*(2^59 + 2^14)^2
+     *         = 17*(2^118 + 2^74 + 2^28)
+     */
+    felem_scalar128(tmp2, 8);
+    /*-
+     * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28)
+     *         = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31
+     *         < 2^126
+     */
+    felem_diff128(tmp, tmp2);
+    /*-
+     * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 +
+     *          2^74 + 2^69 + 2^34 + 2^30
+     *        < 2^128
+     */
+    felem_reduce(y_out, tmp);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal (while not equal to the point at infinity). This case never
+ * happens during single point multiplication, so there is no timing leak for
+ * ECDH or ECDSA signing. */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    largefelem tmp, tmp2;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_mul(tmp, x1, ftmp2);
+        felem_reduce(ftmp3, tmp);
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_sum64(ftmp5, z2);
+        /* ftmp5[i] < 2^61 */
+
+        /* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */
+        felem_square(tmp, ftmp5);
+        /* tmp[i] < 17*2^122 */
+        felem_diff_128_64(tmp, ftmp);
+        /* tmp[i] < 17*2^122 + 2^63 */
+        felem_diff_128_64(tmp, ftmp2);
+        /* tmp[i] < 17*2^122 + 2^64 */
+        felem_reduce(ftmp5, tmp);
+
+        /* ftmp2 = z2 * z2z2 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+
+        /* ftmp5 = 2*z1z2 */
+        felem_scalar(ftmp5, z1, 2);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+    }
+
+    /* u2 = x2*z1z1 */
+    felem_mul(tmp, x2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_128_64(tmp, ftmp3);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp4, tmp);
+
+    x_equal = felem_is_zero(ftmp4);
+
+    /* z_out = ftmp5 * h */
+    felem_mul(tmp, ftmp5, ftmp4);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = z1 * z1z1 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_mul(tmp, y2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_128_64(tmp, ftmp6);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp5, tmp);
+    y_equal = felem_is_zero(ftmp5);
+    felem_scalar64(ftmp5, 2);
+    /* ftmp5[i] < 2^61 */
+
+    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar64(ftmp, 2);
+    /* ftmp[i] < 2^61 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 17*2^122 */
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    felem_square(tmp, ftmp5);
+    /* tmp[i] < 17*2^122 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 17*2^122 + 2^63 */
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar64(ftmp4, 2);
+    /* ftmp4[i] < 2^61 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 17*2^122 + 2^64 */
+    felem_reduce(x_out, tmp);
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff64(ftmp3, x_out);
+    /*
+     * ftmp3[i] < 2^60 + 2^60 = 2^61
+     */
+    felem_mul(tmp, ftmp5, ftmp3);
+    /* tmp[i] < 17*2^122 */
+    felem_mul(tmp2, ftmp6, ftmp2);
+    /* tmp2[i] < 17*2^120 */
+    felem_scalar128(tmp2, 2);
+    /* tmp2[i] < 17*2^121 */
+    felem_diff128(tmp, tmp2);
+        /*-
+         * tmp[i] < 2^127 - 2^69 + 17*2^122
+         *        = 2^126 - 2^122 - 2^6 - 2^2 - 1
+         *        < 2^127
+         */
+    felem_reduce(y_out, tmp);
+
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 16 elements:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^130G
+ *     3 | 0 0 1 1 | (2^130 + 1)G
+ *     4 | 0 1 0 0 | 2^260G
+ *     5 | 0 1 0 1 | (2^260 + 1)G
+ *     6 | 0 1 1 0 | (2^260 + 2^130)G
+ *     7 | 0 1 1 1 | (2^260 + 2^130 + 1)G
+ *     8 | 1 0 0 0 | 2^390G
+ *     9 | 1 0 0 1 | (2^390 + 1)G
+ *    10 | 1 0 1 0 | (2^390 + 2^130)G
+ *    11 | 1 0 1 1 | (2^390 + 2^130 + 1)G
+ *    12 | 1 1 0 0 | (2^390 + 2^260)G
+ *    13 | 1 1 0 1 | (2^390 + 2^260 + 1)G
+ *    14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G
+ *    15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const felem gmul[16][3] = {
+{{0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
+  0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
+  0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
+ {0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353,
+  0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45,
+  0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad,
+  0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e,
+  0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5},
+ {0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58,
+  0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c,
+  0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873,
+  0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c,
+  0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9},
+ {0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52,
+  0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e,
+  0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2,
+  0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561,
+  0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065},
+ {0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a,
+  0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e,
+  0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6,
+  0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51,
+  0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe},
+ {0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d,
+  0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c,
+  0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27,
+  0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f,
+  0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256},
+ {0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa,
+  0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2,
+  0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890,
+  0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74,
+  0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23},
+ {0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516,
+  0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1,
+  0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce,
+  0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7,
+  0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5},
+ {0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318,
+  0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83,
+  0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae,
+  0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef,
+  0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203},
+ {0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447,
+  0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283,
+  0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5,
+  0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c,
+  0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a},
+ {0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df,
+  0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645,
+  0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292,
+  0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422,
+  0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b},
+ {0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30,
+  0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb,
+  0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767,
+  0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3,
+  0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf},
+ {0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2,
+  0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692,
+  0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3,
+  0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade,
+  0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684},
+ {0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8,
+  0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a,
+  0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608,
+  0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610,
+  0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d},
+ {0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006,
+  0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86,
+  0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c,
+  0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9,
+  0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f},
+ {0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7,
+  0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c,
+  0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+ /* pre_comp below is of the size provided in |size| */
+static void select_point(const limb idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        limb mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if (i < 0)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    limb bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (last quarter of rounds) and additions of other
+     * points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 520 : 130); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 130)) {
+            bits = get_bit(g_scalar, i + 390) << 3;
+            if (i < 130) {
+                bits |= get_bit(g_scalar, i + 260) << 2;
+                bits |= get_bit(g_scalar, i + 130) << 1;
+                bits |= get_bit(g_scalar, i);
+            }
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp, tmp);
+            if (!skip) {
+                /* The 1 argument below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], (-(limb) sign));
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp521_pre_comp_st {
+    felem g_pre_comp[16][3];
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp521_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp521_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp521_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp521_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp521_points_mul,
+        ec_GFp_nistp521_precompute_mult,
+        ec_GFp_nistp521_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP521_PRE_COMP *nistp521_pre_comp_new()
+{
+    NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+    return p;
+}
+
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp521", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp521_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((curve_p = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_a = BN_CTX_get(ctx)) == NULL) ||
+        ((curve_b = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_521;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    largefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_felems is of size |num+1/ */
+static void make_points_affine(size_t num, felem points[][3],
+                               felem tmp_felems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    felem_bytearray tmp;
+    unsigned i, num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP521_PRE_COMP *pre = NULL;
+    felem(*g_pre_comp)[3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) ||
+        ((y = BN_CTX_get(ctx)) == NULL) ||
+        ((z = BN_CTX_get(ctx)) == NULL) ||
+        ((tmp_scalar = BN_CTX_get(ctx)) == NULL))
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp521;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = &pre->g_pre_comp[0];
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = (felem(*)[3]) gmul;
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[1][0]) ||
+            !felem_to_BN(y, g_pre_comp[1][1]) ||
+            !felem_to_BN(z, g_pre_comp[1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 2) {
+            /*
+             * unless we precompute multiples for just one point, converting
+             * those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num)
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+            {
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else
+                /* the i^th point */
+            {
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^521 */
+                if ((BN_num_bits(p_scalar) > 521)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2bin(tmp_scalar, tmp);
+                } else
+                    num_bytes = BN_bn2bin(p_scalar, tmp);
+                flip_endian(secrets[i], tmp, num_bytes);
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
+                memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
+                memcpy(pre_comp[i][1][2], z_out, sizeof(felem));
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^521 */
+        if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2bin(tmp_scalar, tmp);
+        } else
+            num_bytes = BN_bn2bin(scalar, tmp);
+        flip_endian(g_secret, tmp, num_bytes);
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp,
+                  (const felem(*)[3])g_pre_comp);
+    } else
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP521_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[16];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL))
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp521_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
+        goto err;
+    /* compute 2^130*G, 2^260*G, 2^390*G */
+    for (i = 1; i <= 4; i <<= 1) {
+        point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1],
+                     pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0],
+                     pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]);
+        for (j = 0; j < 129; ++j) {
+            point_double(pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2],
+                         pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2]);
+        }
+    }
+    /* g_pre_comp[0] is the point at infinity */
+    memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0]));
+    /* the remaining multiples */
+    /* 2^130*G + 2^260*G */
+    point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1],
+              pre->g_pre_comp[6][2], pre->g_pre_comp[4][0],
+              pre->g_pre_comp[4][1], pre->g_pre_comp[4][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^130*G + 2^390*G */
+    point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1],
+              pre->g_pre_comp[10][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1],
+              pre->g_pre_comp[12][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1],
+              pre->g_pre_comp[4][2]);
+    /* 2^130*G + 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1],
+              pre->g_pre_comp[14][2], pre->g_pre_comp[12][0],
+              pre->g_pre_comp[12][1], pre->g_pre_comp[12][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    for (i = 1; i < 8; ++i) {
+        /* odd multiples: add G */
+        point_add(pre->g_pre_comp[2 * i + 1][0],
+                  pre->g_pre_comp[2 * i + 1][1],
+                  pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0],
+                  pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0,
+                  pre->g_pre_comp[1][0], pre->g_pre_comp[1][1],
+                  pre->g_pre_comp[1][2]);
+    }
+    make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp521, pre);
+    ret = 1;
+    pre = NULL;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp521_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp521);
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistputil.c b/openssl-1.1.0h/crypto/ec/ecp_nistputil.c
new file mode 100644
index 0000000..97fb631
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistputil.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
+ */
+
+# include <stddef.h>
+# include "ec_lcl.h"
+
+/*
+ * Convert an array of points into affine coordinates. (If the point at
+ * infinity is found (Z = 0), it remains unchanged.) This function is
+ * essentially an equivalent to EC_POINTs_make_affine(), but works with the
+ * internal representation of points as used by ecp_nistp###.c rather than
+ * with (BIGNUM-based) EC_POINT data structures. point_array is the
+ * input/output buffer ('num' points in projective form, i.e. three
+ * coordinates each), based on an internal representation of field elements
+ * of size 'felem_size'. tmp_felems needs to point to a temporary array of
+ * 'num'+1 field elements for storage of intermediate values.
+ */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in))
+{
+    int i = 0;
+
+# define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size])
+# define X(I) (&((char *)point_array)[3*(I) * felem_size])
+# define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size])
+# define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size])
+
+    if (!felem_is_zero(Z(0)))
+        felem_assign(tmp_felem(0), Z(0));
+    else
+        felem_one(tmp_felem(0));
+    for (i = 1; i < (int)num; i++) {
+        if (!felem_is_zero(Z(i)))
+            felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i));
+        else
+            felem_assign(tmp_felem(i), tmp_felem(i - 1));
+    }
+    /*
+     * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any
+     * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) = 1
+     */
+
+    felem_inv(tmp_felem(num - 1), tmp_felem(num - 1));
+    for (i = num - 1; i >= 0; i--) {
+        if (i > 0)
+            /*
+             * tmp_felem(i-1) is the product of Z(0) .. Z(i-1), tmp_felem(i)
+             * is the inverse of the product of Z(0) .. Z(i)
+             */
+            /* 1/Z(i) */
+            felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i));
+        else
+            felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
+
+        if (!felem_is_zero(Z(i))) {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i));
+
+            /*
+             * Convert point (X, Y, Z) into affine form (X/(Z^2), Y/(Z^3), 1)
+             */
+            felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */
+            felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */
+            felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */
+            felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */
+            felem_contract(X(i), X(i));
+            felem_contract(Y(i), Y(i));
+            felem_one(Z(i));
+        } else {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_assign(tmp_felem(i - 1), tmp_felem(i));
+        }
+    }
+}
+
+/*-
+ * This function looks at 5+1 scalar bits (5 current, 1 adjacent less
+ * significant bit), and recodes them into a signed digit for use in fast point
+ * multiplication: the use of signed rather than unsigned digits means that
+ * fewer points need to be precomputed, given that point inversion is easy
+ * (a precomputed point dP makes -dP available as well).
+ *
+ * BACKGROUND:
+ *
+ * Signed digits for multiplication were introduced by Booth ("A signed binary
+ * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV,
+ * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers.
+ * Booth's original encoding did not generally improve the density of nonzero
+ * digits over the binary representation, and was merely meant to simplify the
+ * handling of signed factors given in two's complement; but it has since been
+ * shown to be the basis of various signed-digit representations that do have
+ * further advantages, including the wNAF, using the following general approach:
+ *
+ * (1) Given a binary representation
+ *
+ *       b_k  ...  b_2  b_1  b_0,
+ *
+ *     of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1
+ *     by using bit-wise subtraction as follows:
+ *
+ *        b_k b_(k-1)  ...  b_2  b_1  b_0
+ *      -     b_k      ...  b_3  b_2  b_1  b_0
+ *       -------------------------------------
+ *        s_k b_(k-1)  ...  s_3  s_2  s_1  s_0
+ *
+ *     A left-shift followed by subtraction of the original value yields a new
+ *     representation of the same value, using signed bits s_i = b_(i+1) - b_i.
+ *     This representation from Booth's paper has since appeared in the
+ *     literature under a variety of different names including "reversed binary
+ *     form", "alternating greedy expansion", "mutual opposite form", and
+ *     "sign-alternating {+-1}-representation".
+ *
+ *     An interesting property is that among the nonzero bits, values 1 and -1
+ *     strictly alternate.
+ *
+ * (2) Various window schemes can be applied to the Booth representation of
+ *     integers: for example, right-to-left sliding windows yield the wNAF
+ *     (a signed-digit encoding independently discovered by various researchers
+ *     in the 1990s), and left-to-right sliding windows yield a left-to-right
+ *     equivalent of the wNAF (independently discovered by various researchers
+ *     around 2004).
+ *
+ * To prevent leaking information through side channels in point multiplication,
+ * we need to recode the given integer into a regular pattern: sliding windows
+ * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few
+ * decades older: we'll be using the so-called "modified Booth encoding" due to
+ * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49
+ * (1961), pp. 67-91), in a radix-2^5 setting.  That is, we always combine five
+ * signed bits into a signed digit:
+ *
+ *       s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j)
+ *
+ * The sign-alternating property implies that the resulting digit values are
+ * integers from -16 to 16.
+ *
+ * Of course, we don't actually need to compute the signed digits s_i as an
+ * intermediate step (that's just a nice way to see how this scheme relates
+ * to the wNAF): a direct computation obtains the recoded digit from the
+ * six bits b_(4j + 4) ... b_(4j - 1).
+ *
+ * This function takes those five bits as an integer (0 .. 63), writing the
+ * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute
+ * value, in the range 0 .. 8).  Note that this integer essentially provides the
+ * input bits "shifted to the left" by one position: for example, the input to
+ * compute the least significant recoded digit, given that there's no bit b_-1,
+ * has to be b_4 b_3 b_2 b_1 b_0 0.
+ *
+ */
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in)
+{
+    unsigned char s, d;
+
+    s = ~((in >> 5) - 1);       /* sets all bits to MSB(in), 'in' seen as
+                                 * 6-bit value */
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    *sign = s & 1;
+    *digit = d;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistz256.c b/openssl-1.1.0h/crypto/ec/ecp_nistz256.c
new file mode 100644
index 0000000..2461898
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistz256.c
@@ -0,0 +1,1559 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/******************************************************************************
+ *                                                                            *
+ * Copyright 2014 Intel Corporation                                           *
+ *                                                                            *
+ * Licensed under the Apache License, Version 2.0 (the "License");            *
+ * you may not use this file except in compliance with the License.           *
+ * You may obtain a copy of the License at                                    *
+ *                                                                            *
+ *    http://www.apache.org/licenses/LICENSE-2.0                              *
+ *                                                                            *
+ * Unless required by applicable law or agreed to in writing, software        *
+ * distributed under the License is distributed on an "AS IS" BASIS,          *
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   *
+ * See the License for the specific language governing permissions and        *
+ * limitations under the License.                                             *
+ *                                                                            *
+ ******************************************************************************
+ *                                                                            *
+ * Developers and authors:                                                    *
+ * Shay Gueron (1, 2), and Vlad Krasnov (1)                                   *
+ * (1) Intel Corporation, Israel Development Center                           *
+ * (2) University of Haifa                                                    *
+ * Reference:                                                                 *
+ * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with *
+ *                          256 Bit Primes"                                   *
+ *                                                                            *
+ ******************************************************************************/
+
+#include <string.h>
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "ec_lcl.h"
+
+#if BN_BITS2 != 64
+# define TOBN(hi,lo)    lo,hi
+#else
+# define TOBN(hi,lo)    ((BN_ULONG)hi<<32|lo)
+#endif
+
+#if defined(__GNUC__)
+# define ALIGN32        __attribute((aligned(32)))
+#elif defined(_MSC_VER)
+# define ALIGN32        __declspec(align(32))
+#else
+# define ALIGN32
+#endif
+
+#define ALIGNPTR(p,N)   ((unsigned char *)p+N-(size_t)p%N)
+#define P256_LIMBS      (256/BN_BITS2)
+
+typedef unsigned short u16;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+    BN_ULONG Z[P256_LIMBS];
+} P256_POINT;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+} P256_POINT_AFFINE;
+
+typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
+
+/* structure for precomputed multiples of the generator */
+struct nistz256_pre_comp_st {
+    const EC_GROUP *group;      /* Parent EC_GROUP object */
+    size_t w;                   /* Window size */
+    /*
+     * Constant time access to the X and Y coordinates of the pre-computed,
+     * generator multiplies, in the Montgomery domain. Pre-calculated
+     * multiplies are stored in affine form.
+     */
+    PRECOMP256_ROW *precomp;
+    void *precomp_storage;
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Functions implemented in assembly */
+/*
+ * Most of below mentioned functions *preserve* the property of inputs
+ * being fully reduced, i.e. being in [0, modulus) range. Simply put if
+ * inputs are fully reduced, then output is too. Note that reverse is
+ * not true, in sense that given partially reduced inputs output can be
+ * either, not unlikely reduced. And "most" in first sentence refers to
+ * the fact that given the calculations flow one can tolerate that
+ * addition, 1st function below, produces partially reduced result *if*
+ * multiplications by 2 and 3, which customarily use addition, fully
+ * reduce it. This effectively gives two options: a) addition produces
+ * fully reduced result [as long as inputs are, just like remaining
+ * functions]; b) addition is allowed to produce partially reduced
+ * result, but multiplications by 2 and 3 perform additional reduction
+ * step. Choice between the two can be platform-specific, but it was a)
+ * in all cases so far...
+ */
+/* Modular add: res = a+b mod P   */
+void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular mul by 2: res = 2*a mod P */
+void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular mul by 3: res = 3*a mod P */
+void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+
+/* Modular div by 2: res = a/2 mod P */
+void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular sub: res = a-b mod P   */
+void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular neg: res = -a mod P    */
+void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]);
+/* Montgomery mul: res = a*b*2^-256 mod P */
+void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS],
+                           const BN_ULONG b[P256_LIMBS]);
+/* Montgomery sqr: res = a*a*2^-256 mod P */
+void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Convert a number from Montgomery domain, by multiplying with 1 */
+void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
+                            const BN_ULONG in[P256_LIMBS]);
+/* Convert a number to Montgomery domain, by multiplying with 2^512 mod P*/
+void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
+                          const BN_ULONG in[P256_LIMBS]);
+/* Functions that perform constant time access to the precomputed tables */
+void ecp_nistz256_scatter_w5(P256_POINT *val,
+                             const P256_POINT *in_t, int idx);
+void ecp_nistz256_gather_w5(P256_POINT *val,
+                            const P256_POINT *in_t, int idx);
+void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,
+                             const P256_POINT_AFFINE *in_t, int idx);
+void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,
+                            const P256_POINT_AFFINE *in_t, int idx);
+
+/* One converted into the Montgomery domain */
+static const BN_ULONG ONE[P256_LIMBS] = {
+    TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000),
+    TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe)
+};
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
+
+/* Precomputed tables for the default generator */
+extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];
+
+/* Recode window to a signed digit, see ecp_nistputil.c for details */
+static unsigned int _booth_recode_w5(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 5) - 1);
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static unsigned int _booth_recode_w7(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 7) - 1);
+    d = (1 << 8) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static void copy_conditional(BN_ULONG dst[P256_LIMBS],
+                             const BN_ULONG src[P256_LIMBS], BN_ULONG move)
+{
+    BN_ULONG mask1 = 0-move;
+    BN_ULONG mask2 = ~mask1;
+
+    dst[0] = (src[0] & mask1) ^ (dst[0] & mask2);
+    dst[1] = (src[1] & mask1) ^ (dst[1] & mask2);
+    dst[2] = (src[2] & mask1) ^ (dst[2] & mask2);
+    dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
+    if (P256_LIMBS == 8) {
+        dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
+        dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
+        dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
+        dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
+    }
+}
+
+static BN_ULONG is_zero(BN_ULONG in)
+{
+    in |= (0 - in);
+    in = ~in;
+    in >>= BN_BITS2 - 1;
+    return in;
+}
+
+static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
+                         const BN_ULONG b[P256_LIMBS])
+{
+    BN_ULONG res;
+
+    res = a[0] ^ b[0];
+    res |= a[1] ^ b[1];
+    res |= a[2] ^ b[2];
+    res |= a[3] ^ b[3];
+    if (P256_LIMBS == 8) {
+        res |= a[4] ^ b[4];
+        res |= a[5] ^ b[5];
+        res |= a[6] ^ b[6];
+        res |= a[7] ^ b[7];
+    }
+
+    return is_zero(res);
+}
+
+static BN_ULONG is_one(const BIGNUM *z)
+{
+    BN_ULONG res = 0;
+    BN_ULONG *a = bn_get_words(z);
+
+    if (bn_get_top(z) == (P256_LIMBS - P256_LIMBS / 8)) {
+        res = a[0] ^ ONE[0];
+        res |= a[1] ^ ONE[1];
+        res |= a[2] ^ ONE[2];
+        res |= a[3] ^ ONE[3];
+        if (P256_LIMBS == 8) {
+            res |= a[4] ^ ONE[4];
+            res |= a[5] ^ ONE[5];
+            res |= a[6] ^ ONE[6];
+            /*
+             * no check for a[7] (being zero) on 32-bit platforms,
+             * because value of "one" takes only 7 limbs.
+             */
+        }
+        res = is_zero(res);
+    }
+
+    return res;
+}
+
+#ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
+void ecp_nistz256_point_add(P256_POINT *r,
+                            const P256_POINT *a, const P256_POINT *b);
+void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                   const P256_POINT *a,
+                                   const P256_POINT_AFFINE *b);
+#else
+/* Point double: r = 2*a */
+static void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a)
+{
+    BN_ULONG S[P256_LIMBS];
+    BN_ULONG M[P256_LIMBS];
+    BN_ULONG Zsqr[P256_LIMBS];
+    BN_ULONG tmp0[P256_LIMBS];
+
+    const BN_ULONG *in_x = a->X;
+    const BN_ULONG *in_y = a->Y;
+    const BN_ULONG *in_z = a->Z;
+
+    BN_ULONG *res_x = r->X;
+    BN_ULONG *res_y = r->Y;
+    BN_ULONG *res_z = r->Z;
+
+    ecp_nistz256_mul_by_2(S, in_y);
+
+    ecp_nistz256_sqr_mont(Zsqr, in_z);
+
+    ecp_nistz256_sqr_mont(S, S);
+
+    ecp_nistz256_mul_mont(res_z, in_z, in_y);
+    ecp_nistz256_mul_by_2(res_z, res_z);
+
+    ecp_nistz256_add(M, in_x, Zsqr);
+    ecp_nistz256_sub(Zsqr, in_x, Zsqr);
+
+    ecp_nistz256_sqr_mont(res_y, S);
+    ecp_nistz256_div_by_2(res_y, res_y);
+
+    ecp_nistz256_mul_mont(M, M, Zsqr);
+    ecp_nistz256_mul_by_3(M, M);
+
+    ecp_nistz256_mul_mont(S, S, in_x);
+    ecp_nistz256_mul_by_2(tmp0, S);
+
+    ecp_nistz256_sqr_mont(res_x, M);
+
+    ecp_nistz256_sub(res_x, res_x, tmp0);
+    ecp_nistz256_sub(S, S, res_x);
+
+    ecp_nistz256_mul_mont(S, S, M);
+    ecp_nistz256_sub(res_y, S, res_y);
+}
+
+/* Point addition: r = a+b */
+static void ecp_nistz256_point_add(P256_POINT *r,
+                                   const P256_POINT *a, const P256_POINT *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG Z2sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+    const BN_ULONG *in2_z = b->Z;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z2sqr, in2_z);        /* Z2^2 */
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(S1, Z2sqr, in2_z);    /* S1 = Z2^3 */
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(S1, S1, in1_y);       /* S1 = Y1*Z2^3 */
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, S1);                /* R = S2 - S1 */
+
+    ecp_nistz256_mul_mont(U1, in1_x, Z2sqr);    /* U1 = X1*Z2^2 */
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, U1);                /* H = U2 - U1 */
+
+    /*
+     * This should not happen during sign/ecdh, so no constant time violation
+     */
+    if (is_equal(U1, U2) && !in1infty && !in2infty) {
+        if (is_equal(S1, S2)) {
+            ecp_nistz256_point_double(r, a);
+            return;
+        } else {
+            memset(r, 0, sizeof(*r));
+            return;
+        }
+    }
+
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, U1, Hsqr);        /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+
+    ecp_nistz256_sub(res_y, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, S1, Hcub);
+    ecp_nistz256_mul_mont(res_y, R, res_y);
+    ecp_nistz256_sub(res_y, res_y, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_z, in2_z, in1infty);
+
+    copy_conditional(res_x, in1_x, in2infty);
+    copy_conditional(res_y, in1_y, in2infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+
+/* Point addition when b is known to be affine: r = a+b */
+static void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                          const P256_POINT *a,
+                                          const P256_POINT_AFFINE *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    /*
+     * In affine representation we encode infinity as (0,0), which is
+     * not on the curve, so it is OK
+     */
+    in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
+                in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] |
+                     in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, in1_x);             /* H = U2 - U1 */
+
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, in1_y);             /* R = S2 - S1 */
+
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, in1_x, Hsqr);     /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+    ecp_nistz256_sub(H, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, in1_y, Hcub);
+    ecp_nistz256_mul_mont(H, H, R);
+    ecp_nistz256_sub(res_y, H, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_x, in1_x, in2infty);
+
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_y, in1_y, in2infty);
+
+    copy_conditional(res_z, ONE, in1infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+#endif
+
+/* r = in^-1 mod p */
+static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS],
+                                     const BN_ULONG in[P256_LIMBS])
+{
+    /*
+     * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff
+     * ffffffff ffffffff We use FLT and used poly-2 as exponent
+     */
+    BN_ULONG p2[P256_LIMBS];
+    BN_ULONG p4[P256_LIMBS];
+    BN_ULONG p8[P256_LIMBS];
+    BN_ULONG p16[P256_LIMBS];
+    BN_ULONG p32[P256_LIMBS];
+    BN_ULONG res[P256_LIMBS];
+    int i;
+
+    ecp_nistz256_sqr_mont(res, in);
+    ecp_nistz256_mul_mont(p2, res, in);         /* 3*p */
+
+    ecp_nistz256_sqr_mont(res, p2);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p4, res, p2);         /* f*p */
+
+    ecp_nistz256_sqr_mont(res, p4);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p8, res, p4);         /* ff*p */
+
+    ecp_nistz256_sqr_mont(res, p8);
+    for (i = 0; i < 7; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p16, res, p8);        /* ffff*p */
+
+    ecp_nistz256_sqr_mont(res, p16);
+    for (i = 0; i < 15; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p32, res, p16);       /* ffffffff*p */
+
+    ecp_nistz256_sqr_mont(res, p32);
+    for (i = 0; i < 31; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    for (i = 0; i < 32 * 4; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 32; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 16; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p16);
+
+    for (i = 0; i < 8; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p8);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p4);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p2);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    memcpy(r, res, sizeof(res));
+}
+
+/*
+ * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
+ * returns one if it fits. Otherwise it returns zero.
+ */
+__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
+                                                    const BIGNUM *in)
+{
+    return bn_copy_words(out, in, P256_LIMBS);
+}
+
+/* r = sum(scalar[i]*point[i]) */
+__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+                                            P256_POINT *r,
+                                            const BIGNUM **scalar,
+                                            const EC_POINT **point,
+                                            size_t num, BN_CTX *ctx)
+{
+    size_t i;
+    int j, ret = 0;
+    unsigned int idx;
+    unsigned char (*p_str)[33] = NULL;
+    const unsigned int window_size = 5;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    P256_POINT *temp;           /* place for 5 temporary points */
+    const BIGNUM **scalars = NULL;
+    P256_POINT (*table)[16] = NULL;
+    void *table_storage = NULL;
+
+    if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)
+        || (table_storage =
+            OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL
+        || (p_str =
+            OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL
+        || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    table = (void *)ALIGNPTR(table_storage, 64);
+    temp = (P256_POINT *)(table + num);
+
+    for (i = 0; i < num; i++) {
+        P256_POINT *row = table[i];
+
+        /* This is an unusual input, we don't guarantee constant-timeness. */
+        if ((BN_num_bits(scalar[i]) > 256) || BN_is_negative(scalar[i])) {
+            BIGNUM *mod;
+
+            if ((mod = BN_CTX_get(ctx)) == NULL)
+                goto err;
+            if (!BN_nnmod(mod, scalar[i], group->order, ctx)) {
+                ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            scalars[i] = mod;
+        } else
+            scalars[i] = scalar[i];
+
+        for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) {
+            BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES];
+
+            p_str[i][j + 0] = (unsigned char)d;
+            p_str[i][j + 1] = (unsigned char)(d >> 8);
+            p_str[i][j + 2] = (unsigned char)(d >> 16);
+            p_str[i][j + 3] = (unsigned char)(d >>= 24);
+            if (BN_BYTES == 8) {
+                d >>= 8;
+                p_str[i][j + 4] = (unsigned char)d;
+                p_str[i][j + 5] = (unsigned char)(d >> 8);
+                p_str[i][j + 6] = (unsigned char)(d >> 16);
+                p_str[i][j + 7] = (unsigned char)(d >> 24);
+            }
+        }
+        for (; j < 33; j++)
+            p_str[i][j] = 0;
+
+        if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) {
+            ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
+                  EC_R_COORDINATES_OUT_OF_RANGE);
+            goto err;
+        }
+
+        /*
+         * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
+         * is not stored. All other values are actually stored with an offset
+         * of -1 in table.
+         */
+
+        ecp_nistz256_scatter_w5  (row, &temp[0], 1);
+        ecp_nistz256_point_double(&temp[1], &temp[0]);              /*1+1=2  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 2);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*2+1=3  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 3);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*2=4  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 4);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*3=6  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 6);
+        ecp_nistz256_point_add   (&temp[3], &temp[1], &temp[0]);    /*4+1=5  */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 5);
+        ecp_nistz256_point_add   (&temp[4], &temp[2], &temp[0]);    /*6+1=7  */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 7);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*4=8  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 8);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*6=12 */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 12);
+        ecp_nistz256_point_double(&temp[3], &temp[3]);              /*2*5=10 */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 10);
+        ecp_nistz256_point_double(&temp[4], &temp[4]);              /*2*7=14 */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 14);
+        ecp_nistz256_point_add   (&temp[2], &temp[2], &temp[0]);    /*12+1=13*/
+        ecp_nistz256_scatter_w5  (row, &temp[2], 13);
+        ecp_nistz256_point_add   (&temp[3], &temp[3], &temp[0]);    /*10+1=11*/
+        ecp_nistz256_scatter_w5  (row, &temp[3], 11);
+        ecp_nistz256_point_add   (&temp[4], &temp[4], &temp[0]);    /*14+1=15*/
+        ecp_nistz256_scatter_w5  (row, &temp[4], 15);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*8+1=9  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 9);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*8=16 */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 16);
+    }
+
+    idx = 255;
+
+    wvalue = p_str[0][(idx - 1) / 8];
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+    /*
+     * We gather to temp[0], because we know it's position relative
+     * to table
+     */
+    ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);
+    memcpy(r, &temp[0], sizeof(temp[0]));
+
+    while (idx >= 5) {
+        for (i = (idx == 255 ? 1 : 0); i < num; i++) {
+            unsigned int off = (idx - 1) / 8;
+
+            wvalue = p_str[i][off] | p_str[i][off + 1] << 8;
+            wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+            wvalue = _booth_recode_w5(wvalue);
+
+            ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+            ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+            copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1));
+
+            ecp_nistz256_point_add(r, r, &temp[0]);
+        }
+
+        idx -= window_size;
+
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+    }
+
+    /* Final window */
+    for (i = 0; i < num; i++) {
+        wvalue = p_str[i][0];
+        wvalue = (wvalue << 1) & mask;
+
+        wvalue = _booth_recode_w5(wvalue);
+
+        ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+        ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+        copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1);
+
+        ecp_nistz256_point_add(r, r, &temp[0]);
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(table_storage);
+    OPENSSL_free(p_str);
+    OPENSSL_free(scalars);
+    return ret;
+}
+
+/* Coordinates of G, for which we have precomputed tables */
+static const BN_ULONG def_xG[P256_LIMBS] = {
+    TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
+    TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)
+};
+
+static const BN_ULONG def_yG[P256_LIMBS] = {
+    TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
+    TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)
+};
+
+/*
+ * ecp_nistz256_is_affine_G returns one if |generator| is the standard, P-256
+ * generator.
+ */
+static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
+{
+    return (bn_get_top(generator->X) == P256_LIMBS) &&
+        (bn_get_top(generator->Y) == P256_LIMBS) &&
+        is_equal(bn_get_words(generator->X), def_xG) &&
+        is_equal(bn_get_words(generator->Y), def_yG) &&
+        is_one(generator->Z);
+}
+
+__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
+{
+    /*
+     * We precompute a table for a Booth encoded exponent (wNAF) based
+     * computation. Each table holds 64 values for safe access, with an
+     * implicit value of infinity at index zero. We use window of size 7, and
+     * therefore require ceil(256/7) = 37 tables.
+     */
+    const BIGNUM *order;
+    EC_POINT *P = NULL, *T = NULL;
+    const EC_POINT *generator;
+    NISTZ256_PRE_COMP *pre_comp;
+    BN_CTX *new_ctx = NULL;
+    int i, j, k, ret = 0;
+    size_t w;
+
+    PRECOMP256_ROW *preComputedTable = NULL;
+    unsigned char *precomp_storage = NULL;
+
+    /* if there is an old NISTZ256_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
+        return 0;
+    }
+
+    if (ecp_nistz256_is_affine_G(generator)) {
+        /*
+         * No need to calculate tables for the standard generator because we
+         * have them statically.
+         */
+        return 1;
+    }
+
+    if ((pre_comp = ecp_nistz256_pre_comp_new(group)) == NULL)
+        return 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    w = 7;
+
+    if ((precomp_storage =
+         OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    preComputedTable = (void *)ALIGNPTR(precomp_storage, 64);
+
+    P = EC_POINT_new(group);
+    T = EC_POINT_new(group);
+    if (P == NULL || T == NULL)
+        goto err;
+
+    /*
+     * The zero entry is implicitly infinity, and we skip it, storing other
+     * values with -1 offset.
+     */
+    if (!EC_POINT_copy(T, generator))
+        goto err;
+
+    for (k = 0; k < 64; k++) {
+        if (!EC_POINT_copy(P, T))
+            goto err;
+        for (j = 0; j < 37; j++) {
+            P256_POINT_AFFINE temp;
+            /*
+             * It would be faster to use EC_POINTs_make_affine and
+             * make multiple points affine at the same time.
+             */
+            if (!EC_POINT_make_affine(group, P, ctx))
+                goto err;
+            if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) ||
+                !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) {
+                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
+                      EC_R_COORDINATES_OUT_OF_RANGE);
+                goto err;
+            }
+            ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);
+            for (i = 0; i < 7; i++) {
+                if (!EC_POINT_dbl(group, P, P, ctx))
+                    goto err;
+            }
+        }
+        if (!EC_POINT_add(group, T, T, generator, ctx))
+            goto err;
+    }
+
+    pre_comp->group = group;
+    pre_comp->w = w;
+    pre_comp->precomp = preComputedTable;
+    pre_comp->precomp_storage = precomp_storage;
+    precomp_storage = NULL;
+    SETPRECOMP(group, nistz256, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+
+    EC_nistz256_pre_comp_free(pre_comp);
+    OPENSSL_free(precomp_storage);
+    EC_POINT_free(P);
+    EC_POINT_free(T);
+    return ret;
+}
+
+/*
+ * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
+ * code processing 4 points in parallel, corresponding serial operation
+ * is several times slower, because it uses 29x29=58-bit multiplication
+ * as opposite to 64x64=128-bit in integer-only scalar case. As result
+ * it doesn't provide *significant* performance improvement. Note that
+ * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
+ * you'd need to compile even asm/ecp_nistz256-avx.pl module.
+ */
+#if defined(ECP_NISTZ256_AVX2)
+# if !(defined(__x86_64) || defined(__x86_64__) || \
+       defined(_M_AMD64) || defined(_MX64)) || \
+     !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */
+#  undef ECP_NISTZ256_AVX2
+# else
+/* Constant time access, loading four values, from four consecutive tables */
+void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in,
+                                       int index0, int index1, int index2,
+                                       int index3);
+void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in);
+void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4);
+void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4,
+                                           const void *Bx4);
+void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4,
+                                            const void *Bx4);
+void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4);
+void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4);
+void ecp_nistz256_avx2_set1(void *RESULTx4);
+int ecp_nistz_avx2_eligible(void);
+
+static void booth_recode_w7(unsigned char *sign,
+                            unsigned char *digit, unsigned char in)
+{
+    unsigned char s, d;
+
+    s = ~((in >> 7) - 1);
+    d = (1 << 8) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    *sign = s & 1;
+    *digit = d;
+}
+
+/*
+ * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the
+ * precomputed table. It does 4 affine point additions in parallel,
+ * significantly speeding up point multiplication for a fixed value.
+ */
+static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
+                                    unsigned char p_str[33],
+                                    const P256_POINT_AFFINE(*preComputedTable)[64])
+{
+    const unsigned int window_size = 7;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    /* Using 4 windows at a time */
+    unsigned char sign0, digit0;
+    unsigned char sign1, digit1;
+    unsigned char sign2, digit2;
+    unsigned char sign3, digit3;
+    unsigned int idx = 0;
+    BN_ULONG tmp[P256_LIMBS];
+    int i;
+
+    ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 };
+    ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 };
+    ALIGN32 P256_POINT_AFFINE point_arr[4];
+    ALIGN32 P256_POINT res_point_arr[4];
+
+    /* Initial four windows */
+    wvalue = *((u16 *) & p_str[0]);
+    wvalue = (wvalue << 1) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign1, &digit1, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign2, &digit2, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign3, &digit3, wvalue);
+
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0],
+                                      digit0, digit1, digit2, digit3);
+
+    ecp_nistz256_neg(tmp, point_arr[0].Y);
+    copy_conditional(point_arr[0].Y, tmp, sign0);
+    ecp_nistz256_neg(tmp, point_arr[1].Y);
+    copy_conditional(point_arr[1].Y, tmp, sign1);
+    ecp_nistz256_neg(tmp, point_arr[2].Y);
+    copy_conditional(point_arr[2].Y, tmp, sign2);
+    ecp_nistz256_neg(tmp, point_arr[3].Y);
+    copy_conditional(point_arr[3].Y, tmp, sign3);
+
+    ecp_nistz256_avx2_transpose_convert(aX4, point_arr);
+    ecp_nistz256_avx2_to_mont(aX4, aX4);
+    ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]);
+    ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]);
+
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign1, &digit1, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign2, &digit2, wvalue);
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    idx += window_size;
+    booth_recode_w7(&sign3, &digit3, wvalue);
+
+    ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1],
+                                      digit0, digit1, digit2, digit3);
+
+    ecp_nistz256_neg(tmp, point_arr[0].Y);
+    copy_conditional(point_arr[0].Y, tmp, sign0);
+    ecp_nistz256_neg(tmp, point_arr[1].Y);
+    copy_conditional(point_arr[1].Y, tmp, sign1);
+    ecp_nistz256_neg(tmp, point_arr[2].Y);
+    copy_conditional(point_arr[2].Y, tmp, sign2);
+    ecp_nistz256_neg(tmp, point_arr[3].Y);
+    copy_conditional(point_arr[3].Y, tmp, sign3);
+
+    ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
+    ecp_nistz256_avx2_to_mont(bX4, bX4);
+    ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
+    /* Optimized when both inputs are affine */
+    ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4);
+
+    for (i = 2; i < 9; i++) {
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign0, &digit0, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign1, &digit1, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign2, &digit2, wvalue);
+        wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+        wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+        idx += window_size;
+        booth_recode_w7(&sign3, &digit3, wvalue);
+
+        ecp_nistz256_avx2_multi_gather_w7(point_arr,
+                                          preComputedTable[4 * i],
+                                          digit0, digit1, digit2, digit3);
+
+        ecp_nistz256_neg(tmp, point_arr[0].Y);
+        copy_conditional(point_arr[0].Y, tmp, sign0);
+        ecp_nistz256_neg(tmp, point_arr[1].Y);
+        copy_conditional(point_arr[1].Y, tmp, sign1);
+        ecp_nistz256_neg(tmp, point_arr[2].Y);
+        copy_conditional(point_arr[2].Y, tmp, sign2);
+        ecp_nistz256_neg(tmp, point_arr[3].Y);
+        copy_conditional(point_arr[3].Y, tmp, sign3);
+
+        ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
+        ecp_nistz256_avx2_to_mont(bX4, bX4);
+        ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
+
+        ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4);
+    }
+
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]);
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]);
+    ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]);
+
+    ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4);
+    /* Last window is performed serially */
+    wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+    booth_recode_w7(&sign0, &digit0, wvalue);
+    ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r,
+                           preComputedTable[36], digit0);
+    ecp_nistz256_neg(tmp, r->Y);
+    copy_conditional(r->Y, tmp, sign0);
+    memcpy(r->Z, ONE, sizeof(ONE));
+    /* Sum the four windows */
+    ecp_nistz256_point_add(r, r, &res_point_arr[0]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[1]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[2]);
+    ecp_nistz256_point_add(r, r, &res_point_arr[3]);
+}
+# endif
+#endif
+
+__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
+                                               const P256_POINT_AFFINE *in,
+                                               BN_CTX *ctx)
+{
+    BIGNUM *x, *y;
+    BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
+    int ret = 0;
+
+    x = BN_new();
+    if (x == NULL)
+        return 0;
+    y = BN_new();
+    if (y == NULL) {
+        BN_free(x);
+        return 0;
+    }
+    memcpy(d_x, in->X, sizeof(d_x));
+    bn_set_static_words(x, d_x, P256_LIMBS);
+
+    memcpy(d_y, in->Y, sizeof(d_y));
+    bn_set_static_words(y, d_y, P256_LIMBS);
+
+    ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx);
+
+    BN_free(x);
+    BN_free(y);
+
+    return ret;
+}
+
+/* r = scalar*G + sum(scalars[i]*points[i]) */
+__owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
+                                          EC_POINT *r,
+                                          const BIGNUM *scalar,
+                                          size_t num,
+                                          const EC_POINT *points[],
+                                          const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
+    size_t j;
+    unsigned char p_str[33] = { 0 };
+    const PRECOMP256_ROW *preComputedTable = NULL;
+    const NISTZ256_PRE_COMP *pre_comp = NULL;
+    const EC_POINT *generator = NULL;
+    BN_CTX *new_ctx = NULL;
+    const BIGNUM **new_scalars = NULL;
+    const EC_POINT **new_points = NULL;
+    unsigned int idx = 0;
+    const unsigned int window_size = 7;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    ALIGN32 union {
+        P256_POINT p;
+        P256_POINT_AFFINE a;
+    } t, p;
+    BIGNUM *tmp_scalar;
+
+    if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) {
+        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (group->meth != r->meth) {
+        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+
+    if ((scalar == NULL) && (num == 0))
+        return EC_POINT_set_to_infinity(group, r);
+
+    for (j = 0; j < num; j++) {
+        if (group->meth != points[j]->meth) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    if (scalar) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+        pre_comp = group->pre_comp.nistz256;
+
+        if (pre_comp) {
+            /*
+             * If there is a precomputed table for the generator, check that
+             * it was generated with the same generator.
+             */
+            EC_POINT *pre_comp_generator = EC_POINT_new(group);
+            if (pre_comp_generator == NULL)
+                goto err;
+
+            if (!ecp_nistz256_set_from_affine(pre_comp_generator,
+                                              group, pre_comp->precomp[0],
+                                              ctx)) {
+                EC_POINT_free(pre_comp_generator);
+                goto err;
+            }
+
+            if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx))
+                preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp;
+
+            EC_POINT_free(pre_comp_generator);
+        }
+
+        if (preComputedTable == NULL && ecp_nistz256_is_affine_G(generator)) {
+            /*
+             * If there is no precomputed data, but the generator is the
+             * default, a hardcoded table of precomputed data is used. This
+             * is because applications, such as Apache, do not use
+             * EC_KEY_precompute_mult.
+             */
+            preComputedTable = ecp_nistz256_precomputed;
+        }
+
+        if (preComputedTable) {
+            if ((BN_num_bits(scalar) > 256)
+                || BN_is_negative(scalar)) {
+                if ((tmp_scalar = BN_CTX_get(ctx)) == NULL)
+                    goto err;
+
+                if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                    ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                scalar = tmp_scalar;
+            }
+
+            for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) {
+                BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES];
+
+                p_str[i + 0] = (unsigned char)d;
+                p_str[i + 1] = (unsigned char)(d >> 8);
+                p_str[i + 2] = (unsigned char)(d >> 16);
+                p_str[i + 3] = (unsigned char)(d >>= 24);
+                if (BN_BYTES == 8) {
+                    d >>= 8;
+                    p_str[i + 4] = (unsigned char)d;
+                    p_str[i + 5] = (unsigned char)(d >> 8);
+                    p_str[i + 6] = (unsigned char)(d >> 16);
+                    p_str[i + 7] = (unsigned char)(d >> 24);
+                }
+            }
+
+            for (; i < 33; i++)
+                p_str[i] = 0;
+
+#if defined(ECP_NISTZ256_AVX2)
+            if (ecp_nistz_avx2_eligible()) {
+                ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable);
+            } else
+#endif
+            {
+                BN_ULONG infty;
+
+                /* First window */
+                wvalue = (p_str[0] << 1) & mask;
+                idx += window_size;
+
+                wvalue = _booth_recode_w7(wvalue);
+
+                ecp_nistz256_gather_w7(&p.a, preComputedTable[0],
+                                       wvalue >> 1);
+
+                ecp_nistz256_neg(p.p.Z, p.p.Y);
+                copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
+
+                /*
+                 * Since affine infinity is encoded as (0,0) and
+                 * Jacobian ias (,,0), we need to harmonize them
+                 * by assigning "one" or zero to Z.
+                 */
+                infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
+                         p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
+                if (P256_LIMBS == 8)
+                    infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
+                              p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
+
+                infty = 0 - is_zero(infty);
+                infty = ~infty;
+
+                p.p.Z[0] = ONE[0] & infty;
+                p.p.Z[1] = ONE[1] & infty;
+                p.p.Z[2] = ONE[2] & infty;
+                p.p.Z[3] = ONE[3] & infty;
+                if (P256_LIMBS == 8) {
+                    p.p.Z[4] = ONE[4] & infty;
+                    p.p.Z[5] = ONE[5] & infty;
+                    p.p.Z[6] = ONE[6] & infty;
+                    p.p.Z[7] = ONE[7] & infty;
+                }
+
+                for (i = 1; i < 37; i++) {
+                    unsigned int off = (idx - 1) / 8;
+                    wvalue = p_str[off] | p_str[off + 1] << 8;
+                    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+                    idx += window_size;
+
+                    wvalue = _booth_recode_w7(wvalue);
+
+                    ecp_nistz256_gather_w7(&t.a,
+                                           preComputedTable[i], wvalue >> 1);
+
+                    ecp_nistz256_neg(t.p.Z, t.a.Y);
+                    copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
+
+                    ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
+                }
+            }
+        } else {
+            p_is_infinity = 1;
+            no_precomp_for_generator = 1;
+        }
+    } else
+        p_is_infinity = 1;
+
+    if (no_precomp_for_generator) {
+        /*
+         * Without a precomputed table for the generator, it has to be
+         * handled like a normal point.
+         */
+        new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
+        if (new_scalars == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
+        if (new_points == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        memcpy(new_scalars, scalars, num * sizeof(BIGNUM *));
+        new_scalars[num] = scalar;
+        memcpy(new_points, points, num * sizeof(EC_POINT *));
+        new_points[num] = generator;
+
+        scalars = new_scalars;
+        points = new_points;
+        num++;
+    }
+
+    if (num) {
+        P256_POINT *out = &t.p;
+        if (p_is_infinity)
+            out = &p.p;
+
+        if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx))
+            goto err;
+
+        if (!p_is_infinity)
+            ecp_nistz256_point_add(&p.p, &p.p, out);
+    }
+
+    /* Not constant-time, but we're only operating on the public output. */
+    if (!bn_set_words(r->X, p.p.X, P256_LIMBS) ||
+        !bn_set_words(r->Y, p.p.Y, P256_LIMBS) ||
+        !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) {
+        goto err;
+    }
+    r->Z_is_one = is_one(r->Z) & 1;
+
+    ret = 1;
+
+err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    OPENSSL_free(new_points);
+    OPENSSL_free(new_scalars);
+    return ret;
+}
+
+__owur static int ecp_nistz256_get_affine(const EC_GROUP *group,
+                                          const EC_POINT *point,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+{
+    BN_ULONG z_inv2[P256_LIMBS];
+    BN_ULONG z_inv3[P256_LIMBS];
+    BN_ULONG x_aff[P256_LIMBS];
+    BN_ULONG y_aff[P256_LIMBS];
+    BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS];
+    BN_ULONG x_ret[P256_LIMBS], y_ret[P256_LIMBS];
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) ||
+        !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) ||
+        !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_COORDINATES_OUT_OF_RANGE);
+        return 0;
+    }
+
+    ecp_nistz256_mod_inverse(z_inv3, point_z);
+    ecp_nistz256_sqr_mont(z_inv2, z_inv3);
+    ecp_nistz256_mul_mont(x_aff, z_inv2, point_x);
+
+    if (x != NULL) {
+        ecp_nistz256_from_mont(x_ret, x_aff);
+        if (!bn_set_words(x, x_ret, P256_LIMBS))
+            return 0;
+    }
+
+    if (y != NULL) {
+        ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);
+        ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);
+        ecp_nistz256_from_mont(y_ret, y_aff);
+        if (!bn_set_words(y, y_ret, P256_LIMBS))
+            return 0;
+    }
+
+    return 1;
+}
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
+{
+    NISTZ256_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->w = 6;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
+    return p;
+}
+
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistz256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    OPENSSL_free(pre->precomp_storage);
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+
+static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
+{
+    /* There is a hard-coded table for the default generator. */
+    const EC_POINT *generator = EC_GROUP_get0_generator(group);
+
+    if (generator != NULL && ecp_nistz256_is_affine_G(generator)) {
+        /* There is a hard-coded table for the default generator. */
+        return 1;
+    }
+
+    return HAVEPRECOMP(group, nistz256);
+}
+
+const EC_METHOD *EC_GFp_nistz256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ecp_nistz256_get_affine,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ecp_nistz256_points_mul,                    /* mul */
+        ecp_nistz256_mult_precompute,               /* precompute_mult */
+        ecp_nistz256_window_have_precompute_mult,   /* have_precompute_mult */
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0,                                          /* field_div */
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecp_nistz256_table.c b/openssl-1.1.0h/crypto/ec/ecp_nistz256_table.c
new file mode 100644
index 0000000..3f5625c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_nistz256_table.c
@@ -0,0 +1,9542 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the precomputed constant time access table for the code in
+ * ecp_montp256.c, for the default generator. The table consists of 37
+ * subtables, each subtable contains 64 affine points. The affine points are
+ * encoded as eight uint64's, four for the x coordinate and four for the y.
+ * Both values are in little-endian order. There are 37 tables because a
+ * signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37.
+ * Within each table there are 64 values because the 6-bit wNAF value can
+ * take 64 values, ignoring the sign bit, which is implemented by performing
+ * a negation of the affine point when required. We would like to align it
+ * to 2MB in order to increase the chances of using a large page but that
+ * appears to lead to invalid ELF files being produced.
+ */
+
+#if defined(__GNUC__)
+__attribute((aligned(4096)))
+#elif defined(_MSC_VER)
+__declspec(align(4096))
+#elif defined(__SUNPRO_C)
+# pragma align 4096(ecp_nistz256_precomputed)
+#endif
+static const BN_ULONG ecp_nistz256_precomputed[37][64 *
+                                                   sizeof(P256_POINT_AFFINE) /
+                                                   sizeof(BN_ULONG)] = {
+    {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
+     TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6),
+     TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
+     TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85),
+     TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d),
+     TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b),
+     TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8),
+     TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b),
+     TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb),
+     TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e),
+     TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a),
+     TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07),
+     TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173),
+     TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b),
+     TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447),
+     TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863),
+     TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d),
+     TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8),
+     TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b),
+     TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916),
+     TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e),
+     TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673),
+     TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5),
+     TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f),
+     TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7),
+     TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03),
+     TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd),
+     TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867),
+     TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455),
+     TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d),
+     TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15),
+     TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76),
+     TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841),
+     TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b),
+     TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3),
+     TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b),
+     TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139),
+     TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f),
+     TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08),
+     TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5),
+     TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0),
+     TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073),
+     TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8),
+     TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e),
+     TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33),
+     TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156),
+     TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637),
+     TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca),
+     TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d),
+     TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759),
+     TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3),
+     TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797),
+     TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3),
+     TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e),
+     TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2),
+     TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb),
+     TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b),
+     TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09),
+     TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25),
+     TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4),
+     TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b),
+     TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723),
+     TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587),
+     TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220),
+     TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b),
+     TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e),
+     TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e),
+     TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0),
+     TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e),
+     TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda),
+     TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c),
+     TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d),
+     TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e),
+     TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc),
+     TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5),
+     TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b),
+     TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc),
+     TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e),
+     TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae),
+     TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0),
+     TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d),
+     TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc),
+     TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61),
+     TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3),
+     TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a),
+     TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4),
+     TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4),
+     TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074),
+     TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e),
+     TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42),
+     TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a),
+     TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f),
+     TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35),
+     TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115),
+     TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356),
+     TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a),
+     TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0),
+     TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e),
+     TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950),
+     TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968),
+     TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538),
+     TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10),
+     TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508),
+     TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7),
+     TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313),
+     TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a),
+     TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58),
+     TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31),
+     TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892),
+     TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97),
+     TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68),
+     TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278),
+     TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880),
+     TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48),
+     TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3),
+     TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b),
+     TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1),
+     TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c),
+     TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a),
+     TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72),
+     TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6),
+     TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4),
+     TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028),
+     TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745),
+     TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf),
+     TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4),
+     TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908),
+     TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4),
+     TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103),
+     TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c),
+     TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef),
+     TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4),
+     TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d),
+     TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64),
+     TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92),
+     TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8),
+     TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7),
+     TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521),
+     TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5),
+     TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8),
+     TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f),
+     TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3),
+     TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13),
+     TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526),
+     TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55),
+     TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb),
+     TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850),
+     TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8),
+     TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce),
+     TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c),
+     TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409),
+     TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d),
+     TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346),
+     TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac),
+     TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876),
+     TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408),
+     TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c),
+     TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227),
+     TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34),
+     TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f),
+     TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822),
+     TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f),
+     TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47),
+     TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b),
+     TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7),
+     TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43),
+     TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae),
+     TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d),
+     TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa),
+     TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994),
+     TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8),
+     TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0),
+     TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb),
+     TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291),
+     TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f),
+     TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a),
+     TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18),
+     TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278),
+     TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5),
+     TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5),
+     TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba),
+     TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc),
+     TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b),
+     TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865),
+     TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906),
+     TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd),
+     TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13),
+     TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27),
+     TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0),
+     TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad),
+     TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7),
+     TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2),
+     TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909),
+     TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b),
+     TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a),
+     TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36),
+     TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278),
+     TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7),
+     TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96),
+     TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13),
+     TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f),
+     TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443),
+     TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65),
+     TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d),
+     TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0),
+     TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542),
+     TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562),
+     TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d),
+     TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679),
+     TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0),
+     TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2),
+     TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283),
+     TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f),
+     TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851),
+     TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa),
+     TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb),
+     TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6),
+     TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd),
+     TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4),
+     TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4),
+     TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a),
+     TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63),
+     TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b),
+     TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08),
+     TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29),
+     TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc),
+     TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a),
+     TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626),
+     TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf),
+     TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd),
+     TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad),
+     TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741),
+     TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1),
+     TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7),
+     TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea),
+     TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b),
+     TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7),
+     TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915),
+     TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c),
+     TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832),
+     TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84),
+     TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa),
+     TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d),
+     TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3),
+     TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7),
+     TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413),
+     TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e),
+     TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009),
+     TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed),
+     TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d),
+     TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197),
+     TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70),
+     TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9),
+     TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7),
+     TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82),
+     TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}
+    ,
+    {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54),
+     TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617),
+     TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff),
+     TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188),
+     TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d),
+     TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c),
+     TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5),
+     TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53),
+     TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5),
+     TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6),
+     TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3),
+     TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656),
+     TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5),
+     TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290),
+     TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d),
+     TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108),
+     TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be),
+     TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502),
+     TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220),
+     TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a),
+     TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3),
+     TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4),
+     TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd),
+     TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2),
+     TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95),
+     TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0),
+     TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda),
+     TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232),
+     TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf),
+     TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863),
+     TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd),
+     TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f),
+     TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298),
+     TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c),
+     TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78),
+     TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2),
+     TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8),
+     TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014),
+     TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30),
+     TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb),
+     TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638),
+     TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec),
+     TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314),
+     TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868),
+     TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146),
+     TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e),
+     TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f),
+     TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435),
+     TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2),
+     TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808),
+     TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3),
+     TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd),
+     TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90),
+     TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60),
+     TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347),
+     TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2),
+     TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957),
+     TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec),
+     TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3),
+     TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e),
+     TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509),
+     TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45),
+     TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d),
+     TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f),
+     TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f),
+     TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85),
+     TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54),
+     TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f),
+     TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0),
+     TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6),
+     TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787),
+     TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8),
+     TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d),
+     TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176),
+     TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc),
+     TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1),
+     TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701),
+     TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442),
+     TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30),
+     TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959),
+     TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f),
+     TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f),
+     TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be),
+     TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac),
+     TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295),
+     TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c),
+     TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241),
+     TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97),
+     TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a),
+     TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f),
+     TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0),
+     TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f),
+     TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678),
+     TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48),
+     TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948),
+     TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184),
+     TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6),
+     TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f),
+     TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52),
+     TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369),
+     TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd),
+     TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887),
+     TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682),
+     TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6),
+     TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901),
+     TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef),
+     TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549),
+     TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9),
+     TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f),
+     TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c),
+     TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278),
+     TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f),
+     TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd),
+     TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04),
+     TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad),
+     TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084),
+     TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5),
+     TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723),
+     TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd),
+     TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9),
+     TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2),
+     TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c),
+     TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24),
+     TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2),
+     TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf),
+     TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da),
+     TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad),
+     TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9),
+     TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254),
+     TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39),
+     TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6),
+     TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09),
+     TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3),
+     TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc),
+     TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1),
+     TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6),
+     TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b),
+     TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec),
+     TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14),
+     TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1),
+     TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1),
+     TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09),
+     TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e),
+     TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331),
+     TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830),
+     TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da),
+     TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0),
+     TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7),
+     TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be),
+     TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb),
+     TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1),
+     TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a),
+     TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d),
+     TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b),
+     TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d),
+     TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8),
+     TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a),
+     TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272),
+     TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82),
+     TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525),
+     TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3),
+     TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a),
+     TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159),
+     TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32),
+     TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb),
+     TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4),
+     TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01),
+     TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f),
+     TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a),
+     TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120),
+     TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b),
+     TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1),
+     TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17),
+     TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c),
+     TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3),
+     TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7),
+     TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043),
+     TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2),
+     TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4),
+     TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084),
+     TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546),
+     TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd),
+     TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7),
+     TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715),
+     TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93),
+     TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e),
+     TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26),
+     TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa),
+     TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681),
+     TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663),
+     TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce),
+     TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607),
+     TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c),
+     TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72),
+     TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992),
+     TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8),
+     TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485),
+     TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7),
+     TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50),
+     TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253),
+     TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04),
+     TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1),
+     TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13),
+     TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce),
+     TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13),
+     TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe),
+     TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747),
+     TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a),
+     TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da),
+     TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b),
+     TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0),
+     TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26),
+     TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4),
+     TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621),
+     TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3),
+     TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0),
+     TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de),
+     TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228),
+     TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa),
+     TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d),
+     TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381),
+     TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb),
+     TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9),
+     TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407),
+     TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748),
+     TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb),
+     TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661),
+     TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f),
+     TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c),
+     TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45),
+     TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19),
+     TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45),
+     TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc),
+     TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131),
+     TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980),
+     TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663),
+     TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42),
+     TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589),
+     TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212),
+     TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76),
+     TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e),
+     TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5),
+     TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee),
+     TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd),
+     TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d),
+     TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e),
+     TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773),
+     TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3),
+     TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c),
+     TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0),
+     TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545),
+     TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4),
+     TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182),
+     TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085),
+     TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b),
+     TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}
+    ,
+    {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8),
+     TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551),
+     TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164),
+     TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38),
+     TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0),
+     TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825),
+     TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b),
+     TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a),
+     TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35),
+     TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699),
+     TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562),
+     TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6),
+     TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e),
+     TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219),
+     TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf),
+     TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415),
+     TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012),
+     TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d),
+     TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334),
+     TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f),
+     TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18),
+     TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7),
+     TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0),
+     TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151),
+     TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af),
+     TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3),
+     TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5),
+     TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514),
+     TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142),
+     TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922),
+     TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1),
+     TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b),
+     TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d),
+     TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8),
+     TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69),
+     TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1),
+     TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5),
+     TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41),
+     TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9),
+     TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63),
+     TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b),
+     TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f),
+     TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b),
+     TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440),
+     TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72),
+     TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5),
+     TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900),
+     TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a),
+     TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c),
+     TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf),
+     TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981),
+     TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe),
+     TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031),
+     TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d),
+     TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4),
+     TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88),
+     TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8),
+     TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6),
+     TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03),
+     TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51),
+     TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f),
+     TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f),
+     TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e),
+     TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53),
+     TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c),
+     TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e),
+     TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef),
+     TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d),
+     TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de),
+     TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36),
+     TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8),
+     TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82),
+     TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e),
+     TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee),
+     TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26),
+     TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e),
+     TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337),
+     TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590),
+     TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249),
+     TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b),
+     TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6),
+     TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823),
+     TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71),
+     TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91),
+     TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273),
+     TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067),
+     TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e),
+     TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530),
+     TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606),
+     TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303),
+     TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd),
+     TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a),
+     TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7),
+     TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb),
+     TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976),
+     TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609),
+     TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90),
+     TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3),
+     TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2),
+     TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec),
+     TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43),
+     TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af),
+     TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538),
+     TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6),
+     TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79),
+     TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4),
+     TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225),
+     TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153),
+     TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99),
+     TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8),
+     TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f),
+     TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10),
+     TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864),
+     TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822),
+     TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92),
+     TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87),
+     TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1),
+     TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f),
+     TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3),
+     TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba),
+     TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917),
+     TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8),
+     TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf),
+     TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234),
+     TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1),
+     TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e),
+     TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb),
+     TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f),
+     TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43),
+     TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94),
+     TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3),
+     TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a),
+     TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d),
+     TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf),
+     TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129),
+     TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7),
+     TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4),
+     TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13),
+     TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137),
+     TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85),
+     TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390),
+     TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9),
+     TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06),
+     TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331),
+     TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50),
+     TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f),
+     TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5),
+     TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77),
+     TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2),
+     TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17),
+     TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2),
+     TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76),
+     TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc),
+     TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722),
+     TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b),
+     TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba),
+     TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b),
+     TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c),
+     TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8),
+     TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855),
+     TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73),
+     TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793),
+     TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd),
+     TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07),
+     TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749),
+     TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b),
+     TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55),
+     TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b),
+     TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e),
+     TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f),
+     TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2),
+     TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80),
+     TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114),
+     TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760),
+     TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f),
+     TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d),
+     TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c),
+     TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a),
+     TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5),
+     TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14),
+     TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649),
+     TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd),
+     TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5),
+     TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523),
+     TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92),
+     TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa),
+     TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934),
+     TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50),
+     TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05),
+     TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f),
+     TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32),
+     TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef),
+     TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e),
+     TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6),
+     TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1),
+     TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207),
+     TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c),
+     TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043),
+     TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0),
+     TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391),
+     TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da),
+     TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545),
+     TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92),
+     TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5),
+     TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7),
+     TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1),
+     TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b),
+     TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71),
+     TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18),
+     TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a),
+     TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c),
+     TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a),
+     TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0),
+     TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95),
+     TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee),
+     TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55),
+     TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc),
+     TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21),
+     TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f),
+     TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44),
+     TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea),
+     TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06),
+     TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48),
+     TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d),
+     TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4),
+     TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52),
+     TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840),
+     TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf),
+     TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32),
+     TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd),
+     TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b),
+     TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6),
+     TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958),
+     TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658),
+     TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1),
+     TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab),
+     TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7),
+     TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656),
+     TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945),
+     TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de),
+     TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd),
+     TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984),
+     TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09),
+     TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c),
+     TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e),
+     TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156),
+     TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f),
+     TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd),
+     TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca),
+     TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36),
+     TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af),
+     TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0),
+     TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035),
+     TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3),
+     TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc),
+     TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}
+    ,
+    {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6),
+     TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829),
+     TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8),
+     TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca),
+     TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e),
+     TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db),
+     TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3),
+     TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c),
+     TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b),
+     TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a),
+     TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042),
+     TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f),
+     TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f),
+     TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e),
+     TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509),
+     TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837),
+     TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758),
+     TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68),
+     TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5),
+     TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453),
+     TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6),
+     TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4),
+     TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881),
+     TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6),
+     TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f),
+     TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89),
+     TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34),
+     TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50),
+     TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea),
+     TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed),
+     TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6),
+     TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082),
+     TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e),
+     TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10),
+     TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9),
+     TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a),
+     TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783),
+     TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8),
+     TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60),
+     TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a),
+     TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e),
+     TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346),
+     TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9),
+     TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b),
+     TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3),
+     TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7),
+     TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef),
+     TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3),
+     TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc),
+     TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9),
+     TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e),
+     TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52),
+     TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544),
+     TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f),
+     TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d),
+     TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e),
+     TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755),
+     TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d),
+     TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5),
+     TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f),
+     TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3),
+     TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142),
+     TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942),
+     TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4),
+     TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7),
+     TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0),
+     TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e),
+     TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864),
+     TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024),
+     TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d),
+     TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279),
+     TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab),
+     TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19),
+     TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc),
+     TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d),
+     TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940),
+     TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea),
+     TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d),
+     TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b),
+     TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821),
+     TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b),
+     TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d),
+     TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2),
+     TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d),
+     TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18),
+     TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8),
+     TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246),
+     TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7),
+     TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1),
+     TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006),
+     TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d),
+     TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20),
+     TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318),
+     TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a),
+     TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb),
+     TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b),
+     TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f),
+     TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9),
+     TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88),
+     TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3),
+     TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221),
+     TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb),
+     TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84),
+     TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f),
+     TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267),
+     TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397),
+     TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f),
+     TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec),
+     TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373),
+     TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7),
+     TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead),
+     TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b),
+     TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032),
+     TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db),
+     TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460),
+     TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3),
+     TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e),
+     TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124),
+     TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069),
+     TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431),
+     TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431),
+     TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b),
+     TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57),
+     TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460),
+     TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869),
+     TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc),
+     TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49),
+     TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251),
+     TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205),
+     TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149),
+     TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33),
+     TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e),
+     TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40),
+     TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292),
+     TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4),
+     TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6),
+     TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79),
+     TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d),
+     TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd),
+     TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968),
+     TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c),
+     TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280),
+     TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe),
+     TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac),
+     TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305),
+     TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8),
+     TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010),
+     TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae),
+     TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13),
+     TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed),
+     TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65),
+     TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee),
+     TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd),
+     TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257),
+     TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65),
+     TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d),
+     TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750),
+     TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7),
+     TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251),
+     TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28),
+     TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea),
+     TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e),
+     TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af),
+     TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b),
+     TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa),
+     TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582),
+     TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468),
+     TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0),
+     TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2),
+     TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed),
+     TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0),
+     TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7),
+     TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426),
+     TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241),
+     TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace),
+     TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885),
+     TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2),
+     TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8),
+     TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd),
+     TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab),
+     TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533),
+     TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd),
+     TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1),
+     TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95),
+     TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff),
+     TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71),
+     TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e),
+     TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba),
+     TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734),
+     TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9),
+     TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703),
+     TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953),
+     TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d),
+     TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5),
+     TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1),
+     TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c),
+     TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da),
+     TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311),
+     TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f),
+     TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0),
+     TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877),
+     TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352),
+     TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba),
+     TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8),
+     TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27),
+     TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd),
+     TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f),
+     TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16),
+     TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0),
+     TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e),
+     TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136),
+     TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f),
+     TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7),
+     TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4),
+     TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca),
+     TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42),
+     TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6),
+     TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1),
+     TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed),
+     TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301),
+     TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b),
+     TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02),
+     TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720),
+     TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef),
+     TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e),
+     TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7),
+     TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795),
+     TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900),
+     TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd),
+     TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54),
+     TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa),
+     TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32),
+     TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db),
+     TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c),
+     TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff),
+     TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544),
+     TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892),
+     TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc),
+     TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c),
+     TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e),
+     TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948),
+     TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37),
+     TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65),
+     TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141),
+     TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a),
+     TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f),
+     TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8),
+     TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9),
+     TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d),
+     TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe),
+     TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1),
+     TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805),
+     TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952),
+     TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37),
+     TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b),
+     TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}
+    ,
+    {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206),
+     TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec),
+     TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3),
+     TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c),
+     TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5),
+     TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529),
+     TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80),
+     TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be),
+     TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c),
+     TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436),
+     TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4),
+     TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a),
+     TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc),
+     TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc),
+     TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56),
+     TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba),
+     TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74),
+     TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439),
+     TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a),
+     TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158),
+     TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e),
+     TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4),
+     TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a),
+     TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321),
+     TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493),
+     TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c),
+     TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9),
+     TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b),
+     TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb),
+     TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f),
+     TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca),
+     TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3),
+     TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27),
+     TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6),
+     TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5),
+     TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d),
+     TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7),
+     TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4),
+     TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0),
+     TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080),
+     TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b),
+     TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc),
+     TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186),
+     TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610),
+     TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3),
+     TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297),
+     TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7),
+     TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76),
+     TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef),
+     TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521),
+     TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da),
+     TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370),
+     TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146),
+     TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5),
+     TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980),
+     TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de),
+     TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8),
+     TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519),
+     TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f),
+     TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f),
+     TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0),
+     TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9),
+     TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917),
+     TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3),
+     TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358),
+     TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a),
+     TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61),
+     TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207),
+     TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c),
+     TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60),
+     TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca),
+     TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493),
+     TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0),
+     TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d),
+     TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24),
+     TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01),
+     TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665),
+     TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839),
+     TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b),
+     TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0),
+     TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09),
+     TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c),
+     TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6),
+     TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4),
+     TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484),
+     TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31),
+     TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9),
+     TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9),
+     TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7),
+     TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4),
+     TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324),
+     TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d),
+     TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e),
+     TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43),
+     TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5),
+     TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60),
+     TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba),
+     TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376),
+     TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a),
+     TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d),
+     TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551),
+     TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba),
+     TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628),
+     TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108),
+     TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9),
+     TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510),
+     TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742),
+     TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207),
+     TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4),
+     TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9),
+     TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32),
+     TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4),
+     TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753),
+     TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f),
+     TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f),
+     TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d),
+     TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20),
+     TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975),
+     TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b),
+     TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b),
+     TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7),
+     TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a),
+     TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade),
+     TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b),
+     TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620),
+     TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6),
+     TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44),
+     TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c),
+     TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585),
+     TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d),
+     TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930),
+     TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a),
+     TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493),
+     TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502),
+     TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed),
+     TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58),
+     TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b),
+     TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788),
+     TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669),
+     TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865),
+     TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3),
+     TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d),
+     TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63),
+     TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e),
+     TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42),
+     TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5),
+     TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07),
+     TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129),
+     TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93),
+     TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f),
+     TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f),
+     TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1),
+     TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b),
+     TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91),
+     TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca),
+     TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824),
+     TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522),
+     TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61),
+     TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b),
+     TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2),
+     TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c),
+     TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e),
+     TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02),
+     TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631),
+     TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d),
+     TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432),
+     TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea),
+     TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb),
+     TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522),
+     TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec),
+     TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e),
+     TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7),
+     TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076),
+     TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5),
+     TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef),
+     TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad),
+     TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf),
+     TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3),
+     TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527),
+     TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0),
+     TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde),
+     TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4),
+     TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d),
+     TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650),
+     TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a),
+     TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265),
+     TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176),
+     TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e),
+     TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1),
+     TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7),
+     TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132),
+     TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025),
+     TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76),
+     TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e),
+     TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2),
+     TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b),
+     TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea),
+     TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b),
+     TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81),
+     TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375),
+     TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65),
+     TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a),
+     TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d),
+     TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5),
+     TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20),
+     TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f),
+     TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03),
+     TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82),
+     TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f),
+     TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122),
+     TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a),
+     TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88),
+     TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e),
+     TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431),
+     TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7),
+     TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c),
+     TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb),
+     TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71),
+     TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d),
+     TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68),
+     TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85),
+     TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f),
+     TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928),
+     TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514),
+     TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd),
+     TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1),
+     TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07),
+     TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c),
+     TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573),
+     TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f),
+     TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403),
+     TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728),
+     TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43),
+     TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b),
+     TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c),
+     TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2),
+     TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8),
+     TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904),
+     TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065),
+     TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6),
+     TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0),
+     TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588),
+     TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73),
+     TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493),
+     TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3),
+     TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9),
+     TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58),
+     TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314),
+     TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a),
+     TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288),
+     TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26),
+     TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3),
+     TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5),
+     TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967),
+     TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6),
+     TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}
+    ,
+    {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366),
+     TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5),
+     TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576),
+     TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7),
+     TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957),
+     TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4),
+     TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682),
+     TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae),
+     TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf),
+     TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9),
+     TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4),
+     TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402),
+     TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06),
+     TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381),
+     TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b),
+     TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa),
+     TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784),
+     TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228),
+     TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118),
+     TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e),
+     TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550),
+     TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048),
+     TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7),
+     TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d),
+     TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5),
+     TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f),
+     TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68),
+     TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3),
+     TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67),
+     TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0),
+     TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19),
+     TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077),
+     TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494),
+     TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4),
+     TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7),
+     TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67),
+     TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6),
+     TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8),
+     TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27),
+     TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0),
+     TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096),
+     TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d),
+     TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21),
+     TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb),
+     TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2),
+     TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc),
+     TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c),
+     TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84),
+     TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a),
+     TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b),
+     TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0),
+     TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69),
+     TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937),
+     TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3),
+     TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422),
+     TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6),
+     TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06),
+     TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce),
+     TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598),
+     TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05),
+     TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d),
+     TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08),
+     TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158),
+     TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4),
+     TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221),
+     TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85),
+     TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5),
+     TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284),
+     TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2),
+     TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73),
+     TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90),
+     TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3),
+     TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e),
+     TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a),
+     TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80),
+     TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e),
+     TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4),
+     TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064),
+     TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab),
+     TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02),
+     TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7),
+     TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc),
+     TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1),
+     TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c),
+     TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb),
+     TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8),
+     TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe),
+     TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b),
+     TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736),
+     TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0),
+     TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83),
+     TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393),
+     TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b),
+     TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae),
+     TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5),
+     TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30),
+     TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3),
+     TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a),
+     TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066),
+     TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e),
+     TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3),
+     TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf),
+     TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6),
+     TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289),
+     TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684),
+     TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5),
+     TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e),
+     TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c),
+     TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0),
+     TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f),
+     TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2),
+     TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7),
+     TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a),
+     TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45),
+     TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9),
+     TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5),
+     TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531),
+     TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af),
+     TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f),
+     TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e),
+     TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db),
+     TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7),
+     TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073),
+     TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa),
+     TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87),
+     TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f),
+     TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace),
+     TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58),
+     TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9),
+     TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41),
+     TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f),
+     TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59),
+     TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0),
+     TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961),
+     TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c),
+     TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225),
+     TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef),
+     TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734),
+     TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6),
+     TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6),
+     TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06),
+     TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08),
+     TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de),
+     TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff),
+     TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe),
+     TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e),
+     TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee),
+     TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056),
+     TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0),
+     TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709),
+     TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0),
+     TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a),
+     TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a),
+     TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d),
+     TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6),
+     TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a),
+     TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32),
+     TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d),
+     TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a),
+     TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870),
+     TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653),
+     TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea),
+     TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc),
+     TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf),
+     TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4),
+     TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390),
+     TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc),
+     TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88),
+     TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041),
+     TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe),
+     TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0),
+     TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020),
+     TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079),
+     TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662),
+     TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53),
+     TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d),
+     TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b),
+     TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c),
+     TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c),
+     TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251),
+     TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7),
+     TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238),
+     TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce),
+     TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e),
+     TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c),
+     TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592),
+     TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8),
+     TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08),
+     TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7),
+     TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7),
+     TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc),
+     TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13),
+     TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c),
+     TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63),
+     TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea),
+     TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26),
+     TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1),
+     TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa),
+     TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483),
+     TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c),
+     TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea),
+     TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103),
+     TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4),
+     TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d),
+     TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61),
+     TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80),
+     TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e),
+     TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88),
+     TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3),
+     TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10),
+     TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69),
+     TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413),
+     TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475),
+     TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4),
+     TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d),
+     TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e),
+     TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac),
+     TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553),
+     TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290),
+     TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732),
+     TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f),
+     TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46),
+     TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486),
+     TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a),
+     TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392),
+     TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b),
+     TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa),
+     TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6),
+     TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475),
+     TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644),
+     TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3),
+     TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17),
+     TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44),
+     TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688),
+     TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b),
+     TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c),
+     TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958),
+     TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea),
+     TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb),
+     TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb),
+     TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a),
+     TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50),
+     TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588),
+     TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4),
+     TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420),
+     TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6),
+     TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2),
+     TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd),
+     TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4),
+     TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82),
+     TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8),
+     TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a),
+     TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20),
+     TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8),
+     TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27),
+     TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}
+    ,
+    {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350),
+     TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e),
+     TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b),
+     TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78),
+     TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c),
+     TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893),
+     TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3),
+     TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07),
+     TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325),
+     TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3),
+     TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64),
+     TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614),
+     TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63),
+     TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b),
+     TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71),
+     TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f),
+     TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2),
+     TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad),
+     TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498),
+     TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3),
+     TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6),
+     TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24),
+     TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb),
+     TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4),
+     TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b),
+     TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17),
+     TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621),
+     TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c),
+     TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef),
+     TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39),
+     TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665),
+     TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69),
+     TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9),
+     TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0),
+     TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0),
+     TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8),
+     TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1),
+     TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe),
+     TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c),
+     TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615),
+     TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef),
+     TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba),
+     TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030),
+     TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725),
+     TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362),
+     TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990),
+     TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd),
+     TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca),
+     TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581),
+     TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5),
+     TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51),
+     TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76),
+     TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97),
+     TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd),
+     TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b),
+     TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715),
+     TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51),
+     TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b),
+     TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3),
+     TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924),
+     TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49),
+     TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4),
+     TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb),
+     TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d),
+     TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369),
+     TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae),
+     TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1),
+     TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed),
+     TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3),
+     TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac),
+     TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933),
+     TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369),
+     TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13),
+     TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6),
+     TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956),
+     TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a),
+     TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c),
+     TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55),
+     TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e),
+     TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5),
+     TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a),
+     TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72),
+     TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0),
+     TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704),
+     TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0),
+     TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e),
+     TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092),
+     TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2),
+     TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164),
+     TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0),
+     TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f),
+     TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b),
+     TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b),
+     TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512),
+     TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b),
+     TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd),
+     TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e),
+     TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32),
+     TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963),
+     TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a),
+     TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48),
+     TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a),
+     TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a),
+     TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2),
+     TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925),
+     TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd),
+     TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c),
+     TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae),
+     TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b),
+     TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a),
+     TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb),
+     TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504),
+     TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34),
+     TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f),
+     TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1),
+     TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51),
+     TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9),
+     TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867),
+     TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac),
+     TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85),
+     TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee),
+     TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6),
+     TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c),
+     TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b),
+     TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241),
+     TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df),
+     TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0),
+     TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b),
+     TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034),
+     TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6),
+     TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e),
+     TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0),
+     TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb),
+     TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111),
+     TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7),
+     TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f),
+     TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e),
+     TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02),
+     TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b),
+     TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d),
+     TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d),
+     TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5),
+     TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2),
+     TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc),
+     TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c),
+     TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384),
+     TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752),
+     TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0),
+     TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc),
+     TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc),
+     TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062),
+     TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7),
+     TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8),
+     TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d),
+     TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8),
+     TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19),
+     TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf),
+     TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536),
+     TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837),
+     TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740),
+     TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7),
+     TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7),
+     TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a),
+     TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab),
+     TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8),
+     TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b),
+     TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef),
+     TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75),
+     TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72),
+     TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0),
+     TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79),
+     TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151),
+     TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21),
+     TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a),
+     TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc),
+     TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b),
+     TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f),
+     TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552),
+     TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb),
+     TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8),
+     TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95),
+     TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be),
+     TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387),
+     TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a),
+     TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de),
+     TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3),
+     TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e),
+     TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7),
+     TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57),
+     TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706),
+     TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d),
+     TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5),
+     TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7),
+     TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6),
+     TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d),
+     TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7),
+     TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f),
+     TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db),
+     TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291),
+     TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8),
+     TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080),
+     TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02),
+     TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12),
+     TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc),
+     TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397),
+     TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4),
+     TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba),
+     TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a),
+     TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd),
+     TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180),
+     TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678),
+     TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf),
+     TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f),
+     TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b),
+     TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a),
+     TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9),
+     TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c),
+     TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd),
+     TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011),
+     TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c),
+     TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde),
+     TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0),
+     TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357),
+     TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6),
+     TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719),
+     TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe),
+     TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996),
+     TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e),
+     TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3),
+     TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec),
+     TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44),
+     TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335),
+     TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba),
+     TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686),
+     TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e),
+     TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51),
+     TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c),
+     TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f),
+     TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b),
+     TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b),
+     TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792),
+     TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89),
+     TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2),
+     TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705),
+     TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3),
+     TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734),
+     TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3),
+     TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41),
+     TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075),
+     TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb),
+     TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d),
+     TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643),
+     TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83),
+     TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588),
+     TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127),
+     TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}
+    ,
+    {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c),
+     TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698),
+     TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81),
+     TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d),
+     TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7),
+     TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724),
+     TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac),
+     TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e),
+     TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0),
+     TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd),
+     TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031),
+     TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73),
+     TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e),
+     TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9),
+     TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a),
+     TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695),
+     TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466),
+     TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b),
+     TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15),
+     TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357),
+     TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97),
+     TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d),
+     TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6),
+     TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8),
+     TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da),
+     TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c),
+     TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8),
+     TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07),
+     TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0),
+     TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2),
+     TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5),
+     TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0),
+     TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c),
+     TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e),
+     TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07),
+     TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1),
+     TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8),
+     TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05),
+     TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b),
+     TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b),
+     TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8),
+     TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b),
+     TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821),
+     TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a),
+     TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc),
+     TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd),
+     TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f),
+     TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6),
+     TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461),
+     TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47),
+     TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04),
+     TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc),
+     TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4),
+     TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f),
+     TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040),
+     TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1),
+     TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564),
+     TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619),
+     TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a),
+     TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f),
+     TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b),
+     TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a),
+     TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560),
+     TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd),
+     TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a),
+     TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62),
+     TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880),
+     TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b),
+     TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943),
+     TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894),
+     TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f),
+     TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c),
+     TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290),
+     TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6),
+     TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f),
+     TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d),
+     TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c),
+     TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e),
+     TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342),
+     TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d),
+     TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078),
+     TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645),
+     TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e),
+     TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c),
+     TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9),
+     TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8),
+     TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7),
+     TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c),
+     TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596),
+     TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499),
+     TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b),
+     TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c),
+     TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a),
+     TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43),
+     TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a),
+     TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b),
+     TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0),
+     TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578),
+     TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f),
+     TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442),
+     TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17),
+     TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0),
+     TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271),
+     TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70),
+     TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f),
+     TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1),
+     TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93),
+     TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3),
+     TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232),
+     TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf),
+     TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4),
+     TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a),
+     TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17),
+     TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168),
+     TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d),
+     TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1),
+     TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811),
+     TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a),
+     TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0),
+     TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089),
+     TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682),
+     TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456),
+     TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b),
+     TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12),
+     TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69),
+     TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8),
+     TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e),
+     TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5),
+     TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d),
+     TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb),
+     TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1),
+     TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146),
+     TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c),
+     TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e),
+     TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6),
+     TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004),
+     TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9),
+     TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052),
+     TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219),
+     TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c),
+     TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd),
+     TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e),
+     TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a),
+     TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156),
+     TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b),
+     TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa),
+     TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9),
+     TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125),
+     TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3),
+     TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21),
+     TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643),
+     TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6),
+     TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb),
+     TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec),
+     TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac),
+     TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f),
+     TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d),
+     TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62),
+     TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2),
+     TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49),
+     TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044),
+     TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714),
+     TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1),
+     TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d),
+     TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d),
+     TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5),
+     TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73),
+     TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b),
+     TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb),
+     TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490),
+     TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d),
+     TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1),
+     TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6),
+     TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db),
+     TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44),
+     TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd),
+     TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee),
+     TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c),
+     TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a),
+     TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc),
+     TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726),
+     TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02),
+     TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692),
+     TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8),
+     TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b),
+     TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7),
+     TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22),
+     TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6),
+     TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5),
+     TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff),
+     TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0),
+     TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66),
+     TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c),
+     TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729),
+     TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da),
+     TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1),
+     TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049),
+     TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822),
+     TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40),
+     TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2),
+     TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469),
+     TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8),
+     TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14),
+     TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3),
+     TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18),
+     TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040),
+     TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d),
+     TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7),
+     TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7),
+     TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87),
+     TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988),
+     TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98),
+     TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3),
+     TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558),
+     TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1),
+     TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693),
+     TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363),
+     TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da),
+     TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e),
+     TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e),
+     TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9),
+     TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e),
+     TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10),
+     TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db),
+     TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e),
+     TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd),
+     TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9),
+     TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd),
+     TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083),
+     TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab),
+     TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4),
+     TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face),
+     TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd),
+     TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb),
+     TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d),
+     TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df),
+     TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3),
+     TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2),
+     TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8),
+     TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f),
+     TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d),
+     TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340),
+     TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0),
+     TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68),
+     TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df),
+     TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce),
+     TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d),
+     TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e),
+     TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288),
+     TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc),
+     TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274),
+     TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea),
+     TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410),
+     TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58),
+     TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b),
+     TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}
+    ,
+    {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686),
+     TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54),
+     TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964),
+     TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a),
+     TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef),
+     TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0),
+     TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717),
+     TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6),
+     TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729),
+     TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4),
+     TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05),
+     TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a),
+     TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf),
+     TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87),
+     TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264),
+     TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb),
+     TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94),
+     TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00),
+     TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0),
+     TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd),
+     TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84),
+     TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72),
+     TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1),
+     TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d),
+     TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b),
+     TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e),
+     TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca),
+     TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7),
+     TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624),
+     TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346),
+     TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3),
+     TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b),
+     TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620),
+     TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510),
+     TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac),
+     TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4),
+     TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4),
+     TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a),
+     TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627),
+     TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326),
+     TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e),
+     TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727),
+     TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2),
+     TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc),
+     TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223),
+     TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d),
+     TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168),
+     TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299),
+     TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934),
+     TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6),
+     TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028),
+     TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29),
+     TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108),
+     TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5),
+     TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140),
+     TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2),
+     TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63),
+     TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972),
+     TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42),
+     TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474),
+     TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9),
+     TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20),
+     TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2),
+     TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16),
+     TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6),
+     TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b),
+     TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a),
+     TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284),
+     TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80),
+     TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be),
+     TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd),
+     TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9),
+     TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0),
+     TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517),
+     TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7),
+     TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a),
+     TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27),
+     TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01),
+     TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6),
+     TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86),
+     TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27),
+     TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb),
+     TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6),
+     TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0),
+     TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f),
+     TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804),
+     TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592),
+     TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e),
+     TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab),
+     TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11),
+     TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95),
+     TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49),
+     TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0),
+     TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616),
+     TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c),
+     TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96),
+     TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652),
+     TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d),
+     TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10),
+     TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f),
+     TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144),
+     TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf),
+     TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417),
+     TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c),
+     TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66),
+     TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291),
+     TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e),
+     TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a),
+     TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229),
+     TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3),
+     TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef),
+     TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549),
+     TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032),
+     TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b),
+     TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575),
+     TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771),
+     TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e),
+     TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344),
+     TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae),
+     TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188),
+     TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91),
+     TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958),
+     TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598),
+     TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6),
+     TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496),
+     TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813),
+     TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d),
+     TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782),
+     TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02),
+     TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a),
+     TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410),
+     TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2),
+     TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c),
+     TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c),
+     TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8),
+     TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18),
+     TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b),
+     TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da),
+     TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8),
+     TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88),
+     TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4),
+     TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d),
+     TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac),
+     TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1),
+     TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e),
+     TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826),
+     TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215),
+     TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86),
+     TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333),
+     TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546),
+     TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7),
+     TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb),
+     TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749),
+     TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5),
+     TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b),
+     TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26),
+     TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b),
+     TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f),
+     TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981),
+     TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c),
+     TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760),
+     TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551),
+     TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1),
+     TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5),
+     TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f),
+     TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef),
+     TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df),
+     TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150),
+     TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214),
+     TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c),
+     TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e),
+     TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31),
+     TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393),
+     TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6),
+     TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be),
+     TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022),
+     TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65),
+     TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236),
+     TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188),
+     TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a),
+     TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d),
+     TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db),
+     TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349),
+     TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f),
+     TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697),
+     TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7),
+     TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3),
+     TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45),
+     TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401),
+     TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21),
+     TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1),
+     TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b),
+     TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb),
+     TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de),
+     TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388),
+     TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde),
+     TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9),
+     TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db),
+     TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c),
+     TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0),
+     TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342),
+     TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987),
+     TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb),
+     TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86),
+     TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74),
+     TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0),
+     TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce),
+     TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e),
+     TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6),
+     TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8),
+     TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620),
+     TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13),
+     TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821),
+     TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060),
+     TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901),
+     TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286),
+     TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7),
+     TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324),
+     TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012),
+     TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4),
+     TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2),
+     TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286),
+     TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160),
+     TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a),
+     TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d),
+     TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d),
+     TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057),
+     TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b),
+     TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf),
+     TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64),
+     TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b),
+     TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635),
+     TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091),
+     TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985),
+     TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6),
+     TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27),
+     TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b),
+     TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e),
+     TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32),
+     TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393),
+     TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5),
+     TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94),
+     TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357),
+     TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b),
+     TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1),
+     TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9),
+     TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af),
+     TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913),
+     TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e),
+     TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21),
+     TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659),
+     TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8),
+     TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2),
+     TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d),
+     TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef),
+     TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}
+    ,
+    {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8),
+     TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8),
+     TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98),
+     TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02),
+     TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499),
+     TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f),
+     TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192),
+     TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b),
+     TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869),
+     TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e),
+     TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411),
+     TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d),
+     TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a),
+     TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7),
+     TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426),
+     TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173),
+     TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74),
+     TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102),
+     TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2),
+     TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d),
+     TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7),
+     TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012),
+     TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21),
+     TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae),
+     TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e),
+     TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9),
+     TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652),
+     TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4),
+     TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770),
+     TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c),
+     TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b),
+     TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68),
+     TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69),
+     TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868),
+     TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54),
+     TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d),
+     TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b),
+     TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc),
+     TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208),
+     TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6),
+     TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc),
+     TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b),
+     TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8),
+     TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf),
+     TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce),
+     TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3),
+     TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0),
+     TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158),
+     TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d),
+     TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1),
+     TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e),
+     TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67),
+     TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61),
+     TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e),
+     TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875),
+     TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0),
+     TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94),
+     TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e),
+     TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822),
+     TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0),
+     TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b),
+     TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd),
+     TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f),
+     TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca),
+     TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247),
+     TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433),
+     TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8),
+     TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11),
+     TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741),
+     TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a),
+     TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6),
+     TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834),
+     TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938),
+     TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd),
+     TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35),
+     TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31),
+     TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f),
+     TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403),
+     TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4),
+     TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e),
+     TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e),
+     TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541),
+     TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02),
+     TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3),
+     TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf),
+     TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9),
+     TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52),
+     TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc),
+     TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b),
+     TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72),
+     TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70),
+     TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12),
+     TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1),
+     TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e),
+     TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2),
+     TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28),
+     TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd),
+     TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163),
+     TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce),
+     TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e),
+     TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3),
+     TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe),
+     TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a),
+     TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e),
+     TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98),
+     TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1),
+     TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700),
+     TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a),
+     TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971),
+     TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939),
+     TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2),
+     TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263),
+     TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7),
+     TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3),
+     TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2),
+     TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5),
+     TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09),
+     TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f),
+     TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392),
+     TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da),
+     TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665),
+     TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0),
+     TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c),
+     TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2),
+     TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe),
+     TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9),
+     TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097),
+     TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636),
+     TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f),
+     TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76),
+     TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7),
+     TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294),
+     TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62),
+     TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f),
+     TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d),
+     TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063),
+     TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b),
+     TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b),
+     TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42),
+     TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c),
+     TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e),
+     TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab),
+     TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52),
+     TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39),
+     TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91),
+     TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae),
+     TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b),
+     TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d),
+     TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588),
+     TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da),
+     TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1),
+     TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9),
+     TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35),
+     TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22),
+     TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081),
+     TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80),
+     TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2),
+     TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec),
+     TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7),
+     TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f),
+     TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66),
+     TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83),
+     TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce),
+     TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf),
+     TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902),
+     TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32),
+     TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660),
+     TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d),
+     TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d),
+     TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0),
+     TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46),
+     TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef),
+     TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9),
+     TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec),
+     TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be),
+     TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f),
+     TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293),
+     TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1),
+     TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0),
+     TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115),
+     TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c),
+     TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd),
+     TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d),
+     TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8),
+     TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419),
+     TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2),
+     TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234),
+     TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb),
+     TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350),
+     TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128),
+     TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf),
+     TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362),
+     TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b),
+     TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e),
+     TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573),
+     TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958),
+     TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595),
+     TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842),
+     TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a),
+     TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d),
+     TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171),
+     TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29),
+     TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6),
+     TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc),
+     TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779),
+     TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31),
+     TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a),
+     TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a),
+     TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd),
+     TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5),
+     TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d),
+     TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f),
+     TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274),
+     TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3),
+     TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9),
+     TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87),
+     TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1),
+     TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033),
+     TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3),
+     TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af),
+     TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da),
+     TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd),
+     TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391),
+     TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d),
+     TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a),
+     TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13),
+     TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05),
+     TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e),
+     TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7),
+     TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d),
+     TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4),
+     TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac),
+     TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38),
+     TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f),
+     TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f),
+     TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092),
+     TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70),
+     TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac),
+     TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31),
+     TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f),
+     TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461),
+     TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073),
+     TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811),
+     TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851),
+     TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418),
+     TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027),
+     TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330),
+     TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df),
+     TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f),
+     TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7),
+     TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0),
+     TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e),
+     TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868),
+     TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea),
+     TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff),
+     TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}
+    ,
+    {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb),
+     TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81),
+     TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a),
+     TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522),
+     TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd),
+     TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c),
+     TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea),
+     TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9),
+     TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf),
+     TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e),
+     TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4),
+     TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537),
+     TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f),
+     TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc),
+     TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205),
+     TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de),
+     TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab),
+     TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff),
+     TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8),
+     TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b),
+     TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3),
+     TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f),
+     TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524),
+     TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1),
+     TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8),
+     TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa),
+     TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8),
+     TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474),
+     TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549),
+     TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa),
+     TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd),
+     TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985),
+     TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa),
+     TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8),
+     TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5),
+     TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf),
+     TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c),
+     TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd),
+     TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb),
+     TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5),
+     TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c),
+     TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e),
+     TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca),
+     TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7),
+     TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958),
+     TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d),
+     TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a),
+     TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b),
+     TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e),
+     TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5),
+     TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7),
+     TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a),
+     TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8),
+     TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392),
+     TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4),
+     TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd),
+     TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c),
+     TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744),
+     TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459),
+     TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b),
+     TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379),
+     TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e),
+     TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483),
+     TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa),
+     TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9),
+     TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f),
+     TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a),
+     TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398),
+     TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16),
+     TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1),
+     TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5),
+     TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349),
+     TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d),
+     TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0),
+     TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d),
+     TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9),
+     TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe),
+     TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c),
+     TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4),
+     TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f),
+     TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754),
+     TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3),
+     TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a),
+     TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852),
+     TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac),
+     TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9),
+     TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa),
+     TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323),
+     TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455),
+     TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411),
+     TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435),
+     TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e),
+     TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18),
+     TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495),
+     TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400),
+     TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0),
+     TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210),
+     TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70),
+     TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42),
+     TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a),
+     TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773),
+     TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b),
+     TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832),
+     TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3),
+     TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97),
+     TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01),
+     TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5),
+     TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281),
+     TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc),
+     TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0),
+     TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c),
+     TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6),
+     TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be),
+     TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1),
+     TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e),
+     TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96),
+     TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45),
+     TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e),
+     TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1),
+     TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46),
+     TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863),
+     TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8),
+     TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2),
+     TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024),
+     TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb),
+     TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d),
+     TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4),
+     TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7),
+     TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148),
+     TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40),
+     TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d),
+     TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201),
+     TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41),
+     TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016),
+     TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e),
+     TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1),
+     TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88),
+     TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b),
+     TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443),
+     TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2),
+     TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4),
+     TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e),
+     TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57),
+     TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac),
+     TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b),
+     TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29),
+     TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79),
+     TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031),
+     TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a),
+     TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b),
+     TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752),
+     TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2),
+     TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d),
+     TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13),
+     TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6),
+     TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e),
+     TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165),
+     TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9),
+     TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e),
+     TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561),
+     TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40),
+     TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da),
+     TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02),
+     TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3),
+     TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b),
+     TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639),
+     TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8),
+     TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab),
+     TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10),
+     TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd),
+     TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b),
+     TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8),
+     TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66),
+     TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40),
+     TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd),
+     TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b),
+     TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb),
+     TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442),
+     TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0),
+     TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628),
+     TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be),
+     TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2),
+     TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d),
+     TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca),
+     TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed),
+     TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06),
+     TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57),
+     TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2),
+     TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7),
+     TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435),
+     TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3),
+     TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78),
+     TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c),
+     TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57),
+     TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f),
+     TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c),
+     TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5),
+     TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f),
+     TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7),
+     TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf),
+     TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c),
+     TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8),
+     TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12),
+     TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a),
+     TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919),
+     TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5),
+     TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154),
+     TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1),
+     TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285),
+     TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7),
+     TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c),
+     TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517),
+     TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523),
+     TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00),
+     TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63),
+     TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946),
+     TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1),
+     TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60),
+     TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d),
+     TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d),
+     TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438),
+     TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507),
+     TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2),
+     TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd),
+     TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3),
+     TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126),
+     TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba),
+     TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569),
+     TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b),
+     TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321),
+     TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff),
+     TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731),
+     TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd),
+     TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b),
+     TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1),
+     TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041),
+     TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7),
+     TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6),
+     TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6),
+     TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b),
+     TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5),
+     TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823),
+     TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5),
+     TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1),
+     TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306),
+     TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2),
+     TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df),
+     TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8),
+     TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18),
+     TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a),
+     TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5),
+     TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa),
+     TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640),
+     TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670),
+     TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed),
+     TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}
+    ,
+    {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7),
+     TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e),
+     TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d),
+     TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef),
+     TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090),
+     TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124),
+     TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3),
+     TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad),
+     TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46),
+     TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505),
+     TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33),
+     TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1),
+     TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0),
+     TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec),
+     TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00),
+     TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695),
+     TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a),
+     TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1),
+     TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1),
+     TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604),
+     TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094),
+     TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33),
+     TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773),
+     TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20),
+     TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0),
+     TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc),
+     TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5),
+     TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846),
+     TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d),
+     TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9),
+     TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2),
+     TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342),
+     TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e),
+     TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f),
+     TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb),
+     TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8),
+     TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c),
+     TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef),
+     TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485),
+     TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799),
+     TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c),
+     TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a),
+     TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374),
+     TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2),
+     TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1),
+     TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f),
+     TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0),
+     TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98),
+     TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa),
+     TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe),
+     TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568),
+     TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6),
+     TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db),
+     TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39),
+     TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed),
+     TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a),
+     TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97),
+     TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe),
+     TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116),
+     TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192),
+     TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e),
+     TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201),
+     TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66),
+     TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11),
+     TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819),
+     TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709),
+     TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671),
+     TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1),
+     TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2),
+     TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a),
+     TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9),
+     TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84),
+     TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f),
+     TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a),
+     TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e),
+     TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a),
+     TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e),
+     TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0),
+     TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f),
+     TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf),
+     TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05),
+     TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596),
+     TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674),
+     TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25),
+     TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825),
+     TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e),
+     TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6),
+     TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5),
+     TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e),
+     TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de),
+     TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7),
+     TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf),
+     TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd),
+     TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad),
+     TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced),
+     TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178),
+     TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547),
+     TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96),
+     TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0),
+     TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98),
+     TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994),
+     TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa),
+     TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa),
+     TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81),
+     TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a),
+     TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148),
+     TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab),
+     TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80),
+     TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3),
+     TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb),
+     TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41),
+     TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa),
+     TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a),
+     TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a),
+     TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd),
+     TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831),
+     TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe),
+     TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6),
+     TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810),
+     TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a),
+     TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a),
+     TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054),
+     TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9),
+     TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4),
+     TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604),
+     TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb),
+     TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff),
+     TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb),
+     TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa),
+     TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d),
+     TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c),
+     TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef),
+     TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857),
+     TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a),
+     TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6),
+     TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35),
+     TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302),
+     TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe),
+     TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f),
+     TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa),
+     TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9),
+     TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a),
+     TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515),
+     TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4),
+     TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642),
+     TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf),
+     TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3),
+     TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac),
+     TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1),
+     TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196),
+     TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77),
+     TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f),
+     TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374),
+     TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6),
+     TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131),
+     TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001),
+     TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd),
+     TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115),
+     TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617),
+     TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b),
+     TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1),
+     TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a),
+     TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c),
+     TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7),
+     TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178),
+     TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770),
+     TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a),
+     TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e),
+     TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b),
+     TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f),
+     TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef),
+     TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686),
+     TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff),
+     TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee),
+     TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2),
+     TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1),
+     TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1),
+     TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7),
+     TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9),
+     TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046),
+     TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6),
+     TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5),
+     TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644),
+     TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197),
+     TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17),
+     TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253),
+     TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be),
+     TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188),
+     TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e),
+     TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf),
+     TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397),
+     TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2),
+     TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571),
+     TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1),
+     TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9),
+     TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa),
+     TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4),
+     TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb),
+     TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575),
+     TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b),
+     TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c),
+     TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af),
+     TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a),
+     TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f),
+     TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900),
+     TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958),
+     TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7),
+     TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5),
+     TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23),
+     TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051),
+     TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0),
+     TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8),
+     TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656),
+     TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4),
+     TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16),
+     TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9),
+     TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57),
+     TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0),
+     TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817),
+     TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490),
+     TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f),
+     TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6),
+     TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637),
+     TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0),
+     TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047),
+     TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44),
+     TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b),
+     TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445),
+     TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8),
+     TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503),
+     TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71),
+     TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d),
+     TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993),
+     TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47),
+     TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203),
+     TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd),
+     TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480),
+     TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733),
+     TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9),
+     TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3),
+     TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1),
+     TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce),
+     TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa),
+     TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd),
+     TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5),
+     TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358),
+     TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b),
+     TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8),
+     TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b),
+     TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562),
+     TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b),
+     TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef),
+     TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9),
+     TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3),
+     TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952),
+     TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636),}
+    ,
+    {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00),
+     TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28),
+     TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949),
+     TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742),
+     TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34),
+     TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5),
+     TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc),
+     TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f),
+     TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7),
+     TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3),
+     TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c),
+     TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f),
+     TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a),
+     TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620),
+     TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa),
+     TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6),
+     TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7),
+     TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999),
+     TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c),
+     TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327),
+     TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f),
+     TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb),
+     TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d),
+     TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390),
+     TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590),
+     TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d),
+     TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8),
+     TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015),
+     TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4),
+     TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6),
+     TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3),
+     TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b),
+     TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319),
+     TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e),
+     TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3),
+     TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414),
+     TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5),
+     TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e),
+     TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a),
+     TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f),
+     TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107),
+     TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159),
+     TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567),
+     TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc),
+     TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1),
+     TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b),
+     TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f),
+     TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b),
+     TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176),
+     TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e),
+     TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547),
+     TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707),
+     TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e),
+     TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d),
+     TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909),
+     TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442),
+     TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65),
+     TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b),
+     TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90),
+     TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24),
+     TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc),
+     TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f),
+     TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35),
+     TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98),
+     TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6),
+     TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1),
+     TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182),
+     TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6),
+     TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351),
+     TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491),
+     TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e),
+     TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4),
+     TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688),
+     TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4),
+     TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc),
+     TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c),
+     TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c),
+     TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4),
+     TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e),
+     TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f),
+     TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381),
+     TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7),
+     TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150),
+     TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422),
+     TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391),
+     TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035),
+     TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe),
+     TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9),
+     TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8),
+     TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7),
+     TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c),
+     TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80),
+     TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d),
+     TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e),
+     TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9),
+     TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199),
+     TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7),
+     TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1),
+     TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829),
+     TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97),
+     TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133),
+     TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba),
+     TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139),
+     TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b),
+     TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53),
+     TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60),
+     TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff),
+     TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d),
+     TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6),
+     TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305),
+     TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249),
+     TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8),
+     TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93),
+     TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4),
+     TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f),
+     TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b),
+     TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142),
+     TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5),
+     TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e),
+     TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31),
+     TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452),
+     TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca),
+     TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289),
+     TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37),
+     TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182),
+     TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f),
+     TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d),
+     TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe),
+     TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa),
+     TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409),
+     TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a),
+     TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1),
+     TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b),
+     TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf),
+     TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215),
+     TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b),
+     TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca),
+     TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79),
+     TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1),
+     TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd),
+     TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0),
+     TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06),
+     TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6),
+     TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf),
+     TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd),
+     TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb),
+     TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683),
+     TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208),
+     TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3),
+     TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7),
+     TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db),
+     TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a),
+     TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109),
+     TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32),
+     TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25),
+     TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856),
+     TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b),
+     TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c),
+     TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac),
+     TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d),
+     TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f),
+     TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4),
+     TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1),
+     TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff),
+     TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09),
+     TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc),
+     TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781),
+     TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5),
+     TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502),
+     TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8),
+     TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123),
+     TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112),
+     TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd),
+     TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3),
+     TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770),
+     TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d),
+     TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729),
+     TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b),
+     TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f),
+     TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4),
+     TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f),
+     TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26),
+     TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9),
+     TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf),
+     TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6),
+     TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59),
+     TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce),
+     TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc),
+     TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249),
+     TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d),
+     TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f),
+     TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475),
+     TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b),
+     TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb),
+     TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103),
+     TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9),
+     TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97),
+     TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674),
+     TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46),
+     TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6),
+     TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8),
+     TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337),
+     TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8),
+     TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f),
+     TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96),
+     TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56),
+     TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639),
+     TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a),
+     TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf),
+     TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051),
+     TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab),
+     TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530),
+     TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f),
+     TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96),
+     TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff),
+     TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034),
+     TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076),
+     TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b),
+     TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071),
+     TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b),
+     TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7),
+     TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44),
+     TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9),
+     TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c),
+     TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2),
+     TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1),
+     TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b),
+     TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d),
+     TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576),
+     TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95),
+     TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c),
+     TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f),
+     TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758),
+     TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016),
+     TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3),
+     TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85),
+     TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da),
+     TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3),
+     TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e),
+     TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0),
+     TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d),
+     TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b),
+     TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f),
+     TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8),
+     TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2),
+     TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b),
+     TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe),
+     TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd),
+     TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb),
+     TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b),
+     TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a),
+     TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd),
+     TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d),
+     TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3),
+     TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a),
+     TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}
+    ,
+    {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d),
+     TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04),
+     TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d),
+     TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152),
+     TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7),
+     TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc),
+     TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42),
+     TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036),
+     TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e),
+     TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83),
+     TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d),
+     TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3),
+     TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed),
+     TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32),
+     TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b),
+     TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc),
+     TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747),
+     TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f),
+     TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99),
+     TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a),
+     TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc),
+     TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5),
+     TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed),
+     TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533),
+     TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1),
+     TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493),
+     TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549),
+     TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5),
+     TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04),
+     TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d),
+     TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e),
+     TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44),
+     TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5),
+     TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b),
+     TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92),
+     TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e),
+     TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61),
+     TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a),
+     TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b),
+     TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253),
+     TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f),
+     TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1),
+     TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347),
+     TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b),
+     TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7),
+     TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819),
+     TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e),
+     TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6),
+     TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4),
+     TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070),
+     TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b),
+     TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b),
+     TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016),
+     TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a),
+     TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790),
+     TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0),
+     TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371),
+     TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba),
+     TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256),
+     TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6),
+     TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4),
+     TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc),
+     TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0),
+     TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711),
+     TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8),
+     TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c),
+     TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b),
+     TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4),
+     TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a),
+     TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a),
+     TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b),
+     TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5),
+     TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1),
+     TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3),
+     TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe),
+     TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45),
+     TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc),
+     TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6),
+     TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97),
+     TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e),
+     TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5),
+     TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1),
+     TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe),
+     TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc),
+     TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb),
+     TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd),
+     TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b),
+     TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db),
+     TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb),
+     TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048),
+     TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2),
+     TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46),
+     TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b),
+     TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0),
+     TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550),
+     TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418),
+     TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282),
+     TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c),
+     TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc),
+     TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a),
+     TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f),
+     TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4),
+     TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf),
+     TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90),
+     TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe),
+     TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab),
+     TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea),
+     TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b),
+     TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64),
+     TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b),
+     TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae),
+     TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc),
+     TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2),
+     TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6),
+     TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8),
+     TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe),
+     TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0),
+     TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f),
+     TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0),
+     TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6),
+     TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953),
+     TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1),
+     TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4),
+     TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094),
+     TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab),
+     TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831),
+     TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5),
+     TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f),
+     TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5),
+     TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce),
+     TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381),
+     TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897),
+     TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301),
+     TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699),
+     TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20),
+     TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9),
+     TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2),
+     TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910),
+     TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a),
+     TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242),
+     TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f),
+     TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98),
+     TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0),
+     TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6),
+     TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0),
+     TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc),
+     TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7),
+     TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3),
+     TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d),
+     TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e),
+     TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5),
+     TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f),
+     TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d),
+     TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c),
+     TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123),
+     TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c),
+     TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b),
+     TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa),
+     TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524),
+     TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820),
+     TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654),
+     TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c),
+     TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6),
+     TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1),
+     TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32),
+     TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234),
+     TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f),
+     TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8),
+     TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48),
+     TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2),
+     TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e),
+     TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6),
+     TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca),
+     TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55),
+     TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c),
+     TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385),
+     TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a),
+     TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc),
+     TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc),
+     TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce),
+     TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842),
+     TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0),
+     TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce),
+     TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365),
+     TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159),
+     TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181),
+     TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4),
+     TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb),
+     TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a),
+     TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b),
+     TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495),
+     TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95),
+     TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085),
+     TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e),
+     TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049),
+     TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538),
+     TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268),
+     TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff),
+     TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea),
+     TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711),
+     TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975),
+     TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875),
+     TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766),
+     TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c),
+     TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1),
+     TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e),
+     TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a),
+     TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a),
+     TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b),
+     TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025),
+     TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35),
+     TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d),
+     TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603),
+     TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9),
+     TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31),
+     TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934),
+     TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11),
+     TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c),
+     TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3),
+     TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125),
+     TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe),
+     TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920),
+     TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603),
+     TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2),
+     TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28),
+     TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083),
+     TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3),
+     TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0),
+     TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7),
+     TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6),
+     TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608),
+     TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33),
+     TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5),
+     TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066),
+     TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9),
+     TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb),
+     TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937),
+     TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9),
+     TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f),
+     TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c),
+     TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981),
+     TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163),
+     TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95),
+     TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9),
+     TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a),
+     TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831),
+     TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c),
+     TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d),
+     TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb),
+     TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe),
+     TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc),
+     TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a),
+     TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284),
+     TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7),
+     TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84),
+     TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a),}
+    ,
+    {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34),
+     TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda),
+     TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7),
+     TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997),
+     TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e),
+     TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448),
+     TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9),
+     TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368),
+     TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc),
+     TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb),
+     TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302),
+     TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106),
+     TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce),
+     TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f),
+     TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7),
+     TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d),
+     TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff),
+     TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc),
+     TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac),
+     TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e),
+     TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3),
+     TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f),
+     TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323),
+     TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591),
+     TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9),
+     TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186),
+     TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0),
+     TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71),
+     TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac),
+     TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff),
+     TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5),
+     TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444),
+     TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8),
+     TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a),
+     TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a),
+     TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e),
+     TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062),
+     TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027),
+     TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3),
+     TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01),
+     TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b),
+     TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef),
+     TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f),
+     TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51),
+     TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745),
+     TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6),
+     TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2),
+     TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310),
+     TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22),
+     TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7),
+     TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8),
+     TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b),
+     TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934),
+     TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7),
+     TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2),
+     TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74),
+     TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df),
+     TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a),
+     TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62),
+     TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9),
+     TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e),
+     TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047),
+     TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9),
+     TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f),
+     TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b),
+     TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d),
+     TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db),
+     TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7),
+     TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1),
+     TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c),
+     TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449),
+     TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9),
+     TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080),
+     TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a),
+     TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785),
+     TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c),
+     TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728),
+     TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6),
+     TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777),
+     TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98),
+     TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d),
+     TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a),
+     TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92),
+     TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6),
+     TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f),
+     TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32),
+     TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6),
+     TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8),
+     TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5),
+     TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267),
+     TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5),
+     TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98),
+     TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b),
+     TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d),
+     TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724),
+     TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232),
+     TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61),
+     TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f),
+     TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43),
+     TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026),
+     TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e),
+     TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383),
+     TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d),
+     TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b),
+     TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91),
+     TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d),
+     TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d),
+     TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e),
+     TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1),
+     TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46),
+     TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67),
+     TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c),
+     TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1),
+     TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741),
+     TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194),
+     TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988),
+     TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85),
+     TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046),
+     TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301),
+     TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb),
+     TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27),
+     TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c),
+     TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29),
+     TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa),
+     TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78),
+     TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75),
+     TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6),
+     TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670),
+     TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988),
+     TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b),
+     TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e),
+     TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2),
+     TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc),
+     TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29),
+     TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee),
+     TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e),
+     TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4),
+     TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89),
+     TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9),
+     TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2),
+     TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1),
+     TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2),
+     TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e),
+     TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6),
+     TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1),
+     TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965),
+     TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97),
+     TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02),
+     TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be),
+     TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b),
+     TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e),
+     TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92),
+     TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f),
+     TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53),
+     TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320),
+     TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433),
+     TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3),
+     TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d),
+     TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f),
+     TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055),
+     TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd),
+     TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9),
+     TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284),
+     TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492),
+     TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f),
+     TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490),
+     TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119),
+     TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba),
+     TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9),
+     TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783),
+     TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c),
+     TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb),
+     TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630),
+     TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce),
+     TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a),
+     TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e),
+     TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331),
+     TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab),
+     TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f),
+     TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b),
+     TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f),
+     TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607),
+     TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5),
+     TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108),
+     TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1),
+     TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb),
+     TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0),
+     TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf),
+     TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d),
+     TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546),
+     TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b),
+     TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d),
+     TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3),
+     TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061),
+     TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f),
+     TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd),
+     TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6),
+     TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1),
+     TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d),
+     TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47),
+     TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29),
+     TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354),
+     TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996),
+     TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528),
+     TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4),
+     TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd),
+     TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb),
+     TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae),
+     TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660),
+     TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9),
+     TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76),
+     TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732),
+     TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082),
+     TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98),
+     TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61),
+     TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3),
+     TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73),
+     TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7),
+     TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297),
+     TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927),
+     TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93),
+     TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396),
+     TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2),
+     TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d),
+     TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74),
+     TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76),
+     TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65),
+     TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4),
+     TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea),
+     TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003),
+     TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783),
+     TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018),
+     TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297),
+     TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc),
+     TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8),
+     TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143),
+     TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167),
+     TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f),
+     TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda),
+     TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664),
+     TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2),
+     TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b),
+     TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab),
+     TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4),
+     TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3),
+     TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2),
+     TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942),
+     TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f),
+     TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097),
+     TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c),
+     TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa),
+     TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360),
+     TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150),
+     TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007),
+     TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5),
+     TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}
+    ,
+    {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b),
+     TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab),
+     TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f),
+     TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55),
+     TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2),
+     TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df),
+     TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c),
+     TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf),
+     TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410),
+     TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7),
+     TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c),
+     TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca),
+     TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b),
+     TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d),
+     TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450),
+     TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515),
+     TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e),
+     TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284),
+     TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6),
+     TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8),
+     TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4),
+     TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd),
+     TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3),
+     TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8),
+     TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08),
+     TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de),
+     TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b),
+     TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2),
+     TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8),
+     TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb),
+     TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e),
+     TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef),
+     TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd),
+     TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2),
+     TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334),
+     TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a),
+     TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea),
+     TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875),
+     TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b),
+     TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216),
+     TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0),
+     TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243),
+     TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26),
+     TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202),
+     TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7),
+     TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8),
+     TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99),
+     TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4),
+     TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16),
+     TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619),
+     TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a),
+     TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0),
+     TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943),
+     TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463),
+     TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa),
+     TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544),
+     TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986),
+     TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97),
+     TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5),
+     TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd),
+     TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6),
+     TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe),
+     TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19),
+     TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4),
+     TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db),
+     TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e),
+     TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53),
+     TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51),
+     TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd),
+     TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191),
+     TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5),
+     TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01),
+     TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475),
+     TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d),
+     TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e),
+     TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f),
+     TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce),
+     TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38),
+     TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd),
+     TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d),
+     TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9),
+     TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50),
+     TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994),
+     TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d),
+     TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd),
+     TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5),
+     TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8),
+     TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209),
+     TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8),
+     TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a),
+     TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633),
+     TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62),
+     TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c),
+     TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6),
+     TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2),
+     TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42),
+     TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151),
+     TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51),
+     TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d),
+     TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9),
+     TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7),
+     TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4),
+     TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c),
+     TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b),
+     TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5),
+     TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc),
+     TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c),
+     TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18),
+     TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29),
+     TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d),
+     TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c),
+     TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4),
+     TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f),
+     TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec),
+     TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14),
+     TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65),
+     TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d),
+     TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5),
+     TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090),
+     TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef),
+     TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee),
+     TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2),
+     TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4),
+     TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b),
+     TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166),
+     TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007),
+     TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2),
+     TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe),
+     TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f),
+     TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce),
+     TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a),
+     TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71),
+     TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6),
+     TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421),
+     TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a),
+     TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f),
+     TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd),
+     TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03),
+     TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca),
+     TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b),
+     TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e),
+     TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702),
+     TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007),
+     TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447),
+     TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f),
+     TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1),
+     TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172),
+     TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48),
+     TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00),
+     TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361),
+     TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446),
+     TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41),
+     TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224),
+     TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d),
+     TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937),
+     TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273),
+     TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221),
+     TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1),
+     TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc),
+     TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c),
+     TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca),
+     TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5),
+     TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02),
+     TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c),
+     TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169),
+     TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f),
+     TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d),
+     TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252),
+     TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879),
+     TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3),
+     TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4),
+     TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d),
+     TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927),
+     TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af),
+     TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97),
+     TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79),
+     TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03),
+     TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f),
+     TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca),
+     TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc),
+     TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062),
+     TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13),
+     TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e),
+     TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693),
+     TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf),
+     TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8),
+     TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6),
+     TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a),
+     TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad),
+     TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281),
+     TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4),
+     TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa),
+     TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9),
+     TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2),
+     TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63),
+     TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781),
+     TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c),
+     TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7),
+     TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da),
+     TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99),
+     TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8),
+     TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9),
+     TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c),
+     TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21),
+     TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608),
+     TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2),
+     TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89),
+     TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5),
+     TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88),
+     TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262),
+     TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3),
+     TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e),
+     TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d),
+     TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649),
+     TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c),
+     TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac),
+     TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c),
+     TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca),
+     TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1),
+     TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd),
+     TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1),
+     TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c),
+     TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a),
+     TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757),
+     TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029),
+     TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015),
+     TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5),
+     TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51),
+     TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9),
+     TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07),
+     TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a),
+     TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650),
+     TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba),
+     TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839),
+     TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc),
+     TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc),
+     TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292),
+     TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6),
+     TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e),
+     TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9),
+     TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5),
+     TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01),
+     TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3),
+     TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96),
+     TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd),
+     TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec),
+     TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd),
+     TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf),
+     TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8),
+     TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c),
+     TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f),
+     TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf),
+     TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a),
+     TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d),
+     TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2),
+     TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}
+    ,
+    {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78),
+     TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a),
+     TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051),
+     TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39),
+     TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c),
+     TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452),
+     TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4),
+     TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b),
+     TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c),
+     TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14),
+     TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0),
+     TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270),
+     TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205),
+     TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb),
+     TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e),
+     TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3),
+     TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8),
+     TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb),
+     TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8),
+     TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd),
+     TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb),
+     TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3),
+     TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9),
+     TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b),
+     TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5),
+     TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2),
+     TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61),
+     TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5),
+     TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd),
+     TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9),
+     TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846),
+     TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7),
+     TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c),
+     TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf),
+     TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996),
+     TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47),
+     TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66),
+     TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0),
+     TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4),
+     TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36),
+     TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be),
+     TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad),
+     TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760),
+     TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74),
+     TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154),
+     TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb),
+     TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56),
+     TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a),
+     TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568),
+     TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c),
+     TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d),
+     TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385),
+     TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1),
+     TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081),
+     TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91),
+     TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa),
+     TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316),
+     TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47),
+     TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4),
+     TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345),
+     TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954),
+     TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126),
+     TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24),
+     TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394),
+     TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb),
+     TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9),
+     TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76),
+     TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e),
+     TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5),
+     TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb),
+     TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb),
+     TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be),
+     TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597),
+     TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1),
+     TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09),
+     TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f),
+     TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7),
+     TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e),
+     TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08),
+     TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c),
+     TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03),
+     TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6),
+     TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48),
+     TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745),
+     TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082),
+     TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5),
+     TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f),
+     TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5),
+     TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947),
+     TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539),
+     TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a),
+     TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002),
+     TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb),
+     TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948),
+     TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73),
+     TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e),
+     TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647),
+     TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5),
+     TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490),
+     TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f),
+     TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea),
+     TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3),
+     TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e),
+     TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516),
+     TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e),
+     TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc),
+     TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d),
+     TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604),
+     TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b),
+     TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2),
+     TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2),
+     TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e),
+     TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290),
+     TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4),
+     TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638),
+     TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa),
+     TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307),
+     TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac),
+     TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8),
+     TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8),
+     TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2),
+     TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9),
+     TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095),
+     TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9),
+     TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2),
+     TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849),
+     TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e),
+     TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638),
+     TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506),
+     TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb),
+     TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d),
+     TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4),
+     TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14),
+     TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34),
+     TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10),
+     TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9),
+     TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79),
+     TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b),
+     TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57),
+     TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca),
+     TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb),
+     TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4),
+     TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591),
+     TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f),
+     TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6),
+     TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d),
+     TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d),
+     TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a),
+     TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1),
+     TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706),
+     TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055),
+     TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3),
+     TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810),
+     TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4),
+     TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762),
+     TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96),
+     TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655),
+     TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6),
+     TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f),
+     TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878),
+     TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9),
+     TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b),
+     TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21),
+     TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982),
+     TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13),
+     TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd),
+     TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7),
+     TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0),
+     TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea),
+     TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355),
+     TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901),
+     TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac),
+     TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965),
+     TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436),
+     TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315),
+     TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef),
+     TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a),
+     TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6),
+     TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0),
+     TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4),
+     TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0),
+     TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af),
+     TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271),
+     TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a),
+     TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5),
+     TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364),
+     TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b),
+     TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5),
+     TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66),
+     TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea),
+     TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726),
+     TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4),
+     TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d),
+     TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984),
+     TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc),
+     TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d),
+     TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7),
+     TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2),
+     TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10),
+     TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28),
+     TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b),
+     TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5),
+     TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33),
+     TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c),
+     TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810),
+     TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68),
+     TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e),
+     TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125),
+     TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f),
+     TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3),
+     TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979),
+     TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba),
+     TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c),
+     TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e),
+     TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737),
+     TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e),
+     TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525),
+     TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c),
+     TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64),
+     TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5),
+     TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d),
+     TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77),
+     TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85),
+     TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5),
+     TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e),
+     TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946),
+     TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498),
+     TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1),
+     TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477),
+     TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c),
+     TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642),
+     TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224),
+     TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3),
+     TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017),
+     TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421),
+     TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6),
+     TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319),
+     TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e),
+     TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc),
+     TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205),
+     TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402),
+     TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808),
+     TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff),
+     TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2),
+     TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1),
+     TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199),
+     TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51),
+     TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418),
+     TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145),
+     TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496),
+     TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a),
+     TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d),
+     TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c),
+     TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b),
+     TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2),
+     TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}
+    ,
+    {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6),
+     TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1),
+     TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866),
+     TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5),
+     TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760),
+     TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d),
+     TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251),
+     TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8),
+     TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8),
+     TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a),
+     TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a),
+     TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954),
+     TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915),
+     TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911),
+     TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc),
+     TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a),
+     TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49),
+     TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a),
+     TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11),
+     TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3),
+     TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593),
+     TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5),
+     TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83),
+     TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698),
+     TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729),
+     TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0),
+     TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e),
+     TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c),
+     TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982),
+     TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509),
+     TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268),
+     TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b),
+     TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf),
+     TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f),
+     TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295),
+     TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585),
+     TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d),
+     TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d),
+     TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db),
+     TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8),
+     TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823),
+     TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690),
+     TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec),
+     TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3),
+     TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217),
+     TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f),
+     TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074),
+     TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c),
+     TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511),
+     TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649),
+     TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0),
+     TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70),
+     TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea),
+     TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35),
+     TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686),
+     TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840),
+     TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7),
+     TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9),
+     TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a),
+     TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86),
+     TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53),
+     TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd),
+     TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190),
+     TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a),
+     TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683),
+     TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc),
+     TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524),
+     TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66),
+     TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5),
+     TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac),
+     TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766),
+     TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1),
+     TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1),
+     TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea),
+     TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2),
+     TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d),
+     TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e),
+     TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b),
+     TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261),
+     TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83),
+     TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02),
+     TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920),
+     TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540),
+     TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38),
+     TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17),
+     TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad),
+     TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e),
+     TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2),
+     TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08),
+     TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2),
+     TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b),
+     TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424),
+     TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99),
+     TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6),
+     TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453),
+     TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e),
+     TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6),
+     TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6),
+     TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea),
+     TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930),
+     TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272),
+     TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf),
+     TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1),
+     TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0),
+     TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af),
+     TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c),
+     TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e),
+     TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e),
+     TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82),
+     TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e),
+     TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c),
+     TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54),
+     TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f),
+     TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b),
+     TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369),
+     TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c),
+     TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b),
+     TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df),
+     TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af),
+     TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a),
+     TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469),
+     TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f),
+     TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f),
+     TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462),
+     TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca),
+     TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555),
+     TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204),
+     TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a),
+     TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8),
+     TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758),
+     TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5),
+     TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455),
+     TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972),
+     TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e),
+     TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd),
+     TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e),
+     TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9),
+     TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25),
+     TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d),
+     TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11),
+     TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31),
+     TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53),
+     TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44),
+     TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802),
+     TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71),
+     TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362),
+     TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c),
+     TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef),
+     TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320),
+     TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3),
+     TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6),
+     TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830),
+     TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432),
+     TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73),
+     TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49),
+     TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008),
+     TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57),
+     TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8),
+     TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065),
+     TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c),
+     TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89),
+     TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e),
+     TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6),
+     TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3),
+     TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b),
+     TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212),
+     TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78),
+     TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057),
+     TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316),
+     TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391),
+     TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd),
+     TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7),
+     TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392),
+     TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb),
+     TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69),
+     TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe),
+     TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154),
+     TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23),
+     TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149),
+     TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732),
+     TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0),
+     TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2),
+     TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95),
+     TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04),
+     TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599),
+     TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0),
+     TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696),
+     TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab),
+     TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d),
+     TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d),
+     TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1),
+     TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1),
+     TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4),
+     TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974),
+     TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0),
+     TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a),
+     TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf),
+     TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b),
+     TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9),
+     TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851),
+     TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a),
+     TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051),
+     TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78),
+     TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e),
+     TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5),
+     TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc),
+     TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a),
+     TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd),
+     TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453),
+     TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2),
+     TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6),
+     TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f),
+     TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7),
+     TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1),
+     TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f),
+     TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1),
+     TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c),
+     TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a),
+     TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9),
+     TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8),
+     TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169),
+     TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2),
+     TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452),
+     TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0),
+     TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8),
+     TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4),
+     TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93),
+     TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d),
+     TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7),
+     TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b),
+     TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c),
+     TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f),
+     TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7),
+     TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9),
+     TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96),
+     TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b),
+     TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c),
+     TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5),
+     TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c),
+     TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9),
+     TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0),
+     TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183),
+     TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e),
+     TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e),
+     TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76),
+     TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b),
+     TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167),
+     TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12),
+     TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6),
+     TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a),
+     TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963),
+     TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92),
+     TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235),
+     TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a),
+     TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d),
+     TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494),}
+    ,
+    {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65),
+     TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860),
+     TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f),
+     TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50),
+     TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d),
+     TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6),
+     TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d),
+     TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee),
+     TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5),
+     TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca),
+     TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2),
+     TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf),
+     TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867),
+     TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6),
+     TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65),
+     TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe),
+     TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976),
+     TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3),
+     TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837),
+     TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1),
+     TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4),
+     TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6),
+     TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae),
+     TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4),
+     TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624),
+     TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c),
+     TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6),
+     TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f),
+     TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f),
+     TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d),
+     TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a),
+     TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011),
+     TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0),
+     TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854),
+     TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459),
+     TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3),
+     TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f),
+     TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c),
+     TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941),
+     TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe),
+     TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6),
+     TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c),
+     TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919),
+     TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce),
+     TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860),
+     TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa),
+     TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073),
+     TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd),
+     TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2),
+     TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a),
+     TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91),
+     TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615),
+     TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270),
+     TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f),
+     TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664),
+     TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d),
+     TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e),
+     TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a),
+     TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77),
+     TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32),
+     TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e),
+     TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c),
+     TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e),
+     TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517),
+     TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be),
+     TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664),
+     TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a),
+     TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700),
+     TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9),
+     TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152),
+     TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a),
+     TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb),
+     TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b),
+     TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db),
+     TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85),
+     TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad),
+     TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab),
+     TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662),
+     TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f),
+     TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02),
+     TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22),
+     TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e),
+     TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5),
+     TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70),
+     TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8),
+     TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993),
+     TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0),
+     TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c),
+     TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c),
+     TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682),
+     TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85),
+     TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb),
+     TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b),
+     TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef),
+     TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1),
+     TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59),
+     TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26),
+     TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e),
+     TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296),
+     TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb),
+     TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5),
+     TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d),
+     TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47),
+     TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87),
+     TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75),
+     TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130),
+     TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769),
+     TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5),
+     TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb),
+     TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5),
+     TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c),
+     TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed),
+     TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496),
+     TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7),
+     TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936),
+     TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e),
+     TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2),
+     TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d),
+     TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670),
+     TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade),
+     TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f),
+     TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252),
+     TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336),
+     TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597),
+     TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf),
+     TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11),
+     TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3),
+     TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7),
+     TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c),
+     TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4),
+     TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e),
+     TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075),
+     TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05),
+     TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493),
+     TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a),
+     TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6),
+     TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a),
+     TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1),
+     TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d),
+     TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc),
+     TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15),
+     TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77),
+     TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11),
+     TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9),
+     TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef),
+     TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f),
+     TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759),
+     TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0),
+     TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf),
+     TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee),
+     TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455),
+     TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408),
+     TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e),
+     TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954),
+     TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec),
+     TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626),
+     TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35),
+     TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c),
+     TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c),
+     TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e),
+     TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d),
+     TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80),
+     TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849),
+     TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11),
+     TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d),
+     TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47),
+     TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1),
+     TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4),
+     TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448),
+     TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9),
+     TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286),
+     TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f),
+     TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4),
+     TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521),
+     TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c),
+     TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4),
+     TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433),
+     TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8),
+     TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d),
+     TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092),
+     TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2),
+     TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7),
+     TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524),
+     TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71),
+     TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8),
+     TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816),
+     TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8),
+     TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c),
+     TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b),
+     TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b),
+     TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a),
+     TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063),
+     TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89),
+     TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb),
+     TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084),
+     TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef),
+     TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4),
+     TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab),
+     TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca),
+     TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0),
+     TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c),
+     TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675),
+     TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c),
+     TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014),
+     TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2),
+     TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52),
+     TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f),
+     TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964),
+     TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a),
+     TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed),
+     TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e),
+     TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1),
+     TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6),
+     TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c),
+     TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681),
+     TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f),
+     TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789),
+     TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885),
+     TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895),
+     TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e),
+     TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52),
+     TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8),
+     TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939),
+     TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6),
+     TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba),
+     TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04),
+     TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741),
+     TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb),
+     TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7),
+     TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4),
+     TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe),
+     TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b),
+     TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a),
+     TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480),
+     TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4),
+     TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c),
+     TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5),
+     TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08),
+     TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74),
+     TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4),
+     TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb),
+     TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a),
+     TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5),
+     TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816),
+     TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5),
+     TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5),
+     TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89),
+     TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b),
+     TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de),
+     TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d),
+     TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e),
+     TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b),
+     TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06),
+     TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d),
+     TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc),
+     TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b),}
+    ,
+    {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5),
+     TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d),
+     TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e),
+     TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798),
+     TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1),
+     TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee),
+     TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153),
+     TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8),
+     TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83),
+     TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7),
+     TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae),
+     TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658),
+     TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704),
+     TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8),
+     TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6),
+     TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac),
+     TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84),
+     TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4),
+     TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b),
+     TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a),
+     TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f),
+     TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c),
+     TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59),
+     TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31),
+     TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6),
+     TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69),
+     TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723),
+     TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879),
+     TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0),
+     TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c),
+     TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca),
+     TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6),
+     TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f),
+     TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755),
+     TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9),
+     TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926),
+     TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2),
+     TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2),
+     TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7),
+     TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08),
+     TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c),
+     TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99),
+     TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4),
+     TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f),
+     TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144),
+     TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b),
+     TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5),
+     TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128),
+     TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08),
+     TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4),
+     TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9),
+     TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f),
+     TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de),
+     TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889),
+     TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca),
+     TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131),
+     TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6),
+     TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8),
+     TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120),
+     TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77),
+     TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82),
+     TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee),
+     TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6),
+     TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad),
+     TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5),
+     TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948),
+     TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc),
+     TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff),
+     TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a),
+     TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e),
+     TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62),
+     TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1),
+     TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45),
+     TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916),
+     TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd),
+     TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d),
+     TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015),
+     TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7),
+     TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5),
+     TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8),
+     TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8),
+     TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4),
+     TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666),
+     TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7),
+     TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21),
+     TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78),
+     TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066),
+     TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0),
+     TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7),
+     TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25),
+     TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686),
+     TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776),
+     TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5),
+     TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada),
+     TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99),
+     TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66),
+     TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2),
+     TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3),
+     TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2),
+     TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148),
+     TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd),
+     TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8),
+     TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a),
+     TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00),
+     TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02),
+     TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac),
+     TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb),
+     TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52),
+     TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027),
+     TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689),
+     TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac),
+     TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8),
+     TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18),
+     TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66),
+     TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff),
+     TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a),
+     TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513),
+     TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67),
+     TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822),
+     TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2),
+     TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24),
+     TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d),
+     TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4),
+     TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147),
+     TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18),
+     TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351),
+     TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694),
+     TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e),
+     TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301),
+     TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21),
+     TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c),
+     TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a),
+     TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1),
+     TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e),
+     TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d),
+     TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887),
+     TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a),
+     TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291),
+     TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9),
+     TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286),
+     TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff),
+     TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb),
+     TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce),
+     TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af),
+     TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463),
+     TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5),
+     TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3),
+     TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6),
+     TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2),
+     TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab),
+     TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d),
+     TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d),
+     TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4),
+     TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033),
+     TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226),
+     TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46),
+     TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997),
+     TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb),
+     TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f),
+     TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78),
+     TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8),
+     TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e),
+     TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506),
+     TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466),
+     TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b),
+     TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7),
+     TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40),
+     TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768),
+     TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b),
+     TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f),
+     TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071),
+     TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7),
+     TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae),
+     TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03),
+     TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b),
+     TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168),
+     TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49),
+     TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922),
+     TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e),
+     TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c),
+     TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547),
+     TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451),
+     TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c),
+     TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f),
+     TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754),
+     TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171),
+     TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e),
+     TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c),
+     TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8),
+     TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03),
+     TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6),
+     TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7),
+     TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375),
+     TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0),
+     TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911),
+     TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09),
+     TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7),
+     TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c),
+     TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64),
+     TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0),
+     TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416),
+     TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9),
+     TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791),
+     TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7),
+     TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877),
+     TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035),
+     TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79),
+     TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090),
+     TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622),
+     TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb),
+     TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe),
+     TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98),
+     TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10),
+     TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140),
+     TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166),
+     TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2),
+     TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b),
+     TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7),
+     TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380),
+     TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c),
+     TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c),
+     TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe),
+     TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2),
+     TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707),
+     TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0),
+     TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7),
+     TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6),
+     TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9),
+     TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db),
+     TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3),
+     TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d),
+     TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1),
+     TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149),
+     TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51),
+     TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28),
+     TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558),
+     TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e),
+     TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43),
+     TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b),
+     TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48),
+     TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6),
+     TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8),
+     TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c),
+     TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657),
+     TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55),
+     TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a),
+     TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d),
+     TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f),
+     TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d),
+     TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24),
+     TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c),
+     TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048),
+     TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43),
+     TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7),
+     TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b),
+     TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699),}
+    ,
+    {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98),
+     TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021),
+     TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d),
+     TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3),
+     TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34),
+     TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da),
+     TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc),
+     TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4),
+     TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd),
+     TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc),
+     TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1),
+     TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952),
+     TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805),
+     TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19),
+     TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c),
+     TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655),
+     TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c),
+     TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69),
+     TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461),
+     TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4),
+     TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087),
+     TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268),
+     TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9),
+     TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e),
+     TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458),
+     TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb),
+     TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e),
+     TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446),
+     TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d),
+     TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637),
+     TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87),
+     TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5),
+     TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3),
+     TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2),
+     TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432),
+     TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24),
+     TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d),
+     TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c),
+     TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973),
+     TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b),
+     TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679),
+     TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873),
+     TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70),
+     TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a),
+     TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a),
+     TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1),
+     TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0),
+     TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d),
+     TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545),
+     TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13),
+     TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8),
+     TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684),
+     TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff),
+     TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161),
+     TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d),
+     TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1),
+     TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575),
+     TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b),
+     TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5),
+     TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e),
+     TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25),
+     TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca),
+     TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0),
+     TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8),
+     TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98),
+     TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da),
+     TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc),
+     TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a),
+     TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd),
+     TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc),
+     TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4),
+     TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253),
+     TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4),
+     TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7),
+     TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6),
+     TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8),
+     TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d),
+     TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c),
+     TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255),
+     TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce),
+     TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a),
+     TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc),
+     TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f),
+     TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6),
+     TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70),
+     TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1),
+     TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f),
+     TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f),
+     TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79),
+     TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472),
+     TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a),
+     TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2),
+     TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa),
+     TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656),
+     TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec),
+     TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa),
+     TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44),
+     TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8),
+     TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4),
+     TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a),
+     TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a),
+     TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d),
+     TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0),
+     TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f),
+     TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110),
+     TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1),
+     TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547),
+     TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351),
+     TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f),
+     TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef),
+     TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb),
+     TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced),
+     TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb),
+     TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4),
+     TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b),
+     TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c),
+     TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9),
+     TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32),
+     TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768),
+     TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6),
+     TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930),
+     TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38),
+     TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80),
+     TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634),
+     TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681),
+     TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3),
+     TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b),
+     TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a),
+     TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7),
+     TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb),
+     TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79),
+     TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c),
+     TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2),
+     TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b),
+     TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0),
+     TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718),
+     TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381),
+     TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d),
+     TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71),
+     TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b),
+     TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41),
+     TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a),
+     TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99),
+     TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636),
+     TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49),
+     TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce),
+     TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1),
+     TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049),
+     TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541),
+     TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb),
+     TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0),
+     TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40),
+     TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e),
+     TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086),
+     TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed),
+     TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34),
+     TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342),
+     TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51),
+     TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f),
+     TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3),
+     TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f),
+     TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60),
+     TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f),
+     TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4),
+     TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a),
+     TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2),
+     TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c),
+     TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8),
+     TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b),
+     TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247),
+     TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d),
+     TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c),
+     TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10),
+     TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0),
+     TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d),
+     TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a),
+     TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2),
+     TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097),
+     TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae),
+     TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc),
+     TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc),
+     TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58),
+     TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c),
+     TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141),
+     TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9),
+     TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8),
+     TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62),
+     TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9),
+     TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df),
+     TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5),
+     TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b),
+     TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535),
+     TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd),
+     TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112),
+     TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec),
+     TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe),
+     TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361),
+     TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77),
+     TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e),
+     TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e),
+     TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429),
+     TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc),
+     TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f),
+     TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e),
+     TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372),
+     TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332),
+     TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4),
+     TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29),
+     TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5),
+     TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04),
+     TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f),
+     TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc),
+     TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39),
+     TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29),
+     TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb),
+     TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04),
+     TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7),
+     TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61),
+     TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e),
+     TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961),
+     TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6),
+     TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc),
+     TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e),
+     TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af),
+     TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f),
+     TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab),
+     TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9),
+     TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204),
+     TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e),
+     TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2),
+     TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c),
+     TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03),
+     TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98),
+     TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42),
+     TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8),
+     TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43),
+     TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8),
+     TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86),
+     TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d),
+     TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79),
+     TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404),
+     TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9),
+     TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314),
+     TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5),
+     TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae),
+     TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357),
+     TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d),
+     TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477),
+     TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7),
+     TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80),
+     TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d),
+     TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527),
+     TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da),
+     TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad),
+     TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17),
+     TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25),}
+    ,
+    {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58),
+     TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85),
+     TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e),
+     TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a),
+     TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc),
+     TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3),
+     TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2),
+     TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8),
+     TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2),
+     TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe),
+     TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d),
+     TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53),
+     TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be),
+     TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336),
+     TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933),
+     TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f),
+     TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe),
+     TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc),
+     TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326),
+     TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272),
+     TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e),
+     TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f),
+     TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c),
+     TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7),
+     TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9),
+     TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918),
+     TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457),
+     TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60),
+     TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44),
+     TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a),
+     TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017),
+     TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7),
+     TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03),
+     TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef),
+     TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1),
+     TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a),
+     TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b),
+     TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947),
+     TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b),
+     TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa),
+     TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599),
+     TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1),
+     TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492),
+     TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df),
+     TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556),
+     TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2),
+     TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f),
+     TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31),
+     TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0),
+     TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e),
+     TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6),
+     TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195),
+     TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f),
+     TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15),
+     TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4),
+     TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff),
+     TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1),
+     TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c),
+     TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9),
+     TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc),
+     TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0),
+     TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1),
+     TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8),
+     TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4),
+     TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5),
+     TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a),
+     TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0),
+     TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca),
+     TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f),
+     TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b),
+     TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37),
+     TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc),
+     TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1),
+     TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613),
+     TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6),
+     TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8),
+     TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc),
+     TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984),
+     TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18),
+     TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a),
+     TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895),
+     TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5),
+     TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d),
+     TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33),
+     TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44),
+     TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b),
+     TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7),
+     TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120),
+     TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b),
+     TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9),
+     TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a),
+     TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504),
+     TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801),
+     TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2),
+     TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e),
+     TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216),
+     TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924),
+     TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169),
+     TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8),
+     TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a),
+     TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0),
+     TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd),
+     TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8),
+     TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7),
+     TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c),
+     TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7),
+     TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556),
+     TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb),
+     TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091),
+     TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749),
+     TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6),
+     TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722),
+     TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1),
+     TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce),
+     TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863),
+     TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1),
+     TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5),
+     TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836),
+     TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf),
+     TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825),
+     TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99),
+     TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e),
+     TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3),
+     TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6),
+     TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7),
+     TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5),
+     TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99),
+     TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03),
+     TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f),
+     TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5),
+     TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516),
+     TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9),
+     TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f),
+     TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235),
+     TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674),
+     TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e),
+     TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf),
+     TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05),
+     TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748),
+     TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e),
+     TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d),
+     TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c),
+     TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601),
+     TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca),
+     TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f),
+     TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f),
+     TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf),
+     TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a),
+     TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564),
+     TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6),
+     TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695),
+     TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46),
+     TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e),
+     TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15),
+     TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955),
+     TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c),
+     TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154),
+     TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29),
+     TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840),
+     TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb),
+     TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451),
+     TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e),
+     TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece),
+     TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a),
+     TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c),
+     TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364),
+     TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8),
+     TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63),
+     TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35),
+     TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6),
+     TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d),
+     TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a),
+     TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f),
+     TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391),
+     TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230),
+     TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0),
+     TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8),
+     TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d),
+     TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801),
+     TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b),
+     TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b),
+     TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5),
+     TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009),
+     TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0),
+     TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427),
+     TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d),
+     TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840),
+     TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134),
+     TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0),
+     TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390),
+     TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9),
+     TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3),
+     TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d),
+     TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7),
+     TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d),
+     TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb),
+     TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1),
+     TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326),
+     TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d),
+     TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89),
+     TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90),
+     TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec),
+     TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df),
+     TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf),
+     TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2),
+     TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75),
+     TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e),
+     TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016),
+     TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd),
+     TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719),
+     TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700),
+     TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638),
+     TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50),
+     TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58),
+     TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0),
+     TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb),
+     TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef),
+     TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257),
+     TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a),
+     TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0),
+     TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609),
+     TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2),
+     TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6),
+     TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce),
+     TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f),
+     TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319),
+     TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb),
+     TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5),
+     TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed),
+     TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b),
+     TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2),
+     TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b),
+     TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25),
+     TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624),
+     TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79),
+     TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd),
+     TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b),
+     TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d),
+     TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442),
+     TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e),
+     TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5),
+     TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19),
+     TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57),
+     TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc),
+     TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f),
+     TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3),
+     TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0),
+     TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce),
+     TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1),
+     TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672),
+     TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d),
+     TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba),
+     TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97),
+     TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69),
+     TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81),
+     TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328),}
+    ,
+    {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd),
+     TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5),
+     TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af),
+     TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82),
+     TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a),
+     TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3),
+     TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d),
+     TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755),
+     TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638),
+     TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f),
+     TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1),
+     TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23),
+     TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2),
+     TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4),
+     TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105),
+     TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329),
+     TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a),
+     TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897),
+     TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57),
+     TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2),
+     TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49),
+     TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69),
+     TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2),
+     TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3),
+     TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817),
+     TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164),
+     TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263),
+     TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32),
+     TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a),
+     TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f),
+     TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1),
+     TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94),
+     TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558),
+     TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9),
+     TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22),
+     TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f),
+     TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f),
+     TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b),
+     TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7),
+     TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0),
+     TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752),
+     TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf),
+     TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d),
+     TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6),
+     TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5),
+     TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58),
+     TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177),
+     TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477),
+     TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4),
+     TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6),
+     TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54),
+     TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c),
+     TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b),
+     TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b),
+     TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c),
+     TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4),
+     TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f),
+     TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e),
+     TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487),
+     TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a),
+     TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658),
+     TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6),
+     TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803),
+     TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f),
+     TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8),
+     TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893),
+     TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f),
+     TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7),
+     TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0),
+     TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794),
+     TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e),
+     TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee),
+     TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c),
+     TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989),
+     TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b),
+     TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84),
+     TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946),
+     TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc),
+     TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae),
+     TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb),
+     TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038),
+     TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0),
+     TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6),
+     TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba),
+     TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6),
+     TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25),
+     TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4),
+     TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8),
+     TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4),
+     TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d),
+     TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5),
+     TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b),
+     TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d),
+     TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8),
+     TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6),
+     TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae),
+     TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc),
+     TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40),
+     TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95),
+     TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913),
+     TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88),
+     TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e),
+     TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034),
+     TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334),
+     TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397),
+     TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2),
+     TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0),
+     TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd),
+     TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10),
+     TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8),
+     TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62),
+     TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8),
+     TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b),
+     TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075),
+     TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e),
+     TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312),
+     TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e),
+     TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d),
+     TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb),
+     TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a),
+     TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261),
+     TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d),
+     TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb),
+     TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c),
+     TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5),
+     TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0),
+     TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee),
+     TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28),
+     TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173),
+     TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f),
+     TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01),
+     TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40),
+     TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d),
+     TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5),
+     TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1),
+     TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574),
+     TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979),
+     TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d),
+     TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7),
+     TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d),
+     TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b),
+     TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638),
+     TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36),
+     TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a),
+     TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253),
+     TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467),
+     TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94),
+     TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311),
+     TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1),
+     TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea),
+     TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6),
+     TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a),
+     TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac),
+     TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d),
+     TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354),
+     TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9),
+     TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4),
+     TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b),
+     TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94),
+     TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074),
+     TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f),
+     TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60),
+     TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690),
+     TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431),
+     TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd),
+     TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e),
+     TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e),
+     TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828),
+     TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d),
+     TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe),
+     TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345),
+     TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d),
+     TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6),
+     TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8),
+     TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c),
+     TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d),
+     TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2),
+     TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126),
+     TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395),
+     TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64),
+     TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57),
+     TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9),
+     TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789),
+     TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7),
+     TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5),
+     TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced),
+     TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96),
+     TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554),
+     TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84),
+     TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0),
+     TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88),
+     TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0),
+     TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d),
+     TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9),
+     TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32),
+     TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351),
+     TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260),
+     TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8),
+     TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490),
+     TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d),
+     TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6),
+     TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec),
+     TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627),
+     TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed),
+     TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45),
+     TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1),
+     TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048),
+     TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597),
+     TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556),
+     TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577),
+     TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5),
+     TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094),
+     TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1),
+     TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f),
+     TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96),
+     TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56),
+     TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236),
+     TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2),
+     TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0),
+     TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a),
+     TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228),
+     TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa),
+     TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e),
+     TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48),
+     TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5),
+     TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77),
+     TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f),
+     TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e),
+     TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74),
+     TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a),
+     TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069),
+     TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436),
+     TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6),
+     TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd),
+     TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999),
+     TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9),
+     TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829),
+     TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8),
+     TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df),
+     TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae),
+     TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7),
+     TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70),
+     TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b),
+     TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f),
+     TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9),
+     TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7),
+     TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb),
+     TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6),
+     TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63),
+     TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da),
+     TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b),
+     TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79),
+     TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e),
+     TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860),
+     TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b),
+     TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745),}
+    ,
+    {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d),
+     TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea),
+     TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151),
+     TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98),
+     TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e),
+     TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f),
+     TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260),
+     TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b),
+     TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371),
+     TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee),
+     TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3),
+     TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25),
+     TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df),
+     TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5),
+     TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27),
+     TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644),
+     TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d),
+     TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8),
+     TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5),
+     TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248),
+     TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f),
+     TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46),
+     TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6),
+     TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609),
+     TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd),
+     TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848),
+     TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb),
+     TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6),
+     TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863),
+     TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e),
+     TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456),
+     TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276),
+     TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077),
+     TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875),
+     TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481),
+     TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9),
+     TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19),
+     TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60),
+     TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995),
+     TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508),
+     TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e),
+     TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a),
+     TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803),
+     TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1),
+     TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d),
+     TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842),
+     TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e),
+     TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837),
+     TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5),
+     TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442),
+     TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca),
+     TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf),
+     TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5),
+     TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3),
+     TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6),
+     TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186),
+     TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa),
+     TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415),
+     TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115),
+     TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9),
+     TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9),
+     TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907),
+     TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f),
+     TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df),
+     TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826),
+     TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69),
+     TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48),
+     TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8),
+     TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02),
+     TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846),
+     TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4),
+     TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3),
+     TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9),
+     TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c),
+     TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac),
+     TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188),
+     TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262),
+     TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2),
+     TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971),
+     TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f),
+     TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b),
+     TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21),
+     TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41),
+     TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1),
+     TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57),
+     TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931),
+     TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc),
+     TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033),
+     TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180),
+     TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894),
+     TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c),
+     TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15),
+     TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a),
+     TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31),
+     TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186),
+     TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795),
+     TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9),
+     TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024),
+     TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d),
+     TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259),
+     TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc),
+     TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e),
+     TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8),
+     TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7),
+     TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4),
+     TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39),
+     TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190),
+     TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b),
+     TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b),
+     TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab),
+     TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790),
+     TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2),
+     TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7),
+     TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a),
+     TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854),
+     TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848),
+     TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1),
+     TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9),
+     TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd),
+     TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476),
+     TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3),
+     TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2),
+     TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d),
+     TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb),
+     TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77),
+     TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b),
+     TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3),
+     TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0),
+     TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b),
+     TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d),
+     TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8),
+     TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31),
+     TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b),
+     TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b),
+     TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb),
+     TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4),
+     TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641),
+     TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055),
+     TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5),
+     TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727),
+     TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e),
+     TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3),
+     TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55),
+     TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74),
+     TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7),
+     TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36),
+     TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369),
+     TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d),
+     TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8),
+     TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2),
+     TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26),
+     TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e),
+     TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366),
+     TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865),
+     TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf),
+     TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2),
+     TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923),
+     TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2),
+     TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1),
+     TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3),
+     TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863),
+     TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017),
+     TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e),
+     TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529),
+     TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac),
+     TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08),
+     TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475),
+     TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea),
+     TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd),
+     TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de),
+     TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a),
+     TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef),
+     TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58),
+     TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815),
+     TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4),
+     TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff),
+     TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc),
+     TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583),
+     TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe),
+     TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e),
+     TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9),
+     TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507),
+     TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0),
+     TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d),
+     TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997),
+     TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536),
+     TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680),
+     TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda),
+     TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b),
+     TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12),
+     TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d),
+     TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e),
+     TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a),
+     TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154),
+     TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b),
+     TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef),
+     TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e),
+     TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f),
+     TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2),
+     TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094),
+     TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5),
+     TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b),
+     TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a),
+     TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594),
+     TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d),
+     TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223),
+     TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06),
+     TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40),
+     TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd),
+     TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8),
+     TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249),
+     TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd),
+     TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1),
+     TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e),
+     TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e),
+     TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93),
+     TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42),
+     TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5),
+     TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60),
+     TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf),
+     TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f),
+     TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557),
+     TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8),
+     TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8),
+     TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99),
+     TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c),
+     TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd),
+     TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56),
+     TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd),
+     TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e),
+     TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d),
+     TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929),
+     TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660),
+     TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329),
+     TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299),
+     TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8),
+     TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf),
+     TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7),
+     TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27),
+     TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120),
+     TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939),
+     TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4),
+     TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880),
+     TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120),
+     TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546),
+     TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b),
+     TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27),
+     TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3),
+     TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36),
+     TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1),
+     TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142),
+     TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66),
+     TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd),
+     TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6),
+     TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366),
+     TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83),}
+    ,
+    {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b),
+     TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325),
+     TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707),
+     TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174),
+     TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4),
+     TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea),
+     TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3),
+     TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad),
+     TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e),
+     TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9),
+     TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98),
+     TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9),
+     TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b),
+     TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394),
+     TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9),
+     TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0),
+     TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173),
+     TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb),
+     TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394),
+     TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7),
+     TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442),
+     TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b),
+     TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127),
+     TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35),
+     TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb),
+     TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b),
+     TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c),
+     TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c),
+     TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f),
+     TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7),
+     TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac),
+     TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818),
+     TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc),
+     TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a),
+     TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc),
+     TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0),
+     TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93),
+     TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de),
+     TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee),
+     TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7),
+     TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea),
+     TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9),
+     TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b),
+     TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5),
+     TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2),
+     TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe),
+     TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635),
+     TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2),
+     TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341),
+     TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b),
+     TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43),
+     TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27),
+     TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356),
+     TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b),
+     TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6),
+     TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714),
+     TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9),
+     TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc),
+     TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b),
+     TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f),
+     TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5),
+     TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f),
+     TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341),
+     TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7),
+     TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd),
+     TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf),
+     TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c),
+     TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa),
+     TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0),
+     TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd),
+     TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586),
+     TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817),
+     TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37),
+     TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51),
+     TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0),
+     TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c),
+     TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a),
+     TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b),
+     TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f),
+     TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f),
+     TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2),
+     TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1),
+     TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3),
+     TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50),
+     TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92),
+     TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca),
+     TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63),
+     TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8),
+     TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f),
+     TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f),
+     TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4),
+     TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0),
+     TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645),
+     TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed),
+     TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba),
+     TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2),
+     TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f),
+     TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933),
+     TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d),
+     TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063),
+     TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8),
+     TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8),
+     TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df),
+     TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff),
+     TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef),
+     TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d),
+     TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a),
+     TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938),
+     TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6),
+     TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92),
+     TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda),
+     TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65),
+     TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f),
+     TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4),
+     TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf),
+     TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87),
+     TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458),
+     TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d),
+     TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5),
+     TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469),
+     TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41),
+     TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee),
+     TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f),
+     TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3),
+     TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f),
+     TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2),
+     TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069),
+     TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5),
+     TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b),
+     TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047),
+     TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f),
+     TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f),
+     TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7),
+     TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0),
+     TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d),
+     TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4),
+     TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f),
+     TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472),
+     TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c),
+     TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2),
+     TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32),
+     TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a),
+     TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080),
+     TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8),
+     TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce),
+     TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796),
+     TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79),
+     TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b),
+     TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106),
+     TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433),
+     TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102),
+     TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b),
+     TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02),
+     TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f),
+     TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34),
+     TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724),
+     TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f),
+     TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd),
+     TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a),
+     TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc),
+     TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2),
+     TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a),
+     TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a),
+     TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f),
+     TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237),
+     TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9),
+     TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd),
+     TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62),
+     TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87),
+     TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd),
+     TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6),
+     TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f),
+     TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7),
+     TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886),
+     TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea),
+     TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a),
+     TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35),
+     TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db),
+     TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b),
+     TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7),
+     TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72),
+     TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25),
+     TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61),
+     TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d),
+     TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068),
+     TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53),
+     TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632),
+     TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f),
+     TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387),
+     TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e),
+     TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067),
+     TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f),
+     TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9),
+     TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c),
+     TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d),
+     TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748),
+     TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135),
+     TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631),
+     TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a),
+     TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d),
+     TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8),
+     TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad),
+     TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b),
+     TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0),
+     TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51),
+     TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05),
+     TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb),
+     TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c),
+     TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce),
+     TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9),
+     TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf),
+     TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1),
+     TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8),
+     TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624),
+     TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6),
+     TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4),
+     TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde),
+     TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13),
+     TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee),
+     TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710),
+     TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3),
+     TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100),
+     TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a),
+     TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d),
+     TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c),
+     TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df),
+     TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093),
+     TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6),
+     TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4),
+     TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2),
+     TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11),
+     TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c),
+     TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab),
+     TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c),
+     TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400),
+     TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79),
+     TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4),
+     TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d),
+     TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8),
+     TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930),
+     TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7),
+     TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303),
+     TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e),
+     TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade),
+     TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b),
+     TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b),
+     TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927),
+     TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20),
+     TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd),
+     TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6),
+     TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288),
+     TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e),
+     TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8),
+     TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d),
+     TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362),
+     TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b),}
+    ,
+    {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2),
+     TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400),
+     TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e),
+     TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9),
+     TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7),
+     TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e),
+     TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a),
+     TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab),
+     TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e),
+     TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d),
+     TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1),
+     TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e),
+     TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07),
+     TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325),
+     TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386),
+     TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8),
+     TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90),
+     TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df),
+     TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64),
+     TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286),
+     TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04),
+     TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069),
+     TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf),
+     TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708),
+     TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299),
+     TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6),
+     TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32),
+     TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671),
+     TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370),
+     TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3),
+     TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103),
+     TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d),
+     TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea),
+     TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe),
+     TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b),
+     TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913),
+     TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a),
+     TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb),
+     TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e),
+     TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6),
+     TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a),
+     TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613),
+     TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129),
+     TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3),
+     TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026),
+     TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac),
+     TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7),
+     TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317),
+     TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5),
+     TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3),
+     TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a),
+     TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac),
+     TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed),
+     TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613),
+     TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16),
+     TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61),
+     TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992),
+     TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2),
+     TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e),
+     TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10),
+     TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd),
+     TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064),
+     TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2),
+     TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d),
+     TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57),
+     TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a),
+     TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21),
+     TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a),
+     TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580),
+     TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3),
+     TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f),
+     TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4),
+     TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311),
+     TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47),
+     TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f),
+     TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48),
+     TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06),
+     TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1),
+     TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2),
+     TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1),
+     TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2),
+     TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836),
+     TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686),
+     TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9),
+     TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4),
+     TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555),
+     TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f),
+     TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79),
+     TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905),
+     TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f),
+     TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8),
+     TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a),
+     TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269),
+     TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b),
+     TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22),
+     TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809),
+     TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a),
+     TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87),
+     TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36),
+     TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a),
+     TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf),
+     TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea),
+     TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10),
+     TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365),
+     TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127),
+     TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d),
+     TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299),
+     TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c),
+     TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1),
+     TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c),
+     TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8),
+     TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd),
+     TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd),
+     TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd),
+     TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27),
+     TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97),
+     TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb),
+     TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a),
+     TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43),
+     TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be),
+     TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09),
+     TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468),
+     TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1),
+     TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448),
+     TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5),
+     TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069),
+     TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9),
+     TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6),
+     TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3),
+     TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a),
+     TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4),
+     TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66),
+     TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d),
+     TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00),
+     TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4),
+     TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8),
+     TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586),
+     TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f),
+     TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8),
+     TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce),
+     TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141),
+     TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083),
+     TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1),
+     TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c),
+     TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc),
+     TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be),
+     TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3),
+     TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19),
+     TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d),
+     TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079),
+     TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d),
+     TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5),
+     TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868),
+     TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d),
+     TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80),
+     TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944),
+     TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137),
+     TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801),
+     TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c),
+     TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02),
+     TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e),
+     TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e),
+     TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681),
+     TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa),
+     TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98),
+     TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2),
+     TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92),
+     TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7),
+     TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5),
+     TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2),
+     TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef),
+     TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8),
+     TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a),
+     TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d),
+     TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f),
+     TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f),
+     TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220),
+     TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056),
+     TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28),
+     TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b),
+     TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a),
+     TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0),
+     TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54),
+     TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86),
+     TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f),
+     TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6),
+     TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751),
+     TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec),
+     TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654),
+     TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149),
+     TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3),
+     TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1),
+     TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae),
+     TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5),
+     TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062),
+     TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef),
+     TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f),
+     TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1),
+     TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c),
+     TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d),
+     TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373),
+     TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76),
+     TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a),
+     TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d),
+     TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0),
+     TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057),
+     TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24),
+     TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3),
+     TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922),
+     TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a),
+     TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4),
+     TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382),
+     TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318),
+     TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685),
+     TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a),
+     TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c),
+     TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d),
+     TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac),
+     TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc),
+     TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92),
+     TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b),
+     TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794),
+     TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38),
+     TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48),
+     TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791),
+     TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616),
+     TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f),
+     TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802),
+     TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb),
+     TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3),
+     TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5),
+     TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c),
+     TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb),
+     TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68),
+     TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157),
+     TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856),
+     TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783),
+     TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05),
+     TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd),
+     TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f),
+     TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e),
+     TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614),
+     TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d),
+     TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff),
+     TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004),
+     TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5),
+     TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1),
+     TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7),
+     TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993),
+     TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233),
+     TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552),
+     TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19),
+     TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8),
+     TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054),
+     TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3),
+     TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74),}
+    ,
+    {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c),
+     TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f),
+     TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a),
+     TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1),
+     TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa),
+     TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068),
+     TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399),
+     TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2),
+     TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240),
+     TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd),
+     TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242),
+     TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de),
+     TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3),
+     TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6),
+     TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1),
+     TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234),
+     TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a),
+     TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52),
+     TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62),
+     TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9),
+     TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21),
+     TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00),
+     TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab),
+     TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c),
+     TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5),
+     TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863),
+     TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7),
+     TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87),
+     TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6),
+     TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3),
+     TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501),
+     TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b),
+     TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6),
+     TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52),
+     TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d),
+     TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd),
+     TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf),
+     TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e),
+     TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac),
+     TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0),
+     TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c),
+     TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d),
+     TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6),
+     TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6),
+     TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9),
+     TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e),
+     TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc),
+     TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d),
+     TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10),
+     TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9),
+     TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9),
+     TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499),
+     TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947),
+     TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f),
+     TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571),
+     TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369),
+     TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566),
+     TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5),
+     TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324),
+     TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3),
+     TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd),
+     TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969),
+     TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1),
+     TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c),
+     TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332),
+     TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8),
+     TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33),
+     TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7),
+     TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48),
+     TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f),
+     TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2),
+     TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b),
+     TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636),
+     TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5),
+     TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b),
+     TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc),
+     TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f),
+     TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c),
+     TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f),
+     TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116),
+     TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14),
+     TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289),
+     TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09),
+     TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388),
+     TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed),
+     TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e),
+     TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04),
+     TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b),
+     TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909),
+     TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c),
+     TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f),
+     TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480),
+     TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680),
+     TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9),
+     TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d),
+     TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21),
+     TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850),
+     TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc),
+     TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842),
+     TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc),
+     TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427),
+     TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b),
+     TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45),
+     TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130),
+     TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa),
+     TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692),
+     TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf),
+     TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b),
+     TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5),
+     TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a),
+     TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c),
+     TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156),
+     TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f),
+     TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b),
+     TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0),
+     TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5),
+     TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669),
+     TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc),
+     TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee),
+     TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b),
+     TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8),
+     TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8),
+     TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48),
+     TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841),
+     TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4),
+     TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad),
+     TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd),
+     TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443),
+     TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96),
+     TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb),
+     TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b),
+     TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d),
+     TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727),
+     TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff),
+     TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f),
+     TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf),
+     TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556),
+     TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361),
+     TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa),
+     TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140),
+     TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978),
+     TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e),
+     TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50),
+     TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e),
+     TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6),
+     TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0),
+     TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648),
+     TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174),
+     TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5),
+     TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc),
+     TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d),
+     TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914),
+     TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d),
+     TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb),
+     TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e),
+     TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17),
+     TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0),
+     TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f),
+     TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34),
+     TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366),
+     TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f),
+     TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178),
+     TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976),
+     TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932),
+     TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914),
+     TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a),
+     TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09),
+     TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6),
+     TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430),
+     TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450),
+     TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23),
+     TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481),
+     TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517),
+     TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932),
+     TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a),
+     TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853),
+     TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e),
+     TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b),
+     TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40),
+     TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494),
+     TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b),
+     TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c),
+     TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d),
+     TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135),
+     TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69),
+     TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd),
+     TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d),
+     TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0),
+     TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c),
+     TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e),
+     TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1),
+     TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f),
+     TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c),
+     TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab),
+     TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a),
+     TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f),
+     TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c),
+     TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80),
+     TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba),
+     TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599),
+     TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297),
+     TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c),
+     TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f),
+     TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54),
+     TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38),
+     TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d),
+     TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c),
+     TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a),
+     TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165),
+     TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8),
+     TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86),
+     TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038),
+     TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177),
+     TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b),
+     TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb),
+     TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0),
+     TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475),
+     TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3),
+     TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37),
+     TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a),
+     TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649),
+     TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d),
+     TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf),
+     TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9),
+     TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac),
+     TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a),
+     TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224),
+     TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3),
+     TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b),
+     TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe),
+     TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff),
+     TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353),
+     TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906),
+     TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743),
+     TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27),
+     TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd),
+     TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda),
+     TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2),
+     TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288),
+     TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a),
+     TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74),
+     TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710),
+     TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf),
+     TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5),
+     TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611),
+     TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10),
+     TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6),
+     TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29),
+     TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86),
+     TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279),
+     TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4),
+     TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318),
+     TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc),
+     TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc),
+     TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3),
+     TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762),}
+    ,
+    {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f),
+     TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61),
+     TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20),
+     TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc),
+     TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235),
+     TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7),
+     TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60),
+     TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152),
+     TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e),
+     TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093),
+     TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8),
+     TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28),
+     TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573),
+     TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e),
+     TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16),
+     TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5),
+     TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3),
+     TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d),
+     TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6),
+     TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0),
+     TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6),
+     TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965),
+     TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123),
+     TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d),
+     TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7),
+     TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3),
+     TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d),
+     TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07),
+     TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a),
+     TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b),
+     TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f),
+     TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1),
+     TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce),
+     TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217),
+     TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d),
+     TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6),
+     TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6),
+     TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884),
+     TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682),
+     TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b),
+     TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2),
+     TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6),
+     TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4),
+     TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc),
+     TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680),
+     TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2),
+     TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142),
+     TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea),
+     TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6),
+     TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529),
+     TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925),
+     TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3),
+     TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10),
+     TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3),
+     TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6),
+     TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a),
+     TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b),
+     TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d),
+     TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05),
+     TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba),
+     TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65),
+     TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3),
+     TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3),
+     TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0),
+     TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118),
+     TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214),
+     TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b),
+     TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5),
+     TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f),
+     TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21),
+     TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb),
+     TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3),
+     TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab),
+     TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f),
+     TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1),
+     TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8),
+     TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3),
+     TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e),
+     TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0),
+     TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225),
+     TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41),
+     TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9),
+     TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad),
+     TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507),
+     TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb),
+     TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628),
+     TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b),
+     TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c),
+     TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039),
+     TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211),
+     TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005),
+     TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c),
+     TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36),
+     TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3),
+     TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371),
+     TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6),
+     TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795),
+     TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2),
+     TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a),
+     TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16),
+     TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584),
+     TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8),
+     TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b),
+     TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5),
+     TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c),
+     TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7),
+     TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee),
+     TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93),
+     TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699),
+     TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60),
+     TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e),
+     TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43),
+     TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a),
+     TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e),
+     TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1),
+     TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52),
+     TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd),
+     TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924),
+     TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4),
+     TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7),
+     TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0),
+     TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab),
+     TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08),
+     TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c),
+     TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3),
+     TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288),
+     TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f),
+     TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b),
+     TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646),
+     TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c),
+     TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda),
+     TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2),
+     TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df),
+     TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c),
+     TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df),
+     TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa),
+     TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348),
+     TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e),
+     TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59),
+     TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e),
+     TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c),
+     TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917),
+     TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357),
+     TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e),
+     TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5),
+     TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4),
+     TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f),
+     TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa),
+     TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357),
+     TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1),
+     TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805),
+     TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804),
+     TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d),
+     TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7),
+     TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a),
+     TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784),
+     TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310),
+     TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74),
+     TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51),
+     TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63),
+     TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559),
+     TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4),
+     TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a),
+     TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80),
+     TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca),
+     TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182),
+     TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860),
+     TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f),
+     TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70),
+     TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5),
+     TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd),
+     TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790),
+     TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4),
+     TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa),
+     TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685),
+     TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810),
+     TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5),
+     TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92),
+     TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21),
+     TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41),
+     TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe),
+     TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08),
+     TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1),
+     TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c),
+     TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47),
+     TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7),
+     TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a),
+     TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6),
+     TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e),
+     TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2),
+     TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b),
+     TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67),
+     TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca),
+     TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04),
+     TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a),
+     TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea),
+     TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b),
+     TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f),
+     TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815),
+     TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39),
+     TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749),
+     TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77),
+     TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61),
+     TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0),
+     TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54),
+     TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614),
+     TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28),
+     TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16),
+     TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb),
+     TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954),
+     TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998),
+     TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc),
+     TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934),
+     TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44),
+     TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a),
+     TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f),
+     TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e),
+     TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d),
+     TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f),
+     TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585),
+     TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239),
+     TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413),
+     TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e),
+     TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28),
+     TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4),
+     TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10),
+     TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33),
+     TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c),
+     TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8),
+     TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2),
+     TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815),
+     TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e),
+     TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c),
+     TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240),
+     TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3),
+     TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb),
+     TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5),
+     TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d),
+     TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f),
+     TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79),
+     TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1),
+     TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0),
+     TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3),
+     TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039),
+     TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab),
+     TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944),
+     TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb),
+     TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf),
+     TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6),
+     TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316),
+     TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789),
+     TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6),
+     TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51),
+     TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017),
+     TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722),
+     TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e),}
+    ,
+    {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3),
+     TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb),
+     TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c),
+     TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b),
+     TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0),
+     TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b),
+     TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080),
+     TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600),
+     TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc),
+     TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026),
+     TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89),
+     TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731),
+     TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79),
+     TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0),
+     TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6),
+     TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668),
+     TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383),
+     TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee),
+     TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f),
+     TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a),
+     TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0),
+     TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa),
+     TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf),
+     TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9),
+     TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc),
+     TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745),
+     TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea),
+     TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a),
+     TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650),
+     TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b),
+     TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989),
+     TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5),
+     TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18),
+     TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c),
+     TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638),
+     TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293),
+     TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857),
+     TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5),
+     TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74),
+     TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582),
+     TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1),
+     TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c),
+     TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef),
+     TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8),
+     TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb),
+     TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f),
+     TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583),
+     TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739),
+     TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344),
+     TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c),
+     TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82),
+     TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba),
+     TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325),
+     TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0),
+     TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791),
+     TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655),
+     TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305),
+     TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6),
+     TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7),
+     TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd),
+     TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab),
+     TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350),
+     TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974),
+     TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1),
+     TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27),
+     TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78),
+     TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996),
+     TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da),
+     TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb),
+     TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77),
+     TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230),
+     TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449),
+     TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f),
+     TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e),
+     TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40),
+     TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2),
+     TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683),
+     TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83),
+     TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2),
+     TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c),
+     TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd),
+     TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804),
+     TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118),
+     TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4),
+     TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051),
+     TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec),
+     TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b),
+     TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493),
+     TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0),
+     TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b),
+     TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4),
+     TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00),
+     TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b),
+     TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953),
+     TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6),
+     TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf),
+     TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80),
+     TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328),
+     TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215),
+     TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61),
+     TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a),
+     TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497),
+     TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0),
+     TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4),
+     TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce),
+     TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56),
+     TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e),
+     TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb),
+     TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf),
+     TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961),
+     TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063),
+     TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c),
+     TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9),
+     TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb),
+     TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1),
+     TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264),
+     TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe),
+     TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0),
+     TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182),
+     TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33),
+     TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46),
+     TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78),
+     TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055),
+     TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90),
+     TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2),
+     TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5),
+     TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b),
+     TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14),
+     TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f),
+     TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0),
+     TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565),
+     TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d),
+     TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea),
+     TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2),
+     TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670),
+     TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d),
+     TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c),
+     TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c),
+     TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33),
+     TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad),
+     TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589),
+     TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd),
+     TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414),
+     TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675),
+     TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048),
+     TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f),
+     TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef),
+     TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97),
+     TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8),
+     TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b),
+     TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a),
+     TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9),
+     TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165),
+     TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da),
+     TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c),
+     TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d),
+     TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd),
+     TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11),
+     TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d),
+     TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb),
+     TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a),
+     TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000),
+     TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9),
+     TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27),
+     TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4),
+     TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193),
+     TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17),
+     TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067),
+     TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da),
+     TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449),
+     TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b),
+     TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943),
+     TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54),
+     TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f),
+     TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53),
+     TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104),
+     TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2),
+     TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903),
+     TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e),
+     TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc),
+     TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037),
+     TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22),
+     TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8),
+     TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e),
+     TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e),
+     TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39),
+     TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498),
+     TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf),
+     TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7),
+     TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a),
+     TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b),
+     TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e),
+     TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff),
+     TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8),
+     TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be),
+     TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c),
+     TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680),
+     TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef),
+     TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8),
+     TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e),
+     TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b),
+     TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201),
+     TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900),
+     TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c),
+     TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0),
+     TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191),
+     TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5),
+     TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89),
+     TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3),
+     TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12),
+     TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf),
+     TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe),
+     TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40),
+     TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936),
+     TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379),
+     TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531),
+     TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44),
+     TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15),
+     TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7),
+     TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7),
+     TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40),
+     TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c),
+     TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e),
+     TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b),
+     TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772),
+     TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47),
+     TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2),
+     TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07),
+     TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63),
+     TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5),
+     TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db),
+     TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e),
+     TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423),
+     TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b),
+     TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459),
+     TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699),
+     TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6),
+     TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777),
+     TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d),
+     TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08),
+     TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a),
+     TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e),
+     TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46),
+     TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22),
+     TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148),
+     TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f),
+     TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab),
+     TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef),
+     TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3),
+     TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91),
+     TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243),
+     TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e),
+     TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b),
+     TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b),
+     TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0),
+     TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d),}
+    ,
+    {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828),
+     TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa),
+     TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17),
+     TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b),
+     TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2),
+     TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff),
+     TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6),
+     TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733),
+     TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35),
+     TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538),
+     TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b),
+     TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80),
+     TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665),
+     TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6),
+     TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c),
+     TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2),
+     TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3),
+     TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996),
+     TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7),
+     TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4),
+     TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde),
+     TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f),
+     TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f),
+     TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd),
+     TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd),
+     TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c),
+     TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6),
+     TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7),
+     TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71),
+     TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11),
+     TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1),
+     TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7),
+     TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29),
+     TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514),
+     TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5),
+     TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19),
+     TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613),
+     TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16),
+     TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5),
+     TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e),
+     TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1),
+     TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a),
+     TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b),
+     TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba),
+     TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee),
+     TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa),
+     TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1),
+     TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836),
+     TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878),
+     TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a),
+     TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f),
+     TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af),
+     TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22),
+     TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b),
+     TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c),
+     TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0),
+     TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634),
+     TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405),
+     TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65),
+     TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e),
+     TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b),
+     TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831),
+     TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029),
+     TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab),
+     TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77),
+     TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e),
+     TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5),
+     TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b),
+     TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a),
+     TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620),
+     TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4),
+     TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428),
+     TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48),
+     TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf),
+     TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584),
+     TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f),
+     TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298),
+     TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d),
+     TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85),
+     TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b),
+     TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26),
+     TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87),
+     TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811),
+     TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592),
+     TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043),
+     TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa),
+     TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82),
+     TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72),
+     TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2),
+     TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba),
+     TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1),
+     TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642),
+     TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce),
+     TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294),
+     TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c),
+     TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949),
+     TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03),
+     TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd),
+     TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd),
+     TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa),
+     TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8),
+     TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db),
+     TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff),
+     TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b),
+     TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75),
+     TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb),
+     TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999),
+     TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108),
+     TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8),
+     TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec),
+     TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229),
+     TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f),
+     TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a),
+     TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29),
+     TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053),
+     TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e),
+     TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df),
+     TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558),
+     TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b),
+     TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff),
+     TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a),
+     TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e),
+     TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43),
+     TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d),
+     TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0),
+     TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43),
+     TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904),
+     TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf),
+     TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4),
+     TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12),
+     TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460),
+     TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c),
+     TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c),
+     TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8),
+     TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4),
+     TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48),
+     TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11),
+     TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9),
+     TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c),
+     TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316),
+     TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c),
+     TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01),
+     TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101),
+     TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572),
+     TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5),
+     TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250),
+     TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c),
+     TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe),
+     TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95),
+     TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8),
+     TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb),
+     TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28),
+     TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96),
+     TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51),
+     TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233),
+     TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005),
+     TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217),
+     TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a),
+     TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f),
+     TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b),
+     TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb),
+     TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761),
+     TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db),
+     TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a),
+     TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06),
+     TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12),
+     TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4),
+     TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20),
+     TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e),
+     TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9),
+     TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad),
+     TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b),
+     TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f),
+     TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed),
+     TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c),
+     TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038),
+     TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536),
+     TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2),
+     TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea),
+     TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843),
+     TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210),
+     TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6),
+     TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff),
+     TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2),
+     TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5),
+     TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e),
+     TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6),
+     TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035),
+     TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04),
+     TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3),
+     TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd),
+     TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea),
+     TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843),
+     TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed),
+     TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e),
+     TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7),
+     TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b),
+     TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754),
+     TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385),
+     TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e),
+     TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed),
+     TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772),
+     TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e),
+     TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850),
+     TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3),
+     TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7),
+     TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354),
+     TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0),
+     TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad),
+     TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b),
+     TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5),
+     TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843),
+     TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4),
+     TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c),
+     TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18),
+     TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040),
+     TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4),
+     TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c),
+     TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963),
+     TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c),
+     TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0),
+     TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4),
+     TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84),
+     TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf),
+     TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17),
+     TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065),
+     TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178),
+     TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5),
+     TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485),
+     TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea),
+     TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea),
+     TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75),
+     TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed),
+     TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22),
+     TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff),
+     TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113),
+     TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b),
+     TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331),
+     TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08),
+     TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c),
+     TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8),
+     TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22),
+     TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295),
+     TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536),
+     TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae),
+     TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb),
+     TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc),
+     TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161),
+     TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98),
+     TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd),
+     TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a),
+     TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1),
+     TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246),
+     TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53),
+     TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707),
+     TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d),}
+    ,
+    {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320),
+     TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae),
+     TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de),
+     TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5),
+     TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e),
+     TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2),
+     TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7),
+     TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f),
+     TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2),
+     TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0),
+     TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e),
+     TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f),
+     TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e),
+     TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef),
+     TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2),
+     TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81),
+     TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75),
+     TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663),
+     TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e),
+     TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e),
+     TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c),
+     TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951),
+     TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d),
+     TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651),
+     TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625),
+     TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a),
+     TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b),
+     TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506),
+     TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a),
+     TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be),
+     TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4),
+     TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13),
+     TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e),
+     TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c),
+     TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931),
+     TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b),
+     TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b),
+     TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d),
+     TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3),
+     TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456),
+     TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e),
+     TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce),
+     TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12),
+     TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16),
+     TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb),
+     TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7),
+     TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f),
+     TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991),
+     TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12),
+     TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2),
+     TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f),
+     TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f),
+     TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523),
+     TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b),
+     TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b),
+     TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5),
+     TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673),
+     TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2),
+     TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c),
+     TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b),
+     TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a),
+     TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540),
+     TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995),
+     TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268),
+     TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e),
+     TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3),
+     TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75),
+     TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6),
+     TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3),
+     TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382),
+     TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d),
+     TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b),
+     TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7),
+     TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061),
+     TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1),
+     TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069),
+     TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247),
+     TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0),
+     TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24),
+     TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da),
+     TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894),
+     TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b),
+     TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9),
+     TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a),
+     TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb),
+     TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05),
+     TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf),
+     TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c),
+     TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc),
+     TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd),
+     TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e),
+     TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1),
+     TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4),
+     TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e),
+     TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64),
+     TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574),
+     TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a),
+     TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae),
+     TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35),
+     TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f),
+     TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c),
+     TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed),
+     TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345),
+     TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c),
+     TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb),
+     TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87),
+     TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a),
+     TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3),
+     TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc),
+     TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c),
+     TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2),
+     TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf),
+     TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946),
+     TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5),
+     TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9),
+     TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52),
+     TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3),
+     TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad),
+     TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96),
+     TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459),
+     TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a),
+     TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7),
+     TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d),
+     TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa),
+     TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142),
+     TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec),
+     TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10),
+     TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1),
+     TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815),
+     TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5),
+     TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464),
+     TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6),
+     TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0),
+     TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963),
+     TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232),
+     TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a),
+     TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af),
+     TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7),
+     TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae),
+     TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981),
+     TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e),
+     TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a),
+     TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9),
+     TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2),
+     TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681),
+     TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9),
+     TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8),
+     TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04),
+     TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472),
+     TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7),
+     TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71),
+     TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954),
+     TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972),
+     TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8),
+     TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4),
+     TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812),
+     TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04),
+     TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e),
+     TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d),
+     TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46),
+     TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52),
+     TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7),
+     TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b),
+     TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2),
+     TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09),
+     TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef),
+     TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6),
+     TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5),
+     TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5),
+     TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac),
+     TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de),
+     TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421),
+     TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b),
+     TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d),
+     TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708),
+     TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df),
+     TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e),
+     TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c),
+     TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e),
+     TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0),
+     TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd),
+     TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27),
+     TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d),
+     TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457),
+     TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d),
+     TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9),
+     TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51),
+     TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f),
+     TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff),
+     TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc),
+     TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1),
+     TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8),
+     TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27),
+     TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566),
+     TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7),
+     TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36),
+     TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8),
+     TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4),
+     TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd),
+     TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256),
+     TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1),
+     TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175),
+     TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c),
+     TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987),
+     TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94),
+     TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240),
+     TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22),
+     TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf),
+     TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5),
+     TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894),
+     TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743),
+     TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb),
+     TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33),
+     TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b),
+     TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59),
+     TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d),
+     TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459),
+     TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278),
+     TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782),
+     TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006),
+     TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2),
+     TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f),
+     TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83),
+     TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c),
+     TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d),
+     TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161),
+     TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513),
+     TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5),
+     TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959),
+     TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f),
+     TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75),
+     TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9),
+     TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c),
+     TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231),
+     TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36),
+     TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e),
+     TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c),
+     TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49),
+     TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef),
+     TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca),
+     TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa),
+     TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c),
+     TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081),
+     TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47),
+     TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9),
+     TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96),
+     TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4),
+     TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847),
+     TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8),
+     TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72),
+     TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf),
+     TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011),
+     TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05),
+     TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58),
+     TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8),
+     TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691),}
+    ,
+    {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da),
+     TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c),
+     TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa),
+     TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7),
+     TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e),
+     TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21),
+     TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025),
+     TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8),
+     TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607),
+     TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82),
+     TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0),
+     TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28),
+     TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562),
+     TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d),
+     TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0),
+     TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1),
+     TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c),
+     TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9),
+     TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085),
+     TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f),
+     TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6),
+     TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f),
+     TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9),
+     TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6),
+     TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1),
+     TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef),
+     TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13),
+     TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577),
+     TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae),
+     TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240),
+     TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39),
+     TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9),
+     TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291),
+     TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8),
+     TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d),
+     TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5),
+     TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e),
+     TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8),
+     TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f),
+     TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae),
+     TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05),
+     TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae),
+     TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced),
+     TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433),
+     TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8),
+     TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d),
+     TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1),
+     TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7),
+     TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6),
+     TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e),
+     TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994),
+     TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d),
+     TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5),
+     TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d),
+     TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b),
+     TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16),
+     TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc),
+     TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a),
+     TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5),
+     TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0),
+     TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7),
+     TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda),
+     TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2),
+     TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413),
+     TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12),
+     TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0),
+     TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65),
+     TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8),
+     TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e),
+     TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d),
+     TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da),
+     TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4),
+     TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f),
+     TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277),
+     TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec),
+     TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9),
+     TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385),
+     TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36),
+     TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a),
+     TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e),
+     TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef),
+     TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b),
+     TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f),
+     TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462),
+     TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd),
+     TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed),
+     TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f),
+     TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e),
+     TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b),
+     TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf),
+     TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2),
+     TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2),
+     TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456),
+     TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e),
+     TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a),
+     TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a),
+     TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57),
+     TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a),
+     TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42),
+     TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3),
+     TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32),
+     TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d),
+     TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909),
+     TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83),
+     TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead),
+     TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8),
+     TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd),
+     TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0),
+     TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d),
+     TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436),
+     TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179),
+     TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845),
+     TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97),
+     TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4),
+     TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d),
+     TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43),
+     TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b),
+     TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff),
+     TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb),
+     TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368),
+     TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26),
+     TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937),
+     TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8),
+     TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40),
+     TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf),
+     TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2),
+     TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a),
+     TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a),
+     TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3),
+     TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3),
+     TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002),
+     TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56),
+     TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7),
+     TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411),
+     TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b),
+     TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3),
+     TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848),
+     TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e),
+     TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72),
+     TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31),
+     TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e),
+     TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68),
+     TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf),
+     TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8),
+     TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b),
+     TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758),
+     TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533),
+     TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b),
+     TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515),
+     TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8),
+     TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885),
+     TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46),
+     TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98),
+     TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3),
+     TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72),
+     TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b),
+     TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477),
+     TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819),
+     TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b),
+     TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838),
+     TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4),
+     TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3),
+     TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718),
+     TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f),
+     TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e),
+     TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1),
+     TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c),
+     TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5),
+     TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1),
+     TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133),
+     TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3),
+     TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff),
+     TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e),
+     TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea),
+     TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec),
+     TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6),
+     TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c),
+     TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39),
+     TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39),
+     TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1),
+     TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921),
+     TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149),
+     TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e),
+     TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781),
+     TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0),
+     TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe),
+     TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30),
+     TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0),
+     TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98),
+     TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651),
+     TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521),
+     TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91),
+     TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2),
+     TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87),
+     TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41),
+     TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5),
+     TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469),
+     TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6),
+     TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8),
+     TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a),
+     TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee),
+     TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31),
+     TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e),
+     TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63),
+     TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8),
+     TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a),
+     TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7),
+     TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f),
+     TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29),
+     TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61),
+     TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e),
+     TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247),
+     TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210),
+     TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947),
+     TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c),
+     TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a),
+     TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793),
+     TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7),
+     TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c),
+     TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7),
+     TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5),
+     TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1),
+     TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da),
+     TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026),
+     TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9),
+     TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146),
+     TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22),
+     TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d),
+     TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771),
+     TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de),
+     TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049),
+     TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678),
+     TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f),
+     TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a),
+     TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c),
+     TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d),
+     TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28),
+     TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7),
+     TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7),
+     TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11),
+     TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd),
+     TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93),
+     TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb),
+     TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d),
+     TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3),
+     TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606),
+     TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89),
+     TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8),
+     TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9),
+     TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7),
+     TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276),
+     TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4),
+     TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454),
+     TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372),
+     TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e),
+     TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f),}
+    ,
+    {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7),
+     TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943),
+     TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362),
+     TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297),
+     TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7),
+     TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0),
+     TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c),
+     TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc),
+     TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf),
+     TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858),
+     TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304),
+     TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900),
+     TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96),
+     TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304),
+     TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b),
+     TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651),
+     TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267),
+     TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65),
+     TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1),
+     TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6),
+     TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab),
+     TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d),
+     TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece),
+     TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac),
+     TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192),
+     TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046),
+     TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352),
+     TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667),
+     TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e),
+     TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57),
+     TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b),
+     TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3),
+     TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704),
+     TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7),
+     TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be),
+     TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291),
+     TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c),
+     TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d),
+     TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c),
+     TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e),
+     TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682),
+     TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799),
+     TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9),
+     TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756),
+     TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e),
+     TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8),
+     TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86),
+     TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836),
+     TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be),
+     TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1),
+     TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d),
+     TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b),
+     TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052),
+     TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48),
+     TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d),
+     TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43),
+     TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961),
+     TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17),
+     TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1),
+     TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed),
+     TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840),
+     TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644),
+     TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e),
+     TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c),
+     TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf),
+     TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867),
+     TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41),
+     TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67),
+     TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77),
+     TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a),
+     TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276),
+     TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b),
+     TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00),
+     TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d),
+     TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842),
+     TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6),
+     TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5),
+     TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544),
+     TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63),
+     TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854),
+     TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601),
+     TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487),
+     TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7),
+     TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f),
+     TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a),
+     TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f),
+     TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74),
+     TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091),
+     TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9),
+     TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63),
+     TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e),
+     TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44),
+     TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de),
+     TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7),
+     TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c),
+     TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28),
+     TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1),
+     TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92),
+     TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46),
+     TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93),
+     TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2),
+     TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056),
+     TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1),
+     TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660),
+     TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45),
+     TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b),
+     TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a),
+     TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac),
+     TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8),
+     TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab),
+     TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51),
+     TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca),
+     TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed),
+     TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3),
+     TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5),
+     TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9),
+     TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94),
+     TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a),
+     TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec),
+     TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491),
+     TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5),
+     TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd),
+     TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9),
+     TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e),
+     TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0),
+     TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f),
+     TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91),
+     TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb),
+     TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28),
+     TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0),
+     TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56),
+     TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49),
+     TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729),
+     TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3),
+     TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc),
+     TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8),
+     TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef),
+     TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2),
+     TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc),
+     TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc),
+     TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d),
+     TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee),
+     TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032),
+     TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812),
+     TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491),
+     TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1),
+     TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc),
+     TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c),
+     TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007),
+     TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d),
+     TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10),
+     TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940),
+     TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b),
+     TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1),
+     TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5),
+     TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d),
+     TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe),
+     TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318),
+     TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca),
+     TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a),
+     TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569),
+     TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e),
+     TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b),
+     TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d),
+     TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78),
+     TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a),
+     TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b),
+     TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4),
+     TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926),
+     TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5),
+     TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772),
+     TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab),
+     TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7),
+     TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b),
+     TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599),
+     TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6),
+     TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9),
+     TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67),
+     TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907),
+     TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad),
+     TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51),
+     TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0),
+     TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff),
+     TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b),
+     TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1),
+     TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a),
+     TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901),
+     TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e),
+     TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c),
+     TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3),
+     TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511),
+     TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d),
+     TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2),
+     TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511),
+     TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c),
+     TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e),
+     TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb),
+     TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249),
+     TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4),
+     TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53),
+     TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583),
+     TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5),
+     TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760),
+     TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1),
+     TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d),
+     TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b),
+     TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5),
+     TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188),
+     TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79),
+     TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef),
+     TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b),
+     TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7),
+     TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e),
+     TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf),
+     TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4),
+     TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341),
+     TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff),
+     TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00),
+     TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8),
+     TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571),
+     TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697),
+     TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd),
+     TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096),
+     TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7),
+     TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13),
+     TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522),
+     TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021),
+     TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff),
+     TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc),
+     TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f),
+     TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee),
+     TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605),
+     TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28),
+     TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0),
+     TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be),
+     TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246),
+     TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93),
+     TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c),
+     TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214),
+     TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04),
+     TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326),
+     TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499),
+     TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f),
+     TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434),
+     TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c),
+     TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532),
+     TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269),
+     TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f),
+     TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554),
+     TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f),
+     TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799),
+     TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12),
+     TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152),
+     TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458),
+     TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc),
+     TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89),}
+    ,
+    {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e),
+     TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de),
+     TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56),
+     TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154),
+     TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078),
+     TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc),
+     TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0),
+     TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9),
+     TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259),
+     TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407),
+     TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f),
+     TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9),
+     TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240),
+     TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca),
+     TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228),
+     TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59),
+     TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88),
+     TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f),
+     TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26),
+     TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf),
+     TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382),
+     TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43),
+     TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4),
+     TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0),
+     TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633),
+     TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea),
+     TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a),
+     TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab),
+     TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27),
+     TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50),
+     TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e),
+     TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf),
+     TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c),
+     TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25),
+     TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5),
+     TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b),
+     TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe),
+     TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee),
+     TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7),
+     TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276),
+     TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a),
+     TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851),
+     TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba),
+     TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66),
+     TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c),
+     TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b),
+     TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61),
+     TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e),
+     TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4),
+     TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb),
+     TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75),
+     TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe),
+     TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80),
+     TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a),
+     TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4),
+     TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a),
+     TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee),
+     TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf),
+     TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1),
+     TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1),
+     TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a),
+     TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331),
+     TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625),
+     TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61),
+     TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4),
+     TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a),
+     TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360),
+     TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b),
+     TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f),
+     TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219),
+     TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5),
+     TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181),
+     TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8),
+     TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c),
+     TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c),
+     TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b),
+     TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7),
+     TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2),
+     TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e),
+     TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8),
+     TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782),
+     TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d),
+     TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4),
+     TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4),
+     TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402),
+     TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372),
+     TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa),
+     TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73),
+     TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167),
+     TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79),
+     TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04),
+     TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a),
+     TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd),
+     TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81),
+     TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1),
+     TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87),
+     TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb),
+     TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6),
+     TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33),
+     TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9),
+     TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55),
+     TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8),
+     TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a),
+     TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39),
+     TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e),
+     TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6),
+     TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d),
+     TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb),
+     TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8),
+     TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1),
+     TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888),
+     TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c),
+     TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41),
+     TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8),
+     TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d),
+     TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab),
+     TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3),
+     TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e),
+     TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4),
+     TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764),
+     TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce),
+     TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f),
+     TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38),
+     TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936),
+     TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93),
+     TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0),
+     TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58),
+     TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a),
+     TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe),
+     TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae),
+     TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28),
+     TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11),
+     TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7),
+     TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73),
+     TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823),
+     TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346),
+     TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256),
+     TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40),
+     TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7),
+     TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec),
+     TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5),
+     TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530),
+     TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac),
+     TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f),
+     TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63),
+     TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15),
+     TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20),
+     TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30),
+     TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba),
+     TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa),
+     TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8),
+     TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6),
+     TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa),
+     TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3),
+     TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa),
+     TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c),
+     TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e),
+     TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872),
+     TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618),
+     TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514),
+     TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79),
+     TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3),
+     TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8),
+     TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0),
+     TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc),
+     TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036),
+     TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7),
+     TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec),
+     TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911),
+     TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1),
+     TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27),
+     TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe),
+     TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d),
+     TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42),
+     TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05),
+     TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33),
+     TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0),
+     TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111),
+     TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007),
+     TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de),
+     TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6),
+     TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5),
+     TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7),
+     TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160),
+     TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32),
+     TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f),
+     TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112),
+     TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6),
+     TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54),
+     TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5),
+     TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe),
+     TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400),
+     TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed),
+     TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69),
+     TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1),
+     TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29),
+     TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771),
+     TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678),
+     TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5),
+     TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c),
+     TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b),
+     TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea),
+     TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99),
+     TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55),
+     TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15),
+     TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95),
+     TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa),
+     TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da),
+     TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce),
+     TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254),
+     TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855),
+     TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc),
+     TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762),
+     TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236),
+     TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979),
+     TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64),
+     TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309),
+     TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8),
+     TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672),
+     TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff),
+     TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4),
+     TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e),
+     TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4),
+     TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa),
+     TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328),
+     TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c),
+     TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014),
+     TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf),
+     TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f),
+     TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad),
+     TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08),
+     TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199),
+     TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b),
+     TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd),
+     TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14),
+     TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158),
+     TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1),
+     TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd),
+     TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a),
+     TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2),
+     TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150),
+     TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719),
+     TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb),
+     TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3),
+     TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b),
+     TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe),
+     TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7),
+     TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec),
+     TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646),
+     TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a),
+     TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66),
+     TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de),
+     TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24),
+     TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04),
+     TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81),
+     TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca),}
+    ,
+    {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728),
+     TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d),
+     TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf),
+     TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2),
+     TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413),
+     TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7),
+     TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5),
+     TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089),
+     TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b),
+     TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07),
+     TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682),
+     TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6),
+     TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33),
+     TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd),
+     TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac),
+     TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c),
+     TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0),
+     TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241),
+     TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363),
+     TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3),
+     TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168),
+     TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02),
+     TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac),
+     TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d),
+     TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc),
+     TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649),
+     TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7),
+     TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef),
+     TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae),
+     TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c),
+     TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52),
+     TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558),
+     TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c),
+     TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c),
+     TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec),
+     TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4),
+     TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259),
+     TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1),
+     TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c),
+     TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c),
+     TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4),
+     TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3),
+     TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2),
+     TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a),
+     TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184),
+     TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00),
+     TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4),
+     TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828),
+     TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d),
+     TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478),
+     TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0),
+     TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8),
+     TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541),
+     TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be),
+     TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a),
+     TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216),
+     TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86),
+     TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128),
+     TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf),
+     TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2),
+     TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a),
+     TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84),
+     TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e),
+     TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0),
+     TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6),
+     TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16),
+     TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2),
+     TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849),
+     TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14),
+     TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644),
+     TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2),
+     TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5),
+     TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550),
+     TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1),
+     TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d),
+     TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8),
+     TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13),
+     TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d),
+     TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d),
+     TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af),
+     TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88),
+     TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d),
+     TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2),
+     TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984),
+     TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca),
+     TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40),
+     TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b),
+     TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239),
+     TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8),
+     TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe),
+     TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279),
+     TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae),
+     TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8),
+     TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab),
+     TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f),
+     TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e),
+     TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc),
+     TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e),
+     TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622),
+     TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2),
+     TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161),
+     TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6),
+     TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0),
+     TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34),
+     TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb),
+     TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b),
+     TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d),
+     TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567),
+     TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6),
+     TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff),
+     TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122),
+     TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942),
+     TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69),
+     TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa),
+     TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e),
+     TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326),
+     TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70),
+     TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1),
+     TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed),
+     TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331),
+     TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a),
+     TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7),
+     TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2),
+     TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993),
+     TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5),
+     TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d),
+     TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f),
+     TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887),
+     TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5),
+     TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56),
+     TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73),
+     TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a),
+     TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036),
+     TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162),
+     TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5),
+     TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5),
+     TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b),
+     TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1),
+     TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389),
+     TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde),
+     TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac),
+     TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768),
+     TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc),
+     TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279),
+     TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca),
+     TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba),
+     TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a),
+     TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb),
+     TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500),
+     TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476),
+     TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa),
+     TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c),
+     TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28),
+     TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34),
+     TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a),
+     TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e),
+     TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae),
+     TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f),
+     TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e),
+     TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf),
+     TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0),
+     TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854),
+     TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab),
+     TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f),
+     TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03),
+     TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720),
+     TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495),
+     TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef),
+     TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef),
+     TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349),
+     TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825),
+     TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a),
+     TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3),
+     TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5),
+     TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7),
+     TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c),
+     TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792),
+     TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2),
+     TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d),
+     TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9),
+     TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad),
+     TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854),
+     TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4),
+     TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70),
+     TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997),
+     TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52),
+     TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2),
+     TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2),
+     TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232),
+     TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca),
+     TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8),
+     TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72),
+     TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905),
+     TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42),
+     TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642),
+     TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b),
+     TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c),
+     TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed),
+     TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e),
+     TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd),
+     TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693),
+     TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f),
+     TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3),
+     TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130),
+     TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895),
+     TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b),
+     TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9),
+     TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5),
+     TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45),
+     TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df),
+     TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25),
+     TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1),
+     TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5),
+     TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf),
+     TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54),
+     TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384),
+     TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75),
+     TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb),
+     TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9),
+     TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844),
+     TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66),
+     TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6),
+     TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f),
+     TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a),
+     TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511),
+     TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee),
+     TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9),
+     TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff),
+     TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3),
+     TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12),
+     TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16),
+     TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36),
+     TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f),
+     TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429),
+     TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c),
+     TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2),
+     TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f),
+     TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843),
+     TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622),
+     TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37),
+     TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f),
+     TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f),
+     TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a),
+     TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7),
+     TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335),
+     TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9),
+     TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0),
+     TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49),
+     TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244),
+     TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd),
+     TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6),
+     TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978),
+     TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7),
+     TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4),
+     TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac),
+     TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63),}
+    ,
+    {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046),
+     TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d),
+     TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa),
+     TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746),
+     TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e),
+     TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19),
+     TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2),
+     TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d),
+     TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427),
+     TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77),
+     TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9),
+     TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0),
+     TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8),
+     TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0),
+     TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05),
+     TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1),
+     TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62),
+     TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99),
+     TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61),
+     TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1),
+     TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5),
+     TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685),
+     TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771),
+     TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81),
+     TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898),
+     TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11),
+     TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4),
+     TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b),
+     TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e),
+     TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26),
+     TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f),
+     TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab),
+     TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603),
+     TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77),
+     TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2),
+     TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980),
+     TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee),
+     TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326),
+     TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6),
+     TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5),
+     TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e),
+     TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9),
+     TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591),
+     TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d),
+     TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb),
+     TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac),
+     TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e),
+     TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b),
+     TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc),
+     TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3),
+     TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c),
+     TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8),
+     TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174),
+     TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081),
+     TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2),
+     TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53),
+     TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be),
+     TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf),
+     TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6),
+     TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464),
+     TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63),
+     TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d),
+     TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c),
+     TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f),
+     TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a),
+     TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222),
+     TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea),
+     TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac),
+     TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886),
+     TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8),
+     TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e),
+     TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a),
+     TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5),
+     TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800),
+     TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494),
+     TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203),
+     TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375),
+     TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d),
+     TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b),
+     TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3),
+     TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb),
+     TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b),
+     TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac),
+     TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739),
+     TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f),
+     TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee),
+     TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7),
+     TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a),
+     TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814),
+     TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5),
+     TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe),
+     TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885),
+     TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6),
+     TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8),
+     TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70),
+     TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef),
+     TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96),
+     TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d),
+     TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e),
+     TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61),
+     TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976),
+     TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe),
+     TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d),
+     TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5),
+     TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a),
+     TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447),
+     TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2),
+     TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c),
+     TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746),
+     TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4),
+     TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985),
+     TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e),
+     TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9),
+     TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef),
+     TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6),
+     TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4),
+     TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda),
+     TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960),
+     TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7),
+     TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327),
+     TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1),
+     TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc),
+     TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e),
+     TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07),
+     TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e),
+     TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0),
+     TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8),
+     TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b),
+     TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e),
+     TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33),
+     TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa),
+     TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b),
+     TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690),
+     TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7),
+     TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc),
+     TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9),
+     TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059),
+     TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b),
+     TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1),
+     TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b),
+     TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56),
+     TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed),
+     TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af),
+     TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a),
+     TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a),
+     TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd),
+     TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e),
+     TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4),
+     TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248),
+     TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382),
+     TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9),
+     TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f),
+     TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d),
+     TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9),
+     TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506),
+     TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce),
+     TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91),
+     TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8),
+     TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4),
+     TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b),
+     TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be),
+     TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41),
+     TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a),
+     TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35),
+     TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478),
+     TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8),
+     TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0),
+     TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832),
+     TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b),
+     TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047),
+     TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423),
+     TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac),
+     TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb),
+     TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734),
+     TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493),
+     TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf),
+     TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7),
+     TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f),
+     TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc),
+     TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47),
+     TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea),
+     TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62),
+     TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993),
+     TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8),
+     TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab),
+     TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2),
+     TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d),
+     TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f),
+     TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c),
+     TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067),
+     TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097),
+     TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e),
+     TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0),
+     TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162),
+     TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042),
+     TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5),
+     TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c),
+     TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0),
+     TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2),
+     TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711),
+     TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d),
+     TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a),
+     TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d),
+     TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548),
+     TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba),
+     TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827),
+     TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a),
+     TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1),
+     TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4),
+     TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195),
+     TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65),
+     TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07),
+     TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b),
+     TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1),
+     TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4),
+     TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea),
+     TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7),
+     TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22),
+     TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60),
+     TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c),
+     TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21),
+     TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676),
+     TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b),
+     TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee),
+     TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1),
+     TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98),
+     TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb),
+     TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06),
+     TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9),
+     TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f),
+     TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1),
+     TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6),
+     TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3),
+     TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635),
+     TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120),
+     TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3),
+     TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520),
+     TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf),
+     TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a),
+     TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848),
+     TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6),
+     TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc),
+     TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc),
+     TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6),
+     TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae),
+     TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d),
+     TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317),
+     TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a),
+     TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee),
+     TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7),
+     TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b),
+     TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8),
+     TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e),
+     TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792),
+     TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5),
+     TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4),}
+    ,
+    {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603),
+     TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129),
+     TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c),
+     TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca),
+     TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e),
+     TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8),
+     TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8),
+     TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038),
+     TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a),
+     TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109),
+     TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43),
+     TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3),
+     TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc),
+     TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4),
+     TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3),
+     TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97),
+     TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9),
+     TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb),
+     TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b),
+     TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e),
+     TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07),
+     TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270),
+     TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b),
+     TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f),
+     TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb),
+     TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997),
+     TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a),
+     TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5),
+     TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb),
+     TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a),
+     TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586),
+     TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018),
+     TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b),
+     TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739),
+     TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962),
+     TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b),
+     TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257),
+     TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8),
+     TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f),
+     TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa),
+     TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467),
+     TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665),
+     TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a),
+     TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f),
+     TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a),
+     TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8),
+     TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3),
+     TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00),
+     TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b),
+     TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52),
+     TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f),
+     TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975),
+     TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc),
+     TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323),
+     TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9),
+     TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35),
+     TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1),
+     TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d),
+     TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb),
+     TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c),
+     TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266),
+     TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf),
+     TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf),
+     TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd),
+     TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1),
+     TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110),
+     TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3),
+     TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28),
+     TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531),
+     TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8),
+     TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a),
+     TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83),
+     TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a),
+     TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d),
+     TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783),
+     TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4),
+     TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203),
+     TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc),
+     TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a),
+     TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7),
+     TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287),
+     TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c),
+     TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70),
+     TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c),
+     TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8),
+     TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4),
+     TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f),
+     TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9),
+     TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366),
+     TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b),
+     TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01),
+     TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd),
+     TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da),
+     TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e),
+     TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465),
+     TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5),
+     TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1),
+     TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c),
+     TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217),
+     TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955),
+     TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124),
+     TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775),
+     TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a),
+     TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29),
+     TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800),
+     TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194),
+     TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6),
+     TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c),
+     TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26),
+     TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724),
+     TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026),
+     TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114),
+     TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0),
+     TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262),
+     TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b),
+     TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd),
+     TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26),
+     TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f),
+     TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909),
+     TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc),
+     TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078),
+     TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b),
+     TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406),
+     TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f),
+     TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8),
+     TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b),
+     TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22),
+     TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af),
+     TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859),
+     TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a),
+     TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819),
+     TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d),
+     TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313),
+     TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408),
+     TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed),
+     TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69),
+     TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f),
+     TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00),
+     TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7),
+     TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f),
+     TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534),
+     TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78),
+     TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125),
+     TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7),
+     TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08),
+     TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd),
+     TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b),
+     TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f),
+     TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235),
+     TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28),
+     TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2),
+     TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed),
+     TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45),
+     TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744),
+     TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a),
+     TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c),
+     TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd),
+     TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312),
+     TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830),
+     TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5),
+     TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345),
+     TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462),
+     TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe),
+     TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79),
+     TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f),
+     TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a),
+     TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c),
+     TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d),
+     TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889),
+     TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f),
+     TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182),
+     TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736),
+     TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65),
+     TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747),
+     TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68),
+     TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb),
+     TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497),
+     TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d),
+     TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416),
+     TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272),
+     TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db),
+     TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57),
+     TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104),
+     TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc),
+     TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6),
+     TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0),
+     TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e),
+     TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2),
+     TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e),
+     TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e),
+     TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04),
+     TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614),
+     TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09),
+     TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b),
+     TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f),
+     TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd),
+     TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e),
+     TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd),
+     TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6),
+     TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0),
+     TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623),
+     TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01),
+     TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92),
+     TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804),
+     TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a),
+     TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d),
+     TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe),
+     TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a),
+     TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4),
+     TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e),
+     TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4),
+     TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489),
+     TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5),
+     TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62),
+     TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643),
+     TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e),
+     TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a),
+     TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3),
+     TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398),
+     TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7),
+     TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74),
+     TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799),
+     TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d),
+     TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280),
+     TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28),
+     TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c),
+     TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b),
+     TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c),
+     TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0),
+     TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae),
+     TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10),
+     TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e),
+     TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae),
+     TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e),
+     TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15),
+     TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8),
+     TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c),
+     TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2),
+     TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b),
+     TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1),
+     TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb),
+     TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670),
+     TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef),
+     TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb),
+     TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49),
+     TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a),
+     TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e),
+     TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa),
+     TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335),
+     TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632),
+     TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660),
+     TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c),
+     TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99),
+     TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4),
+     TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e),
+     TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}
+};
diff --git a/openssl-1.1.0h/crypto/ec/ecp_oct.c b/openssl-1.1.0h/crypto/ec/ecp_oct.c
new file mode 100644
index 0000000..4d142a4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_oct.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                             EC_POINT *point,
+                                             const BIGNUM *x_, int y_bit,
+                                             BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *x, *y;
+    int ret = 0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0);
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    /*-
+     * Recover y.  We have a Weierstrass equation
+     *     y^2 = x^3 + a*x + b,
+     * so  y  is one of the square roots of  x^3 + a*x + b.
+     */
+
+    /* tmp1 := x^3 */
+    if (!BN_nnmod(x, x_, group->field, ctx))
+        goto err;
+    if (group->meth->field_decode == 0) {
+        /* field_{sqr,mul} work on standard representation */
+        if (!group->meth->field_sqr(group, tmp2, x_, ctx))
+            goto err;
+        if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
+            goto err;
+    } else {
+        if (!BN_mod_sqr(tmp2, x_, group->field, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp1, tmp2, x_, group->field, ctx))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + a*x */
+    if (group->a_is_minus3) {
+        if (!BN_mod_lshift1_quick(tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_add_quick(tmp2, tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (group->meth->field_decode) {
+            if (!group->meth->field_decode(group, tmp2, group->a, ctx))
+                goto err;
+            if (!BN_mod_mul(tmp2, tmp2, x, group->field, ctx))
+                goto err;
+        } else {
+            /* field_mul works on standard representation */
+            if (!group->meth->field_mul(group, tmp2, group->a, x, ctx))
+                goto err;
+        }
+
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + b */
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, tmp2, group->b, ctx))
+            goto err;
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (!BN_mod_add_quick(tmp1, tmp1, group->b, group->field))
+            goto err;
+    }
+
+    if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
+        unsigned long err = ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) == ERR_LIB_BN
+            && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
+            ERR_clear_error();
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  EC_R_INVALID_COMPRESSED_POINT);
+        } else
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (y_bit != BN_is_odd(y)) {
+        if (BN_is_zero(y)) {
+            int kron;
+
+            kron = BN_kronecker(x, group->field, ctx);
+            if (kron == -2)
+                goto err;
+
+            if (kron == 1)
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSION_BIT);
+            else
+                /*
+                 * BN_mod_sqrt() should have cought this error (not a square)
+                 */
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            goto err;
+        }
+        if (!BN_usub(y, group->field, y))
+            goto err;
+    }
+    if (y_bit != BN_is_odd(y)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+              ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = BN_num_bytes(group->field);
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+            goto err;
+
+        if ((form == POINT_CONVERSION_COMPRESSED
+             || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+            buf[0] = form + 1;
+        else
+            buf[0] = form;
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                            const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = BN_num_bytes(group->field);
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, group->field) >= 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates_GFp
+            (group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, group->field) >= 0) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (y_bit != BN_is_odd(y)) {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates_GFp is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecp_smpl.c b/openssl-1.1.0h/crypto/ec/ecp_smpl.c
new file mode 100644
index 0000000..abd3795
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecp_smpl.c
@@ -0,0 +1,1369 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_simple_group_copy,
+        ec_GFp_simple_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_simple_field_mul,
+        ec_GFp_simple_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key
+    };
+
+    return &ret;
+}
+
+/*
+ * Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+ *
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    group->a_is_minus3 = 0;
+    return 1;
+}
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+}
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+
+    dest->a_is_minus3 = src->a_is_minus3;
+
+    return 1;
+}
+
+int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+                                  const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp_a;
+
+    /* p must be a prime > 3 */
+    if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp_a = BN_CTX_get(ctx);
+    if (tmp_a == NULL)
+        goto err;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    BN_set_negative(group->field, 0);
+
+    /* group->a */
+    if (!BN_nnmod(tmp_a, a, p, ctx))
+        goto err;
+    if (group->meth->field_encode) {
+        if (!group->meth->field_encode(group, group->a, tmp_a, ctx))
+            goto err;
+    } else if (!BN_copy(group->a, tmp_a))
+        goto err;
+
+    /* group->b */
+    if (!BN_nnmod(group->b, b, p, ctx))
+        goto err;
+    if (group->meth->field_encode)
+        if (!group->meth->field_encode(group, group->b, group->b, ctx))
+            goto err;
+
+    /* group->a_is_minus3 */
+    if (!BN_add_word(tmp_a, 3))
+        goto err;
+    group->a_is_minus3 = (0 == BN_cmp(tmp_a, group->field));
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL || b != NULL) {
+        if (group->meth->field_decode) {
+            if (ctx == NULL) {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                    return 0;
+            }
+            if (a != NULL) {
+                if (!group->meth->field_decode(group, a, group->a, ctx))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!group->meth->field_decode(group, b, group->b, ctx))
+                    goto err;
+            }
+        } else {
+            if (a != NULL) {
+                if (!BN_copy(a, group->a))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!BN_copy(b, group->b))
+                    goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field);
+}
+
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
+    const BIGNUM *p = group->field;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    tmp_1 = BN_CTX_get(ctx);
+    tmp_2 = BN_CTX_get(ctx);
+    order = BN_CTX_get(ctx);
+    if (order == NULL)
+        goto err;
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, a, group->a, ctx))
+            goto err;
+        if (!group->meth->field_decode(group, b, group->b, ctx))
+            goto err;
+    } else {
+        if (!BN_copy(a, group->a))
+            goto err;
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    /*-
+     * check the discriminant:
+     * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
+     * 0 =< a, b < p
+     */
+    if (BN_is_zero(a)) {
+        if (BN_is_zero(b))
+            goto err;
+    } else if (!BN_is_zero(b)) {
+        if (!BN_mod_sqr(tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_lshift(tmp_1, tmp_2, 2))
+            goto err;
+        /* tmp_1 = 4*a^3 */
+
+        if (!BN_mod_sqr(tmp_2, b, p, ctx))
+            goto err;
+        if (!BN_mul_word(tmp_2, 27))
+            goto err;
+        /* tmp_2 = 27*b^2 */
+
+        if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx))
+            goto err;
+        if (BN_is_zero(a))
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+    point->Z_is_one = 0;
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+
+    return 1;
+}
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
+                                        EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  EC_POINT *point,
+                                                  const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z,
+                                                  BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    if (x != NULL) {
+        if (!BN_nnmod(point->X, x, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->X, point->X, ctx))
+                goto err;
+        }
+    }
+
+    if (y != NULL) {
+        if (!BN_nnmod(point->Y, y, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->Y, point->Y, ctx))
+                goto err;
+        }
+    }
+
+    if (z != NULL) {
+        int Z_is_one;
+
+        if (!BN_nnmod(point->Z, z, group->field, ctx))
+            goto err;
+        Z_is_one = BN_is_one(point->Z);
+        if (group->meth->field_encode) {
+            if (Z_is_one && (group->meth->field_set_to_one != 0)) {
+                if (!group->meth->field_set_to_one(group, point->Z, ctx))
+                    goto err;
+            } else {
+                if (!group->
+                    meth->field_encode(group, point->Z, point->Z, ctx))
+                    goto err;
+            }
+        }
+        point->Z_is_one = Z_is_one;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  const EC_POINT *point,
+                                                  BIGNUM *x, BIGNUM *y,
+                                                  BIGNUM *z, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->meth->field_decode != 0) {
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        if (x != NULL) {
+            if (!group->meth->field_decode(group, x, point->X, ctx))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!group->meth->field_decode(group, y, point->Y, ctx))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!group->meth->field_decode(group, z, point->Z, ctx))
+                goto err;
+        }
+    } else {
+        if (x != NULL) {
+            if (!BN_copy(x, point->X))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!BN_copy(y, point->Y))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!BN_copy(z, point->Z))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                               EC_POINT *point,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *ctx)
+{
+    if (x == NULL || y == NULL) {
+        /*
+         * unlike for projective coordinates, we do not tolerate this
+         */
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y,
+                                                    BN_value_one(), ctx);
+}
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                               const EC_POINT *point,
+                                               BIGNUM *x, BIGNUM *y,
+                                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+    const BIGNUM *Z_;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    Z = BN_CTX_get(ctx);
+    Z_1 = BN_CTX_get(ctx);
+    Z_2 = BN_CTX_get(ctx);
+    Z_3 = BN_CTX_get(ctx);
+    if (Z_3 == NULL)
+        goto err;
+
+    /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, Z, point->Z, ctx))
+            goto err;
+        Z_ = Z;
+    } else {
+        Z_ = point->Z;
+    }
+
+    if (BN_is_one(Z_)) {
+        if (group->meth->field_decode) {
+            if (x != NULL) {
+                if (!group->meth->field_decode(group, x, point->X, ctx))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!group->meth->field_decode(group, y, point->Y, ctx))
+                    goto err;
+            }
+        } else {
+            if (x != NULL) {
+                if (!BN_copy(x, point->X))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!BN_copy(y, point->Y))
+                    goto err;
+            }
+        }
+    } else {
+        if (!BN_mod_inverse(Z_1, Z_, group->field, ctx)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (group->meth->field_encode == 0) {
+            /* field_sqr works on standard representation */
+            if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_sqr(Z_2, Z_1, group->field, ctx))
+                goto err;
+        }
+
+        if (x != NULL) {
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in X:
+             */
+            if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
+                goto err;
+        }
+
+        if (y != NULL) {
+            if (group->meth->field_encode == 0) {
+                /*
+                 * field_mul works on standard representation
+                 */
+                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+                    goto err;
+            } else {
+                if (!BN_mod_mul(Z_3, Z_2, Z_1, group->field, ctx))
+                    goto err;
+            }
+
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in Y:
+             */
+            if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+    int ret = 0;
+
+    if (a == b)
+        return EC_POINT_dbl(group, r, a, ctx);
+    if (EC_POINT_is_at_infinity(group, a))
+        return EC_POINT_copy(r, b);
+    if (EC_POINT_is_at_infinity(group, b))
+        return EC_POINT_copy(r, a);
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    n4 = BN_CTX_get(ctx);
+    n5 = BN_CTX_get(ctx);
+    n6 = BN_CTX_get(ctx);
+    if (n6 == NULL)
+        goto end;
+
+    /*
+     * Note that in this function we must not read components of 'a' or 'b'
+     * once we have written the corresponding components of 'r'. ('r' might
+     * be one of 'a' or 'b'.)
+     */
+
+    /* n1, n2 */
+    if (b->Z_is_one) {
+        if (!BN_copy(n1, a->X))
+            goto end;
+        if (!BN_copy(n2, a->Y))
+            goto end;
+        /* n1 = X_a */
+        /* n2 = Y_a */
+    } else {
+        if (!field_sqr(group, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n1, a->X, n0, ctx))
+            goto end;
+        /* n1 = X_a * Z_b^2 */
+
+        if (!field_mul(group, n0, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n2, a->Y, n0, ctx))
+            goto end;
+        /* n2 = Y_a * Z_b^3 */
+    }
+
+    /* n3, n4 */
+    if (a->Z_is_one) {
+        if (!BN_copy(n3, b->X))
+            goto end;
+        if (!BN_copy(n4, b->Y))
+            goto end;
+        /* n3 = X_b */
+        /* n4 = Y_b */
+    } else {
+        if (!field_sqr(group, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n3, b->X, n0, ctx))
+            goto end;
+        /* n3 = X_b * Z_a^2 */
+
+        if (!field_mul(group, n0, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n4, b->Y, n0, ctx))
+            goto end;
+        /* n4 = Y_b * Z_a^3 */
+    }
+
+    /* n5, n6 */
+    if (!BN_mod_sub_quick(n5, n1, n3, p))
+        goto end;
+    if (!BN_mod_sub_quick(n6, n2, n4, p))
+        goto end;
+    /* n5 = n1 - n3 */
+    /* n6 = n2 - n4 */
+
+    if (BN_is_zero(n5)) {
+        if (BN_is_zero(n6)) {
+            /* a is the same point as b */
+            BN_CTX_end(ctx);
+            ret = EC_POINT_dbl(group, r, a, ctx);
+            ctx = NULL;
+            goto end;
+        } else {
+            /* a is the inverse of b */
+            BN_zero(r->Z);
+            r->Z_is_one = 0;
+            ret = 1;
+            goto end;
+        }
+    }
+
+    /* 'n7', 'n8' */
+    if (!BN_mod_add_quick(n1, n1, n3, p))
+        goto end;
+    if (!BN_mod_add_quick(n2, n2, n4, p))
+        goto end;
+    /* 'n7' = n1 + n3 */
+    /* 'n8' = n2 + n4 */
+
+    /* Z_r */
+    if (a->Z_is_one && b->Z_is_one) {
+        if (!BN_copy(r->Z, n5))
+            goto end;
+    } else {
+        if (a->Z_is_one) {
+            if (!BN_copy(n0, b->Z))
+                goto end;
+        } else if (b->Z_is_one) {
+            if (!BN_copy(n0, a->Z))
+                goto end;
+        } else {
+            if (!field_mul(group, n0, a->Z, b->Z, ctx))
+                goto end;
+        }
+        if (!field_mul(group, r->Z, n0, n5, ctx))
+            goto end;
+    }
+    r->Z_is_one = 0;
+    /* Z_r = Z_a * Z_b * n5 */
+
+    /* X_r */
+    if (!field_sqr(group, n0, n6, ctx))
+        goto end;
+    if (!field_sqr(group, n4, n5, ctx))
+        goto end;
+    if (!field_mul(group, n3, n1, n4, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(r->X, n0, n3, p))
+        goto end;
+    /* X_r = n6^2 - n5^2 * 'n7' */
+
+    /* 'n9' */
+    if (!BN_mod_lshift1_quick(n0, r->X, p))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n3, n0, p))
+        goto end;
+    /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+    /* Y_r */
+    if (!field_mul(group, n0, n0, n6, ctx))
+        goto end;
+    if (!field_mul(group, n5, n4, n5, ctx))
+        goto end;               /* now n5 is n5^3 */
+    if (!field_mul(group, n1, n2, n5, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n0, n1, p))
+        goto end;
+    if (BN_is_odd(n0))
+        if (!BN_add(n0, n0, p))
+            goto end;
+    /* now  0 <= n0 < 2*p,  and n0 is even */
+    if (!BN_rshift1(r->Y, n0))
+        goto end;
+    /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+    ret = 1;
+
+ end:
+    if (ctx)                    /* otherwise we already called BN_CTX_end */
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        BN_zero(r->Z);
+        r->Z_is_one = 0;
+        return 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    if (n3 == NULL)
+        goto err;
+
+    /*
+     * Note that in this function we must not read components of 'a' once we
+     * have written the corresponding components of 'r'. ('r' might the same
+     * as 'a'.)
+     */
+
+    /* n1 */
+    if (a->Z_is_one) {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, group->a, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve */
+    } else if (group->a_is_minus3) {
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n0, a->X, n1, p))
+            goto err;
+        if (!BN_mod_sub_quick(n2, a->X, n1, p))
+            goto err;
+        if (!field_mul(group, n1, n0, n2, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, n1, p))
+            goto err;
+        /*-
+         * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+         *    = 3 * X_a^2 - 3 * Z_a^4
+         */
+    } else {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!field_sqr(group, n1, n1, ctx))
+            goto err;
+        if (!field_mul(group, n1, n1, group->a, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n1, n1, n0, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+    }
+
+    /* Z_r */
+    if (a->Z_is_one) {
+        if (!BN_copy(n0, a->Y))
+            goto err;
+    } else {
+        if (!field_mul(group, n0, a->Y, a->Z, ctx))
+            goto err;
+    }
+    if (!BN_mod_lshift1_quick(r->Z, n0, p))
+        goto err;
+    r->Z_is_one = 0;
+    /* Z_r = 2 * Y_a * Z_a */
+
+    /* n2 */
+    if (!field_sqr(group, n3, a->Y, ctx))
+        goto err;
+    if (!field_mul(group, n2, a->X, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n2, n2, 2, p))
+        goto err;
+    /* n2 = 4 * X_a * Y_a^2 */
+
+    /* X_r */
+    if (!BN_mod_lshift1_quick(n0, n2, p))
+        goto err;
+    if (!field_sqr(group, r->X, n1, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->X, r->X, n0, p))
+        goto err;
+    /* X_r = n1^2 - 2 * n2 */
+
+    /* n3 */
+    if (!field_sqr(group, n0, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n3, n0, 3, p))
+        goto err;
+    /* n3 = 8 * Y_a^4 */
+
+    /* Y_r */
+    if (!BN_mod_sub_quick(n0, n2, r->X, p))
+        goto err;
+    if (!field_mul(group, n0, n1, n0, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->Y, n0, n3, p))
+        goto err;
+    /* Y_r = n1 * (n2 - X_r) - n3 */
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    return BN_usub(point->Y, group->field, point->Y);
+}
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *rh, *tmp, *Z4, *Z6;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    rh = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    Z4 = BN_CTX_get(ctx);
+    Z6 = BN_CTX_get(ctx);
+    if (Z6 == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 = x^3 + a*x + b.
+     * The point to consider is given in Jacobian projective coordinates
+     * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+     * Substituting this and multiplying by  Z^6  transforms the above equation into
+     *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+     * To test this, we add up the right-hand side in 'rh'.
+     */
+
+    /* rh := X^2 */
+    if (!field_sqr(group, rh, point->X, ctx))
+        goto err;
+
+    if (!point->Z_is_one) {
+        if (!field_sqr(group, tmp, point->Z, ctx))
+            goto err;
+        if (!field_sqr(group, Z4, tmp, ctx))
+            goto err;
+        if (!field_mul(group, Z6, Z4, tmp, ctx))
+            goto err;
+
+        /* rh := (rh + a*Z^4)*X */
+        if (group->a_is_minus3) {
+            if (!BN_mod_lshift1_quick(tmp, Z4, p))
+                goto err;
+            if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+                goto err;
+            if (!BN_mod_sub_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        } else {
+            if (!field_mul(group, tmp, Z4, group->a, ctx))
+                goto err;
+            if (!BN_mod_add_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        }
+
+        /* rh := rh + b*Z^6 */
+        if (!field_mul(group, tmp, group->b, Z6, ctx))
+            goto err;
+        if (!BN_mod_add_quick(rh, rh, tmp, p))
+            goto err;
+    } else {
+        /* point->Z_is_one */
+
+        /* rh := (rh + a)*X */
+        if (!BN_mod_add_quick(rh, rh, group->a, p))
+            goto err;
+        if (!field_mul(group, rh, rh, point->X, ctx))
+            goto err;
+        /* rh := rh + b */
+        if (!BN_mod_add_quick(rh, rh, group->b, p))
+            goto err;
+    }
+
+    /* 'lh' := Y^2 */
+    if (!field_sqr(group, tmp, point->Y, ctx))
+        goto err;
+
+    ret = (0 == BN_ucmp(tmp, rh));
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    /*-
+     * return values:
+     *  -1   error
+     *   0   equal (in affine coordinates)
+     *   1   not equal
+     */
+
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+    const BIGNUM *tmp1_, *tmp2_;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    Za23 = BN_CTX_get(ctx);
+    Zb23 = BN_CTX_get(ctx);
+    if (Zb23 == NULL)
+        goto end;
+
+    /*-
+     * We have to decide whether
+     *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+     * or equivalently, whether
+     *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+     */
+
+    if (!b->Z_is_one) {
+        if (!field_sqr(group, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->X, Zb23, ctx))
+            goto end;
+        tmp1_ = tmp1;
+    } else
+        tmp1_ = a->X;
+    if (!a->Z_is_one) {
+        if (!field_sqr(group, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->X, Za23, ctx))
+            goto end;
+        tmp2_ = tmp2;
+    } else
+        tmp2_ = b->X;
+
+    /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    if (!b->Z_is_one) {
+        if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
+            goto end;
+        /* tmp1_ = tmp1 */
+    } else
+        tmp1_ = a->Y;
+    if (!a->Z_is_one) {
+        if (!field_mul(group, Za23, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->Y, Za23, ctx))
+            goto end;
+        /* tmp2_ = tmp2 */
+    } else
+        tmp2_ = b->Y;
+
+    /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    /* points are equal */
+    ret = 0;
+
+ end:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+    if (!point->Z_is_one) {
+        ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                     EC_POINT *points[], BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *tmp_Z;
+    BIGNUM **prod_Z = NULL;
+    size_t i;
+    int ret = 0;
+
+    if (num == 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    tmp_Z = BN_CTX_get(ctx);
+    if (tmp == NULL || tmp_Z == NULL)
+        goto err;
+
+    prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
+    if (prod_Z == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        prod_Z[i] = BN_new();
+        if (prod_Z[i] == NULL)
+            goto err;
+    }
+
+    /*
+     * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+     * skipping any zero-valued inputs (pretend that they're 1).
+     */
+
+    if (!BN_is_zero(points[0]->Z)) {
+        if (!BN_copy(prod_Z[0], points[0]->Z))
+            goto err;
+    } else {
+        if (group->meth->field_set_to_one != 0) {
+            if (!group->meth->field_set_to_one(group, prod_Z[0], ctx))
+                goto err;
+        } else {
+            if (!BN_one(prod_Z[0]))
+                goto err;
+        }
+    }
+
+    for (i = 1; i < num; i++) {
+        if (!BN_is_zero(points[i]->Z)) {
+            if (!group->
+                meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z,
+                                ctx))
+                goto err;
+        } else {
+            if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
+                goto err;
+        }
+    }
+
+    /*
+     * Now use a single explicit inversion to replace every non-zero
+     * points[i]->Z by its inverse.
+     */
+
+    if (!BN_mod_inverse(tmp, prod_Z[num - 1], group->field, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (group->meth->field_encode != 0) {
+        /*
+         * In the Montgomery case, we just turned R*H (representing H) into
+         * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to
+         * multiply by the Montgomery factor twice.
+         */
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+    }
+
+    for (i = num - 1; i > 0; --i) {
+        /*
+         * Loop invariant: tmp is the product of the inverses of points[0]->Z
+         * .. points[i]->Z (zero-valued inputs skipped).
+         */
+        if (!BN_is_zero(points[i]->Z)) {
+            /*
+             * Set tmp_Z to the inverse of points[i]->Z (as product of Z
+             * inverses 0 .. i, Z values 0 .. i - 1).
+             */
+            if (!group->
+                meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+                goto err;
+            /*
+             * Update tmp to satisfy the loop invariant for i - 1.
+             */
+            if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
+                goto err;
+            /* Replace points[i]->Z by its inverse. */
+            if (!BN_copy(points[i]->Z, tmp_Z))
+                goto err;
+        }
+    }
+
+    if (!BN_is_zero(points[0]->Z)) {
+        /* Replace points[0]->Z by its inverse. */
+        if (!BN_copy(points[0]->Z, tmp))
+            goto err;
+    }
+
+    /* Finally, fix up the X and Y coordinates for all points. */
+
+    for (i = 0; i < num; i++) {
+        EC_POINT *p = points[i];
+
+        if (!BN_is_zero(p->Z)) {
+            /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+            if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
+                goto err;
+
+            if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
+                goto err;
+
+            if (group->meth->field_set_to_one != 0) {
+                if (!group->meth->field_set_to_one(group, p->Z, ctx))
+                    goto err;
+            } else {
+                if (!BN_one(p->Z))
+                    goto err;
+            }
+            p->Z_is_one = 1;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    if (prod_Z != NULL) {
+        for (i = 0; i < num; i++) {
+            if (prod_Z[i] == NULL)
+                break;
+            BN_clear_free(prod_Z[i]);
+        }
+        OPENSSL_free(prod_Z);
+    }
+    return ret;
+}
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_mod_mul(r, a, b, group->field, ctx);
+}
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    return BN_mod_sqr(r, a, group->field, ctx);
+}
diff --git a/openssl-1.1.0h/crypto/ec/ecx_meth.c b/openssl-1.1.0h/crypto/ec/ecx_meth.c
new file mode 100644
index 0000000..018a941
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ec/ecx_meth.c
@@ -0,0 +1,373 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/rand.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "ec_lcl.h"
+
+#define X25519_KEYLEN        32
+#define X25519_BITS          253
+#define X25519_SECURITY_BITS 128
+
+typedef struct {
+    unsigned char pubkey[X25519_KEYLEN];
+    unsigned char *privkey;
+} X25519_KEY;
+
+typedef enum {
+    X25519_PUBLIC,
+    X25519_PRIVATE,
+    X25519_KEYGEN
+} ecx_key_op_t;
+
+/* Setup EVP_PKEY using public, private or generation */
+static int ecx_key_op(EVP_PKEY *pkey, const X509_ALGOR *palg,
+                      const unsigned char *p, int plen, ecx_key_op_t op)
+{
+    X25519_KEY *xkey;
+
+    if (op != X25519_KEYGEN) {
+        if (palg != NULL) {
+            int ptype;
+
+            /* Algorithm parameters must be absent */
+            X509_ALGOR_get0(NULL, &ptype, NULL, palg);
+            if (ptype != V_ASN1_UNDEF) {
+                ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+                return 0;
+            }
+        }
+
+        if (p == NULL || plen != X25519_KEYLEN) {
+            ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+    }
+
+    xkey = OPENSSL_zalloc(sizeof(*xkey));
+    if (xkey == NULL) {
+        ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (op == X25519_PUBLIC) {
+        memcpy(xkey->pubkey, p, plen);
+    } else {
+        xkey->privkey = OPENSSL_secure_malloc(X25519_KEYLEN);
+        if (xkey->privkey == NULL) {
+            ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(xkey);
+            return 0;
+        }
+        if (op == X25519_KEYGEN) {
+            if (RAND_bytes(xkey->privkey, X25519_KEYLEN) <= 0) {
+                OPENSSL_secure_free(xkey->privkey);
+                OPENSSL_free(xkey);
+                return 0;
+            }
+            xkey->privkey[0] &= 248;
+            xkey->privkey[31] &= 127;
+            xkey->privkey[31] |= 64;
+        } else {
+            memcpy(xkey->privkey, p, X25519_KEYLEN);
+        }
+        X25519_public_from_private(xkey->pubkey, xkey->privkey);
+    }
+
+    EVP_PKEY_assign(pkey, NID_X25519, xkey);
+    return 1;
+}
+
+static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    const X25519_KEY *xkey = pkey->pkey.ptr;
+    unsigned char *penc;
+
+    if (xkey == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);
+        return 0;
+    }
+
+    penc = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN);
+    if (penc == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(NID_X25519), V_ASN1_UNDEF,
+                                NULL, penc, X25519_KEYLEN)) {
+        OPENSSL_free(penc);
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    return ecx_key_op(pkey, palg, p, pklen, X25519_PUBLIC);
+}
+
+static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const X25519_KEY *akey = a->pkey.ptr;
+    const X25519_KEY *bkey = b->pkey.ptr;
+
+    if (akey == NULL || bkey == NULL)
+        return -2;
+    return !CRYPTO_memcmp(akey->pubkey, bkey->pubkey, X25519_KEYLEN);
+}
+
+static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    int plen;
+    ASN1_OCTET_STRING *oct = NULL;
+    const X509_ALGOR *palg;
+    int rv;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8))
+        return 0;
+
+    oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
+    if (oct == NULL) {
+        p = NULL;
+        plen = 0;
+    } else {
+        p = ASN1_STRING_get0_data(oct);
+        plen = ASN1_STRING_length(oct);
+    }
+
+    rv = ecx_key_op(pkey, palg, p, plen, X25519_PRIVATE);
+    ASN1_OCTET_STRING_free(oct);
+    return rv;
+}
+
+static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    const X25519_KEY *xkey = pkey->pkey.ptr;
+    ASN1_OCTET_STRING oct;
+    unsigned char *penc = NULL;
+    int penclen;
+
+    if (xkey == NULL || xkey->privkey == NULL) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+
+    oct.data = xkey->privkey;
+    oct.length = X25519_KEYLEN;
+    oct.flags = 0;
+
+    penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
+    if (penclen < 0) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X25519), 0,
+                         V_ASN1_UNDEF, NULL, penc, penclen)) {
+        OPENSSL_clear_free(penc, penclen);
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ecx_size(const EVP_PKEY *pkey)
+{
+    return X25519_KEYLEN;
+}
+
+static int ecx_bits(const EVP_PKEY *pkey)
+{
+    return X25519_BITS;
+}
+
+static int ecx_security_bits(const EVP_PKEY *pkey)
+{
+    return X25519_SECURITY_BITS;
+}
+
+static void ecx_free(EVP_PKEY *pkey)
+{
+    X25519_KEY *xkey = pkey->pkey.ptr;
+
+    if (xkey)
+        OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
+    OPENSSL_free(xkey);
+}
+
+/* "parameters" are always equal */
+static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return 1;
+}
+
+static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx, ecx_key_op_t op)
+{
+    const X25519_KEY *xkey = pkey->pkey.ptr;
+
+    if (op == X25519_PRIVATE) {
+        if (xkey == NULL || xkey->privkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PRIVATE KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*sX25519 Private-Key:\n", indent, "") <= 0)
+            return 0;
+        if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0)
+            return 0;
+        if (ASN1_buf_print(bp, xkey->privkey, X25519_KEYLEN, indent + 4) == 0)
+            return 0;
+    } else {
+        if (xkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PUBLIC KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*sX25519 Public-Key:\n", indent, "") <= 0)
+            return 0;
+    }
+    if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0)
+        return 0;
+    if (ASN1_buf_print(bp, xkey->pubkey, X25519_KEYLEN, indent + 4) == 0)
+        return 0;
+    return 1;
+}
+
+static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, X25519_PRIVATE);
+}
+
+static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, X25519_PUBLIC);
+}
+
+static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return ecx_key_op(pkey, NULL, arg2, arg1, X25519_PUBLIC);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        if (pkey->pkey.ptr != NULL) {
+            const X25519_KEY *xkey = pkey->pkey.ptr;
+            unsigned char **ppt = arg2;
+            *ppt = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN);
+            if (*ppt != NULL)
+                return X25519_KEYLEN;
+        }
+        return 0;
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+}
+
+const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
+    NID_X25519,
+    NID_X25519,
+    0,
+    "X25519",
+    "OpenSSL X25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL
+};
+
+static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return ecx_key_op(pkey, NULL, NULL, 0, X25519_KEYGEN);
+}
+
+static int pkey_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                           size_t *keylen)
+{
+    const X25519_KEY *pkey, *peerkey;
+
+    if (ctx->pkey == NULL || ctx->peerkey == NULL) {
+        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+    pkey = ctx->pkey->pkey.ptr;
+    peerkey = ctx->peerkey->pkey.ptr;
+    if (pkey == NULL || pkey->privkey == NULL) {
+        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+    if (peerkey == NULL) {
+        ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
+        return 0;
+    }
+    *keylen = X25519_KEYLEN;
+    if (key != NULL && X25519(key, pkey->privkey, peerkey->pubkey) == 0)
+        return 0;
+    return 1;
+}
+
+static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    /* Only need to handle peer key for derivation */
+    if (type == EVP_PKEY_CTRL_PEER_KEY)
+        return 1;
+    return -2;
+}
+
+const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+    NID_X25519,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive,
+    pkey_ecx_ctrl,
+    0
+};
diff --git a/openssl-1.1.0h/crypto/engine/README b/openssl-1.1.0h/crypto/engine/README
new file mode 100644
index 0000000..41baa18
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly; 
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independent of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a gracefull restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+
diff --git a/openssl-1.1.0h/crypto/engine/build.info b/openssl-1.1.0h/crypto/engine/build.info
new file mode 100644
index 0000000..161dad4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
+        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+        eng_rdrand.c
diff --git a/openssl-1.1.0h/crypto/engine/eng_all.c b/openssl-1.1.0h/crypto/engine/eng_all.c
new file mode 100644
index 0000000..ebe0277
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_all.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+{
+    /* Some ENGINEs need this */
+    OPENSSL_cpuid_setup();
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+}
+
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
+void ENGINE_setup_bsd_cryptodev(void)
+{
+    static int bsd_cryptodev_default_loaded = 0;
+    if (!bsd_cryptodev_default_loaded) {
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL);
+        ENGINE_register_all_complete();
+    }
+    bsd_cryptodev_default_loaded = 1;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/engine/eng_cnf.c b/openssl-1.1.0h/crypto/engine/eng_cnf.c
new file mode 100644
index 0000000..6f0a066
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_cnf.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static const char *skip_dot(const char *name)
+{
+    const char *p = strchr(name, '.');
+
+    if (p != NULL)
+        return p + 1;
+    return name;
+}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+{
+    if (!ENGINE_init(e))
+        return 0;
+    if (!initialized_engines)
+        initialized_engines = sk_ENGINE_new_null();
+    if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+        ENGINE_finish(e);
+        return 0;
+    }
+    return 1;
+}
+
+static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
+{
+    int i;
+    int ret = 0;
+    long do_init = -1;
+    STACK_OF(CONF_VALUE) *ecmds;
+    CONF_VALUE *ecmd = NULL;
+    const char *ctrlname, *ctrlvalue;
+    ENGINE *e = NULL;
+    int soft = 0;
+
+    name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+    /* Value is a section containing ENGINE commands */
+    ecmds = NCONF_get_section(cnf, value);
+
+    if (!ecmds) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+        ecmd = sk_CONF_VALUE_value(ecmds, i);
+        ctrlname = skip_dot(ecmd->name);
+        ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+                ctrlvalue);
+#endif
+
+        /* First handle some special pseudo ctrls */
+
+        /* Override engine name to use */
+        if (strcmp(ctrlname, "engine_id") == 0)
+            name = ctrlvalue;
+        else if (strcmp(ctrlname, "soft_load") == 0)
+            soft = 1;
+        /* Load a dynamic ENGINE */
+        else if (strcmp(ctrlname, "dynamic_path") == 0) {
+            e = ENGINE_by_id("dynamic");
+            if (!e)
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                goto err;
+        }
+        /* ... add other pseudos here ... */
+        else {
+            /*
+             * At this point we need an ENGINE structural reference if we
+             * don't already have one.
+             */
+            if (!e) {
+                e = ENGINE_by_id(name);
+                if (!e && soft) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (!e)
+                    goto err;
+            }
+            /*
+             * Allow "EMPTY" to mean no value: this allows a valid "value" to
+             * be passed to ctrls of type NO_INPUT
+             */
+            if (strcmp(ctrlvalue, "EMPTY") == 0)
+                ctrlvalue = NULL;
+            if (strcmp(ctrlname, "init") == 0) {
+                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                    goto err;
+                if (do_init == 1) {
+                    if (!int_engine_init(e))
+                        goto err;
+                } else if (do_init != 0) {
+                    ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                              ENGINE_R_INVALID_INIT_VALUE);
+                    goto err;
+                }
+            } else if (strcmp(ctrlname, "default_algorithms") == 0) {
+                if (!ENGINE_set_default_string(e, ctrlvalue))
+                    goto err;
+            } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+                goto err;
+        }
+
+    }
+    if (e && (do_init == -1) && !int_engine_init(e)) {
+        ecmd = NULL;
+        goto err;
+    }
+    ret = 1;
+ err:
+    if (ret != 1) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+        if (ecmd)
+            ERR_add_error_data(6, "section=", ecmd->section,
+                               ", name=", ecmd->name,
+                               ", value=", ecmd->value);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    STACK_OF(CONF_VALUE) *elist;
+    CONF_VALUE *cval;
+    int i;
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Called engine module: name %s, value %s\n",
+            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+    /* Value is a section containing ENGINEs to configure */
+    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+    if (!elist) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+                  ENGINE_R_ENGINES_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+        cval = sk_CONF_VALUE_value(elist, i);
+        if (!int_engine_configure(cval->name, cval->value, cnf))
+            return 0;
+    }
+
+    return 1;
+}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+{
+    ENGINE *e;
+
+    while ((e = sk_ENGINE_pop(initialized_engines)))
+        ENGINE_finish(e);
+    sk_ENGINE_free(initialized_engines);
+    initialized_engines = NULL;
+}
+
+void ENGINE_add_conf_module(void)
+{
+    CONF_module_add("engines",
+                    int_engine_module_init, int_engine_module_finish);
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_cryptodev.c b/openssl-1.1.0h/crypto/engine/eng_cryptodev.c
new file mode 100644
index 0000000..5572735
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_cryptodev.c
@@ -0,0 +1,1757 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <internal/engine.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+
+#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+        (defined(OpenBSD) || defined(__FreeBSD__))
+# include <sys/param.h>
+# if (defined(OpenBSD) && (OpenBSD >= 200112)) || \
+     (defined(__FreeBSD_version) && \
+      ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || \
+       __FreeBSD_version >= 500041))
+#  define HAVE_CRYPTODEV
+# endif
+# if defined(OpenBSD) && (OpenBSD >= 200110)
+#  define HAVE_SYSLOG_R
+# endif
+#endif
+
+#include <sys/types.h>
+#ifdef HAVE_CRYPTODEV
+# include <crypto/cryptodev.h>
+# include <sys/ioctl.h>
+# include <errno.h>
+# include <stdio.h>
+# include <unistd.h>
+# include <fcntl.h>
+# include <stdarg.h>
+# include <syslog.h>
+# include <errno.h>
+# include <string.h>
+#endif
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+#ifndef HAVE_CRYPTODEV
+
+void engine_load_cryptodev_int(void)
+{
+    /* This is a NOP on platforms without /dev/crypto */
+    return;
+}
+
+#else
+
+struct dev_crypto_state {
+    struct session_op d_sess;
+    int d_fd;
+# ifdef USE_CRYPTODEV_DIGESTS
+    char dummy_mac_key[HASH_MAX_LEN];
+    unsigned char digest_res[HASH_MAX_LEN];
+    char *mac_data;
+    int mac_len;
+# endif
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static RSA_METHOD *cryptodev_rsa;
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD *cryptodev_dsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+static DH_METHOD *cryptodev_dh;
+#endif
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int get_cryptodev_ciphers(const int **cnids);
+# ifdef USE_CRYPTODEV_DIGESTS
+static int get_cryptodev_digests(const int **cnids);
+# endif
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+                                    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+                          int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                       BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                 BN_CTX *ctx);
+#ifndef OPENSSL_NO_DSA
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a,
+                                    const BIGNUM *p, const BIGNUM *m,
+                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
+                                     const BIGNUM *u1, const BIGNUM *pub_key,
+                                     const BIGNUM *u2, const BIGNUM *p,
+                                     BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+                                    DH *dh);
+#endif
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+                          void (*f) (void));
+void engine_load_cryptodev_int(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+    {0, NULL, NULL, 0}
+};
+
+static struct {
+    int id;
+    int nid;
+    int ivmax;
+    int keylen;
+} ciphers[] = {
+    {
+        CRYPTO_ARC4, NID_rc4, 0, 16,
+    },
+    {
+        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+    },
+    {
+        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+    },
+    {
+        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+    },
+    {
+        CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
+    },
+    {
+        CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
+    },
+# ifdef CRYPTO_AES_CTR
+    {
+        CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
+    },
+    {
+        CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
+    },
+    {
+        CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
+    },
+# endif
+    {
+        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+    },
+    {
+        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+    },
+    {
+        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+    },
+    {
+        0, NID_undef, 0, 0,
+    },
+};
+
+# ifdef USE_CRYPTODEV_DIGESTS
+static struct {
+    int id;
+    int nid;
+    int keylen;
+} digests[] = {
+    {
+        CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
+    },
+    {
+        CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
+    },
+    {
+        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
+        /* ? */
+    },
+    {
+        CRYPTO_MD5_KPDK, NID_undef, 0
+    },
+    {
+        CRYPTO_SHA1_KPDK, NID_undef, 0
+    },
+    {
+        CRYPTO_MD5, NID_md5, 16
+    },
+    {
+        CRYPTO_SHA1, NID_sha1, 20
+    },
+    {
+        0, NID_undef, 0
+    },
+};
+# endif
+
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int open_dev_crypto(void)
+{
+    static int fd = -1;
+
+    if (fd == -1) {
+        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+            return (-1);
+        /* close on exec */
+        if (fcntl(fd, F_SETFD, 1) == -1) {
+            close(fd);
+            fd = -1;
+            return (-1);
+        }
+    }
+    return (fd);
+}
+
+static int get_dev_crypto(void)
+{
+    int fd, retfd;
+
+    if ((fd = open_dev_crypto()) == -1)
+        return (-1);
+# ifndef CRIOGET_NOT_NEEDED
+    if (ioctl(fd, CRIOGET, &retfd) == -1)
+        return (-1);
+
+    /* close on exec */
+    if (fcntl(retfd, F_SETFD, 1) == -1) {
+        close(retfd);
+        return (-1);
+    }
+# else
+    retfd = fd;
+# endif
+    return (retfd);
+}
+
+static void put_dev_crypto(int fd)
+{
+# ifndef CRIOGET_NOT_NEEDED
+    close(fd);
+# endif
+}
+
+/* Caching version for asym operations */
+static int get_asym_dev_crypto(void)
+{
+    static int fd = -1;
+
+    if (fd == -1)
+        fd = get_dev_crypto();
+    return fd;
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int get_cryptodev_ciphers(const int **cnids)
+{
+    static int nids[CRYPTO_ALGORITHM_MAX];
+    struct session_op sess;
+    int fd, i, count = 0;
+
+    if ((fd = get_dev_crypto()) < 0) {
+        *cnids = NULL;
+        return (0);
+    }
+    memset(&sess, 0, sizeof(sess));
+    sess.key = (caddr_t) "123456789abcdefghijklmno";
+
+    for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+        if (ciphers[i].nid == NID_undef)
+            continue;
+        sess.cipher = ciphers[i].id;
+        sess.keylen = ciphers[i].keylen;
+        sess.mac = 0;
+        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+            nids[count++] = ciphers[i].nid;
+    }
+    put_dev_crypto(fd);
+
+    if (count > 0)
+        *cnids = nids;
+    else
+        *cnids = NULL;
+    return (count);
+}
+
+# ifdef USE_CRYPTODEV_DIGESTS
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int get_cryptodev_digests(const int **cnids)
+{
+    static int nids[CRYPTO_ALGORITHM_MAX];
+    struct session_op sess;
+    int fd, i, count = 0;
+
+    if ((fd = get_dev_crypto()) < 0) {
+        *cnids = NULL;
+        return (0);
+    }
+    memset(&sess, 0, sizeof(sess));
+    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
+    for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+        if (digests[i].nid == NID_undef)
+            continue;
+        sess.mac = digests[i].id;
+        sess.mackeylen = digests[i].keylen;
+        sess.cipher = 0;
+        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+            nids[count++] = digests[i].nid;
+    }
+    put_dev_crypto(fd);
+
+    if (count > 0)
+        *cnids = nids;
+    else
+        *cnids = NULL;
+    return (count);
+}
+# endif                         /* 0 */
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anything else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initialization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int cryptodev_usable_ciphers(const int **nids)
+{
+    return (get_cryptodev_ciphers(nids));
+}
+
+static int cryptodev_usable_digests(const int **nids)
+{
+# ifdef USE_CRYPTODEV_DIGESTS
+    return (get_cryptodev_digests(nids));
+# else
+    /*
+     * XXXX just disable all digests for now, because it sucks.
+     * we need a better way to decide this - i.e. I may not
+     * want digests on slow cards like hifn on fast machines,
+     * but might want them on slow or loaded machines, etc.
+     * will also want them when using crypto cards that don't
+     * suck moose gonads - would be nice to be able to decide something
+     * as reasonable default without having hackery that's card dependent.
+     * of course, the default should probably be just do everything,
+     * with perhaps a sysctl to turn algorithms off (or have them off
+     * by default) on cards that generally suck like the hifn.
+     */
+    *nids = NULL;
+    return (0);
+# endif
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, size_t inl)
+{
+    struct crypt_op cryp;
+    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct session_op *sess = &state->d_sess;
+    const void *iiv;
+    unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+    if (state->d_fd < 0)
+        return (0);
+    if (!inl)
+        return (1);
+    if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
+        return (0);
+
+    memset(&cryp, 0, sizeof(cryp));
+
+    cryp.ses = sess->ses;
+    cryp.flags = 0;
+    cryp.len = inl;
+    cryp.src = (caddr_t) in;
+    cryp.dst = (caddr_t) out;
+    cryp.mac = 0;
+
+    cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
+
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        cryp.iv = (caddr_t) EVP_CIPHER_CTX_iv(ctx);
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
+            memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
+        }
+    } else
+        cryp.iv = NULL;
+
+    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+        /*
+         * XXX need better error handling this can fail for a number of
+         * different reasons.
+         */
+        return (0);
+    }
+
+    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
+        else
+            iiv = save_iv;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
+               EVP_CIPHER_CTX_iv_length(ctx));
+    }
+    return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                   const unsigned char *iv, int enc)
+{
+    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct session_op *sess = &state->d_sess;
+    int cipher = -1, i;
+
+    for (i = 0; ciphers[i].id; i++)
+        if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
+            EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
+            EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
+            cipher = ciphers[i].id;
+            break;
+        }
+
+    if (!ciphers[i].id) {
+        state->d_fd = -1;
+        return (0);
+    }
+
+    memset(sess, 0, sizeof(*sess));
+
+    if ((state->d_fd = get_dev_crypto()) < 0)
+        return (0);
+
+    sess->key = (caddr_t) key;
+    sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
+    sess->cipher = cipher;
+
+    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+        put_dev_crypto(state->d_fd);
+        state->d_fd = -1;
+        return (0);
+    }
+    return (1);
+}
+
+/*
+ * free anything we allocated earlier when initing a
+ * session, and close the session.
+ */
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    int ret = 0;
+    struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    struct session_op *sess = &state->d_sess;
+
+    if (state->d_fd < 0)
+        return (0);
+
+    /*
+     * XXX if this ioctl fails, something's wrong. the invoker may have called
+     * us with a bogus ctx, or we could have a device that for whatever
+     * reason just doesn't want to play ball - it's not clear what's right
+     * here - should this be an error? should it just increase a counter,
+     * hmm. For right now, we return 0 - I don't believe that to be "right".
+     * we could call the gorpy openssl lib error handlers that print messages
+     * to users of the library. hmm..
+     */
+
+    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+    put_dev_crypto(state->d_fd);
+    state->d_fd = -1;
+
+    return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* RC4 */
+static EVP_CIPHER *rc4_cipher = NULL;
+static const EVP_CIPHER *cryptodev_rc4(void)
+{
+    if (rc4_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        rc4_cipher = cipher;
+    }
+    return rc4_cipher;
+}
+
+/* DES CBC EVP */
+static EVP_CIPHER *des_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_des_cbc(void)
+{
+    if (des_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        des_cbc_cipher = cipher;
+    }
+    return des_cbc_cipher;
+}
+
+/* 3DES CBC EVP */
+static EVP_CIPHER *des3_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_3des_cbc(void)
+{
+    if (des3_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        des3_cbc_cipher = cipher;
+    }
+    return des3_cbc_cipher;
+}
+
+static EVP_CIPHER *bf_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_bf_cbc(void)
+{
+    if (bf_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        bf_cbc_cipher = cipher;
+    }
+    return bf_cbc_cipher;
+}
+
+static EVP_CIPHER *cast_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_cast_cbc(void)
+{
+    if (cast_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        cast_cbc_cipher = cipher;
+    }
+    return cast_cbc_cipher;
+}
+
+static EVP_CIPHER *aes_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_cbc(void)
+{
+    if (aes_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_cbc_cipher = cipher;
+    }
+    return aes_cbc_cipher;
+}
+
+static EVP_CIPHER *aes_192_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
+{
+    if (aes_192_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_192_cbc_cipher = cipher;
+    }
+    return aes_192_cbc_cipher;
+}
+
+static EVP_CIPHER *aes_256_cbc_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
+{
+    if (aes_256_cbc_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_256_cbc_cipher = cipher;
+    }
+    return aes_256_cbc_cipher;
+}
+
+# ifdef CRYPTO_AES_CTR
+static EVP_CIPHER *aes_ctr_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_ctr(void)
+{
+    if (aes_ctr_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_ctr_cipher = cipher;
+    }
+    return aes_ctr_cipher;
+}
+
+static EVP_CIPHER *aes_192_ctr_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
+{
+    if (aes_192_ctr_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_192_ctr_cipher = cipher;
+    }
+    return aes_192_ctr_cipher;
+}
+
+static EVP_CIPHER *aes_256_ctr_cipher = NULL;
+static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
+{
+    if (aes_256_ctr_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
+            || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
+            || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
+            || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        aes_256_ctr_cipher = cipher;
+    }
+    return aes_256_ctr_cipher;
+}
+# endif
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid)
+{
+    if (!cipher)
+        return (cryptodev_usable_ciphers(nids));
+
+    switch (nid) {
+    case NID_rc4:
+        *cipher = cryptodev_rc4();
+        break;
+    case NID_des_ede3_cbc:
+        *cipher = cryptodev_3des_cbc();
+        break;
+    case NID_des_cbc:
+        *cipher = cryptodev_des_cbc();
+        break;
+    case NID_bf_cbc:
+        *cipher = cryptodev_bf_cbc();
+        break;
+    case NID_cast5_cbc:
+        *cipher = cryptodev_cast_cbc();
+        break;
+    case NID_aes_128_cbc:
+        *cipher = cryptodev_aes_cbc();
+        break;
+    case NID_aes_192_cbc:
+        *cipher = cryptodev_aes_192_cbc();
+        break;
+    case NID_aes_256_cbc:
+        *cipher = cryptodev_aes_256_cbc();
+        break;
+# ifdef CRYPTO_AES_CTR
+    case NID_aes_128_ctr:
+        *cipher = cryptodev_aes_ctr();
+        break;
+    case NID_aes_192_ctr:
+        *cipher = cryptodev_aes_192_ctr();
+        break;
+    case NID_aes_256_ctr:
+        *cipher = cryptodev_aes_256_ctr();
+        break;
+# endif
+    default:
+        *cipher = NULL;
+        break;
+    }
+    return (*cipher != NULL);
+}
+
+# ifdef USE_CRYPTODEV_DIGESTS
+
+/* convert digest type to cryptodev */
+static int digest_nid_to_cryptodev(int nid)
+{
+    int i;
+
+    for (i = 0; digests[i].id; i++)
+        if (digests[i].nid == nid)
+            return (digests[i].id);
+    return (0);
+}
+
+static int digest_key_length(int nid)
+{
+    int i;
+
+    for (i = 0; digests[i].id; i++)
+        if (digests[i].nid == nid)
+            return digests[i].keylen;
+    return (0);
+}
+
+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+{
+    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
+    struct session_op *sess = &state->d_sess;
+    int digest;
+
+    if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
+        printf("cryptodev_digest_init: Can't get digest \n");
+        return (0);
+    }
+
+    memset(state, 0, sizeof(*state));
+
+    if ((state->d_fd = get_dev_crypto()) < 0) {
+        printf("cryptodev_digest_init: Can't get Dev \n");
+        return (0);
+    }
+
+    sess->mackey = state->dummy_mac_key;
+    sess->mackeylen = digest_key_length(EVP_MD_CTX_type(ctx));
+    sess->mac = digest;
+
+    if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+        put_dev_crypto(state->d_fd);
+        state->d_fd = -1;
+        printf("cryptodev_digest_init: Open session failed\n");
+        return (0);
+    }
+
+    return (1);
+}
+
+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                                   size_t count)
+{
+    struct crypt_op cryp;
+    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
+    struct session_op *sess = &state->d_sess;
+    char *new_mac_data;
+
+    if (!data || state->d_fd < 0) {
+        printf("cryptodev_digest_update: illegal inputs \n");
+        return (0);
+    }
+
+    if (!count) {
+        return (0);
+    }
+
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
+        /* if application doesn't support one buffer */
+        new_mac_data =
+            OPENSSL_realloc(state->mac_data, state->mac_len + count);
+
+        if (!new_mac_data) {
+            printf("cryptodev_digest_update: realloc failed\n");
+            return (0);
+        }
+        state->mac_data = new_mac_data;
+
+        memcpy(state->mac_data + state->mac_len, data, count);
+        state->mac_len += count;
+
+        return (1);
+    }
+
+    memset(&cryp, 0, sizeof(cryp));
+
+    cryp.ses = sess->ses;
+    cryp.flags = 0;
+    cryp.len = count;
+    cryp.src = (caddr_t) data;
+    cryp.dst = NULL;
+    cryp.mac = (caddr_t) state->digest_res;
+    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+        printf("cryptodev_digest_update: digest failed\n");
+        return (0);
+    }
+    return (1);
+}
+
+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct crypt_op cryp;
+    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
+    struct session_op *sess = &state->d_sess;
+
+    int ret = 1;
+
+    if (!md || state->d_fd < 0) {
+        printf("cryptodev_digest_final: illegal input\n");
+        return (0);
+    }
+
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
+        /* if application doesn't support one buffer */
+        memset(&cryp, 0, sizeof(cryp));
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = state->mac_len;
+        cryp.src = state->mac_data;
+        cryp.dst = NULL;
+        cryp.mac = (caddr_t) md;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+            printf("cryptodev_digest_final: digest failed\n");
+            return (0);
+        }
+
+        return 1;
+    }
+
+    memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
+
+    return (ret);
+}
+
+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+{
+    int ret = 1;
+    struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
+    struct session_op *sess = &state->d_sess;
+
+    if (state == NULL)
+        return 0;
+
+    if (state->d_fd < 0) {
+        printf("cryptodev_digest_cleanup: illegal input\n");
+        return (0);
+    }
+
+    OPENSSL_free(state->mac_data);
+    state->mac_data = NULL;
+    state->mac_len = 0;
+
+    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+        printf("cryptodev_digest_cleanup: failed to close session\n");
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+    put_dev_crypto(state->d_fd);
+    state->d_fd = -1;
+
+    return (ret);
+}
+
+static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+    struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
+    struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
+    struct session_op *sess;
+    int digest;
+
+    if (dstate == NULL || fstate == NULL)
+        return 1;
+
+    memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+
+    sess = &dstate->d_sess;
+
+    digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
+
+    sess->mackey = dstate->dummy_mac_key;
+    sess->mackeylen = digest_key_length(EVP_MD_CTX_type(to));
+    sess->mac = digest;
+
+    dstate->d_fd = get_dev_crypto();
+
+    if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+        put_dev_crypto(dstate->d_fd);
+        dstate->d_fd = -1;
+        printf("cryptodev_digest_copy: Open session failed\n");
+        return (0);
+    }
+
+    if (fstate->mac_len != 0) {
+        if (fstate->mac_data != NULL) {
+            dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+            if (dstate->mac_data == NULL) {
+                printf("cryptodev_digest_copy: mac_data allocation failed\n");
+                return (0);
+            }
+            memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+            dstate->mac_len = fstate->mac_len;
+        }
+    }
+
+    return 1;
+}
+
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *cryptodev_sha1(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(struct dev_crypto_state))
+            || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
+            || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
+            || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
+            || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
+            || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+
+static EVP_MD *md5_md = NULL;
+static const EVP_MD *cryptodev_md5(void)
+{
+    if (md5_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */)
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
+            || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(struct dev_crypto_state))
+            || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
+            || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
+            || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
+            || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
+            || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        md5_md = md;
+    }
+    return md5_md;
+}
+
+# endif                         /* USE_CRYPTODEV_DIGESTS */
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+                         const int **nids, int nid)
+{
+    if (!digest)
+        return (cryptodev_usable_digests(nids));
+
+    switch (nid) {
+# ifdef USE_CRYPTODEV_DIGESTS
+    case NID_md5:
+        *digest = cryptodev_md5();
+        break;
+    case NID_sha1:
+        *digest = cryptodev_sha1();
+        break;
+    default:
+# endif                         /* USE_CRYPTODEV_DIGESTS */
+        *digest = NULL;
+        break;
+    }
+    return (*digest != NULL);
+}
+
+static int cryptodev_engine_destroy(ENGINE *e)
+{
+    EVP_CIPHER_meth_free(rc4_cipher);
+    rc4_cipher = NULL;
+    EVP_CIPHER_meth_free(des_cbc_cipher);
+    des_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(des3_cbc_cipher);
+    des3_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(bf_cbc_cipher);
+    bf_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(cast_cbc_cipher);
+    cast_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(aes_cbc_cipher);
+    aes_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(aes_192_cbc_cipher);
+    aes_192_cbc_cipher = NULL;
+    EVP_CIPHER_meth_free(aes_256_cbc_cipher);
+    aes_256_cbc_cipher = NULL;
+# ifdef CRYPTO_AES_CTR
+    EVP_CIPHER_meth_free(aes_ctr_cipher);
+    aes_ctr_cipher = NULL;
+    EVP_CIPHER_meth_free(aes_192_ctr_cipher);
+    aes_192_ctr_cipher = NULL;
+    EVP_CIPHER_meth_free(aes_256_ctr_cipher);
+    aes_256_ctr_cipher = NULL;
+# endif
+# ifdef USE_CRYPTODEV_DIGESTS
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+    EVP_MD_meth_free(md5_md);
+    md5_md = NULL;
+# endif
+    RSA_meth_free(cryptodev_rsa);
+    cryptodev_rsa = NULL;
+#ifndef OPENSSL_NO_DSA
+    DSA_meth_free(cryptodev_dsa);
+    cryptodev_dsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+    DH_meth_free(cryptodev_dh);
+    cryptodev_dh = NULL;
+#endif
+    return 1;
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+    ssize_t bytes, bits;
+    u_char *b;
+
+    crp->crp_p = NULL;
+    crp->crp_nbits = 0;
+
+    bits = BN_num_bits(a);
+    bytes = BN_num_bytes(a);
+
+    b = OPENSSL_zalloc(bytes);
+    if (b == NULL)
+        return (1);
+
+    crp->crp_p = (caddr_t) b;
+    crp->crp_nbits = bits;
+
+    BN_bn2bin(a, b);
+    return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+    u_int8_t *pd;
+    int i, bytes;
+
+    bytes = (crp->crp_nbits + 7) / 8;
+
+    if (bytes == 0)
+        return (-1);
+
+    if ((pd = OPENSSL_malloc(bytes)) == NULL)
+        return (-1);
+
+    for (i = 0; i < bytes; i++)
+        pd[i] = crp->crp_p[bytes - i - 1];
+
+    BN_bin2bn(pd, bytes, a);
+    free(pd);
+
+    return (0);
+}
+
+static void zapparams(struct crypt_kop *kop)
+{
+    int i;
+
+    for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+        OPENSSL_free(kop->crk_param[i].crp_p);
+        kop->crk_param[i].crp_p = NULL;
+        kop->crk_param[i].crp_nbits = 0;
+    }
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+               BIGNUM *s)
+{
+    int fd, ret = -1;
+
+    if ((fd = get_asym_dev_crypto()) < 0)
+        return ret;
+
+    if (r) {
+        kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
+        if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
+            return ret;
+        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+        kop->crk_oparams++;
+    }
+    if (s) {
+        kop->crk_param[kop->crk_iparams + 1].crp_p =
+            OPENSSL_zalloc(slen);
+        /* No need to free the kop->crk_iparams parameter if it was allocated,
+         * callers of this routine have to free allocated parameters through
+         * zapparams both in case of success and failure
+         */
+        if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
+            return ret;
+        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+        kop->crk_oparams++;
+    }
+
+    if (ioctl(fd, CIOCKEY, kop) == 0) {
+        if (r)
+            crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+        if (s)
+            crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    struct crypt_kop kop;
+    int ret = 1;
+
+    /*
+     * Currently, we know we can do mod exp iff we can do any asymmetric
+     * operations at all.
+     */
+    if (cryptodev_asymfeat == 0) {
+        ret = BN_mod_exp(r, a, p, m, ctx);
+        return (ret);
+    }
+
+    memset(&kop, 0, sizeof(kop));
+    kop.crk_op = CRK_MOD_EXP;
+
+    /* inputs: a^p % m */
+    if (bn2crparam(a, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(p, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(m, &kop.crk_param[2]))
+        goto err;
+    kop.crk_iparams = 3;
+
+    if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
+        printf("OCF asym process failed, Running in software\n");
+        ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
+
+    } else if (ECANCELED == kop.crk_status) {
+        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
+        printf("OCF hardware operation cancelled. Running in Software\n");
+        ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
+    }
+    /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+    zapparams(&kop);
+    return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                            BN_CTX *ctx)
+{
+    int r;
+    const BIGNUM *n = NULL;
+    const BIGNUM *d = NULL;
+
+    ctx = BN_CTX_new();
+    RSA_get0_key(rsa, &n, NULL, &d);
+    r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
+    BN_CTX_free(ctx);
+    return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    struct crypt_kop kop;
+    int ret = 1;
+    const BIGNUM *p = NULL;
+    const BIGNUM *q = NULL;
+    const BIGNUM *dmp1 = NULL;
+    const BIGNUM *dmq1 = NULL;
+    const BIGNUM *iqmp = NULL;
+    const BIGNUM *n = NULL;
+
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    RSA_get0_key(rsa, &n, NULL, NULL);
+
+    if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
+        /* XXX 0 means failure?? */
+        return (0);
+    }
+
+    memset(&kop, 0, sizeof(kop));
+    kop.crk_op = CRK_MOD_EXP_CRT;
+    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+    if (bn2crparam(p, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(q, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(I, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(dmp1, &kop.crk_param[3]))
+        goto err;
+    if (bn2crparam(dmq1, &kop.crk_param[4]))
+        goto err;
+    if (bn2crparam(iqmp, &kop.crk_param[5]))
+        goto err;
+    kop.crk_iparams = 6;
+
+    if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
+        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
+        printf("OCF asym process failed, running in Software\n");
+        ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
+
+    } else if (ECANCELED == kop.crk_status) {
+        const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
+        printf("OCF hardware operation cancelled. Running in Software\n");
+        ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
+    }
+    /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+    zapparams(&kop);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_DSA
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx);
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
+                          const BIGNUM *u1, const BIGNUM *pub_key,
+                          const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx,
+                          BN_MONT_CTX *mont)
+{
+    const BIGNUM *dsag, *dsap, *dsapub_key;
+    BIGNUM *t2;
+    int ret = 0;
+    const DSA_METHOD *meth;
+    int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+                      BN_CTX *, BN_MONT_CTX *);
+
+    t2 = BN_new();
+    if (t2 == NULL)
+        goto err;
+
+    /* v = ( g^u1 * y^u2 mod p ) mod q */
+    /* let t1 = g ^ u1 mod p */
+    ret = 0;
+
+    DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
+    DSA_get0_key(dsa, &dsapub_key, NULL);
+
+    meth = DSA_get_method(dsa);
+    if (meth == NULL)
+        goto err;
+    bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
+    if (bn_mod_exp == NULL)
+        goto err;
+
+    if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
+        goto err;
+
+    /* let t2 = y ^ u2 mod p */
+    if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
+        goto err;
+    /* let t1 = t1 * t2 mod p */
+    if (!BN_mod_mul(t1, t1, t2, dsap, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_free(t2);
+    return (ret);
+}
+
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa)
+{
+    struct crypt_kop kop;
+    BIGNUM *r, *s;
+    const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL;
+    const BIGNUM *priv_key = NULL;
+    DSA_SIG *dsasig, *dsaret = NULL;
+
+    dsasig = DSA_SIG_new();
+    if (dsasig == NULL)
+        goto err;
+
+    memset(&kop, 0, sizeof(kop));
+    kop.crk_op = CRK_DSA_SIGN;
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop.crk_param[0].crp_p = (caddr_t) dgst;
+    kop.crk_param[0].crp_nbits = dlen * 8;
+    DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
+    DSA_get0_key(dsa, NULL, &priv_key);
+    if (bn2crparam(dsap, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(dsaq, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(dsag, &kop.crk_param[3]))
+        goto err;
+    if (bn2crparam(priv_key, &kop.crk_param[4]))
+        goto err;
+    kop.crk_iparams = 5;
+
+    r = BN_new();
+    if (r == NULL)
+        goto err;
+    s = BN_new();
+    if (s == NULL)
+        goto err;
+    if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
+                       BN_num_bytes(dsaq), s) == 0) {
+        DSA_SIG_set0(dsasig, r, s);
+        dsaret = dsasig;
+    } else {
+        dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
+    }
+ err:
+    if (dsaret != dsasig)
+        DSA_SIG_free(dsasig);
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+    return dsaret;
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+                     DSA_SIG *sig, DSA *dsa)
+{
+    struct crypt_kop kop;
+    int dsaret = 1;
+    const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
+
+    memset(&kop, 0, sizeof(kop));
+    kop.crk_op = CRK_DSA_VERIFY;
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+    kop.crk_param[0].crp_p = (caddr_t) dgst;
+    kop.crk_param[0].crp_nbits = dlen * 8;
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    if (bn2crparam(p, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(q, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(g, &kop.crk_param[3]))
+        goto err;
+    DSA_get0_key(dsa, &pub_key, NULL);
+    if (bn2crparam(pub_key, &kop.crk_param[4]))
+        goto err;
+    DSA_SIG_get0(sig, &pr, &ps);
+    if (bn2crparam(pr, &kop.crk_param[5]))
+        goto err;
+    if (bn2crparam(ps, &kop.crk_param[6]))
+        goto err;
+    kop.crk_iparams = 7;
+
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+        /*
+         * OCF success value is 0, if not zero, change dsaret to fail
+         */
+        if (0 != kop.crk_status)
+            dsaret = 0;
+    } else {
+        dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
+    }
+ err:
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+    return (dsaret);
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                     BN_MONT_CTX *m_ctx)
+{
+    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    struct crypt_kop kop;
+    int dhret = 1;
+    int fd, keylen;
+    const BIGNUM *p = NULL;
+    const BIGNUM *priv_key = NULL;
+
+    if ((fd = get_asym_dev_crypto()) < 0) {
+        const DH_METHOD *meth = DH_OpenSSL();
+
+        return DH_meth_get_compute_key(meth)(key, pub_key, dh);
+    }
+
+    DH_get0_pqg(dh, &p, NULL, NULL);
+    DH_get0_key(dh, NULL, &priv_key);
+
+    keylen = BN_num_bits(p);
+
+    memset(&kop, 0, sizeof(kop));
+    kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+    /* inputs: dh->priv_key pub_key dh->p key */
+    if (bn2crparam(priv_key, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(pub_key, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(p, &kop.crk_param[2]))
+        goto err;
+    kop.crk_iparams = 3;
+
+    kop.crk_param[3].crp_p = (caddr_t) key;
+    kop.crk_param[3].crp_nbits = keylen * 8;
+    kop.crk_oparams = 1;
+
+    if (ioctl(fd, CIOCKEY, &kop) == -1) {
+        const DH_METHOD *meth = DH_OpenSSL();
+
+        dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh);
+    }
+ err:
+    kop.crk_param[3].crp_p = NULL;
+    zapparams(&kop);
+    return (dhret);
+}
+
+#endif /* ndef OPENSSL_NO_DH */
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+# ifdef HAVE_SYSLOG_R
+    struct syslog_data sd = SYSLOG_DATA_INIT;
+# endif
+
+    switch (cmd) {
+    default:
+# ifdef HAVE_SYSLOG_R
+        syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+# else
+        syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+# endif
+        break;
+    }
+    return (1);
+}
+
+void engine_load_cryptodev_int(void)
+{
+    ENGINE *engine = ENGINE_new();
+    int fd;
+
+    if (engine == NULL)
+        return;
+    if ((fd = get_dev_crypto()) < 0) {
+        ENGINE_free(engine);
+        return;
+    }
+
+    /*
+     * find out what asymmetric crypto algorithms we support
+     */
+    if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+        put_dev_crypto(fd);
+        ENGINE_free(engine);
+        return;
+    }
+    put_dev_crypto(fd);
+
+    if (!ENGINE_set_id(engine, "cryptodev") ||
+        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+        !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
+        !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+        !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+        !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+        !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+        ENGINE_free(engine);
+        return;
+    }
+
+    cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
+    if (cryptodev_rsa != NULL) {
+        RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
+        RSA_meth_set_flags(cryptodev_rsa, 0);
+        if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
+            if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
+                if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                    RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
+                else
+                    RSA_meth_set_mod_exp(cryptodev_rsa,
+                                         cryptodev_rsa_nocrt_mod_exp);
+            }
+        }
+    } else {
+        ENGINE_free(engine);
+        return;
+    }
+
+#ifndef OPENSSL_NO_DSA
+    cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
+    if (cryptodev_dsa != NULL) {
+        DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
+        DSA_meth_set_flags(cryptodev_dsa, 0);
+        if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
+            if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
+            if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                DSA_meth_set_bn_mod_exp(cryptodev_dsa,
+                                        cryptodev_dsa_bn_mod_exp);
+                DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
+            }
+            if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
+        }
+    } else {
+        ENGINE_free(engine);
+        return;
+    }
+#endif
+
+#ifndef OPENSSL_NO_DH
+    cryptodev_dh = DH_meth_dup(DH_OpenSSL());
+    if (cryptodev_dh != NULL) {
+        DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
+        DH_meth_set_flags(cryptodev_dh, 0);
+        if (ENGINE_set_DH(engine, cryptodev_dh)) {
+            if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
+                if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                    DH_meth_set_compute_key(cryptodev_dh,
+                                            cryptodev_dh_compute_key);
+            }
+        }
+    } else {
+        ENGINE_free(engine);
+        return;
+    }
+#endif
+
+    ENGINE_add(engine);
+    ENGINE_free(engine);
+    ERR_clear_error();
+}
+
+#endif                          /* HAVE_CRYPTODEV */
diff --git a/openssl-1.1.0h/crypto/engine/eng_ctrl.c b/openssl-1.1.0h/crypto/engine/eng_ctrl.c
new file mode 100644
index 0000000..7925f4f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_ctrl.c
@@ -0,0 +1,338 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
+static const char *int_no_description = "";
+
+/*
+ * These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+{
+    if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+        return 1;
+    return 0;
+}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+{
+    int idx = 0;
+    while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+        idx++;
+        defn++;
+    }
+    if (int_ctrl_cmd_is_null(defn))
+        /* The given name wasn't found */
+        return -1;
+    return idx;
+}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+{
+    int idx = 0;
+    /*
+     * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+     * our searches don't need to take any longer than necessary.
+     */
+    while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+        idx++;
+        defn++;
+    }
+    if (defn->cmd_num == num)
+        return idx;
+    /* The given cmd_num wasn't found */
+    return -1;
+}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void))
+{
+    int idx;
+    char *s = (char *)p;
+    /* Take care of the easy one first (eg. it requires no searches) */
+    if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+        if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+            return 0;
+        return e->cmd_defns->cmd_num;
+    }
+    /* One or two commands require that "p" be a valid string buffer */
+    if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+        if (s == NULL) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+            return -1;
+        }
+    }
+    /* Now handle cmd_name -> cmd_num conversion */
+    if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+        if ((e->cmd_defns == NULL)
+            || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+            return -1;
+        }
+        return e->cmd_defns[idx].cmd_num;
+    }
+    /*
+     * For the rest of the commands, the 'long' argument must specify a valid
+     * command number - so we need to conduct a search.
+     */
+    if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+                                                              (unsigned int)
+                                                              i)) < 0)) {
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+        return -1;
+    }
+    /* Now the logic splits depending on command type */
+    switch (cmd) {
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        idx++;
+        if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
+            /* end-of-list */
+            return 0;
+        else
+            return e->cmd_defns[idx].cmd_num;
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        return strlen(e->cmd_defns[idx].cmd_name);
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
+                            "%s", e->cmd_defns[idx].cmd_name);
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        if (e->cmd_defns[idx].cmd_desc)
+            return strlen(e->cmd_defns[idx].cmd_desc);
+        return strlen(int_no_description);
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        if (e->cmd_defns[idx].cmd_desc)
+            return BIO_snprintf(s,
+                                strlen(e->cmd_defns[idx].cmd_desc) + 1,
+                                "%s", e->cmd_defns[idx].cmd_desc);
+        return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
+                            int_no_description);
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        return e->cmd_defns[idx].cmd_flags;
+    }
+    /* Shouldn't really be here ... */
+    ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+    return -1;
+}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ctrl_exists, ref_exists;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+    if (!ref_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+        return 0;
+    }
+    /*
+     * Intercept any "root-level" commands before trying to hand them on to
+     * ctrl() handlers.
+     */
+    switch (cmd) {
+    case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+        return ctrl_exists;
+    case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+    case ENGINE_CTRL_GET_CMD_FROM_NAME:
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+            return int_ctrl_helper(e, cmd, i, p, f);
+        if (!ctrl_exists) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+            /*
+             * For these cmd-related functions, failure is indicated by a -1
+             * return value (because 0 is used as a valid return in some
+             * places).
+             */
+            return -1;
+        }
+    default:
+        break;
+    }
+    /* Anything else requires a ctrl() handler to exist. */
+    if (!ctrl_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+        return 0;
+    }
+    return e->ctrl(e, cmd, i, p, f);
+}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+{
+    int flags;
+    if ((flags =
+         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+        ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                  ENGINE_R_INVALID_CMD_NUMBER);
+        return 0;
+    }
+    if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+        !(flags & ENGINE_CMD_FLAG_STRING))
+        return 0;
+    return 1;
+}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional)
+{
+    int num;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, i, p, f) > 0)
+        return 1;
+    return 0;
+}
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional)
+{
+    int num, flags;
+    long l;
+    char *ptr;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    if (!ENGINE_cmd_is_executable(e, num)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_CMD_NOT_EXECUTABLE);
+        return 0;
+    }
+
+    flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
+    if (flags < 0) {
+        /*
+         * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+         * success.
+         */
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    /*
+     * If the command takes no input, there must be no input. And vice versa.
+     */
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (arg != NULL) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                      ENGINE_R_COMMAND_TAKES_NO_INPUT);
+            return 0;
+        }
+        /*
+         * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+         * than returning it as "return data". This is to ensure usage of
+         * these commands is consistent across applications and that certain
+         * applications don't understand it one way, and others another.
+         */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /* So, we require input */
+    if (arg == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_COMMAND_TAKES_INPUT);
+        return 0;
+    }
+    /* If it takes string input, that's easy */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        /* Same explanation as above */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /*
+     * If it doesn't take numeric either, then it is unsupported for use in a
+     * config-setting situation, which is what this function is for. This
+     * should never happen though, because ENGINE_cmd_is_executable() was
+     * used.
+     */
+    if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    l = strtol(arg, &ptr, 10);
+    if ((arg == ptr) || (*ptr != '\0')) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+        return 1;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_dyn.c b/openssl-1.1.0h/crypto/engine/eng_dyn.c
new file mode 100644
index 0000000..843226c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_dyn.c
@@ -0,0 +1,510 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include "internal/dso.h"
+#include <openssl/crypto.h>
+
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+                        void (*f) (void));
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+    {DYNAMIC_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the new ENGINE shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_NO_VCHECK,
+     "NO_VCHECK",
+     "Specifies to continue even if version checking fails (boolean)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_ID,
+     "ID",
+     "Specifies an ENGINE id name for loading",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LIST_ADD,
+     "LIST_ADD",
+     "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_LOAD,
+     "DIR_LOAD",
+     "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_ADD,
+     "DIR_ADD",
+     "Adds a directory from which ENGINEs can be loaded",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LOAD,
+     "LOAD",
+     "Load up the ENGINE specified by other settings",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {0, NULL, NULL, 0}
+};
+
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+    /* The DSO object we load that supplies the ENGINE code */
+    DSO *dynamic_dso;
+    /*
+     * The function pointer to the version checking shared library function
+     */
+    dynamic_v_check_fn v_check;
+    /*
+     * The function pointer to the engine-binding shared library function
+     */
+    dynamic_bind_engine bind_engine;
+    /* The default name/path for loading the shared library */
+    char *DYNAMIC_LIBNAME;
+    /* Whether to continue loading on a version check failure */
+    int no_vcheck;
+    /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+    char *engine_id;
+    /*
+     * If non-zero, a successfully loaded ENGINE should be added to the
+     * internal ENGINE list. If 2, the add must succeed or the entire load
+     * should fail.
+     */
+    int list_add_value;
+    /* The symbol name for the version checking function */
+    const char *DYNAMIC_F1;
+    /* The symbol name for the "initialise ENGINE structure" function */
+    const char *DYNAMIC_F2;
+    /*
+     * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+     * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+     */
+    int dir_load;
+    /* A stack of directories from which ENGINEs could be loaded */
+    STACK_OF(OPENSSL_STRING) *dirs;
+};
+
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
+static int dynamic_ex_data_idx = -1;
+
+static void int_free_str(char *s)
+{
+    OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+                                       CRYPTO_EX_DATA *ad, int idx, long argl,
+                                       void *argp)
+{
+    if (ptr) {
+        dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+        DSO_free(ctx->dynamic_dso);
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        OPENSSL_free(ctx->engine_id);
+        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
+        OPENSSL_free(ctx);
+    }
+}
+
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse.
+ */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+{
+    dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
+    int ret = 1;
+
+    if (c == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    c->dirs = sk_OPENSSL_STRING_new_null();
+    if (c->dirs == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(c);
+        return 0;
+    }
+    c->DYNAMIC_F1 = "v_check";
+    c->DYNAMIC_F2 = "bind_engine";
+    c->dir_load = 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                                       dynamic_ex_data_idx))
+        == NULL) {
+        /* Good, we're the first */
+        ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+        if (ret) {
+            *ctx = c;
+            c = NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * If we lost the race to set the context, c is non-NULL and *ctx is the
+     * context of the thread that won.
+     */
+    if (c)
+        sk_OPENSSL_STRING_free(c->dirs);
+    OPENSSL_free(c);
+    return ret;
+}
+
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+{
+    dynamic_data_ctx *ctx;
+    if (dynamic_ex_data_idx < 0) {
+        /*
+         * Create and register the ENGINE ex_data, and associate our "free"
+         * function with it to ensure any allocated contexts get freed when
+         * an ENGINE goes underground.
+         */
+        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                              dynamic_data_ctx_free_func);
+        if (new_idx == -1) {
+            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+            return NULL;
+        }
+        CRYPTO_THREAD_write_lock(global_engine_lock);
+        /* Avoid a race by checking again inside this lock */
+        if (dynamic_ex_data_idx < 0) {
+            /* Good, someone didn't beat us to it */
+            dynamic_ex_data_idx = new_idx;
+            new_idx = -1;
+        }
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        /*
+         * In theory we could "give back" the index here if (new_idx>-1), but
+         * it's not possible and wouldn't gain us much if it were.
+         */
+    }
+    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+    /* Check if the context needs to be created */
+    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+        /* "set_data" will set errors if necessary */
+        return NULL;
+    return ctx;
+}
+
+static ENGINE *engine_dynamic(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+        !ENGINE_set_name(ret, engine_dynamic_name) ||
+        !ENGINE_set_init_function(ret, dynamic_init) ||
+        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dynamic_int(void)
+{
+    ENGINE *toadd = engine_dynamic();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    /*
+     * If the "add" didn't work, it was probably a conflict because it was
+     * already added (eg. someone calling ENGINE_load_blah then calling
+     * ENGINE_load_builtin_engines() perhaps).
+     */
+    ERR_clear_error();
+}
+
+static int dynamic_init(ENGINE *e)
+{
+    /*
+     * We always return failure - the "dynamic" engine itself can't be used
+     * for anything.
+     */
+    return 0;
+}
+
+static int dynamic_finish(ENGINE *e)
+{
+    /*
+     * This should never be called on account of "dynamic_init" always
+     * failing.
+     */
+    return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+    int initialised;
+
+    if (!ctx) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+        return 0;
+    }
+    initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+    /* All our control commands require the ENGINE to be uninitialised */
+    if (initialised) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+        return 0;
+    }
+    switch (cmd) {
+    case DYNAMIC_CMD_SO_PATH:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        if (p)
+            ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p);
+        else
+            ctx->DYNAMIC_LIBNAME = NULL;
+        return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+    case DYNAMIC_CMD_NO_VCHECK:
+        ctx->no_vcheck = ((i == 0) ? 0 : 1);
+        return 1;
+    case DYNAMIC_CMD_ID:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->engine_id);
+        if (p)
+            ctx->engine_id = OPENSSL_strdup(p);
+        else
+            ctx->engine_id = NULL;
+        return (ctx->engine_id ? 1 : 0);
+    case DYNAMIC_CMD_LIST_ADD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->list_add_value = (int)i;
+        return 1;
+    case DYNAMIC_CMD_LOAD:
+        return dynamic_load(e, ctx);
+    case DYNAMIC_CMD_DIR_LOAD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->dir_load = (int)i;
+        return 1;
+    case DYNAMIC_CMD_DIR_ADD:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (!p || (strlen((const char *)p) < 1)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        {
+            char *tmp_str = OPENSSL_strdup(p);
+            if (tmp_str == NULL) {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
+                OPENSSL_free(tmp_str);
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        return 1;
+    default:
+        break;
+    }
+    ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static int int_load(dynamic_data_ctx *ctx)
+{
+    int num, loop;
+    /* Unless told not to, try a direct load */
+    if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+                                          ctx->DYNAMIC_LIBNAME, NULL,
+                                          0)) != NULL)
+        return 1;
+    /* If we're not allowed to use 'dirs' or we have none, fail */
+    if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
+        return 0;
+    for (loop = 0; loop < num; loop++) {
+        const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
+        char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+        if (!merge)
+            return 0;
+        if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+            /* Found what we're looking for */
+            OPENSSL_free(merge);
+            return 1;
+        }
+        OPENSSL_free(merge);
+    }
+    return 0;
+}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+{
+    ENGINE cpy;
+    dynamic_fns fns;
+
+    if (ctx->dynamic_dso == NULL)
+        ctx->dynamic_dso = DSO_new();
+    if (ctx->dynamic_dso == NULL)
+        return 0;
+    if (!ctx->DYNAMIC_LIBNAME) {
+        if (!ctx->engine_id)
+            return 0;
+        DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS,
+                 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
+        ctx->DYNAMIC_LIBNAME =
+            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+    }
+    if (!int_load(ctx)) {
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        return 0;
+    }
+    /* We have to find a bind function otherwise it'll always end badly */
+    if (!
+        (ctx->bind_engine =
+         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+                                             ctx->DYNAMIC_F2))) {
+        ctx->bind_engine = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+        return 0;
+    }
+    /* Do we perform version checking? */
+    if (!ctx->no_vcheck) {
+        unsigned long vcheck_res = 0;
+        /*
+         * Now we try to find a version checking function and decide how to
+         * cope with failure if/when it fails.
+         */
+        ctx->v_check =
+            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+                                               ctx->DYNAMIC_F1);
+        if (ctx->v_check)
+            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+        /*
+         * We fail if the version checker veto'd the load *or* if it is
+         * deferring to us (by returning its version) and we think it is too
+         * old.
+         */
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+            /* Fail */
+            ctx->bind_engine = NULL;
+            ctx->v_check = NULL;
+            DSO_free(ctx->dynamic_dso);
+            ctx->dynamic_dso = NULL;
+            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                      ENGINE_R_VERSION_INCOMPATIBILITY);
+            return 0;
+        }
+    }
+    /*
+     * First binary copy the ENGINE structure so that we can roll back if the
+     * hand-over fails
+     */
+    memcpy(&cpy, e, sizeof(ENGINE));
+    /*
+     * Provide the ERR, "ex_data", memory, and locking callbacks so the
+     * loaded library uses our state rather than its own. FIXME: As noted in
+     * engine.h, much of this would be simplified if each area of code
+     * provided its own "summary" structure of all related callbacks. It
+     * would also increase opaqueness.
+     */
+    fns.static_state = ENGINE_get_static_state();
+    CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
+                             &fns.mem_fns.free_fn);
+    /*
+     * Now that we've loaded the dynamic engine, make sure no "dynamic"
+     * ENGINE elements will show through.
+     */
+    engine_set_all_null(e);
+
+    /* Try to bind the ENGINE onto our own ENGINE structure */
+    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+        ctx->bind_engine = NULL;
+        ctx->v_check = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+        /* Copy the original ENGINE structure back */
+        memcpy(e, &cpy, sizeof(ENGINE));
+        return 0;
+    }
+    /* Do we try to add this ENGINE to the internal list too? */
+    if (ctx->list_add_value > 0) {
+        if (!ENGINE_add(e)) {
+            /* Do we tolerate this or fail? */
+            if (ctx->list_add_value > 1) {
+                /*
+                 * Fail - NB: By this time, it's too late to rollback, and
+                 * trying to do so allows the bind_engine() code to have
+                 * created leaks. We just have to fail where we are, after
+                 * the ENGINE has changed.
+                 */
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                          ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+            }
+            /* Tolerate */
+            ERR_clear_error();
+        }
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_err.c b/openssl-1.1.0h/crypto/engine/eng_err.c
new file mode 100644
index 0000000..5e9d16f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_err.c
@@ -0,0 +1,123 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+
+static ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "dynamic_ctrl"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "dynamic_get_data_ctx"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "dynamic_load"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "dynamic_set_data_ctx"},
+    {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+    {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+    {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_FIRST), "ENGINE_get_first"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_LAST), "ENGINE_get_last"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
+     "ENGINE_get_pkey_asn1_meth"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+    {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "engine_list_add"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "engine_list_remove"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+     "ENGINE_load_ssl_client_cert"},
+    {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+    {ERR_FUNC(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR),
+     "ENGINE_pkey_asn1_find_str"},
+    {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+     "ENGINE_set_default_string"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+    {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "engine_table_register"},
+    {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "engine_unlocked_finish"},
+    {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+    {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "int_ctrl_helper"},
+    {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "int_engine_configure"},
+    {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "int_engine_module_init"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+     "argument is not a number"},
+    {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
+    {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
+    {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
+    {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
+    {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+     "ctrl command not implemented"},
+    {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
+    {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+     "engine configuration error"},
+    {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
+    {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
+    {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+     "failed loading private key"},
+    {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+     "failed loading public key"},
+    {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
+    {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
+    {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
+    {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
+    {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
+    {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
+    {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
+    {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
+    {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
+    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
+    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+     "unimplemented public key method"},
+    {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ENGINE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ENGINE_str_functs);
+        ERR_load_strings(0, ENGINE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_fat.c b/openssl-1.1.0h/crypto/engine/eng_fat.c
new file mode 100644
index 0000000..5cb8187
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_fat.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+{
+    if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+        return 0;
+#ifndef OPENSSL_NO_RSA
+    if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
+        return 0;
+#endif
+    if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_METHS)
+        && !ENGINE_set_default_pkey_meths(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+        && !ENGINE_set_default_pkey_asn1_meths(e))
+        return 0;
+    return 1;
+}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+{
+    unsigned int *pflags = arg;
+    if (alg == NULL)
+        return 0;
+    if (strncmp(alg, "ALL", len) == 0)
+        *pflags |= ENGINE_METHOD_ALL;
+    else if (strncmp(alg, "RSA", len) == 0)
+        *pflags |= ENGINE_METHOD_RSA;
+    else if (strncmp(alg, "DSA", len) == 0)
+        *pflags |= ENGINE_METHOD_DSA;
+    else if (strncmp(alg, "DH", len) == 0)
+        *pflags |= ENGINE_METHOD_DH;
+    else if (strncmp(alg, "EC", len) == 0)
+        *pflags |= ENGINE_METHOD_EC;
+    else if (strncmp(alg, "RAND", len) == 0)
+        *pflags |= ENGINE_METHOD_RAND;
+    else if (strncmp(alg, "CIPHERS", len) == 0)
+        *pflags |= ENGINE_METHOD_CIPHERS;
+    else if (strncmp(alg, "DIGESTS", len) == 0)
+        *pflags |= ENGINE_METHOD_DIGESTS;
+    else if (strncmp(alg, "PKEY", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
+    else if (strncmp(alg, "PKEY_CRYPTO", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS;
+    else if (strncmp(alg, "PKEY_ASN1", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
+    else
+        return 0;
+    return 1;
+}
+
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+{
+    unsigned int flags = 0;
+    if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                  ENGINE_R_INVALID_STRING);
+        ERR_add_error_data(2, "str=", def_list);
+        return 0;
+    }
+    return ENGINE_set_default(e, flags);
+}
+
+int ENGINE_register_complete(ENGINE *e)
+{
+    ENGINE_register_ciphers(e);
+    ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+    ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+    ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+    ENGINE_register_DH(e);
+#endif
+#ifndef OPENSSL_NO_EC
+    ENGINE_register_EC(e);
+#endif
+    ENGINE_register_RAND(e);
+    ENGINE_register_pkey_meths(e);
+    ENGINE_register_pkey_asn1_meths(e);
+    return 1;
+}
+
+int ENGINE_register_all_complete(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+            ENGINE_register_complete(e);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_init.c b/openssl-1.1.0h/crypto/engine/eng_init.c
new file mode 100644
index 0000000..8be7c6f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_init.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
+int engine_unlocked_init(ENGINE *e)
+{
+    int to_return = 1;
+
+    if ((e->funct_ref == 0) && e->init)
+        /*
+         * This is the first functional reference and the engine requires
+         * initialisation so we do it now.
+         */
+        to_return = e->init(e);
+    if (to_return) {
+        /*
+         * OK, we return a functional reference which is also a structural
+         * reference.
+         */
+        e->struct_ref++;
+        e->funct_ref++;
+        engine_ref_debug(e, 0, 1);
+        engine_ref_debug(e, 1, 1);
+    }
+    return to_return;
+}
+
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+{
+    int to_return = 1;
+
+    /*
+     * Reduce the functional reference count here so if it's the terminating
+     * case, we can release the lock safely and call the finish() handler
+     * without risk of a race. We get a race if we leave the count until
+     * after and something else is calling "finish" at the same time -
+     * there's a chance that both threads will together take the count from 2
+     * to 0 without either calling finish().
+     */
+    e->funct_ref--;
+    engine_ref_debug(e, 1, -1);
+    if ((e->funct_ref == 0) && e->finish) {
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_unlock(global_engine_lock);
+        to_return = e->finish(e);
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_write_lock(global_engine_lock);
+        if (!to_return)
+            return 0;
+    }
+    REF_ASSERT_ISNT(e->funct_ref < 0);
+    /* Release the structural reference too */
+    if (!engine_free_util(e, 0)) {
+        ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+{
+    int ret;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_unlocked_init(e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+{
+    int to_return = 1;
+
+    if (e == NULL)
+        return 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    to_return = engine_unlocked_finish(e, 1);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!to_return) {
+        ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_int.h b/openssl-1.1.0h/crypto/engine/eng_int.h
new file mode 100644
index 0000000..c604fad
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_int.h
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+# define HEADER_ENGINE_INT_H
+
+# include "internal/cryptlib.h"
+# include <internal/engine.h>
+# include <internal/thread_once.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+extern CRYPTO_RWLOCK *global_engine_lock;
+
+/*
+ * If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for
+ * each change. This prints the engine's pointer address (truncated to
+ * unsigned int), "struct" or "funct" to indicate the reference type, the
+ * before and after reference count, and the file:line-number pair. The
+ * "engine_ref_debug" statements must come *after* the change.
+ */
+# ifdef ENGINE_REF_COUNT_DEBUG
+
+#  define engine_ref_debug(e, isfunct, diff) \
+        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+                (OPENSSL_FILE), (OPENSSL_LINE))
+
+# else
+
+#  define engine_ref_debug(e, isfunct, diff)
+
+# endif
+
+/*
+ * Any code that will need cleanup operations should use these functions to
+ * register callbacks. engine_cleanup_int() will call all registered
+ * callbacks in order. NB: both the "add" functions assume the engine lock to
+ * already be held (in "write" mode).
+ */
+typedef void (ENGINE_CLEANUP_CB) (void);
+typedef struct st_engine_cleanup_item {
+    ENGINE_CLEANUP_CB *cb;
+} ENGINE_CLEANUP_ITEM;
+DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DEFINE_STACK_OF(ENGINE)
+
+/*
+ * If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults
+ * and functional references (etc), will display debugging summaries to
+ * stderr.
+ */
+/* #define ENGINE_TABLE_DEBUG */
+
+/*
+ * This represents an implementation table. Dependent code should instantiate
+ * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
+ */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+# ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+# else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l);
+#  define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
+# endif
+typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
+                                      ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg);
+
+/*
+ * Internal versions of API functions that have control over locking. These
+ * are used between C files when functionality needs to be shared but the
+ * caller may already be controlling of the engine lock.
+ */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/*
+ * This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all
+ * the ENGINE_set_***() functions with a NULL value.
+ */
+void engine_set_all_null(ENGINE *e);
+
+/*
+ * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
+ * exposed in engine.h.
+ */
+
+/* Free up dynamically allocated public key methods associated with ENGINE */
+
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
+
+/* Once initialisation function */
+extern CRYPTO_ONCE engine_lock_init;
+DECLARE_RUN_ONCE(do_engine_lock_init)
+
+/*
+ * This is a structure for storing implementations of various crypto
+ * algorithms and functions.
+ */
+struct engine_st {
+    const char *id;
+    const char *name;
+    const RSA_METHOD *rsa_meth;
+    const DSA_METHOD *dsa_meth;
+    const DH_METHOD *dh_meth;
+    const EC_KEY_METHOD *ec_meth;
+    const RAND_METHOD *rand_meth;
+    /* Cipher handling is via this callback */
+    ENGINE_CIPHERS_PTR ciphers;
+    /* Digest handling is via this callback */
+    ENGINE_DIGESTS_PTR digests;
+    /* Public key handling via this callback */
+    ENGINE_PKEY_METHS_PTR pkey_meths;
+    /* ASN1 public key handling via this callback */
+    ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
+    ENGINE_GEN_INT_FUNC_PTR destroy;
+    ENGINE_GEN_INT_FUNC_PTR init;
+    ENGINE_GEN_INT_FUNC_PTR finish;
+    ENGINE_CTRL_FUNC_PTR ctrl;
+    ENGINE_LOAD_KEY_PTR load_privkey;
+    ENGINE_LOAD_KEY_PTR load_pubkey;
+    ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+    const ENGINE_CMD_DEFN *cmd_defns;
+    int flags;
+    /* reference count on the structure itself */
+    int struct_ref;
+    /*
+     * reference count on usability of the engine type. NB: This controls the
+     * loading and initialisation of any functionality required by this
+     * engine, whereas the previous count is simply to cope with
+     * (de)allocation of this structure. Hence, running_ref <= struct_ref at
+     * all times.
+     */
+    int funct_ref;
+    /* A place to store per-ENGINE data */
+    CRYPTO_EX_DATA ex_data;
+    /* Used to maintain the linked-list of engines. */
+    struct engine_st *prev;
+    struct engine_st *next;
+};
+
+typedef struct st_engine_pile ENGINE_PILE;
+
+DEFINE_LHASH_OF(ENGINE_PILE);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif                          /* HEADER_ENGINE_INT_H */
diff --git a/openssl-1.1.0h/crypto/engine/eng_lib.c b/openssl-1.1.0h/crypto/engine/eng_lib.c
new file mode 100644
index 0000000..cbefc7e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_lib.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/rand.h>
+
+CRYPTO_RWLOCK *global_engine_lock;
+
+CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+/* The "new"/"free" stuff first */
+
+DEFINE_RUN_ONCE(do_engine_lock_init)
+{
+    OPENSSL_init_crypto(0, NULL);
+    global_engine_lock = CRYPTO_THREAD_lock_new();
+    return global_engine_lock != NULL;
+}
+
+ENGINE *ENGINE_new(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
+        || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->struct_ref = 1;
+    engine_ref_debug(ret, 0, 1);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here.
+ */
+void engine_set_all_null(ENGINE *e)
+{
+    e->id = NULL;
+    e->name = NULL;
+    e->rsa_meth = NULL;
+    e->dsa_meth = NULL;
+    e->dh_meth = NULL;
+    e->rand_meth = NULL;
+    e->ciphers = NULL;
+    e->digests = NULL;
+    e->destroy = NULL;
+    e->init = NULL;
+    e->finish = NULL;
+    e->ctrl = NULL;
+    e->load_privkey = NULL;
+    e->load_pubkey = NULL;
+    e->cmd_defns = NULL;
+    e->flags = 0;
+}
+
+int engine_free_util(ENGINE *e, int locked)
+{
+    int i;
+
+    if (e == NULL)
+        return 1;
+    if (locked)
+        CRYPTO_atomic_add(&e->struct_ref, -1, &i, global_engine_lock);
+    else
+        i = --e->struct_ref;
+    engine_ref_debug(e, 0, -1)
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+    /* Free up any dynamically allocated public key methods */
+    engine_pkey_meths_free(e);
+    engine_pkey_asn1_meths_free(e);
+    /*
+     * Give the ENGINE a chance to do any structural cleanup corresponding to
+     * allocation it did in its constructor (eg. unload error strings)
+     */
+    if (e->destroy)
+        e->destroy(e);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+    OPENSSL_free(e);
+    return 1;
+}
+
+int ENGINE_free(ENGINE *e)
+{
+    return engine_free_util(e, 1);
+}
+
+/* Cleanup stuff */
+
+/*
+ * engine_cleanup_int() is coded such that anything that does work that will
+ * need cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+{
+    if (cleanup_stack)
+        return 1;
+    if (!create)
+        return 0;
+    cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+    return (cleanup_stack ? 1 : 0);
+}
+
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item));
+    if (item == NULL)
+        return NULL;
+    item->cb = cb;
+    return item;
+}
+
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+}
+
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+{
+    (*(item->cb)) ();
+    OPENSSL_free(item);
+}
+
+void engine_cleanup_int(void)
+{
+    if (int_cleanup_check(0)) {
+        sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                                        engine_cleanup_cb_free);
+        cleanup_stack = NULL;
+    }
+    CRYPTO_THREAD_lock_free(global_engine_lock);
+}
+
+/* Now the "ex_data" support */
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+{
+    return (CRYPTO_get_ex_data(&e->ex_data, idx));
+}
+
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+{
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->id = id;
+    return 1;
+}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+{
+    if (name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->name = name;
+    return 1;
+}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+{
+    e->destroy = destroy_f;
+    return 1;
+}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+{
+    e->init = init_f;
+    return 1;
+}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+{
+    e->finish = finish_f;
+    return 1;
+}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+{
+    e->ctrl = ctrl_f;
+    return 1;
+}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+{
+    e->flags = flags;
+    return 1;
+}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+{
+    e->cmd_defns = defns;
+    return 1;
+}
+
+const char *ENGINE_get_id(const ENGINE *e)
+{
+    return e->id;
+}
+
+const char *ENGINE_get_name(const ENGINE *e)
+{
+    return e->name;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+{
+    return e->destroy;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+{
+    return e->init;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+{
+    return e->finish;
+}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+{
+    return e->ctrl;
+}
+
+int ENGINE_get_flags(const ENGINE *e)
+{
+    return e->flags;
+}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+{
+    return e->cmd_defns;
+}
+
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+{
+    return &internal_static_hack;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_list.c b/openssl-1.1.0h/crypto/engine/eng_list.c
new file mode 100644
index 0000000..934389f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_list.c
@@ -0,0 +1,354 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "eng_int.h"
+
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational niceity and only points to something that is
+ * already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "engine_cleanup_int()" stack to be called during
+ * cleanup.
+ */
+
+static void engine_list_cleanup(void)
+{
+    ENGINE *iterator = engine_list_head;
+
+    while (iterator != NULL) {
+        ENGINE_remove(iterator);
+        iterator = engine_list_head;
+    }
+    return;
+}
+
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when global_engine_lock has been locked up.
+ */
+static int engine_list_add(ENGINE *e)
+{
+    int conflict = 0;
+    ENGINE *iterator = NULL;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    iterator = engine_list_head;
+    while (iterator && !conflict) {
+        conflict = (strcmp(iterator->id, e->id) == 0);
+        iterator = iterator->next;
+    }
+    if (conflict) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+        return 0;
+    }
+    if (engine_list_head == NULL) {
+        /* We are adding to an empty list. */
+        if (engine_list_tail) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_head = e;
+        e->prev = NULL;
+        /*
+         * The first time the list allocates, we should register the cleanup.
+         */
+        engine_cleanup_add_last(engine_list_cleanup);
+    } else {
+        /* We are adding to the tail of an existing list. */
+        if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_tail->next = e;
+        e->prev = engine_list_tail;
+    }
+    /*
+     * Having the engine in the list assumes a structural reference.
+     */
+    e->struct_ref++;
+    engine_ref_debug(e, 0, 1);
+    /* However it came to be, e is the last item in the list. */
+    engine_list_tail = e;
+    e->next = NULL;
+    return 1;
+}
+
+static int engine_list_remove(ENGINE *e)
+{
+    ENGINE *iterator;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    /* We need to check that e is in our linked list! */
+    iterator = engine_list_head;
+    while (iterator && (iterator != e))
+        iterator = iterator->next;
+    if (iterator == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                  ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+        return 0;
+    }
+    /* un-link e from the chain. */
+    if (e->next)
+        e->next->prev = e->prev;
+    if (e->prev)
+        e->prev->next = e->next;
+    /* Correct our head/tail if necessary. */
+    if (engine_list_head == e)
+        engine_list_head = e->next;
+    if (engine_list_tail == e)
+        engine_list_tail = e->prev;
+    engine_free_util(e, 0);
+    return 1;
+}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_head;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+ENGINE *ENGINE_get_last(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_tail;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->next;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->prev;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((e->id == NULL) || (e->name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_add(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_remove(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+{
+    dest->id = src->id;
+    dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+    dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+    dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+    dest->dh_meth = src->dh_meth;
+#endif
+#ifndef OPENSSL_NO_EC
+    dest->ec_meth = src->ec_meth;
+#endif
+    dest->rand_meth = src->rand_meth;
+    dest->ciphers = src->ciphers;
+    dest->digests = src->digests;
+    dest->pkey_meths = src->pkey_meths;
+    dest->destroy = src->destroy;
+    dest->init = src->init;
+    dest->finish = src->finish;
+    dest->ctrl = src->ctrl;
+    dest->load_privkey = src->load_privkey;
+    dest->load_pubkey = src->load_pubkey;
+    dest->cmd_defns = src->cmd_defns;
+    dest->flags = src->flags;
+}
+
+ENGINE *ENGINE_by_id(const char *id)
+{
+    ENGINE *iterator;
+    char *load_dir = NULL;
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    iterator = engine_list_head;
+    while (iterator && (strcmp(id, iterator->id) != 0))
+        iterator = iterator->next;
+    if (iterator != NULL) {
+        /*
+         * We need to return a structural reference. If this is an ENGINE
+         * type that returns copies, make a duplicate - otherwise increment
+         * the existing ENGINE's reference count.
+         */
+        if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+            ENGINE *cp = ENGINE_new();
+            if (cp == NULL)
+                iterator = NULL;
+            else {
+                engine_cpy(cp, iterator);
+                iterator = cp;
+            }
+        } else {
+            iterator->struct_ref++;
+            engine_ref_debug(iterator, 0, 1);
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (iterator != NULL)
+        return iterator;
+    /*
+     * Prevent infinite recursion if we're looking for the dynamic engine.
+     */
+    if (strcmp(id, "dynamic")) {
+        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+            load_dir = ENGINESDIR;
+        iterator = ENGINE_by_id("dynamic");
+        if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+                                    load_dir, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+            goto notfound;
+        return iterator;
+    }
+ notfound:
+    ENGINE_free(iterator);
+    ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+    ERR_add_error_data(2, "id=", id);
+    return NULL;
+    /* EEK! Experimental code ends */
+}
+
+int ENGINE_up_ref(ENGINE *e)
+{
+    int i;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_atomic_add(&e->struct_ref, 1, &i, global_engine_lock);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_openssl.c b/openssl-1.1.0h/crypto/engine/eng_openssl.c
new file mode 100644
index 0000000..9208f7e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_openssl.c
@@ -0,0 +1,652 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <internal/engine.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#include <openssl/hmac.h>
+#include <openssl/x509v3.h>
+
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
+#define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
+#define TEST_ENG_OPENSSL_PKEY
+#endif
+/* #define TEST_ENG_OPENSSL_HMAC */
+/* #define TEST_ENG_OPENSSL_HMAC_INIT */
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+
+static int openssl_destroy(ENGINE *e);
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+static int ossl_register_hmac_meth(void);
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_openssl_id)
+        || !ENGINE_set_name(e, engine_openssl_name)
+        || !ENGINE_set_destroy_function(e, openssl_destroy)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+        || !ENGINE_set_RAND(e, RAND_OpenSSL())
+# ifdef TEST_ENG_OPENSSL_RC4
+        || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+        || !ENGINE_set_digests(e, openssl_digests)
+# endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+#ifdef TEST_ENG_OPENSSL_HMAC
+        || !ossl_register_hmac_meth()
+        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
+#endif
+        )
+        return 0;
+    /*
+     * If we add errors to this ENGINE, ensure the error handling is setup
+     * here
+     */
+    /* openssl_load_error_strings(); */
+    return 1;
+}
+
+static ENGINE *engine_openssl(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_openssl_int(void)
+{
+    ENGINE *toadd = engine_openssl();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_openssl_id) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif                          /* ENGINE_DYNAMIC_SUPPORT */
+#ifdef TEST_ENG_OPENSSL_RC4
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE               16
+typedef struct {
+    unsigned char key[TEST_RC4_KEY_SIZE];
+    RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+    memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+    RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+    return 1;
+}
+
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+    RC4(&test(ctx)->ks, inl, in, out);
+    return 1;
+}
+
+static EVP_CIPHER *r4_cipher = NULL;
+static const EVP_CIPHER *test_r4_cipher(void)
+{
+    if (r4_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_cipher = cipher;
+    }
+    return r4_cipher;
+}
+static void test_r4_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_cipher);
+    r4_cipher = NULL;
+}
+
+static EVP_CIPHER *r4_40_cipher = NULL;
+static const EVP_CIPHER *test_r4_40_cipher(void)
+{
+    if (r4_40_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_40_cipher = cipher;
+    }
+    return r4_40_cipher;
+}
+static void test_r4_40_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_40_cipher);
+    r4_40_cipher = NULL;
+}
+static int test_cipher_nids(const int **nids)
+{
+    static int cipher_nids[4] = { 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_CIPHER *cipher;
+        if ((cipher = test_r4_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        if ((cipher = test_r4_40_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        cipher_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = cipher_nids;
+    return pos;
+}
+
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid)
+{
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        return test_cipher_nids(nids);
+    }
+    /* We are being asked for a specific cipher */
+    if (nid == NID_rc4)
+        *cipher = test_r4_cipher();
+    else if (nid == NID_rc4_40)
+        *cipher = test_r4_40_cipher();
+    else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *cipher = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+# include <openssl/sha.h>
+
+static int test_sha1_init(EVP_MD_CTX *ctx)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *test_sha_md(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, test_sha1_init)
+            || !EVP_MD_meth_set_update(md, test_sha1_update)
+            || !EVP_MD_meth_set_final(md, test_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+static void test_sha_md_destroy(void)
+{
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+}
+static int test_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = test_sha_md()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid)
+{
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return test_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    if (nid == NID_sha1)
+        *digest = test_sha_md();
+    else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *digest = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data)
+{
+    BIO *in;
+    EVP_PKEY *key;
+    fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+            key_id);
+    in = BIO_new_file(key_id, "r");
+    if (!in)
+        return NULL;
+    key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+    BIO_free(in);
+    return key;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+
+/*
+ * Experimental HMAC redirection implementation: mainly copied from
+ * hm_pmeth.c
+ */
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} OSSL_HMAC_PKEY_CTX;
+
+static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx;
+
+    hctx = OPENSSL_zalloc(sizeof(*hctx));
+    if (hctx == NULL)
+        return 0;
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+    EVP_PKEY_CTX_set_data(ctx, hctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+# ifdef TEST_ENG_OPENSSL_HMAC_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
+# endif
+    return 1;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    OSSL_HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!ossl_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    ossl_hmac_cleanup(dst);
+    return 0;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
+    return 1;
+}
+
+static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                             size_t *siglen, EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    EVP_PKEY *pk;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        pk = EVP_PKEY_CTX_get0_pkey(ctx);
+        key = EVP_PKEY_get0(pk);
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0) {
+        void *p = (void *)value;
+        return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
+    }
+    if (strcmp(type, "hexkey") == 0) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = OPENSSL_hexstr2buf(value, &keylen);
+        if (!key)
+            return 0;
+        r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+static EVP_PKEY_METHOD *ossl_hmac_meth;
+
+static int ossl_register_hmac_meth(void)
+{
+    EVP_PKEY_METHOD *meth;
+    meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
+    if (meth == NULL)
+        return 0;
+    EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
+    EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
+    EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
+
+    EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
+
+    EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
+                              ossl_hmac_signctx);
+
+    EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
+    ossl_hmac_meth = meth;
+    return 1;
+}
+
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid)
+{
+    static int ossl_pkey_nids[] = {
+        EVP_PKEY_HMAC,
+        0
+    };
+    if (!pmeth) {
+        *nids = ossl_pkey_nids;
+        return 1;
+    }
+
+    if (nid == EVP_PKEY_HMAC) {
+        *pmeth = ossl_hmac_meth;
+        return 1;
+    }
+
+    *pmeth = NULL;
+    return 0;
+}
+
+#endif
+
+int openssl_destroy(ENGINE *e)
+{
+    test_sha_md_destroy();
+#ifdef TEST_ENG_OPENSSL_RC4
+    test_r4_cipher_destroy();
+    test_r4_40_cipher_destroy();
+#endif
+    return 1;
+}
+
diff --git a/openssl-1.1.0h/crypto/engine/eng_pkey.c b/openssl-1.1.0h/crypto/engine/eng_pkey.c
new file mode 100644
index 0000000..305a648
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_pkey.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+    e->load_privkey = loadpriv_f;
+    return 1;
+}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+{
+    e->load_pubkey = loadpub_f;
+    return 1;
+}
+
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f)
+{
+    e->load_ssl_client_cert = loadssl_f;
+    return 1;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+{
+    return e->load_privkey;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+{
+    return e->load_pubkey;
+}
+
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e)
+{
+    return e->load_ssl_client_cert;
+}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_privkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_pubkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data)
+{
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_ssl_client_cert) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                   ui_method, callback_data);
+}
diff --git a/openssl-1.1.0h/crypto/engine/eng_rdrand.c b/openssl-1.1.0h/crypto/engine/eng_rdrand.c
new file mode 100644
index 0000000..b3defcb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_rdrand.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <internal/engine.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+
+size_t OPENSSL_ia32_rdrand(void);
+
+static int get_random_bytes(unsigned char *buf, int num)
+{
+    size_t rnd;
+
+    while (num >= (int)sizeof(size_t)) {
+        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
+            return 0;
+
+        *((size_t *)buf) = rnd;
+        buf += sizeof(size_t);
+        num -= sizeof(size_t);
+    }
+    if (num) {
+        if ((rnd = OPENSSL_ia32_rdrand()) == 0)
+            return 0;
+
+        memcpy(buf, &rnd, num);
+    }
+
+    return 1;
+}
+
+static int random_status(void)
+{
+    return 1;
+}
+
+static RAND_METHOD rdrand_meth = {
+    NULL,                       /* seed */
+    get_random_bytes,
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    get_random_bytes,
+    random_status,
+};
+
+static int rdrand_init(ENGINE *e)
+{
+    return 1;
+}
+
+static const char *engine_e_rdrand_id = "rdrand";
+static const char *engine_e_rdrand_name = "Intel RDRAND engine";
+
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+        !ENGINE_set_name(e, engine_e_rdrand_name) ||
+        !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+        !ENGINE_set_init_function(e, rdrand_init) ||
+        !ENGINE_set_RAND(e, &rdrand_meth))
+        return 0;
+
+    return 1;
+}
+
+static ENGINE *ENGINE_rdrand(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_rdrand_int(void)
+{
+    extern unsigned int OPENSSL_ia32cap_P[];
+
+    if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
+        ENGINE *toadd = ENGINE_rdrand();
+        if (!toadd)
+            return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+    }
+}
+#else
+void engine_load_rdrand_int(void)
+{
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/engine/eng_table.c b/openssl-1.1.0h/crypto/engine/eng_table.c
new file mode 100644
index 0000000..ac4b02f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/eng_table.c
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include "eng_int.h"
+
+/* The type of the items in the table */
+struct st_engine_pile {
+    /* The 'nid' of this algorithm/mode */
+    int nid;
+    /* ENGINEs that implement this algorithm/mode. */
+    STACK_OF(ENGINE) *sk;
+    /* The default ENGINE to perform this algorithm/mode. */
+    ENGINE *funct;
+    /*
+     * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+     */
+    int uptodate;
+};
+
+/* The type exposed in eng_int.h */
+struct st_engine_table {
+    LHASH_OF(ENGINE_PILE) piles;
+};                              /* ENGINE_TABLE */
+
+typedef struct st_engine_pile_doall {
+    engine_table_doall_cb *cb;
+    void *arg;
+} ENGINE_PILE_DOALL;
+
+/* Global flags (ENGINE_TABLE_FLAG_***). */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+{
+    return table_flags;
+}
+
+void ENGINE_set_table_flags(unsigned int flags)
+{
+    table_flags = flags;
+}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+{
+    return c->nid;
+}
+
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+{
+    return a->nid - b->nid;
+}
+
+static int int_table_check(ENGINE_TABLE **t, int create)
+{
+    LHASH_OF(ENGINE_PILE) *lh;
+
+    if (*t)
+        return 1;
+    if (!create)
+        return 0;
+    if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL)
+        return 0;
+    *t = (ENGINE_TABLE *)lh;
+    return 1;
+}
+
+/*
+ * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault)
+{
+    int ret = 0, added = 0;
+    ENGINE_PILE tmplate, *fnd;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!(*table))
+        added = 1;
+    if (!int_table_check(table, 1))
+        goto end;
+    if (added)
+        /* The cleanup callback needs to be added */
+        engine_cleanup_add_first(cleanup);
+    while (num_nids--) {
+        tmplate.nid = *nids;
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+        if (!fnd) {
+            fnd = OPENSSL_malloc(sizeof(*fnd));
+            if (fnd == NULL)
+                goto end;
+            fnd->uptodate = 1;
+            fnd->nid = *nids;
+            fnd->sk = sk_ENGINE_new_null();
+            if (!fnd->sk) {
+                OPENSSL_free(fnd);
+                goto end;
+            }
+            fnd->funct = NULL;
+            (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
+            if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
+                sk_ENGINE_free(fnd->sk);
+                OPENSSL_free(fnd);
+                goto end;
+            }
+        }
+        /* A registration shouldn't add duplicate entries */
+        (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+        /*
+         * if 'setdefault', this ENGINE goes to the head of the list
+         */
+        if (!sk_ENGINE_push(fnd->sk, e))
+            goto end;
+        /* "touch" this ENGINE_PILE */
+        fnd->uptodate = 0;
+        if (setdefault) {
+            if (!engine_unlocked_init(e)) {
+                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                          ENGINE_R_INIT_FAILED);
+                goto end;
+            }
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = e;
+            fnd->uptodate = 1;
+        }
+        nids++;
+    }
+    ret = 1;
+ end:
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+{
+    int n;
+    /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
+    while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+        (void)sk_ENGINE_delete(pile->sk, n);
+        pile->uptodate = 0;
+    }
+    if (pile->funct == e) {
+        engine_unlocked_finish(e, 0);
+        pile->funct = NULL;
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE);
+
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (int_table_check(table, 0))
+        lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
+{
+    if (!p)
+        return;
+    sk_ENGINE_free(p->sk);
+    if (p->funct)
+        engine_unlocked_finish(p->funct, 0);
+    OPENSSL_free(p);
+}
+
+void engine_table_cleanup(ENGINE_TABLE **table)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (*table) {
+        lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);
+        lh_ENGINE_PILE_free(&(*table)->piles);
+        *table = NULL;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+/* return a functional reference for a given 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l)
+#endif
+{
+    ENGINE *ret = NULL;
+    ENGINE_PILE tmplate, *fnd = NULL;
+    int initres, loop = 0;
+
+    if (!(*table)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+                "registered!\n", f, l, nid);
+#endif
+        return NULL;
+    }
+    ERR_set_mark();
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    /*
+     * Check again inside the lock otherwise we could race against cleanup
+     * operations. But don't worry about a fprintf(stderr).
+     */
+    if (!int_table_check(table, 0))
+        goto end;
+    tmplate.nid = nid;
+    fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+    if (!fnd)
+        goto end;
+    if (fnd->funct && engine_unlocked_init(fnd->funct)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+        ret = fnd->funct;
+        goto end;
+    }
+    if (fnd->uptodate) {
+        ret = fnd->funct;
+        goto end;
+    }
+ trynext:
+    ret = sk_ENGINE_value(fnd->sk, loop++);
+    if (!ret) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                "registered implementations would initialise\n", f, l, nid);
+#endif
+        goto end;
+    }
+    /* Try to initialise the ENGINE? */
+    if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+        initres = engine_unlocked_init(ret);
+    else
+        initres = 0;
+    if (initres) {
+        /* Update 'funct' */
+        if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+            /* If there was a previous default we release it. */
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+            fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                    "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+        }
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+        goto end;
+    }
+    goto trynext;
+ end:
+    /*
+     * If it failed, it is unlikely to succeed again until some future
+     * registrations have taken place. In all cases, we cache.
+     */
+    if (fnd)
+        fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+    if (ret)
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "ENGINE '%s'\n", f, l, nid, ret->id);
+    else
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "'no matching ENGINE'\n", f, l, nid);
+#endif
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * Whatever happened, any failed init()s are not failures in this
+     * context, so clear our error state.
+     */
+    ERR_pop_to_mark();
+    return ret;
+}
+
+/* Table enumeration */
+
+static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+{
+    dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL);
+
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg)
+{
+    ENGINE_PILE_DOALL dall;
+    dall.cb = cb;
+    dall.arg = arg;
+    if (table)
+        lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall);
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_asnmth.c b/openssl-1.1.0h/crypto/engine/tb_asnmth.c
new file mode 100644
index 0000000..480267d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_asnmth.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'.
+ */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_asn1_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_asn1_meths(void)
+{
+    engine_table_cleanup(&pkey_asn1_meth_table);
+}
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_asn1_meths(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_asn1_meths(e);
+}
+
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_asn1_meth_table, nid);
+}
+
+/*
+ * Obtains a pkey_asn1_meth implementation from an ENGINE functional
+ * reference
+ */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_ASN1_METHOD *ret;
+    ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+{
+    return e->pkey_asn1_meths;
+}
+
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+{
+    e->pkey_asn1_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_asn1_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_ASN1_METHOD *pkm;
+    if (e->pkey_asn1_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_asn1_free(pkm);
+            }
+        }
+    }
+}
+
+/*
+ * Find a method based on a string. This does a linear search through all
+ * implemented algorithms. This is OK in practice because only a small number
+ * of algorithms are likely to be implemented in an engine and it is not used
+ * for speed critical operations.
+ */
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len)
+{
+    int i, nidcount;
+    const int *nids;
+    EVP_PKEY_ASN1_METHOD *ameth;
+    if (!e->pkey_asn1_meths)
+        return NULL;
+    if (len == -1)
+        len = strlen(str);
+    nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+    for (i = 0; i < nidcount; i++) {
+        e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+        if (((int)strlen(ameth->pem_str) == len)
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+typedef struct {
+    ENGINE *e;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    const char *str;
+    int len;
+} ENGINE_FIND_STR;
+
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+{
+    ENGINE_FIND_STR *lk = arg;
+    int i;
+    if (lk->ameth)
+        return;
+    for (i = 0; i < sk_ENGINE_num(sk); i++) {
+        ENGINE *e = sk_ENGINE_value(sk, i);
+        EVP_PKEY_ASN1_METHOD *ameth;
+        e->pkey_asn1_meths(e, &ameth, NULL, nid);
+        if (((int)strlen(ameth->pem_str) == lk->len)
+                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
+            lk->e = e;
+            lk->ameth = ameth;
+            return;
+        }
+    }
+}
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len)
+{
+    ENGINE_FIND_STR fstr;
+    fstr.e = NULL;
+    fstr.ameth = NULL;
+    fstr.str = str;
+    fstr.len = len;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+    /* If found obtain a structural reference to engine */
+    if (fstr.e) {
+        fstr.e->struct_ref++;
+        engine_ref_debug(fstr.e, 0, 1);
+    }
+    *pe = fstr.e;
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return fstr.ameth;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_cipher.c b/openssl-1.1.0h/crypto/engine/tb_cipher.c
new file mode 100644
index 0000000..ac49141
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_cipher.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+{
+    engine_table_unregister(&cipher_table, e);
+}
+
+static void engine_unregister_all_ciphers(void)
+{
+    engine_table_cleanup(&cipher_table);
+}
+
+int ENGINE_register_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_ciphers()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ciphers(e);
+}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid'
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+{
+    return engine_table_select(&cipher_table, nid);
+}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+{
+    const EVP_CIPHER *ret;
+    ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+{
+    return e->ciphers;
+}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+{
+    e->ciphers = f;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_dh.c b/openssl-1.1.0h/crypto/engine/tb_dh.c
new file mode 100644
index 0000000..c6440df
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_dh.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_DH(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DH()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DH(e);
+}
+
+int ENGINE_set_default_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DH(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+{
+    return e->dh_meth;
+}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+{
+    e->dh_meth = dh_meth;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_digest.c b/openssl-1.1.0h/crypto/engine/tb_digest.c
new file mode 100644
index 0000000..194b9c7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_digest.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+{
+    engine_table_unregister(&digest_table, e);
+}
+
+static void engine_unregister_all_digests(void)
+{
+    engine_table_cleanup(&digest_table);
+}
+
+int ENGINE_register_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_digests()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_digests(e);
+}
+
+int ENGINE_set_default_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid'
+ */
+ENGINE *ENGINE_get_digest_engine(int nid)
+{
+    return engine_table_select(&digest_table, nid);
+}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+{
+    const EVP_MD *ret;
+    ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+{
+    return e->digests;
+}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+{
+    e->digests = f;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_dsa.c b/openssl-1.1.0h/crypto/engine/tb_dsa.c
new file mode 100644
index 0000000..fdb80cd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_dsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+{
+    engine_table_unregister(&dsa_table, e);
+}
+
+static void engine_unregister_all_DSA(void)
+{
+    engine_table_cleanup(&dsa_table);
+}
+
+int ENGINE_register_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DSA()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DSA(e);
+}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DSA(void)
+{
+    return engine_table_select(&dsa_table, dummy_nid);
+}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+{
+    return e->dsa_meth;
+}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+{
+    e->dsa_meth = dsa_meth;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_eckey.c b/openssl-1.1.0h/crypto/engine/tb_eckey.c
new file mode 100644
index 0000000..75750b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_eckey.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_EC(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_EC(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_EC()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_EC(e);
+}
+
+int ENGINE_set_default_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_EC(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an EC_KEY implementation from an ENGINE functional reference */
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)
+{
+    return e->ec_meth;
+}
+
+/* Sets an EC_KEY implementation in an ENGINE structure */
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
+{
+    e->ec_meth = ec_meth;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_pkmeth.c b/openssl-1.1.0h/crypto/engine/tb_pkmeth.c
new file mode 100644
index 0000000..2e82d85
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_pkmeth.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+#include <openssl/evp.h>
+
+static ENGINE_TABLE *pkey_meth_table = NULL;
+
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_meths(void)
+{
+    engine_table_cleanup(&pkey_meth_table);
+}
+
+int ENGINE_register_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_meths()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_meths(e);
+}
+
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_meth_table, nid);
+}
+
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_METHOD *ret;
+    ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+{
+    return e->pkey_meths;
+}
+
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+{
+    e->pkey_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE
+ * is destroyed
+ */
+
+void engine_pkey_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_METHOD *pkm;
+    if (e->pkey_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_meth_free(pkm);
+            }
+        }
+    }
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_rand.c b/openssl-1.1.0h/crypto/engine/tb_rand.c
new file mode 100644
index 0000000..225e7c8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_rand.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+{
+    engine_table_unregister(&rand_table, e);
+}
+
+static void engine_unregister_all_RAND(void)
+{
+    engine_table_cleanup(&rand_table);
+}
+
+int ENGINE_register_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RAND()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RAND(e);
+}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RAND(void)
+{
+    return engine_table_select(&rand_table, dummy_nid);
+}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+{
+    return e->rand_meth;
+}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+{
+    e->rand_meth = rand_meth;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/engine/tb_rsa.c b/openssl-1.1.0h/crypto/engine/tb_rsa.c
new file mode 100644
index 0000000..e2cc680
--- /dev/null
+++ b/openssl-1.1.0h/crypto/engine/tb_rsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_int.h"
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+{
+    engine_table_unregister(&rsa_table, e);
+}
+
+static void engine_unregister_all_RSA(void)
+{
+    engine_table_cleanup(&rsa_table);
+}
+
+int ENGINE_register_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RSA()
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RSA(e);
+}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RSA(void)
+{
+    return engine_table_select(&rsa_table, dummy_nid);
+}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+{
+    return e->rsa_meth;
+}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+{
+    e->rsa_meth = rsa_meth;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/err/README b/openssl-1.1.0h/crypto/err/README
new file mode 100644
index 0000000..6d2ce0c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/README
@@ -0,0 +1,44 @@
+Adding new libraries
+--------------------
+
+When adding a new sub-library to OpenSSL, assign it a library number
+ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
+name to ERR_str_libraries[] (in crypto/err/err.c), and add
+ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
+(in crypto/err/err_all.c). Finally, add an entry:
+
+    L      XXX     xxx.h   xxx_err.c
+
+to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
+Running make errors will then generate a file xxx_err.c, and
+add all error codes used in the library to xxx.h.
+
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+
+    #ifndef HEADER_XXX_H
+    #define HEADER_XXX_H
+
+    #ifdef __cplusplus
+    extern "C" {
+    #endif
+
+    /* Include files */
+
+    #include <openssl/bio.h>
+    #include <openssl/x509.h>
+
+    /* Macros, structures and function prototypes */
+
+
+    /* BEGIN ERROR CODES */
+
+The BEGIN ERROR CODES sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when make errors is run.
+The closing #endif etc will be automatically added by the script.
+
+The generated C error code file xxx_err.c will load the header
+files stdio.h, openssl/err.h and openssl/xxx.h so the
+header file must load any additional header files containing any
+definitions it uses.
diff --git a/openssl-1.1.0h/crypto/err/build.info b/openssl-1.1.0h/crypto/err/build.info
new file mode 100644
index 0000000..6163d95
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        err.c err_all.c err_prn.c
diff --git a/openssl-1.1.0h/crypto/err/err.c b/openssl-1.1.0h/crypto/err/err.c
new file mode 100644
index 0000000..c439928
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/err.c
@@ -0,0 +1,793 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <internal/cryptlib_int.h>
+#include <internal/err.h>
+#include <internal/err_int.h>
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/opensslconf.h>
+#include <internal/thread_once.h>
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[] = {
+    {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"},
+    {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"},
+    {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"},
+    {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"},
+    {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"},
+    {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"},
+    {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"},
+    {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"},
+    {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"},
+    {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"},
+    {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
+    {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+    {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"},
+    {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
+    {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"},
+    {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"},
+    {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"},
+    {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+    {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"},
+    {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
+    {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
+    {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"},
+    {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
+    {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_functs[] = {
+    {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"},
+    {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"},
+    {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"},
+    {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"},
+    {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"},
+    {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
+    {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
+    {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
+# ifdef OPENSSL_SYS_WINDOWS
+    {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
+# endif
+    {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
+    {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+    {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
+    {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"},
+    {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"},
+    {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"},
+    {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_reasons[] = {
+    {ERR_R_SYS_LIB, "system lib"},
+    {ERR_R_BN_LIB, "BN lib"},
+    {ERR_R_RSA_LIB, "RSA lib"},
+    {ERR_R_DH_LIB, "DH lib"},
+    {ERR_R_EVP_LIB, "EVP lib"},
+    {ERR_R_BUF_LIB, "BUF lib"},
+    {ERR_R_OBJ_LIB, "OBJ lib"},
+    {ERR_R_PEM_LIB, "PEM lib"},
+    {ERR_R_DSA_LIB, "DSA lib"},
+    {ERR_R_X509_LIB, "X509 lib"},
+    {ERR_R_ASN1_LIB, "ASN1 lib"},
+    {ERR_R_EC_LIB, "EC lib"},
+    {ERR_R_BIO_LIB, "BIO lib"},
+    {ERR_R_PKCS7_LIB, "PKCS7 lib"},
+    {ERR_R_X509V3_LIB, "X509V3 lib"},
+    {ERR_R_ENGINE_LIB, "ENGINE lib"},
+    {ERR_R_ECDSA_LIB, "ECDSA lib"},
+
+    {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
+    {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
+
+    {ERR_R_FATAL, "fatal"},
+    {ERR_R_MALLOC_FAILURE, "malloc failure"},
+    {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+     "called a function you should not call"},
+    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+    {ERR_R_INTERNAL_ERROR, "internal error"},
+    {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+    {ERR_R_INIT_FAIL, "init fail"},
+
+    {0, NULL},
+};
+#endif
+
+static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
+static int set_err_thread_local;
+static CRYPTO_THREAD_LOCAL err_thread_local;
+
+static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *err_string_lock;
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+
+/*
+ * The internal state
+ */
+
+static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+static int int_err_library_number = ERR_LIB_USER;
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags);
+
+static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
+{
+    unsigned long ret, l;
+
+    l = a->error;
+    ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
+    return (ret ^ ret % 19 * 13);
+}
+
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b)
+{
+    return (int)(a->error - b->error);
+}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+{
+    ERR_STRING_DATA *p = NULL;
+
+    CRYPTO_THREAD_read_lock(err_string_lock);
+    if (int_error_hash != NULL)
+        p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return p;
+}
+
+#ifndef OPENSSL_NO_ERR
+# define NUM_SYS_STR_REASONS 127
+# define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/*
+ * SYS_str_reasons is filled with copies of strerror() results at
+ * initialization. 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string. It is crucial
+ * that we have something for each reason code that occurs in
+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr(),
+ * which always gets an errno value and never one of those 'standard' reason
+ * codes.
+ */
+
+static void build_SYS_str_reasons(void)
+{
+    /* OPENSSL_malloc cannot be used here, use static storage instead */
+    static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+    static int init = 1;
+    int i;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    if (!init) {
+        CRYPTO_THREAD_unlock(err_string_lock);
+        return;
+    }
+
+    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
+        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+        str->error = (unsigned long)i;
+        if (str->string == NULL) {
+            char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+            if (openssl_strerror_r(i, *dest, sizeof(*dest)))
+                str->string = *dest;
+        }
+        if (str->string == NULL)
+            str->string = "unknown";
+    }
+
+    /*
+     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
+     * required by ERR_load_strings.
+     */
+
+    init = 0;
+
+    CRYPTO_THREAD_unlock(err_string_lock);
+}
+#endif
+
+#define err_clear_data(p,i) \
+        do { \
+        if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0; \
+        } while(0)
+
+#define err_clear(p,i) \
+        do { \
+        (p)->err_flags[i]=0; \
+        (p)->err_buffer[i]=0; \
+        err_clear_data(p,i); \
+        (p)->err_file[i]=NULL; \
+        (p)->err_line[i]= -1; \
+        } while(0)
+
+static void ERR_STATE_free(ERR_STATE *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear_data(s, i);
+    }
+    OPENSSL_free(s);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+{
+    OPENSSL_init_crypto(0, NULL);
+    err_string_lock = CRYPTO_THREAD_lock_new();
+    return err_string_lock != NULL;
+}
+
+void err_cleanup(void)
+{
+    if (set_err_thread_local != 0)
+        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+    CRYPTO_THREAD_lock_free(err_string_lock);
+    err_string_lock = NULL;
+}
+
+int ERR_load_ERR_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    err_load_strings(0, ERR_str_libraries);
+    err_load_strings(0, ERR_str_reasons);
+    err_load_strings(ERR_LIB_SYS, ERR_str_functs);
+    build_SYS_str_reasons();
+    err_load_strings(ERR_LIB_SYS, SYS_str_reasons);
+#endif
+    return 1;
+}
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+{
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    if (int_error_hash == NULL)
+        int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
+                                                err_string_data_cmp);
+    if (int_error_hash != NULL) {
+        for (; str->error; str++) {
+            if (lib)
+                str->error |= ERR_PACK(lib, 0, 0);
+            (void)lh_ERR_STRING_DATA_insert(int_error_hash, str);
+        }
+    }
+    CRYPTO_THREAD_unlock(err_string_lock);
+}
+
+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
+{
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+    err_load_strings(lib, str);
+    return 1;
+}
+
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+{
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    if (int_error_hash != NULL) {
+        for (; str->error; str++) {
+            if (lib)
+                str->error |= ERR_PACK(lib, 0, 0);
+            (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
+        }
+    }
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return 1;
+}
+
+void err_free_strings_int(void)
+{
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    lh_ERR_STRING_DATA_free(int_error_hash);
+    int_error_hash = NULL;
+    CRYPTO_THREAD_unlock(err_string_lock);
+}
+
+/********************************************************/
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+    ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+    /*
+     * In the BS2000-OSD POSIX subsystem, the compiler generates path names
+     * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to
+     * something sensible. @@@ We shouldn't modify a const string, though.
+     */
+    if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) {
+        char *end;
+
+        /* Skip the "*POSIX(" prefix */
+        file += sizeof("*POSIX(") - 1;
+        end = &file[strlen(file) - 1];
+        if (*end == ')')
+            *end = '\0';
+        /* Optional: use the basename of the path only. */
+        if ((end = strrchr(file, '/')) != NULL)
+            file = &end[1];
+    }
+#endif
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    es->top = (es->top + 1) % ERR_NUM_ERRORS;
+    if (es->top == es->bottom)
+        es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS;
+    es->err_flags[es->top] = 0;
+    es->err_buffer[es->top] = ERR_PACK(lib, func, reason);
+    es->err_file[es->top] = file;
+    es->err_line[es->top] = line;
+    err_clear_data(es, es->top);
+}
+
+void ERR_clear_error(void)
+{
+    int i;
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear(es, i);
+    }
+    es->top = es->bottom = 0;
+}
+
+unsigned long ERR_get_error(void)
+{
+    return (get_error_values(1, 0, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+    return (get_error_values(1, 0, file, line, NULL, NULL));
+}
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags)
+{
+    return (get_error_values(1, 0, file, line, data, flags));
+}
+
+unsigned long ERR_peek_error(void)
+{
+    return (get_error_values(0, 0, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_peek_error_line(const char **file, int *line)
+{
+    return (get_error_values(0, 0, file, line, NULL, NULL));
+}
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags)
+{
+    return (get_error_values(0, 0, file, line, data, flags));
+}
+
+unsigned long ERR_peek_last_error(void)
+{
+    return (get_error_values(0, 1, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+{
+    return (get_error_values(0, 1, file, line, NULL, NULL));
+}
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags)
+{
+    return (get_error_values(0, 1, file, line, data, flags));
+}
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags)
+{
+    int i = 0;
+    ERR_STATE *es;
+    unsigned long ret;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (inc && top) {
+        if (file)
+            *file = "";
+        if (line)
+            *line = 0;
+        if (data)
+            *data = "";
+        if (flags)
+            *flags = 0;
+
+        return ERR_R_INTERNAL_ERROR;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    if (top)
+        i = es->top;            /* last error */
+    else
+        i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */
+
+    ret = es->err_buffer[i];
+    if (inc) {
+        es->bottom = i;
+        es->err_buffer[i] = 0;
+    }
+
+    if ((file != NULL) && (line != NULL)) {
+        if (es->err_file[i] == NULL) {
+            *file = "NA";
+            if (line != NULL)
+                *line = 0;
+        } else {
+            *file = es->err_file[i];
+            if (line != NULL)
+                *line = es->err_line[i];
+        }
+    }
+
+    if (data == NULL) {
+        if (inc) {
+            err_clear_data(es, i);
+        }
+    } else {
+        if (es->err_data[i] == NULL) {
+            *data = "";
+            if (flags != NULL)
+                *flags = 0;
+        } else {
+            *data = es->err_data[i];
+            if (flags != NULL)
+                *flags = es->err_data_flags[i];
+        }
+    }
+    return ret;
+}
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+    char lsbuf[64], fsbuf[64], rsbuf[64];
+    const char *ls, *fs, *rs;
+    unsigned long l, f, r;
+
+    if (len == 0)
+        return;
+
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    r = ERR_GET_REASON(e);
+
+    ls = ERR_lib_error_string(e);
+    fs = ERR_func_error_string(e);
+    rs = ERR_reason_error_string(e);
+
+    if (ls == NULL)
+        BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+    if (fs == NULL)
+        BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+    if (rs == NULL)
+        BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
+                 fs ? fs : fsbuf, rs ? rs : rsbuf);
+    if (strlen(buf) == len - 1) {
+        /*
+         * output may be truncated; make sure we always have 5
+         * colon-separated fields, i.e. 4 colons ...
+         */
+#define NUM_COLONS 4
+        if (len > NUM_COLONS) { /* ... if possible */
+            int i;
+            char *s = buf;
+
+            for (i = 0; i < NUM_COLONS; i++) {
+                char *colon = strchr(s, ':');
+                if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
+                    /*
+                     * set colon no. i at last possible position (buf[len-1]
+                     * is the terminating 0)
+                     */
+                    colon = &buf[len - 1] - NUM_COLONS + i;
+                    *colon = ':';
+                }
+                s = colon + 1;
+            }
+        }
+    }
+}
+
+/*
+ * ERR_error_string_n should be used instead for ret != NULL as
+ * ERR_error_string cannot know how large the buffer is
+ */
+char *ERR_error_string(unsigned long e, char *ret)
+{
+    static char buf[256];
+
+    if (ret == NULL)
+        ret = buf;
+    ERR_error_string_n(e, ret, 256);
+
+    return ret;
+}
+
+const char *ERR_lib_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    d.error = ERR_PACK(l, 0, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_func_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l, f;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    d.error = ERR_PACK(l, f, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_reason_error_string(unsigned long e)
+{
+    ERR_STRING_DATA d, *p = NULL;
+    unsigned long l, r;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    r = ERR_GET_REASON(e);
+    d.error = ERR_PACK(l, 0, r);
+    p = int_err_get_item(&d);
+    if (!p) {
+        d.error = ERR_PACK(0, 0, r);
+        p = int_err_get_item(&d);
+    }
+    return ((p == NULL) ? NULL : p->string);
+}
+
+void err_delete_thread_state(void)
+{
+    ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == NULL)
+        return;
+
+    CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+    ERR_STATE_free(state);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *dummy)
+{
+}
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+void ERR_remove_state(unsigned long pid)
+{
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(err_do_init)
+{
+    set_err_thread_local = 1;
+    return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+}
+
+ERR_STATE *ERR_get_state(void)
+{
+    ERR_STATE *state = NULL;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return NULL;
+
+    /*
+     * If base OPENSSL_init_crypto() hasn't been called yet, be sure to call
+     * it now to avoid state to be doubly allocated and thereby leak memory.
+     * Needed on any platform that doesn't define OPENSSL_USE_NODELETE.
+     */
+    if (!OPENSSL_init_crypto(0, NULL))
+        return NULL;
+
+    state = CRYPTO_THREAD_get_local(&err_thread_local);
+
+    if (state == NULL) {
+        state = OPENSSL_zalloc(sizeof(*state));
+        if (state == NULL)
+            return NULL;
+
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE)
+            || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
+            ERR_STATE_free(state);
+            return NULL;
+        }
+
+        /* Ignore failures from these */
+        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    }
+
+    return state;
+}
+
+int ERR_get_next_error_library(void)
+{
+    int ret;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return 0;
+    }
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    ret = int_err_library_number++;
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return ret;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+    ERR_STATE *es;
+    int i;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    i = es->top;
+
+    err_clear_data(es, i);
+    es->err_data[i] = data;
+    es->err_data_flags[i] = flags;
+}
+
+void ERR_add_error_data(int num, ...)
+{
+    va_list args;
+    va_start(args, num);
+    ERR_add_error_vdata(num, args);
+    va_end(args);
+}
+
+void ERR_add_error_vdata(int num, va_list args)
+{
+    int i, n, s;
+    char *str, *p, *a;
+
+    s = 80;
+    str = OPENSSL_malloc(s + 1);
+    if (str == NULL)
+        return;
+    str[0] = '\0';
+
+    n = 0;
+    for (i = 0; i < num; i++) {
+        a = va_arg(args, char *);
+        /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
+        if (a != NULL) {
+            n += strlen(a);
+            if (n > s) {
+                s = n + 20;
+                p = OPENSSL_realloc(str, s + 1);
+                if (p == NULL) {
+                    OPENSSL_free(str);
+                    return;
+                }
+                str = p;
+            }
+            OPENSSL_strlcat(str, a, (size_t)s + 1);
+        }
+    }
+    ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
+}
+
+int ERR_set_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] |= ERR_FLAG_MARK;
+    return 1;
+}
+
+int ERR_pop_to_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    while (es->bottom != es->top
+           && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
+        err_clear(es, es->top);
+        es->top -= 1;
+        if (es->top == -1)
+            es->top = ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/err/err_all.c b/openssl-1.1.0h/crypto/err/err_all.c
new file mode 100644
index 0000000..3b1304f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/err_all.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/err_int.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem2.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rand.h>
+#include "internal/dso.h"
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#include <openssl/ts.h>
+#include <openssl/cms.h>
+#include <openssl/ct.h>
+#include <openssl/async.h>
+#include <openssl/kdf.h>
+
+int err_load_crypto_strings_int(void)
+{
+    if (
+#ifdef OPENSSL_FIPS
+        FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 ||
+#endif
+#ifndef OPENSSL_NO_ERR
+        ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
+        ERR_load_BN_strings() == 0 ||
+# ifndef OPENSSL_NO_RSA
+        ERR_load_RSA_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_DH
+        ERR_load_DH_strings() == 0 ||
+# endif
+        ERR_load_EVP_strings() == 0 ||
+        ERR_load_BUF_strings() == 0 ||
+        ERR_load_OBJ_strings() == 0 ||
+        ERR_load_PEM_strings() == 0 ||
+# ifndef OPENSSL_NO_DSA
+        ERR_load_DSA_strings() == 0 ||
+# endif
+        ERR_load_X509_strings() == 0 ||
+        ERR_load_ASN1_strings() == 0 ||
+        ERR_load_CONF_strings() == 0 ||
+        ERR_load_CRYPTO_strings() == 0 ||
+# ifndef OPENSSL_NO_COMP
+        ERR_load_COMP_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_EC
+        ERR_load_EC_strings() == 0 ||
+# endif
+        /* skip ERR_load_SSL_strings() because it is not in this library */
+        ERR_load_BIO_strings() == 0 ||
+        ERR_load_PKCS7_strings() == 0 ||
+        ERR_load_X509V3_strings() == 0 ||
+        ERR_load_PKCS12_strings() == 0 ||
+        ERR_load_RAND_strings() == 0 ||
+        ERR_load_DSO_strings() == 0 ||
+# ifndef OPENSSL_NO_TS
+        ERR_load_TS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_ENGINE
+        ERR_load_ENGINE_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_OCSP
+        ERR_load_OCSP_strings() == 0 ||
+# endif
+#ifndef OPENSSL_NO_UI
+        ERR_load_UI_strings() == 0 ||
+#endif
+# ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_CMS
+        ERR_load_CMS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_CT
+        ERR_load_CT_strings() == 0 ||
+# endif
+        ERR_load_ASYNC_strings() == 0 ||
+#endif
+        ERR_load_KDF_strings() == 0)
+        return 0;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/err/err_prn.c b/openssl-1.1.0h/crypto/err/err_prn.c
new file mode 100644
index 0000000..6ae1251
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/err_prn.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u)
+{
+    unsigned long l;
+    char buf[256];
+    char buf2[4096];
+    const char *file, *data;
+    int line, flags;
+    /*
+     * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best
+     * attempt to convert it into something we can print.
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+
+    tid.ltid = 0;
+    tid.tid = CRYPTO_THREAD_get_current_id();
+
+    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(l, buf, sizeof(buf));
+        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf,
+                     file, line, (flags & ERR_TXT_STRING) ? data : "");
+        if (cb(buf2, strlen(buf2), u) <= 0)
+            break;              /* abort outputting the error report */
+    }
+}
+
+static int print_bio(const char *str, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, str, len);
+}
+
+void ERR_print_errors(BIO *bp)
+{
+    ERR_print_errors_cb(print_bio, bp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp)
+{
+    BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
+    if (bio == NULL)
+        return;
+
+    ERR_print_errors_cb(print_bio, bio);
+    BIO_free(bio);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/err/openssl.ec b/openssl-1.1.0h/crypto/err/openssl.ec
new file mode 100644
index 0000000..15d151f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/err/openssl.ec
@@ -0,0 +1,99 @@
+# crypto/err/openssl.ec
+
+# configuration file for util/mkerr.pl
+
+# files that may have to be rewritten by util/mkerr.pl
+L ERR		NONE				NONE
+L BN		include/openssl/bn.h		crypto/bn/bn_err.c
+L RSA		include/openssl/rsa.h		crypto/rsa/rsa_err.c
+L DH		include/openssl/dh.h		crypto/dh/dh_err.c
+L EVP		include/openssl/evp.h		crypto/evp/evp_err.c
+L BUF		include/openssl/buffer.h	crypto/buffer/buf_err.c
+L OBJ		include/openssl/objects.h	crypto/objects/obj_err.c
+L PEM		include/openssl/pem.h		crypto/pem/pem_err.c
+L DSA		include/openssl/dsa.h		crypto/dsa/dsa_err.c
+L X509		include/openssl/x509.h		crypto/x509/x509_err.c
+L ASN1		include/openssl/asn1.h		crypto/asn1/asn1_err.c
+L CONF		include/openssl/conf.h		crypto/conf/conf_err.c
+L CRYPTO	include/openssl/crypto.h	crypto/cpt_err.c
+L EC		include/openssl/ec.h		crypto/ec/ec_err.c
+L SSL		include/openssl/ssl.h		ssl/ssl_err.c
+L BIO		include/openssl/bio.h		crypto/bio/bio_err.c
+L PKCS7		include/openssl/pkcs7.h		crypto/pkcs7/pkcs7err.c
+L X509V3	include/openssl/x509v3.h	crypto/x509v3/v3err.c
+L PKCS12	include/openssl/pkcs12.h	crypto/pkcs12/pk12err.c
+L RAND		include/openssl/rand.h		crypto/rand/rand_err.c
+L DSO		include/internal/dso.h		crypto/dso/dso_err.c
+L ENGINE	include/openssl/engine.h	crypto/engine/eng_err.c
+L OCSP		include/openssl/ocsp.h		crypto/ocsp/ocsp_err.c
+L UI		include/openssl/ui.h		crypto/ui/ui_err.c
+L COMP		include/openssl/comp.h		crypto/comp/comp_err.c
+L TS		include/openssl/ts.h		crypto/ts/ts_err.c
+#L HMAC		include/openssl/hmac.h		crypto/hmac/hmac_err.c
+L CMS		include/openssl/cms.h		crypto/cms/cms_err.c
+#L FIPS		include/openssl/fips.h		crypto/fips_err.h
+L CT		include/openssl/ct.h		crypto/ct/ct_err.c
+L ASYNC		include/openssl/async.h		crypto/async/async_err.c
+L KDF		include/openssl/kdf.h		crypto/kdf/kdf_err.c
+
+# additional header files to be scanned for function names
+L NONE		include/openssl/x509_vfy.h	NONE
+L NONE		crypto/ec/ec_lcl.h		NONE
+L NONE		crypto/cms/cms_lcl.h		NONE
+L NONE		crypto/ct/ct_locl.h		NONE
+#L NONE		fips/rand/fips_rand.h		NONE
+L NONE		ssl/ssl_locl.h			NONE
+
+F RSAREF_F_RSA_BN2BIN
+F RSAREF_F_RSA_PRIVATE_DECRYPT
+F RSAREF_F_RSA_PRIVATE_ENCRYPT
+F RSAREF_F_RSA_PUBLIC_DECRYPT
+F RSAREF_F_RSA_PUBLIC_ENCRYPT
+
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE         1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC             1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED          1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW            1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE      1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE          1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE             1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE            1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE    1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED        1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED        1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN        1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER          1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA                 1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK     1086
+R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION            1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE         1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE  1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE       1114
+R TLS1_AD_UNKNOWN_PSK_IDENTITY                 1115
+R TLS1_AD_NO_APPLICATION_PROTOCOL              1120
+
+R RSAREF_R_CONTENT_ENCODING			0x0400
+R RSAREF_R_DATA					0x0401
+R RSAREF_R_DIGEST_ALGORITHM			0x0402
+R RSAREF_R_ENCODING				0x0403
+R RSAREF_R_KEY					0x0404
+R RSAREF_R_KEY_ENCODING				0x0405
+R RSAREF_R_LEN					0x0406
+R RSAREF_R_MODULUS_LEN				0x0407
+R RSAREF_R_NEED_RANDOM				0x0408
+R RSAREF_R_PRIVATE_KEY				0x0409
+R RSAREF_R_PUBLIC_KEY				0x040a
+R RSAREF_R_SIGNATURE				0x040b
+R RSAREF_R_SIGNATURE_ENCODING			0x040c
+R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
+
diff --git a/openssl-1.1.0h/crypto/evp/bio_b64.c b/openssl-1.1.0h/crypto/evp/bio_b64.c
new file mode 100644
index 0000000..a86e8db
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/bio_b64.c
@@ -0,0 +1,551 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+static int b64_puts(BIO *h, const char *str);
+/*
+ * static int b64_gets(BIO *h, char *str, int size);
+ */
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+
+typedef struct b64_struct {
+    /*
+     * BIO *bio; moved to the BIO structure
+     */
+    int buf_len;
+    int buf_off;
+    int tmp_len;                /* used to find the start when decoding */
+    int tmp_nl;                 /* If true, scan until '\n' */
+    int encode;
+    int start;                  /* have we started decoding yet? */
+    int cont;                   /* <= 0 when finished */
+    EVP_ENCODE_CTX *base64;
+    char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
+    char tmp[B64_BLOCK_SIZE];
+} BIO_B64_CTX;
+
+static const BIO_METHOD methods_b64 = {
+    BIO_TYPE_BASE64,
+    "base64 encoding",
+    b64_write,
+    b64_read,
+    b64_puts,
+    NULL,                       /* b64_gets, */
+    b64_ctrl,
+    b64_new,
+    b64_free,
+    b64_callback_ctrl,
+};
+
+
+const BIO_METHOD *BIO_f_base64(void)
+{
+    return &methods_b64;
+}
+
+static int b64_new(BIO *bi)
+{
+    BIO_B64_CTX *ctx;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return 0;
+
+    ctx->cont = 1;
+    ctx->start = 1;
+    ctx->base64 = EVP_ENCODE_CTX_new();
+    if (ctx->base64 == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int b64_free(BIO *a)
+{
+    BIO_B64_CTX *ctx;
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+    if (ctx == NULL)
+        return 0;
+
+    EVP_ENCODE_CTX_free(ctx->base64);
+    OPENSSL_free(ctx);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int b64_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
+    BIO_B64_CTX *ctx;
+    unsigned char *p, *q;
+    BIO *next;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_DECODE) {
+        ctx->encode = B64_DECODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_DecodeInit(ctx->base64);
+    }
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    ret_code = 0;
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]),
+                     B64_BLOCK_SIZE - ctx->tmp_len);
+
+        if (i <= 0) {
+            ret_code = i;
+
+            /* Should we continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                /* If buffer empty break */
+                if (ctx->tmp_len == 0)
+                    break;
+                /* Fall through and process what we have */
+                else
+                    i = 0;
+            }
+            /* else we retry and add more data to buffer */
+            else
+                break;
+        }
+        i += ctx->tmp_len;
+        ctx->tmp_len = i;
+
+        /*
+         * We need to scan, a line at a time until we have a valid line if we
+         * are starting.
+         */
+        if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
+            /* ctx->start=1; */
+            ctx->tmp_len = 0;
+        } else if (ctx->start) {
+            q = p = (unsigned char *)ctx->tmp;
+            num = 0;
+            for (j = 0; j < i; j++) {
+                if (*(q++) != '\n')
+                    continue;
+
+                /*
+                 * due to a previous very long line, we need to keep on
+                 * scanning for a '\n' before we even start looking for
+                 * base64 encoded stuff.
+                 */
+                if (ctx->tmp_nl) {
+                    p = q;
+                    ctx->tmp_nl = 0;
+                    continue;
+                }
+
+                k = EVP_DecodeUpdate(ctx->base64,
+                                     (unsigned char *)ctx->buf,
+                                     &num, p, q - p);
+                if ((k <= 0) && (num == 0) && (ctx->start))
+                    EVP_DecodeInit(ctx->base64);
+                else {
+                    if (p != (unsigned char *)
+                        &(ctx->tmp[0])) {
+                        i -= (p - (unsigned char *)
+                              &(ctx->tmp[0]));
+                        for (x = 0; x < i; x++)
+                            ctx->tmp[x] = p[x];
+                    }
+                    EVP_DecodeInit(ctx->base64);
+                    ctx->start = 0;
+                    break;
+                }
+                p = q;
+            }
+
+            /* we fell off the end without starting */
+            if ((j == i) && (num == 0)) {
+                /*
+                 * Is this is one long chunk?, if so, keep on reading until a
+                 * new line.
+                 */
+                if (p == (unsigned char *)&(ctx->tmp[0])) {
+                    /* Check buffer full */
+                    if (i == B64_BLOCK_SIZE) {
+                        ctx->tmp_nl = 1;
+                        ctx->tmp_len = 0;
+                    }
+                } else if (p != q) { /* finished on a '\n' */
+                    n = q - p;
+                    for (ii = 0; ii < n; ii++)
+                        ctx->tmp[ii] = p[ii];
+                    ctx->tmp_len = n;
+                }
+                /* else finished on a '\n' */
+                continue;
+            } else {
+                ctx->tmp_len = 0;
+            }
+        } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
+            /*
+             * If buffer isn't full and we can retry then restart to read in
+             * more data.
+             */
+            continue;
+        }
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            int z, jj;
+
+            jj = i & ~3;        /* process per 4 */
+            z = EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp, jj);
+            if (jj > 2) {
+                if (ctx->tmp[jj - 1] == '=') {
+                    z--;
+                    if (ctx->tmp[jj - 2] == '=')
+                        z--;
+                }
+            }
+            /*
+             * z is now number of output bytes and jj is the number consumed
+             */
+            if (jj != i) {
+                memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+                ctx->tmp_len = i - jj;
+            }
+            ctx->buf_len = 0;
+            if (z > 0) {
+                ctx->buf_len = z;
+            }
+            i = z;
+        } else {
+            i = EVP_DecodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)ctx->tmp, i);
+            ctx->tmp_len = 0;
+        }
+        /*
+         * If eof or an error was signalled, then the condition
+         * 'ctx->cont <= 0' will prevent b64_read() from reading
+         * more data on subsequent calls. This assignment was
+         * deleted accidentally in commit 5562cfaca4f3.
+         */
+        ctx->cont = i;
+
+        ctx->buf_off = 0;
+        if (i < 0) {
+            ret_code = 0;
+            ctx->buf_len = 0;
+            break;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        if (ctx->buf_off == ctx->buf_len) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+        outl -= i;
+        out += i;
+    }
+    /* BIO_clear_retry_flags(b); */
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ret_code : ret);
+}
+
+static int b64_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    int n;
+    int i;
+    BIO_B64_CTX *ctx;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_ENCODE) {
+        ctx->encode = B64_ENCODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_EncodeInit(ctx->base64);
+    }
+
+    OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return (i);
+        }
+        OPENSSL_assert(i <= n);
+        ctx->buf_off += i;
+        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+    ctx->buf_off = 0;
+    ctx->buf_len = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+
+    while (inl > 0) {
+        n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len > 0) {
+                OPENSSL_assert(ctx->tmp_len <= 3);
+                n = 3 - ctx->tmp_len;
+                /*
+                 * There's a theoretical possibility for this
+                 */
+                if (n > inl)
+                    n = inl;
+                memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+                ctx->tmp_len += n;
+                ret += n;
+                if (ctx->tmp_len < 3)
+                    break;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (unsigned char *)ctx->tmp, ctx->tmp_len);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                /*
+                 * Since we're now done using the temporary buffer, the
+                 * length should be 0'd
+                 */
+                ctx->tmp_len = 0;
+            } else {
+                if (n < 3) {
+                    memcpy(ctx->tmp, in, n);
+                    ctx->tmp_len = n;
+                    ret += n;
+                    break;
+                }
+                n -= n % 3;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (const unsigned char *)in, n);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                ret += n;
+            }
+        } else {
+            if (!EVP_EncodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)in, n))
+                return ((ret == 0) ? -1 : ret);
+            OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+            ret += n;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return ((ret == 0) ? i : ret);
+            }
+            OPENSSL_assert(i <= n);
+            n -= i;
+            ctx->buf_off += i;
+            OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    return (ret);
+}
+
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_B64_CTX *ctx;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->cont = 1;
+        ctx->start = 1;
+        ctx->encode = B64_NONE;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:    /* More to write in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if ((ret == 0) && (ctx->encode != B64_NONE)
+            && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
+            ret = 1;
+        else if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = b64_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len != 0) {
+                ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                               (unsigned char *)ctx->tmp,
+                                               ctx->tmp_len);
+                ctx->buf_off = 0;
+                ctx->tmp_len = 0;
+                goto again;
+            }
+        } else if (ctx->encode != B64_NONE
+                   && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
+            ctx->buf_off = 0;
+            EVP_EncodeFinal(ctx->base64,
+                            (unsigned char *)ctx->buf, &(ctx->buf_len));
+            /* push out the bytes */
+            goto again;
+        }
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_DUP:
+        break;
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_SET:
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int b64_puts(BIO *b, const char *str)
+{
+    return b64_write(b, str, strlen(str));
+}
diff --git a/openssl-1.1.0h/crypto/evp/bio_enc.c b/openssl-1.1.0h/crypto/evp/bio_enc.c
new file mode 100644
index 0000000..e62d1df
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/bio_enc.c
@@ -0,0 +1,450 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+/*
+ * static int enc_puts(BIO *h, const char *str);
+ */
+/*
+ * static int enc_gets(BIO *h, char *str, int size);
+ */
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
+#define ENC_BLOCK_SIZE  (1024*4)
+#define ENC_MIN_CHUNK   (256)
+#define BUF_OFFSET      (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
+
+typedef struct enc_struct {
+    int buf_len;
+    int buf_off;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    int ok;                     /* bad decrypt */
+    EVP_CIPHER_CTX *cipher;
+    unsigned char *read_start, *read_end;
+    /*
+     * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+     * up to a block more data than is presented to it
+     */
+    unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
+} BIO_ENC_CTX;
+
+static const BIO_METHOD methods_enc = {
+    BIO_TYPE_CIPHER,
+    "cipher",
+    enc_write,
+    enc_read,
+    NULL,                       /* enc_puts, */
+    NULL,                       /* enc_gets, */
+    enc_ctrl,
+    enc_new,
+    enc_free,
+    enc_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_cipher(void)
+{
+    return (&methods_enc);
+}
+
+static int enc_new(BIO *bi)
+{
+    BIO_ENC_CTX *ctx;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return 0;
+
+    ctx->cipher = EVP_CIPHER_CTX_new();
+    if (ctx->cipher == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->cont = 1;
+    ctx->ok = 1;
+    ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int enc_free(BIO *a)
+{
+    BIO_ENC_CTX *b;
+
+    if (a == NULL)
+        return 0;
+
+    b = BIO_get_data(a);
+    if (b == NULL)
+        return 0;
+
+    EVP_CIPHER_CTX_free(b->cipher);
+    OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int enc_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, blocksize;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return (0);
+    ctx = BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+    if (blocksize == 1)
+        blocksize = 0;
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        if (ctx->read_start == ctx->read_end) { /* time to read more data */
+            ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+            i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
+            if (i > 0)
+                ctx->read_end += i;
+        } else {
+            i = ctx->read_end - ctx->read_start;
+        }
+
+        if (i <= 0) {
+            /* Should be continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                i = EVP_CipherFinal_ex(ctx->cipher,
+                                       ctx->buf, &(ctx->buf_len));
+                ctx->ok = i;
+                ctx->buf_off = 0;
+            } else {
+                ret = (ret == 0) ? i : ret;
+                break;
+            }
+        } else {
+            if (outl > ENC_MIN_CHUNK) {
+                /*
+                 * Depending on flags block cipher decrypt can write
+                 * one extra block and then back off, i.e. output buffer
+                 * has to accommodate extra block...
+                 */
+                int j = outl - blocksize, buf_len;
+
+                if (!EVP_CipherUpdate(ctx->cipher,
+                                      (unsigned char *)out, &buf_len,
+                                      ctx->read_start, i > j ? j : i)) {
+                    BIO_clear_retry_flags(b);
+                    return 0;
+                }
+                ret += buf_len;
+                out += buf_len;
+                outl -= buf_len;
+
+                if ((i -= j) <= 0) {
+                    ctx->read_start = ctx->read_end;
+                    continue;
+                }
+                ctx->read_start += j;
+            }
+            if (i > ENC_MIN_CHUNK)
+                i = ENC_MIN_CHUNK;
+            if (!EVP_CipherUpdate(ctx->cipher,
+                                  ctx->buf, &ctx->buf_len,
+                                  ctx->read_start, i)) {
+                BIO_clear_retry_flags(b);
+                ctx->ok = 0;
+                return 0;
+            }
+            ctx->read_start += i;
+            ctx->cont = 1;
+            /*
+             * Note: it is possible for EVP_CipherUpdate to decrypt zero
+             * bytes because this is or looks like the final block: if this
+             * happens we should retry and either read more data or decrypt
+             * the final block
+             */
+            if (ctx->buf_len == 0)
+                continue;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+        if (i <= 0)
+            break;
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        outl -= i;
+        out += i;
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ctx->cont : ret);
+}
+
+static int enc_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = inl;
+
+    BIO_clear_retry_flags(b);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return (i);
+        }
+        ctx->buf_off += i;
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+
+    ctx->buf_off = 0;
+    while (inl > 0) {
+        n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+        if (!EVP_CipherUpdate(ctx->cipher,
+                              ctx->buf, &ctx->buf_len,
+                              (const unsigned char *)in, n)) {
+            BIO_clear_retry_flags(b);
+            ctx->ok = 0;
+            return 0;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return (ret == inl) ? i : ret - inl;
+            }
+            n -= i;
+            ctx->buf_off += i;
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_ENC_CTX *ctx, *dctx;
+    long ret = 1;
+    int i;
+    EVP_CIPHER_CTX **c_ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (ctx == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ok = 1;
+        ctx->finished = 0;
+        if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+                               EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+            return 0;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = enc_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+
+        if (!ctx->finished) {
+            ctx->finished = 1;
+            ctx->buf_off = 0;
+            ret = EVP_CipherFinal_ex(ctx->cipher,
+                                     (unsigned char *)ctx->buf,
+                                     &(ctx->buf_len));
+            ctx->ok = (int)ret;
+            if (ret <= 0)
+                break;
+
+            /* push out the bytes */
+            goto again;
+        }
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_CIPHER_STATUS:
+        ret = (long)ctx->ok;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_C_GET_CIPHER_CTX:
+        c_ctx = (EVP_CIPHER_CTX **)ptr;
+        *c_ctx = ctx->cipher;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dctx = BIO_get_data(dbio);
+        dctx->cipher = EVP_CIPHER_CTX_new();
+        if (dctx->cipher == NULL)
+            return 0;
+        ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
+        if (ret)
+            BIO_set_init(dbio, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+/*-
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+        {
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+*/
+
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                   const unsigned char *i, int e)
+{
+    BIO_ENC_CTX *ctx;
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    callback = BIO_get_callback(b);
+
+    if ((callback != NULL) &&
+            (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
+                      0L) <= 0))
+        return 0;
+
+    BIO_set_init(b, 1);
+
+    if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
+        return 0;
+
+    if (callback != NULL)
+        return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/evp/bio_md.c b/openssl-1.1.0h/crypto/evp/bio_md.c
new file mode 100644
index 0000000..2f0f283
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/bio_md.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+#include "internal/bio.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+/*
+ * static int md_puts(BIO *h, const char *str);
+ */
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD methods_md = {
+    BIO_TYPE_MD,
+    "message digest",
+    md_write,
+    md_read,
+    NULL,                       /* md_puts, */
+    md_gets,
+    md_ctrl,
+    md_new,
+    md_free,
+    md_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_md(void)
+{
+    return (&methods_md);
+}
+
+static int md_new(BIO *bi)
+{
+    EVP_MD_CTX *ctx;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return (0);
+
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int md_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    EVP_MD_CTX_free(BIO_get_data(a));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int md_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return (0);
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL))
+        return (0);
+
+    ret = BIO_read(next, out, outl);
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (EVP_DigestUpdate(ctx, (unsigned char *)out,
+                                 (unsigned int)ret) <= 0)
+                return (-1);
+        }
+    }
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static int md_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx != NULL) && (next != NULL))
+        ret = BIO_write(next, in, inl);
+
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
+                                  (unsigned int)ret)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    }
+    if (next != NULL) {
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+    }
+    return ret;
+}
+
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    EVP_MD_CTX *ctx, *dctx, **pctx;
+    const EVP_MD **ppmd;
+    EVP_MD *md;
+    long ret = 1;
+    BIO *dbio, *next;
+
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        if (BIO_get_init(b))
+            ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
+        else
+            ret = 0;
+        if (ret > 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = ctx->digest;
+        } else
+            ret = 0;
+        break;
+    case BIO_C_GET_MD_CTX:
+        pctx = ptr;
+        *pctx = ctx;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_SET_MD_CTX:
+        if (BIO_get_init(b))
+            BIO_set_data(b, ptr);
+        else
+            ret = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_C_SET_MD:
+        md = ptr;
+        ret = EVP_DigestInit_ex(ctx, md, NULL);
+        if (ret > 0)
+            BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = ptr;
+        dctx = BIO_get_data(dbio);
+        if (!EVP_MD_CTX_copy_ex(dctx, ctx))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int md_gets(BIO *bp, char *buf, int size)
+{
+    EVP_MD_CTX *ctx;
+    unsigned int ret;
+
+    ctx = BIO_get_data(bp);
+
+    if (size < ctx->digest->md_size)
+        return 0;
+
+    if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
+        return -1;
+
+    return ((int)ret);
+}
diff --git a/openssl-1.1.0h/crypto/evp/bio_ok.c b/openssl-1.1.0h/crypto/evp/bio_ok.c
new file mode 100644
index 0000000..b156e62
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/bio_ok.c
@@ -0,0 +1,605 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+        From: Arne Ansper <arne@cyber.ee>
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all.
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output.
+
+        The easy way is to push the BIO_f_md and save the checksum at
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data.
+        2) you need lot's of memory when reading the file, because you
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data.
+
+        BIO_f_reliable tries to solve both problems, so that you can
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only
+        several Kbytes of memory to buffer single block before verifying
+        it's digest.
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include "internal/evp_int.h"
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static __owur int sig_out(BIO *b);
+static __owur int sig_in(BIO *b);
+static __owur int block_out(BIO *b);
+static __owur int block_in(BIO *b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct {
+    size_t buf_len;
+    size_t buf_off;
+    size_t buf_len_save;
+    size_t buf_off_save;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    EVP_MD_CTX *md;
+    int blockout;               /* output block is ready */
+    int sigio;                  /* must process signature */
+    unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static const BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER,
+    "reliable",
+    ok_write,
+    ok_read,
+    NULL,                       /* ok_puts, */
+    NULL,                       /* ok_gets, */
+    ok_ctrl,
+    ok_new,
+    ok_free,
+    ok_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_reliable(void)
+{
+    return (&methods_ok);
+}
+
+static int ok_new(BIO *bi)
+{
+    BIO_OK_CTX *ctx;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return 0;
+
+    ctx->cont = 1;
+    ctx->sigio = 1;
+    ctx->md = EVP_MD_CTX_new();
+    if (ctx->md == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int ok_free(BIO *a)
+{
+    BIO_OK_CTX *ctx;
+
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+
+    EVP_MD_CTX_free(ctx->md);
+    OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ok_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, n;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
+
+    while (outl > 0) {
+
+        /* copy clean bytes to output buffer */
+        if (ctx->blockout) {
+            i = ctx->buf_len - ctx->buf_off;
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+            ret += i;
+            out += i;
+            outl -= i;
+            ctx->buf_off += i;
+
+            /* all clean bytes are out */
+            if (ctx->buf_len == ctx->buf_off) {
+                ctx->buf_off = 0;
+
+                /*
+                 * copy start of the next block into proper place
+                 */
+                if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                            ctx->buf_len);
+                } else {
+                    ctx->buf_len = 0;
+                }
+                ctx->blockout = 0;
+            }
+        }
+
+        /* output buffer full -- cancel */
+        if (outl == 0)
+            break;
+
+        /* no clean bytes in buffer -- fill it */
+        n = IOBS - ctx->buf_len;
+        i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
+
+        if (i <= 0)
+            break;              /* nothing new */
+
+        ctx->buf_len += i;
+
+        /* no signature yet -- check if we got one */
+        if (ctx->sigio == 1) {
+            if (!sig_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* signature ok -- check if we got block */
+        if (ctx->sigio == 0) {
+            if (!block_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* invalid block -- cancel */
+        if (ctx->cont <= 0)
+            break;
+
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int ok_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (inl <= 0)
+        return inl;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    ret = inl;
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return (0);
+
+    if (ctx->sigio && !sig_out(b))
+        return 0;
+
+    do {
+        BIO_clear_retry_flags(b);
+        n = ctx->buf_len - ctx->buf_off;
+        while (ctx->blockout && n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (!BIO_should_retry(b))
+                    ctx->cont = 0;
+                return (i);
+            }
+            ctx->buf_off += i;
+            n -= i;
+        }
+
+        /* at this point all pending data has been written */
+        ctx->blockout = 0;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = OK_BLOCK_BLOCK;
+            ctx->buf_off = 0;
+        }
+
+        if ((in == NULL) || (inl <= 0))
+            return (0);
+
+        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+        memcpy(&ctx->buf[ctx->buf_len], in, n);
+        ctx->buf_len += n;
+        inl -= n;
+        in += n;
+
+        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+            if (!block_out(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    } while (inl > 0);
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD *md;
+    const EVP_MD **ppmd;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->buf_len_save = 0;
+        ctx->buf_off_save = 0;
+        ctx->cont = 1;
+        ctx->finished = 0;
+        ctx->blockout = 0;
+        ctx->sigio = 1;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+    case BIO_CTRL_WPENDING:    /* More to read in buffer */
+        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+        if (ctx->blockout == 0)
+            if (!block_out(b))
+                return 0;
+
+        while (ctx->blockout) {
+            i = ok_write(b, NULL, 0);
+            if (i < 0) {
+                ret = i;
+                break;
+            }
+        }
+
+        ctx->finished = 1;
+        ctx->buf_off = ctx->buf_len = 0;
+        ctx->cont = (int)ret;
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->cont;
+        break;
+    case BIO_C_SET_MD:
+        md = ptr;
+        if (!EVP_DigestInit_ex(ctx->md, md, NULL))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = EVP_MD_CTX_md(ctx->md);
+        } else
+            ret = 0;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+
+    return ret;
+}
+
+static void longswap(void *_ptr, size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little) {
+        size_t i;
+        unsigned char *p = _ptr, c;
+
+        for (i = 0; i < len; i += 4) {
+            c = p[0], p[0] = p[3], p[3] = c;
+            c = p[1], p[1] = p[2], p[2] = c;
+        }
+    }
+}
+
+static int sig_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    /*
+     * FIXME: there's absolutely no guarantee this makes any sense at all,
+     * particularly now EVP_MD_CTX has been restructured.
+     */
+    if (RAND_bytes(md_data, md_size) <= 0)
+        goto berr;
+    memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md_size);
+    ctx->buf_len += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    ctx->sigio = 0;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int sig_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int ret = 0;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size);
+    longswap(md_data, md_size);
+    ctx->buf_off += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0;
+    ctx->buf_off += md_size;
+    if (ret == 1) {
+        ctx->sigio = 0;
+        if (ctx->buf_len != ctx->buf_off) {
+            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+                    ctx->buf_len - ctx->buf_off);
+        }
+        ctx->buf_len -= ctx->buf_off;
+        ctx->buf_off = 0;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl;
+    const EVP_MD *digest;
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+
+    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    ctx->buf[0] = (unsigned char)(tl >> 24);
+    ctx->buf[1] = (unsigned char)(tl >> 16);
+    ctx->buf[2] = (unsigned char)(tl >> 8);
+    ctx->buf[3] = (unsigned char)(tl);
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl = 0;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    md_size = EVP_MD_size(EVP_MD_CTX_md(md));
+
+    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+    tl = ctx->buf[0];
+    tl <<= 8;
+    tl |= ctx->buf[1];
+    tl <<= 8;
+    tl |= ctx->buf[2];
+    tl <<= 8;
+    tl |= ctx->buf[3];
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
+        return 1;
+
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
+        /* there might be parts from next block lurking around ! */
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
+        ctx->buf_len_save = ctx->buf_len;
+        ctx->buf_off = OK_BLOCK_BLOCK;
+        ctx->buf_len = tl + OK_BLOCK_BLOCK;
+        ctx->blockout = 1;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/evp/build.info b/openssl-1.1.0h/crypto/evp/build.info
new file mode 100644
index 0000000..bf633dc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/build.info
@@ -0,0 +1,22 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+        e_rc4.c e_aes.c names.c e_seed.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
+        m_md5_sha1.c m_mdc2.c m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
+        e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
+        e_chacha20_poly1305.c cmeth_lib.c
+
+INCLUDE[e_aes.o]=.. ../modes
+INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
+INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes
+INCLUDE[e_camellia.o]=.. ../modes
+INCLUDE[e_des.o]=..
+INCLUDE[e_des3.o]=..
diff --git a/openssl-1.1.0h/crypto/evp/c_allc.c b/openssl-1.1.0h/crypto/evp/c_allc.c
new file mode 100644
index 0000000..6ed31ed
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/c_allc.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <internal/evp_int.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_ciphers_int(void)
+{
+
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cfb());
+    EVP_add_cipher(EVP_des_cfb1());
+    EVP_add_cipher(EVP_des_cfb8());
+    EVP_add_cipher(EVP_des_ede_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb1());
+    EVP_add_cipher(EVP_des_ede3_cfb8());
+
+    EVP_add_cipher(EVP_des_ofb());
+    EVP_add_cipher(EVP_des_ede_ofb());
+    EVP_add_cipher(EVP_des_ede3_ofb());
+
+    EVP_add_cipher(EVP_desx_cbc());
+    EVP_add_cipher_alias(SN_desx_cbc, "DESX");
+    EVP_add_cipher_alias(SN_desx_cbc, "desx");
+
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher_alias(SN_des_cbc, "DES");
+    EVP_add_cipher_alias(SN_des_cbc, "des");
+    EVP_add_cipher(EVP_des_ede_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+    EVP_add_cipher(EVP_des_ecb());
+    EVP_add_cipher(EVP_des_ede());
+    EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+    EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
+    EVP_add_cipher(EVP_des_ede3());
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
+    EVP_add_cipher(EVP_des_ede3_wrap());
+    EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
+#endif
+
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+    EVP_add_cipher(EVP_rc4_40());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_ecb());
+    EVP_add_cipher(EVP_idea_cfb());
+    EVP_add_cipher(EVP_idea_ofb());
+    EVP_add_cipher(EVP_idea_cbc());
+    EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
+    EVP_add_cipher_alias(SN_idea_cbc, "idea");
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_ecb());
+    EVP_add_cipher(EVP_seed_cfb());
+    EVP_add_cipher(EVP_seed_ofb());
+    EVP_add_cipher(EVP_seed_cbc());
+    EVP_add_cipher_alias(SN_seed_cbc, "SEED");
+    EVP_add_cipher_alias(SN_seed_cbc, "seed");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_ecb());
+    EVP_add_cipher(EVP_rc2_cfb());
+    EVP_add_cipher(EVP_rc2_ofb());
+    EVP_add_cipher(EVP_rc2_cbc());
+    EVP_add_cipher(EVP_rc2_40_cbc());
+    EVP_add_cipher(EVP_rc2_64_cbc());
+    EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
+    EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
+    EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
+#endif
+
+#ifndef OPENSSL_NO_BF
+    EVP_add_cipher(EVP_bf_ecb());
+    EVP_add_cipher(EVP_bf_cfb());
+    EVP_add_cipher(EVP_bf_ofb());
+    EVP_add_cipher(EVP_bf_cbc());
+    EVP_add_cipher_alias(SN_bf_cbc, "BF");
+    EVP_add_cipher_alias(SN_bf_cbc, "bf");
+    EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+    EVP_add_cipher(EVP_cast5_ecb());
+    EVP_add_cipher(EVP_cast5_cfb());
+    EVP_add_cipher(EVP_cast5_ofb());
+    EVP_add_cipher(EVP_cast5_cbc());
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast");
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+    EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+    EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+    EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
+    EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
+#endif
+
+    EVP_add_cipher(EVP_aes_128_ecb());
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_128_cfb());
+    EVP_add_cipher(EVP_aes_128_cfb1());
+    EVP_add_cipher(EVP_aes_128_cfb8());
+    EVP_add_cipher(EVP_aes_128_ofb());
+    EVP_add_cipher(EVP_aes_128_ctr());
+    EVP_add_cipher(EVP_aes_128_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_128_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_128_xts());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_128_wrap());
+    EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+    EVP_add_cipher(EVP_aes_128_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+    EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+    EVP_add_cipher(EVP_aes_192_ecb());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_192_cfb());
+    EVP_add_cipher(EVP_aes_192_cfb1());
+    EVP_add_cipher(EVP_aes_192_cfb8());
+    EVP_add_cipher(EVP_aes_192_ofb());
+    EVP_add_cipher(EVP_aes_192_ctr());
+    EVP_add_cipher(EVP_aes_192_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_192_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_192_ccm());
+    EVP_add_cipher(EVP_aes_192_wrap());
+    EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+    EVP_add_cipher(EVP_aes_192_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+    EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+    EVP_add_cipher(EVP_aes_256_ecb());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_256_cfb());
+    EVP_add_cipher(EVP_aes_256_cfb1());
+    EVP_add_cipher(EVP_aes_256_cfb8());
+    EVP_add_cipher(EVP_aes_256_ofb());
+    EVP_add_cipher(EVP_aes_256_ctr());
+    EVP_add_cipher(EVP_aes_256_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_256_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_256_xts());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_256_wrap());
+    EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+    EVP_add_cipher(EVP_aes_256_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+    EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_ecb());
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_128_cfb());
+    EVP_add_cipher(EVP_camellia_128_cfb1());
+    EVP_add_cipher(EVP_camellia_128_cfb8());
+    EVP_add_cipher(EVP_camellia_128_ofb());
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
+    EVP_add_cipher(EVP_camellia_192_ecb());
+    EVP_add_cipher(EVP_camellia_192_cbc());
+    EVP_add_cipher(EVP_camellia_192_cfb());
+    EVP_add_cipher(EVP_camellia_192_cfb1());
+    EVP_add_cipher(EVP_camellia_192_cfb8());
+    EVP_add_cipher(EVP_camellia_192_ofb());
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
+    EVP_add_cipher(EVP_camellia_256_ecb());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+    EVP_add_cipher(EVP_camellia_256_cfb());
+    EVP_add_cipher(EVP_camellia_256_cfb1());
+    EVP_add_cipher(EVP_camellia_256_cfb8());
+    EVP_add_cipher(EVP_camellia_256_ofb());
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+    EVP_add_cipher(EVP_camellia_128_ctr());
+    EVP_add_cipher(EVP_camellia_192_ctr());
+    EVP_add_cipher(EVP_camellia_256_ctr());
+#endif
+
+#ifndef OPENSSL_NO_CHACHA
+    EVP_add_cipher(EVP_chacha20());
+# ifndef OPENSSL_NO_POLY1305
+    EVP_add_cipher(EVP_chacha20_poly1305());
+# endif
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/evp/c_alld.c b/openssl-1.1.0h/crypto/evp/c_alld.c
new file mode 100644
index 0000000..ec79734
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/c_alld.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <internal/evp_int.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_digests_int(void)
+{
+#ifndef OPENSSL_NO_MD4
+    EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1());
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+    EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RMD160
+    EVP_add_digest(EVP_ripemd160());
+    EVP_add_digest_alias(SN_ripemd160, "ripemd");
+    EVP_add_digest_alias(SN_ripemd160, "rmd160");
+#endif
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+#ifndef OPENSSL_NO_WHIRLPOOL
+    EVP_add_digest(EVP_whirlpool());
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    EVP_add_digest(EVP_blake2b512());
+    EVP_add_digest(EVP_blake2s256());
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/evp/cmeth_lib.c b/openssl-1.1.0h/crypto/evp/cmeth_lib.c
new file mode 100644
index 0000000..e2295c4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/cmeth_lib.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+    if (cipher != NULL) {
+        cipher->nid = cipher_type;
+        cipher->block_size = block_size;
+        cipher->key_len = key_len;
+    }
+    return cipher;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
+                                         cipher->key_len);
+
+    if (to != NULL)
+        memcpy(to, cipher, sizeof(*to));
+    return to;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+    OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+    cipher->iv_len = iv_len;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+    cipher->flags = flags;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
+{
+    cipher->ctx_size = ctx_size;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc))
+{
+    cipher->init = init;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl))
+{
+    cipher->do_cipher = do_cipher;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *))
+{
+    cipher->cleanup = cleanup;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->set_asn1_parameters = set_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->get_asn1_parameters = get_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr))
+{
+    cipher->ctrl = ctrl;
+    return 1;
+}
+
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc)
+{
+    return cipher->init;
+}
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl)
+{
+    return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+    return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *)
+{
+    return cipher->set_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *)
+{
+    return cipher->get_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr)
+{
+    return cipher->ctrl;
+}
+
diff --git a/openssl-1.1.0h/crypto/evp/digest.c b/openssl-1.1.0h/crypto/evp/digest.c
new file mode 100644
index 0000000..65eff7c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/digest.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+    if (ctx == NULL)
+        return 1;
+
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    if (ctx->digest && ctx->digest->cleanup
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+        ctx->digest->cleanup(ctx);
+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+    }
+    EVP_PKEY_CTX_free(ctx->pctx);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return 1;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+{
+    EVP_MD_CTX_reset(ctx);
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+{
+    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->digest &&
+        (type == NULL || (type->type == ctx->digest->type)))
+        goto skip_to_init;
+    if (type) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        ENGINE_finish(ctx->engine);
+        if (impl != NULL) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else {
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine(type->type);
+        }
+        if (impl != NULL) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+
+            if (d == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                ENGINE_finish(impl);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            type = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else {
+        if (!ctx->digest) {
+            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+            return 0;
+        }
+        type = ctx->digest;
+    }
+#endif
+    if (ctx->digest != type) {
+        if (ctx->digest && ctx->digest->ctx_size) {
+            OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+            ctx->md_data = NULL;
+        }
+        ctx->digest = type;
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
+            ctx->update = type->update;
+            ctx->md_data = OPENSSL_zalloc(type->ctx_size);
+            if (ctx->md_data == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    if (ctx->pctx) {
+        int r;
+        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+        if (r <= 0 && (r != -2))
+            return 0;
+    }
+    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+        return 1;
+    return ctx->digest->init(ctx);
+}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return ctx->update(ctx, data, count);
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+    ret = EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_reset(ctx);
+    return ret;
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+
+    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+    ret = ctx->digest->final(ctx, md);
+    if (size != NULL)
+        *size = ctx->digest->md_size;
+    if (ctx->digest->cleanup) {
+        ctx->digest->cleanup(ctx);
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+    }
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    return ret;
+}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    EVP_MD_CTX_reset(out);
+    return EVP_MD_CTX_copy_ex(out, in);
+}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    unsigned char *tmp_buf;
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a digest context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    if (out->digest == in->digest) {
+        tmp_buf = out->md_data;
+        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+    } else
+        tmp_buf = NULL;
+    EVP_MD_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    /* Null these variables, since they are getting fixed up
+     * properly below.  Anything else may cause a memleak and/or
+     * double free if any of the memory allocations below fail
+     */
+    out->md_data = NULL;
+    out->pctx = NULL;
+
+    if (in->md_data && out->digest->ctx_size) {
+        if (tmp_buf)
+            out->md_data = tmp_buf;
+        else {
+            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+            if (out->md_data == NULL) {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+    }
+
+    out->update = in->update;
+
+    if (in->pctx) {
+        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+        if (!out->pctx) {
+            EVP_MD_CTX_reset(out);
+            return 0;
+        }
+    }
+
+    if (out->digest->copy)
+        return out->digest->copy(out, in);
+
+    return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+               unsigned char *md, unsigned int *size, const EVP_MD *type,
+               ENGINE *impl)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int ret;
+
+    if (ctx == NULL)
+        return 0;
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(ctx, type, impl)
+        && EVP_DigestUpdate(ctx, data, count)
+        && EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+    if (ctx->digest && ctx->digest->md_ctrl) {
+        int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+        if (ret <= 0)
+            return 0;
+        return 1;
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/evp/e_aes.c b/openssl-1.1.0h/crypto/evp/e_aes.c
new file mode 100644
index 0000000..3f36d70
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_aes.c
@@ -0,0 +1,2705 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "internal/evp_int.h"
+#include "modes_lcl.h"
+#include <openssl/rand.h>
+#include "evp_locl.h"
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_AES_KEY;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+    ctr128_f ctr;
+} EVP_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks1, ks2;                 /* AES key schedules to use */
+    XTS128_CONTEXT xts;
+    void (*stream) (const unsigned char *in,
+                    unsigned char *out, size_t length,
+                    const AES_KEY *key1, const AES_KEY *key2,
+                    const unsigned char iv[16]);
+} EVP_AES_XTS_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_AES_CCM_CTX;
+
+#ifndef OPENSSL_NO_OCB
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ksenc;                    /* AES key schedule to use for encryption */
+    union {
+        double align;
+        AES_KEY ks;
+    } ksdec;                    /* AES key schedule to use for decryption */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    OCB128_CONTEXT ocb;
+    unsigned char *iv;          /* Temporary IV store */
+    unsigned char tag[16];
+    unsigned char data_buf[16]; /* Store partial data blocks */
+    unsigned char aad_buf[16];  /* Store partial AAD blocks */
+    int data_buf_len;
+    int aad_buf_len;
+    int ivlen;                  /* IV length */
+    int taglen;
+} EVP_AES_OCB_CTX;
+#endif
+
+#define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void vpaes_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+#endif
+#ifdef BSAES_ASM
+void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char ivec[16], int enc);
+void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+#ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const AES_KEY *key,
+                       const unsigned char ivec[AES_BLOCK_SIZE]);
+#endif
+#ifdef AES_XTS_ASM
+void AES_xts_encrypt(const char *inp, char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+void AES_xts_decrypt(const char *inp, char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "ppc_arch.h"
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
+# endif
+# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+#endif
+
+#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+        ((defined(__i386)       || defined(__i386__)    || \
+          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+/*
+ * AES-NI section
+ */
+# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length, const AES_KEY *key, int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key, const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+size_t aesni_gcm_encrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_encrypt aesni_gcm_encrypt
+size_t aesni_gcm_decrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_decrypt aesni_gcm_decrypt
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
+                   size_t len);
+#  define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  undef AES_GCM_ASM2          /* minor size optimization */
+# endif
+
+static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                          const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) aesni_cbc_encrypt : NULL;
+    } else {
+        ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_encrypt;
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
+        else if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        else
+            dat->stream.cbc = NULL;
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_iv_noconst(ctx),
+                      EVP_CIPHER_CTX_encrypting(ctx));
+
+    return 1;
+}
+
+static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+
+    if (len < bl)
+        return 1;
+
+    aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_encrypting(ctx));
+
+    return 1;
+}
+
+# define aesni_ofb_cipher aes_ofb_cipher
+static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb_cipher aes_cfb_cipher
+static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb8_cipher aes_cfb8_cipher
+static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_cfb1_cipher aes_cfb1_cipher
+static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_ctr_cipher aes_ctr_cipher
+static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+        gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aesni_gcm_cipher aes_gcm_cipher
+static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        /* key_len is two AES keys */
+        if (enc) {
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_encrypt;
+            xctx->stream = aesni_xts_encrypt;
+        } else {
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_decrypt;
+            xctx->stream = aesni_xts_decrypt;
+        }
+
+        aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                              EVP_CIPHER_CTX_key_length(ctx) * 4,
+                              &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aesni_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aesni_xts_cipher aes_xts_cipher
+static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aesni_encrypt);
+        cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
+            (ccm128_f) aesni_ccm64_decrypt_blocks;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aesni_ccm_cipher aes_ccm_cipher
+static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+
+static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksenc.ks);
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aesni_encrypt,
+                                    (block128_f) aesni_decrypt,
+                                    enc ? aesni_ocb_encrypt
+                                        : aesni_ocb_decrypt))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aesni_ocb_cipher aes_ocb_cipher
+static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_init_key,                 \
+        aesni_##mode##_cipher,          \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_##mode##_init_key,        \
+        aesni_##mode##_cipher,          \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+# include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+/*
+ * Initial Fujitsu SPARC64 X support
+ */
+# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+
+void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+/*
+ * Key-length specific subroutines were chosen for following reason.
+ * Each SPARC T4 core can execute up to 8 threads which share core's
+ * resources. Loading as much key material to registers allows to
+ * minimize references to shared memory interface, as well as amount
+ * of instructions in inner loops [much needed on T4]. But then having
+ * non-key-length specific routines would require conditional branches
+ * either in inner loops or on subroutines' entries. Former is hardly
+ * acceptable, while latter means code size increase to size occupied
+ * by multiple key-length specific subroutines, so why fight?
+ */
+void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+
+static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                           const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes192_t4_cbc_decrypt : NULL;
+            break;
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# define aes_t4_cbc_cipher aes_cbc_cipher
+static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ecb_cipher aes_ecb_cipher
+static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ofb_cipher aes_ofb_cipher
+static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb_cipher aes_cfb_cipher
+static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb8_cipher aes_cfb8_cipher
+static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_cfb1_cipher aes_cfb1_cipher
+static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_ctr_cipher aes_ctr_cipher
+static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aes_t4_encrypt);
+        switch (bits) {
+        case 128:
+            gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            break;
+        case 192:
+            gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            break;
+        case 256:
+            gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            break;
+        default:
+            return 0;
+        }
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aes_t4_gcm_cipher aes_gcm_cipher
+static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
+        xctx->stream = NULL;
+        /* key_len is two AES keys */
+        if (enc) {
+            aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_encrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_encrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_encrypt;
+                break;
+            default:
+                return 0;
+            }
+        } else {
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                   &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_decrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_decrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_decrypt;
+                break;
+            default:
+                return 0;
+            }
+        }
+
+        aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                               EVP_CIPHER_CTX_key_length(ctx) * 4,
+                               &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aes_t4_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aes_t4_xts_cipher aes_xts_cipher
+static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aes_t4_encrypt);
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aes_t4_ccm_cipher aes_ccm_cipher
+static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksenc.ks);
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aes_t4_encrypt,
+                                    (block128_f) aes_t4_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aes_t4_ocb_cipher aes_ocb_cipher
+static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_init_key,                \
+        aes_t4_##mode##_cipher,         \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_##mode##_init_key,       \
+        aes_t4_##mode##_cipher,         \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#else
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+#  if defined(BSAES_ASM)
+#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  if defined(VPAES_ASM)
+#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+#  define HWAES_encrypt aes_v8_encrypt
+#  define HWAES_decrypt aes_v8_decrypt
+#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+# endif
+#endif
+
+#if defined(HWAES_CAPABLE)
+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char *ivec, const int enc);
+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+#ifdef HWAES_CAPABLE
+        if (HWAES_CAPABLE) {
+            ret = HWAES_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) HWAES_decrypt;
+            dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+# endif
+        } else
+#endif
+#ifdef BSAES_CAPABLE
+        if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+            ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+        } else
+#endif
+#ifdef VPAES_CAPABLE
+        if (VPAES_CAPABLE) {
+            ret = vpaes_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) vpaes_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) vpaes_cbc_encrypt : NULL;
+        } else
+#endif
+        {
+            ret = AES_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) AES_cbc_encrypt : NULL;
+        }
+    } else
+#ifdef HWAES_CAPABLE
+    if (HWAES_CAPABLE) {
+        ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) HWAES_encrypt;
+        dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+        else
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+        else
+# endif
+            (void)0;            /* terminate potentially open 'else' */
+    } else
+#endif
+#ifdef BSAES_CAPABLE
+    if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+    } else
+#endif
+#ifdef VPAES_CAPABLE
+    if (VPAES_CAPABLE) {
+        ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) vpaes_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) vpaes_cbc_encrypt : NULL;
+    } else
+#endif
+    {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) AES_cbc_encrypt : NULL;
+#ifdef AES_CTR_ASM
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;
+#endif
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx),
+                                    &num, dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    if (gctx == NULL)
+        return 0;
+    OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+        OPENSSL_free(gctx->iv);
+    return 1;
+}
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+                OPENSSL_free(gctx->iv);
+            gctx->iv = OPENSSL_malloc(arg);
+            if (gctx->iv == NULL)
+                return 0;
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (EVP_CIPHER_CTX_encrypting(c)
+            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0
+            || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            else {
+                gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
+                if (gctx_out->iv == NULL)
+                    return 0;
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) HWAES_encrypt);
+# ifdef HWAES_ctr32_encrypt_blocks
+                gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+# else
+                gctx->ctr = NULL;
+# endif
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE) {
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) AES_encrypt);
+                gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) vpaes_encrypt);
+                gctx->ctr = NULL;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &gctx->ks.ks);
+            CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                               (block128_f) AES_encrypt);
+#ifdef AES_CTR_ASM
+            gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
+#else
+            gctx->ctr = NULL;
+#endif
+        } while (0);
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*
+ * Handle TLS GCM packet format. This consists of the last portion of the IV
+ * followed by the payload and finally the tag. On encrypt generate IV,
+ * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
+ * and verify tag.
+ */
+
+static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    int rv = -1;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        /* Encrypt payload */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 32 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 16 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 32 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        } else {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 16 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        }
+        return len;
+    } else {
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (gctx->taglen < 0)
+                return -1;
+            if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                     EVP_CIPHER_CTX_buf_noconst(ctx),
+                                     gctx->taglen) != 0)
+                return -1;
+            gctx->iv_set = 0;
+            return 0;
+        }
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+        gctx->taglen = 16;
+        /* Don't reuse the IV */
+        gctx->iv_set = 0;
+        return 0;
+    }
+
+}
+
+#define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                | EVP_CIPH_CUSTOM_COPY)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);
+    if (type == EVP_CTRL_COPY) {
+        EVP_CIPHER_CTX *out = ptr;
+        EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
+        if (xctx->xts.key1) {
+            if (xctx->xts.key1 != &xctx->ks1)
+                return 0;
+            xctx_out->xts.key1 = &xctx_out->ks1;
+        }
+        if (xctx->xts.key2) {
+            if (xctx->xts.key2 != &xctx->ks2)
+                return 0;
+            xctx_out->xts.key2 = &xctx_out->ks2;
+        }
+        return 1;
+    } else if (type != EVP_CTRL_INIT)
+        return -1;
+    /* key1 and key2 are used as an indicator both key and IV are set */
+    xctx->xts.key1 = NULL;
+    xctx->xts.key2 = NULL;
+    return 1;
+}
+
+static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+
+    if (key)
+        do {
+#ifdef AES_XTS_ASM
+            xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
+#else
+            xctx->stream = NULL;
+#endif
+            /* key_len is two AES keys */
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                if (enc) {
+                    HWAES_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+                    xctx->stream = HWAES_xts_encrypt;
+# endif
+                } else {
+                    HWAES_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+                    xctx->stream = HWAES_xts_decrypt;
+#endif
+                }
+
+                HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) HWAES_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE)
+                xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
+            else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                if (enc) {
+                    vpaes_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_encrypt;
+                } else {
+                    vpaes_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_decrypt;
+                }
+
+                vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) vpaes_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            if (enc) {
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_encrypt;
+            } else {
+                AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_decrypt;
+            }
+
+            AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                &xctx->ks2.ks);
+            xctx->xts.block2 = (block128_f) AES_encrypt;
+
+            xctx->xts.key1 = &xctx->ks1;
+        } while (0);
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!xctx->xts.key1 || !xctx->xts.key2)
+        return 0;
+    if (!out || !in || len < AES_BLOCK_SIZE)
+        return 0;
+    if (xctx->stream)
+        (*xctx->stream) (in, out, len,
+                         xctx->xts.key1, xctx->xts.key2,
+                         EVP_CIPHER_CTX_iv_noconst(ctx));
+    else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                   in, out, len,
+                                   EVP_CIPHER_CTX_encrypting(ctx)))
+        return 0;
+    return 1;
+}
+
+#define aes_xts_cleanup NULL
+
+#define XTS_FLAGS       (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+                         | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                         | EVP_CIPH_CUSTOM_COPY)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key)
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) HWAES_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) vpaes_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            }
+#endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &cctx->ks.ks);
+            CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                               &cctx->ks, (block128_f) AES_encrypt);
+            cctx->str = NULL;
+            cctx->key_set = 1;
+        } while (0);
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aes_ccm_tls_cipher(ctx, out, in, len);
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+    /* EVP_*Final() doesn't return any data */
+    if (!in)
+        return 0;
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define aes_ccm_cleanup NULL
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    /* Indicates if IV has been set */
+    unsigned char *iv;
+} EVP_AES_WRAP_CTX;
+
+static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        else
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        if (!iv)
+            wctx->iv = NULL;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
+        wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    }
+    return 1;
+}
+
+static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inlen)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    size_t rv;
+    /* AES wrap with padding has IV length of 4, without padding 8 */
+    int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+    /* No final operation so always return zero length */
+    if (!in)
+        return 0;
+    /* Input length must always be non-zero */
+    if (!inlen)
+        return -1;
+    /* If decrypting need at least 16 bytes and multiple of 8 */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
+        return -1;
+    /* If not padding input must be multiple of 8 */
+    if (!pad && inlen & 0x7)
+        return -1;
+    if (is_partially_overlapping(out, in, inlen)) {
+        EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+    if (!out) {
+        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            /* If padding round up to multiple of 8 */
+            if (pad)
+                inlen = (inlen + 7) / 8 * 8;
+            /* 8 byte prefix */
+            return inlen + 8;
+        } else {
+            /*
+             * If not padding output will be exactly 8 bytes smaller than
+             * input. If padding it will be at least 8 bytes smaller but we
+             * don't know how much.
+             */
+            return inlen - 8;
+        }
+    }
+    if (pad) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
+                                     out, in, inlen,
+                                     (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
+                                       out, in, inlen,
+                                       (block128_f) AES_decrypt);
+    } else {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
+                                 out, in, inlen, (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
+                                   out, in, inlen, (block128_f) AES_decrypt);
+    }
+    return rv ? (int)rv : -1;
+}
+
+#define WRAP_FLAGS      (EVP_CIPH_WRAP_MODE \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+static const EVP_CIPHER aes_128_wrap = {
+    NID_id_aes128_wrap,
+    8, 16, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap(void)
+{
+    return &aes_128_wrap;
+}
+
+static const EVP_CIPHER aes_192_wrap = {
+    NID_id_aes192_wrap,
+    8, 24, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap(void)
+{
+    return &aes_192_wrap;
+}
+
+static const EVP_CIPHER aes_256_wrap = {
+    NID_id_aes256_wrap,
+    8, 32, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap(void)
+{
+    return &aes_256_wrap;
+}
+
+static const EVP_CIPHER aes_128_wrap_pad = {
+    NID_id_aes128_wrap_pad,
+    8, 16, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
+{
+    return &aes_128_wrap_pad;
+}
+
+static const EVP_CIPHER aes_192_wrap_pad = {
+    NID_id_aes192_wrap_pad,
+    8, 24, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
+{
+    return &aes_192_wrap_pad;
+}
+
+static const EVP_CIPHER aes_256_wrap_pad = {
+    NID_id_aes256_wrap_pad,
+    8, 32, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
+{
+    return &aes_256_wrap_pad;
+}
+
+#ifndef OPENSSL_NO_OCB
+static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    EVP_CIPHER_CTX *newc;
+    EVP_AES_OCB_CTX *new_octx;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        octx->key_set = 0;
+        octx->iv_set = 0;
+        octx->ivlen = EVP_CIPHER_CTX_iv_length(c);
+        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        octx->taglen = 16;
+        octx->data_buf_len = 0;
+        octx->aad_buf_len = 0;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        /* IV len must be 1 to 15 */
+        if (arg <= 0 || arg > 15)
+            return 0;
+
+        octx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (!ptr) {
+            /* Tag len must be 0 to 16 */
+            if (arg < 0 || arg > 16)
+                return 0;
+
+            octx->taglen = arg;
+            return 1;
+        }
+        if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(octx->tag, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+
+        memcpy(ptr, octx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        newc = (EVP_CIPHER_CTX *)ptr;
+        new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);
+        return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
+                                      &new_octx->ksenc.ks,
+                                      &new_octx->ksdec.ks);
+
+    default:
+        return -1;
+
+    }
+}
+
+# ifdef HWAES_CAPABLE
+#  ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_encrypt ((ocb128_f)NULL)
+#  endif
+#  ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_decrypt ((ocb128_f)NULL)
+#  endif
+# endif
+
+static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+# ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) HWAES_encrypt,
+                                        (block128_f) HWAES_decrypt,
+                                        enc ? HWAES_ocb_encrypt
+                                            : HWAES_ocb_decrypt))
+                    return 0;
+                break;
+            }
+# endif
+# ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) vpaes_encrypt,
+                                        (block128_f) vpaes_decrypt,
+                                        NULL))
+                    return 0;
+                break;
+            }
+# endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksenc.ks);
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) AES_encrypt,
+                                    (block128_f) AES_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned char *buf;
+    int *buf_len;
+    int written_len = 0;
+    size_t trailing_len;
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+
+    /* If IV or Key not set then return error */
+    if (!octx->iv_set)
+        return -1;
+
+    if (!octx->key_set)
+        return -1;
+
+    if (in != NULL) {
+        /*
+         * Need to ensure we are only passing full blocks to low level OCB
+         * routines. We do it here rather than in EVP_EncryptUpdate/
+         * EVP_DecryptUpdate because we need to pass full blocks of AAD too
+         * and those routines don't support that
+         */
+
+        /* Are we dealing with AAD or normal data here? */
+        if (out == NULL) {
+            buf = octx->aad_buf;
+            buf_len = &(octx->aad_buf_len);
+        } else {
+            buf = octx->data_buf;
+            buf_len = &(octx->data_buf_len);
+
+            if (is_partially_overlapping(out + *buf_len, in, len)) {
+                EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+                return 0;
+            }
+        }
+
+        /*
+         * If we've got a partially filled buffer from a previous call then
+         * use that data first
+         */
+        if (*buf_len > 0) {
+            unsigned int remaining;
+
+            remaining = AES_BLOCK_SIZE - (*buf_len);
+            if (remaining > len) {
+                memcpy(buf + (*buf_len), in, len);
+                *(buf_len) += len;
+                return 0;
+            }
+            memcpy(buf + (*buf_len), in, remaining);
+
+            /*
+             * If we get here we've filled the buffer, so process it
+             */
+            len -= remaining;
+            in += remaining;
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            }
+            written_len = AES_BLOCK_SIZE;
+            *buf_len = 0;
+            if (out != NULL)
+                out += AES_BLOCK_SIZE;
+        }
+
+        /* Do we have a partial block to handle at the end? */
+        trailing_len = len % AES_BLOCK_SIZE;
+
+        /*
+         * If we've got some full blocks to handle, then process these first
+         */
+        if (len != trailing_len) {
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            }
+            written_len += len - trailing_len;
+            in += len - trailing_len;
+        }
+
+        /* Handle any trailing partial block */
+        if (trailing_len > 0) {
+            memcpy(buf, in, trailing_len);
+            *buf_len = trailing_len;
+        }
+
+        return written_len;
+    } else {
+        /*
+         * First of all empty the buffer of any partial block that we might
+         * have been provided - both for data and AAD
+         */
+        if (octx->data_buf_len > 0) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            }
+            written_len = octx->data_buf_len;
+            octx->data_buf_len = 0;
+        }
+        if (octx->aad_buf_len > 0) {
+            if (!CRYPTO_ocb128_aad
+                (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
+                return -1;
+            octx->aad_buf_len = 0;
+        }
+        /* If decrypting then verify */
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (octx->taglen < 0)
+                return -1;
+            if (CRYPTO_ocb128_finish(&octx->ocb,
+                                     octx->tag, octx->taglen) != 0)
+                return -1;
+            octx->iv_set = 0;
+            return written_len;
+        }
+        /* If encrypting then just get the tag */
+        if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
+            return -1;
+        /* Don't reuse the IV */
+        octx->iv_set = 0;
+        return written_len;
+    }
+}
+
+static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    CRYPTO_ocb128_cleanup(&octx->ocb);
+    return 1;
+}
+
+BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+#endif                         /* OPENSSL_NO_OCB */
diff --git a/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha1.c
new file mode 100644
index 0000000..f30f722
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/evp_int.h"
+#include "internal/constant_time_locl.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA1;
+
+#define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AES_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks,
+                        const AES_KEY *key, unsigned char iv[16],
+                        SHA_CTX *ctx, const void *in0);
+
+void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks,
+                           const AES_KEY *key, unsigned char iv[16],
+                           SHA_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *inkey,
+                                        const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA1_Init(&key->head);      /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+# undef  STITCHED_DECRYPT_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha1_block_data_order(void *c, const void *p, size_t len);
+
+static void sha1_update(SHA_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA1_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA1_Update(c, ptr, res);
+}
+
+# ifdef SHA1_Update
+#  undef SHA1_Update
+# endif
+# define SHA1_Update sha1_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8];
+} SHA1_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA1_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA1_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h0;
+        ctx->B[i] = key->md.h1;
+        ctx->C[i] = key->md.h2;
+        ctx->D[i] = key->md.h3;
+        ctx->E[i] = key->md.h4;
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha1_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha1_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha1_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha1_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 20) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 20) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha1_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        out += 20;
+        len += 20;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                      const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        if (plen > (sha_off + iv)
+            && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
+            SHA1_Update(&key->md, in + iv, sha_off);
+
+            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
+                               EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &key->md, in + iv + sha_off);
+            blocks *= SHA_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA1_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA1_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
+            SHA1_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[32 + SHA_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA_CBLOCK];
+            } *data = (void *)key->md.data;
+# if defined(STITCHED_DECRYPT_CALL)
+            unsigned char tail_iv[AES_BLOCK_SIZE];
+            int stitch = 0;
+# endif
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION) {
+                if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
+                    return 0;
+
+                /* omit explicit iv */
+                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+            } else if (len < (SHA_DIGEST_LENGTH + 1))
+                return 0;
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                /* decrypt last block */
+                memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
+                       AES_BLOCK_SIZE);
+                aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE,
+                                  out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE,
+                                  &key->ks, tail_iv, 0);
+                stitch = 1;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA1_Update(&key->md, key->aux.tls_aad, plen);
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (stitch) {
+                blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK;
+                aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK;
+                sha_off = SHA_CBLOCK - plen;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+                inp_len -= sha_off;
+
+                key->md.Nl += (blocks << 3); /* at most 18 bits */
+                memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE);
+            }
+# endif
+
+# if 1
+            len -= SHA_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA_CBLOCK)) {
+                j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
+                j += SHA_CBLOCK - key->md.num;
+                SHA1_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+
+                memset(data, 0, SHA_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha1_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h0 & mask;
+            pmac->u[1] |= key->md.h1 & mask;
+            pmac->u[2] |= key->md.h2 & mask;
+            pmac->u[3] |= key->md.h3 & mask;
+            pmac->u[4] |= key->md.h4 & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+#  else
+            for (i = 0; i < 5; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA_DIGEST_LENGTH;
+# else
+            SHA1_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA1_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA_CBLOCK;
+                res %= SHA_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif
+            key->md = key->tail;
+            SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
+            SHA1_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1
+            {
+                unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
+                                                                 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else
+            for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                if (sha_off %= SHA_CBLOCK)
+                    blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
+                else
+                    blocks = (len - 2 * SHA_CBLOCK) / SHA_CBLOCK;
+                aes_off = len - blocks * SHA_CBLOCK;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+
+                key->md.Nh += blocks >> 29;
+                key->md.Nl += blocks <<= 3;
+                if (key->md.Nl < (unsigned int)blocks)
+                    key->md.Nh++;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            SHA1_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                SHA1_Init(&key->head);
+                SHA1_Update(&key->head, ptr, arg);
+                SHA1_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA1_Init(&key->head);
+            SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA1_Init(&key->tail);
+            SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA1_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 20 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA1_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 20 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha1
+    NID_aes_128_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha1
+    NID_aes_256_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_128_cbc_hmac_sha1_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_256_cbc_hmac_sha1_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha256.c b/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha256.c
new file mode 100644
index 0000000..13973f1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -0,0 +1,950 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_lcl.h"
+#include "internal/constant_time_locl.h"
+#include "internal/evp_int.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA256_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA256;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AES_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks,
+                         const AES_KEY *key, unsigned char iv[16],
+                         SHA256_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *inkey,
+                                          const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA256_Init(&key->head);    /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha256_block_data_order(void *c, const void *p, size_t len);
+
+static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA256_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA256_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA256_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha256_block_data_order(c, ptr, len / SHA256_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA256_Update(c, ptr, res);
+}
+
+# ifdef SHA256_Update
+#  undef SHA256_Update
+# endif
+# define SHA256_Update sha256_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8];
+} SHA256_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha256_multi_block(SHA256_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA256_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA256_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    /* align */
+    ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h[0];
+        ctx->B[i] = key->md.h[1];
+        ctx->C[i] = key->md.h[2];
+        ctx->D[i] = key->md.h[3];
+        ctx->E[i] = key->md.h[4];
+        ctx->F[i] = key->md.h[5];
+        ctx->G[i] = key->md.h[6];
+        ctx->H[i] = key->md.h[7];
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha256_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha256_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha256_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha256_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        blocks[i].d[5] = BSWAP4(ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        blocks[i].d[6] = BSWAP4(ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        blocks[i].d[7] = BSWAP4(ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 32) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        PUTU32(blocks[i].c + 20, ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        PUTU32(blocks[i].c + 24, ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        PUTU32(blocks[i].c + 28, ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 32) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha256_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        PUTU32(out + 20, ctx->F[i]);
+        PUTU32(out + 24, ctx->G[i]);
+        PUTU32(out + 28, ctx->H[i]);
+        out += 32;
+        len += 32;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
+                                        unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA256_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA256_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        /*
+         * Assembly stitch handles AVX-capable processors, but its
+         * performance is not optimal on AMD Jaguar, ~40% worse, for
+         * unknown reasons. Incidentally processor in question supports
+         * AVX, but not AMD-specific XOP extension, which can be used
+         * to identify it and avoid stitch invocation. So that after we
+         * establish that current CPU supports AVX, we even see if it's
+         * either even XOP-capable Bulldozer-based or GenuineIntel one.
+         * But SHAEXT-capable go ahead...
+         */
+        if (((OPENSSL_ia32cap_P[2] & (1 << 29)) ||         /* SHAEXT? */
+             ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
+              ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32)))   /* XOP? */
+               | (OPENSSL_ia32cap_P[0] & (1 << 30))))) &&  /* "Intel CPU"? */
+            plen > (sha_off + iv) &&
+            (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
+            SHA256_Update(&key->md, in + iv, sha_off);
+
+            (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
+                                       EVP_CIPHER_CTX_iv_noconst(ctx),
+                                       &key->md, in + iv + sha_off);
+            blocks *= SHA256_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA256_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA256_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA256_Update(&key->md, out + plen, SHA256_DIGEST_LENGTH);
+            SHA256_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA256_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA256_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[64 + SHA256_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));
+
+        /* decrypt HMAC|padding at once */
+        aesni_cbc_encrypt(in, out, len, &key->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA256_CBLOCK];
+            } *data = (void *)key->md.data;
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION)
+                iv = AES_BLOCK_SIZE;
+
+            if (len < (iv + SHA256_DIGEST_LENGTH + 1))
+                return 0;
+
+            /* omit explicit iv */
+            out += iv;
+            len -= iv;
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA256_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA256_Update(&key->md, key->aux.tls_aad, plen);
+
+# if 1
+            len -= SHA256_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA256_CBLOCK)) {
+                j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
+                j += SHA256_CBLOCK - key->md.num;
+                SHA256_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+            pmac->u[5] = 0;
+            pmac->u[6] = 0;
+            pmac->u[7] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA256_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA256_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA256_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+
+                memset(data, 0, SHA256_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha256_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h[0] & mask;
+            pmac->u[1] |= key->md.h[1] & mask;
+            pmac->u[2] |= key->md.h[2] & mask;
+            pmac->u[3] |= key->md.h[3] & mask;
+            pmac->u[4] |= key->md.h[4] & mask;
+            pmac->u[5] |= key->md.h[5] & mask;
+            pmac->u[6] |= key->md.h[6] & mask;
+            pmac->u[7] |= key->md.h[7] & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+            pmac->u[5] = BSWAP4(pmac->u[5]);
+            pmac->u[6] = BSWAP4(pmac->u[6]);
+            pmac->u[7] = BSWAP4(pmac->u[7]);
+#  else
+            for (i = 0; i < 8; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA256_DIGEST_LENGTH;
+# else
+            SHA256_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA256_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA256_CBLOCK;
+                res %= SHA256_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif
+            key->md = key->tail;
+            SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
+            SHA256_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1
+            {
+                unsigned char *p =
+                    out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA256_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
+                        (sizeof(int) * 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA256_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else
+            for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+            SHA256_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                      void *ptr)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int u_arg = (unsigned int)arg;
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg > sizeof(hmac_key)) {
+                SHA256_Init(&key->head);
+                SHA256_Update(&key->head, ptr, arg);
+                SHA256_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA256_Init(&key->head);
+            SHA256_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA256_Init(&key->tail);
+            SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA256_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA256_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA256_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 32 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA256_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 32 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha256
+    NID_aes_128_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha256
+    NID_aes_256_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_128_cbc_hmac_sha256_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_256_cbc_hmac_sha256_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_bf.c b/openssl-1.1.0h/crypto/evp/e_bf.c
new file mode 100644
index 0000000..dc38690
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_bf.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_BF
+# include <openssl/evp.h>
+# include "internal/evp_int.h"
+# include <openssl/objects.h>
+# include <openssl/blowfish.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc);
+
+typedef struct {
+    BF_KEY ks;
+} EVP_BF_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_camellia.c b/openssl-1.1.0h/crypto/evp/e_camellia.c
new file mode 100644
index 0000000..2df4a6e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_camellia.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_CAMELLIA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/camellia.h>
+# include "internal/evp_int.h"
+# include "modes_lcl.h"
+
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+/* Camellia subkey Structure */
+typedef struct {
+    CAMELLIA_KEY ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_CAMELLIA_KEY;
+
+# define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+/* Attribute operation for Camellia */
+# define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_CMLL_CAPABLE      (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
+
+void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
+void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+
+void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+
+static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_CAMELLIA_KEY *dat =
+        (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+    cmll_t4_set_key(key, bits, &dat->ks);
+
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#  define cmll_t4_cbc_cipher camellia_cbc_cipher
+static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ecb_cipher camellia_ecb_cipher
+static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ofb_cipher camellia_ofb_cipher
+static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb_cipher camellia_cfb_cipher
+static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb8_cipher camellia_cfb8_cipher
+static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb1_cipher camellia_cfb1_cipher
+static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_ctr_cipher camellia_ctr_cipher
+static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        cmll_t4_init_key,               \
+        cmll_t4_##mode##_cipher,        \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
+
+# else
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return &camellia_##keylen##_##mode; }
+
+# endif
+
+# define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+
+/* The subkey for Camellia is generated. */
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
+    if (ret < 0) {
+        EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        dat->block = (block128_f) Camellia_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    } else {
+        dat->block = (block128_f) Camellia_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    }
+
+    return 1;
+}
+
+static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                    dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_cast.c b/openssl-1.1.0h/crypto/evp/e_cast.c
new file mode 100644
index 0000000..259d440
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_cast.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CAST
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    CAST_KEY ks;
+} EVP_CAST_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
+                       NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_chacha20_poly1305.c b/openssl-1.1.0h/crypto/evp/e_chacha20_poly1305.c
new file mode 100644
index 0000000..7fd4f8d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_chacha20_poly1305.c
@@ -0,0 +1,454 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CHACHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include "internal/evp_int.h"
+# include "internal/chacha.h"
+
+typedef struct {
+    union {
+        double align;   /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
+        unsigned int d[CHACHA_KEY_SIZE / 4];
+    } key;
+    unsigned int  counter[CHACHA_CTR_SIZE / 4];
+    unsigned char buf[CHACHA_BLK_SIZE];
+    unsigned int  partial_len;
+} EVP_CHACHA_KEY;
+
+#define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
+static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                           const unsigned char user_key[CHACHA_KEY_SIZE],
+                           const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int i;
+
+    if (user_key)
+        for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
+            key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
+        }
+
+    if (iv)
+        for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
+            key->counter[i/4] = CHACHA_U8TOU32(iv+i);
+        }
+
+    key->partial_len = 0;
+
+    return 1;
+}
+
+static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                         const unsigned char *inp, size_t len)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int n, rem, ctr32;
+
+    if ((n = key->partial_len)) {
+        while (len && n < CHACHA_BLK_SIZE) {
+            *out++ = *inp++ ^ key->buf[n++];
+            len--;
+        }
+        key->partial_len = n;
+
+        if (len == 0)
+            return 1;
+
+        if (n == CHACHA_BLK_SIZE) {
+            key->partial_len = 0;
+            key->counter[0]++;
+            if (key->counter[0] == 0)
+                key->counter[1]++;
+        }
+    }
+
+    rem = (unsigned int)(len % CHACHA_BLK_SIZE);
+    len -= rem;
+    ctr32 = key->counter[0];
+    while (len >= CHACHA_BLK_SIZE) {
+        size_t blocks = len / CHACHA_BLK_SIZE;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+            blocks = (1U<<28);
+
+        /*
+         * As ChaCha20_ctr32 operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (unsigned int)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        blocks *= CHACHA_BLK_SIZE;
+        ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
+        len -= blocks;
+        inp += blocks;
+        out += blocks;
+
+        key->counter[0] = ctr32;
+        if (ctr32 == 0) key->counter[1]++;
+    }
+
+    if (rem) {
+        memset(key->buf, 0, sizeof(key->buf));
+        ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
+                       key->key.d, key->counter);
+        for (n = 0; n < rem; n++)
+            out[n] = inp[n] ^ key->buf[n];
+        key->partial_len = rem;
+    }
+
+    return 1;
+}
+
+static const EVP_CIPHER chacha20 = {
+    NID_chacha20,
+    1,                      /* block_size */
+    CHACHA_KEY_SIZE,        /* key_len */
+    CHACHA_CTR_SIZE,        /* iv_len, 128-bit counter in the context */
+    EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+    chacha_init_key,
+    chacha_cipher,
+    NULL,
+    sizeof(EVP_CHACHA_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_chacha20(void)
+{
+    return (&chacha20);
+}
+
+# ifndef OPENSSL_NO_POLY1305
+#  include "internal/poly1305.h"
+
+typedef struct {
+    EVP_CHACHA_KEY key;
+    unsigned int nonce[12/4];
+    unsigned char tag[POLY1305_BLOCK_SIZE];
+    struct { uint64_t aad, text; } len;
+    int aad, mac_inited, tag_len, nonce_len;
+    size_t tls_payload_length;
+} EVP_CHACHA_AEAD_CTX;
+
+#  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
+#  define aead_data(ctx)        ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
+#  define POLY1305_ctx(actx)    ((POLY1305 *)(actx + 1))
+
+static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+                                      const unsigned char *inkey,
+                                      const unsigned char *iv, int enc)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    if (!inkey && !iv)
+        return 1;
+
+    actx->len.aad = 0;
+    actx->len.text = 0;
+    actx->aad = 0;
+    actx->mac_inited = 0;
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (iv != NULL) {
+        unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
+
+        /* pad on the left */
+        if (actx->nonce_len <= CHACHA_CTR_SIZE)
+            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
+
+        chacha_init_key(ctx, inkey, temp, enc);
+
+        actx->nonce[0] = actx->key.counter[1];
+        actx->nonce[1] = actx->key.counter[2];
+        actx->nonce[2] = actx->key.counter[3];
+    } else {
+        chacha_init_key(ctx, inkey, NULL, enc);
+    }
+
+    return 1;
+}
+
+static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t rem, plen = actx->tls_payload_length;
+    static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 };
+
+    if (!actx->mac_inited) {
+        actx->key.counter[0] = 0;
+        memset(actx->key.buf, 0, sizeof(actx->key.buf));
+        ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE,
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        actx->len.aad = actx->len.text = 0;
+        actx->mac_inited = 1;
+    }
+
+    if (in) {                                   /* aad or text */
+        if (out == NULL) {                      /* aad */
+            Poly1305_Update(POLY1305_ctx(actx), in, len);
+            actx->len.aad += len;
+            actx->aad = 1;
+            return len;
+        } else {                                /* plain- or ciphertext */
+            if (actx->aad) {                    /* wrap up aad */
+                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                    Poly1305_Update(POLY1305_ctx(actx), zero,
+                                    POLY1305_BLOCK_SIZE - rem);
+                actx->aad = 0;
+            }
+
+            actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+            if (plen == NO_TLS_PAYLOAD_LENGTH)
+                plen = len;
+            else if (len != plen + POLY1305_BLOCK_SIZE)
+                return -1;
+
+            if (ctx->encrypt) {                 /* plaintext */
+                chacha_cipher(ctx, out, in, plen);
+                Poly1305_Update(POLY1305_ctx(actx), out, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            } else {                            /* ciphertext */
+                Poly1305_Update(POLY1305_ctx(actx), in, plen);
+                chacha_cipher(ctx, out, in, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            }
+        }
+    }
+    if (in == NULL                              /* explicit final */
+        || plen != len) {                       /* or tls mode */
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+        unsigned char temp[POLY1305_BLOCK_SIZE];
+
+        if (actx->aad) {                        /* wrap up aad */
+            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                Poly1305_Update(POLY1305_ctx(actx), zero,
+                                POLY1305_BLOCK_SIZE - rem);
+            actx->aad = 0;
+        }
+
+        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+            Poly1305_Update(POLY1305_ctx(actx), zero,
+                            POLY1305_BLOCK_SIZE - rem);
+
+        if (is_endian.little) {
+            Poly1305_Update(POLY1305_ctx(actx),
+                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            temp[0]  = (unsigned char)(actx->len.aad);
+            temp[1]  = (unsigned char)(actx->len.aad>>8);
+            temp[2]  = (unsigned char)(actx->len.aad>>16);
+            temp[3]  = (unsigned char)(actx->len.aad>>24);
+            temp[4]  = (unsigned char)(actx->len.aad>>32);
+            temp[5]  = (unsigned char)(actx->len.aad>>40);
+            temp[6]  = (unsigned char)(actx->len.aad>>48);
+            temp[7]  = (unsigned char)(actx->len.aad>>56);
+
+            temp[8]  = (unsigned char)(actx->len.text);
+            temp[9]  = (unsigned char)(actx->len.text>>8);
+            temp[10] = (unsigned char)(actx->len.text>>16);
+            temp[11] = (unsigned char)(actx->len.text>>24);
+            temp[12] = (unsigned char)(actx->len.text>>32);
+            temp[13] = (unsigned char)(actx->len.text>>40);
+            temp[14] = (unsigned char)(actx->len.text>>48);
+            temp[15] = (unsigned char)(actx->len.text>>56);
+
+            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+        }
+        Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                        : temp);
+        actx->mac_inited = 0;
+
+        if (in != NULL && len != plen) {        /* tls mode */
+            if (ctx->encrypt) {
+                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+            } else {
+                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
+                    memset(out - plen, 0, plen);
+                    return -1;
+                }
+            }
+        }
+        else if (!ctx->encrypt) {
+            if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
+                return -1;
+        }
+    }
+    return len;
+}
+
+static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    if (actx)
+        OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
+    return 1;
+}
+
+static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    switch(type) {
+    case EVP_CTRL_INIT:
+        if (actx == NULL)
+            actx = ctx->cipher_data
+                 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
+        if (actx == NULL) {
+            EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        actx->len.aad = 0;
+        actx->len.text = 0;
+        actx->aad = 0;
+        actx->mac_inited = 0;
+        actx->tag_len = 0;
+        actx->nonce_len = 12;
+        actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        if (actx) {
+            EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
+
+            dst->cipher_data =
+                   OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
+            if (dst->cipher_data == NULL) {
+                EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+                return 0;
+            }
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
+            return 0;
+        actx->nonce_len = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IV_FIXED:
+        if (arg != 12)
+            return 0;
+        actx->nonce[0] = actx->key.counter[1]
+                       = CHACHA_U8TOU32((unsigned char *)ptr);
+        actx->nonce[1] = actx->key.counter[2]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+4);
+        actx->nonce[2] = actx->key.counter[3]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+8);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE)
+            return 0;
+        if (ptr != NULL) {
+            memcpy(actx->tag, ptr, arg);
+            actx->tag_len = arg;
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt)
+            return 0;
+        memcpy(ptr, actx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        {
+            unsigned int len;
+            unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE];
+
+            len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
+                  aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+            if (!ctx->encrypt) {
+                if (len < POLY1305_BLOCK_SIZE)
+                    return 0;
+                len -= POLY1305_BLOCK_SIZE;     /* discount attached tag */
+                memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2);
+                aad = temp;
+                temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+                temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+            }
+            actx->tls_payload_length = len;
+
+            /*
+             * merge record sequence number as per RFC7905
+             */
+            actx->key.counter[1] = actx->nonce[0];
+            actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
+            actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
+            actx->mac_inited = 0;
+            chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN);
+            return POLY1305_BLOCK_SIZE;         /* tag length */
+        }
+
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        /* no-op */
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER chacha20_poly1305 = {
+    NID_chacha20_poly1305,
+    1,                  /* block_size */
+    CHACHA_KEY_SIZE,    /* key_len */
+    12,                 /* iv_len, 96-bit nonce in the context */
+    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
+    chacha20_poly1305_init_key,
+    chacha20_poly1305_cipher,
+    chacha20_poly1305_cleanup,
+    0,          /* 0 moves context-specific structure allocation to ctrl */
+    NULL,       /* set_asn1_parameters */
+    NULL,       /* get_asn1_parameters */
+    chacha20_poly1305_ctrl,
+    NULL        /* app_data */
+};
+
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{
+    return(&chacha20_poly1305);
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_des.c b/openssl-1.1.0h/crypto/evp/e_des.c
new file mode 100644
index 0000000..9b2facf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_des.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks;
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} EVP_DES_KEY;
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ----------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+# endif
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+/*
+ * Because of various casts and different names can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ncbc_encrypt(in, out, (long)inl,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for DES, it doesn't pack the right
+ * way, so wrap it here
+ */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    size_t n, chunk = EVP_MAXCHUNK / 8;
+    unsigned char c[1], d[1];
+
+    if (inl < chunk)
+        chunk = inl;
+
+    while (inl && inl >= chunk) {
+        for (n = 0; n < chunk * 8; ++n) {
+            c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+            DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
+                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+            out[n / 8] =
+                (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
+                ((d[0] & 0x80) >> (unsigned int)(n % 8));
+        }
+        inl -= chunk;
+        in += chunk;
+        out += chunk;
+        if (inl < chunk)
+            chunk = inl;
+    }
+
+    return 1;
+}
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_cfb_encrypt(in, out, 8, (long)inl,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
+                  EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(key, &dat->ks.ks);
+            dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_bytes(ptr, 8) <= 0)
+            return 0;
+        DES_set_odd_parity((DES_cblock *)ptr);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_des3.c b/openssl-1.1.0h/crypto/evp/e_des3.c
new file mode 100644
index 0000000..da77936
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_des3.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+# include "evp_locl.h"
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks[3];
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} DES_EDE_KEY;
+# define ks1 ks.ks[0]
+# define ks2 ks.ks[1]
+# define ks3 ks.ks[2]
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+# endif
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
+
+/*
+ * Because of various casts and different args can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                         (DES_cblock *)(out + i),
+                         &data(ctx)->ks1, &data(ctx)->ks2,
+                         &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    DES_EDE_KEY *dat = data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+            inl *= 8;
+    for (n = 0; n < inl; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c, d, 1, 1,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
+            | ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+
+    return 1;
+}
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede_init_key, NULL, NULL, NULL, des3_ctrl)
+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+# define des_ede3_ofb_cipher des_ede_ofb_cipher
+# define des_ede3_cbc_cipher des_ede_cbc_cipher
+# define des_ede3_ecb_cipher des_ede_ecb_cipher
+    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+    return 1;
+}
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            des_t4_key_expand(&deskey[2], &dat->ks3);
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    DES_set_key_unchecked(&deskey[2], &dat->ks3);
+    return 1;
+}
+
+static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+
+    DES_cblock *deskey = ptr;
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+            return 0;
+        DES_set_odd_parity(deskey);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
+            DES_set_odd_parity(deskey + 1);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
+            DES_set_odd_parity(deskey + 2);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+    return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+    return &des_ede3_ecb;
+}
+
+
+# include <openssl/sha.h>
+
+static const unsigned char wrap_iv[8] =
+    { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
+
+static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
+    int rv = -1;
+    if (inl < 24)
+        return -1;
+    if (out == NULL)
+        return inl - 16;
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    /* Decrypt first block which will end up as icv */
+    des_ede_cbc_cipher(ctx, icv, in, 8);
+    /* Decrypt central blocks */
+    /*
+     * If decrypting in place move whole output along a block so the next
+     * des_ede_cbc_cipher is in place.
+     */
+    if (out == in) {
+        memmove(out, out + 8, inl - 8);
+        in -= 8;
+    }
+    des_ede_cbc_cipher(ctx, out, in + 8, inl - 16);
+    /* Decrypt final block which will be IV */
+    des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8);
+    /* Reverse order of everything */
+    BUF_reverse(icv, NULL, 8);
+    BUF_reverse(out, NULL, inl - 16);
+    BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
+    /* Decrypt again using new IV */
+    des_ede_cbc_cipher(ctx, out, out, inl - 16);
+    des_ede_cbc_cipher(ctx, icv, icv, 8);
+    /* Work out SHA1 hash of first portion */
+    SHA1(out, inl - 16, sha1tmp);
+
+    if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+        rv = inl - 16;
+    OPENSSL_cleanse(icv, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    OPENSSL_cleanse(iv, 8);
+    OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    if (rv == -1)
+        OPENSSL_cleanse(out, inl - 16);
+
+    return rv;
+}
+
+static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, size_t inl)
+{
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    if (out == NULL)
+        return inl + 16;
+    /* Copy input to output buffer + 8 so we have space for IV */
+    memmove(out + 8, in, inl);
+    /* Work out ICV */
+    SHA1(in, inl, sha1tmp);
+    memcpy(out + inl + 8, sha1tmp, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    /* Generate random IV */
+    if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+        return -1;
+    memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    /* Encrypt everything after IV in place */
+    des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
+    BUF_reverse(out, NULL, inl + 16);
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    des_ede_cbc_cipher(ctx, out, out, inl + 16);
+    return inl + 16;
+}
+
+static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    /*
+     * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
+     * is more than will ever be needed. Also input length must be a multiple
+     * of 8 bits.
+     */
+    if (inl >= EVP_MAXCHUNK || inl % 8)
+        return -1;
+
+    if (is_partially_overlapping(out, in, inl)) {
+        EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        return des_ede3_wrap(ctx, out, in, inl);
+    else
+        return des_ede3_unwrap(ctx, out, in, inl);
+}
+
+static const EVP_CIPHER des3_wrap = {
+    NID_id_smime_alg_CMS3DESwrap,
+    8, 24, 0,
+    EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+        | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, des_ede3_wrap_cipher,
+    NULL,
+    sizeof(DES_EDE_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_des_ede3_wrap(void)
+{
+    return &des3_wrap;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_idea.c b/openssl-1.1.0h/crypto/evp/e_idea.c
new file mode 100644
index 0000000..93f6a41
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_idea.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/idea.h>
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
+
+typedef struct {
+    IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+/*
+ * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * special case
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    return 1;
+}
+
+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+                  0, idea_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    if (!enc) {
+        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+            enc = 1;
+        else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+            enc = 1;
+    }
+    if (enc)
+        IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    else {
+        IDEA_KEY_SCHEDULE tmp;
+
+        IDEA_set_encrypt_key(key, &tmp);
+        IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+        OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
+    }
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_null.c b/openssl-1.1.0h/crypto/evp/e_null.c
new file mode 100644
index 0000000..0dfc48a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_null.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl);
+static const EVP_CIPHER n_cipher = {
+    NID_undef,
+    1, 0, 0, 0,
+    null_init_key,
+    null_cipher,
+    NULL,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_enc_null(void)
+{
+    return (&n_cipher);
+}
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    return 1;
+}
+
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl)
+{
+    if (in != out)
+        memcpy(out, in, inl);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/evp/e_old.c b/openssl-1.1.0h/crypto/evp/e_old.c
new file mode 100644
index 0000000..927908f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_old.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly.  On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
+
+# ifndef OPENSSL_NO_BF
+#  undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+    return EVP_bf_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_DES
+#  undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+    return EVP_des_cfb64();
+}
+
+#  undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+    return EVP_des_ede3_cfb64();
+}
+
+#  undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+    return EVP_des_ede_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+#  undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+    return EVP_idea_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC2
+#  undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+    return EVP_rc2_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_CAST
+#  undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+    return EVP_cast5_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC5
+#  undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+    return EVP_rc5_32_12_16_cfb64();
+}
+# endif
+
+# undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+    return EVP_aes_128_cfb128();
+}
+
+# undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+    return EVP_aes_192_cfb128();
+}
+
+# undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+    return EVP_aes_256_cfb128();
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_rc2.c b/openssl-1.1.0h/crypto/evp/e_rc2.c
new file mode 100644
index 0000000..ed10bb3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_rc2.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int key_bits;               /* effective key bits */
+    RC2_KEY ks;                 /* key schedule */
+} EVP_RC2_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC2_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+                       8,
+                       RC2_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       rc2_init_key, NULL,
+                       rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
+                       rc2_ctrl)
+# define RC2_40_MAGIC    0xa0
+# define RC2_64_MAGIC    0x78
+# define RC2_128_MAGIC   0x3a
+static const EVP_CIPHER r2_64_cbc_cipher = {
+    NID_rc2_64_cbc,
+    8, 8 /* 64 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+static const EVP_CIPHER r2_40_cbc_cipher = {
+    NID_rc2_40_cbc,
+    8, 5 /* 40 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+{
+    return (&r2_64_cbc_cipher);
+}
+
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+{
+    return (&r2_40_cbc_cipher);
+}
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                key, data(ctx)->key_bits);
+    return 1;
+}
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+{
+    int i;
+
+    EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+    if (i == 128)
+        return (RC2_128_MAGIC);
+    else if (i == 64)
+        return (RC2_64_MAGIC);
+    else if (i == 40)
+        return (RC2_40_MAGIC);
+    else
+        return (0);
+}
+
+static int rc2_magic_to_meth(int i)
+{
+    if (i == RC2_128_MAGIC)
+        return 128;
+    else if (i == RC2_64_MAGIC)
+        return 64;
+    else if (i == RC2_40_MAGIC)
+        return 40;
+    else {
+        EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+        return (0);
+    }
+}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num = 0;
+    int i = 0;
+    int key_bits;
+    unsigned int l;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(iv));
+        i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
+        if (i != (int)l)
+            return -1;
+        key_bits = rc2_magic_to_meth((int)num);
+        if (!key_bits)
+            return -1;
+        if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
+            return -1;
+        EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+        if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+            return -1;
+    }
+    return i;
+}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num;
+    int i = 0, j;
+
+    if (type != NULL) {
+        num = rc2_meth_to_magic(c);
+        j = EVP_CIPHER_CTX_iv_length(c);
+        i = ASN1_TYPE_set_int_octetstring(type, num,
+                                          (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
+                                          j);
+    }
+    return (i);
+}
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+        return 1;
+
+    case EVP_CTRL_GET_RC2_KEY_BITS:
+        *(int *)ptr = data(c)->key_bits;
+        return 1;
+
+    case EVP_CTRL_SET_RC2_KEY_BITS:
+        if (arg > 0) {
+            data(c)->key_bits = arg;
+            return 1;
+        }
+        return 0;
+# ifdef PBE_PRF_TEST
+    case EVP_CTRL_PBE_PRF_NID:
+        *(int *)ptr = NID_hmacWithMD5;
+        return 1;
+# endif
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_rc4.c b/openssl-1.1.0h/crypto/evp/e_rc4.c
new file mode 100644
index 0000000..ea95dea
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_rc4.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+
+# include "internal/evp_int.h"
+
+typedef struct {
+    RC4_KEY ks;                 /* working key */
+} EVP_RC4_KEY;
+
+# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+static const EVP_CIPHER r4_cipher = {
+    NID_rc4,
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const EVP_CIPHER r4_40_cipher = {
+    NID_rc4_40,
+    1, 5 /* 40 bit */ , 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4(void)
+{
+    return (&r4_cipher);
+}
+
+const EVP_CIPHER *EVP_rc4_40(void)
+{
+    return (&r4_40_cipher);
+}
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl)
+{
+    RC4(&data(ctx)->ks, inl, in, out);
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_rc4_hmac_md5.c b/openssl-1.1.0h/crypto/evp/e_rc4_hmac_md5.c
new file mode 100644
index 0000000..8ab18c1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_rc4_hmac_md5.c
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
+
+# include <openssl/crypto.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+# include <openssl/md5.h>
+# include "internal/evp_int.h"
+
+typedef struct {
+    RC4_KEY ks;
+    MD5_CTX head, tail, md;
+    size_t payload_length;
+} EVP_RC4_HMAC_MD5;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
+                 MD5_CTX *ctx, const void *inp, size_t blocks);
+
+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
+                                 const unsigned char *inkey,
+                                 const unsigned char *iv, int enc)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
+
+    MD5_Init(&key->head);       /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+# if     defined(RC4_ASM) && defined(MD5_ASM) &&     (	   \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+#  define STITCHED_CALL
+# endif
+
+# if !defined(STITCHED_CALL)
+#  define rc4_off 0
+#  define md5_off 0
+# endif
+
+static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+# if defined(STITCHED_CALL)
+    size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from
+                                                       * rc4_md5-x86_64.pl */
+        md5_off = MD5_CBLOCK - key->md.num, blocks;
+    unsigned int l;
+    extern unsigned int OPENSSL_ia32cap_P[];
+# endif
+    size_t plen = key->payload_length;
+
+    if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+# if defined(STITCHED_CALL)
+        /* cipher has to "fall behind" */
+        if (rc4_off > md5_off)
+            md5_off += MD5_CBLOCK;
+
+        if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            MD5_Update(&key->md, in, md5_off);
+            RC4(&key->ks, rc4_off, in, out);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, in + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            rc4_off = 0;
+            md5_off = 0;
+        }
+# endif
+        MD5_Update(&key->md, in + md5_off, plen - md5_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + rc4_off, in + rc4_off, plen - rc4_off);
+
+            /* calculate HMAC and append it to payload */
+            MD5_Final(out + plen, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);
+            MD5_Final(out + plen, &key->md);
+            /* encrypt HMAC at once */
+            RC4(&key->ks, len - rc4_off, out + rc4_off, out + rc4_off);
+        } else {
+            RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        }
+    } else {
+        unsigned char mac[MD5_DIGEST_LENGTH];
+# if defined(STITCHED_CALL)
+        /* digest has to "fall behind" */
+        if (md5_off > rc4_off)
+            rc4_off += 2 * MD5_CBLOCK;
+        else
+            rc4_off += MD5_CBLOCK;
+
+        if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            RC4(&key->ks, rc4_off, in, out);
+            MD5_Update(&key->md, out, md5_off);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, out + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;
+            if (l < key->md.Nl)
+                key->md.Nh++;
+            key->md.Nl = l;
+            key->md.Nh += blocks >> 29;
+        } else {
+            md5_off = 0;
+            rc4_off = 0;
+        }
+# endif
+        /* decrypt HMAC at once */
+        RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            MD5_Update(&key->md, out + md5_off, plen - md5_off);
+
+            /* calculate HMAC and verify it */
+            MD5_Final(mac, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
+            MD5_Final(mac, &key->md);
+
+            if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+                return 0;
+        } else {
+            MD5_Update(&key->md, out + md5_off, len - md5_off);
+        }
+    }
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                             void *ptr)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                MD5_Init(&key->head);
+                MD5_Update(&key->head, ptr, arg);
+                MD5_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            MD5_Init(&key->head);
+            MD5_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            MD5_Init(&key->tail);
+            MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
+                len -= MD5_DIGEST_LENGTH;
+                p[arg - 2] = len >> 8;
+                p[arg - 1] = len;
+            }
+            key->payload_length = len;
+            key->md = key->head;
+            MD5_Update(&key->md, p, arg);
+
+            return MD5_DIGEST_LENGTH;
+        }
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER r4_hmac_md5_cipher = {
+# ifdef NID_rc4_hmac_md5
+    NID_rc4_hmac_md5,
+# else
+    NID_undef,
+# endif
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH |
+        EVP_CIPH_FLAG_AEAD_CIPHER,
+    rc4_hmac_md5_init_key,
+    rc4_hmac_md5_cipher,
+    NULL,
+    sizeof(EVP_RC4_HMAC_MD5),
+    NULL,
+    NULL,
+    rc4_hmac_md5_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+{
+    return (&r4_hmac_md5_cipher);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_rc5.c b/openssl-1.1.0h/crypto/evp/e_rc5.c
new file mode 100644
index 0000000..f69ba5b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_rc5.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC5
+
+# include <openssl/evp.h>
+# include <internal/evp_int.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc5.h>
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int rounds;                 /* number of rounds */
+    RC5_32_KEY ks;              /* key schedule */
+} EVP_RC5_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->rounds = RC5_12_ROUNDS;
+        return 1;
+
+    case EVP_CTRL_GET_RC5_ROUNDS:
+        *(int *)ptr = data(c)->rounds;
+        return 1;
+
+    case EVP_CTRL_SET_RC5_ROUNDS:
+        switch (arg) {
+        case RC5_8_ROUNDS:
+        case RC5_12_ROUNDS:
+        case RC5_16_ROUNDS:
+            data(c)->rounds = arg;
+            return 1;
+
+        default:
+            EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS);
+            return 0;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                   key, data(ctx)->rounds);
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_seed.c b/openssl-1.1.0h/crypto/evp/e_seed.c
new file mode 100644
index 0000000..40aec5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SEED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/seed.h>
+# include "internal/evp_int.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    SEED_KEY_SCHEDULE ks;
+} EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks);
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/e_xcbc_d.c b/openssl-1.1.0h/crypto/evp/e_xcbc_d.c
new file mode 100644
index 0000000..effaf5c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/e_xcbc_d.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_DES
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "internal/evp_int.h"
+# include <openssl/des.h>
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+
+typedef struct {
+    DES_key_schedule ks;        /* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+} DESX_CBC_KEY;
+
+# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx)
+
+static const EVP_CIPHER d_xcbc_cipher = {
+    NID_desx_cbc,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE,
+    desx_cbc_init_key,
+    desx_cbc_cipher,
+    NULL,
+    sizeof(DESX_CBC_KEY),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+{
+    return (&d_xcbc_cipher);
+}
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+
+    DES_set_key_unchecked(deskey, &data(ctx)->ks);
+    memcpy(&data(ctx)->inw[0], &key[8], 8);
+    memcpy(&data(ctx)->outw[0], &key[16], 8);
+
+    return 1;
+}
+
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/encode.c b/openssl-1.1.0h/crypto/evp/encode.c
new file mode 100644
index 0000000..abb1044
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/encode.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+
+static unsigned char conv_ascii2bin(unsigned char a);
+#ifndef CHARSET_EBCDIC
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#else
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#endif
+
+/*-
+ * 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*-
+ * 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+#define B64_BASE64(a)           (!B64_NOT_BASE64(a))
+
+static const unsigned char data_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+    if (a & 0x80)
+        return B64_ERROR;
+    return data_ascii2bin[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+    a = os_toascii[a];
+    if (a & 0x80)
+        return B64_ERROR;
+    return data_ascii2bin[a];
+}
+#endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
+{
+    memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
+
+    return 1;
+}
+
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+{
+    ctx->length = 48;
+    ctx->num = 0;
+    ctx->line_num = 0;
+}
+
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j;
+    size_t total = 0;
+
+    *outl = 0;
+    if (inl <= 0)
+        return 0;
+    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+    if (ctx->length - ctx->num > inl) {
+        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+        ctx->num += inl;
+        return 1;
+    }
+    if (ctx->num != 0) {
+        i = ctx->length - ctx->num;
+        memcpy(&(ctx->enc_data[ctx->num]), in, i);
+        in += i;
+        inl -= i;
+        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+        ctx->num = 0;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total = j + 1;
+    }
+    while (inl >= ctx->length && total <= INT_MAX) {
+        j = EVP_EncodeBlock(out, in, ctx->length);
+        in += ctx->length;
+        inl -= ctx->length;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total += j + 1;
+    }
+    if (total > INT_MAX) {
+        /* Too much output data! */
+        *outl = 0;
+        return 0;
+    }
+    if (inl != 0)
+        memcpy(&(ctx->enc_data[0]), in, inl);
+    ctx->num = inl;
+    *outl = total;
+
+    return 1;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    unsigned int ret = 0;
+
+    if (ctx->num != 0) {
+        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
+        out[ret++] = '\n';
+        out[ret] = '\0';
+        ctx->num = 0;
+    }
+    *outl = ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    int i, ret = 0;
+    unsigned long l;
+
+    for (i = dlen; i > 0; i -= 3) {
+        if (i >= 3) {
+            l = (((unsigned long)f[0]) << 16L) |
+                (((unsigned long)f[1]) << 8L) | f[2];
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = conv_bin2ascii(l >> 6L);
+            *(t++) = conv_bin2ascii(l);
+        } else {
+            l = ((unsigned long)f[0]) << 16L;
+            if (i == 2)
+                l |= ((unsigned long)f[1] << 8L);
+
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+            *(t++) = '=';
+        }
+        ret += 4;
+        f += 3;
+    }
+
+    *t = '\0';
+    return (ret);
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+{
+    /* Only ctx->num is used during decoding. */
+    ctx->num = 0;
+    ctx->length = 0;
+    ctx->line_num = 0;
+    ctx->expect_nl = 0;
+}
+
+/*-
+ * -1 for error
+ *  0 for last line
+ *  1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ *   - Padding or B64_EOF was detected and the last block is complete.
+ *   - Input has zero-length.
+ * -1 is returned if:
+ *   - Invalid characters are detected.
+ *   - There is extra trailing padding, or data after padding.
+ *   - B64_EOF is detected after an incomplete base64 block.
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
+    unsigned char *d;
+
+    n = ctx->num;
+    d = ctx->enc_data;
+
+    if (n > 0 && d[n - 1] == '=') {
+        eof++;
+        if (n > 1 && d[n - 2] == '=')
+            eof++;
+    }
+
+     /* Legacy behaviour: an empty input chunk signals end of input. */
+    if (inl == 0) {
+        rv = 0;
+        goto end;
+    }
+
+    for (i = 0; i < inl; i++) {
+        tmp = *(in++);
+        v = conv_ascii2bin(tmp);
+        if (v == B64_ERROR) {
+            rv = -1;
+            goto end;
+        }
+
+        if (tmp == '=') {
+            eof++;
+        } else if (eof > 0 && B64_BASE64(v)) {
+            /* More data after padding. */
+            rv = -1;
+            goto end;
+        }
+
+        if (eof > 2) {
+            rv = -1;
+            goto end;
+        }
+
+        if (v == B64_EOF) {
+            seof = 1;
+            goto tail;
+        }
+
+        /* Only save valid base64 characters. */
+        if (B64_BASE64(v)) {
+            if (n >= 64) {
+                /*
+                 * We increment n once per loop, and empty the buffer as soon as
+                 * we reach 64 characters, so this can only happen if someone's
+                 * manually messed with the ctx. Refuse to write any more data.
+                 */
+                rv = -1;
+                goto end;
+            }
+            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+            d[n++] = tmp;
+        }
+
+        if (n == 64) {
+            decoded_len = EVP_DecodeBlock(out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += decoded_len - eof;
+            out += decoded_len - eof;
+        }
+    }
+
+    /*
+     * Legacy behaviour: if the current line is a full base64-block (i.e., has
+     * 0 mod 4 base64 characters), it is processed immediately. We keep this
+     * behaviour as applications may not be calling EVP_DecodeFinal properly.
+     */
+tail:
+    if (n > 0) {
+        if ((n & 3) == 0) {
+            decoded_len = EVP_DecodeBlock(out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += (decoded_len - eof);
+        } else if (seof) {
+            /* EOF in the middle of a base64 block. */
+            rv = -1;
+            goto end;
+        }
+    }
+
+    rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+    /* Legacy behaviour. This should probably rather be zeroed on error. */
+    *outl = ret;
+    ctx->num = n;
+    return (rv);
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    int i, ret = 0, a, b, c, d;
+    unsigned long l;
+
+    /* trim white space from the start of the line. */
+    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+        f++;
+        n--;
+    }
+
+    /*
+     * strip off stuff at the end of the line ascii2bin values B64_WS,
+     * B64_EOLN, B64_EOLN and B64_EOF
+     */
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+        n--;
+
+    if (n % 4 != 0)
+        return (-1);
+
+    for (i = 0; i < n; i += 4) {
+        a = conv_ascii2bin(*(f++));
+        b = conv_ascii2bin(*(f++));
+        c = conv_ascii2bin(*(f++));
+        d = conv_ascii2bin(*(f++));
+        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+            return (-1);
+        l = ((((unsigned long)a) << 18L) |
+             (((unsigned long)b) << 12L) |
+             (((unsigned long)c) << 6L) | (((unsigned long)d)));
+        *(t++) = (unsigned char)(l >> 16L) & 0xff;
+        *(t++) = (unsigned char)(l >> 8L) & 0xff;
+        *(t++) = (unsigned char)(l) & 0xff;
+        ret += 3;
+    }
+    return (ret);
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    *outl = 0;
+    if (ctx->num != 0) {
+        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+        if (i < 0)
+            return (-1);
+        ctx->num = 0;
+        *outl = i;
+        return (1);
+    } else
+        return (1);
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_cnf.c b/openssl-1.1.0h/crypto/evp/evp_cnf.c
new file mode 100644
index 0000000..71d13b8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_cnf.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (strcmp(oval->name, "fips_mode") == 0) {
+            int m;
+            if (!X509V3_get_value_bool(oval, &m)) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                return 0;
+            }
+            if (m > 0) {
+#ifdef OPENSSL_FIPS
+                if (!FIPS_mode() && !FIPS_mode_set(1)) {
+                    EVPerr(EVP_F_ALG_MODULE_INIT,
+                           EVP_R_ERROR_SETTING_FIPS_MODE);
+                    return 0;
+                }
+#else
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                return 0;
+#endif
+            }
+        } else {
+            EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+            ERR_add_error_data(4, "name=", oval->name,
+                               ", value=", oval->value);
+        }
+
+    }
+    return 1;
+}
+
+void EVP_add_alg_module(void)
+{
+    CONF_module_add("alg_section", alg_module_init, 0);
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_enc.c b/openssl-1.1.0h/crypto/evp/evp_enc.c
new file mode 100644
index 0000000..e5807ed
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_enc.c
@@ -0,0 +1,642 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
+{
+    if (c == NULL)
+        return 1;
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data && c->cipher->ctx_size)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(c->engine);
+#endif
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                   const unsigned char *key, const unsigned char *iv, int enc)
+{
+    if (cipher != NULL)
+        EVP_CIPHER_CTX_reset(ctx);
+    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                      ENGINE *impl, const unsigned char *key,
+                      const unsigned char *iv, int enc)
+{
+    if (enc == -1)
+        enc = ctx->encrypt;
+    else {
+        if (enc)
+            enc = 1;
+        ctx->encrypt = enc;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->cipher
+        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
+        goto skip_to_init;
+#endif
+    if (cipher) {
+        /*
+         * Ensure a context left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_CIPHER could be used).
+         */
+        if (ctx->cipher) {
+            unsigned long flags = ctx->flags;
+            EVP_CIPHER_CTX_reset(ctx);
+            /* Restore encrypt and flags */
+            ctx->encrypt = enc;
+            ctx->flags = flags;
+        }
+#ifndef OPENSSL_NO_ENGINE
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_cipher_engine(cipher->nid);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+            if (!c) {
+                /*
+                 * One positive side-effect of US's export control history,
+                 * is that we should at least be able to avoid using US
+                 * misspellings of "initialisation"?
+                 */
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+            /* We'll use the ENGINE's private cipher definition */
+            cipher = c;
+            /*
+             * Store the ENGINE functional reference so we know 'cipher' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+#endif
+
+        ctx->cipher = cipher;
+        if (ctx->cipher->ctx_size) {
+            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
+            if (ctx->cipher_data == NULL) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
+            ctx->cipher_data = NULL;
+        }
+        ctx->key_len = cipher->key_len;
+        /* Preserve wrap enable flag, zero everything else */
+        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        }
+    } else if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    /* we assume block size is a power of 2 in *cryptUpdate */
+    OPENSSL_assert(ctx->cipher->block_size == 1
+                   || ctx->cipher->block_size == 8
+                   || ctx->cipher->block_size == 16);
+
+    if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+        && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+        return 0;
+    }
+
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+        case EVP_CIPH_STREAM_CIPHER:
+        case EVP_CIPH_ECB_MODE:
+            break;
+
+        case EVP_CIPH_CFB_MODE:
+        case EVP_CIPH_OFB_MODE:
+
+            ctx->num = 0;
+            /* fall-through */
+
+        case EVP_CIPH_CBC_MODE:
+
+            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                           (int)sizeof(ctx->iv));
+            if (iv)
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            ctx->num = 0;
+            /* Don't reuse IV for CTR mode */
+            if (iv)
+                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        default:
+            return 0;
+        }
+    }
+
+    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+        if (!ctx->cipher->init(ctx, key, iv, enc))
+            return 0;
+    }
+    ctx->buf_len = 0;
+    ctx->final_used = 0;
+    ctx->block_mask = ctx->cipher->block_size - 1;
+    return 1;
+}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+    else
+        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal_ex(ctx, out, outl);
+    else
+        return EVP_DecryptFinal_ex(ctx, out, outl);
+}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal(ctx, out, outl);
+    else
+        return EVP_DecryptFinal(ctx, out, outl);
+}
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
+
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+{
+    PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+    /*
+     * Check for partially overlapping buffers. [Binary logical
+     * operations are used instead of boolean to minimize number
+     * of conditional branches.]
+     */
+    int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+                                                (diff > (0 - (PTRDIFF_T)len)));
+
+    return overlapped;
+}
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j, bl, cmpl = inl;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    bl = ctx->cipher->block_size;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        /* If block size > 1 then the cipher will have to do this check */
+        if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        i = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+    if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
+            *outl = inl;
+            return 1;
+        } else {
+            *outl = 0;
+            return 0;
+        }
+    }
+    i = ctx->buf_len;
+    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+    if (i != 0) {
+        if (bl - i > inl) {
+            memcpy(&(ctx->buf[i]), in, inl);
+            ctx->buf_len += inl;
+            *outl = 0;
+            return 1;
+        } else {
+            j = bl - i;
+            memcpy(&(ctx->buf[i]), in, j);
+            inl -= j;
+            in += j;
+            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
+            out += bl;
+            *outl = bl;
+        }
+    } else
+        *outl = 0;
+    i = inl & (bl - 1);
+    inl -= i;
+    if (inl > 0) {
+        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
+            return 0;
+        *outl += inl;
+    }
+
+    if (i != 0)
+        memcpy(ctx->buf, &(in[inl]), i);
+    ctx->buf_len = i;
+    return 1;
+}
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_EncryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int n, ret;
+    unsigned int i, b, bl;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (ret < 0)
+            return 0;
+        else
+            *outl = ret;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof(ctx->buf));
+    if (b == 1) {
+        *outl = 0;
+        return 1;
+    }
+    bl = ctx->buf_len;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (bl) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+
+    n = b - bl;
+    for (i = bl; i < b; i++)
+        ctx->buf[i] = n;
+    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
+
+    if (ret)
+        *outl = b;
+
+    return ret;
+}
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int fix_len, cmpl = inl;
+    unsigned int b;
+
+    b = ctx->cipher->block_size;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (fix_len < 0) {
+            *outl = 0;
+            return 0;
+        } else
+            *outl = fix_len;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->flags & EVP_CIPH_NO_PADDING)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+
+    OPENSSL_assert(b <= sizeof(ctx->final));
+
+    if (ctx->final_used) {
+        /* see comment about PTRDIFF_T comparison above */
+        if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+            || is_partially_overlapping(out, in, b)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+        memcpy(out, ctx->final, b);
+        out += b;
+        fix_len = 1;
+    } else
+        fix_len = 0;
+
+    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+        return 0;
+
+    /*
+     * if we have 'decrypted' a multiple of block size, make sure we have a
+     * copy of this last block
+     */
+    if (b > 1 && !ctx->buf_len) {
+        *outl -= b;
+        ctx->final_used = 1;
+        memcpy(ctx->final, &out[*outl], b);
+    } else
+        ctx->final_used = 0;
+
+    if (fix_len)
+        *outl += b;
+
+    return 1;
+}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_DecryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i, n;
+    unsigned int b;
+    *outl = 0;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (ctx->buf_len) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+    if (b > 1) {
+        if (ctx->buf_len || !ctx->final_used) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+            return (0);
+        }
+        OPENSSL_assert(b <= sizeof(ctx->final));
+
+        /*
+         * The following assumes that the ciphertext has been authenticated.
+         * Otherwise it provides a padding oracle.
+         */
+        n = ctx->final[b - 1];
+        if (n == 0 || n > (int)b) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            return (0);
+        }
+        for (i = 0; i < n; i++) {
+            if (ctx->final[--b] != n) {
+                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                return (0);
+            }
+        }
+        n = ctx->cipher->block_size - n;
+        for (i = 0; i < n; i++)
+            out[i] = ctx->final[i];
+        *outl = n;
+    } else
+        *outl = 0;
+    return (1);
+}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+{
+    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+    if (c->key_len == keylen)
+        return 1;
+    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+        c->key_len = keylen;
+        return 1;
+    }
+    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+{
+    if (pad)
+        ctx->flags &= ~EVP_CIPH_NO_PADDING;
+    else
+        ctx->flags |= EVP_CIPH_NO_PADDING;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+    int ret;
+    if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (!ctx->cipher->ctrl) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+        return 0;
+    }
+
+    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+    if (ret == -1) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+        return 0;
+    }
+    return ret;
+}
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+{
+    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+    if (RAND_bytes(key, ctx->key_len) <= 0)
+        return 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+{
+    if ((in == NULL) || (in->cipher == NULL)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a cipher context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    EVP_CIPHER_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    if (in->cipher_data && in->cipher->ctx_size) {
+        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+        if (out->cipher_data == NULL) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+
+    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+        if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_err.c b/openssl-1.1.0h/crypto/evp/evp_err.c
new file mode 100644
index 0000000..c4b163f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_err.c
@@ -0,0 +1,186 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+
+static ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"},
+    {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"},
+    {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
+    {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
+    {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"},
+    {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
+    {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
+    {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
+    {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"},
+    {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"},
+    {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"},
+    {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
+    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
+    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+     "EVP_CIPHER_CTX_set_key_length"},
+    {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
+    {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+    {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
+    {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+    {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
+    {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
+    {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+    {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"},
+    {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+    {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_ASN1_ADD0), "EVP_PKEY_asn1_add0"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_SET1_ENGINE), "EVP_PKEY_set1_engine"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
+     "EVP_PKEY_verify_recover_init"},
+    {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+    {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+    {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"},
+    {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+    {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+    {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"},
+    {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"},
+    {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"},
+    {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"},
+    {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
+    {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+     "camellia key setup failed"},
+    {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
+    {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
+    {ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
+    {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
+    {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+     "ctrl operation not implemented"},
+    {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+     "data not multiple of block length"},
+    {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
+    {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
+    {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
+    {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+    {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
+    {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
+    {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
+     "illegal scrypt parameters"},
+    {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
+    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
+    {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
+    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
+    {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"},
+    {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
+    {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"},
+    {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"},
+    {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"},
+    {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+     "operation not supported for this keytype"},
+    {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
+    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
+     "partially overlapping buffers"},
+    {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+     "pkey application asn1 method already registered"},
+    {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),
+     "pkey asn1 method already registered"},
+    {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
+    {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
+    {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+     "unsupported key derivation function"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+     "unsupported number of rounds"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+     "unsupported private key algorithm"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
+    {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
+    {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EVP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, EVP_str_functs);
+        ERR_load_strings(0, EVP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_key.c b/openssl-1.1.0h/crypto/evp/evp_key.c
new file mode 100644
index 0000000..5201130
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_key.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_UI
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(const char *prompt)
+{
+    if (prompt == NULL)
+        prompt_string[0] = '\0';
+    else {
+        strncpy(prompt_string, prompt, 79);
+        prompt_string[79] = '\0';
+    }
+}
+
+char *EVP_get_pw_prompt(void)
+{
+    if (prompt_string[0] == '\0')
+        return (NULL);
+    else
+        return (prompt_string);
+}
+
+/*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+ * will fail
+ */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+{
+    return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+}
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
+                           int verify)
+{
+    int ret = -1;
+    char buff[BUFSIZ];
+    UI *ui;
+
+    if ((prompt == NULL) && (prompt_string[0] != '\0'))
+        prompt = prompt_string;
+    ui = UI_new();
+    if (ui == NULL)
+        return ret;
+    if (UI_add_input_string(ui, prompt, 0, buf, min,
+                            (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
+        || (verify
+            && UI_add_verify_string(ui, prompt, 0, buff, min,
+                                    (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+                                    buf) < 0))
+        goto end;
+    ret = UI_process(ui);
+    OPENSSL_cleanse(buff, BUFSIZ);
+ end:
+    UI_free(ui);
+    return ret;
+}
+#endif /* OPENSSL_NO_UI */
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt, const unsigned char *data,
+                   int datal, int count, unsigned char *key,
+                   unsigned char *iv)
+{
+    EVP_MD_CTX *c;
+    unsigned char md_buf[EVP_MAX_MD_SIZE];
+    int niv, nkey, addmd = 0;
+    unsigned int mds = 0, i;
+    int rv = 0;
+    nkey = EVP_CIPHER_key_length(type);
+    niv = EVP_CIPHER_iv_length(type);
+    OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+    OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+
+    if (data == NULL)
+        return (nkey);
+
+    c = EVP_MD_CTX_new();
+    if (c == NULL)
+        goto err;
+    for (;;) {
+        if (!EVP_DigestInit_ex(c, md, NULL))
+            goto err;
+        if (addmd++)
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+        if (!EVP_DigestUpdate(c, data, datal))
+            goto err;
+        if (salt != NULL)
+            if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
+                goto err;
+        if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+            goto err;
+
+        for (i = 1; i < (unsigned int)count; i++) {
+            if (!EVP_DigestInit_ex(c, md, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+            if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+                goto err;
+        }
+        i = 0;
+        if (nkey) {
+            for (;;) {
+                if (nkey == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (key != NULL)
+                    *(key++) = md_buf[i];
+                nkey--;
+                i++;
+            }
+        }
+        if (niv && (i != mds)) {
+            for (;;) {
+                if (niv == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (iv != NULL)
+                    *(iv++) = md_buf[i];
+                niv--;
+                i++;
+            }
+        }
+        if ((nkey == 0) && (niv == 0))
+            break;
+    }
+    rv = EVP_CIPHER_key_length(type);
+ err:
+    EVP_MD_CTX_free(c);
+    OPENSSL_cleanse(md_buf, sizeof(md_buf));
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_lib.c b/openssl-1.1.0h/crypto/evp/evp_lib.c
new file mode 100644
index 0000000..0c76db5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_lib.c
@@ -0,0 +1,497 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->set_asn1_parameters != NULL)
+        ret = c->cipher->set_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+        case EVP_CIPH_WRAP_MODE:
+            if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
+                ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
+            ret = EVP_CIPHER_set_asn1_iv(c, type);
+        }
+    } else
+        ret = -1;
+    return (ret);
+}
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->get_asn1_parameters != NULL)
+        ret = c->cipher->get_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+
+        case EVP_CIPH_WRAP_MODE:
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -1;
+            break;
+
+        default:
+            ret = EVP_CIPHER_get_asn1_iv(c, type);
+            break;
+        }
+    } else
+        ret = -1;
+    return (ret);
+}
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int l;
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(c->iv));
+        i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+        if (i != (int)l)
+            return (-1);
+        else if (i > 0)
+            memcpy(c->iv, c->oiv, l);
+    }
+    return (i);
+}
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int j;
+
+    if (type != NULL) {
+        j = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(j <= sizeof(c->iv));
+        i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+    }
+    return (i);
+}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+    int nid;
+    ASN1_OBJECT *otmp;
+    nid = EVP_CIPHER_nid(ctx);
+
+    switch (nid) {
+
+    case NID_rc2_cbc:
+    case NID_rc2_64_cbc:
+    case NID_rc2_40_cbc:
+
+        return NID_rc2_cbc;
+
+    case NID_rc4:
+    case NID_rc4_40:
+
+        return NID_rc4;
+
+    case NID_aes_128_cfb128:
+    case NID_aes_128_cfb8:
+    case NID_aes_128_cfb1:
+
+        return NID_aes_128_cfb128;
+
+    case NID_aes_192_cfb128:
+    case NID_aes_192_cfb8:
+    case NID_aes_192_cfb1:
+
+        return NID_aes_192_cfb128;
+
+    case NID_aes_256_cfb128:
+    case NID_aes_256_cfb8:
+    case NID_aes_256_cfb1:
+
+        return NID_aes_256_cfb128;
+
+    case NID_des_cfb64:
+    case NID_des_cfb8:
+    case NID_des_cfb1:
+
+        return NID_des_cfb64;
+
+    case NID_des_ede3_cfb64:
+    case NID_des_ede3_cfb8:
+    case NID_des_ede3_cfb1:
+
+        return NID_des_cfb64;
+
+    default:
+        /* Check it has an OID and it is valid */
+        otmp = OBJ_nid2obj(nid);
+        if (OBJ_get0_data(otmp) == NULL)
+            nid = NID_undef;
+        ASN1_OBJECT_free(otmp);
+        return nid;
+    }
+}
+
+int EVP_CIPHER_block_size(const EVP_CIPHER *e)
+{
+    return e->block_size;
+}
+
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->block_size;
+}
+
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
+{
+    return e->ctx_size;
+}
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, unsigned int inl)
+{
+    return ctx->cipher->do_cipher(ctx, out, in, inl);
+}
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher;
+}
+
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->encrypt;
+}
+
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+{
+    return cipher->flags;
+}
+
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher_data;
+}
+
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
+{
+    void *old_cipher_data;
+
+    old_cipher_data = ctx->cipher_data;
+    ctx->cipher_data = cipher_data;
+
+    return old_cipher_data;
+}
+
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+{
+    return cipher->iv_len;
+}
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->iv_len;
+}
+
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->oiv;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->buf;
+}
+
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
+{
+    ctx->num = num;
+}
+
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+{
+    return cipher->key_len;
+}
+
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->key_len;
+}
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+{
+    return cipher->nid;
+}
+
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->nid;
+}
+
+int EVP_MD_block_size(const EVP_MD *md)
+{
+    return md->block_size;
+}
+
+int EVP_MD_type(const EVP_MD *md)
+{
+    return md->type;
+}
+
+int EVP_MD_pkey_type(const EVP_MD *md)
+{
+    return md->pkey_type;
+}
+
+int EVP_MD_size(const EVP_MD *md)
+{
+    if (!md) {
+        EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+        return -1;
+    }
+    return md->md_size;
+}
+
+unsigned long EVP_MD_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
+{
+    EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+    if (md != NULL) {
+        md->type = md_type;
+        md->pkey_type = pkey_type;
+    }
+    return md;
+}
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
+{
+    EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
+
+    if (to != NULL)
+        memcpy(to, md, sizeof(*to));
+    return to;
+}
+void EVP_MD_meth_free(EVP_MD *md)
+{
+    OPENSSL_free(md);
+}
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
+{
+    md->block_size = blocksize;
+    return 1;
+}
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
+{
+    md->md_size = resultsize;
+    return 1;
+}
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
+{
+    md->ctx_size = datasize;
+    return 1;
+}
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
+{
+    md->flags = flags;
+    return 1;
+}
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
+{
+    md->init = init;
+    return 1;
+}
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count))
+{
+    md->update = update;
+    return 1;
+}
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md))
+{
+    md->final = final;
+    return 1;
+}
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from))
+{
+    md->copy = copy;
+    return 1;
+}
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
+{
+    md->cleanup = cleanup;
+    return 1;
+}
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2))
+{
+    md->md_ctrl = ctrl;
+    return 1;
+}
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
+{
+    return md->block_size;
+}
+int EVP_MD_meth_get_result_size(const EVP_MD *md)
+{
+    return md->md_size;
+}
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
+{
+    return md->ctx_size;
+}
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->init;
+}
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count)
+{
+    return md->update;
+}
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md)
+{
+    return md->final;
+}
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from)
+{
+    return md->copy;
+}
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->cleanup;
+}
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2)
+{
+    return md->md_ctrl;
+}
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+{
+    if (!ctx)
+        return NULL;
+    return ctx->digest;
+}
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+{
+    return ctx->pctx;
+}
+
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
+{
+    return ctx->md_data;
+}
+
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count)
+{
+    return ctx->update;
+}
+
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count))
+{
+    ctx->update = update;
+}
+
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_locl.h b/openssl-1.1.0h/crypto/evp/evp_locl.h
new file mode 100644
index 0000000..209577b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_locl.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EVP_MD_CTX related stuff */
+
+struct evp_md_ctx_st {
+    const EVP_MD *digest;
+    ENGINE *engine;             /* functional reference if 'digest' is
+                                 * ENGINE-provided */
+    unsigned long flags;
+    void *md_data;
+    /* Public key context for sign/verify */
+    EVP_PKEY_CTX *pctx;
+    /* Update function: usually copied from EVP_MD */
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+} /* EVP_MD_CTX */ ;
+
+struct evp_cipher_ctx_st {
+    const EVP_CIPHER *cipher;
+    ENGINE *engine;             /* functional reference if 'cipher' is
+                                 * ENGINE-provided */
+    int encrypt;                /* encrypt or decrypt */
+    int buf_len;                /* number we have left */
+    unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
+    unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
+    unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
+    int num;                    /* used by cfb/ofb/ctr mode */
+    /* FIXME: Should this even exist? It appears unused */
+    void *app_data;             /* application stuff */
+    int key_len;                /* May change for variable length cipher */
+    unsigned long flags;        /* Various flags */
+    void *cipher_data;          /* per EVP data */
+    int final_used;
+    int block_mask;
+    unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+} /* EVP_CIPHER_CTX */ ;
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md,
+                             int en_de);
+
+struct evp_Encode_Ctx_st {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    int expect_nl;
+};
+
+typedef struct evp_pbe_st EVP_PBE_CTL;
+DEFINE_STACK_OF(EVP_PBE_CTL)
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
diff --git a/openssl-1.1.0h/crypto/evp/evp_pbe.c b/openssl-1.1.0h/crypto/evp/evp_pbe.c
new file mode 100644
index 0000000..eb7344c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_pbe.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509.h>
+#include "evp_locl.h"
+
+/* Password based encryption (PBE) functions */
+
+/* Setup a cipher context from a PBE algorithm */
+
+struct evp_pbe_st {
+    int pbe_type;
+    int pbe_nid;
+    int cipher_nid;
+    int md_nid;
+    EVP_PBE_KEYGEN *keygen;
+};
+
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
+
+static const EVP_PBE_CTL builtin_pbe[] = {
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
+     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
+     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
+     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
+     NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
+     NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+     NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
+     NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
+     NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
+     NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
+     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+     NID_id_GostR3411_2012_256, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+     NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#ifndef OPENSSL_NO_SCRYPT
+    {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
+#endif
+};
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+    const EVP_CIPHER *cipher;
+    const EVP_MD *md;
+    int cipher_nid, md_nid;
+    EVP_PBE_KEYGEN *keygen;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
+                      &cipher_nid, &md_nid, &keygen)) {
+        char obj_tmp[80];
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+        if (!pbe_obj)
+            OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
+        else
+            i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        return 0;
+    }
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    if (cipher_nid == -1)
+        cipher = NULL;
+    else {
+        cipher = EVP_get_cipherbynid(cipher_nid);
+        if (!cipher) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER);
+            return 0;
+        }
+    }
+
+    if (md_nid == -1)
+        md = NULL;
+    else {
+        md = EVP_get_digestbynid(md_nid);
+        if (!md) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST);
+            return 0;
+        }
+    }
+
+    if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
+{
+    int ret = pbe1->pbe_type - pbe2->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return pbe1->pbe_nid - pbe2->pbe_nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe_cmp(const EVP_PBE_CTL *const *a, const EVP_PBE_CTL *const *b)
+{
+    int ret = (*a)->pbe_type - (*b)->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return (*a)->pbe_nid - (*b)->pbe_nid;
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen)
+{
+    EVP_PBE_CTL *pbe_tmp;
+
+    if (pbe_algs == NULL) {
+        pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
+        if (pbe_algs == NULL)
+            goto err;
+    }
+
+    if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL)
+        goto err;
+
+    pbe_tmp->pbe_type = pbe_type;
+    pbe_tmp->pbe_nid = pbe_nid;
+    pbe_tmp->cipher_nid = cipher_nid;
+    pbe_tmp->md_nid = md_nid;
+    pbe_tmp->keygen = keygen;
+
+    if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
+        OPENSSL_free(pbe_tmp);
+        goto err;
+    }
+    return 1;
+
+ err:
+    EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen)
+{
+    int cipher_nid, md_nid;
+
+    if (cipher)
+        cipher_nid = EVP_CIPHER_nid(cipher);
+    else
+        cipher_nid = -1;
+    if (md)
+        md_nid = EVP_MD_type(md);
+    else
+        md_nid = -1;
+
+    return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
+                                cipher_nid, md_nid, keygen);
+}
+
+int EVP_PBE_find(int type, int pbe_nid,
+                 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+{
+    EVP_PBE_CTL *pbetmp = NULL, pbelu;
+    int i;
+    if (pbe_nid == NID_undef)
+        return 0;
+
+    pbelu.pbe_type = type;
+    pbelu.pbe_nid = pbe_nid;
+
+    if (pbe_algs) {
+        i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
+        if (i != -1)
+            pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+    }
+    if (pbetmp == NULL) {
+        pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
+    }
+    if (pbetmp == NULL)
+        return 0;
+    if (pcnid)
+        *pcnid = pbetmp->cipher_nid;
+    if (pmnid)
+        *pmnid = pbetmp->md_nid;
+    if (pkeygen)
+        *pkeygen = pbetmp->keygen;
+    return 1;
+}
+
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+{
+    OPENSSL_free(pbe);
+}
+
+void EVP_PBE_cleanup(void)
+{
+    sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
+    pbe_algs = NULL;
+}
+
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num)
+{
+    const EVP_PBE_CTL *tpbe;
+
+    if (num >= OSSL_NELEM(builtin_pbe))
+        return 0;
+
+    tpbe = builtin_pbe + num;
+    if (ptype)
+        *ptype = tpbe->pbe_type;
+    if (ppbe_nid)
+        *ppbe_nid = tpbe->pbe_nid;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/evp/evp_pkey.c b/openssl-1.1.0h/crypto/evp/evp_pkey.c
new file mode 100644
index 0000000..81bffa6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/evp_pkey.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    EVP_PKEY *pkey = NULL;
+    const ASN1_OBJECT *algoid;
+    char obj_tmp[80];
+
+    if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
+        return NULL;
+
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        goto error;
+    }
+
+    if (pkey->ameth->priv_decode) {
+        if (!pkey->ameth->priv_decode(pkey, p8)) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    return pkey;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return NULL;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+    PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new();
+    if (p8  == NULL) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (pkey->ameth) {
+        if (pkey->ameth->priv_encode) {
+            if (!pkey->ameth->priv_encode(p8, pkey)) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        goto error;
+    }
+    RAND_add(p8->pkey->data, p8->pkey->length, 0.0);
+    return p8;
+ error:
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    return NULL;
+}
+
+/* EVP_PKEY attribute functions */
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
+{
+    return X509at_get_attr_count(key->attributes);
+}
+
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+}
+
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
+{
+    return X509at_get_attr(key->attributes, loc);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
+{
+    return X509at_delete_attr(key->attributes, loc);
+}
+
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&key->attributes, attr))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/evp/m_md2.c b/openssl-1.1.0h/crypto/evp/m_md2.c
new file mode 100644
index 0000000..c4e28ae
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_md2.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md2.h>
+# include <openssl/rsa.h>
+
+#include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md2_md = {
+    NID_md2,
+    NID_md2WithRSAEncryption,
+    MD2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MD2_CTX),
+};
+
+const EVP_MD *EVP_md2(void)
+{
+    return &md2_md;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_md4.c b/openssl-1.1.0h/crypto/evp/m_md4.c
new file mode 100644
index 0000000..f3decaa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_md4.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md4.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD4_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md4_md = {
+    NID_md4,
+    NID_md4WithRSAEncryption,
+    MD4_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD4_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD4_CTX),
+};
+
+const EVP_MD *EVP_md4(void)
+{
+    return (&md4_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_md5.c b/openssl-1.1.0h/crypto/evp/m_md5.c
new file mode 100644
index 0000000..f4dc0c4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_md5.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD5
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md5_md = {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
+
+const EVP_MD *EVP_md5(void)
+{
+    return (&md5_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_md5_sha1.c b/openssl-1.1.0h/crypto/evp/m_md5_sha1.c
new file mode 100644
index 0000000..2d98886
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_md5_sha1.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(OPENSSL_NO_MD5)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/sha.h>
+# include "internal/cryptlib.h"
+# include "internal/evp_int.h"
+# include <openssl/rsa.h>
+
+struct md5_sha1_ctx {
+    MD5_CTX md5;
+    SHA_CTX sha1;
+};
+
+static int init(EVP_MD_CTX *ctx)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Init(&mctx->md5))
+        return 0;
+    return SHA1_Init(&mctx->sha1);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Update(&mctx->md5, data, count))
+        return 0;
+    return SHA1_Update(&mctx->sha1, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Final(md, &mctx->md5))
+        return 0;
+    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    struct md5_sha1_ctx *mctx;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!init(ctx))
+        return 0;
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD md5_sha1_md = {
+    NID_md5_sha1,
+    NID_md5_sha1,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+    ctrl
+};
+
+const EVP_MD *EVP_md5_sha1(void)
+{
+    return &md5_sha1_md;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_mdc2.c b/openssl-1.1.0h/crypto/evp/m_mdc2.c
new file mode 100644
index 0000000..b7f0fd8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_mdc2.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MDC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/mdc2.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MDC2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD mdc2_md = {
+    NID_mdc2,
+    NID_mdc2WithRSA,
+    MDC2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MDC2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MDC2_CTX),
+};
+
+const EVP_MD *EVP_mdc2(void)
+{
+    return (&mdc2_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_null.c b/openssl-1.1.0h/crypto/evp/m_null.c
new file mode 100644
index 0000000..6c4daf5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_null.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return 1;
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return 1;
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return 1;
+}
+
+static const EVP_MD null_md = {
+    NID_undef,
+    NID_undef,
+    0,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    0,
+    sizeof(EVP_MD *),
+};
+
+const EVP_MD *EVP_md_null(void)
+{
+    return (&null_md);
+}
diff --git a/openssl-1.1.0h/crypto/evp/m_ripemd.c b/openssl-1.1.0h/crypto/evp/m_ripemd.c
new file mode 100644
index 0000000..07b46bd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_ripemd.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RMD160
+
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD ripemd160_md = {
+    NID_ripemd160,
+    NID_ripemd160WithRSA,
+    RIPEMD160_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    RIPEMD160_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
+};
+
+const EVP_MD *EVP_ripemd160(void)
+{
+    return (&ripemd160_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/m_sha1.c b/openssl-1.1.0h/crypto/evp/m_sha1.c
new file mode 100644
index 0000000..e68f32a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_sha1.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[40];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+    SHA_CTX *sha1;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    sha1 = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!SHA1_Init(sha1))
+        return 0;
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD sha1_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+    ctrl
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+    return (&sha1_md);
+}
+
+static int init224(EVP_MD_CTX *ctx)
+{
+    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init256(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha224_md = {
+    NID_sha224,
+    NID_sha224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init224,
+    update224,
+    final224,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+    return (&sha224_md);
+}
+
+static const EVP_MD sha256_md = {
+    NID_sha256,
+    NID_sha256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init256,
+    update256,
+    final256,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+    return (&sha256_md);
+}
+
+static int init384(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha384_md = {
+    NID_sha384,
+    NID_sha384WithRSAEncryption,
+    SHA384_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init384,
+    update384,
+    final384,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+    return (&sha384_md);
+}
+
+static const EVP_MD sha512_md = {
+    NID_sha512,
+    NID_sha512WithRSAEncryption,
+    SHA512_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+    return (&sha512_md);
+}
diff --git a/openssl-1.1.0h/crypto/evp/m_sigver.c b/openssl-1.1.0h/crypto/evp/m_sigver.c
new file mode 100644
index 0000000..582e563
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_sigver.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+
+static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
+                          int ver)
+{
+    if (ctx->pctx == NULL)
+        ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx->pctx == NULL)
+        return 0;
+
+    if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
+
+        if (type == NULL) {
+            int def_nid;
+            if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                type = EVP_get_digestbynid(def_nid);
+        }
+
+        if (type == NULL) {
+            EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+            return 0;
+        }
+    }
+
+    if (ver) {
+        if (ctx->pctx->pmeth->verifyctx_init) {
+            if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
+        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+            return 0;
+    } else {
+        if (ctx->pctx->pmeth->signctx_init) {
+            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
+        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+            return 0;
+    }
+    if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+        return 0;
+    if (pctx)
+        *pctx = ctx->pctx;
+    if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+        return 1;
+    if (!EVP_DigestInit_ex(ctx, type, e))
+        return 0;
+    return 1;
+}
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+}
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+}
+
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                        size_t *siglen)
+{
+    int sctx = 0, r = 0;
+    EVP_PKEY_CTX *pctx = ctx->pctx;
+    if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
+        if (!sigret)
+            return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
+            r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        else {
+            EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+            if (!dctx)
+                return 0;
+            r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+            EVP_PKEY_CTX_free(dctx);
+        }
+        return r;
+    }
+    if (pctx->pmeth->signctx)
+        sctx = 1;
+    else
+        sctx = 0;
+    if (sigret) {
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen = 0;
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+            if (sctx)
+                r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
+            else
+                r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+        } else {
+            EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+            if (tmp_ctx == NULL)
+                return 0;
+            if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+                EVP_MD_CTX_free(tmp_ctx);
+                return 0;
+            }
+            if (sctx)
+                r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
+                                                  sigret, siglen, tmp_ctx);
+            else
+                r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+            EVP_MD_CTX_free(tmp_ctx);
+        }
+        if (sctx || !r)
+            return r;
+        if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+            return 0;
+    } else {
+        if (sctx) {
+            if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
+                return 0;
+        } else {
+            int s = EVP_MD_size(ctx->digest);
+            if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
+                return 0;
+        }
+    }
+    return 1;
+}
+
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen)
+{
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int r = 0;
+    unsigned int mdlen = 0;
+    int vctx = 0;
+
+    if (ctx->pctx->pmeth->verifyctx)
+        vctx = 1;
+    else
+        vctx = 0;
+    if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+        if (vctx) {
+            r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
+        } else
+            r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+    } else {
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL)
+            return -1;
+        if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+            EVP_MD_CTX_free(tmp_ctx);
+            return -1;
+        }
+        if (vctx) {
+            r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
+                                                sig, siglen, tmp_ctx);
+        } else
+            r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+        EVP_MD_CTX_free(tmp_ctx);
+    }
+    if (vctx || !r)
+        return r;
+    return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+}
diff --git a/openssl-1.1.0h/crypto/evp/m_wp.c b/openssl-1.1.0h/crypto/evp/m_wp.c
new file mode 100644
index 0000000..94fac22
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/m_wp.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/whrlpool.h>
+# include "internal/evp_int.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD whirlpool_md = {
+    NID_whirlpool,
+    0,
+    WHIRLPOOL_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    WHIRLPOOL_BBLOCK / 8,
+    sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX),
+};
+
+const EVP_MD *EVP_whirlpool(void)
+{
+    return (&whirlpool_md);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/names.c b/openssl-1.1.0h/crypto/evp/names.c
new file mode 100644
index 0000000..a92be1f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/names.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <internal/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_add_cipher(const EVP_CIPHER *c)
+{
+    int r;
+
+    if (c == NULL)
+        return 0;
+
+    r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    if (r == 0)
+        return (0);
+    r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    return (r);
+}
+
+int EVP_add_digest(const EVP_MD *md)
+{
+    int r;
+    const char *name;
+
+    name = OBJ_nid2sn(md->type);
+    r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
+    if (r == 0)
+        return (0);
+    r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
+                     (const char *)md);
+    if (r == 0)
+        return (0);
+
+    if (md->pkey_type && md->type != md->pkey_type) {
+        r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+        if (r == 0)
+            return (0);
+        r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+    }
+    return (r);
+}
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+{
+    const EVP_CIPHER *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
+        return NULL;
+
+    cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+    return (cp);
+}
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+{
+    const EVP_MD *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
+        return NULL;
+
+    cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+    return (cp);
+}
+
+void evp_cleanup_int(void)
+{
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+    /*
+     * The above calls will only clean out the contents of the name hash
+     * table, but not the hash table itself.  The following line does that
+     * part.  -- Richard Levitte
+     */
+    OBJ_NAME_cleanup(-1);
+
+    EVP_PBE_cleanup();
+    OBJ_sigid_free();
+}
+
+struct doall_cipher {
+    void *arg;
+    void (*fn) (const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_cipher *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph,
+                                          const char *from, const char *to,
+                                          void *x), void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+struct doall_md {
+    void *arg;
+    void (*fn) (const EVP_MD *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_md *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *md,
+                               const char *from, const char *to, void *x),
+                   void *arg)
+{
+    struct doall_md dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
+
+void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md,
+                                      const char *from, const char *to,
+                                      void *x), void *arg)
+{
+    struct doall_md dc;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
diff --git a/openssl-1.1.0h/crypto/evp/p5_crpt.c b/openssl-1.1.0h/crypto/evp/p5_crpt.c
new file mode 100644
index 0000000..7e55d0b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p5_crpt.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/*
+ * Doesn't do anything now: Builtin PBE algorithms in static table.
+ */
+
+void PKCS5_PBE_add(void)
+{
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
+{
+    EVP_MD_CTX *ctx;
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int i;
+    PBEPARAM *pbe;
+    int saltlen, iter;
+    unsigned char *salt;
+    int mdsize;
+    int rv = 0;
+
+    /* Extract useful info from parameter */
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md, NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, pass, passlen))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, salt, saltlen))
+        goto err;
+    PBEPARAM_free(pbe);
+    if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+        goto err;
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
+        return 0;
+    for (i = 1; i < iter; i++) {
+        if (!EVP_DigestInit_ex(ctx, md, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
+            goto err;
+        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+            goto err;
+    }
+    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
+    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+           EVP_CIPHER_iv_length(cipher));
+    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
+        goto err;
+    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/evp/p5_crpt2.c b/openssl-1.1.0h/crypto/evp/p5_crpt2.c
new file mode 100644
index 0000000..6d5f289
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p5_crpt2.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+# include <openssl/x509.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
+# include "evp_locl.h"
+
+/* set this to print out info about the keygen algorithm */
+/* #define OPENSSL_DEBUG_PKCS5V2 */
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len);
+# endif
+
+/*
+ * This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2. SHA1 version verified against test vectors
+ * posted by Peter Gutmann <pgut001@cs.auckland.ac.nz> to the PKCS-TNG
+ * <pkcs-tng@rsa.com> mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out)
+{
+    const char *empty = "";
+    unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
+    int cplen, j, k, tkeylen, mdlen;
+    unsigned long i = 1;
+    HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
+
+    mdlen = EVP_MD_size(digest);
+    if (mdlen < 0)
+        return 0;
+
+    hctx_tpl = HMAC_CTX_new();
+    if (hctx_tpl == NULL)
+        return 0;
+    p = out;
+    tkeylen = keylen;
+    if (pass == NULL) {
+        pass = empty;
+        passlen = 0;
+    } else if (passlen == -1) {
+        passlen = strlen(pass);
+    }
+    if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    while (tkeylen) {
+        if (tkeylen > mdlen)
+            cplen = mdlen;
+        else
+            cplen = tkeylen;
+        /*
+         * We are unlikely to ever use more than 256 blocks (5120 bits!) but
+         * just in case...
+         */
+        itmp[0] = (unsigned char)((i >> 24) & 0xff);
+        itmp[1] = (unsigned char)((i >> 16) & 0xff);
+        itmp[2] = (unsigned char)((i >> 8) & 0xff);
+        itmp[3] = (unsigned char)(i & 0xff);
+        if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        if (!HMAC_Update(hctx, salt, saltlen)
+            || !HMAC_Update(hctx, itmp, 4)
+            || !HMAC_Final(hctx, digtmp, NULL)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        HMAC_CTX_reset(hctx);
+        memcpy(p, digtmp, cplen);
+        for (j = 1; j < iter; j++) {
+            if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            if (!HMAC_Update(hctx, digtmp, mdlen)
+                || !HMAC_Final(hctx, digtmp, NULL)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            HMAC_CTX_reset(hctx);
+            for (k = 0; k < cplen; k++)
+                p[k] ^= digtmp[k];
+        }
+        tkeylen -= cplen;
+        i++;
+        p += cplen;
+    }
+    HMAC_CTX_free(hctx);
+    HMAC_CTX_free(hctx_tpl);
+# ifdef OPENSSL_DEBUG_PKCS5V2
+    fprintf(stderr, "Password:\n");
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt:\n");
+    h__dump(salt, saltlen);
+    fprintf(stderr, "Iteration count %d\n", iter);
+    fprintf(stderr, "Key:\n");
+    h__dump(out, keylen);
+# endif
+    return 1;
+}
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+{
+    return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
+                             keylen, out);
+}
+
+# ifdef DO_TEST
+main()
+{
+    unsigned char out[4];
+    unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 };
+    PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+    fprintf(stderr, "Out %02X %02X %02X %02X\n",
+            out[0], out[1], out[2], out[3]);
+}
+
+# endif
+
+/*
+ * Now the key derivation function itself. This is a bit evil because it has
+ * to check the ASN1 parameters are valid: and there are quite a few of
+ * them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *c,
+                          const EVP_MD *md, int en_de)
+{
+    PBE2PARAM *pbe2 = NULL;
+    const EVP_CIPHER *cipher;
+    EVP_PBE_KEYGEN *kdf;
+
+    int rv = 0;
+
+    pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param);
+    if (pbe2 == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* See if we recognise the key derivation function */
+    if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
+                        NULL, NULL, &kdf)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+        goto err;
+    }
+
+    /*
+     * lets see if we recognise the encryption algorithm.
+     */
+
+    cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
+
+    if (!cipher) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER);
+        goto err;
+    }
+
+    /* Fixup cipher based on AlgorithmIdentifier */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
+        goto err;
+    }
+    rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
+ err:
+    PBE2PARAM_free(pbe2);
+    return rv;
+}
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    int saltlen, iter;
+    int rv = 0;
+    unsigned int keylen = 0;
+    int prf_nid, hmac_md_nid;
+    PBKDF2PARAM *kdf = NULL;
+    const EVP_MD *prfmd;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    OPENSSL_assert(keylen <= sizeof(key));
+
+    /* Decode parameter */
+
+    kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param);
+
+    if (kdf == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of the kdf */
+
+    if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH);
+        goto err;
+    }
+
+    if (kdf->prf)
+        prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
+    else
+        prf_nid = NID_hmacWithSHA1;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    prfmd = EVP_get_digestbynid(hmac_md_nid);
+    if (prfmd == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    if (kdf->salt->type != V_ASN1_OCTET_STRING) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+    salt = kdf->salt->value.octet_string->data;
+    saltlen = kdf->salt->value.octet_string->length;
+    iter = ASN1_INTEGER_get(kdf->iter);
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                           keylen, key))
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    OPENSSL_cleanse(key, keylen);
+    PBKDF2PARAM_free(kdf);
+    return rv;
+}
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X ", *p);
+    fprintf(stderr, "\n");
+}
+# endif
diff --git a/openssl-1.1.0h/crypto/evp/p_dec.c b/openssl-1.1.0h/crypto/evp/p_dec.c
new file mode 100644
index 0000000..6bec406
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_dec.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
+                         EVP_PKEY *priv)
+{
+    int ret = -1;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+
+    ret =
+        RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
+                            RSA_PKCS1_PADDING);
+ err:
+#endif
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/evp/p_enc.c b/openssl-1.1.0h/crypto/evp/p_enc.c
new file mode 100644
index 0000000..3277fbb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_enc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
+                         int key_len, EVP_PKEY *pubk)
+{
+    int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+    ret =
+        RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
+                           RSA_PKCS1_PADDING);
+ err:
+#endif
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/evp/p_lib.c b/openssl-1.1.0h/crypto/evp/p_lib.c
new file mode 100644
index 0000000..d7372aa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_lib.c
@@ -0,0 +1,506 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+
+int EVP_PKEY_bits(const EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
+        return pkey->ameth->pkey_bits(pkey);
+    return 0;
+}
+
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+    if (pkey == NULL)
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
+        return -2;
+    return pkey->ameth->pkey_security_bits(pkey);
+}
+
+int EVP_PKEY_size(EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_size)
+        return pkey->ameth->pkey_size(pkey);
+    return 0;
+}
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+{
+#ifndef OPENSSL_NO_DSA
+    if (pkey->type == EVP_PKEY_DSA) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return (ret);
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    if (pkey->type == EVP_PKEY_EC) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return (ret);
+    }
+#endif
+    return (0);
+}
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->type == EVP_PKEY_NONE) {
+        if (EVP_PKEY_set_type(to, from->type) == 0)
+            return 0;
+    } else if (to->type != from->type) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
+        goto err;
+    }
+
+    if (EVP_PKEY_missing_parameters(from)) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
+    if (from->ameth && from->ameth->param_copy)
+        return from->ameth->param_copy(to, from);
+ err:
+    return 0;
+}
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey->ameth && pkey->ameth->param_missing)
+        return pkey->ameth->param_missing(pkey);
+    return 0;
+}
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+    if (a->ameth && a->ameth->param_cmp)
+        return a->ameth->param_cmp(a, b);
+    return -2;
+}
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+
+    if (a->ameth) {
+        int ret;
+        /* Compare parameters if the algorithm has them */
+        if (a->ameth->param_cmp) {
+            ret = a->ameth->param_cmp(a, b);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (a->ameth->pub_cmp)
+            return a->ameth->pub_cmp(a, b);
+    }
+
+    return -2;
+}
+
+EVP_PKEY *EVP_PKEY_new(void)
+{
+    EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = EVP_PKEY_NONE;
+    ret->save_type = EVP_PKEY_NONE;
+    ret->references = 1;
+    ret->save_parameters = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EVP_PKEY", pkey);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+/*
+ * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
+ * is NULL just return 1 or 0 if the algorithm exists.
+ */
+
+static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *e = NULL;
+    if (pkey) {
+        if (pkey->pkey.ptr)
+            EVP_PKEY_free_it(pkey);
+        /*
+         * If key type matches and a method exists then this lookup has
+         * succeeded once so just indicate success.
+         */
+        if ((type == pkey->save_type) && pkey->ameth)
+            return 1;
+#ifndef OPENSSL_NO_ENGINE
+        /* If we have ENGINEs release them */
+        ENGINE_finish(pkey->engine);
+        pkey->engine = NULL;
+        ENGINE_finish(pkey->pmeth_engine);
+        pkey->pmeth_engine = NULL;
+#endif
+    }
+    if (str)
+        ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+    else
+        ameth = EVP_PKEY_asn1_find(&e, type);
+#ifndef OPENSSL_NO_ENGINE
+    if (pkey == NULL)
+        ENGINE_finish(e);
+#endif
+    if (ameth == NULL) {
+        EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+    if (pkey) {
+        pkey->ameth = ameth;
+        pkey->engine = e;
+
+        pkey->type = pkey->ameth->pkey_id;
+        pkey->save_type = type;
+    }
+    return 1;
+}
+
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
+{
+    return pkey_set_type(pkey, type, NULL, -1);
+}
+
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+{
+    return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+}
+#ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
+{
+    if (e != NULL) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB);
+            return 0;
+        }
+        if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) {
+            ENGINE_finish(e);
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM);
+            return 0;
+        }
+    }
+    ENGINE_finish(pkey->pmeth_engine);
+    pkey->pmeth_engine = e;
+    return 1;
+}
+#endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+{
+    if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
+        return 0;
+    pkey->pkey.ptr = key;
+    return (key != NULL);
+}
+
+void *EVP_PKEY_get0(const EVP_PKEY *pkey)
+{
+    return pkey->pkey.ptr;
+}
+
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+    int ret = EVP_PKEY_assign_RSA(pkey, key);
+    if (ret)
+        RSA_up_ref(key);
+    return ret;
+}
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.rsa;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+    RSA *ret = EVP_PKEY_get0_RSA(pkey);
+    if (ret != NULL)
+        RSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+    int ret = EVP_PKEY_assign_DSA(pkey, key);
+    if (ret)
+        DSA_up_ref(key);
+    return ret;
+}
+
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dsa;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+{
+    DSA *ret = EVP_PKEY_get0_DSA(pkey);
+    if (ret != NULL)
+        DSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+    if (ret)
+        EC_KEY_up_ref(key);
+    return ret;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_EC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        return NULL;
+    }
+    return pkey->pkey.ec;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+    if (ret != NULL)
+        EC_KEY_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+    int ret = EVP_PKEY_assign_DH(pkey, key);
+    if (ret)
+        DH_up_ref(key);
+    return ret;
+}
+
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dh;
+}
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+{
+    DH *ret = EVP_PKEY_get0_DH(pkey);
+    if (ret != NULL)
+        DH_up_ref(ret);
+    return ret;
+}
+#endif
+
+int EVP_PKEY_type(int type)
+{
+    int ret;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *e;
+    ameth = EVP_PKEY_asn1_find(&e, type);
+    if (ameth)
+        ret = ameth->pkey_id;
+    else
+        ret = NID_undef;
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(e);
+#endif
+    return ret;
+}
+
+int EVP_PKEY_id(const EVP_PKEY *pkey)
+{
+    return pkey->type;
+}
+
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+{
+    return EVP_PKEY_type(pkey->type);
+}
+
+void EVP_PKEY_free(EVP_PKEY *x)
+{
+    int i;
+
+    if (x == NULL)
+        return;
+
+    CRYPTO_atomic_add(&x->references, -1, &i, x->lock);
+    REF_PRINT_COUNT("EVP_PKEY", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+    EVP_PKEY_free_it(x);
+    CRYPTO_THREAD_lock_free(x->lock);
+    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    OPENSSL_free(x);
+}
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+{
+    /* internal function; x is never NULL */
+    if (x->ameth && x->ameth->pkey_free) {
+        x->ameth->pkey_free(x);
+        x->pkey.ptr = NULL;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(x->engine);
+    x->engine = NULL;
+    ENGINE_finish(x->pmeth_engine);
+    x->pmeth_engine = NULL;
+#endif
+}
+
+static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
+                     const char *kstr)
+{
+    BIO_indent(out, indent, 128);
+    BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
+               kstr, OBJ_nid2ln(pkey->type));
+    return 1;
+}
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->pub_print)
+        return pkey->ameth->pub_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Public Key");
+}
+
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->priv_print)
+        return pkey->ameth->priv_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Private Key");
+}
+
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->param_print)
+        return pkey->ameth->param_print(out, pkey, indent, pctx);
+    return unsup_alg(out, pkey, indent, "Parameters");
+}
+
+static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
+{
+    if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
+        return -2;
+    return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
+}
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+{
+    return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
+}
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                               const unsigned char *pt, size_t ptlen)
+{
+    if (ptlen > INT_MAX)
+        return 0;
+    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
+                           (void *)pt) <= 0)
+        return 0;
+    return 1;
+}
+
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
+{
+    int rv;
+    rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
+    if (rv <= 0)
+        return 0;
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/evp/p_open.c b/openssl-1.1.0h/crypto/evp/p_open.c
new file mode 100644
index 0000000..b65bc74
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_open.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 const unsigned char *ek, int ekl, const unsigned char *iv,
+                 EVP_PKEY *priv)
+{
+    unsigned char *key = NULL;
+    int i, size = 0, ret = 0;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+
+    if (!priv)
+        return 1;
+
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+        goto err;
+    }
+
+    size = EVP_PKEY_size(priv);
+    key = OPENSSL_malloc(size + 2);
+    if (key == NULL) {
+        /* ERROR */
+        EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
+    if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+        /* ERROR */
+        goto err;
+    }
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
+
+    ret = 1;
+ err:
+    OPENSSL_clear_free(key, size);
+    return (ret);
+}
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    i = EVP_DecryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return (i);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/evp/p_seal.c b/openssl-1.1.0h/crypto/evp/p_seal.c
new file mode 100644
index 0000000..faa2464
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_seal.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    int i;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+    if ((npubk <= 0) || !pubk)
+        return 1;
+    if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+        return 0;
+    if (EVP_CIPHER_CTX_iv_length(ctx)
+        && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+        return 0;
+
+    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+        return 0;
+
+    for (i = 0; i < npubk; i++) {
+        ekl[i] =
+            EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
+                                 pubk[i]);
+        if (ekl[i] <= 0)
+            return (-1);
+    }
+    return (npubk);
+}
+
+/*- MACRO
+void EVP_SealUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        }
+*/
+
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+    i = EVP_EncryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
diff --git a/openssl-1.1.0h/crypto/evp/p_sign.c b/openssl-1.1.0h/crypto/evp/p_sign.c
new file mode 100644
index 0000000..6cb442e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_sign.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    size_t sltmp;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    *siglen = 0;
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    sltmp = (size_t)EVP_PKEY_size(pkey);
+    i = 0;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_sign_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+        goto err;
+    *siglen = sltmp;
+    i = 1;
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/openssl-1.1.0h/crypto/evp/p_verify.c b/openssl-1.1.0h/crypto/evp/p_verify.c
new file mode 100644
index 0000000..6e8c565
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/p_verify.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/evp_int.h"
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                    unsigned int siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    i = -1;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_verify_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/openssl-1.1.0h/crypto/evp/pmeth_fn.c b/openssl-1.1.0h/crypto/evp/pmeth_fn.c
new file mode 100644
index 0000000..eb63801
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/pmeth_fn.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+#define M_check_autoarg(ctx, arg, arglen, err) \
+    if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
+        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
+                                                                  \
+        if (pksize == 0) {                                        \
+            EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/      \
+            return 0;                                             \
+        }                                                         \
+        if (!arg) {                                               \
+            *arglen = pksize;                                     \
+            return 1;                                             \
+        }                                                         \
+        if (*arglen < pksize) {                                   \
+            EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+            return 0;                                             \
+        }                                                         \
+    }
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_SIGN;
+    if (!ctx->pmeth->sign_init)
+        return 1;
+    ret = ctx->pmeth->sign_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_SIGN) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
+        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFY;
+    if (!ctx->pmeth->verify_init)
+        return 1;
+    ret = ctx->pmeth->verify_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
+    if (!ctx->pmeth->verify_recover_init)
+        return 1;
+    ret = ctx->pmeth->verify_recover_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
+        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
+}
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_ENCRYPT;
+    if (!ctx->pmeth->encrypt_init)
+        return 1;
+    ret = ctx->pmeth->encrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DECRYPT;
+    if (!ctx->pmeth->decrypt_init)
+        return 1;
+    ret = ctx->pmeth->decrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DERIVE;
+    if (!ctx->pmeth->derive_init)
+        return 1;
+    ret = ctx->pmeth->derive_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth
+        || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt)
+        || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE
+        && ctx->operation != EVP_PKEY_OP_ENCRYPT
+        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+
+    if (ret <= 0)
+        return ret;
+
+    if (ret == 2)
+        return 1;
+
+    if (!ctx->pkey) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+        return -1;
+    }
+
+    if (ctx->pkey->type != peer->type) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
+        return -1;
+    }
+
+    /*
+     * ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
+     * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+     * (different key types) is impossible here because it is checked earlier.
+     * -2 is OK for us here, as well as 1, so we can check for 0 only.
+     */
+    if (!EVP_PKEY_missing_parameters(peer) &&
+        !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
+        return -1;
+    }
+
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+
+    if (ret <= 0) {
+        ctx->peerkey = NULL;
+        return ret;
+    }
+
+    EVP_PKEY_up_ref(peer);
+    return 1;
+}
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+}
diff --git a/openssl-1.1.0h/crypto/evp/pmeth_gn.c b/openssl-1.1.0h/crypto/evp/pmeth_gn.c
new file mode 100644
index 0000000..6adc3a9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/pmeth_gn.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "internal/bn_int.h"
+#include "internal/evp_int.h"
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_PARAMGEN;
+    if (!ctx->pmeth->paramgen_init)
+        return 1;
+    ret = ctx->pmeth->paramgen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+
+    if (*ppkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ret = ctx->pmeth->paramgen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_KEYGEN;
+    if (!ctx->pmeth->keygen_init)
+        return 1;
+    ret = ctx->pmeth->keygen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+    if (*ppkey == NULL)
+        return -1;
+
+    ret = ctx->pmeth->keygen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
+{
+    ctx->pkey_gencb = cb;
+}
+
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey_gencb;
+}
+
+/*
+ * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
+ * callbacks.
+ */
+
+static int trans_cb(int a, int b, BN_GENCB *gcb)
+{
+    EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
+    ctx->keygen_info[0] = a;
+    ctx->keygen_info[1] = b;
+    return ctx->pkey_gencb(ctx);
+}
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
+{
+    BN_GENCB_set(cb, trans_cb, ctx);
+}
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
+{
+    if (idx == -1)
+        return ctx->keygen_info_count;
+    if (idx < 0 || idx > ctx->keygen_info_count)
+        return 0;
+    return ctx->keygen_info[idx];
+}
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *mac_ctx = NULL;
+    EVP_PKEY *mac_key = NULL;
+    mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+    if (!mac_ctx)
+        return NULL;
+    if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
+        goto merr;
+    if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
+        goto merr;
+    if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
+        goto merr;
+ merr:
+    EVP_PKEY_CTX_free(mac_ctx);
+    return mac_key;
+}
diff --git a/openssl-1.1.0h/crypto/evp/pmeth_lib.c b/openssl-1.1.0h/crypto/evp/pmeth_lib.c
new file mode 100644
index 0000000..5e650a9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/pmeth_lib.c
@@ -0,0 +1,725 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/numbers.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+
+static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+
+static const EVP_PKEY_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ec_pkey_meth,
+#endif
+    &hmac_pkey_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_pkey_meth,
+#endif
+    &tls1_prf_pkey_meth,
+#ifndef OPENSSL_NO_EC
+    &ecx25519_pkey_meth,
+#endif
+    &hkdf_pkey_meth
+};
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                           pmeth);
+
+static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
+                     const EVP_PKEY_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                             pmeth);
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
+{
+    EVP_PKEY_METHOD tmp;
+    const EVP_PKEY_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_pkey_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+    }
+    ret = OBJ_bsearch_pmeth(&t, standard_methods,
+                            sizeof(standard_methods) /
+                            sizeof(EVP_PKEY_METHOD *));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
+{
+    EVP_PKEY_CTX *ret;
+    const EVP_PKEY_METHOD *pmeth;
+    if (id == -1) {
+        if (!pkey || !pkey->ameth)
+            return NULL;
+        id = pkey->ameth->pkey_id;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (e == NULL && pkey != NULL)
+        e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
+    /* Try to find an ENGINE which implements this method */
+    if (e) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
+            return NULL;
+        }
+    } else {
+        e = ENGINE_get_pkey_meth_engine(id);
+    }
+
+    /*
+     * If an ENGINE handled this method look it up. Otherwise use internal
+     * tables.
+     */
+
+    if (e)
+        pmeth = ENGINE_get_pkey_meth(e, id);
+    else
+#endif
+        pmeth = EVP_PKEY_meth_find(id);
+
+    if (pmeth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->engine = e;
+    ret->pmeth = pmeth;
+    ret->operation = EVP_PKEY_OP_UNDEFINED;
+    ret->pkey = pkey;
+    if (pkey)
+        EVP_PKEY_up_ref(pkey);
+
+    if (pmeth->init) {
+        if (pmeth->init(ret) <= 0) {
+            ret->pmeth = NULL;
+            EVP_PKEY_CTX_free(ret);
+            return NULL;
+        }
+    }
+
+    return ret;
+}
+
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
+{
+    EVP_PKEY_METHOD *pmeth;
+
+    pmeth = OPENSSL_zalloc(sizeof(*pmeth));
+    if (pmeth == NULL)
+        return NULL;
+
+    pmeth->pkey_id = id;
+    pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
+    return pmeth;
+}
+
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth)
+{
+    if (ppkey_id)
+        *ppkey_id = meth->pkey_id;
+    if (pflags)
+        *pflags = meth->flags;
+}
+
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
+{
+
+    dst->init = src->init;
+    dst->copy = src->copy;
+    dst->cleanup = src->cleanup;
+
+    dst->paramgen_init = src->paramgen_init;
+    dst->paramgen = src->paramgen;
+
+    dst->keygen_init = src->keygen_init;
+    dst->keygen = src->keygen;
+
+    dst->sign_init = src->sign_init;
+    dst->sign = src->sign;
+
+    dst->verify_init = src->verify_init;
+    dst->verify = src->verify;
+
+    dst->verify_recover_init = src->verify_recover_init;
+    dst->verify_recover = src->verify_recover;
+
+    dst->signctx_init = src->signctx_init;
+    dst->signctx = src->signctx;
+
+    dst->verifyctx_init = src->verifyctx_init;
+    dst->verifyctx = src->verifyctx;
+
+    dst->encrypt_init = src->encrypt_init;
+    dst->encrypt = src->encrypt;
+
+    dst->decrypt_init = src->decrypt_init;
+    dst->decrypt = src->decrypt;
+
+    dst->derive_init = src->derive_init;
+    dst->derive = src->derive;
+
+    dst->ctrl = src->ctrl;
+    dst->ctrl_str = src->ctrl_str;
+}
+
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
+{
+    if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
+        OPENSSL_free(pmeth);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
+{
+    return int_ctx_new(pkey, e, -1);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
+{
+    return int_ctx_new(NULL, e, id);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
+{
+    EVP_PKEY_CTX *rctx;
+    if (!pctx->pmeth || !pctx->pmeth->copy)
+        return NULL;
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a pkey context using an ENGINE */
+    if (pctx->engine && !ENGINE_init(pctx->engine)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+    rctx = OPENSSL_malloc(sizeof(*rctx));
+    if (rctx == NULL)
+        return NULL;
+
+    rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+    rctx->engine = pctx->engine;
+#endif
+
+    if (pctx->pkey)
+        EVP_PKEY_up_ref(pctx->pkey);
+
+    rctx->pkey = pctx->pkey;
+
+    if (pctx->peerkey)
+        EVP_PKEY_up_ref(pctx->peerkey);
+
+    rctx->peerkey = pctx->peerkey;
+
+    rctx->data = NULL;
+    rctx->app_data = NULL;
+    rctx->operation = pctx->operation;
+
+    if (pctx->pmeth->copy(rctx, pctx) > 0)
+        return rctx;
+
+    rctx->pmeth = NULL;
+    EVP_PKEY_CTX_free(rctx);
+    return NULL;
+
+}
+
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
+{
+    if (app_pkey_methods == NULL) {
+        app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
+        if (app_pkey_methods == NULL)
+            return 0;
+    }
+    if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+        return 0;
+    sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
+    return 1;
+}
+
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if (ctx->pmeth && ctx->pmeth->cleanup)
+        ctx->pmeth->cleanup(ctx);
+    EVP_PKEY_free(ctx->pkey);
+    EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_free(ctx);
+}
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
+        return -1;
+
+    if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+        return -1;
+    }
+
+    if ((optype != -1) && !(ctx->operation & optype)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+        return -1;
+    }
+
+    ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
+
+    if (ret == -2)
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+
+    return ret;
+
+}
+
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+                          const char *name, const char *value)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if (strcmp(name, "digest") == 0) {
+        const EVP_MD *md;
+        if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) {
+            EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_signature_md(ctx, md);
+    }
+    return ctx->pmeth->ctrl_str(ctx, name, value);
+}
+
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+    size_t len;
+
+    len = strlen(str);
+    if (len > INT_MAX)
+        return -1;
+    return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+    unsigned char *bin;
+    long binlen;
+    int rv = -1;
+
+    bin = OPENSSL_hexstr2buf(hex, &binlen);
+    if (bin == NULL)
+        return 0;
+    if (binlen <= INT_MAX)
+        rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+    OPENSSL_free(bin);
+    return rv;
+}
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
+{
+    return ctx->operation;
+}
+
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
+{
+    ctx->keygen_info = dat;
+    ctx->keygen_info_count = datlen;
+}
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->data = data;
+}
+
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->data;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->peerkey;
+}
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->init = init;
+}
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src))
+{
+    pmeth->copy = copy;
+}
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->cleanup = cleanup;
+}
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey))
+{
+    pmeth->paramgen_init = paramgen_init;
+    pmeth->paramgen = paramgen;
+}
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey))
+{
+    pmeth->keygen_init = keygen_init;
+    pmeth->keygen = keygen;
+}
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen))
+{
+    pmeth->sign_init = sign_init;
+    pmeth->sign = sign;
+}
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen))
+{
+    pmeth->verify_init = verify_init;
+    pmeth->verify = verify;
+}
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen))
+{
+    pmeth->verify_recover_init = verify_recover_init;
+    pmeth->verify_recover = verify_recover;
+}
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx))
+{
+    pmeth->signctx_init = signctx_init;
+    pmeth->signctx = signctx;
+}
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx))
+{
+    pmeth->verifyctx_init = verifyctx_init;
+    pmeth->verifyctx = verifyctx;
+}
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    pmeth->encrypt_init = encrypt_init;
+    pmeth->encrypt = encryptfn;
+}
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen))
+{
+    pmeth->decrypt_init = decrypt_init;
+    pmeth->decrypt = decrypt;
+}
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen))
+{
+    pmeth->derive_init = derive_init;
+    pmeth->derive = derive;
+}
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value))
+{
+    pmeth->ctrl = ctrl;
+    pmeth->ctrl_str = ctrl_str;
+}
+
+void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx))
+{
+    *pinit = pmeth->init;
+}
+
+void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src))
+{
+    *pcopy = pmeth->copy;
+}
+
+void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx))
+{
+    *pcleanup = pmeth->cleanup;
+}
+
+void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey))
+{
+    if (pparamgen_init)
+        *pparamgen_init = pmeth->paramgen_init;
+    if (pparamgen)
+        *pparamgen = pmeth->paramgen;
+}
+
+void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey))
+{
+    if (pkeygen_init)
+        *pkeygen_init = pmeth->keygen_init;
+    if (pkeygen)
+        *pkeygen = pmeth->keygen;
+}
+
+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen))
+{
+    if (psign_init)
+        *psign_init = pmeth->sign_init;
+    if (psign)
+        *psign = pmeth->sign;
+}
+
+void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen))
+{
+    if (pverify_init)
+        *pverify_init = pmeth->verify_init;
+    if (pverify)
+        *pverify = pmeth->verify;
+}
+
+void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen))
+{
+    if (pverify_recover_init)
+        *pverify_recover_init = pmeth->verify_recover_init;
+    if (pverify_recover)
+        *pverify_recover = pmeth->verify_recover;
+}
+
+void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx))
+{
+    if (psignctx_init)
+        *psignctx_init = pmeth->signctx_init;
+    if (psignctx)
+        *psignctx = pmeth->signctx;
+}
+
+void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx))
+{
+    if (pverifyctx_init)
+        *pverifyctx_init = pmeth->verifyctx_init;
+    if (pverifyctx)
+        *pverifyctx = pmeth->verifyctx;
+}
+
+void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen))
+{
+    if (pencrypt_init)
+        *pencrypt_init = pmeth->encrypt_init;
+    if (pencryptfn)
+        *pencryptfn = pmeth->encrypt;
+}
+
+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    if (pdecrypt_init)
+        *pdecrypt_init = pmeth->decrypt_init;
+    if (pdecrypt)
+        *pdecrypt = pmeth->decrypt;
+}
+
+void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen))
+{
+    if (pderive_init)
+        *pderive_init = pmeth->derive_init;
+    if (pderive)
+        *pderive = pmeth->derive;
+}
+
+void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value))
+{
+    if (pctrl)
+        *pctrl = pmeth->ctrl;
+    if (pctrl_str)
+        *pctrl_str = pmeth->ctrl_str;
+}
diff --git a/openssl-1.1.0h/crypto/evp/scrypt.c b/openssl-1.1.0h/crypto/evp/scrypt.c
new file mode 100644
index 0000000..101bb1e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/evp/scrypt.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <internal/numbers.h>
+
+#ifndef OPENSSL_NO_SCRYPT
+
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+static void salsa208_word_specification(uint32_t inout[16])
+{
+    int i;
+    uint32_t x[16];
+    memcpy(x, inout, sizeof(x));
+    for (i = 8; i > 0; i -= 2) {
+        x[4] ^= R(x[0] + x[12], 7);
+        x[8] ^= R(x[4] + x[0], 9);
+        x[12] ^= R(x[8] + x[4], 13);
+        x[0] ^= R(x[12] + x[8], 18);
+        x[9] ^= R(x[5] + x[1], 7);
+        x[13] ^= R(x[9] + x[5], 9);
+        x[1] ^= R(x[13] + x[9], 13);
+        x[5] ^= R(x[1] + x[13], 18);
+        x[14] ^= R(x[10] + x[6], 7);
+        x[2] ^= R(x[14] + x[10], 9);
+        x[6] ^= R(x[2] + x[14], 13);
+        x[10] ^= R(x[6] + x[2], 18);
+        x[3] ^= R(x[15] + x[11], 7);
+        x[7] ^= R(x[3] + x[15], 9);
+        x[11] ^= R(x[7] + x[3], 13);
+        x[15] ^= R(x[11] + x[7], 18);
+        x[1] ^= R(x[0] + x[3], 7);
+        x[2] ^= R(x[1] + x[0], 9);
+        x[3] ^= R(x[2] + x[1], 13);
+        x[0] ^= R(x[3] + x[2], 18);
+        x[6] ^= R(x[5] + x[4], 7);
+        x[7] ^= R(x[6] + x[5], 9);
+        x[4] ^= R(x[7] + x[6], 13);
+        x[5] ^= R(x[4] + x[7], 18);
+        x[11] ^= R(x[10] + x[9], 7);
+        x[8] ^= R(x[11] + x[10], 9);
+        x[9] ^= R(x[8] + x[11], 13);
+        x[10] ^= R(x[9] + x[8], 18);
+        x[12] ^= R(x[15] + x[14], 7);
+        x[13] ^= R(x[12] + x[15], 9);
+        x[14] ^= R(x[13] + x[12], 13);
+        x[15] ^= R(x[14] + x[13], 18);
+    }
+    for (i = 0; i < 16; ++i)
+        inout[i] += x[i];
+    OPENSSL_cleanse(x, sizeof(x));
+}
+
+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
+{
+    uint64_t i, j;
+    uint32_t X[16], *pB;
+
+    memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
+    pB = B;
+    for (i = 0; i < r * 2; i++) {
+        for (j = 0; j < 16; j++)
+            X[j] ^= *pB++;
+        salsa208_word_specification(X);
+        memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
+    }
+    OPENSSL_cleanse(X, sizeof(X));
+}
+
+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
+                        uint32_t *X, uint32_t *T, uint32_t *V)
+{
+    unsigned char *pB;
+    uint32_t *pV;
+    uint64_t i, k;
+
+    /* Convert from little endian input */
+    for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
+        *pV = *pB++;
+        *pV |= *pB++ << 8;
+        *pV |= *pB++ << 16;
+        *pV |= (uint32_t)*pB++ << 24;
+    }
+
+    for (i = 1; i < N; i++, pV += 32 * r)
+        scryptBlockMix(pV, pV - 32 * r, r);
+
+    scryptBlockMix(X, V + (N - 1) * 32 * r, r);
+
+    for (i = 0; i < N; i++) {
+        uint32_t j;
+        j = X[16 * (2 * r - 1)] % N;
+        pV = V + 32 * r * j;
+        for (k = 0; k < 32 * r; k++)
+            T[k] = X[k] ^ *pV++;
+        scryptBlockMix(X, T, r);
+    }
+    /* Convert output to little endian */
+    for (i = 0, pB = B; i < 32 * r; i++) {
+        uint32_t xtmp = X[i];
+        *pB++ = xtmp & 0xff;
+        *pB++ = (xtmp >> 8) & 0xff;
+        *pB++ = (xtmp >> 16) & 0xff;
+        *pB++ = (xtmp >> 24) & 0xff;
+    }
+}
+
+#ifndef SIZE_MAX
+# define SIZE_MAX    ((size_t)-1)
+#endif
+
+/*
+ * Maximum power of two that will fit in uint64_t: this should work on
+ * most (all?) platforms.
+ */
+
+#define LOG2_UINT64_MAX         (sizeof(uint64_t) * 8 - 1)
+
+/*
+ * Maximum value of p * r:
+ * p <= ((2^32-1) * hLen) / MFLen =>
+ * p <= ((2^32-1) * 32) / (128 * r) =>
+ * p * r <= (2^30-1)
+ *
+ */
+
+#define SCRYPT_PR_MAX   ((1 << 30) - 1)
+
+/*
+ * Maximum permitted memory allow this to be overridden with Configuration
+ * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
+ */
+
+#ifdef SCRYPT_MAX_MEM
+# if SCRYPT_MAX_MEM == 0
+#  undef SCRYPT_MAX_MEM
+/*
+ * Although we could theoretically allocate SIZE_MAX memory that would leave
+ * no memory available for anything else so set limit as half that.
+ */
+#  define SCRYPT_MAX_MEM (SIZE_MAX/2)
+# endif
+#else
+/* Default memory limit: 32 MB */
+# define SCRYPT_MAX_MEM  (1024 * 1024 * 32)
+#endif
+
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen)
+{
+    int rv = 0;
+    unsigned char *B;
+    uint32_t *X, *V, *T;
+    uint64_t i, Blen, Vlen;
+    size_t allocsize;
+
+    /* Sanity check parameters */
+    /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
+    if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
+        return 0;
+    /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
+    if (p > SCRYPT_PR_MAX / r)
+        return 0;
+
+    /*
+     * Need to check N: if 2^(128 * r / 8) overflows limit this is
+     * automatically satisfied since N <= UINT64_MAX.
+     */
+
+    if (16 * r <= LOG2_UINT64_MAX) {
+        if (N >= (((uint64_t)1) << (16 * r)))
+            return 0;
+    }
+
+    /* Memory checks: check total allocated buffer size fits in uint64_t */
+
+    /*
+     * B size in section 5 step 1.S
+     * Note: we know p * 128 * r < UINT64_MAX because we already checked
+     * p * r < SCRYPT_PR_MAX
+     */
+    Blen = p * 128 * r;
+
+    /*
+     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in
+     * uint64_t and also size_t (their sizes are unrelated).
+     * This is combined size V, X and T (section 4)
+     */
+    i = UINT64_MAX / (32 * sizeof(uint32_t));
+    if (N + 2 > i / r)
+        return 0;
+    Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
+
+    /* check total allocated size fits in uint64_t */
+    if (Blen > UINT64_MAX - Vlen)
+        return 0;
+    /* check total allocated size fits in size_t */
+    if (Blen > SIZE_MAX - Vlen)
+        return 0;
+
+    allocsize = (size_t)(Blen + Vlen);
+
+    if (maxmem == 0)
+        maxmem = SCRYPT_MAX_MEM;
+
+    if (allocsize > maxmem) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /* If no key return to indicate parameters are OK */
+    if (key == NULL)
+        return 1;
+
+    B = OPENSSL_malloc(allocsize);
+    if (B == NULL)
+        return 0;
+    X = (uint32_t *)(B + Blen);
+    T = X + 32 * r;
+    V = T + 32 * r;
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
+                          Blen, B) == 0)
+        goto err;
+
+    for (i = 0; i < p; i++)
+        scryptROMix(B + 128 * r * i, r, N, X, T, V);
+
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(),
+                          keylen, key) == 0)
+        goto err;
+    rv = 1;
+ err:
+    OPENSSL_clear_free(B, allocsize);
+    return rv;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ex_data.c b/openssl-1.1.0h/crypto/ex_data.c
new file mode 100644
index 0000000..22c4d3d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ex_data.c
@@ -0,0 +1,399 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib_int.h"
+#include "internal/thread_once.h"
+#include <openssl/lhash.h>
+
+/*
+ * Each structure type (sometimes called a class), that supports
+ * exdata has a stack of callbacks for each instance.
+ */
+struct ex_callback_st {
+    long argl;                  /* Arbitrary long */
+    void *argp;                 /* Arbitrary void * */
+    CRYPTO_EX_new *new_func;
+    CRYPTO_EX_free *free_func;
+    CRYPTO_EX_dup *dup_func;
+};
+
+/*
+ * The state for each class.  This could just be a typedef, but
+ * a structure allows future changes.
+ */
+typedef struct ex_callbacks_st {
+    STACK_OF(EX_CALLBACK) *meth;
+} EX_CALLBACKS;
+
+static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
+
+static CRYPTO_RWLOCK *ex_data_lock = NULL;
+static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
+{
+    OPENSSL_init_crypto(0, NULL);
+    ex_data_lock = CRYPTO_THREAD_lock_new();
+    return ex_data_lock != NULL;
+}
+
+/*
+ * Return the EX_CALLBACKS from the |ex_data| array that corresponds to
+ * a given class.  On success, *holds the lock.*
+ */
+static EX_CALLBACKS *get_and_lock(int class_index)
+{
+    EX_CALLBACKS *ip;
+
+    if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
+    if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ex_data_lock == NULL) {
+        /*
+         * This can happen in normal operation when using CRYPTO_mem_leaks().
+         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
+         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
+         * freed, which also attempts to free the ex_data. However
+         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
+         * before OPENSSL_cleanup() is called), so if we get here we can safely
+         * ignore this operation. We just treat it as an error.
+         */
+         return NULL;
+    }
+
+    ip = &ex_data[class_index];
+    CRYPTO_THREAD_write_lock(ex_data_lock);
+    return ip;
+}
+
+static void cleanup_cb(EX_CALLBACK *funcs)
+{
+    OPENSSL_free(funcs);
+}
+
+/*
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
+ */
+void crypto_cleanup_all_ex_data_int(void)
+{
+    int i;
+
+    for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) {
+        EX_CALLBACKS *ip = &ex_data[i];
+
+        sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb);
+        ip->meth = NULL;
+    }
+
+    CRYPTO_THREAD_lock_free(ex_data_lock);
+    ex_data_lock = NULL;
+}
+
+
+/*
+ * Unregister a new index by replacing the callbacks with no-ops.
+ * Any in-use instances are leaked.
+ */
+static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                     long argl, void *argp)
+{
+}
+
+static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                       long argl, void *argp)
+{
+}
+
+static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                     void *from_d, int idx,
+                     long argl, void *argp)
+{
+    return 1;
+}
+
+int CRYPTO_free_ex_index(int class_index, int idx)
+{
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+    EX_CALLBACK *a;
+    int toret = 0;
+
+    if (ip == NULL)
+        return 0;
+    if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth))
+        goto err;
+    a = sk_EX_CALLBACK_value(ip->meth, idx);
+    if (a == NULL)
+        goto err;
+    a->new_func = dummy_new;
+    a->dup_func = dummy_dup;
+    a->free_func = dummy_free;
+    toret = 1;
+err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Register a new index.
+ */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
+{
+    int toret = -1;
+    EX_CALLBACK *a;
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return -1;
+
+    if (ip->meth == NULL) {
+        ip->meth = sk_EX_CALLBACK_new_null();
+        /* We push an initial value on the stack because the SSL
+         * "app_data" routines use ex_data index zero.  See RT 3710. */
+        if (ip->meth == NULL
+            || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a));
+    if (a == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    a->argl = argl;
+    a->argp = argp;
+    a->new_func = new_func;
+    a->dup_func = dup_func;
+    a->free_func = free_func;
+
+    if (!sk_EX_CALLBACK_push(ip->meth, NULL)) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(a);
+        goto err;
+    }
+    toret = sk_EX_CALLBACK_num(ip->meth) - 1;
+    (void)sk_EX_CALLBACK_set(ip->meth, toret, a);
+
+ err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ * Thread-safe by copying a class's array of "EX_CALLBACK" entries
+ * in the lock, then using them outside the lock. Note this only applies
+ * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    void *ptr;
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return 0;
+
+    ad->sk = NULL;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx > 0 && storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < mx; i++) {
+        if (storage[i] && storage[i]->new_func) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            storage[i]->new_func(obj, ptr, ad, i,
+                                 storage[i]->argl, storage[i]->argp);
+        }
+    }
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return 1;
+}
+
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from)
+{
+    int mx, j, i;
+    void *ptr;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACKS *ip;
+    int toret = 0;
+
+    if (from->sk == NULL)
+        /* Nothing to copy over */
+        return 1;
+    if ((ip = get_and_lock(class_index)) == NULL)
+        return 0;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    j = sk_void_num(from->sk);
+    if (j < mx)
+        mx = j;
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx == 0)
+        return 1;
+    if (storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * Make sure the ex_data stack is at least |mx| elements long to avoid
+     * issues in the for loop that follows; so go get the |mx|'th element
+     * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+     * to itself. This is normally a no-op; but ensures the stack is the
+     * proper size
+     */
+    if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
+        goto err;
+
+    for (i = 0; i < mx; i++) {
+        ptr = CRYPTO_get_ex_data(from, i);
+        if (storage[i] && storage[i]->dup_func)
+            if (!storage[i]->dup_func(to, from, &ptr, i,
+                                      storage[i]->argl, storage[i]->argp))
+                goto err;
+        CRYPTO_set_ex_data(to, i, ptr);
+    }
+    toret = 1;
+ err:
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return toret;
+}
+
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    EX_CALLBACKS *ip;
+    void *ptr;
+    EX_CALLBACK *f;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+
+    if ((ip = get_and_lock(class_index)) == NULL)
+        goto err;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    for (i = 0; i < mx; i++) {
+        if (storage != NULL)
+            f = storage[i];
+        else {
+            CRYPTO_THREAD_write_lock(ex_data_lock);
+            f = sk_EX_CALLBACK_value(ip->meth, i);
+            CRYPTO_THREAD_unlock(ex_data_lock);
+        }
+        if (f != NULL && f->free_func != NULL) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            f->free_func(obj, ptr, ad, i, f->argl, f->argp);
+        }
+    }
+
+    if (storage != stack)
+        OPENSSL_free(storage);
+ err:
+    sk_void_free(ad->sk);
+    ad->sk = NULL;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+{
+    int i;
+
+    if (ad->sk == NULL) {
+        if ((ad->sk = sk_void_new_null()) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    for (i = sk_void_num(ad->sk); i <= idx; ++i) {
+        if (!sk_void_push(ad->sk, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    sk_void_set(ad->sk, idx, val);
+    return 1;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable
+ */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+{
+    if (ad->sk == NULL || idx >= sk_void_num(ad->sk))
+        return NULL;
+    return sk_void_value(ad->sk, idx);
+}
diff --git a/openssl-1.1.0h/crypto/hmac/build.info b/openssl-1.1.0h/crypto/hmac/build.info
new file mode 100644
index 0000000..09f67c2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/hmac/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        hmac.c hm_ameth.c hm_pmeth.c
diff --git a/openssl-1.1.0h/crypto/hmac/hm_ameth.c b/openssl-1.1.0h/crypto/hmac/hm_ameth.c
new file mode 100644
index 0000000..78ae0ea
--- /dev/null
+++ b/openssl-1.1.0h/crypto/hmac/hm_ameth.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+
+#define HMAC_TEST_PRIVATE_KEY_FORMAT
+
+/*
+ * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
+ * length and to free up an HMAC key.
+ */
+
+static int hmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_MD_SIZE;
+}
+
+static void hmac_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os) {
+        if (os->data)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+/*
+ * A bogus private key format for test purposes. This is simply the HMAC key
+ * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility
+ * can be used to "generate" HMAC keys.
+ */
+
+static int old_hmac_decode(EVP_PKEY *pkey,
+                           const unsigned char **pder, int derlen)
+{
+    ASN1_OCTET_STRING *os;
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen))
+        goto err;
+    if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
+        goto err;
+    return 1;
+
+ err:
+    ASN1_OCTET_STRING_free(os);
+    return 0;
+}
+
+static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    int inc;
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (pder) {
+        if (!*pder) {
+            *pder = OPENSSL_malloc(os->length);
+            if (*pder == NULL)
+                return -1;
+            inc = 0;
+        } else
+            inc = 1;
+
+        memcpy(*pder, os->data, os->length);
+
+        if (inc)
+            *pder += os->length;
+    }
+
+    return os->length;
+}
+
+#endif
+
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
+    EVP_PKEY_HMAC,
+    EVP_PKEY_HMAC,
+    0,
+
+    "HMAC",
+    "OpenSSL HMAC method",
+
+    0, 0, hmac_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    hmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    hmac_key_free,
+    hmac_pkey_ctrl,
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+    old_hmac_decode,
+    old_hmac_encode
+#else
+    0, 0
+#endif
+};
diff --git a/openssl-1.1.0h/crypto/hmac/hm_pmeth.c b/openssl-1.1.0h/crypto/hmac/hm_pmeth.c
new file mode 100644
index 0000000..5b98477
--- /dev/null
+++ b/openssl-1.1.0h/crypto/hmac/hm_pmeth.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include "internal/evp_int.h"
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} HMAC_PKEY_CTX;
+
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx;
+
+    hctx = OPENSSL_zalloc(sizeof(*hctx));
+    if (hctx == NULL)
+        return 0;
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+
+    ctx->data = hctx;
+    ctx->keygen_info_count = 0;
+
+    return 1;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!pkey_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    pkey_hmac_cleanup (dst);
+    return 0;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx != NULL) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data;
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    HMAC_CTX_set_flags(hctx->ctx,
+                       EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT));
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md,
+                          ctx->engine))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD hmac_pkey_meth = {
+    EVP_PKEY_HMAC,
+    0,
+    pkey_hmac_init,
+    pkey_hmac_copy,
+    pkey_hmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_hmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    hmac_signctx_init,
+    hmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_hmac_ctrl,
+    pkey_hmac_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/hmac/hmac.c b/openssl-1.1.0h/crypto/hmac/hmac.c
new file mode 100644
index 0000000..3374105
--- /dev/null
+++ b/openssl-1.1.0h/crypto/hmac/hmac.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/hmac.h>
+#include <openssl/opensslconf.h>
+#include "hmac_lcl.h"
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                 const EVP_MD *md, ENGINE *impl)
+{
+    int i, j, reset = 0;
+    unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+    /* If we are changing MD then we must have a key */
+    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+        return 0;
+
+    if (md != NULL) {
+        reset = 1;
+        ctx->md = md;
+    } else if (ctx->md) {
+        md = ctx->md;
+    } else {
+        return 0;
+    }
+
+    if (key != NULL) {
+        reset = 1;
+        j = EVP_MD_block_size(md);
+        OPENSSL_assert(j <= (int)sizeof(ctx->key));
+        if (j < len) {
+            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
+                goto err;
+            if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
+                goto err;
+            if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
+                                    &ctx->key_length))
+                goto err;
+        } else {
+            if (len < 0 || len > (int)sizeof(ctx->key))
+                return 0;
+            memcpy(ctx->key, key, len);
+            ctx->key_length = len;
+        }
+        if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+            memset(&ctx->key[ctx->key_length], 0,
+                   HMAC_MAX_MD_CBLOCK - ctx->key_length);
+    }
+
+    if (reset) {
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+            pad[i] = 0x36 ^ ctx->key[i];
+        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
+            goto err;
+        if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+            pad[i] = 0x5c ^ ctx->key[i];
+        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
+            goto err;
+        if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+    if (key && md)
+        HMAC_CTX_reset(ctx);
+    return HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+#endif
+
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+    if (!ctx->md)
+        return 0;
+    return EVP_DigestUpdate(ctx->md_ctx, data, len);
+}
+
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+    unsigned int i;
+    unsigned char buf[EVP_MAX_MD_SIZE];
+
+    if (!ctx->md)
+        goto err;
+
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
+        goto err;
+    if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+size_t HMAC_size(const HMAC_CTX *ctx)
+{
+    return EVP_MD_size((ctx)->md);
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+    if (ctx != NULL) {
+        if (!HMAC_CTX_reset(ctx)) {
+            HMAC_CTX_free(ctx);
+            return NULL;
+        }
+    }
+    return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx->i_ctx);
+    EVP_MD_CTX_reset(ctx->o_ctx);
+    EVP_MD_CTX_reset(ctx->md_ctx);
+    ctx->md = NULL;
+    ctx->key_length = 0;
+    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx != NULL) {
+        hmac_ctx_cleanup(ctx);
+        EVP_MD_CTX_free(ctx->i_ctx);
+        EVP_MD_CTX_free(ctx->o_ctx);
+        EVP_MD_CTX_free(ctx->md_ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+    hmac_ctx_cleanup(ctx);
+    if (ctx->i_ctx == NULL)
+        ctx->i_ctx = EVP_MD_CTX_new();
+    if (ctx->i_ctx == NULL)
+        goto err;
+    if (ctx->o_ctx == NULL)
+        ctx->o_ctx = EVP_MD_CTX_new();
+    if (ctx->o_ctx == NULL)
+        goto err;
+    if (ctx->md_ctx == NULL)
+        ctx->md_ctx = EVP_MD_CTX_new();
+    if (ctx->md_ctx == NULL)
+        goto err;
+    ctx->md = NULL;
+    return 1;
+ err:
+    hmac_ctx_cleanup(ctx);
+    return 0;
+}
+
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+    if (!HMAC_CTX_reset(dctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
+        goto err;
+    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+    dctx->key_length = sctx->key_length;
+    dctx->md = sctx->md;
+    return 1;
+ err:
+    hmac_ctx_cleanup(dctx);
+    return 0;
+}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len)
+{
+    HMAC_CTX *c = NULL;
+    static unsigned char m[EVP_MAX_MD_SIZE];
+    static const unsigned char dummy_key[1] = {'\0'};
+
+    if (md == NULL)
+        md = m;
+    if ((c = HMAC_CTX_new()) == NULL)
+        goto err;
+
+    /* For HMAC_Init_ex, NULL key signals reuse. */
+    if (key == NULL && key_len == 0) {
+        key = dummy_key;
+    }
+
+    if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
+        goto err;
+    if (!HMAC_Update(c, d, n))
+        goto err;
+    if (!HMAC_Final(c, md, md_len))
+        goto err;
+    HMAC_CTX_free(c);
+    return md;
+ err:
+    HMAC_CTX_free(c);
+    return NULL;
+}
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+    EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
+}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+    return ctx->md;
+}
diff --git a/openssl-1.1.0h/crypto/hmac/hmac_lcl.h b/openssl-1.1.0h/crypto/hmac/hmac_lcl.h
new file mode 100644
index 0000000..4c156dc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/hmac/hmac_lcl.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_LCL_H
+# define HEADER_HMAC_LCL_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#if 0                            /* emacs indentation fix */
+}
+#endif
+
+struct hmac_ctx_st {
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx;
+    EVP_MD_CTX *i_ctx;
+    EVP_MD_CTX *o_ctx;
+    unsigned int key_length;
+    unsigned char key[HMAC_MAX_MD_CBLOCK];
+};
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ia64cpuid.S b/openssl-1.1.0h/crypto/ia64cpuid.S
new file mode 100644
index 0000000..92c5512
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ia64cpuid.S
@@ -0,0 +1,297 @@
+// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+// Works on all IA-64 platforms: Linux, HP-UX, Win64i...
+// On Win64i compile with ias.exe.
+.text
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define	ADDP	addp4
+#else
+#define	ADDP	add
+#endif
+
+.global	OPENSSL_cpuid_setup#
+.proc	OPENSSL_cpuid_setup#
+OPENSSL_cpuid_setup:
+{ .mib;	br.ret.sptk.many	b0		};;
+.endp	OPENSSL_cpuid_setup#
+
+.global	OPENSSL_rdtsc#
+.proc	OPENSSL_rdtsc#
+OPENSSL_rdtsc:
+{ .mib;	mov			r8=ar.itc
+	br.ret.sptk.many	b0		};;
+.endp   OPENSSL_rdtsc#
+
+.global	OPENSSL_atomic_add#
+.proc	OPENSSL_atomic_add#
+.align	32
+OPENSSL_atomic_add:
+{ .mii;	ld4		r2=[r32]
+	nop.i		0
+	nop.i		0		};;
+.Lspin:
+{ .mii;	mov		ar.ccv=r2
+	add		r8=r2,r33
+	mov		r3=r2		};;
+{ .mmi;	mf;;
+	cmpxchg4.acq	r2=[r32],r8,ar.ccv
+	nop.i		0		};;
+{ .mib;	cmp.ne		p6,p0=r2,r3
+	nop.i		0
+(p6)	br.dpnt		.Lspin		};;
+{ .mib;	nop.m		0
+	sxt4		r8=r8
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_atomic_add#
+
+// Returns a structure comprising pointer to the top of stack of
+// the caller and pointer beyond backing storage for the current
+// register frame. The latter is required, because it might be
+// insufficient to wipe backing storage for the current frame
+// (as this procedure does), one might have to go further, toward
+// higher addresses to reach for whole "retroactively" saved
+// context...
+.global	OPENSSL_wipe_cpu#
+.proc	OPENSSL_wipe_cpu#
+.align	32
+OPENSSL_wipe_cpu:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+	.save	ar.lc,r3
+{ .mib;	alloc		r2=ar.pfs,0,96,0,96
+	mov		r3=ar.lc
+	brp.loop.imp	.L_wipe_top,.L_wipe_end-16
+					};;
+{ .mii;	mov		r9=ar.bsp
+	mov		r8=pr
+	mov		ar.lc=96	};;
+	.body
+{ .mii;	add		r9=96*8-8,r9
+	mov		ar.ec=1		};;
+
+// One can sweep double as fast, but then we can't guarantee
+// that backing storage is wiped...
+.L_wipe_top:
+{ .mfi;	st8		[r9]=r0,-8
+	mov		f127=f0
+	mov		r127=r0		}
+{ .mfb;	nop.m		0
+	nop.f		0
+	br.ctop.sptk	.L_wipe_top	};;
+.L_wipe_end:
+
+{ .mfi;	mov		r11=r0
+	mov		f6=f0
+	mov		r14=r0		}
+{ .mfi;	mov		r15=r0
+	mov		f7=f0
+	mov		r16=r0		}
+{ .mfi;	mov		r17=r0
+	mov		f8=f0
+	mov		r18=r0		}
+{ .mfi;	mov		r19=r0
+	mov		f9=f0
+	mov		r20=r0		}
+{ .mfi;	mov		r21=r0
+	mov		f10=f0
+	mov		r22=r0		}
+{ .mfi;	mov		r23=r0
+	mov		f11=f0
+	mov		r24=r0		}
+{ .mfi;	mov		r25=r0
+	mov		f12=f0
+	mov		r26=r0		}
+{ .mfi;	mov		r27=r0
+	mov		f13=f0
+	mov		r28=r0		}
+{ .mfi;	mov		r29=r0
+	mov		f14=f0
+	mov		r30=r0		}
+{ .mfi;	mov		r31=r0
+	mov		f15=f0
+	nop.i		0		}
+{ .mfi;	mov		f16=f0		}
+{ .mfi;	mov		f17=f0		}
+{ .mfi;	mov		f18=f0		}
+{ .mfi;	mov		f19=f0		}
+{ .mfi;	mov		f20=f0		}
+{ .mfi;	mov		f21=f0		}
+{ .mfi;	mov		f22=f0		}
+{ .mfi;	mov		f23=f0		}
+{ .mfi;	mov		f24=f0		}
+{ .mfi;	mov		f25=f0		}
+{ .mfi;	mov		f26=f0		}
+{ .mfi;	mov		f27=f0		}
+{ .mfi;	mov		f28=f0		}
+{ .mfi;	mov		f29=f0		}
+{ .mfi;	mov		f30=f0		}
+{ .mfi;	add		r9=96*8+8,r9
+	mov		f31=f0
+	mov		pr=r8,0x1ffff	}
+{ .mib;	mov		r8=sp
+	mov		ar.lc=r3
+	br.ret.sptk	b0		};;
+.endp	OPENSSL_wipe_cpu#
+
+.global	OPENSSL_cleanse#
+.proc	OPENSSL_cleanse#
+OPENSSL_cleanse:
+{ .mib;	cmp.eq		p6,p0=0,r33	    // len==0
+	ADDP		r32=0,r32
+(p6)	br.ret.spnt	b0		};;
+{ .mib;	and		r2=7,r32
+	cmp.leu		p6,p0=15,r33	    // len>=15
+(p6)	br.cond.dptk	.Lot		};;
+
+.Little:
+{ .mib;	st1		[r32]=r0,1
+	cmp.ltu		p6,p7=1,r33	}  // len>1
+{ .mbb;	add		r33=-1,r33	   // len--
+(p6)	br.cond.dptk	.Little
+(p7)	br.ret.sptk.many	b0	};;
+
+.Lot:
+{ .mib;	cmp.eq		p6,p0=0,r2
+(p6)	br.cond.dptk	.Laligned	};;
+{ .mmi;	st1		[r32]=r0,1;;
+	and		r2=7,r32	}
+{ .mib;	add		r33=-1,r33
+	br		.Lot		};;
+
+.Laligned:
+{ .mmi;	st8		[r32]=r0,8
+	and		r2=-8,r33	    // len&~7
+	add		r33=-8,r33	};; // len-=8
+{ .mib;	cmp.ltu		p6,p0=8,r2	    // ((len+8)&~7)>8
+(p6)	br.cond.dptk	.Laligned	};;
+
+{ .mbb;	cmp.eq		p6,p7=r0,r33
+(p7)	br.cond.dpnt	.Little
+(p6)	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_cleanse#
+
+.global	CRYPTO_memcmp#
+.proc	CRYPTO_memcmp#
+.align	32
+.skip	16
+CRYPTO_memcmp:
+	.prologue
+{ .mib;	mov		r8=0
+	cmp.eq		p6,p0=0,r34	    // len==0?
+(p6)	br.ret.spnt	b0		};;
+	.save		ar.pfs,r2
+{ .mib;	alloc		r2=ar.pfs,3,5,0,8
+	.save		ar.lc,r3
+	mov		r3=ar.lc
+	brp.loop.imp	.Loop_cmp_ctop,.Loop_cmp_cend-16
+					}
+{ .mib;	sub		r10=r34,r0,1
+	.save		pr,r9
+	mov		r9=pr		};;
+{ .mii;	ADDP		r16=0,r32
+	mov		ar.lc=r10
+	mov		ar.ec=4		}
+{ .mib;	ADDP		r17=0,r33
+	mov		pr.rot=1<<16	};;
+
+.Loop_cmp_ctop:
+{ .mib;	(p16)	ld1	r32=[r16],1
+	(p18)	xor	r34=r34,r38	}
+{ .mib;	(p16)	ld1	r36=[r17],1
+	(p19)	or	r8=r8,r35
+	br.ctop.sptk	.Loop_cmp_ctop	};;
+.Loop_cmp_cend:
+
+{ .mib;	cmp.ne		p6,p0=0,r8
+	mov		ar.lc=r3	};;
+{ .mib;
+(p6)	mov		r8=1
+	mov		pr=r9,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	CRYPTO_memcmp#
+
+.global	OPENSSL_instrument_bus#
+.proc	OPENSSL_instrument_bus#
+OPENSSL_instrument_bus:
+{ .mmi;	mov		r2=r33
+	ADDP		r32=0,r32	}
+{ .mmi;	mov		r8=ar.itc;;
+	mov		r10=r0
+	mov		r9=r8		};;
+
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+					};;
+.Loop:
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9		// diff=tick-lasttick
+	mov		r9=r8		};;	// lasttick=tick
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+	add		r33=-1,r33
+	add		r32=4,r32	};;
+{ .mib;	cmp4.ne		p6,p0=0,r33
+(p6)	br.cond.dptk	.Loop		};;
+
+{ .mib;	sub		r8=r2,r33
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_instrument_bus#
+
+.global	OPENSSL_instrument_bus2#
+.proc	OPENSSL_instrument_bus2#
+OPENSSL_instrument_bus2:
+{ .mmi;	mov		r2=r33			// put aside cnt
+	ADDP		r32=0,r32	}
+{ .mmi;	mov		r8=ar.itc;;
+	mov		r10=r0
+	mov		r9=r8		};;
+
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmi;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+					};;
+
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9
+	mov		r9=r8		};;
+.Loop2:
+{ .mmi;	mov		r11=r10			// lastdiff=diff
+	add		r34=-1,r34	};;	// --max
+{ .mmi;	fc		r32;;
+	ld4		r8=[r32]
+	cmp4.eq		p6,p0=0,r34	};;
+{ .mmi;	mf
+	mov		ar.ccv=r8
+	add		r8=r8,r10	};;
+{ .mmb;	cmpxchg4.acq	r3=[r32],r8,ar.ccv
+(p6)	br.cond.spnt	.Ldone2		};;
+
+{ .mmi;	mov		r8=ar.itc;;
+	sub		r10=r8,r9		// diff=tick-lasttick
+	mov		r9=r8		};;	// lasttick=tick
+{ .mmi;	cmp.ne		p6,p0=r10,r11;;		// diff!=lastdiff
+(p6)	add		r33=-1,r33	};;	// conditional --cnt
+{ .mib;	cmp4.ne		p7,p0=0,r33
+(p6)	add		r32=4,r32		// conditional ++out
+(p7)	br.cond.dptk	.Loop2		};;
+.Ldone2:
+{ .mib;	sub		r8=r2,r33
+	br.ret.sptk.many	b0	};;
+.endp	OPENSSL_instrument_bus2#
diff --git a/openssl-1.1.0h/crypto/idea/build.info b/openssl-1.1.0h/crypto/idea/build.info
new file mode 100644
index 0000000..2326123
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
diff --git a/openssl-1.1.0h/crypto/idea/i_cbc.c b/openssl-1.1.0h/crypto/idea/i_cbc.c
new file mode 100644
index 0000000..a70a868
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/i_cbc.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void IDEA_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+{
+    register IDEA_INT *p;
+    register unsigned long x1, x2, x3, x4, t0, t1, ul;
+
+    x2 = d[0];
+    x1 = (x2 >> 16);
+    x4 = d[1];
+    x3 = (x4 >> 16);
+
+    p = &(key->data[0][0]);
+
+    E_IDEA(0);
+    E_IDEA(1);
+    E_IDEA(2);
+    E_IDEA(3);
+    E_IDEA(4);
+    E_IDEA(5);
+    E_IDEA(6);
+    E_IDEA(7);
+
+    x1 &= 0xffff;
+    idea_mul(x1, x1, *p, ul);
+    p++;
+
+    t0 = x3 + *(p++);
+    t1 = x2 + *(p++);
+
+    x4 &= 0xffff;
+    idea_mul(x4, x4, *p, ul);
+
+    d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16);
+    d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16);
+}
diff --git a/openssl-1.1.0h/crypto/idea/i_cfb64.c b/openssl-1.1.0h/crypto/idea/i_cfb64.c
new file mode 100644
index 0000000..daf467e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/i_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/idea/i_ecb.c b/openssl-1.1.0h/crypto/idea/i_ecb.c
new file mode 100644
index 0000000..2208287
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/i_ecb.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+#include <openssl/opensslv.h>
+
+const char *IDEA_options(void)
+{
+    return ("idea(int)");
+}
+
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks)
+{
+    unsigned long l0, l1, d[2];
+
+    n2l(in, l0);
+    d[0] = l0;
+    n2l(in, l1);
+    d[1] = l1;
+    IDEA_encrypt(d, ks);
+    l0 = d[0];
+    l2n(l0, out);
+    l1 = d[1];
+    l2n(l1, out);
+    l0 = l1 = d[0] = d[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/idea/i_ofb64.c b/openssl-1.1.0h/crypto/idea/i_ofb64.c
new file mode 100644
index 0000000..997a7b8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/i_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            IDEA_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/idea/i_skey.c b/openssl-1.1.0h/crypto/idea/i_skey.c
new file mode 100644
index 0000000..0285324
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/i_skey.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+static IDEA_INT inverse(unsigned int xin);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+{
+    int i;
+    register IDEA_INT *kt, *kf, r0, r1, r2;
+
+    kt = &(ks->data[0][0]);
+    n2s(key, kt[0]);
+    n2s(key, kt[1]);
+    n2s(key, kt[2]);
+    n2s(key, kt[3]);
+    n2s(key, kt[4]);
+    n2s(key, kt[5]);
+    n2s(key, kt[6]);
+    n2s(key, kt[7]);
+
+    kf = kt;
+    kt += 8;
+    for (i = 0; i < 6; i++) {
+        r2 = kf[1];
+        r1 = kf[2];
+        *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[3];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[4];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[5];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[6];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[7];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[0];
+        if (i >= 5)
+            break;
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
+        kf += 8;
+    }
+}
+
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+{
+    int r;
+    register IDEA_INT *fp, *tp, t;
+
+    tp = &(dk->data[0][0]);
+    fp = &(ek->data[8][0]);
+    for (r = 0; r < 9; r++) {
+        *(tp++) = inverse(fp[0]);
+        *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
+        *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
+        *(tp++) = inverse(fp[3]);
+        if (r == 8)
+            break;
+        fp -= 6;
+        *(tp++) = fp[4];
+        *(tp++) = fp[5];
+    }
+
+    tp = &(dk->data[0][0]);
+    t = tp[1];
+    tp[1] = tp[2];
+    tp[2] = t;
+
+    t = tp[49];
+    tp[49] = tp[50];
+    tp[50] = t;
+}
+
+/* taken directly from the 'paper' I'll have a look at it later */
+static IDEA_INT inverse(unsigned int xin)
+{
+    long n1, n2, q, r, b1, b2, t;
+
+    if (xin == 0)
+        b2 = 0;
+    else {
+        n1 = 0x10001;
+        n2 = xin;
+        b2 = 1;
+        b1 = 0;
+
+        do {
+            r = (n1 % n2);
+            q = (n1 - r) / n2;
+            if (r == 0) {
+                if (b2 < 0)
+                    b2 = 0x10001 + b2;
+            } else {
+                n1 = n2;
+                n2 = r;
+                t = b2;
+                b2 = b1 - q * b2;
+                b1 = t;
+            }
+        } while (r != 0);
+    }
+    return ((IDEA_INT) b2);
+}
diff --git a/openssl-1.1.0h/crypto/idea/idea_lcl.h b/openssl-1.1.0h/crypto/idea/idea_lcl.h
new file mode 100644
index 0000000..825d000
--- /dev/null
+++ b/openssl-1.1.0h/crypto/idea/idea_lcl.h
@@ -0,0 +1,117 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * The new form of this macro (check if the a*b == 0) was suggested by Colin
+ * Plumb <colin@nyx10.cs.du.edu>
+ */
+/* Removal of the inner if from from Wei Dai 24/4/96 */
+#define idea_mul(r,a,b,ul) \
+ul=(unsigned long)a*b; \
+if (ul != 0) \
+        { \
+        r=(ul&0xffff)-(ul>>16); \
+        r-=((r)>>16); \
+        } \
+else \
+        r=(-(int)a-b+1);        /* assuming a or b is 0 and in range */
+
+/*
+ * 7/12/95 - Many thanks to Rhys Weatherley <rweather@us.oracle.com> for
+ * pointing out that I was assuming little endian byte order for all
+ * quantities what idea actually used bigendian.  No where in the spec does
+ * it mention this, it is all in terms of 16 bit numbers and even the example
+ * does not use byte streams for the input example :-(. If you byte swap each
+ * pair of input, keys and iv, the functions would produce the output as the
+ * old version :-(.
+ */
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#undef s2n
+#define s2n(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef n2s
+#define n2s(c,l)        (l =((IDEA_INT)(*((c)++)))<< 8L, \
+                         l|=((IDEA_INT)(*((c)++)))      )
+
+
+#define E_IDEA(num) \
+        x1&=0xffff; \
+        idea_mul(x1,x1,*p,ul); p++; \
+        x2+= *(p++); \
+        x3+= *(p++); \
+        x4&=0xffff; \
+        idea_mul(x4,x4,*p,ul); p++; \
+        t0=(x1^x3)&0xffff; \
+        idea_mul(t0,t0,*p,ul); p++; \
+        t1=(t0+(x2^x4))&0xffff; \
+        idea_mul(t1,t1,*p,ul); p++; \
+        t0+=t1; \
+        x1^=t1; \
+        x4^=t0; \
+        ul=x2^t0; /* do the swap to x3 */ \
+        x2=x3^t1; \
+        x3=ul;
diff --git a/openssl-1.1.0h/crypto/include/internal/asn1_int.h b/openssl-1.1.0h/crypto/include/internal/asn1_int.h
new file mode 100644
index 0000000..f70e3b4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/asn1_int.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st {
+    int pkey_id;
+    int pkey_base_id;
+    unsigned long pkey_flags;
+    char *pem_str;
+    char *info;
+    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                      ASN1_PCTX *pctx);
+    int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                       ASN1_PCTX *pctx);
+    int (*pkey_size) (const EVP_PKEY *pk);
+    int (*pkey_bits) (const EVP_PKEY *pk);
+    int (*pkey_security_bits) (const EVP_PKEY *pk);
+    int (*param_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    int (*param_missing) (const EVP_PKEY *pk);
+    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                        ASN1_PCTX *pctx);
+    int (*sig_print) (BIO *out,
+                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                      int indent, ASN1_PCTX *pctx);
+    void (*pkey_free) (EVP_PKEY *pkey);
+    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+    /* Legacy functions for old PEM */
+    int (*old_priv_decode) (EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen);
+    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    /* Custom ASN1 signature verification */
+    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                      X509_ALGOR *alg1, X509_ALGOR *alg2,
+                      ASN1_BIT_STRING *sig);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+    unsigned long flags;
+    unsigned long nm_flags;
+    unsigned long cert_flags;
+    unsigned long oid_flags;
+    unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+int asn1_valid_host(const ASN1_STRING *host);
diff --git a/openssl-1.1.0h/crypto/include/internal/async.h b/openssl-1.1.0h/crypto/include/internal/async.h
new file mode 100644
index 0000000..db56258
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/async.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+
diff --git a/openssl-1.1.0h/crypto/include/internal/bn_conf.h.in b/openssl-1.1.0h/crypto/include/internal/bn_conf.h.in
new file mode 100644
index 0000000..ec6e4f6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/bn_conf.h.in
@@ -0,0 +1,27 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64}  ? "#define" : "#undef" -} SIXTY_FOUR_BIT
+{- $config{b32}  ? "#define" : "#undef" -} THIRTY_TWO_BIT
+
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/bn_dh.h b/openssl-1.1.0h/crypto/include/internal/bn_dh.h
new file mode 100644
index 0000000..f49f039
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/bn_dh.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+    extern const BIGNUM _bignum_dh##x##_p;              \
+    extern const BIGNUM _bignum_dh##x##_g;              \
+    extern const BIGNUM _bignum_dh##x##_q;
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
diff --git a/openssl-1.1.0h/crypto/include/internal/bn_int.h b/openssl-1.1.0h/crypto/include/internal/bn_int.h
new file mode 100644
index 0000000..9c984ba
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/bn_int.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_INT_H
+# define HEADER_BN_INT_H
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+void bn_set_top(BIGNUM *a, int top);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words);
+
+size_t bn_sizeof_BIGNUM(void);
+
+/*
+ * Return element el from an array of BIGNUMs starting at base (required
+ * because callers do not know the size of BIGNUM at compilation time)
+ */
+BIGNUM *bn_array_el(BIGNUM *base, int el);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/bn_srp.h b/openssl-1.1.0h/crypto/include/internal/bn_srp.h
new file mode 100644
index 0000000..d4b282a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM bn_group_1024;
+
+extern const BIGNUM bn_group_1536;
+
+extern const BIGNUM bn_group_2048;
+
+extern const BIGNUM bn_group_3072;
+
+extern const BIGNUM bn_group_4096;
+
+extern const BIGNUM bn_group_6144;
+
+extern const BIGNUM bn_group_8192;
+
+extern const BIGNUM bn_generator_19;
+
+extern const BIGNUM bn_generator_5;
+
+extern const BIGNUM bn_generator_2;
+
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/chacha.h b/openssl-1.1.0h/crypto/include/internal/chacha.h
new file mode 100644
index 0000000..7d4366e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/chacha.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CHACHA_H
+#define HEADER_CHACHA_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p)  ( \
+                ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
+                ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
+
+#define CHACHA_KEY_SIZE		32
+#define CHACHA_CTR_SIZE		16
+#define CHACHA_BLK_SIZE		64
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/cryptlib.h b/openssl-1.1.0h/crypto/include/internal/cryptlib.h
new file mode 100644
index 0000000..f3ec9b6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/cryptlib.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+# define HEADER_CRYPTLIB_H
+
+# include <stdlib.h>
+# include <string.h>
+
+# include "e_os.h"
+
+# ifdef OPENSSL_USE_APPLINK
+#  undef BIO_FLAGS_UPLINK
+#  define BIO_FLAGS_UPLINK 0x8000
+#  include "ms/uplink.h"
+# endif
+
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct ex_callback_st EX_CALLBACK;
+
+DEFINE_STACK_OF(EX_CALLBACK)
+
+typedef struct app_mem_info_st APP_INFO;
+
+typedef struct mem_st MEM;
+DEFINE_LHASH_OF(MEM);
+
+# ifndef OPENSSL_SYS_VMS
+#  define X509_CERT_AREA          OPENSSLDIR
+#  define X509_CERT_DIR           OPENSSLDIR "/certs"
+#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+#  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+# else
+#  define X509_CERT_AREA          "OSSL$DATAROOT:[000000]"
+#  define X509_CERT_DIR           "OSSL$DATAROOT:[CERTS]"
+#  define X509_CERT_FILE          "OSSL$DATAROOT:[000000]cert.pem"
+#  define X509_PRIVATE_DIR        "OSSL$DATAROOT:[PRIVATE]"
+#  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
+# endif
+
+# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+# define CTLOG_FILE_EVP           "CTLOG_FILE"
+
+/* size of string representations */
+# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
+# define HEX_SIZE(type)          (sizeof(type)*2)
+
+void OPENSSL_cpuid_setup(void);
+extern unsigned int OPENSSL_ia32cap_P[];
+void OPENSSL_showfatal(const char *fmta, ...);
+extern int OPENSSL_NONPIC_relocated;
+void crypto_cleanup_all_ex_data_int(void);
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
+# if !defined(OPENSSL_NO_STDIO)
+FILE *openssl_fopen(const char *filename, const char *mode);
+# else
+void *openssl_fopen(const char *filename, const char *mode);
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/cryptlib_int.h b/openssl-1.1.0h/crypto/include/internal/cryptlib_int.h
new file mode 100644
index 0000000..8e2a719
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/cryptlib_int.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <internal/cryptlib.h>
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+struct thread_local_inits_st {
+    int async;
+    int err_state;
+};
+
+int ossl_init_thread_start(uint64_t opts);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_ZLIB                   0x00010000L
+
+/* OPENSSL_INIT_THREAD flags */
+# define OPENSSL_INIT_THREAD_ASYNC           0x01
+# define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+
diff --git a/openssl-1.1.0h/crypto/include/internal/dso_conf.h.in b/openssl-1.1.0h/crypto/include/internal/dso_conf.h.in
new file mode 100644
index 0000000..daa5e24
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/dso_conf.h.in
@@ -0,0 +1,15 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_EXTENSION "{- $target{dso_extension} -}"
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/engine.h b/openssl-1.1.0h/crypto/include/internal/engine.h
new file mode 100644
index 0000000..977cf06
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_cryptodev_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/openssl-1.1.0h/crypto/include/internal/err_int.h b/openssl-1.1.0h/crypto/include/internal/err_int.h
new file mode 100644
index 0000000..7fec3ed
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/err_int.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_INT_H
+# define INTERNAL_ERR_INT_H
+
+int err_load_crypto_strings_int(void);
+void err_cleanup(void);
+void err_delete_thread_state(void);
+
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/evp_int.h b/openssl-1.1.0h/crypto/include/internal/evp_int.h
new file mode 100644
index 0000000..f34699b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/evp_int.h
@@ -0,0 +1,390 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct evp_pkey_ctx_st {
+    /* Method associated with this operation */
+    const EVP_PKEY_METHOD *pmeth;
+    /* Engine that implements this method or NULL if builtin */
+    ENGINE *engine;
+    /* Key: may be NULL */
+    EVP_PKEY *pkey;
+    /* Peer key for key agreement, may be NULL */
+    EVP_PKEY *peerkey;
+    /* Actual operation */
+    int operation;
+    /* Algorithm specific data */
+    void *data;
+    /* Application specific data */
+    void *app_data;
+    /* Keygen callback */
+    EVP_PKEY_gen_cb *pkey_gencb;
+    /* implementation specific keygen data */
+    int *keygen_info;
+    int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC   1
+
+struct evp_pkey_method_st {
+    int pkey_id;
+    int flags;
+    int (*init) (EVP_PKEY_CTX *ctx);
+    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+    void (*cleanup) (EVP_PKEY_CTX *ctx);
+    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*keygen_init) (EVP_PKEY_CTX *ctx);
+    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*sign_init) (EVP_PKEY_CTX *ctx);
+    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 const unsigned char *tbs, size_t tbslen);
+    int (*verify_init) (EVP_PKEY_CTX *ctx);
+    int (*verify) (EVP_PKEY_CTX *ctx,
+                   const unsigned char *sig, size_t siglen,
+                   const unsigned char *tbs, size_t tbslen);
+    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+    int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                           unsigned char *rout, size_t *routlen,
+                           const unsigned char *sig, size_t siglen);
+    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    EVP_MD_CTX *mctx);
+    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                      EVP_MD_CTX *mctx);
+    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*derive_init) (EVP_PKEY_CTX *ctx);
+    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+extern const EVP_PKEY_METHOD cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dh_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
+extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD hmac_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
+extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+
+struct evp_md_st {
+    int type;
+    int pkey_type;
+    int md_size;
+    unsigned long flags;
+    int (*init) (EVP_MD_CTX *ctx);
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+    int (*cleanup) (EVP_MD_CTX *ctx);
+    int block_size;
+    int ctx_size;               /* how big does the ctx->md_data need to be */
+    /* control function */
+    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+    int nid;
+    int block_size;
+    /* Default value for variable length ciphers */
+    int key_len;
+    int iv_len;
+    /* Various flags */
+    unsigned long flags;
+    /* init key */
+    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 const unsigned char *iv, int enc);
+    /* encrypt/decrypt data */
+    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+    /* cleanup ctx */
+    int (*cleanup) (EVP_CIPHER_CTX *);
+    /* how big ctx->cipher_data needs to be */
+    int ctx_size;
+    /* Populate a ASN1_TYPE with parameters */
+    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Get parameters from a ASN1_TYPE */
+    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Miscellaneous operations */
+    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+    /* Application data */
+    void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+        ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+        size_t i, bl; \
+        bl = EVP_CIPHER_CTX_cipher(ctx)->block_size;    \
+        if (inl < bl) return 1;\
+        inl -= bl; \
+        for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+        return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+    static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+        }\
+        if (inl) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+        }\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+    size_t chunk = EVP_MAXCHUNK;\
+    if (cbits == 1)  chunk >>= 3;\
+    if (inl < chunk) chunk = inl;\
+    while (inl && inl >= chunk)\
+    {\
+        int num = EVP_CIPHER_CTX_num(ctx);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+            ((cbits == 1) \
+                && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+                ? chunk*8 : chunk), \
+            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+        EVP_CIPHER_CTX_set_num(ctx, num);\
+        inl -= chunk;\
+        in += chunk;\
+        out += chunk;\
+        if (inl < chunk) chunk = inl;\
+    }\
+    return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             cipher##_init_key, NULL, NULL, NULL, NULL)
+
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+    int type;
+    int save_type;
+    int references;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *engine;
+    ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+    union {
+        void *ptr;
+# ifndef OPENSSL_NO_RSA
+        struct rsa_st *rsa;     /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+        struct dsa_st *dsa;     /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+        struct dh_st *dh;       /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+        struct ec_key_st *ec;   /* ECC */
+# endif
+    } pkey;
+    int save_parameters;
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+    CRYPTO_RWLOCK *lock;
+} /* EVP_PKEY */ ;
+
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+
+/* Pulling defines out of C soure files */
+
+#define EVP_RC4_KEY_SIZE 16
+#ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION   0x0302
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/md32_common.h b/openssl-1.1.0h/crypto/include/internal/md32_common.h
new file mode 100644
index 0000000..6e4ce14
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/md32_common.h
@@ -0,0 +1,383 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at lest 32 bit wide.
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro convering context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)   _lrotl(a,n)
+# elif defined(__ICC)
+#  define ROTATE(a,n)   _rotl(a,n)
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *                                    <appro@fy.chalmers.se>
+   */
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "roll %1,%0"            \
+                                : "=r"(ret)             \
+                                : "I"(n), "0"((unsigned int)(a))        \
+                                : "cc");                \
+                           ret;                         \
+                        })
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "rlwinm %0,%1,%2,0,31"  \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                           ret;                         \
+                        })
+#  elif defined(__s390x__)
+#   define ROTATE(a,n) ({ register unsigned int ret;    \
+                                asm ("rll %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                          ret;                          \
+                        })
+#  endif
+# endif
+#endif                          /* PEDANTIC */
+
+#ifndef ROTATE
+# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+      (defined(__x86_64) || defined(__x86_64__))
+#    if !defined(B_ENDIAN)
+    /*
+     * This gives ~30-40% performance improvement in SHA-256 compiled
+     * with gcc [on P4]. Well, first macro to be frank. We can pull
+     * this trick on x86* platforms only, because these CPUs can fetch
+     * unaligned data without raising an exception.
+     */
+#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   (c)+=4; (l)=r;                       })
+#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#    endif
+#   elif defined(__aarch64__)
+#    if defined(__BYTE_ORDER__)
+#     if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#      define HOST_c2l(c,l)      ({ unsigned int r;              \
+                                   asm ("rev    %w0,%w1"        \
+                                        :"=r"(r)                \
+                                        :"r"(*((const unsigned int *)(c))));\
+                                   (c)+=4; (l)=r;               })
+#      define HOST_l2c(l,c)      ({ unsigned int r;              \
+                                   asm ("rev    %w0,%w1"        \
+                                        :"=r"(r)                \
+                                        :"r"((unsigned int)(l)));\
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#     elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#      define HOST_c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#      define HOST_l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#     endif
+#    endif
+#   endif
+#  endif
+#  if defined(__s390__) || defined(__s390x__)
+#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#  endif
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+# endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__s390x__)
+#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
+                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
+                                   (c)+=4; (l);                         })
+#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
+                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
+                                   (c)+=4; (l);                         })
+#   endif
+#  endif
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   ifndef B_ENDIAN
+    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+#    define HOST_c2l(c,l)        ((l)=*((const unsigned int *)(c)), (c)+=4, l)
+#    define HOST_l2c(l,c)        (*((unsigned int *)(c))=(l), (c)+=4, l)
+#   endif
+#  endif
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+# endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    /*
+     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
+     * <weidai@eskimo.com> for pointing it out.
+     */
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ *                              <appro@fy.chalmers.se>
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ *                              <appro@fy.chalmers.se>
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/openssl-1.1.0h/crypto/include/internal/objects.h b/openssl-1.1.0h/crypto/include/internal/objects.h
new file mode 100644
index 0000000..76e1b4d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void obj_cleanup_int(void);
diff --git a/openssl-1.1.0h/crypto/include/internal/poly1305.h b/openssl-1.1.0h/crypto/include/internal/poly1305.h
new file mode 100644
index 0000000..1bc8716
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/poly1305.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE 16
+
+typedef struct poly1305_context POLY1305;
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
diff --git a/openssl-1.1.0h/crypto/include/internal/rand.h b/openssl-1.1.0h/crypto/include/internal/rand.h
new file mode 100644
index 0000000..30887c4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/rand.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/rand.h>
+
+void rand_cleanup_int(void);
diff --git a/openssl-1.1.0h/crypto/include/internal/x509_int.h b/openssl-1.1.0h/crypto/include/internal/x509_int.h
new file mode 100644
index 0000000..2845026
--- /dev/null
+++ b/openssl-1.1.0h/crypto/include/internal/x509_int.h
@@ -0,0 +1,267 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+    ASN1_OBJECT *object;        /* AttributeType */
+    ASN1_STRING *value;         /* AttributeValue */
+    int set;                    /* index of RDNSequence for this entry */
+    int size;                   /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+    int modified;               /* true if 'bytes' needs to be built */
+    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
+    /* canonical encoding used for rapid Name comparison */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;          /* cached encoding of signed part */
+    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
+    X509_NAME *subject;         /* certificate request DN */
+    X509_PUBKEY *pubkey;        /* public key of request */
+    /*
+     * Zero or more attributes.
+     * NB: although attributes is a mandatory field some broken
+     * encodings omit it so this may be NULL in that case.
+     */
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+    X509_REQ_INFO req_info;     /* signed certificate request data */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    ASN1_BIT_STRING *signature; /* signature */
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    X509_NAME *issuer;          /* CRL issuer name */
+    ASN1_TIME *lastUpdate;      /* lastUpdate field */
+    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
+    STACK_OF(X509_REVOKED) *revoked;        /* revoked entries: optional */
+    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
+    ASN1_ENCODING enc;                      /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+    X509_CRL_INFO crl;          /* signed CRL data */
+    X509_ALGOR sig_alg;         /* CRL signature algorithm */
+    ASN1_BIT_STRING signature;  /* CRL signature */
+    int references;
+    int flags;
+    /*
+     * Cached copies of decoded extension values, since extensions
+     * are optional any of these can be NULL.
+     */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    STACK_OF(GENERAL_NAMES) *issuers;
+    /* hash of CRL */
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    /* alternative method to handle this CRL */
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct x509_revoked_st {
+    ASN1_INTEGER serialNumber; /* revoked entry serial number */
+    ASN1_TIME *revocationDate;  /* revocation date */
+    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
+    /* decoded value of CRLissuer extension: set if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+    int reason;
+    /*
+     * CRL entries are reordered for faster lookup of serial numbers. This
+     * field contains the original load sequence for this entry.
+     */
+    int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER serialNumber;
+    X509_ALGOR signature;
+    X509_NAME *issuer;
+    X509_VAL validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+};
+
+struct x509_st {
+    X509_CINF cert_info;
+    X509_ALGOR sig_alg;
+    ASN1_BIT_STRING signature;
+    int references;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    uint32_t ex_flags;
+    uint32_t ex_kusage;
+    uint32_t ex_xkusage;
+    uint32_t ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    X509_CERT_AUX *aux;
+    CRYPTO_RWLOCK *lock;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* number of untrusted certs */
+    int num_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+    SSL_DANE *dane;
+    /* signed via bare TA public key, rather than CA certificate */
+    int bare_ta_signed;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    ASN1_OCTET_STRING *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+    /* one of the above types */
+    X509_LOOKUP_TYPE type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
diff --git a/openssl-1.1.0h/crypto/init.c b/openssl-1.1.0h/crypto/init.c
new file mode 100644
index 0000000..173eac3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/init.c
@@ -0,0 +1,676 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <internal/cryptlib_int.h>
+#include <openssl/err.h>
+#include <internal/rand.h>
+#include <internal/bio.h>
+#include <openssl/evp.h>
+#include <internal/evp_int.h>
+#include <internal/conf.h>
+#include <internal/async.h>
+#include <internal/engine.h>
+#include <internal/comp.h>
+#include <internal/err.h>
+#include <internal/err_int.h>
+#include <internal/objects.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <internal/thread_once.h>
+#include <internal/dso.h>
+
+static int stopped = 0;
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
+
+static CRYPTO_THREAD_LOCAL threadstopkey;
+
+static void ossl_init_thread_stop_wrap(void *local)
+{
+    ossl_init_thread_stop((struct thread_local_inits_st *)local);
+}
+
+static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
+{
+    struct thread_local_inits_st *local =
+        CRYPTO_THREAD_get_local(&threadstopkey);
+
+    if (local == NULL && alloc) {
+        local = OPENSSL_zalloc(sizeof(*local));
+        if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) {
+            OPENSSL_free(local);
+            return NULL;
+        }
+    }
+    if (!alloc) {
+        CRYPTO_THREAD_set_local(&threadstopkey, NULL);
+    }
+
+    return local;
+}
+
+typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
+struct ossl_init_stop_st {
+    void (*handler)(void);
+    OPENSSL_INIT_STOP *next;
+};
+
+static OPENSSL_INIT_STOP *stop_handlers = NULL;
+static CRYPTO_RWLOCK *init_lock = NULL;
+
+static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
+static int base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_base)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
+#endif
+    /*
+     * We use a dummy thread local key here. We use the destructor to detect
+     * when the thread is going to stop (where that feature is available)
+     */
+    CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
+#ifndef OPENSSL_SYS_UEFI
+    atexit(OPENSSL_cleanup);
+#endif
+    if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+        return 0;
+    OPENSSL_cpuid_setup();
+
+    /*
+     * BIG FAT WARNING!
+     * Everything needed to be initialized in this function before threads
+     * come along MUST happen before base_inited is set to 1, or we will
+     * see race conditions.
+     */
+    base_inited = 1;
+
+#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+# ifdef DSO_WIN32
+    {
+        HMODULE handle = NULL;
+        BOOL ret;
+
+        /* We don't use the DSO route for WIN32 because there is a better way */
+        ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                (void *)&base_inited, &handle);
+
+        return (ret == TRUE) ? 1 : 0;
+    }
+# else
+    /*
+     * Deliberately leak a reference to ourselves. This will force the library
+     * to remain loaded until the atexit() handler is run at process exit.
+     */
+    {
+        DSO *dso = NULL;
+
+        ERR_set_mark();
+        dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
+        DSO_free(dso);
+        ERR_pop_to_mark();
+    }
+# endif
+#endif
+
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
+static int load_crypto_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
+{
+    int ret = 1;
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
+                    "err_load_crypto_strings_int()\n");
+# endif
+    ret = err_load_crypto_strings_int();
+    load_crypto_strings_inited = 1;
+#endif    
+    return ret;
+}
+
+static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
+                    "openssl_add_all_ciphers_int()\n");
+# endif
+    openssl_add_all_ciphers_int();
+#endif
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
+                    "openssl_add_all_digests()\n");
+# endif
+    openssl_add_all_digests_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
+static int config_inited = 0;
+static const char *appname;
+DEFINE_RUN_ONCE_STATIC(ossl_init_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
+            appname == NULL ? "NULL" : appname);
+#endif
+    openssl_config_int(appname);
+    config_inited = 1;
+    return 1;
+}
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
+#endif
+    openssl_no_config_int();
+    config_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
+static int async_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_async)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
+#endif
+    if (!async_init())
+        return 0;
+    async_inited = 1;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
+                    "engine_load_openssl_int()\n");
+# endif
+    engine_load_openssl_int();
+    return 1;
+}
+# if !defined(OPENSSL_NO_HW) && \
+    (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: "
+                    "engine_load_cryptodev_int()\n");
+#  endif
+    engine_load_cryptodev_int();
+    return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RDRAND
+static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
+                    "engine_load_rdrand_int()\n");
+#  endif
+    engine_load_rdrand_int();
+    return 1;
+}
+# endif
+static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
+                    "engine_load_dynamic_int()\n");
+# endif
+    engine_load_dynamic_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
+                    "engine_load_padlock_int()\n");
+#   endif
+    engine_load_padlock_int();
+    return 1;
+}
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
+                    "engine_load_capi_int()\n");
+#   endif
+    engine_load_capi_int();
+    return 1;
+}
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+                    "engine_load_afalg_int()\n");
+#   endif
+    engine_load_afalg_int();
+    return 1;
+}
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
+
+static int zlib_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
+{
+    /* Do nothing - we need to know about this for the later cleanup */
+    zlib_inited = 1;
+    return 1;
+}
+#endif
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
+{
+    /* Can't do much about this */
+    if (locals == NULL)
+        return;
+
+    if (locals->async) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "ASYNC_cleanup_thread()\n");
+#endif
+        ASYNC_cleanup_thread();
+    }
+
+    if (locals->err_state) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "err_delete_thread_state()\n");
+#endif
+        err_delete_thread_state();
+    }
+
+    OPENSSL_free(locals);
+}
+
+void OPENSSL_thread_stop(void)
+{
+    ossl_init_thread_stop(
+        (struct thread_local_inits_st *)ossl_init_get_thread_local(0));
+}
+
+int ossl_init_thread_start(uint64_t opts)
+{
+    struct thread_local_inits_st *locals;
+
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    locals = ossl_init_get_thread_local(1);
+
+    if (locals == NULL)
+        return 0;
+
+    if (opts & OPENSSL_INIT_THREAD_ASYNC) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for async\n");
+#endif
+        locals->async = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for err_state\n");
+#endif
+        locals->err_state = 1;
+    }
+
+    return 1;
+}
+
+void OPENSSL_cleanup(void)
+{
+    OPENSSL_INIT_STOP *currhandler, *lasthandler;
+
+    /* If we've not been inited then no need to deinit */
+    if (!base_inited)
+        return;
+
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    /*
+     * Thread stop may not get automatically called by the thread library for
+     * the very last thread in some situations, so call it directly.
+     */
+    ossl_init_thread_stop(ossl_init_get_thread_local(0));
+
+    currhandler = stop_handlers;
+    while (currhandler != NULL) {
+        currhandler->handler();
+        lasthandler = currhandler;
+        currhandler = currhandler->next;
+        OPENSSL_free(lasthandler);
+    }
+    stop_handlers = NULL;
+
+    CRYPTO_THREAD_lock_free(init_lock);
+
+    /*
+     * We assume we are single-threaded for this function, i.e. no race
+     * conditions for the various "*_inited" vars below.
+     */
+
+#ifndef OPENSSL_NO_COMP
+    if (zlib_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "comp_zlib_cleanup_int()\n");
+#endif
+        comp_zlib_cleanup_int();
+    }
+#endif
+
+    if (async_inited) {
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "async_deinit()\n");
+# endif
+        async_deinit();
+    }
+
+    if (load_crypto_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "err_free_strings_int()\n");
+#endif
+        err_free_strings_int();
+    }
+
+    CRYPTO_THREAD_cleanup_local(&threadstopkey);
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "rand_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "conf_modules_free_int()\n");
+#ifndef OPENSSL_NO_ENGINE
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "engine_cleanup_int()\n");
+#endif
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "crypto_cleanup_all_ex_data_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_sock_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_cleanup()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "evp_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "obj_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "err_cleanup()\n");
+#endif
+    /*
+     * Note that cleanup order is important:
+     * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
+     * must be called before engine_cleanup_int()
+     * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
+     * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
+     * - conf_modules_free_int() can end up in ENGINE code so must be called
+     * before engine_cleanup_int()
+     * - ENGINEs and additional EVP algorithms might use added OIDs names so
+     * obj_cleanup_int() must be called last
+     */
+    rand_cleanup_int();
+    conf_modules_free_int();
+#ifndef OPENSSL_NO_ENGINE
+    engine_cleanup_int();
+#endif
+    crypto_cleanup_all_ex_data_int();
+    bio_cleanup();
+    evp_cleanup_int();
+    obj_cleanup_int();
+    err_cleanup();
+
+    base_inited = 0;
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+{
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
+
+    if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings,
+                         ossl_init_no_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
+            && !RUN_ONCE(&config, ossl_init_no_config))
+        return 0;
+
+    if (opts & OPENSSL_INIT_LOAD_CONFIG) {
+        int ret;
+        CRYPTO_THREAD_write_lock(init_lock);
+        appname = (settings == NULL) ? NULL : settings->appname;
+        ret = RUN_ONCE(&config, ossl_init_config);
+        CRYPTO_THREAD_unlock(init_lock);
+        if (!ret)
+            return 0;
+    }
+
+    if ((opts & OPENSSL_INIT_ASYNC)
+            && !RUN_ONCE(&async, ossl_init_async))
+        return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+    if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
+            && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
+        return 0;
+# if !defined(OPENSSL_NO_HW) && \
+    (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+            && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev))
+        return 0;
+# endif
+# ifndef OPENSSL_NO_RDRAND
+    if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
+            && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
+        return 0;
+# endif
+    if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
+            && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
+        return 0;
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+    if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
+            && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
+        return 0;
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CAPI)
+            && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
+        return 0;
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+    if ((opts & OPENSSL_INIT_ENGINE_AFALG)
+            && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
+        return 0;
+#  endif
+# endif
+    if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                | OPENSSL_INIT_ENGINE_OPENSSL
+                | OPENSSL_INIT_ENGINE_AFALG)) {
+        ENGINE_register_all_complete();
+    }
+#endif
+
+#ifndef OPENSSL_NO_COMP
+    if ((opts & OPENSSL_INIT_ZLIB)
+            && !RUN_ONCE(&zlib, ossl_init_zlib))
+        return 0;
+#endif
+
+    return 1;
+}
+
+int OPENSSL_atexit(void (*handler)(void))
+{
+    OPENSSL_INIT_STOP *newhand;
+
+#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
+    {
+        union {
+            void *sym;
+            void (*func)(void);
+        } handlersym;
+
+        handlersym.func = handler;
+# ifdef DSO_WIN32
+        {
+            HMODULE handle = NULL;
+            BOOL ret;
+
+            /*
+             * We don't use the DSO route for WIN32 because there is a better
+             * way
+             */
+            ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                    | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                    handlersym.sym, &handle);
+
+            if (!ret)
+                return 0;
+        }
+# else
+        /*
+         * Deliberately leak a reference to the handler. This will force the
+         * library/code containing the handler to remain loaded until we run the
+         * atexit handler. If -znodelete has been used then this is
+         * unnecessary.
+         */
+        {
+            DSO *dso = NULL;
+
+            ERR_set_mark();
+            dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
+            DSO_free(dso);
+            ERR_pop_to_mark();
+        }
+# endif
+    }
+#endif
+
+    newhand = OPENSSL_malloc(sizeof(*newhand));
+    if (newhand == NULL)
+        return 0;
+
+    newhand->handler = handler;
+    newhand->next = stop_handlers;
+    stop_handlers = newhand;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/kdf/build.info b/openssl-1.1.0h/crypto/kdf/build.info
new file mode 100644
index 0000000..cbe2080
--- /dev/null
+++ b/openssl-1.1.0h/crypto/kdf/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        tls1_prf.c kdf_err.c hkdf.c
diff --git a/openssl-1.1.0h/crypto/kdf/hkdf.c b/openssl-1.1.0h/crypto/kdf/hkdf.c
new file mode 100644
index 0000000..00b95b5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/kdf/hkdf.c
@@ -0,0 +1,293 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+
+#define HKDF_MAXBUF 1024
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len);
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len);
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len);
+
+typedef struct {
+    const EVP_MD *md;
+    unsigned char *salt;
+    size_t salt_len;
+    unsigned char *key;
+    size_t key_len;
+    unsigned char info[HKDF_MAXBUF];
+    size_t info_len;
+} HKDF_PKEY_CTX;
+
+static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL)
+        return 0;
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_HKDF_MD:
+        if (p2 == NULL)
+            return 0;
+
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_SALT:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->salt != NULL)
+            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+
+        kctx->salt = OPENSSL_memdup(p2, p1);
+        if (kctx->salt == NULL)
+            return 0;
+
+        kctx->salt_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_KEY:
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->key != NULL)
+            OPENSSL_clear_free(kctx->key, kctx->key_len);
+
+        kctx->key = OPENSSL_memdup(p2, p1);
+        if (kctx->key == NULL)
+            return 0;
+
+        kctx->key_len  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_INFO:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
+            return 0;
+
+        memcpy(kctx->info + kctx->info_len, p2, p1);
+        kctx->info_len += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                              const char *value)
+{
+    if (strcmp(type, "md") == 0)
+        return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value));
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "info") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    if (strcmp(type, "hexinfo") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    return -2;
+}
+
+static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                            size_t *keylen)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->md == NULL || kctx->key == NULL)
+        return 0;
+
+    if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len,
+             kctx->info, kctx->info_len, key, *keylen) == NULL)
+    {
+        return 0;
+    }
+
+    return 1;
+}
+
+const EVP_PKEY_METHOD hkdf_pkey_meth = {
+    EVP_PKEY_HKDF,
+    0,
+    pkey_hkdf_init,
+    0,
+    pkey_hkdf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_hkdf_derive,
+    pkey_hkdf_ctrl,
+    pkey_hkdf_ctrl_str
+};
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len)
+{
+    unsigned char prk[EVP_MAX_MD_SIZE];
+    size_t prk_len;
+
+    if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
+        return NULL;
+
+    return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+}
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len)
+{
+    unsigned int tmp_len;
+
+    if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len))
+        return NULL;
+
+    *prk_len = tmp_len;
+    return prk;
+}
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len)
+{
+    HMAC_CTX *hmac;
+
+    unsigned int i;
+
+    unsigned char prev[EVP_MAX_MD_SIZE];
+
+    size_t done_len = 0, dig_len = EVP_MD_size(evp_md);
+
+    size_t n = okm_len / dig_len;
+    if (okm_len % dig_len)
+        n++;
+
+    if (n > 255)
+        return NULL;
+
+    if ((hmac = HMAC_CTX_new()) == NULL)
+        return NULL;
+
+    if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
+        goto err;
+
+    for (i = 1; i <= n; i++) {
+        size_t copy_len;
+        const unsigned char ctr = i;
+
+        if (i > 1) {
+            if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL))
+                goto err;
+
+            if (!HMAC_Update(hmac, prev, dig_len))
+                goto err;
+        }
+
+        if (!HMAC_Update(hmac, info, info_len))
+            goto err;
+
+        if (!HMAC_Update(hmac, &ctr, 1))
+            goto err;
+
+        if (!HMAC_Final(hmac, prev, NULL))
+            goto err;
+
+        copy_len = (done_len + dig_len > okm_len) ?
+                       okm_len - done_len :
+                       dig_len;
+
+        memcpy(okm + done_len, prev, copy_len);
+
+        done_len += copy_len;
+    }
+
+    HMAC_CTX_free(hmac);
+    return okm;
+
+ err:
+    HMAC_CTX_free(hmac);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/kdf/kdf_err.c b/openssl-1.1.0h/crypto/kdf/kdf_err.c
new file mode 100644
index 0000000..d7d71b3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/kdf/kdf_err.c
@@ -0,0 +1,46 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/kdf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF,0,reason)
+
+static ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_CTRL_STR), "pkey_tls1_prf_ctrl_str"},
+    {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_DERIVE), "pkey_tls1_prf_derive"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA KDF_str_reasons[] = {
+    {ERR_REASON(KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_REASON(KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_REASON(KDF_R_VALUE_MISSING), "value missing"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_KDF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, KDF_str_functs);
+        ERR_load_strings(0, KDF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/kdf/tls1_prf.c b/openssl-1.1.0h/crypto/kdf/tls1_prf.c
new file mode 100644
index 0000000..fa13732
--- /dev/null
+++ b/openssl-1.1.0h/crypto/kdf/tls1_prf.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/evp_int.h"
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen);
+
+#define TLS1_PRF_MAXBUF 1024
+
+/* TLS KDF pkey context structure */
+
+typedef struct {
+    /* Digest to use for PRF */
+    const EVP_MD *md;
+    /* Secret value to use for PRF */
+    unsigned char *sec;
+    size_t seclen;
+    /* Buffer of concatenated seed data */
+    unsigned char seed[TLS1_PRF_MAXBUF];
+    size_t seedlen;
+} TLS1_PRF_PKEY_CTX;
+
+static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL)
+        return 0;
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_TLS_MD:
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SECRET:
+        if (p1 < 0)
+            return 0;
+        if (kctx->sec != NULL)
+            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+        kctx->seedlen = 0;
+        kctx->sec = OPENSSL_memdup(p2, p1);
+        if (kctx->sec == NULL)
+            return 0;
+        kctx->seclen  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SEED:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+        if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen))
+            return 0;
+        memcpy(kctx->seed + kctx->seedlen, p2, p1);
+        kctx->seedlen += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "md") == 0) {
+        TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+        const EVP_MD *md = EVP_get_digestbyname(value);
+        if (md == NULL) {
+            KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST);
+            return 0;
+        }
+        kctx->md = md;
+        return 1;
+    }
+    if (strcmp(type, "secret") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "hexsecret") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "seed") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    if (strcmp(type, "hexseed") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    return -2;
+}
+
+static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER);
+        return 0;
+    }
+    return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
+                        kctx->seed, kctx->seedlen,
+                        key, *keylen);
+}
+
+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+    EVP_PKEY_TLS1_PRF,
+    0,
+    pkey_tls1_prf_init,
+    0,
+    pkey_tls1_prf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_tls1_prf_derive,
+    pkey_tls1_prf_ctrl,
+    pkey_tls1_prf_ctrl_str
+};
+
+static int tls1_prf_P_hash(const EVP_MD *md,
+                           const unsigned char *sec, size_t sec_len,
+                           const unsigned char *seed, size_t seed_len,
+                           unsigned char *out, size_t olen)
+{
+    int chunk;
+    EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+    EVP_PKEY *mac_key = NULL;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    OPENSSL_assert(chunk >= 0);
+
+    ctx = EVP_MD_CTX_new();
+    ctx_tmp = EVP_MD_CTX_new();
+    ctx_init = EVP_MD_CTX_new();
+    if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
+        goto err;
+    EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (mac_key == NULL)
+        goto err;
+    if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+        goto err;
+    if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+        goto err;
+    if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+            goto err;
+        if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+            goto err;
+        if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+            goto err;
+        if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+            goto err;
+
+        if (olen > (size_t)chunk) {
+            size_t mac_len;
+            if (!EVP_DigestSignFinal(ctx, out, &mac_len))
+                goto err;
+            out += mac_len;
+            olen -= mac_len;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_CTX_free(ctx_tmp);
+    EVP_MD_CTX_free(ctx_init);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen)
+{
+
+    if (EVP_MD_type(md) == NID_md5_sha1) {
+        size_t i;
+        unsigned char *tmp;
+        if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
+                         seed, seed_len, out, olen))
+            return 0;
+
+        tmp = OPENSSL_malloc(olen);
+        if (tmp == NULL)
+            return 0;
+        if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
+                         seed, seed_len, tmp, olen)) {
+            OPENSSL_clear_free(tmp, olen);
+            return 0;
+        }
+        for (i = 0; i < olen; i++)
+            out[i] ^= tmp[i];
+        OPENSSL_clear_free(tmp, olen);
+        return 1;
+    }
+    if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
+        return 0;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/lhash/build.info b/openssl-1.1.0h/crypto/lhash/build.info
new file mode 100644
index 0000000..30797f2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/lhash/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        lhash.c lh_stats.c
diff --git a/openssl-1.1.0h/crypto/lhash/lh_stats.c b/openssl-1.1.0h/crypto/lhash/lh_stats.c
new file mode 100644
index 0000000..5586afa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/lhash/lh_stats.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/*
+ * If you wish to build this outside of OpenSSL, remove the following lines
+ * and things should work as expected
+ */
+#include "internal/cryptlib.h"
+
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "lhash_lcl.h"
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_usage_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+# endif
+
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LHASH *lh_mut = (OPENSSL_LHASH *) lh;
+    int ret;
+
+    BIO_printf(out, "num_items             = %lu\n", lh->num_items);
+    BIO_printf(out, "num_nodes             = %u\n", lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n", lh->num_alloc_nodes);
+    BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
+    BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    BIO_printf(out, "num_contract_reallocs = %lu\n",
+               lh->num_contract_reallocs);
+    CRYPTO_atomic_add(&lh_mut->num_hash_calls, 0, &ret,
+                      lh->retrieve_stats_lock);
+    BIO_printf(out, "num_hash_calls        = %d\n", ret);
+    CRYPTO_atomic_add(&lh_mut->num_comp_calls, 0, &ret,
+                      lh->retrieve_stats_lock);
+    BIO_printf(out, "num_comp_calls        = %d\n", ret);
+    BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
+    BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
+    BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
+    BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    CRYPTO_atomic_add(&lh_mut->num_retrieve, 0, &ret, lh->retrieve_stats_lock);
+    BIO_printf(out, "num_retrieve          = %d\n", ret);
+    CRYPTO_atomic_add(&lh_mut->num_retrieve_miss, 0, &ret,
+                      lh->retrieve_stats_lock);
+    BIO_printf(out, "num_retrieve_miss     = %d\n", ret);
+    CRYPTO_atomic_add(&lh_mut->num_hash_comps, 0, &ret,
+                      lh->retrieve_stats_lock);
+    BIO_printf(out, "num_hash_comps        = %d\n", ret);
+}
+
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        BIO_printf(out, "node %6u -> %3u\n", i, num);
+    }
+}
+
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    BIO_printf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    BIO_printf(out, "load %d.%02d  actual load %d.%02d\n",
+               (int)(total / lh->num_nodes),
+               (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+               (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
diff --git a/openssl-1.1.0h/crypto/lhash/lhash.c b/openssl-1.1.0h/crypto/lhash/lhash.c
new file mode 100644
index 0000000..f485411
--- /dev/null
+++ b/openssl-1.1.0h/crypto/lhash/lhash.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include "lhash_lcl.h"
+
+/*
+ * A hashing implementation that appears to be based on the linear hashing
+ * algorithm:
+ * https://en.wikipedia.org/wiki/Linear_hashing
+ *
+ * Litwin, Witold (1980), "Linear hashing: A new tool for file and table
+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223
+ * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
+ *
+ * From the wikipedia article "Linear hashing is used in the BDB Berkeley
+ * database system, which in turn is used by many software systems such as
+ * OpenLDAP, using a C implementation derived from the CACM article and first
+ * published on the Usenet in 1988 by Esmond Pitt."
+ *
+ * The CACM paper is available here:
+ * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
+ */
+
+#undef MIN_NODES
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
+
+static int expand(OPENSSL_LHASH *lh);
+static void contract(OPENSSL_LHASH *lh);
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
+
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
+{
+    OPENSSL_LHASH *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return NULL;
+    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
+        goto err;
+    if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) 
+        goto err;
+    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
+    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
+    ret->num_nodes = MIN_NODES / 2;
+    ret->num_alloc_nodes = MIN_NODES;
+    ret->pmax = MIN_NODES / 2;
+    ret->up_load = UP_LOAD;
+    ret->down_load = DOWN_LOAD;
+    return (ret);
+
+err:
+    OPENSSL_free(ret->b);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
+{
+    unsigned int i;
+    OPENSSL_LH_NODE *n, *nn;
+
+    if (lh == NULL)
+        return;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        n = lh->b[i];
+        while (n != NULL) {
+            nn = n->next;
+            OPENSSL_free(n);
+            n = nn;
+        }
+    }
+    CRYPTO_THREAD_lock_free(lh->retrieve_stats_lock);
+    OPENSSL_free(lh->b);
+    OPENSSL_free(lh);
+}
+
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
+        return NULL;        /* 'lh->error++' already done in 'expand' */
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
+            lh->error++;
+            return (NULL);
+        }
+        nn->data = data;
+        nn->next = NULL;
+        nn->hash = hash;
+        *rn = nn;
+        ret = NULL;
+        lh->num_insert++;
+        lh->num_items++;
+    } else {                    /* replace same key */
+
+        ret = (*rn)->data;
+        (*rn)->data = data;
+        lh->num_replace++;
+    }
+    return (ret);
+}
+
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        lh->num_no_delete++;
+        return (NULL);
+    } else {
+        nn = *rn;
+        *rn = nn->next;
+        ret = nn->data;
+        OPENSSL_free(nn);
+        lh->num_delete++;
+    }
+
+    lh->num_items--;
+    if ((lh->num_nodes > MIN_NODES) &&
+        (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+        contract(lh);
+
+    return (ret);
+}
+
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE **rn;
+    void *ret;
+    int scratch;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        CRYPTO_atomic_add(&lh->num_retrieve_miss, 1, &scratch, lh->retrieve_stats_lock);
+        return NULL;
+    } else {
+        ret = (*rn)->data;
+        CRYPTO_atomic_add(&lh->num_retrieve, 1, &scratch, lh->retrieve_stats_lock);
+    }
+    return ret;
+}
+
+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
+                          OPENSSL_LH_DOALL_FUNC func,
+                          OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
+{
+    int i;
+    OPENSSL_LH_NODE *a, *n;
+
+    if (lh == NULL)
+        return;
+
+    /*
+     * reverse the order so we search from 'top to bottom' We were having
+     * memory leaks otherwise
+     */
+    for (i = lh->num_nodes - 1; i >= 0; i--) {
+        a = lh->b[i];
+        while (a != NULL) {
+            n = a->next;
+            if (use_arg)
+                func_arg(a->data, arg);
+            else
+                func(a->data);
+            a = n;
+        }
+    }
+}
+
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
+{
+    doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
+}
+
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
+{
+    doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
+}
+
+static int expand(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, **n1, **n2, *np;
+    unsigned int p, pmax, nni, j;
+    unsigned long hash;
+
+    nni = lh->num_alloc_nodes;
+    p = lh->p;
+    pmax = lh->pmax;
+    if (p + 1 >= pmax) {
+        j = nni * 2;
+        n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j);
+        if (n == NULL) {
+            lh->error++;
+            return 0;
+        }
+        lh->b = n;
+        memset(n + nni, 0, sizeof(*n) * (j - nni));
+        lh->pmax = nni;
+        lh->num_alloc_nodes = j;
+        lh->num_expand_reallocs++;
+        lh->p = 0;
+    } else {
+        lh->p++;
+    }
+
+    lh->num_nodes++;
+    lh->num_expands++;
+    n1 = &(lh->b[p]);
+    n2 = &(lh->b[p + pmax]);
+    *n2 = NULL;
+
+    for (np = *n1; np != NULL;) {
+        hash = np->hash;
+        if ((hash % nni) != p) { /* move it */
+            *n1 = (*n1)->next;
+            np->next = *n2;
+            *n2 = np;
+        } else
+            n1 = &((*n1)->next);
+        np = *n1;
+    }
+
+    return 1;
+}
+
+static void contract(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, *n1, *np;
+
+    np = lh->b[lh->p + lh->pmax - 1];
+    lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
+    if (lh->p == 0) {
+        n = OPENSSL_realloc(lh->b,
+                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
+        if (n == NULL) {
+            /* fputs("realloc error in lhash",stderr); */
+            lh->error++;
+            return;
+        }
+        lh->num_contract_reallocs++;
+        lh->num_alloc_nodes /= 2;
+        lh->pmax /= 2;
+        lh->p = lh->pmax - 1;
+        lh->b = n;
+    } else
+        lh->p--;
+
+    lh->num_nodes--;
+    lh->num_contracts++;
+
+    n1 = lh->b[(int)lh->p];
+    if (n1 == NULL)
+        lh->b[(int)lh->p] = np;
+    else {
+        while (n1->next != NULL)
+            n1 = n1->next;
+        n1->next = np;
+    }
+}
+
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
+                               const void *data, unsigned long *rhash)
+{
+    OPENSSL_LH_NODE **ret, *n1;
+    unsigned long hash, nn;
+    OPENSSL_LH_COMPFUNC cf;
+    int scratch;
+
+    hash = (*(lh->hash)) (data);
+    CRYPTO_atomic_add(&lh->num_hash_calls, 1, &scratch, lh->retrieve_stats_lock);
+    *rhash = hash;
+
+    nn = hash % lh->pmax;
+    if (nn < lh->p)
+        nn = hash % lh->num_alloc_nodes;
+
+    cf = lh->comp;
+    ret = &(lh->b[(int)nn]);
+    for (n1 = *ret; n1 != NULL; n1 = n1->next) {
+        CRYPTO_atomic_add(&lh->num_hash_comps, 1, &scratch, lh->retrieve_stats_lock);
+        if (n1->hash != hash) {
+            ret = &(n1->next);
+            continue;
+        }
+        CRYPTO_atomic_add(&lh->num_comp_calls, 1, &scratch, lh->retrieve_stats_lock);
+        if (cf(n1->data, data) == 0)
+            break;
+        ret = &(n1->next);
+    }
+    return (ret);
+}
+
+/*
+ * The following hash seems to work very well on normal text strings no
+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not
+ * as good as MD5, but still good.
+ */
+unsigned long OPENSSL_LH_strhash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if ((c == NULL) || (*c == '\0'))
+        return (ret);
+/*-
+    unsigned char b[16];
+    MD5(c,strlen(c),b);
+    return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
+*/
+
+    n = 0x100;
+    while (*c) {
+        v = n | (*c);
+        n += 0x100;
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        ret = (ret << r) | (ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return ((ret >> 16) ^ ret);
+}
+
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
+{
+    return lh ? lh->num_items : 0;
+}
+
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
+{
+    return lh->down_load;
+}
+
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
+{
+    lh->down_load = down_load;
+}
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
+{
+    return lh->error;
+}
diff --git a/openssl-1.1.0h/crypto/lhash/lhash_lcl.h b/openssl-1.1.0h/crypto/lhash/lhash_lcl.h
new file mode 100644
index 0000000..01d463f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/lhash/lhash_lcl.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/crypto.h>
+
+struct lhash_node_st {
+    void *data;
+    struct lhash_node_st *next;
+    unsigned long hash;
+};
+
+struct lhash_st {
+    OPENSSL_LH_NODE **b;
+    OPENSSL_LH_COMPFUNC comp;
+    OPENSSL_LH_HASHFUNC hash;
+    /*
+     * some stats are updated on lookup, which callers aren't expecting to have
+     * to take an exclusive lock around. This lock protects them on platforms
+     * without atomics, and their types are int rather than unsigned long below 
+     * so they can be adjusted with CRYPTO_atomic_add.
+     */
+    CRYPTO_RWLOCK *retrieve_stats_lock;
+    unsigned int num_nodes;
+    unsigned int num_alloc_nodes;
+    unsigned int p;
+    unsigned int pmax;
+    unsigned long up_load;      /* load times 256 */
+    unsigned long down_load;    /* load times 256 */
+    unsigned long num_items;
+    unsigned long num_expands;
+    unsigned long num_expand_reallocs;
+    unsigned long num_contracts;
+    unsigned long num_contract_reallocs;
+    int num_hash_calls;
+    int num_comp_calls;
+    unsigned long num_insert;
+    unsigned long num_replace;
+    unsigned long num_delete;
+    unsigned long num_no_delete;
+    int num_retrieve;
+    int num_retrieve_miss;
+    int num_hash_comps;
+    int error;
+};
diff --git a/openssl-1.1.0h/crypto/lhash/num.pl b/openssl-1.1.0h/crypto/lhash/num.pl
new file mode 100644
index 0000000..8a8c42c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/lhash/num.pl
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#node     10 ->   4
+
+while (<>)
+	{
+	next unless /^node/;
+	s|\R$||;                # Better chomp
+	@a=split;
+	$num{$a[3]}++;
+	}
+
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+	{
+	printf "%4d:%4d\n",$_,$num{$_};
+	}
diff --git a/openssl-1.1.0h/crypto/md2/build.info b/openssl-1.1.0h/crypto/md2/build.info
new file mode 100644
index 0000000..e31948c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md2_dgst.c md2_one.c
diff --git a/openssl-1.1.0h/crypto/md2/md2_dgst.c b/openssl-1.1.0h/crypto/md2/md2_dgst.c
new file mode 100644
index 0000000..ff062fd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md2/md2_dgst.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+
+/*
+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR   unsigned char
+
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/*
+ * The magic S table - I have converted it to hex since it is basically just
+ * a random byte string.
+ */
+static const MD2_INT S[256] = {
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+    0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+    0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+    0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+    0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+    0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+    0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+    0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+    0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+    0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+    0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+    0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+    0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+    0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+    0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+    0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+    0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+    0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+    0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+    0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+    0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+    0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+    0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+    0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+    0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+    0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+};
+
+const char *MD2_options(void)
+{
+    if (sizeof(MD2_INT) == 1)
+        return ("md2(char)");
+    else
+        return ("md2(int)");
+}
+
+int MD2_Init(MD2_CTX *c)
+{
+    c->num = 0;
+    memset(c->state, 0, sizeof(c->state));
+    memset(c->cksm, 0, sizeof(c->cksm));
+    memset(c->data, 0, sizeof(c->data));
+    return 1;
+}
+
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
+{
+    register UCHAR *p;
+
+    if (len == 0)
+        return 1;
+
+    p = c->data;
+    if (c->num != 0) {
+        if ((c->num + len) >= MD2_BLOCK) {
+            memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
+            md2_block(c, c->data);
+            data += (MD2_BLOCK - c->num);
+            len -= (MD2_BLOCK - c->num);
+            c->num = 0;
+            /* drop through and do the rest */
+        } else {
+            memcpy(&(p[c->num]), data, len);
+            /* data+=len; */
+            c->num += (int)len;
+            return 1;
+        }
+    }
+    /*
+     * we now can process the input data in blocks of MD2_BLOCK chars and
+     * save the leftovers to c->data.
+     */
+    while (len >= MD2_BLOCK) {
+        md2_block(c, data);
+        data += MD2_BLOCK;
+        len -= MD2_BLOCK;
+    }
+    memcpy(p, data, len);
+    c->num = (int)len;
+    return 1;
+}
+
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+{
+    register MD2_INT t, *sp1, *sp2;
+    register int i, j;
+    MD2_INT state[48];
+
+    sp1 = c->state;
+    sp2 = c->cksm;
+    j = sp2[MD2_BLOCK - 1];
+    for (i = 0; i < 16; i++) {
+        state[i] = sp1[i];
+        state[i + 16] = t = d[i];
+        state[i + 32] = (t ^ sp1[i]);
+        j = sp2[i] ^= S[t ^ j];
+    }
+    t = 0;
+    for (i = 0; i < 18; i++) {
+        for (j = 0; j < 48; j += 8) {
+            t = state[j + 0] ^= S[t];
+            t = state[j + 1] ^= S[t];
+            t = state[j + 2] ^= S[t];
+            t = state[j + 3] ^= S[t];
+            t = state[j + 4] ^= S[t];
+            t = state[j + 5] ^= S[t];
+            t = state[j + 6] ^= S[t];
+            t = state[j + 7] ^= S[t];
+        }
+        t = (t + i) & 0xff;
+    }
+    memcpy(sp1, state, 16 * sizeof(MD2_INT));
+    OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
+}
+
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+{
+    int i, v;
+    register UCHAR *cp;
+    register MD2_INT *p1, *p2;
+
+    cp = c->data;
+    p1 = c->state;
+    p2 = c->cksm;
+    v = MD2_BLOCK - c->num;
+    for (i = c->num; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) v;
+
+    md2_block(c, cp);
+
+    for (i = 0; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) p2[i];
+    md2_block(c, cp);
+
+    for (i = 0; i < 16; i++)
+        md[i] = (UCHAR) (p1[i] & 0xff);
+    OPENSSL_cleanse(c, sizeof(*c));
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/md2/md2_one.c b/openssl-1.1.0h/crypto/md2/md2_one.c
new file mode 100644
index 0000000..460f96e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md2/md2_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/md2.h>
+
+/*
+ * This is a separate file so that #defines in cryptlib.h can map my MD
+ * functions to different names
+ */
+
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD2_CTX c;
+    static unsigned char m[MD2_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD2_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD2_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD2_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/md4/build.info b/openssl-1.1.0h/crypto/md4/build.info
new file mode 100644
index 0000000..20846e0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md4/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md4_dgst.c md4_one.c
diff --git a/openssl-1.1.0h/crypto/md4/md4_dgst.c b/openssl-1.1.0h/crypto/md4/md4_dgst.c
new file mode 100644
index 0000000..5319618
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md4/md4_dgst.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslv.h>
+#include "md4_locl.h"
+
+/*
+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD4_Init(MD4_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md4_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD4_LONG XX[MD4_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 11, 0);
+        R0(B, C, D, A, X(15), 19, 0);
+        /* Round 1 */
+        R1(A, B, C, D, X(0), 3, 0x5A827999L);
+        R1(D, A, B, C, X(4), 5, 0x5A827999L);
+        R1(C, D, A, B, X(8), 9, 0x5A827999L);
+        R1(B, C, D, A, X(12), 13, 0x5A827999L);
+        R1(A, B, C, D, X(1), 3, 0x5A827999L);
+        R1(D, A, B, C, X(5), 5, 0x5A827999L);
+        R1(C, D, A, B, X(9), 9, 0x5A827999L);
+        R1(B, C, D, A, X(13), 13, 0x5A827999L);
+        R1(A, B, C, D, X(2), 3, 0x5A827999L);
+        R1(D, A, B, C, X(6), 5, 0x5A827999L);
+        R1(C, D, A, B, X(10), 9, 0x5A827999L);
+        R1(B, C, D, A, X(14), 13, 0x5A827999L);
+        R1(A, B, C, D, X(3), 3, 0x5A827999L);
+        R1(D, A, B, C, X(7), 5, 0x5A827999L);
+        R1(C, D, A, B, X(11), 9, 0x5A827999L);
+        R1(B, C, D, A, X(15), 13, 0x5A827999L);
+        /* Round 2 */
+        R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/md4/md4_locl.h b/openssl-1.1.0h/crypto/md4/md4_locl.h
new file mode 100644
index 0000000..6aec556
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md4/md4_locl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD4_LONG
+#define HASH_CTX                MD4_CTX
+#define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_UPDATE             MD4_Update
+#define HASH_TRANSFORM          MD4_Transform
+#define HASH_FINAL              MD4_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+
+#include "internal/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/*
+ * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
+ * to the code below.  Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); };\
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); };
diff --git a/openssl-1.1.0h/crypto/md4/md4_one.c b/openssl-1.1.0h/crypto/md4/md4_one.c
new file mode 100644
index 0000000..9f0989f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md4/md4_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD4_CTX c;
+    static unsigned char m[MD4_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD4_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD4_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD4_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD4_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/md5/asm/md5-586.pl b/openssl-1.1.0h/crypto/md5/asm/md5-586.pl
new file mode 100644
index 0000000..24f68af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/asm/md5-586.pl
@@ -0,0 +1,318 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0);
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$tmp1="edi";
+$tmp2="ebp";
+$X="esi";
+
+# What we need to load into $tmp for the next round
+%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
+@xo=(
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,	# R0
+ 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,	# R1
+ 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,	# R2
+ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
+ );
+
+&md5_block("md5_block_asm_data_order");
+&asm_finish();
+
+close STDOUT;
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
+	return($n{$p});
+	}
+
+sub R0
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&mov($tmp1,$C)  if $pos < 0;
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+
+	# body proper
+
+	&comment("R0 $ki");
+	&xor($tmp1,$d); # F function - part 2
+
+	&and($tmp1,$b); # F function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$d); # F function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+
+	&rotl($a,$s);
+
+	&mov($tmp1,&Np($c)) if $pos < 1;	# next tmp1 for R0
+	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
+
+	&add($a,$b);
+	}
+
+sub R1
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R1 $ki");
+
+	&xor($tmp1,$b); # G function - part 2
+	&and($tmp1,$d); # G function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$c);			# G function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# G function - part 1
+	&mov($tmp1,&Np($c)) if $pos == 1;	# G function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+
+sub R2
+	{
+	local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+	# This one is different, only 3 logical operations
+
+if (($n & 1) == 0)
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&xor($tmp1,$d); # H function - part 2
+
+	&xor($tmp1,$b); # H function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&add($a,$tmp1);
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
+
+	&rotl($a,$s);
+
+	&mov($tmp1,&Np($c));
+	}
+else
+	{
+	&comment("R2 $ki");
+	# make sure to do 'D' first, not 'B', else we clash with
+	# the last add from the previous round.
+
+	&add($b,$c);			# MOVED FORWARD
+	&xor($tmp1,$d); # H function - part 2
+
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$b); # H function - part 3
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$tmp1);
+	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
+	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
+
+	&rotl($a,$s);
+
+	&add($a,$b);
+	}
+	}
+
+sub R3
+	{
+	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+	&comment("R3 $ki");
+
+	# &not($tmp1)
+	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
+
+	&or($tmp1,$b);				# I function - part 3
+	&lea($a,&DWP($t,$a,$tmp2,1));
+
+	&xor($tmp1,$c); 			# I function - part 4
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
+	&mov($tmp2,&wparam(0)) if $pos == 2;
+
+	&add($a,$tmp1);
+	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
+	&add($K,64) if $pos >=1 && !$normal;
+
+	&rotl($a,$s);
+
+	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
+	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
+	&add($a,$b);
+	}
+
+
+sub md5_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the MD5_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+
+	&push("esi");
+	 &push("edi");
+	&mov($tmp1,	&wparam(0)); # edi
+	 &mov($X,	&wparam(1)); # esi
+	&mov($C,	&wparam(2));
+	 &push("ebp");
+	&shl($C,	6);
+	&push("ebx");
+	 &add($C,	$X); # offset we end at
+	&sub($C,	64);
+	 &mov($A,	&DWP( 0,$tmp1,"",0));
+	&push($C);	# Put on the TOS
+	 &mov($B,	&DWP( 4,$tmp1,"",0));
+	&mov($C,	&DWP( 8,$tmp1,"",0));
+	 &mov($D,	&DWP(12,$tmp1,"",0));
+
+	&set_label("start") unless $normal;
+	&comment("");
+	&comment("R0 section");
+
+	&R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
+	&R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
+	&R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
+	&R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
+	&R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
+	&R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
+	&R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
+	&R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
+	&R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
+	&R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
+	&R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
+	&R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
+	&R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
+	&R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
+	&R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
+	&R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
+
+	&comment("");
+	&comment("R1 section");
+	&R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
+	&R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
+	&R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
+	&R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
+	&R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
+	&R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
+	&R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
+	&R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
+	&R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
+	&R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
+	&R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
+	&R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
+	&R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
+	&R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
+	&R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
+	&R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
+
+	&comment("");
+	&comment("R2 section");
+	&R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
+	&R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
+	&R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
+	&R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
+	&R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
+	&R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
+	&R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
+	&R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
+	&R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
+	&R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
+	&R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
+	&R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
+	&R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
+	&R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
+	&R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
+	&R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
+
+	&comment("");
+	&comment("R3 section");
+	&R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
+	&R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
+	&R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
+	&R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
+	&R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
+	&R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
+	&R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
+	&R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
+	&R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
+	&R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
+	&R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
+	&R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
+	&R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
+	&R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
+	&R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
+	&R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
+
+	# &mov($tmp2,&wparam(0));	# done in the last R3
+	# &mov($tmp1,	&DWP( 0,$tmp2,"",0)); # done is the last R3
+
+	&add($A,$tmp1);
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));
+
+	&add($B,$tmp1);
+	&mov($tmp1,	&DWP( 8,$tmp2,"",0));
+
+	&add($C,$tmp1);
+	&mov($tmp1,	&DWP(12,$tmp2,"",0));
+
+	&add($D,$tmp1);
+	&mov(&DWP( 0,$tmp2,"",0),$A);
+
+	&mov(&DWP( 4,$tmp2,"",0),$B);
+	&mov($tmp1,&swtmp(0)) unless $normal;
+
+	&mov(&DWP( 8,$tmp2,"",0),$C);
+	 &mov(&DWP(12,$tmp2,"",0),$D);
+
+	&cmp($tmp1,$X) unless $normal;			# check count
+	 &jae(&label("start")) unless $normal;
+
+	&pop("eax"); # pop the temp variable off the stack
+	 &pop("ebx");
+	&pop("ebp");
+	 &pop("edi");
+	&pop("esi");
+	 &ret();
+	&function_end_B($name);
+	}
+
diff --git a/openssl-1.1.0h/crypto/md5/asm/md5-ia64.S b/openssl-1.1.0h/crypto/md5/asm/md5-ia64.S
new file mode 100644
index 0000000..c20467b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/asm/md5-ia64.S
@@ -0,0 +1,1002 @@
+/*
+ *
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+
+//	Common registers are assigned as follows:
+//
+//	COMMON
+//
+//	t0		Const Tbl Ptr	TPtr
+//	t1		Round Constant	TRound
+//	t4		Block residual	LenResid
+//	t5		Residual Data	DTmp
+//
+//	{in,out}0	Block 0 Cycle	RotateM0
+//	{in,out}1	Block Value 12	M12
+//	{in,out}2	Block Value 8	M8
+//	{in,out}3	Block Value 4	M4
+//	{in,out}4	Block Value 0	M0
+//	{in,out}5	Block 1 Cycle	RotateM1
+//	{in,out}6	Block Value 13	M13
+//	{in,out}7	Block Value 9	M9
+//	{in,out}8	Block Value 5	M5
+//	{in,out}9	Block Value 1	M1
+//	{in,out}10	Block 2 Cycle	RotateM2
+//	{in,out}11	Block Value 14	M14
+//	{in,out}12	Block Value 10	M10
+//	{in,out}13	Block Value 6	M6
+//	{in,out}14	Block Value 2	M2
+//	{in,out}15	Block 3 Cycle	RotateM3
+//	{in,out}16	Block Value 15	M15
+//	{in,out}17	Block Value 11	M11
+//	{in,out}18	Block Value 7	M7
+//	{in,out}19	Block Value 3	M3
+//	{in,out}20	Scratch			Z
+//	{in,out}21	Scratch			Y
+//	{in,out}22	Scratch			X
+//	{in,out}23	Scratch			W
+//	{in,out}24	Digest A		A
+//	{in,out}25	Digest B		B
+//	{in,out}26	Digest C		C
+//	{in,out}27	Digest D		D
+//	{in,out}28	Active Data Ptr	DPtr
+//	in28		Dummy Value		-
+//	out28		Dummy Value		-
+//	bt0			Coroutine Link	QUICK_RTN
+//
+///	These predicates are used for computing the padding block(s) and
+///	are shared between the driver and digest co-routines
+//
+//	pt0			Extra Pad Block	pExtra
+//	pt1			Load next word	pLoad
+//	pt2			Skip next word	pSkip
+//	pt3			Search for Pad	pNoPad
+//	pt4			Pad Word 0		pPad0
+//	pt5			Pad Word 1		pPad1
+//	pt6			Pad Word 2		pPad2
+//	pt7			Pad Word 3		pPad3
+
+#define	DTmp		r19
+#define	LenResid	r18
+#define	QUICK_RTN	b6
+#define	TPtr		r14
+#define	TRound		r15
+#define	pExtra		p6
+#define	pLoad		p7
+#define	pNoPad		p9
+#define	pPad0		p10
+#define	pPad1		p11
+#define	pPad2		p12
+#define	pPad3		p13
+#define	pSkip		p8
+
+#define	A_		out24
+#define	B_		out25
+#define	C_		out26
+#define	D_		out27
+#define	DPtr_		out28
+#define	M0_		out4
+#define	M1_		out9
+#define	M10_		out12
+#define	M11_		out17
+#define	M12_		out1
+#define	M13_		out6
+#define	M14_		out11
+#define	M15_		out16
+#define	M2_		out14
+#define	M3_		out19
+#define	M4_		out3
+#define	M5_		out8
+#define	M6_		out13
+#define	M7_		out18
+#define	M8_		out2
+#define	M9_		out7
+#define	RotateM0_	out0
+#define	RotateM1_	out5
+#define	RotateM2_	out10
+#define	RotateM3_	out15
+#define	W_		out23
+#define	X_		out22
+#define	Y_		out21
+#define	Z_		out20
+
+#define	A		in24
+#define	B		in25
+#define	C		in26
+#define	D		in27
+#define	DPtr		in28
+#define	M0		in4
+#define	M1		in9
+#define	M10		in12
+#define	M11		in17
+#define	M12		in1
+#define	M13		in6
+#define	M14		in11
+#define	M15		in16
+#define	M2		in14
+#define	M3		in19
+#define	M4		in3
+#define	M5		in8
+#define	M6		in13
+#define	M7		in18
+#define	M8		in2
+#define	M9		in7
+#define	RotateM0	in0
+#define	RotateM1	in5
+#define	RotateM2	in10
+#define	RotateM3	in15
+#define	W		in23
+#define	X		in22
+#define	Y		in21
+#define	Z		in20
+
+/* register stack configuration for md5_block_asm_data_order(): */
+#define	MD5_NINP	3
+#define	MD5_NLOC	0
+#define MD5_NOUT	29
+#define MD5_NROT	0
+
+/* register stack configuration for helpers: */
+#define	_NINPUTS	MD5_NOUT
+#define	_NLOCALS	0
+#define _NOUTPUT	0
+#define	_NROTATE	24	/* this must be <= _NINPUTS */
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define	ADDP	addp4
+#else
+#define	ADDP	add
+#endif
+
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define HOST_IS_BIG_ENDIAN
+#endif
+
+//	Macros for getting the left and right portions of little-endian words
+
+#define	GETLW(dst, src, align)	dep.z dst = src, 32 - 8 * align, 8 * align
+#define	GETRW(dst, src, align)	extr.u dst = src, 8 * align, 32 - 8 * align
+
+//	MD5 driver
+//
+//		Reads an input block, then calls the digest block
+//		subroutine and adds the results to the accumulated
+//		digest.  It allocates 32 outs which the subroutine
+//		uses as it's inputs and rotating
+//		registers. Initializes the round constant pointer and
+//		takes care of saving/restoring ar.lc
+//
+///	INPUT
+//
+//	in0		Context Ptr		CtxPtr0
+//	in1		Input Data Ptr		DPtrIn
+//	in2		Integral Blocks		BlockCount
+//	rp		Return Address		-
+//
+///	CODE
+//
+//	v2		Input Align		InAlign
+//	t0		Shared w/digest		-
+//	t1		Shared w/digest		-
+//	t2		Shared w/digest		-
+//	t3		Shared w/digest		-
+//	t4		Shared w/digest		-
+//	t5		Shared w/digest		-
+//	t6		PFS Save		PFSSave
+//	t7		ar.lc Save		LCSave
+//	t8		Saved PR		PRSave
+//	t9		2nd CtxPtr		CtxPtr1
+//	t10		Table Base		CTable
+//	t11		Table[0]		CTable0
+//	t13		Accumulator A		AccumA
+//	t14		Accumulator B		AccumB
+//	t15		Accumulator C		AccumC
+//	t16		Accumulator D		AccumD
+//	pt0		Shared w/digest		-
+//	pt1		Shared w/digest		-
+//	pt2		Shared w/digest		-
+//	pt3		Shared w/digest		-
+//	pt4		Shared w/digest		-
+//	pt5		Shared w/digest		-
+//	pt6		Shared w/digest		-
+//	pt7		Shared w/digest		-
+//	pt8		Not Aligned		pOff
+//	pt8		Blocks Left		pAgain
+
+#define	AccumA		r27
+#define	AccumB		r28
+#define	AccumC		r29
+#define	AccumD		r30
+#define	CTable		r24
+#define	CTable0		r25
+#define	CtxPtr0		in0
+#define	CtxPtr1		r23
+#define	DPtrIn		in1
+#define	BlockCount	in2
+#define	InAlign		r10
+#define	LCSave		r21
+#define	PFSSave		r20
+#define	PRSave		r22
+#define	pAgain		p63
+#define	pOff		p63
+
+	.text
+
+/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
+
+     where:
+      c: a pointer to a structure of this type:
+
+	   typedef struct MD5state_st
+	     {
+	       MD5_LONG A,B,C,D;
+	       MD5_LONG Nl,Nh;
+	       MD5_LONG data[MD5_LBLOCK];
+	       unsigned int num;
+	     }
+	   MD5_CTX;
+
+      data: a pointer to the input data (may be misaligned)
+      num:  the number of 16-byte blocks to hash (i.e., the length
+            of DATA is 16*NUM.
+
+   */
+
+	.type	md5_block_asm_data_order, @function
+	.global	md5_block_asm_data_order
+	.align	32
+	.proc	md5_block_asm_data_order
+md5_block_asm_data_order:
+.md5_block:
+	.prologue
+{	.mmi
+	.save	ar.pfs, PFSSave
+	alloc	PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
+	ADDP	CtxPtr1 = 8, CtxPtr0
+	mov	CTable = ip
+}
+{	.mmi
+	ADDP	DPtrIn = 0, DPtrIn
+	ADDP	CtxPtr0 = 0, CtxPtr0
+	.save	ar.lc, LCSave
+	mov	LCSave = ar.lc
+}
+;;
+{	.mmi
+	add	CTable = .md5_tbl_data_order#-.md5_block#, CTable
+	and	InAlign = 0x3, DPtrIn
+}
+
+{	.mmi
+	ld4	AccumA = [CtxPtr0], 4
+	ld4	AccumC = [CtxPtr1], 4
+	.save pr, PRSave
+	mov	PRSave = pr
+	.body
+}
+;;
+{	.mmi
+	ld4	AccumB = [CtxPtr0]
+	ld4	AccumD = [CtxPtr1]
+	dep	DPtr_ = 0, DPtrIn, 0, 2
+} ;;
+#ifdef HOST_IS_BIG_ENDIAN
+	rum	psr.be;;	// switch to little-endian
+#endif
+{	.mmb
+	ld4	CTable0 = [CTable], 4
+	cmp.ne	pOff, p0 = 0, InAlign
+(pOff)	br.cond.spnt.many .md5_unaligned
+} ;;
+
+//	The FF load/compute loop rotates values three times, so that
+//	loading into M12 here produces the M0 value, M13 -> M1, etc.
+
+.md5_block_loop0:
+{	.mmi
+	ld4	M12_ = [DPtr_], 4
+	mov	TPtr = CTable
+	mov	TRound = CTable0
+} ;;
+{	.mmi
+	ld4	M13_ = [DPtr_], 4
+	mov	A_ = AccumA
+	mov	B_ = AccumB
+} ;;
+{	.mmi
+	ld4	M14_ = [DPtr_], 4
+	mov	C_ = AccumC
+	mov	D_ = AccumD
+} ;;
+{	.mmb
+	ld4	M15_ = [DPtr_], 4
+	add	BlockCount = -1, BlockCount
+	br.call.sptk.many QUICK_RTN = md5_digest_block0
+} ;;
+
+//	Now, we add the new digest values and do some clean-up
+//	before checking if there's another full block to process
+
+{	.mmi
+	add	AccumA = AccumA, A_
+	add	AccumB = AccumB, B_
+	cmp.ne	pAgain, p0 = 0, BlockCount
+}
+{	.mib
+	add	AccumC = AccumC, C_
+	add	AccumD = AccumD, D_
+(pAgain) br.cond.dptk.many .md5_block_loop0
+} ;;
+
+.md5_exit:
+#ifdef HOST_IS_BIG_ENDIAN
+	sum	psr.be;;	// switch back to big-endian mode
+#endif
+{	.mmi
+	st4	[CtxPtr0] = AccumB, -4
+	st4	[CtxPtr1] = AccumD, -4
+	mov	pr = PRSave, 0x1ffff ;;
+}
+{	.mmi
+	st4	[CtxPtr0] = AccumA
+	st4	[CtxPtr1] = AccumC
+	mov	ar.lc = LCSave
+} ;;
+{	.mib
+	mov	ar.pfs = PFSSave
+	br.ret.sptk.few	rp
+} ;;
+
+#define	MD5UNALIGNED(offset)						\
+.md5_process##offset:							\
+{	.mib ;								\
+	nop	0x0	;						\
+	GETRW(DTmp, DTmp, offset) ;					\
+} ;;									\
+.md5_block_loop##offset:						\
+{	.mmi ;								\
+	ld4	Y_ = [DPtr_], 4 ;					\
+	mov	TPtr = CTable ;						\
+	mov	TRound = CTable0 ;					\
+} ;;									\
+{	.mmi ;								\
+	ld4	M13_ = [DPtr_], 4 ;					\
+	mov	A_ = AccumA ;						\
+	mov	B_ = AccumB ;						\
+} ;;									\
+{	.mii ;								\
+	ld4	M14_ = [DPtr_], 4 ;					\
+	GETLW(W_, Y_, offset) ;						\
+	mov	C_ = AccumC ;						\
+}									\
+{	.mmi ;								\
+	mov	D_ = AccumD ;;						\
+	or	M12_ = W_, DTmp ;					\
+	GETRW(DTmp, Y_, offset) ;					\
+}									\
+{	.mib ;								\
+	ld4	M15_ = [DPtr_], 4 ;					\
+	add	BlockCount = -1, BlockCount ;				\
+	br.call.sptk.many QUICK_RTN = md5_digest_block##offset;		\
+} ;;									\
+{	.mmi ;								\
+	add	AccumA = AccumA, A_ ;					\
+	add	AccumB = AccumB, B_ ;					\
+	cmp.ne	pAgain, p0 = 0, BlockCount ;				\
+}									\
+{	.mib ;								\
+	add	AccumC = AccumC, C_ ;					\
+	add	AccumD = AccumD, D_ ;					\
+(pAgain) br.cond.dptk.many .md5_block_loop##offset ;			\
+} ;;									\
+{	.mib ;								\
+	nop	0x0 ;							\
+	nop	0x0 ;							\
+	br.cond.sptk.many .md5_exit ;					\
+} ;;
+
+	.align	32
+.md5_unaligned:
+//
+//	Because variable shifts are expensive, we special case each of
+//	the four alignements. In practice, this won't hurt too much
+//	since only one working set of code will be loaded.
+//
+{	.mib
+	ld4	DTmp = [DPtr_], 4
+	cmp.eq	pOff, p0 = 1, InAlign
+(pOff)	br.cond.dpnt.many .md5_process1
+} ;;
+{	.mib
+	cmp.eq	pOff, p0 = 2, InAlign
+	nop	0x0
+(pOff)	br.cond.dpnt.many .md5_process2
+} ;;
+	MD5UNALIGNED(3)
+	MD5UNALIGNED(1)
+	MD5UNALIGNED(2)
+
+	.endp md5_block_asm_data_order
+
+
+// MD5 Perform the F function and load
+//
+// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
+// computes the FF() round of functions, then branches to the common
+// digest code to finish up with GG(), HH, and II().
+//
+// INPUT
+//
+// rp Return Address -
+//
+// CODE
+//
+// v0 PFS bit bucket PFS
+// v1 Loop Trip Count LTrip
+// pt0 Load next word pMore
+
+/* For F round: */
+#define LTrip	r9
+#define PFS	r8
+#define pMore	p6
+
+/* For GHI rounds: */
+#define T	r9
+#define U	r10
+#define V	r11
+
+#define COMPUTE(a, b, s, M, R)			\
+{						\
+	.mii ;					\
+	ld4 TRound = [TPtr], 4 ;		\
+	dep.z Y = Z, 32, 32 ;;			\
+	shrp Z = Z, Y, 64 - s ;			\
+} ;;						\
+{						\
+	.mmi ;					\
+	add a = Z, b ;				\
+	mov R = M ;				\
+	nop 0x0 ;				\
+} ;;
+
+#define LOOP(a, b, s, M, R, label)		\
+{	.mii ;					\
+	ld4 TRound = [TPtr], 4 ;		\
+	dep.z Y = Z, 32, 32 ;;			\
+	shrp Z = Z, Y, 64 - s ;			\
+} ;;						\
+{	.mib ;					\
+	add a = Z, b ;				\
+	mov R = M ;				\
+	br.ctop.sptk.many label ;		\
+} ;;
+
+// G(B, C, D) = (B & D) | (C & ~D)
+
+#define G(a, b, c, d, M)			\
+{	.mmi ;					\
+	add Z = M, TRound ;			\
+	and Y = b, d ;				\
+	andcm X = c, d ;			\
+} ;;						\
+{	.mii ;					\
+	add Z = Z, a ;				\
+	or Y = Y, X ;;				\
+	add Z = Z, Y ;				\
+} ;;
+
+// H(B, C, D) = B ^ C ^ D
+
+#define H(a, b, c, d, M)			\
+{	.mmi ;					\
+	add Z = M, TRound ;			\
+	xor Y = b, c ;				\
+	nop 0x0 ;				\
+} ;;						\
+{	.mii ;					\
+	add Z = Z, a ;				\
+	xor Y = Y, d ;;				\
+	add Z = Z, Y ;				\
+} ;;
+
+// I(B, C, D) = C ^ (B | ~D)
+//
+// However, since we have an andcm operator, we use the fact that
+//
+// Y ^ Z == ~Y ^ ~Z
+//
+// to rewrite the expression as
+//
+// I(B, C, D) = ~C ^ (~B & D)
+
+#define I(a, b, c, d, M)			\
+{	.mmi ;					\
+	add Z = M, TRound ;			\
+	andcm Y = d, b ;			\
+	andcm X = -1, c ;			\
+} ;;						\
+{	.mii ;					\
+	add Z = Z, a ;				\
+	xor Y = Y, X ;;				\
+	add Z = Z, Y ;				\
+} ;;
+
+#define GG4(label)				\
+	G(A, B, C, D, M0)			\
+	COMPUTE(A, B, 5, M0, RotateM0)		\
+	G(D, A, B, C, M1)			\
+	COMPUTE(D, A, 9, M1, RotateM1)		\
+	G(C, D, A, B, M2)			\
+	COMPUTE(C, D, 14, M2, RotateM2)		\
+	G(B, C, D, A, M3)			\
+	LOOP(B, C, 20, M3, RotateM3, label)
+
+#define HH4(label)				\
+	H(A, B, C, D, M0)			\
+	COMPUTE(A, B, 4, M0, RotateM0)		\
+	H(D, A, B, C, M1)			\
+	COMPUTE(D, A, 11, M1, RotateM1)		\
+	H(C, D, A, B, M2)			\
+	COMPUTE(C, D, 16, M2, RotateM2)		\
+	H(B, C, D, A, M3)			\
+	LOOP(B, C, 23, M3, RotateM3, label)
+
+#define II4(label)				\
+	I(A, B, C, D, M0)			\
+	COMPUTE(A, B, 6, M0, RotateM0)		\
+	I(D, A, B, C, M1)			\
+	COMPUTE(D, A, 10, M1, RotateM1)		\
+	I(C, D, A, B, M2)			\
+	COMPUTE(C, D, 15, M2, RotateM2)		\
+	I(B, C, D, A, M3)			\
+	LOOP(B, C, 21, M3, RotateM3, label)
+
+#define FFLOAD(a, b, c, d, M, N, s)		\
+{	.mii ;					\
+(pMore) ld4 N = [DPtr], 4 ;			\
+	add Z = M, TRound ;			\
+	and Y = c, b ;				\
+}						\
+{	.mmi ;					\
+	andcm X = d, b ;;			\
+	add Z = Z, a ;				\
+	or Y = Y, X ;				\
+} ;;						\
+{	.mii ;					\
+	ld4 TRound = [TPtr], 4 ;		\
+	add Z = Z, Y ;;				\
+	dep.z Y = Z, 32, 32 ;			\
+} ;;						\
+{	.mii ;					\
+	nop 0x0 ;				\
+	shrp Z = Z, Y, 64 - s ;;		\
+	add a = Z, b ;				\
+} ;;
+
+#define FFLOOP(a, b, c, d, M, N, s, dest)	\
+{	.mii ;					\
+(pMore)	ld4 N = [DPtr], 4 ;			\
+	add Z = M, TRound ;			\
+	and Y = c, b ;				\
+}						\
+{	.mmi ;					\
+	andcm X = d, b ;;			\
+	add Z = Z, a ;				\
+	or Y = Y, X ;				\
+} ;;						\
+{	.mii ;					\
+	ld4 TRound = [TPtr], 4 ;		\
+	add Z = Z, Y ;;				\
+	dep.z Y = Z, 32, 32 ;			\
+} ;;						\
+{	.mii ;					\
+	nop 0x0 ;				\
+	shrp Z = Z, Y, 64 - s ;;		\
+	add a = Z, b ;				\
+}						\
+{	.mib ;					\
+	cmp.ne pMore, p0 = 0, LTrip ;		\
+	add LTrip = -1, LTrip ;			\
+	br.ctop.dptk.many dest ;		\
+} ;;
+
+	.type md5_digest_block0, @function
+	.align 32
+
+	.proc md5_digest_block0
+	.prologue
+md5_digest_block0:
+	.altrp QUICK_RTN
+	.body
+{	.mmi
+	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+	mov LTrip = 2
+	mov ar.lc = 3
+} ;;
+{	.mii
+	cmp.eq pMore, p0 = r0, r0
+	mov ar.ec = 0
+	nop 0x0
+} ;;
+
+.md5_FF_round0:
+	FFLOAD(A, B, C, D, M12, RotateM0, 7)
+	FFLOAD(D, A, B, C, M13, RotateM1, 12)
+	FFLOAD(C, D, A, B, M14, RotateM2, 17)
+	FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
+	//
+	// !!! Fall through to md5_digest_GHI
+	//
+	.endp md5_digest_block0
+
+	.type md5_digest_GHI, @function
+	.align 32
+
+	.proc md5_digest_GHI
+	.prologue
+	.regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+md5_digest_GHI:
+	.altrp QUICK_RTN
+	.body
+//
+// The following sequence shuffles the block counstants round for the
+// next round:
+//
+// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+//
+{	.mmi
+	mov Z = M0
+	mov Y = M15
+	mov ar.lc = 3
+}
+{	.mmi
+	mov X = M2
+	mov W = M9
+	mov V = M4
+} ;;
+
+{	.mmi
+	mov M0 = M1
+	mov M15 = M12
+	mov ar.ec = 1
+}
+{	.mmi
+	mov M2 = M11
+	mov M9 = M14
+	mov M4 = M5
+} ;;
+
+{	.mmi
+	mov M1 = M6
+	mov M12 = M13
+	mov U = M3
+}
+{	.mmi
+	mov M11 = M8
+	mov M14 = M7
+	mov M5 = M10
+} ;;
+
+{	.mmi
+	mov M6 = Y
+	mov M13 = X
+	mov M3 = Z
+}
+{	.mmi
+	mov M8 = W
+	mov M7 = V
+	mov M10 = U
+} ;;
+
+.md5_GG_round:
+	GG4(.md5_GG_round)
+
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+
+{	.mmi
+	mov Z = M0
+	mov Y = M1
+	mov ar.lc = 3
+}
+{	.mmi
+	mov X = M3
+	mov W = M5
+	mov V = M6
+} ;;
+
+{	.mmi
+	mov M0 = M4
+	mov M1 = M11
+	mov ar.ec = 1
+}
+{	.mmi
+	mov M3 = M9
+	mov U = M8
+	mov T = M13
+} ;;
+
+{	.mmi
+	mov M4 = Z
+	mov M11 = Y
+	mov M5 = M7
+}
+{	.mmi
+	mov M6 = M14
+	mov M8 = M12
+	mov M13 = M15
+} ;;
+
+{	.mmi
+	mov M7 = W
+	mov M14 = V
+	nop 0x0
+}
+{	.mmi
+	mov M9 = X
+	mov M12 = U
+	mov M15 = T
+} ;;
+
+.md5_HH_round:
+	HH4(.md5_HH_round)
+
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
+
+{	.mmi
+	mov Z = M0
+	mov Y = M15
+	mov ar.lc = 3
+}
+{	.mmi
+	mov X = M10
+	mov W = M1
+	mov V = M4
+} ;;
+
+{	.mmi
+	mov M0 = M9
+	mov M15 = M12
+	mov ar.ec = 1
+}
+{	.mmi
+	mov M10 = M11
+	mov M1 = M6
+	mov M4 = M13
+} ;;
+
+{	.mmi
+	mov M9 = M14
+	mov M12 = M5
+	mov U = M3
+}
+{	.mmi
+	mov M11 = M8
+	mov M6 = M7
+	mov M13 = M2
+} ;;
+
+{	.mmi
+	mov M14 = Y
+	mov M5 = X
+	mov M3 = Z
+}
+{	.mmi
+	mov M8 = W
+	mov M7 = V
+	mov M2 = U
+} ;;
+
+.md5_II_round:
+	II4(.md5_II_round)
+
+{	.mib
+	nop 0x0
+	nop 0x0
+	br.ret.sptk.many QUICK_RTN
+} ;;
+
+	.endp md5_digest_GHI
+
+#define FFLOADU(a, b, c, d, M, P, N, s, offset)	\
+{	.mii ;					\
+(pMore) ld4 N = [DPtr], 4 ;			\
+	add Z = M, TRound ;			\
+	and Y = c, b ;				\
+}						\
+{	.mmi ;					\
+	andcm X = d, b ;;			\
+	add Z = Z, a ;				\
+	or Y = Y, X ;				\
+} ;;						\
+{	.mii ;					\
+	ld4 TRound = [TPtr], 4 ;		\
+	GETLW(W, P, offset) ;			\
+	add Z = Z, Y ;				\
+} ;;						\
+{	.mii ;					\
+	or W = W, DTmp ;			\
+	dep.z Y = Z, 32, 32 ;;			\
+	shrp Z = Z, Y, 64 - s ;			\
+} ;;						\
+{	.mii ;					\
+	add a = Z, b ;				\
+	GETRW(DTmp, P, offset) ;		\
+	mov P = W ;				\
+} ;;
+
+#define FFLOOPU(a, b, c, d, M, P, N, s, offset)		\
+{	.mii ;						\
+(pMore) ld4 N = [DPtr], 4 ;				\
+	add Z = M, TRound ;				\
+	and Y = c, b ;					\
+}							\
+{	.mmi ;						\
+	andcm X = d, b ;;				\
+	add Z = Z, a ;					\
+	or Y = Y, X ;					\
+} ;;							\
+{	.mii ;						\
+	ld4 TRound = [TPtr], 4 ;			\
+(pMore) GETLW(W, P, offset) 	;			\
+	add Z = Z, Y ;					\
+} ;;							\
+{	.mii ;						\
+(pMore) or W = W, DTmp ;				\
+	dep.z Y = Z, 32, 32 ;;				\
+	shrp Z = Z, Y, 64 - s ;				\
+} ;;							\
+{	.mii ;						\
+	add a = Z, b ;					\
+(pMore) GETRW(DTmp, P, offset) 	;			\
+(pMore) mov P = W ;					\
+}							\
+{	.mib ;						\
+	cmp.ne pMore, p0 = 0, LTrip ;			\
+	add LTrip = -1, LTrip ;				\
+	br.ctop.sptk.many .md5_FF_round##offset ;	\
+} ;;
+
+#define MD5FBLOCK(offset)						\
+	.type md5_digest_block##offset, @function ;			\
+									\
+	.align 32 ;							\
+	.proc md5_digest_block##offset ;				\
+	.prologue ;							\
+	.altrp QUICK_RTN ;						\
+	.body ;								\
+md5_digest_block##offset:						\
+{	.mmi ;								\
+	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;	\
+	mov LTrip = 2 ;							\
+	mov ar.lc = 3 ;							\
+} ;;									\
+{	.mii ;								\
+	cmp.eq pMore, p0 = r0, r0 ;					\
+	mov ar.ec = 0 ;							\
+	nop 0x0 ;							\
+} ;;									\
+									\
+	.pred.rel "mutex", pLoad, pSkip ;				\
+.md5_FF_round##offset:							\
+	FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)		\
+	FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)		\
+	FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)		\
+	FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)	\
+									\
+{	.mib ;								\
+	nop 0x0 ;							\
+	nop 0x0 ;							\
+	br.cond.sptk.many md5_digest_GHI ;				\
+} ;;									\
+	.endp md5_digest_block##offset
+
+MD5FBLOCK(1)
+MD5FBLOCK(2)
+MD5FBLOCK(3)
+
+	.align 64
+	.type md5_constants, @object
+md5_constants:
+.md5_tbl_data_order:			// To ensure little-endian data
+					// order, code as bytes.
+	data1 0x78, 0xa4, 0x6a, 0xd7	//     0
+	data1 0x56, 0xb7, 0xc7, 0xe8	//     1
+	data1 0xdb, 0x70, 0x20, 0x24	//     2
+	data1 0xee, 0xce, 0xbd, 0xc1	//     3
+	data1 0xaf, 0x0f, 0x7c, 0xf5	//     4
+	data1 0x2a, 0xc6, 0x87, 0x47	//     5
+	data1 0x13, 0x46, 0x30, 0xa8	//     6
+	data1 0x01, 0x95, 0x46, 0xfd	//     7
+	data1 0xd8, 0x98, 0x80, 0x69	//     8
+	data1 0xaf, 0xf7, 0x44, 0x8b	//     9
+	data1 0xb1, 0x5b, 0xff, 0xff	//    10
+	data1 0xbe, 0xd7, 0x5c, 0x89	//    11
+	data1 0x22, 0x11, 0x90, 0x6b	//    12
+	data1 0x93, 0x71, 0x98, 0xfd	//    13
+	data1 0x8e, 0x43, 0x79, 0xa6	//    14
+	data1 0x21, 0x08, 0xb4, 0x49	//    15
+	data1 0x62, 0x25, 0x1e, 0xf6	//    16
+	data1 0x40, 0xb3, 0x40, 0xc0	//    17
+	data1 0x51, 0x5a, 0x5e, 0x26	//    18
+	data1 0xaa, 0xc7, 0xb6, 0xe9	//    19
+	data1 0x5d, 0x10, 0x2f, 0xd6	//    20
+	data1 0x53, 0x14, 0x44, 0x02	//    21
+	data1 0x81, 0xe6, 0xa1, 0xd8	//    22
+	data1 0xc8, 0xfb, 0xd3, 0xe7	//    23
+	data1 0xe6, 0xcd, 0xe1, 0x21	//    24
+	data1 0xd6, 0x07, 0x37, 0xc3	//    25
+	data1 0x87, 0x0d, 0xd5, 0xf4	//    26
+	data1 0xed, 0x14, 0x5a, 0x45	//    27
+	data1 0x05, 0xe9, 0xe3, 0xa9	//    28
+	data1 0xf8, 0xa3, 0xef, 0xfc	//    29
+	data1 0xd9, 0x02, 0x6f, 0x67	//    30
+	data1 0x8a, 0x4c, 0x2a, 0x8d	//    31
+	data1 0x42, 0x39, 0xfa, 0xff	//    32
+	data1 0x81, 0xf6, 0x71, 0x87	//    33
+	data1 0x22, 0x61, 0x9d, 0x6d	//    34
+	data1 0x0c, 0x38, 0xe5, 0xfd	//    35
+	data1 0x44, 0xea, 0xbe, 0xa4	//    36
+	data1 0xa9, 0xcf, 0xde, 0x4b	//    37
+	data1 0x60, 0x4b, 0xbb, 0xf6	//    38
+	data1 0x70, 0xbc, 0xbf, 0xbe	//    39
+	data1 0xc6, 0x7e, 0x9b, 0x28	//    40
+	data1 0xfa, 0x27, 0xa1, 0xea	//    41
+	data1 0x85, 0x30, 0xef, 0xd4	//    42
+	data1 0x05, 0x1d, 0x88, 0x04	//    43
+	data1 0x39, 0xd0, 0xd4, 0xd9	//    44
+	data1 0xe5, 0x99, 0xdb, 0xe6	//    45
+	data1 0xf8, 0x7c, 0xa2, 0x1f	//    46
+	data1 0x65, 0x56, 0xac, 0xc4	//    47
+	data1 0x44, 0x22, 0x29, 0xf4	//    48
+	data1 0x97, 0xff, 0x2a, 0x43	//    49
+	data1 0xa7, 0x23, 0x94, 0xab	//    50
+	data1 0x39, 0xa0, 0x93, 0xfc	//    51
+	data1 0xc3, 0x59, 0x5b, 0x65	//    52
+	data1 0x92, 0xcc, 0x0c, 0x8f	//    53
+	data1 0x7d, 0xf4, 0xef, 0xff	//    54
+	data1 0xd1, 0x5d, 0x84, 0x85	//    55
+	data1 0x4f, 0x7e, 0xa8, 0x6f	//    56
+	data1 0xe0, 0xe6, 0x2c, 0xfe	//    57
+	data1 0x14, 0x43, 0x01, 0xa3	//    58
+	data1 0xa1, 0x11, 0x08, 0x4e	//    59
+	data1 0x82, 0x7e, 0x53, 0xf7	//    60
+	data1 0x35, 0xf2, 0x3a, 0xbd	//    61
+	data1 0xbb, 0xd2, 0xd7, 0x2a	//    62
+	data1 0x91, 0xd3, 0x86, 0xeb	//    63
+.size	md5_constants#,64*4
diff --git a/openssl-1.1.0h/crypto/md5/asm/md5-sparcv9.pl b/openssl-1.1.0h/crypto/md5/asm/md5-sparcv9.pl
new file mode 100644
index 0000000..09e6d71
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/asm/md5-sparcv9.pl
@@ -0,0 +1,437 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# ====================================================================
+
+# MD5 for SPARCv9, 6.9 cycles per byte on UltraSPARC, >40% faster than
+# code generated by Sun C 5.2.
+
+# SPARC T4 MD5 hardware achieves 3.20 cycles per byte, which is 2.1x
+# faster than software. Multi-process benchmark saturates at 12x
+# single-process result on 8-core processor, or ~11GBps per 2.85GHz
+# socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+use integer;
+
+($ctx,$inp,$len)=("%i0","%i1","%i2");	# input arguments
+
+# 64-bit values
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%o7","%g1","%g2");
+$tx="%g3";
+($AB,$CD)=("%g4","%g5");
+
+# 32-bit values
+@V=($A,$B,$C,$D)=map("%l$_",(0..3));
+($t1,$t2,$t3,$saved_asi)=map("%l$_",(4..7));
+($shr,$shl1,$shl2)=("%i3","%i4","%i5");
+
+my @K=(	0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
+	0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
+	0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
+	0x6b901122,0xfd987193,0xa679438e,0x49b40821,
+
+	0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
+	0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
+	0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
+	0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
+
+	0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
+	0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
+	0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
+	0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
+
+	0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
+	0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
+	0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
+	0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391, 0	);
+
+sub R0 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (7,12,17,22)[$i%4];
+  my $j   = ($i+1)/2;
+
+  if ($i&1) {
+    $code.=<<___;
+	 srlx	@X[$j],$shr,@X[$j]	! align X[`$i+1`]
+	and	$b,$t1,$t1		! round $i
+	 sllx	@X[$j+1],$shl1,$tx
+	add	$t2,$a,$a
+	 sllx	$tx,$shl2,$tx
+	xor	$d,$t1,$t1
+	 or	$tx,@X[$j],@X[$j]
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	@X[$j],$t2,$t2		! X[`$i+1`]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+  } else {
+    $code.=<<___;
+	 srlx	@X[$j],32,$tx		! extract X[`2*$j+1`]
+	and	$b,$t1,$t1		! round $i
+	add	$t2,$a,$a
+	xor	$d,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$tx,$t2,$t2		! X[`2*$j+1`]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+  }
+}
+
+sub R0_1 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (7,12,17,22)[$i%4];
+
+$code.=<<___;
+	 srlx	@X[0],32,$tx		! extract X[1]
+	and	$b,$t1,$t1		! round $i
+	add	$t2,$a,$a
+	xor	$d,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$tx,$t2,$t2		! X[1]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 andn	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R1 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (5,9,14,20)[$i%4];
+  my $j   = $i<31 ? (1+5*($i+1))%16 : (5+3*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	and	$b,$d,$t3		! round $i
+	add	$t2,$a,$a
+	or	$t3,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 `$i<31?"andn":"xor"`	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R2 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (4,11,16,23)[$i%4];
+  my $j   = $i<47 ? (5+3*($i+1))%16 : (0+7*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	add	$t2,$a,$a		! round $i
+	xor	$b,$t1,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	 or	$t2,%lo(@K[$i+1]),$t2
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	 xor	 $b,$c,$t1
+	add	$t3,$a,$a
+___
+}
+
+sub R3 {
+  my ($i,$a,$b,$c,$d) = @_;
+  my $rot = (6,10,15,21)[$i%4];
+  my $j   = (0+7*($i+1))%16;
+  my $xi  = @X[$j/2];
+
+$code.=<<___;
+	add	$t2,$a,$a		! round $i
+___
+$code.=<<___ if ($j&1 && ($xi=$tx));
+	 srlx	@X[$j/2],32,$xi		! extract X[$j]
+___
+$code.=<<___;
+	orn	$b,$d,$t1
+	 sethi	%hi(@K[$i+1]),$t2
+	xor	$c,$t1,$t1
+	 or	$t2,%lo(@K[$i+1]),$t2
+	add	$t1,$a,$a
+	sll	$a,$rot,$t3
+	 add	$xi,$t2,$t2		! X[$j]+K[`$i+1`]
+	srl	$a,32-$rot,$a
+	add	$b,$t3,$t3
+	add	$t3,$a,$a
+___
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	md5_block_asm_data_order
+.align	32
+md5_block_asm_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_MD5, %g0
+	be	.Lsoftware
+	nop
+
+	mov	4, %g1
+	andcc	%o1, 0x7, %g0
+	lda	[%o0 + %g0]0x88, %f0		! load context
+	lda	[%o0 + %g1]0x88, %f1
+	add	%o0, 8, %o0
+	lda	[%o0 + %g0]0x88, %f2
+	lda	[%o0 + %g1]0x88, %f3
+	bne,pn	%icc, .Lhwunaligned
+	sub	%o0, 8, %o0
+
+.Lhw_loop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet? 
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02800		! MD5
+
+	bne,pt	SIZE_T_CC, .Lhw_loop
+	nop
+
+.Lhwfinish:
+	sta	%f0, [%o0 + %g0]0x88	! store context
+	sta	%f1, [%o0 + %g1]0x88
+	add	%o0, 8, %o0
+	sta	%f2, [%o0 + %g0]0x88
+	sta	%f3, [%o0 + %g1]0x88
+	retl
+	nop
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02800		! MD5
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME,%sp
+
+	rd	%asi,$saved_asi
+	wr	%g0,0x88,%asi		! ASI_PRIMARY_LITTLE
+	and	$inp,7,$shr
+	andn	$inp,7,$inp
+
+	sll	$shr,3,$shr		! *=8
+	mov	56,$shl2
+	ld	[$ctx+0],$A
+	sub	$shl2,$shr,$shl2
+	ld	[$ctx+4],$B
+	and	$shl2,32,$shl1
+	add	$shl2,8,$shl2
+	ld	[$ctx+8],$C
+	sub	$shl2,$shl1,$shl2	! shr+shl1+shl2==64
+	ld	[$ctx+12],$D
+	nop
+
+.Loop:
+	 cmp	$shr,0			! was inp aligned?
+	ldxa	[$inp+0]%asi,@X[0]	! load little-endian input
+	ldxa	[$inp+8]%asi,@X[1]
+	ldxa	[$inp+16]%asi,@X[2]
+	ldxa	[$inp+24]%asi,@X[3]
+	ldxa	[$inp+32]%asi,@X[4]
+	 sllx	$A,32,$AB		! pack A,B
+	ldxa	[$inp+40]%asi,@X[5]
+	 sllx	$C,32,$CD		! pack C,D
+	ldxa	[$inp+48]%asi,@X[6]
+	 or	$B,$AB,$AB
+	ldxa	[$inp+56]%asi,@X[7]
+	 or	$D,$CD,$CD
+	bnz,a,pn	%icc,.+8
+	ldxa	[$inp+64]%asi,@X[8]
+
+	srlx	@X[0],$shr,@X[0]	! align X[0]
+	sllx	@X[1],$shl1,$tx
+	 sethi	%hi(@K[0]),$t2
+	sllx	$tx,$shl2,$tx
+	 or	$t2,%lo(@K[0]),$t2
+	or	$tx,@X[0],@X[0]
+	 xor	$C,$D,$t1
+	 add	@X[0],$t2,$t2		! X[0]+K[0]
+___
+	for ($i=0;$i<15;$i++)	{ &R0($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<16;$i++)	{ &R0_1($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<32;$i++)	{ &R1($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<48;$i++)	{ &R2($i,@V);	unshift(@V,pop(@V)); }
+	for (;$i<64;$i++)	{ &R3($i,@V);	unshift(@V,pop(@V)); }
+$code.=<<___;
+	srlx	$AB,32,$t1		! unpack A,B,C,D and accumulate
+	add	$inp,64,$inp		! advance inp
+	srlx	$CD,32,$t2
+	add	$t1,$A,$A
+	subcc	$len,1,$len		! done yet?
+	add	$AB,$B,$B
+	add	$t2,$C,$C
+	add	$CD,$D,$D
+	srl	$B,0,$B			! clruw	$B
+	bne	SIZE_T_CC,.Loop
+	srl	$D,0,$D			! clruw	$D
+
+	st	$A,[$ctx+0]		! write out ctx
+	st	$B,[$ctx+4]
+	st	$C,[$ctx+8]
+	st	$D,[$ctx+12]
+
+	wr	%g0,$saved_asi,%asi
+	ret
+	restore
+.type	md5_block_asm_data_order,#function
+.size	md5_block_asm_data_order,(.-md5_block_asm_data_order)
+
+.asciz	"MD5 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/md5/asm/md5-x86_64.pl b/openssl-1.1.0h/crypto/md5/asm/md5-x86_64.pl
new file mode 100755
index 0000000..3f656dc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/asm/md5-x86_64.pl
@@ -0,0 +1,380 @@
+#! /usr/bin/env perl
+# Author: Marc Bevand <bevand_m (at) epita.fr>
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# MD5 optimized for AMD64.
+
+use strict;
+
+my $code;
+
+# round1_step() does:
+#   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = z' (copy of z for the next step)
+# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC)
+sub round1_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
+    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	xor	$y,		%r11d		/* y ^ ... */
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	and	$x,		%r11d		/* x & ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$z,		%r11d		/* z ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+	rol	\$$s,		$dst		/* dst <<< s */
+	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+# round2_step() does:
+#   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = z' (copy of z for the next step)
+#   %r12d = z' (copy of z for the next step)
+# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC)
+sub round2_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= " mov	%edx,		%r12d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	not	%r11d				/* not z */
+	and	$x,		%r12d		/* x & z */
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	and	$y,		%r11d		/* y & (not z) */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	or	%r11d,		%r12d		/* (y & (not z)) | (x & z) */
+	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
+	add	%r12d,		$dst		/* dst += ... */
+	mov	$y,		%r12d		/* (NEXT STEP) z' = $y */
+	rol	\$$s,		$dst		/* dst <<< s */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+# round3_step() does:
+#   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = y' (copy of y for the next step)
+# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC)
+{ my $round3_alter=0;
+sub round3_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
+    $code .= <<EOF;
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	xor	$z,		%r11d		/* z ^ ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$x,		%r11d		/* x ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+EOF
+    $code .= <<EOF if ($round3_alter);
+	rol	\$$s,		$dst		/* dst <<< s */
+	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */
+EOF
+    $code .= <<EOF if (!$round3_alter);
+	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */
+	rol	\$$s,		$dst		/* dst <<< s */
+EOF
+    $code .= <<EOF;
+	add	$x,		$dst		/* dst += x */
+EOF
+    $round3_alter^=1;
+}
+}
+
+# round4_step() does:
+#   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)
+#   %r10d = X[k_next]
+#   %r11d = not z' (copy of not z for the next step)
+# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC)
+sub round4_step
+{
+    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+    $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);
+    $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"
+    if ($pos == -1);
+    $code .= <<EOF;
+	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
+	or	$x,		%r11d		/* x | ... */
+	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
+	xor	$y,		%r11d		/* y ^ ... */
+	add	%r11d,		$dst		/* dst += ... */
+	mov	\$0xffffffff,	%r11d
+	rol	\$$s,		$dst		/* dst <<< s */
+	xor	$y,		%r11d		/* (NEXT STEP) not z' = not $y */
+	add	$x,		$dst		/* dst += x */
+EOF
+}
+
+no warnings qw(uninitialized);
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$code .= <<EOF;
+.text
+.align 16
+
+.globl md5_block_asm_data_order
+.type md5_block_asm_data_order,\@function,3
+md5_block_asm_data_order:
+	push	%rbp
+	push	%rbx
+	push	%r12
+	push	%r14
+	push	%r15
+.Lprologue:
+
+	# rdi = arg #1 (ctx, MD5_CTX pointer)
+	# rsi = arg #2 (ptr, data pointer)
+	# rdx = arg #3 (nbr, number of 16-word blocks to process)
+	mov	%rdi,		%rbp	# rbp = ctx
+	shl	\$6,		%rdx	# rdx = nbr in bytes
+	lea	(%rsi,%rdx),	%rdi	# rdi = end
+	mov	0*4(%rbp),	%eax	# eax = ctx->A
+	mov	1*4(%rbp),	%ebx	# ebx = ctx->B
+	mov	2*4(%rbp),	%ecx	# ecx = ctx->C
+	mov	3*4(%rbp),	%edx	# edx = ctx->D
+	# end is 'rdi'
+	# ptr is 'rsi'
+	# A is 'eax'
+	# B is 'ebx'
+	# C is 'ecx'
+	# D is 'edx'
+
+	cmp	%rdi,		%rsi		# cmp end with ptr
+	je	.Lend				# jmp if ptr == end
+
+	# BEGIN of loop over 16-word blocks
+.Lloop:	# save old values of A, B, C, D
+	mov	%eax,		%r8d
+	mov	%ebx,		%r9d
+	mov	%ecx,		%r14d
+	mov	%edx,		%r15d
+EOF
+round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17');
+round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22');
+round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7');
+round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12');
+round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17');
+round1_step( 1,'%ebx','%ecx','%edx','%eax', '1','0x49b40821','22');
+
+round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14');
+round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20');
+round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5');
+round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9');
+round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14');
+round2_step( 1,'%ebx','%ecx','%edx','%eax', '5','0x8d2a4c8a','20');
+
+round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16');
+round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23');
+round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4');
+round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11');
+round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16');
+round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23');
+
+round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15');
+round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21');
+round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6');
+round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10');
+round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15');
+round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21');
+$code .= <<EOF;
+	# add old values of A, B, C, D
+	add	%r8d,	%eax
+	add	%r9d,	%ebx
+	add	%r14d,	%ecx
+	add	%r15d,	%edx
+
+	# loop control
+	add	\$64,		%rsi		# ptr += 64
+	cmp	%rdi,		%rsi		# cmp end with ptr
+	jb	.Lloop				# jmp if ptr < end
+	# END of loop over 16-word blocks
+
+.Lend:
+	mov	%eax,		0*4(%rbp)	# ctx->A = A
+	mov	%ebx,		1*4(%rbp)	# ctx->B = B
+	mov	%ecx,		2*4(%rbp)	# ctx->C = C
+	mov	%edx,		3*4(%rbp)	# ctx->D = D
+
+	mov	(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r12
+	mov	24(%rsp),%rbx
+	mov	32(%rsp),%rbp
+	add	\$40,%rsp
+.Lepilogue:
+	ret
+.size md5_block_asm_data_order,.-md5_block_asm_data_order
+EOF
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	lea	40(%rax),%rax
+
+	mov	-8(%rax),%rbp
+	mov	-16(%rax),%rbx
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r14
+	mov	-40(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_md5_block_asm_data_order
+	.rva	.LSEH_end_md5_block_asm_data_order
+	.rva	.LSEH_info_md5_block_asm_data_order
+
+.section	.xdata
+.align	8
+.LSEH_info_md5_block_asm_data_order:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/md5/build.info b/openssl-1.1.0h/crypto/md5/build.info
new file mode 100644
index 0000000..38323a3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/build.info
@@ -0,0 +1,22 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md5_dgst.c md5_one.c {- $target{md5_asm_src} -}
+
+GENERATE[md5-586.s]=asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+
+GENERATE[md5-x86_64.s]=asm/md5-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[md5-sparcv9.S]=asm/md5-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[md5-sparcv9.o]=..
+
+BEGINRAW[makefile(windows)]
+{- $builddir -}\md5-ia64.asm: {- $sourcedir -}\asm\md5-ia64.S
+	$(CC) $(CFLAGS) -EP {- $sourcedir -}\asm\md5-ia64.S > $@.i && move /Y $@.i $@
+ENDRAW[makefile(windows)]
+
+BEGINRAW[Makefile]
+{- $builddir -}/md5-ia64.s: {- $sourcedir -}/asm/md5-ia64.S
+	$(CC) $(CFLAGS) -E {- $sourcedir -}/asm/md5-ia64.S | \
+	$(PERL) -ne 's/;\s+/;\n/g; print;' > $@
+
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/md5/md5_dgst.c b/openssl-1.1.0h/crypto/md5/md5_dgst.c
new file mode 100644
index 0000000..fbede67
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/md5_dgst.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "md5_locl.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD5_Init(MD5_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md5_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD5_LONG XX[MD5_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 7, 0xd76aa478L);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 17, 0x242070dbL);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 12, 0x4787c62aL);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 17, 0xa8304613L);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 22, 0xfd469501L);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 7, 0x698098d8L);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 22, 0x895cd7beL);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 7, 0x6b901122L);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 12, 0xfd987193L);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 17, 0xa679438eL);
+        R0(B, C, D, A, X(15), 22, 0x49b40821L);
+        /* Round 1 */
+        R1(A, B, C, D, X(1), 5, 0xf61e2562L);
+        R1(D, A, B, C, X(6), 9, 0xc040b340L);
+        R1(C, D, A, B, X(11), 14, 0x265e5a51L);
+        R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
+        R1(A, B, C, D, X(5), 5, 0xd62f105dL);
+        R1(D, A, B, C, X(10), 9, 0x02441453L);
+        R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
+        R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
+        R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
+        R1(D, A, B, C, X(14), 9, 0xc33707d6L);
+        R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
+        R1(B, C, D, A, X(8), 20, 0x455a14edL);
+        R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
+        R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
+        R1(C, D, A, B, X(7), 14, 0x676f02d9L);
+        R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A, B, C, D, X(5), 4, 0xfffa3942L);
+        R2(D, A, B, C, X(8), 11, 0x8771f681L);
+        R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
+        R2(B, C, D, A, X(14), 23, 0xfde5380cL);
+        R2(A, B, C, D, X(1), 4, 0xa4beea44L);
+        R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
+        R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
+        R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
+        R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
+        R2(D, A, B, C, X(0), 11, 0xeaa127faL);
+        R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
+        R2(B, C, D, A, X(6), 23, 0x04881d05L);
+        R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
+        R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
+        R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
+        R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
+        /* Round 3 */
+        R3(A, B, C, D, X(0), 6, 0xf4292244L);
+        R3(D, A, B, C, X(7), 10, 0x432aff97L);
+        R3(C, D, A, B, X(14), 15, 0xab9423a7L);
+        R3(B, C, D, A, X(5), 21, 0xfc93a039L);
+        R3(A, B, C, D, X(12), 6, 0x655b59c3L);
+        R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
+        R3(C, D, A, B, X(10), 15, 0xffeff47dL);
+        R3(B, C, D, A, X(1), 21, 0x85845dd1L);
+        R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
+        R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
+        R3(C, D, A, B, X(6), 15, 0xa3014314L);
+        R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
+        R3(A, B, C, D, X(4), 6, 0xf7537e82L);
+        R3(D, A, B, C, X(11), 10, 0xbd3af235L);
+        R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
+        R3(B, C, D, A, X(9), 21, 0xeb86d391L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/md5/md5_locl.h b/openssl-1.1.0h/crypto/md5/md5_locl.h
new file mode 100644
index 0000000..9c7aade
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/md5_locl.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/md5.h>
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__sparc) || defined(__sparc__)
+#  define md5_block_data_order md5_block_asm_data_order
+# endif
+#endif
+
+void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD5_LONG
+#define HASH_CTX                MD5_CTX
+#define HASH_CBLOCK             MD5_CBLOCK
+#define HASH_UPDATE             MD5_Update
+#define HASH_TRANSFORM          MD5_Transform
+#define HASH_FINAL              MD5_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+
+#include "internal/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
+*/
+
+/*
+ * As pointed out by Wei Dai <weidai@eskimo.com>, the above can be simplified
+ * to the code below.  Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };\
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+I((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
diff --git a/openssl-1.1.0h/crypto/md5/md5_one.c b/openssl-1.1.0h/crypto/md5/md5_one.c
new file mode 100644
index 0000000..becd87e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/md5/md5_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD5_CTX c;
+    static unsigned char m[MD5_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD5_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD5_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD5_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD5_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/mdc2/build.info b/openssl-1.1.0h/crypto/mdc2/build.info
new file mode 100644
index 0000000..8fe6878
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mdc2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        mdc2dgst.c mdc2_one.c
diff --git a/openssl-1.1.0h/crypto/mdc2/mdc2_one.c b/openssl-1.1.0h/crypto/mdc2/mdc2_one.c
new file mode 100644
index 0000000..472a5ec
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mdc2/mdc2_one.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MDC2_CTX c;
+    static unsigned char m[MDC2_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MDC2_Init(&c))
+        return NULL;
+    MDC2_Update(&c, d, n);
+    MDC2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/mdc2/mdc2dgst.c b/openssl-1.1.0h/crypto/mdc2/mdc2dgst.c
new file mode 100644
index 0000000..37d99f4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mdc2/mdc2dgst.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+int MDC2_Init(MDC2_CTX *c)
+{
+    c->num = 0;
+    c->pad_type = 1;
+    memset(&(c->h[0]), 0x52, MDC2_BLOCK);
+    memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
+    return 1;
+}
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    size_t i, j;
+
+    i = c->num;
+    if (i != 0) {
+        if (len < MDC2_BLOCK - i) {
+            /* partial block */
+            memcpy(&(c->data[i]), in, len);
+            c->num += (int)len;
+            return 1;
+        } else {
+            /* filled one */
+            j = MDC2_BLOCK - i;
+            memcpy(&(c->data[i]), in, j);
+            len -= j;
+            in += j;
+            c->num = 0;
+            mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
+        }
+    }
+    i = len & ~((size_t)MDC2_BLOCK - 1);
+    if (i > 0)
+        mdc2_body(c, in, i);
+    j = len - i;
+    if (j > 0) {
+        memcpy(&(c->data[0]), &(in[i]), j);
+        c->num = (int)j;
+    }
+    return 1;
+}
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG ttin0, ttin1;
+    DES_LONG d[2], dd[2];
+    DES_key_schedule k;
+    unsigned char *p;
+    size_t i;
+
+    for (i = 0; i < len; i += 8) {
+        c2l(in, tin0);
+        d[0] = dd[0] = tin0;
+        c2l(in, tin1);
+        d[1] = dd[1] = tin1;
+        c->h[0] = (c->h[0] & 0x9f) | 0x40;
+        c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
+
+        DES_set_odd_parity(&c->h);
+        DES_set_key_unchecked(&c->h, &k);
+        DES_encrypt1(d, &k, 1);
+
+        DES_set_odd_parity(&c->hh);
+        DES_set_key_unchecked(&c->hh, &k);
+        DES_encrypt1(dd, &k, 1);
+
+        ttin0 = tin0 ^ dd[0];
+        ttin1 = tin1 ^ dd[1];
+        tin0 ^= d[0];
+        tin1 ^= d[1];
+
+        p = c->h;
+        l2c(tin0, p);
+        l2c(ttin1, p);
+        p = c->hh;
+        l2c(ttin0, p);
+        l2c(tin1, p);
+    }
+}
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+{
+    unsigned int i;
+    int j;
+
+    i = c->num;
+    j = c->pad_type;
+    if ((i > 0) || (j == 2)) {
+        if (j == 2)
+            c->data[i++] = 0x80;
+        memset(&(c->data[i]), 0, MDC2_BLOCK - i);
+        mdc2_body(c, c->data, MDC2_BLOCK);
+    }
+    memcpy(md, (char *)c->h, MDC2_BLOCK);
+    memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
+    return 1;
+}
+
+#undef TEST
+
+#ifdef TEST
+main()
+{
+    unsigned char md[MDC2_DIGEST_LENGTH];
+    int i;
+    MDC2_CTX c;
+    static char *text = "Now is the time for all ";
+
+    MDC2_Init(&c);
+    MDC2_Update(&c, text, strlen(text));
+    MDC2_Final(&(md[0]), &c);
+
+    for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+        printf("%02X", md[i]);
+    printf("\n");
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/mem.c b/openssl-1.1.0h/crypto/mem.c
new file mode 100644
index 0000000..72b04c8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mem.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+/*
+ * the following pointers may be changed as long as 'allow_customize' is set
+ */
+static int allow_customize = 1;
+
+static void *(*malloc_impl)(size_t, const char *, int)
+    = CRYPTO_malloc;
+static void *(*realloc_impl)(void *, size_t, const char *, int)
+    = CRYPTO_realloc;
+static void (*free_impl)(void *, const char *, int)
+    = CRYPTO_free;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static int call_malloc_debug = 1;
+#else
+static int call_malloc_debug = 0;
+#endif
+
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
+{
+    if (!allow_customize)
+        return 0;
+    if (m)
+        malloc_impl = m;
+    if (r)
+        realloc_impl = r;
+    if (f)
+        free_impl = f;
+    return 1;
+}
+
+int CRYPTO_set_mem_debug(int flag)
+{
+    if (!allow_customize)
+        return 0;
+    call_malloc_debug = flag;
+    return 1;
+}
+
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
+{
+    if (m != NULL)
+        *m = malloc_impl;
+    if (r != NULL)
+        *r = realloc_impl;
+    if (f != NULL)
+        *f = free_impl;
+}
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+{
+    void *ret = NULL;
+
+    if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
+        return malloc_impl(num, file, line);
+
+    if (num == 0)
+        return NULL;
+
+    if (allow_customize) {
+        /*
+         * Disallow customization after the first allocation. We only set this
+         * if necessary to avoid a store to the same cache line on every
+         * allocation.
+         */
+        allow_customize = 0;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
+        ret = malloc(num);
+        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
+    } else {
+        ret = malloc(num);
+    }
+#else
+    osslargused(file); osslargused(line);
+    ret = malloc(num);
+#endif
+
+    return ret;
+}
+
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+    void *ret = CRYPTO_malloc(num, file, line);
+
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
+void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
+{
+    if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
+        return realloc_impl(str, num, file, line);
+
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_free(str, file, line);
+        return NULL;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        void *ret;
+        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
+        ret = realloc(str, num);
+        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
+        return ret;
+    }
+#else
+    osslargused(file); osslargused(line);
+#endif
+    return realloc(str, num);
+
+}
+
+void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
+                           const char *file, int line)
+{
+    void *ret = NULL;
+
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_clear_free(str, old_len, file, line);
+        return NULL;
+    }
+
+    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
+    if (num < old_len) {
+        OPENSSL_cleanse((char*)str + num, old_len - num);
+        return str;
+    }
+
+    ret = CRYPTO_malloc(num, file, line);
+    if (ret != NULL) {
+        memcpy(ret, str, old_len);
+        CRYPTO_clear_free(str, old_len, file, line);
+    }
+    return ret;
+}
+
+void CRYPTO_free(void *str, const char *file, int line)
+{
+    if (free_impl != NULL && free_impl != &CRYPTO_free) {
+        free_impl(str, file, line);
+        return;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_free(str, 0, file, line);
+        free(str);
+        CRYPTO_mem_debug_free(str, 1, file, line);
+    } else {
+        free(str);
+    }
+#else
+    free(str);
+#endif
+}
+
+void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
+{
+    if (str == NULL)
+        return;
+    if (num)
+        OPENSSL_cleanse(str, num);
+    CRYPTO_free(str, file, line);
+}
diff --git a/openssl-1.1.0h/crypto/mem_clr.c b/openssl-1.1.0h/crypto/mem_clr.c
new file mode 100644
index 0000000..35bfb74
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mem_clr.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+/*
+ * Pointer to memset is volatile so that compiler must de-reference
+ * the pointer and can't assume that it points to any function in
+ * particular (such as memset, which it then might further "optimize")
+ */
+typedef void *(*memset_t)(void *, int, size_t);
+
+static volatile memset_t memset_func = memset;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+{
+    memset_func(ptr, 0, len);
+}
diff --git a/openssl-1.1.0h/crypto/mem_dbg.c b/openssl-1.1.0h/crypto/mem_dbg.c
new file mode 100644
index 0000000..c884078
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mem_dbg.c
@@ -0,0 +1,629 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "internal/thread_once.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/lhash.h>
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
+/*
+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
+ * the application asks for it (usually after library initialisation for
+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
+ * temporarily when the library thinks that certain allocations should not be
+ * checked (e.g. the data structures used for memory checking).  It is not
+ * suitable as an initial state: the library will unexpectedly enable memory
+ * checking when it executes one of those sections that want to disable
+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
+ * no sense whatsoever.
+ */
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+#endif
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static unsigned long order = 0; /* number of memory requests */
+
+/*-
+ * For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack.  For applications, there is
+ *   OPENSSL_mem_debug_push("...")     to push an entry,
+ *   OPENSSL_mem_debug_pop()     to pop an entry,
+ */
+struct app_mem_info_st {
+    CRYPTO_THREAD_ID threadid;
+    const char *file;
+    int line;
+    const char *info;
+    struct app_mem_info_st *next; /* tail of thread's stack */
+    int references;
+};
+
+static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *malloc_lock = NULL;
+static CRYPTO_RWLOCK *long_malloc_lock = NULL;
+static CRYPTO_THREAD_LOCAL appinfokey;
+
+/* memory-block description */
+struct mem_st {
+    void *addr;
+    int num;
+    const char *file;
+    int line;
+    CRYPTO_THREAD_ID threadid;
+    unsigned long order;
+    time_t time;
+    APP_INFO *app_info;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    void *array[30];
+    size_t array_siz;
+#endif
+};
+
+static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as
+                                  * key); access requires MALLOC2 lock */
+
+/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+static unsigned int num_disable = 0;
+
+/*
+ * Valid iff num_disable > 0.  long_malloc_lock is locked exactly in this
+ * case (by the thread named in disabling_thread).
+ */
+static CRYPTO_THREAD_ID disabling_threadid;
+
+DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
+{
+    malloc_lock = CRYPTO_THREAD_lock_new();
+    long_malloc_lock = CRYPTO_THREAD_lock_new();
+    if (malloc_lock == NULL || long_malloc_lock == NULL
+        || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
+        CRYPTO_THREAD_lock_free(malloc_lock);
+        malloc_lock = NULL;
+        CRYPTO_THREAD_lock_free(long_malloc_lock);
+        long_malloc_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+static void app_info_free(APP_INFO *inf)
+{
+    if (!inf)
+        return;
+    if (--(inf->references) <= 0) {
+        app_info_free(inf->next);
+        OPENSSL_free(inf);
+    }
+}
+#endif
+
+int CRYPTO_mem_ctrl(int mode)
+{
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+    return mode - mode;
+#else
+    int ret = mh_mode;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_THREAD_write_lock(malloc_lock);
+    switch (mode) {
+    default:
+        break;
+
+    case CRYPTO_MEM_CHECK_ON:
+        mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
+        num_disable = 0;
+        break;
+
+    case CRYPTO_MEM_CHECK_OFF:
+        mh_mode = 0;
+        num_disable = 0;
+        break;
+
+    /* switch off temporarily (for library-internal use): */
+    case CRYPTO_MEM_CHECK_DISABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            /* see if we don't have long_malloc_lock already */
+            if (!num_disable
+                || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
+                /*
+                 * Long-time lock long_malloc_lock must not be claimed
+                 * while we're holding malloc_lock, or we'll deadlock
+                 * if somebody else holds long_malloc_lock (and cannot
+                 * release it because we block entry to this function). Give
+                 * them a chance, first, and then claim the locks in
+                 * appropriate order (long-time lock first).
+                 */
+                CRYPTO_THREAD_unlock(malloc_lock);
+                /*
+                 * Note that after we have waited for long_malloc_lock and
+                 * malloc_lock, we'll still be in the right "case" and
+                 * "if" branch because MemCheck_start and MemCheck_stop may
+                 * never be used while there are multiple OpenSSL threads.
+                 */
+                CRYPTO_THREAD_write_lock(long_malloc_lock);
+                CRYPTO_THREAD_write_lock(malloc_lock);
+                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+                disabling_threadid = cur;
+            }
+            num_disable++;
+        }
+        break;
+
+    case CRYPTO_MEM_CHECK_ENABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            if (num_disable) {  /* always true, or something is going wrong */
+                num_disable--;
+                if (num_disable == 0) {
+                    mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
+                    CRYPTO_THREAD_unlock(long_malloc_lock);
+                }
+            }
+        }
+        break;
+    }
+    CRYPTO_THREAD_unlock(malloc_lock);
+    return (ret);
+#endif
+}
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+
+static int mem_check_on(void)
+{
+    int ret = 0;
+    CRYPTO_THREAD_ID cur;
+
+    if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+            return 0;
+
+        cur = CRYPTO_THREAD_get_current_id();
+        CRYPTO_THREAD_read_lock(malloc_lock);
+
+        ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+            || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
+
+        CRYPTO_THREAD_unlock(malloc_lock);
+    }
+    return (ret);
+}
+
+static int mem_cmp(const MEM *a, const MEM *b)
+{
+#ifdef _WIN64
+    const char *ap = (const char *)a->addr, *bp = (const char *)b->addr;
+    if (ap == bp)
+        return 0;
+    else if (ap > bp)
+        return 1;
+    else
+        return -1;
+#else
+    return (const char *)a->addr - (const char *)b->addr;
+#endif
+}
+
+static unsigned long mem_hash(const MEM *a)
+{
+    size_t ret;
+
+    ret = (size_t)a->addr;
+
+    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+    return (ret);
+}
+
+/* returns 1 if there was an info to pop, 0 if the stack was empty. */
+static int pop_info(void)
+{
+    APP_INFO *current = NULL;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return 0;
+
+    current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+    if (current != NULL) {
+        APP_INFO *next = current->next;
+
+        if (next != NULL) {
+            next->references++;
+            CRYPTO_THREAD_set_local(&appinfokey, next);
+        } else {
+            CRYPTO_THREAD_set_local(&appinfokey, NULL);
+        }
+        if (--(current->references) <= 0) {
+            current->next = NULL;
+            if (next != NULL)
+                next->references--;
+            OPENSSL_free(current);
+        }
+        return 1;
+    }
+    return 0;
+}
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
+{
+    APP_INFO *ami, *amim;
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+            || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
+            goto err;
+
+        ami->threadid = CRYPTO_THREAD_get_current_id();
+        ami->file = file;
+        ami->line = line;
+        ami->info = info;
+        ami->references = 1;
+        ami->next = NULL;
+
+        amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+        CRYPTO_THREAD_set_local(&appinfokey, ami);
+
+        if (amim != NULL)
+            ami->next = amim;
+        ret = 1;
+ err:
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+
+    return (ret);
+}
+
+int CRYPTO_mem_debug_pop(void)
+{
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        ret = pop_info();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    return (ret);
+}
+
+static unsigned long break_order_num = 0;
+
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
+                             const char *file, int line)
+{
+    MEM *m, *mm;
+    APP_INFO *amim;
+
+    switch (before_p & 127) {
+    case 0:
+        break;
+    case 1:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+                || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
+                OPENSSL_free(addr);
+                CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+                return;
+            }
+            if (mh == NULL) {
+                if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
+                    OPENSSL_free(addr);
+                    OPENSSL_free(m);
+                    addr = NULL;
+                    goto err;
+                }
+            }
+
+            m->addr = addr;
+            m->file = file;
+            m->line = line;
+            m->num = num;
+            m->threadid = CRYPTO_THREAD_get_current_id();
+
+            if (order == break_order_num) {
+                /* BREAK HERE */
+                m->order = order;
+            }
+            m->order = order++;
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+            m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
+# endif
+            m->time = time(NULL);
+
+            amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+            m->app_info = amim;
+            if (amim != NULL)
+                amim->references++;
+
+            if ((mm = lh_MEM_insert(mh, m)) != NULL) {
+                /* Not good, but don't sweat it */
+                if (mm->app_info != NULL) {
+                    mm->app_info->references--;
+                }
+                OPENSSL_free(mm);
+            }
+ err:
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+void CRYPTO_mem_debug_free(void *addr, int before_p,
+        const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on() && (mh != NULL)) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                app_info_free(mp->app_info);
+                OPENSSL_free(mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    case 1:
+        break;
+    }
+}
+
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
+                              int before_p, const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        break;
+    case 1:
+        if (addr2 == NULL)
+            break;
+
+        if (addr1 == NULL) {
+            CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
+            break;
+        }
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr1;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                mp->addr = addr2;
+                mp->num = num;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+                mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
+#endif
+                (void)lh_MEM_insert(mh, mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+typedef struct mem_leak_st {
+    BIO *bio;
+    int chunks;
+    long bytes;
+} MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+{
+    char buf[1024];
+    char *bufp = buf;
+    APP_INFO *amip;
+    int ami_cnt;
+    struct tm *lcl = NULL;
+    /*
+     * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
+     * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is
+     * but hopefully should give something sensible on most platforms
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+    CRYPTO_THREAD_ID ti;
+
+#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf))
+
+    lcl = localtime(&m->time);
+    BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+                 lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+    bufp += strlen(bufp);
+
+    BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
+                 m->order, m->file, m->line);
+    bufp += strlen(bufp);
+
+    tid.ltid = 0;
+    tid.tid = m->threadid;
+    BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", tid.ltid);
+    bufp += strlen(bufp);
+
+    BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%p\n",
+                 m->num, m->addr);
+    bufp += strlen(bufp);
+
+    BIO_puts(l->bio, buf);
+
+    l->chunks++;
+    l->bytes += m->num;
+
+    amip = m->app_info;
+    ami_cnt = 0;
+
+    if (amip) {
+        ti = amip->threadid;
+
+        do {
+            int buf_len;
+            int info_len;
+
+            ami_cnt++;
+            memset(buf, '>', ami_cnt);
+            tid.ltid = 0;
+            tid.tid = amip->threadid;
+            BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+                         " thread=%lu, file=%s, line=%d, info=\"",
+                         tid.ltid, amip->file,
+                         amip->line);
+            buf_len = strlen(buf);
+            info_len = strlen(amip->info);
+            if (128 - buf_len - 3 < info_len) {
+                memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+                buf_len = 128 - 3;
+            } else {
+                OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len);
+                buf_len = strlen(buf);
+            }
+            BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+
+            BIO_puts(l->bio, buf);
+
+            amip = amip->next;
+        }
+        while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti));
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    {
+        size_t i;
+        char **strings = backtrace_symbols(m->array, m->array_siz);
+
+        for (i = 0; i < m->array_siz; i++)
+            fprintf(stderr, "##> %s\n", strings[i]);
+        free(strings);
+    }
+#endif
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
+
+int CRYPTO_mem_leaks(BIO *b)
+{
+    MEM_LEAK ml;
+
+    /*
+     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
+     * ex_data hanging around
+     */
+    bio_free_ex_data(b);
+
+    /* Ensure all resources are released */
+    OPENSSL_cleanup();
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+    ml.bio = b;
+    ml.bytes = 0;
+    ml.chunks = 0;
+    if (mh != NULL)
+        lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
+
+    if (ml.chunks != 0) {
+        BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks);
+    } else {
+        /*
+         * Make sure that, if we found no leaks, memory-leak debugging itself
+         * does not introduce memory leaks (which might irritate external
+         * debugging tools). (When someone enables leak checking, but does not
+         * call this function, we declare it to be their fault.)
+         */
+        int old_mh_mode;
+
+        CRYPTO_THREAD_write_lock(malloc_lock);
+
+        /*
+         * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
+         * mem_check_on
+         */
+        old_mh_mode = mh_mode;
+        mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+        lh_MEM_free(mh);
+        mh = NULL;
+
+        mh_mode = old_mh_mode;
+        CRYPTO_THREAD_unlock(malloc_lock);
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
+
+    /* Clean up locks etc */
+    CRYPTO_THREAD_cleanup_local(&appinfokey);
+    CRYPTO_THREAD_lock_free(malloc_lock);
+    CRYPTO_THREAD_lock_free(long_malloc_lock);
+    malloc_lock = NULL;
+    long_malloc_lock = NULL;
+
+    return ml.chunks == 0 ? 1 : 0;
+}
+
+# ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *fp)
+{
+    BIO *b;
+    int ret;
+
+    /*
+     * Need to turn off memory checking when allocated BIOs ... especially as
+     * we're creating them at a time when we're trying to check we've not
+     * left anything un-free()'d!!
+     */
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    b = BIO_new(BIO_s_file());
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    if (b == NULL)
+        return -1;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = CRYPTO_mem_leaks(b);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/mem_sec.c b/openssl-1.1.0h/crypto/mem_sec.c
new file mode 100644
index 0000000..25cdb47
--- /dev/null
+++ b/openssl-1.1.0h/crypto/mem_sec.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
+ * This file is distributed under the terms of the OpenSSL license.
+ */
+
+/*
+ * This file is in two halves. The first half implements the public API
+ * to be used by external consumers, and to be used by OpenSSL to store
+ * data in a "secure arena." The second half implements the secure arena.
+ * For details on that implementation, see below (look for uppercase
+ * "SECURE HEAP IMPLEMENTATION").
+ */
+#include <openssl/crypto.h>
+#include <e_os.h>
+
+#include <string.h>
+
+/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
+#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+    && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+         || defined(__sun) || defined(__hpux) || defined(__sgi) \
+         || defined(__osf__) )
+# define IMPLEMENTED
+# include <stdlib.h>
+# include <assert.h>
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/mman.h>
+# include <sys/param.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
+#define CLEAR(p, s) OPENSSL_cleanse(p, s)
+#ifndef PAGE_SIZE
+# define PAGE_SIZE    4096
+#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
+#ifdef IMPLEMENTED
+static size_t secure_mem_used;
+
+static int secure_mem_initialized;
+
+static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
+
+/*
+ * These are the functions that must be implemented by a secure heap (sh).
+ */
+static int sh_init(size_t size, int minsize);
+static char *sh_malloc(size_t size);
+static void sh_free(char *ptr);
+static void sh_done(void);
+static size_t sh_actual_size(char *ptr);
+static int sh_allocated(const char *ptr);
+#endif
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize)
+{
+#ifdef IMPLEMENTED
+    int ret = 0;
+
+    if (!secure_mem_initialized) {
+        sec_malloc_lock = CRYPTO_THREAD_lock_new();
+        if (sec_malloc_lock == NULL)
+            return 0;
+        if ((ret = sh_init(size, minsize)) != 0) {
+            secure_mem_initialized = 1;
+        } else {
+            CRYPTO_THREAD_lock_free(sec_malloc_lock);
+            sec_malloc_lock = NULL;
+        }
+    }
+
+    return ret;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+int CRYPTO_secure_malloc_done()
+{
+#ifdef IMPLEMENTED
+    if (secure_mem_used == 0) {
+        sh_done();
+        secure_mem_initialized = 0;
+        CRYPTO_THREAD_lock_free(sec_malloc_lock);
+        sec_malloc_lock = NULL;
+        return 1;
+    }
+#endif /* IMPLEMENTED */
+    return 0;
+}
+
+int CRYPTO_secure_malloc_initialized()
+{
+#ifdef IMPLEMENTED
+    return secure_mem_initialized;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    void *ret;
+    size_t actual_size;
+
+    if (!secure_mem_initialized) {
+        return CRYPTO_malloc(num, file, line);
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_malloc(num);
+    actual_size = ret ? sh_actual_size(ret) : 0;
+    secure_mem_used += actual_size;
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return CRYPTO_malloc(num, file, line);
+#endif /* IMPLEMENTED */
+}
+
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
+{
+    void *ret = CRYPTO_secure_malloc(num, file, line);
+
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
+void CRYPTO_secure_free(void *ptr, const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        OPENSSL_cleanse(ptr, num);
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    if (ptr == NULL)
+        return;
+    OPENSSL_cleanse(ptr, num);
+    CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
+int CRYPTO_secure_allocated(const void *ptr)
+{
+#ifdef IMPLEMENTED
+    int ret;
+
+    if (!secure_mem_initialized)
+        return 0;
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_allocated(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+size_t CRYPTO_secure_used()
+{
+#ifdef IMPLEMENTED
+    return secure_mem_used;
+#else
+    return 0;
+#endif /* IMPLEMENTED */
+}
+
+size_t CRYPTO_secure_actual_size(void *ptr)
+{
+#ifdef IMPLEMENTED
+    size_t actual_size;
+
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return actual_size;
+#else
+    return 0;
+#endif
+}
+/* END OF PAGE ...
+
+   ... START OF PAGE */
+
+/*
+ * SECURE HEAP IMPLEMENTATION
+ */
+#ifdef IMPLEMENTED
+
+
+/*
+ * The implementation provided here uses a fixed-sized mmap() heap,
+ * which is locked into memory, not written to core files, and protected
+ * on either side by an unmapped page, which will catch pointer overruns
+ * (or underruns) and an attempt to read data out of the secure heap.
+ * Free'd memory is zero'd or otherwise cleansed.
+ *
+ * This is a pretty standard buddy allocator.  We keep areas in a multiple
+ * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
+ * so all (and only) data is kept in the mmap'd heap.
+ *
+ * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
+ * place.
+ */
+
+#define ONE ((size_t)1)
+
+# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
+# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
+# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
+
+#define WITHIN_ARENA(p) \
+    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
+#define WITHIN_FREELIST(p) \
+    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
+
+
+typedef struct sh_list_st
+{
+    struct sh_list_st *next;
+    struct sh_list_st **p_next;
+} SH_LIST;
+
+typedef struct sh_st
+{
+    char* map_result;
+    size_t map_size;
+    char *arena;
+    size_t arena_size;
+    char **freelist;
+    ossl_ssize_t freelist_size;
+    size_t minsize;
+    unsigned char *bittable;
+    unsigned char *bitmalloc;
+    size_t bittable_size; /* size in bits */
+} SH;
+
+static SH sh;
+
+static size_t sh_getlist(char *ptr)
+{
+    ossl_ssize_t list = sh.freelist_size - 1;
+    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
+
+    for (; bit; bit >>= 1, list--) {
+        if (TESTBIT(sh.bittable, bit))
+            break;
+        OPENSSL_assert((bit & 1) == 0);
+    }
+
+    return list;
+}
+
+
+static int sh_testbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    return TESTBIT(table, bit);
+}
+
+static void sh_clearbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(TESTBIT(table, bit));
+    CLEARBIT(table, bit);
+}
+
+static void sh_setbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(!TESTBIT(table, bit));
+    SETBIT(table, bit);
+}
+
+static void sh_add_to_list(char **list, char *ptr)
+{
+    SH_LIST *temp;
+
+    OPENSSL_assert(WITHIN_FREELIST(list));
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+
+    temp = (SH_LIST *)ptr;
+    temp->next = *(SH_LIST **)list;
+    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
+    temp->p_next = (SH_LIST **)list;
+
+    if (temp->next != NULL) {
+        OPENSSL_assert((char **)temp->next->p_next == list);
+        temp->next->p_next = &(temp->next);
+    }
+
+    *list = ptr;
+}
+
+static void sh_remove_from_list(char *ptr)
+{
+    SH_LIST *temp, *temp2;
+
+    temp = (SH_LIST *)ptr;
+    if (temp->next != NULL)
+        temp->next->p_next = temp->p_next;
+    *temp->p_next = temp->next;
+    if (temp->next == NULL)
+        return;
+
+    temp2 = temp->next;
+    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
+}
+
+
+static int sh_init(size_t size, int minsize)
+{
+    int ret;
+    size_t i;
+    size_t pgsize;
+    size_t aligned;
+
+    memset(&sh, 0, sizeof(sh));
+
+    /* make sure size and minsize are powers of 2 */
+    OPENSSL_assert(size > 0);
+    OPENSSL_assert((size & (size - 1)) == 0);
+    OPENSSL_assert(minsize > 0);
+    OPENSSL_assert((minsize & (minsize - 1)) == 0);
+    if (size <= 0 || (size & (size - 1)) != 0)
+        goto err;
+    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
+        goto err;
+
+    while (minsize < (int)sizeof(SH_LIST))
+        minsize *= 2;
+
+    sh.arena_size = size;
+    sh.minsize = minsize;
+    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
+
+    /* Prevent allocations of size 0 later on */
+    if (sh.bittable_size >> 3 == 0)
+        goto err;
+
+    sh.freelist_size = -1;
+    for (i = sh.bittable_size; i; i >>= 1)
+        sh.freelist_size++;
+
+    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
+    OPENSSL_assert(sh.freelist != NULL);
+    if (sh.freelist == NULL)
+        goto err;
+
+    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bittable != NULL);
+    if (sh.bittable == NULL)
+        goto err;
+
+    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bitmalloc != NULL);
+    if (sh.bitmalloc == NULL)
+        goto err;
+
+    /* Allocate space for heap, and two extra pages as guards */
+#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
+    {
+# if defined(_SC_PAGE_SIZE)
+        long tmppgsize = sysconf(_SC_PAGE_SIZE);
+# else
+        long tmppgsize = sysconf(_SC_PAGESIZE);
+# endif
+        if (tmppgsize < 1)
+            pgsize = PAGE_SIZE;
+        else
+            pgsize = (size_t)tmppgsize;
+    }
+#else
+    pgsize = PAGE_SIZE;
+#endif
+    sh.map_size = pgsize + sh.arena_size + pgsize;
+    if (1) {
+#ifdef MAP_ANON
+        sh.map_result = mmap(NULL, sh.map_size,
+                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+    } else {
+#endif
+        int fd;
+
+        sh.map_result = MAP_FAILED;
+        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
+            sh.map_result = mmap(NULL, sh.map_size,
+                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
+            close(fd);
+        }
+    }
+    if (sh.map_result == MAP_FAILED)
+        goto err;
+    sh.arena = (char *)(sh.map_result + pgsize);
+    sh_setbit(sh.arena, 0, sh.bittable);
+    sh_add_to_list(&sh.freelist[0], sh.arena);
+
+    /* Now try to add guard pages and lock into memory. */
+    ret = 1;
+
+    /* Starting guard is already aligned from mmap. */
+    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+    /* Ending guard page - need to round up to page boundary */
+    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
+    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+    if (mlock(sh.arena, sh.arena_size) < 0)
+        ret = 2;
+#ifdef MADV_DONTDUMP
+    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
+        ret = 2;
+#endif
+
+    return ret;
+
+ err:
+    sh_done();
+    return 0;
+}
+
+static void sh_done()
+{
+    OPENSSL_free(sh.freelist);
+    OPENSSL_free(sh.bittable);
+    OPENSSL_free(sh.bitmalloc);
+    if (sh.map_result != NULL && sh.map_size)
+        munmap(sh.map_result, sh.map_size);
+    memset(&sh, 0, sizeof(sh));
+}
+
+static int sh_allocated(const char *ptr)
+{
+    return WITHIN_ARENA(ptr) ? 1 : 0;
+}
+
+static char *sh_find_my_buddy(char *ptr, int list)
+{
+    size_t bit;
+    char *chunk = NULL;
+
+    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
+    bit ^= 1;
+
+    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
+        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
+
+    return chunk;
+}
+
+static char *sh_malloc(size_t size)
+{
+    ossl_ssize_t list, slist;
+    size_t i;
+    char *chunk;
+
+    if (size > sh.arena_size)
+        return NULL;
+
+    list = sh.freelist_size - 1;
+    for (i = sh.minsize; i < size; i <<= 1)
+        list--;
+    if (list < 0)
+        return NULL;
+
+    /* try to find a larger entry to split */
+    for (slist = list; slist >= 0; slist--)
+        if (sh.freelist[slist] != NULL)
+            break;
+    if (slist < 0)
+        return NULL;
+
+    /* split larger entry */
+    while (slist != list) {
+        char *temp = sh.freelist[slist];
+
+        /* remove from bigger list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_clearbit(temp, slist, sh.bittable);
+        sh_remove_from_list(temp);
+        OPENSSL_assert(temp != sh.freelist[slist]);
+
+        /* done with bigger list */
+        slist++;
+
+        /* add to smaller list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        /* split in 2 */
+        temp += sh.arena_size >> slist;
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
+    }
+
+    /* peel off memory to hand back */
+    chunk = sh.freelist[list];
+    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
+    sh_setbit(chunk, list, sh.bitmalloc);
+    sh_remove_from_list(chunk);
+
+    OPENSSL_assert(WITHIN_ARENA(chunk));
+
+    return chunk;
+}
+
+static void sh_free(char *ptr)
+{
+    size_t list;
+    char *buddy;
+
+    if (ptr == NULL)
+        return;
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return;
+
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    sh_clearbit(ptr, list, sh.bitmalloc);
+    sh_add_to_list(&sh.freelist[list], ptr);
+
+    /* Try to coalesce two adjacent free areas. */
+    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
+        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
+        OPENSSL_assert(ptr != NULL);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(ptr, list, sh.bittable);
+        sh_remove_from_list(ptr);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(buddy, list, sh.bittable);
+        sh_remove_from_list(buddy);
+
+        list--;
+
+        if (ptr > buddy)
+            ptr = buddy;
+
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_setbit(ptr, list, sh.bittable);
+        sh_add_to_list(&sh.freelist[list], ptr);
+        OPENSSL_assert(sh.freelist[list] == ptr);
+    }
+}
+
+static size_t sh_actual_size(char *ptr)
+{
+    int list;
+
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return 0;
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    return sh.arena_size / (ONE << list);
+}
+#endif /* IMPLEMENTED */
diff --git a/openssl-1.1.0h/crypto/modes/asm/aesni-gcm-x86_64.pl b/openssl-1.1.0h/crypto/modes/asm/aesni-gcm-x86_64.pl
new file mode 100644
index 0000000..5ad62b3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -0,0 +1,1106 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+#
+# AES-NI-CTR+GHASH stitch.
+#
+# February 2013
+#
+# OpenSSL GCM implementation is organized in such way that its
+# performance is rather close to the sum of its streamed components,
+# in the context parallelized AES-NI CTR and modulo-scheduled
+# PCLMULQDQ-enabled GHASH. Unfortunately, as no stitch implementation
+# was observed to perform significantly better than the sum of the
+# components on contemporary CPUs, the effort was deemed impossible to
+# justify. This module is based on combination of Intel submissions,
+# [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max
+# Locktyukhin of Intel Corp. who verified that it reduces shuffles
+# pressure with notable relative improvement, achieving 1.0 cycle per
+# byte processed with 128-bit key on Haswell processor, 0.74 - on
+# Broadwell, 0.63 - on Skylake... [Mentioned results are raw profiled
+# measurements for favourable packet size, one divisible by 96.
+# Applications using the EVP interface will observe a few percent
+# worse performance.]
+#
+# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
+# [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.20) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if ($avx>1) {{{
+
+($inp,$out,$len,$key,$ivp,$Xip)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+
+($Ii,$T1,$T2,$Hkey,
+ $Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8));
+
+($inout0,$inout1,$inout2,$inout3,$inout4,$inout5,$rndkey) = map("%xmm$_",(9..15));
+
+($counter,$rounds,$ret,$const,$in0,$end0)=("%ebx","%ebp","%r10","%r11","%r14","%r15");
+
+$code=<<___;
+.text
+
+.type	_aesni_ctr32_ghash_6x,\@abi-omnipotent
+.align	32
+_aesni_ctr32_ghash_6x:
+	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
+	sub		\$6,$len
+	vpxor		$Z0,$Z0,$Z0		# $Z0   = 0
+	vmovdqu		0x00-0x80($key),$rndkey
+	vpaddb		$T2,$T1,$inout1
+	vpaddb		$T2,$inout1,$inout2
+	vpaddb		$T2,$inout2,$inout3
+	vpaddb		$T2,$inout3,$inout4
+	vpaddb		$T2,$inout4,$inout5
+	vpxor		$rndkey,$T1,$inout0
+	vmovdqu		$Z0,16+8(%rsp)		# "$Z3" = 0
+	jmp		.Loop6x
+
+.align	32
+.Loop6x:
+	add		\$`6<<24`,$counter
+	jc		.Lhandle_ctr32		# discard $inout[1-5]?
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	  vpaddb	$T2,$inout5,$T1		# next counter value
+	  vpxor		$rndkey,$inout1,$inout1
+	  vpxor		$rndkey,$inout2,$inout2
+
+.Lresume_ctr32:
+	vmovdqu		$T1,($ivp)		# save next counter value
+	vpclmulqdq	\$0x10,$Hkey,$Z3,$Z1
+	  vpxor		$rndkey,$inout3,$inout3
+	  vmovups	0x10-0x80($key),$T2	# borrow $T2 for $rndkey
+	vpclmulqdq	\$0x01,$Hkey,$Z3,$Z2
+
+	# At this point, the current block of 96 (0x60) bytes has already been
+	# loaded into registers. Concurrently with processing it, we want to
+	# load the next 96 bytes of input for the next round. Obviously, we can
+	# only do this if there are at least 96 more bytes of input beyond the
+	# input we're currently processing, or else we'd read past the end of
+	# the input buffer. Here, we set |%r12| to 96 if there are at least 96
+	# bytes of input beyond the 96 bytes we're already processing, and we
+	# set |%r12| to 0 otherwise. In the case where we set |%r12| to 96,
+	# we'll read in the next block so that it is in registers for the next
+	# loop iteration. In the case where we set |%r12| to 0, we'll re-read
+	# the current block and then ignore what we re-read.
+	#
+	# At this point, |$in0| points to the current (already read into
+	# registers) block, and |$end0| points to 2*96 bytes before the end of
+	# the input. Thus, |$in0| > |$end0| means that we do not have the next
+	# 96-byte block to read in, and |$in0| <= |$end0| means we do.
+	xor		%r12,%r12
+	cmp		$in0,$end0
+
+	  vaesenc	$T2,$inout0,$inout0
+	vmovdqu		0x30+8(%rsp),$Ii	# I[4]
+	  vpxor		$rndkey,$inout4,$inout4
+	vpclmulqdq	\$0x00,$Hkey,$Z3,$T1
+	  vaesenc	$T2,$inout1,$inout1
+	  vpxor		$rndkey,$inout5,$inout5
+	setnc		%r12b
+	vpclmulqdq	\$0x11,$Hkey,$Z3,$Z3
+	  vaesenc	$T2,$inout2,$inout2
+	vmovdqu		0x10-0x20($Xip),$Hkey	# $Hkey^2
+	neg		%r12
+	  vaesenc	$T2,$inout3,$inout3
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Z1
+	 vpxor		$Z0,$Xi,$Xi		# modulo-scheduled
+	  vaesenc	$T2,$inout4,$inout4
+	 vpxor		$Z1,$T1,$Z0
+	and		\$0x60,%r12
+	  vmovups	0x20-0x80($key),$rndkey
+	vpclmulqdq	\$0x10,$Hkey,$Ii,$T1
+	  vaesenc	$T2,$inout5,$inout5
+
+	vpclmulqdq	\$0x01,$Hkey,$Ii,$T2
+	lea		($in0,%r12),$in0
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		16+8(%rsp),$Xi,$Xi	# modulo-scheduled [vpxor $Z3,$Xi,$Xi]
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Hkey
+	 vmovdqu	0x40+8(%rsp),$Ii	# I[3]
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x58($in0),%r13
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x50($in0),%r12
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x20+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x28+8(%rsp)
+	vmovdqu		0x30-0x20($Xip),$Z1	# borrow $Z1 for $Hkey^3
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x30-0x80($key),$rndkey
+	 vpxor		$T1,$Z2,$Z2
+	vpclmulqdq	\$0x00,$Z1,$Ii,$T1
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$T2,$Z2,$Z2
+	vpclmulqdq	\$0x10,$Z1,$Ii,$T2
+	  vaesenc	$rndkey,$inout1,$inout1
+	 vpxor		$Hkey,$Z3,$Z3
+	vpclmulqdq	\$0x01,$Z1,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout2,$inout2
+	vpclmulqdq	\$0x11,$Z1,$Ii,$Z1
+	 vmovdqu	0x50+8(%rsp),$Ii	# I[2]
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	 vpxor		$T1,$Z0,$Z0
+	vmovdqu		0x40-0x20($Xip),$T1	# borrow $T1 for $Hkey^4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x40-0x80($key),$rndkey
+	 vpxor		$T2,$Z2,$Z2
+	vpclmulqdq	\$0x00,$T1,$Ii,$T2
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$Hkey,$Z2,$Z2
+	vpclmulqdq	\$0x10,$T1,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x48($in0),%r13
+	 vpxor		$Z1,$Z3,$Z3
+	vpclmulqdq	\$0x01,$T1,$Ii,$Z1
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x40($in0),%r12
+	vpclmulqdq	\$0x11,$T1,$Ii,$T1
+	 vmovdqu	0x60+8(%rsp),$Ii	# I[1]
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x30+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x38+8(%rsp)
+	 vpxor		$T2,$Z0,$Z0
+	vmovdqu		0x60-0x20($Xip),$T2	# borrow $T2 for $Hkey^5
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x50-0x80($key),$rndkey
+	 vpxor		$Hkey,$Z2,$Z2
+	vpclmulqdq	\$0x00,$T2,$Ii,$Hkey
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x10,$T2,$Ii,$Z1
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x38($in0),%r13
+	 vpxor		$T1,$Z3,$Z3
+	vpclmulqdq	\$0x01,$T2,$Ii,$T1
+	 vpxor		0x70+8(%rsp),$Xi,$Xi	# accumulate I[0]
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x30($in0),%r12
+	vpclmulqdq	\$0x11,$T2,$Ii,$T2
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x40+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x48+8(%rsp)
+	 vpxor		$Hkey,$Z0,$Z0
+	 vmovdqu	0x70-0x20($Xip),$Hkey	# $Hkey^6
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vmovups	0x60-0x80($key),$rndkey
+	 vpxor		$Z1,$Z2,$Z2
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Z1
+	  vaesenc	$rndkey,$inout0,$inout0
+	 vpxor		$T1,$Z2,$Z2
+	vpclmulqdq	\$0x01,$Hkey,$Xi,$T1
+	  vaesenc	$rndkey,$inout1,$inout1
+	movbe		0x28($in0),%r13
+	 vpxor		$T2,$Z3,$Z3
+	vpclmulqdq	\$0x00,$Hkey,$Xi,$T2
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x20($in0),%r12
+	vpclmulqdq	\$0x11,$Hkey,$Xi,$Xi
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r13,0x50+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	mov		%r12,0x58+8(%rsp)
+	vpxor		$Z1,$Z2,$Z2
+	  vaesenc	$rndkey,$inout5,$inout5
+	vpxor		$T1,$Z2,$Z2
+
+	  vmovups	0x70-0x80($key),$rndkey
+	vpslldq		\$8,$Z2,$Z1
+	vpxor		$T2,$Z0,$Z0
+	vmovdqu		0x10($const),$Hkey	# .Lpoly
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	vpxor		$Xi,$Z3,$Z3
+	  vaesenc	$rndkey,$inout1,$inout1
+	vpxor		$Z1,$Z0,$Z0
+	movbe		0x18($in0),%r13
+	  vaesenc	$rndkey,$inout2,$inout2
+	movbe		0x10($in0),%r12
+	vpalignr	\$8,$Z0,$Z0,$Ii		# 1st phase
+	vpclmulqdq	\$0x10,$Hkey,$Z0,$Z0
+	mov		%r13,0x60+8(%rsp)
+	  vaesenc	$rndkey,$inout3,$inout3
+	mov		%r12,0x68+8(%rsp)
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vmovups	0x80-0x80($key),$T1	# borrow $T1 for $rndkey
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vmovups	0x90-0x80($key),$rndkey
+	  vaesenc	$T1,$inout1,$inout1
+	vpsrldq		\$8,$Z2,$Z2
+	  vaesenc	$T1,$inout2,$inout2
+	vpxor		$Z2,$Z3,$Z3
+	  vaesenc	$T1,$inout3,$inout3
+	vpxor		$Ii,$Z0,$Z0
+	movbe		0x08($in0),%r13
+	  vaesenc	$T1,$inout4,$inout4
+	movbe		0x00($in0),%r12
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xa0-0x80($key),$T1
+	  cmp		\$11,$rounds
+	  jb		.Lenc_tail		# 128-bit key
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	  vaesenc	$rndkey,$inout1,$inout1
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vaesenc	$T1,$inout1,$inout1
+	  vaesenc	$T1,$inout2,$inout2
+	  vaesenc	$T1,$inout3,$inout3
+	  vaesenc	$T1,$inout4,$inout4
+	  vmovups	0xb0-0x80($key),$rndkey
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xc0-0x80($key),$T1
+	  je		.Lenc_tail		# 192-bit key
+
+	  vaesenc	$rndkey,$inout0,$inout0
+	  vaesenc	$rndkey,$inout1,$inout1
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vaesenc	$rndkey,$inout5,$inout5
+
+	  vaesenc	$T1,$inout0,$inout0
+	  vaesenc	$T1,$inout1,$inout1
+	  vaesenc	$T1,$inout2,$inout2
+	  vaesenc	$T1,$inout3,$inout3
+	  vaesenc	$T1,$inout4,$inout4
+	  vmovups	0xd0-0x80($key),$rndkey
+	  vaesenc	$T1,$inout5,$inout5
+	  vmovups	0xe0-0x80($key),$T1
+	  jmp		.Lenc_tail		# 256-bit key
+
+.align	32
+.Lhandle_ctr32:
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	  vpshufb	$Ii,$T1,$Z2		# byte-swap counter
+	  vmovdqu	0x30($const),$Z1	# borrow $Z1, .Ltwo_lsb
+	  vpaddd	0x40($const),$Z2,$inout1	# .Lone_lsb
+	  vpaddd	$Z1,$Z2,$inout2
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	  vpaddd	$Z1,$inout1,$inout3
+	  vpshufb	$Ii,$inout1,$inout1
+	  vpaddd	$Z1,$inout2,$inout4
+	  vpshufb	$Ii,$inout2,$inout2
+	  vpxor		$rndkey,$inout1,$inout1
+	  vpaddd	$Z1,$inout3,$inout5
+	  vpshufb	$Ii,$inout3,$inout3
+	  vpxor		$rndkey,$inout2,$inout2
+	  vpaddd	$Z1,$inout4,$T1		# byte-swapped next counter value
+	  vpshufb	$Ii,$inout4,$inout4
+	  vpshufb	$Ii,$inout5,$inout5
+	  vpshufb	$Ii,$T1,$T1		# next counter value
+	jmp		.Lresume_ctr32
+
+.align	32
+.Lenc_tail:
+	  vaesenc	$rndkey,$inout0,$inout0
+	vmovdqu		$Z3,16+8(%rsp)		# postpone vpxor $Z3,$Xi,$Xi
+	vpalignr	\$8,$Z0,$Z0,$Xi		# 2nd phase
+	  vaesenc	$rndkey,$inout1,$inout1
+	vpclmulqdq	\$0x10,$Hkey,$Z0,$Z0
+	  vpxor		0x00($inp),$T1,$T2
+	  vaesenc	$rndkey,$inout2,$inout2
+	  vpxor		0x10($inp),$T1,$Ii
+	  vaesenc	$rndkey,$inout3,$inout3
+	  vpxor		0x20($inp),$T1,$Z1
+	  vaesenc	$rndkey,$inout4,$inout4
+	  vpxor		0x30($inp),$T1,$Z2
+	  vaesenc	$rndkey,$inout5,$inout5
+	  vpxor		0x40($inp),$T1,$Z3
+	  vpxor		0x50($inp),$T1,$Hkey
+	  vmovdqu	($ivp),$T1		# load next counter value
+
+	  vaesenclast	$T2,$inout0,$inout0
+	  vmovdqu	0x20($const),$T2	# borrow $T2, .Lone_msb
+	  vaesenclast	$Ii,$inout1,$inout1
+	 vpaddb		$T2,$T1,$Ii
+	mov		%r13,0x70+8(%rsp)
+	lea		0x60($inp),$inp
+	  vaesenclast	$Z1,$inout2,$inout2
+	 vpaddb		$T2,$Ii,$Z1
+	mov		%r12,0x78+8(%rsp)
+	lea		0x60($out),$out
+	  vmovdqu	0x00-0x80($key),$rndkey
+	  vaesenclast	$Z2,$inout3,$inout3
+	 vpaddb		$T2,$Z1,$Z2
+	  vaesenclast	$Z3, $inout4,$inout4
+	 vpaddb		$T2,$Z2,$Z3
+	  vaesenclast	$Hkey,$inout5,$inout5
+	 vpaddb		$T2,$Z3,$Hkey
+
+	add		\$0x60,$ret
+	sub		\$0x6,$len
+	jc		.L6x_done
+
+	  vmovups	$inout0,-0x60($out)	# save output
+	 vpxor		$rndkey,$T1,$inout0
+	  vmovups	$inout1,-0x50($out)
+	 vmovdqa	$Ii,$inout1		# 0 latency
+	  vmovups	$inout2,-0x40($out)
+	 vmovdqa	$Z1,$inout2		# 0 latency
+	  vmovups	$inout3,-0x30($out)
+	 vmovdqa	$Z2,$inout3		# 0 latency
+	  vmovups	$inout4,-0x20($out)
+	 vmovdqa	$Z3,$inout4		# 0 latency
+	  vmovups	$inout5,-0x10($out)
+	 vmovdqa	$Hkey,$inout5		# 0 latency
+	vmovdqu		0x20+8(%rsp),$Z3	# I[5]
+	jmp		.Loop6x
+
+.L6x_done:
+	vpxor		16+8(%rsp),$Xi,$Xi	# modulo-scheduled
+	vpxor		$Z0,$Xi,$Xi		# modulo-scheduled
+
+	ret
+.size	_aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
+___
+######################################################################
+#
+# size_t aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len,
+#		const AES_KEY *key, unsigned char iv[16],
+#		struct { u128 Xi,H,Htbl[9]; } *Xip);
+$code.=<<___;
+.globl	aesni_gcm_decrypt
+.type	aesni_gcm_decrypt,\@function,6
+.align	32
+aesni_gcm_decrypt:
+	xor	$ret,$ret
+
+	# We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60)
+	# bytes of input.
+	cmp	\$0x60,$len			# minimal accepted length
+	jb	.Lgcm_dec_abort
+
+	lea	(%rsp),%rax			# save stack pointer
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,-0xd8(%rax)
+	movaps	%xmm7,-0xc8(%rax)
+	movaps	%xmm8,-0xb8(%rax)
+	movaps	%xmm9,-0xa8(%rax)
+	movaps	%xmm10,-0x98(%rax)
+	movaps	%xmm11,-0x88(%rax)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+.Lgcm_dec_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($ivp),$T1		# input counter value
+	add		\$-128,%rsp
+	mov		12($ivp),$counter
+	lea		.Lbswap_mask(%rip),$const
+	lea		-0x80($key),$in0	# borrow $in0
+	mov		\$0xf80,$end0		# borrow $end0
+	vmovdqu		($Xip),$Xi		# load Xi
+	and		\$-128,%rsp		# ensure stack alignment
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	lea		0x80($key),$key		# size optimization
+	lea		0x20+0x20($Xip),$Xip	# size optimization
+	mov		0xf0-0x80($key),$rounds
+	vpshufb		$Ii,$Xi,$Xi
+
+	and		$end0,$in0
+	and		%rsp,$end0
+	sub		$in0,$end0
+	jc		.Ldec_no_key_aliasing
+	cmp		\$768,$end0
+	jnc		.Ldec_no_key_aliasing
+	sub		$end0,%rsp		# avoid aliasing with key
+.Ldec_no_key_aliasing:
+
+	vmovdqu		0x50($inp),$Z3		# I[5]
+	lea		($inp),$in0
+	vmovdqu		0x40($inp),$Z0
+
+	# |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
+	# bytes before the end of the input. Note, in particular, that this is
+	# correct even if |$len| is not an even multiple of 96 or 16. XXX: This
+	# seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must
+	# not be near the very beginning of the address space when |$len| < 2*96
+	# (0xc0).
+	lea		-0xc0($inp,$len),$end0
+
+	vmovdqu		0x30($inp),$Z1
+	shr		\$4,$len
+	xor		$ret,$ret
+	vmovdqu		0x20($inp),$Z2
+	 vpshufb	$Ii,$Z3,$Z3		# passed to _aesni_ctr32_ghash_6x
+	vmovdqu		0x10($inp),$T2
+	 vpshufb	$Ii,$Z0,$Z0
+	vmovdqu		($inp),$Hkey
+	 vpshufb	$Ii,$Z1,$Z1
+	vmovdqu		$Z0,0x30(%rsp)
+	 vpshufb	$Ii,$Z2,$Z2
+	vmovdqu		$Z1,0x40(%rsp)
+	 vpshufb	$Ii,$T2,$T2
+	vmovdqu		$Z2,0x50(%rsp)
+	 vpshufb	$Ii,$Hkey,$Hkey
+	vmovdqu		$T2,0x60(%rsp)
+	vmovdqu		$Hkey,0x70(%rsp)
+
+	call		_aesni_ctr32_ghash_6x
+
+	vmovups		$inout0,-0x60($out)	# save output
+	vmovups		$inout1,-0x50($out)
+	vmovups		$inout2,-0x40($out)
+	vmovups		$inout3,-0x30($out)
+	vmovups		$inout4,-0x20($out)
+	vmovups		$inout5,-0x10($out)
+
+	vpshufb		($const),$Xi,$Xi	# .Lbswap_mask
+	vmovdqu		$Xi,-0x40($Xip)		# output Xi
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.Lgcm_dec_abort:
+	mov	$ret,%rax		# return value
+	ret
+.size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
+___
+
+$code.=<<___;
+.type	_aesni_ctr32_6x,\@abi-omnipotent
+.align	32
+_aesni_ctr32_6x:
+	vmovdqu		0x00-0x80($key),$Z0	# borrow $Z0 for $rndkey
+	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
+	lea		-1($rounds),%r13
+	vmovups		0x10-0x80($key),$rndkey
+	lea		0x20-0x80($key),%r12
+	vpxor		$Z0,$T1,$inout0
+	add		\$`6<<24`,$counter
+	jc		.Lhandle_ctr32_2
+	vpaddb		$T2,$T1,$inout1
+	vpaddb		$T2,$inout1,$inout2
+	vpxor		$Z0,$inout1,$inout1
+	vpaddb		$T2,$inout2,$inout3
+	vpxor		$Z0,$inout2,$inout2
+	vpaddb		$T2,$inout3,$inout4
+	vpxor		$Z0,$inout3,$inout3
+	vpaddb		$T2,$inout4,$inout5
+	vpxor		$Z0,$inout4,$inout4
+	vpaddb		$T2,$inout5,$T1
+	vpxor		$Z0,$inout5,$inout5
+	jmp		.Loop_ctr32
+
+.align	16
+.Loop_ctr32:
+	vaesenc		$rndkey,$inout0,$inout0
+	vaesenc		$rndkey,$inout1,$inout1
+	vaesenc		$rndkey,$inout2,$inout2
+	vaesenc		$rndkey,$inout3,$inout3
+	vaesenc		$rndkey,$inout4,$inout4
+	vaesenc		$rndkey,$inout5,$inout5
+	vmovups		(%r12),$rndkey
+	lea		0x10(%r12),%r12
+	dec		%r13d
+	jnz		.Loop_ctr32
+
+	vmovdqu		(%r12),$Hkey		# last round key
+	vaesenc		$rndkey,$inout0,$inout0
+	vpxor		0x00($inp),$Hkey,$Z0
+	vaesenc		$rndkey,$inout1,$inout1
+	vpxor		0x10($inp),$Hkey,$Z1
+	vaesenc		$rndkey,$inout2,$inout2
+	vpxor		0x20($inp),$Hkey,$Z2
+	vaesenc		$rndkey,$inout3,$inout3
+	vpxor		0x30($inp),$Hkey,$Xi
+	vaesenc		$rndkey,$inout4,$inout4
+	vpxor		0x40($inp),$Hkey,$T2
+	vaesenc		$rndkey,$inout5,$inout5
+	vpxor		0x50($inp),$Hkey,$Hkey
+	lea		0x60($inp),$inp
+
+	vaesenclast	$Z0,$inout0,$inout0
+	vaesenclast	$Z1,$inout1,$inout1
+	vaesenclast	$Z2,$inout2,$inout2
+	vaesenclast	$Xi,$inout3,$inout3
+	vaesenclast	$T2,$inout4,$inout4
+	vaesenclast	$Hkey,$inout5,$inout5
+	vmovups		$inout0,0x00($out)
+	vmovups		$inout1,0x10($out)
+	vmovups		$inout2,0x20($out)
+	vmovups		$inout3,0x30($out)
+	vmovups		$inout4,0x40($out)
+	vmovups		$inout5,0x50($out)
+	lea		0x60($out),$out
+
+	ret
+.align	32
+.Lhandle_ctr32_2:
+	vpshufb		$Ii,$T1,$Z2		# byte-swap counter
+	vmovdqu		0x30($const),$Z1	# borrow $Z1, .Ltwo_lsb
+	vpaddd		0x40($const),$Z2,$inout1	# .Lone_lsb
+	vpaddd		$Z1,$Z2,$inout2
+	vpaddd		$Z1,$inout1,$inout3
+	vpshufb		$Ii,$inout1,$inout1
+	vpaddd		$Z1,$inout2,$inout4
+	vpshufb		$Ii,$inout2,$inout2
+	vpxor		$Z0,$inout1,$inout1
+	vpaddd		$Z1,$inout3,$inout5
+	vpshufb		$Ii,$inout3,$inout3
+	vpxor		$Z0,$inout2,$inout2
+	vpaddd		$Z1,$inout4,$T1		# byte-swapped next counter value
+	vpshufb		$Ii,$inout4,$inout4
+	vpxor		$Z0,$inout3,$inout3
+	vpshufb		$Ii,$inout5,$inout5
+	vpxor		$Z0,$inout4,$inout4
+	vpshufb		$Ii,$T1,$T1		# next counter value
+	vpxor		$Z0,$inout5,$inout5
+	jmp	.Loop_ctr32
+.size	_aesni_ctr32_6x,.-_aesni_ctr32_6x
+
+.globl	aesni_gcm_encrypt
+.type	aesni_gcm_encrypt,\@function,6
+.align	32
+aesni_gcm_encrypt:
+	xor	$ret,$ret
+
+	# We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of
+	# input. Then we call |_aesni_ctr32_ghash_6x|, which requires at
+	# least 96 more bytes of input.
+	cmp	\$0x60*3,$len			# minimal accepted length
+	jb	.Lgcm_enc_abort
+
+	lea	(%rsp),%rax			# save stack pointer
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,-0xd8(%rax)
+	movaps	%xmm7,-0xc8(%rax)
+	movaps	%xmm8,-0xb8(%rax)
+	movaps	%xmm9,-0xa8(%rax)
+	movaps	%xmm10,-0x98(%rax)
+	movaps	%xmm11,-0x88(%rax)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+.Lgcm_enc_body:
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($ivp),$T1		# input counter value
+	add		\$-128,%rsp
+	mov		12($ivp),$counter
+	lea		.Lbswap_mask(%rip),$const
+	lea		-0x80($key),$in0	# borrow $in0
+	mov		\$0xf80,$end0		# borrow $end0
+	lea		0x80($key),$key		# size optimization
+	vmovdqu		($const),$Ii		# borrow $Ii for .Lbswap_mask
+	and		\$-128,%rsp		# ensure stack alignment
+	mov		0xf0-0x80($key),$rounds
+
+	and		$end0,$in0
+	and		%rsp,$end0
+	sub		$in0,$end0
+	jc		.Lenc_no_key_aliasing
+	cmp		\$768,$end0
+	jnc		.Lenc_no_key_aliasing
+	sub		$end0,%rsp		# avoid aliasing with key
+.Lenc_no_key_aliasing:
+
+	lea		($out),$in0
+
+	# |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
+	# bytes before the end of the input. Note, in particular, that this is
+	# correct even if |$len| is not an even multiple of 96 or 16. Unlike in
+	# the decryption case, there's no caveat that |$out| must not be near
+	# the very beginning of the address space, because we know that
+	# |$len| >= 3*96 from the check above, and so we know
+	# |$out| + |$len| >= 2*96 (0xc0).
+	lea		-0xc0($out,$len),$end0
+
+	shr		\$4,$len
+
+	call		_aesni_ctr32_6x
+	vpshufb		$Ii,$inout0,$Xi		# save bswapped output on stack
+	vpshufb		$Ii,$inout1,$T2
+	vmovdqu		$Xi,0x70(%rsp)
+	vpshufb		$Ii,$inout2,$Z0
+	vmovdqu		$T2,0x60(%rsp)
+	vpshufb		$Ii,$inout3,$Z1
+	vmovdqu		$Z0,0x50(%rsp)
+	vpshufb		$Ii,$inout4,$Z2
+	vmovdqu		$Z1,0x40(%rsp)
+	vpshufb		$Ii,$inout5,$Z3		# passed to _aesni_ctr32_ghash_6x
+	vmovdqu		$Z2,0x30(%rsp)
+
+	call		_aesni_ctr32_6x
+
+	vmovdqu		($Xip),$Xi		# load Xi
+	lea		0x20+0x20($Xip),$Xip	# size optimization
+	sub		\$12,$len
+	mov		\$0x60*2,$ret
+	vpshufb		$Ii,$Xi,$Xi
+
+	call		_aesni_ctr32_ghash_6x
+	vmovdqu		0x20(%rsp),$Z3		# I[5]
+	 vmovdqu	($const),$Ii		# borrow $Ii for .Lbswap_mask
+	vmovdqu		0x00-0x20($Xip),$Hkey	# $Hkey^1
+	vpunpckhqdq	$Z3,$Z3,$T1
+	vmovdqu		0x20-0x20($Xip),$rndkey	# borrow $rndkey for $HK
+	 vmovups	$inout0,-0x60($out)	# save output
+	 vpshufb	$Ii,$inout0,$inout0	# but keep bswapped copy
+	vpxor		$Z3,$T1,$T1
+	 vmovups	$inout1,-0x50($out)
+	 vpshufb	$Ii,$inout1,$inout1
+	 vmovups	$inout2,-0x40($out)
+	 vpshufb	$Ii,$inout2,$inout2
+	 vmovups	$inout3,-0x30($out)
+	 vpshufb	$Ii,$inout3,$inout3
+	 vmovups	$inout4,-0x20($out)
+	 vpshufb	$Ii,$inout4,$inout4
+	 vmovups	$inout5,-0x10($out)
+	 vpshufb	$Ii,$inout5,$inout5
+	 vmovdqu	$inout0,0x10(%rsp)	# free $inout0
+___
+{ my ($HK,$T3)=($rndkey,$inout0);
+
+$code.=<<___;
+	 vmovdqu	0x30(%rsp),$Z2		# I[4]
+	 vmovdqu	0x10-0x20($Xip),$Ii	# borrow $Ii for $Hkey^2
+	 vpunpckhqdq	$Z2,$Z2,$T2
+	vpclmulqdq	\$0x00,$Hkey,$Z3,$Z1
+	 vpxor		$Z2,$T2,$T2
+	vpclmulqdq	\$0x11,$Hkey,$Z3,$Z3
+	vpclmulqdq	\$0x00,$HK,$T1,$T1
+
+	 vmovdqu	0x40(%rsp),$T3		# I[3]
+	vpclmulqdq	\$0x00,$Ii,$Z2,$Z0
+	 vmovdqu	0x30-0x20($Xip),$Hkey	# $Hkey^3
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$T3,$T3,$Z1
+	vpclmulqdq	\$0x11,$Ii,$Z2,$Z2
+	 vpxor		$T3,$Z1,$Z1
+	vpxor		$Z3,$Z2,$Z2
+	vpclmulqdq	\$0x10,$HK,$T2,$T2
+	 vmovdqu	0x50-0x20($Xip),$HK
+	vpxor		$T1,$T2,$T2
+
+	 vmovdqu	0x50(%rsp),$T1		# I[2]
+	vpclmulqdq	\$0x00,$Hkey,$T3,$Z3
+	 vmovdqu	0x40-0x20($Xip),$Ii	# borrow $Ii for $Hkey^4
+	vpxor		$Z0,$Z3,$Z3
+	 vpunpckhqdq	$T1,$T1,$Z0
+	vpclmulqdq	\$0x11,$Hkey,$T3,$T3
+	 vpxor		$T1,$Z0,$Z0
+	vpxor		$Z2,$T3,$T3
+	vpclmulqdq	\$0x00,$HK,$Z1,$Z1
+	vpxor		$T2,$Z1,$Z1
+
+	 vmovdqu	0x60(%rsp),$T2		# I[1]
+	vpclmulqdq	\$0x00,$Ii,$T1,$Z2
+	 vmovdqu	0x60-0x20($Xip),$Hkey	# $Hkey^5
+	vpxor		$Z3,$Z2,$Z2
+	 vpunpckhqdq	$T2,$T2,$Z3
+	vpclmulqdq	\$0x11,$Ii,$T1,$T1
+	 vpxor		$T2,$Z3,$Z3
+	vpxor		$T3,$T1,$T1
+	vpclmulqdq	\$0x10,$HK,$Z0,$Z0
+	 vmovdqu	0x80-0x20($Xip),$HK
+	vpxor		$Z1,$Z0,$Z0
+
+	 vpxor		0x70(%rsp),$Xi,$Xi	# accumulate I[0]
+	vpclmulqdq	\$0x00,$Hkey,$T2,$Z1
+	 vmovdqu	0x70-0x20($Xip),$Ii	# borrow $Ii for $Hkey^6
+	 vpunpckhqdq	$Xi,$Xi,$T3
+	vpxor		$Z2,$Z1,$Z1
+	vpclmulqdq	\$0x11,$Hkey,$T2,$T2
+	 vpxor		$Xi,$T3,$T3
+	vpxor		$T1,$T2,$T2
+	vpclmulqdq	\$0x00,$HK,$Z3,$Z3
+	vpxor		$Z0,$Z3,$Z0
+
+	vpclmulqdq	\$0x00,$Ii,$Xi,$Z2
+	 vmovdqu	0x00-0x20($Xip),$Hkey	# $Hkey^1
+	 vpunpckhqdq	$inout5,$inout5,$T1
+	vpclmulqdq	\$0x11,$Ii,$Xi,$Xi
+	 vpxor		$inout5,$T1,$T1
+	vpxor		$Z1,$Z2,$Z1
+	vpclmulqdq	\$0x10,$HK,$T3,$T3
+	 vmovdqu	0x20-0x20($Xip),$HK
+	vpxor		$T2,$Xi,$Z3
+	vpxor		$Z0,$T3,$Z2
+
+	 vmovdqu	0x10-0x20($Xip),$Ii	# borrow $Ii for $Hkey^2
+	  vpxor		$Z1,$Z3,$T3		# aggregated Karatsuba post-processing
+	vpclmulqdq	\$0x00,$Hkey,$inout5,$Z0
+	  vpxor		$T3,$Z2,$Z2
+	 vpunpckhqdq	$inout4,$inout4,$T2
+	vpclmulqdq	\$0x11,$Hkey,$inout5,$inout5
+	 vpxor		$inout4,$T2,$T2
+	  vpslldq	\$8,$Z2,$T3
+	vpclmulqdq	\$0x00,$HK,$T1,$T1
+	  vpxor		$T3,$Z1,$Xi
+	  vpsrldq	\$8,$Z2,$Z2
+	  vpxor		$Z2,$Z3,$Z3
+
+	vpclmulqdq	\$0x00,$Ii,$inout4,$Z1
+	 vmovdqu	0x30-0x20($Xip),$Hkey	# $Hkey^3
+	vpxor		$Z0,$Z1,$Z1
+	 vpunpckhqdq	$inout3,$inout3,$T3
+	vpclmulqdq	\$0x11,$Ii,$inout4,$inout4
+	 vpxor		$inout3,$T3,$T3
+	vpxor		$inout5,$inout4,$inout4
+	  vpalignr	\$8,$Xi,$Xi,$inout5	# 1st phase
+	vpclmulqdq	\$0x10,$HK,$T2,$T2
+	 vmovdqu	0x50-0x20($Xip),$HK
+	vpxor		$T1,$T2,$T2
+
+	vpclmulqdq	\$0x00,$Hkey,$inout3,$Z0
+	 vmovdqu	0x40-0x20($Xip),$Ii	# borrow $Ii for $Hkey^4
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$inout2,$inout2,$T1
+	vpclmulqdq	\$0x11,$Hkey,$inout3,$inout3
+	 vpxor		$inout2,$T1,$T1
+	vpxor		$inout4,$inout3,$inout3
+	  vxorps	0x10(%rsp),$Z3,$Z3	# accumulate $inout0
+	vpclmulqdq	\$0x00,$HK,$T3,$T3
+	vpxor		$T2,$T3,$T3
+
+	  vpclmulqdq	\$0x10,0x10($const),$Xi,$Xi
+	  vxorps	$inout5,$Xi,$Xi
+
+	vpclmulqdq	\$0x00,$Ii,$inout2,$Z1
+	 vmovdqu	0x60-0x20($Xip),$Hkey	# $Hkey^5
+	vpxor		$Z0,$Z1,$Z1
+	 vpunpckhqdq	$inout1,$inout1,$T2
+	vpclmulqdq	\$0x11,$Ii,$inout2,$inout2
+	 vpxor		$inout1,$T2,$T2
+	  vpalignr	\$8,$Xi,$Xi,$inout5	# 2nd phase
+	vpxor		$inout3,$inout2,$inout2
+	vpclmulqdq	\$0x10,$HK,$T1,$T1
+	 vmovdqu	0x80-0x20($Xip),$HK
+	vpxor		$T3,$T1,$T1
+
+	  vxorps	$Z3,$inout5,$inout5
+	  vpclmulqdq	\$0x10,0x10($const),$Xi,$Xi
+	  vxorps	$inout5,$Xi,$Xi
+
+	vpclmulqdq	\$0x00,$Hkey,$inout1,$Z0
+	 vmovdqu	0x70-0x20($Xip),$Ii	# borrow $Ii for $Hkey^6
+	vpxor		$Z1,$Z0,$Z0
+	 vpunpckhqdq	$Xi,$Xi,$T3
+	vpclmulqdq	\$0x11,$Hkey,$inout1,$inout1
+	 vpxor		$Xi,$T3,$T3
+	vpxor		$inout2,$inout1,$inout1
+	vpclmulqdq	\$0x00,$HK,$T2,$T2
+	vpxor		$T1,$T2,$T2
+
+	vpclmulqdq	\$0x00,$Ii,$Xi,$Z1
+	vpclmulqdq	\$0x11,$Ii,$Xi,$Z3
+	vpxor		$Z0,$Z1,$Z1
+	vpclmulqdq	\$0x10,$HK,$T3,$Z2
+	vpxor		$inout1,$Z3,$Z3
+	vpxor		$T2,$Z2,$Z2
+
+	vpxor		$Z1,$Z3,$Z0		# aggregated Karatsuba post-processing
+	vpxor		$Z0,$Z2,$Z2
+	vpslldq		\$8,$Z2,$T1
+	vmovdqu		0x10($const),$Hkey	# .Lpoly
+	vpsrldq		\$8,$Z2,$Z2
+	vpxor		$T1,$Z1,$Xi
+	vpxor		$Z2,$Z3,$Z3
+
+	vpalignr	\$8,$Xi,$Xi,$T2		# 1st phase
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	vpalignr	\$8,$Xi,$Xi,$T2		# 2nd phase
+	vpclmulqdq	\$0x10,$Hkey,$Xi,$Xi
+	vpxor		$Z3,$T2,$T2
+	vpxor		$T2,$Xi,$Xi
+___
+}
+$code.=<<___;
+	vpshufb		($const),$Xi,$Xi	# .Lbswap_mask
+	vmovdqu		$Xi,-0x40($Xip)		# output Xi
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp		# restore %rsp
+.Lgcm_enc_abort:
+	mov	$ret,%rax		# return value
+	ret
+.size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
+___
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lpoly:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.Lone_msb:
+	.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Ltwo_lsb:
+	.byte	2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.Lone_lsb:
+	.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.asciz	"AES-NI GCM module for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___
+.extern	__imp_RtlVirtualUnwind
+.type	gcm_se_handler,\@abi-omnipotent
+.align	16
+gcm_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	120($context),%rax	# pull context->Rax
+
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	mov	%r15,240($context)
+	mov	%r14,232($context)
+	mov	%r13,224($context)
+	mov	%r12,216($context)
+	mov	%rbp,160($context)
+	mov	%rbx,144($context)
+
+	lea	-0xd8(%rax),%rsi	# %xmm save area
+	lea	512($context),%rdi	# & context.Xmm6
+	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	gcm_se_handler,.-gcm_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_aesni_gcm_decrypt
+	.rva	.LSEH_end_aesni_gcm_decrypt
+	.rva	.LSEH_gcm_dec_info
+
+	.rva	.LSEH_begin_aesni_gcm_encrypt
+	.rva	.LSEH_end_aesni_gcm_encrypt
+	.rva	.LSEH_gcm_enc_info
+.section	.xdata
+.align	8
+.LSEH_gcm_dec_info:
+	.byte	9,0,0,0
+	.rva	gcm_se_handler
+	.rva	.Lgcm_dec_body,.Lgcm_dec_abort
+.LSEH_gcm_enc_info:
+	.byte	9,0,0,0
+	.rva	gcm_se_handler
+	.rva	.Lgcm_enc_body,.Lgcm_enc_abort
+___
+}
+}}} else {{{
+$code=<<___;	# assembler is too old
+.text
+
+.globl	aesni_gcm_encrypt
+.type	aesni_gcm_encrypt,\@abi-omnipotent
+aesni_gcm_encrypt:
+	xor	%eax,%eax
+	ret
+.size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
+
+.globl	aesni_gcm_decrypt
+.type	aesni_gcm_decrypt,\@abi-omnipotent
+aesni_gcm_decrypt:
+	xor	%eax,%eax
+	ret
+.size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
+___
+}}}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-alpha.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-alpha.pl
new file mode 100644
index 0000000..ccf6b2b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-alpha.pl
@@ -0,0 +1,467 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Even though
+# loops are aggressively modulo-scheduled in respect to references to
+# Htbl and Z.hi updates for 8 cycles per byte, measured performance is
+# ~12 cycles per processed byte on 21264 CPU. It seems to be a dynamic
+# scheduling "glitch," because uprofile(1) indicates uniform sample
+# distribution, as if all instruction bundles execute in 1.5 cycles.
+# Meaning that it could have been even faster, yet 12 cycles is ~60%
+# better than gcc-generated code and ~80% than code generated by vendor
+# compiler.
+
+$cnt="v0";	# $0
+$t0="t0";
+$t1="t1";
+$t2="t2";
+$Thi0="t3";	# $4
+$Tlo0="t4";
+$Thi1="t5";
+$Tlo1="t6";
+$rem="t7";	# $8
+#################
+$Xi="a0";	# $16, input argument block
+$Htbl="a1";
+$inp="a2";
+$len="a3";
+$nlo="a4";	# $20
+$nhi="a5";
+$Zhi="t8";
+$Zlo="t9";
+$Xhi="t10";	# $24
+$Xlo="t11";
+$remp="t12";
+$rem_4bit="AT";	# $28
+
+{ my $N;
+  sub loop() {
+
+	$N++;
+$code.=<<___;
+.align	4
+	extbl	$Xlo,7,$nlo
+	and	$nlo,0xf0,$nhi
+	sll	$nlo,4,$nlo
+	and	$nlo,0xf0,$nlo
+
+	addq	$nlo,$Htbl,$nlo
+	ldq	$Zlo,8($nlo)
+	addq	$nhi,$Htbl,$nhi
+	ldq	$Zhi,0($nlo)
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	lda	$cnt,6(zero)
+	extbl	$Xlo,6,$nlo
+
+	ldq	$Tlo1,8($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+	ldq	$Thi1,0($nhi)
+	srl	$Zlo,4,$Zlo
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	and	$nlo,0xf0,$nhi
+
+	xor	$Tlo1,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	xor	$Thi1,$Zhi,$Zhi
+	and	$nlo,0xf0,$nlo
+
+	addq	$nlo,$Htbl,$nlo
+	ldq	$Tlo0,8($nlo)
+	addq	$nhi,$Htbl,$nhi
+	ldq	$Thi0,0($nlo)
+
+.Looplo$N:
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	subq	$cnt,1,$cnt
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xlo,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	bne	$cnt,.Looplo$N
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	lda	$cnt,7(zero)
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xhi,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	unop
+
+
+.Loophi$N:
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	subq	$cnt,1,$cnt
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	extbl	$Xhi,$cnt,$nlo
+
+	and	$nlo,0xf0,$nhi
+	xor	$Thi0,$Zhi,$Zhi
+	xor	$Tlo0,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	and	$nlo,0xf0,$nlo
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+	addq	$nlo,$Htbl,$nlo
+	addq	$nhi,$Htbl,$nhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	ldq	$Tlo0,8($nlo)
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	ldq	$Thi0,0($nlo)
+	bne	$cnt,.Loophi$N
+
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	srl	$Zlo,4,$Zlo
+
+	ldq	$Tlo1,8($nhi)
+	xor	$rem,$Zhi,$Zhi
+	ldq	$Thi1,0($nhi)
+	s8addq	$remp,$rem_4bit,$remp
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$t0,$Zlo,$Zlo
+
+	xor	$Tlo0,$Zlo,$Zlo
+	xor	$Thi0,$Zhi,$Zhi
+
+	and	$Zlo,0x0f,$remp
+	sll	$Zhi,60,$t0
+	srl	$Zlo,4,$Zlo
+
+	s8addq	$remp,$rem_4bit,$remp
+	xor	$rem,$Zhi,$Zhi
+
+	ldq	$rem,0($remp)
+	srl	$Zhi,4,$Zhi
+	xor	$Tlo1,$Zlo,$Zlo
+	xor	$Thi1,$Zhi,$Zhi
+	xor	$t0,$Zlo,$Zlo
+	xor	$rem,$Zhi,$Zhi
+___
+}}
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+.globl	gcm_gmult_4bit
+.align	4
+.ent	gcm_gmult_4bit
+gcm_gmult_4bit:
+	.frame	sp,0,ra
+	.prologue 0
+
+	ldq	$Xlo,8($Xi)
+	ldq	$Xhi,0($Xi)
+
+	bsr	$t0,picmeup
+	nop
+___
+
+	&loop();
+
+$code.=<<___;
+	srl	$Zlo,24,$t0	# byte swap
+	srl	$Zlo,8,$t1
+
+	sll	$Zlo,8,$t2
+	sll	$Zlo,24,$Zlo
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+
+	zapnot	$Zlo,0x88,$Zlo
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zlo,$t0,$Zlo
+	srl	$Zhi,24,$t0
+	srl	$Zhi,8,$t1
+
+	or	$Zlo,$t2,$Zlo
+	sll	$Zhi,8,$t2
+	sll	$Zhi,24,$Zhi
+
+	srl	$Zlo,32,$Xlo
+	sll	$Zlo,32,$Zlo
+
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+	stq	$Xlo,8($Xi)
+	stq	$Xhi,0($Xi)
+
+	ret	(ra)
+.end	gcm_gmult_4bit
+___
+
+$inhi="s0";
+$inlo="s1";
+
+$code.=<<___;
+.globl	gcm_ghash_4bit
+.align	4
+.ent	gcm_ghash_4bit
+gcm_ghash_4bit:
+	lda	sp,-32(sp)
+	stq	ra,0(sp)
+	stq	s0,8(sp)
+	stq	s1,16(sp)
+	.mask	0x04000600,-32
+	.frame	sp,32,ra
+	.prologue 0
+
+	ldq_u	$inhi,0($inp)
+	ldq_u	$Thi0,7($inp)
+	ldq_u	$inlo,8($inp)
+	ldq_u	$Tlo0,15($inp)
+	ldq	$Xhi,0($Xi)
+	ldq	$Xlo,8($Xi)
+
+	bsr	$t0,picmeup
+	nop
+
+.Louter:
+	extql	$inhi,$inp,$inhi
+	extqh	$Thi0,$inp,$Thi0
+	or	$inhi,$Thi0,$inhi
+	lda	$inp,16($inp)
+
+	extql	$inlo,$inp,$inlo
+	extqh	$Tlo0,$inp,$Tlo0
+	or	$inlo,$Tlo0,$inlo
+	subq	$len,16,$len
+
+	xor	$Xlo,$inlo,$Xlo
+	xor	$Xhi,$inhi,$Xhi
+___
+
+	&loop();
+
+$code.=<<___;
+	srl	$Zlo,24,$t0	# byte swap
+	srl	$Zlo,8,$t1
+
+	sll	$Zlo,8,$t2
+	sll	$Zlo,24,$Zlo
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+
+	zapnot	$Zlo,0x88,$Zlo
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zlo,$t0,$Zlo
+	srl	$Zhi,24,$t0
+	srl	$Zhi,8,$t1
+
+	or	$Zlo,$t2,$Zlo
+	sll	$Zhi,8,$t2
+	sll	$Zhi,24,$Zhi
+
+	srl	$Zlo,32,$Xlo
+	sll	$Zlo,32,$Zlo
+	beq	$len,.Ldone
+
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+	ldq_u	$inhi,0($inp)
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+	ldq_u	$Thi0,7($inp)
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+	ldq_u	$inlo,8($inp)
+	ldq_u	$Tlo0,15($inp)
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+	br	zero,.Louter
+
+.Ldone:
+	zapnot	$t0,0x11,$t0
+	zapnot	$t1,0x22,$t1
+	or	$Zlo,$Xlo,$Xlo
+
+	zapnot	$Zhi,0x88,$Zhi
+	or	$t0,$t1,$t0
+	zapnot	$t2,0x44,$t2
+
+	or	$Zhi,$t0,$Zhi
+	or	$Zhi,$t2,$Zhi
+
+	srl	$Zhi,32,$Xhi
+	sll	$Zhi,32,$Zhi
+
+	or	$Zhi,$Xhi,$Xhi
+
+	stq	$Xlo,8($Xi)
+	stq	$Xhi,0($Xi)
+
+	.set	noreorder
+	/*ldq	ra,0(sp)*/
+	ldq	s0,8(sp)
+	ldq	s1,16(sp)
+	lda	sp,32(sp)
+	ret	(ra)
+.end	gcm_ghash_4bit
+
+.align	4
+.ent	picmeup
+picmeup:
+	.frame	sp,0,$t0
+	.prologue 0
+	br	$rem_4bit,.Lpic
+.Lpic:	lda	$rem_4bit,12($rem_4bit)
+	ret	($t0)
+.end	picmeup
+	nop
+rem_4bit:
+	.long	0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
+	.long	0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
+	.long	0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
+	.long	0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
+.ascii	"GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+
+___
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
+
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-armv4.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-armv4.pl
new file mode 100644
index 0000000..7d880c9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-armv4.pl
@@ -0,0 +1,554 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# April 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+32 bytes shared table]. There is no
+# experimental performance data available yet. The only approximation
+# that can be made at this point is based on code size. Inner loop is
+# 32 instructions long and on single-issue core should execute in <40
+# cycles. Having verified that gcc 3.4 didn't unroll corresponding
+# loop, this assembler loop body was found to be ~3x smaller than
+# compiler-generated one...
+#
+# July 2010
+#
+# Rescheduling for dual-issue pipeline resulted in 8.5% improvement on
+# Cortex A8 core and ~25 cycles per processed byte (which was observed
+# to be ~3 times faster than gcc-generated code:-)
+#
+# February 2011
+#
+# Profiler-assisted and platform-specific optimization resulted in 7%
+# improvement on Cortex A8 core and ~23.5 cycles per byte.
+#
+# March 2011
+#
+# Add NEON implementation featuring polynomial multiplication, i.e. no
+# lookup tables involved. On Cortex A8 it was measured to process one
+# byte in 15 cycles or 55% faster than integer-only code.
+#
+# April 2014
+#
+# Switch to multiplication algorithm suggested in paper referred
+# below and combine it with reduction algorithm from x86 module.
+# Performance improvement over previous version varies from 65% on
+# Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8
+# processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63,
+# Snapdragon S4 - in 9.33.
+#
+# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
+# Polynomial Multiplication on ARM Processors using the NEON Engine.
+# 
+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+
+# ====================================================================
+# Note about "528B" variant. In ARM case it makes lesser sense to
+# implement it for following reasons:
+#
+# - performance improvement won't be anywhere near 50%, because 128-
+#   bit shift operation is neatly fused with 128-bit xor here, and
+#   "538B" variant would eliminate only 4-5 instructions out of 32
+#   in the inner loop (meaning that estimated improvement is ~15%);
+# - ARM-based systems are often embedded ones and extra memory
+#   consumption might be unappreciated (for so little improvement);
+#
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in Htable,
+# namely with *least* significant dword of 128-bit value at *lower*
+# address. This differs completely from C code and has everything to
+# do with ldm instruction and order in which dwords are "consumed" by
+# algorithm. *Byte* order within these dwords in turn is whatever
+# *native* byte order on current platform. See gcm128.c for working
+# example...
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$Xi="r0";	# argument block
+$Htbl="r1";
+$inp="r2";
+$len="r3";
+
+$Zll="r4";	# variables
+$Zlh="r5";
+$Zhl="r6";
+$Zhh="r7";
+$Tll="r8";
+$Tlh="r9";
+$Thl="r10";
+$Thh="r11";
+$nlo="r12";
+################# r13 is stack pointer
+$nhi="r14";
+################# r15 is program counter
+
+$rem_4bit=$inp;	# used in gcm_gmult_4bit
+$cnt=$len;
+
+sub Zsmash() {
+  my $i=12;
+  my @args=@_;
+  for ($Zll,$Zlh,$Zhl,$Zhh) {
+    $code.=<<___;
+#if __ARM_ARCH__>=7 && defined(__ARMEL__)
+	rev	$_,$_
+	str	$_,[$Xi,#$i]
+#elif defined(__ARMEB__)
+	str	$_,[$Xi,#$i]
+#else
+	mov	$Tlh,$_,lsr#8
+	strb	$_,[$Xi,#$i+3]
+	mov	$Thl,$_,lsr#16
+	strb	$Tlh,[$Xi,#$i+2]
+	mov	$Thh,$_,lsr#24
+	strb	$Thl,[$Xi,#$i+1]
+	strb	$Thh,[$Xi,#$i]
+#endif
+___
+    $code.="\t".shift(@args)."\n";
+    $i-=4;
+  }
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__) || defined(__clang__)
+.syntax	unified
+#endif
+#if defined(__thumb2__)
+.thumb
+#else
+.code	32
+#endif
+
+#ifdef  __clang__
+#define ldrplb  ldrbpl
+#define ldrneb  ldrbne
+#endif
+
+.type	rem_4bit,%object
+.align	5
+rem_4bit:
+.short	0x0000,0x1C20,0x3840,0x2460
+.short	0x7080,0x6CA0,0x48C0,0x54E0
+.short	0xE100,0xFD20,0xD940,0xC560
+.short	0x9180,0x8DA0,0xA9C0,0xB5E0
+.size	rem_4bit,.-rem_4bit
+
+.type	rem_4bit_get,%function
+rem_4bit_get:
+#if defined(__thumb2__)
+	adr	$rem_4bit,rem_4bit
+#else
+	sub	$rem_4bit,pc,#8+32	@ &rem_4bit
+#endif
+	b	.Lrem_4bit_got
+	nop
+	nop
+.size	rem_4bit_get,.-rem_4bit_get
+
+.global	gcm_ghash_4bit
+.type	gcm_ghash_4bit,%function
+.align	4
+gcm_ghash_4bit:
+#if defined(__thumb2__)
+	adr	r12,rem_4bit
+#else
+	sub	r12,pc,#8+48		@ &rem_4bit
+#endif
+	add	$len,$inp,$len		@ $len to point at the end
+	stmdb	sp!,{r3-r11,lr}		@ save $len/end too
+
+	ldmia	r12,{r4-r11}		@ copy rem_4bit ...
+	stmdb	sp!,{r4-r11}		@ ... to stack
+
+	ldrb	$nlo,[$inp,#15]
+	ldrb	$nhi,[$Xi,#15]
+.Louter:
+	eor	$nlo,$nlo,$nhi
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	mov	$cnt,#14
+
+	add	$Zhh,$Htbl,$nlo,lsl#4
+	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
+	add	$Thh,$Htbl,$nhi
+	ldrb	$nlo,[$inp,#14]
+
+	and	$nhi,$Zll,#0xf		@ rem
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	add	$nhi,$nhi,$nhi
+	eor	$Zll,$Tll,$Zll,lsr#4
+	ldrh	$Tll,[sp,$nhi]		@ rem_4bit[rem]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	ldrb	$nhi,[$Xi,#14]
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+	eor	$nlo,$nlo,$nhi
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tll,lsl#16
+
+.Linner:
+	add	$Thh,$Htbl,$nlo,lsl#4
+	and	$nlo,$Zll,#0xf		@ rem
+	subs	$cnt,$cnt,#1
+	add	$nlo,$nlo,$nlo
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	ldrh	$Tll,[sp,$nlo]		@ rem_4bit[rem]
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$nlo,[$inp,$cnt]
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	add	$nhi,$nhi,$nhi
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	eor	$Zll,$Tll,$Zll,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$Tll,[$Xi,$cnt]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	ldrh	$Tlh,[sp,$nhi]
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+#ifdef	__thumb2__
+	it	pl
+#endif
+	eorpl	$nlo,$nlo,$Tll
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+#ifdef	__thumb2__
+	itt	pl
+#endif
+	andpl	$nhi,$nlo,#0xf0
+	andpl	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tlh,lsl#16	@ ^= rem_4bit[rem]
+	bpl	.Linner
+
+	ldr	$len,[sp,#32]		@ re-load $len/end
+	add	$inp,$inp,#16
+	mov	$nhi,$Zll
+___
+	&Zsmash("cmp\t$inp,$len","\n".
+				 "#ifdef __thumb2__\n".
+				 "	it	ne\n".
+				 "#endif\n".
+				 "	ldrneb	$nlo,[$inp,#15]");
+$code.=<<___;
+	bne	.Louter
+
+	add	sp,sp,#36
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	gcm_ghash_4bit,.-gcm_ghash_4bit
+
+.global	gcm_gmult_4bit
+.type	gcm_gmult_4bit,%function
+gcm_gmult_4bit:
+	stmdb	sp!,{r4-r11,lr}
+	ldrb	$nlo,[$Xi,#15]
+	b	rem_4bit_get
+.Lrem_4bit_got:
+	and	$nhi,$nlo,#0xf0
+	and	$nlo,$nlo,#0x0f
+	mov	$cnt,#14
+
+	add	$Zhh,$Htbl,$nlo,lsl#4
+	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
+	ldrb	$nlo,[$Xi,#14]
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	add	$nhi,$nhi,$nhi
+	eor	$Zll,$Tll,$Zll,lsr#4
+	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+	and	$nhi,$nlo,#0xf0
+	eor	$Zhh,$Zhh,$Tll,lsl#16
+	and	$nlo,$nlo,#0x0f
+
+.Loop:
+	add	$Thh,$Htbl,$nlo,lsl#4
+	and	$nlo,$Zll,#0xf		@ rem
+	subs	$cnt,$cnt,#1
+	add	$nlo,$nlo,$nlo
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	ldrh	$Tll,[$rem_4bit,$nlo]	@ rem_4bit[rem]
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+#ifdef	__thumb2__
+	it	pl
+#endif
+	ldrplb	$nlo,[$Xi,$cnt]
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+
+	add	$Thh,$Htbl,$nhi
+	and	$nhi,$Zll,#0xf		@ rem
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	add	$nhi,$nhi,$nhi
+	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
+	eor	$Zll,$Tll,$Zll,lsr#4
+	eor	$Zll,$Zll,$Zlh,lsl#28
+	eor	$Zlh,$Tlh,$Zlh,lsr#4
+	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
+	eor	$Zlh,$Zlh,$Zhl,lsl#28
+	eor	$Zhl,$Thl,$Zhl,lsr#4
+	eor	$Zhl,$Zhl,$Zhh,lsl#28
+	eor	$Zhh,$Thh,$Zhh,lsr#4
+#ifdef	__thumb2__
+	itt	pl
+#endif
+	andpl	$nhi,$nlo,#0xf0
+	andpl	$nlo,$nlo,#0x0f
+	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
+	bpl	.Loop
+___
+	&Zsmash();
+$code.=<<___;
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	gcm_gmult_4bit,.-gcm_gmult_4bit
+___
+{
+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
+my ($t0,$t1,$t2,$t3)=map("q$_",(8..12));
+my ($Hlo,$Hhi,$Hhl,$k48,$k32,$k16)=map("d$_",(26..31));
+
+sub clmul64x64 {
+my ($r,$a,$b)=@_;
+$code.=<<___;
+	vext.8		$t0#lo, $a, $a, #1	@ A1
+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
+	vext.8		$r#lo, $b, $b, #1	@ B1
+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
+	vext.8		$t1#lo, $a, $a, #2	@ A2
+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
+	vext.8		$t3#lo, $b, $b, #2	@ B2
+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
+	vext.8		$t2#lo, $a, $a, #3	@ A3
+	veor		$t0, $t0, $r		@ L = E + F
+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
+	vext.8		$r#lo, $b, $b, #3	@ B3
+	veor		$t1, $t1, $t3		@ M = G + H
+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
+	vand		$t0#hi, $t0#hi, $k48
+	vext.8		$t3#lo, $b, $b, #4	@ B4
+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
+	vand		$t1#hi, $t1#hi, $k32
+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
+	veor		$t2, $t2, $r		@ N = I + J
+	veor		$t0#lo, $t0#lo, $t0#hi
+	veor		$t1#lo, $t1#lo, $t1#hi
+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
+	vand		$t2#hi, $t2#hi, $k16
+	vext.8		$t0, $t0, $t0, #15
+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
+	vmov.i64	$t3#hi, #0
+	vext.8		$t1, $t1, $t1, #14
+	veor		$t2#lo, $t2#lo, $t2#hi
+	vmull.p8	$r, $a, $b		@ D = A*B
+	vext.8		$t3, $t3, $t3, #12
+	vext.8		$t2, $t2, $t2, #13
+	veor		$t0, $t0, $t1
+	veor		$t2, $t2, $t3
+	veor		$r, $r, $t0
+	veor		$r, $r, $t2
+___
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	gcm_init_neon
+.type	gcm_init_neon,%function
+.align	4
+gcm_init_neon:
+	vld1.64		$IN#hi,[r1]!		@ load H
+	vmov.i8		$t0,#0xe1
+	vld1.64		$IN#lo,[r1]
+	vshl.i64	$t0#hi,#57
+	vshr.u64	$t0#lo,#63		@ t0=0xc2....01
+	vdup.8		$t1,$IN#hi[7]
+	vshr.u64	$Hlo,$IN#lo,#63
+	vshr.s8		$t1,#7			@ broadcast carry bit
+	vshl.i64	$IN,$IN,#1
+	vand		$t0,$t0,$t1
+	vorr		$IN#hi,$Hlo		@ H<<<=1
+	veor		$IN,$IN,$t0		@ twisted H
+	vstmia		r0,{$IN}
+
+	ret					@ bx lr
+.size	gcm_init_neon,.-gcm_init_neon
+
+.global	gcm_gmult_neon
+.type	gcm_gmult_neon,%function
+.align	4
+gcm_gmult_neon:
+	vld1.64		$IN#hi,[$Xi]!		@ load Xi
+	vld1.64		$IN#lo,[$Xi]!
+	vmov.i64	$k48,#0x0000ffffffffffff
+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
+	vmov.i64	$k32,#0x00000000ffffffff
+#ifdef __ARMEL__
+	vrev64.8	$IN,$IN
+#endif
+	vmov.i64	$k16,#0x000000000000ffff
+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
+	mov		$len,#16
+	b		.Lgmult_neon
+.size	gcm_gmult_neon,.-gcm_gmult_neon
+
+.global	gcm_ghash_neon
+.type	gcm_ghash_neon,%function
+.align	4
+gcm_ghash_neon:
+	vld1.64		$Xl#hi,[$Xi]!		@ load Xi
+	vld1.64		$Xl#lo,[$Xi]!
+	vmov.i64	$k48,#0x0000ffffffffffff
+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
+	vmov.i64	$k32,#0x00000000ffffffff
+#ifdef __ARMEL__
+	vrev64.8	$Xl,$Xl
+#endif
+	vmov.i64	$k16,#0x000000000000ffff
+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
+
+.Loop_neon:
+	vld1.64		$IN#hi,[$inp]!		@ load inp
+	vld1.64		$IN#lo,[$inp]!
+#ifdef __ARMEL__
+	vrev64.8	$IN,$IN
+#endif
+	veor		$IN,$Xl			@ inp^=Xi
+.Lgmult_neon:
+___
+	&clmul64x64	($Xl,$Hlo,"$IN#lo");	# H.lo·Xi.lo
+$code.=<<___;
+	veor		$IN#lo,$IN#lo,$IN#hi	@ Karatsuba pre-processing
+___
+	&clmul64x64	($Xm,$Hhl,"$IN#lo");	# (H.lo+H.hi)·(Xi.lo+Xi.hi)
+	&clmul64x64	($Xh,$Hhi,"$IN#hi");	# H.hi·Xi.hi
+$code.=<<___;
+	veor		$Xm,$Xm,$Xl		@ Karatsuba post-processing
+	veor		$Xm,$Xm,$Xh
+	veor		$Xl#hi,$Xl#hi,$Xm#lo
+	veor		$Xh#lo,$Xh#lo,$Xm#hi	@ Xh|Xl - 256-bit result
+
+	@ equivalent of reduction_avx from ghash-x86_64.pl
+	vshl.i64	$t1,$Xl,#57		@ 1st phase
+	vshl.i64	$t2,$Xl,#62
+	veor		$t2,$t2,$t1		@
+	vshl.i64	$t1,$Xl,#63
+	veor		$t2, $t2, $t1		@
+ 	veor		$Xl#hi,$Xl#hi,$t2#lo	@
+	veor		$Xh#lo,$Xh#lo,$t2#hi
+
+	vshr.u64	$t2,$Xl,#1		@ 2nd phase
+	veor		$Xh,$Xh,$Xl
+	veor		$Xl,$Xl,$t2		@
+	vshr.u64	$t2,$t2,#6
+	vshr.u64	$Xl,$Xl,#1		@
+	veor		$Xl,$Xl,$Xh		@
+	veor		$Xl,$Xl,$t2		@
+
+	subs		$len,#16
+	bne		.Loop_neon
+
+#ifdef __ARMEL__
+	vrev64.8	$Xl,$Xl
+#endif
+	sub		$Xi,#16	
+	vst1.64		$Xl#hi,[$Xi]!		@ write out Xi
+	vst1.64		$Xl#lo,[$Xi]
+
+	ret					@ bx lr
+.size	gcm_ghash_neon,.-gcm_ghash_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz  "GHASH for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-c64xplus.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-c64xplus.pl
new file mode 100644
index 0000000..3cadda3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-c64xplus.pl
@@ -0,0 +1,247 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# December 2011
+#
+# The module implements GCM GHASH function and underlying single
+# multiplication operation in GF(2^128). Even though subroutines
+# have _4bit suffix, they are not using any tables, but rely on
+# hardware Galois Field Multiply support. Streamed GHASH processes
+# byte in ~7 cycles, which is >6x faster than "4-bit" table-driven
+# code compiled with TI's cl6x 6.0 with -mv6400+ -o2 flags. We are
+# comparing apples vs. oranges, but compiler surely could have done
+# better, because theoretical [though not necessarily achievable]
+# estimate for "4-bit" table-driven implementation is ~12 cycles.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($Xip,$Htable,$inp,$len)=("A4","B4","A6","B6");	# arguments
+
+($Z0,$Z1,$Z2,$Z3,	$H0, $H1, $H2, $H3,
+			$H0x,$H1x,$H2x,$H3x)=map("A$_",(16..27));
+($H01u,$H01y,$H2u,$H3u,	$H0y,$H1y,$H2y,$H3y,
+			$H0z,$H1z,$H2z,$H3z)=map("B$_",(16..27));
+($FF000000,$E10000)=("B30","B31");
+($xip,$x0,$x1,$xib)=map("B$_",(6..9));	# $xip zaps $len
+ $xia="A9";
+($rem,$res)=("B4","B5");		# $rem zaps $Htable
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	gcm_gmult_1bit,_gcm_gmult_1bit
+	.asg	gcm_gmult_4bit,_gcm_gmult_4bit
+	.asg	gcm_ghash_4bit,_gcm_ghash_4bit
+	.endif
+
+	.asg	B3,RA
+
+	.if	0
+	.global	_gcm_gmult_1bit
+_gcm_gmult_1bit:
+	ADDAD	$Htable,2,$Htable
+	.endif
+	.global	_gcm_gmult_4bit
+_gcm_gmult_4bit:
+	.asmfunc
+	LDDW	*${Htable}[-1],$H1:$H0	; H.lo
+	LDDW	*${Htable}[-2],$H3:$H2	; H.hi
+||	MV	$Xip,${xip}		; reassign Xi
+||	MVK	15,B1			; SPLOOPD constant
+
+	MVK	0xE1,$E10000
+||	LDBU	*++${xip}[15],$x1	; Xi[15]
+	MVK	0xFF,$FF000000
+||	LDBU	*--${xip},$x0		; Xi[14]
+	SHL	$E10000,16,$E10000	; [pre-shifted] reduction polynomial
+	SHL	$FF000000,24,$FF000000	; upper byte mask
+||	BNOP	ghash_loop?
+||	MVK	1,B0			; take a single spin
+
+	PACKH2	$H0,$H1,$xia		; pack H0' and H1's upper bytes
+	AND	$H2,$FF000000,$H2u	; H2's upper byte
+	AND	$H3,$FF000000,$H3u	; H3's upper byte
+||	SHRU	$H2u,8,$H2u
+	SHRU	$H3u,8,$H3u
+||	ZERO	$Z1:$Z0
+	SHRU2	$xia,8,$H01u
+||	ZERO	$Z3:$Z2
+	.endasmfunc
+
+	.global	_gcm_ghash_4bit
+_gcm_ghash_4bit:
+	.asmfunc
+	LDDW	*${Htable}[-1],$H1:$H0	; H.lo
+||	SHRU	$len,4,B0		; reassign len
+	LDDW	*${Htable}[-2],$H3:$H2	; H.hi
+||	MV	$Xip,${xip}		; reassign Xi
+||	MVK	15,B1			; SPLOOPD constant
+
+	MVK	0xE1,$E10000
+|| [B0]	LDNDW	*${inp}[1],$H1x:$H0x
+	MVK	0xFF,$FF000000
+|| [B0]	LDNDW	*${inp}++[2],$H3x:$H2x
+	SHL	$E10000,16,$E10000	; [pre-shifted] reduction polynomial
+||	LDDW	*${xip}[1],$Z1:$Z0
+	SHL	$FF000000,24,$FF000000	; upper byte mask
+||	LDDW	*${xip}[0],$Z3:$Z2
+
+	PACKH2	$H0,$H1,$xia		; pack H0' and H1's upper bytes
+	AND	$H2,$FF000000,$H2u	; H2's upper byte
+	AND	$H3,$FF000000,$H3u	; H3's upper byte
+||	SHRU	$H2u,8,$H2u
+	SHRU	$H3u,8,$H3u
+	SHRU2	$xia,8,$H01u
+
+|| [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+	.if	.LITTLE_ENDIAN
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	SHRU	$Z1,24,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0]	SHRU	$Z1,16,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.else
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	MV	$Z0,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0] SHRU	$Z0,8,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.endif
+	STDW	$Z3:$Z2,*${xip}[0]
+|| [B0]	ZERO	$Z3:$Z2
+|| [B0]	MV	$xia,$x1
+   [B0]	ADDK	14,${xip}
+
+ghash_loop?:
+	SPLOOPD	6			; 6*16+7
+||	MVC	B1,ILC
+|| [B0]	SUB	B0,1,B0
+||	ZERO	A0
+||	ADD	$x1,$x1,$xib		; SHL	$x1,1,$xib
+||	SHL	$x1,1,$xia
+___
+
+########____________________________
+#  0    D2.     M1          M2      |
+#  1            M1                  |
+#  2            M1          M2      |
+#  3        D1. M1          M2      |
+#  4        S1. L1                  |
+#  5    S2  S1x L1          D2  L2  |____________________________
+#  6/0          L1  S1      L2  S2x |D2.     M1          M2      |
+#  7/1          L1  S1  D1x S2  M2  |        M1                  |
+#  8/2              S1  L1x S2      |        M1          M2      |
+#  9/3              S1  L1x         |    D1. M1          M2      |
+# 10/4                  D1x         |    S1. L1                  |
+# 11/5                              |S2  S1x L1          D2  L2  |____________
+# 12/6/0                D1x       __|        L1  S1      L2  S2x |D2.     ....
+#    7/1                                     L1  S1  D1x S2  M2  |        ....
+#    8/2                                         S1  L1x S2      |        ....
+#####...                                         ................|............
+$code.=<<___;
+	XORMPY	$H0,$xia,$H0x		; 0	; H·(Xi[i]<<1)
+||	XORMPY	$H01u,$xib,$H01y
+|| [A0]	LDBU	*--${xip},$x0
+	XORMPY	$H1,$xia,$H1x		; 1
+	XORMPY	$H2,$xia,$H2x		; 2
+||	XORMPY	$H2u,$xib,$H2y
+	XORMPY	$H3,$xia,$H3x		; 3
+||	XORMPY	$H3u,$xib,$H3y
+||[!A0]	MVK.D	15,A0				; *--${xip} counter
+	XOR.L	$H0x,$Z0,$Z0		; 4	; Z^=H·(Xi[i]<<1)
+|| [A0]	SUB.S	A0,1,A0
+	XOR.L	$H1x,$Z1,$Z1		; 5
+||	AND.D	$H01y,$FF000000,$H0z
+||	SWAP2.L	$H01y,$H1y		;	; SHL	$H01y,16,$H1y
+||	SHL	$x0,1,$xib
+||	SHL	$x0,1,$xia
+
+	XOR.L	$H2x,$Z2,$Z2		; 6/0	; [0,0] in epilogue
+||	SHL	$Z0,1,$rem		;	; rem=Z<<1
+||	SHRMB.S	$Z1,$Z0,$Z0		;	; Z>>=8
+||	AND.L	$H1y,$FF000000,$H1z
+	XOR.L	$H3x,$Z3,$Z3		; 7/1
+||	SHRMB.S	$Z2,$Z1,$Z1
+||	XOR.D	$H0z,$Z0,$Z0			; merge upper byte products
+||	AND.S	$H2y,$FF000000,$H2z
+||	XORMPY	$E10000,$rem,$res	;	; implicit rem&0x1FE
+	XOR.L	$H1z,$Z1,$Z1		; 8/2
+||	SHRMB.S	$Z3,$Z2,$Z2
+||	AND.S	$H3y,$FF000000,$H3z
+	XOR.L	$H2z,$Z2,$Z2		; 9/3
+||	SHRU	$Z3,8,$Z3
+	XOR.D	$H3z,$Z3,$Z3		; 10/4
+	NOP				; 11/5
+
+	SPKERNEL 0,2
+||	XOR.D	$res,$Z3,$Z3		; 12/6/0; Z^=res
+
+	; input pre-fetch is possible where D1 slot is available...
+   [B0]	LDNDW	*${inp}[1],$H1x:$H0x	; 8/-
+   [B0]	LDNDW	*${inp}++[2],$H3x:$H2x	; 9/-
+	NOP				; 10/-
+	.if	.LITTLE_ENDIAN
+	SWAP2	$Z0,$Z1			; 11/-
+||	SWAP4	$Z1,$Z0
+	SWAP4	$Z1,$Z1			; 12/-
+||	SWAP2	$Z0,$Z0
+	SWAP2	$Z2,$Z3
+||	SWAP4	$Z3,$Z2
+||[!B0]	BNOP	RA
+	SWAP4	$Z3,$Z3
+||	SWAP2	$Z2,$Z2
+|| [B0]	BNOP	ghash_loop?
+   [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	SHRU	$Z1,24,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0]	SHRU	$Z1,16,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.else
+  [!B0]	BNOP	RA			; 11/-
+   [B0]	BNOP	ghash_loop?		; 12/-
+   [B0]	XOR	$H0x,$Z0,$Z0		; Xi^=inp
+|| [B0]	XOR	$H1x,$Z1,$Z1
+   [B0]	XOR	$H2x,$Z2,$Z2
+|| [B0]	XOR	$H3x,$Z3,$Z3
+|| [B0]	MV	$Z0,$xia		; Xi[15], avoid cross-path stall
+	STDW	$Z1:$Z0,*${xip}[1]
+|| [B0] SHRU	$Z0,8,$x0		; Xi[14]
+|| [B0]	ZERO	$Z1:$Z0
+	.endif
+	STDW	$Z3:$Z2,*${xip}[0]
+|| [B0]	ZERO	$Z3:$Z2
+|| [B0]	MV	$xia,$x1
+   [B0]	ADDK	14,${xip}
+	.endasmfunc
+
+	.sect	.const
+	.cstring "GHASH for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-ia64.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-ia64.pl
new file mode 100755
index 0000000..81e75f7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-ia64.pl
@@ -0,0 +1,470 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Streamed
+# GHASH performance was measured to be 6.67 cycles per processed byte
+# on Itanium 2, which is >90% better than Microsoft compiler generated
+# code. To anchor to something else sha1-ia64.pl module processes one
+# byte in 5.7 cycles. On Itanium GHASH should run at ~8.5 cycles per
+# byte.
+
+# September 2010
+#
+# It was originally thought that it makes lesser sense to implement
+# "528B" variant on Itanium 2 for following reason. Because number of
+# functional units is naturally limited, it appeared impossible to
+# implement "528B" loop in 4 cycles, only in 5. This would mean that
+# theoretically performance improvement couldn't be more than 20%.
+# But occasionally you prove yourself wrong:-) I figured out a way to
+# fold couple of instructions and having freed yet another instruction
+# slot by unrolling the loop... Resulting performance is 4.45 cycles
+# per processed byte and 50% better than "256B" version. On original
+# Itanium performance should remain the same as the "256B" version,
+# i.e. ~8.5 cycles.
+
+$output=pop and (open STDOUT,">$output" or die "can't open $output: $!");
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+for (@ARGV)  {  $big_endian=1 if (/\-DB_ENDIAN/);
+                $big_endian=0 if (/\-DL_ENDIAN/);  }
+if (!defined($big_endian))
+             {  $big_endian=(unpack('L',pack('N',1))==1);  }
+
+sub loop() {
+my $label=shift;
+my ($p16,$p17)=(shift)?("p63","p63"):("p16","p17"); # mask references to inp
+
+# Loop is scheduled for 6 ticks on Itanium 2 and 8 on Itanium, i.e.
+# in scalable manner;-) Naturally assuming data in L1 cache...
+# Special note about 'dep' instruction, which is used to construct
+# &rem_4bit[Zlo&0xf]. It works, because rem_4bit is aligned at 128
+# bytes boundary and lower 7 bits of its address are guaranteed to
+# be zero.
+$code.=<<___;
+$label:
+{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
+	(p19)	dep	rem=Zlo,rem_4bitp,3,4	}
+{ .mfi;	(p19)	xor	Zhi=Zhi,Hhi
+	($p17)	xor	xi[1]=xi[1],in[1]	};;
+{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
+	(p19)	shrp	Zlo=Zhi,Zlo,4		}
+{ .mfi;	(p19)	ld8	rem=[rem]
+	(p18)	and	Hi[1]=mask0xf0,xi[2]	};;
+{ .mmi;	($p16)	ld1	in[0]=[inp],-1
+	(p18)	xor	Zlo=Zlo,Hlo
+	(p19)	shr.u	Zhi=Zhi,4		}
+{ .mib;	(p19)	xor	Hhi=Hhi,rem
+	(p18)	add	Hi[1]=Htbl,Hi[1]	};;
+
+{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
+	(p18)	dep	rem=Zlo,rem_4bitp,3,4	}
+{ .mfi;	(p17)	shladd	Hi[0]=xi[1],4,r0
+	(p18)	xor	Zhi=Zhi,Hhi		};;
+{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
+	(p18)	shrp	Zlo=Zhi,Zlo,4		}
+{ .mfi;	(p18)	ld8	rem=[rem]
+	(p17)	and	Hi[0]=mask0xf0,Hi[0]	};;
+{ .mmi;	(p16)	ld1	xi[0]=[Xi],-1
+	(p18)	xor	Zlo=Zlo,Hlo
+	(p18)	shr.u	Zhi=Zhi,4		}
+{ .mib;	(p18)	xor	Hhi=Hhi,rem
+	(p17)	add	Hi[0]=Htbl,Hi[0]
+	br.ctop.sptk	$label			};;
+___
+}
+
+$code=<<___;
+.explicit
+.text
+
+prevfs=r2;	prevlc=r3;	prevpr=r8;
+mask0xf0=r21;
+rem=r22;	rem_4bitp=r23;
+Xi=r24;		Htbl=r25;
+inp=r26;	end=r27;
+Hhi=r28;	Hlo=r29;
+Zhi=r30;	Zlo=r31;
+
+.align	128
+.skip	16					// aligns loop body
+.global	gcm_gmult_4bit#
+.proc	gcm_gmult_4bit#
+gcm_gmult_4bit:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,2,6,0,8
+	$ADDP	Xi=15,in0			// &Xi[15]
+	mov	rem_4bitp=ip		}
+{ .mii;	$ADDP	Htbl=8,in1			// &Htbl[0].lo
+	.save	ar.lc,prevlc
+	mov	prevlc=ar.lc
+	.save	pr,prevpr
+	mov	prevpr=pr		};;
+
+	.body
+	.rotr	in[3],xi[3],Hi[2]
+
+{ .mib;	ld1	xi[2]=[Xi],-1			// Xi[15]
+	mov	mask0xf0=0xf0
+	brp.loop.imp	.Loop1,.Lend1-16};;
+{ .mmi;	ld1	xi[1]=[Xi],-1			// Xi[14]
+					};;
+{ .mii;	shladd	Hi[1]=xi[2],4,r0
+	mov	pr.rot=0x7<<16
+	mov	ar.lc=13		};;
+{ .mii;	and	Hi[1]=mask0xf0,Hi[1]
+	mov	ar.ec=3
+	xor	Zlo=Zlo,Zlo		};;
+{ .mii;	add	Hi[1]=Htbl,Hi[1]		// &Htbl[nlo].lo
+	add	rem_4bitp=rem_4bit#-gcm_gmult_4bit#,rem_4bitp
+	xor	Zhi=Zhi,Zhi		};;
+___
+	&loop	(".Loop1",1);
+$code.=<<___;
+.Lend1:
+{ .mib;	xor	Zhi=Zhi,Hhi		};;	// modulo-scheduling artefact
+{ .mib;	mux1	Zlo=Zlo,\@rev		};;
+{ .mib;	mux1	Zhi=Zhi,\@rev		};;
+{ .mmi;	add	Hlo=9,Xi;;			// ;; is here to prevent
+	add	Hhi=1,Xi		};;	// pipeline flush on Itanium
+{ .mib;	st8	[Hlo]=Zlo
+	mov	pr=prevpr,0x1ffff	};;
+{ .mib;	st8	[Hhi]=Zhi
+	mov	ar.lc=prevlc
+	br.ret.sptk.many	b0	};;
+.endp	gcm_gmult_4bit#
+___
+
+######################################################################
+# "528B" (well, "512B" actualy) streamed GHASH
+#
+$Xip="in0";
+$Htbl="in1";
+$inp="in2";
+$len="in3";
+$rem_8bit="loc0";
+$mask0xff="loc1";
+($sum,$rum) = $big_endian ? ("nop.m","nop.m") : ("sum","rum");
+
+sub load_htable() {
+    for (my $i=0;$i<8;$i++) {
+	$code.=<<___;
+{ .mmi;	ld8	r`16+2*$i+1`=[r8],16		// Htable[$i].hi
+	ld8	r`16+2*$i`=[r9],16	}	// Htable[$i].lo
+{ .mmi;	ldf8	f`32+2*$i+1`=[r10],16		// Htable[`8+$i`].hi
+	ldf8	f`32+2*$i`=[r11],16		// Htable[`8+$i`].lo
+___
+	$code.=shift	if (($i+$#_)==7);
+	$code.="\t};;\n"
+    }
+}
+
+$code.=<<___;
+prevsp=r3;
+
+.align	32
+.skip	16					// aligns loop body
+.global	gcm_ghash_4bit#
+.proc	gcm_ghash_4bit#
+gcm_ghash_4bit:
+	.prologue
+{ .mmi;	.save	ar.pfs,prevfs
+	alloc	prevfs=ar.pfs,4,2,0,0
+	.vframe	prevsp
+	mov	prevsp=sp
+	mov	$rem_8bit=ip		};;
+	.body
+{ .mfi;	$ADDP	r8=0+0,$Htbl
+	$ADDP	r9=0+8,$Htbl		}
+{ .mfi;	$ADDP	r10=128+0,$Htbl
+	$ADDP	r11=128+8,$Htbl		};;
+___
+	&load_htable(
+	"	$ADDP	$Xip=15,$Xip",		# &Xi[15]
+	"	$ADDP	$len=$len,$inp",	# &inp[len]
+	"	$ADDP	$inp=15,$inp",		# &inp[15]
+	"	mov	$mask0xff=0xff",
+	"	add	sp=-512,sp",
+	"	andcm	sp=sp,$mask0xff",	# align stack frame
+	"	add	r14=0,sp",
+	"	add	r15=8,sp");
+$code.=<<___;
+{ .mmi;	$sum	1<<1				// go big-endian
+	add	r8=256+0,sp
+	add	r9=256+8,sp		}
+{ .mmi;	add	r10=256+128+0,sp
+	add	r11=256+128+8,sp
+	add	$len=-17,$len		};;
+___
+for($i=0;$i<8;$i++) {	# generate first half of Hshr4[]
+my ($rlo,$rhi)=("r".eval(16+2*$i),"r".eval(16+2*$i+1));
+$code.=<<___;
+{ .mmi;	st8	[r8]=$rlo,16			// Htable[$i].lo
+	st8	[r9]=$rhi,16			// Htable[$i].hi
+	shrp	$rlo=$rhi,$rlo,4	}//;;
+{ .mmi;	stf8	[r10]=f`32+2*$i`,16		// Htable[`8+$i`].lo
+	stf8	[r11]=f`32+2*$i+1`,16		// Htable[`8+$i`].hi
+	shr.u	$rhi=$rhi,4		};;
+{ .mmi;	st8	[r14]=$rlo,16			// Htable[$i].lo>>4
+	st8	[r15]=$rhi,16		}//;;	// Htable[$i].hi>>4
+___
+}
+$code.=<<___;
+{ .mmi;	ld8	r16=[r8],16			// Htable[8].lo
+	ld8	r17=[r9],16		};;	// Htable[8].hi
+{ .mmi;	ld8	r18=[r8],16			// Htable[9].lo
+	ld8	r19=[r9],16		}	// Htable[9].hi
+{ .mmi;	rum	1<<5				// clear um.mfh
+	shrp	r16=r17,r16,4		};;
+___
+for($i=0;$i<6;$i++) {	# generate second half of Hshr4[]
+$code.=<<___;
+{ .mmi;	ld8	r`20+2*$i`=[r8],16		// Htable[`10+$i`].lo
+	ld8	r`20+2*$i+1`=[r9],16		// Htable[`10+$i`].hi
+	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
+	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
+___
+}
+$code.=<<___;
+{ .mmi;	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
+	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
+{ .mmi;	add	$Htbl=256,sp			// &Htable[0]
+	add	$rem_8bit=rem_8bit#-gcm_ghash_4bit#,$rem_8bit
+	shr.u	r`18+2*$i+1`=r`18+2*$i+1`,4	};;
+{ .mmi;	st8	[r14]=r`18+2*$i`		// Htable[`8+$i`].lo>>4
+	st8	[r15]=r`18+2*$i+1`	}	// Htable[`8+$i`].hi>>4
+___
+
+$in="r15";
+@xi=("r16","r17");
+@rem=("r18","r19");
+($Alo,$Ahi,$Blo,$Bhi,$Zlo,$Zhi)=("r20","r21","r22","r23","r24","r25");
+($Atbl,$Btbl)=("r26","r27");
+
+$code.=<<___;	# (p16)
+{ .mmi;	ld1	$in=[$inp],-1			//(p16) *inp--
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	cmp.eq	p0,p6=r0,r0		};;	//	clear p6
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p16),(p17)
+{ .mmi;	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mii;	ld1	$in=[$inp],-1			//(p16) *inp--
+	dep	$Atbl=$xi[1],$Htbl,4,4		//(p17) &Htable[nlo].lo
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+.align	32
+.LOOP:
+{ .mmi;
+(p6)	st8	[$Xip]=$Zhi,13
+	xor	$Zlo=$Zlo,$Zlo
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi].lo
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p16),(p17),(p18)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
+{ .mfi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo		};;	//(p18) Z.lo^=Htable[nlo].lo
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	ld1	$in=[$inp],-1		}	//(p16) *inp--
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	mov	$Zhi=$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+for ($i=1;$i<14;$i++) {
+# Above and below fragments are derived from this one by removing
+# unsuitable (p??) instructions.
+$code.=<<___;	# (p16),(p17),(p18),(p19)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
+{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	ld1	$in=[$inp],-1			//(p16) *inp--
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+}
+
+$code.=<<___;	# (p17),(p18),(p19)
+{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
+{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	dep	$Atbl=$xi[1],$Htbl,4,4	};;	//(p17) &Htable[nlo].lo
+{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
+	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
+	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
+	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
+{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
+	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
+{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p18),(p19)
+{ .mfi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
+	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
+{ .mfi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo		};;	//(p19) Z.lo^=Hshr4[nhi].lo
+{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
+	xor	$Zlo=$Zlo,$Alo		}	//(p18) Z.lo^=Htable[nlo].lo
+{ .mfi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
+{ .mfi;	ld8	$Blo=[$Btbl],8			//(p18) Htable[nhi].lo,&Htable[nhi].hi
+	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
+{ .mfi;	shladd	$rem[0]=$Zlo,4,r0		//(p18) Z.lo<<4
+	xor	$Zhi=$Zhi,$Ahi		};;	//(p18) Z.hi^=Htable[nlo].hi
+{ .mfi;	ld8	$Bhi=[$Btbl]			//(p18) Htable[nhi].hi
+	shrp	$Zlo=$Zhi,$Zlo,4	}	//(p18) Z.lo=(Z.hi<<60)|(Z.lo>>4)
+{ .mfi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
+	xor	$Zhi=$Zhi,$rem[1]	};;	//(p19) Z.hi^=rem_8bit[rem]<<48
+___
+push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
+
+$code.=<<___;	# (p19)
+{ .mmi;	cmp.ltu	p6,p0=$inp,$len
+	add	$inp=32,$inp
+	shr.u	$Zhi=$Zhi,4		}	//(p19) Z.hi>>=4
+{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
+	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
+	add	$Xip=9,$Xip		};;	//	&Xi.lo
+{ .mmi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
+(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
+(p6)	extr.u	$xi[1]=$Zlo,8,8		}	//[p17] Xi[14]
+{ .mmi;	xor	$Zhi=$Zhi,$Bhi			//(p19) Z.hi^=Hshr4[nhi].hi
+(p6)	and	$xi[0]=$Zlo,$mask0xff	};;	//[p16] Xi[15]
+{ .mmi;	st8	[$Xip]=$Zlo,-8
+(p6)	xor	$xi[0]=$xi[0],$in		//[p17] xi=$xi[i]^inp[i]
+	shl	$rem[1]=$rem[1],48	};;	//(p19) rem_8bit[rem]<<48
+{ .mmi;
+(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
+	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
+(p6)	dep	$Atbl=$xi[0],$Htbl,4,4	}	//[p17] &Htable[nlo].lo
+{ .mib;
+(p6)	and	$xi[0]=-16,$xi[0]		//[p17] nhi=xi&0xf0
+(p6)	br.cond.dptk.many	.LOOP	};;
+
+{ .mib;	st8	[$Xip]=$Zhi		};;
+{ .mib;	$rum	1<<1				// return to little-endian
+	.restore	sp
+	mov	sp=prevsp
+	br.ret.sptk.many	b0	};;
+.endp	gcm_ghash_4bit#
+___
+$code.=<<___;
+.align	128
+.type	rem_4bit#,\@object
+rem_4bit:
+        data8	0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
+        data8	0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
+        data8	0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
+        data8	0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
+.size	rem_4bit#,128
+.type	rem_8bit#,\@object
+rem_8bit:
+	data1	0x00,0x00, 0x01,0xC2, 0x03,0x84, 0x02,0x46, 0x07,0x08, 0x06,0xCA, 0x04,0x8C, 0x05,0x4E
+	data1	0x0E,0x10, 0x0F,0xD2, 0x0D,0x94, 0x0C,0x56, 0x09,0x18, 0x08,0xDA, 0x0A,0x9C, 0x0B,0x5E
+	data1	0x1C,0x20, 0x1D,0xE2, 0x1F,0xA4, 0x1E,0x66, 0x1B,0x28, 0x1A,0xEA, 0x18,0xAC, 0x19,0x6E
+	data1	0x12,0x30, 0x13,0xF2, 0x11,0xB4, 0x10,0x76, 0x15,0x38, 0x14,0xFA, 0x16,0xBC, 0x17,0x7E
+	data1	0x38,0x40, 0x39,0x82, 0x3B,0xC4, 0x3A,0x06, 0x3F,0x48, 0x3E,0x8A, 0x3C,0xCC, 0x3D,0x0E
+	data1	0x36,0x50, 0x37,0x92, 0x35,0xD4, 0x34,0x16, 0x31,0x58, 0x30,0x9A, 0x32,0xDC, 0x33,0x1E
+	data1	0x24,0x60, 0x25,0xA2, 0x27,0xE4, 0x26,0x26, 0x23,0x68, 0x22,0xAA, 0x20,0xEC, 0x21,0x2E
+	data1	0x2A,0x70, 0x2B,0xB2, 0x29,0xF4, 0x28,0x36, 0x2D,0x78, 0x2C,0xBA, 0x2E,0xFC, 0x2F,0x3E
+	data1	0x70,0x80, 0x71,0x42, 0x73,0x04, 0x72,0xC6, 0x77,0x88, 0x76,0x4A, 0x74,0x0C, 0x75,0xCE
+	data1	0x7E,0x90, 0x7F,0x52, 0x7D,0x14, 0x7C,0xD6, 0x79,0x98, 0x78,0x5A, 0x7A,0x1C, 0x7B,0xDE
+	data1	0x6C,0xA0, 0x6D,0x62, 0x6F,0x24, 0x6E,0xE6, 0x6B,0xA8, 0x6A,0x6A, 0x68,0x2C, 0x69,0xEE
+	data1	0x62,0xB0, 0x63,0x72, 0x61,0x34, 0x60,0xF6, 0x65,0xB8, 0x64,0x7A, 0x66,0x3C, 0x67,0xFE
+	data1	0x48,0xC0, 0x49,0x02, 0x4B,0x44, 0x4A,0x86, 0x4F,0xC8, 0x4E,0x0A, 0x4C,0x4C, 0x4D,0x8E
+	data1	0x46,0xD0, 0x47,0x12, 0x45,0x54, 0x44,0x96, 0x41,0xD8, 0x40,0x1A, 0x42,0x5C, 0x43,0x9E
+	data1	0x54,0xE0, 0x55,0x22, 0x57,0x64, 0x56,0xA6, 0x53,0xE8, 0x52,0x2A, 0x50,0x6C, 0x51,0xAE
+	data1	0x5A,0xF0, 0x5B,0x32, 0x59,0x74, 0x58,0xB6, 0x5D,0xF8, 0x5C,0x3A, 0x5E,0x7C, 0x5F,0xBE
+	data1	0xE1,0x00, 0xE0,0xC2, 0xE2,0x84, 0xE3,0x46, 0xE6,0x08, 0xE7,0xCA, 0xE5,0x8C, 0xE4,0x4E
+	data1	0xEF,0x10, 0xEE,0xD2, 0xEC,0x94, 0xED,0x56, 0xE8,0x18, 0xE9,0xDA, 0xEB,0x9C, 0xEA,0x5E
+	data1	0xFD,0x20, 0xFC,0xE2, 0xFE,0xA4, 0xFF,0x66, 0xFA,0x28, 0xFB,0xEA, 0xF9,0xAC, 0xF8,0x6E
+	data1	0xF3,0x30, 0xF2,0xF2, 0xF0,0xB4, 0xF1,0x76, 0xF4,0x38, 0xF5,0xFA, 0xF7,0xBC, 0xF6,0x7E
+	data1	0xD9,0x40, 0xD8,0x82, 0xDA,0xC4, 0xDB,0x06, 0xDE,0x48, 0xDF,0x8A, 0xDD,0xCC, 0xDC,0x0E
+	data1	0xD7,0x50, 0xD6,0x92, 0xD4,0xD4, 0xD5,0x16, 0xD0,0x58, 0xD1,0x9A, 0xD3,0xDC, 0xD2,0x1E
+	data1	0xC5,0x60, 0xC4,0xA2, 0xC6,0xE4, 0xC7,0x26, 0xC2,0x68, 0xC3,0xAA, 0xC1,0xEC, 0xC0,0x2E
+	data1	0xCB,0x70, 0xCA,0xB2, 0xC8,0xF4, 0xC9,0x36, 0xCC,0x78, 0xCD,0xBA, 0xCF,0xFC, 0xCE,0x3E
+	data1	0x91,0x80, 0x90,0x42, 0x92,0x04, 0x93,0xC6, 0x96,0x88, 0x97,0x4A, 0x95,0x0C, 0x94,0xCE
+	data1	0x9F,0x90, 0x9E,0x52, 0x9C,0x14, 0x9D,0xD6, 0x98,0x98, 0x99,0x5A, 0x9B,0x1C, 0x9A,0xDE
+	data1	0x8D,0xA0, 0x8C,0x62, 0x8E,0x24, 0x8F,0xE6, 0x8A,0xA8, 0x8B,0x6A, 0x89,0x2C, 0x88,0xEE
+	data1	0x83,0xB0, 0x82,0x72, 0x80,0x34, 0x81,0xF6, 0x84,0xB8, 0x85,0x7A, 0x87,0x3C, 0x86,0xFE
+	data1	0xA9,0xC0, 0xA8,0x02, 0xAA,0x44, 0xAB,0x86, 0xAE,0xC8, 0xAF,0x0A, 0xAD,0x4C, 0xAC,0x8E
+	data1	0xA7,0xD0, 0xA6,0x12, 0xA4,0x54, 0xA5,0x96, 0xA0,0xD8, 0xA1,0x1A, 0xA3,0x5C, 0xA2,0x9E
+	data1	0xB5,0xE0, 0xB4,0x22, 0xB6,0x64, 0xB7,0xA6, 0xB2,0xE8, 0xB3,0x2A, 0xB1,0x6C, 0xB0,0xAE
+	data1	0xBB,0xF0, 0xBA,0x32, 0xB8,0x74, 0xB9,0xB6, 0xBC,0xF8, 0xBD,0x3A, 0xBF,0x7C, 0xBE,0xBE
+.size	rem_8bit#,512
+stringz	"GHASH for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm      if ($big_endian);
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-parisc.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-parisc.pl
new file mode 100644
index 0000000..1d62545
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-parisc.pl
@@ -0,0 +1,738 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# April 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. On PA-7100LC
+# it processes one byte in 19.6 cycles, which is more than twice as
+# fast as code generated by gcc 3.2. PA-RISC 2.0 loop is scheduled for
+# 8 cycles, but measured performance on PA-8600 system is ~9 cycles per
+# processed byte. This is ~2.2x faster than 64-bit code generated by
+# vendor compiler (which used to be very hard to beat:-).
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+	$NREGS		=6;
+} else {
+	$LEVEL		="1.0";	#"\n\t.ALLOW\t2.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+	$NREGS		=11;
+}
+
+$FRAME=10*$SIZE_T+$FRAME_MARKER;# NREGS saved regs + frame marker
+				#                 [+ argument transfer]
+
+################# volatile registers
+$Xi="%r26";	# argument block
+$Htbl="%r25";
+$inp="%r24";
+$len="%r23";
+$Hhh=$Htbl;	# variables
+$Hll="%r22";
+$Zhh="%r21";
+$Zll="%r20";
+$cnt="%r19";
+$rem_4bit="%r28";
+$rem="%r29";
+$mask0xf0="%r31";
+
+################# preserved registers
+$Thh="%r1";
+$Tll="%r2";
+$nlo="%r3";
+$nhi="%r4";
+$byte="%r5";
+if ($SIZE_T==4) {
+	$Zhl="%r6";
+	$Zlh="%r7";
+	$Hhl="%r8";
+	$Hlh="%r9";
+	$Thl="%r10";
+	$Tlh="%r11";
+}
+$rem2="%r6";	# used in PA-RISC 2.0 code
+
+$code.=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	gcm_gmult_4bit,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	64
+gcm_gmult_4bit
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=$NREGS
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+___
+$code.=<<___;
+	blr	%r0,$rem_4bit
+	ldi	3,$rem
+L\$pic_gmult
+	andcm	$rem_4bit,$rem,$rem_4bit
+	addl	$inp,$len,$len
+	ldo	L\$rem_4bit-L\$pic_gmult($rem_4bit),$rem_4bit
+	ldi	0xf0,$mask0xf0
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldi	31,$rem
+	mtctl	$rem,%cr11
+	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
+	b	L\$parisc1_gmult
+	nop
+___
+
+$code.=<<___;
+	ldb	15($Xi),$nlo
+	ldo	8($Htbl),$Hll
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	ldd	$nlo($Hll),$Zll
+	ldd	$nlo($Hhh),$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldb	14($Xi),$nlo
+
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+	b	L\$oop_gmult_pa2
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_gmult_pa2
+	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+	ldbx	$cnt($Xi),$nlo
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$Tll,$Zll,$Zll
+	addib,uv -1,$cnt,L\$oop_gmult_pa2
+	xor	$Thh,$Zhh,$Zhh
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	std	$Zll,8($Xi)
+	std	$Zhh,0($Xi)
+___
+
+$code.=<<___ if ($SIZE_T==4);
+	b	L\$done_gmult
+	nop
+
+L\$parisc1_gmult
+	ldb	15($Xi),$nlo
+	ldo	12($Htbl),$Hll
+	ldo	8($Htbl),$Hlh
+	ldo	4($Htbl),$Hhl
+
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	ldwx	$nlo($Hll),$Zll
+	ldwx	$nlo($Hlh),$Zlh
+	ldwx	$nlo($Hhl),$Zhl
+	ldwx	$nlo($Hhh),$Zhh
+	zdep	$Zll,28,4,$rem
+	ldb	14($Xi),$nlo
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	extru	$Zhh,27,28,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	xor	$rem,$Zhh,$Zhh
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$Thl,$Zhl,$Zhl
+	b	L\$oop_gmult_pa1
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_gmult_pa1
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldbx	$cnt($Xi),$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$rem,$Zhh,$Zhh
+	zdep	$Zll,28,4,$rem
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	and	$mask0xf0,$nlo,$nhi
+	extru	$Zhh,27,28,$Zhh
+	zdep	$nlo,27,4,$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$rem,$Zhh,$Zhh
+	addib,uv -1,$cnt,L\$oop_gmult_pa1
+	xor	$Thl,$Zhl,$Zhl
+
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$rem,$Zhh,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	zdep	$Zll,28,4,$rem
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	extru	$Zhh,27,28,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Tlh,$Zlh,$Zlh
+	xor	$rem,$Zhh,$Zhh
+	stw	$Zll,12($Xi)
+	xor	$Thl,$Zhl,$Zhl
+	stw	$Zlh,8($Xi)
+	xor	$Thh,$Zhh,$Zhh
+	stw	$Zhl,4($Xi)
+	stw	$Zhh,0($Xi)
+___
+$code.=<<___;
+L\$done_gmult
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+___
+$code.=<<___ if ($SIZE_T==4);
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+___
+$code.=<<___;
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.EXPORT	gcm_ghash_4bit,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+	.ALIGN	64
+gcm_ghash_4bit
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=11
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+___
+$code.=<<___ if ($SIZE_T==4);
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+___
+$code.=<<___;
+	blr	%r0,$rem_4bit
+	ldi	3,$rem
+L\$pic_ghash
+	andcm	$rem_4bit,$rem,$rem_4bit
+	addl	$inp,$len,$len
+	ldo	L\$rem_4bit-L\$pic_ghash($rem_4bit),$rem_4bit
+	ldi	0xf0,$mask0xf0
+___
+$code.=<<___ if ($SIZE_T==4);
+	ldi	31,$rem
+	mtctl	$rem,%cr11
+	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
+	b	L\$parisc1_ghash
+	nop
+___
+
+$code.=<<___;
+	ldb	15($Xi),$nlo
+	ldo	8($Htbl),$Hll
+
+L\$outer_ghash_pa2
+	ldb	15($inp),$nhi
+	xor	$nhi,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	ldd	$nlo($Hll),$Zll
+	ldd	$nlo($Hhh),$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldb	14($Xi),$nlo
+	ldb	14($inp),$byte
+
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+	xor	$byte,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+	b	L\$oop_ghash_pa2
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_ghash_pa2
+	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
+	depd,z	$Zll,60,4,$rem2
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldbx	$cnt($Xi),$nlo
+	ldbx	$cnt($inp),$byte
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	ldd	$rem2($rem_4bit),$rem2
+
+	xor	$rem2,$Zhh,$Zhh
+	xor	$byte,$nlo,$nlo
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	and	$mask0xf0,$nlo,$nhi
+	depd,z	$nlo,59,4,$nlo
+
+	extrd,u	$Zhh,59,60,$Zhh
+	xor	$Tll,$Zll,$Zll
+
+	ldd	$rem($rem_4bit),$rem
+	addib,uv -1,$cnt,L\$oop_ghash_pa2
+	xor	$Thh,$Zhh,$Zhh
+
+	xor	$rem,$Zhh,$Zhh
+	depd,z	$Zll,60,4,$rem2
+
+	shrpd	$Zhh,$Zll,4,$Zll
+	extrd,u	$Zhh,59,60,$Zhh
+	ldd	$nlo($Hll),$Tll
+	ldd	$nlo($Hhh),$Thh
+
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+
+	depd,z	$Zll,60,4,$rem
+	shrpd	$Zhh,$Zll,4,$Zll
+	ldd	$rem2($rem_4bit),$rem2
+
+	xor	$rem2,$Zhh,$Zhh
+	ldd	$nhi($Hll),$Tll
+	ldd	$nhi($Hhh),$Thh
+
+	extrd,u	$Zhh,59,60,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Thh,$Zhh,$Zhh
+	ldd	$rem($rem_4bit),$rem
+
+	xor	$rem,$Zhh,$Zhh
+	std	$Zll,8($Xi)
+	ldo	16($inp),$inp
+	std	$Zhh,0($Xi)
+	cmpb,*<> $inp,$len,L\$outer_ghash_pa2
+	copy	$Zll,$nlo
+___
+
+$code.=<<___ if ($SIZE_T==4);
+	b	L\$done_ghash
+	nop
+
+L\$parisc1_ghash
+	ldb	15($Xi),$nlo
+	ldo	12($Htbl),$Hll
+	ldo	8($Htbl),$Hlh
+	ldo	4($Htbl),$Hhl
+
+L\$outer_ghash_pa1
+	ldb	15($inp),$byte
+	xor	$byte,$nlo,$nlo
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	ldwx	$nlo($Hll),$Zll
+	ldwx	$nlo($Hlh),$Zlh
+	ldwx	$nlo($Hhl),$Zhl
+	ldwx	$nlo($Hhh),$Zhh
+	zdep	$Zll,28,4,$rem
+	ldb	14($Xi),$nlo
+	ldb	14($inp),$byte
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	extru	$Zhh,27,28,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	xor	$byte,$nlo,$nlo
+	xor	$rem,$Zhh,$Zhh
+	and	$mask0xf0,$nlo,$nhi
+	zdep	$nlo,27,4,$nlo
+
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$Thl,$Zhl,$Zhl
+	b	L\$oop_ghash_pa1
+	ldi	13,$cnt
+
+	.ALIGN	8
+L\$oop_ghash_pa1
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	ldbx	$cnt($Xi),$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	ldbx	$cnt($inp),$byte
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$rem,$Zhh,$Zhh
+	zdep	$Zll,28,4,$rem
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$byte,$nlo,$nlo
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	and	$mask0xf0,$nlo,$nhi
+	extru	$Zhh,27,28,$Zhh
+	zdep	$nlo,27,4,$nlo
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nlo($Hll),$Tll
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nlo($Hlh),$Tlh
+	xor	$rem,$Zhh,$Zhh
+	addib,uv -1,$cnt,L\$oop_ghash_pa1
+	xor	$Thl,$Zhl,$Zhl
+
+	zdep	$Zll,28,4,$rem
+	ldwx	$nlo($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	ldwx	$nlo($Hhh),$Thh
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	xor	$Tll,$Zll,$Zll
+	ldwx	$nhi($Hll),$Tll
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	xor	$Tlh,$Zlh,$Zlh
+	ldwx	$nhi($Hlh),$Tlh
+	extru	$Zhh,27,28,$Zhh
+	xor	$rem,$Zhh,$Zhh
+	xor	$Thl,$Zhl,$Zhl
+	ldwx	$nhi($Hhl),$Thl
+	xor	$Thh,$Zhh,$Zhh
+	ldwx	$nhi($Hhh),$Thh
+	zdep	$Zll,28,4,$rem
+	ldwx	$rem($rem_4bit),$rem
+	shrpw	$Zlh,$Zll,4,$Zll
+	shrpw	$Zhl,$Zlh,4,$Zlh
+	shrpw	$Zhh,$Zhl,4,$Zhl
+	extru	$Zhh,27,28,$Zhh
+	xor	$Tll,$Zll,$Zll
+	xor	$Tlh,$Zlh,$Zlh
+	xor	$rem,$Zhh,$Zhh
+	stw	$Zll,12($Xi)
+	xor	$Thl,$Zhl,$Zhl
+	stw	$Zlh,8($Xi)
+	xor	$Thh,$Zhh,$Zhh
+	stw	$Zhl,4($Xi)
+	ldo	16($inp),$inp
+	stw	$Zhh,0($Xi)
+	comb,<>	$inp,$len,L\$outer_ghash_pa1
+	copy	$Zll,$nlo
+___
+$code.=<<___;
+L\$done_ghash
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+___
+$code.=<<___ if ($SIZE_T==4);
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+___
+$code.=<<___;
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+
+	.ALIGN	64
+L\$rem_4bit
+	.WORD	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
+	.WORD	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
+	.WORD	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
+	.WORD	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
+	.STRINGZ "GHASH for PA-RISC, GRYPTOGAMS by <appro\@openssl.org>"
+	.ALIGN	64
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
+    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
+    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
+	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
+	$opcode|=(1<<5)  if ($mod =~ /^,m/);
+	$opcode|=(1<<13) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
+    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
+    {	sprintf "\t.WORD\t0x%08x\t; %s",
+		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $depd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "depd$mod\t$args";
+
+    # I only have ",z" completer, it's impicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 16
+    {	my $opcode=(0x3c<<26)|($4<<21)|($1<<16);
+    	my $cpos=63-$2;
+	my $len=32-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+	if ($SIZE_T==4) {
+		s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e;
+		s/cmpb,\*/comb,/;
+		s/,\*/,/;
+	}
+	s/\bbv\b/bve/	if ($SIZE_T==8);
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-s390x.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-s390x.pl
new file mode 100644
index 0000000..6e628d8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-s390x.pl
@@ -0,0 +1,258 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2010.
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Performance
+# was measured to be ~18 cycles per processed byte on z10, which is
+# almost 40% better than gcc-generated code. It should be noted that
+# 18 cycles is worse result than expected: loop is scheduled for 12
+# and the result should be close to 12. In the lack of instruction-
+# level profiling data it's impossible to tell why...
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 2.8x better than 32-bit code generated by gcc 4.3.
+
+# March 2011.
+#
+# Support for hardware KIMD-GHASH is verified to produce correct
+# result and therefore is engaged. On z196 it was measured to process
+# 8KB buffer ~7 faster than software implementation. It's not as
+# impressive for smaller buffer sizes and for smallest 16-bytes buffer
+# it's actually almost 2 times slower. Which is the reason why
+# KIMD-GHASH is not used in gcm_gmult_4bit.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$softonly=0;
+
+$Zhi="%r0";
+$Zlo="%r1";
+
+$Xi="%r2";	# argument block
+$Htbl="%r3";
+$inp="%r4";
+$len="%r5";
+
+$rem0="%r6";	# variables
+$rem1="%r7";
+$nlo="%r8";
+$nhi="%r9";
+$xi="%r10";
+$cnt="%r11";
+$tmp="%r12";
+$x78="%r13";
+$rem_4bit="%r14";
+
+$sp="%r15";
+
+$code.=<<___;
+.text
+
+.globl	gcm_gmult_4bit
+.align	32
+gcm_gmult_4bit:
+___
+$code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
+	larl	%r1,OPENSSL_s390xcap_P
+	lghi	%r0,0
+	lg	%r1,24(%r1)	# load second word of kimd capabilities vector
+	tmhh	%r1,0x4000	# check for function 65
+	jz	.Lsoft_gmult
+	stg	%r0,16($sp)	# arrange 16 bytes of zero input
+	stg	%r0,24($sp)
+	lghi	%r0,65		# function 65
+	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
+	la	$inp,16($sp)
+	lghi	$len,16
+	.long	0xb93e0004	# kimd %r0,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	32
+.Lsoft_gmult:
+___
+$code.=<<___;
+	stm${g}	%r6,%r14,6*$SIZE_T($sp)
+
+	aghi	$Xi,-1
+	lghi	$len,1
+	lghi	$x78,`0xf<<3`
+	larl	$rem_4bit,rem_4bit
+
+	lg	$Zlo,8+1($Xi)		# Xi
+	j	.Lgmult_shortcut
+.type	gcm_gmult_4bit,\@function
+.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
+
+.globl	gcm_ghash_4bit
+.align	32
+gcm_ghash_4bit:
+___
+$code.=<<___ if(!$softonly);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,24(%r1)	# load second word of kimd capabilities vector
+	tmhh	%r0,0x4000	# check for function 65
+	jz	.Lsoft_ghash
+	lghi	%r0,65		# function 65
+	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
+	.long	0xb93e0004	# kimd %r0,$inp
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	32
+.Lsoft_ghash:
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	stm${g}	%r6,%r14,6*$SIZE_T($sp)
+
+	aghi	$Xi,-1
+	srlg	$len,$len,4
+	lghi	$x78,`0xf<<3`
+	larl	$rem_4bit,rem_4bit
+
+	lg	$Zlo,8+1($Xi)		# Xi
+	lg	$Zhi,0+1($Xi)
+	lghi	$tmp,0
+.Louter:
+	xg	$Zhi,0($inp)		# Xi ^= inp 
+	xg	$Zlo,8($inp)
+	xgr	$Zhi,$tmp
+	stg	$Zlo,8+1($Xi)
+	stg	$Zhi,0+1($Xi)
+
+.Lgmult_shortcut:
+	lghi	$tmp,0xf0
+	sllg	$nlo,$Zlo,4
+	srlg	$xi,$Zlo,8		# extract second byte
+	ngr	$nlo,$tmp
+	lgr	$nhi,$Zlo
+	lghi	$cnt,14
+	ngr	$nhi,$tmp
+
+	lg	$Zlo,8($nlo,$Htbl)
+	lg	$Zhi,0($nlo,$Htbl)
+
+	sllg	$nlo,$xi,4
+	sllg	$rem0,$Zlo,3
+	ngr	$nlo,$tmp
+	ngr	$rem0,$x78
+	ngr	$xi,$tmp
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	lgr	$nhi,$xi
+	sllg	$rem1,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem1,$x78
+	sllg	$tmp,$Zhi,60
+	j	.Lghash_inner
+.align	16
+.Lghash_inner:
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nlo,$Htbl)
+	llgc	$xi,0($cnt,$Xi)
+	xg	$Zhi,0($nlo,$Htbl)
+	sllg	$nlo,$xi,4
+	xg	$Zhi,0($rem0,$rem_4bit)
+	nill	$nlo,0xf0
+	sllg	$rem0,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem0,$x78
+	nill	$xi,0xf0
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	lgr	$nhi,$xi
+	xg	$Zhi,0($rem1,$rem_4bit)
+	sllg	$rem1,$Zlo,3
+	xgr	$Zlo,$tmp
+	ngr	$rem1,$x78
+	sllg	$tmp,$Zhi,60
+	brct	$cnt,.Lghash_inner
+
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nlo,$Htbl)
+	xg	$Zhi,0($nlo,$Htbl)
+	sllg	$xi,$Zlo,3
+	xg	$Zhi,0($rem0,$rem_4bit)
+	xgr	$Zlo,$tmp
+	ngr	$xi,$x78
+
+	sllg	$tmp,$Zhi,60
+	srlg	$Zlo,$Zlo,4
+	srlg	$Zhi,$Zhi,4
+	xg	$Zlo,8($nhi,$Htbl)
+	xg	$Zhi,0($nhi,$Htbl)
+	xgr	$Zlo,$tmp
+	xg	$Zhi,0($rem1,$rem_4bit)
+
+	lg	$tmp,0($xi,$rem_4bit)
+	la	$inp,16($inp)
+	sllg	$tmp,$tmp,4		# correct last rem_4bit[rem]
+	brctg	$len,.Louter
+
+	xgr	$Zhi,$tmp
+	stg	$Zlo,8+1($Xi)
+	stg	$Zhi,0+1($Xi)
+	lm${g}	%r6,%r14,6*$SIZE_T($sp)
+	br	%r14
+.type	gcm_ghash_4bit,\@function
+.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
+
+.align	64
+rem_4bit:
+	.long	`0x0000<<12`,0,`0x1C20<<12`,0,`0x3840<<12`,0,`0x2460<<12`,0
+	.long	`0x7080<<12`,0,`0x6CA0<<12`,0,`0x48C0<<12`,0,`0x54E0<<12`,0
+	.long	`0xE100<<12`,0,`0xFD20<<12`,0,`0xD940<<12`,0,`0xC560<<12`,0
+	.long	`0x9180<<12`,0,`0x8DA0<<12`,0,`0xA9C0<<12`,0,`0xB5E0<<12`,0
+.type	rem_4bit,\@object
+.size	rem_4bit,(.-rem_4bit)
+.string	"GHASH for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-sparcv9.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-sparcv9.pl
new file mode 100644
index 0000000..c4eb3b1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-sparcv9.pl
@@ -0,0 +1,581 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# March 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+128 bytes shared table]. Performance
+# results are for streamed GHASH subroutine on UltraSPARC pre-Tx CPU
+# and are expressed in cycles per processed byte, less is better:
+#
+#		gcc 3.3.x	cc 5.2		this assembler
+#
+# 32-bit build	81.4		43.3		12.6	(+546%/+244%)
+# 64-bit build	20.2		21.2		12.6	(+60%/+68%)
+#
+# Here is data collected on UltraSPARC T1 system running Linux:
+#
+#		gcc 4.4.1			this assembler
+#
+# 32-bit build	566				50	(+1000%)
+# 64-bit build	56				50	(+12%)
+#
+# I don't quite understand why difference between 32-bit and 64-bit
+# compiler-generated code is so big. Compilers *were* instructed to
+# generate code for UltraSPARC and should have used 64-bit registers
+# for Z vector (see C code) even in 32-bit build... Oh well, it only
+# means more impressive improvement coefficients for this assembler
+# module;-) Loops are aggressively modulo-scheduled in respect to
+# references to input data and Z.hi updates to achieve 12 cycles
+# timing. To anchor to something else, sha1-sparcv9.pl spends 11.6
+# cycles to process one byte on UltraSPARC pre-Tx CPU and ~24 on T1.
+#
+# October 2012
+#
+# Add VIS3 lookup-table-free implementation using polynomial
+# multiplication xmulx[hi] and extended addition addxc[cc]
+# instructions. 4.52/7.63x improvement on T3/T4 or in absolute
+# terms 7.90/2.14 cycles per byte. On T4 multi-process benchmark
+# saturates at ~15.5x single-process result on 8-core processor,
+# or ~20.5GBps per 2.85GHz socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+$frame="STACK_FRAME";
+$bias="STACK_BIAS";
+
+$Zhi="%o0";	# 64-bit values
+$Zlo="%o1";
+$Thi="%o2";
+$Tlo="%o3";
+$rem="%o4";
+$tmp="%o5";
+
+$nhi="%l0";	# small values and pointers
+$nlo="%l1";
+$xi0="%l2";
+$xi1="%l3";
+$rem_4bit="%l4";
+$remi="%l5";
+$Htblo="%l6";
+$cnt="%l7";
+
+$Xi="%i0";	# input argument block
+$Htbl="%i1";
+$inp="%i2";
+$len="%i3";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef  __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+.align	64
+rem_4bit:
+	.long	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
+	.long	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
+	.long	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
+	.long	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
+.type	rem_4bit,#object
+.size	rem_4bit,(.-rem_4bit)
+
+.globl	gcm_ghash_4bit
+.align	32
+gcm_ghash_4bit:
+	save	%sp,-$frame,%sp
+	ldub	[$inp+15],$nlo
+	ldub	[$Xi+15],$xi0
+	ldub	[$Xi+14],$xi1
+	add	$len,$inp,$len
+	add	$Htbl,8,$Htblo
+
+1:	call	.+8
+	add	%o7,rem_4bit-1b,$rem_4bit
+
+.Louter:
+	xor	$xi0,$nlo,$nlo
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	sll	$nlo,4,$nlo
+	ldx	[$Htblo+$nlo],$Zlo
+	ldx	[$Htbl+$nlo],$Zhi
+
+	ldub	[$inp+14],$nlo
+
+	ldx	[$Htblo+$nhi],$Tlo
+	and	$Zlo,0xf,$remi
+	ldx	[$Htbl+$nhi],$Thi
+	sll	$remi,3,$remi
+	ldx	[$rem_4bit+$remi],$rem
+	srlx	$Zlo,4,$Zlo
+	mov	13,$cnt
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+
+	xor	$xi1,$nlo,$nlo
+	and	$Zlo,0xf,$remi
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	ba	.Lghash_inner
+	sll	$nlo,4,$nlo
+.align	32
+.Lghash_inner:
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$inp+$cnt],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	ldub	[$Xi+$cnt],$xi1
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$xi1,$nlo,$nlo
+	srlx	$Zhi,4,$Zhi
+	and	$nlo,0xf0,$nhi
+	addcc	$cnt,-1,$cnt
+	xor	$Zlo,$tmp,$Zlo
+	and	$nlo,0x0f,$nlo
+	xor	$Tlo,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	blu	.Lghash_inner
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+
+	add	$inp,16,$inp
+	cmp	$inp,$len
+	be,pn	SIZE_T_CC,.Ldone
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$inp+15],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+	srl	$Zlo,8,$xi1
+	and	$Zlo,0xff,$xi0
+	ba	.Louter
+	and	$xi1,0xff,$xi1
+.align	32
+.Ldone:
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+
+	ret
+	restore
+.type	gcm_ghash_4bit,#function
+.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
+___
+
+undef $inp;
+undef $len;
+
+$code.=<<___;
+.globl	gcm_gmult_4bit
+.align	32
+gcm_gmult_4bit:
+	save	%sp,-$frame,%sp
+	ldub	[$Xi+15],$nlo
+	add	$Htbl,8,$Htblo
+
+1:	call	.+8
+	add	%o7,rem_4bit-1b,$rem_4bit
+
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	sll	$nlo,4,$nlo
+	ldx	[$Htblo+$nlo],$Zlo
+	ldx	[$Htbl+$nlo],$Zhi
+
+	ldub	[$Xi+14],$nlo
+
+	ldx	[$Htblo+$nhi],$Tlo
+	and	$Zlo,0xf,$remi
+	ldx	[$Htbl+$nhi],$Thi
+	sll	$remi,3,$remi
+	ldx	[$rem_4bit+$remi],$rem
+	srlx	$Zlo,4,$Zlo
+	mov	13,$cnt
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+
+	and	$Zlo,0xf,$remi
+	and	$nlo,0xf0,$nhi
+	and	$nlo,0x0f,$nlo
+	ba	.Lgmult_inner
+	sll	$nlo,4,$nlo
+.align	32
+.Lgmult_inner:
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	ldub	[$Xi+$cnt],$nlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	srlx	$Zhi,4,$Zhi
+	and	$nlo,0xf0,$nhi
+	addcc	$cnt,-1,$cnt
+	xor	$Zlo,$tmp,$Zlo
+	and	$nlo,0x0f,$nlo
+	xor	$Tlo,$Zlo,$Zlo
+	sll	$nlo,4,$nlo
+	blu	.Lgmult_inner
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nlo],$Tlo
+	sll	$remi,3,$remi
+	xor	$Thi,$Zhi,$Zhi
+	ldx	[$Htbl+$nlo],$Thi
+	srlx	$Zlo,4,$Zlo
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	and	$Zlo,0xf,$remi
+
+	ldx	[$Htblo+$nhi],$Tlo
+	sll	$remi,3,$remi
+	xor	$rem,$Zhi,$Zhi
+	ldx	[$Htbl+$nhi],$Thi
+	srlx	$Zlo,4,$Zlo
+	ldx	[$rem_4bit+$remi],$rem
+	sllx	$Zhi,60,$tmp
+	xor	$Tlo,$Zlo,$Zlo
+	srlx	$Zhi,4,$Zhi
+	xor	$Zlo,$tmp,$Zlo
+	xor	$Thi,$Zhi,$Zhi
+	stx	$Zlo,[$Xi+8]
+	xor	$rem,$Zhi,$Zhi
+	stx	$Zhi,[$Xi]
+
+	ret
+	restore
+.type	gcm_gmult_4bit,#function
+.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
+___
+
+{{{
+# Straightforward 128x128-bit multiplication using Karatsuba algorithm
+# followed by pair of 64-bit reductions [with a shortcut in first one,
+# which allowed to break dependency between reductions and remove one
+# multiplication from critical path]. While it might be suboptimal
+# with regard to sheer number of multiplications, other methods [such
+# as aggregate reduction] would require more 64-bit registers, which
+# we don't have in 32-bit application context.
+
+($Xip,$Htable,$inp,$len)=map("%i$_",(0..3));
+
+($Hhl,$Hlo,$Hhi,$Xlo,$Xhi,$xE1,$sqr, $C0,$C1,$C2,$C3,$V)=
+	(map("%o$_",(0..5,7)),map("%g$_",(1..5)));
+
+($shl,$shr)=map("%l$_",(0..7));
+
+# For details regarding "twisted H" see ghash-x86.pl.
+$code.=<<___;
+.globl	gcm_init_vis3
+.align	32
+gcm_init_vis3:
+	save	%sp,-$frame,%sp
+
+	ldx	[%i1+0],$Hhi
+	ldx	[%i1+8],$Hlo
+	mov	0xE1,$Xhi
+	mov	1,$Xlo
+	sllx	$Xhi,57,$Xhi
+	srax	$Hhi,63,$C0		! broadcast carry
+	addcc	$Hlo,$Hlo,$Hlo		! H<<=1
+	addxc	$Hhi,$Hhi,$Hhi
+	and	$C0,$Xlo,$Xlo
+	and	$C0,$Xhi,$Xhi
+	xor	$Xlo,$Hlo,$Hlo
+	xor	$Xhi,$Hhi,$Hhi
+	stx	$Hlo,[%i0+8]		! save twisted H
+	stx	$Hhi,[%i0+0]
+
+	sethi	%hi(0xA0406080),$V
+	sethi	%hi(0x20C0E000),%l0
+	or	$V,%lo(0xA0406080),$V
+	or	%l0,%lo(0x20C0E000),%l0
+	sllx	$V,32,$V
+	or	%l0,$V,$V		! (0xE0·i)&0xff=0xA040608020C0E000
+	stx	$V,[%i0+16]
+
+	ret
+	restore
+.type	gcm_init_vis3,#function
+.size	gcm_init_vis3,.-gcm_init_vis3
+
+.globl	gcm_gmult_vis3
+.align	32
+gcm_gmult_vis3:
+	save	%sp,-$frame,%sp
+
+	ldx	[$Xip+8],$Xlo		! load Xi
+	ldx	[$Xip+0],$Xhi
+	ldx	[$Htable+8],$Hlo	! load twisted H
+	ldx	[$Htable+0],$Hhi
+
+	mov	0xE1,%l7
+	sllx	%l7,57,$xE1		! 57 is not a typo
+	ldx	[$Htable+16],$V		! (0xE0·i)&0xff=0xA040608020C0E000
+
+	xor	$Hhi,$Hlo,$Hhl		! Karatsuba pre-processing
+	xmulx	$Xlo,$Hlo,$C0
+	xor	$Xlo,$Xhi,$C2		! Karatsuba pre-processing
+	xmulx	$C2,$Hhl,$C1
+	xmulxhi	$Xlo,$Hlo,$Xlo
+	xmulxhi	$C2,$Hhl,$C2
+	xmulxhi	$Xhi,$Hhi,$C3
+	xmulx	$Xhi,$Hhi,$Xhi
+
+	sll	$C0,3,$sqr
+	srlx	$V,$sqr,$sqr		! ·0xE0 [implicit &(7<<3)]
+	xor	$C0,$sqr,$sqr
+	sllx	$sqr,57,$sqr		! ($C0·0xE1)<<1<<56 [implicit &0x7f]
+
+	xor	$C0,$C1,$C1		! Karatsuba post-processing
+	xor	$Xlo,$C2,$C2
+	 xor	$sqr,$Xlo,$Xlo		! real destination is $C1
+	xor	$C3,$C2,$C2
+	xor	$Xlo,$C1,$C1
+	xor	$Xhi,$C2,$C2
+	xor	$Xhi,$C1,$C1
+
+	xmulxhi	$C0,$xE1,$Xlo		! ·0xE1<<1<<56
+	 xor	$C0,$C2,$C2
+	xmulx	$C1,$xE1,$C0
+	 xor	$C1,$C3,$C3
+	xmulxhi	$C1,$xE1,$C1
+
+	xor	$Xlo,$C2,$C2
+	xor	$C0,$C2,$C2
+	xor	$C1,$C3,$C3
+
+	stx	$C2,[$Xip+8]		! save Xi
+	stx	$C3,[$Xip+0]
+
+	ret
+	restore
+.type	gcm_gmult_vis3,#function
+.size	gcm_gmult_vis3,.-gcm_gmult_vis3
+
+.globl	gcm_ghash_vis3
+.align	32
+gcm_ghash_vis3:
+	save	%sp,-$frame,%sp
+	nop
+	srln	$len,0,$len		! needed on v8+, "nop" on v9
+
+	ldx	[$Xip+8],$C2		! load Xi
+	ldx	[$Xip+0],$C3
+	ldx	[$Htable+8],$Hlo	! load twisted H
+	ldx	[$Htable+0],$Hhi
+
+	mov	0xE1,%l7
+	sllx	%l7,57,$xE1		! 57 is not a typo
+	ldx	[$Htable+16],$V		! (0xE0·i)&0xff=0xA040608020C0E000
+
+	and	$inp,7,$shl
+	andn	$inp,7,$inp
+	sll	$shl,3,$shl
+	prefetch [$inp+63], 20
+	sub	%g0,$shl,$shr
+
+	xor	$Hhi,$Hlo,$Hhl		! Karatsuba pre-processing
+.Loop:
+	ldx	[$inp+8],$Xlo
+	brz,pt	$shl,1f
+	ldx	[$inp+0],$Xhi
+
+	ldx	[$inp+16],$C1		! align data
+	srlx	$Xlo,$shr,$C0
+	sllx	$Xlo,$shl,$Xlo
+	sllx	$Xhi,$shl,$Xhi
+	srlx	$C1,$shr,$C1
+	or	$C0,$Xhi,$Xhi
+	or	$C1,$Xlo,$Xlo
+1:
+	add	$inp,16,$inp
+	sub	$len,16,$len
+	xor	$C2,$Xlo,$Xlo
+	xor	$C3,$Xhi,$Xhi
+	prefetch [$inp+63], 20
+
+	xmulx	$Xlo,$Hlo,$C0
+	xor	$Xlo,$Xhi,$C2		! Karatsuba pre-processing
+	xmulx	$C2,$Hhl,$C1
+	xmulxhi	$Xlo,$Hlo,$Xlo
+	xmulxhi	$C2,$Hhl,$C2
+	xmulxhi	$Xhi,$Hhi,$C3
+	xmulx	$Xhi,$Hhi,$Xhi
+
+	sll	$C0,3,$sqr
+	srlx	$V,$sqr,$sqr		! ·0xE0 [implicit &(7<<3)]
+	xor	$C0,$sqr,$sqr
+	sllx	$sqr,57,$sqr		! ($C0·0xE1)<<1<<56 [implicit &0x7f]
+
+	xor	$C0,$C1,$C1		! Karatsuba post-processing
+	xor	$Xlo,$C2,$C2
+	 xor	$sqr,$Xlo,$Xlo		! real destination is $C1
+	xor	$C3,$C2,$C2
+	xor	$Xlo,$C1,$C1
+	xor	$Xhi,$C2,$C2
+	xor	$Xhi,$C1,$C1
+
+	xmulxhi	$C0,$xE1,$Xlo		! ·0xE1<<1<<56
+	 xor	$C0,$C2,$C2
+	xmulx	$C1,$xE1,$C0
+	 xor	$C1,$C3,$C3
+	xmulxhi	$C1,$xE1,$C1
+
+	xor	$Xlo,$C2,$C2
+	xor	$C0,$C2,$C2
+	brnz,pt	$len,.Loop
+	xor	$C1,$C3,$C3
+
+	stx	$C2,[$Xip+8]		! save Xi
+	stx	$C3,[$Xip+0]
+
+	ret
+	restore
+.type	gcm_ghash_vis3,#function
+.size	gcm_ghash_vis3,.-gcm_ghash_vis3
+___
+}}}
+$code.=<<___;
+.asciz	"GHASH for SPARCv9/VIS3, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"xmulx"		=> 0x115,
+		"xmulxhi"	=> 0x116	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(xmulx[hi]*|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-x86.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-x86.pl
new file mode 100644
index 0000000..cd84582
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-x86.pl
@@ -0,0 +1,1405 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, May, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that it
+# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two
+# code paths: vanilla x86 and vanilla SSE. Former will be executed on
+# 486 and Pentium, latter on all others. SSE GHASH features so called
+# "528B" variant of "4-bit" method utilizing additional 256+16 bytes
+# of per-key storage [+512 bytes shared table]. Performance results
+# are for streamed GHASH subroutine and are expressed in cycles per
+# processed byte, less is better:
+#
+#		gcc 2.95.3(*)	SSE assembler	x86 assembler
+#
+# Pentium	105/111(**)	-		50
+# PIII		68 /75		12.2		24
+# P4		125/125		17.8		84(***)
+# Opteron	66 /70		10.1		30
+# Core2		54 /67		8.4		18
+# Atom		105/105		16.8		53
+# VIA Nano	69 /71		13.0		27
+#
+# (*)	gcc 3.4.x was observed to generate few percent slower code,
+#	which is one of reasons why 2.95.3 results were chosen,
+#	another reason is lack of 3.4.x results for older CPUs;
+#	comparison with SSE results is not completely fair, because C
+#	results are for vanilla "256B" implementation, while
+#	assembler results are for "528B";-)
+# (**)	second number is result for code compiled with -fPIC flag,
+#	which is actually more relevant, because assembler code is
+#	position-independent;
+# (***)	see comment in non-MMX routine for further details;
+#
+# To summarize, it's >2-5 times faster than gcc-generated code. To
+# anchor it to something else SHA1 assembler processes one byte in
+# ~7 cycles on contemporary x86 cores. As for choice of MMX/SSE
+# in particular, see comment at the end of the file...
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.10 cycles per processed byte.
+# The question is how close is it to theoretical limit? The pclmulqdq
+# instruction latency appears to be 14 cycles and there can't be more
+# than 2 of them executing at any given time. This means that single
+# Karatsuba multiplication would take 28 cycles *plus* few cycles for
+# pre- and post-processing. Then multiplication has to be followed by
+# modulo-reduction. Given that aggregated reduction method [see
+# "Carry-less Multiplication and Its Usage for Computing the GCM Mode"
+# white paper by Intel] allows you to perform reduction only once in
+# a while we can assume that asymptotic performance can be estimated
+# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction
+# and Naggr is the aggregation factor.
+#
+# Before we proceed to this implementation let's have closer look at
+# the best-performing code suggested by Intel in their white paper.
+# By tracing inter-register dependencies Tmod is estimated as ~19
+# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per
+# processed byte. As implied, this is quite optimistic estimate,
+# because it does not account for Karatsuba pre- and post-processing,
+# which for a single multiplication is ~5 cycles. Unfortunately Intel
+# does not provide performance data for GHASH alone. But benchmarking
+# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt
+# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that
+# the result accounts even for pre-computing of degrees of the hash
+# key H, but its portion is negligible at 16KB buffer size.
+#
+# Moving on to the implementation in question. Tmod is estimated as
+# ~13 cycles and Naggr is 2, giving asymptotic performance of ...
+# 2.16. How is it possible that measured performance is better than
+# optimistic theoretical estimate? There is one thing Intel failed
+# to recognize. By serializing GHASH with CTR in same subroutine
+# former's performance is really limited to above (Tmul + Tmod/Naggr)
+# equation. But if GHASH procedure is detached, the modulo-reduction
+# can be interleaved with Naggr-1 multiplications at instruction level
+# and under ideal conditions even disappear from the equation. So that
+# optimistic theoretical estimate for this implementation is ...
+# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic,
+# at least for such small Naggr. I'd argue that (28+Tproc/Naggr),
+# where Tproc is time required for Karatsuba pre- and post-processing,
+# is more realistic estimate. In this case it gives ... 1.91 cycles.
+# Or in other words, depending on how well we can interleave reduction
+# and one of the two multiplications the performance should be between
+# 1.91 and 2.16. As already mentioned, this implementation processes
+# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
+# - in 2.02. x86_64 performance is better, because larger register
+# bank allows to interleave reduction and multiplication better.
+#
+# Does it make sense to increase Naggr? To start with it's virtually
+# impossible in 32-bit mode, because of limited register bank
+# capacity. Otherwise improvement has to be weighed agiainst slower
+# setup, as well as code size and complexity increase. As even
+# optimistic estimate doesn't promise 30% performance improvement,
+# there are currently no plans to increase Naggr.
+#
+# Special thanks to David Woodhouse <dwmw2@infradead.org> for
+# providing access to a Westmere-based system on behalf of Intel
+# Open Source Technology Centre.
+
+# January 2010
+#
+# Tweaked to optimize transitions between integer and FP operations
+# on same XMM register, PCLMULQDQ subroutine was measured to process
+# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere.
+# The minor regression on Westmere is outweighed by ~15% improvement
+# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in
+# similar manner resulted in almost 20% degradation on Sandy Bridge,
+# where original 64-bit code processes one byte in 1.95 cycles.
+
+#####################################################################
+# For reference, AMD Bulldozer processes one byte in 1.98 cycles in
+# 32-bit mode and 1.89 in 64-bit.
+
+# February 2013
+#
+# Overhaul: aggregate Karatsuba post-processing, improve ILP in
+# reduction_alg9. Resulting performance is 1.96 cycles per byte on
+# Westmere, 1.95 - on Sandy/Ivy Bridge, 1.76 - on Bulldozer.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx");
+$inp  = "edi";
+$Htbl = "esi";
+
+$unroll = 0;	# Affects x86 loop. Folded loop performs ~7% worse
+		# than unrolled, which has to be weighted against
+		# 2.5x x86-specific code size reduction.
+
+sub x86_loop {
+    my $off = shift;
+    my $rem = "eax";
+
+	&mov	($Zhh,&DWP(4,$Htbl,$Zll));
+	&mov	($Zhl,&DWP(0,$Htbl,$Zll));
+	&mov	($Zlh,&DWP(12,$Htbl,$Zll));
+	&mov	($Zll,&DWP(8,$Htbl,$Zll));
+	&xor	($rem,$rem);	# avoid partial register stalls on PIII
+
+	# shrd practically kills P4, 2.5x deterioration, but P4 has
+	# MMX code-path to execute. shrd runs tad faster [than twice
+	# the shifts, move's and or's] on pre-MMX Pentium (as well as
+	# PIII and Core2), *but* minimizes code size, spares register
+	# and thus allows to fold the loop...
+	if (!$unroll) {
+	my $cnt = $inp;
+	&mov	($cnt,15);
+	&jmp	(&label("x86_loop"));
+	&set_label("x86_loop",16);
+	    for($i=1;$i<=2;$i++) {
+		&mov	(&LB($rem),&LB($Zll));
+		&shrd	($Zll,$Zlh,4);
+		&and	(&LB($rem),0xf);
+		&shrd	($Zlh,$Zhl,4);
+		&shrd	($Zhl,$Zhh,4);
+		&shr	($Zhh,4);
+		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
+
+		&mov	(&LB($rem),&BP($off,"esp",$cnt));
+		if ($i&1) {
+			&and	(&LB($rem),0xf0);
+		} else {
+			&shl	(&LB($rem),4);
+		}
+
+		&xor	($Zll,&DWP(8,$Htbl,$rem));
+		&xor	($Zlh,&DWP(12,$Htbl,$rem));
+		&xor	($Zhl,&DWP(0,$Htbl,$rem));
+		&xor	($Zhh,&DWP(4,$Htbl,$rem));
+
+		if ($i&1) {
+			&dec	($cnt);
+			&js	(&label("x86_break"));
+		} else {
+			&jmp	(&label("x86_loop"));
+		}
+	    }
+	&set_label("x86_break",16);
+	} else {
+	    for($i=1;$i<32;$i++) {
+		&comment($i);
+		&mov	(&LB($rem),&LB($Zll));
+		&shrd	($Zll,$Zlh,4);
+		&and	(&LB($rem),0xf);
+		&shrd	($Zlh,$Zhl,4);
+		&shrd	($Zhl,$Zhh,4);
+		&shr	($Zhh,4);
+		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
+
+		if ($i&1) {
+			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
+			&and	(&LB($rem),0xf0);
+		} else {
+			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
+			&shl	(&LB($rem),4);
+		}
+
+		&xor	($Zll,&DWP(8,$Htbl,$rem));
+		&xor	($Zlh,&DWP(12,$Htbl,$rem));
+		&xor	($Zhl,&DWP(0,$Htbl,$rem));
+		&xor	($Zhh,&DWP(4,$Htbl,$rem));
+	    }
+	}
+	&bswap	($Zll);
+	&bswap	($Zlh);
+	&bswap	($Zhl);
+	if (!$x86only) {
+		&bswap	($Zhh);
+	} else {
+		&mov	("eax",$Zhh);
+		&bswap	("eax");
+		&mov	($Zhh,"eax");
+	}
+}
+
+if ($unroll) {
+    &function_begin_B("_x86_gmult_4bit_inner");
+	&x86_loop(4);
+	&ret	();
+    &function_end_B("_x86_gmult_4bit_inner");
+}
+
+sub deposit_rem_4bit {
+    my $bias = shift;
+
+	&mov	(&DWP($bias+0, "esp"),0x0000<<16);
+	&mov	(&DWP($bias+4, "esp"),0x1C20<<16);
+	&mov	(&DWP($bias+8, "esp"),0x3840<<16);
+	&mov	(&DWP($bias+12,"esp"),0x2460<<16);
+	&mov	(&DWP($bias+16,"esp"),0x7080<<16);
+	&mov	(&DWP($bias+20,"esp"),0x6CA0<<16);
+	&mov	(&DWP($bias+24,"esp"),0x48C0<<16);
+	&mov	(&DWP($bias+28,"esp"),0x54E0<<16);
+	&mov	(&DWP($bias+32,"esp"),0xE100<<16);
+	&mov	(&DWP($bias+36,"esp"),0xFD20<<16);
+	&mov	(&DWP($bias+40,"esp"),0xD940<<16);
+	&mov	(&DWP($bias+44,"esp"),0xC560<<16);
+	&mov	(&DWP($bias+48,"esp"),0x9180<<16);
+	&mov	(&DWP($bias+52,"esp"),0x8DA0<<16);
+	&mov	(&DWP($bias+56,"esp"),0xA9C0<<16);
+	&mov	(&DWP($bias+60,"esp"),0xB5E0<<16);
+}
+
+$suffix = $x86only ? "" : "_x86";
+
+&function_begin("gcm_gmult_4bit".$suffix);
+	&stack_push(16+4+1);			# +1 for stack alignment
+	&mov	($inp,&wparam(0));		# load Xi
+	&mov	($Htbl,&wparam(1));		# load Htable
+
+	&mov	($Zhh,&DWP(0,$inp));		# load Xi[16]
+	&mov	($Zhl,&DWP(4,$inp));
+	&mov	($Zlh,&DWP(8,$inp));
+	&mov	($Zll,&DWP(12,$inp));
+
+	&deposit_rem_4bit(16);
+
+	&mov	(&DWP(0,"esp"),$Zhh);		# copy Xi[16] on stack
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(12,"esp"),$Zll);
+	&shr	($Zll,20);
+	&and	($Zll,0xf0);
+
+	if ($unroll) {
+		&call	("_x86_gmult_4bit_inner");
+	} else {
+		&x86_loop(0);
+		&mov	($inp,&wparam(0));
+	}
+
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(0,$inp),$Zhh);
+	&stack_pop(16+4+1);
+&function_end("gcm_gmult_4bit".$suffix);
+
+&function_begin("gcm_ghash_4bit".$suffix);
+	&stack_push(16+4+1);			# +1 for 64-bit alignment
+	&mov	($Zll,&wparam(0));		# load Xi
+	&mov	($Htbl,&wparam(1));		# load Htable
+	&mov	($inp,&wparam(2));		# load in
+	&mov	("ecx",&wparam(3));		# load len
+	&add	("ecx",$inp);
+	&mov	(&wparam(3),"ecx");
+
+	&mov	($Zhh,&DWP(0,$Zll));		# load Xi[16]
+	&mov	($Zhl,&DWP(4,$Zll));
+	&mov	($Zlh,&DWP(8,$Zll));
+	&mov	($Zll,&DWP(12,$Zll));
+
+	&deposit_rem_4bit(16);
+
+    &set_label("x86_outer_loop",16);
+	&xor	($Zll,&DWP(12,$inp));		# xor with input
+	&xor	($Zlh,&DWP(8,$inp));
+	&xor	($Zhl,&DWP(4,$inp));
+	&xor	($Zhh,&DWP(0,$inp));
+	&mov	(&DWP(12,"esp"),$Zll);		# dump it on stack
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(0,"esp"),$Zhh);
+
+	&shr	($Zll,20);
+	&and	($Zll,0xf0);
+
+	if ($unroll) {
+		&call	("_x86_gmult_4bit_inner");
+	} else {
+		&x86_loop(0);
+		&mov	($inp,&wparam(2));
+	}
+	&lea	($inp,&DWP(16,$inp));
+	&cmp	($inp,&wparam(3));
+	&mov	(&wparam(2),$inp)	if (!$unroll);
+	&jb	(&label("x86_outer_loop"));
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(0,$inp),$Zhh);
+	&stack_pop(16+4+1);
+&function_end("gcm_ghash_4bit".$suffix);
+
+if (!$x86only) {{{
+
+&static_label("rem_4bit");
+
+if (!$sse2) {{	# pure-MMX "May" version...
+
+$S=12;		# shift factor for rem_4bit
+
+&function_begin_B("_mmx_gmult_4bit_inner");
+# MMX version performs 3.5 times better on P4 (see comment in non-MMX
+# routine for further details), 100% better on Opteron, ~70% better
+# on Core2 and PIII... In other words effort is considered to be well
+# spent... Since initial release the loop was unrolled in order to
+# "liberate" register previously used as loop counter. Instead it's
+# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'.
+# The path involves move of Z.lo from MMX to integer register,
+# effective address calculation and finally merge of value to Z.hi.
+# Reference to rem_4bit is scheduled so late that I had to >>4
+# rem_4bit elements. This resulted in 20-45% procent improvement
+# on contemporary µ-archs.
+{
+    my $cnt;
+    my $rem_4bit = "eax";
+    my @rem = ($Zhh,$Zll);
+    my $nhi = $Zhl;
+    my $nlo = $Zlh;
+
+    my ($Zlo,$Zhi) = ("mm0","mm1");
+    my $tmp = "mm2";
+
+	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
+	&mov	($nhi,$Zll);
+	&mov	(&LB($nlo),&LB($nhi));
+	&shl	(&LB($nlo),4);
+	&and	($nhi,0xf0);
+	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
+	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
+	&movd	($rem[0],$Zlo);
+
+	for ($cnt=28;$cnt>=-2;$cnt--) {
+	    my $odd = $cnt&1;
+	    my $nix = $odd ? $nlo : $nhi;
+
+		&shl	(&LB($nlo),4)			if ($odd);
+		&psrlq	($Zlo,4);
+		&movq	($tmp,$Zhi);
+		&psrlq	($Zhi,4);
+		&pxor	($Zlo,&QWP(8,$Htbl,$nix));
+		&mov	(&LB($nlo),&BP($cnt/2,$inp))	if (!$odd && $cnt>=0);
+		&psllq	($tmp,60);
+		&and	($nhi,0xf0)			if ($odd);
+		&pxor	($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28);
+		&and	($rem[0],0xf);
+		&pxor	($Zhi,&QWP(0,$Htbl,$nix));
+		&mov	($nhi,$nlo)			if (!$odd && $cnt>=0);
+		&movd	($rem[1],$Zlo);
+		&pxor	($Zlo,$tmp);
+
+		push	(@rem,shift(@rem));		# "rotate" registers
+	}
+
+	&mov	($inp,&DWP(4,$rem_4bit,$rem[1],8));	# last rem_4bit[rem]
+
+	&psrlq	($Zlo,32);	# lower part of Zlo is already there
+	&movd	($Zhl,$Zhi);
+	&psrlq	($Zhi,32);
+	&movd	($Zlh,$Zlo);
+	&movd	($Zhh,$Zhi);
+	&shl	($inp,4);	# compensate for rem_4bit[i] being >>4
+
+	&bswap	($Zll);
+	&bswap	($Zhl);
+	&bswap	($Zlh);
+	&xor	($Zhh,$inp);
+	&bswap	($Zhh);
+
+	&ret	();
+}
+&function_end_B("_mmx_gmult_4bit_inner");
+
+&function_begin("gcm_gmult_4bit_mmx");
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&movz	($Zll,&BP(15,$inp));
+
+	&call	("_mmx_gmult_4bit_inner");
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+
+# Streamed version performs 20% better on P4, 7% on Opteron,
+# 10% on Core2 and PIII...
+&function_begin("gcm_ghash_4bit_mmx");
+	&mov	($Zhh,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+	&mov	($inp,&wparam(2));	# load in
+	&mov	($Zlh,&wparam(3));	# load len
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&add	($Zlh,$inp);
+	&mov	(&wparam(3),$Zlh);	# len to point at the end of input
+	&stack_push(4+1);		# +1 for stack alignment
+
+	&mov	($Zll,&DWP(12,$Zhh));	# load Xi[16]
+	&mov	($Zhl,&DWP(4,$Zhh));
+	&mov	($Zlh,&DWP(8,$Zhh));
+	&mov	($Zhh,&DWP(0,$Zhh));
+	&jmp	(&label("mmx_outer_loop"));
+
+    &set_label("mmx_outer_loop",16);
+	&xor	($Zll,&DWP(12,$inp));
+	&xor	($Zhl,&DWP(4,$inp));
+	&xor	($Zlh,&DWP(8,$inp));
+	&xor	($Zhh,&DWP(0,$inp));
+	&mov	(&wparam(2),$inp);
+	&mov	(&DWP(12,"esp"),$Zll);
+	&mov	(&DWP(4,"esp"),$Zhl);
+	&mov	(&DWP(8,"esp"),$Zlh);
+	&mov	(&DWP(0,"esp"),$Zhh);
+
+	&mov	($inp,"esp");
+	&shr	($Zll,24);
+
+	&call	("_mmx_gmult_4bit_inner");
+
+	&mov	($inp,&wparam(2));
+	&lea	($inp,&DWP(16,$inp));
+	&cmp	($inp,&wparam(3));
+	&jb	(&label("mmx_outer_loop"));
+
+	&mov	($inp,&wparam(0));	# load Xi
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+
+	&stack_pop(4+1);
+&function_end("gcm_ghash_4bit_mmx");
+
+}} else {{	# "June" MMX version...
+		# ... has slower "April" gcm_gmult_4bit_mmx with folded
+		# loop. This is done to conserve code size...
+$S=16;		# shift factor for rem_4bit
+
+sub mmx_loop() {
+# MMX version performs 2.8 times better on P4 (see comment in non-MMX
+# routine for further details), 40% better on Opteron and Core2, 50%
+# better on PIII... In other words effort is considered to be well
+# spent...
+    my $inp = shift;
+    my $rem_4bit = shift;
+    my $cnt = $Zhh;
+    my $nhi = $Zhl;
+    my $nlo = $Zlh;
+    my $rem = $Zll;
+
+    my ($Zlo,$Zhi) = ("mm0","mm1");
+    my $tmp = "mm2";
+
+	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
+	&mov	($nhi,$Zll);
+	&mov	(&LB($nlo),&LB($nhi));
+	&mov	($cnt,14);
+	&shl	(&LB($nlo),4);
+	&and	($nhi,0xf0);
+	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
+	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
+	&movd	($rem,$Zlo);
+	&jmp	(&label("mmx_loop"));
+
+    &set_label("mmx_loop",16);
+	&psrlq	($Zlo,4);
+	&and	($rem,0xf);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
+	&mov	(&LB($nlo),&BP(0,$inp,$cnt));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&dec	($cnt);
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
+	&mov	($nhi,$nlo);
+	&pxor	($Zlo,$tmp);
+	&js	(&label("mmx_break"));
+
+	&shl	(&LB($nlo),4);
+	&and	($rem,0xf);
+	&psrlq	($Zlo,4);
+	&and	($nhi,0xf0);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
+	&pxor	($Zlo,$tmp);
+	&jmp	(&label("mmx_loop"));
+
+    &set_label("mmx_break",16);
+	&shl	(&LB($nlo),4);
+	&and	($rem,0xf);
+	&psrlq	($Zlo,4);
+	&and	($nhi,0xf0);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
+	&pxor	($Zlo,$tmp);
+
+	&psrlq	($Zlo,4);
+	&and	($rem,0xf);
+	&movq	($tmp,$Zhi);
+	&psrlq	($Zhi,4);
+	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
+	&psllq	($tmp,60);
+	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
+	&movd	($rem,$Zlo);
+	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
+	&pxor	($Zlo,$tmp);
+
+	&psrlq	($Zlo,32);	# lower part of Zlo is already there
+	&movd	($Zhl,$Zhi);
+	&psrlq	($Zhi,32);
+	&movd	($Zlh,$Zlo);
+	&movd	($Zhh,$Zhi);
+
+	&bswap	($Zll);
+	&bswap	($Zhl);
+	&bswap	($Zlh);
+	&bswap	($Zhh);
+}
+
+&function_begin("gcm_gmult_4bit_mmx");
+	&mov	($inp,&wparam(0));	# load Xi
+	&mov	($Htbl,&wparam(1));	# load Htable
+
+	&call	(&label("pic_point"));
+	&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
+
+	&movz	($Zll,&BP(15,$inp));
+
+	&mmx_loop($inp,"eax");
+
+	&emms	();
+	&mov	(&DWP(12,$inp),$Zll);
+	&mov	(&DWP(4,$inp),$Zhl);
+	&mov	(&DWP(8,$inp),$Zlh);
+	&mov	(&DWP(0,$inp),$Zhh);
+&function_end("gcm_gmult_4bit_mmx");
+
+######################################################################
+# Below subroutine is "528B" variant of "4-bit" GCM GHASH function
+# (see gcm128.c for details). It provides further 20-40% performance
+# improvement over above mentioned "May" version.
+
+&static_label("rem_8bit");
+
+&function_begin("gcm_ghash_4bit_mmx");
+{ my ($Zlo,$Zhi) = ("mm7","mm6");
+  my $rem_8bit = "esi";
+  my $Htbl = "ebx";
+
+    # parameter block
+    &mov	("eax",&wparam(0));		# Xi
+    &mov	("ebx",&wparam(1));		# Htable
+    &mov	("ecx",&wparam(2));		# inp
+    &mov	("edx",&wparam(3));		# len
+    &mov	("ebp","esp");			# original %esp
+    &call	(&label("pic_point"));
+    &set_label	("pic_point");
+    &blindpop	($rem_8bit);
+    &lea	($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit));
+
+    &sub	("esp",512+16+16);		# allocate stack frame...
+    &and	("esp",-64);			# ...and align it
+    &sub	("esp",16);			# place for (u8)(H[]<<4)
+
+    &add	("edx","ecx");			# pointer to the end of input
+    &mov	(&DWP(528+16+0,"esp"),"eax");	# save Xi
+    &mov	(&DWP(528+16+8,"esp"),"edx");	# save inp+len
+    &mov	(&DWP(528+16+12,"esp"),"ebp");	# save original %esp
+
+    { my @lo  = ("mm0","mm1","mm2");
+      my @hi  = ("mm3","mm4","mm5");
+      my @tmp = ("mm6","mm7");
+      my ($off1,$off2,$i) = (0,0,);
+
+      &add	($Htbl,128);			# optimize for size
+      &lea	("edi",&DWP(16+128,"esp"));
+      &lea	("ebp",&DWP(16+256+128,"esp"));
+
+      # decompose Htable (low and high parts are kept separately),
+      # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack...
+      for ($i=0;$i<18;$i++) {
+
+	&mov	("edx",&DWP(16*$i+8-128,$Htbl))		if ($i<16);
+	&movq	($lo[0],&QWP(16*$i+8-128,$Htbl))	if ($i<16);
+	&psllq	($tmp[1],60)				if ($i>1);
+	&movq	($hi[0],&QWP(16*$i+0-128,$Htbl))	if ($i<16);
+	&por	($lo[2],$tmp[1])			if ($i>1);
+	&movq	(&QWP($off1-128,"edi"),$lo[1])		if ($i>0 && $i<17);
+	&psrlq	($lo[1],4)				if ($i>0 && $i<17);
+	&movq	(&QWP($off1,"edi"),$hi[1])		if ($i>0 && $i<17);
+	&movq	($tmp[0],$hi[1])			if ($i>0 && $i<17);
+	&movq	(&QWP($off2-128,"ebp"),$lo[2])		if ($i>1);
+	&psrlq	($hi[1],4)				if ($i>0 && $i<17);
+	&movq	(&QWP($off2,"ebp"),$hi[2])		if ($i>1);
+	&shl	("edx",4)				if ($i<16);
+	&mov	(&BP($i,"esp"),&LB("edx"))		if ($i<16);
+
+	unshift	(@lo,pop(@lo));			# "rotate" registers
+	unshift	(@hi,pop(@hi));
+	unshift	(@tmp,pop(@tmp));
+	$off1 += 8	if ($i>0);
+	$off2 += 8	if ($i>1);
+      }
+    }
+
+    &movq	($Zhi,&QWP(0,"eax"));
+    &mov	("ebx",&DWP(8,"eax"));
+    &mov	("edx",&DWP(12,"eax"));		# load Xi
+
+&set_label("outer",16);
+  { my $nlo = "eax";
+    my $dat = "edx";
+    my @nhi = ("edi","ebp");
+    my @rem = ("ebx","ecx");
+    my @red = ("mm0","mm1","mm2");
+    my $tmp = "mm3";
+
+    &xor	($dat,&DWP(12,"ecx"));		# merge input data
+    &xor	("ebx",&DWP(8,"ecx"));
+    &pxor	($Zhi,&QWP(0,"ecx"));
+    &lea	("ecx",&DWP(16,"ecx"));		# inp+=16
+    #&mov	(&DWP(528+12,"esp"),$dat);	# save inp^Xi
+    &mov	(&DWP(528+8,"esp"),"ebx");
+    &movq	(&QWP(528+0,"esp"),$Zhi);
+    &mov	(&DWP(528+16+4,"esp"),"ecx");	# save inp
+
+    &xor	($nlo,$nlo);
+    &rol	($dat,8);
+    &mov	(&LB($nlo),&LB($dat));
+    &mov	($nhi[1],$nlo);
+    &and	(&LB($nlo),0x0f);
+    &shr	($nhi[1],4);
+    &pxor	($red[0],$red[0]);
+    &rol	($dat,8);			# next byte
+    &pxor	($red[1],$red[1]);
+    &pxor	($red[2],$red[2]);
+
+    # Just like in "May" version modulo-schedule for critical path in
+    # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
+    # is scheduled so late that rem_8bit[] has to be shifted *right*
+    # by 16, which is why last argument to pinsrw is 2, which
+    # corresponds to <<32=<<48>>16...
+    for ($j=11,$i=0;$i<15;$i++) {
+
+      if ($i>0) {
+	&pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
+	&rol	($dat,8);				# next byte
+	&pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
+
+	&pxor	($Zlo,$tmp);
+	&pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+	&xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
+      } else {
+	&movq	($Zlo,&QWP(16,"esp",$nlo,8));
+	&movq	($Zhi,&QWP(16+128,"esp",$nlo,8));
+      }
+
+	&mov	(&LB($nlo),&LB($dat));
+	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
+
+	&movd	($rem[0],$Zlo);
+	&movz	($rem[1],&LB($rem[1]))			if ($i>0);
+	&psrlq	($Zlo,8);				# Z>>=8
+
+	&movq	($tmp,$Zhi);
+	&mov	($nhi[0],$nlo);
+	&psrlq	($Zhi,8);
+
+	&pxor	($Zlo,&QWP(16+256+0,"esp",$nhi[1],8));	# Z^=H[nhi]>>4
+	&and	(&LB($nlo),0x0f);
+	&psllq	($tmp,56);
+
+	&pxor	($Zhi,$red[1])				if ($i>1);
+	&shr	($nhi[0],4);
+	&pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2)	if ($i>0);
+
+	unshift	(@red,pop(@red));			# "rotate" registers
+	unshift	(@rem,pop(@rem));
+	unshift	(@nhi,pop(@nhi));
+    }
+
+    &pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
+    &pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
+    &xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
+
+    &pxor	($Zlo,$tmp);
+    &pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
+    &movz	($rem[1],&LB($rem[1]));
+
+    &pxor	($red[2],$red[2]);			# clear 2nd word
+    &psllq	($red[1],4);
+
+    &movd	($rem[0],$Zlo);
+    &psrlq	($Zlo,4);				# Z>>=4
+
+    &movq	($tmp,$Zhi);
+    &psrlq	($Zhi,4);
+    &shl	($rem[0],4);				# rem<<4
+
+    &pxor	($Zlo,&QWP(16,"esp",$nhi[1],8));	# Z^=H[nhi]
+    &psllq	($tmp,60);
+    &movz	($rem[0],&LB($rem[0]));
+
+    &pxor	($Zlo,$tmp);
+    &pxor	($Zhi,&QWP(16+128,"esp",$nhi[1],8));
+
+    &pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2);
+    &pxor	($Zhi,$red[1]);
+
+    &movd	($dat,$Zlo);
+    &pinsrw	($red[2],&WP(0,$rem_8bit,$rem[0],2),3);	# last is <<48
+
+    &psllq	($red[0],12);				# correct by <<16>>4
+    &pxor	($Zhi,$red[0]);
+    &psrlq	($Zlo,32);
+    &pxor	($Zhi,$red[2]);
+
+    &mov	("ecx",&DWP(528+16+4,"esp"));	# restore inp
+    &movd	("ebx",$Zlo);
+    &movq	($tmp,$Zhi);			# 01234567
+    &psllw	($Zhi,8);			# 1.3.5.7.
+    &psrlw	($tmp,8);			# .0.2.4.6
+    &por	($Zhi,$tmp);			# 10325476
+    &bswap	($dat);
+    &pshufw	($Zhi,$Zhi,0b00011011);		# 76543210
+    &bswap	("ebx");
+    
+    &cmp	("ecx",&DWP(528+16+8,"esp"));	# are we done?
+    &jne	(&label("outer"));
+  }
+
+    &mov	("eax",&DWP(528+16+0,"esp"));	# restore Xi
+    &mov	(&DWP(12,"eax"),"edx");
+    &mov	(&DWP(8,"eax"),"ebx");
+    &movq	(&QWP(0,"eax"),$Zhi);
+
+    &mov	("esp",&DWP(528+16+12,"esp"));	# restore original %esp
+    &emms	();
+}
+&function_end("gcm_ghash_4bit_mmx");
+}}
+
+if ($sse2) {{
+######################################################################
+# PCLMULQDQ version.
+
+$Xip="eax";
+$Htbl="edx";
+$const="ecx";
+$inp="esi";
+$len="ebx";
+
+($Xi,$Xhi)=("xmm0","xmm1");	$Hkey="xmm2";
+($T1,$T2,$T3)=("xmm3","xmm4","xmm5");
+($Xn,$Xhn)=("xmm6","xmm7");
+
+&static_label("bswap");
+
+sub clmul64x64_T2 {	# minimal "register" pressure
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+	&movdqa		($Xhi,$Xi);		#
+	&pshufd		($T1,$Xi,0b01001110);
+	&pshufd		($T2,$Hkey,0b01001110)	if (!defined($HK));
+	&pxor		($T1,$Xi);		#
+	&pxor		($T2,$Hkey)		if (!defined($HK));
+			$HK=$T2			if (!defined($HK));
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T1,$HK,0x00);		#######
+	&xorps		($T1,$Xi);		#
+	&xorps		($T1,$Xhi);		#
+
+	&movdqa		($T2,$T1);		#
+	&psrldq		($T1,8);
+	&pslldq		($T2,8);		#
+	&pxor		($Xhi,$T1);
+	&pxor		($Xi,$T2);		#
+}
+
+sub clmul64x64_T3 {
+# Even though this subroutine offers visually better ILP, it
+# was empirically found to be a tad slower than above version.
+# At least in gcm_ghash_clmul context. But it's just as well,
+# because loop modulo-scheduling is possible only thanks to
+# minimized "register" pressure...
+my ($Xhi,$Xi,$Hkey)=@_;
+
+	&movdqa		($T1,$Xi);		#
+	&movdqa		($Xhi,$Xi);
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pshufd		($T2,$T1,0b01001110);	#
+	&pshufd		($T3,$Hkey,0b01001110);
+	&pxor		($T2,$T1);		#
+	&pxor		($T3,$Hkey);
+	&pclmulqdq	($T2,$T3,0x00);		#######
+	&pxor		($T2,$Xi);		#
+	&pxor		($T2,$Xhi);		#
+
+	&movdqa		($T3,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T3,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T3);		#
+}
+
+if (1) {		# Algorithm 9 with <<1 twist.
+			# Reduction is shorter and uses only two
+			# temporary registers, which makes it better
+			# candidate for interleaving with 64x64
+			# multiplication. Pre-modulo-scheduled loop
+			# was found to be ~20% faster than Algorithm 5
+			# below. Algorithm 9 was therefore chosen for
+			# further optimization...
+
+sub reduction_alg9 {	# 17/11 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+	# 1st phase
+	&movdqa		($T2,$Xi);		#
+	&movdqa		($T1,$Xi);
+	&psllq		($Xi,5);
+	&pxor		($T1,$Xi);		#
+	&psllq		($Xi,1);
+	&pxor		($Xi,$T1);		#
+	&psllq		($Xi,57);		#
+	&movdqa		($T1,$Xi);		#
+	&pslldq		($Xi,8);
+	&psrldq		($T1,8);		#	
+	&pxor		($Xi,$T2);
+	&pxor		($Xhi,$T1);		#
+
+	# 2nd phase
+	&movdqa		($T2,$Xi);
+	&psrlq		($Xi,1);
+	&pxor		($Xhi,$T2);		#
+	&pxor		($T2,$Xi);
+	&psrlq		($Xi,5);
+	&pxor		($Xi,$T2);		#
+	&psrlq		($Xi,1);		#
+	&pxor		($Xi,$Xhi)		#
+}
+
+&function_begin_B("gcm_init_clmul");
+	&mov		($Htbl,&wparam(0));
+	&mov		($Xip,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Hkey,&QWP(0,$Xip));
+	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
+
+	# <<1 twist
+	&pshufd		($T2,$Hkey,0b11111111);	# broadcast uppermost dword
+	&movdqa		($T1,$Hkey);
+	&psllq		($Hkey,1);
+	&pxor		($T3,$T3);		#
+	&psrlq		($T1,63);
+	&pcmpgtd	($T3,$T2);		# broadcast carry bit
+	&pslldq		($T1,8);
+	&por		($Hkey,$T1);		# H<<=1
+
+	# magic reduction
+	&pand		($T3,&QWP(16,$const));	# 0x1c2_polynomial
+	&pxor		($Hkey,$T3);		# if(carry) H^=0x1c2_polynomial
+
+	# calculate H^2
+	&movdqa		($Xi,$Hkey);
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
+	&reduction_alg9	($Xhi,$Xi);
+
+	&pshufd		($T1,$Hkey,0b01001110);
+	&pshufd		($T2,$Xi,0b01001110);
+	&pxor		($T1,$Hkey);		# Karatsuba pre-processing
+	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
+	&pxor		($T2,$Xi);		# Karatsuba pre-processing
+	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
+	&palignr	($T2,$T1,8);		# low part is H.lo^H.hi
+	&movdqu		(&QWP(32,$Htbl),$T2);	# save Karatsuba "salt"
+
+	&ret		();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movups		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+	&movups		($T2,&QWP(32,$Htbl));
+
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$T2);
+	&reduction_alg9	($Xhi,$Xi);
+
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+
+	&ret	();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+	&mov		($inp,&wparam(2));
+	&mov		($len,&wparam(3));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+
+	&sub		($len,0x10);
+	&jz		(&label("odd_tail"));
+
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&movdqu		($T3,&QWP(32,$Htbl));
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&pshufd		($T1,$Xn,0b01001110);	# H*Ii+1
+	&movdqa		($Xhn,$Xn);
+	&pxor		($T1,$Xn);		#
+	&lea		($inp,&DWP(32,$inp));	# i+=2
+
+	&pclmulqdq	($Xn,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhn,$Hkey,0x11);	#######
+	&pclmulqdq	($T1,$T3,0x00);		#######
+	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
+	&nop		();
+
+	&sub		($len,0x20);
+	&jbe		(&label("even_tail"));
+	&jmp		(&label("mod_loop"));
+
+&set_label("mod_loop",32);
+	&pshufd		($T2,$Xi,0b01001110);	# H^2*(Ii+Xi)
+	&movdqa		($Xhi,$Xi);
+	&pxor		($T2,$Xi);		#
+	&nop		();
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T2,$T3,0x10);		#######
+	&movups		($Hkey,&QWP(0,$Htbl));	# load H
+
+	&xorps		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&movdqa		($T3,&QWP(0,$const));
+	&xorps		($Xhi,$Xhn);
+	 &movdqu	($Xhn,&QWP(0,$inp));	# Ii
+	&pxor		($T1,$Xi);		# aggregated Karatsuba post-processing
+	 &movdqu	($Xn,&QWP(16,$inp));	# Ii+1
+	&pxor		($T1,$Xhi);		#
+
+	 &pshufb	($Xhn,$T3);
+	&pxor		($T2,$T1);		#
+
+	&movdqa		($T1,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T1,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T1);		#
+	 &pshufb	($Xn,$T3);
+	 &pxor		($Xhi,$Xhn);		# "Ii+Xi", consume early
+
+	&movdqa		($Xhn,$Xn);		#&clmul64x64_TX	($Xhn,$Xn,$Hkey); H*Ii+1
+	  &movdqa	($T2,$Xi);		#&reduction_alg9($Xhi,$Xi); 1st phase
+	  &movdqa	($T1,$Xi);
+	  &psllq	($Xi,5);
+	  &pxor		($T1,$Xi);		#
+	  &psllq	($Xi,1);
+	  &pxor		($Xi,$T1);		#
+	&pclmulqdq	($Xn,$Hkey,0x00);	#######
+	&movups		($T3,&QWP(32,$Htbl));
+	  &psllq	($Xi,57);		#
+	  &movdqa	($T1,$Xi);		#
+	  &pslldq	($Xi,8);
+	  &psrldq	($T1,8);		#	
+	  &pxor		($Xi,$T2);
+	  &pxor		($Xhi,$T1);		#
+	&pshufd		($T1,$Xhn,0b01001110);
+	  &movdqa	($T2,$Xi);		# 2nd phase
+	  &psrlq	($Xi,1);
+	&pxor		($T1,$Xhn);
+	  &pxor		($Xhi,$T2);		#
+	&pclmulqdq	($Xhn,$Hkey,0x11);	#######
+	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
+	  &pxor		($T2,$Xi);
+	  &psrlq	($Xi,5);
+	  &pxor		($Xi,$T2);		#
+	  &psrlq	($Xi,1);		#
+	  &pxor		($Xi,$Xhi)		#
+	&pclmulqdq	($T1,$T3,0x00);		#######
+
+	&lea		($inp,&DWP(32,$inp));
+	&sub		($len,0x20);
+	&ja		(&label("mod_loop"));
+
+&set_label("even_tail");
+	&pshufd		($T2,$Xi,0b01001110);	# H^2*(Ii+Xi)
+	&movdqa		($Xhi,$Xi);
+	&pxor		($T2,$Xi);		#
+
+	&pclmulqdq	($Xi,$Hkey,0x00);	#######
+	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
+	&pclmulqdq	($T2,$T3,0x10);		#######
+	&movdqa		($T3,&QWP(0,$const));
+
+	&xorps		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&xorps		($Xhi,$Xhn);
+	&pxor		($T1,$Xi);		# aggregated Karatsuba post-processing
+	&pxor		($T1,$Xhi);		#
+
+	&pxor		($T2,$T1);		#
+
+	&movdqa		($T1,$T2);		#
+	&psrldq		($T2,8);
+	&pslldq		($T1,8);		#
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T1);		#
+
+	&reduction_alg9	($Xhi,$Xi);
+
+	&test		($len,$len);
+	&jnz		(&label("done"));
+
+	&movups		($Hkey,&QWP(0,$Htbl));	# load H
+&set_label("odd_tail");
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&pshufb		($T1,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
+	&reduction_alg9	($Xhi,$Xi);
+
+&set_label("done");
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+
+} else {		# Algorithm 5. Kept for reference purposes.
+
+sub reduction_alg5 {	# 19/16 times faster than Intel version
+my ($Xhi,$Xi)=@_;
+
+	# <<1
+	&movdqa		($T1,$Xi);		#
+	&movdqa		($T2,$Xhi);
+	&pslld		($Xi,1);
+	&pslld		($Xhi,1);		#
+	&psrld		($T1,31);
+	&psrld		($T2,31);		#
+	&movdqa		($T3,$T1);
+	&pslldq		($T1,4);
+	&psrldq		($T3,12);		#
+	&pslldq		($T2,4);
+	&por		($Xhi,$T3);		#
+	&por		($Xi,$T1);
+	&por		($Xhi,$T2);		#
+
+	# 1st phase
+	&movdqa		($T1,$Xi);
+	&movdqa		($T2,$Xi);
+	&movdqa		($T3,$Xi);		#
+	&pslld		($T1,31);
+	&pslld		($T2,30);
+	&pslld		($Xi,25);		#
+	&pxor		($T1,$T2);
+	&pxor		($T1,$Xi);		#
+	&movdqa		($T2,$T1);		#
+	&pslldq		($T1,12);
+	&psrldq		($T2,4);		#
+	&pxor		($T3,$T1);
+
+	# 2nd phase
+	&pxor		($Xhi,$T3);		#
+	&movdqa		($Xi,$T3);
+	&movdqa		($T1,$T3);
+	&psrld		($Xi,1);		#
+	&psrld		($T1,2);
+	&psrld		($T3,7);		#
+	&pxor		($Xi,$T1);
+	&pxor		($Xhi,$T2);
+	&pxor		($Xi,$T3);		#
+	&pxor		($Xi,$Xhi);		#
+}
+
+&function_begin_B("gcm_init_clmul");
+	&mov		($Htbl,&wparam(0));
+	&mov		($Xip,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Hkey,&QWP(0,$Xip));
+	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
+
+	# calculate H^2
+	&movdqa		($Xi,$Hkey);
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
+	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
+
+	&ret		();
+&function_end_B("gcm_init_clmul");
+
+&function_begin_B("gcm_gmult_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($Xn,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$Xn);
+
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
+	&reduction_alg5	($Xhi,$Xi);
+
+	&pshufb		($Xi,$Xn);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+
+	&ret	();
+&function_end_B("gcm_gmult_clmul");
+
+&function_begin("gcm_ghash_clmul");
+	&mov		($Xip,&wparam(0));
+	&mov		($Htbl,&wparam(1));
+	&mov		($inp,&wparam(2));
+	&mov		($len,&wparam(3));
+
+	&call		(&label("pic"));
+&set_label("pic");
+	&blindpop	($const);
+	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
+
+	&movdqu		($Xi,&QWP(0,$Xip));
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($Hkey,&QWP(0,$Htbl));
+	&pshufb		($Xi,$T3);
+
+	&sub		($len,0x10);
+	&jz		(&label("odd_tail"));
+
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
+	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
+
+	&sub		($len,0x20);
+	&lea		($inp,&DWP(32,$inp));	# i+=2
+	&jbe		(&label("even_tail"));
+
+&set_label("mod_loop");
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
+	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
+
+	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&pxor		($Xhi,$Xhn);
+
+	&reduction_alg5	($Xhi,$Xi);
+
+	#######
+	&movdqa		($T3,&QWP(0,$const));
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
+	&pshufb		($T1,$T3);
+	&pshufb		($Xn,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
+	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
+
+	&sub		($len,0x20);
+	&lea		($inp,&DWP(32,$inp));
+	&ja		(&label("mod_loop"));
+
+&set_label("even_tail");
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
+
+	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
+	&pxor		($Xhi,$Xhn);
+
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqa		($T3,&QWP(0,$const));
+	&test		($len,$len);
+	&jnz		(&label("done"));
+
+	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
+&set_label("odd_tail");
+	&movdqu		($T1,&QWP(0,$inp));	# Ii
+	&pshufb		($T1,$T3);
+	&pxor		($Xi,$T1);		# Ii+Xi
+
+	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
+	&reduction_alg5	($Xhi,$Xi);
+
+	&movdqa		($T3,&QWP(0,$const));
+&set_label("done");
+	&pshufb		($Xi,$T3);
+	&movdqu		(&QWP(0,$Xip),$Xi);
+&function_end("gcm_ghash_clmul");
+
+}
+
+&set_label("bswap",64);
+	&data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
+	&data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2);	# 0x1c2_polynomial
+&set_label("rem_8bit",64);
+	&data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E);
+	&data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E);
+	&data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E);
+	&data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E);
+	&data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E);
+	&data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E);
+	&data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E);
+	&data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E);
+	&data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE);
+	&data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE);
+	&data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE);
+	&data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE);
+	&data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E);
+	&data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E);
+	&data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE);
+	&data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE);
+	&data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E);
+	&data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E);
+	&data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E);
+	&data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E);
+	&data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E);
+	&data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E);
+	&data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E);
+	&data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E);
+	&data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE);
+	&data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE);
+	&data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE);
+	&data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE);
+	&data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E);
+	&data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E);
+	&data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE);
+	&data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE);
+}}	# $sse2
+
+&set_label("rem_4bit",64);
+	&data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S);
+	&data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S);
+	&data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S);
+	&data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S);
+}}}	# !$x86only
+
+&asciz("GHASH for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&asm_finish();
+
+close STDOUT;
+
+# A question was risen about choice of vanilla MMX. Or rather why wasn't
+# SSE2 chosen instead? In addition to the fact that MMX runs on legacy
+# CPUs such as PIII, "4-bit" MMX version was observed to provide better
+# performance than *corresponding* SSE2 one even on contemporary CPUs.
+# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2
+# implementation featuring full range of lookup-table sizes, but with
+# per-invocation lookup table setup. Latter means that table size is
+# chosen depending on how much data is to be hashed in every given call,
+# more data - larger table. Best reported result for Core2 is ~4 cycles
+# per processed byte out of 64KB block. This number accounts even for
+# 64KB table setup overhead. As discussed in gcm128.c we choose to be
+# more conservative in respect to lookup table sizes, but how do the
+# results compare? Minimalistic "256B" MMX version delivers ~11 cycles
+# on same platform. As also discussed in gcm128.c, next in line "8-bit
+# Shoup's" or "4KB" method should deliver twice the performance of
+# "256B" one, in other words not worse than ~6 cycles per byte. It
+# should be also be noted that in SSE2 case improvement can be "super-
+# linear," i.e. more than twice, mostly because >>8 maps to single
+# instruction on SSE2 register. This is unlike "4-bit" case when >>4
+# maps to same amount of instructions in both MMX and SSE2 cases.
+# Bottom line is that switch to SSE2 is considered to be justifiable
+# only in case we choose to implement "8-bit" method...
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghash-x86_64.pl b/openssl-1.1.0h/crypto/modes/asm/ghash-x86_64.pl
new file mode 100644
index 0000000..387e3f8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghash-x86_64.pl
@@ -0,0 +1,1762 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# March, June 2010
+#
+# The module implements "4-bit" GCM GHASH function and underlying
+# single multiplication operation in GF(2^128). "4-bit" means that
+# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH
+# function features so called "528B" variant utilizing additional
+# 256+16 bytes of per-key storage [+512 bytes shared table].
+# Performance results are for this streamed GHASH subroutine and are
+# expressed in cycles per processed byte, less is better:
+#
+#		gcc 3.4.x(*)	assembler
+#
+# P4		28.6		14.0		+100%
+# Opteron	19.3		7.7		+150%
+# Core2		17.8		8.1(**)		+120%
+# Atom		31.6		16.8		+88%
+# VIA Nano	21.8		10.1		+115%
+#
+# (*)	comparison is not completely fair, because C results are
+#	for vanilla "256B" implementation, while assembler results
+#	are for "528B";-)
+# (**)	it's mystery [to me] why Core2 result is not same as for
+#	Opteron;
+
+# May 2010
+#
+# Add PCLMULQDQ version performing at 2.02 cycles per processed byte.
+# See ghash-x86.pl for background information and details about coding
+# techniques.
+#
+# Special thanks to David Woodhouse <dwmw2@infradead.org> for
+# providing access to a Westmere-based system on behalf of Intel
+# Open Source Technology Centre.
+
+# December 2012
+#
+# Overhaul: aggregate Karatsuba post-processing, improve ILP in
+# reduction_alg9, increase reduction aggregate factor to 4x. As for
+# the latter. ghash-x86.pl discusses that it makes lesser sense to
+# increase aggregate factor. Then why increase here? Critical path
+# consists of 3 independent pclmulqdq instructions, Karatsuba post-
+# processing and reduction. "On top" of this we lay down aggregated
+# multiplication operations, triplets of independent pclmulqdq's. As
+# issue rate for pclmulqdq is limited, it makes lesser sense to
+# aggregate more multiplications than it takes to perform remaining
+# non-multiplication operations. 2x is near-optimal coefficient for
+# contemporary Intel CPUs (therefore modest improvement coefficient),
+# but not for Bulldozer. Latter is because logical SIMD operations
+# are twice as slow in comparison to Intel, so that critical path is
+# longer. A CPU with higher pclmulqdq issue rate would also benefit
+# from higher aggregate factor...
+#
+# Westmere	1.78(+13%)
+# Sandy Bridge	1.80(+8%)
+# Ivy Bridge	1.80(+7%)
+# Haswell	0.55(+93%) (if system doesn't support AVX)
+# Broadwell	0.45(+110%)(if system doesn't support AVX)
+# Skylake	0.44(+110%)(if system doesn't support AVX)
+# Bulldozer	1.49(+27%)
+# Silvermont	2.88(+13%)
+# Goldmont	1.08(+24%)
+
+# March 2013
+#
+# ... 8x aggregate factor AVX code path is using reduction algorithm
+# suggested by Shay Gueron[1]. Even though contemporary AVX-capable
+# CPUs such as Sandy and Ivy Bridge can execute it, the code performs
+# sub-optimally in comparison to above mentioned version. But thanks
+# to Ilya Albrekht and Max Locktyukhin of Intel Corp. we knew that
+# it performs in 0.41 cycles per byte on Haswell processor, in
+# 0.29 on Broadwell, and in 0.36 on Skylake.
+#
+# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.20) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	    `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	    `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$do4xaggr=1;
+
+# common register layout
+$nlo="%rax";
+$nhi="%rbx";
+$Zlo="%r8";
+$Zhi="%r9";
+$tmp="%r10";
+$rem_4bit = "%r11";
+
+$Xi="%rdi";
+$Htbl="%rsi";
+
+# per-function register layout
+$cnt="%rcx";
+$rem="%rdx";
+
+sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/	or
+			$r =~ s/%[er]([sd]i)/%\1l/	or
+			$r =~ s/%[er](bp)/%\1l/		or
+			$r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+{ my $N;
+  sub loop() {
+  my $inp = shift;
+
+	$N++;
+$code.=<<___;
+	xor	$nlo,$nlo
+	xor	$nhi,$nhi
+	mov	`&LB("$Zlo")`,`&LB("$nlo")`
+	mov	`&LB("$Zlo")`,`&LB("$nhi")`
+	shl	\$4,`&LB("$nlo")`
+	mov	\$14,$cnt
+	mov	8($Htbl,$nlo),$Zlo
+	mov	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	mov	$Zlo,$rem
+	jmp	.Loop$N
+
+.align	16
+.Loop$N:
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	mov	($inp,$cnt),`&LB("$nlo")`
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nhi),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nhi),$Zhi
+	mov	`&LB("$nlo")`,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	shl	\$4,`&LB("$nlo")`
+	xor	$tmp,$Zlo
+	dec	$cnt
+	js	.Lbreak$N
+
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nlo),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	xor	$tmp,$Zlo
+	jmp	.Loop$N
+
+.align	16
+.Lbreak$N:
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nlo),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nlo),$Zhi
+	and	\$0xf0,`&LB("$nhi")`
+	xor	($rem_4bit,$rem,8),$Zhi
+	mov	$Zlo,$rem
+	xor	$tmp,$Zlo
+
+	shr	\$4,$Zlo
+	and	\$0xf,$rem
+	mov	$Zhi,$tmp
+	shr	\$4,$Zhi
+	xor	8($Htbl,$nhi),$Zlo
+	shl	\$60,$tmp
+	xor	($Htbl,$nhi),$Zhi
+	xor	$tmp,$Zlo
+	xor	($rem_4bit,$rem,8),$Zhi
+
+	bswap	$Zlo
+	bswap	$Zhi
+___
+}}
+
+$code=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	gcm_gmult_4bit
+.type	gcm_gmult_4bit,\@function,2
+.align	16
+gcm_gmult_4bit:
+	push	%rbx
+	push	%rbp		# %rbp and %r12 are pushed exclusively in
+	push	%r12		# order to reuse Win64 exception handler...
+.Lgmult_prologue:
+
+	movzb	15($Xi),$Zlo
+	lea	.Lrem_4bit(%rip),$rem_4bit
+___
+	&loop	($Xi);
+$code.=<<___;
+	mov	$Zlo,8($Xi)
+	mov	$Zhi,($Xi)
+
+	mov	16(%rsp),%rbx
+	lea	24(%rsp),%rsp
+.Lgmult_epilogue:
+	ret
+.size	gcm_gmult_4bit,.-gcm_gmult_4bit
+___
+
+# per-function register layout
+$inp="%rdx";
+$len="%rcx";
+$rem_8bit=$rem_4bit;
+
+$code.=<<___;
+.globl	gcm_ghash_4bit
+.type	gcm_ghash_4bit,\@function,4
+.align	16
+gcm_ghash_4bit:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$280,%rsp
+.Lghash_prologue:
+	mov	$inp,%r14		# reassign couple of args
+	mov	$len,%r15
+___
+{ my $inp="%r14";
+  my $dat="%edx";
+  my $len="%r15";
+  my @nhi=("%ebx","%ecx");
+  my @rem=("%r12","%r13");
+  my $Hshr4="%rbp";
+
+	&sub	($Htbl,-128);		# size optimization
+	&lea	($Hshr4,"16+128(%rsp)");
+	{ my @lo =($nlo,$nhi);
+          my @hi =($Zlo,$Zhi);
+
+	  &xor	($dat,$dat);
+	  for ($i=0,$j=-2;$i<18;$i++,$j++) {
+	    &mov	("$j(%rsp)",&LB($dat))		if ($i>1);
+	    &or		($lo[0],$tmp)			if ($i>1);
+	    &mov	(&LB($dat),&LB($lo[1]))		if ($i>0 && $i<17);
+	    &shr	($lo[1],4)			if ($i>0 && $i<17);
+	    &mov	($tmp,$hi[1])			if ($i>0 && $i<17);
+	    &shr	($hi[1],4)			if ($i>0 && $i<17);
+	    &mov	("8*$j($Hshr4)",$hi[0])		if ($i>1);
+	    &mov	($hi[0],"16*$i+0-128($Htbl)")	if ($i<16);
+	    &shl	(&LB($dat),4)			if ($i>0 && $i<17);
+	    &mov	("8*$j-128($Hshr4)",$lo[0])	if ($i>1);
+	    &mov	($lo[0],"16*$i+8-128($Htbl)")	if ($i<16);
+	    &shl	($tmp,60)			if ($i>0 && $i<17);
+
+	    push	(@lo,shift(@lo));
+	    push	(@hi,shift(@hi));
+	  }
+	}
+	&add	($Htbl,-128);
+	&mov	($Zlo,"8($Xi)");
+	&mov	($Zhi,"0($Xi)");
+	&add	($len,$inp);		# pointer to the end of data
+	&lea	($rem_8bit,".Lrem_8bit(%rip)");
+	&jmp	(".Louter_loop");
+
+$code.=".align	16\n.Louter_loop:\n";
+	&xor	($Zhi,"($inp)");
+	&mov	("%rdx","8($inp)");
+	&lea	($inp,"16($inp)");
+	&xor	("%rdx",$Zlo);
+	&mov	("($Xi)",$Zhi);
+	&mov	("8($Xi)","%rdx");
+	&shr	("%rdx",32);
+
+	&xor	($nlo,$nlo);
+	&rol	($dat,8);
+	&mov	(&LB($nlo),&LB($dat));
+	&movz	($nhi[0],&LB($dat));
+	&shl	(&LB($nlo),4);
+	&shr	($nhi[0],4);
+
+	for ($j=11,$i=0;$i<15;$i++) {
+	    &rol	($dat,8);
+	    &xor	($Zlo,"8($Htbl,$nlo)")			if ($i>0);
+	    &xor	($Zhi,"($Htbl,$nlo)")			if ($i>0);
+	    &mov	($Zlo,"8($Htbl,$nlo)")			if ($i==0);
+	    &mov	($Zhi,"($Htbl,$nlo)")			if ($i==0);
+
+	    &mov	(&LB($nlo),&LB($dat));
+	    &xor	($Zlo,$tmp)				if ($i>0);
+	    &movzw	($rem[1],"($rem_8bit,$rem[1],2)")	if ($i>0);
+
+	    &movz	($nhi[1],&LB($dat));
+	    &shl	(&LB($nlo),4);
+	    &movzb	($rem[0],"(%rsp,$nhi[0])");
+
+	    &shr	($nhi[1],4)				if ($i<14);
+	    &and	($nhi[1],0xf0)				if ($i==14);
+	    &shl	($rem[1],48)				if ($i>0);
+	    &xor	($rem[0],$Zlo);
+
+	    &mov	($tmp,$Zhi);
+	    &xor	($Zhi,$rem[1])				if ($i>0);
+	    &shr	($Zlo,8);
+
+	    &movz	($rem[0],&LB($rem[0]));
+	    &mov	($dat,"$j($Xi)")			if (--$j%4==0);
+	    &shr	($Zhi,8);
+
+	    &xor	($Zlo,"-128($Hshr4,$nhi[0],8)");
+	    &shl	($tmp,56);
+	    &xor	($Zhi,"($Hshr4,$nhi[0],8)");
+
+	    unshift	(@nhi,pop(@nhi));		# "rotate" registers
+	    unshift	(@rem,pop(@rem));
+	}
+	&movzw	($rem[1],"($rem_8bit,$rem[1],2)");
+	&xor	($Zlo,"8($Htbl,$nlo)");
+	&xor	($Zhi,"($Htbl,$nlo)");
+
+	&shl	($rem[1],48);
+	&xor	($Zlo,$tmp);
+
+	&xor	($Zhi,$rem[1]);
+	&movz	($rem[0],&LB($Zlo));
+	&shr	($Zlo,4);
+
+	&mov	($tmp,$Zhi);
+	&shl	(&LB($rem[0]),4);
+	&shr	($Zhi,4);
+
+	&xor	($Zlo,"8($Htbl,$nhi[0])");
+	&movzw	($rem[0],"($rem_8bit,$rem[0],2)");
+	&shl	($tmp,60);
+
+	&xor	($Zhi,"($Htbl,$nhi[0])");
+	&xor	($Zlo,$tmp);
+	&shl	($rem[0],48);
+
+	&bswap	($Zlo);
+	&xor	($Zhi,$rem[0]);
+
+	&bswap	($Zhi);
+	&cmp	($inp,$len);
+	&jb	(".Louter_loop");
+}
+$code.=<<___;
+	mov	$Zlo,8($Xi)
+	mov	$Zhi,($Xi)
+
+	lea	280(%rsp),%rsi
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lghash_epilogue:
+	ret
+.size	gcm_ghash_4bit,.-gcm_ghash_4bit
+___
+
+######################################################################
+# PCLMULQDQ version.
+
+@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+		("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+($Xi,$Xhi)=("%xmm0","%xmm1");	$Hkey="%xmm2";
+($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5");
+
+sub clmul64x64_T2 {	# minimal register pressure
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+if (!defined($HK)) {	$HK = $T2;
+$code.=<<___;
+	movdqa		$Xi,$Xhi		#
+	pshufd		\$0b01001110,$Xi,$T1
+	pshufd		\$0b01001110,$Hkey,$T2
+	pxor		$Xi,$T1			#
+	pxor		$Hkey,$T2
+___
+} else {
+$code.=<<___;
+	movdqa		$Xi,$Xhi		#
+	pshufd		\$0b01001110,$Xi,$T1
+	pxor		$Xi,$T1			#
+___
+}
+$code.=<<___;
+	pclmulqdq	\$0x00,$Hkey,$Xi	#######
+	pclmulqdq	\$0x11,$Hkey,$Xhi	#######
+	pclmulqdq	\$0x00,$HK,$T1		#######
+	pxor		$Xi,$T1			#
+	pxor		$Xhi,$T1		#
+
+	movdqa		$T1,$T2			#
+	psrldq		\$8,$T1
+	pslldq		\$8,$T2			#
+	pxor		$T1,$Xhi
+	pxor		$T2,$Xi			#
+___
+}
+
+sub reduction_alg9 {	# 17/11 times faster than Intel version
+my ($Xhi,$Xi) = @_;
+
+$code.=<<___;
+	# 1st phase
+	movdqa		$Xi,$T2			#
+	movdqa		$Xi,$T1
+	psllq		\$5,$Xi
+	pxor		$Xi,$T1			#
+	psllq		\$1,$Xi
+	pxor		$T1,$Xi			#
+	psllq		\$57,$Xi		#
+	movdqa		$Xi,$T1			#
+	pslldq		\$8,$Xi
+	psrldq		\$8,$T1			#	
+	pxor		$T2,$Xi
+	pxor		$T1,$Xhi		#
+
+	# 2nd phase
+	movdqa		$Xi,$T2
+	psrlq		\$1,$Xi
+	pxor		$T2,$Xhi		#
+	pxor		$Xi,$T2
+	psrlq		\$5,$Xi
+	pxor		$T2,$Xi			#
+	psrlq		\$1,$Xi			#
+	pxor		$Xhi,$Xi		#
+___
+}
+
+{ my ($Htbl,$Xip)=@_4args;
+  my $HK="%xmm6";
+
+$code.=<<___;
+.globl	gcm_init_clmul
+.type	gcm_init_clmul,\@abi-omnipotent
+.align	16
+gcm_init_clmul:
+.L_init_clmul:
+___
+$code.=<<___ if ($win64);
+.LSEH_begin_gcm_init_clmul:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x83,0xec,0x18		#sub	$0x18,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
+___
+$code.=<<___;
+	movdqu		($Xip),$Hkey
+	pshufd		\$0b01001110,$Hkey,$Hkey	# dword swap
+
+	# <<1 twist
+	pshufd		\$0b11111111,$Hkey,$T2	# broadcast uppermost dword
+	movdqa		$Hkey,$T1
+	psllq		\$1,$Hkey
+	pxor		$T3,$T3			#
+	psrlq		\$63,$T1
+	pcmpgtd		$T2,$T3			# broadcast carry bit
+	pslldq		\$8,$T1
+	por		$T1,$Hkey		# H<<=1
+
+	# magic reduction
+	pand		.L0x1c2_polynomial(%rip),$T3
+	pxor		$T3,$Hkey		# if(carry) H^=0x1c2_polynomial
+
+	# calculate H^2
+	pshufd		\$0b01001110,$Hkey,$HK
+	movdqa		$Hkey,$Xi
+	pxor		$Hkey,$HK
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	pshufd		\$0b01001110,$Hkey,$T1
+	pshufd		\$0b01001110,$Xi,$T2
+	pxor		$Hkey,$T1		# Karatsuba pre-processing
+	movdqu		$Hkey,0x00($Htbl)	# save H
+	pxor		$Xi,$T2			# Karatsuba pre-processing
+	movdqu		$Xi,0x10($Htbl)		# save H^2
+	palignr		\$8,$T1,$T2		# low part is H.lo^H.hi...
+	movdqu		$T2,0x20($Htbl)		# save Karatsuba "salt"
+___
+if ($do4xaggr) {
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H^3
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	movdqa		$Xi,$T3
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H^4
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	pshufd		\$0b01001110,$T3,$T1
+	pshufd		\$0b01001110,$Xi,$T2
+	pxor		$T3,$T1			# Karatsuba pre-processing
+	movdqu		$T3,0x30($Htbl)		# save H^3
+	pxor		$Xi,$T2			# Karatsuba pre-processing
+	movdqu		$Xi,0x40($Htbl)		# save H^4
+	palignr		\$8,$T1,$T2		# low part is H^3.lo^H^3.hi...
+	movdqu		$T2,0x50($Htbl)		# save Karatsuba "salt"
+___
+}
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	lea	0x18(%rsp),%rsp
+.LSEH_end_gcm_init_clmul:
+___
+$code.=<<___;
+	ret
+.size	gcm_init_clmul,.-gcm_init_clmul
+___
+}
+
+{ my ($Xip,$Htbl)=@_4args;
+
+$code.=<<___;
+.globl	gcm_gmult_clmul
+.type	gcm_gmult_clmul,\@abi-omnipotent
+.align	16
+gcm_gmult_clmul:
+.L_gmult_clmul:
+	movdqu		($Xip),$Xi
+	movdqa		.Lbswap_mask(%rip),$T3
+	movdqu		($Htbl),$Hkey
+	movdqu		0x20($Htbl),$T2
+	pshufb		$T3,$Xi
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$T2);
+$code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0));
+	# experimental alternative. special thing about is that there
+	# no dependency between the two multiplications... 
+	mov		\$`0xE1<<1`,%eax
+	mov		\$0xA040608020C0E000,%r10	# ((7..0)·0xE0)&0xff
+	mov		\$0x07,%r11d
+	movq		%rax,$T1
+	movq		%r10,$T2
+	movq		%r11,$T3		# borrow $T3
+	pand		$Xi,$T3
+	pshufb		$T3,$T2			# ($Xi&7)·0xE0
+	movq		%rax,$T3
+	pclmulqdq	\$0x00,$Xi,$T1		# ·(0xE1<<1)
+	pxor		$Xi,$T2
+	pslldq		\$15,$T2
+	paddd		$T2,$T2			# <<(64+56+1)
+	pxor		$T2,$Xi
+	pclmulqdq	\$0x01,$T3,$Xi
+	movdqa		.Lbswap_mask(%rip),$T3	# reload $T3
+	psrldq		\$1,$T1
+	pxor		$T1,$Xhi
+	pslldq		\$7,$Xi
+	pxor		$Xhi,$Xi
+___
+$code.=<<___;
+	pshufb		$T3,$Xi
+	movdqu		$Xi,($Xip)
+	ret
+.size	gcm_gmult_clmul,.-gcm_gmult_clmul
+___
+}
+
+{ my ($Xip,$Htbl,$inp,$len)=@_4args;
+  my ($Xln,$Xmn,$Xhn,$Hkey2,$HK) = map("%xmm$_",(3..7));
+  my ($T1,$T2,$T3)=map("%xmm$_",(8..10));
+
+$code.=<<___;
+.globl	gcm_ghash_clmul
+.type	gcm_ghash_clmul,\@abi-omnipotent
+.align	32
+gcm_ghash_clmul:
+.L_ghash_clmul:
+___
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_gcm_ghash_clmul:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax),%rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6,-0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7,-0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8,0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9,0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10,0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11,0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12,0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13,0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14,0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15,0x70(%rax)
+___
+$code.=<<___;
+	movdqa		.Lbswap_mask(%rip),$T3
+
+	movdqu		($Xip),$Xi
+	movdqu		($Htbl),$Hkey
+	movdqu		0x20($Htbl),$HK
+	pshufb		$T3,$Xi
+
+	sub		\$0x10,$len
+	jz		.Lodd_tail
+
+	movdqu		0x10($Htbl),$Hkey2
+___
+if ($do4xaggr) {
+my ($Xl,$Xm,$Xh,$Hkey3,$Hkey4)=map("%xmm$_",(11..15));
+
+$code.=<<___;
+	mov		OPENSSL_ia32cap_P+4(%rip),%eax
+	cmp		\$0x30,$len
+	jb		.Lskip4x
+
+	and		\$`1<<26|1<<22`,%eax	# isolate MOVBE+XSAVE
+	cmp		\$`1<<22`,%eax		# check for MOVBE without XSAVE
+	je		.Lskip4x
+
+	sub		\$0x30,$len
+	mov		\$0xA040608020C0E000,%rax	# ((7..0)·0xE0)&0xff
+	movdqu		0x30($Htbl),$Hkey3
+	movdqu		0x40($Htbl),$Hkey4
+
+	#######
+	# Xi+4 =[(H*Ii+3) + (H^2*Ii+2) + (H^3*Ii+1) + H^4*(Ii+Xi)] mod P
+	#
+	movdqu		0x30($inp),$Xln
+	 movdqu		0x20($inp),$Xl
+	pshufb		$T3,$Xln
+	 pshufb		$T3,$Xl
+	movdqa		$Xln,$Xhn
+	pshufd		\$0b01001110,$Xln,$Xmn
+	pxor		$Xln,$Xmn
+	pclmulqdq	\$0x00,$Hkey,$Xln
+	pclmulqdq	\$0x11,$Hkey,$Xhn
+	pclmulqdq	\$0x00,$HK,$Xmn
+
+	movdqa		$Xl,$Xh
+	pshufd		\$0b01001110,$Xl,$Xm
+	pxor		$Xl,$Xm
+	pclmulqdq	\$0x00,$Hkey2,$Xl
+	pclmulqdq	\$0x11,$Hkey2,$Xh
+	pclmulqdq	\$0x10,$HK,$Xm
+	xorps		$Xl,$Xln
+	xorps		$Xh,$Xhn
+	movups		0x50($Htbl),$HK
+	xorps		$Xm,$Xmn
+
+	movdqu		0x10($inp),$Xl
+	 movdqu		0($inp),$T1
+	pshufb		$T3,$Xl
+	 pshufb		$T3,$T1
+	movdqa		$Xl,$Xh
+	pshufd		\$0b01001110,$Xl,$Xm
+	 pxor		$T1,$Xi
+	pxor		$Xl,$Xm
+	pclmulqdq	\$0x00,$Hkey3,$Xl
+	 movdqa		$Xi,$Xhi
+	 pshufd		\$0b01001110,$Xi,$T1
+	 pxor		$Xi,$T1
+	pclmulqdq	\$0x11,$Hkey3,$Xh
+	pclmulqdq	\$0x00,$HK,$Xm
+	xorps		$Xl,$Xln
+	xorps		$Xh,$Xhn
+
+	lea	0x40($inp),$inp
+	sub	\$0x40,$len
+	jc	.Ltail4x
+
+	jmp	.Lmod4_loop
+.align	32
+.Lmod4_loop:
+	pclmulqdq	\$0x00,$Hkey4,$Xi
+	xorps		$Xm,$Xmn
+	 movdqu		0x30($inp),$Xl
+	 pshufb		$T3,$Xl
+	pclmulqdq	\$0x11,$Hkey4,$Xhi
+	xorps		$Xln,$Xi
+	 movdqu		0x20($inp),$Xln
+	 movdqa		$Xl,$Xh
+	pclmulqdq	\$0x10,$HK,$T1
+	 pshufd		\$0b01001110,$Xl,$Xm
+	xorps		$Xhn,$Xhi
+	 pxor		$Xl,$Xm
+	 pshufb		$T3,$Xln
+	movups		0x20($Htbl),$HK
+	xorps		$Xmn,$T1
+	 pclmulqdq	\$0x00,$Hkey,$Xl
+	 pshufd		\$0b01001110,$Xln,$Xmn
+
+	pxor		$Xi,$T1			# aggregated Karatsuba post-processing
+	 movdqa		$Xln,$Xhn
+	pxor		$Xhi,$T1		#
+	 pxor		$Xln,$Xmn
+	movdqa		$T1,$T2			#
+	 pclmulqdq	\$0x11,$Hkey,$Xh
+	pslldq		\$8,$T1
+	psrldq		\$8,$T2			#
+	pxor		$T1,$Xi
+	movdqa		.L7_mask(%rip),$T1
+	pxor		$T2,$Xhi		#
+	movq		%rax,$T2
+
+	pand		$Xi,$T1			# 1st phase
+	pshufb		$T1,$T2			#
+	pxor		$Xi,$T2			#
+	 pclmulqdq	\$0x00,$HK,$Xm
+	psllq		\$57,$T2		#
+	movdqa		$T2,$T1			#
+	pslldq		\$8,$T2
+	 pclmulqdq	\$0x00,$Hkey2,$Xln
+	psrldq		\$8,$T1			#	
+	pxor		$T2,$Xi
+	pxor		$T1,$Xhi		#
+	movdqu		0($inp),$T1
+
+	movdqa		$Xi,$T2			# 2nd phase
+	psrlq		\$1,$Xi
+	 pclmulqdq	\$0x11,$Hkey2,$Xhn
+	 xorps		$Xl,$Xln
+	 movdqu		0x10($inp),$Xl
+	 pshufb		$T3,$Xl
+	 pclmulqdq	\$0x10,$HK,$Xmn
+	 xorps		$Xh,$Xhn
+	 movups		0x50($Htbl),$HK
+	pshufb		$T3,$T1
+	pxor		$T2,$Xhi		#
+	pxor		$Xi,$T2
+	psrlq		\$5,$Xi
+
+	 movdqa		$Xl,$Xh
+	 pxor		$Xm,$Xmn
+	 pshufd		\$0b01001110,$Xl,$Xm
+	pxor		$T2,$Xi			#
+	pxor		$T1,$Xhi
+	 pxor		$Xl,$Xm
+	 pclmulqdq	\$0x00,$Hkey3,$Xl
+	psrlq		\$1,$Xi			#
+	pxor		$Xhi,$Xi		#
+	movdqa		$Xi,$Xhi
+	 pclmulqdq	\$0x11,$Hkey3,$Xh
+	 xorps		$Xl,$Xln
+	pshufd		\$0b01001110,$Xi,$T1
+	pxor		$Xi,$T1
+
+	 pclmulqdq	\$0x00,$HK,$Xm
+	 xorps		$Xh,$Xhn
+
+	lea	0x40($inp),$inp
+	sub	\$0x40,$len
+	jnc	.Lmod4_loop
+
+.Ltail4x:
+	pclmulqdq	\$0x00,$Hkey4,$Xi
+	pclmulqdq	\$0x11,$Hkey4,$Xhi
+	pclmulqdq	\$0x10,$HK,$T1
+	xorps		$Xm,$Xmn
+	xorps		$Xln,$Xi
+	xorps		$Xhn,$Xhi
+	pxor		$Xi,$Xhi		# aggregated Karatsuba post-processing
+	pxor		$Xmn,$T1
+
+	pxor		$Xhi,$T1		#
+	pxor		$Xi,$Xhi
+
+	movdqa		$T1,$T2			#
+	psrldq		\$8,$T1
+	pslldq		\$8,$T2			#
+	pxor		$T1,$Xhi
+	pxor		$T2,$Xi			#
+___
+	&reduction_alg9($Xhi,$Xi);
+$code.=<<___;
+	add	\$0x40,$len
+	jz	.Ldone
+	movdqu	0x20($Htbl),$HK
+	sub	\$0x10,$len
+	jz	.Lodd_tail
+.Lskip4x:
+___
+}
+$code.=<<___;
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+	movdqu		($inp),$T1		# Ii
+	movdqu		16($inp),$Xln		# Ii+1
+	pshufb		$T3,$T1
+	pshufb		$T3,$Xln
+	pxor		$T1,$Xi			# Ii+Xi
+
+	movdqa		$Xln,$Xhn
+	pshufd		\$0b01001110,$Xln,$Xmn
+	pxor		$Xln,$Xmn
+	pclmulqdq	\$0x00,$Hkey,$Xln
+	pclmulqdq	\$0x11,$Hkey,$Xhn
+	pclmulqdq	\$0x00,$HK,$Xmn
+
+	lea		32($inp),$inp		# i+=2
+	nop
+	sub		\$0x20,$len
+	jbe		.Leven_tail
+	nop
+	jmp		.Lmod_loop
+
+.align	32
+.Lmod_loop:
+	movdqa		$Xi,$Xhi
+	movdqa		$Xmn,$T1
+	pshufd		\$0b01001110,$Xi,$Xmn	#
+	pxor		$Xi,$Xmn		#
+
+	pclmulqdq	\$0x00,$Hkey2,$Xi
+	pclmulqdq	\$0x11,$Hkey2,$Xhi
+	pclmulqdq	\$0x10,$HK,$Xmn
+
+	pxor		$Xln,$Xi		# (H*Ii+1) + H^2*(Ii+Xi)
+	pxor		$Xhn,$Xhi
+	  movdqu	($inp),$T2		# Ii
+	pxor		$Xi,$T1			# aggregated Karatsuba post-processing
+	  pshufb	$T3,$T2
+	  movdqu	16($inp),$Xln		# Ii+1
+
+	pxor		$Xhi,$T1
+	  pxor		$T2,$Xhi		# "Ii+Xi", consume early
+	pxor		$T1,$Xmn
+	 pshufb		$T3,$Xln
+	movdqa		$Xmn,$T1		#
+	psrldq		\$8,$T1
+	pslldq		\$8,$Xmn		#
+	pxor		$T1,$Xhi
+	pxor		$Xmn,$Xi		#
+
+	movdqa		$Xln,$Xhn		#
+
+	  movdqa	$Xi,$T2			# 1st phase
+	  movdqa	$Xi,$T1
+	  psllq		\$5,$Xi
+	  pxor		$Xi,$T1			#
+	pclmulqdq	\$0x00,$Hkey,$Xln	#######
+	  psllq		\$1,$Xi
+	  pxor		$T1,$Xi			#
+	  psllq		\$57,$Xi		#
+	  movdqa	$Xi,$T1			#
+	  pslldq	\$8,$Xi
+	  psrldq	\$8,$T1			#	
+	  pxor		$T2,$Xi
+	pshufd		\$0b01001110,$Xhn,$Xmn
+	  pxor		$T1,$Xhi		#
+	pxor		$Xhn,$Xmn		#
+
+	  movdqa	$Xi,$T2			# 2nd phase
+	  psrlq		\$1,$Xi
+	pclmulqdq	\$0x11,$Hkey,$Xhn	#######
+	  pxor		$T2,$Xhi		#
+	  pxor		$Xi,$T2
+	  psrlq		\$5,$Xi
+	  pxor		$T2,$Xi			#
+	lea		32($inp),$inp
+	  psrlq		\$1,$Xi			#
+	pclmulqdq	\$0x00,$HK,$Xmn		#######
+	  pxor		$Xhi,$Xi		#
+
+	sub		\$0x20,$len
+	ja		.Lmod_loop
+
+.Leven_tail:
+	 movdqa		$Xi,$Xhi
+	 movdqa		$Xmn,$T1
+	 pshufd		\$0b01001110,$Xi,$Xmn	#
+	 pxor		$Xi,$Xmn		#
+
+	pclmulqdq	\$0x00,$Hkey2,$Xi
+	pclmulqdq	\$0x11,$Hkey2,$Xhi
+	pclmulqdq	\$0x10,$HK,$Xmn
+
+	pxor		$Xln,$Xi		# (H*Ii+1) + H^2*(Ii+Xi)
+	pxor		$Xhn,$Xhi
+	pxor		$Xi,$T1
+	pxor		$Xhi,$T1
+	pxor		$T1,$Xmn
+	movdqa		$Xmn,$T1		#
+	psrldq		\$8,$T1
+	pslldq		\$8,$Xmn		#
+	pxor		$T1,$Xhi
+	pxor		$Xmn,$Xi		#
+___
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+	test		$len,$len
+	jnz		.Ldone
+
+.Lodd_tail:
+	movdqu		($inp),$T1		# Ii
+	pshufb		$T3,$T1
+	pxor		$T1,$Xi			# Ii+Xi
+___
+	&clmul64x64_T2	($Xhi,$Xi,$Hkey,$HK);	# H*(Ii+Xi)
+	&reduction_alg9	($Xhi,$Xi);
+$code.=<<___;
+.Ldone:
+	pshufb		$T3,$Xi
+	movdqu		$Xi,($Xip)
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	lea	0xa8(%rsp),%rsp
+.LSEH_end_gcm_ghash_clmul:
+___
+$code.=<<___;
+	ret
+.size	gcm_ghash_clmul,.-gcm_ghash_clmul
+___
+}
+
+$code.=<<___;
+.globl	gcm_init_avx
+.type	gcm_init_avx,\@abi-omnipotent
+.align	32
+gcm_init_avx:
+___
+if ($avx) {
+my ($Htbl,$Xip)=@_4args;
+my $HK="%xmm6";
+
+$code.=<<___ if ($win64);
+.LSEH_begin_gcm_init_avx:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x83,0xec,0x18		#sub	$0x18,%rsp
+	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($Xip),$Hkey
+	vpshufd		\$0b01001110,$Hkey,$Hkey	# dword swap
+
+	# <<1 twist
+	vpshufd		\$0b11111111,$Hkey,$T2	# broadcast uppermost dword
+	vpsrlq		\$63,$Hkey,$T1
+	vpsllq		\$1,$Hkey,$Hkey
+	vpxor		$T3,$T3,$T3		#
+	vpcmpgtd	$T2,$T3,$T3		# broadcast carry bit
+	vpslldq		\$8,$T1,$T1
+	vpor		$T1,$Hkey,$Hkey		# H<<=1
+
+	# magic reduction
+	vpand		.L0x1c2_polynomial(%rip),$T3,$T3
+	vpxor		$T3,$Hkey,$Hkey		# if(carry) H^=0x1c2_polynomial
+
+	vpunpckhqdq	$Hkey,$Hkey,$HK
+	vmovdqa		$Hkey,$Xi
+	vpxor		$Hkey,$HK,$HK
+	mov		\$4,%r10		# up to H^8
+	jmp		.Linit_start_avx
+___
+
+sub clmul64x64_avx {
+my ($Xhi,$Xi,$Hkey,$HK)=@_;
+
+if (!defined($HK)) {	$HK = $T2;
+$code.=<<___;
+	vpunpckhqdq	$Xi,$Xi,$T1
+	vpunpckhqdq	$Hkey,$Hkey,$T2
+	vpxor		$Xi,$T1,$T1		#
+	vpxor		$Hkey,$T2,$T2
+___
+} else {
+$code.=<<___;
+	vpunpckhqdq	$Xi,$Xi,$T1
+	vpxor		$Xi,$T1,$T1		#
+___
+}
+$code.=<<___;
+	vpclmulqdq	\$0x11,$Hkey,$Xi,$Xhi	#######
+	vpclmulqdq	\$0x00,$Hkey,$Xi,$Xi	#######
+	vpclmulqdq	\$0x00,$HK,$T1,$T1	#######
+	vpxor		$Xi,$Xhi,$T2		#
+	vpxor		$T2,$T1,$T1		#
+
+	vpslldq		\$8,$T1,$T2		#
+	vpsrldq		\$8,$T1,$T1
+	vpxor		$T2,$Xi,$Xi		#
+	vpxor		$T1,$Xhi,$Xhi
+___
+}
+
+sub reduction_avx {
+my ($Xhi,$Xi) = @_;
+
+$code.=<<___;
+	vpsllq		\$57,$Xi,$T1		# 1st phase
+	vpsllq		\$62,$Xi,$T2
+	vpxor		$T1,$T2,$T2		#
+	vpsllq		\$63,$Xi,$T1
+	vpxor		$T1,$T2,$T2		#
+	vpslldq		\$8,$T2,$T1		#
+	vpsrldq		\$8,$T2,$T2
+	vpxor		$T1,$Xi,$Xi		#
+	vpxor		$T2,$Xhi,$Xhi
+
+	vpsrlq		\$1,$Xi,$T2		# 2nd phase
+	vpxor		$Xi,$Xhi,$Xhi
+	vpxor		$T2,$Xi,$Xi		#
+	vpsrlq		\$5,$T2,$T2
+	vpxor		$T2,$Xi,$Xi		#
+	vpsrlq		\$1,$Xi,$Xi		#
+	vpxor		$Xhi,$Xi,$Xi		#
+___
+}
+
+$code.=<<___;
+.align	32
+.Linit_loop_avx:
+	vpalignr	\$8,$T1,$T2,$T3		# low part is H.lo^H.hi...
+	vmovdqu		$T3,-0x10($Htbl)	# save Karatsuba "salt"
+___
+	&clmul64x64_avx	($Xhi,$Xi,$Hkey,$HK);	# calculate H^3,5,7
+	&reduction_avx	($Xhi,$Xi);
+$code.=<<___;
+.Linit_start_avx:
+	vmovdqa		$Xi,$T3
+___
+	&clmul64x64_avx	($Xhi,$Xi,$Hkey,$HK);	# calculate H^2,4,6,8
+	&reduction_avx	($Xhi,$Xi);
+$code.=<<___;
+	vpshufd		\$0b01001110,$T3,$T1
+	vpshufd		\$0b01001110,$Xi,$T2
+	vpxor		$T3,$T1,$T1		# Karatsuba pre-processing
+	vmovdqu		$T3,0x00($Htbl)		# save H^1,3,5,7
+	vpxor		$Xi,$T2,$T2		# Karatsuba pre-processing
+	vmovdqu		$Xi,0x10($Htbl)		# save H^2,4,6,8
+	lea		0x30($Htbl),$Htbl
+	sub		\$1,%r10
+	jnz		.Linit_loop_avx
+
+	vpalignr	\$8,$T2,$T1,$T3		# last "salt" is flipped
+	vmovdqu		$T3,-0x10($Htbl)
+
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	lea	0x18(%rsp),%rsp
+.LSEH_end_gcm_init_avx:
+___
+$code.=<<___;
+	ret
+.size	gcm_init_avx,.-gcm_init_avx
+___
+} else {
+$code.=<<___;
+	jmp	.L_init_clmul
+.size	gcm_init_avx,.-gcm_init_avx
+___
+}
+
+$code.=<<___;
+.globl	gcm_gmult_avx
+.type	gcm_gmult_avx,\@abi-omnipotent
+.align	32
+gcm_gmult_avx:
+	jmp	.L_gmult_clmul
+.size	gcm_gmult_avx,.-gcm_gmult_avx
+___
+
+$code.=<<___;
+.globl	gcm_ghash_avx
+.type	gcm_ghash_avx,\@abi-omnipotent
+.align	32
+gcm_ghash_avx:
+___
+if ($avx) {
+my ($Xip,$Htbl,$inp,$len)=@_4args;
+my ($Xlo,$Xhi,$Xmi,
+    $Zlo,$Zhi,$Zmi,
+    $Hkey,$HK,$T1,$T2,
+    $Xi,$Xo,$Tred,$bswap,$Ii,$Ij) = map("%xmm$_",(0..15));
+
+$code.=<<___ if ($win64);
+	lea	-0x88(%rsp),%rax
+.LSEH_begin_gcm_ghash_avx:
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x48,0x8d,0x60,0xe0		#lea	-0x20(%rax),%rsp
+	.byte	0x0f,0x29,0x70,0xe0		#movaps	%xmm6,-0x20(%rax)
+	.byte	0x0f,0x29,0x78,0xf0		#movaps	%xmm7,-0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x00		#movaps	%xmm8,0(%rax)
+	.byte	0x44,0x0f,0x29,0x48,0x10	#movaps	%xmm9,0x10(%rax)
+	.byte	0x44,0x0f,0x29,0x50,0x20	#movaps	%xmm10,0x20(%rax)
+	.byte	0x44,0x0f,0x29,0x58,0x30	#movaps	%xmm11,0x30(%rax)
+	.byte	0x44,0x0f,0x29,0x60,0x40	#movaps	%xmm12,0x40(%rax)
+	.byte	0x44,0x0f,0x29,0x68,0x50	#movaps	%xmm13,0x50(%rax)
+	.byte	0x44,0x0f,0x29,0x70,0x60	#movaps	%xmm14,0x60(%rax)
+	.byte	0x44,0x0f,0x29,0x78,0x70	#movaps	%xmm15,0x70(%rax)
+___
+$code.=<<___;
+	vzeroupper
+
+	vmovdqu		($Xip),$Xi		# load $Xi
+	lea		.L0x1c2_polynomial(%rip),%r10
+	lea		0x40($Htbl),$Htbl	# size optimization
+	vmovdqu		.Lbswap_mask(%rip),$bswap
+	vpshufb		$bswap,$Xi,$Xi
+	cmp		\$0x80,$len
+	jb		.Lshort_avx
+	sub		\$0x80,$len
+
+	vmovdqu		0x70($inp),$Ii		# I[7]
+	vmovdqu		0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	vpshufb		$bswap,$Ii,$Ii
+	vmovdqu		0x20-0x40($Htbl),$HK
+
+	vpunpckhqdq	$Ii,$Ii,$T2
+	 vmovdqu	0x60($inp),$Ij		# I[6]
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Ii,$T2,$T2
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vmovdqu	0x50($inp),$Ii		# I[5]
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	 vpxor		$Ii,$T2,$T2
+	 vmovdqu	0x40($inp),$Ij		# I[4]
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0x50-0x40($Htbl),$HK
+
+	 vpshufb	$bswap,$Ij,$Ij
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vmovdqu	0x30($inp),$Ii		# I[3]
+	vpxor		$Zlo,$Xlo,$Xlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Zhi,$Xhi,$Xhi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	vpxor		$Zmi,$Xmi,$Xmi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0x80-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	 vmovdqu	0x20($inp),$Ij		# I[2]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	vpxor		$Xmi,$Zmi,$Zmi
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	vpclmulqdq	\$0x00,$HK,$T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+
+	 vmovdqu	0x10($inp),$Ii		# I[1]
+	vpxor		$Zlo,$Xlo,$Xlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Zhi,$Xhi,$Xhi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	 vmovdqu	0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	vpxor		$Zmi,$Xmi,$Xmi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpclmulqdq	\$0x10,$HK,$T1,$Zmi
+	 vmovdqu	0xb0-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	 vmovdqu	($inp),$Ij		# I[0]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Xhi,$Zhi,$Zhi
+	 vpshufb	$bswap,$Ij,$Ij
+	vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	 vmovdqu	0xa0-0x40($Htbl),$Hkey	# $Hkey^8
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x10,$HK,$T2,$Xmi
+
+	lea		0x80($inp),$inp
+	cmp		\$0x80,$len
+	jb		.Ltail_avx
+
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+	sub		\$0x80,$len
+	jmp		.Loop8x_avx
+
+.align	32
+.Loop8x_avx:
+	vpunpckhqdq	$Ij,$Ij,$T1
+	 vmovdqu	0x70($inp),$Ii		# I[7]
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpxor		$Ij,$T1,$T1
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xi
+	 vpshufb	$bswap,$Ii,$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xo
+	 vmovdqu	0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Tred
+	 vmovdqu	0x20-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+
+	  vmovdqu	0x60($inp),$Ij		# I[6]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	vpxor		$Zlo,$Xi,$Xi		# collect result
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	vxorps		$Zhi,$Xo,$Xo
+	  vmovdqu	0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	vpxor		$Zmi,$Tred,$Tred
+	 vxorps		$Ij,$T1,$T1
+
+	  vmovdqu	0x50($inp),$Ii		# I[5]
+	vpxor		$Xi,$Tred,$Tred		# aggregated Karatsuba post-processing
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	vpxor		$Xo,$Tred,$Tred
+	vpslldq		\$8,$Tred,$T2
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	vpsrldq		\$8,$Tred,$Tred
+	vpxor		$T2, $Xi, $Xi
+	  vmovdqu	0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	  vpshufb	$bswap,$Ii,$Ii
+	vxorps		$Tred,$Xo, $Xo
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0x50-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	0x40($inp),$Ij		# I[4]
+	vpalignr	\$8,$Xi,$Xi,$Tred	# 1st phase
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpxor		$Zlo,$Xlo,$Xlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpxor		$Zhi,$Xhi,$Xhi
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	 vxorps		$Ij,$T1,$T1
+	 vpxor		$Zmi,$Xmi,$Xmi
+
+	  vmovdqu	0x30($inp),$Ii		# I[3]
+	vpclmulqdq	\$0x10,(%r10),$Xi,$Xi
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	  vpshufb	$bswap,$Ii,$Ii
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	  vmovdqu	0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0x80-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	0x20($inp),$Ij		# I[2]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpxor		$Zlo,$Xlo,$Xlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	 vpunpckhqdq	$Ij,$Ij,$T1
+	 vpxor		$Zhi,$Xhi,$Xhi
+	 vpclmulqdq	\$0x00,$HK,  $T2,$Xmi
+	 vpxor		$Ij,$T1,$T1
+	 vpxor		$Zmi,$Xmi,$Xmi
+	vxorps		$Tred,$Xi,$Xi
+
+	  vmovdqu	0x10($inp),$Ii		# I[1]
+	vpalignr	\$8,$Xi,$Xi,$Tred	# 2nd phase
+	 vpclmulqdq	\$0x00,$Hkey,$Ij,$Zlo
+	  vpshufb	$bswap,$Ii,$Ii
+	 vpxor		$Xlo,$Zlo,$Zlo
+	 vpclmulqdq	\$0x11,$Hkey,$Ij,$Zhi
+	  vmovdqu	0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	vpclmulqdq	\$0x10,(%r10),$Xi,$Xi
+	vxorps		$Xo,$Tred,$Tred
+	 vpunpckhqdq	$Ii,$Ii,$T2
+	 vpxor		$Xhi,$Zhi,$Zhi
+	 vpclmulqdq	\$0x10,$HK,  $T1,$Zmi
+	  vmovdqu	0xb0-0x40($Htbl),$HK
+	 vpxor		$Ii,$T2,$T2
+	 vpxor		$Xmi,$Zmi,$Zmi
+
+	  vmovdqu	($inp),$Ij		# I[0]
+	 vpclmulqdq	\$0x00,$Hkey,$Ii,$Xlo
+	  vpshufb	$bswap,$Ij,$Ij
+	 vpclmulqdq	\$0x11,$Hkey,$Ii,$Xhi
+	  vmovdqu	0xa0-0x40($Htbl),$Hkey	# $Hkey^8
+	vpxor		$Tred,$Ij,$Ij
+	 vpclmulqdq	\$0x10,$HK,  $T2,$Xmi
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+
+	lea		0x80($inp),$inp
+	sub		\$0x80,$len
+	jnc		.Loop8x_avx
+
+	add		\$0x80,$len
+	jmp		.Ltail_no_xor_avx
+
+.align	32
+.Lshort_avx:
+	vmovdqu		-0x10($inp,$len),$Ii	# very last word
+	lea		($inp,$len),$inp
+	vmovdqu		0x00-0x40($Htbl),$Hkey	# $Hkey^1
+	vmovdqu		0x20-0x40($Htbl),$HK
+	vpshufb		$bswap,$Ii,$Ij
+
+	vmovdqa		$Xlo,$Zlo		# subtle way to zero $Zlo,
+	vmovdqa		$Xhi,$Zhi		# $Zhi and
+	vmovdqa		$Xmi,$Zmi		# $Zmi
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x20($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x10-0x40($Htbl),$Hkey	# $Hkey^2
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x30($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x30-0x40($Htbl),$Hkey	# $Hkey^3
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovdqu		0x50-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x40($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x40-0x40($Htbl),$Hkey	# $Hkey^4
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x50($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x60-0x40($Htbl),$Hkey	# $Hkey^5
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovdqu		0x80-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x60($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x70-0x40($Htbl),$Hkey	# $Hkey^6
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vpsrldq		\$8,$HK,$HK
+	sub		\$0x10,$len
+	jz		.Ltail_avx
+
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	 vmovdqu	-0x70($inp),$Ii
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vmovdqu		0x90-0x40($Htbl),$Hkey	# $Hkey^7
+	 vpshufb	$bswap,$Ii,$Ij
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+	vmovq		0xb8-0x40($Htbl),$HK
+	sub		\$0x10,$len
+	jmp		.Ltail_avx
+
+.align	32
+.Ltail_avx:
+	vpxor		$Xi,$Ij,$Ij		# accumulate $Xi
+.Ltail_no_xor_avx:
+	vpunpckhqdq	$Ij,$Ij,$T1
+	vpxor		$Xlo,$Zlo,$Zlo
+	vpclmulqdq	\$0x00,$Hkey,$Ij,$Xlo
+	vpxor		$Ij,$T1,$T1
+	vpxor		$Xhi,$Zhi,$Zhi
+	vpclmulqdq	\$0x11,$Hkey,$Ij,$Xhi
+	vpxor		$Xmi,$Zmi,$Zmi
+	vpclmulqdq	\$0x00,$HK,$T1,$Xmi
+
+	vmovdqu		(%r10),$Tred
+
+	vpxor		$Xlo,$Zlo,$Xi
+	vpxor		$Xhi,$Zhi,$Xo
+	vpxor		$Xmi,$Zmi,$Zmi
+
+	vpxor		$Xi, $Zmi,$Zmi		# aggregated Karatsuba post-processing
+	vpxor		$Xo, $Zmi,$Zmi
+	vpslldq		\$8, $Zmi,$T2
+	vpsrldq		\$8, $Zmi,$Zmi
+	vpxor		$T2, $Xi, $Xi
+	vpxor		$Zmi,$Xo, $Xo
+
+	vpclmulqdq	\$0x10,$Tred,$Xi,$T2	# 1st phase
+	vpalignr	\$8,$Xi,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	vpclmulqdq	\$0x10,$Tred,$Xi,$T2	# 2nd phase
+	vpalignr	\$8,$Xi,$Xi,$Xi
+	vpxor		$Xo,$Xi,$Xi
+	vpxor		$T2,$Xi,$Xi
+
+	cmp		\$0,$len
+	jne		.Lshort_avx
+
+	vpshufb		$bswap,$Xi,$Xi
+	vmovdqu		$Xi,($Xip)
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
+	movaps	0x20(%rsp),%xmm8
+	movaps	0x30(%rsp),%xmm9
+	movaps	0x40(%rsp),%xmm10
+	movaps	0x50(%rsp),%xmm11
+	movaps	0x60(%rsp),%xmm12
+	movaps	0x70(%rsp),%xmm13
+	movaps	0x80(%rsp),%xmm14
+	movaps	0x90(%rsp),%xmm15
+	lea	0xa8(%rsp),%rsp
+.LSEH_end_gcm_ghash_avx:
+___
+$code.=<<___;
+	ret
+.size	gcm_ghash_avx,.-gcm_ghash_avx
+___
+} else {
+$code.=<<___;
+	jmp	.L_ghash_clmul
+.size	gcm_ghash_avx,.-gcm_ghash_avx
+___
+}
+
+$code.=<<___;
+.align	64
+.Lbswap_mask:
+	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.L0x1c2_polynomial:
+	.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.L7_mask:
+	.long	7,0,7,0
+.L7_mask_poly:
+	.long	7,0,`0xE1<<1`,0
+.align	64
+.type	.Lrem_4bit,\@object
+.Lrem_4bit:
+	.long	0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`
+	.long	0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`
+	.long	0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`
+	.long	0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`
+.type	.Lrem_8bit,\@object
+.Lrem_8bit:
+	.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
+	.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
+	.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
+	.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
+	.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
+	.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
+	.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
+	.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
+	.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
+	.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
+	.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
+	.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
+	.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
+	.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
+	.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
+	.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
+	.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
+	.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
+	.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
+	.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
+	.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
+	.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
+	.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
+	.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
+	.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
+	.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
+	.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
+	.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
+	.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
+	.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
+	.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
+	.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.asciz	"GHASH for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	24(%rax),%rax		# adjust "rsp"
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_gcm_gmult_4bit
+	.rva	.LSEH_end_gcm_gmult_4bit
+	.rva	.LSEH_info_gcm_gmult_4bit
+
+	.rva	.LSEH_begin_gcm_ghash_4bit
+	.rva	.LSEH_end_gcm_ghash_4bit
+	.rva	.LSEH_info_gcm_ghash_4bit
+
+	.rva	.LSEH_begin_gcm_init_clmul
+	.rva	.LSEH_end_gcm_init_clmul
+	.rva	.LSEH_info_gcm_init_clmul
+
+	.rva	.LSEH_begin_gcm_ghash_clmul
+	.rva	.LSEH_end_gcm_ghash_clmul
+	.rva	.LSEH_info_gcm_ghash_clmul
+___
+$code.=<<___	if ($avx);
+	.rva	.LSEH_begin_gcm_init_avx
+	.rva	.LSEH_end_gcm_init_avx
+	.rva	.LSEH_info_gcm_init_clmul
+
+	.rva	.LSEH_begin_gcm_ghash_avx
+	.rva	.LSEH_end_gcm_ghash_avx
+	.rva	.LSEH_info_gcm_ghash_clmul
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_gcm_gmult_4bit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lgmult_prologue,.Lgmult_epilogue	# HandlerData
+.LSEH_info_gcm_ghash_4bit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lghash_prologue,.Lghash_epilogue	# HandlerData
+.LSEH_info_gcm_init_clmul:
+	.byte	0x01,0x08,0x03,0x00
+	.byte	0x08,0x68,0x00,0x00	#movaps	0x00(rsp),xmm6
+	.byte	0x04,0x22,0x00,0x00	#sub	rsp,0x18
+.LSEH_info_gcm_ghash_clmul:
+	.byte	0x01,0x33,0x16,0x00
+	.byte	0x33,0xf8,0x09,0x00	#movaps 0x90(rsp),xmm15
+	.byte	0x2e,0xe8,0x08,0x00	#movaps 0x80(rsp),xmm14
+	.byte	0x29,0xd8,0x07,0x00	#movaps 0x70(rsp),xmm13
+	.byte	0x24,0xc8,0x06,0x00	#movaps 0x60(rsp),xmm12
+	.byte	0x1f,0xb8,0x05,0x00	#movaps 0x50(rsp),xmm11
+	.byte	0x1a,0xa8,0x04,0x00	#movaps 0x40(rsp),xmm10
+	.byte	0x15,0x98,0x03,0x00	#movaps 0x30(rsp),xmm9
+	.byte	0x10,0x88,0x02,0x00	#movaps 0x20(rsp),xmm8
+	.byte	0x0c,0x78,0x01,0x00	#movaps 0x10(rsp),xmm7
+	.byte	0x08,0x68,0x00,0x00	#movaps 0x00(rsp),xmm6
+	.byte	0x04,0x01,0x15,0x00	#sub	rsp,0xa8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghashp8-ppc.pl b/openssl-1.1.0h/crypto/modes/asm/ghashp8-ppc.pl
new file mode 100755
index 0000000..f0598cb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghashp8-ppc.pl
@@ -0,0 +1,670 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# GHASH for for PowerISA v2.07.
+#
+# July 2014
+#
+# Accurate performance measurements are problematic, because it's
+# always virtualized setup with possibly throttled processor.
+# Relative comparison is therefore more informative. This initial
+# version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x
+# faster than "4-bit" integer-only compiler-generated 64-bit code.
+# "Initial version" means that there is room for futher improvement.
+
+# May 2016
+#
+# 2x aggregated reduction improves performance by 50% (resulting
+# performance on POWER8 is 1 cycle per processed byte), and 4x
+# aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb).
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$POP="ld";
+	$PUSH="std";
+	$UCMP="cmpld";
+	$SHRI="srdi";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$POP="lwz";
+	$PUSH="stw";
+	$UCMP="cmplw";
+	$SHRI="srwi";
+} else { die "nonsense $flavour"; }
+
+$sp="r1";
+$FRAME=6*$SIZE_T+13*16;	# 13*16 is for v20-v31 offload
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6));	# argument block
+
+my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
+my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
+my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19));
+my $vrsave="r12";
+
+$code=<<___;
+.machine	"any"
+
+.text
+
+.globl	.gcm_init_p8
+.align	5
+.gcm_init_p8:
+	li		r0,-4096
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$H,0,r4			# load H
+
+	vspltisb	$xC2,-16		# 0xf0
+	vspltisb	$t0,1			# one
+	vaddubm		$xC2,$xC2,$xC2		# 0xe0
+	vxor		$zero,$zero,$zero
+	vor		$xC2,$xC2,$t0		# 0xe1
+	vsldoi		$xC2,$xC2,$zero,15	# 0xe1...
+	vsldoi		$t1,$zero,$t0,1		# ...1
+	vaddubm		$xC2,$xC2,$xC2		# 0xc2...
+	vspltisb	$t2,7
+	vor		$xC2,$xC2,$t1		# 0xc2....01
+	vspltb		$t1,$H,0		# most significant byte
+	vsl		$H,$H,$t0		# H<<=1
+	vsrab		$t1,$t1,$t2		# broadcast carry bit
+	vand		$t1,$t1,$xC2
+	vxor		$IN,$H,$t1		# twisted H
+
+	vsldoi		$H,$IN,$IN,8		# twist even more ...
+	vsldoi		$xC2,$zero,$xC2,8	# 0xc2.0
+	vsldoi		$Hl,$zero,$H,8		# ... and split
+	vsldoi		$Hh,$H,$zero,8
+
+	stvx_u		$xC2,0,r3		# save pre-computed table
+	stvx_u		$Hl,r8,r3
+	li		r8,0x40
+	stvx_u		$H, r9,r3
+	li		r9,0x50
+	stvx_u		$Hh,r10,r3
+	li		r10,0x60
+
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·H.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·H.lo+H.lo·H.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·H.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$IN1,$Xl,$t1
+
+	vsldoi		$H2,$IN1,$IN1,8
+	vsldoi		$H2l,$zero,$H2,8
+	vsldoi		$H2h,$H2,$zero,8
+
+	stvx_u		$H2l,r8,r3		# save H^2
+	li		r8,0x70
+	stvx_u		$H2,r9,r3
+	li		r9,0x80
+	stvx_u		$H2h,r10,r3
+	li		r10,0x90
+___
+{
+my ($t4,$t5,$t6) = ($Hl,$H,$Hh);
+$code.=<<___;
+	vpmsumd		$Xl,$IN,$H2l		# H.lo·H^2.lo
+	 vpmsumd	$Xl1,$IN1,$H2l		# H^2.lo·H^2.lo
+	vpmsumd		$Xm,$IN,$H2		# H.hi·H^2.lo+H.lo·H^2.hi
+	 vpmsumd	$Xm1,$IN1,$H2		# H^2.hi·H^2.lo+H^2.lo·H^2.hi
+	vpmsumd		$Xh,$IN,$H2h		# H.hi·H^2.hi
+	 vpmsumd	$Xh1,$IN1,$H2h		# H^2.hi·H^2.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+	 vpmsumd	$t6,$Xl1,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vsldoi		$t4,$Xm1,$zero,8
+	 vsldoi		$t5,$zero,$Xm1,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+	 vxor		$Xl1,$Xl1,$t4
+	 vxor		$Xh1,$Xh1,$t5
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	 vsldoi		$Xl1,$Xl1,$Xl1,8
+	vxor		$Xl,$Xl,$t2
+	 vxor		$Xl1,$Xl1,$t6
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	 vsldoi		$t5,$Xl1,$Xl1,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	 vpmsumd	$Xl1,$Xl1,$xC2
+	vxor		$t1,$t1,$Xh
+	 vxor		$t5,$t5,$Xh1
+	vxor		$Xl,$Xl,$t1
+	 vxor		$Xl1,$Xl1,$t5
+
+	vsldoi		$H,$Xl,$Xl,8
+	 vsldoi		$H2,$Xl1,$Xl1,8
+	vsldoi		$Hl,$zero,$H,8
+	vsldoi		$Hh,$H,$zero,8
+	 vsldoi		$H2l,$zero,$H2,8
+	 vsldoi		$H2h,$H2,$zero,8
+
+	stvx_u		$Hl,r8,r3		# save H^3
+	li		r8,0xa0
+	stvx_u		$H,r9,r3
+	li		r9,0xb0
+	stvx_u		$Hh,r10,r3
+	li		r10,0xc0
+	 stvx_u		$H2l,r8,r3		# save H^4
+	 stvx_u		$H2,r9,r3
+	 stvx_u		$H2h,r10,r3
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,2,0
+	.long		0
+.size	.gcm_init_p8,.-.gcm_init_p8
+___
+}
+$code.=<<___;
+.globl	.gcm_gmult_p8
+.align	5
+.gcm_gmult_p8:
+	lis		r0,0xfff8
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$IN,0,$Xip		# load Xi
+
+	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
+	 le?lvsl	$lemask,r0,r0
+	lvx_u		$H, r9,$Htbl
+	 le?vspltisb	$t0,0x07
+	lvx_u		$Hh,r10,$Htbl
+	 le?vxor	$lemask,$lemask,$t0
+	lvx_u		$xC2,0,$Htbl
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$zero,$zero,$zero
+
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$Xl,$Xl,$t1
+
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,2,0
+	.long		0
+.size	.gcm_gmult_p8,.-.gcm_gmult_p8
+
+.globl	.gcm_ghash_p8
+.align	5
+.gcm_ghash_p8:
+	li		r0,-4096
+	li		r8,0x10
+	mfspr		$vrsave,256
+	li		r9,0x20
+	mtspr		256,r0
+	li		r10,0x30
+	lvx_u		$Xl,0,$Xip		# load Xi
+
+	lvx_u		$Hl,r8,$Htbl		# load pre-computed table
+	li		r8,0x40
+	 le?lvsl	$lemask,r0,r0
+	lvx_u		$H, r9,$Htbl
+	li		r9,0x50
+	 le?vspltisb	$t0,0x07
+	lvx_u		$Hh,r10,$Htbl
+	li		r10,0x60
+	 le?vxor	$lemask,$lemask,$t0
+	lvx_u		$xC2,0,$Htbl
+	 le?vperm	$Xl,$Xl,$Xl,$lemask
+	vxor		$zero,$zero,$zero
+
+	${UCMP}i	$len,64
+	bge		Lgcm_ghash_p8_4x
+
+	lvx_u		$IN,0,$inp
+	addi		$inp,$inp,16
+	subic.		$len,$len,16
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$IN,$IN,$Xl
+	beq		Lshort
+
+	lvx_u		$H2l,r8,$Htbl		# load H^2
+	li		r8,16
+	lvx_u		$H2, r9,$Htbl
+	add		r9,$inp,$len		# end of input
+	lvx_u		$H2h,r10,$Htbl
+	be?b		Loop_2x
+
+.align	5
+Loop_2x:
+	lvx_u		$IN1,0,$inp
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+
+	 subic		$len,$len,32
+	vpmsumd		$Xl,$IN,$H2l		# H^2.lo·Xi.lo
+	 vpmsumd	$Xl1,$IN1,$Hl		# H.lo·Xi+1.lo
+	 subfe		r0,r0,r0		# borrow?-1:0
+	vpmsumd		$Xm,$IN,$H2		# H^2.hi·Xi.lo+H^2.lo·Xi.hi
+	 vpmsumd	$Xm1,$IN1,$H		# H.hi·Xi+1.lo+H.lo·Xi+1.hi
+	 and		r0,r0,$len
+	vpmsumd		$Xh,$IN,$H2h		# H^2.hi·Xi.hi
+	 vpmsumd	$Xh1,$IN1,$Hh		# H.hi·Xi+1.hi
+	 add		$inp,$inp,r0
+
+	vxor		$Xl,$Xl,$Xl1
+	vxor		$Xm,$Xm,$Xm1
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vxor		$Xh,$Xh,$Xh1
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+	 lvx_u		$IN,r8,$inp
+	 addi		$inp,$inp,32
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	 le?vperm	$IN,$IN,$IN,$lemask
+	vxor		$t1,$t1,$Xh
+	vxor		$IN,$IN,$t1
+	vxor		$IN,$IN,$Xl
+	$UCMP		r9,$inp
+	bgt		Loop_2x			# done yet?
+
+	cmplwi		$len,0
+	bne		Leven
+
+Lshort:
+	vpmsumd		$Xl,$IN,$Hl		# H.lo·Xi.lo
+	vpmsumd		$Xm,$IN,$H		# H.hi·Xi.lo+H.lo·Xi.hi
+	vpmsumd		$Xh,$IN,$Hh		# H.hi·Xi.hi
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+
+Leven:
+	vxor		$Xl,$Xl,$t1
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	mtspr		256,$vrsave
+	blr
+	.long		0
+	.byte		0,12,0x14,0,0,0,4,0
+	.long		0
+___
+{
+my ($Xl3,$Xm2,$IN2,$H3l,$H3,$H3h,
+    $Xh3,$Xm3,$IN3,$H4l,$H4,$H4h) = map("v$_",(20..31));
+my $IN0=$IN;
+my ($H21l,$H21h,$loperm,$hiperm) = ($Hl,$Hh,$H2l,$H2h);
+
+$code.=<<___;
+.align	5
+.gcm_ghash_p8_4x:
+Lgcm_ghash_p8_4x:
+	$STU		$sp,-$FRAME($sp)
+	li		r10,`15+6*$SIZE_T`
+	li		r11,`31+6*$SIZE_T`
+	stvx		v20,r10,$sp
+	addi		r10,r10,32
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	li		r10,0x60
+	stvx		v31,r11,$sp
+	li		r0,-1
+	stw		$vrsave,`$FRAME-4`($sp)	# save vrsave
+	mtspr		256,r0			# preserve all AltiVec registers
+
+	lvsl		$t0,0,r8		# 0x0001..0e0f
+	#lvx_u		$H2l,r8,$Htbl		# load H^2
+	li		r8,0x70
+	lvx_u		$H2, r9,$Htbl
+	li		r9,0x80
+	vspltisb	$t1,8			# 0x0808..0808
+	#lvx_u		$H2h,r10,$Htbl
+	li		r10,0x90
+	lvx_u		$H3l,r8,$Htbl		# load H^3
+	li		r8,0xa0
+	lvx_u		$H3, r9,$Htbl
+	li		r9,0xb0
+	lvx_u		$H3h,r10,$Htbl
+	li		r10,0xc0
+	lvx_u		$H4l,r8,$Htbl		# load H^4
+	li		r8,0x10
+	lvx_u		$H4, r9,$Htbl
+	li		r9,0x20
+	lvx_u		$H4h,r10,$Htbl
+	li		r10,0x30
+
+	vsldoi		$t2,$zero,$t1,8		# 0x0000..0808
+	vaddubm		$hiperm,$t0,$t2		# 0x0001..1617
+	vaddubm		$loperm,$t1,$hiperm	# 0x0809..1e1f
+
+	$SHRI		$len,$len,4		# this allows to use sign bit
+						# as carry
+	lvx_u		$IN0,0,$inp		# load input
+	lvx_u		$IN1,r8,$inp
+	subic.		$len,$len,8
+	lvx_u		$IN2,r9,$inp
+	lvx_u		$IN3,r10,$inp
+	addi		$inp,$inp,0x40
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+	le?vperm	$IN3,$IN3,$IN3,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+
+	 vpmsumd	$Xl1,$IN1,$H3l
+	 vpmsumd	$Xm1,$IN1,$H3
+	 vpmsumd	$Xh1,$IN1,$H3h
+
+	 vperm		$H21l,$H2,$H,$hiperm
+	 vperm		$t0,$IN2,$IN3,$loperm
+	 vperm		$H21h,$H2,$H,$loperm
+	 vperm		$t1,$IN2,$IN3,$hiperm
+	 vpmsumd	$Xm2,$IN2,$H2		# H^2.lo·Xi+2.hi+H^2.hi·Xi+2.lo
+	 vpmsumd	$Xl3,$t0,$H21l		# H^2.lo·Xi+2.lo+H.lo·Xi+3.lo
+	 vpmsumd	$Xm3,$IN3,$H		# H.hi·Xi+3.lo  +H.lo·Xi+3.hi
+	 vpmsumd	$Xh3,$t1,$H21h		# H^2.hi·Xi+2.hi+H.hi·Xi+3.hi
+
+	 vxor		$Xm2,$Xm2,$Xm1
+	 vxor		$Xl3,$Xl3,$Xl1
+	 vxor		$Xm3,$Xm3,$Xm2
+	 vxor		$Xh3,$Xh3,$Xh1
+
+	blt		Ltail_4x
+
+Loop_4x:
+	lvx_u		$IN0,0,$inp
+	lvx_u		$IN1,r8,$inp
+	subic.		$len,$len,4
+	lvx_u		$IN2,r9,$inp
+	lvx_u		$IN3,r10,$inp
+	addi		$inp,$inp,0x40
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+	le?vperm	$IN3,$IN3,$IN3,$lemask
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+
+	vpmsumd		$Xl,$Xh,$H4l		# H^4.lo·Xi.lo
+	vpmsumd		$Xm,$Xh,$H4		# H^4.hi·Xi.lo+H^4.lo·Xi.hi
+	vpmsumd		$Xh,$Xh,$H4h		# H^4.hi·Xi.hi
+	 vpmsumd	$Xl1,$IN1,$H3l
+	 vpmsumd	$Xm1,$IN1,$H3
+	 vpmsumd	$Xh1,$IN1,$H3h
+
+	vxor		$Xl,$Xl,$Xl3
+	vxor		$Xm,$Xm,$Xm3
+	vxor		$Xh,$Xh,$Xh3
+	 vperm		$t0,$IN2,$IN3,$loperm
+	 vperm		$t1,$IN2,$IN3,$hiperm
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+	 vpmsumd	$Xl3,$t0,$H21l		# H.lo·Xi+3.lo  +H^2.lo·Xi+2.lo
+	 vpmsumd	$Xh3,$t1,$H21h		# H.hi·Xi+3.hi  +H^2.hi·Xi+2.hi
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	 vpmsumd	$Xm2,$IN2,$H2		# H^2.hi·Xi+2.lo+H^2.lo·Xi+2.hi
+	 vpmsumd	$Xm3,$IN3,$H		# H.hi·Xi+3.lo  +H.lo·Xi+3.hi
+	vpmsumd		$Xl,$Xl,$xC2
+
+	 vxor		$Xl3,$Xl3,$Xl1
+	 vxor		$Xh3,$Xh3,$Xh1
+	vxor		$Xh,$Xh,$IN0
+	 vxor		$Xm2,$Xm2,$Xm1
+	vxor		$Xh,$Xh,$t1
+	 vxor		$Xm3,$Xm3,$Xm2
+	vxor		$Xh,$Xh,$Xl
+	bge		Loop_4x
+
+Ltail_4x:
+	vpmsumd		$Xl,$Xh,$H4l		# H^4.lo·Xi.lo
+	vpmsumd		$Xm,$Xh,$H4		# H^4.hi·Xi.lo+H^4.lo·Xi.hi
+	vpmsumd		$Xh,$Xh,$H4h		# H^4.hi·Xi.hi
+
+	vxor		$Xl,$Xl,$Xl3
+	vxor		$Xm,$Xm,$Xm3
+
+	vpmsumd		$t2,$Xl,$xC2		# 1st reduction phase
+
+	vsldoi		$t0,$Xm,$zero,8
+	vsldoi		$t1,$zero,$Xm,8
+	 vxor		$Xh,$Xh,$Xh3
+	vxor		$Xl,$Xl,$t0
+	vxor		$Xh,$Xh,$t1
+
+	vsldoi		$Xl,$Xl,$Xl,8
+	vxor		$Xl,$Xl,$t2
+
+	vsldoi		$t1,$Xl,$Xl,8		# 2nd reduction phase
+	vpmsumd		$Xl,$Xl,$xC2
+	vxor		$t1,$t1,$Xh
+	vxor		$Xl,$Xl,$t1
+
+	addic.		$len,$len,4
+	beq		Ldone_4x
+
+	lvx_u		$IN0,0,$inp
+	${UCMP}i	$len,2
+	li		$len,-4
+	blt		Lone
+	lvx_u		$IN1,r8,$inp
+	beq		Ltwo
+
+Lthree:
+	lvx_u		$IN2,r9,$inp
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+	le?vperm	$IN2,$IN2,$IN2,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+	vmr		$H4l,$H3l
+	vmr		$H4, $H3
+	vmr		$H4h,$H3h
+
+	vperm		$t0,$IN1,$IN2,$loperm
+	vperm		$t1,$IN1,$IN2,$hiperm
+	vpmsumd		$Xm2,$IN1,$H2		# H^2.lo·Xi+1.hi+H^2.hi·Xi+1.lo
+	vpmsumd		$Xm3,$IN2,$H		# H.hi·Xi+2.lo  +H.lo·Xi+2.hi
+	vpmsumd		$Xl3,$t0,$H21l		# H^2.lo·Xi+1.lo+H.lo·Xi+2.lo
+	vpmsumd		$Xh3,$t1,$H21h		# H^2.hi·Xi+1.hi+H.hi·Xi+2.hi
+
+	vxor		$Xm3,$Xm3,$Xm2
+	b		Ltail_4x
+
+.align	4
+Ltwo:
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+	le?vperm	$IN1,$IN1,$IN1,$lemask
+
+	vxor		$Xh,$IN0,$Xl
+	vperm		$t0,$zero,$IN1,$loperm
+	vperm		$t1,$zero,$IN1,$hiperm
+
+	vsldoi		$H4l,$zero,$H2,8
+	vmr		$H4, $H2
+	vsldoi		$H4h,$H2,$zero,8
+
+	vpmsumd		$Xl3,$t0, $H21l		# H.lo·Xi+1.lo
+	vpmsumd		$Xm3,$IN1,$H		# H.hi·Xi+1.lo+H.lo·Xi+2.hi
+	vpmsumd		$Xh3,$t1, $H21h		# H.hi·Xi+1.hi
+
+	b		Ltail_4x
+
+.align	4
+Lone:
+	le?vperm	$IN0,$IN0,$IN0,$lemask
+
+	vsldoi		$H4l,$zero,$H,8
+	vmr		$H4, $H
+	vsldoi		$H4h,$H,$zero,8
+
+	vxor		$Xh,$IN0,$Xl
+	vxor		$Xl3,$Xl3,$Xl3
+	vxor		$Xm3,$Xm3,$Xm3
+	vxor		$Xh3,$Xh3,$Xh3
+
+	b		Ltail_4x
+
+Ldone_4x:
+	le?vperm	$Xl,$Xl,$Xl,$lemask
+	stvx_u		$Xl,0,$Xip		# write out Xi
+
+	li		r10,`15+6*$SIZE_T`
+	li		r11,`31+6*$SIZE_T`
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,0x04,0,0x80,0,4,0
+	.long		0
+___
+}
+$code.=<<___;
+.size	.gcm_ghash_p8,.-.gcm_ghash_p8
+
+.asciz  "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	if ($flavour =~ /le$/o) {	# little-endian
+	    s/le\?//o		or
+	    s/be\?/#be#/o;
+	} else {
+	    s/le\?/#le#/o	or
+	    s/be\?//o;
+	}
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/modes/asm/ghashv8-armx.pl b/openssl-1.1.0h/crypto/modes/asm/ghashv8-armx.pl
new file mode 100644
index 0000000..dcd5f59
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/asm/ghashv8-armx.pl
@@ -0,0 +1,430 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication.
+#
+# June 2014
+#
+# Initial version was developed in tight cooperation with Ard
+# Biesheuvel <ard.biesheuvel@linaro.org> from bits-n-pieces from
+# other assembly modules. Just like aesv8-armx.pl this module
+# supports both AArch32 and AArch64 execution modes.
+#
+# July 2014
+#
+# Implement 2x aggregated reduction [see ghash-x86.pl for background
+# information].
+#
+# Current performance in cycles per processed byte:
+#
+#		PMULL[2]	32-bit NEON(*)
+# Apple A7	0.92		5.62
+# Cortex-A53	1.01		8.39
+# Cortex-A57	1.17		7.61
+# Denver	0.71		6.02
+# Mongoose	1.10		8.06
+#
+# (*)	presented for reference/comparison purposes;
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+$Xi="x0";	# argument block
+$Htbl="x1";
+$inp="x2";
+$len="x3";
+
+$inc="x12";
+
+{
+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
+my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14));
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+___
+$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
+$code.=<<___				if ($flavour !~ /64/);
+.fpu	neon
+.code	32
+#undef	__thumb2__
+___
+
+################################################################################
+# void gcm_init_v8(u128 Htable[16],const u64 H[2]);
+#
+# input:	128-bit H - secret parameter E(K,0^128)
+# output:	precomputed table filled with degrees of twisted H;
+#		H is twisted to handle reverse bitness of GHASH;
+#		only few of 16 slots of Htable[16] are used;
+#		data is opaque to outside world (which allows to
+#		optimize the code independently);
+#
+$code.=<<___;
+.global	gcm_init_v8
+.type	gcm_init_v8,%function
+.align	4
+gcm_init_v8:
+	vld1.64		{$t1},[x1]		@ load input H
+	vmov.i8		$xC2,#0xe1
+	vshl.i64	$xC2,$xC2,#57		@ 0xc2.0
+	vext.8		$IN,$t1,$t1,#8
+	vshr.u64	$t2,$xC2,#63
+	vdup.32		$t1,${t1}[1]
+	vext.8		$t0,$t2,$xC2,#8		@ t0=0xc2....01
+	vshr.u64	$t2,$IN,#63
+	vshr.s32	$t1,$t1,#31		@ broadcast carry bit
+	vand		$t2,$t2,$t0
+	vshl.i64	$IN,$IN,#1
+	vext.8		$t2,$t2,$t2,#8
+	vand		$t0,$t0,$t1
+	vorr		$IN,$IN,$t2		@ H<<<=1
+	veor		$H,$IN,$t0		@ twisted H
+	vst1.64		{$H},[x0],#16		@ store Htable[0]
+
+	@ calculate H^2
+	vext.8		$t0,$H,$H,#8		@ Karatsuba pre-processing
+	vpmull.p64	$Xl,$H,$H
+	veor		$t0,$t0,$H
+	vpmull2.p64	$Xh,$H,$H
+	vpmull.p64	$Xm,$t0,$t0
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$H2,$Xl,$t2
+
+	vext.8		$t1,$H2,$H2,#8		@ Karatsuba pre-processing
+	veor		$t1,$t1,$H2
+	vext.8		$Hhl,$t0,$t1,#8		@ pack Karatsuba pre-processed
+	vst1.64		{$Hhl-$H2},[x0]		@ store Htable[1..2]
+
+	ret
+.size	gcm_init_v8,.-gcm_init_v8
+___
+################################################################################
+# void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]);
+#
+# input:	Xi - current hash value;
+#		Htable - table precomputed in gcm_init_v8;
+# output:	Xi - next hash value Xi;
+#
+$code.=<<___;
+.global	gcm_gmult_v8
+.type	gcm_gmult_v8,%function
+.align	4
+gcm_gmult_v8:
+	vld1.64		{$t1},[$Xi]		@ load Xi
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H-$Hhl},[$Htbl]	@ load twisted H, ...
+	vshl.u64	$xC2,$xC2,#57
+#ifndef __ARMEB__
+	vrev64.8	$t1,$t1
+#endif
+	vext.8		$IN,$t1,$t1,#8
+
+	vpmull.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
+	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
+	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$Xl,$Xl,$Xl,#8
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+	ret
+.size	gcm_gmult_v8,.-gcm_gmult_v8
+___
+################################################################################
+# void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
+#
+# input:	table precomputed in gcm_init_v8;
+#		current hash value Xi;
+#		pointer to input data;
+#		length of input data in bytes, but divisible by block size;
+# output:	next hash value Xi;
+#
+$code.=<<___;
+.global	gcm_ghash_v8
+.type	gcm_ghash_v8,%function
+.align	4
+gcm_ghash_v8:
+___
+$code.=<<___		if ($flavour !~ /64/);
+	vstmdb		sp!,{d8-d15}		@ 32-bit ABI says so
+___
+$code.=<<___;
+	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
+						@ "[rotated]" means that
+						@ loaded value would have
+						@ to be rotated in order to
+						@ make it appear as in
+						@ alorithm specification
+	subs		$len,$len,#32		@ see if $len is 32 or larger
+	mov		$inc,#16		@ $inc is used as post-
+						@ increment for input pointer;
+						@ as loop is modulo-scheduled
+						@ $inc is zeroed just in time
+						@ to preclude oversteping
+						@ inp[len], which means that
+						@ last block[s] are actually
+						@ loaded twice, but last
+						@ copy is not processed
+	vld1.64		{$H-$Hhl},[$Htbl],#32	@ load twisted H, ..., H^2
+	vmov.i8		$xC2,#0xe1
+	vld1.64		{$H2},[$Htbl]
+	cclr		$inc,eq			@ is it time to zero $inc?
+	vext.8		$Xl,$Xl,$Xl,#8		@ rotate Xi
+	vld1.64		{$t0},[$inp],#16	@ load [rotated] I[0]
+	vshl.u64	$xC2,$xC2,#57		@ compose 0xc2.0 constant
+#ifndef __ARMEB__
+	vrev64.8	$t0,$t0
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$IN,$t0,$t0,#8		@ rotate I[0]
+	b.lo		.Lodd_tail_v8		@ $len was less than 32
+___
+{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7));
+	#######
+	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
+	#	[(H*Ii+1) + (H*Xi+1)] mod P =
+	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
+	#
+$code.=<<___;
+	vld1.64		{$t1},[$inp],$inc	@ load [rotated] I[1]
+#ifndef __ARMEB__
+	vrev64.8	$t1,$t1
+#endif
+	vext.8		$In,$t1,$t1,#8
+	veor		$IN,$IN,$Xl		@ I[i]^=Xi
+	vpmull.p64	$Xln,$H,$In		@ H·Ii+1
+	veor		$t1,$t1,$In		@ Karatsuba pre-processing
+	vpmull2.p64	$Xhn,$H,$In
+	b		.Loop_mod2x_v8
+
+.align	4
+.Loop_mod2x_v8:
+	vext.8		$t2,$IN,$IN,#8
+	subs		$len,$len,#32		@ is there more data?
+	vpmull.p64	$Xl,$H2,$IN		@ H^2.lo·Xi.lo
+	cclr		$inc,lo			@ is it time to zero $inc?
+
+	 vpmull.p64	$Xmn,$Hhl,$t1
+	veor		$t2,$t2,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H2,$IN		@ H^2.hi·Xi.hi
+	veor		$Xl,$Xl,$Xln		@ accumulate
+	vpmull2.p64	$Xm,$Hhl,$t2		@ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
+	 vld1.64	{$t0},[$inp],$inc	@ load [rotated] I[i+2]
+
+	veor		$Xh,$Xh,$Xhn
+	 cclr		$inc,eq			@ is it time to zero $inc?
+	veor		$Xm,$Xm,$Xmn
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	 vld1.64	{$t1},[$inp],$inc	@ load [rotated] I[i+3]
+#ifndef __ARMEB__
+	 vrev64.8	$t0,$t0
+#endif
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+#ifndef __ARMEB__
+	 vrev64.8	$t1,$t1
+#endif
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	 vext.8		$In,$t1,$t1,#8
+	 vext.8		$IN,$t0,$t0,#8
+	veor		$Xl,$Xm,$t2
+	 vpmull.p64	$Xln,$H,$In		@ H·Ii+1
+	veor		$IN,$IN,$Xh		@ accumulate $IN early
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$IN,$IN,$t2
+	 veor		$t1,$t1,$In		@ Karatsuba pre-processing
+	veor		$IN,$IN,$Xl
+	 vpmull2.p64	$Xhn,$H,$In
+	b.hs		.Loop_mod2x_v8		@ there was at least 32 more bytes
+
+	veor		$Xh,$Xh,$t2
+	vext.8		$IN,$t0,$t0,#8		@ re-construct $IN
+	adds		$len,$len,#32		@ re-construct $len
+	veor		$Xl,$Xl,$Xh		@ re-construct $Xl
+	b.eq		.Ldone_v8		@ is $len zero?
+___
+}
+$code.=<<___;
+.Lodd_tail_v8:
+	vext.8		$t2,$Xl,$Xl,#8
+	veor		$IN,$IN,$Xl		@ inp^=Xi
+	veor		$t1,$t0,$t2		@ $t1 is rotated inp^Xi
+
+	vpmull.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
+	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
+	vpmull2.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
+	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
+	veor		$t2,$Xl,$Xh
+	veor		$Xm,$Xm,$t1
+	veor		$Xm,$Xm,$t2
+	vpmull.p64	$t2,$Xl,$xC2		@ 1st phase of reduction
+
+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
+	veor		$Xl,$Xm,$t2
+
+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase of reduction
+	vpmull.p64	$Xl,$Xl,$xC2
+	veor		$t2,$t2,$Xh
+	veor		$Xl,$Xl,$t2
+
+.Ldone_v8:
+#ifndef __ARMEB__
+	vrev64.8	$Xl,$Xl
+#endif
+	vext.8		$Xl,$Xl,$Xl,#8
+	vst1.64		{$Xl},[$Xi]		@ write out Xi
+
+___
+$code.=<<___		if ($flavour !~ /64/);
+	vldmia		sp!,{d8-d15}		@ 32-bit ABI says so
+___
+$code.=<<___;
+	ret
+.size	gcm_ghash_v8,.-gcm_ghash_v8
+___
+}
+$code.=<<___;
+.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+if ($flavour =~ /64/) {			######## 64-bit code
+    sub unvmov {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o &&
+	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1;
+    }
+    foreach(split("\n",$code)) {
+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
+	s/vmov\.i8/movi/o		or	# fix up legacy mnemonics
+	s/vmov\s+(.*)/unvmov($1)/geo	or
+	s/vext\.8/ext/o			or
+	s/vshr\.s/sshr\.s/o		or
+	s/vshr/ushr/o			or
+	s/^(\s+)v/$1/o			or	# strip off v prefix
+	s/\bbx\s+lr\b/ret/o;
+
+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
+	s/@\s/\/\//o;				# old->new style commentary
+
+	# fix up remainig legacy suffixes
+	s/\.[ui]?8(\s)/$1/o;
+	s/\.[uis]?32//o and s/\.16b/\.4s/go;
+	m/\.p64/o and s/\.16b/\.1q/o;		# 1st pmull argument
+	m/l\.p64/o and s/\.16b/\.1d/go;		# 2nd and 3rd pmull arguments
+	s/\.[uisp]?64//o and s/\.16b/\.2d/go;
+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+
+	print $_,"\n";
+    }
+} else {				######## 32-bit code
+    sub unvdup32 {
+	my $arg=shift;
+
+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
+    }
+    sub unvpmullp64 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) {
+	    my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19)
+				 |(($2&7)<<17)|(($2&8)<<4)
+				 |(($3&7)<<1) |(($3&8)<<2);
+	    $word |= 0x00010001	 if ($mnemonic =~ "2");
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+
+    foreach(split("\n",$code)) {
+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
+	s/\/\/\s?/@ /o;				# new->old style commentary
+
+	# fix up remainig new-style suffixes
+	s/\],#[0-9]+/]!/o;
+
+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o			or
+	s/vdup\.32\s+(.*)/unvdup32($1)/geo				or
+	s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo		or
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/^(\s+)b\./$1b/o						or
+	s/^(\s+)ret/$1bx\tlr/o;
+
+	print $_,"\n";
+    }
+}
+
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/modes/build.info b/openssl-1.1.0h/crypto/modes/build.info
new file mode 100644
index 0000000..38195c4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/build.info
@@ -0,0 +1,27 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \
+        ccm128.c xts128.c wrap128.c ocb128.c \
+        {- $target{modes_asm_src} -}
+
+INCLUDE[gcm128.o]=..
+
+GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[ghash-x86.s]=asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[ghash-sparcv9.o]=..
+GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl $(PERLASM_SCHEME)
+GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl $(PERLASM_SCHEME)
+GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[ghash-armv4.o]=..
+GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl $(PERLASM_SCHEME)
+INCLUDE[ghashv8-armx.o]=..
+
+BEGINRAW[Makefile]
+# GNU make "catch all"
+{- $builddir -}/ghash-%.S:	{- $sourcedir -}/asm/ghash-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/modes/cbc128.c b/openssl-1.1.0h/crypto/modes/cbc128.c
new file mode 100644
index 0000000..4ce5eb2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/cbc128.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
+# define STRICT_ALIGNMENT 0
+#endif
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    const unsigned char *iv = ivec;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (STRICT_ALIGNMENT &&
+        ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+        while (len >= 16) {
+            for (n = 0; n < 16; ++n)
+                out[n] = in[n] ^ iv[n];
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    } else {
+        while (len >= 16) {
+            for (n = 0; n < 16; n += sizeof(size_t))
+                *(size_t *)(out + n) =
+                    *(size_t *)(in + n) ^ *(size_t *)(iv + n);
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    }
+#endif
+    while (len) {
+        for (n = 0; n < 16 && n < len; ++n)
+            out[n] = in[n] ^ iv[n];
+        for (; n < 16; ++n)
+            out[n] = iv[n];
+        (*block) (out, out, key);
+        iv = out;
+        if (len <= 16)
+            break;
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+    memcpy(ivec, iv, 16);
+}
+
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    union {
+        size_t t[16 / sizeof(size_t)];
+        unsigned char c[16];
+    } tmp;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (in != out) {
+        const unsigned char *iv = ivec;
+
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            while (len >= 16) {
+                (*block) (in, out, key);
+                for (n = 0; n < 16; ++n)
+                    out[n] ^= iv[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv;
+
+                (*block) (in, out, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++)
+                    out_t[n] ^= iv_t[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+        memcpy(ivec, iv, 16);
+    } else {
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            unsigned char c;
+            while (len >= 16) {
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16; ++n) {
+                    c = in[n];
+                    out[n] = tmp.c[n] ^ ivec[n];
+                    ivec[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++) {
+                    c = in_t[n];
+                    out_t[n] = tmp.t[n] ^ ivec_t[n];
+                    ivec_t[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+    }
+#endif
+    while (len) {
+        unsigned char c;
+        (*block) (in, tmp.c, key);
+        for (n = 0; n < 16 && n < len; ++n) {
+            c = in[n];
+            out[n] = tmp.c[n] ^ ivec[n];
+            ivec[n] = c;
+        }
+        if (len <= 16) {
+            for (; n < 16; ++n)
+                ivec[n] = in[n];
+            break;
+        }
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/modes/ccm128.c b/openssl-1.1.0h/crypto/modes/ccm128.c
new file mode 100644
index 0000000..85ce84f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/ccm128.c
@@ -0,0 +1,432 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * First you setup M and L parameters and pass the key schedule. This is
+ * called once per session setup...
+ */
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block)
+{
+    memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
+    ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3;
+    ctx->blocks = 0;
+    ctx->block = block;
+    ctx->key = key;
+}
+
+/* !!! Following interfaces are to be called *once* per packet !!! */
+
+/* Then you setup per-message nonce and pass the length of the message */
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
+                        const unsigned char *nonce, size_t nlen, size_t mlen)
+{
+    unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */
+
+    if (nlen < (14 - L))
+        return -1;              /* nonce is too short */
+
+    if (sizeof(mlen) == 8 && L >= 3) {
+        ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8)));
+    } else
+        ctx->nonce.u[1] = 0;
+
+    ctx->nonce.c[12] = (u8)(mlen >> 24);
+    ctx->nonce.c[13] = (u8)(mlen >> 16);
+    ctx->nonce.c[14] = (u8)(mlen >> 8);
+    ctx->nonce.c[15] = (u8)mlen;
+
+    ctx->nonce.c[0] &= ~0x40;   /* clear Adata flag */
+    memcpy(&ctx->nonce.c[1], nonce, 14 - L);
+
+    return 0;
+}
+
+/* Then you pass additional authentication data, this is optional */
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
+                       const unsigned char *aad, size_t alen)
+{
+    unsigned int i;
+    block128_f block = ctx->block;
+
+    if (alen == 0)
+        return;
+
+    ctx->nonce.c[0] |= 0x40;    /* set Adata flag */
+    (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+
+    if (alen < (0x10000 - 0x100)) {
+        ctx->cmac.c[0] ^= (u8)(alen >> 8);
+        ctx->cmac.c[1] ^= (u8)alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFF;
+        ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8)));
+        ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8)));
+        ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8)));
+        ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8)));
+        ctx->cmac.c[6] ^= (u8)(alen >> 24);
+        ctx->cmac.c[7] ^= (u8)(alen >> 16);
+        ctx->cmac.c[8] ^= (u8)(alen >> 8);
+        ctx->cmac.c[9] ^= (u8)alen;
+        i = 10;
+    } else {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFE;
+        ctx->cmac.c[2] ^= (u8)(alen >> 24);
+        ctx->cmac.c[3] ^= (u8)(alen >> 16);
+        ctx->cmac.c[4] ^= (u8)(alen >> 8);
+        ctx->cmac.c[5] ^= (u8)alen;
+        i = 6;
+    }
+
+    do {
+        for (; i < 16 && alen; ++i, ++aad, --alen)
+            ctx->cmac.c[i] ^= *aad;
+        (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+        i = 0;
+    } while (alen);
+}
+
+/* Finally you encrypt or decrypt the message */
+
+/*
+ * counter part of nonce may not be larger than L*8 bits, L is not larger
+ * than 8, therefore 64-bit counter...
+ */
+static void ctr64_inc(unsigned char *counter)
+{
+    unsigned int n = 8;
+    u8 c;
+
+    counter += 8;
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= temp.u[0];
+        ctx->cmac.u[1] ^= temp.u[1];
+#else
+        ctx->cmac.u[0] ^= ((u64 *)inp)[0];
+        ctx->cmac.u[1] ^= ((u64 *)inp)[1];
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        temp.u[0] ^= scratch.u[0];
+        temp.u[1] ^= scratch.u[1];
+        memcpy(out, temp.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0];
+        ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+#endif
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]);
+        ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
+        memcpy(out, scratch.c, 16);
+#else
+        ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]);
+        ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]);
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+static void ctr64_add(unsigned char *counter, size_t inc)
+{
+    size_t n = 8, val = 0;
+
+    counter += 8;
+    do {
+        --n;
+        val += counter[n] + (inc & 0xff);
+        counter[n] = (unsigned char)val;
+        val >>= 8;              /* carry bit */
+        inc >>= 8;
+    } while (n && (inc || val));
+}
+
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */
+
+    M *= 2;
+    M += 2;
+    if (len < M)
+        return 0;
+    memcpy(tag, ctx->cmac.c, M);
+    return M;
+}
diff --git a/openssl-1.1.0h/crypto/modes/cfb128.c b/openssl-1.1.0h/crypto/modes/cfb128.c
new file mode 100644
index 0000000..e439567
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/cfb128.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    *(out++) = ivec[n] ^= *(in++);
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        *(size_t *)(out + n) =
+                            *(size_t *)(ivec + n) ^= *(size_t *)(in + n);
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        out[n] = ivec[n] ^= in[n];
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^= in[l];
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    unsigned char c;
+                    *(out++) = ivec[n] ^ (c = *(in++));
+                    ivec[n] = c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        size_t t = *(size_t *)(in + n);
+                        *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t;
+                        *(size_t *)(ivec + n) = t;
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        unsigned char c;
+                        out[n] = ivec[n] ^ (c = in[n]);
+                        ivec[n] = c;
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            unsigned char c;
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^ (c = in[l]);
+            ivec[n] = c;
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    }
+}
+
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+                               int nbits, const void *key,
+                               unsigned char ivec[16], int enc,
+                               block128_f block)
+{
+    int n, rem, num;
+    unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
+                                     * use) one byte off the end */
+
+    if (nbits <= 0 || nbits > 128)
+        return;
+
+    /* fill in the first half of the new IV with the current IV */
+    memcpy(ovec, ivec, 16);
+    /* construct the new IV */
+    (*block) (ivec, ivec, key);
+    num = (nbits + 7) / 8;
+    if (enc)                    /* encrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n] ^ ivec[n]);
+    else                        /* decrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n]) ^ ivec[n];
+    /* shift ovec left... */
+    rem = nbits % 8;
+    num = nbits / 8;
+    if (rem == 0)
+        memcpy(ivec, ovec + num, 16);
+    else
+        for (n = 0; n < 16; ++n)
+            ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    for (n = 0; n < bits; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
+        out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) |
+            ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+}
+
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+
+    for (n = 0; n < length; ++n)
+        cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
+}
diff --git a/openssl-1.1.0h/crypto/modes/ctr128.c b/openssl-1.1.0h/crypto/modes/ctr128.c
new file mode 100644
index 0000000..03920b4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/ctr128.c
@@ -0,0 +1,209 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter)
+{
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter)
+{
+    size_t *data, c, d, n;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+        ctr128_inc(counter);
+        return;
+    }
+
+    data = (size_t *)counter;
+    c = 1;
+    n = 16 / sizeof(size_t);
+    do {
+        --n;
+        d = data[n] += c;
+        /* did addition carry? */
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
+    } while (n);
+}
+#endif
+
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsibility for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ecount_buf[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+                % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                for (n = 0; n < 16; n += sizeof(size_t))
+                    *(size_t *)(out + n) =
+                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                while (len--) {
+                    out[n] = in[n] ^ ecount_buf[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ecount_buf, key);
+            ctr128_inc(ivec);
+        }
+        out[l] = in[l] ^ ecount_buf[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(unsigned char *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f func)
+{
+    unsigned int n, ctr32;
+
+    n = *num;
+
+    while (n && len) {
+        *(out++) = *(in++) ^ ecount_buf[n];
+        --len;
+        n = (n + 1) % 16;
+    }
+
+    ctr32 = GETU32(ivec + 12);
+    while (len >= 16) {
+        size_t blocks = len / 16;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
+            blocks = (1U << 28);
+        /*
+         * As (*func) operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (u32)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        (*func) (in, out, blocks, key, ivec);
+        /* (*ctr) does not update ivec, caller does: */
+        PUTU32(ivec + 12, ctr32);
+        /* ... overflow was detected, propagate carry. */
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        blocks *= 16;
+        len -= blocks;
+        out += blocks;
+        in += blocks;
+    }
+    if (len) {
+        memset(ecount_buf, 0, 16);
+        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
+        ++ctr32;
+        PUTU32(ivec + 12, ctr32);
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        while (len--) {
+            out[n] = in[n] ^ ecount_buf[n];
+            ++n;
+        }
+    }
+
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/modes/cts128.c b/openssl-1.1.0h/crypto/modes/cts128.c
new file mode 100644
index 0000000..77ec994
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/cts128.c
@@ -0,0 +1,523 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * Trouble with Ciphertext Stealing, CTS, mode is that there is no
+ * common official specification, but couple of cipher/application
+ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
+ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
+ * deviates from mentioned RFCs. Most notably it allows input to be
+ * of block length and it doesn't flip the order of the last two
+ * blocks. CTS is being discussed even in ECB context, but it's not
+ * adopted for any known application. This implementation provides
+ * two interfaces: one compliant with above mentioned RFCs and one
+ * compliant with the NIST proposal, both extending CBC mode.
+ */
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out, out - 16, residue);
+    memcpy(out - 16, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out - 16 + residue, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    memcpy(tmp.c, out - 16, 16);
+    (*cbc) (in, out - 16, residue, key, ivec, 1);
+    memcpy(out, tmp.c, residue);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    memcpy(out, out - 16, residue);
+    (*cbc) (tmp.c, out - 16, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (in, out - 16 + residue, residue, key, ivec, 1);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in + 16, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ in[n];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in + residue, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = in[n + residue];
+        tmp.c[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ tmp.c[n - 16];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in + 16, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
+
+#if defined(SELFTEST)
+# include <stdio.h>
+# include <openssl/aes.h>
+
+/* test vectors from RFC 3962 */
+static const unsigned char test_key[16] = "chicken teriyaki";
+static const unsigned char test_input[64] =
+    "I would like the" " General Gau's C"
+    "hicken, please, " "and wonton soup.";
+static const unsigned char test_iv[16] =
+    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+
+static const unsigned char vector_17[17] = {
+    0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
+    0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
+    0x97
+};
+
+static const unsigned char vector_31[31] = {
+    0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
+    0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
+    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
+};
+
+static const unsigned char vector_32[32] = {
+    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
+};
+
+static const unsigned char vector_47[47] = {
+    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+    0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
+    0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
+    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
+};
+
+static const unsigned char vector_48[48] = {
+    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
+    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
+};
+
+static const unsigned char vector_64[64] = {
+    0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+    0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+    0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+    0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
+    0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
+    0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+    0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
+};
+
+static AES_KEY encks, decks;
+
+void test_vector(const unsigned char *vector, size_t len)
+{
+    unsigned char iv[sizeof(test_iv)];
+    unsigned char cleartext[64], ciphertext[64];
+    size_t tail;
+
+    printf("vector_%d\n", len);
+    fflush(stdout);
+
+    if ((tail = len % 16) == 0)
+        tail = 16;
+    tail += 16;
+
+    /* test block-based encryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
+                                (block128_f) AES_encrypt);
+    if (memcmp(ciphertext, vector, len))
+        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
+    if (memcmp(iv, vector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
+
+    /* test block-based decryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
+                                (block128_f) AES_decrypt);
+    if (memcmp(cleartext, test_input, len))
+        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
+    if (memcmp(iv, vector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
+
+    /* test streamed encryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv,
+                          (cbc128_f) AES_cbc_encrypt);
+    if (memcmp(ciphertext, vector, len))
+        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
+    if (memcmp(iv, vector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
+
+    /* test streamed decryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv,
+                          (cbc128_f) AES_cbc_encrypt);
+    if (memcmp(cleartext, test_input, len))
+        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
+    if (memcmp(iv, vector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
+}
+
+void test_nistvector(const unsigned char *vector, size_t len)
+{
+    unsigned char iv[sizeof(test_iv)];
+    unsigned char cleartext[64], ciphertext[64], nistvector[64];
+    size_t tail;
+
+    printf("nistvector_%d\n", len);
+    fflush(stdout);
+
+    if ((tail = len % 16) == 0)
+        tail = 16;
+
+    len -= 16 + tail;
+    memcpy(nistvector, vector, len);
+    /* flip two last blocks */
+    memcpy(nistvector + len, vector + len + 16, tail);
+    memcpy(nistvector + len + tail, vector + len, 16);
+    len += 16 + tail;
+    tail = 16;
+
+    /* test block-based encryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv,
+                                    (block128_f) AES_encrypt);
+    if (memcmp(ciphertext, nistvector, len))
+        fprintf(stderr, "output_%d mismatch\n", len), exit(1);
+    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(1);
+
+    /* test block-based decryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv,
+                                    (block128_f) AES_decrypt);
+    if (memcmp(cleartext, test_input, len))
+        fprintf(stderr, "input_%d mismatch\n", len), exit(2);
+    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(2);
+
+    /* test streamed encryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv,
+                              (cbc128_f) AES_cbc_encrypt);
+    if (memcmp(ciphertext, nistvector, len))
+        fprintf(stderr, "output_%d mismatch\n", len), exit(3);
+    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(3);
+
+    /* test streamed decryption */
+    memcpy(iv, test_iv, sizeof(test_iv));
+    CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv,
+                              (cbc128_f) AES_cbc_encrypt);
+    if (memcmp(cleartext, test_input, len))
+        fprintf(stderr, "input_%d mismatch\n", len), exit(4);
+    if (memcmp(iv, nistvector + len - tail, sizeof(iv)))
+        fprintf(stderr, "iv_%d mismatch\n", len), exit(4);
+}
+
+int main()
+{
+    AES_set_encrypt_key(test_key, 128, &encks);
+    AES_set_decrypt_key(test_key, 128, &decks);
+
+    test_vector(vector_17, sizeof(vector_17));
+    test_vector(vector_31, sizeof(vector_31));
+    test_vector(vector_32, sizeof(vector_32));
+    test_vector(vector_47, sizeof(vector_47));
+    test_vector(vector_48, sizeof(vector_48));
+    test_vector(vector_64, sizeof(vector_64));
+
+    test_nistvector(vector_17, sizeof(vector_17));
+    test_nistvector(vector_31, sizeof(vector_31));
+    test_nistvector(vector_32, sizeof(vector_32));
+    test_nistvector(vector_47, sizeof(vector_47));
+    test_nistvector(vector_48, sizeof(vector_48));
+    test_nistvector(vector_64, sizeof(vector_64));
+
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/modes/gcm128.c b/openssl-1.1.0h/crypto/modes/gcm128.c
new file mode 100644
index 0000000..a2b05c4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/gcm128.c
@@ -0,0 +1,2301 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
+/* redefine, because alignment is ensured */
+# undef  GETU32
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# undef  PUTU32
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#endif
+
+#define PACK(s)         ((size_t)(s)<<(sizeof(size_t)*8-16))
+#define REDUCE1BIT(V)   do { \
+        if (sizeof(size_t)==8) { \
+                u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^T; \
+        } \
+        else { \
+                u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^((u64)T<<32); \
+        } \
+} while(0)
+
+/*-
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8. 8 is effectively reserved for testing purposes.
+ * TABLE_BITS>1 are lookup-table-driven implementations referred to as
+ * "Shoup's" in GCM specification. In other words OpenSSL does not cover
+ * whole spectrum of possible table driven implementations. Why? In
+ * non-"Shoup's" case memory access pattern is segmented in such manner,
+ * that it's trivial to see that cache timing information can reveal
+ * fair portion of intermediate hash value. Given that ciphertext is
+ * always available to attacker, it's possible for him to attempt to
+ * deduce secret parameter H and if successful, tamper with messages
+ * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's
+ * not as trivial, but there is no reason to believe that it's resistant
+ * to cache-timing attack. And the thing about "8-bit" implementation is
+ * that it consumes 16 (sixteen) times more memory, 4KB per individual
+ * key + 1KB shared. Well, on pros side it should be twice as fast as
+ * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version
+ * was observed to run ~75% faster, closer to 100% for commercial
+ * compilers... Yet "4-bit" procedure is preferred, because it's
+ * believed to provide better security-performance balance and adequate
+ * all-round performance. "All-round" refers to things like:
+ *
+ * - shorter setup time effectively improves overall timing for
+ *   handling short messages;
+ * - larger table allocation can become unbearable because of VM
+ *   subsystem penalties (for example on Windows large enough free
+ *   results in VM working set trimming, meaning that consequent
+ *   malloc would immediately incur working set expansion);
+ * - larger table has larger cache footprint, which can affect
+ *   performance of other code paths (not necessarily even from same
+ *   thread in Hyper-Threading world);
+ *
+ * Value of 1 is not appropriate for performance reasons.
+ */
+#if     TABLE_BITS==8
+
+static void gcm_init_8bit(u128 Htable[256], u64 H[2])
+{
+    int i, j;
+    u128 V;
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+    for (Htable[128] = V, i = 64; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 256; i <<= 1) {
+        u128 *Hi = Htable + i, H0 = *Hi;
+        for (j = 1; j < i; ++j) {
+            Hi[j].hi = H0.hi ^ Htable[j].hi;
+            Hi[j].lo = H0.lo ^ Htable[j].lo;
+        }
+    }
+}
+
+static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
+{
+    u128 Z = { 0, 0 };
+    const u8 *xi = (const u8 *)Xi + 15;
+    size_t rem, n = *xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    static const size_t rem_8bit[256] = {
+        PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
+        PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
+        PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56),
+        PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E),
+        PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66),
+        PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E),
+        PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076),
+        PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E),
+        PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06),
+        PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E),
+        PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416),
+        PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E),
+        PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626),
+        PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E),
+        PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836),
+        PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E),
+        PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6),
+        PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE),
+        PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6),
+        PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE),
+        PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6),
+        PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE),
+        PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6),
+        PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE),
+        PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86),
+        PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E),
+        PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496),
+        PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E),
+        PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6),
+        PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE),
+        PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6),
+        PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE),
+        PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346),
+        PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E),
+        PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56),
+        PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E),
+        PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66),
+        PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E),
+        PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176),
+        PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E),
+        PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06),
+        PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E),
+        PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516),
+        PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E),
+        PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726),
+        PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E),
+        PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936),
+        PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E),
+        PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6),
+        PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE),
+        PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6),
+        PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE),
+        PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6),
+        PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE),
+        PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6),
+        PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE),
+        PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86),
+        PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E),
+        PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596),
+        PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E),
+        PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6),
+        PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE),
+        PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6),
+        PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE)
+    };
+
+    while (1) {
+        Z.hi ^= Htable[n].hi;
+        Z.lo ^= Htable[n].lo;
+
+        if ((u8 *)Xi == xi)
+            break;
+
+        n = *(--xi);
+
+        rem = (size_t)Z.lo & 0xff;
+        Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+        Z.hi = (Z.hi >> 8);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_8bit[rem];
+        else
+            Z.hi ^= (u64)rem_8bit[rem] << 32;
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx,Xi)   gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
+
+#elif   TABLE_BITS==4
+
+static void gcm_init_4bit(u128 Htable[16], u64 H[2])
+{
+    u128 V;
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    int i;
+# endif
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 16; i <<= 1) {
+        u128 *Hi = Htable + i;
+        int j;
+        for (V = *Hi, j = 1; j < i; ++j) {
+            Hi[j].hi = V.hi ^ Htable[j].hi;
+            Hi[j].lo = V.lo ^ Htable[j].lo;
+        }
+    }
+# else
+    Htable[8] = V;
+    REDUCE1BIT(V);
+    Htable[4] = V;
+    REDUCE1BIT(V);
+    Htable[2] = V;
+    REDUCE1BIT(V);
+    Htable[1] = V;
+    Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
+    V = Htable[4];
+    Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
+    Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
+    Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
+    V = Htable[8];
+    Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
+    Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo;
+    Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo;
+    Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo;
+    Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo;
+    Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo;
+    Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo;
+# endif
+# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
+    /*
+     * ARM assembler expects specific dword order in Htable.
+     */
+    {
+        int j;
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little)
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo;
+                Htable[j].lo = V.hi;
+        } else
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo << 32 | V.lo >> 32;
+                Htable[j].lo = V.hi << 32 | V.hi >> 32;
+            }
+    }
+# endif
+}
+
+# ifndef GHASH_ASM
+static const size_t rem_4bit[16] = {
+    PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460),
+    PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0),
+    PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560),
+    PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0)
+};
+
+static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
+{
+    u128 Z;
+    int cnt = 15;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    nlo = ((const u8 *)Xi)[15];
+    nhi = nlo >> 4;
+    nlo &= 0xf;
+
+    Z.hi = Htable[nlo].hi;
+    Z.lo = Htable[nlo].lo;
+
+    while (1) {
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+
+        if (--cnt < 0)
+            break;
+
+        nlo = ((const u8 *)Xi)[cnt];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+    }
+
+    if (is_endian.little) {
+#  ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+#  else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+#  endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+/*
+ * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
+ * details... Compiler-generated code doesn't seem to give any
+ * performance improvement, at least not on x86[_64]. It's here
+ * mostly as reference and a placeholder for possible future
+ * non-trivial optimization[s]...
+ */
+static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
+                           const u8 *inp, size_t len)
+{
+    u128 Z;
+    int cnt;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+#   if 1
+    do {
+        cnt = 15;
+        nlo = ((const u8 *)Xi)[15];
+        nlo ^= inp[15];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi = Htable[nlo].hi;
+        Z.lo = Htable[nlo].lo;
+
+        while (1) {
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nhi].hi;
+            Z.lo ^= Htable[nhi].lo;
+
+            if (--cnt < 0)
+                break;
+
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+        }
+#   else
+    /*
+     * Extra 256+16 bytes per-key plus 512 bytes shared tables
+     * [should] give ~50% improvement... One could have PACK()-ed
+     * the rem_8bit even here, but the priority is to minimize
+     * cache footprint...
+     */
+    u128 Hshr4[16];             /* Htable shifted right by 4 bits */
+    u8 Hshl4[16];               /* Htable shifted left by 4 bits */
+    static const unsigned short rem_8bit[256] = {
+        0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E,
+        0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E,
+        0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E,
+        0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E,
+        0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E,
+        0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E,
+        0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E,
+        0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E,
+        0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE,
+        0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE,
+        0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE,
+        0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE,
+        0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E,
+        0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E,
+        0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE,
+        0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE,
+        0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E,
+        0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E,
+        0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E,
+        0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E,
+        0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E,
+        0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E,
+        0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E,
+        0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E,
+        0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE,
+        0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE,
+        0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE,
+        0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE,
+        0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E,
+        0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E,
+        0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE,
+        0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE
+    };
+    /*
+     * This pre-processing phase slows down procedure by approximately
+     * same time as it makes each loop spin faster. In other words
+     * single block performance is approximately same as straightforward
+     * "4-bit" implementation, and then it goes only faster...
+     */
+    for (cnt = 0; cnt < 16; ++cnt) {
+        Z.hi = Htable[cnt].hi;
+        Z.lo = Htable[cnt].lo;
+        Hshr4[cnt].lo = (Z.hi << 60) | (Z.lo >> 4);
+        Hshr4[cnt].hi = (Z.hi >> 4);
+        Hshl4[cnt] = (u8)(Z.lo << 4);
+    }
+
+    do {
+        for (Z.lo = 0, Z.hi = 0, cnt = 15; cnt; --cnt) {
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+
+            rem = (size_t)Z.lo & 0xff;
+
+            Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+            Z.hi = (Z.hi >> 8);
+
+            Z.hi ^= Hshr4[nhi].hi;
+            Z.lo ^= Hshr4[nhi].lo;
+            Z.hi ^= (u64)rem_8bit[rem ^ Hshl4[nhi]] << 48;
+        }
+
+        nlo = ((const u8 *)Xi)[0];
+        nlo ^= inp[0];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+
+        rem = (size_t)Z.lo & 0xf;
+
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+        Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48;
+#   endif
+
+        if (is_endian.little) {
+#   ifdef BSWAP8
+            Xi[0] = BSWAP8(Z.hi);
+            Xi[1] = BSWAP8(Z.lo);
+#   else
+            u8 *p = (u8 *)Xi;
+            u32 v;
+            v = (u32)(Z.hi >> 32);
+            PUTU32(p, v);
+            v = (u32)(Z.hi);
+            PUTU32(p + 4, v);
+            v = (u32)(Z.lo >> 32);
+            PUTU32(p + 8, v);
+            v = (u32)(Z.lo);
+            PUTU32(p + 12, v);
+#   endif
+        } else {
+            Xi[0] = Z.hi;
+            Xi[1] = Z.lo;
+        }
+    } while (inp += 16, len -= 16);
+}
+#  endif
+# else
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# endif
+
+# define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
+# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
+#  define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
+/*
+ * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing
+ * effect. In other words idea is to hash data while it's still in L1 cache
+ * after encryption pass...
+ */
+#  define GHASH_CHUNK       (3*1024)
+# endif
+
+#else                           /* TABLE_BITS */
+
+static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
+{
+    u128 V, Z = { 0, 0 };
+    long X;
+    int i, j;
+    const long *xi = (const long *)Xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    V.hi = H[0];                /* H is in host byte order, no byte swapping */
+    V.lo = H[1];
+
+    for (j = 0; j < 16 / sizeof(long); ++j) {
+        if (is_endian.little) {
+            if (sizeof(long) == 8) {
+# ifdef BSWAP8
+                X = (long)(BSWAP8(xi[j]));
+# else
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4));
+# endif
+            } else {
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)GETU32(p);
+            }
+        } else
+            X = xi[j];
+
+        for (i = 0; i < 8 * sizeof(long); ++i, X <<= 1) {
+            u64 M = (u64)(X >> (8 * sizeof(long) - 1));
+            Z.hi ^= V.hi & M;
+            Z.lo ^= V.lo & M;
+
+            REDUCE1BIT(V);
+        }
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx,Xi)   gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
+
+#endif
+
+#if     TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ))
+# if    !defined(I386_ONLY) && \
+        (defined(__i386)        || defined(__i386__)    || \
+         defined(__x86_64)      || defined(__x86_64__)  || \
+         defined(_M_IX86)       || defined(_M_AMD64)    || defined(_M_X64))
+#  define GHASH_ASM_X86_OR_64
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_ia32cap_P[];
+
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                     size_t len);
+
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define gcm_init_avx   gcm_init_clmul
+#   define gcm_gmult_avx  gcm_gmult_clmul
+#   define gcm_ghash_avx  gcm_ghash_clmul
+#  else
+void gcm_init_avx(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#  endif
+
+#  if   defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define GHASH_ASM_X86
+void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+
+void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+#  endif
+# elif defined(__arm__) || defined(__arm) || defined(__aarch64__)
+#  include "arm_arch.h"
+#  if __ARM_MAX_ARCH__>=7
+#   define GHASH_ASM_ARM
+#   define GCM_FUNCREF_4BIT
+#   define PMULL_CAPABLE        (OPENSSL_armcap_P & ARMV8_PMULL)
+#   if defined(__arm__) || defined(__arm)
+#    define NEON_CAPABLE        (OPENSSL_armcap_P & ARMV7_NEON)
+#   endif
+void gcm_init_neon(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+void gcm_init_v8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+#  endif
+# elif defined(__sparc__) || defined(__sparc)
+#  include "sparc_arch.h"
+#  define GHASH_ASM_SPARC
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_sparcv9cap_P[];
+void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+#  include "ppc_arch.h"
+#  define GHASH_ASM_PPC
+#  define GCM_FUNCREF_4BIT
+void gcm_init_p8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+# endif
+#endif
+
+#ifdef GCM_FUNCREF_4BIT
+# undef  GCM_MUL
+# define GCM_MUL(ctx,Xi)        (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
+# ifdef GHASH
+#  undef  GHASH
+#  define GHASH(ctx,in,len)     (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
+# endif
+#endif
+
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->block = block;
+    ctx->key = key;
+
+    (*block) (ctx->H.c, ctx->H.c, key);
+
+    if (is_endian.little) {
+        /* H is stored in host byte order */
+#ifdef BSWAP8
+        ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
+        ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
+#else
+        u8 *p = ctx->H.c;
+        u64 hi, lo;
+        hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+        ctx->H.u[0] = hi;
+        ctx->H.u[1] = lo;
+#endif
+    }
+#if     TABLE_BITS==8
+    gcm_init_8bit(ctx->Htable, ctx->H.u);
+#elif   TABLE_BITS==4
+# if    defined(GHASH)
+#  define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+#  define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
+# if    defined(GHASH_ASM_X86_OR_64)
+#  if   !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
+        if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
+            gcm_init_avx(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_avx;
+            CTX__GHASH(gcm_ghash_avx);
+        } else {
+            gcm_init_clmul(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_clmul;
+            CTX__GHASH(gcm_ghash_clmul);
+        }
+        return;
+    }
+#  endif
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+#  if   defined(GHASH_ASM_X86)  /* x86 only */
+#   if  defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */
+#   else
+    if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
+#   endif
+        ctx->gmult = gcm_gmult_4bit_mmx;
+        CTX__GHASH(gcm_ghash_4bit_mmx);
+    } else {
+        ctx->gmult = gcm_gmult_4bit_x86;
+        CTX__GHASH(gcm_ghash_4bit_x86);
+    }
+#  else
+    ctx->gmult = gcm_gmult_4bit;
+    CTX__GHASH(gcm_ghash_4bit);
+#  endif
+# elif  defined(GHASH_ASM_ARM)
+#  ifdef PMULL_CAPABLE
+    if (PMULL_CAPABLE) {
+        gcm_init_v8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_v8;
+        CTX__GHASH(gcm_ghash_v8);
+    } else
+#  endif
+#  ifdef NEON_CAPABLE
+    if (NEON_CAPABLE) {
+        gcm_init_neon(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_neon;
+        CTX__GHASH(gcm_ghash_neon);
+    } else
+#  endif
+    {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_SPARC)
+    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
+        gcm_init_vis3(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_vis3;
+        CTX__GHASH(gcm_ghash_vis3);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_PPC)
+    if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
+        gcm_init_p8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_p8;
+        CTX__GHASH(gcm_ghash_p8);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# else
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+# endif
+# undef CTX__GHASH
+#endif
+}
+
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int ctr;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#endif
+
+    ctx->Yi.u[0] = 0;
+    ctx->Yi.u[1] = 0;
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+    ctx->len.u[0] = 0;          /* AAD length */
+    ctx->len.u[1] = 0;          /* message length */
+    ctx->ares = 0;
+    ctx->mres = 0;
+
+    if (len == 12) {
+        memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[15] = 1;
+        ctr = 1;
+    } else {
+        size_t i;
+        u64 len0 = len;
+
+        while (len >= 16) {
+            for (i = 0; i < 16; ++i)
+                ctx->Yi.c[i] ^= iv[i];
+            GCM_MUL(ctx, Yi);
+            iv += 16;
+            len -= 16;
+        }
+        if (len) {
+            for (i = 0; i < len; ++i)
+                ctx->Yi.c[i] ^= iv[i];
+            GCM_MUL(ctx, Yi);
+        }
+        len0 <<= 3;
+        if (is_endian.little) {
+#ifdef BSWAP8
+            ctx->Yi.u[1] ^= BSWAP8(len0);
+#else
+            ctx->Yi.c[8] ^= (u8)(len0 >> 56);
+            ctx->Yi.c[9] ^= (u8)(len0 >> 48);
+            ctx->Yi.c[10] ^= (u8)(len0 >> 40);
+            ctx->Yi.c[11] ^= (u8)(len0 >> 32);
+            ctx->Yi.c[12] ^= (u8)(len0 >> 24);
+            ctx->Yi.c[13] ^= (u8)(len0 >> 16);
+            ctx->Yi.c[14] ^= (u8)(len0 >> 8);
+            ctx->Yi.c[15] ^= (u8)(len0);
+#endif
+        } else
+            ctx->Yi.u[1] ^= len0;
+
+        GCM_MUL(ctx, Yi);
+
+        if (is_endian.little)
+#ifdef BSWAP4
+            ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+            ctr = GETU32(ctx->Yi.c + 12);
+#endif
+        else
+            ctr = ctx->Yi.d[3];
+    }
+
+    (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
+    ++ctr;
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+        PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+    else
+        ctx->Yi.d[3] = ctr;
+}
+
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    size_t i;
+    unsigned int n;
+    u64 alen = ctx->len.u[0];
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    if (ctx->len.u[1])
+        return -2;
+
+    alen += len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->len.u[0] = alen;
+
+    n = ctx->ares;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(aad++);
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx, Xi);
+        else {
+            ctx->ares = n;
+            return 0;
+        }
+    }
+#ifdef GHASH
+    if ((i = (len & (size_t)-16))) {
+        GHASH(ctx, aad, i);
+        aad += i;
+        len -= i;
+    }
+#else
+    while (len >= 16) {
+        for (i = 0; i < 16; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+        GCM_MUL(ctx, Xi);
+        aad += 16;
+        len -= 16;
+    }
+#endif
+    if (len) {
+        n = (unsigned int)len;
+        for (i = 0; i < len; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+    }
+
+    ctx->ares = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx, Xi);
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = ctx->mres;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+                while (n && len) {
+                    ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0)
+                    GCM_MUL(ctx, Xi);
+                else {
+                    ctx->mres = n;
+                    return 0;
+                }
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                while (j) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                size_t j = i;
+
+                while (len >= 16) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+                GHASH(ctx, out - j, j);
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i)
+                    ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                GCM_MUL(ctx, Xi);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                while (len--) {
+                    ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+            }
+
+            ctx->mres = n;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx, Xi);
+    }
+
+    ctx->mres = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx, Xi);
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = ctx->mres;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+                while (n && len) {
+                    u8 c = *(in++);
+                    *(out++) = c ^ ctx->EKi.c[n];
+                    ctx->Xi.c[n] ^= c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0)
+                    GCM_MUL(ctx, Xi);
+                else {
+                    ctx->mres = n;
+                    return 0;
+                }
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                GHASH(ctx, in, GHASH_CHUNK);
+                while (j) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                GHASH(ctx, in, i);
+                while (len >= 16) {
+                    size_t *out_t = (size_t *)out;
+                    const size_t *in_t = (const size_t *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i) {
+                    size_t c = in[i];
+                    out[i] = c ^ ctx->EKi.t[i];
+                    ctx->Xi.t[i] ^= c;
+                }
+                GCM_MUL(ctx, Xi);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                while (len--) {
+                    u8 c = in[n];
+                    ctx->Xi.c[n] ^= c;
+                    out[n] = c ^ ctx->EKi.c[n];
+                    ++n;
+                }
+            }
+
+            ctx->mres = n;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        u8 c;
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+        c = in[i];
+        out[i] = c ^ ctx->EKi.c[n];
+        ctx->Xi.c[n] ^= c;
+        n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx, Xi);
+    }
+
+    ctx->mres = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx, Xi);
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = ctx->mres;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx, Xi);
+        else {
+            ctx->mres = n;
+            return 0;
+        }
+    }
+# if defined(GHASH) && defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#  ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+        else
+            ctx->Yi.d[3] = ctr;
+        GHASH(ctx, out, GHASH_CHUNK);
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        in += i;
+        len -= i;
+# if defined(GHASH)
+        GHASH(ctx, out, i);
+        out += i;
+# else
+        while (j--) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= out[i];
+            GCM_MUL(ctx, Xi);
+            out += 16;
+        }
+# endif
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+            ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+            ++n;
+        }
+    }
+
+    ctx->mres = n;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx, Xi);
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = ctx->mres;
+    if (n) {
+        while (n && len) {
+            u8 c = *(in++);
+            *(out++) = c ^ ctx->EKi.c[n];
+            ctx->Xi.c[n] ^= c;
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx, Xi);
+        else {
+            ctx->mres = n;
+            return 0;
+        }
+    }
+# if defined(GHASH) && defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        GHASH(ctx, in, GHASH_CHUNK);
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#  ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+# if defined(GHASH)
+        GHASH(ctx, in, i);
+# else
+        while (j--) {
+            size_t k;
+            for (k = 0; k < 16; ++k)
+                ctx->Xi.c[k] ^= in[k];
+            GCM_MUL(ctx, Xi);
+            in += 16;
+        }
+        j = i / 16;
+        in -= i;
+# endif
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += i;
+        in += i;
+        len -= i;
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+            u8 c = in[n];
+            ctx->Xi.c[n] ^= c;
+            out[n] = c ^ ctx->EKi.c[n];
+            ++n;
+        }
+    }
+
+    ctx->mres = n;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    u64 alen = ctx->len.u[0] << 3;
+    u64 clen = ctx->len.u[1] << 3;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#endif
+
+    if (ctx->mres || ctx->ares)
+        GCM_MUL(ctx, Xi);
+
+    if (is_endian.little) {
+#ifdef BSWAP8
+        alen = BSWAP8(alen);
+        clen = BSWAP8(clen);
+#else
+        u8 *p = ctx->len.c;
+
+        ctx->len.u[0] = alen;
+        ctx->len.u[1] = clen;
+
+        alen = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+    }
+
+    ctx->Xi.u[0] ^= alen;
+    ctx->Xi.u[1] ^= clen;
+    GCM_MUL(ctx, Xi);
+
+    ctx->Xi.u[0] ^= ctx->EK0.u[0];
+    ctx->Xi.u[1] ^= ctx->EK0.u[1];
+
+    if (tag && len <= sizeof(ctx->Xi))
+        return CRYPTO_memcmp(ctx->Xi.c, tag, len);
+    else
+        return -1;
+}
+
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    CRYPTO_gcm128_finish(ctx, NULL, 0);
+    memcpy(tag, ctx->Xi.c,
+           len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
+}
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
+{
+    GCM128_CONTEXT *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL)
+        CRYPTO_gcm128_init(ret, key, block);
+
+    return ret;
+}
+
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
+{
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+#if defined(SELFTEST)
+# include <stdio.h>
+# include <openssl/aes.h>
+
+/* Test Case 1 */
+static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL;
+static const u8 T1[] = {
+    0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
+    0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
+};
+
+/* Test Case 2 */
+# define K2 K1
+# define A2 A1
+# define IV2 IV1
+static const u8 P2[16];
+static const u8 C2[] = {
+    0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
+    0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
+};
+
+static const u8 T2[] = {
+    0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
+    0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
+};
+
+/* Test Case 3 */
+# define A3 A2
+static const u8 K3[] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+};
+
+static const u8 P3[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
+};
+
+static const u8 IV3[] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+
+static const u8 C3[] = {
+    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+    0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
+};
+
+static const u8 T3[] = {
+    0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
+    0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
+};
+
+/* Test Case 4 */
+# define K4 K3
+# define IV4 IV3
+static const u8 P4[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+
+static const u8 A4[] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+
+static const u8 C4[] = {
+    0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+    0x3d, 0x58, 0xe0, 0x91
+};
+
+static const u8 T4[] = {
+    0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+    0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
+};
+
+/* Test Case 5 */
+# define K5 K4
+# define P5 P4
+# define A5 A4
+static const u8 IV5[] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
+};
+
+static const u8 C5[] = {
+    0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
+    0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
+    0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
+    0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
+    0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
+    0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
+    0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
+    0xc2, 0x3f, 0x45, 0x98
+};
+
+static const u8 T5[] = {
+    0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
+    0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
+};
+
+/* Test Case 6 */
+# define K6 K5
+# define P6 P5
+# define A6 A5
+static const u8 IV6[] = {
+    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+    0xa6, 0x37, 0xb3, 0x9b
+};
+
+static const u8 C6[] = {
+    0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
+    0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
+    0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
+    0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
+    0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
+    0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
+    0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
+    0x4c, 0x34, 0xae, 0xe5
+};
+
+static const u8 T6[] = {
+    0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
+    0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
+};
+
+/* Test Case 7 */
+static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL;
+static const u8 T7[] = {
+    0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
+    0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
+};
+
+/* Test Case 8 */
+# define K8 K7
+# define IV8 IV7
+# define A8 A7
+static const u8 P8[16];
+static const u8 C8[] = {
+    0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
+    0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
+};
+
+static const u8 T8[] = {
+    0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
+    0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
+};
+
+/* Test Case 9 */
+# define A9 A8
+static const u8 K9[] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
+};
+
+static const u8 P9[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
+};
+
+static const u8 IV9[] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+
+static const u8 C9[] = {
+    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+    0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
+};
+
+static const u8 T9[] = {
+    0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
+    0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
+};
+
+/* Test Case 10 */
+# define K10 K9
+# define IV10 IV9
+static const u8 P10[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+
+static const u8 A10[] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+
+static const u8 C10[] = {
+    0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+    0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+    0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+    0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+    0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+    0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+    0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+    0xcc, 0xda, 0x27, 0x10
+};
+
+static const u8 T10[] = {
+    0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
+    0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
+};
+
+/* Test Case 11 */
+# define K11 K10
+# define P11 P10
+# define A11 A10
+static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
+
+static const u8 C11[] = {
+    0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
+    0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
+    0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
+    0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
+    0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
+    0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
+    0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
+    0xa0, 0xf0, 0x62, 0xf7
+};
+
+static const u8 T11[] = {
+    0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
+    0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
+};
+
+/* Test Case 12 */
+# define K12 K11
+# define P12 P11
+# define A12 A11
+static const u8 IV12[] = {
+    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+    0xa6, 0x37, 0xb3, 0x9b
+};
+
+static const u8 C12[] = {
+    0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
+    0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
+    0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
+    0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
+    0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
+    0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
+    0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
+    0xe9, 0xb7, 0x37, 0x3b
+};
+
+static const u8 T12[] = {
+    0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
+    0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
+};
+
+/* Test Case 13 */
+static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL;
+static const u8 T13[] = {
+    0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
+    0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
+};
+
+/* Test Case 14 */
+# define K14 K13
+# define A14 A13
+static const u8 P14[16], IV14[12];
+static const u8 C14[] = {
+    0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
+    0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
+};
+
+static const u8 T14[] = {
+    0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
+    0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
+};
+
+/* Test Case 15 */
+# define A15 A14
+static const u8 K15[] = {
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+    0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+    0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+};
+
+static const u8 P15[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
+};
+
+static const u8 IV15[] = {
+    0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+    0xde, 0xca, 0xf8, 0x88
+};
+
+static const u8 C15[] = {
+    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
+};
+
+static const u8 T15[] = {
+    0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
+    0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
+};
+
+/* Test Case 16 */
+# define K16 K15
+# define IV16 IV15
+static const u8 P16[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39
+};
+
+static const u8 A16[] = {
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+    0xab, 0xad, 0xda, 0xd2
+};
+
+static const u8 C16[] = {
+    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+    0xbc, 0xc9, 0xf6, 0x62
+};
+
+static const u8 T16[] = {
+    0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+    0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
+};
+
+/* Test Case 17 */
+# define K17 K16
+# define P17 P16
+# define A17 A16
+static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
+
+static const u8 C17[] = {
+    0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
+    0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
+    0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
+    0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
+    0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
+    0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
+    0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
+    0xf4, 0x7c, 0x9b, 0x1f
+};
+
+static const u8 T17[] = {
+    0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
+    0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
+};
+
+/* Test Case 18 */
+# define K18 K17
+# define P18 P17
+# define A18 A17
+static const u8 IV18[] = {
+    0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+    0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+    0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+    0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+    0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+    0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+    0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+    0xa6, 0x37, 0xb3, 0x9b
+};
+
+static const u8 C18[] = {
+    0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
+    0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
+    0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
+    0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
+    0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
+    0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
+    0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
+    0x44, 0xae, 0x7e, 0x3f
+};
+
+static const u8 T18[] = {
+    0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
+    0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
+};
+
+/* Test Case 19 */
+# define K19 K1
+# define P19 P1
+# define IV19 IV1
+# define C19 C1
+static const u8 A19[] = {
+    0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+    0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+    0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+    0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+    0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+    0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+    0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+    0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
+    0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+    0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+    0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+    0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+    0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+    0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+    0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+    0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
+};
+
+static const u8 T19[] = {
+    0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
+    0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
+};
+
+/* Test Case 20 */
+# define K20 K1
+# define A20 A1
+/* this results in 0xff in counter LSB */
+static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
+
+static const u8 P20[288];
+static const u8 C20[] = {
+    0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
+    0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
+    0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
+    0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
+    0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
+    0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
+    0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
+    0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
+    0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
+    0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
+    0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
+    0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
+    0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
+    0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
+    0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
+    0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
+    0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
+    0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
+    0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
+    0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
+    0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
+    0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
+    0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
+    0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
+    0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
+    0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
+    0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
+    0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
+    0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
+    0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
+    0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
+    0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
+    0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
+    0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
+    0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
+    0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
+};
+
+static const u8 T20[] = {
+    0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
+    0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
+};
+
+# define TEST_CASE(n)    do {                                    \
+        u8 out[sizeof(P##n)];                                   \
+        AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);          \
+        CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt);  \
+        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
+        memset(out,0,sizeof(out));                              \
+        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
+        if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out));     \
+        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
+            (C##n && memcmp(out,C##n,sizeof(out))))             \
+                ret++, printf ("encrypt test#%d failed.\n",n);  \
+        CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));          \
+        memset(out,0,sizeof(out));                              \
+        if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));    \
+        if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out));     \
+        if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||               \
+            (P##n && memcmp(out,P##n,sizeof(out))))             \
+                ret++, printf ("decrypt test#%d failed.\n",n);  \
+        } while(0)
+
+int main()
+{
+    GCM128_CONTEXT ctx;
+    AES_KEY key;
+    int ret = 0;
+
+    TEST_CASE(1);
+    TEST_CASE(2);
+    TEST_CASE(3);
+    TEST_CASE(4);
+    TEST_CASE(5);
+    TEST_CASE(6);
+    TEST_CASE(7);
+    TEST_CASE(8);
+    TEST_CASE(9);
+    TEST_CASE(10);
+    TEST_CASE(11);
+    TEST_CASE(12);
+    TEST_CASE(13);
+    TEST_CASE(14);
+    TEST_CASE(15);
+    TEST_CASE(16);
+    TEST_CASE(17);
+    TEST_CASE(18);
+    TEST_CASE(19);
+    TEST_CASE(20);
+
+# ifdef OPENSSL_CPUID_OBJ
+    {
+        size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc();
+        union {
+            u64 u;
+            u8 c[1024];
+        } buf;
+        int i;
+
+        AES_set_encrypt_key(K1, sizeof(K1) * 8, &key);
+        CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
+        CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1));
+
+        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
+        start = OPENSSL_rdtsc();
+        CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
+        gcm_t = OPENSSL_rdtsc() - start;
+
+        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
+                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
+                              (block128_f) AES_encrypt);
+        start = OPENSSL_rdtsc();
+        CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
+                              &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
+                              (block128_f) AES_encrypt);
+        ctr_t = OPENSSL_rdtsc() - start;
+
+        printf("%.2f-%.2f=%.2f\n",
+               gcm_t / (double)sizeof(buf),
+               ctr_t / (double)sizeof(buf),
+               (gcm_t - ctr_t) / (double)sizeof(buf));
+#  ifdef GHASH
+        {
+            void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                                 const u8 *inp, size_t len) = ctx.ghash;
+
+            GHASH((&ctx), buf.c, sizeof(buf));
+            start = OPENSSL_rdtsc();
+            for (i = 0; i < 100; ++i)
+                GHASH((&ctx), buf.c, sizeof(buf));
+            gcm_t = OPENSSL_rdtsc() - start;
+            printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
+        }
+#  endif
+    }
+# endif
+
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/modes/modes_lcl.h b/openssl-1.1.0h/crypto/modes/modes_lcl.h
new file mode 100644
index 0000000..7a1603b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/modes_lcl.h
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/modes.h>
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef __int64 i64;
+typedef unsigned __int64 u64;
+# define U64(C) C##UI64
+#elif defined(__arch64__)
+typedef long i64;
+typedef unsigned long u64;
+# define U64(C) C##UL
+#else
+typedef long long i64;
+typedef unsigned long long u64;
+# define U64(C) C##ULL
+#endif
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
+     defined(__aarch64__)                       || \
+     defined(__s390__)  || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define BSWAP8(x) ({ u64 ret_=(x);                   \
+                        asm ("bswapq %0"                \
+                        : "+r"(ret_));   ret_;          })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("bswapl %0; bswapl %1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif defined(__aarch64__)
+#   define BSWAP8(x) ({ u64 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %w0,%w1"              \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("rev %0,%0; rev %1,%1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"((u32)(x)));  \
+                        ret_;                           })
+#  endif
+# elif defined(_MSC_VER)
+#  if _MSC_VER>=1300
+#   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
+#   define BSWAP8(x)    _byteswap_uint64((u64)(x))
+#   define BSWAP4(x)    _byteswap_ulong((u32)(x))
+#  elif defined(_M_IX86)
+__inline u32 _bswap4(u32 val)
+{
+_asm mov eax, val _asm bswap eax}
+#   define BSWAP4(x)    _bswap4(x)
+#  endif
+# endif
+#endif
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+/*- GCM definitions */ typedef struct {
+    u64 hi, lo;
+} u128;
+
+#ifdef  TABLE_BITS
+# undef  TABLE_BITS
+#endif
+/*
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8 [or 1]. For further information see gcm128.c.
+ */
+#define TABLE_BITS 4
+
+struct gcm128_context {
+    /* Following 6 names follow names in GCM specification */
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+        size_t t[16 / sizeof(size_t)];
+    } Yi, EKi, EK0, len, Xi, H;
+    /*
+     * Relative position of Xi, H and pre-computed Htable is used in some
+     * assembler modules, i.e. don't change the order!
+     */
+#if TABLE_BITS==8
+    u128 Htable[256];
+#else
+    u128 Htable[16];
+    void (*gmult) (u64 Xi[2], const u128 Htable[16]);
+    void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#endif
+    unsigned int mres, ares;
+    block128_f block;
+    void *key;
+};
+
+struct xts128_context {
+    void *key1, *key2;
+    block128_f block1, block2;
+};
+
+struct ccm128_context {
+    union {
+        u64 u[2];
+        u8 c[16];
+    } nonce, cmac;
+    u64 blocks;
+    block128_f block;
+    void *key;
+};
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+    /* Need both encrypt and decrypt key schedules for decryption */
+    block128_f encrypt;
+    block128_f decrypt;
+    void *keyenc;
+    void *keydec;
+    ocb128_f stream;    /* direction dependent */
+    /* Key dependent variables. Can be reused if key remains the same */
+    size_t l_index;
+    size_t max_l_index;
+    OCB_BLOCK l_star;
+    OCB_BLOCK l_dollar;
+    OCB_BLOCK *l;
+    /* Must be reset for each session */
+    u64 blocks_hashed;
+    u64 blocks_processed;
+    OCB_BLOCK tag;
+    OCB_BLOCK offset_aad;
+    OCB_BLOCK sum;
+    OCB_BLOCK offset;
+    OCB_BLOCK checksum;
+};
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/openssl-1.1.0h/crypto/modes/ocb128.c b/openssl-1.1.0h/crypto/modes/ocb128.c
new file mode 100644
index 0000000..db794d0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/ocb128.c
@@ -0,0 +1,568 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+
+#ifndef OPENSSL_NO_OCB
+
+/*
+ * Calculate the number of binary trailing zero's in any given number
+ */
+static u32 ocb_ntz(u64 n)
+{
+    u32 cnt = 0;
+
+    /*
+     * We do a right-to-left simple sequential search. This is surprisingly
+     * efficient as the distribution of trailing zeros is not uniform,
+     * e.g. the number of possible inputs with no trailing zeros is equal to
+     * the number with 1 or more; the number with exactly 1 is equal to the
+     * number with 2 or more, etc. Checking the last two bits covers 75% of
+     * all numbers. Checking the last three covers 87.5%
+     */
+    while (!(n & 1)) {
+        n >>= 1;
+        cnt++;
+    }
+    return cnt;
+}
+
+/*
+ * Shift a block of 16 bytes left by shift bits
+ */
+static void ocb_block_lshift(const unsigned char *in, size_t shift,
+                             unsigned char *out)
+{
+    unsigned char shift_mask;
+    int i;
+    unsigned char mask[15];
+
+    shift_mask = 0xff;
+    shift_mask <<= (8 - shift);
+    for (i = 15; i >= 0; i--) {
+        if (i > 0) {
+            mask[i - 1] = in[i] & shift_mask;
+            mask[i - 1] >>= 8 - shift;
+        }
+        out[i] = in[i] << shift;
+
+        if (i != 15) {
+            out[i] ^= mask[i];
+        }
+    }
+}
+
+/*
+ * Perform a "double" operation as per OCB spec
+ */
+static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out)
+{
+    unsigned char mask;
+
+    /*
+     * Calculate the mask based on the most significant bit. There are more
+     * efficient ways to do this - but this way is constant time
+     */
+    mask = in->c[0] & 0x80;
+    mask >>= 7;
+    mask *= 135;
+
+    ocb_block_lshift(in->c, 1, out->c);
+
+    out->c[15] ^= mask;
+}
+
+/*
+ * Perform an xor on in1 and in2 - each of len bytes. Store result in out
+ */
+static void ocb_block_xor(const unsigned char *in1,
+                          const unsigned char *in2, size_t len,
+                          unsigned char *out)
+{
+    size_t i;
+    for (i = 0; i < len; i++) {
+        out[i] = in1[i] ^ in2[i];
+    }
+}
+
+/*
+ * Lookup L_index in our lookup table. If we haven't already got it we need to
+ * calculate it
+ */
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+{
+    size_t l_index = ctx->l_index;
+
+    if (idx <= l_index) {
+        return ctx->l + idx;
+    }
+
+    /* We don't have it - so calculate it */
+    if (idx >= ctx->max_l_index) {
+        void *tmp_ptr;
+        /*
+         * Each additional entry allows to process almost double as
+         * much data, so that in linear world the table will need to
+         * be expanded with smaller and smaller increments. Originally
+         * it was doubling in size, which was a waste. Growing it
+         * linearly is not formally optimal, but is simpler to implement.
+         * We grow table by minimally required 4*n that would accommodate
+         * the index.
+         */
+        ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
+        tmp_ptr =
+            OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
+            return NULL;
+        ctx->l = tmp_ptr;
+    }
+    while (l_index < idx) {
+        ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
+        l_index++;
+    }
+    ctx->l_index = l_index;
+
+    return ctx->l + idx;
+}
+
+/*
+ * Create a new OCB128_CONTEXT
+ */
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream)
+{
+    OCB128_CONTEXT *octx;
+    int ret;
+
+    if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) {
+        ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt,
+                                 stream);
+        if (ret)
+            return octx;
+        OPENSSL_free(octx);
+    }
+
+    return NULL;
+}
+
+/*
+ * Initialise an existing OCB128_CONTEXT
+ */
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream)
+{
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->l_index = 0;
+    ctx->max_l_index = 5;
+    ctx->l = OPENSSL_malloc(ctx->max_l_index * 16);
+    if (ctx->l == NULL)
+        return 0;
+
+    /*
+     * We set both the encryption and decryption key schedules - decryption
+     * needs both. Don't really need decryption schedule if only doing
+     * encryption - but it simplifies things to take it anyway
+     */
+    ctx->encrypt = encrypt;
+    ctx->decrypt = decrypt;
+    ctx->stream = stream;
+    ctx->keyenc = keyenc;
+    ctx->keydec = keydec;
+
+    /* L_* = ENCIPHER(K, zeros(128)) */
+    ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc);
+
+    /* L_$ = double(L_*) */
+    ocb_double(&ctx->l_star, &ctx->l_dollar);
+
+    /* L_0 = double(L_$) */
+    ocb_double(&ctx->l_dollar, ctx->l);
+
+    /* L_{i} = double(L_{i-1}) */
+    ocb_double(ctx->l, ctx->l+1);
+    ocb_double(ctx->l+1, ctx->l+2);
+    ocb_double(ctx->l+2, ctx->l+3);
+    ocb_double(ctx->l+3, ctx->l+4);
+    ctx->l_index = 4;   /* enough to process up to 496 bytes */
+
+    return 1;
+}
+
+/*
+ * Copy an OCB128_CONTEXT object
+ */
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec)
+{
+    memcpy(dest, src, sizeof(OCB128_CONTEXT));
+    if (keyenc)
+        dest->keyenc = keyenc;
+    if (keydec)
+        dest->keydec = keydec;
+    if (src->l) {
+        dest->l = OPENSSL_malloc(src->max_l_index * 16);
+        if (dest->l == NULL)
+            return 0;
+        memcpy(dest->l, src->l, (src->l_index + 1) * 16);
+    }
+    return 1;
+}
+
+/*
+ * Set the IV to be used for this operation. Must be 1 - 15 bytes.
+ */
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen)
+{
+    unsigned char ktop[16], tmp[16], mask;
+    unsigned char stretch[24], nonce[16];
+    size_t bottom, shift;
+
+    /*
+     * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
+     * We don't support this at this stage
+     */
+    if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
+        return -1;
+    }
+
+    /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */
+    nonce[0] = ((taglen * 8) % 128) << 1;
+    memset(nonce + 1, 0, 15);
+    memcpy(nonce + 16 - len, iv, len);
+    nonce[15 - len] |= 1;
+
+    /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */
+    memcpy(tmp, nonce, 16);
+    tmp[15] &= 0xc0;
+    ctx->encrypt(tmp, ktop, ctx->keyenc);
+
+    /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+    memcpy(stretch, ktop, 16);
+    ocb_block_xor(ktop, ktop + 1, 8, stretch + 16);
+
+    /* bottom = str2num(Nonce[123..128]) */
+    bottom = nonce[15] & 0x3f;
+
+    /* Offset_0 = Stretch[1+bottom..128+bottom] */
+    shift = bottom % 8;
+    ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c);
+    mask = 0xff;
+    mask <<= 8 - shift;
+    ctx->offset.c[15] |=
+        (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
+
+    return 1;
+}
+
+/*
+ * Provide any AAD. This can be called multiple times. Only the final time can
+ * have a partial block
+ */
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+    OCB_BLOCK tmp;
+
+    /* Calculate the number of blocks of AAD provided now, and so far */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->blocks_hashed;
+
+    /* Loop through all full blocks of AAD */
+    for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) {
+        OCB_BLOCK *lookup;
+
+        /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+        lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+        if (lookup == NULL)
+            return 0;
+        ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad);
+
+        memcpy(tmp.c, aad, 16);
+        aad += 16;
+
+        /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+        ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp);
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum);
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad);
+
+        /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+        memset(tmp.c, 0, 16);
+        memcpy(tmp.c, aad, last_len);
+        tmp.c[last_len] = 0x80;
+        ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp);
+
+        /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum);
+    }
+
+    ctx->blocks_hashed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be encrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be encrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keyenc,
+                    (size_t)ctx->blocks_processed + 1, ctx->offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->checksum.c);
+    } else {
+        /* Loop through all full blocks to be encrypted */
+        for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) {
+            OCB_BLOCK *lookup;
+            OCB_BLOCK tmp;
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum);
+
+            /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
+            ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+            ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+            ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc);
+
+        /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, in, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum);
+    }
+
+    ctx->blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be decrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be decrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keydec,
+                    (size_t)ctx->blocks_processed + 1, ctx->offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->checksum.c);
+    } else {
+        OCB_BLOCK tmp;
+
+        /* Loop through all full blocks to be decrypted */
+        for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) {
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
+            ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+            ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
+            ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc);
+
+        /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, out, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum);
+    }
+
+    ctx->blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Calculate the tag and verify it against the supplied tag
+ */
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    OCB_BLOCK tmp;
+
+    /*
+     * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
+     */
+    ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp);
+    ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
+    ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+    ocb_block16_xor(&tmp, &ctx->sum, &ctx->tag);
+
+    if (len > 16 || len < 1) {
+        return -1;
+    }
+
+    /* Compare the tag if we've been given one */
+    if (tag)
+        return CRYPTO_memcmp(&ctx->tag, tag, len);
+    else
+        return -1;
+}
+
+/*
+ * Retrieve the calculated tag
+ */
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    if (len > 16 || len < 1) {
+        return -1;
+    }
+
+    /* Calculate the tag */
+    CRYPTO_ocb128_finish(ctx, NULL, 0);
+
+    /* Copy the tag into the supplied buffer */
+    memcpy(tag, ctx->tag.c, len);
+
+    return 1;
+}
+
+/*
+ * Release all resources
+ */
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
+{
+    if (ctx) {
+        OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
+        OPENSSL_cleanse(ctx, sizeof(*ctx));
+    }
+}
+
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/openssl-1.1.0h/crypto/modes/ofb128.c b/openssl-1.1.0h/crypto/modes/ofb128.c
new file mode 100644
index 0000000..8309256
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/ofb128.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ivec[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
+                0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ivec, key);
+                for (; n < 16; n += sizeof(size_t))
+                    *(size_t *)(out + n) =
+                        *(size_t *)(in + n) ^ *(size_t *)(ivec + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ivec, key);
+                while (len--) {
+                    out[n] = in[n] ^ ivec[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ivec, key);
+        }
+        out[l] = in[l] ^ ivec[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/modes/wrap128.c b/openssl-1.1.0h/crypto/modes/wrap128.c
new file mode 100644
index 0000000..46809a0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/wrap128.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**  Beware!
+ *
+ *  Following wrapping modes were designed for AES but this implementation
+ *  allows you to use them for any 128 bit block cipher.
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/modes.h>
+
+/** RFC 3394 section 2.2.3.1 Default Initial Value */
+static const unsigned char default_iv[] = {
+    0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
+static const unsigned char default_aiv[] = {
+    0xA6, 0x59, 0x59, 0xA6
+};
+
+/** Input size limit: lower than maximum of standards but far larger than
+ *  anything that will be used in practice.
+ */
+#define CRYPTO128_WRAP_MAX (1UL << 31)
+
+/** Wrapping according to RFC 3394 section 2.2.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  iv     IV value. Length = 8 bytes. NULL = use default_iv.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen does not consist of n 64-bit blocks, n >= 2.
+ *                     or if inlen > CRYPTO128_WRAP_MAX.
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 1;
+    memmove(out + 8, in, inlen);
+    if (!iv)
+        iv = default_iv;
+
+    memcpy(A, iv, 8);
+
+    for (j = 0; j < 6; j++) {
+        R = out + 8;
+        for (i = 0; i < inlen; i += 8, t++, R += 8) {
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(out, A, 8);
+    return inlen + 8;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
+ *  The IV check (step 3) is responsibility of the caller.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     Unchecked IV value. Minimal buffer length = 8 bytes.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8.
+ *                     Output length otherwise.
+ */
+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
+                                    unsigned char *out,
+                                    const unsigned char *in, size_t inlen,
+                                    block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    inlen -= 8;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 6 * (inlen >> 3);
+    memcpy(A, in, 8);
+    memmove(out, in + 8, inlen);
+    for (j = 0; j < 6; j++) {
+        R = out + inlen - 8;
+        for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(iv, A, 8);
+    return inlen;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check.
+ *  The first block of plaintext has to match the supplied IV, otherwise an
+ *  error is returned.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     IV value to match against. Length = 8 bytes.
+ *                     NULL = use default_iv.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV doesn't match expected value.
+ *                     Output length otherwise.
+ */
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out, const unsigned char *in,
+                         size_t inlen, block128_f block)
+{
+    size_t ret;
+    unsigned char got_iv[8];
+
+    ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+    if (ret == 0)
+        return 0;
+
+    if (!iv)
+        iv = default_iv;
+    if (CRYPTO_memcmp(got_iv, iv, 8)) {
+        OPENSSL_cleanse(out, ret);
+        return 0;
+    }
+    return ret;
+}
+
+/** Wrapping according to RFC 5649 section 4.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 15) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out,
+                           const unsigned char *in, size_t inlen,
+                           block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data
+     *
+     * If length of plain text is not a multiple of 8, pad the plain text octet
+     * string on the right with octets of zeros, where final length is the
+     * smallest multiple of 8 that is greater than length of plain text.
+     * If length of plain text is a multiple of 8, then there is no padding. */
+    const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */
+    const size_t padded_len = blocks_padded * 8;
+    const size_t padding_len = padded_len - inlen;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    int ret;
+
+    /* Section 1: use 32-bit fixed field for plaintext octet length */
+    if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    /* Section 3: Alternative Initial Value */
+    if (!icv)
+        memcpy(aiv, default_aiv, 4);
+    else
+        memcpy(aiv, icv, 4);    /* Standard doesn't mention this. */
+
+    aiv[4] = (inlen >> 24) & 0xFF;
+    aiv[5] = (inlen >> 16) & 0xFF;
+    aiv[6] = (inlen >> 8) & 0xFF;
+    aiv[7] = inlen & 0xFF;
+
+    if (padded_len == 8) {
+        /*
+         * Section 4.1 - special case in step 2: If the padded plaintext
+         * contains exactly eight octets, then prepend the AIV and encrypt
+         * the resulting 128-bit block using AES in ECB mode.
+         */
+        memmove(out + 8, in, inlen);
+        memcpy(out, aiv, 8);
+        memset(out + 8 + inlen, 0, padding_len);
+        block(out, out, key);
+        ret = 16;               /* AIV + padded input */
+    } else {
+        memmove(out, in, inlen);
+        memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
+        ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
+    }
+
+    return ret;
+}
+
+/** Unwrapping according to RFC 5649 section 4.2.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Plaintext. Minimal buffer length = inlen bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV and message length indicator doesn't match.
+ *                     Output length if unwrapping succeeded and IV matches.
+ */
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out,
+                             const unsigned char *in, size_t inlen,
+                             block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data */
+    size_t n = inlen / 8 - 1;
+    size_t padded_len;
+    size_t padding_len;
+    size_t ptext_len;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    static unsigned char zeros[8] = { 0x0 };
+    size_t ret;
+
+    /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */
+    if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    memmove(out, in, inlen);
+    if (inlen == 16) {
+        /*
+         * Section 4.2 - special case in step 1: When n=1, the ciphertext
+         * contains exactly two 64-bit blocks and they are decrypted as a
+         * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] |
+         * C[1])
+         */
+        block(out, out, key);
+        memcpy(aiv, out, 8);
+        /* Remove AIV */
+        memmove(out, out + 8, 8);
+        padded_len = 8;
+    } else {
+        padded_len = inlen - 8;
+        ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
+        if (padded_len != ret) {
+            OPENSSL_cleanse(out, inlen);
+            return 0;
+        }
+    }
+
+    /*
+     * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a
+     * user-supplied value can be used (even if standard doesn't mention
+     * this).
+     */
+    if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
+        || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len =
+     * LSB(32,AIV).
+     */
+
+    ptext_len =   ((unsigned int)aiv[4] << 24)
+                | ((unsigned int)aiv[5] << 16)
+                | ((unsigned int)aiv[6] <<  8)
+                |  (unsigned int)aiv[7];
+    if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that the rightmost padding_len octets of the output data are
+     * zero.
+     */
+    padding_len = padded_len - ptext_len;
+    if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /* Section 4.2 step 3: Remove padding */
+    return ptext_len;
+}
diff --git a/openssl-1.1.0h/crypto/modes/xts128.c b/openssl-1.1.0h/crypto/modes/xts128.c
new file mode 100644
index 0000000..81b1eac
--- /dev/null
+++ b/openssl-1.1.0h/crypto/modes/xts128.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+    } tweak, scratch;
+    unsigned int i;
+
+    if (len < 16)
+        return -1;
+
+    memcpy(tweak.c, iv, 16);
+
+    (*ctx->block2) (tweak.c, tweak.c, ctx->key2);
+
+    if (!enc && (len % 16))
+        len -= 16;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+#else
+        scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0];
+        scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0];
+        ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+
+        if (len == 0)
+            return 0;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+    }
+    if (enc) {
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[i];
+            out[i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out - 16, scratch.c, 16);
+    } else {
+        union {
+            u64 u[2];
+            u8 c[16];
+        } tweak1;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak1.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak1.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak1.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak1.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+#else
+        scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0];
+        scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[16 + i];
+            out[16 + i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0];
+        ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1];
+#endif
+    }
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/o_dir.c b/openssl-1.1.0h/crypto/o_dir.c
new file mode 100644
index 0000000..7019383
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_dir.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <errno.h>
+#include <e_os.h>
+
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "internal/o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP \
+    || (defined __VMS_VER && __VMS_VER >= 70000000)
+# include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+# include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+# include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+# include "LPdir_wince.c"
+#else
+# include "LPdir_nyi.c"
+#endif
diff --git a/openssl-1.1.0h/crypto/o_fips.c b/openssl-1.1.0h/crypto/o_fips.c
new file mode 100644
index 0000000..bf6db65
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_fips.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+int FIPS_mode(void)
+{
+#ifdef OPENSSL_FIPS
+    return FIPS_module_mode();
+#else
+    return 0;
+#endif
+}
+
+int FIPS_mode_set(int r)
+{
+#ifdef OPENSSL_FIPS
+    return FIPS_module_mode_set(r);
+#else
+    if (r == 0)
+        return 1;
+    CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
+    return 0;
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/o_fopen.c b/openssl-1.1.0h/crypto/o_fopen.c
new file mode 100644
index 0000000..a3a0065
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_fopen.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_NO_STDIO)
+
+# include <stdio.h>
+
+FILE *openssl_fopen(const char *filename, const char *mode)
+{
+    FILE *file = NULL;
+# if defined(_WIN32) && defined(CP_UTF8)
+    int sz, len_0 = (int)strlen(filename) + 1;
+    DWORD flags;
+
+    /*
+     * Basically there are three cases to cover: a) filename is
+     * pure ASCII string; b) actual UTF-8 encoded string and
+     * c) locale-ized string, i.e. one containing 8-bit
+     * characters that are meaningful in current system locale.
+     * If filename is pure ASCII or real UTF-8 encoded string,
+     * MultiByteToWideChar succeeds and _wfopen works. If
+     * filename is locale-ized string, chances are that
+     * MultiByteToWideChar fails reporting
+     * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+     * back to fopen...
+     */
+    if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
+                                  filename, len_0, NULL, 0)) > 0 ||
+        (GetLastError() == ERROR_INVALID_FLAGS &&
+         (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
+                                   filename, len_0, NULL, 0)) > 0)
+        ) {
+        WCHAR wmode[8];
+        WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
+
+        if (MultiByteToWideChar(CP_UTF8, flags,
+                                filename, len_0, wfilename, sz) &&
+            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
+                                wmode, OSSL_NELEM(wmode)) &&
+            (file = _wfopen(wfilename, wmode)) == NULL &&
+            (errno == ENOENT || errno == EBADF)
+            ) {
+            /*
+             * UTF-8 decode succeeded, but no file, filename
+             * could still have been locale-ized...
+             */
+            file = fopen(filename, mode);
+        }
+    } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+        file = fopen(filename, mode);
+    }
+# elif defined(__DJGPP__)
+    {
+        char *newname = NULL;
+
+        if (!HAS_LFN_SUPPORT(filename)) {
+            char *iterator;
+            char lastchar;
+
+            newname = OPENSSL_malloc(strlen(filename) + 1);
+            if (newname == NULL)
+                return NULL;
+
+            for (iterator = newname, lastchar = '\0';
+                *filename; filename++, iterator++) {
+                if (lastchar == '/' && filename[0] == '.'
+                    && filename[1] != '.' && filename[1] != '/') {
+                    /* Leading dots are not permitted in plain DOS. */
+                    *iterator = '_';
+                } else {
+                    *iterator = *filename;
+                }
+                lastchar = *filename;
+            }
+            *iterator = '\0';
+            filename = newname;
+        }
+        file = fopen(filename, mode);
+
+        OPENSSL_free(newname);
+    }
+# else
+    file = fopen(filename, mode);
+# endif
+    return file;
+}
+
+#else
+
+void *openssl_fopen(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/o_init.c b/openssl-1.1.0h/crypto/o_init.c
new file mode 100644
index 0000000..2e0c126
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_init.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <e_os.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include <openssl/rand.h>
+#endif
+
+/*
+ * Perform any essential OpenSSL initialization operations. Currently only
+ * sets FIPS callbacks
+ */
+
+void OPENSSL_init(void)
+{
+    static int done = 0;
+    if (done)
+        return;
+    done = 1;
+#ifdef OPENSSL_FIPS
+    FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
+    FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
+    FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
+    RAND_init_fips();
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/o_str.c b/openssl-1.1.0h/crypto/o_str.c
new file mode 100644
index 0000000..528655a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_str.c
@@ -0,0 +1,251 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <ctype.h>
+#include <limits.h>
+#include <e_os.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/o_str.h"
+
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
+
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
+
+    return ret;
+}
+
+char *CRYPTO_strdup(const char *str, const char* file, int line)
+{
+    char *ret;
+    size_t size;
+
+    if (str == NULL)
+        return NULL;
+    size = strlen(str) + 1;
+    ret = CRYPTO_malloc(size, file, line);
+    if (ret != NULL)
+        memcpy(ret, str, size);
+    return ret;
+}
+
+char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line)
+{
+    size_t maxlen;
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+
+    maxlen = OPENSSL_strnlen(str, s);
+
+    ret = CRYPTO_malloc(maxlen + 1, file, line);
+    if (ret) {
+        memcpy(ret, str, maxlen);
+        ret[maxlen] = '\0';
+    }
+    return ret;
+}
+
+void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line)
+{
+    void *ret;
+
+    if (data == NULL || siz >= INT_MAX)
+        return NULL;
+
+    ret = CRYPTO_malloc(siz, file, line);
+    if (ret == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return memcpy(ret, data, siz);
+}
+
+size_t OPENSSL_strnlen(const char *str, size_t maxlen)
+{
+    const char *p;
+
+    for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ;
+
+    return p - str;
+}
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 1 && *src; size--) {
+        *dst++ = *src++;
+        l++;
+    }
+    if (size)
+        *dst = '\0';
+    return l + strlen(src);
+}
+
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 0 && *dst; size--, dst++)
+        l++;
+    return l + OPENSSL_strlcpy(dst, src, size);
+}
+
+int OPENSSL_hexchar2int(unsigned char c)
+{
+#ifdef CHARSET_EBCDIC
+    c = os_toebcdic[c];
+#endif
+
+    switch (c) {
+    case '0':
+        return 0;
+    case '1':
+        return 1;
+    case '2':
+        return 2;
+    case '3':
+        return 3;
+    case '4':
+          return 4;
+    case '5':
+          return 5;
+    case '6':
+          return 6;
+    case '7':
+          return 7;
+    case '8':
+          return 8;
+    case '9':
+          return 9;
+    case 'a': case 'A':
+          return 0x0A;
+    case 'b': case 'B':
+          return 0x0B;
+    case 'c': case 'C':
+          return 0x0C;
+    case 'd': case 'D':
+          return 0x0D;
+    case 'e': case 'E':
+          return 0x0E;
+    case 'f': case 'F':
+          return 0x0F;
+    }
+    return -1;
+}
+
+/*
+ * Give a string of hex digits convert to a buffer
+ */
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len)
+{
+    unsigned char *hexbuf, *q;
+    unsigned char ch, cl;
+    int chi, cli;
+    const unsigned char *p;
+    size_t s;
+
+    s = strlen(str);
+    if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (p = (const unsigned char *)str, q = hexbuf; *p; ) {
+        ch = *p++;
+        if (ch == ':')
+            continue;
+        cl = *p++;
+        if (!cl) {
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF,
+                      CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+            OPENSSL_free(hexbuf);
+            return NULL;
+        }
+        cli = OPENSSL_hexchar2int(cl);
+        chi = OPENSSL_hexchar2int(ch);
+        if (cli < 0 || chi < 0) {
+            OPENSSL_free(hexbuf);
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT);
+            return NULL;
+        }
+        *q++ = (unsigned char)((chi << 4) | cli);
+    }
+
+    if (len)
+        *len = q - hexbuf;
+    return hexbuf;
+}
+
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
+ */
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    char *tmp, *q;
+    const unsigned char *p;
+    int i;
+
+    if (len == 0)
+    {
+        return OPENSSL_zalloc(1);
+    }
+
+    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    q = tmp;
+    for (i = 0, p = buffer; i < len; i++, p++) {
+        *q++ = hexdig[(*p >> 4) & 0xf];
+        *q++ = hexdig[*p & 0xf];
+        *q++ = ':';
+    }
+    q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+    return tmp;
+}
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+{
+#if defined(_MSC_VER) && _MSC_VER>=1400
+    return !strerror_s(buf, buflen, errnum);
+#elif defined(_GNU_SOURCE)
+    return strerror_r(errnum, buf, buflen) != NULL;
+#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+    /*
+     * We can use "real" strerror_r. The OpenSSL version differs in that it
+     * gives 1 on success and 0 on failure for consistency with other OpenSSL
+     * functions. Real strerror_r does it the other way around
+     */
+    return !strerror_r(errnum, buf, buflen);
+#else
+    char *err;
+    /* Fall back to non-thread safe strerror()...its all we can do */
+    if (buflen < 2)
+        return 0;
+    err = strerror(errnum);
+    /* Can this ever happen? */
+    if (err == NULL)
+        return 0;
+    strncpy(buf, err, buflen - 1);
+    buf[buflen - 1] = '\0';
+    return 1;
+#endif
+}
diff --git a/openssl-1.1.0h/crypto/o_time.c b/openssl-1.1.0h/crypto/o_time.c
new file mode 100644
index 0000000..b2fb38a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/o_time.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+{
+    struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS)
+    {
+        /*
+         * On VMS, gmtime_r() takes a 32-bit pointer as second argument.
+         * Since we can't know that |result| is in a space that can easily
+         * translate to a 32-bit pointer, we must store temporarily on stack
+         * and copy the result.  The stack is always reachable with 32-bit
+         * pointers.
+         */
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        struct tm data, *ts2 = &data;
+#if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE
+# pragma pointer_size restore
+#endif
+        if (gmtime_r(timer, ts2) == NULL)
+            return NULL;
+        memcpy(result, ts2, sizeof(struct tm));
+        ts = result;
+    }
+#elif defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_MACOSX)
+    if (gmtime_r(timer, result) == NULL)
+        return NULL;
+    ts = result;
+#else
+    ts = gmtime(timer);
+    if (ts == NULL)
+        return NULL;
+
+    memcpy(result, ts, sizeof(struct tm));
+    ts = result;
+#endif
+    return ts;
+}
+
+/*
+ * Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+
+#define SECS_PER_DAY (24 * 60 * 60)
+
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec);
+
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+{
+    int time_sec, time_year, time_month, time_day;
+    long time_jd;
+
+    /* Convert time and offset into Julian day and seconds */
+    if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
+        return 0;
+
+    /* Convert Julian day back to date */
+
+    julian_to_date(time_jd, &time_year, &time_month, &time_day);
+
+    if (time_year < 1900 || time_year > 9999)
+        return 0;
+
+    /* Update tm structure */
+
+    tm->tm_year = time_year - 1900;
+    tm->tm_mon = time_month - 1;
+    tm->tm_mday = time_day;
+
+    tm->tm_hour = time_sec / 3600;
+    tm->tm_min = (time_sec / 60) % 60;
+    tm->tm_sec = time_sec % 60;
+
+    return 1;
+
+}
+
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to)
+{
+    int from_sec, to_sec, diff_sec;
+    long from_jd, to_jd, diff_day;
+    if (!julian_adj(from, 0, 0, &from_jd, &from_sec))
+        return 0;
+    if (!julian_adj(to, 0, 0, &to_jd, &to_sec))
+        return 0;
+    diff_day = to_jd - from_jd;
+    diff_sec = to_sec - from_sec;
+    /* Adjust differences so both positive or both negative */
+    if (diff_day > 0 && diff_sec < 0) {
+        diff_day--;
+        diff_sec += SECS_PER_DAY;
+    }
+    if (diff_day < 0 && diff_sec > 0) {
+        diff_day++;
+        diff_sec -= SECS_PER_DAY;
+    }
+
+    if (pday)
+        *pday = (int)diff_day;
+    if (psec)
+        *psec = diff_sec;
+
+    return 1;
+
+}
+
+/* Convert tm structure and offset into julian day and seconds */
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec)
+{
+    int offset_hms, offset_day;
+    long time_jd;
+    int time_year, time_month, time_day;
+    /* split offset into days and day seconds */
+    offset_day = offset_sec / SECS_PER_DAY;
+    /* Avoid sign issues with % operator */
+    offset_hms = offset_sec - (offset_day * SECS_PER_DAY);
+    offset_day += off_day;
+    /* Add current time seconds to offset */
+    offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+    /* Adjust day seconds if overflow */
+    if (offset_hms >= SECS_PER_DAY) {
+        offset_day++;
+        offset_hms -= SECS_PER_DAY;
+    } else if (offset_hms < 0) {
+        offset_day--;
+        offset_hms += SECS_PER_DAY;
+    }
+
+    /*
+     * Convert date of time structure into a Julian day number.
+     */
+
+    time_year = tm->tm_year + 1900;
+    time_month = tm->tm_mon + 1;
+    time_day = tm->tm_mday;
+
+    time_jd = date_to_julian(time_year, time_month, time_day);
+
+    /* Work out Julian day of new date */
+    time_jd += offset_day;
+
+    if (time_jd < 0)
+        return 0;
+
+    *pday = time_jd;
+    *psec = offset_hms;
+    return 1;
+}
+
+/*
+ * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+    return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+        (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+        (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075;
+}
+
+static void julian_to_date(long jd, int *y, int *m, int *d)
+{
+    long L = jd + 68569;
+    long n = (4 * L) / 146097;
+    long i, j;
+
+    L = L - (146097 * n + 3) / 4;
+    i = (4000 * (L + 1)) / 1461001;
+    L = L - (1461 * i) / 4 + 31;
+    j = (80 * L) / 2447;
+    *d = L - (2447 * j) / 80;
+    L = j / 11;
+    *m = j + 2 - (12 * L);
+    *y = 100 * (n - 49) + i + L;
+}
diff --git a/openssl-1.1.0h/crypto/objects/README b/openssl-1.1.0h/crypto/objects/README
new file mode 100644
index 0000000..cb1d216
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+	1 2 3 4		: shortName	: Long Name
+
+		If Long Name contains only word characters and hyphen-minus
+		(0x2D) or full stop (0x2E) then Long Name is used as basis
+		for the base name in C. Otherwise, the shortName is used.
+
+		The base name (let's call it 'base') will then be used to
+		create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+		Note that if the base name contains spaces, dashes or periods,
+		those will be converte to underscore.
+
+Then there are some extra commands:
+
+	!Alias foo 1 2 3 4
+
+		This just makes a name foo for an OID.  The C macro
+		OBJ_foo will be created as a result.
+
+	!Cname foo
+
+		This makes sure that the name foo will be used as base name
+		in C.
+
+	!module foo
+	1 2 3 4		: shortName	: Long Name
+	!global
+
+		The !module command was meant to define a kind of modularity.
+		What it does is to make sure the module name is prepended
+		to the base name.  !global turns this off.  This construction
+		is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/openssl-1.1.0h/crypto/objects/build.info b/openssl-1.1.0h/crypto/objects/build.info
new file mode 100644
index 0000000..38e2907
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
diff --git a/openssl-1.1.0h/crypto/objects/o_names.c b/openssl-1.1.0h/crypto/objects/o_names.c
new file mode 100644
index 0000000..15fe653
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/o_names.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+#include <internal/thread_once.h>
+#include "obj_lcl.h"
+
+/*
+ * We define this wrapper for two reasons. Firstly, later versions of
+ * DEC C add linkage information to certain functions, which makes it
+ * tricky to use them as values to regular function pointers.
+ * Secondly, in the EDK2 build environment, the strcmp function is
+ * actually an external function (AsciiStrCmp) with the Microsoft ABI,
+ * so we can't transparently assign function pointers to it.
+ * Arguably the latter is a stupidity of the UEFI environment, but
+ * since the wrapper solves the DEC C issue too, let's just use the
+ * same solution.
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
+static int obj_strcmp(const char *a, const char *b)
+{
+    return strcmp(a, b);
+}
+#else
+#define obj_strcmp strcmp
+#endif
+
+/*
+ * I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH_OF(OBJ_NAME) *names_lh = NULL;
+static int names_type_num = OBJ_NAME_TYPE_NUM;
+static CRYPTO_RWLOCK *lock = NULL;
+
+struct name_funcs_st {
+    unsigned long (*hash_func) (const char *name);
+    int (*cmp_func) (const char *a, const char *b);
+    void (*free_func) (const char *, int, const char *);
+};
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/*
+ * The LHASH callbacks now use the raw "void *" prototypes and do
+ * per-variable casting in the functions. This prevents function pointer
+ * casting without the need for macro-generated wrapper functions.
+ */
+
+static unsigned long obj_name_hash(const OBJ_NAME *a);
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
+
+static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(o_names_init)
+{
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+    lock = CRYPTO_THREAD_lock_new();
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return names_lh != NULL && lock != NULL;
+}
+
+int OBJ_NAME_init(void)
+{
+    return RUN_ONCE(&init, o_names_init);
+}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *))
+{
+    int ret = 0, i, push;
+    NAME_FUNCS *name_funcs;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(lock);
+
+    if (name_funcs_stack == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs_stack = sk_NAME_FUNCS_new_null();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    if (name_funcs_stack == NULL) {
+        /* ERROR */
+        goto out;
+    }
+    ret = names_type_num;
+    names_type_num++;
+    for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        if (name_funcs == NULL) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto out;
+        }
+        name_funcs->hash_func = OPENSSL_LH_strhash;
+        name_funcs->cmp_func = obj_strcmp;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+
+        if (!push) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(name_funcs);
+            ret = 0;
+            goto out;
+        }
+    }
+    name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+    if (hash_func != NULL)
+        name_funcs->hash_func = hash_func;
+    if (cmp_func != NULL)
+        name_funcs->cmp_func = cmp_func;
+    if (free_func != NULL)
+        name_funcs->free_func = free_func;
+
+out:
+    CRYPTO_THREAD_unlock(lock);
+    return ret;
+}
+
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
+{
+    int ret;
+
+    ret = a->type - b->type;
+    if (ret == 0) {
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+            ret = sk_NAME_FUNCS_value(name_funcs_stack,
+                                      a->type)->cmp_func(a->name, b->name);
+        } else
+            ret = strcmp(a->name, b->name);
+    }
+    return ret;
+}
+
+static unsigned long obj_name_hash(const OBJ_NAME *a)
+{
+    unsigned long ret;
+
+    if ((name_funcs_stack != NULL)
+        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+        ret =
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                a->type)->hash_func(a->name);
+    } else {
+        ret = OPENSSL_LH_strhash(a->name);
+    }
+    ret ^= a->type;
+    return ret;
+}
+
+const char *OBJ_NAME_get(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int num = 0, alias;
+    const char *value = NULL;
+
+    if (name == NULL)
+        return NULL;
+    if (!OBJ_NAME_init())
+        return NULL;
+    CRYPTO_THREAD_read_lock(lock);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    on.name = name;
+    on.type = type;
+
+    for (;;) {
+        ret = lh_OBJ_NAME_retrieve(names_lh, &on);
+        if (ret == NULL)
+            break;
+        if ((ret->alias) && !alias) {
+            if (++num > 10)
+                break;
+            on.name = ret->data;
+        } else {
+            value = ret->data;
+            break;
+        }
+    }
+
+    CRYPTO_THREAD_unlock(lock);    
+    return value;
+}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+{
+    OBJ_NAME *onp, *ret;
+    int alias, ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;    
+
+    CRYPTO_THREAD_write_lock(lock);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    onp = OPENSSL_malloc(sizeof(*onp));
+    if (onp == NULL) {
+        /* ERROR */
+        goto unlock;
+    }
+
+    onp->name = name;
+    onp->alias = alias;
+    onp->type = type;
+    onp->data = data;
+
+    ret = lh_OBJ_NAME_insert(names_lh, onp);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+    } else {
+        if (lh_OBJ_NAME_error(names_lh)) {
+            /* ERROR */
+            OPENSSL_free(onp);
+            goto unlock;
+        }
+    }
+
+    ok = 1;
+
+unlock:
+    CRYPTO_THREAD_unlock(lock);
+    return ok;
+}
+
+int OBJ_NAME_remove(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(lock);
+
+    type &= ~OBJ_NAME_ALIAS;
+    on.name = name;
+    on.type = type;
+    ret = lh_OBJ_NAME_delete(names_lh, &on);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+        ok = 1;
+    }
+
+    CRYPTO_THREAD_unlock(lock);
+    return ok;
+}
+
+typedef struct {
+    int type;
+    void (*fn) (const OBJ_NAME *, void *arg);
+    void *arg;
+} OBJ_DOALL;
+
+static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d)
+{
+    if (name->type == d->type)
+        d->fn(name, d->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL);
+
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg)
+{
+    OBJ_DOALL d;
+
+    d.type = type;
+    d.fn = fn;
+    d.arg = arg;
+
+    lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d);
+}
+
+struct doall_sorted {
+    int type;
+    int n;
+    const OBJ_NAME **names;
+};
+
+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_)
+{
+    struct doall_sorted *d = d_;
+
+    if (name->type != d->type)
+        return;
+
+    d->names[d->n++] = name;
+}
+
+static int do_all_sorted_cmp(const void *n1_, const void *n2_)
+{
+    const OBJ_NAME *const *n1 = n1_;
+    const OBJ_NAME *const *n2 = n2_;
+
+    return strcmp((*n1)->name, (*n2)->name);
+}
+
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg)
+{
+    struct doall_sorted d;
+    int n;
+
+    d.type = type;
+    d.names =
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
+    /* Really should return an error if !d.names...but its a void function! */
+    if (d.names != NULL) {
+        d.n = 0;
+        OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
+
+        qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
+
+        for (n = 0; n < d.n; ++n)
+            fn(d.names[n], arg);
+
+        OPENSSL_free((void *)d.names);
+    }
+}
+
+static int free_type;
+
+static void names_lh_free_doall(OBJ_NAME *onp)
+{
+    if (onp == NULL)
+        return;
+
+    if (free_type < 0 || free_type == onp->type)
+        OBJ_NAME_remove(onp->name, onp->type);
+}
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+{
+    OPENSSL_free(ptr);
+}
+
+void OBJ_NAME_cleanup(int type)
+{
+    unsigned long down_load;
+
+    if (names_lh == NULL)
+        return;
+
+    free_type = type;
+    down_load = lh_OBJ_NAME_get_down_load(names_lh);
+    lh_OBJ_NAME_set_down_load(names_lh, 0);
+
+    lh_OBJ_NAME_doall(names_lh, names_lh_free_doall);
+    if (type < 0) {
+        lh_OBJ_NAME_free(names_lh);
+        sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+        CRYPTO_THREAD_lock_free(lock);
+        names_lh = NULL;
+        name_funcs_stack = NULL;
+        lock = NULL;
+    } else
+        lh_OBJ_NAME_set_down_load(names_lh, down_load);
+}
diff --git a/openssl-1.1.0h/crypto/objects/obj_dat.c b/openssl-1.1.0h/crypto/objects/obj_dat.c
new file mode 100644
index 0000000..21a1f05
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_dat.c
@@ -0,0 +1,738 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include "internal/objects.h"
+#include <openssl/bn.h>
+#include "internal/asn1_int.h"
+#include "obj_lcl.h"
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#include "obj_dat.h"
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
+
+struct added_obj_st {
+    int type;
+    ASN1_OBJECT *obj;
+};
+
+static int new_nid = NUM_NID;
+static LHASH_OF(ADDED_OBJ) *added = NULL;
+
+static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return (strcmp((*a)->sn, nid_objs[*b].sn));
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+
+static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return (strcmp((*a)->ln, nid_objs[*b].ln));
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+
+static unsigned long added_obj_hash(const ADDED_OBJ *ca)
+{
+    const ASN1_OBJECT *a;
+    int i;
+    unsigned long ret = 0;
+    unsigned char *p;
+
+    a = ca->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        ret = a->length << 20L;
+        p = (unsigned char *)a->data;
+        for (i = 0; i < a->length; i++)
+            ret ^= p[i] << ((i * 3) % 24);
+        break;
+    case ADDED_SNAME:
+        ret = OPENSSL_LH_strhash(a->sn);
+        break;
+    case ADDED_LNAME:
+        ret = OPENSSL_LH_strhash(a->ln);
+        break;
+    case ADDED_NID:
+        ret = a->nid;
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    ret &= 0x3fffffffL;
+    ret |= ((unsigned long)ca->type) << 30L;
+    return (ret);
+}
+
+static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
+{
+    ASN1_OBJECT *a, *b;
+    int i;
+
+    i = ca->type - cb->type;
+    if (i)
+        return (i);
+    a = ca->obj;
+    b = cb->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        i = (a->length - b->length);
+        if (i)
+            return (i);
+        return (memcmp(a->data, b->data, (size_t)a->length));
+    case ADDED_SNAME:
+        if (a->sn == NULL)
+            return (-1);
+        else if (b->sn == NULL)
+            return (1);
+        else
+            return (strcmp(a->sn, b->sn));
+    case ADDED_LNAME:
+        if (a->ln == NULL)
+            return (-1);
+        else if (b->ln == NULL)
+            return (1);
+        else
+            return (strcmp(a->ln, b->ln));
+    case ADDED_NID:
+        return (a->nid - b->nid);
+    default:
+        /* abort(); */
+        return 0;
+    }
+}
+
+static int init_added(void)
+{
+    if (added != NULL)
+        return (1);
+    added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
+    return (added != NULL);
+}
+
+static void cleanup1_doall(ADDED_OBJ *a)
+{
+    a->obj->nid = 0;
+    a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
+        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+}
+
+static void cleanup2_doall(ADDED_OBJ *a)
+{
+    a->obj->nid++;
+}
+
+static void cleanup3_doall(ADDED_OBJ *a)
+{
+    if (--a->obj->nid == 0)
+        ASN1_OBJECT_free(a->obj);
+    OPENSSL_free(a);
+}
+
+void obj_cleanup_int(void)
+{
+    if (added == NULL)
+        return;
+    lh_ADDED_OBJ_set_down_load(added, 0);
+    lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */
+    lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */
+    lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */
+    lh_ADDED_OBJ_free(added);
+    added = NULL;
+}
+
+int OBJ_new_nid(int num)
+{
+    int i;
+
+    i = new_nid;
+    new_nid += num;
+    return (i);
+}
+
+int OBJ_add_object(const ASN1_OBJECT *obj)
+{
+    ASN1_OBJECT *o;
+    ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
+    int i;
+
+    if (added == NULL)
+        if (!init_added())
+            return (0);
+    if ((o = OBJ_dup(obj)) == NULL)
+        goto err;
+    if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+        goto err2;
+    if ((o->length != 0) && (obj->data != NULL))
+        if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->sn != NULL)
+        if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->ln != NULL)
+        if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+
+    for (i = ADDED_DATA; i <= ADDED_NID; i++) {
+        if (ao[i] != NULL) {
+            ao[i]->type = i;
+            ao[i]->obj = o;
+            aop = lh_ADDED_OBJ_insert(added, ao[i]);
+            /* memory leak, but should not normally matter */
+            OPENSSL_free(aop);
+        }
+    }
+    o->flags &=
+        ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+          ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    return (o->nid);
+ err2:
+    OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+ err:
+    for (i = ADDED_DATA; i <= ADDED_NID; i++)
+        OPENSSL_free(ao[i]);
+    ASN1_OBJECT_free(o);
+    return NID_undef;
+}
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return ((ASN1_OBJECT *)&(nid_objs[n]));
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
+
+const char *OBJ_nid2sn(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return (nid_objs[n].sn);
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->sn);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
+
+const char *OBJ_nid2ln(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return (nid_objs[n].ln);
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->ln);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
+
+static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
+{
+    int j;
+    const ASN1_OBJECT *a = *ap;
+    const ASN1_OBJECT *b = &nid_objs[*bp];
+
+    j = (a->length - b->length);
+    if (j)
+        return (j);
+    if (a->length == 0)
+        return 0;
+    return (memcmp(a->data, b->data, a->length));
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+int OBJ_obj2nid(const ASN1_OBJECT *a)
+{
+    const unsigned int *op;
+    ADDED_OBJ ad, *adp;
+
+    if (a == NULL)
+        return (NID_undef);
+    if (a->nid != 0)
+        return (a->nid);
+
+    if (a->length == 0)
+        return NID_undef;
+
+    if (added != NULL) {
+        ad.type = ADDED_DATA;
+        ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
+    if (op == NULL)
+        return (NID_undef);
+    return (nid_objs[*op].nid);
+}
+
+/*
+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then
+ * search for short and long names first. This will convert the "dotted" form
+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not
+ * just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+{
+    int nid = NID_undef;
+    ASN1_OBJECT *op = NULL;
+    unsigned char *buf;
+    unsigned char *p;
+    const unsigned char *cp;
+    int i, j;
+
+    if (!no_name) {
+        if (((nid = OBJ_sn2nid(s)) != NID_undef) ||
+            ((nid = OBJ_ln2nid(s)) != NID_undef))
+            return OBJ_nid2obj(nid);
+    }
+
+    /* Work out size of content octets */
+    i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
+    if (i <= 0) {
+        /* Don't clear the error */
+        /*
+         * ERR_clear_error();
+         */
+        return NULL;
+    }
+    /* Work out total size */
+    j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
+
+    if ((buf = OPENSSL_malloc(j)) == NULL)
+        return NULL;
+
+    p = buf;
+    /* Write out tag+length */
+    ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    /* Write out contents */
+    a2d_ASN1_OBJECT(p, i, s, -1);
+
+    cp = buf;
+    op = d2i_ASN1_OBJECT(NULL, &cp, j);
+    OPENSSL_free(buf);
+    return op;
+}
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+    int i, n = 0, len, nid, first, use_bn;
+    BIGNUM *bl;
+    unsigned long l;
+    const unsigned char *p;
+    char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
+
+    /* Ensure that, at every state, |buf| is NUL-terminated. */
+    if (buf && buf_len > 0)
+        buf[0] = '\0';
+
+    if ((a == NULL) || (a->data == NULL))
+        return (0);
+
+    if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
+        const char *s;
+        s = OBJ_nid2ln(nid);
+        if (s == NULL)
+            s = OBJ_nid2sn(nid);
+        if (s) {
+            if (buf)
+                OPENSSL_strlcpy(buf, s, buf_len);
+            n = strlen(s);
+            return n;
+        }
+    }
+
+    len = a->length;
+    p = a->data;
+
+    first = 1;
+    bl = NULL;
+
+    while (len > 0) {
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            unsigned char c = *p++;
+            len--;
+            if ((len == 0) && (c & 0x80))
+                goto err;
+            if (use_bn) {
+                if (!BN_add_word(bl, c & 0x7f))
+                    goto err;
+            } else
+                l |= c & 0x7f;
+            if (!(c & 0x80))
+                break;
+            if (!use_bn && (l > (ULONG_MAX >> 7L))) {
+                if (bl == NULL && (bl = BN_new()) == NULL)
+                    goto err;
+                if (!BN_set_word(bl, l))
+                    goto err;
+                use_bn = 1;
+            }
+            if (use_bn) {
+                if (!BN_lshift(bl, bl, 7))
+                    goto err;
+            } else
+                l <<= 7L;
+        }
+
+        if (first) {
+            first = 0;
+            if (l >= 80) {
+                i = 2;
+                if (use_bn) {
+                    if (!BN_sub_word(bl, 80))
+                        goto err;
+                } else
+                    l -= 80;
+            } else {
+                i = (int)(l / 40);
+                l -= (long)(i * 40);
+            }
+            if (buf && (buf_len > 1)) {
+                *buf++ = i + '0';
+                *buf = '\0';
+                buf_len--;
+            }
+            n++;
+        }
+
+        if (use_bn) {
+            char *bndec;
+            bndec = BN_bn2dec(bl);
+            if (!bndec)
+                goto err;
+            i = strlen(bndec);
+            if (buf) {
+                if (buf_len > 1) {
+                    *buf++ = '.';
+                    *buf = '\0';
+                    buf_len--;
+                }
+                OPENSSL_strlcpy(buf, bndec, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n++;
+            n += i;
+            OPENSSL_free(bndec);
+        } else {
+            BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
+            i = strlen(tbuf);
+            if (buf && (buf_len > 0)) {
+                OPENSSL_strlcpy(buf, tbuf, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n += i;
+            l = 0;
+        }
+    }
+
+    BN_free(bl);
+    return n;
+
+ err:
+    BN_free(bl);
+    return -1;
+}
+
+int OBJ_txt2nid(const char *s)
+{
+    ASN1_OBJECT *obj;
+    int nid;
+    obj = OBJ_txt2obj(s, 0);
+    nid = OBJ_obj2nid(obj);
+    ASN1_OBJECT_free(obj);
+    return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.ln = s;
+    if (added != NULL) {
+        ad.type = ADDED_LNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
+    if (op == NULL)
+        return (NID_undef);
+    return (nid_objs[*op].nid);
+}
+
+int OBJ_sn2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.sn = s;
+    if (added != NULL) {
+        ad.type = ADDED_SNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
+    if (op == NULL)
+        return (NID_undef);
+    return (nid_objs[*op].nid);
+}
+
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *))
+{
+    return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
+}
+
+const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags)
+{
+    const char *base = base_;
+    int l, h, i = 0, c = 0;
+    const char *p = NULL;
+
+    if (num == 0)
+        return (NULL);
+    l = 0;
+    h = num;
+    while (l < h) {
+        i = (l + h) / 2;
+        p = &(base[i * size]);
+        c = (*cmp) (key, p);
+        if (c < 0)
+            h = i;
+        else if (c > 0)
+            l = i + 1;
+        else
+            break;
+    }
+#ifdef CHARSET_EBCDIC
+    /*
+     * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
+     * don't have perl (yet), we revert to a *LINEAR* search when the object
+     * wasn't found in the binary search.
+     */
+    if (c != 0) {
+        for (i = 0; i < num; ++i) {
+            p = &(base[i * size]);
+            c = (*cmp) (key, p);
+            if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+                return p;
+        }
+    }
+#endif
+    if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+        p = NULL;
+    else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) {
+        while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0)
+            i--;
+        p = &(base[i * size]);
+    }
+    return (p);
+}
+
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
+ */
+int OBJ_create_objects(BIO *in)
+{
+    char buf[512];
+    int i, num = 0;
+    char *o, *s, *l = NULL;
+
+    for (;;) {
+        s = o = NULL;
+        i = BIO_gets(in, buf, 512);
+        if (i <= 0)
+            return (num);
+        buf[i - 1] = '\0';
+        if (!isalnum((unsigned char)buf[0]))
+            return (num);
+        o = s = buf;
+        while (isdigit((unsigned char)*s) || (*s == '.'))
+            s++;
+        if (*s != '\0') {
+            *(s++) = '\0';
+            while (isspace((unsigned char)*s))
+                s++;
+            if (*s == '\0') {
+                s = NULL;
+            } else {
+                l = s;
+                while ((*l != '\0') && !isspace((unsigned char)*l))
+                    l++;
+                if (*l != '\0') {
+                    *(l++) = '\0';
+                    while (isspace((unsigned char)*l))
+                        l++;
+                    if (*l == '\0') {
+                        l = NULL;
+                    }
+                } else {
+                    l = NULL;
+                }
+            }
+        } else {
+            s = NULL;
+        }
+        if (*o == '\0')
+            return num;
+        if (!OBJ_create(o, s, l))
+            return (num);
+        num++;
+    }
+    /* return(num); */
+}
+
+int OBJ_create(const char *oid, const char *sn, const char *ln)
+{
+    ASN1_OBJECT *tmpoid = NULL;
+    int ok = 0;
+
+    /* Check to see if short or long name already present */
+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        return 0;
+    }
+
+    /* Convert numerical OID string to an ASN1_OBJECT structure */
+    tmpoid = OBJ_txt2obj(oid, 1);
+    if (tmpoid == NULL)
+        return 0;
+
+    /* If NID is not NID_undef then object already exists */
+    if (OBJ_obj2nid(tmpoid) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        goto err;
+    }
+
+    tmpoid->nid = OBJ_new_nid(1);
+    tmpoid->sn = (char *)sn;
+    tmpoid->ln = (char *)ln;
+
+    ok = OBJ_add_object(tmpoid);
+
+    tmpoid->sn = NULL;
+    tmpoid->ln = NULL;
+
+ err:
+    ASN1_OBJECT_free(tmpoid);
+    return ok;
+}
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
+}
diff --git a/openssl-1.1.0h/crypto/objects/obj_dat.h b/openssl-1.1.0h/crypto/objects/obj_dat.h
new file mode 100644
index 0000000..e1fc64f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_dat.h
@@ -0,0 +1,5101 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Serialized OID's */
+static const unsigned char so[6765] = {
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   21] OBJ_md5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,       /* [   29] OBJ_rc4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,  /* [   37] OBJ_rsaEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,  /* [   46] OBJ_md2WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,  /* [   55] OBJ_md5WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,  /* [   64] OBJ_pbeWithMD2AndDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,  /* [   73] OBJ_pbeWithMD5AndDES_CBC */
+    0x55,                                          /* [   82] OBJ_X500 */
+    0x55,0x04,                                     /* [   83] OBJ_X509 */
+    0x55,0x04,0x03,                                /* [   85] OBJ_commonName */
+    0x55,0x04,0x06,                                /* [   88] OBJ_countryName */
+    0x55,0x04,0x07,                                /* [   91] OBJ_localityName */
+    0x55,0x04,0x08,                                /* [   94] OBJ_stateOrProvinceName */
+    0x55,0x04,0x0A,                                /* [   97] OBJ_organizationName */
+    0x55,0x04,0x0B,                                /* [  100] OBJ_organizationalUnitName */
+    0x55,0x08,0x01,0x01,                           /* [  103] OBJ_rsa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,       /* [  107] OBJ_pkcs7 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,  /* [  115] OBJ_pkcs7_data */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,  /* [  124] OBJ_pkcs7_signed */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,  /* [  133] OBJ_pkcs7_enveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,  /* [  142] OBJ_pkcs7_signedAndEnveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,  /* [  151] OBJ_pkcs7_digest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,  /* [  160] OBJ_pkcs7_encrypted */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,       /* [  169] OBJ_pkcs3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,  /* [  177] OBJ_dhKeyAgreement */
+    0x2B,0x0E,0x03,0x02,0x06,                      /* [  186] OBJ_des_ecb */
+    0x2B,0x0E,0x03,0x02,0x09,                      /* [  191] OBJ_des_cfb64 */
+    0x2B,0x0E,0x03,0x02,0x07,                      /* [  196] OBJ_des_cbc */
+    0x2B,0x0E,0x03,0x02,0x11,                      /* [  201] OBJ_des_ede_ecb */
+    0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,  /* [  206] OBJ_idea_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,       /* [  217] OBJ_rc2_cbc */
+    0x2B,0x0E,0x03,0x02,0x12,                      /* [  225] OBJ_sha */
+    0x2B,0x0E,0x03,0x02,0x0F,                      /* [  230] OBJ_shaWithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,       /* [  235] OBJ_des_ede3_cbc */
+    0x2B,0x0E,0x03,0x02,0x08,                      /* [  243] OBJ_des_ofb64 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,       /* [  248] OBJ_pkcs9 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,  /* [  256] OBJ_pkcs9_emailAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,  /* [  265] OBJ_pkcs9_unstructuredName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,  /* [  274] OBJ_pkcs9_contentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,  /* [  283] OBJ_pkcs9_messageDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,  /* [  292] OBJ_pkcs9_signingTime */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,  /* [  301] OBJ_pkcs9_countersignature */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,  /* [  310] OBJ_pkcs9_challengePassword */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,  /* [  319] OBJ_pkcs9_unstructuredAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,  /* [  328] OBJ_pkcs9_extCertAttributes */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,            /* [  337] OBJ_netscape */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,       /* [  344] OBJ_netscape_cert_extension */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,       /* [  352] OBJ_netscape_data_type */
+    0x2B,0x0E,0x03,0x02,0x1A,                      /* [  360] OBJ_sha1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,  /* [  365] OBJ_sha1WithRSAEncryption */
+    0x2B,0x0E,0x03,0x02,0x0D,                      /* [  374] OBJ_dsaWithSHA */
+    0x2B,0x0E,0x03,0x02,0x0C,                      /* [  379] OBJ_dsa_2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,  /* [  384] OBJ_pbeWithSHA1AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,  /* [  393] OBJ_id_pbkdf2 */
+    0x2B,0x0E,0x03,0x02,0x1B,                      /* [  402] OBJ_dsaWithSHA1_2 */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,  /* [  407] OBJ_netscape_cert_type */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,  /* [  416] OBJ_netscape_base_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,  /* [  425] OBJ_netscape_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,  /* [  434] OBJ_netscape_ca_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,  /* [  443] OBJ_netscape_renewal_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,  /* [  452] OBJ_netscape_ca_policy_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,  /* [  461] OBJ_netscape_ssl_server_name */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,  /* [  470] OBJ_netscape_comment */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,  /* [  479] OBJ_netscape_cert_sequence */
+    0x55,0x1D,                                     /* [  488] OBJ_id_ce */
+    0x55,0x1D,0x0E,                                /* [  490] OBJ_subject_key_identifier */
+    0x55,0x1D,0x0F,                                /* [  493] OBJ_key_usage */
+    0x55,0x1D,0x10,                                /* [  496] OBJ_private_key_usage_period */
+    0x55,0x1D,0x11,                                /* [  499] OBJ_subject_alt_name */
+    0x55,0x1D,0x12,                                /* [  502] OBJ_issuer_alt_name */
+    0x55,0x1D,0x13,                                /* [  505] OBJ_basic_constraints */
+    0x55,0x1D,0x14,                                /* [  508] OBJ_crl_number */
+    0x55,0x1D,0x20,                                /* [  511] OBJ_certificate_policies */
+    0x55,0x1D,0x23,                                /* [  514] OBJ_authority_key_identifier */
+    0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,  /* [  517] OBJ_bf_cbc */
+    0x55,0x08,0x03,0x65,                           /* [  526] OBJ_mdc2 */
+    0x55,0x08,0x03,0x64,                           /* [  530] OBJ_mdc2WithRSA */
+    0x55,0x04,0x2A,                                /* [  534] OBJ_givenName */
+    0x55,0x04,0x04,                                /* [  537] OBJ_surname */
+    0x55,0x04,0x2B,                                /* [  540] OBJ_initials */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,  /* [  543] OBJ_uniqueIdentifier */
+    0x55,0x1D,0x1F,                                /* [  553] OBJ_crl_distribution_points */
+    0x2B,0x0E,0x03,0x02,0x03,                      /* [  556] OBJ_md5WithRSA */
+    0x55,0x04,0x05,                                /* [  561] OBJ_serialNumber */
+    0x55,0x04,0x0C,                                /* [  564] OBJ_title */
+    0x55,0x04,0x0D,                                /* [  567] OBJ_description */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,  /* [  570] OBJ_cast5_cbc */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,  /* [  579] OBJ_pbeWithMD5AndCast5_CBC */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,            /* [  588] OBJ_dsaWithSHA1 */
+    0x2B,0x0E,0x03,0x02,0x1D,                      /* [  595] OBJ_sha1WithRSA */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,            /* [  600] OBJ_dsa */
+    0x2B,0x24,0x03,0x02,0x01,                      /* [  607] OBJ_ripemd160 */
+    0x2B,0x24,0x03,0x03,0x01,0x02,                 /* [  612] OBJ_ripemd160WithRSA */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,       /* [  618] OBJ_rc5_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,  /* [  626] OBJ_zlib_compression */
+    0x55,0x1D,0x25,                                /* [  637] OBJ_ext_key_usage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,                 /* [  640] OBJ_id_pkix */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,            /* [  646] OBJ_id_kp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,       /* [  653] OBJ_server_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,       /* [  661] OBJ_client_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,       /* [  669] OBJ_code_sign */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,       /* [  677] OBJ_email_protect */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,       /* [  685] OBJ_time_stamp */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,  /* [  693] OBJ_ms_code_ind */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,  /* [  703] OBJ_ms_code_com */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,  /* [  713] OBJ_ms_ctl_sign */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,  /* [  723] OBJ_ms_sgc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,  /* [  733] OBJ_ms_efs */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,  /* [  743] OBJ_ns_sgc */
+    0x55,0x1D,0x1B,                                /* [  752] OBJ_delta_crl */
+    0x55,0x1D,0x15,                                /* [  755] OBJ_crl_reason */
+    0x55,0x1D,0x18,                                /* [  758] OBJ_invalidity_date */
+    0x2B,0x65,0x01,0x04,0x01,                      /* [  761] OBJ_sxnet */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,  /* [  766] OBJ_pbe_WithSHA1And128BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,  /* [  776] OBJ_pbe_WithSHA1And40BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,  /* [  786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,  /* [  796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,  /* [  806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,  /* [  816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,  /* [  826] OBJ_keyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,  /* [  837] OBJ_pkcs8ShroudedKeyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,  /* [  848] OBJ_certBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,  /* [  859] OBJ_crlBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,  /* [  870] OBJ_secretBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,  /* [  881] OBJ_safeContentsBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,  /* [  892] OBJ_friendlyName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,  /* [  901] OBJ_localKeyID */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,  /* [  910] OBJ_x509Certificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,  /* [  920] OBJ_sdsiCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,  /* [  930] OBJ_x509Crl */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,  /* [  940] OBJ_pbes2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,  /* [  949] OBJ_pbmac1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,       /* [  958] OBJ_hmacWithSHA1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,       /* [  966] OBJ_id_qt_cps */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,       /* [  974] OBJ_id_qt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,  /* [  982] OBJ_SMIMECapabilities */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,  /* [  991] OBJ_pbeWithMD2AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,  /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,  /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,  /* [ 1018] OBJ_ms_ext_req */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,  /* [ 1028] OBJ_ext_req */
+    0x55,0x04,0x29,                                /* [ 1037] OBJ_name */
+    0x55,0x04,0x2E,                                /* [ 1040] OBJ_dnQualifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,            /* [ 1043] OBJ_id_pe */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,            /* [ 1050] OBJ_id_ad */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,       /* [ 1057] OBJ_info_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,       /* [ 1065] OBJ_ad_OCSP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,       /* [ 1073] OBJ_ad_ca_issuers */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,       /* [ 1081] OBJ_OCSP_sign */
+    0x2A,                                          /* [ 1089] OBJ_member_body */
+    0x2A,0x86,0x48,                                /* [ 1090] OBJ_ISO_US */
+    0x2A,0x86,0x48,0xCE,0x38,                      /* [ 1093] OBJ_X9_57 */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,                 /* [ 1098] OBJ_X9cm */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,       /* [ 1104] OBJ_pkcs1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,       /* [ 1112] OBJ_pkcs5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,  /* [ 1120] OBJ_SMIME */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,  /* [ 1129] OBJ_id_smime_mod */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,  /* [ 1139] OBJ_id_smime_ct */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,  /* [ 1149] OBJ_id_smime_aa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,  /* [ 1159] OBJ_id_smime_alg */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,  /* [ 1169] OBJ_id_smime_cd */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,  /* [ 1179] OBJ_id_smime_spq */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,  /* [ 1189] OBJ_id_smime_cti */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,  /* [ 1199] OBJ_id_smime_mod_cms */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,  /* [ 1210] OBJ_id_smime_mod_ess */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,  /* [ 1221] OBJ_id_smime_mod_oid */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,  /* [ 1232] OBJ_id_smime_mod_msg_v3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,  /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,  /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,  /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,  /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,  /* [ 1287] OBJ_id_smime_ct_receipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,  /* [ 1298] OBJ_id_smime_ct_authData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,  /* [ 1309] OBJ_id_smime_ct_publishCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,  /* [ 1320] OBJ_id_smime_ct_TSTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,  /* [ 1331] OBJ_id_smime_ct_TDTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,  /* [ 1342] OBJ_id_smime_ct_contentInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,  /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,  /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,  /* [ 1375] OBJ_id_smime_aa_receiptRequest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,  /* [ 1386] OBJ_id_smime_aa_securityLabel */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,  /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,  /* [ 1408] OBJ_id_smime_aa_contentHint */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,  /* [ 1419] OBJ_id_smime_aa_msgSigDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,  /* [ 1430] OBJ_id_smime_aa_encapContentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,  /* [ 1441] OBJ_id_smime_aa_contentIdentifier */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,  /* [ 1452] OBJ_id_smime_aa_macValue */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,  /* [ 1463] OBJ_id_smime_aa_equivalentLabels */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,  /* [ 1474] OBJ_id_smime_aa_contentReference */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,  /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,  /* [ 1496] OBJ_id_smime_aa_signingCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,  /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,  /* [ 1518] OBJ_id_smime_aa_timeStampToken */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,  /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,  /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,  /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,  /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,  /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,  /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,  /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,  /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,  /* [ 1617] OBJ_id_smime_aa_ets_certValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,  /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,  /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,  /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,  /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,  /* [ 1672] OBJ_id_smime_aa_signatureType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,  /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,  /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,  /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,  /* [ 1716] OBJ_id_smime_alg_3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,  /* [ 1727] OBJ_id_smime_alg_RC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,  /* [ 1738] OBJ_id_smime_alg_ESDH */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,  /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,  /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,  /* [ 1771] OBJ_id_smime_cd_ldap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,  /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,  /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,  /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,  /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,  /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,  /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,  /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,  /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,       /* [ 1870] OBJ_md4 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,            /* [ 1878] OBJ_id_pkix_mod */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,            /* [ 1885] OBJ_id_qt */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,            /* [ 1892] OBJ_id_it */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,            /* [ 1899] OBJ_id_pkip */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,            /* [ 1906] OBJ_id_alg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,            /* [ 1913] OBJ_id_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,            /* [ 1920] OBJ_id_on */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,            /* [ 1927] OBJ_id_pda */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,            /* [ 1934] OBJ_id_aca */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,            /* [ 1941] OBJ_id_qcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,            /* [ 1948] OBJ_id_cct */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,       /* [ 1955] OBJ_id_pkix1_explicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,       /* [ 1963] OBJ_id_pkix1_implicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,       /* [ 1971] OBJ_id_pkix1_explicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,       /* [ 1979] OBJ_id_pkix1_implicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,       /* [ 1987] OBJ_id_mod_crmf */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,       /* [ 1995] OBJ_id_mod_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,       /* [ 2003] OBJ_id_mod_kea_profile_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,       /* [ 2011] OBJ_id_mod_kea_profile_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,       /* [ 2019] OBJ_id_mod_cmp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,       /* [ 2027] OBJ_id_mod_qualified_cert_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,       /* [ 2035] OBJ_id_mod_qualified_cert_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,       /* [ 2043] OBJ_id_mod_attribute_cert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,       /* [ 2051] OBJ_id_mod_timestamp_protocol */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,       /* [ 2059] OBJ_id_mod_ocsp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,       /* [ 2067] OBJ_id_mod_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,       /* [ 2075] OBJ_id_mod_cmp2000 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,       /* [ 2083] OBJ_biometricInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,       /* [ 2091] OBJ_qcStatements */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,       /* [ 2099] OBJ_ac_auditEntity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,       /* [ 2107] OBJ_ac_targeting */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,       /* [ 2115] OBJ_aaControls */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,       /* [ 2123] OBJ_sbgp_ipAddrBlock */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,       /* [ 2131] OBJ_sbgp_autonomousSysNum */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,       /* [ 2139] OBJ_sbgp_routerIdentifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,       /* [ 2147] OBJ_textNotice */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,       /* [ 2155] OBJ_ipsecEndSystem */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,       /* [ 2163] OBJ_ipsecTunnel */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,       /* [ 2171] OBJ_ipsecUser */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,       /* [ 2179] OBJ_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,       /* [ 2187] OBJ_id_it_caProtEncCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,       /* [ 2195] OBJ_id_it_signKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,       /* [ 2203] OBJ_id_it_encKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,       /* [ 2211] OBJ_id_it_preferredSymmAlg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,       /* [ 2219] OBJ_id_it_caKeyUpdateInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,       /* [ 2227] OBJ_id_it_currentCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,       /* [ 2235] OBJ_id_it_unsupportedOIDs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,       /* [ 2243] OBJ_id_it_subscriptionRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,       /* [ 2251] OBJ_id_it_subscriptionResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,       /* [ 2259] OBJ_id_it_keyPairParamReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,       /* [ 2267] OBJ_id_it_keyPairParamRep */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,       /* [ 2275] OBJ_id_it_revPassphrase */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,       /* [ 2283] OBJ_id_it_implicitConfirm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,       /* [ 2291] OBJ_id_it_confirmWaitTime */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,       /* [ 2299] OBJ_id_it_origPKIMessage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,       /* [ 2307] OBJ_id_regCtrl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,       /* [ 2315] OBJ_id_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,  /* [ 2323] OBJ_id_regCtrl_regToken */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,  /* [ 2332] OBJ_id_regCtrl_authenticator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,  /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,  /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,  /* [ 2359] OBJ_id_regCtrl_oldCertID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,  /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,  /* [ 2377] OBJ_id_regInfo_utf8Pairs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,  /* [ 2386] OBJ_id_regInfo_certReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,       /* [ 2395] OBJ_id_alg_des40 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,       /* [ 2403] OBJ_id_alg_noSignature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,       /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,       /* [ 2419] OBJ_id_alg_dh_pop */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,       /* [ 2427] OBJ_id_cmc_statusInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,       /* [ 2435] OBJ_id_cmc_identification */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,       /* [ 2443] OBJ_id_cmc_identityProof */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,       /* [ 2451] OBJ_id_cmc_dataReturn */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,       /* [ 2459] OBJ_id_cmc_transactionId */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,       /* [ 2467] OBJ_id_cmc_senderNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,       /* [ 2475] OBJ_id_cmc_recipientNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,       /* [ 2483] OBJ_id_cmc_addExtensions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,       /* [ 2491] OBJ_id_cmc_encryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,       /* [ 2499] OBJ_id_cmc_decryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,       /* [ 2507] OBJ_id_cmc_lraPOPWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,       /* [ 2515] OBJ_id_cmc_getCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,       /* [ 2523] OBJ_id_cmc_getCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,       /* [ 2531] OBJ_id_cmc_revokeRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,       /* [ 2539] OBJ_id_cmc_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,       /* [ 2547] OBJ_id_cmc_responseInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,       /* [ 2555] OBJ_id_cmc_queryPending */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,       /* [ 2563] OBJ_id_cmc_popLinkRandom */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,       /* [ 2571] OBJ_id_cmc_popLinkWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,       /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,       /* [ 2587] OBJ_id_on_personalData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,       /* [ 2595] OBJ_id_pda_dateOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,       /* [ 2603] OBJ_id_pda_placeOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,       /* [ 2611] OBJ_id_pda_gender */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,       /* [ 2619] OBJ_id_pda_countryOfCitizenship */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,       /* [ 2627] OBJ_id_pda_countryOfResidence */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,       /* [ 2635] OBJ_id_aca_authenticationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,       /* [ 2643] OBJ_id_aca_accessIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,       /* [ 2651] OBJ_id_aca_chargingIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,       /* [ 2659] OBJ_id_aca_group */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,       /* [ 2667] OBJ_id_aca_role */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,       /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,       /* [ 2683] OBJ_id_cct_crs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,       /* [ 2691] OBJ_id_cct_PKIData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,       /* [ 2699] OBJ_id_cct_PKIResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,       /* [ 2707] OBJ_ad_timeStamping */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,       /* [ 2715] OBJ_ad_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,  /* [ 2723] OBJ_id_pkix_OCSP_basic */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,  /* [ 2732] OBJ_id_pkix_OCSP_Nonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,  /* [ 2741] OBJ_id_pkix_OCSP_CrlID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,  /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,  /* [ 2759] OBJ_id_pkix_OCSP_noCheck */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,  /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,  /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,  /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,  /* [ 2795] OBJ_id_pkix_OCSP_valid */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,  /* [ 2804] OBJ_id_pkix_OCSP_path */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,  /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */
+    0x2B,0x0E,0x03,0x02,                           /* [ 2822] OBJ_algorithm */
+    0x2B,0x0E,0x03,0x02,0x0B,                      /* [ 2826] OBJ_rsaSignature */
+    0x55,0x08,                                     /* [ 2831] OBJ_X500algorithms */
+    0x2B,                                          /* [ 2833] OBJ_org */
+    0x2B,0x06,                                     /* [ 2834] OBJ_dod */
+    0x2B,0x06,0x01,                                /* [ 2836] OBJ_iana */
+    0x2B,0x06,0x01,0x01,                           /* [ 2839] OBJ_Directory */
+    0x2B,0x06,0x01,0x02,                           /* [ 2843] OBJ_Management */
+    0x2B,0x06,0x01,0x03,                           /* [ 2847] OBJ_Experimental */
+    0x2B,0x06,0x01,0x04,                           /* [ 2851] OBJ_Private */
+    0x2B,0x06,0x01,0x05,                           /* [ 2855] OBJ_Security */
+    0x2B,0x06,0x01,0x06,                           /* [ 2859] OBJ_SNMPv2 */
+    0x2B,0x06,0x01,0x07,                           /* [ 2863] OBJ_Mail */
+    0x2B,0x06,0x01,0x04,0x01,                      /* [ 2867] OBJ_Enterprises */
+    0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,  /* [ 2872] OBJ_dcObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,  /* [ 2881] OBJ_domainComponent */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,  /* [ 2891] OBJ_Domain */
+    0x55,0x01,0x05,                                /* [ 2901] OBJ_selected_attribute_types */
+    0x55,0x01,0x05,0x37,                           /* [ 2904] OBJ_clearance */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,  /* [ 2908] OBJ_md4WithRSAEncryption */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,       /* [ 2917] OBJ_ac_proxying */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,       /* [ 2925] OBJ_sinfo_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,       /* [ 2933] OBJ_id_aca_encAttrs */
+    0x55,0x04,0x48,                                /* [ 2941] OBJ_role */
+    0x55,0x1D,0x24,                                /* [ 2944] OBJ_policy_constraints */
+    0x55,0x1D,0x37,                                /* [ 2947] OBJ_target_information */
+    0x55,0x1D,0x38,                                /* [ 2950] OBJ_no_rev_avail */
+    0x2A,0x86,0x48,0xCE,0x3D,                      /* [ 2953] OBJ_ansi_X9_62 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,            /* [ 2958] OBJ_X9_62_prime_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,            /* [ 2965] OBJ_X9_62_characteristic_two_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,            /* [ 2972] OBJ_X9_62_id_ecPublicKey */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,       /* [ 2979] OBJ_X9_62_prime192v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,       /* [ 2987] OBJ_X9_62_prime192v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,       /* [ 2995] OBJ_X9_62_prime192v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,       /* [ 3003] OBJ_X9_62_prime239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,       /* [ 3011] OBJ_X9_62_prime239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,       /* [ 3019] OBJ_X9_62_prime239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,       /* [ 3027] OBJ_X9_62_prime256v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,            /* [ 3035] OBJ_ecdsa_with_SHA1 */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,  /* [ 3042] OBJ_ms_csp_name */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,  /* [ 3051] OBJ_aes_128_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,  /* [ 3060] OBJ_aes_128_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,  /* [ 3069] OBJ_aes_128_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,  /* [ 3078] OBJ_aes_128_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,  /* [ 3087] OBJ_aes_192_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,  /* [ 3096] OBJ_aes_192_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,  /* [ 3105] OBJ_aes_192_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,  /* [ 3114] OBJ_aes_192_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,  /* [ 3123] OBJ_aes_256_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,  /* [ 3132] OBJ_aes_256_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,  /* [ 3141] OBJ_aes_256_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,  /* [ 3150] OBJ_aes_256_cfb128 */
+    0x55,0x1D,0x17,                                /* [ 3159] OBJ_hold_instruction_code */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,            /* [ 3162] OBJ_hold_instruction_none */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,            /* [ 3169] OBJ_hold_instruction_call_issuer */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,            /* [ 3176] OBJ_hold_instruction_reject */
+    0x09,                                          /* [ 3183] OBJ_data */
+    0x09,0x92,0x26,                                /* [ 3184] OBJ_pss */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,            /* [ 3187] OBJ_ucl */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,       /* [ 3194] OBJ_pilot */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,  /* [ 3202] OBJ_pilotAttributeType */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,  /* [ 3211] OBJ_pilotAttributeSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,  /* [ 3220] OBJ_pilotObjectClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,  /* [ 3229] OBJ_pilotGroups */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,  /* [ 3238] OBJ_iA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,  /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,  /* [ 3258] OBJ_pilotObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,  /* [ 3268] OBJ_pilotPerson */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,  /* [ 3278] OBJ_account */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,  /* [ 3288] OBJ_document */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,  /* [ 3298] OBJ_room */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,  /* [ 3308] OBJ_documentSeries */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,  /* [ 3318] OBJ_rFC822localPart */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,  /* [ 3328] OBJ_dNSDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,  /* [ 3338] OBJ_domainRelatedObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,  /* [ 3348] OBJ_friendlyCountry */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,  /* [ 3358] OBJ_simpleSecurityObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,  /* [ 3368] OBJ_pilotOrganization */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,  /* [ 3378] OBJ_pilotDSA */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,  /* [ 3388] OBJ_qualityLabelledData */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,  /* [ 3398] OBJ_userId */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,  /* [ 3408] OBJ_textEncodedORAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,  /* [ 3418] OBJ_rfc822Mailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,  /* [ 3428] OBJ_info */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,  /* [ 3438] OBJ_favouriteDrink */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,  /* [ 3448] OBJ_roomNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,  /* [ 3458] OBJ_photo */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,  /* [ 3468] OBJ_userClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,  /* [ 3478] OBJ_host */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,  /* [ 3488] OBJ_manager */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,  /* [ 3498] OBJ_documentIdentifier */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,  /* [ 3508] OBJ_documentTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,  /* [ 3518] OBJ_documentVersion */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,  /* [ 3528] OBJ_documentAuthor */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,  /* [ 3538] OBJ_documentLocation */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,  /* [ 3548] OBJ_homeTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,  /* [ 3558] OBJ_secretary */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,  /* [ 3568] OBJ_otherMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,  /* [ 3578] OBJ_lastModifiedTime */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,  /* [ 3588] OBJ_lastModifiedBy */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,  /* [ 3598] OBJ_aRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,  /* [ 3608] OBJ_pilotAttributeType27 */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,  /* [ 3618] OBJ_mXRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,  /* [ 3628] OBJ_nSRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,  /* [ 3638] OBJ_sOARecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,  /* [ 3648] OBJ_cNAMERecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,  /* [ 3658] OBJ_associatedDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,  /* [ 3668] OBJ_associatedName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,  /* [ 3678] OBJ_homePostalAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,  /* [ 3688] OBJ_personalTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,  /* [ 3698] OBJ_mobileTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,  /* [ 3708] OBJ_pagerTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,  /* [ 3718] OBJ_friendlyCountryName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,  /* [ 3728] OBJ_organizationalStatus */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,  /* [ 3738] OBJ_janetMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,  /* [ 3748] OBJ_mailPreferenceOption */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,  /* [ 3758] OBJ_buildingName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,  /* [ 3768] OBJ_dSAQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,  /* [ 3778] OBJ_singleLevelQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,  /* [ 3788] OBJ_subtreeMinimumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,  /* [ 3798] OBJ_subtreeMaximumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,  /* [ 3808] OBJ_personalSignature */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,  /* [ 3818] OBJ_dITRedirect */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,  /* [ 3828] OBJ_audio */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,  /* [ 3838] OBJ_documentPublisher */
+    0x55,0x04,0x2D,                                /* [ 3848] OBJ_x500UniqueIdentifier */
+    0x2B,0x06,0x01,0x07,0x01,                      /* [ 3851] OBJ_mime_mhs */
+    0x2B,0x06,0x01,0x07,0x01,0x01,                 /* [ 3856] OBJ_mime_mhs_headings */
+    0x2B,0x06,0x01,0x07,0x01,0x02,                 /* [ 3862] OBJ_mime_mhs_bodies */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x01,            /* [ 3868] OBJ_id_hex_partial_message */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x02,            /* [ 3875] OBJ_id_hex_multipart_message */
+    0x55,0x04,0x2C,                                /* [ 3882] OBJ_generationQualifier */
+    0x55,0x04,0x41,                                /* [ 3885] OBJ_pseudonym */
+    0x67,0x2A,                                     /* [ 3888] OBJ_id_set */
+    0x67,0x2A,0x00,                                /* [ 3890] OBJ_set_ctype */
+    0x67,0x2A,0x01,                                /* [ 3893] OBJ_set_msgExt */
+    0x67,0x2A,0x03,                                /* [ 3896] OBJ_set_attr */
+    0x67,0x2A,0x05,                                /* [ 3899] OBJ_set_policy */
+    0x67,0x2A,0x07,                                /* [ 3902] OBJ_set_certExt */
+    0x67,0x2A,0x08,                                /* [ 3905] OBJ_set_brand */
+    0x67,0x2A,0x00,0x00,                           /* [ 3908] OBJ_setct_PANData */
+    0x67,0x2A,0x00,0x01,                           /* [ 3912] OBJ_setct_PANToken */
+    0x67,0x2A,0x00,0x02,                           /* [ 3916] OBJ_setct_PANOnly */
+    0x67,0x2A,0x00,0x03,                           /* [ 3920] OBJ_setct_OIData */
+    0x67,0x2A,0x00,0x04,                           /* [ 3924] OBJ_setct_PI */
+    0x67,0x2A,0x00,0x05,                           /* [ 3928] OBJ_setct_PIData */
+    0x67,0x2A,0x00,0x06,                           /* [ 3932] OBJ_setct_PIDataUnsigned */
+    0x67,0x2A,0x00,0x07,                           /* [ 3936] OBJ_setct_HODInput */
+    0x67,0x2A,0x00,0x08,                           /* [ 3940] OBJ_setct_AuthResBaggage */
+    0x67,0x2A,0x00,0x09,                           /* [ 3944] OBJ_setct_AuthRevReqBaggage */
+    0x67,0x2A,0x00,0x0A,                           /* [ 3948] OBJ_setct_AuthRevResBaggage */
+    0x67,0x2A,0x00,0x0B,                           /* [ 3952] OBJ_setct_CapTokenSeq */
+    0x67,0x2A,0x00,0x0C,                           /* [ 3956] OBJ_setct_PInitResData */
+    0x67,0x2A,0x00,0x0D,                           /* [ 3960] OBJ_setct_PI_TBS */
+    0x67,0x2A,0x00,0x0E,                           /* [ 3964] OBJ_setct_PResData */
+    0x67,0x2A,0x00,0x10,                           /* [ 3968] OBJ_setct_AuthReqTBS */
+    0x67,0x2A,0x00,0x11,                           /* [ 3972] OBJ_setct_AuthResTBS */
+    0x67,0x2A,0x00,0x12,                           /* [ 3976] OBJ_setct_AuthResTBSX */
+    0x67,0x2A,0x00,0x13,                           /* [ 3980] OBJ_setct_AuthTokenTBS */
+    0x67,0x2A,0x00,0x14,                           /* [ 3984] OBJ_setct_CapTokenData */
+    0x67,0x2A,0x00,0x15,                           /* [ 3988] OBJ_setct_CapTokenTBS */
+    0x67,0x2A,0x00,0x16,                           /* [ 3992] OBJ_setct_AcqCardCodeMsg */
+    0x67,0x2A,0x00,0x17,                           /* [ 3996] OBJ_setct_AuthRevReqTBS */
+    0x67,0x2A,0x00,0x18,                           /* [ 4000] OBJ_setct_AuthRevResData */
+    0x67,0x2A,0x00,0x19,                           /* [ 4004] OBJ_setct_AuthRevResTBS */
+    0x67,0x2A,0x00,0x1A,                           /* [ 4008] OBJ_setct_CapReqTBS */
+    0x67,0x2A,0x00,0x1B,                           /* [ 4012] OBJ_setct_CapReqTBSX */
+    0x67,0x2A,0x00,0x1C,                           /* [ 4016] OBJ_setct_CapResData */
+    0x67,0x2A,0x00,0x1D,                           /* [ 4020] OBJ_setct_CapRevReqTBS */
+    0x67,0x2A,0x00,0x1E,                           /* [ 4024] OBJ_setct_CapRevReqTBSX */
+    0x67,0x2A,0x00,0x1F,                           /* [ 4028] OBJ_setct_CapRevResData */
+    0x67,0x2A,0x00,0x20,                           /* [ 4032] OBJ_setct_CredReqTBS */
+    0x67,0x2A,0x00,0x21,                           /* [ 4036] OBJ_setct_CredReqTBSX */
+    0x67,0x2A,0x00,0x22,                           /* [ 4040] OBJ_setct_CredResData */
+    0x67,0x2A,0x00,0x23,                           /* [ 4044] OBJ_setct_CredRevReqTBS */
+    0x67,0x2A,0x00,0x24,                           /* [ 4048] OBJ_setct_CredRevReqTBSX */
+    0x67,0x2A,0x00,0x25,                           /* [ 4052] OBJ_setct_CredRevResData */
+    0x67,0x2A,0x00,0x26,                           /* [ 4056] OBJ_setct_PCertReqData */
+    0x67,0x2A,0x00,0x27,                           /* [ 4060] OBJ_setct_PCertResTBS */
+    0x67,0x2A,0x00,0x28,                           /* [ 4064] OBJ_setct_BatchAdminReqData */
+    0x67,0x2A,0x00,0x29,                           /* [ 4068] OBJ_setct_BatchAdminResData */
+    0x67,0x2A,0x00,0x2A,                           /* [ 4072] OBJ_setct_CardCInitResTBS */
+    0x67,0x2A,0x00,0x2B,                           /* [ 4076] OBJ_setct_MeAqCInitResTBS */
+    0x67,0x2A,0x00,0x2C,                           /* [ 4080] OBJ_setct_RegFormResTBS */
+    0x67,0x2A,0x00,0x2D,                           /* [ 4084] OBJ_setct_CertReqData */
+    0x67,0x2A,0x00,0x2E,                           /* [ 4088] OBJ_setct_CertReqTBS */
+    0x67,0x2A,0x00,0x2F,                           /* [ 4092] OBJ_setct_CertResData */
+    0x67,0x2A,0x00,0x30,                           /* [ 4096] OBJ_setct_CertInqReqTBS */
+    0x67,0x2A,0x00,0x31,                           /* [ 4100] OBJ_setct_ErrorTBS */
+    0x67,0x2A,0x00,0x32,                           /* [ 4104] OBJ_setct_PIDualSignedTBE */
+    0x67,0x2A,0x00,0x33,                           /* [ 4108] OBJ_setct_PIUnsignedTBE */
+    0x67,0x2A,0x00,0x34,                           /* [ 4112] OBJ_setct_AuthReqTBE */
+    0x67,0x2A,0x00,0x35,                           /* [ 4116] OBJ_setct_AuthResTBE */
+    0x67,0x2A,0x00,0x36,                           /* [ 4120] OBJ_setct_AuthResTBEX */
+    0x67,0x2A,0x00,0x37,                           /* [ 4124] OBJ_setct_AuthTokenTBE */
+    0x67,0x2A,0x00,0x38,                           /* [ 4128] OBJ_setct_CapTokenTBE */
+    0x67,0x2A,0x00,0x39,                           /* [ 4132] OBJ_setct_CapTokenTBEX */
+    0x67,0x2A,0x00,0x3A,                           /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */
+    0x67,0x2A,0x00,0x3B,                           /* [ 4140] OBJ_setct_AuthRevReqTBE */
+    0x67,0x2A,0x00,0x3C,                           /* [ 4144] OBJ_setct_AuthRevResTBE */
+    0x67,0x2A,0x00,0x3D,                           /* [ 4148] OBJ_setct_AuthRevResTBEB */
+    0x67,0x2A,0x00,0x3E,                           /* [ 4152] OBJ_setct_CapReqTBE */
+    0x67,0x2A,0x00,0x3F,                           /* [ 4156] OBJ_setct_CapReqTBEX */
+    0x67,0x2A,0x00,0x40,                           /* [ 4160] OBJ_setct_CapResTBE */
+    0x67,0x2A,0x00,0x41,                           /* [ 4164] OBJ_setct_CapRevReqTBE */
+    0x67,0x2A,0x00,0x42,                           /* [ 4168] OBJ_setct_CapRevReqTBEX */
+    0x67,0x2A,0x00,0x43,                           /* [ 4172] OBJ_setct_CapRevResTBE */
+    0x67,0x2A,0x00,0x44,                           /* [ 4176] OBJ_setct_CredReqTBE */
+    0x67,0x2A,0x00,0x45,                           /* [ 4180] OBJ_setct_CredReqTBEX */
+    0x67,0x2A,0x00,0x46,                           /* [ 4184] OBJ_setct_CredResTBE */
+    0x67,0x2A,0x00,0x47,                           /* [ 4188] OBJ_setct_CredRevReqTBE */
+    0x67,0x2A,0x00,0x48,                           /* [ 4192] OBJ_setct_CredRevReqTBEX */
+    0x67,0x2A,0x00,0x49,                           /* [ 4196] OBJ_setct_CredRevResTBE */
+    0x67,0x2A,0x00,0x4A,                           /* [ 4200] OBJ_setct_BatchAdminReqTBE */
+    0x67,0x2A,0x00,0x4B,                           /* [ 4204] OBJ_setct_BatchAdminResTBE */
+    0x67,0x2A,0x00,0x4C,                           /* [ 4208] OBJ_setct_RegFormReqTBE */
+    0x67,0x2A,0x00,0x4D,                           /* [ 4212] OBJ_setct_CertReqTBE */
+    0x67,0x2A,0x00,0x4E,                           /* [ 4216] OBJ_setct_CertReqTBEX */
+    0x67,0x2A,0x00,0x4F,                           /* [ 4220] OBJ_setct_CertResTBE */
+    0x67,0x2A,0x00,0x50,                           /* [ 4224] OBJ_setct_CRLNotificationTBS */
+    0x67,0x2A,0x00,0x51,                           /* [ 4228] OBJ_setct_CRLNotificationResTBS */
+    0x67,0x2A,0x00,0x52,                           /* [ 4232] OBJ_setct_BCIDistributionTBS */
+    0x67,0x2A,0x01,0x01,                           /* [ 4236] OBJ_setext_genCrypt */
+    0x67,0x2A,0x01,0x03,                           /* [ 4240] OBJ_setext_miAuth */
+    0x67,0x2A,0x01,0x04,                           /* [ 4244] OBJ_setext_pinSecure */
+    0x67,0x2A,0x01,0x05,                           /* [ 4248] OBJ_setext_pinAny */
+    0x67,0x2A,0x01,0x07,                           /* [ 4252] OBJ_setext_track2 */
+    0x67,0x2A,0x01,0x08,                           /* [ 4256] OBJ_setext_cv */
+    0x67,0x2A,0x05,0x00,                           /* [ 4260] OBJ_set_policy_root */
+    0x67,0x2A,0x07,0x00,                           /* [ 4264] OBJ_setCext_hashedRoot */
+    0x67,0x2A,0x07,0x01,                           /* [ 4268] OBJ_setCext_certType */
+    0x67,0x2A,0x07,0x02,                           /* [ 4272] OBJ_setCext_merchData */
+    0x67,0x2A,0x07,0x03,                           /* [ 4276] OBJ_setCext_cCertRequired */
+    0x67,0x2A,0x07,0x04,                           /* [ 4280] OBJ_setCext_tunneling */
+    0x67,0x2A,0x07,0x05,                           /* [ 4284] OBJ_setCext_setExt */
+    0x67,0x2A,0x07,0x06,                           /* [ 4288] OBJ_setCext_setQualf */
+    0x67,0x2A,0x07,0x07,                           /* [ 4292] OBJ_setCext_PGWYcapabilities */
+    0x67,0x2A,0x07,0x08,                           /* [ 4296] OBJ_setCext_TokenIdentifier */
+    0x67,0x2A,0x07,0x09,                           /* [ 4300] OBJ_setCext_Track2Data */
+    0x67,0x2A,0x07,0x0A,                           /* [ 4304] OBJ_setCext_TokenType */
+    0x67,0x2A,0x07,0x0B,                           /* [ 4308] OBJ_setCext_IssuerCapabilities */
+    0x67,0x2A,0x03,0x00,                           /* [ 4312] OBJ_setAttr_Cert */
+    0x67,0x2A,0x03,0x01,                           /* [ 4316] OBJ_setAttr_PGWYcap */
+    0x67,0x2A,0x03,0x02,                           /* [ 4320] OBJ_setAttr_TokenType */
+    0x67,0x2A,0x03,0x03,                           /* [ 4324] OBJ_setAttr_IssCap */
+    0x67,0x2A,0x03,0x00,0x00,                      /* [ 4328] OBJ_set_rootKeyThumb */
+    0x67,0x2A,0x03,0x00,0x01,                      /* [ 4333] OBJ_set_addPolicy */
+    0x67,0x2A,0x03,0x02,0x01,                      /* [ 4338] OBJ_setAttr_Token_EMV */
+    0x67,0x2A,0x03,0x02,0x02,                      /* [ 4343] OBJ_setAttr_Token_B0Prime */
+    0x67,0x2A,0x03,0x03,0x03,                      /* [ 4348] OBJ_setAttr_IssCap_CVM */
+    0x67,0x2A,0x03,0x03,0x04,                      /* [ 4353] OBJ_setAttr_IssCap_T2 */
+    0x67,0x2A,0x03,0x03,0x05,                      /* [ 4358] OBJ_setAttr_IssCap_Sig */
+    0x67,0x2A,0x03,0x03,0x03,0x01,                 /* [ 4363] OBJ_setAttr_GenCryptgrm */
+    0x67,0x2A,0x03,0x03,0x04,0x01,                 /* [ 4369] OBJ_setAttr_T2Enc */
+    0x67,0x2A,0x03,0x03,0x04,0x02,                 /* [ 4375] OBJ_setAttr_T2cleartxt */
+    0x67,0x2A,0x03,0x03,0x05,0x01,                 /* [ 4381] OBJ_setAttr_TokICCsig */
+    0x67,0x2A,0x03,0x03,0x05,0x02,                 /* [ 4387] OBJ_setAttr_SecDevSig */
+    0x67,0x2A,0x08,0x01,                           /* [ 4393] OBJ_set_brand_IATA_ATA */
+    0x67,0x2A,0x08,0x1E,                           /* [ 4397] OBJ_set_brand_Diners */
+    0x67,0x2A,0x08,0x22,                           /* [ 4401] OBJ_set_brand_AmericanExpress */
+    0x67,0x2A,0x08,0x23,                           /* [ 4405] OBJ_set_brand_JCB */
+    0x67,0x2A,0x08,0x04,                           /* [ 4409] OBJ_set_brand_Visa */
+    0x67,0x2A,0x08,0x05,                           /* [ 4413] OBJ_set_brand_MasterCard */
+    0x67,0x2A,0x08,0xAE,0x7B,                      /* [ 4417] OBJ_set_brand_Novus */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,       /* [ 4422] OBJ_des_cdmf */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,  /* [ 4430] OBJ_rsaOAEPEncryptionSET */
+    0x67,                                          /* [ 4439] OBJ_international_organizations */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,  /* [ 4440] OBJ_ms_smartcard_login */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,  /* [ 4450] OBJ_ms_upn */
+    0x55,0x04,0x09,                                /* [ 4460] OBJ_streetAddress */
+    0x55,0x04,0x11,                                /* [ 4463] OBJ_postalCode */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,            /* [ 4466] OBJ_id_ppl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,       /* [ 4473] OBJ_proxyCertInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,       /* [ 4481] OBJ_id_ppl_anyLanguage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,       /* [ 4489] OBJ_id_ppl_inheritAll */
+    0x55,0x1D,0x1E,                                /* [ 4497] OBJ_name_constraints */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,       /* [ 4500] OBJ_Independent */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,  /* [ 4508] OBJ_sha256WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,  /* [ 4517] OBJ_sha384WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,  /* [ 4526] OBJ_sha512WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,  /* [ 4535] OBJ_sha224WithRSAEncryption */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,  /* [ 4544] OBJ_sha256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,  /* [ 4553] OBJ_sha384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,  /* [ 4562] OBJ_sha512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,  /* [ 4571] OBJ_sha224 */
+    0x2B,                                          /* [ 4580] OBJ_identified_organization */
+    0x2B,0x81,0x04,                                /* [ 4581] OBJ_certicom_arc */
+    0x67,0x2B,                                     /* [ 4584] OBJ_wap */
+    0x67,0x2B,0x01,                                /* [ 4586] OBJ_wap_wsg */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,       /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,  /* [ 4597] OBJ_X9_62_onBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,  /* [ 4606] OBJ_X9_62_tpBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,  /* [ 4615] OBJ_X9_62_ppBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,       /* [ 4624] OBJ_X9_62_c2pnb163v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,       /* [ 4632] OBJ_X9_62_c2pnb163v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,       /* [ 4640] OBJ_X9_62_c2pnb163v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,       /* [ 4648] OBJ_X9_62_c2pnb176v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,       /* [ 4656] OBJ_X9_62_c2tnb191v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,       /* [ 4664] OBJ_X9_62_c2tnb191v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,       /* [ 4672] OBJ_X9_62_c2tnb191v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,       /* [ 4680] OBJ_X9_62_c2onb191v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,       /* [ 4688] OBJ_X9_62_c2onb191v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,       /* [ 4696] OBJ_X9_62_c2pnb208w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,       /* [ 4704] OBJ_X9_62_c2tnb239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,       /* [ 4712] OBJ_X9_62_c2tnb239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,       /* [ 4720] OBJ_X9_62_c2tnb239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,       /* [ 4728] OBJ_X9_62_c2onb239v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,       /* [ 4736] OBJ_X9_62_c2onb239v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,       /* [ 4744] OBJ_X9_62_c2pnb272w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,       /* [ 4752] OBJ_X9_62_c2pnb304w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,       /* [ 4760] OBJ_X9_62_c2tnb359v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,       /* [ 4768] OBJ_X9_62_c2pnb368w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,       /* [ 4776] OBJ_X9_62_c2tnb431r1 */
+    0x2B,0x81,0x04,0x00,0x06,                      /* [ 4784] OBJ_secp112r1 */
+    0x2B,0x81,0x04,0x00,0x07,                      /* [ 4789] OBJ_secp112r2 */
+    0x2B,0x81,0x04,0x00,0x1C,                      /* [ 4794] OBJ_secp128r1 */
+    0x2B,0x81,0x04,0x00,0x1D,                      /* [ 4799] OBJ_secp128r2 */
+    0x2B,0x81,0x04,0x00,0x09,                      /* [ 4804] OBJ_secp160k1 */
+    0x2B,0x81,0x04,0x00,0x08,                      /* [ 4809] OBJ_secp160r1 */
+    0x2B,0x81,0x04,0x00,0x1E,                      /* [ 4814] OBJ_secp160r2 */
+    0x2B,0x81,0x04,0x00,0x1F,                      /* [ 4819] OBJ_secp192k1 */
+    0x2B,0x81,0x04,0x00,0x20,                      /* [ 4824] OBJ_secp224k1 */
+    0x2B,0x81,0x04,0x00,0x21,                      /* [ 4829] OBJ_secp224r1 */
+    0x2B,0x81,0x04,0x00,0x0A,                      /* [ 4834] OBJ_secp256k1 */
+    0x2B,0x81,0x04,0x00,0x22,                      /* [ 4839] OBJ_secp384r1 */
+    0x2B,0x81,0x04,0x00,0x23,                      /* [ 4844] OBJ_secp521r1 */
+    0x2B,0x81,0x04,0x00,0x04,                      /* [ 4849] OBJ_sect113r1 */
+    0x2B,0x81,0x04,0x00,0x05,                      /* [ 4854] OBJ_sect113r2 */
+    0x2B,0x81,0x04,0x00,0x16,                      /* [ 4859] OBJ_sect131r1 */
+    0x2B,0x81,0x04,0x00,0x17,                      /* [ 4864] OBJ_sect131r2 */
+    0x2B,0x81,0x04,0x00,0x01,                      /* [ 4869] OBJ_sect163k1 */
+    0x2B,0x81,0x04,0x00,0x02,                      /* [ 4874] OBJ_sect163r1 */
+    0x2B,0x81,0x04,0x00,0x0F,                      /* [ 4879] OBJ_sect163r2 */
+    0x2B,0x81,0x04,0x00,0x18,                      /* [ 4884] OBJ_sect193r1 */
+    0x2B,0x81,0x04,0x00,0x19,                      /* [ 4889] OBJ_sect193r2 */
+    0x2B,0x81,0x04,0x00,0x1A,                      /* [ 4894] OBJ_sect233k1 */
+    0x2B,0x81,0x04,0x00,0x1B,                      /* [ 4899] OBJ_sect233r1 */
+    0x2B,0x81,0x04,0x00,0x03,                      /* [ 4904] OBJ_sect239k1 */
+    0x2B,0x81,0x04,0x00,0x10,                      /* [ 4909] OBJ_sect283k1 */
+    0x2B,0x81,0x04,0x00,0x11,                      /* [ 4914] OBJ_sect283r1 */
+    0x2B,0x81,0x04,0x00,0x24,                      /* [ 4919] OBJ_sect409k1 */
+    0x2B,0x81,0x04,0x00,0x25,                      /* [ 4924] OBJ_sect409r1 */
+    0x2B,0x81,0x04,0x00,0x26,                      /* [ 4929] OBJ_sect571k1 */
+    0x2B,0x81,0x04,0x00,0x27,                      /* [ 4934] OBJ_sect571r1 */
+    0x67,0x2B,0x01,0x04,0x01,                      /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */
+    0x67,0x2B,0x01,0x04,0x03,                      /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */
+    0x67,0x2B,0x01,0x04,0x04,                      /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */
+    0x67,0x2B,0x01,0x04,0x05,                      /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */
+    0x67,0x2B,0x01,0x04,0x06,                      /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */
+    0x67,0x2B,0x01,0x04,0x07,                      /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */
+    0x67,0x2B,0x01,0x04,0x08,                      /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */
+    0x67,0x2B,0x01,0x04,0x09,                      /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */
+    0x67,0x2B,0x01,0x04,0x0A,                      /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */
+    0x67,0x2B,0x01,0x04,0x0B,                      /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */
+    0x67,0x2B,0x01,0x04,0x0C,                      /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */
+    0x55,0x1D,0x20,0x00,                           /* [ 4994] OBJ_any_policy */
+    0x55,0x1D,0x21,                                /* [ 4998] OBJ_policy_mappings */
+    0x55,0x1D,0x36,                                /* [ 5001] OBJ_inhibit_any_policy */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,  /* [ 5004] OBJ_camellia_128_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,  /* [ 5015] OBJ_camellia_192_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,  /* [ 5026] OBJ_camellia_256_cbc */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,       /* [ 5037] OBJ_camellia_128_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,       /* [ 5045] OBJ_camellia_192_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,       /* [ 5053] OBJ_camellia_256_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,       /* [ 5061] OBJ_camellia_128_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,       /* [ 5069] OBJ_camellia_192_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,       /* [ 5077] OBJ_camellia_256_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,       /* [ 5085] OBJ_camellia_128_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,       /* [ 5093] OBJ_camellia_192_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,       /* [ 5101] OBJ_camellia_256_ofb128 */
+    0x55,0x1D,0x09,                                /* [ 5109] OBJ_subject_directory_attributes */
+    0x55,0x1D,0x1C,                                /* [ 5112] OBJ_issuing_distribution_point */
+    0x55,0x1D,0x1D,                                /* [ 5115] OBJ_certificate_issuer */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,                 /* [ 5118] OBJ_kisa */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,       /* [ 5124] OBJ_seed_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,       /* [ 5132] OBJ_seed_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,       /* [ 5140] OBJ_seed_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,       /* [ 5148] OBJ_seed_cfb128 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,       /* [ 5156] OBJ_hmac_md5 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,       /* [ 5164] OBJ_hmac_sha1 */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,  /* [ 5172] OBJ_id_PasswordBasedMAC */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,  /* [ 5181] OBJ_id_DHBasedMac */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,       /* [ 5190] OBJ_id_it_suppLangTags */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,       /* [ 5198] OBJ_caRepository */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,  /* [ 5206] OBJ_id_smime_ct_compressedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,  /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,  /* [ 5228] OBJ_id_aes128_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,  /* [ 5237] OBJ_id_aes192_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,  /* [ 5246] OBJ_id_aes256_wrap */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,            /* [ 5255] OBJ_ecdsa_with_Recommended */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,            /* [ 5262] OBJ_ecdsa_with_Specified */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,       /* [ 5269] OBJ_ecdsa_with_SHA224 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,       /* [ 5277] OBJ_ecdsa_with_SHA256 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,       /* [ 5285] OBJ_ecdsa_with_SHA384 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,       /* [ 5293] OBJ_ecdsa_with_SHA512 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,       /* [ 5301] OBJ_hmacWithMD5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,       /* [ 5309] OBJ_hmacWithSHA224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,       /* [ 5317] OBJ_hmacWithSHA256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,       /* [ 5325] OBJ_hmacWithSHA384 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,       /* [ 5333] OBJ_hmacWithSHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,  /* [ 5341] OBJ_dsa_with_SHA224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,  /* [ 5350] OBJ_dsa_with_SHA256 */
+    0x28,0xCF,0x06,0x03,0x00,0x37,                 /* [ 5359] OBJ_whirlpool */
+    0x2A,0x85,0x03,0x02,0x02,                      /* [ 5365] OBJ_cryptopro */
+    0x2A,0x85,0x03,0x02,0x09,                      /* [ 5370] OBJ_cryptocom */
+    0x2A,0x85,0x03,0x02,0x02,0x03,                 /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x04,                 /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x09,                 /* [ 5387] OBJ_id_GostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x0A,                 /* [ 5393] OBJ_id_HMACGostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x13,                 /* [ 5399] OBJ_id_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x14,                 /* [ 5405] OBJ_id_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x15,                 /* [ 5411] OBJ_id_Gost28147_89 */
+    0x2A,0x85,0x03,0x02,0x02,0x16,                 /* [ 5417] OBJ_id_Gost28147_89_MAC */
+    0x2A,0x85,0x03,0x02,0x02,0x17,                 /* [ 5423] OBJ_id_GostR3411_94_prf */
+    0x2A,0x85,0x03,0x02,0x02,0x62,                 /* [ 5429] OBJ_id_GostR3410_2001DH */
+    0x2A,0x85,0x03,0x02,0x02,0x63,                 /* [ 5435] OBJ_id_GostR3410_94DH */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,            /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,            /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,            /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,            /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,            /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,            /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,            /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,            /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,            /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,            /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,            /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,            /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x00,            /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x02,            /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x03,            /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x04,            /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x05,            /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x01,            /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x02,            /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x03,            /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x00,            /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x01,            /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x02,            /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x03,            /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x00,            /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x01,            /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x01,            /* [ 5623] OBJ_id_GostR3410_94_a */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x02,            /* [ 5630] OBJ_id_GostR3410_94_aBis */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x03,            /* [ 5637] OBJ_id_GostR3410_94_b */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x04,            /* [ 5644] OBJ_id_GostR3410_94_bBis */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,       /* [ 5651] OBJ_id_Gost28147_89_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,       /* [ 5659] OBJ_id_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,       /* [ 5667] OBJ_id_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,       /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,       /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,       /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,  /* [ 5699] OBJ_LocalKeySet */
+    0x55,0x1D,0x2E,                                /* [ 5708] OBJ_freshest_crl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,       /* [ 5711] OBJ_id_on_permanentIdentifier */
+    0x55,0x04,0x0E,                                /* [ 5719] OBJ_searchGuide */
+    0x55,0x04,0x0F,                                /* [ 5722] OBJ_businessCategory */
+    0x55,0x04,0x10,                                /* [ 5725] OBJ_postalAddress */
+    0x55,0x04,0x12,                                /* [ 5728] OBJ_postOfficeBox */
+    0x55,0x04,0x13,                                /* [ 5731] OBJ_physicalDeliveryOfficeName */
+    0x55,0x04,0x14,                                /* [ 5734] OBJ_telephoneNumber */
+    0x55,0x04,0x15,                                /* [ 5737] OBJ_telexNumber */
+    0x55,0x04,0x16,                                /* [ 5740] OBJ_teletexTerminalIdentifier */
+    0x55,0x04,0x17,                                /* [ 5743] OBJ_facsimileTelephoneNumber */
+    0x55,0x04,0x18,                                /* [ 5746] OBJ_x121Address */
+    0x55,0x04,0x19,                                /* [ 5749] OBJ_internationaliSDNNumber */
+    0x55,0x04,0x1A,                                /* [ 5752] OBJ_registeredAddress */
+    0x55,0x04,0x1B,                                /* [ 5755] OBJ_destinationIndicator */
+    0x55,0x04,0x1C,                                /* [ 5758] OBJ_preferredDeliveryMethod */
+    0x55,0x04,0x1D,                                /* [ 5761] OBJ_presentationAddress */
+    0x55,0x04,0x1E,                                /* [ 5764] OBJ_supportedApplicationContext */
+    0x55,0x04,0x1F,                                /* [ 5767] OBJ_member */
+    0x55,0x04,0x20,                                /* [ 5770] OBJ_owner */
+    0x55,0x04,0x21,                                /* [ 5773] OBJ_roleOccupant */
+    0x55,0x04,0x22,                                /* [ 5776] OBJ_seeAlso */
+    0x55,0x04,0x23,                                /* [ 5779] OBJ_userPassword */
+    0x55,0x04,0x24,                                /* [ 5782] OBJ_userCertificate */
+    0x55,0x04,0x25,                                /* [ 5785] OBJ_cACertificate */
+    0x55,0x04,0x26,                                /* [ 5788] OBJ_authorityRevocationList */
+    0x55,0x04,0x27,                                /* [ 5791] OBJ_certificateRevocationList */
+    0x55,0x04,0x28,                                /* [ 5794] OBJ_crossCertificatePair */
+    0x55,0x04,0x2F,                                /* [ 5797] OBJ_enhancedSearchGuide */
+    0x55,0x04,0x30,                                /* [ 5800] OBJ_protocolInformation */
+    0x55,0x04,0x31,                                /* [ 5803] OBJ_distinguishedName */
+    0x55,0x04,0x32,                                /* [ 5806] OBJ_uniqueMember */
+    0x55,0x04,0x33,                                /* [ 5809] OBJ_houseIdentifier */
+    0x55,0x04,0x34,                                /* [ 5812] OBJ_supportedAlgorithms */
+    0x55,0x04,0x35,                                /* [ 5815] OBJ_deltaRevocationList */
+    0x55,0x04,0x36,                                /* [ 5818] OBJ_dmdName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,  /* [ 5821] OBJ_id_alg_PWRI_KEK */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,  /* [ 5832] OBJ_aes_128_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,  /* [ 5841] OBJ_aes_128_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,  /* [ 5850] OBJ_id_aes128_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,  /* [ 5859] OBJ_aes_192_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,  /* [ 5868] OBJ_aes_192_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,  /* [ 5877] OBJ_id_aes192_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,  /* [ 5886] OBJ_aes_256_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,  /* [ 5895] OBJ_aes_256_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,  /* [ 5904] OBJ_id_aes256_wrap_pad */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,  /* [ 5913] OBJ_id_camellia128_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,  /* [ 5924] OBJ_id_camellia192_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,  /* [ 5935] OBJ_id_camellia256_wrap */
+    0x55,0x1D,0x25,0x00,                           /* [ 5946] OBJ_anyExtendedKeyUsage */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,  /* [ 5950] OBJ_mgf1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,  /* [ 5959] OBJ_rsassaPss */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5968] OBJ_rsaesOaep */
+    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5977] OBJ_dhpublicnumber */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 5984] OBJ_brainpoolP160r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 5993] OBJ_brainpoolP160t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6002] OBJ_brainpoolP192r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6011] OBJ_brainpoolP192t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6020] OBJ_brainpoolP224r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6029] OBJ_brainpoolP224t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6038] OBJ_brainpoolP256r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6047] OBJ_brainpoolP256t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6056] OBJ_brainpoolP320r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6065] OBJ_brainpoolP320t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6074] OBJ_brainpoolP384r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6083] OBJ_brainpoolP384t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6092] OBJ_brainpoolP512r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6101] OBJ_brainpoolP512t1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6110] OBJ_pSpecified */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6185] OBJ_ct_precert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6195] OBJ_ct_precert_poison */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6205] OBJ_ct_precert_signer */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6215] OBJ_ct_cert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6225] OBJ_jurisdictionLocalityName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6236] OBJ_jurisdictionStateOrProvinceName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6247] OBJ_jurisdictionCountryName */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6258] OBJ_camellia_128_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6266] OBJ_camellia_128_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6274] OBJ_camellia_128_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6282] OBJ_camellia_128_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6290] OBJ_camellia_192_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6298] OBJ_camellia_192_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6306] OBJ_camellia_192_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6314] OBJ_camellia_192_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6322] OBJ_camellia_256_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6330] OBJ_camellia_256_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6338] OBJ_camellia_256_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6346] OBJ_camellia_256_cmac */
+    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6354] OBJ_id_scrypt */
+    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6363] OBJ_id_tc26 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6368] OBJ_id_tc26_algorithms */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6374] OBJ_id_tc26_sign */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6381] OBJ_id_GostR3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6389] OBJ_id_GostR3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6397] OBJ_id_tc26_digest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6404] OBJ_id_GostR3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6412] OBJ_id_GostR3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6420] OBJ_id_tc26_signwithdigest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6443] OBJ_id_tc26_mac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6466] OBJ_id_tc26_cipher */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6473] OBJ_id_tc26_agreement */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6496] OBJ_id_tc26_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6502] OBJ_id_tc26_sign_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6544] OBJ_id_tc26_digest_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6551] OBJ_id_tc26_cipher_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6558] OBJ_id_tc26_gost_28147_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */
+    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6575] OBJ_INN */
+    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6583] OBJ_OGRN */
+    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6588] OBJ_SNILS */
+    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6593] OBJ_subjectSignTool */
+    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6598] OBJ_issuerSignTool */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6603] OBJ_tlsfeature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6611] OBJ_ipsec_IKE */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6619] OBJ_capwapAC */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6627] OBJ_capwapWTP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6635] OBJ_sshClient */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6643] OBJ_sshServer */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6651] OBJ_sendRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6659] OBJ_sendProxiedRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6667] OBJ_sendOwner */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6675] OBJ_sendProxiedOwner */
+    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6683] OBJ_id_pkinit */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6689] OBJ_pkInitClientAuth */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6696] OBJ_pkInitKDC */
+    0x2B,0x65,0x6E,                                /* [ 6703] OBJ_X25519 */
+    0x2B,0x65,0x6F,                                /* [ 6706] OBJ_X448 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6709] OBJ_blake2b512 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6720] OBJ_blake2s256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6731] OBJ_id_smime_ct_contentCollection */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6753] OBJ_id_ct_xml */
+};
+
+#define NUM_NID 1061
+static const ASN1_OBJECT nid_objs[NUM_NID] = {
+    {"UNDEF", "undefined", NID_undef},
+    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
+    {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]},
+    {"MD2", "md2", NID_md2, 8, &so[13]},
+    {"MD5", "md5", NID_md5, 8, &so[21]},
+    {"RC4", "rc4", NID_rc4, 8, &so[29]},
+    {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]},
+    {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]},
+    {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]},
+    {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]},
+    {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]},
+    {"X500", "directory services (X.500)", NID_X500, 1, &so[82]},
+    {"X509", "X509", NID_X509, 2, &so[83]},
+    {"CN", "commonName", NID_commonName, 3, &so[85]},
+    {"C", "countryName", NID_countryName, 3, &so[88]},
+    {"L", "localityName", NID_localityName, 3, &so[91]},
+    {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]},
+    {"O", "organizationName", NID_organizationName, 3, &so[97]},
+    {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]},
+    {"RSA", "rsa", NID_rsa, 4, &so[103]},
+    {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]},
+    {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]},
+    {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]},
+    {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]},
+    {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]},
+    {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]},
+    {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]},
+    {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]},
+    {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]},
+    {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]},
+    {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]},
+    {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]},
+    {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]},
+    {"DES-EDE3", "des-ede3", NID_des_ede3_ecb},
+    {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]},
+    {"IDEA-CFB", "idea-cfb", NID_idea_cfb64},
+    {"IDEA-ECB", "idea-ecb", NID_idea_ecb},
+    {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]},
+    {"RC2-ECB", "rc2-ecb", NID_rc2_ecb},
+    {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64},
+    {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64},
+    {"SHA", "sha", NID_sha, 5, &so[225]},
+    {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]},
+    {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc},
+    {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]},
+    {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]},
+    {"IDEA-OFB", "idea-ofb", NID_idea_ofb64},
+    {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]},
+    {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]},
+    {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]},
+    {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]},
+    {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]},
+    {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]},
+    {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]},
+    {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]},
+    {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]},
+    {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]},
+    {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]},
+    {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]},
+    {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]},
+    {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64},
+    {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64},
+    {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64},
+    {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64},
+    {"SHA1", "sha1", NID_sha1, 5, &so[360]},
+    {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]},
+    {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]},
+    {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]},
+    {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]},
+    {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]},
+    {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]},
+    {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]},
+    {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]},
+    {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]},
+    {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]},
+    {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]},
+    {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]},
+    {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]},
+    {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]},
+    {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]},
+    {"DESX-CBC", "desx-cbc", NID_desx_cbc},
+    {"id-ce", "id-ce", NID_id_ce, 2, &so[488]},
+    {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]},
+    {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]},
+    {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]},
+    {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]},
+    {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]},
+    {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]},
+    {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]},
+    {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]},
+    {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]},
+    {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]},
+    {"BF-ECB", "bf-ecb", NID_bf_ecb},
+    {"BF-CFB", "bf-cfb", NID_bf_cfb64},
+    {"BF-OFB", "bf-ofb", NID_bf_ofb64},
+    {"MDC2", "mdc2", NID_mdc2, 4, &so[526]},
+    {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]},
+    {"RC4-40", "rc4-40", NID_rc4_40},
+    {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc},
+    {"GN", "givenName", NID_givenName, 3, &so[534]},
+    {"SN", "surname", NID_surname, 3, &so[537]},
+    {"initials", "initials", NID_initials, 3, &so[540]},
+    {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]},
+    {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]},
+    {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]},
+    {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]},
+    {"title", "title", NID_title, 3, &so[564]},
+    {"description", "description", NID_description, 3, &so[567]},
+    {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]},
+    {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb},
+    {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64},
+    {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64},
+    {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]},
+    {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]},
+    {"MD5-SHA1", "md5-sha1", NID_md5_sha1},
+    {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]},
+    {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]},
+    {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]},
+    { NULL, NULL, NID_undef },
+    {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]},
+    {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]},
+    {"RC5-ECB", "rc5-ecb", NID_rc5_ecb},
+    {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64},
+    {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64},
+    { NULL, NULL, NID_undef },
+    {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]},
+    {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]},
+    {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]},
+    {"id-kp", "id-kp", NID_id_kp, 7, &so[646]},
+    {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]},
+    {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]},
+    {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]},
+    {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]},
+    {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]},
+    {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]},
+    {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]},
+    {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]},
+    {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]},
+    {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]},
+    {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]},
+    {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]},
+    {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]},
+    {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]},
+    {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]},
+    {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]},
+    {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]},
+    {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]},
+    {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]},
+    {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]},
+    {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]},
+    {"keyBag", "keyBag", NID_keyBag, 11, &so[826]},
+    {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]},
+    {"certBag", "certBag", NID_certBag, 11, &so[848]},
+    {"crlBag", "crlBag", NID_crlBag, 11, &so[859]},
+    {"secretBag", "secretBag", NID_secretBag, 11, &so[870]},
+    {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]},
+    {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]},
+    {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]},
+    {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]},
+    {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]},
+    {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]},
+    {"PBES2", "PBES2", NID_pbes2, 9, &so[940]},
+    {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]},
+    {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]},
+    {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]},
+    {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]},
+    {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc},
+    {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]},
+    {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]},
+    {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]},
+    {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]},
+    {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]},
+    {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]},
+    {"name", "name", NID_name, 3, &so[1037]},
+    {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]},
+    {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]},
+    {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]},
+    {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]},
+    {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]},
+    {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]},
+    {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]},
+    {"ISO", "iso", NID_iso},
+    {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]},
+    {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]},
+    {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]},
+    {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]},
+    {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]},
+    {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]},
+    {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]},
+    {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]},
+    {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]},
+    {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]},
+    {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]},
+    {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]},
+    {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]},
+    {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]},
+    {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]},
+    {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]},
+    {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]},
+    {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]},
+    {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]},
+    {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]},
+    {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]},
+    {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]},
+    {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]},
+    {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]},
+    {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]},
+    {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]},
+    {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]},
+    {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]},
+    {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]},
+    {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]},
+    {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]},
+    {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]},
+    {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]},
+    {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]},
+    {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]},
+    {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]},
+    {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]},
+    {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]},
+    {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]},
+    {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]},
+    {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]},
+    {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]},
+    {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]},
+    {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]},
+    {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]},
+    {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]},
+    {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]},
+    {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]},
+    {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]},
+    {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]},
+    {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]},
+    {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]},
+    {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]},
+    {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]},
+    {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]},
+    {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]},
+    {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]},
+    {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]},
+    {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]},
+    {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]},
+    {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]},
+    {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]},
+    {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]},
+    {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]},
+    {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]},
+    {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]},
+    {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]},
+    {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]},
+    {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]},
+    {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]},
+    {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]},
+    {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]},
+    {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]},
+    {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]},
+    {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]},
+    {"MD4", "md4", NID_md4, 8, &so[1870]},
+    {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]},
+    {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]},
+    {"id-it", "id-it", NID_id_it, 7, &so[1892]},
+    {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]},
+    {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]},
+    {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]},
+    {"id-on", "id-on", NID_id_on, 7, &so[1920]},
+    {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]},
+    {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]},
+    {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]},
+    {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]},
+    {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]},
+    {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]},
+    {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]},
+    {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]},
+    {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]},
+    {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]},
+    {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]},
+    {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]},
+    {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]},
+    {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]},
+    {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]},
+    {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]},
+    {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]},
+    {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]},
+    {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]},
+    {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]},
+    {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]},
+    {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]},
+    {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]},
+    {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]},
+    {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]},
+    {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]},
+    {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]},
+    {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]},
+    {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]},
+    {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]},
+    {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]},
+    {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]},
+    {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]},
+    {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]},
+    {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]},
+    {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]},
+    {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]},
+    {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]},
+    {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]},
+    {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]},
+    {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]},
+    {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]},
+    {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]},
+    {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]},
+    {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]},
+    {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]},
+    {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]},
+    {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]},
+    {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]},
+    {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]},
+    {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]},
+    {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]},
+    {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]},
+    {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]},
+    {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]},
+    {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]},
+    {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]},
+    {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]},
+    {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]},
+    {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]},
+    {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]},
+    {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]},
+    {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]},
+    {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]},
+    {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]},
+    {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]},
+    {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]},
+    {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]},
+    {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]},
+    {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]},
+    {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]},
+    {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]},
+    {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]},
+    {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]},
+    {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]},
+    {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]},
+    {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]},
+    {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]},
+    {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]},
+    {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]},
+    {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]},
+    {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]},
+    {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]},
+    {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]},
+    {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]},
+    { NULL, NULL, NID_undef },
+    {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]},
+    {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]},
+    {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]},
+    {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]},
+    {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]},
+    {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]},
+    {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]},
+    {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]},
+    {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]},
+    {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]},
+    {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]},
+    {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]},
+    {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]},
+    {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]},
+    {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]},
+    {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]},
+    {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]},
+    {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]},
+    {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]},
+    {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]},
+    {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]},
+    {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]},
+    {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]},
+    {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]},
+    {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]},
+    {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]},
+    {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]},
+    {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]},
+    {"ORG", "org", NID_org, 1, &so[2833]},
+    {"DOD", "dod", NID_dod, 2, &so[2834]},
+    {"IANA", "iana", NID_iana, 3, &so[2836]},
+    {"directory", "Directory", NID_Directory, 4, &so[2839]},
+    {"mgmt", "Management", NID_Management, 4, &so[2843]},
+    {"experimental", "Experimental", NID_Experimental, 4, &so[2847]},
+    {"private", "Private", NID_Private, 4, &so[2851]},
+    {"security", "Security", NID_Security, 4, &so[2855]},
+    {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]},
+    {"Mail", "Mail", NID_Mail, 4, &so[2863]},
+    {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]},
+    {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]},
+    {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]},
+    {"domain", "Domain", NID_Domain, 10, &so[2891]},
+    {"NULL", "NULL", NID_joint_iso_ccitt},
+    {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]},
+    {"clearance", "clearance", NID_clearance, 4, &so[2904]},
+    {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]},
+    {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]},
+    {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]},
+    {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]},
+    {"role", "role", NID_role, 3, &so[2941]},
+    {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]},
+    {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]},
+    {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]},
+    {"NULL", "NULL", NID_ccitt},
+    {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]},
+    {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]},
+    {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]},
+    {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]},
+    {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]},
+    {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]},
+    {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]},
+    {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]},
+    {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]},
+    {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]},
+    {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]},
+    {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]},
+    {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]},
+    {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]},
+    {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]},
+    {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]},
+    {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]},
+    {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]},
+    {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]},
+    {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]},
+    {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]},
+    {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]},
+    {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
+    {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]},
+    {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]},
+    {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]},
+    {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]},
+    {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]},
+    {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]},
+    {"data", "data", NID_data, 1, &so[3183]},
+    {"pss", "pss", NID_pss, 3, &so[3184]},
+    {"ucl", "ucl", NID_ucl, 7, &so[3187]},
+    {"pilot", "pilot", NID_pilot, 8, &so[3194]},
+    {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]},
+    {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]},
+    {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]},
+    {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]},
+    {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]},
+    {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]},
+    {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]},
+    {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]},
+    {"account", "account", NID_account, 10, &so[3278]},
+    {"document", "document", NID_document, 10, &so[3288]},
+    {"room", "room", NID_room, 10, &so[3298]},
+    {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]},
+    {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]},
+    {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]},
+    {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]},
+    {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]},
+    {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]},
+    {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]},
+    {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]},
+    {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]},
+    {"UID", "userId", NID_userId, 10, &so[3398]},
+    {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]},
+    {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]},
+    {"info", "info", NID_info, 10, &so[3428]},
+    {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]},
+    {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]},
+    {"photo", "photo", NID_photo, 10, &so[3458]},
+    {"userClass", "userClass", NID_userClass, 10, &so[3468]},
+    {"host", "host", NID_host, 10, &so[3478]},
+    {"manager", "manager", NID_manager, 10, &so[3488]},
+    {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]},
+    {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]},
+    {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]},
+    {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]},
+    {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]},
+    {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]},
+    {"secretary", "secretary", NID_secretary, 10, &so[3558]},
+    {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]},
+    {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]},
+    {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]},
+    {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]},
+    {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]},
+    {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]},
+    {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]},
+    {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]},
+    {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]},
+    {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]},
+    {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]},
+    {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]},
+    {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]},
+    {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]},
+    {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]},
+    {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]},
+    {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]},
+    {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]},
+    {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]},
+    {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]},
+    {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]},
+    {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]},
+    {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]},
+    {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]},
+    {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]},
+    {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]},
+    {"audio", "audio", NID_audio, 10, &so[3828]},
+    {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]},
+    {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]},
+    {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]},
+    {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]},
+    {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]},
+    {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]},
+    {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]},
+    {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]},
+    {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]},
+    { NULL, NULL, NID_undef },
+    {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]},
+    {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]},
+    {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]},
+    {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]},
+    {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]},
+    {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]},
+    {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]},
+    {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]},
+    {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]},
+    {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]},
+    {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]},
+    {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]},
+    {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]},
+    {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]},
+    {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]},
+    {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]},
+    {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]},
+    {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]},
+    {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]},
+    {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]},
+    {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]},
+    {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]},
+    {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]},
+    {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]},
+    {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]},
+    {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]},
+    {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]},
+    {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]},
+    {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]},
+    {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]},
+    {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]},
+    {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]},
+    {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]},
+    {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]},
+    {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]},
+    {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]},
+    {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]},
+    {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]},
+    {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]},
+    {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]},
+    {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]},
+    {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]},
+    {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]},
+    {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]},
+    {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]},
+    {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]},
+    {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]},
+    {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]},
+    {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]},
+    {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]},
+    {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]},
+    {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]},
+    {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]},
+    {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]},
+    {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]},
+    {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]},
+    {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]},
+    {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]},
+    {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]},
+    {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]},
+    {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]},
+    {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]},
+    {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]},
+    {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]},
+    {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]},
+    {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]},
+    {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]},
+    {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]},
+    {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]},
+    {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]},
+    {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]},
+    {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]},
+    {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]},
+    {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]},
+    {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]},
+    {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]},
+    {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]},
+    {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]},
+    {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]},
+    {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]},
+    {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]},
+    {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]},
+    {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]},
+    {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]},
+    {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]},
+    {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]},
+    {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]},
+    {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]},
+    {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]},
+    {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]},
+    {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]},
+    {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]},
+    {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]},
+    {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]},
+    {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]},
+    {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]},
+    {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]},
+    {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]},
+    {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]},
+    {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]},
+    {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]},
+    {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]},
+    {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]},
+    {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]},
+    {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]},
+    {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]},
+    {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]},
+    {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]},
+    {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]},
+    {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]},
+    {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]},
+    {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]},
+    {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]},
+    {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]},
+    {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]},
+    {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]},
+    {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]},
+    {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]},
+    {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]},
+    {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]},
+    {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]},
+    {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]},
+    {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]},
+    {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]},
+    {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]},
+    {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]},
+    {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]},
+    {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]},
+    {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]},
+    {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]},
+    {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]},
+    {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]},
+    {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]},
+    {"ITU-T", "itu-t", NID_itu_t},
+    {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
+    {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
+    {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]},
+    {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]},
+    {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
+    {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
+    {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
+    {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8},
+    {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8},
+    {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8},
+    {"DES-CFB1", "des-cfb1", NID_des_cfb1},
+    {"DES-CFB8", "des-cfb8", NID_des_cfb8},
+    {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1},
+    {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8},
+    {"street", "streetAddress", NID_streetAddress, 3, &so[4460]},
+    {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]},
+    {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]},
+    {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]},
+    {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]},
+    {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]},
+    {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]},
+    {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]},
+    {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]},
+    {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]},
+    {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]},
+    {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]},
+    {"SHA256", "sha256", NID_sha256, 9, &so[4544]},
+    {"SHA384", "sha384", NID_sha384, 9, &so[4553]},
+    {"SHA512", "sha512", NID_sha512, 9, &so[4562]},
+    {"SHA224", "sha224", NID_sha224, 9, &so[4571]},
+    {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]},
+    {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]},
+    {"wap", "wap", NID_wap, 2, &so[4584]},
+    {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]},
+    {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]},
+    {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]},
+    {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]},
+    {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]},
+    {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]},
+    {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]},
+    {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]},
+    {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]},
+    {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]},
+    {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]},
+    {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]},
+    {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]},
+    {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]},
+    {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]},
+    {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]},
+    {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]},
+    {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]},
+    {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]},
+    {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]},
+    {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]},
+    {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]},
+    {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]},
+    {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]},
+    {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]},
+    {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]},
+    {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]},
+    {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]},
+    {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]},
+    {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]},
+    {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]},
+    {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]},
+    {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]},
+    {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]},
+    {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]},
+    {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]},
+    {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]},
+    {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]},
+    {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]},
+    {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]},
+    {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]},
+    {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]},
+    {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]},
+    {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]},
+    {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]},
+    {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]},
+    {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]},
+    {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]},
+    {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]},
+    {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]},
+    {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]},
+    {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]},
+    {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]},
+    {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]},
+    {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]},
+    {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]},
+    {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]},
+    {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]},
+    {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]},
+    {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]},
+    {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]},
+    {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]},
+    {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]},
+    {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]},
+    {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]},
+    {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]},
+    {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]},
+    {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]},
+    {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]},
+    {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]},
+    {"Oakley-EC2N-3", "ipsec3", NID_ipsec3},
+    {"Oakley-EC2N-4", "ipsec4", NID_ipsec4},
+    {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]},
+    {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]},
+    {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]},
+    {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]},
+    {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]},
+    {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]},
+    {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]},
+    {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]},
+    {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]},
+    {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1},
+    {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1},
+    {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1},
+    {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8},
+    {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8},
+    {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8},
+    {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]},
+    {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]},
+    {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]},
+    {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]},
+    {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]},
+    {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]},
+    { NULL, NULL, NID_undef },
+    {"KISA", "kisa", NID_kisa, 6, &so[5118]},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]},
+    {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]},
+    {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]},
+    {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]},
+    {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]},
+    {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]},
+    {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]},
+    {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]},
+    {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]},
+    {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]},
+    {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]},
+    {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]},
+    {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]},
+    {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]},
+    {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]},
+    {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]},
+    {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]},
+    {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]},
+    {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]},
+    {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]},
+    {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]},
+    {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]},
+    {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]},
+    {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]},
+    {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]},
+    {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]},
+    {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]},
+    {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]},
+    {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]},
+    {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]},
+    {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]},
+    {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]},
+    {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]},
+    {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]},
+    {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]},
+    {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]},
+    {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]},
+    {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]},
+    {"gost89-cnt", "gost89-cnt", NID_gost89_cnt},
+    {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]},
+    {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]},
+    {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]},
+    {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]},
+    {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]},
+    {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]},
+    {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]},
+    {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]},
+    {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]},
+    {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]},
+    {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]},
+    {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]},
+    {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]},
+    {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]},
+    {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]},
+    {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]},
+    {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]},
+    {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]},
+    {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]},
+    {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]},
+    {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]},
+    {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]},
+    {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]},
+    {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]},
+    {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]},
+    {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]},
+    {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]},
+    {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]},
+    {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]},
+    {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]},
+    {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]},
+    {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]},
+    {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]},
+    {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]},
+    {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]},
+    {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]},
+    {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]},
+    {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]},
+    {"HMAC", "hmac", NID_hmac},
+    {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]},
+    {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]},
+    {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]},
+    {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]},
+    {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]},
+    {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]},
+    {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]},
+    {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]},
+    {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]},
+    {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]},
+    {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]},
+    {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]},
+    {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]},
+    {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]},
+    {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]},
+    {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]},
+    {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]},
+    {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]},
+    {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]},
+    {"member", "member", NID_member, 3, &so[5767]},
+    {"owner", "owner", NID_owner, 3, &so[5770]},
+    {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]},
+    {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]},
+    {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]},
+    {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]},
+    {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]},
+    {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]},
+    {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]},
+    {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]},
+    {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]},
+    {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]},
+    {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]},
+    {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]},
+    {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]},
+    {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]},
+    {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]},
+    {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]},
+    {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]},
+    {"CMAC", "cmac", NID_cmac},
+    {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]},
+    {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]},
+    {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]},
+    {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]},
+    {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]},
+    {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]},
+    {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},
+    {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]},
+    {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]},
+    {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr},
+    {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr},
+    {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr},
+    {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]},
+    {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]},
+    {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]},
+    {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
+    {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
+    {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
+    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts},
+    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts},
+    {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
+    {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
+    {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
+    {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
+    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]},
+    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]},
+    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]},
+    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]},
+    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]},
+    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]},
+    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]},
+    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]},
+    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]},
+    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]},
+    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]},
+    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]},
+    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]},
+    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]},
+    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]},
+    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]},
+    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]},
+    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]},
+    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]},
+    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]},
+    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]},
+    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]},
+    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]},
+    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]},
+    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]},
+    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]},
+    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]},
+    {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
+    {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
+    {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
+    {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
+    {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
+    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]},
+    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]},
+    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]},
+    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]},
+    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]},
+    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]},
+    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]},
+    {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
+    {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
+    {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
+    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]},
+    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]},
+    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]},
+    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]},
+    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]},
+    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]},
+    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]},
+    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]},
+    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]},
+    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]},
+    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]},
+    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]},
+    {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]},
+    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]},
+    {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
+    {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
+    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]},
+    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]},
+    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]},
+    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]},
+    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]},
+    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]},
+    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]},
+    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]},
+    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]},
+    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]},
+    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]},
+    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]},
+    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]},
+    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]},
+    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]},
+    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]},
+    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]},
+    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]},
+    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]},
+    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]},
+    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]},
+    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]},
+    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]},
+    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]},
+    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]},
+    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]},
+    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]},
+    {"INN", "INN", NID_INN, 8, &so[6575]},
+    {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]},
+    {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]},
+    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]},
+    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]},
+    {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
+    {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
+    {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
+    {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb},
+    {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr},
+    {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb},
+    {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc},
+    {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb},
+    {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
+    {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
+    {"ChaCha20", "chacha20", NID_chacha20},
+    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]},
+    {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
+    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]},
+    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]},
+    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]},
+    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]},
+    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]},
+    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]},
+    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]},
+    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]},
+    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]},
+    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]},
+    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]},
+    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]},
+    {"X25519", "X25519", NID_X25519, 3, &so[6703]},
+    {"X448", "X448", NID_X448, 3, &so[6706]},
+    {"HKDF", "hkdf", NID_hkdf},
+    {"KxRSA", "kx-rsa", NID_kx_rsa},
+    {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
+    {"KxDHE", "kx-dhe", NID_kx_dhe},
+    {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk},
+    {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk},
+    {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk},
+    {"KxPSK", "kx-psk", NID_kx_psk},
+    {"KxSRP", "kx-srp", NID_kx_srp},
+    {"KxGOST", "kx-gost", NID_kx_gost},
+    {"AuthRSA", "auth-rsa", NID_auth_rsa},
+    {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa},
+    {"AuthPSK", "auth-psk", NID_auth_psk},
+    {"AuthDSS", "auth-dss", NID_auth_dss},
+    {"AuthGOST01", "auth-gost01", NID_auth_gost01},
+    {"AuthGOST12", "auth-gost12", NID_auth_gost12},
+    {"AuthSRP", "auth-srp", NID_auth_srp},
+    {"AuthNULL", "auth-null", NID_auth_null},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6709]},
+    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6720]},
+    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]},
+    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]},
+    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]},
+};
+
+#define NUM_SN 1052
+static const unsigned int sn_objs[NUM_SN] = {
+     364,    /* "AD_DVCS" */
+     419,    /* "AES-128-CBC" */
+     916,    /* "AES-128-CBC-HMAC-SHA1" */
+     948,    /* "AES-128-CBC-HMAC-SHA256" */
+     421,    /* "AES-128-CFB" */
+     650,    /* "AES-128-CFB1" */
+     653,    /* "AES-128-CFB8" */
+     904,    /* "AES-128-CTR" */
+     418,    /* "AES-128-ECB" */
+     958,    /* "AES-128-OCB" */
+     420,    /* "AES-128-OFB" */
+     913,    /* "AES-128-XTS" */
+     423,    /* "AES-192-CBC" */
+     917,    /* "AES-192-CBC-HMAC-SHA1" */
+     949,    /* "AES-192-CBC-HMAC-SHA256" */
+     425,    /* "AES-192-CFB" */
+     651,    /* "AES-192-CFB1" */
+     654,    /* "AES-192-CFB8" */
+     905,    /* "AES-192-CTR" */
+     422,    /* "AES-192-ECB" */
+     959,    /* "AES-192-OCB" */
+     424,    /* "AES-192-OFB" */
+     427,    /* "AES-256-CBC" */
+     918,    /* "AES-256-CBC-HMAC-SHA1" */
+     950,    /* "AES-256-CBC-HMAC-SHA256" */
+     429,    /* "AES-256-CFB" */
+     652,    /* "AES-256-CFB1" */
+     655,    /* "AES-256-CFB8" */
+     906,    /* "AES-256-CTR" */
+     426,    /* "AES-256-ECB" */
+     960,    /* "AES-256-OCB" */
+     428,    /* "AES-256-OFB" */
+     914,    /* "AES-256-XTS" */
+    1049,    /* "AuthDSS" */
+    1047,    /* "AuthECDSA" */
+    1050,    /* "AuthGOST01" */
+    1051,    /* "AuthGOST12" */
+    1053,    /* "AuthNULL" */
+    1048,    /* "AuthPSK" */
+    1046,    /* "AuthRSA" */
+    1052,    /* "AuthSRP" */
+      91,    /* "BF-CBC" */
+      93,    /* "BF-CFB" */
+      92,    /* "BF-ECB" */
+      94,    /* "BF-OFB" */
+    1056,    /* "BLAKE2b512" */
+    1057,    /* "BLAKE2s256" */
+      14,    /* "C" */
+     751,    /* "CAMELLIA-128-CBC" */
+     962,    /* "CAMELLIA-128-CCM" */
+     757,    /* "CAMELLIA-128-CFB" */
+     760,    /* "CAMELLIA-128-CFB1" */
+     763,    /* "CAMELLIA-128-CFB8" */
+     964,    /* "CAMELLIA-128-CMAC" */
+     963,    /* "CAMELLIA-128-CTR" */
+     754,    /* "CAMELLIA-128-ECB" */
+     961,    /* "CAMELLIA-128-GCM" */
+     766,    /* "CAMELLIA-128-OFB" */
+     752,    /* "CAMELLIA-192-CBC" */
+     966,    /* "CAMELLIA-192-CCM" */
+     758,    /* "CAMELLIA-192-CFB" */
+     761,    /* "CAMELLIA-192-CFB1" */
+     764,    /* "CAMELLIA-192-CFB8" */
+     968,    /* "CAMELLIA-192-CMAC" */
+     967,    /* "CAMELLIA-192-CTR" */
+     755,    /* "CAMELLIA-192-ECB" */
+     965,    /* "CAMELLIA-192-GCM" */
+     767,    /* "CAMELLIA-192-OFB" */
+     753,    /* "CAMELLIA-256-CBC" */
+     970,    /* "CAMELLIA-256-CCM" */
+     759,    /* "CAMELLIA-256-CFB" */
+     762,    /* "CAMELLIA-256-CFB1" */
+     765,    /* "CAMELLIA-256-CFB8" */
+     972,    /* "CAMELLIA-256-CMAC" */
+     971,    /* "CAMELLIA-256-CTR" */
+     756,    /* "CAMELLIA-256-ECB" */
+     969,    /* "CAMELLIA-256-GCM" */
+     768,    /* "CAMELLIA-256-OFB" */
+     108,    /* "CAST5-CBC" */
+     110,    /* "CAST5-CFB" */
+     109,    /* "CAST5-ECB" */
+     111,    /* "CAST5-OFB" */
+     894,    /* "CMAC" */
+      13,    /* "CN" */
+     141,    /* "CRLReason" */
+     417,    /* "CSPName" */
+    1019,    /* "ChaCha20" */
+    1018,    /* "ChaCha20-Poly1305" */
+     367,    /* "CrlID" */
+     391,    /* "DC" */
+      31,    /* "DES-CBC" */
+     643,    /* "DES-CDMF" */
+      30,    /* "DES-CFB" */
+     656,    /* "DES-CFB1" */
+     657,    /* "DES-CFB8" */
+      29,    /* "DES-ECB" */
+      32,    /* "DES-EDE" */
+      43,    /* "DES-EDE-CBC" */
+      60,    /* "DES-EDE-CFB" */
+      62,    /* "DES-EDE-OFB" */
+      33,    /* "DES-EDE3" */
+      44,    /* "DES-EDE3-CBC" */
+      61,    /* "DES-EDE3-CFB" */
+     658,    /* "DES-EDE3-CFB1" */
+     659,    /* "DES-EDE3-CFB8" */
+      63,    /* "DES-EDE3-OFB" */
+      45,    /* "DES-OFB" */
+      80,    /* "DESX-CBC" */
+     380,    /* "DOD" */
+     116,    /* "DSA" */
+      66,    /* "DSA-SHA" */
+     113,    /* "DSA-SHA1" */
+      70,    /* "DSA-SHA1-old" */
+      67,    /* "DSA-old" */
+     297,    /* "DVCS" */
+      99,    /* "GN" */
+    1036,    /* "HKDF" */
+     855,    /* "HMAC" */
+     780,    /* "HMAC-MD5" */
+     781,    /* "HMAC-SHA1" */
+     381,    /* "IANA" */
+      34,    /* "IDEA-CBC" */
+      35,    /* "IDEA-CFB" */
+      36,    /* "IDEA-ECB" */
+      46,    /* "IDEA-OFB" */
+    1004,    /* "INN" */
+     181,    /* "ISO" */
+     183,    /* "ISO-US" */
+     645,    /* "ITU-T" */
+     646,    /* "JOINT-ISO-ITU-T" */
+     773,    /* "KISA" */
+    1039,    /* "KxDHE" */
+    1041,    /* "KxDHE-PSK" */
+    1038,    /* "KxECDHE" */
+    1040,    /* "KxECDHE-PSK" */
+    1045,    /* "KxGOST" */
+    1043,    /* "KxPSK" */
+    1037,    /* "KxRSA" */
+    1042,    /* "KxRSA_PSK" */
+    1044,    /* "KxSRP" */
+      15,    /* "L" */
+     856,    /* "LocalKeySet" */
+       3,    /* "MD2" */
+     257,    /* "MD4" */
+       4,    /* "MD5" */
+     114,    /* "MD5-SHA1" */
+      95,    /* "MDC2" */
+     911,    /* "MGF1" */
+     388,    /* "Mail" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      57,    /* "Netscape" */
+     366,    /* "Nonce" */
+      17,    /* "O" */
+     178,    /* "OCSP" */
+     180,    /* "OCSPSigning" */
+    1005,    /* "OGRN" */
+     379,    /* "ORG" */
+      18,    /* "OU" */
+     749,    /* "Oakley-EC2N-3" */
+     750,    /* "Oakley-EC2N-4" */
+       9,    /* "PBE-MD2-DES" */
+     168,    /* "PBE-MD2-RC2-64" */
+      10,    /* "PBE-MD5-DES" */
+     169,    /* "PBE-MD5-RC2-64" */
+     147,    /* "PBE-SHA1-2DES" */
+     146,    /* "PBE-SHA1-3DES" */
+     170,    /* "PBE-SHA1-DES" */
+     148,    /* "PBE-SHA1-RC2-128" */
+     149,    /* "PBE-SHA1-RC2-40" */
+      68,    /* "PBE-SHA1-RC2-64" */
+     144,    /* "PBE-SHA1-RC4-128" */
+     145,    /* "PBE-SHA1-RC4-40" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+     127,    /* "PKIX" */
+     935,    /* "PSPECIFIED" */
+      98,    /* "RC2-40-CBC" */
+     166,    /* "RC2-64-CBC" */
+      37,    /* "RC2-CBC" */
+      39,    /* "RC2-CFB" */
+      38,    /* "RC2-ECB" */
+      40,    /* "RC2-OFB" */
+       5,    /* "RC4" */
+      97,    /* "RC4-40" */
+     915,    /* "RC4-HMAC-MD5" */
+     120,    /* "RC5-CBC" */
+     122,    /* "RC5-CFB" */
+     121,    /* "RC5-ECB" */
+     123,    /* "RC5-OFB" */
+     117,    /* "RIPEMD160" */
+      19,    /* "RSA" */
+       7,    /* "RSA-MD2" */
+     396,    /* "RSA-MD4" */
+       8,    /* "RSA-MD5" */
+      96,    /* "RSA-MDC2" */
+     104,    /* "RSA-NP-MD5" */
+     119,    /* "RSA-RIPEMD160" */
+      42,    /* "RSA-SHA" */
+      65,    /* "RSA-SHA1" */
+     115,    /* "RSA-SHA1-2" */
+     671,    /* "RSA-SHA224" */
+     668,    /* "RSA-SHA256" */
+     669,    /* "RSA-SHA384" */
+     670,    /* "RSA-SHA512" */
+     919,    /* "RSAES-OAEP" */
+     912,    /* "RSASSA-PSS" */
+     777,    /* "SEED-CBC" */
+     779,    /* "SEED-CFB" */
+     776,    /* "SEED-ECB" */
+     778,    /* "SEED-OFB" */
+      41,    /* "SHA" */
+      64,    /* "SHA1" */
+     675,    /* "SHA224" */
+     672,    /* "SHA256" */
+     673,    /* "SHA384" */
+     674,    /* "SHA512" */
+     188,    /* "SMIME" */
+     167,    /* "SMIME-CAPS" */
+     100,    /* "SN" */
+    1006,    /* "SNILS" */
+      16,    /* "ST" */
+     143,    /* "SXNetID" */
+    1021,    /* "TLS1-PRF" */
+     458,    /* "UID" */
+       0,    /* "UNDEF" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      11,    /* "X500" */
+     378,    /* "X500algorithms" */
+      12,    /* "X509" */
+     184,    /* "X9-57" */
+     185,    /* "X9cm" */
+     125,    /* "ZLIB" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     368,    /* "acceptableResponses" */
+     446,    /* "account" */
+     363,    /* "ad_timestamping" */
+     376,    /* "algorithm" */
+     405,    /* "ansi-X9-62" */
+     910,    /* "anyExtendedKeyUsage" */
+     746,    /* "anyPolicy" */
+     370,    /* "archiveCutoff" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+     177,    /* "authorityInfoAccess" */
+      90,    /* "authorityKeyIdentifier" */
+     882,    /* "authorityRevocationList" */
+      87,    /* "basicConstraints" */
+     365,    /* "basicOCSPResponse" */
+     285,    /* "biometricInfo" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     179,    /* "caIssuers" */
+     785,    /* "caRepository" */
+    1023,    /* "capwapAC" */
+    1024,    /* "capwapWTP" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     771,    /* "certificateIssuer" */
+      89,    /* "certificatePolicies" */
+     883,    /* "certificateRevocationList" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     130,    /* "clientAuth" */
+     131,    /* "codeSigning" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+     153,    /* "crlBag" */
+     103,    /* "crlDistributionPoints" */
+      88,    /* "crlNumber" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     954,    /* "ct_cert_scts" */
+     952,    /* "ct_precert_poison" */
+     951,    /* "ct_precert_scts" */
+     953,    /* "ct_precert_signer" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcobject" */
+     140,    /* "deltaCRL" */
+     891,    /* "deltaRevocationList" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+     920,    /* "dhpublicnumber" */
+     382,    /* "directory" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     392,    /* "domain" */
+     452,    /* "domainRelatedObject" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+      48,    /* "emailAddress" */
+     132,    /* "emailProtection" */
+     885,    /* "enhancedSearchGuide" */
+     389,    /* "enterprises" */
+     384,    /* "experimental" */
+     172,    /* "extReq" */
+      56,    /* "extendedCertificateAttributes" */
+     126,    /* "extendedKeyUsage" */
+     372,    /* "extendedStatus" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+     857,    /* "freshestCRL" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     509,    /* "generationQualifier" */
+     815,    /* "gost-mac" */
+     976,    /* "gost-mac-12" */
+     811,    /* "gost2001" */
+     851,    /* "gost2001cc" */
+     979,    /* "gost2012_256" */
+     980,    /* "gost2012_512" */
+     813,    /* "gost89" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+     812,    /* "gost94" */
+     850,    /* "gost94cc" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+     432,    /* "holdInstructionCallIssuer" */
+     430,    /* "holdInstructionCode" */
+     431,    /* "holdInstructionNone" */
+     433,    /* "holdInstructionReject" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     783,    /* "id-DHBasedMac" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     849,    /* "id-Gost28147-89-cc" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     854,    /* "id-GostR3410-2001-ParamSet-cc" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     817,    /* "id-GostR3410-2001DH" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     818,    /* "id-GostR3410-94DH" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     807,    /* "id-GostR3411-94-with-GostR3410-2001" */
+     853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
+     808,    /* "id-GostR3411-94-with-GostR3410-94" */
+     852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
+     810,    /* "id-HMACGostR3411-94" */
+     782,    /* "id-PasswordBasedMAC" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     896,    /* "id-aes128-CCM" */
+     895,    /* "id-aes128-GCM" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     899,    /* "id-aes192-CCM" */
+     898,    /* "id-aes192-GCM" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     902,    /* "id-aes256-CCM" */
+     901,    /* "id-aes256-GCM" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+     408,    /* "id-ecPublicKey" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     858,    /* "id-on-permanentIdentifier" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     664,    /* "id-ppl-anyLanguage" */
+     667,    /* "id-ppl-independent" */
+     665,    /* "id-ppl-inheritAll" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     164,    /* "id-qt-cps" */
+     165,    /* "id-qt-unotice" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+     973,    /* "id-scrypt" */
+     512,    /* "id-set" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1003,    /* "id-tc26-gost-28147-param-Z" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     998,    /* "id-tc26-gost-3410-2012-512-paramSetA" */
+     999,    /* "id-tc26-gost-3410-2012-512-paramSetB" */
+     997,    /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+     988,    /* "id-tc26-hmac-gost-3411-2012-256" */
+     989,    /* "id-tc26-hmac-gost-3411-2012-512" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+     985,    /* "id-tc26-signwithdigest-gost3410-2012-256" */
+     986,    /* "id-tc26-signwithdigest-gost3410-2012-512" */
+     676,    /* "identified-organization" */
+     461,    /* "info" */
+     748,    /* "inhibitAnyPolicy" */
+     101,    /* "initials" */
+     647,    /* "international-organizations" */
+     869,    /* "internationaliSDNNumber" */
+     142,    /* "invalidityDate" */
+     294,    /* "ipsecEndSystem" */
+    1022,    /* "ipsecIKE" */
+     295,    /* "ipsecTunnel" */
+     296,    /* "ipsecUser" */
+      86,    /* "issuerAltName" */
+    1008,    /* "issuerSignTool" */
+     770,    /* "issuingDistributionPoint" */
+     492,    /* "janetMailbox" */
+     957,    /* "jurisdictionC" */
+     955,    /* "jurisdictionL" */
+     956,    /* "jurisdictionST" */
+     150,    /* "keyBag" */
+      83,    /* "keyUsage" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+     480,    /* "mXRecord" */
+     460,    /* "mail" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+     982,    /* "md_gost12_256" */
+     983,    /* "md_gost12_512" */
+     809,    /* "md_gost94" */
+     875,    /* "member" */
+     182,    /* "member-body" */
+      51,    /* "messageDigest" */
+     383,    /* "mgmt" */
+     504,    /* "mime-mhs" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     136,    /* "msCTLSign" */
+     135,    /* "msCodeCom" */
+     134,    /* "msCodeInd" */
+     138,    /* "msEFS" */
+     171,    /* "msExtReq" */
+     137,    /* "msSGC" */
+     648,    /* "msSmartcardLogin" */
+     649,    /* "msUPN" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     666,    /* "nameConstraints" */
+     369,    /* "noCheck" */
+     403,    /* "noRevAvail" */
+      72,    /* "nsBaseUrl" */
+      76,    /* "nsCaPolicyUrl" */
+      74,    /* "nsCaRevocationUrl" */
+      58,    /* "nsCertExt" */
+      79,    /* "nsCertSequence" */
+      71,    /* "nsCertType" */
+      78,    /* "nsComment" */
+      59,    /* "nsDataType" */
+      75,    /* "nsRenewalUrl" */
+      73,    /* "nsRevocationUrl" */
+     139,    /* "nsSGC" */
+      77,    /* "nsSslServerName" */
+     681,    /* "onBasis" */
+     491,    /* "organizationalStatus" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     489,    /* "pagerTelephoneNumber" */
+     374,    /* "path" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+    1032,    /* "pkInitClientAuth" */
+    1033,    /* "pkInitKDC" */
+       2,    /* "pkcs" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+     401,    /* "policyConstraints" */
+     747,    /* "policyMappings" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     816,    /* "prf-gostr3411-94" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     385,    /* "private" */
+      84,    /* "privateKeyUsagePeriod" */
+     886,    /* "protocolInformation" */
+     663,    /* "proxyCertInfo" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+     870,    /* "registeredAddress" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+       1,    /* "rsadsi" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+    1025,    /* "secureShellClient" */
+    1026,    /* "secureShellServer" */
+     386,    /* "security" */
+     878,    /* "seeAlso" */
+     394,    /* "selected-attribute-types" */
+    1029,    /* "sendOwner" */
+    1030,    /* "sendProxiedOwner" */
+    1028,    /* "sendProxiedRouter" */
+    1027,    /* "sendRouter" */
+     105,    /* "serialNumber" */
+     129,    /* "serverAuth" */
+     371,    /* "serviceLocator" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     517,    /* "set-certExt" */
+     513,    /* "set-ctype" */
+     514,    /* "set-msgExt" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     631,    /* "setAttr-GenCryptgrm" */
+     623,    /* "setAttr-IssCap" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     621,    /* "setAttr-PGWYcap" */
+     635,    /* "setAttr-SecDevSig" */
+     632,    /* "setAttr-T2Enc" */
+     633,    /* "setAttr-T2cleartxt" */
+     634,    /* "setAttr-TokICCsig" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     606,    /* "setext-cv" */
+     601,    /* "setext-genCrypt" */
+     602,    /* "setext-miAuth" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+     387,    /* "snmpv2" */
+     660,    /* "street" */
+      85,    /* "subjectAltName" */
+     769,    /* "subjectDirectoryAttributes" */
+     398,    /* "subjectInfoAccess" */
+      82,    /* "subjectKeyIdentifier" */
+    1007,    /* "subjectSignTool" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     402,    /* "targetInformation" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     133,    /* "timeStamping" */
+     106,    /* "title" */
+    1020,    /* "tlsfeature" */
+     682,    /* "tpBasis" */
+     375,    /* "trustRoot" */
+     436,    /* "ucl" */
+     102,    /* "uid" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+};
+
+#define NUM_LN 1052
+static const unsigned int ln_objs[NUM_LN] = {
+     363,    /* "AD Time Stamping" */
+     405,    /* "ANSI X9.62" */
+     368,    /* "Acceptable OCSP Responses" */
+     910,    /* "Any Extended Key Usage" */
+     664,    /* "Any language" */
+     177,    /* "Authority Information Access" */
+     365,    /* "Basic OCSP Response" */
+     285,    /* "Biometric Info" */
+     179,    /* "CA Issuers" */
+     785,    /* "CA Repository" */
+     954,    /* "CT Certificate SCTs" */
+     952,    /* "CT Precertificate Poison" */
+     951,    /* "CT Precertificate SCTs" */
+     953,    /* "CT Precertificate Signer" */
+     131,    /* "Code Signing" */
+    1024,    /* "Ctrl/Provision WAP Termination" */
+    1023,    /* "Ctrl/provision WAP Access" */
+     783,    /* "Diffie-Hellman based MAC" */
+     382,    /* "Directory" */
+     392,    /* "Domain" */
+     132,    /* "E-mail Protection" */
+     389,    /* "Enterprises" */
+     384,    /* "Experimental" */
+     372,    /* "Extended OCSP Status" */
+     172,    /* "Extension Request" */
+     813,    /* "GOST 28147-89" */
+     849,    /* "GOST 28147-89 Cryptocom ParamSet" */
+     815,    /* "GOST 28147-89 MAC" */
+    1003,    /* "GOST 28147-89 TC26 parameter set" */
+     851,    /* "GOST 34.10-2001 Cryptocom" */
+     850,    /* "GOST 34.10-94 Cryptocom" */
+     811,    /* "GOST R 34.10-2001" */
+     817,    /* "GOST R 34.10-2001 DH" */
+     998,    /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+     999,    /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+     997,    /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+     979,    /* "GOST R 34.10-2012 with 256 bit modulus" */
+     980,    /* "GOST R 34.10-2012 with 512 bit modulus" */
+     985,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+     986,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
+     812,    /* "GOST R 34.10-94" */
+     818,    /* "GOST R 34.10-94 DH" */
+     982,    /* "GOST R 34.11-2012 with 256 bit hash" */
+     983,    /* "GOST R 34.11-2012 with 512 bit hash" */
+     809,    /* "GOST R 34.11-94" */
+     816,    /* "GOST R 34.11-94 PRF" */
+     807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
+     853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+     808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
+     852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+     854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+     988,    /* "HMAC GOST 34.11-2012 256 bit" */
+     989,    /* "HMAC GOST 34.11-2012 512 bit" */
+     810,    /* "HMAC GOST 34.11-94" */
+     432,    /* "Hold Instruction Call Issuer" */
+     430,    /* "Hold Instruction Code" */
+     431,    /* "Hold Instruction None" */
+     433,    /* "Hold Instruction Reject" */
+     634,    /* "ICC or token signature" */
+    1004,    /* "INN" */
+     294,    /* "IPSec End System" */
+     295,    /* "IPSec Tunnel" */
+     296,    /* "IPSec User" */
+     182,    /* "ISO Member Body" */
+     183,    /* "ISO US Member Body" */
+     667,    /* "Independent" */
+     665,    /* "Inherit all" */
+     647,    /* "International Organizations" */
+     142,    /* "Invalidity Date" */
+     504,    /* "MIME MHS" */
+     388,    /* "Mail" */
+     383,    /* "Management" */
+     417,    /* "Microsoft CSP Name" */
+     135,    /* "Microsoft Commercial Code Signing" */
+     138,    /* "Microsoft Encrypted File System" */
+     171,    /* "Microsoft Extension Request" */
+     134,    /* "Microsoft Individual Code Signing" */
+     856,    /* "Microsoft Local Key set" */
+     137,    /* "Microsoft Server Gated Crypto" */
+     648,    /* "Microsoft Smartcardlogin" */
+     136,    /* "Microsoft Trust List Signing" */
+     649,    /* "Microsoft Universal Principal Name" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      72,    /* "Netscape Base Url" */
+      76,    /* "Netscape CA Policy Url" */
+      74,    /* "Netscape CA Revocation Url" */
+      71,    /* "Netscape Cert Type" */
+      58,    /* "Netscape Certificate Extension" */
+      79,    /* "Netscape Certificate Sequence" */
+      78,    /* "Netscape Comment" */
+      57,    /* "Netscape Communications Corp." */
+      59,    /* "Netscape Data Type" */
+      75,    /* "Netscape Renewal Url" */
+      73,    /* "Netscape Revocation Url" */
+      77,    /* "Netscape SSL Server Name" */
+     139,    /* "Netscape Server Gated Crypto" */
+     178,    /* "OCSP" */
+     370,    /* "OCSP Archive Cutoff" */
+     367,    /* "OCSP CRL ID" */
+     369,    /* "OCSP No Check" */
+     366,    /* "OCSP Nonce" */
+     371,    /* "OCSP Service Locator" */
+     180,    /* "OCSP Signing" */
+    1005,    /* "OGRN" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+    1032,    /* "PKINIT Client Auth" */
+     127,    /* "PKIX" */
+     858,    /* "Permanent Identifier" */
+     164,    /* "Policy Qualifier CPS" */
+     165,    /* "Policy Qualifier User Notice" */
+     385,    /* "Private" */
+     663,    /* "Proxy Certificate Information" */
+       1,    /* "RSA Data Security, Inc." */
+       2,    /* "RSA Data Security, Inc. PKCS" */
+     188,    /* "S/MIME" */
+     167,    /* "S/MIME Capabilities" */
+    1006,    /* "SNILS" */
+     387,    /* "SNMPv2" */
+    1025,    /* "SSH Client" */
+    1026,    /* "SSH Server" */
+     512,    /* "Secure Electronic Transactions" */
+     386,    /* "Security" */
+     394,    /* "Selected Attribute Types" */
+    1029,    /* "Send Owner" */
+    1030,    /* "Send Proxied Owner" */
+    1028,    /* "Send Proxied Router" */
+    1027,    /* "Send Router" */
+    1033,    /* "Signing KDC Response" */
+    1008,    /* "Signing Tool of Issuer" */
+    1007,    /* "Signing Tool of Subject" */
+     143,    /* "Strong Extranet ID" */
+     398,    /* "Subject Information Access" */
+    1020,    /* "TLS Feature" */
+     130,    /* "TLS Web Client Authentication" */
+     129,    /* "TLS Web Server Authentication" */
+     133,    /* "Time Stamping" */
+     375,    /* "Trust Root" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      12,    /* "X509" */
+     402,    /* "X509v3 AC Targeting" */
+     746,    /* "X509v3 Any Policy" */
+      90,    /* "X509v3 Authority Key Identifier" */
+      87,    /* "X509v3 Basic Constraints" */
+     103,    /* "X509v3 CRL Distribution Points" */
+      88,    /* "X509v3 CRL Number" */
+     141,    /* "X509v3 CRL Reason Code" */
+     771,    /* "X509v3 Certificate Issuer" */
+      89,    /* "X509v3 Certificate Policies" */
+     140,    /* "X509v3 Delta CRL Indicator" */
+     126,    /* "X509v3 Extended Key Usage" */
+     857,    /* "X509v3 Freshest CRL" */
+     748,    /* "X509v3 Inhibit Any Policy" */
+      86,    /* "X509v3 Issuer Alternative Name" */
+     770,    /* "X509v3 Issuing Distribution Point" */
+      83,    /* "X509v3 Key Usage" */
+     666,    /* "X509v3 Name Constraints" */
+     403,    /* "X509v3 No Revocation Available" */
+     401,    /* "X509v3 Policy Constraints" */
+     747,    /* "X509v3 Policy Mappings" */
+      84,    /* "X509v3 Private Key Usage Period" */
+      85,    /* "X509v3 Subject Alternative Name" */
+     769,    /* "X509v3 Subject Directory Attributes" */
+      82,    /* "X509v3 Subject Key Identifier" */
+     920,    /* "X9.42 DH" */
+     184,    /* "X9.57" */
+     185,    /* "X9.57 CM ?" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     446,    /* "account" */
+     364,    /* "ad dvcs" */
+     606,    /* "additional verification" */
+     419,    /* "aes-128-cbc" */
+     916,    /* "aes-128-cbc-hmac-sha1" */
+     948,    /* "aes-128-cbc-hmac-sha256" */
+     896,    /* "aes-128-ccm" */
+     421,    /* "aes-128-cfb" */
+     650,    /* "aes-128-cfb1" */
+     653,    /* "aes-128-cfb8" */
+     904,    /* "aes-128-ctr" */
+     418,    /* "aes-128-ecb" */
+     895,    /* "aes-128-gcm" */
+     958,    /* "aes-128-ocb" */
+     420,    /* "aes-128-ofb" */
+     913,    /* "aes-128-xts" */
+     423,    /* "aes-192-cbc" */
+     917,    /* "aes-192-cbc-hmac-sha1" */
+     949,    /* "aes-192-cbc-hmac-sha256" */
+     899,    /* "aes-192-ccm" */
+     425,    /* "aes-192-cfb" */
+     651,    /* "aes-192-cfb1" */
+     654,    /* "aes-192-cfb8" */
+     905,    /* "aes-192-ctr" */
+     422,    /* "aes-192-ecb" */
+     898,    /* "aes-192-gcm" */
+     959,    /* "aes-192-ocb" */
+     424,    /* "aes-192-ofb" */
+     427,    /* "aes-256-cbc" */
+     918,    /* "aes-256-cbc-hmac-sha1" */
+     950,    /* "aes-256-cbc-hmac-sha256" */
+     902,    /* "aes-256-ccm" */
+     429,    /* "aes-256-cfb" */
+     652,    /* "aes-256-cfb1" */
+     655,    /* "aes-256-cfb8" */
+     906,    /* "aes-256-ctr" */
+     426,    /* "aes-256-ecb" */
+     901,    /* "aes-256-gcm" */
+     960,    /* "aes-256-ocb" */
+     428,    /* "aes-256-ofb" */
+     914,    /* "aes-256-xts" */
+     376,    /* "algorithm" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+    1049,    /* "auth-dss" */
+    1047,    /* "auth-ecdsa" */
+    1050,    /* "auth-gost01" */
+    1051,    /* "auth-gost12" */
+    1053,    /* "auth-null" */
+    1048,    /* "auth-psk" */
+    1046,    /* "auth-rsa" */
+    1052,    /* "auth-srp" */
+     882,    /* "authorityRevocationList" */
+      91,    /* "bf-cbc" */
+      93,    /* "bf-cfb" */
+      92,    /* "bf-ecb" */
+      94,    /* "bf-ofb" */
+    1056,    /* "blake2b512" */
+    1057,    /* "blake2s256" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     751,    /* "camellia-128-cbc" */
+     962,    /* "camellia-128-ccm" */
+     757,    /* "camellia-128-cfb" */
+     760,    /* "camellia-128-cfb1" */
+     763,    /* "camellia-128-cfb8" */
+     964,    /* "camellia-128-cmac" */
+     963,    /* "camellia-128-ctr" */
+     754,    /* "camellia-128-ecb" */
+     961,    /* "camellia-128-gcm" */
+     766,    /* "camellia-128-ofb" */
+     752,    /* "camellia-192-cbc" */
+     966,    /* "camellia-192-ccm" */
+     758,    /* "camellia-192-cfb" */
+     761,    /* "camellia-192-cfb1" */
+     764,    /* "camellia-192-cfb8" */
+     968,    /* "camellia-192-cmac" */
+     967,    /* "camellia-192-ctr" */
+     755,    /* "camellia-192-ecb" */
+     965,    /* "camellia-192-gcm" */
+     767,    /* "camellia-192-ofb" */
+     753,    /* "camellia-256-cbc" */
+     970,    /* "camellia-256-ccm" */
+     759,    /* "camellia-256-cfb" */
+     762,    /* "camellia-256-cfb1" */
+     765,    /* "camellia-256-cfb8" */
+     972,    /* "camellia-256-cmac" */
+     971,    /* "camellia-256-ctr" */
+     756,    /* "camellia-256-ecb" */
+     969,    /* "camellia-256-gcm" */
+     768,    /* "camellia-256-ofb" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     108,    /* "cast5-cbc" */
+     110,    /* "cast5-cfb" */
+     109,    /* "cast5-ecb" */
+     111,    /* "cast5-ofb" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     517,    /* "certificate extensions" */
+     883,    /* "certificateRevocationList" */
+    1019,    /* "chacha20" */
+    1018,    /* "chacha20-poly1305" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     633,    /* "cleartext track 2" */
+     894,    /* "cmac" */
+      13,    /* "commonName" */
+     513,    /* "content types" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+      14,    /* "countryName" */
+     153,    /* "crlBag" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcObject" */
+     891,    /* "deltaRevocationList" */
+      31,    /* "des-cbc" */
+     643,    /* "des-cdmf" */
+      30,    /* "des-cfb" */
+     656,    /* "des-cfb1" */
+     657,    /* "des-cfb8" */
+      29,    /* "des-ecb" */
+      32,    /* "des-ede" */
+      43,    /* "des-ede-cbc" */
+      60,    /* "des-ede-cfb" */
+      62,    /* "des-ede-ofb" */
+      33,    /* "des-ede3" */
+      44,    /* "des-ede3-cbc" */
+      61,    /* "des-ede3-cfb" */
+     658,    /* "des-ede3-cfb1" */
+     659,    /* "des-ede3-cfb8" */
+      63,    /* "des-ede3-ofb" */
+      45,    /* "des-ofb" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+      80,    /* "desx-cbc" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+      11,    /* "directory services (X.500)" */
+     378,    /* "directory services - algorithms" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     380,    /* "dod" */
+     391,    /* "domainComponent" */
+     452,    /* "domainRelatedObject" */
+     116,    /* "dsaEncryption" */
+      67,    /* "dsaEncryption-old" */
+      66,    /* "dsaWithSHA" */
+     113,    /* "dsaWithSHA1" */
+      70,    /* "dsaWithSHA1-old" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+     297,    /* "dvcs" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+      48,    /* "emailAddress" */
+     632,    /* "encrypted track 2" */
+     885,    /* "enhancedSearchGuide" */
+      56,    /* "extendedCertificateAttributes" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     631,    /* "generate cryptogram" */
+     509,    /* "generationQualifier" */
+     601,    /* "generic cryptogram" */
+      99,    /* "givenName" */
+     976,    /* "gost-mac-12" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1036,    /* "hkdf" */
+     855,    /* "hmac" */
+     780,    /* "hmac-md5" */
+     781,    /* "hmac-sha1" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     381,    /* "iana" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+     408,    /* "id-ecPublicKey" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+     973,    /* "id-scrypt" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+      34,    /* "idea-cbc" */
+      35,    /* "idea-cfb" */
+      36,    /* "idea-ecb" */
+      46,    /* "idea-ofb" */
+     676,    /* "identified-organization" */
+     461,    /* "info" */
+     101,    /* "initials" */
+     869,    /* "internationaliSDNNumber" */
+    1022,    /* "ipsec Internet Key Exchange" */
+     749,    /* "ipsec3" */
+     750,    /* "ipsec4" */
+     181,    /* "iso" */
+     623,    /* "issuer capabilities" */
+     645,    /* "itu-t" */
+     492,    /* "janetMailbox" */
+     646,    /* "joint-iso-itu-t" */
+     957,    /* "jurisdictionCountryName" */
+     955,    /* "jurisdictionLocalityName" */
+     956,    /* "jurisdictionStateOrProvinceName" */
+     150,    /* "keyBag" */
+     773,    /* "kisa" */
+    1039,    /* "kx-dhe" */
+    1041,    /* "kx-dhe-psk" */
+    1038,    /* "kx-ecdhe" */
+    1040,    /* "kx-ecdhe-psk" */
+    1045,    /* "kx-gost" */
+    1043,    /* "kx-psk" */
+    1037,    /* "kx-rsa" */
+    1042,    /* "kx-rsa-psk" */
+    1044,    /* "kx-srp" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+      15,    /* "localityName" */
+     480,    /* "mXRecord" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+       3,    /* "md2" */
+       7,    /* "md2WithRSAEncryption" */
+     257,    /* "md4" */
+     396,    /* "md4WithRSAEncryption" */
+       4,    /* "md5" */
+     114,    /* "md5-sha1" */
+     104,    /* "md5WithRSA" */
+       8,    /* "md5WithRSAEncryption" */
+      95,    /* "mdc2" */
+      96,    /* "mdc2WithRSA" */
+     875,    /* "member" */
+     602,    /* "merchant initiated auth" */
+     514,    /* "message extensions" */
+      51,    /* "messageDigest" */
+     911,    /* "mgf1" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     681,    /* "onBasis" */
+     379,    /* "org" */
+      17,    /* "organizationName" */
+     491,    /* "organizationalStatus" */
+      18,    /* "organizationalUnitName" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     935,    /* "pSpecified" */
+     489,    /* "pagerTelephoneNumber" */
+     782,    /* "password based MAC" */
+     374,    /* "path" */
+     621,    /* "payment gateway capabilities" */
+       9,    /* "pbeWithMD2AndDES-CBC" */
+     168,    /* "pbeWithMD2AndRC2-CBC" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+      10,    /* "pbeWithMD5AndDES-CBC" */
+     169,    /* "pbeWithMD5AndRC2-CBC" */
+     148,    /* "pbeWithSHA1And128BitRC2-CBC" */
+     144,    /* "pbeWithSHA1And128BitRC4" */
+     147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+     146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+     149,    /* "pbeWithSHA1And40BitRC2-CBC" */
+     145,    /* "pbeWithSHA1And40BitRC4" */
+     170,    /* "pbeWithSHA1AndDES-CBC" */
+      68,    /* "pbeWithSHA1AndRC2-CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     886,    /* "protocolInformation" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+      98,    /* "rc2-40-cbc" */
+     166,    /* "rc2-64-cbc" */
+      37,    /* "rc2-cbc" */
+      39,    /* "rc2-cfb" */
+      38,    /* "rc2-ecb" */
+      40,    /* "rc2-ofb" */
+       5,    /* "rc4" */
+      97,    /* "rc4-40" */
+     915,    /* "rc4-hmac-md5" */
+     120,    /* "rc5-cbc" */
+     122,    /* "rc5-cfb" */
+     121,    /* "rc5-ecb" */
+     123,    /* "rc5-ofb" */
+     870,    /* "registeredAddress" */
+     460,    /* "rfc822Mailbox" */
+     117,    /* "ripemd160" */
+     119,    /* "ripemd160WithRSA" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+      19,    /* "rsa" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+     919,    /* "rsaesOaep" */
+     912,    /* "rsassaPss" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+     635,    /* "secure device signature" */
+     878,    /* "seeAlso" */
+     777,    /* "seed-cbc" */
+     779,    /* "seed-cfb" */
+     776,    /* "seed-ecb" */
+     778,    /* "seed-ofb" */
+     105,    /* "serialNumber" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      41,    /* "sha" */
+      64,    /* "sha1" */
+     115,    /* "sha1WithRSA" */
+      65,    /* "sha1WithRSAEncryption" */
+     675,    /* "sha224" */
+     671,    /* "sha224WithRSAEncryption" */
+     672,    /* "sha256" */
+     668,    /* "sha256WithRSAEncryption" */
+     673,    /* "sha384" */
+     669,    /* "sha384WithRSAEncryption" */
+     674,    /* "sha512" */
+     670,    /* "sha512WithRSAEncryption" */
+      42,    /* "shaWithRSAEncryption" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+      16,    /* "stateOrProvinceName" */
+     660,    /* "streetAddress" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     100,    /* "surname" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     106,    /* "title" */
+    1021,    /* "tls1-prf" */
+     682,    /* "tpBasis" */
+     436,    /* "ucl" */
+       0,    /* "undefined" */
+     102,    /* "uniqueIdentifier" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     458,    /* "userId" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+     125,    /* "zlib compression" */
+};
+
+#define NUM_OBJ 956
+static const unsigned int obj_objs[NUM_OBJ] = {
+       0,    /* OBJ_undef                        0 */
+     181,    /* OBJ_iso                          1 */
+     393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+     404,    /* OBJ_ccitt                        OBJ_itu_t */
+     645,    /* OBJ_itu_t                        0 */
+     646,    /* OBJ_joint_iso_itu_t              2 */
+     434,    /* OBJ_data                         0 9 */
+     182,    /* OBJ_member_body                  1 2 */
+     379,    /* OBJ_org                          1 3 */
+     676,    /* OBJ_identified_organization      1 3 */
+      11,    /* OBJ_X500                         2 5 */
+     647,    /* OBJ_international_organizations  2 23 */
+     380,    /* OBJ_dod                          1 3 6 */
+      12,    /* OBJ_X509                         2 5 4 */
+     378,    /* OBJ_X500algorithms               2 5 8 */
+      81,    /* OBJ_id_ce                        2 5 29 */
+     512,    /* OBJ_id_set                       2 23 42 */
+     678,    /* OBJ_wap                          2 23 43 */
+     435,    /* OBJ_pss                          0 9 2342 */
+     183,    /* OBJ_ISO_US                       1 2 840 */
+     381,    /* OBJ_iana                         1 3 6 1 */
+    1034,    /* OBJ_X25519                       1 3 101 110 */
+    1035,    /* OBJ_X448                         1 3 101 111 */
+     677,    /* OBJ_certicom_arc                 1 3 132 */
+     394,    /* OBJ_selected_attribute_types     2 5 1 5 */
+      13,    /* OBJ_commonName                   2 5 4 3 */
+     100,    /* OBJ_surname                      2 5 4 4 */
+     105,    /* OBJ_serialNumber                 2 5 4 5 */
+      14,    /* OBJ_countryName                  2 5 4 6 */
+      15,    /* OBJ_localityName                 2 5 4 7 */
+      16,    /* OBJ_stateOrProvinceName          2 5 4 8 */
+     660,    /* OBJ_streetAddress                2 5 4 9 */
+      17,    /* OBJ_organizationName             2 5 4 10 */
+      18,    /* OBJ_organizationalUnitName       2 5 4 11 */
+     106,    /* OBJ_title                        2 5 4 12 */
+     107,    /* OBJ_description                  2 5 4 13 */
+     859,    /* OBJ_searchGuide                  2 5 4 14 */
+     860,    /* OBJ_businessCategory             2 5 4 15 */
+     861,    /* OBJ_postalAddress                2 5 4 16 */
+     661,    /* OBJ_postalCode                   2 5 4 17 */
+     862,    /* OBJ_postOfficeBox                2 5 4 18 */
+     863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
+     864,    /* OBJ_telephoneNumber              2 5 4 20 */
+     865,    /* OBJ_telexNumber                  2 5 4 21 */
+     866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
+     867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
+     868,    /* OBJ_x121Address                  2 5 4 24 */
+     869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
+     870,    /* OBJ_registeredAddress            2 5 4 26 */
+     871,    /* OBJ_destinationIndicator         2 5 4 27 */
+     872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
+     873,    /* OBJ_presentationAddress          2 5 4 29 */
+     874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
+     875,    /* OBJ_member                       2 5 4 31 */
+     876,    /* OBJ_owner                        2 5 4 32 */
+     877,    /* OBJ_roleOccupant                 2 5 4 33 */
+     878,    /* OBJ_seeAlso                      2 5 4 34 */
+     879,    /* OBJ_userPassword                 2 5 4 35 */
+     880,    /* OBJ_userCertificate              2 5 4 36 */
+     881,    /* OBJ_cACertificate                2 5 4 37 */
+     882,    /* OBJ_authorityRevocationList      2 5 4 38 */
+     883,    /* OBJ_certificateRevocationList    2 5 4 39 */
+     884,    /* OBJ_crossCertificatePair         2 5 4 40 */
+     173,    /* OBJ_name                         2 5 4 41 */
+      99,    /* OBJ_givenName                    2 5 4 42 */
+     101,    /* OBJ_initials                     2 5 4 43 */
+     509,    /* OBJ_generationQualifier          2 5 4 44 */
+     503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
+     174,    /* OBJ_dnQualifier                  2 5 4 46 */
+     885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
+     886,    /* OBJ_protocolInformation          2 5 4 48 */
+     887,    /* OBJ_distinguishedName            2 5 4 49 */
+     888,    /* OBJ_uniqueMember                 2 5 4 50 */
+     889,    /* OBJ_houseIdentifier              2 5 4 51 */
+     890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
+     891,    /* OBJ_deltaRevocationList          2 5 4 53 */
+     892,    /* OBJ_dmdName                      2 5 4 54 */
+     510,    /* OBJ_pseudonym                    2 5 4 65 */
+     400,    /* OBJ_role                         2 5 4 72 */
+     769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
+      82,    /* OBJ_subject_key_identifier       2 5 29 14 */
+      83,    /* OBJ_key_usage                    2 5 29 15 */
+      84,    /* OBJ_private_key_usage_period     2 5 29 16 */
+      85,    /* OBJ_subject_alt_name             2 5 29 17 */
+      86,    /* OBJ_issuer_alt_name              2 5 29 18 */
+      87,    /* OBJ_basic_constraints            2 5 29 19 */
+      88,    /* OBJ_crl_number                   2 5 29 20 */
+     141,    /* OBJ_crl_reason                   2 5 29 21 */
+     430,    /* OBJ_hold_instruction_code        2 5 29 23 */
+     142,    /* OBJ_invalidity_date              2 5 29 24 */
+     140,    /* OBJ_delta_crl                    2 5 29 27 */
+     770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
+     771,    /* OBJ_certificate_issuer           2 5 29 29 */
+     666,    /* OBJ_name_constraints             2 5 29 30 */
+     103,    /* OBJ_crl_distribution_points      2 5 29 31 */
+      89,    /* OBJ_certificate_policies         2 5 29 32 */
+     747,    /* OBJ_policy_mappings              2 5 29 33 */
+      90,    /* OBJ_authority_key_identifier     2 5 29 35 */
+     401,    /* OBJ_policy_constraints           2 5 29 36 */
+     126,    /* OBJ_ext_key_usage                2 5 29 37 */
+     857,    /* OBJ_freshest_crl                 2 5 29 46 */
+     748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
+     402,    /* OBJ_target_information           2 5 29 55 */
+     403,    /* OBJ_no_rev_avail                 2 5 29 56 */
+     513,    /* OBJ_set_ctype                    2 23 42 0 */
+     514,    /* OBJ_set_msgExt                   2 23 42 1 */
+     515,    /* OBJ_set_attr                     2 23 42 3 */
+     516,    /* OBJ_set_policy                   2 23 42 5 */
+     517,    /* OBJ_set_certExt                  2 23 42 7 */
+     518,    /* OBJ_set_brand                    2 23 42 8 */
+     679,    /* OBJ_wap_wsg                      2 23 43 1 */
+     382,    /* OBJ_Directory                    1 3 6 1 1 */
+     383,    /* OBJ_Management                   1 3 6 1 2 */
+     384,    /* OBJ_Experimental                 1 3 6 1 3 */
+     385,    /* OBJ_Private                      1 3 6 1 4 */
+     386,    /* OBJ_Security                     1 3 6 1 5 */
+     387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
+     388,    /* OBJ_Mail                         1 3 6 1 7 */
+     376,    /* OBJ_algorithm                    1 3 14 3 2 */
+     395,    /* OBJ_clearance                    2 5 1 5 55 */
+      19,    /* OBJ_rsa                          2 5 8 1 1 */
+      96,    /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+      95,    /* OBJ_mdc2                         2 5 8 3 101 */
+     746,    /* OBJ_any_policy                   2 5 29 32 0 */
+     910,    /* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
+     519,    /* OBJ_setct_PANData                2 23 42 0 0 */
+     520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
+     521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
+     522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
+     523,    /* OBJ_setct_PI                     2 23 42 0 4 */
+     524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
+     525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+     526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
+     527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+     528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+     529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+     530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+     531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
+     532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+     533,    /* OBJ_setct_PResData               2 23 42 0 14 */
+     534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+     535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+     536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+     537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+     538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
+     539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+     540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+     541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+     542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+     543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+     544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+     545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+     546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
+     547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+     548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+     549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
+     550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+     551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+     552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
+     553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+     554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+     555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
+     556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
+     557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+     558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+     559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+     560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+     561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+     562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+     563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
+     564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+     565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
+     566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+     567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+     568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+     569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+     570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+     571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+     572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+     573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+     574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+     575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+     576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+     577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+     578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+     579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+     580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+     581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+     582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
+     583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+     584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+     585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+     586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+     587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+     588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
+     589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+     590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+     591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+     592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+     593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+     594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+     595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+     596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+     597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
+     598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+     599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+     600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+     601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
+     602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
+     603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
+     604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
+     605,    /* OBJ_setext_track2                2 23 42 1 7 */
+     606,    /* OBJ_setext_cv                    2 23 42 1 8 */
+     620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
+     621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+     622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
+     623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
+     607,    /* OBJ_set_policy_root              2 23 42 5 0 */
+     608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+     609,    /* OBJ_setCext_certType             2 23 42 7 1 */
+     610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
+     611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+     612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
+     613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
+     614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
+     615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+     616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+     617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
+     618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
+     619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+     636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+     640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
+     641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+     637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
+     638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+     639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
+     805,    /* OBJ_cryptopro                    1 2 643 2 2 */
+     806,    /* OBJ_cryptocom                    1 2 643 2 9 */
+     974,    /* OBJ_id_tc26                      1 2 643 7 1 */
+    1005,    /* OBJ_OGRN                         1 2 643 100 1 */
+    1006,    /* OBJ_SNILS                        1 2 643 100 3 */
+    1007,    /* OBJ_subjectSignTool              1 2 643 100 111 */
+    1008,    /* OBJ_issuerSignTool               1 2 643 100 112 */
+     184,    /* OBJ_X9_57                        1 2 840 10040 */
+     405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
+     389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
+     504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
+     104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+      29,    /* OBJ_des_ecb                      1 3 14 3 2 6 */
+      31,    /* OBJ_des_cbc                      1 3 14 3 2 7 */
+      45,    /* OBJ_des_ofb64                    1 3 14 3 2 8 */
+      30,    /* OBJ_des_cfb64                    1 3 14 3 2 9 */
+     377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
+      67,    /* OBJ_dsa_2                        1 3 14 3 2 12 */
+      66,    /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+      42,    /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+      32,    /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+      41,    /* OBJ_sha                          1 3 14 3 2 18 */
+      64,    /* OBJ_sha1                         1 3 14 3 2 26 */
+      70,    /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+     115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+     117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
+     143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
+     721,    /* OBJ_sect163k1                    1 3 132 0 1 */
+     722,    /* OBJ_sect163r1                    1 3 132 0 2 */
+     728,    /* OBJ_sect239k1                    1 3 132 0 3 */
+     717,    /* OBJ_sect113r1                    1 3 132 0 4 */
+     718,    /* OBJ_sect113r2                    1 3 132 0 5 */
+     704,    /* OBJ_secp112r1                    1 3 132 0 6 */
+     705,    /* OBJ_secp112r2                    1 3 132 0 7 */
+     709,    /* OBJ_secp160r1                    1 3 132 0 8 */
+     708,    /* OBJ_secp160k1                    1 3 132 0 9 */
+     714,    /* OBJ_secp256k1                    1 3 132 0 10 */
+     723,    /* OBJ_sect163r2                    1 3 132 0 15 */
+     729,    /* OBJ_sect283k1                    1 3 132 0 16 */
+     730,    /* OBJ_sect283r1                    1 3 132 0 17 */
+     719,    /* OBJ_sect131r1                    1 3 132 0 22 */
+     720,    /* OBJ_sect131r2                    1 3 132 0 23 */
+     724,    /* OBJ_sect193r1                    1 3 132 0 24 */
+     725,    /* OBJ_sect193r2                    1 3 132 0 25 */
+     726,    /* OBJ_sect233k1                    1 3 132 0 26 */
+     727,    /* OBJ_sect233r1                    1 3 132 0 27 */
+     706,    /* OBJ_secp128r1                    1 3 132 0 28 */
+     707,    /* OBJ_secp128r2                    1 3 132 0 29 */
+     710,    /* OBJ_secp160r2                    1 3 132 0 30 */
+     711,    /* OBJ_secp192k1                    1 3 132 0 31 */
+     712,    /* OBJ_secp224k1                    1 3 132 0 32 */
+     713,    /* OBJ_secp224r1                    1 3 132 0 33 */
+     715,    /* OBJ_secp384r1                    1 3 132 0 34 */
+     716,    /* OBJ_secp521r1                    1 3 132 0 35 */
+     731,    /* OBJ_sect409k1                    1 3 132 0 36 */
+     732,    /* OBJ_sect409r1                    1 3 132 0 37 */
+     733,    /* OBJ_sect571k1                    1 3 132 0 38 */
+     734,    /* OBJ_sect571r1                    1 3 132 0 39 */
+     624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+     625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
+     626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+     627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+     628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+     629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+     630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+     642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
+     735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
+     736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
+     737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
+     738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
+     739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
+     740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
+     741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
+     742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
+     743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
+     744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
+     745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
+     804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
+     773,    /* OBJ_kisa                         1 2 410 200004 */
+     807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+     808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+     809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+     810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+     811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+     812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+     813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+     815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+     816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+     817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+     818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+     977,    /* OBJ_id_tc26_algorithms           1 2 643 7 1 1 */
+     994,    /* OBJ_id_tc26_constants            1 2 643 7 1 2 */
+       1,    /* OBJ_rsadsi                       1 2 840 113549 */
+     185,    /* OBJ_X9cm                         1 2 840 10040 4 */
+    1031,    /* OBJ_id_pkinit                    1 3 6 1 5 2 3 */
+     127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+     505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+     506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+     119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+     937,    /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
+     938,    /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
+     939,    /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
+     940,    /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
+     942,    /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
+     943,    /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
+     944,    /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
+     945,    /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
+     631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+     632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+     633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+     634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+     635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+     436,    /* OBJ_ucl                          0 9 2342 19200300 */
+     820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+     819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+     845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+     846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+     847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+     848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+     821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+     822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+     823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+     824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+     825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+     826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+     827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+     828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+     829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+     830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+     831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+     832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+     833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+     834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+     835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+     836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+     837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+     838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+     839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+     840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+     841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+     842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+     843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+     844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+     978,    /* OBJ_id_tc26_sign                 1 2 643 7 1 1 1 */
+     981,    /* OBJ_id_tc26_digest               1 2 643 7 1 1 2 */
+     984,    /* OBJ_id_tc26_signwithdigest       1 2 643 7 1 1 3 */
+     987,    /* OBJ_id_tc26_mac                  1 2 643 7 1 1 4 */
+     990,    /* OBJ_id_tc26_cipher               1 2 643 7 1 1 5 */
+     991,    /* OBJ_id_tc26_agreement            1 2 643 7 1 1 6 */
+     995,    /* OBJ_id_tc26_sign_constants       1 2 643 7 1 2 1 */
+    1000,    /* OBJ_id_tc26_digest_constants     1 2 643 7 1 2 2 */
+    1001,    /* OBJ_id_tc26_cipher_constants     1 2 643 7 1 2 5 */
+       2,    /* OBJ_pkcs                         1 2 840 113549 1 */
+     431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+     432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+     433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+     116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
+     113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+     406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+     407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+     408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+     416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+     791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+     792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+     920,    /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
+    1032,    /* OBJ_pkInitClientAuth             1 3 6 1 5 2 3 4 */
+    1033,    /* OBJ_pkInitKDC                    1 3 6 1 5 2 3 5 */
+     258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+     175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+     259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+     128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+     260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+     261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+     262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+     263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+     264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+     265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+     266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+     267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+     268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+     662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+     176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+     507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+     508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+      57,    /* OBJ_netscape                     2 16 840 1 113730 */
+     754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+     766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+     757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+     961,    /* OBJ_camellia_128_gcm             0 3 4401 5 3 1 9 6 */
+     962,    /* OBJ_camellia_128_ccm             0 3 4401 5 3 1 9 7 */
+     963,    /* OBJ_camellia_128_ctr             0 3 4401 5 3 1 9 9 */
+     964,    /* OBJ_camellia_128_cmac            0 3 4401 5 3 1 9 10 */
+     755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+     767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+     758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+     965,    /* OBJ_camellia_192_gcm             0 3 4401 5 3 1 9 26 */
+     966,    /* OBJ_camellia_192_ccm             0 3 4401 5 3 1 9 27 */
+     967,    /* OBJ_camellia_192_ctr             0 3 4401 5 3 1 9 29 */
+     968,    /* OBJ_camellia_192_cmac            0 3 4401 5 3 1 9 30 */
+     756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+     768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+     759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+     969,    /* OBJ_camellia_256_gcm             0 3 4401 5 3 1 9 46 */
+     970,    /* OBJ_camellia_256_ccm             0 3 4401 5 3 1 9 47 */
+     971,    /* OBJ_camellia_256_ctr             0 3 4401 5 3 1 9 49 */
+     972,    /* OBJ_camellia_256_cmac            0 3 4401 5 3 1 9 50 */
+     437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
+     776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+     777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+     779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+     778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+     852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+     853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+     850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+     851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+     849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+     854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+    1004,    /* OBJ_INN                          1 2 643 3 131 1 1 */
+     979,    /* OBJ_id_GostR3410_2012_256        1 2 643 7 1 1 1 1 */
+     980,    /* OBJ_id_GostR3410_2012_512        1 2 643 7 1 1 1 2 */
+     982,    /* OBJ_id_GostR3411_2012_256        1 2 643 7 1 1 2 2 */
+     983,    /* OBJ_id_GostR3411_2012_512        1 2 643 7 1 1 2 3 */
+     985,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+     986,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+     988,    /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+     989,    /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+     992,    /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+     993,    /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+     996,    /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+    1002,    /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
+     186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
+      27,    /* OBJ_pkcs3                        1 2 840 113549 1 3 */
+     187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
+      20,    /* OBJ_pkcs7                        1 2 840 113549 1 7 */
+      47,    /* OBJ_pkcs9                        1 2 840 113549 1 9 */
+       3,    /* OBJ_md2                          1 2 840 113549 2 2 */
+     257,    /* OBJ_md4                          1 2 840 113549 2 4 */
+       4,    /* OBJ_md5                          1 2 840 113549 2 5 */
+     797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+     163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+     798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+     799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+     800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+     801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+      37,    /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+       5,    /* OBJ_rc4                          1 2 840 113549 3 4 */
+      44,    /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+     120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+     643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+     680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+     684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+     685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+     686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+     687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+     688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+     689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+     690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+     691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+     692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+     693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+     694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+     695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+     696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+     697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+     698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+     699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+     700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+     701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+     702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+     703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+     409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+     410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+     411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+     412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+     413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+     414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+     415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+     793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+     794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+     795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+     796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+     269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+     270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+     271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+     272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+     273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+     274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+     275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+     276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+     277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+     278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+     279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+     280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+     281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+     282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+     283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+     284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+     177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+     285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+     286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+     287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+     288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+     289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+     290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+     291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+     292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+     397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+     398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+     663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+    1020,    /* OBJ_tlsfeature                   1 3 6 1 5 5 7 1 24 */
+     164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+     165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+     293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+     129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+     130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+     131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+     132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+     294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+     295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+     296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+     133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+     180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+     297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+    1022,    /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
+    1023,    /* OBJ_capwapAC                     1 3 6 1 5 5 7 3 18 */
+    1024,    /* OBJ_capwapWTP                    1 3 6 1 5 5 7 3 19 */
+    1025,    /* OBJ_sshClient                    1 3 6 1 5 5 7 3 21 */
+    1026,    /* OBJ_sshServer                    1 3 6 1 5 5 7 3 22 */
+    1027,    /* OBJ_sendRouter                   1 3 6 1 5 5 7 3 23 */
+    1028,    /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
+    1029,    /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
+    1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
+     298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+     299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+     300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+     301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+     302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+     303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+     304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+     305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+     306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+     307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+     308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+     309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+     310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+     311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+     312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+     784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+     313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+     314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+     323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+     324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+     325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+     326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+     327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+     328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+     329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+     330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+     331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+     332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+     333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+     334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+     335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+     336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+     337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+     338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+     339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+     340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+     341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+     342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+     343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+     344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+     345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+     346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+     347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+     858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+     348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+     349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+     351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+     352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+     353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+     354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+     355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+     356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+     357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+     358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+     399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+     359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+     360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+     361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+     362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+     664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+     665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+     667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+     178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+     179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+     363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+     364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+     785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+     780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+     781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+      58,    /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+      59,    /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+     438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+     439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+     440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+     441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+     997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+     998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+     999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+    1003,    /* OBJ_id_tc26_gost_28147_param_Z   1 2 643 7 1 2 5 1 1 */
+     108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+     112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+     782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+     783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+       6,    /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+       7,    /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+     396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+       8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+      65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+     644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+     919,    /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
+     911,    /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
+     935,    /* OBJ_pSpecified                   1 2 840 113549 1 1 9 */
+     912,    /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
+     668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+     669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+     670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+     671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+      28,    /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+       9,    /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+      10,    /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+     168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+     169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+     170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+      68,    /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+      69,    /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+     161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+     162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+      21,    /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+      22,    /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+      23,    /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+      24,    /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+      25,    /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+      26,    /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+      48,    /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+      49,    /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+      50,    /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+      51,    /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+      52,    /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+      53,    /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+      54,    /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+      55,    /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+      56,    /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+     172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+     167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+     188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+     156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+     157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+     681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+     682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+     683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+     417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+     856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+     390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+      91,    /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+     973,    /* OBJ_id_scrypt                    1 3 6 1 4 1 11591 4 11 */
+     315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+     316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+     317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+     318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+     319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+     320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+     321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+     322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+     365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+     366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+     367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+     368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+     369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+     370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+     371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+     372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+     373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+     374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+     375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+     921,    /* OBJ_brainpoolP160r1              1 3 36 3 3 2 8 1 1 1 */
+     922,    /* OBJ_brainpoolP160t1              1 3 36 3 3 2 8 1 1 2 */
+     923,    /* OBJ_brainpoolP192r1              1 3 36 3 3 2 8 1 1 3 */
+     924,    /* OBJ_brainpoolP192t1              1 3 36 3 3 2 8 1 1 4 */
+     925,    /* OBJ_brainpoolP224r1              1 3 36 3 3 2 8 1 1 5 */
+     926,    /* OBJ_brainpoolP224t1              1 3 36 3 3 2 8 1 1 6 */
+     927,    /* OBJ_brainpoolP256r1              1 3 36 3 3 2 8 1 1 7 */
+     928,    /* OBJ_brainpoolP256t1              1 3 36 3 3 2 8 1 1 8 */
+     929,    /* OBJ_brainpoolP320r1              1 3 36 3 3 2 8 1 1 9 */
+     930,    /* OBJ_brainpoolP320t1              1 3 36 3 3 2 8 1 1 10 */
+     931,    /* OBJ_brainpoolP384r1              1 3 36 3 3 2 8 1 1 11 */
+     932,    /* OBJ_brainpoolP384t1              1 3 36 3 3 2 8 1 1 12 */
+     933,    /* OBJ_brainpoolP512r1              1 3 36 3 3 2 8 1 1 13 */
+     934,    /* OBJ_brainpoolP512t1              1 3 36 3 3 2 8 1 1 14 */
+     936,    /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
+     941,    /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
+     418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+     419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+     420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+     421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+     788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+     895,    /* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
+     896,    /* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
+     897,    /* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
+     422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+     423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+     424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+     425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+     789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+     898,    /* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
+     899,    /* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
+     900,    /* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
+     426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+     427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+     428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+     429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+     790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+     901,    /* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
+     902,    /* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
+     903,    /* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
+     672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+     673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+     674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+     675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+     802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+     803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+      71,    /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+      72,    /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+      73,    /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+      74,    /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+      75,    /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+      76,    /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+      77,    /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+      78,    /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+      79,    /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+     139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+     458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+     459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+     460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+     461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
+     462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+     463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+     464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+     465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+     466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
+     467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+     468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+     469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+     470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+     471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+     472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+     473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+     474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+     475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+     476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+     477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+     391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+     478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+     479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+     480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+     481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+     482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+     483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+     484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+     485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+     486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+     487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+     488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+     489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+     490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+     102,    /* OBJ_uniqueIdentifier             0 9 2342 19200300 100 1 44 */
+     491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+     492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+     493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+     494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+     495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+     496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+     497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+     498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+     499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+     500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+     501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+     502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+     442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+     443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+     444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+     445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+     446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
+     447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
+     448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
+     449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+     392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+     450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+     451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+     452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+     453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+     454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+     455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+     456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+     457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+     189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+     190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+     191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+     192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+     193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+     194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+     195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+     158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+     159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+     160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+     144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+     145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+     146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+     147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+     148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+     149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+     171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+     134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+     135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+     136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+     137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+     138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+     648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+     649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+     951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
+     952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
+     953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
+     954,    /* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
+     751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+     752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+     753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+     907,    /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
+     908,    /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
+     909,    /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
+     196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+     197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+     198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+     199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+     200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+     201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+     202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+     203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+     204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+     205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+     206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+     207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+     208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+     209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+     210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+     211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+     786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+    1058,    /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
+    1059,    /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
+     787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+    1060,    /* OBJ_id_ct_xml                    1 2 840 113549 1 9 16 1 28 */
+     212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+     213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+     214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+     215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+     216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+     217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+     218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+     219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+     220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+     221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+     222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+     223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+     224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+     225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+     226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+     227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+     228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+     229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+     230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+     231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+     232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+     233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+     234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+     235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+     236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+     237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+     238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+     239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+     240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+     241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+     242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+     243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+     244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+     245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+     246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+     247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+     125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+     893,    /* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
+     248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+     249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+     250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+     251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+     252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+     253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+     254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+     255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+     256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+     150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+     151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+     152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+     153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+     154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+     155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+      34,    /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+     955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
+     956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
+     957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1056,    /* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
+    1057,    /* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
+};
diff --git a/openssl-1.1.0h/crypto/objects/obj_dat.pl b/openssl-1.1.0h/crypto/objects/obj_dat.pl
new file mode 100644
index 0000000..1cb3d1c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_dat.pl
@@ -0,0 +1,227 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use integer;
+use strict;
+use warnings;
+
+# Generate the DER encoding for the given OID.
+sub der_it
+{
+    # Prologue
+    my ($v) = @_;
+    my @a = split(/\s+/, $v);
+    my $ret = pack("C*", $a[0] * 40 + $a[1]);
+    shift @a;
+    shift @a;
+
+    # Loop over rest of bytes; or in 0x80 for multi-byte numbers.
+    my $t;
+    foreach (@a) {
+        my @r = ();
+        $t = 0;
+        while ($_ >= 128) {
+            my $x = $_ % 128;
+            $_ /= 128;
+            push(@r, ($t++ ? 0x80 : 0) | $x);
+        }
+        push(@r, ($t++ ? 0x80 : 0) | $_);
+        $ret .= pack("C*", reverse(@r));
+    }
+    return $ret;
+}
+
+
+# Read input, parse all #define's into OID name and value.
+# Populate %ln and %sn with long and short names (%dupln and %dupsn)
+# are used to watch for duplicates.  Also %nid and %obj get the
+# NID and OBJ entries.
+my %ln;
+my %sn;
+my %dupln;
+my %dupsn;
+my %nid;
+my %obj;
+my %objd;
+open(IN, "$ARGV[0]") || die "Can't open input file $ARGV[0], $!";
+while (<IN>) {
+    next unless /^\#define\s+(\S+)\s+(.*)$/;
+    my $v = $1;
+    my $d = $2;
+    $d =~ s/^\"//;
+    $d =~ s/\"$//;
+    if ($v =~ /^SN_(.*)$/) {
+        if (defined $dupsn{$d}) {
+            print "WARNING: Duplicate short name \"$d\"\n";
+        } else {
+            $dupsn{$d} = 1;
+        }
+        $sn{$1} = $d;
+    }
+    elsif ($v =~ /^LN_(.*)$/) {
+        if (defined $dupln{$d}) {
+            print "WARNING: Duplicate long name \"$d\"\n";
+        } else {
+            $dupln{$d} = 1;
+        }
+        $ln{$1} = $d;
+    }
+    elsif ($v =~ /^NID_(.*)$/) {
+        $nid{$d} = $1;
+    }
+    elsif ($v =~ /^OBJ_(.*)$/) {
+        $obj{$1} = $v;
+        $objd{$v} = $d;
+    }
+}
+close IN;
+
+# For every value in %obj, recursively expand OBJ_xxx values.  That is:
+#     #define OBJ_iso 1L
+#     #define OBJ_identified_organization OBJ_iso,3L
+# Modify %objd values in-place.  Create an %objn array that has
+my $changed;
+do {
+    $changed = 0;
+    foreach my $k (keys %objd) {
+        $changed = 1 if $objd{$k} =~ s/(OBJ_[^,]+),/$objd{$1},/;
+    }
+} while ($changed);
+
+my @a = sort { $a <=> $b } keys %nid;
+my $n = $a[$#a] + 1;
+my @lvalues = ();
+my $lvalues = 0;
+
+# Scan all defined objects, building up the @out array.
+# %obj_der holds the DER encoding as an array of bytes, and %obj_len
+# holds the length in bytes.
+my @out;
+my %obj_der;
+my %obj_len;
+for (my $i = 0; $i < $n; $i++) {
+    if (!defined $nid{$i}) {
+        push(@out, "    { NULL, NULL, NID_undef },\n");
+        next;
+    }
+
+    my $sn = defined $sn{$nid{$i}} ? "$sn{$nid{$i}}" : "NULL";
+    my $ln = defined $ln{$nid{$i}} ? "$ln{$nid{$i}}" : "NULL";
+    if ($sn eq "NULL") {
+        $sn = $ln;
+        $sn{$nid{$i}} = $ln;
+    }
+    if ($ln eq "NULL") {
+        $ln = $sn;
+        $ln{$nid{$i}} = $sn;
+    }
+
+    my $out = "    {\"$sn\", \"$ln\", NID_$nid{$i}";
+    if (defined $obj{$nid{$i}} && $objd{$obj{$nid{$i}}} =~ /,/) {
+        my $v = $objd{$obj{$nid{$i}}};
+        $v =~ s/L//g;
+        $v =~ s/,/ /g;
+        my $r = &der_it($v);
+        my $z = "";
+        my $length = 0;
+        # Format using fixed-with because we use strcmp later.
+        foreach (unpack("C*",$r)) {
+            $z .= sprintf("0x%02X,", $_);
+            $length++;
+        }
+        $obj_der{$obj{$nid{$i}}} = $z;
+        $obj_len{$obj{$nid{$i}}} = $length;
+
+        push(@lvalues,
+            sprintf("    %-45s  /* [%5d] %s */\n",
+                $z, $lvalues, $obj{$nid{$i}}));
+        $out .= ", $length, &so[$lvalues]";
+        $lvalues += $length;
+    }
+    $out .= "},\n";
+    push(@out, $out);
+}
+
+# Finally ready to generate the output.
+open(OUT, ">$ARGV[1]") || die "Can't open output file $ARGV[1], $!";
+print OUT <<'EOF';
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+EOF
+
+print OUT "/* Serialized OID's */\n";
+printf OUT "static const unsigned char so[%d] = {\n", $lvalues + 1;
+print OUT @lvalues;
+print OUT "};\n\n";
+
+printf OUT "#define NUM_NID %d\n", $n;
+printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
+print OUT @out;
+print  OUT "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $sn{$nid{$_}}, 0 .. $n);
+}
+printf OUT "#define NUM_SN %d\n", $#a + 1;
+printf OUT "static const unsigned int sn_objs[NUM_SN] = {\n";
+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) {
+    printf OUT "    %4d,    /* \"$sn{$nid{$_}}\" */\n", $_;
+}
+print  OUT "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $ln{$nid{$_}}, 0 .. $n);
+}
+printf OUT "#define NUM_LN %d\n", $#a + 1;
+printf OUT "static const unsigned int ln_objs[NUM_LN] = {\n";
+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) {
+    printf OUT "    %4d,    /* \"$ln{$nid{$_}}\" */\n", $_;
+}
+print  OUT "};\n\n";
+
+{
+    no warnings "uninitialized";
+    @a = grep(defined $obj{$nid{$_}}, 0 .. $n);
+}
+printf OUT "#define NUM_OBJ %d\n", $#a + 1;
+printf OUT "static const unsigned int obj_objs[NUM_OBJ] = {\n";
+
+# Compare DER; prefer shorter; if some length, use the "smaller" encoding.
+sub obj_cmp
+{
+    no warnings "uninitialized";
+    my $A = $obj_len{$obj{$nid{$a}}};
+    my $B = $obj_len{$obj{$nid{$b}}};
+    my $r = $A - $B;
+    return $r if $r != 0;
+
+    $A = $obj_der{$obj{$nid{$a}}};
+    $B = $obj_der{$obj{$nid{$b}}};
+    return $A cmp $B;
+}
+foreach (sort obj_cmp @a) {
+    my $m = $obj{$nid{$_}};
+    my $v = $objd{$m};
+    $v =~ s/L//g;
+    $v =~ s/,/ /g;
+    printf OUT "    %4d,    /* %-32s %s */\n", $_, $m, $v;
+}
+print  OUT "};\n";
+
+close OUT;
diff --git a/openssl-1.1.0h/crypto/objects/obj_err.c b/openssl-1.1.0h/crypto/objects/obj_err.c
new file mode 100644
index 0000000..4677b67
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_err.c
@@ -0,0 +1,50 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
+
+static ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
+    {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
+    {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
+    {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"},
+    {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OBJ_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, OBJ_str_functs);
+        ERR_load_strings(0, OBJ_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/objects/obj_lcl.h b/openssl-1.1.0h/crypto/objects/obj_lcl.h
new file mode 100644
index 0000000..a417f7c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_lcl.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct name_funcs_st NAME_FUNCS;
+DEFINE_STACK_OF(NAME_FUNCS)
+DEFINE_LHASH_OF(OBJ_NAME);
+typedef struct added_obj_st ADDED_OBJ;
+DEFINE_LHASH_OF(ADDED_OBJ);
diff --git a/openssl-1.1.0h/crypto/objects/obj_lib.c b/openssl-1.1.0h/crypto/objects/obj_lib.c
new file mode 100644
index 0000000..33075e6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_lib.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "internal/asn1_int.h"
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
+{
+    ASN1_OBJECT *r;
+
+    if (o == NULL)
+        return NULL;
+    /* If object isn't dynamic it's an internal OID which is never freed */
+    if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+        return ((ASN1_OBJECT *)o);
+
+    r = ASN1_OBJECT_new();
+    if (r == NULL) {
+        OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+        return (NULL);
+    }
+
+    /* Set dynamic flags so everything gets freed up on error */
+
+    r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
+                           ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+                           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
+        goto err;
+
+    r->length = o->length;
+    r->nid = o->nid;
+
+    if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
+        goto err;
+
+    if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
+        goto err;
+
+    return r;
+ err:
+    ASN1_OBJECT_free(r);
+    OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+{
+    int ret;
+
+    ret = (a->length - b->length);
+    if (ret)
+        return (ret);
+    return (memcmp(a->data, b->data, a->length));
+}
diff --git a/openssl-1.1.0h/crypto/objects/obj_mac.num b/openssl-1.1.0h/crypto/objects/obj_mac.num
new file mode 100644
index 0000000..a5995a5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_mac.num
@@ -0,0 +1,1060 @@
+undef		0
+rsadsi		1
+pkcs		2
+md2		3
+md5		4
+rc4		5
+rsaEncryption		6
+md2WithRSAEncryption		7
+md5WithRSAEncryption		8
+pbeWithMD2AndDES_CBC		9
+pbeWithMD5AndDES_CBC		10
+X500		11
+X509		12
+commonName		13
+countryName		14
+localityName		15
+stateOrProvinceName		16
+organizationName		17
+organizationalUnitName		18
+rsa		19
+pkcs7		20
+pkcs7_data		21
+pkcs7_signed		22
+pkcs7_enveloped		23
+pkcs7_signedAndEnveloped		24
+pkcs7_digest		25
+pkcs7_encrypted		26
+pkcs3		27
+dhKeyAgreement		28
+des_ecb		29
+des_cfb64		30
+des_cbc		31
+des_ede_ecb		32
+des_ede3_ecb		33
+idea_cbc		34
+idea_cfb64		35
+idea_ecb		36
+rc2_cbc		37
+rc2_ecb		38
+rc2_cfb64		39
+rc2_ofb64		40
+sha		41
+shaWithRSAEncryption		42
+des_ede_cbc		43
+des_ede3_cbc		44
+des_ofb64		45
+idea_ofb64		46
+pkcs9		47
+pkcs9_emailAddress		48
+pkcs9_unstructuredName		49
+pkcs9_contentType		50
+pkcs9_messageDigest		51
+pkcs9_signingTime		52
+pkcs9_countersignature		53
+pkcs9_challengePassword		54
+pkcs9_unstructuredAddress		55
+pkcs9_extCertAttributes		56
+netscape		57
+netscape_cert_extension		58
+netscape_data_type		59
+des_ede_cfb64		60
+des_ede3_cfb64		61
+des_ede_ofb64		62
+des_ede3_ofb64		63
+sha1		64
+sha1WithRSAEncryption		65
+dsaWithSHA		66
+dsa_2		67
+pbeWithSHA1AndRC2_CBC		68
+id_pbkdf2		69
+dsaWithSHA1_2		70
+netscape_cert_type		71
+netscape_base_url		72
+netscape_revocation_url		73
+netscape_ca_revocation_url		74
+netscape_renewal_url		75
+netscape_ca_policy_url		76
+netscape_ssl_server_name		77
+netscape_comment		78
+netscape_cert_sequence		79
+desx_cbc		80
+id_ce		81
+subject_key_identifier		82
+key_usage		83
+private_key_usage_period		84
+subject_alt_name		85
+issuer_alt_name		86
+basic_constraints		87
+crl_number		88
+certificate_policies		89
+authority_key_identifier		90
+bf_cbc		91
+bf_ecb		92
+bf_cfb64		93
+bf_ofb64		94
+mdc2		95
+mdc2WithRSA		96
+rc4_40		97
+rc2_40_cbc		98
+givenName		99
+surname		100
+initials		101
+uniqueIdentifier		102
+crl_distribution_points		103
+md5WithRSA		104
+serialNumber		105
+title		106
+description		107
+cast5_cbc		108
+cast5_ecb		109
+cast5_cfb64		110
+cast5_ofb64		111
+pbeWithMD5AndCast5_CBC		112
+dsaWithSHA1		113
+md5_sha1		114
+sha1WithRSA		115
+dsa		116
+ripemd160		117
+ripemd160WithRSA		119
+rc5_cbc		120
+rc5_ecb		121
+rc5_cfb64		122
+rc5_ofb64		123
+rle_compression		124
+zlib_compression		125
+ext_key_usage		126
+id_pkix		127
+id_kp		128
+server_auth		129
+client_auth		130
+code_sign		131
+email_protect		132
+time_stamp		133
+ms_code_ind		134
+ms_code_com		135
+ms_ctl_sign		136
+ms_sgc		137
+ms_efs		138
+ns_sgc		139
+delta_crl		140
+crl_reason		141
+invalidity_date		142
+sxnet		143
+pbe_WithSHA1And128BitRC4		144
+pbe_WithSHA1And40BitRC4		145
+pbe_WithSHA1And3_Key_TripleDES_CBC		146
+pbe_WithSHA1And2_Key_TripleDES_CBC		147
+pbe_WithSHA1And128BitRC2_CBC		148
+pbe_WithSHA1And40BitRC2_CBC		149
+keyBag		150
+pkcs8ShroudedKeyBag		151
+certBag		152
+crlBag		153
+secretBag		154
+safeContentsBag		155
+friendlyName		156
+localKeyID		157
+x509Certificate		158
+sdsiCertificate		159
+x509Crl		160
+pbes2		161
+pbmac1		162
+hmacWithSHA1		163
+id_qt_cps		164
+id_qt_unotice		165
+rc2_64_cbc		166
+SMIMECapabilities		167
+pbeWithMD2AndRC2_CBC		168
+pbeWithMD5AndRC2_CBC		169
+pbeWithSHA1AndDES_CBC		170
+ms_ext_req		171
+ext_req		172
+name		173
+dnQualifier		174
+id_pe		175
+id_ad		176
+info_access		177
+ad_OCSP		178
+ad_ca_issuers		179
+OCSP_sign		180
+iso		181
+member_body		182
+ISO_US		183
+X9_57		184
+X9cm		185
+pkcs1		186
+pkcs5		187
+SMIME		188
+id_smime_mod		189
+id_smime_ct		190
+id_smime_aa		191
+id_smime_alg		192
+id_smime_cd		193
+id_smime_spq		194
+id_smime_cti		195
+id_smime_mod_cms		196
+id_smime_mod_ess		197
+id_smime_mod_oid		198
+id_smime_mod_msg_v3		199
+id_smime_mod_ets_eSignature_88		200
+id_smime_mod_ets_eSignature_97		201
+id_smime_mod_ets_eSigPolicy_88		202
+id_smime_mod_ets_eSigPolicy_97		203
+id_smime_ct_receipt		204
+id_smime_ct_authData		205
+id_smime_ct_publishCert		206
+id_smime_ct_TSTInfo		207
+id_smime_ct_TDTInfo		208
+id_smime_ct_contentInfo		209
+id_smime_ct_DVCSRequestData		210
+id_smime_ct_DVCSResponseData		211
+id_smime_aa_receiptRequest		212
+id_smime_aa_securityLabel		213
+id_smime_aa_mlExpandHistory		214
+id_smime_aa_contentHint		215
+id_smime_aa_msgSigDigest		216
+id_smime_aa_encapContentType		217
+id_smime_aa_contentIdentifier		218
+id_smime_aa_macValue		219
+id_smime_aa_equivalentLabels		220
+id_smime_aa_contentReference		221
+id_smime_aa_encrypKeyPref		222
+id_smime_aa_signingCertificate		223
+id_smime_aa_smimeEncryptCerts		224
+id_smime_aa_timeStampToken		225
+id_smime_aa_ets_sigPolicyId		226
+id_smime_aa_ets_commitmentType		227
+id_smime_aa_ets_signerLocation		228
+id_smime_aa_ets_signerAttr		229
+id_smime_aa_ets_otherSigCert		230
+id_smime_aa_ets_contentTimestamp		231
+id_smime_aa_ets_CertificateRefs		232
+id_smime_aa_ets_RevocationRefs		233
+id_smime_aa_ets_certValues		234
+id_smime_aa_ets_revocationValues		235
+id_smime_aa_ets_escTimeStamp		236
+id_smime_aa_ets_certCRLTimestamp		237
+id_smime_aa_ets_archiveTimeStamp		238
+id_smime_aa_signatureType		239
+id_smime_aa_dvcs_dvc		240
+id_smime_alg_ESDHwith3DES		241
+id_smime_alg_ESDHwithRC2		242
+id_smime_alg_3DESwrap		243
+id_smime_alg_RC2wrap		244
+id_smime_alg_ESDH		245
+id_smime_alg_CMS3DESwrap		246
+id_smime_alg_CMSRC2wrap		247
+id_smime_cd_ldap		248
+id_smime_spq_ets_sqt_uri		249
+id_smime_spq_ets_sqt_unotice		250
+id_smime_cti_ets_proofOfOrigin		251
+id_smime_cti_ets_proofOfReceipt		252
+id_smime_cti_ets_proofOfDelivery		253
+id_smime_cti_ets_proofOfSender		254
+id_smime_cti_ets_proofOfApproval		255
+id_smime_cti_ets_proofOfCreation		256
+md4		257
+id_pkix_mod		258
+id_qt		259
+id_it		260
+id_pkip		261
+id_alg		262
+id_cmc		263
+id_on		264
+id_pda		265
+id_aca		266
+id_qcs		267
+id_cct		268
+id_pkix1_explicit_88		269
+id_pkix1_implicit_88		270
+id_pkix1_explicit_93		271
+id_pkix1_implicit_93		272
+id_mod_crmf		273
+id_mod_cmc		274
+id_mod_kea_profile_88		275
+id_mod_kea_profile_93		276
+id_mod_cmp		277
+id_mod_qualified_cert_88		278
+id_mod_qualified_cert_93		279
+id_mod_attribute_cert		280
+id_mod_timestamp_protocol		281
+id_mod_ocsp		282
+id_mod_dvcs		283
+id_mod_cmp2000		284
+biometricInfo		285
+qcStatements		286
+ac_auditEntity		287
+ac_targeting		288
+aaControls		289
+sbgp_ipAddrBlock		290
+sbgp_autonomousSysNum		291
+sbgp_routerIdentifier		292
+textNotice		293
+ipsecEndSystem		294
+ipsecTunnel		295
+ipsecUser		296
+dvcs		297
+id_it_caProtEncCert		298
+id_it_signKeyPairTypes		299
+id_it_encKeyPairTypes		300
+id_it_preferredSymmAlg		301
+id_it_caKeyUpdateInfo		302
+id_it_currentCRL		303
+id_it_unsupportedOIDs		304
+id_it_subscriptionRequest		305
+id_it_subscriptionResponse		306
+id_it_keyPairParamReq		307
+id_it_keyPairParamRep		308
+id_it_revPassphrase		309
+id_it_implicitConfirm		310
+id_it_confirmWaitTime		311
+id_it_origPKIMessage		312
+id_regCtrl		313
+id_regInfo		314
+id_regCtrl_regToken		315
+id_regCtrl_authenticator		316
+id_regCtrl_pkiPublicationInfo		317
+id_regCtrl_pkiArchiveOptions		318
+id_regCtrl_oldCertID		319
+id_regCtrl_protocolEncrKey		320
+id_regInfo_utf8Pairs		321
+id_regInfo_certReq		322
+id_alg_des40		323
+id_alg_noSignature		324
+id_alg_dh_sig_hmac_sha1		325
+id_alg_dh_pop		326
+id_cmc_statusInfo		327
+id_cmc_identification		328
+id_cmc_identityProof		329
+id_cmc_dataReturn		330
+id_cmc_transactionId		331
+id_cmc_senderNonce		332
+id_cmc_recipientNonce		333
+id_cmc_addExtensions		334
+id_cmc_encryptedPOP		335
+id_cmc_decryptedPOP		336
+id_cmc_lraPOPWitness		337
+id_cmc_getCert		338
+id_cmc_getCRL		339
+id_cmc_revokeRequest		340
+id_cmc_regInfo		341
+id_cmc_responseInfo		342
+id_cmc_queryPending		343
+id_cmc_popLinkRandom		344
+id_cmc_popLinkWitness		345
+id_cmc_confirmCertAcceptance		346
+id_on_personalData		347
+id_pda_dateOfBirth		348
+id_pda_placeOfBirth		349
+id_pda_pseudonym		350
+id_pda_gender		351
+id_pda_countryOfCitizenship		352
+id_pda_countryOfResidence		353
+id_aca_authenticationInfo		354
+id_aca_accessIdentity		355
+id_aca_chargingIdentity		356
+id_aca_group		357
+id_aca_role		358
+id_qcs_pkixQCSyntax_v1		359
+id_cct_crs		360
+id_cct_PKIData		361
+id_cct_PKIResponse		362
+ad_timeStamping		363
+ad_dvcs		364
+id_pkix_OCSP_basic		365
+id_pkix_OCSP_Nonce		366
+id_pkix_OCSP_CrlID		367
+id_pkix_OCSP_acceptableResponses		368
+id_pkix_OCSP_noCheck		369
+id_pkix_OCSP_archiveCutoff		370
+id_pkix_OCSP_serviceLocator		371
+id_pkix_OCSP_extendedStatus		372
+id_pkix_OCSP_valid		373
+id_pkix_OCSP_path		374
+id_pkix_OCSP_trustRoot		375
+algorithm		376
+rsaSignature		377
+X500algorithms		378
+org		379
+dod		380
+iana		381
+Directory		382
+Management		383
+Experimental		384
+Private		385
+Security		386
+SNMPv2		387
+Mail		388
+Enterprises		389
+dcObject		390
+domainComponent		391
+Domain		392
+joint_iso_ccitt		393
+selected_attribute_types		394
+clearance		395
+md4WithRSAEncryption		396
+ac_proxying		397
+sinfo_access		398
+id_aca_encAttrs		399
+role		400
+policy_constraints		401
+target_information		402
+no_rev_avail		403
+ccitt		404
+ansi_X9_62		405
+X9_62_prime_field		406
+X9_62_characteristic_two_field		407
+X9_62_id_ecPublicKey		408
+X9_62_prime192v1		409
+X9_62_prime192v2		410
+X9_62_prime192v3		411
+X9_62_prime239v1		412
+X9_62_prime239v2		413
+X9_62_prime239v3		414
+X9_62_prime256v1		415
+ecdsa_with_SHA1		416
+ms_csp_name		417
+aes_128_ecb		418
+aes_128_cbc		419
+aes_128_ofb128		420
+aes_128_cfb128		421
+aes_192_ecb		422
+aes_192_cbc		423
+aes_192_ofb128		424
+aes_192_cfb128		425
+aes_256_ecb		426
+aes_256_cbc		427
+aes_256_ofb128		428
+aes_256_cfb128		429
+hold_instruction_code		430
+hold_instruction_none		431
+hold_instruction_call_issuer		432
+hold_instruction_reject		433
+data		434
+pss		435
+ucl		436
+pilot		437
+pilotAttributeType		438
+pilotAttributeSyntax		439
+pilotObjectClass		440
+pilotGroups		441
+iA5StringSyntax		442
+caseIgnoreIA5StringSyntax		443
+pilotObject		444
+pilotPerson		445
+account		446
+document		447
+room		448
+documentSeries		449
+rFC822localPart		450
+dNSDomain		451
+domainRelatedObject		452
+friendlyCountry		453
+simpleSecurityObject		454
+pilotOrganization		455
+pilotDSA		456
+qualityLabelledData		457
+userId		458
+textEncodedORAddress		459
+rfc822Mailbox		460
+info		461
+favouriteDrink		462
+roomNumber		463
+photo		464
+userClass		465
+host		466
+manager		467
+documentIdentifier		468
+documentTitle		469
+documentVersion		470
+documentAuthor		471
+documentLocation		472
+homeTelephoneNumber		473
+secretary		474
+otherMailbox		475
+lastModifiedTime		476
+lastModifiedBy		477
+aRecord		478
+pilotAttributeType27		479
+mXRecord		480
+nSRecord		481
+sOARecord		482
+cNAMERecord		483
+associatedDomain		484
+associatedName		485
+homePostalAddress		486
+personalTitle		487
+mobileTelephoneNumber		488
+pagerTelephoneNumber		489
+friendlyCountryName		490
+organizationalStatus		491
+janetMailbox		492
+mailPreferenceOption		493
+buildingName		494
+dSAQuality		495
+singleLevelQuality		496
+subtreeMinimumQuality		497
+subtreeMaximumQuality		498
+personalSignature		499
+dITRedirect		500
+audio		501
+documentPublisher		502
+x500UniqueIdentifier		503
+mime_mhs		504
+mime_mhs_headings		505
+mime_mhs_bodies		506
+id_hex_partial_message		507
+id_hex_multipart_message		508
+generationQualifier		509
+pseudonym		510
+InternationalRA		511
+id_set		512
+set_ctype		513
+set_msgExt		514
+set_attr		515
+set_policy		516
+set_certExt		517
+set_brand		518
+setct_PANData		519
+setct_PANToken		520
+setct_PANOnly		521
+setct_OIData		522
+setct_PI		523
+setct_PIData		524
+setct_PIDataUnsigned		525
+setct_HODInput		526
+setct_AuthResBaggage		527
+setct_AuthRevReqBaggage		528
+setct_AuthRevResBaggage		529
+setct_CapTokenSeq		530
+setct_PInitResData		531
+setct_PI_TBS		532
+setct_PResData		533
+setct_AuthReqTBS		534
+setct_AuthResTBS		535
+setct_AuthResTBSX		536
+setct_AuthTokenTBS		537
+setct_CapTokenData		538
+setct_CapTokenTBS		539
+setct_AcqCardCodeMsg		540
+setct_AuthRevReqTBS		541
+setct_AuthRevResData		542
+setct_AuthRevResTBS		543
+setct_CapReqTBS		544
+setct_CapReqTBSX		545
+setct_CapResData		546
+setct_CapRevReqTBS		547
+setct_CapRevReqTBSX		548
+setct_CapRevResData		549
+setct_CredReqTBS		550
+setct_CredReqTBSX		551
+setct_CredResData		552
+setct_CredRevReqTBS		553
+setct_CredRevReqTBSX		554
+setct_CredRevResData		555
+setct_PCertReqData		556
+setct_PCertResTBS		557
+setct_BatchAdminReqData		558
+setct_BatchAdminResData		559
+setct_CardCInitResTBS		560
+setct_MeAqCInitResTBS		561
+setct_RegFormResTBS		562
+setct_CertReqData		563
+setct_CertReqTBS		564
+setct_CertResData		565
+setct_CertInqReqTBS		566
+setct_ErrorTBS		567
+setct_PIDualSignedTBE		568
+setct_PIUnsignedTBE		569
+setct_AuthReqTBE		570
+setct_AuthResTBE		571
+setct_AuthResTBEX		572
+setct_AuthTokenTBE		573
+setct_CapTokenTBE		574
+setct_CapTokenTBEX		575
+setct_AcqCardCodeMsgTBE		576
+setct_AuthRevReqTBE		577
+setct_AuthRevResTBE		578
+setct_AuthRevResTBEB		579
+setct_CapReqTBE		580
+setct_CapReqTBEX		581
+setct_CapResTBE		582
+setct_CapRevReqTBE		583
+setct_CapRevReqTBEX		584
+setct_CapRevResTBE		585
+setct_CredReqTBE		586
+setct_CredReqTBEX		587
+setct_CredResTBE		588
+setct_CredRevReqTBE		589
+setct_CredRevReqTBEX		590
+setct_CredRevResTBE		591
+setct_BatchAdminReqTBE		592
+setct_BatchAdminResTBE		593
+setct_RegFormReqTBE		594
+setct_CertReqTBE		595
+setct_CertReqTBEX		596
+setct_CertResTBE		597
+setct_CRLNotificationTBS		598
+setct_CRLNotificationResTBS		599
+setct_BCIDistributionTBS		600
+setext_genCrypt		601
+setext_miAuth		602
+setext_pinSecure		603
+setext_pinAny		604
+setext_track2		605
+setext_cv		606
+set_policy_root		607
+setCext_hashedRoot		608
+setCext_certType		609
+setCext_merchData		610
+setCext_cCertRequired		611
+setCext_tunneling		612
+setCext_setExt		613
+setCext_setQualf		614
+setCext_PGWYcapabilities		615
+setCext_TokenIdentifier		616
+setCext_Track2Data		617
+setCext_TokenType		618
+setCext_IssuerCapabilities		619
+setAttr_Cert		620
+setAttr_PGWYcap		621
+setAttr_TokenType		622
+setAttr_IssCap		623
+set_rootKeyThumb		624
+set_addPolicy		625
+setAttr_Token_EMV		626
+setAttr_Token_B0Prime		627
+setAttr_IssCap_CVM		628
+setAttr_IssCap_T2		629
+setAttr_IssCap_Sig		630
+setAttr_GenCryptgrm		631
+setAttr_T2Enc		632
+setAttr_T2cleartxt		633
+setAttr_TokICCsig		634
+setAttr_SecDevSig		635
+set_brand_IATA_ATA		636
+set_brand_Diners		637
+set_brand_AmericanExpress		638
+set_brand_JCB		639
+set_brand_Visa		640
+set_brand_MasterCard		641
+set_brand_Novus		642
+des_cdmf		643
+rsaOAEPEncryptionSET		644
+itu_t		645
+joint_iso_itu_t		646
+international_organizations		647
+ms_smartcard_login		648
+ms_upn		649
+aes_128_cfb1		650
+aes_192_cfb1		651
+aes_256_cfb1		652
+aes_128_cfb8		653
+aes_192_cfb8		654
+aes_256_cfb8		655
+des_cfb1		656
+des_cfb8		657
+des_ede3_cfb1		658
+des_ede3_cfb8		659
+streetAddress		660
+postalCode		661
+id_ppl		662
+proxyCertInfo		663
+id_ppl_anyLanguage		664
+id_ppl_inheritAll		665
+name_constraints		666
+Independent		667
+sha256WithRSAEncryption		668
+sha384WithRSAEncryption		669
+sha512WithRSAEncryption		670
+sha224WithRSAEncryption		671
+sha256		672
+sha384		673
+sha512		674
+sha224		675
+identified_organization		676
+certicom_arc		677
+wap		678
+wap_wsg		679
+X9_62_id_characteristic_two_basis		680
+X9_62_onBasis		681
+X9_62_tpBasis		682
+X9_62_ppBasis		683
+X9_62_c2pnb163v1		684
+X9_62_c2pnb163v2		685
+X9_62_c2pnb163v3		686
+X9_62_c2pnb176v1		687
+X9_62_c2tnb191v1		688
+X9_62_c2tnb191v2		689
+X9_62_c2tnb191v3		690
+X9_62_c2onb191v4		691
+X9_62_c2onb191v5		692
+X9_62_c2pnb208w1		693
+X9_62_c2tnb239v1		694
+X9_62_c2tnb239v2		695
+X9_62_c2tnb239v3		696
+X9_62_c2onb239v4		697
+X9_62_c2onb239v5		698
+X9_62_c2pnb272w1		699
+X9_62_c2pnb304w1		700
+X9_62_c2tnb359v1		701
+X9_62_c2pnb368w1		702
+X9_62_c2tnb431r1		703
+secp112r1		704
+secp112r2		705
+secp128r1		706
+secp128r2		707
+secp160k1		708
+secp160r1		709
+secp160r2		710
+secp192k1		711
+secp224k1		712
+secp224r1		713
+secp256k1		714
+secp384r1		715
+secp521r1		716
+sect113r1		717
+sect113r2		718
+sect131r1		719
+sect131r2		720
+sect163k1		721
+sect163r1		722
+sect163r2		723
+sect193r1		724
+sect193r2		725
+sect233k1		726
+sect233r1		727
+sect239k1		728
+sect283k1		729
+sect283r1		730
+sect409k1		731
+sect409r1		732
+sect571k1		733
+sect571r1		734
+wap_wsg_idm_ecid_wtls1		735
+wap_wsg_idm_ecid_wtls3		736
+wap_wsg_idm_ecid_wtls4		737
+wap_wsg_idm_ecid_wtls5		738
+wap_wsg_idm_ecid_wtls6		739
+wap_wsg_idm_ecid_wtls7		740
+wap_wsg_idm_ecid_wtls8		741
+wap_wsg_idm_ecid_wtls9		742
+wap_wsg_idm_ecid_wtls10		743
+wap_wsg_idm_ecid_wtls11		744
+wap_wsg_idm_ecid_wtls12		745
+any_policy		746
+policy_mappings		747
+inhibit_any_policy		748
+ipsec3		749
+ipsec4		750
+camellia_128_cbc		751
+camellia_192_cbc		752
+camellia_256_cbc		753
+camellia_128_ecb		754
+camellia_192_ecb		755
+camellia_256_ecb		756
+camellia_128_cfb128		757
+camellia_192_cfb128		758
+camellia_256_cfb128		759
+camellia_128_cfb1		760
+camellia_192_cfb1		761
+camellia_256_cfb1		762
+camellia_128_cfb8		763
+camellia_192_cfb8		764
+camellia_256_cfb8		765
+camellia_128_ofb128		766
+camellia_192_ofb128		767
+camellia_256_ofb128		768
+subject_directory_attributes		769
+issuing_distribution_point		770
+certificate_issuer		771
+korea		772
+kisa		773
+kftc		774
+npki_alg		775
+seed_ecb		776
+seed_cbc		777
+seed_ofb128		778
+seed_cfb128		779
+hmac_md5		780
+hmac_sha1		781
+id_PasswordBasedMAC		782
+id_DHBasedMac		783
+id_it_suppLangTags		784
+caRepository		785
+id_smime_ct_compressedData		786
+id_ct_asciiTextWithCRLF		787
+id_aes128_wrap		788
+id_aes192_wrap		789
+id_aes256_wrap		790
+ecdsa_with_Recommended		791
+ecdsa_with_Specified		792
+ecdsa_with_SHA224		793
+ecdsa_with_SHA256		794
+ecdsa_with_SHA384		795
+ecdsa_with_SHA512		796
+hmacWithMD5		797
+hmacWithSHA224		798
+hmacWithSHA256		799
+hmacWithSHA384		800
+hmacWithSHA512		801
+dsa_with_SHA224		802
+dsa_with_SHA256		803
+whirlpool		804
+cryptopro		805
+cryptocom		806
+id_GostR3411_94_with_GostR3410_2001		807
+id_GostR3411_94_with_GostR3410_94		808
+id_GostR3411_94		809
+id_HMACGostR3411_94		810
+id_GostR3410_2001		811
+id_GostR3410_94		812
+id_Gost28147_89		813
+gost89_cnt		814
+id_Gost28147_89_MAC		815
+id_GostR3411_94_prf		816
+id_GostR3410_2001DH		817
+id_GostR3410_94DH		818
+id_Gost28147_89_CryptoPro_KeyMeshing		819
+id_Gost28147_89_None_KeyMeshing		820
+id_GostR3411_94_TestParamSet		821
+id_GostR3411_94_CryptoProParamSet		822
+id_Gost28147_89_TestParamSet		823
+id_Gost28147_89_CryptoPro_A_ParamSet		824
+id_Gost28147_89_CryptoPro_B_ParamSet		825
+id_Gost28147_89_CryptoPro_C_ParamSet		826
+id_Gost28147_89_CryptoPro_D_ParamSet		827
+id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		828
+id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		829
+id_Gost28147_89_CryptoPro_RIC_1_ParamSet		830
+id_GostR3410_94_TestParamSet		831
+id_GostR3410_94_CryptoPro_A_ParamSet		832
+id_GostR3410_94_CryptoPro_B_ParamSet		833
+id_GostR3410_94_CryptoPro_C_ParamSet		834
+id_GostR3410_94_CryptoPro_D_ParamSet		835
+id_GostR3410_94_CryptoPro_XchA_ParamSet		836
+id_GostR3410_94_CryptoPro_XchB_ParamSet		837
+id_GostR3410_94_CryptoPro_XchC_ParamSet		838
+id_GostR3410_2001_TestParamSet		839
+id_GostR3410_2001_CryptoPro_A_ParamSet		840
+id_GostR3410_2001_CryptoPro_B_ParamSet		841
+id_GostR3410_2001_CryptoPro_C_ParamSet		842
+id_GostR3410_2001_CryptoPro_XchA_ParamSet		843
+id_GostR3410_2001_CryptoPro_XchB_ParamSet		844
+id_GostR3410_94_a		845
+id_GostR3410_94_aBis		846
+id_GostR3410_94_b		847
+id_GostR3410_94_bBis		848
+id_Gost28147_89_cc		849
+id_GostR3410_94_cc		850
+id_GostR3410_2001_cc		851
+id_GostR3411_94_with_GostR3410_94_cc		852
+id_GostR3411_94_with_GostR3410_2001_cc		853
+id_GostR3410_2001_ParamSet_cc		854
+hmac		855
+LocalKeySet		856
+freshest_crl		857
+id_on_permanentIdentifier		858
+searchGuide		859
+businessCategory		860
+postalAddress		861
+postOfficeBox		862
+physicalDeliveryOfficeName		863
+telephoneNumber		864
+telexNumber		865
+teletexTerminalIdentifier		866
+facsimileTelephoneNumber		867
+x121Address		868
+internationaliSDNNumber		869
+registeredAddress		870
+destinationIndicator		871
+preferredDeliveryMethod		872
+presentationAddress		873
+supportedApplicationContext		874
+member		875
+owner		876
+roleOccupant		877
+seeAlso		878
+userPassword		879
+userCertificate		880
+cACertificate		881
+authorityRevocationList		882
+certificateRevocationList		883
+crossCertificatePair		884
+enhancedSearchGuide		885
+protocolInformation		886
+distinguishedName		887
+uniqueMember		888
+houseIdentifier		889
+supportedAlgorithms		890
+deltaRevocationList		891
+dmdName		892
+id_alg_PWRI_KEK		893
+cmac		894
+aes_128_gcm		895
+aes_128_ccm		896
+id_aes128_wrap_pad		897
+aes_192_gcm		898
+aes_192_ccm		899
+id_aes192_wrap_pad		900
+aes_256_gcm		901
+aes_256_ccm		902
+id_aes256_wrap_pad		903
+aes_128_ctr		904
+aes_192_ctr		905
+aes_256_ctr		906
+id_camellia128_wrap		907
+id_camellia192_wrap		908
+id_camellia256_wrap		909
+anyExtendedKeyUsage		910
+mgf1		911
+rsassaPss		912
+aes_128_xts		913
+aes_256_xts		914
+rc4_hmac_md5		915
+aes_128_cbc_hmac_sha1		916
+aes_192_cbc_hmac_sha1		917
+aes_256_cbc_hmac_sha1		918
+rsaesOaep		919
+dhpublicnumber		920
+brainpoolP160r1		921
+brainpoolP160t1		922
+brainpoolP192r1		923
+brainpoolP192t1		924
+brainpoolP224r1		925
+brainpoolP224t1		926
+brainpoolP256r1		927
+brainpoolP256t1		928
+brainpoolP320r1		929
+brainpoolP320t1		930
+brainpoolP384r1		931
+brainpoolP384t1		932
+brainpoolP512r1		933
+brainpoolP512t1		934
+pSpecified		935
+dhSinglePass_stdDH_sha1kdf_scheme		936
+dhSinglePass_stdDH_sha224kdf_scheme		937
+dhSinglePass_stdDH_sha256kdf_scheme		938
+dhSinglePass_stdDH_sha384kdf_scheme		939
+dhSinglePass_stdDH_sha512kdf_scheme		940
+dhSinglePass_cofactorDH_sha1kdf_scheme		941
+dhSinglePass_cofactorDH_sha224kdf_scheme		942
+dhSinglePass_cofactorDH_sha256kdf_scheme		943
+dhSinglePass_cofactorDH_sha384kdf_scheme		944
+dhSinglePass_cofactorDH_sha512kdf_scheme		945
+dh_std_kdf		946
+dh_cofactor_kdf		947
+aes_128_cbc_hmac_sha256		948
+aes_192_cbc_hmac_sha256		949
+aes_256_cbc_hmac_sha256		950
+ct_precert_scts		951
+ct_precert_poison		952
+ct_precert_signer		953
+ct_cert_scts		954
+jurisdictionLocalityName		955
+jurisdictionStateOrProvinceName		956
+jurisdictionCountryName		957
+aes_128_ocb		958
+aes_192_ocb		959
+aes_256_ocb		960
+camellia_128_gcm		961
+camellia_128_ccm		962
+camellia_128_ctr		963
+camellia_128_cmac		964
+camellia_192_gcm		965
+camellia_192_ccm		966
+camellia_192_ctr		967
+camellia_192_cmac		968
+camellia_256_gcm		969
+camellia_256_ccm		970
+camellia_256_ctr		971
+camellia_256_cmac		972
+id_scrypt		973
+id_tc26		974
+gost89_cnt_12		975
+gost_mac_12		976
+id_tc26_algorithms		977
+id_tc26_sign		978
+id_GostR3410_2012_256		979
+id_GostR3410_2012_512		980
+id_tc26_digest		981
+id_GostR3411_2012_256		982
+id_GostR3411_2012_512		983
+id_tc26_signwithdigest		984
+id_tc26_signwithdigest_gost3410_2012_256		985
+id_tc26_signwithdigest_gost3410_2012_512		986
+id_tc26_mac		987
+id_tc26_hmac_gost_3411_2012_256		988
+id_tc26_hmac_gost_3411_2012_512		989
+id_tc26_cipher		990
+id_tc26_agreement		991
+id_tc26_agreement_gost_3410_2012_256		992
+id_tc26_agreement_gost_3410_2012_512		993
+id_tc26_constants		994
+id_tc26_sign_constants		995
+id_tc26_gost_3410_2012_512_constants		996
+id_tc26_gost_3410_2012_512_paramSetTest		997
+id_tc26_gost_3410_2012_512_paramSetA		998
+id_tc26_gost_3410_2012_512_paramSetB		999
+id_tc26_digest_constants		1000
+id_tc26_cipher_constants		1001
+id_tc26_gost_28147_constants		1002
+id_tc26_gost_28147_param_Z		1003
+INN		1004
+OGRN		1005
+SNILS		1006
+subjectSignTool		1007
+issuerSignTool		1008
+gost89_cbc		1009
+gost89_ecb		1010
+gost89_ctr		1011
+grasshopper_ecb		1012
+grasshopper_ctr		1013
+grasshopper_ofb		1014
+grasshopper_cbc		1015
+grasshopper_cfb		1016
+grasshopper_mac		1017
+chacha20_poly1305		1018
+chacha20		1019
+tlsfeature		1020
+tls1_prf		1021
+ipsec_IKE		1022
+capwapAC		1023
+capwapWTP		1024
+sshClient		1025
+sshServer		1026
+sendRouter		1027
+sendProxiedRouter		1028
+sendOwner		1029
+sendProxiedOwner		1030
+id_pkinit		1031
+pkInitClientAuth		1032
+pkInitKDC		1033
+X25519		1034
+X448		1035
+hkdf		1036
+kx_rsa		1037
+kx_ecdhe		1038
+kx_dhe		1039
+kx_ecdhe_psk		1040
+kx_dhe_psk		1041
+kx_rsa_psk		1042
+kx_psk		1043
+kx_srp		1044
+kx_gost		1045
+auth_rsa		1046
+auth_ecdsa		1047
+auth_psk		1048
+auth_dss		1049
+auth_gost01		1050
+auth_gost12		1051
+auth_srp		1052
+auth_null		1053
+fips_none		1054
+fips_140_2		1055
+blake2b512		1056
+blake2s256		1057
+id_smime_ct_contentCollection		1058
+id_smime_ct_authEnvelopedData		1059
+id_ct_xml		1060
diff --git a/openssl-1.1.0h/crypto/objects/obj_xref.c b/openssl-1.1.0h/crypto/objects/obj_xref.c
new file mode 100644
index 0000000..627f5bc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_xref.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+#include "obj_xref.h"
+#include "e_os.h"
+
+static STACK_OF(nid_triple) *sig_app, *sigx_app;
+
+static int sig_cmp(const nid_triple *a, const nid_triple *b)
+{
+    return a->sign_id - b->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+
+static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    return (*a)->sign_id - (*b)->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    int ret;
+    ret = (*a)->hash_id - (*b)->hash_id;
+    if (ret)
+        return ret;
+    return (*a)->pkey_id - (*b)->pkey_id;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *rv = NULL;
+    tmp.sign_id = signid;
+
+    if (sig_app) {
+        int idx = sk_nid_triple_find(sig_app, &tmp);
+        if (idx >= 0)
+            rv = sk_nid_triple_value(sig_app, idx);
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (pdig_nid)
+        *pdig_nid = rv->hash_id;
+    if (ppkey_nid)
+        *ppkey_nid = rv->pkey_id;
+    return 1;
+}
+
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *t = &tmp;
+    const nid_triple **rv = NULL;
+
+    tmp.hash_id = dig_nid;
+    tmp.pkey_id = pkey_nid;
+
+    if (sigx_app) {
+        int idx = sk_nid_triple_find(sigx_app, &tmp);
+        if (idx >= 0) {
+            t = sk_nid_triple_value(sigx_app, idx);
+            rv = &t;
+        }
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (psignid)
+        *psignid = (*rv)->sign_id;
+    return 1;
+}
+
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+{
+    nid_triple *ntr;
+    if (sig_app == NULL)
+        sig_app = sk_nid_triple_new(sig_sk_cmp);
+    if (sig_app == NULL)
+        return 0;
+    if (sigx_app == NULL)
+        sigx_app = sk_nid_triple_new(sigx_cmp);
+    if (sigx_app == NULL)
+        return 0;
+    ntr = OPENSSL_malloc(sizeof(*ntr));
+    if (ntr == NULL)
+        return 0;
+    ntr->sign_id = signid;
+    ntr->hash_id = dig_id;
+    ntr->pkey_id = pkey_id;
+
+    if (!sk_nid_triple_push(sig_app, ntr)) {
+        OPENSSL_free(ntr);
+        return 0;
+    }
+
+    if (!sk_nid_triple_push(sigx_app, ntr))
+        return 0;
+
+    sk_nid_triple_sort(sig_app);
+    sk_nid_triple_sort(sigx_app);
+
+    return 1;
+}
+
+static void sid_free(nid_triple *tt)
+{
+    OPENSSL_free(tt);
+}
+
+void OBJ_sigid_free(void)
+{
+    sk_nid_triple_pop_free(sig_app, sid_free);
+    sig_app = NULL;
+    sk_nid_triple_free(sigx_app);
+    sigx_app = NULL;
+}
+
+#ifdef OBJ_XREF_TEST
+
+main()
+{
+    int n1, n2, n3;
+
+    int i, rv;
+# ifdef OBJ_XREF_TEST2
+    for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) {
+        OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]);
+    }
+# endif
+
+    for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) {
+        n1 = sigoid_srt[i][0];
+        rv = OBJ_find_sigid_algs(n1, &n2, &n3);
+        printf("Forward: %d, %s %s %s\n", rv,
+               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+        n1 = 0;
+        rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
+        printf("Reverse: %d, %s %s %s\n", rv,
+               OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+    }
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/objects/obj_xref.h b/openssl-1.1.0h/crypto/objects/obj_xref.h
new file mode 100644
index 0000000..d09aa71
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_xref.h
@@ -0,0 +1,118 @@
+/*
+ * WARNING: do not edit!
+ * Generated by objxref.pl
+ *
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+typedef struct {
+    int sign_id;
+    int hash_id;
+    int pkey_id;
+} nid_triple;
+
+DEFINE_STACK_OF(nid_triple)
+
+static const nid_triple sigoid_srt[] = {
+    {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
+    {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
+    {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
+    {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
+    {NID_dsaWithSHA, NID_sha, NID_dsa},
+    {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
+    {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
+    {NID_md5WithRSA, NID_md5, NID_rsa},
+    {NID_dsaWithSHA1, NID_sha1, NID_dsa},
+    {NID_sha1WithRSA, NID_sha1, NID_rsa},
+    {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
+    {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
+    {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
+    {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
+    {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
+    {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
+    {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
+    {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+    {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+    {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
+    {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001},
+    {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94,
+     NID_id_GostR3410_94},
+    {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_94_cc},
+    {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001_cc},
+    {NID_rsassaPss, NID_undef, NID_rsaEncryption},
+    {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
+    {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
+     NID_dh_cofactor_kdf},
+    {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+     NID_id_GostR3410_2012_256},
+    {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+     NID_id_GostR3410_2012_512},
+};
+
+static const nid_triple *const sigoid_srt_xref[] = {
+    &sigoid_srt[0],
+    &sigoid_srt[1],
+    &sigoid_srt[7],
+    &sigoid_srt[2],
+    &sigoid_srt[4],
+    &sigoid_srt[3],
+    &sigoid_srt[9],
+    &sigoid_srt[5],
+    &sigoid_srt[8],
+    &sigoid_srt[12],
+    &sigoid_srt[30],
+    &sigoid_srt[35],
+    &sigoid_srt[6],
+    &sigoid_srt[10],
+    &sigoid_srt[11],
+    &sigoid_srt[13],
+    &sigoid_srt[24],
+    &sigoid_srt[20],
+    &sigoid_srt[32],
+    &sigoid_srt[37],
+    &sigoid_srt[14],
+    &sigoid_srt[21],
+    &sigoid_srt[33],
+    &sigoid_srt[38],
+    &sigoid_srt[15],
+    &sigoid_srt[22],
+    &sigoid_srt[34],
+    &sigoid_srt[39],
+    &sigoid_srt[16],
+    &sigoid_srt[23],
+    &sigoid_srt[19],
+    &sigoid_srt[31],
+    &sigoid_srt[36],
+    &sigoid_srt[25],
+    &sigoid_srt[26],
+    &sigoid_srt[27],
+    &sigoid_srt[28],
+    &sigoid_srt[40],
+    &sigoid_srt[41],
+};
diff --git a/openssl-1.1.0h/crypto/objects/obj_xref.txt b/openssl-1.1.0h/crypto/objects/obj_xref.txt
new file mode 100644
index 0000000..981103b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/obj_xref.txt
@@ -0,0 +1,60 @@
+# OID cross reference table.
+# Links signatures OIDs to their corresponding public key algorithms
+# and digests.
+
+md2WithRSAEncryption	md2	rsaEncryption
+md5WithRSAEncryption	md5	rsaEncryption
+shaWithRSAEncryption	sha	rsaEncryption
+sha1WithRSAEncryption	sha1	rsaEncryption
+md4WithRSAEncryption	md4	rsaEncryption
+sha256WithRSAEncryption sha256	rsaEncryption
+sha384WithRSAEncryption	sha384	rsaEncryption
+sha512WithRSAEncryption	sha512	rsaEncryption
+sha224WithRSAEncryption	sha224	rsaEncryption
+mdc2WithRSA		mdc2	rsaEncryption
+ripemd160WithRSA	ripemd160 rsaEncryption
+# For PSS the digest algorithm can vary and depends on the included
+# AlgorithmIdentifier. The digest "undef" indicates the public key
+# method should handle this explicitly.
+rsassaPss		undef	rsaEncryption
+
+# Alternative deprecated OIDs. By using the older "rsa" OID this
+# type will be recognized by not normally used.
+
+md5WithRSA		md5	rsa
+sha1WithRSA		sha1	rsa
+
+dsaWithSHA		sha	dsa
+dsaWithSHA1		sha1	dsa
+
+dsaWithSHA1_2		sha1	dsa_2
+
+ecdsa_with_SHA1		sha1	X9_62_id_ecPublicKey
+ecdsa_with_SHA224	sha224	X9_62_id_ecPublicKey
+ecdsa_with_SHA256	sha256	X9_62_id_ecPublicKey
+ecdsa_with_SHA384	sha384	X9_62_id_ecPublicKey
+ecdsa_with_SHA512	sha512	X9_62_id_ecPublicKey
+ecdsa_with_Recommended	undef	X9_62_id_ecPublicKey
+ecdsa_with_Specified	undef	X9_62_id_ecPublicKey
+
+dsa_with_SHA224		sha224	dsa
+dsa_with_SHA256		sha256	dsa
+
+id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
+id_GostR3411_94_with_GostR3410_94	id_GostR3411_94 id_GostR3410_94
+id_GostR3411_94_with_GostR3410_94_cc	id_GostR3411_94 id_GostR3410_94_cc
+id_GostR3411_94_with_GostR3410_2001_cc	id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512
+# ECDH KDFs and their corresponding message digests and schemes
+dhSinglePass_stdDH_sha1kdf_scheme		sha1	dh_std_kdf
+dhSinglePass_stdDH_sha224kdf_scheme		sha224	dh_std_kdf
+dhSinglePass_stdDH_sha256kdf_scheme		sha256	dh_std_kdf
+dhSinglePass_stdDH_sha384kdf_scheme		sha384	dh_std_kdf
+dhSinglePass_stdDH_sha512kdf_scheme		sha512	dh_std_kdf
+
+dhSinglePass_cofactorDH_sha1kdf_scheme		sha1	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha224kdf_scheme	sha224	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha256kdf_scheme	sha256	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha384kdf_scheme	sha384	dh_cofactor_kdf
+dhSinglePass_cofactorDH_sha512kdf_scheme	sha512	dh_cofactor_kdf
diff --git a/openssl-1.1.0h/crypto/objects/objects.pl b/openssl-1.1.0h/crypto/objects/objects.pl
new file mode 100644
index 0000000..3b40277
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/objects.pl
@@ -0,0 +1,193 @@
+#! /usr/bin/env perl
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+	{
+	s|\R$||;
+	$o++;
+	s/#.*$//;
+	next if /^\s*$/;
+	$_ = 'X'.$_;
+	($Cname,$mynum) = split;
+	$Cname =~ s/^X//;
+	if (defined($nidn{$mynum}))
+		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+	if (defined($nid{$Cname}))
+		{ die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; }
+	$nid{$Cname} = $mynum;
+	$nidn{$mynum} = $Cname;
+	$order{$mynum} = $o;
+	$max_nid = $mynum if $mynum > $max_nid;
+	}
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+	{
+	s|\R$||;
+	$o++;
+        if (/^!module\s+(.*)$/)
+		{
+		$module = $1."-";
+		$module =~ s/\./_/g;
+		$module =~ s/-/_/g;
+		}
+        if (/^!global$/)
+		{ $module = ""; }
+	if (/^!Cname\s+(.*)$/)
+		{ $Cname = $1; }
+	if (/^!Alias\s+(.+?)\s+(.*)$/)
+		{
+		$Cname = $module.$1;
+		$myoid = $2;
+		$myoid = &process_oid($myoid);
+		$Cname =~ s/-/_/g;
+		$ordern{$o} = $Cname;
+		$order{$Cname} = $o;
+		$obj{$Cname} = $myoid;
+		$_ = "";
+		$Cname = "";
+		}
+	s/!.*$//;
+	s/#.*$//;
+	next if /^\s*$/;
+	($myoid,$mysn,$myln) = split ':';
+	$mysn =~ s/^\s*//;
+	$mysn =~ s/\s*$//;
+	$myln =~ s/^\s*//;
+	$myln =~ s/\s*$//;
+	$myoid =~ s/^\s*//;
+	$myoid =~ s/\s*$//;
+	if ($myoid ne "")
+		{
+		$myoid = &process_oid($myoid);
+		}
+
+	if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ ))
+		{
+		$Cname = $myln;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $mysn;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($sn{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $myln;
+		$Cname =~ s/-/_/g;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/ /_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	$Cname =~ s/\./_/g;
+	$Cname =~ s/-/_/g;
+	$Cname = $module.$Cname;
+	$ordern{$o} = $Cname;
+	$order{$Cname} = $o;
+	$sn{$Cname} = $mysn;
+	$ln{$Cname} = $myln;
+	$obj{$Cname} = $myoid;
+	if (!defined($nid{$Cname}))
+		{
+		$max_nid++;
+		$nid{$Cname} = $max_nid;
+		$nidn{$max_nid} = $Cname;
+print STDERR "Added OID $Cname\n";
+		}
+	$Cname="";
+	}
+close IN;
+
+open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+foreach (sort { $a <=> $b } keys %nidn)
+	{
+	print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+	}
+close NUMOUT;
+
+open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+print OUT <<'EOF';
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
+ *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+EOF
+
+sub expand
+	{
+	my $string = shift;
+
+	1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
+
+	return $string;
+	}
+
+foreach (sort { $a <=> $b } keys %ordern)
+	{
+	$Cname=$ordern{$_};
+	print OUT "\n";
+	print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
+	print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
+	print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
+	print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
+	}
+
+close OUT;
+
+sub process_oid
+	{
+	local($oid)=@_;
+	local(@a,$oid_pref);
+
+	@a = split(/\s+/,$myoid);
+	$pref_oid = "";
+	$pref_sep = "";
+	if (!($a[0] =~ /^[0-9]+$/))
+		{
+		$a[0] =~ s/-/_/g;
+		if (!defined($obj{$a[0]}))
+			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+		$pref_oid = "OBJ_" . $a[0];
+		$pref_sep = ",";
+		shift @a;
+		}
+	$oids = join('L,',@a) . "L";
+	if ($oids ne "L")
+		{
+		$oids = $pref_oid . $pref_sep . $oids;
+		}
+	else
+		{
+		$oids = $pref_oid;
+		}
+	return($oids);
+	}
diff --git a/openssl-1.1.0h/crypto/objects/objects.txt b/openssl-1.1.0h/crypto/objects/objects.txt
new file mode 100644
index 0000000..fc0781d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/objects.txt
@@ -0,0 +1,1485 @@
+# CCITT was renamed to ITU-T quite some time ago
+0			: ITU-T			: itu-t
+!Alias ccitt itu-t
+
+1			: ISO			: iso
+
+2			: JOINT-ISO-ITU-T	: joint-iso-itu-t
+!Alias joint-iso-ccitt joint-iso-itu-t
+
+iso 2			: member-body		: ISO Member Body
+
+iso 3			: identified-organization
+
+# HMAC OIDs
+identified-organization 6 1 5 5 8 1 1	: HMAC-MD5	: hmac-md5
+identified-organization 6 1 5 5 8 1 2	: HMAC-SHA1	: hmac-sha1
+
+identified-organization 132	: certicom-arc
+
+joint-iso-itu-t 23	: international-organizations	: International Organizations
+
+international-organizations 43	: wap
+wap 1			: wap-wsg
+
+joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types
+
+selected-attribute-types 55	: clearance
+
+member-body 840		: ISO-US		: ISO US Member Body
+ISO-US 10040		: X9-57			: X9.57
+X9-57 4			: X9cm			: X9.57 CM ?
+
+!Cname dsa
+X9cm 1			: DSA			: dsaEncryption
+X9cm 3			: DSA-SHA1		: dsaWithSHA1
+
+
+ISO-US 10045		: ansi-X9-62		: ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1		: prime-field
+X9-62_id-fieldType 2		: characteristic-two-field
+X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+X9-62_id-characteristic-two-basis 1 : onBasis
+X9-62_id-characteristic-two-basis 2 : tpBasis
+X9-62_id-characteristic-two-basis 3 : ppBasis
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1	: id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+X9-62_c-TwoCurve 1		: c2pnb163v1
+X9-62_c-TwoCurve 2		: c2pnb163v2
+X9-62_c-TwoCurve 3		: c2pnb163v3
+X9-62_c-TwoCurve 4		: c2pnb176v1
+X9-62_c-TwoCurve 5		: c2tnb191v1
+X9-62_c-TwoCurve 6		: c2tnb191v2
+X9-62_c-TwoCurve 7		: c2tnb191v3
+X9-62_c-TwoCurve 8		: c2onb191v4
+X9-62_c-TwoCurve 9		: c2onb191v5
+X9-62_c-TwoCurve 10		: c2pnb208w1
+X9-62_c-TwoCurve 11		: c2tnb239v1
+X9-62_c-TwoCurve 12		: c2tnb239v2
+X9-62_c-TwoCurve 13		: c2tnb239v3
+X9-62_c-TwoCurve 14		: c2onb239v4
+X9-62_c-TwoCurve 15		: c2onb239v5
+X9-62_c-TwoCurve 16		: c2pnb272w1
+X9-62_c-TwoCurve 17		: c2pnb304w1
+X9-62_c-TwoCurve 18		: c2tnb359v1
+X9-62_c-TwoCurve 19		: c2pnb368w1
+X9-62_c-TwoCurve 20		: c2tnb431r1
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1	 	: prime192v1
+X9-62_primeCurve 2	 	: prime192v2
+X9-62_primeCurve 3	 	: prime192v3
+X9-62_primeCurve 4	 	: prime239v1
+X9-62_primeCurve 5	 	: prime239v2
+X9-62_primeCurve 6	 	: prime239v3
+X9-62_primeCurve 7	 	: prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1		: ecdsa-with-SHA1
+X9-62_id-ecSigType 2		: ecdsa-with-Recommended
+X9-62_id-ecSigType 3		: ecdsa-with-Specified
+ecdsa-with-Specified 1		: ecdsa-with-SHA224
+ecdsa-with-Specified 2		: ecdsa-with-SHA256
+ecdsa-with-Specified 3		: ecdsa-with-SHA384
+ecdsa-with-Specified 4		: ecdsa-with-SHA512
+
+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
+# (http://www.secg.org/)
+!Alias secg_ellipticCurve certicom-arc 0
+# SECG prime curves OIDs
+secg-ellipticCurve 6		: secp112r1
+secg-ellipticCurve 7		: secp112r2
+secg-ellipticCurve 28		: secp128r1
+secg-ellipticCurve 29		: secp128r2
+secg-ellipticCurve 9		: secp160k1
+secg-ellipticCurve 8		: secp160r1
+secg-ellipticCurve 30		: secp160r2
+secg-ellipticCurve 31		: secp192k1
+# NOTE: the curve secp192r1 is the same as prime192v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 32		: secp224k1
+secg-ellipticCurve 33		: secp224r1
+secg-ellipticCurve 10		: secp256k1
+# NOTE: the curve secp256r1 is the same as prime256v1 defined above
+#       and is therefore omitted
+secg-ellipticCurve 34		: secp384r1
+secg-ellipticCurve 35		: secp521r1
+# SECG characteristic two curves OIDs
+secg-ellipticCurve 4		: sect113r1
+secg-ellipticCurve 5		: sect113r2
+secg-ellipticCurve 22		: sect131r1
+secg-ellipticCurve 23		: sect131r2
+secg-ellipticCurve 1		: sect163k1
+secg-ellipticCurve 2		: sect163r1
+secg-ellipticCurve 15		: sect163r2
+secg-ellipticCurve 24		: sect193r1
+secg-ellipticCurve 25		: sect193r2
+secg-ellipticCurve 26		: sect233k1
+secg-ellipticCurve 27		: sect233r1
+secg-ellipticCurve 3		: sect239k1
+secg-ellipticCurve 16		: sect283k1
+secg-ellipticCurve 17		: sect283r1
+secg-ellipticCurve 36		: sect409k1
+secg-ellipticCurve 37		: sect409r1
+secg-ellipticCurve 38		: sect571k1
+secg-ellipticCurve 39		: sect571r1
+
+# WAP/TLS curve OIDs (http://www.wapforum.org/)
+!Alias wap-wsg-idm-ecid wap-wsg 4
+wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
+wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
+wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
+wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
+wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
+wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
+wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
+wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
+wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
+wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
+wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12
+
+
+ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
+			: CAST5-ECB		: cast5-ecb
+!Cname cast5-cfb64
+			: CAST5-CFB		: cast5-cfb
+!Cname cast5-ofb64
+			: CAST5-OFB		: cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC
+
+# Macs for CMP and CRMF
+ISO-US 113533 7 66 13	: id-PasswordBasedMAC	: password based MAC
+ISO-US 113533 7 66 30	: id-DHBasedMac		: Diffie-Hellman based MAC
+
+ISO-US 113549		: rsadsi		: RSA Data Security, Inc.
+
+rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS
+
+pkcs 1			: pkcs1
+pkcs1 1			:			: rsaEncryption
+pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
+pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
+pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
+pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 7			: RSAES-OAEP		: rsaesOaep
+pkcs1 8			: MGF1			: mgf1
+pkcs1 9			: PSPECIFIED		: pSpecified
+pkcs1 10		: RSASSA-PSS		: rsassaPss
+
+pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
+pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
+pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
+pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption
+
+pkcs 3			: pkcs3
+pkcs3 1			:			: dhKeyAgreement
+
+pkcs 5			: pkcs5
+pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
+pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
+pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
+pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
+pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
+pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12		:			: PBKDF2
+!Cname pbes2
+pkcs5 13		:			: PBES2
+!Cname pbmac1
+pkcs5 14		:			: PBMAC1
+
+pkcs 7			: pkcs7
+pkcs7 1			:			: pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2			:			: pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3			:			: pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4			:			: pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5			:			: pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6			:			: pkcs7-encryptedData
+
+pkcs 9			: pkcs9
+!module pkcs9
+pkcs9 1			: 			: emailAddress
+pkcs9 2			:			: unstructuredName
+pkcs9 3			:			: contentType
+pkcs9 4			:			: messageDigest
+pkcs9 5			:			: signingTime
+pkcs9 6			:			: countersignature
+pkcs9 7			:			: challengePassword
+pkcs9 8			:			: unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9			:			: extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14		: extReq		: Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16		: SMIME			: S/MIME
+SMIME 0			: id-smime-mod
+SMIME 1			: id-smime-ct
+SMIME 2			: id-smime-aa
+SMIME 3			: id-smime-alg
+SMIME 4			: id-smime-cd
+SMIME 5			: id-smime-spq
+SMIME 6			: id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1		: id-smime-mod-cms
+id-smime-mod 2		: id-smime-mod-ess
+id-smime-mod 3		: id-smime-mod-oid
+id-smime-mod 4		: id-smime-mod-msg-v3
+id-smime-mod 5		: id-smime-mod-ets-eSignature-88
+id-smime-mod 6		: id-smime-mod-ets-eSignature-97
+id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1		: id-smime-ct-receipt
+id-smime-ct 2		: id-smime-ct-authData
+id-smime-ct 3		: id-smime-ct-publishCert
+id-smime-ct 4		: id-smime-ct-TSTInfo
+id-smime-ct 5		: id-smime-ct-TDTInfo
+id-smime-ct 6		: id-smime-ct-contentInfo
+id-smime-ct 7		: id-smime-ct-DVCSRequestData
+id-smime-ct 8		: id-smime-ct-DVCSResponseData
+id-smime-ct 9		: id-smime-ct-compressedData
+id-smime-ct 19		: id-smime-ct-contentCollection
+id-smime-ct 23		: id-smime-ct-authEnvelopedData
+id-smime-ct 27		: id-ct-asciiTextWithCRLF
+id-smime-ct 28		: id-ct-xml
+
+# S/MIME Attributes
+id-smime-aa 1		: id-smime-aa-receiptRequest
+id-smime-aa 2		: id-smime-aa-securityLabel
+id-smime-aa 3		: id-smime-aa-mlExpandHistory
+id-smime-aa 4		: id-smime-aa-contentHint
+id-smime-aa 5		: id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6		: id-smime-aa-encapContentType
+id-smime-aa 7		: id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8		: id-smime-aa-macValue
+id-smime-aa 9		: id-smime-aa-equivalentLabels
+id-smime-aa 10		: id-smime-aa-contentReference
+id-smime-aa 11		: id-smime-aa-encrypKeyPref
+id-smime-aa 12		: id-smime-aa-signingCertificate
+id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
+id-smime-aa 14		: id-smime-aa-timeStampToken
+id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
+id-smime-aa 16		: id-smime-aa-ets-commitmentType
+id-smime-aa 17		: id-smime-aa-ets-signerLocation
+id-smime-aa 18		: id-smime-aa-ets-signerAttr
+id-smime-aa 19		: id-smime-aa-ets-otherSigCert
+id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
+id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
+id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
+id-smime-aa 23		: id-smime-aa-ets-certValues
+id-smime-aa 24		: id-smime-aa-ets-revocationValues
+id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
+id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28		: id-smime-aa-signatureType
+id-smime-aa 29		: id-smime-aa-dvcs-dvc
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1		: id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2		: id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3		: id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4		: id-smime-alg-RC2wrap
+id-smime-alg 5		: id-smime-alg-ESDH
+id-smime-alg 6		: id-smime-alg-CMS3DESwrap
+id-smime-alg 7		: id-smime-alg-CMSRC2wrap
+id-smime-alg 9		: id-alg-PWRI-KEK
+
+# S/MIME Certificate Distribution
+id-smime-cd 1		: id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1		: id-smime-spq-ets-sqt-uri
+id-smime-spq 2		: id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4		: id-smime-cti-ets-proofOfSender
+id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
+id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
+
+pkcs9 20		:			: friendlyName
+pkcs9 21		:			: localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
+1 3 6 1 4 1 311 17 2	: LocalKeySet		: Microsoft Local Key set
+!Alias certTypes pkcs9 22
+certTypes 1		:			: x509Certificate
+certTypes 2		:			: sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1		:			: x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1		:			: keyBag
+pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
+pkcs12-BagIds 3		:			: certBag
+pkcs12-BagIds 4		:			: crlBag
+pkcs12-BagIds 5		:			: secretBag
+pkcs12-BagIds 6		:			: safeContentsBag
+
+rsadsi 2 2		: MD2			: md2
+rsadsi 2 4		: MD4			: md4
+rsadsi 2 5		: MD5			: md5
+			: MD5-SHA1		: md5-sha1
+rsadsi 2 6		:			: hmacWithMD5
+rsadsi 2 7		:			: hmacWithSHA1
+
+# From RFC4231
+rsadsi 2 8		:			: hmacWithSHA224
+rsadsi 2 9		:			: hmacWithSHA256
+rsadsi 2 10		:			: hmacWithSHA384
+rsadsi 2 11		:			: hmacWithSHA512
+
+rsadsi 3 2		: RC2-CBC		: rc2-cbc
+			: RC2-ECB		: rc2-ecb
+!Cname rc2-cfb64
+			: RC2-CFB		: rc2-cfb
+!Cname rc2-ofb64
+			: RC2-OFB		: rc2-ofb
+			: RC2-40-CBC		: rc2-40-cbc
+			: RC2-64-CBC		: rc2-64-cbc
+rsadsi 3 4		: RC4			: rc4
+			: RC4-40		: rc4-40
+rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
+rsadsi 3 8		: RC5-CBC		: rc5-cbc
+			: RC5-ECB		: rc5-ecb
+!Cname rc5-cfb64
+			: RC5-CFB		: rc5-cfb
+!Cname rc5-ofb64
+			: RC5-OFB		: rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+
+1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+			: IDEA-ECB		: idea-ecb
+!Cname idea-cfb64
+			: IDEA-CFB		: idea-cfb
+!Cname idea-ofb64
+			: IDEA-OFB		: idea-ofb
+
+1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
+			: BF-ECB		: bf-ecb
+!Cname bf-cfb64
+			: BF-CFB		: bf-cfb
+!Cname bf-ofb64
+			: BF-OFB		: bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7		: PKIX
+
+# PKIX Arcs
+id-pkix 0		: id-pkix-mod
+id-pkix 1		: id-pe
+id-pkix 2		: id-qt
+id-pkix 3		: id-kp
+id-pkix 4		: id-it
+id-pkix 5		: id-pkip
+id-pkix 6		: id-alg
+id-pkix 7		: id-cmc
+id-pkix 8		: id-on
+id-pkix 9		: id-pda
+id-pkix 10		: id-aca
+id-pkix 11		: id-qcs
+id-pkix 12		: id-cct
+id-pkix 21		: id-ppl
+id-pkix 48		: id-ad
+
+# PKIX Modules
+id-pkix-mod 1		: id-pkix1-explicit-88
+id-pkix-mod 2		: id-pkix1-implicit-88
+id-pkix-mod 3		: id-pkix1-explicit-93
+id-pkix-mod 4		: id-pkix1-implicit-93
+id-pkix-mod 5		: id-mod-crmf
+id-pkix-mod 6		: id-mod-cmc
+id-pkix-mod 7		: id-mod-kea-profile-88
+id-pkix-mod 8		: id-mod-kea-profile-93
+id-pkix-mod 9		: id-mod-cmp
+id-pkix-mod 10		: id-mod-qualified-cert-88
+id-pkix-mod 11		: id-mod-qualified-cert-93
+id-pkix-mod 12		: id-mod-attribute-cert
+id-pkix-mod 13		: id-mod-timestamp-protocol
+id-pkix-mod 14		: id-mod-ocsp
+id-pkix-mod 15		: id-mod-dvcs
+id-pkix-mod 16		: id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1			: authorityInfoAccess	: Authority Information Access
+id-pe 2			: biometricInfo		: Biometric Info
+id-pe 3			: qcStatements
+id-pe 4			: ac-auditEntity
+id-pe 5			: ac-targeting
+id-pe 6			: aaControls
+id-pe 7			: sbgp-ipAddrBlock
+id-pe 8			: sbgp-autonomousSysNum
+id-pe 9			: sbgp-routerIdentifier
+id-pe 10		: ac-proxying
+!Cname sinfo-access
+id-pe 11		: subjectInfoAccess	: Subject Information Access
+id-pe 14		: proxyCertInfo		: Proxy Certificate Information
+id-pe 24		: tlsfeature		: TLS Feature
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1			: id-qt-cps		: Policy Qualifier CPS
+id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
+id-qt 3			: textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1			: serverAuth		: TLS Web Server Authentication
+!Cname client-auth
+id-kp 2			: clientAuth		: TLS Web Client Authentication
+!Cname code-sign
+id-kp 3			: codeSigning		: Code Signing
+!Cname email-protect
+id-kp 4			: emailProtection	: E-mail Protection
+id-kp 5			: ipsecEndSystem	: IPSec End System
+id-kp 6			: ipsecTunnel		: IPSec Tunnel
+id-kp 7			: ipsecUser		: IPSec User
+!Cname time-stamp
+id-kp 8			: timeStamping		: Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9			: OCSPSigning		: OCSP Signing
+id-kp 10		: DVCS			: dvcs
+!Cname ipsec-IKE
+id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
+id-kp 18                : capwapAC              : Ctrl/provision WAP Access
+id-kp 19                : capwapWTP             : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21                : secureShellClient     : SSH Client
+!Cname sshServer
+id-kp 22                : secureShellServer     : SSH Server
+id-kp 23                : sendRouter            : Send Router
+id-kp 24                : sendProxiedRouter     : Send Proxied Router
+id-kp 25                : sendOwner             : Send Owner
+id-kp 26                : sendProxiedOwner      : Send Proxied Owner
+
+# CMP information types
+id-it 1			: id-it-caProtEncCert
+id-it 2			: id-it-signKeyPairTypes
+id-it 3			: id-it-encKeyPairTypes
+id-it 4			: id-it-preferredSymmAlg
+id-it 5			: id-it-caKeyUpdateInfo
+id-it 6			: id-it-currentCRL
+id-it 7			: id-it-unsupportedOIDs
+# obsolete
+id-it 8			: id-it-subscriptionRequest
+# obsolete
+id-it 9			: id-it-subscriptionResponse
+id-it 10		: id-it-keyPairParamReq
+id-it 11		: id-it-keyPairParamRep
+id-it 12		: id-it-revPassphrase
+id-it 13		: id-it-implicitConfirm
+id-it 14		: id-it-confirmWaitTime
+id-it 15		: id-it-origPKIMessage
+id-it 16		: id-it-suppLangTags
+
+# CRMF registration
+id-pkip 1		: id-regCtrl
+id-pkip 2		: id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1		: id-regCtrl-regToken
+id-regCtrl 2		: id-regCtrl-authenticator
+id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
+id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
+id-regCtrl 5		: id-regCtrl-oldCertID
+id-regCtrl 6		: id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1		: id-regInfo-utf8Pairs
+id-regInfo 2		: id-regInfo-certReq
+
+# algorithms
+id-alg 1		: id-alg-des40
+id-alg 2		: id-alg-noSignature
+id-alg 3		: id-alg-dh-sig-hmac-sha1
+id-alg 4		: id-alg-dh-pop
+
+# CMC controls
+id-cmc 1		: id-cmc-statusInfo
+id-cmc 2		: id-cmc-identification
+id-cmc 3		: id-cmc-identityProof
+id-cmc 4		: id-cmc-dataReturn
+id-cmc 5		: id-cmc-transactionId
+id-cmc 6		: id-cmc-senderNonce
+id-cmc 7		: id-cmc-recipientNonce
+id-cmc 8		: id-cmc-addExtensions
+id-cmc 9		: id-cmc-encryptedPOP
+id-cmc 10		: id-cmc-decryptedPOP
+id-cmc 11		: id-cmc-lraPOPWitness
+id-cmc 15		: id-cmc-getCert
+id-cmc 16		: id-cmc-getCRL
+id-cmc 17		: id-cmc-revokeRequest
+id-cmc 18		: id-cmc-regInfo
+id-cmc 19		: id-cmc-responseInfo
+id-cmc 21		: id-cmc-queryPending
+id-cmc 22		: id-cmc-popLinkRandom
+id-cmc 23		: id-cmc-popLinkWitness
+id-cmc 24		: id-cmc-confirmCertAcceptance 
+
+# other names
+id-on 1			: id-on-personalData
+id-on 3			: id-on-permanentIdentifier : Permanent Identifier
+
+# personal data attributes
+id-pda 1		: id-pda-dateOfBirth
+id-pda 2		: id-pda-placeOfBirth
+id-pda 3		: id-pda-gender
+id-pda 4		: id-pda-countryOfCitizenship
+id-pda 5		: id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1		: id-aca-authenticationInfo
+id-aca 2		: id-aca-accessIdentity
+id-aca 3		: id-aca-chargingIdentity
+id-aca 4		: id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
+id-aca 5		: id-aca-role
+id-aca 6		: id-aca-encAttrs
+
+# qualified certificate statements
+id-qcs 1		: id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1		: id-cct-crs
+id-cct 2		: id-cct-PKIData
+id-cct 3		: id-cct-PKIResponse
+
+# Predefined Proxy Certificate policy languages
+id-ppl 0		: id-ppl-anyLanguage	: Any language
+id-ppl 1		: id-ppl-inheritAll	: Inherit all
+id-ppl 2		: id-ppl-independent	: Independent
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1			: OCSP			: OCSP
+!Cname ad-ca-issuers
+id-ad 2			: caIssuers		: CA Issuers
+!Cname ad-timeStamping
+id-ad 3			: ad_timestamping	: AD Time Stamping
+!Cname ad-dvcs
+id-ad 4			: AD_DVCS		: ad dvcs
+id-ad 5			: caRepository		: CA Repository
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
+id-pkix-OCSP 2		: Nonce			: OCSP Nonce
+id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
+id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
+id-pkix-OCSP 5		: noCheck		: OCSP No Check
+id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
+id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
+id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
+id-pkix-OCSP 9		: valid
+id-pkix-OCSP 10		: path
+id-pkix-OCSP 11		: trustRoot		: Trust Root
+!global
+
+1 3 14 3 2		: algorithm		: algorithm
+algorithm 3		: RSA-NP-MD5		: md5WithRSA
+algorithm 6		: DES-ECB		: des-ecb
+algorithm 7		: DES-CBC		: des-cbc
+!Cname des-ofb64
+algorithm 8		: DES-OFB		: des-ofb
+!Cname des-cfb64
+algorithm 9		: DES-CFB		: des-cfb
+algorithm 11		: rsaSignature
+!Cname dsa-2
+algorithm 12		: DSA-old		: dsaEncryption-old
+algorithm 13		: DSA-SHA		: dsaWithSHA
+algorithm 15		: RSA-SHA		: shaWithRSAEncryption
+!Cname des-ede-ecb
+algorithm 17		: DES-EDE		: des-ede
+!Cname des-ede3-ecb
+			: DES-EDE3		: des-ede3
+			: DES-EDE-CBC		: des-ede-cbc
+!Cname des-ede-cfb64
+			: DES-EDE-CFB		: des-ede-cfb
+!Cname des-ede3-cfb64
+			: DES-EDE3-CFB		: des-ede3-cfb
+!Cname des-ede-ofb64
+			: DES-EDE-OFB		: des-ede-ofb
+!Cname des-ede3-ofb64
+			: DES-EDE3-OFB		: des-ede3-ofb
+			: DESX-CBC		: desx-cbc
+algorithm 18		: SHA			: sha
+algorithm 26		: SHA1			: sha1
+!Cname dsaWithSHA1-2
+algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
+algorithm 29		: RSA-SHA1-2		: sha1WithRSA
+
+1 3 36 3 2 1		: RIPEMD160		: ripemd160
+1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA
+
+1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512        : blake2b512
+1 3 6 1 4 1 1722 12 2 2 8  : BLAKE2s256        : blake2s256
+
+!Cname sxnet
+1 3 101 1 4 1		: SXNetID		: Strong Extranet ID
+
+2 5			: X500			: directory services (X.500)
+
+X500 4			: X509
+X509 3			: CN			: commonName
+X509 4			: SN			: surname
+X509 5			: 			: serialNumber
+X509 6			: C			: countryName
+X509 7			: L			: localityName
+X509 8			: ST			: stateOrProvinceName
+X509 9			: street		: streetAddress
+X509 10			: O			: organizationName
+X509 11			: OU			: organizationalUnitName
+X509 12			: title			: title
+X509 13			: 			: description
+X509 14			: 			: searchGuide
+X509 15			: 			: businessCategory
+X509 16			: 			: postalAddress
+X509 17			: 			: postalCode
+X509 18			: 			: postOfficeBox
+X509 19			: 			: physicalDeliveryOfficeName
+X509 20			: 			: telephoneNumber
+X509 21			: 			: telexNumber
+X509 22			: 			: teletexTerminalIdentifier
+X509 23			: 			: facsimileTelephoneNumber
+X509 24			: 			: x121Address
+X509 25			: 			: internationaliSDNNumber
+X509 26			: 			: registeredAddress
+X509 27			: 			: destinationIndicator
+X509 28			: 			: preferredDeliveryMethod
+X509 29			: 			: presentationAddress
+X509 30			: 			: supportedApplicationContext
+X509 31			: member		:
+X509 32			: owner			:
+X509 33			: 			: roleOccupant
+X509 34			: seeAlso		:
+X509 35			: 			: userPassword
+X509 36			: 			: userCertificate
+X509 37			: 			: cACertificate
+X509 38			: 			: authorityRevocationList
+X509 39			: 			: certificateRevocationList
+X509 40			: 			: crossCertificatePair
+X509 41			: name			: name
+X509 42			: GN			: givenName
+X509 43			: initials		: initials
+X509 44			: 			: generationQualifier
+X509 45			: 			: x500UniqueIdentifier
+X509 46			: dnQualifier		: dnQualifier
+X509 47			: 			: enhancedSearchGuide
+X509 48			: 			: protocolInformation
+X509 49			: 			: distinguishedName
+X509 50			: 			: uniqueMember
+X509 51			: 			: houseIdentifier
+X509 52			: 			: supportedAlgorithms
+X509 53			: 			: deltaRevocationList
+X509 54			: dmdName		:
+X509 65			:			: pseudonym
+X509 72			: role			: role
+
+X500 8			: X500algorithms	: directory services - algorithms
+X500algorithms 1 1	: RSA			: rsa
+X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
+X500algorithms 3 101	: MDC2			: mdc2
+
+X500 29			: id-ce
+!Cname subject-directory-attributes
+id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes
+!Cname subject-key-identifier
+id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15		: keyUsage		: X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19		: basicConstraints	: X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20		: crlNumber		: X509v3 CRL Number
+!Cname crl-reason
+id-ce 21		: CRLReason		: X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24		: invalidityDate	: Invalidity Date
+!Cname delta-crl
+id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
+!Cname issuing-distribution-point
+id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distribution Point
+!Cname certificate-issuer
+id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer
+!Cname name-constraints
+id-ce 30		: nameConstraints	: X509v3 Name Constraints
+!Cname crl-distribution-points
+id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
+!Cname any-policy
+certificate-policies 0	: anyPolicy		: X509v3 Any Policy
+!Cname policy-mappings
+id-ce 33		: policyMappings	: X509v3 Policy Mappings
+!Cname authority-key-identifier
+id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36		: policyConstraints	: X509v3 Policy Constraints
+!Cname ext-key-usage
+id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname freshest-crl
+id-ce 46		: freshestCRL		: X509v3 Freshest CRL
+!Cname inhibit-any-policy
+id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
+!Cname target-information
+id-ce 55		: targetInformation	: X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+
+# From RFC5280
+ext-key-usage 0		: anyExtendedKeyUsage	: Any Extended Key Usage
+
+
+!Cname netscape
+2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1		: nsCertExt		: Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2		: nsDataType		: Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment		: Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1		: nsSGC			: Netscape Server Gated Crypto
+
+# iso(1)
+iso 3			: ORG			: org
+org 6			: DOD			: dod
+dod 1			: IANA			: iana
+!Alias internet iana
+
+internet 1		: directory		: Directory
+internet 2		: mgmt			: Management
+internet 3		: experimental		: Experimental
+internet 4		: private		: Private
+internet 5		: security		: Security
+internet 6		: snmpv2		: SNMPv2
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7		:			: Mail
+
+Private 1		: enterprises		: Enterprises
+
+# RFC 2247
+Enterprises 1466 344	: dcobject		: dcObject
+
+# RFC 1495
+Mail 1			: mime-mhs		: MIME MHS
+mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
+mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
+mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
+
+# RFC 3274
+!Cname zlib-compression
+id-smime-alg 8		: ZLIB			: zlib compression
+
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1			: AES-128-ECB		: aes-128-ecb
+aes 2			: AES-128-CBC		: aes-128-cbc
+!Cname aes-128-ofb128
+aes 3			: AES-128-OFB		: aes-128-ofb
+!Cname aes-128-cfb128
+aes 4			: AES-128-CFB		: aes-128-cfb
+aes 5			: id-aes128-wrap
+aes 6			: id-aes128-GCM		: aes-128-gcm
+aes 7			: id-aes128-CCM		: aes-128-ccm
+aes 8			: id-aes128-wrap-pad
+
+aes 21			: AES-192-ECB		: aes-192-ecb
+aes 22			: AES-192-CBC		: aes-192-cbc
+!Cname aes-192-ofb128
+aes 23			: AES-192-OFB		: aes-192-ofb
+!Cname aes-192-cfb128
+aes 24			: AES-192-CFB		: aes-192-cfb
+aes 25			: id-aes192-wrap
+aes 26			: id-aes192-GCM		: aes-192-gcm
+aes 27			: id-aes192-CCM		: aes-192-ccm
+aes 28			: id-aes192-wrap-pad
+
+aes 41			: AES-256-ECB		: aes-256-ecb
+aes 42			: AES-256-CBC		: aes-256-cbc
+!Cname aes-256-ofb128
+aes 43			: AES-256-OFB		: aes-256-ofb
+!Cname aes-256-cfb128
+aes 44			: AES-256-CFB		: aes-256-cfb
+aes 45			: id-aes256-wrap
+aes 46			: id-aes256-GCM		: aes-256-gcm
+aes 47			: id-aes256-CCM		: aes-256-ccm
+aes 48			: id-aes256-wrap-pad
+
+# There are no OIDs for these modes...
+
+			: AES-128-CFB1		: aes-128-cfb1
+			: AES-192-CFB1		: aes-192-cfb1
+			: AES-256-CFB1		: aes-256-cfb1
+			: AES-128-CFB8		: aes-128-cfb8
+			: AES-192-CFB8		: aes-192-cfb8
+			: AES-256-CFB8		: aes-256-cfb8
+			: AES-128-CTR		: aes-128-ctr
+			: AES-192-CTR		: aes-192-ctr
+			: AES-256-CTR		: aes-256-ctr
+			: AES-128-OCB		: aes-128-ocb
+			: AES-192-OCB		: aes-192-ocb
+			: AES-256-OCB		: aes-256-ocb
+			: AES-128-XTS		: aes-128-xts
+			: AES-256-XTS		: aes-256-xts
+			: DES-CFB1		: des-cfb1
+			: DES-CFB8		: des-cfb8
+			: DES-EDE3-CFB1		: des-ede3-cfb1
+			: DES-EDE3-CFB8		: des-ede3-cfb8
+
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1		: SHA256		: sha256
+nist_hashalgs 2		: SHA384		: sha384
+nist_hashalgs 3		: SHA512		: sha512
+nist_hashalgs 4		: SHA224		: sha224
+
+# OIDs for dsa-with-sha224 and dsa-with-sha256
+!Alias dsa_with_sha2 nistAlgorithms 3
+dsa_with_sha2 1		: dsa_with_SHA224
+dsa_with_sha2 2		: dsa_with_SHA256
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23		: holdInstructionCode	: Hold Instruction Code
+!Alias holdInstruction	X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1	: holdInstructionNone	: Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject
+
+# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+itu-t 9			: data
+data 2342		: pss
+pss 19200300		: ucl
+ucl 100			: pilot
+pilot 1			:			: pilotAttributeType
+pilot 3			:			: pilotAttributeSyntax
+pilot 4			:			: pilotObjectClass
+pilot 10		:			: pilotGroups
+pilotAttributeSyntax 4	:			: iA5StringSyntax
+pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
+pilotObjectClass 3	:			: pilotObject
+pilotObjectClass 4	:			: pilotPerson
+pilotObjectClass 5	: account
+pilotObjectClass 6	: document
+pilotObjectClass 7	: room
+pilotObjectClass 9	:			: documentSeries
+pilotObjectClass 13	: domain		: Domain
+pilotObjectClass 14	:			: rFC822localPart
+pilotObjectClass 15	:			: dNSDomain
+pilotObjectClass 17	:			: domainRelatedObject
+pilotObjectClass 18	:			: friendlyCountry
+pilotObjectClass 19	:			: simpleSecurityObject
+pilotObjectClass 20	:			: pilotOrganization
+pilotObjectClass 21	:			: pilotDSA
+pilotObjectClass 22	:			: qualityLabelledData
+pilotAttributeType 1	: UID			: userId
+pilotAttributeType 2	:			: textEncodedORAddress
+pilotAttributeType 3	: mail			: rfc822Mailbox
+pilotAttributeType 4	: info
+pilotAttributeType 5	:			: favouriteDrink
+pilotAttributeType 6	:			: roomNumber
+pilotAttributeType 7	: photo
+pilotAttributeType 8	:			: userClass
+pilotAttributeType 9	: host
+pilotAttributeType 10	: manager
+pilotAttributeType 11	:			: documentIdentifier
+pilotAttributeType 12	:			: documentTitle
+pilotAttributeType 13	:			: documentVersion
+pilotAttributeType 14	:			: documentAuthor
+pilotAttributeType 15	:			: documentLocation
+pilotAttributeType 20	:			: homeTelephoneNumber
+pilotAttributeType 21	: secretary
+pilotAttributeType 22	:			: otherMailbox
+pilotAttributeType 23	:			: lastModifiedTime
+pilotAttributeType 24	:			: lastModifiedBy
+pilotAttributeType 25	: DC			: domainComponent
+pilotAttributeType 26	:			: aRecord
+pilotAttributeType 27	:			: pilotAttributeType27
+pilotAttributeType 28	:			: mXRecord
+pilotAttributeType 29	:			: nSRecord
+pilotAttributeType 30	:			: sOARecord
+pilotAttributeType 31	:			: cNAMERecord
+pilotAttributeType 37	:			: associatedDomain
+pilotAttributeType 38	:			: associatedName
+pilotAttributeType 39	:			: homePostalAddress
+pilotAttributeType 40	:			: personalTitle
+pilotAttributeType 41	:			: mobileTelephoneNumber
+pilotAttributeType 42	:			: pagerTelephoneNumber
+pilotAttributeType 43	:			: friendlyCountryName
+pilotAttributeType 44	: uid			: uniqueIdentifier
+pilotAttributeType 45	:			: organizationalStatus
+pilotAttributeType 46	:			: janetMailbox
+pilotAttributeType 47	:			: mailPreferenceOption
+pilotAttributeType 48	:			: buildingName
+pilotAttributeType 49	:			: dSAQuality
+pilotAttributeType 50	:			: singleLevelQuality
+pilotAttributeType 51	:			: subtreeMinimumQuality
+pilotAttributeType 52	:			: subtreeMaximumQuality
+pilotAttributeType 53	:			: personalSignature
+pilotAttributeType 54	:			: dITRedirect
+pilotAttributeType 55	: audio
+pilotAttributeType 56	:			: documentPublisher
+
+international-organizations 42	: id-set	: Secure Electronic Transactions
+
+id-set 0		: set-ctype		: content types
+id-set 1		: set-msgExt		: message extensions
+id-set 3		: set-attr
+id-set 5		: set-policy
+id-set 7		: set-certExt		: certificate extensions
+id-set 8		: set-brand
+
+set-ctype 0		: setct-PANData
+set-ctype 1		: setct-PANToken
+set-ctype 2		: setct-PANOnly
+set-ctype 3		: setct-OIData
+set-ctype 4		: setct-PI
+set-ctype 5		: setct-PIData
+set-ctype 6		: setct-PIDataUnsigned
+set-ctype 7		: setct-HODInput
+set-ctype 8		: setct-AuthResBaggage
+set-ctype 9		: setct-AuthRevReqBaggage
+set-ctype 10		: setct-AuthRevResBaggage
+set-ctype 11		: setct-CapTokenSeq
+set-ctype 12		: setct-PInitResData
+set-ctype 13		: setct-PI-TBS
+set-ctype 14		: setct-PResData
+set-ctype 16		: setct-AuthReqTBS
+set-ctype 17		: setct-AuthResTBS
+set-ctype 18		: setct-AuthResTBSX
+set-ctype 19		: setct-AuthTokenTBS
+set-ctype 20		: setct-CapTokenData
+set-ctype 21		: setct-CapTokenTBS
+set-ctype 22		: setct-AcqCardCodeMsg
+set-ctype 23		: setct-AuthRevReqTBS
+set-ctype 24		: setct-AuthRevResData
+set-ctype 25		: setct-AuthRevResTBS
+set-ctype 26		: setct-CapReqTBS
+set-ctype 27		: setct-CapReqTBSX
+set-ctype 28		: setct-CapResData
+set-ctype 29		: setct-CapRevReqTBS
+set-ctype 30		: setct-CapRevReqTBSX
+set-ctype 31		: setct-CapRevResData
+set-ctype 32		: setct-CredReqTBS
+set-ctype 33		: setct-CredReqTBSX
+set-ctype 34		: setct-CredResData
+set-ctype 35		: setct-CredRevReqTBS
+set-ctype 36		: setct-CredRevReqTBSX
+set-ctype 37		: setct-CredRevResData
+set-ctype 38		: setct-PCertReqData
+set-ctype 39		: setct-PCertResTBS
+set-ctype 40		: setct-BatchAdminReqData
+set-ctype 41		: setct-BatchAdminResData
+set-ctype 42		: setct-CardCInitResTBS
+set-ctype 43		: setct-MeAqCInitResTBS
+set-ctype 44		: setct-RegFormResTBS
+set-ctype 45		: setct-CertReqData
+set-ctype 46		: setct-CertReqTBS
+set-ctype 47		: setct-CertResData
+set-ctype 48		: setct-CertInqReqTBS
+set-ctype 49		: setct-ErrorTBS
+set-ctype 50		: setct-PIDualSignedTBE
+set-ctype 51		: setct-PIUnsignedTBE
+set-ctype 52		: setct-AuthReqTBE
+set-ctype 53		: setct-AuthResTBE
+set-ctype 54		: setct-AuthResTBEX
+set-ctype 55		: setct-AuthTokenTBE
+set-ctype 56		: setct-CapTokenTBE
+set-ctype 57		: setct-CapTokenTBEX
+set-ctype 58		: setct-AcqCardCodeMsgTBE
+set-ctype 59		: setct-AuthRevReqTBE
+set-ctype 60		: setct-AuthRevResTBE
+set-ctype 61		: setct-AuthRevResTBEB
+set-ctype 62		: setct-CapReqTBE
+set-ctype 63		: setct-CapReqTBEX
+set-ctype 64		: setct-CapResTBE
+set-ctype 65		: setct-CapRevReqTBE
+set-ctype 66		: setct-CapRevReqTBEX
+set-ctype 67		: setct-CapRevResTBE
+set-ctype 68		: setct-CredReqTBE
+set-ctype 69		: setct-CredReqTBEX
+set-ctype 70		: setct-CredResTBE
+set-ctype 71		: setct-CredRevReqTBE
+set-ctype 72		: setct-CredRevReqTBEX
+set-ctype 73		: setct-CredRevResTBE
+set-ctype 74		: setct-BatchAdminReqTBE
+set-ctype 75		: setct-BatchAdminResTBE
+set-ctype 76		: setct-RegFormReqTBE
+set-ctype 77		: setct-CertReqTBE
+set-ctype 78		: setct-CertReqTBEX
+set-ctype 79		: setct-CertResTBE
+set-ctype 80		: setct-CRLNotificationTBS
+set-ctype 81		: setct-CRLNotificationResTBS
+set-ctype 82		: setct-BCIDistributionTBS
+
+set-msgExt 1		: setext-genCrypt	: generic cryptogram
+set-msgExt 3		: setext-miAuth		: merchant initiated auth
+set-msgExt 4		: setext-pinSecure
+set-msgExt 5		: setext-pinAny
+set-msgExt 7		: setext-track2
+set-msgExt 8		: setext-cv		: additional verification
+
+set-policy 0		: set-policy-root
+
+set-certExt 0		: setCext-hashedRoot
+set-certExt 1		: setCext-certType
+set-certExt 2		: setCext-merchData
+set-certExt 3		: setCext-cCertRequired
+set-certExt 4		: setCext-tunneling
+set-certExt 5		: setCext-setExt
+set-certExt 6		: setCext-setQualf
+set-certExt 7		: setCext-PGWYcapabilities
+set-certExt 8		: setCext-TokenIdentifier
+set-certExt 9		: setCext-Track2Data
+set-certExt 10		: setCext-TokenType
+set-certExt 11		: setCext-IssuerCapabilities
+
+set-attr 0		: setAttr-Cert
+set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
+set-attr 2		: setAttr-TokenType
+set-attr 3		: setAttr-IssCap	: issuer capabilities
+
+setAttr-Cert 0		: set-rootKeyThumb
+setAttr-Cert 1		: set-addPolicy
+
+setAttr-TokenType 1	: setAttr-Token-EMV
+setAttr-TokenType 2	: setAttr-Token-B0Prime
+
+setAttr-IssCap 3	: setAttr-IssCap-CVM
+setAttr-IssCap 4	: setAttr-IssCap-T2
+setAttr-IssCap 5	: setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
+setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
+setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2
+
+setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
+setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature
+
+set-brand 1		: set-brand-IATA-ATA
+set-brand 30		: set-brand-Diners
+set-brand 34		: set-brand-AmericanExpress
+set-brand 35		: set-brand-JCB
+set-brand 4		: set-brand-Visa
+set-brand 5		: set-brand-MasterCard
+set-brand 6011		: set-brand-Novus
+
+rsadsi 3 10		: DES-CDMF		: des-cdmf
+rsadsi 1 1 6		: rsaOAEPEncryptionSET
+
+			: Oakley-EC2N-3		: ipsec3
+			: Oakley-EC2N-4		: ipsec4
+
+iso 0 10118 3 0 55	: whirlpool
+
+# GOST OIDs
+
+member-body 643 2 2	: cryptopro
+member-body 643 2 9	: cryptocom
+member-body 643 7 1	: id-tc26
+
+cryptopro 3		: id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
+cryptopro 4		: id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
+!Cname id-GostR3411-94
+cryptopro 9		: md_gost94		: GOST R 34.11-94
+cryptopro 10		: id-HMACGostR3411-94	: HMAC GOST 34.11-94
+!Cname id-GostR3410-2001
+cryptopro 19		: gost2001	: GOST R 34.10-2001
+!Cname id-GostR3410-94
+cryptopro 20		: gost94	: GOST R 34.10-94
+!Cname id-Gost28147-89
+cryptopro 21		: gost89 		: GOST 28147-89
+			: gost89-cnt
+			: gost89-cnt-12
+			: gost89-cbc
+			: gost89-ecb
+			: gost89-ctr
+!Cname id-Gost28147-89-MAC
+cryptopro 22		: gost-mac	: GOST 28147-89 MAC
+			: gost-mac-12
+!Cname id-GostR3411-94-prf
+cryptopro 23		: prf-gostr3411-94	: GOST R 34.11-94 PRF
+cryptopro 98		: id-GostR3410-2001DH	: GOST R 34.10-2001 DH
+cryptopro 99		: id-GostR3410-94DH	: GOST R 34.10-94 DH
+
+cryptopro 14 1		: id-Gost28147-89-CryptoPro-KeyMeshing
+cryptopro 14 0		: id-Gost28147-89-None-KeyMeshing
+
+# GOST parameter set OIDs
+
+cryptopro 30 0		: id-GostR3411-94-TestParamSet
+cryptopro 30 1		: id-GostR3411-94-CryptoProParamSet
+
+cryptopro 31 0		: id-Gost28147-89-TestParamSet
+cryptopro 31 1		: id-Gost28147-89-CryptoPro-A-ParamSet
+cryptopro 31 2		: id-Gost28147-89-CryptoPro-B-ParamSet
+cryptopro 31 3		: id-Gost28147-89-CryptoPro-C-ParamSet
+cryptopro 31 4		: id-Gost28147-89-CryptoPro-D-ParamSet
+cryptopro 31 5		: id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
+cryptopro 31 6		: id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
+cryptopro 31 7		: id-Gost28147-89-CryptoPro-RIC-1-ParamSet
+
+cryptopro 32 0		: id-GostR3410-94-TestParamSet
+cryptopro 32 2		: id-GostR3410-94-CryptoPro-A-ParamSet
+cryptopro 32 3		: id-GostR3410-94-CryptoPro-B-ParamSet
+cryptopro 32 4		: id-GostR3410-94-CryptoPro-C-ParamSet
+cryptopro 32 5		: id-GostR3410-94-CryptoPro-D-ParamSet
+
+cryptopro 33 1		: id-GostR3410-94-CryptoPro-XchA-ParamSet
+cryptopro 33 2		: id-GostR3410-94-CryptoPro-XchB-ParamSet
+cryptopro 33 3		: id-GostR3410-94-CryptoPro-XchC-ParamSet
+
+cryptopro 35 0		: id-GostR3410-2001-TestParamSet
+cryptopro 35 1		: id-GostR3410-2001-CryptoPro-A-ParamSet
+cryptopro 35 2		: id-GostR3410-2001-CryptoPro-B-ParamSet
+cryptopro 35 3		: id-GostR3410-2001-CryptoPro-C-ParamSet
+
+cryptopro 36 0		: id-GostR3410-2001-CryptoPro-XchA-ParamSet
+cryptopro 36 1		: id-GostR3410-2001-CryptoPro-XchB-ParamSet
+
+id-GostR3410-94 1	: id-GostR3410-94-a
+id-GostR3410-94 2	: id-GostR3410-94-aBis
+id-GostR3410-94 3	: id-GostR3410-94-b
+id-GostR3410-94 4	: id-GostR3410-94-bBis
+
+# Cryptocom LTD GOST OIDs
+
+cryptocom 1 6 1		: id-Gost28147-89-cc	: GOST 28147-89 Cryptocom ParamSet
+!Cname id-GostR3410-94-cc
+cryptocom 1 5 3		: gost94cc	: GOST 34.10-94 Cryptocom
+!Cname id-GostR3410-2001-cc
+cryptocom 1 5 4		: gost2001cc	: GOST 34.10-2001 Cryptocom
+
+cryptocom 1 3 3		: id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
+cryptocom 1 3 4		: id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
+
+cryptocom 1 8 1		: id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+
+# TC26 GOST OIDs
+
+id-tc26 1 		: id-tc26-algorithms
+id-tc26-algorithms 1	: id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1		: gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2		: gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2	: id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2	: md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3	: md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3	: id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4	: id-tc26-mac
+id-tc26-mac 1		: id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2		: id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5	: id-tc26-cipher
+
+id-tc26-algorithms 6	: id-tc26-agreement
+id-tc26-agreement 1	: id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2	: id-tc26-agreement-gost-3410-2012-512
+
+id-tc26 2 		: id-tc26-constants
+
+id-tc26-constants 1	: id-tc26-sign-constants
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0	: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1	: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2	: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+
+id-tc26-constants 2     : id-tc26-digest-constants
+id-tc26-constants 5     : id-tc26-cipher-constants
+id-tc26-cipher-constants 1	: id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1	: id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1	: INN	: INN
+member-body 643 100 1		: OGRN	: OGRN
+member-body 643 100 3		: SNILS	: SNILS
+member-body 643 100 111	: subjectSignTool	: Signing Tool of Subject
+member-body 643 100 112	: issuerSignTool	: Signing Tool of Issuer
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+			: grasshopper-ecb
+			: grasshopper-ctr
+			: grasshopper-ofb
+			: grasshopper-cbc
+			: grasshopper-cfb
+			: grasshopper-mac
+
+# Definitions for Camellia cipher - CBC MODE
+
+1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
+1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC		: camellia-192-cbc
+1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC		: camellia-256-cbc
+1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
+1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
+1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap
+
+# Definitions for Camellia cipher - ECB, CFB, OFB MODE
+
+!Alias ntt-ds 0 3 4401 5
+!Alias camellia ntt-ds 3 1 9 
+
+camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb
+!Cname camellia-128-ofb128
+camellia 3		: CAMELLIA-128-OFB		: camellia-128-ofb
+!Cname camellia-128-cfb128
+camellia 4		: CAMELLIA-128-CFB		: camellia-128-cfb
+camellia 6		: CAMELLIA-128-GCM		: camellia-128-gcm
+camellia 7		: CAMELLIA-128-CCM		: camellia-128-ccm
+camellia 9		: CAMELLIA-128-CTR		: camellia-128-ctr
+camellia 10		: CAMELLIA-128-CMAC		: camellia-128-cmac
+
+camellia 21		: CAMELLIA-192-ECB		: camellia-192-ecb
+!Cname camellia-192-ofb128
+camellia 23		: CAMELLIA-192-OFB		: camellia-192-ofb
+!Cname camellia-192-cfb128
+camellia 24		: CAMELLIA-192-CFB		: camellia-192-cfb
+camellia 26		: CAMELLIA-192-GCM		: camellia-192-gcm
+camellia 27		: CAMELLIA-192-CCM		: camellia-192-ccm
+camellia 29		: CAMELLIA-192-CTR		: camellia-192-ctr
+camellia 30		: CAMELLIA-192-CMAC		: camellia-192-cmac
+
+camellia 41		: CAMELLIA-256-ECB		: camellia-256-ecb
+!Cname camellia-256-ofb128
+camellia 43		: CAMELLIA-256-OFB		: camellia-256-ofb
+!Cname camellia-256-cfb128
+camellia 44		: CAMELLIA-256-CFB		: camellia-256-cfb
+camellia 46		: CAMELLIA-256-GCM		: camellia-256-gcm
+camellia 47		: CAMELLIA-256-CCM		: camellia-256-ccm
+camellia 49		: CAMELLIA-256-CTR		: camellia-256-ctr
+camellia 50		: CAMELLIA-256-CMAC		: camellia-256-cmac
+
+# There are no OIDs for these modes...
+
+			: CAMELLIA-128-CFB1		: camellia-128-cfb1
+			: CAMELLIA-192-CFB1		: camellia-192-cfb1
+			: CAMELLIA-256-CFB1		: camellia-256-cfb1
+			: CAMELLIA-128-CFB8		: camellia-128-cfb8
+			: CAMELLIA-192-CFB8		: camellia-192-cfb8
+			: CAMELLIA-256-CFB8		: camellia-256-cfb8
+
+# Definitions for SEED cipher - ECB, CBC, OFB mode
+
+member-body 410 200004  : KISA          : kisa
+kisa 1 3                : SEED-ECB      : seed-ecb
+kisa 1 4                : SEED-CBC      : seed-cbc
+!Cname seed-cfb128
+kisa 1 5                : SEED-CFB      : seed-cfb
+!Cname seed-ofb128
+kisa 1 6                : SEED-OFB      : seed-ofb
+
+# There is no OID that just denotes "HMAC" oddly enough...
+
+			: HMAC				: hmac
+# Nor CMAC either
+			: CMAC				: cmac
+
+# Synthetic composite ciphersuites
+			: RC4-HMAC-MD5			: rc4-hmac-md5
+			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
+			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
+			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
+			: AES-128-CBC-HMAC-SHA256	: aes-128-cbc-hmac-sha256
+			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
+			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
+			: ChaCha20-Poly1305		: chacha20-poly1305
+			: ChaCha20			: chacha20
+
+ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
+
+# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
+# versionOne OBJECT IDENTIFIER ::= {
+# iso(1) identifified-organization(3) teletrust(36) algorithm(3)
+# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
+# ellipticCurve(1) 1 }
+1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
+1 3 36 3 3 2 8 1 1 2 : brainpoolP160t1
+1 3 36 3 3 2 8 1 1 3 : brainpoolP192r1
+1 3 36 3 3 2 8 1 1 4 : brainpoolP192t1
+1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
+1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
+1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
+1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
+1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
+1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
+1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1            
+
+# ECDH schemes from RFC5753
+!Alias x9-63-scheme 1 3 133 16 840 63 0
+!Alias secg-scheme certicom-arc 1
+
+x9-63-scheme 2   : dhSinglePass-stdDH-sha1kdf-scheme
+secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
+secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
+secg-scheme 11 2 : dhSinglePass-stdDH-sha384kdf-scheme
+secg-scheme 11 3 : dhSinglePass-stdDH-sha512kdf-scheme
+
+x9-63-scheme 3   : dhSinglePass-cofactorDH-sha1kdf-scheme
+secg-scheme 14 0 : dhSinglePass-cofactorDH-sha224kdf-scheme
+secg-scheme 14 1 : dhSinglePass-cofactorDH-sha256kdf-scheme
+secg-scheme 14 2 : dhSinglePass-cofactorDH-sha384kdf-scheme
+secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
+# NIDs for use with lookup tables.
+                 : dh-std-kdf
+                 : dh-cofactor-kdf
+
+# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
+1 3 6 1 4 1 11129 2 4 2	: ct_precert_scts		: CT Precertificate SCTs
+1 3 6 1 4 1 11129 2 4 3	: ct_precert_poison		: CT Precertificate Poison
+1 3 6 1 4 1 11129 2 4 4	: ct_precert_signer		: CT Precertificate Signer
+1 3 6 1 4 1 11129 2 4 5	: ct_cert_scts			: CT Certificate SCTs
+
+# CABForum EV SSL Certificate Guidelines
+# (see https://cabforum.org/extended-validation/)
+# OIDs for Subject Jurisdiction of Incorporation or Registration
+1 3 6 1 4 1 311 60 2 1 1	: jurisdictionL		: jurisdictionLocalityName
+1 3 6 1 4 1 311 60 2 1 2	: jurisdictionST	: jurisdictionStateOrProvinceName
+1 3 6 1 4 1 311 60 2 1 3	: jurisdictionC		: jurisdictionCountryName
+
+# SCRYPT algorithm
+1 3 6 1 4 1 11591 4 11		: id-scrypt
+
+# NID for TLS1 PRF
+                            : TLS1-PRF          : tls1-prf
+
+# NID for HKDF
+                            : HKDF              : hkdf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4                     : pkInitClientAuth      : PKINIT Client Auth
+id-pkinit 5                     : pkInitKDC             : Signing KDC Response
+
+# New curves from draft-ietf-curdle-pkix-00
+1 3 101 110 : X25519
+1 3 101 111 : X448
+
+# NIDs for cipher key exchange
+                            : KxRSA        : kx-rsa
+                            : KxECDHE      : kx-ecdhe
+                            : KxDHE        : kx-dhe
+                            : KxECDHE-PSK  : kx-ecdhe-psk
+                            : KxDHE-PSK    : kx-dhe-psk
+                            : KxRSA_PSK    : kx-rsa-psk
+                            : KxPSK        : kx-psk
+                            : KxSRP        : kx-srp
+                            : KxGOST       : kx-gost
+
+# NIDs for cipher authentication
+                            : AuthRSA      : auth-rsa
+                            : AuthECDSA    : auth-ecdsa
+                            : AuthPSK      : auth-psk
+                            : AuthDSS      : auth-dss
+                            : AuthGOST01   : auth-gost01
+                            : AuthGOST12   : auth-gost12
+                            : AuthSRP      : auth-srp
+                            : AuthNULL     : auth-null
+
diff --git a/openssl-1.1.0h/crypto/objects/objxref.pl b/openssl-1.1.0h/crypto/objects/objxref.pl
new file mode 100644
index 0000000..53f9bd6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/objects/objxref.pl
@@ -0,0 +1,135 @@
+#! /usr/bin/env perl
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+
+my %xref_tbl;
+my %oid_tbl;
+
+my ($mac_file, $xref_file) = @ARGV;
+
+open(IN, $mac_file) || die "Can't open $mac_file, $!\n";
+
+# Read in OID nid values for a lookup table.
+
+while (<IN>)
+	{
+	s|\R$||;                # Better chomp
+	my ($name, $num) = /^(\S+)\s+(\S+)$/;
+	$oid_tbl{$name} = $num;
+	}
+close IN;
+
+open(IN, $xref_file) || die "Can't open $xref_file, $!\n";
+
+my $ln = 1;
+
+while (<IN>)
+	{
+	s|\R$||;                # Better chomp
+	s/#.*$//;
+	next if (/^\S*$/);
+	my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
+	check_oid($xr);
+	check_oid($p1);
+	check_oid($p2);
+	$xref_tbl{$xr} = [$p1, $p2, $ln];
+	}
+
+my @xrkeys = keys %xref_tbl;
+
+my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
+
+my $i;
+for($i = 0; $i <= $#srt1; $i++)
+	{
+	$xref_tbl{$srt1[$i]}[2] = $i;
+	}
+
+my @srt2 = sort
+	{
+	my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
+	my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
+	return $ap1 - $bp1 if ($ap1 != $bp1);
+	my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
+	my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
+
+	return $ap2 - $bp2;
+	} @xrkeys;
+
+my $pname = $0;
+$pname =~ s|.*/||;
+
+print <<EOF;
+/*
+ * WARNING: do not edit!
+ * Generated by $pname
+ *
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+typedef struct {
+    int sign_id;
+    int hash_id;
+    int pkey_id;
+} nid_triple;
+
+DEFINE_STACK_OF(nid_triple)
+
+static const nid_triple sigoid_srt[] = {
+EOF
+
+foreach (@srt1)
+	{
+	my $xr = $_;
+	my ($p1, $p2) = @{$xref_tbl{$_}};
+	my $o1 = "    {NID_$xr, NID_$p1,";
+	my $o2 = "NID_$p2},";
+        if (length("$o1 $o2") < 78)
+		{
+		print "$o1 $o2\n";
+		}
+	else
+		{
+		print "$o1\n     $o2\n";
+		}
+        }
+
+print "};";
+print <<EOF;
+
+
+static const nid_triple *const sigoid_srt_xref[] = {
+EOF
+
+foreach (@srt2)
+	{
+	my ($p1, $p2, $x) = @{$xref_tbl{$_}};
+	# If digest or signature algorithm is "undef" then the algorithm
+	# needs special handling and is excluded from the cross reference table.
+	next if $p1 eq "undef" || $p2 eq "undef";
+	print "    \&sigoid_srt\[$x\],\n";
+	}
+
+print "};\n";
+
+sub check_oid
+	{
+	my ($chk) = @_;
+	if (!exists $oid_tbl{$chk})
+		{
+		die "Can't find \"$chk\"\n";
+		}
+	}
diff --git a/openssl-1.1.0h/crypto/ocsp/build.info b/openssl-1.1.0h/crypto/ocsp/build.info
new file mode 100644
index 0000000..0902caa
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_asn.c b/openssl-1.1.0h/crypto/ocsp/ocsp_asn.c
new file mode 100644
index 0000000..1e0b827
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_asn.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+        ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+        ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+        ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+           ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+           ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_cl.c b/openssl-1.1.0h/crypto/ocsp/ocsp_cl.c
new file mode 100644
index 0000000..a42b80f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_cl.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+/*
+ * Utility functions related to sending OCSP requests and extracting relevant
+ * information from the response.
+ */
+
+/*
+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
+ * useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+{
+    OCSP_ONEREQ *one = NULL;
+
+    if ((one = OCSP_ONEREQ_new()) == NULL)
+        return NULL;
+    OCSP_CERTID_free(one->reqCert);
+    one->reqCert = cid;
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
+        goto err;
+    }
+    return one;
+ err:
+    OCSP_ONEREQ_free(one);
+    return NULL;
+}
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+{
+    GENERAL_NAME *gen;
+
+    gen = GENERAL_NAME_new();
+    if (gen == NULL)
+        return 0;
+    if (!X509_NAME_set(&gen->d.directoryName, nm)) {
+        GENERAL_NAME_free(gen);
+        return 0;
+    }
+    gen->type = GEN_DIRNAME;
+    GENERAL_NAME_free(req->tbsRequest.requestorName);
+    req->tbsRequest.requestorName = gen;
+    return 1;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+{
+    OCSP_SIGNATURE *sig;
+    if (req->optionalSignature == NULL)
+        req->optionalSignature = OCSP_SIGNATURE_new();
+    sig = req->optionalSignature;
+    if (sig == NULL)
+        return 0;
+    if (cert == NULL)
+        return 1;
+    if (sig->certs == NULL
+        && (sig->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(sig->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+/*
+ * Sign an OCSP request set the requestorName to the subject name of an
+ * optional signers certificate and include one or more optional certificates
+ * in the request. Behaves like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    X509 *x;
+
+    if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+        goto err;
+
+    if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL)
+        goto err;
+    if (key) {
+        if (!X509_check_private_key(signer, key)) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+            goto err;
+        }
+        if (!OCSP_REQUEST_sign(req, key, dgst))
+            goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_request_add1_cert(req, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            if (!OCSP_request_add1_cert(req, x))
+                goto err;
+        }
+    }
+
+    return 1;
+ err:
+    OCSP_SIGNATURE_free(req->optionalSignature);
+    req->optionalSignature = NULL;
+    return 0;
+}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+{
+    return ASN1_ENUMERATED_get(resp->responseStatus);
+}
+
+/*
+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response
+ * present.
+ */
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+{
+    OCSP_RESPBYTES *rb;
+    rb = resp->responseBytes;
+    if (!rb) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+        return NULL;
+    }
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+        return NULL;
+    }
+
+    return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+}
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+    return bs->signature;
+}
+
+/*
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+{
+    if (!bs)
+        return -1;
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
+}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+{
+    if (!bs)
+        return NULL;
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
+}
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
+{
+    return bs->tbsResponseData.producedAt;
+}
+
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+    return bs->certs;
+}
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname)
+
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = rid->value.byName;
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = rid->value.byKey;
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    return 1;
+}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+{
+    int i;
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    OCSP_SINGLERESP *single;
+    if (!bs)
+        return -1;
+    if (last < 0)
+        last = 0;
+    else
+        last++;
+    sresp = bs->tbsResponseData.responses;
+    for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+        single = sk_OCSP_SINGLERESP_value(sresp, i);
+        if (!OCSP_id_cmp(id, single->certId))
+            return i;
+    }
+    return -1;
+}
+
+/*
+ * Extract status information from an OCSP_SINGLERESP structure. Note: the
+ * revtime and reason values are only set if the certificate status is
+ * revoked. Returns numerical value of status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd)
+{
+    int ret;
+    OCSP_CERTSTATUS *cst;
+    if (!single)
+        return -1;
+    cst = single->certStatus;
+    ret = cst->type;
+    if (ret == V_OCSP_CERTSTATUS_REVOKED) {
+        OCSP_REVOKEDINFO *rev = cst->value.revoked;
+        if (revtime)
+            *revtime = rev->revocationTime;
+        if (reason) {
+            if (rev->revocationReason)
+                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+            else
+                *reason = -1;
+        }
+    }
+    if (thisupd)
+        *thisupd = single->thisUpdate;
+    if (nextupd)
+        *nextupd = single->nextUpdate;
+    return ret;
+}
+
+/*
+ * This function combines the previous ones: look up a certificate ID and if
+ * found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd)
+{
+    int i;
+    OCSP_SINGLERESP *single;
+    i = OCSP_resp_find(bs, id, -1);
+    /* Maybe check for multiple responses and give an error? */
+    if (i < 0)
+        return 0;
+    single = OCSP_resp_get0(bs, i);
+    i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+    if (status)
+        *status = i;
+    return 1;
+}
+
+/*
+ * Check validity of thisUpdate and nextUpdate fields. It is possible that
+ * the request will take a few seconds to process and/or the time won't be
+ * totally accurate. Therefore to avoid rejecting otherwise valid time we
+ * allow the times to be within 'nsec' of the current time. Also to avoid
+ * accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+{
+    int ret = 1;
+    time_t t_now, t_tmp;
+    time(&t_now);
+    /* Check thisUpdate is valid and not more than nsec in the future */
+    if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now + nsec;
+        if (X509_cmp_time(thisupd, &t_tmp) > 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+            ret = 0;
+        }
+
+        /*
+         * If maxsec specified check thisUpdate is not more than maxsec in
+         * the past
+         */
+        if (maxsec >= 0) {
+            t_tmp = t_now - maxsec;
+            if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                ret = 0;
+            }
+        }
+    }
+
+    if (!nextupd)
+        return ret;
+
+    /* Check nextUpdate is valid and not more than nsec in the past */
+    if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now - nsec;
+        if (X509_cmp_time(nextupd, &t_tmp) < 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+            ret = 0;
+        }
+    }
+
+    /* Also don't allow nextUpdate to precede thisUpdate */
+    if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+    return single->certId;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_err.c b/openssl-1.1.0h/crypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000..a2d96e9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,91 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
+
+static ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+    {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+    {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"},
+    {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+    {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+    {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+    {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+    {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+    {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+     "error in nextupdate field"},
+    {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+     "error in thisupdate field"},
+    {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),
+     "missing ocspsigning usage"},
+    {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+     "nextupdate before thisupdate"},
+    {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
+    {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
+    {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"},
+    {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},
+    {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+     "response contains no revocation data"},
+    {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
+    {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
+    {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+     "server response parse error"},
+    {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+     "signer certificate not found"},
+    {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"},
+    {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
+    {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+     "unsupported requestorname type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OCSP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, OCSP_str_functs);
+        ERR_load_strings(0, OCSP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_ext.c b/openssl-1.1.0h/crypto/ocsp/ocsp_ext.c
new file mode 100644
index 0000000..b829b2e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+{
+    return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
+}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsRequest.requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsRequest.requestExtensions, obj, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsRequest.requestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+{
+    return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+{
+    return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
+}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
+}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
+                           crit, flags);
+}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
+            NULL);
+}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+{
+    return (X509v3_get_ext_count(x->singleRequestExtensions));
+}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->singleRequestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+{
+    return (X509v3_get_ext(x->singleRequestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+{
+    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+                           flags);
+}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+{
+    return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
+}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsResponseData.responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsResponseData.responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsResponseData.responseExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+{
+    return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+{
+    return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx)
+{
+    return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
+                          idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
+                           value, crit, flags);
+}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
+            != NULL);
+}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+{
+    return (X509v3_get_ext_count(x->singleExtensions));
+}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos)
+{
+    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return (X509v3_get_ext(x->singleExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return (X509v3_delete_ext(x->singleExtensions, loc));
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx)
+{
+    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
+
+/* also CRL Entry Extensions */
+
+/* Nonce handling functions */
+
+/*
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+                           unsigned char *val, int len)
+{
+    unsigned char *tmpval;
+    ASN1_OCTET_STRING os;
+    int ret = 0;
+    if (len <= 0)
+        len = OCSP_DEFAULT_NONCE_LENGTH;
+    /*
+     * Create the OCTET STRING manually by writing out the header and
+     * appending the content octets. This avoids an extra memory allocation
+     * operation in some cases. Applications should *NOT* do this because it
+     * relies on library internals.
+     */
+    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        return 0;
+
+    os.data = OPENSSL_malloc(os.length);
+    if (os.data == NULL)
+        goto err;
+    tmpval = os.data;
+    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+    if (val)
+        memcpy(tmpval, val, len);
+    else if (RAND_bytes(tmpval, len) <= 0)
+        goto err;
+    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_free(os.data);
+    return ret;
+}
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
+}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
+                           len);
+}
+
+/*-
+ * Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+{
+    /*
+     * Since we are only interested in the presence or absence of
+     * the nonce and comparing its value there is no need to use
+     * the X509V3 routines: this way we can avoid them allocating an
+     * ASN1_OCTET_STRING structure for the value which would be
+     * freed immediately anyway.
+     */
+
+    int req_idx, resp_idx;
+    X509_EXTENSION *req_ext, *resp_ext;
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+    /* Check both absent */
+    if ((req_idx < 0) && (resp_idx < 0))
+        return 2;
+    /* Check in request only */
+    if ((req_idx >= 0) && (resp_idx < 0))
+        return -1;
+    /* Check in response but not request */
+    if ((req_idx < 0) && (resp_idx >= 0))
+        return 3;
+    /*
+     * Otherwise nonce in request and response so retrieve the extensions
+     */
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+    if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+                              X509_EXTENSION_get_data(resp_ext)))
+        return 0;
+    return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+{
+    X509_EXTENSION *req_ext;
+    int req_idx;
+    /* Check for nonce in request */
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    /* If no nonce that's OK */
+    if (req_idx < 0)
+        return 2;
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    OCSP_CRLID *cid = NULL;
+
+    if ((cid = OCSP_CRLID_new()) == NULL)
+        goto err;
+    if (url) {
+        if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+            goto err;
+    }
+    if (n) {
+        if ((cid->crlNum = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+            goto err;
+    }
+    if (tim) {
+        if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL)
+            goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+            goto err;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+ err:
+    OCSP_CRLID_free(cid);
+    return x;
+}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+{
+    int nid;
+    STACK_OF(ASN1_OBJECT) *sk = NULL;
+    ASN1_OBJECT *o = NULL;
+    X509_EXTENSION *x = NULL;
+
+    if ((sk = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    while (oids && *oids) {
+        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+            sk_ASN1_OBJECT_push(sk, o);
+        oids++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+ err:
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return x;
+}
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_GENERALIZEDTIME *gt = NULL;
+
+    if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+        goto err;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+ err:
+    ASN1_GENERALIZEDTIME_free(gt);
+    return x;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    OCSP_SERVICELOC *sloc = NULL;
+    ACCESS_DESCRIPTION *ad = NULL;
+
+    if ((sloc = OCSP_SERVICELOC_new()) == NULL)
+        goto err;
+    if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL)
+        goto err;
+    if (urls && *urls
+        && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL)
+        goto err;
+    while (urls && *urls) {
+        if ((ad = ACCESS_DESCRIPTION_new()) == NULL)
+            goto err;
+        if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL)
+            goto err;
+        if ((ad->location = GENERAL_NAME_new()) == NULL)
+            goto err;
+        if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+            goto err;
+        ad->location->type = GEN_URI;
+        ad->location->d.ia5 = ia5;
+        ia5 = NULL;
+        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+            goto err;
+        ad = NULL;
+        urls++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+ err:
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
+    OCSP_SERVICELOC_free(sloc);
+    return x;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_ht.c b/openssl-1.1.0h/crypto/ocsp/ocsp_ht.c
new file mode 100644
index 0000000..d8796ca
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_ht.c
@@ -0,0 +1,502 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include "e_os.h"
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* Stateful OCSP request code, supporting non-blocking I/O */
+
+/* Opaque OCSP request status structure */
+
+struct ocsp_req_ctx_st {
+    int state;                  /* Current I/O state */
+    unsigned char *iobuf;       /* Line buffer */
+    int iobuflen;               /* Line buffer length */
+    BIO *io;                    /* BIO to perform I/O with */
+    BIO *mem;                   /* Memory BIO response is built into */
+    unsigned long asn1_len;     /* ASN1 length of response */
+    unsigned long max_resp_len; /* Maximum length of response */
+};
+
+#define OCSP_MAX_RESP_LENGTH    (100 * 1024)
+#define OCSP_MAX_LINE_LEN       4096;
+
+/* OCSP states */
+
+/* If set no reading should be performed */
+#define OHS_NOREAD              0x1000
+/* Error condition */
+#define OHS_ERROR               (0 | OHS_NOREAD)
+/* First line being read */
+#define OHS_FIRSTLINE           1
+/* MIME headers being read */
+#define OHS_HEADERS             2
+/* OCSP initial header (tag + length) being read */
+#define OHS_ASN1_HEADER         3
+/* OCSP content octets being read */
+#define OHS_ASN1_CONTENT        4
+/* First call: ready to start I/O */
+#define OHS_ASN1_WRITE_INIT     (5 | OHS_NOREAD)
+/* Request being sent */
+#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
+/* Request being flushed */
+#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
+/* Completed */
+#define OHS_DONE                (8 | OHS_NOREAD)
+/* Headers set, no final \r\n included */
+#define OHS_HTTP_HEADER         (9 | OHS_NOREAD)
+
+static int parse_http_line1(char *line);
+
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)
+{
+    OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
+        return NULL;
+    rctx->state = OHS_ERROR;
+    rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    rctx->mem = BIO_new(BIO_s_mem());
+    rctx->io = io;
+    if (maxline > 0)
+        rctx->iobuflen = maxline;
+    else
+        rctx->iobuflen = OCSP_MAX_LINE_LEN;
+    rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+    if (rctx->iobuf == NULL || rctx->mem == NULL) {
+        OCSP_REQ_CTX_free(rctx);
+        return NULL;
+    }
+    return rctx;
+}
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
+{
+    if (!rctx)
+        return;
+    BIO_free(rctx->mem);
+    OPENSSL_free(rctx->iobuf);
+    OPENSSL_free(rctx);
+}
+
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx)
+{
+    return rctx->mem;
+}
+
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len)
+{
+    if (len == 0)
+        rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    else
+        rctx->max_resp_len = len;
+}
+
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    int reqlen = ASN1_item_i2d(val, NULL, it);
+    if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0)
+        return 0;
+    if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0)
+        return 0;
+    rctx->state = OHS_ASN1_WRITE_INIT;
+    return 1;
+}
+
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx,
+                          ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int rv, len;
+    const unsigned char *p;
+
+    rv = OCSP_REQ_CTX_nbio(rctx);
+    if (rv != 1)
+        return rv;
+
+    len = BIO_get_mem_data(rctx->mem, &p);
+    *pval = ASN1_item_d2i(NULL, &p, len, it);
+    if (*pval == NULL) {
+        rctx->state = OHS_ERROR;
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    if (!path)
+        path = "/";
+
+    if (BIO_printf(rctx->mem, http_hdr, op, path) <= 0)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
+{
+    return OCSP_REQ_CTX_i2d(rctx, ASN1_ITEM_rptr(OCSP_REQUEST),
+                            (ASN1_VALUE *)req);
+}
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value)
+{
+    if (!name)
+        return 0;
+    if (BIO_puts(rctx->mem, name) <= 0)
+        return 0;
+    if (value) {
+        if (BIO_write(rctx->mem, ": ", 2) != 2)
+            return 0;
+        if (BIO_puts(rctx->mem, value) <= 0)
+            return 0;
+    }
+    if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline)
+{
+
+    OCSP_REQ_CTX *rctx = NULL;
+    rctx = OCSP_REQ_CTX_new(io, maxline);
+    if (rctx == NULL)
+        return NULL;
+
+    if (!OCSP_REQ_CTX_http(rctx, "POST", path))
+        goto err;
+
+    if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
+        goto err;
+
+    return rctx;
+
+ err:
+    OCSP_REQ_CTX_free(rctx);
+    return NULL;
+}
+
+/*
+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We
+ * need to obtain the numeric code and (optional) informational message.
+ */
+
+static int parse_http_line1(char *line)
+{
+    int retcode;
+    char *p, *q, *r;
+    /* Skip to first white space (passed protocol info) */
+
+    for (p = line; *p && !isspace((unsigned char)*p); p++)
+        continue;
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Skip past white space to start of response code */
+    while (*p && isspace((unsigned char)*p))
+        p++;
+
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Find end of response code: first whitespace after start of code */
+    for (q = p; *q && !isspace((unsigned char)*q); q++)
+        continue;
+
+    if (!*q) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Set end of response code and start of message */
+    *q++ = 0;
+
+    /* Attempt to parse numeric code */
+    retcode = strtoul(p, &r, 10);
+
+    if (*r)
+        return 0;
+
+    /* Skip over any leading white space in message */
+    while (*q && isspace((unsigned char)*q))
+        q++;
+
+    if (*q) {
+        /*
+         * Finally zap any trailing white space in message (include CRLF)
+         */
+
+        /* We know q has a non white space character so this is OK */
+        for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
+            *r = 0;
+    }
+    if (retcode != 200) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+        if (!*q)
+            ERR_add_error_data(2, "Code=", p);
+        else
+            ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+        return 0;
+    }
+
+    return 1;
+
+}
+
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
+{
+    int i, n;
+    const unsigned char *p;
+ next_io:
+    if (!(rctx->state & OHS_NOREAD)) {
+        n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            return 0;
+        }
+
+        /* Write data to memory BIO */
+
+        if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
+            return 0;
+    }
+
+    switch (rctx->state) {
+    case OHS_HTTP_HEADER:
+        /* Last operation was adding headers: need a final \r\n */
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+        rctx->state = OHS_ASN1_WRITE_INIT;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE_INIT:
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        rctx->state = OHS_ASN1_WRITE;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE:
+        n = BIO_get_mem_data(rctx->mem, &p);
+
+        i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
+
+        if (i <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        rctx->asn1_len -= i;
+
+        if (rctx->asn1_len > 0)
+            goto next_io;
+
+        rctx->state = OHS_ASN1_FLUSH;
+
+        (void)BIO_reset(rctx->mem);
+
+        /* fall thru */
+    case OHS_ASN1_FLUSH:
+
+        i = BIO_flush(rctx->io);
+
+        if (i > 0) {
+            rctx->state = OHS_FIRSTLINE;
+            goto next_io;
+        }
+
+        if (BIO_should_retry(rctx->io))
+            return -1;
+
+        rctx->state = OHS_ERROR;
+        return 0;
+
+    case OHS_ERROR:
+        return 0;
+
+    case OHS_FIRSTLINE:
+    case OHS_HEADERS:
+
+        /* Attempt to read a line in */
+
+ next_line:
+        /*
+         * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check
+         * there's a complete line in there before calling BIO_gets or we'll
+         * just get a partial read.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if ((n <= 0) || !memchr(p, '\n', n)) {
+            if (n >= rctx->iobuflen) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            goto next_io;
+        }
+        n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->mem))
+                goto next_io;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Don't allow excessive lines */
+        if (n == rctx->iobuflen) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* First line */
+        if (rctx->state == OHS_FIRSTLINE) {
+            if (parse_http_line1((char *)rctx->iobuf)) {
+                rctx->state = OHS_HEADERS;
+                goto next_line;
+            } else {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+        } else {
+            /* Look for blank line: end of headers */
+            for (p = rctx->iobuf; *p; p++) {
+                if ((*p != '\r') && (*p != '\n'))
+                    break;
+            }
+            if (*p)
+                goto next_line;
+
+            rctx->state = OHS_ASN1_HEADER;
+
+        }
+
+        /* Fall thru */
+
+    case OHS_ASN1_HEADER:
+        /*
+         * Now reading ASN1 header: can read at least 2 bytes which is enough
+         * for ASN1 SEQUENCE header and either length field or at least the
+         * length of the length field.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if (n < 2)
+            goto next_io;
+
+        /* Check it is an ASN1 SEQUENCE */
+        if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Check out length field */
+        if (*p & 0x80) {
+            /*
+             * If MSB set on initial length octet we can now always read 6
+             * octets: make sure we have them.
+             */
+            if (n < 6)
+                goto next_io;
+            n = *p & 0x7F;
+            /* Not NDEF or excessive length */
+            if (!n || (n > 4)) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            p++;
+            rctx->asn1_len = 0;
+            for (i = 0; i < n; i++) {
+                rctx->asn1_len <<= 8;
+                rctx->asn1_len |= *p++;
+            }
+
+            if (rctx->asn1_len > rctx->max_resp_len) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+
+            rctx->asn1_len += n + 2;
+        } else
+            rctx->asn1_len = *p + 2;
+
+        rctx->state = OHS_ASN1_CONTENT;
+
+        /* Fall thru */
+
+    case OHS_ASN1_CONTENT:
+        n = BIO_get_mem_data(rctx->mem, NULL);
+        if (n < (int)rctx->asn1_len)
+            goto next_io;
+
+        rctx->state = OHS_DONE;
+        return 1;
+
+    case OHS_DONE:
+        return 1;
+
+    }
+
+    return 0;
+
+}
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)presp,
+                                 ASN1_ITEM_rptr(OCSP_RESPONSE));
+}
+
+/* Blocking OCSP request handler: now a special case of non-blocking I/O */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
+{
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_REQ_CTX *ctx;
+    int rv;
+
+    ctx = OCSP_sendreq_new(b, path, req, -1);
+
+    if (ctx == NULL)
+        return NULL;
+
+    do {
+        rv = OCSP_sendreq_nbio(&resp, ctx);
+    } while ((rv == -1) && BIO_should_retry(b));
+
+    OCSP_REQ_CTX_free(ctx);
+
+    if (rv)
+        return resp;
+
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_lcl.h b/openssl-1.1.0h/crypto/ocsp/ocsp_lcl.h
new file mode 100644
index 0000000..d1cf158
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_lcl.h
@@ -0,0 +1,232 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-  CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+struct ocsp_cert_id_st {
+    X509_ALGOR hashAlgorithm;
+    ASN1_OCTET_STRING issuerNameHash;
+    ASN1_OCTET_STRING issuerKeyHash;
+    ASN1_INTEGER serialNumber;
+};
+
+/*-  Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_one_request_st {
+    OCSP_CERTID *reqCert;
+    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+};
+
+/*-  TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_req_info_st {
+    ASN1_INTEGER *version;
+    GENERAL_NAME *requestorName;
+    STACK_OF(OCSP_ONEREQ) *requestList;
+    STACK_OF(X509_EXTENSION) *requestExtensions;
+};
+
+/*-  Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+struct ocsp_signature_st {
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-  OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+struct ocsp_request_st {
+    OCSP_REQINFO tbsRequest;
+    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+};
+
+/*-  OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+
+/*-  ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+struct ocsp_resp_bytes_st {
+    ASN1_OBJECT *responseType;
+    ASN1_OCTET_STRING *response;
+};
+
+/*-  OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+struct ocsp_response_st {
+    ASN1_ENUMERATED *responseStatus;
+    OCSP_RESPBYTES *responseBytes;
+};
+
+/*-  ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+struct ocsp_responder_id_st {
+    int type;
+    union {
+        X509_NAME *byName;
+        ASN1_OCTET_STRING *byKey;
+    } value;
+};
+
+/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*-  RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+struct ocsp_revoked_info_st {
+    ASN1_GENERALIZEDTIME *revocationTime;
+    ASN1_ENUMERATED *revocationReason;
+};
+
+/*-  CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+struct ocsp_cert_status_st {
+    int type;
+    union {
+        ASN1_NULL *good;
+        OCSP_REVOKEDINFO *revoked;
+        ASN1_NULL *unknown;
+    } value;
+};
+
+/*-  SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_single_response_st {
+    OCSP_CERTID *certId;
+    OCSP_CERTSTATUS *certStatus;
+    ASN1_GENERALIZEDTIME *thisUpdate;
+    ASN1_GENERALIZEDTIME *nextUpdate;
+    STACK_OF(X509_EXTENSION) *singleExtensions;
+};
+
+/*-  ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_response_data_st {
+    ASN1_INTEGER *version;
+    OCSP_RESPID responderId;
+    ASN1_GENERALIZEDTIME *producedAt;
+    STACK_OF(OCSP_SINGLERESP) *responses;
+    STACK_OF(X509_EXTENSION) *responseExtensions;
+};
+
+/*-  BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /*
+   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
+   * follows: "The value for the signature SHALL be computed on the hash of
+   * the DER encoding ResponseData." This means that you must hash the
+   * DER-encoded tbsResponseData, and then run it through a crypto-signing
+   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
+   * operation.  This seems a bit odd, but that's the spec.  Also note that
+   * the data structures do not leave anywhere to independently specify the
+   * algorithm used for the initial hash. So, we look at the
+   * signature-specification algorithm, and try to do something intelligent.
+   * -- Kathy Weinhold, CertCo
+   */
+  /*
+   * Note 2: It seems that the mentioned passage from RFC 2560 (section
+   * 4.2.1) is open for interpretation.  I've done tests against another
+   * responder, and found that it doesn't do the double hashing that the RFC
+   * seems to say one should.  Therefore, all relevant functions take a flag
+   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
+   * and CeloCom
+   */
+struct ocsp_basic_response_st {
+    OCSP_RESPDATA tbsResponseData;
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-
+ * CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+struct ocsp_crl_id_st {
+    ASN1_IA5STRING *crlUrl;
+    ASN1_INTEGER *crlNum;
+    ASN1_GENERALIZEDTIME *crlTime;
+};
+
+/*-
+ * ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+struct ocsp_service_locator_st {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+};
+
+#  define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                &(o)->optionalSignature->signatureAlgorithm,NULL,\
+                (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md)
+
+#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
+
+#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        &(a)->optionalSignature->signatureAlgorithm,\
+        (a)->optionalSignature->signature,&(a)->tbsRequest,r)
+
+#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r)
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_lib.c b/openssl-1.1.0h/crypto/ocsp/ocsp_lib.c
new file mode 100644
index 0000000..8edd70a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/asn1t.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer)
+{
+    X509_NAME *iname;
+    const ASN1_INTEGER *serial;
+    ASN1_BIT_STRING *ikey;
+    if (!dgst)
+        dgst = EVP_sha1();
+    if (subject) {
+        iname = X509_get_issuer_name(subject);
+        serial = X509_get0_serialNumber(subject);
+    } else {
+        iname = X509_get_subject_name(issuer);
+        serial = NULL;
+    }
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber)
+{
+    int nid;
+    unsigned int i;
+    X509_ALGOR *alg;
+    OCSP_CERTID *cid = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    if ((cid = OCSP_CERTID_new()) == NULL)
+        goto err;
+
+    alg = &cid->hashAlgorithm;
+    ASN1_OBJECT_free(alg->algorithm);
+    if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+        goto err;
+    }
+    if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
+        goto err;
+    if ((alg->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    alg->parameter->type = V_ASN1_NULL;
+
+    if (!X509_NAME_digest(issuerName, dgst, md, &i))
+        goto digerr;
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
+        goto err;
+
+    /* Calculate the issuerKey hash, excluding tag and length */
+    if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+        goto err;
+
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
+        goto err;
+
+    if (serialNumber) {
+        if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
+            goto err;
+    }
+    return cid;
+ digerr:
+    OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+ err:
+    OCSP_CERTID_free(cid);
+    return NULL;
+}
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+    int ret;
+    ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
+    if (ret)
+        return ret;
+    ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
+    if (ret)
+        return ret;
+    return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
+}
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+    int ret;
+    ret = OCSP_id_issuer_cmp(a, b);
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
+}
+
+/*
+ * Parse a URL and split it up into host, port and path components and
+ * whether it is SSL.
+ */
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl)
+{
+    char *p, *buf;
+
+    char *host, *port;
+
+    *phost = NULL;
+    *pport = NULL;
+    *ppath = NULL;
+
+    /* dup the buffer since we are going to mess with it */
+    buf = OPENSSL_strdup(url);
+    if (!buf)
+        goto mem_err;
+
+    /* Check for initial colon */
+    p = strchr(buf, ':');
+
+    if (!p)
+        goto parse_err;
+
+    *(p++) = '\0';
+
+    if (strcmp(buf, "http") == 0) {
+        *pssl = 0;
+        port = "80";
+    } else if (strcmp(buf, "https") == 0) {
+        *pssl = 1;
+        port = "443";
+    } else
+        goto parse_err;
+
+    /* Check for double slash */
+    if ((p[0] != '/') || (p[1] != '/'))
+        goto parse_err;
+
+    p += 2;
+
+    host = p;
+
+    /* Check for trailing part of path */
+
+    p = strchr(p, '/');
+
+    if (!p)
+        *ppath = OPENSSL_strdup("/");
+    else {
+        *ppath = OPENSSL_strdup(p);
+        /* Set start of path to 0 so hostname is valid */
+        *p = '\0';
+    }
+
+    if (!*ppath)
+        goto mem_err;
+
+    p = host;
+    if (host[0] == '[') {
+        /* ipv6 literal */
+        host++;
+        p = strchr(host, ']');
+        if (!p)
+            goto parse_err;
+        *p = '\0';
+        p++;
+    }
+
+    /* Look for optional ':' for port number */
+    if ((p = strchr(p, ':'))) {
+        *p = 0;
+        port = p + 1;
+    }
+
+    *pport = OPENSSL_strdup(port);
+    if (!*pport)
+        goto mem_err;
+
+    *phost = OPENSSL_strdup(host);
+
+    if (!*phost)
+        goto mem_err;
+
+    OPENSSL_free(buf);
+
+    return 1;
+
+ mem_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+ parse_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+ err:
+    OPENSSL_free(buf);
+    OPENSSL_free(*ppath);
+    *ppath = NULL;
+    OPENSSL_free(*pport);
+    *pport = NULL;
+    OPENSSL_free(*phost);
+    *phost = NULL;
+    return 0;
+
+}
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_prn.c b/openssl-1.1.0h/crypto/ocsp/ocsp_prn.c
new file mode 100644
index 0000000..5605812
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_prn.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+{
+    BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+    indent += 2;
+    BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
+    BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
+    BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
+    BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+    i2a_ASN1_INTEGER(bp, &a->serialNumber);
+    BIO_printf(bp, "\n");
+    return 1;
+}
+
+typedef struct {
+    long t;
+    const char *m;
+} OCSP_TBLSTR;
+
+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len; i++, ts++)
+        if (ts->t == s)
+            return ts->m;
+    return "(UNKNOWN)";
+}
+
+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
+
+const char *OCSP_response_status_str(long s)
+{
+    static const OCSP_TBLSTR rstat_tbl[] = {
+        {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
+        {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
+        {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
+        {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
+        {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+        {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+    };
+    return table2string(s, rstat_tbl);
+}
+
+const char *OCSP_cert_status_str(long s)
+{
+    static const OCSP_TBLSTR cstat_tbl[] = {
+        {V_OCSP_CERTSTATUS_GOOD, "good"},
+        {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+        {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+    };
+    return table2string(s, cstat_tbl);
+}
+
+const char *OCSP_crl_reason_str(long s)
+{
+    static const OCSP_TBLSTR reason_tbl[] = {
+        {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
+        {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
+        {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
+        {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
+        {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
+        {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
+        {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+        {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+    };
+    return table2string(s, reason_tbl);
+}
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
+{
+    int i;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_ONEREQ *one = NULL;
+    OCSP_REQINFO *inf = &o->tbsRequest;
+    OCSP_SIGNATURE *sig = o->optionalSignature;
+
+    if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
+        goto err;
+    l = ASN1_INTEGER_get(inf->version);
+    if (BIO_printf(bp, "    Version: %lu (0x%lx)", l + 1, l) <= 0)
+        goto err;
+    if (inf->requestorName != NULL) {
+        if (BIO_write(bp, "\n    Requestor Name: ", 21) <= 0)
+            goto err;
+        GENERAL_NAME_print(bp, inf->requestorName);
+    }
+    if (BIO_write(bp, "\n    Requestor List:\n", 21) <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
+        one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+        cid = one->reqCert;
+        ocsp_certid_print(bp, cid, 8);
+        if (!X509V3_extensions_print(bp,
+                                     "Request Single Extensions",
+                                     one->singleRequestExtensions, flags, 8))
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Request Extensions",
+                                 inf->requestExtensions, flags, 4))
+        goto err;
+    if (sig) {
+        X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
+        for (i = 0; i < sk_X509_num(sig->certs); i++) {
+            X509_print(bp, sk_X509_value(sig->certs, i));
+            PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
+        }
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
+{
+    int i, ret = 0;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPID *rid = NULL;
+    OCSP_RESPDATA *rd = NULL;
+    OCSP_CERTSTATUS *cst = NULL;
+    OCSP_REVOKEDINFO *rev = NULL;
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_RESPBYTES *rb = o->responseBytes;
+
+    if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
+        goto err;
+    l = ASN1_ENUMERATED_get(o->responseStatus);
+    if (BIO_printf(bp, "    OCSP Response Status: %s (0x%lx)\n",
+                   OCSP_response_status_str(l), l) <= 0)
+        goto err;
+    if (rb == NULL)
+        return 1;
+    if (BIO_puts(bp, "    Response Type: ") <= 0)
+        goto err;
+    if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+        goto err;
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        BIO_puts(bp, " (unknown response type)\n");
+        return 1;
+    }
+
+    if ((br = OCSP_response_get1_basic(o)) == NULL)
+        goto err;
+    rd = &br->tbsResponseData;
+    l = ASN1_INTEGER_get(rd->version);
+    if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
+        goto err;
+    if (BIO_puts(bp, "    Responder Id: ") <= 0)
+        goto err;
+
+    rid = &rd->responderId;
+    switch (rid->type) {
+    case V_OCSP_RESPID_NAME:
+        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+        break;
+    case V_OCSP_RESPID_KEY:
+        i2a_ASN1_STRING(bp, rid->value.byKey, 0);
+        break;
+    }
+
+    if (BIO_printf(bp, "\n    Produced At: ") <= 0)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
+        goto err;
+    if (BIO_printf(bp, "\n    Responses:\n") <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+        if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+            continue;
+        single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+        cid = single->certId;
+        if (ocsp_certid_print(bp, cid, 4) <= 0)
+            goto err;
+        cst = single->certStatus;
+        if (BIO_printf(bp, "    Cert Status: %s",
+                       OCSP_cert_status_str(cst->type)) <= 0)
+            goto err;
+        if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
+            rev = cst->value.revoked;
+            if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
+                goto err;
+            if (rev->revocationReason) {
+                l = ASN1_ENUMERATED_get(rev->revocationReason);
+                if (BIO_printf(bp,
+                               "\n    Revocation Reason: %s (0x%lx)",
+                               OCSP_crl_reason_str(l), l) <= 0)
+                    goto err;
+            }
+        }
+        if (BIO_printf(bp, "\n    This Update: ") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+            goto err;
+        if (single->nextUpdate) {
+            if (BIO_printf(bp, "\n    Next Update: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+        if (!X509V3_extensions_print(bp,
+                                     "Response Single Extensions",
+                                     single->singleExtensions, flags, 8))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Response Extensions",
+                                 rd->responseExtensions, flags, 4))
+        goto err;
+    if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
+        goto err;
+
+    for (i = 0; i < sk_X509_num(br->certs); i++) {
+        X509_print(bp, sk_X509_value(br->certs, i));
+        PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
+    }
+
+    ret = 1;
+ err:
+    OCSP_BASICRESP_free(br);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_srv.c b/openssl-1.1.0h/crypto/ocsp/ocsp_srv.c
new file mode 100644
index 0000000..46a4bf7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_srv.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+
+/*
+ * Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+{
+    return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
+}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+{
+    return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
+}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+{
+    return one->reqCert;
+}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+{
+    if (!cid)
+        return 0;
+    if (pmd)
+        *pmd = cid->hashAlgorithm.algorithm;
+    if (piNameHash)
+        *piNameHash = &cid->issuerNameHash;
+    if (pikeyHash)
+        *pikeyHash = &cid->issuerKeyHash;
+    if (pserial)
+        *pserial = &cid->serialNumber;
+    return 1;
+}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+{
+    if (req->optionalSignature)
+        return 1;
+    return 0;
+}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+{
+    OCSP_RESPONSE *rsp = NULL;
+
+    if ((rsp = OCSP_RESPONSE_new()) == NULL)
+        goto err;
+    if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
+        goto err;
+    if (!bs)
+        return rsp;
+    if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL)
+        goto err;
+    rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+    if (!ASN1_item_pack
+        (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+         goto err;
+    return rsp;
+ err:
+    OCSP_RESPONSE_free(rsp);
+    return NULL;
+}
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd)
+{
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_CERTSTATUS *cs;
+    OCSP_REVOKEDINFO *ri;
+
+    if (rsp->tbsResponseData.responses == NULL
+        && (rsp->tbsResponseData.responses
+                = sk_OCSP_SINGLERESP_new_null()) == NULL)
+        goto err;
+
+    if ((single = OCSP_SINGLERESP_new()) == NULL)
+        goto err;
+
+    if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+        goto err;
+    if (nextupd &&
+        !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+        goto err;
+
+    OCSP_CERTID_free(single->certId);
+
+    if ((single->certId = OCSP_CERTID_dup(cid)) == NULL)
+        goto err;
+
+    cs = single->certStatus;
+    switch (cs->type = status) {
+    case V_OCSP_CERTSTATUS_REVOKED:
+        if (!revtime) {
+            OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+            goto err;
+        }
+        if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
+            goto err;
+        if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+            goto err;
+        if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
+            if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL)
+                goto err;
+            if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
+                goto err;
+        }
+        break;
+
+    case V_OCSP_CERTSTATUS_GOOD:
+        if ((cs->value.good = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    case V_OCSP_CERTSTATUS_UNKNOWN:
+        if ((cs->value.unknown = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    default:
+        goto err;
+
+    }
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
+        goto err;
+    return single;
+ err:
+    OCSP_SINGLERESP_free(single);
+    return NULL;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+{
+    if (resp->certs == NULL
+        && (resp->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(resp->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    OCSP_RESPID *rid;
+
+    if (!X509_check_private_key(signer, key)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_basic_add1_cert(brsp, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            X509 *tmpcert = sk_X509_value(certs, i);
+            if (!OCSP_basic_add1_cert(brsp, tmpcert))
+                goto err;
+        }
+    }
+
+    rid = &brsp->tbsResponseData.responderId;
+    if (flags & OCSP_RESPID_KEY) {
+        if (!OCSP_RESPID_set_by_key(rid, signer))
+            goto err;
+    } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOTIME) &&
+        !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
+        goto err;
+
+    /*
+     * Right now, I think that not doing double hashing is the right thing.
+     * -- Richard Levitte
+     */
+
+    if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
+{
+    if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
+        return 0;
+
+    respid->type = V_OCSP_RESPID_NAME;
+
+    return 1;
+}
+
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)
+{
+    ASN1_OCTET_STRING *byKey = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* RFC2560 requires SHA1 */
+    if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+        return 0;
+
+    byKey = ASN1_OCTET_STRING_new();
+    if (byKey == NULL)
+        return 0;
+
+    if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
+        ASN1_OCTET_STRING_free(byKey);
+        return 0;
+    }
+
+    respid->type = V_OCSP_RESPID_KEY;
+    respid->value.byKey = byKey;
+
+    return 1;
+}
+
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
+{
+    if (respid->type == V_OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        if (respid->value.byKey == NULL)
+            return 0;
+
+        /* RFC2560 requires SHA1 */
+        if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+            return 0;
+
+        return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
+            && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
+                       SHA_DIGEST_LENGTH) == 0);
+    } else if(respid->type == V_OCSP_RESPID_NAME) {
+        if (respid->value.byName == NULL)
+            return 0;
+
+        return X509_NAME_cmp(respid->value.byName,
+                             X509_get_subject_name(cert)) == 0;
+    }
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/ocsp_vfy.c b/openssl-1.1.0h/crypto/ocsp/ocsp_vfy.c
new file mode 100644
index 0000000..9a8d343
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
+                          OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags)
+{
+    X509 *signer, *x;
+    STACK_OF(X509) *chain = NULL;
+    STACK_OF(X509) *untrusted = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
+    if (!ret) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto end;
+    }
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        if (skey == NULL) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
+            goto err;
+        }
+        ret = OCSP_BASICRESP_verify(bs, skey, 0);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto end;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN) {
+            untrusted = NULL;
+        } else if (bs->certs && certs) {
+            untrusted = sk_X509_dup(bs->certs);
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+                    goto f_err;
+                }
+            }
+        } else if (certs != NULL) {
+            untrusted = certs;
+        } else {
+            untrusted = bs->certs;
+        }
+        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+            goto f_err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        ret = X509_verify_cert(ctx);
+        chain = X509_STORE_CTX_get1_chain(ctx);
+        if (ret <= 0) {
+            i = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(i));
+            goto end;
+        }
+        if (flags & OCSP_NOCHECKS) {
+            ret = 1;
+            goto end;
+        }
+        /*
+         * At this point we have a valid certificate chain need to verify it
+         * against the OCSP issuer criteria.
+         */
+        ret = ocsp_check_issuer(bs, chain);
+
+        /* If fatal error or valid match then finish */
+        if (ret != 0)
+            goto end;
+
+        /*
+         * Easy case: explicitly trusted. Get root CA and check for explicit
+         * trust
+         */
+        if (flags & OCSP_NOEXPLICIT)
+            goto end;
+
+        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+            goto err;
+        }
+        ret = 1;
+    }
+ end:
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(chain, X509_free);
+    if (bs->certs && certs)
+        sk_X509_free(untrusted);
+    return ret;
+
+ err:
+    ret = 0;
+    goto end;
+ f_err:
+    ret = -1;
+    goto end;
+}
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs)
+{
+    int ret;
+
+    ret = ocsp_find_signer(signer, bs, extra_certs, 0);
+    return (ret > 0) ? 1 : 0;
+}
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags)
+{
+    X509 *signer;
+    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+    if ((signer = ocsp_find_signer_sk(certs, rid))) {
+        *psigner = signer;
+        return 2;
+    }
+    if (!(flags & OCSP_NOINTERN) &&
+        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
+        *psigner = signer;
+        return 1;
+    }
+    /* Maybe lookup from store if by subject name */
+
+    *psigner = NULL;
+    return 0;
+}
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+{
+    int i;
+    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+    X509 *x;
+
+    /* Easy if lookup by name */
+    if (id->type == V_OCSP_RESPID_NAME)
+        return X509_find_by_subject(certs, id->value.byName);
+
+    /* Lookup by key hash */
+
+    /* If key hash isn't SHA1 length then forget it */
+    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
+        return NULL;
+    keyhash = id->value.byKey->data;
+    /* Calculate hash of each key and compare */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+            return x;
+    }
+    return NULL;
+}
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
+{
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    X509 *signer, *sca;
+    OCSP_CERTID *caid = NULL;
+    int i;
+    sresp = bs->tbsResponseData.responses;
+
+    if (sk_X509_num(chain) <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+        return -1;
+    }
+
+    /* See if the issuer IDs match. */
+    i = ocsp_check_ids(sresp, &caid);
+
+    /* If ID mismatch or other error then return */
+    if (i <= 0)
+        return i;
+
+    signer = sk_X509_value(chain, 0);
+    /* Check to see if OCSP responder CA matches request CA */
+    if (sk_X509_num(chain) > 1) {
+        sca = sk_X509_value(chain, 1);
+        i = ocsp_match_issuerid(sca, caid, sresp);
+        if (i < 0)
+            return i;
+        if (i) {
+            /* We have a match, if extensions OK then success */
+            if (ocsp_check_delegated(signer))
+                return 1;
+            return 0;
+        }
+    }
+
+    /* Otherwise check if OCSP request signed directly by request CA */
+    return ocsp_match_issuerid(signer, caid, sresp);
+}
+
+/*
+ * Check the issuer certificate IDs for equality. If there is a mismatch with
+ * the same algorithm then there's no point trying to match any certificates
+ * against the issuer. If the issuer IDs all match then we just need to check
+ * equality against one of them.
+ */
+
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+{
+    OCSP_CERTID *tmpid, *cid;
+    int i, idcount;
+
+    idcount = sk_OCSP_SINGLERESP_num(sresp);
+    if (idcount <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+        return -1;
+    }
+
+    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+    *ret = NULL;
+
+    for (i = 1; i < idcount; i++) {
+        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+        /* Check to see if IDs match */
+        if (OCSP_id_issuer_cmp(cid, tmpid)) {
+            /* If algorithm mismatch let caller deal with it */
+            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+                        cid->hashAlgorithm.algorithm))
+                return 2;
+            /* Else mismatch */
+            return 0;
+        }
+    }
+
+    /* All IDs match: only need to check one ID */
+    *ret = cid;
+    return 1;
+}
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp)
+{
+    /* If only one ID to match then do it */
+    if (cid) {
+        const EVP_MD *dgst;
+        X509_NAME *iname;
+        int mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
+                == NULL) {
+            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+            return -1;
+        }
+
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+            return -1;
+        if ((cid->issuerNameHash.length != mdlen) ||
+            (cid->issuerKeyHash.length != mdlen))
+            return 0;
+        iname = X509_get_subject_name(cert);
+        if (!X509_NAME_digest(iname, dgst, md, NULL))
+            return -1;
+        if (memcmp(md, cid->issuerNameHash.data, mdlen))
+            return 0;
+        X509_pubkey_digest(cert, dgst, md, NULL);
+        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
+            return 0;
+
+        return 1;
+
+    } else {
+        /* We have to match the whole lot */
+        int i, ret;
+        OCSP_CERTID *tmpid;
+        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+            ret = ocsp_match_issuerid(cert, tmpid, NULL);
+            if (ret <= 0)
+                return ret;
+        }
+        return 1;
+    }
+
+}
+
+static int ocsp_check_delegated(X509 *x)
+{
+    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
+        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
+        return 1;
+    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+    return 0;
+}
+
+/*
+ * Verify an OCSP request. This is fortunately much easier than OCSP response
+ * verify. Just find the signers certificate and verify it against a given
+ * trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags)
+{
+    X509 *signer;
+    X509_NAME *nm;
+    GENERAL_NAME *gen;
+    int ret = 0;
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!req->optionalSignature) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+        goto err;
+    }
+    gen = req->tbsRequest.requestorName;
+    if (!gen || gen->type != GEN_DIRNAME) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+        goto err;
+    }
+    nm = gen->d.directoryName;
+    ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
+    if (ret <= 0) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        ret = OCSP_REQUEST_verify(req, skey);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto err;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN)
+            init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
+        else
+            init_res = X509_STORE_CTX_init(ctx, store, signer,
+                                           req->optionalSignature->certs);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+            goto err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
+        ret = X509_verify_cert(ctx);
+        if (ret <= 0) {
+            ret = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(ret));
+            goto err;
+        }
+    }
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+end:
+    X509_STORE_CTX_free(ctx);
+    return ret;
+
+}
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags)
+{
+    X509 *signer;
+    if (!(flags & OCSP_NOINTERN)) {
+        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+        if (signer) {
+            *psigner = signer;
+            return 1;
+        }
+    }
+
+    signer = X509_find_by_subject(certs, nm);
+    if (signer) {
+        *psigner = signer;
+        return 2;
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/ocsp/v3_ocsp.c b/openssl-1.1.0h/crypto/ocsp/v3_ocsp.c
new file mode 100644
index 0000000..2d425a8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ocsp/v3_ocsp.c
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/conf.h>
+# include <openssl/asn1.h>
+# include <openssl/ocsp.h>
+# include "ocsp_lcl.h"
+# include <openssl/x509v3.h>
+# include "../x509v3/ext_dat.h"
+
+/*
+ * OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                            BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                            void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ocsp_crlid = {
+    NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_crlid, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+    NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_invdate = {
+    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_hold = {
+    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_object, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nonce = {
+    NID_id_pkix_OCSP_Nonce, 0, NULL,
+    ocsp_nonce_new,
+    ocsp_nonce_free,
+    d2i_ocsp_nonce,
+    i2d_ocsp_nonce,
+    0, 0,
+    0, 0,
+    i2r_ocsp_nonce, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+    NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    0, s2i_ocsp_nocheck,
+    0, 0,
+    i2r_ocsp_nocheck, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+    NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_serviceloc, 0,
+    NULL
+};
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
+{
+    OCSP_CRLID *a = in;
+    if (a->crlUrl) {
+        if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlNum) {
+        if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+            goto err;
+        if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlTime) {
+        if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                            BIO *bp, int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+        return 0;
+    return 1;
+}
+
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP nonce. This is needs special treatment because it doesn't have an
+ * ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+    return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+    ASN1_OCTET_STRING *os = a;
+    if (pp) {
+        memcpy(*pp, os->data, os->length);
+        *pp += os->length;
+    }
+    return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+{
+    ASN1_OCTET_STRING *os, **pos;
+    pos = a;
+    if (pos == NULL || *pos == NULL) {
+        os = ASN1_OCTET_STRING_new();
+        if (os == NULL)
+            goto err;
+    } else {
+        os = *pos;
+    }
+    if (!ASN1_OCTET_STRING_set(os, *pp, length))
+        goto err;
+
+    *pp += length;
+
+    if (pos)
+        *pos = os;
+    return os;
+
+ err:
+    if ((pos == NULL) || (*pos != os))
+        ASN1_OCTET_STRING_free(os);
+    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+    ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0)
+        return 0;
+    if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+        return 0;
+    return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
+{
+    return 1;
+}
+
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind)
+{
+    int i;
+    OCSP_SERVICELOC *a = in;
+    ACCESS_DESCRIPTION *ad;
+
+    if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+        goto err;
+    if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+        goto err;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+        ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+        if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+            goto err;
+        if (BIO_puts(bp, " - ") <= 0)
+            goto err;
+        if (GENERAL_NAME_print(bp, ad->location) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/pariscid.pl b/openssl-1.1.0h/crypto/pariscid.pl
new file mode 100644
index 0000000..3d4a5f8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pariscid.pl
@@ -0,0 +1,263 @@
+#! /usr/bin/env perl
+# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$ST		="std";
+} else {
+	$LEVEL		="1.1";
+	$SIZE_T		=4;
+	$ST		="stw";
+}
+
+$rp="%r2";
+$sp="%r30";
+$rv="%r28";
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	OPENSSL_cpuid_setup,ENTRY
+	.ALIGN	8
+OPENSSL_cpuid_setup
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	bv	($rp)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	OPENSSL_rdtsc,ENTRY
+	.ALIGN	8
+OPENSSL_rdtsc
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	mfctl	%cr16,$rv
+	bv	($rp)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	OPENSSL_wipe_cpu,ENTRY
+	.ALIGN	8
+OPENSSL_wipe_cpu
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	xor		%r0,%r0,%r1
+	fcpy,dbl	%fr0,%fr4
+	xor		%r0,%r0,%r19
+	fcpy,dbl	%fr0,%fr5
+	xor		%r0,%r0,%r20
+	fcpy,dbl	%fr0,%fr6
+	xor		%r0,%r0,%r21
+	fcpy,dbl	%fr0,%fr7
+	xor		%r0,%r0,%r22
+	fcpy,dbl	%fr0,%fr8
+	xor		%r0,%r0,%r23
+	fcpy,dbl	%fr0,%fr9
+	xor		%r0,%r0,%r24
+	fcpy,dbl	%fr0,%fr10
+	xor		%r0,%r0,%r25
+	fcpy,dbl	%fr0,%fr11
+	xor		%r0,%r0,%r26
+	fcpy,dbl	%fr0,%fr22
+	xor		%r0,%r0,%r29
+	fcpy,dbl	%fr0,%fr23
+	xor		%r0,%r0,%r31
+	fcpy,dbl	%fr0,%fr24
+	fcpy,dbl	%fr0,%fr25
+	fcpy,dbl	%fr0,%fr26
+	fcpy,dbl	%fr0,%fr27
+	fcpy,dbl	%fr0,%fr28
+	fcpy,dbl	%fr0,%fr29
+	fcpy,dbl	%fr0,%fr30
+	fcpy,dbl	%fr0,%fr31
+	bv		($rp)
+	.EXIT
+	ldo		0($sp),$rv
+	.PROCEND
+___
+{
+my $inp="%r26";
+my $len="%r25";
+
+$code.=<<___;
+	.EXPORT	OPENSSL_cleanse,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_cleanse
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	cmpib,*=	0,$len,L\$done
+	nop
+	cmpib,*>>=	15,$len,L\$ittle
+	ldi		$SIZE_T-1,%r1
+
+L\$align
+	and,*<>		$inp,%r1,%r28
+	b,n		L\$aligned
+	stb		%r0,0($inp)
+	ldo		-1($len),$len
+	b		L\$align
+	ldo		1($inp),$inp
+
+L\$aligned
+	andcm		$len,%r1,%r28
+L\$ot
+	$ST		%r0,0($inp)
+	addib,*<>	-$SIZE_T,%r28,L\$ot
+	ldo		$SIZE_T($inp),$inp
+
+	and,*<>		$len,%r1,$len
+	b,n		L\$done
+L\$ittle
+	stb		%r0,0($inp)
+	addib,*<>	-1,$len,L\$ittle
+	ldo		1($inp),$inp
+L\$done
+	bv		($rp)
+	.EXIT
+	nop
+	.PROCEND
+___
+}
+{
+my ($in1,$in2,$len)=("%r26","%r25","%r24");
+
+$code.=<<___;
+	.EXPORT	CRYPTO_memcmp,ENTRY,ARGW0=GR,ARGW1=GR,ARGW1=GR
+	.ALIGN	8
+CRYPTO_memcmp
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	cmpib,*=	0,$len,L\$no_data
+	xor		$rv,$rv,$rv
+
+L\$oop_cmp
+	ldb		0($in1),%r19
+	ldb		0($in2),%r20
+	ldo		1($in1),$in1
+	ldo		1($in2),$in2
+	xor		%r19,%r20,%r29
+	addib,*<>	-1,$len,L\$oop_cmp
+	or		%r29,$rv,$rv
+
+	sub		%r0,$rv,%r29
+	extru		%r29,0,1,$rv
+L\$no_data
+	bv		($rp)
+	.EXIT
+	nop
+	.PROCEND
+___
+}
+{
+my ($out,$cnt,$max)=("%r26","%r25","%r24");
+my ($tick,$lasttick)=("%r23","%r22");
+my ($diff,$lastdiff)=("%r21","%r20");
+
+$code.=<<___;
+	.EXPORT	OPENSSL_instrument_bus,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_instrument_bus
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	copy		$cnt,$rv
+	mfctl		%cr16,$tick
+	copy		$tick,$lasttick
+	ldi		0,$diff
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+L\$oop
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	addib,<>	-1,$cnt,L\$oop
+	addi		4,$out,$out
+
+	bv		($rp)
+	.EXIT
+	sub		$rv,$cnt,$rv
+	.PROCEND
+
+	.EXPORT	OPENSSL_instrument_bus2,ENTRY,ARGW0=GR,ARGW1=GR
+	.ALIGN	8
+OPENSSL_instrument_bus2
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	copy		$cnt,$rv
+	sub		%r0,$cnt,$cnt
+
+	mfctl		%cr16,$tick
+	copy		$tick,$lasttick
+	ldi		0,$diff
+
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+L\$oop2
+	copy		$diff,$lastdiff
+	fdc		0($out)
+	ldw		0($out),$tick
+	add		$diff,$tick,$tick
+	stw		$tick,0($out)
+
+	addib,=		-1,$max,L\$done2
+	nop
+
+	mfctl		%cr16,$tick
+	sub		$tick,$lasttick,$diff
+	copy		$tick,$lasttick
+	cmpclr,<>	$lastdiff,$diff,$tick
+	ldi		1,$tick
+
+	ldi		1,%r1
+	xor		%r1,$tick,$tick
+	addb,<>		$tick,$cnt,L\$oop2
+	shladd,l	$tick,2,$out,$out
+L\$done2
+	bv		($rp)
+	.EXIT
+	add		$rv,$cnt,$rv
+	.PROCEND
+___
+}
+$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
+$code =~ s/,\*/,/gm		if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
+print $code;
+close STDOUT;
+
diff --git a/openssl-1.1.0h/crypto/pem/build.info b/openssl-1.1.0h/crypto/pem/build.info
new file mode 100644
index 0000000..357b328
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        pem_sign.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
diff --git a/openssl-1.1.0h/crypto/pem/pem_all.c b/openssl-1.1.0h/crypto/pem/pem_all.c
new file mode 100644
index 0000000..0e71813
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_all.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+#endif
+
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
+#endif
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+#ifndef OPENSSL_NO_RSA
+/*
+ * We treat RSA or DSA private keys as a special case. For private keys we
+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
+ * the relevant private key: this means can handle "traditional" and PKCS#8
+ * formats transparently.
+ */
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+    RSA *rtmp;
+    if (!key)
+        return NULL;
+    rtmp = EVP_PKEY_get1_RSA(key);
+    EVP_PKEY_free(key);
+    if (!rtmp)
+        return NULL;
+    if (rsa) {
+        RSA_free(*rsa);
+        *rsa = rtmp;
+    }
+    return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# ifndef OPENSSL_NO_STDIO
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# endif
+
+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
+                             RSAPrivateKey)
+
+
+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
+                       RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
+                                                      PEM_STRING_PUBLIC,
+                                                      RSA_PUBKEY)
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+    DSA *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_DSA(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (dsa) {
+        DSA_free(*dsa);
+        *dsa = dtmp;
+    }
+    return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
+                             DSAPrivateKey)
+    IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+# endif
+
+IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+#endif
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
+{
+    EC_KEY *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_EC_KEY(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (eckey) {
+        EC_KEY_free(*eckey);
+        *eckey = dtmp;
+    }
+    return dtmp;
+}
+
+EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+                                  void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, key); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
+                       ECPKParameters)
+
+
+IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+                       ECPrivateKey)
+IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+                              void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
+}
+
+# endif
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+    IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
+#endif
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/openssl-1.1.0h/crypto/pem/pem_err.c b/openssl-1.1.0h/crypto/pem/pem_err.c
new file mode 100644
index 0000000..f36d893
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_err.c
@@ -0,0 +1,115 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+
+static ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"},
+    {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
+    {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"},
+    {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"},
+    {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"},
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+    {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"},
+    {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"},
+    {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"},
+    {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"},
+    {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"},
+    {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"},
+    {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
+    {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
+    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"},
+    {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"},
+    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"},
+    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+     "error converting private key"},
+    {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+     "expecting private key blob"},
+    {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+     "expecting public key blob"},
+    {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
+    {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+     "keyblob header parse error"},
+    {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"},
+    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
+    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
+     "problems getting password"},
+    {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_REASON(PEM_R_READ_KEY), "read key"},
+    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
+    {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+     "unsupported key components"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PEM_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PEM_str_functs);
+        ERR_load_strings(0, PEM_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pem/pem_info.c b/openssl-1.1.0h/crypto/pem/pem_info.c
new file mode 100644
index 0000000..78d4476
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_info.c
@@ -0,0 +1,334 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    STACK_OF(X509_INFO) *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u)
+{
+    X509_INFO *xi = NULL;
+    char *name = NULL, *header = NULL;
+    void *pp;
+    unsigned char *data = NULL;
+    const unsigned char *p;
+    long len, error = 0;
+    int ok = 0;
+    STACK_OF(X509_INFO) *ret = NULL;
+    unsigned int i, raw, ptype;
+    d2i_of_void *d2i = 0;
+
+    if (sk == NULL) {
+        if ((ret = sk_X509_INFO_new_null()) == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = sk;
+
+    if ((xi = X509_INFO_new()) == NULL)
+        goto err;
+    for (;;) {
+        raw = 0;
+        ptype = 0;
+        i = PEM_read_bio(bp, &name, &header, &data, &len);
+        if (i == 0) {
+            error = ERR_GET_REASON(ERR_peek_last_error());
+            if (error == PEM_R_NO_START_LINE) {
+                ERR_clear_error();
+                break;
+            }
+            goto err;
+        }
+ start:
+        if ((strcmp(name, PEM_STRING_X509) == 0) ||
+            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509_AUX;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+            d2i = (D2I_OF(void)) d2i_X509_CRL;
+            if (xi->crl != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->crl);
+        } else
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(name, PEM_STRING_RSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_RSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(name, PEM_STRING_DSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_DSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_EC;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+        {
+            d2i = NULL;
+            pp = NULL;
+        }
+
+        if (d2i != NULL) {
+            if (!raw) {
+                EVP_CIPHER_INFO cipher;
+
+                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+                    goto err;
+                if (!PEM_do_header(&cipher, data, &len, cb, u))
+                    goto err;
+                p = data;
+                if (ptype) {
+                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                        goto err;
+                    }
+                } else if (d2i(pp, &p, len) == NULL) {
+                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                    goto err;
+                }
+            } else {            /* encrypted RSA data */
+                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+                    goto err;
+                xi->enc_data = (char *)data;
+                xi->enc_len = (int)len;
+                data = NULL;
+            }
+        } else {
+            /* unknown */
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(data);
+        data = NULL;
+    }
+
+    /*
+     * if the last one hasn't been pushed yet and there is anything in it
+     * then add it to the stack ...
+     */
+    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
+        if (!sk_X509_INFO_push(ret, xi))
+            goto err;
+        xi = NULL;
+    }
+    ok = 1;
+ err:
+    X509_INFO_free(xi);
+    if (!ok) {
+        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
+            xi = sk_X509_INFO_value(ret, i);
+            X509_INFO_free(xi);
+        }
+        if (ret != sk)
+            sk_X509_INFO_free(ret);
+        ret = NULL;
+    }
+
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(data);
+    return (ret);
+}
+
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    int i, ret = 0;
+    unsigned char *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char *iv = NULL;
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    /*
+     * now for the fun part ... if we have a private key then we have to be
+     * able to handle a not-yet-decrypted key being written out correctly ...
+     * if it is decrypted or it is non-encrypted then we use the base code
+     */
+    if (xi->x_pkey != NULL) {
+        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
+            if (enc == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
+                goto err;
+            }
+
+            /* copy from weirdo names into more normal things */
+            iv = xi->enc_cipher.iv;
+            data = (unsigned char *)xi->enc_data;
+            i = xi->enc_len;
+
+            /*
+             * we take the encryption data from the internal stuff rather
+             * than what the user has passed us ... as we have to match
+             * exactly for some strange reason
+             */
+            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+            if (objstr == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
+                       PEM_R_UNSUPPORTED_CIPHER);
+                goto err;
+            }
+
+            /* create the right magic header stuff */
+            OPENSSL_assert(strlen(objstr) + 23
+                           + 2 * EVP_CIPHER_iv_length(enc) + 13 <=
+                           sizeof(buf));
+            buf[0] = '\0';
+            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
+                         (char *)iv);
+
+            /* use the normal code to write things out */
+            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
+            if (i <= 0)
+                goto err;
+        } else {
+            /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+            /* normal optionally encrypted stuff */
+            if (PEM_write_bio_RSAPrivateKey(bp,
+                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
+                                            enc, kstr, klen, cb, u) <= 0)
+                goto err;
+#endif
+        }
+    }
+
+    /* if we have a certificate then write it out now */
+    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+        goto err;
+
+    /*
+     * we are ignoring anything else that is loaded into the X509_INFO
+     * structure for the moment ... as I don't need it so I'm not coding it
+     * here and Eric can do it when this makes it into the base library --tjh
+     */
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/pem/pem_lib.c b/openssl-1.1.0h/crypto/pem/pem_lib.c
new file mode 100644
index 0000000..e9202f4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_lib.c
@@ -0,0 +1,857 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include "internal/asn1_int.h"
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#define MIN_LENGTH      4
+
+static int load_iv(char **fromp, unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+int PEM_def_callback(char *buf, int num, int w, void *key)
+{
+#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
+    int i;
+#else
+    int i, j;
+    const char *prompt;
+#endif
+
+    if (key) {
+        i = strlen(key);
+        i = (i > num) ? num : i;
+        memcpy(buf, key, i);
+        return i;
+    }
+
+#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
+    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return -1;
+#else
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL)
+        prompt = "Enter PEM pass phrase:";
+
+    for (;;) {
+        /*
+         * We assume that w == 0 means decryption,
+         * while w == 1 means encryption
+         */
+        int min_len = w ? MIN_LENGTH : 0;
+
+        i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
+        if (i != 0) {
+            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+            memset(buf, 0, (unsigned int)num);
+            return -1;
+        }
+        j = strlen(buf);
+        if (min_len && j < min_len) {
+            fprintf(stderr,
+                    "phrase is too short, needs to be at least %d chars\n",
+                    min_len);
+        } else
+            break;
+    }
+    return j;
+#endif
+}
+
+void PEM_proc_type(char *buf, int type)
+{
+    const char *str;
+
+    if (type == PEM_TYPE_ENCRYPTED)
+        str = "ENCRYPTED";
+    else if (type == PEM_TYPE_MIC_CLEAR)
+        str = "MIC-CLEAR";
+    else if (type == PEM_TYPE_MIC_ONLY)
+        str = "MIC-ONLY";
+    else
+        str = "BAD-TYPE";
+
+    OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, str, PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE);
+}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+{
+    static const unsigned char map[17] = "0123456789ABCDEF";
+    long i;
+    int j;
+
+    OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
+    OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
+    j = strlen(buf);
+    if (j + (len * 2) + 1 > PEM_BUFSIZE)
+        return;
+    for (i = 0; i < len; i++) {
+        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
+        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
+    }
+    buf[j + i * 2] = '\n';
+    buf[j + i * 2 + 1] = '\0';
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+    /* Normal matching nm and name */
+    if (strcmp(nm, name) == 0)
+        return 1;
+
+    /* Make PEM_STRING_EVP_PKEY match any private key */
+
+    if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (strcmp(nm, PEM_STRING_PKCS8) == 0)
+            return 1;
+        if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
+            return 1;
+        slen = pem_check_suffix(nm, "PRIVATE KEY");
+        if (slen > 0) {
+            /*
+             * NB: ENGINE implementations won't contain a deprecated old
+             * private key decode function so don't look for them.
+             */
+            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+            if (ameth && ameth->old_priv_decode)
+                return 1;
+        }
+        return 0;
+    }
+
+    if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        slen = pem_check_suffix(nm, "PARAMETERS");
+        if (slen > 0) {
+            ENGINE *e;
+            ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+            if (ameth) {
+                int r;
+                if (ameth->param_decode)
+                    r = 1;
+                else
+                    r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                ENGINE_finish(e);
+#endif
+                return r;
+            }
+        }
+        return 0;
+    }
+    /* If reading DH parameters handle X9.42 DH format too */
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
+        && strcmp(name, PEM_STRING_DHPARAMS) == 0)
+        return 1;
+
+    /* Permit older strings */
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_REQ) == 0)
+        return 1;
+
+    /* Allow normal certs to be read as trusted certs */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    /* Some CAs use PKCS#7 with CERTIFICATE headers */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+#ifndef OPENSSL_NO_CMS
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+    /* Allow CMS to be read from PKCS#7 headers */
+    if (strcmp(nm, PEM_STRING_PKCS7) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+#endif
+
+    return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u)
+{
+    EVP_CIPHER_INFO cipher;
+    char *nm = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int ret = 0;
+
+    for (;;) {
+        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+                ERR_add_error_data(2, "Expecting: ", name);
+            return 0;
+        }
+        if (check_pem(nm, name))
+            break;
+        OPENSSL_free(nm);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
+    }
+    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+        goto err;
+    if (!PEM_do_header(&cipher, data, &len, cb, u))
+        goto err;
+
+    *pdata = data;
+    *plen = len;
+
+    if (pnm)
+        *pnm = nm;
+
+    ret = 1;
+
+ err:
+    if (!ret || !pnm)
+        OPENSSL_free(nm);
+    OPENSSL_free(header);
+    if (!ret)
+        OPENSSL_free(data);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       int klen, pem_password_cb *callback, void *u)
+{
+    EVP_CIPHER_CTX *ctx = NULL;
+    int dsize = 0, i = 0, j = 0, ret = 0;
+    unsigned char *p, *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    if ((dsize = i2d(x, NULL)) < 0) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+        dsize = 0;
+        goto err;
+    }
+    /* dsize + 8 bytes are needed */
+    /* actually it needs the cipher block size extra... */
+    data = OPENSSL_malloc((unsigned int)dsize + 20);
+    if (data == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = data;
+    i = i2d(x, &p);
+
+    if (enc != NULL) {
+        if (kstr == NULL) {
+            if (callback == NULL)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+                goto err;
+            }
+#ifdef CHARSET_EBCDIC
+            /* Convert the pass phrase from EBCDIC */
+            ebcdic2ascii(buf, buf, klen);
+#endif
+            kstr = (unsigned char *)buf;
+        }
+        RAND_add(data, i, 0);   /* put in the RSA key. */
+        OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv));
+        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
+            goto err;
+        /*
+         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
+         * the BytesToKey function
+         */
+        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
+            goto err;
+
+        if (kstr == (unsigned char *)buf)
+            OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+        OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13
+                       <= sizeof(buf));
+
+        buf[0] = '\0';
+        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
+        /* k=strlen(buf); */
+
+        ret = 1;
+        if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
+            ret = 0;
+        if (ret == 0)
+            goto err;
+        i += j;
+    } else {
+        ret = 1;
+        buf[0] = '\0';
+    }
+    i = PEM_write_bio(bp, name, buf, data, i);
+    if (i <= 0)
+        ret = 0;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    OPENSSL_clear_free(data, (unsigned int)dsize);
+    return (ret);
+}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+                  pem_password_cb *callback, void *u)
+{
+    int ok;
+    int keylen;
+    long len = *plen;
+    int ilen = (int) len;       /* EVP_DecryptUpdate etc. take int lengths */
+    EVP_CIPHER_CTX *ctx;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    char buf[PEM_BUFSIZE];
+
+#if LONG_MAX > INT_MAX
+    /* Check that we did not truncate the length */
+    if (len > INT_MAX) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
+        return 0;
+    }
+#endif
+
+    if (cipher->cipher == NULL)
+        return 1;
+    if (callback == NULL)
+        keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+    else
+        keylen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (keylen <= 0) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+        return 0;
+    }
+#ifdef CHARSET_EBCDIC
+    /* Convert the pass phrase from EBCDIC */
+    ebcdic2ascii(buf, buf, keylen);
+#endif
+
+    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+                        (unsigned char *)buf, keylen, 1, key, NULL))
+        return 0;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    if (ok)
+        ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
+    if (ok) {
+        /* Squirrel away the length of data decrypted so far. */
+        *plen = ilen;
+        ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
+    }
+    if (ok)
+        *plen += ilen;
+    else
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse((char *)buf, sizeof(buf));
+    OPENSSL_cleanse((char *)key, sizeof(key));
+    return ok;
+}
+
+/*
+ * This implements a very limited PEM header parser that does not support the
+ * full grammar of rfc1421.  In particular, folded headers are not supported,
+ * nor is additional whitespace.
+ *
+ * A robust implementation would make use of a library that turns the headers
+ * into a BIO from which one folded line is read at a time, and is then split
+ * into a header label and content.  We would then parse the content of the
+ * headers we care about.  This is overkill for just this limited use-case, but
+ * presumably we also parse rfc822-style headers for S/MIME, so a common
+ * abstraction might well be more generally useful.
+ */
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+{
+    static const char ProcType[] = "Proc-Type:";
+    static const char ENCRYPTED[] = "ENCRYPTED";
+    static const char DEKInfo[] = "DEK-Info:";
+    const EVP_CIPHER *enc = NULL;
+    int ivlen;
+    char *dekinfostart, c;
+
+    cipher->cipher = NULL;
+    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+        return 1;
+
+    if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+        return 0;
+    }
+    header += sizeof(ProcType)-1;
+    header += strspn(header, " \t");
+
+    if (*header++ != '4' || *header++ != ',')
+        return 0;
+    header += strspn(header, " \t");
+
+    /* We expect "ENCRYPTED" followed by optional white-space + line break */
+    if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
+        strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+        return 0;
+    }
+    header += sizeof(ENCRYPTED)-1;
+    header += strspn(header, " \t\r");
+    if (*header++ != '\n') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+        return 0;
+    }
+
+    /*-
+     * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
+     * We expect "DEK-Info: algo[,hex-parameters]"
+     */
+    if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+        return 0;
+    }
+    header += sizeof(DEKInfo)-1;
+    header += strspn(header, " \t");
+
+    /*
+     * DEK-INFO is a comma-separated combination of algorithm name and optional
+     * parameters.
+     */
+    dekinfostart = header;
+    header += strcspn(header, " \t,");
+    c = *header;
+    *header = '\0';
+    cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
+    *header = c;
+    header += strspn(header, " \t");
+
+    if (enc == NULL) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+        return 0;
+    }
+    ivlen = EVP_CIPHER_iv_length(enc);
+    if (ivlen > 0 && *header++ != ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
+        return 0;
+    } else if (ivlen == 0 && *header == ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
+        return 0;
+    }
+
+    if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+        return 0;
+
+    return 1;
+}
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+{
+    int v, i;
+    char *from;
+
+    from = *fromp;
+    for (i = 0; i < num; i++)
+        to[i] = 0;
+    num *= 2;
+    for (i = 0; i < num; i++) {
+        v = OPENSSL_hexchar2int(*from);
+        if (v < 0) {
+            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+            return (0);
+        }
+        from++;
+        to[i / 2] |= v << (long)((!(i & 1)) * 4);
+    }
+
+    *fromp = from;
+    return (1);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_write(FILE *fp, const char *name, const char *header,
+              const unsigned char *data, long len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_write_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                  const unsigned char *data, long len)
+{
+    int nlen, n, i, j, outl;
+    unsigned char *buf = NULL;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int reason = ERR_R_BUF_LIB;
+
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    EVP_EncodeInit(ctx);
+    nlen = strlen(name);
+
+    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+
+    i = strlen(header);
+    if (i > 0) {
+        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+            goto err;
+    }
+
+    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    if (buf == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    i = j = 0;
+    while (len > 0) {
+        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+        if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
+            goto err;
+        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+            goto err;
+        i += outl;
+        len -= n;
+        j += n;
+    }
+    EVP_EncodeFinal(ctx, buf, &outl);
+    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+        goto err;
+    if ((BIO_write(bp, "-----END ", 9) != 9) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    EVP_ENCODE_CTX_free(ctx);
+    return (i + outl);
+ err:
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    EVP_ENCODE_CTX_free(ctx);
+    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    return (0);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
+    char buf[256];
+    BUF_MEM *nameB;
+    BUF_MEM *headerB;
+    BUF_MEM *dataB, *tmpB;
+
+    if (ctx == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    nameB = BUF_MEM_new();
+    headerB = BUF_MEM_new();
+    dataB = BUF_MEM_new();
+    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
+        goto err;
+    }
+
+    buf[254] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+
+        if (i <= 0) {
+            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+            goto err;
+        }
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
+            i = strlen(&(buf[11]));
+
+            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
+                continue;
+            if (!BUF_MEM_grow(nameB, i + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(nameB->data, &(buf[11]), i - 6);
+            nameB->data[i - 6] = '\0';
+            break;
+        }
+    }
+    hl = 0;
+    if (!BUF_MEM_grow(headerB, 256)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    headerB->data[0] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+        if (i <= 0)
+            break;
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (buf[0] == '\n')
+            break;
+        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
+            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (strncmp(buf, "-----END ", 9) == 0) {
+            nohead = 1;
+            break;
+        }
+        memcpy(&(headerB->data[hl]), buf, i);
+        headerB->data[hl + i] = '\0';
+        hl += i;
+    }
+
+    bl = 0;
+    if (!BUF_MEM_grow(dataB, 1024)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    dataB->data[0] = '\0';
+    if (!nohead) {
+        for (;;) {
+            i = BIO_gets(bp, buf, 254);
+            if (i <= 0)
+                break;
+
+            while ((i >= 0) && (buf[i] <= ' '))
+                i--;
+            buf[++i] = '\n';
+            buf[++i] = '\0';
+
+            if (i != 65)
+                end = 1;
+            if (strncmp(buf, "-----END ", 9) == 0)
+                break;
+            if (i > 65)
+                break;
+            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(&(dataB->data[bl]), buf, i);
+            dataB->data[bl + i] = '\0';
+            bl += i;
+            if (end) {
+                buf[0] = '\0';
+                i = BIO_gets(bp, buf, 254);
+                if (i <= 0)
+                    break;
+
+                while ((i >= 0) && (buf[i] <= ' '))
+                    i--;
+                buf[++i] = '\n';
+                buf[++i] = '\0';
+
+                break;
+            }
+        }
+    } else {
+        tmpB = headerB;
+        headerB = dataB;
+        dataB = tmpB;
+        bl = hl;
+    }
+    i = strlen(nameB->data);
+    if ((strncmp(buf, "-----END ", 9) != 0) ||
+        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
+        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
+        goto err;
+    }
+
+    EVP_DecodeInit(ctx);
+    i = EVP_DecodeUpdate(ctx,
+                         (unsigned char *)dataB->data, &bl,
+                         (unsigned char *)dataB->data, bl);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    bl += k;
+
+    if (bl == 0)
+        goto err;
+    *name = nameB->data;
+    *header = headerB->data;
+    *data = (unsigned char *)dataB->data;
+    *len = bl;
+    OPENSSL_free(nameB);
+    OPENSSL_free(headerB);
+    OPENSSL_free(dataB);
+    EVP_ENCODE_CTX_free(ctx);
+    return (1);
+ err:
+    BUF_MEM_free(nameB);
+    BUF_MEM_free(headerB);
+    BUF_MEM_free(dataB);
+    EVP_ENCODE_CTX_free(ctx);
+    return (0);
+}
+
+/*
+ * Check pem string and return prefix length. If for example the pem_str ==
+ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
+ * string "RSA".
+ */
+
+int pem_check_suffix(const char *pem_str, const char *suffix)
+{
+    int pem_len = strlen(pem_str);
+    int suffix_len = strlen(suffix);
+    const char *p;
+    if (suffix_len + 1 >= pem_len)
+        return 0;
+    p = pem_str + pem_len - suffix_len;
+    if (strcmp(p, suffix))
+        return 0;
+    p--;
+    if (*p != ' ')
+        return 0;
+    return p - pem_str;
+}
diff --git a/openssl-1.1.0h/crypto/pem/pem_oth.c b/openssl-1.1.0h/crypto/pem/pem_oth.c
new file mode 100644
index 0000000..cc7a8db
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_oth.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u)
+{
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    char *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+        return NULL;
+    p = data;
+    ret = d2i(x, &p, len);
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+    OPENSSL_free(data);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/pem/pem_pk8.c b/openssl-1.1.0h/crypto/pem/pem_pk8.c
new file mode 100644
index 0000000..5caad9f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_pk8.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+                      int nid, const EVP_CIPHER *enc,
+                      char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+                         int nid, const EVP_CIPHER *enc,
+                         char *kstr, int klen, pem_password_cb *cb, void *u);
+#endif
+/*
+ * These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
+                      const EVP_CIPHER *enc, char *kstr, int klen,
+                      pem_password_cb *cb, void *u)
+{
+    X509_SIG *p8;
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    char buf[PEM_BUFSIZE];
+    int ret;
+
+    if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+        return 0;
+    }
+    if (enc || (nid != -1)) {
+        if (!kstr) {
+            if (!cb)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = cb(buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return 0;
+            }
+
+            kstr = buf;
+        }
+        p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+        if (kstr == buf)
+            OPENSSL_cleanse(buf, klen);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if (p8 == NULL)
+            return 0;
+        if (isder)
+            ret = i2d_PKCS8_bio(bp, p8);
+        else
+            ret = PEM_write_bio_PKCS8(bp, p8);
+        X509_SIG_free(p8);
+        return ret;
+    } else {
+        if (isder)
+            ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+        else
+            ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+    }
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    int klen;
+    EVP_PKEY *ret;
+    char psbuf[PEM_BUFSIZE];
+    p8 = d2i_PKCS8_bio(bp, NULL);
+    if (!p8)
+        return NULL;
+    if (cb)
+        klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+    else
+        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+    if (klen <= 0) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+        X509_SIG_free(p8);
+        return NULL;
+    }
+    p8inf = PKCS8_decrypt(p8, psbuf, klen);
+    X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
+    if (!p8inf)
+        return NULL;
+    ret = EVP_PKCS82PKEY(p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    if (!ret)
+        return NULL;
+    if (x) {
+        EVP_PKEY_free(*x);
+        *x = ret;
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb,
+                              void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
+                         const EVP_CIPHER *enc, char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *bp;
+    int ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u)
+{
+    BIO *bp;
+    EVP_PKEY *ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+
+
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+             PKCS8_PRIV_KEY_INFO)
diff --git a/openssl-1.1.0h/crypto/pem/pem_pkey.c b/openssl-1.1.0h/crypto/pem/pem_pkey.c
new file mode 100644
index 0000000..671b374
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_pkey.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        X509_SIG *p8;
+        int klen;
+        char psbuf[PEM_BUFSIZE];
+        p8 = d2i_X509_SIG(NULL, &p, len);
+        if (!p8)
+            goto p8err;
+        if (cb)
+            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (klen <= 0) {
+            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
+            X509_SIG_free(p8);
+            goto err;
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+        if (!ameth || !ameth->old_priv_decode)
+            goto p8err;
+        ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+    }
+ p8err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+ err:
+    OPENSSL_free(nm);
+    OPENSSL_clear_free(data, len);
+    return (ret);
+}
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u)
+{
+    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
+        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                             (char *)kstr, klen, cb, u);
+    return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u)
+{
+    char pem_str[80];
+    BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                              pem_str, bp, x, enc, kstr, klen, cb, u);
+}
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
+                            bp, 0, NULL))
+        return NULL;
+    p = data;
+
+    if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
+        ret = EVP_PKEY_new();
+        if (ret == NULL)
+            goto err;
+        if (!EVP_PKEY_set_type_str(ret, nm, slen)
+            || !ret->ameth->param_decode
+            || !ret->ameth->param_decode(ret, &p, len)) {
+            EVP_PKEY_free(ret);
+            ret = NULL;
+            goto err;
+        }
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+    }
+ err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return (ret);
+}
+
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
+{
+    char pem_str[80];
+    if (!x->ameth || !x->ameth->param_encode)
+        return 0;
+
+    BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
+                              pem_str, bp, x, NULL, NULL, 0, 0, NULL);
+}
+
+#ifndef OPENSSL_NO_STDIO
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                              void *u)
+{
+    BIO *b;
+    EVP_PKEY *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_PrivateKey(b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
+
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
+    BIO_free(b);
+    return ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+/* Transparently read in PKCS#3 or X9.42 DH parameters */
+
+DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    DH *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0)
+        ret = d2i_DHxparams(x, &p, len);
+    else
+        ret = d2i_DHparams(x, &p, len);
+
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_STDIO
+DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    DH *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_DHparams(b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/pem/pem_sign.c b/openssl-1.1.0h/crypto/pem/pem_sign.c
new file mode 100644
index 0000000..12ad974
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_sign.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+{
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+    return EVP_DigestUpdate(ctx, data, count);
+}
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char *m;
+    int i, ret = 0;
+    unsigned int m_len;
+
+    m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+    if (m == NULL) {
+        PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
+        goto err;
+
+    i = EVP_EncodeBlock(sigret, m, m_len);
+    *siglen = i;
+    ret = 1;
+ err:
+    /* ctx has been zeroed by EVP_SignFinal() */
+    OPENSSL_free(m);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/pem/pem_x509.c b/openssl-1.1.0h/crypto/pem/pem_x509.c
new file mode 100644
index 0000000..3a99756
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_x509.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
diff --git a/openssl-1.1.0h/crypto/pem/pem_xaux.c b/openssl-1.1.0h/crypto/pem/pem_xaux.c
new file mode 100644
index 0000000..6d7e1db
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pem_xaux.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/openssl-1.1.0h/crypto/pem/pvkfmt.c b/openssl-1.1.0h/crypto/pem/pvkfmt.c
new file mode 100644
index 0000000..d0a4239
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pem/pvkfmt.c
@@ -0,0 +1,881 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+# include <openssl/dsa.h>
+# include <openssl/rsa.h>
+
+/*
+ * Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+
+static unsigned int read_ledword(const unsigned char **in)
+{
+    const unsigned char *p = *in;
+    unsigned int ret;
+    ret = *p++;
+    ret |= (*p++ << 8);
+    ret |= (*p++ << 16);
+    ret |= (*p++ << 24);
+    *in = p;
+    return ret;
+}
+
+/*
+ * Read a BIGNUM in little endian format. The docs say that this should take
+ * up bitlen/8 bytes.
+ */
+
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+{
+    *r = BN_lebin2bn(*in, nbyte, NULL);
+    if (*r == NULL)
+        return 0;
+    *in += nbyte;
+    return 1;
+}
+
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+
+# define MS_PUBLICKEYBLOB        0x6
+# define MS_PRIVATEKEYBLOB       0x7
+# define MS_RSA1MAGIC            0x31415352L
+# define MS_RSA2MAGIC            0x32415352L
+# define MS_DSS1MAGIC            0x31535344L
+# define MS_DSS2MAGIC            0x32535344L
+
+# define MS_KEYALG_RSA_KEYX      0xa400
+# define MS_KEYALG_DSS_SIGN      0x2200
+
+# define MS_KEYTYPE_KEYX         0x1
+# define MS_KEYTYPE_SIGN         0x2
+
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH          102400
+
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+# define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+# define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                          unsigned int *pmagic, unsigned int *pbitlen,
+                          int *pisdss, int *pispub)
+{
+    const unsigned char *p = *in;
+    if (length < 16)
+        return 0;
+    /* bType */
+    if (*p == MS_PUBLICKEYBLOB) {
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 1;
+    } else if (*p == MS_PRIVATEKEYBLOB) {
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 0;
+    } else
+        return 0;
+    p++;
+    /* Version */
+    if (*p++ != 0x2) {
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+        return 0;
+    }
+    /* Ignore reserved, aiKeyAlg */
+    p += 6;
+    *pmagic = read_ledword(&p);
+    *pbitlen = read_ledword(&p);
+    *pisdss = 0;
+    switch (*pmagic) {
+
+    case MS_DSS1MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA1MAGIC:
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    case MS_DSS2MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA2MAGIC:
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    default:
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+        return -1;
+    }
+    *in = p;
+    return 1;
+}
+
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+{
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    if (isdss) {
+
+        /*
+         * Expected length: 20 for q + 3 components bitlen each + 24 for seed
+         * structure.
+         */
+        if (ispub)
+            return 44 + 3 * nbyte;
+        /*
+         * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
+         * structure.
+         */
+        else
+            return 64 + 2 * nbyte;
+    } else {
+        /* Expected length: 4 for 'e' + 'n' */
+        if (ispub)
+            return 4 + nbyte;
+        else
+            /*
+             * Expected length: 4 for 'e' and 7 other components. 2
+             * components are bitlen size, 5 are bitlen/2
+             */
+            return 4 + 2 * nbyte + 5 * hnbyte;
+    }
+
+}
+
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                        int ispub)
+{
+    const unsigned char *p = *in;
+    unsigned int bitlen, magic;
+    int isdss;
+    if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+        return NULL;
+    }
+    length -= 16;
+    if (length < blob_length(bitlen, isdss, ispub)) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    if (isdss)
+        return b2i_dss(&p, bitlen, ispub);
+    else
+        return b2i_rsa(&p, bitlen, ispub);
+}
+
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+{
+    const unsigned char *p;
+    unsigned char hdr_buf[16], *buf = NULL;
+    unsigned int bitlen, magic, length;
+    int isdss;
+    EVP_PKEY *ret = NULL;
+    if (BIO_read(in, hdr_buf, 16) != 16) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    p = hdr_buf;
+    if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+        return NULL;
+
+    length = blob_length(bitlen, isdss, ispub);
+    if (length > BLOB_MAX_LENGTH) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+        return NULL;
+    }
+    buf = OPENSSL_malloc(length);
+    if (buf == NULL) {
+        PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (BIO_read(in, buf, length) != (int)length) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        goto err;
+    }
+
+    if (isdss)
+        ret = b2i_dss(&p, bitlen, ispub);
+    else
+        ret = b2i_rsa(&p, bitlen, ispub);
+
+ err:
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *p = *in;
+    EVP_PKEY *ret = NULL;
+    DSA *dsa = NULL;
+    BN_CTX *ctx = NULL;
+    unsigned int nbyte;
+    BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
+    BIGNUM *pub_key = NULL;
+
+    nbyte = (bitlen + 7) >> 3;
+
+    dsa = DSA_new();
+    ret = EVP_PKEY_new();
+    if (dsa == NULL || ret == NULL)
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &pbn))
+        goto memerr;
+
+    if (!read_lebn(&p, 20, &qbn))
+        goto memerr;
+
+    if (!read_lebn(&p, nbyte, &gbn))
+        goto memerr;
+
+    if (ispub) {
+        if (!read_lebn(&p, nbyte, &pub_key))
+            goto memerr;
+    } else {
+        if (!read_lebn(&p, 20, &priv_key))
+            goto memerr;
+
+        /* Calculate public key */
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto memerr;
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto memerr;
+
+        if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))
+            goto memerr;
+
+        BN_CTX_free(ctx);
+        ctx = NULL;
+    }
+    if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))
+        goto memerr;
+    pbn = qbn = gbn = NULL;
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto memerr;
+    pub_key = priv_key = NULL;
+
+    if (!EVP_PKEY_set1_DSA(ret, dsa))
+        goto memerr;
+    DSA_free(dsa);
+    *in = p;
+    return ret;
+
+ memerr:
+    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+    DSA_free(dsa);
+    BN_free(pbn);
+    BN_free(qbn);
+    BN_free(gbn);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    EVP_PKEY_free(ret);
+    BN_CTX_free(ctx);
+    return NULL;
+}
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *pin = *in;
+    EVP_PKEY *ret = NULL;
+    BIGNUM *e = NULL, *n = NULL, *d = NULL;
+    BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+    RSA *rsa = NULL;
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    rsa = RSA_new();
+    ret = EVP_PKEY_new();
+    if (rsa == NULL || ret == NULL)
+        goto memerr;
+    e = BN_new();
+    if (e == NULL)
+        goto memerr;
+    if (!BN_set_word(e, read_ledword(&pin)))
+        goto memerr;
+    if (!read_lebn(&pin, nbyte, &n))
+        goto memerr;
+    if (!ispub) {
+        if (!read_lebn(&pin, hnbyte, &p))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &q))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmp1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmq1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &iqmp))
+            goto memerr;
+        if (!read_lebn(&pin, nbyte, &d))
+            goto memerr;
+        if (!RSA_set0_factors(rsa, p, q))
+            goto memerr;
+        p = q = NULL;
+        if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
+            goto memerr;
+        dmp1 = dmq1 = iqmp = NULL;
+    }
+    if (!RSA_set0_key(rsa, n, e, d))
+        goto memerr;
+    n = e = d = NULL;
+
+    if (!EVP_PKEY_set1_RSA(ret, rsa))
+        goto memerr;
+    RSA_free(rsa);
+    *in = pin;
+    return ret;
+ memerr:
+    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+    BN_free(e);
+    BN_free(n);
+    BN_free(p);
+    BN_free(q);
+    BN_free(dmp1);
+    BN_free(dmq1);
+    BN_free(iqmp);
+    BN_free(d);
+    RSA_free(rsa);
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 0);
+}
+
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 1);
+}
+
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 0);
+}
+
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 1);
+}
+
+static void write_ledword(unsigned char **out, unsigned int dw)
+{
+    unsigned char *p = *out;
+    *p++ = dw & 0xff;
+    *p++ = (dw >> 8) & 0xff;
+    *p++ = (dw >> 16) & 0xff;
+    *p++ = (dw >> 24) & 0xff;
+    *out = p;
+}
+
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+{
+    BN_bn2lebinpad(bn, *out, len);
+    *out += len;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *p;
+    unsigned int bitlen, magic = 0, keyalg;
+    int outlen, noinc = 0;
+    int pktype = EVP_PKEY_id(pk);
+    if (pktype == EVP_PKEY_DSA) {
+        bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_DSS_SIGN;
+    } else if (pktype == EVP_PKEY_RSA) {
+        bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_RSA_KEYX;
+    } else
+        return -1;
+    if (bitlen == 0)
+        return -1;
+    outlen = 16 + blob_length(bitlen,
+                              keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+    if (out == NULL)
+        return outlen;
+    if (*out)
+        p = *out;
+    else {
+        p = OPENSSL_malloc(outlen);
+        if (p == NULL)
+            return -1;
+        *out = p;
+        noinc = 1;
+    }
+    if (ispub)
+        *p++ = MS_PUBLICKEYBLOB;
+    else
+        *p++ = MS_PRIVATEKEYBLOB;
+    *p++ = 0x2;
+    *p++ = 0;
+    *p++ = 0;
+    write_ledword(&p, keyalg);
+    write_ledword(&p, magic);
+    write_ledword(&p, bitlen);
+    if (keyalg == MS_KEYALG_DSS_SIGN)
+        write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
+    else
+        write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
+    if (!noinc)
+        *out += outlen;
+    return outlen;
+}
+
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = do_i2b(&tmp, pk, ispub);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen)
+        return outlen;
+    return -1;
+}
+
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+    int bitlen;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    bitlen = BN_num_bits(p);
+    if ((bitlen & 7) || (BN_num_bits(q) != 160)
+        || (BN_num_bits(g) > bitlen))
+        goto badkey;
+    if (ispub) {
+        if (BN_num_bits(pub_key) > bitlen)
+            goto badkey;
+        *pmagic = MS_DSS1MAGIC;
+    } else {
+        if (BN_num_bits(priv_key) > 160)
+            goto badkey;
+        *pmagic = MS_DSS2MAGIC;
+    }
+
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+{
+    int nbyte, hnbyte, bitlen;
+    const BIGNUM *e;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    if (BN_num_bits(e) > 32)
+        goto badkey;
+    bitlen = RSA_bits(rsa);
+    nbyte = RSA_size(rsa);
+    hnbyte = (bitlen + 15) >> 4;
+    if (ispub) {
+        *pmagic = MS_RSA1MAGIC;
+        return bitlen;
+    } else {
+        const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
+
+        *pmagic = MS_RSA2MAGIC;
+
+        /*
+         * For private key each component must fit within nbyte or hnbyte.
+         */
+        RSA_get0_key(rsa, NULL, NULL, &d);
+        if (BN_num_bytes(d) > nbyte)
+            goto badkey;
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+        if ((BN_num_bytes(iqmp) > hnbyte)
+            || (BN_num_bytes(p) > hnbyte)
+            || (BN_num_bytes(q) > hnbyte)
+            || (BN_num_bytes(dmp1) > hnbyte)
+            || (BN_num_bytes(dmq1) > hnbyte))
+            goto badkey;
+    }
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+{
+    int nbyte, hnbyte;
+    const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
+
+    nbyte = RSA_size(rsa);
+    hnbyte = (RSA_bits(rsa) + 15) >> 4;
+    RSA_get0_key(rsa, &n, &e, &d);
+    write_lebn(out, e, 4);
+    write_lebn(out, n, nbyte);
+    if (ispub)
+        return;
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    write_lebn(out, p, hnbyte);
+    write_lebn(out, q, hnbyte);
+    write_lebn(out, dmp1, hnbyte);
+    write_lebn(out, dmq1, hnbyte);
+    write_lebn(out, iqmp, hnbyte);
+    write_lebn(out, d, nbyte);
+}
+
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+{
+    int nbyte;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    nbyte = BN_num_bytes(p);
+    write_lebn(out, p, nbyte);
+    write_lebn(out, q, 20);
+    write_lebn(out, g, nbyte);
+    if (ispub)
+        write_lebn(out, pub_key, nbyte);
+    else
+        write_lebn(out, priv_key, 20);
+    /* Set "invalid" for seed structure values */
+    memset(*out, 0xff, 24);
+    *out += 24;
+    return;
+}
+
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 0);
+}
+
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 1);
+}
+
+# ifndef OPENSSL_NO_RC4
+
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                         int skip_magic,
+                         unsigned int *psaltlen, unsigned int *pkeylen)
+{
+    const unsigned char *p = *in;
+    unsigned int pvk_magic, is_encrypted;
+    if (skip_magic) {
+        if (length < 20) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+    } else {
+        if (length < 24) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+        pvk_magic = read_ledword(&p);
+        if (pvk_magic != MS_PVKMAGIC) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+            return 0;
+        }
+    }
+    /* Skip reserved */
+    p += 4;
+    /*
+     * keytype =
+     */ read_ledword(&p);
+    is_encrypted = read_ledword(&p);
+    *psaltlen = read_ledword(&p);
+    *pkeylen = read_ledword(&p);
+
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
+    if (is_encrypted && !*psaltlen) {
+        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+        return 0;
+    }
+
+    *in = p;
+    return 1;
+}
+
+static int derive_pvk_key(unsigned char *key,
+                          const unsigned char *salt, unsigned int saltlen,
+                          const unsigned char *pass, int passlen)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int rv = 1;
+    if (mctx == NULL
+        || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(mctx, salt, saltlen)
+        || !EVP_DigestUpdate(mctx, pass, passlen)
+        || !EVP_DigestFinal_ex(mctx, key, NULL))
+        rv = 0;
+
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                             unsigned int saltlen, unsigned int keylen,
+                             pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *ret = NULL;
+    const unsigned char *p = *in;
+    unsigned int magic;
+    unsigned char *enctmp = NULL, *q;
+
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
+    if (saltlen) {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
+            goto err;
+        }
+        enctmp = OPENSSL_malloc(keylen + 8);
+        if (enctmp == NULL) {
+            PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+            goto err;
+        p += saltlen;
+        /* Copy BLOBHEADER across, decrypt rest */
+        memcpy(enctmp, p, 8);
+        p += 8;
+        if (keylen < 8) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+            goto err;
+        }
+        inlen = keylen - 8;
+        q = enctmp + 8;
+        if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto err;
+        if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+            goto err;
+        if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+            goto err;
+        magic = read_ledword((const unsigned char **)&q);
+        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+            q = enctmp + 8;
+            memset(keybuf + 5, 0, 11);
+            if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+                goto err;
+            OPENSSL_cleanse(keybuf, 20);
+            if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+                goto err;
+            if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+                goto err;
+            magic = read_ledword((const unsigned char **)&q);
+            if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                goto err;
+            }
+        } else
+            OPENSSL_cleanse(keybuf, 20);
+        p = enctmp;
+    }
+
+    ret = b2i_PrivateKey(&p, keylen);
+ err:
+    EVP_CIPHER_CTX_free(cctx);
+    OPENSSL_free(enctmp);
+    return ret;
+}
+
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    unsigned char pvk_hdr[24], *buf = NULL;
+    const unsigned char *p;
+    int buflen;
+    EVP_PKEY *ret = NULL;
+    unsigned int saltlen, keylen;
+    if (BIO_read(in, pvk_hdr, 24) != 24) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        return NULL;
+    }
+    p = pvk_hdr;
+
+    if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+        return 0;
+    buflen = (int)keylen + saltlen;
+    buf = OPENSSL_malloc(buflen);
+    if (buf == NULL) {
+        PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = buf;
+    if (BIO_read(in, buf, buflen) != buflen) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        goto err;
+    }
+    ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+
+ err:
+    OPENSSL_clear_free(buf, buflen);
+    return ret;
+}
+
+static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+                   pem_password_cb *cb, void *u)
+{
+    int outlen = 24, pklen;
+    unsigned char *p = NULL, *start = NULL, *salt = NULL;
+    EVP_CIPHER_CTX *cctx = NULL;
+    if (enclevel)
+        outlen += PVK_SALTLEN;
+    pklen = do_i2b(NULL, pk, 0);
+    if (pklen < 0)
+        return -1;
+    outlen += pklen;
+    if (out == NULL)
+        return outlen;
+    if (*out != NULL) {
+        p = *out;
+    } else {
+        start = p = OPENSSL_malloc(outlen);
+        if (p == NULL) {
+            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    cctx = EVP_CIPHER_CTX_new();
+    if (cctx == NULL)
+        goto error;
+
+    write_ledword(&p, MS_PVKMAGIC);
+    write_ledword(&p, 0);
+    if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
+        write_ledword(&p, MS_KEYTYPE_SIGN);
+    else
+        write_ledword(&p, MS_KEYTYPE_KEYX);
+    write_ledword(&p, enclevel ? 1 : 0);
+    write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
+    write_ledword(&p, pklen);
+    if (enclevel) {
+        if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+            goto error;
+        salt = p;
+        p += PVK_SALTLEN;
+    }
+    do_i2b(&p, pk, 0);
+    if (enclevel != 0) {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
+            goto error;
+        }
+        if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+            goto error;
+        if (enclevel == 1)
+            memset(keybuf + 5, 0, 11);
+        p = salt + PVK_SALTLEN + 8;
+        if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto error;
+        OPENSSL_cleanse(keybuf, 20);
+        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+            goto error;
+        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+            goto error;
+    }
+
+    EVP_CIPHER_CTX_free(cctx);
+
+    if (*out == NULL)
+        *out = start;
+
+    return outlen;
+
+ error:
+    EVP_CIPHER_CTX_free(cctx);
+    if (*out == NULL)
+        OPENSSL_free(start);
+    return -1;
+}
+
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen) {
+        PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+        return outlen;
+    }
+    return -1;
+}
+
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/perlasm/README b/openssl-1.1.0h/crypto/perlasm/README
new file mode 100644
index 0000000..e90bd8e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/README
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one original script.
+
+The way to use this library is to start with adding the path to this directory
+and then include it.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+The first thing we do is setup the file and type of assembler
+
+&asm_init($ARGV[0],$0);
+
+The first argument is the 'type'.  Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+
+The reciprocal function is
+&asm_finish() which should be called at the end.
+
+There are 2 main 'packages'. x86ms.pl, which is the Microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+
+Functions of interest are:
+&external_label("des_SPtrans");	declare and external variable
+&LB(reg);			Low byte for a register
+&HB(reg);			High byte for a register
+&BP(off,base,index,scale)	Byte pointer addressing
+&DWP(off,base,index,scale)	Word pointer addressing
+&stack_push(num)		Basically a 'sub esp, num*4' with extra
+&stack_pop(num)			inverse of stack_push
+&function_begin(name,extra)	Start a function with pushing of
+				edi, esi, ebx and ebp.  extra is extra win32
+				external info that may be required.
+&function_begin_B(name,extra)	Same as normal function_begin but no pushing.
+&function_end(name)		Call at end of function.
+&function_end_A(name)		Standard pop and ret, for use inside functions
+&function_end_B(name)		Call at end but with poping or 'ret'.
+&swtmp(num)			Address on stack temp word.
+&wparam(num)			Parameter number num, that was push
+				in C convention.  This all works over pushes
+				and pops.
+&comment("hello there")		Put in a comment.
+&label("loop")			Refer to a label, normally a jmp target.
+&set_label("loop")		Set a label at this point.
+&data_word(word)		Put in a word of data.
+
+So how does this all hold together?  Given
+
+int calc(int len, int *data)
+	{
+	int i,j=0;
+
+	for (i=0; i<len; i++)
+		{
+		j+=other(data[i]);
+		}
+	}
+
+So a very simple version of this function could be coded as
+
+	push(@INC,"perlasm","../../perlasm");
+	require "x86asm.pl";
+	
+	&asm_init($ARGV[0],"cacl.pl");
+
+	&external_label("other");
+
+	$tmp1=	"eax";
+	$j=	"edi";
+	$data=	"esi";
+	$i=	"ebp";
+
+	&comment("a simple function");
+	&function_begin("calc");
+	&mov(	$data,		&wparam(1)); # data
+	&xor(	$j,		$j);
+	&xor(	$i,		$i);
+
+	&set_label("loop");
+	&cmp(	$i,		&wparam(0));
+	&jge(	&label("end"));
+
+	&mov(	$tmp1,		&DWP(0,$data,$i,4));
+	&push(	$tmp1);
+	&call(	"other");
+	&add(	$j,		"eax");
+	&pop(	$tmp1);
+	&inc(	$i);
+	&jmp(	&label("loop"));
+
+	&set_label("end");
+	&mov(	"eax",		$j);
+
+	&function_end("calc");
+
+	&asm_finish();
+
+The above example is very very unoptimised but gives an idea of how
+things work.
+
+There is also a cbc mode function generator in cbc.pl
+
+&cbc(	$name,
+	$encrypt_function_name,
+	$decrypt_function_name,
+	$true_if_byte_swap_needed,
+	$parameter_number_for_iv,
+	$parameter_number_for_encrypt_flag,
+	$first_parameter_to_pass,
+	$second_parameter_to_pass,
+	$third_parameter_to_pass);
+
+So for example, given
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *ks, unsigned char *iv, int enc);
+
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
diff --git a/openssl-1.1.0h/crypto/perlasm/arm-xlate.pl b/openssl-1.1.0h/crypto/perlasm/arm-xlate.pl
new file mode 100755
index 0000000..ca2f8b9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/arm-xlate.pl
@@ -0,0 +1,177 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+$flavour = "linux32" if (!$flavour or $flavour eq "void");
+
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $arch = sub {
+    if ($flavour =~ /linux/)	{ ".arch\t".join(',',@_); }
+    else			{ ""; }
+};
+my $fpu = sub {
+    if ($flavour =~ /linux/)	{ ".fpu\t".join(',',@_); }
+    else			{ ""; }
+};
+my $hidden = sub {
+    if ($flavour =~ /ios/)	{ ".private_extern\t".join(',',@_); }
+    else			{ ".hidden\t".join(',',@_); }
+};
+my $comm = sub {
+    my @args = split(/,\s*/,shift);
+    my $name = @args[0];
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    if ($flavour =~ /ios32/)	{
+	$ret = ".comm\t_$name,@args[1]\n";
+	$ret .= ".non_lazy_symbol_pointer\n";
+	$ret .= "$name:\n";
+	$ret .= ".indirect_symbol\t_$name\n";
+	$ret .= ".long\t0";
+	$name = "_$name";
+    } else			{ $ret = ".comm\t".join(',',@args); }
+
+    $$global = $name;
+    $ret;
+};
+my $globl = sub {
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    SWITCH: for ($flavour) {
+	/ios/		&& do { $name = "_$name";
+				last;
+			      };
+    }
+
+    $ret = ".globl	$name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $global = $globl;
+my $extern = sub {
+    &$globl(@_);
+    return;	# return nothing
+};
+my $type = sub {
+    if ($flavour =~ /linux/)	{ ".type\t".join(',',@_); }
+    elsif ($flavour =~ /ios32/)	{ if (join(',',@_) =~ /(\w+),%function/) {
+					"#ifdef __thumb2__\n".
+					".thumb_func	$1\n".
+					"#endif";
+				  }
+			        }
+    else			{ ""; }
+};
+my $size = sub {
+    if ($flavour =~ /linux/)	{ ".size\t".join(',',@_); }
+    else			{ ""; }
+};
+my $inst = sub {
+    if ($flavour =~ /linux/)    { ".inst\t".join(',',@_); }
+    else                        { ".long\t".join(',',@_); }
+};
+my $asciz = sub {
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
+    else
+    {	"";	}
+};
+
+sub range {
+  my ($r,$sfx,$start,$end) = @_;
+
+    join(",",map("$r$_$sfx",($start..$end)));
+}
+
+sub expand_line {
+  my $line = shift;
+  my @ret = ();
+
+    pos($line)=0;
+
+    while ($line =~ m/\G[^@\/\{\"]*/g) {
+	if ($line =~ m/\G(@|\/\/|$)/gc) {
+	    last;
+	}
+	elsif ($line =~ m/\G\{/gc) {
+	    my $saved_pos = pos($line);
+	    $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e;
+	    pos($line) = $saved_pos;
+	    $line =~ m/\G[^\}]*\}/g;
+	}
+	elsif ($line =~ m/\G\"/gc) {
+	    $line =~ m/\G[^\"]*\"/g;
+	}
+    }
+
+    $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge;
+
+    return $line;
+}
+
+while(my $line=<>) {
+
+    if ($line =~ m/^\s*(#|@|\/\/)/)	{ print $line; next; }
+
+    $line =~ s|/\*.*\*/||;	# get rid of C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;		# ... and at the end
+
+    {
+	$line =~ s|[\b\.]L(\w{2,})|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\bL(\w{2,})|\.L$1|g	if ($dotinlocallabels);
+    }
+
+    {
+	$line =~ s|(^[\.\w]+)\:\s*||;
+	my $label = $1;
+	if ($label) {
+	    printf "%s:",($GLOBALS{$label} or $label);
+	}
+    }
+
+    if ($line !~ m/^[#@]/) {
+	$line =~ s|^\s*(\.?)(\S+)\s*||;
+	my $c = $1; $c = "\t" if ($c eq "");
+	my $mnemonic = $2;
+	my $opcode;
+	if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) {
+	    $opcode = eval("\$$1_$2");
+	} else {
+	    $opcode = eval("\$$mnemonic");
+	}
+
+	my $arg=expand_line($line);
+
+	if (ref($opcode) eq 'CODE') {
+		$line = &$opcode($arg);
+	} elsif ($mnemonic)         {
+		$line = $c.$mnemonic;
+		$line.= "\t$arg" if ($arg ne "");
+	}
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/perlasm/cbc.pl b/openssl-1.1.0h/crypto/perlasm/cbc.pl
new file mode 100644
index 0000000..ad79b24
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/cbc.pl
@@ -0,0 +1,356 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls 
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+#	1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+#	0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+#	0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+	{
+	local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
+	# name is the function name
+	# enc_func and dec_func and the functions to call for encrypt/decrypt
+	# swap is true if byte order needs to be reversed
+	# iv_off is parameter number for the iv 
+	# enc_off is parameter number for the encrypt/decrypt flag
+	# p1,p2,p3 are the offsets for parameters to be passed to the
+	# underlying calls.
+
+	&function_begin_B($name,"");
+	&comment("");
+
+	$in="esi";
+	$out="edi";
+	$count="ebp";
+
+	&push("ebp");
+	&push("ebx");
+	&push("esi");
+	&push("edi");
+
+	$data_off=4;
+	$data_off+=4 if ($p1 > 0);
+	$data_off+=4 if ($p2 > 0);
+	$data_off+=4 if ($p3 > 0);
+
+	&mov($count,	&wparam(2));	# length
+
+	&comment("getting iv ptr from parameter $iv_off");
+	&mov("ebx",	&wparam($iv_off));	# Get iv ptr
+
+	&mov($in,	&DWP(0,"ebx","",0));#	iv[0]
+	&mov($out,	&DWP(4,"ebx","",0));#	iv[1]
+
+	&push($out);
+	&push($in);
+	&push($out);	# used in decrypt for iv[1]
+	&push($in);	# used in decrypt for iv[0]
+
+	&mov("ebx",	"esp");		# This is the address of tin[2]
+
+	&mov($in,	&wparam(0));	# in
+	&mov($out,	&wparam(1));	# out
+
+	# We have loaded them all, how lets push things
+	&comment("getting encrypt flag from parameter $enc_off");
+	&mov("ecx",	&wparam($enc_off));	# Get enc flag
+	if ($p3 > 0)
+		{
+		&comment("get and push parameter $p3");
+		if ($enc_off != $p3)
+			{ &mov("eax",	&wparam($p3)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p2 > 0)
+		{
+		&comment("get and push parameter $p2");
+		if ($enc_off != $p2)
+			{ &mov("eax",	&wparam($p2)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	if ($p1 > 0)
+		{
+		&comment("get and push parameter $p1");
+		if ($enc_off != $p1)
+			{ &mov("eax",	&wparam($p1)); &push("eax"); }
+		else	{ &push("ecx"); }
+		}
+	&push("ebx");		# push data/iv
+
+	&cmp("ecx",0);
+	&jz(&label("decrypt"));
+
+	&and($count,0xfffffff8);
+	&mov("eax",	&DWP($data_off,"esp","",0));	# load iv[0]
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	# load iv[1]
+
+	&jz(&label("encrypt_finish"));
+
+	#############################################################
+
+	&set_label("encrypt_loop");
+	# encrypt start 
+	# "eax" and "ebx" hold iv (or the last cipher text)
+
+	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("edx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	# eax and ebx are the next iv.
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("encrypt_loop"));
+
+###################################################################3
+	&set_label("encrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+	&call(&label("PIC_point"));
+&set_label("PIC_point");
+	&blindpop("edx");
+	&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
+	&mov($count,&DWP(0,"ecx",$count,4));
+	&add($count,"edx");
+	&xor("ecx","ecx");
+	&xor("edx","edx");
+	#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+	&jmp_ptr($count);
+
+&set_label("ej7");
+	&movb(&HB("edx"),	&BP(6,$in,"",0));
+	&shl("edx",8);
+&set_label("ej6");
+	&movb(&HB("edx"),	&BP(5,$in,"",0));
+&set_label("ej5");
+	&movb(&LB("edx"),	&BP(4,$in,"",0));
+&set_label("ej4");
+	&mov("ecx",		&DWP(0,$in,"",0));
+	&jmp(&label("ejend"));
+&set_label("ej3");
+	&movb(&HB("ecx"),	&BP(2,$in,"",0));
+	&shl("ecx",8);
+&set_label("ej2");
+	&movb(&HB("ecx"),	&BP(1,$in,"",0));
+&set_label("ej1");
+	&movb(&LB("ecx"),	&BP(0,$in,"",0));
+&set_label("ejend");
+
+	&xor("eax",	"ecx");
+	&xor("ebx",	"edx");
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($enc_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP(0,$out,"",0),"eax");
+	&mov(&DWP(4,$out,"",0),"ebx");
+
+	&jmp(&label("finish"));
+
+	#############################################################
+	#############################################################
+	&set_label("decrypt",1);
+	# decrypt start 
+	&and($count,0xfffffff8);
+	# The next 2 instructions are only for if the jz is taken
+	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("ebx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+	&jz(&label("decrypt_finish"));
+
+	&set_label("decrypt_loop");
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+	&mov(&DWP(0,$out,"",0),"ecx");
+	&mov(&DWP(4,$out,"",0),"edx");
+
+	&mov(&DWP($data_off+8,"esp","",0),	"eax");	# save iv
+	&mov(&DWP($data_off+12,"esp","",0),	"ebx");	#
+
+	&add($in,	8);
+	&add($out,	8);
+
+	&sub($count,	8);
+	&jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+	&set_label("decrypt_finish");
+	&mov($count,	&wparam(2));	# length
+	&and($count,	7);
+	&jz(&label("finish"));
+
+	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
+	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
+	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
+
+	&call($dec_func);
+
+	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
+	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
+
+	&bswap("eax")	if $swap;
+	&bswap("ebx")	if $swap;
+
+	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
+	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
+
+	&xor("ecx",	"eax");
+	&xor("edx",	"ebx");
+
+	# this is for when we exit
+	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
+	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
+
+&set_label("dj7");
+	&rotr("edx",	16);
+	&movb(&BP(6,$out,"",0),	&LB("edx"));
+	&shr("edx",16);
+&set_label("dj6");
+	&movb(&BP(5,$out,"",0),	&HB("edx"));
+&set_label("dj5");
+	&movb(&BP(4,$out,"",0),	&LB("edx"));
+&set_label("dj4");
+	&mov(&DWP(0,$out,"",0),	"ecx");
+	&jmp(&label("djend"));
+&set_label("dj3");
+	&rotr("ecx",	16);
+	&movb(&BP(2,$out,"",0),	&LB("ecx"));
+	&shl("ecx",16);
+&set_label("dj2");
+	&movb(&BP(1,$in,"",0),	&HB("ecx"));
+&set_label("dj1");
+	&movb(&BP(0,$in,"",0),	&LB("ecx"));
+&set_label("djend");
+
+	# final iv is still in eax:ebx
+	&jmp(&label("finish"));
+
+
+############################ FINISH #######################3
+	&set_label("finish",1);
+	&mov("ecx",	&wparam($iv_off));	# Get iv ptr
+
+	#################################################
+	$total=16+4;
+	$total+=4 if ($p1 > 0);
+	$total+=4 if ($p2 > 0);
+	$total+=4 if ($p3 > 0);
+	&add("esp",$total);
+
+	&mov(&DWP(0,"ecx","",0),	"eax");	# save iv
+	&mov(&DWP(4,"ecx","",0),	"ebx");	# save iv
+
+	&function_end_A($name);
+
+	&align(64);
+	&set_label("cbc_enc_jmp_table");
+	&data_word("0");
+	&data_word(&label("ej1")."-".&label("PIC_point"));
+	&data_word(&label("ej2")."-".&label("PIC_point"));
+	&data_word(&label("ej3")."-".&label("PIC_point"));
+	&data_word(&label("ej4")."-".&label("PIC_point"));
+	&data_word(&label("ej5")."-".&label("PIC_point"));
+	&data_word(&label("ej6")."-".&label("PIC_point"));
+	&data_word(&label("ej7")."-".&label("PIC_point"));
+	# not used
+	#&set_label("cbc_dec_jmp_table",1);
+	#&data_word("0");
+	#&data_word(&label("dj1")."-".&label("PIC_point"));
+	#&data_word(&label("dj2")."-".&label("PIC_point"));
+	#&data_word(&label("dj3")."-".&label("PIC_point"));
+	#&data_word(&label("dj4")."-".&label("PIC_point"));
+	#&data_word(&label("dj5")."-".&label("PIC_point"));
+	#&data_word(&label("dj6")."-".&label("PIC_point"));
+	#&data_word(&label("dj7")."-".&label("PIC_point"));
+	&align(64);
+
+	&function_end_B($name);
+	
+	}
+
+1;
diff --git a/openssl-1.1.0h/crypto/perlasm/ppc-xlate.pl b/openssl-1.1.0h/crypto/perlasm/ppc-xlate.pl
new file mode 100755
index 0000000..2d46e24
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/ppc-xlate.pl
@@ -0,0 +1,265 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $globl = sub {
+    my $junk = shift;
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    $name =~ s|^[\.\_]||;
+ 
+    SWITCH: for ($flavour) {
+	/aix/		&& do { $name = ".$name";
+				last;
+			      };
+	/osx/		&& do { $name = "_$name";
+				last;
+			      };
+	/linux.*(32|64le)/
+			&& do {	$ret .= ".globl	$name\n";
+				$ret .= ".type	$name,\@function";
+				last;
+			      };
+	/linux.*64/	&& do {	$ret .= ".globl	$name\n";
+				$ret .= ".type	$name,\@function\n";
+				$ret .= ".section	\".opd\",\"aw\"\n";
+				$ret .= ".align	3\n";
+				$ret .= "$name:\n";
+				$ret .= ".quad	.$name,.TOC.\@tocbase,0\n";
+				$ret .= ".previous\n";
+
+				$name = ".$name";
+				last;
+			      };
+    }
+
+    $ret = ".globl	$name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $text = sub {
+    my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
+    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64le/);
+    $ret;
+};
+my $machine = sub {
+    my $junk = shift;
+    my $arch = shift;
+    if ($flavour =~ /osx/)
+    {	$arch =~ s/\"//g;
+	$arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+    }
+    ".machine	$arch";
+};
+my $size = sub {
+    if ($flavour =~ /linux/)
+    {	shift;
+	my $name = shift; $name =~ s|^[\.\_]||;
+	my $ret  = ".size	$name,.-".($flavour=~/64$/?".":"").$name;
+	$ret .= "\n.size	.$name,.-.$name" if ($flavour=~/64$/);
+	$ret;
+    }
+    else
+    {	"";	}
+};
+my $asciz = sub {
+    shift;
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
+    else
+    {	"";	}
+};
+my $quad = sub {
+    shift;
+    my @ret;
+    my ($hi,$lo);
+    for (@_) {
+	if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io)
+	{  $hi=$1?"0x$1":"0"; $lo="0x$2";  }
+	elsif (/^([0-9]+)$/o)
+	{  $hi=$1>>32; $lo=$1&0xffffffff;  } # error-prone with 32-bit perl
+	else
+	{  $hi=undef; $lo=$_; }
+
+	if (defined($hi))
+	{  push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo");  }
+	else
+	{  push(@ret,".quad	$lo");  }
+    }
+    join("\n",@ret);
+};
+
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+    my $f = shift;
+    my $cr = 0; $cr = shift if ($#_>1);
+    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+    ($flavour =~ /linux.*32/) ?
+	"	.long	".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+	"	cmplw	".join(',',$cr,@_);
+};
+my $bdnz = sub {
+    my $f = shift;
+    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;	# optional "to be taken" hint
+    "	bc	$bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+	"	bclr	$bo,0";
+};
+my $bnelr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 4+2 : 4;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+my $beqlr = sub {
+    my $f = shift;
+    my $bo = $f=~/-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+    my ($f,$ra,$rs,$n,$b) = @_;
+    $b = ($b+$n)&63; $n = 64-$n;
+    "	rldicl	$ra,$rs,$b,$n";
+};
+my $vmr = sub {
+    my ($f,$vx,$vy) = @_;
+    "	vor	$vx,$vy,$vy";
+};
+
+# Some ABIs specify vrsave, special-purpose register #256, as reserved
+# for system use.
+my $no_vrsave = ($flavour =~ /aix|linux64le/);
+my $mtspr = sub {
+    my ($f,$idx,$ra) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	or	$ra,$ra,$ra";
+    } else {
+	"	mtspr	$idx,$ra";
+    }
+};
+my $mfspr = sub {
+    my ($f,$rd,$idx) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	li	$rd,-1";
+    } else {
+	"	mfspr	$rd,$idx";
+    }
+};
+
+# PowerISA 2.06 stuff
+sub vsxmem_op {
+    my ($f, $vrt, $ra, $rb, $op) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|($rb<<11)|($op*2+1);
+}
+# made-up unaligned memory reference AltiVec/VMX instructions
+my $lvx_u	= sub {	vsxmem_op(@_, 844); };	# lxvd2x
+my $stvx_u	= sub {	vsxmem_op(@_, 972); };	# stxvd2x
+my $lvdx_u	= sub {	vsxmem_op(@_, 588); };	# lxsdx
+my $stvdx_u	= sub {	vsxmem_op(@_, 716); };	# stxsdx
+my $lvx_4w	= sub { vsxmem_op(@_, 780); };	# lxvw4x
+my $stvx_4w	= sub { vsxmem_op(@_, 908); };	# stxvw4x
+
+# PowerISA 2.07 stuff
+sub vcrypto_op {
+    my ($f, $vrt, $vra, $vrb, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op;
+}
+my $vcipher	= sub { vcrypto_op(@_, 1288); };
+my $vcipherlast	= sub { vcrypto_op(@_, 1289); };
+my $vncipher	= sub { vcrypto_op(@_, 1352); };
+my $vncipherlast= sub { vcrypto_op(@_, 1353); };
+my $vsbox	= sub { vcrypto_op(@_, 0, 1480); };
+my $vshasigmad	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1730); };
+my $vshasigmaw	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1666); };
+my $vpmsumb	= sub { vcrypto_op(@_, 1032); };
+my $vpmsumd	= sub { vcrypto_op(@_, 1224); };
+my $vpmsubh	= sub { vcrypto_op(@_, 1096); };
+my $vpmsumw	= sub { vcrypto_op(@_, 1160); };
+my $vaddudm	= sub { vcrypto_op(@_, 192);  };
+
+my $mtsle	= sub {
+    my ($f, $arg) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2);
+};
+
+# PowerISA 3.0 stuff
+my $maddhdu = sub {
+    my ($f, $rt, $ra, $rb, $rc) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|49;
+};
+my $maddld = sub {
+    my ($f, $rt, $ra, $rb, $rc) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|51;
+};
+
+my $darn = sub {
+    my ($f, $rt, $l) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1);
+};
+
+while($line=<>) {
+
+    $line =~ s|[#!;].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;		# ... and at the end
+
+    {
+	$line =~ s|\b\.L(\w+)|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\bL(\w+)|\.L$1|g	if ($dotinlocallabels);
+    }
+
+    {
+	$line =~ s|(^[\.\w]+)\:\s*||;
+	my $label = $1;
+	if ($label) {
+	    printf "%s:",($GLOBALS{$label} or $label);
+	    printf "\n.localentry\t$GLOBALS{$label},0"	if ($GLOBALS{$label} && $flavour =~ /linux.*64le/);
+	}
+    }
+
+    {
+	$line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+	my $c = $1; $c = "\t" if ($c eq "");
+	my $mnemonic = $2;
+	my $f = $3;
+	my $opcode = eval("\$$mnemonic");
+	$line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/);
+	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
+	elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/perlasm/sparcv9_modes.pl b/openssl-1.1.0h/crypto/perlasm/sparcv9_modes.pl
new file mode 100644
index 0000000..bfdada8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/sparcv9_modes.pl
@@ -0,0 +1,1702 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Specific modes implementations for SPARC Architecture 2011. There
+# is T4 dependency though, an ASI value that is not specified in the
+# Architecture Manual. But as SPARC universe is rather monocultural,
+# we imply that processor capable of executing crypto instructions
+# can handle the ASI in question as well. This means that we ought to
+# keep eyes open when new processors emerge...
+#
+# As for above mentioned ASI. It's so called "block initializing
+# store" which cancels "read" in "read-update-write" on cache lines.
+# This is "cooperative" optimization, as it reduces overall pressure
+# on memory interface. Benefits can't be observed/quantified with
+# usual benchmarks, on the contrary you can notice that single-thread
+# performance for parallelizable modes is ~1.5% worse for largest
+# block sizes [though few percent better for not so long ones]. All
+# this based on suggestions from David Miller.
+
+$::bias="STACK_BIAS";
+$::frame="STACK_FRAME";
+$::size_t_cc="SIZE_T_CC";
+
+sub asm_init {		# to be called with @ARGV as argument
+    for (@_)		{ $::abibits=64 if (/\-m64/ || /\-xarch\=v9/); }
+    if ($::abibits==64)	{ $::bias=2047; $::frame=192; $::size_t_cc="%xcc"; }
+    else		{ $::bias=0;    $::frame=112; $::size_t_cc="%icc"; }
+}
+
+# unified interface
+my ($inp,$out,$len,$key,$ivec)=map("%i$_",(0..5));
+# local variables
+my ($ileft,$iright,$ooff,$omask,$ivoff,$blk_init)=map("%l$_",(0..7));
+
+sub alg_cbc_encrypt_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_cbc_encrypt
+.align	32
+${alg}${bits}_t4_cbc_encrypt:
+	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_enc_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	sub		$inp, $out, $blk_init	! $inp!=$out
+___
+$::code.=<<___ if (!$::evp);
+	andcc		$ivec, 7, $ivoff
+	alignaddr	$ivec, %g0, $ivec
+
+	ldd		[$ivec + 0], %f0	! load ivec
+	bz,pt		%icc, 1f
+	ldd		[$ivec + 8], %f2
+	ldd		[$ivec + 16], %f4
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+1:
+___
+$::code.=<<___ if ($::evp);
+	ld		[$ivec + 0], %f0
+	ld		[$ivec + 4], %f1
+	ld		[$ivec + 8], %f2
+	ld		[$ivec + 12], %f3
+___
+$::code.=<<___;
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_enckey
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 127
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<128 ||
+	brnz,pn		$blk_init, .L${bits}cbc_enc_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	alignaddrl	$out, %g0, $out
+	srlx		$len, 4, $len
+	prefetch	[$out], 22
+
+.L${bits}_cbc_enc_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_encrypt_1x
+	add		$inp, 16, $inp
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_cbc_enc_loop
+	add		$out, 16, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3f
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+___
+$::code.=<<___;
+.L${bits}_cbc_enc_abort:
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_enc_loop+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3f
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+	ret
+	restore
+
+.align	16
+3:	alignaddrl	$ivec, $ivoff, %g0	! handle unaligned ivec
+	mov		0xff, $omask
+	srl		$omask, $ivoff, $omask
+	faligndata	%f0, %f0, %f4
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$ivec + $omask]0xc0
+	std		%f6, [$ivec + 8]
+	add		$ivec, 16, $ivec
+	orn		%g0, $omask, $omask
+	stda		%f8, [$ivec + $omask]0xc0
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}cbc_enc_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+
+.L${bits}_cbc_enc_blk_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+5:
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_encrypt_1x
+	add		$inp, 16, $inp
+	sub		$len, 1, $len
+		
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	brnz,pt		$len, .L${bits}_cbc_enc_blk_loop
+	add		$out, 8, $out
+
+	membar		#StoreLoad|#StoreStore
+	brnz,pt		$blk_init, .L${bits}_cbc_enc_loop
+	mov		$blk_init, $len
+___
+$::code.=<<___ if ($::evp);
+	st		%f0, [$ivec + 0]
+	st		%f1, [$ivec + 4]
+	st		%f2, [$ivec + 8]
+	st		%f3, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3b
+	nop
+
+	std		%f0, [$ivec + 0]	! write out ivec
+	std		%f2, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_cbc_encrypt,#function
+.size	${alg}${bits}_t4_cbc_encrypt,.-${alg}${bits}_t4_cbc_encrypt
+___
+}
+
+sub alg_cbc_decrypt_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_cbc_decrypt
+.align	32
+${alg}${bits}_t4_cbc_decrypt:
+	save		%sp, -$::frame, %sp
+	cmp		$len, 0
+	be,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+	sub		$inp, $out, $blk_init	! $inp!=$out
+___
+$::code.=<<___ if (!$::evp);
+	andcc		$ivec, 7, $ivoff
+	alignaddr	$ivec, %g0, $ivec
+
+	ldd		[$ivec + 0], %f12	! load ivec
+	bz,pt		%icc, 1f
+	ldd		[$ivec + 8], %f14
+	ldd		[$ivec + 16], %f0
+	faligndata	%f12, %f14, %f12
+	faligndata	%f14, %f0, %f14
+1:
+___
+$::code.=<<___ if ($::evp);
+	ld		[$ivec + 0], %f12	! load ivec
+	ld		[$ivec + 4], %f13
+	ld		[$ivec + 8], %f14
+	ld		[$ivec + 12], %f15
+___
+$::code.=<<___;
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_deckey
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}cbc_dec_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+	srlx		$len, 4, $len
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_cbc_dec_loop2x
+	prefetch	[$out], 22
+.L${bits}_cbc_dec_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g4, %o0, %o2		! ^= rk[0]
+	xor		%g5, %o1, %o3
+	movxtod		%o2, %f0
+	movxtod		%o3, %f2
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_decrypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o0, %f12
+	movxtod		%o1, %f14
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x
+	add		$out, 16, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+.L${bits}_cbc_dec_abort:
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_cbc_dec_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	xor		%g4, %o0, %o4		! ^= rk[0]
+	xor		%g5, %o1, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	xor		%g4, %o2, %o4
+	xor		%g5, %o3, %o5
+	movxtod		%o4, %f4
+	movxtod		%o5, %f6
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_decrypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	fxor		%f8, %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x
+	add		$out, 32, $out
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f6, %f6
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f0, [$out + 8]
+	std		%f2, [$out + 16]
+	std		%f4, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f6, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_cbc_dec_loop2x+4
+	orn		%g0, $omask, $omask
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, .L${bits}_cbc_dec_unaligned_ivec
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+	ret
+	restore
+
+.align	16
+.L${bits}_cbc_dec_unaligned_ivec:
+	alignaddrl	$ivec, $ivoff, %g0	! handle unaligned ivec
+	mov		0xff, $omask
+	srl		$omask, $ivoff, $omask
+	faligndata	%f12, %f12, %f0
+	faligndata	%f12, %f14, %f2
+	faligndata	%f14, %f14, %f4
+	stda		%f0, [$ivec + $omask]0xc0
+	std		%f2, [$ivec + 8]
+	add		$ivec, 16, $ivec
+	orn		%g0, $omask, $omask
+	stda		%f4, [$ivec + $omask]0xc0
+___
+$::code.=<<___;
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}cbc_dec_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_cbc_dec_blk_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	xor		%g4, %o0, %o4		! ^= rk[0]
+	xor		%g5, %o1, %o5
+	movxtod		%o4, %f0
+	movxtod		%o5, %f2
+	xor		%g4, %o2, %o4
+	xor		%g5, %o3, %o5
+	movxtod		%o4, %f4
+	movxtod		%o5, %f6
+
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_decrypt_2x
+	add		$inp, 32, $inp
+	subcc		$len, 2, $len
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	fxor		%f12, %f0, %f0		! ^= ivec
+	fxor		%f14, %f2, %f2
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	fxor		%f8, %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_cbc_dec_blk_loop2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_cbc_dec_loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_cbc_dec_loop2x
+	nop
+___
+$::code.=<<___ if ($::evp);
+	st		%f12, [$ivec + 0]	! write out ivec
+	st		%f13, [$ivec + 4]
+	st		%f14, [$ivec + 8]
+	st		%f15, [$ivec + 12]
+___
+$::code.=<<___ if (!$::evp);
+	brnz,pn		$ivoff, 3b
+	nop
+
+	std		%f12, [$ivec + 0]	! write out ivec
+	std		%f14, [$ivec + 8]
+___
+$::code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_cbc_decrypt,#function
+.size	${alg}${bits}_t4_cbc_decrypt,.-${alg}${bits}_t4_cbc_decrypt
+___
+}
+
+sub alg_ctr32_implement {
+my ($alg,$bits) = @_;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_ctr32_encrypt
+.align	32
+${alg}${bits}_t4_ctr32_encrypt:
+	save		%sp, -$::frame, %sp
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_enckey
+	sllx		$len, 4, $len
+
+	ld		[$ivec + 0], %l4	! counter
+	ld		[$ivec + 4], %l5
+	ld		[$ivec + 8], %l6
+	ld		[$ivec + 12], %l7
+
+	sllx		%l4, 32, %o5
+	or		%l5, %o5, %o5
+	sllx		%l6, 32, %g1
+	xor		%o5, %g4, %g4		! ^= rk[0]
+	xor		%g1, %g5, %g5
+	movxtod		%g4, %f14		! most significant 64 bits
+
+	sub		$inp, $out, $blk_init	! $inp!=$out
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}_ctr32_blk	!	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_ctr32_loop2x
+	srlx		$len, 4, $len
+.L${bits}_ctr32_loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f4
+	aes_eround23	%f18, %f14, %f2, %f2
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f18, %f14, %f2, %f0
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_1x+8
+	add		$inp, 16, $inp
+
+	movxtod		%o0, %f10
+	movxtod		%o1, %f12
+	fxor		%f10, %f0, %f0		! ^= inp
+	fxor		%f12, %f2, %f2
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_ctr32_loop2x
+	add		$out, 16, $out
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_ctr32_loop2x+4
+	orn		%g0, $omask, $omask
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_ctr32_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	xor		%g5, %l7, %g1
+	add		%l7, 1, %l7
+	movxtod		%g1, %f6
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f8
+	aes_eround23	%f18, %f14, %f2, %f2
+	aes_eround01	%f16, %f14, %f6, %f10
+	aes_eround23	%f18, %f14, %f6, %f6
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f16, %f6, %f14, %f6
+	camellia_f	%f18, %f14, %f2, %f0
+	camellia_f	%f18, %f14, %f6, %f4
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_2x+16
+	add		$inp, 32, $inp
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	movxtod		%o2, %f12
+	fxor		%f8, %f0, %f0		! ^= inp
+	movxtod		%o3, %f8
+	fxor		%f10, %f2, %f2
+	fxor		%f12, %f4, %f4
+	fxor		%f8, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_ctr32_loop2x
+	add		$out, 32, $out
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f0
+	faligndata	%f2, %f4, %f2
+	faligndata	%f4, %f6, %f4
+	faligndata	%f6, %f6, %f6
+
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f0, [$out + 8]
+	std		%f2, [$out + 16]
+	std		%f4, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f6, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_ctr32_loop2x+4
+	orn		%g0, $omask, $omask
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_ctr32_blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_ctr32_blk_loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	xor		%g5, %l7, %g1		! ^= rk[0]
+	add		%l7, 1, %l7
+	movxtod		%g1, %f2
+	srl		%l7, 0, %l7		! clruw
+	xor		%g5, %l7, %g1
+	add		%l7, 1, %l7
+	movxtod		%g1, %f6
+	srl		%l7, 0, %l7		! clruw
+	prefetch	[$inp + 32+63], 20
+___
+$::code.=<<___ if ($alg eq "aes");
+	aes_eround01	%f16, %f14, %f2, %f8
+	aes_eround23	%f18, %f14, %f2, %f2
+	aes_eround01	%f16, %f14, %f6, %f10
+	aes_eround23	%f18, %f14, %f6, %f6
+___
+$::code.=<<___ if ($alg eq "cmll");
+	camellia_f	%f16, %f2, %f14, %f2
+	camellia_f	%f16, %f6, %f14, %f6
+	camellia_f	%f18, %f14, %f2, %f0
+	camellia_f	%f18, %f14, %f6, %f4
+___
+$::code.=<<___;
+	call		_${alg}${bits}_encrypt_2x+16
+	add		$inp, 32, $inp
+	subcc		$len, 2, $len
+
+	movxtod		%o0, %f8
+	movxtod		%o1, %f10
+	movxtod		%o2, %f12
+	fxor		%f8, %f0, %f0		! ^= inp
+	movxtod		%o3, %f8
+	fxor		%f10, %f2, %f2
+	fxor		%f12, %f4, %f4
+	fxor		%f8, %f6, %f6
+
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_ctr32_blk_loop2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_ctr32_loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_ctr32_loop2x
+	nop
+
+	ret
+	restore
+.type	${alg}${bits}_t4_ctr32_encrypt,#function
+.size	${alg}${bits}_t4_ctr32_encrypt,.-${alg}${bits}_t4_ctr32_encrypt
+___
+}
+
+sub alg_xts_implement {
+my ($alg,$bits,$dir) = @_;
+my ($inp,$out,$len,$key1,$key2,$ivec)=map("%i$_",(0..5));
+my $rem=$ivec;
+
+$::code.=<<___;
+.globl	${alg}${bits}_t4_xts_${dir}crypt
+.align	32
+${alg}${bits}_t4_xts_${dir}crypt:
+	save		%sp, -$::frame-16, %sp
+	srln		$len, 0, $len		! needed on v8+, "nop" on v9
+
+	mov		$ivec, %o0
+	add		%fp, $::bias-16, %o1
+	call		${alg}_t4_encrypt
+	mov		$key2, %o2
+
+	add		%fp, $::bias-16, %l7
+	ldxa		[%l7]0x88, %g2
+	add		%fp, $::bias-8, %l7
+	ldxa		[%l7]0x88, %g3		! %g3:%g2 is tweak
+
+	sethi		%hi(0x76543210), %l7
+	or		%l7, %lo(0x76543210), %l7
+	bmask		%l7, %g0, %g0		! byte swap mask
+
+	prefetch	[$inp], 20
+	prefetch	[$inp + 63], 20
+	call		_${alg}${bits}_load_${dir}ckey
+	and		$len, 15,  $rem
+	and		$len, -16, $len
+___
+$code.=<<___ if ($dir eq "de");
+	mov		0, %l7
+	movrnz		$rem, 16,  %l7
+	sub		$len, %l7, $len
+___
+$code.=<<___;
+
+	sub		$inp, $out, $blk_init	! $inp!=$out
+	and		$inp, 7, $ileft
+	andn		$inp, 7, $inp
+	sll		$ileft, 3, $ileft
+	mov		64, $iright
+	mov		0xff, $omask
+	sub		$iright, $ileft, $iright
+	and		$out, 7, $ooff
+	cmp		$len, 255
+	movrnz		$ooff, 0, $blk_init		! if (	$out&7 ||
+	movleu		$::size_t_cc, 0, $blk_init	!	$len<256 ||
+	brnz,pn		$blk_init, .L${bits}_xts_${dir}blk !	$inp==$out)
+	srl		$omask, $ooff, $omask
+
+	andcc		$len, 16, %g0		! is number of blocks even?
+___
+$code.=<<___ if ($dir eq "de");
+	brz,pn		$len, .L${bits}_xts_${dir}steal
+___
+$code.=<<___;
+	alignaddrl	$out, %g0, $out
+	bz		%icc, .L${bits}_xts_${dir}loop2x
+	srlx		$len, 4, $len
+.L${bits}_xts_${dir}loop:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+4:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 16+63], 20
+	call		_${alg}${bits}_${dir}crypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 1, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x
+	add		$out, 16, $out
+
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f4		! handle unaligned output
+	faligndata	%f0, %f2, %f6
+	faligndata	%f2, %f2, %f8
+	stda		%f4, [$out + $omask]0xc0	! partial store
+	std		%f6, [$out + 8]
+	add		$out, 16, $out
+	orn		%g0, $omask, $omask
+	stda		%f8, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x+4
+	orn		%g0, $omask, $omask
+
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_xts_${dir}loop2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 4f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+4:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	xor		%g4, %o2, %o2		! ^= rk[0]
+	xor		%g5, %o3, %o3
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+	movxtod		%o2, %f4
+	movxtod		%o3, %f6
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4		! ^= tweak[0]
+	fxor		%f10, %f6, %f6
+
+	prefetch	[$out + 63], 22
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_${dir}crypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	brnz,pn		$ooff, 2f
+	sub		$len, 2, $len
+		
+	std		%f0, [$out + 0]
+	std		%f2, [$out + 8]
+	std		%f4, [$out + 16]
+	std		%f6, [$out + 24]
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x
+	add		$out, 32, $out
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+.align	16
+2:	ldxa		[$inp]0x82, %o0		! avoid read-after-write hazard
+						! and ~3x deterioration
+						! in inp==out case
+	faligndata	%f0, %f0, %f8		! handle unaligned output
+	faligndata	%f0, %f2, %f10
+	faligndata	%f2, %f4, %f12
+	faligndata	%f4, %f6, %f14
+	faligndata	%f6, %f6, %f0
+
+	stda		%f8, [$out + $omask]0xc0	! partial store
+	std		%f10, [$out + 8]
+	std		%f12, [$out + 16]
+	std		%f14, [$out + 24]
+	add		$out, 32, $out
+	orn		%g0, $omask, $omask
+	stda		%f0, [$out + $omask]0xc0	! partial store
+
+	brnz,pt		$len, .L${bits}_xts_${dir}loop2x+4
+	orn		%g0, $omask, $omask
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.align	32
+.L${bits}_xts_${dir}blk:
+	add	$out, $len, $blk_init
+	and	$blk_init, 63, $blk_init	! tail
+	sub	$len, $blk_init, $len
+	add	$blk_init, 15, $blk_init	! round up to 16n
+	srlx	$len, 4, $len
+	srl	$blk_init, 4, $blk_init
+	sub	$len, 1, $len
+	add	$blk_init, 1, $blk_init
+
+.L${bits}_xts_${dir}blk2x:
+	ldx		[$inp + 0], %o0
+	ldx		[$inp + 8], %o1
+	ldx		[$inp + 16], %o2
+	brz,pt		$ileft, 5f
+	ldx		[$inp + 24], %o3
+
+	ldx		[$inp + 32], %o4
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	or		%g1, %o0, %o0
+	sllx		%o1, $ileft, %o1
+	srlx		%o2, $iright, %g1
+	or		%g1, %o1, %o1
+	sllx		%o2, $ileft, %o2
+	srlx		%o3, $iright, %g1
+	or		%g1, %o2, %o2
+	sllx		%o3, $ileft, %o3
+	srlx		%o4, $iright, %o4
+	or		%o4, %o3, %o3
+5:
+	movxtod		%g2, %f12
+	movxtod		%g3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	xor		%g4, %o2, %o2		! ^= rk[0]
+	xor		%g5, %o3, %o3
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+	movxtod		%o2, %f4
+	movxtod		%o3, %f6
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4		! ^= tweak[0]
+	fxor		%f10, %f6, %f6
+
+	prefetch	[$inp + 32+63], 20
+	call		_${alg}${bits}_${dir}crypt_2x
+	add		$inp, 32, $inp
+
+	movxtod		%g2, %f8
+	movxtod		%g3, %f10
+
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %g2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %g3
+	xor		%l7, %g2, %g2
+
+	bshuffle	%f8,  %f8,  %f8
+	bshuffle	%f10, %f10, %f10
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+	fxor		%f8,  %f4, %f4
+	fxor		%f10, %f6, %f6
+
+	subcc		$len, 2, $len
+	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f4, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	add		$out, 8, $out
+	stda		%f6, [$out]0xe2		! ASI_BLK_INIT, T4-specific
+	bgu,pt		$::size_t_cc, .L${bits}_xts_${dir}blk2x
+	add		$out, 8, $out
+
+	add		$blk_init, $len, $len
+	andcc		$len, 1, %g0		! is number of blocks even?
+	membar		#StoreLoad|#StoreStore
+	bnz,pt		%icc, .L${bits}_xts_${dir}loop
+	srl		$len, 0, $len
+	brnz,pn		$len, .L${bits}_xts_${dir}loop2x
+	nop
+
+	fsrc2		%f4, %f0
+	fsrc2		%f6, %f2
+	brnz,pn		$rem, .L${bits}_xts_${dir}steal
+	nop
+
+	ret
+	restore
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+___
+$code.=<<___ if ($dir eq "en");
+.align	32
+.L${bits}_xts_${dir}steal:
+	std		%f0, [%fp + $::bias-16]	! copy of output
+	std		%f2, [%fp + $::bias-8]
+
+	srl		$ileft, 3, $ileft
+	add		%fp, $::bias-16, %l7
+	add		$inp, $ileft, $inp	! original $inp+$len&-15
+	add		$out, $ooff, $out	! original $out+$len&-15
+	mov		0, $ileft
+	nop					! align
+
+.L${bits}_xts_${dir}stealing:
+	ldub		[$inp + $ileft], %o0
+	ldub		[%l7  + $ileft], %o1
+	dec		$rem
+	stb		%o0, [%l7  + $ileft]
+	stb		%o1, [$out + $ileft]
+	brnz		$rem, .L${bits}_xts_${dir}stealing
+	inc		$ileft
+
+	mov		%l7, $inp
+	sub		$out, 16, $out
+	mov		0, $ileft
+	sub		$out, $ooff, $out
+	ba		.L${bits}_xts_${dir}loop	! one more time
+	mov		1, $len				! $rem is 0
+___
+$code.=<<___ if ($dir eq "de");
+.align	32
+.L${bits}_xts_${dir}steal:
+	ldx		[$inp + 0], %o0
+	brz,pt		$ileft, 8f
+	ldx		[$inp + 8], %o1
+
+	ldx		[$inp + 16], %o2
+	sllx		%o0, $ileft, %o0
+	srlx		%o1, $iright, %g1
+	sllx		%o1, $ileft, %o1
+	or		%g1, %o0, %o0
+	srlx		%o2, $iright, %o2
+	or		%o2, %o1, %o1
+8:
+	srax		%g3, 63, %l7		! next tweak value
+	addcc		%g2, %g2, %o2
+	and		%l7, 0x87, %l7
+	addxc		%g3, %g3, %o3
+	xor		%l7, %o2, %o2
+
+	movxtod		%o2, %f12
+	movxtod		%o3, %f14
+	bshuffle	%f12, %f12, %f12
+	bshuffle	%f14, %f14, %f14
+
+	xor		%g4, %o0, %o0		! ^= rk[0]
+	xor		%g5, %o1, %o1
+	movxtod		%o0, %f0
+	movxtod		%o1, %f2
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	call		_${alg}${bits}_${dir}crypt_1x
+	add		$inp, 16, $inp
+
+	fxor		%f12, %f0, %f0		! ^= tweak[0]
+	fxor		%f14, %f2, %f2
+
+	std		%f0, [%fp + $::bias-16]
+	std		%f2, [%fp + $::bias-8]
+
+	srl		$ileft, 3, $ileft
+	add		%fp, $::bias-16, %l7
+	add		$inp, $ileft, $inp	! original $inp+$len&-15
+	add		$out, $ooff, $out	! original $out+$len&-15
+	mov		0, $ileft
+	add		$out, 16, $out
+	nop					! align
+
+.L${bits}_xts_${dir}stealing:
+	ldub		[$inp + $ileft], %o0
+	ldub		[%l7  + $ileft], %o1
+	dec		$rem
+	stb		%o0, [%l7  + $ileft]
+	stb		%o1, [$out + $ileft]
+	brnz		$rem, .L${bits}_xts_${dir}stealing
+	inc		$ileft
+
+	mov		%l7, $inp
+	sub		$out, 16, $out
+	mov		0, $ileft
+	sub		$out, $ooff, $out
+	ba		.L${bits}_xts_${dir}loop	! one more time
+	mov		1, $len				! $rem is 0
+___
+$code.=<<___;
+	ret
+	restore
+.type	${alg}${bits}_t4_xts_${dir}crypt,#function
+.size	${alg}${bits}_t4_xts_${dir}crypt,.-${alg}${bits}_t4_xts_${dir}crypt
+___
+}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"faligndata"	=> 0x048,
+		"bshuffle"	=> 0x04c,
+		"fnot2"		=> 0x066,
+		"fxor"		=> 0x06c,
+		"fsrc2"		=> 0x078	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016,
+		"alignaddr"	=> 0x018,
+		"bmask"		=> 0x019,
+		"alignaddrl"	=> 0x01a	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unaes_round {	# 4-argument instructions
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"aes_eround01"	=> 0,
+		"aes_eround23"	=> 1,
+		"aes_dround01"	=> 2,
+		"aes_dround23"	=> 3,
+		"aes_eround01_l"=> 4,
+		"aes_eround23_l"=> 5,
+		"aes_dround01_l"=> 6,
+		"aes_dround23_l"=> 7,
+		"aes_kexpand1"	=> 8	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	$rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unaes_kexpand {	# 3-argument instructions
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %aesopf = (	"aes_kexpand0"	=> 0x130,
+		"aes_kexpand2"	=> 0x131	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$aesopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub uncamellia_f {	# 4-argument instructions
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if (1) {
+	$rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|0xc<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub uncamellia3 {	# 3-argument instructions
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %cmllopf = (	"camellia_fl"	=> 0x13c,
+		"camellia_fli"	=> 0x13d	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if (defined($opf=$cmllopf{$mnemonic})) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unmovxtox {		# 2-argument instructions
+my ($mnemonic,$rs,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24, "f" => 0 );
+my ($ref,$opf);
+my %movxopf = (	"movdtox"	=> 0x110,
+		"movstouw"	=> 0x111,
+		"movstosw"	=> 0x113,
+		"movxtod"	=> 0x118,
+		"movwtos"	=> 0x119	);
+
+    $ref = "$mnemonic\t$rs,$rd";
+
+    if (defined($opf=$movxopf{$mnemonic})) {
+	foreach ($rs,$rd) {
+	    return $ref if (!/%([fgoli])([0-9]{1,2})/);
+	    $_=$bias{$1}+$2;
+	    if ($2>=32) {
+		return $ref if ($2&1);
+		# re-encode for upper double register addressing
+		$_=($2|$2>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			2<<30|$rd<<25|0x36<<19|$opf<<5|$rs,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub undes {
+my ($mnemonic)=shift;
+my @args=@_;
+my ($ref,$opf);
+my %desopf = (	"des_round"	=> 0b1001,
+		"des_ip"	=> 0b100110100,
+		"des_iip"	=> 0b100110101,
+		"des_kexpand"	=> 0b100110110	);
+
+    $ref = "$mnemonic\t".join(",",@_);
+
+    if (defined($opf=$desopf{$mnemonic})) {	# 4-arg
+	if ($mnemonic eq "des_round") {
+	    foreach (@args[0..3]) {
+		return $ref if (!/%f([0-9]{1,2})/);
+		$_=$1;
+		if ($1>=32) {
+		    return $ref if ($1&1);
+		    # re-encode for upper double register addressing
+		    $_=($1|$1>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b011001<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<9|$args[3]<<25,
+			    $ref;
+	} elsif ($mnemonic eq "des_kexpand") {	# 3-arg
+	    foreach (@args[0..2]) {
+		return $ref if (!/(%f)?([0-9]{1,2})/);
+		$_=$2;
+		if ($2>=32) {
+		    return $ref if ($2&1);
+		    # re-encode for upper double register addressing
+		    $_=($2|$2>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<25,
+			    $ref;
+	} else {				# 2-arg
+	    foreach (@args[0..1]) {
+		return $ref if (!/%f([0-9]{1,2})/);
+		$_=$1;
+		if ($1>=32) {
+		    return $ref if ($2&1);
+		    # re-encode for upper double register addressing
+		    $_=($1|$1>>5)&31;
+		}
+	    }
+	    return  sprintf ".word\t0x%08x !%s",
+			    2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]<<25,
+			    $ref;
+	}
+    } else {
+	return $ref;
+    }
+}
+
+sub emit_assembler {
+    foreach (split("\n",$::code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[a-z]+2[sd]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})\s*$/$1\t%f0,$2,$3/go;
+
+	s/\b(aes_[edk][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&unaes_round($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(aes_kexpand[02])\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unaes_kexpand($1,$2,$3,$4)
+	 /geo or
+	s/\b(camellia_f)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
+		&uncamellia_f($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(camellia_[^s]+)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&uncamellia3($1,$2,$3,$4)
+	 /geo or
+	s/\b(des_\w+)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+)(?:,\s*(%f[0-9]{1,2})(?:,\s*(%f[0-9]{1,2}))?)?/
+		&undes($1,$2,$3,$4,$5)
+	 /geo or
+	s/\b(mov[ds]to\w+)\s+(%f[0-9]{1,2}),\s*(%[goli][0-7])/
+		&unmovxtox($1,$2,$3)
+	 /geo or
+	s/\b(mov[xw]to[ds])\s+(%[goli][0-7]),\s*(%f[0-9]{1,2})/
+		&unmovxtox($1,$2,$3)
+	 /geo or
+	s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /geo or
+	s/\b(umulxhi|bmask|addxc[c]{0,2}|alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /geo;
+
+	print $_,"\n";
+    }
+}
+
+1;
diff --git a/openssl-1.1.0h/crypto/perlasm/x86_64-xlate.pl b/openssl-1.1.0h/crypto/perlasm/x86_64-xlate.pl
new file mode 100755
index 0000000..6eaefcf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/x86_64-xlate.pl
@@ -0,0 +1,1186 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
+#
+# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
+# format is way easier to parse. Because it's simpler to "gear" from
+# Unix ABI to Windows one [see cross-reference "card" at the end of
+# file]. Because Linux targets were available first...
+#
+# In addition the script also "distills" code suitable for GNU
+# assembler, so that it can be compiled with more rigid assemblers,
+# such as Solaris /usr/ccs/bin/as.
+#
+# This translator is not designed to convert *arbitrary* assembler
+# code from AT&T format to MASM one. It's designed to convert just
+# enough to provide for dual-ABI OpenSSL modules development...
+# There *are* limitations and you might have to modify your assembler
+# code or this script to achieve the desired result...
+#
+# Currently recognized limitations:
+#
+# - can't use multiple ops per line;
+#
+# Dual-ABI styling rules.
+#
+# 1. Adhere to Unix register and stack layout [see cross-reference
+#    ABI "card" at the end for explanation].
+# 2. Forget about "red zone," stick to more traditional blended
+#    stack frame allocation. If volatile storage is actually required
+#    that is. If not, just leave the stack as is.
+# 3. Functions tagged with ".type name,@function" get crafted with
+#    unified Win64 prologue and epilogue automatically. If you want
+#    to take care of ABI differences yourself, tag functions as
+#    ".type name,@abi-omnipotent" instead.
+# 4. To optimize the Win64 prologue you can specify number of input
+#    arguments as ".type name,@function,N." Keep in mind that if N is
+#    larger than 6, then you *have to* write "abi-omnipotent" code,
+#    because >6 cases can't be addressed with unified prologue.
+# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
+#    (sorry about latter).
+# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
+#    required to identify the spots, where to inject Win64 epilogue!
+#    But on the pros, it's then prefixed with rep automatically:-)
+# 7. Stick to explicit ip-relative addressing. If you have to use
+#    GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??.
+#    Both are recognized and translated to proper Win64 addressing
+#    modes. To support legacy code a synthetic directive, .picmeup,
+#    is implemented. It puts address of the *next* instruction into
+#    target register, e.g.:
+#
+#		.picmeup	%rax
+#		lea		.Label-.(%rax),%rax
+#
+# 8. In order to provide for structured exception handling unified
+#    Win64 prologue copies %rsp value to %rax. For further details
+#    see SEH paragraph at the end.
+# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
+#    is declared as non 64-bit value, do clear its upper part.
+
+
+use strict;
+
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+open STDOUT,">$output" || die "can't open $output: $!"
+	if (defined($output));
+
+my $gas=1;	$gas=0 if ($output =~ /\.asm$/);
+my $elf=1;	$elf=0 if (!$gas);
+my $win64=0;
+my $prefix="";
+my $decor=".L";
+
+my $masmref=8 + 50727*2**-32;	# 8.00.50727 shipped with VS2005
+my $masm=0;
+my $PTR=" PTR";
+
+my $nasmref=2.03;
+my $nasm=0;
+
+if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1;
+				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
+				  $prefix =~ s|\R$||; # Better chomp
+				}
+elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
+elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
+elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
+elsif (!$gas)
+{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
+    {	$nasm = $1 + $2*0.01; $PTR="";  }
+    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+    {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
+    die "no assembler found on %PATH" if (!($nasm || $masm));
+    $win64=1;
+    $elf=0;
+    $decor="\$L\$";
+}
+
+my $current_segment;
+my $current_function;
+my %globals;
+
+{ package opcode;	# pick up opcodes
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /^([a-z][a-z0-9]*)/i) {
+	    bless $self,$class;
+	    $self->{op} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    undef $self->{sz};
+	    if ($self->{op} =~ /^(movz)x?([bw]).*/) {	# movz is pain...
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    } elsif ($self->{op} =~ /call|jmp/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^v/) { # VEX
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    }
+	}
+	$ret;
+    }
+    sub size {
+	my ($self, $sz) = @_;
+	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
+	$self->{sz};
+    }
+    sub out {
+	my $self = shift;
+	if ($gas) {
+	    if ($self->{op} eq "movz") {	# movz is pain...
+		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
+	    } elsif ($self->{op} =~ /^set/) { 
+		"$self->{op}";
+	    } elsif ($self->{op} eq "ret") {
+		my $epilogue = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $epilogue = "movq	8(%rsp),%rdi\n\t" .
+				"movq	16(%rsp),%rsi\n\t";
+		}
+	    	$epilogue . ".byte	0xf3,0xc3";
+	    } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
+		".p2align\t3\n\t.quad";
+	    } else {
+		"$self->{op}$self->{sz}";
+	    }
+	} else {
+	    $self->{op} =~ s/^movz/movzx/;
+	    if ($self->{op} eq "ret") {
+		$self->{op} = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $self->{op} = "mov	rdi,QWORD$PTR\[8+rsp\]\t;WIN64 epilogue\n\t".
+				  "mov	rsi,QWORD$PTR\[16+rsp\]\n\t";
+	    	}
+		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
+	    } elsif ($self->{op} =~ /^(pop|push)f/) {
+		$self->{op} .= $self->{sz};
+	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
+		$self->{op} = "\tDQ";
+	    } 
+	    $self->{op};
+	}
+    }
+    sub mnemonic {
+	my ($self, $op) = @_;
+	$self->{op}=$op if (defined($op));
+	$self->{op};
+    }
+}
+{ package const;	# pick up constants, which start with $
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /^\$([^,]+)/) {
+	    bless $self, $class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+
+	$self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
+	if ($gas) {
+	    # Solaris /usr/ccs/bin/as can't handle multiplications
+	    # in $self->{value}
+	    my $value = $self->{value};
+	    no warnings;    # oct might complain about overflow, ignore here...
+	    $value =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	    if ($value =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg) {
+		$self->{value} = $value;
+	    }
+	    sprintf "\$%s",$self->{value};
+	} else {
+	    my $value = $self->{value};
+	    $value =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
+	    sprintf "%s",$value;
+	}
+    }
+}
+{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	# optional * ----vvv--- appears in indirect jmp/call
+	if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
+	    bless $self, $class;
+	    $self->{asterisk} = $1;
+	    $self->{label} = $2;
+	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
+	    $self->{scale} = 1 if (!defined($self->{scale}));
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
+		die if ($opcode->mnemonic() ne "mov");
+		$opcode->mnemonic("lea");
+	    }
+	    $self->{base}  =~ s/^%//;
+	    $self->{index} =~ s/^%// if (defined($self->{index}));
+	    $self->{opcode} = $opcode;
+	}
+	$ret;
+    }
+    sub size {}
+    sub out {
+	my ($self, $sz) = @_;
+
+	$self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	$self->{label} =~ s/\.L/$decor/g;
+
+	# Silently convert all EAs to 64-bit. This is required for
+	# elder GNU assembler and results in more compact code,
+	# *but* most importantly AES module depends on this feature!
+	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+
+	# Solaris /usr/ccs/bin/as can't handle multiplications
+	# in $self->{label}...
+	use integer;
+	$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	$self->{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg;
+
+	# Some assemblers insist on signed presentation of 32-bit
+	# offsets, but sign extension is a tricky business in perl...
+	if ((1<<31)<<1) {
+	    $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;
+	} else {
+	    $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;
+	}
+
+	if (!$self->{label} && $self->{index} && $self->{scale}==1 &&
+	    $self->{base} =~ /(rbp|r13)/) {
+		$self->{base} = $self->{index}; $self->{index} = $1;
+	}
+
+	if ($gas) {
+	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
+
+	    if (defined($self->{index})) {
+		sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
+					$self->{label},
+					$self->{base}?"%$self->{base}":"",
+					$self->{index},$self->{scale};
+	    } else {
+		sprintf "%s%s(%%%s)",	$self->{asterisk},$self->{label},$self->{base};
+	    }
+	} else {
+	    my %szmap = (	b=>"BYTE$PTR",  w=>"WORD$PTR",
+			l=>"DWORD$PTR", d=>"DWORD$PTR",
+	    		q=>"QWORD$PTR", o=>"OWORD$PTR",
+			x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", z=>"ZMMWORD$PTR" );
+
+	    $self->{label} =~ s/\./\$/g;
+	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
+	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
+
+	    my $mnemonic = $self->{opcode}->mnemonic();
+	    ($self->{asterisk})				&& ($sz="q") ||
+	    ($mnemonic =~ /^v?mov([qd])$/)		&& ($sz=$1)  ||
+	    ($mnemonic =~ /^v?pinsr([qdwb])$/)		&& ($sz=$1)  ||
+	    ($mnemonic =~ /^vpbroadcast([qdwb])$/)	&& ($sz=$1)  ||
+	    ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/)	&& ($sz="x");
+
+	    if (defined($self->{index})) {
+		sprintf "%s[%s%s*%d%s]",$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{index},$self->{scale},
+					$self->{base}?"+$self->{base}":"";
+	    } elsif ($self->{base} eq "rip") {
+		sprintf "%s[%s]",$szmap{$sz},$self->{label};
+	    } else {
+		sprintf "%s[%s%s]",$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{base};
+	    }
+	}
+    }
+}
+{ package register;	# pick up registers, which start with %.
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	# optional * ----vvv--- appears in indirect jmp/call
+	if ($$line =~ /^(\*?)%(\w+)/) {
+	    bless $self,$class;
+	    $self->{asterisk} = $1;
+	    $self->{value} = $2;
+	    $opcode->size($self->size());
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub size {
+	my	$self = shift;
+	my	$ret;
+
+	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }
+	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }
+	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
+
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+	if ($gas)	{ sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
+	else		{ $self->{value}; }
+    }
+}
+{ package label;	# pick up labels, which end with :
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /(^[\.\w]+)\:/) {
+	    bless $self,$class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    $self->{value} =~ s/^\.L/$decor/;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+
+	if ($gas) {
+	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
+	    if ($win64	&&
+			$current_function->{name} eq $self->{value} &&
+			$current_function->{abi} eq "svr4") {
+		$func .= "\n";
+		$func .= "	movq	%rdi,8(%rsp)\n";
+		$func .= "	movq	%rsi,16(%rsp)\n";
+		$func .= "	movq	%rsp,%rax\n";
+		$func .= "${decor}SEH_begin_$current_function->{name}:\n";
+		my $narg = $current_function->{narg};
+		$narg=6 if (!defined($narg));
+		$func .= "	movq	%rcx,%rdi\n" if ($narg>0);
+		$func .= "	movq	%rdx,%rsi\n" if ($narg>1);
+		$func .= "	movq	%r8,%rdx\n"  if ($narg>2);
+		$func .= "	movq	%r9,%rcx\n"  if ($narg>3);
+		$func .= "	movq	40(%rsp),%r8\n" if ($narg>4);
+		$func .= "	movq	48(%rsp),%r9\n" if ($narg>5);
+	    }
+	    $func;
+	} elsif ($self->{value} ne "$current_function->{name}") {
+	    # Make all labels in masm global.
+	    $self->{value} .= ":" if ($masm);
+	    $self->{value} . ":";
+	} elsif ($win64 && $current_function->{abi} eq "svr4") {
+	    my $func =	"$current_function->{name}" .
+			($nasm ? ":" : "\tPROC $current_function->{scope}") .
+			"\n";
+	    $func .= "	mov	QWORD$PTR\[8+rsp\],rdi\t;WIN64 prologue\n";
+	    $func .= "	mov	QWORD$PTR\[16+rsp\],rsi\n";
+	    $func .= "	mov	rax,rsp\n";
+	    $func .= "${decor}SEH_begin_$current_function->{name}:";
+	    $func .= ":" if ($masm);
+	    $func .= "\n";
+	    my $narg = $current_function->{narg};
+	    $narg=6 if (!defined($narg));
+	    $func .= "	mov	rdi,rcx\n" if ($narg>0);
+	    $func .= "	mov	rsi,rdx\n" if ($narg>1);
+	    $func .= "	mov	rdx,r8\n"  if ($narg>2);
+	    $func .= "	mov	rcx,r9\n"  if ($narg>3);
+	    $func .= "	mov	r8,QWORD$PTR\[40+rsp\]\n" if ($narg>4);
+	    $func .= "	mov	r9,QWORD$PTR\[48+rsp\]\n" if ($narg>5);
+	    $func .= "\n";
+	} else {
+	   "$current_function->{name}".
+			($nasm ? ":" : "\tPROC $current_function->{scope}");
+	}
+    }
+}
+{ package expr;		# pick up expressions
+    sub re {
+	my	($class, $line, $opcode) = @_;
+	my	$self = {};
+	my	$ret;
+
+	if ($$line =~ /(^[^,]+)/) {
+	    bless $self,$class;
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    $self->{value} =~ s/\@PLT// if (!$elf);
+	    $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	    $self->{value} =~ s/\.L/$decor/g;
+	    $self->{opcode} = $opcode;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	if ($nasm && $self->{opcode}->mnemonic()=~m/^j(?![re]cxz)/) {
+	    "NEAR ".$self->{value};
+	} else {
+	    $self->{value};
+	}
+    }
+}
+{ package directive;	# pick up directives, which start with .
+    sub re {
+	my	($class, $line) = @_;
+	my	$self = {};
+	my	$ret;
+	my	$dir;
+	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:
+		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,
+			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,
+			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,
+			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,
+			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,
+			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,
+			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,
+			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);
+
+	if ($$line =~ /^\s*(\.\w+)/) {
+	    bless $self,$class;
+	    $dir = $1;
+	    $ret = $self;
+	    undef $self->{value};
+	    $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+
+	    SWITCH: for ($dir) {
+		/\.picmeup/ && do { if ($$line =~ /(%r[\w]+)/i) {
+			    		$dir="\t.long";
+					$$line=sprintf "0x%x,0x90000000",$opcode{$1};
+				    }
+				    last;
+				  };
+		/\.global|\.globl|\.extern/
+			    && do { $globals{$$line} = $prefix . $$line;
+				    $$line = $globals{$$line} if ($prefix);
+				    last;
+				  };
+		/\.type/    && do { my ($sym,$type,$narg) = split(',',$$line);
+				    if ($type eq "\@function") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{abi}  = "svr4";
+					$current_function->{narg} = $narg;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    } elsif ($type eq "\@abi-omnipotent") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    }
+				    $$line =~ s/\@abi\-omnipotent/\@function/;
+				    $$line =~ s/\@function.*/\@function/;
+				    last;
+				  };
+		/\.asciz/   && do { if ($$line =~ /^"(.*)"$/) {
+					$dir  = ".byte";
+					$$line = join(",",unpack("C*",$1),0);
+				    }
+				    last;
+				  };
+		/\.rva|\.long|\.quad/
+			    && do { $$line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+				    $$line =~ s/\.L/$decor/g;
+				    last;
+				  };
+	    }
+
+	    if ($gas) {
+		$self->{value} = $dir . "\t" . $$line;
+
+		if ($dir =~ /\.extern/) {
+		    $self->{value} = ""; # swallow extern
+		} elsif (!$elf && $dir =~ /\.type/) {
+		    $self->{value} = "";
+		    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
+				(defined($globals{$1})?".scl 2;":".scl 3;") .
+				"\t.type 32;\t.endef"
+				if ($win64 && $$line =~ /([^,]+),\@function/);
+		} elsif (!$elf && $dir =~ /\.size/) {
+		    $self->{value} = "";
+		    if (defined($current_function)) {
+			$self->{value} .= "${decor}SEH_end_$current_function->{name}:"
+				if ($win64 && $current_function->{abi} eq "svr4");
+			undef $current_function;
+		    }
+		} elsif (!$elf && $dir =~ /\.align/) {
+		    $self->{value} = ".p2align\t" . (log($$line)/log(2));
+		} elsif ($dir eq ".section") {
+		    $current_segment=$$line;
+		    if (!$elf && $current_segment eq ".init") {
+			if	($flavour eq "macosx")	{ $self->{value} = ".mod_init_func"; }
+			elsif	($flavour eq "mingw64")	{ $self->{value} = ".section\t.ctors"; }
+		    }
+		} elsif ($dir =~ /\.(text|data)/) {
+		    $current_segment=".$1";
+		} elsif ($dir =~ /\.hidden/) {
+		    if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$$line"; }
+		    elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+		} elsif ($dir =~ /\.comm/) {
+		    $self->{value} = "$dir\t$prefix$$line";
+		    $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
+		}
+		$$line = "";
+		return $self;
+	    }
+
+	    # non-gas case or nasm/masm
+	    SWITCH: for ($dir) {
+		/\.text/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.text code align=64\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = ".text\$";
+					$v.="$current_segment\tSEGMENT ";
+					$v.=$masm>=$masmref ? "ALIGN(256)" : "PAGE";
+					$v.=" 'CODE'";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.data/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.data data align=8\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.section/ && do { my $v=undef;
+				    $$line =~ s/([^,]*).*/$1/;
+				    $$line = ".CRT\$XCU" if ($$line eq ".init");
+				    if ($nasm) {
+					$v="section	$$line";
+					if ($$line=~/\.([px])data/) {
+					    $v.=" rdata align=";
+					    $v.=$1 eq "p"? 4 : 8;
+					} elsif ($$line=~/\.CRT\$/i) {
+					    $v.=" rdata align=8";
+					}
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$v.="$$line\tSEGMENT";
+					if ($$line=~/\.([px])data/) {
+					    $v.=" READONLY";
+					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+					} elsif ($$line=~/\.CRT\$/i) {
+					    $v.=" READONLY ";
+					    $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
+					}
+				    }
+				    $current_segment = $$line;
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.extern/  && do { $self->{value}  = "EXTERN\t".$$line;
+				    $self->{value} .= ":NEAR" if ($masm);
+				    last;
+				  };
+		/\.globl|.global/
+			    && do { $self->{value}  = $masm?"PUBLIC":"global";
+				    $self->{value} .= "\t".$$line;
+				    last;
+				  };
+		/\.size/    && do { if (defined($current_function)) {
+					undef $self->{value};
+					if ($current_function->{abi} eq "svr4") {
+					    $self->{value}="${decor}SEH_end_$current_function->{name}:";
+					    $self->{value}.=":\n" if($masm);
+					}
+					$self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
+					undef $current_function;
+				    }
+				    last;
+				  };
+		/\.align/   && do { my $max = ($masm && $masm>=$masmref) ? 256 : 4096;
+				    $self->{value} = "ALIGN\t".($$line>$max?$max:$$line);
+				    last;
+				  };
+		/\.(value|long|rva|quad)/
+			    && do { my $sz  = substr($1,0,1);
+				    my @arr = split(/,\s*/,$$line);
+				    my $last = pop(@arr);
+				    my $conv = sub  {	my $var=shift;
+							$var=~s/^(0b[0-1]+)/oct($1)/eig;
+							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
+							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
+							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+							$var;
+						    };  
+
+				    $sz =~ tr/bvlrq/BWDDQ/;
+				    $self->{value} = "\tD$sz\t";
+				    for (@arr) { $self->{value} .= &$conv($_).","; }
+				    $self->{value} .= &$conv($last);
+				    last;
+				  };
+		/\.byte/    && do { my @str=split(/,\s*/,$$line);
+				    map(s/(0b[0-1]+)/oct($1)/eig,@str);
+				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);	
+				    while ($#str>15) {
+					$self->{value}.="DB\t"
+						.join(",",@str[0..15])."\n";
+					foreach (0..15) { shift @str; }
+				    }
+				    $self->{value}.="DB\t"
+						.join(",",@str) if (@str);
+				    last;
+				  };
+		/\.comm/    && do { my @str=split(/,\s*/,$$line);
+				    my $v=undef;
+				    if ($nasm) {
+					$v.="common	$prefix@str[0] @str[1]";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT\n";
+					$v.="COMM	@str[0]:DWORD:".@str[1]/4;
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+	    }
+	    $$line = "";
+	}
+
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	$self->{value};
+    }
+}
+
+sub rex {
+ my $opcode=shift;
+ my ($dst,$src,$rex)=@_;
+
+   $rex|=0x04 if($dst>=8);
+   $rex|=0x01 if($src>=8);
+   push @$opcode,($rex|0x40) if ($rex);
+}
+
+# Upon initial x86_64 introduction SSE>2 extensions were not introduced
+# yet. In order not to be bothered by tracing exact assembler versions,
+# but at the same time to provide a bare security minimum of AES-NI, we
+# hard-code some instructions. Extensions past AES-NI on the other hand
+# are traced by examining assembler version in individual perlasm
+# modules...
+
+my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
+		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
+
+my $movq = sub {	# elderly gas can't handle inter-register movq
+  my $arg = shift;
+  my @opcode=(0x66);
+    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
+	my ($src,$dst)=($1,$2);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x7e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
+	my ($src,$dst)=($2,$1);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x6e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pextrd = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
+      my @opcode=(0x66);
+	my $imm=$1;
+	my $src=$2;
+	my $dst=$3;
+	if ($dst =~ /%r([0-9]+)d/)	{ $dst = $1; }
+	elsif ($dst =~ /%e/)		{ $dst = $regrm{$dst}; }
+	rex(\@opcode,$src,$dst);
+	push @opcode,0x0f,0x3a,0x16;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pinsrd = sub {
+    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	my $imm=$1;
+	my $src=$2;
+	my $dst=$3;
+	if ($src =~ /%r([0-9]+)/)	{ $src = $1; }
+	elsif ($src =~ /%e/)		{ $src = $regrm{$src}; }
+	rex(\@opcode,$dst,$src);
+	push @opcode,0x0f,0x3a,0x22;
+	push @opcode,0xc0|(($dst&7)<<3)|($src&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pshufb = sub {
+    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$2,$1);
+	push @opcode,0x0f,0x38,0x00;
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $palignr = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x0f;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	push @opcode,$1;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pclmulqdq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x44;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $rdrand = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,0,$dst,8);
+	push @opcode,0x0f,0xc7,0xf0|($dst&7);
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $rdseed = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,0,$dst,8);
+	push @opcode,0x0f,0xc7,0xf8|($dst&7);
+	@opcode;
+    } else {
+	();
+    }
+};
+
+sub rxb {
+ my $opcode=shift;
+ my ($dst,$src1,$src2,$rxb)=@_;
+
+   $rxb|=0x7<<5;
+   $rxb&=~(0x04<<5) if($dst>=8);
+   $rxb&=~(0x01<<5) if($src1>=8);
+   $rxb&=~(0x02<<5) if($src2>=8);
+   push @$opcode,$rxb;
+}
+
+my $vprotd = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x8f);
+	rxb(\@opcode,$3,$2,-1,0x08);
+	push @opcode,0x78,0xc2;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $vprotq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x8f);
+	rxb(\@opcode,$3,$2,-1,0x08);
+	push @opcode,0x78,0xc3;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $endbranch = sub {
+    (0xf3,0x0f,0x1e,0xfa);
+};
+
+if ($nasm) {
+    print <<___;
+default	rel
+%define XMMWORD
+%define YMMWORD
+%define ZMMWORD
+___
+} elsif ($masm) {
+    print <<___;
+OPTION	DOTNAME
+___
+}
+while(defined(my $line=<>)) {
+
+    $line =~ s|\R$||;           # Better chomp
+
+    $line =~ s|[#!].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning
+    $line =~ s|\s+$||;		# ... and at the end
+
+    if (my $label=label->re(\$line))	{ print $label->out(); }
+
+    if (my $directive=directive->re(\$line)) {
+	printf "%s",$directive->out();
+    } elsif (my $opcode=opcode->re(\$line)) {
+	my $asm = eval("\$".$opcode->mnemonic());
+	
+	if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
+	    print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
+	    next;
+	}
+
+	my @args;
+	ARGUMENT: while (1) {
+	    my $arg;
+
+	    ($arg=register->re(\$line, $opcode))||
+	    ($arg=const->re(\$line))		||
+	    ($arg=ea->re(\$line, $opcode))	||
+	    ($arg=expr->re(\$line, $opcode))	||
+	    last ARGUMENT;
+
+	    push @args,$arg;
+
+	    last ARGUMENT if ($line !~ /^,/);
+
+	    $line =~ s/^,\s*//;
+	} # ARGUMENT:
+
+	if ($#args>=0) {
+	    my $insn;
+	    my $sz=$opcode->size();
+
+	    if ($gas) {
+		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
+		@args = map($_->out($sz),@args);
+		printf "\t%s\t%s",$insn,join(",",@args);
+	    } else {
+		$insn = $opcode->out();
+		foreach (@args) {
+		    my $arg = $_->out();
+		    # $insn.=$sz compensates for movq, pinsrw, ...
+		    if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
+		    if ($arg =~ /^ymm[0-9]+$/) { $insn.=$sz; $sz="y" if(!$sz); last; }
+		    if ($arg =~ /^zmm[0-9]+$/) { $insn.=$sz; $sz="z" if(!$sz); last; }
+		    if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
+		}
+		@args = reverse(@args);
+		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
+		printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
+	    }
+	} else {
+	    printf "\t%s",$opcode->out();
+	}
+    }
+
+    print $line,"\n";
+}
+
+print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
+print "END\n"				if ($masm);
+
+close STDOUT;
+
+#################################################
+# Cross-reference x86_64 ABI "card"
+#
+# 		Unix		Win64
+# %rax		*		*
+# %rbx		-		-
+# %rcx		#4		#1
+# %rdx		#3		#2
+# %rsi		#2		-
+# %rdi		#1		-
+# %rbp		-		-
+# %rsp		-		-
+# %r8		#5		#3
+# %r9		#6		#4
+# %r10		*		*
+# %r11		*		*
+# %r12		-		-
+# %r13		-		-
+# %r14		-		-
+# %r15		-		-
+# 
+# (*)	volatile register
+# (-)	preserved by callee
+# (#)	Nth argument, volatile
+#
+# In Unix terms top of stack is argument transfer area for arguments
+# which could not be accommodated in registers. Or in other words 7th
+# [integer] argument resides at 8(%rsp) upon function entry point.
+# 128 bytes above %rsp constitute a "red zone" which is not touched
+# by signal handlers and can be used as temporal storage without
+# allocating a frame.
+#
+# In Win64 terms N*8 bytes on top of stack is argument transfer area,
+# which belongs to/can be overwritten by callee. N is the number of
+# arguments passed to callee, *but* not less than 4! This means that
+# upon function entry point 5th argument resides at 40(%rsp), as well
+# as that 32 bytes from 8(%rsp) can always be used as temporal
+# storage [without allocating a frame]. One can actually argue that
+# one can assume a "red zone" above stack pointer under Win64 as well.
+# Point is that at apparently no occasion Windows kernel would alter
+# the area above user stack pointer in true asynchronous manner...
+#
+# All the above means that if assembler programmer adheres to Unix
+# register and stack layout, but disregards the "red zone" existence,
+# it's possible to use following prologue and epilogue to "gear" from
+# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
+#
+# omnipotent_function:
+# ifdef WIN64
+#	movq	%rdi,8(%rsp)
+#	movq	%rsi,16(%rsp)
+#	movq	%rcx,%rdi	; if 1st argument is actually present
+#	movq	%rdx,%rsi	; if 2nd argument is actually ...
+#	movq	%r8,%rdx	; if 3rd argument is ...
+#	movq	%r9,%rcx	; if 4th argument ...
+#	movq	40(%rsp),%r8	; if 5th ...
+#	movq	48(%rsp),%r9	; if 6th ...
+# endif
+#	...
+# ifdef WIN64
+#	movq	8(%rsp),%rdi
+#	movq	16(%rsp),%rsi
+# endif
+#	ret
+#
+#################################################
+# Win64 SEH, Structured Exception Handling.
+#
+# Unlike on Unix systems(*) lack of Win64 stack unwinding information
+# has undesired side-effect at run-time: if an exception is raised in
+# assembler subroutine such as those in question (basically we're
+# referring to segmentation violations caused by malformed input
+# parameters), the application is briskly terminated without invoking
+# any exception handlers, most notably without generating memory dump
+# or any user notification whatsoever. This poses a problem. It's
+# possible to address it by registering custom language-specific
+# handler that would restore processor context to the state at
+# subroutine entry point and return "exception is not handled, keep
+# unwinding" code. Writing such handler can be a challenge... But it's
+# doable, though requires certain coding convention. Consider following
+# snippet:
+#
+# .type	function,@function
+# function:
+#	movq	%rsp,%rax	# copy rsp to volatile register
+#	pushq	%r15		# save non-volatile registers
+#	pushq	%rbx
+#	pushq	%rbp
+#	movq	%rsp,%r11
+#	subq	%rdi,%r11	# prepare [variable] stack frame
+#	andq	$-64,%r11
+#	movq	%rax,0(%r11)	# check for exceptions
+#	movq	%r11,%rsp	# allocate [variable] stack frame
+#	movq	%rax,0(%rsp)	# save original rsp value
+# magic_point:
+#	...
+#	movq	0(%rsp),%rcx	# pull original rsp value
+#	movq	-24(%rcx),%rbp	# restore non-volatile registers
+#	movq	-16(%rcx),%rbx
+#	movq	-8(%rcx),%r15
+#	movq	%rcx,%rsp	# restore original rsp
+#	ret
+# .size function,.-function
+#
+# The key is that up to magic_point copy of original rsp value remains
+# in chosen volatile register and no non-volatile register, except for
+# rsp, is modified. While past magic_point rsp remains constant till
+# the very end of the function. In this case custom language-specific
+# exception handler would look like this:
+#
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+# {	ULONG64 *rsp = (ULONG64 *)context->Rax;
+#	if (context->Rip >= magic_point)
+#	{   rsp = ((ULONG64 **)context->Rsp)[0];
+#	    context->Rbp = rsp[-3];
+#	    context->Rbx = rsp[-2];
+#	    context->R15 = rsp[-1];
+#	}
+#	context->Rsp = (ULONG64)rsp;
+#	context->Rdi = rsp[1];
+#	context->Rsi = rsp[2];
+#
+#	memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
+#	RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
+#		dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
+#		&disp->HandlerData,&disp->EstablisherFrame,NULL);
+#	return ExceptionContinueSearch;
+# }
+#
+# It's appropriate to implement this handler in assembler, directly in
+# function's module. In order to do that one has to know members'
+# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
+# values. Here they are:
+#
+#	CONTEXT.Rax				120
+#	CONTEXT.Rcx				128
+#	CONTEXT.Rdx				136
+#	CONTEXT.Rbx				144
+#	CONTEXT.Rsp				152
+#	CONTEXT.Rbp				160
+#	CONTEXT.Rsi				168
+#	CONTEXT.Rdi				176
+#	CONTEXT.R8				184
+#	CONTEXT.R9				192
+#	CONTEXT.R10				200
+#	CONTEXT.R11				208
+#	CONTEXT.R12				216
+#	CONTEXT.R13				224
+#	CONTEXT.R14				232
+#	CONTEXT.R15				240
+#	CONTEXT.Rip				248
+#	CONTEXT.Xmm6				512
+#	sizeof(CONTEXT)				1232
+#	DISPATCHER_CONTEXT.ControlPc		0
+#	DISPATCHER_CONTEXT.ImageBase		8
+#	DISPATCHER_CONTEXT.FunctionEntry	16
+#	DISPATCHER_CONTEXT.EstablisherFrame	24
+#	DISPATCHER_CONTEXT.TargetIp		32
+#	DISPATCHER_CONTEXT.ContextRecord	40
+#	DISPATCHER_CONTEXT.LanguageHandler	48
+#	DISPATCHER_CONTEXT.HandlerData		56
+#	UNW_FLAG_NHANDLER			0
+#	ExceptionContinueSearch			1
+#
+# In order to tie the handler to the function one has to compose
+# couple of structures: one for .xdata segment and one for .pdata.
+#
+# UNWIND_INFO structure for .xdata segment would be
+#
+# function_unwind_info:
+#	.byte	9,0,0,0
+#	.rva	handler
+#
+# This structure designates exception handler for a function with
+# zero-length prologue, no stack frame or frame register.
+#
+# To facilitate composing of .pdata structures, auto-generated "gear"
+# prologue copies rsp value to rax and denotes next instruction with
+# .LSEH_begin_{function_name} label. This essentially defines the SEH
+# styling rule mentioned in the beginning. Position of this label is
+# chosen in such manner that possible exceptions raised in the "gear"
+# prologue would be accounted to caller and unwound from latter's frame.
+# End of function is marked with respective .LSEH_end_{function_name}
+# label. To summarize, .pdata segment would contain
+#
+#	.rva	.LSEH_begin_function
+#	.rva	.LSEH_end_function
+#	.rva	function_unwind_info
+#
+# Reference to function_unwind_info from .xdata segment is the anchor.
+# In case you wonder why references are 32-bit .rvas and not 64-bit
+# .quads. References put into these two segments are required to be
+# *relative* to the base address of the current binary module, a.k.a.
+# image base. No Win64 module, be it .exe or .dll, can be larger than
+# 2GB and thus such relative references can be and are accommodated in
+# 32 bits.
+#
+# Having reviewed the example function code, one can argue that "movq
+# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
+# rax would contain an undefined value. If this "offends" you, use
+# another register and refrain from modifying rax till magic_point is
+# reached, i.e. as if it was a non-volatile register. If more registers
+# are required prior [variable] frame setup is completed, note that
+# nobody says that you can have only one "magic point." You can
+# "liberate" non-volatile registers by denoting last stack off-load
+# instruction and reflecting it in finer grade unwind logic in handler.
+# After all, isn't it why it's called *language-specific* handler...
+#
+# Attentive reader can notice that exceptions would be mishandled in
+# auto-generated "gear" epilogue. Well, exception effectively can't
+# occur there, because if memory area used by it was subject to
+# segmentation violation, then it would be raised upon call to the
+# function (and as already mentioned be accounted to caller, which is
+# not a problem). If you're still not comfortable, then define tail
+# "magic point" just prior ret instruction and have handler treat it...
+#
+# (*)	Note that we're talking about run-time, not debug-time. Lack of
+#	unwind information makes debugging hard on both Windows and
+#	Unix. "Unlike" referes to the fact that on Unix signal handler
+#	will always be invoked, core dumped and appropriate exit code
+#	returned to parent (for user notification).
diff --git a/openssl-1.1.0h/crypto/perlasm/x86asm.pl b/openssl-1.1.0h/crypto/perlasm/x86asm.pl
new file mode 100644
index 0000000..1ff46c9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/x86asm.pl
@@ -0,0 +1,310 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# require 'x86asm.pl';
+# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
+# &function_begin("foo");
+# ...
+# &function_end("foo");
+# &asm_finish
+
+$out=();
+$i386=0;
+
+# AUTOLOAD is this context has quite unpleasant side effect, namely
+# that typos in function calls effectively go to assembler output,
+# but on the pros side we don't have to implement one subroutine per
+# each opcode...
+sub ::AUTOLOAD
+{ my $opcode = $AUTOLOAD;
+
+    die "more than 4 arguments passed to $opcode" if ($#_>3);
+
+    $opcode =~ s/.*:://;
+    if    ($opcode =~ /^push/) { $stack+=4; }
+    elsif ($opcode =~ /^pop/)  { $stack-=4; }
+
+    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
+}
+
+sub ::emit
+{ my $opcode=shift;
+
+    if ($#_==-1)    { push(@out,"\t$opcode\n");				}
+    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");	}
+}
+
+sub ::LB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
+  $1."l";
+}
+sub ::HB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
+  $1."h";
+}
+sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);	}
+sub ::stack_pop	{ my $num=$_[0]*4; $stack-=$num; &add("esp",$num);	}
+sub ::blindpop	{ &pop($_[0]); $stack+=4;				}
+sub ::wparam	{ &DWP($stack+4*$_[0],"esp");				}
+sub ::swtmp	{ &DWP(4*$_[0],"esp");					}
+
+sub ::bswap
+{   if ($i386)	# emulate bswap for i386
+    {	&comment("bswap @_");
+	&xchg(&HB(@_),&LB(@_));
+	&ror (@_,16);
+	&xchg(&HB(@_),&LB(@_));
+    }
+    else
+    {	&generic("bswap",@_);	}
+}
+# These are made-up opcodes introduced over the years essentially
+# by ignorance, just alias them to real ones...
+sub ::movb	{ &mov(@_);	}
+sub ::xorb	{ &xor(@_);	}
+sub ::rotl	{ &rol(@_);	}
+sub ::rotr	{ &ror(@_);	}
+sub ::exch	{ &xchg(@_);	}
+sub ::halt	{ &hlt;		}
+sub ::movz	{ &movzx(@_);	}
+sub ::pushf	{ &pushfd;	}
+sub ::popf	{ &popfd;	}
+
+# 3 argument instructions
+sub ::movq
+{ my($p1,$p2,$optimize)=@_;
+
+    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+    # movq between mmx registers can sink Intel CPUs
+    {	&::pshufw($p1,$p2,0xe4);		}
+    else
+    {	&::generic("movq",@_);			}
+}
+
+# SSE>2 instructions
+my %regrm = (	"eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3,
+		"esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7	);
+sub ::pextrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm);	}
+    else
+    {	&::generic("pextrd",@_);		}
+}
+
+sub ::pinsrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm);	}
+    else
+    {	&::generic("pinsrd",@_);		}
+}
+
+sub ::pshufb
+{ my($dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2);	}
+    else
+    {	&::generic("pshufb",@_);		}
+}
+
+sub ::palignr
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm);	}
+    else
+    {	&::generic("palignr",@_);		}
+}
+
+sub ::pclmulqdq
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm);	}
+    else
+    {	&::generic("pclmulqdq",@_);		}
+}
+
+sub ::rdrand
+{ my ($dst)=@_;
+    if ($dst =~ /(e[a-dsd][ixp])/)
+    {	&::data_byte(0x0f,0xc7,0xf0|$regrm{$dst});	}
+    else
+    {	&::generic("rdrand",@_);	}
+}
+
+sub ::rdseed
+{ my ($dst)=@_;
+    if ($dst =~ /(e[a-dsd][ixp])/)
+    {	&::data_byte(0x0f,0xc7,0xf8|$regrm{$dst});	}
+    else
+    {	&::generic("rdrand",@_);	}
+}
+
+sub rxb {
+ local *opcode=shift;
+ my ($dst,$src1,$src2,$rxb)=@_;
+
+   $rxb|=0x7<<5;
+   $rxb&=~(0x04<<5) if($dst>=8);
+   $rxb&=~(0x01<<5) if($src1>=8);
+   $rxb&=~(0x02<<5) if($src2>=8);
+   push @opcode,$rxb;
+}
+
+sub ::vprotd
+{ my $args=join(',',@_);
+    if ($args =~ /xmm([0-7]),xmm([0-7]),([x0-9a-f]+)/)
+    { my @opcode=(0x8f);
+	rxb(\@opcode,$1,$2,-1,0x08);
+	push @opcode,0x78,0xc2;
+	push @opcode,0xc0|($2&7)|(($1&7)<<3);		# ModR/M
+	my $c=$3;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	&::data_byte(@opcode);
+    }
+    else
+    {	&::generic("vprotd",@_);	}
+}
+
+sub ::endbranch
+{
+    &::data_byte(0xf3,0x0f,0x1e,0xfb);
+}
+
+# label management
+$lbdecor="L";		# local label decoration, set by package
+$label="000";
+
+sub ::islabel		# see is argument is a known label
+{ my $i;
+    foreach $i (values %label) { return $i if ($i eq $_[0]); }
+  $label{$_[0]};	# can be undef
+}
+
+sub ::label		# instantiate a function-scope label
+{   if (!defined($label{$_[0]}))
+    {	$label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++;   }
+  $label{$_[0]};
+}
+
+sub ::LABEL		# instantiate a file-scope label
+{   $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
+  $label{$_[0]};
+}
+
+sub ::static_label	{ &::LABEL($_[0],$lbdecor.$_[0]); }
+
+sub ::set_label_B	{ push(@out,"@_:\n"); }
+sub ::set_label
+{ my $label=&::label($_[0]);
+    &::align($_[1]) if ($_[1]>1);
+    &::set_label_B($label);
+  $label;
+}
+
+sub ::wipe_labels	# wipes function-scope labels
+{   foreach $i (keys %label)
+    {	delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/);	}
+}
+
+# subroutine management
+sub ::function_begin
+{   &function_begin_B(@_);
+    $stack=4;
+    &push("ebp");
+    &push("ebx");
+    &push("esi");
+    &push("edi");
+}
+
+sub ::function_end
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    &function_end_B(@_);
+    $stack=0;
+    &wipe_labels();
+}
+
+sub ::function_end_A
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    $stack+=16;	# readjust esp as if we didn't pop anything
+}
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+	&data_byte(@str[0..15]);
+	foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+
+sub ::asm_finish
+{   &file_end();
+    print @out;
+}
+
+sub ::asm_init
+{ my ($type,$fn,$cpu)=@_;
+
+    $filename=$fn;
+    $i386=$cpu;
+
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
+    if    (($type eq "elf"))
+    {	$elf=1;			require "x86gas.pl";	}
+    elsif (($type eq "elf-1"))
+    {	$elf=-1;		require "x86gas.pl";	}
+    elsif (($type eq "a\.out"))
+    {	$aout=1;		require "x86gas.pl";	}
+    elsif (($type eq "coff" or $type eq "gaswin"))
+    {	$coff=1;		require "x86gas.pl";	}
+    elsif (($type eq "win32n"))
+    {	$win32=1;		require "x86nasm.pl";	}
+    elsif (($type eq "nw-nasm"))
+    {	$netware=1;		require "x86nasm.pl";	}
+    #elsif (($type eq "nw-mwasm"))
+    #{	$netware=1; $mwerks=1;	require "x86nasm.pl";	}
+    elsif (($type eq "win32"))
+    {	$win32=1;		require "x86masm.pl";	}
+    elsif (($type eq "macosx"))
+    {	$aout=1; $macosx=1;	require "x86gas.pl";	}
+    elsif (($type eq "android"))
+    {	$elf=1; $android=1;	require "x86gas.pl";	}
+    else
+    {	print STDERR <<"EOF";
+Pick one target type from
+	elf	- Linux, FreeBSD, Solaris x86, etc.
+	a.out	- DJGPP, elder OpenBSD, etc.
+	coff	- GAS/COFF such as Win32 targets
+	win32n	- Windows 95/Windows NT NASM format
+	nw-nasm - NetWare NASM format
+	macosx	- Mac OS X
+EOF
+	exit(1);
+    }
+
+    $pic=0;
+    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
+
+    $filename =~ s/\.pl$//;
+    &file($filename);
+}
+
+sub ::hidden {}
+
+1;
diff --git a/openssl-1.1.0h/crypto/perlasm/x86gas.pl b/openssl-1.1.0h/crypto/perlasm/x86gas.pl
new file mode 100644
index 0000000..2c8fce0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/x86gas.pl
@@ -0,0 +1,265 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86gas;
+
+*out=\@::out;
+
+$::lbdecor=$::aout?"L":".L";		# local label decoration
+$nmdecor=($::aout or $::coff)?"_":"";	# external name decoration
+
+$initseg="";
+
+$align=16;
+$align=log($align)/log(2) if ($::aout);
+$com_start="#" if ($::aout or $::coff);
+
+sub opsize()
+{ my $reg=shift;
+    if    ($reg =~ m/^%e/o)		{ "l"; }
+    elsif ($reg =~ m/^%[a-d][hl]$/o)	{ "b"; }
+    elsif ($reg =~ m/^%[yxm]/o)		{ undef; }
+    else				{ "w"; }
+}
+
+# swap arguments;
+# expand opcode with size suffix;
+# prefix numeric constants with $;
+sub ::generic
+{ my($opcode,@arg)=@_;
+  my($suffix,$dst,$src);
+
+    @arg=reverse(@arg);
+
+    for (@arg)
+    {	s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;	# gp registers
+	s/^([xy]?mm[0-7])$/%$1/o;		# xmm/mmx registers
+	s/^(\-?[0-9]+)$/\$$1/o;			# constants
+	s/^(\-?0x[0-9a-f]+)$/\$$1/o;		# constants
+    }
+
+    $dst = $arg[$#arg]		if ($#arg>=0);
+    $src = $arg[$#arg-1]	if ($#arg>=1);
+    if    ($dst =~ m/^%/o)	{ $suffix=&opsize($dst); }
+    elsif ($src =~ m/^%/o)	{ $suffix=&opsize($src); }
+    else			{ $suffix="l";           }
+    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
+
+    if ($#_==0)				{ &::emit($opcode);		}
+    elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o)
+					{ &::emit($opcode,@arg);	}
+    else				{ &::emit($opcode.$suffix,@arg);}
+
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::movzx	{ &::movzb(@_);			}
+sub ::pushfd	{ &::pushfl;			}
+sub ::popfd	{ &::popfl;			}
+sub ::cpuid	{ &::emit(".byte\t0x0f,0xa2");	}
+sub ::rdtsc	{ &::emit(".byte\t0x0f,0x31");	}
+
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::generic("call","*$_[0]");	}
+sub ::jmp_ptr	{ &::generic("jmp","*$_[0]");	}
+
+*::bswap = sub	{ &::emit("bswap","%$_[0]");	} if (!$::i386);
+
+sub ::DWP
+{ my($addr,$reg1,$reg2,$idx)=@_;
+  my $ret="";
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+
+    $reg1 = "%$reg1" if ($reg1);
+    $reg2 = "%$reg2" if ($reg2);
+
+    $ret .= $addr if (($addr ne "") && ($addr ne 0));
+
+    if ($reg2)
+    {	$idx!= 0 or $idx=1;
+	$ret .= "($reg1,$reg2,$idx)";
+    }
+    elsif ($reg1)
+    {	$ret .= "($reg1)";	}
+
+  $ret;
+}
+sub ::QWP	{ &::DWP(@_);	}
+sub ::BP	{ &::DWP(@_);	}
+sub ::WP	{ &::DWP(@_);	}
+sub ::BC	{ @_;		}
+sub ::DWC	{ @_;		}
+
+sub ::file
+{   push(@out,".file\t\"$_[0].s\"\n.text\n");	}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,".globl\t$func\n")	if ($global);
+    if ($::coff)
+    {	push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
+    elsif (($::aout and !$::pic) or $::macosx)
+    { }
+    else
+    {	push(@out,".type	$func,\@function\n"); }
+    push(@out,".align\t$align\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")		if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{ my $func=shift;
+    push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::comment
+	{
+	if (!defined($com_start) or $::elf)
+		{	# Regarding $::elf above...
+			# GNU and SVR4 as'es use different comment delimiters,
+		push(@out,"\n");	# so we just skip ELF comments...
+		return;
+		}
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ push(@out,"\n"); }
+		else
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
+		}
+	}
+
+sub ::external_label
+{   foreach(@_) { &::LABEL($_,$nmdecor.$_); }   }
+
+sub ::public_label
+{   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::file_end
+{   if ($::macosx)
+    {	if (%non_lazy_ptr)
+    	{   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
+	    foreach $i (keys %non_lazy_ptr)
+	    {	push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
+	}
+    }
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+	my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,16";
+	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
+	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
+	else		{ push (@out,"$tmp\n"); }
+    }
+    push(@out,$initseg) if ($initseg);
+}
+
+sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
+sub ::data_short{   push(@out,".value\t".join(',',@_)."\n");  }
+sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
+
+sub ::align
+{ my $val=$_[0];
+    if ($::aout)
+    {	$val=int(log($val)/log(2));
+	$val.=",0x90";
+    }
+    push(@out,".align\t$val\n");
+}
+
+sub ::picmeup
+{ my($dst,$sym,$base,$reflabel)=@_;
+
+    if (($::pic && ($::elf || $::aout)) || $::macosx)
+    {	if (!defined($base))
+	{   &::call(&::label("PIC_me_up"));
+	    &::set_label("PIC_me_up");
+	    &::blindpop($dst);
+	    $base=$dst;
+	    $reflabel=&::label("PIC_me_up");
+	}
+	if ($::macosx)
+	{   my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
+	    &::mov($dst,&::DWP("$indirect-$reflabel",$base));
+	    $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
+	}
+	elsif ($sym eq "OPENSSL_ia32cap_P" && $::elf>0)
+	{   &::lea($dst,&::DWP("$sym-$reflabel",$base));   }
+	else
+	{   &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
+			    $base));
+	    &::mov($dst,&::DWP("$sym\@GOT",$dst));
+	}
+    }
+    else
+    {	&::lea($dst,&::DWP($sym));	}
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    if ($::android)
+    {	$initseg.=<<___;
+.section	.init_array
+.align	4
+.long	$f
+___
+    }
+    elsif ($::elf)
+    {	$initseg.=<<___;
+.section	.init
+	call	$f
+___
+    }
+    elsif ($::coff)
+    {   $initseg.=<<___;	# applies to both Cygwin and Mingw
+.section	.ctors
+.long	$f
+___
+    }
+    elsif ($::macosx)
+    {	$initseg.=<<___;
+.mod_init_func
+.align 2
+.long   $f
+___
+    }
+    elsif ($::aout)
+    {	my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
+	$initseg.=".text\n";
+	$initseg.=".type	$ctor,\@function\n" if ($::pic);
+	$initseg.=<<___;	# OpenBSD way...
+.globl	$ctor
+.align	2
+$ctor:
+	jmp	$f
+___
+    }
+}
+
+sub ::dataseg
+{   push(@out,".data\n");   }
+
+*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf);
+
+1;
diff --git a/openssl-1.1.0h/crypto/perlasm/x86masm.pl b/openssl-1.1.0h/crypto/perlasm/x86masm.pl
new file mode 100644
index 0000000..d352f47
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/x86masm.pl
@@ -0,0 +1,207 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86masm;
+
+*out=\@::out;
+
+$::lbdecor="\$L";	# local label decoration
+$nmdecor="_";		# external name decoration
+
+$initseg="";
+$segment="";
+
+sub ::generic
+{ my ($opcode,@arg)=@_;
+
+    # fix hexadecimal constants
+    for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
+
+    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/)	# no []
+    {	$opcode="mov";	}
+    elsif ($opcode !~ /mov[dq]$/)
+    {	# fix xmm references
+	$arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i);
+	$arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
+    }
+
+    &::emit($opcode,@arg);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::emit("call",@_);	}
+sub ::jmp_ptr	{ &::emit("jmp",@_);	}
+sub ::lock	{ &::data_byte(0xf0);	}
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    $ret .= "$size PTR " if ($size ne "");
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {	if ($addr !~ /^-/)	{ $ret .= "$addr";  }
+	else			{ $post=$addr;      }
+    }
+    $ret .= "[";
+
+    if ($reg2 ne "")
+    {	$idx!=0 or $idx=1;
+	$ret .= "$reg2*$idx";
+	$ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {	$ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+    $ret =~ s/\[\s*\]//;
+
+  $ret;
+}
+sub ::BP	{ &get_mem("BYTE",@_);  }
+sub ::WP	{ &get_mem("WORD",@_);	}
+sub ::DWP	{ &get_mem("DWORD",@_); }
+sub ::QWP	{ &get_mem("QWORD",@_); }
+sub ::BC	{ "@_";  }
+sub ::DWC	{ "@_"; }
+
+sub ::file
+{ my $tmp=<<___;
+TITLE	$_[0].asm
+IF \@Version LT 800
+ECHO MASM version 8.00 or later is strongly recommended.
+ENDIF
+.686
+.MODEL	FLAT
+OPTION	DOTNAME
+IF \@Version LT 800
+.text\$	SEGMENT PAGE 'CODE'
+ELSE
+.text\$	SEGMENT ALIGN(64) 'CODE'
+ENDIF
+___
+    push(@out,$tmp);
+    $segment = ".text\$";
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func="ALIGN\t16\n".$nmdecor.$func."\tPROC";
+
+    if ($global)    { $func.=" PUBLIC\n${begin}::\n"; }
+    else	    { $func.=" PRIVATE\n";            }
+    push(@out,$func);
+    $::stack=4;
+}
+sub ::function_end_B
+{ my $func=shift;
+
+    push(@out,"$nmdecor$func ENDP\n");
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{ my $xmmheader=<<___;
+.686
+.XMM
+IF \@Version LT 800
+XMMWORD STRUCT 16
+DQ	2 dup (?)
+XMMWORD	ENDS
+ENDIF
+___
+    if (grep {/\b[x]?mm[0-7]\b/i} @out) {
+	grep {s/\.[3-7]86/$xmmheader/} @out;
+    }
+
+    push(@out,"$segment	ENDS\n");
+
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {	my $comm=<<___;
+.bss	SEGMENT 'BSS'
+COMM	${nmdecor}OPENSSL_ia32cap_P:DWORD:4
+.bss	ENDS
+___
+	# comment out OPENSSL_ia32cap_P declarations
+	grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+	push (@out,$comm);
+    }
+    push (@out,$initseg) if ($initseg);
+    push (@out,"END\n");
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+*::set_label_B = sub
+{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); };
+
+sub ::external_label
+{   foreach(@_)
+    {	push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n");   }
+}
+
+sub ::public_label
+{   push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::data_byte
+{   push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_);	}
+
+sub ::data_short
+{   push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_);	}
+
+sub ::data_word
+{   push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_);	}
+
+sub ::align
+{   push(@out,"ALIGN\t$_[0]\n");	}
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    $initseg.=<<___;
+.CRT\$XCU	SEGMENT DWORD PUBLIC 'DATA'
+EXTERN	$f:NEAR
+DD	$f
+.CRT\$XCU	ENDS
+___
+}
+
+sub ::dataseg
+{   push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA";   }
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"IF \@Version GE 710\n");
+    push(@out,".SAFESEH	".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"ENDIF\n");
+}
+
+1;
diff --git a/openssl-1.1.0h/crypto/perlasm/x86nasm.pl b/openssl-1.1.0h/crypto/perlasm/x86nasm.pl
new file mode 100644
index 0000000..4b664a8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/perlasm/x86nasm.pl
@@ -0,0 +1,186 @@
+#! /usr/bin/env perl
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+package x86nasm;
+
+*out=\@::out;
+
+$::lbdecor="L\$";		# local label decoration
+$nmdecor=$::netware?"":"_";	# external name decoration
+$drdecor=$::mwerks?".":"";	# directive decoration
+
+$initseg="";
+
+sub ::generic
+{ my $opcode=shift;
+  my $tmp;
+
+    if (!$::mwerks)
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
+	{   $_[0] = "NEAR $_[0]";   	}
+	elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
+	{   $_[1] =~ s/^[^\[]*\[/\[/o;	}
+	elsif ($opcode eq "clflush" && $#_==0)
+	{   $_[0] =~ s/^[^\[]*\[/\[/o;	}
+    }
+    &::emit($opcode,@_);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr	{ &::emit("call",@_);	}
+sub ::jmp_ptr	{ &::emit("jmp",@_);	}
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; }
+
+    if ($size ne "")
+    {	$ret .= "$size";
+	$ret .= " PTR" if ($::mwerks);
+	$ret .= " ";
+    }
+    $ret .= "[";
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {	if ($addr !~ /^-/)	{ $ret .= "$addr+"; }
+	else			{ $post=$addr;      }
+    }
+
+    if ($reg2 ne "")
+    {	$idx!=0 or $idx=1;
+	$ret .= "$reg2*$idx";
+	$ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {	$ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+
+  $ret;
+}
+sub ::BP	{ &get_mem("BYTE",@_);  }
+sub ::DWP	{ &get_mem("DWORD",@_); }
+sub ::WP	{ &get_mem("WORD",@_);	}
+sub ::QWP	{ &get_mem("",@_);      }
+sub ::BC	{ (($::mwerks)?"":"BYTE ")."@_";  }
+sub ::DWC	{ (($::mwerks)?"":"DWORD ")."@_"; }
+
+sub ::file
+{   if ($::mwerks)	{ push(@out,".section\t.text,64\n"); }
+    else
+    { my $tmp=<<___;
+%ifidn __OUTPUT_FORMAT__,obj
+section	code	use32 class=code align=64
+%elifidn __OUTPUT_FORMAT__,win32
+\$\@feat.00 equ 1
+section	.text	code align=64
+%else
+section	.text	code
+%endif
+___
+	push(@out,$tmp);
+    }
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    $begin =~ s/^\@/./ if ($::mwerks);	# the torture never stops
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,"${drdecor}global	$func\n")	if ($global);
+    push(@out,"${drdecor}align	16\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")			if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{   $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {	my $comm=<<___;
+${drdecor}segment	.bss
+${drdecor}common	${nmdecor}OPENSSL_ia32cap_P 16
+___
+	# comment out OPENSSL_ia32cap_P declarations
+	grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+	push (@out,$comm)
+    }
+    push (@out,$initseg) if ($initseg);		
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+sub ::external_label
+{   foreach(@_)
+    {	push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
+}
+
+sub ::public_label
+{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
+
+sub ::data_byte
+{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");	}
+sub ::data_short
+{   push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n");	}
+sub ::data_word
+{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");	}
+
+sub ::align
+{   push(@out,"${drdecor}align\t$_[0]\n");	}
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+    if ($::win32)
+    {	$initseg=<<___;
+segment	.CRT\$XCU data align=4
+extern	$f
+dd	$f
+___
+    }
+}
+
+sub ::dataseg
+{   if ($mwerks)	{ push(@out,".section\t.data,4\n");   }
+    else		{ push(@out,"section\t.data align=4\n"); }
+}
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"%if	__NASM_VERSION_ID__ >= 0x02030000\n");
+    push(@out,"safeseh	".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"%endif\n");
+}
+
+1;
diff --git a/openssl-1.1.0h/crypto/pkcs12/build.info b/openssl-1.1.0h/crypto/pkcs12/build.info
new file mode 100644
index 0000000..b87299e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_sbag.c \
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_add.c b/openssl-1.1.0h/crypto/pkcs12/p12_add.c
new file mode 100644
index 0000000..193ed80
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_add.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2)
+{
+    PKCS12_BAGS *bag;
+    PKCS12_SAFEBAG *safebag;
+
+    if ((bag = PKCS12_BAGS_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(nid1);
+    if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    safebag->value.bag = bag;
+    safebag->type = OBJ_nid2obj(nid2);
+    return safebag;
+
+ err:
+    PKCS12_BAGS_free(bag);
+    return NULL;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+    PKCS7 *p7;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p7->type = OBJ_nid2obj(NID_pkcs7_data);
+    if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+        goto err;
+    }
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+    if (!PKCS7_type_is_data(p7)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+    PKCS7 *p7;
+    X509_ALGOR *pbe;
+    const EVP_CIPHER *pbe_ciph;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+                  PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+        goto err;
+    }
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+    else
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+    p7->d.encrypted->enc_data->algorithm = pbe;
+    ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+    if (!(p7->d.encrypted->enc_data->enc_data =
+          PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+                                  passlen, bags, 1))) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+        goto err;
+    }
+
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen)
+{
+    if (!PKCS7_type_is_encrypted(p7))
+        return NULL;
+    return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                   pass, passlen,
+                                   p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen)
+{
+    return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+    if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                       &p12->authsafes->d.data))
+        return 1;
+    return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+{
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p12->authsafes->d.data,
+                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_asn.c b/openssl-1.1.0h/crypto/pkcs12/p12_asn.c
new file mode 100644
index 0000000..f2bfe32
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_asn.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_attr.c b/openssl-1.1.0h/crypto/pkcs12/p12_attr.c
new file mode 100644
index 0000000..c324f50
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_attr.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                                V_ASN1_OCTET_STRING, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+    unsigned char us_val = (unsigned char)usage;
+    return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage,
+                                       V_ASN1_BIT_STRING, &us_val, 1);
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_UTF8, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_BMP, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid)
+{
+    X509_ATTRIBUTE *attrib;
+    int i;
+    i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
+    attrib = X509at_get_attr(attrs, i);
+    return X509_ATTRIBUTE_get0_type(attrib, 0);
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+    const ASN1_TYPE *atype;
+
+    if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
+        return NULL;
+    if (atype->type != V_ASN1_BMPSTRING)
+        return NULL;
+    return OPENSSL_uni2utf8(atype->value.bmpstring->data,
+                            atype->value.bmpstring->length);
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+    return bag->attrib;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_crpt.c b/openssl-1.1.0h/crypto/pkcs12/p12_crpt.c
new file mode 100644
index 0000000..feef9d1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_crpt.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 PBE algorithms now in static table */
+
+void PKCS12_PBE_add(void)
+{
+}
+
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md, int en_de)
+{
+    PBEPARAM *pbe;
+    int saltlen, iter, ret;
+    unsigned char *salt;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int (*pkcs12_key_gen)(const char *pass, int passlen,
+                          unsigned char *salt, int slen,
+                          int id, int iter, int n,
+                          unsigned char *out,
+                          const EVP_MD *md_type);
+
+    pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (cipher == NULL)
+        return 0;
+
+    /* Extract useful info from parameter */
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                           iter, EVP_CIPHER_key_length(cipher), key, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                           iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    PBEPARAM_free(pbe);
+    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_crt.c b/openssl-1.1.0h/crypto/pkcs12/p12_crt.c
new file mode 100644
index 0000000..10cf8dd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_crt.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag);
+
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *attr;
+    idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+    if (idx < 0)
+        return 1;
+    attr = EVP_PKEY_get_attr(pkey, idx);
+    if (!X509at_add1_attr(&bag->attrib, attr))
+        return 0;
+    return 1;
+}
+
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
+                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                      int mac_iter, int keytype)
+{
+    PKCS12 *p12 = NULL;
+    STACK_OF(PKCS7) *safes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    PKCS12_SAFEBAG *bag = NULL;
+    int i;
+    unsigned char keyid[EVP_MAX_MD_SIZE];
+    unsigned int keyidlen = 0;
+
+    /* Set defaults */
+    if (!nid_cert)
+#ifdef OPENSSL_NO_RC2
+        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+    if (!nid_key)
+        nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    if (!iter)
+        iter = PKCS12_DEFAULT_ITER;
+    if (!mac_iter)
+        mac_iter = 1;
+
+    if (!pkey && !cert && !ca) {
+        PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+
+    if (pkey && cert) {
+        if (!X509_check_private_key(cert, pkey))
+            return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+    }
+
+    if (cert) {
+        bag = PKCS12_add_cert(&bags, cert);
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    /* Add all other certificates */
+    for (i = 0; i < sk_X509_num(ca); i++) {
+        if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    if (pkey) {
+        bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+        if (!bag)
+            goto err;
+
+        if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+            goto err;
+        if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+            goto err;
+
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    p12 = PKCS12_add_safes(safes, 0);
+
+    if (!p12)
+        goto err;
+
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+
+    safes = NULL;
+
+    if ((mac_iter != -1) &&
+        !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+        goto err;
+
+    return p12;
+
+ err:
+    PKCS12_free(p12);
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+    PKCS12_SAFEBAG *bag = NULL;
+    char *name;
+    int namelen = -1;
+    unsigned char *keyid;
+    int keyidlen = -1;
+
+    /* Add user certificate */
+    if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
+        goto err;
+
+    /*
+     * Use friendlyName and localKeyID in certificate. (if present)
+     */
+
+    name = (char *)X509_alias_get0(cert, &namelen);
+
+    if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+        goto err;
+
+    keyid = X509_keyid_get0(cert, &keyidlen);
+
+    if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int nid_key, const char *pass)
+{
+
+    PKCS12_SAFEBAG *bag = NULL;
+    PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+    /* Make a PKCS#8 structure */
+    if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
+        goto err;
+    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+        goto err;
+    if (nid_key != -1) {
+        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+                                                  iter, p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+    } else
+        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
+
+    if (!bag)
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int nid_safe, int iter, const char *pass)
+{
+    PKCS7 *p7 = NULL;
+    int free_safes = 0;
+
+    if (!*psafes) {
+        *psafes = sk_PKCS7_new_null();
+        if (!*psafes)
+            return 0;
+        free_safes = 1;
+    } else
+        free_safes = 0;
+
+    if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+        nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+
+    if (nid_safe == -1)
+        p7 = PKCS12_pack_p7data(bags);
+    else
+        p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
+    if (!p7)
+        goto err;
+
+    if (!sk_PKCS7_push(*psafes, p7))
+        goto err;
+
+    return 1;
+
+ err:
+    if (free_safes) {
+        sk_PKCS7_free(*psafes);
+        *psafes = NULL;
+    }
+    PKCS7_free(p7);
+    return 0;
+
+}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag)
+{
+    int free_bags;
+    if (!pbags)
+        return 1;
+    if (!*pbags) {
+        *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if (!*pbags)
+            return 0;
+        free_bags = 1;
+    } else
+        free_bags = 0;
+
+    if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+        if (free_bags) {
+            sk_PKCS12_SAFEBAG_free(*pbags);
+            *pbags = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+
+}
+
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+{
+    PKCS12 *p12;
+    if (nid_p7 <= 0)
+        nid_p7 = NID_pkcs7_data;
+    p12 = PKCS12_init(nid_p7);
+
+    if (!p12)
+        return NULL;
+
+    if (!PKCS12_pack_authsafes(p12, safes)) {
+        PKCS12_free(p12);
+        return NULL;
+    }
+
+    return p12;
+
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_decr.c b/openssl-1.1.0h/crypto/pkcs12/p12_decr.c
new file mode 100644
index 0000000..3c86058
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_decr.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*
+ * #define OPENSSL_DEBUG_DECRYPT
+ */
+
+/*
+ * Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen, int en_de)
+{
+    unsigned char *out = NULL;
+    int outlen, i;
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+
+    if (ctx == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Decrypt data */
+    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+                            algor->parameter, ctx, en_de)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+        goto err;
+    }
+
+    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
+            == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    outlen = i;
+    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+        goto err;
+    }
+    outlen += i;
+    if (datalen)
+        *datalen = outlen;
+    if (data)
+        *data = out;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    return out;
+
+}
+
+/*
+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
+ * after use.
+ */
+
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf)
+{
+    unsigned char *out;
+    const unsigned char *p;
+    void *ret;
+    int outlen;
+
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                          &out, &outlen, 0)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+        return NULL;
+    }
+    p = out;
+#ifdef OPENSSL_DEBUG_DECRYPT
+    {
+        FILE *op;
+
+        char fname[30];
+        static int fnm = 1;
+        sprintf(fname, "DER%d", fnm++);
+        op = fopen(fname, "wb");
+        fwrite(p, 1, outlen, op);
+        fclose(op);
+    }
+#endif
+    ret = ASN1_item_d2i(NULL, &p, outlen, it);
+    if (zbuf)
+        OPENSSL_cleanse(out, outlen);
+    if (!ret)
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
+    OPENSSL_free(out);
+    return ret;
+}
+
+/*
+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
+ * encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    unsigned char *in = NULL;
+    int inlen;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    inlen = ASN1_item_i2d(obj, &in, it);
+    if (!in) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+                          &oct->length, 1)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+        OPENSSL_free(in);
+        goto err;
+    }
+    if (zbuf)
+        OPENSSL_cleanse(in, inlen);
+    OPENSSL_free(in);
+    return oct;
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_init.c b/openssl-1.1.0h/crypto/pkcs12/p12_init.c
new file mode 100644
index 0000000..a78e183
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_init.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init(int mode)
+{
+    PKCS12 *pkcs12;
+
+    if ((pkcs12 = PKCS12_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ASN1_INTEGER_set(pkcs12->version, 3);
+    pkcs12->authsafes->type = OBJ_nid2obj(mode);
+    switch (mode) {
+    case NID_pkcs7_data:
+        if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+        goto err;
+    }
+    return pkcs12;
+
+ err:
+    PKCS12_free(pkcs12);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_key.c b/openssl-1.1.0h/crypto/pkcs12/p12_key.c
new file mode 100644
index 0000000..9c13a45
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_key.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include <openssl/bn.h>
+
+/* Uncomment out this line to get debugging info about key generation */
+/*
+ * #define OPENSSL_DEBUG_KEYGEN
+ */
+#ifdef OPENSSL_DEBUG_KEYGEN
+# include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump(unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+# define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
+    int Slen, Plen, Ilen, Ijlen;
+    int i, j, u, v;
+    int ret = 0;
+    BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
+    EVP_MD_CTX *ctx = NULL;
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    unsigned char *tmpout = out;
+    int tmpn = n;
+#endif
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    fprintf(stderr, "KEYGEN DEBUG\n");
+    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+    fprintf(stderr, "Password (length %d):\n", passlen);
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt (length %d):\n", saltlen);
+    h__dump(salt, saltlen);
+#endif
+    v = EVP_MD_block_size(md_type);
+    u = EVP_MD_size(md_type);
+    if (u < 0 || v <= 0)
+        goto err;
+    D = OPENSSL_malloc(v);
+    Ai = OPENSSL_malloc(u);
+    B = OPENSSL_malloc(v + 1);
+    Slen = v * ((saltlen + v - 1) / v);
+    if (passlen)
+        Plen = v * ((passlen + v - 1) / v);
+    else
+        Plen = 0;
+    Ilen = Slen + Plen;
+    I = OPENSSL_malloc(Ilen);
+    Ij = BN_new();
+    Bpl1 = BN_new();
+    if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL
+            || Bpl1 == NULL)
+        goto err;
+    for (i = 0; i < v; i++)
+        D[i] = id;
+    p = I;
+    for (i = 0; i < Slen; i++)
+        *p++ = salt[i % saltlen];
+    for (i = 0; i < Plen; i++)
+        *p++ = pass[i % passlen];
+    for (;;) {
+        if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+            || !EVP_DigestUpdate(ctx, D, v)
+            || !EVP_DigestUpdate(ctx, I, Ilen)
+            || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+            goto err;
+        for (j = 1; j < iter; j++) {
+            if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+                || !EVP_DigestUpdate(ctx, Ai, u)
+                || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+                goto err;
+        }
+        memcpy(out, Ai, min(n, u));
+        if (u >= n) {
+#ifdef OPENSSL_DEBUG_KEYGEN
+            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+            h__dump(tmpout, tmpn);
+#endif
+            ret = 1;
+            goto end;
+        }
+        n -= u;
+        out += u;
+        for (j = 0; j < v; j++)
+            B[j] = Ai[j % u];
+        /* Work out B + 1 first then can use B as tmp space */
+        if (!BN_bin2bn(B, v, Bpl1))
+            goto err;
+        if (!BN_add_word(Bpl1, 1))
+            goto err;
+        for (j = 0; j < Ilen; j += v) {
+            if (!BN_bin2bn(I + j, v, Ij))
+                goto err;
+            if (!BN_add(Ij, Ij, Bpl1))
+                goto err;
+            if (!BN_bn2bin(Ij, B))
+                goto err;
+            Ijlen = BN_num_bytes(Ij);
+            /* If more than 2^(v*8) - 1 cut off MSB */
+            if (Ijlen > v) {
+                if (!BN_bn2bin(Ij, B))
+                    goto err;
+                memcpy(I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+                /* If less than v bytes pad with zeroes */
+            } else if (Ijlen < v) {
+                memset(I + j, 0, v - Ijlen);
+                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                    goto err;
+#endif
+            } else if (!BN_bn2bin(Ij, I + j))
+                goto err;
+        }
+    }
+
+ err:
+    PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
+
+ end:
+    OPENSSL_free(Ai);
+    OPENSSL_free(B);
+    OPENSSL_free(D);
+    OPENSSL_free(I);
+    BN_free(Ij);
+    BN_free(Bpl1);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#ifdef OPENSSL_DEBUG_KEYGEN
+void h__dump(unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X", *p);
+    fprintf(stderr, "\n");
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_kiss.c b/openssl-1.1.0h/crypto/pkcs12/p12_kiss.c
new file mode 100644
index 0000000..7ab9838
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_kiss.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+/*
+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and
+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
+ * should point to a valid STACK structure. pkey and cert can be passed
+ * uninitialised.
+ */
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca)
+{
+    STACK_OF(X509) *ocerts = NULL;
+    X509 *x = NULL;
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    /*
+     * If password is zero length or NULL then try verifying both cases to
+     * determine which password is correct. The reason for this is that under
+     * PKCS#12 password based encryption no password and a zero length
+     * password are two different things...
+     */
+
+    if (!pass || !*pass) {
+        if (PKCS12_verify_mac(p12, NULL, 0))
+            pass = NULL;
+        else if (PKCS12_verify_mac(p12, "", 0))
+            pass = "";
+        else {
+            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+            goto err;
+        }
+    } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+        goto err;
+    }
+
+    /* Allocate stack for other certificates */
+    ocerts = sk_X509_new_null();
+
+    if (!ocerts) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+
+    while ((x = sk_X509_pop(ocerts))) {
+        if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
+            if (X509_check_private_key(x, *pkey)) {
+                *cert = x;
+                x = NULL;
+            }
+            ERR_pop_to_mark();
+        }
+
+        if (ca && x) {
+            if (!*ca)
+                *ca = sk_X509_new_null();
+            if (!*ca)
+                goto err;
+            if (!sk_X509_push(*ca, x))
+                goto err;
+            x = NULL;
+        }
+        X509_free(x);
+    }
+
+    sk_X509_pop_free(ocerts, X509_free);
+
+    return 1;
+
+ err:
+
+    if (pkey) {
+        EVP_PKEY_free(*pkey);
+        *pkey = NULL;
+    }
+    if (cert) {
+        X509_free(*cert);
+        *cert = NULL;
+    }
+    X509_free(x);
+    sk_X509_pop_free(ocerts, X509_free);
+    return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    STACK_OF(PKCS7) *asafes;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    }
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return 1;
+}
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                       pass, passlen, pkey, ocerts))
+            return 0;
+    }
+    return 1;
+}
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509 *x509;
+    const ASN1_TYPE *attrib;
+    ASN1_BMPSTRING *fname = NULL;
+    ASN1_OCTET_STRING *lkid = NULL;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+        fname = attrib->value.bmpstring;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+        lkid = attrib->value.octet_string;
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (!pkey || *pkey)
+            return 1;
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
+            return 0;
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (!pkey || *pkey)
+            return 1;
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        *pkey = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (!(*pkey))
+            return 0;
+        break;
+
+    case NID_certBag:
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
+            X509_free(x509);
+            return 0;
+        }
+        if (fname) {
+            int len, r;
+            unsigned char *data;
+            len = ASN1_STRING_to_UTF8(&data, fname);
+            if (len >= 0) {
+                r = X509_alias_set1(x509, data, len);
+                OPENSSL_free(data);
+                if (!r) {
+                    X509_free(x509);
+                    return 0;
+                }
+            }
+        }
+
+        if (!sk_X509_push(ocerts, x509)) {
+            X509_free(x509);
+            return 0;
+        }
+
+        break;
+
+    case NID_safeContentsBag:
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
+
+    default:
+        return 1;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_lcl.h b/openssl-1.1.0h/crypto/pkcs12/p12_lcl.h
new file mode 100644
index 0000000..0b52f1e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_lcl.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct PKCS12_MAC_DATA_st {
+    X509_SIG *dinfo;
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;         /* defaults to 1 */
+};
+
+struct PKCS12_st {
+    ASN1_INTEGER *version;
+    PKCS12_MAC_DATA *mac;
+    PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+    ASN1_OBJECT *type;
+    union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st *keybag; /* keybag */
+        X509_SIG *shkeybag;     /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+    } value;
+    STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+    ASN1_OBJECT *type;
+    union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other;       /* Secret or other bag */
+    } value;
+};
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_mutl.c b/openssl-1.1.0h/crypto/pkcs12/p12_mutl.c
new file mode 100644
index 0000000..a9e2202
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_mutl.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/crypto.h>
+# include <openssl/hmac.h>
+# include <openssl/rand.h>
+# include <openssl/pkcs12.h>
+# include "p12_lcl.h"
+
+int PKCS12_mac_present(const PKCS12 *p12)
+{
+    return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12)
+{
+    if (p12->mac) {
+        X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
+        if (psalt)
+            *psalt = p12->mac->salt;
+        if (piter)
+            *piter = p12->mac->iter;
+    } else {
+        if (pmac)
+            *pmac = NULL;
+        if (pmacalg)
+            *pmacalg = NULL;
+        if (psalt)
+            *psalt = NULL;
+        if (piter)
+            *piter = NULL;
+    }
+}
+
+# define TK26_MAC_KEY_LEN 32
+
+static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
+                                   const unsigned char *salt, int saltlen,
+                                   int iter, int keylen, unsigned char *key,
+                                   const EVP_MD *digest)
+{
+    unsigned char out[96];
+
+    if (keylen != TK26_MAC_KEY_LEN) {
+        return 0;
+    }
+
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+                           digest, sizeof(out), out)) {
+        return 0;
+    }
+    memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
+    OPENSSL_cleanse(out, sizeof(out));
+    return 1;
+}
+
+/* Generate a MAC */
+static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                          unsigned char *mac, unsigned int *maclen,
+                          int (*pkcs12_key_gen)(const char *pass, int passlen,
+                                                unsigned char *salt, int slen,
+                                                int id, int iter, int n,
+                                                unsigned char *out,
+                                                const EVP_MD *md_type))
+{
+    const EVP_MD *md_type;
+    HMAC_CTX *hmac = NULL;
+    unsigned char key[EVP_MAX_MD_SIZE], *salt;
+    int saltlen, iter;
+    int md_size = 0;
+    int md_type_nid;
+    const X509_ALGOR *macalg;
+    const ASN1_OBJECT *macoid;
+
+    if (pkcs12_key_gen == NULL)
+        pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return 0;
+    }
+
+    salt = p12->mac->salt->data;
+    saltlen = p12->mac->salt->length;
+    if (!p12->mac->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(p12->mac->iter);
+    X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
+    X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+    if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+        return 0;
+    }
+    md_size = EVP_MD_size(md_type);
+    md_type_nid = EVP_MD_type(md_type);
+    if (md_size < 0)
+        return 0;
+    if ((md_type_nid == NID_id_GostR3411_94
+         || md_type_nid == NID_id_GostR3411_2012_256
+         || md_type_nid == NID_id_GostR3411_2012_512)
+        && !getenv("LEGACY_GOST_PKCS12")) {
+        md_size = TK26_MAC_KEY_LEN;
+        if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+                                     md_size, key, md_type)) {
+            PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+            return 0;
+        }
+    } else
+        if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
+                               iter, md_size, key, md_type)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+        return 0;
+    }
+    if ((hmac = HMAC_CTX_new()) == NULL
+        || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(hmac, p12->authsafes->d.data->data,
+                        p12->authsafes->d.data->length)
+        || !HMAC_Final(hmac, mac, maclen)) {
+        HMAC_CTX_free(hmac);
+        return 0;
+    }
+    HMAC_CTX_free(hmac);
+    return 1;
+}
+
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen)
+{
+    return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    const ASN1_OCTET_STRING *macoct;
+
+    if (p12->mac == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+        return 0;
+    }
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
+    if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+        || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
+        return 0;
+
+    return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    ASN1_OCTET_STRING *macoct;
+
+    if (!md_type)
+        md_type = EVP_sha1();
+    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+        return 0;
+    }
+    /*
+     * Note that output mac is forced to UTF-8...
+     */
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+                     const EVP_MD *md_type)
+{
+    X509_ALGOR *macalg;
+
+    PKCS12_MAC_DATA_free(p12->mac);
+    p12->mac = NULL;
+
+    if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+        return PKCS12_ERROR;
+    if (iter > 1) {
+        if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!saltlen)
+        saltlen = PKCS12_SALT_LEN;
+    if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->salt->length = saltlen;
+    if (!salt) {
+        if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
+            return 0;
+    } else
+        memcpy(p12->mac->salt->data, salt, saltlen);
+    X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
+    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+                         V_ASN1_NULL, NULL)) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_npas.c b/openssl-1.1.0h/crypto/pkcs12/p12_npas.c
new file mode 100644
index 0000000..0ce75ed
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_npas.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                        const char *newpass);
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+    }
+
+    if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+    PKCS7 *p7, *p7new;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    int rv = 0;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        goto err;
+    if ((newsafes = sk_PKCS7_new_null()) == NULL)
+        goto err;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+                         &pbe_nid, &pbe_iter, &pbe_saltlen))
+                goto err;
+        } else {
+            continue;
+        }
+        if (bags == NULL)
+            goto err;
+        if (!newpass_bags(bags, oldpass, newpass))
+            goto err;
+        /* Repack bag in same form with new password */
+        if (bagnid == NID_pkcs7_data)
+            p7new = PKCS12_pack_p7data(bags);
+        else
+            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                          pbe_saltlen, pbe_iter, bags);
+        if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+            goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+
+    /* Repack safe: save old safe in case of error */
+
+    p12_data_tmp = p12->authsafes->d.data;
+    if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!PKCS12_pack_authsafes(p12, newsafes))
+        goto err;
+
+    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+        goto err;
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
+        goto err;
+
+    rv = 1;
+
+err:
+    /* Restore old safe if necessary */
+    if (rv == 1) {
+        ASN1_OCTET_STRING_free(p12_data_tmp);
+    } else if (p12_data_tmp != NULL) {
+        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+        p12->authsafes->d.data = p12_data_tmp;
+    }
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    sk_PKCS7_pop_free(newsafes, PKCS7_free);
+    return rv;
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+            return 0;
+    }
+    return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                       const char *newpass)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509_SIG *p8new;
+    int p8_nid, p8_saltlen, p8_iter;
+    const X509_ALGOR *shalg;
+
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+        return 1;
+
+    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
+        return 0;
+    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
+    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+        return 0;
+    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                          p8_iter, p8);
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    if (p8new == NULL)
+        return 0;
+    X509_SIG_free(bag->value.shkeybag);
+    bag->value.shkeybag = p8new;
+    return 1;
+}
+
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen)
+{
+    PBEPARAM *pbe;
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
+    if (!pbe)
+        return 0;
+    *pnid = OBJ_obj2nid(alg->algorithm);
+    *piter = ASN1_INTEGER_get(pbe->iter);
+    *psaltlen = pbe->salt->length;
+    PBEPARAM_free(pbe);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_p8d.c b/openssl-1.1.0h/crypto/pkcs12/p12_p8d.c
new file mode 100644
index 0000000..d926a77
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_p8d.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen)
+{
+    const X509_ALGOR *dalg;
+    const ASN1_OCTET_STRING *doct;
+    X509_SIG_get0(p8, &dalg, &doct);
+    return PKCS12_item_decrypt_d2i(dalg,
+                                   ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+                                   passlen, doct, 1);
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_p8e.c b/openssl-1.1.0h/crypto/pkcs12/p12_p8e.c
new file mode 100644
index 0000000..86a07e1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_p8e.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "internal/x509_int.h"
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen,
+                        unsigned char *salt, int saltlen, int iter,
+                        PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    X509_SIG *p8 = NULL;
+    X509_ALGOR *pbe;
+
+    if (pbe_nid == -1)
+        pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+    else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+        pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
+    else {
+        ERR_clear_error();
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+    }
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+    p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
+    if (p8 == NULL) {
+        X509_ALGOR_free(pbe);
+        return NULL;
+    }
+
+    return p8;
+}
+
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                         PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
+{
+    X509_SIG *p8;
+    ASN1_OCTET_STRING *enckey;
+
+    enckey =
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+                                pass, passlen, p8inf, 1);
+    if (!enckey) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
+        return NULL;
+    }
+
+    p8 = OPENSSL_zalloc(sizeof(*p8));
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(enckey);
+        return NULL;
+    }
+    p8->algor = pbe;
+    p8->digest = enckey;
+
+    return p8;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_sbag.c b/openssl-1.1.0h/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 0000000..4a3d259
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+#endif
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
+}
+
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+        return NULL;
+    return bag->value.keybag;
+}
+
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+        return NULL;
+    return bag->value.shkeybag;
+}
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
+        return NULL;
+    return bag->value.safes;
+}
+
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+    return bag->type;
+}
+
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+    return OBJ_obj2nid(bag->type);
+}
+
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+    int btype = PKCS12_SAFEBAG_get_nid(bag);
+
+    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
+        return -1;
+    return OBJ_obj2nid(bag->value.bag->type);
+}
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_keyBag);
+    bag->value.keybag = p8;
+    return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    /* Set up the safe bag */
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    bag->value.shkeybag = p8;
+    return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    PKCS12_SAFEBAG *bag;
+    const EVP_CIPHER *pbe_ciph;
+    X509_SIG *p8;
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe_nid = -1;
+
+    p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+                       p8inf);
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        X509_SIG_free(p8);
+        return NULL;
+    }
+
+    return bag;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs12/p12_utl.c b/openssl-1.1.0h/crypto/pkcs12/p12_utl.c
new file mode 100644
index 0000000..0701478
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/p12_utl.c
@@ -0,0 +1,237 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen)
+{
+    int ulen, i;
+    unsigned char *unitmp;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+    ulen = asclen * 2 + 2;
+    if ((unitmp = OPENSSL_malloc(ulen)) == NULL)
+        return NULL;
+    for (i = 0; i < ulen - 2; i += 2) {
+        unitmp[i] = 0;
+        unitmp[i + 1] = asc[i >> 1];
+    }
+    /* Make result double null terminated */
+    unitmp[ulen - 2] = 0;
+    unitmp[ulen - 1] = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = unitmp;
+    return unitmp;
+}
+
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
+{
+    int asclen, i;
+    char *asctmp;
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+    asclen = unilen / 2;
+    /* If no terminating zero allow for one */
+    if (!unilen || uni[unilen - 1])
+        asclen++;
+    uni++;
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
+        return NULL;
+    for (i = 0; i < unilen; i += 2)
+        asctmp[i >> 1] = uni[i];
+    asctmp[asclen - 1] = 0;
+    return asctmp;
+}
+
+/*
+ * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and
+ * PKCS#12 BMPString format, which is specified as big-endian UTF-16.
+ * One should keep in mind that even though BMPString is passed as
+ * unsigned char *, it's not the kind of string you can exercise e.g.
+ * strlen on. Caller also has to keep in mind that its length is
+ * expressed not in number of UTF-16 characters, but in number of
+ * bytes the string occupies, and treat it, the length, accordingly.
+ */
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen)
+{
+    int ulen, i, j;
+    unsigned char *unitmp, *ret;
+    unsigned long utf32chr = 0;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+
+    for (ulen = 0, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+
+        /*
+         * Following condition is somewhat opportunistic is sense that
+         * decoding failure is used as *indirect* indication that input
+         * string might in fact be extended ASCII/ANSI/ISO-8859-X. The
+         * fallback is taken in hope that it would allow to process
+         * files created with previous OpenSSL version, which used the
+         * naive OPENSSL_asc2uni all along. It might be worth noting
+         * that probability of false positive depends on language. In
+         * cases covered by ISO Latin 1 probability is very low, because
+         * any printable non-ASCII alphabet letter followed by another
+         * or any ASCII character will trigger failure and fallback.
+         * In other cases situation can be intensified by the fact that
+         * English letters are not part of alternative keyboard layout,
+         * but even then there should be plenty of pairs that trigger
+         * decoding failure...
+         */
+        if (j < 0)
+	    return OPENSSL_asc2uni(asc, asclen, uni, unilen);
+
+        if (utf32chr > 0x10FFFF)        /* UTF-16 cap */
+	    return NULL;
+
+        if (utf32chr >= 0x10000)        /* pair of UTF-16 characters */
+            ulen += 2*2;
+        else                            /* or just one */
+            ulen += 2;
+    }
+
+    ulen += 2;  /* for trailing UTF16 zero */
+
+    if ((ret = OPENSSL_malloc(ulen)) == NULL)
+        return NULL;
+
+    /* re-run the loop writing down UTF-16 characters in big-endian order */
+    for (unitmp = ret, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+        if (utf32chr >= 0x10000) {      /* pair if UTF-16 characters */
+            unsigned int hi, lo;
+
+            utf32chr -= 0x10000;
+            hi = 0xD800 + (utf32chr>>10);
+            lo = 0xDC00 + (utf32chr&0x3ff);
+            *unitmp++ = (unsigned char)(hi>>8);
+            *unitmp++ = (unsigned char)(hi);
+            *unitmp++ = (unsigned char)(lo>>8);
+            *unitmp++ = (unsigned char)(lo);
+        } else {                        /* or just one */
+            *unitmp++ = (unsigned char)(utf32chr>>8);
+            *unitmp++ = (unsigned char)(utf32chr);
+        }
+    }
+    /* Make result double null terminated */
+    *unitmp++ = 0;
+    *unitmp++ = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = ret;
+    return ret;
+}
+
+static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
+{
+    unsigned long utf32chr;
+
+    if (len == 0) return 0;
+
+    if (len < 2) return -1;
+
+    /* pull UTF-16 character in big-endian order */
+    utf32chr = (utf16[0]<<8) | utf16[1];
+
+    if (utf32chr >= 0xD800 && utf32chr < 0xE000) {   /* two chars */
+        unsigned int lo;
+
+        if (len < 4) return -1;
+
+        utf32chr -= 0xD800;
+        utf32chr <<= 10;
+        lo = (utf16[2]<<8) | utf16[3];
+        if (lo < 0xDC00 || lo >= 0xE000) return -1;
+        utf32chr |= lo-0xDC00;
+        utf32chr += 0x10000;
+    }
+
+    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+}
+
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
+{
+    int asclen, i, j;
+    char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(NULL, uni+i, unilen-i);
+        /*
+         * falling back to OPENSSL_uni2asc makes lesser sense [than
+         * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above],
+         * it's done rather to maintain symmetry...
+         */
+        if (j < 0) return OPENSSL_uni2asc(uni, unilen);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero allow for one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asclen++;
+
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL)
+        return NULL;
+
+    /* re-run the loop emitting UTF-8 string */
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero write one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asctmp[asclen] = '\0';
+
+    return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/pkcs12/pk12err.c b/openssl-1.1.0h/crypto/pkcs12/pk12err.c
new file mode 100644
index 0000000..f705084
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs12/pk12err.c
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+
+static ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
+    {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
+    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
+    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
+    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"},
+    {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF),
+     "PKCS12_SAFEBAG_create0_p8inf"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8),
+     "PKCS12_SAFEBAG_create0_pkcs8"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT),
+     "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
+    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
+    {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+    {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
+    {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
+    {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+     "error setting encrypted data type"},
+    {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+    {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+     "invalid null pkcs12 pointer"},
+    {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
+    {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
+    {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
+    {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+     "pkcs12 algor cipherinit error"},
+    {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+     "pkcs12 cipherfinal error"},
+    {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
+    {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+     "unknown digest algorithm"},
+    {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PKCS12_str_functs);
+        ERR_load_strings(0, PKCS12_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/bio_pk7.c b/openssl-1.1.0h/crypto/pkcs7/bio_pk7.c
new file mode 100644
index 0000000..29feaa3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/bio_pk7.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bio.h>
+
+#if !defined(OPENSSL_SYS_VXWORKS)
+# include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Streaming encode support for PKCS#7 */
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/build.info b/openssl-1.1.0h/crypto/pkcs7/build.info
new file mode 100644
index 0000000..2029d53
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c bio_pk7.c
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_asn1.c b/openssl-1.1.0h/crypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000..cd9fb4f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+/* PKCS#7 streaming support */
+static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    PKCS7 **pp7 = (PKCS7 **)pval;
+
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
+        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS7)
+}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+
+IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+        EVP_PKEY_free(si->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+        /* NB this should be a SET OF but we use a SEQUENCE OF so the
+         * original order * is retained when the structure is reencoded.
+         * Since the attributes are implicitly tagged this will not affect
+         * the encoding.
+         */
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+        X509_free(ri->cert);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_attr.c b/openssl-1.1.0h/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000..e90bf03
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap)
+{
+    ASN1_STRING *seq;
+
+    if ((seq = ASN1_STRING_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
+                                ASN1_ITEM_rptr(X509_ALGORS));
+    return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                      V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *cap;
+    const unsigned char *p;
+
+    cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+    if (cap == NULL || (cap->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = cap->value.sequence->data;
+    return (STACK_OF(X509_ALGOR) *)
+        ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_ALGORS));
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    ASN1_INTEGER *nbit = NULL;
+    X509_ALGOR *alg;
+
+    if ((alg = X509_ALGOR_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = OBJ_nid2obj(nid);
+    if (arg > 0) {
+        if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
+            goto err;
+        }
+        if ((nbit = ASN1_INTEGER_new()) == NULL) {
+            goto err;
+        }
+        if (!ASN1_INTEGER_set(nbit, arg)) {
+            goto err;
+        }
+        alg->parameter->value.integer = nbit;
+        alg->parameter->type = V_ASN1_INTEGER;
+        nbit = NULL;
+    }
+    if (!sk_X509_ALGOR_push(sk, alg)) {
+        goto err;
+    }
+    return 1;
+err:
+    PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+    ASN1_INTEGER_free(nbit);
+    X509_ALGOR_free(alg);
+    return 0;
+}
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+{
+    if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
+        return 0;
+    if (!coid)
+        coid = OBJ_nid2obj(NID_pkcs7_data);
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                      V_ASN1_OBJECT, coid);
+}
+
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+{
+    if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                      V_ASN1_UTCTIME, t);
+}
+
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen)
+{
+    ASN1_OCTET_STRING *os;
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+    if (!ASN1_STRING_set(os, md, mdlen)
+        || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+                                       V_ASN1_OCTET_STRING, os)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_dgst.c b/openssl-1.1.0h/crypto/pkcs7/pk7_dgst.c
new file mode 100644
index 0000000..965fb37
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,15 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_doit.c b/openssl-1.1.0h/crypto/pkcs7/pk7_doit.c
new file mode 100644
index 0000000..e6e80f0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_doit.c
@@ -0,0 +1,1180 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
+
+static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
+    BIO *btmp;
+    const EVP_MD *md;
+    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+        goto err;
+    }
+
+    BIO_set_md(btmp, md);
+    if (*pbio == NULL)
+        *pbio = btmp;
+    else if (!BIO_push(*pbio, btmp)) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+    btmp = NULL;
+
+    return 1;
+
+ err:
+    BIO_free(btmp);
+    return 0;
+
+}
+
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                              unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *ek = NULL;
+    int ret = 0;
+    size_t eklen;
+
+    pkey = X509_get0_pubkey(ri->cert);
+
+    if (!pkey)
+        return 0;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return 0;
+
+    if (EVP_PKEY_encrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ri->enc_key, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = -1;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return -1;
+
+    if (EVP_PKEY_decrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0) {
+        ret = 0;
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(*pek, *peklen);
+    *pek = ek;
+    *peklen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
+    int i;
+    BIO *out = NULL, *btmp = NULL;
+    X509_ALGOR *xa = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    X509_ALGOR *xalg = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        md_sk = p7->d.sign->md_algs;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        xalg = p7->d.enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_digest:
+        xa = p7->d.digest->md;
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        break;
+    case NID_pkcs7_data:
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+            goto err;
+
+    if (xa && !PKCS7_bio_add_digest(&out, xa))
+        goto err;
+
+    if (evp_cipher != NULL) {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        int keylen, ivlen;
+        EVP_CIPHER_CTX *ctx;
+
+        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+            goto err;
+        }
+        BIO_get_cipher_ctx(btmp, &ctx);
+        keylen = EVP_CIPHER_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        if (ivlen > 0)
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+            goto err;
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+            goto err;
+
+        if (ivlen > 0) {
+            if (xalg->parameter == NULL) {
+                xalg->parameter = ASN1_TYPE_new();
+                if (xalg->parameter == NULL)
+                    goto err;
+            }
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                goto err;
+        }
+
+        /* Lets do the pub key stuff :-) */
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
+                goto err;
+        }
+        OPENSSL_cleanse(key, keylen);
+
+        if (out == NULL)
+            out = btmp;
+        else
+            BIO_push(out, btmp);
+        btmp = NULL;
+    }
+
+    if (bio == NULL) {
+        if (PKCS7_is_detached(p7)) {
+            bio = BIO_new(BIO_s_null());
+        } else if (os && os->length > 0) {
+            bio = BIO_new_mem_buf(os->data, os->length);
+        } else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    if (out)
+        BIO_push(out, bio);
+    else
+        out = bio;
+    return out;
+
+ err:
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    return NULL;
+}
+
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                        X509_get_issuer_name(pcert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
+                            ri->issuer_and_serial->serial);
+}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+    int i, j;
+    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+    X509_ALGOR *xa;
+    ASN1_OCTET_STRING *data_body = NULL;
+    const EVP_MD *evp_md;
+    const EVP_CIPHER *evp_cipher = NULL;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    unsigned char *ek = NULL, *tkey = NULL;
+    int eklen = 0, tkeylen = 0;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
+        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+        if (!PKCS7_is_detached(p7) && data_body == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+            goto err;
+        }
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        enc_alg = p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.enveloped->enc_data->enc_data;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
+    /* We will be checking the signature */
+    if (md_sk != NULL) {
+        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+            xa = sk_X509_ALGOR_value(md_sk, i);
+            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            j = OBJ_obj2nid(xa->algorithm);
+            evp_md = EVP_get_digestbynid(j);
+            if (evp_md == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                goto err;
+            }
+
+            BIO_set_md(btmp, evp_md);
+            if (out == NULL)
+                out = btmp;
+            else
+                BIO_push(out, btmp);
+            btmp = NULL;
+        }
+    }
+
+    if (evp_cipher != NULL) {
+        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+            goto err;
+        }
+
+        /*
+         * It was encrypted, we need to decrypt the secret key with the
+         * private key
+         */
+
+        /*
+         * Find the recipientInfo which matches the passed certificate (if
+         * any)
+         */
+
+        if (pcert) {
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                if (!pkcs7_cmp_ri(ri, pcert))
+                    break;
+                ri = NULL;
+            }
+            if (ri == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                goto err;
+            }
+        }
+
+        /* If we haven't got a certificate try each ri in turn */
+        if (pcert == NULL) {
+            /*
+             * Always attempt to decrypt all rinfo even after success as a
+             * defence against MMA timing attacks.
+             */
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+
+                if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                    goto err;
+                ERR_clear_error();
+            }
+        } else {
+            /* Only exit on fatal errors, not decrypt failure */
+            if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                goto err;
+            ERR_clear_error();
+        }
+
+        evp_ctx = NULL;
+        BIO_get_cipher_ctx(etmp, &evp_ctx);
+        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+            goto err;
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+            goto err;
+        /* Generate random key as MMA defence */
+        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+            goto err;
+        if (ek == NULL) {
+            ek = tkey;
+            eklen = tkeylen;
+            tkey = NULL;
+        }
+
+        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+            /*
+             * Some S/MIME clients don't use the same key and effective key
+             * length. The key length is determined by the size of the
+             * decrypted RSA key.
+             */
+            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
+                /* Use random key as MMA defence */
+                OPENSSL_clear_free(ek, eklen);
+                ek = tkey;
+                eklen = tkeylen;
+                tkey = NULL;
+            }
+        }
+        /* Clear errors so we don't leak information useful in MMA */
+        ERR_clear_error();
+        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
+            goto err;
+
+        OPENSSL_clear_free(ek, eklen);
+        ek = NULL;
+        OPENSSL_clear_free(tkey, tkeylen);
+        tkey = NULL;
+
+        if (out == NULL)
+            out = etmp;
+        else
+            BIO_push(out, etmp);
+        etmp = NULL;
+    }
+    if (in_bio != NULL) {
+        bio = in_bio;
+    } else {
+        if (data_body->length > 0)
+            bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    BIO_push(out, bio);
+    bio = NULL;
+    return out;
+
+ err:
+    OPENSSL_clear_free(ek, eklen);
+    OPENSSL_clear_free(tkey, tkeylen);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    BIO_free_all(etmp);
+    BIO_free_all(bio);
+    return NULL;
+}
+
+static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+    for (;;) {
+        bio = BIO_find_type(bio, BIO_TYPE_MD);
+        if (bio == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            return NULL;
+        }
+        BIO_get_md_ctx(bio, pmd);
+        if (*pmd == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        if (EVP_MD_CTX_type(*pmd) == nid)
+            return bio;
+        bio = BIO_next(bio);
+    }
+    return NULL;
+}
+
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+{
+    unsigned char md_data[EVP_MAX_MD_SIZE];
+    unsigned int md_len;
+
+    /* Add signing time if not already present */
+    if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+        if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
+            PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    /* Add digest */
+    if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+        return 0;
+    }
+    if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Now sign the attributes */
+    if (!PKCS7_SIGNER_INFO_sign(si))
+        return 0;
+
+    return 1;
+}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+    int ret = 0;
+    int i, j;
+    BIO *btmp;
+    PKCS7_SIGNER_INFO *si;
+    EVP_MD_CTX *mdc, *ctx_tmp;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    ctx_tmp = EVP_MD_CTX_new();
+    if (ctx_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        /* XXXXXXXXXXXXXXXX */
+        si_sk = p7->d.signed_and_enveloped->signer_info;
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        /* XXXXXXXXXXXXXXXX */
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_signed:
+        si_sk = p7->d.sign->signer_info;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.sign->contents->d.data = NULL;
+        }
+        break;
+
+    case NID_pkcs7_digest:
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.digest->contents->d.data = NULL;
+        }
+        break;
+
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    if (si_sk != NULL) {
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+            if (si->pkey == NULL)
+                continue;
+
+            j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+            btmp = bio;
+
+            btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+            if (btmp == NULL)
+                goto err;
+
+            /*
+             * We now have the EVP_MD_CTX, lets do the signing.
+             */
+            if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
+                goto err;
+
+            sk = si->auth_attr;
+
+            /*
+             * If there are attributes, we add the digest attribute and only
+             * sign the attributes
+             */
+            if (sk_X509_ATTRIBUTE_num(sk) > 0) {
+                if (!do_pkcs7_signed_attrib(si, ctx_tmp))
+                    goto err;
+            } else {
+                unsigned char *abuf = NULL;
+                unsigned int abuflen;
+                abuflen = EVP_PKEY_size(si->pkey);
+                abuf = OPENSSL_malloc(abuflen);
+                if (abuf == NULL)
+                    goto err;
+
+                if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+                    goto err;
+                }
+                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
+            }
+        }
+    } else if (i == NID_pkcs7_digest) {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        if (!PKCS7_find_digest(&mdc, bio,
+                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
+            goto err;
+        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
+            goto err;
+        if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
+            goto err;
+    }
+
+    if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+            char *cont;
+            long contlen;
+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+            if (btmp == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                goto err;
+            }
+            contlen = BIO_get_mem_data(btmp, &cont);
+            /*
+             * Mark the BIO read only then we can use its copy of the data
+             * instead of making an extra copy.
+             */
+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+            BIO_set_mem_eof_return(btmp, 0);
+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+        }
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx_tmp);
+    return (ret);
+}
+
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+{
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+    if (md == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = NULL;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_free(mctx);
+
+    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+
+}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    int ret = 0, i;
+    STACK_OF(X509) *cert;
+    X509 *x509;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (PKCS7_type_is_signed(p7)) {
+        cert = p7->d.sign->cert;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        cert = p7->d.signed_and_enveloped->cert;
+    } else {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+    /* XXXXXXXXXXXXXXXXXXXXXXX */
+    ias = si->issuer_and_serial;
+
+    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+    /* were we able to find the cert in passed to us */
+    if (x509 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+        goto err;
+    }
+
+    /* Lets verify */
+    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        goto err;
+    }
+    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        X509_STORE_CTX_cleanup(ctx);
+        goto err;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
+    return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+    return ret;
+}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509)
+{
+    ASN1_OCTET_STRING *os;
+    EVP_MD_CTX *mdc_tmp, *mdc;
+    int ret = 0, i;
+    int md_type;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    BIO *btmp;
+    EVP_PKEY *pkey;
+
+    mdc_tmp = EVP_MD_CTX_new();
+    if (mdc_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+
+    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+    btmp = bio;
+    for (;;) {
+        if ((btmp == NULL) ||
+            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        BIO_get_md_ctx(btmp, &mdc);
+        if (mdc == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_MD_CTX_type(mdc) == md_type)
+            break;
+        /*
+         * Workaround for some broken clients that put the signature OID
+         * instead of the digest OID in digest_alg->algorithm
+         */
+        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+            break;
+        btmp = BIO_next(btmp);
+    }
+
+    /*
+     * mdc is the digest ctx that we want, unless there are attributes, in
+     * which case the digest is the signed attributes
+     */
+    if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
+        goto err;
+
+    sk = si->auth_attr;
+    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+        unsigned int md_len;
+        int alen;
+        ASN1_OCTET_STRING *message_digest;
+
+        if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
+            goto err;
+        message_digest = PKCS7_digest_from_attributes(sk);
+        if (!message_digest) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        if ((message_digest->length != (int)md_len) ||
+            (memcmp(message_digest->data, md_dat, md_len))) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+            ret = -1;
+            goto err;
+        }
+
+        if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+            goto err;
+
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+        if (alen <= 0) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
+            ret = -1;
+            goto err;
+        }
+        if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
+            goto err;
+
+        OPENSSL_free(abuf);
+    }
+
+    os = si->enc_digest;
+    pkey = X509_get0_pubkey(x509);
+    if (!pkey) {
+        ret = -1;
+        goto err;
+    }
+
+    i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+        ret = -1;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(mdc_tmp);
+    return (ret);
+}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
+    STACK_OF(PKCS7_RECIP_INFO) *rsk;
+    PKCS7_RECIP_INFO *ri;
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    if (i != NID_pkcs7_signedAndEnveloped)
+        return NULL;
+    if (p7->d.signed_and_enveloped == NULL)
+        return NULL;
+    rsk = p7->d.signed_and_enveloped->recipientinfo;
+    if (rsk == NULL)
+        return NULL;
+    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+        return (NULL);
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+    return (ri->issuer_and_serial);
+}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return (get_attribute(si->auth_attr, nid));
+}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return (get_attribute(si->unauth_attr, nid));
+}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *xa;
+    idx = X509at_get_attr_by_NID(sk, nid, -1);
+    xa = X509at_get_attr(sk, idx);
+    return X509_ATTRIBUTE_get0_type(xa, 0);
+}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    ASN1_TYPE *astype;
+    if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+        return NULL;
+    return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->auth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->unauth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                               void *value)
+{
+    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value)
+{
+    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+{
+    X509_ATTRIBUTE *attr = NULL;
+
+    if (*sk == NULL) {
+        if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            return 0;
+ new_attrib:
+        if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
+            return 0;
+        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+            X509_ATTRIBUTE_free(attr);
+            return 0;
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+            attr = sk_X509_ATTRIBUTE_value(*sk, i);
+            if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
+                X509_ATTRIBUTE_free(attr);
+                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+                if (attr == NULL)
+                    return 0;
+                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+                    X509_ATTRIBUTE_free(attr);
+                    return 0;
+                }
+                goto end;
+            }
+        }
+        goto new_attrib;
+    }
+ end:
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_enc.c b/openssl-1.1.0h/crypto/pkcs7/pk7_enc.c
new file mode 100644
index 0000000..3c59f9c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_enc.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+PKCS7_in_bio(PKCS7 *p7, BIO *in);
+PKCS7_out_bio(PKCS7 *p7, BIO *out);
+
+PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_lib.c b/openssl-1.1.0h/crypto/pkcs7/pk7_lib.c
new file mode 100644
index 0000000..69c68cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_lib.c
@@ -0,0 +1,589 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+{
+    int nid;
+    long ret;
+
+    nid = OBJ_obj2nid(p7->type);
+
+    switch (cmd) {
+    /* NOTE(emilia): does not support detached digested data. */
+    case PKCS7_OP_SET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            ret = p7->detached = (int)larg;
+            if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+                ASN1_OCTET_STRING *os;
+                os = p7->d.sign->contents->d.data;
+                ASN1_OCTET_STRING_free(os);
+                p7->d.sign->contents->d.data = NULL;
+            }
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+        break;
+    case PKCS7_OP_GET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
+                ret = 1;
+            else
+                ret = 0;
+
+            p7->detached = ret;
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+        ret = 0;
+    }
+    return (ret);
+}
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+{
+    PKCS7 *ret = NULL;
+
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if (!PKCS7_set_type(ret, type))
+        goto err;
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return (1);
+ err:
+    PKCS7_free(ret);
+    return (0);
+}
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+{
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        PKCS7_free(p7->d.sign->contents);
+        p7->d.sign->contents = p7_data;
+        break;
+    case NID_pkcs7_digest:
+        PKCS7_free(p7->d.digest->contents);
+        p7->d.digest->contents = p7_data;
+        break;
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return (1);
+ err:
+    return (0);
+}
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+{
+    ASN1_OBJECT *obj;
+
+    /*
+     * PKCS7_content_free(p7);
+     */
+    obj = OBJ_nid2obj(type);    /* will not fail */
+
+    switch (type) {
+    case NID_pkcs7_signed:
+        p7->type = obj;
+        if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
+            PKCS7_SIGNED_free(p7->d.sign);
+            p7->d.sign = NULL;
+            goto err;
+        }
+        break;
+    case NID_pkcs7_data:
+        p7->type = obj;
+        if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
+            goto err;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        p7->type = obj;
+        if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
+            == NULL)
+            goto err;
+        ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
+        if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
+            goto err;
+        p7->d.signed_and_enveloped->enc_data->content_type
+            = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_enveloped:
+        p7->type = obj;
+        if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
+            goto err;
+        p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_encrypted:
+        p7->type = obj;
+        if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
+            goto err;
+        p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+
+    case NID_pkcs7_digest:
+        p7->type = obj;
+        if ((p7->d.digest = PKCS7_DIGEST_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
+            goto err;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return (1);
+ err:
+    return (0);
+}
+
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
+{
+    p7->type = OBJ_nid2obj(type);
+    p7->d.other = other;
+    return 1;
+}
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+{
+    int i, j, nid;
+    X509_ALGOR *alg;
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+    STACK_OF(X509_ALGOR) *md_sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        signer_sk = p7->d.sign->signer_info;
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        signer_sk = p7->d.signed_and_enveloped->signer_info;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    nid = OBJ_obj2nid(psi->digest_alg->algorithm);
+
+    /* If the digest is not currently listed, add it */
+    j = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+        alg = sk_X509_ALGOR_value(md_sk, i);
+        if (OBJ_obj2nid(alg->algorithm) == nid) {
+            j = 1;
+            break;
+        }
+    }
+    if (!j) {                   /* we need to add another algorithm */
+        if ((alg = X509_ALGOR_new()) == NULL
+            || (alg->parameter = ASN1_TYPE_new()) == NULL) {
+            X509_ALGOR_free(alg);
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        alg->algorithm = OBJ_nid2obj(nid);
+        alg->parameter->type = V_ASN1_NULL;
+        if (!sk_X509_ALGOR_push(md_sk, alg)) {
+            X509_ALGOR_free(alg);
+            return 0;
+        }
+    }
+
+    if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
+        return 0;
+    return (1);
+}
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+{
+    int i;
+    STACK_OF(X509) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->cert);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->cert);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_up_ref(x509);
+    if (!sk_X509_push(*sk, x509)) {
+        X509_free(x509);
+        return 0;
+    }
+    return (1);
+}
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+{
+    int i;
+    STACK_OF(X509_CRL) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->crl);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->crl);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_CRL_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    X509_CRL_up_ref(crl);
+    if (!sk_X509_CRL_push(*sk, crl)) {
+        X509_CRL_free(crl);
+        return 0;
+    }
+    return (1);
+}
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst)
+{
+    int ret;
+
+    /* We now need to add another PKCS7_SIGNER_INFO entry */
+    if (!ASN1_INTEGER_set(p7i->version, 1))
+        goto err;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        goto err;
+
+    /*
+     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
+     * ugly way.
+     */
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        goto err;
+
+    /* lets keep the pkey around for a while */
+    EVP_PKEY_up_ref(pkey);
+    p7i->pkey = pkey;
+
+    /* Set the algorithms */
+
+    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
+                    V_ASN1_NULL, NULL);
+
+    if (pkey->ameth && pkey->ameth->pkey_ctrl) {
+        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
+        if (ret > 0)
+            return 1;
+        if (ret != -2) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+                     PKCS7_R_SIGNING_CTRL_FAILURE);
+            return 0;
+        }
+    }
+    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+             PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ err:
+    return 0;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+                                       const EVP_MD *dgst)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+
+    if (dgst == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+            goto err;
+        dgst = EVP_get_digestbynid(def_nid);
+        if (dgst == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+        goto err;
+    if (!PKCS7_add_signer(p7, si))
+        goto err;
+    return (si);
+ err:
+    PKCS7_SIGNER_INFO_free(si);
+    return (NULL);
+}
+
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
+{
+    if (PKCS7_type_is_digest(p7)) {
+        if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        p7->d.digest->md->parameter->type = V_ASN1_NULL;
+        p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+        return 1;
+    }
+
+    PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+    return 1;
+}
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+{
+    if (p7 == NULL || p7->d.ptr == NULL)
+        return NULL;
+    if (PKCS7_type_is_signed(p7)) {
+        return (p7->d.sign->signer_info);
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        return (p7->d.signed_and_enveloped->signer_info);
+    } else
+        return (NULL);
+}
+
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (pdig)
+        *pdig = si->digest_alg;
+    if (psig)
+        *psig = si->digest_enc_alg;
+}
+
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+{
+    if (penc)
+        *penc = ri->key_enc_algor;
+}
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+{
+    PKCS7_RECIP_INFO *ri;
+
+    if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_RECIP_INFO_set(ri, x509))
+        goto err;
+    if (!PKCS7_add_recipient_info(p7, ri))
+        goto err;
+    return ri;
+ err:
+    PKCS7_RECIP_INFO_free(ri);
+    return NULL;
+}
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+{
+    int i;
+    STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        sk = p7->d.signed_and_enveloped->recipientinfo;
+        break;
+    case NID_pkcs7_enveloped:
+        sk = p7->d.enveloped->recipientinfo;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+                 PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
+        return 0;
+    return (1);
+}
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+{
+    int ret;
+    EVP_PKEY *pkey = NULL;
+    if (!ASN1_INTEGER_set(p7i->version, 0))
+        return 0;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        return 0;
+
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        return 0;
+
+    pkey = X509_get0_pubkey(x509);
+
+    if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+
+    ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
+    if (ret == -2) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+    if (ret <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+        goto err;
+    }
+
+    X509_up_ref(x509);
+    p7i->cert = x509;
+
+    return 1;
+
+ err:
+    return 0;
+}
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    if (PKCS7_type_is_signed(p7))
+        return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               si->issuer_and_serial->issuer,
+                                               si->
+                                               issuer_and_serial->serial));
+    else
+        return (NULL);
+}
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+{
+    int i;
+    PKCS7_ENC_CONTENT *ec;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        ec = p7->d.signed_and_enveloped->enc_data;
+        break;
+    case NID_pkcs7_enveloped:
+        ec = p7->d.enveloped->enc_data;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    /* Check cipher OID exists and has data in it */
+    i = EVP_CIPHER_type(cipher);
+    if (i == NID_undef) {
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+                 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        return (0);
+    }
+
+    ec->cipher = cipher;
+    return 1;
+}
+
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    switch (OBJ_obj2nid(p7->type)) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+
+    case NID_pkcs7_signedAndEnveloped:
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_enveloped:
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_signed:
+        os = p7->d.sign->contents->d.data;
+        break;
+
+    default:
+        os = NULL;
+        break;
+    }
+
+    if (os == NULL)
+        return 0;
+
+    os->flags |= ASN1_STRING_FLAG_NDEF;
+    *boundary = &os->data;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_mime.c b/openssl-1.1.0h/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000..97474cf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* PKCS#7 wrappers round generalised stream and MIME routines */
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
+                               ASN1_ITEM_rptr(PKCS7));
+}
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags,
+                                     "PKCS7", ASN1_ITEM_rptr(PKCS7));
+}
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(p7->type);
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = p7->d.sign->md_algs;
+    else
+        mdalgs = NULL;
+
+    flags ^= SMIME_OLDMIME;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                            ctype_nid, NID_undef, mdalgs,
+                            ASN1_ITEM_rptr(PKCS7));
+}
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+    return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/pk7_smime.c b/openssl-1.1.0h/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000..4418723
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+
+#define BUFFERSIZE 4096
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags)
+{
+    PKCS7 *p7;
+    int i;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+
+    if (!PKCS7_content_new(p7, NID_pkcs7_data))
+        goto err;
+
+    if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                goto err;
+        }
+    }
+
+    if (flags & PKCS7_DETACHED)
+        PKCS7_set_detached(p7, 1);
+
+    if (flags & (PKCS7_STREAM | PKCS7_PARTIAL))
+        return p7;
+
+    if (PKCS7_final(p7, data, flags))
+        return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+{
+    BIO *p7bio;
+    int ret = 0;
+
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, p7bio, flags);
+
+    (void)BIO_flush(p7bio);
+
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+
+    return ret;
+
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                         EVP_PKEY *pkey, const EVP_MD *md,
+                                         int flags)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+    STACK_OF(X509_ALGOR) *smcap = NULL;
+    if (!X509_check_private_key(signcert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+
+    if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+        return NULL;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        if (!PKCS7_add_certificate(p7, signcert))
+            goto err;
+    }
+
+    if (!(flags & PKCS7_NOATTR)) {
+        if (!PKCS7_add_attrib_content_type(si, NULL))
+            goto err;
+        /* Add SMIMECapabilities */
+        if (!(flags & PKCS7_NOSMIMECAP)) {
+            if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+                || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+                || !add_cipher_smcap(smcap, NID_des_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
+                || !PKCS7_add_attrib_smimecap(si, smcap))
+                goto err;
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            smcap = NULL;
+        }
+        if (flags & PKCS7_REUSE_DIGEST) {
+            if (!pkcs7_copy_existing_digest(p7, si))
+                goto err;
+            if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si))
+                goto err;
+        }
+    }
+    return si;
+ err:
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    return NULL;
+}
+
+/*
+ * Search for a digest matching SignerInfo digest type and if found copy
+ * across.
+ */
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    int i;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *sitmp;
+    ASN1_OCTET_STRING *osdig = NULL;
+    sinfos = PKCS7_get_signer_info(p7);
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        if (si == sitmp)
+            break;
+        if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
+            continue;
+        if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) {
+            osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
+            break;
+        }
+
+    }
+
+    if (osdig)
+        return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
+
+    PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
+             PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+    return 0;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags)
+{
+    STACK_OF(X509) *signers;
+    X509 *signer;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    X509_STORE_CTX *cert_ctx = NULL;
+    char *buf = NULL;
+    int i, j = 0, k, ret = 0;
+    BIO *p7bio = NULL;
+    BIO *tmpin = NULL, *tmpout = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check for no data and no content: no data to verify signature */
+    if (PKCS7_get_detached(p7) && !indata) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (flags & PKCS7_NO_DUAL_CONTENT) {
+        /*
+         * This was originally "#if 0" because we thought that only old broken
+         * Netscape did this.  It turns out that Authenticode uses this kind
+         * of "extended" PKCS7 format, and things like UEFI secure boot and
+         * tools like osslsigncode need it.  In Authenticode the verification
+         * process is different, but the existing PKCs7 verification works.
+         */
+        if (!PKCS7_get_detached(p7) && indata) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+            return 0;
+        }
+    }
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+        return 0;
+    }
+
+    signers = PKCS7_get0_signers(p7, certs, flags);
+    if (!signers)
+        return 0;
+
+    /* Now verify the certificates */
+
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL)
+        goto err;
+    if (!(flags & PKCS7_NOVERIFY))
+        for (k = 0; k < sk_X509_num(signers); k++) {
+            signer = sk_X509_value(signers, k);
+            if (!(flags & PKCS7_NOCHAIN)) {
+                if (!X509_STORE_CTX_init(cert_ctx, store, signer,
+                                         p7->d.sign->cert)) {
+                    PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                    goto err;
+                }
+                X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
+            } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                goto err;
+            }
+            if (!(flags & PKCS7_NOCRL))
+                X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
+            i = X509_verify_cert(cert_ctx);
+            if (i <= 0)
+                j = X509_STORE_CTX_get_error(cert_ctx);
+            X509_STORE_CTX_cleanup(cert_ctx);
+            if (i <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,
+                         PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                goto err;
+            }
+            /* Check for revocation status here */
+        }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(indata, &ptr);
+        tmpin = BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        tmpin = indata;
+
+    if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
+        goto err;
+
+    if (flags & PKCS7_TEXT) {
+        if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BIO_set_mem_eof_return(tmpout, 0);
+    } else
+        tmpout = out;
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
+        if (i <= 0)
+            break;
+        if (tmpout)
+            BIO_write(tmpout, buf, i);
+    }
+
+    if (flags & PKCS7_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
+            BIO_free(tmpout);
+            goto err;
+        }
+        BIO_free(tmpout);
+    }
+
+    /* Now Verify All Signatures */
+    if (!(flags & PKCS7_NOSIGS))
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+            signer = sk_X509_value(signers, i);
+            j = PKCS7_signatureVerify(p7bio, p7, si, signer);
+            if (j <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
+                goto err;
+            }
+        }
+
+    ret = 1;
+
+ err:
+    X509_STORE_CTX_free(cert_ctx);
+    OPENSSL_free(buf);
+    if (tmpin == indata) {
+        if (indata)
+            BIO_pop(p7bio);
+    }
+    BIO_free_all(p7bio);
+    sk_X509_free(signers);
+    return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags)
+{
+    STACK_OF(X509) *signers;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    X509 *signer;
+    int i;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Collect all the signers together */
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+        return 0;
+    }
+
+    if ((signers = sk_X509_new_null()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        ias = si->issuer_and_serial;
+        signer = NULL;
+        /* If any certificates passed they take priority */
+        if (certs)
+            signer = X509_find_by_issuer_and_serial(certs,
+                                                    ias->issuer, ias->serial);
+        if (!signer && !(flags & PKCS7_NOINTERN)
+            && p7->d.sign->cert)
+            signer =
+                X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               ias->issuer, ias->serial);
+        if (!signer) {
+            PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+                     PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+            sk_X509_free(signers);
+            return 0;
+        }
+
+        if (!sk_X509_push(signers, signer)) {
+            sk_X509_free(signers);
+            return NULL;
+        }
+    }
+    return signers;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags)
+{
+    PKCS7 *p7;
+    BIO *p7bio = NULL;
+    int i;
+    X509 *x509;
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+        goto err;
+    if (!PKCS7_set_cipher(p7, cipher)) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x509 = sk_X509_value(certs, i);
+        if (!PKCS7_add_recipient(p7, x509)) {
+            PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
+            goto err;
+        }
+    }
+
+    if (flags & PKCS7_STREAM)
+        return p7;
+
+    if (PKCS7_final(p7, in, flags))
+        return p7;
+
+ err:
+
+    BIO_free_all(p7bio);
+    PKCS7_free(p7);
+    return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+    BIO *tmpmem;
+    int ret = 0, i;
+    char *buf = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_enveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (cert && !X509_check_private_key(cert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return 0;
+    }
+
+    if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+        return 0;
+    }
+
+    if (flags & PKCS7_TEXT) {
+        BIO *tmpbuf, *bread;
+        /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+        if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpbuf);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        ret = SMIME_text(bread, data);
+        if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+            if (!BIO_get_cipher_status(tmpmem))
+                ret = 0;
+        }
+        BIO_free_all(bread);
+        return ret;
+    }
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(tmpmem, buf, BUFFERSIZE);
+        if (i <= 0) {
+            ret = 1;
+            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(tmpmem))
+                    ret = 0;
+            }
+
+            break;
+        }
+        if (BIO_write(data, buf, i) != i) {
+            break;
+        }
+    }
+err:
+    OPENSSL_free(buf);
+    BIO_free_all(tmpmem);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/pkcs7/pkcs7err.c b/openssl-1.1.0h/crypto/pkcs7/pkcs7err.c
new file mode 100644
index 0000000..d5baa9b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/pkcs7/pkcs7err.c
@@ -0,0 +1,131 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
+
+static ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),
+     "PKCS7_add0_attrib_signing_time"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
+     "PKCS7_add_attrib_smimecap"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
+    {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"},
+    {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),
+     "pkcs7_copy_existing_digest"},
+    {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
+    {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
+    {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"},
+    {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
+    {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
+    {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+     "certificate verify error"},
+    {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+     "cipher has no object identifier"},
+    {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
+    {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
+     "content and data present"},
+    {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"},
+    {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
+    {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+     "encryption not supported for this key type"},
+    {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
+    {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
+    {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
+    {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),
+     "invalid signed data type"},
+    {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
+     "no matching digest type found"},
+    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+     "no recipient matches certificate"},
+    {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
+    {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+     "operation not supported on this type"},
+    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+     "pkcs7 add signature error"},
+    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
+    {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+     "signer certificate not found"},
+    {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
+    {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+     "signing not supported for this key type"},
+    {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+     "unable to find certificate"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+     "unable to find message digest"},
+    {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
+    {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
+    {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
+    {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+     "unsupported content type"},
+    {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
+    {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS7_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PKCS7_str_functs);
+        ERR_load_strings(0, PKCS7_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv4.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv4.pl
new file mode 100755
index 0000000..fc899ce
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv4.pl
@@ -0,0 +1,1252 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+#			IALU(*)/gcc-4.4		NEON
+#
+# ARM11xx(ARMv6)	7.78/+100%		-
+# Cortex-A5		6.35/+130%		3.00
+# Cortex-A8		6.25/+115%		2.36
+# Cortex-A9		5.10/+95%		2.55
+# Cortex-A15		3.85/+85%		1.25(**)
+# Snapdragon S4		5.70/+100%		1.48(**)
+#
+# (*)	this is for -march=armv6, i.e. with bunch of ldrb loading data;
+# (**)	these are trade-off results, they can be improved by ~8% but at
+#	the cost of 15/12% regression on Cortex-A5/A7, it's even possible
+#	to improve Cortex-A9 result, but then A5/A7 loose more than 20%;
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+($ctx,$inp,$len,$padbit)=map("r$_",(0..3));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.globl	poly1305_emit
+.globl	poly1305_blocks
+.globl	poly1305_init
+.type	poly1305_init,%function
+.align	5
+poly1305_init:
+.Lpoly1305_init:
+	stmdb	sp!,{r4-r11}
+
+	eor	r3,r3,r3
+	cmp	$inp,#0
+	str	r3,[$ctx,#0]		@ zero hash value
+	str	r3,[$ctx,#4]
+	str	r3,[$ctx,#8]
+	str	r3,[$ctx,#12]
+	str	r3,[$ctx,#16]
+	str	r3,[$ctx,#36]		@ is_base2_26
+	add	$ctx,$ctx,#20
+
+#ifdef	__thumb2__
+	it	eq
+#endif
+	moveq	r0,#0
+	beq	.Lno_key
+
+#if	__ARM_MAX_ARCH__>=7
+	adr	r11,.Lpoly1305_init
+	ldr	r12,.LOPENSSL_armcap
+#endif
+	ldrb	r4,[$inp,#0]
+	mov	r10,#0x0fffffff
+	ldrb	r5,[$inp,#1]
+	and	r3,r10,#-4		@ 0x0ffffffc
+	ldrb	r6,[$inp,#2]
+	ldrb	r7,[$inp,#3]
+	orr	r4,r4,r5,lsl#8
+	ldrb	r5,[$inp,#4]
+	orr	r4,r4,r6,lsl#16
+	ldrb	r6,[$inp,#5]
+	orr	r4,r4,r7,lsl#24
+	ldrb	r7,[$inp,#6]
+	and	r4,r4,r10
+
+#if	__ARM_MAX_ARCH__>=7
+	ldr	r12,[r11,r12]		@ OPENSSL_armcap_P
+# ifdef	__APPLE__
+	ldr	r12,[r12]
+# endif
+#endif
+	ldrb	r8,[$inp,#7]
+	orr	r5,r5,r6,lsl#8
+	ldrb	r6,[$inp,#8]
+	orr	r5,r5,r7,lsl#16
+	ldrb	r7,[$inp,#9]
+	orr	r5,r5,r8,lsl#24
+	ldrb	r8,[$inp,#10]
+	and	r5,r5,r3
+
+#if	__ARM_MAX_ARCH__>=7
+	tst	r12,#ARMV7_NEON		@ check for NEON
+# ifdef	__APPLE__
+	adr	r9,poly1305_blocks_neon
+	adr	r11,poly1305_blocks
+#  ifdef __thumb2__
+	it	ne
+#  endif
+	movne	r11,r9
+	adr	r12,poly1305_emit
+	adr	r10,poly1305_emit_neon
+#  ifdef __thumb2__
+	it	ne
+#  endif
+	movne	r12,r10
+# else
+#  ifdef __thumb2__
+	itete	eq
+#  endif
+	addeq	r12,r11,#(poly1305_emit-.Lpoly1305_init)
+	addne	r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
+	addeq	r11,r11,#(poly1305_blocks-.Lpoly1305_init)
+	addne	r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+# endif
+# ifdef	__thumb2__
+	orr	r12,r12,#1	@ thumb-ify address
+	orr	r11,r11,#1
+# endif
+#endif
+	ldrb	r9,[$inp,#11]
+	orr	r6,r6,r7,lsl#8
+	ldrb	r7,[$inp,#12]
+	orr	r6,r6,r8,lsl#16
+	ldrb	r8,[$inp,#13]
+	orr	r6,r6,r9,lsl#24
+	ldrb	r9,[$inp,#14]
+	and	r6,r6,r3
+
+	ldrb	r10,[$inp,#15]
+	orr	r7,r7,r8,lsl#8
+	str	r4,[$ctx,#0]
+	orr	r7,r7,r9,lsl#16
+	str	r5,[$ctx,#4]
+	orr	r7,r7,r10,lsl#24
+	str	r6,[$ctx,#8]
+	and	r7,r7,r3
+	str	r7,[$ctx,#12]
+#if	__ARM_MAX_ARCH__>=7
+	stmia	r2,{r11,r12}		@ fill functions table
+	mov	r0,#1
+#else
+	mov	r0,#0
+#endif
+.Lno_key:
+	ldmia	sp!,{r4-r11}
+#if	__ARM_ARCH__>=5
+	ret				@ bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_init,.-poly1305_init
+___
+{
+my ($h0,$h1,$h2,$h3,$h4,$r0,$r1,$r2,$r3)=map("r$_",(4..12));
+my ($s1,$s2,$s3)=($r1,$r2,$r3);
+
+$code.=<<___;
+.type	poly1305_blocks,%function
+.align	5
+poly1305_blocks:
+	stmdb	sp!,{r3-r11,lr}
+
+	ands	$len,$len,#-16
+	beq	.Lno_data
+
+	cmp	$padbit,#0
+	add	$len,$len,$inp		@ end pointer
+	sub	sp,sp,#32
+
+	ldmia	$ctx,{$h0-$r3}		@ load context
+
+	str	$ctx,[sp,#12]		@ offload stuff
+	mov	lr,$inp
+	str	$len,[sp,#16]
+	str	$r1,[sp,#20]
+	str	$r2,[sp,#24]
+	str	$r3,[sp,#28]
+	b	.Loop
+
+.Loop:
+#if __ARM_ARCH__<7
+	ldrb	r0,[lr],#16		@ load input
+# ifdef	__thumb2__
+	it	hi
+# endif
+	addhi	$h4,$h4,#1		@ 1<<128
+	ldrb	r1,[lr,#-15]
+	ldrb	r2,[lr,#-14]
+	ldrb	r3,[lr,#-13]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-12]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-11]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-10]
+	adds	$h0,$h0,r3		@ accumulate input
+
+	ldrb	r3,[lr,#-9]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-8]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-7]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-6]
+	adcs	$h1,$h1,r3
+
+	ldrb	r3,[lr,#-5]
+	orr	r1,r0,r1,lsl#8
+	ldrb	r0,[lr,#-4]
+	orr	r2,r1,r2,lsl#16
+	ldrb	r1,[lr,#-3]
+	orr	r3,r2,r3,lsl#24
+	ldrb	r2,[lr,#-2]
+	adcs	$h2,$h2,r3
+
+	ldrb	r3,[lr,#-1]
+	orr	r1,r0,r1,lsl#8
+	str	lr,[sp,#8]		@ offload input pointer
+	orr	r2,r1,r2,lsl#16
+	add	$s1,$r1,$r1,lsr#2
+	orr	r3,r2,r3,lsl#24
+#else
+	ldr	r0,[lr],#16		@ load input
+# ifdef	__thumb2__
+	it	hi
+# endif
+	addhi	$h4,$h4,#1		@ padbit
+	ldr	r1,[lr,#-12]
+	ldr	r2,[lr,#-8]
+	ldr	r3,[lr,#-4]
+# ifdef	__ARMEB__
+	rev	r0,r0
+	rev	r1,r1
+	rev	r2,r2
+	rev	r3,r3
+# endif
+	adds	$h0,$h0,r0		@ accumulate input
+	str	lr,[sp,#8]		@ offload input pointer
+	adcs	$h1,$h1,r1
+	add	$s1,$r1,$r1,lsr#2
+	adcs	$h2,$h2,r2
+#endif
+	add	$s2,$r2,$r2,lsr#2
+	adcs	$h3,$h3,r3
+	add	$s3,$r3,$r3,lsr#2
+
+	umull	r2,r3,$h1,$r0
+	 adc	$h4,$h4,#0
+	umull	r0,r1,$h0,$r0
+	umlal	r2,r3,$h4,$s1
+	umlal	r0,r1,$h3,$s1
+	ldr	$r1,[sp,#20]		@ reload $r1
+	umlal	r2,r3,$h2,$s3
+	umlal	r0,r1,$h1,$s3
+	umlal	r2,r3,$h3,$s2
+	umlal	r0,r1,$h2,$s2
+	umlal	r2,r3,$h0,$r1
+	str	r0,[sp,#0]		@ future $h0
+	 mul	r0,$s2,$h4
+	ldr	$r2,[sp,#24]		@ reload $r2
+	adds	r2,r2,r1		@ d1+=d0>>32
+	 eor	r1,r1,r1
+	adc	lr,r3,#0		@ future $h2
+	str	r2,[sp,#4]		@ future $h1
+
+	mul	r2,$s3,$h4
+	eor	r3,r3,r3
+	umlal	r0,r1,$h3,$s3
+	ldr	$r3,[sp,#28]		@ reload $r3
+	umlal	r2,r3,$h3,$r0
+	umlal	r0,r1,$h2,$r0
+	umlal	r2,r3,$h2,$r1
+	umlal	r0,r1,$h1,$r1
+	umlal	r2,r3,$h1,$r2
+	umlal	r0,r1,$h0,$r2
+	umlal	r2,r3,$h0,$r3
+	ldr	$h0,[sp,#0]
+	mul	$h4,$r0,$h4
+	ldr	$h1,[sp,#4]
+
+	adds	$h2,lr,r0		@ d2+=d1>>32
+	ldr	lr,[sp,#8]		@ reload input pointer
+	adc	r1,r1,#0
+	adds	$h3,r2,r1		@ d3+=d2>>32
+	ldr	r0,[sp,#16]		@ reload end pointer
+	adc	r3,r3,#0
+	add	$h4,$h4,r3		@ h4+=d3>>32
+
+	and	r1,$h4,#-4
+	and	$h4,$h4,#3
+	add	r1,r1,r1,lsr#2		@ *=5
+	adds	$h0,$h0,r1
+	adcs	$h1,$h1,#0
+	adcs	$h2,$h2,#0
+	adcs	$h3,$h3,#0
+	adc	$h4,$h4,#0
+
+	cmp	r0,lr			@ done yet?
+	bhi	.Loop
+
+	ldr	$ctx,[sp,#12]
+	add	sp,sp,#32
+	stmia	$ctx,{$h0-$h4}		@ store the result
+
+.Lno_data:
+#if	__ARM_ARCH__>=5
+	ldmia	sp!,{r3-r11,pc}
+#else
+	ldmia	sp!,{r3-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_blocks,.-poly1305_blocks
+___
+}
+{
+my ($ctx,$mac,$nonce)=map("r$_",(0..2));
+my ($h0,$h1,$h2,$h3,$h4,$g0,$g1,$g2,$g3)=map("r$_",(3..11));
+my $g4=$h4;
+
+$code.=<<___;
+.type	poly1305_emit,%function
+.align	5
+poly1305_emit:
+	stmdb	sp!,{r4-r11}
+.Lpoly1305_emit_enter:
+
+	ldmia	$ctx,{$h0-$h4}
+	adds	$g0,$h0,#5		@ compare to modulus
+	adcs	$g1,$h1,#0
+	adcs	$g2,$h2,#0
+	adcs	$g3,$h3,#0
+	adc	$g4,$h4,#0
+	tst	$g4,#4			@ did it carry/borrow?
+
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h0,$g0
+	ldr	$g0,[$nonce,#0]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h1,$g1
+	ldr	$g1,[$nonce,#4]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h2,$g2
+	ldr	$g2,[$nonce,#8]
+#ifdef	__thumb2__
+	it	ne
+#endif
+	movne	$h3,$g3
+	ldr	$g3,[$nonce,#12]
+
+	adds	$h0,$h0,$g0
+	adcs	$h1,$h1,$g1
+	adcs	$h2,$h2,$g2
+	adc	$h3,$h3,$g3
+
+#if __ARM_ARCH__>=7
+# ifdef __ARMEB__
+	rev	$h0,$h0
+	rev	$h1,$h1
+	rev	$h2,$h2
+	rev	$h3,$h3
+# endif
+	str	$h0,[$mac,#0]
+	str	$h1,[$mac,#4]
+	str	$h2,[$mac,#8]
+	str	$h3,[$mac,#12]
+#else
+	strb	$h0,[$mac,#0]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#4]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#8]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#12]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#1]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#5]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#9]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#13]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#2]
+	mov	$h0,$h0,lsr#8
+	strb	$h1,[$mac,#6]
+	mov	$h1,$h1,lsr#8
+	strb	$h2,[$mac,#10]
+	mov	$h2,$h2,lsr#8
+	strb	$h3,[$mac,#14]
+	mov	$h3,$h3,lsr#8
+
+	strb	$h0,[$mac,#3]
+	strb	$h1,[$mac,#7]
+	strb	$h2,[$mac,#11]
+	strb	$h3,[$mac,#15]
+#endif
+	ldmia	sp!,{r4-r11}
+#if	__ARM_ARCH__>=5
+	ret				@ bx	lr
+#else
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	poly1305_emit,.-poly1305_emit
+___
+{
+my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("d$_",(0..9));
+my ($D0,$D1,$D2,$D3,$D4, $H0,$H1,$H2,$H3,$H4) = map("q$_",(5..14));
+my ($T0,$T1,$MASK) = map("q$_",(15,4,0));
+
+my ($in2,$zeros,$tbl0,$tbl1) = map("r$_",(4..7));
+
+$code.=<<___;
+#if	__ARM_MAX_ARCH__>=7
+.fpu	neon
+
+.type	poly1305_init_neon,%function
+.align	5
+poly1305_init_neon:
+	ldr	r4,[$ctx,#20]		@ load key base 2^32
+	ldr	r5,[$ctx,#24]
+	ldr	r6,[$ctx,#28]
+	ldr	r7,[$ctx,#32]
+
+	and	r2,r4,#0x03ffffff	@ base 2^32 -> base 2^26
+	mov	r3,r4,lsr#26
+	mov	r4,r5,lsr#20
+	orr	r3,r3,r5,lsl#6
+	mov	r5,r6,lsr#14
+	orr	r4,r4,r6,lsl#12
+	mov	r6,r7,lsr#8
+	orr	r5,r5,r7,lsl#18
+	and	r3,r3,#0x03ffffff
+	and	r4,r4,#0x03ffffff
+	and	r5,r5,#0x03ffffff
+
+	vdup.32	$R0,r2			@ r^1 in both lanes
+	add	r2,r3,r3,lsl#2		@ *5
+	vdup.32	$R1,r3
+	add	r3,r4,r4,lsl#2
+	vdup.32	$S1,r2
+	vdup.32	$R2,r4
+	add	r4,r5,r5,lsl#2
+	vdup.32	$S2,r3
+	vdup.32	$R3,r5
+	add	r5,r6,r6,lsl#2
+	vdup.32	$S3,r4
+	vdup.32	$R4,r6
+	vdup.32	$S4,r5
+
+	mov	$zeros,#2		@ counter
+
+.Lsquare_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	@ d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	@ d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	@ d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	@ d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+
+	vmull.u32	$D0,$R0,${R0}[1]
+	vmull.u32	$D1,$R1,${R0}[1]
+	vmull.u32	$D2,$R2,${R0}[1]
+	vmull.u32	$D3,$R3,${R0}[1]
+	vmull.u32	$D4,$R4,${R0}[1]
+
+	vmlal.u32	$D0,$R4,${S1}[1]
+	vmlal.u32	$D1,$R0,${R1}[1]
+	vmlal.u32	$D2,$R1,${R1}[1]
+	vmlal.u32	$D3,$R2,${R1}[1]
+	vmlal.u32	$D4,$R3,${R1}[1]
+
+	vmlal.u32	$D0,$R3,${S2}[1]
+	vmlal.u32	$D1,$R4,${S2}[1]
+	vmlal.u32	$D3,$R1,${R2}[1]
+	vmlal.u32	$D2,$R0,${R2}[1]
+	vmlal.u32	$D4,$R2,${R2}[1]
+
+	vmlal.u32	$D0,$R2,${S3}[1]
+	vmlal.u32	$D3,$R0,${R3}[1]
+	vmlal.u32	$D1,$R3,${S3}[1]
+	vmlal.u32	$D2,$R4,${S3}[1]
+	vmlal.u32	$D4,$R1,${R3}[1]
+
+	vmlal.u32	$D3,$R4,${S4}[1]
+	vmlal.u32	$D0,$R1,${S4}[1]
+	vmlal.u32	$D1,$R2,${S4}[1]
+	vmlal.u32	$D2,$R3,${S4}[1]
+	vmlal.u32	$D4,$R0,${R4}[1]
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	@ and P. Schwabe
+	@
+	@ H0>>+H1>>+H2>>+H3>>+H4
+	@ H3>>+H4>>*5+H0>>+H1
+	@
+	@ Trivia.
+	@
+	@ Result of multiplication of n-bit number by m-bit number is
+	@ n+m bits wide. However! Even though 2^n is a n+1-bit number,
+	@ m-bit number multiplied by 2^n is still n+m bits wide.
+	@
+	@ Sum of two n-bit numbers is n+1 bits wide, sum of three - n+2,
+	@ and so is sum of four. Sum of 2^m n-m-bit numbers and n-bit
+	@ one is n+1 bits wide.
+	@
+	@ >>+ denotes Hnext += Hn>>26, Hn &= 0x3ffffff. This means that
+	@ H0, H2, H3 are guaranteed to be 26 bits wide, while H1 and H4
+	@ can be 27. However! In cases when their width exceeds 26 bits
+	@ they are limited by 2^26+2^6. This in turn means that *sum*
+	@ of the products with these values can still be viewed as sum
+	@ of 52-bit numbers as long as the amount of addends is not a
+	@ power of 2. For example,
+	@
+	@ H4 = H4*R0 + H3*R1 + H2*R2 + H1*R3 + H0 * R4,
+	@
+	@ which can't be larger than 5 * (2^26 + 2^6) * (2^26 + 2^6), or
+	@ 5 * (2^52 + 2*2^32 + 2^12), which in turn is smaller than
+	@ 8 * (2^52) or 2^55. However, the value is then multiplied by
+	@ by 5, so we should be looking at 5 * 5 * (2^52 + 2^33 + 2^12),
+	@ which is less than 32 * (2^52) or 2^57. And when processing
+	@ data we are looking at triple as many addends...
+	@
+	@ In key setup procedure pre-reduced H0 is limited by 5*4+1 and
+	@ 5*H4 - by 5*5 52-bit addends, or 57 bits. But when hashing the
+	@ input H0 is limited by (5*4+1)*3 addends, or 58 bits, while
+	@ 5*H4 by 5*5*3, or 59[!] bits. How is this relevant? vmlal.u32
+	@ instruction accepts 2x32-bit input and writes 2x64-bit result.
+	@ This means that result of reduction have to be compressed upon
+	@ loop wrap-around. This can be done in the process of reduction
+	@ to minimize amount of instructions [as well as amount of
+	@ 128-bit instructions, which benefits low-end processors], but
+	@ one has to watch for H2 (which is narrower than H0) and 5*H4
+	@ not being wider than 58 bits, so that result of right shift
+	@ by 26 bits fits in 32 bits. This is also useful on x86,
+	@ because it allows to use paddd in place for paddq, which
+	@ benefits Atom, where paddq is ridiculously slow.
+
+	vshr.u64	$T0,$D3,#26
+	vmovn.i64	$D3#lo,$D3
+	 vshr.u64	$T1,$D0,#26
+	 vmovn.i64	$D0#lo,$D0
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	vbic.i32	$D3#lo,#0xfc000000	@ &=0x03ffffff
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+	 vbic.i32	$D0#lo,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D4,#26
+	vmovn.i64	$D4#lo,$D4
+	 vshr.u64	$T1,$D1,#26
+	 vmovn.i64	$D1#lo,$D1
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+	vbic.i32	$D4#lo,#0xfc000000
+	 vbic.i32	$D1#lo,#0xfc000000
+
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo
+	vshl.u32	$T0#lo,$T0#lo,#2
+	 vshrn.u64	$T1#lo,$D2,#26
+	 vmovn.i64	$D2#lo,$D2
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo	@ h4 -> h0
+	 vadd.i32	$D3#lo,$D3#lo,$T1#lo	@ h2 -> h3
+	 vbic.i32	$D2#lo,#0xfc000000
+
+	vshr.u32	$T0#lo,$D0#lo,#26
+	vbic.i32	$D0#lo,#0xfc000000
+	 vshr.u32	$T1#lo,$D3#lo,#26
+	 vbic.i32	$D3#lo,#0xfc000000
+	vadd.i32	$D1#lo,$D1#lo,$T0#lo	@ h0 -> h1
+	 vadd.i32	$D4#lo,$D4#lo,$T1#lo	@ h3 -> h4
+
+	subs		$zeros,$zeros,#1
+	beq		.Lsquare_break_neon
+
+	add		$tbl0,$ctx,#(48+0*9*4)
+	add		$tbl1,$ctx,#(48+1*9*4)
+
+	vtrn.32		$R0,$D0#lo		@ r^2:r^1
+	vtrn.32		$R2,$D2#lo
+	vtrn.32		$R3,$D3#lo
+	vtrn.32		$R1,$D1#lo
+	vtrn.32		$R4,$D4#lo
+
+	vshl.u32	$S2,$R2,#2		@ *5
+	vshl.u32	$S3,$R3,#2
+	vshl.u32	$S1,$R1,#2
+	vshl.u32	$S4,$R4,#2
+	vadd.i32	$S2,$S2,$R2
+	vadd.i32	$S1,$S1,$R1
+	vadd.i32	$S3,$S3,$R3
+	vadd.i32	$S4,$S4,$R4
+
+	vst4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!
+	vst4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!
+	vst4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vst4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vst1.32		{${S4}[0]},[$tbl0,:32]
+	vst1.32		{${S4}[1]},[$tbl1,:32]
+
+	b		.Lsquare_neon
+
+.align	4
+.Lsquare_break_neon:
+	add		$tbl0,$ctx,#(48+2*4*9)
+	add		$tbl1,$ctx,#(48+3*4*9)
+
+	vmov		$R0,$D0#lo		@ r^4:r^3
+	vshl.u32	$S1,$D1#lo,#2		@ *5
+	vmov		$R1,$D1#lo
+	vshl.u32	$S2,$D2#lo,#2
+	vmov		$R2,$D2#lo
+	vshl.u32	$S3,$D3#lo,#2
+	vmov		$R3,$D3#lo
+	vshl.u32	$S4,$D4#lo,#2
+	vmov		$R4,$D4#lo
+	vadd.i32	$S1,$S1,$D1#lo
+	vadd.i32	$S2,$S2,$D2#lo
+	vadd.i32	$S3,$S3,$D3#lo
+	vadd.i32	$S4,$S4,$D4#lo
+
+	vst4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!
+	vst4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!
+	vst4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vst4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vst1.32		{${S4}[0]},[$tbl0]
+	vst1.32		{${S4}[1]},[$tbl1]
+
+	ret				@ bx	lr
+.size	poly1305_init_neon,.-poly1305_init_neon
+
+.type	poly1305_blocks_neon,%function
+.align	5
+poly1305_blocks_neon:
+	ldr	ip,[$ctx,#36]		@ is_base2_26
+	ands	$len,$len,#-16
+	beq	.Lno_data_neon
+
+	cmp	$len,#64
+	bhs	.Lenter_neon
+	tst	ip,ip			@ is_base2_26?
+	beq	poly1305_blocks
+
+.Lenter_neon:
+	stmdb	sp!,{r4-r7}
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	tst	ip,ip			@ is_base2_26?
+	bne	.Lbase2_26_neon
+
+	stmdb	sp!,{r1-r3,lr}
+	bl	poly1305_init_neon
+
+	ldr	r4,[$ctx,#0]		@ load hash value base 2^32
+	ldr	r5,[$ctx,#4]
+	ldr	r6,[$ctx,#8]
+	ldr	r7,[$ctx,#12]
+	ldr	ip,[$ctx,#16]
+
+	and	r2,r4,#0x03ffffff	@ base 2^32 -> base 2^26
+	mov	r3,r4,lsr#26
+	 veor	$D0#lo,$D0#lo,$D0#lo
+	mov	r4,r5,lsr#20
+	orr	r3,r3,r5,lsl#6
+	 veor	$D1#lo,$D1#lo,$D1#lo
+	mov	r5,r6,lsr#14
+	orr	r4,r4,r6,lsl#12
+	 veor	$D2#lo,$D2#lo,$D2#lo
+	mov	r6,r7,lsr#8
+	orr	r5,r5,r7,lsl#18
+	 veor	$D3#lo,$D3#lo,$D3#lo
+	and	r3,r3,#0x03ffffff
+	orr	r6,r6,ip,lsl#24
+	 veor	$D4#lo,$D4#lo,$D4#lo
+	and	r4,r4,#0x03ffffff
+	mov	r1,#1
+	and	r5,r5,#0x03ffffff
+	str	r1,[$ctx,#36]		@ is_base2_26
+
+	vmov.32	$D0#lo[0],r2
+	vmov.32	$D1#lo[0],r3
+	vmov.32	$D2#lo[0],r4
+	vmov.32	$D3#lo[0],r5
+	vmov.32	$D4#lo[0],r6
+	adr	$zeros,.Lzeros
+
+	ldmia	sp!,{r1-r3,lr}
+	b	.Lbase2_32_neon
+
+.align	4
+.Lbase2_26_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ load hash value
+
+	veor		$D0#lo,$D0#lo,$D0#lo
+	veor		$D1#lo,$D1#lo,$D1#lo
+	veor		$D2#lo,$D2#lo,$D2#lo
+	veor		$D3#lo,$D3#lo,$D3#lo
+	veor		$D4#lo,$D4#lo,$D4#lo
+	vld4.32		{$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]!
+	adr		$zeros,.Lzeros
+	vld1.32		{$D4#lo[0]},[$ctx]
+	sub		$ctx,$ctx,#16		@ rewind
+
+.Lbase2_32_neon:
+	add		$in2,$inp,#32
+	mov		$padbit,$padbit,lsl#24
+	tst		$len,#31
+	beq		.Leven
+
+	vld4.32		{$H0#lo[0],$H1#lo[0],$H2#lo[0],$H3#lo[0]},[$inp]!
+	vmov.32		$H4#lo[0],$padbit
+	sub		$len,$len,#16
+	add		$in2,$inp,#32
+
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H3,$H3
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+# endif
+	vsri.u32	$H4#lo,$H3#lo,#8	@ base 2^32 -> base 2^26
+	vshl.u32	$H3#lo,$H3#lo,#18
+
+	vsri.u32	$H3#lo,$H2#lo,#14
+	vshl.u32	$H2#lo,$H2#lo,#12
+	vadd.i32	$H4#hi,$H4#lo,$D4#lo	@ add hash value and move to #hi
+
+	vbic.i32	$H3#lo,#0xfc000000
+	vsri.u32	$H2#lo,$H1#lo,#20
+	vshl.u32	$H1#lo,$H1#lo,#6
+
+	vbic.i32	$H2#lo,#0xfc000000
+	vsri.u32	$H1#lo,$H0#lo,#26
+	vadd.i32	$H3#hi,$H3#lo,$D3#lo
+
+	vbic.i32	$H0#lo,#0xfc000000
+	vbic.i32	$H1#lo,#0xfc000000
+	vadd.i32	$H2#hi,$H2#lo,$D2#lo
+
+	vadd.i32	$H0#hi,$H0#lo,$D0#lo
+	vadd.i32	$H1#hi,$H1#lo,$D1#lo
+
+	mov		$tbl1,$zeros
+	add		$tbl0,$ctx,#48
+
+	cmp		$len,$len
+	b		.Long_tail
+
+.align	4
+.Leven:
+	subs		$len,$len,#64
+	it		lo
+	movlo		$in2,$zeros
+
+	vmov.i32	$H4,#1<<24		@ padbit, yes, always
+	vld4.32		{$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp]	@ inp[0:1]
+	add		$inp,$inp,#64
+	vld4.32		{$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2]	@ inp[2:3] (or 0)
+	add		$in2,$in2,#64
+	itt		hi
+	addhi		$tbl1,$ctx,#(48+1*9*4)
+	addhi		$tbl0,$ctx,#(48+3*9*4)
+
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H3,$H3
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+# endif
+	vsri.u32	$H4,$H3,#8		@ base 2^32 -> base 2^26
+	vshl.u32	$H3,$H3,#18
+
+	vsri.u32	$H3,$H2,#14
+	vshl.u32	$H2,$H2,#12
+
+	vbic.i32	$H3,#0xfc000000
+	vsri.u32	$H2,$H1,#20
+	vshl.u32	$H1,$H1,#6
+
+	vbic.i32	$H2,#0xfc000000
+	vsri.u32	$H1,$H0,#26
+
+	vbic.i32	$H0,#0xfc000000
+	vbic.i32	$H1,#0xfc000000
+
+	bls		.Lskip_loop
+
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^2
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^4
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	b		.Loop_neon
+
+.align	5
+.Loop_neon:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	@ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	@   \___________________/
+	@ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	@ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	@   \___________________/ \____________________/
+	@
+	@ Note that we start with inp[2:3]*r^2. This is because it
+	@ doesn't depend on reduction in previous iteration.
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	@ d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	@ d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	@ d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	@ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ inp[2:3]*r^2
+
+	vadd.i32	$H2#lo,$H2#lo,$D2#lo	@ accumulate inp[0:1]
+	vmull.u32	$D2,$H2#hi,${R0}[1]
+	vadd.i32	$H0#lo,$H0#lo,$D0#lo
+	vmull.u32	$D0,$H0#hi,${R0}[1]
+	vadd.i32	$H3#lo,$H3#lo,$D3#lo
+	vmull.u32	$D3,$H3#hi,${R0}[1]
+	vmlal.u32	$D2,$H1#hi,${R1}[1]
+	vadd.i32	$H1#lo,$H1#lo,$D1#lo
+	vmull.u32	$D1,$H1#hi,${R0}[1]
+
+	vadd.i32	$H4#lo,$H4#lo,$D4#lo
+	vmull.u32	$D4,$H4#hi,${R0}[1]
+	subs		$len,$len,#64
+	vmlal.u32	$D0,$H4#hi,${S1}[1]
+	it		lo
+	movlo		$in2,$zeros
+	vmlal.u32	$D3,$H2#hi,${R1}[1]
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D1,$H0#hi,${R1}[1]
+	vmlal.u32	$D4,$H3#hi,${R1}[1]
+
+	vmlal.u32	$D0,$H3#hi,${S2}[1]
+	vmlal.u32	$D3,$H1#hi,${R2}[1]
+	vmlal.u32	$D4,$H2#hi,${R2}[1]
+	vmlal.u32	$D1,$H4#hi,${S2}[1]
+	vmlal.u32	$D2,$H0#hi,${R2}[1]
+
+	vmlal.u32	$D3,$H0#hi,${R3}[1]
+	vmlal.u32	$D0,$H2#hi,${S3}[1]
+	vmlal.u32	$D4,$H1#hi,${R3}[1]
+	vmlal.u32	$D1,$H3#hi,${S3}[1]
+	vmlal.u32	$D2,$H4#hi,${S3}[1]
+
+	vmlal.u32	$D3,$H4#hi,${S4}[1]
+	vmlal.u32	$D0,$H1#hi,${S4}[1]
+	vmlal.u32	$D4,$H0#hi,${R4}[1]
+	vmlal.u32	$D1,$H2#hi,${S4}[1]
+	vmlal.u32	$D2,$H3#hi,${S4}[1]
+
+	vld4.32		{$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2]	@ inp[2:3] (or 0)
+	add		$in2,$in2,#64
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ (hash+inp[0:1])*r^4 and accumulate
+
+	vmlal.u32	$D3,$H3#lo,${R0}[0]
+	vmlal.u32	$D0,$H0#lo,${R0}[0]
+	vmlal.u32	$D4,$H4#lo,${R0}[0]
+	vmlal.u32	$D1,$H1#lo,${R0}[0]
+	vmlal.u32	$D2,$H2#lo,${R0}[0]
+	vld1.32		${S4}[0],[$tbl0,:32]
+
+	vmlal.u32	$D3,$H2#lo,${R1}[0]
+	vmlal.u32	$D0,$H4#lo,${S1}[0]
+	vmlal.u32	$D4,$H3#lo,${R1}[0]
+	vmlal.u32	$D1,$H0#lo,${R1}[0]
+	vmlal.u32	$D2,$H1#lo,${R1}[0]
+
+	vmlal.u32	$D3,$H1#lo,${R2}[0]
+	vmlal.u32	$D0,$H3#lo,${S2}[0]
+	vmlal.u32	$D4,$H2#lo,${R2}[0]
+	vmlal.u32	$D1,$H4#lo,${S2}[0]
+	vmlal.u32	$D2,$H0#lo,${R2}[0]
+
+	vmlal.u32	$D3,$H0#lo,${R3}[0]
+	vmlal.u32	$D0,$H2#lo,${S3}[0]
+	vmlal.u32	$D4,$H1#lo,${R3}[0]
+	vmlal.u32	$D1,$H3#lo,${S3}[0]
+	vmlal.u32	$D3,$H4#lo,${S4}[0]
+
+	vmlal.u32	$D2,$H4#lo,${S3}[0]
+	vmlal.u32	$D0,$H1#lo,${S4}[0]
+	vmlal.u32	$D4,$H0#lo,${R4}[0]
+	vmov.i32	$H4,#1<<24		@ padbit, yes, always
+	vmlal.u32	$D1,$H2#lo,${S4}[0]
+	vmlal.u32	$D2,$H3#lo,${S4}[0]
+
+	vld4.32		{$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp]	@ inp[0:1]
+	add		$inp,$inp,#64
+# ifdef	__ARMEB__
+	vrev32.8	$H0,$H0
+	vrev32.8	$H1,$H1
+	vrev32.8	$H2,$H2
+	vrev32.8	$H3,$H3
+# endif
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction interleaved with base 2^32 -> base 2^26 of
+	@ inp[0:3] previously loaded to $H0-$H3 and smashed to $H0-$H4.
+
+	vshr.u64	$T0,$D3,#26
+	vmovn.i64	$D3#lo,$D3
+	 vshr.u64	$T1,$D0,#26
+	 vmovn.i64	$D0#lo,$D0
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	vbic.i32	$D3#lo,#0xfc000000
+	  vsri.u32	$H4,$H3,#8		@ base 2^32 -> base 2^26
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+	  vshl.u32	$H3,$H3,#18
+	 vbic.i32	$D0#lo,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D4,#26
+	vmovn.i64	$D4#lo,$D4
+	 vshr.u64	$T1,$D1,#26
+	 vmovn.i64	$D1#lo,$D1
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+	  vsri.u32	$H3,$H2,#14
+	vbic.i32	$D4#lo,#0xfc000000
+	  vshl.u32	$H2,$H2,#12
+	 vbic.i32	$D1#lo,#0xfc000000
+
+	vadd.i32	$D0#lo,$D0#lo,$T0#lo
+	vshl.u32	$T0#lo,$T0#lo,#2
+	  vbic.i32	$H3,#0xfc000000
+	 vshrn.u64	$T1#lo,$D2,#26
+	 vmovn.i64	$D2#lo,$D2
+	vaddl.u32	$D0,$D0#lo,$T0#lo	@ h4 -> h0 [widen for a sec]
+	  vsri.u32	$H2,$H1,#20
+	 vadd.i32	$D3#lo,$D3#lo,$T1#lo	@ h2 -> h3
+	  vshl.u32	$H1,$H1,#6
+	 vbic.i32	$D2#lo,#0xfc000000
+	  vbic.i32	$H2,#0xfc000000
+
+	vshrn.u64	$T0#lo,$D0,#26		@ re-narrow
+	vmovn.i64	$D0#lo,$D0
+	  vsri.u32	$H1,$H0,#26
+	  vbic.i32	$H0,#0xfc000000
+	 vshr.u32	$T1#lo,$D3#lo,#26
+	 vbic.i32	$D3#lo,#0xfc000000
+	vbic.i32	$D0#lo,#0xfc000000
+	vadd.i32	$D1#lo,$D1#lo,$T0#lo	@ h0 -> h1
+	 vadd.i32	$D4#lo,$D4#lo,$T1#lo	@ h3 -> h4
+	  vbic.i32	$H1,#0xfc000000
+
+	bhi		.Loop_neon
+
+.Lskip_loop:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	add		$tbl1,$ctx,#(48+0*9*4)
+	add		$tbl0,$ctx,#(48+1*9*4)
+	adds		$len,$len,#32
+	it		ne
+	movne		$len,#0
+	bne		.Long_tail
+
+	vadd.i32	$H2#hi,$H2#lo,$D2#lo	@ add hash value and move to #hi
+	vadd.i32	$H0#hi,$H0#lo,$D0#lo
+	vadd.i32	$H3#hi,$H3#lo,$D3#lo
+	vadd.i32	$H1#hi,$H1#lo,$D1#lo
+	vadd.i32	$H4#hi,$H4#lo,$D4#lo
+
+.Long_tail:
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^1
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^2
+
+	vadd.i32	$H2#lo,$H2#lo,$D2#lo	@ can be redundant
+	vmull.u32	$D2,$H2#hi,$R0
+	vadd.i32	$H0#lo,$H0#lo,$D0#lo
+	vmull.u32	$D0,$H0#hi,$R0
+	vadd.i32	$H3#lo,$H3#lo,$D3#lo
+	vmull.u32	$D3,$H3#hi,$R0
+	vadd.i32	$H1#lo,$H1#lo,$D1#lo
+	vmull.u32	$D1,$H1#hi,$R0
+	vadd.i32	$H4#lo,$H4#lo,$D4#lo
+	vmull.u32	$D4,$H4#hi,$R0
+
+	vmlal.u32	$D0,$H4#hi,$S1
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vmlal.u32	$D3,$H2#hi,$R1
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vmlal.u32	$D1,$H0#hi,$R1
+	vmlal.u32	$D4,$H3#hi,$R1
+	vmlal.u32	$D2,$H1#hi,$R1
+
+	vmlal.u32	$D3,$H1#hi,$R2
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D0,$H3#hi,$S2
+	vld1.32		${S4}[0],[$tbl0,:32]
+	vmlal.u32	$D4,$H2#hi,$R2
+	vmlal.u32	$D1,$H4#hi,$S2
+	vmlal.u32	$D2,$H0#hi,$R2
+
+	vmlal.u32	$D3,$H0#hi,$R3
+	 it		ne
+	 addne		$tbl1,$ctx,#(48+2*9*4)
+	vmlal.u32	$D0,$H2#hi,$S3
+	 it		ne
+	 addne		$tbl0,$ctx,#(48+3*9*4)
+	vmlal.u32	$D4,$H1#hi,$R3
+	vmlal.u32	$D1,$H3#hi,$S3
+	vmlal.u32	$D2,$H4#hi,$S3
+
+	vmlal.u32	$D3,$H4#hi,$S4
+	 vorn		$MASK,$MASK,$MASK	@ all-ones, can be redundant
+	vmlal.u32	$D0,$H1#hi,$S4
+	 vshr.u64	$MASK,$MASK,#38
+	vmlal.u32	$D4,$H0#hi,$R4
+	vmlal.u32	$D1,$H2#hi,$S4
+	vmlal.u32	$D2,$H3#hi,$S4
+
+	beq		.Lshort_tail
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ (hash+inp[0:1])*r^4:r^3 and accumulate
+
+	vld4.32		{${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]!	@ load r^3
+	vld4.32		{${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]!	@ load r^4
+
+	vmlal.u32	$D2,$H2#lo,$R0
+	vmlal.u32	$D0,$H0#lo,$R0
+	vmlal.u32	$D3,$H3#lo,$R0
+	vmlal.u32	$D1,$H1#lo,$R0
+	vmlal.u32	$D4,$H4#lo,$R0
+
+	vmlal.u32	$D0,$H4#lo,$S1
+	vld4.32		{${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]!
+	vmlal.u32	$D3,$H2#lo,$R1
+	vld4.32		{${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]!
+	vmlal.u32	$D1,$H0#lo,$R1
+	vmlal.u32	$D4,$H3#lo,$R1
+	vmlal.u32	$D2,$H1#lo,$R1
+
+	vmlal.u32	$D3,$H1#lo,$R2
+	vld1.32		${S4}[1],[$tbl1,:32]
+	vmlal.u32	$D0,$H3#lo,$S2
+	vld1.32		${S4}[0],[$tbl0,:32]
+	vmlal.u32	$D4,$H2#lo,$R2
+	vmlal.u32	$D1,$H4#lo,$S2
+	vmlal.u32	$D2,$H0#lo,$R2
+
+	vmlal.u32	$D3,$H0#lo,$R3
+	vmlal.u32	$D0,$H2#lo,$S3
+	vmlal.u32	$D4,$H1#lo,$R3
+	vmlal.u32	$D1,$H3#lo,$S3
+	vmlal.u32	$D2,$H4#lo,$S3
+
+	vmlal.u32	$D3,$H4#lo,$S4
+	 vorn		$MASK,$MASK,$MASK	@ all-ones
+	vmlal.u32	$D0,$H1#lo,$S4
+	 vshr.u64	$MASK,$MASK,#38
+	vmlal.u32	$D4,$H0#lo,$R4
+	vmlal.u32	$D1,$H2#lo,$S4
+	vmlal.u32	$D2,$H3#lo,$S4
+
+.Lshort_tail:
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ horizontal addition
+
+	vadd.i64	$D3#lo,$D3#lo,$D3#hi
+	vadd.i64	$D0#lo,$D0#lo,$D0#hi
+	vadd.i64	$D4#lo,$D4#lo,$D4#hi
+	vadd.i64	$D1#lo,$D1#lo,$D1#hi
+	vadd.i64	$D2#lo,$D2#lo,$D2#hi
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ lazy reduction, but without narrowing
+
+	vshr.u64	$T0,$D3,#26
+	vand.i64	$D3,$D3,$MASK
+	 vshr.u64	$T1,$D0,#26
+	 vand.i64	$D0,$D0,$MASK
+	vadd.i64	$D4,$D4,$T0		@ h3 -> h4
+	 vadd.i64	$D1,$D1,$T1		@ h0 -> h1
+
+	vshr.u64	$T0,$D4,#26
+	vand.i64	$D4,$D4,$MASK
+	 vshr.u64	$T1,$D1,#26
+	 vand.i64	$D1,$D1,$MASK
+	 vadd.i64	$D2,$D2,$T1		@ h1 -> h2
+
+	vadd.i64	$D0,$D0,$T0
+	vshl.u64	$T0,$T0,#2
+	 vshr.u64	$T1,$D2,#26
+	 vand.i64	$D2,$D2,$MASK
+	vadd.i64	$D0,$D0,$T0		@ h4 -> h0
+	 vadd.i64	$D3,$D3,$T1		@ h2 -> h3
+
+	vshr.u64	$T0,$D0,#26
+	vand.i64	$D0,$D0,$MASK
+	 vshr.u64	$T1,$D3,#26
+	 vand.i64	$D3,$D3,$MASK
+	vadd.i64	$D1,$D1,$T0		@ h0 -> h1
+	 vadd.i64	$D4,$D4,$T1		@ h3 -> h4
+
+	cmp		$len,#0
+	bne		.Leven
+
+	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+	@ store hash value
+
+	vst4.32		{$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]!
+	vst1.32		{$D4#lo[0]},[$ctx]
+
+	vldmia	sp!,{d8-d15}			@ epilogue
+	ldmia	sp!,{r4-r7}
+.Lno_data_neon:
+	ret					@ bx	lr
+.size	poly1305_blocks_neon,.-poly1305_blocks_neon
+
+.type	poly1305_emit_neon,%function
+.align	5
+poly1305_emit_neon:
+	ldr	ip,[$ctx,#36]		@ is_base2_26
+
+	stmdb	sp!,{r4-r11}
+
+	tst	ip,ip
+	beq	.Lpoly1305_emit_enter
+
+	ldmia	$ctx,{$h0-$h4}
+	eor	$g0,$g0,$g0
+
+	adds	$h0,$h0,$h1,lsl#26	@ base 2^26 -> base 2^32
+	mov	$h1,$h1,lsr#6
+	adcs	$h1,$h1,$h2,lsl#20
+	mov	$h2,$h2,lsr#12
+	adcs	$h2,$h2,$h3,lsl#14
+	mov	$h3,$h3,lsr#18
+	adcs	$h3,$h3,$h4,lsl#8
+	adc	$h4,$g0,$h4,lsr#24	@ can be partially reduced ...
+
+	and	$g0,$h4,#-4		@ ... so reduce
+	and	$h4,$h3,#3
+	add	$g0,$g0,$g0,lsr#2	@ *= 5
+	adds	$h0,$h0,$g0
+	adcs	$h1,$h1,#0
+	adcs	$h2,$h2,#0
+	adcs	$h3,$h3,#0
+	adc	$h4,$h4,#0
+
+	adds	$g0,$h0,#5		@ compare to modulus
+	adcs	$g1,$h1,#0
+	adcs	$g2,$h2,#0
+	adcs	$g3,$h3,#0
+	adc	$g4,$h4,#0
+	tst	$g4,#4			@ did it carry/borrow?
+
+	it	ne
+	movne	$h0,$g0
+	ldr	$g0,[$nonce,#0]
+	it	ne
+	movne	$h1,$g1
+	ldr	$g1,[$nonce,#4]
+	it	ne
+	movne	$h2,$g2
+	ldr	$g2,[$nonce,#8]
+	it	ne
+	movne	$h3,$g3
+	ldr	$g3,[$nonce,#12]
+
+	adds	$h0,$h0,$g0		@ accumulate nonce
+	adcs	$h1,$h1,$g1
+	adcs	$h2,$h2,$g2
+	adc	$h3,$h3,$g3
+
+# ifdef __ARMEB__
+	rev	$h0,$h0
+	rev	$h1,$h1
+	rev	$h2,$h2
+	rev	$h3,$h3
+# endif
+	str	$h0,[$mac,#0]		@ store the result
+	str	$h1,[$mac,#4]
+	str	$h2,[$mac,#8]
+	str	$h3,[$mac,#12]
+
+	ldmia	sp!,{r4-r11}
+	ret				@ bx	lr
+.size	poly1305_emit_neon,.-poly1305_emit_neon
+
+.align	5
+.Lzeros:
+.long	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lpoly1305_init
+#endif
+___
+}	}
+$code.=<<___;
+.asciz	"Poly1305 for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if	__ARM_MAX_ARCH__>=7
+.comm   OPENSSL_armcap_P,4,4
+#endif
+___
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
+	s/\bret\b/bx	lr/go						or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv8.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv8.pl
new file mode 100755
index 0000000..0fc8667
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-armv8.pl
@@ -0,0 +1,943 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for ARMv8.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#		IALU/gcc-4.9	NEON
+#
+# Apple A7	1.86/+5%	0.72
+# Cortex-A53	2.69/+58%	1.47
+# Cortex-A57	2.70/+7%	1.14
+# Denver	1.64/+50%	1.18(*)
+# X-Gene	2.13/+68%	2.27
+# Mongoose	1.77/+75%	1.12
+#
+# (*)	estimate based on resources availability is less than 1.0,
+#	i.e. measured result is worse than expected, presumably binary
+#	translator is not almighty;
+
+$flavour=shift;
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my ($ctx,$inp,$len,$padbit) = map("x$_",(0..3));
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$r0,$r1,$s1,$t0,$t1,$d0,$d1,$d2) = map("x$_",(4..14));
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+// forward "declarations" are required for Apple
+.extern	OPENSSL_armcap_P
+.globl	poly1305_blocks
+.globl	poly1305_emit
+
+.globl	poly1305_init
+.type	poly1305_init,%function
+.align	5
+poly1305_init:
+	cmp	$inp,xzr
+	stp	xzr,xzr,[$ctx]		// zero hash value
+	stp	xzr,xzr,[$ctx,#16]	// [along with is_base2_26]
+
+	csel	x0,xzr,x0,eq
+	b.eq	.Lno_key
+
+#ifdef	__ILP32__
+	ldrsw	$t1,.LOPENSSL_armcap_P
+#else
+	ldr	$t1,.LOPENSSL_armcap_P
+#endif
+	adr	$t0,.LOPENSSL_armcap_P
+
+	ldp	$r0,$r1,[$inp]		// load key
+	mov	$s1,#0xfffffffc0fffffff
+	movk	$s1,#0x0fff,lsl#48
+	ldr	w17,[$t0,$t1]
+#ifdef	__ARMEB__
+	rev	$r0,$r0			// flip bytes
+	rev	$r1,$r1
+#endif
+	and	$r0,$r0,$s1		// &=0ffffffc0fffffff
+	and	$s1,$s1,#-4
+	and	$r1,$r1,$s1		// &=0ffffffc0ffffffc
+	stp	$r0,$r1,[$ctx,#32]	// save key value
+
+	tst	w17,#ARMV7_NEON
+
+	adr	$d0,poly1305_blocks
+	adr	$r0,poly1305_blocks_neon
+	adr	$d1,poly1305_emit
+	adr	$r1,poly1305_emit_neon
+
+	csel	$d0,$d0,$r0,eq
+	csel	$d1,$d1,$r1,eq
+
+#ifdef	__ILP32__
+	stp	w12,w13,[$len]
+#else
+	stp	$d0,$d1,[$len]
+#endif
+
+	mov	x0,#1
+.Lno_key:
+	ret
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,%function
+.align	5
+poly1305_blocks:
+	ands	$len,$len,#-16
+	b.eq	.Lno_data
+
+	ldp	$h0,$h1,[$ctx]		// load hash value
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+	ldr	$h2,[$ctx,#16]
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+	b	.Loop
+
+.align	5
+.Loop:
+	ldp	$t0,$t1,[$inp],#16	// load input
+	sub	$len,$len,#16
+#ifdef	__ARMEB__
+	rev	$t0,$t0
+	rev	$t1,$t1
+#endif
+	adds	$h0,$h0,$t0		// accumulate input
+	adcs	$h1,$h1,$t1
+
+	mul	$d0,$h0,$r0		// h0*r0
+	adc	$h2,$h2,$padbit
+	umulh	$d1,$h0,$r0
+
+	mul	$t0,$h1,$s1		// h1*5*r1
+	umulh	$t1,$h1,$s1
+
+	adds	$d0,$d0,$t0
+	mul	$t0,$h0,$r1		// h0*r1
+	adc	$d1,$d1,$t1
+	umulh	$d2,$h0,$r1
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h1,$r0		// h1*r0
+	adc	$d2,$d2,xzr
+	umulh	$t1,$h1,$r0
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h2,$s1		// h2*5*r1
+	adc	$d2,$d2,$t1
+	mul	$t1,$h2,$r0		// h2*r0
+
+	adds	$d1,$d1,$t0
+	adc	$d2,$d2,$t1
+
+	and	$t0,$d2,#-4		// final reduction
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$d0,$t0
+	adcs	$h1,$d1,xzr
+	adc	$h2,$h2,xzr
+
+	cbnz	$len,.Loop
+
+	stp	$h0,$h1,[$ctx]		// store hash value
+	str	$h2,[$ctx,#16]
+
+.Lno_data:
+	ret
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,%function
+.align	5
+poly1305_emit:
+	ldp	$h0,$h1,[$ctx]		// load hash base 2^64
+	ldr	$h2,[$ctx,#16]
+	ldp	$t0,$t1,[$nonce]	// load nonce
+
+	adds	$d0,$h0,#5		// compare to modulus
+	adcs	$d1,$h1,xzr
+	adc	$d2,$h2,xzr
+
+	tst	$d2,#-4			// see if it's carried/borrowed
+
+	csel	$h0,$h0,$d0,eq
+	csel	$h1,$h1,$d1,eq
+
+#ifdef	__ARMEB__
+	ror	$t0,$t0,#32		// flip nonce words
+	ror	$t1,$t1,#32
+#endif
+	adds	$h0,$h0,$t0		// accumulate nonce
+	adc	$h1,$h1,$t1
+#ifdef	__ARMEB__
+	rev	$h0,$h0			// flip output bytes
+	rev	$h1,$h1
+#endif
+	stp	$h0,$h1,[$mac]		// write result
+
+	ret
+.size	poly1305_emit,.-poly1305_emit
+___
+my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("v$_.4s",(0..8));
+my ($IN01_0,$IN01_1,$IN01_2,$IN01_3,$IN01_4) = map("v$_.2s",(9..13));
+my ($IN23_0,$IN23_1,$IN23_2,$IN23_3,$IN23_4) = map("v$_.2s",(14..18));
+my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4) = map("v$_.2d",(19..23));
+my ($H0,$H1,$H2,$H3,$H4) = map("v$_.2s",(24..28));
+my ($T0,$T1,$MASK) = map("v$_",(29..31));
+
+my ($in2,$zeros)=("x16","x17");
+my $is_base2_26 = $zeros;		# borrow
+
+$code.=<<___;
+.type	poly1305_mult,%function
+.align	5
+poly1305_mult:
+	mul	$d0,$h0,$r0		// h0*r0
+	umulh	$d1,$h0,$r0
+
+	mul	$t0,$h1,$s1		// h1*5*r1
+	umulh	$t1,$h1,$s1
+
+	adds	$d0,$d0,$t0
+	mul	$t0,$h0,$r1		// h0*r1
+	adc	$d1,$d1,$t1
+	umulh	$d2,$h0,$r1
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h1,$r0		// h1*r0
+	adc	$d2,$d2,xzr
+	umulh	$t1,$h1,$r0
+
+	adds	$d1,$d1,$t0
+	mul	$t0,$h2,$s1		// h2*5*r1
+	adc	$d2,$d2,$t1
+	mul	$t1,$h2,$r0		// h2*r0
+
+	adds	$d1,$d1,$t0
+	adc	$d2,$d2,$t1
+
+	and	$t0,$d2,#-4		// final reduction
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$d0,$t0
+	adcs	$h1,$d1,xzr
+	adc	$h2,$h2,xzr
+
+	ret
+.size	poly1305_mult,.-poly1305_mult
+
+.type	poly1305_splat,%function
+.align	5
+poly1305_splat:
+	and	x12,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x13,$h0,#26,#26
+	extr	x14,$h1,$h0,#52
+	and	x14,x14,#0x03ffffff
+	ubfx	x15,$h1,#14,#26
+	extr	x16,$h2,$h1,#40
+
+	str	w12,[$ctx,#16*0]	// r0
+	add	w12,w13,w13,lsl#2	// r1*5
+	str	w13,[$ctx,#16*1]	// r1
+	add	w13,w14,w14,lsl#2	// r2*5
+	str	w12,[$ctx,#16*2]	// s1
+	str	w14,[$ctx,#16*3]	// r2
+	add	w14,w15,w15,lsl#2	// r3*5
+	str	w13,[$ctx,#16*4]	// s2
+	str	w15,[$ctx,#16*5]	// r3
+	add	w15,w16,w16,lsl#2	// r4*5
+	str	w14,[$ctx,#16*6]	// s3
+	str	w16,[$ctx,#16*7]	// r4
+	str	w15,[$ctx,#16*8]	// s4
+
+	ret
+.size	poly1305_splat,.-poly1305_splat
+
+.type	poly1305_blocks_neon,%function
+.align	5
+poly1305_blocks_neon:
+	ldr	$is_base2_26,[$ctx,#24]
+	cmp	$len,#128
+	b.hs	.Lblocks_neon
+	cbz	$is_base2_26,poly1305_blocks
+
+.Lblocks_neon:
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+
+	ands	$len,$len,#-16
+	b.eq	.Lno_data_neon
+
+	cbz	$is_base2_26,.Lbase2_64_neon
+
+	ldp	w10,w11,[$ctx]		// load hash value base 2^26
+	ldp	w12,w13,[$ctx,#8]
+	ldr	w14,[$ctx,#16]
+
+	tst	$len,#31
+	b.eq	.Leven_neon
+
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+
+	add	$h0,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	$h1,x12,#12
+	adds	$h0,$h0,x12,lsl#52
+	add	$h1,$h1,x13,lsl#14
+	adc	$h1,$h1,xzr
+	lsr	$h2,x14,#24
+	adds	$h1,$h1,x14,lsl#40
+	adc	$d2,$h2,xzr		// can be partially reduced...
+
+	ldp	$d0,$d1,[$inp],#16	// load input
+	sub	$len,$len,#16
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+
+	and	$t0,$d2,#-4		// ... so reduce
+	and	$h2,$d2,#3
+	add	$t0,$t0,$d2,lsr#2
+	adds	$h0,$h0,$t0
+	adcs	$h1,$h1,xzr
+	adc	$h2,$h2,xzr
+
+#ifdef	__ARMEB__
+	rev	$d0,$d0
+	rev	$d1,$d1
+#endif
+	adds	$h0,$h0,$d0		// accumulate input
+	adcs	$h1,$h1,$d1
+	adc	$h2,$h2,$padbit
+
+	bl	poly1305_mult
+	ldr	x30,[sp,#8]
+
+	cbz	$padbit,.Lstore_base2_64_neon
+
+	and	x10,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,$h0,#26,#26
+	extr	x12,$h1,$h0,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,$h1,#14,#26
+	extr	x14,$h2,$h1,#40
+
+	cbnz	$len,.Leven_neon
+
+	stp	w10,w11,[$ctx]		// store hash value base 2^26
+	stp	w12,w13,[$ctx,#8]
+	str	w14,[$ctx,#16]
+	b	.Lno_data_neon
+
+.align	4
+.Lstore_base2_64_neon:
+	stp	$h0,$h1,[$ctx]		// store hash value base 2^64
+	stp	$h2,xzr,[$ctx,#16]	// note that is_base2_26 is zeroed
+	b	.Lno_data_neon
+
+.align	4
+.Lbase2_64_neon:
+	ldp	$r0,$r1,[$ctx,#32]	// load key value
+
+	ldp	$h0,$h1,[$ctx]		// load hash value base 2^64
+	ldr	$h2,[$ctx,#16]
+
+	tst	$len,#31
+	b.eq	.Linit_neon
+
+	ldp	$d0,$d1,[$inp],#16	// load input
+	sub	$len,$len,#16
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+#ifdef	__ARMEB__
+	rev	$d0,$d0
+	rev	$d1,$d1
+#endif
+	adds	$h0,$h0,$d0		// accumulate input
+	adcs	$h1,$h1,$d1
+	adc	$h2,$h2,$padbit
+
+	bl	poly1305_mult
+
+.Linit_neon:
+	and	x10,$h0,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,$h0,#26,#26
+	extr	x12,$h1,$h0,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,$h1,#14,#26
+	extr	x14,$h2,$h1,#40
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	${H0},x10
+	fmov	${H1},x11
+	fmov	${H2},x12
+	fmov	${H3},x13
+	fmov	${H4},x14
+
+	////////////////////////////////// initialize r^n table
+	mov	$h0,$r0			// r^1
+	add	$s1,$r1,$r1,lsr#2	// s1 = r1 + (r1 >> 2)
+	mov	$h1,$r1
+	mov	$h2,xzr
+	add	$ctx,$ctx,#48+12
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^2
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^3
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^4
+	sub	$ctx,$ctx,#4
+	bl	poly1305_splat
+	ldr	x30,[sp,#8]
+
+	add	$in2,$inp,#32
+	adr	$zeros,.Lzeros
+	subs	$len,$len,#64
+	csel	$in2,$zeros,$in2,lo
+
+	mov	x4,#1
+	str	x4,[$ctx,#-24]		// set is_base2_26
+	sub	$ctx,$ctx,#48		// restore original $ctx
+	b	.Ldo_neon
+
+.align	4
+.Leven_neon:
+	add	$in2,$inp,#32
+	adr	$zeros,.Lzeros
+	subs	$len,$len,#64
+	csel	$in2,$zeros,$in2,lo
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	${H0},x10
+	fmov	${H1},x11
+	fmov	${H2},x12
+	fmov	${H3},x13
+	fmov	${H4},x14
+
+.Ldo_neon:
+	ldp	x8,x12,[$in2],#16	// inp[2:3] (or zero)
+	ldp	x9,x13,[$in2],#48
+
+	lsl	$padbit,$padbit,#24
+	add	x15,$ctx,#48
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	$IN23_0,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,$padbit,x12,lsr#40
+	add	x13,$padbit,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	$IN23_1,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	fmov	$IN23_2,x8
+	fmov	$IN23_3,x10
+	fmov	$IN23_4,x12
+
+	ldp	x8,x12,[$inp],#16	// inp[0:1]
+	ldp	x9,x13,[$inp],#48
+
+	ld1	{$R0,$R1,$S1,$R2},[x15],#64
+	ld1	{$S2,$R3,$S3,$R4},[x15],#64
+	ld1	{$S4},[x15]
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	$IN01_0,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,$padbit,x12,lsr#40
+	add	x13,$padbit,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	$IN01_1,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	movi	$MASK.2d,#-1
+	fmov	$IN01_2,x8
+	fmov	$IN01_3,x10
+	fmov	$IN01_4,x12
+	ushr	$MASK.2d,$MASK.2d,#38
+
+	b.ls	.Lskip_loop
+
+.align	4
+.Loop_neon:
+	////////////////////////////////////////////////////////////////
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	//   \___________________/
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	//   \___________________/ \____________________/
+	//
+	// Note that we start with inp[2:3]*r^2. This is because it
+	// doesn't depend on reduction in previous iteration.
+	////////////////////////////////////////////////////////////////
+	// d4 = h0*r4 + h1*r3   + h2*r2   + h3*r1   + h4*r0
+	// d3 = h0*r3 + h1*r2   + h2*r1   + h3*r0   + h4*5*r4
+	// d2 = h0*r2 + h1*r1   + h2*r0   + h3*5*r4 + h4*5*r3
+	// d1 = h0*r1 + h1*r0   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	// d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	subs	$len,$len,#64
+	umull	$ACC4,$IN23_0,${R4}[2]
+	csel	$in2,$zeros,$in2,lo
+	umull	$ACC3,$IN23_0,${R3}[2]
+	umull	$ACC2,$IN23_0,${R2}[2]
+	 ldp	x8,x12,[$in2],#16	// inp[2:3] (or zero)
+	umull	$ACC1,$IN23_0,${R1}[2]
+	 ldp	x9,x13,[$in2],#48
+	umull	$ACC0,$IN23_0,${R0}[2]
+#ifdef	__ARMEB__
+	 rev	x8,x8
+	 rev	x12,x12
+	 rev	x9,x9
+	 rev	x13,x13
+#endif
+
+	umlal	$ACC4,$IN23_1,${R3}[2]
+	 and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	$ACC3,$IN23_1,${R2}[2]
+	 and	x5,x9,#0x03ffffff
+	umlal	$ACC2,$IN23_1,${R1}[2]
+	 ubfx	x6,x8,#26,#26
+	umlal	$ACC1,$IN23_1,${R0}[2]
+	 ubfx	x7,x9,#26,#26
+	umlal	$ACC0,$IN23_1,${S4}[2]
+	 add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+
+	umlal	$ACC4,$IN23_2,${R2}[2]
+	 extr	x8,x12,x8,#52
+	umlal	$ACC3,$IN23_2,${R1}[2]
+	 extr	x9,x13,x9,#52
+	umlal	$ACC2,$IN23_2,${R0}[2]
+	 add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	$ACC1,$IN23_2,${S4}[2]
+	 fmov	$IN23_0,x4
+	umlal	$ACC0,$IN23_2,${S3}[2]
+	 and	x8,x8,#0x03ffffff
+
+	umlal	$ACC4,$IN23_3,${R1}[2]
+	 and	x9,x9,#0x03ffffff
+	umlal	$ACC3,$IN23_3,${R0}[2]
+	 ubfx	x10,x12,#14,#26
+	umlal	$ACC2,$IN23_3,${S4}[2]
+	 ubfx	x11,x13,#14,#26
+	umlal	$ACC1,$IN23_3,${S3}[2]
+	 add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	$ACC0,$IN23_3,${S2}[2]
+	 fmov	$IN23_1,x6
+
+	add	$IN01_2,$IN01_2,$H2
+	 add	x12,$padbit,x12,lsr#40
+	umlal	$ACC4,$IN23_4,${R0}[2]
+	 add	x13,$padbit,x13,lsr#40
+	umlal	$ACC3,$IN23_4,${S4}[2]
+	 add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	$ACC2,$IN23_4,${S3}[2]
+	 add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	$ACC1,$IN23_4,${S2}[2]
+	 fmov	$IN23_2,x8
+	umlal	$ACC0,$IN23_4,${S1}[2]
+	 fmov	$IN23_3,x10
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4 and accumulate
+
+	add	$IN01_0,$IN01_0,$H0
+	 fmov	$IN23_4,x12
+	umlal	$ACC3,$IN01_2,${R1}[0]
+	 ldp	x8,x12,[$inp],#16	// inp[0:1]
+	umlal	$ACC0,$IN01_2,${S3}[0]
+	 ldp	x9,x13,[$inp],#48
+	umlal	$ACC4,$IN01_2,${R2}[0]
+	umlal	$ACC1,$IN01_2,${S4}[0]
+	umlal	$ACC2,$IN01_2,${R0}[0]
+#ifdef	__ARMEB__
+	 rev	x8,x8
+	 rev	x12,x12
+	 rev	x9,x9
+	 rev	x13,x13
+#endif
+
+	add	$IN01_1,$IN01_1,$H1
+	umlal	$ACC3,$IN01_0,${R3}[0]
+	umlal	$ACC4,$IN01_0,${R4}[0]
+	 and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	$ACC2,$IN01_0,${R2}[0]
+	 and	x5,x9,#0x03ffffff
+	umlal	$ACC0,$IN01_0,${R0}[0]
+	 ubfx	x6,x8,#26,#26
+	umlal	$ACC1,$IN01_0,${R1}[0]
+	 ubfx	x7,x9,#26,#26
+
+	add	$IN01_3,$IN01_3,$H3
+	 add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	umlal	$ACC3,$IN01_1,${R2}[0]
+	 extr	x8,x12,x8,#52
+	umlal	$ACC4,$IN01_1,${R3}[0]
+	 extr	x9,x13,x9,#52
+	umlal	$ACC0,$IN01_1,${S4}[0]
+	 add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	$ACC2,$IN01_1,${R1}[0]
+	 fmov	$IN01_0,x4
+	umlal	$ACC1,$IN01_1,${R0}[0]
+	 and	x8,x8,#0x03ffffff
+
+	add	$IN01_4,$IN01_4,$H4
+	 and	x9,x9,#0x03ffffff
+	umlal	$ACC3,$IN01_3,${R0}[0]
+	 ubfx	x10,x12,#14,#26
+	umlal	$ACC0,$IN01_3,${S2}[0]
+	 ubfx	x11,x13,#14,#26
+	umlal	$ACC4,$IN01_3,${R1}[0]
+	 add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	$ACC1,$IN01_3,${S3}[0]
+	 fmov	$IN01_1,x6
+	umlal	$ACC2,$IN01_3,${S4}[0]
+	 add	x12,$padbit,x12,lsr#40
+
+	umlal	$ACC3,$IN01_4,${S4}[0]
+	 add	x13,$padbit,x13,lsr#40
+	umlal	$ACC0,$IN01_4,${S1}[0]
+	 add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	$ACC4,$IN01_4,${R0}[0]
+	 add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	$ACC1,$IN01_4,${S2}[0]
+	 fmov	$IN01_2,x8
+	umlal	$ACC2,$IN01_4,${S3}[0]
+	 fmov	$IN01_3,x10
+	 fmov	$IN01_4,x12
+
+	/////////////////////////////////////////////////////////////////
+	// lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	// and P. Schwabe
+	//
+	// [see discussion in poly1305-armv4 module]
+
+	ushr	$T0.2d,$ACC3,#26
+	xtn	$H3,$ACC3
+	 ushr	$T1.2d,$ACC0,#26
+	 and	$ACC0,$ACC0,$MASK.2d
+	add	$ACC4,$ACC4,$T0.2d	// h3 -> h4
+	bic	$H3,#0xfc,lsl#24	// &=0x03ffffff
+	 add	$ACC1,$ACC1,$T1.2d	// h0 -> h1
+
+	ushr	$T0.2d,$ACC4,#26
+	xtn	$H4,$ACC4
+	 ushr	$T1.2d,$ACC1,#26
+	 xtn	$H1,$ACC1
+	bic	$H4,#0xfc,lsl#24
+	 add	$ACC2,$ACC2,$T1.2d	// h1 -> h2
+
+	add	$ACC0,$ACC0,$T0.2d
+	shl	$T0.2d,$T0.2d,#2
+	 shrn	$T1.2s,$ACC2,#26
+	 xtn	$H2,$ACC2
+	add	$ACC0,$ACC0,$T0.2d	// h4 -> h0
+	 bic	$H1,#0xfc,lsl#24
+	 add	$H3,$H3,$T1.2s		// h2 -> h3
+	 bic	$H2,#0xfc,lsl#24
+
+	shrn	$T0.2s,$ACC0,#26
+	xtn	$H0,$ACC0
+	 ushr	$T1.2s,$H3,#26
+	 bic	$H3,#0xfc,lsl#24
+	 bic	$H0,#0xfc,lsl#24
+	add	$H1,$H1,$T0.2s		// h0 -> h1
+	 add	$H4,$H4,$T1.2s		// h3 -> h4
+
+	b.hi	.Loop_neon
+
+.Lskip_loop:
+	dup	$IN23_2,${IN23_2}[0]
+	add	$IN01_2,$IN01_2,$H2
+
+	////////////////////////////////////////////////////////////////
+	// multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	adds	$len,$len,#32
+	b.ne	.Long_tail
+
+	dup	$IN23_2,${IN01_2}[0]
+	add	$IN23_0,$IN01_0,$H0
+	add	$IN23_3,$IN01_3,$H3
+	add	$IN23_1,$IN01_1,$H1
+	add	$IN23_4,$IN01_4,$H4
+
+.Long_tail:
+	dup	$IN23_0,${IN23_0}[0]
+	umull2	$ACC0,$IN23_2,${S3}
+	umull2	$ACC3,$IN23_2,${R1}
+	umull2	$ACC4,$IN23_2,${R2}
+	umull2	$ACC2,$IN23_2,${R0}
+	umull2	$ACC1,$IN23_2,${S4}
+
+	dup	$IN23_1,${IN23_1}[0]
+	umlal2	$ACC0,$IN23_0,${R0}
+	umlal2	$ACC2,$IN23_0,${R2}
+	umlal2	$ACC3,$IN23_0,${R3}
+	umlal2	$ACC4,$IN23_0,${R4}
+	umlal2	$ACC1,$IN23_0,${R1}
+
+	dup	$IN23_3,${IN23_3}[0]
+	umlal2	$ACC0,$IN23_1,${S4}
+	umlal2	$ACC3,$IN23_1,${R2}
+	umlal2	$ACC2,$IN23_1,${R1}
+	umlal2	$ACC4,$IN23_1,${R3}
+	umlal2	$ACC1,$IN23_1,${R0}
+
+	dup	$IN23_4,${IN23_4}[0]
+	umlal2	$ACC3,$IN23_3,${R0}
+	umlal2	$ACC4,$IN23_3,${R1}
+	umlal2	$ACC0,$IN23_3,${S2}
+	umlal2	$ACC1,$IN23_3,${S3}
+	umlal2	$ACC2,$IN23_3,${S4}
+
+	umlal2	$ACC3,$IN23_4,${S4}
+	umlal2	$ACC0,$IN23_4,${S1}
+	umlal2	$ACC4,$IN23_4,${R0}
+	umlal2	$ACC1,$IN23_4,${S2}
+	umlal2	$ACC2,$IN23_4,${S3}
+
+	b.eq	.Lshort_tail
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4:r^3 and accumulate
+
+	add	$IN01_0,$IN01_0,$H0
+	umlal	$ACC3,$IN01_2,${R1}
+	umlal	$ACC0,$IN01_2,${S3}
+	umlal	$ACC4,$IN01_2,${R2}
+	umlal	$ACC1,$IN01_2,${S4}
+	umlal	$ACC2,$IN01_2,${R0}
+
+	add	$IN01_1,$IN01_1,$H1
+	umlal	$ACC3,$IN01_0,${R3}
+	umlal	$ACC0,$IN01_0,${R0}
+	umlal	$ACC4,$IN01_0,${R4}
+	umlal	$ACC1,$IN01_0,${R1}
+	umlal	$ACC2,$IN01_0,${R2}
+
+	add	$IN01_3,$IN01_3,$H3
+	umlal	$ACC3,$IN01_1,${R2}
+	umlal	$ACC0,$IN01_1,${S4}
+	umlal	$ACC4,$IN01_1,${R3}
+	umlal	$ACC1,$IN01_1,${R0}
+	umlal	$ACC2,$IN01_1,${R1}
+
+	add	$IN01_4,$IN01_4,$H4
+	umlal	$ACC3,$IN01_3,${R0}
+	umlal	$ACC0,$IN01_3,${S2}
+	umlal	$ACC4,$IN01_3,${R1}
+	umlal	$ACC1,$IN01_3,${S3}
+	umlal	$ACC2,$IN01_3,${S4}
+
+	umlal	$ACC3,$IN01_4,${S4}
+	umlal	$ACC0,$IN01_4,${S1}
+	umlal	$ACC4,$IN01_4,${R0}
+	umlal	$ACC1,$IN01_4,${S2}
+	umlal	$ACC2,$IN01_4,${S3}
+
+.Lshort_tail:
+	////////////////////////////////////////////////////////////////
+	// horizontal add
+
+	addp	$ACC3,$ACC3,$ACC3
+	 ldp	d8,d9,[sp,#16]		// meet ABI requirements
+	addp	$ACC0,$ACC0,$ACC0
+	 ldp	d10,d11,[sp,#32]
+	addp	$ACC4,$ACC4,$ACC4
+	 ldp	d12,d13,[sp,#48]
+	addp	$ACC1,$ACC1,$ACC1
+	 ldp	d14,d15,[sp,#64]
+	addp	$ACC2,$ACC2,$ACC2
+
+	////////////////////////////////////////////////////////////////
+	// lazy reduction, but without narrowing
+
+	ushr	$T0.2d,$ACC3,#26
+	and	$ACC3,$ACC3,$MASK.2d
+	 ushr	$T1.2d,$ACC0,#26
+	 and	$ACC0,$ACC0,$MASK.2d
+
+	add	$ACC4,$ACC4,$T0.2d	// h3 -> h4
+	 add	$ACC1,$ACC1,$T1.2d	// h0 -> h1
+
+	ushr	$T0.2d,$ACC4,#26
+	and	$ACC4,$ACC4,$MASK.2d
+	 ushr	$T1.2d,$ACC1,#26
+	 and	$ACC1,$ACC1,$MASK.2d
+	 add	$ACC2,$ACC2,$T1.2d	// h1 -> h2
+
+	add	$ACC0,$ACC0,$T0.2d
+	shl	$T0.2d,$T0.2d,#2
+	 ushr	$T1.2d,$ACC2,#26
+	 and	$ACC2,$ACC2,$MASK.2d
+	add	$ACC0,$ACC0,$T0.2d	// h4 -> h0
+	 add	$ACC3,$ACC3,$T1.2d	// h2 -> h3
+
+	ushr	$T0.2d,$ACC0,#26
+	and	$ACC0,$ACC0,$MASK.2d
+	 ushr	$T1.2d,$ACC3,#26
+	 and	$ACC3,$ACC3,$MASK.2d
+	add	$ACC1,$ACC1,$T0.2d	// h0 -> h1
+	 add	$ACC4,$ACC4,$T1.2d	// h3 -> h4
+
+	////////////////////////////////////////////////////////////////
+	// write the result, can be partially reduced
+
+	st4	{$ACC0,$ACC1,$ACC2,$ACC3}[0],[$ctx],#16
+	st1	{$ACC4}[0],[$ctx]
+
+.Lno_data_neon:
+	ldr	x29,[sp],#80
+	ret
+.size	poly1305_blocks_neon,.-poly1305_blocks_neon
+
+.type	poly1305_emit_neon,%function
+.align	5
+poly1305_emit_neon:
+	ldr	$is_base2_26,[$ctx,#24]
+	cbz	$is_base2_26,poly1305_emit
+
+	ldp	w10,w11,[$ctx]		// load hash value base 2^26
+	ldp	w12,w13,[$ctx,#8]
+	ldr	w14,[$ctx,#16]
+
+	add	$h0,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	$h1,x12,#12
+	adds	$h0,$h0,x12,lsl#52
+	add	$h1,$h1,x13,lsl#14
+	adc	$h1,$h1,xzr
+	lsr	$h2,x14,#24
+	adds	$h1,$h1,x14,lsl#40
+	adc	$h2,$h2,xzr		// can be partially reduced...
+
+	ldp	$t0,$t1,[$nonce]	// load nonce
+
+	and	$d0,$h2,#-4		// ... so reduce
+	add	$d0,$d0,$h2,lsr#2
+	and	$h2,$h2,#3
+	adds	$h0,$h0,$d0
+	adcs	$h1,$h1,xzr
+	adc	$h2,$h2,xzr
+
+	adds	$d0,$h0,#5		// compare to modulus
+	adcs	$d1,$h1,xzr
+	adc	$d2,$h2,xzr
+
+	tst	$d2,#-4			// see if it's carried/borrowed
+
+	csel	$h0,$h0,$d0,eq
+	csel	$h1,$h1,$d1,eq
+
+#ifdef	__ARMEB__
+	ror	$t0,$t0,#32		// flip nonce words
+	ror	$t1,$t1,#32
+#endif
+	adds	$h0,$h0,$t0		// accumulate nonce
+	adc	$h1,$h1,$t1
+#ifdef	__ARMEB__
+	rev	$h0,$h0			// flip output bytes
+	rev	$h1,$h1
+#endif
+	stp	$h0,$h1,[$mac]		// write result
+
+	ret
+.size	poly1305_emit_neon,.-poly1305_emit_neon
+
+.align	5
+.Lzeros:
+.long	0,0,0,0,0,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"Poly1305 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+foreach (split("\n",$code)) {
+	s/\b(shrn\s+v[0-9]+)\.[24]d/$1.2s/			or
+	s/\b(fmov\s+)v([0-9]+)[^,]*,\s*x([0-9]+)/$1d$2,x$3/	or
+	(m/\bdup\b/ and (s/\.[24]s/.2d/g or 1))			or
+	(m/\b(eor|and)/ and (s/\.[248][sdh]/.16b/g or 1))	or
+	(m/\bum(ul|la)l\b/ and (s/\.4s/.2s/g or 1))		or
+	(m/\bum(ul|la)l2\b/ and (s/\.2s/.4s/g or 1))		or
+	(m/\bst[1-4]\s+{[^}]+}\[/ and (s/\.[24]d/.s/g or 1));
+
+	s/\.[124]([sd])\[/.$1\[/;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-c64xplus.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-c64xplus.pl
new file mode 100755
index 0000000..93fef37
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-c64xplus.pl
@@ -0,0 +1,331 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Poly1305 hash for C64x+.
+#
+# October 2015
+#
+# Performance is [incredible for a 32-bit processor] 1.82 cycles per
+# processed byte. Comparison to compiler-generated code is problematic,
+# because results were observed to vary from 2.1 to 7.6 cpb depending
+# on compiler's ability to inline small functions. Compiler also
+# disables interrupts for some reason, thus making interrupt response
+# time dependent on input length. This module on the other hand is free
+# from such limitation.
+
+$output=pop;
+open STDOUT,">$output";
+
+($CTXA,$INPB,$LEN,$PADBIT)=("A4","B4","A6","B6");
+($H0,$H1,$H2,$H3,$H4,$H4a)=("A8","B8","A10","B10","B2",$LEN);
+($D0,$D1,$D2,$D3)=         ("A9","B9","A11","B11");
+($R0,$R1,$R2,$R3,$S1,$S2,$S3,$S3b)=("A0","B0","A1","B1","A12","B12","A13","B13");
+($THREE,$R0b,$S2a)=("B7","B5","A5");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	poly1305_init,_poly1305_init
+	.asg	poly1305_blocks,_poly1305_blocks
+	.asg	poly1305_emit,_poly1305_emit
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.LITTLE_ENDIAN
+	.asg	MV,SWAP2
+	.asg	MV.L,SWAP4
+	.endif
+
+	.global	_poly1305_init
+_poly1305_init:
+	.asmfunc
+	LDNDW	*${INPB}[0],B17:B16	; load key material
+	LDNDW	*${INPB}[1],A17:A16
+
+||	ZERO	B9:B8
+||	MVK	-1,B0
+	STDW	B9:B8,*${CTXA}[0]	; initialize h1:h0
+||	SHRU	B0,4,B0			; 0x0fffffff
+||	MVK	-4,B1
+	STDW	B9:B8,*${CTXA}[1]	; initialize h3:h2
+||	AND	B0,B1,B1		; 0x0ffffffc
+	STW	B8,*${CTXA}[4]		; initialize h4
+
+	.if	.BIG_ENDIAN
+	SWAP2	B16,B17
+||	SWAP2	B17,B16
+	SWAP2	A16,A17
+||	SWAP2	A17,A16
+	SWAP4	B16,B16
+||	SWAP4	A16,A16
+	SWAP4	B17,B17
+||	SWAP4	A17,A17
+	.endif
+
+	AND	B16,B0,B20		; r0 = key[0] & 0x0fffffff
+||	AND	B17,B1,B22		; r1 = key[1] & 0x0ffffffc
+||	EXTU	B17,4,6,B16		; r1>>2
+	AND	A16,B1,B21		; r2 = key[2] & 0x0ffffffc
+||	AND	A17,B1,A23		; r3 = key[3] & 0x0ffffffc
+||	BNOP	RA
+	SHRU	B21,2,B18
+||	ADD	B22,B16,B16		; s1 = r1 + r1>>2
+
+	STDW	B21:B20,*${CTXA}[3]	; save r2:r0
+||	ADD	B21,B18,B18		; s2 = r2 + r2>>2
+||	SHRU	A23,2,B17
+||	MV	A23,B23
+	STDW	B23:B22,*${CTXA}[4]	; save r3:r1
+||	ADD	B23,B17,B19		; s3 = r3 + r3>>2
+||	ADD	B23,B17,B17		; s3 = r3 + r3>>2
+	STDW	B17:B16,*${CTXA}[5]	; save s3:s1
+	STDW	B19:B18,*${CTXA}[6]	; save s3:s2
+||	ZERO	A4			; return 0
+	.endasmfunc
+
+	.global	_poly1305_blocks
+	.align	32
+_poly1305_blocks:
+	.asmfunc	stack_usage(40)
+	SHRU	$LEN,4,A2		; A2 is loop counter, number of blocks
+  [!A2]	BNOP	RA			; no data
+|| [A2]	STW	FP,*SP--(40)		; save frame pointer and alloca(40)
+|| [A2]	MV	SP,FP
+   [A2]	STDW	B13:B12,*SP[4]		; ABI says so
+|| [A2]	MV	$CTXA,$S3b		; borrow $S3b
+   [A2]	STDW	B11:B10,*SP[3]
+|| [A2]	STDW	A13:A12,*FP[-3]
+   [A2]	STDW	A11:A10,*FP[-4]
+
+|| [A2]	LDDW	*${S3b}[0],B25:B24	; load h1:h0
+   [A2]	LDNW	*${INPB}++[4],$D0	; load inp[0]
+   [A2]	LDNW	*${INPB}[-3],$D1	; load inp[1]
+
+	LDDW	*${CTXA}[1],B29:B28	; load h3:h2, B28 is h2
+	LDNW	*${INPB}[-2],$D2	; load inp[2]
+	LDNW	*${INPB}[-1],$D3	; load inp[3]
+
+	LDDW	*${CTXA}[3],$R2:$R0	; load r2:r0
+||	LDDW	*${S3b}[4],$R3:$R1	; load r3:r1
+||	SWAP2	$D0,$D0
+
+	LDDW	*${CTXA}[5],$S3:$S1	; load s3:s1
+||	LDDW	*${S3b}[6],$S3b:$S2	; load s3:s2
+||	SWAP4	$D0,$D0
+||	SWAP2	$D1,$D1
+
+	ADDU	$D0,B24,$D0:$H0		; h0+=inp[0]
+||	ADD	$D0,B24,B27		; B-copy of h0+inp[0]
+||	SWAP4	$D1,$D1
+	ADDU	$D1,B25,$D1:$H1		; h1+=inp[1]
+||	MVK	3,$THREE
+||	SWAP2	$D2,$D2
+	LDW	*${CTXA}[4],$H4		; load h4
+||	SWAP4	$D2,$D2
+||	MV	B29,B30			; B30 is h3
+	MV	$R0,$R0b
+
+loop?:
+	MPY32U	$H0,$R0,A17:A16
+||	MPY32U	B27,$R1,B17:B16		; MPY32U	$H0,$R1,B17:B16
+||	ADDU	$D0,$D1:$H1,B25:B24	; ADDU		$D0,$D1:$H1,$D1:$H1
+||	ADDU	$D2,B28,$D2:$H2		; h2+=inp[2]
+||	SWAP2	$D3,$D3
+	MPY32U	$H0,$R2,A19:A18
+||	MPY32U	B27,$R3,B19:B18		; MPY32U	$H0,$R3,B19:B18
+||	ADD	$D0,$H1,A24		; A-copy of B24
+||	SWAP4	$D3,$D3
+|| [A2]	SUB	A2,1,A2			; decrement loop counter
+
+	MPY32U	A24,$S3,A21:A20		; MPY32U	$H1,$S3,A21:A20
+||	MPY32U	B24,$R0b,B21:B20	; MPY32U	$H1,$R0,B21:B20
+||	ADDU	B25,$D2:$H2,$D2:$H2	; ADDU		$D1,$D2:$H2,$D2:$H2
+||	ADDU	$D3,B30,$D3:$H3		; h3+=inp[3]
+||	ADD	B25,$H2,B25		; B-copy of $H2
+	MPY32U	A24,$R1,A23:A22		; MPY32U	$H1,$R1,A23:A22
+||	MPY32U	B24,$R2,B23:B22		; MPY32U	$H1,$R2,B23:B22
+
+	MPY32U	$H2,$S2,A25:A24
+||	MPY32U	B25,$S3b,B25:B24	; MPY32U	$H2,$S3,B25:B24
+||	ADDU	$D2,$D3:$H3,$D3:$H3
+||	ADD	$PADBIT,$H4,$H4		; h4+=padbit
+	MPY32U	$H2,$R0,A27:A26
+||	MPY32U	$H2,$R1,B27:B26
+||	ADD	$D3,$H4,$H4
+||	MV	$S2,$S2a
+
+	MPY32U	$H3,$S1,A29:A28
+||	MPY32U	$H3,$S2,B29:B28
+||	ADD	A21,A17,A21		; start accumulating "d3:d0"
+||	ADD	B21,B17,B21
+||	ADDU	A20,A16,A17:A16
+||	ADDU	B20,B16,B17:B16
+|| [A2]	LDNW	*${INPB}++[4],$D0	; load inp[0]
+	MPY32U	$H3,$S3,A31:A30
+||	MPY32U	$H3,$R0b,B31:B30
+||	ADD	A23,A19,A23
+||	ADD	B23,B19,B23
+||	ADDU	A22,A18,A19:A18
+||	ADDU	B22,B18,B19:B18
+|| [A2]	LDNW	*${INPB}[-3],$D1	; load inp[1]
+
+	MPY32	$H4,$S1,B20
+||	MPY32	$H4,$S2a,A20
+||	ADD	A25,A21,A21
+||	ADD	B25,B21,B21
+||	ADDU	A24,A17:A16,A17:A16
+||	ADDU	B24,B17:B16,B17:B16
+|| [A2]	LDNW	*${INPB}[-2],$D2	; load inp[2]
+	MPY32	$H4,$S3b,B22
+||	ADD	A27,A23,A23
+||	ADD	B27,B23,B23
+||	ADDU	A26,A19:A18,A19:A18
+||	ADDU	B26,B19:B18,B19:B18
+|| [A2]	LDNW	*${INPB}[-1],$D3	; load inp[3]
+
+	MPY32	$H4,$R0b,$H4
+||	ADD	A29,A21,A21		; final hi("d0")
+||	ADD	B29,B21,B21		; final hi("d1")
+||	ADDU	A28,A17:A16,A17:A16	; final lo("d0")
+||	ADDU	B28,B17:B16,B17:B16
+	ADD	A31,A23,A23		; final hi("d2")
+||	ADD	B31,B23,B23		; final hi("d3")
+||	ADDU	A30,A19:A18,A19:A18
+||	ADDU	B30,B19:B18,B19:B18
+	ADDU	B20,B17:B16,B17:B16	; final lo("d1")
+||	ADDU	A20,A19:A18,A19:A18	; final lo("d2")
+	ADDU	B22,B19:B18,B19:B18	; final lo("d3")
+
+||	ADD	A17,A21,A21		; "flatten" "d3:d0"
+	MV	A19,B29			; move to avoid cross-path stalls
+	ADDU	A21,B17:B16,B27:B26	; B26 is h1
+	ADD	B21,B27,B27
+||	DMV	B29,A18,B29:B28		; move to avoid cross-path stalls
+	ADDU	B27,B29:B28,B29:B28	; B28 is h2
+|| [A2]	SWAP2	$D0,$D0
+	ADD	A23,B29,B29
+|| [A2]	SWAP4	$D0,$D0
+	ADDU	B29,B19:B18,B31:B30	; B30 is h3
+	ADD	B23,B31,B31
+||	MV	A16,B24			; B24 is h0
+|| [A2]	SWAP2	$D1,$D1
+	ADD	B31,$H4,$H4
+|| [A2]	SWAP4	$D1,$D1
+
+	SHRU	$H4,2,B16		; last reduction step
+||	AND	$H4,$THREE,$H4
+	ADDAW	B16,B16,B16		; 5*(h4>>2)
+|| [A2]	BNOP	loop?
+
+	ADDU	B24,B16,B25:B24		; B24 is h0
+|| [A2]	SWAP2	$D2,$D2
+	ADDU	B26,B25,B27:B26		; B26 is h1
+|| [A2]	SWAP4	$D2,$D2
+	ADDU	B28,B27,B29:B28		; B28 is h2
+|| [A2]	ADDU	$D0,B24,$D0:$H0		; h0+=inp[0]
+|| [A2]	ADD	$D0,B24,B27		; B-copy of h0+inp[0]
+	ADDU	B30,B29,B31:B30		; B30 is h3
+	ADD	B31,$H4,$H4
+|| [A2]	ADDU	$D1,B26,$D1:$H1		; h1+=inp[1]
+;;===== branch to loop? is taken here
+
+	LDDW	*FP[-4],A11:A10		; ABI says so
+	LDDW	*FP[-3],A13:A12
+||	LDDW	*SP[3],B11:B10
+	LDDW	*SP[4],B13:B12
+||	MV	B26,B25
+||	BNOP	RA
+	LDW	*++SP(40),FP		; restore frame pointer
+||	MV	B30,B29
+	STDW	B25:B24,*${CTXA}[0]	; save h1:h0
+	STDW	B29:B28,*${CTXA}[1]	; save h3:h2
+	STW	$H4,*${CTXA}[4]		; save h4
+	NOP	1
+	.endasmfunc
+___
+{
+my ($MAC,$NONCEA,$NONCEB)=($INPB,$LEN,$PADBIT);
+
+$code.=<<___;
+	.global	_poly1305_emit
+	.align	32
+_poly1305_emit:
+	.asmfunc
+	LDDW	*${CTXA}[0],A17:A16	; load h1:h0
+	LDDW	*${CTXA}[1],A19:A18	; load h3:h2
+	LDW	*${CTXA}[4],A20		; load h4
+	MV	$NONCEA,$NONCEB
+
+	MVK	5,A22			; compare to modulus
+	ADDU	A16,A22,A23:A22
+||	LDW	*${NONCEA}[0],A8
+||	LDW	*${NONCEB}[1],B8
+	ADDU	A17,A23,A25:A24
+||	LDW	*${NONCEA}[2],A9
+||	LDW	*${NONCEB}[3],B9
+	ADDU	A19,A25,A27:A26
+	ADDU	A19,A27,A29:A28
+	ADD	A20,A29,A29
+
+	SHRU	A29,2,A2		; check for overflow in 130-th bit
+
+   [A2]	MV	A22,A16			; select
+|| [A2]	MV	A24,A17
+   [A2]	MV	A26,A18
+|| [A2]	MV	A28,A19
+
+||	ADDU	A8,A16,A23:A22		; accumulate nonce
+	ADDU	B8,A17,A25:A24
+||	SWAP2	A22,A22
+	ADDU	A23,A25:A24,A25:A24
+	ADDU	A9,A18,A27:A26
+||	SWAP2	A24,A24
+	ADDU	A25,A27:A26,A27:A26
+||	ADD	B9,A19,A28
+	ADD	A27,A28,A28
+||	SWAP2	A26,A26
+
+	.if	.BIG_ENDIAN
+	SWAP2	A28,A28
+||	SWAP4	A22,A22
+||	SWAP4	A24,B24
+	SWAP4	A26,A26
+	SWAP4	A28,A28
+||	MV	B24,A24
+	.endif
+
+	BNOP	RA,1
+	STNW	A22,*${MAC}[0]		; write the result
+	STNW	A24,*${MAC}[1]
+	STNW	A26,*${MAC}[2]
+	STNW	A28,*${MAC}[3]
+	.endasmfunc
+___
+}
+$code.=<<___;
+	.sect	.const
+	.cstring "Poly1305 for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-mips.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-mips.pl
new file mode 100755
index 0000000..d2b3e90
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-mips.pl
@@ -0,0 +1,425 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Poly1305 hash for MIPS64.
+#
+# May 2016
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#		IALU/gcc
+# R1x000	5.64/+120%	(big-endian)
+# Octeon II	3.80/+280%	(little-endian)
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp [o32 can be
+#   excluded from the rule, because it's specified volatile];
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+die "MIPS64 only" unless ($flavour =~ /64|n32/i);
+
+$v0 = ($flavour =~ /nubi/i) ? $a0 : $t0;
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000";
+
+($ctx,$inp,$len,$padbit) = ($a0,$a1,$a2,$a3);
+($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1);
+
+$code.=<<___;
+#ifdef MIPSEB
+# define MSB 0
+# define LSB 7
+#else
+# define MSB 7
+# define LSB 0
+#endif
+
+.text
+.set	noat
+.set	noreorder
+
+.align	5
+.globl	poly1305_init
+.ent	poly1305_init
+poly1305_init:
+	.frame	$sp,0,$ra
+	.set	reorder
+
+	sd	$zero,0($ctx)
+	sd	$zero,8($ctx)
+	sd	$zero,16($ctx)
+
+	beqz	$inp,.Lno_key
+
+	ldl	$in0,0+MSB($inp)
+	ldl	$in1,8+MSB($inp)
+	ldr	$in0,0+LSB($inp)
+	ldr	$in1,8+LSB($inp)
+#ifdef	MIPSEB
+# if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	$in0,$in0		# byte swap
+	 dsbh	$in1,$in1
+	dshd	$in0,$in0
+	 dshd	$in1,$in1
+# else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+
+	and	$tmp1,$in0,$tmp0	# byte swap
+	 and	$tmp3,$in1,$tmp0
+	dsrl	$tmp2,$in0,24
+	 dsrl	$tmp4,$in1,24
+	dsll	$tmp1,24
+	 dsll	$tmp3,24
+	and	$tmp2,$tmp0
+	 and	$tmp4,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	and	$tmp2,$in0,$tmp0
+	 and	$tmp4,$in1,$tmp0
+	dsrl	$in0,8
+	 dsrl	$in1,8
+	dsll	$tmp2,8
+	 dsll	$tmp4,8
+	and	$in0,$tmp0
+	 and	$in1,$tmp0
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+	dsrl	$tmp1,$in0,32
+	 dsrl	$tmp3,$in1,32
+	dsll	$in0,32
+	 dsll	$in1,32
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+# endif
+#endif
+	li	$tmp0,1
+	dsll	$tmp0,32
+	daddiu	$tmp0,-63
+	dsll	$tmp0,28
+	daddiu	$tmp0,-1		# 0ffffffc0fffffff
+
+	and	$in0,$tmp0
+	daddiu	$tmp0,-3		# 0ffffffc0ffffffc
+	and	$in1,$tmp0
+
+	sd	$in0,24($ctx)
+	dsrl	$tmp0,$in1,2
+	sd	$in1,32($ctx)
+	daddu	$tmp0,$in1		# s1 = r1 + (r1 >> 2)
+	sd	$tmp0,40($ctx)
+
+.Lno_key:
+	li	$v0,0			# return 0
+	jr	$ra
+.end	poly1305_init
+___
+{
+my ($h0,$h1,$h2,$r0,$r1,$s1,$d0,$d1,$d2) =
+   ($s0,$s1,$s2,$s3,$s4,$s5,$in0,$in1,$t2);
+
+$code.=<<___;
+.align	5
+.globl	poly1305_blocks
+.ent	poly1305_blocks
+poly1305_blocks:
+	.set	noreorder
+	dsrl	$len,4			# number of complete blocks
+	bnez	$len,poly1305_blocks_internal
+	nop
+	jr	$ra
+	nop
+.end	poly1305_blocks
+
+.align	5
+.ent	poly1305_blocks_internal
+poly1305_blocks_internal:
+	.frame	$sp,6*8,$ra
+	.mask	$SAVED_REGS_MASK,-8
+	.set	noreorder
+	dsub	$sp,6*8
+	sd	$s5,40($sp)
+	sd	$s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	sd	$s3,24($sp)
+	sd	$s2,16($sp)
+	sd	$s1,8($sp)
+	sd	$s0,0($sp)
+___
+$code.=<<___;
+	.set	reorder
+
+	ld	$h0,0($ctx)		# load hash value
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+
+	ld	$r0,24($ctx)		# load key
+	ld	$r1,32($ctx)
+	ld	$s1,40($ctx)
+
+.Loop:
+	ldl	$in0,0+MSB($inp)	# load input
+	ldl	$in1,8+MSB($inp)
+	ldr	$in0,0+LSB($inp)
+	daddiu	$len,-1
+	ldr	$in1,8+LSB($inp)
+	daddiu	$inp,16
+#ifdef	MIPSEB
+# if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	$in0,$in0		# byte swap
+	 dsbh	$in1,$in1
+	dshd	$in0,$in0
+	 dshd	$in1,$in1
+# else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+
+	and	$tmp1,$in0,$tmp0	# byte swap
+	 and	$tmp3,$in1,$tmp0
+	dsrl	$tmp2,$in0,24
+	 dsrl	$tmp4,$in1,24
+	dsll	$tmp1,24
+	 dsll	$tmp3,24
+	and	$tmp2,$tmp0
+	 and	$tmp4,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	and	$tmp2,$in0,$tmp0
+	 and	$tmp4,$in1,$tmp0
+	dsrl	$in0,8
+	 dsrl	$in1,8
+	dsll	$tmp2,8
+	 dsll	$tmp4,8
+	and	$in0,$tmp0
+	 and	$in1,$tmp0
+	or	$tmp1,$tmp2
+	 or	$tmp3,$tmp4
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+	dsrl	$tmp1,$in0,32
+	 dsrl	$tmp3,$in1,32
+	dsll	$in0,32
+	 dsll	$in1,32
+	or	$in0,$tmp1
+	 or	$in1,$tmp3
+# endif
+#endif
+	daddu	$h0,$in0		# accumulate input
+	daddu	$h1,$in1
+	sltu	$tmp0,$h0,$in0
+	sltu	$tmp1,$h1,$in1
+	daddu	$h1,$tmp0
+
+	dmultu	$r0,$h0			# h0*r0
+	 daddu	$h2,$padbit
+	 sltu	$tmp0,$h1,$tmp0
+	mflo	$d0
+	mfhi	$d1
+
+	dmultu	$s1,$h1			# h1*5*r1
+	 daddu	$tmp0,$tmp1
+	 daddu	$h2,$tmp0
+	mflo	$tmp0
+	mfhi	$tmp1
+
+	dmultu	$r1,$h0			# h0*r1
+	 daddu	$d0,$tmp0
+	 daddu	$d1,$tmp1
+	mflo	$tmp2
+	mfhi	$d2
+	 sltu	$tmp0,$d0,$tmp0
+	 daddu	$d1,$tmp0
+
+	dmultu	$r0,$h1			# h1*r0
+	 daddu	$d1,$tmp2
+	 sltu	$tmp2,$d1,$tmp2
+	mflo	$tmp0
+	mfhi	$tmp1
+	 daddu	$d2,$tmp2
+
+	dmultu	$s1,$h2			# h2*5*r1
+	 daddu	$d1,$tmp0
+	 daddu	$d2,$tmp1
+	mflo	$tmp2
+
+	dmultu	$r0,$h2			# h2*r0
+	 sltu	$tmp0,$d1,$tmp0
+	 daddu	$d2,$tmp0
+	mflo	$tmp3
+
+	daddu	$d1,$tmp2
+	daddu	$d2,$tmp3
+	sltu	$tmp2,$d1,$tmp2
+	daddu	$d2,$tmp2
+
+	li	$tmp0,-4		# final reduction
+	and	$tmp0,$d2
+	dsrl	$tmp1,$d2,2
+	andi	$h2,$d2,3
+	daddu	$tmp0,$tmp1
+	daddu	$h0,$d0,$tmp0
+	sltu	$tmp0,$h0,$tmp0
+	daddu	$h1,$d1,$tmp0
+	sltu	$tmp0,$h1,$tmp0
+	daddu	$h2,$h2,$tmp0
+
+	bnez	$len,.Loop
+
+	sd	$h0,0($ctx)		# store hash value
+	sd	$h1,8($ctx)
+	sd	$h2,16($ctx)
+
+	.set	noreorder
+	ld	$s5,40($sp)		# epilogue
+	ld	$s4,32($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi epilogue
+	ld	$s3,24($sp)
+	ld	$s2,16($sp)
+	ld	$s1,8($sp)
+	ld	$s0,0($sp)
+___
+$code.=<<___;
+	jr	$ra
+	dadd	$sp,6*8
+.end	poly1305_blocks_internal
+___
+}
+{
+my ($ctx,$mac,$nonce) = ($a0,$a1,$a2);
+
+$code.=<<___;
+.align	5
+.globl	poly1305_emit
+.ent	poly1305_emit
+poly1305_emit:
+	.frame	$sp,0,$ra
+	.set	reorder
+
+	ld	$tmp0,0($ctx)
+	ld	$tmp1,8($ctx)
+	ld	$tmp2,16($ctx)
+
+	daddiu	$in0,$tmp0,5		# compare to modulus
+	sltiu	$tmp3,$in0,5
+	daddu	$in1,$tmp1,$tmp3
+	sltu	$tmp3,$in1,$tmp3
+	daddu	$tmp2,$tmp2,$tmp3
+
+	dsrl	$tmp2,2			# see if it carried/borrowed
+	dsubu	$tmp2,$zero,$tmp2
+	nor	$tmp3,$zero,$tmp2
+
+	and	$in0,$tmp2
+	and	$tmp0,$tmp3
+	and	$in1,$tmp2
+	and	$tmp1,$tmp3
+	or	$in0,$tmp0
+	or	$in1,$tmp1
+
+	lwu	$tmp0,0($nonce)		# load nonce
+	lwu	$tmp1,4($nonce)
+	lwu	$tmp2,8($nonce)
+	lwu	$tmp3,12($nonce)
+	dsll	$tmp1,32
+	dsll	$tmp3,32
+	or	$tmp0,$tmp1
+	or	$tmp2,$tmp3
+
+	daddu	$in0,$tmp0		# accumulate nonce
+	daddu	$in1,$tmp2
+	sltu	$tmp0,$in0,$tmp0
+	daddu	$in1,$tmp0
+
+	dsrl	$tmp0,$in0,8		# write mac value
+	dsrl	$tmp1,$in0,16
+	dsrl	$tmp2,$in0,24
+	sb	$in0,0($mac)
+	dsrl	$tmp3,$in0,32
+	sb	$tmp0,1($mac)
+	dsrl	$tmp0,$in0,40
+	sb	$tmp1,2($mac)
+	dsrl	$tmp1,$in0,48
+	sb	$tmp2,3($mac)
+	dsrl	$tmp2,$in0,56
+	sb	$tmp3,4($mac)
+	dsrl	$tmp3,$in1,8
+	sb	$tmp0,5($mac)
+	dsrl	$tmp0,$in1,16
+	sb	$tmp1,6($mac)
+	dsrl	$tmp1,$in1,24
+	sb	$tmp2,7($mac)
+
+	sb	$in1,8($mac)
+	dsrl	$tmp2,$in1,32
+	sb	$tmp3,9($mac)
+	dsrl	$tmp3,$in1,40
+	sb	$tmp0,10($mac)
+	dsrl	$tmp0,$in1,48
+	sb	$tmp1,11($mac)
+	dsrl	$tmp1,$in1,56
+	sb	$tmp2,12($mac)
+	sb	$tmp3,13($mac)
+	sb	$tmp0,14($mac)
+	sb	$tmp1,15($mac)
+
+	jr	$ra
+.end	poly1305_emit
+.rdata
+.asciiz	"Poly1305 for MIPS64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+}
+
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
+
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppc.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppc.pl
new file mode 100755
index 0000000..ab65910
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppc.pl
@@ -0,0 +1,644 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for PowerPC.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# and improvement coefficients relative to gcc-generated code.
+#
+#			-m32		-m64
+#
+# Freescale e300	14.8/+80%	-
+# PPC74x0		7.60/+60%	-
+# PPC970		7.00/+114%	3.51/+205%
+# POWER7		3.75/+260%	1.93/+100%
+# POWER8		-		2.03/+200%
+#
+# Do we need floating-point implementation for PPC? Results presented
+# in poly1305_ieee754.c are tricky to compare to, because they are for
+# compiler-generated code. On the other hand it's known that floating-
+# point performance can be dominated by FPU latency, which means that
+# there is limit even for ideally optimized (and even vectorized) code.
+# And this limit is estimated to be higher than above -m64 results. Or
+# in other words floating-point implementation can be meaningful to
+# consider only in 32-bit application context. We probably have to
+# recognize that 32-bit builds are getting less popular on high-end
+# systems and therefore tend to target embedded ones, which might not
+# even have FPU...
+#
+# On side note, Power ISA 2.07 enables vector base 2^26 implementation,
+# and POWER8 might have capacity to break 1.0 cycle per byte barrier...
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+# Define endianness based on flavour
+# i.e.: linux64le
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T;
+
+$sp="r1";
+my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6));
+my ($mac,$nonce)=($inp,$len);
+my $mask = "r0";
+
+$code=<<___;
+.machine	"any"
+.text
+___
+							if ($flavour =~ /64/) {
+###############################################################################
+# base 2^64 implementation
+
+my ($h0,$h1,$h2,$d0,$d1,$d2, $r0,$r1,$s1, $t0,$t1) = map("r$_",(7..12,27..31));
+
+$code.=<<___;
+.globl	.poly1305_init_int
+.align	4
+.poly1305_init_int:
+	xor	r0,r0,r0
+	std	r0,0($ctx)		# zero hash value
+	std	r0,8($ctx)
+	std	r0,16($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	ld	$d0,0($inp)		# load key material
+	ld	$d1,8($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$h0,4
+	lwbrx	$d0,0,$inp		# load key material
+	li	$d1,8
+	lwbrx	$h0,$h0,$inp
+	li	$h1,12
+	lwbrx	$d1,$d1,$inp
+	lwbrx	$h1,$h1,$inp
+	insrdi	$d0,$h0,32,0
+	insrdi	$d1,$h1,32,0
+___
+$code.=<<___;
+	lis	$h1,0xfff		# 0x0fff0000
+	ori	$h1,$h1,0xfffc		# 0x0ffffffc
+	insrdi	$h1,$h1,32,0		# 0x0ffffffc0ffffffc
+	ori	$h0,$h1,3		# 0x0ffffffc0fffffff
+
+	and	$d0,$d0,$h0
+	and	$d1,$d1,$h1
+
+	std	$d0,32($ctx)		# store key
+	std	$d1,40($ctx)
+
+Lno_key:
+	xor	r3,r3,r3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+.size	.poly1305_init_int,.-.poly1305_init_int
+
+.globl	.poly1305_blocks
+.align	4
+.poly1305_blocks:
+	srdi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	ld	$r0,32($ctx)		# load key
+	ld	$r1,40($ctx)
+
+	ld	$h0,0($ctx)		# load hash value
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+
+	srdi	$s1,$r1,2
+	mtctr	$len
+	add	$s1,$s1,$r1		# s1 = r1 + r1>>2
+	li	$mask,3
+	b	Loop
+
+.align	4
+Loop:
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	ld	$t0,0($inp)		# load input
+	ld	$t1,8($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d0,4
+	lwbrx	$t0,0,$inp		# load input
+	li	$t1,8
+	lwbrx	$d0,$d0,$inp
+	li	$d1,12
+	lwbrx	$t1,$t1,$inp
+	lwbrx	$d1,$d1,$inp
+	insrdi	$t0,$d0,32,0
+	insrdi	$t1,$d1,32,0
+___
+$code.=<<___;
+	addi	$inp,$inp,16
+
+	addc	$h0,$h0,$t0		# accumulate input
+	adde	$h1,$h1,$t1
+
+	mulld	$d0,$h0,$r0		# h0*r0
+	mulhdu	$d1,$h0,$r0
+	adde	$h2,$h2,$padbit
+
+	mulld	$t0,$h1,$s1		# h1*5*r1
+	mulhdu	$t1,$h1,$s1
+	addc	$d0,$d0,$t0
+	adde	$d1,$d1,$t1
+
+	mulld	$t0,$h0,$r1		# h0*r1
+	mulhdu	$d2,$h0,$r1
+	addc	$d1,$d1,$t0
+	addze	$d2,$d2
+
+	mulld	$t0,$h1,$r0		# h1*r0
+	mulhdu	$t1,$h1,$r0
+	addc	$d1,$d1,$t0
+	adde	$d2,$d2,$t1
+
+	mulld	$t0,$h2,$s1		# h2*5*r1
+	mulld	$t1,$h2,$r0		# h2*r0
+	addc	$d1,$d1,$t0
+	adde	$d2,$d2,$t1
+
+	andc	$t0,$d2,$mask		# final reduction step
+	and	$h2,$d2,$mask
+	srdi	$t1,$t0,2
+	add	$t0,$t0,$t1
+	addc	$h0,$d0,$t0
+	addze	$h1,$d1
+	addze	$h2,$h2
+
+	bdnz	Loop
+
+	std	$h0,0($ctx)		# store hash value
+	std	$h1,8($ctx)
+	std	$h2,16($ctx)
+
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,5,4,0
+.size	.poly1305_blocks,.-.poly1305_blocks
+
+.globl	.poly1305_emit
+.align	4
+.poly1305_emit:
+	ld	$h0,0($ctx)		# load hash
+	ld	$h1,8($ctx)
+	ld	$h2,16($ctx)
+	ld	$padbit,0($nonce)	# load nonce
+	ld	$nonce,8($nonce)
+
+	addic	$d0,$h0,5		# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+
+	srdi	$mask,$d2,2		# did it carry/borrow?
+	neg	$mask,$mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	or	$h1,$h1,$d1
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	rotldi	$padbit,$padbit,32	# flip nonce words
+	rotldi	$nonce,$nonce,32
+___
+$code.=<<___;
+	addc	$h0,$h0,$padbit		# accumulate nonce
+	adde	$h1,$h1,$nonce
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	std	$h0,0($mac)		# write result
+	std	$h1,8($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	extrdi	r0,$h0,32,0
+	li	$d0,4
+	stwbrx	$h0,0,$mac		# write result
+	extrdi	$h0,$h1,32,0
+	li	$d1,8
+	stwbrx	r0,$d0,$mac
+	li	$d2,12
+	stwbrx	$h1,$d1,$mac
+	stwbrx	$h0,$d2,$mac
+___
+$code.=<<___;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+.size	.poly1305_emit,.-.poly1305_emit
+___
+							} else {
+###############################################################################
+# base 2^32 implementation
+
+my ($h0,$h1,$h2,$h3,$h4, $r0,$r1,$r2,$r3, $s1,$s2,$s3,
+    $t0,$t1,$t2,$t3, $D0,$D1,$D2,$D3, $d0,$d1,$d2,$d3
+   ) = map("r$_",(7..12,14..31));
+
+$code.=<<___;
+.globl	.poly1305_init_int
+.align	4
+.poly1305_init_int:
+	xor	r0,r0,r0
+	stw	r0,0($ctx)		# zero hash value
+	stw	r0,4($ctx)
+	stw	r0,8($ctx)
+	stw	r0,12($ctx)
+	stw	r0,16($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	lw	$h0,0($inp)		# load key material
+	lw	$h1,4($inp)
+	lw	$h2,8($inp)
+	lw	$h3,12($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$h1,4
+	lwbrx	$h0,0,$inp		# load key material
+	li	$h2,8
+	lwbrx	$h1,$h1,$inp
+	li	$h3,12
+	lwbrx	$h2,$h2,$inp
+	lwbrx	$h3,$h3,$inp
+___
+$code.=<<___;
+	lis	$mask,0xf000		# 0xf0000000
+	li	$r0,-4
+	andc	$r0,$r0,$mask		# 0x0ffffffc
+
+	andc	$h0,$h0,$mask
+	and	$h1,$h1,$r0
+	and	$h2,$h2,$r0
+	and	$h3,$h3,$r0
+
+	stw	$h0,32($ctx)		# store key
+	stw	$h1,36($ctx)
+	stw	$h2,40($ctx)
+	stw	$h3,44($ctx)
+
+Lno_key:
+	xor	r3,r3,r3
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+.size	.poly1305_init_int,.-.poly1305_init_int
+
+.globl	.poly1305_blocks
+.align	4
+.poly1305_blocks:
+	srwi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$r0,32($ctx)		# load key
+	lwz	$r1,36($ctx)
+	lwz	$r2,40($ctx)
+	lwz	$r3,44($ctx)
+
+	lwz	$h0,0($ctx)		# load hash value
+	lwz	$h1,4($ctx)
+	lwz	$h2,8($ctx)
+	lwz	$h3,12($ctx)
+	lwz	$h4,16($ctx)
+
+	srwi	$s1,$r1,2
+	srwi	$s2,$r2,2
+	srwi	$s3,$r3,2
+	add	$s1,$s1,$r1		# si = ri + ri>>2
+	add	$s2,$s2,$r2
+	add	$s3,$s3,$r3
+	mtctr	$len
+	li	$mask,3
+	b	Loop
+
+.align	4
+Loop:
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	lwz	$d0,0($inp)		# load input
+	lwz	$d1,4($inp)
+	lwz	$d2,8($inp)
+	lwz	$d3,12($inp)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	lwbrx	$d0,0,$inp		# load input
+	li	$d2,8
+	lwbrx	$d1,$d1,$inp
+	li	$d3,12
+	lwbrx	$d2,$d2,$inp
+	lwbrx	$d3,$d3,$inp
+___
+$code.=<<___;
+	addi	$inp,$inp,16
+
+	addc	$h0,$h0,$d0		# accumulate input
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+
+	mullw	$d0,$h0,$r0		# h0*r0
+	mulhwu	$D0,$h0,$r0
+
+	mullw	$d1,$h0,$r1		# h0*r1
+	mulhwu	$D1,$h0,$r1
+
+	mullw	$d2,$h0,$r2		# h0*r2
+	mulhwu	$D2,$h0,$r2
+
+	 adde	$h3,$h3,$d3
+	 adde	$h4,$h4,$padbit
+
+	mullw	$d3,$h0,$r3		# h0*r3
+	mulhwu	$D3,$h0,$r3
+
+	mullw	$t0,$h1,$s3		# h1*s3
+	mulhwu	$t1,$h1,$s3
+
+	mullw	$t2,$h1,$r0		# h1*r0
+	mulhwu	$t3,$h1,$r0
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h1,$r1		# h1*r1
+	mulhwu	$t1,$h1,$r1
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h1,$r2		# h1*r2
+	mulhwu	$t3,$h1,$r2
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h2,$s2		# h2*s2
+	mulhwu	$t1,$h2,$s2
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+
+	mullw	$t2,$h2,$s3		# h2*s3
+	mulhwu	$t3,$h2,$s3
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h2,$r0		# h2*r0
+	mulhwu	$t1,$h2,$r0
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h2,$r1		# h2*r1
+	mulhwu	$t3,$h2,$r1
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h3,$s1		# h3*s1
+	mulhwu	$t1,$h3,$s1
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+
+	mullw	$t2,$h3,$s2		# h3*s2
+	mulhwu	$t3,$h3,$s2
+	 addc	$d0,$d0,$t0
+	 adde	$D0,$D0,$t1
+
+	mullw	$t0,$h3,$s3		# h3*s3
+	mulhwu	$t1,$h3,$s3
+	 addc	$d1,$d1,$t2
+	 adde	$D1,$D1,$t3
+
+	mullw	$t2,$h3,$r0		# h3*r0
+	mulhwu	$t3,$h3,$r0
+	 addc	$d2,$d2,$t0
+	 adde	$D2,$D2,$t1
+
+	mullw	$t0,$h4,$s1		# h4*s1
+	 addc	$d3,$d3,$t2
+	 adde	$D3,$D3,$t3
+	addc	$d1,$d1,$t0
+
+	mullw	$t1,$h4,$s2		# h4*s2
+	 addze	$D1,$D1
+	addc	$d2,$d2,$t1
+	addze	$D2,$D2
+
+	mullw	$t2,$h4,$s3		# h4*s3
+	addc	$d3,$d3,$t2
+	addze	$D3,$D3
+
+	mullw	$h4,$h4,$r0		# h4*r0
+
+	addc	$h1,$d1,$D0
+	adde	$h2,$d2,$D1
+	adde	$h3,$d3,$D2
+	adde	$h4,$h4,$D3
+
+	andc	$D0,$h4,$mask		# final reduction step
+	and	$h4,$h4,$mask
+	srwi	$D1,$D0,2
+	add	$D0,$D0,$D1
+	addc	$h0,$d0,$D0
+	addze	$h1,$h1
+	addze	$h2,$h2
+	addze	$h3,$h3
+	addze	$h4,$h4
+
+	bdnz	Loop
+
+	stw	$h0,0($ctx)		# store hash value
+	stw	$h1,4($ctx)
+	stw	$h2,8($ctx)
+	stw	$h3,12($ctx)
+	stw	$h4,16($ctx)
+
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,4,0
+.size	.poly1305_blocks,.-.poly1305_blocks
+
+.globl	.poly1305_emit
+.align	4
+.poly1305_emit:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$h0,0($ctx)		# load hash
+	lwz	$h1,4($ctx)
+	lwz	$h2,8($ctx)
+	lwz	$h3,12($ctx)
+	lwz	$h4,16($ctx)
+
+	addic	$d0,$h0,5		# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+	addze	$d3,$h3
+	addze	$mask,$h4
+
+	srwi	$mask,$mask,2		# did it carry/borrow?
+	neg	$mask,$mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	lwz	$d0,0($nonce)		# load nonce
+	andc	$h2,$h2,$mask
+	and	$d2,$d2,$mask
+	or	$h1,$h1,$d1
+	lwz	$d1,4($nonce)
+	andc	$h3,$h3,$mask
+	and	$d3,$d3,$mask
+	or	$h2,$h2,$d2
+	lwz	$d2,8($nonce)
+	or	$h3,$h3,$d3
+	lwz	$d3,12($nonce)
+
+	addc	$h0,$h0,$d0		# accumulate nonce
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+	adde	$h3,$h3,$d3
+___
+$code.=<<___	if ($LITTLE_ENDIAN);
+	stw	$h0,0($mac)		# write result
+	stw	$h1,4($mac)
+	stw	$h2,8($mac)
+	stw	$h3,12($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	stwbrx	$h0,0,$mac		# write result
+	li	$d2,8
+	stwbrx	$h1,$d1,$mac
+	li	$d3,12
+	stwbrx	$h2,$d2,$mac
+	stwbrx	$h3,$d3,$mac
+___
+$code.=<<___;
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,3,0
+.size	.poly1305_emit,.-.poly1305_emit
+___
+							}
+$code.=<<___;
+.asciz	"Poly1305 for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppcfp.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppcfp.pl
new file mode 100755
index 0000000..49f70a8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -0,0 +1,739 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for PowerPC FPU.
+#
+# June 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# and improvement coefficients relative to gcc-generated code.
+#
+# Freescale e300	9.78/+30%
+# PPC74x0		6.92/+50%
+# PPC970		6.03/+80%
+# POWER7		3.50/+30%
+# POWER8		3.75/+10%
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0;
+
+$LWXLE = $LITTLE_ENDIAN ? "lwzx" : "lwbrx";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$LOCALS=6*$SIZE_T;
+$FRAME=$LOCALS+6*8+18*8;
+
+my $sp="r1";
+
+my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6));
+my ($in0,$in1,$in2,$in3,$i1,$i2,$i3) = map("r$_",(7..12,6));
+
+my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,
+    $two0,$two32,$two64,$two96,$two130,$five_two130,
+    $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi,
+    $s2lo,$s2hi,$s3lo,$s3hi,
+    $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("f$_",(0..31));
+# borrowings
+my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi);
+my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi);
+my ($y0,$y1,$y2,$y3) = ($c3lo,$c3hi,$c1lo,$c1hi);
+
+$code.=<<___;
+.machine	"any"
+.text
+
+.globl	.poly1305_init_fpu
+.align	6
+.poly1305_init_fpu:
+	$STU	$sp,-$LOCALS($sp)		# minimal frame
+	mflr	$padbit
+	$PUSH	$padbit,`$LOCALS+$LRSAVE`($sp)
+
+	bl	LPICmeup
+
+	xor	r0,r0,r0
+	mtlr	$padbit				# restore lr
+
+	lfd	$two0,8*0($len)			# load constants
+	lfd	$two32,8*1($len)
+	lfd	$two64,8*2($len)
+	lfd	$two96,8*3($len)
+	lfd	$two130,8*4($len)
+	lfd	$five_two130,8*5($len)
+
+	stfd	$two0,8*0($ctx)			# initial hash value, biased 0
+	stfd	$two32,8*1($ctx)
+	stfd	$two64,8*2($ctx)
+	stfd	$two96,8*3($ctx)
+
+	$UCMP	$inp,r0
+	beq-	Lno_key
+
+	lfd	$h3lo,8*13($len)		# new fpscr
+	mffs	$h3hi				# old fpscr
+
+	stfd	$two0,8*4($ctx)			# key "template"
+	stfd	$two32,8*5($ctx)
+	stfd	$two64,8*6($ctx)
+	stfd	$two96,8*7($ctx)
+
+	li	$in1,4
+	li	$in2,8
+	li	$in3,12
+	$LWXLE	$in0,0,$inp			# load key
+	$LWXLE	$in1,$in1,$inp
+	$LWXLE	$in2,$in2,$inp
+	$LWXLE	$in3,$in3,$inp
+
+	lis	$i1,0xf000			#   0xf0000000
+	ori	$i2,$i1,3			#   0xf0000003
+	andc	$in0,$in0,$i1			# &=0x0fffffff
+	andc	$in1,$in1,$i2			# &=0x0ffffffc
+	andc	$in2,$in2,$i2
+	andc	$in3,$in3,$i2
+
+	stw	$in0,`8*4+(4^$LITTLE_ENDIAN)`($ctx)	# fill "template"
+	stw	$in1,`8*5+(4^$LITTLE_ENDIAN)`($ctx)
+	stw	$in2,`8*6+(4^$LITTLE_ENDIAN)`($ctx)
+	stw	$in3,`8*7+(4^$LITTLE_ENDIAN)`($ctx)
+
+	mtfsf	255,$h3lo			# fpscr
+	stfd	$two0,8*18($ctx)		# copy constants to context
+	stfd	$two32,8*19($ctx)
+	stfd	$two64,8*20($ctx)
+	stfd	$two96,8*21($ctx)
+	stfd	$two130,8*22($ctx)
+	stfd	$five_two130,8*23($ctx)
+
+	lfd	$h0lo,8*4($ctx)			# load [biased] key
+	lfd	$h1lo,8*5($ctx)
+	lfd	$h2lo,8*6($ctx)
+	lfd	$h3lo,8*7($ctx)
+
+	fsub	$h0lo,$h0lo,$two0		# r0
+	fsub	$h1lo,$h1lo,$two32		# r1
+	fsub	$h2lo,$h2lo,$two64		# r2
+	fsub	$h3lo,$h3lo,$two96		# r3
+
+	lfd	$two0,8*6($len)			# more constants
+	lfd	$two32,8*7($len)
+	lfd	$two64,8*8($len)
+	lfd	$two96,8*9($len)
+
+	fmul	$h1hi,$h1lo,$five_two130	# s1
+	fmul	$h2hi,$h2lo,$five_two130	# s2
+	 stfd	$h3hi,8*15($ctx)		# borrow slot for original fpscr
+	fmul	$h3hi,$h3lo,$five_two130	# s3
+
+	fadd	$h0hi,$h0lo,$two0
+	 stfd	$h1hi,8*12($ctx)		# put aside for now
+	fadd	$h1hi,$h1lo,$two32
+	 stfd	$h2hi,8*13($ctx)
+	fadd	$h2hi,$h2lo,$two64
+	 stfd	$h3hi,8*14($ctx)
+	fadd	$h3hi,$h3lo,$two96
+
+	fsub	$h0hi,$h0hi,$two0
+	fsub	$h1hi,$h1hi,$two32
+	fsub	$h2hi,$h2hi,$two64
+	fsub	$h3hi,$h3hi,$two96
+
+	lfd	$two0,8*10($len)		# more constants
+	lfd	$two32,8*11($len)
+	lfd	$two64,8*12($len)
+
+	fsub	$h0lo,$h0lo,$h0hi
+	fsub	$h1lo,$h1lo,$h1hi
+	fsub	$h2lo,$h2lo,$h2hi
+	fsub	$h3lo,$h3lo,$h3hi
+
+	stfd	$h0hi,8*5($ctx)			# r0hi
+	stfd	$h1hi,8*7($ctx)			# r1hi
+	stfd	$h2hi,8*9($ctx)			# r2hi
+	stfd	$h3hi,8*11($ctx)		# r3hi
+
+	stfd	$h0lo,8*4($ctx)			# r0lo
+	stfd	$h1lo,8*6($ctx)			# r1lo
+	stfd	$h2lo,8*8($ctx)			# r2lo
+	stfd	$h3lo,8*10($ctx)		# r3lo
+
+	lfd	$h1lo,8*12($ctx)		# s1
+	lfd	$h2lo,8*13($ctx)		# s2
+	lfd	$h3lo,8*14($ctx)		# s3
+	lfd	$h0lo,8*15($ctx)		# pull original fpscr
+
+	fadd	$h1hi,$h1lo,$two0
+	fadd	$h2hi,$h2lo,$two32
+	fadd	$h3hi,$h3lo,$two64
+
+	fsub	$h1hi,$h1hi,$two0
+	fsub	$h2hi,$h2hi,$two32
+	fsub	$h3hi,$h3hi,$two64
+
+	fsub	$h1lo,$h1lo,$h1hi
+	fsub	$h2lo,$h2lo,$h2hi
+	fsub	$h3lo,$h3lo,$h3hi
+
+	stfd	$h1hi,8*13($ctx)		# s1hi
+	stfd	$h2hi,8*15($ctx)		# s2hi
+	stfd	$h3hi,8*17($ctx)		# s3hi
+
+	stfd	$h1lo,8*12($ctx)		# s1lo
+	stfd	$h2lo,8*14($ctx)		# s2lo
+	stfd	$h3lo,8*16($ctx)		# s3lo
+
+	mtfsf	255,$h0lo			# restore fpscr
+Lno_key:
+	xor	r3,r3,r3
+	addi	$sp,$sp,$LOCALS
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,0,2,0
+.size	.poly1305_init_fpu,.-.poly1305_init_fpu
+
+.globl	.poly1305_blocks_fpu
+.align	4
+.poly1305_blocks_fpu:
+	srwi.	$len,$len,4
+	beq-	Labort
+
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	stfd	f14,`$FRAME-8*18`($sp)
+	stfd	f15,`$FRAME-8*17`($sp)
+	stfd	f16,`$FRAME-8*16`($sp)
+	stfd	f17,`$FRAME-8*15`($sp)
+	stfd	f18,`$FRAME-8*14`($sp)
+	stfd	f19,`$FRAME-8*13`($sp)
+	stfd	f20,`$FRAME-8*12`($sp)
+	stfd	f21,`$FRAME-8*11`($sp)
+	stfd	f22,`$FRAME-8*10`($sp)
+	stfd	f23,`$FRAME-8*9`($sp)
+	stfd	f24,`$FRAME-8*8`($sp)
+	stfd	f25,`$FRAME-8*7`($sp)
+	stfd	f26,`$FRAME-8*6`($sp)
+	stfd	f27,`$FRAME-8*5`($sp)
+	stfd	f28,`$FRAME-8*4`($sp)
+	stfd	f29,`$FRAME-8*3`($sp)
+	stfd	f30,`$FRAME-8*2`($sp)
+	stfd	f31,`$FRAME-8*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	xor	r0,r0,r0
+	li	$in3,1
+	mtctr	$len
+	neg	$len,$len
+	stw	r0,`$LOCALS+8*4+(0^$LITTLE_ENDIAN)`($sp)
+	stw	$in3,`$LOCALS+8*4+(4^$LITTLE_ENDIAN)`($sp)
+
+	lfd	$two0,8*18($ctx)		# load constants
+	lfd	$two32,8*19($ctx)
+	lfd	$two64,8*20($ctx)
+	lfd	$two96,8*21($ctx)
+	lfd	$two130,8*22($ctx)
+	lfd	$five_two130,8*23($ctx)
+
+	lfd	$h0lo,8*0($ctx)			# load [biased] hash value
+	lfd	$h1lo,8*1($ctx)
+	lfd	$h2lo,8*2($ctx)
+	lfd	$h3lo,8*3($ctx)
+
+	stfd	$two0,`$LOCALS+8*0`($sp)	# input "template"
+	oris	$in3,$padbit,`(1023+52+96)<<4`
+	stfd	$two32,`$LOCALS+8*1`($sp)
+	stfd	$two64,`$LOCALS+8*2`($sp)
+	stw	$in3,`$LOCALS+8*3+(0^$LITTLE_ENDIAN)`($sp)
+
+	li	$i1,4
+	li	$i2,8
+	li	$i3,12
+	$LWXLE	$in0,0,$inp			# load input
+	$LWXLE	$in1,$i1,$inp
+	$LWXLE	$in2,$i2,$inp
+	$LWXLE	$in3,$i3,$inp
+	addi	$inp,$inp,16
+
+	stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)	# fill "template"
+	stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+
+	mffs	$x0				# original fpscr
+	lfd	$x1,`$LOCALS+8*4`($sp)		# new fpscr
+	lfd	$r0lo,8*4($ctx)			# load key
+	lfd	$r0hi,8*5($ctx)
+	lfd	$r1lo,8*6($ctx)
+	lfd	$r1hi,8*7($ctx)
+	lfd	$r2lo,8*8($ctx)
+	lfd	$r2hi,8*9($ctx)
+	lfd	$r3lo,8*10($ctx)
+	lfd	$r3hi,8*11($ctx)
+	lfd	$s1lo,8*12($ctx)
+	lfd	$s1hi,8*13($ctx)
+	lfd	$s2lo,8*14($ctx)
+	lfd	$s2hi,8*15($ctx)
+	lfd	$s3lo,8*16($ctx)
+	lfd	$s3hi,8*17($ctx)
+
+	stfd	$x0,`$LOCALS+8*4`($sp)		# save original fpscr
+	mtfsf	255,$x1
+
+	addic	$len,$len,1
+	addze	r0,r0
+	slwi.	r0,r0,4
+	sub	$inp,$inp,r0			# conditional rewind
+
+	lfd	$x0,`$LOCALS+8*0`($sp)
+	lfd	$x1,`$LOCALS+8*1`($sp)
+	lfd	$x2,`$LOCALS+8*2`($sp)
+	lfd	$x3,`$LOCALS+8*3`($sp)
+
+	fsub	$h0lo,$h0lo,$two0		# de-bias hash value
+	 $LWXLE	$in0,0,$inp			# modulo-scheduled input load
+	fsub	$h1lo,$h1lo,$two32
+	 $LWXLE	$in1,$i1,$inp
+	fsub	$h2lo,$h2lo,$two64
+	 $LWXLE	$in2,$i2,$inp
+	fsub	$h3lo,$h3lo,$two96
+	 $LWXLE	$in3,$i3,$inp
+
+	fsub	$x0,$x0,$two0			# de-bias input
+	 addi	$inp,$inp,16
+	fsub	$x1,$x1,$two32
+	fsub	$x2,$x2,$two64
+	fsub	$x3,$x3,$two96
+
+	fadd	$x0,$x0,$h0lo			# accumulate input
+	 stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x1,$x1,$h1lo
+	 stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x2,$x2,$h2lo
+	 stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	fadd	$x3,$x3,$h3lo
+	 stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+
+	b	Lentry
+
+.align	4
+Loop:
+	fsub	$y0,$y0,$two0			# de-bias input
+	 addic	$len,$len,1
+	fsub	$y1,$y1,$two32
+	 addze	r0,r0
+	fsub	$y2,$y2,$two64
+	 slwi.	r0,r0,4
+	fsub	$y3,$y3,$two96
+	 sub	$inp,$inp,r0			# conditional rewind
+
+	fadd	$h0lo,$h0lo,$y0			# accumulate input
+	fadd	$h0hi,$h0hi,$y1
+	fadd	$h2lo,$h2lo,$y2
+	fadd	$h2hi,$h2hi,$y3
+
+	######################################### base 2^48 -> base 2^32
+	fadd	$c1lo,$h1lo,$two64
+	 $LWXLE	$in0,0,$inp			# modulo-scheduled input load
+	fadd	$c1hi,$h1hi,$two64
+	 $LWXLE	$in1,$i1,$inp
+	fadd	$c3lo,$h3lo,$two130
+	 $LWXLE	$in2,$i2,$inp
+	fadd	$c3hi,$h3hi,$two130
+	 $LWXLE	$in3,$i3,$inp
+	fadd	$c0lo,$h0lo,$two32
+	 addi	$inp,$inp,16
+	fadd	$c0hi,$h0hi,$two32
+	fadd	$c2lo,$h2lo,$two96
+	fadd	$c2hi,$h2hi,$two96
+
+	fsub	$c1lo,$c1lo,$two64
+	 stw	$in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp)	# fill "template"
+	fsub	$c1hi,$c1hi,$two64
+	 stw	$in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c3lo,$c3lo,$two130
+	 stw	$in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c3hi,$c3hi,$two130
+	 stw	$in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp)
+	fsub	$c0lo,$c0lo,$two32
+	fsub	$c0hi,$c0hi,$two32
+	fsub	$c2lo,$c2lo,$two96
+	fsub	$c2hi,$c2hi,$two96
+
+	fsub	$h1lo,$h1lo,$c1lo
+	fsub	$h1hi,$h1hi,$c1hi
+	fsub	$h3lo,$h3lo,$c3lo
+	fsub	$h3hi,$h3hi,$c3hi
+	fsub	$h2lo,$h2lo,$c2lo
+	fsub	$h2hi,$h2hi,$c2hi
+	fsub	$h0lo,$h0lo,$c0lo
+	fsub	$h0hi,$h0hi,$c0hi
+
+	fadd	$h1lo,$h1lo,$c0lo
+	fadd	$h1hi,$h1hi,$c0hi
+	fadd	$h3lo,$h3lo,$c2lo
+	fadd	$h3hi,$h3hi,$c2hi
+	fadd	$h2lo,$h2lo,$c1lo
+	fadd	$h2hi,$h2hi,$c1hi
+	fmadd	$h0lo,$c3lo,$five_two130,$h0lo
+	fmadd	$h0hi,$c3hi,$five_two130,$h0hi
+
+	fadd	$x1,$h1lo,$h1hi
+	 lfd	$s1lo,8*12($ctx)		# reload constants
+	fadd	$x3,$h3lo,$h3hi
+	 lfd	$s1hi,8*13($ctx)
+	fadd	$x2,$h2lo,$h2hi
+	 lfd	$r3lo,8*10($ctx)
+	fadd	$x0,$h0lo,$h0hi
+	 lfd	$r3hi,8*11($ctx)
+Lentry:
+	fmul	$h0lo,$s3lo,$x1
+	fmul	$h0hi,$s3hi,$x1
+	fmul	$h2lo,$r1lo,$x1
+	fmul	$h2hi,$r1hi,$x1
+	fmul	$h1lo,$r0lo,$x1
+	fmul	$h1hi,$r0hi,$x1
+	fmul	$h3lo,$r2lo,$x1
+	fmul	$h3hi,$r2hi,$x1
+
+	fmadd	$h0lo,$s1lo,$x3,$h0lo
+	fmadd	$h0hi,$s1hi,$x3,$h0hi
+	fmadd	$h2lo,$s3lo,$x3,$h2lo
+	fmadd	$h2hi,$s3hi,$x3,$h2hi
+	fmadd	$h1lo,$s2lo,$x3,$h1lo
+	fmadd	$h1hi,$s2hi,$x3,$h1hi
+	fmadd	$h3lo,$r0lo,$x3,$h3lo
+	fmadd	$h3hi,$r0hi,$x3,$h3hi
+
+	fmadd	$h0lo,$s2lo,$x2,$h0lo
+	fmadd	$h0hi,$s2hi,$x2,$h0hi
+	fmadd	$h2lo,$r0lo,$x2,$h2lo
+	fmadd	$h2hi,$r0hi,$x2,$h2hi
+	fmadd	$h1lo,$s3lo,$x2,$h1lo
+	fmadd	$h1hi,$s3hi,$x2,$h1hi
+	fmadd	$h3lo,$r1lo,$x2,$h3lo
+	fmadd	$h3hi,$r1hi,$x2,$h3hi
+
+	fmadd	$h0lo,$r0lo,$x0,$h0lo
+	 lfd	$y0,`$LOCALS+8*0`($sp)		# load [biased] input
+	fmadd	$h0hi,$r0hi,$x0,$h0hi
+	 lfd	$y1,`$LOCALS+8*1`($sp)
+	fmadd	$h2lo,$r2lo,$x0,$h2lo
+	 lfd	$y2,`$LOCALS+8*2`($sp)
+	fmadd	$h2hi,$r2hi,$x0,$h2hi
+	 lfd	$y3,`$LOCALS+8*3`($sp)
+	fmadd	$h1lo,$r1lo,$x0,$h1lo
+	fmadd	$h1hi,$r1hi,$x0,$h1hi
+	fmadd	$h3lo,$r3lo,$x0,$h3lo
+	fmadd	$h3hi,$r3hi,$x0,$h3hi
+
+	bdnz	Loop
+
+	######################################### base 2^48 -> base 2^32
+	fadd	$c0lo,$h0lo,$two32
+	fadd	$c0hi,$h0hi,$two32
+	fadd	$c2lo,$h2lo,$two96
+	fadd	$c2hi,$h2hi,$two96
+	fadd	$c1lo,$h1lo,$two64
+	fadd	$c1hi,$h1hi,$two64
+	fadd	$c3lo,$h3lo,$two130
+	fadd	$c3hi,$h3hi,$two130
+
+	fsub	$c0lo,$c0lo,$two32
+	fsub	$c0hi,$c0hi,$two32
+	fsub	$c2lo,$c2lo,$two96
+	fsub	$c2hi,$c2hi,$two96
+	fsub	$c1lo,$c1lo,$two64
+	fsub	$c1hi,$c1hi,$two64
+	fsub	$c3lo,$c3lo,$two130
+	fsub	$c3hi,$c3hi,$two130
+
+	fsub	$h1lo,$h1lo,$c1lo
+	fsub	$h1hi,$h1hi,$c1hi
+	fsub	$h3lo,$h3lo,$c3lo
+	fsub	$h3hi,$h3hi,$c3hi
+	fsub	$h2lo,$h2lo,$c2lo
+	fsub	$h2hi,$h2hi,$c2hi
+	fsub	$h0lo,$h0lo,$c0lo
+	fsub	$h0hi,$h0hi,$c0hi
+
+	fadd	$h1lo,$h1lo,$c0lo
+	fadd	$h1hi,$h1hi,$c0hi
+	fadd	$h3lo,$h3lo,$c2lo
+	fadd	$h3hi,$h3hi,$c2hi
+	fadd	$h2lo,$h2lo,$c1lo
+	fadd	$h2hi,$h2hi,$c1hi
+	fmadd	$h0lo,$c3lo,$five_two130,$h0lo
+	fmadd	$h0hi,$c3hi,$five_two130,$h0hi
+
+	fadd	$x1,$h1lo,$h1hi
+	fadd	$x3,$h3lo,$h3hi
+	fadd	$x2,$h2lo,$h2hi
+	fadd	$x0,$h0lo,$h0hi
+
+	lfd	$h0lo,`$LOCALS+8*4`($sp)	# pull saved fpscr
+	fadd	$x1,$x1,$two32			# bias
+	fadd	$x3,$x3,$two96
+	fadd	$x2,$x2,$two64
+	fadd	$x0,$x0,$two0
+
+	stfd	$x1,8*1($ctx)			# store [biased] hash value
+	stfd	$x3,8*3($ctx)
+	stfd	$x2,8*2($ctx)
+	stfd	$x0,8*0($ctx)
+
+	mtfsf	255,$h0lo			# restore original fpscr
+	lfd	f14,`$FRAME-8*18`($sp)
+	lfd	f15,`$FRAME-8*17`($sp)
+	lfd	f16,`$FRAME-8*16`($sp)
+	lfd	f17,`$FRAME-8*15`($sp)
+	lfd	f18,`$FRAME-8*14`($sp)
+	lfd	f19,`$FRAME-8*13`($sp)
+	lfd	f20,`$FRAME-8*12`($sp)
+	lfd	f21,`$FRAME-8*11`($sp)
+	lfd	f22,`$FRAME-8*10`($sp)
+	lfd	f23,`$FRAME-8*9`($sp)
+	lfd	f24,`$FRAME-8*8`($sp)
+	lfd	f25,`$FRAME-8*7`($sp)
+	lfd	f26,`$FRAME-8*6`($sp)
+	lfd	f27,`$FRAME-8*5`($sp)
+	lfd	f28,`$FRAME-8*4`($sp)
+	lfd	f29,`$FRAME-8*3`($sp)
+	lfd	f30,`$FRAME-8*2`($sp)
+	lfd	f31,`$FRAME-8*1`($sp)
+	addi	$sp,$sp,$FRAME
+Labort:
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,0,4,0
+.size	.poly1305_blocks_fpu,.-.poly1305_blocks_fpu
+___
+{
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3
+   ) = map("r$_",(7..11,28..31));
+my $mask = "r0";
+my $FRAME = (6+4)*$SIZE_T;
+
+$code.=<<___;
+.globl	.poly1305_emit_fpu
+.align	4
+.poly1305_emit_fpu:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+
+	lwz	$d0,`8*0+(0^$LITTLE_ENDIAN)`($ctx)	# load hash
+	lwz	$h0,`8*0+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d1,`8*1+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h1,`8*1+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d2,`8*2+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h2,`8*2+(4^$LITTLE_ENDIAN)`($ctx)
+	lwz	$d3,`8*3+(0^$LITTLE_ENDIAN)`($ctx)
+	lwz	$h3,`8*3+(4^$LITTLE_ENDIAN)`($ctx)
+
+	lis	$mask,0xfff0
+	andc	$d0,$d0,$mask			# mask exponent
+	andc	$d1,$d1,$mask
+	andc	$d2,$d2,$mask
+	andc	$d3,$d3,$mask			# can be partially reduced...
+	li	$mask,3
+
+	srwi	$padbit,$d3,2			# ... so reduce
+	and	$h4,$d3,$mask
+	andc	$d3,$d3,$mask
+	add	$d3,$d3,$padbit
+___
+						if ($SIZE_T==4) {
+$code.=<<___;
+	addc	$h0,$h0,$d3
+	adde	$h1,$h1,$d0
+	adde	$h2,$h2,$d1
+	adde	$h3,$h3,$d2
+	addze	$h4,$h4
+
+	addic	$d0,$h0,5			# compare to modulus
+	addze	$d1,$h1
+	addze	$d2,$h2
+	addze	$d3,$h3
+	addze	$mask,$h4
+
+	srwi	$mask,$mask,2			# did it carry/borrow?
+	neg	$mask,$mask
+	srawi	$mask,$mask,31			# mask
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h1,$h1,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	lwz	$d0,0($nonce)			# load nonce
+	andc	$h2,$h2,$mask
+	and	$d2,$d2,$mask
+	or	$h1,$h1,$d1
+	lwz	$d1,4($nonce)
+	andc	$h3,$h3,$mask
+	and	$d3,$d3,$mask
+	or	$h2,$h2,$d2
+	lwz	$d2,8($nonce)
+	or	$h3,$h3,$d3
+	lwz	$d3,12($nonce)
+
+	addc	$h0,$h0,$d0			# accumulate nonce
+	adde	$h1,$h1,$d1
+	adde	$h2,$h2,$d2
+	adde	$h3,$h3,$d3
+___
+						} else {
+$code.=<<___;
+	add	$h0,$h0,$d3
+	add	$h1,$h1,$d0
+	add	$h2,$h2,$d1
+	add	$h3,$h3,$d2
+
+	srdi	$d0,$h0,32
+	add	$h1,$h1,$d0
+	srdi	$d1,$h1,32
+	add	$h2,$h2,$d1
+	srdi	$d2,$h2,32
+	add	$h3,$h3,$d2
+	srdi	$d3,$h3,32
+	add	$h4,$h4,$d3
+
+	insrdi	$h0,$h1,32,0
+	insrdi	$h2,$h3,32,0
+
+	addic	$d0,$h0,5			# compare to modulus
+	addze	$d1,$h2
+	addze	$d2,$h4
+
+	srdi	$mask,$d2,2			# did it carry/borrow?
+	neg	$mask,$mask
+	sradi	$mask,$mask,63			# mask
+	ld	$d2,0($nonce)			# load nonce
+	ld	$d3,8($nonce)
+
+	andc	$h0,$h0,$mask
+	and	$d0,$d0,$mask
+	andc	$h2,$h2,$mask
+	and	$d1,$d1,$mask
+	or	$h0,$h0,$d0
+	or	$h2,$h2,$d1
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	rotldi	$d2,$d2,32			# flip nonce words
+	rotldi	$d3,$d3,32
+___
+$code.=<<___;
+	addc	$h0,$h0,$d2			# accumulate nonce
+	adde	$h2,$h2,$d3
+
+	srdi	$h1,$h0,32
+	srdi	$h3,$h2,32
+___
+						}
+$code.=<<___	if ($LITTLE_ENDIAN);
+	stw	$h0,0($mac)			# write result
+	stw	$h1,4($mac)
+	stw	$h2,8($mac)
+	stw	$h3,12($mac)
+___
+$code.=<<___	if (!$LITTLE_ENDIAN);
+	li	$d1,4
+	stwbrx	$h0,0,$mac			# write result
+	li	$d2,8
+	stwbrx	$h1,$d1,$mac
+	li	$d3,12
+	stwbrx	$h2,$d2,$mac
+	stwbrx	$h3,$d3,$mac
+___
+$code.=<<___;
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,4,3,0
+.size	.poly1305_emit_fpu,.-.poly1305_emit_fpu
+___
+}
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$len	# vvvvvv "distance" between . and 1st data entry
+	addi	$len,$len,`64-8`	# borrow $len
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+
+.quad	0x4330000000000000		# 2^(52+0)
+.quad	0x4530000000000000		# 2^(52+32)
+.quad	0x4730000000000000		# 2^(52+64)
+.quad	0x4930000000000000		# 2^(52+96)
+.quad	0x4b50000000000000		# 2^(52+130)
+
+.quad	0x37f4000000000000		# 5/2^130
+
+.quad	0x4430000000000000		# 2^(52+16+0)
+.quad	0x4630000000000000		# 2^(52+16+32)
+.quad	0x4830000000000000		# 2^(52+16+64)
+.quad	0x4a30000000000000		# 2^(52+16+96)
+.quad	0x3e30000000000000		# 2^(52+16+0-96)
+.quad	0x4030000000000000		# 2^(52+16+32-96)
+.quad	0x4230000000000000		# 2^(52+16+64-96)
+
+.quad	0x0000000000000001		# fpscr: truncate, no exceptions
+.asciz	"Poly1305 for PPC FPU, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-s390x.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-s390x.pl
new file mode 100755
index 0000000..82d757d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-s390x.pl
@@ -0,0 +1,227 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for s390x.
+#
+# June 2015
+#
+# ~6.6/2.3 cpb on z10/z196+, >2x improvement over compiler-generated
+# code. For older compiler improvement coefficient is >3x, because
+# then base 2^64 and base 2^32 implementations are compared.
+#
+# On side note, z13 enables vector base 2^26 implementation...
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$sp="%r15";
+
+my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5));
+
+$code.=<<___;
+.text
+
+.globl	poly1305_init
+.type	poly1305_init,\@function
+.align	16
+poly1305_init:
+	lghi	%r0,0
+	lghi	%r1,-1
+	stg	%r0,0($ctx)		# zero hash value
+	stg	%r0,8($ctx)
+	stg	%r0,16($ctx)
+
+	cl${g}r	$inp,%r0
+	je	.Lno_key
+
+	lrvg	%r4,0($inp)		# load little-endian key
+	lrvg	%r5,8($inp)
+
+	nihl	%r1,0xffc0		# 0xffffffc0ffffffff
+	srlg	%r0,%r1,4		# 0x0ffffffc0fffffff
+	srlg	%r1,%r1,4
+	nill	%r1,0xfffc		# 0x0ffffffc0ffffffc
+
+	ngr	%r4,%r0
+	ngr	%r5,%r1
+
+	stg	%r4,32($ctx)
+	stg	%r5,40($ctx)
+
+.Lno_key:
+	lghi	%r2,0
+	br	%r14
+.size	poly1305_init,.-poly1305_init
+___
+{
+my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14));
+my ($r0,$r1,$s1) = map("%r$_",(0..2));
+
+$code.=<<___;
+.globl	poly1305_blocks
+.type	poly1305_blocks,\@function
+.align	16
+poly1305_blocks:
+	srl${g}	$len,4			# fixed-up in 64-bit build
+	lghi	%r0,0
+	cl${g}r	$len,%r0
+	je	.Lno_data
+
+	stm${g}	%r6,%r14,`6*$SIZE_T`($sp)
+
+	llgfr   $padbit,$padbit		# clear upper half, much needed with
+					# non-64-bit ABI
+	lg	$r0,32($ctx)		# load key
+	lg	$r1,40($ctx)
+
+	lg	$h0,0($ctx)		# load hash value
+	lg	$h1,8($ctx)
+	lg	$h2,16($ctx)
+
+	st$g	$ctx,`2*$SIZE_T`($sp)	# off-load $ctx
+	srlg	$s1,$r1,2
+	algr	$s1,$r1			# s1 = r1 + r1>>2
+	j	.Loop
+
+.align	16
+.Loop:
+	lrvg	$d0lo,0($inp)		# load little-endian input
+	lrvg	$d1lo,8($inp)
+	la	$inp,16($inp)
+
+	algr	$d0lo,$h0		# accumulate input
+	alcgr	$d1lo,$h1
+
+	lgr	$h0,$d0lo
+	mlgr	$d0hi,$r0		# h0*r0	  -> $d0hi:$d0lo
+	lgr	$h1,$d1lo
+	mlgr	$d1hi,$s1		# h1*5*r1 -> $d1hi:$d1lo
+
+	mlgr	$t0,$r1			# h0*r1   -> $t0:$h0
+	mlgr	$t1,$r0			# h1*r0   -> $t1:$h1
+	alcgr	$h2,$padbit
+
+	algr	$d0lo,$d1lo
+	lgr	$d1lo,$h2
+	alcgr	$d0hi,$d1hi
+	lghi	$d1hi,0
+
+	algr	$h1,$h0
+	alcgr	$t1,$t0
+
+	msgr	$d1lo,$s1		# h2*s1
+	msgr	$h2,$r0			# h2*r0
+
+	algr	$h1,$d1lo
+	alcgr	$t1,$d1hi		# $d1hi is zero
+
+	algr	$h1,$d0hi
+	alcgr	$h2,$t1
+
+	lghi	$h0,-4			# final reduction step
+	ngr	$h0,$h2
+	srlg	$t0,$h2,2
+	algr	$h0,$t0
+	lghi	$t1,3
+	ngr	$h2,$t1
+
+	algr	$h0,$d0lo
+	alcgr	$h1,$d1hi		# $d1hi is still zero
+	alcgr	$h2,$d1hi		# $d1hi is still zero
+
+	brct$g	$len,.Loop
+
+	l$g	$ctx,`2*$SIZE_T`($sp)	# restore $ctx
+
+	stg	$h0,0($ctx)		# store hash value
+	stg	$h1,8($ctx)
+	stg	$h2,16($ctx)
+
+	lm${g}	%r6,%r14,`6*$SIZE_T`($sp)
+.Lno_data:
+	br	%r14
+.size	poly1305_blocks,.-poly1305_blocks
+___
+}
+{
+my ($mac,$nonce)=($inp,$len);
+my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9));
+
+$code.=<<___;
+.globl	poly1305_emit
+.type	poly1305_emit,\@function
+.align	16
+poly1305_emit:
+	stm${g}	%r6,%r9,`6*$SIZE_T`($sp)
+
+	lg	$h0,0($ctx)
+	lg	$h1,8($ctx)
+	lg	$h2,16($ctx)
+
+	lghi	%r0,5
+	lghi	%r1,0
+	lgr	$d0,$h0
+	lgr	$d1,$h1
+
+	algr	$h0,%r0			# compare to modulus
+	alcgr	$h1,%r1
+	alcgr	$h2,%r1
+
+	srlg	$h2,$h2,2		# did it borrow/carry?
+	slgr	%r1,$h2			# 0-$h2>>2
+	lg	$h2,0($nonce)		# load nonce
+	lghi	%r0,-1
+	lg	$ctx,8($nonce)
+	xgr	%r0,%r1			# ~%r1
+
+	ngr	$h0,%r1
+	ngr	$d0,%r0
+	ngr	$h1,%r1
+	ngr	$d1,%r0
+	ogr	$h0,$d0
+	rllg	$d0,$h2,32		# flip nonce words
+	ogr	$h1,$d1
+	rllg	$d1,$ctx,32
+
+	algr	$h0,$d0			# accumulate nonce
+	alcgr	$h1,$d1
+
+	strvg	$h0,0($mac)		# write little-endian result
+	strvg	$h1,8($mac)
+
+	lm${g}	%r6,%r9,`6*$SIZE_T`($sp)
+	br	%r14
+.size	poly1305_emit,.-poly1305_emit
+
+.string	"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-sparcv9.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-sparcv9.pl
new file mode 100755
index 0000000..0bdd048
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -0,0 +1,1120 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for SPARCv9, vanilla, as well
+# as VIS3 and FMA extensions.
+#
+# May, August 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone.
+#
+#			IALU(*)		FMA
+#
+# UltraSPARC III	12.3(**)
+# SPARC T3		7.92
+# SPARC T4		1.70(***)	6.55
+# SPARC64 X		5.60		3.64
+#
+# (*)	Comparison to compiler-generated code is really problematic,
+#	because latter's performance varies too much depending on too
+#	many variables. For example, one can measure from 5x to 15x
+#	improvement on T4 for gcc-4.6. Well, in T4 case it's a bit
+#	unfair comparison, because compiler doesn't use VIS3, but
+#	given same initial conditions coefficient varies from 3x to 9x.
+# (**)	Pre-III performance should be even worse; floating-point
+#	performance for UltraSPARC I-IV on the other hand is reported
+#	to be 4.25 for hand-coded assembly, but they are just too old
+#	to care about.
+# (***)	Multi-process benchmark saturates at ~12.5x single-process
+#	result on 8-core processor, or ~21GBps per 2.85GHz socket.
+
+my $output = pop;
+open STDOUT,">$output";
+
+my ($ctx,$inp,$len,$padbit,$shl,$shr)	= map("%i$_",(0..5));
+my ($r0,$r1,$r2,$r3,$s1,$s2,$s3,$h4)	= map("%l$_",(0..7));
+my ($h0,$h1,$h2,$h3, $t0,$t1,$t2)	= map("%o$_",(0..5,7));
+my ($d0,$d1,$d2,$d3)			= map("%g$_",(1..4));
+
+my $output = pop;
+open STDOUT,">$stdout";
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef	__arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+# define	STPTR	stx
+# define	SIZE_T	8
+#else
+# define	STPTR	st
+# define	SIZE_T	4
+#endif
+#define	LOCALS	(STACK_BIAS+STACK_FRAME)
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	poly1305_init
+.align	32
+poly1305_init:
+	save	%sp,-STACK_FRAME-16,%sp
+	nop
+
+	SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1)
+	ld	[%g1],%g1
+
+	and	%g1,SPARCV9_FMADD|SPARCV9_VIS3,%g1
+	cmp	%g1,SPARCV9_FMADD
+	be	.Lpoly1305_init_fma
+	nop
+
+	stx	%g0,[$ctx+0]
+	stx	%g0,[$ctx+8]		! zero hash value
+	brz,pn	$inp,.Lno_key
+	stx	%g0,[$ctx+16]
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	sll	$shr,3,$shr		! *8
+	neg	$shr,$shl
+
+	sethi	%hi(0x0ffffffc),$t0
+	set	8,$h1
+	or	$t0,%lo(0x0ffffffc),$t0
+	set	16,$h2
+	sllx	$t0,32,$t1
+	or	$t0,$t1,$t1		! 0x0ffffffc0ffffffc
+	or	$t1,3,$t0		! 0x0ffffffc0fffffff
+
+	ldxa	[$inp+%g0]0x88,$h0	! load little-endian key
+	brz,pt	$shr,.Lkey_aligned
+	ldxa	[$inp+$h1]0x88,$h1
+
+	ldxa	[$inp+$h2]0x88,$h2
+	srlx	$h0,$shr,$h0
+	sllx	$h1,$shl,$t2
+	srlx	$h1,$shr,$h1
+	or	$t2,$h0,$h0
+	sllx	$h2,$shl,$h2
+	or	$h2,$h1,$h1
+
+.Lkey_aligned:
+	and	$t0,$h0,$h0
+	and	$t1,$h1,$h1
+	stx	$h0,[$ctx+32+0]		! store key
+	stx	$h1,[$ctx+32+8]
+
+	andcc	%g1,SPARCV9_VIS3,%g0
+	be	.Lno_key
+	nop
+
+1:	call	.+8
+	add	%o7,poly1305_blocks_vis3-1b,%o7
+
+	add	%o7,poly1305_emit-poly1305_blocks_vis3,%o5
+	STPTR	%o7,[%i2]
+	STPTR	%o5,[%i2+SIZE_T]
+
+	ret
+	restore	%g0,1,%o0		! return 1
+
+.Lno_key:
+	ret
+	restore	%g0,%g0,%o0		! return 0
+.type	poly1305_init,#function
+.size	poly1305_init,.-poly1305_init
+
+.globl	poly1305_blocks
+.align	32
+poly1305_blocks:
+	save	%sp,-STACK_FRAME,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Lno_data
+	nop
+
+	ld	[$ctx+32+0],$r1		! load key
+	ld	[$ctx+32+4],$r0
+	ld	[$ctx+32+8],$r3
+	ld	[$ctx+32+12],$r2
+
+	ld	[$ctx+0],$h1		! load hash value
+	ld	[$ctx+4],$h0
+	ld	[$ctx+8],$h3
+	ld	[$ctx+12],$h2
+	ld	[$ctx+16],$h4
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	set	8,$d1
+	sll	$shr,3,$shr		! *8
+	set	16,$d2
+	neg	$shr,$shl
+
+	srl	$r1,2,$s1
+	srl	$r2,2,$s2
+	add	$r1,$s1,$s1
+	srl	$r3,2,$s3
+	add	$r2,$s2,$s2
+	add	$r3,$s3,$s3
+
+.Loop:
+	ldxa	[$inp+%g0]0x88,$d0	! load little-endian input
+	brz,pt	$shr,.Linp_aligned
+	ldxa	[$inp+$d1]0x88,$d1
+
+	ldxa	[$inp+$d2]0x88,$d2
+	srlx	$d0,$shr,$d0
+	sllx	$d1,$shl,$t1
+	srlx	$d1,$shr,$d1
+	or	$t1,$d0,$d0
+	sllx	$d2,$shl,$d2
+	or	$d2,$d1,$d1
+
+.Linp_aligned:
+	srlx	$d0,32,$t0
+	addcc	$d0,$h0,$h0		! accumulate input
+	srlx	$d1,32,$t1
+	addccc	$t0,$h1,$h1
+	addccc	$d1,$h2,$h2
+	addccc	$t1,$h3,$h3
+	addc	$padbit,$h4,$h4
+
+	umul	$r0,$h0,$d0
+	umul	$r1,$h0,$d1
+	umul	$r2,$h0,$d2
+	umul	$r3,$h0,$d3
+	 sub	$len,1,$len
+	 add	$inp,16,$inp
+
+	umul	$s3,$h1,$t0
+	umul	$r0,$h1,$t1
+	umul	$r1,$h1,$t2
+	add	$t0,$d0,$d0
+	add	$t1,$d1,$d1
+	umul	$r2,$h1,$t0
+	add	$t2,$d2,$d2
+	add	$t0,$d3,$d3
+
+	umul	$s2,$h2,$t1
+	umul	$s3,$h2,$t2
+	umul	$r0,$h2,$t0
+	add	$t1,$d0,$d0
+	add	$t2,$d1,$d1
+	umul	$r1,$h2,$t1
+	add	$t0,$d2,$d2
+	add	$t1,$d3,$d3
+
+	umul	$s1,$h3,$t2
+	umul	$s2,$h3,$t0
+	umul	$s3,$h3,$t1
+	add	$t2,$d0,$d0
+	add	$t0,$d1,$d1
+	umul	$r0,$h3,$t2
+	add	$t1,$d2,$d2
+	add	$t2,$d3,$d3
+
+	umul	$s1,$h4,$t0
+	umul	$s2,$h4,$t1
+	umul	$s3,$h4,$t2
+	umul	$r0,$h4,$h4
+	add	$t0,$d1,$d1
+	add	$t1,$d2,$d2
+	srlx	$d0,32,$h1
+	add	$t2,$d3,$d3
+	srlx	$d1,32,$h2
+
+	addcc	$d1,$h1,$h1
+	srlx	$d2,32,$h3
+	 set	8,$d1
+	addccc	$d2,$h2,$h2
+	srlx	$d3,32,$t0
+	 set	16,$d2
+	addccc	$d3,$h3,$h3
+	addc	$t0,$h4,$h4
+
+	srl	$h4,2,$t0		! final reduction step
+	andn	$h4,3,$t1
+	and	$h4,3,$h4
+	add	$t1,$t0,$t0
+
+	addcc	$t0,$d0,$h0
+	addccc	%g0,$h1,$h1
+	addccc	%g0,$h2,$h2
+	addccc	%g0,$h3,$h3
+	brnz,pt	$len,.Loop
+	addc	%g0,$h4,$h4
+
+	st	$h1,[$ctx+0]		! store hash value
+	st	$h0,[$ctx+4]
+	st	$h3,[$ctx+8]
+	st	$h2,[$ctx+12]
+	st	$h4,[$ctx+16]
+
+.Lno_data:
+	ret
+	restore
+.type	poly1305_blocks,#function
+.size	poly1305_blocks,.-poly1305_blocks
+___
+########################################################################
+# VIS3 has umulxhi and addxc...
+{
+my ($H0,$H1,$H2,$R0,$R1,$S1,$T1) = map("%o$_",(0..5,7));
+my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4));
+
+$code.=<<___;
+.align	32
+poly1305_blocks_vis3:
+	save	%sp,-STACK_FRAME,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Lno_data
+	nop
+
+	ldx	[$ctx+32+0],$R0		! load key
+	ldx	[$ctx+32+8],$R1
+
+	ldx	[$ctx+0],$H0		! load hash value
+	ldx	[$ctx+8],$H1
+	ld	[$ctx+16],$H2
+
+	and	$inp,7,$shr		! alignment factor
+	andn	$inp,7,$inp
+	set	8,$r1
+	sll	$shr,3,$shr		! *8
+	set	16,$r2
+	neg	$shr,$shl
+
+	srlx	$R1,2,$S1
+	b	.Loop_vis3
+	add	$R1,$S1,$S1
+
+.Loop_vis3:
+	ldxa	[$inp+%g0]0x88,$D0	! load little-endian input
+	brz,pt	$shr,.Linp_aligned_vis3
+	ldxa	[$inp+$r1]0x88,$D1
+
+	ldxa	[$inp+$r2]0x88,$D2
+	srlx	$D0,$shr,$D0
+	sllx	$D1,$shl,$T1
+	srlx	$D1,$shr,$D1
+	or	$T1,$D0,$D0
+	sllx	$D2,$shl,$D2
+	or	$D2,$D1,$D1
+
+.Linp_aligned_vis3:
+	addcc	$D0,$H0,$H0		! accumulate input
+	 sub	$len,1,$len
+	addxccc	$D1,$H1,$H1
+	 add	$inp,16,$inp
+
+	mulx	$R0,$H0,$D0		! r0*h0
+	addxc	$padbit,$H2,$H2
+	umulxhi	$R0,$H0,$D1
+	mulx	$S1,$H1,$T0		! s1*h1
+	umulxhi	$S1,$H1,$T1
+	addcc	$T0,$D0,$D0
+	mulx	$R1,$H0,$T0		! r1*h0
+	addxc	$T1,$D1,$D1
+	umulxhi	$R1,$H0,$D2
+	addcc	$T0,$D1,$D1
+	mulx	$R0,$H1,$T0		! r0*h1
+	addxc	%g0,$D2,$D2
+	umulxhi	$R0,$H1,$T1
+	addcc	$T0,$D1,$D1
+	mulx	$S1,$H2,$T0		! s1*h2
+	addxc	$T1,$D2,$D2
+	mulx	$R0,$H2,$T1		! r0*h2
+	addcc	$T0,$D1,$D1
+	addxc	$T1,$D2,$D2
+
+	srlx	$D2,2,$T0		! final reduction step
+	andn	$D2,3,$T1
+	and	$D2,3,$H2
+	add	$T1,$T0,$T0
+
+	addcc	$T0,$D0,$H0
+	addxccc	%g0,$D1,$H1
+	brnz,pt	$len,.Loop_vis3
+	addxc	%g0,$H2,$H2
+
+	stx	$H0,[$ctx+0]		! store hash value
+	stx	$H1,[$ctx+8]
+	st	$H2,[$ctx+16]
+
+	ret
+	restore
+.type	poly1305_blocks_vis3,#function
+.size	poly1305_blocks_vis3,.-poly1305_blocks_vis3
+___
+}
+my ($mac,$nonce) = ($inp,$len);
+
+$code.=<<___;
+.globl	poly1305_emit
+.align	32
+poly1305_emit:
+	save	%sp,-STACK_FRAME,%sp
+
+	ld	[$ctx+0],$h1		! load hash value
+	ld	[$ctx+4],$h0
+	ld	[$ctx+8],$h3
+	ld	[$ctx+12],$h2
+	ld	[$ctx+16],$h4
+
+	addcc	$h0,5,$r0		! compare to modulus
+	addccc	$h1,0,$r1
+	addccc	$h2,0,$r2
+	addccc	$h3,0,$r3
+	addc	$h4,0,$h4
+	andcc	$h4,4,%g0		! did it carry/borrow?
+
+	movnz	%icc,$r0,$h0
+	ld	[$nonce+0],$r0		! load nonce
+	movnz	%icc,$r1,$h1
+	ld	[$nonce+4],$r1
+	movnz	%icc,$r2,$h2
+	ld	[$nonce+8],$r2
+	movnz	%icc,$r3,$h3
+	ld	[$nonce+12],$r3
+
+	addcc	$r0,$h0,$h0		! accumulate nonce
+	addccc	$r1,$h1,$h1
+	addccc	$r2,$h2,$h2
+	addc	$r3,$h3,$h3
+
+	srl	$h0,8,$r0
+	stb	$h0,[$mac+0]		! store little-endian result
+	srl	$h0,16,$r1
+	stb	$r0,[$mac+1]
+	srl	$h0,24,$r2
+	stb	$r1,[$mac+2]
+	stb	$r2,[$mac+3]
+
+	srl	$h1,8,$r0
+	stb	$h1,[$mac+4]
+	srl	$h1,16,$r1
+	stb	$r0,[$mac+5]
+	srl	$h1,24,$r2
+	stb	$r1,[$mac+6]
+	stb	$r2,[$mac+7]
+
+	srl	$h2,8,$r0
+	stb	$h2,[$mac+8]
+	srl	$h2,16,$r1
+	stb	$r0,[$mac+9]
+	srl	$h2,24,$r2
+	stb	$r1,[$mac+10]
+	stb	$r2,[$mac+11]
+
+	srl	$h3,8,$r0
+	stb	$h3,[$mac+12]
+	srl	$h3,16,$r1
+	stb	$r0,[$mac+13]
+	srl	$h3,24,$r2
+	stb	$r1,[$mac+14]
+	stb	$r2,[$mac+15]
+
+	ret
+	restore
+.type	poly1305_emit,#function
+.size	poly1305_emit,.-poly1305_emit
+___
+
+{
+my ($ctx,$inp,$len,$padbit) = map("%i$_",(0..3));
+my ($in0,$in1,$in2,$in3,$in4) = map("%o$_",(0..4));
+my ($i1,$step,$shr,$shl) = map("%l$_",(0..7));
+my $i2=$step;
+
+my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,
+    $two0,$two32,$two64,$two96,$two130,$five_two130,
+    $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi,
+    $s2lo,$s2hi,$s3lo,$s3hi,
+    $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("%f".2*$_,(0..31));
+# borrowings
+my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi);
+my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi);
+my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3hi,$c3lo);
+
+$code.=<<___;
+.align	32
+poly1305_init_fma:
+	save	%sp,-STACK_FRAME-16,%sp
+	nop
+
+.Lpoly1305_init_fma:
+1:	call	.+8
+	add	%o7,.Lconsts_fma-1b,%o7
+
+	ldd	[%o7+8*0],$two0			! load constants
+	ldd	[%o7+8*1],$two32
+	ldd	[%o7+8*2],$two64
+	ldd	[%o7+8*3],$two96
+	ldd	[%o7+8*5],$five_two130
+
+	std	$two0,[$ctx+8*0]		! initial hash value, biased 0
+	std	$two32,[$ctx+8*1]
+	std	$two64,[$ctx+8*2]
+	std	$two96,[$ctx+8*3]
+
+	brz,pn	$inp,.Lno_key_fma
+	nop
+
+	stx	%fsr,[%sp+LOCALS]		! save original %fsr
+	ldx	[%o7+8*6],%fsr			! load new %fsr
+
+	std	$two0,[$ctx+8*4] 		! key "template"
+	std	$two32,[$ctx+8*5]
+	std	$two64,[$ctx+8*6]
+	std	$two96,[$ctx+8*7]
+
+	and	$inp,7,$shr
+	andn	$inp,7,$inp			! align pointer
+	mov	8,$i1
+	sll	$shr,3,$shr
+	mov	16,$i2
+	neg	$shr,$shl
+
+	ldxa	[$inp+%g0]0x88,$in0		! load little-endian key
+	ldxa	[$inp+$i1]0x88,$in2
+
+	brz	$shr,.Lkey_aligned_fma
+	sethi	%hi(0xf0000000),$i1		!   0xf0000000
+
+	ldxa	[$inp+$i2]0x88,$in4
+
+	srlx	$in0,$shr,$in0			! align data
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in2
+	or	$in1,$in0,$in0
+	sllx	$in4,$shl,$in3
+	or	$in3,$in2,$in2
+
+.Lkey_aligned_fma:
+	or	$i1,3,$i2			!   0xf0000003
+	srlx	$in0,32,$in1
+	andn	$in0,$i1,$in0			! &=0x0fffffff
+	andn	$in1,$i2,$in1			! &=0x0ffffffc
+	srlx	$in2,32,$in3
+	andn	$in2,$i2,$in2
+	andn	$in3,$i2,$in3
+
+	st	$in0,[$ctx+`8*4+4`]		! fill "template"
+	st	$in1,[$ctx+`8*5+4`]
+	st	$in2,[$ctx+`8*6+4`]
+	st	$in3,[$ctx+`8*7+4`]
+
+	ldd	[$ctx+8*4],$h0lo 		! load [biased] key
+	ldd	[$ctx+8*5],$h1lo
+	ldd	[$ctx+8*6],$h2lo
+	ldd	[$ctx+8*7],$h3lo
+
+	fsubd	$h0lo,$two0, $h0lo		! r0
+	 ldd	[%o7+8*7],$two0 		! more constants
+	fsubd	$h1lo,$two32,$h1lo		! r1
+	 ldd	[%o7+8*8],$two32
+	fsubd	$h2lo,$two64,$h2lo		! r2
+	 ldd	[%o7+8*9],$two64
+	fsubd	$h3lo,$two96,$h3lo		! r3
+	 ldd	[%o7+8*10],$two96
+
+	fmuld	$five_two130,$h1lo,$s1lo	! s1
+	fmuld	$five_two130,$h2lo,$s2lo	! s2
+	fmuld	$five_two130,$h3lo,$s3lo	! s3
+
+	faddd	$h0lo,$two0, $h0hi
+	faddd	$h1lo,$two32,$h1hi
+	faddd	$h2lo,$two64,$h2hi
+	faddd	$h3lo,$two96,$h3hi
+
+	fsubd	$h0hi,$two0, $h0hi
+	 ldd	[%o7+8*11],$two0		! more constants
+	fsubd	$h1hi,$two32,$h1hi
+	 ldd	[%o7+8*12],$two32
+	fsubd	$h2hi,$two64,$h2hi
+	 ldd	[%o7+8*13],$two64
+	fsubd	$h3hi,$two96,$h3hi
+
+	fsubd	$h0lo,$h0hi,$h0lo
+	 std	$h0hi,[$ctx+8*5] 		! r0hi
+	fsubd	$h1lo,$h1hi,$h1lo
+	 std	$h1hi,[$ctx+8*7] 		! r1hi
+	fsubd	$h2lo,$h2hi,$h2lo
+	 std	$h2hi,[$ctx+8*9] 		! r2hi
+	fsubd	$h3lo,$h3hi,$h3lo
+	 std	$h3hi,[$ctx+8*11]		! r3hi
+
+	faddd	$s1lo,$two0, $s1hi
+	faddd	$s2lo,$two32,$s2hi
+	faddd	$s3lo,$two64,$s3hi
+
+	fsubd	$s1hi,$two0, $s1hi
+	fsubd	$s2hi,$two32,$s2hi
+	fsubd	$s3hi,$two64,$s3hi
+
+	fsubd	$s1lo,$s1hi,$s1lo
+	fsubd	$s2lo,$s2hi,$s2lo
+	fsubd	$s3lo,$s3hi,$s3lo
+
+	ldx	[%sp+LOCALS],%fsr		! restore %fsr
+
+	std	$h0lo,[$ctx+8*4] 		! r0lo
+	std	$h1lo,[$ctx+8*6] 		! r1lo
+	std	$h2lo,[$ctx+8*8] 		! r2lo
+	std	$h3lo,[$ctx+8*10]		! r3lo
+
+	std	$s1hi,[$ctx+8*13]
+	std	$s2hi,[$ctx+8*15]
+	std	$s3hi,[$ctx+8*17]
+
+	std	$s1lo,[$ctx+8*12]
+	std	$s2lo,[$ctx+8*14]
+	std	$s3lo,[$ctx+8*16]
+
+	add	%o7,poly1305_blocks_fma-.Lconsts_fma,%o0
+	add	%o7,poly1305_emit_fma-.Lconsts_fma,%o1
+	STPTR	%o0,[%i2]
+	STPTR	%o1,[%i2+SIZE_T]
+
+	ret
+	restore	%g0,1,%o0			! return 1
+
+.Lno_key_fma:
+	ret
+	restore	%g0,%g0,%o0			! return 0
+.type	poly1305_init_fma,#function
+.size	poly1305_init_fma,.-poly1305_init_fma
+
+.align	32
+poly1305_blocks_fma:
+	save	%sp,-STACK_FRAME-48,%sp
+	srln	$len,4,$len
+
+	brz,pn	$len,.Labort
+	sub	$len,1,$len
+
+1:	call	.+8
+	add	%o7,.Lconsts_fma-1b,%o7
+
+	ldd	[%o7+8*0],$two0			! load constants
+	ldd	[%o7+8*1],$two32
+	ldd	[%o7+8*2],$two64
+	ldd	[%o7+8*3],$two96
+	ldd	[%o7+8*4],$two130
+	ldd	[%o7+8*5],$five_two130
+
+	ldd	[$ctx+8*0],$h0lo 		! load [biased] hash value
+	ldd	[$ctx+8*1],$h1lo
+	ldd	[$ctx+8*2],$h2lo
+	ldd	[$ctx+8*3],$h3lo
+
+	std	$two0,[%sp+LOCALS+8*0]		! input "template"
+	sethi	%hi((1023+52+96)<<20),$in3
+	std	$two32,[%sp+LOCALS+8*1]
+	or	$padbit,$in3,$in3
+	std	$two64,[%sp+LOCALS+8*2]
+	st	$in3,[%sp+LOCALS+8*3]
+
+	and	$inp,7,$shr
+	andn	$inp,7,$inp			! align pointer
+	mov	8,$i1
+	sll	$shr,3,$shr
+	mov	16,$step
+	neg	$shr,$shl
+
+	ldxa	[$inp+%g0]0x88,$in0		! load little-endian input
+	brz	$shr,.Linp_aligned_fma
+	ldxa	[$inp+$i1]0x88,$in2
+
+	ldxa	[$inp+$step]0x88,$in4
+	add	$inp,8,$inp
+
+	srlx	$in0,$shr,$in0			! align data
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in2
+	or	$in1,$in0,$in0
+	sllx	$in4,$shl,$in3
+	srlx	$in4,$shr,$in4			! pre-shift
+	or	$in3,$in2,$in2
+
+.Linp_aligned_fma:
+	srlx	$in0,32,$in1
+	movrz	$len,0,$step
+	srlx	$in2,32,$in3
+	add	$step,$inp,$inp			! conditional advance
+
+	st	$in0,[%sp+LOCALS+8*0+4]		! fill "template"
+	st	$in1,[%sp+LOCALS+8*1+4]
+	st	$in2,[%sp+LOCALS+8*2+4]
+	st	$in3,[%sp+LOCALS+8*3+4]
+
+	ldd	[$ctx+8*4],$r0lo 		! load key
+	ldd	[$ctx+8*5],$r0hi
+	ldd	[$ctx+8*6],$r1lo
+	ldd	[$ctx+8*7],$r1hi
+	ldd	[$ctx+8*8],$r2lo
+	ldd	[$ctx+8*9],$r2hi
+	ldd	[$ctx+8*10],$r3lo
+	ldd	[$ctx+8*11],$r3hi
+	ldd	[$ctx+8*12],$s1lo
+	ldd	[$ctx+8*13],$s1hi
+	ldd	[$ctx+8*14],$s2lo
+	ldd	[$ctx+8*15],$s2hi
+	ldd	[$ctx+8*16],$s3lo
+	ldd	[$ctx+8*17],$s3hi
+
+	stx	%fsr,[%sp+LOCALS+8*4]		! save original %fsr
+	ldx	[%o7+8*6],%fsr			! load new %fsr
+
+	subcc	$len,1,$len
+	movrz	$len,0,$step
+
+	ldd	[%sp+LOCALS+8*0],$x0		! load biased input
+	ldd	[%sp+LOCALS+8*1],$x1
+	ldd	[%sp+LOCALS+8*2],$x2
+	ldd	[%sp+LOCALS+8*3],$x3
+
+	fsubd	$h0lo,$two0, $h0lo		! de-bias hash value
+	fsubd	$h1lo,$two32,$h1lo
+	 ldxa	[$inp+%g0]0x88,$in0		! modulo-scheduled input load
+	fsubd	$h2lo,$two64,$h2lo
+	fsubd	$h3lo,$two96,$h3lo
+	 ldxa	[$inp+$i1]0x88,$in2
+
+	fsubd	$x0,$two0, $x0  		! de-bias input
+	fsubd	$x1,$two32,$x1
+	fsubd	$x2,$two64,$x2
+	fsubd	$x3,$two96,$x3
+
+	brz	$shr,.Linp_aligned_fma2
+	add	$step,$inp,$inp			! conditional advance
+
+	sllx	$in0,$shl,$in1			! align data
+	srlx	$in0,$shr,$in3
+	or	$in1,$in4,$in0
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in4			! pre-shift
+	or	$in3,$in1,$in2
+.Linp_aligned_fma2:
+	srlx	$in0,32,$in1
+	srlx	$in2,32,$in3
+
+	faddd	$h0lo,$x0,$x0			! accumulate input
+	 stw	$in0,[%sp+LOCALS+8*0+4]
+	faddd	$h1lo,$x1,$x1
+	 stw	$in1,[%sp+LOCALS+8*1+4]
+	faddd	$h2lo,$x2,$x2
+	 stw	$in2,[%sp+LOCALS+8*2+4]
+	faddd	$h3lo,$x3,$x3
+	 stw	$in3,[%sp+LOCALS+8*3+4]
+
+	b	.Lentry_fma
+	nop
+
+.align	16
+.Loop_fma:
+	ldxa	[$inp+%g0]0x88,$in0		! modulo-scheduled input load
+	ldxa	[$inp+$i1]0x88,$in2
+	movrz	$len,0,$step
+
+	faddd	$y0,$h0lo,$h0lo 		! accumulate input
+	faddd	$y1,$h0hi,$h0hi
+	faddd	$y2,$h2lo,$h2lo
+	faddd	$y3,$h2hi,$h2hi
+
+	brz,pn	$shr,.Linp_aligned_fma3
+	add	$step,$inp,$inp			! conditional advance
+
+	sllx	$in0,$shl,$in1			! align data
+	srlx	$in0,$shr,$in3
+	or	$in1,$in4,$in0
+	sllx	$in2,$shl,$in1
+	srlx	$in2,$shr,$in4			! pre-shift
+	or	$in3,$in1,$in2
+
+.Linp_aligned_fma3:
+	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32
+	faddd	$two64,$h1lo,$c1lo
+	 srlx	$in0,32,$in1
+	faddd	$two64,$h1hi,$c1hi
+	 srlx	$in2,32,$in3
+	faddd	$two130,$h3lo,$c3lo
+	 st	$in0,[%sp+LOCALS+8*0+4]		! fill "template"
+	faddd	$two130,$h3hi,$c3hi
+	 st	$in1,[%sp+LOCALS+8*1+4]
+	faddd	$two32,$h0lo,$c0lo
+	 st	$in2,[%sp+LOCALS+8*2+4]
+	faddd	$two32,$h0hi,$c0hi
+	 st	$in3,[%sp+LOCALS+8*3+4]
+	faddd	$two96,$h2lo,$c2lo
+	faddd	$two96,$h2hi,$c2hi
+
+	fsubd	$c1lo,$two64,$c1lo
+	fsubd	$c1hi,$two64,$c1hi
+	fsubd	$c3lo,$two130,$c3lo
+	fsubd	$c3hi,$two130,$c3hi
+	fsubd	$c0lo,$two32,$c0lo
+	fsubd	$c0hi,$two32,$c0hi
+	fsubd	$c2lo,$two96,$c2lo
+	fsubd	$c2hi,$two96,$c2hi
+
+	fsubd	$h1lo,$c1lo,$h1lo
+	fsubd	$h1hi,$c1hi,$h1hi
+	fsubd	$h3lo,$c3lo,$h3lo
+	fsubd	$h3hi,$c3hi,$h3hi
+	fsubd	$h2lo,$c2lo,$h2lo
+	fsubd	$h2hi,$c2hi,$h2hi
+	fsubd	$h0lo,$c0lo,$h0lo
+	fsubd	$h0hi,$c0hi,$h0hi
+
+	faddd	$h1lo,$c0lo,$h1lo
+	faddd	$h1hi,$c0hi,$h1hi
+	faddd	$h3lo,$c2lo,$h3lo
+	faddd	$h3hi,$c2hi,$h3hi
+	faddd	$h2lo,$c1lo,$h2lo
+	faddd	$h2hi,$c1hi,$h2hi
+	fmaddd	$five_two130,$c3lo,$h0lo,$h0lo
+	fmaddd	$five_two130,$c3hi,$h0hi,$h0hi
+
+	faddd	$h1lo,$h1hi,$x1
+	 ldd	[$ctx+8*12],$s1lo		! reload constants
+	faddd	$h3lo,$h3hi,$x3
+	 ldd	[$ctx+8*13],$s1hi
+	faddd	$h2lo,$h2hi,$x2
+	 ldd	[$ctx+8*10],$r3lo
+	faddd	$h0lo,$h0hi,$x0
+	 ldd	[$ctx+8*11],$r3hi
+
+.Lentry_fma:
+	fmuld	$x1,$s3lo,$h0lo
+	fmuld	$x1,$s3hi,$h0hi
+	fmuld	$x1,$r1lo,$h2lo
+	fmuld	$x1,$r1hi,$h2hi
+	fmuld	$x1,$r0lo,$h1lo
+	fmuld	$x1,$r0hi,$h1hi
+	fmuld	$x1,$r2lo,$h3lo
+	fmuld	$x1,$r2hi,$h3hi
+
+	fmaddd	$x3,$s1lo,$h0lo,$h0lo
+	fmaddd	$x3,$s1hi,$h0hi,$h0hi
+	fmaddd	$x3,$s3lo,$h2lo,$h2lo
+	fmaddd	$x3,$s3hi,$h2hi,$h2hi
+	fmaddd	$x3,$s2lo,$h1lo,$h1lo
+	fmaddd	$x3,$s2hi,$h1hi,$h1hi
+	fmaddd	$x3,$r0lo,$h3lo,$h3lo
+	fmaddd	$x3,$r0hi,$h3hi,$h3hi
+
+	fmaddd	$x2,$s2lo,$h0lo,$h0lo
+	fmaddd	$x2,$s2hi,$h0hi,$h0hi
+	fmaddd	$x2,$r0lo,$h2lo,$h2lo
+	fmaddd	$x2,$r0hi,$h2hi,$h2hi
+	fmaddd	$x2,$s3lo,$h1lo,$h1lo
+	 ldd	[%sp+LOCALS+8*0],$y0		! load [biased] input
+	fmaddd	$x2,$s3hi,$h1hi,$h1hi
+	 ldd	[%sp+LOCALS+8*1],$y1
+	fmaddd	$x2,$r1lo,$h3lo,$h3lo
+	 ldd	[%sp+LOCALS+8*2],$y2
+	fmaddd	$x2,$r1hi,$h3hi,$h3hi
+	 ldd	[%sp+LOCALS+8*3],$y3
+
+	fmaddd	$x0,$r0lo,$h0lo,$h0lo
+	 fsubd	$y0,$two0, $y0  		! de-bias input
+	fmaddd	$x0,$r0hi,$h0hi,$h0hi
+	 fsubd	$y1,$two32,$y1
+	fmaddd	$x0,$r2lo,$h2lo,$h2lo
+	 fsubd	$y2,$two64,$y2
+	fmaddd	$x0,$r2hi,$h2hi,$h2hi
+	 fsubd	$y3,$two96,$y3
+	fmaddd	$x0,$r1lo,$h1lo,$h1lo
+	fmaddd	$x0,$r1hi,$h1hi,$h1hi
+	fmaddd	$x0,$r3lo,$h3lo,$h3lo
+	fmaddd	$x0,$r3hi,$h3hi,$h3hi
+
+	bcc	SIZE_T_CC,.Loop_fma
+	subcc	$len,1,$len
+
+	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32
+	faddd	$h0lo,$two32,$c0lo
+	faddd	$h0hi,$two32,$c0hi
+	faddd	$h2lo,$two96,$c2lo
+	faddd	$h2hi,$two96,$c2hi
+	faddd	$h1lo,$two64,$c1lo
+	faddd	$h1hi,$two64,$c1hi
+	faddd	$h3lo,$two130,$c3lo
+	faddd	$h3hi,$two130,$c3hi
+
+	fsubd	$c0lo,$two32,$c0lo
+	fsubd	$c0hi,$two32,$c0hi
+	fsubd	$c2lo,$two96,$c2lo
+	fsubd	$c2hi,$two96,$c2hi
+	fsubd	$c1lo,$two64,$c1lo
+	fsubd	$c1hi,$two64,$c1hi
+	fsubd	$c3lo,$two130,$c3lo
+	fsubd	$c3hi,$two130,$c3hi
+
+	fsubd	$h1lo,$c1lo,$h1lo
+	fsubd	$h1hi,$c1hi,$h1hi
+	fsubd	$h3lo,$c3lo,$h3lo
+	fsubd	$h3hi,$c3hi,$h3hi
+	fsubd	$h2lo,$c2lo,$h2lo
+	fsubd	$h2hi,$c2hi,$h2hi
+	fsubd	$h0lo,$c0lo,$h0lo
+	fsubd	$h0hi,$c0hi,$h0hi
+
+	faddd	$h1lo,$c0lo,$h1lo
+	faddd	$h1hi,$c0hi,$h1hi
+	faddd	$h3lo,$c2lo,$h3lo
+	faddd	$h3hi,$c2hi,$h3hi
+	faddd	$h2lo,$c1lo,$h2lo
+	faddd	$h2hi,$c1hi,$h2hi
+	fmaddd	$five_two130,$c3lo,$h0lo,$h0lo
+	fmaddd	$five_two130,$c3hi,$h0hi,$h0hi
+
+	faddd	$h1lo,$h1hi,$x1
+	faddd	$h3lo,$h3hi,$x3
+	faddd	$h2lo,$h2hi,$x2
+	faddd	$h0lo,$h0hi,$x0
+
+	faddd	$x1,$two32,$x1  		! bias
+	faddd	$x3,$two96,$x3
+	faddd	$x2,$two64,$x2
+	faddd	$x0,$two0, $x0
+
+	ldx	[%sp+LOCALS+8*4],%fsr		! restore saved %fsr
+
+	std	$x1,[$ctx+8*1]			! store [biased] hash value
+	std	$x3,[$ctx+8*3]
+	std	$x2,[$ctx+8*2]
+	std	$x0,[$ctx+8*0]
+
+.Labort:
+	ret
+	restore
+.type	poly1305_blocks_fma,#function
+.size	poly1305_blocks_fma,.-poly1305_blocks_fma
+___
+{
+my ($mac,$nonce)=($inp,$len);
+
+my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3, $mask
+   ) = (map("%l$_",(0..5)),map("%o$_",(0..4)));
+
+$code.=<<___;
+.align	32
+poly1305_emit_fma:
+	save	%sp,-STACK_FRAME,%sp
+
+	ld	[$ctx+8*0+0],$d0		! load hash
+	ld	[$ctx+8*0+4],$h0
+	ld	[$ctx+8*1+0],$d1
+	ld	[$ctx+8*1+4],$h1
+	ld	[$ctx+8*2+0],$d2
+	ld	[$ctx+8*2+4],$h2
+	ld	[$ctx+8*3+0],$d3
+	ld	[$ctx+8*3+4],$h3
+
+	sethi	%hi(0xfff00000),$mask
+	andn	$d0,$mask,$d0			! mask exponent
+	andn	$d1,$mask,$d1
+	andn	$d2,$mask,$d2
+	andn	$d3,$mask,$d3			! can be partially reduced...
+	mov	3,$mask
+
+	srl	$d3,2,$padbit			! ... so reduce
+	and	$d3,$mask,$h4
+	andn	$d3,$mask,$d3
+	add	$padbit,$d3,$d3
+
+	addcc	$d3,$h0,$h0
+	addccc	$d0,$h1,$h1
+	addccc	$d1,$h2,$h2
+	addccc	$d2,$h3,$h3
+	addc	%g0,$h4,$h4
+
+	addcc	$h0,5,$d0			! compare to modulus
+	addccc	$h1,0,$d1
+	addccc	$h2,0,$d2
+	addccc	$h3,0,$d3
+	addc	$h4,0,$mask
+
+	srl	$mask,2,$mask			! did it carry/borrow?
+	neg	$mask,$mask
+	sra	$mask,31,$mask			! mask
+
+	andn	$h0,$mask,$h0
+	and	$d0,$mask,$d0
+	andn	$h1,$mask,$h1
+	and	$d1,$mask,$d1
+	or	$d0,$h0,$h0
+	ld	[$nonce+0],$d0			! load nonce
+	andn	$h2,$mask,$h2
+	and	$d2,$mask,$d2
+	or	$d1,$h1,$h1
+	ld	[$nonce+4],$d1
+	andn	$h3,$mask,$h3
+	and	$d3,$mask,$d3
+	or	$d2,$h2,$h2
+	ld	[$nonce+8],$d2
+	or	$d3,$h3,$h3
+	ld	[$nonce+12],$d3
+
+	addcc	$d0,$h0,$h0			! accumulate nonce
+	addccc	$d1,$h1,$h1
+	addccc	$d2,$h2,$h2
+	addc	$d3,$h3,$h3
+
+	stb	$h0,[$mac+0]			! write little-endian result
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+4]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+8]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+12]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+1]
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+5]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+9]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+13]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+2]
+	srl	$h0,8,$h0
+	stb	$h1,[$mac+6]
+	srl	$h1,8,$h1
+	stb	$h2,[$mac+10]
+	srl	$h2,8,$h2
+	stb	$h3,[$mac+14]
+	srl	$h3,8,$h3
+
+	stb	$h0,[$mac+3]
+	stb	$h1,[$mac+7]
+	stb	$h2,[$mac+11]
+	stb	$h3,[$mac+15]
+
+	ret
+	restore
+.type	poly1305_emit_fma,#function
+.size	poly1305_emit_fma,.-poly1305_emit_fma
+___
+}
+
+$code.=<<___;
+.align	64
+.Lconsts_fma:
+.word	0x43300000,0x00000000		! 2^(52+0)
+.word	0x45300000,0x00000000		! 2^(52+32)
+.word	0x47300000,0x00000000		! 2^(52+64)
+.word	0x49300000,0x00000000		! 2^(52+96)
+.word	0x4b500000,0x00000000		! 2^(52+130)
+
+.word	0x37f40000,0x00000000		! 5/2^130
+.word	0,1<<30				! fsr: truncate, no exceptions
+
+.word	0x44300000,0x00000000		! 2^(52+16+0)
+.word	0x46300000,0x00000000		! 2^(52+16+32)
+.word	0x48300000,0x00000000		! 2^(52+16+64)
+.word	0x4a300000,0x00000000		! 2^(52+16+96)
+.word	0x3e300000,0x00000000		! 2^(52+16+0-96)
+.word	0x40300000,0x00000000		! 2^(52+16+32-96)
+.word	0x42300000,0x00000000		! 2^(52+16+64-96)
+.asciz	"Poly1305 for SPARCv9/VIS3/FMA, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+}
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis3 {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my ($ref,$opf);
+my %visopf = (	"addxc"		=> 0x011,
+		"addxccc"	=> 0x013,
+		"umulxhi"	=> 0x016	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%([goli])([0-9])/);
+	    $_=$bias{$1}+$2;
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+sub unfma {
+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
+my ($ref,$opf);
+my %fmaopf = (	"fmadds"	=> 0x1,
+		"fmaddd"	=> 0x2,
+		"fmsubs"	=> 0x5,
+		"fmsubd"	=> 0x6		);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
+
+    if ($opf=$fmaopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rs3,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b80000|$rd<<25|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unvis3($1,$2,$3,$4)
+	 /ge	or
+	s/\b(fmadd[sd])\s+(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+)/
+		&unfma($1,$2,$3,$4,$5)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86.pl
new file mode 100755
index 0000000..ab24dfc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86.pl
@@ -0,0 +1,1814 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for x86.
+#
+# April 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# measured with rdtsc at fixed clock frequency.
+#
+#		IALU/gcc-3.4(*)	SSE2(**)	AVX2
+# Pentium	15.7/+80%	-
+# PIII		6.21/+90%	-
+# P4		19.8/+40%	3.24
+# Core 2	4.85/+90%	1.80
+# Westmere	4.58/+100%	1.43
+# Sandy Bridge	3.90/+100%	1.36
+# Haswell	3.88/+70%	1.18		0.72
+# Silvermont	11.0/+40%	4.80
+# Goldmont	4.10/+200%	2.10
+# VIA Nano	6.71/+90%	2.47
+# Sledgehammer	3.51/+180%	4.27
+# Bulldozer	4.53/+140%	1.31
+#
+# (*)	gcc 4.8 for some reason generated worse code;
+# (**)	besides SSE2 there are floating-point and AVX options; FP
+#	is deemed unnecessary, because pre-SSE2 processor are too
+#	old to care about, while it's not the fastest option on
+#	SSE2-capable ones; AVX is omitted, because it doesn't give
+#	a lot of improvement, 5-10% depending on processor;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"poly1305-x86.pl",$ARGV[$#ARGV] eq "386");
+
+$sse2=$avx=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+if ($sse2) {
+	&static_label("const_sse2");
+	&static_label("enter_blocks");
+	&static_label("enter_emit");
+	&external_label("OPENSSL_ia32cap_P");
+
+	if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+		$avx = ($1>=2.19) + ($1>=2.22);
+	}
+
+	if (!$avx && $ARGV[0] eq "win32n" &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+	}
+
+	if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) {
+		$avx = ($2>=3.0) + ($2>3.0);
+	}
+}
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^32
+#	unsigned __int32 pad;		# is_base2_26 in vector context
+#	unsigned __int32 r[4];		# key value base 2^32
+
+&align(64);
+&function_begin("poly1305_init");
+	&mov	("edi",&wparam(0));		# context
+	&mov	("esi",&wparam(1));		# key
+	&mov	("ebp",&wparam(2));		# function table
+
+	&xor	("eax","eax");
+	&mov	(&DWP(4*0,"edi"),"eax");	# zero hash value
+	&mov	(&DWP(4*1,"edi"),"eax");
+	&mov	(&DWP(4*2,"edi"),"eax");
+	&mov	(&DWP(4*3,"edi"),"eax");
+	&mov	(&DWP(4*4,"edi"),"eax");
+	&mov	(&DWP(4*5,"edi"),"eax");	# is_base2_26
+
+	&cmp	("esi",0);
+	&je	(&label("nokey"));
+
+    if ($sse2) {
+	&call	(&label("pic_point"));
+    &set_label("pic_point");
+	&blindpop("ebx");
+
+	&lea	("eax",&DWP("poly1305_blocks-".&label("pic_point"),"ebx"));
+	&lea	("edx",&DWP("poly1305_emit-".&label("pic_point"),"ebx"));
+
+	&picmeup("edi","OPENSSL_ia32cap_P","ebx",&label("pic_point"));
+	&mov	("ecx",&DWP(0,"edi"));
+	&and	("ecx",1<<26|1<<24);
+	&cmp	("ecx",1<<26|1<<24);		# SSE2 and XMM?
+	&jne	(&label("no_sse2"));
+
+	&lea	("eax",&DWP("_poly1305_blocks_sse2-".&label("pic_point"),"ebx"));
+	&lea	("edx",&DWP("_poly1305_emit_sse2-".&label("pic_point"),"ebx"));
+
+      if ($avx>1) {
+	&mov	("ecx",&DWP(8,"edi"));
+	&test	("ecx",1<<5);			# AVX2?
+	&jz	(&label("no_sse2"));
+
+	&lea	("eax",&DWP("_poly1305_blocks_avx2-".&label("pic_point"),"ebx"));
+      }
+    &set_label("no_sse2");
+	&mov	("edi",&wparam(0));		# reload context
+	&mov	(&DWP(0,"ebp"),"eax");		# fill function table
+	&mov	(&DWP(4,"ebp"),"edx");
+    }
+
+	&mov	("eax",&DWP(4*0,"esi"));	# load input key
+	&mov	("ebx",&DWP(4*1,"esi"));
+	&mov	("ecx",&DWP(4*2,"esi"));
+	&mov	("edx",&DWP(4*3,"esi"));
+	&and	("eax",0x0fffffff);
+	&and	("ebx",0x0ffffffc);
+	&and	("ecx",0x0ffffffc);
+	&and	("edx",0x0ffffffc);
+	&mov	(&DWP(4*6,"edi"),"eax");
+	&mov	(&DWP(4*7,"edi"),"ebx");
+	&mov	(&DWP(4*8,"edi"),"ecx");
+	&mov	(&DWP(4*9,"edi"),"edx");
+
+	&mov	("eax",$sse2);
+&set_label("nokey");
+&function_end("poly1305_init");
+
+($h0,$h1,$h2,$h3,$h4,
+ $d0,$d1,$d2,$d3,
+ $r0,$r1,$r2,$r3,
+     $s1,$s2,$s3)=map(4*$_,(0..15));
+
+&function_begin("poly1305_blocks");
+	&mov	("edi",&wparam(0));		# ctx
+	&mov	("esi",&wparam(1));		# inp
+	&mov	("ecx",&wparam(2));		# len
+&set_label("enter_blocks");
+	&and	("ecx",-15);
+	&jz	(&label("nodata"));
+
+	&stack_push(16);
+	&mov	("eax",&DWP(4*6,"edi"));	# r0
+	&mov	("ebx",&DWP(4*7,"edi"));	# r1
+	 &lea	("ebp",&DWP(0,"esi","ecx"));	# end of input
+	&mov	("ecx",&DWP(4*8,"edi"));	# r2
+	&mov	("edx",&DWP(4*9,"edi"));	# r3
+
+	&mov	(&wparam(2),"ebp");
+	&mov	("ebp","esi");
+
+	&mov	(&DWP($r0,"esp"),"eax");	# r0
+	&mov	("eax","ebx");
+	&shr	("eax",2);
+	&mov	(&DWP($r1,"esp"),"ebx");	# r1
+	&add	("eax","ebx");			# s1
+	&mov	("ebx","ecx");
+	&shr	("ebx",2);
+	&mov	(&DWP($r2,"esp"),"ecx");	# r2
+	&add	("ebx","ecx");			# s2
+	&mov	("ecx","edx");
+	&shr	("ecx",2);
+	&mov	(&DWP($r3,"esp"),"edx");	# r3
+	&add	("ecx","edx");			# s3
+	&mov	(&DWP($s1,"esp"),"eax");	# s1
+	&mov	(&DWP($s2,"esp"),"ebx");	# s2
+	&mov	(&DWP($s3,"esp"),"ecx");	# s3
+
+	&mov	("eax",&DWP(4*0,"edi"));	# load hash value
+	&mov	("ebx",&DWP(4*1,"edi"));
+	&mov	("ecx",&DWP(4*2,"edi"));
+	&mov	("esi",&DWP(4*3,"edi"));
+	&mov	("edi",&DWP(4*4,"edi"));
+	&jmp	(&label("loop"));
+
+&set_label("loop",32);
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate input
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&adc	("esi",&DWP(4*3,"ebp"));
+	&lea	("ebp",&DWP(4*4,"ebp"));
+	&adc	("edi",&wparam(3));		# padbit
+
+	&mov	(&DWP($h0,"esp"),"eax");	# put aside hash[+inp]
+	&mov	(&DWP($h3,"esp"),"esi");
+
+	&mul	(&DWP($r0,"esp"));		# h0*r0
+	 &mov	(&DWP($h4,"esp"),"edi");
+	&mov	("edi","eax");
+	&mov	("eax","ebx");			# h1
+	&mov	("esi","edx");
+	&mul	(&DWP($s3,"esp"));		# h1*s3
+	&add	("edi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("esi","edx");
+	&mul	(&DWP($s2,"esp"));		# h2*s2
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("esi","edx");
+	&mul	(&DWP($s1,"esp"));		# h3*s1
+	&add	("edi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("esi","edx");
+
+	&mul	(&DWP($r1,"esp"));		# h0*r1
+	 &mov	(&DWP($d0,"esp"),"edi");
+	&xor	("edi","edi");
+	&add	("esi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("edi","edx");
+	&mul	(&DWP($r0,"esp"));		# h1*r0
+	&add	("esi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("edi","edx");
+	&mul	(&DWP($s3,"esp"));		# h2*s3
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("edi","edx");
+	&mul	(&DWP($s2,"esp"));		# h3*s2
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h4,"esp"));
+	&adc	("edi","edx");
+	&imul	("eax",&DWP($s1,"esp"));	# h4*s1
+	&add	("esi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("edi",0);
+
+	&mul	(&DWP($r2,"esp"));		# h0*r2
+	 &mov	(&DWP($d1,"esp"),"esi");
+	&xor	("esi","esi");
+	&add	("edi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("esi","edx");
+	&mul	(&DWP($r1,"esp"));		# h1*r1
+	&add	("edi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("esi","edx");
+	&mul	(&DWP($r0,"esp"));		# h2*r0
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("esi","edx");
+	&mul	(&DWP($s3,"esp"));		# h3*s3
+	&add	("edi","eax");
+	&mov	("eax",&DWP($h4,"esp"));
+	&adc	("esi","edx");
+	&imul	("eax",&DWP($s2,"esp"));	# h4*s2
+	&add	("edi","eax");
+	 &mov	("eax",&DWP($h0,"esp"));
+	&adc	("esi",0);
+
+	&mul	(&DWP($r3,"esp"));		# h0*r3
+	 &mov	(&DWP($d2,"esp"),"edi");
+	&xor	("edi","edi");
+	&add	("esi","eax");
+	&mov	("eax","ebx");			# h1
+	&adc	("edi","edx");
+	&mul	(&DWP($r2,"esp"));		# h1*r2
+	&add	("esi","eax");
+	&mov	("eax","ecx");			# h2
+	&adc	("edi","edx");
+	&mul	(&DWP($r1,"esp"));		# h2*r1
+	&add	("esi","eax");
+	&mov	("eax",&DWP($h3,"esp"));
+	&adc	("edi","edx");
+	&mul	(&DWP($r0,"esp"));		# h3*r0
+	&add	("esi","eax");
+	 &mov	("ecx",&DWP($h4,"esp"));
+	&adc	("edi","edx");
+
+	&mov	("edx","ecx");
+	&imul	("ecx",&DWP($s3,"esp"));	# h4*s3
+	&add	("esi","ecx");
+	 &mov	("eax",&DWP($d0,"esp"));
+	&adc	("edi",0);
+
+	&imul	("edx",&DWP($r0,"esp"));	# h4*r0
+	&add	("edx","edi");
+
+	&mov	("ebx",&DWP($d1,"esp"));
+	&mov	("ecx",&DWP($d2,"esp"));
+
+	&mov	("edi","edx");			# last reduction step
+	&shr	("edx",2);
+	&and	("edi",3);
+	&lea	("edx",&DWP(0,"edx","edx",4));	# *5
+	&add	("eax","edx");
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("esi",0);
+	&adc	("edi",0);
+
+	&cmp	("ebp",&wparam(2));		# done yet?
+	&jne	(&label("loop"));
+
+	&mov	("edx",&wparam(0));		# ctx
+	&stack_pop(16);
+	&mov	(&DWP(4*0,"edx"),"eax");	# store hash value
+	&mov	(&DWP(4*1,"edx"),"ebx");
+	&mov	(&DWP(4*2,"edx"),"ecx");
+	&mov	(&DWP(4*3,"edx"),"esi");
+	&mov	(&DWP(4*4,"edx"),"edi");
+&set_label("nodata");
+&function_end("poly1305_blocks");
+
+&function_begin("poly1305_emit");
+	&mov	("ebp",&wparam(0));		# context
+&set_label("enter_emit");
+	&mov	("edi",&wparam(1));		# output
+	&mov	("eax",&DWP(4*0,"ebp"));	# load hash value
+	&mov	("ebx",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("esi",&DWP(4*4,"ebp"));
+
+	&add	("eax",5);			# compare to modulus
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("edx",0);
+	&adc	("esi",0);
+	&shr	("esi",2);			# did it carry/borrow?
+	&neg	("esi");			# do we choose hash-modulus?
+
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+
+	&not	("esi");			# or original hash value?
+	&mov	("eax",&DWP(4*0,"ebp"));
+	&mov	("ebx",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("ebp",&wparam(2));
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&or	("eax",&DWP(4*0,"edi"));
+	&or	("ebx",&DWP(4*1,"edi"));
+	&or	("ecx",&DWP(4*2,"edi"));
+	&or	("edx",&DWP(4*3,"edi"));
+
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate key
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&adc	("edx",&DWP(4*3,"ebp"));
+
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+&function_end("poly1305_emit");
+
+if ($sse2) {
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^26
+#	unsigned __int32 is_base2_26;
+#	unsigned __int32 r[4];		# key value base 2^32
+#	unsigned __int32 pad[2];
+#	struct { unsigned __int32 r^4, r^3, r^2, r^1; } r[9];
+#
+# where r^n are base 2^26 digits of degrees of multiplier key. There are
+# 5 digits, but last four are interleaved with multiples of 5, totalling
+# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4.
+
+my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("xmm$_",(0..7));
+my $MASK=$T2;	# borrow and keep in mind
+
+&align	(32);
+&function_begin_B("_poly1305_init_sse2");
+	&movdqu		($D4,&QWP(4*6,"edi"));		# key base 2^32
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&mov		("ebp","esp");
+	&sub		("esp",16*(9+5));
+	&and		("esp",-16);
+
+	#&pand		($D4,&QWP(96,"ebx"));		# magic mask
+	&movq		($MASK,&QWP(64,"ebx"));
+
+	&movdqa		($D0,$D4);
+	&movdqa		($D1,$D4);
+	&movdqa		($D2,$D4);
+
+	&pand		($D0,$MASK);			# -> base 2^26
+	&psrlq		($D1,26);
+	&psrldq		($D2,6);
+	&pand		($D1,$MASK);
+	&movdqa		($D3,$D2);
+	&psrlq		($D2,4)
+	&psrlq		($D3,30);
+	&pand		($D2,$MASK);
+	&pand		($D3,$MASK);
+	&psrldq		($D4,13);
+
+	&lea		("edx",&DWP(16*9,"esp"));	# size optimization
+	&mov		("ecx",2);
+&set_label("square");
+	&movdqa		(&QWP(16*0,"esp"),$D0);
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*2,"esp"),$D2);
+	&movdqa		(&QWP(16*3,"esp"),$D3);
+	&movdqa		(&QWP(16*4,"esp"),$D4);
+
+	&movdqa		($T1,$D1);
+	&movdqa		($T0,$D2);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D1);			# *5
+	&paddd		($T0,$D2);			# *5
+	&movdqa		(&QWP(16*5,"esp"),$T1);
+	&movdqa		(&QWP(16*6,"esp"),$T0);
+	&movdqa		($T1,$D3);
+	&movdqa		($T0,$D4);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D3);			# *5
+	&paddd		($T0,$D4);			# *5
+	&movdqa		(&QWP(16*7,"esp"),$T1);
+	&movdqa		(&QWP(16*8,"esp"),$T0);
+
+	&pshufd		($T1,$D0,0b01000100);
+	&movdqa		($T0,$D1);
+	&pshufd		($D1,$D1,0b01000100);
+	&pshufd		($D2,$D2,0b01000100);
+	&pshufd		($D3,$D3,0b01000100);
+	&pshufd		($D4,$D4,0b01000100);
+	&movdqa		(&QWP(16*0,"edx"),$T1);
+	&movdqa		(&QWP(16*1,"edx"),$D1);
+	&movdqa		(&QWP(16*2,"edx"),$D2);
+	&movdqa		(&QWP(16*3,"edx"),$D3);
+	&movdqa		(&QWP(16*4,"edx"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($D4,$D0);			# h4*r0
+	&pmuludq	($D3,$D0);			# h3*r0
+	&pmuludq	($D2,$D0);			# h2*r0
+	&pmuludq	($D1,$D0);			# h1*r0
+	&pmuludq	($D0,$T1);			# h0*r0
+
+sub pmuladd {
+my $load = shift;
+my $base = shift; $base = "esp" if (!defined($base));
+
+	################################################################
+	# As for choice to "rotate" $T0-$T2 in order to move paddq
+	# past next multiplication. While it makes code harder to read
+	# and doesn't have significant effect on most processors, it
+	# makes a lot of difference on Atom, up to 30% improvement.
+
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*3,$base));		# r1*h3
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*2,$base));		# r1*h2
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*1,$base));		# r1*h1
+	&paddq		($D3,$T1);
+	&$load		($T1,5);			# s1
+	&pmuludq	($T0,&QWP(16*0,$base));		# r1*h0
+	&paddq		($D2,$T2);
+	&pmuludq	($T1,&QWP(16*4,$base));		# s1*h4
+	 &$load		($T2,2);			# r2^n
+	&paddq		($D1,$T0);
+
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*2,$base));		# r2*h2
+	 &paddq		($D0,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*1,$base));		# r2*h1
+	&paddq		($D4,$T2);
+	&$load		($T2,6);			# s2^n
+	&pmuludq	($T1,&QWP(16*0,$base));		# r2*h0
+	&paddq		($D3,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*4,$base));		# s2*h4
+	&paddq		($D2,$T1);
+	&pmuludq	($T0,&QWP(16*3,$base));		# s2*h3
+	 &$load		($T1,3);			# r3^n
+	&paddq		($D1,$T2);
+
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*1,$base));		# r3*h1
+	 &paddq		($D0,$T0);
+	&$load		($T0,7);			# s3^n
+	&pmuludq	($T2,&QWP(16*0,$base));		# r3*h0
+	&paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*4,$base));		# s3*h4
+	&paddq		($D3,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*3,$base));		# s3*h3
+	&paddq		($D2,$T0);
+	&pmuludq	($T2,&QWP(16*2,$base));		# s3*h2
+	 &$load		($T0,4);			# r4^n
+	&paddq		($D1,$T1);
+
+	&$load		($T1,8);			# s4^n
+	&pmuludq	($T0,&QWP(16*0,$base));		# r4*h0
+	 &paddq		($D0,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&QWP(16*4,$base));		# s4*h4
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&QWP(16*1,$base));		# s4*h1
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&QWP(16*2,$base));		# s4*h2
+	&paddq		($D0,$T2);
+	&pmuludq	($T1,&QWP(16*3,$base));		# s4*h3
+	 &movdqa	($MASK,&QWP(64,"ebx"));
+	&paddq		($D1,$T0);
+	&paddq		($D2,$T1);
+}
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&movdqa ($reg,&QWP(16*$i,"esp"));
+			     },"edx");
+
+sub lazy_reduction {
+my $extra = shift;
+
+	################################################################
+	# lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	# and P. Schwabe
+	#
+	# [(*) see discussion in poly1305-armv4 module]
+
+	 &movdqa	($T0,$D3);
+	 &pand		($D3,$MASK);
+	 &psrlq		($T0,26);
+	 &$extra	()				if (defined($extra));
+	 &paddq		($T0,$D4);			# h3 -> h4
+	&movdqa		($T1,$D0);
+	&pand		($D0,$MASK);
+	&psrlq		($T1,26);
+	 &movdqa	($D4,$T0);
+	&paddq		($T1,$D1);			# h0 -> h1
+	 &psrlq		($T0,26);
+	 &pand		($D4,$MASK);
+	&movdqa		($D1,$T1);
+	&psrlq		($T1,26);
+	 &paddd		($D0,$T0);			# favour paddd when
+							# possible, because
+							# paddq is "broken"
+							# on Atom
+	 &psllq		($T0,2);
+	&paddq		($T1,$D2);			# h1 -> h2
+	 &paddq		($T0,$D0);			# h4 -> h0 (*)
+	&pand		($D1,$MASK);
+	&movdqa		($D2,$T1);
+	&psrlq		($T1,26);
+	&pand		($D2,$MASK);
+	&paddd		($T1,$D3);			# h2 -> h3
+	 &movdqa	($D0,$T0);
+	 &psrlq		($T0,26);
+	&movdqa		($D3,$T1);
+	&psrlq		($T1,26);
+	 &pand		($D0,$MASK);
+	 &paddd		($D1,$T0);			# h0 -> h1
+	&pand		($D3,$MASK);
+	&paddd		($D4,$T1);			# h3 -> h4
+}
+	&lazy_reduction	();
+
+	&dec		("ecx");
+	&jz		(&label("square_break"));
+
+	&punpcklqdq	($D0,&QWP(16*0,"esp"));		# 0:r^1:0:r^2
+	&punpcklqdq	($D1,&QWP(16*1,"esp"));
+	&punpcklqdq	($D2,&QWP(16*2,"esp"));
+	&punpcklqdq	($D3,&QWP(16*3,"esp"));
+	&punpcklqdq	($D4,&QWP(16*4,"esp"));
+	&jmp		(&label("square"));
+
+&set_label("square_break");
+	&psllq		($D0,32);			# -> r^3:0:r^4:0
+	&psllq		($D1,32);
+	&psllq		($D2,32);
+	&psllq		($D3,32);
+	&psllq		($D4,32);
+	&por		($D0,&QWP(16*0,"esp"));		# r^3:r^1:r^4:r^2
+	&por		($D1,&QWP(16*1,"esp"));
+	&por		($D2,&QWP(16*2,"esp"));
+	&por		($D3,&QWP(16*3,"esp"));
+	&por		($D4,&QWP(16*4,"esp"));
+
+	&pshufd		($D0,$D0,0b10001101);		# -> r^1:r^2:r^3:r^4
+	&pshufd		($D1,$D1,0b10001101);
+	&pshufd		($D2,$D2,0b10001101);
+	&pshufd		($D3,$D3,0b10001101);
+	&pshufd		($D4,$D4,0b10001101);
+
+	&movdqu		(&QWP(16*0,"edi"),$D0);		# save the table
+	&movdqu		(&QWP(16*1,"edi"),$D1);
+	&movdqu		(&QWP(16*2,"edi"),$D2);
+	&movdqu		(&QWP(16*3,"edi"),$D3);
+	&movdqu		(&QWP(16*4,"edi"),$D4);
+
+	&movdqa		($T1,$D1);
+	&movdqa		($T0,$D2);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D1);			# *5
+	&paddd		($T0,$D2);			# *5
+	&movdqu		(&QWP(16*5,"edi"),$T1);
+	&movdqu		(&QWP(16*6,"edi"),$T0);
+	&movdqa		($T1,$D3);
+	&movdqa		($T0,$D4);
+	&pslld		($T1,2);
+	&pslld		($T0,2);
+	&paddd		($T1,$D3);			# *5
+	&paddd		($T0,$D4);			# *5
+	&movdqu		(&QWP(16*7,"edi"),$T1);
+	&movdqu		(&QWP(16*8,"edi"),$T0);
+
+	&mov		("esp","ebp");
+	&lea		("edi",&DWP(-16*3,"edi"));	# size de-optimization
+	&ret		();
+&function_end_B("_poly1305_init_sse2");
+
+&align	(32);
+&function_begin("_poly1305_blocks_sse2");
+	&mov	("edi",&wparam(0));			# ctx
+	&mov	("esi",&wparam(1));			# inp
+	&mov	("ecx",&wparam(2));			# len
+
+	&mov	("eax",&DWP(4*5,"edi"));		# is_base2_26
+	&and	("ecx",-16);
+	&jz	(&label("nodata"));
+	&cmp	("ecx",64);
+	&jae	(&label("enter_sse2"));
+	&test	("eax","eax");				# is_base2_26?
+	&jz	(&label("enter_blocks"));
+
+&set_label("enter_sse2",16);
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx"));
+
+	&test	("eax","eax");				# is_base2_26?
+	&jnz	(&label("base2_26"));
+
+	&call	("_poly1305_init_sse2");
+
+	################################################# base 2^32 -> base 2^26
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ecx",&DWP(3,"edi"));
+	&mov	("edx",&DWP(6,"edi"));
+	&mov	("esi",&DWP(9,"edi"));
+	&mov	("ebp",&DWP(13,"edi"));
+	&mov	(&DWP(4*5,"edi"),1);			# is_base2_26
+
+	&shr	("ecx",2);
+	&and	("eax",0x3ffffff);
+	&shr	("edx",4);
+	&and	("ecx",0x3ffffff);
+	&shr	("esi",6);
+	&and	("edx",0x3ffffff);
+
+	&movd	($D0,"eax");
+	&movd	($D1,"ecx");
+	&movd	($D2,"edx");
+	&movd	($D3,"esi");
+	&movd	($D4,"ebp");
+
+	&mov	("esi",&wparam(1));			# [reload] inp
+	&mov	("ecx",&wparam(2));			# [reload] len
+	&jmp	(&label("base2_32"));
+
+&set_label("base2_26",16);
+	&movd	($D0,&DWP(4*0,"edi"));			# load hash value
+	&movd	($D1,&DWP(4*1,"edi"));
+	&movd	($D2,&DWP(4*2,"edi"));
+	&movd	($D3,&DWP(4*3,"edi"));
+	&movd	($D4,&DWP(4*4,"edi"));
+	&movdqa	($MASK,&QWP(64,"ebx"));
+
+&set_label("base2_32");
+	&mov	("eax",&wparam(3));			# padbit
+	&mov	("ebp","esp");
+
+	&sub	("esp",16*(5+5+5+9+9));
+	&and	("esp",-16);
+
+	&lea	("edi",&DWP(16*3,"edi"));		# size optimization
+	&shl	("eax",24);				# padbit
+
+	&test	("ecx",31);
+	&jz	(&label("even"));
+
+	################################################################
+	# process single block, with SSE2, because it's still faster
+	# even though half of result is discarded
+
+	&movdqu		($T1,&QWP(0,"esi"));		# input
+	&lea		("esi",&DWP(16,"esi"));
+
+	&movdqa		($T0,$T1);			# -> base 2^26 ...
+	&pand		($T1,$MASK);
+	&paddd		($D0,$T1);			# ... and accumuate
+
+	&movdqa		($T1,$T0);
+	&psrlq		($T0,26);
+	&psrldq		($T1,6);
+	&pand		($T0,$MASK);
+	&paddd		($D1,$T0);
+
+	&movdqa		($T0,$T1);
+	&psrlq		($T1,4);
+	&pand		($T1,$MASK);
+	&paddd		($D2,$T1);
+
+	&movdqa		($T1,$T0);
+	&psrlq		($T0,30);
+	&pand		($T0,$MASK);
+	&psrldq		($T1,7);
+	&paddd		($D3,$T0);
+
+	&movd		($T0,"eax");			# padbit
+	&paddd		($D4,$T1);
+	 &movd		($T1,&DWP(16*0+12,"edi"));	# r0
+	&paddd		($D4,$T0);
+
+	&movdqa		(&QWP(16*0,"esp"),$D0);
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*2,"esp"),$D2);
+	&movdqa		(&QWP(16*3,"esp"),$D3);
+	&movdqa		(&QWP(16*4,"esp"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($D0,$T1);			# h4*r0
+	&pmuludq	($D1,$T1);			# h3*r0
+	&pmuludq	($D2,$T1);			# h2*r0
+	 &movd		($T0,&DWP(16*1+12,"edi"));	# r1
+	&pmuludq	($D3,$T1);			# h1*r0
+	&pmuludq	($D4,$T1);			# h0*r0
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&movd ($reg,&DWP(16*$i+12,"edi"));
+			     });
+
+	&lazy_reduction	();
+
+	&sub		("ecx",16);
+	&jz		(&label("done"));
+
+&set_label("even");
+	&lea		("edx",&DWP(16*(5+5+5+9),"esp"));# size optimization
+	&lea		("eax",&DWP(-16*2,"esi"));
+	&sub		("ecx",64);
+
+	################################################################
+	# expand and copy pre-calculated table to stack
+
+	&movdqu		($T0,&QWP(16*0,"edi"));		# r^1:r^2:r^3:r^4
+	&pshufd		($T1,$T0,0b01000100);		# duplicate r^3:r^4
+	&cmovb		("esi","eax");
+	&pshufd		($T0,$T0,0b11101110);		# duplicate r^1:r^2
+	&movdqa		(&QWP(16*0,"edx"),$T1);
+	&lea		("eax",&DWP(16*10,"esp"));
+	&movdqu		($T1,&QWP(16*1,"edi"));
+	&movdqa		(&QWP(16*(0-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*1,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*2,"edi"));
+	&movdqa		(&QWP(16*(1-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*2,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*3,"edi"));
+	&movdqa		(&QWP(16*(2-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*3,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*4,"edi"));
+	&movdqa		(&QWP(16*(3-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*4,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*5,"edi"));
+	&movdqa		(&QWP(16*(4-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*5,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*6,"edi"));
+	&movdqa		(&QWP(16*(5-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*6,"edx"),$T1);
+	&movdqu		($T1,&QWP(16*7,"edi"));
+	&movdqa		(&QWP(16*(6-9),"edx"),$T0);
+	&pshufd		($T0,$T1,0b01000100);
+	&pshufd		($T1,$T1,0b11101110);
+	&movdqa		(&QWP(16*7,"edx"),$T0);
+	&movdqu		($T0,&QWP(16*8,"edi"));
+	&movdqa		(&QWP(16*(7-9),"edx"),$T1);
+	&pshufd		($T1,$T0,0b01000100);
+	&pshufd		($T0,$T0,0b11101110);
+	&movdqa		(&QWP(16*8,"edx"),$T1);
+	&movdqa		(&QWP(16*(8-9),"edx"),$T0);
+
+sub load_input {
+my ($inpbase,$offbase)=@_;
+
+	&movdqu		($T0,&QWP($inpbase+0,"esi"));	# load input
+	&movdqu		($T1,&QWP($inpbase+16,"esi"));
+	&lea		("esi",&DWP(16*2,"esi"));
+
+	&movdqa		(&QWP($offbase+16*2,"esp"),$D2);
+	&movdqa		(&QWP($offbase+16*3,"esp"),$D3);
+	&movdqa		(&QWP($offbase+16*4,"esp"),$D4);
+
+	&movdqa		($D2,$T0);			# splat input
+	&movdqa		($D3,$T1);
+	&psrldq		($D2,6);
+	&psrldq		($D3,6);
+	&movdqa		($D4,$T0);
+	&punpcklqdq	($D2,$D3);			# 2:3
+	&punpckhqdq	($D4,$T1);			# 4
+	&punpcklqdq	($T0,$T1);			# 0:1
+
+	&movdqa		($D3,$D2);
+	&psrlq		($D2,4);
+	&psrlq		($D3,30);
+	&movdqa		($T1,$T0);
+	&psrlq		($D4,40);			# 4
+	&psrlq		($T1,26);
+	&pand		($T0,$MASK);			# 0
+	&pand		($T1,$MASK);			# 1
+	&pand		($D2,$MASK);			# 2
+	&pand		($D3,$MASK);			# 3
+	&por		($D4,&QWP(0,"ebx"));		# padbit, yes, always
+
+	&movdqa		(&QWP($offbase+16*0,"esp"),$D0)	if ($offbase);
+	&movdqa		(&QWP($offbase+16*1,"esp"),$D1)	if ($offbase);
+}
+	&load_input	(16*2,16*5);
+
+	&jbe		(&label("skip_loop"));
+	&jmp		(&label("loop"));
+
+&set_label("loop",32);
+	################################################################
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	#   \___________________/
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	#   \___________________/ \____________________/
+	################################################################
+
+	&movdqa		($T2,&QWP(16*(0-9),"edx"));	# r0^2
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h0*r4   + h1*r3   + h2*r2   + h3*r1
+	# d3 = h3*r0 + h0*r3   + h1*r2   + h2*r1   + h4*5*r4
+	# d2 = h2*r0 + h0*r2   + h1*r1   + h3*5*r4 + h4*5*r3
+	# d1 = h1*r0 + h0*r1   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	# d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	&movdqa		($D1,$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&movdqa		($D0,$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&pmuludq	($D3,$T2);			# h3*r0
+	&pmuludq	($D4,$T2);			# h4*r0
+
+sub pmuladd_alt {
+my $addr = shift;
+
+	&pmuludq	($D0,&$addr(8));		# h1*s4
+	&movdqa		($T2,$D1);
+	&pmuludq	($D1,&$addr(1));		# h0*r1
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(2));		# h0*r2
+	&paddq		($D1,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(3));		# h0*r3
+	&paddq		($D2,$T2);
+	 &movdqa	($T2,&QWP(16*1,"eax"));		# pull h1
+	&pmuludq	($T1,&$addr(4));		# h0*r4
+	&paddq		($D3,$T0);
+
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(1));		# h1*r1
+	 &paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(2));		# h1*r2
+	&paddq		($D2,$T2);
+	&movdqa		($T2,&QWP(16*2,"eax"));		# pull h2
+	&pmuludq	($T1,&$addr(3));		# h1*r3
+	&paddq		($D3,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(7));		# h2*s3
+	&paddq		($D4,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(8));		# h2*s4
+	&paddq		($D0,$T2);
+
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(1));		# h2*r1
+	 &paddq		($D1,$T0);
+	&movdqa		($T0,&QWP(16*3,"eax"));		# pull h3
+	&pmuludq	($T2,&$addr(2));		# h2*r2
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(6));		# h3*s2
+	&paddq		($D4,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(7));		# h3*s3
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(8));		# h3*s4
+	&paddq		($D1,$T1);
+
+	&movdqa		($T1,&QWP(16*4,"eax"));		# pull h4
+	&pmuludq	($T0,&$addr(1));		# h3*r1
+	 &paddq		($D2,$T2);
+	&movdqa		($T2,$T1);
+	&pmuludq	($T1,&$addr(8));		# h4*s4
+	&paddq		($D4,$T0);
+	&movdqa		($T0,$T2);
+	&pmuludq	($T2,&$addr(5));		# h4*s1
+	&paddq		($D3,$T1);
+	&movdqa		($T1,$T0);
+	&pmuludq	($T0,&$addr(6));		# h4*s2
+	&paddq		($D0,$T2);
+	 &movdqa	($MASK,&QWP(64,"ebx"));
+	&pmuludq	($T1,&$addr(7));		# h4*s3
+	&paddq		($D1,$T0);
+	&paddq		($D2,$T1);
+}
+	&pmuladd_alt	(sub {	my $i=shift; &QWP(16*($i-9),"edx");	});
+
+	&load_input	(-16*2,0);
+	&lea		("eax",&DWP(-16*2,"esi"));
+	&sub		("ecx",64);
+
+	&paddd		($T0,&QWP(16*(5+0),"esp"));	# add hash value
+	&paddd		($T1,&QWP(16*(5+1),"esp"));
+	&paddd		($D2,&QWP(16*(5+2),"esp"));
+	&paddd		($D3,&QWP(16*(5+3),"esp"));
+	&paddd		($D4,&QWP(16*(5+4),"esp"));
+
+	&cmovb		("esi","eax");
+	&lea		("eax",&DWP(16*10,"esp"));
+
+	&movdqa		($T2,&QWP(16*0,"edx"));		# r0^4
+	&movdqa		(&QWP(16*1,"esp"),$D1);
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 += h4*r0 + h0*r4   + h1*r3   + h2*r2   + h3*r1
+	# d3 += h3*r0 + h0*r3   + h1*r2   + h2*r1   + h4*5*r4
+	# d2 += h2*r0 + h0*r2   + h1*r1   + h3*5*r4 + h4*5*r3
+	# d1 += h1*r0 + h0*r1   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	# d0 += h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	&movdqa		($D1,$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&paddq		($T0,$D0);
+	&movdqa		($D0,$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&pmuludq	($D3,$T2);			# h3*r0
+	&pmuludq	($D4,$T2);			# h4*r0
+
+	&paddq		($T1,&QWP(16*1,"esp"));
+	&paddq		($D2,&QWP(16*2,"esp"));
+	&paddq		($D3,&QWP(16*3,"esp"));
+	&paddq		($D4,&QWP(16*4,"esp"));
+
+	&pmuladd_alt	(sub {	my $i=shift; &QWP(16*$i,"edx");	});
+
+	&lazy_reduction	();
+
+	&load_input	(16*2,16*5);
+
+	&ja		(&label("loop"));
+
+&set_label("skip_loop");
+	################################################################
+	# multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	 &pshufd	($T2,&QWP(16*(0-9),"edx"),0x10);# r0^n
+	&add		("ecx",32);
+	&jnz		(&label("long_tail"));
+
+	&paddd		($T0,$D0);			# add hash value
+	&paddd		($T1,$D1);
+	&paddd		($D2,&QWP(16*7,"esp"));
+	&paddd		($D3,&QWP(16*8,"esp"));
+	&paddd		($D4,&QWP(16*9,"esp"));
+
+&set_label("long_tail");
+
+	&movdqa		(&QWP(16*0,"eax"),$T0);
+	&movdqa		(&QWP(16*1,"eax"),$T1);
+	&movdqa		(&QWP(16*2,"eax"),$D2);
+	&movdqa		(&QWP(16*3,"eax"),$D3);
+	&movdqa		(&QWP(16*4,"eax"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&pmuludq	($T0,$T2);			# h0*r0
+	&pmuludq	($T1,$T2);			# h1*r0
+	&pmuludq	($D2,$T2);			# h2*r0
+	&movdqa		($D0,$T0);
+	 &pshufd	($T0,&QWP(16*(1-9),"edx"),0x10);# r1^n
+	&pmuludq	($D3,$T2);			# h3*r0
+	&movdqa		($D1,$T1);
+	&pmuludq	($D4,$T2);			# h4*r0
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&pshufd ($reg,&QWP(16*($i-9),"edx"),0x10);
+			     },"eax");
+
+	&jz		(&label("short_tail"));
+
+	&load_input	(-16*2,0);
+
+	 &pshufd	($T2,&QWP(16*0,"edx"),0x10);	# r0^n
+	&paddd		($T0,&QWP(16*5,"esp"));		# add hash value
+	&paddd		($T1,&QWP(16*6,"esp"));
+	&paddd		($D2,&QWP(16*7,"esp"));
+	&paddd		($D3,&QWP(16*8,"esp"));
+	&paddd		($D4,&QWP(16*9,"esp"));
+
+	################################################################
+	# multiply inp[0:1] by r^4:r^3 and accumulate
+
+	&movdqa		(&QWP(16*0,"esp"),$T0);
+	&pmuludq	($T0,$T2);			# h0*r0
+	&movdqa		(&QWP(16*1,"esp"),$T1);
+	&pmuludq	($T1,$T2);			# h1*r0
+	&paddq		($D0,$T0);
+	&movdqa		($T0,$D2);
+	&pmuludq	($D2,$T2);			# h2*r0
+	&paddq		($D1,$T1);
+	&movdqa		($T1,$D3);
+	&pmuludq	($D3,$T2);			# h3*r0
+	&paddq		($D2,&QWP(16*2,"esp"));
+	&movdqa		(&QWP(16*2,"esp"),$T0);
+	 &pshufd	($T0,&QWP(16*1,"edx"),0x10);	# r1^n
+	&paddq		($D3,&QWP(16*3,"esp"));
+	&movdqa		(&QWP(16*3,"esp"),$T1);
+	&movdqa		($T1,$D4);
+	&pmuludq	($D4,$T2);			# h4*r0
+	&paddq		($D4,&QWP(16*4,"esp"));
+	&movdqa		(&QWP(16*4,"esp"),$T1);
+
+	&pmuladd	(sub {	my ($reg,$i)=@_;
+				&pshufd ($reg,&QWP(16*$i,"edx"),0x10);
+			     });
+
+&set_label("short_tail");
+
+	################################################################
+	# horizontal addition
+
+	&pshufd		($T1,$D4,0b01001110);
+	&pshufd		($T0,$D3,0b01001110);
+	&paddq		($D4,$T1);
+	&paddq		($D3,$T0);
+	&pshufd		($T1,$D0,0b01001110);
+	&pshufd		($T0,$D1,0b01001110);
+	&paddq		($D0,$T1);
+	&paddq		($D1,$T0);
+	&pshufd		($T1,$D2,0b01001110);
+	#&paddq		($D2,$T1);
+
+	&lazy_reduction	(sub { &paddq ($D2,$T1) });
+
+&set_label("done");
+	&movd		(&DWP(-16*3+4*0,"edi"),$D0);	# store hash value
+	&movd		(&DWP(-16*3+4*1,"edi"),$D1);
+	&movd		(&DWP(-16*3+4*2,"edi"),$D2);
+	&movd		(&DWP(-16*3+4*3,"edi"),$D3);
+	&movd		(&DWP(-16*3+4*4,"edi"),$D4);
+	&mov	("esp","ebp");
+&set_label("nodata");
+&function_end("_poly1305_blocks_sse2");
+
+&align	(32);
+&function_begin("_poly1305_emit_sse2");
+	&mov	("ebp",&wparam(0));		# context
+
+	&cmp	(&DWP(4*5,"ebp"),0);		# is_base2_26?
+	&je	(&label("enter_emit"));
+
+	&mov	("eax",&DWP(4*0,"ebp"));	# load hash value
+	&mov	("edi",&DWP(4*1,"ebp"));
+	&mov	("ecx",&DWP(4*2,"ebp"));
+	&mov	("edx",&DWP(4*3,"ebp"));
+	&mov	("esi",&DWP(4*4,"ebp"));
+
+	&mov	("ebx","edi");			# base 2^26 -> base 2^32
+	&shl	("edi",26);
+	&shr	("ebx",6);
+	&add	("eax","edi");
+	&mov	("edi","ecx");
+	&adc	("ebx",0);
+
+	&shl	("edi",20);
+	&shr	("ecx",12);
+	&add	("ebx","edi");
+	&mov	("edi","edx");
+	&adc	("ecx",0);
+
+	&shl	("edi",14);
+	&shr	("edx",18);
+	&add	("ecx","edi");
+	&mov	("edi","esi");
+	&adc	("edx",0);
+
+	&shl	("edi",8);
+	&shr	("esi",24);
+	&add	("edx","edi");
+	&adc	("esi",0);			# can be partially reduced
+
+	&mov	("edi","esi");			# final reduction
+	&and	("esi",3);
+	&shr	("edi",2);
+	&lea	("ebp",&DWP(0,"edi","edi",4));	# *5
+	 &mov	("edi",&wparam(1));		# output
+	&add	("eax","ebp");
+	 &mov	("ebp",&wparam(2));		# key
+	&adc	("ebx",0);
+	&adc	("ecx",0);
+	&adc	("edx",0);
+	&adc	("esi",0);
+
+	&movd	($D0,"eax");			# offload original hash value
+	&add	("eax",5);			# compare to modulus
+	&movd	($D1,"ebx");
+	&adc	("ebx",0);
+	&movd	($D2,"ecx");
+	&adc	("ecx",0);
+	&movd	($D3,"edx");
+	&adc	("edx",0);
+	&adc	("esi",0);
+	&shr	("esi",2);			# did it carry/borrow?
+
+	&neg	("esi");			# do we choose (hash-modulus) ...
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&and	("ecx","esi");
+	&and	("edx","esi");
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&movd	("eax",$D0);
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&movd	("ebx",$D1);
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&movd	("ecx",$D2);
+	&mov	(&DWP(4*3,"edi"),"edx");
+	&movd	("edx",$D3);
+
+	&not	("esi");			# ... or original hash value?
+	&and	("eax","esi");
+	&and	("ebx","esi");
+	&or	("eax",&DWP(4*0,"edi"));
+	&and	("ecx","esi");
+	&or	("ebx",&DWP(4*1,"edi"));
+	&and	("edx","esi");
+	&or	("ecx",&DWP(4*2,"edi"));
+	&or	("edx",&DWP(4*3,"edi"));
+
+	&add	("eax",&DWP(4*0,"ebp"));	# accumulate key
+	&adc	("ebx",&DWP(4*1,"ebp"));
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&adc	("ecx",&DWP(4*2,"ebp"));
+	&mov	(&DWP(4*1,"edi"),"ebx");
+	&adc	("edx",&DWP(4*3,"ebp"));
+	&mov	(&DWP(4*2,"edi"),"ecx");
+	&mov	(&DWP(4*3,"edi"),"edx");
+&function_end("_poly1305_emit_sse2");
+
+if ($avx>1) {
+########################################################################
+# Note that poly1305_init_avx2 operates on %xmm, I could have used
+# poly1305_init_sse2...
+
+&align	(32);
+&function_begin_B("_poly1305_init_avx2");
+	&vmovdqu	($D4,&QWP(4*6,"edi"));		# key base 2^32
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&mov		("ebp","esp");
+	&sub		("esp",16*(9+5));
+	&and		("esp",-16);
+
+	#&vpand		($D4,$D4,&QWP(96,"ebx"));	# magic mask
+	&vmovdqa	($MASK,&QWP(64,"ebx"));
+
+	&vpand		($D0,$D4,$MASK);		# -> base 2^26
+	&vpsrlq		($D1,$D4,26);
+	&vpsrldq	($D3,$D4,6);
+	&vpand		($D1,$D1,$MASK);
+	&vpsrlq		($D2,$D3,4)
+	&vpsrlq		($D3,$D3,30);
+	&vpand		($D2,$D2,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	&vpsrldq	($D4,$D4,13);
+
+	&lea		("edx",&DWP(16*9,"esp"));	# size optimization
+	&mov		("ecx",2);
+&set_label("square");
+	&vmovdqa	(&QWP(16*0,"esp"),$D0);
+	&vmovdqa	(&QWP(16*1,"esp"),$D1);
+	&vmovdqa	(&QWP(16*2,"esp"),$D2);
+	&vmovdqa	(&QWP(16*3,"esp"),$D3);
+	&vmovdqa	(&QWP(16*4,"esp"),$D4);
+
+	&vpslld		($T1,$D1,2);
+	&vpslld		($T0,$D2,2);
+	&vpaddd		($T1,$T1,$D1);			# *5
+	&vpaddd		($T0,$T0,$D2);			# *5
+	&vmovdqa	(&QWP(16*5,"esp"),$T1);
+	&vmovdqa	(&QWP(16*6,"esp"),$T0);
+	&vpslld		($T1,$D3,2);
+	&vpslld		($T0,$D4,2);
+	&vpaddd		($T1,$T1,$D3);			# *5
+	&vpaddd		($T0,$T0,$D4);			# *5
+	&vmovdqa	(&QWP(16*7,"esp"),$T1);
+	&vmovdqa	(&QWP(16*8,"esp"),$T0);
+
+	&vpshufd	($T0,$D0,0b01000100);
+	&vmovdqa	($T1,$D1);
+	&vpshufd	($D1,$D1,0b01000100);
+	&vpshufd	($D2,$D2,0b01000100);
+	&vpshufd	($D3,$D3,0b01000100);
+	&vpshufd	($D4,$D4,0b01000100);
+	&vmovdqa	(&QWP(16*0,"edx"),$T0);
+	&vmovdqa	(&QWP(16*1,"edx"),$D1);
+	&vmovdqa	(&QWP(16*2,"edx"),$D2);
+	&vmovdqa	(&QWP(16*3,"edx"),$D3);
+	&vmovdqa	(&QWP(16*4,"edx"),$D4);
+
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	&vpmuludq	($D4,$D4,$D0);			# h4*r0
+	&vpmuludq	($D3,$D3,$D0);			# h3*r0
+	&vpmuludq	($D2,$D2,$D0);			# h2*r0
+	&vpmuludq	($D1,$D1,$D0);			# h1*r0
+	&vpmuludq	($D0,$T0,$D0);			# h0*r0
+
+	&vpmuludq	($T0,$T1,&QWP(16*3,"edx"));	# r1*h3
+	&vpaddq		($D4,$D4,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*2,"edx"));	# r1*h2
+	&vpaddq		($D3,$D3,$T2);
+	&vpmuludq	($T0,$T1,&QWP(16*1,"edx"));	# r1*h1
+	&vpaddq		($D2,$D2,$T0);
+	&vmovdqa	($T2,&QWP(16*5,"esp"));		# s1
+	&vpmuludq	($T1,$T1,&QWP(16*0,"edx"));	# r1*h0
+	&vpaddq		($D1,$D1,$T1);
+	 &vmovdqa	($T0,&QWP(16*2,"esp"));		# r2
+	&vpmuludq	($T2,$T2,&QWP(16*4,"edx"));	# s1*h4
+	&vpaddq		($D0,$D0,$T2);
+
+	&vpmuludq	($T1,$T0,&QWP(16*2,"edx"));	# r2*h2
+	&vpaddq		($D4,$D4,$T1);
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# r2*h1
+	&vpaddq		($D3,$D3,$T2);
+	&vmovdqa	($T1,&QWP(16*6,"esp"));		# s2
+	&vpmuludq	($T0,$T0,&QWP(16*0,"edx"));	# r2*h0
+	&vpaddq		($D2,$D2,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*4,"edx"));	# s2*h4
+	&vpaddq		($D1,$D1,$T2);
+	 &vmovdqa	($T0,&QWP(16*3,"esp"));		# r3
+	&vpmuludq	($T1,$T1,&QWP(16*3,"edx"));	# s2*h3
+	&vpaddq		($D0,$D0,$T1);
+
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# r3*h1
+	&vpaddq		($D4,$D4,$T2);
+	&vmovdqa	($T1,&QWP(16*7,"esp"));		# s3
+	&vpmuludq	($T0,$T0,&QWP(16*0,"edx"));	# r3*h0
+	&vpaddq		($D3,$D3,$T0);
+	&vpmuludq	($T2,$T1,&QWP(16*4,"edx"));	# s3*h4
+	&vpaddq		($D2,$D2,$T2);
+	&vpmuludq	($T0,$T1,&QWP(16*3,"edx"));	# s3*h3
+	&vpaddq		($D1,$D1,$T0);
+	 &vmovdqa	($T2,&QWP(16*4,"esp"));		# r4
+	&vpmuludq	($T1,$T1,&QWP(16*2,"edx"));	# s3*h2
+	&vpaddq		($D0,$D0,$T1);
+
+	&vmovdqa	($T0,&QWP(16*8,"esp"));		# s4
+	&vpmuludq	($T2,$T2,&QWP(16*0,"edx"));	# r4*h0
+	&vpaddq		($D4,$D4,$T2);
+	&vpmuludq	($T1,$T0,&QWP(16*4,"edx"));	# s4*h4
+	&vpaddq		($D3,$D3,$T1);
+	&vpmuludq	($T2,$T0,&QWP(16*1,"edx"));	# s4*h1
+	&vpaddq		($D0,$D0,$T2);
+	&vpmuludq	($T1,$T0,&QWP(16*2,"edx"));	# s4*h2
+	&vpaddq		($D1,$D1,$T1);
+	 &vmovdqa	($MASK,&QWP(64,"ebx"));
+	&vpmuludq	($T0,$T0,&QWP(16*3,"edx"));	# s4*h3
+	&vpaddq		($D2,$D2,$T0);
+
+	################################################################
+	# lazy reduction
+	 &vpsrlq	($T0,$D3,26);
+	 &vpand		($D3,$D3,$MASK);
+	&vpsrlq		($T1,$D0,26);
+	&vpand		($D0,$D0,$MASK);
+	 &vpaddq	($D4,$D4,$T0);			# h3 -> h4
+	&vpaddq		($D1,$D1,$T1);			# h0 -> h1
+	 &vpsrlq	($T0,$D4,26);
+	 &vpand		($D4,$D4,$MASK);
+	&vpsrlq		($T1,$D1,26);
+	&vpand		($D1,$D1,$MASK);
+	&vpaddq		($D2,$D2,$T1);			# h1 -> h2
+	 &vpaddd	($D0,$D0,$T0);
+	 &vpsllq	($T0,$T0,2);
+	&vpsrlq		($T1,$D2,26);
+	&vpand		($D2,$D2,$MASK);
+	 &vpaddd	($D0,$D0,$T0);			# h4 -> h0
+	&vpaddd		($D3,$D3,$T1);			# h2 -> h3
+	&vpsrlq		($T1,$D3,26);
+	 &vpsrlq	($T0,$D0,26);
+	 &vpand		($D0,$D0,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	 &vpaddd	($D1,$D1,$T0);			# h0 -> h1
+	&vpaddd		($D4,$D4,$T1);			# h3 -> h4
+
+	&dec		("ecx");
+	&jz		(&label("square_break"));
+
+	&vpunpcklqdq	($D0,$D0,&QWP(16*0,"esp"));	# 0:r^1:0:r^2
+	&vpunpcklqdq	($D1,$D1,&QWP(16*1,"esp"));
+	&vpunpcklqdq	($D2,$D2,&QWP(16*2,"esp"));
+	&vpunpcklqdq	($D3,$D3,&QWP(16*3,"esp"));
+	&vpunpcklqdq	($D4,$D4,&QWP(16*4,"esp"));
+	&jmp		(&label("square"));
+
+&set_label("square_break");
+	&vpsllq		($D0,$D0,32);			# -> r^3:0:r^4:0
+	&vpsllq		($D1,$D1,32);
+	&vpsllq		($D2,$D2,32);
+	&vpsllq		($D3,$D3,32);
+	&vpsllq		($D4,$D4,32);
+	&vpor		($D0,$D0,&QWP(16*0,"esp"));	# r^3:r^1:r^4:r^2
+	&vpor		($D1,$D1,&QWP(16*1,"esp"));
+	&vpor		($D2,$D2,&QWP(16*2,"esp"));
+	&vpor		($D3,$D3,&QWP(16*3,"esp"));
+	&vpor		($D4,$D4,&QWP(16*4,"esp"));
+
+	&vpshufd	($D0,$D0,0b10001101);		# -> r^1:r^2:r^3:r^4
+	&vpshufd	($D1,$D1,0b10001101);
+	&vpshufd	($D2,$D2,0b10001101);
+	&vpshufd	($D3,$D3,0b10001101);
+	&vpshufd	($D4,$D4,0b10001101);
+
+	&vmovdqu	(&QWP(16*0,"edi"),$D0);		# save the table
+	&vmovdqu	(&QWP(16*1,"edi"),$D1);
+	&vmovdqu	(&QWP(16*2,"edi"),$D2);
+	&vmovdqu	(&QWP(16*3,"edi"),$D3);
+	&vmovdqu	(&QWP(16*4,"edi"),$D4);
+
+	&vpslld		($T1,$D1,2);
+	&vpslld		($T0,$D2,2);
+	&vpaddd		($T1,$T1,$D1);			# *5
+	&vpaddd		($T0,$T0,$D2);			# *5
+	&vmovdqu	(&QWP(16*5,"edi"),$T1);
+	&vmovdqu	(&QWP(16*6,"edi"),$T0);
+	&vpslld		($T1,$D3,2);
+	&vpslld		($T0,$D4,2);
+	&vpaddd		($T1,$T1,$D3);			# *5
+	&vpaddd		($T0,$T0,$D4);			# *5
+	&vmovdqu	(&QWP(16*7,"edi"),$T1);
+	&vmovdqu	(&QWP(16*8,"edi"),$T0);
+
+	&mov		("esp","ebp");
+	&lea		("edi",&DWP(-16*3,"edi"));	# size de-optimization
+	&ret		();
+&function_end_B("_poly1305_init_avx2");
+
+########################################################################
+# now it's time to switch to %ymm
+
+my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("ymm$_",(0..7));
+my $MASK=$T2;
+
+sub X { my $reg=shift; $reg=~s/^ymm/xmm/; $reg; }
+
+&align	(32);
+&function_begin("_poly1305_blocks_avx2");
+	&mov	("edi",&wparam(0));			# ctx
+	&mov	("esi",&wparam(1));			# inp
+	&mov	("ecx",&wparam(2));			# len
+
+	&mov	("eax",&DWP(4*5,"edi"));		# is_base2_26
+	&and	("ecx",-16);
+	&jz	(&label("nodata"));
+	&cmp	("ecx",64);
+	&jae	(&label("enter_avx2"));
+	&test	("eax","eax");				# is_base2_26?
+	&jz	(&label("enter_blocks"));
+
+&set_label("enter_avx2");
+	&vzeroupper	();
+
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("ebx");
+	&lea	("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx"));
+
+	&test	("eax","eax");				# is_base2_26?
+	&jnz	(&label("base2_26"));
+
+	&call	("_poly1305_init_avx2");
+
+	################################################# base 2^32 -> base 2^26
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ecx",&DWP(3,"edi"));
+	&mov	("edx",&DWP(6,"edi"));
+	&mov	("esi",&DWP(9,"edi"));
+	&mov	("ebp",&DWP(13,"edi"));
+
+	&shr	("ecx",2);
+	&and	("eax",0x3ffffff);
+	&shr	("edx",4);
+	&and	("ecx",0x3ffffff);
+	&shr	("esi",6);
+	&and	("edx",0x3ffffff);
+
+	&mov	(&DWP(4*0,"edi"),"eax");
+	&mov	(&DWP(4*1,"edi"),"ecx");
+	&mov	(&DWP(4*2,"edi"),"edx");
+	&mov	(&DWP(4*3,"edi"),"esi");
+	&mov	(&DWP(4*4,"edi"),"ebp");
+	&mov	(&DWP(4*5,"edi"),1);			# is_base2_26
+
+	&mov	("esi",&wparam(1));			# [reload] inp
+	&mov	("ecx",&wparam(2));			# [reload] len
+
+&set_label("base2_26");
+	&mov	("eax",&wparam(3));			# padbit
+	&mov	("ebp","esp");
+
+	&sub	("esp",32*(5+9));
+	&and	("esp",-512);				# ensure that frame
+							# doesn't cross page
+							# boundary, which is
+							# essential for
+							# misaligned 32-byte
+							# loads
+
+	################################################################
+        # expand and copy pre-calculated table to stack
+
+	&vmovdqu	(&X($D0),&QWP(16*(3+0),"edi"));
+	&lea		("edx",&DWP(32*5+128,"esp"));	# +128 size optimization
+	&vmovdqu	(&X($D1),&QWP(16*(3+1),"edi"));
+	&vmovdqu	(&X($D2),&QWP(16*(3+2),"edi"));
+	&vmovdqu	(&X($D3),&QWP(16*(3+3),"edi"));
+	&vmovdqu	(&X($D4),&QWP(16*(3+4),"edi"));
+	&lea		("edi",&DWP(16*3,"edi"));	# size optimization
+	&vpermq		($D0,$D0,0b01000000);		# 00001234 -> 12343434
+	&vpermq		($D1,$D1,0b01000000);
+	&vpermq		($D2,$D2,0b01000000);
+	&vpermq		($D3,$D3,0b01000000);
+	&vpermq		($D4,$D4,0b01000000);
+	&vpshufd	($D0,$D0,0b11001000);		# 12343434 -> 14243444
+	&vpshufd	($D1,$D1,0b11001000);
+	&vpshufd	($D2,$D2,0b11001000);
+	&vpshufd	($D3,$D3,0b11001000);
+	&vpshufd	($D4,$D4,0b11001000);
+	&vmovdqa	(&QWP(32*0-128,"edx"),$D0);
+	&vmovdqu	(&X($D0),&QWP(16*5,"edi"));
+	&vmovdqa	(&QWP(32*1-128,"edx"),$D1);
+	&vmovdqu	(&X($D1),&QWP(16*6,"edi"));
+	&vmovdqa	(&QWP(32*2-128,"edx"),$D2);
+	&vmovdqu	(&X($D2),&QWP(16*7,"edi"));
+	&vmovdqa	(&QWP(32*3-128,"edx"),$D3);
+	&vmovdqu	(&X($D3),&QWP(16*8,"edi"));
+	&vmovdqa	(&QWP(32*4-128,"edx"),$D4);
+	&vpermq		($D0,$D0,0b01000000);
+	&vpermq		($D1,$D1,0b01000000);
+	&vpermq		($D2,$D2,0b01000000);
+	&vpermq		($D3,$D3,0b01000000);
+	&vpshufd	($D0,$D0,0b11001000);
+	&vpshufd	($D1,$D1,0b11001000);
+	&vpshufd	($D2,$D2,0b11001000);
+	&vpshufd	($D3,$D3,0b11001000);
+	&vmovdqa	(&QWP(32*5-128,"edx"),$D0);
+	&vmovd		(&X($D0),&DWP(-16*3+4*0,"edi"));# load hash value
+	&vmovdqa	(&QWP(32*6-128,"edx"),$D1);
+	&vmovd		(&X($D1),&DWP(-16*3+4*1,"edi"));
+	&vmovdqa	(&QWP(32*7-128,"edx"),$D2);
+	&vmovd		(&X($D2),&DWP(-16*3+4*2,"edi"));
+	&vmovdqa	(&QWP(32*8-128,"edx"),$D3);
+	&vmovd		(&X($D3),&DWP(-16*3+4*3,"edi"));
+	&vmovd		(&X($D4),&DWP(-16*3+4*4,"edi"));
+	&vmovdqa	($MASK,&QWP(64,"ebx"));
+	&neg		("eax");			# padbit
+
+	&test		("ecx",63);
+	&jz		(&label("even"));
+
+	&mov		("edx","ecx");
+	&and		("ecx",-64);
+	&and		("edx",63);
+
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));
+	&cmp		("edx",32);
+	&jb		(&label("one"));
+
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&je		(&label("two"));
+
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&lea		("esi",&DWP(16*3,"esi"));
+	&lea		("ebx",&DWP(8,"ebx"));		# three padbits
+	&lea		("edx",&DWP(32*5+128+8,"esp"));	# --:r^1:r^2:r^3 (*)
+	&jmp		(&label("tail"));
+
+&set_label("two");
+	&lea		("esi",&DWP(16*2,"esi"));
+	&lea		("ebx",&DWP(16,"ebx"));		# two padbits
+	&lea		("edx",&DWP(32*5+128+16,"esp"));# --:--:r^1:r^2 (*)
+	&jmp		(&label("tail"));
+
+&set_label("one");
+	&lea		("esi",&DWP(16*1,"esi"));
+	&vpxor		($T1,$T1,$T1);
+	&lea		("ebx",&DWP(32,"ebx","eax",8));	# one or no padbits
+	&lea		("edx",&DWP(32*5+128+24,"esp"));# --:--:--:r^1 (*)
+	&jmp		(&label("tail"));
+
+# (*)	spots marked with '--' are data from next table entry, but they
+#	are multiplied by 0 and therefore rendered insignificant
+
+&set_label("even",32);
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));	# load input
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&vinserti128	($T1,$T1,&QWP(16*3,"esi"),1);
+	&lea		("esi",&DWP(16*4,"esi"));
+	&sub		("ecx",64);
+	&jz		(&label("tail"));
+
+&set_label("loop");
+	################################################################
+	# ((inp[0]*r^4+r[4])*r^4+r[8])*r^4
+	# ((inp[1]*r^4+r[5])*r^4+r[9])*r^3
+	# ((inp[2]*r^4+r[6])*r^4+r[10])*r^2
+	# ((inp[3]*r^4+r[7])*r^4+r[11])*r^1
+	#   \________/ \_______/
+	################################################################
+
+sub vsplat_input {
+	&vmovdqa	(&QWP(32*2,"esp"),$D2);
+	&vpsrldq	($D2,$T0,6);			# splat input
+	&vmovdqa	(&QWP(32*0,"esp"),$D0);
+	&vpsrldq	($D0,$T1,6);
+	&vmovdqa	(&QWP(32*1,"esp"),$D1);
+	&vpunpckhqdq	($D1,$T0,$T1);			# 4
+	&vpunpcklqdq	($T0,$T0,$T1);			# 0:1
+	&vpunpcklqdq	($D2,$D2,$D0);			# 2:3
+
+	&vpsrlq		($D0,$D2,30);
+	&vpsrlq		($D2,$D2,4);
+	&vpsrlq		($T1,$T0,26);
+	&vpsrlq		($D1,$D1,40);			# 4
+	&vpand		($D2,$D2,$MASK);		# 2
+	&vpand		($T0,$T0,$MASK);		# 0
+	&vpand		($T1,$T1,$MASK);		# 1
+	&vpand		($D0,$D0,$MASK);		# 3 (*)
+	&vpor		($D1,$D1,&QWP(0,"ebx"));	# padbit, yes, always
+
+	# (*)	note that output is counterintuitive, inp[3:4] is
+	#	returned in $D1-2, while $D3-4 are preserved;
+}
+	&vsplat_input	();
+
+sub vpmuladd {
+my $addr = shift;
+
+	&vpaddq		($D2,$D2,&QWP(32*2,"esp"));	# add hash value
+	&vpaddq		($T0,$T0,&QWP(32*0,"esp"));
+	&vpaddq		($T1,$T1,&QWP(32*1,"esp"));
+	&vpaddq		($D0,$D0,$D3);
+	&vpaddq		($D1,$D1,$D4);
+
+	################################################################
+	# d3 = h2*r1   + h0*r3 + h1*r2   + h3*r0   + h4*5*r4
+	# d4 = h2*r2   + h0*r4 + h1*r3   + h3*r1   + h4*r0
+	# d0 = h2*5*r3 + h0*r0 + h1*5*r4 + h3*5*r2 + h4*5*r1
+	# d1 = h2*5*r4 + h0*r1 + h1*r0   + h3*5*r3 + h4*5*r2
+	# d2 = h2*r0   + h0*r2 + h1*r1   + h3*5*r4 + h4*5*r3
+
+	&vpmuludq	($D3,$D2,&$addr(1));		# d3 = h2*r1
+	 &vmovdqa	(QWP(32*1,"esp"),$T1);
+	&vpmuludq	($D4,$D2,&$addr(2));		# d4 = h2*r2
+	 &vmovdqa	(QWP(32*3,"esp"),$D0);
+	&vpmuludq	($D0,$D2,&$addr(7));		# d0 = h2*s3
+	 &vmovdqa	(QWP(32*4,"esp"),$D1);
+	&vpmuludq	($D1,$D2,&$addr(8));		# d1 = h2*s4
+	&vpmuludq	($D2,$D2,&$addr(0));		# d2 = h2*r0
+
+	&vpmuludq	($T2,$T0,&$addr(3));		# h0*r3
+	&vpaddq		($D3,$D3,$T2);			# d3 += h0*r3
+	&vpmuludq	($T1,$T0,&$addr(4));		# h0*r4
+	&vpaddq		($D4,$D4,$T1);			# d4 + h0*r4
+	&vpmuludq	($T2,$T0,&$addr(0));		# h0*r0
+	&vpaddq		($D0,$D0,$T2);			# d0 + h0*r0
+	 &vmovdqa	($T2,&QWP(32*1,"esp"));		# h1
+	&vpmuludq	($T1,$T0,&$addr(1));		# h0*r1
+	&vpaddq		($D1,$D1,$T1);			# d1 += h0*r1
+	&vpmuludq	($T0,$T0,&$addr(2));		# h0*r2
+	&vpaddq		($D2,$D2,$T0);			# d2 += h0*r2
+
+	&vpmuludq	($T1,$T2,&$addr(2));		# h1*r2
+	&vpaddq		($D3,$D3,$T1);			# d3 += h1*r2
+	&vpmuludq	($T0,$T2,&$addr(3));		# h1*r3
+	&vpaddq		($D4,$D4,$T0);			# d4 += h1*r3
+	&vpmuludq	($T1,$T2,&$addr(8));		# h1*s4
+	&vpaddq		($D0,$D0,$T1);			# d0 += h1*s4
+	 &vmovdqa	($T1,&QWP(32*3,"esp"));		# h3
+	&vpmuludq	($T0,$T2,&$addr(0));		# h1*r0
+	&vpaddq		($D1,$D1,$T0);			# d1 += h1*r0
+	&vpmuludq	($T2,$T2,&$addr(1));		# h1*r1
+	&vpaddq		($D2,$D2,$T2);			# d2 += h1*r1
+
+	&vpmuludq	($T0,$T1,&$addr(0));		# h3*r0
+	&vpaddq		($D3,$D3,$T0);			# d3 += h3*r0
+	&vpmuludq	($T2,$T1,&$addr(1));		# h3*r1
+	&vpaddq		($D4,$D4,$T2);			# d4 += h3*r1
+	&vpmuludq	($T0,$T1,&$addr(6));		# h3*s2
+	&vpaddq		($D0,$D0,$T0);			# d0 += h3*s2
+	 &vmovdqa	($T0,&QWP(32*4,"esp"));		# h4
+	&vpmuludq	($T2,$T1,&$addr(7));		# h3*s3
+	&vpaddq		($D1,$D1,$T2);			# d1+= h3*s3
+	&vpmuludq	($T1,$T1,&$addr(8));		# h3*s4
+	&vpaddq		($D2,$D2,$T1);			# d2 += h3*s4
+
+	&vpmuludq	($T2,$T0,&$addr(8));		# h4*s4
+	&vpaddq		($D3,$D3,$T2);			# d3 += h4*s4
+	&vpmuludq	($T1,$T0,&$addr(5));		# h4*s1
+	&vpaddq		($D0,$D0,$T1);			# d0 += h4*s1
+	&vpmuludq	($T2,$T0,&$addr(0));		# h4*r0
+	&vpaddq		($D4,$D4,$T2);			# d4 += h4*r0
+	 &vmovdqa	($MASK,&QWP(64,"ebx"));
+	&vpmuludq	($T1,$T0,&$addr(6));		# h4*s2
+	&vpaddq		($D1,$D1,$T1);			# d1 += h4*s2
+	&vpmuludq	($T0,$T0,&$addr(7));		# h4*s3
+	&vpaddq		($D2,$D2,$T0);			# d2 += h4*s3
+}
+	&vpmuladd	(sub {	my $i=shift; &QWP(32*$i-128,"edx");	});
+
+sub vlazy_reduction {
+	################################################################
+	# lazy reduction
+
+	 &vpsrlq	($T0,$D3,26);
+	 &vpand		($D3,$D3,$MASK);
+	&vpsrlq		($T1,$D0,26);
+	&vpand		($D0,$D0,$MASK);
+	 &vpaddq	($D4,$D4,$T0);			# h3 -> h4
+	&vpaddq		($D1,$D1,$T1);			# h0 -> h1
+	 &vpsrlq	($T0,$D4,26);
+	 &vpand		($D4,$D4,$MASK);
+	&vpsrlq		($T1,$D1,26);
+	&vpand		($D1,$D1,$MASK);
+	&vpaddq		($D2,$D2,$T1);			# h1 -> h2
+	 &vpaddq	($D0,$D0,$T0);
+	 &vpsllq	($T0,$T0,2);
+	&vpsrlq		($T1,$D2,26);
+	&vpand		($D2,$D2,$MASK);
+	 &vpaddq	($D0,$D0,$T0);			# h4 -> h0
+	&vpaddq		($D3,$D3,$T1);			# h2 -> h3
+	&vpsrlq		($T1,$D3,26);
+	 &vpsrlq	($T0,$D0,26);
+	 &vpand		($D0,$D0,$MASK);
+	&vpand		($D3,$D3,$MASK);
+	 &vpaddq	($D1,$D1,$T0);			# h0 -> h1
+	&vpaddq		($D4,$D4,$T1);			# h3 -> h4
+}
+	&vlazy_reduction();
+
+	&vmovdqu	(&X($T0),&QWP(16*0,"esi"));	# load input
+	&vmovdqu	(&X($T1),&QWP(16*1,"esi"));
+	&vinserti128	($T0,$T0,&QWP(16*2,"esi"),1);
+	&vinserti128	($T1,$T1,&QWP(16*3,"esi"),1);
+	&lea		("esi",&DWP(16*4,"esi"));
+	&sub		("ecx",64);
+	&jnz		(&label("loop"));
+
+&set_label("tail");
+	&vsplat_input	();
+	&and		("ebx",-64);			# restore pointer
+
+	&vpmuladd	(sub {	my $i=shift; &QWP(4+32*$i-128,"edx");	});
+
+	################################################################
+	# horizontal addition
+
+	&vpsrldq	($T0,$D4,8);
+	&vpsrldq	($T1,$D3,8);
+	&vpaddq		($D4,$D4,$T0);
+	&vpsrldq	($T0,$D0,8);
+	&vpaddq		($D3,$D3,$T1);
+	&vpsrldq	($T1,$D1,8);
+	&vpaddq		($D0,$D0,$T0);
+	&vpsrldq	($T0,$D2,8);
+	&vpaddq		($D1,$D1,$T1);
+	&vpermq		($T1,$D4,2);			# keep folding
+	&vpaddq		($D2,$D2,$T0);
+	&vpermq		($T0,$D3,2);
+	&vpaddq		($D4,$D4,$T1);
+	&vpermq		($T1,$D0,2);
+	&vpaddq		($D3,$D3,$T0);
+	&vpermq		($T0,$D1,2);
+	&vpaddq		($D0,$D0,$T1);
+	&vpermq		($T1,$D2,2);
+	&vpaddq		($D1,$D1,$T0);
+	&vpaddq		($D2,$D2,$T1);
+
+	&vlazy_reduction();
+
+	&cmp		("ecx",0);
+	&je		(&label("done"));
+
+	################################################################
+	# clear all but single word
+
+	&vpshufd	(&X($D0),&X($D0),0b11111100);
+	&lea		("edx",&DWP(32*5+128,"esp"));	# restore pointer
+	&vpshufd	(&X($D1),&X($D1),0b11111100);
+	&vpshufd	(&X($D2),&X($D2),0b11111100);
+	&vpshufd	(&X($D3),&X($D3),0b11111100);
+	&vpshufd	(&X($D4),&X($D4),0b11111100);
+	&jmp		(&label("even"));
+
+&set_label("done",16);
+	&vmovd		(&DWP(-16*3+4*0,"edi"),&X($D0));# store hash value
+	&vmovd		(&DWP(-16*3+4*1,"edi"),&X($D1));
+	&vmovd		(&DWP(-16*3+4*2,"edi"),&X($D2));
+	&vmovd		(&DWP(-16*3+4*3,"edi"),&X($D3));
+	&vmovd		(&DWP(-16*3+4*4,"edi"),&X($D4));
+	&vzeroupper	();
+	&mov	("esp","ebp");
+&set_label("nodata");
+&function_end("_poly1305_blocks_avx2");
+}
+&set_label("const_sse2",64);
+	&data_word(1<<24,0,	1<<24,0,	1<<24,0,	1<<24,0);
+	&data_word(0,0,		0,0,		0,0,		0,0);
+	&data_word(0x03ffffff,0,0x03ffffff,0,	0x03ffffff,0,	0x03ffffff,0);
+	&data_word(0x0fffffff,0x0ffffffc,0x0ffffffc,0x0ffffffc);
+}
+&asciz	("Poly1305 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(4);
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86_64.pl b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86_64.pl
new file mode 100755
index 0000000..4c22ded
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -0,0 +1,2268 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements Poly1305 hash for x86_64.
+#
+# March 2015
+#
+# Numbers are cycles per processed byte with poly1305_blocks alone,
+# measured with rdtsc at fixed clock frequency.
+#
+#		IALU/gcc-4.8(*)	AVX(**)		AVX2
+# P4		4.46/+120%	-
+# Core 2	2.41/+90%	-
+# Westmere	1.88/+120%	-
+# Sandy Bridge	1.39/+140%	1.10
+# Haswell	1.14/+175%	1.11		0.65
+# Skylake	1.13/+120%	0.96		0.51
+# Silvermont	2.83/+95%	-
+# Goldmont	1.70/+180%	-
+# VIA Nano	1.82/+150%	-
+# Sledgehammer	1.38/+160%	-
+# Bulldozer	2.30/+130%	0.97
+#
+# (*)	improvement coefficients relative to clang are more modest and
+#	are ~50% on most processors, in both cases we are comparing to
+#	__int128 code;
+# (**)	SSE2 implementation was attempted, but among non-AVX processors
+#	it was faster than integer-only code only on older Intel P4 and
+#	Core processors, 50-30%, less newer processor is, but slower on
+#	contemporary ones, for example almost 2x slower on Atom, and as
+#	former are naturally disappearing, SSE2 is deemed unnecessary;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=12);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
+my ($mac,$nonce)=($inp,$len);	# *_emit arguments
+my ($d1,$d2,$d3, $r0,$r1,$s1)=map("%r$_",(8..13));
+my ($h0,$h1,$h2)=("%r14","%rbx","%rbp");
+
+sub poly1305_iteration {
+# input:	copy of $r1 in %rax, $h0-$h2, $r0-$r1
+# output:	$h0-$h2 *= $r0-$r1
+$code.=<<___;
+	mulq	$h0			# h0*r1
+	mov	%rax,$d2
+	 mov	$r0,%rax
+	mov	%rdx,$d3
+
+	mulq	$h0			# h0*r0
+	mov	%rax,$h0		# future $h0
+	 mov	$r0,%rax
+	mov	%rdx,$d1
+
+	mulq	$h1			# h1*r0
+	add	%rax,$d2
+	 mov	$s1,%rax
+	adc	%rdx,$d3
+
+	mulq	$h1			# h1*s1
+	 mov	$h2,$h1			# borrow $h1
+	add	%rax,$h0
+	adc	%rdx,$d1
+
+	imulq	$s1,$h1			# h2*s1
+	add	$h1,$d2
+	 mov	$d1,$h1
+	adc	\$0,$d3
+
+	imulq	$r0,$h2			# h2*r0
+	add	$d2,$h1
+	mov	\$-4,%rax		# mask value
+	adc	$h2,$d3
+
+	and	$d3,%rax		# last reduction step
+	mov	$d3,$h2
+	shr	\$2,$d3
+	and	\$3,$h2
+	add	$d3,%rax
+	add	%rax,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+___
+}
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int64 h[3];		# current hash value base 2^64
+#	unsigned __int64 r[2];		# key value base 2^64
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	poly1305_init
+.hidden	poly1305_init
+.globl	poly1305_blocks
+.hidden	poly1305_blocks
+.globl	poly1305_emit
+.hidden	poly1305_emit
+
+.type	poly1305_init,\@function,3
+.align	32
+poly1305_init:
+	xor	%rax,%rax
+	mov	%rax,0($ctx)		# initialize hash value
+	mov	%rax,8($ctx)
+	mov	%rax,16($ctx)
+
+	cmp	\$0,$inp
+	je	.Lno_key
+
+	lea	poly1305_blocks(%rip),%r10
+	lea	poly1305_emit(%rip),%r11
+___
+$code.=<<___	if ($avx);
+	mov	OPENSSL_ia32cap_P+4(%rip),%r9
+	lea	poly1305_blocks_avx(%rip),%rax
+	lea	poly1305_emit_avx(%rip),%rcx
+	bt	\$`60-32`,%r9		# AVX?
+	cmovc	%rax,%r10
+	cmovc	%rcx,%r11
+___
+$code.=<<___	if ($avx>1);
+	lea	poly1305_blocks_avx2(%rip),%rax
+	bt	\$`5+32`,%r9		# AVX2?
+	cmovc	%rax,%r10
+___
+$code.=<<___;
+	mov	\$0x0ffffffc0fffffff,%rax
+	mov	\$0x0ffffffc0ffffffc,%rcx
+	and	0($inp),%rax
+	and	8($inp),%rcx
+	mov	%rax,24($ctx)
+	mov	%rcx,32($ctx)
+___
+$code.=<<___	if ($flavour !~ /elf32/);
+	mov	%r10,0(%rdx)
+	mov	%r11,8(%rdx)
+___
+$code.=<<___	if ($flavour =~ /elf32/);
+	mov	%r10d,0(%rdx)
+	mov	%r11d,4(%rdx)
+___
+$code.=<<___;
+	mov	\$1,%eax
+.Lno_key:
+	ret
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,\@function,4
+.align	32
+poly1305_blocks:
+.Lblocks:
+	shr	\$4,$len
+	jz	.Lno_data		# too short
+
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lblocks_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2
+
+	mov	$s1,$r1
+	shr	\$2,$s1
+	mov	$r1,%rax
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+	jmp	.Loop
+
+.align	32
+.Loop:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+___
+	&poly1305_iteration();
+$code.=<<___;
+	mov	$r1,%rax
+	dec	%r15			# len-=16
+	jnz	.Loop
+
+	mov	$h0,0($ctx)		# store hash value
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)
+
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%r12
+	mov	32(%rsp),%rbp
+	mov	40(%rsp),%rbx
+	lea	48(%rsp),%rsp
+.Lno_data:
+.Lblocks_epilogue:
+	ret
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,\@function,3
+.align	32
+poly1305_emit:
+.Lemit:
+	mov	0($ctx),%r8	# load hash value
+	mov	8($ctx),%r9
+	mov	16($ctx),%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overfow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit,.-poly1305_emit
+___
+if ($avx) {
+
+########################################################################
+# Layout of opaque area is following.
+#
+#	unsigned __int32 h[5];		# current hash value base 2^26
+#	unsigned __int32 is_base2_26;
+#	unsigned __int64 r[2];		# key value base 2^64
+#	unsigned __int64 pad;
+#	struct { unsigned __int32 r^2, r^1, r^4, r^3; } r[9];
+#
+# where r^n are base 2^26 digits of degrees of multiplier key. There are
+# 5 digits, but last four are interleaved with multiples of 5, totalling
+# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4.
+
+my ($H0,$H1,$H2,$H3,$H4, $T0,$T1,$T2,$T3,$T4, $D0,$D1,$D2,$D3,$D4, $MASK) =
+    map("%xmm$_",(0..15));
+
+$code.=<<___;
+.type	__poly1305_block,\@abi-omnipotent
+.align	32
+__poly1305_block:
+___
+	&poly1305_iteration();
+$code.=<<___;
+	ret
+.size	__poly1305_block,.-__poly1305_block
+
+.type	__poly1305_init_avx,\@abi-omnipotent
+.align	32
+__poly1305_init_avx:
+	mov	$r0,$h0
+	mov	$r1,$h1
+	xor	$h2,$h2
+
+	lea	48+64($ctx),$ctx	# size optimization
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^2
+
+	mov	\$0x3ffffff,%eax	# save interleaved r^2 and r base 2^26
+	mov	\$0x3ffffff,%edx
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	mov	$r0,$d2
+	and	$r0#d,%edx
+	mov	%eax,`16*0+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*0+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	\$0x3ffffff,%eax
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%eax
+	and	$d2#d,%edx
+	mov	%eax,`16*1+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*1+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*2+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*2+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	$h1,%rax
+	mov	$r1,%rdx
+	shl	\$12,%rax
+	shl	\$12,%rdx
+	or	$d1,%rax
+	or	$d2,%rdx
+	and	\$0x3ffffff,%eax
+	and	\$0x3ffffff,%edx
+	mov	%eax,`16*3+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*3+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*4+0-64`($ctx)
+	mov	$h1,$d1
+	mov	%edx,`16*4+4-64`($ctx)
+	mov	$r1,$d2
+
+	mov	\$0x3ffffff,%eax
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	shr	\$14,$d2
+	and	$d1#d,%eax
+	and	$d2#d,%edx
+	mov	%eax,`16*5+0-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	%edx,`16*5+4-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	mov	%eax,`16*6+0-64`($ctx)
+	shr	\$26,$d1
+	mov	%edx,`16*6+4-64`($ctx)
+	shr	\$26,$d2
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+0-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d2#d,`16*7+4-64`($ctx)
+	lea	($d2,$d2,4),$d2		# *5
+	mov	$d1#d,`16*8+0-64`($ctx)
+	mov	$d2#d,`16*8+4-64`($ctx)
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^3
+
+	mov	\$0x3ffffff,%eax	# save r^3 base 2^26
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	shr	\$26,$d1
+	mov	%eax,`16*0+12-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%edx
+	mov	%edx,`16*1+12-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*2+12-64`($ctx)
+
+	mov	$h1,%rax
+	shl	\$12,%rax
+	or	$d1,%rax
+	and	\$0x3ffffff,%eax
+	mov	%eax,`16*3+12-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	$h1,$d1
+	mov	%eax,`16*4+12-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	and	$d1#d,%edx
+	mov	%edx,`16*5+12-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*6+12-64`($ctx)
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+12-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d1#d,`16*8+12-64`($ctx)
+
+	mov	$r1,%rax
+	call	__poly1305_block	# r^4
+
+	mov	\$0x3ffffff,%eax	# save r^4 base 2^26
+	mov	$h0,$d1
+	and	$h0#d,%eax
+	shr	\$26,$d1
+	mov	%eax,`16*0+8-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	and	$d1#d,%edx
+	mov	%edx,`16*1+8-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*2+8-64`($ctx)
+
+	mov	$h1,%rax
+	shl	\$12,%rax
+	or	$d1,%rax
+	and	\$0x3ffffff,%eax
+	mov	%eax,`16*3+8-64`($ctx)
+	lea	(%rax,%rax,4),%eax	# *5
+	mov	$h1,$d1
+	mov	%eax,`16*4+8-64`($ctx)
+
+	mov	\$0x3ffffff,%edx
+	shr	\$14,$d1
+	and	$d1#d,%edx
+	mov	%edx,`16*5+8-64`($ctx)
+	lea	(%rdx,%rdx,4),%edx	# *5
+	shr	\$26,$d1
+	mov	%edx,`16*6+8-64`($ctx)
+
+	mov	$h2,%rax
+	shl	\$24,%rax
+	or	%rax,$d1
+	mov	$d1#d,`16*7+8-64`($ctx)
+	lea	($d1,$d1,4),$d1		# *5
+	mov	$d1#d,`16*8+8-64`($ctx)
+
+	lea	-48-64($ctx),$ctx	# size [de-]optimization
+	ret
+.size	__poly1305_init_avx,.-__poly1305_init_avx
+
+.type	poly1305_blocks_avx,\@function,4
+.align	32
+poly1305_blocks_avx:
+	mov	20($ctx),%r8d		# is_base2_26
+	cmp	\$128,$len
+	jae	.Lblocks_avx
+	test	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx:
+	and	\$-16,$len
+	jz	.Lno_data_avx
+
+	vzeroupper
+
+	test	%r8d,%r8d
+	jz	.Lbase2_64_avx
+
+	test	\$31,$len
+	jz	.Leven_avx
+
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lblocks_avx_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	0($ctx),$d1		# load hash value
+	mov	8($ctx),$d2
+	mov	16($ctx),$h2#d
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	################################# base 2^26 -> base 2^64
+	mov	$d1#d,$h0#d
+	and	\$`-1*(1<<31)`,$d1
+	mov	$d2,$r1			# borrow $r1
+	mov	$d2#d,$h1#d
+	and	\$`-1*(1<<31)`,$d2
+
+	shr	\$6,$d1
+	shl	\$52,$r1
+	add	$d1,$h0
+	shr	\$12,$h1
+	shr	\$18,$d2
+	add	$r1,$h0
+	adc	$d2,$h1
+
+	mov	$h2,$d1
+	shl	\$40,$d1
+	shr	\$24,$h2
+	add	$d1,$h1
+	adc	\$0,$h2			# can be partially reduced...
+
+	mov	\$-4,$d2		# ... so reduce
+	mov	$h2,$d1
+	and	$h2,$d2
+	shr	\$2,$d1
+	and	\$3,$h2
+	add	$d2,$d1			# =*5
+	add	$d1,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+
+	call	__poly1305_block
+
+	test	$padbit,$padbit		# if $padbit is zero,
+	jz	.Lstore_base2_64_avx	# store hash in base 2^64 format
+
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$r0
+	mov	$h1,$r1
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$r0
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$r0,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$r1
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$r1,$h2			# h[4]
+
+	sub	\$16,%r15
+	jz	.Lstore_base2_26_avx
+
+	vmovd	%rax#d,$H0
+	vmovd	%rdx#d,$H1
+	vmovd	$h0#d,$H2
+	vmovd	$h1#d,$H3
+	vmovd	$h2#d,$H4
+	jmp	.Lproceed_avx
+
+.align	32
+.Lstore_base2_64_avx:
+	mov	$h0,0($ctx)
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)		# note that is_base2_26 is zeroed
+	jmp	.Ldone_avx
+
+.align	16
+.Lstore_base2_26_avx:
+	mov	%rax#d,0($ctx)		# store hash value base 2^26
+	mov	%rdx#d,4($ctx)
+	mov	$h0#d,8($ctx)
+	mov	$h1#d,12($ctx)
+	mov	$h2#d,16($ctx)
+.align	16
+.Ldone_avx:
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%r12
+	mov	32(%rsp),%rbp
+	mov	40(%rsp),%rbx
+	lea	48(%rsp),%rsp
+.Lno_data_avx:
+.Lblocks_avx_epilogue:
+	ret
+
+.align	32
+.Lbase2_64_avx:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lbase2_64_avx_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2#d
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	test	\$31,$len
+	jz	.Linit_avx
+
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+
+.Linit_avx:
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$d1
+	mov	$h1,$d2
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$d1
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$d1,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$d2
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$d2,$h2			# h[4]
+
+	vmovd	%rax#d,$H0
+	vmovd	%rdx#d,$H1
+	vmovd	$h0#d,$H2
+	vmovd	$h1#d,$H3
+	vmovd	$h2#d,$H4
+	movl	\$1,20($ctx)		# set is_base2_26
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx:
+	mov	%r15,$len
+
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%r12
+	mov	32(%rsp),%rbp
+	mov	40(%rsp),%rbx
+	lea	48(%rsp),%rax
+	lea	48(%rsp),%rsp
+.Lbase2_64_avx_epilogue:
+	jmp	.Ldo_avx
+
+.align	32
+.Leven_avx:
+	vmovd		4*0($ctx),$H0		# load hash value
+	vmovd		4*1($ctx),$H1
+	vmovd		4*2($ctx),$H2
+	vmovd		4*3($ctx),$H3
+	vmovd		4*4($ctx),$H4
+
+.Ldo_avx:
+___
+$code.=<<___	if (!$win64);
+	lea		-0x58(%rsp),%r11
+	sub		\$0x178,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x218,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx_body:
+___
+$code.=<<___;
+	sub		\$64,$len
+	lea		-32($inp),%rax
+	cmovc		%rax,$inp
+
+	vmovdqu		`16*3`($ctx),$D4	# preload r0^2
+	lea		`16*3+64`($ctx),$ctx	# size optimization
+	lea		.Lconst(%rip),%rcx
+
+	################################################################
+	# load input
+	vmovdqu		16*2($inp),$T0
+	vmovdqu		16*3($inp),$T1
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+
+	vpsrldq		\$6,$T0,$T2		# splat input
+	vpsrldq		\$6,$T1,$T3
+	vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpunpcklqdq	$T3,$T2,$T3		# 2:3
+
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpsrlq		\$26,$T0,$T1
+	vpand		$MASK,$T0,$T0		# 0
+	vpsrlq		\$4,$T3,$T2
+	vpand		$MASK,$T1,$T1		# 1
+	vpsrlq		\$30,$T3,$T3
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	jbe		.Lskip_loop_avx
+
+	# expand and copy pre-calculated table to stack
+	vmovdqu		`16*1-64`($ctx),$D1
+	vmovdqu		`16*2-64`($ctx),$D2
+	vpshufd		\$0xEE,$D4,$D3		# 34xx -> 3434
+	vpshufd		\$0x44,$D4,$D0		# xx12 -> 1212
+	vmovdqa		$D3,-0x90(%r11)
+	vmovdqa		$D0,0x00(%rsp)
+	vpshufd		\$0xEE,$D1,$D4
+	vmovdqu		`16*3-64`($ctx),$D0
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D4,-0x80(%r11)
+	vmovdqa		$D1,0x10(%rsp)
+	vpshufd		\$0xEE,$D2,$D3
+	vmovdqu		`16*4-64`($ctx),$D1
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D3,-0x70(%r11)
+	vmovdqa		$D2,0x20(%rsp)
+	vpshufd		\$0xEE,$D0,$D4
+	vmovdqu		`16*5-64`($ctx),$D2
+	vpshufd		\$0x44,$D0,$D0
+	vmovdqa		$D4,-0x60(%r11)
+	vmovdqa		$D0,0x30(%rsp)
+	vpshufd		\$0xEE,$D1,$D3
+	vmovdqu		`16*6-64`($ctx),$D0
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D3,-0x50(%r11)
+	vmovdqa		$D1,0x40(%rsp)
+	vpshufd		\$0xEE,$D2,$D4
+	vmovdqu		`16*7-64`($ctx),$D1
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D4,-0x40(%r11)
+	vmovdqa		$D2,0x50(%rsp)
+	vpshufd		\$0xEE,$D0,$D3
+	vmovdqu		`16*8-64`($ctx),$D2
+	vpshufd		\$0x44,$D0,$D0
+	vmovdqa		$D3,-0x30(%r11)
+	vmovdqa		$D0,0x60(%rsp)
+	vpshufd		\$0xEE,$D1,$D4
+	vpshufd		\$0x44,$D1,$D1
+	vmovdqa		$D4,-0x20(%r11)
+	vmovdqa		$D1,0x70(%rsp)
+	vpshufd		\$0xEE,$D2,$D3
+	 vmovdqa	0x00(%rsp),$D4		# preload r0^2
+	vpshufd		\$0x44,$D2,$D2
+	vmovdqa		$D3,-0x10(%r11)
+	vmovdqa		$D2,0x80(%rsp)
+
+	jmp		.Loop_avx
+
+.align	32
+.Loop_avx:
+	################################################################
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	#   \___________________/
+	# ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	# ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	#   \___________________/ \____________________/
+	#
+	# Note that we start with inp[2:3]*r^2. This is because it
+	# doesn't depend on reduction in previous iteration.
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# though note that $Tx and $Hx are "reversed" in this section,
+	# and $D4 is preloaded with r0^2...
+
+	vpmuludq	$T0,$D4,$D0		# d0 = h0*r0
+	vpmuludq	$T1,$D4,$D1		# d1 = h1*r0
+	  vmovdqa	$H2,0x20(%r11)				# offload hash
+	vpmuludq	$T2,$D4,$D2		# d3 = h2*r0
+	 vmovdqa	0x10(%rsp),$H2		# r1^2
+	vpmuludq	$T3,$D4,$D3		# d3 = h3*r0
+	vpmuludq	$T4,$D4,$D4		# d4 = h4*r0
+
+	  vmovdqa	$H0,0x00(%r11)				#
+	vpmuludq	0x20(%rsp),$T4,$H0	# h4*s1
+	  vmovdqa	$H1,0x10(%r11)				#
+	vpmuludq	$T3,$H2,$H1		# h3*r1
+	vpaddq		$H0,$D0,$D0		# d0 += h4*s1
+	vpaddq		$H1,$D4,$D4		# d4 += h3*r1
+	  vmovdqa	$H3,0x30(%r11)				#
+	vpmuludq	$T2,$H2,$H0		# h2*r1
+	vpmuludq	$T1,$H2,$H1		# h1*r1
+	vpaddq		$H0,$D3,$D3		# d3 += h2*r1
+	 vmovdqa	0x30(%rsp),$H3		# r2^2
+	vpaddq		$H1,$D2,$D2		# d2 += h1*r1
+	  vmovdqa	$H4,0x40(%r11)				#
+	vpmuludq	$T0,$H2,$H2		# h0*r1
+	 vpmuludq	$T2,$H3,$H0		# h2*r2
+	vpaddq		$H2,$D1,$D1		# d1 += h0*r1
+
+	 vmovdqa	0x40(%rsp),$H4		# s2^2
+	vpaddq		$H0,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$T1,$H3,$H1		# h1*r2
+	vpmuludq	$T0,$H3,$H3		# h0*r2
+	vpaddq		$H1,$D3,$D3		# d3 += h1*r2
+	 vmovdqa	0x50(%rsp),$H2		# r3^2
+	vpaddq		$H3,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$T4,$H4,$H0		# h4*s2
+	vpmuludq	$T3,$H4,$H4		# h3*s2
+	vpaddq		$H0,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	0x60(%rsp),$H3		# s3^2
+	vpaddq		$H4,$D0,$D0		# d0 += h3*s2
+
+	 vmovdqa	0x80(%rsp),$H4		# s4^2
+	vpmuludq	$T1,$H2,$H1		# h1*r3
+	vpmuludq	$T0,$H2,$H2		# h0*r3
+	vpaddq		$H1,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$T4,$H3,$H0		# h4*s3
+	vpmuludq	$T3,$H3,$H1		# h3*s3
+	vpaddq		$H0,$D2,$D2		# d2 += h4*s3
+	 vmovdqu	16*0($inp),$H0				# load input
+	vpaddq		$H1,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$T2,$H3,$H3		# h2*s3
+	 vpmuludq	$T2,$H4,$T2		# h2*s4
+	vpaddq		$H3,$D0,$D0		# d0 += h2*s3
+
+	 vmovdqu	16*1($inp),$H1				#
+	vpaddq		$T2,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$T3,$H4,$T3		# h3*s4
+	vpmuludq	$T4,$H4,$T4		# h4*s4
+	 vpsrldq	\$6,$H0,$H2				# splat input
+	vpaddq		$T3,$D2,$D2		# d2 += h3*s4
+	vpaddq		$T4,$D3,$D3		# d3 += h4*s4
+	 vpsrldq	\$6,$H1,$H3				#
+	vpmuludq	0x70(%rsp),$T0,$T4	# h0*r4
+	vpmuludq	$T1,$H4,$T0		# h1*s4
+	 vpunpckhqdq	$H1,$H0,$H4		# 4
+	vpaddq		$T4,$D4,$D4		# d4 += h0*r4
+	 vmovdqa	-0x90(%r11),$T4		# r0^4
+	vpaddq		$T0,$D0,$D0		# d0 += h1*s4
+
+	vpunpcklqdq	$H1,$H0,$H0		# 0:1
+	vpunpcklqdq	$H3,$H2,$H3		# 2:3
+
+	#vpsrlq		\$40,$H4,$H4		# 4
+	vpsrldq		\$`40/8`,$H4,$H4	# 4
+	vpsrlq		\$26,$H0,$H1
+	vpand		$MASK,$H0,$H0		# 0
+	vpsrlq		\$4,$H3,$H2
+	vpand		$MASK,$H1,$H1		# 1
+	vpand		0(%rcx),$H4,$H4		# .Lmask24
+	vpsrlq		\$30,$H3,$H3
+	vpand		$MASK,$H2,$H2		# 2
+	vpand		$MASK,$H3,$H3		# 3
+	vpor		32(%rcx),$H4,$H4	# padbit, yes, always
+
+	vpaddq		0x00(%r11),$H0,$H0	# add hash value
+	vpaddq		0x10(%r11),$H1,$H1
+	vpaddq		0x20(%r11),$H2,$H2
+	vpaddq		0x30(%r11),$H3,$H3
+	vpaddq		0x40(%r11),$H4,$H4
+
+	lea		16*2($inp),%rax
+	lea		16*4($inp),$inp
+	sub		\$64,$len
+	cmovc		%rax,$inp
+
+	################################################################
+	# Now we accumulate (inp[0:1]+hash)*r^4
+	################################################################
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	vpmuludq	$H0,$T4,$T0		# h0*r0
+	vpmuludq	$H1,$T4,$T1		# h1*r0
+	vpaddq		$T0,$D0,$D0
+	vpaddq		$T1,$D1,$D1
+	 vmovdqa	-0x80(%r11),$T2		# r1^4
+	vpmuludq	$H2,$T4,$T0		# h2*r0
+	vpmuludq	$H3,$T4,$T1		# h3*r0
+	vpaddq		$T0,$D2,$D2
+	vpaddq		$T1,$D3,$D3
+	vpmuludq	$H4,$T4,$T4		# h4*r0
+	 vpmuludq	-0x70(%r11),$H4,$T0	# h4*s1
+	vpaddq		$T4,$D4,$D4
+
+	vpaddq		$T0,$D0,$D0		# d0 += h4*s1
+	vpmuludq	$H2,$T2,$T1		# h2*r1
+	vpmuludq	$H3,$T2,$T0		# h3*r1
+	vpaddq		$T1,$D3,$D3		# d3 += h2*r1
+	 vmovdqa	-0x60(%r11),$T3		# r2^4
+	vpaddq		$T0,$D4,$D4		# d4 += h3*r1
+	vpmuludq	$H1,$T2,$T1		# h1*r1
+	vpmuludq	$H0,$T2,$T2		# h0*r1
+	vpaddq		$T1,$D2,$D2		# d2 += h1*r1
+	vpaddq		$T2,$D1,$D1		# d1 += h0*r1
+
+	 vmovdqa	-0x50(%r11),$T4		# s2^4
+	vpmuludq	$H2,$T3,$T0		# h2*r2
+	vpmuludq	$H1,$T3,$T1		# h1*r2
+	vpaddq		$T0,$D4,$D4		# d4 += h2*r2
+	vpaddq		$T1,$D3,$D3		# d3 += h1*r2
+	 vmovdqa	-0x40(%r11),$T2		# r3^4
+	vpmuludq	$H0,$T3,$T3		# h0*r2
+	vpmuludq	$H4,$T4,$T0		# h4*s2
+	vpaddq		$T3,$D2,$D2		# d2 += h0*r2
+	vpaddq		$T0,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	-0x30(%r11),$T3		# s3^4
+	vpmuludq	$H3,$T4,$T4		# h3*s2
+	 vpmuludq	$H1,$T2,$T1		# h1*r3
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+
+	 vmovdqa	-0x10(%r11),$T4		# s4^4
+	vpaddq		$T1,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$H0,$T2,$T2		# h0*r3
+	vpmuludq	$H4,$T3,$T0		# h4*s3
+	vpaddq		$T2,$D3,$D3		# d3 += h0*r3
+	vpaddq		$T0,$D2,$D2		# d2 += h4*s3
+	 vmovdqu	16*2($inp),$T0				# load input
+	vpmuludq	$H3,$T3,$T2		# h3*s3
+	vpmuludq	$H2,$T3,$T3		# h2*s3
+	vpaddq		$T2,$D1,$D1		# d1 += h3*s3
+	 vmovdqu	16*3($inp),$T1				#
+	vpaddq		$T3,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$H2,$T4,$H2		# h2*s4
+	vpmuludq	$H3,$T4,$H3		# h3*s4
+	 vpsrldq	\$6,$T0,$T2				# splat input
+	vpaddq		$H2,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$H4,$T4,$H4		# h4*s4
+	 vpsrldq	\$6,$T1,$T3				#
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*s4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*s4
+	vpmuludq	-0x20(%r11),$H0,$H4	# h0*r4
+	vpmuludq	$H1,$T4,$H0
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpunpcklqdq	$T3,$T2,$T3		# 2:3
+
+	#vpsrlq		\$40,$T4,$T4		# 4
+	vpsrldq		\$`40/8`,$T4,$T4	# 4
+	vpsrlq		\$26,$T0,$T1
+	 vmovdqa	0x00(%rsp),$D4		# preload r0^2
+	vpand		$MASK,$T0,$T0		# 0
+	vpsrlq		\$4,$T3,$T2
+	vpand		$MASK,$T1,$T1		# 1
+	vpand		0(%rcx),$T4,$T4		# .Lmask24
+	vpsrlq		\$30,$T3,$T3
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	################################################################
+	# lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	# and P. Schwabe
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D0
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D0,$H0,$H0
+	vpsllq		\$2,$D0,$D0
+	vpaddq		$D0,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	ja		.Loop_avx
+
+.Lskip_loop_avx:
+	################################################################
+	# multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	vpshufd		\$0x10,$D4,$D4		# r0^n, xx12 -> x1x2
+	add		\$32,$len
+	jnz		.Long_tail_avx
+
+	vpaddq		$H2,$T2,$T2
+	vpaddq		$H0,$T0,$T0
+	vpaddq		$H1,$T1,$T1
+	vpaddq		$H3,$T3,$T3
+	vpaddq		$H4,$T4,$T4
+
+.Long_tail_avx:
+	vmovdqa		$H2,0x20(%r11)
+	vmovdqa		$H0,0x00(%r11)
+	vmovdqa		$H1,0x10(%r11)
+	vmovdqa		$H3,0x30(%r11)
+	vmovdqa		$H4,0x40(%r11)
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+
+	vpmuludq	$T2,$D4,$D2		# d2 = h2*r0
+	vpmuludq	$T0,$D4,$D0		# d0 = h0*r0
+	 vpshufd	\$0x10,`16*1-64`($ctx),$H2		# r1^n
+	vpmuludq	$T1,$D4,$D1		# d1 = h1*r0
+	vpmuludq	$T3,$D4,$D3		# d3 = h3*r0
+	vpmuludq	$T4,$D4,$D4		# d4 = h4*r0
+
+	vpmuludq	$T3,$H2,$H0		# h3*r1
+	vpaddq		$H0,$D4,$D4		# d4 += h3*r1
+	 vpshufd	\$0x10,`16*2-64`($ctx),$H3		# s1^n
+	vpmuludq	$T2,$H2,$H1		# h2*r1
+	vpaddq		$H1,$D3,$D3		# d3 += h2*r1
+	 vpshufd	\$0x10,`16*3-64`($ctx),$H4		# r2^n
+	vpmuludq	$T1,$H2,$H0		# h1*r1
+	vpaddq		$H0,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$T0,$H2,$H2		# h0*r1
+	vpaddq		$H2,$D1,$D1		# d1 += h0*r1
+	vpmuludq	$T4,$H3,$H3		# h4*s1
+	vpaddq		$H3,$D0,$D0		# d0 += h4*s1
+
+	 vpshufd	\$0x10,`16*4-64`($ctx),$H2		# s2^n
+	vpmuludq	$T2,$H4,$H1		# h2*r2
+	vpaddq		$H1,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$T1,$H4,$H0		# h1*r2
+	vpaddq		$H0,$D3,$D3		# d3 += h1*r2
+	 vpshufd	\$0x10,`16*5-64`($ctx),$H3		# r3^n
+	vpmuludq	$T0,$H4,$H4		# h0*r2
+	vpaddq		$H4,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$T4,$H2,$H1		# h4*s2
+	vpaddq		$H1,$D1,$D1		# d1 += h4*s2
+	 vpshufd	\$0x10,`16*6-64`($ctx),$H4		# s3^n
+	vpmuludq	$T3,$H2,$H2		# h3*s2
+	vpaddq		$H2,$D0,$D0		# d0 += h3*s2
+
+	vpmuludq	$T1,$H3,$H0		# h1*r3
+	vpaddq		$H0,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$T0,$H3,$H3		# h0*r3
+	vpaddq		$H3,$D3,$D3		# d3 += h0*r3
+	 vpshufd	\$0x10,`16*7-64`($ctx),$H2		# r4^n
+	vpmuludq	$T4,$H4,$H1		# h4*s3
+	vpaddq		$H1,$D2,$D2		# d2 += h4*s3
+	 vpshufd	\$0x10,`16*8-64`($ctx),$H3		# s4^n
+	vpmuludq	$T3,$H4,$H0		# h3*s3
+	vpaddq		$H0,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$T2,$H4,$H4		# h2*s3
+	vpaddq		$H4,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$T0,$H2,$H2		# h0*r4
+	vpaddq		$H2,$D4,$D4		# h4 = d4 + h0*r4
+	vpmuludq	$T4,$H3,$H1		# h4*s4
+	vpaddq		$H1,$D3,$D3		# h3 = d3 + h4*s4
+	vpmuludq	$T3,$H3,$H0		# h3*s4
+	vpaddq		$H0,$D2,$D2		# h2 = d2 + h3*s4
+	vpmuludq	$T2,$H3,$H1		# h2*s4
+	vpaddq		$H1,$D1,$D1		# h1 = d1 + h2*s4
+	vpmuludq	$T1,$H3,$H3		# h1*s4
+	vpaddq		$H3,$D0,$D0		# h0 = d0 + h1*s4
+
+	jz		.Lshort_tail_avx
+
+	vmovdqu		16*0($inp),$H0		# load input
+	vmovdqu		16*1($inp),$H1
+
+	vpsrldq		\$6,$H0,$H2		# splat input
+	vpsrldq		\$6,$H1,$H3
+	vpunpckhqdq	$H1,$H0,$H4		# 4
+	vpunpcklqdq	$H1,$H0,$H0		# 0:1
+	vpunpcklqdq	$H3,$H2,$H3		# 2:3
+
+	vpsrlq		\$40,$H4,$H4		# 4
+	vpsrlq		\$26,$H0,$H1
+	vpand		$MASK,$H0,$H0		# 0
+	vpsrlq		\$4,$H3,$H2
+	vpand		$MASK,$H1,$H1		# 1
+	vpsrlq		\$30,$H3,$H3
+	vpand		$MASK,$H2,$H2		# 2
+	vpand		$MASK,$H3,$H3		# 3
+	vpor		32(%rcx),$H4,$H4	# padbit, yes, always
+
+	vpshufd		\$0x32,`16*0-64`($ctx),$T4	# r0^n, 34xx -> x3x4
+	vpaddq		0x00(%r11),$H0,$H0
+	vpaddq		0x10(%r11),$H1,$H1
+	vpaddq		0x20(%r11),$H2,$H2
+	vpaddq		0x30(%r11),$H3,$H3
+	vpaddq		0x40(%r11),$H4,$H4
+
+	################################################################
+	# multiply (inp[0:1]+hash) by r^4:r^3 and accumulate
+
+	vpmuludq	$H0,$T4,$T0		# h0*r0
+	vpaddq		$T0,$D0,$D0		# d0 += h0*r0
+	vpmuludq	$H1,$T4,$T1		# h1*r0
+	vpaddq		$T1,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H2,$T4,$T0		# h2*r0
+	vpaddq		$T0,$D2,$D2		# d2 += h2*r0
+	 vpshufd	\$0x32,`16*1-64`($ctx),$T2		# r1^n
+	vpmuludq	$H3,$T4,$T1		# h3*r0
+	vpaddq		$T1,$D3,$D3		# d3 += h3*r0
+	vpmuludq	$H4,$T4,$T4		# h4*r0
+	vpaddq		$T4,$D4,$D4		# d4 += h4*r0
+
+	vpmuludq	$H3,$T2,$T0		# h3*r1
+	vpaddq		$T0,$D4,$D4		# d4 += h3*r1
+	 vpshufd	\$0x32,`16*2-64`($ctx),$T3		# s1
+	vpmuludq	$H2,$T2,$T1		# h2*r1
+	vpaddq		$T1,$D3,$D3		# d3 += h2*r1
+	 vpshufd	\$0x32,`16*3-64`($ctx),$T4		# r2
+	vpmuludq	$H1,$T2,$T0		# h1*r1
+	vpaddq		$T0,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H0,$T2,$T2		# h0*r1
+	vpaddq		$T2,$D1,$D1		# d1 += h0*r1
+	vpmuludq	$H4,$T3,$T3		# h4*s1
+	vpaddq		$T3,$D0,$D0		# d0 += h4*s1
+
+	 vpshufd	\$0x32,`16*4-64`($ctx),$T2		# s2
+	vpmuludq	$H2,$T4,$T1		# h2*r2
+	vpaddq		$T1,$D4,$D4		# d4 += h2*r2
+	vpmuludq	$H1,$T4,$T0		# h1*r2
+	vpaddq		$T0,$D3,$D3		# d3 += h1*r2
+	 vpshufd	\$0x32,`16*5-64`($ctx),$T3		# r3
+	vpmuludq	$H0,$T4,$T4		# h0*r2
+	vpaddq		$T4,$D2,$D2		# d2 += h0*r2
+	vpmuludq	$H4,$T2,$T1		# h4*s2
+	vpaddq		$T1,$D1,$D1		# d1 += h4*s2
+	 vpshufd	\$0x32,`16*6-64`($ctx),$T4		# s3
+	vpmuludq	$H3,$T2,$T2		# h3*s2
+	vpaddq		$T2,$D0,$D0		# d0 += h3*s2
+
+	vpmuludq	$H1,$T3,$T0		# h1*r3
+	vpaddq		$T0,$D4,$D4		# d4 += h1*r3
+	vpmuludq	$H0,$T3,$T3		# h0*r3
+	vpaddq		$T3,$D3,$D3		# d3 += h0*r3
+	 vpshufd	\$0x32,`16*7-64`($ctx),$T2		# r4
+	vpmuludq	$H4,$T4,$T1		# h4*s3
+	vpaddq		$T1,$D2,$D2		# d2 += h4*s3
+	 vpshufd	\$0x32,`16*8-64`($ctx),$T3		# s4
+	vpmuludq	$H3,$T4,$T0		# h3*s3
+	vpaddq		$T0,$D1,$D1		# d1 += h3*s3
+	vpmuludq	$H2,$T4,$T4		# h2*s3
+	vpaddq		$T4,$D0,$D0		# d0 += h2*s3
+
+	vpmuludq	$H0,$T2,$T2		# h0*r4
+	vpaddq		$T2,$D4,$D4		# d4 += h0*r4
+	vpmuludq	$H4,$T3,$T1		# h4*s4
+	vpaddq		$T1,$D3,$D3		# d3 += h4*s4
+	vpmuludq	$H3,$T3,$T0		# h3*s4
+	vpaddq		$T0,$D2,$D2		# d2 += h3*s4
+	vpmuludq	$H2,$T3,$T1		# h2*s4
+	vpaddq		$T1,$D1,$D1		# d1 += h2*s4
+	vpmuludq	$H1,$T3,$T3		# h1*s4
+	vpaddq		$T3,$D0,$D0		# d0 += h1*s4
+
+.Lshort_tail_avx:
+	################################################################
+	# horizontal addition
+
+	vpsrldq		\$8,$D4,$T4
+	vpsrldq		\$8,$D3,$T3
+	vpsrldq		\$8,$D1,$T1
+	vpsrldq		\$8,$D0,$T0
+	vpsrldq		\$8,$D2,$T2
+	vpaddq		$T3,$D3,$D3
+	vpaddq		$T4,$D4,$D4
+	vpaddq		$T0,$D0,$D0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$D2,$D2
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$D3,$H3
+	vpand		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$D4		# h3 -> h4
+
+	vpsrlq		\$26,$D0,$H0
+	vpand		$MASK,$D0,$D0
+	vpaddq		$H0,$D1,$D1		# h0 -> h1
+
+	vpsrlq		\$26,$D4,$H4
+	vpand		$MASK,$D4,$D4
+
+	vpsrlq		\$26,$D1,$H1
+	vpand		$MASK,$D1,$D1
+	vpaddq		$H1,$D2,$D2		# h1 -> h2
+
+	vpaddq		$H4,$D0,$D0
+	vpsllq		\$2,$H4,$H4
+	vpaddq		$H4,$D0,$D0		# h4 -> h0
+
+	vpsrlq		\$26,$D2,$H2
+	vpand		$MASK,$D2,$D2
+	vpaddq		$H2,$D3,$D3		# h2 -> h3
+
+	vpsrlq		\$26,$D0,$H0
+	vpand		$MASK,$D0,$D0
+	vpaddq		$H0,$D1,$D1		# h0 -> h1
+
+	vpsrlq		\$26,$D3,$H3
+	vpand		$MASK,$D3,$D3
+	vpaddq		$H3,$D4,$D4		# h3 -> h4
+
+	vmovd		$D0,`4*0-48-64`($ctx)	# save partially reduced
+	vmovd		$D1,`4*1-48-64`($ctx)
+	vmovd		$D2,`4*2-48-64`($ctx)
+	vmovd		$D3,`4*3-48-64`($ctx)
+	vmovd		$D4,`4*4-48-64`($ctx)
+___
+$code.=<<___	if ($win64);
+	vmovdqa		0x50(%r11),%xmm6
+	vmovdqa		0x60(%r11),%xmm7
+	vmovdqa		0x70(%r11),%xmm8
+	vmovdqa		0x80(%r11),%xmm9
+	vmovdqa		0x90(%r11),%xmm10
+	vmovdqa		0xa0(%r11),%xmm11
+	vmovdqa		0xb0(%r11),%xmm12
+	vmovdqa		0xc0(%r11),%xmm13
+	vmovdqa		0xd0(%r11),%xmm14
+	vmovdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		0x58(%r11),%rsp
+___
+$code.=<<___;
+	vzeroupper
+	ret
+.size	poly1305_blocks_avx,.-poly1305_blocks_avx
+
+.type	poly1305_emit_avx,\@function,3
+.align	32
+poly1305_emit_avx:
+	cmpl	\$0,20($ctx)	# is_base2_26?
+	je	.Lemit
+
+	mov	0($ctx),%eax	# load hash value base 2^26
+	mov	4($ctx),%ecx
+	mov	8($ctx),%r8d
+	mov	12($ctx),%r11d
+	mov	16($ctx),%r10d
+
+	shl	\$26,%rcx	# base 2^26 -> base 2^64
+	mov	%r8,%r9
+	shl	\$52,%r8
+	add	%rcx,%rax
+	shr	\$12,%r9
+	add	%rax,%r8	# h0
+	adc	\$0,%r9
+
+	shl	\$14,%r11
+	mov	%r10,%rax
+	shr	\$24,%r10
+	add	%r11,%r9
+	shl	\$40,%rax
+	add	%rax,%r9	# h1
+	adc	\$0,%r10	# h2
+
+	mov	%r10,%rax	# could be partially reduced, so reduce
+	mov	%r10,%rcx
+	and	\$3,%r10
+	shr	\$2,%rax
+	and	\$-4,%rcx
+	add	%rcx,%rax
+	add	%rax,%r8
+	adc	\$0,%r9
+	adc	\$0,%r10
+
+	mov	%r8,%rax
+	add	\$5,%r8		# compare to modulus
+	mov	%r9,%rcx
+	adc	\$0,%r9
+	adc	\$0,%r10
+	shr	\$2,%r10	# did 130-bit value overfow?
+	cmovnz	%r8,%rax
+	cmovnz	%r9,%rcx
+
+	add	0($nonce),%rax	# accumulate nonce
+	adc	8($nonce),%rcx
+	mov	%rax,0($mac)	# write result
+	mov	%rcx,8($mac)
+
+	ret
+.size	poly1305_emit_avx,.-poly1305_emit_avx
+___
+
+if ($avx>1) {
+my ($H0,$H1,$H2,$H3,$H4, $MASK, $T4,$T0,$T1,$T2,$T3, $D0,$D1,$D2,$D3,$D4) =
+    map("%ymm$_",(0..15));
+my $S4=$MASK;
+
+$code.=<<___;
+.type	poly1305_blocks_avx2,\@function,4
+.align	32
+poly1305_blocks_avx2:
+	mov	20($ctx),%r8d		# is_base2_26
+	cmp	\$128,$len
+	jae	.Lblocks_avx2
+	test	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx2:
+	and	\$-16,$len
+	jz	.Lno_data_avx2
+
+	vzeroupper
+
+	test	%r8d,%r8d
+	jz	.Lbase2_64_avx2
+
+	test	\$63,$len
+	jz	.Leven_avx2
+
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lblocks_avx2_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	0($ctx),$d1		# load hash value
+	mov	8($ctx),$d2
+	mov	16($ctx),$h2#d
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	################################# base 2^26 -> base 2^64
+	mov	$d1#d,$h0#d
+	and	\$`-1*(1<<31)`,$d1
+	mov	$d2,$r1			# borrow $r1
+	mov	$d2#d,$h1#d
+	and	\$`-1*(1<<31)`,$d2
+
+	shr	\$6,$d1
+	shl	\$52,$r1
+	add	$d1,$h0
+	shr	\$12,$h1
+	shr	\$18,$d2
+	add	$r1,$h0
+	adc	$d2,$h1
+
+	mov	$h2,$d1
+	shl	\$40,$d1
+	shr	\$24,$h2
+	add	$d1,$h1
+	adc	\$0,$h2			# can be partially reduced...
+
+	mov	\$-4,$d2		# ... so reduce
+	mov	$h2,$d1
+	and	$h2,$d2
+	shr	\$2,$d1
+	and	\$3,$h2
+	add	$d2,$d1			# =*5
+	add	$d1,$h0
+	adc	\$0,$h1
+	adc	\$0,$h2
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+.Lbase2_26_pre_avx2:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+	mov	$r1,%rax
+
+	test	\$63,%r15
+	jnz	.Lbase2_26_pre_avx2
+
+	test	$padbit,$padbit		# if $padbit is zero,
+	jz	.Lstore_base2_64_avx2	# store hash in base 2^64 format
+
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$r0
+	mov	$h1,$r1
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$r0
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$r0,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$r1
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$r1,$h2			# h[4]
+
+	test	%r15,%r15
+	jz	.Lstore_base2_26_avx2
+
+	vmovd	%rax#d,%x#$H0
+	vmovd	%rdx#d,%x#$H1
+	vmovd	$h0#d,%x#$H2
+	vmovd	$h1#d,%x#$H3
+	vmovd	$h2#d,%x#$H4
+	jmp	.Lproceed_avx2
+
+.align	32
+.Lstore_base2_64_avx2:
+	mov	$h0,0($ctx)
+	mov	$h1,8($ctx)
+	mov	$h2,16($ctx)		# note that is_base2_26 is zeroed
+	jmp	.Ldone_avx2
+
+.align	16
+.Lstore_base2_26_avx2:
+	mov	%rax#d,0($ctx)		# store hash value base 2^26
+	mov	%rdx#d,4($ctx)
+	mov	$h0#d,8($ctx)
+	mov	$h1#d,12($ctx)
+	mov	$h2#d,16($ctx)
+.align	16
+.Ldone_avx2:
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%r12
+	mov	32(%rsp),%rbp
+	mov	40(%rsp),%rbx
+	lea	48(%rsp),%rsp
+.Lno_data_avx2:
+.Lblocks_avx2_epilogue:
+	ret
+
+.align	32
+.Lbase2_64_avx2:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+.Lbase2_64_avx2_body:
+
+	mov	$len,%r15		# reassign $len
+
+	mov	24($ctx),$r0		# load r
+	mov	32($ctx),$s1
+
+	mov	0($ctx),$h0		# load hash value
+	mov	8($ctx),$h1
+	mov	16($ctx),$h2#d
+
+	mov	$s1,$r1
+	mov	$s1,%rax
+	shr	\$2,$s1
+	add	$r1,$s1			# s1 = r1 + (r1 >> 2)
+
+	test	\$63,$len
+	jz	.Linit_avx2
+
+.Lbase2_64_pre_avx2:
+	add	0($inp),$h0		# accumulate input
+	adc	8($inp),$h1
+	lea	16($inp),$inp
+	adc	$padbit,$h2
+	sub	\$16,%r15
+
+	call	__poly1305_block
+	mov	$r1,%rax
+
+	test	\$63,%r15
+	jnz	.Lbase2_64_pre_avx2
+
+.Linit_avx2:
+	################################# base 2^64 -> base 2^26
+	mov	$h0,%rax
+	mov	$h0,%rdx
+	shr	\$52,$h0
+	mov	$h1,$d1
+	mov	$h1,$d2
+	shr	\$26,%rdx
+	and	\$0x3ffffff,%rax	# h[0]
+	shl	\$12,$d1
+	and	\$0x3ffffff,%rdx	# h[1]
+	shr	\$14,$h1
+	or	$d1,$h0
+	shl	\$24,$h2
+	and	\$0x3ffffff,$h0		# h[2]
+	shr	\$40,$d2
+	and	\$0x3ffffff,$h1		# h[3]
+	or	$d2,$h2			# h[4]
+
+	vmovd	%rax#d,%x#$H0
+	vmovd	%rdx#d,%x#$H1
+	vmovd	$h0#d,%x#$H2
+	vmovd	$h1#d,%x#$H3
+	vmovd	$h2#d,%x#$H4
+	movl	\$1,20($ctx)		# set is_base2_26
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx2:
+	mov	%r15,$len
+
+	mov	0(%rsp),%r15
+	mov	8(%rsp),%r14
+	mov	16(%rsp),%r13
+	mov	24(%rsp),%r12
+	mov	32(%rsp),%rbp
+	mov	40(%rsp),%rbx
+	lea	48(%rsp),%rax
+	lea	48(%rsp),%rsp
+.Lbase2_64_avx2_epilogue:
+	jmp	.Ldo_avx2
+
+.align	32
+.Leven_avx2:
+	vmovd		4*0($ctx),%x#$H0	# load hash value base 2^26
+	vmovd		4*1($ctx),%x#$H1
+	vmovd		4*2($ctx),%x#$H2
+	vmovd		4*3($ctx),%x#$H3
+	vmovd		4*4($ctx),%x#$H4
+
+.Ldo_avx2:
+___
+$code.=<<___	if (!$win64);
+	lea		-8(%rsp),%r11
+	sub		\$0x128,%rsp
+___
+$code.=<<___	if ($win64);
+	lea		-0xf8(%rsp),%r11
+	sub		\$0x1c8,%rsp
+	vmovdqa		%xmm6,0x50(%r11)
+	vmovdqa		%xmm7,0x60(%r11)
+	vmovdqa		%xmm8,0x70(%r11)
+	vmovdqa		%xmm9,0x80(%r11)
+	vmovdqa		%xmm10,0x90(%r11)
+	vmovdqa		%xmm11,0xa0(%r11)
+	vmovdqa		%xmm12,0xb0(%r11)
+	vmovdqa		%xmm13,0xc0(%r11)
+	vmovdqa		%xmm14,0xd0(%r11)
+	vmovdqa		%xmm15,0xe0(%r11)
+.Ldo_avx2_body:
+___
+$code.=<<___;
+	lea		48+64($ctx),$ctx	# size optimization
+	lea		.Lconst(%rip),%rcx
+
+	# expand and copy pre-calculated table to stack
+	vmovdqu		`16*0-64`($ctx),%x#$T2
+	and		\$-512,%rsp
+	vmovdqu		`16*1-64`($ctx),%x#$T3
+	vmovdqu		`16*2-64`($ctx),%x#$T4
+	vmovdqu		`16*3-64`($ctx),%x#$D0
+	vmovdqu		`16*4-64`($ctx),%x#$D1
+	vmovdqu		`16*5-64`($ctx),%x#$D2
+	vmovdqu		`16*6-64`($ctx),%x#$D3
+	vpermq		\$0x15,$T2,$T2		# 00003412 -> 12343434
+	vmovdqu		`16*7-64`($ctx),%x#$D4
+	vpermq		\$0x15,$T3,$T3
+	vpshufd		\$0xc8,$T2,$T2		# 12343434 -> 14243444
+	vmovdqu		`16*8-64`($ctx),%x#$MASK
+	vpermq		\$0x15,$T4,$T4
+	vpshufd		\$0xc8,$T3,$T3
+	vmovdqa		$T2,0x00(%rsp)
+	vpermq		\$0x15,$D0,$D0
+	vpshufd		\$0xc8,$T4,$T4
+	vmovdqa		$T3,0x20(%rsp)
+	vpermq		\$0x15,$D1,$D1
+	vpshufd		\$0xc8,$D0,$D0
+	vmovdqa		$T4,0x40(%rsp)
+	vpermq		\$0x15,$D2,$D2
+	vpshufd		\$0xc8,$D1,$D1
+	vmovdqa		$D0,0x60(%rsp)
+	vpermq		\$0x15,$D3,$D3
+	vpshufd		\$0xc8,$D2,$D2
+	vmovdqa		$D1,0x80(%rsp)
+	vpermq		\$0x15,$D4,$D4
+	vpshufd		\$0xc8,$D3,$D3
+	vmovdqa		$D2,0xa0(%rsp)
+	vpermq		\$0x15,$MASK,$MASK
+	vpshufd		\$0xc8,$D4,$D4
+	vmovdqa		$D3,0xc0(%rsp)
+	vpshufd		\$0xc8,$MASK,$MASK
+	vmovdqa		$D4,0xe0(%rsp)
+	vmovdqa		$MASK,0x100(%rsp)
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+
+	################################################################
+	# load input
+	vmovdqu		16*0($inp),%x#$T0
+	vmovdqu		16*1($inp),%x#$T1
+	vinserti128	\$1,16*2($inp),$T0,$T0
+	vinserti128	\$1,16*3($inp),$T1,$T1
+	lea		16*4($inp),$inp
+
+	vpsrldq		\$6,$T0,$T2		# splat input
+	vpsrldq		\$6,$T1,$T3
+	vpunpckhqdq	$T1,$T0,$T4		# 4
+	vpunpcklqdq	$T3,$T2,$T2		# 2:3
+	vpunpcklqdq	$T1,$T0,$T0		# 0:1
+
+	vpsrlq		\$30,$T2,$T3
+	vpsrlq		\$4,$T2,$T2
+	vpsrlq		\$26,$T0,$T1
+	vpsrlq		\$40,$T4,$T4		# 4
+	vpand		$MASK,$T2,$T2		# 2
+	vpand		$MASK,$T0,$T0		# 0
+	vpand		$MASK,$T1,$T1		# 1
+	vpand		$MASK,$T3,$T3		# 3
+	vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	lea		0x90(%rsp),%rax		# size optimization
+	vpaddq		$H2,$T2,$H2		# accumulate input
+	sub		\$64,$len
+	jz		.Ltail_avx2
+	jmp		.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	################################################################
+	# ((inp[0]*r^4+r[4])*r^4+r[8])*r^4
+	# ((inp[1]*r^4+r[5])*r^4+r[9])*r^3
+	# ((inp[2]*r^4+r[6])*r^4+r[10])*r^2
+	# ((inp[3]*r^4+r[7])*r^4+r[11])*r^1
+	#   \________/\________/
+	################################################################
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+	vmovdqa		`32*0`(%rsp),$T0	# r0^4
+	vpaddq		$H1,$T1,$H1
+	vmovdqa		`32*1`(%rsp),$T1	# r1^4
+	vpaddq		$H3,$T3,$H3
+	vmovdqa		`32*3`(%rsp),$T2	# r2^4
+	vpaddq		$H4,$T4,$H4
+	vmovdqa		`32*6-0x90`(%rax),$T3	# s3^4
+	vmovdqa		`32*8-0x90`(%rax),$S4	# s4^4
+
+	# d4 = h4*r0 + h3*r1   + h2*r2   + h1*r3   + h0*r4
+	# d3 = h3*r0 + h2*r1   + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0 + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3 + h2*5*r4
+	# d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4
+	#
+	# however, as h2 is "chronologically" first one available pull
+	# corresponding operations up, so it's
+	#
+	# d4 = h2*r2   + h4*r0 + h3*r1             + h1*r3   + h0*r4
+	# d3 = h2*r1   + h3*r0           + h1*r2   + h0*r3   + h4*5*r4
+	# d2 = h2*r0           + h1*r1   + h0*r2   + h4*5*r3 + h3*5*r4
+	# d1 = h2*5*r4 + h1*r0 + h0*r1   + h4*5*r2 + h3*5*r3
+	# d0 = h2*5*r3 + h0*r0 + h4*5*r1 + h3*5*r2           + h1*5*r4
+
+	vpmuludq	$H2,$T0,$D2		# d2 = h2*r0
+	vpmuludq	$H2,$T1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$T2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$T3,$D0		# d0 = h2*s3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+
+	vpmuludq	$H0,$T1,$T4		# h0*r1
+	vpmuludq	$H1,$T1,$H2		# h1*r1, borrow $H2 as temp
+	vpaddq		$T4,$D1,$D1		# d1 += h0*r1
+	vpaddq		$H2,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H3,$T1,$T4		# h3*r1
+	vpmuludq	`32*2`(%rsp),$H4,$H2	# h4*s1
+	vpaddq		$T4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$H2,$D0,$D0		# d0 += h4*s1
+	 vmovdqa	`32*4-0x90`(%rax),$T1	# s2
+
+	vpmuludq	$H0,$T0,$T4		# h0*r0
+	vpmuludq	$H1,$T0,$H2		# h1*r0
+	vpaddq		$T4,$D0,$D0		# d0 += h0*r0
+	vpaddq		$H2,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H3,$T0,$T4		# h3*r0
+	vpmuludq	$H4,$T0,$H2		# h4*r0
+	 vmovdqu	16*0($inp),%x#$T0	# load input
+	vpaddq		$T4,$D3,$D3		# d3 += h3*r0
+	vpaddq		$H2,$D4,$D4		# d4 += h4*r0
+	 vinserti128	\$1,16*2($inp),$T0,$T0
+
+	vpmuludq	$H3,$T1,$T4		# h3*s2
+	vpmuludq	$H4,$T1,$H2		# h4*s2
+	 vmovdqu	16*1($inp),%x#$T1
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+	vpaddq		$H2,$D1,$D1		# d1 += h4*s2
+	 vmovdqa	`32*5-0x90`(%rax),$H2	# r3
+	vpmuludq	$H1,$T2,$T4		# h1*r2
+	vpmuludq	$H0,$T2,$T2		# h0*r2
+	vpaddq		$T4,$D3,$D3		# d3 += h1*r2
+	vpaddq		$T2,$D2,$D2		# d2 += h0*r2
+	 vinserti128	\$1,16*3($inp),$T1,$T1
+	 lea		16*4($inp),$inp
+
+	vpmuludq	$H1,$H2,$T4		# h1*r3
+	vpmuludq	$H0,$H2,$H2		# h0*r3
+	 vpsrldq	\$6,$T0,$T2		# splat input
+	vpaddq		$T4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$H3,$T3,$T4		# h3*s3
+	vpmuludq	$H4,$T3,$H2		# h4*s3
+	 vpsrldq	\$6,$T1,$T3
+	vpaddq		$T4,$D1,$D1		# d1 += h3*s3
+	vpaddq		$H2,$D2,$D2		# d2 += h4*s3
+	 vpunpckhqdq	$T1,$T0,$T4		# 4
+
+	vpmuludq	$H3,$S4,$H3		# h3*s4
+	vpmuludq	$H4,$S4,$H4		# h4*s4
+	 vpunpcklqdq	$T1,$T0,$T0		# 0:1
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*r4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*r4
+	 vpunpcklqdq	$T3,$T2,$T3		# 2:3
+	vpmuludq	`32*7-0x90`(%rax),$H0,$H4	# h0*r4
+	vpmuludq	$H1,$S4,$H0		# h1*s4
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	################################################################
+	# lazy reduction (interleaved with tail of input splat)
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	 vpsrlq		\$4,$T3,$T2
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	 vpand		$MASK,$T2,$T2		# 2
+	 vpsrlq		\$26,$T0,$T1
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	 vpaddq		$T2,$H2,$H2		# modulo-scheduled
+	 vpsrlq		\$30,$T3,$T3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	 vpsrlq		\$40,$T4,$T4		# 4
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	 vpand		$MASK,$T0,$T0		# 0
+	 vpand		$MASK,$T1,$T1		# 1
+	 vpand		$MASK,$T3,$T3		# 3
+	 vpor		32(%rcx),$T4,$T4	# padbit, yes, always
+
+	sub		\$64,$len
+	jnz		.Loop_avx2
+
+	.byte		0x66,0x90
+.Ltail_avx2:
+	################################################################
+	# while above multiplications were by r^4 in all lanes, in last
+	# iteration we multiply least significant lane by r^4 and most
+	# significant one by r, so copy of above except that references
+	# to the precomputed table are displaced by 4...
+
+	#vpaddq		$H2,$T2,$H2		# accumulate input
+	vpaddq		$H0,$T0,$H0
+	vmovdqu		`32*0+4`(%rsp),$T0	# r0^4
+	vpaddq		$H1,$T1,$H1
+	vmovdqu		`32*1+4`(%rsp),$T1	# r1^4
+	vpaddq		$H3,$T3,$H3
+	vmovdqu		`32*3+4`(%rsp),$T2	# r2^4
+	vpaddq		$H4,$T4,$H4
+	vmovdqu		`32*6+4-0x90`(%rax),$T3	# s3^4
+	vmovdqu		`32*8+4-0x90`(%rax),$S4	# s4^4
+
+	vpmuludq	$H2,$T0,$D2		# d2 = h2*r0
+	vpmuludq	$H2,$T1,$D3		# d3 = h2*r1
+	vpmuludq	$H2,$T2,$D4		# d4 = h2*r2
+	vpmuludq	$H2,$T3,$D0		# d0 = h2*s3
+	vpmuludq	$H2,$S4,$D1		# d1 = h2*s4
+
+	vpmuludq	$H0,$T1,$T4		# h0*r1
+	vpmuludq	$H1,$T1,$H2		# h1*r1
+	vpaddq		$T4,$D1,$D1		# d1 += h0*r1
+	vpaddq		$H2,$D2,$D2		# d2 += h1*r1
+	vpmuludq	$H3,$T1,$T4		# h3*r1
+	vpmuludq	`32*2+4`(%rsp),$H4,$H2	# h4*s1
+	vpaddq		$T4,$D4,$D4		# d4 += h3*r1
+	vpaddq		$H2,$D0,$D0		# d0 += h4*s1
+
+	vpmuludq	$H0,$T0,$T4		# h0*r0
+	vpmuludq	$H1,$T0,$H2		# h1*r0
+	vpaddq		$T4,$D0,$D0		# d0 += h0*r0
+	 vmovdqu	`32*4+4-0x90`(%rax),$T1	# s2
+	vpaddq		$H2,$D1,$D1		# d1 += h1*r0
+	vpmuludq	$H3,$T0,$T4		# h3*r0
+	vpmuludq	$H4,$T0,$H2		# h4*r0
+	vpaddq		$T4,$D3,$D3		# d3 += h3*r0
+	vpaddq		$H2,$D4,$D4		# d4 += h4*r0
+
+	vpmuludq	$H3,$T1,$T4		# h3*s2
+	vpmuludq	$H4,$T1,$H2		# h4*s2
+	vpaddq		$T4,$D0,$D0		# d0 += h3*s2
+	vpaddq		$H2,$D1,$D1		# d1 += h4*s2
+	 vmovdqu	`32*5+4-0x90`(%rax),$H2	# r3
+	vpmuludq	$H1,$T2,$T4		# h1*r2
+	vpmuludq	$H0,$T2,$T2		# h0*r2
+	vpaddq		$T4,$D3,$D3		# d3 += h1*r2
+	vpaddq		$T2,$D2,$D2		# d2 += h0*r2
+
+	vpmuludq	$H1,$H2,$T4		# h1*r3
+	vpmuludq	$H0,$H2,$H2		# h0*r3
+	vpaddq		$T4,$D4,$D4		# d4 += h1*r3
+	vpaddq		$H2,$D3,$D3		# d3 += h0*r3
+	vpmuludq	$H3,$T3,$T4		# h3*s3
+	vpmuludq	$H4,$T3,$H2		# h4*s3
+	vpaddq		$T4,$D1,$D1		# d1 += h3*s3
+	vpaddq		$H2,$D2,$D2		# d2 += h4*s3
+
+	vpmuludq	$H3,$S4,$H3		# h3*s4
+	vpmuludq	$H4,$S4,$H4		# h4*s4
+	vpaddq		$H3,$D2,$H2		# h2 = d2 + h3*r4
+	vpaddq		$H4,$D3,$H3		# h3 = d3 + h4*r4
+	vpmuludq	`32*7+4-0x90`(%rax),$H0,$H4		# h0*r4
+	vpmuludq	$H1,$S4,$H0		# h1*s4
+	vmovdqa		64(%rcx),$MASK		# .Lmask26
+	vpaddq		$H4,$D4,$H4		# h4 = d4 + h0*r4
+	vpaddq		$H0,$D0,$H0		# h0 = d0 + h1*s4
+
+	################################################################
+	# horizontal addition
+
+	vpsrldq		\$8,$D1,$T1
+	vpsrldq		\$8,$H2,$T2
+	vpsrldq		\$8,$H3,$T3
+	vpsrldq		\$8,$H4,$T4
+	vpsrldq		\$8,$H0,$T0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$H2,$H2
+	vpaddq		$T3,$H3,$H3
+	vpaddq		$T4,$H4,$H4
+	vpaddq		$T0,$H0,$H0
+
+	vpermq		\$0x2,$H3,$T3
+	vpermq		\$0x2,$H4,$T4
+	vpermq		\$0x2,$H0,$T0
+	vpermq		\$0x2,$D1,$T1
+	vpermq		\$0x2,$H2,$T2
+	vpaddq		$T3,$H3,$H3
+	vpaddq		$T4,$H4,$H4
+	vpaddq		$T0,$H0,$H0
+	vpaddq		$T1,$D1,$D1
+	vpaddq		$T2,$H2,$H2
+
+	################################################################
+	# lazy reduction
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$D1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H4,$D4
+	vpand		$MASK,$H4,$H4
+
+	vpsrlq		\$26,$H1,$D1
+	vpand		$MASK,$H1,$H1
+	vpaddq		$D1,$H2,$H2		# h1 -> h2
+
+	vpaddq		$D4,$H0,$H0
+	vpsllq		\$2,$D4,$D4
+	vpaddq		$D4,$H0,$H0		# h4 -> h0
+
+	vpsrlq		\$26,$H2,$D2
+	vpand		$MASK,$H2,$H2
+	vpaddq		$D2,$H3,$H3		# h2 -> h3
+
+	vpsrlq		\$26,$H0,$D0
+	vpand		$MASK,$H0,$H0
+	vpaddq		$D0,$H1,$H1		# h0 -> h1
+
+	vpsrlq		\$26,$H3,$D3
+	vpand		$MASK,$H3,$H3
+	vpaddq		$D3,$H4,$H4		# h3 -> h4
+
+	vmovd		%x#$H0,`4*0-48-64`($ctx)# save partially reduced
+	vmovd		%x#$H1,`4*1-48-64`($ctx)
+	vmovd		%x#$H2,`4*2-48-64`($ctx)
+	vmovd		%x#$H3,`4*3-48-64`($ctx)
+	vmovd		%x#$H4,`4*4-48-64`($ctx)
+___
+$code.=<<___	if ($win64);
+	vmovdqa		0x50(%r11),%xmm6
+	vmovdqa		0x60(%r11),%xmm7
+	vmovdqa		0x70(%r11),%xmm8
+	vmovdqa		0x80(%r11),%xmm9
+	vmovdqa		0x90(%r11),%xmm10
+	vmovdqa		0xa0(%r11),%xmm11
+	vmovdqa		0xb0(%r11),%xmm12
+	vmovdqa		0xc0(%r11),%xmm13
+	vmovdqa		0xd0(%r11),%xmm14
+	vmovdqa		0xe0(%r11),%xmm15
+	lea		0xf8(%r11),%rsp
+.Ldo_avx2_epilogue:
+___
+$code.=<<___	if (!$win64);
+	lea		8(%r11),%rsp
+___
+$code.=<<___;
+	vzeroupper
+	ret
+.size	poly1305_blocks_avx2,.-poly1305_blocks_avx2
+___
+}
+$code.=<<___;
+.align	64
+.Lconst:
+.Lmask24:
+.long	0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
+.L129:
+.long	`1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0
+.Lmask26:
+.long	0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
+.Lfive:
+.long	5,0,5,0,5,0,5,0
+___
+}
+
+$code.=<<___;
+.asciz	"Poly1305 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	se_handler,.-se_handler
+
+.type	avx_handler,\@abi-omnipotent
+.align	16
+avx_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	208($context),%rax	# pull context->R11
+
+	lea	0x50(%rax),%rsi
+	lea	0xf8(%rax),%rax
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	avx_handler,.-avx_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_poly1305_init
+	.rva	.LSEH_end_poly1305_init
+	.rva	.LSEH_info_poly1305_init
+
+	.rva	.LSEH_begin_poly1305_blocks
+	.rva	.LSEH_end_poly1305_blocks
+	.rva	.LSEH_info_poly1305_blocks
+
+	.rva	.LSEH_begin_poly1305_emit
+	.rva	.LSEH_end_poly1305_emit
+	.rva	.LSEH_info_poly1305_emit
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_poly1305_blocks_avx
+	.rva	.Lbase2_64_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_1
+
+	.rva	.Lbase2_64_avx
+	.rva	.Leven_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_2
+
+	.rva	.Leven_avx
+	.rva	.LSEH_end_poly1305_blocks_avx
+	.rva	.LSEH_info_poly1305_blocks_avx_3
+
+	.rva	.LSEH_begin_poly1305_emit_avx
+	.rva	.LSEH_end_poly1305_emit_avx
+	.rva	.LSEH_info_poly1305_emit_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_poly1305_blocks_avx2
+	.rva	.Lbase2_64_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_1
+
+	.rva	.Lbase2_64_avx2
+	.rva	.Leven_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_2
+
+	.rva	.Leven_avx2
+	.rva	.LSEH_end_poly1305_blocks_avx2
+	.rva	.LSEH_info_poly1305_blocks_avx2_3
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_poly1305_init:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_init,.LSEH_begin_poly1305_init
+
+.LSEH_info_poly1305_blocks:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_body,.Lblocks_epilogue
+
+.LSEH_info_poly1305_emit:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_emit,.LSEH_begin_poly1305_emit
+___
+$code.=<<___ if ($avx);
+.LSEH_info_poly1305_blocks_avx_1:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_avx_body,.Lblocks_avx_epilogue		# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx_2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbase2_64_avx_body,.Lbase2_64_avx_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx_3:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx_body,.Ldo_avx_epilogue			# HandlerData[]
+
+.LSEH_info_poly1305_emit_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.LSEH_begin_poly1305_emit_avx,.LSEH_begin_poly1305_emit_avx
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_poly1305_blocks_avx2_1:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lblocks_avx2_body,.Lblocks_avx2_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx2_2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbase2_64_avx2_body,.Lbase2_64_avx2_epilogue	# HandlerData[]
+
+.LSEH_info_poly1305_blocks_avx2_3:
+	.byte	9,0,0,0
+	.rva	avx_handler
+	.rva	.Ldo_avx2_body,.Ldo_avx2_epilogue		# HandlerData[]
+___
+}
+
+foreach (split('\n',$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+	s/%r([a-z]+)#d/%e$1/g;
+	s/%r([0-9]+)#d/%r$1d/g;
+	s/%x#%y/%x/g;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/poly1305/build.info b/openssl-1.1.0h/crypto/poly1305/build.info
new file mode 100644
index 0000000..d575f5a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/build.info
@@ -0,0 +1,20 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        poly1305.c {- $target{poly1305_asm_src} -}
+
+GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-sparcv9.o]=..
+GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+GENERATE[poly1305-x86_64.s]=asm/poly1305-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-ppc.s]=asm/poly1305-ppc.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-ppcfp.s]=asm/poly1305-ppcfp.pl $(PERLASM_SCHEME)
+GENERATE[poly1305-armv4.S]=asm/poly1305-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-armv4.o]=..
+GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[poly1305-armv8.o]=..
+GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
+
+BEGINRAW[Makefile(unix)]
+{- $builddir -}/poly1305-%.S:	{- $sourcedir -}/asm/poly1305-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/openssl-1.1.0h/crypto/poly1305/poly1305.c b/openssl-1.1.0h/crypto/poly1305/poly1305.c
new file mode 100644
index 0000000..eec4d67
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/poly1305.c
@@ -0,0 +1,1037 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "internal/poly1305.h"
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+                                   size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+                                 const unsigned int nonce[4]);
+
+struct poly1305_context {
+    double opaque[24];  /* large enough to hold internal state, declared
+                         * 'double' to ensure at least 64-bit invariant
+                         * alignment across all platforms and
+                         * configurations */
+    unsigned int nonce[4];
+    unsigned char data[POLY1305_BLOCK_SIZE];
+    size_t num;
+    struct {
+        poly1305_blocks_f blocks;
+        poly1305_emit_f emit;
+    } func;
+};
+
+size_t Poly1305_ctx_size ()
+{
+    return sizeof(struct poly1305_context);
+}
+
+/* pick 32-bit unsigned integer in little endian order */
+static unsigned int U8TOU32(const unsigned char *p)
+{
+    return (((unsigned int)(p[0] & 0xff)) |
+            ((unsigned int)(p[1] & 0xff) << 8) |
+            ((unsigned int)(p[2] & 0xff) << 16) |
+            ((unsigned int)(p[3] & 0xff) << 24));
+}
+
+/*
+ * Implementations can be classified by amount of significant bits in
+ * words making up the multi-precision value, or in other words radix
+ * or base of numerical representation, e.g. base 2^64, base 2^32,
+ * base 2^26. Complementary characteristic is how wide is the result of
+ * multiplication of pair of digits, e.g. it would take 128 bits to
+ * accommodate multiplication result in base 2^64 case. These are used
+ * interchangeably. To describe implementation that is. But interface
+ * is designed to isolate this so that low-level primitives implemented
+ * in assembly can be self-contained/self-coherent.
+ */
+#ifndef POLY1305_ASM
+/*
+ * Even though there is __int128 reference implementation targeting
+ * 64-bit platforms provided below, it's not obvious that it's optimal
+ * choice for every one of them. Depending on instruction set overall
+ * amount of instructions can be comparable to one in __int64
+ * implementation. Amount of multiplication instructions would be lower,
+ * but not necessarily overall. And in out-of-order execution context,
+ * it is the latter that can be crucial...
+ *
+ * On related note. Poly1305 author, D. J. Bernstein, discusses and
+ * provides floating-point implementations of the algorithm in question.
+ * It made a lot of sense by the time of introduction, because most
+ * then-modern processors didn't have pipelined integer multiplier.
+ * [Not to mention that some had non-constant timing for integer
+ * multiplications.] Floating-point instructions on the other hand could
+ * be issued every cycle, which allowed to achieve better performance.
+ * Nowadays, with SIMD and/or out-or-order execution, shared or
+ * even emulated FPU, it's more complicated, and floating-point
+ * implementation is not necessarily optimal choice in every situation,
+ * rather contrary...
+ *
+ *                                              <appro@openssl.org>
+ */
+
+typedef unsigned int u32;
+
+/*
+ * poly1305_blocks processes a multiple of POLY1305_BLOCK_SIZE blocks
+ * of |inp| no longer than |len|. Behaviour for |len| not divisible by
+ * block size is unspecified in general case, even though in reference
+ * implementation the trailing chunk is simply ignored. Per algorithm
+ * specification, every input block, complete or last partial, is to be
+ * padded with a bit past most significant byte. The latter kind is then
+ * padded with zeros till block size. This last partial block padding
+ * is caller(*)'s responsibility, and because of this the last partial
+ * block is always processed with separate call with |len| set to
+ * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit|
+ * should be set to 1 to perform implicit padding with 128th bit.
+ * poly1305_blocks does not actually check for this constraint though,
+ * it's caller(*)'s responsibility to comply.
+ *
+ * (*)  In the context "caller" is not application code, but higher
+ *      level Poly1305_* from this very module, so that quirks are
+ *      handled locally.
+ */
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
+
+/*
+ * Type-agnostic "rip-off" from constant_time_locl.h
+ */
+# define CONSTANT_TIME_CARRY(a,b) ( \
+         (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
+         )
+
+# if !defined(PEDANTIC) && \
+     (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
+     (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
+
+typedef unsigned long u64;
+typedef unsigned __int128 u128;
+
+typedef struct {
+    u64 h[3];
+    u64 r[2];
+} poly1305_internal;
+
+/* pick 32-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 32-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    st->r[1] = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+    u64 s1;
+    u64 h0, h1, h2, c;
+    u128 d0, d1;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+
+    s1 = r1 + (r1 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
+        h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
+        /*
+         * padbit can be zero only when original len was
+         * POLY1306_BLOCK_SIZE, but we don't check
+         */
+        h2 += (u64)(d1 >> 64) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) +
+             ((u128)h1 * s1);
+        d1 = ((u128)h0 * r1) +
+             ((u128)h1 * r0) +
+             (h2 * s1);
+        h2 = (h2 * r0);
+
+        /* last reduction step: */
+        /* a) h2:h0 = h2<<128 + d1<<64 + d0 */
+        h0 = (u64)d0;
+        h1 = (u64)(d1 += d0 >> 64);
+        h2 += (u64)(d1 >> 64);
+        /* b) (h2:h0 += (h2:h0>>130) * 5) %= 2^130 */
+        c = (h2 >> 2) + (h2 & ~3UL);
+        h2 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += CONSTANT_TIME_CARRY(h1,c);
+        /*
+         * Occasional overflows to 3rd bit of h2 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
+
+# else
+
+#  if defined(_WIN32) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#  elif defined(__arch64__)
+typedef unsigned long u64;
+#  else
+typedef unsigned long long u64;
+#  endif
+
+typedef struct {
+    u32 h[5];
+    u32 r[4];
+} poly1305_internal;
+
+/* store a 32-bit unsigned integer in little endian */
+static void U32TO8(unsigned char *p, unsigned int v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+    st->h[3] = 0;
+    st->h[4] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU32(&key[0]) & 0x0fffffff;
+    st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc;
+    st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc;
+    st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u32 r0, r1, r2, r3;
+    u32 s1, s2, s3;
+    u32 h0, h1, h2, h3, h4, c;
+    u64 d0, d1, d2, d3;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+    r3 = st->r[3];
+
+    s1 = r1 + (r1 >> 2);
+    s2 = r2 + (r2 >> 2);
+    s3 = r3 + (r3 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u32)(d0 = (u64)h0 + U8TOU32(inp + 0));
+        h1 = (u32)(d1 = (u64)h1 + (d0 >> 32) + U8TOU32(inp + 4));
+        h2 = (u32)(d2 = (u64)h2 + (d1 >> 32) + U8TOU32(inp + 8));
+        h3 = (u32)(d3 = (u64)h3 + (d2 >> 32) + U8TOU32(inp + 12));
+        h4 += (u32)(d3 >> 32) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u64)h0 * r0) +
+             ((u64)h1 * s3) +
+             ((u64)h2 * s2) +
+             ((u64)h3 * s1);
+        d1 = ((u64)h0 * r1) +
+             ((u64)h1 * r0) +
+             ((u64)h2 * s3) +
+             ((u64)h3 * s2) +
+             (h4 * s1);
+        d2 = ((u64)h0 * r2) +
+             ((u64)h1 * r1) +
+             ((u64)h2 * r0) +
+             ((u64)h3 * s3) +
+             (h4 * s2);
+        d3 = ((u64)h0 * r3) +
+             ((u64)h1 * r2) +
+             ((u64)h2 * r1) +
+             ((u64)h3 * r0) +
+             (h4 * s3);
+        h4 = (h4 * r0);
+
+        /* last reduction step: */
+        /* a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0 */
+        h0 = (u32)d0;
+        h1 = (u32)(d1 += d0 >> 32);
+        h2 = (u32)(d2 += d1 >> 32);
+        h3 = (u32)(d3 += d2 >> 32);
+        h4 += (u32)(d3 >> 32);
+        /* b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130 */
+        c = (h4 >> 2) + (h4 & ~3U);
+        h4 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += (c = CONSTANT_TIME_CARRY(h1,c));
+        h3 += (c = CONSTANT_TIME_CARRY(h2,c));
+        h4 += CONSTANT_TIME_CARRY(h3,c);
+        /*
+         * Occasional overflows to 3rd bit of h4 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+    st->h[3] = h3;
+    st->h[4] = h4;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u32 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u32)(t = (u64)h0 + 5);
+    g1 = (u32)(t = (u64)h1 + (t >> 32));
+    g2 = (u32)(t = (u64)h2 + (t >> 32));
+    g3 = (u32)(t = (u64)h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry into 131st bit, h3:h0 = g3:g0 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+    h2 = (h2 & mask) | g2;
+    h3 = (h3 & mask) | g3;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u32)(t = (u64)h0 + nonce[0]);
+    h1 = (u32)(t = (u64)h1 + (t >> 32) + nonce[1]);
+    h2 = (u32)(t = (u64)h2 + (t >> 32) + nonce[2]);
+    h3 = (u32)(t = (u64)h3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, h0);
+    U32TO8(mac + 4, h1);
+    U32TO8(mac + 8, h2);
+    U32TO8(mac + 12, h3);
+}
+# endif
+#else
+int poly1305_init(void *ctx, const unsigned char key[16], void *func);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                   const unsigned int nonce[4]);
+#endif
+
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32])
+{
+    ctx->nonce[0] = U8TOU32(&key[16]);
+    ctx->nonce[1] = U8TOU32(&key[20]);
+    ctx->nonce[2] = U8TOU32(&key[24]);
+    ctx->nonce[3] = U8TOU32(&key[28]);
+
+#ifndef POLY1305_ASM
+    poly1305_init(ctx->opaque, key);
+#else
+    /*
+     * Unlike reference poly1305_init assembly counterpart is expected
+     * to return a value: non-zero if it initializes ctx->func, and zero
+     * otherwise. Latter is to simplify assembly in cases when there no
+     * multiple code paths to switch between.
+     */
+    if (!poly1305_init(ctx->opaque, key, &ctx->func)) {
+        ctx->func.blocks = poly1305_blocks;
+        ctx->func.emit = poly1305_emit;
+    }
+#endif
+
+    ctx->num = 0;
+
+}
+
+#ifdef POLY1305_ASM
+/*
+ * This "eclipses" poly1305_blocks and poly1305_emit, but it's
+ * conscious choice imposed by -Wshadow compiler warnings.
+ */
+# define poly1305_blocks (*poly1305_blocks_p)
+# define poly1305_emit   (*poly1305_emit_p)
+#endif
+
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len)
+{
+#ifdef POLY1305_ASM
+    /*
+     * As documented, poly1305_blocks is never called with input
+     * longer than single block and padbit argument set to 0. This
+     * property is fluently used in assembly modules to optimize
+     * padbit handling on loop boundary.
+     */
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+#endif
+    size_t rem, num;
+
+    if ((num = ctx->num)) {
+        rem = POLY1305_BLOCK_SIZE - num;
+        if (len >= rem) {
+            memcpy(ctx->data + num, inp, rem);
+            poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 1);
+            inp += rem;
+            len -= rem;
+        } else {
+            /* Still not enough data to process a block. */
+            memcpy(ctx->data + num, inp, len);
+            ctx->num = num + len;
+            return;
+        }
+    }
+
+    rem = len % POLY1305_BLOCK_SIZE;
+    len -= rem;
+
+    if (len >= POLY1305_BLOCK_SIZE) {
+        poly1305_blocks(ctx->opaque, inp, len, 1);
+        inp += len;
+    }
+
+    if (rem)
+        memcpy(ctx->data, inp, rem);
+
+    ctx->num = rem;
+}
+
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
+{
+#ifdef POLY1305_ASM
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+    poly1305_emit_f poly1305_emit_p = ctx->func.emit;
+#endif
+    size_t num;
+
+    if ((num = ctx->num)) {
+        ctx->data[num++] = 1;   /* pad bit */
+        while (num < POLY1305_BLOCK_SIZE)
+            ctx->data[num++] = 0;
+        poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    poly1305_emit(ctx->opaque, mac, ctx->nonce);
+
+    /* zero out the state */
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+}
+
+#ifdef SELFTEST
+#include <stdio.h>
+
+struct poly1305_test {
+    const char *inputhex;
+    const char *keyhex;
+    const char *outhex;
+};
+
+static const struct poly1305_test poly1305_tests[] = {
+    /*
+     * RFC7539
+     */
+    {
+     "43727970746f6772617068696320466f72756d2052657365617263682047726f"
+     "7570",
+     "85d6be7857556d337f4452fe42d506a8""0103808afb0db2fd4abff6af4149f51b",
+     "a8061dc1305136c6c22b8baf0c0127a9"
+    },
+    /*
+     * test vectors from "The Poly1305-AES message-authentication code"
+     */
+    {
+     "f3f6",
+     "851fc40c3467ac0be05cc20404f3f700""580b3b0f9447bb1e69d095b5928b6dbc",
+     "f4c633c3044fc145f84f335cb81953de"
+    },
+    {
+     "",
+     "a0f3080000f46400d0c7e9076c834403""dd3fab2251f11ac759f0887129cc2ee7",
+     "dd3fab2251f11ac759f0887129cc2ee7"
+    },
+    {
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
+     "48443d0bb0d21109c89a100b5ce2c208""83149c69b561dd88298a1798b10716ef",
+     "0ee1c16bb73f0f4fd19881753c01cdbe"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "5154ad0d2cb26e01274fc51148491f1b"
+    },
+    /*
+     * self-generated vectors exercise "significant" lengths, such that
+     * are handled by different code paths
+     */
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "812059a5da198637cac7c4a631bee466"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "5b88d7f6228b11e2e28579a5c0c1f761"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "bbb613b2b6d753ba07395b916aaece15"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "c794d7057d1778c4bbee0a39b3d97342"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "ffbcb9b371423152d7fca5ad042fbaa9"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
+     "812059a5da198637cac7c4a631bee466",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "069ed6b8ef0f207b3e243bb1019fe632"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
+     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "cca339d9a45fa2368c2c68b3a4179133"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
+     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761"
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "53f6e828a2f0fe0ee815bf0bd5841a34"
+    },
+    {
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
+     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761"
+     "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
+     "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af"
+     "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef"
+     "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136"
+     "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761",
+     "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
+     "b846d44e9bbd53cedffbfbb6b7fa4933"
+    },
+    /*
+     * 4th power of the key spills to 131th bit in SIMD key setup
+     */
+    {
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+     "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+     "ad628107e8351d0f2c231a05dc4a4106""00000000000000000000000000000000",
+     "07145a4c02fe5fa32036de68fabe9066"
+    },
+    {
+    /*
+     * poly1305_ieee754.c failed this in final stage
+     */
+     "842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614"
+     "d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0"
+     "382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340"
+     "c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8"
+     "e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e6363564"
+     "1d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff4"
+     "4c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccd"
+     "da94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74",
+     "95d5c005503e510d8cd0aa072c4a4d06""6eabc52d11653df47fbf63ab198bcc26",
+     "f248312e578d9d58f8b7bb4d19105431"
+    },
+    /*
+     * AVX2 in poly1305-x86.pl failed this with 176+32 split
+     */
+    {
+    "248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd"
+    "2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e8"
+    "74cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c"
+    "8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936a"
+    "ff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a37"
+    "09894e4eb0a4eedc4ae19468e66b81f2"
+    "71351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb",
+    "000102030405060708090a0b0c0d0e0f""00000000000000000000000000000000",
+    "bc939bc5281480fa99c6d68c258ec42f"
+    },
+    /*
+     * test vectors from Google
+     */
+    {
+     "",
+     "c8afaac331ee372cd6082de134943b17""4710130e9f6fea8d72293850a667d86c",
+     "4710130e9f6fea8d72293850a667d86c",
+    },
+    {
+     "48656c6c6f20776f726c6421",
+     "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035",
+     "a6f745008f81c916a20dcc74eef2b2f0"
+    },
+    {
+     "0000000000000000000000000000000000000000000000000000000000000000",
+     "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035",
+     "49ec78090e481ec6c26b33b91ccc0307"
+    },
+    {
+     "89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a9"
+     "1c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a62033427"
+     "0372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f1"
+     "41300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595",
+     "2d773be37adb1e4d683bf0075e79c4ee""037918535a7f99ccb7040fb5f5f43aea",
+     "c85d15ed44c378d6b00e23064c7bcd51"
+    },
+    {
+     "000000000000000b1703030200000000"
+     "06db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a852"
+     "66a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66"
+     "cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec"
+     "03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435"
+     "cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53"
+     "c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd"
+     "11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b96"
+     "7b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351"
+     "ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076a"
+     "d54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc481088"
+     "6bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a2"
+     "4ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d713"
+     "51bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a471"
+     "16d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c"
+     "6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9"
+     "dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0",
+     "99e5822dd4173c995e3dae0ddefb9774""3fde3b080134b39f76e9bf8d0e88d546",
+     "2637408fe13086ea73f971e3425e2820"
+    },
+    /*
+     * test vectors from Hanno Böck
+     */
+    {
+     "cccccccccccccccccccccccccccccccccccccccccccccccccc80cccccccccccc"
+     "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccecccccc"
+     "ccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccc"
+     "cccccccccce3cccccccccccccccccccccccccccccccccccccccccccccccccccc"
+     "ccccccccaccccccccccccccccccccce6cccccccccc000000afcccccccccccccc"
+     "ccccfffffff50000000000000000000000000000000000000000000000000000"
+     "00ffffffe7000000000000000000000000000000000000000000000000000000"
+     "0000000000000000000000000000000000000000000000000000719205a8521d"
+     "fc",
+     "7f1b0264000000000000000000000000""0000000000000000cccccccccccccccc",
+     "8559b876eceed66eb37798c0457baff9"
+    },
+    {
+     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0000000000"
+     "00000000800264",
+     "e0001600000000000000000000000000""0000aaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+     "00bd1258978e205444c9aaaa82006fed"
+    },
+    {
+     "02fc",
+     "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c""0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+     "06120c0c0c0c0c0c0c0c0c0c0c0c0c0c"
+    },
+    {
+     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b"
+     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b"
+     "7b6e7b001300000000b300000000000000000000000000000000000000000000"
+     "f20000000000000000000000000000000000002000efff000900000000000000"
+     "0000000000100000000009000000640000000000000000000000001300000000"
+     "b300000000000000000000000000000000000000000000f20000000000000000"
+     "000000000000000000002000efff00090000000000000000007a000010000000"
+     "000900000064000000000000000000000000000000000000000000000000fc",
+     "00ff0000000000000000000000000000""00000000001e00000000000000007b7b",
+     "33205bbf9e9f8f7212ab9e2ab9b7e4a5"
+    },
+    {
+     "7777777777777777777777777777777777777777777777777777777777777777"
+     "7777777777777777777777777777777777777777777777777777777777777777"
+     "777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acac"
+     "ec0100acacac2caca2acacacacacacacacacacac64f2",
+     "0000007f0000007f0100002000000000""0000cf77777777777777777777777777",
+     "02ee7c8c546ddeb1a467e4c3981158b9"
+    },
+    /*
+     * test vectors from Andrew Moon
+     */
+    {   /* nacl */
+     "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a"
+     "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738"
+     "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da"
+     "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74"
+     "e355a5",
+     "eea6a7251c1e72916d11c2cb214d3c25""2539121d8e234e652d651fa4c8cff880",
+     "f3ffc7703f9400e52a7dfb4b3d3305d9"
+    },
+    {   /* wrap 2^130-5 */
+     "ffffffffffffffffffffffffffffffff",
+     "02000000000000000000000000000000""00000000000000000000000000000000",
+     "03000000000000000000000000000000"
+    },
+    {   /* wrap 2^128 */
+     "02000000000000000000000000000000",
+     "02000000000000000000000000000000""ffffffffffffffffffffffffffffffff",
+     "03000000000000000000000000000000"
+    },
+    {   /* limb carry */
+     "fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff"
+     "11000000000000000000000000000000",
+     "01000000000000000000000000000000""00000000000000000000000000000000",
+     "05000000000000000000000000000000"
+    },
+    {   /* 2^130-5 */
+     "fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe"
+     "01010101010101010101010101010101",
+     "01000000000000000000000000000000""00000000000000000000000000000000",
+     "00000000000000000000000000000000"
+    },
+    {   /* 2^130-6 */
+     "fdffffffffffffffffffffffffffffff",
+     "02000000000000000000000000000000""00000000000000000000000000000000",
+     "faffffffffffffffffffffffffffffff"
+    },
+    {   /* 5*H+L reduction intermediate */
+     "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000"
+     "0000000000000000000000000000000001000000000000000000000000000000",
+     "01000000000000000400000000000000""00000000000000000000000000000000",
+     "14000000000000005500000000000000"
+    },
+    {   /* 5*H+L reduction final */
+     "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000"
+     "00000000000000000000000000000000",
+     "01000000000000000400000000000000""00000000000000000000000000000000",
+     "13000000000000000000000000000000"
+    }
+};
+
+static unsigned char hex_digit(char h)
+{
+    int i = OPENSSL_hexchar2int(h);
+
+    if (i < 0)
+        abort();
+    return i;
+}
+
+static void hex_decode(unsigned char *out, const char *hex)
+{
+    size_t j = 0;
+
+    while (*hex != 0) {
+        unsigned char v = hex_digit(*hex++);
+        v <<= 4;
+        v |= hex_digit(*hex++);
+        out[j++] = v;
+    }
+}
+
+static void hexdump(unsigned char *a, size_t len)
+{
+    size_t i;
+
+    for (i = 0; i < len; i++)
+        printf("%02x", a[i]);
+}
+
+int main()
+{
+    static const unsigned num_tests =
+        sizeof(poly1305_tests) / sizeof(struct poly1305_test);
+    unsigned i;
+    unsigned char key[32], out[16], expected[16];
+    POLY1305 poly1305;
+
+    for (i = 0; i < num_tests; i++) {
+        const struct poly1305_test *test = &poly1305_tests[i];
+        unsigned char *in;
+        size_t inlen = strlen(test->inputhex);
+
+        if (strlen(test->keyhex) != sizeof(key) * 2 ||
+            strlen(test->outhex) != sizeof(out) * 2 || (inlen & 1) == 1)
+            return 1;
+
+        inlen /= 2;
+
+        hex_decode(key, test->keyhex);
+        hex_decode(expected, test->outhex);
+
+        in = malloc(inlen);
+
+        hex_decode(in, test->inputhex);
+
+        Poly1305_Init(&poly1305, key);
+        Poly1305_Update(&poly1305, in, inlen);
+        Poly1305_Final(&poly1305, out);
+
+        if (memcmp(out, expected, sizeof(expected)) != 0) {
+            printf("Poly1305 test #%d failed.\n", i);
+            printf("got:      ");
+            hexdump(out, sizeof(out));
+            printf("\nexpected: ");
+            hexdump(expected, sizeof(expected));
+            printf("\n");
+            return 1;
+        }
+
+        if (inlen > 16) {
+            Poly1305_Init(&poly1305, key);
+            Poly1305_Update(&poly1305, in, 1);
+            Poly1305_Update(&poly1305, in+1, inlen-1);
+            Poly1305_Final(&poly1305, out);
+
+            if (memcmp(out, expected, sizeof(expected)) != 0) {
+                printf("Poly1305 test #%d/1+(N-1) failed.\n", i);
+                printf("got:      ");
+                hexdump(out, sizeof(out));
+                printf("\nexpected: ");
+                hexdump(expected, sizeof(expected));
+                printf("\n");
+                return 1;
+            }
+        }
+
+        if (inlen > 32) {
+            size_t half = inlen / 2;
+
+            Poly1305_Init(&poly1305, key);
+            Poly1305_Update(&poly1305, in, half);
+            Poly1305_Update(&poly1305, in+half, inlen-half);
+            Poly1305_Final(&poly1305, out);
+
+            if (memcmp(out, expected, sizeof(expected)) != 0) {
+                printf("Poly1305 test #%d/2 failed.\n", i);
+                printf("got:      ");
+                hexdump(out, sizeof(out));
+                printf("\nexpected: ");
+                hexdump(expected, sizeof(expected));
+                printf("\n");
+                return 1;
+            }
+
+            for (half = 16; half < inlen; half += 16) {
+                Poly1305_Init(&poly1305, key);
+                Poly1305_Update(&poly1305, in, half);
+                Poly1305_Update(&poly1305, in+half, inlen-half);
+                Poly1305_Final(&poly1305, out);
+
+                if (memcmp(out, expected, sizeof(expected)) != 0) {
+                    printf("Poly1305 test #%d/%d+%d failed.\n",
+                                           i, half, inlen-half);
+                    printf("got:      ");
+                    hexdump(out, sizeof(out));
+                    printf("\nexpected: ");
+                    hexdump(expected, sizeof(expected));
+                    printf("\n");
+                    return 1;
+                }
+            }
+        }
+
+        free(in);
+    }
+
+    printf("PASS\n");
+
+# ifdef OPENSSL_CPUID_OBJ
+    {
+        unsigned char buf[8192];
+        unsigned long long stopwatch;
+        unsigned long long OPENSSL_rdtsc();
+
+        memset (buf,0x55,sizeof(buf));
+        memset (key,0xAA,sizeof(key));
+
+        Poly1305_Init(&poly1305, key);
+
+        for (i=0;i<100000;i++)
+            Poly1305_Update(&poly1305,buf,sizeof(buf));
+
+        stopwatch = OPENSSL_rdtsc();
+        for (i=0;i<10000;i++)
+            Poly1305_Update(&poly1305,buf,sizeof(buf));
+        stopwatch = OPENSSL_rdtsc() - stopwatch;
+
+        printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
+
+        stopwatch = OPENSSL_rdtsc();
+        for (i=0;i<10000;i++) {
+            Poly1305_Init(&poly1305, key);
+            Poly1305_Update(&poly1305,buf,16);
+            Poly1305_Final(&poly1305,buf);
+        }
+        stopwatch = OPENSSL_rdtsc() - stopwatch;
+
+        printf("%g\n",stopwatch/(double)(i));
+    }
+# endif
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/poly1305/poly1305_ieee754.c b/openssl-1.1.0h/crypto/poly1305/poly1305_ieee754.c
new file mode 100644
index 0000000..08a5b58
--- /dev/null
+++ b/openssl-1.1.0h/crypto/poly1305/poly1305_ieee754.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This module is meant to be used as template for non-x87 floating-
+ * point assembly modules. The template itself is x86_64-specific
+ * though, as it was debugged on x86_64. So that implementor would
+ * have to recognize platform-specific parts, UxTOy and inline asm,
+ * and act accordingly.
+ *
+ * Huh? x86_64-specific code as template for non-x87? Note seven, which
+ * is not a typo, but reference to 80-bit precision. This module on the
+ * other hand relies on 64-bit precision operations, which are default
+ * for x86_64 code. And since we are at it, just for sense of it,
+ * large-block performance in cycles per processed byte for *this* code
+ * is:
+ *			gcc-4.8		icc-15.0	clang-3.4(*)
+ *
+ * Westmere		4.96		5.09		4.37
+ * Sandy Bridge		4.95		4.90		4.17
+ * Haswell		4.92		4.87		3.78
+ * Bulldozer		4.67		4.49		4.68
+ * VIA Nano		7.07		7.05		5.98
+ * Silvermont		10.6		9.61		12.6
+ *
+ * (*)	clang managed to discover parallelism and deployed SIMD;
+ *
+ * And for range of other platforms with unspecified gcc versions:
+ *
+ * Freescale e300	12.5
+ * PPC74x0		10.8
+ * POWER6		4.92
+ * POWER7		4.50
+ * POWER8		4.10
+ *
+ * z10			11.2
+ * z196+		7.30
+ *
+ * UltraSPARC III	16.0
+ * SPARC T4		16.1
+ */
+
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# error "this is gcc-specific template"
+#endif
+
+#include <stdlib.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+typedef unsigned long long u64;
+typedef union { double d; u64 u; } elem64;
+
+#define TWO(p)		((double)(1ULL<<(p)))
+#define TWO0		TWO(0)
+#define TWO32		TWO(32)
+#define TWO64		(TWO32*TWO(32))
+#define TWO96		(TWO64*TWO(32))
+#define TWO130		(TWO96*TWO(34))
+
+#define EXP(p)		((1023ULL+(p))<<52)
+
+#if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__))
+# define U8TOU32(p)	(*(const u32 *)(p))
+# define U32TO8(p,v)	(*(u32 *)(p) = (v))
+#elif defined(__PPC__)
+# define U8TOU32(p)	({u32 ret; asm ("lwbrx	%0,0,%1":"=r"(ret):"b"(p)); ret; })
+# define U32TO8(p,v)	asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory")
+#elif defined(__s390x__)
+# define U8TOU32(p)	({u32 ret; asm ("lrv	%0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; })
+# define U32TO8(p,v)	asm ("strv	%1,%0":"=m"(*(u32 *)(p)):"d"(v))
+#endif
+
+#ifndef U8TOU32
+# define U8TOU32(p)	((u32)(p)[0]     | (u32)(p)[1]<<8 | \
+			 (u32)(p)[2]<<16 | (u32)(p)[3]<<24  )
+#endif
+#ifndef U32TO8
+# define U32TO8(p,v)	((p)[0] = (u8)(v),       (p)[1] = (u8)((v)>>8), \
+			 (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) )
+#endif
+
+typedef struct {
+    elem64 h[4];
+    double r[8];
+    double s[6];
+} poly1305_internal;
+
+/* "round toward zero (truncate), mask all exceptions" */
+#if defined(__x86_64__)
+static const u32 mxcsr = 0x7f80;
+#elif defined(__PPC__)
+static const u64 one = 1;
+#elif defined(__s390x__)
+static const u32 fpc = 1;
+#elif defined(__sparc__)
+static const u64 fsr = 1ULL<<30;
+#else
+#error "unrecognized platform"
+#endif
+
+int poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    elem64 r0, r1, r2, r3;
+
+    /* h = 0, biased */
+#if 0
+    st->h[0].d = TWO(52)*TWO0;
+    st->h[1].d = TWO(52)*TWO32;
+    st->h[2].d = TWO(52)*TWO64;
+    st->h[3].d = TWO(52)*TWO96;
+#else
+    st->h[0].u = EXP(52+0);
+    st->h[1].u = EXP(52+32);
+    st->h[2].u = EXP(52+64);
+    st->h[3].u = EXP(52+96);
+#endif
+
+    if (key) {
+        /*
+         * set "truncate" rounding mode
+         */
+#if defined(__x86_64__)
+        u32 mxcsr_orig;
+
+        asm volatile ("stmxcsr	%0":"=m"(mxcsr_orig));
+        asm volatile ("ldmxcsr	%0"::"m"(mxcsr));
+#elif defined(__PPC__)
+        double fpscr_orig, fpscr = *(double *)&one;
+
+        asm volatile ("mffs	%0":"=f"(fpscr_orig));
+        asm volatile ("mtfsf	255,%0"::"f"(fpscr));
+#elif defined(__s390x__)
+        u32 fpc_orig;
+
+        asm volatile ("stfpc	%0":"=m"(fpc_orig));
+        asm volatile ("lfpc	%0"::"m"(fpc));
+#elif defined(__sparc__)
+        u64 fsr_orig;
+
+        asm volatile ("stx	%%fsr,%0":"=m"(fsr_orig));
+        asm volatile ("ldx	%0,%%fsr"::"m"(fsr));
+#endif
+
+        /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+        r0.u = EXP(52+0)  | (U8TOU32(&key[0])  & 0x0fffffff);
+        r1.u = EXP(52+32) | (U8TOU32(&key[4])  & 0x0ffffffc);
+        r2.u = EXP(52+64) | (U8TOU32(&key[8])  & 0x0ffffffc);
+        r3.u = EXP(52+96) | (U8TOU32(&key[12]) & 0x0ffffffc);
+
+        st->r[0] = r0.d - TWO(52)*TWO0;
+        st->r[2] = r1.d - TWO(52)*TWO32;
+        st->r[4] = r2.d - TWO(52)*TWO64;
+        st->r[6] = r3.d - TWO(52)*TWO96;
+
+        st->s[0] = st->r[2] * (5.0/TWO130);
+        st->s[2] = st->r[4] * (5.0/TWO130);
+        st->s[4] = st->r[6] * (5.0/TWO130);
+
+        /*
+         * base 2^32 -> base 2^16
+         */
+        st->r[1] = (st->r[0] + TWO(52)*TWO(16)*TWO0) -
+                               TWO(52)*TWO(16)*TWO0;
+        st->r[0] -= st->r[1];
+
+        st->r[3] = (st->r[2] + TWO(52)*TWO(16)*TWO32) -
+                               TWO(52)*TWO(16)*TWO32;
+        st->r[2] -= st->r[3];
+
+        st->r[5] = (st->r[4] + TWO(52)*TWO(16)*TWO64) -
+                               TWO(52)*TWO(16)*TWO64;
+        st->r[4] -= st->r[5];
+
+        st->r[7] = (st->r[6] + TWO(52)*TWO(16)*TWO96) -
+                               TWO(52)*TWO(16)*TWO96;
+        st->r[6] -= st->r[7];
+
+        st->s[1] = (st->s[0] + TWO(52)*TWO(16)*TWO0/TWO96) -
+                               TWO(52)*TWO(16)*TWO0/TWO96;
+        st->s[0] -= st->s[1];
+
+        st->s[3] = (st->s[2] + TWO(52)*TWO(16)*TWO32/TWO96) -
+                               TWO(52)*TWO(16)*TWO32/TWO96;
+        st->s[2] -= st->s[3];
+
+        st->s[5] = (st->s[4] + TWO(52)*TWO(16)*TWO64/TWO96) -
+                               TWO(52)*TWO(16)*TWO64/TWO96;
+        st->s[4] -= st->s[5];
+
+        /*
+         * restore original FPU control register
+         */
+#if defined(__x86_64__)
+        asm volatile ("ldmxcsr	%0"::"m"(mxcsr_orig));
+#elif defined(__PPC__)
+        asm volatile ("mtfsf	255,%0"::"f"(fpscr_orig));
+#elif defined(__s390x__)
+        asm volatile ("lfpc	%0"::"m"(fpc_orig));
+#elif defined(__sparc__)
+        asm volatile ("ldx	%0,%%fsr"::"m"(fsr_orig));
+#endif
+    }
+
+    return 0;
+}
+
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     int padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    elem64 in0, in1, in2, in3;
+    u64 pad = (u64)padbit<<32;
+
+    double x0, x1, x2, x3;
+    double h0lo, h0hi, h1lo, h1hi, h2lo, h2hi, h3lo, h3hi;
+    double c0lo, c0hi, c1lo, c1hi, c2lo, c2hi, c3lo, c3hi;
+
+    const double r0lo = st->r[0];
+    const double r0hi = st->r[1];
+    const double r1lo = st->r[2];
+    const double r1hi = st->r[3];
+    const double r2lo = st->r[4];
+    const double r2hi = st->r[5];
+    const double r3lo = st->r[6];
+    const double r3hi = st->r[7];
+
+    const double s1lo = st->s[0];
+    const double s1hi = st->s[1];
+    const double s2lo = st->s[2];
+    const double s2hi = st->s[3];
+    const double s3lo = st->s[4];
+    const double s3hi = st->s[5];
+
+    /*
+     * set "truncate" rounding mode
+     */
+#if defined(__x86_64__)
+    u32 mxcsr_orig;
+
+    asm volatile ("stmxcsr	%0":"=m"(mxcsr_orig));
+    asm volatile ("ldmxcsr	%0"::"m"(mxcsr));
+#elif defined(__PPC__)
+    double fpscr_orig, fpscr = *(double *)&one;
+
+    asm volatile ("mffs		%0":"=f"(fpscr_orig));
+    asm volatile ("mtfsf	255,%0"::"f"(fpscr));
+#elif defined(__s390x__)
+    u32 fpc_orig;
+
+    asm volatile ("stfpc	%0":"=m"(fpc_orig));
+    asm volatile ("lfpc		%0"::"m"(fpc));
+#elif defined(__sparc__)
+    u64 fsr_orig;
+
+    asm volatile ("stx		%%fsr,%0":"=m"(fsr_orig));
+    asm volatile ("ldx		%0,%%fsr"::"m"(fsr));
+#endif
+
+    /*
+     * load base 2^32 and de-bias
+     */
+    h0lo = st->h[0].d - TWO(52)*TWO0;
+    h1lo = st->h[1].d - TWO(52)*TWO32;
+    h2lo = st->h[2].d - TWO(52)*TWO64;
+    h3lo = st->h[3].d - TWO(52)*TWO96;
+
+#ifdef __clang__
+    h0hi = 0;
+    h1hi = 0;
+    h2hi = 0;
+    h3hi = 0;
+#else
+    in0.u = EXP(52+0)  | U8TOU32(&inp[0]);
+    in1.u = EXP(52+32) | U8TOU32(&inp[4]);
+    in2.u = EXP(52+64) | U8TOU32(&inp[8]);
+    in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad;
+
+    x0 = in0.d - TWO(52)*TWO0;
+    x1 = in1.d - TWO(52)*TWO32;
+    x2 = in2.d - TWO(52)*TWO64;
+    x3 = in3.d - TWO(52)*TWO96;
+
+    x0 += h0lo;
+    x1 += h1lo;
+    x2 += h2lo;
+    x3 += h3lo;
+
+    goto fast_entry;
+#endif
+
+    do {
+        in0.u = EXP(52+0)  | U8TOU32(&inp[0]);
+        in1.u = EXP(52+32) | U8TOU32(&inp[4]);
+        in2.u = EXP(52+64) | U8TOU32(&inp[8]);
+        in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad;
+
+        x0 = in0.d - TWO(52)*TWO0;
+        x1 = in1.d - TWO(52)*TWO32;
+        x2 = in2.d - TWO(52)*TWO64;
+        x3 = in3.d - TWO(52)*TWO96;
+
+        /*
+         * note that there are multiple ways to accumulate input, e.g.
+         * one can as well accumulate to h0lo-h1lo-h1hi-h2hi...
+         */
+        h0lo += x0;
+        h0hi += x1;
+        h2lo += x2;
+        h2hi += x3;
+
+        /*
+         * carries that cross 32n-bit (and 130-bit) boundaries
+         */
+        c0lo = (h0lo + TWO(52)*TWO32)  - TWO(52)*TWO32;
+        c1lo = (h1lo + TWO(52)*TWO64)  - TWO(52)*TWO64;
+        c2lo = (h2lo + TWO(52)*TWO96)  - TWO(52)*TWO96;
+        c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+        c0hi = (h0hi + TWO(52)*TWO32)  - TWO(52)*TWO32;
+        c1hi = (h1hi + TWO(52)*TWO64)  - TWO(52)*TWO64;
+        c2hi = (h2hi + TWO(52)*TWO96)  - TWO(52)*TWO96;
+        c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+        /*
+         * base 2^48 -> base 2^32 with last reduction step
+         */
+        x1 =  (h1lo - c1lo) + c0lo;
+        x2 =  (h2lo - c2lo) + c1lo;
+        x3 =  (h3lo - c3lo) + c2lo;
+        x0 =  (h0lo - c0lo) + c3lo * (5.0/TWO130);
+
+        x1 += (h1hi - c1hi) + c0hi;
+        x2 += (h2hi - c2hi) + c1hi;
+        x3 += (h3hi - c3hi) + c2hi;
+        x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130);
+
+#ifndef __clang__
+    fast_entry:
+#endif
+	/*
+	 * base 2^32 * base 2^16 = base 2^48
+	 */
+        h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0;
+        h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0;
+        h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0;
+        h3lo = r2lo * x1 + r1lo * x2 + r0lo * x3 + r3lo * x0;
+
+        h0hi = s3hi * x1 + s2hi * x2 + s1hi * x3 + r0hi * x0;
+        h1hi = r0hi * x1 + s3hi * x2 + s2hi * x3 + r1hi * x0;
+        h2hi = r1hi * x1 + r0hi * x2 + s3hi * x3 + r2hi * x0;
+        h3hi = r2hi * x1 + r1hi * x2 + r0hi * x3 + r3hi * x0;
+
+        inp += 16;
+        len -= 16;
+
+    } while (len >= 16);
+
+    /*
+     * carries that cross 32n-bit (and 130-bit) boundaries
+     */
+    c0lo = (h0lo + TWO(52)*TWO32)  - TWO(52)*TWO32;
+    c1lo = (h1lo + TWO(52)*TWO64)  - TWO(52)*TWO64;
+    c2lo = (h2lo + TWO(52)*TWO96)  - TWO(52)*TWO96;
+    c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+    c0hi = (h0hi + TWO(52)*TWO32)  - TWO(52)*TWO32;
+    c1hi = (h1hi + TWO(52)*TWO64)  - TWO(52)*TWO64;
+    c2hi = (h2hi + TWO(52)*TWO96)  - TWO(52)*TWO96;
+    c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130;
+
+    /*
+     * base 2^48 -> base 2^32 with last reduction step
+     */
+    x1 =  (h1lo - c1lo) + c0lo;
+    x2 =  (h2lo - c2lo) + c1lo;
+    x3 =  (h3lo - c3lo) + c2lo;
+    x0 =  (h0lo - c0lo) + c3lo * (5.0/TWO130);
+
+    x1 += (h1hi - c1hi) + c0hi;
+    x2 += (h2hi - c2hi) + c1hi;
+    x3 += (h3hi - c3hi) + c2hi;
+    x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130);
+
+    /*
+     * store base 2^32, with bias
+     */
+    st->h[1].d = x1 + TWO(52)*TWO32;
+    st->h[2].d = x2 + TWO(52)*TWO64;
+    st->h[3].d = x3 + TWO(52)*TWO96;
+    st->h[0].d = x0 + TWO(52)*TWO0;
+
+    /*
+     * restore original FPU control register
+     */
+#if defined(__x86_64__)
+    asm volatile ("ldmxcsr	%0"::"m"(mxcsr_orig));
+#elif defined(__PPC__)
+    asm volatile ("mtfsf	255,%0"::"f"(fpscr_orig));
+#elif defined(__s390x__)
+    asm volatile ("lfpc		%0"::"m"(fpc_orig));
+#elif defined(__sparc__)
+    asm volatile ("ldx		%0,%%fsr"::"m"(fsr_orig));
+#endif
+}
+
+void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    /*
+     * thanks to bias masking exponent gives integer result
+     */
+    h0 = st->h[0].u & 0x000fffffffffffffULL;
+    h1 = st->h[1].u & 0x000fffffffffffffULL;
+    h2 = st->h[2].u & 0x000fffffffffffffULL;
+    h3 = st->h[3].u & 0x000fffffffffffffULL;
+
+    /*
+     * can be partially reduced, so reduce...
+     */
+    h4 = h3>>32; h3 &= 0xffffffffU;
+    g4 = h4&-4;
+    h4 &= 3;
+    g4 += g4>>2;
+
+    h0 += g4;
+    h1 += h0>>32; h0 &= 0xffffffffU;
+    h2 += h1>>32; h1 &= 0xffffffffU;
+    h3 += h2>>32; h2 &= 0xffffffffU;
+
+    /* compute h + -p */
+    g0 = (u32)(t = h0 + 5);
+    g1 = (u32)(t = h1 + (t >> 32));
+    g2 = (u32)(t = h2 + (t >> 32));
+    g3 = (u32)(t = h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry, select g0-g3 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    g0 |= (h0 & mask);
+    g1 |= (h1 & mask);
+    g2 |= (h2 & mask);
+    g3 |= (h3 & mask);
+
+    /* mac = (h + nonce) % (2^128) */
+    g0 = (u32)(t = (u64)g0 + nonce[0]);
+    g1 = (u32)(t = (u64)g1 + (t >> 32) + nonce[1]);
+    g2 = (u32)(t = (u64)g2 + (t >> 32) + nonce[2]);
+    g3 = (u32)(t = (u64)g3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, g0);
+    U32TO8(mac + 4, g1);
+    U32TO8(mac + 8, g2);
+    U32TO8(mac + 12, g3);
+}
diff --git a/openssl-1.1.0h/crypto/ppc_arch.h b/openssl-1.1.0h/crypto/ppc_arch.h
new file mode 100644
index 0000000..65cf96f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ppc_arch.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PPC_ARCH_H
+# define HEADER_PPC_ARCH_H
+
+extern unsigned int OPENSSL_ppccap_P;
+
+/*
+ * Flags' usage can appear ambiguous, because they are set rather
+ * to reflect OpenSSL performance preferences than actual processor
+ * capabilities.
+ */
+# define PPC_FPU64       (1<<0)
+# define PPC_ALTIVEC     (1<<1)
+# define PPC_CRYPTO207   (1<<2)
+# define PPC_FPU         (1<<3)
+# define PPC_MADD300     (1<<4)
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ppccap.c b/openssl-1.1.0h/crypto/ppccap.c
new file mode 100644
index 0000000..3baf9f7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ppccap.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <unistd.h>
+#if defined(__linux) || defined(_AIX)
+# include <sys/utsname.h>
+#endif
+#if defined(_AIX53)     /* defined even on post-5.3 */
+# include <sys/systemcfg.h>
+# if !defined(__power_set)
+#  define __power_set(a) (_system_configuration.implementation & (a))
+# endif
+#endif
+#if defined(__APPLE__) && defined(__MACH__)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+#endif
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+#include "ppc_arch.h"
+
+unsigned int OPENSSL_ppccap_P = 0;
+
+static sigset_t all_masked;
+
+#ifdef OPENSSL_BN_ASM_MONT
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap,
+                          const BN_ULONG *bp, const BN_ULONG *np,
+                          const BN_ULONG *n0, int num);
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+    if (sizeof(size_t) == 4) {
+# if 1 || (defined(__APPLE__) && defined(__MACH__))
+        if (num >= 8 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64))
+            return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
+# else
+        /*
+         * boundary of 32 was experimentally determined on Linux 2.6.22,
+         * might have to be adjusted on AIX...
+         */
+        if (num >= 32 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64)) {
+            sigset_t oset;
+            int ret;
+
+            sigprocmask(SIG_SETMASK, &all_masked, &oset);
+            ret = bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
+            sigprocmask(SIG_SETMASK, &oset, NULL);
+
+            return ret;
+        }
+# endif
+    } else if ((OPENSSL_ppccap_P & PPC_FPU64))
+        /*
+         * this is a "must" on POWER6, but run-time detection is not
+         * implemented yet...
+         */
+        return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num);
+
+    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+}
+#endif
+
+void sha256_block_p8(void *ctx, const void *inp, size_t len);
+void sha256_block_ppc(void *ctx, const void *inp, size_t len);
+void sha256_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) :
+        sha256_block_ppc(ctx, inp, len);
+}
+
+void sha512_block_p8(void *ctx, const void *inp, size_t len);
+void sha512_block_ppc(void *ctx, const void *inp, size_t len);
+void sha512_block_data_order(void *ctx, const void *inp, size_t len)
+{
+    OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) :
+        sha512_block_ppc(ctx, inp, len);
+}
+
+#ifndef OPENSSL_NO_CHACHA
+void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
+                        size_t len, const unsigned int key[8],
+                        const unsigned int counter[4]);
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4])
+{
+    OPENSSL_ppccap_P & PPC_ALTIVEC
+        ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
+        : ChaCha20_ctr32_int(out, inp, len, key, counter);
+}
+#endif
+
+#ifndef OPENSSL_NO_POLY1305
+void poly1305_init_int(void *ctx, const unsigned char key[16]);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+void poly1305_init_fpu(void *ctx, const unsigned char key[16]);
+void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len,
+                         unsigned int padbit);
+void poly1305_emit_fpu(void *ctx, unsigned char mac[16],
+                       const unsigned int nonce[4]);
+int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
+{
+    if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
+        poly1305_init_fpu(ctx, key);
+        func[0] = poly1305_blocks_fpu;
+        func[1] = poly1305_emit_fpu;
+    } else {
+        poly1305_init_int(ctx, key);
+        func[0] = poly1305_blocks;
+        func[1] = poly1305_emit;
+    }
+    return 1;
+}
+#endif
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+void OPENSSL_fpu_probe(void);
+void OPENSSL_ppc64_probe(void);
+void OPENSSL_altivec_probe(void);
+void OPENSSL_crypto207_probe(void);
+void OPENSSL_madd300_probe(void);
+
+/*
+ * Use a weak reference to getauxval() so we can use it if it is available
+ * but don't break the build if it is not. Note that this is *link-time*
+ * feature detection, not *run-time*. In other words if we link with
+ * symbol present, it's expected to be present even at run-time.
+ */
+#if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
+extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
+#else
+static unsigned long (*getauxval) (unsigned long) = NULL;
+#endif
+
+/* I wish <sys/auxv.h> was universally available */
+#define HWCAP                   16      /* AT_HWCAP */
+#define HWCAP_PPC64             (1U << 30)
+#define HWCAP_ALTIVEC           (1U << 28)
+#define HWCAP_FPU               (1U << 27)
+#define HWCAP_POWER6_EXT        (1U << 9)
+#define HWCAP_VSX               (1U << 7)
+
+#define HWCAP2                  26      /* AT_HWCAP2 */
+#define HWCAP_VEC_CRYPTO        (1U << 25)
+#define HWCAP_ARCH_3_00         (1U << 23)
+
+# if defined(__GNUC__) && __GNUC__>=2
+__attribute__ ((constructor))
+# endif
+void OPENSSL_cpuid_setup(void)
+{
+    char *e;
+    struct sigaction ill_oact, ill_act;
+    sigset_t oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_ppccap"))) {
+        OPENSSL_ppccap_P = strtoul(e, NULL, 0);
+        return;
+    }
+
+    OPENSSL_ppccap_P = 0;
+
+#if defined(_AIX)
+    OPENSSL_ppccap_P |= PPC_FPU;
+
+    if (sizeof(size_t) == 4) {
+        struct utsname uts;
+# if defined(_SC_AIX_KERNEL_BITMODE)
+        if (sysconf(_SC_AIX_KERNEL_BITMODE) != 64)
+            return;
+# endif
+        if (uname(&uts) != 0 || atoi(uts.version) < 6)
+            return;
+    }
+
+# if defined(__power_set)
+    /*
+     * Value used in __power_set is a single-bit 1<<n one denoting
+     * specific processor class. Incidentally 0xffffffff<<n can be
+     * used to denote specific processor and its successors.
+     */
+    if (sizeof(size_t) == 4) {
+        /* In 32-bit case PPC_FPU64 is always fastest [if option] */
+        if (__power_set(0xffffffffU<<13))       /* POWER5 and later */
+            OPENSSL_ppccap_P |= PPC_FPU64;
+    } else {
+        /* In 64-bit case PPC_FPU64 is fastest only on POWER6 */
+        if (__power_set(0x1U<<14))              /* POWER6 */
+            OPENSSL_ppccap_P |= PPC_FPU64;
+    }
+
+    if (__power_set(0xffffffffU<<14))           /* POWER6 and later */
+        OPENSSL_ppccap_P |= PPC_ALTIVEC;
+
+    if (__power_set(0xffffffffU<<16))           /* POWER8 and later */
+        OPENSSL_ppccap_P |= PPC_CRYPTO207;
+
+    if (__power_set(0xffffffffU<<17))           /* POWER9 and later */
+        OPENSSL_ppccap_P |= PPC_MADD300;
+
+    return;
+# endif
+#endif
+
+#if defined(__APPLE__) && defined(__MACH__)
+    OPENSSL_ppccap_P |= PPC_FPU;
+
+    {
+        int val;
+        size_t len = sizeof(val);
+
+        if (sysctlbyname("hw.optional.64bitops", &val, &len, NULL, 0) == 0) {
+            if (val)
+                OPENSSL_ppccap_P |= PPC_FPU64;
+        }
+
+        len = sizeof(val);
+        if (sysctlbyname("hw.optional.altivec", &val, &len, NULL, 0) == 0) {
+            if (val)
+                OPENSSL_ppccap_P |= PPC_ALTIVEC;
+        }
+
+        return;
+    }
+#endif
+
+    if (getauxval != NULL) {
+        unsigned long hwcap = getauxval(HWCAP);
+
+        if (hwcap & HWCAP_FPU) {
+            OPENSSL_ppccap_P |= PPC_FPU;
+
+            if (sizeof(size_t) == 4) {
+                /* In 32-bit case PPC_FPU64 is always fastest [if option] */
+                if (hwcap & HWCAP_PPC64)
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+            } else {
+                /* In 64-bit case PPC_FPU64 is fastest only on POWER6 */
+                if (hwcap & HWCAP_POWER6_EXT)
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+            }
+        }
+
+        if (hwcap & HWCAP_ALTIVEC) {
+            OPENSSL_ppccap_P |= PPC_ALTIVEC;
+
+            if ((hwcap & HWCAP_VSX) && (getauxval(HWCAP2) & HWCAP_VEC_CRYPTO))
+                OPENSSL_ppccap_P |= PPC_CRYPTO207;
+        }
+
+        if (hwcap & HWCAP_ARCH_3_00) {
+            OPENSSL_ppccap_P |= PPC_MADD300;
+        }
+
+        return;
+    }
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+#ifdef SIGEMT
+    sigdelset(&all_masked, SIGEMT);
+#endif
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    ill_act.sa_mask = all_masked;
+
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &ill_oact);
+
+    if (sigsetjmp(ill_jmp,1) == 0) {
+        OPENSSL_fpu_probe();
+        OPENSSL_ppccap_P |= PPC_FPU;
+
+        if (sizeof(size_t) == 4) {
+#ifdef __linux
+            struct utsname uts;
+            if (uname(&uts) == 0 && strcmp(uts.machine, "ppc64") == 0)
+#endif
+                if (sigsetjmp(ill_jmp, 1) == 0) {
+                    OPENSSL_ppc64_probe();
+                    OPENSSL_ppccap_P |= PPC_FPU64;
+                }
+        } else {
+            /*
+             * Wanted code detecting POWER6 CPU and setting PPC_FPU64
+             */
+        }
+    }
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_altivec_probe();
+        OPENSSL_ppccap_P |= PPC_ALTIVEC;
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            OPENSSL_crypto207_probe();
+            OPENSSL_ppccap_P |= PPC_CRYPTO207;
+        }
+    }
+
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        OPENSSL_madd300_probe();
+        OPENSSL_ppccap_P |= PPC_MADD300;
+    }
+
+    sigaction(SIGILL, &ill_oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
diff --git a/openssl-1.1.0h/crypto/ppccpuid.pl b/openssl-1.1.0h/crypto/ppccpuid.pl
new file mode 100755
index 0000000..9d1cada
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ppccpuid.pl
@@ -0,0 +1,301 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+if ($flavour=~/64/) {
+    $CMPLI="cmpldi";
+    $SHRLI="srdi";
+    $SIGNX="extsw";
+} else {
+    $CMPLI="cmplwi";
+    $SHRLI="srwi";
+    $SIGNX="mr";
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	.OPENSSL_fpu_probe
+.align	4
+.OPENSSL_fpu_probe:
+	fmr	f0,f0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_fpu_probe,.-.OPENSSL_fpu_probe
+.globl	.OPENSSL_ppc64_probe
+.align	4
+.OPENSSL_ppc64_probe:
+	fcfid	f1,f1
+	extrdi	r0,r0,32,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_ppc64_probe,.-.OPENSSL_ppc64_probe
+
+.globl	.OPENSSL_altivec_probe
+.align	4
+.OPENSSL_altivec_probe:
+	.long	0x10000484	# vor	v0,v0,v0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_altivec_probe,.-..OPENSSL_altivec_probe
+
+.globl	.OPENSSL_crypto207_probe
+.align	4
+.OPENSSL_crypto207_probe:
+	lvx_u	v0,0,r1
+	vcipher	v0,v0,v0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_crypto207_probe,.-.OPENSSL_crypto207_probe
+
+.globl	.OPENSSL_madd300_probe
+.align	4
+.OPENSSL_madd300_probe:
+	xor	r0,r0,r0
+	maddld	r3,r0,r0,r0
+	maddhdu	r3,r0,r0,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+
+.globl	.OPENSSL_wipe_cpu
+.align	4
+.OPENSSL_wipe_cpu:
+	xor	r0,r0,r0
+	fmr	f0,f31
+	fmr	f1,f31
+	fmr	f2,f31
+	mr	r3,r1
+	fmr	f3,f31
+	xor	r4,r4,r4
+	fmr	f4,f31
+	xor	r5,r5,r5
+	fmr	f5,f31
+	xor	r6,r6,r6
+	fmr	f6,f31
+	xor	r7,r7,r7
+	fmr	f7,f31
+	xor	r8,r8,r8
+	fmr	f8,f31
+	xor	r9,r9,r9
+	fmr	f9,f31
+	xor	r10,r10,r10
+	fmr	f10,f31
+	xor	r11,r11,r11
+	fmr	f11,f31
+	xor	r12,r12,r12
+	fmr	f12,f31
+	fmr	f13,f31
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_wipe_cpu,.-.OPENSSL_wipe_cpu
+
+.globl	.OPENSSL_atomic_add
+.align	4
+.OPENSSL_atomic_add:
+Ladd:	lwarx	r5,0,r3
+	add	r0,r4,r5
+	stwcx.	r0,0,r3
+	bne-	Ladd
+	$SIGNX	r3,r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_atomic_add,.-.OPENSSL_atomic_add
+
+.globl	.OPENSSL_rdtsc
+.align	4
+.OPENSSL_rdtsc:
+___
+$code.=<<___	if ($flavour =~ /64/);
+	mftb	r3
+___
+$code.=<<___	if ($flavour !~ /64/);
+Loop_rdtsc:
+	mftbu	r5
+	mftb	r3
+	mftbu	r4
+	cmplw	r4,r5
+	bne	Loop_rdtsc
+___
+$code.=<<___;
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.OPENSSL_rdtsc,.-.OPENSSL_rdtsc
+
+.globl	.OPENSSL_cleanse
+.align	4
+.OPENSSL_cleanse:
+	$CMPLI	r4,7
+	li	r0,0
+	bge	Lot
+	$CMPLI	r4,0
+	beqlr-
+Little:	mtctr	r4
+	stb	r0,0(r3)
+	addi	r3,r3,1
+	bdnz	\$-8
+	blr
+Lot:	andi.	r5,r3,3
+	beq	Laligned
+	stb	r0,0(r3)
+	subi	r4,r4,1
+	addi	r3,r3,1
+	b	Lot
+Laligned:
+	$SHRLI	r5,r4,2
+	mtctr	r5
+	stw	r0,0(r3)
+	addi	r3,r3,4
+	bdnz	\$-8
+	andi.	r4,r4,3
+	bne	Little
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_cleanse,.-.OPENSSL_cleanse
+
+globl	.CRYPTO_memcmp
+.align	4
+.CRYPTO_memcmp:
+	$CMPLI	r5,0
+	li	r0,0
+	beq	Lno_data
+	mtctr	r5
+Loop_cmp:
+	lbz	r6,0(r3)
+	addi	r3,r3,1
+	lbz	r7,0(r4)
+	addi	r4,r4,1
+	xor	r6,r6,r7
+	or	r0,r0,r6
+	bdnz	Loop_cmp
+
+Lno_data:
+	li	r3,0
+	sub	r3,r3,r0
+	extrwi	r3,r3,1,0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.CRYPTO_memcmp,.-.CRYPTO_memcmp
+___
+{
+my ($out,$cnt,$max)=("r3","r4","r5");
+my ($tick,$lasttick)=("r6","r7");
+my ($diff,$lastdiff)=("r8","r9");
+
+$code.=<<___;
+.globl	.OPENSSL_instrument_bus
+.align	4
+.OPENSSL_instrument_bus:
+	mtctr	$cnt
+
+	mftb	$lasttick		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+Loop:	mftb	$tick
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+	addi	$out,$out,4		# ++$out
+	bdnz	Loop
+
+	mr	r3,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,2,0
+	.long	0
+.size	.OPENSSL_instrument_bus,.-.OPENSSL_instrument_bus
+
+.globl	.OPENSSL_instrument_bus2
+.align	4
+.OPENSSL_instrument_bus2:
+	mr	r0,$cnt
+	slwi	$cnt,$cnt,2
+
+	mftb	$lasttick		# collect 1st tick
+	li	$diff,0
+
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	mftb	$tick			# collect 1st diff
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	mr	$lastdiff,$diff
+Loop2:
+	dcbf	0,$out			# flush cache line
+	lwarx	$tick,0,$out		# load and lock
+	add	$tick,$tick,$diff
+	stwcx.	$tick,0,$out
+	stwx	$tick,0,$out
+
+	addic.	$max,$max,-1
+	beq	Ldone2
+
+	mftb	$tick
+	sub	$diff,$tick,$lasttick
+	mr	$lasttick,$tick
+	cmplw	7,$diff,$lastdiff
+	mr	$lastdiff,$diff
+
+	mfcr	$tick			# pull cr
+	not	$tick,$tick		# flip bits
+	rlwinm	$tick,$tick,1,29,29	# isolate flipped eq bit and scale
+
+	sub.	$cnt,$cnt,$tick		# conditional --$cnt
+	add	$out,$out,$tick		# conditional ++$out
+	bne	Loop2
+
+Ldone2:
+	srwi	$cnt,$cnt,2
+	sub	r3,r0,$cnt
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,3,0
+	.long	0
+.size	.OPENSSL_instrument_bus2,.-.OPENSSL_instrument_bus2
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rand/build.info b/openssl-1.1.0h/crypto/rand/build.info
new file mode 100644
index 0000000..3ad50e2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/build.info
@@ -0,0 +1,4 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_vms.c
diff --git a/openssl-1.1.0h/crypto/rand/md_rand.c b/openssl-1.1.0h/crypto/rand/md_rand.c
new file mode 100644
index 0000000..7d5fcb7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/md_rand.c
@@ -0,0 +1,667 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS))
+# include <sys/time.h>
+#endif
+#if defined(OPENSSL_SYS_VXWORKS)
+# include <time.h>
+#endif
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/async.h>
+#include "rand_lcl.h"
+
+#include <openssl/err.h>
+
+#include <internal/thread_once.h>
+
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
+
+/* #define PREDICT      1 */
+
+#define STATE_SIZE      1023
+static size_t state_num = 0, state_index = 0;
+static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static long md_count[2] = { 0, 0 };
+
+static double entropy = 0;
+static int initialized = 0;
+
+static CRYPTO_RWLOCK *rand_lock = NULL;
+static CRYPTO_RWLOCK *rand_tmp_lock = NULL;
+static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+/* May be set only when a thread holds rand_lock (to prevent double locking) */
+static unsigned int crypto_lock_rand = 0;
+/* access to locking_threadid is synchronized by rand_tmp_lock */
+/* valid iff crypto_lock_rand is set */
+static CRYPTO_THREAD_ID locking_threadid;
+
+#ifdef PREDICT
+int rand_predictable = 0;
+#endif
+
+static int rand_hw_seed(EVP_MD_CTX *ctx);
+
+static void rand_cleanup(void);
+static int rand_seed(const void *buf, int num);
+static int rand_add(const void *buf, int num, double add_entropy);
+static int rand_bytes(unsigned char *buf, int num, int pseudo);
+static int rand_nopseudo_bytes(unsigned char *buf, int num);
+#if OPENSSL_API_COMPAT < 0x10100000L
+static int rand_pseudo_bytes(unsigned char *buf, int num);
+#endif
+static int rand_status(void);
+
+static RAND_METHOD rand_meth = {
+    rand_seed,
+    rand_nopseudo_bytes,
+    rand_cleanup,
+    rand_add,
+#if OPENSSL_API_COMPAT < 0x10100000L
+    rand_pseudo_bytes,
+#else
+    NULL,
+#endif
+    rand_status
+};
+
+DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
+{
+    OPENSSL_init_crypto(0, NULL);
+    rand_lock = CRYPTO_THREAD_lock_new();
+    rand_tmp_lock = CRYPTO_THREAD_lock_new();
+    return rand_lock != NULL && rand_tmp_lock != NULL;
+}
+
+RAND_METHOD *RAND_OpenSSL(void)
+{
+    return (&rand_meth);
+}
+
+static void rand_cleanup(void)
+{
+    OPENSSL_cleanse(state, sizeof(state));
+    state_num = 0;
+    state_index = 0;
+    OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
+    md_count[0] = 0;
+    md_count[1] = 0;
+    entropy = 0;
+    initialized = 0;
+    CRYPTO_THREAD_lock_free(rand_lock);
+    CRYPTO_THREAD_lock_free(rand_tmp_lock);
+}
+
+static int rand_add(const void *buf, int num, double add)
+{
+    int i, j, k, st_idx;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX *m;
+    int do_not_lock;
+    int rv = 0;
+
+    if (!num)
+        return 1;
+
+    /*
+     * (Based on the rand(3) manpage)
+     *
+     * The input is chopped up into units of 20 bytes (or less for
+     * the last block).  Each of these blocks is run through the hash
+     * function as follows:  The data passed to the hash function
+     * is the current 'md', the same number of bytes from the 'state'
+     * (the location determined by in incremented looping index) as
+     * the current 'block', the new key data 'block', and 'count'
+     * (which is incremented after each use).
+     * The result of this is kept in 'md' and also xored into the
+     * 'state' at the same locations that were used as input into the
+     * hash function.
+     */
+
+    m = EVP_MD_CTX_new();
+    if (m == NULL)
+        goto err;
+
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        goto err;
+
+    /* check if we already have the lock */
+    if (crypto_lock_rand) {
+        CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+        CRYPTO_THREAD_read_lock(rand_tmp_lock);
+        do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
+        CRYPTO_THREAD_unlock(rand_tmp_lock);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock)
+        CRYPTO_THREAD_write_lock(rand_lock);
+    st_idx = state_index;
+
+    /*
+     * use our own copies of the counters so that even if a concurrent thread
+     * seeds with exactly the same data and uses the same subarray there's
+     * _some_ difference
+     */
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+
+    memcpy(local_md, md, sizeof(md));
+
+    /* state_index <= state_num <= STATE_SIZE */
+    state_index += num;
+    if (state_index >= STATE_SIZE) {
+        state_index %= STATE_SIZE;
+        state_num = STATE_SIZE;
+    } else if (state_num < STATE_SIZE) {
+        if (state_index > state_num)
+            state_num = state_index;
+    }
+    /* state_index <= state_num <= STATE_SIZE */
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
+     * will use now, but other threads may use them as well
+     */
+
+    md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+    if (!do_not_lock)
+        CRYPTO_THREAD_unlock(rand_lock);
+
+    for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
+        j = (num - i);
+        j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
+
+        if (!MD_Init(m))
+            goto err;
+        if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
+            goto err;
+        k = (st_idx + j) - STATE_SIZE;
+        if (k > 0) {
+            if (!MD_Update(m, &(state[st_idx]), j - k))
+                goto err;
+            if (!MD_Update(m, &(state[0]), k))
+                goto err;
+        } else if (!MD_Update(m, &(state[st_idx]), j))
+            goto err;
+
+        /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+        if (!MD_Update(m, buf, j))
+            goto err;
+        /*
+         * We know that line may cause programs such as purify and valgrind
+         * to complain about use of uninitialized data.  The problem is not,
+         * it's with the caller.  Removing that line will make sure you get
+         * really bad randomness and thereby other problems such as very
+         * insecure keys.
+         */
+
+        if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
+            goto err;
+        if (!MD_Final(m, local_md))
+            goto err;
+        md_c[1]++;
+
+        buf = (const char *)buf + j;
+
+        for (k = 0; k < j; k++) {
+            /*
+             * Parallel threads may interfere with this, but always each byte
+             * of the new state is the XOR of some previous value of its and
+             * local_md (intermediate values may be lost). Alway using locking
+             * could hurt performance more than necessary given that
+             * conflicts occur only when the total seeding is longer than the
+             * random state.
+             */
+            state[st_idx++] ^= local_md[k];
+            if (st_idx >= STATE_SIZE)
+                st_idx = 0;
+        }
+    }
+
+    if (!do_not_lock)
+        CRYPTO_THREAD_write_lock(rand_lock);
+    /*
+     * Don't just copy back local_md into md -- this could mean that other
+     * thread's seeding remains without effect (except for the incremented
+     * counter).  By XORing it we keep at least as much entropy as fits into
+     * md.
+     */
+    for (k = 0; k < (int)sizeof(md); k++) {
+        md[k] ^= local_md[k];
+    }
+    if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+        entropy += add;
+    if (!do_not_lock)
+        CRYPTO_THREAD_unlock(rand_lock);
+
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(m);
+    return rv;
+}
+
+static int rand_seed(const void *buf, int num)
+{
+    return rand_add(buf, num, (double)num);
+}
+
+static int rand_bytes(unsigned char *buf, int num, int pseudo)
+{
+    static volatile int stirred_pool = 0;
+    int i, j, k;
+    size_t num_ceil, st_idx, st_num;
+    int ok;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX *m;
+#ifndef GETPID_IS_MEANINGLESS
+    pid_t curr_pid = getpid();
+#endif
+    time_t curr_time = time(NULL);
+    int do_stir_pool = 0;
+/* time value for various platforms */
+#ifdef OPENSSL_SYS_WIN32
+    FILETIME tv;
+# ifdef _WIN32_WCE
+    SYSTEMTIME t;
+    GetSystemTime(&t);
+    SystemTimeToFileTime(&t, &tv);
+# else
+    GetSystemTimeAsFileTime(&tv);
+# endif
+#elif defined(OPENSSL_SYS_VXWORKS)
+    struct timespec tv;
+    clock_gettime(CLOCK_REALTIME, &ts);
+#elif defined(OPENSSL_SYS_DSPBIOS)
+    unsigned long long tv, OPENSSL_rdtsc();
+    tv = OPENSSL_rdtsc();
+#else
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+#endif
+
+#ifdef PREDICT
+    if (rand_predictable) {
+        static unsigned char val = 0;
+
+        for (i = 0; i < num; i++)
+            buf[i] = val++;
+        return (1);
+    }
+#endif
+
+    if (num <= 0)
+        return 1;
+
+    m = EVP_MD_CTX_new();
+    if (m == NULL)
+        goto err_mem;
+
+    /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+    num_ceil =
+        (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
+
+    /*
+     * (Based on the rand(3) manpage:)
+     *
+     * For each group of 10 bytes (or less), we do the following:
+     *
+     * Input into the hash function the local 'md' (which is initialized from
+     * the global 'md' before any bytes are generated), the bytes that are to
+     * be overwritten by the random bytes, and bytes from the 'state'
+     * (incrementing looping index). From this digest output (which is kept
+     * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+     * bottom 10 bytes are xored into the 'state'.
+     *
+     * Finally, after we have finished 'num' random bytes for the
+     * caller, 'count' (which is incremented) and the local and global 'md'
+     * are fed into the hash function and the results are kept in the
+     * global 'md'.
+     */
+
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        goto err_mem;
+
+    CRYPTO_THREAD_write_lock(rand_lock);
+    /*
+     * We could end up in an async engine while holding this lock so ensure
+     * we don't pause and cause a deadlock
+     */
+    ASYNC_block_pause();
+
+    /* prevent rand_bytes() from trying to obtain the lock again */
+    CRYPTO_THREAD_write_lock(rand_tmp_lock);
+    locking_threadid = CRYPTO_THREAD_get_current_id();
+    CRYPTO_THREAD_unlock(rand_tmp_lock);
+    crypto_lock_rand = 1;
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    if (!stirred_pool)
+        do_stir_pool = 1;
+
+    ok = (entropy >= ENTROPY_NEEDED);
+    if (!ok) {
+        /*
+         * If the PRNG state is not yet unpredictable, then seeing the PRNG
+         * output may help attackers to determine the new state; thus we have
+         * to decrease the entropy estimate. Once we've had enough initial
+         * seeding we don't bother to adjust the entropy count, though,
+         * because we're not ambitious to provide *information-theoretic*
+         * randomness. NOTE: This approach fails if the program forks before
+         * we have enough entropy. Entropy should be collected in a separate
+         * input pool and be transferred to the output pool only when the
+         * entropy limit has been reached.
+         */
+        entropy -= num;
+        if (entropy < 0)
+            entropy = 0;
+    }
+
+    if (do_stir_pool) {
+        /*
+         * In the output function only half of 'md' remains secret, so we
+         * better make sure that the required entropy gets 'evenly
+         * distributed' through 'state', our randomness pool. The input
+         * function (rand_add) chains all of 'md', which makes it more
+         * suitable for this purpose.
+         */
+
+        int n = STATE_SIZE;     /* so that the complete pool gets accessed */
+        while (n > 0) {
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
+#endif
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+            /*
+             * Note that the seed does not matter, it's just that
+             * rand_add expects to have something to hash.
+             */
+            rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+            n -= MD_DIGEST_LENGTH;
+        }
+        if (ok)
+            stirred_pool = 1;
+    }
+
+    st_idx = state_index;
+    st_num = state_num;
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+    memcpy(local_md, md, sizeof(md));
+
+    state_index += num_ceil;
+    if (state_index > state_num)
+        state_index %= state_num;
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
+     * ours (but other threads may use them too)
+     */
+
+    md_count[0] += 1;
+
+    /* before unlocking, we must clear 'crypto_lock_rand' */
+    crypto_lock_rand = 0;
+    ASYNC_unblock_pause();
+    CRYPTO_THREAD_unlock(rand_lock);
+
+    while (num > 0) {
+        /* num_ceil -= MD_DIGEST_LENGTH/2 */
+        j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
+        num -= j;
+        if (!MD_Init(m))
+            goto err;
+#ifndef GETPID_IS_MEANINGLESS
+        if (curr_pid) {         /* just in the first iteration to save time */
+            if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof(curr_pid)))
+                goto err;
+            curr_pid = 0;
+        }
+#endif
+        if (curr_time) {        /* just in the first iteration to save time */
+            if (!MD_Update(m, (unsigned char *)&curr_time, sizeof(curr_time)))
+                goto err;
+            if (!MD_Update(m, (unsigned char *)&tv, sizeof(tv)))
+                goto err;
+            curr_time = 0;
+            if (!rand_hw_seed(m))
+                goto err;
+        }
+        if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
+            goto err;
+        if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
+            goto err;
+
+        k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
+        if (k > 0) {
+            if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
+                goto err;
+            if (!MD_Update(m, &(state[0]), k))
+                goto err;
+        } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
+            goto err;
+        if (!MD_Final(m, local_md))
+            goto err;
+
+        for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
+            /* may compete with other threads */
+            state[st_idx++] ^= local_md[i];
+            if (st_idx >= st_num)
+                st_idx = 0;
+            if (i < j)
+                *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
+        }
+    }
+
+    if (!MD_Init(m)
+        || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))
+        || !MD_Update(m, local_md, MD_DIGEST_LENGTH))
+        goto err;
+    CRYPTO_THREAD_write_lock(rand_lock);
+    /*
+     * Prevent deadlocks if we end up in an async engine
+     */
+    ASYNC_block_pause();
+    if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) {
+        ASYNC_unblock_pause();
+        CRYPTO_THREAD_unlock(rand_lock);
+        goto err;
+    }
+    ASYNC_unblock_pause();
+    CRYPTO_THREAD_unlock(rand_lock);
+
+    EVP_MD_CTX_free(m);
+    if (ok)
+        return (1);
+    else if (pseudo)
+        return 0;
+    else {
+        RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
+        ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                           "https://www.openssl.org/docs/faq.html");
+        return (0);
+    }
+ err:
+    RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
+    EVP_MD_CTX_free(m);
+    return 0;
+ err_mem:
+    RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
+    EVP_MD_CTX_free(m);
+    return 0;
+
+}
+
+static int rand_nopseudo_bytes(unsigned char *buf, int num)
+{
+    return rand_bytes(buf, num, 0);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * pseudo-random bytes that are guaranteed to be unique but not unpredictable
+ */
+static int rand_pseudo_bytes(unsigned char *buf, int num)
+{
+    return rand_bytes(buf, num, 1);
+}
+#endif
+
+static int rand_status(void)
+{
+    CRYPTO_THREAD_ID cur;
+    int ret;
+    int do_not_lock;
+
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        return 0;
+
+    cur = CRYPTO_THREAD_get_current_id();
+    /*
+     * check if we already have the lock (could happen if a RAND_poll()
+     * implementation calls RAND_status())
+     */
+    if (crypto_lock_rand) {
+        CRYPTO_THREAD_read_lock(rand_tmp_lock);
+        do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);
+        CRYPTO_THREAD_unlock(rand_tmp_lock);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock) {
+        CRYPTO_THREAD_write_lock(rand_lock);
+        /*
+         * Prevent deadlocks in case we end up in an async engine
+         */
+        ASYNC_block_pause();
+
+        /*
+         * prevent rand_bytes() from trying to obtain the lock again
+         */
+        CRYPTO_THREAD_write_lock(rand_tmp_lock);
+        locking_threadid = cur;
+        CRYPTO_THREAD_unlock(rand_tmp_lock);
+        crypto_lock_rand = 1;
+    }
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    ret = entropy >= ENTROPY_NEEDED;
+
+    if (!do_not_lock) {
+        /* before unlocking, we must clear 'crypto_lock_rand' */
+        crypto_lock_rand = 0;
+
+        ASYNC_unblock_pause();
+        CRYPTO_THREAD_unlock(rand_lock);
+    }
+
+    return ret;
+}
+
+/*
+ * rand_hw_seed: get seed data from any available hardware RNG. only
+ * currently supports rdrand.
+ */
+
+/* Adapted from eng_rdrand.c */
+
+#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \
+     && !defined(OPENSSL_NO_RDRAND)
+
+# define RDRAND_CALLS    4
+
+size_t OPENSSL_ia32_rdrand(void);
+extern unsigned int OPENSSL_ia32cap_P[];
+
+static int rand_hw_seed(EVP_MD_CTX *ctx)
+{
+    int i;
+    if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
+        return 1;
+    for (i = 0; i < RDRAND_CALLS; i++) {
+        size_t rnd;
+        rnd = OPENSSL_ia32_rdrand();
+        if (rnd == 0)
+            return 1;
+        if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
+            return 0;
+    }
+    return 1;
+}
+
+/* XOR an existing buffer with random data */
+
+void rand_hw_xor(unsigned char *buf, size_t num)
+{
+    size_t rnd;
+    if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
+        return;
+    while (num >= sizeof(size_t)) {
+        rnd = OPENSSL_ia32_rdrand();
+        if (rnd == 0)
+            return;
+        *((size_t *)buf) ^= rnd;
+        buf += sizeof(size_t);
+        num -= sizeof(size_t);
+    }
+    if (num) {
+        rnd = OPENSSL_ia32_rdrand();
+        if (rnd == 0)
+            return;
+        while (num) {
+            *buf ^= rnd & 0xff;
+            rnd >>= 8;
+            buf++;
+            num--;
+        }
+    }
+}
+
+#else
+
+static int rand_hw_seed(EVP_MD_CTX *ctx)
+{
+    return 1;
+}
+
+void rand_hw_xor(unsigned char *buf, size_t num)
+{
+    return;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/rand_egd.c b/openssl-1.1.0h/crypto/rand/rand_egd.c
new file mode 100644
index 0000000..50963b8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_egd.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EGD
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+# include <openssl/rand.h>
+
+/*-
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ *   will actually query "bytes" bytes of entropy form the egd-socket located
+ *   at path and will write them to buf (if supplied) or will directly feed
+ *   it to RAND_seed() if buf==NULL.
+ *   The number of bytes is not limited by the maximum chunk size of EGD,
+ *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ *   of entropy bytes are requested. The connection is left open until the
+ *   query is competed.
+ *   RAND_query_egd_bytes() returns with
+ *     -1  if an error occurred during connection or communication.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *   This routine does not touch any RAND_status(). This is necessary, since
+ *   PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ *   used to seed the PRNG.
+ *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ *   seed status so that the return value can reflect the seed state:
+ *     -1  if an error occurred during connection or communication _or_
+ *         if the PRNG has still not received the required seeding.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed
+ *   the PRNG.
+ *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    return (-1);
+}
+
+int RAND_egd(const char *path)
+{
+    return (-1);
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    return (-1);
+}
+# else
+#  include <openssl/opensslconf.h>
+#  include OPENSSL_UNISTD
+#  include <stddef.h>
+#  include <sys/types.h>
+#  include <sys/socket.h>
+#  ifndef NO_SYS_UN_H
+#   ifdef OPENSSL_SYS_VXWORKS
+#    include <streams/un.h>
+#   else
+#    include <sys/un.h>
+#   endif
+#  else
+struct sockaddr_un {
+    short sun_family;           /* AF_UNIX */
+    char sun_path[108];         /* path name (gag) */
+};
+#  endif                         /* NO_SYS_UN_H */
+#  include <string.h>
+#  include <errno.h>
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    int ret = 0;
+    struct sockaddr_un addr;
+    int len, num, numbytes;
+    int fd = -1;
+    int success;
+    unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    if (strlen(path) >= sizeof(addr.sun_path))
+        return (-1);
+    OPENSSL_strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
+    len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == -1)
+        return (-1);
+    success = 0;
+    while (!success) {
+        if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+            success = 1;
+        else {
+            switch (errno) {
+#  ifdef EINTR
+            case EINTR:
+#  endif
+#  ifdef EAGAIN
+            case EAGAIN:
+#  endif
+#  ifdef EINPROGRESS
+            case EINPROGRESS:
+#  endif
+#  ifdef EALREADY
+            case EALREADY:
+#  endif
+                /* No error, try again */
+                break;
+#  ifdef EISCONN
+            case EISCONN:
+                success = 1;
+                break;
+#  endif
+            default:
+                ret = -1;
+                goto err;       /* failure */
+            }
+        }
+    }
+
+    while (bytes > 0) {
+        egdbuf[0] = 1;
+        egdbuf[1] = bytes < 255 ? bytes : 255;
+        numbytes = 0;
+        while (numbytes != 2) {
+            num = write(fd, egdbuf + numbytes, 2 - numbytes);
+            if (num >= 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+#  ifdef EINTR
+                case EINTR:
+#  endif
+#  ifdef EAGAIN
+                case EAGAIN:
+#  endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        numbytes = 0;
+        while (numbytes != 1) {
+            num = read(fd, egdbuf, 1);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+#  ifdef EINTR
+                case EINTR:
+#  endif
+#  ifdef EAGAIN
+                case EAGAIN:
+#  endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        if (egdbuf[0] == 0)
+            goto err;
+        if (buf)
+            retrievebuf = buf + ret;
+        else
+            retrievebuf = tempbuf;
+        numbytes = 0;
+        while (numbytes != egdbuf[0]) {
+            num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+#  ifdef EINTR
+                case EINTR:
+#  endif
+#  ifdef EAGAIN
+                case EAGAIN:
+#  endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        ret += egdbuf[0];
+        bytes -= egdbuf[0];
+        if (!buf)
+            RAND_seed(tempbuf, egdbuf[0]);
+    }
+ err:
+    if (fd != -1)
+        close(fd);
+    return (ret);
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    int num, ret = -1;
+
+    num = RAND_query_egd_bytes(path, NULL, bytes);
+    if (num < 0)
+        goto err;
+    if (RAND_status() == 1)
+        ret = num;
+ err:
+    return (ret);
+}
+
+int RAND_egd(const char *path)
+{
+    return (RAND_egd_bytes(path, 255));
+}
+
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/rand_err.c b/openssl-1.1.0h/crypto/rand/rand_err.c
new file mode 100644
index 0000000..5543126
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_err.c
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+
+static ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RAND_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, RAND_str_functs);
+        ERR_load_strings(0, RAND_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/rand/rand_lcl.h b/openssl-1.1.0h/crypto/rand/rand_lcl.h
new file mode 100644
index 0000000..d98c90e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_lcl.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_LCL_H
+# define HEADER_RAND_LCL_H
+
+# define ENTROPY_NEEDED 32      /* require 256 bits = 32 bytes of randomness */
+
+# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#  define USE_SHA1_RAND
+# endif
+
+# include <openssl/evp.h>
+# define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
+# define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
+# if defined(USE_MD5_RAND)
+#  include <openssl/md5.h>
+#  define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+# elif defined(USE_SHA1_RAND)
+#  include <openssl/sha.h>
+#  define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+# elif defined(USE_MDC2_RAND)
+#  include <openssl/mdc2.h>
+#  define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+# elif defined(USE_MD2_RAND)
+#  include <openssl/md2.h>
+#  define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+# endif
+
+void rand_hw_xor(unsigned char *buf, size_t num);
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/rand_lib.c b/openssl-1.1.0h/crypto/rand/rand_lib.c
new file mode 100644
index 0000000..62770d4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_lib.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
+#include "internal/rand.h"
+#include <openssl/engine.h>
+#include "internal/thread_once.h"
+
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref = NULL;
+static CRYPTO_RWLOCK *rand_engine_lock = NULL;
+#endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+static CRYPTO_RWLOCK *rand_meth_lock = NULL;
+static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
+{
+    int ret = 1;
+#ifndef OPENSSL_NO_ENGINE
+    rand_engine_lock = CRYPTO_THREAD_lock_new();
+    ret &= rand_engine_lock != NULL;
+#endif
+    rand_meth_lock = CRYPTO_THREAD_lock_new();
+    ret &= rand_meth_lock != NULL;
+    return ret;
+}
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(funct_ref);
+    funct_ref = NULL;
+#endif
+    default_RAND_meth = meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return 1;
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        return NULL;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+    if (!default_RAND_meth) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e = ENGINE_get_default_RAND();
+        if (e) {
+            default_RAND_meth = ENGINE_get_RAND(e);
+            if (default_RAND_meth == NULL) {
+                ENGINE_finish(e);
+                e = NULL;
+            }
+        }
+        if (e)
+            funct_ref = e;
+        else
+#endif
+            default_RAND_meth = RAND_OpenSSL();
+    }
+    tmp_meth = default_RAND_meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return tmp_meth;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
+        return 0;
+
+    if (engine) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (tmp_meth == NULL) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    CRYPTO_THREAD_write_lock(rand_engine_lock);
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    CRYPTO_THREAD_unlock(rand_engine_lock);
+    return 1;
+}
+#endif
+
+void rand_cleanup_int(void)
+{
+    const RAND_METHOD *meth = default_RAND_meth;
+    if (meth && meth->cleanup)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+#endif
+}
+
+void RAND_seed(const void *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->seed)
+        meth->seed(buf, num);
+}
+
+void RAND_add(const void *buf, int num, double entropy)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->add)
+        meth->add(buf, num, entropy);
+}
+
+int RAND_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->bytes)
+        return meth->bytes(buf, num);
+    return (-1);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->pseudorand)
+        return meth->pseudorand(buf, num);
+    return (-1);
+}
+#endif
+
+int RAND_status(void)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->status)
+        return meth->status();
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/rand/rand_unix.c b/openssl-1.1.0h/crypto/rand/rand_unix.c
new file mode 100644
index 0000000..7a5a948
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_unix.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI))
+
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/times.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <time.h>
+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+                                 * everywhere */
+#  include <poll.h>
+# endif
+# include <limits.h>
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE (8*sizeof(fd_set))
+# endif
+
+# if defined(OPENSSL_SYS_VOS)
+
+/*
+ * The following algorithm repeatedly samples the real-time clock (RTC) to
+ * generate a sequence of unpredictable data.  The algorithm relies upon the
+ * uneven execution speed of the code (due to factors such as cache misses,
+ * interrupts, bus activity, and scheduling) and upon the rather large
+ * relative difference between the speed of the clock and the rate at which
+ * it can be read.
+ *
+ * If this code is ported to an environment where execution speed is more
+ * constant or where the RTC ticks at a much slower rate, or the clock can be
+ * read with fewer instructions, it is likely that the results would be far
+ * more predictable.
+ *
+ * As a precaution, we generate 4 times the minimum required amount of seed
+ * data.
+ */
+
+int RAND_poll(void)
+{
+    short int code;
+    gid_t curr_gid;
+    pid_t curr_pid;
+    uid_t curr_uid;
+    int i, k;
+    struct timespec ts;
+    unsigned char v;
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+    long duration;
+    extern void s$sleep(long *_duration, short int *_code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+    long long duration;
+    extern void s$sleep2(long long *_duration, short int *_code);
+#   else
+#    error "Unsupported Platform."
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+    /*
+     * Seed with the gid, pid, and uid, to ensure *some* variation between
+     * different processes.
+     */
+
+    curr_gid = getgid();
+    RAND_add(&curr_gid, sizeof(curr_gid), 1);
+    curr_gid = 0;
+
+    curr_pid = getpid();
+    RAND_add(&curr_pid, sizeof(curr_pid), 1);
+    curr_pid = 0;
+
+    curr_uid = getuid();
+    RAND_add(&curr_uid, sizeof(curr_uid), 1);
+    curr_uid = 0;
+
+    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
+        /*
+         * burn some cpu; hope for interrupts, cache collisions, bus
+         * interference, etc.
+         */
+        for (k = 0; k < 99; k++)
+            ts.tv_nsec = random();
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+        /* sleep for 1/1024 of a second (976 us).  */
+        duration = 1;
+        s$sleep(&duration, &code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+        /* sleep for 1/65536 of a second (15 us).  */
+        duration = 1;
+        s$sleep2(&duration, &code);
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+        /* get wall clock time.  */
+        clock_gettime(CLOCK_REALTIME, &ts);
+
+        /* take 8 bits */
+        v = (unsigned char)(ts.tv_nsec % 256);
+        RAND_add(&v, sizeof(v), 1);
+        v = 0;
+    }
+    return 1;
+}
+# elif defined __OpenBSD__
+int RAND_poll(void)
+{
+    u_int32_t rnd = 0, i;
+    unsigned char buf[ENTROPY_NEEDED];
+
+    for (i = 0; i < sizeof(buf); i++) {
+        if (i % 4 == 0)
+            rnd = arc4random();
+        buf[i] = rnd;
+        rnd >>= 8;
+    }
+    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+    OPENSSL_cleanse(buf, sizeof(buf));
+
+    return 1;
+}
+# else                          /* !defined(__OpenBSD__) */
+int RAND_poll(void)
+{
+    unsigned long l;
+    pid_t curr_pid = getpid();
+#  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
+    unsigned char tmpbuf[ENTROPY_NEEDED];
+    int n = 0;
+#  endif
+#  ifdef DEVRANDOM
+    static const char *randomfiles[] = { DEVRANDOM };
+    struct stat randomstats[OSSL_NELEM(randomfiles)];
+    int fd;
+    unsigned int i;
+#  endif
+#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
+    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+    const char **egdsocket = NULL;
+#  endif
+
+#  ifdef DEVRANDOM
+    memset(randomstats, 0, sizeof(randomstats));
+    /*
+     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
+     * this. Use /dev/urandom if you can as /dev/random may block if it runs
+     * out of random entries.
+     */
+
+    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
+        if ((fd = open(randomfiles[i], O_RDONLY
+#   ifdef O_NONBLOCK
+                       | O_NONBLOCK
+#   endif
+#   ifdef O_BINARY
+                       | O_BINARY
+#   endif
+#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
+                                 * not make it our controlling tty */
+                       | O_NOCTTY
+#   endif
+             )) >= 0) {
+            int usec = 10 * 1000; /* spend 10ms on each file */
+            int r;
+            unsigned int j;
+            struct stat *st = &randomstats[i];
+
+            /*
+             * Avoid using same input... Used to be O_NOFOLLOW above, but
+             * it's not universally appropriate...
+             */
+            if (fstat(fd, st) != 0) {
+                close(fd);
+                continue;
+            }
+            for (j = 0; j < i; j++) {
+                if (randomstats[j].st_ino == st->st_ino &&
+                    randomstats[j].st_dev == st->st_dev)
+                    break;
+            }
+            if (j < i) {
+                close(fd);
+                continue;
+            }
+
+            do {
+                int try_read = 0;
+
+#   if defined(OPENSSL_SYS_LINUX)
+                /* use poll() */
+                struct pollfd pset;
+
+                pset.fd = fd;
+                pset.events = POLLIN;
+                pset.revents = 0;
+
+                if (poll(&pset, 1, usec / 1000) < 0)
+                    usec = 0;
+                else
+                    try_read = (pset.revents & POLLIN) != 0;
+
+#   else
+                /* use select() */
+                fd_set fset;
+                struct timeval t;
+
+                t.tv_sec = 0;
+                t.tv_usec = usec;
+
+                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
+                    /*
+                     * can't use select, so just try to read once anyway
+                     */
+                    try_read = 1;
+                } else {
+                    FD_ZERO(&fset);
+                    FD_SET(fd, &fset);
+
+                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
+                        usec = t.tv_usec;
+                        if (FD_ISSET(fd, &fset))
+                            try_read = 1;
+                    } else
+                        usec = 0;
+                }
+#   endif
+
+                if (try_read) {
+                    r = read(fd, (unsigned char *)tmpbuf + n,
+                             ENTROPY_NEEDED - n);
+                    if (r > 0)
+                        n += r;
+                } else
+                    r = -1;
+
+                /*
+                 * Some Unixen will update t in select(), some won't.  For
+                 * those who won't, or if we didn't use select() in the first
+                 * place, give up here, otherwise, we will do this once again
+                 * for the remaining time.
+                 */
+                if (usec == 10 * 1000)
+                    usec = 0;
+            }
+            while ((r > 0 ||
+                    (errno == EINTR || errno == EAGAIN)) && usec != 0
+                   && n < ENTROPY_NEEDED);
+
+            close(fd);
+        }
+    }
+#  endif                        /* defined(DEVRANDOM) */
+
+#  if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)
+    /*
+     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+     * collecting daemon.
+     */
+
+    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+         egdsocket++) {
+        int r;
+
+        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
+                                 ENTROPY_NEEDED - n);
+        if (r > 0)
+            n += r;
+    }
+#  endif                        /* defined(DEVRANDOM_EGD) */
+
+#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
+    if (n > 0) {
+        RAND_add(tmpbuf, sizeof(tmpbuf), (double)n);
+        OPENSSL_cleanse(tmpbuf, n);
+    }
+#  endif
+
+    /* put in some default random data, we need more than just this */
+    l = curr_pid;
+    RAND_add(&l, sizeof(l), 0.0);
+    l = getuid();
+    RAND_add(&l, sizeof(l), 0.0);
+
+    l = time(NULL);
+    RAND_add(&l, sizeof(l), 0.0);
+
+#  if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD))
+    return 1;
+#  else
+    return 0;
+#  endif
+}
+
+# endif                         /* defined(__OpenBSD__) */
+#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
+                                 * defined(OPENSSL_SYS_WIN32) ||
+                                 * defined(OPENSSL_SYS_VMS) ||
+                                 * defined(OPENSSL_SYS_VXWORKS) */
+
+#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/rand_vms.c b/openssl-1.1.0h/crypto/rand/rand_vms.c
new file mode 100644
index 0000000..9c462dd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_vms.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Modified by VMS Software, Inc (2016)
+ *    Eliminate looping through all processes (performance)
+ *    Add additional randomizations using rand() function
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+# include <descrip.h>
+# include <jpidef.h>
+# include <ssdef.h>
+# include <starlet.h>
+# include <efndef>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+
+/*
+ * Use 32-bit pointers almost everywhere.  Define the type to which to cast a
+ * pointer passed to an external function.
+ */
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_T __void_ptr64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_T void *
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+static struct items_data_st {
+    short length, code;         /* length is number of bytes */
+} items_data[] = {
+    {4, JPI$_BUFIO},
+    {4, JPI$_CPUTIM},
+    {4, JPI$_DIRIO},
+    {4, JPI$_IMAGECOUNT},
+    {8, JPI$_LAST_LOGIN_I},
+    {8, JPI$_LOGINTIM},
+    {4, JPI$_PAGEFLTS},
+    {4, JPI$_PID},
+    {4, JPI$_PPGCNT},
+    {4, JPI$_WSPEAK},
+    {4, JPI$_FINALEXC},
+    {0, 0}                      /* zero terminated */
+};
+
+int RAND_poll(void)
+{
+
+    /* determine the number of items in the JPI array */
+
+    struct items_data_st item_entry;
+    int item_entry_count = sizeof(items_data)/sizeof(item_entry);
+
+    /* Create the JPI itemlist array to hold item_data content */
+
+    struct {
+        short length, code;
+        int *buffer;
+        int *retlen;
+    } item[item_entry_count], *pitem; /* number of entries in items_data */
+
+    struct items_data_st *pitems_data;
+    int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */
+    int iosb[2];
+    int sys_time[2];
+    int *ptr;
+    int i, j ;
+    int tmp_length   = 0;
+    int total_length = 0;
+
+    pitems_data = items_data;
+    pitem = item;
+
+
+    /* Setup itemlist for GETJPI */
+    while (pitems_data->length) {
+        pitem->length = pitems_data->length;
+        pitem->code   = pitems_data->code;
+        pitem->buffer = &data_buffer[total_length];
+        pitem->retlen = 0;
+        /* total_length is in longwords */
+        total_length += pitems_data->length/4;
+        pitems_data++;
+        pitem ++;
+    }
+    pitem->length = pitem->code = 0;
+
+    /* Fill data_buffer with various info bits from this process */
+    /* and twist that data to seed the SSL random number init    */
+
+    if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) {
+        for (i = 0; i < total_length; i++) {
+            sys$gettim((struct _generic_64 *)&sys_time[0]);
+            srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i);
+
+            if (i == (total_length - 1)) { /* for JPI$_FINALEXC */
+                ptr = &data_buffer[i];
+                for (j = 0; j < 4; j++) {
+                    data_buffer[i + j] = ptr[j];
+                    /* OK to use rand() just to scramble the seed */
+                    data_buffer[i + j] ^= (sys_time[0] ^ rand());
+                    tmp_length++;
+                }
+            } else {
+                /* OK to use rand() just to scramble the seed */
+                data_buffer[i] ^= (sys_time[0] ^ rand());
+            }
+        }
+
+        total_length += (tmp_length - 1);
+
+        /* size of seed is total_length*4 bytes (64bytes) */
+        RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2);
+    } else {
+        return 0;
+    }
+
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/rand_win.c b/openssl-1.1.0h/crypto/rand/rand_win.c
new file mode 100644
index 0000000..1be0ed3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/rand_win.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+#  define RAND_WINDOWS_USE_BCRYPT
+# endif
+
+# ifdef RAND_WINDOWS_USE_BCRYPT
+#  include <bcrypt.h>
+#  pragma comment(lib, "bcrypt.lib")
+#  ifndef STATUS_SUCCESS
+#   define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#  endif
+# else
+#  include <wincrypt.h>
+/*
+ * Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
+
+static void readtimer(void);
+
+int RAND_poll(void)
+{
+    MEMORYSTATUS mst;
+# ifndef RAND_WINDOWS_USE_BCRYPT
+    HCRYPTPROV hProvider;
+# endif
+    DWORD w;
+    BYTE buf[64];
+
+# ifdef RAND_WINDOWS_USE_BCRYPT
+    if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
+        RAND_add(buf, sizeof(buf), sizeof(buf));
+    }
+# else
+    /* poll the CryptoAPI PRNG */
+    /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+    if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
+            RAND_add(buf, sizeof(buf), sizeof(buf));
+        }
+        CryptReleaseContext(hProvider, 0);
+    }
+
+    /* poll the Pentium PRG with CryptoAPI */
+    if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
+            RAND_add(buf, sizeof(buf), sizeof(buf));
+        }
+        CryptReleaseContext(hProvider, 0);
+    }
+# endif
+
+    /* timer data */
+    readtimer();
+
+    /* memory usage statistics */
+    GlobalMemoryStatus(&mst);
+    RAND_add(&mst, sizeof(mst), 1);
+
+    /* process ID */
+    w = GetCurrentProcessId();
+    RAND_add(&w, sizeof(w), 1);
+
+    return (1);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+{
+    RAND_poll();
+    return RAND_status();
+}
+
+void RAND_screen(void)
+{
+    RAND_poll();
+}
+#endif
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+    DWORD w;
+    LARGE_INTEGER l;
+    static int have_perfc = 1;
+# if defined(_MSC_VER) && defined(_M_X86)
+    static int have_tsc = 1;
+    DWORD cyclecount;
+
+    if (have_tsc) {
+        __try {
+            __asm {
+            _emit 0x0f _emit 0x31 mov cyclecount, eax}
+            RAND_add(&cyclecount, sizeof(cyclecount), 1);
+        }
+        __except(EXCEPTION_EXECUTE_HANDLER) {
+            have_tsc = 0;
+        }
+    }
+# else
+#  define have_tsc 0
+# endif
+
+    if (have_perfc) {
+        if (QueryPerformanceCounter(&l) == 0)
+            have_perfc = 0;
+        else
+            RAND_add(&l, sizeof(l), 0);
+    }
+
+    if (!have_tsc && !have_perfc) {
+        w = GetTickCount();
+        RAND_add(&w, sizeof(w), 0);
+    }
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rand/randfile.c b/openssl-1.1.0h/crypto/rand/randfile.c
new file mode 100644
index 0000000..dbd03ff
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rand/randfile.c
@@ -0,0 +1,364 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+/*
+ * Following should not be needed, and we could have been stricter
+ * and demand S_IS*. But some systems just don't comply... Formally
+ * below macros are "anatomically incorrect", because normally they
+ * would look like ((m) & MASK == TYPE), but since MASK availability
+ * is as questionable, we settle for this poor-man fallback...
+ */
+# if !defined(S_ISBLK)
+#  if defined(_S_IFBLK)
+#   define S_ISBLK(m) ((m) & _S_IFBLK)
+#  elif defined(S_IFBLK)
+#   define S_ISBLK(m) ((m) & S_IFBLK)
+#  elif defined(_WIN32)
+#   define S_ISBLK(m) 0 /* no concept of block devices on Windows */
+#  endif
+# endif
+# if !defined(S_ISCHR)
+#  if defined(_S_IFCHR)
+#   define S_ISCHR(m) ((m) & _S_IFCHR)
+#  elif defined(S_IFCHR)
+#   define S_ISCHR(m) ((m) & S_IFCHR)
+#  endif
+# endif
+#endif
+
+#ifdef _WIN32
+# define stat    _stat
+# define chmod   _chmod
+# define open    _open
+# define fdopen  _fdopen
+# define fstat   _fstat
+# define fileno  _fileno
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE 1024
+#define RAND_DATA 1024
+
+#ifdef OPENSSL_SYS_VMS
+/*
+ * Misc hacks needed for specific cases.
+ *
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
+ * to make sure the FILE* is a 32-bit pointer no matter what.  We know that
+ * stdio function return this type (a study of stdio.h proves it).
+ * Additionally, we create a similar char pointer type for the sake of
+ * vms_setbuf below.
+ */
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+typedef char *char_ptr32;
+#  pragma pointer_size restore
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * Since we know that the FILE* really is a 32-bit pointer expanded to
+ * 64 bits, we also know it's safe to convert it back to a 32-bit pointer.
+ * As for the buffer parameter, we only use NULL here, so that passes as
+ * well...
+ */
+#  define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf))
+# endif
+
+/*
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by /STANDARD=ANSI89
+ */
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+      (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+
+# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
+#endif
+
+#define RFILE ".rnd"
+
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c
+ */
+
+int RAND_load_file(const char *file, long bytes)
+{
+    /*-
+     * If bytes >= 0, read up to 'bytes' bytes.
+     * if bytes == -1, read complete file.
+     */
+
+    unsigned char buf[BUFSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+#endif
+    int i, ret = 0, n;
+    FILE *in = NULL;
+
+    if (file == NULL)
+        return 0;
+
+    if (bytes == 0)
+        return ret;
+
+    in = openssl_fopen(file, "rb");
+    if (in == NULL)
+        goto err;
+
+#ifndef OPENSSL_NO_POSIX_IO
+    /*
+     * struct stat can have padding and unused fields that may not be
+     * initialized in the call to stat(). We need to clear the entire
+     * structure before calling RAND_add() to avoid complaints from
+     * applications such as Valgrind.
+     */
+    memset(&sb, 0, sizeof(sb));
+    if (fstat(fileno(in), &sb) < 0)
+        goto err;
+    RAND_add(&sb, sizeof(sb), 0.0);
+
+# if defined(S_ISBLK) && defined(S_ISCHR)
+    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+        /*
+         * this file is a device. we don't want read an infinite number of
+         * bytes from a random device, nor do we want to use buffered I/O
+         * because we will waste system entropy.
+         */
+        bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+        setbuf(in, NULL); /* don't do buffered reads */
+    }
+# endif
+#endif
+    for (;;) {
+        if (bytes > 0)
+            n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+        else
+            n = BUFSIZE;
+        i = fread(buf, 1, n, in);
+        if (i <= 0)
+            break;
+
+        RAND_add(buf, i, (double)i);
+        ret += i;
+        if (bytes > 0) {
+            bytes -= n;
+            if (bytes <= 0)
+                break;
+        }
+    }
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    if (in != NULL)
+        fclose(in);
+    return ret;
+}
+
+int RAND_write_file(const char *file)
+{
+    unsigned char buf[BUFSIZE];
+    int i, ret = 0, rand_err = 0;
+    FILE *out = NULL;
+    int n;
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+
+# if defined(S_ISBLK) && defined(S_ISCHR)
+# ifdef _WIN32
+    /*
+     * Check for |file| being a driver as "ASCII-safe" on Windows,
+     * because driver paths are always ASCII.
+     */
+# endif
+    i = stat(file, &sb);
+    if (i != -1) {
+        if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+            /*
+             * this file is a device. we don't write back to it. we
+             * "succeed" on the assumption this is some sort of random
+             * device. Otherwise attempting to write to and chmod the device
+             * causes problems.
+             */
+            return 1;
+        }
+    }
+# endif
+#endif
+
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
+    !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
+    {
+# ifndef O_BINARY
+#  define O_BINARY 0
+# endif
+        /*
+         * chmod(..., 0600) is too late to protect the file, permissions
+         * should be restrictive from the start
+         */
+        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
+        if (fd != -1)
+            out = fdopen(fd, "wb");
+    }
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+    /*
+     * VMS NOTE: Prior versions of this routine created a _new_ version of
+     * the rand file for each call into this routine, then deleted all
+     * existing versions named ;-1, and finally renamed the current version
+     * as ';1'. Under concurrent usage, this resulted in an RMS race
+     * condition in rename() which could orphan files (see vms message help
+     * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+     * the top-level version of the rand file. Note that there may still be
+     * conditions where the top-level rand file is locked. If so, this code
+     * will then create a new version of the rand file. Without the delete
+     * and rename code, this can result in ascending file versions that stop
+     * at version 32767, and this routine will then return an error. The
+     * remedy for this is to recode the calling application to avoid
+     * concurrent use of the rand file, or synchronize usage at the
+     * application level. Also consider whether or not you NEED a persistent
+     * rand file in a concurrent use situation.
+     */
+
+    out = openssl_fopen(file, "rb+");
+#endif
+    if (out == NULL)
+        out = openssl_fopen(file, "wb");
+    if (out == NULL)
+        goto err;
+
+#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+    chmod(file, 0600);
+#endif
+    n = RAND_DATA;
+    for (;;) {
+        i = (n > BUFSIZE) ? BUFSIZE : n;
+        n -= BUFSIZE;
+        if (RAND_bytes(buf, i) <= 0)
+            rand_err = 1;
+        i = fwrite(buf, 1, i, out);
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        ret += i;
+        if (n <= 0)
+            break;
+    }
+
+    fclose(out);
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    return (rand_err ? -1 : ret);
+}
+
+const char *RAND_file_name(char *buf, size_t size)
+{
+    char *s = NULL;
+    int use_randfile = 1;
+#ifdef __OpenBSD__
+    struct stat sb;
+#endif
+
+#if defined(_WIN32) && defined(CP_UTF8)
+    DWORD len;
+    WCHAR *var, *val;
+
+    if ((var = L"RANDFILE",
+         len = GetEnvironmentVariableW(var, NULL, 0)) == 0
+        && (var = L"HOME", use_randfile = 0,
+            len = GetEnvironmentVariableW(var, NULL, 0)) == 0
+        && (var = L"USERPROFILE",
+            len = GetEnvironmentVariableW(var, NULL, 0)) == 0) {
+        var = L"SYSTEMROOT",
+        len = GetEnvironmentVariableW(var, NULL, 0);
+    }
+
+    if (len != 0) {
+        int sz;
+
+        val = _alloca(len * sizeof(WCHAR));
+
+        if (GetEnvironmentVariableW(var, val, len) < len
+            && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
+                                         NULL, NULL)) != 0) {
+            s = _alloca(sz);
+            if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
+                                    NULL, NULL) == 0)
+                s = NULL;
+        }
+    }
+#else
+    if (OPENSSL_issetugid() != 0) {
+        use_randfile = 0;
+    } else {
+        s = getenv("RANDFILE");
+        if (s == NULL || *s == '\0') {
+            use_randfile = 0;
+            s = getenv("HOME");
+        }
+    }
+#endif
+#ifdef DEFAULT_HOME
+    if (!use_randfile && s == NULL) {
+        s = DEFAULT_HOME;
+    }
+#endif
+    if (s != NULL && *s) {
+        size_t len = strlen(s);
+
+        if (use_randfile && len + 1 < size) {
+            if (OPENSSL_strlcpy(buf, s, size) >= size)
+                return NULL;
+        } else if (len + strlen(RFILE) + 2 < size) {
+            OPENSSL_strlcpy(buf, s, size);
+#ifndef OPENSSL_SYS_VMS
+            OPENSSL_strlcat(buf, "/", size);
+#endif
+            OPENSSL_strlcat(buf, RFILE, size);
+        }
+    } else {
+        buf[0] = '\0';      /* no file name */
+    }
+
+#ifdef __OpenBSD__
+    /*
+     * given that all random loads just fail if the file can't be seen on a
+     * stat, we stat the file we're returning, if it fails, use /dev/arandom
+     * instead. this allows the user to use their own source for good random
+     * data, but defaults to something hopefully decent if that isn't
+     * available.
+     */
+
+    if (!buf[0] || stat(buf, &sb) == -1)
+        if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
+            return NULL;
+        }
+#endif
+    return buf[0] ? buf : NULL;
+}
diff --git a/openssl-1.1.0h/crypto/rc2/build.info b/openssl-1.1.0h/crypto/rc2/build.info
new file mode 100644
index 0000000..47a3fd0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
diff --git a/openssl-1.1.0h/crypto/rc2/rc2_cbc.c b/openssl-1.1.0h/crypto/rc2/rc2_cbc.c
new file mode 100644
index 0000000..2b59353
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2_cbc.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = p1 = &(key->data[0]);
+    for (;;) {
+        t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
+        x0 = (t << 1) | (t >> 15);
+        t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
+        x1 = (t << 2) | (t >> 14);
+        t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
+        x2 = (t << 3) | (t >> 13);
+        t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
+        x3 = (t << 5) | (t >> 11);
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x0 += p1[x3 & 0x3f];
+            x1 += p1[x0 & 0x3f];
+            x2 += p1[x1 & 0x3f];
+            x3 += p1[x2 & 0x3f];
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = &(key->data[63]);
+    p1 = &(key->data[0]);
+    for (;;) {
+        t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
+        x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
+        t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
+        x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
+        t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
+        x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
+        t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
+        x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
+            x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
+            x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
+            x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
diff --git a/openssl-1.1.0h/crypto/rc2/rc2_ecb.c b/openssl-1.1.0h/crypto/rc2/rc2_ecb.c
new file mode 100644
index 0000000..b87931f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2_ecb.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+#include <openssl/opensslv.h>
+
+/*-
+ * RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+                     int encrypt)
+{
+    unsigned long l, d[2];
+
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC2_encrypt(d, ks);
+    else
+        RC2_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/rc2/rc2_locl.h b/openssl-1.1.0h/crypto/rc2/rc2_locl.h
new file mode 100644
index 0000000..e4dad94
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2_locl.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#define C_RC2(n) \
+        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+        x0=(t<<1)|(t>>15); \
+        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+        x1=(t<<2)|(t>>14); \
+        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+        x2=(t<<3)|(t>>13); \
+        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+        x3=(t<<5)|(t>>11);
diff --git a/openssl-1.1.0h/crypto/rc2/rc2_skey.c b/openssl-1.1.0h/crypto/rc2/rc2_skey.c
new file mode 100644
index 0000000..55d8ba3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2_skey.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+static const unsigned char key_table[256] = {
+    0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
+    0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
+    0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
+    0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+    0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
+    0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
+    0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
+    0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+    0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
+    0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
+    0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
+    0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+    0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
+    0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
+    0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
+    0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+    0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
+    0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
+    0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
+    0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+    0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
+    0xfe, 0x7f, 0xc1, 0xad,
+};
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g",off)
+#endif
+
+/*
+ * It has come to my attention that there are 2 versions of the RC2 key
+ * schedule.  One which is normal, and anther which has a hook to use a
+ * reduced key length. BSAFE uses the 'retarded' version.  What I previously
+ * shipped is the same as specifying 1024 for the 'bits' parameter.  Bsafe
+ * uses a version where the bits parameter is the same as len*8
+ */
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+{
+    int i, j;
+    unsigned char *k;
+    RC2_INT *ki;
+    unsigned int c, d;
+
+    k = (unsigned char *)&(key->data[0]);
+    *k = 0;                     /* for if there is a zero length key */
+
+    if (len > 128)
+        len = 128;
+    if (bits <= 0)
+        bits = 1024;
+    if (bits > 1024)
+        bits = 1024;
+
+    for (i = 0; i < len; i++)
+        k[i] = data[i];
+
+    /* expand table */
+    d = k[len - 1];
+    j = 0;
+    for (i = len; i < 128; i++, j++) {
+        d = key_table[(k[j] + d) & 0xff];
+        k[i] = d;
+    }
+
+    /* hmm.... key reduction to 'bits' bits */
+
+    j = (bits + 7) >> 3;
+    i = 128 - j;
+    c = (0xff >> (-bits & 0x07));
+
+    d = key_table[k[i] & c];
+    k[i] = d;
+    while (i--) {
+        d = key_table[k[i + j] ^ d];
+        k[i] = d;
+    }
+
+    /* copy from bytes into RC2_INT's */
+    ki = &(key->data[63]);
+    for (i = 127; i >= 0; i -= 2)
+        *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/openssl-1.1.0h/crypto/rc2/rc2cfb64.c b/openssl-1.1.0h/crypto/rc2/rc2cfb64.c
new file mode 100644
index 0000000..e11093d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/rc2/rc2ofb64.c b/openssl-1.1.0h/crypto/rc2/rc2ofb64.c
new file mode 100644
index 0000000..d610278
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/rc2ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC2_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/rc2/tab.c b/openssl-1.1.0h/crypto/rc2/tab.c
new file mode 100644
index 0000000..bc95dc4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc2/tab.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+unsigned char ebits_to_num[256] = {
+    0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
+    0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+    0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
+    0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+    0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
+    0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+    0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
+    0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+    0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
+    0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+    0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
+    0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+    0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
+    0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+    0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
+    0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+    0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
+    0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+    0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
+    0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+    0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
+    0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+    0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
+    0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+    0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
+    0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+    0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
+    0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+    0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
+    0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+    0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
+    0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab,
+};
+
+unsigned char num_to_ebits[256] = {
+    0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d,
+    0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+    0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47,
+    0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+    0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c,
+    0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+    0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89,
+    0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+    0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8,
+    0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+    0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab,
+    0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+    0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46,
+    0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+    0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87,
+    0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+    0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6,
+    0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+    0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7,
+    0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+    0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0,
+    0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+    0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a,
+    0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+    0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5,
+    0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+    0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90,
+    0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+    0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b,
+    0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+    0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18,
+    0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd,
+};
+
+main()
+{
+    int i, j;
+
+    for (i = 0; i < 256; i++) {
+        for (j = 0; j < 256; j++)
+            if (ebits_to_num[j] == i) {
+                printf("0x%02x,", j);
+                break;
+            }
+    }
+}
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-586.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-586.pl
new file mode 100644
index 0000000..7d6f97c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-586.pl
@@ -0,0 +1,428 @@
+#! /usr/bin/env perl
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# At some point it became apparent that the original SSLeay RC4
+# assembler implementation performs suboptimally on latest IA-32
+# microarchitectures. After re-tuning performance has changed as
+# following:
+#
+# Pentium	-10%
+# Pentium III	+12%
+# AMD		+50%(*)
+# P4		+250%(**)
+#
+# (*)	This number is actually a trade-off:-) It's possible to
+#	achieve	+72%, but at the cost of -48% off PIII performance.
+#	In other words code performing further 13% faster on AMD
+#	would perform almost 2 times slower on Intel PIII...
+#	For reference! This code delivers ~80% of rc4-amd64.pl
+#	performance on the same Opteron machine.
+# (**)	This number requires compressed key schedule set up by
+#	RC4_set_key [see commentary below for further details].
+#
+#					<appro@fy.chalmers.se>
+
+# May 2011
+#
+# Optimize for Core2 and Westmere [and incidentally Opteron]. Current
+# performance in cycles per processed byte (less is better) and
+# improvement relative to previous version of this module is:
+#
+# Pentium	10.2			# original numbers
+# Pentium III	7.8(*)
+# Intel P4	7.5
+#
+# Opteron	6.1/+20%		# new MMX numbers
+# Core2		5.3/+67%(**)
+# Westmere	5.1/+94%(**)
+# Sandy Bridge	5.0/+8%
+# Atom		12.6/+6%
+# VIA Nano	6.4/+9%
+# Ivy Bridge	4.9/±0%
+# Bulldozer	4.9/+15%
+#
+# (*)	PIII can actually deliver 6.6 cycles per byte with MMX code,
+#	but this specific code performs poorly on Core2. And vice
+#	versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs
+#	poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU
+#	[anymore], I chose to discard PIII-specific code path and opt
+#	for original IALU-only code, which is why MMX/SSE code path
+#	is guarded by SSE2 bit (see below), not MMX/SSE.
+# (**)	Performance vs. block size on Core2 and Westmere had a maximum
+#	at ... 64 bytes block size. And it was quite a maximum, 40-60%
+#	in comparison to largest 8KB block size. Above improvement
+#	coefficients are for the largest block size.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"rc4-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+
+$xx="eax";
+$yy="ebx";
+$tx="ecx";
+$ty="edx";
+$inp="esi";
+$out="ebp";
+$dat="edi";
+
+sub RC4_loop {
+  my $i=shift;
+  my $func = ($i==0)?*mov:*or;
+
+	&add	(&LB($yy),&LB($tx));
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&mov	(&DWP(0,$dat,$xx,4),$ty);
+	&add	($ty,$tx);
+	&inc	(&LB($xx));
+	&and	($ty,0xff);
+	&ror	($out,8)	if ($i!=0);
+	if ($i<3) {
+	  &mov	($tx,&DWP(0,$dat,$xx,4));
+	} else {
+	  &mov	($tx,&wparam(3));	# reload [re-biased] out
+	}
+	&$func	($out,&DWP(0,$dat,$ty,4));
+}
+
+if ($alt=0) {
+  # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron,
+  # but ~40% slower on Core2 and Westmere... Attempt to add movz
+  # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet
+  # on Core2 with movz it's almost 20% slower than below alternative
+  # code... Yes, it's a total mess...
+  my @XX=($xx,$out);
+  $RC4_loop_mmx = sub {		# SSE actually...
+    my $i=shift;
+    my $j=$i<=0?0:$i>>1;
+    my $mm=$i<=0?"mm0":"mm".($i&1);
+
+	&add	(&LB($yy),&LB($tx));
+	&lea	(@XX[1],&DWP(1,@XX[0]));
+	&pxor	("mm2","mm0")				if ($i==0);
+	&psllq	("mm1",8)				if ($i==0);
+	&and	(@XX[1],0xff);
+	&pxor	("mm0","mm0")				if ($i<=0);
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&pxor	("mm1","mm2")				if ($i==0);
+	&mov	(&DWP(0,$dat,$XX[0],4),$ty);
+	&add	(&LB($ty),&LB($tx));
+	&movd	(@XX[0],"mm7")				if ($i==0);
+	&mov	($tx,&DWP(0,$dat,@XX[1],4));
+	&pxor	("mm1","mm1")				if ($i==1);
+	&movq	("mm2",&QWP(0,$inp))			if ($i==1);
+	&movq	(&QWP(-8,(@XX[0],$inp)),"mm1")		if ($i==0);
+	&pinsrw	($mm,&DWP(0,$dat,$ty,4),$j);
+
+	push	(@XX,shift(@XX))			if ($i>=0);
+  }
+} else {
+  # Using pinsrw here improves performane on Intel CPUs by 2-3%, but
+  # brings down AMD by 7%...
+  $RC4_loop_mmx = sub {
+    my $i=shift;
+
+	&add	(&LB($yy),&LB($tx));
+	&psllq	("mm1",8*(($i-1)&7))			if (abs($i)!=1);
+	&mov	($ty,&DWP(0,$dat,$yy,4));
+	&mov	(&DWP(0,$dat,$yy,4),$tx);
+	&mov	(&DWP(0,$dat,$xx,4),$ty);
+	&inc	($xx);
+	&add	($ty,$tx);
+	&movz	($xx,&LB($xx));				# (*)
+	&movz	($ty,&LB($ty));				# (*)
+	&pxor	("mm2",$i==1?"mm0":"mm1")		if ($i>=0);
+	&movq	("mm0",&QWP(0,$inp))			if ($i<=0);
+	&movq	(&QWP(-8,($out,$inp)),"mm2")		if ($i==0);
+	&mov	($tx,&DWP(0,$dat,$xx,4));
+	&movd	($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
+
+	# (*)	This is the key to Core2 and Westmere performance.
+	#	Without movz out-of-order execution logic confuses
+	#	itself and fails to reorder loads and stores. Problem
+	#	appears to be fixed in Sandy Bridge...
+  }
+}
+
+&external_label("OPENSSL_ia32cap_P");
+
+# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
+&function_begin("RC4");
+	&mov	($dat,&wparam(0));	# load key schedule pointer
+	&mov	($ty, &wparam(1));	# load len
+	&mov	($inp,&wparam(2));	# load inp
+	&mov	($out,&wparam(3));	# load out
+
+	&xor	($xx,$xx);		# avoid partial register stalls
+	&xor	($yy,$yy);
+
+	&cmp	($ty,0);		# safety net
+	&je	(&label("abort"));
+
+	&mov	(&LB($xx),&BP(0,$dat));	# load key->x
+	&mov	(&LB($yy),&BP(4,$dat));	# load key->y
+	&add	($dat,8);
+
+	&lea	($tx,&DWP(0,$inp,$ty));
+	&sub	($out,$inp);		# re-bias out
+	&mov	(&wparam(1),$tx);	# save input+len
+
+	&inc	(&LB($xx));
+
+	# detect compressed key schedule...
+	&cmp	(&DWP(256,$dat),-1);
+	&je	(&label("RC4_CHAR"));
+
+	&mov	($tx,&DWP(0,$dat,$xx,4));
+
+	&and	($ty,-4);		# how many 4-byte chunks?
+	&jz	(&label("loop1"));
+
+	&mov	(&wparam(3),$out);	# $out as accumulator in these loops
+					if ($x86only) {
+	&jmp	(&label("go4loop4"));
+					} else {
+	&test	($ty,-8);
+	&jz	(&label("go4loop4"));
+
+	&picmeup($out,"OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,$out),26);	# check SSE2 bit [could have been MMX]
+	&jnc	(&label("go4loop4"));
+
+	&mov	($out,&wparam(3))	if (!$alt);
+	&movd	("mm7",&wparam(3))	if ($alt);
+	&and	($ty,-8);
+	&lea	($ty,&DWP(-8,$inp,$ty));
+	&mov	(&DWP(-4,$dat),$ty);	# save input+(len/8)*8-8
+
+	&$RC4_loop_mmx(-1);
+	&jmp(&label("loop_mmx_enter"));
+
+	&set_label("loop_mmx",16);
+		&$RC4_loop_mmx(0);
+	&set_label("loop_mmx_enter");
+		for 	($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); }
+		&mov	($ty,$yy);
+		&xor	($yy,$yy);		# this is second key to Core2
+		&mov	(&LB($yy),&LB($ty));	# and Westmere performance...
+		&cmp	($inp,&DWP(-4,$dat));
+		&lea	($inp,&DWP(8,$inp));
+	&jb	(&label("loop_mmx"));
+
+    if ($alt) {
+	&movd	($out,"mm7");
+	&pxor	("mm2","mm0");
+	&psllq	("mm1",8);
+	&pxor	("mm1","mm2");
+	&movq	(&QWP(-8,$out,$inp),"mm1");
+    } else {
+	&psllq	("mm1",56);
+	&pxor	("mm2","mm1");
+	&movq	(&QWP(-8,$out,$inp),"mm2");
+    }
+	&emms	();
+
+	&cmp	($inp,&wparam(1));	# compare to input+len
+	&je	(&label("done"));
+	&jmp	(&label("loop1"));
+					}
+
+&set_label("go4loop4",16);
+	&lea	($ty,&DWP(-4,$inp,$ty));
+	&mov	(&wparam(2),$ty);	# save input+(len/4)*4-4
+
+	&set_label("loop4");
+		for ($i=0;$i<4;$i++) { RC4_loop($i); }
+		&ror	($out,8);
+		&xor	($out,&DWP(0,$inp));
+		&cmp	($inp,&wparam(2));	# compare to input+(len/4)*4-4
+		&mov	(&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here
+		&lea	($inp,&DWP(4,$inp));
+		&mov	($tx,&DWP(0,$dat,$xx,4));
+	&jb	(&label("loop4"));
+
+	&cmp	($inp,&wparam(1));	# compare to input+len
+	&je	(&label("done"));
+	&mov	($out,&wparam(3));	# restore $out
+
+	&set_label("loop1",16);
+		&add	(&LB($yy),&LB($tx));
+		&mov	($ty,&DWP(0,$dat,$yy,4));
+		&mov	(&DWP(0,$dat,$yy,4),$tx);
+		&mov	(&DWP(0,$dat,$xx,4),$ty);
+		&add	($ty,$tx);
+		&inc	(&LB($xx));
+		&and	($ty,0xff);
+		&mov	($ty,&DWP(0,$dat,$ty,4));
+		&xor	(&LB($ty),&BP(0,$inp));
+		&lea	($inp,&DWP(1,$inp));
+		&mov	($tx,&DWP(0,$dat,$xx,4));
+		&cmp	($inp,&wparam(1));	# compare to input+len
+		&mov	(&BP(-1,$out,$inp),&LB($ty));
+	&jb	(&label("loop1"));
+
+	&jmp	(&label("done"));
+
+# this is essentially Intel P4 specific codepath...
+&set_label("RC4_CHAR",16);
+	&movz	($tx,&BP(0,$dat,$xx));
+	# strangely enough unrolled loop performs over 20% slower...
+	&set_label("cloop1");
+		&add	(&LB($yy),&LB($tx));
+		&movz	($ty,&BP(0,$dat,$yy));
+		&mov	(&BP(0,$dat,$yy),&LB($tx));
+		&mov	(&BP(0,$dat,$xx),&LB($ty));
+		&add	(&LB($ty),&LB($tx));
+		&movz	($ty,&BP(0,$dat,$ty));
+		&add	(&LB($xx),1);
+		&xor	(&LB($ty),&BP(0,$inp));
+		&lea	($inp,&DWP(1,$inp));
+		&movz	($tx,&BP(0,$dat,$xx));
+		&cmp	($inp,&wparam(1));
+		&mov	(&BP(-1,$out,$inp),&LB($ty));
+	&jb	(&label("cloop1"));
+
+&set_label("done");
+	&dec	(&LB($xx));
+	&mov	(&DWP(-4,$dat),$yy);		# save key->y
+	&mov	(&BP(-8,$dat),&LB($xx));	# save key->x
+&set_label("abort");
+&function_end("RC4");
+
+########################################################################
+
+$inp="esi";
+$out="edi";
+$idi="ebp";
+$ido="ecx";
+$idx="edx";
+
+# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
+&function_begin("RC4_set_key");
+	&mov	($out,&wparam(0));		# load key
+	&mov	($idi,&wparam(1));		# load len
+	&mov	($inp,&wparam(2));		# load data
+	&picmeup($idx,"OPENSSL_ia32cap_P");
+
+	&lea	($out,&DWP(2*4,$out));		# &key->data
+	&lea	($inp,&DWP(0,$inp,$idi));	# $inp to point at the end
+	&neg	($idi);
+	&xor	("eax","eax");
+	&mov	(&DWP(-4,$out),$idi);		# borrow key->y
+
+	&bt	(&DWP(0,$idx),20);		# check for bit#20
+	&jc	(&label("c1stloop"));
+
+&set_label("w1stloop",16);
+	&mov	(&DWP(0,$out,"eax",4),"eax");	# key->data[i]=i;
+	&add	(&LB("eax"),1);			# i++;
+	&jnc	(&label("w1stloop"));
+
+	&xor	($ido,$ido);
+	&xor	($idx,$idx);
+
+&set_label("w2ndloop",16);
+	&mov	("eax",&DWP(0,$out,$ido,4));
+	&add	(&LB($idx),&BP(0,$inp,$idi));
+	&add	(&LB($idx),&LB("eax"));
+	&add	($idi,1);
+	&mov	("ebx",&DWP(0,$out,$idx,4));
+	&jnz	(&label("wnowrap"));
+	  &mov	($idi,&DWP(-4,$out));
+	&set_label("wnowrap");
+	&mov	(&DWP(0,$out,$idx,4),"eax");
+	&mov	(&DWP(0,$out,$ido,4),"ebx");
+	&add	(&LB($ido),1);
+	&jnc	(&label("w2ndloop"));
+&jmp	(&label("exit"));
+
+# Unlike all other x86 [and x86_64] implementations, Intel P4 core
+# [including EM64T] was found to perform poorly with above "32-bit" key
+# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded
+# assembler turned out to be 3.5x if re-coded for compressed 8-bit one,
+# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit
+# schedule for x86[_64], because non-P4 implementations suffer from
+# significant performance losses then, e.g. PIII exhibits >2x
+# deterioration, and so does Opteron. In order to assure optimal
+# all-round performance, we detect P4 at run-time and set up compressed
+# key schedule, which is recognized by RC4 procedure.
+
+&set_label("c1stloop",16);
+	&mov	(&BP(0,$out,"eax"),&LB("eax"));	# key->data[i]=i;
+	&add	(&LB("eax"),1);			# i++;
+	&jnc	(&label("c1stloop"));
+
+	&xor	($ido,$ido);
+	&xor	($idx,$idx);
+	&xor	("ebx","ebx");
+
+&set_label("c2ndloop",16);
+	&mov	(&LB("eax"),&BP(0,$out,$ido));
+	&add	(&LB($idx),&BP(0,$inp,$idi));
+	&add	(&LB($idx),&LB("eax"));
+	&add	($idi,1);
+	&mov	(&LB("ebx"),&BP(0,$out,$idx));
+	&jnz	(&label("cnowrap"));
+	  &mov	($idi,&DWP(-4,$out));
+	&set_label("cnowrap");
+	&mov	(&BP(0,$out,$idx),&LB("eax"));
+	&mov	(&BP(0,$out,$ido),&LB("ebx"));
+	&add	(&LB($ido),1);
+	&jnc	(&label("c2ndloop"));
+
+	&mov	(&DWP(256,$out),-1);		# mark schedule as compressed
+
+&set_label("exit");
+	&xor	("eax","eax");
+	&mov	(&DWP(-8,$out),"eax");		# key->x=0;
+	&mov	(&DWP(-4,$out),"eax");		# key->y=0;
+&function_end("RC4_set_key");
+
+# const char *RC4_options(void);
+&function_begin_B("RC4_options");
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop("eax");
+	&lea	("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&mov	("edx",&DWP(0,"edx"));
+	&bt	("edx",20);
+	&jc	(&label("1xchar"));
+	&bt	("edx",26);
+	&jnc	(&label("ret"));
+	&add	("eax",25);
+	&ret	();
+&set_label("1xchar");
+	&add	("eax",12);
+&set_label("ret");
+	&ret	();
+&set_label("opts",64);
+&asciz	("rc4(4x,int)");
+&asciz	("rc4(1x,char)");
+&asciz	("rc4(8x,mmx)");
+&asciz	("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(64);
+&function_end_B("RC4_options");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-c64xplus.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-c64xplus.pl
new file mode 100644
index 0000000..184922c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-c64xplus.pl
@@ -0,0 +1,192 @@
+#! /usr/bin/env perl
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# RC4 for C64x+.
+#
+# April 2014
+#
+# RC4 subroutine processes one byte in 7.0 cycles, which is 3x faster
+# than TI CGT-generated code. Loop is scheduled in such way that
+# there is only one reference to memory in each cycle. This is done
+# to avoid L1D memory banking conflicts, see SPRU871 TI publication
+# for further details. Otherwise it should be possible to schedule
+# the loop for iteration interval of 6...
+
+($KEY,$LEN,$INP,$OUT)=("A4","B4","A6","B6");
+
+($KEYA,$XX,$TY,$xx,$ONE,$ret)=map("A$_",(5,7,8,9,1,2));
+($KEYB,$YY,$TX,$tx,$SUM,$dat)=map("B$_",(5,7,8,9,1,2));
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	RC4,_RC4
+	.asg	RC4_set_key,_RC4_set_key
+	.asg	RC4_options,_RC4_options
+	.endif
+
+	.global	_RC4
+	.align	16
+_RC4:
+	.asmfunc
+	MV	$LEN,B0
+  [!B0]	BNOP	B3			; if (len==0) return;
+||[B0]	ADD	$KEY,2,$KEYA
+||[B0]	ADD	$KEY,2,$KEYB
+  [B0]	MVK	1,$ONE
+||[B0]	LDBU	*${KEYA}[-2],$XX	; key->x
+  [B0]	LDBU	*${KEYB}[-1],$YY	; key->y
+||	NOP	4
+
+	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$TX
+||	MVC	$LEN,ILC
+	NOP	4
+;;==================================================
+	SPLOOP	7
+||	ADD4	$TX,$YY,$YY
+
+	LDBU	*${KEYB}[$YY],$TY
+||	MVD	$XX,$xx
+||	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$tx
+	CMPEQ	$YY,$XX,B0
+||	NOP	3
+	STB	$TX,*${KEYB}[$YY]
+||[B0]	ADD4	$TX,$YY,$YY
+	STB	$TY,*${KEYA}[$xx]
+||[!B0]	ADD4	$tx,$YY,$YY
+||[!B0]	MVD	$tx,$TX
+	ADD4	$TY,$TX,$SUM		; [0,0] $TX is not replaced by $tx yet!
+||	NOP	2
+	LDBU	*$INP++,$dat
+||	NOP	2
+	LDBU	*${KEYB}[$SUM],$ret
+||	NOP	5
+	XOR.L	$dat,$ret,$ret
+	SPKERNEL
+||	STB	$ret,*$OUT++
+;;==================================================
+	SUB4	$XX,$ONE,$XX
+||	NOP	5
+	STB	$XX,*${KEYA}[-2]	; key->x
+||	SUB4	$YY,$TX,$YY
+||	BNOP	B3	
+	STB	$YY,*${KEYB}[-1]	; key->y
+||	NOP	5
+	.endasmfunc
+
+	.global	_RC4_set_key
+	.align	16
+_RC4_set_key:
+	.asmfunc
+	.if	.BIG_ENDIAN
+	MVK	0x00000404,$ONE
+||	MVK	0x00000203,B0
+	MVKH	0x04040000,$ONE
+||	MVKH	0x00010000,B0
+	.else
+	MVK	0x00000404,$ONE
+||	MVK	0x00000100,B0
+	MVKH	0x04040000,$ONE
+||	MVKH	0x03020000,B0
+	.endif
+	ADD	$KEY,2,$KEYA
+||	ADD	$KEY,2,$KEYB
+||	ADD	$INP,$LEN,$ret		; end of input
+	LDBU	*${INP}++,$dat
+||	MVK	0,$TX
+	STH	$TX,*${KEY}++		; key->x=key->y=0
+||	MV	B0,A0
+||	MVK	64-4,B0
+
+;;==================================================
+	SPLOOPD	1
+||	MVC	B0,ILC
+
+	STNW	A0,*${KEY}++
+||	ADD4	$ONE,A0,A0
+	SPKERNEL
+;;==================================================
+
+	MVK	0,$YY
+||	MVK	0,$XX
+	MVK	1,$ONE
+||	MVK	256-1,B0
+
+;;==================================================
+	SPLOOPD	8
+||	MVC	B0,ILC
+
+	ADD4	$dat,$YY,$YY
+||	CMPEQ	$INP,$ret,A0		; end of input?
+	LDBU	*${KEYB}[$YY],$TY
+||	MVD	$XX,$xx
+||	ADD4	$ONE,$XX,$XX
+	LDBU	*${KEYA}[$XX],$tx
+||[A0]	SUB	$INP,$LEN,$INP		; rewind
+	LDBU	*${INP}++,$dat
+||	CMPEQ	$YY,$XX,B0
+||	NOP	3
+	STB	$TX,*${KEYB}[$YY]
+||[B0]	ADD4	$TX,$YY,$YY
+	STB	$TY,*${KEYA}[$xx]
+||[!B0]	ADD4	$tx,$YY,$YY
+||[!B0]	MV	$tx,$TX
+	SPKERNEL
+;;==================================================
+
+	BNOP	B3,5
+	.endasmfunc
+
+	.global	_RC4_options
+	.align	16
+_RC4_options:
+_rc4_options:
+	.asmfunc
+	BNOP	B3,1
+	ADDKPC	_rc4_options,B4
+	.if	__TI_EABI__
+	MVKL	\$PCR_OFFSET(rc4_options,_rc4_options),A4
+	MVKH	\$PCR_OFFSET(rc4_options,_rc4_options),A4
+	.else
+	MVKL	(rc4_options-_rc4_options),A4
+	MVKH	(rc4_options-_rc4_options),A4
+	.endif
+	ADD	B4,A4,A4
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:rc4_options.const"
+	.else
+	.sect	".const:rc4_options"
+	.endif
+	.align	4
+rc4_options:
+	.cstring "rc4(sploop,char)"
+	.cstring "RC4 for C64+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+$output=pop;
+open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-ia64.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-ia64.pl
new file mode 100644
index 0000000..5e8f5f5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-ia64.pl
@@ -0,0 +1,767 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by David Mosberger <David.Mosberger@acm.org> based on the
+# Itanium optimized Crypto code which was released by HP Labs at
+# http://www.hpl.hp.com/research/linux/crypto/.
+#
+# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+
+
+
+# This is a little helper program which generates a software-pipelined
+# for RC4 encryption.  The basic algorithm looks like this:
+#
+#   for (counter = 0; counter < len; ++counter)
+#     {
+#       in = inp[counter];
+#       SI = S[I];
+#       J = (SI + J) & 0xff;
+#       SJ = S[J];
+#       T = (SI + SJ) & 0xff;
+#       S[I] = SJ, S[J] = SI;
+#       ST = S[T];
+#       outp[counter] = in ^ ST;
+#       I = (I + 1) & 0xff;
+#     }
+#
+# Pipelining this loop isn't easy, because the stores to the S[] array
+# need to be observed in the right order.  The loop generated by the
+# code below has the following pipeline diagram:
+#
+#      cycle
+#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
+# iter
+#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#
+#   where:
+# 	LDI = load of S[I]
+# 	LDJ = load of S[J]
+# 	SWP = swap of S[I] and S[J]
+# 	LDT = load of S[T]
+#
+# Note that in the above diagram, the major trouble-spot is that LDI
+# of the 2nd iteration is performed BEFORE the SWP of the first
+# iteration.  Fortunately, this is easy to detect (I of the 1st
+# iteration will be equal to J of the 2nd iteration) and when this
+# happens, we simply forward the proper value from the 1st iteration
+# to the 2nd one.  The proper value in this case is simply the value
+# of S[I] from the first iteration (thanks to the fact that SWP
+# simply swaps the contents of S[I] and S[J]).
+#
+# Another potential trouble-spot is in cycle 7, where SWP of the 1st
+# iteration issues at the same time as the LDI of the 3rd iteration.
+# However, thanks to IA-64 execution semantics, this can be taken
+# care of simply by placing LDI later in the instruction-group than
+# SWP.  IA-64 CPUs will automatically forward the value if they
+# detect that the SWP and LDI are accessing the same memory-location.
+
+# The core-loop that can be pipelined then looks like this (annotated
+# with McKinley/Madison issue port & latency numbers, assuming L1
+# cache hits for the most part):
+
+# operation:	    instruction:		    issue-ports:  latency
+# ------------------  -----------------------------   ------------- -------
+
+# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
+#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
+# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
+#                     ;;
+# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
+#                     ;;
+#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
+# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
+#                     (pBypass) br.cond.spnt Bypass
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
+#                     ;;
+#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
+#                     ;;
+# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
+#                     ;;
+# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
+# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
+# S[J] = SI           st8 [Jptr] = SI                 M2-M3
+#                     ;;
+#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
+#                     ;;
+# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
+#                     ;;
+# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
+#                     ;;
+# ---------------------------------------------------------------------------------------
+
+# There are several points worth making here:
+
+#   - Note that due to the bypass/forwarding-path, the first two
+#     phases of the loop are strangly mingled together.  In
+#     particular, note that the first stage of the pipeline is
+#     using the value of "J", as calculated by the second stage.
+#   - Each bundle-pair will have exactly 6 instructions.
+#   - Pipelined, the loop can execute in 3 cycles/iteration and
+#     4 stages.  However, McKinley/Madison can issue "st1" to
+#     the same bank at a rate of at most one per 4 cycles.  Thus,
+#     instead of storing each byte, we accumulate them in a word
+#     and then write them back at once with a single "st8" (this
+#     implies that the setup code needs to ensure that the output
+#     buffer is properly aligned, if need be, by encoding the
+#     first few bytes separately).
+#   - There is no space for a "br.ctop" instruction.  For this
+#     reason we can't use module-loop support in IA-64 and have
+#     to do a traditional, purely software-pipelined loop.
+#   - We can't replace any of the remaining "add/zxt1" pairs with
+#     "padd1" because the latency for that instruction is too high
+#     and would push the loop to the point where more bypasses
+#     would be needed, which we don't have space for.
+#   - The above loop runs at around 3.26 cycles/byte, or roughly
+#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
+#     system bus bandwidth and hence with judicious use of
+#     "lfetch" this loop can run at (almost) peak speed even when
+#     the input and output data reside in memory.  The
+#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
+#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
+#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
+#     that we do NOT prefetch into L1, since that would only
+#     interfere with the S[] table values stored there.  This is
+#     acceptable because there is a 10 cycle latency between
+#     load and first use of the input data.
+#   - We use a branch to out-of-line bypass-code of cycle-pressure:
+#     we calculate the next J, check for the need to activate the
+#     bypass path, and activate the bypass path ALL IN THE SAME
+#     CYCLE.  If we didn't have these constraints, we could do
+#     the bypass with a simple conditional move instruction.
+#     Fortunately, the bypass paths get activated relatively
+#     infrequently, so the extra branches don't cost all that much
+#     (about 0.04 cycles/byte, measured on a 16396 byte file with
+#     random input data).
+#
+
+$output = pop;
+open STDOUT,">$output";
+
+$phases = 4;		# number of stages/phases in the pipelined-loop
+$unroll_count = 6;	# number of times we unrolled it
+$pComI = (1 << 0);
+$pComJ = (1 << 1);
+$pComT = (1 << 2);
+$pOut  = (1 << 3);
+
+$NData = 4;
+$NIP = 3;
+$NJP = 2;
+$NI = 2;
+$NSI = 3;
+$NSJ = 2;
+$NT = 2;
+$NOutWord = 2;
+
+#
+# $threshold is the minimum length before we attempt to use the
+# big software-pipelined loop.  It MUST be greater-or-equal
+# to:
+#  		PHASES * (UNROLL_COUNT + 1) + 7
+#
+# The "+ 7" comes from the fact we may have to encode up to
+#   7 bytes separately before the output pointer is aligned.
+#
+$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
+
+sub I {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ("\t\t".$format."\n", @_);
+}
+
+sub P {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ($format."\n", @_);
+}
+
+sub STOP {
+    local *code = shift;
+    $code .=<<___;
+		;;
+___
+}
+
+sub emit_body {
+    local *c = shift;
+    local *bypass = shift;
+    local ($iteration, $p) = @_;
+
+    local $i0 = $iteration;
+    local $i1 = $iteration - 1;
+    local $i2 = $iteration - 2;
+    local $i3 = $iteration - 3;
+    local $iw0 = ($iteration - 3) / 8;
+    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
+    local $byte_num = ($iteration - 3) % 8;
+    local $label = $iteration + 1;
+    local $pAny = ($p & 0xf) == 0xf;
+    local $pByp = (($p & $pComI) && ($iteration > 0));
+
+    $c.=<<___;
+//////////////////////////////////////////////////
+___
+
+    if (($p & 0xf) == 0) {
+	$c.="#ifdef HOST_IS_BIG_ENDIAN\n";
+	&I(\$c,"shr.u	OutWord[%u] = OutWord[%u], 32;;",
+				$iw1 % $NOutWord, $iw1 % $NOutWord);
+	$c.="#endif\n";
+	&I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
+	return;
+    }
+
+    # Cycle 0
+    &I(\$c, "{ .mmi")					      if ($pAny);
+    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
+    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
+    &I(\$c, "zxt1   J = J")				      if ($p & $pComJ);
+    &I(\$c, "}")					      if ($pAny);
+    &I(\$c, "{ .mmi")					      if ($pAny);
+    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
+    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
+       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)		      if ($p & $pComT);
+    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
+    &I(\$c, "}")					      if ($pAny);
+    &STOP(\$c);
+
+    # Cycle 1
+    &I(\$c, "{ .mmi")					      if ($pAny);
+    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
+    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
+    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
+    &I(\$c, "}")					      if ($pAny);
+    &I(\$c, "{ .mmi")					      if ($pAny);
+    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
+    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)		      if ($p & $pComJ);
+    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
+       $i3 % $NData, $i3 % $NData, $i1 % $NT)		      if ($p & $pOut);
+    &I(\$c, "}")					      if ($pAny);
+    &STOP(\$c);
+
+    # Cycle 2
+    &I(\$c, "{ .mmi")					      if ($pAny);
+    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
+    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)	      if ($pByp);
+    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
+       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
+    &I(\$c, "}")					      if ($pAny);
+    &I(\$c, "{ .mmb")					      if ($pAny);
+    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)		      if ($p & $pComI);
+    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
+    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
+    &I(\$c, "}") if ($pAny);
+    &STOP(\$c);
+
+    &P(\$c, ".rc4Resume%u:", $label)			      if ($pByp);
+    if ($byte_num == 0 && $iteration >= $phases) {
+	&I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
+	   $iw1 % $NOutWord)				      if ($p & $pOut);
+	if ($iteration == (1 + $unroll_count) * $phases - 1) {
+	    if ($unroll_count == 6) {
+		&I(\$c, "mov OutWord[%u] = OutWord[%u]",
+		   $iw1 % $NOutWord, $iw0 % $NOutWord);
+	    }
+	    &I(\$c, "lfetch.nt1 [InPrefetch], %u",
+	       $unroll_count * $phases);
+	    &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
+	       $unroll_count * $phases);
+	    &I(\$c, "br.cloop.sptk.few .rc4Loop");
+	}
+    }
+
+    if ($pByp) {
+	&P(\$bypass, ".rc4Bypass%u:", $label);
+	&I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
+	&I(\$bypass, "nop 0");
+	&I(\$bypass, "nop 0");
+	&I(\$bypass, ";;");
+	&I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
+	&I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
+	&I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
+	&I(\$bypass, ";;");
+    }
+}
+
+$code=<<___;
+.ident \"rc4-ia64.s, version 3.0\"
+.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
+
+#define LCSave		r8
+#define PRSave		r9
+
+/* Inputs become invalid once rotation begins!  */
+
+#define StateTable	in0
+#define DataLen		in1
+#define InputBuffer	in2
+#define OutputBuffer	in3
+
+#define KTable		r14
+#define J		r15
+#define InPtr		r16
+#define OutPtr		r17
+#define InPrefetch	r18
+#define OutPrefetch	r19
+#define One		r20
+#define LoopCount	r21
+#define Remainder	r22
+#define IFinal		r23
+#define EndPtr		r24
+
+#define tmp0		r25
+#define tmp1		r26
+
+#define pBypass		p6
+#define pDone		p7
+#define pSmall		p8
+#define pAligned	p9
+#define pUnaligned	p10
+
+#define pComputeI	pPhase[0]
+#define pComputeJ	pPhase[1]
+#define pComputeT	pPhase[2]
+#define pOutput		pPhase[3]
+
+#define RetVal		r8
+#define L_OK		p7
+#define L_NOK		p8
+
+#define	_NINPUTS	4
+#define	_NOUTPUT	0
+
+#define	_NROTATE	24
+#define	_NLOCALS	(_NROTATE - _NINPUTS - _NOUTPUT)
+
+#ifndef SZ
+# define SZ	4	// this must be set to sizeof(RC4_INT)
+#endif
+
+#if SZ == 1
+# define LKEY			ld1
+# define SKEY			st1
+# define KEYADDR(dst, i)	add dst = i, KTable
+#elif SZ == 2
+# define LKEY			ld2
+# define SKEY			st2
+# define KEYADDR(dst, i)	shladd dst = i, 1, KTable
+#elif SZ == 4
+# define LKEY			ld4
+# define SKEY			st4
+# define KEYADDR(dst, i)	shladd dst = i, 2, KTable
+#else
+# define LKEY			ld8
+# define SKEY			st8
+# define KEYADDR(dst, i)	shladd dst = i, 3, KTable
+#endif
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP	addp4
+#else
+# define ADDP	add
+#endif
+
+/* Define a macro for the bit number of the n-th byte: */
+
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+# define HOST_IS_BIG_ENDIAN
+# define BYTE_POS(n)	(56 - (8 * (n)))
+#else
+# define BYTE_POS(n)	(8 * (n))
+#endif
+
+/*
+   We must perform the first phase of the pipeline explicitly since
+   we will always load from the stable the first time. The br.cexit
+   will never be taken since regardless of the number of bytes because
+   the epilogue count is 4.
+*/
+/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
+   assembler failed on original macro with syntax error. <appro> */
+#define MODSCHED_RC4_PROLOGUE						   \\
+	{								   \\
+				ld1		Data[0] = [InPtr], 1;	   \\
+				add		IFinal = 1, I[1];	   \\
+				KEYADDR(IPr[0], I[1]);			   \\
+	} ;;								   \\
+	{								   \\
+				LKEY		SI[0] = [IPr[0]];	   \\
+				mov		pr.rot = 0x10000;	   \\
+				mov		ar.ec = 4;		   \\
+	} ;;								   \\
+	{								   \\
+				add		J = J, SI[0];		   \\
+				zxt1		I[0] = IFinal;		   \\
+				br.cexit.spnt.few .+16; /* never taken */  \\
+	} ;;
+#define MODSCHED_RC4_LOOP(label)					   \\
+label:									   \\
+	{	.mmi;							   \\
+		(pComputeI)	ld1		Data[0] = [InPtr], 1;	   \\
+		(pComputeI)	add		IFinal = 1, I[1];	   \\
+		(pComputeJ)	zxt1		J = J;			   \\
+	}{	.mmi;							   \\
+		(pOutput)	LKEY		T[1] = [T[1]];		   \\
+		(pComputeT)	add		T[0] = SI[2], SJ[1];	   \\
+		(pComputeI)	KEYADDR(IPr[0], I[1]);			   \\
+	} ;;								   \\
+	{	.mmi;							   \\
+		(pComputeT)	SKEY		[IPr[2]] = SJ[1];	   \\
+		(pComputeT)	SKEY		[JP[1]] = SI[2];	   \\
+		(pComputeT)	zxt1		T[0] = T[0];		   \\
+	}{	.mmi;							   \\
+		(pComputeI)	LKEY		SI[0] = [IPr[0]];	   \\
+		(pComputeJ)	KEYADDR(JP[0], J);			   \\
+		(pComputeI)	cmp.eq.unc	pBypass, p0 = I[1], J;	   \\
+	} ;;								   \\
+	{	.mmi;							   \\
+		(pComputeJ)	LKEY		SJ[0] = [JP[0]];	   \\
+		(pOutput)	xor		Data[3] = Data[3], T[1];   \\
+				nop		0x0;			   \\
+	}{	.mmi;							   \\
+		(pComputeT)	KEYADDR(T[0], T[0]);			   \\
+		(pBypass)	mov		SI[0] = SI[1];		   \\
+		(pComputeI)	zxt1		I[0] = IFinal;		   \\
+	} ;;								   \\
+	{	.mmb;							   \\
+		(pOutput)	st1		[OutPtr] = Data[3], 1;	   \\
+		(pComputeI)	add		J = J, SI[0];		   \\
+				br.ctop.sptk.few label;			   \\
+	} ;;
+
+	.text
+
+	.align	32
+
+	.type	RC4, \@function
+	.global	RC4
+
+	.proc	RC4
+	.prologue
+
+RC4:
+	{
+	  	.mmi
+		alloc	r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+
+		.rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
+		      OutWord[2]
+		.rotp pPhase[4]
+
+		ADDP		InPrefetch = 0, InputBuffer
+		ADDP		KTable = 0, StateTable
+	}
+	{
+		.mmi
+		ADDP		InPtr = 0, InputBuffer
+		ADDP		OutPtr = 0, OutputBuffer
+		mov		RetVal = r0
+	}
+	;;
+	{
+		.mmi
+		lfetch.nt1	[InPrefetch], 0x80
+		ADDP		OutPrefetch = 0, OutputBuffer
+	}
+	{               // Return 0 if the input length is nonsensical
+        	.mib
+		ADDP		StateTable = 0, StateTable
+        	cmp.ge.unc  	L_NOK, L_OK = r0, DataLen
+	(L_NOK) br.ret.sptk.few rp
+	}
+	;;
+	{
+        	.mib
+        	cmp.eq.or  	L_NOK, L_OK = r0, InPtr
+        	cmp.eq.or  	L_NOK, L_OK = r0, OutPtr
+		nop		0x0
+	}
+	{
+		.mib
+        	cmp.eq.or  	L_NOK, L_OK = r0, StateTable
+		nop		0x0
+	(L_NOK) br.ret.sptk.few rp
+	}
+	;;
+		LKEY		I[1] = [KTable], SZ
+/* Prefetch the state-table. It contains 256 elements of size SZ */
+
+#if SZ == 1
+		ADDP		tmp0 = 1*128, StateTable
+#elif SZ == 2
+		ADDP		tmp0 = 3*128, StateTable
+		ADDP		tmp1 = 2*128, StateTable
+#elif SZ == 4
+		ADDP		tmp0 = 7*128, StateTable
+		ADDP		tmp1 = 6*128, StateTable
+#elif SZ == 8
+		ADDP		tmp0 = 15*128, StateTable
+		ADDP		tmp1 = 14*128, StateTable
+#endif
+		;;
+#if SZ >= 8
+		lfetch.fault.nt1		[tmp0], -256	// 15
+		lfetch.fault.nt1		[tmp1], -256;;
+		lfetch.fault.nt1		[tmp0], -256	// 13
+		lfetch.fault.nt1		[tmp1], -256;;
+		lfetch.fault.nt1		[tmp0], -256	// 11
+		lfetch.fault.nt1		[tmp1], -256;;
+		lfetch.fault.nt1		[tmp0], -256	//  9
+		lfetch.fault.nt1		[tmp1], -256;;
+#endif
+#if SZ >= 4
+		lfetch.fault.nt1		[tmp0], -256	//  7
+		lfetch.fault.nt1		[tmp1], -256;;
+		lfetch.fault.nt1		[tmp0], -256	//  5
+		lfetch.fault.nt1		[tmp1], -256;;
+#endif
+#if SZ >= 2
+		lfetch.fault.nt1		[tmp0], -256	//  3
+		lfetch.fault.nt1		[tmp1], -256;;
+#endif
+	{
+		.mii
+		lfetch.fault.nt1		[tmp0]		//  1
+		add		I[1]=1,I[1];;
+		zxt1		I[1]=I[1]
+	}
+	{
+		.mmi
+		lfetch.nt1	[InPrefetch], 0x80
+		lfetch.excl.nt1	[OutPrefetch], 0x80
+		.save		pr, PRSave
+		mov		PRSave = pr
+	} ;;
+	{
+		.mmi
+		lfetch.excl.nt1	[OutPrefetch], 0x80
+		LKEY		J = [KTable], SZ
+		ADDP		EndPtr = DataLen, InPtr
+	}  ;;
+	{
+		.mmi
+		ADDP		EndPtr = -1, EndPtr	// Make it point to
+							// last data byte.
+		mov		One = 1
+		.save		ar.lc, LCSave
+		mov		LCSave = ar.lc
+		.body
+	} ;;
+	{
+		.mmb
+		sub		Remainder = 0, OutPtr
+		cmp.gtu		pSmall, p0 = $threshold, DataLen
+(pSmall)	br.cond.dpnt	.rc4Remainder		// Data too small for
+							// big loop.
+	} ;;
+	{
+		.mmi
+		and		Remainder = 0x7, Remainder
+		;;
+		cmp.eq		pAligned, pUnaligned = Remainder, r0
+		nop		0x0
+	} ;;
+	{
+		.mmb
+.pred.rel	"mutex",pUnaligned,pAligned
+(pUnaligned)	add		Remainder = -1, Remainder
+(pAligned)	sub		Remainder = EndPtr, InPtr
+(pAligned)	br.cond.dptk.many .rc4Aligned
+	} ;;
+	{
+		.mmi
+		nop		0x0
+		nop		0x0
+		mov.i		ar.lc = Remainder
+	}
+
+/* Do the initial few bytes via the compact, modulo-scheduled loop
+   until the output pointer is 8-byte-aligned.  */
+
+		MODSCHED_RC4_PROLOGUE
+		MODSCHED_RC4_LOOP(.RC4AlignLoop)
+
+	{
+		.mib
+		sub		Remainder = EndPtr, InPtr
+		zxt1		IFinal = IFinal
+		clrrrb				// Clear CFM.rrb.pr so
+		;;				// next "mov pr.rot = N"
+						// does the right thing.
+	}
+	{
+		.mmi
+		mov		I[1] = IFinal
+		nop		0x0
+		nop		0x0
+	} ;;
+
+
+.rc4Aligned:
+
+/*
+   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
+ */
+
+	{
+		.mlx
+		add	LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
+		movl		Remainder = 0xaaaaaaaaaaaaaaab
+	} ;;
+	{
+		.mmi
+		setf.sig	f6 = LoopCount		// M2, M3	6 cyc
+		setf.sig	f7 = Remainder		// M2, M3	6 cyc
+		nop		0x0
+	} ;;
+	{
+		.mfb
+		nop		0x0
+		xmpy.hu		f6 = f6, f7
+		nop		0x0
+	} ;;
+	{
+		.mmi
+		getf.sig	LoopCount = f6;;	// M2		5 cyc
+		nop		0x0
+		shr.u		LoopCount = LoopCount, 4
+	} ;;
+	{
+		.mmi
+		nop		0x0
+		nop		0x0
+		mov.i		ar.lc = LoopCount
+	} ;;
+
+/* Now comes the unrolled loop: */
+
+.rc4Prologue:
+___
+
+$iteration = 0;
+
+# Generate the prologue:
+$predicates = 1;
+for ($i = 0; $i < $phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+    $predicates = ($predicates << 1) | 1;
+}
+
+$code.=<<___;
+.rc4Loop:
+___
+
+# Generate the body:
+for ($i = 0; $i < $unroll_count*$phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+
+$code.=<<___;
+.rc4Epilogue:
+___
+
+# Generate the epilogue:
+for ($i = 0; $i < $phases; ++$i) {
+    $predicates <<= 1;
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+
+$code.=<<___;
+	{
+		.mmi
+		lfetch.nt1	[EndPtr]	// fetch line with last byte
+		mov		IFinal = I[1]
+		nop		0x0
+	}
+
+.rc4Remainder:
+	{
+		.mmi
+		sub		Remainder = EndPtr, InPtr	// Calculate
+								// # of bytes
+								// left - 1
+		nop		0x0
+		nop		0x0
+	} ;;
+	{
+		.mib
+		cmp.eq		pDone, p0 = -1, Remainder // done already?
+		mov.i		ar.lc = Remainder
+(pDone)		br.cond.dptk.few .rc4Complete
+	}
+
+/* Do the remaining bytes via the compact, modulo-scheduled loop */
+
+		MODSCHED_RC4_PROLOGUE
+		MODSCHED_RC4_LOOP(.RC4RestLoop)
+
+.rc4Complete:
+	{
+		.mmi
+		add		KTable = -SZ, KTable
+		add		IFinal = -1, IFinal
+		mov		ar.lc = LCSave
+	} ;;
+	{
+		.mii
+		SKEY		[KTable] = J,-SZ
+		zxt1		IFinal = IFinal
+		mov		pr = PRSave, 0x1FFFF
+	} ;;
+	{
+		.mib
+		SKEY		[KTable] = IFinal
+		add		RetVal = 1, r0
+		br.ret.sptk.few	rp
+	} ;;
+___
+
+# Last but not least, emit the code for the bypass-code of the unrolled loop:
+
+$code.=$bypass;
+
+$code.=<<___;
+	.endp RC4
+___
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-md5-x86_64.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-md5-x86_64.pl
new file mode 100644
index 0000000..890161b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -0,0 +1,645 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# June 2011
+#
+# This is RC4+MD5 "stitch" implementation. The idea, as spelled in
+# http://download.intel.com/design/intarch/papers/323686.pdf, is that
+# since both algorithms exhibit instruction-level parallelism, ILP,
+# below theoretical maximum, interleaving them would allow to utilize
+# processor resources better and achieve better performance. RC4
+# instruction sequence is virtually identical to rc4-x86_64.pl, which
+# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin
+# and Jim Guilford of Intel. MD5 is fresh implementation aiming to
+# minimize register usage, which was used as "main thread" with RC4
+# weaved into it, one RC4 round per one MD5 round. In addition to the
+# stiched subroutine the script can generate standalone replacement
+# md5_block_asm_data_order and RC4. Below are performance numbers in
+# cycles per processed byte, less is better, for these the standalone
+# subroutines, sum of them, and stitched one:
+#
+#		RC4	MD5	RC4+MD5	stitch	gain
+# Opteron	6.5(*)	5.4	11.9	7.0	+70%(*)
+# Core2		6.5	5.8	12.3	7.7	+60%
+# Westmere	4.3	5.2	9.5	7.0	+36%
+# Sandy Bridge	4.2	5.5	9.7	6.8	+43%
+# Ivy Bridge	4.1	5.2	9.3	6.0	+54%
+# Haswell	4.0	5.0	9.0	5.7	+60%
+# Skylake	6.3(**)	5.0	11.3	5.3	+110%
+# Atom		9.3	6.5	15.8	11.1	+42%
+# VIA Nano	6.3	5.4	11.7	8.6	+37%
+# Bulldozer	4.5	5.4	9.9	7.7	+29%
+#
+# (*)	rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement
+#	is +53%...
+# (**)	unidentified anomaly;
+
+my ($rc4,$md5)=(1,1);	# what to generate?
+my $D="#" if (!$md5);	# if set to "#", MD5 is stitched into RC4(),
+			# but its result is discarded. Idea here is
+			# to be able to use 'openssl speed rc4' for
+			# benchmarking the stitched subroutine... 
+
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
+
+if ($rc4 && !$md5) {
+  ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx");
+  $func="RC4";				$nargs=4;
+} elsif ($md5 && !$rc4) {
+  ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx");
+  $func="md5_block_asm_data_order";	$nargs=3;
+} else {
+  ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
+  $func="rc4_md5_enc";			$nargs=6;
+  # void rc4_md5_enc(
+  #		RC4_KEY *key,		#
+  #		const void *in0,	# RC4 input
+  #		void *out,		# RC4 output
+  #		MD5_CTX *ctx,		#
+  #		const void *inp,	# MD5 input
+  #		size_t len);		# number of 64-byte blocks
+}
+
+my @K=(	0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
+	0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
+	0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
+	0x6b901122,0xfd987193,0xa679438e,0x49b40821,
+
+	0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
+	0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
+	0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
+	0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
+
+	0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
+	0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
+	0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
+	0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
+
+	0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
+	0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
+	0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
+	0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391	);
+
+my @V=("%r8d","%r9d","%r10d","%r11d");	# MD5 registers
+my $tmp="%r12d";
+
+my @XX=("%rbp","%rsi");			# RC4 registers
+my @TX=("%rax","%rbx");
+my $YY="%rcx";
+my $TY="%rdx";
+
+my $MOD=32;				# 16, 32 or 64
+
+$code.=<<___;
+.text
+.align 16
+
+.globl	$func
+.type	$func,\@function,$nargs
+$func:
+	cmp	\$0,$len
+	je	.Labort
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	sub	\$40,%rsp
+.Lbody:
+___
+if ($rc4) {
+$code.=<<___;
+$D#md5#	mov	$ctx,%r11		# reassign arguments
+	mov	$len,%r12
+	mov	$in0,%r13
+	mov	$out,%r14
+$D#md5#	mov	$inp,%r15
+___
+    $ctx="%r11"	if ($md5);		# reassign arguments
+    $len="%r12";
+    $in0="%r13";
+    $out="%r14";
+    $inp="%r15"	if ($md5);
+    $inp=$in0	if (!$md5);
+$code.=<<___;
+	xor	$XX[0],$XX[0]
+	xor	$YY,$YY
+
+	lea	8($dat),$dat
+	mov	-8($dat),$XX[0]#b
+	mov	-4($dat),$YY#b
+
+	inc	$XX[0]#b
+	sub	$in0,$out
+	movl	($dat,$XX[0],4),$TX[0]#d
+___
+$code.=<<___ if (!$md5);
+	xor	$TX[1],$TX[1]
+	test	\$-128,$len
+	jz	.Loop1
+	sub	$XX[0],$TX[1]
+	and	\$`$MOD-1`,$TX[1]
+	jz	.Loop${MOD}_is_hot
+	sub	$TX[1],$len
+.Loop${MOD}_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($in0),$TY#b
+	movb	$TY#b,($out,$in0)
+	lea	1($in0),$in0
+	dec	$TX[1]
+	jnz	.Loop${MOD}_warmup
+
+	mov	$YY,$TX[1]
+	xor	$YY,$YY
+	mov	$TX[1]#b,$YY#b
+
+.Loop${MOD}_is_hot:
+	mov	$len,32(%rsp)		# save original $len
+	shr	\$6,$len		# number of 64-byte blocks
+___
+  if ($D && !$md5) {			# stitch in dummy MD5
+    $md5=1;
+    $ctx="%r11";
+    $inp="%r15";
+    $code.=<<___;
+	mov	%rsp,$ctx
+	mov	$in0,$inp
+___
+  }
+}
+$code.=<<___;
+#rc4#	add	$TX[0]#b,$YY#b
+#rc4#	lea	($dat,$XX[0],4),$XX[1]
+	shl	\$6,$len
+	add	$inp,$len		# pointer to the end of input
+	mov	$len,16(%rsp)
+
+#md5#	mov	$ctx,24(%rsp)		# save pointer to MD5_CTX
+#md5#	mov	0*4($ctx),$V[0]		# load current hash value from MD5_CTX
+#md5#	mov	1*4($ctx),$V[1]
+#md5#	mov	2*4($ctx),$V[2]
+#md5#	mov	3*4($ctx),$V[3]
+	jmp	.Loop
+
+.align	16
+.Loop:
+#md5#	mov	$V[0],0*4(%rsp)		# put aside current hash value
+#md5#	mov	$V[1],1*4(%rsp)
+#md5#	mov	$V[2],2*4(%rsp)
+#md5#	mov	$V[3],$tmp		# forward reference
+#md5#	mov	$V[3],3*4(%rsp)
+___
+
+sub R0 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot0=(7,12,17,22);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	($in0),%xmm2\n"		if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	and	$b,$tmp
+#md5#	add	4*`$j`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#md5#	xor	$d,$tmp
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot0[$j%4],$a
+#md5#	mov	`$j==15?"$b":"$c"`,$tmp		# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+___
+}
+sub R1 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot1=(5,9,14,20);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	16($in0),%xmm3\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$b,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	and	$d,$tmp
+#md5#	add	4*`((1+5*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#md5#	xor	$c,$tmp
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot1[$j%4],$a
+#md5#	mov	`$j==15?"$c":"$b"`,$tmp		# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+___
+}
+sub R2 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot2=(4,11,16,23);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	32($in0),%xmm4\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	xor	$b,$tmp
+#md5#	add	4*`((5+3*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#md5#	add	$tmp,$a
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot2[$j%4],$a
+#md5#	mov	`$j==15?"\\\$-1":"$c"`,$tmp	# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm4
+	pxor	%xmm1,%xmm4
+___
+}
+sub R3 {
+  my ($i,$a,$b,$c,$d)=@_;
+  my @rot3=(6,10,15,21);
+  my $j=$i%16;
+  my $k=$i%$MOD;
+  my $xmm="%xmm".($j&1);
+    $code.="	movdqu	48($in0),%xmm5\n"	if ($rc4 && $j==15);
+    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
+    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
+    $code.=<<___;
+#rc4#	movl	($dat,$YY,4),$TY#d
+#md5#	xor	$d,$tmp
+#rc4#	movl	$TX[0]#d,($dat,$YY,4)
+#md5#	or	$b,$tmp
+#md5#	add	4*`((7*$j)%16)`($inp),$a
+#rc4#	add	$TY#b,$TX[0]#b
+#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
+#md5#	add	\$$K[$i],$a
+#rc4#	movz	$TX[0]#b,$TX[0]#d
+#md5#	xor	$c,$tmp
+#rc4#	movl	$TY#d,4*$k($XX[1])
+#md5#	add	$tmp,$a
+#rc4#	add	$TX[1]#b,$YY#b
+#md5#	rol	\$$rot3[$j%4],$a
+#md5#	mov	\$-1,$tmp			# forward reference
+#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
+#md5#	add	$b,$a
+___
+    $code.=<<___ if ($rc4 && $j==15);
+	mov	$XX[0],$XX[1]
+	xor	$XX[0],$XX[0]			# keyword to partial register
+	mov	$XX[1]#b,$XX[0]#b
+	mov	$YY,$XX[1]
+	xor	$YY,$YY				# keyword to partial register
+	mov	$XX[1]#b,$YY#b
+	lea	($dat,$XX[0],4),$XX[1]
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm5
+	pxor	%xmm1,%xmm5
+___
+}
+
+my $i=0;
+for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
+
+$code.=<<___;
+#md5#	add	0*4(%rsp),$V[0]		# accumulate hash value
+#md5#	add	1*4(%rsp),$V[1]
+#md5#	add	2*4(%rsp),$V[2]
+#md5#	add	3*4(%rsp),$V[3]
+
+#rc4#	movdqu	%xmm2,($out,$in0)	# write RC4 output
+#rc4#	movdqu	%xmm3,16($out,$in0)
+#rc4#	movdqu	%xmm4,32($out,$in0)
+#rc4#	movdqu	%xmm5,48($out,$in0)
+#md5#	lea	64($inp),$inp
+#rc4#	lea	64($in0),$in0
+	cmp	16(%rsp),$inp		# are we done?
+	jb	.Loop
+
+#md5#	mov	24(%rsp),$len		# restore pointer to MD5_CTX
+#rc4#	sub	$TX[0]#b,$YY#b		# correct $YY
+#md5#	mov	$V[0],0*4($len)		# write MD5_CTX
+#md5#	mov	$V[1],1*4($len)
+#md5#	mov	$V[2],2*4($len)
+#md5#	mov	$V[3],3*4($len)
+___
+$code.=<<___ if ($rc4 && (!$md5 || $D));
+	mov	32(%rsp),$len		# restore original $len
+	and	\$63,$len		# remaining bytes
+	jnz	.Loop1
+	jmp	.Ldone
+	
+.align	16
+.Loop1:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($in0),$TY#b
+	movb	$TY#b,($out,$in0)
+	lea	1($in0),$in0
+	dec	$len
+	jnz	.Loop1
+
+.Ldone:
+___
+$code.=<<___;
+#rc4#	sub	\$1,$XX[0]#b
+#rc4#	movl	$XX[0]#d,-8($dat)
+#rc4#	movl	$YY#d,-4($dat)
+
+	mov	40(%rsp),%r15
+	mov	48(%rsp),%r14
+	mov	56(%rsp),%r13
+	mov	64(%rsp),%r12
+	mov	72(%rsp),%rbp
+	mov	80(%rsp),%rbx
+	lea	88(%rsp),%rsp
+.Lepilogue:
+.Labort:
+	ret
+.size $func,.-$func
+___
+
+if ($rc4 && $D) {	# sole purpose of this section is to provide
+			# option to use the generated module as drop-in
+			# replacement for rc4-x86_64.pl for debugging
+			# and testing purposes...
+my ($idx,$ido)=("%r8","%r9");
+my ($dat,$len,$inp)=("%rdi","%rsi","%rdx");
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function,3
+.align	16
+RC4_set_key:
+	lea	8($dat),$dat
+	lea	($inp,$len),$inp
+	neg	$len
+	mov	$len,%rcx
+	xor	%eax,%eax
+	xor	$ido,$ido
+	xor	%r10,%r10
+	xor	%r11,%r11
+	jmp	.Lw1stloop
+
+.align	16
+.Lw1stloop:
+	mov	%eax,($dat,%rax,4)
+	add	\$1,%al
+	jnc	.Lw1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lw2ndloop:
+	mov	($dat,$ido,4),%r10d
+	add	($inp,$len,1),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx,4),%r11d
+	cmovz	%rcx,$len
+	mov	%r10d,($dat,$idx,4)
+	mov	%r11d,($dat,$ido,4)
+	add	\$1,$ido#b
+	jnc	.Lw2ndloop
+
+	xor	%eax,%eax
+	mov	%eax,-8($dat)
+	mov	%eax,-4($dat)
+	ret
+.size	RC4_set_key,.-RC4_set_key
+
+.globl	RC4_options
+.type	RC4_options,\@abi-omnipotent
+.align	16
+RC4_options:
+	lea	.Lopts(%rip),%rax
+	ret
+.align	64
+.Lopts:
+.asciz	"rc4(64x,int)"
+.align	64
+.size	RC4_options,.-RC4_options
+___
+}
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lbody(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	40(%rax),%r15
+	mov	48(%rax),%r14
+	mov	56(%rax),%r13
+	mov	64(%rax),%r12
+	mov	72(%rax),%rbp
+	mov	80(%rax),%rbx
+	lea	88(%rax),%rax
+
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R12
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+sub reg_part {
+my ($reg,$conv)=@_;
+    if ($reg =~ /%r[0-9]+/)     { $reg .= $conv; }
+    elsif ($conv eq "b")        { $reg =~ s/%[er]([^x]+)x?/%$1l/;       }
+    elsif ($conv eq "w")        { $reg =~ s/%[er](.+)/%$1/;             }
+    elsif ($conv eq "d")        { $reg =~ s/%[er](.+)/%e$1/;            }
+    return $reg;
+}
+
+$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/pinsrw\s+\$0,/movd	/gm;
+
+$code =~ s/#md5#//gm	if ($md5);
+$code =~ s/#rc4#//gm	if ($rc4);
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-parisc.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-parisc.pl
new file mode 100644
index 0000000..006b6b0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-parisc.pl
@@ -0,0 +1,321 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# RC4 for PA-RISC.
+
+# June 2009.
+#
+# Performance is 33% better than gcc 3.2 generated code on PA-7100LC.
+# For reference, [4x] unrolled loop is >40% faster than folded one.
+# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement
+# is believed to be not sufficient to justify the effort...
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=4*$SIZE_T+$FRAME_MARKER;	# 4 saved regs + frame marker
+				#                [+ argument transfer]
+$SZ=1;				# defaults to RC4_CHAR
+if (open CONF,"<${dir}../../opensslconf.h") {
+    while(<CONF>) {
+	if (m/#\s*define\s+RC4_INT\s+(.*)/) {
+	    $SZ = ($1=~/char$/) ? 1 : 4;
+	    last;
+	}
+    }
+    close CONF;
+}
+
+if ($SZ==1) {	# RC4_CHAR
+    $LD="ldb";
+    $LDX="ldbx";
+    $MKX="addl";
+    $ST="stb";
+} else {	# RC4_INT (~5% faster than RC4_CHAR on PA-7100LC)
+    $LD="ldw";
+    $LDX="ldwx,s";
+    $MKX="sh2addl";
+    $ST="stw";
+}
+
+$key="%r26";
+$len="%r25";
+$inp="%r24";
+$out="%r23";
+
+@XX=("%r19","%r20");
+@TX=("%r21","%r22");
+$YY="%r28";
+$TY="%r29";
+
+$acc="%r1";
+$ix="%r2";
+$iy="%r3";
+$dat0="%r4";
+$dat1="%r5";
+$rem="%r6";
+$mask="%r31";
+
+sub unrolledloopbody {
+for ($i=0;$i<4;$i++) {
+$code.=<<___;
+	ldo	1($XX[0]),$XX[1]
+	`sprintf("$LDX	%$TY(%$key),%$dat1") if ($i>0)`	
+	and	$mask,$XX[1],$XX[1]
+	$LDX	$YY($key),$TY
+	$MKX	$YY,$key,$ix
+	$LDX	$XX[1]($key),$TX[1]
+	$MKX	$XX[0],$key,$iy
+	$ST	$TX[0],0($ix)
+	comclr,<> $XX[1],$YY,%r0	; conditional
+	copy	$TX[0],$TX[1]		; move
+	`sprintf("%sdep	%$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)`
+	$ST	$TY,0($iy)
+	addl	$TX[0],$TY,$TY
+	addl	$TX[1],$YY,$YY
+	and	$mask,$TY,$TY
+	and	$mask,$YY,$YY
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+} }
+
+sub foldedloop {
+my ($label,$count)=@_;
+$code.=<<___;
+$label
+	$MKX	$YY,$key,$iy
+	$LDX	$YY($key),$TY
+	$MKX	$XX[0],$key,$ix
+	$ST	$TX[0],0($iy)
+	ldo	1($XX[0]),$XX[0]
+	$ST	$TY,0($ix)
+	addl	$TX[0],$TY,$TY
+	ldbx	$inp($out),$dat1
+	and	$mask,$TY,$TY
+	and	$mask,$XX[0],$XX[0]
+	$LDX	$TY($key),$acc
+	$LDX	$XX[0]($key),$TX[0]
+	ldo	1($out),$out
+	xor	$dat1,$acc,$acc
+	addl	$TX[0],$YY,$YY
+	stb	$acc,-1($out)
+	addib,<> -1,$count,$label	; $count is always small
+	and	$mask,$YY,$YY
+___
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+RC4
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+
+	cmpib,*= 0,$len,L\$abort
+	sub	$inp,$out,$inp		; distance between $inp and $out
+
+	$LD	`0*$SZ`($key),$XX[0]
+	$LD	`1*$SZ`($key),$YY
+	ldo	`2*$SZ`($key),$key
+
+	ldi	0xff,$mask
+	ldi	3,$dat0		
+
+	ldo	1($XX[0]),$XX[0]	; warm up loop
+	and	$mask,$XX[0],$XX[0]
+	$LDX	$XX[0]($key),$TX[0]
+	addl	$TX[0],$YY,$YY
+	cmpib,*>>= 6,$len,L\$oop1	; is $len large enough to bother?
+	and	$mask,$YY,$YY
+
+	and,<>	$out,$dat0,$rem		; is $out aligned?
+	b	L\$alignedout
+	subi	4,$rem,$rem
+	sub	$len,$rem,$len
+___
+&foldedloop("L\$alignout",$rem);	# process till $out is aligned
+
+$code.=<<___;
+L\$alignedout				; $len is at least 4 here
+	and,<>	$inp,$dat0,$acc		; is $inp aligned?
+	b	L\$oop4
+	sub	$inp,$acc,$rem		; align $inp
+
+	sh3addl	$acc,%r0,$acc
+	subi	32,$acc,$acc
+	mtctl	$acc,%cr11		; load %sar with vshd align factor
+	ldwx	$rem($out),$dat0
+	ldo	4($rem),$rem
+L\$oop4misalignedinp
+___
+&unrolledloopbody();
+$code.=<<___;
+	$LDX	$TY($key),$ix
+	ldwx	$rem($out),$dat1
+	ldo	-4($len),$len
+	or	$ix,$acc,$acc		; last piece, no need to dep
+	vshd	$dat0,$dat1,$iy		; align data
+	copy	$dat1,$dat0
+	xor	$iy,$acc,$acc
+	stw	$acc,0($out)
+	cmpib,*<< 3,$len,L\$oop4misalignedinp
+	ldo	4($out),$out
+	cmpib,*= 0,$len,L\$done
+	nop
+	b	L\$oop1
+	nop
+
+	.ALIGN	8
+L\$oop4
+___
+&unrolledloopbody();
+$code.=<<___;
+	$LDX	$TY($key),$ix
+	ldwx	$inp($out),$dat0
+	ldo	-4($len),$len
+	or	$ix,$acc,$acc		; last piece, no need to dep
+	xor	$dat0,$acc,$acc
+	stw	$acc,0($out)
+	cmpib,*<< 3,$len,L\$oop4
+	ldo	4($out),$out
+	cmpib,*= 0,$len,L\$done
+	nop
+___
+&foldedloop("L\$oop1",$len);
+$code.=<<___;
+L\$done
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2
+	ldo	-1($XX[0]),$XX[0]	; chill out loop
+	sub	$YY,$TX[0],$YY
+	and	$mask,$XX[0],$XX[0]
+	and	$mask,$YY,$YY
+	$ST	$XX[0],`-2*$SZ`($key)
+	$ST	$YY,`-1*$SZ`($key)
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+L\$abort
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+___
+
+$code.=<<___;
+
+	.EXPORT	RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	8
+RC4_set_key
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	$ST	%r0,`0*$SZ`($key)
+	$ST	%r0,`1*$SZ`($key)
+	ldo	`2*$SZ`($key),$key
+	copy	%r0,@XX[0]
+L\$1st
+	$ST	@XX[0],0($key)
+	ldo	1(@XX[0]),@XX[0]
+	bb,>=	@XX[0],`31-8`,L\$1st	; @XX[0]<256
+	ldo	$SZ($key),$key
+
+	ldo	`-256*$SZ`($key),$key	; rewind $key
+	addl	$len,$inp,$inp		; $inp to point at the end
+	sub	%r0,$len,%r23		; inverse index
+	copy	%r0,@XX[0]
+	copy	%r0,@XX[1]
+	ldi	0xff,$mask
+
+L\$2nd
+	$LDX	@XX[0]($key),@TX[0]
+	ldbx	%r23($inp),@TX[1]
+	addi,nuv 1,%r23,%r23		; increment and conditional
+	sub	%r0,$len,%r23		; inverse index
+	addl	@TX[0],@XX[1],@XX[1]
+	addl	@TX[1],@XX[1],@XX[1]
+	and	$mask,@XX[1],@XX[1]
+	$MKX	@XX[0],$key,$TY
+	$LDX	@XX[1]($key),@TX[1]
+	$MKX	@XX[1],$key,$YY
+	ldo	1(@XX[0]),@XX[0]
+	$ST	@TX[0],0($YY)
+	bb,>=	@XX[0],`31-8`,L\$2nd	; @XX[0]<256
+	$ST	@TX[1],0($TY)
+
+	bv,n	(%r2)
+	.EXIT
+	nop
+	.PROCEND
+
+	.EXPORT	RC4_options,ENTRY
+	.ALIGN	8
+RC4_options
+	.PROC
+	.CALLINFO	NO_CALLS
+	.ENTRY
+	blr	%r0,%r28
+	ldi	3,%r1
+L\$pic
+	andcm	%r28,%r1,%r28
+	bv	(%r2)
+	.EXIT
+	ldo	L\$opts-L\$pic(%r28),%r28
+	.PROCEND
+	.ALIGN	8
+L\$opts
+	.STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)"
+	.STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-s390x.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-s390x.pl
new file mode 100644
index 0000000..5589503
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-s390x.pl
@@ -0,0 +1,241 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2009
+#
+# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to
+# "cluster" Address Generation Interlocks, so that one pipeline stall
+# resolves several dependencies.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 50% better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$rp="%r14";
+$sp="%r15";
+$code=<<___;
+.text
+
+___
+
+# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out)
+{
+$acc="%r0";
+$cnt="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$out="%r5";
+
+@XX=("%r6","%r7");
+@TX=("%r8","%r9");
+$YY="%r10";
+$TY="%r11";
+
+$code.=<<___;
+.globl	RC4
+.type	RC4,\@function
+.align	64
+RC4:
+	stm${g}	%r6,%r11,6*$SIZE_T($sp)
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+	llgfr	$len,$len
+___
+$code.=<<___;
+	llgc	$XX[0],0($key)
+	llgc	$YY,1($key)
+	la	$XX[0],1($XX[0])
+	nill	$XX[0],0xff
+	srlg	$cnt,$len,3
+	ltgr	$cnt,$cnt
+	llgc	$TX[0],2($XX[0],$key)
+	jz	.Lshort
+	j	.Loop8
+
+.align	64
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___;
+	la	$YY,0($YY,$TX[0])	# $i
+	nill	$YY,255
+	la	$XX[1],1($XX[0])
+	nill	$XX[1],255
+___
+$code.=<<___ if ($i==1);
+	llgc	$acc,2($TY,$key)
+___
+$code.=<<___ if ($i>1);
+	sllg	$acc,$acc,8
+	ic	$acc,2($TY,$key)
+___
+$code.=<<___;
+	llgc	$TY,2($YY,$key)
+	stc	$TX[0],2($YY,$key)
+	llgc	$TX[1],2($XX[1],$key)
+	stc	$TY,2($XX[0],$key)
+	cr	$XX[1],$YY
+	jne	.Lcmov$i
+	la	$TX[1],0($TX[0])
+.Lcmov$i:
+	la	$TY,0($TY,$TX[0])
+	nill	$TY,255
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
+}
+
+$code.=<<___;
+	lg	$TX[1],0($inp)
+	sllg	$acc,$acc,8
+	la	$inp,8($inp)
+	ic	$acc,2($TY,$key)
+	xgr	$acc,$TX[1]
+	stg	$acc,0($out)
+	la	$out,8($out)
+	brctg	$cnt,.Loop8
+
+.Lshort:
+	lghi	$acc,7
+	ngr	$len,$acc
+	jz	.Lexit
+	j	.Loop1
+
+.align	16
+.Loop1:
+	la	$YY,0($YY,$TX[0])
+	nill	$YY,255
+	llgc	$TY,2($YY,$key)
+	stc	$TX[0],2($YY,$key)
+	stc	$TY,2($XX[0],$key)
+	ar	$TY,$TX[0]
+	ahi	$XX[0],1
+	nill	$TY,255
+	nill	$XX[0],255
+	llgc	$acc,0($inp)
+	la	$inp,1($inp)
+	llgc	$TY,2($TY,$key)
+	llgc	$TX[0],2($XX[0],$key)
+	xr	$acc,$TY
+	stc	$acc,0($out)
+	la	$out,1($out)
+	brct	$len,.Loop1
+
+.Lexit:
+	ahi	$XX[0],-1
+	stc	$XX[0],0($key)
+	stc	$YY,1($key)
+	lm${g}	%r6,%r11,6*$SIZE_T($sp)
+	br	$rp
+.size	RC4,.-RC4
+.string	"RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+
+___
+}
+
+# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp)
+{
+$cnt="%r0";
+$idx="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$acc="%r5";
+$dat="%r6";
+$ikey="%r7";
+$iinp="%r8";
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function
+.align	64
+RC4_set_key:
+	stm${g}	%r6,%r8,6*$SIZE_T($sp)
+	lhi	$cnt,256
+	la	$idx,0(%r0)
+	sth	$idx,0($key)
+.align	4
+.L1stloop:
+	stc	$idx,2($idx,$key)
+	la	$idx,1($idx)
+	brct	$cnt,.L1stloop
+
+	lghi	$ikey,-256
+	lr	$cnt,$len
+	la	$iinp,0(%r0)
+	la	$idx,0(%r0)
+.align	16
+.L2ndloop:
+	llgc	$acc,2+256($ikey,$key)
+	llgc	$dat,0($iinp,$inp)
+	la	$idx,0($idx,$acc)
+	la	$ikey,1($ikey)
+	la	$idx,0($idx,$dat)
+	nill	$idx,255
+	la	$iinp,1($iinp)
+	tml	$ikey,255
+	llgc	$dat,2($idx,$key)
+	stc	$dat,2+256-1($ikey,$key)
+	stc	$acc,2($idx,$key)
+	jz	.Ldone
+	brct	$cnt,.L2ndloop
+	lr	$cnt,$len
+	la	$iinp,0(%r0)
+	j	.L2ndloop
+.Ldone:
+	lm${g}	%r6,%r8,6*$SIZE_T($sp)
+	br	$rp
+.size	RC4_set_key,.-RC4_set_key
+
+___
+}
+
+# const char *RC4_options()
+$code.=<<___;
+.globl	RC4_options
+.type	RC4_options,\@function
+.align	16
+RC4_options:
+	larl	%r2,.Loptions
+	br	%r14
+.size	RC4_options,.-RC4_options
+.section	.rodata
+.Loptions:
+.align	8
+.string	"rc4(8x,char)"
+___
+
+print $code;
+close STDOUT;	# force flush
diff --git a/openssl-1.1.0h/crypto/rc4/asm/rc4-x86_64.pl b/openssl-1.1.0h/crypto/rc4/asm/rc4-x86_64.pl
new file mode 100755
index 0000000..aaed2b1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/asm/rc4-x86_64.pl
@@ -0,0 +1,687 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# July 2004
+#
+# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
+# "hand-coded assembler"] doesn't stand for the whole improvement
+# coefficient. It turned out that eliminating RC4_CHAR from config
+# line results in ~40% improvement (yes, even for C implementation).
+# Presumably it has everything to do with AMD cache architecture and
+# RAW or whatever penalties. Once again! The module *requires* config
+# line *without* RC4_CHAR! As for coding "secret," I bet on partial
+# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
+# I simply 'inc %r8b'. Even though optimization manual discourages
+# to operate on partial registers, it turned out to be the best bet.
+# At least for AMD... How IA32E would perform remains to be seen...
+
+# November 2004
+#
+# As was shown by Marc Bevand reordering of couple of load operations
+# results in even higher performance gain of 3.3x:-) At least on
+# Opteron... For reference, 1x in this case is RC4_CHAR C-code
+# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
+# Latter means that if you want to *estimate* what to expect from
+# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz.
+
+# November 2004
+#
+# Intel P4 EM64T core was found to run the AMD64 code really slow...
+# The only way to achieve comparable performance on P4 was to keep
+# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
+# compose blended code, which would perform even within 30% marginal
+# on either AMD and Intel platforms, I implement both cases. See
+# rc4_skey.c for further details...
+
+# April 2005
+#
+# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing 
+# those with add/sub results in 50% performance improvement of folded
+# loop...
+
+# May 2005
+#
+# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
+# performance by >30% [unlike P4 32-bit case that is]. But this is
+# provided that loads are reordered even more aggressively! Both code
+# paths, AMD64 and EM64T, reorder loads in essentially same manner
+# as my IA-64 implementation. On Opteron this resulted in modest 5%
+# improvement [I had to test it], while final Intel P4 performance
+# achieves respectful 432MBps on 2.8GHz processor now. For reference.
+# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than
+# RC4_INT code-path. While if executed on Opteron, it's only 25%
+# slower than the RC4_INT one [meaning that if CPU µ-arch detection
+# is not implemented, then this final RC4_CHAR code-path should be
+# preferred, as it provides better *all-round* performance].
+
+# March 2007
+#
+# Intel Core2 was observed to perform poorly on both code paths:-( It
+# apparently suffers from some kind of partial register stall, which
+# occurs in 64-bit mode only [as virtually identical 32-bit loop was
+# observed to outperform 64-bit one by almost 50%]. Adding two movzb to
+# cloop1 boosts its performance by 80%! This loop appears to be optimal
+# fit for Core2 and therefore the code was modified to skip cloop8 on
+# this CPU.
+
+# May 2010
+#
+# Intel Westmere was observed to perform suboptimally. Adding yet
+# another movzb to cloop1 improved performance by almost 50%! Core2
+# performance is improved too, but nominally...
+
+# May 2011
+#
+# The only code path that was not modified is P4-specific one. Non-P4
+# Intel code path optimization is heavily based on submission by Maxim
+# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used
+# some of the ideas even in attempt to optmize the original RC4_INT
+# code path... Current performance in cycles per processed byte (less
+# is better) and improvement coefficients relative to previous
+# version of this module are:
+#
+# Opteron	5.3/+0%(*)
+# P4		6.5
+# Core2		6.2/+15%(**)
+# Westmere	4.2/+60%
+# Sandy Bridge	4.2/+120%
+# Atom		9.3/+80%
+# VIA Nano	6.4/+4%
+# Ivy Bridge	4.1/+30%
+# Bulldozer	4.5/+30%(*)
+#
+# (*)	But corresponding loop has less instructions, which should have
+#	positive effect on upcoming Bulldozer, which has one less ALU.
+#	For reference, Intel code runs at 6.8 cpb rate on Opteron.
+# (**)	Note that Core2 result is ~15% lower than corresponding result
+#	for 32-bit code, meaning that it's possible to improve it,
+#	but more than likely at the cost of the others (see rc4-586.pl
+#	to get the idea)...
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$dat="%rdi";	    # arg1
+$len="%rsi";	    # arg2
+$inp="%rdx";	    # arg3
+$out="%rcx";	    # arg4
+
+{
+$code=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	RC4
+.type	RC4,\@function,4
+.align	16
+RC4:	or	$len,$len
+	jne	.Lentry
+	ret
+.Lentry:
+	push	%rbx
+	push	%r12
+	push	%r13
+.Lprologue:
+	mov	$len,%r11
+	mov	$inp,%r12
+	mov	$out,%r13
+___
+my $len="%r11";		# reassign input arguments
+my $inp="%r12";
+my $out="%r13";
+
+my @XX=("%r10","%rsi");
+my @TX=("%rax","%rbx");
+my $YY="%rcx";
+my $TY="%rdx";
+
+$code.=<<___;
+	xor	$XX[0],$XX[0]
+	xor	$YY,$YY
+
+	lea	8($dat),$dat
+	mov	-8($dat),$XX[0]#b
+	mov	-4($dat),$YY#b
+	cmpl	\$-1,256($dat)
+	je	.LRC4_CHAR
+	mov	OPENSSL_ia32cap_P(%rip),%r8d
+	xor	$TX[1],$TX[1]
+	inc	$XX[0]#b
+	sub	$XX[0],$TX[1]
+	sub	$inp,$out
+	movl	($dat,$XX[0],4),$TX[0]#d
+	test	\$-16,$len
+	jz	.Lloop1
+	bt	\$30,%r8d	# Intel CPU?
+	jc	.Lintel
+	and	\$7,$TX[1]
+	lea	1($XX[0]),$XX[1]
+	jz	.Loop8
+	sub	$TX[1],$len
+.Loop8_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$TX[1]
+	jnz	.Loop8_warmup
+
+	lea	1($XX[0]),$XX[1]
+	jmp	.Loop8
+.align	16
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___ if ($i==7);
+	add	\$8,$XX[1]#b
+___
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	`4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d
+	ror	\$8,%r8				# ror is redundant when $i=0
+	movl	$TY#d,4*$i($dat,$XX[0],4)
+	add	$TX[0]#b,$TY#b
+	movb	($dat,$TY,4),%r8b
+___
+push(@TX,shift(@TX)); #push(@XX,shift(@XX));	# "rotate" registers
+}
+$code.=<<___;
+	add	\$8,$XX[0]#b
+	ror	\$8,%r8
+	sub	\$8,$len
+
+	xor	($inp),%r8
+	mov	%r8,($out,$inp)
+	lea	8($inp),$inp
+
+	test	\$-8,$len
+	jnz	.Loop8
+	cmp	\$0,$len
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lintel:
+	test	\$-32,$len
+	jz	.Lloop1
+	and	\$15,$TX[1]
+	jz	.Loop16_is_hot
+	sub	$TX[1],$len
+.Loop16_warmup:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$TX[1]
+	jnz	.Loop16_warmup
+
+	mov	$YY,$TX[1]
+	xor	$YY,$YY
+	mov	$TX[1]#b,$YY#b
+
+.Loop16_is_hot:
+	lea	($dat,$XX[0],4),$XX[1]
+___
+sub RC4_loop {
+  my $i=shift;
+  my $j=$i<0?0:$i;
+  my $xmm="%xmm".($j&1);
+
+    $code.="	add	\$16,$XX[0]#b\n"		if ($i==15);
+    $code.="	movdqu	($inp),%xmm2\n"			if ($i==15);
+    $code.="	add	$TX[0]#b,$YY#b\n"		if ($i<=0);
+    $code.="	movl	($dat,$YY,4),$TY#d\n";
+    $code.="	pxor	%xmm0,%xmm2\n"			if ($i==0);
+    $code.="	psllq	\$8,%xmm1\n"			if ($i==0);
+    $code.="	pxor	$xmm,$xmm\n"			if ($i<=1);
+    $code.="	movl	$TX[0]#d,($dat,$YY,4)\n";
+    $code.="	add	$TY#b,$TX[0]#b\n";
+    $code.="	movl	`4*($j+1)`($XX[1]),$TX[1]#d\n"	if ($i<15);
+    $code.="	movz	$TX[0]#b,$TX[0]#d\n";
+    $code.="	movl	$TY#d,4*$j($XX[1])\n";
+    $code.="	pxor	%xmm1,%xmm2\n"			if ($i==0);
+    $code.="	lea	($dat,$XX[0],4),$XX[1]\n"	if ($i==15);
+    $code.="	add	$TX[1]#b,$YY#b\n"		if ($i<15);
+    $code.="	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n";
+    $code.="	movdqu	%xmm2,($out,$inp)\n"		if ($i==0);
+    $code.="	lea	16($inp),$inp\n"		if ($i==0);
+    $code.="	movl	($XX[1]),$TX[1]#d\n"		if ($i==15);
+}
+	RC4_loop(-1);
+$code.=<<___;
+	jmp	.Loop16_enter
+.align	16
+.Loop16:
+___
+
+for ($i=0;$i<16;$i++) {
+    $code.=".Loop16_enter:\n"		if ($i==1);
+	RC4_loop($i);
+	push(@TX,shift(@TX)); 		# "rotate" registers
+}
+$code.=<<___;
+	mov	$YY,$TX[1]
+	xor	$YY,$YY			# keyword to partial register
+	sub	\$16,$len
+	mov	$TX[1]#b,$YY#b
+	test	\$-16,$len
+	jnz	.Loop16
+
+	psllq	\$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,($out,$inp)
+	lea	16($inp),$inp
+
+	cmp	\$0,$len
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lloop1:
+	add	$TX[0]#b,$YY#b
+	movl	($dat,$YY,4),$TY#d
+	movl	$TX[0]#d,($dat,$YY,4)
+	movl	$TY#d,($dat,$XX[0],4)
+	add	$TY#b,$TX[0]#b
+	inc	$XX[0]#b
+	movl	($dat,$TX[0],4),$TY#d
+	movl	($dat,$XX[0],4),$TX[0]#d
+	xorb	($inp),$TY#b
+	movb	$TY#b,($out,$inp)
+	lea	1($inp),$inp
+	dec	$len
+	jnz	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.LRC4_CHAR:
+	add	\$1,$XX[0]#b
+	movzb	($dat,$XX[0]),$TX[0]#d
+	test	\$-8,$len
+	jz	.Lcloop1
+	jmp	.Lcloop8
+.align	16
+.Lcloop8:
+	mov	($inp),%r8d
+	mov	4($inp),%r9d
+___
+# unroll 2x4-wise, because 64-bit rotates kill Intel P4...
+for ($i=0;$i<4;$i++) {
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	lea	1($XX[0]),$XX[1]
+	movzb	($dat,$YY),$TY#d
+	movzb	$XX[1]#b,$XX[1]#d
+	movzb	($dat,$XX[1]),$TX[1]#d
+	movb	$TX[0]#b,($dat,$YY)
+	cmp	$XX[1],$YY
+	movb	$TY#b,($dat,$XX[0])
+	jne	.Lcmov$i			# Intel cmov is sloooow...
+	mov	$TX[0],$TX[1]
+.Lcmov$i:
+	add	$TX[0]#b,$TY#b
+	xor	($dat,$TY),%r8b
+	ror	\$8,%r8d
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+}
+for ($i=4;$i<8;$i++) {
+$code.=<<___;
+	add	$TX[0]#b,$YY#b
+	lea	1($XX[0]),$XX[1]
+	movzb	($dat,$YY),$TY#d
+	movzb	$XX[1]#b,$XX[1]#d
+	movzb	($dat,$XX[1]),$TX[1]#d
+	movb	$TX[0]#b,($dat,$YY)
+	cmp	$XX[1],$YY
+	movb	$TY#b,($dat,$XX[0])
+	jne	.Lcmov$i			# Intel cmov is sloooow...
+	mov	$TX[0],$TX[1]
+.Lcmov$i:
+	add	$TX[0]#b,$TY#b
+	xor	($dat,$TY),%r9b
+	ror	\$8,%r9d
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
+}
+$code.=<<___;
+	lea	-8($len),$len
+	mov	%r8d,($out)
+	lea	8($inp),$inp
+	mov	%r9d,4($out)
+	lea	8($out),$out
+
+	test	\$-8,$len
+	jnz	.Lcloop8
+	cmp	\$0,$len
+	jne	.Lcloop1
+	jmp	.Lexit
+___
+$code.=<<___;
+.align	16
+.Lcloop1:
+	add	$TX[0]#b,$YY#b
+	movzb	$YY#b,$YY#d
+	movzb	($dat,$YY),$TY#d
+	movb	$TX[0]#b,($dat,$YY)
+	movb	$TY#b,($dat,$XX[0])
+	add	$TX[0]#b,$TY#b
+	add	\$1,$XX[0]#b
+	movzb	$TY#b,$TY#d
+	movzb	$XX[0]#b,$XX[0]#d
+	movzb	($dat,$TY),$TY#d
+	movzb	($dat,$XX[0]),$TX[0]#d
+	xorb	($inp),$TY#b
+	lea	1($inp),$inp
+	movb	$TY#b,($out)
+	lea	1($out),$out
+	sub	\$1,$len
+	jnz	.Lcloop1
+	jmp	.Lexit
+
+.align	16
+.Lexit:
+	sub	\$1,$XX[0]#b
+	movl	$XX[0]#d,-8($dat)
+	movl	$YY#d,-4($dat)
+
+	mov	(%rsp),%r13
+	mov	8(%rsp),%r12
+	mov	16(%rsp),%rbx
+	add	\$24,%rsp
+.Lepilogue:
+	ret
+.size	RC4,.-RC4
+___
+}
+
+$idx="%r8";
+$ido="%r9";
+
+$code.=<<___;
+.globl	RC4_set_key
+.type	RC4_set_key,\@function,3
+.align	16
+RC4_set_key:
+	lea	8($dat),$dat
+	lea	($inp,$len),$inp
+	neg	$len
+	mov	$len,%rcx
+	xor	%eax,%eax
+	xor	$ido,$ido
+	xor	%r10,%r10
+	xor	%r11,%r11
+
+	mov	OPENSSL_ia32cap_P(%rip),$idx#d
+	bt	\$20,$idx#d	# RC4_CHAR?
+	jc	.Lc1stloop
+	jmp	.Lw1stloop
+
+.align	16
+.Lw1stloop:
+	mov	%eax,($dat,%rax,4)
+	add	\$1,%al
+	jnc	.Lw1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lw2ndloop:
+	mov	($dat,$ido,4),%r10d
+	add	($inp,$len,1),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx,4),%r11d
+	cmovz	%rcx,$len
+	mov	%r10d,($dat,$idx,4)
+	mov	%r11d,($dat,$ido,4)
+	add	\$1,$ido#b
+	jnc	.Lw2ndloop
+	jmp	.Lexit_key
+
+.align	16
+.Lc1stloop:
+	mov	%al,($dat,%rax)
+	add	\$1,%al
+	jnc	.Lc1stloop
+
+	xor	$ido,$ido
+	xor	$idx,$idx
+.align	16
+.Lc2ndloop:
+	mov	($dat,$ido),%r10b
+	add	($inp,$len),$idx#b
+	add	%r10b,$idx#b
+	add	\$1,$len
+	mov	($dat,$idx),%r11b
+	jnz	.Lcnowrap
+	mov	%rcx,$len
+.Lcnowrap:
+	mov	%r10b,($dat,$idx)
+	mov	%r11b,($dat,$ido)
+	add	\$1,$ido#b
+	jnc	.Lc2ndloop
+	movl	\$-1,256($dat)
+
+.align	16
+.Lexit_key:
+	xor	%eax,%eax
+	mov	%eax,-8($dat)
+	mov	%eax,-4($dat)
+	ret
+.size	RC4_set_key,.-RC4_set_key
+
+.globl	RC4_options
+.type	RC4_options,\@abi-omnipotent
+.align	16
+RC4_options:
+	lea	.Lopts(%rip),%rax
+	mov	OPENSSL_ia32cap_P(%rip),%edx
+	bt	\$20,%edx
+	jc	.L8xchar
+	bt	\$30,%edx
+	jnc	.Ldone
+	add	\$25,%rax
+	ret
+.L8xchar:
+	add	\$12,%rax
+.Ldone:
+	ret
+.align	64
+.Lopts:
+.asciz	"rc4(8x,int)"
+.asciz	"rc4(8x,char)"
+.asciz	"rc4(16x,int)"
+.asciz	"RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+.size	RC4_options,.-RC4_options
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	stream_se_handler,\@abi-omnipotent
+.align	16
+stream_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	lea	24(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%r12
+	mov	-24(%rax),%r13
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	jmp	.Lcommon_seh_exit
+.size	stream_se_handler,.-stream_se_handler
+
+.type	key_se_handler,\@abi-omnipotent
+.align	16
+key_se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	152($context),%rax	# pull context->Rsp
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+.Lcommon_seh_exit:
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	key_se_handler,.-key_se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_RC4
+	.rva	.LSEH_end_RC4
+	.rva	.LSEH_info_RC4
+
+	.rva	.LSEH_begin_RC4_set_key
+	.rva	.LSEH_end_RC4_set_key
+	.rva	.LSEH_info_RC4_set_key
+
+.section	.xdata
+.align	8
+.LSEH_info_RC4:
+	.byte	9,0,0,0
+	.rva	stream_se_handler
+.LSEH_info_RC4_set_key:
+	.byte	9,0,0,0
+	.rva	key_se_handler
+___
+}
+
+sub reg_part {
+my ($reg,$conv)=@_;
+    if ($reg =~ /%r[0-9]+/)	{ $reg .= $conv; }
+    elsif ($conv eq "b")	{ $reg =~ s/%[er]([^x]+)x?/%$1l/;	}
+    elsif ($conv eq "w")	{ $reg =~ s/%[er](.+)/%$1/;		}
+    elsif ($conv eq "d")	{ $reg =~ s/%[er](.+)/%e$1/;		}
+    return $reg;
+}
+
+$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/rc4/build.info b/openssl-1.1.0h/crypto/rc4/build.info
new file mode 100644
index 0000000..8659526
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/build.info
@@ -0,0 +1,33 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        {- $target{rc4_asm_src} -}
+
+GENERATE[rc4-586.s]=asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[rc4-586.s]=../perlasm/x86asm.pl
+
+GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME)
+
+BEGINRAW[makefile(windows)]
+{- $builddir -}\rc4-ia64.asm: {- $sourcedir -}\asm\rc4-ia64.pl
+	$(PERL) {- $sourcedir -}\asm\rc4-ia64.pl $@.S
+	$(CC) -DSZ=4 -EP $@.S > $@.i && move /Y $@.i $@
+	del /Q $@.S
+ENDRAW[makefile(windows)]
+
+BEGINRAW[Makefile]
+{- $builddir -}/rc4-ia64.s: {- $sourcedir -}/asm/rc4-ia64.pl
+	@(trap "rm $@.*" INT 0; \
+	  $(PERL) {- $sourcedir -}/asm/rc4-ia64.pl $(CFLAGS) $(LIB_CFLAGS) $@.S; \
+	  case `awk '/^#define RC4_INT/{print$$NF}' $(BLDDIR)/include/openssl/opensslconf.h` in \
+	  int)	set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=4 -E $@.S > $@.i && mv -f $@.i $@;; \
+	  char)	set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=1 -E $@.S > $@.i && mv -f $@.i $@;; \
+	  *)	exit 1 ;; \
+	  esac )
+
+# GNU make "catch all"
+{- $builddir -}/rc4-%.s:	{- $sourcedir -}/asm/rc4-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile]
diff --git a/openssl-1.1.0h/crypto/rc4/rc4_enc.c b/openssl-1.1.0h/crypto/rc4/rc4_enc.c
new file mode 100644
index 0000000..be11bad
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/rc4_enc.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata)
+{
+    register RC4_INT *d;
+    register RC4_INT x, y, tx, ty;
+    size_t i;
+
+    x = key->x;
+    y = key->y;
+    d = key->data;
+
+#define LOOP(in,out) \
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
+
+    i = len >> 3;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            LOOP(indata[1], outdata[1]);
+            LOOP(indata[2], outdata[2]);
+            LOOP(indata[3], outdata[3]);
+            LOOP(indata[4], outdata[4]);
+            LOOP(indata[5], outdata[5]);
+            LOOP(indata[6], outdata[6]);
+            LOOP(indata[7], outdata[7]);
+            indata += 8;
+            outdata += 8;
+            if (--i == 0)
+                break;
+        }
+    }
+    i = len & 0x07;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            if (--i == 0)
+                break;
+            LOOP(indata[1], outdata[1]);
+            if (--i == 0)
+                break;
+            LOOP(indata[2], outdata[2]);
+            if (--i == 0)
+                break;
+            LOOP(indata[3], outdata[3]);
+            if (--i == 0)
+                break;
+            LOOP(indata[4], outdata[4]);
+            if (--i == 0)
+                break;
+            LOOP(indata[5], outdata[5]);
+            if (--i == 0)
+                break;
+            LOOP(indata[6], outdata[6]);
+            if (--i == 0)
+                break;
+        }
+    }
+    key->x = x;
+    key->y = y;
+}
diff --git a/openssl-1.1.0h/crypto/rc4/rc4_locl.h b/openssl-1.1.0h/crypto/rc4/rc4_locl.h
new file mode 100644
index 0000000..4380add
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/rc4_locl.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_LOCL_H
+# define HEADER_RC4_LOCL_H
+
+# include <openssl/opensslconf.h>
+# include "internal/cryptlib.h"
+
+#endif
diff --git a/openssl-1.1.0h/crypto/rc4/rc4_skey.c b/openssl-1.1.0h/crypto/rc4/rc4_skey.c
new file mode 100644
index 0000000..16f81a4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc4/rc4_skey.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *RC4_options(void)
+{
+    if (sizeof(RC4_INT) == 1)
+        return ("rc4(char)");
+    else
+        return ("rc4(int)");
+}
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+{
+    register RC4_INT tmp;
+    register int id1, id2;
+    register RC4_INT *d;
+    unsigned int i;
+
+    d = &(key->data[0]);
+    key->x = 0;
+    key->y = 0;
+    id1 = id2 = 0;
+
+#define SK_LOOP(d,n) { \
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
+
+    for (i = 0; i < 256; i++)
+        d[i] = i;
+    for (i = 0; i < 256; i += 4) {
+        SK_LOOP(d, i + 0);
+        SK_LOOP(d, i + 1);
+        SK_LOOP(d, i + 2);
+        SK_LOOP(d, i + 3);
+    }
+}
diff --git a/openssl-1.1.0h/crypto/rc5/asm/rc5-586.pl b/openssl-1.1.0h/crypto/rc5/asm/rc5-586.pl
new file mode 100644
index 0000000..e3e1c64
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/asm/rc5-586.pl
@@ -0,0 +1,122 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"rc5-586.pl");
+
+$RC5_MAX_ROUNDS=16;
+$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4;
+$A="edi";
+$B="esi";
+$S="ebp";
+$tmp1="eax";
+$r="ebx";
+$tmpc="ecx";
+$tmp4="edx";
+
+&RC5_32_encrypt("RC5_32_encrypt",1);
+&RC5_32_encrypt("RC5_32_decrypt",0);
+&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
+&asm_finish();
+
+close STDOUT;
+
+sub RC5_32_encrypt
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+
+	&comment("");
+
+	&push("ebp");
+	 &push("esi");
+	&push("edi");
+	 &mov($tmp4,&wparam(0));
+	&mov($S,&wparam(1));
+
+	&comment("Load the 2 words");
+	 &mov($A,&DWP(0,$tmp4,"",0));
+	&mov($B,&DWP(4,$tmp4,"",0));
+
+	&push($r);
+	 &mov($r,	&DWP(0,$S,"",0));
+
+	# encrypting part
+
+	if ($enc)
+		{
+		 &add($A,	&DWP(4+0,$S,"",0));
+		&add($B,	&DWP(4+4,$S,"",0));
+
+		for ($i=0; $i<$RC5_MAX_ROUNDS; $i++)
+			{
+			 &xor($A,	$B);
+			&mov($tmp1,	&DWP(12+$i*8,$S,"",0));
+			 &mov($tmpc,	$B);
+			&rotl($A,	&LB("ecx"));
+			&add($A,	$tmp1);
+
+			 &xor($B,	$A);
+			&mov($tmp1,	&DWP(16+$i*8,$S,"",0));
+			 &mov($tmpc,	$A);
+			&rotl($B,	&LB("ecx"));
+			&add($B,	$tmp1);
+			if (($i == 7) || ($i == 11))
+				{
+			 &cmp($r,	$i+1);
+			&je(&label("rc5_exit"));
+				}
+			}
+		}
+	else
+		{
+		 &cmp($r,	12);
+		&je(&label("rc5_dec_12"));
+		 &cmp($r,	8);
+		&je(&label("rc5_dec_8"));
+		for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--)
+			{
+			&set_label("rc5_dec_$i") if ($i == 12) || ($i == 8);
+			 &mov($tmp1,	&DWP($i*8+8,$S,"",0));
+			&sub($B,	$tmp1);
+			 &mov($tmpc,	$A);
+			&rotr($B,	&LB("ecx"));
+			&xor($B,	$A);
+
+			 &mov($tmp1,	&DWP($i*8+4,$S,"",0));
+			&sub($A,	$tmp1);
+			 &mov($tmpc,	$B);
+			&rotr($A,	&LB("ecx"));
+			&xor($A,	$B);
+			}
+		 &sub($B,	&DWP(4+4,$S,"",0));
+		&sub($A,	&DWP(4+0,$S,"",0));
+		}
+
+	&set_label("rc5_exit");
+	 &mov(&DWP(0,$tmp4,"",0),$A);
+	&mov(&DWP(4,$tmp4,"",0),$B);
+
+	 &pop("ebx");
+	&pop("edi");
+	 &pop("esi");
+	&pop("ebp");
+	 &ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/openssl-1.1.0h/crypto/rc5/build.info b/openssl-1.1.0h/crypto/rc5/build.info
new file mode 100644
index 0000000..baf8a0e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rc5_skey.c rc5_ecb.c {- $target{rc5_asm_src} -} rc5cfb64.c rc5ofb64.c
+
+GENERATE[rc5-586.s]=asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/openssl-1.1.0h/crypto/rc5/rc5_ecb.c b/openssl-1.1.0h/crypto/rc5/rc5_ecb.c
new file mode 100644
index 0000000..c32f38e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5_ecb.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *ks, int encrypt)
+{
+    unsigned long l, d[2];
+
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC5_32_encrypt(d, ks);
+    else
+        RC5_32_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/openssl-1.1.0h/crypto/rc5/rc5_enc.c b/openssl-1.1.0h/crypto/rc5/rc5_enc.c
new file mode 100644
index 0000000..58631de
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5_enc.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC5_32_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC5_32_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC5_32_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC5_32_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+{
+    RC5_32_INT a, b, *s;
+
+    s = key->data;
+
+    a = d[0] + s[0];
+    b = d[1] + s[1];
+    E_RC5_32(a, b, s, 2);
+    E_RC5_32(a, b, s, 4);
+    E_RC5_32(a, b, s, 6);
+    E_RC5_32(a, b, s, 8);
+    E_RC5_32(a, b, s, 10);
+    E_RC5_32(a, b, s, 12);
+    E_RC5_32(a, b, s, 14);
+    E_RC5_32(a, b, s, 16);
+    if (key->rounds == 12) {
+        E_RC5_32(a, b, s, 18);
+        E_RC5_32(a, b, s, 20);
+        E_RC5_32(a, b, s, 22);
+        E_RC5_32(a, b, s, 24);
+    } else if (key->rounds == 16) {
+        /* Do a full expansion to avoid a jump */
+        E_RC5_32(a, b, s, 18);
+        E_RC5_32(a, b, s, 20);
+        E_RC5_32(a, b, s, 22);
+        E_RC5_32(a, b, s, 24);
+        E_RC5_32(a, b, s, 26);
+        E_RC5_32(a, b, s, 28);
+        E_RC5_32(a, b, s, 30);
+        E_RC5_32(a, b, s, 32);
+    }
+    d[0] = a;
+    d[1] = b;
+}
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+{
+    RC5_32_INT a, b, *s;
+
+    s = key->data;
+
+    a = d[0];
+    b = d[1];
+    if (key->rounds == 16) {
+        D_RC5_32(a, b, s, 32);
+        D_RC5_32(a, b, s, 30);
+        D_RC5_32(a, b, s, 28);
+        D_RC5_32(a, b, s, 26);
+        /* Do a full expansion to avoid a jump */
+        D_RC5_32(a, b, s, 24);
+        D_RC5_32(a, b, s, 22);
+        D_RC5_32(a, b, s, 20);
+        D_RC5_32(a, b, s, 18);
+    } else if (key->rounds == 12) {
+        D_RC5_32(a, b, s, 24);
+        D_RC5_32(a, b, s, 22);
+        D_RC5_32(a, b, s, 20);
+        D_RC5_32(a, b, s, 18);
+    }
+    D_RC5_32(a, b, s, 16);
+    D_RC5_32(a, b, s, 14);
+    D_RC5_32(a, b, s, 12);
+    D_RC5_32(a, b, s, 10);
+    D_RC5_32(a, b, s, 8);
+    D_RC5_32(a, b, s, 6);
+    D_RC5_32(a, b, s, 4);
+    D_RC5_32(a, b, s, 2);
+    d[0] = a - s[0];
+    d[1] = b - s[1];
+}
diff --git a/openssl-1.1.0h/crypto/rc5/rc5_locl.h b/openssl-1.1.0h/crypto/rc5/rc5_locl.h
new file mode 100644
index 0000000..41130fe
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5_locl.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER))
+# define ROTATE_l32(a,n)     _lrotl(a,n)
+# define ROTATE_r32(a,n)     _lrotr(a,n)
+#elif defined(__ICC)
+# define ROTATE_l32(a,n)     _rotl(a,n)
+# define ROTATE_r32(a,n)     _rotr(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE_l32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("roll %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+#  define ROTATE_r32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("rorl %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+# endif
+#endif
+#ifndef ROTATE_l32
+# define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f)))
+#endif
+#ifndef ROTATE_r32
+# define ROTATE_r32(a,n)     (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+
+#define RC5_32_MASK     0xffffffffL
+
+#define RC5_16_P        0xB7E1
+#define RC5_16_Q        0x9E37
+#define RC5_32_P        0xB7E15163L
+#define RC5_32_Q        0x9E3779B9L
+#define RC5_64_P        0xB7E151628AED2A6BLL
+#define RC5_64_Q        0x9E3779B97F4A7C15LL
+
+#define E_RC5_32(a,b,s,n) \
+        a^=b; \
+        a=ROTATE_l32(a,b); \
+        a+=s[n]; \
+        a&=RC5_32_MASK; \
+        b^=a; \
+        b=ROTATE_l32(b,a); \
+        b+=s[n+1]; \
+        b&=RC5_32_MASK;
+
+#define D_RC5_32(a,b,s,n) \
+        b-=s[n+1]; \
+        b&=RC5_32_MASK; \
+        b=ROTATE_r32(b,a); \
+        b^=a; \
+        a-=s[n]; \
+        a&=RC5_32_MASK; \
+        a=ROTATE_r32(a,b); \
+        a^=b;
diff --git a/openssl-1.1.0h/crypto/rc5/rc5_skey.c b/openssl-1.1.0h/crypto/rc5/rc5_skey.c
new file mode 100644
index 0000000..943a784
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5_skey.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds)
+{
+    RC5_32_INT L[64], l, ll, A, B, *S, k;
+    int i, j, m, c, t, ii, jj;
+
+    if ((rounds != RC5_16_ROUNDS) &&
+        (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS))
+        rounds = RC5_16_ROUNDS;
+
+    key->rounds = rounds;
+    S = &(key->data[0]);
+    j = 0;
+    for (i = 0; i <= (len - 8); i += 8) {
+        c2l(data, l);
+        L[j++] = l;
+        c2l(data, l);
+        L[j++] = l;
+    }
+    ii = len - i;
+    if (ii) {
+        k = len & 0x07;
+        c2ln(data, l, ll, k);
+        L[j + 0] = l;
+        L[j + 1] = ll;
+    }
+
+    c = (len + 3) / 4;
+    t = (rounds + 1) * 2;
+    S[0] = RC5_32_P;
+    for (i = 1; i < t; i++)
+        S[i] = (S[i - 1] + RC5_32_Q) & RC5_32_MASK;
+
+    j = (t > c) ? t : c;
+    j *= 3;
+    ii = jj = 0;
+    A = B = 0;
+    for (i = 0; i < j; i++) {
+        k = (S[ii] + A + B) & RC5_32_MASK;
+        A = S[ii] = ROTATE_l32(k, 3);
+        m = (int)(A + B);
+        k = (L[jj] + A + B) & RC5_32_MASK;
+        B = L[jj] = ROTATE_l32(k, m);
+        if (++ii >= t)
+            ii = 0;
+        if (++jj >= c)
+            jj = 0;
+    }
+}
diff --git a/openssl-1.1.0h/crypto/rc5/rc5cfb64.c b/openssl-1.1.0h/crypto/rc5/rc5cfb64.c
new file mode 100644
index 0000000..9a8aa6b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC5_32_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC5_32_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/rc5/rc5ofb64.c b/openssl-1.1.0h/crypto/rc5/rc5ofb64.c
new file mode 100644
index 0000000..3a41d77
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rc5/rc5ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC5_32_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/openssl-1.1.0h/crypto/ripemd/asm/rmd-586.pl b/openssl-1.1.0h/crypto/ripemd/asm/rmd-586.pl
new file mode 100644
index 0000000..544c496
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/asm/rmd-586.pl
@@ -0,0 +1,603 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Normal is the
+# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0);
+
+$A="ecx";
+$B="esi";
+$C="edi";
+$D="ebx";
+$E="ebp";
+$tmp1="eax";
+$tmp2="edx";
+
+$KL1=0x5A827999;
+$KL2=0x6ED9EBA1;
+$KL3=0x8F1BBCDC;
+$KL4=0xA953FD4E;
+$KR0=0x50A28BE6;
+$KR1=0x5C4DD124; 
+$KR2=0x6D703EF3;
+$KR3=0x7A6D76E9;
+
+
+@wl=(	 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
+	 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
+	 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
+	 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
+	 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
+	 );
+
+@wr=(	 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
+	 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
+	15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
+	 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
+	12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
+	);
+
+@sl=(	11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
+	 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
+	11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
+	11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
+	 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
+	 );
+
+@sr=(	 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
+	 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
+	 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
+	15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
+	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
+ 	);
+
+&ripemd160_block("ripemd160_block_asm_data_order");
+&asm_finish();
+
+close STDOUT;
+
+sub Xv
+	{
+	local($n)=@_;
+	return(&swtmp($n));
+	# tmp on stack
+	}
+
+sub Np
+	{
+	local($p)=@_;
+	local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
+	return($n{$p});
+	}
+
+sub RIP1
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 #&mov($tmp1,	$c) if $o == -1;
+	&xor($tmp1,	$d) if $o == -1;
+	 &mov($tmp2,	&Xv($pos));
+	&xor($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&rotl($c,	10);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c));	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &xor($tmp1,	$d);
+	&mov($tmp2,	&Xv($pos));
+	 &xor($tmp1,	$b);
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($c)) if $o <= 0;
+	 &mov($tmp1,	-1) if $o == 1;
+	 # XXX if $o == 2;
+	&rotl($c,	10);
+	&add($a,	$tmp2);
+	 &xor($tmp1,	&Np($d)) if $o <= 0;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 1;
+	 &mov($tmp2,	&wparam(0)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP2
+	{
+	local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
+
+# XXXXXX
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	&Xv($pos)) if $o < -1;
+#	&mov($tmp1,	-1) if $o < -1;
+
+	 &add($a,	$tmp2);
+	&mov($tmp2,	$c);
+	 &sub($tmp1,	$b);
+	&and($tmp2,	$b);
+	 &and($tmp1,	$d);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &mov($tmp2,	-1) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 # XXX
+	 &add($a,	$tmp1);
+	&mov($tmp1,	$c);
+	 &sub($tmp2,	$b);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$d);
+	if ($o != 2)
+		{
+	&or($tmp1,	$tmp2);
+	 &mov($tmp2,	&Xv($pos2)) if $o <= 0;
+	 &mov($tmp2,	-1) if $o == 1;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &mov($tmp1,	-1) if $o <= 0;
+	 &sub($tmp2,	&Np($c)) if $o == 1;
+		} else {
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Np($c));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &xor($tmp1,	&Np($d));
+		}
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP3
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o < -1;
+#	&sub($tmp2,	$c) if $o < -1;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$b);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$d);
+	 &mov($tmp1,	-1) if $o <= 0;		# NEXT
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($c)) if $o <= 0;	# NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$b);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$d);
+	 &mov($tmp2,	-1) if $o <= 0;		# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	&Xv($pos2)) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($c)) if $o <= 0;	# NEXT
+	 &mov($tmp1,	&Np($d)) if $o == 1;
+	 &mov($tmp1,	-1) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP4
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+#	 &mov($tmp2,	-1) if $o == -2;
+#	&mov($tmp1,	$d) if $o == -2;
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) unless $o > 0;	# NEXT
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) unless $o > 0; # NEXT
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &sub($tmp2,	$d);
+	&and($tmp1,	$b);
+	 &and($tmp2,	$c);
+	&or($tmp2,	$tmp1);
+	 &mov($tmp1,	&Xv($pos));
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2));
+	 &mov($tmp2,	-1) if $o == 0;	# NEXT
+	 &mov($tmp2,	-1) if $o == 1;
+	 &mov($tmp2,	-1) if $o == 2;
+	 # XXX
+	&add($a,	$tmp1);
+	 &mov($tmp1,	&Np($d)) if $o == 0;	# NEXT
+	 &sub($tmp2,	&Np($d)) if $o == 1;
+	 &sub($tmp2,	&Np($c)) if $o == 2;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub RIP5
+	{
+	local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+	&comment($p++);
+	if ($p & 1)
+		{
+	 &mov($tmp2,	-1) if $o == -2;
+	&sub($tmp2,	$d) if $o == -2;
+	 &mov($tmp1,	&Xv($pos));
+	&or($tmp2,	$c);
+	 &add($a,	$tmp1);
+	&xor($tmp2,	$b);
+	 &mov($tmp1,	-1) if $o <= 0;
+	 # XXX
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp2,1));
+	 &sub($tmp1,	&Np($d)) if $o <= 0;
+	 # XXX
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	else
+		{
+	 &mov($tmp2,	&Xv($pos));
+	&or($tmp1,	$c);
+	 &add($a,	$tmp2);
+	&xor($tmp1,	$b);
+	 &mov($tmp2,	-1) if $o <= 0;
+	 &mov($tmp2,	&wparam(0)) if $o == 1;	# Middle code
+	 &mov($tmp2,	-1) if $o == 2;
+	&rotl($c,	10);
+	&lea($a,	&DWP($K,$a,$tmp1,1));
+	 &sub($tmp2,	&Np($d)) if $o <= 0;
+	 &mov(&swtmp(16),	$A) if $o == 1;
+	 &mov($tmp1,	&Np($d)) if $o == 2;
+	&rotl($a,	$s);
+	&add($a,	$e);
+		}
+	}
+
+sub ripemd160_block
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"",3);
+
+	# parameter 1 is the RIPEMD160_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+	# E 	16
+
+	&mov($tmp2,	&wparam(0));
+	 &mov($tmp1,	&wparam(1));
+	&push("esi");
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&push("edi");
+	 &mov($B,	&DWP( 4,$tmp2,"",0));
+	&push("ebp");
+	 &mov($C,	&DWP( 8,$tmp2,"",0));
+	&push("ebx");
+	 &stack_push(16+5+6);
+			  # Special comment about the figure of 6.
+			  # Idea is to pad the current frame so
+			  # that the top of the stack gets fairly
+			  # aligned. Well, as you realize it would
+			  # always depend on how the frame below is
+			  # aligned. The good news are that gcc-2.95
+			  # and later does keep first argument at
+			  # least double-wise aligned.
+			  #			<appro@fy.chalmers.se>
+
+	&set_label("start") unless $normal;
+	&comment("");
+
+	# &mov($tmp1,	&wparam(1)); # Done at end of loop
+	# &mov($tmp2,	&wparam(0)); # Done at end of loop
+
+	for ($z=0; $z<16; $z+=2)
+		{
+		&mov($D,		&DWP( $z*4,$tmp1,"",0));
+		 &mov($E,		&DWP( ($z+1)*4,$tmp1,"",0));
+		&mov(&swtmp($z),	$D);
+		 &mov(&swtmp($z+1),	$E);
+		}
+	&mov($tmp1,	$C);
+	 &mov($D,	&DWP(12,$tmp2,"",0));
+	&mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
+	&RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
+	&RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
+	&RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
+	&RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
+	&RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
+
+	&RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
+	&RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
+	&RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
+	&RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
+	&RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
+	&RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
+	&RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
+
+	&RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
+	&RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
+	&RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
+	&RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
+	&RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
+	&RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
+	&RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
+
+	&RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
+	&RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
+	&RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
+	&RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
+	&RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
+	&RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
+	&RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
+
+	&RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
+	&RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
+	&RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
+	&RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
+	&RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
+	&RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
+	&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
+
+	# &mov($tmp2,	&wparam(0)); # moved into last RIP5
+	# &mov(&swtmp(16),	$A);
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
+	&mov(&swtmp(16+1),	$B);
+	 &mov(&swtmp(16+2),	$C);
+	&mov($B,	&DWP( 4,$tmp2,"",0));
+	 &mov(&swtmp(16+3),	$D);
+	&mov($C,	&DWP( 8,$tmp2,"",0));
+	 &mov(&swtmp(16+4),	$E);
+	&mov($D,	&DWP(12,$tmp2,"",0));
+	 &mov($E,	&DWP(16,$tmp2,"",0));
+
+	&RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
+	&RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
+	&RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
+	&RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
+	&RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
+	&RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
+
+	&RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
+	&RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
+	&RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
+	&RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
+	&RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
+	&RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
+	&RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
+
+	&RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
+	&RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
+	&RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
+	&RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
+	&RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
+	&RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
+	&RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
+
+	&RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
+	&RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
+	&RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
+	&RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
+	&RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
+	&RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
+	&RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
+
+	&RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
+	&RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
+	&RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
+	&RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
+	&RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
+	&RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
+	&RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
+
+	# &mov($tmp2,	&wparam(0)); # Moved into last round
+
+	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
+ 	&add($D,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+2));		# $c
+	&add($D,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C
+	&add($E,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+3));		# $d
+	&add($E,	$tmp1);
+
+	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D
+	&add($A,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+4));		# $e
+	&add($A,	$tmp1);
+
+
+	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E
+	&add($B,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+0));		# $a
+	&add($B,	$tmp1);
+
+	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A
+	&add($C,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+1));		# $b
+	&add($C,	$tmp1);
+
+	 &mov($tmp1,	&wparam(2));
+
+	&mov(&DWP( 0,$tmp2,"",0),	$D);
+	 &mov(&DWP( 4,$tmp2,"",0),	$E);
+	&mov(&DWP( 8,$tmp2,"",0),	$A);
+	 &sub($tmp1,1);
+	&mov(&DWP(12,$tmp2,"",0),	$B);
+	 &mov(&DWP(16,$tmp2,"",0),	$C);
+
+	&jle(&label("get_out"));
+
+	&mov(&wparam(2),$tmp1);
+	 &mov($C,	$A);
+	&mov($tmp1,	&wparam(1));
+	 &mov($A,	$D);
+	&add($tmp1,	64);
+	 &mov($B,	$E);
+	&mov(&wparam(1),$tmp1);
+
+	&jmp(&label("start"));
+
+	&set_label("get_out");
+
+	&stack_pop(16+5+6);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
diff --git a/openssl-1.1.0h/crypto/ripemd/build.info b/openssl-1.1.0h/crypto/ripemd/build.info
new file mode 100644
index 0000000..c45050c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rmd_dgst.c rmd_one.c {- $target{rmd160_asm_src} -}
+
+GENERATE[rmd-586.s]=asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS)
+DEPEND[rmd-586.s]=../perlasm/x86asm.pl
diff --git a/openssl-1.1.0h/crypto/ripemd/rmd_dgst.c b/openssl-1.1.0h/crypto/ripemd/rmd_dgst.c
new file mode 100644
index 0000000..a1670c7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/rmd_dgst.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "rmd_locl.h"
+#include <openssl/opensslv.h>
+
+#ifdef RMD160_ASM
+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+# define ripemd160_block ripemd160_block_x86
+#else
+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+#endif
+
+int RIPEMD160_Init(RIPEMD160_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = RIPEMD160_A;
+    c->B = RIPEMD160_B;
+    c->C = RIPEMD160_C;
+    c->D = RIPEMD160_D;
+    c->E = RIPEMD160_E;
+    return 1;
+}
+
+#ifndef ripemd160_block_data_order
+# ifdef X
+#  undef X
+# endif
+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E;
+    unsigned MD32_REG_T a, b, c, d, e, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    RIPEMD160_LONG XX[16];
+#  define X(i)   XX[i]
+# endif
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        RIP1(A, B, C, D, E, WL00, SL00);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        RIP1(E, A, B, C, D, WL01, SL01);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        RIP1(D, E, A, B, C, WL02, SL02);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        RIP1(C, D, E, A, B, WL03, SL03);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        RIP1(B, C, D, E, A, WL04, SL04);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        RIP1(A, B, C, D, E, WL05, SL05);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        RIP1(E, A, B, C, D, WL06, SL06);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        RIP1(D, E, A, B, C, WL07, SL07);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        RIP1(C, D, E, A, B, WL08, SL08);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        RIP1(B, C, D, E, A, WL09, SL09);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        RIP1(A, B, C, D, E, WL10, SL10);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        RIP1(E, A, B, C, D, WL11, SL11);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        RIP1(D, E, A, B, C, WL12, SL12);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        RIP1(C, D, E, A, B, WL13, SL13);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        RIP1(B, C, D, E, A, WL14, SL14);
+        RIP1(A, B, C, D, E, WL15, SL15);
+
+        RIP2(E, A, B, C, D, WL16, SL16, KL1);
+        RIP2(D, E, A, B, C, WL17, SL17, KL1);
+        RIP2(C, D, E, A, B, WL18, SL18, KL1);
+        RIP2(B, C, D, E, A, WL19, SL19, KL1);
+        RIP2(A, B, C, D, E, WL20, SL20, KL1);
+        RIP2(E, A, B, C, D, WL21, SL21, KL1);
+        RIP2(D, E, A, B, C, WL22, SL22, KL1);
+        RIP2(C, D, E, A, B, WL23, SL23, KL1);
+        RIP2(B, C, D, E, A, WL24, SL24, KL1);
+        RIP2(A, B, C, D, E, WL25, SL25, KL1);
+        RIP2(E, A, B, C, D, WL26, SL26, KL1);
+        RIP2(D, E, A, B, C, WL27, SL27, KL1);
+        RIP2(C, D, E, A, B, WL28, SL28, KL1);
+        RIP2(B, C, D, E, A, WL29, SL29, KL1);
+        RIP2(A, B, C, D, E, WL30, SL30, KL1);
+        RIP2(E, A, B, C, D, WL31, SL31, KL1);
+
+        RIP3(D, E, A, B, C, WL32, SL32, KL2);
+        RIP3(C, D, E, A, B, WL33, SL33, KL2);
+        RIP3(B, C, D, E, A, WL34, SL34, KL2);
+        RIP3(A, B, C, D, E, WL35, SL35, KL2);
+        RIP3(E, A, B, C, D, WL36, SL36, KL2);
+        RIP3(D, E, A, B, C, WL37, SL37, KL2);
+        RIP3(C, D, E, A, B, WL38, SL38, KL2);
+        RIP3(B, C, D, E, A, WL39, SL39, KL2);
+        RIP3(A, B, C, D, E, WL40, SL40, KL2);
+        RIP3(E, A, B, C, D, WL41, SL41, KL2);
+        RIP3(D, E, A, B, C, WL42, SL42, KL2);
+        RIP3(C, D, E, A, B, WL43, SL43, KL2);
+        RIP3(B, C, D, E, A, WL44, SL44, KL2);
+        RIP3(A, B, C, D, E, WL45, SL45, KL2);
+        RIP3(E, A, B, C, D, WL46, SL46, KL2);
+        RIP3(D, E, A, B, C, WL47, SL47, KL2);
+
+        RIP4(C, D, E, A, B, WL48, SL48, KL3);
+        RIP4(B, C, D, E, A, WL49, SL49, KL3);
+        RIP4(A, B, C, D, E, WL50, SL50, KL3);
+        RIP4(E, A, B, C, D, WL51, SL51, KL3);
+        RIP4(D, E, A, B, C, WL52, SL52, KL3);
+        RIP4(C, D, E, A, B, WL53, SL53, KL3);
+        RIP4(B, C, D, E, A, WL54, SL54, KL3);
+        RIP4(A, B, C, D, E, WL55, SL55, KL3);
+        RIP4(E, A, B, C, D, WL56, SL56, KL3);
+        RIP4(D, E, A, B, C, WL57, SL57, KL3);
+        RIP4(C, D, E, A, B, WL58, SL58, KL3);
+        RIP4(B, C, D, E, A, WL59, SL59, KL3);
+        RIP4(A, B, C, D, E, WL60, SL60, KL3);
+        RIP4(E, A, B, C, D, WL61, SL61, KL3);
+        RIP4(D, E, A, B, C, WL62, SL62, KL3);
+        RIP4(C, D, E, A, B, WL63, SL63, KL3);
+
+        RIP5(B, C, D, E, A, WL64, SL64, KL4);
+        RIP5(A, B, C, D, E, WL65, SL65, KL4);
+        RIP5(E, A, B, C, D, WL66, SL66, KL4);
+        RIP5(D, E, A, B, C, WL67, SL67, KL4);
+        RIP5(C, D, E, A, B, WL68, SL68, KL4);
+        RIP5(B, C, D, E, A, WL69, SL69, KL4);
+        RIP5(A, B, C, D, E, WL70, SL70, KL4);
+        RIP5(E, A, B, C, D, WL71, SL71, KL4);
+        RIP5(D, E, A, B, C, WL72, SL72, KL4);
+        RIP5(C, D, E, A, B, WL73, SL73, KL4);
+        RIP5(B, C, D, E, A, WL74, SL74, KL4);
+        RIP5(A, B, C, D, E, WL75, SL75, KL4);
+        RIP5(E, A, B, C, D, WL76, SL76, KL4);
+        RIP5(D, E, A, B, C, WL77, SL77, KL4);
+        RIP5(C, D, E, A, B, WL78, SL78, KL4);
+        RIP5(B, C, D, E, A, WL79, SL79, KL4);
+
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        e = E;
+        /* Do other half */
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        RIP5(A, B, C, D, E, WR00, SR00, KR0);
+        RIP5(E, A, B, C, D, WR01, SR01, KR0);
+        RIP5(D, E, A, B, C, WR02, SR02, KR0);
+        RIP5(C, D, E, A, B, WR03, SR03, KR0);
+        RIP5(B, C, D, E, A, WR04, SR04, KR0);
+        RIP5(A, B, C, D, E, WR05, SR05, KR0);
+        RIP5(E, A, B, C, D, WR06, SR06, KR0);
+        RIP5(D, E, A, B, C, WR07, SR07, KR0);
+        RIP5(C, D, E, A, B, WR08, SR08, KR0);
+        RIP5(B, C, D, E, A, WR09, SR09, KR0);
+        RIP5(A, B, C, D, E, WR10, SR10, KR0);
+        RIP5(E, A, B, C, D, WR11, SR11, KR0);
+        RIP5(D, E, A, B, C, WR12, SR12, KR0);
+        RIP5(C, D, E, A, B, WR13, SR13, KR0);
+        RIP5(B, C, D, E, A, WR14, SR14, KR0);
+        RIP5(A, B, C, D, E, WR15, SR15, KR0);
+
+        RIP4(E, A, B, C, D, WR16, SR16, KR1);
+        RIP4(D, E, A, B, C, WR17, SR17, KR1);
+        RIP4(C, D, E, A, B, WR18, SR18, KR1);
+        RIP4(B, C, D, E, A, WR19, SR19, KR1);
+        RIP4(A, B, C, D, E, WR20, SR20, KR1);
+        RIP4(E, A, B, C, D, WR21, SR21, KR1);
+        RIP4(D, E, A, B, C, WR22, SR22, KR1);
+        RIP4(C, D, E, A, B, WR23, SR23, KR1);
+        RIP4(B, C, D, E, A, WR24, SR24, KR1);
+        RIP4(A, B, C, D, E, WR25, SR25, KR1);
+        RIP4(E, A, B, C, D, WR26, SR26, KR1);
+        RIP4(D, E, A, B, C, WR27, SR27, KR1);
+        RIP4(C, D, E, A, B, WR28, SR28, KR1);
+        RIP4(B, C, D, E, A, WR29, SR29, KR1);
+        RIP4(A, B, C, D, E, WR30, SR30, KR1);
+        RIP4(E, A, B, C, D, WR31, SR31, KR1);
+
+        RIP3(D, E, A, B, C, WR32, SR32, KR2);
+        RIP3(C, D, E, A, B, WR33, SR33, KR2);
+        RIP3(B, C, D, E, A, WR34, SR34, KR2);
+        RIP3(A, B, C, D, E, WR35, SR35, KR2);
+        RIP3(E, A, B, C, D, WR36, SR36, KR2);
+        RIP3(D, E, A, B, C, WR37, SR37, KR2);
+        RIP3(C, D, E, A, B, WR38, SR38, KR2);
+        RIP3(B, C, D, E, A, WR39, SR39, KR2);
+        RIP3(A, B, C, D, E, WR40, SR40, KR2);
+        RIP3(E, A, B, C, D, WR41, SR41, KR2);
+        RIP3(D, E, A, B, C, WR42, SR42, KR2);
+        RIP3(C, D, E, A, B, WR43, SR43, KR2);
+        RIP3(B, C, D, E, A, WR44, SR44, KR2);
+        RIP3(A, B, C, D, E, WR45, SR45, KR2);
+        RIP3(E, A, B, C, D, WR46, SR46, KR2);
+        RIP3(D, E, A, B, C, WR47, SR47, KR2);
+
+        RIP2(C, D, E, A, B, WR48, SR48, KR3);
+        RIP2(B, C, D, E, A, WR49, SR49, KR3);
+        RIP2(A, B, C, D, E, WR50, SR50, KR3);
+        RIP2(E, A, B, C, D, WR51, SR51, KR3);
+        RIP2(D, E, A, B, C, WR52, SR52, KR3);
+        RIP2(C, D, E, A, B, WR53, SR53, KR3);
+        RIP2(B, C, D, E, A, WR54, SR54, KR3);
+        RIP2(A, B, C, D, E, WR55, SR55, KR3);
+        RIP2(E, A, B, C, D, WR56, SR56, KR3);
+        RIP2(D, E, A, B, C, WR57, SR57, KR3);
+        RIP2(C, D, E, A, B, WR58, SR58, KR3);
+        RIP2(B, C, D, E, A, WR59, SR59, KR3);
+        RIP2(A, B, C, D, E, WR60, SR60, KR3);
+        RIP2(E, A, B, C, D, WR61, SR61, KR3);
+        RIP2(D, E, A, B, C, WR62, SR62, KR3);
+        RIP2(C, D, E, A, B, WR63, SR63, KR3);
+
+        RIP1(B, C, D, E, A, WR64, SR64);
+        RIP1(A, B, C, D, E, WR65, SR65);
+        RIP1(E, A, B, C, D, WR66, SR66);
+        RIP1(D, E, A, B, C, WR67, SR67);
+        RIP1(C, D, E, A, B, WR68, SR68);
+        RIP1(B, C, D, E, A, WR69, SR69);
+        RIP1(A, B, C, D, E, WR70, SR70);
+        RIP1(E, A, B, C, D, WR71, SR71);
+        RIP1(D, E, A, B, C, WR72, SR72);
+        RIP1(C, D, E, A, B, WR73, SR73);
+        RIP1(B, C, D, E, A, WR74, SR74);
+        RIP1(A, B, C, D, E, WR75, SR75);
+        RIP1(E, A, B, C, D, WR76, SR76);
+        RIP1(D, E, A, B, C, WR77, SR77);
+        RIP1(C, D, E, A, B, WR78, SR78);
+        RIP1(B, C, D, E, A, WR79, SR79);
+
+        D = ctx->B + c + D;
+        ctx->B = ctx->C + d + E;
+        ctx->C = ctx->D + e + A;
+        ctx->D = ctx->E + a + B;
+        ctx->E = ctx->A + b + C;
+        ctx->A = D;
+
+    }
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ripemd/rmd_locl.h b/openssl-1.1.0h/crypto/ripemd/rmd_locl.h
new file mode 100644
index 0000000..9c5ba15
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/rmd_locl.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
+
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ *                                      <appro@fy.chalmers.se>
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#  define ripemd160_block_data_order ripemd160_block_asm_data_order
+# endif
+#endif
+
+void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               RIPEMD160_LONG
+#define HASH_CTX                RIPEMD160_CTX
+#define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_UPDATE             RIPEMD160_Update
+#define HASH_TRANSFORM          RIPEMD160_Transform
+#define HASH_FINAL              RIPEMD160_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
+
+#include "internal/md32_common.h"
+
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
+ */
+#define F1(x,y,z)       ((x) ^ (y) ^ (z))
+#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
+
+#define RIPEMD160_A     0x67452301L
+#define RIPEMD160_B     0xEFCDAB89L
+#define RIPEMD160_C     0x98BADCFEL
+#define RIPEMD160_D     0x10325476L
+#define RIPEMD160_E     0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+        a+=F1(b,c,d)+X(w); \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+        a+=F2(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+        a+=F3(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+        a+=F4(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+        a+=F5(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
diff --git a/openssl-1.1.0h/crypto/ripemd/rmd_one.c b/openssl-1.1.0h/crypto/ripemd/rmd_one.c
new file mode 100644
index 0000000..c3193bd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/rmd_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
+{
+    RIPEMD160_CTX c;
+    static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!RIPEMD160_Init(&c))
+        return NULL;
+    RIPEMD160_Update(&c, d, n);
+    RIPEMD160_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/ripemd/rmdconst.h b/openssl-1.1.0h/crypto/ripemd/rmdconst.h
new file mode 100644
index 0000000..b810132
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ripemd/rmdconst.h
@@ -0,0 +1,350 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
diff --git a/openssl-1.1.0h/crypto/rsa/build.info b/openssl-1.1.0h/crypto/rsa/build.info
new file mode 100644
index 0000000..39b7464
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+        rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_ameth.c b/openssl-1.1.0h/crypto/rsa/rsa_ameth.c
new file mode 100644
index 0000000..4a12276
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_ameth.c
@@ -0,0 +1,867 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si);
+static int rsa_cms_verify(CMS_SignerInfo *si);
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    unsigned char *penc = NULL;
+    int penclen;
+    penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+    if (penclen <= 0)
+        return 0;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
+                               V_ASN1_NULL, NULL, penc, penclen))
+        return 1;
+
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    RSA *rsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+        return 0;
+    if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
+        RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_RSA(pkey, rsa);
+    return 1;
+}
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
+        || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
+        return 0;
+    return 1;
+}
+
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    RSA *rsa;
+
+    if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_RSA(pkey, rsa);
+    return 1;
+}
+
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+}
+
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    unsigned char *rk = NULL;
+    int rklen;
+    rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+
+    if (rklen <= 0) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
+                         V_ASN1_NULL, NULL, rk, rklen)) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    int pklen;
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+        return 0;
+    return old_rsa_priv_decode(pkey, &p, pklen);
+}
+
+static int int_rsa_size(const EVP_PKEY *pkey)
+{
+    return RSA_size(pkey->pkey.rsa);
+}
+
+static int rsa_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.rsa->n);
+}
+
+static int rsa_security_bits(const EVP_PKEY *pkey)
+{
+    return RSA_security_bits(pkey->pkey.rsa);
+}
+
+static void int_rsa_free(EVP_PKEY *pkey)
+{
+    RSA_free(pkey->pkey.rsa);
+}
+
+static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
+{
+    char *str;
+    const char *s;
+    int ret = 0, mod_len = 0;
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+
+    if (priv && x->d) {
+        if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "modulus:";
+        s = "publicExponent:";
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "Modulus:";
+        s = "Exponent:";
+    }
+    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+        goto err;
+    if (priv) {
+        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+            goto err;
+    }
+    ret = 1;
+ err:
+    return (ret);
+}
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
+}
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
+}
+
+/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
+static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
+{
+    if (alg == NULL)
+        return NULL;
+    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
+        return NULL;
+    return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                     alg->parameter);
+}
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
+                                      X509_ALGOR **pmaskHash)
+{
+    RSA_PSS_PARAMS *pss;
+
+    *pmaskHash = NULL;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
+                                    alg->parameter);
+
+    if (!pss)
+        return NULL;
+
+    *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+
+    return pss;
+}
+
+static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
+                               X509_ALGOR *maskHash, int indent)
+{
+    int rv = 0;
+    if (!pss) {
+        if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
+            return 0;
+        return 1;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
+        goto err;
+
+    if (pss->hashAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "sha1 (default)") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+
+    if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
+        goto err;
+    if (pss->maskGenAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, " with ") <= 0)
+            goto err;
+        if (maskHash) {
+            if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+                goto err;
+        } else if (BIO_puts(bp, "INVALID") <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
+        goto err;
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Salt Length: 0x") <= 0)
+        goto err;
+    if (pss->saltLength) {
+        if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "14 (default)") <= 0)
+        goto err;
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
+        goto err;
+    if (pss->trailerField) {
+        if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "BC (default)") <= 0)
+        goto err;
+    BIO_puts(bp, "\n");
+
+    rv = 1;
+
+ err:
+    return rv;
+
+}
+
+static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
+        int rv;
+        RSA_PSS_PARAMS *pss;
+        X509_ALGOR *maskHash;
+        pss = rsa_pss_decode(sigalg, &maskHash);
+        rv = rsa_pss_param_print(bp, pss, maskHash, indent);
+        RSA_PSS_PARAMS_free(pss);
+        X509_ALGOR_free(maskHash);
+        if (!rv)
+            return 0;
+    } else if (!sig && BIO_puts(bp, "\n") <= 0)
+        return 0;
+    if (sig)
+        return X509_signature_dump(bp, sig, indent);
+    return 1;
+}
+
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    X509_ALGOR *alg = NULL;
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0)
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+        break;
+
+    case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+        if (arg1 == 0)
+            PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+        break;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0)
+            return rsa_cms_sign(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_verify(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 0)
+            return rsa_cms_encrypt(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_decrypt(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_TRANS;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+
+    if (alg)
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+
+    return 1;
+
+}
+
+/* allocate and set algorithm ID from EVP_MD, default SHA1 */
+static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
+{
+    if (EVP_MD_type(md) == NID_sha1)
+        return 1;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        return 0;
+    X509_ALGOR_set_md(*palg, md);
+    return 1;
+}
+
+/* Allocate and set MGF1 algorithm ID from EVP_MD */
+static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
+{
+    X509_ALGOR *algtmp = NULL;
+    ASN1_STRING *stmp = NULL;
+    *palg = NULL;
+    if (EVP_MD_type(mgf1md) == NID_sha1)
+        return 1;
+    /* need to embed algorithm ID inside another */
+    if (!rsa_md_to_algor(&algtmp, mgf1md))
+        goto err;
+    if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
+         goto err;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        goto err;
+    X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
+    stmp = NULL;
+ err:
+    ASN1_STRING_free(stmp);
+    X509_ALGOR_free(algtmp);
+    if (*palg)
+        return 1;
+    return 0;
+}
+
+/* convert algorithm ID to EVP_MD, default SHA1 */
+static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
+{
+    const EVP_MD *md;
+    if (!alg)
+        return EVP_sha1();
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL)
+        RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST);
+    return md;
+}
+
+/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
+static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash)
+{
+    const EVP_MD *md;
+    if (!alg)
+        return EVP_sha1();
+    /* Check mask and lookup mask hash algorithm */
+    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
+        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
+        return NULL;
+    }
+    if (!maskHash) {
+        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER);
+        return NULL;
+    }
+    md = EVP_get_digestbyobj(maskHash->algorithm);
+    if (md == NULL) {
+        RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST);
+        return NULL;
+    }
+    return md;
+}
+
+/*
+ * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter,
+ * suitable for setting an AlgorithmIdentifier.
+ */
+
+static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+{
+    const EVP_MD *sigmd, *mgf1md;
+    RSA_PSS_PARAMS *pss = NULL;
+    ASN1_STRING *os = NULL;
+    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+    int saltlen, rv = 0;
+    if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+        goto err;
+    if (saltlen == -1)
+        saltlen = EVP_MD_size(sigmd);
+    else if (saltlen == -2) {
+        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
+        if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
+            saltlen--;
+    }
+    pss = RSA_PSS_PARAMS_new();
+    if (pss == NULL)
+        goto err;
+    if (saltlen != 20) {
+        pss->saltLength = ASN1_INTEGER_new();
+        if (pss->saltLength == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
+            goto err;
+    }
+    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
+        goto err;
+    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
+        goto err;
+    /* Finally create string with pss parameter encoding. */
+    if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os))
+         goto err;
+    rv = 1;
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    if (rv)
+        return os;
+    ASN1_STRING_free(os);
+    return NULL;
+}
+
+/*
+ * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
+ * passed to pkctx instead.
+ */
+
+static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
+                          X509_ALGOR *sigalg, EVP_PKEY *pkey)
+{
+    int rv = -1;
+    int saltlen;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
+    X509_ALGOR *maskHash;
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg, &maskHash);
+
+    if (pss == NULL) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
+        goto err;
+    }
+    mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
+    if (!mgf1md)
+        goto err;
+    md = rsa_algor_to_md(pss->hashAlgorithm);
+    if (!md)
+        goto err;
+
+    if (pss->saltLength) {
+        saltlen = ASN1_INTEGER_get(pss->saltLength);
+
+        /*
+         * Could perform more salt length sanity checks but the main RSA
+         * routines will trap other invalid values anyway.
+         */
+        if (saltlen < 0) {
+            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH);
+            goto err;
+        }
+    } else
+        saltlen = 20;
+
+    /*
+     * low-level routines support only trailer field 0xbc (value 1) and
+     * PKCS#1 says we should reject any other value anyway.
+     */
+    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER);
+        goto err;
+    }
+
+    /* We have all parameters now set up context */
+
+    if (pkey) {
+        if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
+            goto err;
+    } else {
+        const EVP_MD *checkmd;
+        if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
+            goto err;
+        if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
+            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
+            goto err;
+        }
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    X509_ALGOR_free(maskHash);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_verify(CMS_SignerInfo *si)
+{
+    int nid, nid2;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    nid = OBJ_obj2nid(alg->algorithm);
+    if (nid == NID_rsaEncryption)
+        return 1;
+    if (nid == NID_rsassaPss)
+        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+    /* Workaround for some implementation that use a signature OID */
+    if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
+        if (nid2 == NID_rsaEncryption)
+            return 1;
+    }
+    return 0;
+}
+#endif
+
+/*
+ * Customised RSA item verification routine. This is called when a signature
+ * is encountered requiring special handling. We currently only handle PSS.
+ */
+
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
+                           EVP_PKEY *pkey)
+{
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
+        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+        /* Carry on */
+        return 2;
+    }
+    return -1;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si)
+{
+    int pad_mode = RSA_PKCS1_PADDING;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+    ASN1_STRING *os = NULL;
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* We don't support it */
+    if (pad_mode != RSA_PKCS1_PSS_PADDING)
+        return 0;
+    os = rsa_ctx_to_pss(pkctx);
+    if (!os)
+        return 0;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
+    return 1;
+}
+#endif
+
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                         X509_ALGOR *alg1, X509_ALGOR *alg2,
+                         ASN1_BIT_STRING *sig)
+{
+    int pad_mode;
+    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+    if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+        return 0;
+    if (pad_mode == RSA_PKCS1_PADDING)
+        return 2;
+    if (pad_mode == RSA_PKCS1_PSS_PADDING) {
+        ASN1_STRING *os1 = NULL;
+        os1 = rsa_ctx_to_pss(pkctx);
+        if (!os1)
+            return 0;
+        /* Duplicate parameters if we have to */
+        if (alg2) {
+            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
+            if (!os2) {
+                ASN1_STRING_free(os1);
+                return 0;
+            }
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
+                            V_ASN1_SEQUENCE, os2);
+        }
+        X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
+                        V_ASN1_SEQUENCE, os1);
+        return 3;
+    }
+    return 2;
+}
+
+#ifndef OPENSSL_NO_CMS
+static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
+                                        X509_ALGOR **pmaskHash)
+{
+    RSA_OAEP_PARAMS *pss;
+
+    *pmaskHash = NULL;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
+                                    alg->parameter);
+
+    if (!pss)
+        return NULL;
+
+    *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc);
+
+    return pss;
+}
+
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pkctx;
+    X509_ALGOR *cmsalg;
+    int nid;
+    int rv = -1;
+    unsigned char *label = NULL;
+    int labellen = 0;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_OAEP_PARAMS *oaep;
+    X509_ALGOR *maskHash;
+    pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pkctx)
+        return 0;
+    if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
+        return -1;
+    nid = OBJ_obj2nid(cmsalg->algorithm);
+    if (nid == NID_rsaEncryption)
+        return 1;
+    if (nid != NID_rsaesOaep) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
+        return -1;
+    }
+    /* Decode OAEP parameters */
+    oaep = rsa_oaep_decode(cmsalg, &maskHash);
+
+    if (oaep == NULL) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
+        goto err;
+    }
+
+    mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash);
+    if (!mgf1md)
+        goto err;
+    md = rsa_algor_to_md(oaep->hashFunc);
+    if (!md)
+        goto err;
+
+    if (oaep->pSourceFunc) {
+        X509_ALGOR *plab = oaep->pSourceFunc;
+        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
+            goto err;
+        }
+        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
+            goto err;
+        }
+
+        label = plab->parameter->value.octet_string->data;
+        /* Stop label being freed when OAEP parameters are freed */
+        plab->parameter->value.octet_string->data = NULL;
+        labellen = plab->parameter->value.octet_string->length;
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    X509_ALGOR_free(maskHash);
+    return rv;
+}
+
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    const EVP_MD *md, *mgf1md;
+    RSA_OAEP_PARAMS *oaep = NULL;
+    ASN1_STRING *os = NULL;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
+    unsigned char *label;
+    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
+        return 0;
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* Not supported */
+    if (pad_mode != RSA_PKCS1_OAEP_PADDING)
+        return 0;
+    if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        goto err;
+    labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
+    if (labellen < 0)
+        goto err;
+    oaep = RSA_OAEP_PARAMS_new();
+    if (oaep == NULL)
+        goto err;
+    if (!rsa_md_to_algor(&oaep->hashFunc, md))
+        goto err;
+    if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
+        goto err;
+    if (labellen > 0) {
+        ASN1_OCTET_STRING *los;
+        oaep->pSourceFunc = X509_ALGOR_new();
+        if (oaep->pSourceFunc == NULL)
+            goto err;
+        los = ASN1_OCTET_STRING_new();
+        if (los == NULL)
+            goto err;
+        if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
+            ASN1_OCTET_STRING_free(los);
+            goto err;
+        }
+        X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
+                        V_ASN1_OCTET_STRING, los);
+    }
+    /* create string with pss parameter encoding. */
+    if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
+         goto err;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
+    os = NULL;
+    rv = 1;
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    ASN1_STRING_free(os);
+    return rv;
+}
+#endif
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+    {
+     EVP_PKEY_RSA,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA",
+     "OpenSSL RSA method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     old_rsa_priv_decode,
+     old_rsa_priv_encode,
+     rsa_item_verify,
+     rsa_item_sign},
+
+    {
+     EVP_PKEY_RSA2,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_ALIAS}
+};
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_asn1.c b/openssl-1.1.0h/crypto/rsa/rsa_asn1.c
new file mode 100644
index 0000000..20f8ebf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_asn1.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+#include "rsa_locl.h"
+
+/* Override the default free and new methods */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)RSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        RSA_free((RSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, version, LONG),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, d, CBIGNUM),
+        ASN1_SIMPLE(RSA, p, CBIGNUM),
+        ASN1_SIMPLE(RSA, q, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+ASN1_SEQUENCE(RSA_OAEP_PARAMS) = {
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
+} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_chk.c b/openssl-1.1.0h/crypto/rsa/rsa_chk.c
new file mode 100644
index 0000000..00260fb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_chk.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_locl.h"
+
+int RSA_check_key(const RSA *key)
+{
+    return RSA_check_key_ex(key, NULL);
+}
+
+int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
+{
+    BIGNUM *i, *j, *k, *l, *m;
+    BN_CTX *ctx;
+    int ret = 1;
+
+    if (key->p == NULL || key->q == NULL || key->n == NULL
+            || key->e == NULL || key->d == NULL) {
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+
+    i = BN_new();
+    j = BN_new();
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    ctx = BN_CTX_new();
+    if (i == NULL || j == NULL || k == NULL || l == NULL
+            || m == NULL || ctx == NULL) {
+        ret = -1;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (BN_is_one(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+    if (!BN_is_odd(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+
+    /* p prime? */
+    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
+    }
+
+    /* q prime? */
+    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* n = p*q? */
+    if (!BN_mul(i, key->p, key->q, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    if (BN_cmp(i, key->n) != 0) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+    }
+
+    /* d*e = 1  mod lcm(p-1,q-1)? */
+    if (!BN_sub(i, key->p, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_sub(j, key->q, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+
+    /* now compute k = lcm(i,j) */
+    if (!BN_mul(l, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_gcd(m, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
+        ret = -1;
+        goto err;
+    }
+    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
+        ret = -1;
+        goto err;
+    }
+
+    if (!BN_is_one(i)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+    }
+
+    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+        /* dmp1 = d mod (p-1)? */
+        if (!BN_sub(i, key->p, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmp1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* dmq1 = d mod (q-1)? */
+        if (!BN_sub(i, key->q, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmq1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* iqmp = q^-1 mod p? */
+        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, key->iqmp) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
+
+ err:
+    BN_free(i);
+    BN_free(j);
+    BN_free(k);
+    BN_free(l);
+    BN_free(m);
+    BN_CTX_free(ctx);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_crpt.c b/openssl-1.1.0h/crypto/rsa/rsa_crpt.c
new file mode 100644
index 0000000..9cd733b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_crpt.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include "internal/bn_int.h"
+#include <openssl/rand.h>
+#include "rsa_locl.h"
+
+int RSA_bits(const RSA *r)
+{
+    return (BN_num_bits(r->n));
+}
+
+int RSA_size(const RSA *r)
+{
+    return (BN_num_bytes(r->n));
+}
+
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+}
+
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+}
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+}
+
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+}
+
+int RSA_flags(const RSA *r)
+{
+    return ((r == NULL) ? 0 : r->meth->flags);
+}
+
+void RSA_blinding_off(RSA *rsa)
+{
+    BN_BLINDING_free(rsa->blinding);
+    rsa->blinding = NULL;
+    rsa->flags &= ~RSA_FLAG_BLINDING;
+    rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (rsa->blinding != NULL)
+        RSA_blinding_off(rsa);
+
+    rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    if (rsa->blinding == NULL)
+        goto err;
+
+    rsa->flags |= RSA_FLAG_BLINDING;
+    rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+    ret = 1;
+ err:
+    return (ret);
+}
+
+static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
+                                  const BIGNUM *q, BN_CTX *ctx)
+{
+    BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+    if (d == NULL || p == NULL || q == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    if (!BN_sub(r1, p, BN_value_one()))
+        goto err;
+    if (!BN_sub(r2, q, BN_value_one()))
+        goto err;
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+
+    ret = BN_mod_inverse(NULL, d, r0, ctx);
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+    BIGNUM *e;
+    BN_CTX *ctx;
+    BN_BLINDING *ret = NULL;
+
+    if (in_ctx == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            return 0;
+    } else
+        ctx = in_ctx;
+
+    BN_CTX_start(ctx);
+    e = BN_CTX_get(ctx);
+    if (e == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (rsa->e == NULL) {
+        e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+            goto err;
+        }
+    } else
+        e = rsa->e;
+
+    if ((RAND_status() == 0) && rsa->d != NULL
+        && bn_get_words(rsa->d) != NULL) {
+        /*
+         * if PRNG is not properly seeded, resort to secret exponent as
+         * unpredictable seed
+         */
+        RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG),
+                 0.0);
+    }
+
+    {
+        BIGNUM *n = BN_new();
+
+        if (n == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+
+        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
+                                       rsa->_method_mod_n);
+        /* We MUST free n before any further use of rsa->n */
+        BN_free(n);
+    }
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+ err:
+    BN_CTX_end(ctx);
+    if (ctx != in_ctx)
+        BN_CTX_free(ctx);
+    if (e != rsa->e)
+        BN_free(e);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_depr.c b/openssl-1.1.0h/crypto/rsa/rsa_depr.c
new file mode 100644
index 0000000..21e0562
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_depr.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions).
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+                      void (*callback) (int, int, void *), void *cb_arg)
+{
+    int i;
+    BN_GENCB *cb = BN_GENCB_new();
+    RSA *rsa = RSA_new();
+    BIGNUM *e = BN_new();
+
+    if (cb == NULL || rsa == NULL || e == NULL)
+        goto err;
+
+    /*
+     * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
+     * can be larger
+     */
+    for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
+        if (e_value & (1UL << i))
+            if (BN_set_bit(e, i) == 0)
+                goto err;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (RSA_generate_key_ex(rsa, bits, e, cb)) {
+        BN_free(e);
+        BN_GENCB_free(cb);
+        return rsa;
+    }
+ err:
+    BN_free(e);
+    RSA_free(rsa);
+    BN_GENCB_free(cb);
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_err.c b/openssl-1.1.0h/crypto/rsa/rsa_err.c
new file mode 100644
index 0000000..bf54095
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_err.c
@@ -0,0 +1,185 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
+
+static ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
+    {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
+    {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
+    {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"},
+    {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"},
+    {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"},
+    {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
+    {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+    {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
+    {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
+    {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
+    {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
+    {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
+    {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
+    {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
+    {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
+     "RSA_padding_add_PKCS1_OAEP"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1),
+     "RSA_padding_add_PKCS1_OAEP_mgf1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),
+     "RSA_padding_add_PKCS1_PSS_mgf1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),
+     "RSA_padding_add_PKCS1_type_1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),
+     "RSA_padding_add_PKCS1_type_2"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),
+     "RSA_padding_check_PKCS1_OAEP"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1),
+     "RSA_padding_check_PKCS1_OAEP_mgf1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),
+     "RSA_padding_check_PKCS1_type_1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),
+     "RSA_padding_check_PKCS1_type_2"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
+    {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
+    {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+    {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
+    {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"},
+    {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"},
+    {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
+    {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
+    {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
+     "RSA_sign_ASN1_OCTET_STRING"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
+     "RSA_verify_ASN1_OCTET_STRING"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
+    {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
+    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
+    {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
+     "data greater than mod len"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+     "data too large for key size"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+     "data too large for modulus"},
+    {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+     "data too small for key size"},
+    {ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH), "digest does not match"},
+    {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+     "digest too big for rsa key"},
+    {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
+    {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
+    {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
+    {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"},
+    {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
+     "illegal or unsupported padding mode"},
+    {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+    {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
+    {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
+    {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
+    {ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"},
+    {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_REASON(RSA_R_INVALID_PADDING_MODE), "invalid padding mode"},
+    {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
+    {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"},
+    {ERR_REASON(RSA_R_INVALID_SALT_LENGTH), "invalid salt length"},
+    {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_REASON(RSA_R_INVALID_X931_DIGEST), "invalid x931 digest"},
+    {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"},
+    {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
+     "null before block missing"},
+    {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
+    {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
+    {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+     "operation not supported for this keytype"},
+    {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
+    {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"},
+    {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+     "rsa operations not supported"},
+    {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"},
+    {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"},
+    {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"},
+    {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+     "the asn1 object identifier is not known for this md"},
+    {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+    {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
+    {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+    {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
+     "unsupported encryption type"},
+    {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
+    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),
+     "unsupported mask algorithm"},
+    {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),
+     "unsupported mask parameter"},
+    {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
+     "unsupported signature type"},
+    {ERR_REASON(RSA_R_VALUE_MISSING), "value missing"},
+    {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, RSA_str_functs);
+        ERR_load_strings(0, RSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_gen.c b/openssl-1.1.0h/crypto/rsa/rsa_gen.c
new file mode 100644
index 0000000..9af43e0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_gen.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+                              BN_GENCB *cb);
+
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+{
+    if (rsa->meth->rsa_keygen)
+        return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+    return rsa_builtin_keygen(rsa, bits, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+                              BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+    int bitsp, bitsq, ok = -1, n = 0;
+    BN_CTX *ctx = NULL;
+    unsigned long error = 0;
+
+    /*
+     * When generating ridiculously small keys, we can get stuck
+     * continually regenerating the same prime values.
+     */
+    if (bits < 16) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+    if (r3 == NULL)
+        goto err;
+
+    bitsp = (bits + 1) / 2;
+    bitsq = bits - bitsp;
+
+    /* We need the RSA components non-NULL */
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
+        goto err;
+
+    if (BN_copy(rsa->e, e_value) == NULL)
+        goto err;
+
+    BN_set_flags(r2, BN_FLG_CONSTTIME);
+    /* generate p and q */
+    for (;;) {
+        if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+            goto err;
+        if (!BN_sub(r2, rsa->p, BN_value_one()))
+            goto err;
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
+            break;
+        }
+        error = ERR_peek_last_error();
+        if (ERR_GET_LIB(error) == ERR_LIB_BN
+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+            /* GCD != 1 */
+            ERR_pop_to_mark();
+        } else {
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    for (;;) {
+        do {
+            if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+                goto err;
+        } while (BN_cmp(rsa->p, rsa->q) == 0);
+        if (!BN_sub(r2, rsa->q, BN_value_one()))
+            goto err;
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
+            break;
+        }
+        error = ERR_peek_last_error();
+        if (ERR_GET_LIB(error) == ERR_LIB_BN
+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+            /* GCD != 1 */
+            ERR_pop_to_mark();
+        } else {
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+    if (BN_cmp(rsa->p, rsa->q) < 0) {
+        tmp = rsa->p;
+        rsa->p = rsa->q;
+        rsa->q = tmp;
+    }
+
+    /* calculate n */
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+    {
+        BIGNUM *pr0 = BN_new();
+
+        if (pr0 == NULL)
+            goto err;
+        BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+        if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
+            BN_free(pr0);
+            goto err;               /* d */
+        }
+        /* We MUST free pr0 before any further use of r0 */
+        BN_free(pr0);
+    }
+
+    {
+        BIGNUM *d = BN_new();
+
+        if (d == NULL)
+            goto err;
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (   /* calculate d mod (p-1) */
+               !BN_mod(rsa->dmp1, d, r1, ctx)
+               /* calculate d mod (q-1) */
+            || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    {
+        BIGNUM *p = BN_new();
+
+        if (p == NULL)
+            goto err;
+        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+        /* calculate inverse of q mod p */
+        if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
+            BN_free(p);
+            goto err;
+        }
+        /* We MUST free p before any further use of rsa->p */
+        BN_free(p);
+    }
+
+    ok = 1;
+ err:
+    if (ok == -1) {
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+        ok = 0;
+    }
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    return ok;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_lib.c b/openssl-1.1.0h/crypto/rsa/rsa_lib.c
new file mode 100644
index 0000000..e1377a0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_lib.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include "internal/bn_int.h"
+#include <openssl/engine.h>
+#include "rsa_locl.h"
+
+RSA *RSA_new(void)
+{
+    return RSA_new_method(NULL);
+}
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+{
+    return rsa->meth;
+}
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const RSA_METHOD *mtmp;
+    mtmp = rsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(rsa->engine);
+    rsa->engine = NULL;
+#endif
+    rsa->meth = meth;
+    if (meth->init)
+        meth->init(rsa);
+    return 1;
+}
+
+RSA *RSA_new_method(ENGINE *engine)
+{
+    RSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_RSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_RSA(ret->engine);
+        if (ret->meth == NULL) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+err:
+    RSA_free(ret);
+    return NULL;
+}
+
+void RSA_free(RSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
+    REF_PRINT_COUNT("RSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth->finish)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->n);
+    BN_clear_free(r->e);
+    BN_clear_free(r->d);
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->dmp1);
+    BN_clear_free(r->dmq1);
+    BN_clear_free(r->iqmp);
+    BN_BLINDING_free(r->blinding);
+    BN_BLINDING_free(r->mt_blinding);
+    OPENSSL_free(r->bignum_data);
+    OPENSSL_free(r);
+}
+
+int RSA_up_ref(RSA *r)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("RSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+int RSA_security_bits(const RSA *rsa)
+{
+    return BN_security_bits(BN_num_bits(rsa->n), -1);
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+    /* If the fields n and e in r are NULL, the corresponding input
+     * parameters MUST be non-NULL for n and e.  d may be
+     * left NULL (in case only the public key is used).
+     */
+    if ((r->n == NULL && n == NULL)
+        || (r->e == NULL && e == NULL))
+        return 0;
+
+    if (n != NULL) {
+        BN_free(r->n);
+        r->n = n;
+    }
+    if (e != NULL) {
+        BN_free(r->e);
+        r->e = e;
+    }
+    if (d != NULL) {
+        BN_free(r->d);
+        r->d = d;
+    }
+
+    return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+    /* If the fields p and q in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->p == NULL && p == NULL)
+        || (r->q == NULL && q == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(r->p);
+        r->p = p;
+    }
+    if (q != NULL) {
+        BN_free(r->q);
+        r->q = q;
+    }
+
+    return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->dmp1 == NULL && dmp1 == NULL)
+        || (r->dmq1 == NULL && dmq1 == NULL)
+        || (r->iqmp == NULL && iqmp == NULL))
+        return 0;
+
+    if (dmp1 != NULL) {
+        BN_free(r->dmp1);
+        r->dmp1 = dmp1;
+    }
+    if (dmq1 != NULL) {
+        BN_free(r->dmq1);
+        r->dmq1 = dmq1;
+    }
+    if (iqmp != NULL) {
+        BN_free(r->iqmp);
+        r->iqmp = iqmp;
+    }
+
+    return 1;
+}
+
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+    if (n != NULL)
+        *n = r->n;
+    if (e != NULL)
+        *e = r->e;
+    if (d != NULL)
+        *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+    if (p != NULL)
+        *p = r->p;
+    if (q != NULL)
+        *q = r->q;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp)
+{
+    if (dmp1 != NULL)
+        *dmp1 = r->dmp1;
+    if (dmq1 != NULL)
+        *dmq1 = r->dmq1;
+    if (iqmp != NULL)
+        *iqmp = r->iqmp;
+}
+
+void RSA_clear_flags(RSA *r, int flags)
+{
+    r->flags &= ~flags;
+}
+
+int RSA_test_flags(const RSA *r, int flags)
+{
+    return r->flags & flags;
+}
+
+void RSA_set_flags(RSA *r, int flags)
+{
+    r->flags |= flags;
+}
+
+ENGINE *RSA_get0_engine(const RSA *r)
+{
+    return r->engine;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_locl.h b/openssl-1.1.0h/crypto/rsa/rsa_locl.h
new file mode 100644
index 0000000..5d16aa6
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_locl.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rsa.h>
+
+struct rsa_st {
+    /*
+     * The first parameter is used to pickup errors where this is passed
+     * instead of aEVP_PKEY, it is set to 0
+     */
+    int pad;
+    long version;
+    const RSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    BIGNUM *n;
+    BIGNUM *e;
+    BIGNUM *d;
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *dmp1;
+    BIGNUM *dmq1;
+    BIGNUM *iqmp;
+    /* be careful using this if the RSA structure is shared */
+    CRYPTO_EX_DATA ex_data;
+    int references;
+    int flags;
+    /* Used to cache montgomery values */
+    BN_MONT_CTX *_method_mod_n;
+    BN_MONT_CTX *_method_mod_p;
+    BN_MONT_CTX *_method_mod_q;
+    /*
+     * all BIGNUM values are actually in the following data, if it is not
+     * NULL
+     */
+    char *bignum_data;
+    BN_BLINDING *blinding;
+    BN_BLINDING *mt_blinding;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct rsa_meth_st {
+    char *name;
+    int (*rsa_pub_enc) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_pub_dec) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_enc) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_dec) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    /* Can be null */
+    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+    /* Can be null */
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    /* called at new */
+    int (*init) (RSA *rsa);
+    /* called at free */
+    int (*finish) (RSA *rsa);
+    /* RSA_METHOD_FLAG_* things */
+    int flags;
+    /* may be needed! */
+    char *app_data;
+    /*
+     * New sign and verify functions: some libraries don't allow arbitrary
+     * data to be signed/verified: this allows them to be used. Note: for
+     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
+     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
+     */
+    int (*rsa_sign) (int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen,
+                     const RSA *rsa);
+    int (*rsa_verify) (int dtype, const unsigned char *m,
+                       unsigned int m_length, const unsigned char *sigbuf,
+                       unsigned int siglen, const RSA *rsa);
+    /*
+     * If this callback is NULL, the builtin software RSA key-gen will be
+     * used. This is for behavioural compatibility whilst the code gets
+     * rewired, but one day it would be nice to assume there are no such
+     * things as "builtin software" implementations.
+     */
+    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+};
+
+extern int int_rsa_verify(int dtype, const unsigned char *m,
+                          unsigned int m_len, unsigned char *rm,
+                          size_t *prm_len, const unsigned char *sigbuf,
+                          size_t siglen, RSA *rsa);
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_meth.c b/openssl-1.1.0h/crypto/rsa/rsa_meth.c
new file mode 100644
index 0000000..9480abd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_meth.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "rsa_locl.h"
+#include <openssl/err.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags)
+{
+    RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
+
+    if (meth != NULL) {
+        meth->flags = flags;
+
+        meth->name = OPENSSL_strdup(name);
+        if (meth->name != NULL)
+            return meth;
+
+        OPENSSL_free(meth);
+    }
+
+    RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+    if (meth != NULL) {
+        OPENSSL_free(meth->name);
+        OPENSSL_free(meth);
+    }
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+    RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, meth, sizeof(*meth));
+
+        ret->name = OPENSSL_strdup(meth->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth)
+{
+    return meth->name;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(meth->name);
+    meth->name = tmpname;
+
+    return 1;
+}
+
+int RSA_meth_get_flags(RSA_METHOD *meth)
+{
+    return meth->flags;
+}
+
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
+{
+    meth->flags = flags;
+    return 1;
+}
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
+{
+    return meth->app_data;
+}
+
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
+{
+    meth->app_data = app_data;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_enc;
+}
+
+int RSA_meth_set_pub_enc(RSA_METHOD *meth,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_enc = pub_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_dec;
+}
+
+int RSA_meth_set_pub_dec(RSA_METHOD *meth,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_dec = pub_dec;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_enc;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_enc = priv_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_dec;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_dec = priv_dec;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    return meth->rsa_mod_exp;
+}
+
+int RSA_meth_set_mod_exp(RSA_METHOD *meth,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                         BN_CTX *ctx))
+{
+    meth->rsa_mod_exp = mod_exp;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return meth->bn_mod_exp;
+}
+
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx))
+{
+    meth->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+    /* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->init;
+}
+
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
+{
+    meth->init = init;
+    return 1;
+}
+
+    /* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->finish;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+    meth->finish = finish;
+    return 1;
+}
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa)
+{
+    return meth->rsa_sign;
+}
+
+int RSA_meth_set_sign(RSA_METHOD *meth,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa))
+{
+    meth->rsa_sign = sign;
+    return 1;
+}
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa)
+{
+    return meth->rsa_verify;
+}
+
+int RSA_meth_set_verify(RSA_METHOD *meth,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa))
+{
+    meth->rsa_verify = verify;
+    return 1;
+}
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_keygen;
+}
+
+int RSA_meth_set_keygen(RSA_METHOD *meth,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb))
+{
+    meth->rsa_keygen = keygen;
+    return 1;
+}
+
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_none.c b/openssl-1.1.0h/crypto/rsa/rsa_none.c
new file mode 100644
index 0000000..b78756d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_none.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    if (flen < tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    memcpy(to, from, (unsigned int)flen);
+    return (1);
+}
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
+
+    memset(to, 0, tlen - flen);
+    memcpy(to + tlen - flen, from, flen);
+    return (tlen);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_null.c b/openssl-1.1.0h/crypto/rsa/rsa_null.c
new file mode 100644
index 0000000..d339494
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_null.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+/*
+ * This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+                                    unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+                                    unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth = {
+    "Null RSA",
+    RSA_null_public_encrypt,
+    RSA_null_public_decrypt,
+    RSA_null_private_encrypt,
+    RSA_null_private_decrypt,
+    NULL,
+    NULL,
+    RSA_null_init,
+    RSA_null_finish,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const RSA_METHOD *RSA_null_method(void)
+{
+    return (&rsa_null_meth);
+}
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
+
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+                                    unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
+           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
+
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+                                    unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
+           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
+
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
+
+static int RSA_null_init(RSA *rsa)
+{
+    return (1);
+}
+
+static int RSA_null_finish(RSA *rsa)
+{
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_oaep.c b/openssl-1.1.0h/crypto/rsa/rsa_oaep.c
new file mode 100644
index 0000000..4878d49
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_oaep.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/*
+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, <URL:
+ * http://www.shoup.net/papers/oaep.ps.Z> for problems with the security
+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new
+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern,
+ * "RSA-OEAP is Still Alive!", Dec. 2000, <URL:
+ * http://eprint.iacr.org/2000/061/>. The new proof has stronger requirements
+ * for the underlying permutation: "partial-one-wayness" instead of
+ * one-wayness.  For the RSA function, this is an equivalent notion.
+ */
+
+#include "internal/constant_time_locl.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_locl.h"
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *from, int flen,
+                               const unsigned char *param, int plen)
+{
+    return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen,
+                                           param, plen, NULL, NULL);
+}
+
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md)
+{
+    int i, emlen = tlen - 1;
+    unsigned char *db, *seed;
+    unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
+    int mdlen;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (flen > emlen - 2 * mdlen - 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (emlen < 2 * mdlen + 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    to[0] = 0;
+    seed = to + 1;
+    db = to + mdlen + 1;
+
+    if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
+        return 0;
+    memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
+    db[emlen - flen - mdlen - 1] = 0x01;
+    memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
+    if (RAND_bytes(seed, mdlen) <= 0)
+        return 0;
+#ifdef PKCS_TESTVECT
+    memcpy(seed,
+           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+           20);
+#endif
+
+    dbmask = OPENSSL_malloc(emlen - mdlen);
+    if (dbmask == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < emlen - mdlen; i++)
+        db[i] ^= dbmask[i];
+
+    if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= seedmask[i];
+
+    OPENSSL_free(dbmask);
+    return 1;
+
+ err:
+    OPENSSL_free(dbmask);
+    return 0;
+}
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen, int num,
+                                 const unsigned char *param, int plen)
+{
+    return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num,
+                                             param, plen, NULL, NULL);
+}
+
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md)
+{
+    int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
+    unsigned int good, found_one_byte;
+    const unsigned char *maskedseed, *maskeddb;
+    /*
+     * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
+     * Y || maskedSeed || maskedDB
+     */
+    unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+        phash[EVP_MAX_MD_SIZE];
+    int mdlen;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+    /*
+     * |num| is the length of the modulus; |flen| is the length of the
+     * encoded message. Therefore, for any |from| that was obtained by
+     * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+     * num < 2 * mdlen + 2 must hold for the modulus irrespective of
+     * the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+     * This does not leak any side-channel information.
+     */
+    if (num < flen || num < 2 * mdlen + 2)
+        goto decoding_err;
+
+    dblen = num - mdlen - 1;
+    db = OPENSSL_malloc(dblen);
+    em = OPENSSL_malloc(num);
+    if (db == NULL || em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    /*
+     * Always do this zero-padding copy (even when num == flen) to avoid
+     * leaking that information. The copy still leaks some side-channel
+     * information, but it's impossible to have a fixed  memory access
+     * pattern since we can't read out of the bounds of |from|.
+     *
+     * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+     */
+    memset(em, 0, num);
+    memcpy(em + num - flen, from, flen);
+
+    /*
+     * The first byte must be zero, however we must not leak if this is
+     * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
+     * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+     */
+    good = constant_time_is_zero(em[0]);
+
+    maskedseed = em + 1;
+    maskeddb = em + 1 + mdlen;
+
+    if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= maskedseed[i];
+
+    if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < dblen; i++)
+        db[i] ^= maskeddb[i];
+
+    if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL))
+        goto cleanup;
+
+    good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen));
+
+    found_one_byte = 0;
+    for (i = mdlen; i < dblen; i++) {
+        /*
+         * Padding consists of a number of 0-bytes, followed by a 1.
+         */
+        unsigned int equals1 = constant_time_eq(db[i], 1);
+        unsigned int equals0 = constant_time_is_zero(db[i]);
+        one_index = constant_time_select_int(~found_one_byte & equals1,
+                                             i, one_index);
+        found_one_byte |= equals1;
+        good &= (found_one_byte | equals0);
+    }
+
+    good &= found_one_byte;
+
+    /*
+     * At this point |good| is zero unless the plaintext was valid,
+     * so plaintext-awareness ensures timing side-channels are no longer a
+     * concern.
+     */
+    if (!good)
+        goto decoding_err;
+
+    msg_index = one_index + 1;
+    mlen = dblen - msg_index;
+
+    if (tlen < mlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE);
+        mlen = -1;
+    } else {
+        memcpy(to, db + msg_index, mlen);
+        goto cleanup;
+    }
+
+ decoding_err:
+    /*
+     * To avoid chosen ciphertext attacks, the error message should not
+     * reveal which kind of decoding error happened.
+     */
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+           RSA_R_OAEP_DECODING_ERROR);
+ cleanup:
+    OPENSSL_clear_free(db, dblen);
+    OPENSSL_clear_free(em, num);
+    return mlen;
+}
+
+int PKCS1_MGF1(unsigned char *mask, long len,
+               const unsigned char *seed, long seedlen, const EVP_MD *dgst)
+{
+    long i, outlen = 0;
+    unsigned char cnt[4];
+    EVP_MD_CTX *c = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdlen;
+    int rv = -1;
+
+    if (c == NULL)
+        goto err;
+    mdlen = EVP_MD_size(dgst);
+    if (mdlen < 0)
+        goto err;
+    for (i = 0; outlen < len; i++) {
+        cnt[0] = (unsigned char)((i >> 24) & 255);
+        cnt[1] = (unsigned char)((i >> 16) & 255);
+        cnt[2] = (unsigned char)((i >> 8)) & 255;
+        cnt[3] = (unsigned char)(i & 255);
+        if (!EVP_DigestInit_ex(c, dgst, NULL)
+            || !EVP_DigestUpdate(c, seed, seedlen)
+            || !EVP_DigestUpdate(c, cnt, 4))
+            goto err;
+        if (outlen + mdlen <= len) {
+            if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
+                goto err;
+            outlen += mdlen;
+        } else {
+            if (!EVP_DigestFinal_ex(c, md, NULL))
+                goto err;
+            memcpy(mask + outlen, md, len - outlen);
+            outlen = len;
+        }
+    }
+    rv = 0;
+ err:
+    EVP_MD_CTX_free(c);
+    return rv;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_ossl.c b/openssl-1.1.0h/crypto/rsa/rsa_ossl.c
new file mode 100644
index 0000000..62a8895
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_ossl.c
@@ -0,0 +1,800 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
+#include "rsa_locl.h"
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                           BN_CTX *ctx);
+static int rsa_ossl_init(RSA *rsa);
+static int rsa_ossl_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_ossl_meth = {
+    "OpenSSL PKCS#1 RSA",
+    rsa_ossl_public_encrypt,
+    rsa_ossl_public_decrypt,     /* signature verification */
+    rsa_ossl_private_encrypt,    /* signing */
+    rsa_ossl_private_decrypt,
+    rsa_ossl_mod_exp,
+    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
+                                 * if e == 3 */
+    rsa_ossl_init,
+    rsa_ossl_finish,
+    RSA_FLAG_FIPS_METHOD,       /* flags */
+    NULL,
+    0,                          /* rsa_sign */
+    0,                          /* rsa_verify */
+    NULL                        /* rsa_keygen */
+};
+
+static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+    default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+    return default_RSA_meth;
+}
+
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
+{
+    return &rsa_pkcs1_ossl_meth;
+}
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, j, k, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (f == NULL || ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        i = RSA_padding_add_SSLv23(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    /*
+     * put in leading 0 bytes if the number is less than the length of the
+     * modulus
+     */
+    j = BN_num_bytes(ret);
+    i = BN_bn2bin(ret, &(to[num - j]));
+    for (k = 0; k < (num - i); k++)
+        to[k] = 0;
+
+    r = num;
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return (r);
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+    BN_BLINDING *ret;
+
+    CRYPTO_THREAD_write_lock(rsa->lock);
+
+    if (rsa->blinding == NULL) {
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    }
+
+    ret = rsa->blinding;
+    if (ret == NULL)
+        goto err;
+
+    if (BN_BLINDING_is_current_thread(ret)) {
+        /* rsa->blinding is ours! */
+
+        *local = 1;
+    } else {
+        /* resort to rsa->mt_blinding instead */
+
+        /*
+         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+         * BN_BLINDING is shared, meaning that accesses require locks, and
+         * that the blinding factor must be stored outside the BN_BLINDING
+         */
+        *local = 0;
+
+        if (rsa->mt_blinding == NULL) {
+            rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+        }
+        ret = rsa->mt_blinding;
+    }
+
+ err:
+    CRYPTO_THREAD_unlock(rsa->lock);
+    return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                                BN_CTX *ctx)
+{
+    if (unblind == NULL)
+        /*
+         * Local blinding: store the unblinding factor in BN_BLINDING.
+         */
+        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+    else {
+        /*
+         * Shared blinding: store the unblinding factor outside BN_BLINDING.
+         */
+        int ret;
+
+        BN_BLINDING_lock(b);
+        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+        BN_BLINDING_unlock(b);
+
+        return ret;
+    }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                               BN_CTX *ctx)
+{
+    /*
+     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+     * is shared between threads, unblind must be non-null:
+     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+     * will only read the modulus from BN_BLINDING. In both cases it's safe
+     * to access the blinding without a lock.
+     */
+    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
+
+/* signing */
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret, *res;
+    int i, j, k, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (f == NULL || ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+        break;
+    case RSA_X931_PADDING:
+        i = RSA_padding_add_X931(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    case RSA_SSLV23_PADDING:
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    if (padding == RSA_X931_PADDING) {
+        BN_sub(f, rsa->n, ret);
+        if (BN_cmp(ret, f) > 0)
+            res = f;
+        else
+            res = ret;
+    } else
+        res = ret;
+
+    /*
+     * put in leading 0 bytes if the number is less than the length of the
+     * modulus
+     */
+    j = BN_num_bytes(res);
+    i = BN_bn2bin(res, &(to[num - j]));
+    for (k = 0; k < (num - i); k++)
+        to[k] = 0;
+
+    r = num;
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return (r);
+}
+
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int j, num = 0, r = -1;
+    unsigned char *p;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (f == NULL || ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    /* make data into a big number */
+    if (BN_bin2bn(from, (int)flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    /* do the decrypt */
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    p = buf;
+    j = BN_bn2bin(ret, p);      /* j is only used with no-padding mode */
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+        break;
+    case RSA_NO_PADDING:
+        r = RSA_padding_check_none(to, num, buf, j, num);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return (r);
+}
+
+/* signature verification */
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *p;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (f == NULL || ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    if (BN_bin2bn(from, flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
+        if (!BN_sub(ret, rsa->n, ret))
+            goto err;
+
+    p = buf;
+    i = BN_bn2bin(ret, p);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+        break;
+    case RSA_X931_PADDING:
+        r = RSA_padding_check_X931(to, num, buf, i, num);
+        break;
+    case RSA_NO_PADDING:
+        r = RSA_padding_check_none(to, num, buf, i, num);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return (r);
+}
+
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    BIGNUM *r1, *m1, *vrfy;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+
+    r1 = BN_CTX_get(ctx);
+    m1 = BN_CTX_get(ctx);
+    vrfy = BN_CTX_get(ctx);
+    if (vrfy == NULL)
+        goto err;
+
+    {
+        BIGNUM *p = BN_new(), *q = BN_new();
+
+        /*
+         * Make sure BN_mod_inverse in Montgomery initialization uses the
+         * BN_FLG_CONSTTIME flag
+         */
+        if (p == NULL || q == NULL) {
+            BN_free(p);
+            BN_free(q);
+            goto err;
+        }
+        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+        BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+
+        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_p, rsa->lock, p, ctx)
+                || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+                                           rsa->lock, q, ctx)) {
+                BN_free(p);
+                BN_free(q);
+                goto err;
+            }
+        }
+        /*
+         * We MUST free p and q before any further use of rsa->p and rsa->q
+         */
+        BN_free(p);
+        BN_free(q);
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+            goto err;
+
+    /* compute I mod q */
+    {
+        BIGNUM *c = BN_new();
+        if (c == NULL)
+            goto err;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r1, c, rsa->q, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+
+        {
+            BIGNUM *dmq1 = BN_new();
+            if (dmq1 == NULL) {
+                BN_free(c);
+                goto err;
+            }
+            BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+
+            /* compute r1^dmq1 mod q */
+            if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+                rsa->_method_mod_q)) {
+                BN_free(c);
+                BN_free(dmq1);
+                goto err;
+            }
+            /* We MUST free dmq1 before any further use of rsa->dmq1 */
+            BN_free(dmq1);
+        }
+
+        /* compute I mod p */
+        if (!BN_mod(r1, c, rsa->p, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+        /* We MUST free c before any further use of I */
+        BN_free(c);
+    }
+
+    {
+        BIGNUM *dmp1 = BN_new();
+        if (dmp1 == NULL)
+            goto err;
+        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+
+        /* compute r1^dmp1 mod p */
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+                                   rsa->_method_mod_p)) {
+            BN_free(dmp1);
+            goto err;
+        }
+        /* We MUST free dmp1 before any further use of rsa->dmp1 */
+        BN_free(dmp1);
+    }
+
+    if (!BN_sub(r0, r0, m1))
+        goto err;
+    /*
+     * This will help stop the size of r0 increasing, which does affect the
+     * multiply if it optimised for a power of 2 size
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+
+    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+        goto err;
+
+    {
+        BIGNUM *pr1 = BN_new();
+        if (pr1 == NULL)
+            goto err;
+        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r0, pr1, rsa->p, ctx)) {
+            BN_free(pr1);
+            goto err;
+        }
+        /* We MUST free pr1 before any further use of r1 */
+        BN_free(pr1);
+    }
+
+    /*
+     * If p < q it is occasionally possible for the correction of adding 'p'
+     * if r0 is negative above to leave the result still negative. This can
+     * break the private key operations: the following second correction
+     * should *always* correct this rare occurrence. This will *never* happen
+     * with OpenSSL generated keys because they ensure p > q [steve]
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+    if (!BN_mul(r1, r0, rsa->q, ctx))
+        goto err;
+    if (!BN_add(r0, r1, m1))
+        goto err;
+
+    if (rsa->e && rsa->n) {
+        if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+                                   rsa->_method_mod_n))
+            goto err;
+        /*
+         * If 'I' was greater than (or equal to) rsa->n, the operation will
+         * be equivalent to using 'I mod n'. However, the result of the
+         * verify will *always* be less than 'n' so we don't check for
+         * absolute equality, just congruency.
+         */
+        if (!BN_sub(vrfy, vrfy, I))
+            goto err;
+        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+            goto err;
+        if (BN_is_negative(vrfy))
+            if (!BN_add(vrfy, vrfy, rsa->n))
+                goto err;
+        if (!BN_is_zero(vrfy)) {
+            /*
+             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+             * miscalculated CRT output, just do a raw (slower) mod_exp and
+             * return that instead.
+             */
+
+            BIGNUM *d = BN_new();
+            if (d == NULL)
+                goto err;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+                                       rsa->_method_mod_n)) {
+                BN_free(d);
+                goto err;
+            }
+            /* We MUST free d before any further use of rsa->d */
+            BN_free(d);
+        }
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+static int rsa_ossl_init(RSA *rsa)
+{
+    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+    return (1);
+}
+
+static int rsa_ossl_finish(RSA *rsa)
+{
+    BN_MONT_CTX_free(rsa->_method_mod_n);
+    BN_MONT_CTX_free(rsa->_method_mod_p);
+    BN_MONT_CTX_free(rsa->_method_mod_q);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_pk1.c b/openssl-1.1.0h/crypto/rsa/rsa_pk1.c
new file mode 100644
index 0000000..aeeb32c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_pk1.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time_locl.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 1;                 /* Private Key BT (Block Type) */
+
+    /* pad out with 0xff data */
+    j = tlen - 3 - flen;
+    memset(p, 0xff, j);
+    p += j;
+    *(p++) = '\0';
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i, j;
+    const unsigned char *p;
+
+    p = from;
+
+    /*
+     * The format is
+     * 00 || 01 || PS || 00 || D
+     * PS - padding string, at least 8 bytes of FF
+     * D  - data.
+     */
+
+    if (num < 11)
+        return -1;
+
+    /* Accept inputs with and without the leading 0-byte. */
+    if (num == flen) {
+        if ((*p++) != 0x00) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                   RSA_R_INVALID_PADDING);
+            return -1;
+        }
+        flen--;
+    }
+
+    if ((num != (flen + 1)) || (*(p++) != 0x01)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BLOCK_TYPE_IS_NOT_01);
+        return (-1);
+    }
+
+    /* scan over padding data */
+    j = flen - 1;               /* one for type. */
+    for (i = 0; i < j; i++) {
+        if (*p != 0xff) {       /* should decrypt to 0xff */
+            if (*p == 0) {
+                p++;
+                break;
+            } else {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                       RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                return (-1);
+            }
+        }
+        p++;
+    }
+
+    if (i == j) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return (-1);
+    }
+
+    if (i < 8) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BAD_PAD_BYTE_COUNT);
+        return (-1);
+    }
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
+    memcpy(to, p, (unsigned int)j);
+
+    return (j);
+}
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return (0);
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return (0);
+            } while (*p == '\0');
+        p++;
+    }
+
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte;
+    int zero_index = 0, msg_index, mlen = -1;
+
+    if (tlen < 0 || flen < 0)
+        return -1;
+
+    /*
+     * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
+     * section 7.2.2.
+     */
+
+    if (flen > num)
+        goto err;
+
+    if (num < 11)
+        goto err;
+
+    em = OPENSSL_zalloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Always do this zero-padding copy (even when num == flen) to avoid
+     * leaking that information. The copy still leaks some side-channel
+     * information, but it's impossible to have a fixed memory access
+     * pattern since we can't read out of the bounds of |from|.
+     *
+     * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+     */
+    memcpy(em + num - flen, from, flen);
+
+    good = constant_time_is_zero(em[0]);
+    good &= constant_time_eq(em[1], 2);
+
+    found_zero_byte = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(em[i]);
+        zero_index =
+            constant_time_select_int(~found_zero_byte & equals0, i,
+                                     zero_index);
+        found_zero_byte |= equals0;
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well; it could
+     * leak something if |tlen| was assuming valid padding.
+     */
+    good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+
+    /*
+     * We can't continue in constant-time because we need to copy the result
+     * and we cannot fake its length. This unavoidably leaks timing
+     * information at the API boundary.
+     */
+    if (!good) {
+        mlen = -1;
+        goto err;
+    }
+
+    memcpy(to, em + msg_index, mlen);
+
+ err:
+    OPENSSL_clear_free(em, num);
+    if (mlen == -1)
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+               RSA_R_PKCS_DECODING_ERROR);
+    return mlen;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_pmeth.c b/openssl-1.1.0h/crypto/rsa/rsa_pmeth.c
new file mode 100644
index 0000000..2d1dffb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_pmeth.c
@@ -0,0 +1,668 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "internal/evp_int.h"
+#include "rsa_locl.h"
+
+/* RSA pkey context structure */
+
+typedef struct {
+    /* Key gen parameters */
+    int nbits;
+    BIGNUM *pub_exp;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* RSA padding mode */
+    int pad_mode;
+    /* message digest */
+    const EVP_MD *md;
+    /* message digest for MGF1 */
+    const EVP_MD *mgf1md;
+    /* PSS salt length */
+    int saltlen;
+    /* Temp buffer */
+    unsigned char *tbuf;
+    /* OAEP label */
+    unsigned char *oaep_label;
+    size_t oaep_labellen;
+} RSA_PKEY_CTX;
+
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx;
+    rctx = OPENSSL_zalloc(sizeof(*rctx));
+    if (rctx == NULL)
+        return 0;
+    rctx->nbits = 1024;
+    rctx->pad_mode = RSA_PKCS1_PADDING;
+    rctx->saltlen = -2;
+    ctx->data = rctx;
+    ctx->keygen_info = rctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    RSA_PKEY_CTX *dctx, *sctx;
+    if (!pkey_rsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    if (sctx->pub_exp) {
+        dctx->pub_exp = BN_dup(sctx->pub_exp);
+        if (!dctx->pub_exp)
+            return 0;
+    }
+    dctx->pad_mode = sctx->pad_mode;
+    dctx->md = sctx->md;
+    dctx->mgf1md = sctx->mgf1md;
+    if (sctx->oaep_label) {
+        OPENSSL_free(dctx->oaep_label);
+        dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+        if (!dctx->oaep_label)
+            return 0;
+        dctx->oaep_labellen = sctx->oaep_labellen;
+    }
+    return 1;
+}
+
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+{
+    if (ctx->tbuf)
+        return 1;
+    ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
+    if (ctx->tbuf == NULL)
+        return 0;
+    return 1;
+}
+
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    if (rctx) {
+        BN_free(rctx->pub_exp);
+        OPENSSL_free(rctx->tbuf);
+        OPENSSL_free(rctx->oaep_label);
+        OPENSSL_free(rctx);
+    }
+}
+
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+
+    if (rctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+
+        if (EVP_MD_type(rctx->md) == NID_mdc2) {
+            unsigned int sltmp;
+            if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                return -1;
+            ret = RSA_sign_ASN1_OCTET_STRING(0,
+                                             tbs, tbslen, sig, &sltmp, rsa);
+
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_X931_PADDING) {
+            if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+            }
+            if (!setup_tbuf(rctx, ctx)) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memcpy(rctx->tbuf, tbs, tbslen);
+            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
+            ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+                                      sig, rsa, RSA_X931_PADDING);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            unsigned int sltmp;
+            ret = RSA_sign(EVP_MD_type(rctx->md),
+                           tbs, tbslen, sig, &sltmp, rsa);
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
+                                                rctx->tbuf, tbs,
+                                                rctx->md, rctx->mgf1md,
+                                                rctx->saltlen))
+                return -1;
+            ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+                                      sig, rsa, RSA_NO_PADDING);
+        } else
+            return -1;
+    } else
+        ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    if (ret < 0)
+        return ret;
+    *siglen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+                                  unsigned char *rout, size_t *routlen,
+                                  const unsigned char *sig, size_t siglen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig,
+                                     rctx->tbuf, ctx->pkey->pkey.rsa,
+                                     RSA_X931_PADDING);
+            if (ret < 1)
+                return 0;
+            ret--;
+            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_ALGORITHM_MISMATCH);
+                return 0;
+            }
+            if (ret != EVP_MD_size(rctx->md)) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_INVALID_DIGEST_LENGTH);
+                return 0;
+            }
+            if (rout)
+                memcpy(rout, rctx->tbuf, ret);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            size_t sltmp;
+            ret = int_rsa_verify(EVP_MD_type(rctx->md),
+                                 NULL, 0, rout, &sltmp,
+                                 sig, siglen, ctx->pkey->pkey.rsa);
+            if (ret <= 0)
+                return 0;
+            ret = sltmp;
+        } else
+            return -1;
+    } else
+        ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    if (ret < 0)
+        return ret;
+    *routlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+    size_t rslen;
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_PKCS1_PADDING)
+            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                              sig, siglen, rsa);
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
+                return 0;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            int ret;
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                     rsa, RSA_NO_PADDING);
+            if (ret <= 0)
+                return 0;
+            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                            rctx->md, rctx->mgf1md,
+                                            rctx->tbuf, rctx->saltlen);
+            if (ret <= 0)
+                return 0;
+            return 1;
+        } else
+            return -1;
+    } else {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                   rsa, rctx->pad_mode);
+        if (rslen == 0)
+            return 0;
+    }
+
+    if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+        return 0;
+
+    return 1;
+
+}
+
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        int klen = RSA_size(ctx->pkey->pkey.rsa);
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
+                                             in, inlen,
+                                             rctx->oaep_label,
+                                             rctx->oaep_labellen,
+                                             rctx->md, rctx->mgf1md))
+            return -1;
+        ret = RSA_public_encrypt(klen, rctx->tbuf, out,
+                                 ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+    } else
+        ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    if (ret < 0)
+        return ret;
+    *outlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
+                                  ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+        if (ret <= 0)
+            return ret;
+        ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
+                                                ret, ret,
+                                                rctx->oaep_label,
+                                                rctx->oaep_labellen,
+                                                rctx->md, rctx->mgf1md);
+    } else
+        ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    if (ret < 0)
+        return ret;
+    *outlen = ret;
+    return 1;
+}
+
+static int check_padding_md(const EVP_MD *md, int padding)
+{
+    int mdnid;
+    if (!md)
+        return 1;
+
+    mdnid = EVP_MD_type(md);
+
+    if (padding == RSA_NO_PADDING) {
+        RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+        return 0;
+    }
+
+    if (padding == RSA_X931_PADDING) {
+        if (RSA_X931_hash_id(mdnid) == -1) {
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
+            return 0;
+        }
+    } else {
+        switch(mdnid) {
+        /* List of all supported RSA digests */
+        case NID_sha1:
+        case NID_sha224:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        case NID_md5:
+        case NID_md5_sha1:
+        case NID_md2:
+        case NID_md4:
+        case NID_mdc2:
+        case NID_ripemd160:
+            return 1;
+
+        default:
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
+            return 0;
+
+        }
+    }
+
+    return 1;
+}
+
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_RSA_PADDING:
+        if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
+            if (!check_padding_md(rctx->md, p1))
+                return 0;
+            if (p1 == RSA_PKCS1_PSS_PADDING) {
+                if (!(ctx->operation &
+                      (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            }
+            if (p1 == RSA_PKCS1_OAEP_PADDING) {
+                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            }
+            rctx->pad_mode = p1;
+            return 1;
+        }
+ bad_pad:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return -2;
+
+    case EVP_PKEY_CTRL_GET_RSA_PADDING:
+        *(int *)p2 = rctx->pad_mode;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+    case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
+            *(int *)p2 = rctx->saltlen;
+        else {
+            if (p1 < -2)
+                return -2;
+            rctx->saltlen = p1;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+        if (p1 < 512) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -2;
+        }
+        rctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+        if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
+            return -2;
+        }
+        BN_free(rctx->pub_exp);
+        rctx->pub_exp = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_MD:
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
+            *(const EVP_MD **)p2 = rctx->md;
+        else
+            rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (!check_padding_md(p2, rctx->pad_mode))
+            return 0;
+        rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = rctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_MGF1_MD:
+    case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
+            && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
+            if (rctx->mgf1md)
+                *(const EVP_MD **)p2 = rctx->mgf1md;
+            else
+                *(const EVP_MD **)p2 = rctx->md;
+        } else
+            rctx->mgf1md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        OPENSSL_free(rctx->oaep_label);
+        if (p2 && p1 > 0) {
+            rctx->oaep_label = p2;
+            rctx->oaep_labellen = p1;
+        } else {
+            rctx->oaep_label = NULL;
+            rctx->oaep_labellen = 0;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        *(unsigned char **)p2 = rctx->oaep_label;
+        return rctx->oaep_labellen;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+    case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_DECRYPT:
+    case EVP_PKEY_CTRL_CMS_ENCRYPT:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+#endif
+    case EVP_PKEY_CTRL_PEER_KEY:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (!value) {
+        RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "rsa_padding_mode") == 0) {
+        int pm;
+        if (strcmp(value, "pkcs1") == 0)
+            pm = RSA_PKCS1_PADDING;
+        else if (strcmp(value, "sslv23") == 0)
+            pm = RSA_SSLV23_PADDING;
+        else if (strcmp(value, "none") == 0)
+            pm = RSA_NO_PADDING;
+        else if (strcmp(value, "oeap") == 0)
+            pm = RSA_PKCS1_OAEP_PADDING;
+        else if (strcmp(value, "oaep") == 0)
+            pm = RSA_PKCS1_OAEP_PADDING;
+        else if (strcmp(value, "x931") == 0)
+            pm = RSA_X931_PADDING;
+        else if (strcmp(value, "pss") == 0)
+            pm = RSA_PKCS1_PSS_PADDING;
+        else {
+            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
+            return -2;
+        }
+        return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+    }
+
+    if (strcmp(type, "rsa_pss_saltlen") == 0) {
+        int saltlen;
+        saltlen = atoi(value);
+        return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+    }
+
+    if (strcmp(type, "rsa_keygen_bits") == 0) {
+        int nbits;
+        nbits = atoi(value);
+        return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+    }
+
+    if (strcmp(type, "rsa_keygen_pubexp") == 0) {
+        int ret;
+        BIGNUM *pubexp = NULL;
+        if (!BN_asc2bn(&pubexp, value))
+            return 0;
+        ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+        if (ret <= 0)
+            BN_free(pubexp);
+        return ret;
+    }
+
+    if (strcmp(type, "rsa_mgf1_md") == 0) {
+        const EVP_MD *md;
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
+    }
+
+    if (strcmp(type, "rsa_oaep_md") == 0) {
+        const EVP_MD *md;
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
+    }
+    if (strcmp(type, "rsa_oaep_label") == 0) {
+        unsigned char *lab;
+        long lablen;
+        int ret;
+        lab = OPENSSL_hexstr2buf(value, &lablen);
+        if (!lab)
+            return 0;
+        ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
+        if (ret <= 0)
+            OPENSSL_free(lab);
+        return ret;
+    }
+
+    return -2;
+}
+
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    RSA *rsa = NULL;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+    if (rctx->pub_exp == NULL) {
+        rctx->pub_exp = BN_new();
+        if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
+            return 0;
+    }
+    rsa = RSA_new();
+    if (rsa == NULL)
+        return 0;
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL) {
+            RSA_free(rsa);
+            return 0;
+        }
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+    ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+    BN_GENCB_free(pcb);
+    if (ret > 0)
+        EVP_PKEY_assign_RSA(pkey, rsa);
+    else
+        RSA_free(rsa);
+    return ret;
+}
+
+const EVP_PKEY_METHOD rsa_pkey_meth = {
+    EVP_PKEY_RSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    0,
+    pkey_rsa_sign,
+
+    0,
+    pkey_rsa_verify,
+
+    0,
+    pkey_rsa_verifyrecover,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_rsa_encrypt,
+
+    0,
+    pkey_rsa_decrypt,
+
+    0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_prn.c b/openssl-1.1.0h/crypto/rsa/rsa_prn.c
new file mode 100644
index 0000000..5e6c599
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_prn.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = RSA_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+        return 0;
+    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_pss.c b/openssl-1.1.0h/crypto/rsa/rsa_pss.c
new file mode 100644
index 0000000..f814338
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_pss.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_locl.h"
+
+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g", off)
+#endif
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen)
+{
+    return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
+}
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    const unsigned char *H;
+    unsigned char *DB = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char H_[EVP_MAX_MD_SIZE];
+
+
+    if (ctx == NULL)
+        goto err;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is autorecovered from signature
+     *      -N      reserved
+     */
+    if (sLen == -1)
+        sLen = hLen;
+    else if (sLen == -2)
+        sLen = -2;
+    else if (sLen < -2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (EM[0] & (0xFF << MSBits)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID);
+        goto err;
+    }
+    if (MSBits == 0) {
+        EM++;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (EM[emLen - 1] != 0xbc) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID);
+        goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    DB = OPENSSL_malloc(maskedDBLen);
+    if (DB == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
+        goto err;
+    for (i = 0; i < maskedDBLen; i++)
+        DB[i] ^= EM[i];
+    if (MSBits)
+        DB[0] &= 0xFF >> (8 - MSBits);
+    for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
+    if (DB[i++] != 0x1) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
+        goto err;
+    }
+    if (sLen >= 0 && (maskedDBLen - i) != sLen) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (maskedDBLen - i) {
+        if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(ctx, H_, NULL))
+        goto err;
+    if (memcmp(H_, H, hLen)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
+        ret = 0;
+    } else
+        ret = 1;
+
+ err:
+    OPENSSL_free(DB);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+
+}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash,
+                              const EVP_MD *Hash, int sLen)
+{
+    return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
+}
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    unsigned char *H, *salt = NULL, *p;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is maximized
+     *      -N      reserved
+     */
+    if (sLen == -1)
+        sLen = hLen;
+    else if (sLen == -2)
+        sLen = -2;
+    else if (sLen < -2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (MSBits == 0) {
+        *EM++ = 0;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen == -2) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen > 0) {
+        salt = OPENSSL_malloc(sLen);
+        if (salt == NULL) {
+            RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+                   ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (RAND_bytes(salt, sLen) <= 0)
+            goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, H, NULL))
+        goto err;
+
+    /* Generate dbMask in place then perform XOR on it */
+    if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
+        goto err;
+
+    p = EM;
+
+    /*
+     * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+     * Note from a test above this value is guaranteed to be non-negative.
+     */
+    p += emLen - sLen - hLen - 2;
+    *p++ ^= 0x1;
+    if (sLen > 0) {
+        for (i = 0; i < sLen; i++)
+            *p++ ^= salt[i];
+    }
+    if (MSBits)
+        EM[0] &= 0xFF >> (8 - MSBits);
+
+    /* H is already in place so just set final 0xbc */
+
+    EM[emLen - 1] = 0xbc;
+
+    ret = 1;
+
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_free(salt);
+
+    return ret;
+
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_saos.c b/openssl-1.1.0h/crypto/rsa/rsa_saos.c
new file mode 100644
index 0000000..9e5fff4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_saos.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_len,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa)
+{
+    ASN1_OCTET_STRING sig;
+    int i, j, ret = 1;
+    unsigned char *p, *s;
+
+    sig.type = V_ASN1_OCTET_STRING;
+    sig.length = m_len;
+    sig.data = (unsigned char *)m;
+
+    i = i2d_ASN1_OCTET_STRING(&sig, NULL);
+    j = RSA_size(rsa);
+    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
+               RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        return (0);
+    }
+    s = OPENSSL_malloc((unsigned int)j + 1);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    p = s;
+    i2d_ASN1_OCTET_STRING(&sig, &p);
+    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+    if (i <= 0)
+        ret = 0;
+    else
+        *siglen = i;
+
+    OPENSSL_clear_free(s, (unsigned int)j + 1);
+    return (ret);
+}
+
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+                                 const unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa)
+{
+    int i, ret = 0;
+    unsigned char *s;
+    const unsigned char *p;
+    ASN1_OCTET_STRING *sig = NULL;
+
+    if (siglen != (unsigned int)RSA_size(rsa)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
+               RSA_R_WRONG_SIGNATURE_LENGTH);
+        return (0);
+    }
+
+    s = OPENSSL_malloc((unsigned int)siglen);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
+
+    if (i <= 0)
+        goto err;
+
+    p = s;
+    sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
+    if (sig == NULL)
+        goto err;
+
+    if (((unsigned int)sig->length != m_len) ||
+        (memcmp(m, sig->data, m_len) != 0)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
+    } else
+        ret = 1;
+ err:
+    ASN1_OCTET_STRING_free(sig);
+    OPENSSL_clear_free(s, (unsigned int)siglen);
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_sign.c b/openssl-1.1.0h/crypto/rsa/rsa_sign.c
new file mode 100644
index 0000000..952d24f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_sign.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "rsa_locl.h"
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH  36
+
+/*
+ * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as
+ * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This
+ * encodes the DigestInfo (T and tLen) but does not add the padding.
+ *
+ * On success, it returns one and sets |*out| to a newly allocated buffer
+ * containing the result and |*out_len| to its length. The caller must free
+ * |*out| with |OPENSSL_free|. Otherwise, it returns zero.
+ */
+static int encode_pkcs1(unsigned char **out, int *out_len, int type,
+                        const unsigned char *m, unsigned int m_len)
+{
+    X509_SIG sig;
+    X509_ALGOR algor;
+    ASN1_TYPE parameter;
+    ASN1_OCTET_STRING digest;
+    uint8_t *der = NULL;
+    int len;
+
+    sig.algor = &algor;
+    sig.algor->algorithm = OBJ_nid2obj(type);
+    if (sig.algor->algorithm == NULL) {
+        RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+        return 0;
+    }
+    if (OBJ_length(sig.algor->algorithm) == 0) {
+        RSAerr(RSA_F_ENCODE_PKCS1,
+               RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+        return 0;
+    }
+    parameter.type = V_ASN1_NULL;
+    parameter.value.ptr = NULL;
+    sig.algor->parameter = &parameter;
+
+    sig.digest = &digest;
+    sig.digest->data = (unsigned char *)m;
+    sig.digest->length = m_len;
+
+    len = i2d_X509_SIG(&sig, &der);
+    if (len < 0)
+        return 0;
+
+    *out = der;
+    *out_len = len;
+    return 1;
+}
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+    int encrypt_len, encoded_len = 0, ret = 0;
+    unsigned char *tmps = NULL;
+    const unsigned char *encoded = NULL;
+
+    if (rsa->meth->rsa_sign) {
+        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+    }
+
+    /* Compute the encoded digest. */
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (m_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+            return 0;
+        }
+        encoded_len = SSL_SIG_LENGTH;
+        encoded = m;
+    } else {
+        if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))
+            goto err;
+        encoded = tmps;
+    }
+
+    if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {
+        RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        goto err;
+    }
+    encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
+                                      RSA_PKCS1_PADDING);
+    if (encrypt_len <= 0)
+        goto err;
+
+    *siglen = encrypt_len;
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(tmps, (size_t)encoded_len);
+    return ret;
+}
+
+/*
+ * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be
+ * called in two modes. If |rm| is NULL, it verifies the signature for digest
+ * |m|. Otherwise, it recovers the digest from the signature, writing the digest
+ * to |rm| and the length to |*prm_len|. |type| is the NID of the digest
+ * algorithm to use. It returns one on successful verification and zero
+ * otherwise.
+ */
+int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                   unsigned char *rm, size_t *prm_len,
+                   const unsigned char *sigbuf, size_t siglen, RSA *rsa)
+{
+    int decrypt_len, ret = 0, encoded_len = 0;
+    unsigned char *decrypt_buf = NULL, *encoded = NULL;
+
+    if (siglen != (size_t)RSA_size(rsa)) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+        return 0;
+    }
+
+    /* Recover the encoded digest. */
+    decrypt_buf = OPENSSL_malloc(siglen);
+    if (decrypt_buf == NULL) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
+                                     RSA_PKCS1_PADDING);
+    if (decrypt_len <= 0)
+        goto err;
+
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (decrypt_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf, SSL_SIG_LENGTH);
+            *prm_len = SSL_SIG_LENGTH;
+        } else {
+            if (m_len != SSL_SIG_LENGTH) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else if (type == NID_mdc2 && decrypt_len == 2 + 16
+               && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {
+        /*
+         * Oddball MDC2 case: signature can be OCTET STRING. check for correct
+         * tag and length octets.
+         */
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf + 2, 16);
+            *prm_len = 16;
+        } else {
+            if (m_len != 16) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(m, decrypt_buf + 2, 16) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else {
+        /*
+         * If recovering the digest, extract a digest-sized output from the end
+         * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
+         * output as in a standard verification.
+         */
+        if (rm != NULL) {
+            const EVP_MD *md = EVP_get_digestbynid(type);
+            if (md == NULL) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                goto err;
+            }
+
+            m_len = EVP_MD_size(md);
+            if (m_len > (size_t)decrypt_len) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+                goto err;
+            }
+            m = decrypt_buf + decrypt_len - m_len;
+        }
+
+        /* Construct the encoded digest and ensure it matches. */
+        if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))
+            goto err;
+
+        if (encoded_len != decrypt_len
+            || memcmp(encoded, decrypt_buf, encoded_len) != 0) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        /* Output the recovered digest. */
+        if (rm != NULL) {
+            memcpy(rm, m, m_len);
+            *prm_len = m_len;
+        }
+    }
+
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(encoded, (size_t)encoded_len);
+    OPENSSL_clear_free(decrypt_buf, siglen);
+    return ret;
+}
+
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+
+    if (rsa->meth->rsa_verify) {
+        return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
+    }
+
+    return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_ssl.c b/openssl-1.1.0h/crypto/rsa/rsa_ssl.c
new file mode 100644
index 0000000..9ef6b80
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_ssl.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - 8 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return (0);
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return (0);
+            } while (*p == '\0');
+        p++;
+    }
+
+    memset(p, 3, 8);
+    p += 8;
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *from, int flen, int num)
+{
+    int i, j, k;
+    const unsigned char *p;
+
+    p = from;
+    if (flen < 10) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+        return (-1);
+    }
+    if ((num != (flen + 1)) || (*(p++) != 02)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
+        return (-1);
+    }
+
+    /* scan over padding data */
+    j = flen - 1;               /* one for type */
+    for (i = 0; i < j; i++)
+        if (*(p++) == 0)
+            break;
+
+    if ((i == j) || (i < 8)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return (-1);
+    }
+    for (k = -9; k < -1; k++) {
+        if (p[k] != 0x03)
+            break;
+    }
+    if (k == -1) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
+        return (-1);
+    }
+
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
+    memcpy(to, p, (unsigned int)j);
+
+    return (j);
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_x931.c b/openssl-1.1.0h/crypto/rsa/rsa_x931.c
new file mode 100644
index 0000000..b9301f3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_x931.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    /*
+     * Absolute minimum amount of padding is 1 header nibble, 1 padding
+     * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+     */
+
+    j = tlen - flen - 2;
+
+    if (j < 0) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return -1;
+    }
+
+    p = (unsigned char *)to;
+
+    /* If no padding start and end nibbles are in one byte */
+    if (j == 0)
+        *p++ = 0x6A;
+    else {
+        *p++ = 0x6B;
+        if (j > 1) {
+            memset(p, 0xBB, j - 1);
+            p += j - 1;
+        }
+        *p++ = 0xBA;
+    }
+    memcpy(p, from, (unsigned int)flen);
+    p += flen;
+    *p = 0xCC;
+    return (1);
+}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+    int i = 0, j;
+    const unsigned char *p;
+
+    p = from;
+    if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+        return -1;
+    }
+
+    if (*p++ == 0x6B) {
+        j = flen - 3;
+        for (i = 0; i < j; i++) {
+            unsigned char c = *p++;
+            if (c == 0xBA)
+                break;
+            if (c != 0xBB) {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                return -1;
+            }
+        }
+
+        j -= i;
+
+        if (i == 0) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+            return -1;
+        }
+
+    } else
+        j = flen - 2;
+
+    if (p[j] != 0xCC) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+        return -1;
+    }
+
+    memcpy(to, p, (unsigned int)j);
+
+    return (j);
+}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+{
+    switch (nid) {
+    case NID_sha1:
+        return 0x33;
+
+    case NID_sha256:
+        return 0x34;
+
+    case NID_sha384:
+        return 0x36;
+
+    case NID_sha512:
+        return 0x35;
+
+    }
+    return -1;
+}
diff --git a/openssl-1.1.0h/crypto/rsa/rsa_x931g.c b/openssl-1.1.0h/crypto/rsa/rsa_x931g.c
new file mode 100644
index 0000000..877ee22
--- /dev/null
+++ b/openssl-1.1.0h/crypto/rsa/rsa_x931g.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include "rsa_locl.h"
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+    BN_CTX *ctx = NULL, *ctx2 = NULL;
+    int ret = 0;
+
+    if (!rsa)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+    if (!rsa->e) {
+        rsa->e = BN_dup(e);
+        if (!rsa->e)
+            goto err;
+    } else
+        e = rsa->e;
+
+    /*
+     * If not all parameters present only calculate what we can. This allows
+     * test programs to output selective parameters.
+     */
+
+    if (Xp && rsa->p == NULL) {
+        rsa->p = BN_new();
+        if (rsa->p == NULL)
+            goto err;
+
+        if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                     Xp, Xp1, Xp2, e, ctx, cb))
+            goto err;
+    }
+
+    if (Xq && rsa->q == NULL) {
+        rsa->q = BN_new();
+        if (rsa->q == NULL)
+            goto err;
+        if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                     Xq, Xq1, Xq2, e, ctx, cb))
+            goto err;
+    }
+
+    if (rsa->p == NULL || rsa->q == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return 2;
+    }
+
+    /*
+     * Since both primes are set we can now calculate all remaining
+     * components.
+     */
+
+    /* calculate n */
+    rsa->n = BN_new();
+    if (rsa->n == NULL)
+        goto err;
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+
+    if (!BN_gcd(r3, r1, r2, ctx))
+        goto err;
+
+    if (!BN_div(r0, NULL, r0, r3, ctx))
+        goto err;               /* LCM((p-1)(q-1)) */
+
+    ctx2 = BN_CTX_new();
+    if (ctx2 == NULL)
+        goto err;
+
+    rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+    if (rsa->d == NULL)
+        goto err;
+
+    /* calculate d mod (p-1) */
+    rsa->dmp1 = BN_new();
+    if (rsa->dmp1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    rsa->dmq1 = BN_new();
+    if (rsa->dmq1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+
+    ret = 1;
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_CTX_free(ctx2);
+
+    return ret;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb)
+{
+    int ok = 0;
+    BIGNUM *Xp = NULL, *Xq = NULL;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto error;
+
+    BN_CTX_start(ctx);
+    Xp = BN_CTX_get(ctx);
+    Xq = BN_CTX_get(ctx);
+    if (Xq == NULL)
+        goto error;
+    if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+        goto error;
+
+    rsa->p = BN_new();
+    rsa->q = BN_new();
+    if (rsa->p == NULL || rsa->q == NULL)
+        goto error;
+
+    /* Generate two primes from Xp, Xq */
+
+    if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                   e, ctx, cb))
+        goto error;
+
+    if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                   e, ctx, cb))
+        goto error;
+
+    /*
+     * Since rsa->p and rsa->q are valid this call will just derive remaining
+     * RSA components.
+     */
+
+    if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                            NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+        goto error;
+
+    ok = 1;
+
+ error:
+    if (ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    if (ok)
+        return 1;
+
+    return 0;
+
+}
diff --git a/openssl-1.1.0h/crypto/s390xcap.c b/openssl-1.1.0h/crypto/s390xcap.c
new file mode 100644
index 0000000..272c551
--- /dev/null
+++ b/openssl-1.1.0h/crypto/s390xcap.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+
+unsigned long long OPENSSL_s390xcap_P[10];
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+unsigned long OPENSSL_s390x_facilities(void);
+
+void OPENSSL_cpuid_setup(void)
+{
+    sigset_t oset;
+    struct sigaction ill_act, oact;
+
+    if (OPENSSL_s390xcap_P[0])
+        return;
+
+    OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    sigfillset(&ill_act.sa_mask);
+    sigdelset(&ill_act.sa_mask, SIGILL);
+    sigdelset(&ill_act.sa_mask, SIGTRAP);
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &oact);
+
+    /* protection against missing store-facility-list-extended */
+    if (sigsetjmp(ill_jmp, 1) == 0)
+        OPENSSL_s390x_facilities();
+
+    sigaction(SIGILL, &oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
diff --git a/openssl-1.1.0h/crypto/s390xcpuid.S b/openssl-1.1.0h/crypto/s390xcpuid.S
new file mode 100644
index 0000000..fc141d9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/s390xcpuid.S
@@ -0,0 +1,178 @@
+.text
+// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
+.globl	OPENSSL_s390x_facilities
+.type	OPENSSL_s390x_facilities,@function
+.align	16
+OPENSSL_s390x_facilities:
+	lghi	%r0,0
+	larl	%r4,OPENSSL_s390xcap_P
+	stg	%r0,8(%r4)	# wipe capability vectors
+	stg	%r0,16(%r4)
+	stg	%r0,24(%r4)
+	stg	%r0,32(%r4)
+	stg	%r0,40(%r4)
+	stg	%r0,48(%r4)
+	stg	%r0,56(%r4)
+	stg	%r0,64(%r4)
+	stg	%r0,72(%r4)
+
+	.long	0xb2b04000	# stfle	0(%r4)
+	brc	8,.Ldone
+	lghi	%r0,1
+	.long	0xb2b04000	# stfle 0(%r4)
+.Ldone:
+	lmg	%r2,%r3,0(%r4)
+	tmhl	%r2,0x4000	# check for message-security-assist
+	jz	.Lret
+
+	lghi	%r0,0		# query kimd capabilities
+	la	%r1,16(%r4)
+	.long	0xb93e0002	# kimd %r0,%r2
+
+	lghi	%r0,0		# query km capability vector
+	la	%r1,32(%r4)
+	.long	0xb92e0042	# km %r4,%r2
+
+	lghi	%r0,0		# query kmc capability vector
+	la	%r1,48(%r4)
+	.long	0xb92f0042	# kmc %r4,%r2
+
+	tmhh	%r3,0x0004	# check for message-security-assist-4
+	jz	.Lret
+
+	lghi	%r0,0		# query kmctr capability vector
+	la	%r1,64(%r4)
+	.long	0xb92d2042	# kmctr %r4,%r2,%r2
+
+.Lret:
+	br	%r14
+.size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,@function
+.align	16
+OPENSSL_rdtsc:
+	stck	16(%r15)
+	lg	%r2,16(%r15)
+	br	%r14
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,@function
+.align	16
+OPENSSL_atomic_add:
+	l	%r1,0(%r2)
+.Lspin:	lr	%r0,%r1
+	ar	%r0,%r3
+	cs	%r1,%r0,0(%r2)
+	brc	4,.Lspin
+	lgfr	%r2,%r0		# OpenSSL expects the new value
+	br	%r14
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,@function
+.align	16
+OPENSSL_wipe_cpu:
+	xgr	%r0,%r0
+	xgr	%r1,%r1
+	lgr	%r2,%r15
+	xgr	%r3,%r3
+	xgr	%r4,%r4
+	lzdr	%f0
+	lzdr	%f1
+	lzdr	%f2
+	lzdr	%f3
+	lzdr	%f4
+	lzdr	%f5
+	lzdr	%f6
+	lzdr	%f7
+	br	%r14
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,@function
+.align	16
+OPENSSL_cleanse:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r3,%r3
+#endif
+	lghi	%r4,15
+	lghi	%r0,0
+	clgr	%r3,%r4
+	jh	.Lot
+	clgr	%r3,%r0
+	bcr	8,%r14
+.Little:
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Little
+	br	%r14
+.align	4
+.Lot:	tmll	%r2,7
+	jz	.Laligned
+	stc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	brctg	%r3,.Lot
+.Laligned:
+	srlg	%r4,%r3,3
+.Loop:	stg	%r0,0(%r2)
+	la	%r2,8(%r2)
+	brctg	%r4,.Loop
+	lghi	%r4,7
+	ngr	%r3,%r4
+	jnz	.Little
+	br	%r14
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,@function
+.align	16
+CRYPTO_memcmp:
+#if !defined(__s390x__) && !defined(__s390x)
+	llgfr	%r4,%r4
+#endif
+	lghi	%r5,0
+	clgr	%r4,%r5
+	je	.Lno_data
+
+.Loop_cmp:
+	llgc	%r0,0(%r2)
+	la	%r2,1(%r2)
+	llgc	%r1,0(%r3)
+	la	%r3,1(%r3)
+	xr	%r1,%r0
+	or	%r5,%r1
+	brctg	%r4,.Loop_cmp
+
+	lnr	%r5,%r5
+	srl	%r5,31
+.Lno_data:
+	lgr	%r2,%r5
+	br	%r14
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,@function
+.align	16
+OPENSSL_instrument_bus:
+	lghi	%r2,0
+	br	%r14
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,@function
+.align	16
+OPENSSL_instrument_bus2:
+	lghi	%r2,0
+	br	%r14
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+
+.section	.init
+	brasl	%r14,OPENSSL_cpuid_setup
diff --git a/openssl-1.1.0h/crypto/seed/build.info b/openssl-1.1.0h/crypto/seed/build.info
new file mode 100644
index 0000000..abdcbca
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
diff --git a/openssl-1.1.0h/crypto/seed/seed.c b/openssl-1.1.0h/crypto/seed/seed.c
new file mode 100644
index 0000000..d62da91
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed.c
@@ -0,0 +1,590 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# ifdef _WIN32
+#  include <memory.h>
+# endif
+
+# include <openssl/seed.h>
+# include "seed_locl.h"
+
+# ifdef SS                      /* can get defined on Solaris by inclusion of
+                                 * <stdlib.h> */
+#  undef SS
+# endif
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#  define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ \
+        SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ \
+        SS[3][(unsigned char)((v)>>24) & 0xff]
+
+static const seed_word SS[4][256] = {
+    { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+      0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+      0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+      0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+      0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+      0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+      0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+      0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+      0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+      0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+      0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+      0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+      0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+      0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+      0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+      0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+      0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+      0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+      0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+      0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+      0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+      0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+      0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+      0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+      0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+      0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+      0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+      0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+      0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+      0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+      0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+      0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+      0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+      0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+      0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+      0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+      0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+      0x36063234, 0x15051114, 0x22022220, 0x38083038,
+      0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+      0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+      0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+      0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+      0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+      0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+      0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+      0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+      0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+      0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+      0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+      0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+      0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+      0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+      0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+      0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+      0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+      0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+      0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+      0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+      0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+      0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+      0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+      0x22426260, 0x29092128, 0x07070304, 0x33033330,
+      0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+      0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+    },
+    { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+      0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+      0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+      0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+      0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+      0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+      0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+      0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+      0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+      0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+      0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+      0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+      0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+      0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+      0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+      0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+      0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+      0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+      0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+      0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+      0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+      0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+      0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+      0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+      0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+      0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+      0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+      0x20220222, 0x04040400, 0x68284860, 0x70314171,
+      0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+      0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+      0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+      0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+      0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+      0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+      0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+      0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+      0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+      0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+      0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+      0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+      0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+      0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+      0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+      0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+      0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+      0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+      0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+      0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+      0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+      0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+      0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+      0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+      0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+      0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+      0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+      0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+      0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+      0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+      0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+      0x30320232, 0x84048480, 0x68294961, 0x90138393,
+      0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+      0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+      0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+      0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+    },
+    { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+      0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+      0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+      0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+      0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+      0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+      0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+      0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+      0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+      0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+      0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+      0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+      0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+      0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+      0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+      0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+      0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+      0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+      0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+      0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+      0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+      0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+      0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+      0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+      0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+      0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+      0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+      0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+      0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+      0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+      0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+      0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+      0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+      0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+      0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+      0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+      0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+      0x32343606, 0x11141505, 0x22202202, 0x30383808,
+      0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+      0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+      0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+      0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+      0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+      0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+      0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+      0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+      0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+      0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+      0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+      0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+      0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+      0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+      0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+      0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+      0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+      0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+      0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+      0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+      0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+      0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+      0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+      0x62602242, 0x21282909, 0x03040707, 0x33303303,
+      0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+      0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+    },
+    { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+      0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+      0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+      0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+      0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+      0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+      0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+      0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+      0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+      0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+      0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+      0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+      0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+      0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+      0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+      0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+      0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+      0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+      0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+      0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+      0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+      0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+      0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+      0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+      0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+      0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+      0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+      0x02222022, 0x04000404, 0x48606828, 0x41717031,
+      0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+      0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+      0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+      0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+      0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+      0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+      0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+      0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+      0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+      0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+      0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+      0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+      0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+      0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+      0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+      0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+      0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+      0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+      0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+      0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+      0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+      0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+      0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+      0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+      0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+      0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+      0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+      0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+      0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+      0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+      0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+      0x02323032, 0x84808404, 0x49616829, 0x83939013,
+      0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+      0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+      0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+      0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+    }
+};
+
+#else
+
+/* on x86_64 >5x size reduction at 40% performance penalty */
+static const unsigned char SEED_Sbox[2][256] = {
+{
+      0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25,
+      0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63,
+      0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17,
+      0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE,
+      0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74,
+      0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01,
+      0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9,
+      0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9,
+      0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F,
+      0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5,
+      0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08,
+      0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1,
+      0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB,
+      0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A,
+      0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64,
+      0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66,
+      0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
+      0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF,
+      0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38,
+      0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97,
+      0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89,
+      0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4,
+      0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8,
+      0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4,
+      0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40,
+      0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55,
+      0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56,
+      0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA,
+      0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2,
+      0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88,
+      0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33,
+      0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A
+    },
+    {
+      0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8,
+      0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B,
+      0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7,
+      0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B,
+      0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4,
+      0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98,
+      0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF,
+      0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72,
+      0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B,
+      0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34,
+      0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8,
+      0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9,
+      0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1,
+      0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71,
+      0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59,
+      0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0,
+      0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
+      0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D,
+      0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E,
+      0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC,
+      0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03,
+      0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09,
+      0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05,
+      0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43,
+      0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79,
+      0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F,
+      0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46,
+      0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD,
+      0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C,
+      0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93,
+      0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87,
+      0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7
+    }
+};
+
+static unsigned int G_FUNC(unsigned int v)
+{
+    unsigned int s0, s1, s2, s3, ret;
+
+    s0 = SEED_Sbox[0][(unsigned char)      (v) & 0xff];
+    s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff];
+    s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff];
+    s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff];
+
+    ret  = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F));
+    ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8;
+    ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16;
+    ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24;
+
+    return ret;
+}
+# endif
+
+/* key schedule constants - golden ratio */
+# define KC0     0x9e3779b9
+# define KC1     0x3c6ef373
+# define KC2     0x78dde6e6
+# define KC3     0xf1bbcdcc
+# define KC4     0xe3779b99
+# define KC5     0xc6ef3733
+# define KC6     0x8dde6e67
+# define KC7     0x1bbcdccf
+# define KC8     0x3779b99e
+# define KC9     0x6ef3733c
+# define KC10    0xdde6e678
+# define KC11    0xbbcdccf1
+# define KC12    0x779b99e3
+# define KC13    0xef3733c6
+# define KC14    0xde6e678d
+# define KC15    0xbcdccf1b
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+static const seed_word KC[] = {
+    KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7,
+    KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15
+};
+# endif
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(rawkey, x1);
+    char2word(rawkey + 4, x2);
+    char2word(rawkey + 8, x3);
+    char2word(rawkey + 12, x4);
+
+    t0 = (x1 + x3 - KC0) & 0xffffffff;
+    t1 = (x2 - x4 + KC0) & 0xffffffff;
+    KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+# else
+    {
+        int i;
+        for (i = 2; i < 16; i += 2) {
+            KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2]);
+            KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i + 1]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2 + 2]);
+        }
+    }
+# endif
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 0);
+    E_SEED(t0, t1, x3, x4, x1, x2, 2);
+    E_SEED(t0, t1, x1, x2, x3, x4, 4);
+    E_SEED(t0, t1, x3, x4, x1, x2, 6);
+    E_SEED(t0, t1, x1, x2, x3, x4, 8);
+    E_SEED(t0, t1, x3, x4, x1, x2, 10);
+    E_SEED(t0, t1, x1, x2, x3, x4, 12);
+    E_SEED(t0, t1, x3, x4, x1, x2, 14);
+    E_SEED(t0, t1, x1, x2, x3, x4, 16);
+    E_SEED(t0, t1, x3, x4, x1, x2, 18);
+    E_SEED(t0, t1, x1, x2, x3, x4, 20);
+    E_SEED(t0, t1, x3, x4, x1, x2, 22);
+    E_SEED(t0, t1, x1, x2, x3, x4, 24);
+    E_SEED(t0, t1, x3, x4, x1, x2, 26);
+    E_SEED(t0, t1, x1, x2, x3, x4, 28);
+    E_SEED(t0, t1, x3, x4, x1, x2, 30);
+# else
+    {
+        int i;
+        for (i = 0; i < 30; i += 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i + 2);
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 30);
+    E_SEED(t0, t1, x3, x4, x1, x2, 28);
+    E_SEED(t0, t1, x1, x2, x3, x4, 26);
+    E_SEED(t0, t1, x3, x4, x1, x2, 24);
+    E_SEED(t0, t1, x1, x2, x3, x4, 22);
+    E_SEED(t0, t1, x3, x4, x1, x2, 20);
+    E_SEED(t0, t1, x1, x2, x3, x4, 18);
+    E_SEED(t0, t1, x3, x4, x1, x2, 16);
+    E_SEED(t0, t1, x1, x2, x3, x4, 14);
+    E_SEED(t0, t1, x3, x4, x1, x2, 12);
+    E_SEED(t0, t1, x1, x2, x3, x4, 10);
+    E_SEED(t0, t1, x3, x4, x1, x2, 8);
+    E_SEED(t0, t1, x1, x2, x3, x4, 6);
+    E_SEED(t0, t1, x3, x4, x1, x2, 4);
+    E_SEED(t0, t1, x1, x2, x3, x4, 2);
+    E_SEED(t0, t1, x3, x4, x1, x2, 0);
+# else
+    {
+        int i;
+        for (i = 30; i > 0; i -= 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i - 2);
+
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+#endif                          /* OPENSSL_NO_SEED */
diff --git a/openssl-1.1.0h/crypto/seed/seed_cbc.c b/openssl-1.1.0h/crypto/seed/seed_cbc.c
new file mode 100644
index 0000000..c9a4fe2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed_cbc.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_decrypt);
+}
diff --git a/openssl-1.1.0h/crypto/seed/seed_cfb.c b/openssl-1.1.0h/crypto/seed/seed_cfb.c
new file mode 100644
index 0000000..2aee1ff
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed_cfb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/seed/seed_ecb.c b/openssl-1.1.0h/crypto/seed/seed_ecb.c
new file mode 100644
index 0000000..b6e301c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed_ecb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc)
+{
+    if (enc)
+        SEED_encrypt(in, out, ks);
+    else
+        SEED_decrypt(in, out, ks);
+}
diff --git a/openssl-1.1.0h/crypto/seed/seed_locl.h b/openssl-1.1.0h/crypto/seed/seed_locl.h
new file mode 100644
index 0000000..d4a03fc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed_locl.h
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+# define HEADER_SEED_LOCL_H
+
+# include "openssl/e_os2.h"
+# include <openssl/seed.h>
+
+# ifdef SEED_LONG               /* need 32-bit type */
+typedef unsigned long seed_word;
+# else
+typedef unsigned int seed_word;
+# endif
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+# define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+
+# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+
+# define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+
+# define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif                          /* HEADER_SEED_LOCL_H */
diff --git a/openssl-1.1.0h/crypto/seed/seed_ofb.c b/openssl-1.1.0h/crypto/seed/seed_ofb.c
new file mode 100644
index 0000000..b455540
--- /dev/null
+++ b/openssl-1.1.0h/crypto/seed/seed_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-586.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-586.pl
new file mode 100644
index 0000000..5adca23
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-586.pl
@@ -0,0 +1,1488 @@
+#! /usr/bin/env perl
+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
+# functions were re-implemented to address P4 performance issue [see
+# commentary below], and in 2006 the rest was rewritten in order to
+# gain freedom to liberate licensing terms.
+
+# January, September 2004.
+#
+# It was noted that Intel IA-32 C compiler generates code which
+# performs ~30% *faster* on P4 CPU than original *hand-coded*
+# SHA1 assembler implementation. To address this problem (and
+# prove that humans are still better than machines:-), the
+# original code was overhauled, which resulted in following
+# performance changes:
+#
+#		compared with original	compared with Intel cc
+#		assembler impl.		generated code
+# Pentium	-16%			+48%
+# PIII/AMD	+8%			+16%
+# P4		+85%(!)			+45%
+#
+# As you can see Pentium came out as looser:-( Yet I reckoned that
+# improvement on P4 outweights the loss and incorporate this
+# re-tuned code to 0.9.7 and later.
+# ----------------------------------------------------------------
+#					<appro@fy.chalmers.se>
+
+# August 2009.
+#
+# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as
+# '(c&d) + (b&(c^d))', which allows to accumulate partial results
+# and lighten "pressure" on scratch registers. This resulted in
+# >12% performance improvement on contemporary AMD cores (with no
+# degradation on other CPUs:-). Also, the code was revised to maximize
+# "distance" between instructions producing input to 'lea' instruction
+# and the 'lea' instruction itself, which is essential for Intel Atom
+# core and resulted in ~15% improvement.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel,
+# and in SSE2 context was first explored by Dean Gaudet in 2004, see
+# http://arctic.org/~dean/crypto/sha1.html. Since then several things
+# have changed that made it interesting again:
+#
+# a) XMM units became faster and wider;
+# b) instruction set became more versatile;
+# c) an important observation was made by Max Locktykhin, which made
+#    it possible to reduce amount of instructions required to perform
+#    the operation in question, for further details see
+#    http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/.
+
+# April 2011.
+#
+# Add AVX code path, probably most controversial... The thing is that
+# switch to AVX alone improves performance by as little as 4% in
+# comparison to SSSE3 code path. But below result doesn't look like
+# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
+# pair of µ-ops, and it's the additional µ-ops, two per round, that
+# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
+# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
+# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
+# cycles per processed byte. But 'sh[rl]d' is not something that used
+# to be fast, nor does it appear to be fast in upcoming Bulldozer
+# [according to its optimization manual]. Which is why AVX code path
+# is guarded by *both* AVX and synthetic bit denoting Intel CPUs.
+# One can argue that it's unfair to AMD, but without 'sh[rl]d' it
+# makes no sense to keep the AVX code path. If somebody feels that
+# strongly, it's probably more appropriate to discuss possibility of
+# using vector rotate XOP on AMD...
+
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#		x86		SSSE3		AVX
+# Pentium	15.7		-
+# PIII		11.5		-
+# P4		10.6		-
+# AMD K8	7.1		-
+# Core2		7.3		6.0/+22%	-
+# Westmere	7.3		5.5/+33%	-
+# Sandy Bridge	8.8		6.2/+40%	5.1(**)/+73%
+# Ivy Bridge	7.2		4.8/+51%	4.7(**)/+53%
+# Haswell	6.5		4.3/+51%	4.1(**)/+58%
+# Bulldozer	11.6		6.0/+92%
+# VIA Nano	10.6		7.5/+41%
+# Atom		12.5		9.3(*)/+35%
+# Silvermont	14.5		9.9(*)/+46%
+#
+# (*)	Loop is 1056 instructions long and expected result is ~8.25.
+#	The discrepancy is because of front-end limitations, so
+#	called MS-ROM penalties, and on Silvermont even rotate's
+#	limited parallelism.
+#
+# (**)	As per above comment, the result is for AVX *plus* sh[rl]d.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
+
+$xmm=$ymm=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+$ymm=1 if ($xmm &&
+		`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+		$1>=2.19);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && 
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+		$1>=2.03);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./ &&
+		$1>=10);	# first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+		$2>=3.0);	# first version supporting AVX
+
+$shaext=$xmm;	### set to zero if compiling for 1.0.1
+
+&external_label("OPENSSL_ia32cap_P") if ($xmm);
+
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$E="edi";
+$T="esi";
+$tmp1="ebp";
+
+@V=($A,$B,$C,$D,$E,$T);
+
+$alt=0;	# 1 denotes alternative IALU implementation, which performs
+	# 8% *worse* on P4, same on Westmere and Atom, 2% better on
+	# Sandy Bridge...
+
+sub BODY_00_15
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("00_15 $n");
+
+	&mov($f,$c);			# f to hold F_00_19(b,c,d)
+	 if ($n==0)  { &mov($tmp1,$a); }
+	 else        { &mov($a,$tmp1); }
+	&rotl($tmp1,5);			# tmp1=ROTATE(a,5)
+	 &xor($f,$d);
+	&add($tmp1,$e);			# tmp1+=e;
+	 &mov($e,&swtmp($n%16));	# e becomes volatile and is loaded
+	 				# with xi, also note that e becomes
+					# f in next round...
+	&and($f,$b);
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &xor($f,$d);			# f holds F_00_19(b,c,d)
+	&lea($tmp1,&DWP(0x5a827999,$tmp1,$e));	# tmp1+=K_00_19+xi
+
+	if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round
+		      &add($f,$tmp1); }	# f+=tmp1
+	else        { &add($tmp1,$f); }	# f becomes a in next round
+	&mov($tmp1,$a)			if ($alt && $n==15);
+	}
+
+sub BODY_16_19
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("16_19 $n");
+
+if ($alt) {
+	&xor($c,$d);
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&and($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d), b&=c^d
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($tmp1,$d);			# tmp1=F_00_19(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($e,$tmp1);		# e+=F_00_19(b,c,d)
+	&xor($c,$d);			# restore $c
+	 &mov($tmp1,$a);		# b in next round
+	&rotr($b,$n==16?2:7);		# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+} else {
+	&mov($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&and($tmp1,$b);
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &xor($tmp1,$d);		# tmp1=F_00_19(b,c,d)
+	&add($e,$tmp1);			# e+=F_00_19(b,c,d)
+	 &mov($tmp1,$a);
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($tmp1,5);			# ROTATE(a,5)
+	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$tmp1);		# f+=ROTATE(a,5)
+}
+	}
+
+sub BODY_20_39
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+	local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
+
+	&comment("20_39 $n");
+
+if ($alt) {
+	&xor($tmp1,$c);			# tmp1 to hold F_20_39(b,c,d), b^=c
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+8)%16));
+	&add($e,$tmp1);			# e+=F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &mov($tmp1,$a);		# b in next round
+	&rotr($b,7);			# b=ROTATE(b,30)
+	 &mov(&swtmp($n%16),$f)		if($n<77);# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &xor($b,$c)			if($n==39);# warm up for BODY_40_59
+	&and($tmp1,$b)			if($n==39);
+	 &lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
+	&mov($e,&swtmp(($n+1)%16))	if($n<79);# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+	&rotr($a,5)			if ($n==79);
+} else {
+	&mov($tmp1,$b);			# tmp1 to hold F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$c);
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($e,$tmp1);		# e+=F_20_39(b,c,d)
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov($tmp1,$a);
+	&rotl($tmp1,5);			# ROTATE(a,5)
+	 &mov(&swtmp($n%16),$f) if($n<77);# xi=f
+	&lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
+	 &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round
+	&add($f,$tmp1);			# f+=ROTATE(a,5)
+}
+	}
+
+sub BODY_40_59
+	{
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
+
+	&comment("40_59 $n");
+
+if ($alt) {
+	&add($e,$tmp1);			# e+=b&(c^d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&mov($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&xor($c,$d);			# restore $c
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &and($tmp1,$c);
+	&rotr($b,7);			# b=ROTATE(b,30)
+	 &add($e,$tmp1);		# e+=c&d
+	&mov($tmp1,$a);			# b in next round
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&rotl($a,5);			# ROTATE(a,5)
+	 &xor($b,$c)			if ($n<59);
+	&and($tmp1,$b)			if ($n<59);# tmp1 to hold F_40_59(b,c,d)
+	 &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d))
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$a);			# f+=ROTATE(a,5)
+} else {
+	&mov($tmp1,$c);			# tmp1 to hold F_40_59(b,c,d)
+	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&xor($tmp1,$d);
+	 &xor($f,&swtmp(($n+8)%16));
+	&and($tmp1,$b);
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
+	&rotl($f,1);			# f=ROTATE(f,1)
+	 &add($tmp1,$e);		# b&(c^d)+=e
+	&rotr($b,2);			# b=ROTATE(b,30)
+	 &mov($e,$a);			# e becomes volatile
+	&rotl($e,5);			# ROTATE(a,5)
+	 &mov(&swtmp($n%16),$f);	# xi=f
+	&lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d))
+	 &mov($tmp1,$c);
+	&add($f,$e);			# f+=ROTATE(a,5)
+	 &and($tmp1,$d);
+	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
+	 &add($f,$tmp1);		# f+=c&d
+}
+	}
+
+&function_begin("sha1_block_data_order");
+if ($xmm) {
+  &static_label("shaext_shortcut")	if ($shaext);
+  &static_label("ssse3_shortcut");
+  &static_label("avx_shortcut")		if ($ymm);
+  &static_label("K_XX_XX");
+
+	&call	(&label("pic_point"));	# make it PIC!
+  &set_label("pic_point");
+	&blindpop($tmp1);
+	&picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point"));
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+
+	&mov	($A,&DWP(0,$T));
+	&mov	($D,&DWP(4,$T));
+	&test	($D,1<<9);		# check SSSE3 bit
+	&jz	(&label("x86"));
+	&mov	($C,&DWP(8,$T));
+	&test	($A,1<<24);		# check FXSR bit
+	&jz	(&label("x86"));
+	if ($shaext) {
+		&test	($C,1<<29);		# check SHA bit
+		&jnz	(&label("shaext_shortcut"));
+	}
+	if ($ymm) {
+		&and	($D,1<<28);		# mask AVX bit
+		&and	($A,1<<30);		# mask "Intel CPU" bit
+		&or	($A,$D);
+		&cmp	($A,1<<28|1<<30);
+		&je	(&label("avx_shortcut"));
+	}
+	&jmp	(&label("ssse3_shortcut"));
+  &set_label("x86",16);
+}
+	&mov($tmp1,&wparam(0));	# SHA_CTX *c
+	&mov($T,&wparam(1));	# const void *input
+	&mov($A,&wparam(2));	# size_t num
+	&stack_push(16+3);	# allocate X[16]
+	&shl($A,6);
+	&add($A,$T);
+	&mov(&wparam(2),$A);	# pointer beyond the end of input
+	&mov($E,&DWP(16,$tmp1));# pre-load E
+	&jmp(&label("loop"));
+
+&set_label("loop",16);
+
+	# copy input chunk to X, but reversing byte order!
+	for ($i=0; $i<16; $i+=4)
+		{
+		&mov($A,&DWP(4*($i+0),$T));
+		&mov($B,&DWP(4*($i+1),$T));
+		&mov($C,&DWP(4*($i+2),$T));
+		&mov($D,&DWP(4*($i+3),$T));
+		&bswap($A);
+		&bswap($B);
+		&bswap($C);
+		&bswap($D);
+		&mov(&swtmp($i+0),$A);
+		&mov(&swtmp($i+1),$B);
+		&mov(&swtmp($i+2),$C);
+		&mov(&swtmp($i+3),$D);
+		}
+	&mov(&wparam(1),$T);	# redundant in 1st spin
+
+	&mov($A,&DWP(0,$tmp1));	# load SHA_CTX
+	&mov($B,&DWP(4,$tmp1));
+	&mov($C,&DWP(8,$tmp1));
+	&mov($D,&DWP(12,$tmp1));
+	# E is pre-loaded
+
+	for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+	for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+	(($V[5] eq $D) and ($V[0] eq $E)) or die;	# double-check
+
+	&mov($tmp1,&wparam(0));	# re-load SHA_CTX*
+	&mov($D,&wparam(1));	# D is last "T" and is discarded
+
+	&add($E,&DWP(0,$tmp1));	# E is last "A"...
+	&add($T,&DWP(4,$tmp1));
+	&add($A,&DWP(8,$tmp1));
+	&add($B,&DWP(12,$tmp1));
+	&add($C,&DWP(16,$tmp1));
+
+	&mov(&DWP(0,$tmp1),$E);	# update SHA_CTX
+	 &add($D,64);		# advance input pointer
+	&mov(&DWP(4,$tmp1),$T);
+	 &cmp($D,&wparam(2));	# have we reached the end yet?
+	&mov(&DWP(8,$tmp1),$A);
+	 &mov($E,$C);		# C is last "E" which needs to be "pre-loaded"
+	&mov(&DWP(12,$tmp1),$B);
+	 &mov($T,$D);		# input pointer
+	&mov(&DWP(16,$tmp1),$C);
+	&jb(&label("loop"));
+
+	&stack_pop(16+3);
+&function_end("sha1_block_data_order");
+
+if ($xmm) {
+if ($shaext) {
+######################################################################
+# Intel SHA Extensions implementation of SHA1 update function.
+#
+my ($ctx,$inp,$num)=("edi","esi","ecx");
+my ($ABCD,$E,$E_,$BSWAP)=map("xmm$_",(0..3));
+my @MSG=map("xmm$_",(4..7));
+
+sub sha1rnds4 {
+ my ($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x3a,0xcc,0xc0|($1<<3)|$2,$imm);	}
+}
+sub sha1op38 {
+ my ($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);	}
+}
+sub sha1nexte	{ sha1op38(0xc8,@_); }
+sub sha1msg1	{ sha1op38(0xc9,@_); }
+sub sha1msg2	{ sha1op38(0xca,@_); }
+
+&function_begin("_sha1_block_data_order_shaext");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("shaext_shortcut");
+	&mov	($ctx,&wparam(0));
+	&mov	("ebx","esp");
+	&mov	($inp,&wparam(1));
+	&mov	($num,&wparam(2));
+	&sub	("esp",32);
+
+	&movdqu	($ABCD,&QWP(0,$ctx));
+	&movd	($E,&DWP(16,$ctx));
+	&and	("esp",-32);
+	&movdqa	($BSWAP,&QWP(0x50,$tmp1));	# byte-n-word swap
+
+	&movdqu	(@MSG[0],&QWP(0,$inp));
+	&pshufd	($ABCD,$ABCD,0b00011011);	# flip word order
+	&movdqu	(@MSG[1],&QWP(0x10,$inp));
+	&pshufd	($E,$E,0b00011011);		# flip word order
+	&movdqu	(@MSG[2],&QWP(0x20,$inp));
+	&pshufb	(@MSG[0],$BSWAP);
+	&movdqu	(@MSG[3],&QWP(0x30,$inp));
+	&pshufb	(@MSG[1],$BSWAP);
+	&pshufb	(@MSG[2],$BSWAP);
+	&pshufb	(@MSG[3],$BSWAP);
+	&jmp	(&label("loop_shaext"));
+
+&set_label("loop_shaext",16);
+	&dec		($num);
+	&lea		("eax",&DWP(0x40,$inp));
+	&movdqa		(&QWP(0,"esp"),$E);	# offload $E
+	&paddd		($E,@MSG[0]);
+	&cmovne		($inp,"eax");
+	&movdqa		(&QWP(16,"esp"),$ABCD);	# offload $ABCD
+
+for($i=0;$i<20-4;$i+=2) {
+	&sha1msg1	(@MSG[0],@MSG[1]);
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,int($i/5));	# 0-3...
+	&sha1nexte	($E_,@MSG[1]);
+	&pxor		(@MSG[0],@MSG[2]);
+	&sha1msg1	(@MSG[1],@MSG[2]);
+	&sha1msg2	(@MSG[0],@MSG[3]);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,int(($i+1)/5));
+	&sha1nexte	($E,@MSG[2]);
+	&pxor		(@MSG[1],@MSG[3]);
+	&sha1msg2	(@MSG[1],@MSG[0]);
+
+	push(@MSG,shift(@MSG));	push(@MSG,shift(@MSG));
+}
+	&movdqu		(@MSG[0],&QWP(0,$inp));
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,3);		# 64-67
+	&sha1nexte	($E_,@MSG[1]);
+	&movdqu		(@MSG[1],&QWP(0x10,$inp));
+	&pshufb		(@MSG[0],$BSWAP);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,3);		# 68-71
+	&sha1nexte	($E,@MSG[2]);
+	&movdqu		(@MSG[2],&QWP(0x20,$inp));
+	&pshufb		(@MSG[1],$BSWAP);
+
+	&movdqa		($E_,$ABCD);
+	&sha1rnds4	($ABCD,$E,3);		# 72-75
+	&sha1nexte	($E_,@MSG[3]);
+	&movdqu		(@MSG[3],&QWP(0x30,$inp));
+	&pshufb		(@MSG[2],$BSWAP);
+
+	&movdqa		($E,$ABCD);
+	&sha1rnds4	($ABCD,$E_,3);		# 76-79
+	&movdqa		($E_,&QWP(0,"esp"));
+	&pshufb		(@MSG[3],$BSWAP);
+	&sha1nexte	($E,$E_);
+	&paddd		($ABCD,&QWP(16,"esp"));
+
+	&jnz		(&label("loop_shaext"));
+
+	&pshufd	($ABCD,$ABCD,0b00011011);
+	&pshufd	($E,$E,0b00011011);
+	&movdqu	(&QWP(0,$ctx),$ABCD)
+	&movd	(&DWP(16,$ctx),$E);
+	&mov	("esp","ebx");
+&function_end("_sha1_block_data_order_shaext");
+}
+######################################################################
+# The SSSE3 implementation.
+#
+# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last
+# 32 elements of the message schedule or Xupdate outputs. First 4
+# quadruples are simply byte-swapped input, next 4 are calculated
+# according to method originally suggested by Dean Gaudet (modulo
+# being implemented in SSSE3). Once 8 quadruples or 32 elements are
+# collected, it switches to routine proposed by Max Locktyukhin.
+#
+# Calculations inevitably require temporary reqisters, and there are
+# no %xmm registers left to spare. For this reason part of the ring
+# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring
+# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] -
+# X[-5], and X[4] - X[-4]...
+#
+# Another notable optimization is aggressive stack frame compression
+# aiming to minimize amount of 9-byte instructions...
+#
+# Yet another notable optimization is "jumping" $B variable. It means
+# that there is no register permanently allocated for $B value. This
+# allowed to eliminate one instruction from body_20_39...
+#
+my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;			# hash round
+my $rx=0;
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+&function_begin("_sha1_block_data_order_ssse3");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("ssse3_shortcut");
+
+	&movdqa	(@X[3],&QWP(0,$tmp1));		# K_00_19
+	&movdqa	(@X[4],&QWP(16,$tmp1));		# K_20_39
+	&movdqa	(@X[5],&QWP(32,$tmp1));		# K_40_59
+	&movdqa	(@X[6],&QWP(48,$tmp1));		# K_60_79
+	&movdqa	(@X[2],&QWP(64,$tmp1));		# pbswap mask
+
+	&mov	($E,&wparam(0));		# load argument block
+	&mov	($inp=@T[1],&wparam(1));
+	&mov	($D,&wparam(2));
+	&mov	(@T[0],"esp");
+
+	# stack frame layout
+	#
+	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
+	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
+	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
+	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
+	#
+	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
+	#	X[4]	X[5]	X[6]	X[7]
+	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
+	#
+	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
+	#	K_40_59	K_40_59	K_40_59	K_40_59
+	#	K_60_79	K_60_79	K_60_79	K_60_79
+	#	K_00_19	K_00_19	K_00_19	K_00_19
+	#	pbswap mask
+	#
+	# +192	ctx				# argument block
+	# +196	inp
+	# +200	end
+	# +204	esp
+	&sub	("esp",208);
+	&and	("esp",-64);
+
+	&movdqa	(&QWP(112+0,"esp"),@X[4]);	# copy constants
+	&movdqa	(&QWP(112+16,"esp"),@X[5]);
+	&movdqa	(&QWP(112+32,"esp"),@X[6]);
+	&shl	($D,6);				# len*64
+	&movdqa	(&QWP(112+48,"esp"),@X[3]);
+	&add	($D,$inp);			# end of input
+	&movdqa	(&QWP(112+64,"esp"),@X[2]);
+	&add	($inp,64);
+	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&mov	(&DWP(192+8,"esp"),$D);
+	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
+
+	&mov	($A,&DWP(0,$E));		# load context
+	&mov	($B,&DWP(4,$E));
+	&mov	($C,&DWP(8,$E));
+	&mov	($D,&DWP(12,$E));
+	&mov	($E,&DWP(16,$E));
+	&mov	(@T[0],$B);			# magic seed
+
+	&movdqu	(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
+	&movdqu	(@X[-3&7],&QWP(-48,$inp));
+	&movdqu	(@X[-2&7],&QWP(-32,$inp));
+	&movdqu	(@X[-1&7],&QWP(-16,$inp));
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&pshufb	(@X[-3&7],@X[2]);
+	&pshufb	(@X[-2&7],@X[2]);
+	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+	&pshufb	(@X[-1&7],@X[2]);
+	&paddd	(@X[-4&7],@X[3]);		# add K_00_19
+	&paddd	(@X[-3&7],@X[3]);
+	&paddd	(@X[-2&7],@X[3]);
+	&movdqa	(&QWP(0,"esp"),@X[-4&7]);	# X[]+K xfer to IALU
+	&psubd	(@X[-4&7],@X[3]);		# restore X[]
+	&movdqa	(&QWP(0+16,"esp"),@X[-3&7]);
+	&psubd	(@X[-3&7],@X[3]);
+	&movdqa	(&QWP(0+32,"esp"),@X[-2&7]);
+	&mov	(@T[1],$C);
+	&psubd	(@X[-2&7],@X[3]);
+	&xor	(@T[1],$D);
+	&pshufd	(@X[0],@X[-4&7],0xee);		# was &movdqa	(@X[0],@X[-3&7]);
+	&and	(@T[0],@T[1]);
+	&jmp	(&label("loop"));
+
+######################################################################
+# SSE instruction sequence is first broken to groups of independent
+# instructions, independent in respect to their inputs and shifter
+# (not all architectures have more than one). Then IALU instructions
+# are "knitted in" between the SSE groups. Distance is maintained for
+# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer
+# [which allegedly also implements SSSE3]...
+#
+# Temporary registers usage. X[2] is volatile at the entry and at the
+# end is restored from backtrace ring buffer. X[3] is expected to
+# contain current K_XX_XX constant and is used to calculate X[-1]+K
+# from previous round, it becomes volatile the moment the value is
+# saved to stack for transfer to IALU. X[4] becomes volatile whenever
+# X[-4] is accumulated and offloaded to backtrace ring buffer, at the
+# end it is loaded with next K_XX_XX [which becomes X[3] in next
+# round]...
+#
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	&movdqa	(@X[2],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &paddd	(@X[3],@X[-1&7]);
+	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@X[2],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&pxor	(@X[2],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@X[4],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa (@X[2],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@X[4],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@X[2],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	&movdqa	(@X[3],@X[4]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@X[4],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@X[2]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@X[3],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	&pxor   (@X[0],@X[4]);
+	  &movdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[3]);		# "X[0]"^=("X[0]"<<96)<<<2
+	  &pshufd	(@X[1],@X[-3&7],0xee)	if ($Xi<7);	# was &movdqa	(@X[1],@X[-2&7])
+	  &pshufd	(@X[3],@X[-1&7],0xee)	if ($Xi==7);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# body_20_39
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	&punpcklqdq(@X[2],@X[-1&7]);	# compose "X[-6]", was &palignr(@X[2],@X[-2&7],8)
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	 if ($Xi%5) {
+	  &movdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
+	 } else {			# ... or load next one
+	  &movdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+	 }
+	 eval(shift(@insns));		# ror
+	  &paddd	(@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&movdqa	(@X[2],@X[0]);
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	&psrld	(@X[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+
+	&por	(@X[0],@X[2]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	  &pshufd	(@X[3],@X[-1],0xee)	if ($Xi<19);	# was &movdqa	(@X[3],@X[0])
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&mov	($inp=@T[1],&DWP(192+4,"esp"));
+	&cmp	($inp,&DWP(192+8,"esp"));
+	&je	(&label("done"));
+
+	&movdqa	(@X[3],&QWP(112+48,"esp"));	# K_00_19
+	&movdqa	(@X[2],&QWP(112+64,"esp"));	# pbswap mask
+	&movdqu	(@X[-4&7],&QWP(0,$inp));	# load input
+	&movdqu	(@X[-3&7],&QWP(16,$inp));
+	&movdqu	(@X[-2&7],&QWP(32,$inp));
+	&movdqu	(@X[-1&7],&QWP(48,$inp));
+	&add	($inp,64);
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@X[3]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(c^d)&b
+	return &body_20_39()	if ($rx==19);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2);',	# $b>>>2
+	'&xor	(@T[0],$d);',
+	'&mov	(@T[1],$a);',	# $b in next round
+
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&xor	($b,$c);',	# $c^$d for next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&and	(@T[1],$b);',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c);',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_20_39 () {	# b^d^c
+	# on entry @T[0]=b^d
+	return &body_40_59()	if ($rx==39);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19);',	# ($b^$d^$c)
+	'&mov	(@T[1],$a);',	# $b in next round
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j< 79);',	# $b^$d for next round
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+	# on entry @T[0]=(b^c), (c^=d)
+	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40);',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40);',	# restore $c
+
+	'&$_ror	($b,7);',	# $b>>>2
+	'&mov	(@T[1],$a);',	# $b for next round
+	'&xor	(@T[0],$c);',
+
+	'&$_rol	($a,5);',
+	'&add	($e,@T[0]);',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59);',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59);',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+######
+sub bodyx_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(b&c)^(~b&d), $e+=X[]+K
+	return &bodyx_20_39()	if ($rx==19);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&rorx	($b,$b,2)			if ($j==0);'.	# $b>>>2
+	'&rorx	($b,@T[1],7)			if ($j!=0);',	# $b>>>2
+	'&lea	($e,&DWP(0,$e,@T[0]));',
+	'&rorx	(@T[0],$a,5);',
+
+	'&andn	(@T[1],$a,$c);',
+	'&and	($a,$b)',
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"));',	# X[]+K xfer
+
+	'&xor	(@T[1],$a)',
+	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub bodyx_20_39 () {	# b^d^c
+	# on start $b=b^c^d
+	return &bodyx_40_59()	if ($rx==39);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&add	($e,($j==19?@T[0]:$b))',
+	'&rorx	($b,@T[1],7);',	# $b>>>2
+	'&rorx	(@T[0],$a,5);',
+
+	'&xor	($a,$b)				if ($j<79);',
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"))	if ($j<79);',	# X[]+K xfer
+	'&xor	($a,$c)				if ($j<79);',
+	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub bodyx_40_59 () {	# ((b^c)&(c^d))^c
+	# on start $b=((b^c)&(c^d))^c
+	return &bodyx_20_39()	if ($rx==59);	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+
+	'&rorx	(@T[0],$a,5)',
+	'&lea	($e,&DWP(0,$e,$b))',
+	'&rorx	($b,@T[1],7)',	# $b>>>2
+	'&add	($d,&DWP(4*(($j+1)&15),"esp"))',	# X[]+K xfer
+
+	'&mov	(@T[1],$c)',
+	'&xor	($a,$b)',	# b^c for next round
+	'&xor	(@T[1],$b)',	# c^d for next round
+
+	'&and	($a,@T[1])',
+	'&add	($e,@T[0])',
+	'&xor	($a,$b)'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+&set_label("loop",16);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	($B,$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&xor	($B,$D);
+	&mov	(&DWP(16,@T[1]),$E);
+	&mov	(@T[1],@T[0]);
+	&pshufd	(@X[0],@X[-4&7],0xee);		# was &movdqa	(@X[0],@X[-3&7]);
+	&and	(@T[0],$B);
+	&mov	($B,$T[1]);
+
+	&jmp	(&label("loop"));
+
+&set_label("done",16);		$j=$saved_j; @V=@saved_V;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+
+&function_end("_sha1_block_data_order_ssse3");
+
+$rx=0;	# reset
+
+if ($ymm) {
+my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;			# hash round
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+&function_begin("_sha1_block_data_order_avx");
+	&call	(&label("pic_point"));	# make it PIC!
+	&set_label("pic_point");
+	&blindpop($tmp1);
+	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("avx_shortcut");
+	&vzeroall();
+
+	&vmovdqa(@X[3],&QWP(0,$tmp1));		# K_00_19
+	&vmovdqa(@X[4],&QWP(16,$tmp1));		# K_20_39
+	&vmovdqa(@X[5],&QWP(32,$tmp1));		# K_40_59
+	&vmovdqa(@X[6],&QWP(48,$tmp1));		# K_60_79
+	&vmovdqa(@X[2],&QWP(64,$tmp1));		# pbswap mask
+
+	&mov	($E,&wparam(0));		# load argument block
+	&mov	($inp=@T[1],&wparam(1));
+	&mov	($D,&wparam(2));
+	&mov	(@T[0],"esp");
+
+	# stack frame layout
+	#
+	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
+	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
+	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
+	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
+	#
+	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
+	#	X[4]	X[5]	X[6]	X[7]
+	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
+	#
+	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
+	#	K_40_59	K_40_59	K_40_59	K_40_59
+	#	K_60_79	K_60_79	K_60_79	K_60_79
+	#	K_00_19	K_00_19	K_00_19	K_00_19
+	#	pbswap mask
+	#
+	# +192	ctx				# argument block
+	# +196	inp
+	# +200	end
+	# +204	esp
+	&sub	("esp",208);
+	&and	("esp",-64);
+
+	&vmovdqa(&QWP(112+0,"esp"),@X[4]);	# copy constants
+	&vmovdqa(&QWP(112+16,"esp"),@X[5]);
+	&vmovdqa(&QWP(112+32,"esp"),@X[6]);
+	&shl	($D,6);				# len*64
+	&vmovdqa(&QWP(112+48,"esp"),@X[3]);
+	&add	($D,$inp);			# end of input
+	&vmovdqa(&QWP(112+64,"esp"),@X[2]);
+	&add	($inp,64);
+	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&mov	(&DWP(192+8,"esp"),$D);
+	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
+
+	&mov	($A,&DWP(0,$E));		# load context
+	&mov	($B,&DWP(4,$E));
+	&mov	($C,&DWP(8,$E));
+	&mov	($D,&DWP(12,$E));
+	&mov	($E,&DWP(16,$E));
+	&mov	(@T[0],$B);			# magic seed
+
+	&vmovdqu(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
+	&vmovdqu(@X[-3&7],&QWP(-48,$inp));
+	&vmovdqu(@X[-2&7],&QWP(-32,$inp));
+	&vmovdqu(@X[-1&7],&QWP(-16,$inp));
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&vpshufb(@X[-3&7],@X[-3&7],@X[2]);
+	&vpshufb(@X[-2&7],@X[-2&7],@X[2]);
+	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+	&vpshufb(@X[-1&7],@X[-1&7],@X[2]);
+	&vpaddd	(@X[0],@X[-4&7],@X[3]);		# add K_00_19
+	&vpaddd	(@X[1],@X[-3&7],@X[3]);
+	&vpaddd	(@X[2],@X[-2&7],@X[3]);
+	&vmovdqa(&QWP(0,"esp"),@X[0]);		# X[]+K xfer to IALU
+	&mov	(@T[1],$C);
+	&vmovdqa(&QWP(0+16,"esp"),@X[1]);
+	&xor	(@T[1],$D);
+	&vmovdqa(&QWP(0+32,"esp"),@X[2]);
+	&and	(@T[0],@T[1]);
+	&jmp	(&label("loop"));
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@X[2],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[2],@X[2],@X[-2&7]);		# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@X[2],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@X[4],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@X[3],@X[4],30);
+	&vpor	(@X[0],@X[0],@X[2]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@X[4],@X[4],2);
+	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[4]);		# "X[0]"^=("X[0]"<<96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@X[2],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 if ($Xi%5) {
+	  &vmovdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
+	 } else {			# ... or load next one
+	  &vmovdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+	 }
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@X[2],@X[0],30);
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@X[2]);	# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&mov	($inp=@T[1],&DWP(192+4,"esp"));
+	&cmp	($inp,&DWP(192+8,"esp"));
+	&je	(&label("done"));
+
+	&vmovdqa(@X[3],&QWP(112+48,"esp"));	# K_00_19
+	&vmovdqa(@X[2],&QWP(112+64,"esp"));	# pbswap mask
+	&vmovdqu(@X[-4&7],&QWP(0,$inp));	# load input
+	&vmovdqu(@X[-3&7],&QWP(16,$inp));
+	&vmovdqu(@X[-2&7],&QWP(32,$inp));
+	&vmovdqu(@X[-1&7],&QWP(48,$inp));
+	&add	($inp,64);
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);		# byte swap
+	&mov	(&DWP(192+4,"esp"),$inp);
+	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb	(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],@X[3]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa	(&QWP(0+16*$Xi,"esp"),@X[$Xi&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+&set_label("loop",16);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	($B,$C);
+	&mov	(&DWP(8,@T[1]),$C);
+	&xor	($B,$D);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+	&mov	(@T[1],@T[0]);
+	&and	(@T[0],$B);
+	&mov	($B,@T[1]);
+
+	&jmp	(&label("loop"));
+
+&set_label("done",16);		$j=$saved_j; @V=@saved_V;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+	&vzeroall();
+
+	&mov	(@T[1],&DWP(192,"esp"));	# update context
+	&add	($A,&DWP(0,@T[1]));
+	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
+	&add	(@T[0],&DWP(4,@T[1]));		# $b
+	&add	($C,&DWP(8,@T[1]));
+	&mov	(&DWP(0,@T[1]),$A);
+	&add	($D,&DWP(12,@T[1]));
+	&mov	(&DWP(4,@T[1]),@T[0]);
+	&add	($E,&DWP(16,@T[1]));
+	&mov	(&DWP(8,@T[1]),$C);
+	&mov	(&DWP(12,@T[1]),$D);
+	&mov	(&DWP(16,@T[1]),$E);
+&function_end("_sha1_block_data_order_avx");
+}
+&set_label("K_XX_XX",64);
+&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999);	# K_00_19
+&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1);	# K_20_39
+&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc);	# K_40_59
+&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6);	# K_60_79
+&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);	# pbswap mask
+&data_byte(0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0);
+}
+&asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-alpha.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-alpha.pl
new file mode 100644
index 0000000..4124958
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-alpha.pl
@@ -0,0 +1,329 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for Alpha.
+
+# On 21264 performance is 33% better than code generated by vendor
+# compiler, and 75% better than GCC [3.4], and in absolute terms is
+# 8.7 cycles per processed byte. Implementation features vectorized
+# byte swap, but not Xupdate.
+
+@X=(	"\$0",	"\$1",	"\$2",	"\$3",	"\$4",	"\$5",	"\$6",	"\$7",
+	"\$8",	"\$9",	"\$10",	"\$11",	"\$12",	"\$13",	"\$14",	"\$15");
+$ctx="a0";	# $16
+$inp="a1";
+$num="a2";
+$A="a3";
+$B="a4";	# 20
+$C="a5";
+$D="t8";
+$E="t9";	@V=($A,$B,$C,$D,$E);
+$t0="t10";	# 24
+$t1="t11";
+$t2="ra";
+$t3="t12";
+$K="AT";	# 28
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+	ldq_u	@X[0],0+0($inp)
+	ldq_u	@X[1],0+7($inp)
+___
+$code.=<<___ if (!($i&1) && $i<14);
+	ldq_u	@X[$i+2],($i+2)*4+0($inp)
+	ldq_u	@X[$i+3],($i+2)*4+7($inp)
+___
+$code.=<<___ if (!($i&1) && $i<15);
+	extql	@X[$i],$inp,@X[$i]
+	extqh	@X[$i+1],$inp,@X[$i+1]
+
+	or	@X[$i+1],@X[$i],@X[$i]	# pair of 32-bit values are fetched
+
+	srl	@X[$i],24,$t0		# vectorized byte swap
+	srl	@X[$i],8,$t2
+
+	sll	@X[$i],8,$t3
+	sll	@X[$i],24,@X[$i]
+	zapnot	$t0,0x11,$t0
+	zapnot	$t2,0x22,$t2
+
+	zapnot	@X[$i],0x88,@X[$i]
+	or	$t0,$t2,$t0
+	zapnot	$t3,0x44,$t3
+	sll	$a,5,$t1
+
+	or	@X[$i],$t0,@X[$i]
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	zapnot	$a,0xf,$a
+
+	or	@X[$i],$t3,@X[$i]
+	srl	$a,27,$t0
+	bic	$d,$b,$t3
+	sll	$b,30,$b
+
+	extll	@X[$i],4,@X[$i+1]	# extract upper half
+	or	$t2,$t3,$t2
+	addl	@X[$i],$e,$e
+
+	addl	$t1,$e,$e
+	srl	$b,32,$t3
+	zapnot	@X[$i],0xf,@X[$i]
+
+	addl	$t0,$e,$e
+	addl	$t2,$e,$e
+	or	$t3,$b,$b
+___
+$code.=<<___ if (($i&1) && $i<15);
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	zapnot	$a,0xf,$a
+
+	srl	$a,27,$t0
+	addl	@X[$i%16],$e,$e
+	bic	$d,$b,$t3
+	sll	$b,30,$b
+
+	or	$t2,$t3,$t2
+	addl	$t1,$e,$e
+	srl	$b,32,$t3
+	zapnot	@X[$i],0xf,@X[$i]
+
+	addl	$t0,$e,$e
+	addl	$t2,$e,$e
+	or	$t3,$b,$b
+___
+$code.=<<___ if ($i>=15);	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	and	$b,$c,$t2
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	zapnot	$a,0xf,$a
+	addl	@X[$i%16],$e,$e
+	bic	$d,$b,$t3
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	srl	$a,27,$t0
+	addl	$t1,$e,$e
+	or	$t2,$t3,$t2
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$b
+	addl	$t0,$e,$e
+	srl	@X[$j%16],31,$t1
+
+	addl	$t2,$e,$e
+	srl	$b,32,$t3
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+	or	$t1,@X[$j%16],@X[$j%16]
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$t3
+	addl	$t1,$e,$e
+	xor	$b,$c,$t2
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	srl	$b,2,$b
+	addl	@X[$i%16],$e,$e
+	xor	$d,$t2,$t2
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	srl	@X[$j%16],31,$t1
+	addl	$t2,$e,$e
+	srl	$a,27,$t0
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	addl	$t0,$e,$e
+	or	$t1,@X[$j%16],@X[$j%16]
+___
+$code.=<<___ if ($i<77);
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+___
+$code.=<<___ if ($i==79);	# with context fetch
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	ldl	@X[0],0($ctx)
+
+	sll	$b,30,$t3
+	addl	$t1,$e,$e
+	xor	$b,$c,$t2
+	ldl	@X[1],4($ctx)
+
+	srl	$b,2,$b
+	addl	@X[$i%16],$e,$e
+	xor	$d,$t2,$t2
+	ldl	@X[2],8($ctx)
+
+	srl	$a,27,$t0
+	addl	$t2,$e,$e
+	ldl	@X[3],12($ctx)
+
+	or	$t3,$b,$b
+	addl	$t0,$e,$e
+	ldl	@X[4],16($ctx)
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;	# with forward Xupdate
+	sll	$a,5,$t1
+	addl	$K,$e,$e
+	zapnot	$a,0xf,$a
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+
+	srl	$a,27,$t0
+	and	$b,$c,$t2
+	and	$b,$d,$t3
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+
+	sll	$b,30,$b
+	addl	$t1,$e,$e
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+
+	srl	@X[$j%16],31,$t1
+	addl	$t0,$e,$e
+	or	$t2,$t3,$t2
+	and	$c,$d,$t3
+
+	or	$t2,$t3,$t2
+	srl	$b,32,$t3
+	addl	@X[$i%16],$e,$e
+	addl	@X[$j%16],@X[$j%16],@X[$j%16]
+
+	or	$t3,$b,$b
+	addl	$t2,$e,$e
+	or	$t1,@X[$j%16],@X[$j%16]
+	zapnot	@X[$i%16],0xf,@X[$i%16]
+___
+}
+
+$code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
+#include <asm.h>
+#include <regdef.h>
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+.globl	sha1_block_data_order
+.align	5
+.ent	sha1_block_data_order
+sha1_block_data_order:
+	lda	sp,-64(sp)
+	stq	ra,0(sp)
+	stq	s0,8(sp)
+	stq	s1,16(sp)
+	stq	s2,24(sp)
+	stq	s3,32(sp)
+	stq	s4,40(sp)
+	stq	s5,48(sp)
+	stq	fp,56(sp)
+	.mask	0x0400fe00,-64
+	.frame	sp,64,ra
+	.prologue 0
+
+	ldl	$A,0($ctx)
+	ldl	$B,4($ctx)
+	sll	$num,6,$num
+	ldl	$C,8($ctx)
+	ldl	$D,12($ctx)
+	ldl	$E,16($ctx)
+	addq	$inp,$num,$num
+
+.Lloop:
+	.set	noreorder
+	ldah	$K,23170(zero)
+	zapnot	$B,0xf,$B
+	lda	$K,31129($K)	# K_00_19
+___
+for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,28378(zero)
+	lda	$K,-5215($K)	# K_20_39
+___
+for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,-28900(zero)
+	lda	$K,-17188($K)	# K_40_59
+___
+for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	ldah	$K,-13725(zero)
+	lda	$K,-15914($K)	# K_60_79
+___
+for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	addl	@X[0],$A,$A
+	addl	@X[1],$B,$B
+	addl	@X[2],$C,$C
+	addl	@X[3],$D,$D
+	addl	@X[4],$E,$E
+	stl	$A,0($ctx)
+	stl	$B,4($ctx)
+	addq	$inp,64,$inp
+	stl	$C,8($ctx)
+	stl	$D,12($ctx)
+	stl	$E,16($ctx)
+	cmpult	$inp,$num,$t1
+	bne	$t1,.Lloop
+
+	.set	noreorder
+	ldq	ra,0(sp)
+	ldq	s0,8(sp)
+	ldq	s1,16(sp)
+	ldq	s2,24(sp)
+	ldq	s3,32(sp)
+	ldq	s4,40(sp)
+	ldq	s5,48(sp)
+	ldq	fp,56(sp)
+	lda	sp,64(sp)
+	ret	(ra)
+.end	sha1_block_data_order
+.ascii	"SHA1 block transform for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+$output=pop and open STDOUT,">$output";
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-armv4-large.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-armv4-large.pl
new file mode 100644
index 0000000..7ff5bfb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-armv4-large.pl
@@ -0,0 +1,742 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block procedure for ARMv4.
+#
+# January 2007.
+
+# Size/performance trade-off
+# ====================================================================
+# impl		size in bytes	comp cycles[*]	measured performance
+# ====================================================================
+# thumb		304		3212		4420
+# armv4-small	392/+29%	1958/+64%	2250/+96%
+# armv4-compact	740/+89%	1552/+26%	1840/+22%
+# armv4-large	1420/+92%	1307/+19%	1370/+34%[***]
+# full unroll	~5100/+260%	~1260/+4%	~1300/+5%
+# ====================================================================
+# thumb		= same as 'small' but in Thumb instructions[**] and
+#		  with recurring code in two private functions;
+# small		= detached Xload/update, loops are folded;
+# compact	= detached Xload/update, 5x unroll;
+# large		= interleaved Xload/update, 5x unroll;
+# full unroll	= interleaved Xload/update, full unroll, estimated[!];
+#
+# [*]	Manually counted instructions in "grand" loop body. Measured
+#	performance is affected by prologue and epilogue overhead,
+#	i-cache availability, branch penalties, etc.
+# [**]	While each Thumb instruction is twice smaller, they are not as
+#	diverse as ARM ones: e.g., there are only two arithmetic
+#	instructions with 3 arguments, no [fixed] rotate, addressing
+#	modes are limited. As result it takes more instructions to do
+#	the same job in Thumb, therefore the code is never twice as
+#	small and always slower.
+# [***]	which is also ~35% better than compiler generated code. Dual-
+#	issue Cortex A8 core was measured to process input block in
+#	~990 cycles.
+
+# August 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 13% improvement on
+# Cortex A8 core and in absolute terms ~870 cycles per input block
+# [or 13.6 cycles per byte].
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 10%
+# improvement on Cortex A8 core and 12.2 cycles per byte.
+
+# September 2013.
+#
+# Add NEON implementation (see sha1-586.pl for background info). On
+# Cortex A8 it was measured to process one byte in 6.7 cycles or >80%
+# faster than integer-only code. Because [fully unrolled] NEON code
+# is ~2.5x larger and there are some redundant instructions executed
+# when processing last block, improvement is not as big for smallest
+# blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per
+# byte, which is also >80% faster than integer-only code. Cortex-A15
+# is even faster spending 5.6 cycles per byte outperforming integer-
+# only code by factor of 2.
+
+# May 2014.
+#
+# Add ARMv8 code path performing at 2.35 cpb on Apple A7.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+$Xi="r14";
+@V=($a,$b,$c,$d,$e);
+
+sub Xupdate {
+my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
+$code.=<<___;
+	ldr	$t0,[$Xi,#15*4]
+	ldr	$t1,[$Xi,#13*4]
+	ldr	$t2,[$Xi,#7*4]
+	add	$e,$K,$e,ror#2			@ E+=K_xx_xx
+	ldr	$t3,[$Xi,#2*4]
+	eor	$t0,$t0,$t1
+	eor	$t2,$t2,$t3			@ 1 cycle stall
+	eor	$t1,$c,$d			@ F_xx_xx
+	mov	$t0,$t0,ror#31
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	eor	$t0,$t0,$t2,ror#31
+	str	$t0,[$Xi,#-4]!
+	$opt1					@ F_xx_xx
+	$opt2					@ F_xx_xx
+	add	$e,$e,$t0			@ E+=X[i]
+___
+}
+
+sub BODY_00_15 {
+my ($a,$b,$c,$d,$e)=@_;
+$code.=<<___;
+#if __ARM_ARCH__<7
+	ldrb	$t1,[$inp,#2]
+	ldrb	$t0,[$inp,#3]
+	ldrb	$t2,[$inp,#1]
+	add	$e,$K,$e,ror#2			@ E+=K_00_19
+	ldrb	$t3,[$inp],#4
+	orr	$t0,$t0,$t1,lsl#8
+	eor	$t1,$c,$d			@ F_xx_xx
+	orr	$t0,$t0,$t2,lsl#16
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	orr	$t0,$t0,$t3,lsl#24
+#else
+	ldr	$t0,[$inp],#4			@ handles unaligned
+	add	$e,$K,$e,ror#2			@ E+=K_00_19
+	eor	$t1,$c,$d			@ F_xx_xx
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+#ifdef __ARMEL__
+	rev	$t0,$t0				@ byte swap
+#endif
+#endif
+	and	$t1,$b,$t1,ror#2
+	add	$e,$e,$t0			@ E+=X[i]
+	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
+	str	$t0,[$Xi,#-4]!
+	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_16_19 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2");
+$code.=<<___;
+	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
+	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_20_39 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"eor $t1,$b,$t1,ror#2");
+$code.=<<___;
+	add	$e,$e,$t1			@ E+=F_20_39(B,C,D)
+___
+}
+
+sub BODY_40_59 {
+my ($a,$b,$c,$d,$e)=@_;
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
+$code.=<<___;
+	add	$e,$e,$t1			@ E+=F_40_59(B,C,D)
+	add	$e,$e,$t2,ror#2
+___
+}
+
+$code=<<___;
+#include "arm_arch.h"
+
+.text
+#if defined(__thumb2__)
+.syntax	unified
+.thumb
+#else
+.code	32
+#endif
+
+.global	sha1_block_data_order
+.type	sha1_block_data_order,%function
+
+.align	5
+sha1_block_data_order:
+#if __ARM_MAX_ARCH__>=7
+.Lsha1_block:
+	adr	r3,.Lsha1_block
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV8_SHA1
+	bne	.LARMv8
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	stmdb	sp!,{r4-r12,lr}
+	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
+	ldmia	$ctx,{$a,$b,$c,$d,$e}
+.Lloop:
+	ldr	$K,.LK_00_19
+	mov	$Xi,sp
+	sub	sp,sp,#15*4
+	mov	$c,$c,ror#30
+	mov	$d,$d,ror#30
+	mov	$e,$e,ror#30		@ [6]
+.L_00_15:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_00_15(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp
+#endif
+	bne	.L_00_15		@ [((11+4)*5+2)*3]
+	sub	sp,sp,#25*4
+___
+	&BODY_00_15(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+	&BODY_16_19(@V);	unshift(@V,pop(@V));
+$code.=<<___;
+
+	ldr	$K,.LK_20_39		@ [+15+16*4]
+	cmn	sp,#0			@ [+3], clear carry to denote 20_39
+.L_20_39_or_60_79:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_20_39(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp			@ preserve carry
+#endif
+	bne	.L_20_39_or_60_79	@ [+((12+3)*5+2)*4]
+	bcs	.L_done			@ [+((12+3)*5+2)*4], spare 300 bytes
+
+	ldr	$K,.LK_40_59
+	sub	sp,sp,#20*4		@ [+2]
+.L_40_59:
+___
+for($i=0;$i<5;$i++) {
+	&BODY_40_59(@V);	unshift(@V,pop(@V));
+}
+$code.=<<___;
+#if defined(__thumb2__)
+	mov	$t3,sp
+	teq	$Xi,$t3
+#else
+	teq	$Xi,sp
+#endif
+	bne	.L_40_59		@ [+((12+5)*5+2)*4]
+
+	ldr	$K,.LK_60_79
+	sub	sp,sp,#20*4
+	cmp	sp,#0			@ set carry to denote 60_79
+	b	.L_20_39_or_60_79	@ [+4], spare 300 bytes
+.L_done:
+	add	sp,sp,#80*4		@ "deallocate" stack frame
+	ldmia	$ctx,{$K,$t0,$t1,$t2,$t3}
+	add	$a,$K,$a
+	add	$b,$t0,$b
+	add	$c,$t1,$c,ror#2
+	add	$d,$t2,$d,ror#2
+	add	$e,$t3,$e,ror#2
+	stmia	$ctx,{$a,$b,$c,$d,$e}
+	teq	$inp,$len
+	bne	.Lloop			@ [+18], total 1307
+
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha1_block_data_order,.-sha1_block_data_order
+
+.align	5
+.LK_00_19:	.word	0x5a827999
+.LK_20_39:	.word	0x6ed9eba1
+.LK_40_59:	.word	0x8f1bbcdc
+.LK_60_79:	.word	0xca62c1d6
+#if __ARM_MAX_ARCH__>=7
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha1_block
+#endif
+.asciz	"SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+___
+#####################################################################
+# NEON stuff
+#
+{{{
+my @V=($a,$b,$c,$d,$e);
+my ($K_XX_XX,$Ki,$t0,$t1,$Xfer,$saved_sp)=map("r$_",(8..12,14));
+my $Xi=4;
+my @X=map("q$_",(8..11,0..3));
+my @Tx=("q12","q13");
+my ($K,$zero)=("q14","q15");
+my $j=0;
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub body_00_19 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&bic	($t0,$d,$b)',
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&and	($t1,$c,$b)',
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&eor	($t1,$t1,$t0)',		# F_00_19
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_00_19
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+sub body_20_39 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&eor	($t0,$b,$d)',
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15)) if ($j<79)',
+	'&eor	($t1,$t0,$c)',		# F_20_39
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_20_39
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+sub body_40_59 () {
+	(
+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
+	'&and	($t0,$c,$d)',
+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
+	'&eor	($t1,$c,$d)',
+	'&add	($e,$e,$t0)',
+	'&and	($t1,$t1,$b)',
+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
+	'&add	($e,$e,$t1);'.		# e+=F_40_59
+	'$j++;	unshift(@V,pop(@V));'
+	)
+}
+
+sub Xupdate_16_31 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vext_8		(@X[0],@X[-4&7],@X[-3&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	&vext_8		(@Tx[0],@X[-1&7],$zero,4);	# "X[-3]", 3 words
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[0]"^="X[-3]"^"X[-8]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vext_8		(@Tx[1],$zero,@Tx[0],4);	# "X[0]"<<96, extract one dword
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@Tx[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsri_32	(@X[0],@Tx[0],31);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	(@Tx[0],@Tx[1],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshl_u32	(@Tx[1],@Tx[1],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@Tx[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+
+	foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_32_79 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vext_8		(@Tx[0],@X[-2&7],@X[-1&7],8);	# compose "X[-6]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[-6]"^="X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	(@X[0],@Tx[0],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	(@X[0],@Tx[0],2);		# "X[0]"="X[-6]"<<<2
+
+	foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_80 ()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vadd_i32	(@Tx[1],@X[-1&7],$K);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vst1_32	("{@Tx[1]}","[$Xfer,:128]!");
+	&sub		($Xfer,$Xfer,64);
+
+	&teq		($inp,$len);
+	&sub		($K_XX_XX,$K_XX_XX,16);	# rewind $K_XX_XX
+	&it		("eq");
+	&subeq		($inp,$inp,64);		# reload last block to avoid SEGV
+	&vld1_8		("{@X[-4&7]-@X[-3&7]}","[$inp]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_8		("{@X[-2&7]-@X[-1&7]}","[$inp]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$K\[]}","[$K_XX_XX,:32]!");	# load K_00_19
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vrev32_8	(@X[-4&7],@X[-4&7]);
+
+	foreach (@insns) { eval; }		# remaining instructions
+
+   $Xi=0;
+}
+
+sub Xloop()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e);
+
+	&vrev32_8	(@X[($Xi-3)&7],@X[($Xi-3)&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[$Xi&7],@X[($Xi-4)&7],$K);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vst1_32	("{@X[$Xi&7]}","[$Xfer,:128]!");# X[]+K xfer to IALU
+
+	foreach (@insns) { eval; }
+
+  $Xi++;
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.type	sha1_block_data_order_neon,%function
+.align	4
+sha1_block_data_order_neon:
+.LNEON:
+	stmdb	sp!,{r4-r12,lr}
+	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
+	@ dmb				@ errata #451034 on early Cortex A8
+	@ vstmdb	sp!,{d8-d15}	@ ABI specification says so
+	mov	$saved_sp,sp
+	sub	$Xfer,sp,#64
+	adr	$K_XX_XX,.LK_00_19
+	bic	$Xfer,$Xfer,#15		@ align for 128-bit stores
+
+	ldmia	$ctx,{$a,$b,$c,$d,$e}	@ load context
+	mov	sp,$Xfer		@ alloca
+
+	vld1.8		{@X[-4&7]-@X[-3&7]},[$inp]!	@ handles unaligned
+	veor		$zero,$zero,$zero
+	vld1.8		{@X[-2&7]-@X[-1&7]},[$inp]!
+	vld1.32		{${K}\[]},[$K_XX_XX,:32]!	@ load K_00_19
+	vrev32.8	@X[-4&7],@X[-4&7]		@ yes, even on
+	vrev32.8	@X[-3&7],@X[-3&7]		@ big-endian...
+	vrev32.8	@X[-2&7],@X[-2&7]
+	vadd.i32	@X[0],@X[-4&7],$K
+	vrev32.8	@X[-1&7],@X[-1&7]
+	vadd.i32	@X[1],@X[-3&7],$K
+	vst1.32		{@X[0]},[$Xfer,:128]!
+	vadd.i32	@X[2],@X[-2&7],$K
+	vst1.32		{@X[1]},[$Xfer,:128]!
+	vst1.32		{@X[2]},[$Xfer,:128]!
+	ldr		$Ki,[sp]			@ big RAW stall
+
+.Loop_neon:
+___
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_16_31(\&body_00_19);
+	&Xupdate_32_79(\&body_00_19);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_20_39);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_40_59);
+	&Xupdate_32_79(\&body_20_39);
+	&Xuplast_80(\&body_20_39);
+	&Xloop(\&body_20_39);
+	&Xloop(\&body_20_39);
+	&Xloop(\&body_20_39);
+$code.=<<___;
+	ldmia	$ctx,{$Ki,$t0,$t1,$Xfer}	@ accumulate context
+	add	$a,$a,$Ki
+	ldr	$Ki,[$ctx,#16]
+	add	$b,$b,$t0
+	add	$c,$c,$t1
+	add	$d,$d,$Xfer
+	it	eq
+	moveq	sp,$saved_sp
+	add	$e,$e,$Ki
+	it	ne
+	ldrne	$Ki,[sp]
+	stmia	$ctx,{$a,$b,$c,$d,$e}
+	itt	ne
+	addne	$Xfer,sp,#3*16
+	bne	.Loop_neon
+
+	@ vldmia	sp!,{d8-d15}
+	ldmia	sp!,{r4-r12,pc}
+.size	sha1_block_data_order_neon,.-sha1_block_data_order_neon
+#endif
+___
+}}}
+#####################################################################
+# ARMv8 stuff
+#
+{{{
+my ($ABCD,$E,$E0,$E1)=map("q$_",(0..3));
+my @MSG=map("q$_",(4..7));
+my @Kxx=map("q$_",(8..11));
+my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14));
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+
+# if defined(__thumb2__)
+#  define INST(a,b,c,d)	.byte	c,d|0xf,a,b
+# else
+#  define INST(a,b,c,d)	.byte	a,b,c,d|0x10
+# endif
+
+.type	sha1_block_data_order_armv8,%function
+.align	5
+sha1_block_data_order_armv8:
+.LARMv8:
+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
+
+	veor	$E,$E,$E
+	adr	r3,.LK_00_19
+	vld1.32	{$ABCD},[$ctx]!
+	vld1.32	{$E\[0]},[$ctx]
+	sub	$ctx,$ctx,#16
+	vld1.32	{@Kxx[0]\[]},[r3,:32]!
+	vld1.32	{@Kxx[1]\[]},[r3,:32]!
+	vld1.32	{@Kxx[2]\[]},[r3,:32]!
+	vld1.32	{@Kxx[3]\[]},[r3,:32]
+
+.Loop_v8:
+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
+	vrev32.8	@MSG[0],@MSG[0]
+	vrev32.8	@MSG[1],@MSG[1]
+
+	vadd.i32	$W0,@Kxx[0],@MSG[0]
+	vrev32.8	@MSG[2],@MSG[2]
+	vmov		$ABCD_SAVE,$ABCD	@ offload
+	subs		$len,$len,#1
+
+	vadd.i32	$W1,@Kxx[0],@MSG[1]
+	vrev32.8	@MSG[3],@MSG[3]
+	sha1h		$E1,$ABCD		@ 0
+	sha1c		$ABCD,$E,$W0
+	vadd.i32	$W0,@Kxx[$j],@MSG[2]
+	sha1su0		@MSG[0],@MSG[1],@MSG[2]
+___
+for ($j=0,$i=1;$i<20-3;$i++) {
+my $f=("c","p","m","p")[$i/5];
+$code.=<<___;
+	sha1h		$E0,$ABCD		@ $i
+	sha1$f		$ABCD,$E1,$W1
+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
+	sha1su1		@MSG[0],@MSG[3]
+___
+$code.=<<___ if ($i<20-4);
+	sha1su0		@MSG[1],@MSG[2],@MSG[3]
+___
+	($E0,$E1)=($E1,$E0);	($W0,$W1)=($W1,$W0);
+	push(@MSG,shift(@MSG));	$j++ if ((($i+3)%5)==0);
+}
+$code.=<<___;
+	sha1h		$E0,$ABCD		@ $i
+	sha1p		$ABCD,$E1,$W1
+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
+
+	sha1h		$E1,$ABCD		@ 18
+	sha1p		$ABCD,$E0,$W0
+
+	sha1h		$E0,$ABCD		@ 19
+	sha1p		$ABCD,$E1,$W1
+
+	vadd.i32	$E,$E,$E0
+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
+	bne		.Loop_v8
+
+	vst1.32		{$ABCD},[$ctx]!
+	vst1.32		{$E\[0]},[$ctx]
+
+	vldmia	sp!,{d8-d15}
+	ret					@ bx lr
+.size	sha1_block_data_order_armv8,.-sha1_block_data_order_armv8
+#endif
+___
+}}}
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+{   my  %opcode = (
+	"sha1c"		=> 0xf2000c40,	"sha1p"		=> 0xf2100c40,
+	"sha1m"		=> 0xf2200c40,	"sha1su0"	=> 0xf2300c40,
+	"sha1h"		=> 0xf3b902c0,	"sha1su1"	=> 0xf3ba0380	);
+
+    sub unsha1 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<17)|(($2&8)<<4)
+					 |(($3&7)<<1) |(($3&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+
+	    # this fix-up provides Thumb encoding in conjunction with INST
+	    $word &= ~0x10000000 if (($word & 0x0f000000) == 0x02000000);
+	    sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+	s/{q([0-9]+)\[\]}/sprintf "{d%d[],d%d[]}",2*$1,2*$1+1/eo	or
+	s/{q([0-9]+)\[0\]}/sprintf "{d%d[0]}",2*$1/eo;
+
+	s/\b(sha1\w+)\s+(q.*)/unsha1($1,$2)/geo;
+
+	s/\bret\b/bx	lr/o		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/o;	# make it possible to compile with -march=armv4
+
+	print $_,$/;
+}
+
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-armv8.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-armv8.pl
new file mode 100644
index 0000000..84a00bf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-armv8.pl
@@ -0,0 +1,363 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA1 for ARMv8.
+#
+# Performance in cycles per processed byte and improvement coefficient
+# over code generated with "default" compiler:
+#
+#		hardware-assisted	software(*)
+# Apple A7	2.31			4.13 (+14%)
+# Cortex-A53	2.24			8.03 (+97%)
+# Cortex-A57	2.35			7.88 (+74%)
+# Denver	2.13			3.97 (+0%)(**)
+# X-Gene				8.80 (+200%)
+# Mongoose	2.05			6.50 (+160%)
+#
+# (*)	Software results are presented mostly for reference purposes.
+# (**)	Keep in mind that Denver relies on binary translation, which
+#	optimizes compiler output at run-time.
+
+$flavour = shift;
+$output  = shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+($ctx,$inp,$num)=("x0","x1","x2");
+@Xw=map("w$_",(3..17,19));
+@Xx=map("x$_",(3..17,19));
+@V=($A,$B,$C,$D,$E)=map("w$_",(20..24));
+($t0,$t1,$t2,$K)=map("w$_",(25..28));
+
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i<15 && !($i&1));
+	lsr	@Xx[$i+1],@Xx[$i],#32
+___
+$code.=<<___ if ($i<14 && !($i&1));
+	ldr	@Xx[$i+2],[$inp,#`($i+2)*4-64`]
+___
+$code.=<<___ if ($i<14 && ($i&1));
+#ifdef	__ARMEB__
+	ror	@Xx[$i+1],@Xx[$i+1],#32
+#else
+	rev32	@Xx[$i+1],@Xx[$i+1]
+#endif
+___
+$code.=<<___ if ($i<14);
+	bic	$t0,$d,$b
+	and	$t1,$c,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	orr	$t0,$t0,$t1
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+$code.=<<___ if ($i==19);
+	movz	$K,#0xeba1
+	movk	$K,#0x6ed9,lsl#16
+___
+$code.=<<___ if ($i>=14);
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	bic	$t0,$d,$b
+	and	$t1,$c,$b
+	ror	$t2,$a,#27
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	add	$d,$d,$K		// future e+=K
+	orr	$t0,$t0,$t1
+	add	$e,$e,$t2		// e+=rot(a,5)
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i==59);
+	movz	$K,#0xc1d6
+	movk	$K,#0xca62,lsl#16
+___
+$code.=<<___;
+	orr	$t0,$b,$c
+	and	$t1,$b,$c
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	ror	$t2,$a,#27
+	and	$t0,$t0,$d
+	add	$d,$d,$K		// future e+=K
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	add	$e,$e,$t2		// e+=rot(a,5)
+	orr	$t0,$t0,$t1
+	ror	$b,$b,#2
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=($i+2)&15;
+
+$code.=<<___ if ($i==39);
+	movz	$K,#0xbcdc
+	movk	$K,#0x8f1b,lsl#16
+___
+$code.=<<___ if ($i<78);
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+	 ror	@Xw[$j],@Xw[$j],#31
+___
+$code.=<<___ if ($i==78);
+	ldp	@Xw[1],@Xw[2],[$ctx]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	add	$d,$d,$K		// future e+=K
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+$code.=<<___ if ($i==79);
+	ldp	@Xw[3],@Xw[4],[$ctx,#8]
+	eor	$t0,$d,$b
+	ror	$t2,$a,#27
+	eor	$t0,$t0,$c
+	add	$e,$e,$t2		// e+=rot(a,5)
+	ror	$b,$b,#2
+	ldr	@Xw[5],[$ctx,#16]
+	add	$e,$e,$t0		// e+=F(b,c,d)
+___
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+.extern	OPENSSL_armcap_P
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,%function
+.align	6
+sha1_block_data_order:
+#ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+#else
+	ldr	x16,.LOPENSSL_armcap_P
+#endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA1
+	b.ne	.Lv8_entry
+
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	ldp	$A,$B,[$ctx]
+	ldp	$C,$D,[$ctx,#8]
+	ldr	$E,[$ctx,#16]
+
+.Loop:
+	ldr	@Xx[0],[$inp],#64
+	movz	$K,#0x7999
+	sub	$num,$num,#1
+	movk	$K,#0x5a82,lsl#16
+#ifdef	__ARMEB__
+	ror	$Xx[0],@Xx[0],#32
+#else
+	rev32	@Xx[0],@Xx[0]
+#endif
+	add	$E,$E,$K		// warm it up
+	add	$E,$E,@Xw[0]
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	$B,$B,@Xw[2]
+	add	$C,$C,@Xw[3]
+	add	$A,$A,@Xw[1]
+	add	$D,$D,@Xw[4]
+	add	$E,$E,@Xw[5]
+	stp	$A,$B,[$ctx]
+	stp	$C,$D,[$ctx,#8]
+	str	$E,[$ctx,#16]
+	cbnz	$num,.Loop
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldp	x25,x26,[sp,#64]
+	ldp	x27,x28,[sp,#80]
+	ldr	x29,[sp],#96
+	ret
+.size	sha1_block_data_order,.-sha1_block_data_order
+___
+{{{
+my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3));
+my @MSG=map("v$_.16b",(4..7));
+my @Kxx=map("v$_.4s",(16..19));
+my ($W0,$W1)=("v20.4s","v21.4s");
+my $ABCD_SAVE="v22.16b";
+
+$code.=<<___;
+.type	sha1_block_armv8,%function
+.align	6
+sha1_block_armv8:
+.Lv8_entry:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	adr	x4,.Lconst
+	eor	$E,$E,$E
+	ld1.32	{$ABCD},[$ctx],#16
+	ld1.32	{$E}[0],[$ctx]
+	sub	$ctx,$ctx,#16
+	ld1.32	{@Kxx[0]-@Kxx[3]},[x4]
+
+.Loop_hw:
+	ld1	{@MSG[0]-@MSG[3]},[$inp],#64
+	sub	$num,$num,#1
+	rev32	@MSG[0],@MSG[0]
+	rev32	@MSG[1],@MSG[1]
+
+	add.i32	$W0,@Kxx[0],@MSG[0]
+	rev32	@MSG[2],@MSG[2]
+	orr	$ABCD_SAVE,$ABCD,$ABCD	// offload
+
+	add.i32	$W1,@Kxx[0],@MSG[1]
+	rev32	@MSG[3],@MSG[3]
+	sha1h	$E1,$ABCD
+	sha1c	$ABCD,$E,$W0		// 0
+	add.i32	$W0,@Kxx[$j],@MSG[2]
+	sha1su0	@MSG[0],@MSG[1],@MSG[2]
+___
+for ($j=0,$i=1;$i<20-3;$i++) {
+my $f=("c","p","m","p")[$i/5];
+$code.=<<___;
+	sha1h	$E0,$ABCD		// $i
+	sha1$f	$ABCD,$E1,$W1
+	add.i32	$W1,@Kxx[$j],@MSG[3]
+	sha1su1	@MSG[0],@MSG[3]
+___
+$code.=<<___ if ($i<20-4);
+	sha1su0	@MSG[1],@MSG[2],@MSG[3]
+___
+	($E0,$E1)=($E1,$E0);		($W0,$W1)=($W1,$W0);
+	push(@MSG,shift(@MSG));		$j++ if ((($i+3)%5)==0);
+}
+$code.=<<___;
+	sha1h	$E0,$ABCD		// $i
+	sha1p	$ABCD,$E1,$W1
+	add.i32	$W1,@Kxx[$j],@MSG[3]
+
+	sha1h	$E1,$ABCD		// 18
+	sha1p	$ABCD,$E0,$W0
+
+	sha1h	$E0,$ABCD		// 19
+	sha1p	$ABCD,$E1,$W1
+
+	add.i32	$E,$E,$E0
+	add.i32	$ABCD,$ABCD,$ABCD_SAVE
+
+	cbnz	$num,.Loop_hw
+
+	st1.32	{$ABCD},[$ctx],#16
+	st1.32	{$E}[0],[$ctx]
+
+	ldr	x29,[sp],#16
+	ret
+.size	sha1_block_armv8,.-sha1_block_armv8
+.align	6
+.Lconst:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+.comm	OPENSSL_armcap_P,4,4
+___
+}}}
+
+{   my	%opcode = (
+	"sha1c"		=> 0x5e000000,	"sha1p"		=> 0x5e001000,
+	"sha1m"		=> 0x5e002000,	"sha1su0"	=> 0x5e003000,
+	"sha1h"		=> 0x5e280800,	"sha1su1"	=> 0x5e281800	);
+
+    sub unsha1 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo;
+
+	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
+	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-c64xplus.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-c64xplus.pl
new file mode 100644
index 0000000..4db2bcb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-c64xplus.pl
@@ -0,0 +1,337 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA1 for C64x+.
+#
+# November 2011
+#
+# If compared to compiler-generated code with similar characteristics,
+# i.e. compiled with OPENSSL_SMALL_FOOTPRINT and utilizing SPLOOPs,
+# this implementation is 25% smaller and >2x faster. In absolute terms
+# performance is (quite impressive) ~6.5 cycles per processed byte.
+# Fully unrolled assembler would be ~5x larger and is likely to be
+# ~15% faster. It would be free from references to intermediate ring
+# buffer, but put more pressure on L1P [both because the code would be
+# larger and won't be using SPLOOP buffer]. There are no plans to
+# realize fully unrolled variant though...
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTX,$INP,$NUM) = ("A4","B4","A6");		# arguments
+
+($A,$B,$C,$D,$E, $Arot,$F,$F0,$T,$K) = map("A$_",(16..20, 21..25));
+($X0,$X2,$X8,$X13) = ("A26","B26","A27","B27");
+($TX0,$TX1,$TX2,$TX3) = map("B$_",(28..31));
+($XPA,$XPB) = ("A5","B5");			# X circular buffer
+($Actx,$Bctx,$Cctx,$Dctx,$Ectx) = map("A$_",(3,6..9));	# zaps $NUM
+
+$code=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.asg	sha1_block_data_order,_sha1_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	MV,SWAP2
+	.asg	MV,SWAP4
+	.endif
+
+	.global	_sha1_block_data_order
+_sha1_block_data_order:
+	.asmfunc stack_usage(64)
+	MV	$NUM,A0			; reassign $NUM
+||	MVK	-64,B0
+  [!A0]	BNOP	RA			; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--[16]		; save frame pointer and alloca(64)
+|| [A0]	MV	SP,FP
+   [A0]	LDW	*${CTX}[0],$A		; load A-E...
+|| [A0]	AND	B0,SP,SP		; align stack at 64 bytes
+   [A0]	LDW	*${CTX}[1],$B
+|| [A0]	SUBAW	SP,2,SP			; reserve two words above buffer
+   [A0]	LDW	*${CTX}[2],$C
+|| [A0]	MVK	0x00404,B0
+   [A0]	LDW	*${CTX}[3],$D
+|| [A0]	MVKH	0x50000,B0		; 0x050404, 64 bytes for $XP[AB]
+   [A0]	LDW	*${CTX}[4],$E
+|| [A0]	MVC	B0,AMR			; setup circular addressing
+	LDNW	*${INP}++,$TX1		; pre-fetch input
+	NOP	1
+
+loop?:
+	MVK	0x00007999,$K
+||	ADDAW	SP,2,$XPA
+||	SUB	A0,1,A0
+||	MVK	13,B0
+	MVKH	0x5a820000,$K		; K_00_19
+||	ADDAW	SP,2,$XPB
+||	MV	$A,$Actx
+||	MV	$B,$Bctx
+;;==================================================
+	SPLOOPD	5			; BODY_00_13
+||	MV	$C,$Cctx
+||	MV	$D,$Dctx
+||	MV	$E,$Ectx
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+||	LDNW	*${INP}++,$TX1
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX3		; byte swap
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+
+	ADD	$TX3,$T,$A		; A=T+Xi
+||	STW	$TX3,*${XPB}++
+	SPKERNEL
+;;==================================================
+	ROTL	$A,5,$Arot		; BODY_14
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+||	LDNW	*${INP}++,$TX1
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX2		; byte swap
+||	LDW	*${XPA}++,$X0		; fetches from X ring buffer are
+||	LDW	*${XPB}[4],$X2		; 2 iterations ahead
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+;;==================================================
+	ROTL	$A,5,$Arot		; BODY_15
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+||	SWAP2	$TX1,$TX2
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	SWAP4	$TX2,$TX2		; byte swap
+||	XOR	$X0,$X2,$TX0		; Xupdate XORs are 1 iteration ahead
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+||	MVK	3,B0
+;;==================================================
+	SPLOOPD	5			; BODY_16_19
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	AND	$C,$B,$F
+||	ANDN	$D,$B,$F0
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$F0,$F,$F		; F_00_19(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_00_19(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+	SPKERNEL
+
+	MVK	0xffffeba1,$K
+||	MVK	19,B0
+	MVKH	0x6ed90000,$K		; K_20_39
+___
+sub BODY_20_39 {
+$code.=<<___;
+;;==================================================
+	SPLOOPD	5			; BODY_20_39
+||	MVC	B0,ILC
+
+	ROTL	$A,5,$Arot
+||	XOR	$B,$C,$F
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$D,$F,$F		; F_20_39(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_20_39(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++		; last one is redundant
+||	XOR	$TX0,$TX1,$TX1
+	SPKERNEL
+___
+$code.=<<___ if (!shift);
+	MVK	0xffffbcdc,$K
+	MVKH	0x8f1b0000,$K		; K_40_59
+___
+}	&BODY_20_39();
+$code.=<<___;
+;;==================================================
+	SPLOOPD	5			; BODY_40_59
+||	MVC	B0,ILC
+||	AND	$B,$C,$F
+||	AND	$B,$D,$F0
+
+	ROTL	$A,5,$Arot
+||	XOR	$F0,$F,$F
+||	AND	$C,$D,$F0
+||	ADD	$K,$E,$T		; T=E+K
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+	XOR	$F0,$F,$F		; F_40_59(B,C,D)
+||	MV	$D,$E			; E=D
+||	MV	$C,$D			; D=C
+
+	ADD	$F,$T,$T		; T+=F_40_59(B,C,D)
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+||	XOR	$X0,$X2,$TX0
+||	LDW	*${XPA}++,$X0
+||	LDW	*${XPB}[4],$X2
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	MV	$A,$B			; B=A
+||	XOR	$X8,$X13,$TX1
+||	LDW	*${XPA}[7],$X8
+||	MV	$TX3,$X13		; ||	LDW	*${XPB}[15],$X13
+||	MV	$TX2,$TX3
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+||	STW	$TX2,*${XPB}++
+||	XOR	$TX0,$TX1,$TX1
+||	AND	$B,$C,$F
+||	AND	$B,$D,$F0
+	SPKERNEL
+
+	MVK	0xffffc1d6,$K
+||	MVK	18,B0
+	MVKH	0xca620000,$K		; K_60_79
+___
+	&BODY_20_39(-1);		# BODY_60_78
+$code.=<<___;
+;;==================================================
+   [A0]	B	loop?
+||	ROTL	$A,5,$Arot		; BODY_79
+||	XOR	$B,$C,$F
+||	ROTL	$TX1,1,$TX2		; Xupdate output
+
+   [A0]	LDNW	*${INP}++,$TX1		; pre-fetch input
+||	ADD	$K,$E,$T		; T=E+K
+||	XOR	$D,$F,$F		; F_20_39(B,C,D)
+
+	ADD	$F,$T,$T		; T+=F_20_39(B,C,D)
+||	ADD	$Ectx,$D,$E		; E=D,E+=Ectx
+||	ADD	$Dctx,$C,$D		; D=C,D+=Dctx
+||	ROTL	$B,30,$C		; C=ROL(B,30)
+
+	ADD	$Arot,$T,$T		; T+=ROL(A,5)
+||	ADD	$Bctx,$A,$B		; B=A,B+=Bctx
+
+	ADD	$TX2,$T,$A		; A=T+Xi
+
+	ADD	$Actx,$A,$A		; A+=Actx
+||	ADD	$Cctx,$C,$C		; C+=Cctx
+;; end of loop?
+
+	BNOP	RA			; return
+||	MV	FP,SP			; restore stack pointer
+||	LDW	*FP[0],FP		; restore frame pointer
+	STW	$A,*${CTX}[0]		; emit A-E...
+||	MVK	0,B0
+	STW	$B,*${CTX}[1]
+||	MVC	B0,AMR			; clear AMR
+	STW	$C,*${CTX}[2]
+	STW	$D,*${CTX}[3]
+	STW	$E,*${CTX}[4]
+	.endasmfunc
+
+	.sect	.const
+	.cstring "SHA1 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-ia64.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-ia64.pl
new file mode 100644
index 0000000..dec21f9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-ia64.pl
@@ -0,0 +1,314 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Eternal question is what's wrong with compiler generated code? The
+# trick is that it's possible to reduce the number of shifts required
+# to perform rotations by maintaining copy of 32-bit value in upper
+# bits of 64-bit register. Just follow mux2 and shrp instructions...
+# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
+# is >50% better than HP C and >2x better than gcc.
+
+$output = pop;
+
+$code=<<___;
+.ident  \"sha1-ia64.s, version 1.3\"
+.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
+.explicit
+
+___
+
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+
+#$human=1;
+if ($human) {	# useful for visual code auditing...
+	($A,$B,$C,$D,$E)   = ("A","B","C","D","E");
+	($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
+	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+	    (	"K_00_19","K_20_39","K_40_59","K_60_79"	);
+	@X= (	"X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
+		"X8", "X9","X10","X11","X12","X13","X14","X15"	);
+}
+else {
+	($A,$B,$C,$D,$E)   =    ("loc0","loc1","loc2","loc3","loc4");
+	($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9");
+	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+	    (	"r14", "r15", "loc10", "loc11"	);
+	@X= (	"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+		"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"	);
+}
+
+sub BODY_00_15 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___ if ($i==0);
+{ .mmi;	ld1	$X[$i]=[inp],2		    // MSB
+	ld1	tmp2=[tmp3],2		};;
+{ .mmi;	ld1	tmp0=[inp],2
+	ld1	tmp4=[tmp3],2		    // LSB
+	dep	$X[$i]=$X[$i],tmp2,8,8	};;
+___
+if ($i<15) {
+	$code.=<<___;
+{ .mmi;	ld1	$Xn=[inp],2		    // forward Xload
+	nop.m	0x0
+	dep	tmp1=tmp0,tmp4,8,8	};;
+{ .mmi;	ld1	tmp2=[tmp3],2		    // forward Xload
+	and	tmp4=$c,$b
+	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	andcm	tmp1=$d,$b
+	dep.z	tmp5=$a,5,27		};; // a<<5
+{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xload
+	or	tmp4=tmp4,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		};; // a>>27
+{ .mmi;	ld1	tmp0=[inp],2		    // forward Xload
+	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	ld1	tmp4=[tmp3],2		    // forward Xload
+	or	tmp5=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)
+	dep	$Xn=$Xn,tmp2,8,8	    // forward Xload
+	mux2	$X[$i]=$X[$i],0x44	} //;;
+
+___
+	}
+else	{
+	$code.=<<___;
+{ .mii;	and	tmp3=$c,$b
+	dep	tmp1=tmp0,tmp4,8,8;;
+	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	andcm	tmp1=$d,$b
+	dep.z	tmp5=$a,5,27		};; // a<<5
+{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xupdate
+	or	tmp4=tmp3,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate
+	nop.i	0			};;
+{ .mmi;	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
+	xor	$Xn=$Xn,tmp3		    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	mux2	$X[$i]=$X[$i],0x44	};;
+
+___
+	}
+}
+
+sub BODY_16_19 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___;
+{ .mib;	add	$e=$e,$K_00_19		    // e+=K_00_19
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	andcm	tmp1=$d,$b
+	and	tmp0=$c,$b		};;
+{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16]	// forward Xupdate
+	nop.i	0			};;
+{ .mmi;	add	$e=$e,tmp0		    // f+=F_00_19(b,c,d)
+	xor	$Xn=$Xn,tmp3		    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0			};;
+
+___
+}
+
+sub BODY_20_39 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e,$Konst)=@_;
+	$Konst = $K_20_39 if (!defined($Konst));
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+if ($i<79) {
+$code.=<<___;
+{ .mib;	add	$e=$e,$Konst		    // e+=K_XX_XX
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	xor	tmp0=$c,$b
+	xor	$Xn=$Xn,$X[($j+2)%16]	};; // forward Xupdate
+{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
+	xor	$Xn=$Xn,$X[($j+8)%16]	};; // forward Xupdate
+{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
+	xor	$Xn=$Xn,$X[($j+13)%16]	    // forward Xupdate
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0			};;
+
+___
+}
+else {
+$code.=<<___;
+{ .mib;	add	$e=$e,$Konst		    // e+=K_60_79
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	xor	tmp0=$c,$b
+	add	$h1=$h1,$a		};; // wrap up
+{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
+	add	$h3=$h3,$c		};; // wrap up
+{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
+	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+	shrp	$b=tmp6,tmp6,2		};; // b=ROTATE(b,30) ;;?
+{ .mmi;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
+	add	tmp3=1,inp		    // used in unaligned codepath
+	add	$h4=$h4,$d		};; // wrap up
+
+___
+}
+}
+
+sub BODY_40_59 {
+local	*code=shift;
+my	($i,$a,$b,$c,$d,$e)=@_;
+my	$j=$i+1;
+my	$Xn=@X[$j%16];
+
+$code.=<<___;
+{ .mib;	add	$e=$e,$K_40_59		    // e+=K_40_59
+	dep.z	tmp5=$a,5,27		}   // a<<5
+{ .mib;	and	tmp1=$c,$d
+	xor	tmp0=$c,$d		};;
+{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
+	add	tmp5=tmp5,tmp1		    // a<<5+(c&d)
+	extr.u	tmp1=$a,27,5		}   // a>>27
+{ .mmi;	and	tmp0=tmp0,$b
+	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
+	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] };;	// forward Xupdate
+{ .mmi;	add	$e=$e,tmp0		    // e+=b&(c^d)
+	add	tmp5=tmp5,tmp1		    // ROTATE(a,5)+(c&d)
+	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
+{ .mmi;	xor	$Xn=$Xn,tmp3
+	mux2	tmp6=$a,0x44		};; // see b in next iteration
+{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)+(c&d)
+	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+	nop.i	0x0			};;
+
+___
+}
+sub BODY_60_79	{ &BODY_20_39(@_,$K_60_79); }
+
+$code.=<<___;
+.text
+
+tmp0=r8;
+tmp1=r9;
+tmp2=r10;
+tmp3=r11;
+ctx=r32;	// in0
+inp=r33;	// in1
+
+// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
+.global	sha1_block_data_order#
+.proc	sha1_block_data_order#
+.align	32
+sha1_block_data_order:
+	.prologue
+{ .mmi;	alloc	tmp1=ar.pfs,3,14,0,0
+	$ADDP	tmp0=4,ctx
+	.save	ar.lc,r3
+	mov	r3=ar.lc		}
+{ .mmi;	$ADDP	ctx=0,ctx
+	$ADDP	inp=0,inp
+	mov	r2=pr			};;
+tmp4=in2;
+tmp5=loc12;
+tmp6=loc13;
+	.body
+{ .mlx;	ld4	$h0=[ctx],8
+	movl	$K_00_19=0x5a827999	}
+{ .mlx;	ld4	$h1=[tmp0],8
+	movl	$K_20_39=0x6ed9eba1	};;
+{ .mlx;	ld4	$h2=[ctx],8
+	movl	$K_40_59=0x8f1bbcdc	}
+{ .mlx;	ld4	$h3=[tmp0]
+	movl	$K_60_79=0xca62c1d6	};;
+{ .mmi;	ld4	$h4=[ctx],-16
+	add	in2=-1,in2		    // adjust num for ar.lc
+	mov	ar.ec=1			};;
+{ .mmi;	nop.m	0
+	add	tmp3=1,inp
+	mov	ar.lc=in2		};; // brp.loop.imp: too far
+
+.Ldtop:
+{ .mmi;	mov	$A=$h0
+	mov	$B=$h1
+	mux2	tmp6=$h1,0x44		}
+{ .mmi;	mov	$C=$h2
+	mov	$D=$h3
+	mov	$E=$h4			};;
+
+___
+
+{ my $i;
+  my @V=($A,$B,$C,$D,$E);
+
+	for($i=0;$i<16;$i++)	{ &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<20;$i++)	{ &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<40;$i++)	{ &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<60;$i++)	{ &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
+	for(;$i<80;$i++)	{ &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
+
+	(($V[0] eq $A) and ($V[4] eq $E)) or die;	# double-check
+}
+
+$code.=<<___;
+{ .mmb;	add	$h0=$h0,$A
+	add	$h2=$h2,$C
+	br.ctop.dptk.many	.Ldtop	};;
+.Ldend:
+{ .mmi;	add	tmp0=4,ctx
+	mov	ar.lc=r3		};;
+{ .mmi;	st4	[ctx]=$h0,8
+	st4	[tmp0]=$h1,8		};;
+{ .mmi;	st4	[ctx]=$h2,8
+	st4	[tmp0]=$h3		};;
+{ .mib;	st4	[ctx]=$h4,-16
+	mov	pr=r2,0x1ffff
+	br.ret.sptk.many	b0	};;
+.endp	sha1_block_data_order#
+stringz	"SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+open STDOUT,">$output" if $output;
+print $code;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-mb-x86_64.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-mb-x86_64.pl
new file mode 100644
index 0000000..51c73c0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -0,0 +1,1582 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer SHA1 procedure processes n buffers in parallel by
+# placing buffer data to designated lane of SIMD register. n is
+# naturally limited to 4 on pre-AVX2 processors and to 8 on
+# AVX2-capable processors such as Haswell.
+#
+#		this	+aesni(i)	sha1	aesni-sha1	gain(iv)
+# -------------------------------------------------------------------
+# Westmere(ii)	10.7/n	+1.28=3.96(n=4)	5.30	6.66		+68%
+# Atom(ii)	18.1/n	+3.93=8.46(n=4)	9.37	12.8		+51%
+# Sandy Bridge	(8.16	+5.15=13.3)/n	4.99	5.98		+80%
+# Ivy Bridge	(8.08	+5.14=13.2)/n	4.60	5.54		+68%
+# Haswell(iii)	(8.96	+5.00=14.0)/n	3.57	4.55		+160%
+# Skylake	(8.70	+5.00=13.7)/n	3.64	4.20		+145%
+# Bulldozer	(9.76	+5.76=15.5)/n	5.95	6.37		+64%
+#
+# (i)	multi-block CBC encrypt with 128-bit key;
+# (ii)	(HASH+AES)/n does not apply to Westmere for n>3 and Atom,
+#	because of lower AES-NI instruction throughput;
+# (iii)	"this" is for n=8, when we gather twice as much data, result
+#	for n=4 is 8.00+4.44=12.4;
+# (iv)	presented improvement coefficients are asymptotic limits and
+#	in real-life application are somewhat lower, e.g. for 2KB
+#	fragments they range from 30% to 100% (on Haswell);
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void sha1_multi_block (
+#     struct {	unsigned int A[8];
+#		unsigned int B[8];
+#		unsigned int C[8];
+#		unsigned int D[8];
+#		unsigned int E[8];	} *ctx,
+#     struct {	void *ptr; int blocks;	} inp[8],
+#     int num);		/* 1 or 2 */
+#
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%edx";
+@ptr=map("%r$_",(8..11));
+$Tbl="%rbp";
+
+@V=($A,$B,$C,$D,$E)=map("%xmm$_",(0..4));
+($t0,$t1,$t2,$t3,$tx)=map("%xmm$_",(5..9));
+@Xi=map("%xmm$_",(10..14));
+$K="%xmm15";
+
+if (1) {
+    # Atom-specific optimization aiming to eliminate pshufb with high
+    # registers [and thus get rid of 48 cycles accumulated penalty] 
+    @Xi=map("%xmm$_",(0..4));
+    ($tx,$t0,$t1,$t2,$t3)=map("%xmm$_",(5..9));
+    @V=($A,$B,$C,$D,$E)=map("%xmm$_",(10..14));
+}
+
+$REG_SZ=16;
+
+sub Xi_off {
+my $off = shift;
+
+    $off %= 16; $off *= $REG_SZ;
+    $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $k=$i+2;
+
+# Loads are performed 2+3/4 iterations in advance. 3/4 means that out
+# of 4 words you would expect to be loaded per given iteration one is
+# spilled to next iteration. In other words indices in four input
+# streams are distributed as following:
+#
+# $i==0:	0,0,0,0,1,1,1,1,2,2,2,
+# $i==1:	2,3,3,3,
+# $i==2:	3,4,4,4,
+# ...
+# $i==13:	14,15,15,15,
+# $i==14:	15
+# 
+# Then at $i==15 Xupdate is applied one iteration in advance...
+$code.=<<___ if ($i==0);
+	movd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	movd		(@ptr[1]),@Xi[2]	# borrow @Xi[2]
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	movd		(@ptr[2]),@Xi[3]	# borrow @Xi[3]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	movd		(@ptr[3]),@Xi[4]	# borrow @Xi[4]
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	punpckldq	@Xi[3],@Xi[0]
+	 movd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	punpckldq	@Xi[4],@Xi[2]
+	 movd		`4*$j-16*4`(@ptr[1]),$t3
+	punpckldq	@Xi[2],@Xi[0]
+	 movd		`4*$j-16*4`(@ptr[2]),$t2
+	pshufb		$tx,@Xi[0]
+___
+$code.=<<___ if ($i<14);			# just load input
+	 movd		`4*$j-16*4`(@ptr[3]),$t1
+	 punpckldq	$t2,@Xi[1]
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_00_19
+	 punpckldq	$t1,$t3
+	movdqa	$b,$t1
+	movdqa	$b,$t0
+	pslld	\$5,$t2
+	pandn	$d,$t1
+	pand	$c,$t0
+	 punpckldq	$t3,@Xi[1]
+	movdqa	$a,$t3
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	 movd		`4*$k-16*4`(@ptr[0]),@Xi[2]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+	movdqa	$b,$t1
+
+	por	$t3,$t2				# rol(a,5)
+	 movd		`4*$k-16*4`(@ptr[1]),$t3
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 pshufb	$tx,@Xi[1]
+	 movd		`4*$k-16*4`(@ptr[2]),$t2
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i==14);			# just load input
+	 movd		`4*$j-16*4`(@ptr[3]),$t1
+	 punpckldq	$t2,@Xi[1]
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_00_19
+	 punpckldq	$t1,$t3
+	movdqa	$b,$t1
+	movdqa	$b,$t0
+	pslld	\$5,$t2
+	 prefetcht0	63(@ptr[0])
+	pandn	$d,$t1
+	pand	$c,$t0
+	 punpckldq	$t3,@Xi[1]
+	movdqa	$a,$t3
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+	movdqa	$b,$t1
+	 prefetcht0	63(@ptr[1])
+
+	por	$t3,$t2				# rol(a,5)
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+	 prefetcht0	63(@ptr[2])
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 pshufb	$tx,@Xi[1]
+	 prefetcht0	63(@ptr[3])
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i>=13 && $i<15);
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# preload "X[2]"
+___
+$code.=<<___ if ($i>=15);			# apply Xupdate
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	paddd	$K,$e				# e+=K_00_19
+	movdqa	$b,$t1
+	pslld	\$5,$t2
+	 pxor	@Xi[3],@Xi[1]
+	movdqa	$b,$t0
+	pandn	$d,$t1
+	 movdqa	@Xi[1],$tx
+	pand	$c,$t0
+	movdqa	$a,$t3
+	 psrld	\$31,$tx
+	 paddd	@Xi[1],@Xi[1]
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	pxor	$t1,$t0				# Ch(b,c,d)
+
+	movdqa	$b,$t1
+	por	$t3,$t2				# rol(a,5)
+	pslld	\$30,$t1
+	paddd	$t0,$e				# e+=Ch(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol	\$1,@Xi[1]
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___ if ($i<79);
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	movdqa	$d,$t0
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	paddd	$K,$e				# e+=K_20_39
+	pslld	\$5,$t2
+	pxor	$b,$t0
+
+	movdqa	$a,$t3
+___
+$code.=<<___ if ($i<72);
+	movdqa	@Xi[0],`&Xi_off($i)`
+___
+$code.=<<___ if ($i<79);
+	paddd	@Xi[0],$e			# e+=X[i]
+	 pxor	@Xi[3],@Xi[1]
+	psrld	\$27,$t3
+	pxor	$c,$t0				# Parity(b,c,d)
+	movdqa	$b,$t1
+
+	pslld	\$30,$t1
+	 movdqa	@Xi[1],$tx
+	por	$t3,$t2				# rol(a,5)
+	 psrld	\$31,$tx
+	paddd	$t0,$e				# e+=Parity(b,c,d)
+	 paddd	@Xi[1],@Xi[1]
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol(@Xi[1],1)
+	por	$t1,$b				# b=rol(b,30)
+___
+$code.=<<___ if ($i==79);
+	movdqa	$a,$t2
+	paddd	$K,$e				# e+=K_20_39
+	movdqa	$d,$t0
+	pslld	\$5,$t2
+	pxor	$b,$t0
+
+	movdqa	$a,$t3
+	paddd	@Xi[0],$e			# e+=X[i]
+	psrld	\$27,$t3
+	movdqa	$b,$t1
+	pxor	$c,$t0				# Parity(b,c,d)
+
+	pslld	\$30,$t1
+	por	$t3,$t2				# rol(a,5)
+	paddd	$t0,$e				# e+=Parity(b,c,d)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___;
+	pxor	@Xi[-2],@Xi[1]			# "X[13]"
+	movdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	movdqa	$a,$t2
+	movdqa	$d,$t1
+	 pxor	`&Xi_off($j+8)`,@Xi[1]
+	pxor	@Xi[3],@Xi[1]
+	paddd	$K,$e				# e+=K_40_59
+	pslld	\$5,$t2
+	movdqa	$a,$t3
+	pand	$c,$t1
+
+	movdqa	$d,$t0
+	 movdqa	@Xi[1],$tx
+	psrld	\$27,$t3
+	paddd	$t1,$e
+	pxor	$c,$t0
+
+	movdqa	@Xi[0],`&Xi_off($i)`
+	paddd	@Xi[0],$e			# e+=X[i]
+	por	$t3,$t2				# rol(a,5)
+	 psrld	\$31,$tx
+	pand	$b,$t0
+	movdqa	$b,$t1
+
+	pslld	\$30,$t1
+	 paddd	@Xi[1],@Xi[1]
+	paddd	$t0,$e				# e+=Maj(b,d,c)
+
+	psrld	\$2,$b
+	paddd	$t2,$e				# e+=rol(a,5)
+	 por	$tx,@Xi[1]			# rol(@X[1],1)
+	por	$t1,$b				# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha1_multi_block
+.type	sha1_multi_block,\@function,3
+.align	32
+sha1_multi_block:
+	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
+	bt	\$61,%rcx			# check SHA bit
+	jc	_shaext_shortcut
+___
+$code.=<<___ if ($avx);
+	test	\$`1<<28`,%ecx
+	jnz	_avx_shortcut
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody:
+	lea	K_XX_XX(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+
+.Loop_grande:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone
+
+	movdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	movdqu	0x20($ctx),$B
+	movdqu	0x40($ctx),$C
+	movdqu	0x60($ctx),$D
+	movdqu	0x80($ctx),$E
+	movdqa	0x60($Tbl),$tx			# pbswap_mask
+	movdqa	-0x20($Tbl),$K			# K_00_19
+	jmp	.Loop
+
+.align	32
+.Loop:
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.="	movdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	movdqa	(%rbx),@Xi[0]			# pull counters
+	mov	\$1,%ecx
+	cmp	4*0(%rbx),%ecx			# examinte counters
+	pxor	$t2,$t2
+	cmovge	$Tbl,@ptr[0]			# cancel input
+	cmp	4*1(%rbx),%ecx
+	movdqa	@Xi[0],@Xi[1]
+	cmovge	$Tbl,@ptr[1]
+	cmp	4*2(%rbx),%ecx
+	pcmpgtd	$t2,@Xi[1]			# mask value
+	cmovge	$Tbl,@ptr[2]
+	cmp	4*3(%rbx),%ecx
+	paddd	@Xi[1],@Xi[0]			# counters--
+	cmovge	$Tbl,@ptr[3]
+
+	movdqu	0x00($ctx),$t0
+	pand	@Xi[1],$A
+	movdqu	0x20($ctx),$t1
+	pand	@Xi[1],$B
+	paddd	$t0,$A
+	movdqu	0x40($ctx),$t2
+	pand	@Xi[1],$C
+	paddd	$t1,$B
+	movdqu	0x60($ctx),$t3
+	pand	@Xi[1],$D
+	paddd	$t2,$C
+	movdqu	0x80($ctx),$tx
+	pand	@Xi[1],$E
+	movdqu	$A,0x00($ctx)
+	paddd	$t3,$D
+	movdqu	$B,0x20($ctx)
+	paddd	$tx,$E
+	movdqu	$C,0x40($ctx)
+	movdqu	$D,0x60($ctx)
+	movdqu	$E,0x80($ctx)
+
+	movdqa	@Xi[0],(%rbx)			# save counters
+	movdqa	0x60($Tbl),$tx			# pbswap_mask
+	movdqa	-0x20($Tbl),$K			# K_00_19
+	dec	$num
+	jnz	.Loop
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande
+
+.Ldone:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue:
+	ret
+.size	sha1_multi_block,.-sha1_multi_block
+___
+						{{{
+my ($ABCD0,$E0,$E0_,$BSWAP,$ABCD1,$E1,$E1_)=map("%xmm$_",(0..3,8..10));
+my @MSG0=map("%xmm$_",(4..7));
+my @MSG1=map("%xmm$_",(11..14));
+
+$code.=<<___;
+.type	sha1_multi_block_shaext,\@function,3
+.align	32
+sha1_multi_block_shaext:
+_shaext_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	shl	\$1,$num			# we process pair at a time
+	and	\$-256,%rsp
+	lea	0x40($ctx),$ctx			# size optimization
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_shaext:
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	movdqa	K_XX_XX+0x80(%rip),$BSWAP	# byte-n-word swap
+
+.Loop_grande_shaext:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<2;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_shaext
+
+	movq		0x00-0x40($ctx),$ABCD0	# a1.a0
+	movq		0x20-0x40($ctx),@MSG0[0]# b1.b0
+	movq		0x40-0x40($ctx),@MSG0[1]# c1.c0
+	movq		0x60-0x40($ctx),@MSG0[2]# d1.d0
+	movq		0x80-0x40($ctx),@MSG0[3]# e1.e0
+
+	punpckldq	@MSG0[0],$ABCD0		# b1.a1.b0.a0
+	punpckldq	@MSG0[2],@MSG0[1]	# d1.c1.d0.c0
+
+	movdqa		$ABCD0,$ABCD1
+	punpcklqdq	@MSG0[1],$ABCD0		# d0.c0.b0.a0
+	punpckhqdq	@MSG0[1],$ABCD1		# d1.c1.b1.a1
+
+	pshufd		\$0b00111111,@MSG0[3],$E0
+	pshufd		\$0b01111111,@MSG0[3],$E1
+	pshufd		\$0b00011011,$ABCD0,$ABCD0
+	pshufd		\$0b00011011,$ABCD1,$ABCD1
+	jmp		.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu		0x00(@ptr[0]),@MSG0[0]
+	 movdqu		0x00(@ptr[1]),@MSG1[0]
+	movdqu		0x10(@ptr[0]),@MSG0[1]
+	 movdqu		0x10(@ptr[1]),@MSG1[1]
+	movdqu		0x20(@ptr[0]),@MSG0[2]
+	pshufb		$BSWAP,@MSG0[0]
+	 movdqu		0x20(@ptr[1]),@MSG1[2]
+	 pshufb		$BSWAP,@MSG1[0]
+	movdqu		0x30(@ptr[0]),@MSG0[3]
+	lea		0x40(@ptr[0]),@ptr[0]
+	pshufb		$BSWAP,@MSG0[1]
+	 movdqu		0x30(@ptr[1]),@MSG1[3]
+	 lea		0x40(@ptr[1]),@ptr[1]
+	 pshufb		$BSWAP,@MSG1[1]
+
+	movdqa		$E0,0x50(%rsp)		# offload
+	paddd		@MSG0[0],$E0
+	 movdqa		$E1,0x70(%rsp)
+	 paddd		@MSG1[0],$E1
+	movdqa		$ABCD0,0x40(%rsp)	# offload
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,0x60(%rsp)
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$0,$E0,$ABCD0		# 0-3
+	sha1nexte	@MSG0[1],$E0_
+	 sha1rnds4	\$0,$E1,$ABCD1		# 0-3
+	 sha1nexte	@MSG1[1],$E1_
+	pshufb		$BSWAP,@MSG0[2]
+	prefetcht0	127(@ptr[0])
+	sha1msg1	@MSG0[1],@MSG0[0]
+	 pshufb		$BSWAP,@MSG1[2]
+	 prefetcht0	127(@ptr[1])
+	 sha1msg1	@MSG1[1],@MSG1[0]
+
+	pshufb		$BSWAP,@MSG0[3]
+	movdqa		$ABCD0,$E0
+	 pshufb		$BSWAP,@MSG1[3]
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$0,$E0_,$ABCD0		# 4-7
+	sha1nexte	@MSG0[2],$E0
+	 sha1rnds4	\$0,$E1_,$ABCD1		# 4-7
+	 sha1nexte	@MSG1[2],$E1
+	pxor		@MSG0[2],@MSG0[0]
+	sha1msg1	@MSG0[2],@MSG0[1]
+	 pxor		@MSG1[2],@MSG1[0]
+	 sha1msg1	@MSG1[2],@MSG1[1]
+___
+for($i=2;$i<20-4;$i++) {
+$code.=<<___;
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$`int($i/5)`,$E0,$ABCD0	# 8-11
+	sha1nexte	@MSG0[3],$E0_
+	 sha1rnds4	\$`int($i/5)`,$E1,$ABCD1	# 8-11
+	 sha1nexte	@MSG1[3],$E1_
+	sha1msg2	@MSG0[3],@MSG0[0]
+	 sha1msg2	@MSG1[3],@MSG1[0]
+	pxor		@MSG0[3],@MSG0[1]
+	sha1msg1	@MSG0[3],@MSG0[2]
+	 pxor		@MSG1[3],@MSG1[1]
+	 sha1msg1	@MSG1[3],@MSG1[2]
+___
+	($E0,$E0_)=($E0_,$E0);		($E1,$E1_)=($E1_,$E1);
+	push(@MSG0,shift(@MSG0));	push(@MSG1,shift(@MSG1));
+}
+$code.=<<___;
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$3,$E0,$ABCD0		# 64-67
+	sha1nexte	@MSG0[3],$E0_
+	 sha1rnds4	\$3,$E1,$ABCD1		# 64-67
+	 sha1nexte	@MSG1[3],$E1_
+	sha1msg2	@MSG0[3],@MSG0[0]
+	 sha1msg2	@MSG1[3],@MSG1[0]
+	pxor		@MSG0[3],@MSG0[1]
+	 pxor		@MSG1[3],@MSG1[1]
+
+	mov		\$1,%ecx
+	pxor		@MSG0[2],@MSG0[2]	# zero
+	cmp		4*0(%rbx),%ecx		# examine counters
+	cmovge		%rsp,@ptr[0]		# cancel input
+
+	movdqa		$ABCD0,$E0
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$3,$E0_,$ABCD0		# 68-71
+	sha1nexte	@MSG0[0],$E0
+	 sha1rnds4	\$3,$E1_,$ABCD1		# 68-71
+	 sha1nexte	@MSG1[0],$E1
+	sha1msg2	@MSG0[0],@MSG0[1]
+	 sha1msg2	@MSG1[0],@MSG1[1]
+
+	cmp		4*1(%rbx),%ecx
+	cmovge		%rsp,@ptr[1]
+	movq		(%rbx),@MSG0[0]		# pull counters
+
+	movdqa		$ABCD0,$E0_
+	 movdqa		$ABCD1,$E1_
+	sha1rnds4	\$3,$E0,$ABCD0		# 72-75
+	sha1nexte	@MSG0[1],$E0_
+	 sha1rnds4	\$3,$E1,$ABCD1		# 72-75
+	 sha1nexte	@MSG1[1],$E1_
+
+	pshufd		\$0x00,@MSG0[0],@MSG1[2]
+	pshufd		\$0x55,@MSG0[0],@MSG1[3]
+	movdqa		@MSG0[0],@MSG0[1]
+	pcmpgtd		@MSG0[2],@MSG1[2]
+	pcmpgtd		@MSG0[2],@MSG1[3]
+
+	movdqa		$ABCD0,$E0
+	 movdqa		$ABCD1,$E1
+	sha1rnds4	\$3,$E0_,$ABCD0		# 76-79
+	sha1nexte	$MSG0[2],$E0
+	 sha1rnds4	\$3,$E1_,$ABCD1		# 76-79
+	 sha1nexte	$MSG0[2],$E1
+
+	pcmpgtd		@MSG0[2],@MSG0[1]	# counter mask
+	pand		@MSG1[2],$ABCD0
+	pand		@MSG1[2],$E0
+	 pand		@MSG1[3],$ABCD1
+	 pand		@MSG1[3],$E1
+	paddd		@MSG0[1],@MSG0[0]	# counters--
+
+	paddd		0x40(%rsp),$ABCD0
+	paddd		0x50(%rsp),$E0
+	 paddd		0x60(%rsp),$ABCD1
+	 paddd		0x70(%rsp),$E1
+
+	movq		@MSG0[0],(%rbx)		# save counters
+	dec		$num
+	jnz		.Loop_shaext
+
+	mov		`$REG_SZ*17+8`(%rsp),$num
+
+	pshufd		\$0b00011011,$ABCD0,$ABCD0
+	pshufd		\$0b00011011,$ABCD1,$ABCD1
+
+	movdqa		$ABCD0,@MSG0[0]
+	punpckldq	$ABCD1,$ABCD0		# b1.b0.a1.a0
+	punpckhdq	$ABCD1,@MSG0[0]		# d1.d0.c1.c0
+	punpckhdq	$E1,$E0			# e1.e0.xx.xx
+	movq		$ABCD0,0x00-0x40($ctx)	# a1.a0
+	psrldq		\$8,$ABCD0
+	movq		@MSG0[0],0x40-0x40($ctx)# c1.c0
+	psrldq		\$8,@MSG0[0]
+	movq		$ABCD0,0x20-0x40($ctx)	# b1.b0
+	psrldq		\$8,$E0
+	movq		@MSG0[0],0x60-0x40($ctx)# d1.d0
+	movq		$E0,0x80-0x40($ctx)	# e1.e0
+
+	lea	`$REG_SZ/2`($ctx),$ctx
+	lea	`16*2`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+	#mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_shaext:
+	ret
+.size	sha1_multi_block_shaext,.-sha1_multi_block_shaext
+___
+						}}}
+
+						if ($avx) {{{
+sub BODY_00_19_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $k=$i+2;
+my $vpack = $REG_SZ==16 ? "vpunpckldq" : "vinserti128";
+my $ptr_n = $REG_SZ==16 ? @ptr[1] : @ptr[4];
+
+$code.=<<___ if ($i==0 && $REG_SZ==16);
+	vmovd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		(@ptr[1]),@Xi[2]	# borrow Xi[2]
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vpinsrd		\$1,(@ptr[2]),@Xi[0],@Xi[0]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,(@ptr[3]),@Xi[2],@Xi[2]
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	 vmovd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	vpunpckldq	@Xi[2],@Xi[0],@Xi[0]
+	 vmovd		`4*$j-16*4`($ptr_n),$t3
+	vpshufb		$tx,@Xi[0],@Xi[0]
+___
+$code.=<<___ if ($i<15 && $REG_SZ==16);		# just load input
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[3]),$t3,$t3
+___
+$code.=<<___ if ($i==0 && $REG_SZ==32);
+	vmovd		(@ptr[0]),@Xi[0]
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		(@ptr[4]),@Xi[2]	# borrow Xi[2]
+	 lea		`16*4`(@ptr[4]),@ptr[4]
+	vmovd		(@ptr[1]),$t2
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vmovd		(@ptr[5]),$t1
+	 lea		`16*4`(@ptr[5]),@ptr[5]
+	vpinsrd		\$1,(@ptr[2]),@Xi[0],@Xi[0]
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,(@ptr[6]),@Xi[2],@Xi[2]
+	 lea		`16*4`(@ptr[6]),@ptr[6]
+	vpinsrd		\$1,(@ptr[3]),$t2,$t2
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t2,@Xi[0],@Xi[0]
+	vpinsrd		\$1,(@ptr[7]),$t1,$t1
+	 lea		`16*4`(@ptr[7]),@ptr[7]
+	vpunpckldq	$t1,@Xi[2],@Xi[2]
+	 vmovd		`4*$j-16*4`(@ptr[0]),@Xi[1]
+	vinserti128	@Xi[2],@Xi[0],@Xi[0]
+	 vmovd		`4*$j-16*4`($ptr_n),$t3
+	vpshufb		$tx,@Xi[0],@Xi[0]
+___
+$code.=<<___ if ($i<15 && $REG_SZ==32);		# just load input
+	 vmovd		`4*$j-16*4`(@ptr[1]),$t2
+	 vmovd		`4*$j-16*4`(@ptr[5]),$t1
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[6]),$t3,$t3
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[3]),$t2,$t2
+	 vpunpckldq	$t2,@Xi[1],@Xi[1]
+	 vpinsrd	\$1,`4*$j-16*4`(@ptr[7]),$t1,$t1
+	 vpunpckldq	$t1,$t3,$t3
+___
+$code.=<<___ if ($i<14);
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 $vpack		$t3,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+	 vmovd		`4*$k-16*4`(@ptr[0]),@Xi[2]
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 vmovd		`4*$k-16*4`($ptr_n),$t3
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpshufb	$tx,@Xi[1],@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i==14);
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	 prefetcht0	63(@ptr[0])
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 $vpack		$t3,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	 prefetcht0	63(@ptr[1])
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 prefetcht0	63(@ptr[2])
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 prefetcht0	63(@ptr[3])
+	 vpshufb	$tx,@Xi[1],@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i>=13 && $i<15);
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# preload "X[2]"
+___
+$code.=<<___ if ($i>=15);			# apply Xupdate
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpaddd	$K,$e,$e			# e+=K_00_19
+	vpslld	\$5,$a,$t2
+	vpandn	$d,$b,$t1
+	 `"prefetcht0	63(@ptr[4])"		if ($i==15 && $REG_SZ==32)`
+	vpand	$c,$b,$t0
+
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$t1,$t0,$t0			# Ch(b,c,d)
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+	 `"prefetcht0	63(@ptr[5])"		if ($i==15 && $REG_SZ==32)`
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Ch(b,c,d)
+	 `"prefetcht0	63(@ptr[6])"		if ($i==15 && $REG_SZ==32)`
+	 vpsrld	\$31,@Xi[1],$tx
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpsrld	\$2,$b,$b
+	 `"prefetcht0	63(@ptr[7])"		if ($i==15 && $REG_SZ==32)`
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol	\$1,@Xi[1]
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_20_39_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___ if ($i<79);
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpslld	\$5,$a,$t2
+	vpaddd	$K,$e,$e			# e+=K_20_39
+	vpxor	$b,$d,$t0
+___
+$code.=<<___ if ($i<72);
+	vmovdqa	@Xi[0],`&Xi_off($i)`
+___
+$code.=<<___ if ($i<79);
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+	vpsrld	\$27,$a,$t3
+	vpxor	$c,$t0,$t0			# Parity(b,c,d)
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Parity(b,c,d)
+	 vpsrld	\$31,@Xi[1],$tx
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol(@Xi[1],1)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+$code.=<<___ if ($i==79);
+	vpslld	\$5,$a,$t2
+	vpaddd	$K,$e,$e			# e+=K_20_39
+	vpxor	$b,$d,$t0
+
+	vpsrld	\$27,$a,$t3
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	vpxor	$c,$t0,$t0			# Parity(b,c,d)
+
+	vpslld	\$30,$b,$t1
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	vpaddd	$t0,$e,$e			# e+=Parity(b,c,d)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+sub BODY_40_59_avx {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___;
+	vpxor	@Xi[-2],@Xi[1],@Xi[1]		# "X[13]"
+	vmovdqa	`&Xi_off($j+2)`,@Xi[3]		# "X[2]"
+
+	vpaddd	$K,$e,$e			# e+=K_40_59
+	vpslld	\$5,$a,$t2
+	vpand	$c,$d,$t1
+	 vpxor	`&Xi_off($j+8)`,@Xi[1],@Xi[1]
+
+	vpaddd	$t1,$e,$e
+	vpsrld	\$27,$a,$t3
+	vpxor	$c,$d,$t0
+	 vpxor	@Xi[3],@Xi[1],@Xi[1]
+
+	vmovdqu	@Xi[0],`&Xi_off($i)`
+	vpaddd	@Xi[0],$e,$e			# e+=X[i]
+	vpor	$t3,$t2,$t2			# rol(a,5)
+	 vpsrld	\$31,@Xi[1],$tx
+	vpand	$b,$t0,$t0
+	 vpaddd	@Xi[1],@Xi[1],@Xi[1]
+
+	vpslld	\$30,$b,$t1
+	vpaddd	$t0,$e,$e			# e+=Maj(b,d,c)
+
+	vpsrld	\$2,$b,$b
+	vpaddd	$t2,$e,$e			# e+=rol(a,5)
+	 vpor	$tx,@Xi[1],@Xi[1]		# rol(@X[1],1)
+	vpor	$t1,$b,$b			# b=rol(b,30)
+___
+push(@Xi,shift(@Xi));
+}
+
+$code.=<<___;
+.type	sha1_multi_block_avx,\@function,3
+.align	32
+sha1_multi_block_avx:
+_avx_shortcut:
+___
+$code.=<<___ if ($avx>1);
+	shr	\$32,%rcx
+	cmp	\$2,$num
+	jb	.Lavx
+	test	\$`1<<5`,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_avx:
+	lea	K_XX_XX(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+
+	vzeroupper
+.Loop_grande_avx:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_avx
+
+	vmovdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20($ctx),$B
+	vmovdqu	0x40($ctx),$C
+	vmovdqu	0x60($ctx),$D
+	vmovdqu	0x80($ctx),$E
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+___
+$code.="	vmovdqa	-0x20($Tbl),$K\n";	# K_00_19
+for($i=0;$i<20;$i++)	{ &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov	\$1,%ecx
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	(%rbx),$t0			# pull counters
+	vpxor	$t2,$t2,$t2
+	vmovdqa	$t0,$t1
+	vpcmpgtd $t2,$t1,$t1			# mask value
+	vpaddd	$t1,$t0,$t0			# counters--
+
+	vpand	$t1,$A,$A
+	vpand	$t1,$B,$B
+	vpaddd	0x00($ctx),$A,$A
+	vpand	$t1,$C,$C
+	vpaddd	0x20($ctx),$B,$B
+	vpand	$t1,$D,$D
+	vpaddd	0x40($ctx),$C,$C
+	vpand	$t1,$E,$E
+	vpaddd	0x60($ctx),$D,$D
+	vpaddd	0x80($ctx),$E,$E
+	vmovdqu	$A,0x00($ctx)
+	vmovdqu	$B,0x20($ctx)
+	vmovdqu	$C,0x40($ctx)
+	vmovdqu	$D,0x60($ctx)
+	vmovdqu	$E,0x80($ctx)
+
+	vmovdqu	$t0,(%rbx)			# save counters
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	dec	$num
+	jnz	.Loop_avx
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_avx:
+	ret
+.size	sha1_multi_block_avx,.-sha1_multi_block_avx
+___
+
+						if ($avx>1) {
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+$REG_SZ=32;
+
+@ptr=map("%r$_",(12..15,8..11));
+
+@V=($A,$B,$C,$D,$E)=map("%ymm$_",(0..4));
+($t0,$t1,$t2,$t3,$tx)=map("%ymm$_",(5..9));
+@Xi=map("%ymm$_",(10..14));
+$K="%ymm15";
+
+$code.=<<___;
+.type	sha1_multi_block_avx2,\@function,3
+.align	32
+sha1_multi_block_avx2:
+_avx2_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_avx2:
+	lea	K_XX_XX(%rip),$Tbl
+	shr	\$1,$num
+
+	vzeroupper
+.Loop_grande_avx2:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	0x00($ctx),$A			# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20($ctx),$B
+	 lea	256+128(%rsp),%rbx
+	vmovdqu	0x40($ctx),$C
+	vmovdqu	0x60($ctx),$D
+	vmovdqu	0x80($ctx),$E
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+___
+$code.="	vmovdqa	-0x20($Tbl),$K\n";	# K_00_19
+for($i=0;$i<20;$i++)	{ &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x00($Tbl),$K\n";	# K_20_39
+for(;$i<40;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x20($Tbl),$K\n";	# K_40_59
+for(;$i<60;$i++)	{ &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); }
+$code.="	vmovdqa	0x40($Tbl),$K\n";	# K_60_79
+for(;$i<80;$i++)	{ &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov	\$1,%ecx
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	(%rbx),$t0		# pull counters
+	vpxor	$t2,$t2,$t2
+	vmovdqa	$t0,$t1
+	vpcmpgtd $t2,$t1,$t1			# mask value
+	vpaddd	$t1,$t0,$t0			# counters--
+
+	vpand	$t1,$A,$A
+	vpand	$t1,$B,$B
+	vpaddd	0x00($ctx),$A,$A
+	vpand	$t1,$C,$C
+	vpaddd	0x20($ctx),$B,$B
+	vpand	$t1,$D,$D
+	vpaddd	0x40($ctx),$C,$C
+	vpand	$t1,$E,$E
+	vpaddd	0x60($ctx),$D,$D
+	vpaddd	0x80($ctx),$E,$E
+	vmovdqu	$A,0x00($ctx)
+	vmovdqu	$B,0x20($ctx)
+	vmovdqu	$C,0x40($ctx)
+	vmovdqu	$D,0x60($ctx)
+	vmovdqu	$E,0x80($ctx)
+
+	vmovdqu	$t0,(%rbx)			# save counters
+	lea	256+128(%rsp),%rbx
+	vmovdqu	0x60($Tbl),$tx			# pbswap_mask
+	dec	$num
+	jnz	.Loop_avx2
+
+	#mov	`$REG_SZ*17+8`(%rsp),$num
+	#lea	$REG_SZ($ctx),$ctx
+	#lea	`16*$REG_SZ/4`($inp),$inp
+	#dec	$num
+	#jnz	.Loop_grande_avx2
+
+.Ldone_avx2:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_avx2:
+	ret
+.size	sha1_multi_block_avx2,.-sha1_multi_block_avx2
+___
+						}	}}}
+$code.=<<___;
+
+.align	256
+	.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+	.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+K_XX_XX:
+	.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+	.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+	.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+	.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+	.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+	.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+	.asciz	"SHA1 multi-block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	`16*17`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+
+	lea	-24-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+$code.=<<___ if ($avx>1);
+.type	avx2_handler,\@abi-omnipotent
+.align	16
+avx2_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<body label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	`32*17`($context),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore cotnext->R12
+	mov	%r13,224($context)	# restore cotnext->R13
+	mov	%r14,232($context)	# restore cotnext->R14
+	mov	%r15,240($context)	# restore cotnext->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	avx2_handler,.-avx2_handler
+___
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha1_multi_block
+	.rva	.LSEH_end_sha1_multi_block
+	.rva	.LSEH_info_sha1_multi_block
+	.rva	.LSEH_begin_sha1_multi_block_shaext
+	.rva	.LSEH_end_sha1_multi_block_shaext
+	.rva	.LSEH_info_sha1_multi_block_shaext
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha1_multi_block_avx
+	.rva	.LSEH_end_sha1_multi_block_avx
+	.rva	.LSEH_info_sha1_multi_block_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha1_multi_block_avx2
+	.rva	.LSEH_end_sha1_multi_block_avx2
+	.rva	.LSEH_info_sha1_multi_block_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha1_multi_block:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody,.Lepilogue			# HandlerData[]
+.LSEH_info_sha1_multi_block_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_shaext,.Lepilogue_shaext	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha1_multi_block_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha1_multi_block_avx2:
+	.byte	9,0,0,0
+	.rva	avx2_handler
+	.rva	.Lbody_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if ($dst>=8);
+    $rex|=0x01			if ($src>=8);
+    unshift @opcode,$rex|0x40	if ($rex);
+}
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	rex(\@opcode,$3,$2);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo		or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go		or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-mips.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-mips.pl
new file mode 100644
index 0000000..882f973
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-mips.pl
@@ -0,0 +1,457 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for MIPS.
+
+# Performance improvement is 30% on unaligned input. The "secret" is
+# to deploy lwl/lwr pair to load unaligned input. One could have
+# vectorized Xupdate on MIPSIII/IV, but the goal was to code MIPS32-
+# compatible subroutine. There is room for minor optimization on
+# little-endian platforms...
+
+# September 2012.
+#
+# Add MIPS32r2 code (>25% less instructions).
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp;
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_ADD="dadd";	# incidentally works even on n32
+	$PTR_SUB="dsub";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_ADD="add";
+	$PTR_SUB="sub";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);   }
+open STDOUT,">$output";
+
+if (!defined($big_endian))
+            {   $big_endian=(unpack('L',pack('N',1))==1);   }
+
+# offsets of the Most and Least Significant Bytes
+$MSB=$big_endian?0:3;
+$LSB=3&~$MSB;
+
+@X=map("\$$_",(8..23));	# a4-a7,s0-s11
+
+$ctx=$a0;
+$inp=$a1;
+$num=$a2;
+$A="\$1";
+$B="\$2";
+$C="\$3";
+$D="\$7";
+$E="\$24";	@V=($A,$B,$C,$D,$E);
+$t0="\$25";
+$t1=$num;	# $num is offloaded to stack
+$t2="\$30";	# fp
+$K="\$31";	# ra
+
+sub BODY_00_14 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___	if (!$big_endian);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[$i],@X[$i]	# byte swap($i)
+	rotr	@X[$i],@X[$i],16
+#else
+	srl	$t0,@X[$i],24	# byte swap($i)
+	srl	$t1,@X[$i],8
+	andi	$t2,@X[$i],0xFF00
+	sll	@X[$i],@X[$i],24
+	andi	$t1,0xFF00
+	sll	$t2,$t2,8
+	or	@X[$i],$t0
+	or	$t1,$t2
+	or	@X[$i],$t1
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	xor	$t0,$c,$d
+	rotr	$t1,$a,27
+	 lwl	@X[$j],$j*4+$MSB($inp)
+	and	$t0,$b
+	addu	$e,$t1
+	 lwr	@X[$j],$j*4+$LSB($inp)
+	xor	$t0,$d
+	addu	$e,@X[$i]
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 lwl	@X[$j],$j*4+$MSB($inp)
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	 lwr	@X[$j],$j*4+$LSB($inp)
+	srl	$t1,$a,27
+	addu	$e,$t0
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	sll	$t2,$b,30
+	and	$t0,$b
+	srl	$b,$b,2
+	xor	$t0,$d
+	addu	$e,@X[$i]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_15_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+
+$code.=<<___	if (!$big_endian && $i==15);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[$i],@X[$i]	# byte swap($i)
+	rotr	@X[$i],@X[$i],16
+#else
+	srl	$t0,@X[$i],24	# byte swap($i)
+	srl	$t1,@X[$i],8
+	andi	$t2,@X[$i],0xFF00
+	sll	@X[$i],@X[$i],24
+	andi	$t1,0xFF00
+	sll	$t2,$t2,8
+	or	@X[$i],$t0
+	or	@X[$i],$t1
+	or	@X[$i],$t2
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	 xor	@X[$j%16],@X[($j+2)%16]
+	xor	$t0,$c,$d
+	rotr	$t1,$a,27
+	 xor	@X[$j%16],@X[($j+8)%16]
+	and	$t0,$b
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	xor	$t0,$d
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	and	$t0,$b
+	 srl	$t1,@X[$j%16],31
+	 addu	@X[$j%16],@X[$j%16]
+	srl	$b,$b,2
+	xor	$t0,$d
+	 or	@X[$j%16],$t1
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	 xor	@X[$j%16],@X[($j+2)%16]
+	addu	$e,$K		# $i
+	rotr	$t1,$a,27
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	xor	$t0,$b
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	xor	$t0,$b
+	 srl	$t1,@X[$j%16],31
+	 addu	@X[$j%16],@X[$j%16]
+	srl	$b,$b,2
+	addu	$e,@X[$i%16]
+	 or	@X[$j%16],$t1
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+$code.=<<___ if ($i==79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	 lw	@X[0],0($ctx)
+	addu	$e,$K		# $i
+	 lw	@X[1],4($ctx)
+	rotr	$t1,$a,27
+	 lw	@X[2],8($ctx)
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 lw	@X[3],12($ctx)
+	xor	$t0,$b
+	addu	$e,@X[$i%16]
+	 lw	@X[4],16($ctx)
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 lw	@X[0],0($ctx)
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	 lw	@X[1],4($ctx)
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 lw	@X[2],8($ctx)
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 lw	@X[3],12($ctx)
+	sll	$t2,$b,30
+	xor	$t0,$b
+	 lw	@X[4],16($ctx)
+	srl	$b,$b,2
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	addu	$e,$K		# $i
+	and	$t0,$c,$d
+	 xor	@X[$j%16],@X[($j+2)%16]
+	rotr	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	xor	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	and	$t0,$b
+	addu	$e,@X[$i%16]
+	 rotr	@X[$j%16],@X[$j%16],31
+	rotr	$b,$b,2
+	addu	$e,$t0
+#else
+	 xor	@X[$j%16],@X[($j+2)%16]
+	sll	$t0,$a,5	# $i
+	addu	$e,$K
+	srl	$t1,$a,27
+	addu	$e,$t0
+	 xor	@X[$j%16],@X[($j+8)%16]
+	and	$t0,$c,$d
+	addu	$e,$t1
+	 xor	@X[$j%16],@X[($j+13)%16]
+	sll	$t2,$b,30
+	addu	$e,$t0
+	 srl	$t1,@X[$j%16],31
+	xor	$t0,$c,$d
+	 addu	@X[$j%16],@X[$j%16]
+	and	$t0,$b
+	srl	$b,$b,2
+	 or	@X[$j%16],$t1
+	addu	$e,@X[$i%16]
+	or	$b,$t2
+	addu	$e,$t0
+#endif
+___
+}
+
+$FRAMESIZE=16;	# large enough to accommodate NUBI saved registers
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+$code=<<___;
+#ifdef OPENSSL_FIPSCANISTER
+# include <openssl/fipssyms.h>
+#endif
+
+#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
+#define _MIPS_ARCH_MIPS32R2
+#endif
+
+.text
+
+.set	noat
+.set	noreorder
+.align	5
+.globl	sha1_block_data_order
+.ent	sha1_block_data_order
+sha1_block_data_order:
+	.frame	$sp,$FRAMESIZE*$SZREG,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+	$PTR_SUB $sp,$FRAMESIZE*$SZREG
+	$REG_S	$ra,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_S	$fp,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_S	$s11,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_S	$s10,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_S	$s9,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_S	$s8,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_S	$s7,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_S	$s6,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_S	$s5,($FRAMESIZE-9)*$SZREG($sp)
+	$REG_S	$s4,($FRAMESIZE-10)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_S	$s2,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_S	$s1,($FRAMESIZE-13)*$SZREG($sp)
+	$REG_S	$s0,($FRAMESIZE-14)*$SZREG($sp)
+	$REG_S	$gp,($FRAMESIZE-15)*$SZREG($sp)
+___
+$code.=<<___;
+	$PTR_SLL $num,6
+	$PTR_ADD $num,$inp
+	$REG_S	$num,0($sp)
+	lw	$A,0($ctx)
+	lw	$B,4($ctx)
+	lw	$C,8($ctx)
+	lw	$D,12($ctx)
+	b	.Loop
+	lw	$E,16($ctx)
+.align	4
+.Loop:
+	.set	reorder
+	lwl	@X[0],$MSB($inp)
+	lui	$K,0x5a82
+	lwr	@X[0],$LSB($inp)
+	ori	$K,0x7999	# K_00_19
+___
+for ($i=0;$i<15;$i++)	{ &BODY_00_14($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)	{ &BODY_15_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0x6ed9
+	ori	$K,0xeba1	# K_20_39
+___
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0x8f1b
+	ori	$K,0xbcdc	# K_40_59
+___
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	lui	$K,0xca62
+	ori	$K,0xc1d6	# K_60_79
+___
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	$PTR_ADD $inp,64
+	$REG_L	$num,0($sp)
+
+	addu	$A,$X[0]
+	addu	$B,$X[1]
+	sw	$A,0($ctx)
+	addu	$C,$X[2]
+	addu	$D,$X[3]
+	sw	$B,4($ctx)
+	addu	$E,$X[4]
+	sw	$C,8($ctx)
+	sw	$D,12($ctx)
+	sw	$E,16($ctx)
+	.set	noreorder
+	bne	$inp,$num,.Loop
+	nop
+
+	.set	noreorder
+	$REG_L	$ra,($FRAMESIZE-1)*$SZREG($sp)
+	$REG_L	$fp,($FRAMESIZE-2)*$SZREG($sp)
+	$REG_L	$s11,($FRAMESIZE-3)*$SZREG($sp)
+	$REG_L	$s10,($FRAMESIZE-4)*$SZREG($sp)
+	$REG_L	$s9,($FRAMESIZE-5)*$SZREG($sp)
+	$REG_L	$s8,($FRAMESIZE-6)*$SZREG($sp)
+	$REG_L	$s7,($FRAMESIZE-7)*$SZREG($sp)
+	$REG_L	$s6,($FRAMESIZE-8)*$SZREG($sp)
+	$REG_L	$s5,($FRAMESIZE-9)*$SZREG($sp)
+	$REG_L	$s4,($FRAMESIZE-10)*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,($FRAMESIZE-11)*$SZREG($sp)
+	$REG_L	$s2,($FRAMESIZE-12)*$SZREG($sp)
+	$REG_L	$s1,($FRAMESIZE-13)*$SZREG($sp)
+	$REG_L	$s0,($FRAMESIZE-14)*$SZREG($sp)
+	$REG_L	$gp,($FRAMESIZE-15)*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE*$SZREG
+.end	sha1_block_data_order
+.rdata
+.asciiz	"SHA1 for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+___
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-parisc.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-parisc.pl
new file mode 100644
index 0000000..a85d126
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-parisc.pl
@@ -0,0 +1,267 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for PA-RISC.
+
+# June 2009.
+#
+# On PA-7100LC performance is >30% better than gcc 3.2 generated code
+# for aligned input and >50% better for unaligned. Compared to vendor
+# compiler on PA-8600 it's almost 60% faster in 64-bit build and just
+# few percent faster in 32-bit one (this for aligned input, data for
+# unaligned input is not available).
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+$FRAME=14*$SIZE_T+$FRAME_MARKER;# 14 saved regs + frame marker
+				#                 [+ argument transfer]
+$ctx="%r26";		# arg0
+$inp="%r25";		# arg1
+$num="%r24";		# arg2
+
+$t0="%r28";
+$t1="%r29";
+$K="%r31";
+
+@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$t0);
+
+@V=($A,$B,$C,$D,$E)=("%r19","%r20","%r21","%r22","%r23");
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<15);
+	addl	$K,$e,$e	; $i
+	shd	$a,$a,27,$t1
+	addl	@X[$i],$e,$e
+	and	$c,$b,$t0
+	addl	$t1,$e,$e
+	andcm	$d,$b,$t1
+	shd	$b,$b,2,$b
+	or	$t1,$t0,$t0
+	addl	$t0,$e,$e
+___
+$code.=<<___ if ($i>=15);	# with forward Xupdate
+	addl	$K,$e,$e	; $i
+	shd	$a,$a,27,$t1
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+	addl	@X[$i%16],$e,$e
+	and	$c,$b,$t0
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	addl	$t1,$e,$e
+	andcm	$d,$b,$t1
+	shd	$b,$b,2,$b
+	or	$t1,$t0,$t0
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	add	$t0,$e,$e
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]	; $i
+	addl	$K,$e,$e
+	shd	$a,$a,27,$t1
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	addl	@X[$i%16],$e,$e
+	xor	$b,$c,$t0
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	$d,$t0,$t0
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+	addl	$t0,$e,$e
+___
+$code.=<<___ if ($i==79);	# with context load
+	ldw	0($ctx),@X[0]	; $i
+	addl	$K,$e,$e
+	shd	$a,$a,27,$t1
+	ldw	4($ctx),@X[1]
+	addl	@X[$i%16],$e,$e
+	xor	$b,$c,$t0
+	ldw	8($ctx),@X[2]
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	$d,$t0,$t0
+	ldw	12($ctx),@X[3]
+	addl	$t0,$e,$e
+	ldw	16($ctx),@X[4]
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;
+	shd	$a,$a,27,$t1	; $i
+	addl	$K,$e,$e
+	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
+	xor	$d,$c,$t0
+	addl	@X[$i%16],$e,$e
+	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
+	and	$b,$t0,$t0
+	addl	$t1,$e,$e
+	shd	$b,$b,2,$b
+	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
+	addl	$t0,$e,$e
+	and	$d,$c,$t1
+	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
+	addl	$t1,$e,$e
+___
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.EXPORT	sha1_block_data_order,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+sha1_block_data_order
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-14*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=16
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+
+	ldw	0($ctx),$A
+	ldw	4($ctx),$B
+	ldw	8($ctx),$C
+	ldw	12($ctx),$D
+	ldw	16($ctx),$E
+
+	extru	$inp,31,2,$t0		; t0=inp&3;
+	sh3addl	$t0,%r0,$t0		; t0*=8;
+	subi	32,$t0,$t0		; t0=32-t0;
+	mtctl	$t0,%cr11		; %sar=t0;
+
+L\$oop
+	ldi	3,$t0
+	andcm	$inp,$t0,$t0		; 64-bit neutral
+___
+	for ($i=0;$i<15;$i++) {		# load input block
+	$code.="\tldw	`4*$i`($t0),@X[$i]\n";		}
+$code.=<<___;
+	cmpb,*=	$inp,$t0,L\$aligned
+	ldw	60($t0),@X[15]
+	ldw	64($t0),@X[16]
+___
+	for ($i=0;$i<16;$i++) {		# align input
+	$code.="\tvshd	@X[$i],@X[$i+1],@X[$i]\n";	}
+$code.=<<___;
+L\$aligned
+	ldil	L'0x5a827000,$K		; K_00_19
+	ldo	0x999($K),$K
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0x6ed9e000,$K		; K_20_39
+	ldo	0xba1($K),$K
+___
+
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0x8f1bb000,$K		; K_40_59
+	ldo	0xcdc($K),$K
+___
+
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	ldil	L'0xca62c000,$K		; K_60_79
+	ldo	0x1d6($K),$K
+___
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	addl	@X[0],$A,$A
+	addl	@X[1],$B,$B
+	addl	@X[2],$C,$C
+	addl	@X[3],$D,$D
+	addl	@X[4],$E,$E
+	stw	$A,0($ctx)
+	stw	$B,4($ctx)
+	stw	$C,8($ctx)
+	stw	$D,12($ctx)
+	stw	$E,16($ctx)
+	addib,*<> -1,$num,L\$oop
+	ldo	64($inp),$inp
+
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/,\*/,/gm		if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-ppc.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-ppc.pl
new file mode 100755
index 0000000..add5a9e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-ppc.pl
@@ -0,0 +1,351 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input(*), except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank.
+#
+# (*) this means that this module is inappropriate for PPC403? Does
+#     anybody know if pre-POWER3 can sustain unaligned load?
+
+# 			-m64	-m32
+# ----------------------------------
+# PPC970,gcc-4.0.0	+76%	+59%
+# Power6,xlc-7		+68%	+33%
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T	=8;
+	$LRSAVE	=2*$SIZE_T;
+	$UCMP	="cmpld";
+	$STU	="stdu";
+	$POP	="ld";
+	$PUSH	="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T	=4;
+	$LRSAVE	=$SIZE_T;
+	$UCMP	="cmplw";
+	$STU	="stwu";
+	$POP	="lwz";
+	$PUSH	="stw";
+} else { die "nonsense $flavour"; }
+
+# Define endianness based on flavour
+# i.e.: linux64le
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T+64;
+$LOCALS=6*$SIZE_T;
+
+$K  ="r0";
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$t0 ="r15";
+$t1 ="r6";
+
+$A  ="r7";
+$B  ="r8";
+$C  ="r9";
+$D  ="r10";
+$E  ="r11";
+$T  ="r12";
+
+@V=($A,$B,$C,$D,$E,$T);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+sub loadbe {
+my ($dst, $src, $temp_reg) = @_;
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$dst,$src
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$temp_reg,$src
+	rotlwi	$dst,$temp_reg,8
+	rlwimi	$dst,$temp_reg,24,0,7
+	rlwimi	$dst,$temp_reg,24,16,23
+___
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+
+	# Since the last value of $f is discarded, we can use
+	# it as a temp reg to swap byte-order when needed.
+	loadbe("@X[$i]","`$i*4`($inp)",$f) if ($i==0);
+	loadbe("@X[$j]","`$j*4`($inp)",$f) if ($i<15);
+$code.=<<___ if ($i<15);
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	add	$f,$f,@X[$i]
+	and	$t0,$c,$b
+	add	$f,$f,$e
+	andc	$t1,$d,$b
+	rotlwi	$b,$b,30
+	or	$t0,$t0,$t1
+	add	$f,$f,$t0
+___
+$code.=<<___ if ($i>=15);
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	and	$t0,$c,$b
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$e
+	andc	$t1,$d,$b
+	rotlwi	$b,$b,30
+	or	$t0,$t0,$t1
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	add	$f,$f,$t0
+	rotlwi	@X[$j%16],@X[$j%16],1
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+	add	$f,$K,$e
+	xor	$t0,$b,$d
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	xor	$t0,$t0,$c
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$t0
+	rotlwi	$b,$b,30
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	add	$f,$f,$e
+	rotlwi	@X[$j%16],@X[$j%16],1
+___
+$code.=<<___ if ($i==79);
+	add	$f,$K,$e
+	xor	$t0,$b,$d
+	rotlwi	$e,$a,5
+	lwz	r16,0($ctx)
+	add	$f,$f,@X[$i%16]
+	xor	$t0,$t0,$c
+	lwz	r17,4($ctx)
+	add	$f,$f,$t0
+	rotlwi	$b,$b,30
+	lwz	r18,8($ctx)
+	lwz	r19,12($ctx)
+	add	$f,$f,$e
+	lwz	r20,16($ctx)
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___;
+	add	$f,$K,$e
+	rotlwi	$e,$a,5
+	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
+	add	$f,$f,@X[$i%16]
+	and	$t0,$b,$c
+	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
+	add	$f,$f,$e
+	or	$t1,$b,$c
+	rotlwi	$b,$b,30
+	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
+	and	$t1,$t1,$d
+	or	$t0,$t0,$t1
+	rotlwi	@X[$j%16],@X[$j%16],1
+	add	$f,$f,$t0
+___
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	.sha1_block_data_order
+.align	4
+.sha1_block_data_order:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+	lwz	$A,0($ctx)
+	lwz	$B,4($ctx)
+	lwz	$C,8($ctx)
+	lwz	$D,12($ctx)
+	lwz	$E,16($ctx)
+	andi.	r0,$inp,3
+	bne	Lunaligned
+Laligned:
+	mtctr	$num
+	bl	Lsha1_block_private
+	b	Ldone
+
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for 64-byte input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
+.align	4
+Lunaligned:
+	subfic	$t1,$inp,4096
+	andi.	$t1,$t1,4095	; distance to closest page boundary
+	srwi.	$t1,$t1,6	; t1/=64
+	beq	Lcross_page
+	$UCMP	$num,$t1
+	ble	Laligned	; didn't cross the page boundary
+	mtctr	$t1
+	subfc	$num,$t1,$num
+	bl	Lsha1_block_private
+Lcross_page:
+	li	$t1,16
+	mtctr	$t1
+	addi	r20,$sp,$LOCALS	; spot within the frame
+Lmemcpy:
+	lbz	r16,0($inp)
+	lbz	r17,1($inp)
+	lbz	r18,2($inp)
+	lbz	r19,3($inp)
+	addi	$inp,$inp,4
+	stb	r16,0(r20)
+	stb	r17,1(r20)
+	stb	r18,2(r20)
+	stb	r19,3(r20)
+	addi	r20,r20,4
+	bdnz	Lmemcpy
+
+	$PUSH	$inp,`$FRAME-$SIZE_T*18`($sp)
+	li	$t1,1
+	addi	$inp,$sp,$LOCALS
+	mtctr	$t1
+	bl	Lsha1_block_private
+	$POP	$inp,`$FRAME-$SIZE_T*18`($sp)
+	addic.	$num,$num,-1
+	bne	Lunaligned
+
+Ldone:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+___
+
+# This is private block function, which uses tailored calling
+# interface, namely upon entry SHA_CTX is pre-loaded to given
+# registers and counter register contains amount of chunks to
+# digest...
+$code.=<<___;
+.align	4
+Lsha1_block_private:
+___
+$code.=<<___;	# load K_00_19
+	lis	$K,0x5a82
+	ori	$K,$K,0x7999
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_20_39
+	lis	$K,0x6ed9
+	ori	$K,$K,0xeba1
+___
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_40_59
+	lis	$K,0x8f1b
+	ori	$K,$K,0xbcdc
+___
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	# load K_60_79
+	lis	$K,0xca62
+	ori	$K,$K,0xc1d6
+___
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	r16,r16,$E
+	add	r17,r17,$T
+	add	r18,r18,$A
+	add	r19,r19,$B
+	add	r20,r20,$C
+	stw	r16,0($ctx)
+	mr	$A,r16
+	stw	r17,4($ctx)
+	mr	$B,r17
+	stw	r18,8($ctx)
+	mr	$C,r18
+	stw	r19,12($ctx)
+	mr	$D,r19
+	stw	r20,16($ctx)
+	mr	$E,r20
+	addi	$inp,$inp,`16*4`
+	bdnz	Lsha1_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	.sha1_block_data_order,.-.sha1_block_data_order
+___
+$code.=<<___;
+.asciz	"SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-s390x.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-s390x.pl
new file mode 100644
index 0000000..79df1ff
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-s390x.pl
@@ -0,0 +1,247 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for s390x.
+
+# April 2007.
+#
+# Performance is >30% better than gcc 3.3 generated code. But the real
+# twist is that SHA1 hardware support is detected and utilized. In
+# which case performance can reach further >4.5x for larger chunks.
+
+# January 2009.
+#
+# Optimize Xupdate for amount of memory references and reschedule
+# instructions to favour dual-issue z10 pipeline. On z10 hardware is
+# "only" ~2.3x faster than software.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 23% better than code generated by gcc 4.3.
+
+$kimdfunc=1;	# magic function code for kimd instruction
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$K_00_39="%r0"; $K=$K_00_39;
+$K_40_79="%r1";
+$ctx="%r2";	$prefetch="%r2";
+$inp="%r3";
+$len="%r4";
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";	@V=($A,$B,$C,$D,$E);
+$t0="%r10";
+$t1="%r11";
+@X=("%r12","%r13","%r14");
+$sp="%r15";
+
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*4;
+
+sub Xupdate {
+my $i=shift;
+
+$code.=<<___ if ($i==15);
+	lg	$prefetch,$stdframe($sp)	### Xupdate(16) warm-up
+	lr	$X[0],$X[2]
+___
+return if ($i&1);	# Xupdate is vectorized and executed every 2nd cycle
+$code.=<<___ if ($i<16);
+	lg	$X[0],`$i*4`($inp)	### Xload($i)
+	rllg	$X[1],$X[0],32
+___
+$code.=<<___ if ($i>=16);
+	xgr	$X[0],$prefetch		### Xupdate($i)
+	lg	$prefetch,`$stdframe+4*(($i+2)%16)`($sp)
+	xg	$X[0],`$stdframe+4*(($i+8)%16)`($sp)
+	xgr	$X[0],$prefetch
+	rll	$X[0],$X[0],1
+	rllg	$X[1],$X[0],32
+	rll	$X[1],$X[1],1
+	rllg	$X[0],$X[1],32
+	lr	$X[2],$X[1]		# feedback
+___
+$code.=<<___ if ($i<=70);
+	stg	$X[0],`$stdframe+4*($i%16)`($sp)
+___
+unshift(@X,pop(@X));
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$d
+	xr	$t0,$c
+	alr	$e,$t1
+	nr	$t0,$b
+	alr	$e,$xi
+	xr	$t0,$d
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$b
+	alr	$e,$t1
+	xr	$t0,$c
+	alr	$e,$xi
+	xr	$t0,$d
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+	&Xupdate($i);
+$code.=<<___;
+	alr	$e,$K		### $i
+	rll	$t1,$a,5
+	lr	$t0,$b
+	alr	$e,$t1
+	or	$t0,$c
+	lr	$t1,$b
+	nr	$t0,$d
+	nr	$t1,$c
+	alr	$e,$xi
+	or	$t0,$t1
+	rll	$b,$b,30
+	alr	$e,$t0
+___
+}
+
+$code.=<<___;
+.text
+.align	64
+.type	Ktable,\@object
+Ktable: .long	0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
+	.skip	48	#.long	0,0,0,0,0,0,0,0,0,0,0,0
+.size	Ktable,.-Ktable
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,\@function
+sha1_block_data_order:
+___
+$code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,16(%r1)	# check kimd capabilities
+	tmhh	%r0,`0x8000>>$kimdfunc`
+	jz	.Lsoftware
+	lghi	%r0,$kimdfunc
+	lgr	%r1,$ctx
+	lgr	%r2,$inp
+	sllg	%r3,$len,6
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	16
+.Lsoftware:
+___
+$code.=<<___;
+	lghi	%r1,-$frame
+	st${g}	$ctx,`2*$SIZE_T`($sp)
+	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	larl	$t0,Ktable
+	llgf	$A,0($ctx)
+	llgf	$B,4($ctx)
+	llgf	$C,8($ctx)
+	llgf	$D,12($ctx)
+	llgf	$E,16($ctx)
+
+	lg	$K_00_39,0($t0)
+	lg	$K_40_79,8($t0)
+
+.Lloop:
+	rllg	$K_00_39,$K_00_39,32
+___
+for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	rllg	$K_00_39,$K_00_39,32
+___
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;	$K=$K_40_79;
+	rllg	$K_40_79,$K_40_79,32
+___
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	rllg	$K_40_79,$K_40_79,32
+___
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
+	la	$inp,64($inp)
+	al	$A,0($ctx)
+	al	$B,4($ctx)
+	al	$C,8($ctx)
+	al	$D,12($ctx)
+	al	$E,16($ctx)
+	st	$A,0($ctx)
+	st	$B,4($ctx)
+	st	$C,8($ctx)
+	st	$D,12($ctx)
+	st	$E,16($ctx)
+	brct${g} $len,.Lloop
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+	br	%r14
+.size	sha1_block_data_order,.-sha1_block_data_order
+.string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9.pl
new file mode 100644
index 0000000..7437ff4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9.pl
@@ -0,0 +1,434 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# ====================================================================
+
+# Performance improvement is not really impressive on pre-T1 CPU: +8%
+# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it
+# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and
+# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick.
+# X[16] vector is packed to 8 64-bit registers and as result nothing
+# is spilled on stack. In addition input data is loaded in compact
+# instruction sequence, thus minimizing the window when the code is
+# subject to [inter-thread] cache-thrashing hazard. The goal is to
+# ensure scalability on UltraSPARC T1, or rather to avoid decay when
+# amount of active threads exceeds the number of physical cores.
+
+# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x
+# faster than software. Multi-process benchmark saturates at 11x
+# single-process result on 8-core processor, or ~9GBps per 2.85GHz
+# socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+$rot1m="%g2";
+$tmp64="%g3";
+$Xi="%g4";
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+$K_00_19="%l5";
+$K_20_39="%l6";
+$K_40_59="%l7";
+$K_60_79="%g5";
+@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79);
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=($i&1)?@X[($i/2)%8]:$Xi;
+
+$code.=<<___;
+	sll	$a,5,$tmp0		!! $i
+	add	@K[$i/20],$e,$e
+	srl	$a,27,$tmp1
+	add	$tmp0,$e,$e
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	andn	$d,$b,$tmp1
+	srl	$b,2,$b
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$xi,$e,$e
+___
+if ($i&1 && $i<15) {
+	$code.=
+	"	srlx	@X[(($i+1)/2)%8],32,$Xi\n";
+}
+$code.=<<___;
+	add	$tmp1,$e,$e
+___
+}
+
+sub Xupdate {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i/2;
+
+if ($i&1) {
+$code.=<<___;
+	sll	$a,5,$tmp0		!! $i
+	add	@K[$i/20],$e,$e
+	srl	$a,27,$tmp1
+___
+} else {
+$code.=<<___;
+	sllx	@X[($j+6)%8],32,$Xi	! Xupdate($i)
+	xor	@X[($j+1)%8],@X[$j%8],@X[$j%8]
+	srlx	@X[($j+7)%8],32,$tmp1
+	xor	@X[($j+4)%8],@X[$j%8],@X[$j%8]
+	sll	$a,5,$tmp0		!! $i
+	or	$tmp1,$Xi,$Xi
+	add	@K[$i/20],$e,$e		!!
+	xor	$Xi,@X[$j%8],@X[$j%8]
+	srlx	@X[$j%8],31,$Xi
+	add	@X[$j%8],@X[$j%8],@X[$j%8]
+	and	$Xi,$rot1m,$Xi
+	andn	@X[$j%8],$rot1m,@X[$j%8]
+	srl	$a,27,$tmp1		!!
+	or	$Xi,@X[$j%8],@X[$j%8]
+___
+}
+}
+
+sub BODY_16_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	add	$xi,$e,$e
+	andn	$d,$b,$tmp1
+	srl	$b,2,$b
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$tmp1,$e,$e
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	xor	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	xor	$d,$tmp0,$tmp1
+	srl	$b,2,$b
+	add	$tmp1,$e,$e
+	or	$tmp2,$b,$b
+	add	$xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+	&Xupdate(@_);
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+    } else {
+	$xi=$Xi;
+	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	add	$tmp0,$e,$e		!!
+	and	$c,$b,$tmp0
+	add	$tmp1,$e,$e
+	sll	$b,30,$tmp2
+	or	$c,$b,$tmp1
+	srl	$b,2,$b
+	and	$d,$tmp1,$tmp1
+	add	$xi,$e,$e
+	or	$tmp1,$tmp0,$tmp1
+	or	$tmp2,$b,$b
+	add	$tmp1,$e,$e
+___
+}
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.align	32
+.globl	sha1_block_data_order
+sha1_block_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_SHA1, %g0
+	be	.Lsoftware
+	nop
+
+	ld	[%o0 + 0x00], %f0	! load context
+	ld	[%o0 + 0x04], %f1
+	ld	[%o0 + 0x08], %f2
+	andcc	%o1, 0x7, %g0
+	ld	[%o0 + 0x0c], %f3
+	bne,pn	%icc, .Lhwunaligned
+	 ld	[%o0 + 0x10], %f4
+
+.Lhw_loop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet? 
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02820		! SHA1
+
+	bne,pt	SIZE_T_CC, .Lhw_loop
+	nop
+
+.Lhwfinish:
+	st	%f0, [%o0 + 0x00]	! store context
+	st	%f1, [%o0 + 0x04]
+	st	%f2, [%o0 + 0x08]
+	st	%f3, [%o0 + 0x0c]
+	retl
+	st	%f4, [%o0 + 0x10]
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02820		! SHA1
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME,%sp
+	sllx	$len,6,$len
+	add	$inp,$len,$len
+
+	or	%g0,1,$rot1m
+	sllx	$rot1m,32,$rot1m
+	or	$rot1m,1,$rot1m
+
+	ld	[$ctx+0],$A
+	ld	[$ctx+4],$B
+	ld	[$ctx+8],$C
+	ld	[$ctx+12],$D
+	ld	[$ctx+16],$E
+	andn	$inp,7,$tmp0
+
+	sethi	%hi(0x5a827999),$K_00_19
+	or	$K_00_19,%lo(0x5a827999),$K_00_19
+	sethi	%hi(0x6ed9eba1),$K_20_39
+	or	$K_20_39,%lo(0x6ed9eba1),$K_20_39
+	sethi	%hi(0x8f1bbcdc),$K_40_59
+	or	$K_40_59,%lo(0x8f1bbcdc),$K_40_59
+	sethi	%hi(0xca62c1d6),$K_60_79
+	or	$K_60_79,%lo(0xca62c1d6),$K_60_79
+
+.Lloop:
+	ldx	[$tmp0+0],@X[0]
+	ldx	[$tmp0+16],@X[2]
+	ldx	[$tmp0+32],@X[4]
+	ldx	[$tmp0+48],@X[6]
+	and	$inp,7,$tmp1
+	ldx	[$tmp0+8],@X[1]
+	sll	$tmp1,3,$tmp1
+	ldx	[$tmp0+24],@X[3]
+	subcc	%g0,$tmp1,$tmp2	! should be 64-$tmp1, but -$tmp1 works too
+	ldx	[$tmp0+40],@X[5]
+	bz,pt	%icc,.Laligned
+	ldx	[$tmp0+56],@X[7]
+
+	sllx	@X[0],$tmp1,@X[0]
+	ldx	[$tmp0+64],$tmp64
+___
+for($i=0;$i<7;$i++)
+{   $code.=<<___;
+	srlx	@X[$i+1],$tmp2,$Xi
+	sllx	@X[$i+1],$tmp1,@X[$i+1]
+	or	$Xi,@X[$i],@X[$i]
+___
+}
+$code.=<<___;
+	srlx	$tmp64,$tmp2,$tmp64
+	or	$tmp64,@X[7],@X[7]
+.Laligned:
+	srlx	@X[0],32,$Xi
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+	ld	[$ctx+0],@X[0]
+	ld	[$ctx+4],@X[1]
+	ld	[$ctx+8],@X[2]
+	ld	[$ctx+12],@X[3]
+	add	$inp,64,$inp
+	ld	[$ctx+16],@X[4]
+	cmp	$inp,$len
+
+	add	$A,@X[0],$A
+	st	$A,[$ctx+0]
+	add	$B,@X[1],$B
+	st	$B,[$ctx+4]
+	add	$C,@X[2],$C
+	st	$C,[$ctx+8]
+	add	$D,@X[3],$D
+	st	$D,[$ctx+12]
+	add	$E,@X[4],$E
+	st	$E,[$ctx+16]
+
+	bne	SIZE_T_CC,.Lloop
+	andn	$inp,7,$tmp0
+
+	ret
+	restore
+.type	sha1_block_data_order,#function
+.size	sha1_block_data_order,(.-sha1_block_data_order)
+.asciz	"SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9a.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9a.pl
new file mode 100644
index 0000000..f9ed563
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-sparcv9a.pl
@@ -0,0 +1,608 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2009
+#
+# Provided that UltraSPARC VIS instructions are pipe-lined(*) and
+# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC
+# Graphic Unit would make it possible to achieve higher instruction-
+# level parallelism, ILP, and thus higher performance. It should be
+# explicitly noted that ILP is the keyword, and it means that this
+# code would be unsuitable for cores like UltraSPARC-Tx. The idea is
+# not really novel, Sun had VIS-powered implementation for a while.
+# Unlike Sun's implementation this one can process multiple unaligned
+# input blocks, and as such works as drop-in replacement for OpenSSL
+# sha1_block_data_order. Performance improvement was measured to be
+# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on
+# UltraSPARC-III. See below for discussion...
+#
+# The module does not present direct interest for OpenSSL, because
+# it doesn't provide better performance on contemporary SPARCv9 CPUs,
+# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they
+# absolutely must score on UltraSPARC-I-IV can simply replace
+# crypto/sha/asm/sha1-sparcv9.pl with this module.
+#
+# (*)	"Pipe-lined" means that even if it takes several cycles to
+#	complete, next instruction using same functional unit [but not
+#	depending on the result of the current instruction] can start
+#	execution without having to wait for the unit. "Pairable"
+#	means that two [or more] independent instructions can be
+#	issued at the very same time.
+
+$bits=32;
+for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)	{ $bias=2047; $frame=192; }
+else		{ $bias=0;    $frame=112; }
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+$tmp3="%g5";
+
+$base="%g1";
+$align="%g4";
+$Xfer="%o5";
+$nXfer=$tmp3;
+$Xi="%o7";
+
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+
+$Actx="%o0";
+$Bctx="%o1";
+$Cctx="%o2";
+$Dctx="%o3";
+$Ectx="%o4";
+
+$fmul="%f32";
+$VK_00_19="%f34";
+$VK_20_39="%f36";
+$VK_40_59="%f38";
+$VK_60_79="%f40";
+@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79);
+@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7",
+    "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16");
+
+# This is reference 2x-parallelized VIS-powered Xupdate procedure. It
+# covers even K_NN_MM addition...
+sub Xupdate {
+my ($i)=@_;
+my $K=@VK[($i+16)/20];
+my $j=($i+16)%16;
+
+#	[ provided that GSR.alignaddr_offset is 5, $mul contains
+#	  0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to
+#	  chosen registers... ]
+$code.=<<___;
+	fxors		@X[($j+13)%16],@X[$j],@X[$j]	!-1/-1/-1:X[0]^=X[13]
+	fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+	fpadd32		@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	![fxors		%f15,%f2,%f2]
+	for		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	![fxors		%f0,%f3,%f3]			!10/17/12:X[0] dependency
+	fpadd32		$K,@X[$j],%f20
+	std		%f20,[$Xfer+`4*$j`]
+___
+# The numbers delimited with slash are the earliest possible dispatch
+# cycles for given instruction assuming 1 cycle latency for simple VIS
+# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as
+# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being
+# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1
+# round. As [long as] FPU/VIS instructions are perfectly pairable with
+# IALU ones, the round timing is defined by the maximum between VIS
+# and IALU timings. The latter varies from round to round and averages
+# out at 6.25 ticks. This means that USI&II should operate at IALU
+# rate, while USIII&IV - at VIS rate. This explains why performance
+# improvement varies among processors. Well, given that pure IALU
+# sha1-sparcv9.pl module exhibits virtually uniform performance of
+# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical
+# lower limits. Real-life performance was measured to be 6.6 cycles
+# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than
+# half-round VIS timing, because there are 16 Xupdate-free rounds,
+# which "push down" average theoretical timing to 8 cycles...
+
+# (*)	SPARC64-V[II] was originally believed to have 2 cycles VIS
+#	latency. Well, it might have, but it doesn't have dedicated
+#	VIS-unit. Instead, VIS instructions are executed by other
+#	functional units, ones used here - by IALU. This doesn't
+#	improve effective ILP...
+}
+
+# The reference Xupdate procedure is then "strained" over *pairs* of
+# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13]
+# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves
+# plenty of room to amortize for read-after-write hazard, as well as
+# to fetch and align input for the next spin. The VIS instructions are
+# scheduled for latency of 2 cycles, because there are not enough IALU
+# instructions to schedule for latency of 3, while scheduling for 1
+# would give no gain on USI&II anyway.
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+	sll		$a,5,$tmp0			!! $i
+	and		$c,$b,$tmp3
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	sll		$b,30,$tmp2
+	add		$tmp1,$e,$e
+	andn		$d,$b,$tmp1
+	add		$Xi,$e,$e
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	or		$tmp1,$tmp3,$tmp1
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1);
+	sll		$a,5,$tmp0			!! $i
+	and		$c,$b,$tmp3
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	sll		$b,30,$tmp2
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	andn		$d,$b,$tmp1
+	add		$Xi,$e,$e
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	or		$tmp1,$tmp3,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+___
+$code.=<<___ if ($i&1 && $i>=2);
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1) && $i<64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1 && $i<64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+$code.=<<___ if ($i==64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fpadd32	$K,@X[$l],%f20
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	 std		%f20,[$Xfer+`4*$l`]
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i>64);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;	# ahead reference
+my $l=($j+16-2)%16;	# behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+	and		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	or		$c,$b,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+	srl		$b,2,$b
+	and		$d,$tmp1,$tmp1
+	add		$Xi,$e,$e
+	or		$tmp1,$tmp0,$tmp1
+	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
+___
+$code.=<<___ if ($i&1);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
+	and		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$K,@X[$l],%f20			!
+	sll		$b,30,$tmp2
+	or		$c,$b,$tmp1
+	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
+	srl		$b,2,$b
+	and		$d,$tmp1,$tmp1
+	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
+	add		$Xi,$e,$e
+	or		$tmp1,$tmp0,$tmp1
+	or		$tmp2,$b,$b
+	add		$tmp1,$e,$e
+	 std		%f20,[$Xfer+`4*$l`]		!
+___
+}
+
+# If there is more data to process, then we pre-fetch the data for
+# next iteration in last ten rounds...
+sub BODY_70_79 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $m=($i%8)*2;
+
+$j=($j+16)%16;
+
+$code.=<<___ if ($i==70);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	 ldd		[$inp+64],@X[0]
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+
+	and		$inp,-64,$nXfer
+	inc		64,$inp
+	and		$nXfer,255,$nXfer
+	alignaddr	%g0,$align,%g0
+	add		$base,$nXfer,$nXfer
+___
+$code.=<<___ if ($i==71);
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i>=72);
+	 faligndata	@X[$m],@X[$m+2],@X[$m]
+	sll		$a,5,$tmp0			!! $i
+	ld		[$Xfer+`4*($i%16)`],$Xi
+	srl		$a,27,$tmp1
+	add		$tmp0,$e,$e
+	xor		$c,$b,$tmp0
+	add		$tmp1,$e,$e
+	 fpadd32	$VK_00_19,@X[$m],%f20
+	sll		$b,30,$tmp2
+	xor		$d,$tmp0,$tmp1
+	srl		$b,2,$b
+	add		$tmp1,$e,$e
+	or		$tmp2,$b,$b
+	add		$Xi,$e,$e
+___
+$code.=<<___ if ($i<77);
+	 ldd		[$inp+`8*($i+1-70)`],@X[2*($i+1-70)]
+___
+$code.=<<___ if ($i==77);	# redundant if $inp was aligned
+	 add		$align,63,$tmp0
+	 and		$tmp0,-8,$tmp0
+	 ldd		[$inp+$tmp0],@X[16]
+___
+$code.=<<___ if ($i>=72);
+	 std		%f20,[$nXfer+`4*$m`]
+___
+}
+
+$code.=<<___;
+.section	".text",#alloc,#execinstr
+
+.align	64
+vis_const:
+.long	0x5a827999,0x5a827999	! K_00_19
+.long	0x6ed9eba1,0x6ed9eba1	! K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc	! K_40_59
+.long	0xca62c1d6,0xca62c1d6	! K_60_79
+.long	0x00000100,0x00000100
+.align	64
+.type	vis_const,#object
+.size	vis_const,(.-vis_const)
+
+.globl	sha1_block_data_order
+sha1_block_data_order:
+	save	%sp,-$frame,%sp
+	add	%fp,$bias-256,$base
+
+1:	call	.+8
+	add	%o7,vis_const-1b,$tmp0
+
+	ldd	[$tmp0+0],$VK_00_19
+	ldd	[$tmp0+8],$VK_20_39
+	ldd	[$tmp0+16],$VK_40_59
+	ldd	[$tmp0+24],$VK_60_79
+	ldd	[$tmp0+32],$fmul
+
+	ld	[$ctx+0],$Actx
+	and	$base,-256,$base
+	ld	[$ctx+4],$Bctx
+	sub	$base,$bias+$frame,%sp
+	ld	[$ctx+8],$Cctx
+	and	$inp,7,$align
+	ld	[$ctx+12],$Dctx
+	and	$inp,-8,$inp
+	ld	[$ctx+16],$Ectx
+
+	! X[16] is maintained in FP register bank
+	alignaddr	%g0,$align,%g0
+	ldd		[$inp+0],@X[0]
+	sub		$inp,-64,$Xfer
+	ldd		[$inp+8],@X[2]
+	and		$Xfer,-64,$Xfer
+	ldd		[$inp+16],@X[4]
+	and		$Xfer,255,$Xfer
+	ldd		[$inp+24],@X[6]
+	add		$base,$Xfer,$Xfer
+	ldd		[$inp+32],@X[8]
+	ldd		[$inp+40],@X[10]
+	ldd		[$inp+48],@X[12]
+	brz,pt		$align,.Laligned
+	ldd		[$inp+56],@X[14]
+
+	ldd		[$inp+64],@X[16]
+	faligndata	@X[0],@X[2],@X[0]
+	faligndata	@X[2],@X[4],@X[2]
+	faligndata	@X[4],@X[6],@X[4]
+	faligndata	@X[6],@X[8],@X[6]
+	faligndata	@X[8],@X[10],@X[8]
+	faligndata	@X[10],@X[12],@X[10]
+	faligndata	@X[12],@X[14],@X[12]
+	faligndata	@X[14],@X[16],@X[14]
+
+.Laligned:
+	mov		5,$tmp0
+	dec		1,$len
+	alignaddr	%g0,$tmp0,%g0
+	fpadd32		$VK_00_19,@X[0],%f16
+	fpadd32		$VK_00_19,@X[2],%f18
+	fpadd32		$VK_00_19,@X[4],%f20
+	fpadd32		$VK_00_19,@X[6],%f22
+	fpadd32		$VK_00_19,@X[8],%f24
+	fpadd32		$VK_00_19,@X[10],%f26
+	fpadd32		$VK_00_19,@X[12],%f28
+	fpadd32		$VK_00_19,@X[14],%f30
+	std		%f16,[$Xfer+0]
+	mov		$Actx,$A
+	std		%f18,[$Xfer+8]
+	mov		$Bctx,$B
+	std		%f20,[$Xfer+16]
+	mov		$Cctx,$C
+	std		%f22,[$Xfer+24]
+	mov		$Dctx,$D
+	std		%f24,[$Xfer+32]
+	mov		$Ectx,$E
+	std		%f26,[$Xfer+40]
+	fxors		@X[13],@X[0],@X[0]
+	std		%f28,[$Xfer+48]
+	ba		.Loop
+	std		%f30,[$Xfer+56]
+.align	32
+.Loop:
+___
+for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<70;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	tst		$len
+	bz,pn		`$bits==32?"%icc":"%xcc"`,.Ltail
+	nop
+___
+for (;$i<80;$i++)	{ &BODY_70_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add		$A,$Actx,$Actx
+	add		$B,$Bctx,$Bctx
+	add		$C,$Cctx,$Cctx
+	add		$D,$Dctx,$Dctx
+	add		$E,$Ectx,$Ectx
+	mov		5,$tmp0
+	fxors		@X[13],@X[0],@X[0]
+	mov		$Actx,$A
+	mov		$Bctx,$B
+	mov		$Cctx,$C
+	mov		$Dctx,$D
+	mov		$Ectx,$E
+	alignaddr	%g0,$tmp0,%g0	
+	dec		1,$len
+	ba		.Loop
+	mov		$nXfer,$Xfer
+
+.align	32
+.Ltail:
+___
+for($i=70;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	$A,$Actx,$Actx
+	add	$B,$Bctx,$Bctx
+	add	$C,$Cctx,$Cctx
+	add	$D,$Dctx,$Dctx
+	add	$E,$Ectx,$Ectx
+
+	st	$Actx,[$ctx+0]
+	st	$Bctx,[$ctx+4]
+	st	$Cctx,[$ctx+8]
+	st	$Dctx,[$ctx+12]
+	st	$Ectx,[$ctx+16]
+
+	ret
+	restore
+.type	sha1_block_data_order,#function
+.size	sha1_block_data_order,(.-sha1_block_data_order)
+.asciz	"SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my ($ref,$opf);
+my %visopf = (	"fmul8ulx16"	=> 0x037,
+		"faligndata"	=> 0x048,
+		"fpadd32"	=> 0x052,
+		"fxor"		=> 0x06c,
+		"fxors"		=> 0x06d	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	  /gem;
+$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	  /gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-thumb.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-thumb.pl
new file mode 100644
index 0000000..661fd9f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-thumb.pl
@@ -0,0 +1,266 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block for Thumb.
+#
+# January 2007.
+#
+# The code does not present direct interest to OpenSSL, because of low
+# performance. Its purpose is to establish _size_ benchmark. Pretty
+# useless one I must say, because 30% or 88 bytes larger ARMv4 code
+# [avialable on demand] is almost _twice_ as fast. It should also be
+# noted that in-lining of .Lcommon and .Lrotate improves performance
+# by over 40%, while code increases by only 10% or 32 bytes. But once
+# again, the goal was to establish _size_ benchmark, not performance.
+
+$output=shift;
+open STDOUT,">$output";
+
+$inline=0;
+#$cheat_on_binutils=1;
+
+$t0="r0";
+$t1="r1";
+$t2="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";	# "upper" registers can be used in add/sub and mov insns
+$ctx="r9";
+$inp="r10";
+$len="r11";
+$Xi="r12";
+
+sub common {
+<<___;
+	sub	$t0,#4
+	ldr	$t1,[$t0]
+	add	$e,$K			@ E+=K_xx_xx
+	lsl	$t2,$a,#5
+	add	$t2,$e
+	lsr	$e,$a,#27
+	add	$t2,$e			@ E+=ROR(A,27)
+	add	$t2,$t1			@ E+=X[i]
+___
+}
+sub rotate {
+<<___;
+	mov	$e,$d			@ E=D
+	mov	$d,$c			@ D=C
+	lsl	$c,$b,#30
+	lsr	$b,$b,#2
+	orr	$c,$b			@ C=ROR(B,2)
+	mov	$b,$a			@ B=A
+	add	$a,$t2,$t1		@ A=E+F_xx_xx(B,C,D)
+___
+}
+
+sub BODY_00_19 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$c
+	eor	$t1,$d
+	and	$t1,$b
+	eor	$t1,$d			@ F_00_19(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+sub BODY_20_39 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$b
+	eor	$t1,$c
+	eor	$t1,$d			@ F_20_39(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+sub BODY_40_59 {
+$code.=$inline?&common():"\tbl	.Lcommon\n";
+$code.=<<___;
+	mov	$t1,$b
+	and	$t1,$c
+	mov	$e,$b
+	orr	$e,$c
+	and	$e,$d
+	orr	$t1,$e			@ F_40_59(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl	.Lrotate\n";
+}
+
+$code=<<___;
+.text
+.code	16
+
+.global	sha1_block_data_order
+.type	sha1_block_data_order,%function
+
+.align	2
+sha1_block_data_order:
+___
+if ($cheat_on_binutils) {
+$code.=<<___;
+.code	32
+	add	r3,pc,#1
+	bx	r3			@ switch to Thumb ISA
+.code	16
+___
+}
+$code.=<<___;
+	push	{r4-r7}
+	mov	r3,r8
+	mov	r4,r9
+	mov	r5,r10
+	mov	r6,r11
+	mov	r7,r12
+	push	{r3-r7,lr}
+	lsl	r2,#6
+	mov	$ctx,r0			@ save context
+	mov	$inp,r1			@ save inp
+	mov	$len,r2			@ save len
+	add	$len,$inp		@ $len to point at inp end
+
+.Lloop:
+	mov	$Xi,sp
+	mov	$t2,sp
+	sub	$t2,#16*4		@ [3]
+.LXload:
+	ldrb	$a,[$t1,#0]		@ $t1 is r1 and holds inp
+	ldrb	$b,[$t1,#1]
+	ldrb	$c,[$t1,#2]
+	ldrb	$d,[$t1,#3]
+	lsl	$a,#24
+	lsl	$b,#16
+	lsl	$c,#8
+	orr	$a,$b
+	orr	$a,$c
+	orr	$a,$d
+	add	$t1,#4
+	push	{$a}
+	cmp	sp,$t2
+	bne	.LXload			@ [+14*16]
+
+	mov	$inp,$t1		@ update $inp
+	sub	$t2,#32*4
+	sub	$t2,#32*4
+	mov	$e,#31			@ [+4]
+.LXupdate:
+	ldr	$a,[sp,#15*4]
+	ldr	$b,[sp,#13*4]
+	ldr	$c,[sp,#7*4]
+	ldr	$d,[sp,#2*4]
+	eor	$a,$b
+	eor	$a,$c
+	eor	$a,$d
+	ror	$a,$e
+	push	{$a}
+	cmp	sp,$t2
+	bne	.LXupdate		@ [+(11+1)*64]
+
+	ldmia	$t0!,{$a,$b,$c,$d,$e}	@ $t0 is r0 and holds ctx
+	mov	$t0,$Xi
+
+	ldr	$t2,.LK_00_19
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+7+4]
+.L_00_19:
+___
+	&BODY_00_19();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_00_19		@ [+(2+9+4+2+8+2)*20]
+
+	ldr	$t2,.LK_20_39
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+5]
+.L_20_39_or_60_79:
+___
+	&BODY_20_39();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_20_39_or_60_79	@ [+(2+9+3+2+8+2)*20*2]
+	cmp	sp,$t0
+	beq	.Ldone			@ [+2]
+
+	ldr	$t2,.LK_40_59
+	mov	$t1,$t0
+	sub	$t1,#20*4
+	mov	$Xi,$t1
+	mov	$K,$t2			@ [+5]
+.L_40_59:
+___
+	&BODY_40_59();
+$code.=<<___;
+	cmp	$Xi,$t0
+	bne	.L_40_59		@ [+(2+9+6+2+8+2)*20]
+
+	ldr	$t2,.LK_60_79
+	mov	$Xi,sp
+	mov	$K,$t2
+	b	.L_20_39_or_60_79	@ [+4]
+.Ldone:
+	mov	$t0,$ctx
+	ldr	$t1,[$t0,#0]
+	ldr	$t2,[$t0,#4]
+	add	$a,$t1
+	ldr	$t1,[$t0,#8]
+	add	$b,$t2
+	ldr	$t2,[$t0,#12]
+	add	$c,$t1
+	ldr	$t1,[$t0,#16]
+	add	$d,$t2
+	add	$e,$t1
+	stmia	$t0!,{$a,$b,$c,$d,$e}	@ [+20]
+
+	add	sp,#80*4		@ deallocate stack frame
+	mov	$t0,$ctx		@ restore ctx
+	mov	$t1,$inp		@ restore inp
+	cmp	$t1,$len
+	beq	.Lexit
+	b	.Lloop			@ [+6] total 3212 cycles
+.Lexit:
+	pop	{r2-r7}
+	mov	r8,r2
+	mov	r9,r3
+	mov	r10,r4
+	mov	r11,r5
+	mov	r12,r6
+	mov	lr,r7
+	pop	{r4-r7}
+	bx	lr
+.align	2
+___
+$code.=".Lcommon:\n".&common()."\tmov	pc,lr\n" if (!$inline);
+$code.=".Lrotate:\n".&rotate()."\tmov	pc,lr\n" if (!$inline);
+$code.=<<___;
+.align	2
+.LK_00_19:	.word	0x5a827999
+.LK_20_39:	.word	0x6ed9eba1
+.LK_40_59:	.word	0x8f1bbcdc
+.LK_60_79:	.word	0xca62c1d6
+.size	sha1_block_data_order,.-sha1_block_data_order
+.asciz	"SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+print $code;
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha1-x86_64.pl b/openssl-1.1.0h/crypto/sha/asm/sha1-x86_64.pl
new file mode 100755
index 0000000..6a3378b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha1-x86_64.pl
@@ -0,0 +1,2077 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# sha1_block procedure for x86_64.
+#
+# It was brought to my attention that on EM64T compiler-generated code
+# was far behind 32-bit assembler implementation. This is unlike on
+# Opteron where compiler-generated code was only 15% behind 32-bit
+# assembler, which originally made it hard to motivate the effort.
+# There was suggestion to mechanically translate 32-bit code, but I
+# dismissed it, reasoning that x86_64 offers enough register bank
+# capacity to fully utilize SHA-1 parallelism. Therefore this fresh
+# implementation:-) However! While 64-bit code does perform better
+# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
+# x86_64 does offer larger *addressable* bank, but out-of-order core
+# reaches for even more registers through dynamic aliasing, and EM64T
+# core must have managed to run-time optimize even 32-bit code just as
+# good as 64-bit one. Performance improvement is summarized in the
+# following table:
+#
+#		gcc 3.4		32-bit asm	cycles/byte
+# Opteron	+45%		+20%		6.8
+# Xeon P4	+65%		+0%		9.9
+# Core2		+60%		+10%		7.0
+
+# August 2009.
+#
+# The code was revised to minimize code size and to maximize
+# "distance" between instructions producing input to 'lea'
+# instruction and the 'lea' instruction itself, which is essential
+# for Intel Atom core.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
+# for background and implementation details. The only difference from
+# 32-bit code is that 64-bit code doesn't have to spill @X[] elements
+# to free temporary registers.
+
+# April 2011.
+#
+# Add AVX code path. See sha1-586.pl for further information.
+
+# May 2013.
+#
+# Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions
+# and loading pair of consecutive blocks to 256-bit %ymm registers)
+# did not provide impressive performance improvement till a crucial
+# hint regarding the number of Xupdate iterations to pre-compute in
+# advance was provided by Ilya Albrekht of Intel Corp.
+
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#		x86_64		SSSE3		AVX[2]
+# P4		9.05		-
+# Opteron	6.26		-
+# Core2		6.55		6.05/+8%	-
+# Westmere	6.73		5.30/+27%	-
+# Sandy Bridge	7.70		6.10/+26%	4.99/+54%
+# Ivy Bridge	6.06		4.67/+30%	4.60/+32%
+# Haswell	5.45		4.15/+31%	3.57/+53%
+# Skylake	5.18		4.06/+28%	3.54/+46%
+# Bulldozer	9.11		5.95/+53%
+# VIA Nano	9.32		7.15/+30%
+# Atom		10.3		9.17/+12%
+# Silvermont	13.1(*)		9.37/+40%
+# Goldmont	8.13		6.42/+27%	1.70/+380%(**)
+#
+# (*)	obviously suboptimal result, nothing was done about it,
+#	because SSSE3 code is compiled unconditionally;
+# (**)	SHAEXT result
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%rdx";	# 3rd arg
+
+# reassign arguments in order to produce more compact code
+$ctx="%r8";
+$inp="%r9";
+$num="%r10";
+
+$t0="%eax";
+$t1="%ebx";
+$t2="%ecx";
+@xi=("%edx","%ebp","%r14d");
+$A="%esi";
+$B="%edi";
+$C="%r11d";
+$D="%r12d";
+$E="%r13d";
+
+@V=($A,$B,$C,$D,$E);
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+	mov	`4*$i`($inp),$xi[0]
+	bswap	$xi[0]
+___
+$code.=<<___ if ($i<15);
+	mov	`4*$j`($inp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*$i`(%rsp)
+	mov	$a,$t2
+	bswap	$xi[1]
+	xor	$c,$t0
+	rol	\$5,$t2
+	and	$b,$t0
+	lea	0x5a827999($xi[0],$e),$e
+	add	$t2,$e
+	xor	$d,$t0
+	rol	\$30,$b
+	add	$t0,$e
+___
+$code.=<<___ if ($i>=15);
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*($i%16)`(%rsp)
+	mov	$a,$t2
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	xor	$c,$t0
+	rol	\$5,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	and	$b,$t0
+	lea	0x5a827999($xi[0],$e),$e
+	rol	\$30,$b
+	xor	$d,$t0
+	add	$t2,$e
+	rol	\$1,$xi[1]
+	add	$t0,$e
+___
+push(@xi,shift(@xi));
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
+$code.=<<___ if ($i<79);
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$b,$t0
+	`"mov	$xi[0],".4*($i%16)."(%rsp)"	if ($i<72)`
+	mov	$a,$t2
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	xor	$d,$t0
+	rol	\$5,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	lea	$K($xi[0],$e),$e
+	xor	$c,$t0
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t0,$e
+	rol	\$1,$xi[1]
+___
+$code.=<<___ if ($i==79);
+	mov	$b,$t0
+	mov	$a,$t2
+	xor	$d,$t0
+	lea	$K($xi[0],$e),$e
+	rol	\$5,$t2
+	xor	$c,$t0
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t0,$e
+___
+push(@xi,shift(@xi));
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i+1;
+$code.=<<___;
+	xor	`4*($j%16)`(%rsp),$xi[1]
+	mov	$d,$t0
+	mov	$xi[0],`4*($i%16)`(%rsp)
+	mov	$d,$t1
+	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
+	and	$c,$t0
+	mov	$a,$t2
+	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
+	lea	0x8f1bbcdc($xi[0],$e),$e
+	xor	$c,$t1
+	rol	\$5,$t2
+	add	$t0,$e
+	rol	\$1,$xi[1]
+	and	$b,$t1
+	add	$t2,$e
+	rol	\$30,$b
+	add	$t1,$e
+___
+push(@xi,shift(@xi));
+}
+
+$code.=<<___;
+.text
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,\@function,3
+.align	16
+sha1_block_data_order:
+	mov	OPENSSL_ia32cap_P+0(%rip),%r9d
+	mov	OPENSSL_ia32cap_P+4(%rip),%r8d
+	mov	OPENSSL_ia32cap_P+8(%rip),%r10d
+	test	\$`1<<9`,%r8d		# check SSSE3 bit
+	jz	.Lialu
+___
+$code.=<<___ if ($shaext);
+	test	\$`1<<29`,%r10d		# check SHA bit	
+	jnz	_shaext_shortcut
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<3|1<<5|1<<8`,%r10d	# check AVX2+BMI1+BMI2
+	cmp	\$`1<<3|1<<5|1<<8`,%r10d
+	je	_avx2_shortcut
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<28`,%r8d		# mask AVX bit
+	and	\$`1<<30`,%r9d		# mask "Intel CPU" bit
+	or	%r9d,%r8d
+	cmp	\$`1<<28|1<<30`,%r8d
+	je	_avx_shortcut
+___
+$code.=<<___;
+	jmp	_ssse3_shortcut
+
+.align	16
+.Lialu:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	mov	%rdi,$ctx	# reassigned argument
+	sub	\$`8+16*4`,%rsp
+	mov	%rsi,$inp	# reassigned argument
+	and	\$-64,%rsp
+	mov	%rdx,$num	# reassigned argument
+	mov	%rax,`16*4`(%rsp)
+.Lprologue:
+
+	mov	0($ctx),$A
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	16($ctx),$E
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+___
+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	add	0($ctx),$A
+	add	4($ctx),$B
+	add	8($ctx),$C
+	add	12($ctx),$D
+	add	16($ctx),$E
+	mov	$A,0($ctx)
+	mov	$B,4($ctx)
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+
+	sub	\$1,$num
+	lea	`16*4`($inp),$inp
+	jnz	.Lloop
+
+	mov	`16*4`(%rsp),%rsi
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lepilogue:
+	ret
+.size	sha1_block_data_order,.-sha1_block_data_order
+___
+if ($shaext) {{{
+######################################################################
+# Intel SHA Extensions implementation of SHA1 update function.
+#
+my ($ctx,$inp,$num)=("%rdi","%rsi","%rdx");
+my ($ABCD,$E,$E_,$BSWAP,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(0..3,8,9));
+my @MSG=map("%xmm$_",(4..7));
+
+$code.=<<___;
+.type	sha1_block_data_order_shaext,\@function,3
+.align	32
+sha1_block_data_order_shaext:
+_shaext_shortcut:
+___
+$code.=<<___ if ($win64);
+	lea	`-8-4*16`(%rsp),%rsp
+	movaps	%xmm6,-8-4*16(%rax)
+	movaps	%xmm7,-8-3*16(%rax)
+	movaps	%xmm8,-8-2*16(%rax)
+	movaps	%xmm9,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	movdqu	($ctx),$ABCD
+	movd	16($ctx),$E
+	movdqa	K_XX_XX+0xa0(%rip),$BSWAP	# byte-n-word swap
+
+	movdqu	($inp),@MSG[0]
+	pshufd	\$0b00011011,$ABCD,$ABCD	# flip word order
+	movdqu	0x10($inp),@MSG[1]
+	pshufd	\$0b00011011,$E,$E		# flip word order
+	movdqu	0x20($inp),@MSG[2]
+	pshufb	$BSWAP,@MSG[0]
+	movdqu	0x30($inp),@MSG[3]
+	pshufb	$BSWAP,@MSG[1]
+	pshufb	$BSWAP,@MSG[2]
+	movdqa	$E,$E_SAVE			# offload $E
+	pshufb	$BSWAP,@MSG[3]
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	dec		$num
+	lea		0x40($inp),%r8		# next input block
+	paddd		@MSG[0],$E
+	cmovne		%r8,$inp
+	movdqa		$ABCD,$ABCD_SAVE	# offload $ABCD
+___
+for($i=0;$i<20-4;$i+=2) {
+$code.=<<___;
+	sha1msg1	@MSG[1],@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$`int($i/5)`,$E,$ABCD	# 0-3...
+	sha1nexte	@MSG[1],$E_
+	pxor		@MSG[2],@MSG[0]
+	sha1msg1	@MSG[2],@MSG[1]
+	sha1msg2	@MSG[3],@MSG[0]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$`int(($i+1)/5)`,$E_,$ABCD
+	sha1nexte	@MSG[2],$E
+	pxor		@MSG[3],@MSG[1]
+	sha1msg2	@MSG[0],@MSG[1]
+___
+	push(@MSG,shift(@MSG));	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqu		($inp),@MSG[0]
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 64-67
+	sha1nexte	@MSG[1],$E_
+	movdqu		0x10($inp),@MSG[1]
+	pshufb		$BSWAP,@MSG[0]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 68-71
+	sha1nexte	@MSG[2],$E
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$BSWAP,@MSG[1]
+
+	movdqa		$ABCD,$E_
+	sha1rnds4	\$3,$E,$ABCD		# 72-75
+	sha1nexte	@MSG[3],$E_
+	movdqu		0x30($inp),@MSG[3]
+	pshufb		$BSWAP,@MSG[2]
+
+	movdqa		$ABCD,$E
+	sha1rnds4	\$3,$E_,$ABCD		# 76-79
+	sha1nexte	$E_SAVE,$E
+	pshufb		$BSWAP,@MSG[3]
+
+	paddd		$ABCD_SAVE,$ABCD
+	movdqa		$E,$E_SAVE		# offload $E
+
+	jnz		.Loop_shaext
+
+	pshufd	\$0b00011011,$ABCD,$ABCD
+	pshufd	\$0b00011011,$E,$E
+	movdqu	$ABCD,($ctx)
+	movd	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-4*16(%rax),%xmm6
+	movaps	-8-3*16(%rax),%xmm7
+	movaps	-8-2*16(%rax),%xmm8
+	movaps	-8-1*16(%rax),%xmm9
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
+___
+}}}
+{{{
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my $Kx="%xmm11";
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
+my @T=("%esi","%edi");
+my $j=0;
+my $rx=0;
+my $K_XX_XX="%r11";
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+{ my $sn;
+sub align32() {
+  ++$sn;
+$code.=<<___;
+	jmp	.Lalign32_$sn	# see "Decoded ICache" in manual
+.align	32
+.Lalign32_$sn:
+___
+}
+}
+
+$code.=<<___;
+.type	sha1_block_data_order_ssse3,\@function,3
+.align	16
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13		# redundant, done to share Win64 SE handler
+	push	%r14
+	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,-40-6*16(%rax)
+	movaps	%xmm7,-40-5*16(%rax)
+	movaps	%xmm8,-40-4*16(%rax)
+	movaps	%xmm9,-40-3*16(%rax)
+	movaps	%xmm10,-40-2*16(%rax)
+	movaps	%xmm11,-40-1*16(%rax)
+.Lprologue_ssse3:
+___
+$code.=<<___;
+	mov	%rax,%r14	# original %rsp
+	and	\$-64,%rsp
+	mov	%rdi,$ctx	# reassigned argument
+	mov	%rsi,$inp	# reassigned argument
+	mov	%rdx,$num	# reassigned argument
+
+	shl	\$6,$num
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	movdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	movdqa	-64($K_XX_XX),@Tx[1]	# K_00_19
+	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	movdqu	16($inp),@X[-3&7]
+	movdqu	32($inp),@X[-2&7]
+	movdqu	48($inp),@X[-1&7]
+	pshufb	@X[2],@X[-4&7]		# byte swap
+	pshufb	@X[2],@X[-3&7]
+	pshufb	@X[2],@X[-2&7]
+	add	\$64,$inp
+	paddd	@Tx[1],@X[-4&7]		# add K_00_19
+	pshufb	@X[2],@X[-1&7]
+	paddd	@Tx[1],@X[-3&7]
+	paddd	@Tx[1],@X[-2&7]
+	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
+	psubd	@Tx[1],@X[-4&7]		# restore X[]
+	movdqa	@X[-3&7],16(%rsp)
+	psubd	@Tx[1],@X[-3&7]
+	movdqa	@X[-2&7],32(%rsp)
+	psubd	@Tx[1],@X[-2&7]
+	jmp	.Loop_ssse3
+___
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));		# ror
+	&pshufd	(@X[0],@X[-4&7],0xee);	# was &movdqa	(@X[0],@X[-3&7]);
+	 eval(shift(@insns));
+	&movdqa	(@Tx[0],@X[-1&7]);
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&punpcklqdq(@X[0],@X[-3&7]);	# compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&movdqa	(@Tx[2],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+
+	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
+	&paddd	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	&movdqa	(@Tx[1],@Tx[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&psrld	(@Tx[2],30);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pslld	(@Tx[1],2);
+	&pxor	(@X[0],@Tx[2]);
+	 eval(shift(@insns));
+	  &movdqa	(@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)");	# K_XX_XX
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
+	&pshufd (@Tx[1],@X[-1&7],0xee)	if ($Xi==7);	# was &movdqa	(@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns))		if ($Xi==8);
+	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns))		if ($Xi==8);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns))		if (@insns[1] =~ /_ror/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+	&punpcklqdq(@Tx[0],@X[-1&7]);	# compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	if ($Xi%5) {
+	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+	} else {			# ... or load next one
+	  &movdqa	(@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
+	}
+	 eval(shift(@insns));		# ror
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+
+	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns))		if (@insns[0] =~ /_ror/);
+
+	&movdqa	(@Tx[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+
+	&pslld	(@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psrld	(@Tx[0],30);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+
+	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns))		if (@insns[1] =~ /_rol/);
+	 eval(shift(@insns))		if (@insns[0] =~ /_rol/);
+	  &pshufd(@Tx[1],@X[-1&7],0xee)	if ($Xi<19);	# was &movdqa	(@Tx[1],@X[0])
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+		push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &paddd	(@Tx[1],@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$num);
+	&je	(".Ldone_ssse3");
+
+	unshift(@Tx,pop(@Tx));
+
+	&movdqa	(@X[2],"64($K_XX_XX)");		# pbswap mask
+	&movdqa	(@Tx[1],"-64($K_XX_XX)");	# K_00_19
+	&movdqu	(@X[-4&7],"0($inp)");		# load input
+	&movdqu	(@X[-3&7],"16($inp)");
+	&movdqu	(@X[-2&7],"32($inp)");
+	&movdqu	(@X[-1&7],"48($inp)");
+	&pshufb	(@X[-4&7],@X[2]);		# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&pshufb	(@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddd	(@X[($Xi-4)&7],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&psubd	(@X[($Xi-4)&7],@Tx[1]);
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {	# ((c^d)&b)^d
+	# on start @T[0]=(c^d)&b
+	return &body_20_39() if ($rx==19); $rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&$_ror	($b,$j?7:2)',	# $b>>>2
+	'&xor	(@T[0],$d)',
+	'&mov	(@T[1],$a)',	# $b for next round
+
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&xor	($b,$c)',	# $c^$d for next round
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&and	(@T[1],$b)',	# ($b&($c^$d)) for next round
+
+	'&xor	($b,$c)',	# restore $b
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_20_39 () {	# b^d^c
+	# on entry @T[0]=b^d
+	return &body_40_59() if ($rx==39); $rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&xor	(@T[0],$d)	if($j==19);'.
+	'&xor	(@T[0],$c)	if($j> 19)',	# ($b^$d^$c)
+	'&mov	(@T[1],$a)',	# $b for next round
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&xor	(@T[1],$c)	if ($j< 79)',	# $b^$d for next round
+
+	'&$_ror	($b,7)',	# $b>>>2
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+
+sub body_40_59 () {	# ((b^c)&(c^d))^c
+	# on entry @T[0]=(b^c), (c^=d)
+	$rx++;
+	(
+	'($a,$b,$c,$d,$e)=@V;'.
+	'&add	($e,eval(4*($j&15))."(%rsp)")',	# X[]+K xfer
+	'&and	(@T[0],$c)	if ($j>=40)',	# (b^c)&(c^d)
+	'&xor	($c,$d)		if ($j>=40)',	# restore $c
+
+	'&$_ror	($b,7)',	# $b>>>2
+	'&mov	(@T[1],$a)',	# $b for next round
+	'&xor	(@T[0],$c)',
+
+	'&$_rol	($a,5)',
+	'&add	($e,@T[0])',
+	'&xor	(@T[1],$c)	if ($j==59);'.
+	'&xor	(@T[1],$b)	if ($j< 59)',	# b^c for next round
+
+	'&xor	($b,$c)		if ($j< 59)',	# c^d for next round
+	'&add	($e,$a);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+	);
+}
+$code.=<<___;
+.align	16
+.Loop_ssse3:
+___
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_16_31(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_00_19);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_40_59);
+	&Xupdate_ssse3_32_79(\&body_20_39);
+	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+	&Xloop_ssse3(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_ssse3
+
+.align	16
+.Ldone_ssse3:
+___
+				$j=$saved_j; @V=@saved_V;
+
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+	&Xtail_ssse3(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16(%r14),%xmm6
+	movaps	-40-5*16(%r14),%xmm7
+	movaps	-40-4*16(%r14),%xmm8
+	movaps	-40-3*16(%r14),%xmm9
+	movaps	-40-2*16(%r14),%xmm10
+	movaps	-40-1*16(%r14),%xmm11
+___
+$code.=<<___;
+	lea	(%r14),%rsi
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lepilogue_ssse3:
+	ret
+.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
+___
+
+if ($avx) {
+$Xi=4;				# reset variables
+@X=map("%xmm$_",(4..7,0..3));
+@Tx=map("%xmm$_",(8..10));
+$j=0;
+$rx=0;
+
+my $done_avx_label=".Ldone_avx";
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	sha1_block_data_order_avx,\@function,3
+.align	16
+sha1_block_data_order_avx:
+_avx_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13		# redundant, done to share Win64 SE handler
+	push	%r14
+	lea	`-64-($win64?6*16:0)`(%rsp),%rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	vmovaps	%xmm6,-40-6*16(%rax)
+	vmovaps	%xmm7,-40-5*16(%rax)
+	vmovaps	%xmm8,-40-4*16(%rax)
+	vmovaps	%xmm9,-40-3*16(%rax)
+	vmovaps	%xmm10,-40-2*16(%rax)
+	vmovaps	%xmm11,-40-1*16(%rax)
+.Lprologue_avx:
+___
+$code.=<<___;
+	mov	%rax,%r14	# original %rsp
+	and	\$-64,%rsp
+	mov	%rdi,$ctx	# reassigned argument
+	mov	%rsi,$inp	# reassigned argument
+	mov	%rdx,$num	# reassigned argument
+
+	shl	\$6,$num
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	mov	4($ctx),$B
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	$B,@T[0]		# magic seed
+	mov	16($ctx),$E
+	mov	$C,@T[1]
+	xor	$D,@T[1]
+	and	@T[1],@T[0]
+
+	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
+	vmovdqa	-64($K_XX_XX),$Kx	# K_00_19
+	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
+	vmovdqu	16($inp),@X[-3&7]
+	vmovdqu	32($inp),@X[-2&7]
+	vmovdqu	48($inp),@X[-1&7]
+	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
+	add	\$64,$inp
+	vpshufb	@X[2],@X[-3&7],@X[-3&7]
+	vpshufb	@X[2],@X[-2&7],@X[-2&7]
+	vpshufb	@X[2],@X[-1&7],@X[-1&7]
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vmovdqa	@X[1],16(%rsp)
+	vmovdqa	@X[2],32(%rsp)
+	jmp	.Loop_avx
+___
+
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vmovdqa	($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 44 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	 eval(shift(@insns));
+	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	  &vmovdqa	($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# ror
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));		# body_20_39
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));		# rol
+	 eval(shift(@insns));
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	  &vpaddd	(@Tx[1],$Kx,@X[-1&7]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
+
+	 foreach (@insns) { eval; }		# remaining instructions
+
+	&cmp	($inp,$num);
+	&je	($done_avx_label);
+
+	&vmovdqa(@X[2],"64($K_XX_XX)");		# pbswap mask
+	&vmovdqa($Kx,"-64($K_XX_XX)");		# K_00_19
+	&vmovdqu(@X[-4&7],"0($inp)");		# load input
+	&vmovdqu(@X[-3&7],"16($inp)");
+	&vmovdqu(@X[-2&7],"32($inp)");
+	&vmovdqu(@X[-1&7],"48($inp)");
+	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&add	($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]);	# X[]+K xfer to IALU
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	foreach (@insns) { eval; }
+}
+
+$code.=<<___;
+.align	16
+.Loop_avx:
+___
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_16_31(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_00_19);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_40_59);
+	&Xupdate_avx_32_79(\&body_20_39);
+	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
+
+				$saved_j=$j; @saved_V=@V;
+
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+	&Xloop_avx(\&body_20_39);
+
+$code.=<<___;
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	add	12($ctx),$D
+	mov	$A,0($ctx)
+	add	16($ctx),$E
+	mov	@T[0],4($ctx)
+	mov	@T[0],$B			# magic seed
+	mov	$C,8($ctx)
+	mov	$C,@T[1]
+	mov	$D,12($ctx)
+	xor	$D,@T[1]
+	mov	$E,16($ctx)
+	and	@T[1],@T[0]
+	jmp	.Loop_avx
+
+.align	16
+$done_avx_label:
+___
+				$j=$saved_j; @V=@saved_V;
+
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+	&Xtail_avx(\&body_20_39);
+
+$code.=<<___;
+	vzeroupper
+
+	add	0($ctx),$A			# update context
+	add	4($ctx),@T[0]
+	add	8($ctx),$C
+	mov	$A,0($ctx)
+	add	12($ctx),$D
+	mov	@T[0],4($ctx)
+	add	16($ctx),$E
+	mov	$C,8($ctx)
+	mov	$D,12($ctx)
+	mov	$E,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16(%r14),%xmm6
+	movaps	-40-5*16(%r14),%xmm7
+	movaps	-40-4*16(%r14),%xmm8
+	movaps	-40-3*16(%r14),%xmm9
+	movaps	-40-2*16(%r14),%xmm10
+	movaps	-40-1*16(%r14),%xmm11
+___
+$code.=<<___;
+	lea	(%r14),%rsi
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lepilogue_avx:
+	ret
+.size	sha1_block_data_order_avx,.-sha1_block_data_order_avx
+___
+
+if ($avx>1) {
+use integer;
+$Xi=4;					# reset variables
+@X=map("%ymm$_",(4..7,0..3));
+@Tx=map("%ymm$_",(8..10));
+$Kx="%ymm11";
+$j=0;
+
+my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi");
+my ($a5,$t0)=("%r12d","%edi");
+
+my ($A,$F,$B,$C,$D,$E)=@ROTX;
+my $rx=0;
+my $frame="%r13";
+
+$code.=<<___;
+.type	sha1_block_data_order_avx2,\@function,3
+.align	16
+sha1_block_data_order_avx2:
+_avx2_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	lea	-6*16(%rsp),%rsp
+	vmovaps	%xmm6,-40-6*16(%rax)
+	vmovaps	%xmm7,-40-5*16(%rax)
+	vmovaps	%xmm8,-40-4*16(%rax)
+	vmovaps	%xmm9,-40-3*16(%rax)
+	vmovaps	%xmm10,-40-2*16(%rax)
+	vmovaps	%xmm11,-40-1*16(%rax)
+.Lprologue_avx2:
+___
+$code.=<<___;
+	mov	%rax,%r14		# original %rsp
+	mov	%rdi,$ctx		# reassigned argument
+	mov	%rsi,$inp		# reassigned argument
+	mov	%rdx,$num		# reassigned argument
+
+	lea	-640(%rsp),%rsp
+	shl	\$6,$num
+	 lea	64($inp),$frame
+	and	\$-128,%rsp
+	add	$inp,$num
+	lea	K_XX_XX+64(%rip),$K_XX_XX
+
+	mov	0($ctx),$A		# load context
+	 cmp	$num,$frame
+	 cmovae	$inp,$frame		# next or same block
+	mov	4($ctx),$F
+	mov	8($ctx),$C
+	mov	12($ctx),$D
+	mov	16($ctx),$E
+	vmovdqu	64($K_XX_XX),@X[2]	# pbswap mask
+
+	vmovdqu		($inp),%xmm0
+	vmovdqu		16($inp),%xmm1
+	vmovdqu		32($inp),%xmm2
+	vmovdqu		48($inp),%xmm3
+	lea		64($inp),$inp
+	vinserti128	\$1,($frame),@X[-4&7],@X[-4&7]
+	vinserti128	\$1,16($frame),@X[-3&7],@X[-3&7]
+	vpshufb		@X[2],@X[-4&7],@X[-4&7]
+	vinserti128	\$1,32($frame),@X[-2&7],@X[-2&7]
+	vpshufb		@X[2],@X[-3&7],@X[-3&7]
+	vinserti128	\$1,48($frame),@X[-1&7],@X[-1&7]
+	vpshufb		@X[2],@X[-2&7],@X[-2&7]
+	vmovdqu		-64($K_XX_XX),$Kx	# K_00_19
+	vpshufb		@X[2],@X[-1&7],@X[-1&7]
+
+	vpaddd	$Kx,@X[-4&7],@X[0]	# add K_00_19
+	vpaddd	$Kx,@X[-3&7],@X[1]
+	vmovdqu	@X[0],0(%rsp)		# X[]+K xfer to IALU
+	vpaddd	$Kx,@X[-2&7],@X[2]
+	vmovdqu	@X[1],32(%rsp)
+	vpaddd	$Kx,@X[-1&7],@X[3]
+	vmovdqu	@X[2],64(%rsp)
+	vmovdqu	@X[3],96(%rsp)
+___
+for (;$Xi<8;$Xi++) {	# Xupdate_avx2_16_31
+    use integer;
+
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	&vpsrld	(@Tx[0],@X[0],31);
+	&vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	&vmovdqu("32*$Xi(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	push(@X,shift(@X));	# "rotate" X[]
+}
+$code.=<<___;
+	lea	128(%rsp),$frame
+	jmp	.Loop_avx2
+.align	32
+.Loop_avx2:
+	rorx	\$2,$F,$B
+	andn	$D,$F,$t0
+	and	$C,$F
+	xor	$t0,$F
+___
+sub bodyx_00_19 () {	# 8 instructions, 3 cycles critical path
+	# at start $f=(b&c)^(~b&d), $b>>>=2
+	return &bodyx_20_39() if ($rx==19); $rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+	'&andn	($t0,$a,$c)',			# ~b&d for next round
+
+	'&add	($e,$f)',			# e+=(b&c)^(~b&d)
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)',			# b>>>2 for next round
+	'&and	($a,$b)',			# b&c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&xor	($a,$t0);'.			# f=(b&c)^(~b&d) for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub bodyx_20_39 () {	# 7 instructions, 2 cycles critical path
+	# on entry $f=b^c^d, $b>>>=2
+	return &bodyx_40_59() if ($rx==39); $rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+
+	'&lea	($e,"($e,$f)")',		# e+=b^c^d
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)	if ($j<79)',	# b>>>2 in next round
+	'&xor	($a,$b)		if ($j<79)',	# b^c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&xor	($a,$c)		if ($j<79);'.	# f=b^c^d for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub bodyx_40_59 () {	# 10 instructions, 3 cycles critical path
+	# on entry $f=((b^c)&(c^d)), $b>>>=2
+	$rx++;
+	(
+	'($a,$f,$b,$c,$d,$e)=@ROTX;'.
+
+	'&add	($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'.	# e+=X[i]+K
+	 '&lea	($frame,"256($frame)")	if ($j%32==31);',
+	'&xor	($f,$c)		if ($j>39)',	# (b^c)&(c^d)^c
+	'&mov	($t0,$b)	if ($j<59)',	# count on zero latency
+	'&xor	($t0,$c)	if ($j<59)',	# c^d for next round
+
+	'&lea	($e,"($e,$f)")',		# e+=(b^c)&(c^d)^c
+	'&rorx	($a5,$a,27)',			# a<<<5
+	'&rorx	($f,$a,2)',			# b>>>2 in next round
+	'&xor	($a,$b)',			# b^c for next round
+
+	'&add	($e,$a5)',			# e+=a<<<5
+	'&and	($a,$t0)	if ($j< 59);'.	# f=(b^c)&(c^d) for next round
+	'&xor	($a,$c)		if ($j==59);'.	# f=b^c^d for next round
+
+	'unshift(@ROTX,pop(@ROTX)); $j++;'
+	)
+}
+
+sub Xupdate_avx2_16_31()		# recall that $Xi starts with 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 35 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrldq(@Tx[0],@X[-1&7],4);		# "X[-3]", 3 dwords
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
+	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],31);
+	&vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)")	if ($Xi%5==0);	# K_XX_XX
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
+	&vpaddd	(@X[0],@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[1],@Tx[2],30);
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpslld	(@Tx[2],@Tx[2],2);
+	&vpxor	(@X[0],@X[0],@Tx[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	 foreach (@insns) { eval; }	# remaining instructions [if any]
+
+	$Xi++;
+	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xupdate_avx2_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 35 to 50 instructions
+  my ($a,$b,$c,$d,$e);
+
+	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
+	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
+	&vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)")	if ($Xi%5==0);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpsrld	(@Tx[0],@X[0],30);
+	&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	#&vpslld	(@X[0],@X[0],2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vpaddd	(@Tx[1],@X[0],$Kx);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	&vmovdqu("32*$Xi(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
+
+	 foreach (@insns) { eval; }	# remaining instructions
+
+	$Xi++;
+	push(@X,shift(@X));	# "rotate" X[]
+}
+
+sub Xloop_avx2()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body,&$body);	# 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+	 foreach (@insns) { eval; }
+}
+
+	&align32();
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+	&Xupdate_avx2_32_79(\&bodyx_00_19);
+
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+	&Xupdate_avx2_32_79(\&bodyx_20_39);
+
+	&align32();
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+	&Xupdate_avx2_32_79(\&bodyx_40_59);
+
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+	&Xloop_avx2(\&bodyx_20_39);
+
+$code.=<<___;
+	lea	128($inp),$frame
+	lea	128($inp),%rdi			# borrow $t0
+	cmp	$num,$frame
+	cmovae	$inp,$frame			# next or previous block
+
+	# output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
+	add	0($ctx),@ROTX[0]		# update context
+	add	4($ctx),@ROTX[1]
+	add	8($ctx),@ROTX[3]
+	mov	@ROTX[0],0($ctx)
+	add	12($ctx),@ROTX[4]
+	mov	@ROTX[1],4($ctx)
+	 mov	@ROTX[0],$A			# A=d
+	add	16($ctx),@ROTX[5]
+	 mov	@ROTX[3],$a5
+	mov	@ROTX[3],8($ctx)
+	 mov	@ROTX[4],$D			# D=b
+	 #xchg	@ROTX[5],$F			# F=c, C=f
+	mov	@ROTX[4],12($ctx)
+	 mov	@ROTX[1],$F			# F=e
+	mov	@ROTX[5],16($ctx)
+	#mov	$F,16($ctx)
+	 mov	@ROTX[5],$E			# E=c
+	 mov	$a5,$C				# C=f
+	 #xchg	$F,$E				# E=c, F=e
+
+	cmp	$num,$inp
+	je	.Ldone_avx2
+___
+
+$Xi=4;				# reset variables
+@X=map("%ymm$_",(4..7,0..3));
+
+$code.=<<___;
+	vmovdqu	64($K_XX_XX),@X[2]		# pbswap mask
+	cmp	$num,%rdi			# borrowed $t0
+	ja	.Last_avx2
+
+	vmovdqu		-64(%rdi),%xmm0		# low part of @X[-4&7]
+	vmovdqu		-48(%rdi),%xmm1
+	vmovdqu		-32(%rdi),%xmm2
+	vmovdqu		-16(%rdi),%xmm3
+	vinserti128	\$1,0($frame),@X[-4&7],@X[-4&7]
+	vinserti128	\$1,16($frame),@X[-3&7],@X[-3&7]
+	vinserti128	\$1,32($frame),@X[-2&7],@X[-2&7]
+	vinserti128	\$1,48($frame),@X[-1&7],@X[-1&7]
+	jmp	.Last_avx2
+
+.align	32
+.Last_avx2:
+	lea	128+16(%rsp),$frame
+	rorx	\$2,$F,$B
+	andn	$D,$F,$t0
+	and	$C,$F
+	xor	$t0,$F
+	sub	\$-128,$inp
+___
+	$rx=$j=0;	@ROTX=($A,$F,$B,$C,$D,$E);
+
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+	&Xloop_avx2	(\&bodyx_00_19);
+
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	($Kx,"-64($K_XX_XX)");		# K_00_19
+	  &vpshufb	(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vpshufb	(@X[-3&7],@X[-3&7],@X[2]);
+	  &vpaddd	(@Tx[0],@X[-4&7],$Kx);		# add K_00_19
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	("0(%rsp)",@Tx[0]);
+	  &vpshufb	(@X[-2&7],@X[-2&7],@X[2]);
+	  &vpaddd	(@Tx[1],@X[-3&7],$Kx);
+	&Xloop_avx2	(\&bodyx_20_39);
+	  &vmovdqu	("32(%rsp)",@Tx[1]);
+	  &vpshufb	(@X[-1&7],@X[-1&7],@X[2]);
+	  &vpaddd	(@X[2],@X[-2&7],$Kx);
+
+	&Xloop_avx2	(\&bodyx_40_59);
+	&align32	();
+	  &vmovdqu	("64(%rsp)",@X[2]);
+	  &vpaddd	(@X[3],@X[-1&7],$Kx);
+	&Xloop_avx2	(\&bodyx_40_59);
+	  &vmovdqu	("96(%rsp)",@X[3]);
+	&Xloop_avx2	(\&bodyx_40_59);
+	&Xupdate_avx2_16_31(\&bodyx_40_59);
+
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xupdate_avx2_16_31(\&bodyx_20_39);
+	&Xloop_avx2	(\&bodyx_20_39);
+
+$code.=<<___;
+	lea	128(%rsp),$frame
+
+	# output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
+	add	0($ctx),@ROTX[0]		# update context
+	add	4($ctx),@ROTX[1]
+	add	8($ctx),@ROTX[3]
+	mov	@ROTX[0],0($ctx)
+	add	12($ctx),@ROTX[4]
+	mov	@ROTX[1],4($ctx)
+	 mov	@ROTX[0],$A			# A=d
+	add	16($ctx),@ROTX[5]
+	 mov	@ROTX[3],$a5
+	mov	@ROTX[3],8($ctx)
+	 mov	@ROTX[4],$D			# D=b
+	 #xchg	@ROTX[5],$F			# F=c, C=f
+	mov	@ROTX[4],12($ctx)
+	 mov	@ROTX[1],$F			# F=e
+	mov	@ROTX[5],16($ctx)
+	#mov	$F,16($ctx)
+	 mov	@ROTX[5],$E			# E=c
+	 mov	$a5,$C				# C=f
+	 #xchg	$F,$E				# E=c, F=e
+
+	cmp	$num,$inp
+	jbe	.Loop_avx2
+
+.Ldone_avx2:
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-40-6*16(%r14),%xmm6
+	movaps	-40-5*16(%r14),%xmm7
+	movaps	-40-4*16(%r14),%xmm8
+	movaps	-40-3*16(%r14),%xmm9
+	movaps	-40-2*16(%r14),%xmm10
+	movaps	-40-1*16(%r14),%xmm11
+___
+$code.=<<___;
+	lea	(%r14),%rsi
+	mov	-40(%rsi),%r14
+	mov	-32(%rsi),%r13
+	mov	-24(%rsi),%r12
+	mov	-16(%rsi),%rbp
+	mov	-8(%rsi),%rbx
+	lea	(%rsi),%rsp
+.Lepilogue_avx2:
+	ret
+.size	sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
+___
+}
+}
+$code.=<<___;
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+___
+}}}
+$code.=<<___;
+.asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	mov	`16*4`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+
+	jmp	.Lcommon_seh_tail
+.size	se_handler,.-se_handler
+___
+
+$code.=<<___ if ($shaext);
+.type	shaext_handler,\@abi-omnipotent
+.align	16
+shaext_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lcommon_seh_tail
+
+	lea	.Lepilogue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lcommon_seh_tail
+
+	lea	-8-4*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$8,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lcommon_seh_tail
+.size	shaext_handler,.-shaext_handler
+___
+
+$code.=<<___;
+.type	ssse3_handler,\@abi-omnipotent
+.align	16
+ssse3_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	232($context),%rax	# pull context->R14
+
+	lea	-40-6*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$12,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore cotnext->R12
+	mov	%r13,224($context)	# restore cotnext->R13
+	mov	%r14,232($context)	# restore cotnext->R14
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	ssse3_handler,.-ssse3_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha1_block_data_order
+	.rva	.LSEH_end_sha1_block_data_order
+	.rva	.LSEH_info_sha1_block_data_order
+___
+$code.=<<___ if ($shaext);
+	.rva	.LSEH_begin_sha1_block_data_order_shaext
+	.rva	.LSEH_end_sha1_block_data_order_shaext
+	.rva	.LSEH_info_sha1_block_data_order_shaext
+___
+$code.=<<___;
+	.rva	.LSEH_begin_sha1_block_data_order_ssse3
+	.rva	.LSEH_end_sha1_block_data_order_ssse3
+	.rva	.LSEH_info_sha1_block_data_order_ssse3
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha1_block_data_order_avx
+	.rva	.LSEH_end_sha1_block_data_order_avx
+	.rva	.LSEH_info_sha1_block_data_order_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha1_block_data_order_avx2
+	.rva	.LSEH_end_sha1_block_data_order_avx2
+	.rva	.LSEH_info_sha1_block_data_order_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha1_block_data_order:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+$code.=<<___ if ($shaext);
+.LSEH_info_sha1_block_data_order_shaext:
+	.byte	9,0,0,0
+	.rva	shaext_handler
+___
+$code.=<<___;
+.LSEH_info_sha1_block_data_order_ssse3:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha1_block_data_order_avx:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha1_block_data_order_avx2:
+	.byte	9,0,0,0
+	.rva	ssse3_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+
+####################################################################
+
+sub sha1rnds4 {
+    if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-7]),\s*%xmm([0-7])/) {
+      my @opcode=(0x0f,0x3a,0xcc);
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return "sha1rnds4\t".@_[0];
+    }
+}
+
+sub sha1op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha1nexte" => 0xc8,
+  		"sha1msg1"  => 0xc9,
+		"sha1msg2"  => 0xca	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+      my $rex=0;
+	$rex|=0x04			if ($2>=8);
+	$rex|=0x01			if ($1>=8);
+	unshift @opcode,0x40|$rex	if ($rex);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo	or
+	s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha256-586.pl b/openssl-1.1.0h/crypto/sha/asm/sha256-586.pl
new file mode 100644
index 0000000..6af1d84
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha256-586.pl
@@ -0,0 +1,1293 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 block transform for x86. September 2007.
+#
+# Performance improvement over compiler generated code varies from
+# 10% to 40% [see below]. Not very impressive on some µ-archs, but
+# it's 5 times smaller and optimizies amount of writes.
+#
+# May 2012.
+#
+# Optimization including two of Pavel Semjanov's ideas, alternative
+# Maj and full unroll, resulted in ~20-25% improvement on most CPUs,
+# ~7% on Pentium, ~40% on Atom. As fully unrolled loop body is almost
+# 15x larger, 8KB vs. 560B, it's fired only for longer inputs. But not
+# on P4, where it kills performance, nor Sandy Bridge, where folded
+# loop is approximately as fast...
+#
+# June 2012.
+#
+# Add AMD XOP-specific code path, >30% improvement on Bulldozer over
+# May version, >60% over original. Add AVX+shrd code path, >25%
+# improvement on Sandy Bridge over May version, 60% over original.
+#
+# May 2013.
+#
+# Replace AMD XOP code path with SSSE3 to cover more processors.
+# (Biggest improvement coefficient is on upcoming Atom Silvermont,
+# not shown.) Add AVX+BMI code path.
+#
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#		gcc	icc	x86 asm(*)	SIMD	x86_64 asm(**)	
+# Pentium	46	57	40/38		-	-
+# PIII		36	33	27/24		-	-
+# P4		41	38	28		-	17.3
+# AMD K8	27	25	19/15.5		-	14.9
+# Core2		26	23	18/15.6		14.3	13.8
+# Westmere	27	-	19/15.7		13.4	12.3
+# Sandy Bridge	25	-	15.9		12.4	11.6
+# Ivy Bridge	24	-	15.0		11.4	10.3
+# Haswell	22	-	13.9		9.46	7.80
+# Bulldozer	36	-	27/22		17.0	13.6
+# VIA Nano	36	-	25/22		16.8	16.5
+# Atom		50	-	30/25		21.9	18.9
+# Silvermont	40	-	34/31		22.9	20.6
+#
+# (*)	numbers after slash are for unrolled loop, where applicable;
+# (**)	x86_64 assembly performance is presented for reference
+#	purposes, results are best-available;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+
+$xmm=$avx=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+if ($xmm &&	`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+			=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if ($xmm && !$avx && $ARGV[0] eq "win32n" &&
+		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.03) + ($1>=2.10);
+}
+
+if ($xmm && !$avx && $ARGV[0] eq "win32" &&
+		`ml 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=$xmm;	### set to zero if compiling for 1.0.1
+
+$unroll_after = 64*4;	# If pre-evicted from L1P cache first spin of
+			# fully unrolled loop was measured to run about
+			# 3-4x slower. If slowdown coefficient is N and
+			# unrolled loop is m times faster, then you break
+			# even at (N-1)/(m-1) blocks. Then it needs to be
+			# adjusted for probability of code being evicted,
+			# code size/cache size=1/4. Typical m is 1.15...
+
+$A="eax";
+$E="edx";
+$T="ebx";
+$Aoff=&DWP(4,"esp");
+$Boff=&DWP(8,"esp");
+$Coff=&DWP(12,"esp");
+$Doff=&DWP(16,"esp");
+$Eoff=&DWP(20,"esp");
+$Foff=&DWP(24,"esp");
+$Goff=&DWP(28,"esp");
+$Hoff=&DWP(32,"esp");
+$Xoff=&DWP(36,"esp");
+$K256="ebp";
+
+sub BODY_16_63() {
+	&mov	($T,"ecx");			# "ecx" is preloaded
+	 &mov	("esi",&DWP(4*(9+15+16-14),"esp"));
+	&ror	("ecx",18-7);
+	 &mov	("edi","esi");
+	&ror	("esi",19-17);
+	 &xor	("ecx",$T);
+	 &shr	($T,3);
+	&ror	("ecx",7);
+	 &xor	("esi","edi");
+	 &xor	($T,"ecx");			# T = sigma0(X[-15])
+	&ror	("esi",17);
+	 &add	($T,&DWP(4*(9+15+16),"esp"));	# T += X[-16]
+	&shr	("edi",10);
+	 &add	($T,&DWP(4*(9+15+16-9),"esp"));	# T += X[-7]
+	#&xor	("edi","esi")			# sigma1(X[-2])
+	# &add	($T,"edi");			# T += sigma1(X[-2])
+	# &mov	(&DWP(4*(9+15),"esp"),$T);	# save X[0]
+
+	&BODY_00_15(1);
+}
+sub BODY_00_15() {
+    my $in_16_63=shift;
+
+	&mov	("ecx",$E);
+	 &xor	("edi","esi")			if ($in_16_63);	# sigma1(X[-2])
+	 &mov	("esi",$Foff);
+	&ror	("ecx",25-11);
+	 &add	($T,"edi")			if ($in_16_63);	# T += sigma1(X[-2])
+	 &mov	("edi",$Goff);
+	&xor	("ecx",$E);
+	 &xor	("esi","edi");
+	 &mov	($T,&DWP(4*(9+15),"esp"))	if (!$in_16_63);
+	 &mov	(&DWP(4*(9+15),"esp"),$T)	if ($in_16_63);	# save X[0]
+	&ror	("ecx",11-6);
+	 &and	("esi",$E);
+	 &mov	($Eoff,$E);		# modulo-scheduled
+	&xor	($E,"ecx");
+	 &add	($T,$Hoff);		# T += h
+	 &xor	("esi","edi");		# Ch(e,f,g)
+	&ror	($E,6);			# Sigma1(e)
+	 &mov	("ecx",$A);
+	 &add	($T,"esi");		# T += Ch(e,f,g)
+
+	&ror	("ecx",22-13);
+	 &add	($T,$E);		# T += Sigma1(e)
+	 &mov	("edi",$Boff);
+	&xor	("ecx",$A);
+	 &mov	($Aoff,$A);		# modulo-scheduled
+	 &lea	("esp",&DWP(-4,"esp"));
+	&ror	("ecx",13-2);
+	 &mov	("esi",&DWP(0,$K256));
+	&xor	("ecx",$A);
+	 &mov	($E,$Eoff);		# e in next iteration, d in this one
+	 &xor	($A,"edi");		# a ^= b
+	&ror	("ecx",2);		# Sigma0(a)
+
+	 &add	($T,"esi");		# T+= K[i]
+	 &mov	(&DWP(0,"esp"),$A);	# (b^c) in next round
+	&add	($E,$T);		# d += T
+	 &and	($A,&DWP(4,"esp"));	# a &= (b^c)
+	&add	($T,"ecx");		# T += Sigma0(a)
+	 &xor	($A,"edi");		# h = Maj(a,b,c) = Ch(a^b,c,b)
+	 &mov	("ecx",&DWP(4*(9+15+16-1),"esp"))	if ($in_16_63);	# preload T
+	&add	($K256,4);
+	 &add	($A,$T);		# h += T
+}
+
+&external_label("OPENSSL_ia32cap_P")		if (!$i386);
+
+&function_begin("sha256_block_data_order");
+	&mov	("esi",wparam(0));	# ctx
+	&mov	("edi",wparam(1));	# inp
+	&mov	("eax",wparam(2));	# num
+	&mov	("ebx","esp");		# saved sp
+
+	&call	(&label("pic_point"));	# make it PIC!
+&set_label("pic_point");
+	&blindpop($K256);
+	&lea	($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256));
+
+	&sub	("esp",16);
+	&and	("esp",-64);
+
+	&shl	("eax",6);
+	&add	("eax","edi");
+	&mov	(&DWP(0,"esp"),"esi");	# ctx
+	&mov	(&DWP(4,"esp"),"edi");	# inp
+	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
+	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
+						if (!$i386 && $xmm) {
+	&picmeup("edx","OPENSSL_ia32cap_P",$K256,&label("K256"));
+	&mov	("ecx",&DWP(0,"edx"));
+	&mov	("ebx",&DWP(4,"edx"));
+	&test	("ecx",1<<20);		# check for P4
+	&jnz	(&label("loop"));
+	&mov	("edx",&DWP(8,"edx"))	if ($xmm);
+	&test	("ecx",1<<24);		# check for FXSR
+	&jz	($unroll_after?&label("no_xmm"):&label("loop"));
+	&and	("ecx",1<<30);		# mask "Intel CPU" bit
+	&and	("ebx",1<<28|1<<9);	# mask AVX and SSSE3 bits
+	&test	("edx",1<<29)		if ($shaext);	# check for SHA
+	&jnz	(&label("shaext"))	if ($shaext);
+	&or	("ecx","ebx");
+	&and	("ecx",1<<28|1<<30);
+	&cmp	("ecx",1<<28|1<<30);
+					if ($xmm) {
+	&je	(&label("AVX"))		if ($avx);
+	&test	("ebx",1<<9);		# check for SSSE3
+	&jnz	(&label("SSSE3"));
+					} else {
+	&je	(&label("loop_shrd"));
+					}
+						if ($unroll_after) {
+&set_label("no_xmm");
+	&sub	("eax","edi");
+	&cmp	("eax",$unroll_after);
+	&jae	(&label("unrolled"));
+						} }
+	&jmp	(&label("loop"));
+
+sub COMPACT_LOOP() {
+my $suffix=shift;
+
+&set_label("loop$suffix",$suffix?32:16);
+    # copy input block to stack reversing byte and dword order
+    for($i=0;$i<4;$i++) {
+	&mov	("eax",&DWP($i*16+0,"edi"));
+	&mov	("ebx",&DWP($i*16+4,"edi"));
+	&mov	("ecx",&DWP($i*16+8,"edi"));
+	&bswap	("eax");
+	&mov	("edx",&DWP($i*16+12,"edi"));
+	&bswap	("ebx");
+	&push	("eax");
+	&bswap	("ecx");
+	&push	("ebx");
+	&bswap	("edx");
+	&push	("ecx");
+	&push	("edx");
+    }
+	&add	("edi",64);
+	&lea	("esp",&DWP(-4*9,"esp"));# place for A,B,C,D,E,F,G,H
+	&mov	(&DWP(4*(9+16)+4,"esp"),"edi");
+
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($A,&DWP(0,"esi"));
+	&mov	("ebx",&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	# &mov	($Aoff,$A);
+	&mov	($Boff,"ebx");
+	&xor	("ebx","ecx");
+	&mov	($Coff,"ecx");
+	&mov	($Doff,"edi");
+	&mov	(&DWP(0,"esp"),"ebx");	# magic
+	&mov	($E,&DWP(16,"esi"));	
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("edi",&DWP(28,"esi"));
+	# &mov	($Eoff,$E);
+	&mov	($Foff,"ebx");
+	&mov	($Goff,"ecx");
+	&mov	($Hoff,"edi");
+
+&set_label("00_15$suffix",16);
+
+	&BODY_00_15();
+
+	&cmp	("esi",0xc19bf174);
+	&jne	(&label("00_15$suffix"));
+
+	&mov	("ecx",&DWP(4*(9+15+16-1),"esp"));	# preloaded in BODY_00_15(1)
+	&jmp	(&label("16_63$suffix"));
+
+&set_label("16_63$suffix",16);
+
+	&BODY_16_63();
+
+	&cmp	("esi",0xc67178f2);
+	&jne	(&label("16_63$suffix"));
+
+	&mov	("esi",&DWP(4*(9+16+64)+0,"esp"));#ctx
+	# &mov	($A,$Aoff);
+	&mov	("ebx",$Boff);
+	# &mov	("edi",$Coff);
+	&mov	("ecx",$Doff);
+	&add	($A,&DWP(0,"esi"));
+	&add	("ebx",&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$A);
+	&mov	(&DWP(4,"esi"),"ebx");
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	# &mov	($E,$Eoff);
+	&mov	("eax",$Foff);
+	&mov	("ebx",$Goff);
+	&mov	("ecx",$Hoff);
+	&mov	("edi",&DWP(4*(9+16+64)+4,"esp"));#inp
+	&add	($E,&DWP(16,"esi"));
+	&add	("eax",&DWP(20,"esi"));
+	&add	("ebx",&DWP(24,"esi"));
+	&add	("ecx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"eax");
+	&mov	(&DWP(24,"esi"),"ebx");
+	&mov	(&DWP(28,"esi"),"ecx");
+
+	&lea	("esp",&DWP(4*(9+16+64),"esp"));# destroy frame
+	&sub	($K256,4*64);			# rewind K
+
+	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
+	&jb	(&label("loop$suffix"));
+}
+	&COMPACT_LOOP();
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+						if (!$i386 && !$xmm) {
+	# ~20% improvement on Sandy Bridge
+	local *ror = sub { &shrd(@_[0],@_) };
+	&COMPACT_LOOP("_shrd");
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+						}
+
+&set_label("K256",64);	# Yes! I keep it in the code segment!
+@K256=(	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
+	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
+	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
+	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
+	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
+	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
+	0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
+	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
+	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2	);
+&data_word(@K256);
+&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);	# byte swap mask
+&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+($a,$b,$c,$d,$e,$f,$g,$h)=(0..7);	# offsets
+sub off { &DWP(4*(((shift)-$i)&7),"esp"); }
+
+if (!$i386 && $unroll_after) {
+my @AH=($A,$K256);
+
+&set_label("unrolled",16);
+	&lea	("esp",&DWP(-96,"esp"));
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("ebx",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");		# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"ebx");
+	&mov	($E,&DWP(16,"esi"));	
+	&mov	("ebx",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"ebx");
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&jmp	(&label("grand_loop"));
+
+&set_label("grand_loop",16);
+    # copy input block to stack reversing byte order
+    for($i=0;$i<5;$i++) {
+	&mov	("ebx",&DWP(12*$i+0,"edi"));
+	&mov	("ecx",&DWP(12*$i+4,"edi"));
+	&bswap	("ebx");
+	&mov	("esi",&DWP(12*$i+8,"edi"));
+	&bswap	("ecx");
+	&mov	(&DWP(32+12*$i+0,"esp"),"ebx");
+	&bswap	("esi");
+	&mov	(&DWP(32+12*$i+4,"esp"),"ecx");
+	&mov	(&DWP(32+12*$i+8,"esp"),"esi");
+    }
+	&mov	("ebx",&DWP($i*12,"edi"));
+	&add	("edi",64);
+	&bswap	("ebx");
+	&mov	(&DWP(96+4,"esp"),"edi");
+	&mov	(&DWP(32+12*$i,"esp"),"ebx");
+
+    my ($t1,$t2) = ("ecx","esi");
+
+    for ($i=0;$i<64;$i++) {
+
+      if ($i>=16) {
+	&mov	($T,$t1);			# $t1 is preloaded
+	# &mov	($t2,&DWP(32+4*(($i+14)&15),"esp"));
+	&ror	($t1,18-7);
+	 &mov	("edi",$t2);
+	&ror	($t2,19-17);
+	 &xor	($t1,$T);
+	 &shr	($T,3);
+	&ror	($t1,7);
+	 &xor	($t2,"edi");
+	 &xor	($T,$t1);			# T = sigma0(X[-15])
+	&ror	($t2,17);
+	 &add	($T,&DWP(32+4*($i&15),"esp"));	# T += X[-16]
+	&shr	("edi",10);
+	 &add	($T,&DWP(32+4*(($i+9)&15),"esp"));	# T += X[-7]
+	#&xor	("edi",$t2)			# sigma1(X[-2])
+	# &add	($T,"edi");			# T += sigma1(X[-2])
+	# &mov	(&DWP(4*(9+15),"esp"),$T);	# save X[0]
+      }
+	&mov	($t1,$E);
+	 &xor	("edi",$t2)			if ($i>=16);	# sigma1(X[-2])
+	 &mov	($t2,&off($f));
+	&ror	($E,25-11);
+	 &add	($T,"edi")			if ($i>=16);	# T += sigma1(X[-2])
+	 &mov	("edi",&off($g));
+	&xor	($E,$t1);
+	 &mov	($T,&DWP(32+4*($i&15),"esp"))	if ($i<16);	# X[i]
+	 &mov	(&DWP(32+4*($i&15),"esp"),$T)	if ($i>=16 && $i<62);	# save X[0]
+	 &xor	($t2,"edi");
+	&ror	($E,11-6);
+	 &and	($t2,$t1);
+	 &mov	(&off($e),$t1);		# save $E, modulo-scheduled
+	&xor	($E,$t1);
+	 &add	($T,&off($h));		# T += h
+	 &xor	("edi",$t2);		# Ch(e,f,g)
+	&ror	($E,6);			# Sigma1(e)
+	 &mov	($t1,$AH[0]);
+	 &add	($T,"edi");		# T += Ch(e,f,g)
+
+	&ror	($t1,22-13);
+	 &mov	($t2,$AH[0]);
+	 &mov	("edi",&off($b));
+	&xor	($t1,$AH[0]);
+	 &mov	(&off($a),$AH[0]);	# save $A, modulo-scheduled
+	 &xor	($AH[0],"edi");		# a ^= b, (b^c) in next round
+	&ror	($t1,13-2);
+	 &and	($AH[1],$AH[0]);	# (b^c) &= (a^b)
+	 &lea	($E,&DWP(@K256[$i],$T,$E));	# T += Sigma1(1)+K[i]
+	&xor	($t1,$t2);
+	 &xor	($AH[1],"edi");		# h = Maj(a,b,c) = Ch(a^b,c,b)
+	 &mov	($t2,&DWP(32+4*(($i+2)&15),"esp"))	if ($i>=15 && $i<63);
+	&ror	($t1,2);		# Sigma0(a)
+
+	 &add	($AH[1],$E);		# h += T
+	 &add	($E,&off($d));		# d += T
+	&add	($AH[1],$t1);		# h += Sigma0(a)
+	 &mov	($t1,&DWP(32+4*(($i+15)&15),"esp"))	if ($i>=15 && $i<63);
+
+	@AH = reverse(@AH);		# rotate(a,h)
+	($t1,$t2) = ($t2,$t1);		# rotate(t1,t2)
+    }
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");		# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ebx",&DWP(24,"esp"));
+	&mov	("ecx",&DWP(28,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ebx",&DWP(24,"esi"));
+	&add	("ecx",&DWP(28,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	&mov	(&DWP(24,"esi"),"ebx");
+	&mov	(&DWP(28,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	 &mov	(&DWP(24,"esp"),"ebx");
+	 &mov	(&DWP(28,"esp"),"ecx");
+
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_loop"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+&function_end_A();
+}
+						if (!$i386 && $xmm) {{{
+if ($shaext) {
+######################################################################
+# Intel SHA Extensions implementation of SHA256 update function.
+#
+my ($ctx,$inp,$end)=("esi","edi","eax");
+my ($Wi,$ABEF,$CDGH,$TMP)=map("xmm$_",(0..2,7));
+my @MSG=map("xmm$_",(3..6));
+
+sub sha256op38 {
+ my ($opcodelet,$dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {	&data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);	}
+}
+sub sha256rnds2	{ sha256op38(0xcb,@_); }
+sub sha256msg1	{ sha256op38(0xcc,@_); }
+sub sha256msg2	{ sha256op38(0xcd,@_); }
+
+&set_label("shaext",32);
+	&sub		("esp",32);
+
+	&movdqu		($ABEF,&QWP(0,$ctx));		# DCBA
+	&lea		($K256,&DWP(0x80,$K256));
+	&movdqu		($CDGH,&QWP(16,$ctx));		# HGFE
+	&movdqa		($TMP,&QWP(0x100-0x80,$K256));	# byte swap mask
+
+	&pshufd		($Wi,$ABEF,0x1b);		# ABCD
+	&pshufd		($ABEF,$ABEF,0xb1);		# CDAB
+	&pshufd		($CDGH,$CDGH,0x1b);		# EFGH
+	&palignr	($ABEF,$CDGH,8);		# ABEF
+	&punpcklqdq	($CDGH,$Wi);			# CDGH
+	&jmp		(&label("loop_shaext"));
+
+&set_label("loop_shaext",16);
+	&movdqu		(@MSG[0],&QWP(0,$inp));
+	&movdqu		(@MSG[1],&QWP(0x10,$inp));
+	&movdqu		(@MSG[2],&QWP(0x20,$inp));
+	&pshufb		(@MSG[0],$TMP);
+	&movdqu		(@MSG[3],&QWP(0x30,$inp));
+	&movdqa		(&QWP(16,"esp"),$CDGH);		# offload
+
+	&movdqa		($Wi,&QWP(0*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&pshufb		(@MSG[1],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 0-3
+	&pshufd		($Wi,$Wi,0x0e);
+	&nop		();
+	&movdqa		(&QWP(0,"esp"),$ABEF);		# offload
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(1*16-0x80,$K256));
+	&paddd		($Wi,@MSG[1]);
+	&pshufb		(@MSG[2],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 4-7
+	&pshufd		($Wi,$Wi,0x0e);
+	&lea		($inp,&DWP(0x40,$inp));
+	&sha256msg1	(@MSG[0],@MSG[1]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(2*16-0x80,$K256));
+	&paddd		($Wi,@MSG[2]);
+	&pshufb		(@MSG[3],$TMP);
+	&sha256rnds2	($CDGH,$ABEF);			# 8-11
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[3]);
+	&palignr	($TMP,@MSG[2],4);
+	&nop		();
+	&paddd		(@MSG[0],$TMP);
+	&sha256msg1	(@MSG[1],@MSG[2]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(3*16-0x80,$K256));
+	&paddd		($Wi,@MSG[3]);
+	&sha256msg2	(@MSG[0],@MSG[3]);
+	&sha256rnds2	($CDGH,$ABEF);			# 12-15
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[0]);
+	&palignr	($TMP,@MSG[3],4);
+	&nop		();
+	&paddd		(@MSG[1],$TMP);
+	&sha256msg1	(@MSG[2],@MSG[3]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+for($i=4;$i<16-3;$i++) {
+	&movdqa		($Wi,&QWP($i*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&sha256msg2	(@MSG[1],@MSG[0]);
+	&sha256rnds2	($CDGH,$ABEF);			# 16-19...
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[1]);
+	&palignr	($TMP,@MSG[0],4);
+	&nop		();
+	&paddd		(@MSG[2],$TMP);
+	&sha256msg1	(@MSG[3],@MSG[0]);
+	&sha256rnds2	($ABEF,$CDGH);
+
+	push(@MSG,shift(@MSG));
+}
+	&movdqa		($Wi,&QWP(13*16-0x80,$K256));
+	&paddd		($Wi,@MSG[0]);
+	&sha256msg2	(@MSG[1],@MSG[0]);
+	&sha256rnds2	($CDGH,$ABEF);			# 52-55
+	&pshufd		($Wi,$Wi,0x0e);
+	&movdqa		($TMP,@MSG[1])
+	&palignr	($TMP,@MSG[0],4);
+	&sha256rnds2	($ABEF,$CDGH);
+	&paddd		(@MSG[2],$TMP);
+
+	&movdqa		($Wi,&QWP(14*16-0x80,$K256));
+	&paddd		($Wi,@MSG[1]);
+	&sha256rnds2	($CDGH,$ABEF);			# 56-59
+	&pshufd		($Wi,$Wi,0x0e);
+	&sha256msg2	(@MSG[2],@MSG[1]);
+	&movdqa		($TMP,&QWP(0x100-0x80,$K256));	# byte swap mask
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&movdqa		($Wi,&QWP(15*16-0x80,$K256));
+	&paddd		($Wi,@MSG[2]);
+	&nop		();
+	&sha256rnds2	($CDGH,$ABEF);			# 60-63
+	&pshufd		($Wi,$Wi,0x0e);
+	&cmp		($end,$inp);
+	&nop		();
+	&sha256rnds2	($ABEF,$CDGH);
+
+	&paddd		($CDGH,&QWP(16,"esp"));
+	&paddd		($ABEF,&QWP(0,"esp"));
+	&jnz		(&label("loop_shaext"));
+
+	&pshufd		($CDGH,$CDGH,0xb1);		# DCHG
+	&pshufd		($TMP,$ABEF,0x1b);		# FEBA
+	&pshufd		($ABEF,$ABEF,0xb1);		# BAFE
+	&punpckhqdq	($ABEF,$CDGH);			# DCBA
+	&palignr	($CDGH,$TMP,8);			# HGFE
+
+	&mov		("esp",&DWP(32+12,"esp"));
+	&movdqu		(&QWP(0,$ctx),$ABEF);
+	&movdqu		(&QWP(16,$ctx),$CDGH);
+&function_end_A();
+}
+
+my @X = map("xmm$_",(0..3));
+my ($t0,$t1,$t2,$t3) = map("xmm$_",(4..7));
+my @AH = ($A,$T);
+
+&set_label("SSSE3",32);
+	&lea	("esp",&DWP(-96,"esp"));
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&movdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_ssse3"));
+
+&set_label("grand_ssse3",16);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&movdqu	(@X[0],&QWP(0,"edi"));
+	&movdqu	(@X[1],&QWP(16,"edi"));
+	&movdqu	(@X[2],&QWP(32,"edi"));
+	&movdqu	(@X[3],&QWP(48,"edi"));
+	&add	("edi",64);
+	&pshufb	(@X[0],$t3);
+	&mov	(&DWP(96+4,"esp"),"edi");
+	&pshufb	(@X[1],$t3);
+	&movdqa	($t0,&QWP(0,$K256));
+	&pshufb	(@X[2],$t3);
+	&movdqa	($t1,&QWP(16,$K256));
+	&paddd	($t0,@X[0]);
+	&pshufb	(@X[3],$t3);
+	&movdqa	($t2,&QWP(32,$K256));
+	&paddd	($t1,@X[1]);
+	&movdqa	($t3,&QWP(48,$K256));
+	&movdqa	(&QWP(32+0,"esp"),$t0);
+	&paddd	($t2,@X[2]);
+	&movdqa	(&QWP(32+16,"esp"),$t1);
+	&paddd	($t3,@X[3]);
+	&movdqa	(&QWP(32+32,"esp"),$t2);
+	&movdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp	(&label("ssse3_00_47"));
+
+&set_label("ssse3_00_47",16);
+	&add		($K256,64);
+
+sub SSSE3_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 120 instructions
+
+	  eval(shift(@insns));
+	&movdqa		($t0,@X[1]);
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	&movdqa		($t3,@X[3]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&palignr	($t0,@X[0],4);		# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &palignr	($t3,@X[2],4);		# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t1,$t0);
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	&movdqa		($t2,$t0);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t0,3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &paddd		(@X[0],$t3);		# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t2,7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[3],0b11111010);	# X[14..15]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,32-18);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&psrld		($t2,18-7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,18-7);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&pxor		($t0,$t1);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,10);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&paddd		(@X[0],$t0);		# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,19-17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,$t3,0b10000000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &psrldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t3);		# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[0],0b01010000);	# X[16..17]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));			# @
+	 &psrld		($t3,10);
+	  eval(shift(@insns));
+	 &psrlq		($t2,17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrlq		($t2,19-17);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,$t3,0b00001000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&movdqa		($t2,&QWP(16*$j,$K256));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pslldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));			# @
+	&paddd		(@X[0],$t3);		# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		($t2,@X[0]);
+	  eval(shift(@insns));			# @
+
+	foreach (@insns) { eval; }		# remaining instructions
+
+	&movdqa		(&QWP(32+16*$j,"esp"),$t2);
+}
+
+sub body_00_15 () {
+	(
+	'&mov	("ecx",$E);',
+	'&ror	($E,25-11);',
+	 '&mov	("esi",&off($f));',
+	'&xor	($E,"ecx");',
+	 '&mov	("edi",&off($g));',
+	 '&xor	("esi","edi");',
+	'&ror	($E,11-6);',
+	 '&and	("esi","ecx");',
+	 '&mov	(&off($e),"ecx");',	# save $E, modulo-scheduled
+	'&xor	($E,"ecx");',
+	 '&xor	("edi","esi");',	# Ch(e,f,g)
+	'&ror	($E,6);',		# T = Sigma1(e)
+	 '&mov	("ecx",$AH[0]);',
+	 '&add	($E,"edi");',		# T += Ch(e,f,g)
+	 '&mov	("edi",&off($b));',
+	'&mov	("esi",$AH[0]);',
+
+	'&ror	("ecx",22-13);',
+	 '&mov	(&off($a),$AH[0]);',	# save $A, modulo-scheduled
+	'&xor	("ecx",$AH[0]);',
+	 '&xor	($AH[0],"edi");',	# a ^= b, (b^c) in next round
+	 '&add	($E,&off($h));',	# T += h
+	'&ror	("ecx",13-2);',
+	 '&and	($AH[1],$AH[0]);',	# (b^c) &= (a^b)
+	'&xor	("ecx","esi");',
+	 '&add	($E,&DWP(32+4*($i&15),"esp"));',	# T += K[i]+X[i]
+	 '&xor	($AH[1],"edi");',	# h = Maj(a,b,c) = Ch(a^b,c,b)
+	'&ror	("ecx",2);',		# Sigma0(a)
+
+	 '&add	($AH[1],$E);',		# h += T
+	 '&add	($E,&off($d));',	# d += T
+	'&add	($AH[1],"ecx");'.	# h += Sigma0(a)
+
+	'@AH = reverse(@AH); $i++;'	# rotate(a,h)
+	);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&SSSE3_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("ssse3_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&movdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_ssse3"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+&function_end_A();
+						if ($avx) {
+&set_label("AVX",32);
+						if ($avx>1) {
+	&and	("edx",1<<8|1<<3);		# check for BMI2+BMI1
+	&cmp	("edx",1<<8|1<<3);
+	&je	(&label("AVX_BMI"));
+						}
+	&lea	("esp",&DWP(-96,"esp"));
+	&vzeroall	();
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&vmovdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_avx"));
+
+&set_label("grand_avx",32);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&vmovdqu	(@X[0],&QWP(0,"edi"));
+	&vmovdqu	(@X[1],&QWP(16,"edi"));
+	&vmovdqu	(@X[2],&QWP(32,"edi"));
+	&vmovdqu	(@X[3],&QWP(48,"edi"));
+	&add		("edi",64);
+	&vpshufb	(@X[0],@X[0],$t3);
+	&mov		(&DWP(96+4,"esp"),"edi");
+	&vpshufb	(@X[1],@X[1],$t3);
+	&vpshufb	(@X[2],@X[2],$t3);
+	&vpaddd		($t0,@X[0],&QWP(0,$K256));
+	&vpshufb	(@X[3],@X[3],$t3);
+	&vpaddd		($t1,@X[1],&QWP(16,$K256));
+	&vpaddd		($t2,@X[2],&QWP(32,$K256));
+	&vpaddd		($t3,@X[3],&QWP(48,$K256));
+	&vmovdqa	(&QWP(32+0,"esp"),$t0);
+	&vmovdqa	(&QWP(32+16,"esp"),$t1);
+	&vmovdqa	(&QWP(32+32,"esp"),$t2);
+	&vmovdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp		(&label("avx_00_47"));
+
+&set_label("avx_00_47",16);
+	&add		($K256,64);
+
+sub Xupdate_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],4);',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],4);',	# X[9..12]
+	'&vpsrld	($t2,$t0,7);',
+	 '&vpaddd	(@X[0],@X[0],$t3);',	# X[0..3] += X[9..16]
+	'&vpsrld	($t3,$t0,3);',
+	'&vpslld	($t1,$t0,14);',
+	'&vpxor		($t0,$t3,$t2);',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,18-7);',
+	'&vpxor		($t0,$t0,$t1);',
+	'&vpslld	($t1,$t1,25-14);',
+	'&vpxor		($t0,$t0,$t2);',
+	 '&vpsrld	($t2,$t3,10);',
+	'&vpxor		($t0,$t0,$t1);',	# sigma0(X[1..4])
+	 '&vpsrlq	($t1,$t3,17);',
+	'&vpaddd	(@X[0],@X[0],$t0);',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t1);',
+	 '&vpsrlq	($t3,$t3,19);',
+	 '&vpxor	($t2,$t2,$t3);',	# sigma1(X[14..15]
+	 '&vpshufd	($t3,$t2,0b10000100);',
+	'&vpsrldq	($t3,$t3,8);',
+	'&vpaddd	(@X[0],@X[0],$t3);',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,10);',
+	 '&vpsrlq	($t1,$t3,17);',
+	 '&vpxor	($t2,$t2,$t1);',
+	 '&vpsrlq	($t3,$t3,19);',
+	 '&vpxor	($t2,$t2,$t3);',	# sigma1(X[16..17]
+	 '&vpshufd	($t3,$t2,0b11101000);',
+	'&vpslldq	($t3,$t3,8);',
+	'&vpaddd	(@X[0],@X[0],$t3);'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+local *ror = sub { &shrd(@_[0],@_) };
+sub AVX_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 120 instructions
+my $insn;
+
+	foreach (Xupdate_AVX()) {		# 31 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval($insn = shift(@insns));
+	    eval(shift(@insns)) if ($insn =~ /rorx/ && @insns[0] =~ /rorx/);
+	}
+	&vpaddd		($t2,@X[0],&QWP(16*$j,$K256));
+	foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(&QWP(32+16*$j,"esp"),$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("avx_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&vmovdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_avx"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+	&vzeroall	();
+&function_end_A();
+						if ($avx>1) {
+sub bodyx_00_15 () {			# +10%
+	(
+	'&rorx	("ecx",$E,6)',
+	'&rorx	("esi",$E,11)',
+	 '&mov	(&off($e),$E)',		# save $E, modulo-scheduled
+	'&rorx	("edi",$E,25)',
+	'&xor	("ecx","esi")',
+	 '&andn	("esi",$E,&off($g))',
+	'&xor	("ecx","edi")',		# Sigma1(e)
+	 '&and	($E,&off($f))',
+	 '&mov	(&off($a),$AH[0]);',	# save $A, modulo-scheduled
+	 '&or	($E,"esi")',		# T = Ch(e,f,g)
+
+	'&rorx	("edi",$AH[0],2)',
+	'&rorx	("esi",$AH[0],13)',
+	 '&lea	($E,&DWP(0,$E,"ecx"))',	# T += Sigma1(e)
+	'&rorx	("ecx",$AH[0],22)',
+	'&xor	("esi","edi")',
+	 '&mov	("edi",&off($b))',
+	'&xor	("ecx","esi")',		# Sigma0(a)
+
+	 '&xor	($AH[0],"edi")',	# a ^= b, (b^c) in next round
+	 '&add	($E,&off($h))',		# T += h
+	 '&and	($AH[1],$AH[0])',	# (b^c) &= (a^b)
+	 '&add	($E,&DWP(32+4*($i&15),"esp"))',	# T += K[i]+X[i]
+	 '&xor	($AH[1],"edi")',	# h = Maj(a,b,c) = Ch(a^b,c,b)
+
+	 '&add	("ecx",$E)',		# h += T
+	 '&add	($E,&off($d))',		# d += T
+	'&lea	($AH[1],&DWP(0,$AH[1],"ecx"));'.	# h += Sigma0(a)
+
+	'@AH = reverse(@AH); $i++;'	# rotate(a,h)
+	);
+}
+
+&set_label("AVX_BMI",32);
+	&lea	("esp",&DWP(-96,"esp"));
+	&vzeroall	();
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&mov	($AH[0],&DWP(0,"esi"));
+	&mov	($AH[1],&DWP(4,"esi"));
+	&mov	("ecx",&DWP(8,"esi"));
+	&mov	("edi",&DWP(12,"esi"));
+	#&mov	(&DWP(0,"esp"),$AH[0]);
+	&mov	(&DWP(4,"esp"),$AH[1]);
+	&xor	($AH[1],"ecx");			# magic
+	&mov	(&DWP(8,"esp"),"ecx");
+	&mov	(&DWP(12,"esp"),"edi");
+	&mov	($E,&DWP(16,"esi"));
+	&mov	("edi",&DWP(20,"esi"));
+	&mov	("ecx",&DWP(24,"esi"));
+	&mov	("esi",&DWP(28,"esi"));
+	#&mov	(&DWP(16,"esp"),$E);
+	&mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+	&mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esp"),"esi");
+	&vmovdqa	($t3,&QWP(256,$K256));
+	&jmp	(&label("grand_avx_bmi"));
+
+&set_label("grand_avx_bmi",32);
+	# load input, reverse byte order, add K256[0..15], save to stack
+	&vmovdqu	(@X[0],&QWP(0,"edi"));
+	&vmovdqu	(@X[1],&QWP(16,"edi"));
+	&vmovdqu	(@X[2],&QWP(32,"edi"));
+	&vmovdqu	(@X[3],&QWP(48,"edi"));
+	&add		("edi",64);
+	&vpshufb	(@X[0],@X[0],$t3);
+	&mov		(&DWP(96+4,"esp"),"edi");
+	&vpshufb	(@X[1],@X[1],$t3);
+	&vpshufb	(@X[2],@X[2],$t3);
+	&vpaddd		($t0,@X[0],&QWP(0,$K256));
+	&vpshufb	(@X[3],@X[3],$t3);
+	&vpaddd		($t1,@X[1],&QWP(16,$K256));
+	&vpaddd		($t2,@X[2],&QWP(32,$K256));
+	&vpaddd		($t3,@X[3],&QWP(48,$K256));
+	&vmovdqa	(&QWP(32+0,"esp"),$t0);
+	&vmovdqa	(&QWP(32+16,"esp"),$t1);
+	&vmovdqa	(&QWP(32+32,"esp"),$t2);
+	&vmovdqa	(&QWP(32+48,"esp"),$t3);
+	&jmp		(&label("avx_bmi_00_47"));
+
+&set_label("avx_bmi_00_47",16);
+	&add		($K256,64);
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));		# rotate(@X)
+    }
+	&cmp	(&DWP(16*$j,$K256),0x00010203);
+	&jne	(&label("avx_bmi_00_47"));
+
+    for ($i=0; $i<16; ) {
+	foreach(bodyx_00_15()) { eval; }
+    }
+
+	&mov	("esi",&DWP(96,"esp"));	#ctx
+					#&mov	($AH[0],&DWP(0,"esp"));
+	&xor	($AH[1],"edi");		#&mov	($AH[1],&DWP(4,"esp"));
+					#&mov	("edi", &DWP(8,"esp"));
+	&mov	("ecx",&DWP(12,"esp"));
+	&add	($AH[0],&DWP(0,"esi"));
+	&add	($AH[1],&DWP(4,"esi"));
+	&add	("edi",&DWP(8,"esi"));
+	&add	("ecx",&DWP(12,"esi"));
+	&mov	(&DWP(0,"esi"),$AH[0]);
+	&mov	(&DWP(4,"esi"),$AH[1]);
+	&mov	(&DWP(8,"esi"),"edi");
+	&mov	(&DWP(12,"esi"),"ecx");
+	 #&mov	(&DWP(0,"esp"),$AH[0]);
+	 &mov	(&DWP(4,"esp"),$AH[1]);
+	 &xor	($AH[1],"edi");			# magic
+	 &mov	(&DWP(8,"esp"),"edi");
+	 &mov	(&DWP(12,"esp"),"ecx");
+	#&mov	($E,&DWP(16,"esp"));
+	&mov	("edi",&DWP(20,"esp"));
+	&mov	("ecx",&DWP(24,"esp"));
+	&add	($E,&DWP(16,"esi"));
+	&add	("edi",&DWP(20,"esi"));
+	&add	("ecx",&DWP(24,"esi"));
+	&mov	(&DWP(16,"esi"),$E);
+	&mov	(&DWP(20,"esi"),"edi");
+	 &mov	(&DWP(20,"esp"),"edi");
+	&mov	("edi",&DWP(28,"esp"));
+	&mov	(&DWP(24,"esi"),"ecx");
+	 #&mov	(&DWP(16,"esp"),$E);
+	&add	("edi",&DWP(28,"esi"));
+	 &mov	(&DWP(24,"esp"),"ecx");
+	&mov	(&DWP(28,"esi"),"edi");
+	 &mov	(&DWP(28,"esp"),"edi");
+	&mov	("edi",&DWP(96+4,"esp"));	# inp
+
+	&vmovdqa	($t3,&QWP(64,$K256));
+	&sub	($K256,3*64);			# rewind K
+	&cmp	("edi",&DWP(96+8,"esp"));	# are we done yet?
+	&jb	(&label("grand_avx_bmi"));
+
+	&mov	("esp",&DWP(96+12,"esp"));	# restore sp
+	&vzeroall	();
+&function_end_A();
+						}
+						}
+						}}}
+&function_end_B("sha256_block_data_order");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha256-armv4.pl b/openssl-1.1.0h/crypto/sha/asm/sha256-armv4.pl
new file mode 100644
index 0000000..55d30cb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha256-armv4.pl
@@ -0,0 +1,732 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPL terms is granted.
+# ====================================================================
+
+# SHA256 block procedure for ARMv4. May 2007.
+
+# Performance is ~2x better than gcc 3.4 generated code and in "abso-
+# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
+# byte [on single-issue Xscale PXA250 core].
+
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 22% improvement on
+# Cortex A8 core and ~20 cycles per processed byte.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~15.4 cycles per processed byte.
+
+# September 2013.
+#
+# Add NEON implementation. On Cortex A8 it was measured to process one
+# byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon
+# S4 does it in 12.5 cycles too, but it's 50% faster than integer-only
+# code (meaning that latter performs sub-optimally, nothing was done
+# about it).
+
+# May 2014.
+#
+# Add ARMv8 code path performing at 2.0 cpb on Apple A7.
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";	$t0="r0";
+$inp="r1";	$t4="r1";
+$len="r2";	$t1="r2";
+$T1="r3";	$t3="r3";
+$A="r4";
+$B="r5";
+$C="r6";
+$D="r7";
+$E="r8";
+$F="r9";
+$G="r10";
+$H="r11";
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$t2="r12";
+$Ktbl="r14";
+
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+#if __ARM_ARCH__>=7
+	@ ldr	$t1,[$inp],#4			@ $i
+# if $i==15
+	str	$inp,[sp,#17*4]			@ make room for $t4
+# endif
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+# ifndef __ARMEB__
+	rev	$t1,$t1
+# endif
+#else
+	@ ldrb	$t1,[$inp,#3]			@ $i
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	ldrb	$t2,[$inp,#2]
+	ldrb	$t0,[$inp,#1]
+	orr	$t1,$t1,$t2,lsl#8
+	ldrb	$t2,[$inp],#4
+	orr	$t1,$t1,$t0,lsl#16
+# if $i==15
+	str	$inp,[sp,#17*4]			@ make room for $t4
+# endif
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
+	orr	$t1,$t1,$t2,lsl#24
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+#endif
+___
+$code.=<<___;
+	ldr	$t2,[$Ktbl],#4			@ *K256++
+	add	$h,$h,$t1			@ h+=X[i]
+	str	$t1,[sp,#`$i%16`*4]
+	eor	$t1,$f,$g
+	add	$h,$h,$t0,ror#$Sigma1[0]	@ h+=Sigma1(e)
+	and	$t1,$t1,$e
+	add	$h,$h,$t2			@ h+=K256[i]
+	eor	$t1,$t1,$g			@ Ch(e,f,g)
+	eor	$t0,$a,$a,ror#`$Sigma0[1]-$Sigma0[0]`
+	add	$h,$h,$t1			@ h+=Ch(e,f,g)
+#if $i==31
+	and	$t2,$t2,#0xff
+	cmp	$t2,#0xf2			@ done?
+#endif
+#if $i<15
+# if __ARM_ARCH__>=7
+	ldr	$t1,[$inp],#4			@ prefetch
+# else
+	ldrb	$t1,[$inp,#3]
+# endif
+	eor	$t2,$a,$b			@ a^b, b^c in next round
+#else
+	ldr	$t1,[sp,#`($i+2)%16`*4]		@ from future BODY_16_xx
+	eor	$t2,$a,$b			@ a^b, b^c in next round
+	ldr	$t4,[sp,#`($i+15)%16`*4]	@ from future BODY_16_xx
+#endif
+	eor	$t0,$t0,$a,ror#`$Sigma0[2]-$Sigma0[0]`	@ Sigma0(a)
+	and	$t3,$t3,$t2			@ (b^c)&=(a^b)
+	add	$d,$d,$h			@ d+=h
+	eor	$t3,$t3,$b			@ Maj(a,b,c)
+	add	$h,$h,$t0,ror#$Sigma0[0]	@ h+=Sigma0(a)
+	@ add	$h,$h,$t3			@ h+=Maj(a,b,c)
+___
+	($t2,$t3)=($t3,$t2);
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	@ ldr	$t1,[sp,#`($i+1)%16`*4]		@ $i
+	@ ldr	$t4,[sp,#`($i+14)%16`*4]
+	mov	$t0,$t1,ror#$sigma0[0]
+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
+	mov	$t2,$t4,ror#$sigma1[0]
+	eor	$t0,$t0,$t1,ror#$sigma0[1]
+	eor	$t2,$t2,$t4,ror#$sigma1[1]
+	eor	$t0,$t0,$t1,lsr#$sigma0[2]	@ sigma0(X[i+1])
+	ldr	$t1,[sp,#`($i+0)%16`*4]
+	eor	$t2,$t2,$t4,lsr#$sigma1[2]	@ sigma1(X[i+14])
+	ldr	$t4,[sp,#`($i+9)%16`*4]
+
+	add	$t2,$t2,$t0
+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`	@ from BODY_00_15
+	add	$t1,$t1,$t2
+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
+	add	$t1,$t1,$t4			@ X[i]
+___
+	&BODY_00_15(@_);
+}
+
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+#endif
+
+.text
+#if defined(__thumb2__)
+.syntax unified
+.thumb
+#else
+.code   32
+#endif
+
+.type	K256,%object
+.align	5
+K256:
+.word	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.word	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.word	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.word	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.word	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.word	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.word	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.word	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.word	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.word	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.word	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.word	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.word	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.word	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.word	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.word	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size	K256,.-K256
+.word	0				@ terminator
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha256_block_data_order
+#endif
+.align	5
+
+.global	sha256_block_data_order
+.type	sha256_block_data_order,%function
+sha256_block_data_order:
+.Lsha256_block_data_order:
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r3,pc,#8		@ sha256_block_data_order
+#else
+	adr	r3,.Lsha256_block_data_order
+#endif
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV8_SHA256
+	bne	.LARMv8
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+	stmdb	sp!,{$ctx,$inp,$len,r4-r11,lr}
+	ldmia	$ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
+	sub	$Ktbl,r3,#256+32	@ K256
+	sub	sp,sp,#16*4		@ alloca(X[16])
+.Loop:
+# if __ARM_ARCH__>=7
+	ldr	$t1,[$inp],#4
+# else
+	ldrb	$t1,[$inp,#3]
+# endif
+	eor	$t3,$B,$C		@ magic
+	eor	$t2,$t2,$t2
+___
+for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+#if __ARM_ARCH__>=7
+	ite	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	ldreq	$t3,[sp,#16*4]		@ pull ctx
+	bne	.Lrounds_16_xx
+
+	add	$A,$A,$t2		@ h+=Maj(a,b,c) from the past
+	ldr	$t0,[$t3,#0]
+	ldr	$t1,[$t3,#4]
+	ldr	$t2,[$t3,#8]
+	add	$A,$A,$t0
+	ldr	$t0,[$t3,#12]
+	add	$B,$B,$t1
+	ldr	$t1,[$t3,#16]
+	add	$C,$C,$t2
+	ldr	$t2,[$t3,#20]
+	add	$D,$D,$t0
+	ldr	$t0,[$t3,#24]
+	add	$E,$E,$t1
+	ldr	$t1,[$t3,#28]
+	add	$F,$F,$t2
+	ldr	$inp,[sp,#17*4]		@ pull inp
+	ldr	$t2,[sp,#18*4]		@ pull inp+len
+	add	$G,$G,$t0
+	add	$H,$H,$t1
+	stmia	$t3,{$A,$B,$C,$D,$E,$F,$G,$H}
+	cmp	$inp,$t2
+	sub	$Ktbl,$Ktbl,#256	@ rewind Ktbl
+	bne	.Loop
+
+	add	sp,sp,#`16+3`*4	@ destroy frame
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r11,pc}
+#else
+	ldmia	sp!,{r4-r11,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha256_block_data_order,.-sha256_block_data_order
+___
+######################################################################
+# NEON stuff
+#
+{{{
+my @X=map("q$_",(0..3));
+my ($T0,$T1,$T2,$T3,$T4,$T5)=("q8","q9","q10","q11","d24","d25");
+my $Xfer=$t4;
+my $j=0;
+
+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
+
+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
+  my $arg = pop;
+    $arg = "#$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
+}
+
+sub Xupdate()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	&vext_8		($T0,@X[0],@X[1],4);	# X[1..4]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vext_8		($T1,@X[2],@X[3],4);	# X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T2,$T0,$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += X[9..12]
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T1,$T0,$sigma0[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	($T2,$T0,32-$sigma0[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vshr_u32	($T3,$T0,$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		($T1,$T1,$T2);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vsli_32	($T3,$T0,32-$sigma0[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&veor		($T1,$T1,$T3);		# sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T5,&Dhi(@X[3]),$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);		# sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(&Dlo(@X[0]),&Dlo(@X[0]),$T5);# X[0..1] += sigma1(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T5,&Dlo(@X[0]),$sigma1[2]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[1]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	  &veor		($T5,$T5,$T4);		# sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	(&Dhi(@X[0]),&Dhi(@X[0]),$T5);# X[2..3] += sigma1(X[16..17])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	($T0,$T0,@X[0]);
+	 while($#insns>=2) { eval(shift(@insns)); }
+	&vst1_32	("{$T0}","[$Xfer,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub Xpreload()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);
+  my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vrev32_8	(@X[0],@X[0]);
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&vadd_i32	($T0,$T0,@X[0]);
+	 foreach (@insns) { eval; }	# remaining instructions
+	&vst1_32	("{$T0}","[$Xfer,:128]!");
+
+	push(@X,shift(@X));		# "rotate" X[]
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
+	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
+	'&eor	($t1,$f,$g)',
+	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
+	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
+	'&and	($t1,$t1,$e)',
+	'&eor	($t2,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
+	'&eor	($t0,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
+	'&eor	($t1,$t1,$g)',			# Ch(e,f,g)
+	'&add	($h,$h,$t2,"ror#$Sigma1[0]")',	# h+=Sigma1(e)
+	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
+	'&eor	($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
+	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
+	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
+	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
+	'&ldr	($t1,"[sp,#64]")			if ($j==31)',
+	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
+	'&add	($d,$d,$h)',			# d+=h
+	'&add	($h,$h,$t0,"ror#$Sigma0[0]");'.	# h+=Sigma0(a)
+	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
+	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
+	)
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	sha256_block_data_order_neon
+.type	sha256_block_data_order_neon,%function
+.align	5
+.skip	16
+sha256_block_data_order_neon:
+.LNEON:
+	stmdb	sp!,{r4-r12,lr}
+
+	sub	$H,sp,#16*4+16
+	adr	$Ktbl,K256
+	bic	$H,$H,#15		@ align for 128-bit stores
+	mov	$t2,sp
+	mov	sp,$H			@ alloca
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+
+	vld1.8		{@X[0]},[$inp]!
+	vld1.8		{@X[1]},[$inp]!
+	vld1.8		{@X[2]},[$inp]!
+	vld1.8		{@X[3]},[$inp]!
+	vld1.32		{$T0},[$Ktbl,:128]!
+	vld1.32		{$T1},[$Ktbl,:128]!
+	vld1.32		{$T2},[$Ktbl,:128]!
+	vld1.32		{$T3},[$Ktbl,:128]!
+	vrev32.8	@X[0],@X[0]		@ yes, even on
+	str		$ctx,[sp,#64]
+	vrev32.8	@X[1],@X[1]		@ big-endian
+	str		$inp,[sp,#68]
+	mov		$Xfer,sp
+	vrev32.8	@X[2],@X[2]
+	str		$len,[sp,#72]
+	vrev32.8	@X[3],@X[3]
+	str		$t2,[sp,#76]		@ save original sp
+	vadd.i32	$T0,$T0,@X[0]
+	vadd.i32	$T1,$T1,@X[1]
+	vst1.32		{$T0},[$Xfer,:128]!
+	vadd.i32	$T2,$T2,@X[2]
+	vst1.32		{$T1},[$Xfer,:128]!
+	vadd.i32	$T3,$T3,@X[3]
+	vst1.32		{$T2},[$Xfer,:128]!
+	vst1.32		{$T3},[$Xfer,:128]!
+
+	ldmia		$ctx,{$A-$H}
+	sub		$Xfer,$Xfer,#64
+	ldr		$t1,[sp,#0]
+	eor		$t2,$t2,$t2
+	eor		$t3,$B,$C
+	b		.L_00_48
+
+.align	4
+.L_00_48:
+___
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+	&Xupdate(\&body_00_15);
+$code.=<<___;
+	teq	$t1,#0				@ check for K256 terminator
+	ldr	$t1,[sp,#0]
+	sub	$Xfer,$Xfer,#64
+	bne	.L_00_48
+
+	ldr		$inp,[sp,#68]
+	ldr		$t0,[sp,#72]
+	sub		$Ktbl,$Ktbl,#256	@ rewind $Ktbl
+	teq		$inp,$t0
+	it		eq
+	subeq		$inp,$inp,#64		@ avoid SEGV
+	vld1.8		{@X[0]},[$inp]!		@ load next input block
+	vld1.8		{@X[1]},[$inp]!
+	vld1.8		{@X[2]},[$inp]!
+	vld1.8		{@X[3]},[$inp]!
+	it		ne
+	strne		$inp,[sp,#68]
+	mov		$Xfer,sp
+___
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+	&Xpreload(\&body_00_15);
+$code.=<<___;
+	ldr	$t0,[$t1,#0]
+	add	$A,$A,$t2			@ h+=Maj(a,b,c) from the past
+	ldr	$t2,[$t1,#4]
+	ldr	$t3,[$t1,#8]
+	ldr	$t4,[$t1,#12]
+	add	$A,$A,$t0			@ accumulate
+	ldr	$t0,[$t1,#16]
+	add	$B,$B,$t2
+	ldr	$t2,[$t1,#20]
+	add	$C,$C,$t3
+	ldr	$t3,[$t1,#24]
+	add	$D,$D,$t4
+	ldr	$t4,[$t1,#28]
+	add	$E,$E,$t0
+	str	$A,[$t1],#4
+	add	$F,$F,$t2
+	str	$B,[$t1],#4
+	add	$G,$G,$t3
+	str	$C,[$t1],#4
+	add	$H,$H,$t4
+	str	$D,[$t1],#4
+	stmia	$t1,{$E-$H}
+
+	ittte	ne
+	movne	$Xfer,sp
+	ldrne	$t1,[sp,#0]
+	eorne	$t2,$t2,$t2
+	ldreq	sp,[sp,#76]			@ restore original sp
+	itt	ne
+	eorne	$t3,$B,$C
+	bne	.L_00_48
+
+	ldmia	sp!,{r4-r12,pc}
+.size	sha256_block_data_order_neon,.-sha256_block_data_order_neon
+#endif
+___
+}}}
+######################################################################
+# ARMv8 stuff
+#
+{{{
+my ($ABCD,$EFGH,$abcd)=map("q$_",(0..2));
+my @MSG=map("q$_",(8..11));
+my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15));
+my $Ktbl="r3";
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+
+# if defined(__thumb2__)
+#  define INST(a,b,c,d)	.byte	c,d|0xc,a,b
+# else
+#  define INST(a,b,c,d)	.byte	a,b,c,d
+# endif
+
+.type	sha256_block_data_order_armv8,%function
+.align	5
+sha256_block_data_order_armv8:
+.LARMv8:
+	vld1.32	{$ABCD,$EFGH},[$ctx]
+	sub	$Ktbl,$Ktbl,#256+32
+	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
+	b	.Loop_v8
+
+.align	4
+.Loop_v8:
+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
+	vld1.32		{$W0},[$Ktbl]!
+	vrev32.8	@MSG[0],@MSG[0]
+	vrev32.8	@MSG[1],@MSG[1]
+	vrev32.8	@MSG[2],@MSG[2]
+	vrev32.8	@MSG[3],@MSG[3]
+	vmov		$ABCD_SAVE,$ABCD	@ offload
+	vmov		$EFGH_SAVE,$EFGH
+	teq		$inp,$len
+___
+for($i=0;$i<12;$i++) {
+$code.=<<___;
+	vld1.32		{$W1},[$Ktbl]!
+	vadd.i32	$W0,$W0,@MSG[0]
+	sha256su0	@MSG[0],@MSG[1]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	vld1.32		{$W1},[$Ktbl]!
+	vadd.i32	$W0,$W0,@MSG[0]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	vld1.32		{$W0},[$Ktbl]!
+	vadd.i32	$W1,$W1,@MSG[1]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	vld1.32		{$W1},[$Ktbl]
+	vadd.i32	$W0,$W0,@MSG[2]
+	sub		$Ktbl,$Ktbl,#256-16	@ rewind
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	vadd.i32	$W1,$W1,@MSG[3]
+	vmov		$abcd,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
+	vadd.i32	$EFGH,$EFGH,$EFGH_SAVE
+	it		ne
+	bne		.Loop_v8
+
+	vst1.32		{$ABCD,$EFGH},[$ctx]
+
+	ret		@ bx lr
+.size	sha256_block_data_order_armv8,.-sha256_block_data_order_armv8
+#endif
+___
+}}}
+$code.=<<___;
+.asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.comm   OPENSSL_armcap_P,4,4
+#endif
+___
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+{   my  %opcode = (
+	"sha256h"	=> 0xf3000c40,	"sha256h2"	=> 0xf3100c40,
+	"sha256su0"	=> 0xf3ba03c0,	"sha256su1"	=> 0xf3200c40	);
+
+    sub unsha256 {
+	my ($mnemonic,$arg)=@_;
+
+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
+					 |(($2&7)<<17)|(($2&8)<<4)
+					 |(($3&7)<<1) |(($3&8)<<2);
+	    # since ARMv7 instructions are always encoded little-endian.
+	    # correct solution is to use .inst directive, but older
+	    # assemblers don't implement it:-(
+	    sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s",
+			$word&0xff,($word>>8)&0xff,
+			($word>>16)&0xff,($word>>24)&0xff,
+			$mnemonic,$arg;
+	}
+    }
+}
+
+foreach (split($/,$code)) {
+
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha256\w+)\s+(q.*)/unsha256($1,$2)/geo;
+
+	s/\bret\b/bx	lr/go		or
+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
+
+	print $_,"\n";
+}
+
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha256-c64xplus.pl b/openssl-1.1.0h/crypto/sha/asm/sha256-c64xplus.pl
new file mode 100644
index 0000000..3ab7d9b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha256-c64xplus.pl
@@ -0,0 +1,320 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 for C64x+.
+#
+# January 2012
+#
+# Performance is just below 10 cycles per processed byte, which is
+# almost 40% faster than compiler-generated code. Unroll is unlikely
+# to give more than ~8% improvement...
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
+ $K256="A3";
+
+($A,$Actx,$B,$Bctx,$C,$Cctx,$D,$Dctx,$T2,$S0,$s1,$t0a,$t1a,$t2a,$X9,$X14)
+	=map("A$_",(16..31));
+($E,$Ectx,$F,$Fctx,$G,$Gctx,$H,$Hctx,$T1,$S1,$s0,$t0e,$t1e,$t2e,$X1,$X15)
+	=map("B$_",(16..31));
+
+($Xia,$Xib)=("A5","B5");			# circular/ring buffer
+ $CTXB=$t2e;
+
+($Xn,$X0,$K)=("B7","B8","B9");
+($Maj,$Ch)=($T2,"B6");
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	sha256_block_data_order,_sha256_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	SWAP2,MV
+	.asg	SWAP4,MV
+	.endif
+
+	.global	_sha256_block_data_order
+_sha256_block_data_order:
+__sha256_block:
+	.asmfunc stack_usage(64)
+	MV	$NUM,A0				; reassign $NUM
+||	MVK	-64,B0
+  [!A0]	BNOP	RA				; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--[16]			; save frame pointer and alloca(64)
+|| [A0]	MV	SP,FP
+   [A0]	ADDKPC	__sha256_block,B2
+|| [A0]	AND	B0,SP,SP			; align stack at 64 bytes
+	.if	__TI_EABI__
+   [A0]	MVK	0x00404,B1
+|| [A0]	MVKL	\$PCR_OFFSET(K256,__sha256_block),$K256
+   [A0]	MVKH	0x50000,B1
+|| [A0]	MVKH	\$PCR_OFFSET(K256,__sha256_block),$K256
+	.else
+   [A0]	MVK	0x00404,B1
+|| [A0]	MVKL	(K256-__sha256_block),$K256
+   [A0]	MVKH	0x50000,B1
+|| [A0]	MVKH	(K256-__sha256_block),$K256
+	.endif
+   [A0]	MVC	B1,AMR				; setup circular addressing
+|| [A0]	MV	SP,$Xia
+   [A0]	MV	SP,$Xib
+|| [A0]	ADD	B2,$K256,$K256
+|| [A0]	MV	$CTXA,$CTXB
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	LDW	*${CTXA}[0],$A			; load ctx
+||	LDW	*${CTXB}[4],$E
+	LDW	*${CTXA}[1],$B
+||	LDW	*${CTXB}[5],$F
+	LDW	*${CTXA}[2],$C
+||	LDW	*${CTXB}[6],$G
+	LDW	*${CTXA}[3],$D
+||	LDW	*${CTXB}[7],$H
+
+	LDNW	*$INP++,$Xn			; pre-fetch input
+	LDW	*$K256++,$K			; pre-fetch K256[0]
+	MVK	14,B0				; loop counters
+	MVK	47,B1
+||	ADDAW	$Xia,9,$Xia
+outerloop?:
+	SUB	A0,1,A0
+||	MV	$A,$Actx
+||	MV	$E,$Ectx
+||	MVD	$B,$Bctx
+||	MVD	$F,$Fctx
+	MV	$C,$Cctx
+||	MV	$G,$Gctx
+||	MVD	$D,$Dctx
+||	MVD	$H,$Hctx
+||	SWAP4	$Xn,$X0
+
+	SPLOOPD	8				; BODY_00_14
+||	MVC	B0,ILC
+||	SWAP2	$X0,$X0
+
+	LDNW	*$INP++,$Xn
+||	ROTL	$A,30,$S0
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$K,$H,$T1			; T1 = h + K256[i]
+	ADD	$X0,$T1,$T1			; T1 += X[i];
+||	STW	$X0,*$Xib++
+||	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	ROTL	$G,0,$H				; h = g
+||	MV	$F,$G				; g = f
+||	MV	$X0,$X14
+||	SWAP4	$Xn,$X0
+	SWAP2	$X0,$X0
+||	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+	MV	$B,$C				; c = b
+||	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+	SPKERNEL
+
+	ROTL	$A,30,$S0			; BODY_15
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+||	LDW	*${Xib}[1],$Xn			; modulo-scheduled
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+||	LDW	*${Xib}[2],$X1			; modulo-scheduled
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$K,$H,$T1			; T1 = h + K256[i]
+	ADD	$X0,$T1,$T1			; T1 += X[i];
+||	STW	$X0,*$Xib++
+||	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	ROTL	$G,0,$H				; h = g
+||	MV	$F,$G				; g = f
+||	MV	$X0,$X15
+	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+||	MV	$Xn,$X0				; modulo-scheduled
+||	LDW	*$Xia,$X9			; modulo-scheduled
+||	ROTL	$X1,25,$t0e			; modulo-scheduled
+||	ROTL	$X14,15,$t0a			; modulo-scheduled
+	SHRU	$X1,3,$s0			; modulo-scheduled
+||	SHRU	$X14,10,$s1			; modulo-scheduled
+||	ROTL	$B,0,$C				; c = b
+||	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+
+	SPLOOPD	10				; BODY_16_63
+||	MVC	B1,ILC
+||	ROTL	$X1,14,$t1e			; modulo-scheduled
+||	ROTL	$X14,13,$t1a			; modulo-scheduled
+
+	XOR	$t0e,$s0,$s0
+||	XOR	$t0a,$s1,$s1
+||	MV	$X15,$X14
+||	MV	$X1,$Xn
+	XOR	$t1e,$s0,$s0			; sigma0(X[i+1])
+||	XOR	$t1a,$s1,$s1			; sigma1(X[i+14])
+||	LDW	*${Xib}[2],$X1			; module-scheduled
+	ROTL	$A,30,$S0
+||	OR	$A,$B,$Maj
+||	AND	$A,$B,$t2a
+||	ROTL	$E,26,$S1
+||	AND	$F,$E,$Ch
+||	ANDN	$G,$E,$t2e
+||	ADD	$X9,$X0,$X0			; X[i] += X[i+9]
+	ROTL	$A,19,$t0a
+||	AND	$C,$Maj,$Maj
+||	ROTL	$E,21,$t0e
+||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
+||	ADD	$s0,$X0,$X0			; X[i] += sigma1(X[i+1])
+	ROTL	$A,10,$t1a
+||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ROTL	$E,7,$t1e
+||	ADD	$H,$K,$T1			; T1 = h + K256[i]
+||	ADD	$s1,$X0,$X0			; X[i] += sigma1(X[i+14])
+	XOR	$t0a,$S0,$S0
+||	XOR	$t0e,$S1,$S1
+||	ADD	$X0,$T1,$T1			; T1 += X[i]
+||	STW	$X0,*$Xib++
+	XOR	$t1a,$S0,$S0			; Sigma0(a)
+||	XOR	$t1e,$S1,$S1			; Sigma1(e)
+||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
+||	MV	$X0,$X15
+||	ROTL	$G,0,$H				; h = g
+||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
+	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
+||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
+||	MV	$F,$G				; g = f
+||	MV	$Xn,$X0				; modulo-scheduled
+||	LDW	*++$Xia,$X9			; modulo-scheduled
+||	ROTL	$X1,25,$t0e			; module-scheduled
+||	ROTL	$X14,15,$t0a			; modulo-scheduled
+	ROTL	$X1,14,$t1e			; modulo-scheduled
+||	ROTL	$X14,13,$t1a			; modulo-scheduled
+||	MV	$E,$F				; f = e
+||	ADD	$D,$T1,$E			; e = d + T1
+||	MV	$C,$D				; d = c
+||	MV	$B,$C				; c = b
+	MV	$A,$B				; b = a
+||	ADD	$T1,$T2,$A			; a = T1 + T2
+||	SHRU	$X1,3,$s0			; modulo-scheduled
+||	SHRU	$X14,10,$s1			; modulo-scheduled
+	SPKERNEL
+
+   [A0]	B	outerloop?
+|| [A0]	LDNW	*$INP++,$Xn			; pre-fetch input
+|| [A0]	ADDK	-260,$K256			; rewind K256
+||	ADD	$Actx,$A,$A			; accumulate ctx
+||	ADD	$Ectx,$E,$E
+||	ADD	$Bctx,$B,$B
+	ADD	$Fctx,$F,$F
+||	ADD	$Cctx,$C,$C
+||	ADD	$Gctx,$G,$G
+||	ADD	$Dctx,$D,$D
+||	ADD	$Hctx,$H,$H
+|| [A0]	LDW	*$K256++,$K			; pre-fetch K256[0]
+
+  [!A0]	BNOP	RA
+||[!A0]	MV	$CTXA,$CTXB
+  [!A0]	MV	FP,SP				; restore stack pointer
+||[!A0]	LDW	*FP[0],FP			; restore frame pointer
+  [!A0]	STW	$A,*${CTXA}[0]  		; save ctx
+||[!A0]	STW	$E,*${CTXB}[4]
+||[!A0]	MVK	0,B0
+  [!A0]	STW	$B,*${CTXA}[1]
+||[!A0]	STW	$F,*${CTXB}[5]
+||[!A0]	MVC	B0,AMR				; clear AMR
+	STW	$C,*${CTXA}[2]
+||	STW	$G,*${CTXB}[6]
+	STW	$D,*${CTXA}[3]
+||	STW	$H,*${CTXB}[7]
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	128
+K256:
+	.uword	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.uword	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.uword	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.uword	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.uword	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.uword	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.uword	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.uword	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.uword	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.uword	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.uword	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.uword	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.uword	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.uword	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.uword	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.uword	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+	.cstring "SHA256 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha256-mb-x86_64.pl b/openssl-1.1.0h/crypto/sha/asm/sha256-mb-x86_64.pl
new file mode 100644
index 0000000..fbcd29f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -0,0 +1,1568 @@
+#! /usr/bin/env perl
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Multi-buffer SHA256 procedure processes n buffers in parallel by
+# placing buffer data to designated lane of SIMD register. n is
+# naturally limited to 4 on pre-AVX2 processors and to 8 on
+# AVX2-capable processors such as Haswell.
+#
+#		this	+aesni(i)	sha256	aesni-sha256	gain(iv)
+# -------------------------------------------------------------------
+# Westmere(ii)	23.3/n	+1.28=7.11(n=4)	12.3	+3.75=16.1	+126%
+# Atom(ii)	38.7/n	+3.93=13.6(n=4)	20.8	+5.69=26.5	+95%
+# Sandy Bridge	(20.5	+5.15=25.7)/n	11.6	13.0		+103%
+# Ivy Bridge	(20.4	+5.14=25.5)/n	10.3	11.6		+82%
+# Haswell(iii)	(21.0	+5.00=26.0)/n	7.80	8.79		+170%
+# Skylake	(18.9	+5.00=23.9)/n	7.70	8.17		+170%
+# Bulldozer	(21.6	+5.76=27.4)/n	13.6	13.7		+100%
+#
+# (i)	multi-block CBC encrypt with 128-bit key;
+# (ii)	(HASH+AES)/n does not apply to Westmere for n>3 and Atom,
+#	because of lower AES-NI instruction throughput, nor is there
+#	AES-NI-SHA256 stitch for these processors;
+# (iii)	"this" is for n=8, when we gather twice as much data, result
+#	for n=4 is 20.3+4.44=24.7;
+# (iv)	presented improvement coefficients are asymptotic limits and
+#	in real-life application are somewhat lower, e.g. for 2KB 
+#	fragments they range from 75% to 130% (on Haswell);
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+$avx=0;
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+# void sha256_multi_block (
+#     struct {	unsigned int A[8];
+#		unsigned int B[8];
+#		unsigned int C[8];
+#		unsigned int D[8];
+#		unsigned int E[8];
+#		unsigned int F[8];
+#		unsigned int G[8];
+#		unsigned int H[8];	} *ctx,
+#     struct {	void *ptr; int blocks;	} inp[8],
+#     int num);		/* 1 or 2 */
+#
+$ctx="%rdi";	# 1st arg
+$inp="%rsi";	# 2nd arg
+$num="%edx";	# 3rd arg
+@ptr=map("%r$_",(8..11));
+$Tbl="%rbp";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%xmm$_",(8..15));
+($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7));
+
+$REG_SZ=16;
+
+sub Xi_off {
+my $off = shift;
+
+    $off %= 16; $off *= $REG_SZ;
+    $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)";
+}
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+$code.=<<___ if ($i<15);
+	movd		`4*$i`(@ptr[0]),$Xi
+	movd		`4*$i`(@ptr[1]),$t1
+	movd		`4*$i`(@ptr[2]),$t2
+	movd		`4*$i`(@ptr[3]),$t3
+	punpckldq	$t2,$Xi
+	punpckldq	$t3,$t1
+	punpckldq	$t1,$Xi
+___
+$code.=<<___ if ($i==15);
+	movd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	movd		`4*$i`(@ptr[1]),$t1
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	movd		`4*$i`(@ptr[2]),$t2
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	movd		`4*$i`(@ptr[3]),$t3
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	punpckldq	$t2,$Xi
+	punpckldq	$t3,$t1
+	punpckldq	$t1,$Xi
+___
+$code.=<<___;
+	movdqa	$e,$sigma
+	`"pshufb	$Xn,$Xi"		if ($i<=15 && ($i&1)==0)`
+	movdqa	$e,$t3
+	`"pshufb	$Xn,$Xi"		if ($i<=15 && ($i&1)==1)`
+	psrld	\$6,$sigma
+	movdqa	$e,$t2
+	pslld	\$7,$t3
+	movdqa	$Xi,`&Xi_off($i)`
+	 paddd	$h,$Xi				# Xi+=h
+
+	psrld	\$11,$t2
+	pxor	$t3,$sigma
+	pslld	\$21-7,$t3
+	 paddd	`32*($i%8)-128`($Tbl),$Xi	# Xi+=K[round]
+	pxor	$t2,$sigma
+
+	psrld	\$25-11,$t2
+	 movdqa	$e,$t1
+	 `"prefetcht0	63(@ptr[0])"		if ($i==15)`
+	pxor	$t3,$sigma
+	 movdqa	$e,$axb				# borrow $axb
+	pslld	\$26-21,$t3
+	 pandn	$g,$t1
+	 pand	$f,$axb
+	pxor	$t2,$sigma
+
+	 `"prefetcht0	63(@ptr[1])"		if ($i==15)`
+	movdqa	$a,$t2
+	pxor	$t3,$sigma			# Sigma1(e)
+	movdqa	$a,$t3
+	psrld	\$2,$t2
+	paddd	$sigma,$Xi			# Xi+=Sigma1(e)
+	 pxor	$axb,$t1			# Ch(e,f,g)
+	 movdqa	$b,$axb
+	movdqa	$a,$sigma
+	pslld	\$10,$t3
+	 pxor	$a,$axb				# a^b, b^c in next round
+
+	 `"prefetcht0	63(@ptr[2])"		if ($i==15)`
+	psrld	\$13,$sigma
+	pxor	$t3,$t2
+	 paddd	$t1,$Xi				# Xi+=Ch(e,f,g)
+	pslld	\$19-10,$t3
+	 pand	$axb,$bxc
+	pxor	$sigma,$t2
+
+	 `"prefetcht0	63(@ptr[3])"		if ($i==15)`
+	psrld	\$22-13,$sigma
+	pxor	$t3,$t2
+	 movdqa	$b,$h
+	pslld	\$30-19,$t3
+	pxor	$t2,$sigma
+	 pxor	$bxc,$h				# h=Maj(a,b,c)=Ch(a^b,c,b)
+	 paddd	$Xi,$d				# d+=Xi
+	pxor	$t3,$sigma			# Sigma0(a)
+
+	paddd	$Xi,$h				# h+=Xi
+	paddd	$sigma,$h			# h+=Sigma0(a)
+___
+$code.=<<___ if (($i%8)==7);
+	lea	`32*8`($Tbl),$Tbl
+___
+	($axb,$bxc)=($bxc,$axb);
+}
+
+sub ROUND_16_XX {
+my $i=shift;
+
+$code.=<<___;
+	movdqa	`&Xi_off($i+1)`,$Xn
+	paddd	`&Xi_off($i+9)`,$Xi		# Xi+=X[i+9]
+
+	movdqa	$Xn,$sigma
+	movdqa	$Xn,$t2
+	psrld	\$3,$sigma
+	movdqa	$Xn,$t3
+
+	psrld	\$7,$t2
+	movdqa	`&Xi_off($i+14)`,$t1
+	pslld	\$14,$t3
+	pxor	$t2,$sigma
+	psrld	\$18-7,$t2
+	movdqa	$t1,$axb			# borrow $axb
+	pxor	$t3,$sigma
+	pslld	\$25-14,$t3
+	pxor	$t2,$sigma
+	psrld	\$10,$t1
+	movdqa	$axb,$t2
+
+	psrld	\$17,$axb
+	pxor	$t3,$sigma			# sigma0(X[i+1])
+	pslld	\$13,$t2
+	 paddd	$sigma,$Xi			# Xi+=sigma0(e)
+	pxor	$axb,$t1
+	psrld	\$19-17,$axb
+	pxor	$t2,$t1
+	pslld	\$15-13,$t2
+	pxor	$axb,$t1
+	pxor	$t2,$t1				# sigma0(X[i+14])
+	paddd	$t1,$Xi				# Xi+=sigma1(X[i+14])
+___
+	&ROUND_00_15($i,@_);
+	($Xi,$Xn)=($Xn,$Xi);
+}
+
+$code.=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+
+.globl	sha256_multi_block
+.type	sha256_multi_block,\@function,3
+.align	32
+sha256_multi_block:
+	mov	OPENSSL_ia32cap_P+4(%rip),%rcx
+	bt	\$61,%rcx			# check SHA bit
+	jc	_shaext_shortcut
+___
+$code.=<<___ if ($avx);
+	test	\$`1<<28`,%ecx
+	jnz	_avx_shortcut
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody:
+	lea	K256+128(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone
+
+	movdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	movdqu	0x20-0x80($ctx),$B
+	movdqu	0x40-0x80($ctx),$C
+	movdqu	0x60-0x80($ctx),$D
+	movdqu	0x80-0x80($ctx),$E
+	movdqu	0xa0-0x80($ctx),$F
+	movdqu	0xc0-0x80($ctx),$G
+	movdqu	0xe0-0x80($ctx),$H
+	movdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop
+
+.align	32
+.Loop:
+	movdqa	$C,$bxc
+	pxor	$B,$bxc				# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	movdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx
+.align	32
+.Loop_16_xx:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx
+
+	mov	\$1,%ecx
+	lea	K256+128(%rip),$Tbl
+
+	movdqa	(%rbx),$sigma			# pull counters
+	cmp	4*0(%rbx),%ecx			# examine counters
+	pxor	$t1,$t1
+	cmovge	$Tbl,@ptr[0]			# cancel input
+	cmp	4*1(%rbx),%ecx
+	movdqa	$sigma,$Xn
+	cmovge	$Tbl,@ptr[1]
+	cmp	4*2(%rbx),%ecx
+	pcmpgtd	$t1,$Xn				# mask value
+	cmovge	$Tbl,@ptr[2]
+	cmp	4*3(%rbx),%ecx
+	paddd	$Xn,$sigma			# counters--
+	cmovge	$Tbl,@ptr[3]
+
+	movdqu	0x00-0x80($ctx),$t1
+	pand	$Xn,$A
+	movdqu	0x20-0x80($ctx),$t2
+	pand	$Xn,$B
+	movdqu	0x40-0x80($ctx),$t3
+	pand	$Xn,$C
+	movdqu	0x60-0x80($ctx),$Xi
+	pand	$Xn,$D
+	paddd	$t1,$A
+	movdqu	0x80-0x80($ctx),$t1
+	pand	$Xn,$E
+	paddd	$t2,$B
+	movdqu	0xa0-0x80($ctx),$t2
+	pand	$Xn,$F
+	paddd	$t3,$C
+	movdqu	0xc0-0x80($ctx),$t3
+	pand	$Xn,$G
+	paddd	$Xi,$D
+	movdqu	0xe0-0x80($ctx),$Xi
+	pand	$Xn,$H
+	paddd	$t1,$E
+	paddd	$t2,$F
+	movdqu	$A,0x00-0x80($ctx)
+	paddd	$t3,$G
+	movdqu	$B,0x20-0x80($ctx)
+	paddd	$Xi,$H
+	movdqu	$C,0x40-0x80($ctx)
+	movdqu	$D,0x60-0x80($ctx)
+	movdqu	$E,0x80-0x80($ctx)
+	movdqu	$F,0xa0-0x80($ctx)
+	movdqu	$G,0xc0-0x80($ctx)
+	movdqu	$H,0xe0-0x80($ctx)
+
+	movdqa	$sigma,(%rbx)			# save counters
+	movdqa	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande
+
+.Ldone:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue:
+	ret
+.size	sha256_multi_block,.-sha256_multi_block
+___
+						{{{
+my ($Wi,$TMP0,$TMP1,$TMPx,$ABEF0,$CDGH0,$ABEF1,$CDGH1)=map("%xmm$_",(0..3,12..15));
+my @MSG0=map("%xmm$_",(4..7));
+my @MSG1=map("%xmm$_",(8..11));
+
+$code.=<<___;
+.type	sha256_multi_block_shaext,\@function,3
+.align	32
+sha256_multi_block_shaext:
+_shaext_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`,%rsp
+	shl	\$1,$num			# we process pair at a time
+	and	\$-256,%rsp
+	lea	0x80($ctx),$ctx			# size optimization
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_shaext:
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	K256_shaext+0x80(%rip),$Tbl
+
+.Loop_grande_shaext:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<2;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	%rsp,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_shaext
+
+	movq		0x00-0x80($ctx),$ABEF0		# A1.A0
+	movq		0x20-0x80($ctx),@MSG0[0]	# B1.B0
+	movq		0x40-0x80($ctx),$CDGH0		# C1.C0
+	movq		0x60-0x80($ctx),@MSG0[1]	# D1.D0
+	movq		0x80-0x80($ctx),@MSG1[0]	# E1.E0
+	movq		0xa0-0x80($ctx),@MSG1[1]	# F1.F0
+	movq		0xc0-0x80($ctx),@MSG1[2]	# G1.G0
+	movq		0xe0-0x80($ctx),@MSG1[3]	# H1.H0
+
+	punpckldq	@MSG0[0],$ABEF0			# B1.A1.B0.A0
+	punpckldq	@MSG0[1],$CDGH0			# D1.C1.D0.C0
+	punpckldq	@MSG1[1],@MSG1[0]		# F1.E1.F0.E0
+	punpckldq	@MSG1[3],@MSG1[2]		# H1.G1.H0.G0
+	movdqa		K256_shaext-0x10(%rip),$TMPx	# byte swap
+
+	movdqa		$ABEF0,$ABEF1
+	movdqa		$CDGH0,$CDGH1
+	punpcklqdq	@MSG1[0],$ABEF0			# F0.E0.B0.A0
+	punpcklqdq	@MSG1[2],$CDGH0			# H0.G0.D0.C0
+	punpckhqdq	@MSG1[0],$ABEF1			# F1.E1.B1.A1
+	punpckhqdq	@MSG1[2],$CDGH1			# H1.G1.D1.C1
+
+	pshufd		\$0b00011011,$ABEF0,$ABEF0
+	pshufd		\$0b00011011,$CDGH0,$CDGH0
+	pshufd		\$0b00011011,$ABEF1,$ABEF1
+	pshufd		\$0b00011011,$CDGH1,$CDGH1
+	jmp		.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu		0x00(@ptr[0]),@MSG0[0]
+	 movdqu		0x00(@ptr[1]),@MSG1[0]
+	movdqu		0x10(@ptr[0]),@MSG0[1]
+	 movdqu		0x10(@ptr[1]),@MSG1[1]
+	movdqu		0x20(@ptr[0]),@MSG0[2]
+	pshufb		$TMPx,@MSG0[0]
+	 movdqu		0x20(@ptr[1]),@MSG1[2]
+	 pshufb		$TMPx,@MSG1[0]
+	movdqu		0x30(@ptr[0]),@MSG0[3]
+	lea		0x40(@ptr[0]),@ptr[0]
+	 movdqu		0x30(@ptr[1]),@MSG1[3]
+	 lea		0x40(@ptr[1]),@ptr[1]
+
+	movdqa		0*16-0x80($Tbl),$Wi
+	pshufb		$TMPx,@MSG0[1]
+	paddd		@MSG0[0],$Wi
+	pxor		$ABEF0,@MSG0[0]		# black magic
+	movdqa		$Wi,$TMP0
+	 movdqa		0*16-0x80($Tbl),$TMP1
+	 pshufb		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	movdqa		$CDGH0,0x50(%rsp)	# offload
+	sha256rnds2	$ABEF0,$CDGH0		# 0-3
+	 pxor		$ABEF1,@MSG1[0]		# black magic
+	 movdqa		$TMP1,$Wi
+	 movdqa		$CDGH1,0x70(%rsp)
+	 sha256rnds2	$ABEF1,$CDGH1		# 0-3
+	pshufd		\$0x0e,$TMP0,$Wi
+	pxor		$ABEF0,@MSG0[0]		# black magic
+	movdqa		$ABEF0,0x40(%rsp)	# offload
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	 pxor		$ABEF1,@MSG1[0]		# black magic
+	 movdqa		$ABEF1,0x60(%rsp)
+	movdqa		1*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	pshufb		$TMPx,@MSG0[2]
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		1*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[1],$TMP1
+	sha256rnds2	$ABEF0,$CDGH0		# 4-7
+	 movdqa		$TMP1,$Wi
+	prefetcht0	127(@ptr[0])
+	pshufb		$TMPx,@MSG0[3]
+	 pshufb		$TMPx,@MSG1[2]
+	 prefetcht0	127(@ptr[1])
+	 sha256rnds2	$ABEF1,$CDGH1		# 4-7
+	pshufd		\$0x0e,$TMP0,$Wi
+	 pshufb		$TMPx,@MSG1[3]
+	sha256msg1	@MSG0[1],@MSG0[0]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		2*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[2],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		2*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[2],$TMP1
+	sha256rnds2	$ABEF0,$CDGH0		# 8-11
+	 sha256msg1	@MSG1[1],@MSG1[0]
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[3],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 8-11
+	pshufd		\$0x0e,$TMP0,$Wi
+	palignr		\$4,@MSG0[2],$TMPx
+	paddd		$TMPx,@MSG0[0]
+	 movdqa		@MSG1[3],$TMPx
+	 palignr	\$4,@MSG1[2],$TMPx
+	sha256msg1	@MSG0[2],@MSG0[1]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		3*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[3],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[2],@MSG1[1]
+
+	movdqa		$TMP0,$Wi
+	 movdqa		3*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[0]
+	 paddd		@MSG1[3],$TMP1
+	sha256msg2	@MSG0[3],@MSG0[0]
+	sha256rnds2	$ABEF0,$CDGH0		# 12-15
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[0],$TMPx
+	palignr		\$4,@MSG0[3],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 12-15
+	 sha256msg2	@MSG1[3],@MSG1[0]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[1]
+	 movdqa		@MSG1[0],$TMPx
+	 palignr	\$4,@MSG1[3],$TMPx
+	sha256msg1	@MSG0[3],@MSG0[2]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		4*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[0],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[3],@MSG1[2]
+___
+for($i=4;$i<16-3;$i++) {
+$code.=<<___;
+	movdqa		$TMP0,$Wi
+	 movdqa		$i*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	sha256msg2	@MSG0[0],@MSG0[1]
+	sha256rnds2	$ABEF0,$CDGH0		# 16-19...
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[1],$TMPx
+	palignr		\$4,@MSG0[0],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 16-19...
+	 sha256msg2	@MSG1[0],@MSG1[1]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[2]
+	 movdqa		@MSG1[1],$TMPx
+	 palignr	\$4,@MSG1[0],$TMPx
+	sha256msg1	@MSG0[0],@MSG0[3]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		`($i+1)*16`-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+	 sha256msg1	@MSG1[0],@MSG1[3]
+___
+	push(@MSG0,shift(@MSG0));	push(@MSG1,shift(@MSG1));
+}
+$code.=<<___;
+	movdqa		$TMP0,$Wi
+	 movdqa		13*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[1]
+	 paddd		@MSG1[0],$TMP1
+	sha256msg2	@MSG0[0],@MSG0[1]
+	sha256rnds2	$ABEF0,$CDGH0		# 52-55
+	 movdqa		$TMP1,$Wi
+	movdqa		@MSG0[1],$TMPx
+	palignr		\$4,@MSG0[0],$TMPx
+	 sha256rnds2	$ABEF1,$CDGH1		# 52-55
+	 sha256msg2	@MSG1[0],@MSG1[1]
+	pshufd		\$0x0e,$TMP0,$Wi
+	paddd		$TMPx,@MSG0[2]
+	 movdqa		@MSG1[1],$TMPx
+	 palignr	\$4,@MSG1[0],$TMPx
+	nop
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	movdqa		14*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[1],$TMP0
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	 movdqa		14*16-0x80($Tbl),$TMP1
+	 paddd		$TMPx,@MSG1[2]
+	 paddd		@MSG1[1],$TMP1
+	sha256msg2	@MSG0[1],@MSG0[2]
+	nop
+	sha256rnds2	$ABEF0,$CDGH0		# 56-59
+	 movdqa		$TMP1,$Wi
+	  mov		\$1,%ecx
+	  pxor		@MSG0[1],@MSG0[1]	# zero
+	 sha256rnds2	$ABEF1,$CDGH1		# 56-59
+	 sha256msg2	@MSG1[1],@MSG1[2]
+	pshufd		\$0x0e,$TMP0,$Wi
+	movdqa		15*16-0x80($Tbl),$TMP0
+	paddd		@MSG0[2],$TMP0
+	  movq		(%rbx),@MSG0[2]		# pull counters
+	  nop
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	 movdqa		15*16-0x80($Tbl),$TMP1
+	 paddd		@MSG1[2],$TMP1
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	movdqa		$TMP0,$Wi
+	  cmp		4*0(%rbx),%ecx		# examine counters
+	  cmovge	%rsp,@ptr[0]		# cancel input
+	  cmp		4*1(%rbx),%ecx
+	  cmovge	%rsp,@ptr[1]
+	  pshufd	\$0x00,@MSG0[2],@MSG1[0]
+	sha256rnds2	$ABEF0,$CDGH0		# 60-63
+	 movdqa		$TMP1,$Wi
+	  pshufd	\$0x55,@MSG0[2],@MSG1[1]
+	  movdqa	@MSG0[2],@MSG1[2]
+	 sha256rnds2	$ABEF1,$CDGH1		# 60-63
+	pshufd		\$0x0e,$TMP0,$Wi
+	  pcmpgtd	@MSG0[1],@MSG1[0]
+	  pcmpgtd	@MSG0[1],@MSG1[1]
+	sha256rnds2	$CDGH0,$ABEF0
+	 pshufd		\$0x0e,$TMP1,$Wi
+	  pcmpgtd	@MSG0[1],@MSG1[2]	# counter mask
+	  movdqa	K256_shaext-0x10(%rip),$TMPx
+	 sha256rnds2	$CDGH1,$ABEF1
+
+	pand		@MSG1[0],$CDGH0
+	 pand		@MSG1[1],$CDGH1
+	pand		@MSG1[0],$ABEF0
+	 pand		@MSG1[1],$ABEF1
+	paddd		@MSG0[2],@MSG1[2]	# counters--
+
+	paddd		0x50(%rsp),$CDGH0
+	 paddd		0x70(%rsp),$CDGH1
+	paddd		0x40(%rsp),$ABEF0
+	 paddd		0x60(%rsp),$ABEF1
+
+	movq		@MSG1[2],(%rbx)		# save counters
+	dec		$num
+	jnz		.Loop_shaext
+
+	mov		`$REG_SZ*17+8`(%rsp),$num
+
+	pshufd		\$0b00011011,$ABEF0,$ABEF0
+	pshufd		\$0b00011011,$CDGH0,$CDGH0
+	pshufd		\$0b00011011,$ABEF1,$ABEF1
+	pshufd		\$0b00011011,$CDGH1,$CDGH1
+
+	movdqa		$ABEF0,@MSG0[0]
+	movdqa		$CDGH0,@MSG0[1]
+	punpckldq	$ABEF1,$ABEF0			# B1.B0.A1.A0
+	punpckhdq	$ABEF1,@MSG0[0]			# F1.F0.E1.E0
+	punpckldq	$CDGH1,$CDGH0			# D1.D0.C1.C0
+	punpckhdq	$CDGH1,@MSG0[1]			# H1.H0.G1.G0
+
+	movq		$ABEF0,0x00-0x80($ctx)		# A1.A0
+	psrldq		\$8,$ABEF0
+	movq		@MSG0[0],0x80-0x80($ctx)	# E1.E0
+	psrldq		\$8,@MSG0[0]
+	movq		$ABEF0,0x20-0x80($ctx)		# B1.B0
+	movq		@MSG0[0],0xa0-0x80($ctx)	# F1.F0
+
+	movq		$CDGH0,0x40-0x80($ctx)		# C1.C0
+	psrldq		\$8,$CDGH0
+	movq		@MSG0[1],0xc0-0x80($ctx)	# G1.G0
+	psrldq		\$8,@MSG0[1]
+	movq		$CDGH0,0x60-0x80($ctx)		# D1.D0
+	movq		@MSG0[1],0xe0-0x80($ctx)	# H1.H0
+
+	lea	`$REG_SZ/2`($ctx),$ctx
+	lea	`16*2`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+	#mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_shaext:
+	ret
+.size	sha256_multi_block_shaext,.-sha256_multi_block_shaext
+___
+						}}}
+						if ($avx) {{{
+sub ROUND_00_15_avx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+$code.=<<___ if ($i<15 && $REG_SZ==16);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	vmovd		`4*$i`(@ptr[1]),$t1
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t1,$t1
+	vpunpckldq	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i==15 && $REG_SZ==16);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		`4*$i`(@ptr[1]),$t1
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t1,$t1
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i<15 && $REG_SZ==32);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	vmovd		`4*$i`(@ptr[4]),$t1
+	vmovd		`4*$i`(@ptr[1]),$t2
+	vmovd		`4*$i`(@ptr[5]),$t3
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[6]),$t1,$t1
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t2,$t2
+	vpunpckldq	$t2,$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[7]),$t3,$t3
+	vpunpckldq	$t3,$t1,$t1
+	vinserti128	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___ if ($i==15 && $REG_SZ==32);
+	vmovd		`4*$i`(@ptr[0]),$Xi
+	 lea		`16*4`(@ptr[0]),@ptr[0]
+	vmovd		`4*$i`(@ptr[4]),$t1
+	 lea		`16*4`(@ptr[4]),@ptr[4]
+	vmovd		`4*$i`(@ptr[1]),$t2
+	 lea		`16*4`(@ptr[1]),@ptr[1]
+	vmovd		`4*$i`(@ptr[5]),$t3
+	 lea		`16*4`(@ptr[5]),@ptr[5]
+	vpinsrd		\$1,`4*$i`(@ptr[2]),$Xi,$Xi
+	 lea		`16*4`(@ptr[2]),@ptr[2]
+	vpinsrd		\$1,`4*$i`(@ptr[6]),$t1,$t1
+	 lea		`16*4`(@ptr[6]),@ptr[6]
+	vpinsrd		\$1,`4*$i`(@ptr[3]),$t2,$t2
+	 lea		`16*4`(@ptr[3]),@ptr[3]
+	vpunpckldq	$t2,$Xi,$Xi
+	vpinsrd		\$1,`4*$i`(@ptr[7]),$t3,$t3
+	 lea		`16*4`(@ptr[7]),@ptr[7]
+	vpunpckldq	$t3,$t1,$t1
+	vinserti128	$t1,$Xi,$Xi
+	vpshufb		$Xn,$Xi,$Xi
+___
+$code.=<<___;
+	vpsrld	\$6,$e,$sigma
+	vpslld	\$26,$e,$t3
+	vmovdqu	$Xi,`&Xi_off($i)`
+	 vpaddd	$h,$Xi,$Xi			# Xi+=h
+
+	vpsrld	\$11,$e,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$21,$e,$t3
+	 vpaddd	`32*($i%8)-128`($Tbl),$Xi,$Xi	# Xi+=K[round]
+	vpxor	$t2,$sigma,$sigma
+
+	vpsrld	\$25,$e,$t2
+	vpxor	$t3,$sigma,$sigma
+	 `"prefetcht0	63(@ptr[0])"		if ($i==15)`
+	vpslld	\$7,$e,$t3
+	 vpandn	$g,$e,$t1
+	 vpand	$f,$e,$axb			# borrow $axb
+	 `"prefetcht0	63(@ptr[1])"		if ($i==15)`
+	vpxor	$t2,$sigma,$sigma
+
+	vpsrld	\$2,$a,$h			# borrow $h
+	vpxor	$t3,$sigma,$sigma		# Sigma1(e)
+	 `"prefetcht0	63(@ptr[2])"		if ($i==15)`
+	vpslld	\$30,$a,$t2
+	 vpxor	$axb,$t1,$t1			# Ch(e,f,g)
+	 vpxor	$a,$b,$axb			# a^b, b^c in next round
+	 `"prefetcht0	63(@ptr[3])"		if ($i==15)`
+	vpxor	$t2,$h,$h
+	vpaddd	$sigma,$Xi,$Xi			# Xi+=Sigma1(e)
+
+	vpsrld	\$13,$a,$t2
+	 `"prefetcht0	63(@ptr[4])"		if ($i==15 && $REG_SZ==32)`
+	vpslld	\$19,$a,$t3
+	 vpaddd	$t1,$Xi,$Xi			# Xi+=Ch(e,f,g)
+	 vpand	$axb,$bxc,$bxc
+	 `"prefetcht0	63(@ptr[5])"		if ($i==15 && $REG_SZ==32)`
+	vpxor	$t2,$h,$sigma
+
+	vpsrld	\$22,$a,$t2
+	vpxor	$t3,$sigma,$sigma
+	 `"prefetcht0	63(@ptr[6])"		if ($i==15 && $REG_SZ==32)`
+	vpslld	\$10,$a,$t3
+	 vpxor	$bxc,$b,$h			# h=Maj(a,b,c)=Ch(a^b,c,b)
+	 vpaddd	$Xi,$d,$d			# d+=Xi
+	 `"prefetcht0	63(@ptr[7])"		if ($i==15 && $REG_SZ==32)`
+	vpxor	$t2,$sigma,$sigma
+	vpxor	$t3,$sigma,$sigma		# Sigma0(a)
+
+	vpaddd	$Xi,$h,$h			# h+=Xi
+	vpaddd	$sigma,$h,$h			# h+=Sigma0(a)
+___
+$code.=<<___ if (($i%8)==7);
+	add	\$`32*8`,$Tbl
+___
+	($axb,$bxc)=($bxc,$axb);
+}
+
+sub ROUND_16_XX_avx {
+my $i=shift;
+
+$code.=<<___;
+	vmovdqu	`&Xi_off($i+1)`,$Xn
+	vpaddd	`&Xi_off($i+9)`,$Xi,$Xi		# Xi+=X[i+9]
+
+	vpsrld	\$3,$Xn,$sigma
+	vpsrld	\$7,$Xn,$t2
+	vpslld	\$25,$Xn,$t3
+	vpxor	$t2,$sigma,$sigma
+	vpsrld	\$18,$Xn,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$14,$Xn,$t3
+	vmovdqu	`&Xi_off($i+14)`,$t1
+	vpsrld	\$10,$t1,$axb			# borrow $axb
+
+	vpxor	$t2,$sigma,$sigma
+	vpsrld	\$17,$t1,$t2
+	vpxor	$t3,$sigma,$sigma		# sigma0(X[i+1])
+	vpslld	\$15,$t1,$t3
+	 vpaddd	$sigma,$Xi,$Xi			# Xi+=sigma0(e)
+	vpxor	$t2,$axb,$sigma
+	vpsrld	\$19,$t1,$t2
+	vpxor	$t3,$sigma,$sigma
+	vpslld	\$13,$t1,$t3
+	vpxor	$t2,$sigma,$sigma
+	vpxor	$t3,$sigma,$sigma		# sigma0(X[i+14])
+	vpaddd	$sigma,$Xi,$Xi			# Xi+=sigma1(X[i+14])
+___
+	&ROUND_00_15_avx($i,@_);
+	($Xi,$Xn)=($Xn,$Xi);
+}
+
+$code.=<<___;
+.type	sha256_multi_block_avx,\@function,3
+.align	32
+sha256_multi_block_avx:
+_avx_shortcut:
+___
+$code.=<<___ if ($avx>1);
+	shr	\$32,%rcx
+	cmp	\$2,$num
+	jb	.Lavx
+	test	\$`1<<5`,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+___
+$code.=<<___;
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,-0x78(%rax)
+	movaps	%xmm11,-0x68(%rax)
+	movaps	%xmm12,-0x58(%rax)
+	movaps	%xmm13,-0x48(%rax)
+	movaps	%xmm14,-0x38(%rax)
+	movaps	%xmm15,-0x28(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_avx:
+	lea	K256+128(%rip),$Tbl
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande_avx:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	test	$num,$num
+	jz	.Ldone_avx
+
+	vmovdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20-0x80($ctx),$B
+	vmovdqu	0x40-0x80($ctx),$C
+	vmovdqu	0x60-0x80($ctx),$D
+	vmovdqu	0x80-0x80($ctx),$E
+	vmovdqu	0xa0-0x80($ctx),$F
+	vmovdqu	0xc0-0x80($ctx),$G
+	vmovdqu	0xe0-0x80($ctx),$H
+	vmovdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+	vpxor	$B,$C,$bxc			# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	vmovdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx_avx
+.align	32
+.Loop_16_xx_avx:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx_avx
+
+	mov	\$1,%ecx
+	lea	K256+128(%rip),$Tbl
+___
+for($i=0;$i<4;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqa	(%rbx),$sigma			# pull counters
+	vpxor	$t1,$t1,$t1
+	vmovdqa	$sigma,$Xn
+	vpcmpgtd $t1,$Xn,$Xn			# mask value
+	vpaddd	$Xn,$sigma,$sigma		# counters--
+
+	vmovdqu	0x00-0x80($ctx),$t1
+	vpand	$Xn,$A,$A
+	vmovdqu	0x20-0x80($ctx),$t2
+	vpand	$Xn,$B,$B
+	vmovdqu	0x40-0x80($ctx),$t3
+	vpand	$Xn,$C,$C
+	vmovdqu	0x60-0x80($ctx),$Xi
+	vpand	$Xn,$D,$D
+	vpaddd	$t1,$A,$A
+	vmovdqu	0x80-0x80($ctx),$t1
+	vpand	$Xn,$E,$E
+	vpaddd	$t2,$B,$B
+	vmovdqu	0xa0-0x80($ctx),$t2
+	vpand	$Xn,$F,$F
+	vpaddd	$t3,$C,$C
+	vmovdqu	0xc0-0x80($ctx),$t3
+	vpand	$Xn,$G,$G
+	vpaddd	$Xi,$D,$D
+	vmovdqu	0xe0-0x80($ctx),$Xi
+	vpand	$Xn,$H,$H
+	vpaddd	$t1,$E,$E
+	vpaddd	$t2,$F,$F
+	vmovdqu	$A,0x00-0x80($ctx)
+	vpaddd	$t3,$G,$G
+	vmovdqu	$B,0x20-0x80($ctx)
+	vpaddd	$Xi,$H,$H
+	vmovdqu	$C,0x40-0x80($ctx)
+	vmovdqu	$D,0x60-0x80($ctx)
+	vmovdqu	$E,0x80-0x80($ctx)
+	vmovdqu	$F,0xa0-0x80($ctx)
+	vmovdqu	$G,0xc0-0x80($ctx)
+	vmovdqu	$H,0xe0-0x80($ctx)
+
+	vmovdqu	$sigma,(%rbx)			# save counters
+	vmovdqu	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop_avx
+
+	mov	`$REG_SZ*17+8`(%rsp),$num
+	lea	$REG_SZ($ctx),$ctx
+	lea	`16*$REG_SZ/4`($inp),$inp
+	dec	$num
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xb8(%rax),%xmm6
+	movaps	-0xa8(%rax),%xmm7
+	movaps	-0x98(%rax),%xmm8
+	movaps	-0x88(%rax),%xmm9
+	movaps	-0x78(%rax),%xmm10
+	movaps	-0x68(%rax),%xmm11
+	movaps	-0x58(%rax),%xmm12
+	movaps	-0x48(%rax),%xmm13
+	movaps	-0x38(%rax),%xmm14
+	movaps	-0x28(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_avx:
+	ret
+.size	sha256_multi_block_avx,.-sha256_multi_block_avx
+___
+						if ($avx>1) {
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+$REG_SZ=32;
+@ptr=map("%r$_",(12..15,8..11));
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%ymm$_",(8..15));
+($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%ymm$_",(0..7));
+
+$code.=<<___;
+.type	sha256_multi_block_avx2,\@function,3
+.align	32
+sha256_multi_block_avx2:
+_avx2_shortcut:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+___
+$code.=<<___ if ($win64);
+	lea	-0xa8(%rsp),%rsp
+	movaps	%xmm6,(%rsp)
+	movaps	%xmm7,0x10(%rsp)
+	movaps	%xmm8,0x20(%rsp)
+	movaps	%xmm9,0x30(%rsp)
+	movaps	%xmm10,0x40(%rsp)
+	movaps	%xmm11,0x50(%rsp)
+	movaps	%xmm12,-0x78(%rax)
+	movaps	%xmm13,-0x68(%rax)
+	movaps	%xmm14,-0x58(%rax)
+	movaps	%xmm15,-0x48(%rax)
+___
+$code.=<<___;
+	sub	\$`$REG_SZ*18`, %rsp
+	and	\$-256,%rsp
+	mov	%rax,`$REG_SZ*17`(%rsp)		# original %rsp
+.Lbody_avx2:
+	lea	K256+128(%rip),$Tbl
+	lea	0x80($ctx),$ctx			# size optimization
+
+.Loop_grande_avx2:
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
+	xor	$num,$num
+	lea	`$REG_SZ*16`(%rsp),%rbx
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	mov	`16*$i+0`($inp),@ptr[$i]	# input pointer
+	mov	`16*$i+8`($inp),%ecx		# number of blocks
+	cmp	$num,%ecx
+	cmovg	%ecx,$num			# find maximum
+	test	%ecx,%ecx
+	mov	%ecx,`4*$i`(%rbx)		# initialize counters
+	cmovle	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqu	0x00-0x80($ctx),$A		# load context
+	 lea	128(%rsp),%rax
+	vmovdqu	0x20-0x80($ctx),$B
+	 lea	256+128(%rsp),%rbx
+	vmovdqu	0x40-0x80($ctx),$C
+	vmovdqu	0x60-0x80($ctx),$D
+	vmovdqu	0x80-0x80($ctx),$E
+	vmovdqu	0xa0-0x80($ctx),$F
+	vmovdqu	0xc0-0x80($ctx),$G
+	vmovdqu	0xe0-0x80($ctx),$H
+	vmovdqu	.Lpbswap(%rip),$Xn
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	vpxor	$B,$C,$bxc			# magic seed
+___
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	vmovdqu	`&Xi_off($i)`,$Xi
+	mov	\$3,%ecx
+	jmp	.Loop_16_xx_avx2
+.align	32
+.Loop_16_xx_avx2:
+___
+for(;$i<32;$i++)	{ &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	dec	%ecx
+	jnz	.Loop_16_xx_avx2
+
+	mov	\$1,%ecx
+	lea	`$REG_SZ*16`(%rsp),%rbx
+	lea	K256+128(%rip),$Tbl
+___
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	cmp	`4*$i`(%rbx),%ecx		# examine counters
+	cmovge	$Tbl,@ptr[$i]			# cancel input
+___
+}
+$code.=<<___;
+	vmovdqa	(%rbx),$sigma			# pull counters
+	vpxor	$t1,$t1,$t1
+	vmovdqa	$sigma,$Xn
+	vpcmpgtd $t1,$Xn,$Xn			# mask value
+	vpaddd	$Xn,$sigma,$sigma		# counters--
+
+	vmovdqu	0x00-0x80($ctx),$t1
+	vpand	$Xn,$A,$A
+	vmovdqu	0x20-0x80($ctx),$t2
+	vpand	$Xn,$B,$B
+	vmovdqu	0x40-0x80($ctx),$t3
+	vpand	$Xn,$C,$C
+	vmovdqu	0x60-0x80($ctx),$Xi
+	vpand	$Xn,$D,$D
+	vpaddd	$t1,$A,$A
+	vmovdqu	0x80-0x80($ctx),$t1
+	vpand	$Xn,$E,$E
+	vpaddd	$t2,$B,$B
+	vmovdqu	0xa0-0x80($ctx),$t2
+	vpand	$Xn,$F,$F
+	vpaddd	$t3,$C,$C
+	vmovdqu	0xc0-0x80($ctx),$t3
+	vpand	$Xn,$G,$G
+	vpaddd	$Xi,$D,$D
+	vmovdqu	0xe0-0x80($ctx),$Xi
+	vpand	$Xn,$H,$H
+	vpaddd	$t1,$E,$E
+	vpaddd	$t2,$F,$F
+	vmovdqu	$A,0x00-0x80($ctx)
+	vpaddd	$t3,$G,$G
+	vmovdqu	$B,0x20-0x80($ctx)
+	vpaddd	$Xi,$H,$H
+	vmovdqu	$C,0x40-0x80($ctx)
+	vmovdqu	$D,0x60-0x80($ctx)
+	vmovdqu	$E,0x80-0x80($ctx)
+	vmovdqu	$F,0xa0-0x80($ctx)
+	vmovdqu	$G,0xc0-0x80($ctx)
+	vmovdqu	$H,0xe0-0x80($ctx)
+
+	vmovdqu	$sigma,(%rbx)			# save counters
+	lea	256+128(%rsp),%rbx
+	vmovdqu	.Lpbswap(%rip),$Xn
+	dec	$num
+	jnz	.Loop_avx2
+
+	#mov	`$REG_SZ*17+8`(%rsp),$num
+	#lea	$REG_SZ($ctx),$ctx
+	#lea	`16*$REG_SZ/4`($inp),$inp
+	#dec	$num
+	#jnz	.Loop_grande_avx2
+
+.Ldone_avx2:
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	-0xd8(%rax),%xmm6
+	movaps	-0xc8(%rax),%xmm7
+	movaps	-0xb8(%rax),%xmm8
+	movaps	-0xa8(%rax),%xmm9
+	movaps	-0x98(%rax),%xmm10
+	movaps	-0x88(%rax),%xmm11
+	movaps	-0x78(%rax),%xmm12
+	movaps	-0x68(%rax),%xmm13
+	movaps	-0x58(%rax),%xmm14
+	movaps	-0x48(%rax),%xmm15
+___
+$code.=<<___;
+	mov	-48(%rax),%r15
+	mov	-40(%rax),%r14
+	mov	-32(%rax),%r13
+	mov	-24(%rax),%r12
+	mov	-16(%rax),%rbp
+	mov	-8(%rax),%rbx
+	lea	(%rax),%rsp
+.Lepilogue_avx2:
+	ret
+.size	sha256_multi_block_avx2,.-sha256_multi_block_avx2
+___
+					}	}}}
+$code.=<<___;
+.align	256
+K256:
+___
+sub TABLE {
+    foreach (@_) {
+	$code.=<<___;
+	.long	$_,$_,$_,$_
+	.long	$_,$_,$_,$_
+___
+    }
+}
+&TABLE(	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
+	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
+	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
+	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
+	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
+	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
+	0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
+	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
+	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 );
+$code.=<<___;
+.Lpbswap:
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap
+K256_shaext:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.asciz	"SHA256 multi-block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+if ($win64) {
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<.Lbody
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	`16*17`(%rax),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+
+	lea	-24-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+$code.=<<___ if ($avx>1);
+.type	avx2_handler,\@abi-omnipotent
+.align	16
+avx2_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<body label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+
+	mov	`32*17`($context),%rax	# pull saved stack pointer
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore cotnext->R12
+	mov	%r13,224($context)	# restore cotnext->R13
+	mov	%r14,232($context)	# restore cotnext->R14
+	mov	%r15,240($context)	# restore cotnext->R15
+
+	lea	-56-10*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$20,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	avx2_handler,.-avx2_handler
+___
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_sha256_multi_block
+	.rva	.LSEH_end_sha256_multi_block
+	.rva	.LSEH_info_sha256_multi_block
+	.rva	.LSEH_begin_sha256_multi_block_shaext
+	.rva	.LSEH_end_sha256_multi_block_shaext
+	.rva	.LSEH_info_sha256_multi_block_shaext
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_sha256_multi_block_avx
+	.rva	.LSEH_end_sha256_multi_block_avx
+	.rva	.LSEH_info_sha256_multi_block_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_sha256_multi_block_avx2
+	.rva	.LSEH_end_sha256_multi_block_avx2
+	.rva	.LSEH_info_sha256_multi_block_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_sha256_multi_block:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody,.Lepilogue			# HandlerData[]
+.LSEH_info_sha256_multi_block_shaext:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_shaext,.Lepilogue_shaext		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha256_multi_block_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lbody_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_sha256_multi_block_avx2:
+	.byte	9,0,0,0
+	.rva	avx2_handler
+	.rva	.Lbody_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+####################################################################
+
+sub rex {
+  local *opcode=shift;
+  my ($dst,$src)=@_;
+  my $rex=0;
+
+    $rex|=0x04			if ($dst>=8);
+    $rex|=0x01			if ($src>=8);
+    unshift @opcode,$rex|0x40	if ($rex);
+}
+
+sub sha256op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x0f,0x38);
+	rex(\@opcode,$2,$1);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval($1)/ge;
+
+	s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo		or
+
+	s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go		or
+	s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go	or
+	s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go	or
+	s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go		or
+	s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-586.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-586.pl
new file mode 100644
index 0000000..3873934
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-586.pl
@@ -0,0 +1,924 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 block transform for x86. September 2007.
+#
+# May 2013.
+#
+# Add SSSE3 code path, 20-25% improvement [over original SSE2 code].
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#		gcc	icc	x86 asm	SIMD(*)	x86_64(**)
+# Pentium	100	97	61	-	-
+# PIII		75	77	56	-	-
+# P4		116	95	82	34.6	30.8
+# AMD K8	54	55	36	20.7	9.57
+# Core2		66	57	40	15.9	9.97
+# Westmere	70	-	38	12.2	9.58
+# Sandy Bridge	58	-	35	11.9	11.2
+# Ivy Bridge	50	-	33	11.5	8.17
+# Haswell	46	-	29	11.3	7.66
+# Bulldozer	121	-	50	14.0	13.5
+# VIA Nano	91	-	52	33	14.7
+# Atom		126	-	68	48(***)	14.7
+# Silvermont	97	-	58	42(***)	17.5
+# Goldmont	80	-	48	19.5	12.0
+#
+# (*)	whichever best applicable.
+# (**)	x86_64 assembler performance is presented for reference
+#	purposes, the results are for integer-only code.
+# (***)	paddq is increadibly slow on Atom.
+#
+# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
+# performance improvement over compiler generated code reaches ~60%,
+# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
+# to 50%, but it's less important as they are expected to execute SSE2
+# code-path, which is commonly ~2-3x faster [than compiler generated
+# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
+# though it does not use 128-bit operations. The latter means that
+# SSE2-aware kernel is no longer required to execute the code. Another
+# difference is that new code optimizes amount of writes, but at the
+# cost of increased data cache "footprint" by 1/2KB.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+$Tlo=&DWP(0,"esp");	$Thi=&DWP(4,"esp");
+$Alo=&DWP(8,"esp");	$Ahi=&DWP(8+4,"esp");
+$Blo=&DWP(16,"esp");	$Bhi=&DWP(16+4,"esp");
+$Clo=&DWP(24,"esp");	$Chi=&DWP(24+4,"esp");
+$Dlo=&DWP(32,"esp");	$Dhi=&DWP(32+4,"esp");
+$Elo=&DWP(40,"esp");	$Ehi=&DWP(40+4,"esp");
+$Flo=&DWP(48,"esp");	$Fhi=&DWP(48+4,"esp");
+$Glo=&DWP(56,"esp");	$Ghi=&DWP(56+4,"esp");
+$Hlo=&DWP(64,"esp");	$Hhi=&DWP(64+4,"esp");
+$K512="ebp";
+
+$Asse2=&QWP(0,"esp");
+$Bsse2=&QWP(8,"esp");
+$Csse2=&QWP(16,"esp");
+$Dsse2=&QWP(24,"esp");
+$Esse2=&QWP(32,"esp");
+$Fsse2=&QWP(40,"esp");
+$Gsse2=&QWP(48,"esp");
+$Hsse2=&QWP(56,"esp");
+
+$A="mm0";	# B-D and
+$E="mm4";	# F-H are commonly loaded to respectively mm1-mm3 and
+		# mm5-mm7, but it's done on on-demand basis...
+$BxC="mm2";	# ... except for B^C
+
+sub BODY_00_15_sse2 {
+    my $phase=shift;
+
+	#&movq	("mm5",$Fsse2);			# load f
+	#&movq	("mm6",$Gsse2);			# load g
+
+	&movq	("mm1",$E);			# %mm1 is sliding right
+	 &pxor	("mm5","mm6");			# f^=g
+	&psrlq	("mm1",14);
+	 &movq	($Esse2,$E);			# modulo-scheduled save e
+	 &pand	("mm5",$E);			# f&=e
+	&psllq	($E,23);			# $E is sliding left
+	 &movq	($A,"mm3")			if ($phase<2);
+	 &movq	(&QWP(8*9,"esp"),"mm7")		# save X[i]
+	&movq	("mm3","mm1");			# %mm3 is T1
+	 &psrlq	("mm1",4);
+	 &pxor	("mm5","mm6");			# Ch(e,f,g)
+	&pxor	("mm3",$E);
+	 &psllq	($E,23);
+	&pxor	("mm3","mm1");
+	 &movq	($Asse2,$A);			# modulo-scheduled save a
+	 &paddq	("mm7","mm5");			# X[i]+=Ch(e,f,g)
+	&pxor	("mm3",$E);
+	 &psrlq	("mm1",23);
+	 &paddq	("mm7",$Hsse2);			# X[i]+=h
+	&pxor	("mm3","mm1");
+	 &psllq	($E,4);
+	 &paddq	("mm7",QWP(0,$K512));		# X[i]+=K512[i]
+	&pxor	("mm3",$E);			# T1=Sigma1_512(e)
+
+	 &movq	($E,$Dsse2);			# e = load d, e in next round
+	&paddq	("mm3","mm7");			# T1+=X[i]
+	 &movq	("mm5",$A);			# %mm5 is sliding right
+	 &psrlq	("mm5",28);
+	&paddq	($E,"mm3");			# d += T1
+	 &movq	("mm6",$A);			# %mm6 is sliding left
+	 &movq	("mm7","mm5");
+	 &psllq	("mm6",25);
+	&movq	("mm1",$Bsse2);			# load b
+	 &psrlq	("mm5",6);
+	 &pxor	("mm7","mm6");
+	&sub	("esp",8);
+	 &psllq	("mm6",5);
+	 &pxor	("mm7","mm5");
+	&pxor	($A,"mm1");			# a^b, b^c in next round
+	 &psrlq	("mm5",5);
+	 &pxor	("mm7","mm6");
+	&pand	($BxC,$A);			# (b^c)&(a^b)
+	 &psllq	("mm6",6);
+	 &pxor	("mm7","mm5");
+	&pxor	($BxC,"mm1");			# [h=]Maj(a,b,c)
+	 &pxor	("mm6","mm7");			# Sigma0_512(a)
+	 &movq	("mm7",&QWP(8*(9+16-1),"esp"))	if ($phase!=0);	# pre-fetch
+	 &movq	("mm5",$Fsse2)			if ($phase==0);	# load f
+
+    if ($phase>1) {
+	&paddq	($BxC,"mm6");			# h+=Sigma0(a)
+	 &add	($K512,8);
+	#&paddq	($BxC,"mm3");			# h+=T1
+
+	($A,$BxC) = ($BxC,$A);			# rotate registers
+    } else {
+	&paddq	("mm3",$BxC);			# T1+=Maj(a,b,c)
+	 &movq	($BxC,$A);
+	 &add	($K512,8);
+	&paddq	("mm3","mm6");			# T1+=Sigma0(a)
+	 &movq	("mm6",$Gsse2)			if ($phase==0);	# load g
+	#&movq	($A,"mm3");			# h=T1
+    }
+}
+
+sub BODY_00_15_x86 {
+	#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+	#	LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+	#	HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+	&mov	("ecx",$Elo);
+	&mov	("edx",$Ehi);
+	&mov	("esi","ecx");
+
+	&shr	("ecx",9);	# lo>>9
+	&mov	("edi","edx");
+	&shr	("edx",9);	# hi>>9
+	&mov	("ebx","ecx");
+	&shl	("esi",14);	# lo<<14
+	&mov	("eax","edx");
+	&shl	("edi",14);	# hi<<14
+	&xor	("ebx","esi");
+
+	&shr	("ecx",14-9);	# lo>>14
+	&xor	("eax","edi");
+	&shr	("edx",14-9);	# hi>>14
+	&xor	("eax","ecx");
+	&shl	("esi",18-14);	# lo<<18
+	&xor	("ebx","edx");
+	&shl	("edi",18-14);	# hi<<18
+	&xor	("ebx","esi");
+
+	&shr	("ecx",18-14);	# lo>>18
+	&xor	("eax","edi");
+	&shr	("edx",18-14);	# hi>>18
+	&xor	("eax","ecx");
+	&shl	("esi",23-18);	# lo<<23
+	&xor	("ebx","edx");
+	&shl	("edi",23-18);	# hi<<23
+	&xor	("eax","esi");
+	&xor	("ebx","edi");			# T1 = Sigma1(e)
+
+	&mov	("ecx",$Flo);
+	&mov	("edx",$Fhi);
+	&mov	("esi",$Glo);
+	&mov	("edi",$Ghi);
+	 &add	("eax",$Hlo);
+	 &adc	("ebx",$Hhi);			# T1 += h
+	&xor	("ecx","esi");
+	&xor	("edx","edi");
+	&and	("ecx",$Elo);
+	&and	("edx",$Ehi);
+	 &add	("eax",&DWP(8*(9+15)+0,"esp"));
+	 &adc	("ebx",&DWP(8*(9+15)+4,"esp"));	# T1 += X[0]
+	&xor	("ecx","esi");
+	&xor	("edx","edi");			# Ch(e,f,g) = (f^g)&e)^g
+
+	&mov	("esi",&DWP(0,$K512));
+	&mov	("edi",&DWP(4,$K512));		# K[i]
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += Ch(e,f,g)
+	&mov	("ecx",$Dlo);
+	&mov	("edx",$Dhi);
+	&add	("eax","esi");
+	&adc	("ebx","edi");			# T1 += K[i]
+	&mov	($Tlo,"eax");
+	&mov	($Thi,"ebx");			# put T1 away
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# d += T1
+
+	#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+	#	LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+	#	HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+	&mov	("ecx",$Alo);
+	&mov	("edx",$Ahi);
+	&mov	($Dlo,"eax");
+	&mov	($Dhi,"ebx");
+	&mov	("esi","ecx");
+
+	&shr	("ecx",2);	# lo>>2
+	&mov	("edi","edx");
+	&shr	("edx",2);	# hi>>2
+	&mov	("ebx","ecx");
+	&shl	("esi",4);	# lo<<4
+	&mov	("eax","edx");
+	&shl	("edi",4);	# hi<<4
+	&xor	("ebx","esi");
+
+	&shr	("ecx",7-2);	# lo>>7
+	&xor	("eax","edi");
+	&shr	("edx",7-2);	# hi>>7
+	&xor	("ebx","ecx");
+	&shl	("esi",25-4);	# lo<<25
+	&xor	("eax","edx");
+	&shl	("edi",25-4);	# hi<<25
+	&xor	("eax","esi");
+
+	&shr	("ecx",28-7);	# lo>>28
+	&xor	("ebx","edi");
+	&shr	("edx",28-7);	# hi>>28
+	&xor	("eax","ecx");
+	&shl	("esi",30-25);	# lo<<30
+	&xor	("ebx","edx");
+	&shl	("edi",30-25);	# hi<<30
+	&xor	("eax","esi");
+	&xor	("ebx","edi");			# Sigma0(a)
+
+	&mov	("ecx",$Alo);
+	&mov	("edx",$Ahi);
+	&mov	("esi",$Blo);
+	&mov	("edi",$Bhi);
+	&add	("eax",$Tlo);
+	&adc	("ebx",$Thi);			# T1 = Sigma0(a)+T1
+	&or	("ecx","esi");
+	&or	("edx","edi");
+	&and	("ecx",$Clo);
+	&and	("edx",$Chi);
+	&and	("esi",$Alo);
+	&and	("edi",$Ahi);
+	&or	("ecx","esi");
+	&or	("edx","edi");			# Maj(a,b,c) = ((a|b)&c)|(a&b)
+
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += Maj(a,b,c)
+	&mov	($Tlo,"eax");
+	&mov	($Thi,"ebx");
+
+	&mov	(&LB("edx"),&BP(0,$K512));	# pre-fetch LSB of *K
+	&sub	("esp",8);
+	&lea	($K512,&DWP(8,$K512));		# K++
+}
+
+
+&function_begin("sha512_block_data_order");
+	&mov	("esi",wparam(0));	# ctx
+	&mov	("edi",wparam(1));	# inp
+	&mov	("eax",wparam(2));	# num
+	&mov	("ebx","esp");		# saved sp
+
+	&call	(&label("pic_point"));	# make it PIC!
+&set_label("pic_point");
+	&blindpop($K512);
+	&lea	($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
+
+	&sub	("esp",16);
+	&and	("esp",-64);
+
+	&shl	("eax",7);
+	&add	("eax","edi");
+	&mov	(&DWP(0,"esp"),"esi");	# ctx
+	&mov	(&DWP(4,"esp"),"edi");	# inp
+	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
+	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
+
+if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512"));
+	&mov	("ecx",&DWP(0,"edx"));
+	&test	("ecx",1<<26);
+	&jz	(&label("loop_x86"));
+
+	&mov	("edx",&DWP(4,"edx"));
+
+	# load ctx->h[0-7]
+	&movq	($A,&QWP(0,"esi"));
+	 &and	("ecx",1<<24);		# XMM registers availability
+	&movq	("mm1",&QWP(8,"esi"));
+	 &and	("edx",1<<9);		# SSSE3 bit
+	&movq	($BxC,&QWP(16,"esi"));
+	 &or	("ecx","edx");
+	&movq	("mm3",&QWP(24,"esi"));
+	&movq	($E,&QWP(32,"esi"));
+	&movq	("mm5",&QWP(40,"esi"));
+	&movq	("mm6",&QWP(48,"esi"));
+	&movq	("mm7",&QWP(56,"esi"));
+	&cmp	("ecx",1<<24|1<<9);
+	&je	(&label("SSSE3"));
+	&sub	("esp",8*10);
+	&jmp	(&label("loop_sse2"));
+
+&set_label("loop_sse2",16);
+	#&movq	($Asse2,$A);
+	&movq	($Bsse2,"mm1");
+	&movq	($Csse2,$BxC);
+	&movq	($Dsse2,"mm3");
+	#&movq	($Esse2,$E);
+	&movq	($Fsse2,"mm5");
+	&movq	($Gsse2,"mm6");
+	&pxor	($BxC,"mm1");			# magic
+	&movq	($Hsse2,"mm7");
+	&movq	("mm3",$A);			# magic
+
+	&mov	("eax",&DWP(0,"edi"));
+	&mov	("ebx",&DWP(4,"edi"));
+	&add	("edi",8);
+	&mov	("edx",15);			# counter
+	&bswap	("eax");
+	&bswap	("ebx");
+	&jmp	(&label("00_14_sse2"));
+
+&set_label("00_14_sse2",16);
+	&movd	("mm1","eax");
+	&mov	("eax",&DWP(0,"edi"));
+	&movd	("mm7","ebx");
+	&mov	("ebx",&DWP(4,"edi"));
+	&add	("edi",8);
+	&bswap	("eax");
+	&bswap	("ebx");
+	&punpckldq("mm7","mm1");
+
+	&BODY_00_15_sse2();
+
+	&dec	("edx");
+	&jnz	(&label("00_14_sse2"));
+
+	&movd	("mm1","eax");
+	&movd	("mm7","ebx");
+	&punpckldq("mm7","mm1");
+
+	&BODY_00_15_sse2(1);
+
+	&pxor	($A,$A);			# A is in %mm3
+	&mov	("edx",32);			# counter
+	&jmp	(&label("16_79_sse2"));
+
+&set_label("16_79_sse2",16);
+    for ($j=0;$j<2;$j++) {			# 2x unroll
+	#&movq	("mm7",&QWP(8*(9+16-1),"esp"));	# prefetched in BODY_00_15 
+	&movq	("mm5",&QWP(8*(9+16-14),"esp"));
+	&movq	("mm1","mm7");
+	&psrlq	("mm7",1);
+	 &movq	("mm6","mm5");
+	 &psrlq	("mm5",6);
+	&psllq	("mm1",56);
+	 &paddq	($A,"mm3");			# from BODY_00_15
+	 &movq	("mm3","mm7");
+	&psrlq	("mm7",7-1);
+	 &pxor	("mm3","mm1");
+	 &psllq	("mm1",63-56);
+	&pxor	("mm3","mm7");
+	 &psrlq	("mm7",8-7);
+	&pxor	("mm3","mm1");
+	 &movq	("mm1","mm5");
+	 &psrlq	("mm5",19-6);
+	&pxor	("mm7","mm3");			# sigma0
+
+	 &psllq	("mm6",3);
+	 &pxor	("mm1","mm5");
+	&paddq	("mm7",&QWP(8*(9+16),"esp"));
+	 &pxor	("mm1","mm6");
+	 &psrlq	("mm5",61-19);
+	&paddq	("mm7",&QWP(8*(9+16-9),"esp"));
+	 &pxor	("mm1","mm5");
+	 &psllq	("mm6",45-3);
+	&movq	("mm5",$Fsse2);			# load f
+	 &pxor	("mm1","mm6");			# sigma1
+	&movq	("mm6",$Gsse2);			# load g
+
+	&paddq	("mm7","mm1");			# X[i]
+	#&movq	(&QWP(8*9,"esp"),"mm7");	# moved to BODY_00_15
+
+	&BODY_00_15_sse2(2);
+    }
+	&dec	("edx");
+	&jnz	(&label("16_79_sse2"));
+
+	#&movq	($A,$Asse2);
+	&paddq	($A,"mm3");			# from BODY_00_15
+	&movq	("mm1",$Bsse2);
+	#&movq	($BxC,$Csse2);
+	&movq	("mm3",$Dsse2);
+	#&movq	($E,$Esse2);
+	&movq	("mm5",$Fsse2);
+	&movq	("mm6",$Gsse2);
+	&movq	("mm7",$Hsse2);
+
+	&pxor	($BxC,"mm1");			# de-magic
+	&paddq	($A,&QWP(0,"esi"));
+	&paddq	("mm1",&QWP(8,"esi"));
+	&paddq	($BxC,&QWP(16,"esi"));
+	&paddq	("mm3",&QWP(24,"esi"));
+	&paddq	($E,&QWP(32,"esi"));
+	&paddq	("mm5",&QWP(40,"esi"));
+	&paddq	("mm6",&QWP(48,"esi"));
+	&paddq	("mm7",&QWP(56,"esi"));
+
+	&mov	("eax",8*80);
+	&movq	(&QWP(0,"esi"),$A);
+	&movq	(&QWP(8,"esi"),"mm1");
+	&movq	(&QWP(16,"esi"),$BxC);
+	&movq	(&QWP(24,"esi"),"mm3");
+	&movq	(&QWP(32,"esi"),$E);
+	&movq	(&QWP(40,"esi"),"mm5");
+	&movq	(&QWP(48,"esi"),"mm6");
+	&movq	(&QWP(56,"esi"),"mm7");
+
+	&lea	("esp",&DWP(0,"esp","eax"));	# destroy frame
+	&sub	($K512,"eax");			# rewind K
+
+	&cmp	("edi",&DWP(8*10+8,"esp"));	# are we done yet?
+	&jb	(&label("loop_sse2"));
+
+	&mov	("esp",&DWP(8*10+12,"esp"));	# restore sp
+	&emms	();
+&function_end_A();
+
+&set_label("SSSE3",32);
+{ my ($cnt,$frame)=("ecx","edx");
+  my @X=map("xmm$_",(0..7));
+  my $j;
+  my $i=0;
+
+	&lea	($frame,&DWP(-64,"esp"));
+	&sub	("esp",256);
+
+	# fixed stack frame layout
+	#
+	# +0	A B C D E F G H		# backing store
+	# +64	X[0]+K[i] .. X[15]+K[i]	# XMM->MM xfer area
+	# +192				# XMM off-load ring buffer
+	# +256				# saved parameters
+
+	&movdqa		(@X[1],&QWP(80*8,$K512));		# byte swap mask
+	&movdqu		(@X[0],&QWP(0,"edi"));
+	&pshufb		(@X[0],@X[1]);
+    for ($j=0;$j<8;$j++) {
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3])	if ($j>4); # off-load
+	&movdqa		(@X[3],&QWP(16*($j%8),$K512));
+	&movdqa		(@X[2],@X[1])				if ($j<7); # perpetuate byte swap mask
+	&movdqu		(@X[1],&QWP(16*($j+1),"edi"))		if ($j<7); # next input
+	&movdqa		(@X[1],&QWP(16*(($j+1)%4),$frame))	if ($j==7);# restore @X[0]
+	&paddq		(@X[3],@X[0]);
+	&pshufb		(@X[1],@X[2])				if ($j<7);
+	&movdqa		(&QWP(16*($j%8)-128,$frame),@X[3]);	# xfer X[i]+K[i]
+
+	push(@X,shift(@X));					# rotate(@X)
+    }
+	#&jmp		(&label("loop_ssse3"));
+	&nop		();
+
+&set_label("loop_ssse3",32);
+	&movdqa		(@X[2],&QWP(16*(($j+1)%4),$frame));	# pre-restore @X[1]
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3]);	# off-load @X[3]
+	&lea		($K512,&DWP(16*8,$K512));
+
+	#&movq	($Asse2,$A);			# off-load A-H
+	&movq	($Bsse2,"mm1");
+	 &mov	("ebx","edi");
+	&movq	($Csse2,$BxC);
+	 &lea	("edi",&DWP(128,"edi"));	# advance input
+	&movq	($Dsse2,"mm3");
+	 &cmp	("edi","eax");
+	#&movq	($Esse2,$E);
+	&movq	($Fsse2,"mm5");
+	 &cmovb	("ebx","edi");
+	&movq	($Gsse2,"mm6");
+	 &mov	("ecx",4);			# loop counter
+	&pxor	($BxC,"mm1");			# magic
+	&movq	($Hsse2,"mm7");
+	&pxor	("mm3","mm3");			# magic
+
+	&jmp		(&label("00_47_ssse3"));
+
+sub BODY_00_15_ssse3 {		# "phase-less" copy of BODY_00_15_sse2
+	(
+	'&movq	("mm1",$E)',				# %mm1 is sliding right
+	'&movq	("mm7",&QWP(((-8*$i)%128)-128,$frame))',# X[i]+K[i]
+	 '&pxor	("mm5","mm6")',				# f^=g
+	'&psrlq	("mm1",14)',
+	 '&movq	(&QWP(8*($i+4)%64,"esp"),$E)',		# modulo-scheduled save e
+	 '&pand	("mm5",$E)',				# f&=e
+	'&psllq	($E,23)',				# $E is sliding left
+	'&paddq	($A,"mm3")',				# [h+=Maj(a,b,c)]
+	'&movq	("mm3","mm1")',				# %mm3 is T1
+	 '&psrlq("mm1",4)',
+	 '&pxor	("mm5","mm6")',				# Ch(e,f,g)
+	'&pxor	("mm3",$E)',
+	 '&psllq($E,23)',
+	'&pxor	("mm3","mm1")',
+	 '&movq	(&QWP(8*$i%64,"esp"),$A)',		# modulo-scheduled save a
+	 '&paddq("mm7","mm5")',				# X[i]+=Ch(e,f,g)
+	'&pxor	("mm3",$E)',
+	 '&psrlq("mm1",23)',
+	 '&paddq("mm7",&QWP(8*($i+7)%64,"esp"))',	# X[i]+=h
+	'&pxor	("mm3","mm1")',
+	 '&psllq($E,4)',
+	'&pxor	("mm3",$E)',				# T1=Sigma1_512(e)
+
+	 '&movq	($E,&QWP(8*($i+3)%64,"esp"))',		# e = load d, e in next round
+	'&paddq	("mm3","mm7")',				# T1+=X[i]
+	 '&movq	("mm5",$A)',				# %mm5 is sliding right
+	 '&psrlq("mm5",28)',
+	'&paddq	($E,"mm3")',				# d += T1
+	 '&movq	("mm6",$A)',				# %mm6 is sliding left
+	 '&movq	("mm7","mm5")',
+	 '&psllq("mm6",25)',
+	'&movq	("mm1",&QWP(8*($i+1)%64,"esp"))',	# load b
+	 '&psrlq("mm5",6)',
+	 '&pxor	("mm7","mm6")',
+	 '&psllq("mm6",5)',
+	 '&pxor	("mm7","mm5")',
+	'&pxor	($A,"mm1")',				# a^b, b^c in next round
+	 '&psrlq("mm5",5)',
+	 '&pxor	("mm7","mm6")',
+	'&pand	($BxC,$A)',				# (b^c)&(a^b)
+	 '&psllq("mm6",6)',
+	 '&pxor	("mm7","mm5")',
+	'&pxor	($BxC,"mm1")',				# [h=]Maj(a,b,c)
+	 '&pxor	("mm6","mm7")',				# Sigma0_512(a)
+	 '&movq	("mm5",&QWP(8*($i+5-1)%64,"esp"))',	# pre-load f
+	'&paddq	($BxC,"mm6")',				# h+=Sigma0(a)
+	 '&movq	("mm6",&QWP(8*($i+6-1)%64,"esp"))',	# pre-load g
+
+	'($A,$BxC) = ($BxC,$A); $i--;'
+	);
+}
+
+&set_label("00_47_ssse3",32);
+
+    for(;$j<16;$j++) {
+	my ($t0,$t2,$t1)=@X[2..4];
+	my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3());
+
+	&movdqa		($t2,@X[5]);
+	&movdqa		(@X[1],$t0);			# restore @X[1]
+	&palignr	($t0,@X[0],8);			# X[1..2]
+	&movdqa		(&QWP(16*($j%4),$frame),@X[4]);	# off-load @X[4]
+	 &palignr	($t2,@X[4],8);			# X[9..10]
+
+	&movdqa		($t1,$t0);
+	&psrlq		($t0,7);
+	 &paddq		(@X[0],$t2);			# X[0..1] += X[9..10]
+	&movdqa		($t2,$t1);
+	&psrlq		($t1,1);
+	&psllq		($t2,64-8);
+	&pxor		($t0,$t1);
+	&psrlq		($t1,8-1);
+	&pxor		($t0,$t2);
+	&psllq		($t2,8-1);
+	&pxor		($t0,$t1);
+	 &movdqa	($t1,@X[7]);
+	&pxor		($t0,$t2);			# sigma0(X[1..2])
+	 &movdqa	($t2,@X[7]);
+	 &psrlq		($t1,6);
+	&paddq		(@X[0],$t0);			# X[0..1] += sigma0(X[1..2])
+
+	&movdqa		($t0,@X[7]);
+	&psrlq		($t2,19);
+	&psllq		($t0,64-61);
+	&pxor		($t1,$t2);
+	&psrlq		($t2,61-19);
+	&pxor		($t1,$t0);
+	&psllq		($t0,61-19);
+	&pxor		($t1,$t2);
+	&movdqa		($t2,&QWP(16*(($j+2)%4),$frame));# pre-restore @X[1]
+	&pxor		($t1,$t0);			# sigma0(X[1..2])
+	&movdqa		($t0,&QWP(16*($j%8),$K512));
+	 eval(shift(@insns));
+	&paddq		(@X[0],$t1);			# X[0..1] += sigma0(X[14..15])
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	 eval(shift(@insns));
+	&paddq		($t0,@X[0]);
+	 foreach(@insns) { eval; }
+	&movdqa		(&QWP(16*($j%8)-128,$frame),$t0);# xfer X[i]+K[i]
+
+	push(@X,shift(@X));				# rotate(@X)
+    }
+	&lea		($K512,&DWP(16*8,$K512));
+	&dec		("ecx");
+	&jnz		(&label("00_47_ssse3"));
+
+	&movdqa		(@X[1],&QWP(0,$K512));		# byte swap mask
+	&lea		($K512,&DWP(-80*8,$K512));	# rewind
+	&movdqu		(@X[0],&QWP(0,"ebx"));
+	&pshufb		(@X[0],@X[1]);
+
+    for ($j=0;$j<8;$j++) {	# load next or same block
+	my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3());
+
+	&movdqa		(&QWP(16*(($j-1)%4),$frame),@X[3])	if ($j>4); # off-load
+	&movdqa		(@X[3],&QWP(16*($j%8),$K512));
+	&movdqa		(@X[2],@X[1])				if ($j<7); # perpetuate byte swap mask
+	&movdqu		(@X[1],&QWP(16*($j+1),"ebx"))		if ($j<7); # next input
+	&movdqa		(@X[1],&QWP(16*(($j+1)%4),$frame))	if ($j==7);# restore @X[0]
+	&paddq		(@X[3],@X[0]);
+	&pshufb		(@X[1],@X[2])				if ($j<7);
+	 foreach(@insns) { eval; }
+	&movdqa		(&QWP(16*($j%8)-128,$frame),@X[3]);# xfer X[i]+K[i]
+
+	push(@X,shift(@X));				# rotate(@X)
+    }
+
+	#&movq	($A,$Asse2);			# load A-H
+	&movq	("mm1",$Bsse2);
+	&paddq	($A,"mm3");			# from BODY_00_15
+	#&movq	($BxC,$Csse2);
+	&movq	("mm3",$Dsse2);
+	#&movq	($E,$Esse2);
+	#&movq	("mm5",$Fsse2);
+	#&movq	("mm6",$Gsse2);
+	&movq	("mm7",$Hsse2);
+
+	&pxor	($BxC,"mm1");			# de-magic
+	&paddq	($A,&QWP(0,"esi"));
+	&paddq	("mm1",&QWP(8,"esi"));
+	&paddq	($BxC,&QWP(16,"esi"));
+	&paddq	("mm3",&QWP(24,"esi"));
+	&paddq	($E,&QWP(32,"esi"));
+	&paddq	("mm5",&QWP(40,"esi"));
+	&paddq	("mm6",&QWP(48,"esi"));
+	&paddq	("mm7",&QWP(56,"esi"));
+
+	&movq	(&QWP(0,"esi"),$A);
+	&movq	(&QWP(8,"esi"),"mm1");
+	&movq	(&QWP(16,"esi"),$BxC);
+	&movq	(&QWP(24,"esi"),"mm3");
+	&movq	(&QWP(32,"esi"),$E);
+	&movq	(&QWP(40,"esi"),"mm5");
+	&movq	(&QWP(48,"esi"),"mm6");
+	&movq	(&QWP(56,"esi"),"mm7");
+
+    	&cmp	("edi","eax")			# are we done yet?
+	&jb	(&label("loop_ssse3"));
+
+	&mov	("esp",&DWP(64+12,$frame));	# restore sp
+	&emms	();
+}
+&function_end_A();
+}
+&set_label("loop_x86",16);
+    # copy input block to stack reversing byte and qword order
+    for ($i=0;$i<8;$i++) {
+	&mov	("eax",&DWP($i*16+0,"edi"));
+	&mov	("ebx",&DWP($i*16+4,"edi"));
+	&mov	("ecx",&DWP($i*16+8,"edi"));
+	&mov	("edx",&DWP($i*16+12,"edi"));
+	&bswap	("eax");
+	&bswap	("ebx");
+	&bswap	("ecx");
+	&bswap	("edx");
+	&push	("eax");
+	&push	("ebx");
+	&push	("ecx");
+	&push	("edx");
+    }
+	&add	("edi",128);
+	&sub	("esp",9*8);		# place for T,A,B,C,D,E,F,G,H
+	&mov	(&DWP(8*(9+16)+4,"esp"),"edi");
+
+	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+	&lea	("edi",&DWP(8,"esp"));
+	&mov	("ecx",16);
+	&data_word(0xA5F3F689);		# rep movsd
+
+&set_label("00_15_x86",16);
+	&BODY_00_15_x86();
+
+	&cmp	(&LB("edx"),0x94);
+	&jne	(&label("00_15_x86"));
+
+&set_label("16_79_x86",16);
+	#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+	#	LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+	#	HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+	&mov	("ecx",&DWP(8*(9+15+16-1)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16-1)+4,"esp"));
+	&mov	("esi","ecx");
+
+	&shr	("ecx",1);	# lo>>1
+	&mov	("edi","edx");
+	&shr	("edx",1);	# hi>>1
+	&mov	("eax","ecx");
+	&shl	("esi",24);	# lo<<24
+	&mov	("ebx","edx");
+	&shl	("edi",24);	# hi<<24
+	&xor	("ebx","esi");
+
+	&shr	("ecx",7-1);	# lo>>7
+	&xor	("eax","edi");
+	&shr	("edx",7-1);	# hi>>7
+	&xor	("eax","ecx");
+	&shl	("esi",31-24);	# lo<<31
+	&xor	("ebx","edx");
+	&shl	("edi",25-24);	# hi<<25
+	&xor	("ebx","esi");
+
+	&shr	("ecx",8-7);	# lo>>8
+	&xor	("eax","edi");
+	&shr	("edx",8-7);	# hi>>8
+	&xor	("eax","ecx");
+	&shl	("edi",31-25);	# hi<<31
+	&xor	("ebx","edx");
+	&xor	("eax","edi");			# T1 = sigma0(X[-15])
+
+	&mov	(&DWP(0,"esp"),"eax");
+	&mov	(&DWP(4,"esp"),"ebx");		# put T1 away
+
+	#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+	#	LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+	#	HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+	&mov	("ecx",&DWP(8*(9+15+16-14)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16-14)+4,"esp"));
+	&mov	("esi","ecx");
+
+	&shr	("ecx",6);	# lo>>6
+	&mov	("edi","edx");
+	&shr	("edx",6);	# hi>>6
+	&mov	("eax","ecx");
+	&shl	("esi",3);	# lo<<3
+	&mov	("ebx","edx");
+	&shl	("edi",3);	# hi<<3
+	&xor	("eax","esi");
+
+	&shr	("ecx",19-6);	# lo>>19
+	&xor	("ebx","edi");
+	&shr	("edx",19-6);	# hi>>19
+	&xor	("eax","ecx");
+	&shl	("esi",13-3);	# lo<<13
+	&xor	("ebx","edx");
+	&shl	("edi",13-3);	# hi<<13
+	&xor	("ebx","esi");
+
+	&shr	("ecx",29-19);	# lo>>29
+	&xor	("eax","edi");
+	&shr	("edx",29-19);	# hi>>29
+	&xor	("ebx","ecx");
+	&shl	("edi",26-13);	# hi<<26
+	&xor	("eax","edx");
+	&xor	("eax","edi");			# sigma1(X[-2])
+
+	&mov	("ecx",&DWP(8*(9+15+16)+0,"esp"));
+	&mov	("edx",&DWP(8*(9+15+16)+4,"esp"));
+	&add	("eax",&DWP(0,"esp"));
+	&adc	("ebx",&DWP(4,"esp"));		# T1 = sigma1(X[-2])+T1
+	&mov	("esi",&DWP(8*(9+15+16-9)+0,"esp"));
+	&mov	("edi",&DWP(8*(9+15+16-9)+4,"esp"));
+	&add	("eax","ecx");
+	&adc	("ebx","edx");			# T1 += X[-16]
+	&add	("eax","esi");
+	&adc	("ebx","edi");			# T1 += X[-7]
+	&mov	(&DWP(8*(9+15)+0,"esp"),"eax");
+	&mov	(&DWP(8*(9+15)+4,"esp"),"ebx");	# save X[0]
+
+	&BODY_00_15_x86();
+
+	&cmp	(&LB("edx"),0x17);
+	&jne	(&label("16_79_x86"));
+
+	&mov	("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx
+	&mov	("edi",&DWP(8*(9+16+80)+4,"esp"));# inp
+    for($i=0;$i<4;$i++) {
+	&mov	("eax",&DWP($i*16+0,"esi"));
+	&mov	("ebx",&DWP($i*16+4,"esi"));
+	&mov	("ecx",&DWP($i*16+8,"esi"));
+	&mov	("edx",&DWP($i*16+12,"esi"));
+	&add	("eax",&DWP(8+($i*16)+0,"esp"));
+	&adc	("ebx",&DWP(8+($i*16)+4,"esp"));
+	&mov	(&DWP($i*16+0,"esi"),"eax");
+	&mov	(&DWP($i*16+4,"esi"),"ebx");
+	&add	("ecx",&DWP(8+($i*16)+8,"esp"));
+	&adc	("edx",&DWP(8+($i*16)+12,"esp"));
+	&mov	(&DWP($i*16+8,"esi"),"ecx");
+	&mov	(&DWP($i*16+12,"esi"),"edx");
+    }
+	&add	("esp",8*(9+16+80));		# destroy frame
+	&sub	($K512,8*80);			# rewind K
+
+	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
+	&jb	(&label("loop_x86"));
+
+	&mov	("esp",&DWP(12,"esp"));		# restore sp
+&function_end_A();
+
+&set_label("K512",64);	# Yes! I keep it in the code segment!
+	&data_word(0xd728ae22,0x428a2f98);	# u64
+	&data_word(0x23ef65cd,0x71374491);	# u64
+	&data_word(0xec4d3b2f,0xb5c0fbcf);	# u64
+	&data_word(0x8189dbbc,0xe9b5dba5);	# u64
+	&data_word(0xf348b538,0x3956c25b);	# u64
+	&data_word(0xb605d019,0x59f111f1);	# u64
+	&data_word(0xaf194f9b,0x923f82a4);	# u64
+	&data_word(0xda6d8118,0xab1c5ed5);	# u64
+	&data_word(0xa3030242,0xd807aa98);	# u64
+	&data_word(0x45706fbe,0x12835b01);	# u64
+	&data_word(0x4ee4b28c,0x243185be);	# u64
+	&data_word(0xd5ffb4e2,0x550c7dc3);	# u64
+	&data_word(0xf27b896f,0x72be5d74);	# u64
+	&data_word(0x3b1696b1,0x80deb1fe);	# u64
+	&data_word(0x25c71235,0x9bdc06a7);	# u64
+	&data_word(0xcf692694,0xc19bf174);	# u64
+	&data_word(0x9ef14ad2,0xe49b69c1);	# u64
+	&data_word(0x384f25e3,0xefbe4786);	# u64
+	&data_word(0x8b8cd5b5,0x0fc19dc6);	# u64
+	&data_word(0x77ac9c65,0x240ca1cc);	# u64
+	&data_word(0x592b0275,0x2de92c6f);	# u64
+	&data_word(0x6ea6e483,0x4a7484aa);	# u64
+	&data_word(0xbd41fbd4,0x5cb0a9dc);	# u64
+	&data_word(0x831153b5,0x76f988da);	# u64
+	&data_word(0xee66dfab,0x983e5152);	# u64
+	&data_word(0x2db43210,0xa831c66d);	# u64
+	&data_word(0x98fb213f,0xb00327c8);	# u64
+	&data_word(0xbeef0ee4,0xbf597fc7);	# u64
+	&data_word(0x3da88fc2,0xc6e00bf3);	# u64
+	&data_word(0x930aa725,0xd5a79147);	# u64
+	&data_word(0xe003826f,0x06ca6351);	# u64
+	&data_word(0x0a0e6e70,0x14292967);	# u64
+	&data_word(0x46d22ffc,0x27b70a85);	# u64
+	&data_word(0x5c26c926,0x2e1b2138);	# u64
+	&data_word(0x5ac42aed,0x4d2c6dfc);	# u64
+	&data_word(0x9d95b3df,0x53380d13);	# u64
+	&data_word(0x8baf63de,0x650a7354);	# u64
+	&data_word(0x3c77b2a8,0x766a0abb);	# u64
+	&data_word(0x47edaee6,0x81c2c92e);	# u64
+	&data_word(0x1482353b,0x92722c85);	# u64
+	&data_word(0x4cf10364,0xa2bfe8a1);	# u64
+	&data_word(0xbc423001,0xa81a664b);	# u64
+	&data_word(0xd0f89791,0xc24b8b70);	# u64
+	&data_word(0x0654be30,0xc76c51a3);	# u64
+	&data_word(0xd6ef5218,0xd192e819);	# u64
+	&data_word(0x5565a910,0xd6990624);	# u64
+	&data_word(0x5771202a,0xf40e3585);	# u64
+	&data_word(0x32bbd1b8,0x106aa070);	# u64
+	&data_word(0xb8d2d0c8,0x19a4c116);	# u64
+	&data_word(0x5141ab53,0x1e376c08);	# u64
+	&data_word(0xdf8eeb99,0x2748774c);	# u64
+	&data_word(0xe19b48a8,0x34b0bcb5);	# u64
+	&data_word(0xc5c95a63,0x391c0cb3);	# u64
+	&data_word(0xe3418acb,0x4ed8aa4a);	# u64
+	&data_word(0x7763e373,0x5b9cca4f);	# u64
+	&data_word(0xd6b2b8a3,0x682e6ff3);	# u64
+	&data_word(0x5defb2fc,0x748f82ee);	# u64
+	&data_word(0x43172f60,0x78a5636f);	# u64
+	&data_word(0xa1f0ab72,0x84c87814);	# u64
+	&data_word(0x1a6439ec,0x8cc70208);	# u64
+	&data_word(0x23631e28,0x90befffa);	# u64
+	&data_word(0xde82bde9,0xa4506ceb);	# u64
+	&data_word(0xb2c67915,0xbef9a3f7);	# u64
+	&data_word(0xe372532b,0xc67178f2);	# u64
+	&data_word(0xea26619c,0xca273ece);	# u64
+	&data_word(0x21c0c207,0xd186b8c7);	# u64
+	&data_word(0xcde0eb1e,0xeada7dd6);	# u64
+	&data_word(0xee6ed178,0xf57d4f7f);	# u64
+	&data_word(0x72176fba,0x06f067aa);	# u64
+	&data_word(0xa2c898a6,0x0a637dc5);	# u64
+	&data_word(0xbef90dae,0x113f9804);	# u64
+	&data_word(0x131c471b,0x1b710b35);	# u64
+	&data_word(0x23047d84,0x28db77f5);	# u64
+	&data_word(0x40c72493,0x32caab7b);	# u64
+	&data_word(0x15c9bebc,0x3c9ebe0a);	# u64
+	&data_word(0x9c100d4c,0x431d67c4);	# u64
+	&data_word(0xcb3e42b6,0x4cc5d4be);	# u64
+	&data_word(0xfc657e2a,0x597f299c);	# u64
+	&data_word(0x3ad6faec,0x5fcb6fab);	# u64
+	&data_word(0x4a475817,0x6c44198c);	# u64
+
+	&data_word(0x04050607,0x00010203);	# byte swap
+	&data_word(0x0c0d0e0f,0x08090a0b);	# mask
+&function_end_B("sha512_block_data_order");
+&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-armv4.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-armv4.pl
new file mode 100644
index 0000000..22b5a9d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-armv4.pl
@@ -0,0 +1,668 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Permission to use under GPL terms is granted.
+# ====================================================================
+
+# SHA512 block procedure for ARMv4. September 2007.
+
+# This code is ~4.5 (four and a half) times faster than code generated
+# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
+# Xscale PXA250 core].
+#
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 6% improvement on
+# Cortex A8 core and ~40 cycles per processed byte.
+
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 7%
+# improvement on Coxtex A8 core and ~38 cycles per byte.
+
+# March 2011.
+#
+# Add NEON implementation. On Cortex A8 it was measured to process
+# one byte in 23.3 cycles or ~60% faster than integer-only code.
+
+# August 2012.
+#
+# Improve NEON performance by 12% on Snapdragon S4. In absolute
+# terms it's 22.6 cycles per byte, which is disappointing result.
+# Technical writers asserted that 3-way S4 pipeline can sustain
+# multiple NEON instructions per cycle, but dual NEON issue could
+# not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html
+# for further details. On side note Cortex-A15 processes one byte in
+# 16 cycles.
+
+# Byte order [in]dependence. =========================================
+#
+# Originally caller was expected to maintain specific *dword* order in
+# h[0-7], namely with most significant dword at *lower* address, which
+# was reflected in below two parameters as 0 and 4. Now caller is
+# expected to maintain native byte order for whole 64-bit values.
+$hi="HI";
+$lo="LO";
+# ====================================================================
+
+$flavour = shift;
+if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; }
+else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} }
+
+if ($flavour && $flavour ne "void") {
+    $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+    ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+    die "can't locate arm-xlate.pl";
+
+    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+} else {
+    open STDOUT,">$output";
+}
+
+$ctx="r0";	# parameter block
+$inp="r1";
+$len="r2";
+
+$Tlo="r3";
+$Thi="r4";
+$Alo="r5";
+$Ahi="r6";
+$Elo="r7";
+$Ehi="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+############	r13 is stack pointer
+$Ktbl="r14";
+############	r15 is program counter
+
+$Aoff=8*0;
+$Boff=8*1;
+$Coff=8*2;
+$Doff=8*3;
+$Eoff=8*4;
+$Foff=8*5;
+$Goff=8*6;
+$Hoff=8*7;
+$Xoff=8*8;
+
+sub BODY_00_15() {
+my $magic = shift;
+$code.=<<___;
+	@ Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+	@ LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+	@ HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+	mov	$t0,$Elo,lsr#14
+	str	$Tlo,[sp,#$Xoff+0]
+	mov	$t1,$Ehi,lsr#14
+	str	$Thi,[sp,#$Xoff+4]
+	eor	$t0,$t0,$Ehi,lsl#18
+	ldr	$t2,[sp,#$Hoff+0]	@ h.lo
+	eor	$t1,$t1,$Elo,lsl#18
+	ldr	$t3,[sp,#$Hoff+4]	@ h.hi
+	eor	$t0,$t0,$Elo,lsr#18
+	eor	$t1,$t1,$Ehi,lsr#18
+	eor	$t0,$t0,$Ehi,lsl#14
+	eor	$t1,$t1,$Elo,lsl#14
+	eor	$t0,$t0,$Ehi,lsr#9
+	eor	$t1,$t1,$Elo,lsr#9
+	eor	$t0,$t0,$Elo,lsl#23
+	eor	$t1,$t1,$Ehi,lsl#23	@ Sigma1(e)
+	adds	$Tlo,$Tlo,$t0
+	ldr	$t0,[sp,#$Foff+0]	@ f.lo
+	adc	$Thi,$Thi,$t1		@ T += Sigma1(e)
+	ldr	$t1,[sp,#$Foff+4]	@ f.hi
+	adds	$Tlo,$Tlo,$t2
+	ldr	$t2,[sp,#$Goff+0]	@ g.lo
+	adc	$Thi,$Thi,$t3		@ T += h
+	ldr	$t3,[sp,#$Goff+4]	@ g.hi
+
+	eor	$t0,$t0,$t2
+	str	$Elo,[sp,#$Eoff+0]
+	eor	$t1,$t1,$t3
+	str	$Ehi,[sp,#$Eoff+4]
+	and	$t0,$t0,$Elo
+	str	$Alo,[sp,#$Aoff+0]
+	and	$t1,$t1,$Ehi
+	str	$Ahi,[sp,#$Aoff+4]
+	eor	$t0,$t0,$t2
+	ldr	$t2,[$Ktbl,#$lo]	@ K[i].lo
+	eor	$t1,$t1,$t3		@ Ch(e,f,g)
+	ldr	$t3,[$Ktbl,#$hi]	@ K[i].hi
+
+	adds	$Tlo,$Tlo,$t0
+	ldr	$Elo,[sp,#$Doff+0]	@ d.lo
+	adc	$Thi,$Thi,$t1		@ T += Ch(e,f,g)
+	ldr	$Ehi,[sp,#$Doff+4]	@ d.hi
+	adds	$Tlo,$Tlo,$t2
+	and	$t0,$t2,#0xff
+	adc	$Thi,$Thi,$t3		@ T += K[i]
+	adds	$Elo,$Elo,$Tlo
+	ldr	$t2,[sp,#$Boff+0]	@ b.lo
+	adc	$Ehi,$Ehi,$Thi		@ d += T
+	teq	$t0,#$magic
+
+	ldr	$t3,[sp,#$Coff+0]	@ c.lo
+#if __ARM_ARCH__>=7
+	it	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	orreq	$Ktbl,$Ktbl,#1
+	@ Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+	@ LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+	@ HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+	mov	$t0,$Alo,lsr#28
+	mov	$t1,$Ahi,lsr#28
+	eor	$t0,$t0,$Ahi,lsl#4
+	eor	$t1,$t1,$Alo,lsl#4
+	eor	$t0,$t0,$Ahi,lsr#2
+	eor	$t1,$t1,$Alo,lsr#2
+	eor	$t0,$t0,$Alo,lsl#30
+	eor	$t1,$t1,$Ahi,lsl#30
+	eor	$t0,$t0,$Ahi,lsr#7
+	eor	$t1,$t1,$Alo,lsr#7
+	eor	$t0,$t0,$Alo,lsl#25
+	eor	$t1,$t1,$Ahi,lsl#25	@ Sigma0(a)
+	adds	$Tlo,$Tlo,$t0
+	and	$t0,$Alo,$t2
+	adc	$Thi,$Thi,$t1		@ T += Sigma0(a)
+
+	ldr	$t1,[sp,#$Boff+4]	@ b.hi
+	orr	$Alo,$Alo,$t2
+	ldr	$t2,[sp,#$Coff+4]	@ c.hi
+	and	$Alo,$Alo,$t3
+	and	$t3,$Ahi,$t1
+	orr	$Ahi,$Ahi,$t1
+	orr	$Alo,$Alo,$t0		@ Maj(a,b,c).lo
+	and	$Ahi,$Ahi,$t2
+	adds	$Alo,$Alo,$Tlo
+	orr	$Ahi,$Ahi,$t3		@ Maj(a,b,c).hi
+	sub	sp,sp,#8
+	adc	$Ahi,$Ahi,$Thi		@ h += T
+	tst	$Ktbl,#1
+	add	$Ktbl,$Ktbl,#8
+___
+}
+$code=<<___;
+#ifndef __KERNEL__
+# include "arm_arch.h"
+# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
+# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
+#else
+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
+# define __ARM_MAX_ARCH__ 7
+# define VFP_ABI_PUSH
+# define VFP_ABI_POP
+#endif
+
+#ifdef __ARMEL__
+# define LO 0
+# define HI 4
+# define WORD64(hi0,lo0,hi1,lo1)	.word	lo0,hi0, lo1,hi1
+#else
+# define HI 0
+# define LO 4
+# define WORD64(hi0,lo0,hi1,lo1)	.word	hi0,lo0, hi1,lo1
+#endif
+
+.text
+#if defined(__thumb2__)
+.syntax unified
+.thumb
+# define adrl adr
+#else
+.code	32
+#endif
+
+.type	K512,%object
+.align	5
+K512:
+WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
+WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
+WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
+WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
+WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
+WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
+WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
+WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
+WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
+WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
+WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
+WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
+WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
+WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
+WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
+WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
+WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
+WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
+WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
+WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
+WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
+WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
+WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
+WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
+WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
+WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
+WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
+WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
+WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
+WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
+WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
+WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
+WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
+WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
+WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
+WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
+WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
+WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
+WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
+WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
+.size	K512,.-K512
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.LOPENSSL_armcap:
+.word	OPENSSL_armcap_P-.Lsha512_block_data_order
+.skip	32-4
+#else
+.skip	32
+#endif
+
+.global	sha512_block_data_order
+.type	sha512_block_data_order,%function
+sha512_block_data_order:
+.Lsha512_block_data_order:
+#if __ARM_ARCH__<7 && !defined(__thumb2__)
+	sub	r3,pc,#8		@ sha512_block_data_order
+#else
+	adr	r3,.Lsha512_block_data_order
+#endif
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+	ldr	r12,.LOPENSSL_armcap
+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
+#ifdef	__APPLE__
+	ldr	r12,[r12]
+#endif
+	tst	r12,#ARMV7_NEON
+	bne	.LNEON
+#endif
+	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
+	stmdb	sp!,{r4-r12,lr}
+	sub	$Ktbl,r3,#672		@ K512
+	sub	sp,sp,#9*8
+
+	ldr	$Elo,[$ctx,#$Eoff+$lo]
+	ldr	$Ehi,[$ctx,#$Eoff+$hi]
+	ldr	$t0, [$ctx,#$Goff+$lo]
+	ldr	$t1, [$ctx,#$Goff+$hi]
+	ldr	$t2, [$ctx,#$Hoff+$lo]
+	ldr	$t3, [$ctx,#$Hoff+$hi]
+.Loop:
+	str	$t0, [sp,#$Goff+0]
+	str	$t1, [sp,#$Goff+4]
+	str	$t2, [sp,#$Hoff+0]
+	str	$t3, [sp,#$Hoff+4]
+	ldr	$Alo,[$ctx,#$Aoff+$lo]
+	ldr	$Ahi,[$ctx,#$Aoff+$hi]
+	ldr	$Tlo,[$ctx,#$Boff+$lo]
+	ldr	$Thi,[$ctx,#$Boff+$hi]
+	ldr	$t0, [$ctx,#$Coff+$lo]
+	ldr	$t1, [$ctx,#$Coff+$hi]
+	ldr	$t2, [$ctx,#$Doff+$lo]
+	ldr	$t3, [$ctx,#$Doff+$hi]
+	str	$Tlo,[sp,#$Boff+0]
+	str	$Thi,[sp,#$Boff+4]
+	str	$t0, [sp,#$Coff+0]
+	str	$t1, [sp,#$Coff+4]
+	str	$t2, [sp,#$Doff+0]
+	str	$t3, [sp,#$Doff+4]
+	ldr	$Tlo,[$ctx,#$Foff+$lo]
+	ldr	$Thi,[$ctx,#$Foff+$hi]
+	str	$Tlo,[sp,#$Foff+0]
+	str	$Thi,[sp,#$Foff+4]
+
+.L00_15:
+#if __ARM_ARCH__<7
+	ldrb	$Tlo,[$inp,#7]
+	ldrb	$t0, [$inp,#6]
+	ldrb	$t1, [$inp,#5]
+	ldrb	$t2, [$inp,#4]
+	ldrb	$Thi,[$inp,#3]
+	ldrb	$t3, [$inp,#2]
+	orr	$Tlo,$Tlo,$t0,lsl#8
+	ldrb	$t0, [$inp,#1]
+	orr	$Tlo,$Tlo,$t1,lsl#16
+	ldrb	$t1, [$inp],#8
+	orr	$Tlo,$Tlo,$t2,lsl#24
+	orr	$Thi,$Thi,$t3,lsl#8
+	orr	$Thi,$Thi,$t0,lsl#16
+	orr	$Thi,$Thi,$t1,lsl#24
+#else
+	ldr	$Tlo,[$inp,#4]
+	ldr	$Thi,[$inp],#8
+#ifdef __ARMEL__
+	rev	$Tlo,$Tlo
+	rev	$Thi,$Thi
+#endif
+#endif
+___
+	&BODY_00_15(0x94);
+$code.=<<___;
+	tst	$Ktbl,#1
+	beq	.L00_15
+	ldr	$t0,[sp,#`$Xoff+8*(16-1)`+0]
+	ldr	$t1,[sp,#`$Xoff+8*(16-1)`+4]
+	bic	$Ktbl,$Ktbl,#1
+.L16_79:
+	@ sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+	@ LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+	@ HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+	mov	$Tlo,$t0,lsr#1
+	ldr	$t2,[sp,#`$Xoff+8*(16-14)`+0]
+	mov	$Thi,$t1,lsr#1
+	ldr	$t3,[sp,#`$Xoff+8*(16-14)`+4]
+	eor	$Tlo,$Tlo,$t1,lsl#31
+	eor	$Thi,$Thi,$t0,lsl#31
+	eor	$Tlo,$Tlo,$t0,lsr#8
+	eor	$Thi,$Thi,$t1,lsr#8
+	eor	$Tlo,$Tlo,$t1,lsl#24
+	eor	$Thi,$Thi,$t0,lsl#24
+	eor	$Tlo,$Tlo,$t0,lsr#7
+	eor	$Thi,$Thi,$t1,lsr#7
+	eor	$Tlo,$Tlo,$t1,lsl#25
+
+	@ sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+	@ LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+	@ HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+	mov	$t0,$t2,lsr#19
+	mov	$t1,$t3,lsr#19
+	eor	$t0,$t0,$t3,lsl#13
+	eor	$t1,$t1,$t2,lsl#13
+	eor	$t0,$t0,$t3,lsr#29
+	eor	$t1,$t1,$t2,lsr#29
+	eor	$t0,$t0,$t2,lsl#3
+	eor	$t1,$t1,$t3,lsl#3
+	eor	$t0,$t0,$t2,lsr#6
+	eor	$t1,$t1,$t3,lsr#6
+	ldr	$t2,[sp,#`$Xoff+8*(16-9)`+0]
+	eor	$t0,$t0,$t3,lsl#26
+
+	ldr	$t3,[sp,#`$Xoff+8*(16-9)`+4]
+	adds	$Tlo,$Tlo,$t0
+	ldr	$t0,[sp,#`$Xoff+8*16`+0]
+	adc	$Thi,$Thi,$t1
+
+	ldr	$t1,[sp,#`$Xoff+8*16`+4]
+	adds	$Tlo,$Tlo,$t2
+	adc	$Thi,$Thi,$t3
+	adds	$Tlo,$Tlo,$t0
+	adc	$Thi,$Thi,$t1
+___
+	&BODY_00_15(0x17);
+$code.=<<___;
+#if __ARM_ARCH__>=7
+	ittt	eq			@ Thumb2 thing, sanity check in ARM
+#endif
+	ldreq	$t0,[sp,#`$Xoff+8*(16-1)`+0]
+	ldreq	$t1,[sp,#`$Xoff+8*(16-1)`+4]
+	beq	.L16_79
+	bic	$Ktbl,$Ktbl,#1
+
+	ldr	$Tlo,[sp,#$Boff+0]
+	ldr	$Thi,[sp,#$Boff+4]
+	ldr	$t0, [$ctx,#$Aoff+$lo]
+	ldr	$t1, [$ctx,#$Aoff+$hi]
+	ldr	$t2, [$ctx,#$Boff+$lo]
+	ldr	$t3, [$ctx,#$Boff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Aoff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Aoff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Boff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Boff+$hi]
+
+	ldr	$Alo,[sp,#$Coff+0]
+	ldr	$Ahi,[sp,#$Coff+4]
+	ldr	$Tlo,[sp,#$Doff+0]
+	ldr	$Thi,[sp,#$Doff+4]
+	ldr	$t0, [$ctx,#$Coff+$lo]
+	ldr	$t1, [$ctx,#$Coff+$hi]
+	ldr	$t2, [$ctx,#$Doff+$lo]
+	ldr	$t3, [$ctx,#$Doff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Coff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Coff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Doff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Doff+$hi]
+
+	ldr	$Tlo,[sp,#$Foff+0]
+	ldr	$Thi,[sp,#$Foff+4]
+	ldr	$t0, [$ctx,#$Eoff+$lo]
+	ldr	$t1, [$ctx,#$Eoff+$hi]
+	ldr	$t2, [$ctx,#$Foff+$lo]
+	ldr	$t3, [$ctx,#$Foff+$hi]
+	adds	$Elo,$Elo,$t0
+	str	$Elo,[$ctx,#$Eoff+$lo]
+	adc	$Ehi,$Ehi,$t1
+	str	$Ehi,[$ctx,#$Eoff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Foff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Foff+$hi]
+
+	ldr	$Alo,[sp,#$Goff+0]
+	ldr	$Ahi,[sp,#$Goff+4]
+	ldr	$Tlo,[sp,#$Hoff+0]
+	ldr	$Thi,[sp,#$Hoff+4]
+	ldr	$t0, [$ctx,#$Goff+$lo]
+	ldr	$t1, [$ctx,#$Goff+$hi]
+	ldr	$t2, [$ctx,#$Hoff+$lo]
+	ldr	$t3, [$ctx,#$Hoff+$hi]
+	adds	$t0,$Alo,$t0
+	str	$t0, [$ctx,#$Goff+$lo]
+	adc	$t1,$Ahi,$t1
+	str	$t1, [$ctx,#$Goff+$hi]
+	adds	$t2,$Tlo,$t2
+	str	$t2, [$ctx,#$Hoff+$lo]
+	adc	$t3,$Thi,$t3
+	str	$t3, [$ctx,#$Hoff+$hi]
+
+	add	sp,sp,#640
+	sub	$Ktbl,$Ktbl,#640
+
+	teq	$inp,$len
+	bne	.Loop
+
+	add	sp,sp,#8*9		@ destroy frame
+#if __ARM_ARCH__>=5
+	ldmia	sp!,{r4-r12,pc}
+#else
+	ldmia	sp!,{r4-r12,lr}
+	tst	lr,#1
+	moveq	pc,lr			@ be binary compatible with V4, yet
+	bx	lr			@ interoperable with Thumb ISA:-)
+#endif
+.size	sha512_block_data_order,.-sha512_block_data_order
+___
+
+{
+my @Sigma0=(28,34,39);
+my @Sigma1=(14,18,41);
+my @sigma0=(1, 8, 7);
+my @sigma1=(19,61,6);
+
+my $Ktbl="r3";
+my $cnt="r12";	# volatile register known as ip, intra-procedure-call scratch
+
+my @X=map("d$_",(0..15));
+my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23));
+
+sub NEON_00_15() {
+my $i=shift;
+my ($a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31));	# temps
+
+$code.=<<___ if ($i<16 || $i&1);
+	vshr.u64	$t0,$e,#@Sigma1[0]	@ $i
+#if $i<16
+	vld1.64		{@X[$i%16]},[$inp]!	@ handles unaligned
+#endif
+	vshr.u64	$t1,$e,#@Sigma1[1]
+#if $i>0
+	 vadd.i64	$a,$Maj			@ h+=Maj from the past
+#endif
+	vshr.u64	$t2,$e,#@Sigma1[2]
+___
+$code.=<<___;
+	vld1.64		{$K},[$Ktbl,:64]!	@ K[i++]
+	vsli.64		$t0,$e,#`64-@Sigma1[0]`
+	vsli.64		$t1,$e,#`64-@Sigma1[1]`
+	vmov		$Ch,$e
+	vsli.64		$t2,$e,#`64-@Sigma1[2]`
+#if $i<16 && defined(__ARMEL__)
+	vrev64.8	@X[$i],@X[$i]
+#endif
+	veor		$t1,$t0
+	vbsl		$Ch,$f,$g		@ Ch(e,f,g)
+	vshr.u64	$t0,$a,#@Sigma0[0]
+	veor		$t2,$t1			@ Sigma1(e)
+	vadd.i64	$T1,$Ch,$h
+	vshr.u64	$t1,$a,#@Sigma0[1]
+	vsli.64		$t0,$a,#`64-@Sigma0[0]`
+	vadd.i64	$T1,$t2
+	vshr.u64	$t2,$a,#@Sigma0[2]
+	vadd.i64	$K,@X[$i%16]
+	vsli.64		$t1,$a,#`64-@Sigma0[1]`
+	veor		$Maj,$a,$b
+	vsli.64		$t2,$a,#`64-@Sigma0[2]`
+	veor		$h,$t0,$t1
+	vadd.i64	$T1,$K
+	vbsl		$Maj,$c,$b		@ Maj(a,b,c)
+	veor		$h,$t2			@ Sigma0(a)
+	vadd.i64	$d,$T1
+	vadd.i64	$Maj,$T1
+	@ vadd.i64	$h,$Maj
+___
+}
+
+sub NEON_16_79() {
+my $i=shift;
+
+if ($i&1)	{ &NEON_00_15($i,@_); return; }
+
+# 2x-vectorized, therefore runs every 2nd round
+my @X=map("q$_",(0..7));			# view @X as 128-bit vector
+my ($t0,$t1,$s0,$s1) = map("q$_",(12..15));	# temps
+my ($d0,$d1,$d2) = map("d$_",(24..26));		# temps from NEON_00_15
+my $e=@_[4];					# $e from NEON_00_15
+$i /= 2;
+$code.=<<___;
+	vshr.u64	$t0,@X[($i+7)%8],#@sigma1[0]
+	vshr.u64	$t1,@X[($i+7)%8],#@sigma1[1]
+	 vadd.i64	@_[0],d30			@ h+=Maj from the past
+	vshr.u64	$s1,@X[($i+7)%8],#@sigma1[2]
+	vsli.64		$t0,@X[($i+7)%8],#`64-@sigma1[0]`
+	vext.8		$s0,@X[$i%8],@X[($i+1)%8],#8	@ X[i+1]
+	vsli.64		$t1,@X[($i+7)%8],#`64-@sigma1[1]`
+	veor		$s1,$t0
+	vshr.u64	$t0,$s0,#@sigma0[0]
+	veor		$s1,$t1				@ sigma1(X[i+14])
+	vshr.u64	$t1,$s0,#@sigma0[1]
+	vadd.i64	@X[$i%8],$s1
+	vshr.u64	$s1,$s0,#@sigma0[2]
+	vsli.64		$t0,$s0,#`64-@sigma0[0]`
+	vsli.64		$t1,$s0,#`64-@sigma0[1]`
+	vext.8		$s0,@X[($i+4)%8],@X[($i+5)%8],#8	@ X[i+9]
+	veor		$s1,$t0
+	vshr.u64	$d0,$e,#@Sigma1[0]		@ from NEON_00_15
+	vadd.i64	@X[$i%8],$s0
+	vshr.u64	$d1,$e,#@Sigma1[1]		@ from NEON_00_15
+	veor		$s1,$t1				@ sigma0(X[i+1])
+	vshr.u64	$d2,$e,#@Sigma1[2]		@ from NEON_00_15
+	vadd.i64	@X[$i%8],$s1
+___
+	&NEON_00_15(2*$i,@_);
+}
+
+$code.=<<___;
+#if __ARM_MAX_ARCH__>=7
+.arch	armv7-a
+.fpu	neon
+
+.global	sha512_block_data_order_neon
+.type	sha512_block_data_order_neon,%function
+.align	4
+sha512_block_data_order_neon:
+.LNEON:
+	dmb				@ errata #451034 on early Cortex A8
+	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
+	adr	$Ktbl,K512
+	VFP_ABI_PUSH
+	vldmia	$ctx,{$A-$H}		@ load context
+.Loop_neon:
+___
+for($i=0;$i<16;$i++)	{ &NEON_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mov		$cnt,#4
+.L16_79_neon:
+	subs		$cnt,#1
+___
+for(;$i<32;$i++)	{ &NEON_16_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bne		.L16_79_neon
+
+	 vadd.i64	$A,d30		@ h+=Maj from the past
+	vldmia		$ctx,{d24-d31}	@ load context to temp
+	vadd.i64	q8,q12		@ vectorized accumulate
+	vadd.i64	q9,q13
+	vadd.i64	q10,q14
+	vadd.i64	q11,q15
+	vstmia		$ctx,{$A-$H}	@ save context
+	teq		$inp,$len
+	sub		$Ktbl,#640	@ rewind K512
+	bne		.Loop_neon
+
+	VFP_ABI_POP
+	ret				@ bx lr
+.size	sha512_block_data_order_neon,.-sha512_block_data_order_neon
+#endif
+___
+}
+$code.=<<___;
+.asciz	"SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+.comm	OPENSSL_armcap_P,4,4
+#endif
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
+$code =~ s/\bret\b/bx	lr/gm;
+
+open SELF,$0;
+while(<SELF>) {
+	next if (/^#!/);
+	last if (!s/^#/@/ and !/^$/);
+	print;
+}
+close SELF;
+
+print $code;
+close STDOUT; # enforce flush
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-armv8.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-armv8.pl
new file mode 100644
index 0000000..c1aaf77
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-armv8.pl
@@ -0,0 +1,446 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256/512 for ARMv8.
+#
+# Performance in cycles per processed byte and improvement coefficient
+# over code generated with "default" compiler:
+#
+#		SHA256-hw	SHA256(*)	SHA512
+# Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
+# Cortex-A53	2.38		15.5 (+115%)	10.0 (+150%(***))
+# Cortex-A57	2.31		11.6 (+86%)	7.51 (+260%(***))
+# Denver	2.01		10.5 (+26%)	6.70 (+8%)
+# X-Gene			20.0 (+100%)	12.8 (+300%(***))
+# Mongoose	2.36		13.0 (+50%)	8.36 (+33%)
+# 
+# (*)	Software SHA256 results are of lesser relevance, presented
+#	mostly for informational purposes.
+# (**)	The result is a trade-off: it's possible to improve it by
+#	10% (or by 1 cycle per round), but at the cost of 20% loss
+#	on Cortex-A53 (or by 4 cycles per round).
+# (***)	Super-impressive coefficients over gcc-generated code are
+#	indication of some compiler "pathology", most notably code
+#	generated with -mgeneral-regs-only is significanty faster
+#	and the gap is only 40-90%.
+
+$flavour=shift;
+$output=shift;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+die "can't locate arm-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+if ($output =~ /512/) {
+	$BITS=512;
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$reg_t="x";
+} else {
+	$BITS=256;
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$reg_t="w";
+}
+
+$func="sha${BITS}_block_data_order";
+
+($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30));
+
+@X=map("$reg_t$_",(3..15,0..2));
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27));
+($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28));
+
+sub BODY_00_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my $j=($i+1)&15;
+my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]);
+   $T0=@X[$i+3] if ($i<11);
+
+$code.=<<___	if ($i<16);
+#ifndef	__ARMEB__
+	rev	@X[$i],@X[$i]			// $i
+#endif
+___
+$code.=<<___	if ($i<13 && ($i&1));
+	ldp	@X[$i+1],@X[$i+2],[$inp],#2*$SZ
+___
+$code.=<<___	if ($i==13);
+	ldp	@X[14],@X[15],[$inp]
+___
+$code.=<<___	if ($i>=14);
+	ldr	@X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`]
+___
+$code.=<<___	if ($i>0 && $i<16);
+	add	$a,$a,$t1			// h+=Sigma0(a)
+___
+$code.=<<___	if ($i>=11);
+	str	@X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`]
+___
+# While ARMv8 specifies merged rotate-n-logical operation such as
+# 'eor x,y,z,ror#n', it was found to negatively affect performance
+# on Apple A7. The reason seems to be that it requires even 'y' to
+# be available earlier. This means that such merged instruction is
+# not necessarily best choice on critical path... On the other hand
+# Cortex-A5x handles merged instructions much better than disjoint
+# rotate and logical... See (**) footnote above.
+$code.=<<___	if ($i<15);
+	ror	$t0,$e,#$Sigma1[0]
+	add	$h,$h,$t2			// h+=K[i]
+	eor	$T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]`
+	and	$t1,$f,$e
+	bic	$t2,$g,$e
+	add	$h,$h,@X[$i&15]			// h+=X[i]
+	orr	$t1,$t1,$t2			// Ch(e,f,g)
+	eor	$t2,$a,$b			// a^b, b^c in next round
+	eor	$t0,$t0,$T0,ror#$Sigma1[1]	// Sigma1(e)
+	ror	$T0,$a,#$Sigma0[0]
+	add	$h,$h,$t1			// h+=Ch(e,f,g)
+	eor	$t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]`
+	add	$h,$h,$t0			// h+=Sigma1(e)
+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
+	add	$d,$d,$h			// d+=h
+	eor	$t3,$t3,$b			// Maj(a,b,c)
+	eor	$t1,$T0,$t1,ror#$Sigma0[1]	// Sigma0(a)
+	add	$h,$h,$t3			// h+=Maj(a,b,c)
+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
+	//add	$h,$h,$t1			// h+=Sigma0(a)
+___
+$code.=<<___	if ($i>=15);
+	ror	$t0,$e,#$Sigma1[0]
+	add	$h,$h,$t2			// h+=K[i]
+	ror	$T1,@X[($j+1)&15],#$sigma0[0]
+	and	$t1,$f,$e
+	ror	$T2,@X[($j+14)&15],#$sigma1[0]
+	bic	$t2,$g,$e
+	ror	$T0,$a,#$Sigma0[0]
+	add	$h,$h,@X[$i&15]			// h+=X[i]
+	eor	$t0,$t0,$e,ror#$Sigma1[1]
+	eor	$T1,$T1,@X[($j+1)&15],ror#$sigma0[1]
+	orr	$t1,$t1,$t2			// Ch(e,f,g)
+	eor	$t2,$a,$b			// a^b, b^c in next round
+	eor	$t0,$t0,$e,ror#$Sigma1[2]	// Sigma1(e)
+	eor	$T0,$T0,$a,ror#$Sigma0[1]
+	add	$h,$h,$t1			// h+=Ch(e,f,g)
+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
+	eor	$T2,$T2,@X[($j+14)&15],ror#$sigma1[1]
+	eor	$T1,$T1,@X[($j+1)&15],lsr#$sigma0[2]	// sigma0(X[i+1])
+	add	$h,$h,$t0			// h+=Sigma1(e)
+	eor	$t3,$t3,$b			// Maj(a,b,c)
+	eor	$t1,$T0,$a,ror#$Sigma0[2]	// Sigma0(a)
+	eor	$T2,$T2,@X[($j+14)&15],lsr#$sigma1[2]	// sigma1(X[i+14])
+	add	@X[$j],@X[$j],@X[($j+9)&15]
+	add	$d,$d,$h			// d+=h
+	add	$h,$h,$t3			// h+=Maj(a,b,c)
+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
+	add	@X[$j],@X[$j],$T1
+	add	$h,$h,$t1			// h+=Sigma0(a)
+	add	@X[$j],@X[$j],$T2
+___
+	($t2,$t3)=($t3,$t2);
+}
+
+$code.=<<___;
+#include "arm_arch.h"
+
+.text
+
+.extern	OPENSSL_armcap_P
+.globl	$func
+.type	$func,%function
+.align	6
+$func:
+___
+$code.=<<___	if ($SZ==4);
+#ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+#else
+	ldr	x16,.LOPENSSL_armcap_P
+#endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA256
+	b.ne	.Lv8_entry
+___
+$code.=<<___;
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#4*$SZ
+
+	ldp	$A,$B,[$ctx]				// load context
+	ldp	$C,$D,[$ctx,#2*$SZ]
+	ldp	$E,$F,[$ctx,#4*$SZ]
+	add	$num,$inp,$num,lsl#`log(16*$SZ)/log(2)`	// end of input
+	ldp	$G,$H,[$ctx,#6*$SZ]
+	adr	$Ktbl,.LK$BITS
+	stp	$ctx,$num,[x29,#96]
+
+.Loop:
+	ldp	@X[0],@X[1],[$inp],#2*$SZ
+	ldr	$t2,[$Ktbl],#$SZ			// *K++
+	eor	$t3,$B,$C				// magic seed
+	str	$inp,[x29,#112]
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=".Loop_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	cbnz	$t2,.Loop_16_xx
+
+	ldp	$ctx,$num,[x29,#96]
+	ldr	$inp,[x29,#112]
+	sub	$Ktbl,$Ktbl,#`$SZ*($rounds+1)`		// rewind
+
+	ldp	@X[0],@X[1],[$ctx]
+	ldp	@X[2],@X[3],[$ctx,#2*$SZ]
+	add	$inp,$inp,#14*$SZ			// advance input pointer
+	ldp	@X[4],@X[5],[$ctx,#4*$SZ]
+	add	$A,$A,@X[0]
+	ldp	@X[6],@X[7],[$ctx,#6*$SZ]
+	add	$B,$B,@X[1]
+	add	$C,$C,@X[2]
+	add	$D,$D,@X[3]
+	stp	$A,$B,[$ctx]
+	add	$E,$E,@X[4]
+	add	$F,$F,@X[5]
+	stp	$C,$D,[$ctx,#2*$SZ]
+	add	$G,$G,@X[6]
+	add	$H,$H,@X[7]
+	cmp	$inp,$num
+	stp	$E,$F,[$ctx,#4*$SZ]
+	stp	$G,$H,[$ctx,#6*$SZ]
+	b.ne	.Loop
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#4*$SZ
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+	ret
+.size	$func,.-$func
+
+.align	6
+.type	.LK$BITS,%object
+.LK$BITS:
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+	.quad	0	// terminator
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0	//terminator
+___
+$code.=<<___;
+.size	.LK$BITS,.-.LK$BITS
+.align	3
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+	.long	OPENSSL_armcap_P-.
+#else
+	.quad	OPENSSL_armcap_P-.
+#endif
+.asciz	"SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+if ($SZ==4) {
+my $Ktbl="x3";
+
+my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2));
+my @MSG=map("v$_.16b",(4..7));
+my ($W0,$W1)=("v16.4s","v17.4s");
+my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
+
+$code.=<<___;
+.type	sha256_block_armv8,%function
+.align	6
+sha256_block_armv8:
+.Lv8_entry:
+	stp		x29,x30,[sp,#-16]!
+	add		x29,sp,#0
+
+	ld1.32		{$ABCD,$EFGH},[$ctx]
+	adr		$Ktbl,.LK256
+
+.Loop_hw:
+	ld1		{@MSG[0]-@MSG[3]},[$inp],#64
+	sub		$num,$num,#1
+	ld1.32		{$W0},[$Ktbl],#16
+	rev32		@MSG[0],@MSG[0]
+	rev32		@MSG[1],@MSG[1]
+	rev32		@MSG[2],@MSG[2]
+	rev32		@MSG[3],@MSG[3]
+	orr		$ABCD_SAVE,$ABCD,$ABCD		// offload
+	orr		$EFGH_SAVE,$EFGH,$EFGH
+___
+for($i=0;$i<12;$i++) {
+$code.=<<___;
+	ld1.32		{$W1},[$Ktbl],#16
+	add.i32		$W0,$W0,@MSG[0]
+	sha256su0	@MSG[0],@MSG[1]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
+___
+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	ld1.32		{$W1},[$Ktbl],#16
+	add.i32		$W0,$W0,@MSG[0]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	ld1.32		{$W0},[$Ktbl],#16
+	add.i32		$W1,$W1,@MSG[1]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	ld1.32		{$W1},[$Ktbl]
+	add.i32		$W0,$W0,@MSG[2]
+	sub		$Ktbl,$Ktbl,#$rounds*$SZ-16	// rewind
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W0
+	sha256h2	$EFGH,$abcd,$W0
+
+	add.i32		$W1,$W1,@MSG[3]
+	orr		$abcd,$ABCD,$ABCD
+	sha256h		$ABCD,$EFGH,$W1
+	sha256h2	$EFGH,$abcd,$W1
+
+	add.i32		$ABCD,$ABCD,$ABCD_SAVE
+	add.i32		$EFGH,$EFGH,$EFGH_SAVE
+
+	cbnz		$num,.Loop_hw
+
+	st1.32		{$ABCD,$EFGH},[$ctx]
+
+	ldr		x29,[sp],#16
+	ret
+.size	sha256_block_armv8,.-sha256_block_armv8
+___
+}
+
+$code.=<<___;
+.comm	OPENSSL_armcap_P,4,4
+___
+
+{   my  %opcode = (
+	"sha256h"	=> 0x5e004000,	"sha256h2"	=> 0x5e005000,
+	"sha256su0"	=> 0x5e282800,	"sha256su1"	=> 0x5e006000	);
+
+    sub unsha256 {
+	my ($mnemonic,$arg)=@_;
+
+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
+	&&
+	sprintf ".inst\t0x%08x\t//%s %s",
+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
+			$mnemonic,$arg;
+    }
+}
+
+foreach(split("\n",$code)) {
+
+	s/\`([^\`]*)\`/eval($1)/geo;
+
+	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo;
+
+	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
+	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-c64xplus.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-c64xplus.pl
new file mode 100644
index 0000000..9ebfc92
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-c64xplus.pl
@@ -0,0 +1,438 @@
+#! /usr/bin/env perl
+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 for C64x+.
+#
+# January 2012
+#
+# Performance is 19 cycles per processed byte. Compared to block
+# transform function from sha512.c compiled with cl6x with -mv6400+
+# -o2 -DOPENSSL_SMALL_FOOTPRINT it's almost 7x faster and 2x smaller.
+# Loop unroll won't make it, this implementation, any faster, because
+# it's effectively dominated by SHRU||SHL pairs and you can't schedule
+# more of them.
+#
+# !!! Note that this module uses AMR, which means that all interrupt
+# service routines are expected to preserve it and for own well-being
+# zero it upon entry.
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
+ $K512="A3";
+
+($Ahi,$Actxhi,$Bhi,$Bctxhi,$Chi,$Cctxhi,$Dhi,$Dctxhi,
+ $Ehi,$Ectxhi,$Fhi,$Fctxhi,$Ghi,$Gctxhi,$Hhi,$Hctxhi)=map("A$_",(16..31));
+($Alo,$Actxlo,$Blo,$Bctxlo,$Clo,$Cctxlo,$Dlo,$Dctxlo,
+ $Elo,$Ectxlo,$Flo,$Fctxlo,$Glo,$Gctxlo,$Hlo,$Hctxlo)=map("B$_",(16..31));
+
+($S1hi,$CHhi,$S0hi,$t0hi)=map("A$_",(10..13));
+($S1lo,$CHlo,$S0lo,$t0lo)=map("B$_",(10..13));
+($T1hi,         $T2hi)=         ("A6","A7");
+($T1lo,$T1carry,$T2lo,$T2carry)=("B6","B7","B8","B9");
+($Khi,$Klo)=("A9","A8");
+($MAJhi,$MAJlo)=($T2hi,$T2lo);
+($t1hi,$t1lo)=($Khi,"B2");
+ $CTXB=$t1lo;
+
+($Xihi,$Xilo)=("A5","B5");			# circular/ring buffer
+
+$code.=<<___;
+	.text
+
+	.if	.ASSEMBLER_VERSION<7000000
+	.asg	0,__TI_EABI__
+	.endif
+	.if	__TI_EABI__
+	.nocmp
+	.asg	sha512_block_data_order,_sha512_block_data_order
+	.endif
+
+	.asg	B3,RA
+	.asg	A15,FP
+	.asg	B15,SP
+
+	.if	.BIG_ENDIAN
+	.asg	$Khi,KHI
+	.asg	$Klo,KLO
+	.else
+	.asg	$Khi,KLO
+	.asg	$Klo,KHI
+	.endif
+
+	.global	_sha512_block_data_order
+_sha512_block_data_order:
+__sha512_block:
+	.asmfunc stack_usage(40+128)
+	MV	$NUM,A0				; reassign $NUM
+||	MVK	-128,B0
+  [!A0]	BNOP	RA				; if ($NUM==0) return;
+|| [A0]	STW	FP,*SP--(40)			; save frame pointer
+|| [A0]	MV	SP,FP
+   [A0]	STDW	B13:B12,*SP[4]
+|| [A0]	MVK	0x00404,B1
+   [A0]	STDW	B11:B10,*SP[3]
+|| [A0]	STDW	A13:A12,*FP[-3]
+|| [A0]	MVKH	0x60000,B1
+   [A0]	STDW	A11:A10,*SP[1]
+|| [A0]	MVC	B1,AMR				; setup circular addressing
+|| [A0]	ADD	B0,SP,SP			; alloca(128)
+	.if	__TI_EABI__
+   [A0]	AND	B0,SP,SP			; align stack at 128 bytes
+|| [A0]	ADDKPC	__sha512_block,B1
+|| [A0]	MVKL	\$PCR_OFFSET(K512,__sha512_block),$K512
+   [A0]	MVKH	\$PCR_OFFSET(K512,__sha512_block),$K512
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	.else
+   [A0]	AND	B0,SP,SP			; align stack at 128 bytes
+|| [A0]	ADDKPC	__sha512_block,B1
+|| [A0]	MVKL	(K512-__sha512_block),$K512
+   [A0]	MVKH	(K512-__sha512_block),$K512
+|| [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
+	.endif
+	ADDAW	SP,3,$Xilo
+	ADDAW	SP,2,$Xihi
+
+||	MV	$CTXA,$CTXB
+	LDW	*${CTXA}[0^.LITTLE_ENDIAN],$Ahi	; load ctx
+||	LDW	*${CTXB}[1^.LITTLE_ENDIAN],$Alo
+||	ADD	B1,$K512,$K512
+	LDW	*${CTXA}[2^.LITTLE_ENDIAN],$Bhi
+||	LDW	*${CTXB}[3^.LITTLE_ENDIAN],$Blo
+	LDW	*${CTXA}[4^.LITTLE_ENDIAN],$Chi
+||	LDW	*${CTXB}[5^.LITTLE_ENDIAN],$Clo
+	LDW	*${CTXA}[6^.LITTLE_ENDIAN],$Dhi
+||	LDW	*${CTXB}[7^.LITTLE_ENDIAN],$Dlo
+	LDW	*${CTXA}[8^.LITTLE_ENDIAN],$Ehi
+||	LDW	*${CTXB}[9^.LITTLE_ENDIAN],$Elo
+	LDW	*${CTXA}[10^.LITTLE_ENDIAN],$Fhi
+||	LDW	*${CTXB}[11^.LITTLE_ENDIAN],$Flo
+	LDW	*${CTXA}[12^.LITTLE_ENDIAN],$Ghi
+||	LDW	*${CTXB}[13^.LITTLE_ENDIAN],$Glo
+	LDW	*${CTXA}[14^.LITTLE_ENDIAN],$Hhi
+||	LDW	*${CTXB}[15^.LITTLE_ENDIAN],$Hlo
+
+	LDNDW	*$INP++,B11:B10			; pre-fetch input
+	LDDW	*$K512++,$Khi:$Klo		; pre-fetch K512[0]
+outerloop?:
+	MVK	15,B0				; loop counters
+||	MVK	64,B1
+||	SUB	A0,1,A0
+	MV	$Ahi,$Actxhi
+||	MV	$Alo,$Actxlo
+||	MV	$Bhi,$Bctxhi
+||	MV	$Blo,$Bctxlo
+||	MV	$Chi,$Cctxhi
+||	MV	$Clo,$Cctxlo
+||	MVD	$Dhi,$Dctxhi
+||	MVD	$Dlo,$Dctxlo
+	MV	$Ehi,$Ectxhi
+||	MV	$Elo,$Ectxlo
+||	MV	$Fhi,$Fctxhi
+||	MV	$Flo,$Fctxlo
+||	MV	$Ghi,$Gctxhi
+||	MV	$Glo,$Gctxlo
+||	MVD	$Hhi,$Hctxhi
+||	MVD	$Hlo,$Hctxlo
+loop0_15?:
+	.if	.BIG_ENDIAN
+	MV	B11,$T1hi
+||	MV	B10,$T1lo
+	.else
+	SWAP4	B10,$T1hi
+||	SWAP4	B11,$T1lo
+	SWAP2	$T1hi,$T1hi
+||	SWAP2	$T1lo,$T1lo
+	.endif
+loop16_79?:
+	STW	$T1hi,*$Xihi++[2]
+||	STW	$T1lo,*$Xilo++[2]			; X[i] = T1
+||	ADD	$Hhi,$T1hi,$T1hi
+||	ADDU	$Hlo,$T1lo,$T1carry:$T1lo		; T1 += h
+||	SHRU	$Ehi,14,$S1hi
+||	SHL	$Ehi,32-14,$S1lo
+	XOR	$Fhi,$Ghi,$CHhi
+||	XOR	$Flo,$Glo,$CHlo
+||	ADD	KHI,$T1hi,$T1hi
+||	ADDU	KLO,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += K512[i]
+||	SHRU	$Elo,14,$t0lo
+||	SHL	$Elo,32-14,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	AND	$Ehi,$CHhi,$CHhi
+||	AND	$Elo,$CHlo,$CHlo
+||	ROTL	$Ghi,0,$Hhi
+||	ROTL	$Glo,0,$Hlo				; h = g
+||	SHRU	$Ehi,18,$t0hi
+||	SHL	$Ehi,32-18,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	XOR	$Ghi,$CHhi,$CHhi
+||	XOR	$Glo,$CHlo,$CHlo			; Ch(e,f,g) = ((f^g)&e)^g
+||	ROTL	$Fhi,0,$Ghi
+||	ROTL	$Flo,0,$Glo				; g = f
+||	SHRU	$Elo,18,$t0lo
+||	SHL	$Elo,32-18,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	OR	$Ahi,$Bhi,$MAJhi
+||	OR	$Alo,$Blo,$MAJlo
+||	ROTL	$Ehi,0,$Fhi
+||	ROTL	$Elo,0,$Flo				; f = e
+||	SHRU	$Ehi,41-32,$t0lo
+||	SHL	$Ehi,64-41,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	AND	$Chi,$MAJhi,$MAJhi
+||	AND	$Clo,$MAJlo,$MAJlo
+||	ROTL	$Dhi,0,$Ehi
+||	ROTL	$Dlo,0,$Elo				; e = d
+||	SHRU	$Elo,41-32,$t0hi
+||	SHL	$Elo,64-41,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo			; Sigma1(e)
+||	AND	$Ahi,$Bhi,$t1hi
+||	AND	$Alo,$Blo,$t1lo
+||	ROTL	$Chi,0,$Dhi
+||	ROTL	$Clo,0,$Dlo				; d = c
+||	SHRU	$Ahi,28,$S0hi
+||	SHL	$Ahi,32-28,$S0lo
+	OR	$t1hi,$MAJhi,$MAJhi
+||	OR	$t1lo,$MAJlo,$MAJlo			; Maj(a,b,c) = ((a|b)&c)|(a&b)
+||	ADD	$CHhi,$T1hi,$T1hi
+||	ADDU	$CHlo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += Ch(e,f,g)
+||	ROTL	$Bhi,0,$Chi
+||	ROTL	$Blo,0,$Clo				; c = b
+||	SHRU	$Alo,28,$t0lo
+||	SHL	$Alo,32-28,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$S1hi,$T1hi,$T1hi
+||	ADDU	$S1lo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += Sigma1(e)
+||	ROTL	$Ahi,0,$Bhi
+||	ROTL	$Alo,0,$Blo				; b = a
+||	SHRU	$Ahi,34-32,$t0lo
+||	SHL	$Ahi,64-34,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$MAJhi,$T1hi,$T2hi
+||	ADDU	$MAJlo,$T1carry:$T1lo,$T2carry:$T2lo	; T2 = T1+Maj(a,b,c)
+||	SHRU	$Alo,34-32,$t0hi
+||	SHL	$Alo,64-34,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$Ehi,$T1hi,$T1hi
+||	ADDU	$Elo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += e
+|| [B0]	BNOP	loop0_15?
+||	SHRU	$Ahi,39-32,$t0lo
+||	SHL	$Ahi,64-39,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+|| [B0]	LDNDW	*$INP++,B11:B10				; pre-fetch input
+||[!B1]	BNOP	break?
+||	SHRU	$Alo,39-32,$t0hi
+||	SHL	$Alo,64-39,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo			; Sigma0(a)
+||	ADD	$T1carry,$T1hi,$Ehi
+||	MV	$T1lo,$Elo				; e = T1
+||[!B0]	LDW	*${Xihi}[28],$T1hi
+||[!B0]	LDW	*${Xilo}[28],$T1lo			; X[i+14]
+	ADD	$S0hi,$T2hi,$T2hi
+||	ADDU	$S0lo,$T2carry:$T2lo,$T2carry:$T2lo	; T2 += Sigma0(a)
+|| [B1]	LDDW	*$K512++,$Khi:$Klo			; pre-fetch K512[i]
+	NOP						; avoid cross-path stall
+	ADD	$T2carry,$T2hi,$Ahi
+||	MV	$T2lo,$Alo				; a = T2
+|| [B0]	SUB	B0,1,B0
+;;===== branch to loop00_15? is taken here
+	NOP
+;;===== branch to break? is taken here
+	LDW	*${Xihi}[2],$T2hi
+||	LDW	*${Xilo}[2],$T2lo			; X[i+1]
+||	SHRU	$T1hi,19,$S1hi
+||	SHL	$T1hi,32-19,$S1lo
+	SHRU	$T1lo,19,$t0lo
+||	SHL	$T1lo,32-19,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1hi,61-32,$t0lo
+||	SHL	$T1hi,64-61,$t0hi
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1lo,61-32,$t0hi
+||	SHL	$T1lo,64-61,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1hi,6,$t0hi
+||	SHL	$T1hi,32-6,$t0lo
+	XOR	$t0hi,$S1hi,$S1hi
+||	XOR	$t0lo,$S1lo,$S1lo
+||	SHRU	$T1lo,6,$t0lo
+||	LDW	*${Xihi}[18],$T1hi
+||	LDW	*${Xilo}[18],$T1lo			; X[i+9]
+	XOR	$t0lo,$S1lo,$S1lo			; sigma1(Xi[i+14])
+
+||	LDW	*${Xihi}[0],$CHhi
+||	LDW	*${Xilo}[0],$CHlo			; X[i]
+||	SHRU	$T2hi,1,$S0hi
+||	SHL	$T2hi,32-1,$S0lo
+	SHRU	$T2lo,1,$t0lo
+||	SHL	$T2lo,32-1,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	SHRU	$T2hi,8,$t0hi
+||	SHL	$T2hi,32-8,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	SHRU	$T2lo,8,$t0lo
+||	SHL	$T2lo,32-8,$t0hi
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$S1hi,$T1hi,$T1hi
+||	ADDU	$S1lo,$T1lo,$T1carry:$T1lo		; T1 = X[i+9]+sigma1()
+|| [B1]	BNOP	loop16_79?
+||	SHRU	$T2hi,7,$t0hi
+||	SHL	$T2hi,32-7,$t0lo
+	XOR	$t0hi,$S0hi,$S0hi
+||	XOR	$t0lo,$S0lo,$S0lo
+||	ADD	$CHhi,$T1hi,$T1hi
+||	ADDU	$CHlo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += X[i]
+||	SHRU	$T2lo,7,$t0lo
+	XOR	$t0lo,$S0lo,$S0lo			; sigma0(Xi[i+1]
+
+	ADD	$S0hi,$T1hi,$T1hi
+||	ADDU	$S0lo,$T1carry:$T1lo,$T1carry:$T1lo	; T1 += sigma0()
+|| [B1]	SUB	B1,1,B1
+	NOP						; avoid cross-path stall
+	ADD	$T1carry,$T1hi,$T1hi
+;;===== branch to loop16_79? is taken here
+
+break?:
+	ADD	$Ahi,$Actxhi,$Ahi		; accumulate ctx
+||	ADDU	$Alo,$Actxlo,$Actxlo:$Alo
+|| [A0]	LDNDW	*$INP++,B11:B10			; pre-fetch input
+|| [A0]	ADDK	-640,$K512			; rewind pointer to K512
+	ADD	$Bhi,$Bctxhi,$Bhi
+||	ADDU	$Blo,$Bctxlo,$Bctxlo:$Blo
+|| [A0]	LDDW	*$K512++,$Khi:$Klo		; pre-fetch K512[0]
+	ADD	$Chi,$Cctxhi,$Chi
+||	ADDU	$Clo,$Cctxlo,$Cctxlo:$Clo
+||	ADD	$Actxlo,$Ahi,$Ahi
+||[!A0]	MV	$CTXA,$CTXB
+	ADD	$Dhi,$Dctxhi,$Dhi
+||	ADDU	$Dlo,$Dctxlo,$Dctxlo:$Dlo
+||	ADD	$Bctxlo,$Bhi,$Bhi
+||[!A0]	STW	$Ahi,*${CTXA}[0^.LITTLE_ENDIAN]	; save ctx
+||[!A0]	STW	$Alo,*${CTXB}[1^.LITTLE_ENDIAN]
+	ADD	$Ehi,$Ectxhi,$Ehi
+||	ADDU	$Elo,$Ectxlo,$Ectxlo:$Elo
+||	ADD	$Cctxlo,$Chi,$Chi
+|| [A0]	BNOP	outerloop?
+||[!A0]	STW	$Bhi,*${CTXA}[2^.LITTLE_ENDIAN]
+||[!A0]	STW	$Blo,*${CTXB}[3^.LITTLE_ENDIAN]
+	ADD	$Fhi,$Fctxhi,$Fhi
+||	ADDU	$Flo,$Fctxlo,$Fctxlo:$Flo
+||	ADD	$Dctxlo,$Dhi,$Dhi
+||[!A0]	STW	$Chi,*${CTXA}[4^.LITTLE_ENDIAN]
+||[!A0]	STW	$Clo,*${CTXB}[5^.LITTLE_ENDIAN]
+	ADD	$Ghi,$Gctxhi,$Ghi
+||	ADDU	$Glo,$Gctxlo,$Gctxlo:$Glo
+||	ADD	$Ectxlo,$Ehi,$Ehi
+||[!A0]	STW	$Dhi,*${CTXA}[6^.LITTLE_ENDIAN]
+||[!A0]	STW	$Dlo,*${CTXB}[7^.LITTLE_ENDIAN]
+	ADD	$Hhi,$Hctxhi,$Hhi
+||	ADDU	$Hlo,$Hctxlo,$Hctxlo:$Hlo
+||	ADD	$Fctxlo,$Fhi,$Fhi
+||[!A0]	STW	$Ehi,*${CTXA}[8^.LITTLE_ENDIAN]
+||[!A0]	STW	$Elo,*${CTXB}[9^.LITTLE_ENDIAN]
+	ADD	$Gctxlo,$Ghi,$Ghi
+||[!A0]	STW	$Fhi,*${CTXA}[10^.LITTLE_ENDIAN]
+||[!A0]	STW	$Flo,*${CTXB}[11^.LITTLE_ENDIAN]
+	ADD	$Hctxlo,$Hhi,$Hhi
+||[!A0]	STW	$Ghi,*${CTXA}[12^.LITTLE_ENDIAN]
+||[!A0]	STW	$Glo,*${CTXB}[13^.LITTLE_ENDIAN]
+;;===== branch to outerloop? is taken here
+
+	STW	$Hhi,*${CTXA}[14^.LITTLE_ENDIAN]
+||	STW	$Hlo,*${CTXB}[15^.LITTLE_ENDIAN]
+||	MVK	-40,B0
+	ADD	FP,B0,SP			; destroy circular buffer
+||	LDDW	*FP[-4],A11:A10
+	LDDW	*SP[2],A13:A12
+||	LDDW	*FP[-2],B11:B10
+	LDDW	*SP[4],B13:B12
+||	BNOP	RA
+	LDW	*++SP(40),FP			; restore frame pointer
+	MVK	0,B0
+	MVC	B0,AMR				; clear AMR
+	NOP	2				; wait till FP is committed
+	.endasmfunc
+
+	.if	__TI_EABI__
+	.sect	".text:sha_asm.const"
+	.else
+	.sect	".const:sha_asm"
+	.endif
+	.align	128
+K512:
+	.uword	0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+	.uword	0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+	.uword	0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+	.uword	0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+	.uword	0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+	.uword	0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+	.uword	0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+	.uword	0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+	.uword	0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+	.uword	0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+	.uword	0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+	.uword	0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+	.uword	0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+	.uword	0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+	.uword	0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+	.uword	0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+	.uword	0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+	.uword	0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+	.uword	0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+	.uword	0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+	.uword	0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+	.uword	0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+	.uword	0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+	.uword	0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+	.uword	0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+	.uword	0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+	.uword	0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+	.uword	0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+	.uword	0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+	.uword	0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+	.uword	0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+	.uword	0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+	.uword	0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+	.uword	0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+	.uword	0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+	.uword	0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+	.uword	0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+	.uword	0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+	.uword	0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+	.uword	0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+	.cstring "SHA512 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
+	.align	4
+___
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-ia64.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-ia64.pl
new file mode 100755
index 0000000..356a46a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-ia64.pl
@@ -0,0 +1,692 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256/512_Transform for Itanium.
+#
+# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%
+# faster than gcc and >60%(!) faster than code generated by HP-UX
+# compiler (yes, HP-UX is generating slower code, because unlike gcc,
+# it failed to deploy "shift right pair," 'shrp' instruction, which
+# substitutes for 64-bit rotate).
+#
+# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)
+# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost
+# this one big time). Note that "formally" 924 is about 100 cycles
+# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical
+# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,
+# are spent on extra work to provide for 32-bit rotations. 32-bit
+# rotations are still handled by 'shrp' instruction and for this
+# reason lower 32 bits are deposited to upper half of 64-bit register
+# prior 'shrp' issue. And in order to minimize the amount of such
+# operations, X[16] values are *maintained* with copies of lower
+# halves in upper halves, which is why you'll spot such instructions
+# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel
+# 32-bit unsigned right shift," 'pshr4.u' instructions here.
+#
+# Rules of engagement.
+#
+# There is only one integer shifter meaning that if I have two rotate,
+# deposit or extract instructions in adjacent bundles, they shall
+# split [at run-time if they have to]. But note that variable and
+# parallel shifts are performed by multi-media ALU and *are* pairable
+# with rotates [and alike]. On the backside MMALU is rather slow: it
+# takes 2 extra cycles before the result of integer operation is
+# available *to* MMALU and 2(*) extra cycles before the result of MM
+# operation is available "back" *to* integer ALU, not to mention that
+# MMALU itself has 2 cycles latency. However! I explicitly scheduled
+# these MM instructions to avoid MM stalls, so that all these extra
+# latencies get "hidden" in instruction-level parallelism.
+#
+# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule
+#     for 2 in order to provide for best *overall* performance,
+#     because on Itanium 1 stall on MM result is accompanied by
+#     pipeline flush, which takes 6 cycles:-(
+#
+# June 2012
+#
+# Improve performance by 15-20%. Note about "rules of engagement"
+# above. Contemporary cores are equipped with additional shifter,
+# so that they should perform even better than below, presumably
+# by ~10%.
+#
+######################################################################
+# Current performance in cycles per processed byte for Itanium 2
+# pre-9000 series [little-endian] system:
+#
+# SHA1(*)	5.7
+# SHA256	12.6
+# SHA512	6.7
+#
+# (*) SHA1 result is presented purely for reference purposes.
+#
+# To generate code, pass the file name with either 256 or 512 in its
+# name and compiler flags.
+
+$output=pop;
+
+if ($output =~ /512.*\.[s|asm]/) {
+	$SZ=8;
+	$BITS=8*$SZ;
+	$LDW="ld8";
+	$STW="st8";
+	$ADD="add";
+	$SHRU="shr.u";
+	$TABLE="K512";
+	$func="sha512_block_data_order";
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+} elsif ($output =~ /256.*\.[s|asm]/) {
+	$SZ=4;
+	$BITS=8*$SZ;
+	$LDW="ld4";
+	$STW="st4";
+	$ADD="padd4";
+	$SHRU="pshr4.u";
+	$TABLE="K256";
+	$func="sha256_block_data_order";
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+} else { die "nonsense $output"; }
+
+open STDOUT,">$output" || die "can't open $output: $!";
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+for (@ARGV)  {	$big_endian=1 if (/\-DB_ENDIAN/);
+		$big_endian=0 if (/\-DL_ENDIAN/);  }
+if (!defined($big_endian))
+             {	$big_endian=(unpack('L',pack('N',1))==1);  }
+
+$code=<<___;
+.ident  \"$output, version 2.0\"
+.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@openssl.org>\"
+.explicit
+.text
+
+pfssave=r2;
+lcsave=r3;
+prsave=r14;
+K=r15;
+A_=r16; B_=r17; C_=r18; D_=r19;
+E_=r20; F_=r21; G_=r22; H_=r23;
+T1=r24;	T2=r25;
+s0=r26;	s1=r27;	t0=r28;	t1=r29;
+Ktbl=r30;
+ctx=r31;	// 1st arg
+input=r56;	// 2nd arg
+num=r57;	// 3rd arg
+sgm0=r58;	sgm1=r59;	// small constants
+
+// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
+.global	$func#
+.proc	$func#
+.align	32
+.skip	16
+$func:
+	.prologue
+	.save	ar.pfs,pfssave
+{ .mmi;	alloc	pfssave=ar.pfs,3,25,0,24
+	$ADDP	ctx=0,r32		// 1st arg
+	.save	ar.lc,lcsave
+	mov	lcsave=ar.lc	}
+{ .mmi;	$ADDP	input=0,r33		// 2nd arg
+	mov	num=r34			// 3rd arg
+	.save	pr,prsave
+	mov	prsave=pr	};;
+
+	.body
+{ .mib;	add	r8=0*$SZ,ctx
+	add	r9=1*$SZ,ctx	}
+{ .mib;	add	r10=2*$SZ,ctx
+	add	r11=3*$SZ,ctx	};;
+
+// load A-H
+.Lpic_point:
+{ .mmi;	$LDW	A_=[r8],4*$SZ
+	$LDW	B_=[r9],4*$SZ
+	mov	Ktbl=ip		}
+{ .mmi;	$LDW	C_=[r10],4*$SZ
+	$LDW	D_=[r11],4*$SZ
+	mov	sgm0=$sigma0[2]	};;
+{ .mmi;	$LDW	E_=[r8]
+	$LDW	F_=[r9]
+	add	Ktbl=($TABLE#-.Lpic_point),Ktbl		}
+{ .mmi;	$LDW	G_=[r10]
+	$LDW	H_=[r11]
+	cmp.ne	p0,p16=0,r0	};;
+___
+$code.=<<___ if ($BITS==64);
+{ .mii;	and	r8=7,input
+	and	input=~7,input;;
+	cmp.eq	p9,p0=1,r8	}
+{ .mmi;	cmp.eq	p10,p0=2,r8
+	cmp.eq	p11,p0=3,r8
+	cmp.eq	p12,p0=4,r8	}
+{ .mmi;	cmp.eq	p13,p0=5,r8
+	cmp.eq	p14,p0=6,r8
+	cmp.eq	p15,p0=7,r8	};;
+___
+$code.=<<___;
+.L_outer:
+.rotr	R[8],X[16]
+A=R[0]; B=R[1]; C=R[2]; D=R[3]; E=R[4]; F=R[5]; G=R[6]; H=R[7]
+{ .mmi;	ld1	X[15]=[input],$SZ		// eliminated in sha512
+	mov	A=A_
+	mov	ar.lc=14	}
+{ .mmi;	mov	B=B_
+	mov	C=C_
+	mov	D=D_		}
+{ .mmi;	mov	E=E_
+	mov	F=F_
+	mov	ar.ec=2		};;
+{ .mmi;	mov	G=G_
+	mov	H=H_
+	mov	sgm1=$sigma1[2]	}
+{ .mib;	mov	r8=0
+	add	r9=1-$SZ,input
+	brp.loop.imp	.L_first16,.L_first16_end-16	};;
+___
+$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
+// in sha512 case I load whole X[16] at once and take care of alignment...
+{ .mmi;	add	r8=1*$SZ,input
+	add	r9=2*$SZ,input
+	add	r10=3*$SZ,input		};;
+{ .mmb;	$LDW	X[15]=[input],4*$SZ
+	$LDW	X[14]=[r8],4*$SZ
+(p9)	br.cond.dpnt.many	.L1byte	};;
+{ .mmb;	$LDW	X[13]=[r9],4*$SZ
+	$LDW	X[12]=[r10],4*$SZ
+(p10)	br.cond.dpnt.many	.L2byte	};;
+{ .mmb;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+(p11)	br.cond.dpnt.many	.L3byte	};;
+{ .mmb;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+(p12)	br.cond.dpnt.many	.L4byte	};;
+{ .mmb;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+(p13)	br.cond.dpnt.many	.L5byte	};;
+{ .mmb;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+(p14)	br.cond.dpnt.many	.L6byte	};;
+{ .mmb;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+(p15)	br.cond.dpnt.many	.L7byte	};;
+{ .mmb;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L1byte:
+{ .mmi;	$LDW	X[13]=[r9],4*$SZ
+	$LDW	X[12]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],56	};;
+{ .mmi;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],56	}
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],56	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[12]=X[12],X[11],56	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[11]=X[11],X[10],56	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[10]=X[10],X[ 9],56	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[ 9]=X[ 9],X[ 8],56	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[ 8]=X[ 8],X[ 7],56
+	shrp	X[ 7]=X[ 7],X[ 6],56	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],56
+	shrp	X[ 5]=X[ 5],X[ 4],56	};;
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],56
+	shrp	X[ 3]=X[ 3],X[ 2],56	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],56
+	shrp	X[ 1]=X[ 1],X[ 0],56	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,56	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L2byte:
+{ .mmi;	$LDW	X[11]=[input],4*$SZ
+	$LDW	X[10]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],48	}
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],48	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[13]=X[13],X[12],48	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[12]=X[12],X[11],48	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[11]=X[11],X[10],48	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[10]=X[10],X[ 9],48	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[ 9]=X[ 9],X[ 8],48
+	shrp	X[ 8]=X[ 8],X[ 7],48	}
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],48
+	shrp	X[ 6]=X[ 6],X[ 5],48	};;
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],48
+	shrp	X[ 4]=X[ 4],X[ 3],48	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],48
+	shrp	X[ 2]=X[ 2],X[ 1],48	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],48
+	shrp	X[ 0]=X[ 0],T1,48	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L3byte:
+{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
+	$LDW	X[ 8]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],40	};;
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],40	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],40	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[12]=X[12],X[11],40	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[11]=X[11],X[10],40	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[10]=X[10],X[ 9],40
+	shrp	X[ 9]=X[ 9],X[ 8],40	}
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],40
+	shrp	X[ 7]=X[ 7],X[ 6],40	};;
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],40
+	shrp	X[ 5]=X[ 5],X[ 4],40	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],40
+	shrp	X[ 3]=X[ 3],X[ 2],40	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],40
+	shrp	X[ 1]=X[ 1],X[ 0],40	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,40	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L4byte:
+{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
+	$LDW	X[ 6]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],32	}
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],32	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[13]=X[13],X[12],32	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[12]=X[12],X[11],32	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[11]=X[11],X[10],32
+	shrp	X[10]=X[10],X[ 9],32	}
+{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],32
+	shrp	X[ 8]=X[ 8],X[ 7],32	};;
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],32
+	shrp	X[ 6]=X[ 6],X[ 5],32	}
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],32
+	shrp	X[ 4]=X[ 4],X[ 3],32	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],32
+	shrp	X[ 2]=X[ 2],X[ 1],32	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],32
+	shrp	X[ 0]=X[ 0],T1,32	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L5byte:
+{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
+	$LDW	X[ 4]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],24	};;
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[14]=X[14],X[13],24	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[13]=X[13],X[12],24	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[12]=X[12],X[11],24
+	shrp	X[11]=X[11],X[10],24	}
+{ .mii;	shrp	X[10]=X[10],X[ 9],24
+	shrp	X[ 9]=X[ 9],X[ 8],24	};;
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],24
+	shrp	X[ 7]=X[ 7],X[ 6],24	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],24
+	shrp	X[ 5]=X[ 5],X[ 4],24	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],24
+	shrp	X[ 3]=X[ 3],X[ 2],24	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],24
+	shrp	X[ 1]=X[ 1],X[ 0],24	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,24	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L6byte:
+{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
+	$LDW	X[ 2]=[r8],4*$SZ
+	shrp	X[15]=X[15],X[14],16	}
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[14]=X[14],X[13],16	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[13]=X[13],X[12],16
+	shrp	X[12]=X[12],X[11],16	}
+{ .mii;	shrp	X[11]=X[11],X[10],16
+	shrp	X[10]=X[10],X[ 9],16	};;
+{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],16
+	shrp	X[ 8]=X[ 8],X[ 7],16	}
+{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],16
+	shrp	X[ 6]=X[ 6],X[ 5],16	}
+{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],16
+	shrp	X[ 4]=X[ 4],X[ 3],16	}
+{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],16
+	shrp	X[ 2]=X[ 2],X[ 1],16	}
+{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],16
+	shrp	X[ 0]=X[ 0],T1,16	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev		// eliminated on big-endian
+	br.many	.L_first16		};;
+.L7byte:
+{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
+	$LDW	X[ 0]=[r10],4*$SZ
+	shrp	X[15]=X[15],X[14],8	};;
+{ .mii;	$LDW	T1=[input]
+	shrp	X[14]=X[14],X[13],8
+	shrp	X[13]=X[13],X[12],8	}
+{ .mii;	shrp	X[12]=X[12],X[11],8
+	shrp	X[11]=X[11],X[10],8	};;
+{ .mii;	shrp	X[10]=X[10],X[ 9],8
+	shrp	X[ 9]=X[ 9],X[ 8],8	}
+{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],8
+	shrp	X[ 7]=X[ 7],X[ 6],8	}
+{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],8
+	shrp	X[ 5]=X[ 5],X[ 4],8	}
+{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],8
+	shrp	X[ 3]=X[ 3],X[ 2],8	}
+{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],8
+	shrp	X[ 1]=X[ 1],X[ 0],8	}
+{ .mib;	shrp	X[ 0]=X[ 0],T1,8	}
+{ .mib;	mov	r8=0
+	mux1	X[15]=X[15],\@rev	};;	// eliminated on big-endian
+
+.align	32
+.L_first16:
+{ .mmi;		$LDW	K=[Ktbl],$SZ
+		add	A=A,r8			// H+=Sigma(0) from the past
+		_rotr	r10=$t1,$Sigma1[0]  }	// ROTR(e,14)
+{ .mmi;		and	T1=F,E
+		andcm	r8=G,E
+	(p16)	mux1	X[14]=X[14],\@rev   };;	// eliminated on big-endian
+{ .mmi;		and	T2=A,B
+		and	r9=A,C
+		_rotr	r11=$t1,$Sigma1[1]  }	// ROTR(e,41)
+{ .mmi;		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
+		and	r8=B,C		    };;
+___
+$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
+.align	32
+.L_first16:
+{ .mmi;		add	A=A,r8			// H+=Sigma(0) from the past
+		add	r10=2-$SZ,input
+		add	r11=3-$SZ,input	};;
+{ .mmi;		ld1	r9=[r9]
+		ld1	r10=[r10]
+		dep.z	$t1=E,32,32	}
+{ .mmi;		ld1	r11=[r11]
+		$LDW	K=[Ktbl],$SZ
+		zxt4	E=E		};;
+{ .mii;		or	$t1=$t1,E
+		dep	X[15]=X[15],r9,8,8
+		mux2	$t0=A,0x44	};;	// copy lower half to upper
+{ .mmi;		and	T1=F,E
+		andcm	r8=G,E
+		dep	r11=r10,r11,8,8	};;
+{ .mmi;		and	T2=A,B
+		and	r9=A,C
+		dep	X[15]=X[15],r11,16,16	};;
+{ .mmi;	(p16)	ld1	X[15-1]=[input],$SZ	// prefetch
+		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
+		_rotr	r10=$t1,$Sigma1[0] }	// ROTR(e,14)
+{ .mmi;		and	r8=B,C
+		_rotr	r11=$t1,$Sigma1[1] };;	// ROTR(e,18)
+___
+$code.=<<___;
+{ .mmi;		add	T1=T1,H			// T1=Ch(e,f,g)+h
+		xor	r10=r10,r11
+		_rotr	r11=$t1,$Sigma1[2]  }	// ROTR(e,41)
+{ .mmi;		xor	T2=T2,r9
+		add	K=K,X[15]	    };;
+{ .mmi;		add	T1=T1,K			// T1+=K[i]+X[i]
+		xor	T2=T2,r8		// T2=((a & b) ^ (a & c) ^ (b & c))
+		_rotr	r8=$t0,$Sigma0[0]   }	// ROTR(a,28)
+{ .mmi;		xor	r11=r11,r10		// Sigma1(e)
+		_rotr	r9=$t0,$Sigma0[1]   };;	// ROTR(a,34)
+{ .mmi;		add	T1=T1,r11		// T+=Sigma1(e)
+		xor	r8=r8,r9
+		_rotr	r9=$t0,$Sigma0[2]   };;	// ROTR(a,39)
+{ .mmi;		xor	r8=r8,r9		// Sigma0(a)
+		add	D=D,T1
+		mux2	H=X[15],0x44	    }	// mov H=X[15] in sha512
+{ .mib;	(p16)	add	r9=1-$SZ,input		// not used in sha512
+		add	X[15]=T1,T2		// H=T1+Maj(a,b,c)
+	br.ctop.sptk	.L_first16	    };;
+.L_first16_end:
+
+{ .mib;	mov	ar.lc=$rounds-17
+	brp.loop.imp	.L_rest,.L_rest_end-16		}
+{ .mib;	mov	ar.ec=1
+	br.many	.L_rest			};;
+
+.align	32
+.L_rest:
+{ .mmi;		$LDW	K=[Ktbl],$SZ
+		add	A=A,r8			// H+=Sigma0(a) from the past
+		_rotr	r8=X[15-1],$sigma0[0] }	// ROTR(s0,1)
+{ .mmi; 	add	X[15]=X[15],X[15-9]	// X[i&0xF]+=X[(i+9)&0xF]
+		$SHRU	s0=X[15-1],sgm0	    };;	// s0=X[(i+1)&0xF]>>7
+{ .mib;		and	T1=F,E
+		_rotr	r9=X[15-1],$sigma0[1] }	// ROTR(s0,8)
+{ .mib;		andcm	r10=G,E
+		$SHRU	s1=X[15-14],sgm1    };;	// s1=X[(i+14)&0xF]>>6
+// Pair of mmi; splits on Itanium 1 and prevents pipeline flush
+// upon $SHRU output usage
+{ .mmi;		xor	T1=T1,r10		// T1=((e & f) ^ (~e & g))
+		xor	r9=r8,r9
+		_rotr	r10=X[15-14],$sigma1[0] }// ROTR(s1,19)
+{ .mmi;		and	T2=A,B
+		and	r8=A,C
+		_rotr	r11=X[15-14],$sigma1[1] };;// ROTR(s1,61)
+___
+$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
+{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
+		dep.z	$t1=E,32,32	    }
+{ .mib;		xor	r10=r11,r10
+		zxt4	E=E		    };;
+{ .mii;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
+		shrp	r9=E,$t1,32+$Sigma1[0]	// ROTR(e,14)
+		mux2	$t0=A,0x44	    };;	// copy lower half to upper
+// Pair of mmi; splits on Itanium 1 and prevents pipeline flush
+// upon mux2 output usage
+{ .mmi;		xor	T2=T2,r8
+		shrp	r8=E,$t1,32+$Sigma1[1]}	// ROTR(e,18)
+{ .mmi;		and	r10=B,C
+		add	T1=T1,H			// T1=Ch(e,f,g)+h
+		or	$t1=$t1,E   	    };;
+___
+$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
+{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
+		_rotr	r9=$t1,$Sigma1[0]   }	// ROTR(e,14)
+{ .mib;		xor	r10=r11,r10
+		xor	T2=T2,r8	    };;
+{ .mib;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
+		_rotr	r8=$t1,$Sigma1[1]   }	// ROTR(e,18)
+{ .mib;		and	r10=B,C
+		add	T1=T1,H		    };;	// T1+=H
+___
+$code.=<<___;
+{ .mib;		xor	r9=r9,r8
+		_rotr	r8=$t1,$Sigma1[2]   }	// ROTR(e,41)
+{ .mib;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
+		add	X[15]=X[15],s0	    };;	// X[i]+=sigma0(X[i+1])
+{ .mmi;		xor	r9=r9,r8		// Sigma1(e)
+		add	X[15]=X[15],s1		// X[i]+=sigma0(X[i+14])
+		_rotr	r8=$t0,$Sigma0[0]   };;	// ROTR(a,28)
+{ .mmi;		add	K=K,X[15]
+		add	T1=T1,r9		// T1+=Sigma1(e)
+		_rotr	r9=$t0,$Sigma0[1]   };;	// ROTR(a,34)
+{ .mmi;		add	T1=T1,K			// T1+=K[i]+X[i]
+		xor	r8=r8,r9
+		_rotr	r9=$t0,$Sigma0[2]   };;	// ROTR(a,39)
+{ .mib;		add	D=D,T1
+		mux2	H=X[15],0x44	    }	// mov H=X[15] in sha512
+{ .mib;		xor	r8=r8,r9		// Sigma0(a)
+		add	X[15]=T1,T2		// H=T1+Maj(a,b,c)
+	br.ctop.sptk	.L_rest		    };;
+.L_rest_end:
+
+{ .mmi;	add	A=A,r8			};;	// H+=Sigma0(a) from the past
+{ .mmi;	add	A_=A_,A
+	add	B_=B_,B
+	add	C_=C_,C			}
+{ .mmi;	add	D_=D_,D
+	add	E_=E_,E
+	cmp.ltu	p16,p0=1,num		};;
+{ .mmi;	add	F_=F_,F
+	add	G_=G_,G
+	add	H_=H_,H			}
+{ .mmb;	add	Ktbl=-$SZ*$rounds,Ktbl
+(p16)	add	num=-1,num
+(p16)	br.dptk.many	.L_outer	};;
+
+{ .mib;	add	r8=0*$SZ,ctx
+	add	r9=1*$SZ,ctx		}
+{ .mib;	add	r10=2*$SZ,ctx
+	add	r11=3*$SZ,ctx		};;
+{ .mmi;	$STW	[r8]=A_,4*$SZ
+	$STW	[r9]=B_,4*$SZ
+	mov	ar.lc=lcsave		}
+{ .mmi;	$STW	[r10]=C_,4*$SZ
+	$STW	[r11]=D_,4*$SZ
+	mov	pr=prsave,0x1ffff	};;
+{ .mmb;	$STW	[r8]=E_
+	$STW	[r9]=F_			}
+{ .mmb;	$STW	[r10]=G_
+	$STW	[r11]=H_
+	br.ret.sptk.many	b0	};;
+.endp	$func#
+___
+
+foreach(split($/,$code)) {
+    s/\`([^\`]*)\`/eval $1/gem;
+    s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
+    if ($BITS==64) {
+	s/mux2(\s+)([^=]+)=([^,]+),\S+/mov$1 $2=$3/gm;
+	s/mux1(\s+)\S+/nop.i$1 0x0/gm	if ($big_endian);
+	s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
+    						if (!$big_endian);
+	s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
+    }
+
+    print $_,"\n";
+}
+
+print<<___ if ($BITS==32);
+.align	64
+.type	K256#,\@object
+K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	data4	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	data4	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	data4	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	data4	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	data4	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	data4	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	data4	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	data4	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	data4	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	data4	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	data4	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	data4	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	data4	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size	K256#,$SZ*$rounds
+stringz	"SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+print<<___ if ($BITS==64);
+.align	64
+.type	K512#,\@object
+K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd
+	data8	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	data8	0x3956c25bf348b538,0x59f111f1b605d019
+	data8	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	data8	0xd807aa98a3030242,0x12835b0145706fbe
+	data8	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	data8	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	data8	0x9bdc06a725c71235,0xc19bf174cf692694
+	data8	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	data8	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	data8	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	data8	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	data8	0x983e5152ee66dfab,0xa831c66d2db43210
+	data8	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	data8	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	data8	0x06ca6351e003826f,0x142929670a0e6e70
+	data8	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	data8	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	data8	0x650a73548baf63de,0x766a0abb3c77b2a8
+	data8	0x81c2c92e47edaee6,0x92722c851482353b
+	data8	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	data8	0xc24b8b70d0f89791,0xc76c51a30654be30
+	data8	0xd192e819d6ef5218,0xd69906245565a910
+	data8	0xf40e35855771202a,0x106aa07032bbd1b8
+	data8	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	data8	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	data8	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	data8	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	data8	0x748f82ee5defb2fc,0x78a5636f43172f60
+	data8	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	data8	0x90befffa23631e28,0xa4506cebde82bde9
+	data8	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	data8	0xca273eceea26619c,0xd186b8c721c0c207
+	data8	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	data8	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	data8	0x113f9804bef90dae,0x1b710b35131c471b
+	data8	0x28db77f523047d84,0x32caab7b40c72493
+	data8	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+.size	K512#,$SZ*$rounds
+stringz	"SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
+___
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-mips.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-mips.pl
new file mode 100644
index 0000000..5c2d23f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-mips.pl
@@ -0,0 +1,519 @@
+#! /usr/bin/env perl
+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA2 block procedures for MIPS.
+
+# October 2010.
+#
+# SHA256 performance improvement on MIPS R5000 CPU is ~27% over gcc-
+# generated code in o32 build and ~55% in n32/64 build. SHA512 [which
+# for now can only be compiled for MIPS64 ISA] improvement is modest
+# ~17%, but it comes for free, because it's same instruction sequence.
+# Improvement coefficients are for aligned input.
+
+# September 2012.
+#
+# Add MIPS[32|64]R2 code (>25% less instructions).
+
+######################################################################
+# There is a number of MIPS ABI in use, O32 and N32/64 are most
+# widely used. Then there is a new contender: NUBI. It appears that if
+# one picks the latter, it's possible to arrange code in ABI neutral
+# manner. Therefore let's stick to NUBI register layout:
+#
+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
+#
+# The return value is placed in $a0. Following coding rules facilitate
+# interoperability:
+#
+# - never ever touch $tp, "thread pointer", former $gp [o32 can be
+#   excluded from the rule, because it's specified volatile];
+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
+#   old code];
+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
+#
+# For reference here is register layout for N32/64 MIPS ABIs:
+#
+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
+#
+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
+
+if ($flavour =~ /64|n32/i) {
+	$PTR_LA="dla";
+	$PTR_ADD="dadd";	# incidentally works even on n32
+	$PTR_SUB="dsub";	# incidentally works even on n32
+	$REG_S="sd";
+	$REG_L="ld";
+	$PTR_SLL="dsll";	# incidentally works even on n32
+	$SZREG=8;
+} else {
+	$PTR_LA="la";
+	$PTR_ADD="add";
+	$PTR_SUB="sub";
+	$REG_S="sw";
+	$REG_L="lw";
+	$PTR_SLL="sll";
+	$SZREG=4;
+}
+$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
+#
+# <appro@openssl.org>
+#
+######################################################################
+
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
+
+for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+open STDOUT,">$output";
+
+if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); }
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="ld";		# load from memory
+	$ST="sd";		# store to memory
+	$SLL="dsll";		# shift left logical
+	$SRL="dsrl";		# shift right logical
+	$ADDU="daddu";
+	$ROTR="drotr";
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=( 7, 1, 8);	# right shift first
+	@sigma1=( 6,19,61);	# right shift first
+	$lastK=0x817;
+	$rounds=80;
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="lw";		# load from memory
+	$ST="sw";		# store to memory
+	$SLL="sll";		# shift left logical
+	$SRL="srl";		# shift right logical
+	$ADDU="addu";
+	$ROTR="rotr";
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 3, 7,18);	# right shift first
+	@sigma1=(10,17,19);	# right shift first
+	$lastK=0x8f2;
+	$rounds=64;
+}
+
+$MSB = $big_endian ? 0 : ($SZ-1);
+$LSB = ($SZ-1)&~$MSB;
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("\$$_",(1,2,3,7,24,25,30,31));
+@X=map("\$$_",(8..23));
+
+$ctx=$a0;
+$inp=$a1;
+$len=$a2;	$Ktbl=$len;
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]);
+
+$code.=<<___ if ($i<15);
+	${LD}l	@X[1],`($i+1)*$SZ+$MSB`($inp)
+	${LD}r	@X[1],`($i+1)*$SZ+$LSB`($inp)
+___
+$code.=<<___	if (!$big_endian && $i<16 && $SZ==4);
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	wsbh	@X[0],@X[0]		# byte swap($i)
+	rotr	@X[0],@X[0],16
+#else
+	srl	$tmp0,@X[0],24		# byte swap($i)
+	srl	$tmp1,@X[0],8
+	andi	$tmp2,@X[0],0xFF00
+	sll	@X[0],@X[0],24
+	andi	$tmp1,0xFF00
+	sll	$tmp2,$tmp2,8
+	or	@X[0],$tmp0
+	or	$tmp1,$tmp2
+	or	@X[0],$tmp1
+#endif
+___
+$code.=<<___	if (!$big_endian && $i<16 && $SZ==8);
+#if defined(_MIPS_ARCH_MIPS64R2)
+	dsbh	@X[0],@X[0]		# byte swap($i)
+	dshd	@X[0],@X[0]
+#else
+	ori	$tmp0,$zero,0xFF
+	dsll	$tmp2,$tmp0,32
+	or	$tmp0,$tmp2		# 0x000000FF000000FF
+	and	$tmp1,@X[0],$tmp0	# byte swap($i)
+	dsrl	$tmp2,@X[0],24
+	dsll	$tmp1,24
+	and	$tmp2,$tmp0
+	dsll	$tmp0,8			# 0x0000FF000000FF00
+	or	$tmp1,$tmp2
+	and	$tmp2,@X[0],$tmp0
+	dsrl	@X[0],8
+	dsll	$tmp2,8
+	and	@X[0],$tmp0
+	or	$tmp1,$tmp2
+	or	@X[0],$tmp1
+	dsrl	$tmp1,@X[0],32
+	dsll	@X[0],32
+	or	@X[0],$tmp1
+#endif
+___
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	xor	$tmp2,$f,$g			# $i
+	$ROTR	$tmp0,$e,@Sigma1[0]
+	$ADDU	$T1,$X[0],$h
+	$ROTR	$tmp1,$e,@Sigma1[1]
+	and	$tmp2,$e
+	$ROTR	$h,$e,@Sigma1[2]
+	xor	$tmp0,$tmp1
+	$ROTR	$tmp1,$a,@Sigma0[0]
+	xor	$tmp2,$g			# Ch(e,f,g)
+	xor	$tmp0,$h			# Sigma1(e)
+
+	$ROTR	$h,$a,@Sigma0[1]
+	$ADDU	$T1,$tmp2
+	$LD	$tmp2,`$i*$SZ`($Ktbl)		# K[$i]
+	xor	$h,$tmp1
+	$ROTR	$tmp1,$a,@Sigma0[2]
+	$ADDU	$T1,$tmp0
+	and	$tmp0,$b,$c
+	xor	$h,$tmp1			# Sigma0(a)
+	xor	$tmp1,$b,$c
+#else
+	$ADDU	$T1,$X[0],$h			# $i
+	$SRL	$h,$e,@Sigma1[0]
+	xor	$tmp2,$f,$g
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[2]`
+	and	$tmp2,$e
+	$SRL	$tmp0,$e,@Sigma1[1]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[1]`
+	xor	$h,$tmp0
+	$SRL	$tmp0,$e,@Sigma1[2]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[0]`
+	xor	$h,$tmp0
+	xor	$tmp2,$g			# Ch(e,f,g)
+	xor	$tmp0,$tmp1,$h			# Sigma1(e)
+
+	$SRL	$h,$a,@Sigma0[0]
+	$ADDU	$T1,$tmp2
+	$LD	$tmp2,`$i*$SZ`($Ktbl)		# K[$i]
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[2]`
+	$ADDU	$T1,$tmp0
+	$SRL	$tmp0,$a,@Sigma0[1]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[1]`
+	xor	$h,$tmp0
+	$SRL	$tmp0,$a,@Sigma0[2]
+	xor	$h,$tmp1
+	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[0]`
+	xor	$h,$tmp0
+	and	$tmp0,$b,$c
+	xor	$h,$tmp1			# Sigma0(a)
+	xor	$tmp1,$b,$c
+#endif
+	$ST	@X[0],`($i%16)*$SZ`($sp)	# offload to ring buffer
+	$ADDU	$h,$tmp0
+	and	$tmp1,$a
+	$ADDU	$T1,$tmp2			# +=K[$i]
+	$ADDU	$h,$tmp1			# +=Maj(a,b,c)
+	$ADDU	$d,$T1
+	$ADDU	$h,$T1
+___
+$code.=<<___ if ($i>=13);
+	$LD	@X[3],`(($i+3)%16)*$SZ`($sp)	# prefetch from ring buffer
+___
+}
+
+sub BODY_16_XX {
+my $i=@_[0];
+my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4],@X[5],@X[6],@X[7]);
+
+$code.=<<___;
+#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2)
+	$SRL	$tmp2,@X[1],@sigma0[0]		# Xupdate($i)
+	$ROTR	$tmp0,@X[1],@sigma0[1]
+	$ADDU	@X[0],@X[9]			# +=X[i+9]
+	xor	$tmp2,$tmp0
+	$ROTR	$tmp0,@X[1],@sigma0[2]
+
+	$SRL	$tmp3,@X[14],@sigma1[0]
+	$ROTR	$tmp1,@X[14],@sigma1[1]
+	xor	$tmp2,$tmp0			# sigma0(X[i+1])
+	$ROTR	$tmp0,@X[14],@sigma1[2]
+	xor	$tmp3,$tmp1
+	$ADDU	@X[0],$tmp2
+#else
+	$SRL	$tmp2,@X[1],@sigma0[0]		# Xupdate($i)
+	$ADDU	@X[0],@X[9]			# +=X[i+9]
+	$SLL	$tmp1,@X[1],`$SZ*8-@sigma0[2]`
+	$SRL	$tmp0,@X[1],@sigma0[1]
+	xor	$tmp2,$tmp1
+	$SLL	$tmp1,`@sigma0[2]-@sigma0[1]`
+	xor	$tmp2,$tmp0
+	$SRL	$tmp0,@X[1],@sigma0[2]
+	xor	$tmp2,$tmp1
+
+	$SRL	$tmp3,@X[14],@sigma1[0]
+	xor	$tmp2,$tmp0			# sigma0(X[i+1])
+	$SLL	$tmp1,@X[14],`$SZ*8-@sigma1[2]`
+	$ADDU	@X[0],$tmp2
+	$SRL	$tmp0,@X[14],@sigma1[1]
+	xor	$tmp3,$tmp1
+	$SLL	$tmp1,`@sigma1[2]-@sigma1[1]`
+	xor	$tmp3,$tmp0
+	$SRL	$tmp0,@X[14],@sigma1[2]
+	xor	$tmp3,$tmp1
+#endif
+	xor	$tmp3,$tmp0			# sigma1(X[i+14])
+	$ADDU	@X[0],$tmp3
+___
+	&BODY_00_15(@_);
+}
+
+$FRAMESIZE=16*$SZ+16*$SZREG;
+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
+
+$code.=<<___;
+#ifdef OPENSSL_FIPSCANISTER
+# include <openssl/fipssyms.h>
+#endif
+
+#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2)
+#define _MIPS_ARCH_MIPS32R2
+#endif
+
+.text
+.set	noat
+#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__))
+.option	pic2
+#endif
+
+.align	5
+.globl	sha${label}_block_data_order
+.ent	sha${label}_block_data_order
+sha${label}_block_data_order:
+	.frame	$sp,$FRAMESIZE,$ra
+	.mask	$SAVED_REGS_MASK,-$SZREG
+	.set	noreorder
+___
+$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
+	.cpload	$pf
+___
+$code.=<<___;
+	$PTR_SUB $sp,$FRAMESIZE
+	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
+	$REG_S	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_S	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_S	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_S	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	$PTR_SLL @X[15],$len,`log(16*$SZ)/log(2)`
+___
+$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
+	.cplocal	$Ktbl
+	.cpsetup	$pf,$zero,sha${label}_block_data_order
+___
+$code.=<<___;
+	.set	reorder
+	$PTR_LA	$Ktbl,K${label}		# PIC-ified 'load address'
+
+	$LD	$A,0*$SZ($ctx)		# load context
+	$LD	$B,1*$SZ($ctx)
+	$LD	$C,2*$SZ($ctx)
+	$LD	$D,3*$SZ($ctx)
+	$LD	$E,4*$SZ($ctx)
+	$LD	$F,5*$SZ($ctx)
+	$LD	$G,6*$SZ($ctx)
+	$LD	$H,7*$SZ($ctx)
+
+	$PTR_ADD @X[15],$inp		# pointer to the end of input
+	$REG_S	@X[15],16*$SZ($sp)
+	b	.Loop
+
+.align	5
+.Loop:
+	${LD}l	@X[0],$MSB($inp)
+	${LD}r	@X[0],$LSB($inp)
+___
+for ($i=0;$i<16;$i++)
+{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
+$code.=<<___;
+	b	.L16_xx
+.align	4
+.L16_xx:
+___
+for (;$i<32;$i++)
+{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
+$code.=<<___;
+	and	@X[6],0xfff
+	li	@X[7],$lastK
+	.set	noreorder
+	bne	@X[6],@X[7],.L16_xx
+	$PTR_ADD $Ktbl,16*$SZ		# Ktbl+=16
+
+	$REG_L	@X[15],16*$SZ($sp)	# restore pointer to the end of input
+	$LD	@X[0],0*$SZ($ctx)
+	$LD	@X[1],1*$SZ($ctx)
+	$LD	@X[2],2*$SZ($ctx)
+	$PTR_ADD $inp,16*$SZ
+	$LD	@X[3],3*$SZ($ctx)
+	$ADDU	$A,@X[0]
+	$LD	@X[4],4*$SZ($ctx)
+	$ADDU	$B,@X[1]
+	$LD	@X[5],5*$SZ($ctx)
+	$ADDU	$C,@X[2]
+	$LD	@X[6],6*$SZ($ctx)
+	$ADDU	$D,@X[3]
+	$LD	@X[7],7*$SZ($ctx)
+	$ADDU	$E,@X[4]
+	$ST	$A,0*$SZ($ctx)
+	$ADDU	$F,@X[5]
+	$ST	$B,1*$SZ($ctx)
+	$ADDU	$G,@X[6]
+	$ST	$C,2*$SZ($ctx)
+	$ADDU	$H,@X[7]
+	$ST	$D,3*$SZ($ctx)
+	$ST	$E,4*$SZ($ctx)
+	$ST	$F,5*$SZ($ctx)
+	$ST	$G,6*$SZ($ctx)
+	$ST	$H,7*$SZ($ctx)
+
+	bne	$inp,@X[15],.Loop
+	$PTR_SUB $Ktbl,`($rounds-16)*$SZ`	# rewind $Ktbl
+
+	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
+	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
+	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
+	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
+	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
+	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
+	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
+	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
+	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
+	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
+___
+$code.=<<___ if ($flavour =~ /nubi/i);
+	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
+	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
+	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
+	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
+	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
+___
+$code.=<<___;
+	jr	$ra
+	$PTR_ADD $sp,$FRAMESIZE
+.end	sha${label}_block_data_order
+
+.rdata
+.align	5
+K${label}:
+___
+if ($SZ==4) {
+$code.=<<___;
+	.word	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.word	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.word	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.word	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.word	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.word	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.word	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.word	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.word	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.word	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.word	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.word	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.word	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.word	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.word	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.word	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+	.dword	0x428a2f98d728ae22, 0x7137449123ef65cd
+	.dword	0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc
+	.dword	0x3956c25bf348b538, 0x59f111f1b605d019
+	.dword	0x923f82a4af194f9b, 0xab1c5ed5da6d8118
+	.dword	0xd807aa98a3030242, 0x12835b0145706fbe
+	.dword	0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2
+	.dword	0x72be5d74f27b896f, 0x80deb1fe3b1696b1
+	.dword	0x9bdc06a725c71235, 0xc19bf174cf692694
+	.dword	0xe49b69c19ef14ad2, 0xefbe4786384f25e3
+	.dword	0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65
+	.dword	0x2de92c6f592b0275, 0x4a7484aa6ea6e483
+	.dword	0x5cb0a9dcbd41fbd4, 0x76f988da831153b5
+	.dword	0x983e5152ee66dfab, 0xa831c66d2db43210
+	.dword	0xb00327c898fb213f, 0xbf597fc7beef0ee4
+	.dword	0xc6e00bf33da88fc2, 0xd5a79147930aa725
+	.dword	0x06ca6351e003826f, 0x142929670a0e6e70
+	.dword	0x27b70a8546d22ffc, 0x2e1b21385c26c926
+	.dword	0x4d2c6dfc5ac42aed, 0x53380d139d95b3df
+	.dword	0x650a73548baf63de, 0x766a0abb3c77b2a8
+	.dword	0x81c2c92e47edaee6, 0x92722c851482353b
+	.dword	0xa2bfe8a14cf10364, 0xa81a664bbc423001
+	.dword	0xc24b8b70d0f89791, 0xc76c51a30654be30
+	.dword	0xd192e819d6ef5218, 0xd69906245565a910
+	.dword	0xf40e35855771202a, 0x106aa07032bbd1b8
+	.dword	0x19a4c116b8d2d0c8, 0x1e376c085141ab53
+	.dword	0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8
+	.dword	0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb
+	.dword	0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3
+	.dword	0x748f82ee5defb2fc, 0x78a5636f43172f60
+	.dword	0x84c87814a1f0ab72, 0x8cc702081a6439ec
+	.dword	0x90befffa23631e28, 0xa4506cebde82bde9
+	.dword	0xbef9a3f7b2c67915, 0xc67178f2e372532b
+	.dword	0xca273eceea26619c, 0xd186b8c721c0c207
+	.dword	0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178
+	.dword	0x06f067aa72176fba, 0x0a637dc5a2c898a6
+	.dword	0x113f9804bef90dae, 0x1b710b35131c471b
+	.dword	0x28db77f523047d84, 0x32caab7b40c72493
+	.dword	0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c
+	.dword	0x4cc5d4becb3e42b6, 0x597f299cfc657e2a
+	.dword	0x5fcb6fab3ad6faec, 0x6c44198c4a475817
+___
+}
+$code.=<<___;
+.asciiz	"SHA${label} for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
+.align	5
+
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-parisc.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-parisc.pl
new file mode 100755
index 0000000..fcb6157
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-parisc.pl
@@ -0,0 +1,800 @@
+#! /usr/bin/env perl
+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 block procedure for PA-RISC.
+
+# June 2009.
+#
+# SHA256 performance is >75% better than gcc 3.2 generated code on
+# PA-7100LC. Compared to code generated by vendor compiler this
+# implementation is almost 70% faster in 64-bit build, but delivers
+# virtually same performance in 32-bit build on PA-8600.
+#
+# SHA512 performance is >2.9x better than gcc 3.2 generated code on
+# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the
+# code is executed on PA-RISC 2.0 processor and switches to 64-bit
+# code path delivering adequate performance even in "blended" 32-bit
+# build. Though 64-bit code is not any faster than code generated by
+# vendor compiler on PA-8600...
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+	$LEVEL		="2.0W";
+	$SIZE_T		=8;
+	$FRAME_MARKER	=80;
+	$SAVED_RP	=16;
+	$PUSH		="std";
+	$PUSHMA		="std,ma";
+	$POP		="ldd";
+	$POPMB		="ldd,mb";
+} else {
+	$LEVEL		="1.0";
+	$SIZE_T		=4;
+	$FRAME_MARKER	=48;
+	$SAVED_RP	=20;
+	$PUSH		="stw";
+	$PUSHMA		="stwm";
+	$POP		="ldw";
+	$POPMB		="ldwm";
+}
+
+if ($output =~ /512/) {
+	$func="sha512_block_data_order";
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$LAST10BITS=0x017;
+	$LD="ldd";
+	$LDM="ldd,ma";
+	$ST="std";
+} else {
+	$func="sha256_block_data_order";
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$LAST10BITS=0x0f2;
+	$LD="ldw";
+	$LDM="ldwm";
+	$ST="stw";
+}
+
+$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
+				#                 [+ argument transfer]
+$XOFF=16*$SZ+32;		# local variables
+$FRAME+=$XOFF;
+$XOFF+=$FRAME_MARKER;		# distance between %sp and local variables
+
+$ctx="%r26";	# zapped by $a0
+$inp="%r25";	# zapped by $a1
+$num="%r24";	# zapped by $t0
+
+$a0 ="%r26";
+$a1 ="%r25";
+$t0 ="%r24";
+$t1 ="%r29";
+$Tbl="%r31";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=("%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r28");
+
+@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$inp);
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+	_ror	$e,$Sigma1[0],$a0
+	and	$f,$e,$t0
+	_ror	$e,$Sigma1[1],$a1
+	addl	$t1,$h,$h
+	andcm	$g,$e,$t1
+	xor	$a1,$a0,$a0
+	_ror	$a1,`$Sigma1[2]-$Sigma1[1]`,$a1
+	or	$t0,$t1,$t1		; Ch(e,f,g)
+	addl	@X[$i%16],$h,$h
+	xor	$a0,$a1,$a1		; Sigma1(e)
+	addl	$t1,$h,$h
+	_ror	$a,$Sigma0[0],$a0
+	addl	$a1,$h,$h
+
+	_ror	$a,$Sigma0[1],$a1
+	and	$a,$b,$t0
+	and	$a,$c,$t1
+	xor	$a1,$a0,$a0
+	_ror	$a1,`$Sigma0[2]-$Sigma0[1]`,$a1
+	xor	$t1,$t0,$t0
+	and	$b,$c,$t1
+	xor	$a0,$a1,$a1		; Sigma0(a)
+	addl	$h,$d,$d
+	xor	$t1,$t0,$t0		; Maj(a,b,c)
+	`"$LDM	$SZ($Tbl),$t1" if ($i<15)`
+	addl	$a1,$h,$h
+	addl	$t0,$h,$h
+
+___
+}
+
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+	_ror	@X[($i+1)%16],$sigma0[0],$a0
+	_ror	@X[($i+1)%16],$sigma0[1],$a1
+	addl	@X[($i+9)%16],@X[$i],@X[$i]
+	_ror	@X[($i+14)%16],$sigma1[0],$t0
+	_ror	@X[($i+14)%16],$sigma1[1],$t1
+	xor	$a1,$a0,$a0
+	_shr	@X[($i+1)%16],$sigma0[2],$a1
+	xor	$t1,$t0,$t0
+	_shr	@X[($i+14)%16],$sigma1[2],$t1
+	xor	$a1,$a0,$a0		; sigma0(X[(i+1)&0x0f])
+	xor	$t1,$t0,$t0		; sigma1(X[(i+14)&0x0f])
+	$LDM	$SZ($Tbl),$t1
+	addl	$a0,@X[$i],@X[$i]
+	addl	$t0,@X[$i],@X[$i]
+___
+$code.=<<___ if ($i==15);
+	extru	$t1,31,10,$a1
+	comiclr,<> $LAST10BITS,$a1,%r0
+	ldo	1($Tbl),$Tbl		; signal end of $Tbl
+___
+&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+
+$code=<<___;
+	.LEVEL	$LEVEL
+	.SPACE	\$TEXT\$
+	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+	.ALIGN	64
+L\$table
+___
+$code.=<<___ if ($SZ==8);
+	.WORD	0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
+	.WORD	0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
+	.WORD	0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
+	.WORD	0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
+	.WORD	0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
+	.WORD	0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
+	.WORD	0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
+	.WORD	0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
+	.WORD	0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
+	.WORD	0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
+	.WORD	0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
+	.WORD	0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
+	.WORD	0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
+	.WORD	0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
+	.WORD	0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
+	.WORD	0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
+	.WORD	0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
+	.WORD	0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
+	.WORD	0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
+	.WORD	0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
+	.WORD	0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
+	.WORD	0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
+	.WORD	0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
+	.WORD	0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
+	.WORD	0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
+	.WORD	0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
+	.WORD	0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
+	.WORD	0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
+	.WORD	0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
+	.WORD	0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
+	.WORD	0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
+	.WORD	0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
+	.WORD	0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
+	.WORD	0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
+	.WORD	0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
+	.WORD	0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
+	.WORD	0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
+	.WORD	0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
+	.WORD	0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
+	.WORD	0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
+___
+$code.=<<___ if ($SZ==4);
+	.WORD	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.WORD	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.WORD	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.WORD	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.WORD	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.WORD	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.WORD	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.WORD	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.WORD	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.WORD	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.WORD	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.WORD	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.WORD	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.WORD	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.WORD	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.WORD	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___;
+
+	.EXPORT	$func,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.ALIGN	64
+$func
+	.PROC
+	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+	.ENTRY
+	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
+	$PUSHMA	%r3,$FRAME(%sp)
+	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
+	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
+	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
+	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
+	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
+	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
+	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
+	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
+	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
+	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
+	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
+	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
+	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
+	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
+	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+	_shl	$num,`log(16*$SZ)/log(2)`,$num
+	addl	$inp,$num,$num		; $num to point at the end of $inp
+
+	$PUSH	$num,`-$FRAME_MARKER-4*$SIZE_T`(%sp)	; save arguments
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)
+	$PUSH	$ctx,`-$FRAME_MARKER-2*$SIZE_T`(%sp)
+
+	blr	%r0,$Tbl
+	ldi	3,$t1
+L\$pic
+	andcm	$Tbl,$t1,$Tbl		; wipe privilege level
+	ldo	L\$table-L\$pic($Tbl),$Tbl
+___
+$code.=<<___ if ($SZ==8 && $SIZE_T==4);
+	ldi	31,$t1
+	mtctl	$t1,%cr11
+	extrd,u,*= $t1,%sar,1,$t1	; executes on PA-RISC 1.0
+	b	L\$parisc1
+	nop
+___
+$code.=<<___;
+	$LD	`0*$SZ`($ctx),$A	; load context
+	$LD	`1*$SZ`($ctx),$B
+	$LD	`2*$SZ`($ctx),$C
+	$LD	`3*$SZ`($ctx),$D
+	$LD	`4*$SZ`($ctx),$E
+	$LD	`5*$SZ`($ctx),$F
+	$LD	`6*$SZ`($ctx),$G
+	$LD	`7*$SZ`($ctx),$H
+
+	extru	$inp,31,`log($SZ)/log(2)`,$t0
+	sh3addl	$t0,%r0,$t0
+	subi	`8*$SZ`,$t0,$t0
+	mtctl	$t0,%cr11		; load %sar with align factor
+
+L\$oop
+	ldi	`$SZ-1`,$t0
+	$LDM	$SZ($Tbl),$t1
+	andcm	$inp,$t0,$t0		; align $inp
+___
+	for ($i=0;$i<15;$i++) {		# load input block
+	$code.="\t$LD	`$SZ*$i`($t0),@X[$i]\n";		}
+$code.=<<___;
+	cmpb,*=	$inp,$t0,L\$aligned
+	$LD	`$SZ*15`($t0),@X[15]
+	$LD	`$SZ*16`($t0),@X[16]
+___
+	for ($i=0;$i<16;$i++) {		# align data
+	$code.="\t_align	@X[$i],@X[$i+1],@X[$i]\n";	}
+$code.=<<___;
+L\$aligned
+	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
+___
+
+for($i=0;$i<16;$i++)	{ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+L\$rounds
+	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
+___
+for(;$i<32;$i++)	{ &ROUND_16_xx($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bb,>=	$Tbl,31,L\$rounds	; end of $Tbl signalled?
+	nop
+
+	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
+	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
+	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
+	ldo	`-$rounds*$SZ-1`($Tbl),$Tbl		; rewind $Tbl
+
+	$LD	`0*$SZ`($ctx),@X[0]	; load context
+	$LD	`1*$SZ`($ctx),@X[1]
+	$LD	`2*$SZ`($ctx),@X[2]
+	$LD	`3*$SZ`($ctx),@X[3]
+	$LD	`4*$SZ`($ctx),@X[4]
+	$LD	`5*$SZ`($ctx),@X[5]
+	addl	@X[0],$A,$A
+	$LD	`6*$SZ`($ctx),@X[6]
+	addl	@X[1],$B,$B
+	$LD	`7*$SZ`($ctx),@X[7]
+	ldo	`16*$SZ`($inp),$inp	; advance $inp
+
+	$ST	$A,`0*$SZ`($ctx)	; save context
+	addl	@X[2],$C,$C
+	$ST	$B,`1*$SZ`($ctx)
+	addl	@X[3],$D,$D
+	$ST	$C,`2*$SZ`($ctx)
+	addl	@X[4],$E,$E
+	$ST	$D,`3*$SZ`($ctx)
+	addl	@X[5],$F,$F
+	$ST	$E,`4*$SZ`($ctx)
+	addl	@X[6],$G,$G
+	$ST	$F,`5*$SZ`($ctx)
+	addl	@X[7],$H,$H
+	$ST	$G,`6*$SZ`($ctx)
+	$ST	$H,`7*$SZ`($ctx)
+
+	cmpb,*<>,n $inp,$num,L\$oop
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
+___
+if ($SZ==8 && $SIZE_T==4)	# SHA512 for 32-bit PA-RISC 1.0
+{{
+$code.=<<___;
+	b	L\$done
+	nop
+
+	.ALIGN	64
+L\$parisc1
+___
+
+@V=(  $Ahi,  $Alo,  $Bhi,  $Blo,  $Chi,  $Clo,  $Dhi,  $Dlo,
+      $Ehi,  $Elo,  $Fhi,  $Flo,  $Ghi,  $Glo,  $Hhi,  $Hlo) = 
+   ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
+     "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16");
+$a0 ="%r17";
+$a1 ="%r18";
+$a2 ="%r19";
+$a3 ="%r20";
+$t0 ="%r21";
+$t1 ="%r22";
+$t2 ="%r28";
+$t3 ="%r29";
+$Tbl="%r31";
+
+@X=("%r23","%r24","%r25","%r26");	# zaps $num,$inp,$ctx
+
+sub ROUND_00_15_pa1 {
+my ($i,$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+       $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo,$flag)=@_;
+my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
+
+$code.=<<___ if (!$flag);
+	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
+	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
+___
+$code.=<<___;
+	shd	$ehi,$elo,$Sigma1[0],$t0
+	 add	$Xlo,$hlo,$hlo
+	shd	$elo,$ehi,$Sigma1[0],$t1
+	 addc	$Xhi,$hhi,$hhi		; h += X[i]
+	shd	$ehi,$elo,$Sigma1[1],$t2
+	 ldwm	8($Tbl),$Xhi
+	shd	$elo,$ehi,$Sigma1[1],$t3
+	 ldw	-4($Tbl),$Xlo		; load K[i]
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1
+	 and	$flo,$elo,$a0
+	 and	$fhi,$ehi,$a1
+	shd	$ehi,$elo,$Sigma1[2],$t2
+	 andcm	$glo,$elo,$a2
+	shd	$elo,$ehi,$Sigma1[2],$t3
+	 andcm	$ghi,$ehi,$a3
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1		; Sigma1(e)
+	add	$Xlo,$hlo,$hlo
+	 xor	$a2,$a0,$a0
+	addc	$Xhi,$hhi,$hhi		; h += K[i]
+	 xor	$a3,$a1,$a1		; Ch(e,f,g)
+
+	 add	$t0,$hlo,$hlo
+	shd	$ahi,$alo,$Sigma0[0],$t0
+	 addc	$t1,$hhi,$hhi		; h += Sigma1(e)
+	shd	$alo,$ahi,$Sigma0[0],$t1	
+	 add	$a0,$hlo,$hlo
+	shd	$ahi,$alo,$Sigma0[1],$t2
+	 addc	$a1,$hhi,$hhi		; h += Ch(e,f,g)
+	shd	$alo,$ahi,$Sigma0[1],$t3
+
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1
+	shd	$ahi,$alo,$Sigma0[2],$t2
+	and	$alo,$blo,$a0
+	shd	$alo,$ahi,$Sigma0[2],$t3
+	and	$ahi,$bhi,$a1
+	xor	$t2,$t0,$t0
+	xor	$t3,$t1,$t1		; Sigma0(a)
+
+	and	$alo,$clo,$a2
+	and	$ahi,$chi,$a3
+	xor	$a2,$a0,$a0
+	 add	$hlo,$dlo,$dlo
+	xor	$a3,$a1,$a1
+	 addc	$hhi,$dhi,$dhi		; d += h
+	and	$blo,$clo,$a2
+	 add	$t0,$hlo,$hlo
+	and	$bhi,$chi,$a3
+	 addc	$t1,$hhi,$hhi		; h += Sigma0(a)
+	xor	$a2,$a0,$a0
+	 add	$a0,$hlo,$hlo
+	xor	$a3,$a1,$a1		; Maj(a,b,c)
+	 addc	$a1,$hhi,$hhi		; h += Maj(a,b,c)
+
+___
+$code.=<<___ if ($i==15 && $flag);
+	extru	$Xlo,31,10,$Xlo
+	comiclr,= $LAST10BITS,$Xlo,%r0
+	b	L\$rounds_pa1
+	nop
+___
+push(@X,shift(@X)); push(@X,shift(@X));
+}
+
+sub ROUND_16_xx_pa1 {
+my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
+my ($i)=shift;
+$i-=16;
+$code.=<<___;
+	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
+	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
+	ldw	`-$XOFF+8*(($i+9)%16)`(%sp),$a1
+	ldw	`-$XOFF+8*(($i+9)%16)+4`(%sp),$a0	; load X[i+9]
+	ldw	`-$XOFF+8*(($i+14)%16)`(%sp),$a3
+	ldw	`-$XOFF+8*(($i+14)%16)+4`(%sp),$a2	; load X[i+14]
+	shd	$Xnhi,$Xnlo,$sigma0[0],$t0
+	shd	$Xnlo,$Xnhi,$sigma0[0],$t1
+	 add	$a0,$Xlo,$Xlo
+	shd	$Xnhi,$Xnlo,$sigma0[1],$t2
+	 addc	$a1,$Xhi,$Xhi
+	shd	$Xnlo,$Xnhi,$sigma0[1],$t3
+	xor	$t2,$t0,$t0
+	shd	$Xnhi,$Xnlo,$sigma0[2],$t2
+	xor	$t3,$t1,$t1
+	extru	$Xnhi,`31-$sigma0[2]`,`32-$sigma0[2]`,$t3
+	xor	$t2,$t0,$t0
+	 shd	$a3,$a2,$sigma1[0],$a0
+	xor	$t3,$t1,$t1		; sigma0(X[i+1)&0x0f])
+	 shd	$a2,$a3,$sigma1[0],$a1
+	add	$t0,$Xlo,$Xlo
+	 shd	$a3,$a2,$sigma1[1],$t2
+	addc	$t1,$Xhi,$Xhi
+	 shd	$a2,$a3,$sigma1[1],$t3
+	xor	$t2,$a0,$a0
+	shd	$a3,$a2,$sigma1[2],$t2
+	xor	$t3,$a1,$a1
+	extru	$a3,`31-$sigma1[2]`,`32-$sigma1[2]`,$t3
+	xor	$t2,$a0,$a0
+	xor	$t3,$a1,$a1		; sigma0(X[i+14)&0x0f])
+	add	$a0,$Xlo,$Xlo
+	addc	$a1,$Xhi,$Xhi
+
+	stw	$Xhi,`-$XOFF+8*($i%16)`(%sp)
+	stw	$Xlo,`-$XOFF+8*($i%16)+4`(%sp)
+___
+&ROUND_00_15_pa1($i,@_,1);
+}
+$code.=<<___;
+	ldw	`0*4`($ctx),$Ahi		; load context
+	ldw	`1*4`($ctx),$Alo
+	ldw	`2*4`($ctx),$Bhi
+	ldw	`3*4`($ctx),$Blo
+	ldw	`4*4`($ctx),$Chi
+	ldw	`5*4`($ctx),$Clo
+	ldw	`6*4`($ctx),$Dhi
+	ldw	`7*4`($ctx),$Dlo
+	ldw	`8*4`($ctx),$Ehi
+	ldw	`9*4`($ctx),$Elo
+	ldw	`10*4`($ctx),$Fhi
+	ldw	`11*4`($ctx),$Flo
+	ldw	`12*4`($ctx),$Ghi
+	ldw	`13*4`($ctx),$Glo
+	ldw	`14*4`($ctx),$Hhi
+	ldw	`15*4`($ctx),$Hlo
+
+	extru	$inp,31,2,$t0
+	sh3addl	$t0,%r0,$t0
+	subi	32,$t0,$t0
+	mtctl	$t0,%cr11		; load %sar with align factor
+
+L\$oop_pa1
+	extru	$inp,31,2,$a3
+	comib,=	0,$a3,L\$aligned_pa1
+	sub	$inp,$a3,$inp
+
+	ldw	`0*4`($inp),$X[0]
+	ldw	`1*4`($inp),$X[1]
+	ldw	`2*4`($inp),$t2
+	ldw	`3*4`($inp),$t3
+	ldw	`4*4`($inp),$a0
+	ldw	`5*4`($inp),$a1
+	ldw	`6*4`($inp),$a2
+	ldw	`7*4`($inp),$a3
+	vshd	$X[0],$X[1],$X[0]
+	vshd	$X[1],$t2,$X[1]
+	stw	$X[0],`-$XOFF+0*4`(%sp)
+	ldw	`8*4`($inp),$t0
+	vshd	$t2,$t3,$t2
+	stw	$X[1],`-$XOFF+1*4`(%sp)
+	ldw	`9*4`($inp),$t1
+	vshd	$t3,$a0,$t3
+___
+{
+my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
+for ($i=2;$i<=(128/4-8);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	ldw	`(8+$i)*4`($inp),$t[0]
+	vshd	$t[1],$t[2],$t[1]
+___
+push(@t,shift(@t));
+}
+for (;$i<(128/4-1);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	vshd	$t[1],$t[2],$t[1]
+___
+push(@t,shift(@t));
+}
+$code.=<<___;
+	b	L\$collected_pa1
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+
+___
+}
+$code.=<<___;
+L\$aligned_pa1
+	ldw	`0*4`($inp),$X[0]
+	ldw	`1*4`($inp),$X[1]
+	ldw	`2*4`($inp),$t2
+	ldw	`3*4`($inp),$t3
+	ldw	`4*4`($inp),$a0
+	ldw	`5*4`($inp),$a1
+	ldw	`6*4`($inp),$a2
+	ldw	`7*4`($inp),$a3
+	stw	$X[0],`-$XOFF+0*4`(%sp)
+	ldw	`8*4`($inp),$t0
+	stw	$X[1],`-$XOFF+1*4`(%sp)
+	ldw	`9*4`($inp),$t1
+___
+{
+my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
+for ($i=2;$i<(128/4-8);$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+	ldw	`(8+$i)*4`($inp),$t[0]
+___
+push(@t,shift(@t));
+}
+for (;$i<128/4;$i++) {
+$code.=<<___;
+	stw	$t[0],`-$XOFF+$i*4`(%sp)
+___
+push(@t,shift(@t));
+}
+$code.="L\$collected_pa1\n";
+}
+
+for($i=0;$i<16;$i++)	{ &ROUND_00_15_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
+$code.="L\$rounds_pa1\n";
+for(;$i<32;$i++)	{ &ROUND_16_xx_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
+
+$code.=<<___;
+	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
+	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
+	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
+	ldo	`-$rounds*$SZ`($Tbl),$Tbl		; rewind $Tbl
+
+	ldw	`0*4`($ctx),$t1		; update context
+	ldw	`1*4`($ctx),$t0
+	ldw	`2*4`($ctx),$t3
+	ldw	`3*4`($ctx),$t2
+	ldw	`4*4`($ctx),$a1
+	ldw	`5*4`($ctx),$a0
+	ldw	`6*4`($ctx),$a3
+	add	$t0,$Alo,$Alo
+	ldw	`7*4`($ctx),$a2
+	addc	$t1,$Ahi,$Ahi
+	ldw	`8*4`($ctx),$t1
+	add	$t2,$Blo,$Blo
+	ldw	`9*4`($ctx),$t0
+	addc	$t3,$Bhi,$Bhi
+	ldw	`10*4`($ctx),$t3
+	add	$a0,$Clo,$Clo
+	ldw	`11*4`($ctx),$t2
+	addc	$a1,$Chi,$Chi
+	ldw	`12*4`($ctx),$a1
+	add	$a2,$Dlo,$Dlo
+	ldw	`13*4`($ctx),$a0
+	addc	$a3,$Dhi,$Dhi
+	ldw	`14*4`($ctx),$a3
+	add	$t0,$Elo,$Elo
+	ldw	`15*4`($ctx),$a2
+	addc	$t1,$Ehi,$Ehi
+	stw	$Ahi,`0*4`($ctx)
+	add	$t2,$Flo,$Flo
+	stw	$Alo,`1*4`($ctx)
+	addc	$t3,$Fhi,$Fhi
+	stw	$Bhi,`2*4`($ctx)
+	add	$a0,$Glo,$Glo
+	stw	$Blo,`3*4`($ctx)
+	addc	$a1,$Ghi,$Ghi
+	stw	$Chi,`4*4`($ctx)
+	add	$a2,$Hlo,$Hlo
+	stw	$Clo,`5*4`($ctx)
+	addc	$a3,$Hhi,$Hhi
+	stw	$Dhi,`6*4`($ctx)
+	ldo	`16*$SZ`($inp),$inp	; advance $inp
+	stw	$Dlo,`7*4`($ctx)
+	stw	$Ehi,`8*4`($ctx)
+	stw	$Elo,`9*4`($ctx)
+	stw	$Fhi,`10*4`($ctx)
+	stw	$Flo,`11*4`($ctx)
+	stw	$Ghi,`12*4`($ctx)
+	stw	$Glo,`13*4`($ctx)
+	stw	$Hhi,`14*4`($ctx)
+	comb,=	$inp,$num,L\$done
+	stw	$Hlo,`15*4`($ctx)
+	b	L\$oop_pa1
+	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
+L\$done
+___
+}}
+$code.=<<___;
+	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
+	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
+	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
+	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
+	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
+	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
+	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
+	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
+	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
+	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
+	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
+	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
+	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
+	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
+	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
+	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
+	bv	(%r2)
+	.EXIT
+	$POPMB	-$FRAME(%sp),%r3
+	.PROCEND
+	.STRINGZ "SHA`64*$SZ` block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# Explicitly encode PA-RISC 2.0 instructions used in this module, so
+# that it can be compiled with .LEVEL 1.0. It should be noted that I
+# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
+# directive...
+
+my $ldd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "ldd$mod\t$args";
+
+    if ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 3 suffices
+    {	my $opcode=(0x14<<26)|($2<<21)|($3<<16)|(($1&0x1FF8)<<1)|(($1>>13)&1);
+	$opcode|=(1<<3) if ($mod =~ /^,m/);
+	$opcode|=(1<<2) if ($mod =~ /^,mb/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $std = sub {
+  my ($mod,$args) = @_;
+  my $orig = "std$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
+    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $extrd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "extrd$mod\t$args";
+
+    # I only have ",u" completer, it's implicitly encoded...
+    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
+    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
+	my $len=32-$3;
+	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
+	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
+    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
+	my $len=32-$2;
+	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
+	$opcode |= (1<<13) if ($mod =~ /,\**=/);
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+my $shrpd = sub {
+  my ($mod,$args) = @_;
+  my $orig = "shrpd$mod\t$args";
+
+    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
+    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
+	my $cpos=63-$3;
+	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
+	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
+    }
+    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
+    {	sprintf "\t.WORD\t0x%08x\t; %s",
+		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
+    }
+    else { "\t".$orig; }
+};
+
+sub assemble {
+  my ($mnemonic,$mod,$args)=@_;
+  my $opcode = eval("\$$mnemonic");
+
+    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/
+		$3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32)	# rotation for >=32
+		:       sprintf("shd\t%$1,%$2,%d",$3)/e			or
+	# translate made up instructons: _ror, _shr, _align, _shl
+	s/_ror(\s+)(%r[0-9]+),/
+		($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e			or
+
+	s/_shr(\s+%r[0-9]+),([0-9]+),/
+		$SZ==4 ? sprintf("extru%s,%d,%d,",$1,31-$2,32-$2)
+		:        sprintf("extrd,u%s,%d,%d,",$1,63-$2,64-$2)/e	or
+
+	s/_align(\s+%r[0-9]+,%r[0-9]+),/
+		($SZ==4 ? "vshd$1," : "shrpd$1,%sar,")/e		or
+
+	s/_shl(\s+%r[0-9]+),([0-9]+),/
+		$SIZE_T==4 ? sprintf("zdep%s,%d,%d,",$1,31-$2,32-$2)
+		:            sprintf("depd,z%s,%d,%d,",$1,63-$2,64-$2)/e;
+
+	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4);
+
+	s/cmpb,\*/comb,/ if ($SIZE_T==4);
+
+	s/\bbv\b/bve/    if ($SIZE_T==8);
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-ppc.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-ppc.pl
new file mode 100755
index 0000000..fe95b01
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-ppc.pl
@@ -0,0 +1,799 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input, except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank.
+
+#			sha256		|	sha512
+# 			-m64	-m32	|	-m64	-m32
+# --------------------------------------+-----------------------
+# PPC970,gcc-4.0.0	+50%	+38%	|	+40%	+410%(*)
+# Power6,xlc-7		+150%	+90%	|	+100%	+430%(*)
+#
+# (*)	64-bit code in 32-bit application context, which actually is
+#	on TODO list. It should be noted that for safe deployment in
+#	32-bit *mutli-threaded* context asyncronous signals should be
+#	blocked upon entry to SHA512 block routine. This is because
+#	32-bit signaling procedure invalidates upper halves of GPRs.
+#	Context switch procedure preserves them, but not signaling:-(
+
+# Second version is true multi-thread safe. Trouble with the original
+# version was that it was using thread local storage pointer register.
+# Well, it scrupulously preserved it, but the problem would arise the
+# moment asynchronous signal was delivered and signal handler would
+# dereference the TLS pointer. While it's never the case in openssl
+# application or test suite, we have to respect this scenario and not
+# use TLS pointer register. Alternative would be to require caller to
+# block signals prior calling this routine. For the record, in 32-bit
+# context R2 serves as TLS pointer, while in 64-bit context - R13.
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$UCMP="cmpld";
+	$SHL="sldi";
+	$POP="ld";
+	$PUSH="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$UCMP="cmplw";
+	$SHL="slwi";
+	$POP="lwz";
+	$PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+	$func="sha512_block_ppc";
+	$SZ=8;
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+	$LD="ld";
+	$ST="std";
+	$ROR="rotrdi";
+	$SHR="srdi";
+} else {
+	$func="sha256_block_ppc";
+	$SZ=4;
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+	$LD="lwz";
+	$ST="stw";
+	$ROR="rotrwi";
+	$SHR="srwi";
+}
+
+$FRAME=32*$SIZE_T+16*$SZ;
+$LOCALS=6*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";	# zapped by $a0
+$inp="r4";	# zapped by $a1
+$num="r5";	# zapped by $t0
+
+$T  ="r0";
+$a0 ="r3";
+$a1 ="r4";
+$t0 ="r5";
+$t1 ="r6";
+$Tbl="r7";
+
+$A  ="r8";
+$B  ="r9";
+$C  ="r10";
+$D  ="r11";
+$E  ="r12";
+$F  =$t1;	$t1 = "r0";	# stay away from "r13";
+$G  ="r14";
+$H  ="r15";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+$inp="r31" if($SZ==4 || $SIZE_T==8);	# reassigned $inp! aliases with @X[15]
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+	$ROR	$a0,$e,$Sigma1[0]
+	$ROR	$a1,$e,$Sigma1[1]
+	and	$t0,$f,$e
+	xor	$a0,$a0,$a1
+	add	$h,$h,$t1
+	andc	$t1,$g,$e
+	$ROR	$a1,$a1,`$Sigma1[2]-$Sigma1[1]`
+	or	$t0,$t0,$t1		; Ch(e,f,g)
+	add	$h,$h,@X[$i%16]
+	xor	$a0,$a0,$a1		; Sigma1(e)
+	add	$h,$h,$t0
+	add	$h,$h,$a0
+
+	$ROR	$a0,$a,$Sigma0[0]
+	$ROR	$a1,$a,$Sigma0[1]
+	and	$t0,$a,$b
+	and	$t1,$a,$c
+	xor	$a0,$a0,$a1
+	$ROR	$a1,$a1,`$Sigma0[2]-$Sigma0[1]`
+	xor	$t0,$t0,$t1
+	and	$t1,$b,$c
+	xor	$a0,$a0,$a1		; Sigma0(a)
+	add	$d,$d,$h
+	xor	$t0,$t0,$t1		; Maj(a,b,c)
+___
+$code.=<<___ if ($i<15);
+	$LD	$t1,`($i+1)*$SZ`($Tbl)
+___
+$code.=<<___;
+	add	$h,$h,$a0
+	add	$h,$h,$t0
+
+___
+}
+
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+	$ROR	$a0,@X[($i+1)%16],$sigma0[0]
+	$ROR	$a1,@X[($i+1)%16],$sigma0[1]
+	$ROR	$t0,@X[($i+14)%16],$sigma1[0]
+	$ROR	$t1,@X[($i+14)%16],$sigma1[1]
+	xor	$a0,$a0,$a1
+	$SHR	$a1,@X[($i+1)%16],$sigma0[2]
+	xor	$t0,$t0,$t1
+	$SHR	$t1,@X[($i+14)%16],$sigma1[2]
+	add	@X[$i],@X[$i],@X[($i+9)%16]
+	xor	$a0,$a0,$a1		; sigma0(X[(i+1)&0x0f])
+	xor	$t0,$t0,$t1		; sigma1(X[(i+14)&0x0f])
+	$LD	$t1,`$i*$SZ`($Tbl)
+	add	@X[$i],@X[$i],$a0
+	add	@X[$i],@X[$i],$t0
+___
+&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	$func
+.align	6
+$func:
+	$STU	$sp,-$FRAME($sp)
+	mflr	r0
+	$SHL	$num,$num,`log(16*$SZ)/log(2)`
+
+	$PUSH	$ctx,`$FRAME-$SIZE_T*22`($sp)
+
+	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
+	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
+	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
+	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
+	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
+	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
+	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
+	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
+	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
+	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
+	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
+	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
+	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
+	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
+	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
+	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
+	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
+	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
+	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
+___
+
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+	$LD	$A,`0*$SZ`($ctx)
+	mr	$inp,r4				; incarnate $inp
+	$LD	$B,`1*$SZ`($ctx)
+	$LD	$C,`2*$SZ`($ctx)
+	$LD	$D,`3*$SZ`($ctx)
+	$LD	$E,`4*$SZ`($ctx)
+	$LD	$F,`5*$SZ`($ctx)
+	$LD	$G,`6*$SZ`($ctx)
+	$LD	$H,`7*$SZ`($ctx)
+___
+} else {
+  for ($i=16;$i<32;$i++) {
+    $code.=<<___;
+	lwz	r$i,`$LITTLE_ENDIAN^(4*($i-16))`($ctx)
+___
+  }
+}
+
+$code.=<<___;
+	bl	LPICmeup
+LPICedup:
+	andi.	r0,$inp,3
+	bne	Lunaligned
+Laligned:
+	add	$num,$inp,$num
+	$PUSH	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	b	Ldone
+
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for the input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
+.align	4
+Lunaligned:
+	subfic	$t1,$inp,4096
+	andi.	$t1,$t1,`4096-16*$SZ`	; distance to closest page boundary
+	beq	Lcross_page
+	$UCMP	$num,$t1
+	ble	Laligned		; didn't cross the page boundary
+	subfc	$num,$t1,$num
+	add	$t1,$inp,$t1
+	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real remaining num
+	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; intermediate end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	; $inp equals to the intermediate end pointer here
+	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real remaining num
+Lcross_page:
+	li	$t1,`16*$SZ/4`
+	mtctr	$t1
+___
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+	addi	r20,$sp,$LOCALS			; aligned spot below the frame
+Lmemcpy:
+	lbz	r16,0($inp)
+	lbz	r17,1($inp)
+	lbz	r18,2($inp)
+	lbz	r19,3($inp)
+	addi	$inp,$inp,4
+	stb	r16,0(r20)
+	stb	r17,1(r20)
+	stb	r18,2(r20)
+	stb	r19,3(r20)
+	addi	r20,r20,4
+	bdnz	Lmemcpy
+___
+} else {
+$code.=<<___;
+	addi	r12,$sp,$LOCALS			; aligned spot below the frame
+Lmemcpy:
+	lbz	r8,0($inp)
+	lbz	r9,1($inp)
+	lbz	r10,2($inp)
+	lbz	r11,3($inp)
+	addi	$inp,$inp,4
+	stb	r8,0(r12)
+	stb	r9,1(r12)
+	stb	r10,2(r12)
+	stb	r11,3(r12)
+	addi	r12,r12,4
+	bdnz	Lmemcpy
+___
+}
+
+$code.=<<___;
+	$PUSH	$inp,`$FRAME-$SIZE_T*26`($sp)	; save real inp
+	addi	$t1,$sp,`$LOCALS+16*$SZ`	; fictitious end pointer
+	addi	$inp,$sp,$LOCALS		; fictitious inp pointer
+	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real num
+	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	bl	Lsha2_block_private
+	$POP	$inp,`$FRAME-$SIZE_T*26`($sp)	; restore real inp
+	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real num
+	addic.	$num,$num,`-16*$SZ`		; num--
+	bne	Lunaligned
+
+Ldone:
+	$POP	r0,`$FRAME+$LRSAVE`($sp)
+	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
+	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
+	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
+	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
+	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
+	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
+	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
+	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
+	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
+	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
+	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
+	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
+	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
+	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
+	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
+	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
+	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
+	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
+	mtlr	r0
+	addi	$sp,$sp,$FRAME
+	blr
+	.long	0
+	.byte	0,12,4,1,0x80,18,3,0
+	.long	0
+___
+
+if ($SZ==4 || $SIZE_T==8) {
+$code.=<<___;
+.align	4
+Lsha2_block_private:
+	$LD	$t1,0($Tbl)
+___
+for($i=0;$i<16;$i++) {
+$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN);
+	lwz	@X[$i],`$i*$SZ`($inp)
+___
+$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN);
+	lwz	$a0,`$i*$SZ`($inp)
+	rotlwi	@X[$i],$a0,8
+	rlwimi	@X[$i],$a0,24,0,7
+	rlwimi	@X[$i],$a0,24,16,23
+___
+# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
+# unaligned 64-bit loads, only 32-bit ones...
+$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN);
+	lwz	$t0,`$i*$SZ`($inp)
+	lwz	@X[$i],`$i*$SZ+4`($inp)
+	insrdi	@X[$i],$t0,32,0
+___
+$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN);
+	lwz	$a0,`$i*$SZ`($inp)
+	 lwz	$a1,`$i*$SZ+4`($inp)
+	rotlwi	$t0,$a0,8
+	 rotlwi	@X[$i],$a1,8
+	rlwimi	$t0,$a0,24,0,7
+	 rlwimi	@X[$i],$a1,24,0,7
+	rlwimi	$t0,$a0,24,16,23
+	 rlwimi	@X[$i],$a1,24,16,23
+	insrdi	@X[$i],$t0,32,0
+___
+	&ROUND_00_15($i,@V);
+	unshift(@V,pop(@V));
+}
+$code.=<<___;
+	li	$t0,`$rounds/16-1`
+	mtctr	$t0
+.align	4
+Lrounds:
+	addi	$Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+	&ROUND_16_xx($i,@V);
+	unshift(@V,pop(@V));
+}
+$code.=<<___;
+	bdnz	Lrounds
+
+	$POP	$ctx,`$FRAME-$SIZE_T*22`($sp)
+	$POP	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	$POP	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	subi	$Tbl,$Tbl,`($rounds-16)*$SZ`	; rewind Tbl
+
+	$LD	r16,`0*$SZ`($ctx)
+	$LD	r17,`1*$SZ`($ctx)
+	$LD	r18,`2*$SZ`($ctx)
+	$LD	r19,`3*$SZ`($ctx)
+	$LD	r20,`4*$SZ`($ctx)
+	$LD	r21,`5*$SZ`($ctx)
+	$LD	r22,`6*$SZ`($ctx)
+	addi	$inp,$inp,`16*$SZ`		; advance inp
+	$LD	r23,`7*$SZ`($ctx)
+	add	$A,$A,r16
+	add	$B,$B,r17
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)
+	add	$C,$C,r18
+	$ST	$A,`0*$SZ`($ctx)
+	add	$D,$D,r19
+	$ST	$B,`1*$SZ`($ctx)
+	add	$E,$E,r20
+	$ST	$C,`2*$SZ`($ctx)
+	add	$F,$F,r21
+	$ST	$D,`3*$SZ`($ctx)
+	add	$G,$G,r22
+	$ST	$E,`4*$SZ`($ctx)
+	add	$H,$H,r23
+	$ST	$F,`5*$SZ`($ctx)
+	$ST	$G,`6*$SZ`($ctx)
+	$UCMP	$inp,$num
+	$ST	$H,`7*$SZ`($ctx)
+	bne	Lsha2_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	$func,.-$func
+___
+} else {
+########################################################################
+# SHA512 for PPC32, X vector is off-loaded to stack...
+#
+#			|	sha512
+#			|	-m32
+# ----------------------+-----------------------
+# PPC74x0,gcc-4.0.1	|	+48%
+# POWER6,gcc-4.4.6	|	+124%(*)
+# POWER7,gcc-4.4.6	|	+79%(*)
+# e300,gcc-4.1.0	|	+167%
+#
+# (*)	~1/3 of -m64 result [and ~20% better than -m32 code generated
+#	by xlc-12.1]
+
+my $XOFF=$LOCALS;
+
+my @V=map("r$_",(16..31));	# A..H
+
+my ($s0,$s1,$t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("r$_",(0,5,6,8..12,14,15));
+my ($x0,$x1)=("r3","r4");	# zaps $ctx and $inp
+
+sub ROUND_00_15_ppc32 {
+my ($i,	$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
+
+$code.=<<___;
+	lwz	$t2,`$SZ*($i%16)+($LITTLE_ENDIAN^4)`($Tbl)
+	 xor	$a0,$flo,$glo
+	lwz	$t3,`$SZ*($i%16)+($LITTLE_ENDIAN^0)`($Tbl)
+	 xor	$a1,$fhi,$ghi
+	addc	$hlo,$hlo,$t0			; h+=x[i]
+	stw	$t0,`$XOFF+0+$SZ*($i%16)`($sp)	; save x[i]
+
+	srwi	$s0,$elo,$Sigma1[0]
+	srwi	$s1,$ehi,$Sigma1[0]
+	 and	$a0,$a0,$elo
+	adde	$hhi,$hhi,$t1
+	 and	$a1,$a1,$ehi
+	stw	$t1,`$XOFF+4+$SZ*($i%16)`($sp)
+	srwi	$t0,$elo,$Sigma1[1]
+	srwi	$t1,$ehi,$Sigma1[1]
+	 addc	$hlo,$hlo,$t2			; h+=K512[i]
+	insrwi	$s0,$ehi,$Sigma1[0],0
+	insrwi	$s1,$elo,$Sigma1[0],0
+	 xor	$a0,$a0,$glo			; Ch(e,f,g)
+	 adde	$hhi,$hhi,$t3
+	 xor	$a1,$a1,$ghi
+	insrwi	$t0,$ehi,$Sigma1[1],0
+	insrwi	$t1,$elo,$Sigma1[1],0
+	 addc	$hlo,$hlo,$a0			; h+=Ch(e,f,g)
+	srwi	$t2,$ehi,$Sigma1[2]-32
+	srwi	$t3,$elo,$Sigma1[2]-32
+	xor	$s0,$s0,$t0
+	xor	$s1,$s1,$t1
+	insrwi	$t2,$elo,$Sigma1[2]-32,0
+	insrwi	$t3,$ehi,$Sigma1[2]-32,0
+	 xor	$a0,$alo,$blo			; a^b, b^c in next round
+	 adde	$hhi,$hhi,$a1
+	 xor	$a1,$ahi,$bhi
+	xor	$s0,$s0,$t2			; Sigma1(e)
+	xor	$s1,$s1,$t3
+
+	srwi	$t0,$alo,$Sigma0[0]
+	 and	$a2,$a2,$a0
+	 addc	$hlo,$hlo,$s0			; h+=Sigma1(e)
+	 and	$a3,$a3,$a1
+	srwi	$t1,$ahi,$Sigma0[0]
+	srwi	$s0,$ahi,$Sigma0[1]-32
+	 adde	$hhi,$hhi,$s1
+	srwi	$s1,$alo,$Sigma0[1]-32
+	insrwi	$t0,$ahi,$Sigma0[0],0
+	insrwi	$t1,$alo,$Sigma0[0],0
+	 xor	$a2,$a2,$blo			; Maj(a,b,c)
+	 addc	$dlo,$dlo,$hlo			; d+=h
+	 xor	$a3,$a3,$bhi
+	insrwi	$s0,$alo,$Sigma0[1]-32,0
+	insrwi	$s1,$ahi,$Sigma0[1]-32,0
+	 adde	$dhi,$dhi,$hhi
+	srwi	$t2,$ahi,$Sigma0[2]-32
+	srwi	$t3,$alo,$Sigma0[2]-32
+	xor	$s0,$s0,$t0
+	 addc	$hlo,$hlo,$a2			; h+=Maj(a,b,c)
+	xor	$s1,$s1,$t1
+	insrwi	$t2,$alo,$Sigma0[2]-32,0
+	insrwi	$t3,$ahi,$Sigma0[2]-32,0
+	 adde	$hhi,$hhi,$a3
+___
+$code.=<<___ if ($i>=15);
+	lwz	$t0,`$XOFF+0+$SZ*(($i+2)%16)`($sp)
+	lwz	$t1,`$XOFF+4+$SZ*(($i+2)%16)`($sp)
+___
+$code.=<<___ if ($i<15 && !$LITTLE_ENDIAN);
+	lwz	$t1,`$SZ*($i+1)+0`($inp)
+	lwz	$t0,`$SZ*($i+1)+4`($inp)
+___
+$code.=<<___ if ($i<15 && $LITTLE_ENDIAN);
+	lwz	$a2,`$SZ*($i+1)+0`($inp)
+	 lwz	$a3,`$SZ*($i+1)+4`($inp)
+	rotlwi	$t1,$a2,8
+	 rotlwi	$t0,$a3,8
+	rlwimi	$t1,$a2,24,0,7
+	 rlwimi	$t0,$a3,24,0,7
+	rlwimi	$t1,$a2,24,16,23
+	 rlwimi	$t0,$a3,24,16,23
+___
+$code.=<<___;
+	xor	$s0,$s0,$t2			; Sigma0(a)
+	xor	$s1,$s1,$t3
+	addc	$hlo,$hlo,$s0			; h+=Sigma0(a)
+	adde	$hhi,$hhi,$s1
+___
+$code.=<<___ if ($i==15);
+	lwz	$x0,`$XOFF+0+$SZ*(($i+1)%16)`($sp)
+	lwz	$x1,`$XOFF+4+$SZ*(($i+1)%16)`($sp)
+___
+}
+sub ROUND_16_xx_ppc32 {
+my ($i,	$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
+	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
+
+$code.=<<___;
+	srwi	$s0,$t0,$sigma0[0]
+	srwi	$s1,$t1,$sigma0[0]
+	srwi	$t2,$t0,$sigma0[1]
+	srwi	$t3,$t1,$sigma0[1]
+	insrwi	$s0,$t1,$sigma0[0],0
+	insrwi	$s1,$t0,$sigma0[0],0
+	srwi	$a0,$t0,$sigma0[2]
+	insrwi	$t2,$t1,$sigma0[1],0
+	insrwi	$t3,$t0,$sigma0[1],0
+	insrwi	$a0,$t1,$sigma0[2],0
+	xor	$s0,$s0,$t2
+	 lwz	$t2,`$XOFF+0+$SZ*(($i+14)%16)`($sp)
+	srwi	$a1,$t1,$sigma0[2]
+	xor	$s1,$s1,$t3
+	 lwz	$t3,`$XOFF+4+$SZ*(($i+14)%16)`($sp)
+	xor	$a0,$a0,$s0
+	 srwi	$s0,$t2,$sigma1[0]
+	xor	$a1,$a1,$s1
+	 srwi	$s1,$t3,$sigma1[0]
+	addc	$x0,$x0,$a0			; x[i]+=sigma0(x[i+1])
+	 srwi	$a0,$t3,$sigma1[1]-32
+	insrwi	$s0,$t3,$sigma1[0],0
+	insrwi	$s1,$t2,$sigma1[0],0
+	adde	$x1,$x1,$a1
+	 srwi	$a1,$t2,$sigma1[1]-32
+
+	insrwi	$a0,$t2,$sigma1[1]-32,0
+	srwi	$t2,$t2,$sigma1[2]
+	insrwi	$a1,$t3,$sigma1[1]-32,0
+	insrwi	$t2,$t3,$sigma1[2],0
+	xor	$s0,$s0,$a0
+	 lwz	$a0,`$XOFF+0+$SZ*(($i+9)%16)`($sp)
+	srwi	$t3,$t3,$sigma1[2]
+	xor	$s1,$s1,$a1
+	 lwz	$a1,`$XOFF+4+$SZ*(($i+9)%16)`($sp)
+	xor	$s0,$s0,$t2
+	 addc	$x0,$x0,$a0			; x[i]+=x[i+9]
+	xor	$s1,$s1,$t3
+	 adde	$x1,$x1,$a1
+	addc	$x0,$x0,$s0			; x[i]+=sigma1(x[i+14])
+	adde	$x1,$x1,$s1
+___
+	($t0,$t1,$x0,$x1) = ($x0,$x1,$t0,$t1);
+	&ROUND_00_15_ppc32(@_);
+}
+
+$code.=<<___;
+.align	4
+Lsha2_block_private:
+___
+$code.=<<___ if (!$LITTLE_ENDIAN);
+	lwz	$t1,0($inp)
+	xor	$a2,@V[3],@V[5]		; B^C, magic seed
+	lwz	$t0,4($inp)
+	xor	$a3,@V[2],@V[4]
+___
+$code.=<<___ if ($LITTLE_ENDIAN);
+	lwz	$a1,0($inp)
+	xor	$a2,@V[3],@V[5]		; B^C, magic seed
+	lwz	$a0,4($inp)
+	xor	$a3,@V[2],@V[4]
+	rotlwi	$t1,$a1,8
+	 rotlwi	$t0,$a0,8
+	rlwimi	$t1,$a1,24,0,7
+	 rlwimi	$t0,$a0,24,0,7
+	rlwimi	$t1,$a1,24,16,23
+	 rlwimi	$t0,$a0,24,16,23
+___
+for($i=0;$i<16;$i++) {
+	&ROUND_00_15_ppc32($i,@V);
+	unshift(@V,pop(@V));	unshift(@V,pop(@V));
+	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
+}
+$code.=<<___;
+	li	$a0,`$rounds/16-1`
+	mtctr	$a0
+.align	4
+Lrounds:
+	addi	$Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+	&ROUND_16_xx_ppc32($i,@V);
+	unshift(@V,pop(@V));	unshift(@V,pop(@V));
+	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
+}
+$code.=<<___;
+	bdnz	Lrounds
+
+	$POP	$ctx,`$FRAME-$SIZE_T*22`($sp)
+	$POP	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
+	$POP	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
+	subi	$Tbl,$Tbl,`($rounds-16)*$SZ`	; rewind Tbl
+
+	lwz	$t0,`$LITTLE_ENDIAN^0`($ctx)
+	lwz	$t1,`$LITTLE_ENDIAN^4`($ctx)
+	lwz	$t2,`$LITTLE_ENDIAN^8`($ctx)
+	lwz	$t3,`$LITTLE_ENDIAN^12`($ctx)
+	lwz	$a0,`$LITTLE_ENDIAN^16`($ctx)
+	lwz	$a1,`$LITTLE_ENDIAN^20`($ctx)
+	lwz	$a2,`$LITTLE_ENDIAN^24`($ctx)
+	addc	@V[1],@V[1],$t1
+	lwz	$a3,`$LITTLE_ENDIAN^28`($ctx)
+	adde	@V[0],@V[0],$t0
+	lwz	$t0,`$LITTLE_ENDIAN^32`($ctx)
+	addc	@V[3],@V[3],$t3
+	lwz	$t1,`$LITTLE_ENDIAN^36`($ctx)
+	adde	@V[2],@V[2],$t2
+	lwz	$t2,`$LITTLE_ENDIAN^40`($ctx)
+	addc	@V[5],@V[5],$a1
+	lwz	$t3,`$LITTLE_ENDIAN^44`($ctx)
+	adde	@V[4],@V[4],$a0
+	lwz	$a0,`$LITTLE_ENDIAN^48`($ctx)
+	addc	@V[7],@V[7],$a3
+	lwz	$a1,`$LITTLE_ENDIAN^52`($ctx)
+	adde	@V[6],@V[6],$a2
+	lwz	$a2,`$LITTLE_ENDIAN^56`($ctx)
+	addc	@V[9],@V[9],$t1
+	lwz	$a3,`$LITTLE_ENDIAN^60`($ctx)
+	adde	@V[8],@V[8],$t0
+	stw	@V[0],`$LITTLE_ENDIAN^0`($ctx)
+	stw	@V[1],`$LITTLE_ENDIAN^4`($ctx)
+	addc	@V[11],@V[11],$t3
+	stw	@V[2],`$LITTLE_ENDIAN^8`($ctx)
+	stw	@V[3],`$LITTLE_ENDIAN^12`($ctx)
+	adde	@V[10],@V[10],$t2
+	stw	@V[4],`$LITTLE_ENDIAN^16`($ctx)
+	stw	@V[5],`$LITTLE_ENDIAN^20`($ctx)
+	addc	@V[13],@V[13],$a1
+	stw	@V[6],`$LITTLE_ENDIAN^24`($ctx)
+	stw	@V[7],`$LITTLE_ENDIAN^28`($ctx)
+	adde	@V[12],@V[12],$a0
+	stw	@V[8],`$LITTLE_ENDIAN^32`($ctx)
+	stw	@V[9],`$LITTLE_ENDIAN^36`($ctx)
+	addc	@V[15],@V[15],$a3
+	stw	@V[10],`$LITTLE_ENDIAN^40`($ctx)
+	stw	@V[11],`$LITTLE_ENDIAN^44`($ctx)
+	adde	@V[14],@V[14],$a2
+	stw	@V[12],`$LITTLE_ENDIAN^48`($ctx)
+	stw	@V[13],`$LITTLE_ENDIAN^52`($ctx)
+	stw	@V[14],`$LITTLE_ENDIAN^56`($ctx)
+	stw	@V[15],`$LITTLE_ENDIAN^60`($ctx)
+
+	addi	$inp,$inp,`16*$SZ`		; advance inp
+	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)
+	$UCMP	$inp,$num
+	bne	Lsha2_block_private
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+.size	$func,.-$func
+___
+}
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
+	addi	$Tbl,$Tbl,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-s390x.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-s390x.pl
new file mode 100644
index 0000000..427d6f8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-s390x.pl
@@ -0,0 +1,322 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 block procedures for s390x.
+
+# April 2007.
+#
+# sha256_block_data_order is reportedly >3 times faster than gcc 3.3
+# generated code (must be a bug in compiler, as improvement is
+# "pathologically" high, in particular in comparison to other SHA
+# modules). But the real twist is that it detects if hardware support
+# for SHA256 is available and in such case utilizes it. Then the
+# performance can reach >6.5x of assembler one for larger chunks.
+#
+# sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
+
+# January 2009.
+#
+# Add support for hardware SHA512 and reschedule instructions to
+# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
+# than software.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 SHA256 was measured to
+# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+	$SIZE_T=4;
+	$g="";
+} else {
+	$SIZE_T=8;
+	$g="g";
+}
+
+$t0="%r0";
+$t1="%r1";
+$ctx="%r2";	$t2="%r2";
+$inp="%r3";
+$len="%r4";	# used as index in inner loop
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";
+$F="%r10";
+$G="%r11";
+$H="%r12";	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$tbl="%r13";
+$T1="%r14";
+$sp="%r15";
+
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="lg";	# load from memory
+	$ST="stg";	# store to memory
+	$ADD="alg";	# add with memory operand
+	$ROT="rllg";	# rotate left
+	$SHR="srlg";	# logical right shift [see even at the end]
+	@Sigma0=(25,30,36);
+	@Sigma1=(23,46,50);
+	@sigma0=(56,63, 7);
+	@sigma1=( 3,45, 6);
+	$rounds=80;
+	$kimdfunc=3;	# 0 means unknown/unsupported/unimplemented/disabled
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="llgf";	# load from memory
+	$ST="st";	# store to memory
+	$ADD="al";	# add with memory operand
+	$ROT="rll";	# rotate left
+	$SHR="srl";	# logical right shift
+	@Sigma0=(10,19,30);
+	@Sigma1=( 7,21,26);
+	@sigma0=(14,25, 3);
+	@sigma1=(13,15,10);
+	$rounds=64;
+	$kimdfunc=2;	# magic function code for kimd instruction
+}
+$Func="sha${label}_block_data_order";
+$Table="K${label}";
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*$SZ;
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+	$LD	$T1,`$i*$SZ`($inp)	### $i
+___
+$code.=<<___;
+	$ROT	$t0,$e,$Sigma1[0]
+	$ROT	$t1,$e,$Sigma1[1]
+	 lgr	$t2,$f
+	xgr	$t0,$t1
+	$ROT	$t1,$t1,`$Sigma1[2]-$Sigma1[1]`
+	 xgr	$t2,$g
+	$ST	$T1,`$stdframe+$SZ*($i%16)`($sp)
+	xgr	$t0,$t1			# Sigma1(e)
+	algr	$T1,$h			# T1+=h
+	 ngr	$t2,$e
+	 lgr	$t1,$a
+	algr	$T1,$t0			# T1+=Sigma1(e)
+	$ROT	$h,$a,$Sigma0[0]
+	 xgr	$t2,$g			# Ch(e,f,g)
+	$ADD	$T1,`$i*$SZ`($len,$tbl)	# T1+=K[i]
+	$ROT	$t0,$a,$Sigma0[1]
+	algr	$T1,$t2			# T1+=Ch(e,f,g)
+	 ogr	$t1,$b
+	xgr	$h,$t0
+	 lgr	$t2,$a
+	 ngr	$t1,$c
+	$ROT	$t0,$t0,`$Sigma0[2]-$Sigma0[1]`
+	xgr	$h,$t0			# h=Sigma0(a)
+	 ngr	$t2,$b
+	algr	$h,$T1			# h+=T1
+	 ogr	$t2,$t1			# Maj(a,b,c)
+	algr	$d,$T1			# d+=T1
+	algr	$h,$t2			# h+=Maj(a,b,c)
+___
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	$LD	$T1,`$stdframe+$SZ*(($i+1)%16)`($sp)	### $i
+	$LD	$t1,`$stdframe+$SZ*(($i+14)%16)`($sp)
+	$ROT	$t0,$T1,$sigma0[0]
+	$SHR	$T1,$sigma0[2]
+	$ROT	$t2,$t0,`$sigma0[1]-$sigma0[0]`
+	xgr	$T1,$t0
+	$ROT	$t0,$t1,$sigma1[0]
+	xgr	$T1,$t2					# sigma0(X[i+1])
+	$SHR	$t1,$sigma1[2]
+	$ADD	$T1,`$stdframe+$SZ*($i%16)`($sp)	# +=X[i]
+	xgr	$t1,$t0
+	$ROT	$t0,$t0,`$sigma1[1]-$sigma1[0]`
+	$ADD	$T1,`$stdframe+$SZ*(($i+9)%16)`($sp)	# +=X[i+9]
+	xgr	$t1,$t0				# sigma1(X[i+14])
+	algr	$T1,$t1				# +=sigma1(X[i+14])
+___
+	&BODY_00_15(@_);
+}
+
+$code.=<<___;
+.text
+.align	64
+.type	$Table,\@object
+$Table:
+___
+$code.=<<___ if ($SZ==4);
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___ if ($SZ==8);
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___;
+.size	$Table,.-$Table
+.globl	$Func
+.type	$Func,\@function
+$Func:
+	sllg	$len,$len,`log(16*$SZ)/log(2)`
+___
+$code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,16(%r1)	# check kimd capabilities
+	tmhh	%r0,`0x8000>>$kimdfunc`
+	jz	.Lsoftware
+	lghi	%r0,$kimdfunc
+	lgr	%r1,$ctx
+	lgr	%r2,$inp
+	lgr	%r3,$len
+	.long	0xb93e0002	# kimd %r0,%r2
+	brc	1,.-4		# pay attention to "partial completion"
+	br	%r14
+.align	16
+.Lsoftware:
+___
+$code.=<<___;
+	lghi	%r1,-$frame
+	la	$len,0($len,$inp)
+	stm${g}	$ctx,%r15,`2*$SIZE_T`($sp)
+	lgr	%r0,$sp
+	la	$sp,0(%r1,$sp)
+	st${g}	%r0,0($sp)
+
+	larl	$tbl,$Table
+	$LD	$A,`0*$SZ`($ctx)
+	$LD	$B,`1*$SZ`($ctx)
+	$LD	$C,`2*$SZ`($ctx)
+	$LD	$D,`3*$SZ`($ctx)
+	$LD	$E,`4*$SZ`($ctx)
+	$LD	$F,`5*$SZ`($ctx)
+	$LD	$G,`6*$SZ`($ctx)
+	$LD	$H,`7*$SZ`($ctx)
+
+.Lloop:
+	lghi	$len,0
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	aghi	$len,`16*$SZ`
+	lghi	$t0,`($rounds-16)*$SZ`
+	clgr	$len,$t0
+	jne	.Lrounds_16_xx
+
+	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
+	la	$inp,`16*$SZ`($inp)
+	$ADD	$A,`0*$SZ`($ctx)
+	$ADD	$B,`1*$SZ`($ctx)
+	$ADD	$C,`2*$SZ`($ctx)
+	$ADD	$D,`3*$SZ`($ctx)
+	$ADD	$E,`4*$SZ`($ctx)
+	$ADD	$F,`5*$SZ`($ctx)
+	$ADD	$G,`6*$SZ`($ctx)
+	$ADD	$H,`7*$SZ`($ctx)
+	$ST	$A,`0*$SZ`($ctx)
+	$ST	$B,`1*$SZ`($ctx)
+	$ST	$C,`2*$SZ`($ctx)
+	$ST	$D,`3*$SZ`($ctx)
+	$ST	$E,`4*$SZ`($ctx)
+	$ST	$F,`5*$SZ`($ctx)
+	$ST	$G,`6*$SZ`($ctx)
+	$ST	$H,`7*$SZ`($ctx)
+	cl${g}	$inp,`$frame+4*$SIZE_T`($sp)
+	jne	.Lloop
+
+	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)	
+	br	%r14
+.size	$Func,.-$Func
+.string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-sparcv9.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-sparcv9.pl
new file mode 100644
index 0000000..4a1ce5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-sparcv9.pl
@@ -0,0 +1,857 @@
+#! /usr/bin/env perl
+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+#
+# Hardware SPARC T4 support by David S. Miller <davem@davemloft.net>.
+# ====================================================================
+
+# SHA256 performance improvement over compiler generated code varies
+# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit
+# build]. Just like in SHA1 module I aim to ensure scalability on
+# UltraSPARC T1 by packing X[16] to 8 64-bit registers.
+
+# SHA512 on pre-T1 UltraSPARC.
+#
+# Performance is >75% better than 64-bit code generated by Sun C and
+# over 2x than 32-bit code. X[16] resides on stack, but access to it
+# is scheduled for L2 latency and staged through 32 least significant
+# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI
+# duality. Nevetheless it's ~40% faster than SHA256, which is pretty
+# good [optimal coefficient is 50%].
+#
+# SHA512 on UltraSPARC T1.
+#
+# It's not any faster than 64-bit code generated by Sun C 5.8. This is
+# because 64-bit code generator has the advantage of using 64-bit
+# loads(*) to access X[16], which I consciously traded for 32-/64-bit
+# ABI duality [as per above]. But it surpasses 32-bit Sun C generated
+# code by 60%, not to mention that it doesn't suffer from severe decay
+# when running 4 times physical cores threads and that it leaves gcc
+# [3.4] behind by over 4x factor! If compared to SHA256, single thread
+# performance is only 10% better, but overall throughput for maximum
+# amount of threads for given CPU exceeds corresponding one of SHA256
+# by 30% [again, optimal coefficient is 50%].
+#
+# (*)	Unlike pre-T1 UltraSPARC loads on T1 are executed strictly
+#	in-order, i.e. load instruction has to complete prior next
+#	instruction in given thread is executed, even if the latter is
+#	not dependent on load result! This means that on T1 two 32-bit
+#	loads are always slower than one 64-bit load. Once again this
+#	is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+#	2x32-bit loads can be as fast as 1x64-bit ones.
+#
+# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte,
+# which is 9.3x/11.1x faster than software. Multi-process benchmark
+# saturates at 11.5x single-process result on 8-core processor, or
+# ~11/16GBps per 2.85GHz socket.
+
+$output=pop;
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+	$label="512";
+	$SZ=8;
+	$LD="ldx";		# load from memory
+	$ST="stx";		# store to memory
+	$SLL="sllx";		# shift left logical
+	$SRL="srlx";		# shift right logical
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=( 7, 1, 8);	# right shift first
+	@sigma1=( 6,19,61);	# right shift first
+	$lastK=0x817;
+	$rounds=80;
+	$align=4;
+
+	$locals=16*$SZ;		# X[16]
+
+	$A="%o0";
+	$B="%o1";
+	$C="%o2";
+	$D="%o3";
+	$E="%o4";
+	$F="%o5";
+	$G="%g1";
+	$H="%o7";
+	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+} else {
+	$label="256";
+	$SZ=4;
+	$LD="ld";		# load from memory
+	$ST="st";		# store to memory
+	$SLL="sll";		# shift left logical
+	$SRL="srl";		# shift right logical
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 3, 7,18);	# right shift first
+	@sigma1=(10,17,19);	# right shift first
+	$lastK=0x8f2;
+	$rounds=64;
+	$align=8;
+
+	$locals=0;		# X[16] is register resident
+	@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+	
+	$A="%l0";
+	$B="%l1";
+	$C="%l2";
+	$D="%l3";
+	$E="%l4";
+	$F="%l5";
+	$G="%l6";
+	$H="%l7";
+	@V=($A,$B,$C,$D,$E,$F,$G,$H);
+}
+$T1="%g2";
+$tmp0="%g3";
+$tmp1="%g4";
+$tmp2="%g5";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$Ktbl="%i3";
+$tmp31="%i4";
+$tmp32="%i5";
+
+########### SHA256
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i==0) {
+$code.=<<___;
+	ldx	[$inp+0],@X[0]
+	ldx	[$inp+16],@X[2]
+	ldx	[$inp+32],@X[4]
+	ldx	[$inp+48],@X[6]
+	ldx	[$inp+8],@X[1]
+	ldx	[$inp+24],@X[3]
+	subcc	%g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too
+	ldx	[$inp+40],@X[5]
+	bz,pt	%icc,.Laligned
+	ldx	[$inp+56],@X[7]
+
+	sllx	@X[0],$tmp31,@X[0]
+	ldx	[$inp+64],$T1
+___
+for($j=0;$j<7;$j++)
+{   $code.=<<___;
+	srlx	@X[$j+1],$tmp32,$tmp1
+	sllx	@X[$j+1],$tmp31,@X[$j+1]
+	or	$tmp1,@X[$j],@X[$j]
+___
+}
+$code.=<<___;
+	srlx	$T1,$tmp32,$T1
+	or	$T1,@X[7],@X[7]
+.Laligned:
+___
+    }
+
+    if ($i&1) {
+	$code.="\tadd	@X[$i/2],$h,$T1\n";
+    } else {
+	$code.="\tsrlx	@X[$i/2],32,$T1\n\tadd	$h,$T1,$T1\n";
+    }
+} if ($SZ==4);
+
+########### SHA512
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8));
+
+$code.=<<___ if ($i==0);
+	ld	[$inp+0],%l0
+	ld	[$inp+4],%l1
+	ld	[$inp+8],%l2
+	ld	[$inp+12],%l3
+	ld	[$inp+16],%l4
+	ld	[$inp+20],%l5
+	ld	[$inp+24],%l6
+	cmp	$tmp31,0
+	ld	[$inp+28],%l7
+___
+$code.=<<___ if ($i<15);
+	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
+	add	$tmp31,32,$tmp0
+	sllx	@pair[0],$tmp0,$tmp1
+	`"ld	[$inp+".eval(32+0+$i*8)."],@pair[0]"	if ($i<12)`
+	srlx	@pair[2],$tmp32,@pair[1]
+	or	$tmp1,$tmp2,$tmp2
+	or	@pair[1],$tmp2,$tmp2
+	`"ld	[$inp+".eval(32+4+$i*8)."],@pair[1]"	if ($i<12)`
+	add	$h,$tmp2,$T1
+	$ST	$tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`]
+___
+$code.=<<___ if ($i==12);
+	bnz,a,pn	%icc,.+8
+	ld	[$inp+128],%l0
+___
+$code.=<<___ if ($i==15);
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2
+	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
+	add	$tmp31,32,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3
+	sllx	@pair[0],$tmp0,$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4
+	srlx	@pair[2],$tmp32,@pair[1]
+	or	$tmp1,$tmp2,$tmp2
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5
+	or	@pair[1],$tmp2,$tmp2
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6
+	add	$h,$tmp2,$T1
+	$ST	$tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`]
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1
+___
+} if ($SZ==8);
+
+########### common
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i<16) {
+	&$Xload(@_);
+    } else {
+	$code.="\tadd	$h,$T1,$T1\n";
+    }
+
+$code.=<<___;
+	$SRL	$e,@Sigma1[0],$h	!! $i
+	xor	$f,$g,$tmp2
+	$SLL	$e,`$SZ*8-@Sigma1[2]`,$tmp1
+	and	$e,$tmp2,$tmp2
+	$SRL	$e,@Sigma1[1],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$e,`$SZ*8-@Sigma1[1]`,$tmp1
+	xor	$tmp0,$h,$h
+	$SRL	$e,@Sigma1[2],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$e,`$SZ*8-@Sigma1[0]`,$tmp1
+	xor	$tmp0,$h,$h
+	xor	$g,$tmp2,$tmp2		! Ch(e,f,g)
+	xor	$tmp1,$h,$tmp0		! Sigma1(e)
+
+	$SRL	$a,@Sigma0[0],$h
+	add	$tmp2,$T1,$T1
+	$LD	[$Ktbl+`$i*$SZ`],$tmp2	! K[$i]
+	$SLL	$a,`$SZ*8-@Sigma0[2]`,$tmp1
+	add	$tmp0,$T1,$T1
+	$SRL	$a,@Sigma0[1],$tmp0
+	xor	$tmp1,$h,$h
+	$SLL	$a,`$SZ*8-@Sigma0[1]`,$tmp1
+	xor	$tmp0,$h,$h
+	$SRL	$a,@Sigma0[2],$tmp0
+	xor	$tmp1,$h,$h	
+	$SLL	$a,`$SZ*8-@Sigma0[0]`,$tmp1
+	xor	$tmp0,$h,$h
+	xor	$tmp1,$h,$h		! Sigma0(a)
+
+	or	$a,$b,$tmp0
+	and	$a,$b,$tmp1
+	and	$c,$tmp0,$tmp0
+	or	$tmp0,$tmp1,$tmp1	! Maj(a,b,c)
+	add	$tmp2,$T1,$T1		! +=K[$i]
+	add	$tmp1,$h,$h
+
+	add	$T1,$d,$d
+	add	$T1,$h,$h
+___
+}
+
+########### SHA256
+$BODY_16_XX = sub {
+my $i=@_[0];
+my $xi;
+
+    if ($i&1) {
+	$xi=$tmp32;
+	$code.="\tsrlx	@X[(($i+1)/2)%8],32,$xi\n";
+    } else {
+	$xi=@X[(($i+1)/2)%8];
+    }
+$code.=<<___;
+	srl	$xi,@sigma0[0],$T1		!! Xupdate($i)
+	sll	$xi,`32-@sigma0[2]`,$tmp1
+	srl	$xi,@sigma0[1],$tmp0
+	xor	$tmp1,$T1,$T1
+	sll	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+	xor	$tmp0,$T1,$T1
+	srl	$xi,@sigma0[2],$tmp0
+	xor	$tmp1,$T1,$T1
+___
+    if ($i&1) {
+	$xi=@X[(($i+14)/2)%8];
+    } else {
+	$xi=$tmp32;
+	$code.="\tsrlx	@X[(($i+14)/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+	srl	$xi,@sigma1[0],$tmp2
+	xor	$tmp0,$T1,$T1			! T1=sigma0(X[i+1])
+	sll	$xi,`32-@sigma1[2]`,$tmp1
+	srl	$xi,@sigma1[1],$tmp0
+	xor	$tmp1,$tmp2,$tmp2
+	sll	$tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1
+	xor	$tmp0,$tmp2,$tmp2
+	srl	$xi,@sigma1[2],$tmp0
+	xor	$tmp1,$tmp2,$tmp2
+___
+    if ($i&1) {
+	$xi=@X[($i/2)%8];
+$code.=<<___;
+	srlx	@X[(($i+9)/2)%8],32,$tmp1	! X[i+9]
+	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
+	srl	@X[($i/2)%8],0,$tmp0
+	add	$tmp2,$tmp1,$tmp1
+	add	$xi,$T1,$T1			! +=X[i]
+	xor	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
+	add	$tmp1,$T1,$T1
+
+	srl	$T1,0,$T1
+	or	$T1,@X[($i/2)%8],@X[($i/2)%8]
+___
+    } else {
+	$xi=@X[(($i+9)/2)%8];
+$code.=<<___;
+	srlx	@X[($i/2)%8],32,$tmp1		! X[i]
+	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
+	add	$xi,$T1,$T1			! +=X[i+9]
+	add	$tmp2,$tmp1,$tmp1
+	srl	@X[($i/2)%8],0,@X[($i/2)%8]
+	add	$tmp1,$T1,$T1
+
+	sllx	$T1,32,$tmp0
+	or	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
+___
+    }
+    &BODY_00_15(@_);
+} if ($SZ==4);
+
+########### SHA512
+$BODY_16_XX = sub {
+my $i=@_[0];
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1));
+
+$code.=<<___;
+	sllx	%l2,32,$tmp0		!! Xupdate($i)
+	or	%l3,$tmp0,$tmp0
+
+	srlx	$tmp0,@sigma0[0],$T1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2
+	sllx	$tmp0,`64-@sigma0[2]`,$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3
+	srlx	$tmp0,@sigma0[1],$tmp0
+	xor	$tmp1,$T1,$T1
+	sllx	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+	xor	$tmp0,$T1,$T1
+	srlx	$tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0
+	xor	$tmp1,$T1,$T1
+	sllx	%l6,32,$tmp2
+	xor	$tmp0,$T1,$T1		! sigma0(X[$i+1])
+	or	%l7,$tmp2,$tmp2
+
+	srlx	$tmp2,@sigma1[0],$tmp1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6
+	sllx	$tmp2,`64-@sigma1[2]`,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7
+	srlx	$tmp2,@sigma1[1],$tmp2
+	xor	$tmp0,$tmp1,$tmp1
+	sllx	$tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0
+	xor	$tmp2,$tmp1,$tmp1
+	srlx	$tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2
+	xor	$tmp0,$tmp1,$tmp1
+	sllx	%l4,32,$tmp0
+	xor	$tmp2,$tmp1,$tmp1	! sigma1(X[$i+14])
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4
+	or	%l5,$tmp0,$tmp0
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5
+
+	sllx	%l0,32,$tmp2
+	add	$tmp1,$T1,$T1
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0
+	or	%l1,$tmp2,$tmp2
+	add	$tmp0,$T1,$T1		! +=X[$i+9]
+	ld	[%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1
+	add	$tmp2,$T1,$T1		! +=X[$i]
+	$ST	$T1,[%sp+STACK_BIAS+STACK_FRAME+`($i%16)*$SZ`]
+___
+    &BODY_00_15(@_);
+} if ($SZ==8);
+
+$code.=<<___;
+#include "sparc_arch.h"
+
+#ifdef __arch64__
+.register	%g2,#scratch
+.register	%g3,#scratch
+#endif
+
+.section	".text",#alloc,#execinstr
+
+.align	64
+K${label}:
+.type	K${label},#object
+___
+if ($SZ==4) {
+$code.=<<___;
+	.long	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+	.long	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+	.long	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+	.long	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+	.long	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+	.long	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+	.long	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+	.long	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+	.long	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+	.long	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+	.long	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+	.long	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+	.long	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+	.long	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+	.long	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+	.long	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+	.long	0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+	.long	0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+	.long	0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+	.long	0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+	.long	0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+	.long	0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+	.long	0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+	.long	0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+	.long	0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+	.long	0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+	.long	0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+	.long	0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+	.long	0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+	.long	0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+	.long	0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+	.long	0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+	.long	0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+	.long	0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+	.long	0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+	.long	0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+	.long	0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+	.long	0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+	.long	0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+	.long	0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+	.long	0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+	.long	0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+	.long	0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+	.long	0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+	.long	0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+	.long	0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+	.long	0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+	.long	0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+	.long	0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+	.long	0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+	.long	0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+	.long	0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+	.long	0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+	.long	0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+	.long	0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+	.long	0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+___
+}
+$code.=<<___;
+.size	K${label},.-K${label}
+
+#ifdef __PIC__
+SPARC_PIC_THUNK(%g1)
+#endif
+
+.globl	sha${label}_block_data_order
+.align	32
+sha${label}_block_data_order:
+	SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5)
+	ld	[%g1+4],%g1		! OPENSSL_sparcv9cap_P[1]
+
+	andcc	%g1, CFR_SHA${label}, %g0
+	be	.Lsoftware
+	nop
+___
+$code.=<<___ if ($SZ==8); 		# SHA512
+	ldd	[%o0 + 0x00], %f0	! load context
+	ldd	[%o0 + 0x08], %f2
+	ldd	[%o0 + 0x10], %f4
+	ldd	[%o0 + 0x18], %f6
+	ldd	[%o0 + 0x20], %f8
+	ldd	[%o0 + 0x28], %f10
+	andcc	%o1, 0x7, %g0
+	ldd	[%o0 + 0x30], %f12
+	bne,pn	%icc, .Lhwunaligned
+	 ldd	[%o0 + 0x38], %f14
+
+.Lhwaligned_loop:
+	ldd	[%o1 + 0x00], %f16
+	ldd	[%o1 + 0x08], %f18
+	ldd	[%o1 + 0x10], %f20
+	ldd	[%o1 + 0x18], %f22
+	ldd	[%o1 + 0x20], %f24
+	ldd	[%o1 + 0x28], %f26
+	ldd	[%o1 + 0x30], %f28
+	ldd	[%o1 + 0x38], %f30
+	ldd	[%o1 + 0x40], %f32
+	ldd	[%o1 + 0x48], %f34
+	ldd	[%o1 + 0x50], %f36
+	ldd	[%o1 + 0x58], %f38
+	ldd	[%o1 + 0x60], %f40
+	ldd	[%o1 + 0x68], %f42
+	ldd	[%o1 + 0x70], %f44
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x78], %f46
+	add	%o1, 0x80, %o1
+	prefetch [%o1 + 63], 20
+	prefetch [%o1 + 64+63], 20
+
+	.word	0x81b02860		! SHA512
+
+	bne,pt	SIZE_T_CC, .Lhwaligned_loop
+	nop
+
+.Lhwfinish:
+	std	%f0, [%o0 + 0x00]	! store context
+	std	%f2, [%o0 + 0x08]
+	std	%f4, [%o0 + 0x10]
+	std	%f6, [%o0 + 0x18]
+	std	%f8, [%o0 + 0x20]
+	std	%f10, [%o0 + 0x28]
+	std	%f12, [%o0 + 0x30]
+	retl
+	 std	%f14, [%o0 + 0x38]
+
+.align	16
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f18
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f20
+	ldd	[%o1 + 0x10], %f22
+	ldd	[%o1 + 0x18], %f24
+	ldd	[%o1 + 0x20], %f26
+	ldd	[%o1 + 0x28], %f28
+	ldd	[%o1 + 0x30], %f30
+	ldd	[%o1 + 0x38], %f32
+	ldd	[%o1 + 0x40], %f34
+	ldd	[%o1 + 0x48], %f36
+	ldd	[%o1 + 0x50], %f38
+	ldd	[%o1 + 0x58], %f40
+	ldd	[%o1 + 0x60], %f42
+	ldd	[%o1 + 0x68], %f44
+	ldd	[%o1 + 0x70], %f46
+	ldd	[%o1 + 0x78], %f48
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x80], %f50
+	add	%o1, 0x80, %o1
+	prefetch [%o1 + 63], 20
+	prefetch [%o1 + 64+63], 20
+
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+	faligndata %f26, %f28, %f24
+	faligndata %f28, %f30, %f26
+	faligndata %f30, %f32, %f28
+	faligndata %f32, %f34, %f30
+	faligndata %f34, %f36, %f32
+	faligndata %f36, %f38, %f34
+	faligndata %f38, %f40, %f36
+	faligndata %f40, %f42, %f38
+	faligndata %f42, %f44, %f40
+	faligndata %f44, %f46, %f42
+	faligndata %f46, %f48, %f44
+	faligndata %f48, %f50, %f46
+
+	.word	0x81b02860		! SHA512
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f50, %f50, %f18	! %f18=%f50
+
+	ba	.Lhwfinish
+	nop
+___
+$code.=<<___ if ($SZ==4); 		# SHA256
+	ld	[%o0 + 0x00], %f0
+	ld	[%o0 + 0x04], %f1
+	ld	[%o0 + 0x08], %f2
+	ld	[%o0 + 0x0c], %f3
+	ld	[%o0 + 0x10], %f4
+	ld	[%o0 + 0x14], %f5
+	andcc	%o1, 0x7, %g0
+	ld	[%o0 + 0x18], %f6
+	bne,pn	%icc, .Lhwunaligned
+	 ld	[%o0 + 0x1c], %f7
+
+.Lhwloop:
+	ldd	[%o1 + 0x00], %f8
+	ldd	[%o1 + 0x08], %f10
+	ldd	[%o1 + 0x10], %f12
+	ldd	[%o1 + 0x18], %f14
+	ldd	[%o1 + 0x20], %f16
+	ldd	[%o1 + 0x28], %f18
+	ldd	[%o1 + 0x30], %f20
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x38], %f22
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	.word	0x81b02840		! SHA256
+
+	bne,pt	SIZE_T_CC, .Lhwloop
+	nop
+
+.Lhwfinish:
+	st	%f0, [%o0 + 0x00]	! store context
+	st	%f1, [%o0 + 0x04]
+	st	%f2, [%o0 + 0x08]
+	st	%f3, [%o0 + 0x0c]
+	st	%f4, [%o0 + 0x10]
+	st	%f5, [%o0 + 0x14]
+	st	%f6, [%o0 + 0x18]
+	retl
+	 st	%f7, [%o0 + 0x1c]
+
+.align	8
+.Lhwunaligned:
+	alignaddr %o1, %g0, %o1
+
+	ldd	[%o1 + 0x00], %f10
+.Lhwunaligned_loop:
+	ldd	[%o1 + 0x08], %f12
+	ldd	[%o1 + 0x10], %f14
+	ldd	[%o1 + 0x18], %f16
+	ldd	[%o1 + 0x20], %f18
+	ldd	[%o1 + 0x28], %f20
+	ldd	[%o1 + 0x30], %f22
+	ldd	[%o1 + 0x38], %f24
+	subcc	%o2, 1, %o2		! done yet?
+	ldd	[%o1 + 0x40], %f26
+	add	%o1, 0x40, %o1
+	prefetch [%o1 + 63], 20
+
+	faligndata %f10, %f12, %f8
+	faligndata %f12, %f14, %f10
+	faligndata %f14, %f16, %f12
+	faligndata %f16, %f18, %f14
+	faligndata %f18, %f20, %f16
+	faligndata %f20, %f22, %f18
+	faligndata %f22, %f24, %f20
+	faligndata %f24, %f26, %f22
+
+	.word	0x81b02840		! SHA256
+
+	bne,pt	SIZE_T_CC, .Lhwunaligned_loop
+	for	%f26, %f26, %f10	! %f10=%f26
+
+	ba	.Lhwfinish
+	nop
+___
+$code.=<<___;
+.align	16
+.Lsoftware:
+	save	%sp,-STACK_FRAME-$locals,%sp
+	and	$inp,`$align-1`,$tmp31
+	sllx	$len,`log(16*$SZ)/log(2)`,$len
+	andn	$inp,`$align-1`,$inp
+	sll	$tmp31,3,$tmp31
+	add	$inp,$len,$len
+___
+$code.=<<___ if ($SZ==8); # SHA512
+	mov	32,$tmp32
+	sub	$tmp32,$tmp31,$tmp32
+___
+$code.=<<___;
+.Lpic:	call	.+8
+	add	%o7,K${label}-.Lpic,$Ktbl
+
+	$LD	[$ctx+`0*$SZ`],$A
+	$LD	[$ctx+`1*$SZ`],$B
+	$LD	[$ctx+`2*$SZ`],$C
+	$LD	[$ctx+`3*$SZ`],$D
+	$LD	[$ctx+`4*$SZ`],$E
+	$LD	[$ctx+`5*$SZ`],$F
+	$LD	[$ctx+`6*$SZ`],$G
+	$LD	[$ctx+`7*$SZ`],$H
+
+.Lloop:
+___
+for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".L16_xx:\n";
+for (;$i<32;$i++)	{ &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	and	$tmp2,0xfff,$tmp2
+	cmp	$tmp2,$lastK
+	bne	.L16_xx
+	add	$Ktbl,`16*$SZ`,$Ktbl	! Ktbl+=16
+
+___
+$code.=<<___ if ($SZ==4); # SHA256
+	$LD	[$ctx+`0*$SZ`],@X[0]
+	$LD	[$ctx+`1*$SZ`],@X[1]
+	$LD	[$ctx+`2*$SZ`],@X[2]
+	$LD	[$ctx+`3*$SZ`],@X[3]
+	$LD	[$ctx+`4*$SZ`],@X[4]
+	$LD	[$ctx+`5*$SZ`],@X[5]
+	$LD	[$ctx+`6*$SZ`],@X[6]
+	$LD	[$ctx+`7*$SZ`],@X[7]
+
+	add	$A,@X[0],$A
+	$ST	$A,[$ctx+`0*$SZ`]
+	add	$B,@X[1],$B
+	$ST	$B,[$ctx+`1*$SZ`]
+	add	$C,@X[2],$C
+	$ST	$C,[$ctx+`2*$SZ`]
+	add	$D,@X[3],$D
+	$ST	$D,[$ctx+`3*$SZ`]
+	add	$E,@X[4],$E
+	$ST	$E,[$ctx+`4*$SZ`]
+	add	$F,@X[5],$F
+	$ST	$F,[$ctx+`5*$SZ`]
+	add	$G,@X[6],$G
+	$ST	$G,[$ctx+`6*$SZ`]
+	add	$H,@X[7],$H
+	$ST	$H,[$ctx+`7*$SZ`]
+___
+$code.=<<___ if ($SZ==8); # SHA512
+	ld	[$ctx+`0*$SZ+0`],%l0
+	ld	[$ctx+`0*$SZ+4`],%l1
+	ld	[$ctx+`1*$SZ+0`],%l2
+	ld	[$ctx+`1*$SZ+4`],%l3
+	ld	[$ctx+`2*$SZ+0`],%l4
+	ld	[$ctx+`2*$SZ+4`],%l5
+	ld	[$ctx+`3*$SZ+0`],%l6
+
+	sllx	%l0,32,$tmp0
+	ld	[$ctx+`3*$SZ+4`],%l7
+	sllx	%l2,32,$tmp1
+	or	%l1,$tmp0,$tmp0
+	or	%l3,$tmp1,$tmp1
+	add	$tmp0,$A,$A
+	add	$tmp1,$B,$B
+	$ST	$A,[$ctx+`0*$SZ`]
+	sllx	%l4,32,$tmp2
+	$ST	$B,[$ctx+`1*$SZ`]
+	sllx	%l6,32,$T1
+	or	%l5,$tmp2,$tmp2
+	or	%l7,$T1,$T1
+	add	$tmp2,$C,$C
+	$ST	$C,[$ctx+`2*$SZ`]
+	add	$T1,$D,$D
+	$ST	$D,[$ctx+`3*$SZ`]
+
+	ld	[$ctx+`4*$SZ+0`],%l0
+	ld	[$ctx+`4*$SZ+4`],%l1
+	ld	[$ctx+`5*$SZ+0`],%l2
+	ld	[$ctx+`5*$SZ+4`],%l3
+	ld	[$ctx+`6*$SZ+0`],%l4
+	ld	[$ctx+`6*$SZ+4`],%l5
+	ld	[$ctx+`7*$SZ+0`],%l6
+
+	sllx	%l0,32,$tmp0
+	ld	[$ctx+`7*$SZ+4`],%l7
+	sllx	%l2,32,$tmp1
+	or	%l1,$tmp0,$tmp0
+	or	%l3,$tmp1,$tmp1
+	add	$tmp0,$E,$E
+	add	$tmp1,$F,$F
+	$ST	$E,[$ctx+`4*$SZ`]
+	sllx	%l4,32,$tmp2
+	$ST	$F,[$ctx+`5*$SZ`]
+	sllx	%l6,32,$T1
+	or	%l5,$tmp2,$tmp2
+	or	%l7,$T1,$T1
+	add	$tmp2,$G,$G
+	$ST	$G,[$ctx+`6*$SZ`]
+	add	$T1,$H,$H
+	$ST	$H,[$ctx+`7*$SZ`]
+___
+$code.=<<___;
+	add	$inp,`16*$SZ`,$inp		! advance inp
+	cmp	$inp,$len
+	bne	SIZE_T_CC,.Lloop
+	sub	$Ktbl,`($rounds-16)*$SZ`,$Ktbl	! rewind Ktbl
+
+	ret
+	restore
+.type	sha${label}_block_data_order,#function
+.size	sha${label}_block_data_order,(.-sha${label}_block_data_order)
+.asciz	"SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (	"faligndata"	=> 0x048,
+		"for"		=> 0x07c	);
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+	foreach ($rs1,$rs2,$rd) {
+	    return $ref if (!/%f([0-9]{1,2})/);
+	    $_=$1;
+	    if ($1>=32) {
+		return $ref if ($1&1);
+		# re-encode for upper double register addressing
+		$_=($1|$1>>5)&31;
+	    }
+	}
+
+	return	sprintf ".word\t0x%08x !%s",
+			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+			$ref;
+    } else {
+	return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
+	else			{ return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+		    $ref;
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/ge;
+
+	s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
+		&unvis($1,$2,$3,$4)
+	 /ge;
+	s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
+		&unalignaddr($1,$2,$3,$4)
+	 /ge;
+
+	print $_,"\n";
+}
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512-x86_64.pl b/openssl-1.1.0h/crypto/sha/asm/sha512-x86_64.pl
new file mode 100755
index 0000000..c9b7b28
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512-x86_64.pl
@@ -0,0 +1,2407 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# sha256/512_block procedure for x86_64.
+#
+# 40% improvement over compiler-generated code on Opteron. On EM64T
+# sha256 was observed to run >80% faster and sha512 - >40%. No magical
+# tricks, just straight implementation... I really wonder why gcc
+# [being armed with inline assembler] fails to generate as fast code.
+# The only thing which is cool about this module is that it's very
+# same instruction sequence used for both SHA-256 and SHA-512. In
+# former case the instructions operate on 32-bit operands, while in
+# latter - on 64-bit ones. All I had to do is to get one flavor right,
+# the other one passed the test right away:-)
+#
+# sha256_block runs in ~1005 cycles on Opteron, which gives you
+# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
+# frequency in GHz. sha512_block runs in ~1275 cycles, which results
+# in 128*1000/1275=100MBps per GHz. Is there room for improvement?
+# Well, if you compare it to IA-64 implementation, which maintains
+# X[16] in register bank[!], tends to 4 instructions per CPU clock
+# cycle and runs in 1003 cycles, 1275 is very good result for 3-way
+# issue Opteron pipeline and X[16] maintained in memory. So that *if*
+# there is a way to improve it, *then* the only way would be to try to
+# offload X[16] updates to SSE unit, but that would require "deeper"
+# loop unroll, which in turn would naturally cause size blow-up, not
+# to mention increased complexity! And once again, only *if* it's
+# actually possible to noticeably improve overall ILP, instruction
+# level parallelism, on a given CPU implementation in this case.
+#
+# Special note on Intel EM64T. While Opteron CPU exhibits perfect
+# performance ratio of 1.5 between 64- and 32-bit flavors [see above],
+# [currently available] EM64T CPUs apparently are far from it. On the
+# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
+# sha256_block:-( This is presumably because 64-bit shifts/rotates
+# apparently are not atomic instructions, but implemented in microcode.
+#
+# May 2012.
+#
+# Optimization including one of Pavel Semjanov's ideas, alternative
+# Maj, resulted in >=5% improvement on most CPUs, +20% SHA256 and
+# unfortunately -2% SHA512 on P4 [which nobody should care about
+# that much].
+#
+# June 2012.
+#
+# Add SIMD code paths, see below for improvement coefficients. SSSE3
+# code path was not attempted for SHA512, because improvement is not
+# estimated to be high enough, noticeably less than 9%, to justify
+# the effort, not on pre-AVX processors. [Obviously with exclusion
+# for VIA Nano, but it has SHA512 instruction that is faster and
+# should be used instead.] For reference, corresponding estimated
+# upper limit for improvement for SSSE3 SHA256 is 28%. The fact that
+# higher coefficients are observed on VIA Nano and Bulldozer has more
+# to do with specifics of their architecture [which is topic for
+# separate discussion].
+#
+# November 2012.
+#
+# Add AVX2 code path. Two consecutive input blocks are loaded to
+# 256-bit %ymm registers, with data from first block to least
+# significant 128-bit halves and data from second to most significant.
+# The data is then processed with same SIMD instruction sequence as
+# for AVX, but with %ymm as operands. Side effect is increased stack
+# frame, 448 additional bytes in SHA256 and 1152 in SHA512, and 1.2KB
+# code size increase.
+#
+# March 2014.
+#
+# Add support for Intel SHA Extensions.
+
+######################################################################
+# Current performance in cycles per processed byte (less is better):
+#
+#		SHA256	SSSE3       AVX/XOP(*)	    SHA512  AVX/XOP(*)
+#
+# AMD K8	14.9	-	    -		    9.57    -
+# P4		17.3	-	    -		    30.8    -
+# Core 2	15.6	13.8(+13%)  -		    9.97    -
+# Westmere	14.8	12.3(+19%)  -		    9.58    -
+# Sandy Bridge	17.4	14.2(+23%)  11.6(+50%(**))  11.2    8.10(+38%(**))
+# Ivy Bridge	12.6	10.5(+20%)  10.3(+22%)	    8.17    7.22(+13%)
+# Haswell	12.2	9.28(+31%)  7.80(+56%)	    7.66    5.40(+42%)
+# Skylake	11.4	9.03(+26%)  7.70(+48%)      7.25    5.20(+40%)
+# Bulldozer	21.1	13.6(+54%)  13.6(+54%(***)) 13.5    8.58(+57%)
+# VIA Nano	23.0	16.5(+39%)  -		    14.7    -
+# Atom		23.0	18.9(+22%)  -		    14.7    -
+# Silvermont	27.4	20.6(+33%)  -               17.5    -
+# Goldmont	18.9	14.3(+32%)  4.16(+350%)     12.0    -
+#
+# (*)	whichever best applicable, including SHAEXT;
+# (**)	switch from ror to shrd stands for fair share of improvement;
+# (***)	execution time is fully determined by remaining integer-only
+#	part, body_00_15; reducing the amount of SIMD instructions
+#	below certain limit makes no difference/sense; to conserve
+#	space SHA256 XOP code path is therefore omitted;
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+		=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.19) + ($1>=2.22);
+}
+
+if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
+	$avx = ($1>=2.09) + ($1>=2.10);
+}
+
+if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+	   `ml64 2>&1` =~ /Version ([0-9]+)\./) {
+	$avx = ($1>=10) + ($1>=11);
+}
+
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+	$avx = ($2>=3.0) + ($2>3.0);
+}
+
+$shaext=1;	### set to zero if compiling for 1.0.1
+$avx=1		if (!$shaext && $avx);
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+if ($output =~ /512/) {
+	$func="sha512_block_data_order";
+	$TABLE="K512";
+	$SZ=8;
+	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
+					"%r8", "%r9", "%r10","%r11");
+	($T1,$a0,$a1,$a2,$a3)=("%r12","%r13","%r14","%r15","%rdi");
+	@Sigma0=(28,34,39);
+	@Sigma1=(14,18,41);
+	@sigma0=(1,  8, 7);
+	@sigma1=(19,61, 6);
+	$rounds=80;
+} else {
+	$func="sha256_block_data_order";
+	$TABLE="K256";
+	$SZ=4;
+	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
+					"%r8d","%r9d","%r10d","%r11d");
+	($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi");
+	@Sigma0=( 2,13,22);
+	@Sigma1=( 6,11,25);
+	@sigma0=( 7,18, 3);
+	@sigma1=(17,19,10);
+	$rounds=64;
+}
+
+$ctx="%rdi";	# 1st arg, zapped by $a3
+$inp="%rsi";	# 2nd arg
+$Tbl="%rbp";
+
+$_ctx="16*$SZ+0*8(%rsp)";
+$_inp="16*$SZ+1*8(%rsp)";
+$_end="16*$SZ+2*8(%rsp)";
+$_rsp="16*$SZ+3*8(%rsp)";
+$framesz="16*$SZ+4*8";
+
+
+sub ROUND_00_15()
+{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+  my $STRIDE=$SZ;
+     $STRIDE += 16 if ($i%(16/$SZ)==(16/$SZ-1));
+
+$code.=<<___;
+	ror	\$`$Sigma1[2]-$Sigma1[1]`,$a0
+	mov	$f,$a2
+
+	xor	$e,$a0
+	ror	\$`$Sigma0[2]-$Sigma0[1]`,$a1
+	xor	$g,$a2			# f^g
+
+	mov	$T1,`$SZ*($i&0xf)`(%rsp)
+	xor	$a,$a1
+	and	$e,$a2			# (f^g)&e
+
+	ror	\$`$Sigma1[1]-$Sigma1[0]`,$a0
+	add	$h,$T1			# T1+=h
+	xor	$g,$a2			# Ch(e,f,g)=((f^g)&e)^g
+
+	ror	\$`$Sigma0[1]-$Sigma0[0]`,$a1
+	xor	$e,$a0
+	add	$a2,$T1			# T1+=Ch(e,f,g)
+
+	mov	$a,$a2
+	add	($Tbl),$T1		# T1+=K[round]
+	xor	$a,$a1
+
+	xor	$b,$a2			# a^b, b^c in next round
+	ror	\$$Sigma1[0],$a0	# Sigma1(e)
+	mov	$b,$h
+
+	and	$a2,$a3
+	ror	\$$Sigma0[0],$a1	# Sigma0(a)
+	add	$a0,$T1			# T1+=Sigma1(e)
+
+	xor	$a3,$h			# h=Maj(a,b,c)=Ch(a^b,c,b)
+	add	$T1,$d			# d+=T1
+	add	$T1,$h			# h+=T1
+
+	lea	$STRIDE($Tbl),$Tbl	# round++
+___
+$code.=<<___ if ($i<15);
+	add	$a1,$h			# h+=Sigma0(a)
+___
+	($a2,$a3) = ($a3,$a2);
+}
+
+sub ROUND_16_XX()
+{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+	mov	`$SZ*(($i+1)&0xf)`(%rsp),$a0
+	mov	`$SZ*(($i+14)&0xf)`(%rsp),$a2
+
+	mov	$a0,$T1
+	ror	\$`$sigma0[1]-$sigma0[0]`,$a0
+	add	$a1,$a			# modulo-scheduled h+=Sigma0(a)
+	mov	$a2,$a1
+	ror	\$`$sigma1[1]-$sigma1[0]`,$a2
+
+	xor	$T1,$a0
+	shr	\$$sigma0[2],$T1
+	ror	\$$sigma0[0],$a0
+	xor	$a1,$a2
+	shr	\$$sigma1[2],$a1
+
+	ror	\$$sigma1[0],$a2
+	xor	$a0,$T1			# sigma0(X[(i+1)&0xf])
+	xor	$a1,$a2			# sigma1(X[(i+14)&0xf])
+	add	`$SZ*(($i+9)&0xf)`(%rsp),$T1
+
+	add	`$SZ*($i&0xf)`(%rsp),$T1
+	mov	$e,$a0
+	add	$a2,$T1
+	mov	$a,$a1
+___
+	&ROUND_00_15(@_);
+}
+
+$code=<<___;
+.text
+
+.extern	OPENSSL_ia32cap_P
+.globl	$func
+.type	$func,\@function,3
+.align	16
+$func:
+___
+$code.=<<___ if ($SZ==4 || $avx);
+	lea	OPENSSL_ia32cap_P(%rip),%r11
+	mov	0(%r11),%r9d
+	mov	4(%r11),%r10d
+	mov	8(%r11),%r11d
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+	test	\$`1<<29`,%r11d		# check for SHA
+	jnz	_shaext_shortcut
+___
+$code.=<<___ if ($avx && $SZ==8);
+	test	\$`1<<11`,%r10d		# check for XOP
+	jnz	.Lxop_shortcut
+___
+$code.=<<___ if ($avx>1);
+	and	\$`1<<8|1<<5|1<<3`,%r11d	# check for BMI2+AVX2+BMI1
+	cmp	\$`1<<8|1<<5|1<<3`,%r11d
+	je	.Lavx2_shortcut
+___
+$code.=<<___ if ($avx);
+	and	\$`1<<30`,%r9d		# mask "Intel CPU" bit
+	and	\$`1<<28|1<<9`,%r10d	# mask AVX and SSSE3 bits
+	or	%r9d,%r10d
+	cmp	\$`1<<28|1<<9|1<<30`,%r10d
+	je	.Lavx_shortcut
+___
+$code.=<<___ if ($SZ==4);
+	test	\$`1<<9`,%r10d
+	jnz	.Lssse3_shortcut
+___
+$code.=<<___;
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	shl	\$4,%rdx		# num*16
+	sub	\$$framesz,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%r11,$_rsp		# save copy of %rsp
+.Lprologue:
+
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+	mov	$B,$a3
+	lea	$TABLE(%rip),$Tbl
+	xor	$C,$a3			# magic
+___
+	for($i=0;$i<16;$i++) {
+		$code.="	mov	$SZ*$i($inp),$T1\n";
+		$code.="	mov	@ROT[4],$a0\n";
+		$code.="	mov	@ROT[0],$a1\n";
+		$code.="	bswap	$T1\n";
+		&ROUND_00_15($i,@ROT);
+		unshift(@ROT,pop(@ROT));
+	}
+$code.=<<___;
+	jmp	.Lrounds_16_xx
+.align	16
+.Lrounds_16_xx:
+___
+	for(;$i<32;$i++) {
+		&ROUND_16_XX($i,@ROT);
+		unshift(@ROT,pop(@ROT));
+	}
+
+$code.=<<___;
+	cmpb	\$0,`$SZ-1`($Tbl)
+	jnz	.Lrounds_16_xx
+
+	mov	$_ctx,$ctx
+	add	$a1,$A			# modulo-scheduled h+=Sigma0(a)
+	lea	16*$SZ($inp),$inp
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop
+
+	mov	$_rsp,%rsi
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue:
+	ret
+.size	$func,.-$func
+___
+
+if ($SZ==4) {
+$code.=<<___;
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+	.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+	.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+	.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+	.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+	.asciz	"SHA256 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+} else {
+$code.=<<___;
+.align	64
+.type	$TABLE,\@object
+$TABLE:
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xd192e819d6ef5218,0xd69906245565a910
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x28db77f523047d84,0x32caab7b40c72493
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+
+	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+	.asciz	"SHA512 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+}
+
+######################################################################
+# SIMD code paths
+#
+if ($SZ==4 && $shaext) {{{
+######################################################################
+# Intel SHA Extensions implementation of SHA256 update function.
+#
+my ($ctx,$inp,$num,$Tbl)=("%rdi","%rsi","%rdx","%rcx");
+
+my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..2,7..10));
+my @MSG=map("%xmm$_",(3..6));
+
+$code.=<<___;
+.type	sha256_block_data_order_shaext,\@function,3
+.align	64
+sha256_block_data_order_shaext:
+_shaext_shortcut:
+___
+$code.=<<___ if ($win64);
+	lea	`-8-5*16`(%rsp),%rsp
+	movaps	%xmm6,-8-5*16(%rax)
+	movaps	%xmm7,-8-4*16(%rax)
+	movaps	%xmm8,-8-3*16(%rax)
+	movaps	%xmm9,-8-2*16(%rax)
+	movaps	%xmm10,-8-1*16(%rax)
+.Lprologue_shaext:
+___
+$code.=<<___;
+	lea		K256+0x80(%rip),$Tbl
+	movdqu		($ctx),$ABEF		# DCBA
+	movdqu		16($ctx),$CDGH		# HGFE
+	movdqa		0x200-0x80($Tbl),$TMP	# byte swap mask
+
+	pshufd		\$0x1b,$ABEF,$Wi	# ABCD
+	pshufd		\$0xb1,$ABEF,$ABEF	# CDAB
+	pshufd		\$0x1b,$CDGH,$CDGH	# EFGH
+	movdqa		$TMP,$BSWAP		# offload
+	palignr		\$8,$CDGH,$ABEF		# ABEF
+	punpcklqdq	$Wi,$CDGH		# CDGH
+	jmp		.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu		($inp),@MSG[0]
+	movdqu		0x10($inp),@MSG[1]
+	movdqu		0x20($inp),@MSG[2]
+	pshufb		$TMP,@MSG[0]
+	movdqu		0x30($inp),@MSG[3]
+
+	movdqa		0*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	pshufb		$TMP,@MSG[1]
+	movdqa		$CDGH,$CDGH_SAVE	# offload
+	sha256rnds2	$ABEF,$CDGH		# 0-3
+	pshufd		\$0x0e,$Wi,$Wi
+	nop
+	movdqa		$ABEF,$ABEF_SAVE	# offload
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		1*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	pshufb		$TMP,@MSG[2]
+	sha256rnds2	$ABEF,$CDGH		# 4-7
+	pshufd		\$0x0e,$Wi,$Wi
+	lea		0x40($inp),$inp
+	sha256msg1	@MSG[1],@MSG[0]
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		2*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	pshufb		$TMP,@MSG[3]
+	sha256rnds2	$ABEF,$CDGH		# 8-11
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[3],$TMP
+	palignr		\$4,@MSG[2],$TMP
+	nop
+	paddd		$TMP,@MSG[0]
+	sha256msg1	@MSG[2],@MSG[1]
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		3*32-0x80($Tbl),$Wi
+	paddd		@MSG[3],$Wi
+	sha256msg2	@MSG[3],@MSG[0]
+	sha256rnds2	$ABEF,$CDGH		# 12-15
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[0],$TMP
+	palignr		\$4,@MSG[3],$TMP
+	nop
+	paddd		$TMP,@MSG[1]
+	sha256msg1	@MSG[3],@MSG[2]
+	sha256rnds2	$CDGH,$ABEF
+___
+for($i=4;$i<16-3;$i++) {
+$code.=<<___;
+	movdqa		$i*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256rnds2	$ABEF,$CDGH		# 16-19...
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	nop
+	paddd		$TMP,@MSG[2]
+	sha256msg1	@MSG[0],@MSG[3]
+	sha256rnds2	$CDGH,$ABEF
+___
+	push(@MSG,shift(@MSG));
+}
+$code.=<<___;
+	movdqa		13*32-0x80($Tbl),$Wi
+	paddd		@MSG[0],$Wi
+	sha256msg2	@MSG[0],@MSG[1]
+	sha256rnds2	$ABEF,$CDGH		# 52-55
+	pshufd		\$0x0e,$Wi,$Wi
+	movdqa		@MSG[1],$TMP
+	palignr		\$4,@MSG[0],$TMP
+	sha256rnds2	$CDGH,$ABEF
+	paddd		$TMP,@MSG[2]
+
+	movdqa		14*32-0x80($Tbl),$Wi
+	paddd		@MSG[1],$Wi
+	sha256rnds2	$ABEF,$CDGH		# 56-59
+	pshufd		\$0x0e,$Wi,$Wi
+	sha256msg2	@MSG[1],@MSG[2]
+	movdqa		$BSWAP,$TMP
+	sha256rnds2	$CDGH,$ABEF
+
+	movdqa		15*32-0x80($Tbl),$Wi
+	paddd		@MSG[2],$Wi
+	nop
+	sha256rnds2	$ABEF,$CDGH		# 60-63
+	pshufd		\$0x0e,$Wi,$Wi
+	dec		$num
+	nop
+	sha256rnds2	$CDGH,$ABEF
+
+	paddd		$CDGH_SAVE,$CDGH
+	paddd		$ABEF_SAVE,$ABEF
+	jnz		.Loop_shaext
+
+	pshufd		\$0xb1,$CDGH,$CDGH	# DCHG
+	pshufd		\$0x1b,$ABEF,$TMP	# FEBA
+	pshufd		\$0xb1,$ABEF,$ABEF	# BAFE
+	punpckhqdq	$CDGH,$ABEF		# DCBA
+	palignr		\$8,$TMP,$CDGH		# HGFE
+
+	movdqu	$ABEF,($ctx)
+	movdqu	$CDGH,16($ctx)
+___
+$code.=<<___ if ($win64);
+	movaps	-8-5*16(%rax),%xmm6
+	movaps	-8-4*16(%rax),%xmm7
+	movaps	-8-3*16(%rax),%xmm8
+	movaps	-8-2*16(%rax),%xmm9
+	movaps	-8-1*16(%rax),%xmm10
+	mov	%rax,%rsp
+.Lepilogue_shaext:
+___
+$code.=<<___;
+	ret
+.size	sha256_block_data_order_shaext,.-sha256_block_data_order_shaext
+___
+}}}
+{{{
+
+my $a4=$T1;
+my ($a,$b,$c,$d,$e,$f,$g,$h);
+
+sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub body_00_15 () {
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&ror	($a0,$Sigma1[2]-$Sigma1[1])',
+	'&mov	($a,$a1)',
+	'&mov	($a4,$f)',
+
+	'&ror	($a1,$Sigma0[2]-$Sigma0[1])',
+	'&xor	($a0,$e)',
+	'&xor	($a4,$g)',			# f^g
+
+	'&ror	($a0,$Sigma1[1]-$Sigma1[0])',
+	'&xor	($a1,$a)',
+	'&and	($a4,$e)',			# (f^g)&e
+
+	'&xor	($a0,$e)',
+	'&add	($h,$SZ*($i&15)."(%rsp)")',	# h+=X[i]+K[i]
+	'&mov	($a2,$a)',
+
+	'&xor	($a4,$g)',			# Ch(e,f,g)=((f^g)&e)^g
+	'&ror	($a1,$Sigma0[1]-$Sigma0[0])',
+	'&xor	($a2,$b)',			# a^b, b^c in next round
+
+	'&add	($h,$a4)',			# h+=Ch(e,f,g)
+	'&ror	($a0,$Sigma1[0])',		# Sigma1(e)
+	'&and	($a3,$a2)',			# (b^c)&(a^b)
+
+	'&xor	($a1,$a)',
+	'&add	($h,$a0)',			# h+=Sigma1(e)
+	'&xor	($a3,$b)',			# Maj(a,b,c)=Ch(a^b,c,b)
+
+	'&ror	($a1,$Sigma0[0])',		# Sigma0(a)
+	'&add	($d,$h)',			# d+=h
+	'&add	($h,$a3)',			# h+=Maj(a,b,c)
+
+	'&mov	($a0,$d)',
+	'&add	($a1,$h);'.			# h+=Sigma0(a)
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+}
+
+######################################################################
+# SSSE3 code path
+#
+if ($SZ==4) {	# SHA256 only
+my @X = map("%xmm$_",(0..3));
+my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9));
+
+$code.=<<___;
+.type	${func}_ssse3,\@function,3
+.align	64
+${func}_ssse3:
+.Lssse3_shortcut:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*4`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%r11,$_rsp		# save copy of %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___;
+.Lprologue_ssse3:
+
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+
+$code.=<<___;
+	#movdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	#movdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Lloop_ssse3
+.align	16
+.Lloop_ssse3:
+	movdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	movdqu	0x00($inp),@X[0]
+	movdqu	0x10($inp),@X[1]
+	movdqu	0x20($inp),@X[2]
+	pshufb	$t3,@X[0]
+	movdqu	0x30($inp),@X[3]
+	lea	$TABLE(%rip),$Tbl
+	pshufb	$t3,@X[1]
+	movdqa	0x00($Tbl),$t0
+	movdqa	0x20($Tbl),$t1
+	pshufb	$t3,@X[2]
+	paddd	@X[0],$t0
+	movdqa	0x40($Tbl),$t2
+	pshufb	$t3,@X[3]
+	movdqa	0x60($Tbl),$t3
+	paddd	@X[1],$t1
+	paddd	@X[2],$t2
+	paddd	@X[3],$t3
+	movdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	movdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	movdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	movdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lssse3_00_47
+
+.align	16
+.Lssse3_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub Xupdate_256_SSSE3 () {
+	(
+	'&movdqa	($t0,@X[1]);',
+	'&movdqa	($t3,@X[3])',
+	'&palignr	($t0,@X[0],$SZ)',	# X[1..4]
+	 '&palignr	($t3,@X[2],$SZ);',	# X[9..12]
+	'&movdqa	($t1,$t0)',
+	'&movdqa	($t2,$t0);',
+	'&psrld		($t0,$sigma0[2])',
+	 '&paddd	(@X[0],$t3);',		# X[0..3] += X[9..12]
+	'&psrld		($t2,$sigma0[0])',
+	 '&pshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&pslld		($t1,8*$SZ-$sigma0[1]);'.
+	'&pxor		($t0,$t2)',
+	'&psrld		($t2,$sigma0[1]-$sigma0[0]);'.
+	'&pxor		($t0,$t1)',
+	'&pslld		($t1,$sigma0[1]-$sigma0[0]);'.
+	'&pxor		($t0,$t2);',
+	 '&movdqa	($t2,$t3)',
+	'&pxor		($t0,$t1);',		# sigma0(X[1..4])
+	 '&psrld	($t3,$sigma1[2])',
+	'&paddd		(@X[0],$t0);',		# X[0..3] += sigma0(X[1..4])
+	 '&psrlq	($t2,$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	 '&psrlq	($t2,$sigma1[1]-$sigma1[0])',
+	 '&pxor		($t3,$t2)',
+	 '&pshufb	($t3,$t4)',		# sigma1(X[14..15])
+	'&paddd		(@X[0],$t3)',		# X[0..1] += sigma1(X[14..15])
+	 '&pshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&movdqa	($t2,$t3);',
+	 '&psrld	($t3,$sigma1[2])',
+	 '&psrlq	($t2,$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	 '&psrlq	($t2,$sigma1[1]-$sigma1[0])',
+	 '&pxor		($t3,$t2);',
+	'&movdqa	($t2,16*2*$j."($Tbl)")',
+	 '&pshufb	($t3,$t5)',
+	'&paddd		(@X[0],$t3)'		# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub SSSE3_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+    if (0) {
+	foreach (Xupdate_256_SSSE3()) {		# 36 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+    } else {			# squeeze extra 4% on Westmere and 19% on Atom
+	  eval(shift(@insns));	#@
+	&movdqa		($t0,@X[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t3,@X[3]);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&palignr	($t0,@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &palignr	($t3,@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&movdqa		($t1,$t0);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t2,$t0);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&psrld		($t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &paddd		(@X[0],$t3);		# X[0..3] += X[9..12]
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	&psrld		($t2,$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[3],0b11111010);	# X[4..15]
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&pslld		($t1,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&psrld		($t2,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	&pxor		($t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pslld		($t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&pxor		($t0,$t1);		# sigma0(X[1..4])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t0);		# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &psrlq		($t2,$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &psrlq		($t2,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 #&pshufb	($t3,$t4);		# sigma1(X[14..15])
+	 &pshufd	($t3,$t3,0b10000000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	&paddd		(@X[0],$t3);		# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pshufd	($t3,@X[0],0b01010000);	# X[16..17]
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &movdqa	($t2,$t3);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &psrld		($t3,$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 &psrlq		($t2,$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &psrlq		($t2,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &pxor		($t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));	#@
+	 #&pshufb	($t3,$t5);
+	 &pshufd	($t3,$t3,0b00001000);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&movdqa		($t2,16*2*$j."($Tbl)");
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	 &pslldq	($t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&paddd		(@X[0],$t3);		# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));	#@
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+    }
+	&paddd		($t2,@X[0]);
+	  foreach (@insns) { eval; }		# remaining instructions
+	&movdqa		(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&SSSE3_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lssse3_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_ssse3
+
+	mov	$_rsp,%rsi
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_ssse3:
+	ret
+.size	${func}_ssse3,.-${func}_ssse3
+___
+}
+
+if ($avx) {{
+######################################################################
+# XOP code path
+#
+if ($SZ==8) {	# SHA512 only
+$code.=<<___;
+.type	${func}_xop,\@function,3
+.align	64
+${func}_xop:
+.Lxop_shortcut:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%r11,$_rsp		# save copy of %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_xop:
+
+	vzeroupper
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+	jmp	.Lloop_xop
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub XOP_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..4]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[3],@X[2],$SZ);	# X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrld		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddd	(@X[0],@X[0],$t3);	# X[0..3] += X[9..12]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotd		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[3],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[3],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t0);	# X[0..3] += sigma0(X[1..4])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrldq	($t3,$t3,8);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t3,@X[0],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrld	($t2,@X[0],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotd	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpslldq	($t3,$t3,8);		# 22 instructions
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		(@X[0],@X[0],$t3);	# X[2..3] += sigma1(X[16..17])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&XOP_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					} else {	# SHA512
+    my @X = map("%xmm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11));
+
+$code.=<<___;
+.align	16
+.Lloop_xop:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vpshufb	$t3,@X[0],@X[0]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[1],@X[1]
+	vmovdqu	0x40($inp),@X[4]
+	vpshufb	$t3,@X[2],@X[2]
+	vmovdqu	0x50($inp),@X[5]
+	vpshufb	$t3,@X[3],@X[3]
+	vmovdqu	0x60($inp),@X[6]
+	vpshufb	$t3,@X[4],@X[4]
+	vmovdqu	0x70($inp),@X[7]
+	vpshufb	$t3,@X[5],@X[5]
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t3,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x10(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x20(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x30(%rsp)
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x40(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x50(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x60(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x70(%rsp)
+	mov	$E,$a0
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	add	\$`16*2*$SZ`,$Tbl
+___
+sub XOP_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 52 instructions
+
+	&vpalignr	($t0,@X[1],@X[0],$SZ);	# X[1..2]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpalignr	($t3,@X[5],@X[4],$SZ);	# X[9..10]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotq		($t1,$t0,8*$SZ-$sigma0[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpsrlq		($t0,$t0,$sigma0[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpaddq	(@X[0],@X[0],$t3);	# X[0..1] += X[9..10]
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vprotq		($t2,$t1,$sigma0[1]-$sigma0[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t1);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotq	($t3,@X[7],8*$SZ-$sigma1[1]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpxor		($t0,$t0,$t2);		# sigma0(X[1..2])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpsrlq	($t2,@X[7],$sigma1[2]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		(@X[0],@X[0],$t0);	# X[0..1] += sigma0(X[1..2])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vprotq	($t1,$t3,$sigma1[1]-$sigma1[0]);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t2);
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	 &vpxor		($t3,$t3,$t1);		# sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		(@X[0],@X[0],$t3);	# X[0..1] += sigma1(X[14..15])
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	  eval(shift(@insns));
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&XOP_512_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ-0x80."($Tbl)",0);
+	&jne	(".Lxop_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_xop
+
+	mov	$_rsp,%rsi
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_xop:
+	ret
+.size	${func}_xop,.-${func}_xop
+___
+}
+######################################################################
+# AVX+shrd code path
+#
+local *ror = sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type	${func}_avx,\@function,3
+.align	64
+${func}_avx:
+.Lavx_shortcut:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	shl	\$4,%rdx		# num*16
+	sub	\$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	and	\$-64,%rsp		# align stack frame
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%r11,$_rsp		# save copy of %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx:
+
+	vzeroupper
+	mov	$SZ*0($ctx),$A
+	mov	$SZ*1($ctx),$B
+	mov	$SZ*2($ctx),$C
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%xmm$_",(0..3));
+    my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9));
+
+$code.=<<___;
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[0],@X[0]
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[1],@X[1]
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x10(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x20(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x30(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	sub	\$`-16*2*$SZ`,$Tbl	# size optimization
+___
+sub Xupdate_256_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..4]
+	 '&vpalignr	($t3,@X[3],@X[2],$SZ)',	# X[9..12]
+	'&vpsrld	($t2,$t0,$sigma0[0]);',
+	 '&vpaddd	(@X[0],@X[0],$t3)',	# X[0..3] += X[9..12]
+	'&vpsrld	($t3,$t0,$sigma0[2])',
+	'&vpslld	($t1,$t0,8*$SZ-$sigma0[1]);',
+	'&vpxor		($t0,$t3,$t2)',
+	 '&vpshufd	($t3,@X[3],0b11111010)',# X[14..15]
+	'&vpsrld	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t1)',
+	'&vpslld	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	'&vpxor		($t0,$t0,$t2)',
+	 '&vpsrld	($t2,$t3,$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..4])
+	 '&vpsrlq	($t3,$t3,$sigma1[0]);',
+	'&vpaddd	(@X[0],@X[0],$t0)',	# X[0..3] += sigma0(X[1..4])
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufb	($t2,$t2,$t4)',		# sigma1(X[14..15])
+	'&vpaddd	(@X[0],@X[0],$t2)',	# X[0..1] += sigma1(X[14..15])
+	 '&vpshufd	($t3,@X[0],0b01010000)',# X[16..17]
+	 '&vpsrld	($t2,$t3,$sigma1[2])',
+	 '&vpsrlq	($t3,$t3,$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3);',
+	 '&vpsrlq	($t3,$t3,$sigma1[1]-$sigma1[0])',
+	 '&vpxor	($t2,$t2,$t3)',
+	 '&vpshufb	($t2,$t2,$t5)',
+	'&vpaddd	(@X[0],@X[0],$t2)'	# X[2..3] += sigma1(X[16..17])
+	);
+}
+
+sub AVX_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 104 instructions
+
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX_256_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+
+					} else {	# SHA512
+    my @X = map("%xmm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11));
+
+$code.=<<___;
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	0x00($inp),@X[0]
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	0x10($inp),@X[1]
+	vmovdqu	0x20($inp),@X[2]
+	vpshufb	$t3,@X[0],@X[0]
+	vmovdqu	0x30($inp),@X[3]
+	vpshufb	$t3,@X[1],@X[1]
+	vmovdqu	0x40($inp),@X[4]
+	vpshufb	$t3,@X[2],@X[2]
+	vmovdqu	0x50($inp),@X[5]
+	vpshufb	$t3,@X[3],@X[3]
+	vmovdqu	0x60($inp),@X[6]
+	vpshufb	$t3,@X[4],@X[4]
+	vmovdqu	0x70($inp),@X[7]
+	vpshufb	$t3,@X[5],@X[5]
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t3,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x10(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x20(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x30(%rsp)
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x40(%rsp)
+	mov	$A,$a1
+	vmovdqa	$t1,0x50(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x60(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x70(%rsp)
+	mov	$E,$a0
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	add	\$`16*2*$SZ`,$Tbl
+___
+sub Xupdate_512_AVX () {
+	(
+	'&vpalignr	($t0,@X[1],@X[0],$SZ)',	# X[1..2]
+	 '&vpalignr	($t3,@X[5],@X[4],$SZ)',	# X[9..10]
+	'&vpsrlq	($t2,$t0,$sigma0[0])',
+	 '&vpaddq	(@X[0],@X[0],$t3);',	# X[0..1] += X[9..10]
+	'&vpsrlq	($t3,$t0,$sigma0[2])',
+	'&vpsllq	($t1,$t0,8*$SZ-$sigma0[1]);',
+	 '&vpxor	($t0,$t3,$t2)',
+	'&vpsrlq	($t2,$t2,$sigma0[1]-$sigma0[0]);',
+	 '&vpxor	($t0,$t0,$t1)',
+	'&vpsllq	($t1,$t1,$sigma0[1]-$sigma0[0]);',
+	 '&vpxor	($t0,$t0,$t2)',
+	 '&vpsrlq	($t3,@X[7],$sigma1[2]);',
+	'&vpxor		($t0,$t0,$t1)',		# sigma0(X[1..2])
+	 '&vpsllq	($t2,@X[7],8*$SZ-$sigma1[1]);',
+	'&vpaddq	(@X[0],@X[0],$t0)',	# X[0..1] += sigma0(X[1..2])
+	 '&vpsrlq	($t1,@X[7],$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t2)',
+	 '&vpsllq	($t2,$t2,$sigma1[1]-$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t1)',
+	 '&vpsrlq	($t1,$t1,$sigma1[1]-$sigma1[0]);',
+	 '&vpxor	($t3,$t3,$t2)',
+	 '&vpxor	($t3,$t3,$t1)',		# sigma1(X[14..15])
+	'&vpaddq	(@X[0],@X[0],$t3)',	# X[0..1] += sigma1(X[14..15])
+	);
+}
+
+sub AVX_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 52 instructions
+
+	foreach (Xupdate_512_AVX()) {		# 23 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	(16*$j."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&AVX_512_00_47($j,\&body_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&cmpb	($SZ-1+16*2*$SZ-0x80."($Tbl)",0);
+	&jne	(".Lavx_00_47");
+
+    for ($i=0; $i<16; ) {
+	foreach(body_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	$_ctx,$ctx
+	mov	$a1,$A
+
+	add	$SZ*0($ctx),$A
+	lea	16*$SZ($inp),$inp
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+	jb	.Lloop_avx
+
+	mov	$_rsp,%rsi
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_avx:
+	ret
+.size	${func}_avx,.-${func}_avx
+___
+
+if ($avx>1) {{
+######################################################################
+# AVX2+BMI code path
+#
+my $a5=$SZ==4?"%esi":"%rsi";	# zap $inp 
+my $PUSH8=8*2*$SZ;
+use integer;
+
+sub bodyx_00_15 () {
+	# at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f
+	(
+	'($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
+
+	'&add	($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)',    # h+=X[i]+K[i]
+	'&and	($a4,$e)',		# f&e
+	'&rorx	($a0,$e,$Sigma1[2])',
+	'&rorx	($a2,$e,$Sigma1[1])',
+
+	'&lea	($a,"($a,$a1)")',	# h+=Sigma0(a) from the past
+	'&lea	($h,"($h,$a4)")',
+	'&andn	($a4,$e,$g)',		# ~e&g
+	'&xor	($a0,$a2)',
+
+	'&rorx	($a1,$e,$Sigma1[0])',
+	'&lea	($h,"($h,$a4)")',	# h+=Ch(e,f,g)=(e&f)+(~e&g)
+	'&xor	($a0,$a1)',		# Sigma1(e)
+	'&mov	($a2,$a)',
+
+	'&rorx	($a4,$a,$Sigma0[2])',
+	'&lea	($h,"($h,$a0)")',	# h+=Sigma1(e)
+	'&xor	($a2,$b)',		# a^b, b^c in next round
+	'&rorx	($a1,$a,$Sigma0[1])',
+
+	'&rorx	($a0,$a,$Sigma0[0])',
+	'&lea	($d,"($d,$h)")',	# d+=h
+	'&and	($a3,$a2)',		# (b^c)&(a^b)
+	'&xor	($a1,$a4)',
+
+	'&xor	($a3,$b)',		# Maj(a,b,c)=Ch(a^b,c,b)
+	'&xor	($a1,$a0)',		# Sigma0(a)
+	'&lea	($h,"($h,$a3)");'.	# h+=Maj(a,b,c)
+	'&mov	($a4,$e)',		# copy of f in future
+
+	'($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
+	);
+	# and at the finish one has to $a+=$a1
+}
+
+$code.=<<___;
+.type	${func}_avx2,\@function,3
+.align	64
+${func}_avx2:
+.Lavx2_shortcut:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	mov	%rsp,%r11		# copy %rsp
+	sub	\$`2*$SZ*$rounds+4*8+$win64*16*($SZ==4?4:6)`,%rsp
+	shl	\$4,%rdx		# num*16
+	and	\$-256*$SZ,%rsp		# align stack frame
+	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
+	add	\$`2*$SZ*($rounds-8)`,%rsp
+	mov	$ctx,$_ctx		# save ctx, 1st arg
+	mov	$inp,$_inp		# save inp, 2nd arh
+	mov	%rdx,$_end		# save end pointer, "3rd" arg
+	mov	%r11,$_rsp		# save copy of %rsp
+___
+$code.=<<___ if ($win64);
+	movaps	%xmm6,16*$SZ+32(%rsp)
+	movaps	%xmm7,16*$SZ+48(%rsp)
+	movaps	%xmm8,16*$SZ+64(%rsp)
+	movaps	%xmm9,16*$SZ+80(%rsp)
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	%xmm10,16*$SZ+96(%rsp)
+	movaps	%xmm11,16*$SZ+112(%rsp)
+___
+$code.=<<___;
+.Lprologue_avx2:
+
+	vzeroupper
+	sub	\$-16*$SZ,$inp		# inp++, size optimization
+	mov	$SZ*0($ctx),$A
+	mov	$inp,%r12		# borrow $T1
+	mov	$SZ*1($ctx),$B
+	cmp	%rdx,$inp		# $_end
+	mov	$SZ*2($ctx),$C
+	cmove	%rsp,%r12		# next block or random data
+	mov	$SZ*3($ctx),$D
+	mov	$SZ*4($ctx),$E
+	mov	$SZ*5($ctx),$F
+	mov	$SZ*6($ctx),$G
+	mov	$SZ*7($ctx),$H
+___
+					if ($SZ==4) {	# SHA256
+    my @X = map("%ymm$_",(0..3));
+    my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%ymm$_",(4..9));
+
+$code.=<<___;
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+32(%rip),$t4
+	vmovdqa	$TABLE+`$SZ*2*$rounds`+64(%rip),$t5
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	$TABLE+`$SZ*2*$rounds`(%rip),$t3
+	vmovdqu	-16*$SZ+0($inp),%xmm0
+	vmovdqu	-16*$SZ+16($inp),%xmm1
+	vmovdqu	-16*$SZ+32($inp),%xmm2
+	vmovdqu	-16*$SZ+48($inp),%xmm3
+	#mov		$inp,$_inp	# offload $inp
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	vpshufb		$t3,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	vpshufb		$t3,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+
+	lea	$TABLE(%rip),$Tbl
+	vpshufb	$t3,@X[2],@X[2]
+	vpaddd	0x00($Tbl),@X[0],$t0
+	vpshufb	$t3,@X[3],@X[3]
+	vpaddd	0x20($Tbl),@X[1],$t1
+	vpaddd	0x40($Tbl),@X[2],$t2
+	vpaddd	0x60($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	mov	$B,$a3
+	vmovdqa	$t2,0x00(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x20(%rsp)
+	mov	$F,$a4
+	sub	\$-16*2*$SZ,$Tbl	# size optimization
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+___
+
+sub AVX2_256_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	foreach (Xupdate_256_AVX()) {		# 29 instructions
+	    eval;
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	    eval(shift(@insns));
+	}
+	&vpaddd		($t2,@X[0],16*2*$j."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<4; $j++) {
+	&AVX2_256_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+					} else {	# SHA512
+    my @X = map("%ymm$_",(0..7));
+    my ($t0,$t1,$t2,$t3) = map("%ymm$_",(8..11));
+
+$code.=<<___;
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqu	-16*$SZ($inp),%xmm0
+	vmovdqu	-16*$SZ+16($inp),%xmm1
+	vmovdqu	-16*$SZ+32($inp),%xmm2
+	lea	$TABLE+0x80(%rip),$Tbl	# size optimization
+	vmovdqu	-16*$SZ+48($inp),%xmm3
+	vmovdqu	-16*$SZ+64($inp),%xmm4
+	vmovdqu	-16*$SZ+80($inp),%xmm5
+	vmovdqu	-16*$SZ+96($inp),%xmm6
+	vmovdqu	-16*$SZ+112($inp),%xmm7
+	#mov	$inp,$_inp	# offload $inp
+	vmovdqa	`$SZ*2*$rounds-0x80`($Tbl),$t2
+	vinserti128	\$1,(%r12),@X[0],@X[0]
+	vinserti128	\$1,16(%r12),@X[1],@X[1]
+	 vpshufb	$t2,@X[0],@X[0]
+	vinserti128	\$1,32(%r12),@X[2],@X[2]
+	 vpshufb	$t2,@X[1],@X[1]
+	vinserti128	\$1,48(%r12),@X[3],@X[3]
+	 vpshufb	$t2,@X[2],@X[2]
+	vinserti128	\$1,64(%r12),@X[4],@X[4]
+	 vpshufb	$t2,@X[3],@X[3]
+	vinserti128	\$1,80(%r12),@X[5],@X[5]
+	 vpshufb	$t2,@X[4],@X[4]
+	vinserti128	\$1,96(%r12),@X[6],@X[6]
+	 vpshufb	$t2,@X[5],@X[5]
+	vinserti128	\$1,112(%r12),@X[7],@X[7]
+
+	vpaddq	-0x80($Tbl),@X[0],$t0
+	vpshufb	$t2,@X[6],@X[6]
+	vpaddq	-0x60($Tbl),@X[1],$t1
+	vpshufb	$t2,@X[7],@X[7]
+	vpaddq	-0x40($Tbl),@X[2],$t2
+	vpaddq	-0x20($Tbl),@X[3],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	vpaddq	0x00($Tbl),@X[4],$t0
+	vmovdqa	$t1,0x20(%rsp)
+	vpaddq	0x20($Tbl),@X[5],$t1
+	vmovdqa	$t2,0x40(%rsp)
+	vpaddq	0x40($Tbl),@X[6],$t2
+	vmovdqa	$t3,0x60(%rsp)
+	lea	-$PUSH8(%rsp),%rsp
+	vpaddq	0x60($Tbl),@X[7],$t3
+	vmovdqa	$t0,0x00(%rsp)
+	xor	$a1,$a1
+	vmovdqa	$t1,0x20(%rsp)
+	mov	$B,$a3
+	vmovdqa	$t2,0x40(%rsp)
+	xor	$C,$a3			# magic
+	vmovdqa	$t3,0x60(%rsp)
+	mov	$F,$a4
+	add	\$16*2*$SZ,$Tbl
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+___
+
+sub AVX2_512_00_47 () {
+my $j = shift;
+my $body = shift;
+my @X = @_;
+my @insns = (&$body,&$body);			# 48 instructions
+my $base = "+2*$PUSH8(%rsp)";
+
+	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%4)==0);
+	foreach (Xupdate_512_AVX()) {		# 23 instructions
+	    eval;
+	    if ($_ !~ /\;$/) {
+		eval(shift(@insns));
+		eval(shift(@insns));
+		eval(shift(@insns));
+	    }
+	}
+	&vpaddq		($t2,@X[0],16*2*$j-0x80."($Tbl)");
+	  foreach (@insns) { eval; }		# remaining instructions
+	&vmovdqa	((32*$j)%$PUSH8."(%rsp)",$t2);
+}
+
+    for ($i=0,$j=0; $j<8; $j++) {
+	&AVX2_512_00_47($j,\&bodyx_00_15,@X);
+	push(@X,shift(@X));			# rotate(@X)
+    }
+	&lea	($Tbl,16*2*$SZ."($Tbl)");
+	&cmpb	(($SZ-1-0x80)."($Tbl)",0);
+	&jne	(".Lavx2_00_47");
+
+    for ($i=0; $i<16; ) {
+	my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+}
+$code.=<<___;
+	mov	`2*$SZ*$rounds`(%rsp),$ctx	# $_ctx
+	add	$a1,$A
+	#mov	`2*$SZ*$rounds+8`(%rsp),$inp	# $_inp
+	lea	`2*$SZ*($rounds-8)`(%rsp),$Tbl
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	add	$SZ*6($ctx),$G
+	add	$SZ*7($ctx),$H
+
+	mov	$A,$SZ*0($ctx)
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+
+	cmp	`$PUSH8+2*8`($Tbl),$inp	# $_end
+	je	.Ldone_avx2
+
+	xor	$a1,$a1
+	mov	$B,$a3
+	xor	$C,$a3			# magic
+	mov	$F,$a4
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+___
+    for ($i=0; $i<8; ) {
+	my $base="+16($Tbl)";
+	foreach(bodyx_00_15()) { eval; }
+    }
+$code.=<<___;
+	lea	-$PUSH8($Tbl),$Tbl
+	cmp	%rsp,$Tbl
+	jae	.Lower_avx2
+
+	mov	`2*$SZ*$rounds`(%rsp),$ctx	# $_ctx
+	add	$a1,$A
+	#mov	`2*$SZ*$rounds+8`(%rsp),$inp	# $_inp
+	lea	`2*$SZ*($rounds-8)`(%rsp),%rsp
+
+	add	$SZ*0($ctx),$A
+	add	$SZ*1($ctx),$B
+	add	$SZ*2($ctx),$C
+	add	$SZ*3($ctx),$D
+	add	$SZ*4($ctx),$E
+	add	$SZ*5($ctx),$F
+	lea	`2*16*$SZ`($inp),$inp	# inp+=2
+	add	$SZ*6($ctx),$G
+	mov	$inp,%r12
+	add	$SZ*7($ctx),$H
+	cmp	$_end,$inp
+
+	mov	$A,$SZ*0($ctx)
+	cmove	%rsp,%r12		# next block or stale data
+	mov	$B,$SZ*1($ctx)
+	mov	$C,$SZ*2($ctx)
+	mov	$D,$SZ*3($ctx)
+	mov	$E,$SZ*4($ctx)
+	mov	$F,$SZ*5($ctx)
+	mov	$G,$SZ*6($ctx)
+	mov	$H,$SZ*7($ctx)
+
+	jbe	.Loop_avx2
+	lea	(%rsp),$Tbl
+
+.Ldone_avx2:
+	lea	($Tbl),%rsp
+	mov	$_rsp,%rsi
+	vzeroupper
+___
+$code.=<<___ if ($win64);
+	movaps	16*$SZ+32(%rsp),%xmm6
+	movaps	16*$SZ+48(%rsp),%xmm7
+	movaps	16*$SZ+64(%rsp),%xmm8
+	movaps	16*$SZ+80(%rsp),%xmm9
+___
+$code.=<<___ if ($win64 && $SZ>4);
+	movaps	16*$SZ+96(%rsp),%xmm10
+	movaps	16*$SZ+112(%rsp),%xmm11
+___
+$code.=<<___;
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue_avx2:
+	ret
+.size	${func}_avx2,.-${func}_avx2
+___
+}}
+}}}}}
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HanderlData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# prologue label
+	cmp	%r10,%rbx		# context->Rip<prologue label
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lin_prologue
+___
+$code.=<<___ if ($avx>1);
+	lea	.Lavx2_shortcut(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<avx2_shortcut
+	jb	.Lnot_in_avx2
+
+	and	\$-256*$SZ,%rax
+	add	\$`2*$SZ*($rounds-8)`,%rax
+.Lnot_in_avx2:
+___
+$code.=<<___;
+	mov	%rax,%rsi		# put aside Rsp
+	mov	16*$SZ+3*8(%rax),%rax	# pull $_rsp
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx
+	jb	.Lin_prologue		# non-AVX code
+
+	lea	16*$SZ+4*8(%rsi),%rsi	# Xmm6- save area
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$`$SZ==4?8:12`,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+___
+
+$code.=<<___ if ($SZ==4 && $shaext);
+.type	shaext_handler,\@abi-omnipotent
+.align	16
+shaext_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	lea	.Lepilogue_shaext(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	lea	-8-5*16(%rax),%rsi
+	lea	512($context),%rdi	# &context.Xmm6
+	mov	\$10,%ecx
+	.long	0xa548f3fc		# cld; rep movsq
+
+	jmp	.Lin_prologue
+.size	shaext_handler,.-shaext_handler
+___
+
+$code.=<<___;
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+	.rva	.LSEH_begin_${func}_shaext
+	.rva	.LSEH_end_${func}_shaext
+	.rva	.LSEH_info_${func}_shaext
+___
+$code.=<<___ if ($SZ==4);
+	.rva	.LSEH_begin_${func}_ssse3
+	.rva	.LSEH_end_${func}_ssse3
+	.rva	.LSEH_info_${func}_ssse3
+___
+$code.=<<___ if ($avx && $SZ==8);
+	.rva	.LSEH_begin_${func}_xop
+	.rva	.LSEH_end_${func}_xop
+	.rva	.LSEH_info_${func}_xop
+___
+$code.=<<___ if ($avx);
+	.rva	.LSEH_begin_${func}_avx
+	.rva	.LSEH_end_${func}_avx
+	.rva	.LSEH_info_${func}_avx
+___
+$code.=<<___ if ($avx>1);
+	.rva	.LSEH_begin_${func}_avx2
+	.rva	.LSEH_end_${func}_avx2
+	.rva	.LSEH_info_${func}_avx2
+___
+$code.=<<___;
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue,.Lepilogue			# HandlerData[]
+___
+$code.=<<___ if ($SZ==4 && $shaext);
+.LSEH_info_${func}_shaext:
+	.byte	9,0,0,0
+	.rva	shaext_handler
+___
+$code.=<<___ if ($SZ==4);
+.LSEH_info_${func}_ssse3:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
+___
+$code.=<<___ if ($avx && $SZ==8);
+.LSEH_info_${func}_xop:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_xop,.Lepilogue_xop		# HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_${func}_avx:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
+___
+$code.=<<___ if ($avx>1);
+.LSEH_info_${func}_avx2:
+	.byte	9,0,0,0
+	.rva	se_handler
+	.rva	.Lprologue_avx2,.Lepilogue_avx2		# HandlerData[]
+___
+}
+
+sub sha256op38 {
+    my $instr = shift;
+    my %opcodelet = (
+		"sha256rnds2" => 0xcb,
+  		"sha256msg1"  => 0xcc,
+		"sha256msg2"  => 0xcd	);
+
+    if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-7]),\s*%xmm([0-7])/) {
+      my @opcode=(0x0f,0x38);
+	push @opcode,$opcodelet{$instr};
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	return ".byte\t".join(',',@opcode);
+    } else {
+	return $instr."\t".@_[0];
+    }
+}
+
+foreach (split("\n",$code)) {
+	s/\`([^\`]*)\`/eval $1/geo;
+
+	s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo;
+
+	print $_,"\n";
+}
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/asm/sha512p8-ppc.pl b/openssl-1.1.0h/crypto/sha/asm/sha512p8-ppc.pl
new file mode 100755
index 0000000..4d3d3b2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/asm/sha512p8-ppc.pl
@@ -0,0 +1,431 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 for PowerISA v2.07.
+#
+# Accurate performance measurements are problematic, because it's
+# always virtualized setup with possibly throttled processor.
+# Relative comparison is therefore more informative. This module is
+# ~60% faster than integer-only sha512-ppc.pl. To anchor to something
+# else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than
+# hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than
+# sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
+# result is degree of computational resources' utilization. POWER8 is
+# "massively multi-threaded chip" and difference between single- and
+# maximum multi-process benchmark results tells that utlization is
+# whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
+# for sha1-ppc.pl - 73%. 100% means that multi-process result equals
+# to single-process one, given that all threads end up on the same
+# physical core.
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$POP="ld";
+	$PUSH="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$POP="lwz";
+	$PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$LENDIAN=($flavour=~/le/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+	$bits=512;
+	$SZ=8;
+	$sz="d";
+	$rounds=80;
+} else {
+	$bits=256;
+	$SZ=4;
+	$sz="w";
+	$rounds=64;
+}
+
+$func="sha${bits}_block_p8";
+$FRAME=8*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$Tbl="r6";
+$idx="r7";
+$lrsave="r8";
+$offload="r11";
+$vrsave="r12";
+($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31));
+ $x00=0 if ($flavour =~ /osx/);
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
+@X=map("v$_",(8..23));
+($Ki,$Func,$S0,$S1,$s0,$s1,$lemask)=map("v$_",(24..31));
+
+sub ROUND {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my $j=($i+1)%16;
+
+$code.=<<___		if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
+	lvx_u		@X[$i+1],0,$inp		; load X[i] in advance
+	addi		$inp,$inp,16
+___
+$code.=<<___		if ($i<16 && ($i%(16/$SZ)));
+	vsldoi		@X[$i],@X[$i-1],@X[$i-1],$SZ
+___
+$code.=<<___		if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
+	vperm		@X[$i],@X[$i],@X[$i],$lemask
+___
+$code.=<<___;
+	`"vshasigma${sz}	$s0,@X[($j+1)%16],0,0"		if ($i>=15)`
+	vsel		$Func,$g,$f,$e		; Ch(e,f,g)
+	vshasigma${sz}	$S1,$e,1,15		; Sigma1(e)
+	vaddu${sz}m	$h,$h,@X[$i%16]		; h+=X[i]
+	vshasigma${sz}	$S0,$a,1,0		; Sigma0(a)
+	`"vshasigma${sz}	$s1,@X[($j+14)%16],0,15"	if ($i>=15)`
+	vaddu${sz}m	$h,$h,$Func		; h+=Ch(e,f,g)
+	vxor		$Func,$a,$b
+	`"vaddu${sz}m		@X[$j],@X[$j],@X[($j+9)%16]"	if ($i>=15)`
+	vaddu${sz}m	$h,$h,$S1		; h+=Sigma1(e)
+	vsel		$Func,$b,$c,$Func	; Maj(a,b,c)
+	vaddu${sz}m	$g,$g,$Ki		; future h+=K[i]
+	vaddu${sz}m	$d,$d,$h		; d+=h
+	vaddu${sz}m	$S0,$S0,$Func		; Sigma0(a)+Maj(a,b,c)
+	`"vaddu${sz}m		@X[$j],@X[$j],$s0"		if ($i>=15)`
+	lvx		$Ki,$idx,$Tbl		; load next K[i]
+	addi		$idx,$idx,16
+	vaddu${sz}m	$h,$h,$S0		; h+=Sigma0(a)+Maj(a,b,c)
+	`"vaddu${sz}m		@X[$j],@X[$j],$s1"		if ($i>=15)`
+___
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	$func
+.align	6
+$func:
+	$STU		$sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
+	mflr		$lrsave
+	li		r10,`$FRAME+8*16+15`
+	li		r11,`$FRAME+8*16+31`
+	stvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	mfspr		$vrsave,256
+	stvx		v21,r11,$sp
+	addi		r11,r11,32
+	stvx		v22,r10,$sp
+	addi		r10,r10,32
+	stvx		v23,r11,$sp
+	addi		r11,r11,32
+	stvx		v24,r10,$sp
+	addi		r10,r10,32
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r11,-1
+	stw		$vrsave,`$FRAME+21*16-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	li		$x70,0x70
+	$PUSH		$lrsave,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
+	mtspr		256,r11
+
+	bl		LPICmeup
+	addi		$offload,$sp,$FRAME+15
+___
+$code.=<<___		if ($LENDIAN);
+	li		$idx,8
+	lvsl		$lemask,0,$idx
+	vspltisb	$Ki,0x0f
+	vxor		$lemask,$lemask,$Ki
+___
+$code.=<<___		if ($SZ==4);
+	lvx_4w		$A,$x00,$ctx
+	lvx_4w		$E,$x10,$ctx
+	vsldoi		$B,$A,$A,4		# unpack
+	vsldoi		$C,$A,$A,8
+	vsldoi		$D,$A,$A,12
+	vsldoi		$F,$E,$E,4
+	vsldoi		$G,$E,$E,8
+	vsldoi		$H,$E,$E,12
+___
+$code.=<<___		if ($SZ==8);
+	lvx_u		$A,$x00,$ctx
+	lvx_u		$C,$x10,$ctx
+	lvx_u		$E,$x20,$ctx
+	vsldoi		$B,$A,$A,8		# unpack
+	lvx_u		$G,$x30,$ctx
+	vsldoi		$D,$C,$C,8
+	vsldoi		$F,$E,$E,8
+	vsldoi		$H,$G,$G,8
+___
+$code.=<<___;
+	li		r0,`($rounds-16)/16`	# inner loop counter
+	b		Loop
+.align	5
+Loop:
+	lvx		$Ki,$x00,$Tbl
+	li		$idx,16
+	lvx_u		@X[0],0,$inp
+	addi		$inp,$inp,16
+	stvx		$A,$x00,$offload	# offload $A-$H
+	stvx		$B,$x10,$offload
+	stvx		$C,$x20,$offload
+	stvx		$D,$x30,$offload
+	stvx		$E,$x40,$offload
+	stvx		$F,$x50,$offload
+	stvx		$G,$x60,$offload
+	stvx		$H,$x70,$offload
+	vaddu${sz}m	$H,$H,$Ki		# h+K[i]
+	lvx		$Ki,$idx,$Tbl
+	addi		$idx,$idx,16
+___
+for ($i=0;$i<16;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mtctr		r0
+	b		L16_xx
+.align	5
+L16_xx:
+___
+for (;$i<32;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bdnz		L16_xx
+
+	lvx		@X[2],$x00,$offload
+	subic.		$num,$num,1
+	lvx		@X[3],$x10,$offload
+	vaddu${sz}m	$A,$A,@X[2]
+	lvx		@X[4],$x20,$offload
+	vaddu${sz}m	$B,$B,@X[3]
+	lvx		@X[5],$x30,$offload
+	vaddu${sz}m	$C,$C,@X[4]
+	lvx		@X[6],$x40,$offload
+	vaddu${sz}m	$D,$D,@X[5]
+	lvx		@X[7],$x50,$offload
+	vaddu${sz}m	$E,$E,@X[6]
+	lvx		@X[8],$x60,$offload
+	vaddu${sz}m	$F,$F,@X[7]
+	lvx		@X[9],$x70,$offload
+	vaddu${sz}m	$G,$G,@X[8]
+	vaddu${sz}m	$H,$H,@X[9]
+	bne		Loop
+___
+$code.=<<___		if ($SZ==4);
+	lvx		@X[0],$idx,$Tbl
+	addi		$idx,$idx,16
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	lvx		@X[1],$idx,$Tbl
+	vperm		$E,$E,$F,$Ki
+	vperm		$A,$A,$C,@X[0]
+	vperm		$E,$E,$G,@X[0]
+	vperm		$A,$A,$D,@X[1]
+	vperm		$E,$E,$H,@X[1]
+	stvx_4w		$A,$x00,$ctx
+	stvx_4w		$E,$x10,$ctx
+___
+$code.=<<___		if ($SZ==8);
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	vperm		$C,$C,$D,$Ki
+	vperm		$E,$E,$F,$Ki
+	vperm		$G,$G,$H,$Ki
+	stvx_u		$A,$x00,$ctx
+	stvx_u		$C,$x10,$ctx
+	stvx_u		$E,$x20,$ctx
+	stvx_u		$G,$x30,$ctx
+___
+$code.=<<___;
+	li		r10,`$FRAME+8*16+15`
+	mtlr		$lrsave
+	li		r11,`$FRAME+8*16+31`
+	mtspr		256,$vrsave
+	lvx		v20,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	lvx		v21,r11,$sp
+	addi		r11,r11,32
+	lvx		v22,r10,$sp
+	addi		r10,r10,32
+	lvx		v23,r11,$sp
+	addi		r11,r11,32
+	lvx		v24,r10,$sp
+	addi		r10,r10,32
+	lvx		v25,r11,$sp
+	addi		r11,r11,32
+	lvx		v26,r10,$sp
+	addi		r10,r10,32
+	lvx		v27,r11,$sp
+	addi		r11,r11,32
+	lvx		v28,r10,$sp
+	addi		r10,r10,32
+	lvx		v29,r11,$sp
+	addi		r11,r11,32
+	lvx		v30,r10,$sp
+	lvx		v31,r11,$sp
+	$POP		r26,`$FRAME+21*16+0*$SIZE_T`($sp)
+	$POP		r27,`$FRAME+21*16+1*$SIZE_T`($sp)
+	$POP		r28,`$FRAME+21*16+2*$SIZE_T`($sp)
+	$POP		r29,`$FRAME+21*16+3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME+21*16+4*$SIZE_T`($sp)
+	$POP		r31,`$FRAME+21*16+5*$SIZE_T`($sp)
+	addi		$sp,$sp,`$FRAME+21*16+6*$SIZE_T`
+	blr
+	.long		0
+	.byte		0,12,4,1,0x80,6,3,0
+	.long		0
+.size	$func,.-$func
+___
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
+	addi	$Tbl,$Tbl,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+___
+
+if ($SZ==8) {
+    local *table = sub {
+	foreach(@_) { $code.=".quad	$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98d728ae22","0x7137449123ef65cd",
+	"0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc",
+	"0x3956c25bf348b538","0x59f111f1b605d019",
+	"0x923f82a4af194f9b","0xab1c5ed5da6d8118",
+	"0xd807aa98a3030242","0x12835b0145706fbe",
+	"0x243185be4ee4b28c","0x550c7dc3d5ffb4e2",
+	"0x72be5d74f27b896f","0x80deb1fe3b1696b1",
+	"0x9bdc06a725c71235","0xc19bf174cf692694",
+	"0xe49b69c19ef14ad2","0xefbe4786384f25e3",
+	"0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65",
+	"0x2de92c6f592b0275","0x4a7484aa6ea6e483",
+	"0x5cb0a9dcbd41fbd4","0x76f988da831153b5",
+	"0x983e5152ee66dfab","0xa831c66d2db43210",
+	"0xb00327c898fb213f","0xbf597fc7beef0ee4",
+	"0xc6e00bf33da88fc2","0xd5a79147930aa725",
+	"0x06ca6351e003826f","0x142929670a0e6e70",
+	"0x27b70a8546d22ffc","0x2e1b21385c26c926",
+	"0x4d2c6dfc5ac42aed","0x53380d139d95b3df",
+	"0x650a73548baf63de","0x766a0abb3c77b2a8",
+	"0x81c2c92e47edaee6","0x92722c851482353b",
+	"0xa2bfe8a14cf10364","0xa81a664bbc423001",
+	"0xc24b8b70d0f89791","0xc76c51a30654be30",
+	"0xd192e819d6ef5218","0xd69906245565a910",
+	"0xf40e35855771202a","0x106aa07032bbd1b8",
+	"0x19a4c116b8d2d0c8","0x1e376c085141ab53",
+	"0x2748774cdf8eeb99","0x34b0bcb5e19b48a8",
+	"0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb",
+	"0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3",
+	"0x748f82ee5defb2fc","0x78a5636f43172f60",
+	"0x84c87814a1f0ab72","0x8cc702081a6439ec",
+	"0x90befffa23631e28","0xa4506cebde82bde9",
+	"0xbef9a3f7b2c67915","0xc67178f2e372532b",
+	"0xca273eceea26619c","0xd186b8c721c0c207",
+	"0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178",
+	"0x06f067aa72176fba","0x0a637dc5a2c898a6",
+	"0x113f9804bef90dae","0x1b710b35131c471b",
+	"0x28db77f523047d84","0x32caab7b40c72493",
+	"0x3c9ebe0a15c9bebc","0x431d67c49c100d4c",
+	"0x4cc5d4becb3e42b6","0x597f299cfc657e2a",
+	"0x5fcb6fab3ad6faec","0x6c44198c4a475817","0");
+$code.=<<___	if (!$LENDIAN);
+.quad	0x0001020304050607,0x1011121314151617
+___
+$code.=<<___	if ($LENDIAN);	# quad-swapped
+.quad	0x1011121314151617,0x0001020304050607
+___
+} else {
+    local *table = sub {
+	foreach(@_) { $code.=".long	$_,$_,$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5",
+	"0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
+	"0xd807aa98","0x12835b01","0x243185be","0x550c7dc3",
+	"0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
+	"0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc",
+	"0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
+	"0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7",
+	"0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
+	"0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13",
+	"0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
+	"0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3",
+	"0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
+	"0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5",
+	"0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
+	"0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208",
+	"0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0");
+$code.=<<___	if (!$LENDIAN);
+.long	0x00010203,0x10111213,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x08090a0b,0x10111213
+___
+$code.=<<___	if ($LENDIAN);	# word-swapped
+.long	0x10111213,0x10111213,0x10111213,0x00010203
+.long	0x10111213,0x10111213,0x04050607,0x00010203
+.long	0x10111213,0x08090a0b,0x04050607,0x00010203
+___
+}
+$code.=<<___;
+.asciz	"SHA${bits} for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/sha/build.info b/openssl-1.1.0h/crypto/sha/build.info
new file mode 100644
index 0000000..5843e50
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/build.info
@@ -0,0 +1,69 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -}
+
+GENERATE[sha1-586.s]=asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[sha1-586.s]=../perlasm/x86asm.pl
+GENERATE[sha256-586.s]=asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[sha256-586.s]=../perlasm/x86asm.pl
+GENERATE[sha512-586.s]=asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[sha512-586.s]=../perlasm/x86asm.pl
+
+GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
+
+GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME)
+GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-sparcv9.o]=..
+GENERATE[sha256-sparcv9.S]=asm/sha512-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-sparcv9.o]=..
+GENERATE[sha512-sparcv9.S]=asm/sha512-sparcv9.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-sparcv9.o]=..
+
+GENERATE[sha1-ppc.s]=asm/sha1-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha256-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
+GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl $(PERLASM_SCHEME)
+GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
+GENERATE[sha512-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-mips.S]=asm/sha1-mips.pl $(PERLASM_SCHEME)
+GENERATE[sha256-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+GENERATE[sha512-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME)
+
+GENERATE[sha1-armv4-large.S]=asm/sha1-armv4-large.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-armv4-large.o]=..
+GENERATE[sha256-armv4.S]=asm/sha256-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-armv4.o]=..
+GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-armv4.o]=..
+
+GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha1-armv8.o]=..
+GENERATE[sha256-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha256-armv8.o]=..
+GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME)
+INCLUDE[sha512-armv8.o]=..
+
+BEGINRAW[Makefile(unix)]
+##### SHA assembler implementations
+
+# GNU make "catch all"
+{- $builddir -}/sha1-%.S:	{- $sourcedir -}/asm/sha1-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/sha256-%.S:	{- $sourcedir -}/asm/sha512-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+{- $builddir -}/sha512-%.S:	{- $sourcedir -}/asm/sha512-%.pl
+	CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@
+ENDRAW[Makefile(unix)]
diff --git a/openssl-1.1.0h/crypto/sha/sha1_one.c b/openssl-1.1.0h/crypto/sha/sha1_one.c
new file mode 100644
index 0000000..273ab08
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/sha1_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA_CTX c;
+    static unsigned char m[SHA_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!SHA1_Init(&c))
+        return NULL;
+    SHA1_Update(&c, d, n);
+    SHA1_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/sha/sha1dgst.c b/openssl-1.1.0h/crypto/sha/sha1dgst.c
new file mode 100644
index 0000000..819370e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/sha1dgst.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+# include <openssl/opensslv.h>
+
+/* The implementation is in ../md32_common.h */
+
+# include "sha_locl.h"
diff --git a/openssl-1.1.0h/crypto/sha/sha256.c b/openssl-1.1.0h/crypto/sha/sha256.c
new file mode 100644
index 0000000..5e7ba43
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/sha256.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+int SHA224_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0xc1059ed8UL;
+    c->h[1] = 0x367cd507UL;
+    c->h[2] = 0x3070dd17UL;
+    c->h[3] = 0xf70e5939UL;
+    c->h[4] = 0xffc00b31UL;
+    c->h[5] = 0x68581511UL;
+    c->h[6] = 0x64f98fa7UL;
+    c->h[7] = 0xbefa4fa4UL;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA256_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0x6a09e667UL;
+    c->h[1] = 0xbb67ae85UL;
+    c->h[2] = 0x3c6ef372UL;
+    c->h[3] = 0xa54ff53aUL;
+    c->h[4] = 0x510e527fUL;
+    c->h[5] = 0x9b05688cUL;
+    c->h[6] = 0x1f83d9abUL;
+    c->h[7] = 0x5be0cd19UL;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA224_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA224_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA256_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{
+    return SHA256_Update(c, data, len);
+}
+
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+    return SHA256_Final(md, c);
+}
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA256_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lengths is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        unsigned int  nn;               \
+        switch ((c)->md_len)            \
+        {   case SHA224_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            case SHA256_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            default:                    \
+                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                    return 0;                           \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+        }                               \
+        } while (0)
+
+#define HASH_UPDATE             SHA256_Update
+#define HASH_TRANSFORM          SHA256_Transform
+#define HASH_FINAL              SHA256_Final
+#define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+#ifndef SHA256_ASM
+static
+#endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "internal/md32_common.h"
+
+#ifndef SHA256_ASM
+static const SHA_LONG K256[64] = {
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+# define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG X[16], l;
+    int i;
+    const unsigned char *data = in;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            T1 = X[i] = l;
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 64; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# else
+
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+
+#  define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG X[16];
+    int i;
+    const unsigned char *data = in;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)in % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            T1 = X[0] = W[0];
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            T1 = X[1] = W[1];
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            T1 = X[2] = W[2];
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            T1 = X[3] = W[3];
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            T1 = X[4] = W[4];
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            T1 = X[5] = W[5];
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            T1 = X[6] = W[6];
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            T1 = X[7] = W[7];
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            T1 = X[8] = W[8];
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            T1 = X[9] = W[9];
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            T1 = X[10] = W[10];
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            T1 = X[11] = W[11];
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            T1 = X[12] = W[12];
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            T1 = X[13] = W[13];
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            T1 = X[14] = W[14];
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            T1 = X[15] = W[15];
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+            data += SHA256_CBLOCK;
+        } else {
+            SHA_LONG l;
+
+            (void)HOST_c2l(data, l);
+            T1 = X[0] = l;
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[1] = l;
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[2] = l;
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[3] = l;
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[4] = l;
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[5] = l;
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[6] = l;
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[7] = l;
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            (void)HOST_c2l(data, l);
+            T1 = X[8] = l;
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[9] = l;
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[10] = l;
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[11] = l;
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[12] = l;
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[13] = l;
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[14] = l;
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[15] = l;
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+        }
+
+        for (i = 16; i < 64; i += 8) {
+            ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# endif
+#endif                         /* SHA256_ASM */
diff --git a/openssl-1.1.0h/crypto/sha/sha512.c b/openssl-1.1.0h/crypto/sha/sha512.c
new file mode 100644
index 0000000..e94de43
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/sha512.c
@@ -0,0 +1,692 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+/*-
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit
+ * - optimized versions implement two transform functions: one operating
+ *   on [aligned] data in host byte order and one - on data in input
+ *   stream byte order;
+ * - share common byte-order neutral collector and padding function
+ *   implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ *   there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ *   *aligned* data in input stream byte order, big-endian in this case]
+ *   we minimize burden of maintenance in two ways: a) collector/padding
+ *   function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ *   apply a number of optimizations to mitigate potential performance
+ *   penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ *                                      <appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+#include "internal/cryptlib.h"
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+    defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__) || \
+    defined(__aarch64__) || \
+    defined(SHA512_ASM)
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int SHA384_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0xcbbb9d5dc1059ed8);
+    c->h[1] = U64(0x629a292a367cd507);
+    c->h[2] = U64(0x9159015a3070dd17);
+    c->h[3] = U64(0x152fecd8f70e5939);
+    c->h[4] = U64(0x67332667ffc00b31);
+    c->h[5] = U64(0x8eb44a8768581511);
+    c->h[6] = U64(0xdb0c2e0d64f98fa7);
+    c->h[7] = U64(0x47b5481dbefa4fa4);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA384_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA512_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x6a09e667f3bcc908);
+    c->h[1] = U64(0xbb67ae8584caa73b);
+    c->h[2] = U64(0x3c6ef372fe94f82b);
+    c->h[3] = U64(0xa54ff53a5f1d36f1);
+    c->h[4] = U64(0x510e527fade682d1);
+    c->h[5] = U64(0x9b05688c2b3e6c1f);
+    c->h[6] = U64(0x1f83d9abfb41bd6b);
+    c->h[7] = U64(0x5be0cd19137e2179);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA512_DIGEST_LENGTH;
+    return 1;
+}
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final(unsigned char *md, SHA512_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->u.p;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* There always is a room for one */
+    n++;
+    if (n > (sizeof(c->u) - 16)) {
+        memset(p + n, 0, sizeof(c->u) - n);
+        n = 0;
+        sha512_block_data_order(c, p, 1);
+    }
+
+    memset(p + n, 0, sizeof(c->u) - 16 - n);
+#ifdef  B_ENDIAN
+    c->u.d[SHA_LBLOCK - 2] = c->Nh;
+    c->u.d[SHA_LBLOCK - 1] = c->Nl;
+#else
+    p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
+    p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
+    p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
+    p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
+    p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
+    p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
+    p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
+    p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
+    p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
+    p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
+    p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
+    p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
+    p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
+    p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
+    p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
+    p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
+#endif
+
+    sha512_block_data_order(c, p, 1);
+
+    if (md == 0)
+        return 0;
+
+    switch (c->md_len) {
+    /* Let compiler decide if it's appropriate to unroll... */
+    case SHA384_DIGEST_LENGTH:
+        for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA512_DIGEST_LENGTH:
+        for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    /* ... as well as make sure md_len is not abused. */
+    default:
+        return 0;
+    }
+
+    return 1;
+}
+
+int SHA384_Final(unsigned char *md, SHA512_CTX *c)
+{
+    return SHA512_Final(md, c);
+}
+
+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
+{
+    SHA_LONG64 l;
+    unsigned char *p = c->u.p;
+    const unsigned char *data = (const unsigned char *)_data;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff);
+    if (l < c->Nl)
+        c->Nh++;
+    if (sizeof(len) >= 8)
+        c->Nh += (((SHA_LONG64) len) >> 61);
+    c->Nl = l;
+
+    if (c->num != 0) {
+        size_t n = sizeof(c->u) - c->num;
+
+        if (len < n) {
+            memcpy(p + c->num, data, len), c->num += (unsigned int)len;
+            return 1;
+        } else {
+            memcpy(p + c->num, data, n), c->num = 0;
+            len -= n, data += n;
+            sha512_block_data_order(c, p, 1);
+        }
+    }
+
+    if (len >= sizeof(c->u)) {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+        if ((size_t)data % sizeof(c->u.d[0]) != 0)
+            while (len >= sizeof(c->u))
+                memcpy(p, data, sizeof(c->u)),
+                sha512_block_data_order(c, p, 1),
+                len -= sizeof(c->u), data += sizeof(c->u);
+        else
+#endif
+            sha512_block_data_order(c, data, len / sizeof(c->u)),
+            data += len, len %= sizeof(c->u), data -= len;
+    }
+
+    if (len != 0)
+        memcpy(p, data, len), c->num = (int)len;
+
+    return 1;
+}
+
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
+{
+    return SHA512_Update(c, data, len);
+}
+
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
+{
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+    if ((size_t)data % sizeof(c->u.d[0]) != 0)
+        memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
+#endif
+    sha512_block_data_order(c, data, 1);
+}
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA384_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA384_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA512_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA512_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+    U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
+    U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
+    U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
+    U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
+    U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
+    U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
+    U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
+    U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
+    U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
+    U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
+    U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
+    U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
+    U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
+    U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
+    U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
+    U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
+    U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
+    U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
+    U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
+    U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
+    U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
+    U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
+    U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
+    U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
+    U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
+    U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
+    U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
+    U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
+    U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
+    U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
+    U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
+    U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
+    U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
+    U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
+    U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
+    U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
+    U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
+    U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
+    U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
+    U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
+};
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && \
+      !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__x86_64) || defined(__x86_64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rorq %1,%0"       \
+                                : "=r"(ret)             \
+                                : "J"(n),"0"(a)         \
+                                : "cc"); ret;           })
+#    if !defined(B_ENDIAN)
+#     define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+                                asm ("bswapq    %0"             \
+                                : "=r"(ret)                     \
+                                : "0"(ret)); ret;               })
+#    endif
+#   elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+#    if defined(I386_ONLY)
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];          \
+                                asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                    "roll $16,%%eax; roll $16,%%edx; "\
+                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                : "=a"(lo),"=d"(hi)             \
+                                : "0"(lo),"1"(hi) : "cc");      \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    else
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];         \
+                                asm ("bswapl %0; bswapl %1;"    \
+                                : "=r"(lo),"=r"(hi)             \
+                                : "0"(lo),"1"(hi));             \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    endif
+#   elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
+#   elif defined(__aarch64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("ror %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a),"I"(n)); ret;  })
+#    if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+        __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define PULL64(x)   ({ SHA_LONG64 ret;                     \
+                                asm ("rev       %0,%1"          \
+                                : "=r"(ret)                     \
+                                : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
+#    endif
+#   endif
+#  elif defined(_MSC_VER)
+#   if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotr64)
+#    define ROTR(a,n)    _rotr64((a),n)
+#   endif
+#   if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \
+       !defined(OPENSSL_NO_INLINE_ASM)
+#    if defined(I386_ONLY)
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov  edx,[ecx + 0]
+    _asm mov  eax,[ecx + 4]
+    _asm xchg dh, dl
+    _asm xchg ah, al
+    _asm rol  edx, 16
+    _asm rol  eax, 16
+    _asm xchg dh, dl
+    _asm xchg ah, al
+}
+#    else
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov   edx,[ecx + 0]
+    _asm mov   eax,[ecx + 4]
+    _asm bswap edx
+    _asm bswap eax
+}
+#    endif
+#    define PULL64(x) __pull64be(&(x))
+#    if _MSC_VER<=1200
+#     pragma inline_depth(0)
+#    endif
+#   endif
+#  endif
+# endif
+# ifndef PULL64
+#  define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#  define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+#  define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+# define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+/*
+ * This code should give better results on 32-bit CPU with less than
+ * ~24 registers, both size and performance wise...
+ */
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 A, E, T;
+    SHA_LONG64 X[9 + 80], *F;
+    int i;
+
+    while (num--) {
+
+        F = X + 80;
+        A = ctx->h[0];
+        F[1] = ctx->h[1];
+        F[2] = ctx->h[2];
+        F[3] = ctx->h[3];
+        E = ctx->h[4];
+        F[5] = ctx->h[5];
+        F[6] = ctx->h[6];
+        F[7] = ctx->h[7];
+
+        for (i = 0; i < 16; i++, F--) {
+#  ifdef B_ENDIAN
+            T = W[i];
+#  else
+            T = PULL64(W[i]);
+#  endif
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        for (; i < 80; i++, F--) {
+            T = sigma0(F[8 + 16 - 1]);
+            T += sigma1(F[8 + 16 - 14]);
+            T += F[8 + 16] + F[8 + 16 - 9];
+
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        ctx->h[0] += A;
+        ctx->h[1] += F[1];
+        ctx->h[2] += F[2];
+        ctx->h[3] += F[3];
+        ctx->h[4] += E;
+        ctx->h[5] += F[5];
+        ctx->h[6] += F[6];
+        ctx->h[7] += F[7];
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+#  ifdef B_ENDIAN
+            T1 = X[i] = W[i];
+#  else
+            T1 = X[i] = PULL64(W[i]);
+#  endif
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 80; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# else
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)        do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                        } while (0)
+
+#  define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)    do {    \
+        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
+        ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+#  ifdef B_ENDIAN
+        T1 = X[0] = W[0];
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = W[1];
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = W[2];
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = W[3];
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = W[4];
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = W[5];
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = W[6];
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = W[7];
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = W[8];
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = W[9];
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = W[10];
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = W[11];
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = W[12];
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = W[13];
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = W[14];
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = W[15];
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  else
+        T1 = X[0] = PULL64(W[0]);
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = PULL64(W[1]);
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = PULL64(W[2]);
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = PULL64(W[3]);
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = PULL64(W[4]);
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = PULL64(W[5]);
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = PULL64(W[6]);
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = PULL64(W[7]);
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = PULL64(W[8]);
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = PULL64(W[9]);
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = PULL64(W[10]);
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = PULL64(W[11]);
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = PULL64(W[12]);
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = PULL64(W[13]);
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = PULL64(W[14]);
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = PULL64(W[15]);
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  endif
+
+        for (i = 16; i < 80; i += 16) {
+            ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X);
+            ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# endif
+
+#endif                         /* SHA512_ASM */
diff --git a/openssl-1.1.0h/crypto/sha/sha_locl.h b/openssl-1.1.0h/crypto/sha/sha_locl.h
new file mode 100644
index 0000000..918278a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sha/sha_locl.h
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
+        } while (0)
+
+#define HASH_UPDATE                     SHA1_Update
+#define HASH_TRANSFORM                  SHA1_Transform
+#define HASH_FINAL                      SHA1_Final
+#define HASH_INIT                       SHA1_Init
+#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id)       ( (a)=(ia^ib^ic^id),    \
+                                          ix=(a)=ROTATE((a),1)  \
+                                        )
+
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#else
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#endif
+
+#include "internal/md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT(SHA_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h0 = INIT_DATA_h0;
+    c->h1 = INIT_DATA_h1;
+    c->h2 = INIT_DATA_h2;
+    c->h3 = INIT_DATA_h3;
+    c->h4 = INIT_DATA_h4;
+    return 1;
+}
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/*
+ * As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified
+ * to the code in F_00_19.  Wei attributes these optimisations to Peter
+ * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
+ * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another
+ * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d)  F_20_39(b,c,d)
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+# define BODY_00_15(i,a,b,c,d,e,f,xi) \
+        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# ifdef X
+#  undef X
+# endif
+# ifndef MD32_XARRAY
+  /*
+   * Originally X was an array. As it's automatic it's natural
+   * to expect RISC compiler to accommodate at least part of it in
+   * the register bank, isn't it? Unfortunately not all compilers
+   * "find" this expectation reasonable:-( On order to make such
+   * compilers generate better code I replace X[] with a bunch of
+   * X0, X1, etc. See the function body below...
+   *                                    <appro@fy.chalmers.se>
+   */
+#  define X(i)   XX##i
+# else
+  /*
+   * However! Some compilers (most notably HP C) get overwhelmed by
+   * that many local variables so that we have to have the way to
+   * fall down to the original behavior.
+   */
+#  define X(i)   XX[i]
+# endif
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+#  ifndef MD32_XARRAY
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  else
+    SHA_LONG XX[16];
+#  endif
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        const union {
+            long one;
+            char little;
+        } is_endian = {
+            1
+        };
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)p % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            X(0) = W[0];
+            X(1) = W[1];
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            X(2) = W[2];
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            X(3) = W[3];
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            X(4) = W[4];
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            X(5) = W[5];
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            X(6) = W[6];
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            X(7) = W[7];
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            X(8) = W[8];
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            X(9) = W[9];
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            X(10) = W[10];
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            X(11) = W[11];
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            X(12) = W[12];
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            X(13) = W[13];
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            X(14) = W[14];
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            X(15) = W[15];
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+
+            data += SHA_CBLOCK;
+        } else {
+            (void)HOST_c2l(data, l);
+            X(0) = l;
+            (void)HOST_c2l(data, l);
+            X(1) = l;
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            (void)HOST_c2l(data, l);
+            X(2) = l;
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            (void)HOST_c2l(data, l);
+            X(3) = l;
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            (void)HOST_c2l(data, l);
+            X(4) = l;
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            (void)HOST_c2l(data, l);
+            X(5) = l;
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            (void)HOST_c2l(data, l);
+            X(6) = l;
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            (void)HOST_c2l(data, l);
+            X(7) = l;
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            (void)HOST_c2l(data, l);
+            X(8) = l;
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            (void)HOST_c2l(data, l);
+            X(9) = l;
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            (void)HOST_c2l(data, l);
+            X(10) = l;
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            (void)HOST_c2l(data, l);
+            X(11) = l;
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            (void)HOST_c2l(data, l);
+            X(12) = l;
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            (void)HOST_c2l(data, l);
+            X(13) = l;
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            (void)HOST_c2l(data, l);
+            X(14) = l;
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            (void)HOST_c2l(data, l);
+            X(15) = l;
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+        }
+
+        BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
+        BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
+        BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
+        BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
+
+        BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
+        BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
+        BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
+        BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
+        BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
+        BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
+        BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
+        BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
+        BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
+        BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
+        BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
+        BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
+
+        BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
+        BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
+        BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
+        BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
+        BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
+        BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
+        BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
+        BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
+
+        BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
+        BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
+        BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
+        BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
+        BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
+        BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
+        BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
+        BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
+        BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
+        BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
+        BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
+        BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
+        BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
+        BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
+        BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
+        BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
+        BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
+        BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
+        BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
+        BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
+
+        BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
+        BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
+        BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
+        BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
+        BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
+        BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
+        BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
+        BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
+        BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
+        BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
+        BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
+        BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
+        BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
+        BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
+        BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
+        BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
+        BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
+        BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
+        BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
+        BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
+
+        c->h0 = (c->h0 + E) & 0xffffffffL;
+        c->h1 = (c->h1 + T) & 0xffffffffL;
+        c->h2 = (c->h2 + A) & 0xffffffffL;
+        c->h3 = (c->h3 + B) & 0xffffffffL;
+        c->h4 = (c->h4 + C) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#else                           /* OPENSSL_SMALL_FOOTPRINT */
+
+# define BODY_00_15(xi)           do {   \
+        T=E+K_00_19+F_00_19(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xi;         } while(0)
+
+# define BODY_16_19(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_00_19+F_00_19(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_20_39(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_20_39+F_20_39(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_40_59(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_40_59+F_40_59(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_60_79(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T=E+K_60_79+F_60_79(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xa;         } while(0)
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+    int i;
+    SHA_LONG X[16];
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            X[i] = l;
+            BODY_00_15(X[i]);
+        }
+        for (i = 0; i < 4; i++) {
+            BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
+        }
+        for (; i < 24; i++) {
+            BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
+                       X[(i + 13) & 15]);
+        }
+        for (i = 0; i < 20; i++) {
+            BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+        for (i = 4; i < 24; i++) {
+            BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+
+        c->h0 = (c->h0 + A) & 0xffffffffL;
+        c->h1 = (c->h1 + B) & 0xffffffffL;
+        c->h2 = (c->h2 + C) & 0xffffffffL;
+        c->h3 = (c->h3 + D) & 0xffffffffL;
+        c->h4 = (c->h4 + E) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/crypto/sparc_arch.h b/openssl-1.1.0h/crypto/sparc_arch.h
new file mode 100644
index 0000000..99eafb3
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sparc_arch.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __SPARC_ARCH_H__
+# define __SPARC_ARCH_H__
+
+# define SPARCV9_TICK_PRIVILEGED (1<<0)
+# define SPARCV9_PREFER_FPU      (1<<1)
+# define SPARCV9_VIS1            (1<<2)
+# define SPARCV9_VIS2            (1<<3)/* reserved */
+# define SPARCV9_FMADD           (1<<4)
+# define SPARCV9_BLK             (1<<5)/* VIS1 block copy */
+# define SPARCV9_VIS3            (1<<6)
+# define SPARCV9_RANDOM          (1<<7)
+# define SPARCV9_64BIT_STACK     (1<<8)
+# define SPARCV9_FJAESX          (1<<9)/* Fujitsu SPARC64 X AES */
+# define SPARCV9_FJDESX          (1<<10)/* Fujitsu SPARC64 X DES, reserved */
+# define SPARCV9_FJHPCACE        (1<<11)/* Fujitsu HPC-ACE, reserved */
+# define SPARCV9_IMA             (1<<13)/* reserved */
+# define SPARCV9_VIS4            (1<<14)/* reserved */
+
+/*
+ * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
+ * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in
+ * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient...
+ */
+# define CFR_AES         0x00000001/* Supports AES opcodes */
+# define CFR_DES         0x00000002/* Supports DES opcodes */
+# define CFR_KASUMI      0x00000004/* Supports KASUMI opcodes */
+# define CFR_CAMELLIA    0x00000008/* Supports CAMELLIA opcodes */
+# define CFR_MD5         0x00000010/* Supports MD5 opcodes */
+# define CFR_SHA1        0x00000020/* Supports SHA1 opcodes */
+# define CFR_SHA256      0x00000040/* Supports SHA256 opcodes */
+# define CFR_SHA512      0x00000080/* Supports SHA512 opcodes */
+# define CFR_MPMUL       0x00000100/* Supports MPMUL opcodes */
+# define CFR_MONTMUL     0x00000200/* Supports MONTMUL opcodes */
+# define CFR_MONTSQR     0x00000400/* Supports MONTSQR opcodes */
+# define CFR_CRC32C      0x00000800/* Supports CRC32C opcodes */
+# define CFR_XMPMUL      0x00001000/* Supports XMPMUL opcodes */
+# define CFR_XMONTMUL    0x00002000/* Supports XMONTMUL opcodes */
+# define CFR_XMONTSQR    0x00004000/* Supports XMONTSQR opcodes */
+
+# if defined(OPENSSL_PIC) && !defined(__PIC__)
+#  define __PIC__
+# endif
+
+# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__)
+#  define __arch64__
+# endif
+
+# define SPARC_PIC_THUNK(reg)    \
+        .align  32;             \
+.Lpic_thunk:                    \
+        jmp     %o7 + 8;        \
+         add    %o7, reg, reg;
+
+# define SPARC_PIC_THUNK_CALL(reg)                       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .Lpic_thunk;                            \
+         or     reg, %lo(_GLOBAL_OFFSET_TABLE_+4), reg;
+
+# if 1
+#  define SPARC_SETUP_GOT_REG(reg)       SPARC_PIC_THUNK_CALL(reg)
+# else
+#  define SPARC_SETUP_GOT_REG(reg)       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .+8;                                    \
+        or      reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg;  \
+        add     %o7, reg, reg
+# endif
+
+# if defined(__arch64__)
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        setx    SYM, %o7, reg;
+#  define LDPTR          ldx
+#  define SIZE_T_CC      %xcc
+#  define STACK_FRAME    192
+#  define STACK_BIAS     2047
+#  define STACK_7thARG   (STACK_BIAS+176)
+
+# else
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        set     SYM, reg;
+#  define LDPTR          ld
+#  define SIZE_T_CC      %icc
+#  define STACK_FRAME    112
+#  define STACK_BIAS     0
+#  define STACK_7thARG   92
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg)
+
+# endif
+
+# ifdef __PIC__
+#  undef SPARC_LOAD_ADDRESS
+#  undef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        SPARC_SETUP_GOT_REG(reg);       \
+        sethi   %hi(SYM), %o7;          \
+        or      %o7, %lo(SYM), %o7;     \
+        LDPTR   [reg + %o7], reg;
+# endif
+
+# ifndef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) \
+        mov     %o7, tmp;                       \
+        SPARC_LOAD_ADDRESS(SYM, reg)            \
+        mov     tmp, %o7;
+# endif
+
+#endif                          /* __SPARC_ARCH_H__ */
diff --git a/openssl-1.1.0h/crypto/sparccpuid.S b/openssl-1.1.0h/crypto/sparccpuid.S
new file mode 100644
index 0000000..c6ca224
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sparccpuid.S
@@ -0,0 +1,582 @@
+! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+!
+! Licensed under the OpenSSL license (the "License").  You may not use
+! this file except in compliance with the License.  You can obtain a copy
+! in the file LICENSE in the source distribution or at
+! https://www.openssl.org/source/license.html
+
+#ifdef OPENSSL_FIPSCANISTER
+#include <openssl/fipssyms.h>
+#endif
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+# define ABI64  /* They've said -xarch=v9 at command line */
+#elif defined(__GNUC__) && defined(__arch64__)
+# define ABI64  /* They've said -m64 at command line */
+#endif
+
+#ifdef ABI64
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+# define	BIAS	2047
+#else
+# define	FRAME	-96
+# define	BIAS	0
+#endif
+
+.text
+.align	32
+.global	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,#function
+! Keep in mind that this does not excuse us from wiping the stack!
+! This routine wipes registers, but not the backing store [which
+! resides on the stack, toward lower addresses]. To facilitate for
+! stack wiping I return pointer to the top of stack of the *caller*.
+OPENSSL_wipe_cpu:
+	save	%sp,FRAME,%sp
+	nop
+#ifdef __sun
+#include <sys/trap.h>
+	ta	ST_CLEAN_WINDOWS
+#else
+	call	.walk.reg.wins
+#endif
+	nop
+	call	.PIC.zero.up
+	mov	.zero-(.-4),%o0
+	ld	[%o0],%f0
+	ld	[%o0],%f1
+
+	subcc	%g0,1,%o0
+	! Following is V9 "rd %ccr,%o0" instruction. However! V8
+	! specification says that it ("rd %asr2,%o0" in V8 terms) does
+	! not cause illegal_instruction trap. It therefore can be used
+	! to determine if the CPU the code is executing on is V8- or
+	! V9-compliant, as V9 returns a distinct value of 0x99,
+	! "negative" and "borrow" bits set in both %icc and %xcc.
+	.word	0x91408000	!rd	%ccr,%o0
+	cmp	%o0,0x99
+	bne	.v8
+	nop
+			! Even though we do not use %fp register bank,
+			! we wipe it as memcpy might have used it...
+			.word	0xbfa00040	!fmovd	%f0,%f62
+			.word	0xbba00040	!...
+			.word	0xb7a00040
+			.word	0xb3a00040
+			.word	0xafa00040
+			.word	0xaba00040
+			.word	0xa7a00040
+			.word	0xa3a00040
+			.word	0x9fa00040
+			.word	0x9ba00040
+			.word	0x97a00040
+			.word	0x93a00040
+			.word	0x8fa00040
+			.word	0x8ba00040
+			.word	0x87a00040
+			.word	0x83a00040	!fmovd	%f0,%f32
+.v8:			fmovs	%f1,%f31
+	clr	%o0
+			fmovs	%f0,%f30
+	clr	%o1
+			fmovs	%f1,%f29
+	clr	%o2
+			fmovs	%f0,%f28
+	clr	%o3
+			fmovs	%f1,%f27
+	clr	%o4
+			fmovs	%f0,%f26
+	clr	%o5
+			fmovs	%f1,%f25
+	clr	%o7
+			fmovs	%f0,%f24
+	clr	%l0
+			fmovs	%f1,%f23
+	clr	%l1
+			fmovs	%f0,%f22
+	clr	%l2
+			fmovs	%f1,%f21
+	clr	%l3
+			fmovs	%f0,%f20
+	clr	%l4
+			fmovs	%f1,%f19
+	clr	%l5
+			fmovs	%f0,%f18
+	clr	%l6
+			fmovs	%f1,%f17
+	clr	%l7
+			fmovs	%f0,%f16
+	clr	%i0
+			fmovs	%f1,%f15
+	clr	%i1
+			fmovs	%f0,%f14
+	clr	%i2
+			fmovs	%f1,%f13
+	clr	%i3
+			fmovs	%f0,%f12
+	clr	%i4
+			fmovs	%f1,%f11
+	clr	%i5
+			fmovs	%f0,%f10
+	clr	%g1
+			fmovs	%f1,%f9
+	clr	%g2
+			fmovs	%f0,%f8
+	clr	%g3
+			fmovs	%f1,%f7
+	clr	%g4
+			fmovs	%f0,%f6
+	clr	%g5
+			fmovs	%f1,%f5
+			fmovs	%f0,%f4
+			fmovs	%f1,%f3
+			fmovs	%f0,%f2
+
+	add	%fp,BIAS,%i0	! return pointer to caller´s top of stack
+
+	ret
+	restore
+
+.zero:	.long	0x0,0x0
+.PIC.zero.up:
+	retl
+	add	%o0,%o7,%o0
+#ifdef DEBUG
+.global	walk_reg_wins
+.type	walk_reg_wins,#function
+walk_reg_wins:
+#endif
+.walk.reg.wins:
+	save	%sp,FRAME,%sp
+	cmp	%i7,%o7
+	be	2f
+	clr	%o0
+	cmp	%o7,0	! compiler never cleans %o7...
+	be	1f	! could have been a leaf function...
+	clr	%o1
+	call	.walk.reg.wins
+	nop
+1:	clr	%o2
+	clr	%o3
+	clr	%o4
+	clr	%o5
+	clr	%o7
+	clr	%l0
+	clr	%l1
+	clr	%l2
+	clr	%l3
+	clr	%l4
+	clr	%l5
+	clr	%l6
+	clr	%l7
+	add	%o0,1,%i0	! used for debugging
+2:	ret
+	restore
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+
+.global	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,#function
+.align	32
+OPENSSL_atomic_add:
+#ifndef ABI64
+	subcc	%g0,1,%o2
+	.word	0x95408000	!rd	%ccr,%o2, see comment above
+	cmp	%o2,0x99
+	be	.v9
+	nop
+	save	%sp,FRAME,%sp
+	ba	.enter
+	nop
+#ifdef __sun
+! Note that you do not have to link with libthread to call thr_yield,
+! as libc provides a stub, which is overloaded the moment you link
+! with *either* libpthread or libthread...
+#define	YIELD_CPU	thr_yield
+#else
+! applies at least to Linux and FreeBSD... Feedback expected...
+#define	YIELD_CPU	sched_yield
+#endif
+.spin:	call	YIELD_CPU
+	nop
+.enter:	ld	[%i0],%i2
+	cmp	%i2,-4096
+	be	.spin
+	mov	-1,%i2
+	swap	[%i0],%i2
+	cmp	%i2,-1
+	be	.spin
+	add	%i2,%i1,%i2
+	stbar
+	st	%i2,[%i0]
+	sra	%i2,%g0,%i0
+	ret
+	restore
+.v9:
+#endif
+	ld	[%o0],%o2
+1:	add	%o1,%o2,%o3
+	.word	0xd7e2100a	!cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3
+	cmp	%o2,%o3
+	bne	1b
+	mov	%o3,%o2		! cas is always fetching to dest. register
+	add	%o1,%o2,%o0	! OpenSSL expects the new value
+	retl
+	sra	%o0,%g0,%o0	! we return signed int, remember?
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.global	_sparcv9_rdtick
+.align	32
+_sparcv9_rdtick:
+	subcc	%g0,1,%o0
+	.word	0x91408000	!rd	%ccr,%o0
+	cmp	%o0,0x99
+	bne	.notick
+	xor	%o0,%o0,%o0
+	.word	0x91410000	!rd	%tick,%o0
+	retl
+	.word	0x93323020	!srlx	%o0,32,%o1
+.notick:
+	retl
+	xor	%o1,%o1,%o1
+.type	_sparcv9_rdtick,#function
+.size	_sparcv9_rdtick,.-_sparcv9_rdtick
+
+.global	_sparcv9_vis1_probe
+.align	8
+_sparcv9_vis1_probe:
+	add	%sp,BIAS+2,%o1
+	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+	retl
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+.type	_sparcv9_vis1_probe,#function
+.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+
+! Probe and instrument VIS1 instruction. Output is number of cycles it
+! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+! is slow (documented to be 6 cycles on T2) and the core is in-order
+! single-issue, it should be possible to distinguish Tx reliably...
+! Observed return values are:
+!
+!	UltraSPARC IIe		7
+!	UltraSPARC III		7
+!	UltraSPARC T1		24
+!	SPARC T4		65(*)
+!
+! (*)	result has lesser to do with VIS instruction latencies, rdtick
+!	appears that slow, but it does the trick in sense that FP and
+!	VIS code paths are still slower than integer-only ones.
+!
+! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+!
+! It would be possible to detect specifically US-T1 by instrumenting
+! fmul8ulx16, which is emulated on T1 and as such accounts for quite
+! a lot of %tick-s, couple of thousand on Linux...
+.global	_sparcv9_vis1_instrument
+.align	8
+_sparcv9_vis1_instrument:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x91410000	!rd	%tick,%o0
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x93410000	!rd	%tick,%o1
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x95410000	!rd	%tick,%o2
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x97410000	!rd	%tick,%o3
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x99410000	!rd	%tick,%o4
+
+	! calculate intervals
+	sub	%o1,%o0,%o0
+	sub	%o2,%o1,%o1
+	sub	%o3,%o2,%o2
+	sub	%o4,%o3,%o3
+
+	! find minimum value
+	cmp	%o0,%o1
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o1,%o0
+	cmp	%o0,%o2
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o2,%o0
+	cmp	%o0,%o3
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o3,%o0
+
+	retl
+	nop
+.type	_sparcv9_vis1_instrument,#function
+.size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
+.global	_sparcv9_vis2_probe
+.align	8
+_sparcv9_vis2_probe:
+	retl
+	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
+.type	_sparcv9_vis2_probe,#function
+.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+
+.global	_sparcv9_fmadd_probe
+.align	8
+_sparcv9_fmadd_probe:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	retl
+	.word	0x81b80440	!fmaddd	%f0,%f0,%f2,%f0
+.type	_sparcv9_fmadd_probe,#function
+.size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+
+.global	_sparcv9_rdcfr
+.align	8
+_sparcv9_rdcfr:
+	retl
+	.word	0x91468000	!rd	%asr26,%o0
+.type	_sparcv9_rdcfr,#function
+.size	_sparcv9_rdcfr,.-_sparcv9_rdcfr
+
+.global	_sparcv9_vis3_probe
+.align	8
+_sparcv9_vis3_probe:
+	retl
+	.word	0x81b022a0	!xmulx	%g0,%g0,%g0
+.type	_sparcv9_vis3_probe,#function
+.size	_sparcv9_vis3_probe,.-_sparcv9_vis3_probe
+
+.global	_sparcv9_random
+.align	8
+_sparcv9_random:
+	retl
+	.word	0x91b002a0	!random	%o0
+.type	_sparcv9_random,#function
+.size	_sparcv9_random,.-_sparcv9_vis3_probe
+
+.global	_sparcv9_fjaesx_probe
+.align	8
+_sparcv9_fjaesx_probe:
+	.word	0x81b09206	!faesencx %f2,%f6,%f0
+	retl
+	nop
+.size	_sparcv9_fjaesx_probe,.-_sparcv9_fjaesx_probe
+
+.global	OPENSSL_cleanse
+.align	32
+OPENSSL_cleanse:
+	cmp	%o1,14
+	nop
+#ifdef ABI64
+	bgu	%xcc,.Lot
+#else
+	bgu	.Lot
+#endif
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+
+.Little:
+	stb	%g0,[%o0]
+	subcc	%o1,1,%o1
+	bnz	.Little
+	add	%o0,1,%o0
+	retl
+	nop
+.align	32
+.Lot:
+#ifndef ABI64
+	subcc	%g0,1,%g1
+	! see above for explanation
+	.word	0x83408000	!rd	%ccr,%g1
+	cmp	%g1,0x99
+	bne	.v8lot
+	nop
+#endif
+
+.v9lot:	andcc	%o0,7,%g0
+	bz	.v9aligned
+	nop
+	stb	%g0,[%o0]
+	sub	%o1,1,%o1
+	ba	.v9lot
+	add	%o0,1,%o0
+.align	16,0x01000000
+.v9aligned:
+	.word	0xc0720000	!stx	%g0,[%o0]
+	sub	%o1,8,%o1
+	andcc	%o1,-8,%g0
+#ifdef ABI64
+	.word	0x126ffffd	!bnz	%xcc,.v9aligned
+#else
+	.word	0x124ffffd	!bnz	%icc,.v9aligned
+#endif
+	add	%o0,8,%o0
+
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+#ifndef ABI64
+.v8lot:	andcc	%o0,3,%g0
+	bz	.v8aligned
+	nop
+	stb	%g0,[%o0]
+	sub	%o1,1,%o1
+	ba	.v8lot
+	add	%o0,1,%o0
+	nop
+.v8aligned:
+	st	%g0,[%o0]
+	sub	%o1,4,%o1
+	andcc	%o1,-4,%g0
+	bnz	.v8aligned
+	add	%o0,4,%o0
+
+	cmp	%o1,0
+	bne	.Little
+	nop
+	retl
+	nop
+#endif
+.type	OPENSSL_cleanse,#function
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.global	CRYPTO_memcmp
+.align	16
+CRYPTO_memcmp:
+	cmp	%o2,0
+#ifdef ABI64
+	beq,pn	%xcc,.Lno_data
+#else
+	beq	.Lno_data
+#endif
+	xor	%g1,%g1,%g1
+	nop
+
+.Loop_cmp:
+	ldub	[%o0],%o3
+	add	%o0,1,%o0
+	ldub	[%o1],%o4
+	add	%o1,1,%o1
+	subcc	%o2,1,%o2
+	xor	%o3,%o4,%o4
+#ifdef ABI64
+	bnz	%xcc,.Loop_cmp
+#else
+	bnz	.Loop_cmp
+#endif
+	or	%o4,%g1,%g1
+
+	sub	%g0,%g1,%g1
+	srl	%g1,31,%g1
+.Lno_data:
+	retl
+	mov	%g1,%o0
+.type	CRYPTO_memcmp,#function
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+
+.global	_sparcv9_vis1_instrument_bus
+.align	8
+_sparcv9_vis1_instrument_bus:
+	mov	%o1,%o3					! save cnt
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	mov	%o4,%o5					! lasttick = tick
+	set	0,%g4					! diff
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+.Loop:	.word	0x99410000	!rd	%tick,%o4
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+	subcc	%o1,1,%o1				! --$cnt
+	bnz	.Loop
+	add	%o0,4,%o0				! ++$out
+
+	retl
+	mov	%o3,%o0
+.type	_sparcv9_vis1_instrument_bus,#function
+.size	_sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
+
+.global	_sparcv9_vis1_instrument_bus2
+.align	8
+_sparcv9_vis1_instrument_bus2:
+	mov	%o1,%o3					! save cnt
+	sll	%o1,2,%o1				! cnt*=4
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	mov	%o4,%o5					! lasttick = tick
+	set	0,%g4					! diff
+
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+	mov	%g4,%g5					! lastdiff=diff
+.Loop2:
+	andn	%o0,63,%g1
+	.word	0xc1985e00	!ldda	[%g1]0xf0,%f0	! block load
+	.word	0x8143e040	!membar	#Sync
+	.word	0xc1b85c00	!stda	%f0,[%g1]0xe0	! block store and commit
+	.word	0x8143e040	!membar	#Sync
+	ld	[%o0],%o4
+	add	%o4,%g4,%g4
+	.word	0xc9e2100c	!cas	[%o0],%o4,%g4
+
+	subcc	%o2,1,%o2				! --max
+	bz	.Ldone2
+	nop
+
+	.word	0x99410000	!rd	%tick,%o4	! tick
+	sub	%o4,%o5,%g4				! diff=tick-lasttick
+	mov	%o4,%o5					! lasttick=tick
+	cmp	%g4,%g5
+	mov	%g4,%g5					! lastdiff=diff
+
+	.word	0x83408000	!rd	%ccr,%g1
+	and	%g1,4,%g1				! isolate zero flag
+	xor	%g1,4,%g1				! flip zero flag
+
+	subcc	%o1,%g1,%o1				! conditional --$cnt
+	bnz	.Loop2
+	add	%o0,%g1,%o0				! conditional ++$out
+
+.Ldone2:
+	srl	%o1,2,%o1
+	retl
+	sub	%o3,%o1,%o0
+.type	_sparcv9_vis1_instrument_bus2,#function
+.size	_sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2
+
+.section	".init",#alloc,#execinstr
+	call	OPENSSL_cpuid_setup
+	nop
diff --git a/openssl-1.1.0h/crypto/sparcv9cap.c b/openssl-1.1.0h/crypto/sparcv9cap.c
new file mode 100644
index 0000000..61d0334
--- /dev/null
+++ b/openssl-1.1.0h/crypto/sparcv9cap.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <openssl/bn.h>
+
+#include "sparc_arch.h"
+
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
+unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
+
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                         const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                        const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+    if (!(num & 1) && num >= 6) {
+        if ((num & 15) == 0 && num <= 64 &&
+            (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
+            (CFR_MONTMUL | CFR_MONTSQR)) {
+            typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
+                                          const BN_ULONG *bp,
+                                          const BN_ULONG *np,
+                                          const BN_ULONG *n0);
+            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const BN_ULONG *bp, const BN_ULONG *np,
+                                 const BN_ULONG *n0);
+            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
+                                  const BN_ULONG *bp, const BN_ULONG *np,
+                                  const BN_ULONG *n0);
+            static const bn_mul_mont_f funcs[4] = {
+                bn_mul_mont_t4_8, bn_mul_mont_t4_16,
+                bn_mul_mont_t4_24, bn_mul_mont_t4_32
+            };
+            bn_mul_mont_f worker = funcs[num / 16 - 1];
+
+            if ((*worker) (rp, ap, bp, np, n0))
+                return 1;
+            /* retry once and fall back */
+            if ((*worker) (rp, ap, bp, np, n0))
+                return 1;
+            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
+        }
+        if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3))
+            return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
+        else if (num >= 8 &&
+                 /*
+                  * bn_mul_mont_fpu doesn't use FMADD, we just use the
+                  * flag to detect when FPU path is preferable in cases
+                  * when current heuristics is unreliable. [it works
+                  * out because FMADD-capable processors where FPU
+                  * code path is undesirable are also VIS3-capable and
+                  * VIS3 code path takes precedence.]
+                  */
+                 ( (OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) ||
+                   (OPENSSL_sparcv9cap_P[0] &
+                    (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
+                   (SPARCV9_PREFER_FPU | SPARCV9_VIS1) ))
+            return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
+    }
+    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
+}
+
+unsigned long _sparcv9_rdtick(void);
+void _sparcv9_vis1_probe(void);
+unsigned long _sparcv9_vis1_instrument(void);
+void _sparcv9_vis2_probe(void);
+void _sparcv9_fmadd_probe(void);
+unsigned long _sparcv9_rdcfr(void);
+void _sparcv9_vis3_probe(void);
+void _sparcv9_fjaesx_probe(void);
+unsigned long _sparcv9_random(void);
+size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
+size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
+
+unsigned long OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
+#if defined(__sun) && defined(__SVR4)
+        return gethrtime();
+#else
+        return 0;
+#endif
+    else
+        return _sparcv9_rdtick();
+}
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
+        SPARCV9_BLK)
+        return _sparcv9_vis1_instrument_bus(out, cnt);
+    else
+        return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) ==
+        SPARCV9_BLK)
+        return _sparcv9_vis1_instrument_bus2(out, cnt, max);
+    else
+        return 0;
+}
+
+static sigjmp_buf common_jmp;
+static void common_handler(int sig)
+{
+    siglongjmp(common_jmp, sig);
+}
+
+#if defined(__sun) && defined(__SVR4)
+# if defined(__GNUC__) && __GNUC__>=2
+extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak));
+# elif defined(__SUNPRO_C)
+#pragma weak getisax
+extern unsigned int getisax(unsigned int vec[], unsigned int sz);
+# else
+static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL;
+# endif
+#endif
+
+void OPENSSL_cpuid_setup(void)
+{
+    char *e;
+    struct sigaction common_act, ill_oact, bus_oact;
+    sigset_t all_masked, oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_sparcv9cap"))) {
+        OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
+        if ((e = strchr(e, ':')))
+            OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0);
+        return;
+    }
+
+#if defined(__sun) && defined(__SVR4)
+    if (getisax != NULL) {
+        unsigned int vec[2] = { 0, 0 };
+
+        if (getisax (vec,2)) {
+            if (vec[0]&0x00020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1;
+            if (vec[0]&0x00040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+            if (vec[0]&0x00080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK;
+            if (vec[0]&0x00100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+            if (vec[0]&0x00400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
+            if (vec[0]&0x01000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE;
+            if (vec[0]&0x02000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX;
+            if (vec[0]&0x08000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA;
+            if (vec[0]&0x10000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
+            if (vec[1]&0x00008) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4;
+
+            /* reconstruct %cfr copy */
+            OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff;
+            OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1;
+            if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C;
+            if (vec[1]&0x00000020) OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL;
+            if (vec[1]&0x00000040)
+                OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL|CFR_XMONTSQR;
+
+            /* Some heuristics */
+            /* all known VIS2-capable CPUs have unprivileged tick counter */
+            if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2)
+                OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
+
+            /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+            if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) &&
+                _sparcv9_vis1_instrument() >= 12)
+                OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+        }
+
+        if (sizeof(size_t) == 8)
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+
+        return;
+    }
+#endif
+
+    /* Initial value, fits UltraSPARC-I&II... */
+    OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED;
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+# ifdef SIGEMT
+    sigdelset(&all_masked, SIGEMT);
+# endif
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+    sigprocmask(SIG_SETMASK, &all_masked, &oset);
+
+    memset(&common_act, 0, sizeof(common_act));
+    common_act.sa_handler = common_handler;
+    common_act.sa_mask = all_masked;
+
+    sigaction(SIGILL, &common_act, &ill_oact);
+    sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on
+                                                * Linux] */
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_rdtick();
+        OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_vis1_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
+        /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+        if (_sparcv9_vis1_instrument() >= 12)
+            OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU);
+        else {
+            _sparcv9_vis2_probe();
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
+        }
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_fmadd_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
+    }
+
+    /*
+     * VIS3 flag is tested independently from VIS1, unlike VIS2 that is,
+     * because VIS3 defines even integer instructions.
+     */
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_vis3_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
+    }
+
+    if (sigsetjmp(common_jmp, 1) == 0) {
+        _sparcv9_fjaesx_probe();
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
+    }
+
+    /*
+     * In wait for better solution _sparcv9_rdcfr is masked by
+     * VIS3 flag, because it goes to uninterruptable endless
+     * loop on UltraSPARC II running Solaris. Things might be
+     * different on Linux...
+     */
+    if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) &&
+        sigsetjmp(common_jmp, 1) == 0) {
+        OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr();
+    }
+
+    sigaction(SIGBUS, &bus_oact, NULL);
+    sigaction(SIGILL, &ill_oact, NULL);
+
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+
+    if (sizeof(size_t) == 8)
+        OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+# ifdef __linux
+    else {
+        int ret = syscall(340);
+
+        if (ret >= 0 && ret & 1)
+            OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK;
+    }
+# endif
+}
diff --git a/openssl-1.1.0h/crypto/srp/build.info b/openssl-1.1.0h/crypto/srp/build.info
new file mode 100644
index 0000000..b6c7fe7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/srp/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=srp_lib.c srp_vfy.c
diff --git a/openssl-1.1.0h/crypto/srp/srp_lib.c b/openssl-1.1.0h/crypto/srp/srp_lib.c
new file mode 100644
index 0000000..e79352c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/srp/srp_lib.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include "internal/bn_srp.h"
+
+/* calculate = SHA1(PAD(x) || PAD(y)) */
+
+static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
+{
+    unsigned char digest[SHA_DIGEST_LENGTH];
+    unsigned char *tmp = NULL;
+    int numN = BN_num_bytes(N);
+    BIGNUM *res = NULL;
+    if (x != N && BN_ucmp(x, N) >= 0)
+        return NULL;
+    if (y != N && BN_ucmp(y, N) >= 0)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
+        goto err;
+    if (BN_bn2binpad(x, tmp, numN) < 0
+        || BN_bn2binpad(y, tmp + numN, numN) < 0
+        || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))
+        goto err;
+    res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+    OPENSSL_free(tmp);
+    return res;
+}
+
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
+{
+    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+    return srp_Calc_xy(N, g, N);
+}
+
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
+{
+    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
+    return srp_Calc_xy(A, B, N);
+}
+
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N)
+{
+    BIGNUM *tmp = NULL, *S = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
+        return NULL;
+
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
+        goto err;
+
+    /* S = (A*v**u) ** b */
+
+    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
+        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    return S;
+}
+
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v)
+{
+    BIGNUM *kv = NULL, *gb = NULL;
+    BIGNUM *B = NULL, *k = NULL;
+    BN_CTX *bn_ctx;
+
+    if (b == NULL || N == NULL || g == NULL || v == NULL ||
+        (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((kv = BN_new()) == NULL ||
+        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
+        goto err;
+
+    /* B = g**b + k*v */
+
+    if (!BN_mod_exp(gb, g, b, N, bn_ctx)
+        || (k = srp_Calc_k(N, g)) == NULL
+        || !BN_mod_mul(kv, v, k, N, bn_ctx)
+        || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+        BN_free(B);
+        B = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(kv);
+    BN_clear_free(gb);
+    BN_free(k);
+    return B;
+}
+
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
+{
+    unsigned char dig[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt;
+    unsigned char *cs = NULL;
+    BIGNUM *res = NULL;
+
+    if ((s == NULL) || (user == NULL) || (pass == NULL))
+        return NULL;
+
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL)
+        return NULL;
+    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+        goto err;
+
+    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, user, strlen(user))
+        || !EVP_DigestUpdate(ctxt, ":", 1)
+        || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL)
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
+        goto err;
+    BN_bn2bin(s, cs);
+    if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
+        goto err;
+
+    if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL))
+        goto err;
+
+    res = BN_bin2bn(dig, sizeof(dig), NULL);
+
+ err:
+    OPENSSL_free(cs);
+    EVP_MD_CTX_free(ctxt);
+    return res;
+}
+
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx;
+    BIGNUM *A = NULL;
+
+    if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
+        BN_free(A);
+        A = NULL;
+    }
+    BN_CTX_free(bn_ctx);
+    return A;
+}
+
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
+{
+    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
+        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((tmp = BN_new()) == NULL ||
+        (tmp2 = BN_new()) == NULL ||
+        (tmp3 = BN_new()) == NULL)
+        goto err;
+
+    if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
+        goto err;
+    if ((k = srp_Calc_k(N, g)) == NULL)
+        goto err;
+    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
+        goto err;
+    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
+        goto err;
+    if (!BN_mul(tmp3, u, x, bn_ctx))
+        goto err;
+    if (!BN_add(tmp2, a, tmp3))
+        goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
+
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    BN_clear_free(tmp2);
+    BN_clear_free(tmp3);
+    BN_free(k);
+    return K;
+}
+
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
+{
+    BIGNUM *r;
+    BN_CTX *bn_ctx;
+    int ret = 0;
+
+    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return 0;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+    /* Checks if B % N == 0 */
+    if (!BN_nnmod(r, B, N, bn_ctx))
+        goto err;
+    ret = !BN_is_zero(r);
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_free(r);
+    return ret;
+}
+
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
+{
+    /* Checks if A % N == 0 */
+    return SRP_Verify_B_mod_N(A, N);
+}
+
+static SRP_gN knowngN[] = {
+    {"8192", &bn_generator_19, &bn_group_8192},
+    {"6144", &bn_generator_5, &bn_group_6144},
+    {"4096", &bn_generator_5, &bn_group_4096},
+    {"3072", &bn_generator_5, &bn_group_3072},
+    {"2048", &bn_generator_2, &bn_group_2048},
+    {"1536", &bn_generator_2, &bn_group_1536},
+    {"1024", &bn_generator_2, &bn_group_1024},
+};
+
+# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
+/*
+ * Check if G and N are known parameters. The values have been generated
+ * from the ietf-tls-srp draft version 8
+ */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
+{
+    size_t i;
+    if ((g == NULL) || (N == NULL))
+        return 0;
+
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
+            return knowngN[i].id;
+    }
+    return NULL;
+}
+
+SRP_gN *SRP_get_default_gN(const char *id)
+{
+    size_t i;
+
+    if (id == NULL)
+        return knowngN;
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (strcmp(knowngN[i].id, id) == 0)
+            return knowngN + i;
+    }
+    return NULL;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/srp/srp_vfy.c b/openssl-1.1.0h/crypto/srp/srp_vfy.c
new file mode 100644
index 0000000..29b7afc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/srp/srp_vfy.c
@@ -0,0 +1,680 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include <openssl/buffer.h>
+# include <openssl/rand.h>
+# include <openssl/txt_db.h>
+
+# define SRP_RANDOM_SALT_LEN 20
+# define MAX_LEN 2500
+
+static char b64table[] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+/*
+ * the following two conversion routines have been inspired by code from
+ * Stanford
+ */
+
+/*
+ * Convert a base64 string into raw byte array representation.
+ */
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
+{
+    char *loc;
+    int i, j;
+    int size;
+
+    if (alen == 0 || alen > INT_MAX)
+        return -1;
+
+    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
+        ++src;
+    size = strlen(src);
+    if (size < 0 || size >= (int)alen)
+        return -1;
+
+    i = 0;
+    while (i < size) {
+        loc = strchr(b64table, src[i]);
+        if (loc == (char *)0)
+            break;
+        else
+            a[i] = loc - b64table;
+        ++i;
+    }
+    /* if nothing valid to process we have a zero length response */
+    if (i == 0)
+        return 0;
+    size = i;
+    i = size - 1;
+    j = size;
+    while (1) {
+        a[j] = a[i];
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] & 3) << 6;
+        --j;
+        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] & 0xf) << 4;
+        --j;
+        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] << 2);
+
+        a[--j] = 0;
+        if (--i < 0)
+            break;
+    }
+    while (j <= size && a[j] == 0)
+        ++j;
+    i = 0;
+    while (j <= size)
+        a[i++] = a[j++];
+    return i;
+}
+
+/*
+ * Convert a raw byte string into a null-terminated base64 ASCII string.
+ */
+static char *t_tob64(char *dst, const unsigned char *src, int size)
+{
+    int c, pos = size % 3;
+    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
+    char *olddst = dst;
+
+    switch (pos) {
+    case 1:
+        b2 = src[0];
+        break;
+    case 2:
+        b1 = src[0];
+        b2 = src[1];
+        break;
+    }
+
+    while (1) {
+        c = (b0 & 0xfc) >> 2;
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = b2 & 0x3f;
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        if (pos >= size)
+            break;
+        else {
+            b0 = src[pos++];
+            b1 = src[pos++];
+            b2 = src[pos++];
+        }
+    }
+
+    *dst++ = '\0';
+    return olddst;
+}
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+{
+    if (user_pwd == NULL)
+        return;
+    BN_free(user_pwd->s);
+    BN_clear_free(user_pwd->v);
+    OPENSSL_free(user_pwd->id);
+    OPENSSL_free(user_pwd->info);
+    OPENSSL_free(user_pwd);
+}
+
+static SRP_user_pwd *SRP_user_pwd_new(void)
+{
+    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret));
+    if (ret == NULL)
+        return NULL;
+    ret->N = NULL;
+    ret->g = NULL;
+    ret->s = NULL;
+    ret->v = NULL;
+    ret->id = NULL;
+    ret->info = NULL;
+    return ret;
+}
+
+static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                                const BIGNUM *N)
+{
+    vinfo->N = N;
+    vinfo->g = g;
+}
+
+static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+                                const char *info)
+{
+    if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
+        return 0;
+    return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
+}
+
+static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+                               const char *v)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+
+    vinfo->v = NULL;
+    vinfo->s = NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), v);
+    if (len < 0)
+        return 0;
+    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
+        return 0;
+    len = t_fromb64(tmp, sizeof(tmp), s);
+    if (len < 0)
+        goto err;
+    vinfo->s = BN_bin2bn(tmp, len, NULL);
+    if (vinfo->s == NULL)
+        goto err;
+    return 1;
+ err:
+    BN_free(vinfo->v);
+    vinfo->v = NULL;
+    return 0;
+}
+
+static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+{
+    vinfo->v = v;
+    vinfo->s = s;
+    return (vinfo->s != NULL && vinfo->v != NULL);
+}
+
+static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
+{
+    SRP_user_pwd *ret;
+
+    if (src == NULL)
+        return NULL;
+    if ((ret = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(ret, src->g, src->N);
+    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
+        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+            SRP_user_pwd_free(ret);
+            return NULL;
+    }
+    return ret;
+}
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key)
+{
+    SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
+
+    if (vb == NULL)
+        return NULL;
+    if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
+        || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    vb->default_g = NULL;
+    vb->default_N = NULL;
+    vb->seed_key = NULL;
+    if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
+        sk_SRP_gN_cache_free(vb->gN_cache);
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    return vb;
+}
+
+void SRP_VBASE_free(SRP_VBASE *vb)
+{
+    if (!vb)
+        return;
+    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
+    sk_SRP_gN_cache_free(vb->gN_cache);
+    OPENSSL_free(vb->seed_key);
+    OPENSSL_free(vb);
+}
+
+static SRP_gN_cache *SRP_gN_new_init(const char *ch)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+    SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
+
+    if (newgN == NULL)
+        return NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), ch);
+    if (len < 0)
+        goto err;
+
+    if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
+        goto err;
+
+    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
+        return newgN;
+
+    OPENSSL_free(newgN->b64_bn);
+ err:
+    OPENSSL_free(newgN);
+    return NULL;
+}
+
+static void SRP_gN_free(SRP_gN_cache *gN_cache)
+{
+    if (gN_cache == NULL)
+        return;
+    OPENSSL_free(gN_cache->b64_bn);
+    BN_free(gN_cache->bn);
+    OPENSSL_free(gN_cache);
+}
+
+static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+{
+    int i;
+
+    SRP_gN *gN;
+    if (gN_tab != NULL)
+        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
+            gN = sk_SRP_gN_value(gN_tab, i);
+            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
+                return gN;
+        }
+
+    return SRP_get_default_gN(id);
+}
+
+static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
+{
+    int i;
+    if (gN_cache == NULL)
+        return NULL;
+
+    /* search if we have already one... */
+    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
+        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
+        if (strcmp(cache->b64_bn, ch) == 0)
+            return cache->bn;
+    }
+    {                           /* it is the first time that we find it */
+        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
+        if (newgN) {
+            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
+                return newgN->bn;
+            SRP_gN_free(newgN);
+        }
+    }
+    return NULL;
+}
+
+/*
+ * this function parses verifier file. Format is:
+ * string(index):base64(N):base64(g):0
+ * string(username):base64(v):base64(salt):int(index)
+ */
+
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+{
+    int error_code;
+    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
+    char *last_index = NULL;
+    int i;
+    char **pp;
+
+    SRP_gN *gN = NULL;
+    SRP_user_pwd *user_pwd = NULL;
+
+    TXT_DB *tmpdb = NULL;
+    BIO *in = BIO_new(BIO_s_file());
+
+    error_code = SRP_ERR_OPEN_FILE;
+
+    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
+        goto err;
+
+    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+    error_code = SRP_ERR_MEMORY;
+
+    if (vb->seed_key) {
+        last_index = SRP_get_default_gN(NULL)->id;
+    }
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            /*
+             * we add this couple in the internal Stack
+             */
+
+            if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
+                goto err;
+
+            if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
+                || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+                        == NULL
+                || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+                        == NULL
+                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
+                goto err;
+
+            gN = NULL;
+
+            if (vb->seed_key != NULL) {
+                last_index = pp[DB_srpid];
+            }
+        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
+            /* it is a user .... */
+            const SRP_gN *lgN;
+
+            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
+                error_code = SRP_ERR_MEMORY;
+                if ((user_pwd = SRP_user_pwd_new()) == NULL)
+                    goto err;
+
+                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
+                if (!SRP_user_pwd_set_ids
+                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
+                    goto err;
+
+                error_code = SRP_ERR_VBASE_BN_LIB;
+                if (!SRP_user_pwd_set_sv
+                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
+                    goto err;
+
+                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
+                    goto err;
+                user_pwd = NULL; /* abandon responsibility */
+            }
+        }
+    }
+
+    if (last_index != NULL) {
+        /* this means that we want to simulate a default user */
+
+        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
+            error_code = SRP_ERR_VBASE_BN_LIB;
+            goto err;
+        }
+        vb->default_g = gN->g;
+        vb->default_N = gN->N;
+        gN = NULL;
+    }
+    error_code = SRP_NO_ERROR;
+
+ err:
+    /*
+     * there may be still some leaks to fix, if this fails, the application
+     * terminates most likely
+     */
+
+    if (gN != NULL) {
+        OPENSSL_free(gN->id);
+        OPENSSL_free(gN);
+    }
+
+    SRP_user_pwd_free(user_pwd);
+
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+
+    sk_SRP_gN_free(SRP_gN_tab);
+
+    return error_code;
+
+}
+
+static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
+{
+    int i;
+    SRP_user_pwd *user;
+
+    if (vb == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
+        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+        if (strcmp(user->id, username) == 0)
+            return user;
+    }
+
+    return NULL;
+}
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * DEPRECATED: use SRP_VBASE_get1_by_user instead.
+ * This method ignores the configured seed and fails for an unknown user.
+ * Ownership of the returned pointer is not released to the caller.
+ * In other words, caller must not free the result.
+ */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+{
+    return find_user(vb, username);
+}
+#endif
+
+/*
+ * Ownership of the returned pointer is released to the caller.
+ * In other words, caller must free the result once done.
+ */
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
+{
+    SRP_user_pwd *user;
+    unsigned char digv[SHA_DIGEST_LENGTH];
+    unsigned char digs[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt = NULL;
+
+    if (vb == NULL)
+        return NULL;
+
+    if ((user = find_user(vb, username)) != NULL)
+        return srp_user_pwd_dup(user);
+
+    if ((vb->seed_key == NULL) ||
+        (vb->default_g == NULL) || (vb->default_N == NULL))
+        return NULL;
+
+/* if the user is unknown we set parameters as well if we have a seed_key */
+
+    if ((user = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
+
+    if (!SRP_user_pwd_set_ids(user, username, NULL))
+        goto err;
+
+    if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+        goto err;
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
+        || !EVP_DigestUpdate(ctxt, username, strlen(username))
+        || !EVP_DigestFinal_ex(ctxt, digs, NULL))
+        goto err;
+    EVP_MD_CTX_free(ctxt);
+    ctxt = NULL;
+    if (SRP_user_pwd_set_sv_BN(user,
+                               BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+                               BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+        return user;
+
+ err:
+    EVP_MD_CTX_free(ctxt);
+    SRP_user_pwd_free(user);
+    return NULL;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are in base64)
+ */
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g)
+{
+    int len;
+    char *result = NULL, *vf = NULL;
+    const BIGNUM *N_bn = NULL, *g_bn = NULL;
+    BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
+    unsigned char tmp[MAX_LEN];
+    unsigned char tmp2[MAX_LEN];
+    char *defgNid = NULL;
+    int vfsize = 0;
+
+    if ((user == NULL) ||
+        (pass == NULL) || (salt == NULL) || (verifier == NULL))
+        goto err;
+
+    if (N) {
+        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
+            goto err;
+        N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        N_bn = N_bn_alloc;
+        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
+            goto err;
+        g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        g_bn = g_bn_alloc;
+        defgNid = "*";
+    } else {
+        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
+        if (gN == NULL)
+            goto err;
+        N_bn = gN->N;
+        g_bn = gN->g;
+        defgNid = gN->id;
+    }
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
+            goto err;
+        s = BN_bin2bn(tmp2, len, NULL);
+    }
+
+    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
+        goto err;
+
+    BN_bn2bin(v, tmp);
+    vfsize = BN_num_bytes(v) * 2;
+    if (((vf = OPENSSL_malloc(vfsize)) == NULL))
+        goto err;
+    t_tob64(vf, tmp, BN_num_bytes(v));
+
+    if (*salt == NULL) {
+        char *tmp_salt;
+
+        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
+            goto err;
+        }
+        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+        *salt = tmp_salt;
+    }
+
+    *verifier = vf;
+    vf = NULL;
+    result = defgNid;
+
+ err:
+    BN_free(N_bn_alloc);
+    BN_free(g_bn_alloc);
+    OPENSSL_clear_free(vf, vfsize);
+    BN_clear_free(s);
+    BN_clear_free(v);
+    return result;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
+ */
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g)
+{
+    int result = 0;
+    BIGNUM *x = NULL;
+    BN_CTX *bn_ctx = BN_CTX_new();
+    unsigned char tmp2[MAX_LEN];
+    BIGNUM *salttmp = NULL;
+
+    if ((user == NULL) ||
+        (pass == NULL) ||
+        (salt == NULL) ||
+        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
+        goto err;
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        salttmp = *salt;
+    }
+
+    x = SRP_Calc_x(salttmp, user, pass);
+
+    *verifier = BN_new();
+    if (*verifier == NULL)
+        goto err;
+
+    if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
+        BN_clear_free(*verifier);
+        goto err;
+    }
+
+    result = 1;
+    *salt = salttmp;
+
+ err:
+    if (salt != NULL && *salt != salttmp)
+        BN_clear_free(salttmp);
+    BN_clear_free(x);
+    BN_CTX_free(bn_ctx);
+    return result;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/stack/build.info b/openssl-1.1.0h/crypto/stack/build.info
new file mode 100644
index 0000000..e587021
--- /dev/null
+++ b/openssl-1.1.0h/crypto/stack/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=stack.c
diff --git a/openssl-1.1.0h/crypto/stack/stack.c b/openssl-1.1.0h/crypto/stack/stack.c
new file mode 100644
index 0000000..43ddf30
--- /dev/null
+++ b/openssl-1.1.0h/crypto/stack/stack.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/stack.h>
+#include <openssl/objects.h>
+
+struct stack_st {
+    int num;
+    const char **data;
+    int sorted;
+    size_t num_alloc;
+    OPENSSL_sk_compfunc comp;
+};
+
+#undef MIN_NODES
+#define MIN_NODES       4
+
+#include <errno.h>
+
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
+{
+    OPENSSL_sk_compfunc old = sk->comp;
+
+    if (sk->comp != c)
+        sk->sorted = 0;
+    sk->comp = c;
+
+    return old;
+}
+
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
+{
+    OPENSSL_STACK *ret;
+
+    if (sk->num < 0)
+        return NULL;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        return NULL;
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
+        goto err;
+    memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
+    return ret;
+ err:
+    OPENSSL_sk_free(ret);
+    return NULL;
+}
+
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
+                             OPENSSL_sk_copyfunc copy_func,
+                             OPENSSL_sk_freefunc free_func)
+{
+    OPENSSL_STACK *ret;
+    int i;
+
+    if (sk->num < 0)
+        return NULL;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        return NULL;
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES;
+    ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
+    if (ret->data == NULL) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    for (i = 0; i < ret->num; ++i) {
+        if (sk->data[i] == NULL)
+            continue;
+        if ((ret->data[i] = copy_func(sk->data[i])) == NULL) {
+            while (--i >= 0)
+                if (ret->data[i] != NULL)
+                    free_func((void *)ret->data[i]);
+            OPENSSL_sk_free(ret);
+            return NULL;
+        }
+    }
+    return ret;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_null(void)
+{
+    return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
+}
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
+{
+    OPENSSL_STACK *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        goto err;
+    if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL)
+        goto err;
+    ret->comp = c;
+    ret->num_alloc = MIN_NODES;
+    return (ret);
+
+ err:
+    OPENSSL_free(ret);
+    return (NULL);
+}
+
+int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+{
+    if (st == NULL || st->num < 0 || st->num == INT_MAX) {
+        return 0;
+    }
+
+    if (st->num_alloc <= (size_t)(st->num + 1)) {
+        size_t doub_num_alloc = st->num_alloc * 2;
+        const char **tmpdata;
+
+        /* Overflow checks */
+        if (doub_num_alloc < st->num_alloc)
+            return 0;
+
+        /* Avoid overflow due to multiplication by sizeof(char *) */
+        if (doub_num_alloc > SIZE_MAX / sizeof(char *))
+            return 0;
+
+        tmpdata = OPENSSL_realloc((char *)st->data,
+                                  sizeof(char *) * doub_num_alloc);
+        if (tmpdata == NULL)
+            return 0;
+
+        st->data = tmpdata;
+        st->num_alloc = doub_num_alloc;
+    }
+    if ((loc >= st->num) || (loc < 0)) {
+        st->data[st->num] = data;
+    } else {
+        memmove(&st->data[loc + 1], &st->data[loc],
+                sizeof(st->data[0]) * (st->num - loc));
+        st->data[loc] = data;
+    }
+    st->num++;
+    st->sorted = 0;
+    return st->num;
+}
+
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
+{
+    int i;
+
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] == p)
+            return OPENSSL_sk_delete(st, i);
+    return NULL;
+}
+
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
+{
+    const char *ret;
+
+    if (st == NULL || loc < 0 || loc >= st->num)
+        return NULL;
+
+    ret = st->data[loc];
+    if (loc != st->num - 1)
+         memmove(&st->data[loc], &st->data[loc + 1],
+                 sizeof(st->data[0]) * (st->num - loc - 1));
+    st->num--;
+    return (void *)ret;
+}
+
+static int internal_find(OPENSSL_STACK *st, const void *data,
+                         int ret_val_options)
+{
+    const void *r;
+    int i;
+
+    if (st == NULL)
+        return -1;
+
+    if (st->comp == NULL) {
+        for (i = 0; i < st->num; i++)
+            if (st->data[i] == data)
+                return (i);
+        return (-1);
+    }
+    OPENSSL_sk_sort(st);
+    if (data == NULL)
+        return (-1);
+    r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
+                        ret_val_options);
+    if (r == NULL)
+        return (-1);
+    return (int)((const char **)r - st->data);
+}
+
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+}
+
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+}
+
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
+{
+    return (OPENSSL_sk_insert(st, data, st->num));
+}
+
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data)
+{
+    return (OPENSSL_sk_insert(st, data, 0));
+}
+
+void *OPENSSL_sk_shift(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return (NULL);
+    if (st->num <= 0)
+        return (NULL);
+    return (OPENSSL_sk_delete(st, 0));
+}
+
+void *OPENSSL_sk_pop(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return (NULL);
+    if (st->num <= 0)
+        return (NULL);
+    return (OPENSSL_sk_delete(st, st->num - 1));
+}
+
+void OPENSSL_sk_zero(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return;
+    if (st->num <= 0)
+        return;
+    memset(st->data, 0, sizeof(*st->data) * st->num);
+    st->num = 0;
+}
+
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
+{
+    int i;
+
+    if (st == NULL)
+        return;
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] != NULL)
+            func((char *)st->data[i]);
+    OPENSSL_sk_free(st);
+}
+
+void OPENSSL_sk_free(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return;
+    OPENSSL_free(st->data);
+    OPENSSL_free(st);
+}
+
+int OPENSSL_sk_num(const OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return -1;
+    return st->num;
+}
+
+void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    return (void *)st->data[i];
+}
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    st->data[i] = data;
+    return (void *)st->data[i];
+}
+
+void OPENSSL_sk_sort(OPENSSL_STACK *st)
+{
+    if (st && !st->sorted && st->comp != NULL) {
+        qsort(st->data, st->num, sizeof(char *), st->comp);
+        st->sorted = 1;
+    }
+}
+
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return 1;
+    return st->sorted;
+}
diff --git a/openssl-1.1.0h/crypto/threads_none.c b/openssl-1.1.0h/crypto/threads_none.c
new file mode 100644
index 0000000..72bf25b
--- /dev/null
+++ b/openssl-1.1.0h/crypto/threads_none.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int));
+    if (lock == NULL)
+        return NULL;
+
+    *(unsigned int *)lock = 1;
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    OPENSSL_assert(*(unsigned int *)lock == 1);
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    OPENSSL_assert(*(unsigned int *)lock == 1);
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    OPENSSL_assert(*(unsigned int *)lock == 1);
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) {
+    if (lock == NULL)
+        return;
+
+    *(unsigned int *)lock = 0;
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (*once != 0)
+        return 1;
+
+    init();
+    *once = 1;
+
+    return 1;
+}
+
+#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
+
+static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    static unsigned int thread_local_key = 0;
+
+    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    *key = thread_local_key++;
+
+    thread_local_storage[*key] = NULL;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return NULL;
+
+    return thread_local_storage[*key];
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key] = val;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return 0;
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *val += amount;
+    *ret  = *val;
+
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/threads_pthread.c b/openssl-1.1.0h/crypto/threads_pthread.c
new file mode 100644
index 0000000..151013e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/threads_pthread.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
+
+# ifdef PTHREAD_RWLOCK_INITIALIZER
+#  define USE_RWLOCK
+# endif
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+# ifdef USE_RWLOCK
+    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t));
+    if (lock == NULL)
+        return NULL;
+
+    if (pthread_rwlock_init(lock, NULL) != 0) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+# else
+    pthread_mutexattr_t attr;
+    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t));
+    if (lock == NULL)
+        return NULL;
+
+    pthread_mutexattr_init(&attr);
+    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
+
+    if (pthread_mutex_init(lock, &attr) != 0) {
+        pthread_mutexattr_destroy(&attr);
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    pthread_mutexattr_destroy(&attr);
+# endif
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_rdlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_wrlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_unlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_unlock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+# ifdef USE_RWLOCK
+    pthread_rwlock_destroy(lock);
+# else
+    pthread_mutex_destroy(lock);
+# endif
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (pthread_once(once, init) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    if (pthread_key_create(key, cleanup) != 0)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    return pthread_getspecific(*key);
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (pthread_setspecific(*key, val) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (pthread_key_delete(*key) != 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return pthread_self();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return pthread_equal(a, b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
+    if (__atomic_is_lock_free(sizeof(*val), val)) {
+        *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
+        return 1;
+    }
+# endif
+    if (!CRYPTO_THREAD_write_lock(lock))
+        return 0;
+
+    *val += amount;
+    *ret  = *val;
+
+    if (!CRYPTO_THREAD_unlock(lock))
+        return 0;
+
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/threads_win.c b/openssl-1.1.0h/crypto/threads_win.c
new file mode 100644
index 0000000..4e0de90
--- /dev/null
+++ b/openssl-1.1.0h/crypto/threads_win.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION));
+    if (lock == NULL)
+        return NULL;
+
+    /* 0x400 is the spin count value suggested in the documentation */
+    if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    LeaveCriticalSection(lock);
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+    DeleteCriticalSection(lock);
+    OPENSSL_free(lock);
+
+    return;
+}
+
+#  define ONCE_UNINITED     0
+#  define ONCE_ININIT       1
+#  define ONCE_DONE         2
+
+/*
+ * We don't use InitOnceExecuteOnce because that isn't available in WinXP which
+ * we still have to support.
+ */
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    LONG volatile *lock = (LONG *)once;
+    LONG result;
+
+    if (*lock == ONCE_DONE)
+        return 1;
+
+    do {
+        result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED);
+        if (result == ONCE_UNINITED) {
+            init();
+            *lock = ONCE_DONE;
+            return 1;
+        }
+    } while (result == ONCE_ININIT);
+
+    return (*lock == ONCE_DONE);
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    *key = TlsAlloc();
+    if (*key == TLS_OUT_OF_INDEXES)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    return TlsGetValue(*key);
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (TlsSetValue(*key, val) == 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (TlsFree(*key) == 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return GetCurrentThreadId();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *ret = InterlockedExchangeAdd(val, amount) + amount;
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ts/build.info b/openssl-1.1.0h/crypto/ts/build.info
new file mode 100644
index 0000000..98e633d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \
+        ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \
+        ts_asn1.c
diff --git a/openssl-1.1.0h/crypto/ts/ts_asn1.c b/openssl-1.1.0h/crypto/ts/ts_asn1.c
new file mode 100644
index 0000000..e60675a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_asn1.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ts.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include "ts_lcl.h"
+
+ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                           d2i_TS_MSG_IMPRINT, bp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                          d2i_TS_MSG_IMPRINT, fp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_REQ) = {
+        ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
+        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
+        ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
+} static_ASN1_SEQUENCE_END(TS_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
+TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
+{
+    return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
+}
+
+int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
+{
+    return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
+{
+    return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
+}
+
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
+{
+    return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_ACCURACY) = {
+        ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
+        ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
+} static_ASN1_SEQUENCE_END(TS_ACCURACY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
+
+ASN1_SEQUENCE(TS_TST_INFO) = {
+        ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT),
+        ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
+        ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
+        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
+        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
+} static_ASN1_SEQUENCE_END(TS_TST_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp,
+                           a);
+}
+
+int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp,
+                          a);
+}
+
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_STATUS_INFO) = {
+        ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
+        ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
+
+static int ts_resp_set_tst_info(TS_RESP *a)
+{
+    long status;
+
+    status = ASN1_INTEGER_get(a->status_info->status);
+
+    if (a->token) {
+        if (status != 0 && status != 1) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+            return 0;
+        }
+        TS_TST_INFO_free(a->tst_info);
+        a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
+        if (!a->tst_info) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO,
+                  TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+            return 0;
+        }
+    } else if (status == 0 || status == 1) {
+        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    TS_RESP *ts_resp = (TS_RESP *)*pval;
+    if (op == ASN1_OP_NEW_POST) {
+        ts_resp->tst_info = NULL;
+    } else if (op == ASN1_OP_FREE_POST) {
+        TS_TST_INFO_free(ts_resp->tst_info);
+    } else if (op == ASN1_OP_D2I_POST) {
+        if (ts_resp_set_tst_info(ts_resp) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
+        ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
+        ASN1_OPT(TS_RESP, token, PKCS7),
+} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
+
+TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
+{
+    return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
+}
+
+int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
+{
+    return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
+{
+    return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
+}
+
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
+{
+    return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
+        ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
+        ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
+} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+
+ASN1_SEQUENCE(ESS_CERT_ID) = {
+        ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+
+/* Getting encapsulated TS_TST_INFO object from PKCS7. */
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
+{
+    PKCS7_SIGNED *pkcs7_signed;
+    PKCS7 *enveloped;
+    ASN1_TYPE *tst_info_wrapper;
+    ASN1_OCTET_STRING *tst_info_der;
+    const unsigned char *p;
+
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+        return NULL;
+    }
+    pkcs7_signed = token->d.sign;
+    enveloped = pkcs7_signed->contents;
+    if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    tst_info_wrapper = enveloped->d.other;
+    if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+        return NULL;
+    }
+    tst_info_der = tst_info_wrapper->value.octet_string;
+    p = tst_info_der->data;
+    return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_conf.c b/openssl-1.1.0h/crypto/ts/ts_conf.c
new file mode 100644
index 0000000..f5f3934
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_conf.c
@@ -0,0 +1,468 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/ts.h>
+
+/* Macro definitions for the configuration file. */
+#define BASE_SECTION                    "tsa"
+#define ENV_DEFAULT_TSA                 "default_tsa"
+#define ENV_SERIAL                      "serial"
+#define ENV_CRYPTO_DEVICE               "crypto_device"
+#define ENV_SIGNER_CERT                 "signer_cert"
+#define ENV_CERTS                       "certs"
+#define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_SIGNER_DIGEST               "signer_digest"
+#define ENV_DEFAULT_POLICY              "default_policy"
+#define ENV_OTHER_POLICIES              "other_policies"
+#define ENV_DIGESTS                     "digests"
+#define ENV_ACCURACY                    "accuracy"
+#define ENV_ORDERING                    "ordering"
+#define ENV_TSA_NAME                    "tsa_name"
+#define ENV_ESS_CERT_ID_CHAIN           "ess_cert_id_chain"
+#define ENV_VALUE_SECS                  "secs"
+#define ENV_VALUE_MILLISECS             "millisecs"
+#define ENV_VALUE_MICROSECS             "microsecs"
+#define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits"
+#define ENV_VALUE_YES                   "yes"
+#define ENV_VALUE_NO                    "no"
+
+/* Function definitions for certificate and key loading. */
+
+X509 *TS_CONF_load_cert(const char *file)
+{
+    BIO *cert = NULL;
+    X509 *x = NULL;
+
+    if ((cert = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
+ end:
+    if (x == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
+    BIO_free(cert);
+    return x;
+}
+
+STACK_OF(X509) *TS_CONF_load_certs(const char *file)
+{
+    BIO *certs = NULL;
+    STACK_OF(X509) *othercerts = NULL;
+    STACK_OF(X509_INFO) *allcerts = NULL;
+    int i;
+
+    if ((certs = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    if ((othercerts = sk_X509_new_null()) == NULL)
+        goto end;
+
+    allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+    for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+        X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
+        if (xi->x509) {
+            sk_X509_push(othercerts, xi->x509);
+            xi->x509 = NULL;
+        }
+    }
+ end:
+    if (othercerts == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
+    sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+    BIO_free(certs);
+    return othercerts;
+}
+
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if ((key = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
+ end:
+    if (pkey == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
+    BIO_free(key);
+    return pkey;
+}
+
+/* Function definitions for handling configuration options. */
+
+static void ts_CONF_lookup_fail(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+static void ts_CONF_invalid(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
+{
+    if (!section) {
+        section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
+        if (!section)
+            ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+    }
+    return section;
+}
+
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
+    if (!serial) {
+        ts_CONF_lookup_fail(section, ENV_SERIAL);
+        goto err;
+    }
+    TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device)
+{
+    int ret = 0;
+
+    if (device == NULL)
+        device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
+
+    if (device && !TS_CONF_set_default_engine(device)) {
+        ts_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+        goto err;
+    }
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_default_engine(const char *name)
+{
+    ENGINE *e = NULL;
+    int ret = 0;
+
+    if (strcmp(name, "builtin") == 0)
+        return 1;
+
+    if ((e = ENGINE_by_id(name)) == NULL)
+        goto err;
+    if (strcmp(name, "chil") == 0)
+        ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+    if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE);
+        ERR_add_error_data(2, "engine:", name);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+#endif
+
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    X509 *cert_obj = NULL;
+
+    if (cert == NULL) {
+        cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
+        if (cert == NULL) {
+            ts_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+            goto err;
+        }
+    }
+    if ((cert_obj = TS_CONF_load_cert(cert)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    X509_free(cert_obj);
+    return ret;
+}
+
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(X509) *certs_obj = NULL;
+
+    if (certs == NULL) {
+        /* Certificate chain is optional. */
+        if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL)
+            goto end;
+    }
+    if ((certs_obj = TS_CONF_load_certs(certs)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_certs(ctx, certs_obj))
+        goto err;
+ end:
+    ret = 1;
+ err:
+    sk_X509_pop_free(certs_obj, X509_free);
+    return ret;
+}
+
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    EVP_PKEY *key_obj = NULL;
+    if (!key)
+        key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
+    if (!key) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+        goto err;
+    }
+    if ((key_obj = TS_CONF_load_key(key, pass)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_key(ctx, key_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_PKEY_free(key_obj);
+    return ret;
+}
+
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                              const char *md, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *sign_md = NULL;
+    if (md == NULL)
+        md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST);
+    if (md == NULL) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    sign_md = EVP_get_digestbyname(md);
+    if (sign_md == NULL) {
+        ts_CONF_invalid(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    ASN1_OBJECT *policy_obj = NULL;
+    if (!policy)
+        policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);
+    if (!policy) {
+        ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) {
+        ts_CONF_invalid(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    ASN1_OBJECT_free(policy_obj);
+    return ret;
+}
+
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES);
+
+    /* If no other policy is specified, that's fine. */
+    if (policies && (list = X509V3_parse_list(policies)) == NULL) {
+        ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        ASN1_OBJECT *objtmp;
+
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_policy(ctx, objtmp))
+            goto err;
+        ASN1_OBJECT_free(objtmp);
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
+
+    if (digests == NULL) {
+        ts_CONF_lookup_fail(section, ENV_DIGESTS);
+        goto err;
+    }
+    if ((list = X509V3_parse_list(digests)) == NULL) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    if (sk_CONF_VALUE_num(list) == 0) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        const EVP_MD *md;
+
+        if ((md = EVP_get_digestbyname(extval)) == NULL) {
+            ts_CONF_invalid(section, ENV_DIGESTS);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_md(ctx, md))
+            goto err;
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    int secs = 0, millis = 0, micros = 0;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+
+    if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) {
+        ts_CONF_invalid(section, ENV_ACCURACY);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
+            if (val->value)
+                secs = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
+            if (val->value)
+                millis = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
+            if (val->value)
+                micros = atoi(val->value);
+        } else {
+            ts_CONF_invalid(section, ENV_ACCURACY);
+            goto err;
+        }
+    }
+    if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
+        goto err;
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    long digits = 0;
+
+    /*
+     * If not specified, set the default value to 0, i.e. sec precision
+     */
+    if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
+                            &digits))
+        digits = 0;
+    if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
+        ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
+        goto err;
+
+    return 1;
+ err:
+    return ret;
+}
+
+static int ts_CONF_add_flag(CONF *conf, const char *section,
+                            const char *field, int flag, TS_RESP_CTX *ctx)
+{
+    const char *value = NCONF_get_string(conf, section, field);
+
+    if (value) {
+        if (strcmp(value, ENV_VALUE_YES) == 0)
+            TS_RESP_CTX_add_flags(ctx, flag);
+        else if (strcmp(value, ENV_VALUE_NO) != 0) {
+            ts_CONF_invalid(section, field);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+}
+
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+}
+
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
+                            TS_ESS_CERT_ID_CHAIN, ctx);
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_err.c b/openssl-1.1.0h/crypto/ts/ts_err.c
new file mode 100644
index 0000000..a6d73a1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_err.c
@@ -0,0 +1,144 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ts.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
+
+static ERR_STRING_DATA TS_str_functs[] = {
+    {ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"},
+    {ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"},
+    {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"},
+    {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ess_CERT_ID_new_init"},
+    {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ess_SIGNING_CERT_new_init"},
+    {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "int_ts_RESP_verify_token"},
+    {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"},
+    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
+    {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
+    {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"},
+    {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "ts_check_imprints"},
+    {ERR_FUNC(TS_F_TS_CHECK_NONCES), "ts_check_nonces"},
+    {ERR_FUNC(TS_F_TS_CHECK_POLICY), "ts_check_policy"},
+    {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "ts_check_signing_certs"},
+    {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "ts_check_status_info"},
+    {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "ts_compute_imprint"},
+    {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"},
+    {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"},
+    {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"},
+    {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
+    {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "ts_get_status_text"},
+    {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
+    {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
+    {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"},
+    {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"},
+    {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"},
+    {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "ts_RESP_create_tst_info"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),
+     "TS_RESP_CTX_add_failure_info"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),
+     "TS_RESP_CTX_set_signer_cert"},
+    {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),
+     "TS_RESP_CTX_set_status_info"},
+    {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "ts_RESP_get_policy"},
+    {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),
+     "TS_RESP_set_genTime_with_precision"},
+    {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"},
+    {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
+    {ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"},
+    {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),
+     "TS_TST_INFO_set_msg_imprint"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"},
+    {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"},
+    {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"},
+    {ERR_FUNC(TS_F_TS_VERIFY_CERT), "ts_verify_cert"},
+    {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA TS_str_reasons[] = {
+    {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
+    {ERR_REASON(TS_R_BAD_TYPE), "bad type"},
+    {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
+    {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+    {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
+    {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
+    {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"},
+    {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
+     "ess add signing cert error"},
+    {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
+     "ess signing certificate error"},
+    {ERR_REASON(TS_R_INVALID_NULL_POINTER), "invalid null pointer"},
+    {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
+     "invalid signer certificate purpose"},
+    {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"},
+    {ERR_REASON(TS_R_NONCE_MISMATCH), "nonce mismatch"},
+    {ERR_REASON(TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
+    {ERR_REASON(TS_R_NO_CONTENT), "no content"},
+    {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
+    {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
+    {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
+     "pkcs7 add signed attr error"},
+    {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
+     "pkcs7 to ts tst info failed"},
+    {ERR_REASON(TS_R_POLICY_MISMATCH), "policy mismatch"},
+    {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR), "response setup error"},
+    {ERR_REASON(TS_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"},
+    {ERR_REASON(TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
+    {ERR_REASON(TS_R_TOKEN_NOT_PRESENT), "token not present"},
+    {ERR_REASON(TS_R_TOKEN_PRESENT), "token present"},
+    {ERR_REASON(TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
+    {ERR_REASON(TS_R_TSA_UNTRUSTED), "tsa untrusted"},
+    {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR), "tst info setup error"},
+    {ERR_REASON(TS_R_TS_DATASIGN), "ts datasign"},
+    {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
+    {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"},
+    {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"},
+    {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_TS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(TS_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, TS_str_functs);
+        ERR_load_strings(0, TS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_lcl.h b/openssl-1.1.0h/crypto/ts/ts_lcl.h
new file mode 100644
index 0000000..d0c3cf8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_lcl.h
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * MessageImprint ::= SEQUENCE  {
+ *      hashAlgorithm                AlgorithmIdentifier,
+ *      hashedMessage                OCTET STRING  }
+ */
+struct TS_msg_imprint_st {
+    X509_ALGOR *hash_algo;
+    ASN1_OCTET_STRING *hashed_msg;
+};
+
+/*-
+ * TimeStampResp ::= SEQUENCE  {
+ *     status                  PKIStatusInfo,
+ *     timeStampToken          TimeStampToken     OPTIONAL }
+ */
+struct TS_resp_st {
+    TS_STATUS_INFO *status_info;
+    PKCS7 *token;
+    TS_TST_INFO *tst_info;
+};
+
+/*-
+ * TimeStampReq ::= SEQUENCE  {
+ *    version                  INTEGER  { v1(1) },
+ *    messageImprint           MessageImprint,
+ *      --a hash algorithm OID and the hash value of the data to be
+ *      --time-stamped
+ *    reqPolicy                TSAPolicyId                OPTIONAL,
+ *    nonce                    INTEGER                    OPTIONAL,
+ *    certReq                  BOOLEAN                    DEFAULT FALSE,
+ *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+ */
+struct TS_req_st {
+    ASN1_INTEGER *version;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_OBJECT *policy_id;
+    ASN1_INTEGER *nonce;
+    ASN1_BOOLEAN cert_req;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+/*-
+ * Accuracy ::= SEQUENCE {
+ *                 seconds        INTEGER           OPTIONAL,
+ *                 millis     [0] INTEGER  (1..999) OPTIONAL,
+ *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
+ */
+struct TS_accuracy_st {
+    ASN1_INTEGER *seconds;
+    ASN1_INTEGER *millis;
+    ASN1_INTEGER *micros;
+};
+
+/*-
+ * TSTInfo ::= SEQUENCE  {
+ *     version                      INTEGER  { v1(1) },
+ *     policy                       TSAPolicyId,
+ *     messageImprint               MessageImprint,
+ *       -- MUST have the same value as the similar field in
+ *       -- TimeStampReq
+ *     serialNumber                 INTEGER,
+ *      -- Time-Stamping users MUST be ready to accommodate integers
+ *      -- up to 160 bits.
+ *     genTime                      GeneralizedTime,
+ *     accuracy                     Accuracy                 OPTIONAL,
+ *     ordering                     BOOLEAN             DEFAULT FALSE,
+ *     nonce                        INTEGER                  OPTIONAL,
+ *       -- MUST be present if the similar field was present
+ *       -- in TimeStampReq.  In that case it MUST have the same value.
+ *     tsa                          [0] GeneralName          OPTIONAL,
+ *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+ */
+struct TS_tst_info_st {
+    ASN1_INTEGER *version;
+    ASN1_OBJECT *policy_id;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_INTEGER *serial;
+    ASN1_GENERALIZEDTIME *time;
+    TS_ACCURACY *accuracy;
+    ASN1_BOOLEAN ordering;
+    ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+struct TS_status_info_st {
+    ASN1_INTEGER *status;
+    STACK_OF(ASN1_UTF8STRING) *text;
+    ASN1_BIT_STRING *failure_info;
+};
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ *         issuer                   GeneralNames,
+ *         serialNumber             CertificateSerialNumber
+ *         }
+ */
+struct ESS_issuer_serial {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::=  SEQUENCE {
+ *         certHash                 Hash,
+ *         issuerSerial             IssuerSerial OPTIONAL
+ * }
+ */
+struct ESS_cert_id {
+    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::=  SEQUENCE {
+ *        certs        SEQUENCE OF ESSCertID,
+ *        policies     SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+struct ESS_signing_cert {
+    STACK_OF(ESS_CERT_ID) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+
+struct TS_resp_ctx {
+    X509 *signer_cert;
+    EVP_PKEY *signer_key;
+    const EVP_MD *signer_md;
+    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
+    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
+    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
+    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
+    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
+    unsigned clock_precision_digits; /* fraction of seconds in time stamp
+                                      * token. */
+    unsigned flags;             /* Optional info, see values above. */
+    /* Callback functions. */
+    TS_serial_cb serial_cb;
+    void *serial_cb_data;       /* User data for serial_cb. */
+    TS_time_cb time_cb;
+    void *time_cb_data;         /* User data for time_cb. */
+    TS_extension_cb extension_cb;
+    void *extension_cb_data;    /* User data for extension_cb. */
+    /* These members are used only while creating the response. */
+    TS_REQ *request;
+    TS_RESP *response;
+    TS_TST_INFO *tst_info;
+};
+
+struct TS_verify_ctx {
+    /* Set this to the union of TS_VFY_... flags you want to carry out. */
+    unsigned flags;
+    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+    X509_STORE *store;
+    STACK_OF(X509) *certs;
+    /* Must be set only with TS_VFY_POLICY. */
+    ASN1_OBJECT *policy;
+    /*
+     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
+     * algorithm from the response is used.
+     */
+    X509_ALGOR *md_alg;
+    unsigned char *imprint;
+    unsigned imprint_len;
+    /* Must be set only with TS_VFY_DATA. */
+    BIO *data;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    ASN1_INTEGER *nonce;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    GENERAL_NAME *tsa_name;
+};
diff --git a/openssl-1.1.0h/crypto/ts/ts_lib.c b/openssl-1.1.0h/crypto/ts/ts_lib.c
new file mode 100644
index 0000000..de36e0e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_lib.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+{
+    BIGNUM *num_bn;
+    int result = 0;
+    char *hex;
+
+    num_bn = BN_new();
+    if (num_bn == NULL)
+        return -1;
+    ASN1_INTEGER_to_BN(num, num_bn);
+    if ((hex = BN_bn2hex(num_bn))) {
+        result = BIO_write(bio, "0x", 2) > 0;
+        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        OPENSSL_free(hex);
+    }
+    BN_free(num_bn);
+
+    return result;
+}
+
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+{
+    char obj_txt[128];
+
+    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
+
+    return 1;
+}
+
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+{
+    int i, critical, n;
+    X509_EXTENSION *ex;
+    ASN1_OBJECT *obj;
+
+    BIO_printf(bio, "Extensions:\n");
+    n = X509v3_get_ext_count(extensions);
+    for (i = 0; i < n; i++) {
+        ex = X509v3_get_ext(extensions, i);
+        obj = X509_EXTENSION_get_object(ex);
+        if (i2a_ASN1_OBJECT(bio, obj) < 0)
+            return 0;
+        critical = X509_EXTENSION_get_critical(ex);
+        BIO_printf(bio, ":%s\n", critical ? " critical" : "");
+        if (!X509V3_EXT_print(bio, ex, 0, 4)) {
+            BIO_printf(bio, "%4s", "");
+            ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex));
+        }
+        BIO_write(bio, "\n", 1);
+    }
+
+    return 1;
+}
+
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+{
+    int i = OBJ_obj2nid(alg->algorithm);
+    return BIO_printf(bio, "Hash Algorithm: %s\n",
+                      (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+}
+
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+{
+    ASN1_OCTET_STRING *msg;
+
+    TS_X509_ALGOR_print_bio(bio, a->hash_algo);
+
+    BIO_printf(bio, "Message data:\n");
+    msg = a->hashed_msg;
+    BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg),
+                    ASN1_STRING_length(msg), 4);
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_req_print.c b/openssl-1.1.0h/crypto/ts/ts_req_print.c
new file mode 100644
index 0000000..0dedf47
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_req_print.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
+{
+    int v;
+    ASN1_OBJECT *policy_id;
+
+    if (a == NULL)
+        return 0;
+
+    v = TS_REQ_get_version(a);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Policy OID: ");
+    policy_id = TS_REQ_get_policy_id(a);
+    if (policy_id == NULL)
+        BIO_printf(bio, "unspecified\n");
+    else
+        TS_OBJ_print_bio(bio, policy_id);
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Certificate required: %s\n",
+               a->cert_req ? "yes" : "no");
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_req_utils.c b/openssl-1.1.0h/crypto/ts/ts_req_utils.c
new file mode 100644
index 0000000..2073d33
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_req_utils.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+int TS_REQ_set_version(TS_REQ *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_REQ_get_version(const TS_REQ *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
+{
+    X509_ALGOR *new_alg;
+
+    if (a->hash_algo == alg)
+        return 1;
+    new_alg = X509_ALGOR_dup(alg);
+    if (new_alg == NULL) {
+        TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_ALGOR_free(a->hash_algo);
+    a->hash_algo = new_alg;
+    return 1;
+}
+
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a)
+{
+    return a->hash_algo;
+}
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len)
+{
+    return ASN1_OCTET_STRING_set(a->hashed_msg, d, len);
+}
+
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
+{
+    return a->hashed_msg;
+}
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a)
+{
+    return a->policy_id;
+}
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a)
+{
+    return a->nonce;
+}
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req)
+{
+    a->cert_req = cert_req ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_REQ_get_cert_req(const TS_REQ *a)
+{
+    return a->cert_req ? 1 : 0;
+}
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a)
+{
+    return a->extensions;
+}
+
+void TS_REQ_ext_free(TS_REQ *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_REQ_get_ext_count(TS_REQ *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_rsp_print.c b/openssl-1.1.0h/crypto/ts/ts_rsp_print.c
new file mode 100644
index 0000000..6eb0ec8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_rsp_print.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+struct status_map_st {
+    int bit;
+    const char *text;
+};
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v);
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
+
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
+{
+    BIO_printf(bio, "Status info:\n");
+    TS_STATUS_INFO_print_bio(bio, a->status_info);
+
+    BIO_printf(bio, "\nTST info:\n");
+    if (a->tst_info != NULL)
+        TS_TST_INFO_print_bio(bio, a->tst_info);
+    else
+        BIO_printf(bio, "Not included.\n");
+
+    return 1;
+}
+
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
+{
+    static const char *status_map[] = {
+        "Granted.",
+        "Granted with modifications.",
+        "Rejected.",
+        "Waiting.",
+        "Revocation warning.",
+        "Revoked."
+    };
+    static const struct status_map_st failure_map[] = {
+        {TS_INFO_BAD_ALG,
+         "unrecognized or unsupported algorithm identifier"},
+        {TS_INFO_BAD_REQUEST,
+         "transaction not permitted or supported"},
+        {TS_INFO_BAD_DATA_FORMAT,
+         "the data submitted has the wrong format"},
+        {TS_INFO_TIME_NOT_AVAILABLE,
+         "the TSA's time source is not available"},
+        {TS_INFO_UNACCEPTED_POLICY,
+         "the requested TSA policy is not supported by the TSA"},
+        {TS_INFO_UNACCEPTED_EXTENSION,
+         "the requested extension is not supported by the TSA"},
+        {TS_INFO_ADD_INFO_NOT_AVAILABLE,
+         "the additional information requested could not be understood "
+         "or is not available"},
+        {TS_INFO_SYSTEM_FAILURE,
+         "the request cannot be handled due to system failure"},
+        {-1, NULL}
+    };
+    long status;
+    int i, lines = 0;
+
+    BIO_printf(bio, "Status: ");
+    status = ASN1_INTEGER_get(a->status);
+    if (0 <= status && status < (long)OSSL_NELEM(status_map))
+        BIO_printf(bio, "%s\n", status_map[status]);
+    else
+        BIO_printf(bio, "out of bounds\n");
+
+    BIO_printf(bio, "Status description: ");
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) {
+        if (i > 0)
+            BIO_puts(bio, "\t");
+        ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), 0);
+        BIO_puts(bio, "\n");
+    }
+    if (i == 0)
+        BIO_printf(bio, "unspecified\n");
+
+    BIO_printf(bio, "Failure info: ");
+    if (a->failure_info != NULL)
+        lines = ts_status_map_print(bio, failure_map, a->failure_info);
+    if (lines == 0)
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, "\n");
+
+    return 1;
+}
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v)
+{
+    int lines = 0;
+
+    for (; a->bit >= 0; ++a) {
+        if (ASN1_BIT_STRING_get_bit(v, a->bit)) {
+            if (++lines > 1)
+                BIO_printf(bio, ", ");
+            BIO_printf(bio, "%s", a->text);
+        }
+    }
+
+    return lines;
+}
+
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
+{
+    int v;
+
+    if (a == NULL)
+        return 0;
+
+    v = ASN1_INTEGER_get(a->version);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    BIO_printf(bio, "Policy OID: ");
+    TS_OBJ_print_bio(bio, a->policy_id);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Serial number: ");
+    if (a->serial == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->serial);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Time stamp: ");
+    ASN1_GENERALIZEDTIME_print(bio, a->time);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Accuracy: ");
+    if (a->accuracy == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        ts_ACCURACY_print_bio(bio, a->accuracy);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no");
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "TSA: ");
+    if (a->tsa == NULL)
+        BIO_printf(bio, "unspecified");
+    else {
+        STACK_OF(CONF_VALUE) *nval;
+        if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL)))
+            X509V3_EXT_val_prn(bio, nval, 0, 0);
+        sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    }
+    BIO_write(bio, "\n", 1);
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
+
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a)
+{
+    if (a->seconds != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->seconds);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " seconds, ");
+    if (a->millis != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->millis);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " millis, ");
+    if (a->micros != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->micros);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " micros");
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_rsp_sign.c b/openssl-1.1.0h/crypto/ts/ts_rsp_sign.c
new file mode 100644
index 0000000..aea7b92
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_rsp_sign.c
@@ -0,0 +1,904 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_SYS_UNIX)
+# include <sys/time.h>
+#endif
+
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_lcl.h"
+
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
+static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int ts_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy);
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int ts_RESP_sign(TS_RESP_CTX *ctx);
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs);
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int ts_TST_INFO_content_new(PKCS7 *p7);
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ASN1_GENERALIZEDTIME
+*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
+                                    unsigned);
+
+/* Default callback for response generation. */
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
+{
+    ASN1_INTEGER *serial = ASN1_INTEGER_new();
+
+    if (serial == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(serial, 1))
+        goto err;
+    return serial;
+
+ err:
+    TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Error during serial number generation.");
+    return NULL;
+}
+
+#if defined(OPENSSL_SYS_UNIX)
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    struct timeval tv;
+    if (gettimeofday(&tv, NULL) != 0) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = tv.tv_sec;
+    *usec = tv.tv_usec;
+
+    return 1;
+}
+
+#else
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    time_t t;
+    if (time(&t) == (time_t)-1) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = (long)t;
+    *usec = 0;
+
+    return 1;
+}
+
+#endif
+
+static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
+                            void *data)
+{
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Unsupported extension.");
+    TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
+    return 0;
+}
+
+/* TS_RESP_CTX management functions. */
+
+TS_RESP_CTX *TS_RESP_CTX_new()
+{
+    TS_RESP_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->signer_md = EVP_sha256();
+
+    ctx->serial_cb = def_serial_cb;
+    ctx->time_cb = def_time_cb;
+    ctx->extension_cb = def_extension_cb;
+
+    return ctx;
+}
+
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_free(ctx->signer_cert);
+    EVP_PKEY_free(ctx->signer_key);
+    sk_X509_pop_free(ctx->certs, X509_free);
+    sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(ctx->default_policy);
+    sk_EVP_MD_free(ctx->mds);   /* No EVP_MD_free method exists. */
+    ASN1_INTEGER_free(ctx->seconds);
+    ASN1_INTEGER_free(ctx->millis);
+    ASN1_INTEGER_free(ctx->micros);
+    OPENSSL_free(ctx);
+}
+
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
+{
+    if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
+        TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
+              TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+        return 0;
+    }
+    X509_free(ctx->signer_cert);
+    ctx->signer_cert = signer;
+    X509_up_ref(ctx->signer_cert);
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
+{
+    EVP_PKEY_free(ctx->signer_key);
+    ctx->signer_key = key;
+    EVP_PKEY_up_ref(ctx->signer_key);
+
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->signer_md = md;
+    return 1;
+}
+
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
+{
+    ASN1_OBJECT_free(ctx->default_policy);
+    if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL)
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
+{
+
+    sk_X509_pop_free(ctx->certs, X509_free);
+    ctx->certs = NULL;
+    if (!certs)
+        return 1;
+    if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *copy = NULL;
+
+    if (ctx->policies == NULL
+        && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if ((copy = OBJ_dup(policy)) == NULL)
+        goto err;
+    if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+    ASN1_OBJECT_free(copy);
+    return 0;
+}
+
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    if (ctx->mds == NULL
+        && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
+        goto err;
+    if (!sk_EVP_MD_push(ctx->mds, md))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+#define TS_RESP_CTX_accuracy_free(ctx)          \
+        ASN1_INTEGER_free(ctx->seconds);        \
+        ctx->seconds = NULL;                    \
+        ASN1_INTEGER_free(ctx->millis);         \
+        ctx->millis = NULL;                     \
+        ASN1_INTEGER_free(ctx->micros);         \
+        ctx->micros = NULL;
+
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros)
+{
+
+    TS_RESP_CTX_accuracy_free(ctx);
+    if (secs
+        && ((ctx->seconds = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->seconds, secs)))
+        goto err;
+    if (millis
+        && ((ctx->millis = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->millis, millis)))
+        goto err;
+    if (micros
+        && ((ctx->micros = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->micros, micros)))
+        goto err;
+
+    return 1;
+ err:
+    TS_RESP_CTX_accuracy_free(ctx);
+    TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
+{
+    ctx->serial_cb = cb;
+    ctx->serial_cb_data = data;
+}
+
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
+{
+    ctx->time_cb = cb;
+    ctx->time_cb_data = data;
+}
+
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data)
+{
+    ctx->extension_cb = cb;
+    ctx->extension_cb_data = data;
+}
+
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text)
+{
+    TS_STATUS_INFO *si = NULL;
+    ASN1_UTF8STRING *utf8_text = NULL;
+    int ret = 0;
+
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(si->status, status))
+        goto err;
+    if (text) {
+        if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
+            || !ASN1_STRING_set(utf8_text, text, strlen(text)))
+            goto err;
+        if (si->text == NULL
+            && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL)
+            goto err;
+        if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
+            goto err;
+        utf8_text = NULL;       /* Ownership is lost. */
+    }
+    if (!TS_RESP_set_status_info(ctx->response, si))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+    TS_STATUS_INFO_free(si);
+    ASN1_UTF8STRING_free(utf8_text);
+    return ret;
+}
+
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text)
+{
+    int ret = 1;
+    TS_STATUS_INFO *si = ctx->response->status_info;
+
+    if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
+        ret = TS_RESP_CTX_set_status_info(ctx, status, text);
+    }
+    return ret;
+}
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
+{
+    TS_STATUS_INFO *si = ctx->response->status_info;
+    if (si->failure_info == NULL
+        && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
+{
+    return ctx->request;
+}
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
+{
+    return ctx->tst_info;
+}
+
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned precision)
+{
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        return 0;
+    ctx->clock_precision_digits = precision;
+    return 1;
+}
+
+/* Main entry method of the response generation. */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
+{
+    ASN1_OBJECT *policy;
+    TS_RESP *response;
+    int result = 0;
+
+    ts_RESP_CTX_init(ctx);
+
+    if ((ctx->response = TS_RESP_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+    if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request format or system error.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        goto end;
+    }
+    if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
+        goto end;
+    if (!ts_RESP_check_request(ctx))
+        goto end;
+    if ((policy = ts_RESP_get_policy(ctx)) == NULL)
+        goto end;
+    if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL)
+        goto end;
+    if (!ts_RESP_process_extensions(ctx))
+        goto end;
+    if (!ts_RESP_sign(ctx))
+        goto end;
+    result = 1;
+
+ end:
+    if (!result) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+        if (ctx->response != NULL) {
+            if (TS_RESP_CTX_set_status_info_cond(ctx,
+                                                 TS_STATUS_REJECTION,
+                                                 "Error during response "
+                                                 "generation.") == 0) {
+                TS_RESP_free(ctx->response);
+                ctx->response = NULL;
+            }
+        }
+    }
+    response = ctx->response;
+    ctx->response = NULL;       /* Ownership will be returned to caller. */
+    ts_RESP_CTX_cleanup(ctx);
+    return response;
+}
+
+/* Initializes the variable part of the context. */
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx)
+{
+    ctx->request = NULL;
+    ctx->response = NULL;
+    ctx->tst_info = NULL;
+}
+
+/* Cleans up the variable part of the context. */
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+{
+    TS_REQ_free(ctx->request);
+    ctx->request = NULL;
+    TS_RESP_free(ctx->response);
+    ctx->response = NULL;
+    TS_TST_INFO_free(ctx->tst_info);
+    ctx->tst_info = NULL;
+}
+
+/* Checks the format and content of the request. */
+static int ts_RESP_check_request(TS_RESP_CTX *ctx)
+{
+    TS_REQ *request = ctx->request;
+    TS_MSG_IMPRINT *msg_imprint;
+    X509_ALGOR *md_alg;
+    int md_alg_id;
+    const ASN1_OCTET_STRING *digest;
+    const EVP_MD *md = NULL;
+    int i;
+
+    if (TS_REQ_get_version(request) != 1) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request version.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
+        return 0;
+    }
+
+    msg_imprint = request->msg_imprint;
+    md_alg = msg_imprint->hash_algo;
+    md_alg_id = OBJ_obj2nid(md_alg->algorithm);
+    for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
+        const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+        if (md_alg_id == EVP_MD_type(current_md))
+            md = current_md;
+    }
+    if (!md) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Message digest algorithm is "
+                                    "not supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+
+    if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Superfluous message digest "
+                                    "parameter.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+    digest = msg_imprint->hashed_msg;
+    if (digest->length != EVP_MD_size(md)) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad message digest.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Returns the TSA policy based on the requested and acceptable policies. */
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
+{
+    ASN1_OBJECT *requested = ctx->request->policy_id;
+    ASN1_OBJECT *policy = NULL;
+    int i;
+
+    if (ctx->default_policy == NULL) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    if (!requested || !OBJ_cmp(requested, ctx->default_policy))
+        policy = ctx->default_policy;
+
+    /* Check if the policy is acceptable. */
+    for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
+        ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
+        if (!OBJ_cmp(requested, current))
+            policy = current;
+    }
+    if (!policy) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Requested policy is not " "supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
+    }
+    return policy;
+}
+
+/* Creates the TS_TST_INFO object based on the settings of the context. */
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy)
+{
+    int result = 0;
+    TS_TST_INFO *tst_info = NULL;
+    ASN1_INTEGER *serial = NULL;
+    ASN1_GENERALIZEDTIME *asn1_time = NULL;
+    long sec, usec;
+    TS_ACCURACY *accuracy = NULL;
+    const ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa_name = NULL;
+
+    if ((tst_info = TS_TST_INFO_new()) == NULL)
+        goto end;
+    if (!TS_TST_INFO_set_version(tst_info, 1))
+        goto end;
+    if (!TS_TST_INFO_set_policy_id(tst_info, policy))
+        goto end;
+    if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
+        goto end;
+    if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL
+        || !TS_TST_INFO_set_serial(tst_info, serial))
+        goto end;
+    if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec)
+        || (asn1_time =
+            TS_RESP_set_genTime_with_precision(NULL, sec, usec,
+                                        ctx->clock_precision_digits)) == NULL
+        || !TS_TST_INFO_set_time(tst_info, asn1_time))
+        goto end;
+
+    if ((ctx->seconds || ctx->millis || ctx->micros)
+        && (accuracy = TS_ACCURACY_new()) == NULL)
+        goto end;
+    if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
+        goto end;
+    if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
+        goto end;
+    if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
+        goto end;
+    if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
+        goto end;
+
+    if ((ctx->flags & TS_ORDERING)
+        && !TS_TST_INFO_set_ordering(tst_info, 1))
+        goto end;
+
+    if ((nonce = ctx->request->nonce) != NULL
+        && !TS_TST_INFO_set_nonce(tst_info, nonce))
+        goto end;
+
+    if (ctx->flags & TS_TSA_NAME) {
+        if ((tsa_name = GENERAL_NAME_new()) == NULL)
+            goto end;
+        tsa_name->type = GEN_DIRNAME;
+        tsa_name->d.dirn =
+            X509_NAME_dup(X509_get_subject_name(ctx->signer_cert));
+        if (!tsa_name->d.dirn)
+            goto end;
+        if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
+            goto end;
+    }
+
+    result = 1;
+ end:
+    if (!result) {
+        TS_TST_INFO_free(tst_info);
+        tst_info = NULL;
+        TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during TSTInfo "
+                                         "generation.");
+    }
+    GENERAL_NAME_free(tsa_name);
+    TS_ACCURACY_free(accuracy);
+    ASN1_GENERALIZEDTIME_free(asn1_time);
+    ASN1_INTEGER_free(serial);
+
+    return tst_info;
+}
+
+/* Processing the extensions of the request. */
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
+{
+    STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
+    int i;
+    int ok = 1;
+
+    for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        /*
+         * The last argument was previously (void *)ctx->extension_cb,
+         * but ISO C doesn't permit converting a function pointer to void *.
+         * For lack of better information, I'm placing a NULL there instead.
+         * The callback can pick its own address out from the ctx anyway...
+         */
+        ok = (*ctx->extension_cb) (ctx, ext, NULL);
+    }
+
+    return ok;
+}
+
+/* Functions for signing the TS_TST_INFO structure of the context. */
+static int ts_RESP_sign(TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *certs;      /* Certificates to include in sc. */
+    ESS_SIGNING_CERT *sc = NULL;
+    ASN1_OBJECT *oid;
+    BIO *p7bio = NULL;
+    int i;
+
+    if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+    if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
+        goto err;
+
+    if (ctx->request->cert_req) {
+        PKCS7_add_certificate(p7, ctx->signer_cert);
+        if (ctx->certs) {
+            for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
+                X509 *cert = sk_X509_value(ctx->certs, i);
+                PKCS7_add_certificate(p7, cert);
+            }
+        }
+    }
+
+    if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
+                                  ctx->signer_key, ctx->signer_md)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+        goto err;
+    }
+
+    oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                    V_ASN1_OBJECT, oid)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+        goto err;
+    }
+
+    certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
+    if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
+        goto err;
+    if (!ESS_add_signing_cert(si, sc)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+        goto err;
+    }
+
+    if (!ts_TST_INFO_content_new(p7))
+        goto err;
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
+    p7 = NULL;                  /* Ownership is lost. */
+    ctx->tst_info = NULL;       /* Ownership is lost. */
+
+    ret = 1;
+ err:
+    if (!ret)
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during signature "
+                                         "generation.");
+    BIO_free_all(p7bio);
+    ESS_SIGNING_CERT_free(sc);
+    PKCS7_free(p7);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID *cid;
+    ESS_SIGNING_CERT *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_new()) == NULL)
+        goto err;
+    if (sc->cert_ids == NULL
+        && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL)
+        goto err;
+
+    if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL
+        || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+        goto err;
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+        if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL
+            || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+            goto err;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_free(sc);
+    TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(cert, -1, 0);
+    if ((cid = ESS_CERT_ID_new()) == NULL)
+        goto err;
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+    if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
+        goto err;
+
+    /* Setting the issuer/serial if requested. */
+    if (issuer_needed) {
+        if (cid->issuer_serial == NULL
+            && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        if (!(cid->issuer_serial->serial =
+              ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
+            goto err;
+    }
+
+    return cid;
+ err:
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ts_TST_INFO_content_new(PKCS7 *p7)
+{
+    PKCS7 *ret = NULL;
+    ASN1_OCTET_STRING *octet_string = NULL;
+
+    /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if ((ret->d.other = ASN1_TYPE_new()) == NULL)
+        goto err;
+    ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if ((octet_string = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
+    octet_string = NULL;
+
+    /* Add encapsulated content to signed PKCS7 structure. */
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return 1;
+ err:
+    ASN1_OCTET_STRING_free(octet_string);
+    PKCS7_free(ret);
+    return 0;
+}
+
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len;
+
+    len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = pp;
+    i2d_ESS_SIGNING_CERT(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificate,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+
+    return 0;
+}
+
+static ASN1_GENERALIZEDTIME
+*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
+                                    long sec, long usec, unsigned precision)
+{
+    time_t time_sec = (time_t)sec;
+    struct tm *tm = NULL;
+    char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
+    char *p = genTime_str;
+    char *p_end = genTime_str + sizeof(genTime_str);
+
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        goto err;
+
+    if ((tm = gmtime(&time_sec)) == NULL)
+        goto err;
+
+    /*
+     * Put "genTime_str" in GeneralizedTime format.  We work around the
+     * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST
+     * NOT include fractional seconds") and OpenSSL related functions to
+     * meet the rfc3161 requirement: "GeneralizedTime syntax can include
+     * fraction-of-second details".
+     */
+    p += BIO_snprintf(p, p_end - p,
+                      "%04d%02d%02d%02d%02d%02d",
+                      tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+                      tm->tm_hour, tm->tm_min, tm->tm_sec);
+    if (precision > 0) {
+        BIO_snprintf(p, 2 + precision, ".%06ld", usec);
+        p += strlen(p);
+
+        /*
+         * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the
+         * following restrictions for a DER-encoding, which OpenSSL
+         * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
+         * support: "The encoding MUST terminate with a "Z" (which means
+         * "Zulu" time). The decimal point element, if present, MUST be the
+         * point option ".". The fractional-seconds elements, if present,
+         * MUST omit all trailing 0's; if the elements correspond to 0, they
+         * MUST be wholly omitted, and the decimal point element also MUST be
+         * omitted."
+         */
+        /*
+         * Remove trailing zeros. The dot guarantees the exit condition of
+         * this loop even if all the digits are zero.
+         */
+        while (*--p == '0')
+             continue;
+        if (*p != '.')
+            ++p;
+    }
+    *p++ = 'Z';
+    *p++ = '\0';
+
+    if (asn1_time == NULL
+        && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
+        ASN1_GENERALIZEDTIME_free(asn1_time);
+        goto err;
+    }
+    return asn1_time;
+
+ err:
+    TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_rsp_utils.c b/openssl-1.1.0h/crypto/ts/ts_rsp_utils.c
new file mode 100644
index 0000000..3ecee39
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_rsp_utils.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_lcl.h"
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
+{
+    TS_STATUS_INFO *new_status_info;
+
+    if (a->status_info == status_info)
+        return 1;
+    new_status_info = TS_STATUS_INFO_dup(status_info);
+    if (new_status_info == NULL) {
+        TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_STATUS_INFO_free(a->status_info);
+    a->status_info = new_status_info;
+
+    return 1;
+}
+
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
+{
+    return a->status_info;
+}
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
+{
+    PKCS7_free(a->token);
+    a->token = p7;
+    TS_TST_INFO_free(a->tst_info);
+    a->tst_info = tst_info;
+}
+
+PKCS7 *TS_RESP_get_token(TS_RESP *a)
+{
+    return a->token;
+}
+
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a)
+{
+    return a->tst_info;
+}
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_TST_INFO_get_version(const TS_TST_INFO *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a)
+{
+    return a->policy_id;
+}
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *new_serial;
+
+    if (a->serial == serial)
+        return 1;
+    new_serial = ASN1_INTEGER_dup(serial);
+    if (new_serial == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->serial);
+    a->serial = new_serial;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a)
+{
+    return a->serial;
+}
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
+{
+    ASN1_GENERALIZEDTIME *new_time;
+
+    if (a->time == gtime)
+        return 1;
+    new_time = ASN1_STRING_dup(gtime);
+    if (new_time == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_GENERALIZEDTIME_free(a->time);
+    a->time = new_time;
+    return 1;
+}
+
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a)
+{
+    return a->time;
+}
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
+{
+    TS_ACCURACY *new_accuracy;
+
+    if (a->accuracy == accuracy)
+        return 1;
+    new_accuracy = TS_ACCURACY_dup(accuracy);
+    if (new_accuracy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_ACCURACY_free(a->accuracy);
+    a->accuracy = new_accuracy;
+    return 1;
+}
+
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a)
+{
+    return a->accuracy;
+}
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
+{
+    ASN1_INTEGER *new_seconds;
+
+    if (a->seconds == seconds)
+        return 1;
+    new_seconds = ASN1_INTEGER_dup(seconds);
+    if (new_seconds == NULL) {
+        TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->seconds);
+    a->seconds = new_seconds;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a)
+{
+    return a->seconds;
+}
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
+{
+    ASN1_INTEGER *new_millis = NULL;
+
+    if (a->millis == millis)
+        return 1;
+    if (millis != NULL) {
+        new_millis = ASN1_INTEGER_dup(millis);
+        if (new_millis == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MILLIS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->millis);
+    a->millis = new_millis;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a)
+{
+    return a->millis;
+}
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
+{
+    ASN1_INTEGER *new_micros = NULL;
+
+    if (a->micros == micros)
+        return 1;
+    if (micros != NULL) {
+        new_micros = ASN1_INTEGER_dup(micros);
+        if (new_micros == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->micros);
+    a->micros = new_micros;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a)
+{
+    return a->micros;
+}
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering)
+{
+    a->ordering = ordering ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a)
+{
+    return a->ordering ? 1 : 0;
+}
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a)
+{
+    return a->nonce;
+}
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
+{
+    GENERAL_NAME *new_tsa;
+
+    if (a->tsa == tsa)
+        return 1;
+    new_tsa = GENERAL_NAME_dup(tsa);
+    if (new_tsa == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    GENERAL_NAME_free(a->tsa);
+    a->tsa = new_tsa;
+    return 1;
+}
+
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a)
+{
+    return a->tsa;
+}
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a)
+{
+    return a->extensions;
+}
+
+void TS_TST_INFO_ext_free(TS_TST_INFO *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i)
+{
+    return ASN1_INTEGER_set(a->status, i);
+}
+
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)
+{
+    return a->status;
+}
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)
+{
+    return a->text;
+}
+
+const ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)
+{
+    return a->failure_info;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_rsp_verify.c b/openssl-1.1.0h/crypto/ts/ts_rsp_verify.c
new file mode 100644
index 0000000..2755dd0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_rsp_verify.c
@@ -0,0 +1,635 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_lcl.h"
+
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info);
+static int ts_check_status_info(TS_RESP *response);
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info);
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len);
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
+                        GENERAL_NAME *name);
+
+/*
+ * This must be large enough to hold all values in ts_status_text (with
+ * comma separator) or all text fields in ts_failure_info (also with comma).
+ */
+#define TS_STATUS_BUF_SIZE      256
+
+/*
+ * Local mapping between response codes and descriptions.
+ */
+static const char *ts_status_text[] = {
+    "granted",
+    "grantedWithMods",
+    "rejection",
+    "waiting",
+    "revocationWarning",
+    "revocationNotification"
+};
+
+#define TS_STATUS_TEXT_SIZE     OSSL_NELEM(ts_status_text)
+
+static struct {
+    int code;
+    const char *text;
+} ts_failure_info[] = {
+    {TS_INFO_BAD_ALG, "badAlg"},
+    {TS_INFO_BAD_REQUEST, "badRequest"},
+    {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
+    {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
+    {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
+    {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
+    {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
+    {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
+};
+
+
+/*-
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+{
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *signers = NULL;
+    X509 *signer;
+    STACK_OF(X509) *chain = NULL;
+    char buf[4096];
+    int i, j = 0, ret = 0;
+    BIO *p7bio = NULL;
+
+    /* Some sanity checks first. */
+    if (!token) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+        goto err;
+    }
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+        goto err;
+    }
+    sinfos = PKCS7_get_signer_info(token);
+    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
+        goto err;
+    }
+    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+        goto err;
+    }
+
+    /*
+     * Get hold of the signer certificate, search only internal certificates
+     * if it was requested.
+     */
+    signers = PKCS7_get0_signers(token, certs, 0);
+    if (!signers || sk_X509_num(signers) != 1)
+        goto err;
+    signer = sk_X509_value(signers, 0);
+
+    if (!ts_verify_cert(store, certs, signer, &chain))
+        goto err;
+    if (!ts_check_signing_certs(si, chain))
+        goto err;
+    p7bio = PKCS7_dataInit(token, NULL);
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
+        continue;
+
+    j = PKCS7_signatureVerify(p7bio, token, si, signer);
+    if (j <= 0) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+        goto err;
+    }
+
+    if (signer_out) {
+        *signer_out = signer;
+        X509_up_ref(signer);
+    }
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+    sk_X509_pop_free(chain, X509_free);
+    sk_X509_free(signers);
+
+    return ret;
+}
+
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *cert_ctx = NULL;
+    int i;
+    int ret = 0;
+
+    *chain = NULL;
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL) {
+        TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
+        goto end;
+    X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+    i = X509_verify_cert(cert_ctx);
+    if (i <= 0) {
+        int j = X509_STORE_CTX_get_error(cert_ctx);
+        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    *chain = X509_STORE_CTX_get1_chain(cert_ctx);
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+
+end:
+    X509_STORE_CTX_free(cert_ctx);
+    return ret;
+}
+
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain)
+{
+    ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
+    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    X509 *cert;
+    int i = 0;
+    int ret = 0;
+
+    if (!ss)
+        goto err;
+    cert_ids = ss->cert_ids;
+    cert = sk_X509_value(chain, 0);
+    if (ts_find_cert(cert_ids, cert) != 0)
+        goto err;
+
+    /*
+     * Check the other certificates of the chain if there are more than one
+     * certificate ids in cert_ids.
+     */
+    if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+        for (i = 1; i < sk_X509_num(chain); ++i) {
+            cert = sk_X509_value(chain, i);
+            if (ts_find_cert(cert_ids, cert) < 0)
+                goto err;
+        }
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
+              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+    ESS_SIGNING_CERT_free(ss);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+    if (!attr)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    if (!cert_ids || !cert)
+        return -1;
+
+    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+
+    /* Recompute SHA1 hash of certificate if necessary (side effect). */
+    X509_check_purpose(cert, -1, 0);
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
+        ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+
+        if (cid->hash->length == SHA_DIGEST_LENGTH
+            && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+            if (!is || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
+{
+    GENERAL_NAME *issuer;
+
+    if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1)
+        return -1;
+
+    issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+    if (issuer->type != GEN_DIRNAME
+        || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
+        return -1;
+
+    if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
+        return -1;
+
+    return 0;
+}
+
+/*-
+ * Verifies whether 'response' contains a valid response with regards
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+{
+    PKCS7 *token = response->token;
+    TS_TST_INFO *tst_info = response->tst_info;
+    int ret = 0;
+
+    if (!ts_check_status_info(response))
+        goto err;
+    if (!int_ts_RESP_verify_token(ctx, token, tst_info))
+        goto err;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+{
+    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+    int ret = 0;
+    if (tst_info) {
+        ret = int_ts_RESP_verify_token(ctx, token, tst_info);
+        TS_TST_INFO_free(tst_info);
+    }
+    return ret;
+}
+
+/*-
+ * Verifies whether the 'token' contains a valid time stamp token
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info)
+{
+    X509 *signer = NULL;
+    GENERAL_NAME *tsa_name = tst_info->tsa;
+    X509_ALGOR *md_alg = NULL;
+    unsigned char *imprint = NULL;
+    unsigned imprint_len = 0;
+    int ret = 0;
+    int flags = ctx->flags;
+
+    /* Some options require us to also check the signature */
+    if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
+            || (flags & TS_VFY_TSA_NAME)) {
+        flags |= TS_VFY_SIGNATURE;
+    }
+
+    if ((flags & TS_VFY_SIGNATURE)
+        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
+        goto err;
+    if ((flags & TS_VFY_VERSION)
+        && TS_TST_INFO_get_version(tst_info) != 1) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+    if ((flags & TS_VFY_POLICY)
+        && !ts_check_policy(ctx->policy, tst_info))
+        goto err;
+    if ((flags & TS_VFY_IMPRINT)
+        && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                              tst_info))
+        goto err;
+    if ((flags & TS_VFY_DATA)
+        && (!ts_compute_imprint(ctx->data, tst_info,
+                                &md_alg, &imprint, &imprint_len)
+            || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+        goto err;
+    if ((flags & TS_VFY_NONCE)
+        && !ts_check_nonces(ctx->nonce, tst_info))
+        goto err;
+    if ((flags & TS_VFY_SIGNER)
+        && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+        goto err;
+    }
+    if ((flags & TS_VFY_TSA_NAME)
+        && !ts_check_signer_name(ctx->tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+        goto err;
+    }
+    ret = 1;
+
+ err:
+    X509_free(signer);
+    X509_ALGOR_free(md_alg);
+    OPENSSL_free(imprint);
+    return ret;
+}
+
+static int ts_check_status_info(TS_RESP *response)
+{
+    TS_STATUS_INFO *info = response->status_info;
+    long status = ASN1_INTEGER_get(info->status);
+    const char *status_text = NULL;
+    char *embedded_status_text = NULL;
+    char failure_text[TS_STATUS_BUF_SIZE] = "";
+
+    if (status == 0 || status == 1)
+        return 1;
+
+    /* There was an error, get the description in status_text. */
+    if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
+        status_text = ts_status_text[status];
+    else
+        status_text = "unknown code";
+
+    if (sk_ASN1_UTF8STRING_num(info->text) > 0
+        && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
+        return 0;
+
+    /* Fill in failure_text with the failure information. */
+    if (info->failure_info) {
+        int i;
+        int first = 1;
+        for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
+            if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                        ts_failure_info[i].code)) {
+                if (!first)
+                    strcat(failure_text, ",");
+                else
+                    first = 0;
+                strcat(failure_text, ts_failure_info[i].text);
+            }
+        }
+    }
+    if (failure_text[0] == '\0')
+        strcpy(failure_text, "unspecified");
+
+    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+    ERR_add_error_data(6,
+                       "status code: ", status_text,
+                       ", status text: ", embedded_status_text ?
+                       embedded_status_text : "unspecified",
+                       ", failure codes: ", failure_text);
+    OPENSSL_free(embedded_status_text);
+
+    return 0;
+}
+
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+{
+    int i;
+    int length = 0;
+    char *result = NULL;
+    char *p;
+
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)
+            return NULL;
+        length += ASN1_STRING_length(current);
+        length += 1;            /* separator character */
+    }
+    if ((result = OPENSSL_malloc(length)) == NULL) {
+        TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        length = ASN1_STRING_length(current);
+        if (i > 0)
+            *p++ = '/';
+        strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
+        p += length;
+    }
+    *p = '\0';
+
+    return result;
+}
+
+static int ts_check_policy(const ASN1_OBJECT *req_oid, 
+                           const TS_TST_INFO *tst_info)
+{
+    const ASN1_OBJECT *resp_oid = tst_info->policy_id;
+
+    if (OBJ_cmp(req_oid, resp_oid) != 0) {
+        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len)
+{
+    TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
+    X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx = NULL;
+    unsigned char buffer[4096];
+    int length;
+
+    *md_alg = NULL;
+    *imprint = NULL;
+
+    if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
+        goto err;
+    if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+        goto err;
+    }
+    length = EVP_MD_size(md);
+    if (length < 0)
+        goto err;
+    *imprint_len = length;
+    if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EVP_DigestInit(md_ctx, md))
+        goto err;
+    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
+        if (!EVP_DigestUpdate(md_ctx, buffer, length))
+            goto err;
+    }
+    if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
+        goto err;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    X509_ALGOR_free(*md_alg);
+    OPENSSL_free(*imprint);
+    *imprint_len = 0;
+    *imprint = 0;
+    return 0;
+}
+
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+{
+    TS_MSG_IMPRINT *b = tst_info->msg_imprint;
+    X509_ALGOR *algor_b = b->hash_algo;
+    int ret = 0;
+
+    if (algor_a) {
+        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
+            goto err;
+
+        /* The parameter must be NULL in both. */
+        if ((algor_a->parameter
+             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+            || (algor_b->parameter
+                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+            goto err;
+    }
+
+    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
+        memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+    return ret;
+}
+
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+{
+    const ASN1_INTEGER *b = tst_info->nonce;
+
+    if (!b) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+        return 0;
+    }
+
+    /* No error if a nonce is returned without being requested. */
+    if (ASN1_INTEGER_cmp(a, b) != 0) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Check if the specified TSA name matches either the subject or one of the
+ * subject alternative names of the TSA certificate.
+ */
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+{
+    STACK_OF(GENERAL_NAME) *gen_names = NULL;
+    int idx = -1;
+    int found = 0;
+
+    if (tsa_name->type == GEN_DIRNAME
+        && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
+        return 1;
+    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    while (gen_names != NULL) {
+        found = ts_find_name(gen_names, tsa_name) >= 0;
+        if (found)
+            break;
+        /*
+         * Get the next subject alternative name, although there should be no
+         * more than one.
+         */
+        GENERAL_NAMES_free(gen_names);
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    }
+    GENERAL_NAMES_free(gen_names);
+
+    return found;
+}
+
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+{
+    int i, found;
+    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
+        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+        found = GENERAL_NAME_cmp(current, name) == 0;
+    }
+    return found ? i - 1 : -1;
+}
diff --git a/openssl-1.1.0h/crypto/ts/ts_verify_ctx.c b/openssl-1.1.0h/crypto/ts/ts_verify_ctx.c
new file mode 100644
index 0000000..d4792ee
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ts/ts_verify_ctx.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include "ts_lcl.h"
+
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
+{
+    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+    return ctx;
+}
+
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
+{
+    OPENSSL_assert(ctx != NULL);
+    memset(ctx, 0, sizeof(*ctx));
+}
+
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    TS_VERIFY_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags |= f;
+    return ctx->flags;
+}
+
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags = f;
+    return ctx->flags;
+}
+
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
+{
+    ctx->data = b;
+    return ctx->data;
+}
+
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
+{
+    ctx->store = s;
+    return ctx->store;
+}
+
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                        STACK_OF(X509) *certs)
+{
+    ctx->certs = certs;
+    return ctx->certs;
+}
+
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len)
+{
+    ctx->imprint = hexstr;
+    ctx->imprint_len = len;
+    return ctx->imprint;
+}
+
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_STORE_free(ctx->store);
+    sk_X509_pop_free(ctx->certs, X509_free);
+
+    ASN1_OBJECT_free(ctx->policy);
+
+    X509_ALGOR_free(ctx->md_alg);
+    OPENSSL_free(ctx->imprint);
+
+    BIO_free_all(ctx->data);
+
+    ASN1_INTEGER_free(ctx->nonce);
+
+    GENERAL_NAME_free(ctx->tsa_name);
+
+    TS_VERIFY_CTX_init(ctx);
+}
+
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
+{
+    TS_VERIFY_CTX *ret = ctx;
+    ASN1_OBJECT *policy;
+    TS_MSG_IMPRINT *imprint;
+    X509_ALGOR *md_alg;
+    ASN1_OCTET_STRING *msg;
+    const ASN1_INTEGER *nonce;
+
+    OPENSSL_assert(req != NULL);
+    if (ret)
+        TS_VERIFY_CTX_cleanup(ret);
+    else if ((ret = TS_VERIFY_CTX_new()) == NULL)
+        return NULL;
+
+    ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
+
+    if ((policy = req->policy_id) != NULL) {
+        if ((ret->policy = OBJ_dup(policy)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_POLICY;
+
+    imprint = req->msg_imprint;
+    md_alg = imprint->hash_algo;
+    if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
+        goto err;
+    msg = imprint->hashed_msg;
+    ret->imprint_len = ASN1_STRING_length(msg);
+    if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
+        goto err;
+    memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
+
+    if ((nonce = req->nonce) != NULL) {
+        if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_NONCE;
+
+    return ret;
+ err:
+    if (ctx)
+        TS_VERIFY_CTX_cleanup(ctx);
+    else
+        TS_VERIFY_CTX_free(ret);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/txt_db/build.info b/openssl-1.1.0h/crypto/txt_db/build.info
new file mode 100644
index 0000000..4379d5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/txt_db/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=txt_db.c
diff --git a/openssl-1.1.0h/crypto/txt_db/txt_db.c b/openssl-1.1.0h/crypto/txt_db/txt_db.c
new file mode 100644
index 0000000..cf932a5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/txt_db/txt_db.c
@@ -0,0 +1,318 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
+
+#undef BUFSIZE
+#define BUFSIZE 512
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+{
+    TXT_DB *ret = NULL;
+    int esc = 0;
+    long ln = 0;
+    int i, add, n;
+    int size = BUFSIZE;
+    int offset = 0;
+    char *p, *f;
+    OPENSSL_STRING *pp;
+    BUF_MEM *buf = NULL;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    if (!BUF_MEM_grow(buf, size))
+        goto err;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        goto err;
+    ret->num_fields = num;
+    ret->index = NULL;
+    ret->qual = NULL;
+    if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
+        goto err;
+    if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL)
+        goto err;
+    if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        ret->index[i] = NULL;
+        ret->qual[i] = NULL;
+    }
+
+    add = (num + 1) * sizeof(char *);
+    buf->data[size - 1] = '\0';
+    offset = 0;
+    for (;;) {
+        if (offset != 0) {
+            size += BUFSIZE;
+            if (!BUF_MEM_grow_clean(buf, size))
+                goto err;
+        }
+        buf->data[offset] = '\0';
+        BIO_gets(in, &(buf->data[offset]), size - offset);
+        ln++;
+        if (buf->data[offset] == '\0')
+            break;
+        if ((offset == 0) && (buf->data[0] == '#'))
+            continue;
+        i = strlen(&(buf->data[offset]));
+        offset += i;
+        if (buf->data[offset - 1] != '\n')
+            continue;
+        else {
+            buf->data[offset - 1] = '\0'; /* blat the '\n' */
+            if ((p = OPENSSL_malloc(add + offset)) == NULL)
+                goto err;
+            offset = 0;
+        }
+        pp = (char **)p;
+        p += add;
+        n = 0;
+        pp[n++] = p;
+        i = 0;
+        f = buf->data;
+
+        esc = 0;
+        for (;;) {
+            if (*f == '\0')
+                break;
+            if (*f == '\t') {
+                if (esc)
+                    p--;
+                else {
+                    *(p++) = '\0';
+                    f++;
+                    if (n >= num)
+                        break;
+                    pp[n++] = p;
+                    continue;
+                }
+            }
+            esc = (*f == '\\');
+            *(p++) = *(f++);
+        }
+        *(p++) = '\0';
+        if ((n != num) || (*f != '\0')) {
+            OPENSSL_free(pp);
+            ret->error = DB_ERROR_WRONG_NUM_FIELDS;
+            goto err;
+        }
+        pp[n] = p;
+        if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) {
+            OPENSSL_free(pp);
+            goto err;
+        }
+    }
+    BUF_MEM_free(buf);
+    return ret;
+ err:
+    BUF_MEM_free(buf);
+    if (ret != NULL) {
+        sk_OPENSSL_PSTRING_free(ret->data);
+        OPENSSL_free(ret->index);
+        OPENSSL_free(ret->qual);
+        OPENSSL_free(ret);
+    }
+    return (NULL);
+}
+
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value)
+{
+    OPENSSL_STRING *ret;
+    LHASH_OF(OPENSSL_STRING) *lh;
+
+    if (idx >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return (NULL);
+    }
+    lh = db->index[idx];
+    if (lh == NULL) {
+        db->error = DB_ERROR_NO_INDEX;
+        return (NULL);
+    }
+    ret = lh_OPENSSL_STRING_retrieve(lh, value);
+    db->error = DB_ERROR_OK;
+    return (ret);
+}
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
+{
+    LHASH_OF(OPENSSL_STRING) *idx;
+    OPENSSL_STRING *r, *k;
+    int i, n;
+
+    if (field >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return (0);
+    }
+    /* FIXME: we lose type checking at this point */
+    if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
+        db->error = DB_ERROR_MALLOC;
+        return (0);
+    }
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    for (i = 0; i < n; i++) {
+        r = sk_OPENSSL_PSTRING_value(db->data, i);
+        if ((qual != NULL) && (qual(r) == 0))
+            continue;
+        if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) {
+            db->error = DB_ERROR_INDEX_CLASH;
+            db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
+            db->arg2 = i;
+            lh_OPENSSL_STRING_free(idx);
+            return (0);
+        }
+        if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
+            db->error = DB_ERROR_MALLOC;
+            lh_OPENSSL_STRING_free(idx);
+            return (0);
+        }
+    }
+    lh_OPENSSL_STRING_free(db->index[field]);
+    db->index[field] = idx;
+    db->qual[field] = qual;
+    return (1);
+}
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+{
+    long i, j, n, nn, l, tot = 0;
+    char *p, **pp, *f;
+    BUF_MEM *buf = NULL;
+    long ret = -1;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    nn = db->num_fields;
+    for (i = 0; i < n; i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->data, i);
+
+        l = 0;
+        for (j = 0; j < nn; j++) {
+            if (pp[j] != NULL)
+                l += strlen(pp[j]);
+        }
+        if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
+            goto err;
+
+        p = buf->data;
+        for (j = 0; j < nn; j++) {
+            f = pp[j];
+            if (f != NULL)
+                for (;;) {
+                    if (*f == '\0')
+                        break;
+                    if (*f == '\t')
+                        *(p++) = '\\';
+                    *(p++) = *(f++);
+                }
+            *(p++) = '\t';
+        }
+        p[-1] = '\n';
+        j = p - buf->data;
+        if (BIO_write(out, buf->data, (int)j) != j)
+            goto err;
+        tot += j;
+    }
+    ret = tot;
+ err:
+    BUF_MEM_free(buf);
+    return (ret);
+}
+
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
+{
+    int i;
+    OPENSSL_STRING *r;
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            r = lh_OPENSSL_STRING_retrieve(db->index[i], row);
+            if (r != NULL) {
+                db->error = DB_ERROR_INDEX_CLASH;
+                db->arg1 = i;
+                db->arg_row = r;
+                goto err;
+            }
+        }
+    }
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_insert(db->index[i], row);
+            if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL)
+                goto err1;
+        }
+    }
+    if (!sk_OPENSSL_PSTRING_push(db->data, row))
+        goto err1;
+    return (1);
+
+ err1:
+    db->error = DB_ERROR_MALLOC;
+    while (i-- > 0) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_delete(db->index[i], row);
+        }
+    }
+ err:
+    return (0);
+}
+
+void TXT_DB_free(TXT_DB *db)
+{
+    int i, n;
+    char **p, *max;
+
+    if (db == NULL)
+        return;
+
+    if (db->index != NULL) {
+        for (i = db->num_fields - 1; i >= 0; i--)
+            lh_OPENSSL_STRING_free(db->index[i]);
+        OPENSSL_free(db->index);
+    }
+    OPENSSL_free(db->qual);
+    if (db->data != NULL) {
+        for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) {
+            /*
+             * check if any 'fields' have been allocated from outside of the
+             * initial block
+             */
+            p = sk_OPENSSL_PSTRING_value(db->data, i);
+            max = p[db->num_fields]; /* last address */
+            if (max == NULL) {  /* new row */
+                for (n = 0; n < db->num_fields; n++)
+                    OPENSSL_free(p[n]);
+            } else {
+                for (n = 0; n < db->num_fields; n++) {
+                    if (((p[n] < (char *)p) || (p[n] > max)))
+                        OPENSSL_free(p[n]);
+                }
+            }
+            OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data, i));
+        }
+        sk_OPENSSL_PSTRING_free(db->data);
+    }
+    OPENSSL_free(db);
+}
diff --git a/openssl-1.1.0h/crypto/ui/build.info b/openssl-1.1.0h/crypto/ui/build.info
new file mode 100644
index 0000000..fcb45af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/build.info
@@ -0,0 +1,3 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        ui_err.c ui_lib.c ui_openssl.c ui_util.c
diff --git a/openssl-1.1.0h/crypto/ui/ui_err.c b/openssl-1.1.0h/crypto/ui/ui_err.c
new file mode 100644
index 0000000..c8640fe
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/ui_err.c
@@ -0,0 +1,72 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
+
+static ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_FUNC(UI_F_CLOSE_CONSOLE), "close_console"},
+    {ERR_FUNC(UI_F_ECHO_CONSOLE), "echo_console"},
+    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "general_allocate_boolean"},
+    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "general_allocate_prompt"},
+    {ERR_FUNC(UI_F_NOECHO_CONSOLE), "noecho_console"},
+    {ERR_FUNC(UI_F_OPEN_CONSOLE), "open_console"},
+    {ERR_FUNC(UI_F_UI_CREATE_METHOD), "UI_create_method"},
+    {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
+    {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
+    {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
+    {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
+    {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
+    {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
+    {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
+    {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
+    {ERR_FUNC(UI_F_UI_PROCESS), "UI_process"},
+    {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+     "common ok and cancel characters"},
+    {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_REASON(UI_R_PROCESSING_ERROR), "processing error"},
+    {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_REASON(UI_R_SYSASSIGN_ERROR), "sys$assign error"},
+    {ERR_REASON(UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
+    {ERR_REASON(UI_R_SYSQIOW_ERROR), "sys$qiow error"},
+    {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"},
+    {ERR_REASON(UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
+     "unknown ttyget errno value"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_UI_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, UI_str_functs);
+        ERR_load_strings(0, UI_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/ui/ui_lib.c b/openssl-1.1.0h/crypto/ui/ui_lib.c
new file mode 100644
index 0000000..464dac4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/ui_lib.c
@@ -0,0 +1,812 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+
+UI *UI_new(void)
+{
+    return (UI_new_method(NULL));
+}
+
+UI *UI_new_method(const UI_METHOD *method)
+{
+    UI *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if (method == NULL)
+        ret->meth = UI_get_default_method();
+    else
+        ret->meth = method;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static void free_string(UI_STRING *uis)
+{
+    if (uis->flags & OUT_STRING_FREEABLE) {
+        OPENSSL_free((char *)uis->out_string);
+        switch (uis->type) {
+        case UIT_BOOLEAN:
+            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+            break;
+        default:
+            break;
+        }
+    }
+    OPENSSL_free(uis);
+}
+
+void UI_free(UI *ui)
+{
+    if (ui == NULL)
+        return;
+    sk_UI_STRING_pop_free(ui->strings, free_string);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    CRYPTO_THREAD_lock_free(ui->lock);
+    OPENSSL_free(ui);
+}
+
+static int allocate_string_stack(UI *ui)
+{
+    if (ui->strings == NULL) {
+        ui->strings = sk_UI_STRING_new_null();
+        if (ui->strings == NULL) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+                                          int prompt_freeable,
+                                          enum UI_string_types type,
+                                          int input_flags, char *result_buf)
+{
+    UI_STRING *ret = NULL;
+
+    if (prompt == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                || type == UIT_BOOLEAN) && result_buf == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+    } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) {
+        ret->out_string = prompt;
+        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+        ret->input_flags = input_flags;
+        ret->type = type;
+        ret->result_buf = result_buf;
+    }
+    return ret;
+}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+                                   int prompt_freeable,
+                                   enum UI_string_types type, int input_flags,
+                                   char *result_buf, int minsize, int maxsize,
+                                   const char *test_buf)
+{
+    int ret = -1;
+    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                           type, input_flags, result_buf);
+
+    if (s != NULL) {
+        if (allocate_string_stack(ui) >= 0) {
+            s->_.string_data.result_minsize = minsize;
+            s->_.string_data.result_maxsize = maxsize;
+            s->_.string_data.test_buf = test_buf;
+            ret = sk_UI_STRING_push(ui->strings, s);
+            /* sk_push() returns 0 on error.  Let's adapt that */
+            if (ret <= 0) {
+                ret--;
+                free_string(s);
+            }
+        } else
+            free_string(s);
+    }
+    return ret;
+}
+
+static int general_allocate_boolean(UI *ui,
+                                    const char *prompt,
+                                    const char *action_desc,
+                                    const char *ok_chars,
+                                    const char *cancel_chars,
+                                    int prompt_freeable,
+                                    enum UI_string_types type,
+                                    int input_flags, char *result_buf)
+{
+    int ret = -1;
+    UI_STRING *s;
+    const char *p;
+
+    if (ok_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else if (cancel_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else {
+        for (p = ok_chars; *p != '\0'; p++) {
+            if (strchr(cancel_chars, *p) != NULL) {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+            }
+        }
+
+        s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                    type, input_flags, result_buf);
+
+        if (s != NULL) {
+            if (allocate_string_stack(ui) >= 0) {
+                s->_.boolean_data.action_desc = action_desc;
+                s->_.boolean_data.ok_chars = ok_chars;
+                s->_.boolean_data.cancel_chars = cancel_chars;
+                ret = sk_UI_STRING_push(ui->strings, s);
+                /*
+                 * sk_push() returns 0 on error. Let's adapt that
+                 */
+                if (ret <= 0) {
+                    ret--;
+                    free_string(s);
+                }
+            } else
+                free_string(s);
+        }
+    }
+    return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error.  Uses a
+ * direct reference to the prompt.
+ */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    return general_allocate_boolean(ui, prompt, action_desc,
+                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+                                    flags, result_buf);
+}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    char *prompt_copy = NULL;
+    char *action_desc_copy = NULL;
+    char *ok_chars_copy = NULL;
+    char *cancel_chars_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (action_desc != NULL) {
+        action_desc_copy = OPENSSL_strdup(action_desc);
+        if (action_desc_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (ok_chars != NULL) {
+        ok_chars_copy = OPENSSL_strdup(ok_chars);
+        if (ok_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (cancel_chars != NULL) {
+        cancel_chars_copy = OPENSSL_strdup(cancel_chars);
+        if (cancel_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                    ok_chars_copy, cancel_chars_copy, 1,
+                                    UIT_BOOLEAN, flags, result_buf);
+ err:
+    OPENSSL_free(prompt_copy);
+    OPENSSL_free(action_desc_copy);
+    OPENSSL_free(ok_chars_copy);
+    OPENSSL_free(cancel_chars_copy);
+    return -1;
+}
+
+int UI_add_info_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_info_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                   0, 0, NULL);
+}
+
+int UI_add_error_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_error_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                   0, 0, NULL);
+}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+                          const char *object_name)
+{
+    char *prompt = NULL;
+
+    if (ui->meth->ui_construct_prompt != NULL)
+        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+    else {
+        char prompt1[] = "Enter ";
+        char prompt2[] = " for ";
+        char prompt3[] = ":";
+        int len = 0;
+
+        if (object_desc == NULL)
+            return NULL;
+        len = sizeof(prompt1) - 1 + strlen(object_desc);
+        if (object_name != NULL)
+            len += sizeof(prompt2) - 1 + strlen(object_name);
+        len += sizeof(prompt3) - 1;
+
+        prompt = OPENSSL_malloc(len + 1);
+        if (prompt == NULL)
+            return NULL;
+        OPENSSL_strlcpy(prompt, prompt1, len + 1);
+        OPENSSL_strlcat(prompt, object_desc, len + 1);
+        if (object_name != NULL) {
+            OPENSSL_strlcat(prompt, prompt2, len + 1);
+            OPENSSL_strlcat(prompt, object_name, len + 1);
+        }
+        OPENSSL_strlcat(prompt, prompt3, len + 1);
+    }
+    return prompt;
+}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+{
+    void *old_data = ui->user_data;
+    ui->user_data = user_data;
+    return old_data;
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+    return ui->user_data;
+}
+
+const char *UI_get0_result(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+        return NULL;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+        return NULL;
+    }
+    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
+
+static int print_error(const char *str, size_t len, UI *ui)
+{
+    UI_STRING uis;
+
+    memset(&uis, 0, sizeof(uis));
+    uis.type = UIT_ERROR;
+    uis.out_string = str;
+
+    if (ui->meth->ui_write_string != NULL
+        && ui->meth->ui_write_string(ui, &uis) <= 0)
+        return -1;
+    return 0;
+}
+
+int UI_process(UI *ui)
+{
+    int i, ok = 0;
+    const char *state = "processing";
+
+    if (ui->meth->ui_open_session != NULL
+        && ui->meth->ui_open_session(ui) <= 0) {
+        state = "opening session";
+        ok = -1;
+        goto err;
+    }
+
+    if (ui->flags & UI_FLAG_PRINT_ERRORS)
+        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+                            print_error, (void *)ui);
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_write_string != NULL
+            && (ui->meth->ui_write_string(ui,
+                                          sk_UI_STRING_value(ui->strings, i))
+                <= 0))
+        {
+            state = "writing strings";
+            ok = -1;
+            goto err;
+        }
+    }
+
+    if (ui->meth->ui_flush != NULL)
+        switch (ui->meth->ui_flush(ui)) {
+        case -1:               /* Interrupt/Cancel/something... */
+            ok = -2;
+            goto err;
+        case 0:                /* Errors */
+            state = "flushing";
+            ok = -1;
+            goto err;
+        default:               /* Success */
+            ok = 0;
+            break;
+        }
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_read_string != NULL) {
+            switch (ui->meth->ui_read_string(ui,
+                                             sk_UI_STRING_value(ui->strings,
+                                                                i))) {
+            case -1:           /* Interrupt/Cancel/something... */
+                ok = -2;
+                goto err;
+            case 0:            /* Errors */
+                state = "reading strings";
+                ok = -1;
+                goto err;
+            default:           /* Success */
+                ok = 0;
+                break;
+            }
+        }
+    }
+
+    state = NULL;
+ err:
+    if (ui->meth->ui_close_session != NULL
+        && ui->meth->ui_close_session(ui) <= 0) {
+        if (state == NULL)
+            state = "closing session";
+        ok = -1;
+    }
+
+    if (ok == -1) {
+        UIerr(UI_F_UI_PROCESS, UI_R_PROCESSING_ERROR);
+        ERR_add_error_data(2, "while ", state);
+    }
+    return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+    if (ui == NULL) {
+        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    switch (cmd) {
+    case UI_CTRL_PRINT_ERRORS:
+        {
+            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+            if (i)
+                ui->flags |= UI_FLAG_PRINT_ERRORS;
+            else
+                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+            return save_flag;
+        }
+    case UI_CTRL_IS_REDOABLE:
+        return ! !(ui->flags & UI_FLAG_REDOABLE);
+    default:
+        break;
+    }
+    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+    return -1;
+}
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *UI_get_ex_data(UI *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+const UI_METHOD *UI_get_method(UI *ui)
+{
+    return ui->meth;
+}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+{
+    ui->meth = meth;
+    return ui->meth;
+}
+
+UI_METHOD *UI_create_method(const char *name)
+{
+    UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method));
+
+    if (ui_method != NULL) {
+        ui_method->name = OPENSSL_strdup(name);
+        if (ui_method->name == NULL) {
+            OPENSSL_free(ui_method);
+            UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+    OPENSSL_free(ui_method->name);
+    ui_method->name = NULL;
+    OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_open_session = opener;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_write_string = writer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_flush = flusher;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_read_string = reader;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_close_session = closer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name))
+{
+    if (method != NULL) {
+        method->ui_construct_prompt = prompt_constructor;
+        return 0;
+    }
+    return -1;
+}
+
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_open_session;
+    return NULL;
+}
+
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_write_string;
+    return NULL;
+}
+
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_flush;
+    return NULL;
+}
+
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_read_string;
+    return NULL;
+}
+
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_close_session;
+    return NULL;
+}
+
+char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
+                                                              const char *,
+                                                              const char *)
+{
+    if (method != NULL)
+        return method->ui_construct_prompt;
+    return NULL;
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+    return uis->type;
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+    return uis->input_flags;
+}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+{
+    return uis->out_string;
+}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_BOOLEAN:
+        return uis->_.boolean_data.action_desc;
+    default:
+        return NULL;
+    }
+}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_buf;
+    default:
+        return NULL;
+    }
+}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_VERIFY:
+        return uis->_.string_data.test_buf;
+    default:
+        return NULL;
+    }
+}
+
+int UI_get_result_minsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_minsize;
+    default:
+        return -1;
+    }
+}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_maxsize;
+    default:
+        return -1;
+    }
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+    int l = strlen(result);
+
+    ui->flags &= ~UI_FLAG_REDOABLE;
+
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        {
+            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+            BIO_snprintf(number1, sizeof(number1), "%d",
+                         uis->_.string_data.result_minsize);
+            BIO_snprintf(number2, sizeof(number2), "%d",
+                         uis->_.string_data.result_maxsize);
+
+            if (l < uis->_.string_data.result_minsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+            if (l > uis->_.string_data.result_maxsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+        }
+
+        if (uis->result_buf == NULL) {
+            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+            return -1;
+        }
+
+        OPENSSL_strlcpy(uis->result_buf, result,
+                    uis->_.string_data.result_maxsize + 1);
+        break;
+    case UIT_BOOLEAN:
+        {
+            const char *p;
+
+            if (uis->result_buf == NULL) {
+                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                return -1;
+            }
+
+            uis->result_buf[0] = '\0';
+            for (p = result; *p; p++) {
+                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+                    break;
+                }
+                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+                    break;
+                }
+            }
+        }
+    default:
+        break;
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/ui/ui_locl.h b/openssl-1.1.0h/crypto/ui/ui_locl.h
new file mode 100644
index 0000000..2953739
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/ui_locl.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UI_LOCL_H
+# define HEADER_UI_LOCL_H
+
+# include <openssl/ui.h>
+# include <openssl/crypto.h>
+
+# ifdef _
+#  undef _
+# endif
+
+struct ui_method_st {
+    char *name;
+    /*
+     * All the functions return 1 or non-NULL for success and 0 or NULL for
+     * failure
+     */
+    /*
+     * Open whatever channel for this, be it the console, an X window or
+     * whatever. This function should use the ex_data structure to save
+     * intermediate data.
+     */
+    int (*ui_open_session) (UI *ui);
+    int (*ui_write_string) (UI *ui, UI_STRING *uis);
+    /*
+     * Flush the output.  If a GUI dialog box is used, this function can be
+     * used to actually display it.
+     */
+    int (*ui_flush) (UI *ui);
+    int (*ui_read_string) (UI *ui, UI_STRING *uis);
+    int (*ui_close_session) (UI *ui);
+    /*
+     * Construct a prompt in a user-defined manner.  object_desc is a textual
+     * short description of the object, for example "pass phrase", and
+     * object_name is the name of the object (might be a card name or a file
+     * name. The returned string shall always be allocated on the heap with
+     * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+     */
+    char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
+                                  const char *object_name);
+};
+
+struct ui_string_st {
+    enum UI_string_types type;  /* Input */
+    const char *out_string;     /* Input */
+    int input_flags;            /* Flags from the user */
+    /*
+     * The following parameters are completely irrelevant for UIT_INFO, and
+     * can therefore be set to 0 or NULL
+     */
+    char *result_buf;           /* Input and Output: If not NULL,
+                                 * user-defined with size in result_maxsize.
+                                 * Otherwise, it may be allocated by the UI
+                                 * routine, meaning result_minsize is going
+                                 * to be overwritten. */
+    union {
+        struct {
+            int result_minsize; /* Input: minimum required size of the
+                                 * result. */
+            int result_maxsize; /* Input: maximum permitted size of the
+                                 * result */
+            const char *test_buf; /* Input: test string to verify against */
+        } string_data;
+        struct {
+            const char *action_desc; /* Input */
+            const char *ok_chars; /* Input */
+            const char *cancel_chars; /* Input */
+        } boolean_data;
+    } _;
+
+# define OUT_STRING_FREEABLE 0x01
+    int flags;                  /* flags for internal use */
+};
+
+struct ui_st {
+    const UI_METHOD *meth;
+    STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
+                                   * one thing at a time, and with different
+                                   * echoing status.  */
+    void *user_data;
+    CRYPTO_EX_DATA ex_data;
+# define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_PRINT_ERRORS    0x0100
+    int flags;
+
+    CRYPTO_RWLOCK *lock;
+};
+
+#endif
diff --git a/openssl-1.1.0h/crypto/ui/ui_openssl.c b/openssl-1.1.0h/crypto/ui/ui_openssl.c
new file mode 100644
index 0000000..8fa8dec
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/ui_openssl.c
@@ -0,0 +1,712 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <openssl/err.h>
+
+/*
+ * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
+ * [maybe others?], because it masks interfaces not discussed in standard,
+ * sigaction and fileno included. -pedantic would be more appropriate for the
+ * intended purposes, but we can't prevent users from adding -ansi.
+ */
+#if defined(OPENSSL_SYS_VXWORKS)
+# include <sys/types.h>
+#endif
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+# ifndef _POSIX_C_SOURCE
+#  define _POSIX_C_SOURCE 2
+# endif
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+# if defined(_POSIX_VERSION)
+
+#  define SIGACTION
+#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#   define TERMIOS
+#  endif
+
+# endif
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "ui_locl.h"
+#include "internal/cryptlib.h"
+
+#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+# ifndef OPENSSL_SYS_WINCE
+#  include <wincon.h>
+# endif
+#endif
+
+/*
+ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS, WIN32 Console and SGTTY.
+ *
+ * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
+ * remain respected.  Otherwise, we default to TERMIOS except for a few
+ * systems that require something different.
+ *
+ * Note: we do not use SGTTY unless it's defined by the configuration.  We
+ * may eventually opt to remove it's use entirely.
+ */
+
+#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+
+# if defined(_LIBC)
+#  undef  TERMIOS
+#  define TERMIO
+#  undef  SGTTY
+/*
+ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
+ */
+# elif !defined(OPENSSL_SYS_VMS) \
+	&& !defined(OPENSSL_SYS_MSDOS) \
+	&& !defined(OPENSSL_SYS_VXWORKS)
+#  define TERMIOS
+#  undef  TERMIO
+#  undef  SGTTY
+# endif
+
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT             struct termios
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      tcgetattr(tty,data)
+# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT             struct termio
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT             struct sgttyb
+# define TTY_FLAGS              sg_flags
+# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+    short iosb$w_value;
+    short iosb$w_count;
+    long iosb$l_info;
+};
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+/* Define globals.  They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG]) (int);
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal, "TT");
+static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
+                                      * will always suffice for the actual
+                                      * structures? */
+static long status;
+static unsigned short channel = 0;
+#elif defined(_WIN32) && !defined(_WIN32_WCE)
+static DWORD tty_orig, tty_new;
+#else
+# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig, tty_new;
+# endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WINCE)
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
+}
+
+/*
+ * The following function makes sure that info and error strings are printed
+ * before any prompt.
+ */
+static int write_string(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_ERROR:
+    case UIT_INFO:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        break;
+    default:
+        break;
+    }
+    return 1;
+}
+
+static int read_string(UI *ui, UI_STRING *uis)
+{
+    int ok = 0;
+
+    switch (UI_get_string_type(uis)) {
+    case UIT_BOOLEAN:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fputs(UI_get0_action_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 0);
+    case UIT_PROMPT:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 1);
+    case UIT_VERIFY:
+        fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
+        fflush(tty_out);
+        if ((ok = read_string_inner(ui, uis,
+                                    UI_get_input_flags(uis) &
+                                    UI_INPUT_FLAG_ECHO, 1)) <= 0)
+            return ok;
+        if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
+            fprintf(tty_out, "Verify failure\n");
+            fflush(tty_out);
+            return 0;
+        }
+        break;
+    default:
+        break;
+    }
+    return 1;
+}
+
+#if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static int read_till_nl(FILE *in)
+{
+# define SIZE 4
+    char buf[SIZE + 1];
+
+    do {
+        if (!fgets(buf, SIZE, in))
+            return 0;
+    } while (strchr(buf, '\n') == NULL);
+    return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+    static int ps;
+    int ok;
+    char result[BUFSIZ];
+    int maxsize = BUFSIZ - 1;
+#if !defined(OPENSSL_SYS_WINCE)
+    char *p = NULL;
+    int echo_eol = !echo;
+
+    intr_signal = 0;
+    ok = 0;
+    ps = 0;
+
+    pushsig();
+    ps = 1;
+
+    if (!echo && !noecho_console(ui))
+        goto error;
+    ps = 2;
+
+    result[0] = '\0';
+# if defined(_WIN32)
+    if (is_a_tty) {
+        DWORD numread;
+#  if defined(CP_UTF8)
+        if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) {
+            WCHAR wresult[BUFSIZ];
+
+            if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
+                         wresult, maxsize, &numread, NULL)) {
+                if (numread >= 2 &&
+                    wresult[numread-2] == L'\r' &&
+                    wresult[numread-1] == L'\n') {
+                    wresult[numread-2] = L'\n';
+                    numread--;
+                }
+                wresult[numread] = '\0';
+                if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
+                                        result, sizeof(result), NULL, 0) > 0)
+                    p = result;
+
+                OPENSSL_cleanse(wresult, sizeof(wresult));
+            }
+        } else
+#  endif
+        if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
+                         result, maxsize, &numread, NULL)) {
+            if (numread >= 2 &&
+                result[numread-2] == '\r' && result[numread-1] == '\n') {
+                result[numread-2] = '\n';
+                numread--;
+            }
+            result[numread] = '\0';
+            p = result;
+        }
+    } else
+# elif defined(OPENSSL_SYS_MSDOS)
+    if (!echo) {
+        noecho_fgets(result, maxsize, tty_in);
+        p = result;             /* FIXME: noecho_fgets doesn't return errors */
+    } else
+# endif
+    p = fgets(result, maxsize, tty_in);
+    if (p == NULL)
+        goto error;
+    if (feof(tty_in))
+        goto error;
+    if (ferror(tty_in))
+        goto error;
+    if ((p = (char *)strchr(result, '\n')) != NULL) {
+        if (strip_nl)
+            *p = '\0';
+    } else if (!read_till_nl(tty_in))
+        goto error;
+    if (UI_set_result(ui, uis, result) >= 0)
+        ok = 1;
+
+ error:
+    if (intr_signal == SIGINT)
+        ok = -1;
+    if (echo_eol)
+        fprintf(tty_out, "\n");
+    if (ps >= 2 && !echo && !echo_console(ui))
+        ok = 0;
+
+    if (ps >= 1)
+        popsig();
+#else
+    ok = 1;
+#endif
+
+    OPENSSL_cleanse(result, BUFSIZ);
+    return ok;
+}
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+{
+    CRYPTO_THREAD_write_lock(ui->lock);
+    is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_VXWORKS)
+    tty_in = stdin;
+    tty_out = stderr;
+#elif defined(_WIN32) && !defined(_WIN32_WCE)
+    if ((tty_out = fopen("conout$", "w")) == NULL)
+        tty_out = stderr;
+
+    if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
+        tty_in = stdin;
+    } else {
+        is_a_tty = 0;
+        if ((tty_in = fopen("conin$", "r")) == NULL)
+            tty_in = stdin;
+    }
+#else
+# ifdef OPENSSL_SYS_MSDOS
+#  define DEV_TTY "con"
+# else
+#  define DEV_TTY "/dev/tty"
+# endif
+    if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
+        tty_in = stdin;
+    if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
+        tty_out = stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+    if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
+# ifdef ENOTTY
+        if (errno == ENOTTY)
+            is_a_tty = 0;
+        else
+# endif
+# ifdef EINVAL
+            /*
+             * Ariel Glenn ariel@columbia.edu reports that solaris can return
+             * EINVAL instead.  This should be ok
+             */
+        if (errno == EINVAL)
+            is_a_tty = 0;
+        else
+# endif
+# ifdef ENODEV
+            /*
+             * MacOS X returns ENODEV (Operation not supported by device),
+             * which seems appropriate.
+             */
+        if (errno == ENODEV)
+            is_a_tty = 0;
+        else
+# endif
+            {
+                char tmp_num[10];
+                BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno);
+                UIerr(UI_F_OPEN_CONSOLE, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE);
+                ERR_add_error_data(2, "errno=", tmp_num);
+
+                return 0;
+            }
+    }
+#endif
+#ifdef OPENSSL_SYS_VMS
+    status = sys$assign(&terminal, &channel, 0, 0);
+
+    /* if there isn't a TT device, something is very wrong */
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_OPEN_CONSOLE, UI_R_SYSASSIGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        return 0;
+    }
+
+    status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
+                      0, 0, 0, 0);
+
+    /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        is_a_tty = 0;
+#endif
+    return 1;
+}
+
+static int noecho_console(UI *ui)
+{
+#ifdef TTY_FLAGS
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_NOECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+#endif
+#if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        tty_new &= ~ENABLE_ECHO_INPUT;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+#endif
+    return 1;
+}
+
+static int echo_console(UI *ui)
+{
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_ECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+#endif
+#if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        tty_new |= ENABLE_ECHO_INPUT;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+#endif
+    return 1;
+}
+
+static int close_console(UI *ui)
+{
+    if (tty_in != stdin)
+        fclose(tty_in);
+    if (tty_out != stderr)
+        fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+    status = sys$dassgn(channel);
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        return 0;
+    }
+#endif
+    CRYPTO_THREAD_unlock(ui->lock);
+
+    return 1;
+}
+
+#if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+{
+# ifndef OPENSSL_SYS_WIN32
+    int i;
+# endif
+# ifdef SIGACTION
+    struct sigaction sa;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.sa_handler = recsig;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+    savsig[SIGABRT] = signal(SIGABRT, recsig);
+    savsig[SIGFPE] = signal(SIGFPE, recsig);
+    savsig[SIGILL] = signal(SIGILL, recsig);
+    savsig[SIGINT] = signal(SIGINT, recsig);
+    savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+    savsig[SIGTERM] = signal(SIGTERM, recsig);
+# else
+    for (i = 1; i < NX509_SIG; i++) {
+#  ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#  endif
+#  ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#  endif
+#  ifdef SIGKILL
+        if (i == SIGKILL)       /* We can't make any action on that. */
+            continue;
+#  endif
+#  ifdef SIGACTION
+        sigaction(i, &sa, &savsig[i]);
+#  else
+        savsig[i] = signal(i, recsig);
+#  endif
+    }
+# endif
+
+# ifdef SIGWINCH
+    signal(SIGWINCH, SIG_DFL);
+# endif
+}
+
+static void popsig(void)
+{
+# ifdef OPENSSL_SYS_WIN32
+    signal(SIGABRT, savsig[SIGABRT]);
+    signal(SIGFPE, savsig[SIGFPE]);
+    signal(SIGILL, savsig[SIGILL]);
+    signal(SIGINT, savsig[SIGINT]);
+    signal(SIGSEGV, savsig[SIGSEGV]);
+    signal(SIGTERM, savsig[SIGTERM]);
+# else
+    int i;
+    for (i = 1; i < NX509_SIG; i++) {
+#  ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#  endif
+#  ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#  endif
+#  ifdef SIGACTION
+        sigaction(i, &savsig[i], NULL);
+#  else
+        signal(i, savsig[i]);
+#  endif
+    }
+# endif
+}
+
+static void recsig(int i)
+{
+    intr_signal = i;
+}
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+    int i;
+    char *p;
+
+    p = buf;
+    for (;;) {
+        if (size == 0) {
+            *p = '\0';
+            break;
+        }
+        size--;
+# if defined(_WIN32)
+        i = _getch();
+# else
+        i = getch();
+# endif
+        if (i == '\r')
+            i = '\n';
+        *(p++) = i;
+        if (i == '\n') {
+            *p = '\0';
+            break;
+        }
+    }
+# ifdef WIN_CONSOLE_BUG
+    /*
+     * Win95 has several evil console bugs: one of these is that the last
+     * character read using getch() is passed to the next read: this is
+     * usually a CR so this can be trouble. No STDIO fix seems to work but
+     * flushing the console appears to do the trick.
+     */
+    {
+        HANDLE inh;
+        inh = GetStdHandle(STD_INPUT_HANDLE);
+        FlushConsoleInputBuffer(inh);
+    }
+# endif
+    return (strlen(buf));
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/ui/ui_util.c b/openssl-1.1.0h/crypto/ui/ui_util.c
new file mode 100644
index 0000000..3b51db9
--- /dev/null
+++ b/openssl-1.1.0h/crypto/ui/ui_util.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ui_locl.h"
+
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify)
+{
+    char buff[BUFSIZ];
+    int ret;
+
+    ret =
+        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+                        prompt, verify);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return (ret);
+}
+
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify)
+{
+    int ok = 0;
+    UI *ui;
+
+    if (size < 1)
+        return -1;
+
+    ui = UI_new();
+    if (ui != NULL) {
+        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+        if (ok >= 0 && verify)
+            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+    }
+    if (ok > 0)
+        ok = 0;
+    return (ok);
+}
diff --git a/openssl-1.1.0h/crypto/uid.c b/openssl-1.1.0h/crypto/uid.c
new file mode 100644
index 0000000..12df8a4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/uid.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+
+# include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+{
+    return issetugid();
+}
+
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)
+
+int OPENSSL_issetugid(void)
+{
+    return 0;
+}
+
+#else
+
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+
+int OPENSSL_issetugid(void)
+{
+    if (getuid() != geteuid())
+        return 1;
+    if (getgid() != getegid())
+        return 1;
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/vms_rms.h b/openssl-1.1.0h/crypto/vms_rms.h
new file mode 100644
index 0000000..3b994a0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/vms_rms.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else                           /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else                          /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif                         /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif                          /* def NAML$C_MAXRSS [else] */
diff --git a/openssl-1.1.0h/crypto/whrlpool/asm/wp-mmx.pl b/openssl-1.1.0h/crypto/whrlpool/asm/wp-mmx.pl
new file mode 100644
index 0000000..f63945c
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/asm/wp-mmx.pl
@@ -0,0 +1,507 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block_mmx implementation.
+#
+*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results
+# in 16KB large table, which is tough on L1 cache, but eliminates
+# unaligned references to it. Value of 2 results in 4KB table, but
+# 7/8 of references to it are unaligned. AMD cores seem to be
+# allergic to the latter, while Intel ones - to former [see the
+# table]. I stick to value of 2 for two reasons: 1. smaller table
+# minimizes cache trashing and thus mitigates the hazard of side-
+# channel leakage similar to AES cache-timing one; 2. performance
+# gap among different µ-archs is smaller.
+#
+# Performance table lists rounded amounts of CPU cycles spent by
+# whirlpool_block_mmx routine on single 64 byte input block, i.e.
+# smaller is better and asymptotic throughput can be estimated by
+# multiplying 64 by CPU clock frequency and dividing by relevant
+# value from the given table:
+#
+#		$SCALE=2/8	icc8	gcc3	
+# Intel P4	3200/4600	4600(*)	6400
+# Intel PIII	2900/3000	4900	5400
+# AMD K[78]	2500/1800	9900	8200(**)
+#
+# (*)	I've sketched even non-MMX assembler, but for the record
+#	I've failed to beat the Intel compiler on P4, without using
+#	MMX that is...
+# (**)	... on AMD on the other hand non-MMX assembler was observed
+#	to perform significantly better, but I figured this MMX
+#	implementation is even faster anyway, so why bother? As for
+#	pre-MMX AMD core[s], the improvement coefficient is more
+#	than likely to vary anyway and I don't know how. But the
+#	least I know is that gcc-generated code compiled with
+#	-DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for
+#	details] and optimized for Pentium was observed to perform
+#	*better* on Pentium 100 than unrolled non-MMX assembler
+#	loop... So we just say that I don't know if maintaining
+#	non-MMX implementation would actually pay off, but till
+#	opposite is proved "unlikely" is assumed.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"wp-mmx.pl");
+
+sub L()  { &data_byte(@_); }
+sub LL()
+{	if	($SCALE==2)	{ &data_byte(@_); &data_byte(@_); }
+	elsif	($SCALE==8)	{ for ($i=0;$i<8;$i++) {
+					&data_byte(@_);
+					unshift(@_,pop(@_));
+				  }
+				}
+	else			{ die "unvalid SCALE value"; }
+}
+
+sub scale()
+{	if	($SCALE==2)	{ &lea(@_[0],&DWP(0,@_[1],@_[1])); }
+	elsif	($SCALE==8)	{ &lea(@_[0],&DWP(0,"",@_[1],8));  }
+	else			{ die "unvalid SCALE value";       }
+}
+
+sub row()
+{	if	($SCALE==2)	{ ((8-shift)&7); }
+	elsif	($SCALE==8)	{ (8*shift);     }
+	else			{ die "unvalid SCALE value"; }
+}
+
+$tbl="ebp";
+@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7");
+
+&function_begin_B("whirlpool_block_mmx");
+	&push	("ebp");
+	&push	("ebx");
+	&push	("esi");
+	&push	("edi");
+
+	&mov	("esi",&wparam(0));		# hash value
+	&mov	("edi",&wparam(1));		# input data stream
+	&mov	("ebp",&wparam(2));		# number of chunks in input
+
+	&mov	("eax","esp");			# copy stack pointer
+	&sub	("esp",128+20);			# allocate frame
+	&and	("esp",-64);			# align for cache-line
+
+	&lea	("ebx",&DWP(128,"esp"));
+	&mov	(&DWP(0,"ebx"),"esi");		# save parameter block
+	&mov	(&DWP(4,"ebx"),"edi");
+	&mov	(&DWP(8,"ebx"),"ebp");
+	&mov	(&DWP(16,"ebx"),"eax");		# saved stack pointer
+
+	&call	(&label("pic_point"));
+&set_label("pic_point");
+	&blindpop($tbl);
+	&lea	($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl));
+
+	&xor	("ecx","ecx");
+	&xor	("edx","edx");
+
+	for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); }    # L=H
+&set_label("outerloop");
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+	for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+
+	&xor	("esi","esi");
+	&mov	(&DWP(12,"ebx"),"esi");		# zero round counter
+
+&set_label("round",16);
+	&movq	(@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8));	# rc[r]
+	&mov	("eax",&DWP(0,"esp"));
+	&mov	("ebx",&DWP(4,"esp"));
+	&movz	("ecx",&LB("eax"));
+	&movz	("edx",&HB("eax"));
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? \&movq : \&pxor;
+	&shr	("eax",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[0],&QWP(&row(0),$tbl,"esi",8));
+	&$func	(@mm[1],&QWP(&row(1),$tbl,"edi",8));
+	&mov	("eax",&DWP(($i+1)*8,"esp"));
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&$func	(@mm[2],&QWP(&row(2),$tbl,"esi",8));
+	&$func	(@mm[3],&QWP(&row(3),$tbl,"edi",8));
+	&shr	("ebx",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&$func	(@mm[4],&QWP(&row(4),$tbl,"esi",8));
+	&$func	(@mm[5],&QWP(&row(5),$tbl,"edi",8));
+	&mov	("ebx",&DWP(($i+1)*8+4,"esp"));
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&$func	(@mm[6],&QWP(&row(6),$tbl,"esi",8));
+	&$func	(@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+
+for($i=0;$i<8;$i++) {
+	&shr	("eax",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[0],&QWP(&row(0),$tbl,"esi",8));
+	&pxor	(@mm[1],&QWP(&row(1),$tbl,"edi",8));
+	&mov	("eax",&DWP(64+($i+1)*8,"esp"))		if ($i<7);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&pxor	(@mm[2],&QWP(&row(2),$tbl,"esi",8));
+	&pxor	(@mm[3],&QWP(&row(3),$tbl,"edi",8));
+	&shr	("ebx",16);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("ebx"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("ebx"));
+	&pxor	(@mm[4],&QWP(&row(4),$tbl,"esi",8));
+	&pxor	(@mm[5],&QWP(&row(5),$tbl,"edi",8));
+	&mov	("ebx",&DWP(64+($i+1)*8+4,"esp"))	if ($i<7);
+	&scale	("esi","ecx");
+	&movz	("ecx",&LB("eax"));
+	&scale	("edi","edx");
+	&movz	("edx",&HB("eax"));
+	&pxor	(@mm[6],&QWP(&row(6),$tbl,"esi",8));
+	&pxor	(@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+	&lea	("ebx",&DWP(128,"esp"));
+	&mov	("esi",&DWP(12,"ebx"));		# pull round counter
+	&add	("esi",1);
+	&cmp	("esi",10);
+	&je	(&label("roundsdone"));
+
+	&mov	(&DWP(12,"ebx"),"esi");		# update round counter
+	for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+	&jmp	(&label("round"));
+
+&set_label("roundsdone",16);
+	&mov	("esi",&DWP(0,"ebx"));		# reload argument block
+	&mov	("edi",&DWP(4,"ebx"));
+	&mov	("eax",&DWP(8,"ebx"));
+
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+	for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); }    # L^=H
+	for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); }    # H=L
+
+	&lea	("edi",&DWP(64,"edi"));		# inp+=64
+	&sub	("eax",1);			# num--
+	&jz	(&label("alldone"));
+	&mov	(&DWP(4,"ebx"),"edi");		# update argument block
+	&mov	(&DWP(8,"ebx"),"eax");
+	&jmp	(&label("outerloop"));
+
+&set_label("alldone");
+	&emms	();
+	&mov	("esp",&DWP(16,"ebx"));		# restore saved stack pointer
+	&pop	("edi");
+	&pop	("esi");
+	&pop	("ebx");
+	&pop	("ebp");
+	&ret	();
+
+&align(64);
+&set_label("table");
+	&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+	&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+	&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+	&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+	&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+	&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+	&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+	&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+	&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+	&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+	&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+	&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+	&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+	&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+	&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+	&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+	&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+	&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+	&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+	&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+	&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+	&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+	&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+	&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+	&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+	&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+	&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+	&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+	&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+	&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+	&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+	&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+	&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+	&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+	&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+	&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+	&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+	&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+	&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+	&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+	&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+	&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+	&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+	&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+	&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+	&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+	&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+	&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+	&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+	&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+	&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+	&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+	&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+	&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+	&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+	&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+	&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+	&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+	&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+	&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+	&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+	&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+	&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+	&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+	&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+	&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+	&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+	&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+	&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+	&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+	&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+	&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+	&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+	&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+	&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+	&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+	&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+	&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+	&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+	&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+	&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+	&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+	&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+	&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+	&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+	&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+	&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+	&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+	&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+	&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+	&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+	&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+	&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+	&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+	&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+	&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+	&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+	&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+	&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+	&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+	&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+	&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+	&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+	&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+	&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+	&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+	&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+	&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+	&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+	&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+	&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+	&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+	&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+	&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+	&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+	&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+	&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+	&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+	&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+	&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+	&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+	&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+	&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+	&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+	&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+	&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+	&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+	&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+	&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+	&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+	&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+	&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+	&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+	&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+	&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+	&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+	&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+	&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+	&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+	&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+	&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+	&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+	&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+	&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+	&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+	&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+	&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+	&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+	&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+	&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+	&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+	&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+	&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+	&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+	&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+	&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+	&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+	&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+	&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+	&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+	&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+	&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+	&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+	&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+	&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+	&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+	&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+	&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+	&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+	&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+	&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+	&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+	&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+	&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+	&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+	&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+	&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+	&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+	&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+	&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+	&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+	&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+	&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+	&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+	&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+	&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+	&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+	&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+	&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+	&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+	&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+	&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+	&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+	&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+	&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+	&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+	&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+	&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+	&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+	&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+	&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+	&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+	&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+	&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+	&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+	&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+	&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+	&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+	&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+	&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+	&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+	&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+	&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+	&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+	&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+	&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+	&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+	&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+	&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+	&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+	&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+	&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+	&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+	&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+	&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+	&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+	&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+	&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+	&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+	&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+	&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+	&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+	&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+	&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+	&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+	&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+	&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+	&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+	&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+	&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+	&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+	&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+	&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+	&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+	&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+	&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+	&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+	&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+	&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+	&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+	&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+	&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+	&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+	&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+	&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+	&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+	&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);	# rc[ROUNDS]
+	&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+	&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+	&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+	&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+	&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+	&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+	&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+	&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+	&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+&function_end_B("whirlpool_block_mmx");
+&asm_finish(); 
+
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/whrlpool/asm/wp-x86_64.pl b/openssl-1.1.0h/crypto/whrlpool/asm/wp-x86_64.pl
new file mode 100644
index 0000000..c0b21d1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/asm/wp-x86_64.pl
@@ -0,0 +1,600 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block for x86_64.
+#
+# 2500 cycles per 64-byte input block on AMD64, which is *identical*
+# to 32-bit MMX version executed on same CPU. So why did I bother?
+# Well, it's faster than gcc 3.3.2 generated code by over 50%, and
+# over 80% faster than PathScale 1.4, an "ambitious" commercial
+# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio
+# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the
+# first example when they fail to generate more optimal code, when
+# I believe they had *all* chances to...
+#
+# Note that register and stack frame layout are virtually identical
+# to 32-bit MMX version, except that %r8-15 are used instead of
+# %mm0-8. You can even notice that K[i] and S[i] are loaded to
+# %eax:%ebx as pair of 32-bit values and not as single 64-bit one.
+# This is done in order to avoid 64-bit shift penalties on Intel
+# EM64T core. Speaking of which! I bet it's possible to improve
+# Opteron performance by compressing the table to 2KB and replacing
+# unaligned references with complementary rotations [which would
+# incidentally replace lea instructions], but it would definitely
+# just "kill" EM64T, because it has only 1 shifter/rotator [against
+# 3 on Opteron] and which is *unacceptably* slow with 64-bit
+# operand.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+sub L() { $code.=".byte	".join(',',@_)."\n"; }
+sub LL(){ $code.=".byte	".join(',',@_).",".join(',',@_)."\n"; }
+
+@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15");
+
+$func="whirlpool_block";
+$table=".Ltable";
+
+$code=<<___;
+.text
+
+.globl	$func
+.type	$func,\@function,3
+.align	16
+$func:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	mov	%rsp,%r11
+	sub	\$128+40,%rsp
+	and	\$-64,%rsp
+
+	lea	128(%rsp),%r10
+	mov	%rdi,0(%r10)		# save parameter block
+	mov	%rsi,8(%r10)
+	mov	%rdx,16(%r10)
+	mov	%r11,32(%r10)		# saved stack pointer
+.Lprologue:
+
+	mov	%r10,%rbx
+	lea	$table(%rip),%rbp
+
+	xor	%rcx,%rcx
+	xor	%rdx,%rdx
+___
+for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; }	# L=H
+$code.=".Louterloop:\n";
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }	# K=L
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }	# L^=inp
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }	# S=L
+$code.=<<___;
+	xor	%rsi,%rsi
+	mov	%rsi,24(%rbx)		# zero round counter
+	jmp	.Lround
+.align	16
+.Lround:
+	mov	4096(%rbp,%rsi,8),@mm[0]	# rc[r]
+	mov	0(%rsp),%eax
+	mov	4(%rsp),%ebx
+	movz	%al,%ecx
+	movz	%ah,%edx
+___
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? "mov" : "xor";
+    $code.=<<___;
+	shr	\$16,%eax
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	0(%rbp,%rsi,8),@mm[0]
+	$func	7(%rbp,%rdi,8),@mm[1]
+	mov	$i*8+8(%rsp),%eax		# ($i+1)*8
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	$func	6(%rbp,%rsi,8),@mm[2]
+	$func	5(%rbp,%rdi,8),@mm[3]
+	shr	\$16,%ebx
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	$func	4(%rbp,%rsi,8),@mm[4]
+	$func	3(%rbp,%rdi,8),@mm[5]
+	mov	$i*8+8+4(%rsp),%ebx		# ($i+1)*8+4
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	$func	2(%rbp,%rsi,8),@mm[6]
+	$func	1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }	# K=L
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+	shr	\$16,%eax
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	0(%rbp,%rsi,8),@mm[0]
+	xor	7(%rbp,%rdi,8),@mm[1]
+	`"mov	64+$i*8+8(%rsp),%eax"	if($i<7);`	# 64+($i+1)*8
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	xor	6(%rbp,%rsi,8),@mm[2]
+	xor	5(%rbp,%rdi,8),@mm[3]
+	shr	\$16,%ebx
+	lea	(%rcx,%rcx),%rsi
+	movz	%bl,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%bh,%edx
+	xor	4(%rbp,%rsi,8),@mm[4]
+	xor	3(%rbp,%rdi,8),@mm[5]
+	`"mov	64+$i*8+8+4(%rsp),%ebx"	if($i<7);`	# 64+($i+1)*8+4
+	lea	(%rcx,%rcx),%rsi
+	movz	%al,%ecx
+	lea	(%rdx,%rdx),%rdi
+	movz	%ah,%edx
+	xor	2(%rbp,%rsi,8),@mm[6]
+	xor	1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+$code.=<<___;
+	lea	128(%rsp),%rbx
+	mov	24(%rbx),%rsi		# pull round counter
+	add	\$1,%rsi
+	cmp	\$10,%rsi
+	je	.Lroundsdone
+
+	mov	%rsi,24(%rbx)		# update round counter
+___
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }	# S=L
+$code.=<<___;
+	jmp	.Lround
+.align	16
+.Lroundsdone:
+	mov	0(%rbx),%rdi		# reload argument block
+	mov	8(%rbx),%rsi
+	mov	16(%rbx),%rax
+___
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }	# L^=inp
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; }	# L^=H
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; }	# H=L
+$code.=<<___;
+	lea	64(%rsi),%rsi		# inp+=64
+	sub	\$1,%rax		# num--
+	jz	.Lalldone
+	mov	%rsi,8(%rbx)		# update parameter block
+	mov	%rax,16(%rbx)
+	jmp	.Louterloop
+.Lalldone:
+	mov	32(%rbx),%rsi		# restore saved pointer
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lepilogue:
+	ret
+.size	$func,.-$func
+
+.align	64
+.type	$table,\@object
+$table:
+___
+	&LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+	&LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+	&LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+	&LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+	&LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+	&LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+	&LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+	&LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+	&LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+	&LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+	&LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+	&LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+	&LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+	&LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+	&LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+	&LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+	&LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+	&LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+	&LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+	&LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+	&LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+	&LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+	&LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+	&LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+	&LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+	&LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+	&LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+	&LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+	&LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+	&LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+	&LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+	&LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+	&LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+	&LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+	&LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+	&LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+	&LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+	&LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+	&LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+	&LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+	&LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+	&LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+	&LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+	&LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+	&LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+	&LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+	&LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+	&LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+	&LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+	&LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+	&LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+	&LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+	&LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+	&LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+	&LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+	&LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+	&LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+	&LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+	&LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+	&LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+	&LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+	&LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+	&LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+	&LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+	&LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+	&LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+	&LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+	&LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+	&LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+	&LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+	&LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+	&LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+	&LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+	&LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+	&LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+	&LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+	&LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+	&LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+	&LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+	&LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+	&LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+	&LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+	&LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+	&LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+	&LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+	&LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+	&LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+	&LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+	&LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+	&LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+	&LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+	&LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+	&LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+	&LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+	&LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+	&LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+	&LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+	&LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+	&LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+	&LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+	&LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+	&LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+	&LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+	&LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+	&LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+	&LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+	&LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+	&LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+	&LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+	&LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+	&LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+	&LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+	&LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+	&LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+	&LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+	&LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+	&LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+	&LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+	&LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+	&LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+	&LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+	&LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+	&LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+	&LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+	&LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+	&LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+	&LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+	&LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+	&LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+	&LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+	&LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+	&LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+	&LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+	&LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+	&LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+	&LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+	&LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+	&LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+	&LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+	&LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+	&LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+	&LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+	&LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+	&LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+	&LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+	&LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+	&LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+	&LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+	&LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+	&LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+	&LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+	&LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+	&LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+	&LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+	&LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+	&LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+	&LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+	&LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+	&LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+	&LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+	&LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+	&LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+	&LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+	&LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+	&LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+	&LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+	&LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+	&LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+	&LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+	&LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+	&LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+	&LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+	&LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+	&LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+	&LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+	&LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+	&LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+	&LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+	&LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+	&LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+	&LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+	&LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+	&LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+	&LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+	&LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+	&LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+	&LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+	&LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+	&LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+	&LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+	&LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+	&LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+	&LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+	&LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+	&LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+	&LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+	&LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+	&LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+	&LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+	&LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+	&LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+	&LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+	&LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+	&LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+	&LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+	&LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+	&LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+	&LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+	&LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+	&LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+	&LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+	&LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+	&LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+	&LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+	&LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+	&LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+	&LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+	&LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+	&LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+	&LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+	&LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+	&LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+	&LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+	&LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+	&LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+	&LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+	&LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+	&LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+	&LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+	&LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+	&LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+	&LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+	&LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+	&LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+	&LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+	&LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+	&LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+	&LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+	&LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+	&LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+	&LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+	&LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+	&LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+	&LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+	&LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+	&LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+	&LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+	&LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+	&LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+	&LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+	&LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+	&LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+	&LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+	&LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+	&LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+	&LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+	&L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);	# rc[ROUNDS]
+	&L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+	&L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+	&L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+	&L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+	&L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+	&L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+	&L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+	&L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+	&L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	se_handler,\@abi-omnipotent
+.align	16
+se_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lprologue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lprologue
+	jb	.Lin_prologue
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lepilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
+	jae	.Lin_prologue
+
+	mov	128+32(%rax),%rax	# pull saved stack pointer
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lin_prologue:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	se_handler,.-se_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_$func
+	.rva	.LSEH_end_$func
+	.rva	.LSEH_info_$func
+
+.section	.xdata
+.align	8
+.LSEH_info_$func:
+	.byte	9,0,0,0
+	.rva	se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/openssl-1.1.0h/crypto/whrlpool/build.info b/openssl-1.1.0h/crypto/whrlpool/build.info
new file mode 100644
index 0000000..7f3a19e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/build.info
@@ -0,0 +1,7 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=wp_dgst.c {- $target{wp_asm_src} -}
+
+GENERATE[wp-mmx.s]=asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+DEPEND[wp-mmx.s]=../perlasm/x86asm.pl
+
+GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl $(PERLASM_SCHEME)
diff --git a/openssl-1.1.0h/crypto/whrlpool/wp_block.c b/openssl-1.1.0h/crypto/whrlpool/wp_block.c
new file mode 100644
index 0000000..b29f037
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/wp_block.c
@@ -0,0 +1,792 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "wp_locl.h"
+#include <string.h>
+
+typedef unsigned char u8;
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
+typedef unsigned __int64 u64;
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#else
+typedef unsigned long long u64;
+#endif
+
+#define ROUNDS  10
+
+#define STRICT_ALIGNMENT
+#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
+                           defined(__x86_64) || defined(__x86_64__) || \
+                           defined(_M_IX86) || defined(_M_AMD64) || \
+                           defined(_M_X64))
+/*
+ * Well, formally there're couple of other architectures, which permit
+ * unaligned loads, specifically those not crossing cache lines, IA-64 and
+ * PowerPC...
+ */
+# undef STRICT_ALIGNMENT
+#endif
+
+#undef SMALL_REGISTER_BANK
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define SMALL_REGISTER_BANK
+# if defined(WHIRLPOOL_ASM)
+#  ifndef OPENSSL_SMALL_FOOTPRINT
+/*
+ * it appears that for elder non-MMX
+ * CPUs this is actually faster!
+ */
+#   define OPENSSL_SMALL_FOOTPRINT
+#  endif
+#  define GO_FOR_MMX(ctx,inp,num)     do {                    \
+        extern unsigned long OPENSSL_ia32cap_P[];               \
+        void whirlpool_block_mmx(void *,const void *,size_t);   \
+        if (!(OPENSSL_ia32cap_P[0] & (1<<23)))  break;          \
+        whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
+                                        } while (0)
+# endif
+#endif
+
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  if defined(_WIN64)            /* applies to both IA-64 and AMD64 */
+#   pragma intrinsic(_rotl64)
+#   define ROTATE(a,n) _rotl64((a),n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   elif defined(B_ENDIAN)
+       /*
+        * Most will argue that x86_64 is always little-endian. Well, yes, but
+        * then we have stratus.com who has modified gcc to "emulate"
+        * big-endian on x86. Is there evidence that they [or somebody else]
+        * won't do same for x86_64? Naturally no. And this line is waiting
+        * ready for that brave soul:-)
+        */
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   endif
+#  elif defined(__ia64) || defined(__ia64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
+#   elif defined(B_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#   endif
+#  endif
+# endif
+#endif
+
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+# if !defined(ROTATE)
+#  if defined(L_ENDIAN)         /* little-endians have to rotate left */
+#   define ROTATE(i,n)       ((i)<<(n) ^ (i)>>(64-n))
+#  elif defined(B_ENDIAN)       /* big-endians have to rotate right */
+#   define ROTATE(i,n)       ((i)>>(n) ^ (i)<<(64-n))
+#  endif
+# endif
+# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
+#  define STRICT_ALIGNMENT      /* ensure smallest table size */
+# endif
+#endif
+
+/*
+ * Table size depends on STRICT_ALIGNMENT and whether or not endian-
+ * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
+ * defined, which is normally the case on x86[_64] CPUs, the table is
+ * 4KB large unconditionally. Otherwise if ROTATE is defined, the
+ * table is 2KB large, and otherwise - 16KB. 2KB table requires a
+ * whole bunch of additional rotations, but I'm willing to "trade,"
+ * because 16KB table certainly trashes L1 cache. I wish all CPUs
+ * could handle unaligned load as 4KB table doesn't trash the cache,
+ * nor does it require additional rotations.
+ */
+/*
+ * Note that every Cn macro expands as two loads: one byte load and
+ * one quadword load. One can argue that that many single-byte loads
+ * is too excessive, as one could load a quadword and "milk" it for
+ * eight 8-bit values instead. Well, yes, but in order to do so *and*
+ * avoid excessive loads you have to accommodate a handful of 64-bit
+ * values in the register bank and issue a bunch of shifts and mask.
+ * It's a tradeoff: loads vs. shift and mask in big register bank[!].
+ * On most CPUs eight single-byte loads are faster and I let other
+ * ones to depend on smart compiler to fold byte loads if beneficial.
+ * Hand-coded assembler would be another alternative:-)
+ */
+#ifdef STRICT_ALIGNMENT
+# if defined(ROTATE)
+#  define N   1
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
+#  define C0(K,i)     (Cx.q[K.c[(i)*8+0]])
+#  define C1(K,i)     ROTATE(Cx.q[K.c[(i)*8+1]],8)
+#  define C2(K,i)     ROTATE(Cx.q[K.c[(i)*8+2]],16)
+#  define C3(K,i)     ROTATE(Cx.q[K.c[(i)*8+3]],24)
+#  define C4(K,i)     ROTATE(Cx.q[K.c[(i)*8+4]],32)
+#  define C5(K,i)     ROTATE(Cx.q[K.c[(i)*8+5]],40)
+#  define C6(K,i)     ROTATE(Cx.q[K.c[(i)*8+6]],48)
+#  define C7(K,i)     ROTATE(Cx.q[K.c[(i)*8+7]],56)
+# else
+#  define N   8
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c7,c0,c1,c2,c3,c4,c5,c6, \
+                                        c6,c7,c0,c1,c2,c3,c4,c5, \
+                                        c5,c6,c7,c0,c1,c2,c3,c4, \
+                                        c4,c5,c6,c7,c0,c1,c2,c3, \
+                                        c3,c4,c5,c6,c7,c0,c1,c2, \
+                                        c2,c3,c4,c5,c6,c7,c0,c1, \
+                                        c1,c2,c3,c4,c5,c6,c7,c0
+#  define C0(K,i)     (Cx.q[0+8*K.c[(i)*8+0]])
+#  define C1(K,i)     (Cx.q[1+8*K.c[(i)*8+1]])
+#  define C2(K,i)     (Cx.q[2+8*K.c[(i)*8+2]])
+#  define C3(K,i)     (Cx.q[3+8*K.c[(i)*8+3]])
+#  define C4(K,i)     (Cx.q[4+8*K.c[(i)*8+4]])
+#  define C5(K,i)     (Cx.q[5+8*K.c[(i)*8+5]])
+#  define C6(K,i)     (Cx.q[6+8*K.c[(i)*8+6]])
+#  define C7(K,i)     (Cx.q[7+8*K.c[(i)*8+7]])
+# endif
+#else
+# define N     2
+# define LL(c0,c1,c2,c3,c4,c5,c6,c7)   c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c0,c1,c2,c3,c4,c5,c6,c7
+# define C0(K,i)       (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
+# define C1(K,i)       (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]])
+# define C2(K,i)       (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]])
+# define C3(K,i)       (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]])
+# define C4(K,i)       (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]])
+# define C5(K,i)       (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]])
+# define C6(K,i)       (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]])
+# define C7(K,i)       (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]])
+#endif
+
+static const
+    union {
+    u8 c[(256 * N + ROUNDS) * sizeof(u64)];
+    u64 q[(256 * N + ROUNDS)];
+} Cx = {
+        {
+            /* Note endian-neutral representation:-) */
+            LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
+            LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
+            LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
+            LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
+            LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
+            LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
+            LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
+            LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
+            LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
+            LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
+            LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
+            LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
+            LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
+            LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
+            LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
+            LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
+            LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
+            LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
+            LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
+            LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
+            LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
+            LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
+            LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
+            LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
+            LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
+            LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
+            LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
+            LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
+            LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
+            LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
+            LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
+            LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
+            LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
+            LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
+            LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
+            LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
+            LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
+            LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
+            LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
+            LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
+            LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
+            LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
+            LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
+            LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
+            LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
+            LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
+            LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
+            LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
+            LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
+            LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
+            LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
+            LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
+            LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
+            LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
+            LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
+            LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
+            LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
+            LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
+            LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
+            LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
+            LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
+            LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
+            LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
+            LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
+            LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
+            LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
+            LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
+            LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
+            LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
+            LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
+            LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
+            LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
+            LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
+            LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
+            LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
+            LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
+            LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
+            LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
+            LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
+            LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
+            LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
+            LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
+            LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
+            LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
+            LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
+            LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
+            LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
+            LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
+            LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
+            LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
+            LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
+            LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
+            LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
+            LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
+            LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
+            LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
+            LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
+            LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
+            LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
+            LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
+            LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
+            LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
+            LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
+            LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
+            LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
+            LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
+            LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
+            LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
+            LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
+            LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
+            LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
+            LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
+            LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
+            LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
+            LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
+            LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
+            LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
+            LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
+            LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
+            LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
+            LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
+            LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
+            LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
+            LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
+            LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
+            LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
+            LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
+            LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
+            LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
+            LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+            LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
+            LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
+            LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
+            LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
+            LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
+            LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
+            LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
+            LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
+            LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
+            LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
+            LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
+            LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
+            LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
+            LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
+            LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
+            LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
+            LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
+            LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
+            LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
+            LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
+            LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
+            LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
+            LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
+            LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
+            LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
+            LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
+            LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
+            LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
+            LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
+            LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
+            LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
+            LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
+            LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
+            LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
+            LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
+            LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
+            LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
+            LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
+            LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
+            LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
+            LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
+            LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
+            LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
+            LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
+            LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
+            LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
+            LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
+            LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
+            LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
+            LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
+            LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
+            LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
+            LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
+            LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
+            LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
+            LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
+            LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
+            LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
+            LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
+            LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
+            LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
+            LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
+            LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
+            LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
+            LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
+            LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
+            LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
+            LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
+            LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
+            LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
+            LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
+            LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
+            LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
+            LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
+            LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
+            LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
+            LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
+            LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
+            LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
+            LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
+            LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
+            LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
+            LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
+            LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
+            LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
+            LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
+            LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
+            LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
+            LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
+            LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
+            LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
+            LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
+            LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
+            LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
+            LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
+            LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
+            LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
+            LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
+            LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
+            LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
+            LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
+            LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
+            LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
+            LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
+            LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
+            LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
+            LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
+            LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
+            LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
+            LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
+            LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
+            LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
+            LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
+            LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
+            LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
+            LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
+            LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
+            LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
+            LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
+            LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
+            LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
+            LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
+            LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
+            LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
+            LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
+            LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
+#define RC      (&(Cx.q[256*N]))
+            0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
+            /* rc[ROUNDS] */
+            0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
+            0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
+            0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
+            0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
+            0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
+            0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
+            0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
+        }
+    };
+
+void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
+{
+    int r;
+    const u8 *p = inp;
+    union {
+        u64 q[8];
+        u8 c[64];
+    } S, K, *H = (void *)ctx->H.q;
+
+#ifdef GO_FOR_MMX
+    GO_FOR_MMX(ctx, inp, n);
+#endif
+    do {
+#ifdef OPENSSL_SMALL_FOOTPRINT
+        u64 L[8];
+        int i;
+
+        for (i = 0; i < 64; i++)
+            S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
+        for (r = 0; r < ROUNDS; r++) {
+            for (i = 0; i < 8; i++) {
+                L[i] = i ? 0 : RC[r];
+                L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
+                    C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
+                    C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
+                    C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
+            }
+            memcpy(K.q, L, 64);
+            for (i = 0; i < 8; i++) {
+                L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
+                    C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
+                    C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
+                    C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
+            }
+            memcpy(S.q, L, 64);
+        }
+        for (i = 0; i < 64; i++)
+            H->c[i] ^= S.c[i] ^ p[i];
+#else
+        u64 L0, L1, L2, L3, L4, L5, L6, L7;
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            memcpy(S.c, p, 64);
+            S.q[0] ^= (K.q[0] = H->q[0]);
+            S.q[1] ^= (K.q[1] = H->q[1]);
+            S.q[2] ^= (K.q[2] = H->q[2]);
+            S.q[3] ^= (K.q[3] = H->q[3]);
+            S.q[4] ^= (K.q[4] = H->q[4]);
+            S.q[5] ^= (K.q[5] = H->q[5]);
+            S.q[6] ^= (K.q[6] = H->q[6]);
+            S.q[7] ^= (K.q[7] = H->q[7]);
+        } else
+# endif
+        {
+            const u64 *pa = (const u64 *)p;
+            S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
+            S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
+            S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
+            S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
+            S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
+            S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
+            S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
+            S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
+        }
+
+        for (r = 0; r < ROUNDS; r++) {
+# ifdef SMALL_REGISTER_BANK
+            L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
+                C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
+            L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
+                C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
+            L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
+                C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
+            L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
+                C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
+            L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
+                C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
+            L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
+                C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
+            L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
+                C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
+            L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
+                C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
+                C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
+            L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
+                C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
+            L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
+                C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
+            L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
+                C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
+            L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
+                C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
+            L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
+                C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
+            L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
+                C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
+            L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
+                C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# else
+            L0 = C0(K, 0);
+            L1 = C1(K, 0);
+            L2 = C2(K, 0);
+            L3 = C3(K, 0);
+            L4 = C4(K, 0);
+            L5 = C5(K, 0);
+            L6 = C6(K, 0);
+            L7 = C7(K, 0);
+            L0 ^= RC[r];
+
+            L1 ^= C0(K, 1);
+            L2 ^= C1(K, 1);
+            L3 ^= C2(K, 1);
+            L4 ^= C3(K, 1);
+            L5 ^= C4(K, 1);
+            L6 ^= C5(K, 1);
+            L7 ^= C6(K, 1);
+            L0 ^= C7(K, 1);
+
+            L2 ^= C0(K, 2);
+            L3 ^= C1(K, 2);
+            L4 ^= C2(K, 2);
+            L5 ^= C3(K, 2);
+            L6 ^= C4(K, 2);
+            L7 ^= C5(K, 2);
+            L0 ^= C6(K, 2);
+            L1 ^= C7(K, 2);
+
+            L3 ^= C0(K, 3);
+            L4 ^= C1(K, 3);
+            L5 ^= C2(K, 3);
+            L6 ^= C3(K, 3);
+            L7 ^= C4(K, 3);
+            L0 ^= C5(K, 3);
+            L1 ^= C6(K, 3);
+            L2 ^= C7(K, 3);
+
+            L4 ^= C0(K, 4);
+            L5 ^= C1(K, 4);
+            L6 ^= C2(K, 4);
+            L7 ^= C3(K, 4);
+            L0 ^= C4(K, 4);
+            L1 ^= C5(K, 4);
+            L2 ^= C6(K, 4);
+            L3 ^= C7(K, 4);
+
+            L5 ^= C0(K, 5);
+            L6 ^= C1(K, 5);
+            L7 ^= C2(K, 5);
+            L0 ^= C3(K, 5);
+            L1 ^= C4(K, 5);
+            L2 ^= C5(K, 5);
+            L3 ^= C6(K, 5);
+            L4 ^= C7(K, 5);
+
+            L6 ^= C0(K, 6);
+            L7 ^= C1(K, 6);
+            L0 ^= C2(K, 6);
+            L1 ^= C3(K, 6);
+            L2 ^= C4(K, 6);
+            L3 ^= C5(K, 6);
+            L4 ^= C6(K, 6);
+            L5 ^= C7(K, 6);
+
+            L7 ^= C0(K, 7);
+            L0 ^= C1(K, 7);
+            L1 ^= C2(K, 7);
+            L2 ^= C3(K, 7);
+            L3 ^= C4(K, 7);
+            L4 ^= C5(K, 7);
+            L5 ^= C6(K, 7);
+            L6 ^= C7(K, 7);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0);
+            L1 ^= C1(S, 0);
+            L2 ^= C2(S, 0);
+            L3 ^= C3(S, 0);
+            L4 ^= C4(S, 0);
+            L5 ^= C5(S, 0);
+            L6 ^= C6(S, 0);
+            L7 ^= C7(S, 0);
+
+            L1 ^= C0(S, 1);
+            L2 ^= C1(S, 1);
+            L3 ^= C2(S, 1);
+            L4 ^= C3(S, 1);
+            L5 ^= C4(S, 1);
+            L6 ^= C5(S, 1);
+            L7 ^= C6(S, 1);
+            L0 ^= C7(S, 1);
+
+            L2 ^= C0(S, 2);
+            L3 ^= C1(S, 2);
+            L4 ^= C2(S, 2);
+            L5 ^= C3(S, 2);
+            L6 ^= C4(S, 2);
+            L7 ^= C5(S, 2);
+            L0 ^= C6(S, 2);
+            L1 ^= C7(S, 2);
+
+            L3 ^= C0(S, 3);
+            L4 ^= C1(S, 3);
+            L5 ^= C2(S, 3);
+            L6 ^= C3(S, 3);
+            L7 ^= C4(S, 3);
+            L0 ^= C5(S, 3);
+            L1 ^= C6(S, 3);
+            L2 ^= C7(S, 3);
+
+            L4 ^= C0(S, 4);
+            L5 ^= C1(S, 4);
+            L6 ^= C2(S, 4);
+            L7 ^= C3(S, 4);
+            L0 ^= C4(S, 4);
+            L1 ^= C5(S, 4);
+            L2 ^= C6(S, 4);
+            L3 ^= C7(S, 4);
+
+            L5 ^= C0(S, 5);
+            L6 ^= C1(S, 5);
+            L7 ^= C2(S, 5);
+            L0 ^= C3(S, 5);
+            L1 ^= C4(S, 5);
+            L2 ^= C5(S, 5);
+            L3 ^= C6(S, 5);
+            L4 ^= C7(S, 5);
+
+            L6 ^= C0(S, 6);
+            L7 ^= C1(S, 6);
+            L0 ^= C2(S, 6);
+            L1 ^= C3(S, 6);
+            L2 ^= C4(S, 6);
+            L3 ^= C5(S, 6);
+            L4 ^= C6(S, 6);
+            L5 ^= C7(S, 6);
+
+            L7 ^= C0(S, 7);
+            L0 ^= C1(S, 7);
+            L1 ^= C2(S, 7);
+            L2 ^= C3(S, 7);
+            L3 ^= C4(S, 7);
+            L4 ^= C5(S, 7);
+            L5 ^= C6(S, 7);
+            L6 ^= C7(S, 7);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# endif
+        }
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            int i;
+            for (i = 0; i < 64; i++)
+                H->c[i] ^= S.c[i] ^ p[i];
+        } else
+# endif
+        {
+            const u64 *pa = (const u64 *)p;
+            H->q[0] ^= S.q[0] ^ pa[0];
+            H->q[1] ^= S.q[1] ^ pa[1];
+            H->q[2] ^= S.q[2] ^ pa[2];
+            H->q[3] ^= S.q[3] ^ pa[3];
+            H->q[4] ^= S.q[4] ^ pa[4];
+            H->q[5] ^= S.q[5] ^ pa[5];
+            H->q[6] ^= S.q[6] ^ pa[6];
+            H->q[7] ^= S.q[7] ^ pa[7];
+        }
+#endif
+        p += 64;
+    } while (--n);
+}
diff --git a/openssl-1.1.0h/crypto/whrlpool/wp_dgst.c b/openssl-1.1.0h/crypto/whrlpool/wp_dgst.c
new file mode 100644
index 0000000..6d92551
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/wp_dgst.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for performance.
+ */
+
+#include <openssl/crypto.h>
+#include "wp_locl.h"
+#include <string.h>
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    return (1);
+}
+
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+    /*
+     * Well, largest suitable chunk size actually is
+     * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
+     * to care about excessive calls to WHIRLPOOL_BitUpdate...
+     */
+    size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
+    const unsigned char *inp = _inp;
+
+    while (bytes >= chunk) {
+        WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
+        bytes -= chunk;
+        inp += chunk;
+    }
+    if (bytes)
+        WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
+
+    return (1);
+}
+
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+    size_t n;
+    unsigned int bitoff = c->bitoff,
+        bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
+    const unsigned char *inp = _inp;
+
+    /*
+     * This 256-bit increment procedure relies on the size_t being natural
+     * size of CPU register, so that we don't have to mask the value in order
+     * to detect overflows.
+     */
+    c->bitlen[0] += bits;
+    if (c->bitlen[0] < bits) {  /* overflow */
+        n = 1;
+        do {
+            c->bitlen[n]++;
+        } while (c->bitlen[n] == 0
+                 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
+    }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+ reconsider:
+    if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
+        while (bits) {
+            if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
+                whirlpool_block(c, inp, n);
+                inp += n * WHIRLPOOL_BBLOCK / 8;
+                bits %= WHIRLPOOL_BBLOCK;
+            } else {
+                unsigned int byteoff = bitoff / 8;
+
+                bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
+                if (bits >= bitrem) {
+                    bits -= bitrem;
+                    bitrem /= 8;
+                    memcpy(c->data + byteoff, inp, bitrem);
+                    inp += bitrem;
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                } else {
+                    memcpy(c->data + byteoff, inp, bits / 8);
+                    bitoff += (unsigned int)bits;
+                    bits = 0;
+                }
+                c->bitoff = bitoff;
+            }
+        }
+    } else                      /* bit-oriented loop */
+#endif
+    {
+        /*-
+                   inp
+                   |
+                   +-------+-------+-------
+                      |||||||||||||||||||||
+                   +-------+-------+-------
+        +-------+-------+-------+-------+-------
+        ||||||||||||||                          c->data
+        +-------+-------+-------+-------+-------
+                |
+                c->bitoff/8
+        */
+        while (bits) {
+            unsigned int byteoff = bitoff / 8;
+            unsigned char b;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+            if (bitrem == inpgap) {
+                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                inpgap = 8 - inpgap;
+                bitoff += inpgap;
+                bitrem = 0;     /* bitoff%8 */
+                bits -= inpgap;
+                inpgap = 0;     /* bits%8 */
+                inp++;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                }
+                c->bitoff = bitoff;
+                goto reconsider;
+            } else
+#endif
+            if (bits > 8) {
+                b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
+                b &= 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += 8;
+                bits -= 8;
+                inp++;
+                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+            } else {            /* remaining less than or equal to 8 bits */
+
+                b = (inp[0] << inpgap) & 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += (unsigned int)bits;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+                bits = 0;
+            }
+            c->bitoff = bitoff;
+        }
+    }
+}
+
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+    unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
+    size_t i, j, v;
+    unsigned char *p;
+
+    bitoff %= 8;
+    if (bitoff)
+        c->data[byteoff] |= 0x80 >> bitoff;
+    else
+        c->data[byteoff] = 0x80;
+    byteoff++;
+
+    /* pad with zeros */
+    if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
+        if (byteoff < WHIRLPOOL_BBLOCK / 8)
+            memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
+        whirlpool_block(c, c->data, 1);
+        byteoff = 0;
+    }
+    if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
+        memset(&c->data[byteoff], 0,
+               (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
+    /* smash 256-bit c->bitlen in big-endian order */
+    p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
+    for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
+        for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+            *p-- = (unsigned char)(v & 0xff);
+
+    whirlpool_block(c, c->data, 1);
+
+    if (md) {
+        memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+        OPENSSL_cleanse(c, sizeof(*c));
+        return (1);
+    }
+    return (0);
+}
+
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+    WHIRLPOOL_CTX ctx;
+    static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    WHIRLPOOL_Init(&ctx);
+    WHIRLPOOL_Update(&ctx, inp, bytes);
+    WHIRLPOOL_Final(md, &ctx);
+    return (md);
+}
diff --git a/openssl-1.1.0h/crypto/whrlpool/wp_locl.h b/openssl-1.1.0h/crypto/whrlpool/wp_locl.h
new file mode 100644
index 0000000..3a81cfd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/whrlpool/wp_locl.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/whrlpool.h>
+
+void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
diff --git a/openssl-1.1.0h/crypto/x509/build.info b/openssl-1.1.0h/crypto/x509/build.info
new file mode 100644
index 0000000..7fc4b45
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/build.info
@@ -0,0 +1,10 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c x509_vpm.c \
+        x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
+        x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
diff --git a/openssl-1.1.0h/crypto/x509/by_dir.c b/openssl-1.1.0h/crypto/x509/by_dir.c
new file mode 100644
index 0000000..21672a7
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/by_dir.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+#endif
+
+
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "x509_lcl.h"
+
+struct lookup_dir_hashes_st {
+    unsigned long hash;
+    int suffix;
+};
+
+struct lookup_dir_entry_st {
+    char *dir;
+    int dir_type;
+    STACK_OF(BY_DIR_HASH) *hashes;
+};
+
+typedef struct lookup_dir_st {
+    BUF_MEM *buffer;
+    STACK_OF(BY_DIR_ENTRY) *dirs;
+    CRYPTO_RWLOCK *lock;
+} BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret);
+static X509_LOOKUP_METHOD x509_dir_lookup = {
+    "Load certs from files in a directory",
+    new_dir,                    /* new */
+    free_dir,                   /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    dir_ctrl,                   /* ctrl */
+    get_cert_by_subject,        /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+{
+    return (&x509_dir_lookup);
+}
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **retp)
+{
+    int ret = 0;
+    BY_DIR *ld;
+    char *dir = NULL;
+
+    ld = (BY_DIR *)ctx->method_data;
+
+    switch (cmd) {
+    case X509_L_ADD_DIR:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            if (dir)
+                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
+            else
+                ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+                                   X509_FILETYPE_PEM);
+            if (!ret) {
+                X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+            }
+        } else
+            ret = add_cert_dir(ld, argp, (int)argl);
+        break;
+    }
+    return (ret);
+}
+
+static int new_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a;
+
+    if ((a = OPENSSL_malloc(sizeof(*a))) == NULL)
+        return 0;
+    if ((a->buffer = BUF_MEM_new()) == NULL) {
+        OPENSSL_free(a);
+        return 0;
+    }
+    a->dirs = NULL;
+    a->lock = CRYPTO_THREAD_lock_new();
+    if (a->lock == NULL) {
+        BUF_MEM_free(a->buffer);
+        OPENSSL_free(a);
+        return 0;
+    }
+    lu->method_data = (char *)a;
+    return 1;
+}
+
+static void by_dir_hash_free(BY_DIR_HASH *hash)
+{
+    OPENSSL_free(hash);
+}
+
+static int by_dir_hash_cmp(const BY_DIR_HASH *const *a,
+                           const BY_DIR_HASH *const *b)
+{
+    if ((*a)->hash > (*b)->hash)
+        return 1;
+    if ((*a)->hash < (*b)->hash)
+        return -1;
+    return 0;
+}
+
+static void by_dir_entry_free(BY_DIR_ENTRY *ent)
+{
+    OPENSSL_free(ent->dir);
+    sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+    OPENSSL_free(ent);
+}
+
+static void free_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a;
+
+    a = (BY_DIR *)lu->method_data;
+    sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
+    BUF_MEM_free(a->buffer);
+    CRYPTO_THREAD_lock_free(a->lock);
+    OPENSSL_free(a);
+}
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+{
+    const char *s, *p;
+
+    if (dir == NULL || !*dir) {
+        X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+        return 0;
+    }
+
+    s = dir;
+    p = s;
+    do {
+        if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
+            BY_DIR_ENTRY *ent;
+            int j;
+            size_t len;
+            const char *ss = s;
+            s = p + 1;
+            len = p - ss;
+            if (len == 0)
+                continue;
+            for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
+                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
+                if (strlen(ent->dir) == len &&
+                    strncmp(ent->dir, ss, len) == 0)
+                    break;
+            }
+            if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
+                continue;
+            if (ctx->dirs == NULL) {
+                ctx->dirs = sk_BY_DIR_ENTRY_new_null();
+                if (!ctx->dirs) {
+                    X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            ent = OPENSSL_malloc(sizeof(*ent));
+            if (ent == NULL)
+                return 0;
+            ent->dir_type = type;
+            ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
+            ent->dir = OPENSSL_strndup(ss, len);
+            if (ent->dir == NULL || ent->hashes == NULL) {
+                by_dir_entry_free(ent);
+                return 0;
+            }
+            if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
+                by_dir_entry_free(ent);
+                return 0;
+            }
+        }
+    } while (*p++ != '\0');
+    return 1;
+}
+
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret)
+{
+    BY_DIR *ctx;
+    union {
+        X509 st_x509;
+        X509_CRL crl;
+    } data;
+    int ok = 0;
+    int i, j, k;
+    unsigned long h;
+    BUF_MEM *b = NULL;
+    X509_OBJECT stmp, *tmp;
+    const char *postfix = "";
+
+    if (name == NULL)
+        return (0);
+
+    stmp.type = type;
+    if (type == X509_LU_X509) {
+        data.st_x509.cert_info.subject = name;
+        stmp.data.x509 = &data.st_x509;
+        postfix = "";
+    } else if (type == X509_LU_CRL) {
+        data.crl.crl.issuer = name;
+        stmp.data.crl = &data.crl;
+        postfix = "r";
+    } else {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+        goto finish;
+    }
+
+    if ((b = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+        goto finish;
+    }
+
+    ctx = (BY_DIR *)xl->method_data;
+
+    h = X509_NAME_hash(name);
+    for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
+        BY_DIR_ENTRY *ent;
+        int idx;
+        BY_DIR_HASH htmp, *hent;
+        ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
+        j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
+        if (!BUF_MEM_grow(b, j)) {
+            X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+            goto finish;
+        }
+        if (type == X509_LU_CRL && ent->hashes) {
+            htmp.hash = h;
+            CRYPTO_THREAD_read_lock(ctx->lock);
+            idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+            if (idx >= 0) {
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                k = hent->suffix;
+            } else {
+                hent = NULL;
+                k = 0;
+            }
+            CRYPTO_THREAD_unlock(ctx->lock);
+        } else {
+            k = 0;
+            hent = NULL;
+        }
+        for (;;) {
+            char c = '/';
+#ifdef OPENSSL_SYS_VMS
+            c = ent->dir[strlen(ent->dir) - 1];
+            if (c != ':' && c != '>' && c != ']') {
+                /*
+                 * If no separator is present, we assume the directory
+                 * specifier is a logical name, and add a colon.  We really
+                 * should use better VMS routines for merging things like
+                 * this, but this will do for now... -- Richard Levitte
+                 */
+                c = ':';
+            } else {
+                c = '\0';
+            }
+#endif
+            if (c == '\0') {
+                /*
+                 * This is special.  When c == '\0', no directory separator
+                 * should be added.
+                 */
+                BIO_snprintf(b->data, b->max,
+                             "%s%08lx.%s%d", ent->dir, h, postfix, k);
+            } else {
+                BIO_snprintf(b->data, b->max,
+                             "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k);
+            }
+#ifndef OPENSSL_NO_POSIX_IO
+# ifdef _WIN32
+#  define stat _stat
+# endif
+            {
+                struct stat st;
+                if (stat(b->data, &st) < 0)
+                    break;
+            }
+#endif
+            /* found one. */
+            if (type == X509_LU_X509) {
+                if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            } else if (type == X509_LU_CRL) {
+                if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            }
+            /* else case will caught higher up */
+            k++;
+        }
+
+        /*
+         * we have added it to the cache so now pull it out again
+         */
+        CRYPTO_THREAD_write_lock(ctx->lock);
+        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+        if (j != -1)
+            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+        else
+            tmp = NULL;
+        CRYPTO_THREAD_unlock(ctx->lock);
+
+        /* If a CRL, update the last file suffix added for this */
+
+        if (type == X509_LU_CRL) {
+            CRYPTO_THREAD_write_lock(ctx->lock);
+            /*
+             * Look for entry again in case another thread added an entry
+             * first.
+             */
+            if (!hent) {
+                htmp.hash = h;
+                idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                if (idx >= 0)
+                    hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+            }
+            if (!hent) {
+                hent = OPENSSL_malloc(sizeof(*hent));
+                if (hent == NULL) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
+                    goto finish;
+                }
+                hent->hash = h;
+                hent->suffix = k;
+                if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    OPENSSL_free(hent);
+                    ok = 0;
+                    goto finish;
+                }
+            } else if (hent->suffix < k) {
+                hent->suffix = k;
+            }
+
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        }
+
+        if (tmp != NULL) {
+            ok = 1;
+            ret->type = tmp->type;
+            memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+            /*
+             * If we were going to up the reference count, we would need to
+             * do it on a perl 'type' basis
+             */
+        /*- CRYPTO_add(&tmp->data.x509->references,1,
+                    CRYPTO_LOCK_X509);*/
+            goto finish;
+        }
+    }
+ finish:
+    BUF_MEM_free(b);
+    return (ok);
+}
diff --git a/openssl-1.1.0h/crypto/x509/by_file.c b/openssl-1.1.0h/crypto/x509/by_file.c
new file mode 100644
index 0000000..0bcc6af
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/by_file.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include "x509_lcl.h"
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                        long argl, char **ret);
+static X509_LOOKUP_METHOD x509_file_lookup = {
+    "Load file into cache",
+    NULL,                       /* new */
+    NULL,                       /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    by_file_ctrl,               /* ctrl */
+    NULL,                       /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+{
+    return (&x509_file_lookup);
+}
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+                        long argl, char **ret)
+{
+    int ok = 0;
+    const char *file;
+
+    switch (cmd) {
+    case X509_L_FILE_LOAD:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            file = getenv(X509_get_default_cert_file_env());
+            if (file)
+                ok = (X509_load_cert_crl_file(ctx, file,
+                                              X509_FILETYPE_PEM) != 0);
+
+            else
+                ok = (X509_load_cert_crl_file
+                      (ctx, X509_get_default_cert_file(),
+                       X509_FILETYPE_PEM) != 0);
+
+            if (!ok) {
+                X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
+            }
+        } else {
+            if (argl == X509_FILETYPE_PEM)
+                ok = (X509_load_cert_crl_file(ctx, argp,
+                                              X509_FILETYPE_PEM) != 0);
+            else
+                ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+        }
+        break;
+    }
+    return (ok);
+}
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509 *x = NULL;
+
+    if (file == NULL)
+        return (1);
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_cert(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_cert(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+ err:
+    X509_free(x);
+    BIO_free(in);
+    return (ret);
+}
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509_CRL *x = NULL;
+
+    if (file == NULL)
+        return (1);
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_crl(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_CRL_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_crl(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+ err:
+    X509_CRL_free(x);
+    BIO_free(in);
+    return (ret);
+}
+
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    STACK_OF(X509_INFO) *inf;
+    X509_INFO *itmp;
+    BIO *in;
+    int i, count = 0;
+    if (type != X509_FILETYPE_PEM)
+        return X509_load_cert_file(ctx, file, type);
+    in = BIO_new_file(file, "r");
+    if (!in) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+        return 0;
+    }
+    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
+    BIO_free(in);
+    if (!inf) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+        return 0;
+    }
+    for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+        itmp = sk_X509_INFO_value(inf, i);
+        if (itmp->x509) {
+            X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+            count++;
+        }
+        if (itmp->crl) {
+            X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+            count++;
+        }
+    }
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return count;
+}
diff --git a/openssl-1.1.0h/crypto/x509/t_crl.c b/openssl-1.1.0h/crypto/x509/t_crl.c
new file mode 100644
index 0000000..f3ca6db
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/t_crl.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_CRL_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+    STACK_OF(X509_REVOKED) *rev;
+    X509_REVOKED *r;
+    const X509_ALGOR *sig_alg;
+    const ASN1_BIT_STRING *sig;
+    long l;
+    int i;
+    char *p;
+
+    BIO_printf(out, "Certificate Revocation List (CRL):\n");
+    l = X509_CRL_get_version(x);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
+    X509_CRL_get0_signature(x, &sig, &sig_alg);
+    X509_signature_print(out, sig_alg, NULL);
+    p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
+    BIO_printf(out, "%8sIssuer: %s\n", "", p);
+    OPENSSL_free(p);
+    BIO_printf(out, "%8sLast Update: ", "");
+    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
+    BIO_printf(out, "\n%8sNext Update: ", "");
+    if (X509_CRL_get0_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
+    else
+        BIO_printf(out, "NONE");
+    BIO_printf(out, "\n");
+
+    X509V3_extensions_print(out, "CRL extensions",
+                            X509_CRL_get0_extensions(x), 0, 8);
+
+    rev = X509_CRL_get_REVOKED(x);
+
+    if (sk_X509_REVOKED_num(rev) > 0)
+        BIO_printf(out, "Revoked Certificates:\n");
+    else
+        BIO_printf(out, "No Revoked Certificates.\n");
+
+    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+        r = sk_X509_REVOKED_value(rev, i);
+        BIO_printf(out, "    Serial Number: ");
+        i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
+        BIO_printf(out, "\n        Revocation Date: ");
+        ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
+        BIO_printf(out, "\n");
+        X509V3_extensions_print(out, "CRL entry extensions",
+                                X509_REVOKED_get0_extensions(r), 0, 8);
+    }
+    X509_signature_print(out, sig_alg, sig);
+
+    return 1;
+
+}
diff --git a/openssl-1.1.0h/crypto/x509/t_req.c b/openssl-1.1.0h/crypto/x509/t_req.c
new file mode 100644
index 0000000..77ce810
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/t_req.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_REQ_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+                      unsigned long cflag)
+{
+    long l;
+    int i;
+    EVP_PKEY *pkey;
+    STACK_OF(X509_EXTENSION) *exts;
+    char mlch = ' ';
+    int nmindent = 0;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_REQ_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x),
+            nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey;
+        ASN1_OBJECT *koid;
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        xpkey = X509_REQ_get_X509_PUBKEY(x);
+        X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey);
+        if (i2a_ASN1_OBJECT(bp, koid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_REQ_get0_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+        /* may not be */
+        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+            goto err;
+
+        if (X509_REQ_get_attr_count(x) == 0) {
+            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+                goto err;
+        } else {
+            for (i = 0; i < X509_REQ_get_attr_count(x); i++) {
+                ASN1_TYPE *at;
+                X509_ATTRIBUTE *a;
+                ASN1_BIT_STRING *bs = NULL;
+                ASN1_OBJECT *aobj;
+                int j, type = 0, count = 1, ii = 0;
+
+                a = X509_REQ_get_attr(x, i);
+                aobj = X509_ATTRIBUTE_get0_object(a);
+                if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
+                    continue;
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
+                    ii = 0;
+                    count = X509_ATTRIBUTE_count(a);
+ get_next:
+                    at = X509_ATTRIBUTE_get0_type(a, ii);
+                    type = at->type;
+                    bs = at->value.asn1_string;
+                }
+                for (j = 25 - j; j > 0; j--)
+                    if (BIO_write(bp, " ", 1) != 1)
+                        goto err;
+                if (BIO_puts(bp, ":") <= 0)
+                    goto err;
+                if ((type == V_ASN1_PRINTABLESTRING) ||
+                    (type == V_ASN1_T61STRING) ||
+                    (type == V_ASN1_UTF8STRING) ||
+                    (type == V_ASN1_IA5STRING)) {
+                    if (BIO_write(bp, (char *)bs->data, bs->length)
+                        != bs->length)
+                        goto err;
+                    BIO_puts(bp, "\n");
+                } else {
+                    BIO_puts(bp, "unable to print attribute\n");
+                }
+                if (++ii < count)
+                    goto get_next;
+            }
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+        exts = X509_REQ_get_extensions(x);
+        if (exts) {
+            BIO_printf(bp, "%8sRequested Extensions:\n", "");
+            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                int critical;
+                ex = sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                obj = X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bp, obj);
+                critical = X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
+                    goto err;
+                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+                    BIO_printf(bp, "%16s", "");
+                    ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
+                }
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto err;
+            }
+            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_REQ_get0_signature(x, &sig, &sig_alg);
+        if (!X509_signature_print(bp, sig_alg, sig))
+            goto err;
+    }
+
+    return (1);
+ err:
+    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+    return (0);
+}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+{
+    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
diff --git a/openssl-1.1.0h/crypto/x509/t_x509.c b/openssl-1.1.0h/crypto/x509/t_x509.c
new file mode 100644
index 0000000..c7ced67
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/t_x509.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/asn1_int.h"
+
+#ifndef OPENSSL_NO_STDIO
+int X509_print_fp(FILE *fp, X509 *x)
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length <= (int)sizeof(long)) {
+                ERR_set_mark();
+                l = ASN1_INTEGER_get(bs);
+                ERR_pop_to_mark();
+        } else {
+            l = -1;
+        }
+        if (l != -1) {
+            unsigned long ul;
+            if (bs->type == V_ASN1_NEG_INTEGER) {
+                ul = 0 - (unsigned long)l;
+                neg = "-";
+            } else {
+                ul = l;
+                neg = "";
+            }
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
+            goto err;
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+        ASN1_OBJECT *xpoid;
+        X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get0_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_IDS)) {
+        const ASN1_BIT_STRING *iuid, *suid;
+        X509_get0_uids(x, &iuid, &suid);
+        if (iuid != NULL) {
+            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, iuid, 12))
+                goto err;
+        }
+        if (suid != NULL) {
+            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, suid, 12))
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                X509_get0_extensions(x), cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_get0_signature(&sig, &sig_alg, x);
+        if (X509_signature_print(bp, sig_alg, sig) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_aux_print(bp, x, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_free(m);
+    return (ret);
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+    ASN1_BIT_STRING *keybstr;
+    X509_NAME *subj;
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    subj = X509_get_subject_name(x);
+    derlen = i2d_X509_NAME(subj, NULL);
+    if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(subj, &dertmp);
+
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    keybstr = X509_get0_pubkey_bitstr(x);
+
+    if (keybstr == NULL)
+        goto err;
+
+    if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
+                    NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return (1);
+ err:
+    OPENSSL_free(der);
+    return (0);
+}
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
+{
+    const unsigned char *s;
+    int i, n;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0) {
+            if (BIO_write(bp, "\n", 1) <= 0)
+                return 0;
+            if (BIO_indent(bp, indent, indent) <= 0)
+                return 0;
+        }
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+
+    return 1;
+}
+
+int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig)
+{
+    int sig_nid;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(bp, sigalg, sig, 9, 0);
+        }
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, 9);
+    else if (BIO_puts(bp, "\n") <= 0)
+        return 0;
+    return 1;
+}
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+    char oidstr[80], first;
+    STACK_OF(ASN1_OBJECT) *trust, *reject;
+    const unsigned char *alias, *keyid;
+    int keyidlen;
+    int i;
+    if (X509_trusted(x) == 0)
+        return 1;
+    trust = X509_get0_trust_objects(x);
+    reject = X509_get0_reject_objects(x);
+    if (trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    alias = X509_alias_get0(x, NULL);
+    if (alias)
+        BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+    keyid = X509_keyid_get0(x, &keyidlen);
+    if (keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < keyidlen; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_att.c b/openssl-1.1.0h/crypto/x509/x509_att.c
new file mode 100644
index 0000000..836bca5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_att.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+    return sk_X509_ATTRIBUTE_num(x);
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos)
+{
+    const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
+
+    if (obj == NULL)
+        return (-2);
+    return (X509at_get_attr_by_OBJ(x, obj, lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_ATTRIBUTE *ex;
+
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_ATTRIBUTE_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_ATTRIBUTE_value(x, loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    X509_ATTRIBUTE *ret;
+
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return (NULL);
+    ret = sk_X509_ATTRIBUTE_delete(x, loc);
+    return (ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr)
+{
+    X509_ATTRIBUTE *new_attr = NULL;
+    STACK_OF(X509_ATTRIBUTE) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+        goto err2;
+    if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return (sk);
+ err:
+    X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_ATTRIBUTE_free(new_attr);
+    sk_X509_ATTRIBUTE_free(sk);
+    return (NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type)
+{
+    int i;
+    X509_ATTRIBUTE *at;
+    i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+    if (i == -1)
+        return NULL;
+    if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+        return NULL;
+    at = X509at_get_attr(x, i);
+    if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+        return NULL;
+    return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return (ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    X509_ATTRIBUTE *ret;
+
+    if ((attr == NULL) || (*attr == NULL)) {
+        if ((ret = X509_ATTRIBUTE_new()) == NULL) {
+            X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else
+        ret = *attr;
+
+    if (!X509_ATTRIBUTE_set1_object(ret, obj))
+        goto err;
+    if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
+        goto err;
+
+    if ((attr != NULL) && (*attr == NULL))
+        *attr = ret;
+    return (ret);
+ err:
+    if ((attr == NULL) || (ret != *attr))
+        X509_ATTRIBUTE_free(ret);
+    return (NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *nattr;
+
+    obj = OBJ_txt2obj(atrname, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", atrname);
+        return (NULL);
+    }
+    nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nattr;
+}
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+    if ((attr == NULL) || (obj == NULL))
+        return (0);
+    ASN1_OBJECT_free(attr->object);
+    attr->object = OBJ_dup(obj);
+    return attr->object != NULL;
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len)
+{
+    ASN1_TYPE *ttmp = NULL;
+    ASN1_STRING *stmp = NULL;
+    int atype = 0;
+    if (!attr)
+        return 0;
+    if (attrtype & MBSTRING_FLAG) {
+        stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                      OBJ_obj2nid(attr->object));
+        if (!stmp) {
+            X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+            return 0;
+        }
+        atype = stmp->type;
+    } else if (len != -1) {
+        if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL)
+            goto err;
+        if (!ASN1_STRING_set(stmp, data, len))
+            goto err;
+        atype = attrtype;
+    }
+    /*
+     * This is a bit naughty because the attribute should really have at
+     * least one value but some types use and zero length SET and require
+     * this.
+     */
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
+        return 1;
+    }
+    if ((ttmp = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+        if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+            goto err;
+    } else {
+        ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
+    if (!sk_ASN1_TYPE_push(attr->set, ttmp))
+        goto err;
+    return 1;
+ err:
+    X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
+    return 0;
+}
+
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return 0;
+    return sk_ASN1_TYPE_num(attr->set);
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return (NULL);
+    return (attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                               int atrtype, void *data)
+{
+    ASN1_TYPE *ttmp;
+    ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+    if (!ttmp)
+        return NULL;
+    if (atrtype != ASN1_TYPE_get(ttmp)) {
+        X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+        return NULL;
+    }
+    return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+    if (attr == NULL)
+        return NULL;
+    return sk_ASN1_TYPE_value(attr->set, idx);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_cmp.c b/openssl-1.1.0h/crypto/x509/x509_cmp.c
new file mode 100644
index 0000000..0105635
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_cmp.c
@@ -0,0 +1,459 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+{
+    int i;
+    const X509_CINF *ai, *bi;
+
+    ai = &a->cert_info;
+    bi = &b->cert_info;
+    i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
+    if (i)
+        return (i);
+    return (X509_NAME_cmp(ai->issuer, bi->issuer));
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+{
+    unsigned long ret = 0;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char md[16];
+    char *f;
+
+    if (ctx == NULL)
+        goto err;
+    f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+    if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+        goto err;
+    OPENSSL_free(f);
+    if (!EVP_DigestUpdate
+        (ctx, (unsigned char *)a->cert_info.serialNumber.data,
+         (unsigned long)a->cert_info.serialNumber.length))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
+        goto err;
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return (ret);
+}
+#endif
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+{
+    return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer));
+}
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
+{
+    return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject));
+}
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+{
+    return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer));
+}
+
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+{
+    return memcmp(a->sha1_hash, b->sha1_hash, 20);
+}
+
+X509_NAME *X509_get_issuer_name(const X509 *a)
+{
+    return (a->cert_info.issuer);
+}
+
+unsigned long X509_issuer_name_hash(X509 *x)
+{
+    return (X509_NAME_hash(x->cert_info.issuer));
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+{
+    return (X509_NAME_hash_old(x->cert_info.issuer));
+}
+#endif
+
+X509_NAME *X509_get_subject_name(const X509 *a)
+{
+    return (a->cert_info.subject);
+}
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+unsigned long X509_subject_name_hash(X509 *x)
+{
+    return (X509_NAME_hash(x->cert_info.subject));
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+{
+    return (X509_NAME_hash_old(x->cert_info.subject));
+}
+#endif
+
+/*
+ * Compare two certificates: they must be identical for this to work. NB:
+ * Although "cmp" operations are generally prototyped to take "const"
+ * arguments (eg. for use in STACKs), the way X509 handling is - these
+ * operations may involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point where the
+ * "depth-first" constification tree has to halt with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+    int rv;
+    /* ensure hash is valid */
+    X509_check_purpose((X509 *)a, -1, 0);
+    X509_check_purpose((X509 *)b, -1, 0);
+
+    rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    if (rv)
+        return rv;
+    /* Check for match against stored encoding too */
+    if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
+        return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
+                      a->cert_info.enc.len);
+    }
+    return rv;
+}
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    int ret;
+
+    /* Ensure canonical encoding is present and up to date */
+
+    if (!a->canon_enc || a->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)a, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    if (!b->canon_enc || b->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)b, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    ret = a->canon_enclen - b->canon_enclen;
+
+    if (ret)
+        return ret;
+
+    return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
+
+}
+
+unsigned long X509_NAME_hash(X509_NAME *x)
+{
+    unsigned long ret = 0;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
+                    NULL))
+        return 0;
+
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_MD5
+/*
+ * I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably efficient.
+ */
+
+unsigned long X509_NAME_hash_old(X509_NAME *x)
+{
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    unsigned long ret = 0;
+    unsigned char md[16];
+
+    if (md_ctx == NULL)
+        return ret;
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
+        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
+        && EVP_DigestFinal_ex(md_ctx, md, NULL))
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+               ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+            ) & 0xffffffffL;
+    EVP_MD_CTX_free(md_ctx);
+
+    return (ret);
+}
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial)
+{
+    int i;
+    X509 x, *x509 = NULL;
+
+    if (!sk)
+        return NULL;
+
+    x.cert_info.serialNumber = *serial;
+    x.cert_info.issuer = name;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+            return (x509);
+    }
+    return (NULL);
+}
+
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+{
+    X509 *x509;
+    int i;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+            return (x509);
+    }
+    return (NULL);
+}
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(x->cert_info.key);
+}
+
+EVP_PKEY *X509_get_pubkey(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get(x->cert_info.key);
+}
+
+int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
+{
+    const EVP_PKEY *xk;
+    int ret;
+
+    xk = X509_get0_pubkey(x);
+
+    if (xk)
+        ret = EVP_PKEY_cmp(xk, k);
+    else
+        ret = -2;
+
+    switch (ret) {
+    case 1:
+        break;
+    case 0:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+    if (ret > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * Check a suite B algorithm is permitted: pass in a public key and the NID
+ * of its signature (or 0 if no signature). The pflags is a pointer to a
+ * flags field which must contain the suite B verification flags.
+ */
+
+#ifndef OPENSSL_NO_EC
+
+static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
+{
+    const EC_GROUP *grp = NULL;
+    int curve_nid;
+    if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
+        grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
+    if (!grp)
+        return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
+    curve_nid = EC_GROUP_get_curve_name(grp);
+    /* Check curve is consistent with LOS */
+    if (curve_nid == NID_secp384r1) { /* P-384 */
+        /*
+         * Check signature algorithm is consistent with curve.
+         */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+        /* If we encounter P-384 we cannot use P-256 later */
+        *pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+    } else
+        return X509_V_ERR_SUITE_B_INVALID_CURVE;
+
+    return X509_V_OK;
+}
+
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    int rv, i, sign_nid;
+    EVP_PKEY *pk;
+    unsigned long tflags = flags;
+
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+
+    /* If no EE certificate passed in must be first in chain */
+    if (x == NULL) {
+        x = sk_X509_value(chain, 0);
+        i = 1;
+    } else
+        i = 0;
+
+    pk = X509_get0_pubkey(x);
+
+    /*
+     * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build
+     * a chain all, just report trust success or failure, but must also report
+     * Suite-B errors if applicable.  This is indicated via a NULL chain
+     * pointer.  All we need to do is check the leaf key algorithm.
+     */
+    if (chain == NULL)
+        return check_suite_b(pk, -1, &tflags);
+
+    if (X509_get_version(x) != 2) {
+        rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+
+    /* Check EE key only */
+    rv = check_suite_b(pk, -1, &tflags);
+    if (rv != X509_V_OK) {
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+    for (; i < sk_X509_num(chain); i++) {
+        sign_nid = X509_get_signature_nid(x);
+        x = sk_X509_value(chain, i);
+        if (X509_get_version(x) != 2) {
+            rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+            goto end;
+        }
+        pk = X509_get0_pubkey(x);
+        rv = check_suite_b(pk, sign_nid, &tflags);
+        if (rv != X509_V_OK)
+            goto end;
+    }
+
+    /* Final check: root CA signature */
+    rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
+ end:
+    if (rv != X509_V_OK) {
+        /* Invalid signature or LOS errors are for previous cert */
+        if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+             || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i)
+            i--;
+        /*
+         * If we have LOS error and flags changed then we are signing P-384
+         * with P-256. Use more meaningful error.
+         */
+        if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
+            rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
+        if (perror_depth)
+            *perror_depth = i;
+    }
+    return rv;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    int sign_nid;
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+    sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
+    return check_suite_b(pk, sign_nid, &flags);
+}
+
+#else
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    return 0;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    return 0;
+}
+
+#endif
+/*
+ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref of
+ * each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *ret;
+    int i;
+    ret = sk_X509_dup(chain);
+    for (i = 0; i < sk_X509_num(ret); i++) {
+        X509 *x = sk_X509_value(ret, i);
+        X509_up_ref(x);
+    }
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_d2.c b/openssl-1.1.0h/crypto/x509/x509_d2.c
new file mode 100644
index 0000000..cb03dbf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_d2.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return (0);
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return (0);
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* clear any errors */
+    ERR_clear_error();
+
+    return (1);
+}
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+                              const char *path)
+{
+    X509_LOOKUP *lookup;
+
+    if (file != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+        if (lookup == NULL)
+            return (0);
+        if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+            return (0);
+    }
+    if (path != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            return (0);
+        if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+            return (0);
+    }
+    if ((path == NULL) && (file == NULL))
+        return (0);
+    return (1);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_def.c b/openssl-1.1.0h/crypto/x509/x509_def.c
new file mode 100644
index 0000000..d11358e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_def.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+const char *X509_get_default_private_dir(void)
+{
+    return (X509_PRIVATE_DIR);
+}
+
+const char *X509_get_default_cert_area(void)
+{
+    return (X509_CERT_AREA);
+}
+
+const char *X509_get_default_cert_dir(void)
+{
+    return (X509_CERT_DIR);
+}
+
+const char *X509_get_default_cert_file(void)
+{
+    return (X509_CERT_FILE);
+}
+
+const char *X509_get_default_cert_dir_env(void)
+{
+    return (X509_CERT_DIR_EVP);
+}
+
+const char *X509_get_default_cert_file_env(void)
+{
+    return (X509_CERT_FILE_EVP);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_err.c b/openssl-1.1.0h/crypto/x509/x509_err.c
new file mode 100644
index 0000000..3f4b8ef
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_err.c
@@ -0,0 +1,142 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+
+static ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"},
+    {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"},
+    {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"},
+    {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"},
+    {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"},
+    {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"},
+    {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"},
+    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
+    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+     "X509_ATTRIBUTE_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+     "X509_ATTRIBUTE_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+     "X509_ATTRIBUTE_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+    {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"},
+    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+     "X509_EXTENSION_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+     "X509_EXTENSION_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+     "X509_get_pubkey_parameters"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+     "X509_NAME_ENTRY_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+     "X509_NAME_ENTRY_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+     "X509_NAME_ENTRY_set_object"},
+    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+    {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"},
+    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+     "X509_REQ_check_private_key"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+     "X509_STORE_CTX_get1_issuer"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+     "X509_STORE_CTX_purpose_inherit"},
+    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"},
+    {ERR_REASON(X509_R_BAD_SELECTOR), "bad selector"},
+    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
+     "cert already in hash table"},
+    {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
+    {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
+    {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
+    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"},
+    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
+    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
+    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
+    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+     "no cert set for us to verify"},
+    {ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"},
+    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
+    {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
+    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+     "unable to find parameters in chain"},
+    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+     "unable to get certs public key"},
+    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
+    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, X509_str_functs);
+        ERR_load_strings(0, X509_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_ext.c b/openssl-1.1.0h/crypto/x509/x509_ext.c
new file mode 100644
index 0000000..3c59079
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_ext.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+
+int X509_CRL_get_ext_count(const X509_CRL *x)
+{
+    return (X509v3_get_ext_count(x->crl.extensions));
+}
+
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos));
+}
+
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos));
+}
+
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
+{
+    return (X509v3_get_ext(x->crl.extensions, loc));
+}
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+{
+    return (X509v3_delete_ext(x->crl.extensions, loc));
+}
+
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
+}
+
+int X509_get_ext_count(const X509 *x)
+{
+    return (X509v3_get_ext_count(x->cert_info.extensions));
+}
+
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos));
+}
+
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos));
+}
+
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->cert_info.extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
+{
+    return (X509v3_get_ext(x->cert_info.extensions, loc));
+}
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+{
+    return (X509v3_delete_ext(x->cert_info.extensions, loc));
+}
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
+}
+
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit,
+                           flags);
+}
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
+{
+    return (X509v3_get_ext_count(x->extensions));
+}
+
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+}
+
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+}
+
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
+{
+    return (X509v3_get_ext(x->extensions, loc));
+}
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+{
+    return (X509v3_delete_ext(x->extensions, loc));
+}
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+}
+
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_lcl.h b/openssl-1.1.0h/crypto/x509/x509_lcl.h
new file mode 100644
index 0000000..40bd102
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_lcl.h
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This structure holds all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+struct X509_VERIFY_PARAM_st {
+    char *name;
+    time_t check_time;          /* Time to use */
+    uint32_t inh_flags;         /* Inheritance flags */
+    unsigned long flags;        /* Various verify flags */
+    int purpose;                /* purpose to check untrusted certificates */
+    int trust;                  /* trust setting to check */
+    int depth;                  /* Verify depth */
+    int auth_level;             /* Security level for chain verification */
+    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+    /* Peer identity details */
+    STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
+    unsigned int hostflags;     /* Flags to control matching features */
+    char *peername;             /* Matching hostname in peer certificate */
+    char *email;                /* If not NULL email address to match */
+    size_t emaillen;
+    unsigned char *ip;          /* If not NULL IP address to match */
+    size_t iplen;               /* Length of IP address */
+};
+
+/* No error callback if depth < 0 */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+
+/* a sequence of these are used */
+struct x509_attributes_st {
+    ASN1_OBJECT *object;
+    STACK_OF(ASN1_TYPE) *set;
+};
+
+struct X509_extension_st {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING value;
+};
+
+/*
+ * Method to handle CRL access. In general a CRL could be very large (several
+ * Mb) and can consume large amounts of resources if stored in memory by
+ * multiple processes. This method allows general CRL operations to be
+ * redirected to more efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st {
+    int flags;
+    int (*crl_init) (X509_CRL *crl);
+    int (*crl_free) (X509_CRL *crl);
+    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
+                       ASN1_INTEGER *ser, X509_NAME *issuer);
+    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
+};
+
+struct x509_lookup_method_st {
+    const char *name;
+    int (*new_item) (X509_LOOKUP *ctx);
+    void (*free) (X509_LOOKUP *ctx);
+    int (*init) (X509_LOOKUP *ctx);
+    int (*shutdown) (X509_LOOKUP *ctx);
+    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                 char **ret);
+    int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+    int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+    int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+};
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+    int init;                   /* have we been started */
+    int skip;                   /* don't use us. */
+    X509_LOOKUP_METHOD *method; /* the functions */
+    char *method_data;          /* method data */
+    X509_STORE *store_ctx;      /* who owns us */
+};
+
+/*
+ * This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+    /* The following is a cache of trusted certs */
+    int cache;                  /* if true, stash any hits */
+    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+    /* These are external lookup methods */
+    STACK_OF(X509_LOOKUP) *get_cert_methods;
+    X509_VERIFY_PARAM *param;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    CRYPTO_EX_DATA ex_data;
+    int references;
+    CRYPTO_RWLOCK *lock;
+};
+
+typedef struct lookup_dir_hashes_st BY_DIR_HASH;
+typedef struct lookup_dir_entry_st BY_DIR_ENTRY;
+DEFINE_STACK_OF(BY_DIR_HASH)
+DEFINE_STACK_OF(BY_DIR_ENTRY)
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
diff --git a/openssl-1.1.0h/crypto/x509/x509_lu.c b/openssl-1.1.0h/crypto/x509/x509_lu.c
new file mode 100644
index 0000000..90f2352
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_lu.c
@@ -0,0 +1,846 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+{
+    X509_LOOKUP *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        return NULL;
+
+    ret->method = method;
+    if ((method->new_item != NULL) && !method->new_item(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if ((ctx->method != NULL) && (ctx->method->free != NULL))
+        (*ctx->method->free) (ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->init != NULL)
+        return ctx->method->init(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->shutdown != NULL)
+        return ctx->method->shutdown(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                     char **ret)
+{
+    if (ctx->method == NULL)
+        return -1;
+    if (ctx->method->ctrl != NULL)
+        return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+        return 0;
+    if (ctx->skip)
+        return 0;
+    return ctx->method->get_by_subject(ctx, type, name, ret);
+}
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+        return 0;
+    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+}
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+        return 0;
+    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+}
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+        return 0;
+    return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+static int x509_object_cmp(const X509_OBJECT *const *a,
+                           const X509_OBJECT *const *b)
+{
+    int ret;
+
+    ret = ((*a)->type - (*b)->type);
+    if (ret)
+        return ret;
+    switch ((*a)->type) {
+    case X509_LU_X509:
+        ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+        break;
+    case X509_LU_CRL:
+        ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    return ret;
+}
+
+X509_STORE *X509_STORE_new(void)
+{
+    X509_STORE *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+        return NULL;
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+        goto err;
+    ret->cache = 1;
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+        goto err;
+
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+        goto err;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL)
+        goto err;
+
+    ret->references = 1;
+    return ret;
+
+err:
+    X509_VERIFY_PARAM_free(ret->param);
+    sk_X509_OBJECT_free(ret->objs);
+    sk_X509_LOOKUP_free(ret->get_cert_methods);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void X509_STORE_free(X509_STORE *vfy)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    if (vfy == NULL)
+        return;
+
+    CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
+    REF_PRINT_COUNT("X509_STORE", vfy);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    sk = vfy->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        X509_LOOKUP_shutdown(lu);
+        X509_LOOKUP_free(lu);
+    }
+    sk_X509_LOOKUP_free(sk);
+    sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+    X509_VERIFY_PARAM_free(vfy->param);
+    CRYPTO_THREAD_lock_free(vfy->lock);
+    OPENSSL_free(vfy);
+}
+
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_STORE", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    sk = v->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        if (m == lu->method) {
+            return lu;
+        }
+    }
+    /* a new one */
+    lu = X509_LOOKUP_new(m);
+    if (lu == NULL)
+        return NULL;
+    else {
+        lu->store_ctx = v;
+        if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+            return lu;
+        else {
+            X509_LOOKUP_free(lu);
+            return NULL;
+        }
+    }
+}
+
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name)
+{
+    X509_OBJECT *ret = X509_OBJECT_new();
+
+    if (ret == NULL)
+        return NULL;
+    if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
+        X509_OBJECT_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret)
+{
+    X509_STORE *ctx = vs->ctx;
+    X509_LOOKUP *lu;
+    X509_OBJECT stmp, *tmp;
+    int i, j;
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (tmp == NULL || type == X509_LU_CRL) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+            lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+            if (j) {
+                tmp = &stmp;
+                break;
+            }
+        }
+        if (tmp == NULL)
+            return 0;
+    }
+
+    ret->type = tmp->type;
+    ret->data.ptr = tmp->data.ptr;
+
+    X509_OBJECT_up_ref_count(ret);
+
+    return 1;
+}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+{
+    X509_OBJECT *obj;
+    int ret = 1, added = 1;
+
+    if (x == NULL)
+        return 0;
+    obj = X509_OBJECT_new();
+    if (obj == NULL)
+        return 0;
+    obj->type = X509_LU_X509;
+    obj->data.x509 = x;
+    X509_OBJECT_up_ref_count(obj);
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+
+    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+        X509err(X509_F_X509_STORE_ADD_CERT,
+                X509_R_CERT_ALREADY_IN_HASH_TABLE);
+        ret = 0;
+    } else {
+        added = sk_X509_OBJECT_push(ctx->objs, obj);
+        ret = added != 0;
+    }
+
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (!ret)                   /* obj not pushed */
+        X509_OBJECT_free(obj);
+    if (!added)                 /* on push failure */
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+
+    return ret;
+}
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+    X509_OBJECT *obj;
+    int ret = 1, added = 1;
+
+    if (x == NULL)
+        return 0;
+    obj = X509_OBJECT_new();
+    if (obj == NULL)
+        return 0;
+    obj->type = X509_LU_CRL;
+    obj->data.crl = x;
+    X509_OBJECT_up_ref_count(obj);
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+
+    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
+        ret = 0;
+    } else {
+        added = sk_X509_OBJECT_push(ctx->objs, obj);
+        ret = added != 0;
+    }
+
+    CRYPTO_THREAD_unlock(ctx->lock);
+
+    if (!ret)                   /* obj not pushed */
+        X509_OBJECT_free(obj);
+    if (!added)                 /* on push failure */
+        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+
+    return ret;
+}
+
+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
+{
+    switch (a->type) {
+    default:
+        break;
+    case X509_LU_X509:
+        return X509_up_ref(a->data.x509);
+    case X509_LU_CRL:
+        return X509_CRL_up_ref(a->data.crl);
+    }
+    return 1;
+}
+
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_X509)
+        return NULL;
+    return a->data.x509;
+}
+
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_CRL)
+        return NULL;
+    return a->data.crl;
+}
+
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+    return a->type;
+}
+
+X509_OBJECT *X509_OBJECT_new()
+{
+    X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = X509_LU_NONE;
+    return ret;
+}
+
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    switch (a->type) {
+    default:
+        break;
+    case X509_LU_X509:
+        X509_free(a->data.x509);
+        break;
+    case X509_LU_CRL:
+        X509_CRL_free(a->data.crl);
+        break;
+    }
+    OPENSSL_free(a);
+}
+
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, int *pnmatch)
+{
+    X509_OBJECT stmp;
+    X509 x509_s;
+    X509_CRL crl_s;
+    int idx;
+
+    stmp.type = type;
+    switch (type) {
+    case X509_LU_X509:
+        stmp.data.x509 = &x509_s;
+        x509_s.cert_info.subject = name;
+        break;
+    case X509_LU_CRL:
+        stmp.data.crl = &crl_s;
+        crl_s.crl.issuer = name;
+        break;
+    default:
+        /* abort(); */
+        return -1;
+    }
+
+    idx = sk_X509_OBJECT_find(h, &stmp);
+    if (idx >= 0 && pnmatch) {
+        int tidx;
+        const X509_OBJECT *tobj, *pstmp;
+        *pnmatch = 1;
+        pstmp = &stmp;
+        for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
+            tobj = sk_X509_OBJECT_value(h, tidx);
+            if (x509_object_cmp(&tobj, &pstmp))
+                break;
+            (*pnmatch)++;
+        }
+    }
+    return idx;
+}
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name)
+{
+    return x509_object_idx_cnt(h, type, name, NULL);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name)
+{
+    int idx;
+    idx = X509_OBJECT_idx_by_subject(h, type, name);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_OBJECT_value(h, idx);
+}
+
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
+{
+    return v->objs;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    X509_OBJECT *obj;
+
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+    if (idx < 0) {
+        /*
+         * Nothing found in cache: do lookup to possibly add new objects to
+         * cache
+         */
+        X509_OBJECT *xobj = X509_OBJECT_new();
+
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
+        if (xobj == NULL)
+            return NULL;
+        if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
+            X509_OBJECT_free(xobj);
+            return NULL;
+        }
+        X509_OBJECT_free(xobj);
+        CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+        if (idx < 0) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            return NULL;
+        }
+    }
+
+    sk = sk_X509_new_null();
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+        x = obj->data.x509;
+        X509_up_ref(x);
+        if (!sk_X509_push(sk, x)) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            X509_free(x);
+            sk_X509_pop_free(sk, X509_free);
+            return NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    return sk;
+}
+
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
+    X509_CRL *x;
+    X509_OBJECT *obj, *xobj = X509_OBJECT_new();
+
+    /* Always do lookup to possibly add new CRLs to cache */
+    if (sk == NULL || xobj == NULL ||
+            !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
+        X509_OBJECT_free(xobj);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+    X509_OBJECT_free(xobj);
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+    if (idx < 0) {
+        CRYPTO_THREAD_unlock(ctx->ctx->lock);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+        x = obj->data.crl;
+        X509_CRL_up_ref(x);
+        if (!sk_X509_CRL_push(sk, x)) {
+            CRYPTO_THREAD_unlock(ctx->ctx->lock);
+            X509_CRL_free(x);
+            sk_X509_CRL_pop_free(sk, X509_CRL_free);
+            return NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    return sk;
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x)
+{
+    int idx, i;
+    X509_OBJECT *obj;
+    idx = sk_X509_OBJECT_find(h, x);
+    if (idx == -1)
+        return NULL;
+    if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+        return sk_X509_OBJECT_value(h, idx);
+    for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+        obj = sk_X509_OBJECT_value(h, i);
+        if (x509_object_cmp
+            ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+            return NULL;
+        if (x->type == X509_LU_X509) {
+            if (!X509_cmp(obj->data.x509, x->data.x509))
+                return obj;
+        } else if (x->type == X509_LU_CRL) {
+            if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                return obj;
+        } else
+            return obj;
+    }
+    return NULL;
+}
+
+/*-
+ * Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_NAME *xn;
+    X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
+    int i, ok, idx, ret;
+
+    if (obj == NULL)
+        return -1;
+    *issuer = NULL;
+    xn = X509_get_issuer_name(x);
+    ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
+    if (ok != 1) {
+        X509_OBJECT_free(obj);
+        return 0;
+    }
+    /* If certificate matches all OK */
+    if (ctx->check_issued(ctx, x, obj->data.x509)) {
+        if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+            *issuer = obj->data.x509;
+            X509_up_ref(*issuer);
+            X509_OBJECT_free(obj);
+            return 1;
+        }
+    }
+    X509_OBJECT_free(obj);
+
+    /* Else find index of first cert accepted by 'check_issued' */
+    ret = 0;
+    CRYPTO_THREAD_write_lock(ctx->ctx->lock);
+    idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+    if (idx != -1) {            /* should be true as we've had at least one
+                                 * match */
+        /* Look through all matching certs for suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
+            pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+            /* See if we've run past the matches */
+            if (pobj->type != X509_LU_X509)
+                break;
+            if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                break;
+            if (ctx->check_issued(ctx, x, pobj->data.x509)) {
+                *issuer = pobj->data.x509;
+                ret = 1;
+                /*
+                 * If times check, exit with match,
+                 * otherwise keep looking. Leave last
+                 * match in issuer so we return nearest
+                 * match if no certificate time is OK.
+                 */
+
+                if (x509_check_cert_time(ctx, *issuer, -1))
+                    break;
+            }
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->ctx->lock);
+    if (*issuer)
+        X509_up_ref(*issuer);
+    return ret;
+}
+
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+{
+    return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+    return 1;
+}
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+}
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+}
+
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+    return ctx->verify;
+}
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer)
+{
+    ctx->get_issuer = get_issuer;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+    return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued)
+{
+    ctx->check_issued = check_issued;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+    return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+    ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+    return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl)
+{
+    ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+    return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl)
+{
+    ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+    return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+    ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+    return ctx->cert_crl;
+}
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy)
+{
+    ctx->check_policy = check_policy;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
+{
+    return ctx->check_policy;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+    ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+    ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+    ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
+{
+    return ctx->cleanup;
+}
+
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+{
+    return ctx->ctx;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_obj.c b/openssl-1.1.0h/crypto/x509/x509_obj.c
new file mode 100644
index 0000000..55dc778
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_obj.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+#include "internal/x509_int.h"
+
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything encountered in practice.
+ */
+
+#define NAME_ONELINE_MAX    (1024 * 1024)
+
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
+{
+    const X509_NAME_ENTRY *ne;
+    int i;
+    int n, lold, l, l1, l2, num, j, type;
+    const char *s;
+    char *p;
+    unsigned char *q;
+    BUF_MEM *b = NULL;
+    static const char hex[17] = "0123456789ABCDEF";
+    int gs_doit[4];
+    char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+    unsigned char ebcdic_buf[1024];
+#endif
+
+    if (buf == NULL) {
+        if ((b = BUF_MEM_new()) == NULL)
+            goto err;
+        if (!BUF_MEM_grow(b, 200))
+            goto err;
+        b->data[0] = '\0';
+        len = 200;
+    } else if (len == 0) {
+        return NULL;
+    }
+    if (a == NULL) {
+        if (b) {
+            buf = b->data;
+            OPENSSL_free(b);
+        }
+        strncpy(buf, "NO X509_NAME", len);
+        buf[len - 1] = '\0';
+        return buf;
+    }
+
+    len--;                      /* space for '\0' */
+    l = 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+        n = OBJ_obj2nid(ne->object);
+        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+            s = tmp_buf;
+        }
+        l1 = strlen(s);
+
+        type = ne->value->type;
+        num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        q = ne->value->data;
+#ifdef CHARSET_EBCDIC
+        if (type == V_ASN1_GENERALSTRING ||
+            type == V_ASN1_VISIBLESTRING ||
+            type == V_ASN1_PRINTABLESTRING ||
+            type == V_ASN1_TELETEXSTRING ||
+            type == V_ASN1_IA5STRING) {
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
+            q = ebcdic_buf;
+        }
+#endif
+
+        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+            for (j = 0; j < num; j++)
+                if (q[j] != 0)
+                    gs_doit[j & 3] = 1;
+
+            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+            else {
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+                gs_doit[3] = 1;
+            }
+        } else
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+
+        for (l2 = j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+            l2++;
+#ifndef CHARSET_EBCDIC
+            if ((q[j] < ' ') || (q[j] > '~'))
+                l2 += 3;
+#else
+            if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                (os_toascii[q[j]] > os_toascii['~']))
+                l2 += 3;
+#endif
+        }
+
+        lold = l;
+        l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        if (b != NULL) {
+            if (!BUF_MEM_grow(b, l + 1))
+                goto err;
+            p = &(b->data[lold]);
+        } else if (l > len) {
+            break;
+        } else
+            p = &(buf[lold]);
+        *(p++) = '/';
+        memcpy(p, s, (unsigned int)l1);
+        p += l1;
+        *(p++) = '=';
+
+#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
+        q = ne->value->data;
+#endif
+
+        for (j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+#ifndef CHARSET_EBCDIC
+            n = q[j];
+            if ((n < ' ') || (n > '~')) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = n;
+#else
+            n = os_toascii[q[j]];
+            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = q[j];
+#endif
+        }
+        *p = '\0';
+    }
+    if (b != NULL) {
+        p = b->data;
+        OPENSSL_free(b);
+    } else
+        p = buf;
+    if (i == 0)
+        *p = '\0';
+    return (p);
+ err:
+    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ end:
+    BUF_MEM_free(b);
+    return (NULL);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_r2x.c b/openssl-1.1.0h/crypto/x509/x509_r2x.c
new file mode 100644
index 0000000..3d72787
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_r2x.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+{
+    X509 *ret = NULL;
+    X509_CINF *xi = NULL;
+    X509_NAME *xn;
+    EVP_PKEY *pubkey = NULL;
+
+    if ((ret = X509_new()) == NULL) {
+        X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* duplicate the request */
+    xi = &ret->cert_info;
+
+    if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) {
+        if ((xi->version = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(xi->version, 2))
+            goto err;
+/*-     xi->extensions=ri->attributes; <- bad, should not ever be done
+        ri->attributes=NULL; */
+    }
+
+    xn = X509_REQ_get_subject_name(r);
+    if (X509_set_subject_name(ret, xn) == 0)
+        goto err;
+    if (X509_set_issuer_name(ret, xn) == 0)
+        goto err;
+
+    if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
+        goto err;
+    if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) ==
+        NULL)
+        goto err;
+
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
+        goto err;
+
+    if (!X509_sign(ret, pkey, EVP_md5()))
+        goto err;
+    return ret;
+
+ err:
+    X509_free(ret);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_req.c b/openssl-1.1.0h/crypto/x509/x509_req.c
new file mode 100644
index 0000000..7b88dbc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_req.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    X509_REQ *ret;
+    X509_REQ_INFO *ri;
+    int i;
+    EVP_PKEY *pktmp;
+
+    ret = X509_REQ_new();
+    if (ret == NULL) {
+        X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ri = &ret->req_info;
+
+    ri->version->length = 1;
+    ri->version->data = OPENSSL_malloc(1);
+    if (ri->version->data == NULL)
+        goto err;
+    ri->version->data[0] = 0;   /* version == 0 */
+
+    if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
+        goto err;
+
+    pktmp = X509_get0_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
+    i = X509_REQ_set_pubkey(ret, pktmp);
+    if (!i)
+        goto err;
+
+    if (pkey != NULL) {
+        if (!X509_REQ_sign(ret, pkey, md))
+            goto err;
+    }
+    return (ret);
+ err:
+    X509_REQ_free(ret);
+    return (NULL);
+}
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return (NULL);
+    return (X509_PUBKEY_get(req->req_info.pubkey));
+}
+
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return (X509_PUBKEY_get0(req->req_info.pubkey));
+}
+
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req)
+{
+    return req->req_info.pubkey;
+}
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+{
+    EVP_PKEY *xk = NULL;
+    int ok = 0;
+
+    xk = X509_REQ_get_pubkey(x);
+    switch (EVP_PKEY_cmp(xk, k)) {
+    case 1:
+        ok = 1;
+        break;
+    case 0:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+#ifndef OPENSSL_NO_EC
+        if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+            break;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
+            /* No idea */
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                    X509_R_CANT_CHECK_DH_KEY);
+            break;
+        }
+#endif
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+
+    EVP_PKEY_free(xk);
+    return (ok);
+}
+
+/*
+ * It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+    int i, nid;
+    for (i = 0;; i++) {
+        nid = ext_nids[i];
+        if (nid == NID_undef)
+            return 0;
+        else if (req_nid == nid)
+            return 1;
+    }
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+    return ext_nids;
+}
+
+void X509_REQ_set_extension_nids(int *nids)
+{
+    ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *ext = NULL;
+    int idx, *pnid;
+    const unsigned char *p;
+
+    if ((req == NULL) || !ext_nids)
+        return (NULL);
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+        if (idx == -1)
+            continue;
+        attr = X509_REQ_get_attr(req, idx);
+        ext = X509_ATTRIBUTE_get0_type(attr, 0);
+        break;
+    }
+    if (!ext || (ext->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = ext->value.sequence->data;
+    return (STACK_OF(X509_EXTENSION) *)
+        ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_EXTENSIONS));
+}
+
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid)
+{
+    int extlen;
+    int rv = 0;
+    unsigned char *ext = NULL;
+    /* Generate encoding of extensions */
+    extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
+                           ASN1_ITEM_rptr(X509_EXTENSIONS));
+    if (extlen <= 0)
+        return 0;
+    rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+    OPENSSL_free(ext);
+    return rv;
+}
+
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+    return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+    return X509at_get_attr_count(req->req_info.attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+    return X509at_get_attr(req->req_info.attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+    return X509at_delete_attr(req->req_info.attributes, loc);
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&req->req_info.attributes, attr))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info.version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info.subject;
+}
+
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = &req->sig_alg;
+}
+
+int X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+    return OBJ_obj2nid(req->sig_alg.algorithm);
+}
+
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info.enc.modified = 1;
+    return i2d_X509_REQ_INFO(&req->req_info, pp);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_set.c b/openssl-1.1.0h/crypto/x509/x509_set.c
new file mode 100644
index 0000000..c0ea418
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_set.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_set_version(X509 *x, long version)
+{
+    if (x == NULL)
+        return (0);
+    if (version == 0) {
+        ASN1_INTEGER_free(x->cert_info.version);
+        x->cert_info.version = NULL;
+        return (1);
+    }
+    if (x->cert_info.version == NULL) {
+        if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
+            return (0);
+    }
+    return (ASN1_INTEGER_set(x->cert_info.version, version));
+}
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return 0;
+    in = &x->cert_info.serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return (0);
+    return (X509_NAME_set(&x->cert_info.issuer, name));
+}
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return (0);
+    return (X509_NAME_set(&x->cert_info.subject, name));
+}
+
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+    in = *ptm;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(*ptm);
+            *ptm = in;
+        }
+    }
+    return (in != NULL);
+}
+
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+}
+
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notAfter, tm);
+}
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return (0);
+    return (X509_PUBKEY_set(&(x->cert_info.key), pkey));
+}
+
+int X509_up_ref(X509 *x)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509", x);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_get_version(const X509 *x)
+{
+    return ASN1_INTEGER_get(x->cert_info.version);
+}
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+int X509_get_signature_type(const X509 *x)
+{
+    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
+}
+
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
+{
+    return x->cert_info.key;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+    return x->cert_info.extensions;
+}
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid)
+{
+    if (piuid != NULL)
+        *piuid = x->cert_info.issuerUID;
+    if (psuid != NULL)
+        *psuid = x->cert_info.subjectUID;
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return &x->cert_info.signature;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_trs.c b/openssl-1.1.0h/crypto/x509/x509_trs.c
new file mode 100644
index 0000000..a9bb88d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_trs.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
+
+/*
+ * WARNING: the following table should be kept in order of trust and without
+ * any gaps so we can just subtract the minimum trust value to get an index
+ * into the table
+ */
+
+static X509_TRUST trstandard[] = {
+    {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+    {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
+     NULL},
+    {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
+     NULL},
+    {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
+     NULL},
+    {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
+     NULL},
+    {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
+     NULL},
+    {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP,
+     NULL},
+    {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+};
+
+#define X509_TRUST_COUNT        OSSL_NELEM(trstandard)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
+{
+    return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int) {
+    int (*oldtrust) (int, X509 *, int);
+    oldtrust = default_trust;
+    default_trust = trust;
+    return oldtrust;
+}
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+    X509_TRUST *pt;
+    int idx;
+
+    /* We get this as a default value */
+    if (id == X509_TRUST_DEFAULT)
+        return obj_trust(NID_anyExtendedKeyUsage, x,
+                         flags | X509_TRUST_DO_SS_COMPAT);
+    idx = X509_TRUST_get_by_id(id);
+    if (idx == -1)
+        return default_trust(id, x, flags);
+    pt = X509_TRUST_get0(idx);
+    return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+    if (!trtable)
+        return X509_TRUST_COUNT;
+    return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST *X509_TRUST_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_TRUST_COUNT)
+        return trstandard + idx;
+    return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+    X509_TRUST tmp;
+    int idx;
+    if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+        return id - X509_TRUST_MIN;
+    tmp.trust = id;
+    if (!trtable)
+        return -1;
+    idx = sk_X509_TRUST_find(trtable, &tmp);
+    if (idx == -1)
+        return -1;
+    return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+    if (X509_TRUST_get_by_id(trust) == -1) {
+        X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+        return 0;
+    }
+    *t = trust;
+    return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2)
+{
+    int idx;
+    X509_TRUST *trtmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_TRUST_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_TRUST_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_TRUST_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        trtmp->flags = X509_TRUST_DYNAMIC;
+    } else
+        trtmp = X509_TRUST_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+        OPENSSL_free(trtmp->name);
+    /* dup supplied name */
+    if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    trtmp->flags &= X509_TRUST_DYNAMIC;
+    /* Set all other flags */
+    trtmp->flags |= flags;
+
+    trtmp->trust = id;
+    trtmp->check_trust = ck;
+    trtmp->arg1 = arg1;
+    trtmp->arg2 = arg2;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (trtable == NULL
+            && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;;
+        }
+        if (!sk_X509_TRUST_push(trtable, trtmp)) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(trtmp->name);
+        OPENSSL_free(trtmp);
+    }
+    return 0;
+}
+
+static void trtable_free(X509_TRUST *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_TRUST_DYNAMIC) {
+        if (p->flags & X509_TRUST_DYNAMIC_NAME)
+            OPENSSL_free(p->name);
+        OPENSSL_free(p);
+    }
+}
+
+void X509_TRUST_cleanup(void)
+{
+    sk_X509_TRUST_pop_free(trtable, trtable_free);
+    trtable = NULL;
+}
+
+int X509_TRUST_get_flags(const X509_TRUST *xp)
+{
+    return xp->flags;
+}
+
+char *X509_TRUST_get0_name(const X509_TRUST *xp)
+{
+    return xp->name;
+}
+
+int X509_TRUST_get_trust(const X509_TRUST *xp)
+{
+    return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified if the desired trust OID is not rejected in
+     * any auxiliary trust info for this certificate, and the OID is either
+     * expressly trusted, or else either "anyEKU" is trusted, or the
+     * certificate is self-signed.
+     */
+    flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU;
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified only if the desired trust OID is not
+     * rejected and is expressly trusted.  Neither "anyEKU" nor "compat"
+     * trust in self-signed certificates apply.
+     */
+    flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU);
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, 0);
+    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS)
+        return X509_TRUST_TRUSTED;
+    else
+        return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+    X509_CERT_AUX *ax = x->aux;
+    int i;
+
+    if (ax && ax->reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_REJECTED;
+        }
+    }
+
+    if (ax && ax->trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_TRUSTED;
+        }
+        /*
+         * Reject when explicit trust EKU are set and none match.
+         *
+         * Returning untrusted is enough for for full chains that end in
+         * self-signed roots, because when explicit trust is specified it
+         * suppresses the default blanket trust of self-signed objects.
+         *
+         * But for partial chains, this is not enough, because absent a similar
+         * trust-self-signed policy, non matching EKUs are indistinguishable
+         * from lack of EKU constraints.
+         *
+         * Therefore, failure to match any trusted purpose must trigger an
+         * explicit reject.
+         */
+        return X509_TRUST_REJECTED;
+    }
+
+    if ((flags & X509_TRUST_DO_SS_COMPAT) == 0)
+        return X509_TRUST_UNTRUSTED;
+
+    /*
+     * Not rejected, and there is no list of accepted uses, try compat.
+     */
+    return trust_compat(NULL, x, flags);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_txt.c b/openssl-1.1.0h/crypto/x509/x509_txt.c
new file mode 100644
index 0000000..66e5fcd
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_txt.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+{
+    switch ((int)n) {
+    case X509_V_OK:
+        return ("ok");
+    case X509_V_ERR_UNSPECIFIED:
+        return ("unspecified certificate verification error");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        return ("unable to get issuer certificate");
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+        return ("unable to get certificate CRL");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        return ("unable to decrypt certificate's signature");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        return ("unable to decrypt CRL's signature");
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        return ("unable to decode issuer public key");
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return ("certificate signature failure");
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        return ("CRL signature failure");
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        return ("certificate is not yet valid");
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        return ("certificate has expired");
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return ("CRL is not yet valid");
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        return ("CRL has expired");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return ("format error in certificate's notBefore field");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return ("format error in certificate's notAfter field");
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        return ("format error in CRL's lastUpdate field");
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        return ("format error in CRL's nextUpdate field");
+    case X509_V_ERR_OUT_OF_MEM:
+        return ("out of memory");
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return ("self signed certificate");
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return ("self signed certificate in certificate chain");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return ("unable to get local issuer certificate");
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return ("unable to verify the first certificate");
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return ("certificate chain too long");
+    case X509_V_ERR_CERT_REVOKED:
+        return ("certificate revoked");
+    case X509_V_ERR_INVALID_CA:
+        return ("invalid CA certificate");
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return ("path length constraint exceeded");
+    case X509_V_ERR_INVALID_PURPOSE:
+        return ("unsupported certificate purpose");
+    case X509_V_ERR_CERT_UNTRUSTED:
+        return ("certificate not trusted");
+    case X509_V_ERR_CERT_REJECTED:
+        return ("certificate rejected");
+    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return ("subject issuer mismatch");
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+        return ("authority and subject key identifier mismatch");
+    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+        return ("authority and issuer serial number mismatch");
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+        return ("key usage does not include certificate signing");
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        return ("unable to get CRL issuer certificate");
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return ("unhandled critical extension");
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+        return ("key usage does not include CRL signing");
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+        return ("unhandled critical CRL extension");
+    case X509_V_ERR_INVALID_NON_CA:
+        return ("invalid non-CA certificate (has CA markings)");
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return ("proxy path length constraint exceeded");
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return ("key usage does not include digital signature");
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            ("proxy certificates not allowed, please set the appropriate flag");
+    case X509_V_ERR_INVALID_EXTENSION:
+        return ("invalid or inconsistent certificate extension");
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+        return ("invalid or inconsistent certificate policy extension");
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return ("no explicit policy");
+    case X509_V_ERR_DIFFERENT_CRL_SCOPE:
+        return ("Different CRL scope");
+    case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return ("Unsupported extension feature");
+    case X509_V_ERR_UNNESTED_RESOURCE:
+        return ("RFC 3779 resource not subset of parent's resources");
+    case X509_V_ERR_PERMITTED_VIOLATION:
+        return ("permitted subtree violation");
+    case X509_V_ERR_EXCLUDED_VIOLATION:
+        return ("excluded subtree violation");
+    case X509_V_ERR_SUBTREE_MINMAX:
+        return ("name constraints minimum and maximum not supported");
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return ("application verification failure");
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+        return ("unsupported name constraint type");
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+        return ("unsupported or invalid name constraint syntax");
+    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+        return ("unsupported or invalid name syntax");
+    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+        return ("CRL path validation error");
+    case X509_V_ERR_PATH_LOOP:
+        return ("Path Loop");
+    case X509_V_ERR_SUITE_B_INVALID_VERSION:
+        return ("Suite B: certificate version invalid");
+    case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
+        return ("Suite B: invalid public key algorithm");
+    case X509_V_ERR_SUITE_B_INVALID_CURVE:
+        return ("Suite B: invalid ECC curve");
+    case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
+        return ("Suite B: invalid signature algorithm");
+    case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
+        return ("Suite B: curve not allowed for this LOS");
+    case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
+        return ("Suite B: cannot sign P-384 with P-256");
+    case X509_V_ERR_HOSTNAME_MISMATCH:
+        return ("Hostname mismatch");
+    case X509_V_ERR_EMAIL_MISMATCH:
+        return ("Email address mismatch");
+    case X509_V_ERR_IP_ADDRESS_MISMATCH:
+        return ("IP address mismatch");
+    case X509_V_ERR_DANE_NO_MATCH:
+        return ("No matching DANE TLSA records");
+    case X509_V_ERR_EE_KEY_TOO_SMALL:
+        return ("EE certificate key too weak");
+    case X509_V_ERR_CA_KEY_TOO_SMALL:
+        return ("CA certificate key too weak");
+    case X509_V_ERR_CA_MD_TOO_WEAK:
+        return ("CA signature digest algorithm too weak");
+    case X509_V_ERR_INVALID_CALL:
+        return ("Invalid certificate verification context");
+    case X509_V_ERR_STORE_LOOKUP:
+        return ("Issuer certificate lookup error");
+    case X509_V_ERR_NO_VALID_SCTS:
+        return ("Certificate Transparency required, but no valid SCTs found");
+    case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
+        return ("proxy subject name violation");
+
+    default:
+        /* Printing an error number into a static buffer is not thread-safe */
+        return ("unknown certificate verification error");
+    }
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_v3.c b/openssl-1.1.0h/crypto/x509/x509_v3.c
new file mode 100644
index 0000000..19016bb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_v3.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+{
+    if (x == NULL)
+        return (0);
+    return (sk_X509_EXTENSION_num(x));
+}
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+                          int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-2);
+    return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
+}
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+                          const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
+}
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+                               int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+            return (lastpos);
+    }
+    return (-1);
+}
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_EXTENSION_value(x, loc);
+}
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    X509_EXTENSION *ret;
+
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return (NULL);
+    ret = sk_X509_EXTENSION_delete(x, loc);
+    return (ret);
+}
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc)
+{
+    X509_EXTENSION *new_ex = NULL;
+    int n;
+    STACK_OF(X509_EXTENSION) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    n = sk_X509_EXTENSION_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+
+    if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+        goto err2;
+    if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return (sk);
+ err:
+    X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_EXTENSION_free(new_ex);
+    if (x != NULL && *x == NULL)
+        sk_X509_EXTENSION_free(sk);
+    return (NULL);
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+                                             int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return (ret);
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    X509_EXTENSION *ret;
+
+    if ((ex == NULL) || (*ex == NULL)) {
+        if ((ret = X509_EXTENSION_new()) == NULL) {
+            X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else
+        ret = *ex;
+
+    if (!X509_EXTENSION_set_object(ret, obj))
+        goto err;
+    if (!X509_EXTENSION_set_critical(ret, crit))
+        goto err;
+    if (!X509_EXTENSION_set_data(ret, data))
+        goto err;
+
+    if ((ex != NULL) && (*ex == NULL))
+        *ex = ret;
+    return (ret);
+ err:
+    if ((ex == NULL) || (ret != *ex))
+        X509_EXTENSION_free(ret);
+    return (NULL);
+}
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
+{
+    if ((ex == NULL) || (obj == NULL))
+        return (0);
+    ASN1_OBJECT_free(ex->object);
+    ex->object = OBJ_dup(obj);
+    return ex->object != NULL;
+}
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+{
+    if (ex == NULL)
+        return (0);
+    ex->critical = (crit) ? 0xFF : -1;
+    return (1);
+}
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+{
+    int i;
+
+    if (ex == NULL)
+        return (0);
+    i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length);
+    if (!i)
+        return (0);
+    return (1);
+}
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return (NULL);
+    return (ex->object);
+}
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return (NULL);
+    return &ex->value;
+}
+
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return (0);
+    if (ex->critical > 0)
+        return 1;
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_vfy.c b/openssl-1.1.0h/crypto/x509/x509_vfy.c
new file mode 100644
index 0000000..3018c69
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_vfy.c
@@ -0,0 +1,3277 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <limits.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <internal/dane.h>
+#include <internal/x509_int.h>
+#include "x509_lcl.h"
+
+/* CRL score values */
+
+/* No unhandled critical extensions */
+
+#define CRL_SCORE_NOCRITICAL    0x100
+
+/* certificate is within CRL scope */
+
+#define CRL_SCORE_SCOPE         0x080
+
+/* CRL times valid */
+
+#define CRL_SCORE_TIME          0x040
+
+/* Issuer name matches certificate */
+
+#define CRL_SCORE_ISSUER_NAME   0x020
+
+/* If this score or above CRL is probably valid */
+
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+
+/* CRL issuer is certificate issuer */
+
+#define CRL_SCORE_ISSUER_CERT   0x018
+
+/* CRL issuer is on certificate path */
+
+#define CRL_SCORE_SAME_PATH     0x008
+
+/* CRL issuer matches CRL AKID */
+
+#define CRL_SCORE_AKID          0x004
+
+/* Have a delta CRL with valid times */
+
+#define CRL_SCORE_TIME_DELTA    0x002
+
+static int build_chain(X509_STORE_CTX *ctx);
+static int verify_chain(X509_STORE_CTX *ctx);
+static int dane_verify(X509_STORE_CTX *ctx);
+static int null_callback(int ok, X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
+static int check_id(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int check_policy(X509_STORE_CTX *ctx);
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
+                         int *pcrl_score, X509_CRL *base,
+                         STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
+                           int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path);
+
+static int internal_verify(X509_STORE_CTX *ctx);
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+{
+    return ok;
+}
+
+/* Return 1 is a certificate is self signed */
+static int cert_self_signed(X509 *x)
+{
+    /*
+     * FIXME: x509v3_cache_extensions() needs to detect more failures and not
+     * set EXFLAG_SET when that happens.  Especially, if the failures are
+     * parse errors, rather than memory pressure!
+     */
+    X509_check_purpose(x, -1, 0);
+    if (x->ex_flags & EXFLAG_SS)
+        return 1;
+    else
+        return 0;
+}
+
+/* Given a certificate try and find an exact match in the store */
+
+static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
+{
+    STACK_OF(X509) *certs;
+    X509 *xtmp = NULL;
+    int i;
+    /* Lookup all certs with matching subject name */
+    certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
+    if (certs == NULL)
+        return NULL;
+    /* Look for exact match */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        xtmp = sk_X509_value(certs, i);
+        if (!X509_cmp(xtmp, x))
+            break;
+    }
+    if (i < sk_X509_num(certs))
+        X509_up_ref(xtmp);
+    else
+        xtmp = NULL;
+    sk_X509_pop_free(certs, X509_free);
+    return xtmp;
+}
+
+/*-
+ * Inform the verify callback of an error.
+ * If B<x> is not NULL it is the error cert, otherwise use the chain cert at
+ * B<depth>.
+ * If B<err> is not X509_V_OK, that's the error value, otherwise leave
+ * unchanged (presumably set by the caller).
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
+{
+    ctx->error_depth = depth;
+    ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
+    if (err != X509_V_OK)
+        ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+/*-
+ * Inform the verify callback of an error, CRL-specific variant.  Here, the
+ * error depth and certificate are already set, we just specify the error
+ * number.
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_crl(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+static int check_auth_level(X509_STORE_CTX *ctx)
+{
+    int i;
+    int num = sk_X509_num(ctx->chain);
+
+    if (ctx->param->auth_level <= 0)
+        return 1;
+
+    for (i = 0; i < num; ++i) {
+        X509 *cert = sk_X509_value(ctx->chain, i);
+
+        /*
+         * We've already checked the security of the leaf key, so here we only
+         * check the security of issuer keys.
+         */
+        if (i > 0 && !check_key_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0)
+            return 0;
+        /*
+         * We also check the signature algorithm security of all certificates
+         * except those of the trust anchor at index num-1.
+         */
+        if (i < num - 1 && !check_sig_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int verify_chain(X509_STORE_CTX *ctx)
+{
+    int err;
+    int ok;
+
+    /*
+     * Before either returning with an error, or continuing with CRL checks,
+     * instantiate chain public key parameters.
+     */
+    if ((ok = build_chain(ctx)) == 0 ||
+        (ok = check_chain_extensions(ctx)) == 0 ||
+        (ok = check_auth_level(ctx)) == 0 ||
+        (ok = check_id(ctx)) == 0 || 1)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0)
+        return ok;
+
+    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+                                  ctx->param->flags);
+    if (err != X509_V_OK) {
+        if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0)
+            return ok;
+    }
+
+    /* Verify chain signatures and expiration times */
+    ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx);
+    if (!ok)
+        return ok;
+
+    if ((ok = check_name_constraints(ctx)) == 0)
+        return ok;
+
+#ifndef OPENSSL_NO_RFC3779
+    /* RFC 3779 path validation, now that CRL check has been done */
+    if ((ok = X509v3_asid_validate_path(ctx)) == 0)
+        return ok;
+    if ((ok = X509v3_addr_validate_path(ctx)) == 0)
+        return ok;
+#endif
+
+    /* If we get this far evaluate policies */
+    if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)
+        ok = ctx->check_policy(ctx);
+    return ok;
+}
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int ret;
+
+    if (ctx->cert == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    if (ctx->chain != NULL) {
+        /*
+         * This X509_STORE_CTX has already been used to verify a cert. We
+         * cannot do another one.
+         */
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    /*
+     * first we make sure the chain we are going to build is present and that
+     * the first entry is in place
+     */
+    if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+        (!sk_X509_push(ctx->chain, ctx->cert))) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+    X509_up_ref(ctx->cert);
+    ctx->num_untrusted = 1;
+
+    /* If the peer's public key is too weak, we can stop early. */
+    if (!check_key_level(ctx, ctx->cert) &&
+        !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
+        return 0;
+
+    if (DANETLS_ENABLED(dane))
+        ret = dane_verify(ctx);
+    else
+        ret = verify_chain(ctx);
+
+    /*
+     * Safety-net.  If we are returning an error, we must also set ctx->error,
+     * so that the chain is not considered verified should the error be ignored
+     * (e.g. TLS with SSL_VERIFY_NONE).
+     */
+    if (ret <= 0 && ctx->error == X509_V_OK)
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+    return ret;
+}
+
+/*
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+    int i;
+    X509 *issuer, *rv = NULL;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        issuer = sk_X509_value(sk, i);
+        if (ctx->check_issued(ctx, x, issuer)) {
+            rv = issuer;
+            if (x509_check_cert_time(ctx, rv, -1))
+                break;
+        }
+    }
+    return rv;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+    int ret;
+    if (x == issuer)
+        return cert_self_signed(x);
+    ret = X509_check_issued(issuer, x);
+    if (ret == X509_V_OK) {
+        int i;
+        X509 *ch;
+        /* Special case: single self signed certificate */
+        if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
+            return 1;
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+            ch = sk_X509_value(ctx->chain, i);
+            if (ch == issuer || !X509_cmp(ch, issuer)) {
+                ret = X509_V_ERR_PATH_LOOP;
+                break;
+            }
+        }
+    }
+
+    return (ret == X509_V_OK);
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    *issuer = find_issuer(ctx, ctx->other_ctx, x);
+    if (*issuer) {
+        X509_up_ref(*issuer);
+        return 1;
+    } else
+        return 0;
+}
+
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    int i;
+    for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+        x = sk_X509_value(ctx->other_ctx, i);
+        if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+            if (sk == NULL)
+                sk = sk_X509_new_null();
+            if (sk == NULL || sk_X509_push(sk, x) == 0) {
+                sk_X509_pop_free(sk, X509_free);
+                return NULL;
+            }
+            X509_up_ref(x);
+        }
+    }
+    return sk;
+}
+
+/*
+ * Check EE or CA certificate purpose.  For trusted certificates explicit local
+ * auxiliary trust can be used to override EKU-restrictions.
+ */
+static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth,
+                         int must_be_ca)
+{
+    int tr_ok = X509_TRUST_UNTRUSTED;
+
+    /*
+     * For trusted certificates we want to see whether any auxiliary trust
+     * settings trump the purpose constraints.
+     *
+     * This is complicated by the fact that the trust ordinals in
+     * ctx->param->trust are entirely independent of the purpose ordinals in
+     * ctx->param->purpose!
+     *
+     * What connects them is their mutual initialization via calls from
+     * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets
+     * related values of both param->trust and param->purpose.  It is however
+     * typically possible to infer associated trust values from a purpose value
+     * via the X509_PURPOSE API.
+     *
+     * Therefore, we can only check for trust overrides when the purpose we're
+     * checking is the same as ctx->param->purpose and ctx->param->trust is
+     * also set.
+     */
+    if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose)
+        tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT);
+
+    switch (tr_ok) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        break;
+    default:
+        switch (X509_check_purpose(x, purpose, must_be_ca > 0)) {
+        case 1:
+            return 1;
+        case 0:
+            break;
+        default:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0)
+                return 1;
+        }
+        break;
+    }
+
+    return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE);
+}
+
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+    int i, must_be_ca, plen = 0;
+    X509 *x;
+    int proxy_path_length = 0;
+    int purpose;
+    int allow_proxy_certs;
+    int num = sk_X509_num(ctx->chain);
+
+    /*-
+     *  must_be_ca can have 1 of 3 values:
+     * -1: we accept both CA and non-CA certificates, to allow direct
+     *     use of self-signed certificates (which are marked as CA).
+     * 0:  we only accept non-CA certificates.  This is currently not
+     *     used, but the possibility is present for future extensions.
+     * 1:  we only accept CA certificates.  This is currently used for
+     *     all certificates in the chain except the leaf certificate.
+     */
+    must_be_ca = -1;
+
+    /* CRL path validation */
+    if (ctx->parent) {
+        allow_proxy_certs = 0;
+        purpose = X509_PURPOSE_CRL_SIGN;
+    } else {
+        allow_proxy_certs =
+            ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        purpose = ctx->param->purpose;
+    }
+
+    for (i = 0; i < num; i++) {
+        int ret;
+        x = sk_X509_value(ctx->chain, i);
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+            && (x->ex_flags & EXFLAG_CRITICAL)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION))
+                return 0;
+        }
+        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED))
+                return 0;
+        }
+        ret = X509_check_ca(x);
+        switch (must_be_ca) {
+        case -1:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                && (ret != 1) && (ret != 0)) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        case 0:
+            if (ret != 0) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_NON_CA;
+            } else
+                ret = 1;
+            break;
+        default:
+            /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */
+            if ((ret == 0)
+                || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        }
+        if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
+            return 0;
+        /* check_purpose() makes the callback as needed */
+        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
+            return 0;
+        /* Check pathlen if not self issued */
+        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
+            && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+            if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
+                return 0;
+        }
+        /* Increment path length if not self issued */
+        if (!(x->ex_flags & EXFLAG_SI))
+            plen++;
+        /*
+         * If this certificate is a proxy certificate, the next certificate
+         * must be another proxy certificate or a EE certificate.  If not,
+         * the next certificate must be a CA certificate.
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            /*
+             * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
+             * is less than max_path_length, the former should be copied to
+             * the latter, and 4.1.4 (a) stipulates that max_path_length
+             * should be verified to be larger than zero and decrement it.
+             *
+             * Because we're checking the certs in the reverse order, we start
+             * with verifying that proxy_path_length isn't larger than pcPLC,
+             * and copy the latter to the former if it is, and finally,
+             * increment proxy_path_length.
+             */
+            if (x->ex_pcpathlen != -1) {
+                if (proxy_path_length > x->ex_pcpathlen) {
+                    if (!verify_cb_cert(ctx, x, i,
+                                        X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
+                        return 0;
+                }
+                proxy_path_length = x->ex_pcpathlen;
+            }
+            proxy_path_length++;
+            must_be_ca = 0;
+        } else
+            must_be_ca = 1;
+    }
+    return 1;
+}
+
+static int check_name_constraints(X509_STORE_CTX *ctx)
+{
+    int i;
+
+    /* Check name constraints for all certificates */
+    for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(ctx->chain, i);
+        int j;
+
+        /* Ignore self issued certs unless last in chain */
+        if (i && (x->ex_flags & EXFLAG_SI))
+            continue;
+
+        /*
+         * Proxy certificates policy has an extra constraint, where the
+         * certificate subject MUST be the issuer with a single CN entry
+         * added.
+         * (RFC 3820: 3.4, 4.1.3 (a)(4))
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            X509_NAME *tmpsubject = X509_get_subject_name(x);
+            X509_NAME *tmpissuer = X509_get_issuer_name(x);
+            X509_NAME_ENTRY *tmpentry = NULL;
+            int last_object_nid = 0;
+            int err = X509_V_OK;
+            int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
+
+            /* Check that there are at least two RDNs */
+            if (last_object_loc < 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that there is exactly one more RDN in subject as
+             * there is in issuer.
+             */
+            if (X509_NAME_entry_count(tmpsubject)
+                != X509_NAME_entry_count(tmpissuer) + 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject component isn't part of a
+             * multivalued RDN
+             */
+            if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                        last_object_loc))
+                == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                           last_object_loc - 1))) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject RDN is a commonName, and that
+             * all the previous RDNs match the issuer exactly
+             */
+            tmpsubject = X509_NAME_dup(tmpsubject);
+            if (tmpsubject == NULL) {
+                X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+
+            tmpentry =
+                X509_NAME_delete_entry(tmpsubject, last_object_loc);
+            last_object_nid =
+                OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
+
+            if (last_object_nid != NID_commonName
+                || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+            }
+
+            X509_NAME_ENTRY_free(tmpentry);
+            X509_NAME_free(tmpsubject);
+
+         proxy_name_done:
+            if (err != X509_V_OK
+                && !verify_cb_cert(ctx, x, i, err))
+                return 0;
+        }
+
+        /*
+         * Check against constraints for all certificates higher in chain
+         * including trust anchor. Trust anchor not strictly speaking needed
+         * but if it includes constraints it is to be assumed it expects them
+         * to be obeyed.
+         */
+        for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
+            NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+
+            if (nc) {
+                int rv = NAME_CONSTRAINTS_check(x, nc);
+
+                /* If EE certificate check commonName too */
+                if (rv == X509_V_OK && i == 0)
+                    rv = NAME_CONSTRAINTS_check_CN(x, nc);
+
+                switch (rv) {
+                case X509_V_OK:
+                    break;
+                case X509_V_ERR_OUT_OF_MEM:
+                    return 0;
+                default:
+                    if (!verify_cb_cert(ctx, x, i, rv))
+                        return 0;
+                    break;
+                }
+            }
+        }
+    }
+    return 1;
+}
+
+static int check_id_error(X509_STORE_CTX *ctx, int errcode)
+{
+    return verify_cb_cert(ctx, ctx->cert, 0, errcode);
+}
+
+static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    int n = sk_OPENSSL_STRING_num(vpm->hosts);
+    char *name;
+
+    if (vpm->peername != NULL) {
+        OPENSSL_free(vpm->peername);
+        vpm->peername = NULL;
+    }
+    for (i = 0; i < n; ++i) {
+        name = sk_OPENSSL_STRING_value(vpm->hosts, i);
+        if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0)
+            return 1;
+    }
+    return n == 0;
+}
+
+static int check_id(X509_STORE_CTX *ctx)
+{
+    X509_VERIFY_PARAM *vpm = ctx->param;
+    X509 *x = ctx->cert;
+    if (vpm->hosts && check_hosts(x, vpm) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
+            return 0;
+    }
+    if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
+            return 0;
+    }
+    if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
+            return 0;
+    }
+    return 1;
+}
+
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
+{
+    int i;
+    X509 *x = NULL;
+    X509 *mx;
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    int trust;
+
+    /*
+     * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2)
+     * match, we're done, otherwise we'll merely record the match depth.
+     */
+    if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) {
+        switch (trust = check_dane_issuer(ctx, num_untrusted)) {
+        case X509_TRUST_TRUSTED:
+        case X509_TRUST_REJECTED:
+            return trust;
+        }
+    }
+
+    /*
+     * Check trusted certificates in chain at depth num_untrusted and up.
+     * Note, that depths 0..num_untrusted-1 may also contain trusted
+     * certificates, but the caller is expected to have already checked those,
+     * and wants to incrementally check just any added since.
+     */
+    for (i = num_untrusted; i < num; i++) {
+        x = sk_X509_value(ctx->chain, i);
+        trust = X509_check_trust(x, ctx->param->trust, 0);
+        /* If explicitly trusted return trusted */
+        if (trust == X509_TRUST_TRUSTED)
+            goto trusted;
+        if (trust == X509_TRUST_REJECTED)
+            goto rejected;
+    }
+
+    /*
+     * If we are looking at a trusted certificate, and accept partial chains,
+     * the chain is PKIX trusted.
+     */
+    if (num_untrusted < num) {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
+            goto trusted;
+        return X509_TRUST_UNTRUSTED;
+    }
+
+    if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+        /*
+         * Last-resort call with no new trusted certificates, check the leaf
+         * for a direct trust store match.
+         */
+        i = 0;
+        x = sk_X509_value(ctx->chain, i);
+        mx = lookup_cert_match(ctx, x);
+        if (!mx)
+            return X509_TRUST_UNTRUSTED;
+
+        /*
+         * Check explicit auxiliary trust/reject settings.  If none are set,
+         * we'll accept X509_TRUST_UNTRUSTED when not self-signed.
+         */
+        trust = X509_check_trust(mx, ctx->param->trust, 0);
+        if (trust == X509_TRUST_REJECTED) {
+            X509_free(mx);
+            goto rejected;
+        }
+
+        /* Replace leaf with trusted match */
+        (void) sk_X509_set(ctx->chain, 0, mx);
+        X509_free(x);
+        ctx->num_untrusted = 0;
+        goto trusted;
+    }
+
+    /*
+     * If no trusted certs in chain at all return untrusted and allow
+     * standard (no issuer cert) etc errors to be indicated.
+     */
+    return X509_TRUST_UNTRUSTED;
+
+ rejected:
+    if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED))
+        return X509_TRUST_REJECTED;
+    return X509_TRUST_UNTRUSTED;
+
+ trusted:
+    if (!DANETLS_ENABLED(dane))
+        return X509_TRUST_TRUSTED;
+    if (dane->pdpth < 0)
+        dane->pdpth = num_untrusted;
+    /* With DANE, PKIX alone is not trusted until we have both */
+    if (dane->mdpth >= 0)
+        return X509_TRUST_TRUSTED;
+    return X509_TRUST_UNTRUSTED;
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+{
+    int i = 0, last = 0, ok = 0;
+    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        return 1;
+    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        last = sk_X509_num(ctx->chain) - 1;
+    else {
+        /* If checking CRL paths this isn't the EE certificate */
+        if (ctx->parent)
+            return 1;
+        last = 0;
+    }
+    for (i = 0; i <= last; i++) {
+        ctx->error_depth = i;
+        ok = check_cert(ctx);
+        if (!ok)
+            return ok;
+    }
+    return 1;
+}
+
+static int check_cert(X509_STORE_CTX *ctx)
+{
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    int ok = 0;
+    int cnum = ctx->error_depth;
+    X509 *x = sk_X509_value(ctx->chain, cnum);
+
+    ctx->current_cert = x;
+    ctx->current_issuer = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+
+    if (x->ex_flags & EXFLAG_PROXY)
+        return 1;
+
+    while (ctx->current_reasons != CRLDP_ALL_REASONS) {
+        unsigned int last_reasons = ctx->current_reasons;
+
+        /* Try to retrieve relevant CRL */
+        if (ctx->get_crl)
+            ok = ctx->get_crl(ctx, &crl, x);
+        else
+            ok = get_crl_delta(ctx, &crl, &dcrl, x);
+        /*
+         * If error looking up CRL, nothing we can do except notify callback
+         */
+        if (!ok) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok)
+            goto done;
+
+        if (dcrl) {
+            ok = ctx->check_crl(ctx, dcrl);
+            if (!ok)
+                goto done;
+            ok = ctx->cert_crl(ctx, dcrl, x);
+            if (!ok)
+                goto done;
+        } else
+            ok = 1;
+
+        /* Don't look in full CRL if delta reason is removefromCRL */
+        if (ok != 2) {
+            ok = ctx->cert_crl(ctx, crl, x);
+            if (!ok)
+                goto done;
+        }
+
+        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        crl = NULL;
+        dcrl = NULL;
+        /*
+         * If reasons not updated we won't get anywhere by another iteration,
+         * so exit loop.
+         */
+        if (last_reasons == ctx->current_reasons) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+    }
+ done:
+    X509_CRL_free(crl);
+    X509_CRL_free(dcrl);
+
+    ctx->current_crl = NULL;
+    return ok;
+}
+
+/* Check CRL times against values in X509_STORE_CTX */
+
+static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+{
+    time_t *ptime;
+    int i;
+
+    if (notify)
+        ctx->current_crl = crl;
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
+    if (i == 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD))
+            return 0;
+    }
+
+    if (i > 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID))
+            return 0;
+    }
+
+    if (X509_CRL_get0_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
+
+        if (i == 0) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD))
+                return 0;
+        }
+        /* Ignore expiry of base CRL is delta is valid */
+        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED))
+                return 0;
+        }
+    }
+
+    if (notify)
+        ctx->current_crl = NULL;
+
+    return 1;
+}
+
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                      X509 **pissuer, int *pscore, unsigned int *preasons,
+                      STACK_OF(X509_CRL) *crls)
+{
+    int i, crl_score, best_score = *pscore;
+    unsigned int reasons, best_reasons = 0;
+    X509 *x = ctx->current_cert;
+    X509_CRL *crl, *best_crl = NULL;
+    X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
+
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        reasons = *preasons;
+        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+        if (crl_score < best_score || crl_score == 0)
+            continue;
+        /* If current CRL is equivalent use it if it is newer */
+        if (crl_score == best_score && best_crl != NULL) {
+            int day, sec;
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+                               X509_CRL_get0_lastUpdate(crl)) == 0)
+                continue;
+            /*
+             * ASN1_TIME_diff never returns inconsistent signs for |day|
+             * and |sec|.
+             */
+            if (day <= 0 && sec <= 0)
+                continue;
+        }
+        best_crl = crl;
+        best_crl_issuer = crl_issuer;
+        best_score = crl_score;
+        best_reasons = reasons;
+    }
+
+    if (best_crl) {
+        X509_CRL_free(*pcrl);
+        *pcrl = best_crl;
+        *pissuer = best_crl_issuer;
+        *pscore = best_score;
+        *preasons = best_reasons;
+        X509_CRL_up_ref(best_crl);
+        X509_CRL_free(*pdcrl);
+        *pdcrl = NULL;
+        get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
+    }
+
+    if (best_score >= CRL_SCORE_VALID)
+        return 1;
+
+    return 0;
+}
+
+/*
+ * Compare two CRL extensions for delta checking purposes. They should be
+ * both present or both absent. If both present all fields must be identical.
+ */
+
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
+{
+    ASN1_OCTET_STRING *exta, *extb;
+    int i;
+    i = X509_CRL_get_ext_by_NID(a, nid, -1);
+    if (i >= 0) {
+        /* Can't have multiple occurrences */
+        if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+            return 0;
+        exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+    } else
+        exta = NULL;
+
+    i = X509_CRL_get_ext_by_NID(b, nid, -1);
+
+    if (i >= 0) {
+
+        if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+            return 0;
+        extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+    } else
+        extb = NULL;
+
+    if (!exta && !extb)
+        return 1;
+
+    if (!exta || !extb)
+        return 0;
+
+    if (ASN1_OCTET_STRING_cmp(exta, extb))
+        return 0;
+
+    return 1;
+}
+
+/* See if a base and delta are compatible */
+
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+{
+    /* Delta CRL must be a delta */
+    if (!delta->base_crl_number)
+        return 0;
+    /* Base must have a CRL number */
+    if (!base->crl_number)
+        return 0;
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
+        return 0;
+    /* AKID and IDP must match */
+    if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+        return 0;
+    if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+        return 0;
+    /* Delta CRL base number must not exceed Full CRL number. */
+    if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+        return 0;
+    /* Delta CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * For a given base CRL find a delta... maybe extend to delta scoring or
+ * retrieve a chain of deltas...
+ */
+
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *delta;
+    int i;
+    if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+        return;
+    if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+        return;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        delta = sk_X509_CRL_value(crls, i);
+        if (check_delta_base(delta, base)) {
+            if (check_crl_time(ctx, delta, 0))
+                *pscore |= CRL_SCORE_TIME_DELTA;
+            X509_CRL_up_ref(delta);
+            *dcrl = delta;
+            return;
+        }
+    }
+    *dcrl = NULL;
+}
+
+/*
+ * For a given CRL return how suitable it is for the supplied certificate
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
+ * is rejected, otherwise reasons is updated.
+ */
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x)
+{
+
+    int crl_score = 0;
+    unsigned int tmp_reasons = *preasons, crl_reasons;
+
+    /* First see if we can reject CRL straight away */
+
+    /* Invalid IDP cannot be processed */
+    if (crl->idp_flags & IDP_INVALID)
+        return 0;
+    /* Reason codes or indirect CRLs need extended CRL support */
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
+        if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+            return 0;
+    } else if (crl->idp_flags & IDP_REASONS) {
+        /* If no new reasons reject */
+        if (!(crl->idp_reasons & ~tmp_reasons))
+            return 0;
+    }
+    /* Don't process deltas at this stage */
+    else if (crl->base_crl_number)
+        return 0;
+    /* If issuer name doesn't match certificate need indirect CRL */
+    if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
+        if (!(crl->idp_flags & IDP_INDIRECT))
+            return 0;
+    } else
+        crl_score |= CRL_SCORE_ISSUER_NAME;
+
+    if (!(crl->flags & EXFLAG_CRITICAL))
+        crl_score |= CRL_SCORE_NOCRITICAL;
+
+    /* Check expiry */
+    if (check_crl_time(ctx, crl, 0))
+        crl_score |= CRL_SCORE_TIME;
+
+    /* Check authority key ID and locate certificate issuer */
+    crl_akid_check(ctx, crl, pissuer, &crl_score);
+
+    /* If we can't locate certificate issuer at this point forget it */
+
+    if (!(crl_score & CRL_SCORE_AKID))
+        return 0;
+
+    /* Check cert for matching CRL distribution points */
+
+    if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
+        /* If no new reasons reject */
+        if (!(crl_reasons & ~tmp_reasons))
+            return 0;
+        tmp_reasons |= crl_reasons;
+        crl_score |= CRL_SCORE_SCOPE;
+    }
+
+    *preasons = tmp_reasons;
+
+    return crl_score;
+
+}
+
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                           X509 **pissuer, int *pcrl_score)
+{
+    X509 *crl_issuer = NULL;
+    X509_NAME *cnm = X509_CRL_get_issuer(crl);
+    int cidx = ctx->error_depth;
+    int i;
+
+    if (cidx != sk_X509_num(ctx->chain) - 1)
+        cidx++;
+
+    crl_issuer = sk_X509_value(ctx->chain, cidx);
+
+    if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+        if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    /* Anything else needs extended CRL support */
+
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+        return;
+
+    /*
+     * Otherwise the CRL issuer is not on the path. Look for it in the set of
+     * untrusted certificates.
+     */
+    for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
+        crl_issuer = sk_X509_value(ctx->untrusted, i);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pissuer = crl_issuer;
+            *pcrl_score |= CRL_SCORE_AKID;
+            return;
+        }
+    }
+}
+
+/*
+ * Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking will
+ * be duplicated by the parent, but this will rarely be used in practice.
+ */
+
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_STORE_CTX crl_ctx;
+    int ret;
+
+    /* Don't allow recursive CRL path validation */
+    if (ctx->parent)
+        return 0;
+    if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+        return -1;
+
+    crl_ctx.crls = ctx->crls;
+    /* Copy verify params across */
+    X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+
+    crl_ctx.parent = ctx;
+    crl_ctx.verify_cb = ctx->verify_cb;
+
+    /* Verify CRL issuer */
+    ret = X509_verify_cert(&crl_ctx);
+    if (ret <= 0)
+        goto err;
+
+    /* Check chain is acceptable */
+    ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+ err:
+    X509_STORE_CTX_cleanup(&crl_ctx);
+    return ret;
+}
+
+/*
+ * RFC3280 says nothing about the relationship between CRL path and
+ * certificate path, which could lead to situations where a certificate could
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * strict and states that the two paths must end in the same trust anchor,
+ * though some discussions remain... until this is resolved we use the
+ * RFC5280 version
+ */
+
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path)
+{
+    X509 *cert_ta, *crl_ta;
+    cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+    crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+    if (!X509_cmp(cert_ta, crl_ta))
+        return 1;
+    return 0;
+}
+
+/*-
+ * Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+{
+    X509_NAME *nm = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gena, *genb;
+    int i, j;
+    if (!a || !b)
+        return 1;
+    if (a->type == 1) {
+        if (!a->dpname)
+            return 0;
+        /* Case 1: two X509_NAME */
+        if (b->type == 1) {
+            if (!b->dpname)
+                return 0;
+            if (!X509_NAME_cmp(a->dpname, b->dpname))
+                return 1;
+            else
+                return 0;
+        }
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        nm = a->dpname;
+        gens = b->name.fullname;
+    } else if (b->type == 1) {
+        if (!b->dpname)
+            return 0;
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        gens = a->name.fullname;
+        nm = b->dpname;
+    }
+
+    /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+    if (nm) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gena = sk_GENERAL_NAME_value(gens, i);
+            if (gena->type != GEN_DIRNAME)
+                continue;
+            if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                return 1;
+        }
+        return 0;
+    }
+
+    /* Else case 3: two GENERAL_NAMES */
+
+    for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
+        gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
+            genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+            if (!GENERAL_NAME_cmp(gena, genb))
+                return 1;
+        }
+    }
+
+    return 0;
+
+}
+
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+{
+    int i;
+    X509_NAME *nm = X509_CRL_get_issuer(crl);
+    /* If no CRLissuer return is successful iff don't need a match */
+    if (!dp->CRLissuer)
+        return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(gen->d.directoryName, nm))
+            return 1;
+    }
+    return 0;
+}
+
+/* Check CRLDP and IDP */
+
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons)
+{
+    int i;
+    if (crl->idp_flags & IDP_ONLYATTR)
+        return 0;
+    if (x->ex_flags & EXFLAG_CA) {
+        if (crl->idp_flags & IDP_ONLYUSER)
+            return 0;
+    } else {
+        if (crl->idp_flags & IDP_ONLYCA)
+            return 0;
+    }
+    *preasons = crl->idp_reasons;
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+        if (crldp_check_crlissuer(dp, crl, crl_score)) {
+            if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
+                *preasons &= dp->dp_reasons;
+                return 1;
+            }
+        }
+    }
+    if ((!crl->idp || !crl->idp->distpoint)
+        && (crl_score & CRL_SCORE_ISSUER_NAME))
+        return 1;
+    return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
+ * to find a delta CRL too
+ */
+
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+{
+    int ok;
+    X509 *issuer = NULL;
+    int crl_score = 0;
+    unsigned int reasons;
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    STACK_OF(X509_CRL) *skcrl;
+    X509_NAME *nm = X509_get_issuer_name(x);
+
+    reasons = ctx->current_reasons;
+    ok = get_crl_sk(ctx, &crl, &dcrl,
+                    &issuer, &crl_score, &reasons, ctx->crls);
+    if (ok)
+        goto done;
+
+    /* Lookup CRLs from store */
+
+    skcrl = ctx->lookup_crls(ctx, nm);
+
+    /* If no CRLs found and a near match from get_crl_sk use that */
+    if (!skcrl && crl)
+        goto done;
+
+    get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+
+    sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+
+ done:
+    /* If we got any kind of CRL use it and return success */
+    if (crl) {
+        ctx->current_issuer = issuer;
+        ctx->current_crl_score = crl_score;
+        ctx->current_reasons = reasons;
+        *pcrl = crl;
+        *pdcrl = dcrl;
+        return 1;
+    }
+    return 0;
+}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+{
+    X509 *issuer = NULL;
+    EVP_PKEY *ikey = NULL;
+    int cnum = ctx->error_depth;
+    int chnum = sk_X509_num(ctx->chain) - 1;
+
+    /* if we have an alternative CRL issuer cert use that */
+    if (ctx->current_issuer)
+        issuer = ctx->current_issuer;
+    /*
+     * Else find CRL issuer: if not last certificate then issuer is next
+     * certificate in chain.
+     */
+    else if (cnum < chnum)
+        issuer = sk_X509_value(ctx->chain, cnum + 1);
+    else {
+        issuer = sk_X509_value(ctx->chain, chnum);
+        /* If not self signed, can't check signature */
+        if (!ctx->check_issued(ctx, issuer, issuer) &&
+            !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))
+            return 0;
+    }
+
+    if (issuer == NULL)
+        return 1;
+
+    /*
+     * Skip most tests for deltas because they have already been done
+     */
+    if (!crl->base_crl_number) {
+        /* Check for cRLSign bit if keyUsage present */
+        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+            !(issuer->ex_kusage & KU_CRL_SIGN) &&
+            !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) &&
+            !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) &&
+            check_crl_path(ctx, ctx->current_issuer) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR))
+            return 0;
+
+        if ((crl->idp_flags & IDP_INVALID) &&
+            !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION))
+            return 0;
+    }
+
+    if (!(ctx->current_crl_score & CRL_SCORE_TIME) &&
+        !check_crl_time(ctx, crl, 1))
+        return 0;
+
+    /* Attempt to get issuer certificate public key */
+    ikey = X509_get0_pubkey(issuer);
+
+    if (!ikey &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+        return 0;
+
+    if (ikey) {
+        int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
+
+        if (rv != X509_V_OK && !verify_cb_crl(ctx, rv))
+            return 0;
+        /* Verify CRL signature */
+        if (X509_CRL_verify(crl, ikey) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE))
+            return 0;
+    }
+    return 1;
+}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+{
+    X509_REVOKED *rev;
+
+    /*
+     * The rules changed for this... previously if a CRL contained unhandled
+     * critical extensions it could still be used to indicate a certificate
+     * was revoked. This has since been changed since critical extensions can
+     * change the meaning of CRL entries.
+     */
+    if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        && (crl->flags & EXFLAG_CRITICAL) &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION))
+        return 0;
+    /*
+     * Look for serial number of certificate in CRL.  If found, make sure
+     * reason is not removeFromCRL.
+     */
+    if (X509_CRL_get0_by_cert(crl, &rev, x)) {
+        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+            return 2;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int check_policy(X509_STORE_CTX *ctx)
+{
+    int ret;
+
+    if (ctx->parent)
+        return 1;
+    /*
+     * With DANE, the trust anchor might be a bare public key, not a
+     * certificate!  In that case our chain does not have the trust anchor
+     * certificate as a top-most element.  This comports well with RFC5280
+     * chain verification, since there too, the trust anchor is not part of the
+     * chain to be verified.  In particular, X509_policy_check() does not look
+     * at the TA cert, but assumes that it is present as the top-most chain
+     * element.  We therefore temporarily push a NULL cert onto the chain if it
+     * was verified via a bare public key, and pop it off right after the
+     * X509_policy_check() call.
+     */
+    if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+                            ctx->param->policies, ctx->param->flags);
+    if (ctx->bare_ta_signed)
+        sk_X509_pop(ctx->chain);
+
+    if (ret == X509_PCY_TREE_INTERNAL) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    /* Invalid or inconsistent extensions */
+    if (ret == X509_PCY_TREE_INVALID) {
+        int i;
+
+        /* Locate certificates with bad extensions and notify callback. */
+        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+            X509 *x = sk_X509_value(ctx->chain, i);
+
+            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                continue;
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_INVALID_POLICY_EXTENSION))
+                return 0;
+        }
+        return 1;
+    }
+    if (ret == X509_PCY_TREE_FAILURE) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+        return ctx->verify_cb(0, ctx);
+    }
+    if (ret != X509_PCY_TREE_VALID) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+        ctx->current_cert = NULL;
+        /*
+         * Verification errors need to be "sticky", a callback may have allowed
+         * an SSL handshake to continue despite an error, and we must then
+         * remain in an error state.  Therefore, we MUST NOT clear earlier
+         * verification errors by setting the error to X509_V_OK.
+         */
+        if (!ctx->verify_cb(2, ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * Check certificate validity times.
+ * If depth >= 0, invoke verification callbacks on error, otherwise just return
+ * the validation status.
+ *
+ * Return 1 on success, 0 otherwise.
+ */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+{
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_get0_notBefore(x), ptime);
+    if (i >= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))
+        return 0;
+    if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
+        return 0;
+
+    i = X509_cmp_time(X509_get0_notAfter(x), ptime);
+    if (i <= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))
+        return 0;
+    if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED))
+        return 0;
+    return 1;
+}
+
+static int internal_verify(X509_STORE_CTX *ctx)
+{
+    int n = sk_X509_num(ctx->chain) - 1;
+    X509 *xi = sk_X509_value(ctx->chain, n);
+    X509 *xs;
+
+    /*
+     * With DANE-verified bare public key TA signatures, it remains only to
+     * check the timestamps of the top certificate.  We report the issuer as
+     * NULL, since all we have is a bare key.
+     */
+    if (ctx->bare_ta_signed) {
+        xs = xi;
+        xi = NULL;
+        goto check_cert;
+    }
+
+    if (ctx->check_issued(ctx, xi, xi))
+        xs = xi;
+    else {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+            xs = xi;
+            goto check_cert;
+        }
+        if (n <= 0)
+            return verify_cb_cert(ctx, xi, 0,
+                                  X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
+        n--;
+        ctx->error_depth = n;
+        xs = sk_X509_value(ctx->chain, n);
+    }
+
+    /*
+     * Do not clear ctx->error=0, it must be "sticky", only the user's callback
+     * is allowed to reset errors (at its own peril).
+     */
+    while (n >= 0) {
+        EVP_PKEY *pkey;
+
+        /*
+         * Skip signature check for self signed certificates unless explicitly
+         * asked for.  It doesn't add any security and just wastes time.  If
+         * the issuer's public key is unusable, report the issuer certificate
+         * and its depth (rather than the depth of the subject).
+         */
+        if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
+            if ((pkey = X509_get0_pubkey(xi)) == NULL) {
+                if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
+                        X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+                    return 0;
+            } else if (X509_verify(xs, pkey) <= 0) {
+                if (!verify_cb_cert(ctx, xs, n,
+                                    X509_V_ERR_CERT_SIGNATURE_FAILURE))
+                    return 0;
+            }
+        }
+
+ check_cert:
+        /* Calls verify callback as needed */
+        if (!x509_check_cert_time(ctx, xs, n))
+            return 0;
+
+        /*
+         * Signal success at this depth.  However, the previous error (if any)
+         * is retained.
+         */
+        ctx->current_issuer = xi;
+        ctx->current_cert = xs;
+        ctx->error_depth = n;
+        if (!ctx->verify_cb(1, ctx))
+            return 0;
+
+        if (--n >= 0) {
+            xi = xs;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+    return 1;
+}
+
+int X509_cmp_current_time(const ASN1_TIME *ctm)
+{
+    return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
+{
+    char *str;
+    ASN1_TIME atm;
+    long offset;
+    char buff1[24], buff2[24], *p;
+    int i, j, remaining;
+
+    p = buff1;
+    remaining = ctm->length;
+    str = (char *)ctm->data;
+    /*
+     * Note that the following (historical) code allows much more slack in the
+     * time format than RFC5280. In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     */
+    if (ctm->type == V_ASN1_UTCTIME) {
+        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+        int min_length = sizeof("YYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 10);
+        p += 10;
+        str += 10;
+        remaining -= 10;
+    } else {
+        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 12);
+        p += 12;
+        str += 12;
+        remaining -= 12;
+    }
+
+    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
+        *(p++) = '0';
+        *(p++) = '0';
+    } else {
+        /* SS (seconds) */
+        if (remaining < 2)
+            return 0;
+        *(p++) = *(str++);
+        *(p++) = *(str++);
+        remaining -= 2;
+        /*
+         * Skip any (up to three) fractional seconds...
+         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+         * Can we just kill them altogether?
+         */
+        if (remaining && *str == '.') {
+            str++;
+            remaining--;
+            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+                if (*str < '0' || *str > '9')
+                    break;
+            }
+        }
+
+    }
+    *(p++) = 'Z';
+    *(p++) = '\0';
+
+    /* We now need either a terminating 'Z' or an offset. */
+    if (!remaining)
+        return 0;
+    if (*str == 'Z') {
+        if (remaining != 1)
+            return 0;
+        offset = 0;
+    } else {
+        /* (+-)HHMM */
+        if ((*str != '+') && (*str != '-'))
+            return 0;
+        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+        if (remaining != 5)
+            return 0;
+        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+            return 0;
+        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
+        offset += (str[3] - '0') * 10 + (str[4] - '0');
+        if (*str == '-')
+            offset = -offset;
+    }
+    atm.type = ctm->type;
+    atm.flags = 0;
+    atm.length = sizeof(buff2);
+    atm.data = (unsigned char *)buff2;
+
+    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+        return 0;
+
+    if (ctm->type == V_ASN1_UTCTIME) {
+        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
+        if (i < 50)
+            i += 100;           /* cf. RFC 2459 */
+        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
+        if (j < 50)
+            j += 100;
+
+        if (i < j)
+            return -1;
+        if (i > j)
+            return 1;
+    }
+    i = strcmp(buff1, buff2);
+    if (i == 0)                 /* wait a second then return younger :-) */
+        return -1;
+    else
+        return i;
+}
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+    return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+{
+    return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+}
+
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *in_tm)
+{
+    time_t t;
+
+    if (in_tm)
+        t = *in_tm;
+    else
+        time(&t);
+
+    if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
+        if (s->type == V_ASN1_UTCTIME)
+            return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+        if (s->type == V_ASN1_GENERALIZEDTIME)
+            return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    }
+    return ASN1_TIME_adj(s, t, offset_day, offset_sec);
+}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+{
+    EVP_PKEY *ktmp = NULL, *ktmp2;
+    int i, j;
+
+    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+        return 1;
+
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ktmp = X509_get0_pubkey(sk_X509_value(chain, i));
+        if (ktmp == NULL) {
+            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+            return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(ktmp))
+            break;
+    }
+    if (ktmp == NULL) {
+        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+        return 0;
+    }
+
+    /* first, populate the other certs */
+    for (j = i - 1; j >= 0; j--) {
+        ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j));
+        EVP_PKEY_copy_parameters(ktmp2, ktmp);
+    }
+
+    if (pkey != NULL)
+        EVP_PKEY_copy_parameters(pkey, ktmp);
+    return 1;
+}
+
+/* Make a delta CRL as the diff between two full CRLs */
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
+{
+    X509_CRL *crl = NULL;
+    int i;
+    STACK_OF(X509_REVOKED) *revs = NULL;
+    /* CRLs can't be delta already */
+    if (base->base_crl_number || newer->base_crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA);
+        return NULL;
+    }
+    /* Base and new CRL must have a CRL number */
+    if (!base->crl_number || !newer->crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER);
+        return NULL;
+    }
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH);
+        return NULL;
+    }
+    /* AKID and IDP must match */
+    if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH);
+        return NULL;
+    }
+    if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH);
+        return NULL;
+    }
+    /* Newer CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER);
+        return NULL;
+    }
+    /* CRLs must verify */
+    if (skey && (X509_CRL_verify(base, skey) <= 0 ||
+                 X509_CRL_verify(newer, skey) <= 0)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE);
+        return NULL;
+    }
+    /* Create new CRL */
+    crl = X509_CRL_new();
+    if (crl == NULL || !X509_CRL_set_version(crl, 1))
+        goto memerr;
+    /* Set issuer name */
+    if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
+        goto memerr;
+
+    if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
+        goto memerr;
+    if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
+        goto memerr;
+
+    /* Set base CRL number: must be critical */
+
+    if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
+        goto memerr;
+
+    /*
+     * Copy extensions across from newest CRL to delta: this will set CRL
+     * number to correct value too.
+     */
+
+    for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
+        X509_EXTENSION *ext;
+        ext = X509_CRL_get_ext(newer, i);
+        if (!X509_CRL_add_ext(crl, ext, -1))
+            goto memerr;
+    }
+
+    /* Go through revoked entries, copying as needed */
+
+    revs = X509_CRL_get_REVOKED(newer);
+
+    for (i = 0; i < sk_X509_REVOKED_num(revs); i++) {
+        X509_REVOKED *rvn, *rvtmp;
+        rvn = sk_X509_REVOKED_value(revs, i);
+        /*
+         * Add only if not also in base. TODO: need something cleverer here
+         * for some more complex CRLs covering multiple CAs.
+         */
+        if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
+            rvtmp = X509_REVOKED_dup(rvn);
+            if (!rvtmp)
+                goto memerr;
+            if (!X509_CRL_add0_revoked(crl, rvtmp)) {
+                X509_REVOKED_free(rvtmp);
+                goto memerr;
+            }
+        }
+    }
+    /* TODO: optionally prune deleted entries */
+
+    if (skey && md && !X509_CRL_sign(crl, skey, md))
+        goto memerr;
+
+    return crl;
+
+ memerr:
+    X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
+    X509_CRL_free(crl);
+    return NULL;
+}
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+    return ctx->error;
+}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+    return ctx->error_depth;
+}
+
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
+{
+    ctx->error_depth = depth;
+}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->current_cert;
+}
+
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->current_cert = x;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
+{
+    return ctx->chain;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+{
+    if (!ctx->chain)
+        return NULL;
+    return X509_chain_up_ref(ctx->chain);
+}
+
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->current_issuer;
+}
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->current_crl;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+{
+    return ctx->parent;
+}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->cert = x;
+}
+
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
+{
+    ctx->crls = sk;
+}
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+{
+    /*
+     * XXX: Why isn't this function always used to set the associated trust?
+     * Should there even be a VPM->trust field at all?  Or should the trust
+     * always be inferred from the purpose by X509_STORE_CTX_init().
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+{
+    /*
+     * XXX: See above, this function would only be needed when the default
+     * trust for the purpose needs an override in a corner case.
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust)
+{
+    int idx;
+    /* If purpose not set use default */
+    if (!purpose)
+        purpose = def_purpose;
+    /* If we have a purpose then check it is valid */
+    if (purpose) {
+        X509_PURPOSE *ptmp;
+        idx = X509_PURPOSE_get_by_id(purpose);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_PURPOSE_ID);
+            return 0;
+        }
+        ptmp = X509_PURPOSE_get0(idx);
+        if (ptmp->trust == X509_TRUST_DEFAULT) {
+            idx = X509_PURPOSE_get_by_id(def_purpose);
+            /*
+             * XXX: In the two callers above def_purpose is always 0, which is
+             * not a known value, so idx will always be -1.  How is the
+             * X509_TRUST_DEFAULT case actually supposed to be handled?
+             */
+            if (idx == -1) {
+                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                        X509_R_UNKNOWN_PURPOSE_ID);
+                return 0;
+            }
+            ptmp = X509_PURPOSE_get0(idx);
+        }
+        /* If trust not set then get from purpose default */
+        if (!trust)
+            trust = ptmp->trust;
+    }
+    if (trust) {
+        idx = X509_TRUST_get_by_id(trust);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_TRUST_ID);
+            return 0;
+        }
+    }
+
+    if (purpose && !ctx->param->purpose)
+        ctx->param->purpose = purpose;
+    if (trust && !ctx->param->trust)
+        ctx->param->trust = trust;
+    return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    X509_STORE_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+                        STACK_OF(X509) *chain)
+{
+    int ret = 1;
+
+    ctx->ctx = store;
+    ctx->cert = x509;
+    ctx->untrusted = chain;
+    ctx->crls = NULL;
+    ctx->num_untrusted = 0;
+    ctx->other_ctx = NULL;
+    ctx->valid = 0;
+    ctx->chain = NULL;
+    ctx->error = 0;
+    ctx->explicit_policy = 0;
+    ctx->error_depth = 0;
+    ctx->current_cert = NULL;
+    ctx->current_issuer = NULL;
+    ctx->current_crl = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+    ctx->tree = NULL;
+    ctx->parent = NULL;
+    ctx->dane = NULL;
+    ctx->bare_ta_signed = 0;
+    /* Zero ex_data to make sure we're cleanup-safe */
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+
+    /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
+    if (store)
+        ctx->cleanup = store->cleanup;
+    else
+        ctx->cleanup = 0;
+
+    if (store && store->check_issued)
+        ctx->check_issued = store->check_issued;
+    else
+        ctx->check_issued = check_issued;
+
+    if (store && store->get_issuer)
+        ctx->get_issuer = store->get_issuer;
+    else
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+    if (store && store->verify_cb)
+        ctx->verify_cb = store->verify_cb;
+    else
+        ctx->verify_cb = null_callback;
+
+    if (store && store->verify)
+        ctx->verify = store->verify;
+    else
+        ctx->verify = internal_verify;
+
+    if (store && store->check_revocation)
+        ctx->check_revocation = store->check_revocation;
+    else
+        ctx->check_revocation = check_revocation;
+
+    if (store && store->get_crl)
+        ctx->get_crl = store->get_crl;
+    else
+        ctx->get_crl = NULL;
+
+    if (store && store->check_crl)
+        ctx->check_crl = store->check_crl;
+    else
+        ctx->check_crl = check_crl;
+
+    if (store && store->cert_crl)
+        ctx->cert_crl = store->cert_crl;
+    else
+        ctx->cert_crl = cert_crl;
+
+    if (store && store->check_policy)
+        ctx->check_policy = store->check_policy;
+    else
+        ctx->check_policy = check_policy;
+
+    if (store && store->lookup_certs)
+        ctx->lookup_certs = store->lookup_certs;
+    else
+        ctx->lookup_certs = X509_STORE_CTX_get1_certs;
+
+    if (store && store->lookup_crls)
+        ctx->lookup_crls = store->lookup_crls;
+    else
+        ctx->lookup_crls = X509_STORE_CTX_get1_crls;
+
+    ctx->param = X509_VERIFY_PARAM_new();
+    if (ctx->param == NULL) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * XXX: For now, continue to inherit trust from VPM, but infer from the
+     * purpose if this still yields the default value.
+     */
+    if (ctx->param->trust == X509_TRUST_DEFAULT) {
+        int idx = X509_PURPOSE_get_by_id(ctx->param->purpose);
+        X509_PURPOSE *xp = X509_PURPOSE_get0(idx);
+
+        if (xp != NULL)
+            ctx->param->trust = X509_PURPOSE_get_trust(xp);
+    }
+
+    if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                           &ctx->ex_data))
+        return 1;
+    X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    /*
+     * On error clean up allocated storage, if the store context was not
+     * allocated with X509_STORE_CTX_new() this is our last chance to do so.
+     */
+    X509_STORE_CTX_cleanup(ctx);
+    return 0;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
+ */
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->other_ctx = sk;
+    ctx->get_issuer = get_issuer_sk;
+    ctx->lookup_certs = lookup_certs_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+{
+    /*
+     * We need to be idempotent because, unfortunately, free() also calls
+     * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
+     * calls cleanup() for the same object twice!  Thus we must zero the
+     * pointers below after they're freed!
+     */
+    /* Seems to always be 0 in OpenSSL, do this at most once. */
+    if (ctx->cleanup != NULL) {
+        ctx->cleanup(ctx);
+        ctx->cleanup = NULL;
+    }
+    if (ctx->param != NULL) {
+        if (ctx->parent == NULL)
+            X509_VERIFY_PARAM_free(ctx->param);
+        ctx->param = NULL;
+    }
+    X509_policy_tree_free(ctx->tree);
+    ctx->tree = NULL;
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = NULL;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+}
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+{
+    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t)
+{
+    X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
+
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->untrusted;
+}
+
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = sk;
+}
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
+{
+    return ctx->verify;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->get_issuer;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+    return ctx->check_issued;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
+{
+    return ctx->check_revocation;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->get_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->check_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->cert_crl;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->check_policy;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
+{
+    return ctx->cleanup;
+}
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+{
+    return ctx->tree;
+}
+
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->explicit_policy;
+}
+
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->num_untrusted;
+}
+
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
+{
+    const X509_VERIFY_PARAM *param;
+    param = X509_VERIFY_PARAM_lookup(name);
+    if (!param)
+        return 0;
+    return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
+{
+    X509_VERIFY_PARAM_free(ctx->param);
+    ctx->param = param;
+}
+
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
+{
+    ctx->dane = dane;
+}
+
+static unsigned char *dane_i2d(
+    X509 *cert,
+    uint8_t selector,
+    unsigned int *i2dlen)
+{
+    unsigned char *buf = NULL;
+    int len;
+
+    /*
+     * Extract ASN.1 DER form of certificate or public key.
+     */
+    switch (selector) {
+    case DANETLS_SELECTOR_CERT:
+        len = i2d_X509(cert, &buf);
+        break;
+    case DANETLS_SELECTOR_SPKI:
+        len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf);
+        break;
+    default:
+        X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR);
+        return NULL;
+    }
+
+    if (len < 0 || buf == NULL) {
+        X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    *i2dlen = (unsigned int)len;
+    return buf;
+}
+
+#define DANETLS_NONE 256        /* impossible uint8_t */
+
+static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    unsigned usage = DANETLS_NONE;
+    unsigned selector = DANETLS_NONE;
+    unsigned ordinal = DANETLS_NONE;
+    unsigned mtype = DANETLS_NONE;
+    unsigned char *i2dbuf = NULL;
+    unsigned int i2dlen = 0;
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    unsigned char *cmpbuf = NULL;
+    unsigned int cmplen = 0;
+    int i;
+    int recnum;
+    int matched = 0;
+    danetls_record *t = NULL;
+    uint32_t mask;
+
+    mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK;
+
+    /*
+     * The trust store is not applicable with DANE-TA(2)
+     */
+    if (depth >= ctx->num_untrusted)
+        mask &= DANETLS_PKIX_MASK;
+
+    /*
+     * If we've previously matched a PKIX-?? record, no need to test any
+     * further PKIX-?? records, it remains to just build the PKIX chain.
+     * Had the match been a DANE-?? record, we'd be done already.
+     */
+    if (dane->mdpth >= 0)
+        mask &= ~DANETLS_PKIX_MASK;
+
+    /*-
+     * https://tools.ietf.org/html/rfc7671#section-5.1
+     * https://tools.ietf.org/html/rfc7671#section-5.2
+     * https://tools.ietf.org/html/rfc7671#section-5.3
+     * https://tools.ietf.org/html/rfc7671#section-5.4
+     *
+     * We handle DANE-EE(3) records first as they require no chain building
+     * and no expiration or hostname checks.  We also process digests with
+     * higher ordinals first and ignore lower priorities except Full(0) which
+     * is always processed (last).  If none match, we then process PKIX-EE(1).
+     *
+     * NOTE: This relies on DANE usages sorting before the corresponding PKIX
+     * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest
+     * priorities.  See twin comment in ssl/ssl_lib.c.
+     *
+     * We expect that most TLSA RRsets will have just a single usage, so we
+     * don't go out of our way to cache multiple selector-specific i2d buffers
+     * across usages, but if the selector happens to remain the same as switch
+     * usages, that's OK.  Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1",
+     * records would result in us generating each of the certificate and public
+     * key DER forms twice, but more typically we'd just see multiple "3 1 1"
+     * or multiple "3 0 1" records.
+     *
+     * As soon as we find a match at any given depth, we stop, because either
+     * we've matched a DANE-?? record and the peer is authenticated, or, after
+     * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
+     * sufficient for DANE, and what remains to do is ordinary PKIX validation.
+     */
+    recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
+    for (i = 0; matched == 0 && i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0)
+            continue;
+        if (t->usage != usage) {
+            usage = t->usage;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        }
+        if (t->selector != selector) {
+            selector = t->selector;
+
+            /* Update per-selector state */
+            OPENSSL_free(i2dbuf);
+            i2dbuf = dane_i2d(cert, selector, &i2dlen);
+            if (i2dbuf == NULL)
+                return -1;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        } else if (t->mtype != DANETLS_MATCHING_FULL) {
+            /*-
+             * Digest agility:
+             *
+             *     <https://tools.ietf.org/html/rfc7671#section-9>
+             *
+             * For a fixed selector, after processing all records with the
+             * highest mtype ordinal, ignore all mtypes with lower ordinals
+             * other than "Full".
+             */
+            if (dane->dctx->mdord[t->mtype] < ordinal)
+                continue;
+        }
+
+        /*
+         * Each time we hit a (new selector or) mtype, re-compute the relevant
+         * digest, more complex caching is not worth the code space.
+         */
+        if (t->mtype != mtype) {
+            const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype];
+            cmpbuf = i2dbuf;
+            cmplen = i2dlen;
+
+            if (md != NULL) {
+                cmpbuf = mdbuf;
+                if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
+                    matched = -1;
+                    break;
+                }
+            }
+        }
+
+        /*
+         * Squirrel away the certificate and depth if we have a match.  Any
+         * DANE match is dispositive, but with PKIX we still need to build a
+         * full chain.
+         */
+        if (cmplen == t->dlen &&
+            memcmp(cmpbuf, t->data, cmplen) == 0) {
+            if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
+                matched = 1;
+            if (matched || dane->mdpth < 0) {
+                dane->mdpth = depth;
+                dane->mtlsa = t;
+                OPENSSL_free(dane->mcert);
+                dane->mcert = cert;
+                X509_up_ref(cert);
+            }
+            break;
+        }
+    }
+
+    /* Clear the one-element DER cache */
+    OPENSSL_free(i2dbuf);
+    return matched;
+}
+
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    int matched = 0;
+    X509 *cert;
+
+    if (!DANETLS_HAS_TA(dane) || depth == 0)
+        return  X509_TRUST_UNTRUSTED;
+
+    /*
+     * Record any DANE trust-anchor matches, for the first depth to test, if
+     * there's one at that depth. (This'll be false for length 1 chains looking
+     * for an exact match for the leaf certificate).
+     */
+    cert = sk_X509_value(ctx->chain, depth);
+    if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0)
+        return  X509_TRUST_REJECTED;
+    if (matched > 0) {
+        ctx->num_untrusted = depth - 1;
+        return  X509_TRUST_TRUSTED;
+    }
+
+    return  X509_TRUST_UNTRUSTED;
+}
+
+static int check_dane_pkeys(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    danetls_record *t;
+    int num = ctx->num_untrusted;
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int recnum = sk_danetls_record_num(dane->trecs);
+    int i;
+
+    for (i = 0; i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if (t->usage != DANETLS_USAGE_DANE_TA ||
+            t->selector != DANETLS_SELECTOR_SPKI ||
+            t->mtype != DANETLS_MATCHING_FULL ||
+            X509_verify(cert, t->spki) <= 0)
+            continue;
+
+        /* Clear any PKIX-?? matches that failed to extend to a full chain */
+        X509_free(dane->mcert);
+        dane->mcert = NULL;
+
+        /* Record match via a bare TA public key */
+        ctx->bare_ta_signed = 1;
+        dane->mdpth = num - 1;
+        dane->mtlsa = t;
+
+        /* Prune any excess chain certificates */
+        num = sk_X509_num(ctx->chain);
+        for (; num > ctx->num_untrusted; --num)
+            X509_free(sk_X509_pop(ctx->chain));
+
+        return X509_TRUST_TRUSTED;
+    }
+
+    return X509_TRUST_UNTRUSTED;
+}
+
+static void dane_reset(SSL_DANE *dane)
+{
+    /*
+     * Reset state to verify another chain, or clear after failure.
+     */
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags);
+
+    if (err == X509_V_OK)
+        return 1;
+    return verify_cb_cert(ctx, cert, 0, err);
+}
+
+static int dane_verify(X509_STORE_CTX *ctx)
+{
+    X509 *cert = ctx->cert;
+    SSL_DANE *dane = ctx->dane;
+    int matched;
+    int done;
+
+    dane_reset(dane);
+
+    /*-
+     * When testing the leaf certificate, if we match a DANE-EE(3) record,
+     * dane_match() returns 1 and we're done.  If however we match a PKIX-EE(1)
+     * record, the match depth and matching TLSA record are recorded, but the
+     * return value is 0, because we still need to find a PKIX trust-anchor.
+     * Therefore, when DANE authentication is enabled (required), we're done
+     * if:
+     *   + matched < 0, internal error.
+     *   + matched == 1, we matched a DANE-EE(3) record
+     *   + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no
+     *     DANE-TA(2) or PKIX-TA(0) to test.
+     */
+    matched = dane_match(ctx, ctx->cert, 0);
+    done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0);
+
+    if (done)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    if (matched > 0) {
+        /* Callback invoked as needed */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        /* Callback invoked as needed */
+        if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+            !check_id(ctx))
+            return 0;
+        /* Bypass internal_verify(), issue depth 0 success callback */
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        return ctx->verify_cb(1, ctx);
+    }
+
+    if (matched < 0) {
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+
+    if (done) {
+        /* Fail early, TA-based success is not possible */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH);
+    }
+
+    /*
+     * Chain verification for usages 0/1/2.  TLSA record matching of depth > 0
+     * certificates happens in-line with building the rest of the chain.
+     */
+    return verify_chain(ctx);
+}
+
+/* Get issuer, without duplicate suppression */
+static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
+{
+    STACK_OF(X509) *saved_chain = ctx->chain;
+    int ok;
+
+    ctx->chain = NULL;
+    ok = ctx->get_issuer(issuer, ctx, cert);
+    ctx->chain = saved_chain;
+
+    return ok;
+}
+
+static int build_chain(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int ss = cert_self_signed(cert);
+    STACK_OF(X509) *sktmp = NULL;
+    unsigned int search;
+    int may_trusted = 0;
+    int may_alternate = 0;
+    int trust = X509_TRUST_UNTRUSTED;
+    int alt_untrusted = 0;
+    int depth;
+    int ok = 0;
+    int i;
+
+    /* Our chain starts with a single untrusted element. */
+    OPENSSL_assert(num == 1 && ctx->num_untrusted == num);
+
+#define S_DOUNTRUSTED      (1 << 0)     /* Search untrusted chain */
+#define S_DOTRUSTED        (1 << 1)     /* Search trusted store */
+#define S_DOALTERNATE      (1 << 2)     /* Retry with pruned alternate chain */
+    /*
+     * Set up search policy, untrusted if possible, trusted-first if enabled.
+     * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the
+     * trust_store, otherwise we might look there first.  If not trusted-first,
+     * and alternate chains are not disabled, try building an alternate chain
+     * if no luck with untrusted first.
+     */
+    search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0;
+    if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) {
+        if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
+            search |= S_DOTRUSTED;
+        else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
+            may_alternate = 1;
+        may_trusted = 1;
+    }
+
+    /*
+     * Shallow-copy the stack of untrusted certificates (with TLS, this is
+     * typically the content of the peer's certificate message) so can make
+     * multiple passes over it, while free to remove elements as we go.
+     */
+    if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+
+    /*
+     * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+     * them to our working copy of the untrusted certificate stack.  Since the
+     * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
+     * no corresponding stack of untrusted certificates, we may need to create
+     * an empty stack first.  [ At present only the ssl library provides DANE
+     * support, and ssl_verify_cert_chain() always provides a non-null stack
+     * containing at least the leaf certificate, but we must be prepared for
+     * this to change. ]
+     */
+    if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
+        if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
+            X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(dane->certs); ++i) {
+            if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
+                sk_X509_free(sktmp);
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * Still absurdly large, but arithmetically safe, a lower hard upper bound
+     * might be reasonable.
+     */
+    if (ctx->param->depth > INT_MAX/2)
+        ctx->param->depth = INT_MAX/2;
+
+    /*
+     * Try to Extend the chain until we reach an ultimately trusted issuer.
+     * Build chains up to one longer the limit, later fail if we hit the limit,
+     * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code.
+     */
+    depth = ctx->param->depth + 1;
+
+    while (search != 0) {
+        X509 *x;
+        X509 *xtmp = NULL;
+
+        /*
+         * Look in the trust store if enabled for first lookup, or we've run
+         * out of untrusted issuers and search here is not disabled.  When we
+         * reach the depth limit, we stop extending the chain, if by that point
+         * we've not found a trust-anchor, any trusted chain would be too long.
+         *
+         * The error reported to the application verify callback is at the
+         * maximal valid depth with the current certificate equal to the last
+         * not ultimately-trusted issuer.  For example, with verify_depth = 0,
+         * the callback will report errors at depth=1 when the immediate issuer
+         * of the leaf certificate is not a trust anchor.  No attempt will be
+         * made to locate an issuer for that certificate, since such a chain
+         * would be a-priori too long.
+         */
+        if ((search & S_DOTRUSTED) != 0) {
+            i = num = sk_X509_num(ctx->chain);
+            if ((search & S_DOALTERNATE) != 0) {
+                /*
+                 * As high up the chain as we can, look for an alternative
+                 * trusted issuer of an untrusted certificate that currently
+                 * has an untrusted issuer.  We use the alt_untrusted variable
+                 * to track how far up the chain we find the first match.  It
+                 * is only if and when we find a match, that we prune the chain
+                 * and reset ctx->num_untrusted to the reduced count of
+                 * untrusted certificates.  While we're searching for such a
+                 * match (which may never be found), it is neither safe nor
+                 * wise to preemptively modify either the chain or
+                 * ctx->num_untrusted.
+                 *
+                 * Note, like ctx->num_untrusted, alt_untrusted is a count of
+                 * untrusted certificates, not a "depth".
+                 */
+                i = alt_untrusted;
+            }
+            x = sk_X509_value(ctx->chain, i-1);
+
+            ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x);
+
+            if (ok < 0) {
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
+                search = 0;
+                continue;
+            }
+
+            if (ok > 0) {
+                /*
+                 * Alternative trusted issuer for a mid-chain untrusted cert?
+                 * Pop the untrusted cert's successors and retry.  We might now
+                 * be able to complete a valid chain via the trust store.  Note
+                 * that despite the current trust-store match we might still
+                 * fail complete the chain to a suitable trust-anchor, in which
+                 * case we may prune some more untrusted certificates and try
+                 * again.  Thus the S_DOALTERNATE bit may yet be turned on
+                 * again with an even shorter untrusted chain!
+                 *
+                 * If in the process we threw away our matching PKIX-TA trust
+                 * anchor, reset DANE trust.  We might find a suitable trusted
+                 * certificate among the ones from the trust store.
+                 */
+                if ((search & S_DOALTERNATE) != 0) {
+                    OPENSSL_assert(num > i && i > 0 && ss == 0);
+                    search &= ~S_DOALTERNATE;
+                    for (; num > i; --num)
+                        X509_free(sk_X509_pop(ctx->chain));
+                    ctx->num_untrusted = num;
+
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->mdpth >= ctx->num_untrusted) {
+                        dane->mdpth = -1;
+                        X509_free(dane->mcert);
+                        dane->mcert = NULL;
+                    }
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->pdpth >= ctx->num_untrusted)
+                        dane->pdpth = -1;
+                }
+
+                /*
+                 * Self-signed untrusted certificates get replaced by their
+                 * trusted matching issuer.  Otherwise, grow the chain.
+                 */
+                if (ss == 0) {
+                    if (!sk_X509_push(ctx->chain, x = xtmp)) {
+                        X509_free(xtmp);
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_OUT_OF_MEM;
+                        search = 0;
+                        continue;
+                    }
+                    ss = cert_self_signed(x);
+                } else if (num == ctx->num_untrusted) {
+                    /*
+                     * We have a self-signed certificate that has the same
+                     * subject name (and perhaps keyid and/or serial number) as
+                     * a trust-anchor.  We must have an exact match to avoid
+                     * possible impersonation via key substitution etc.
+                     */
+                    if (X509_cmp(x, xtmp) != 0) {
+                        /* Self-signed untrusted mimic. */
+                        X509_free(xtmp);
+                        ok = 0;
+                    } else {
+                        X509_free(x);
+                        ctx->num_untrusted = --num;
+                        (void) sk_X509_set(ctx->chain, num, x = xtmp);
+                    }
+                }
+
+                /*
+                 * We've added a new trusted certificate to the chain, recheck
+                 * trust.  If not done, and not self-signed look deeper.
+                 * Whether or not we're doing "trusted first", we no longer
+                 * look for untrusted certificates from the peer's chain.
+                 *
+                 * At this point ctx->num_trusted and num must reflect the
+                 * correct number of untrusted certificates, since the DANE
+                 * logic in check_trust() depends on distinguishing CAs from
+                 * "the wire" from CAs from the trust store.  In particular, the
+                 * certificate at depth "num" should be the new trusted
+                 * certificate with ctx->num_untrusted <= num.
+                 */
+                if (ok) {
+                    OPENSSL_assert(ctx->num_untrusted <= num);
+                    search &= ~S_DOUNTRUSTED;
+                    switch (trust = check_trust(ctx, num)) {
+                    case X509_TRUST_TRUSTED:
+                    case X509_TRUST_REJECTED:
+                        search = 0;
+                        continue;
+                    }
+                    if (ss == 0)
+                        continue;
+                }
+            }
+
+            /*
+             * No dispositive decision, and either self-signed or no match, if
+             * we were doing untrusted-first, and alt-chains are not disabled,
+             * do that, by repeatedly losing one untrusted element at a time,
+             * and trying to extend the shorted chain.
+             */
+            if ((search & S_DOUNTRUSTED) == 0) {
+                /* Continue search for a trusted issuer of a shorter chain? */
+                if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0)
+                    continue;
+                /* Still no luck and no fallbacks left? */
+                if (!may_alternate || (search & S_DOALTERNATE) != 0 ||
+                    ctx->num_untrusted < 2)
+                    break;
+                /* Search for a trusted issuer of a shorter chain */
+                search |= S_DOALTERNATE;
+                alt_untrusted = ctx->num_untrusted - 1;
+                ss = 0;
+            }
+        }
+
+        /*
+         * Extend chain with peer-provided certificates
+         */
+        if ((search & S_DOUNTRUSTED) != 0) {
+            num = sk_X509_num(ctx->chain);
+            OPENSSL_assert(num == ctx->num_untrusted);
+            x = sk_X509_value(ctx->chain, num-1);
+
+            /*
+             * Once we run out of untrusted issuers, we stop looking for more
+             * and start looking only in the trust store if enabled.
+             */
+            xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x);
+            if (xtmp == NULL) {
+                search &= ~S_DOUNTRUSTED;
+                if (may_trusted)
+                    search |= S_DOTRUSTED;
+                continue;
+            }
+
+            /* Drop this issuer from future consideration */
+            (void) sk_X509_delete_ptr(sktmp, xtmp);
+
+            if (!sk_X509_push(ctx->chain, xtmp)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                search = 0;
+                continue;
+            }
+
+            X509_up_ref(x = xtmp);
+            ++ctx->num_untrusted;
+            ss = cert_self_signed(xtmp);
+
+            /*
+             * Check for DANE-TA trust of the topmost untrusted certificate.
+             */
+            switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) {
+            case X509_TRUST_TRUSTED:
+            case X509_TRUST_REJECTED:
+                search = 0;
+                continue;
+            }
+        }
+    }
+    sk_X509_free(sktmp);
+
+    /*
+     * Last chance to make a trusted chain, either bare DANE-TA public-key
+     * signers, or else direct leaf PKIX trust.
+     */
+    num = sk_X509_num(ctx->chain);
+    if (num <= depth) {
+        if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
+            trust = check_dane_pkeys(ctx);
+        if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
+            trust = check_trust(ctx, num);
+    }
+
+    switch (trust) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        /* Callback already issued */
+        return 0;
+    case X509_TRUST_UNTRUSTED:
+    default:
+        num = sk_X509_num(ctx->chain);
+        if (num > depth)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_CERT_CHAIN_TOO_LONG);
+        if (DANETLS_ENABLED(dane) &&
+            (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0))
+            return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH);
+        if (ss && sk_X509_num(ctx->chain) == 1)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+        if (ss)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
+        if (ctx->num_untrusted < num)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT);
+        return verify_cb_cert(ctx, NULL, num-1,
+                              X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
+    }
+}
+
+static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
+
+/*
+ * Check whether the public key of ``cert`` meets the security level of
+ * ``ctx``.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+    int level = ctx->param->auth_level;
+
+    /* Unsupported or malformed keys are not secure */
+    if (pkey == NULL)
+        return 0;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
+}
+
+/*
+ * Check whether the signature digest algorithm of ``cert`` meets the security
+ * level of ``ctx``.  Should not be checked for trust anchors (whether
+ * self-signed or otherwise).
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int nid = X509_get_signature_nid(cert);
+    int mdnid = NID_undef;
+    int secbits = -1;
+    int level = ctx->param->auth_level;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    /* Lookup signature algorithm digest */
+    if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) {
+        const EVP_MD *md;
+
+        /* Assume 4 bits of collision resistance for each hash octet */
+        if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL)
+            secbits = EVP_MD_size(md) * 4;
+    }
+
+    return secbits >= minbits_table[level - 1];
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509_vpm.c b/openssl-1.1.0h/crypto/x509/x509_vpm.c
new file mode 100644
index 0000000..b506722
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509_vpm.c
@@ -0,0 +1,617 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "x509_lcl.h"
+
+/* X509_VERIFY_PARAM functions */
+
+#define SET_HOST 0
+#define ADD_HOST 1
+
+static char *str_copy(const char *s)
+{
+    return OPENSSL_strdup(s);
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
+                                    const char *name, size_t namelen)
+{
+    char *copy;
+
+    /*
+     * Refuse names with embedded NUL bytes, except perhaps as final byte.
+     * XXX: Do we need to push an error onto the error stack?
+     */
+    if (namelen == 0 || name == NULL)
+        namelen = name ? strlen(name) : 0;
+    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
+        return 0;
+    if (namelen > 0 && name[namelen - 1] == '\0')
+        --namelen;
+
+    if (mode == SET_HOST) {
+        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
+        vpm->hosts = NULL;
+    }
+    if (name == NULL || namelen == 0)
+        return 1;
+
+    copy = OPENSSL_strndup(name, namelen);
+    if (copy == NULL)
+        return 0;
+
+    if (vpm->hosts == NULL &&
+        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+        OPENSSL_free(copy);
+        return 0;
+    }
+
+    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
+        OPENSSL_free(copy);
+        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
+            sk_OPENSSL_STRING_free(vpm->hosts);
+            vpm->hosts = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+}
+
+static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
+{
+    if (!param)
+        return;
+    param->name = NULL;
+    param->purpose = 0;
+    param->trust = X509_TRUST_DEFAULT;
+    /*
+     * param->inh_flags = X509_VP_FLAG_DEFAULT;
+     */
+    param->inh_flags = 0;
+    param->flags = 0;
+    param->depth = -1;
+    param->auth_level = -1; /* -1 means unset, 0 is explicit */
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    param->policies = NULL;
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    param->hosts = NULL;
+    OPENSSL_free(param->peername);
+    param->peername = NULL;
+    OPENSSL_free(param->email);
+    param->email = NULL;
+    param->emaillen = 0;
+    OPENSSL_free(param->ip);
+    param->ip = NULL;
+    param->iplen = 0;
+}
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
+{
+    X509_VERIFY_PARAM *param;
+
+    param = OPENSSL_zalloc(sizeof(*param));
+    if (param == NULL)
+        return NULL;
+    x509_verify_param_zero(param);
+    return param;
+}
+
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
+{
+    if (!param)
+        return;
+    x509_verify_param_zero(param);
+    OPENSSL_free(param);
+}
+
+/*-
+ * This function determines how parameters are "inherited" from one structure
+ * to another. There are several different ways this can happen.
+ *
+ * 1. If a child structure needs to have its values initialized from a parent
+ *    they are simply copied across. For example SSL_CTX copied to SSL.
+ * 2. If the structure should take on values only if they are currently unset.
+ *    For example the values in an SSL structure will take appropriate value
+ *    for SSL servers or clients but only if the application has not set new
+ *    ones.
+ *
+ * The "inh_flags" field determines how this function behaves.
+ *
+ * Normally any values which are set in the default are not copied from the
+ * destination and verify flags are ORed together.
+ *
+ * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
+ * to the destination. Effectively the values in "to" become default values
+ * which will be used only if nothing new is set in "from".
+ *
+ * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
+ * they are set or not. Flags is still Ored though.
+ *
+ * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
+ * of ORed.
+ *
+ * If X509_VP_FLAG_LOCKED is set then no values are copied.
+ *
+ * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
+ * after the next call.
+ */
+
+/* Macro to test if a field should be copied from src to dest */
+
+#define test_x509_verify_param_copy(field, def) \
+        (to_overwrite || \
+                ((src->field != def) && (to_default || (dest->field == def))))
+
+/* Macro to test and copy a field if necessary */
+
+#define x509_verify_param_copy(field, def) \
+        if (test_x509_verify_param_copy(field, def)) \
+                dest->field = src->field
+
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
+                              const X509_VERIFY_PARAM *src)
+{
+    unsigned long inh_flags;
+    int to_default, to_overwrite;
+    if (!src)
+        return 1;
+    inh_flags = dest->inh_flags | src->inh_flags;
+
+    if (inh_flags & X509_VP_FLAG_ONCE)
+        dest->inh_flags = 0;
+
+    if (inh_flags & X509_VP_FLAG_LOCKED)
+        return 1;
+
+    if (inh_flags & X509_VP_FLAG_DEFAULT)
+        to_default = 1;
+    else
+        to_default = 0;
+
+    if (inh_flags & X509_VP_FLAG_OVERWRITE)
+        to_overwrite = 1;
+    else
+        to_overwrite = 0;
+
+    x509_verify_param_copy(purpose, 0);
+    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
+    x509_verify_param_copy(depth, -1);
+    x509_verify_param_copy(auth_level, -1);
+
+    /* If overwrite or check time not set, copy across */
+
+    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+        dest->check_time = src->check_time;
+        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+        /* Don't need to copy flag: that is done below */
+    }
+
+    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+        dest->flags = 0;
+
+    dest->flags |= src->flags;
+
+    if (test_x509_verify_param_copy(policies, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+            return 0;
+    }
+
+    /* Copy the host flags if and only if we're copying the host list */
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
+        dest->hosts = NULL;
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
+                return 0;
+            dest->hostflags = src->hostflags;
+        }
+    }
+
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
+            return 0;
+    }
+
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
+            return 0;
+    }
+
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from)
+{
+    unsigned long save_flags = to->inh_flags;
+    int ret;
+    to->inh_flags |= X509_VP_FLAG_DEFAULT;
+    ret = X509_VERIFY_PARAM_inherit(to, from);
+    to->inh_flags = save_flags;
+    return ret;
+}
+
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+                               const char *src, size_t srclen)
+{
+    void *tmp;
+    if (src) {
+        if (srclen == 0)
+            srclen = strlen(src);
+
+        tmp = OPENSSL_memdup(src, srclen);
+        if (tmp == NULL)
+            return 0;
+    } else {
+        tmp = NULL;
+        srclen = 0;
+    }
+    OPENSSL_free(*pdest);
+    *pdest = tmp;
+    if (pdestlen != NULL)
+        *pdestlen = srclen;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
+{
+    OPENSSL_free(param->name);
+    param->name = OPENSSL_strdup(name);
+    if (param->name)
+        return 1;
+    return 0;
+}
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
+{
+    param->flags |= flags;
+    if (flags & X509_V_FLAG_POLICY_MASK)
+        param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags)
+{
+    param->flags &= ~flags;
+    return 1;
+}
+
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
+{
+    return param->flags;
+}
+
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
+{
+    return param->inh_flags;
+}
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
+{
+    param->inh_flags = flags;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
+{
+    return X509_PURPOSE_set(&param->purpose, purpose);
+}
+
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
+{
+    return X509_TRUST_set(&param->trust, trust);
+}
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
+{
+    param->depth = depth;
+}
+
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
+{
+    param->auth_level = auth_level;
+}
+
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
+{
+    param->check_time = t;
+    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
+}
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy)
+{
+    if (!param->policies) {
+        param->policies = sk_ASN1_OBJECT_new_null();
+        if (!param->policies)
+            return 0;
+    }
+    if (!sk_ASN1_OBJECT_push(param->policies, policy))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies)
+{
+    int i;
+    ASN1_OBJECT *oid, *doid;
+
+    if (!param)
+        return 0;
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+
+    if (!policies) {
+        param->policies = NULL;
+        return 1;
+    }
+
+    param->policies = sk_ASN1_OBJECT_new_null();
+    if (!param->policies)
+        return 0;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
+        oid = sk_ASN1_OBJECT_value(policies, i);
+        doid = OBJ_dup(oid);
+        if (!doid)
+            return 0;
+        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
+            ASN1_OBJECT_free(doid);
+            return 0;
+        }
+    }
+    param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
+}
+
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
+}
+
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags)
+{
+    param->hostflags = flags;
+}
+
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
+{
+    return param->peername;
+}
+
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target.  If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+                                     X509_VERIFY_PARAM *from)
+{
+    char *peername = (from != NULL) ? from->peername : NULL;
+
+    if (to->peername != peername) {
+        OPENSSL_free(to->peername);
+        to->peername = peername;
+    }
+    if (from)
+        from->peername = NULL;
+}
+
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen)
+{
+    return int_x509_param_set1(&param->email, &param->emaillen,
+                               email, emaillen);
+}
+
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen)
+{
+    if (iplen != 0 && iplen != 4 && iplen != 16)
+        return 0;
+    return int_x509_param_set1((char **)&param->ip, &param->iplen,
+                               (char *)ip, iplen);
+}
+
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return 0;
+    return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
+}
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
+{
+    return param->depth;
+}
+
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
+{
+    return param->auth_level;
+}
+
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
+{
+    return param->name;
+}
+
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
+
+/*
+ * Default verify parameters: these are used for various applications and can
+ * be overridden by the user specified table. NB: the 'name' field *must* be
+ * in alphabetical order because it will be searched using OBJ_search.
+ */
+
+static const X509_VERIFY_PARAM default_table[] = {
+    {
+     "default",                 /* X509 default parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     X509_V_FLAG_TRUSTED_FIRST, /* flags */
+     0,                         /* purpose */
+     0,                         /* trust */
+     100,                       /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "pkcs7",                   /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "smime_sign",              /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_client",              /* SSL/TLS client parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_CLIENT,   /* purpose */
+     X509_TRUST_SSL_CLIENT,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_server",              /* SSL/TLS server parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_SERVER,   /* purpose */
+     X509_TRUST_SSL_SERVER,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id}
+};
+
+static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
+
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+{
+    return strcmp(a->name, b->name);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+
+static int param_cmp(const X509_VERIFY_PARAM *const *a,
+                     const X509_VERIFY_PARAM *const *b)
+{
+    return strcmp((*a)->name, (*b)->name);
+}
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
+{
+    int idx;
+    X509_VERIFY_PARAM *ptmp;
+    if (param_table == NULL) {
+        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
+        if (param_table == NULL)
+            return 0;
+    } else {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
+        if (idx != -1) {
+            ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+            X509_VERIFY_PARAM_free(ptmp);
+            (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
+        }
+    }
+    if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_get_count(void)
+{
+    int num = OSSL_NELEM(default_table);
+    if (param_table)
+        num += sk_X509_VERIFY_PARAM_num(param_table);
+    return num;
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
+{
+    int num = OSSL_NELEM(default_table);
+    if (id < num)
+        return default_table + id;
+    return sk_X509_VERIFY_PARAM_value(param_table, id - num);
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
+{
+    int idx;
+    X509_VERIFY_PARAM pm;
+
+    pm.name = (char *)name;
+    if (param_table) {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
+        if (idx != -1)
+            return sk_X509_VERIFY_PARAM_value(param_table, idx);
+    }
+    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
+}
+
+void X509_VERIFY_PARAM_table_cleanup(void)
+{
+    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    param_table = NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509cset.c b/openssl-1.1.0h/crypto/x509/x509cset.c
new file mode 100644
index 0000000..2057859
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509cset.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+{
+    if (x == NULL)
+        return (0);
+    if (x->crl.version == NULL) {
+        if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
+            return (0);
+    }
+    return (ASN1_INTEGER_set(x->crl.version, version));
+}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return (0);
+    return (X509_NAME_set(&x->crl.issuer, name));
+}
+
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.lastUpdate, tm);
+}
+
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.nextUpdate, tm);
+}
+
+int X509_CRL_sort(X509_CRL *c)
+{
+    int i;
+    X509_REVOKED *r;
+    /*
+     * sort the data so it will be written in serial number order
+     */
+    sk_X509_REVOKED_sort(c->crl.revoked);
+    for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) {
+        r = sk_X509_REVOKED_value(c->crl.revoked, i);
+        r->sequence = i;
+    }
+    c->crl.enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_up_ref(X509_CRL *crl)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_CRL", crl);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl.version);
+}
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+#endif
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl.issuer;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl)
+{
+    return crl->crl.extensions;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl.revoked;
+}
+
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = &crl->signature;
+    if (palg != NULL)
+        *palg = &crl->sig_alg;
+}
+
+int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+    return OBJ_obj2nid(crl->sig_alg.algorithm);
+}
+
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+
+    if (x == NULL)
+        return (0);
+    in = x->revocationDate;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(x->revocationDate);
+            x->revocationDate = in;
+        }
+    }
+    return (in != NULL);
+}
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+    return &x->serialNumber;
+}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return (0);
+    in = &x->serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
+{
+    return r->extensions;
+}
+
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
+{
+    crl->crl.enc.modified = 1;
+    return i2d_X509_CRL_INFO(&crl->crl, pp);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509name.c b/openssl-1.1.0h/crypto/x509/x509name.c
new file mode 100644
index 0000000..f87dc7d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509name.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-1);
+    return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
+}
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
+                              int len)
+{
+    int i;
+    const ASN1_STRING *data;
+
+    i = X509_NAME_get_index_by_OBJ(name, obj, -1);
+    if (i < 0)
+        return (-1);
+    data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
+    if (buf == NULL)
+        return (data->length);
+    memcpy(buf, data->data, i);
+    buf[i] = '\0';
+    return (i);
+}
+
+int X509_NAME_entry_count(const X509_NAME *name)
+{
+    if (name == NULL)
+        return (0);
+    return (sk_X509_NAME_ENTRY_num(name->entries));
+}
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-2);
+    return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
+}
+
+/* NOTE: you should be passing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_NAME_ENTRY *ne;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return (-1);
+    if (lastpos < 0)
+        lastpos = -1;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    for (lastpos++; lastpos < n; lastpos++) {
+        ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
+        if (OBJ_cmp(ne->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
+}
+
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
+{
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return (NULL);
+    else
+        return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+}
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+{
+    X509_NAME_ENTRY *ret;
+    int i, n, set_prev, set_next;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return (NULL);
+    sk = name->entries;
+    ret = sk_X509_NAME_ENTRY_delete(sk, loc);
+    n = sk_X509_NAME_ENTRY_num(sk);
+    name->modified = 1;
+    if (loc == n)
+        return (ret);
+
+    /* else we need to fixup the set field */
+    if (loc != 0)
+        set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
+    else
+        set_prev = ret->set - 1;
+    set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+
+    /*-
+     * set_prev is the previous set
+     * set is the current set
+     * set_next is the following
+     * prev  1 1    1 1     1 1     1 1
+     * set   1      1       2       2
+     * next  1 1    2 2     2 2     3 2
+     * so basically only if prev and next differ by 2, then
+     * re-number down by 1
+     */
+    if (set_prev + 1 < set_next)
+        for (i = loc; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set--;
+    return (ret);
+}
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+/*
+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
+ * guy we are about to stomp on.
+ */
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
+                        int set)
+{
+    X509_NAME_ENTRY *new_name = NULL;
+    int n, i, inc;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return (0);
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+
+    name->modified = 1;
+
+    if (set == -1) {
+        if (loc == 0) {
+            set = 0;
+            inc = 1;
+        } else {
+            set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
+            inc = 0;
+        }
+    } else {                    /* if (set >= 0) */
+
+        if (loc >= n) {
+            if (loc != 0)
+                set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
+            else
+                set = 0;
+        } else
+            set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+        inc = (set == 0) ? 1 : 0;
+    }
+
+    /*
+     * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily
+     * const'ified; harmless cast as dup() don't modify its input.
+     */
+    if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
+        goto err;
+    new_name->set = set;
+    if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
+        X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (inc) {
+        n = sk_X509_NAME_ENTRY_num(sk);
+        for (i = loc + 1; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
+    }
+    return (1);
+ err:
+    X509_NAME_ENTRY_free(new_name);
+    return (0);
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_txt2obj(field, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", field);
+        return (NULL);
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    X509_NAME_ENTRY *ret;
+
+    if ((ne == NULL) || (*ne == NULL)) {
+        if ((ret = X509_NAME_ENTRY_new()) == NULL)
+            return (NULL);
+    } else
+        ret = *ne;
+
+    if (!X509_NAME_ENTRY_set_object(ret, obj))
+        goto err;
+    if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+        goto err;
+
+    if ((ne != NULL) && (*ne == NULL))
+        *ne = ret;
+    return (ret);
+ err:
+    if ((ne == NULL) || (ret != *ne))
+        X509_NAME_ENTRY_free(ret);
+    return (NULL);
+}
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
+{
+    if ((ne == NULL) || (obj == NULL)) {
+        X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
+                ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    ASN1_OBJECT_free(ne->object);
+    ne->object = OBJ_dup(obj);
+    return ((ne->object == NULL) ? 0 : 1);
+}
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len)
+{
+    int i;
+
+    if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+        return (0);
+    if ((type > 0) && (type & MBSTRING_FLAG))
+        return ASN1_STRING_set_by_NID(&ne->value, bytes,
+                                      len, type,
+                                      OBJ_obj2nid(ne->object)) ? 1 : 0;
+    if (len < 0)
+        len = strlen((const char *)bytes);
+    i = ASN1_STRING_set(ne->value, bytes, len);
+    if (!i)
+        return (0);
+    if (type != V_ASN1_UNDEF) {
+        if (type == V_ASN1_APP_CHOOSE)
+            ne->value->type = ASN1_PRINTABLE_type(bytes, len);
+        else
+            ne->value->type = type;
+    }
+    return (1);
+}
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return (NULL);
+    return (ne->object);
+}
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return (NULL);
+    return (ne->value);
+}
+
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+    return ne->set;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509rset.c b/openssl-1.1.0h/crypto/x509/x509rset.c
new file mode 100644
index 0000000..6dee297
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509rset.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+{
+    if (x == NULL)
+        return (0);
+    x->req_info.enc.modified = 1;
+    return (ASN1_INTEGER_set(x->req_info.version, version));
+}
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return (0);
+    x->req_info.enc.modified = 1;
+    return (X509_NAME_set(&x->req_info.subject, name));
+}
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return (0);
+    x->req_info.enc.modified = 1;
+    return (X509_PUBKEY_set(&x->req_info.pubkey, pkey));
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509spki.c b/openssl-1.1.0h/crypto/x509/x509spki.c
new file mode 100644
index 0000000..b142485
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509spki.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return (0);
+    return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return (NULL);
+    return (X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+    unsigned char *spki_der;
+    const unsigned char *p;
+    int spki_len;
+    NETSCAPE_SPKI *spki;
+    if (len <= 0)
+        len = strlen(str);
+    if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+    if (spki_len < 0) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
+        OPENSSL_free(spki_der);
+        return NULL;
+    }
+    p = spki_der;
+    spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+    OPENSSL_free(spki_der);
+    return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+    unsigned char *der_spki, *p;
+    char *b64_str;
+    int der_len;
+    der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+    der_spki = OPENSSL_malloc(der_len);
+    b64_str = OPENSSL_malloc(der_len * 2);
+    if (der_spki == NULL || b64_str == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(der_spki);
+        OPENSSL_free(b64_str);
+        return NULL;
+    }
+    p = der_spki;
+    i2d_NETSCAPE_SPKI(spki, &p);
+    EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+    OPENSSL_free(der_spki);
+    return b64_str;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x509type.c b/openssl-1.1.0h/crypto/x509/x509type.c
new file mode 100644
index 0000000..aca8355
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x509type.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
+{
+    const EVP_PKEY *pk;
+    int ret = 0, i;
+
+    if (x == NULL)
+        return (0);
+
+    if (pkey == NULL)
+        pk = X509_get0_pubkey(x);
+    else
+        pk = pkey;
+
+    if (pk == NULL)
+        return (0);
+
+    switch (EVP_PKEY_id(pk)) {
+    case EVP_PKEY_RSA:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+        ret |= EVP_PKT_ENC;
+        break;
+    case EVP_PKEY_DSA:
+        ret = EVP_PK_DSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_EC:
+        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
+        break;
+    case EVP_PKEY_DH:
+        ret = EVP_PK_DH | EVP_PKT_EXCH;
+        break;
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
+        ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
+        break;
+    default:
+        break;
+    }
+
+    i = X509_get_signature_nid(x);
+    if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
+
+        switch (i) {
+        case NID_rsaEncryption:
+        case NID_rsa:
+            ret |= EVP_PKS_RSA;
+            break;
+        case NID_dsa:
+        case NID_dsa_2:
+            ret |= EVP_PKS_DSA;
+            break;
+        case NID_X9_62_id_ecPublicKey:
+            ret |= EVP_PKS_EC;
+            break;
+        default:
+            break;
+        }
+    }
+
+    return (ret);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_all.c b/openssl-1.1.0h/crypto/x509/x_all.c
new file mode 100644
index 0000000..42bd161
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_all.c
@@ -0,0 +1,526 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/ocsp.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/x509v3.h>
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+{
+    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
+        return 0;
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+                             &a->signature, &a->cert_info, r));
+}
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+                             &a->sig_alg, a->signature, &a->req_info, r));
+}
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+                             &a->sig_algor, a->signature, a->spkac, r));
+}
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->cert_info.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                           &x->sig_alg, &x->signature, &x->cert_info, pkey,
+                           md));
+}
+
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+{
+    x->cert_info.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+                              &x->cert_info.signature,
+                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
+}
+#endif
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                           x->signature, &x->req_info, pkey, md));
+}
+
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+{
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                              &x->sig_alg, NULL, x->signature, &x->req_info,
+                              ctx);
+}
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->crl.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                           &x->sig_alg, &x->signature, &x->crl, pkey, md));
+}
+
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+{
+    x->crl.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
+                              &x->crl, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcrl,
+                                 ASN1_ITEM_rptr(X509_CRL));
+}
+#endif
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
+                           x->signature, x->spkac, pkey, md));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+#ifndef OPENSSL_NO_RSA
+
+# ifndef OPENSSL_NO_STDIO
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_d2i_fp((void *(*)(void))
+                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
+                       (void **)rsa);
+}
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
+}
+# endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
+}
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_STDIO
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
+}
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
+}
+
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
+}
+# endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
+}
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
+}
+
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
+}
+
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
+}
+
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
+}
+
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
+}
+# endif
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
+}
+
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
+}
+
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
+}
+
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
+}
+#endif
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len)
+{
+    ASN1_BIT_STRING *key;
+    key = X509_get0_pubkey_bitstr(data);
+    if (!key)
+        return 0;
+    return EVP_Digest(key->data, key->length, md, len, type, NULL);
+}
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1 and we already computed it. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
+}
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1; always computed in CRL d2i. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
+}
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
+}
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
+}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len)
+{
+    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
+                             (char *)data, md, len));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+{
+    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
+}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+{
+    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
+}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+{
+    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
+}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+{
+    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
+                          p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
+                           p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
+}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_attrib.c b/openssl-1.1.0h/crypto/x509/x_attrib.c
new file mode 100644
index 0000000..35f4aee
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_attrib.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "x509_lcl.h"
+
+/*-
+ * X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      STACK_OF(ASN1_TYPE) *set;
+ *      } X509_ATTRIBUTE;
+ *
+ */
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+{
+    X509_ATTRIBUTE *ret = NULL;
+    ASN1_TYPE *val = NULL;
+
+    if ((ret = X509_ATTRIBUTE_new()) == NULL)
+        return (NULL);
+    ret->object = OBJ_nid2obj(nid);
+    if ((val = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if (!sk_ASN1_TYPE_push(ret->set, val))
+        goto err;
+
+    ASN1_TYPE_set(val, atrtype, value);
+    return (ret);
+ err:
+    X509_ATTRIBUTE_free(ret);
+    ASN1_TYPE_free(val);
+    return (NULL);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_crl.c b/openssl-1.1.0h/crypto/x509/x_crl.c
new file mode 100644
index 0000000..dbed850
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_crl.c
@@ -0,0 +1,459 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+#include "x509_lcl.h"
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b);
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer);
+
+static X509_CRL_METHOD int_crl_meth = {
+    0,
+    0, 0,
+    def_crl_lookup,
+    def_crl_verify
+};
+
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
+
+/*
+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
+ * the original encoding the signature won't be affected by reordering of the
+ * revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+    if (!a || !a->revoked)
+        return 1;
+    switch (operation) {
+        /*
+         * Just set cmp function here. We don't sort because that would
+         * affect the output of X509_CRL_print().
+         */
+    case ASN1_OP_D2I_POST:
+        (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+/*
+ * Set CRL entry issuer according to CRL certificate issuer extension. Check
+ * for unhandled critical CRL entry extensions.
+ */
+
+static int crl_set_issuers(X509_CRL *crl)
+{
+
+    int i, j;
+    GENERAL_NAMES *gens, *gtmp;
+    STACK_OF(X509_REVOKED) *revoked;
+
+    revoked = X509_CRL_get_REVOKED(crl);
+
+    gens = NULL;
+    for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
+        X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+        STACK_OF(X509_EXTENSION) *exts;
+        ASN1_ENUMERATED *reason;
+        X509_EXTENSION *ext;
+        gtmp = X509_REVOKED_get_ext_d2i(rev,
+                                        NID_certificate_issuer, &j, NULL);
+        if (!gtmp && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (gtmp) {
+            gens = gtmp;
+            if (!crl->issuers) {
+                crl->issuers = sk_GENERAL_NAMES_new_null();
+                if (!crl->issuers)
+                    return 0;
+            }
+            if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+                return 0;
+        }
+        rev->issuer = gens;
+
+        reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL);
+        if (!reason && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (reason) {
+            rev->reason = ASN1_ENUMERATED_get(reason);
+            ASN1_ENUMERATED_free(reason);
+        } else
+            rev->reason = CRL_REASON_NONE;
+
+        /* Check for critical CRL entry extensions */
+
+        exts = rev->extensions;
+
+        for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
+            ext = sk_X509_EXTENSION_value(exts, j);
+            if (X509_EXTENSION_get_critical(ext)) {
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer)
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+    }
+
+    return 1;
+
+}
+
+/*
+ * The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    X509_CRL *crl = (X509_CRL *)*pval;
+    STACK_OF(X509_EXTENSION) *exts;
+    X509_EXTENSION *ext;
+    int idx;
+
+    switch (operation) {
+    case ASN1_OP_NEW_POST:
+        crl->idp = NULL;
+        crl->akid = NULL;
+        crl->flags = 0;
+        crl->idp_flags = 0;
+        crl->idp_reasons = CRLDP_ALL_REASONS;
+        crl->meth = default_crl_method;
+        crl->meth_data = NULL;
+        crl->issuers = NULL;
+        crl->crl_number = NULL;
+        crl->base_crl_number = NULL;
+        break;
+
+    case ASN1_OP_D2I_POST:
+        X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+        crl->idp = X509_CRL_get_ext_d2i(crl,
+                                        NID_issuing_distribution_point, NULL,
+                                        NULL);
+        if (crl->idp)
+            setup_idp(crl, crl->idp);
+
+        crl->akid = X509_CRL_get_ext_d2i(crl,
+                                         NID_authority_key_identifier, NULL,
+                                         NULL);
+
+        crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                               NID_crl_number, NULL, NULL);
+
+        crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                                    NID_delta_crl, NULL,
+                                                    NULL);
+        /* Delta CRLs must have CRL number */
+        if (crl->base_crl_number && !crl->crl_number)
+            crl->flags |= EXFLAG_INVALID;
+
+        /*
+         * See if we have any unhandled critical CRL extensions and indicate
+         * this in a flag. We only currently handle IDP so anything else
+         * critical sets the flag. This code accesses the X509_CRL structure
+         * directly: applications shouldn't do this.
+         */
+
+        exts = crl->crl.extensions;
+
+        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+            int nid;
+            ext = sk_X509_EXTENSION_value(exts, idx);
+            nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
+            if (nid == NID_freshest_crl)
+                crl->flags |= EXFLAG_FRESHEST;
+            if (X509_EXTENSION_get_critical(ext)) {
+                /* We handle IDP and deltas */
+                if ((nid == NID_issuing_distribution_point)
+                    || (nid == NID_authority_key_identifier)
+                    || (nid == NID_delta_crl))
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+        if (!crl_set_issuers(crl))
+            return 0;
+
+        if (crl->meth->crl_init) {
+            if (crl->meth->crl_init(crl) == 0)
+                return 0;
+        }
+
+        crl->flags |= EXFLAG_SET;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        break;
+    }
+    return 1;
+}
+
+/* Convert IDP into a more convenient form */
+
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+{
+    int idp_only = 0;
+    /* Set various flags according to IDP */
+    crl->idp_flags |= IDP_PRESENT;
+    if (idp->onlyuser > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYUSER;
+    }
+    if (idp->onlyCA > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYCA;
+    }
+    if (idp->onlyattr > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYATTR;
+    }
+
+    if (idp_only > 1)
+        crl->idp_flags |= IDP_INVALID;
+
+    if (idp->indirectCRL > 0)
+        crl->idp_flags |= IDP_INDIRECT;
+
+    if (idp->onlysomereasons) {
+        crl->idp_flags |= IDP_REASONS;
+        if (idp->onlysomereasons->length > 0)
+            crl->idp_reasons = idp->onlysomereasons->data[0];
+        if (idp->onlysomereasons->length > 1)
+            crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
+        crl->idp_reasons &= CRLDP_ALL_REASONS;
+    }
+
+    DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+}
+
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
+        ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b)
+{
+    return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber,
+                            (ASN1_STRING *)&(*b)->serialNumber));
+}
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+    X509_CRL_INFO *inf;
+    inf = &crl->crl;
+    if (inf->revoked == NULL)
+        inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+    if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    inf->enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    if (crl->meth->crl_verify)
+        return crl->meth->crl_verify(crl, r);
+    return 0;
+}
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret, serial, NULL);
+    return 0;
+}
+
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret,
+                                     X509_get_serialNumber(x),
+                                     X509_get_issuer_name(x));
+    return 0;
+}
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                             &crl->sig_alg, &crl->signature, &crl->crl, r));
+}
+
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                    X509_REVOKED *rev)
+{
+    int i;
+
+    if (!rev->issuer) {
+        if (!nm)
+            return 1;
+        if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+            return 1;
+        return 0;
+    }
+
+    if (!nm)
+        nm = X509_CRL_get_issuer(crl);
+
+    for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(nm, gen->d.directoryName))
+            return 1;
+    }
+    return 0;
+
+}
+
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer)
+{
+    X509_REVOKED rtmp, *rev;
+    int idx;
+    rtmp.serialNumber = *serial;
+    /*
+     * Sort revoked into serial number order if not already sorted. Do this
+     * under a lock to avoid race condition.
+     */
+    if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
+        CRYPTO_THREAD_write_lock(crl->lock);
+        sk_X509_REVOKED_sort(crl->crl.revoked);
+        CRYPTO_THREAD_unlock(crl->lock);
+    }
+    idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
+    if (idx < 0)
+        return 0;
+    /* Need to look for matching name */
+    for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+        rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
+        if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
+            return 0;
+        if (crl_revoked_issuer_match(crl, issuer, rev)) {
+            if (ret)
+                *ret = rev;
+            if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                return 2;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+{
+    if (meth == NULL)
+        default_crl_method = &int_crl_meth;
+    else
+        default_crl_method = meth;
+}
+
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk))
+{
+    X509_CRL_METHOD *m;
+    m = OPENSSL_malloc(sizeof(*m));
+    if (m == NULL)
+        return NULL;
+    m->crl_init = crl_init;
+    m->crl_free = crl_free;
+    m->crl_lookup = crl_lookup;
+    m->crl_verify = crl_verify;
+    m->flags = X509_CRL_METHOD_DYNAMIC;
+    return m;
+}
+
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+{
+    if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
+        return;
+    OPENSSL_free(m);
+}
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+{
+    crl->meth_data = dat;
+}
+
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+{
+    return crl->meth_data;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_exten.c b/openssl-1.1.0h/crypto/x509/x_exten.c
new file mode 100644
index 0000000..f10f4a4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_exten.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "x509_lcl.h"
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/openssl-1.1.0h/crypto/x509/x_name.c b/openssl-1.1.0h/crypto/x509/x_name.c
new file mode 100644
index 0000000..0af5df5
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_name.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include "internal/asn1_int.h"
+#include "x509_lcl.h"
+
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it,
+                            int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
+                          unsigned char **in);
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
+ */
+
+static const ASN1_EXTERN_FUNCS x509_name_ff = {
+    NULL,
+    x509_name_ex_new,
+    x509_name_ex_free,
+    0,                          /* Default clear behaviour is OK */
+    x509_name_ex_d2i,
+    x509_name_ex_i2d,
+    x509_name_ex_print
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+    X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL)
+        goto memerr;
+    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+        goto memerr;
+    if ((ret->bytes = BUF_MEM_new()) == NULL)
+        goto memerr;
+    ret->modified = 1;
+    *val = (ASN1_VALUE *)ret;
+    return 1;
+
+ memerr:
+    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+    if (ret) {
+        sk_X509_NAME_ENTRY_free(ret->entries);
+        OPENSSL_free(ret);
+    }
+    return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    X509_NAME *a;
+
+    if (!pval || !*pval)
+        return;
+    a = (X509_NAME *)*pval;
+
+    BUF_MEM_free(a->bytes);
+    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+    OPENSSL_free(a->canon_enc);
+    OPENSSL_free(a);
+    *pval = NULL;
+}
+
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_free(ne);
+}
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it, int tag, int aclass,
+                            char opt, ASN1_TLC *ctx)
+{
+    const unsigned char *p = *in, *q;
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    union {
+        X509_NAME *x;
+        ASN1_VALUE *a;
+    } nm = {
+        NULL
+    };
+    int i, j, ret;
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
+    q = p;
+
+    /* Get internal representation of Name */
+    ret = ASN1_item_ex_d2i(&intname.a,
+                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                           tag, aclass, opt, ctx);
+
+    if (ret <= 0)
+        return ret;
+
+    if (*val)
+        x509_name_ex_free(val, NULL);
+    if (!x509_name_ex_new(&nm.a, NULL))
+        goto err;
+    /* We've decoded it: now cache encoding */
+    if (!BUF_MEM_grow(nm.x->bytes, p - q))
+        goto err;
+    memcpy(nm.x->bytes->data, q, p - q);
+
+    /* Convert internal representation to X509_NAME structure */
+    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
+        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+            entry = sk_X509_NAME_ENTRY_value(entries, j);
+            entry->set = i;
+            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                goto err;
+            sk_X509_NAME_ENTRY_set(entries, j, NULL);
+        }
+    }
+    ret = x509_name_canon(nm.x);
+    if (!ret)
+        goto err;
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    nm.x->modified = 0;
+    *val = nm.a;
+    *in = p;
+    return ret;
+
+ err:
+    if (nm.x != NULL)
+        X509_NAME_free(nm.x);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+    return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass)
+{
+    int ret;
+    X509_NAME *a = (X509_NAME *)*val;
+    if (a->modified) {
+        ret = x509_name_encode(a);
+        if (ret < 0)
+            return ret;
+        ret = x509_name_canon(a);
+        if (ret < 0)
+            return ret;
+    }
+    ret = a->bytes->length;
+    if (out != NULL) {
+        memcpy(*out, a->bytes->data, ret);
+        *out += ret;
+    }
+    return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    int len;
+    unsigned char *p;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry;
+    int i, set = -1;
+    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname.s)
+        goto memerr;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto memerr;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                goto memerr;
+            }
+            set = entry->set;
+        }
+        if (!sk_X509_NAME_ENTRY_push(entries, entry))
+            goto memerr;
+    }
+    len = ASN1_item_ex_i2d(&intname.a, NULL,
+                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    if (!BUF_MEM_grow(a->bytes, len))
+        goto memerr;
+    p = (unsigned char *)a->bytes->data;
+    ASN1_item_ex_i2d(&intname.a,
+                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    a->modified = 0;
+    return len;
+ memerr:
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx)
+{
+    if (X509_NAME_print_ex(out, (const X509_NAME *)*pval,
+                           indent, pctx->nm_flags) <= 0)
+        return 0;
+    return 2;
+}
+
+/*
+ * This function generates the canonical encoding of the Name structure. In
+ * it all strings are converted to UTF8, leading, trailing and multiple
+ * spaces collapsed, converted to lower case and the leading SEQUENCE header
+ * removed. In future we could also normalize the UTF8 too. By doing this
+ * comparison of Name structures can be rapidly performed by just using
+ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
+ * constraints of type dirName can also be checked with a simple memcmp().
+ */
+
+static int x509_name_canon(X509_NAME *a)
+{
+    unsigned char *p;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry, *tmpentry = NULL;
+    int i, set = -1, ret = 0, len;
+
+    OPENSSL_free(a->canon_enc);
+    a->canon_enc = NULL;
+    /* Special case: empty X509_NAME => null encoding */
+    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
+        a->canon_enclen = 0;
+        return 1;
+    }
+    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname)
+        goto err;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto err;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                goto err;
+            }
+            set = entry->set;
+        }
+        tmpentry = X509_NAME_ENTRY_new();
+        if (tmpentry == NULL)
+            goto err;
+        tmpentry->object = OBJ_dup(entry->object);
+        if (tmpentry->object == NULL)
+            goto err;
+        if (!asn1_string_canon(tmpentry->value, entry->value))
+            goto err;
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+            goto err;
+        tmpentry = NULL;
+    }
+
+    /* Finally generate encoding */
+
+    len = i2d_name_canon(intname, NULL);
+    if (len < 0)
+        goto err;
+    a->canon_enclen = len;
+
+    p = OPENSSL_malloc(a->canon_enclen);
+
+    if (p == NULL)
+        goto err;
+
+    a->canon_enc = p;
+
+    i2d_name_canon(intname, &p);
+
+    ret = 1;
+
+ err:
+
+    X509_NAME_ENTRY_free(tmpentry);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    return ret;
+}
+
+/* Bitmap of all the types of string that will be canonicalized. */
+
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
+{
+    unsigned char *to, *from;
+    int len, i;
+
+    /* If type not in bitmask just copy string across */
+    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
+        if (!ASN1_STRING_copy(out, in))
+            return 0;
+        return 1;
+    }
+
+    out->type = V_ASN1_UTF8STRING;
+    out->length = ASN1_STRING_to_UTF8(&out->data, in);
+    if (out->length == -1)
+        return 0;
+
+    to = out->data;
+    from = to;
+
+    len = out->length;
+
+    /*
+     * Convert string in place to canonical form. Ultimately we may need to
+     * handle a wider range of characters but for now ignore anything with
+     * MSB set and rely on the isspace() and tolower() functions.
+     */
+
+    /* Ignore leading spaces */
+    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        from++;
+        len--;
+    }
+
+    to = from + len;
+
+    /* Ignore trailing spaces */
+    while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) {
+        to--;
+        len--;
+    }
+
+    to = out->data;
+
+    i = 0;
+    while (i < len) {
+        /* If MSB set just copy across */
+        if (*from & 0x80) {
+            *to++ = *from++;
+            i++;
+        }
+        /* Collapse multiple spaces */
+        else if (isspace(*from)) {
+            /* Copy one space across */
+            *to++ = ' ';
+            /*
+             * Ignore subsequent spaces. Note: don't need to check len here
+             * because we know the last character is a non-space so we can't
+             * overflow.
+             */
+            do {
+                from++;
+                i++;
+            }
+            while (!(*from & 0x80) && isspace(*from));
+        } else {
+            *to++ = tolower(*from);
+            from++;
+            i++;
+        }
+    }
+
+    out->length = to - out->data;
+
+    return 1;
+
+}
+
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
+                          unsigned char **in)
+{
+    int i, len, ltmp;
+    ASN1_VALUE *v;
+    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
+    len = 0;
+    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
+        v = sk_ASN1_VALUE_value(intname, i);
+        ltmp = ASN1_item_ex_i2d(&v, in,
+                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+        if (ltmp < 0)
+            return ltmp;
+        len += ltmp;
+    }
+    return len;
+}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+{
+    if ((name = X509_NAME_dup(name)) == NULL)
+        return 0;
+    X509_NAME_free(*xn);
+    *xn = name;
+    return 1;
+}
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
+{
+    char *s, *c, *b;
+    int l, i;
+
+    l = 80 - 2 - obase;
+
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
+#ifndef CHARSET_EBCDIC
+        if (((*s == '/') &&
+             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
+                                                 ((s[2] >= 'A')
+                                                  && (s[2] <= 'Z')
+                                                  && (s[3] == '='))
+              ))) || (*s == '\0'))
+#else
+        if (((*s == '/') &&
+             (isupper(s[1]) && ((s[2] == '=') ||
+                                (isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
+#endif
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+            l--;
+        }
+        if (*s == '\0')
+            break;
+        s++;
+        l--;
+    }
+
+    OPENSSL_free(b);
+    return 1;
+ err:
+    X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    OPENSSL_free(b);
+    return 0;
+}
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+{
+    /* Make sure encoding is valid */
+    if (i2d_X509_NAME(nm, NULL) <= 0)
+        return 0;
+    if (pder != NULL)
+        *pder = (unsigned char *)nm->bytes->data;
+    if (pderlen != NULL)
+        *pderlen = nm->bytes->length;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_pubkey.c b/openssl-1.1.0h/crypto/x509/x_pubkey.c
new file mode 100644
index 0000000..cc69283
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_pubkey.c
@@ -0,0 +1,374 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "internal/x509_int.h"
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+};
+
+static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+    } else if (operation == ASN1_OP_D2I_POST) {
+        /* Attempt to decode public key and cache in pubkey structure. */
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+        /*
+         * Opportunistically decode the key but remove any non fatal errors
+         * from the queue. Subsequent explicit attempts to decode/use the key
+         * will return an appropriate error.
+         */
+        ERR_set_mark();
+        if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1)
+            return 0;
+        ERR_pop_to_mark();
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+{
+    X509_PUBKEY *pk = NULL;
+
+    if (x == NULL)
+        return (0);
+
+    if ((pk = X509_PUBKEY_new()) == NULL)
+        goto error;
+
+    if (pkey->ameth) {
+        if (pkey->ameth->pub_encode) {
+            if (!pkey->ameth->pub_encode(pk, pkey)) {
+                X509err(X509_F_X509_PUBKEY_SET,
+                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    X509_PUBKEY_free(*x);
+    *x = pk;
+    pk->pkey = pkey;
+    EVP_PKEY_up_ref(pkey);
+    return 1;
+
+ error:
+    X509_PUBKEY_free(pk);
+    return 0;
+}
+
+/*
+ * Attempt to decode a public key.
+ * Returns 1 on success, 0 for a decode failure and -1 for a fatal
+ * error e.g. malloc failure.
+ */
+
+
+static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
+    {
+    EVP_PKEY *pkey = EVP_PKEY_new();
+
+    if (pkey == NULL) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    if (pkey->ameth->pub_decode) {
+        /*
+         * Treat any failure of pub_decode as a decode error. In
+         * future we could have different return codes for decode
+         * errors and fatal errors such as malloc failure.
+         */
+        if (!pkey->ameth->pub_decode(pkey, key)) {
+            X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    *ppkey = pkey;
+    return 1;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return 0;
+}
+
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = NULL;
+
+    if (key == NULL || key->public_key == NULL)
+        return NULL;
+
+    if (key->pkey != NULL)
+        return key->pkey;
+
+    /*
+     * When the key ASN.1 is initially parsed an attempt is made to
+     * decode the public key and cache the EVP_PKEY structure. If this
+     * operation fails the cached value will be NULL. Parsing continues
+     * to allow parsing of unknown key types or unsupported forms.
+     * We repeat the decode operation so the appropriate errors are left
+     * in the queue.
+     */
+    x509_pubkey_decode(&ret, key);
+    /* If decode doesn't fail something bad happened */
+    if (ret != NULL) {
+        X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(ret);
+    }
+
+    return NULL;
+}
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = X509_PUBKEY_get0(key);
+    if (ret != NULL)
+        EVP_PKEY_up_ref(ret);
+    return ret;
+}
+
+/*
+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
+ * decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
+{
+    X509_PUBKEY *xpk;
+    EVP_PKEY *pktmp;
+    const unsigned char *q;
+    q = *pp;
+    xpk = d2i_X509_PUBKEY(NULL, &q, length);
+    if (!xpk)
+        return NULL;
+    pktmp = X509_PUBKEY_get(xpk);
+    X509_PUBKEY_free(xpk);
+    if (!pktmp)
+        return NULL;
+    *pp = q;
+    if (a) {
+        EVP_PKEY_free(*a);
+        *a = pktmp;
+    }
+    return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+    X509_PUBKEY *xpk = NULL;
+    int ret;
+    if (!a)
+        return 0;
+    if (!X509_PUBKEY_set(&xpk, a))
+        return 0;
+    ret = i2d_X509_PUBKEY(xpk, pp);
+    X509_PUBKEY_free(xpk);
+    return ret;
+}
+
+/*
+ * The following are equivalents but which return RSA and DSA keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    RSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        RSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    EVP_PKEY_set1_RSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    DSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_DSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        DSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    EVP_PKEY_set1_DSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    EC_KEY *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return (NULL);
+    key = EVP_PKEY_get1_EC_KEY(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return (NULL);
+    *pp = q;
+    if (a) {
+        EC_KEY_free(*a);
+        *a = key;
+    }
+    return (key);
+}
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return (0);
+    if ((pktmp = EVP_PKEY_new()) == NULL) {
+        ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    EVP_PKEY_set1_EC_KEY(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return (ret);
+}
+#endif
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen)
+{
+    if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+        return 0;
+    if (penc) {
+        OPENSSL_free(pub->public_key->data);
+        pub->public_key->data = penc;
+        pub->public_key->length = penclen;
+        /* Set number of unused bits to zero */
+        pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    }
+    return 1;
+}
+
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub)
+{
+    if (ppkalg)
+        *ppkalg = pub->algor->algorithm;
+    if (pk) {
+        *pk = pub->public_key->data;
+        *ppklen = pub->public_key->length;
+    }
+    if (pa)
+        *pa = pub->algor;
+    return 1;
+}
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_req.c b/openssl-1.1.0h/crypto/x509/x_req.c
new file mode 100644
index 0000000..c2da95a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_req.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+    if (operation == ASN1_OP_NEW_POST) {
+        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+        if (!rinf->attributes)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0) = {
+        ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/openssl-1.1.0h/crypto/x509/x_x509.c b/openssl-1.1.0h/crypto/x509/x_x509.c
new file mode 100644
index 0000000..6783fd8
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_x509.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_EMBED(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509 *ret = (X509 *)*pval;
+
+    switch (operation) {
+
+    case ASN1_OP_NEW_POST:
+        ret->ex_flags = 0;
+        ret->ex_pathlen = -1;
+        ret->ex_pcpathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
+        ret->rfc3779_addr = NULL;
+        ret->rfc3779_asid = NULL;
+#endif
+        ret->aux = NULL;
+        ret->crldp = NULL;
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
+            return 0;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+        break;
+
+    }
+
+    return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb) = {
+        ASN1_EMBED(X509, cert_info, X509_CINF),
+        ASN1_EMBED(X509, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *X509_get_ex_data(X509 *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+    const unsigned char *q;
+    X509 *ret;
+    int freeret = 0;
+
+    /* Save start position */
+    q = *pp;
+
+    if (a == NULL || *a == NULL)
+        freeret = 1;
+    ret = d2i_X509(a, &q, length);
+    /* If certificate unreadable then forget it */
+    if (ret == NULL)
+        return NULL;
+    /* update length */
+    length -= q - *pp;
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+        goto err;
+    *pp = q;
+    return ret;
+ err:
+    if (freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
+    return NULL;
+}
+
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL.  We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
+{
+    int length, tmplen;
+    unsigned char *start = pp != NULL ? *pp : NULL;
+
+    OPENSSL_assert(pp == NULL || *pp != NULL);
+
+    /*
+     * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+     * not here.  It should be that if a == NULL length is zero, but we check
+     * both just in case.
+     */
+    length = i2d_X509(a, pp);
+    if (length <= 0 || a == NULL)
+        return length;
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        if (start != NULL)
+            *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
+    return length;
+}
+
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+    int length;
+    unsigned char *tmp;
+
+    /* Buffer provided by caller */
+    if (pp == NULL || *pp != NULL)
+        return i2d_x509_aux_internal(a, pp);
+
+    /* Obtain the combined length */
+    if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+        return length;
+
+    /* Allocate requisite combined storage */
+    *pp = tmp = OPENSSL_malloc(length);
+    if (tmp == NULL)
+        return -1; /* Push error onto error stack? */
+
+    /* Encode, but keep *pp at the originally malloced pointer */
+    length = i2d_x509_aux_internal(a, &tmp);
+    if (length <= 0) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return length;
+}
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+{
+    x->cert_info.enc.modified = 1;
+    return i2d_X509_CINF(&x->cert_info, pp);
+}
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x)
+{
+    if (psig)
+        *psig = &x->signature;
+    if (palg)
+        *palg = &x->sig_alg;
+}
+
+int X509_get_signature_nid(const X509 *x)
+{
+    return OBJ_obj2nid(x->sig_alg.algorithm);
+}
diff --git a/openssl-1.1.0h/crypto/x509/x_x509a.c b/openssl-1.1.0h/crypto/x509/x_x509a.c
new file mode 100644
index 0000000..8c9ad71
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509/x_x509a.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+int X509_trusted(const X509 *x)
+{
+    return x->aux ? 1 : 0;
+}
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL)
+        return NULL;
+    return x->aux;
+}
+
+int X509_alias_set1(X509 *x, const unsigned char *name, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!name) {
+        if (!x || !x->aux || !x->aux->alias)
+            return 1;
+        ASN1_UTF8STRING_free(x->aux->alias);
+        x->aux->alias = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!id) {
+        if (!x || !x->aux || !x->aux->keyid)
+            return 1;
+        ASN1_OCTET_STRING_free(x->aux->keyid);
+        x->aux->keyid = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->keyid == NULL
+        && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->alias)
+        return NULL;
+    if (len)
+        *len = x->aux->alias->length;
+    return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->keyid)
+        return NULL;
+    if (len)
+        *len = x->aux->keyid->length;
+    return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp = NULL;
+    if (obj) {
+        objtmp = OBJ_dup(obj);
+        if (!objtmp)
+            return 0;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->trust == NULL
+        && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+        return 1;
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if ((objtmp = OBJ_dup(obj)) == NULL)
+        return 0;
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->reject == NULL
+        && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+void X509_trust_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+        x->aux->trust = NULL;
+    }
+}
+
+void X509_reject_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+        x->aux->reject = NULL;
+    }
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->trust;
+    return NULL;
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->reject;
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/build.info b/openssl-1.1.0h/crypto/x509v3/build.info
new file mode 100644
index 0000000..452a8b0
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/build.info
@@ -0,0 +1,8 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+  v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+  v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+  v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+  v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
+  pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
+  v3_asid.c v3_addr.c v3_tlsf.c
diff --git a/openssl-1.1.0h/crypto/x509v3/ext_dat.h b/openssl-1.1.0h/crypto/x509v3/ext_dat.h
new file mode 100644
index 0000000..c9ede96
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/ext_dat.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+int name_cmp(const char *name, const char *cmp);
+
+extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
+extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
+extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
+extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
+extern const X509V3_EXT_METHOD v3_tls_feature;
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_cache.c b/openssl-1.1.0h/crypto/x509v3/pcy_cache.c
new file mode 100644
index 0000000..a9ee30a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_cache.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "pcy_int.h"
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b);
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
+
+/*
+ * Set cache entry according to CertificatePolicies extension. Note: this
+ * destroys the passed CERTIFICATEPOLICIES structure.
+ */
+
+static int policy_cache_create(X509 *x,
+                               CERTIFICATEPOLICIES *policies, int crit)
+{
+    int i;
+    int ret = 0;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    X509_POLICY_DATA *data = NULL;
+    POLICYINFO *policy;
+    if (sk_POLICYINFO_num(policies) == 0)
+        goto bad_policy;
+    cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
+    if (cache->data == NULL)
+        goto bad_policy;
+    for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+        policy = sk_POLICYINFO_value(policies, i);
+        data = policy_data_new(policy, NULL, crit);
+        if (data == NULL)
+            goto bad_policy;
+        /*
+         * Duplicate policy OIDs are illegal: reject if matches found.
+         */
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (cache->anyPolicy) {
+                ret = -1;
+                goto bad_policy;
+            }
+            cache->anyPolicy = data;
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+            ret = -1;
+            goto bad_policy;
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+            goto bad_policy;
+        data = NULL;
+    }
+    ret = 1;
+ bad_policy:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    policy_data_free(data);
+    sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
+    if (ret <= 0) {
+        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+        cache->data = NULL;
+    }
+    return ret;
+}
+
+static int policy_cache_new(X509 *x)
+{
+    X509_POLICY_CACHE *cache;
+    ASN1_INTEGER *ext_any = NULL;
+    POLICY_CONSTRAINTS *ext_pcons = NULL;
+    CERTIFICATEPOLICIES *ext_cpols = NULL;
+    POLICY_MAPPINGS *ext_pmaps = NULL;
+    int i;
+
+    if (x->policy_cache != NULL)
+        return 1;
+    cache = OPENSSL_malloc(sizeof(*cache));
+    if (cache == NULL)
+        return 0;
+    cache->anyPolicy = NULL;
+    cache->data = NULL;
+    cache->any_skip = -1;
+    cache->explicit_skip = -1;
+    cache->map_skip = -1;
+
+    x->policy_cache = cache;
+
+    /*
+     * Handle requireExplicitPolicy *first*. Need to process this even if we
+     * don't have any policies.
+     */
+    ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
+
+    if (!ext_pcons) {
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        if (!ext_pcons->requireExplicitPolicy
+            && !ext_pcons->inhibitPolicyMapping)
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->explicit_skip,
+                                  ext_pcons->requireExplicitPolicy))
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->map_skip,
+                                  ext_pcons->inhibitPolicyMapping))
+            goto bad_cache;
+    }
+
+    /* Process CertificatePolicies */
+
+    ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
+    /*
+     * If no CertificatePolicies extension or problem decoding then there is
+     * no point continuing because the valid policies will be NULL.
+     */
+    if (!ext_cpols) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+        return 1;
+    }
+
+    i = policy_cache_create(x, ext_cpols, i);
+
+    /* NB: ext_cpols freed by policy_cache_set_policies */
+
+    if (i <= 0)
+        return i;
+
+    ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
+
+    if (!ext_pmaps) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        i = policy_cache_set_mapping(x, ext_pmaps);
+        if (i <= 0)
+            goto bad_cache;
+    }
+
+    ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
+
+    if (!ext_any) {
+        if (i != -1)
+            goto bad_cache;
+    } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+        goto bad_cache;
+    goto just_cleanup;
+
+ bad_cache:
+    x->ex_flags |= EXFLAG_INVALID_POLICY;
+
+ just_cleanup:
+    POLICY_CONSTRAINTS_free(ext_pcons);
+    ASN1_INTEGER_free(ext_any);
+    return 1;
+
+}
+
+void policy_cache_free(X509_POLICY_CACHE *cache)
+{
+    if (!cache)
+        return;
+    policy_data_free(cache->anyPolicy);
+    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    OPENSSL_free(cache);
+}
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x)
+{
+
+    if (x->policy_cache == NULL) {
+        CRYPTO_THREAD_write_lock(x->lock);
+        policy_cache_new(x);
+        CRYPTO_THREAD_unlock(x->lock);
+    }
+
+    return x->policy_cache;
+
+}
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id)
+{
+    int idx;
+    X509_POLICY_DATA tmp;
+    tmp.valid_policy = (ASN1_OBJECT *)id;
+    idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_POLICY_DATA_value(cache->data, idx);
+}
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b)
+{
+    return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
+}
+
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
+{
+    if (value == NULL)
+        return 1;
+    if (value->type == V_ASN1_NEG_INTEGER)
+        return 0;
+    *out = ASN1_INTEGER_get(value);
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_data.c b/openssl-1.1.0h/crypto/x509v3/pcy_data.c
new file mode 100644
index 0000000..cf1d635
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_data.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* Policy Node routines */
+
+void policy_data_free(X509_POLICY_DATA *data)
+{
+    if (!data)
+        return;
+    ASN1_OBJECT_free(data->valid_policy);
+    /* Don't free qualifiers if shared */
+    if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+        sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+    sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
+    OPENSSL_free(data);
+}
+
+/*
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
+ * the policy, otherwise use 'id'. This behaviour covers the two types of
+ * data in RFC3280: data with from a CertificatePolicies extension and
+ * additional data with just the qualifiers of anyPolicy and ID from another
+ * source.
+ */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
+                                  const ASN1_OBJECT *cid, int crit)
+{
+    X509_POLICY_DATA *ret;
+    ASN1_OBJECT *id;
+    if (!policy && !cid)
+        return NULL;
+    if (cid) {
+        id = OBJ_dup(cid);
+        if (!id)
+            return NULL;
+    } else
+        id = NULL;
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        return NULL;
+    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
+    if (ret->expected_policy_set == NULL) {
+        OPENSSL_free(ret);
+        ASN1_OBJECT_free(id);
+        return NULL;
+    }
+
+    if (crit)
+        ret->flags = POLICY_DATA_FLAG_CRITICAL;
+
+    if (id)
+        ret->valid_policy = id;
+    else {
+        ret->valid_policy = policy->policyid;
+        policy->policyid = NULL;
+    }
+
+    if (policy) {
+        ret->qualifier_set = policy->qualifiers;
+        policy->qualifiers = NULL;
+    }
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_int.h b/openssl-1.1.0h/crypto/x509v3/pcy_int.h
new file mode 100644
index 0000000..5daf78d
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_int.h
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+
+DEFINE_STACK_OF(X509_POLICY_DATA)
+
+/* Internal structures */
+
+/*
+ * This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child data:
+ * X509_POLICY_NODE contains that. This means that the main policy data can
+ * be kept static and cached with the certificate.
+ */
+
+struct X509_POLICY_DATA_st {
+    unsigned int flags;
+    /* Policy OID and qualifiers for this data */
+    ASN1_OBJECT *valid_policy;
+    STACK_OF(POLICYQUALINFO) *qualifier_set;
+    STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
+
+/* X509_POLICY_DATA flags values */
+
+/*
+ * This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED                 0x1
+
+/*
+ * This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
+
+/* AND with flags to see if any mapping has occurred */
+
+#define POLICY_DATA_FLAG_MAP_MASK               0x3
+
+/* qualifiers are shared and shouldn't be freed */
+
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
+
+/* Parent node is an extra node and should be freed */
+
+#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
+
+/* Corresponding CertificatePolicies is critical */
+
+#define POLICY_DATA_FLAG_CRITICAL               0x10
+
+/* This structure is cached with a certificate */
+
+struct X509_POLICY_CACHE_st {
+    /* anyPolicy data or NULL if no anyPolicy */
+    X509_POLICY_DATA *anyPolicy;
+    /* other policy data */
+    STACK_OF(X509_POLICY_DATA) *data;
+    /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+    long any_skip;
+    /*
+     * If policyConstraints and requireExplicitPolicy present this is its
+     * value or -1 if absent.
+     */
+    long explicit_skip;
+    /*
+     * If policyConstraints and policyMapping present this is its value or -1
+     * if absent.
+     */
+    long map_skip;
+};
+
+/*
+ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
+ */
+
+/* This structure represents the relationship between nodes */
+
+struct X509_POLICY_NODE_st {
+    /* node data this refers to */
+    const X509_POLICY_DATA *data;
+    /* Parent node */
+    X509_POLICY_NODE *parent;
+    /* Number of child nodes */
+    int nchild;
+};
+
+struct X509_POLICY_LEVEL_st {
+    /* Cert for this level */
+    X509 *cert;
+    /* nodes at this level */
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    /* anyPolicy node */
+    X509_POLICY_NODE *anyPolicy;
+    /* Extra data */
+    /*
+     * STACK_OF(X509_POLICY_DATA) *extra_data;
+     */
+    unsigned int flags;
+};
+
+struct X509_POLICY_TREE_st {
+    /* This is the tree 'level' data */
+    X509_POLICY_LEVEL *levels;
+    int nlevel;
+    /*
+     * Extra policy data when additional nodes (not from the certificate) are
+     * required.
+     */
+    STACK_OF(X509_POLICY_DATA) *extra_data;
+    /* This is the authority constrained policy set */
+    STACK_OF(X509_POLICY_NODE) *auth_policies;
+    STACK_OF(X509_POLICY_NODE) *user_policies;
+    unsigned int flags;
+};
+
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY          0x2
+
+/* Useful macros */
+
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+
+/* Internal functions */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+                                  int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+
+void policy_cache_init(void);
+
+void policy_cache_free(X509_POLICY_CACHE *cache);
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+                               const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree);
+void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_lib.c b/openssl-1.1.0h/crypto/x509v3/pcy_lib.c
new file mode 100644
index 0000000..67f7eaf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_lib.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* accessor functions */
+
+/* X509_POLICY_TREE stuff */
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
+{
+    if (!tree)
+        return 0;
+    return tree->nlevel;
+}
+
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i)
+{
+    if (!tree || (i < 0) || (i >= tree->nlevel))
+        return NULL;
+    return tree->levels + i;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree)
+{
+    if (!tree)
+        return NULL;
+    return tree->auth_policies;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree)
+{
+    if (!tree)
+        return NULL;
+    if (tree->flags & POLICY_FLAG_ANY_POLICY)
+        return tree->auth_policies;
+    else
+        return tree->user_policies;
+}
+
+/* X509_POLICY_LEVEL stuff */
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
+{
+    int n;
+    if (!level)
+        return 0;
+    if (level->anyPolicy)
+        n = 1;
+    else
+        n = 0;
+    if (level->nodes)
+        n += sk_X509_POLICY_NODE_num(level->nodes);
+    return n;
+}
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
+{
+    if (!level)
+        return NULL;
+    if (level->anyPolicy) {
+        if (i == 0)
+            return level->anyPolicy;
+        i--;
+    }
+    return sk_X509_POLICY_NODE_value(level->nodes, i);
+}
+
+/* X509_POLICY_NODE stuff */
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->valid_policy;
+}
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->qualifier_set;
+}
+
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node)
+{
+    if (!node)
+        return NULL;
+    return node->parent;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_map.c b/openssl-1.1.0h/crypto/x509v3/pcy_map.c
new file mode 100644
index 0000000..ab9dd21
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_map.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+
+#include "pcy_int.h"
+
+/*
+ * Set policy mapping entries in cache. Note: this modifies the passed
+ * POLICY_MAPPINGS structure
+ */
+
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+{
+    POLICY_MAPPING *map;
+    X509_POLICY_DATA *data;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    int i;
+    int ret = 0;
+    if (sk_POLICY_MAPPING_num(maps) == 0) {
+        ret = -1;
+        goto bad_mapping;
+    }
+    for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
+        map = sk_POLICY_MAPPING_value(maps, i);
+        /* Reject if map to or from anyPolicy */
+        if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
+            || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
+            ret = -1;
+            goto bad_mapping;
+        }
+
+        /* Attempt to find matching policy data */
+        data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+        /* If we don't have anyPolicy can't map */
+        if (data == NULL && !cache->anyPolicy)
+            continue;
+
+        /* Create a NODE from anyPolicy */
+        if (data == NULL) {
+            data = policy_data_new(NULL, map->issuerDomainPolicy,
+                                   cache->anyPolicy->flags
+                                   & POLICY_DATA_FLAG_CRITICAL);
+            if (data == NULL)
+                goto bad_mapping;
+            data->qualifier_set = cache->anyPolicy->qualifier_set;
+            /*
+             * map->issuerDomainPolicy = NULL;
+             */
+            data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
+            data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+            if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+                policy_data_free(data);
+                goto bad_mapping;
+            }
+        } else
+            data->flags |= POLICY_DATA_FLAG_MAPPED;
+        if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+                                 map->subjectDomainPolicy))
+            goto bad_mapping;
+        map->subjectDomainPolicy = NULL;
+
+    }
+
+    ret = 1;
+ bad_mapping:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+    return ret;
+
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_node.c b/openssl-1.1.0h/crypto/x509v3/pcy_node.c
new file mode 100644
index 0000000..80443bf
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_node.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+static int node_cmp(const X509_POLICY_NODE *const *a,
+                    const X509_POLICY_NODE *const *b)
+{
+    return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
+}
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
+{
+    return sk_X509_POLICY_NODE_new(node_cmp);
+}
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
+                               const ASN1_OBJECT *id)
+{
+    X509_POLICY_DATA n;
+    X509_POLICY_NODE l;
+    int idx;
+
+    n.valid_policy = (ASN1_OBJECT *)id;
+    l.data = &n;
+
+    idx = sk_X509_POLICY_NODE_find(nodes, &l);
+    if (idx == -1)
+        return NULL;
+
+    return sk_X509_POLICY_NODE_value(nodes, idx);
+
+}
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id)
+{
+    X509_POLICY_NODE *node;
+    int i;
+    for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(level->nodes, i);
+        if (node->parent == parent) {
+            if (!OBJ_cmp(node->data->valid_policy, id))
+                return node;
+        }
+    }
+    return NULL;
+}
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree)
+{
+    X509_POLICY_NODE *node;
+
+    node = OPENSSL_zalloc(sizeof(*node));
+    if (node == NULL)
+        return NULL;
+    node->data = data;
+    node->parent = parent;
+    if (level) {
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (level->anyPolicy)
+                goto node_error;
+            level->anyPolicy = node;
+        } else {
+
+            if (level->nodes == NULL)
+                level->nodes = policy_node_cmp_new();
+            if (level->nodes == NULL)
+                goto node_error;
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+                goto node_error;
+        }
+    }
+
+    if (tree) {
+        if (tree->extra_data == NULL)
+            tree->extra_data = sk_X509_POLICY_DATA_new_null();
+        if (tree->extra_data == NULL)
+            goto node_error;
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+            goto node_error;
+    }
+
+    if (parent)
+        parent->nchild++;
+
+    return node;
+
+ node_error:
+    policy_node_free(node);
+    return NULL;
+}
+
+void policy_node_free(X509_POLICY_NODE *node)
+{
+    OPENSSL_free(node);
+}
+
+/*
+ * See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+{
+    int i;
+    ASN1_OBJECT *policy_oid;
+    const X509_POLICY_DATA *x = node->data;
+
+    if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
+        if (!OBJ_cmp(x->valid_policy, oid))
+            return 1;
+        return 0;
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
+        policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+        if (!OBJ_cmp(policy_oid, oid))
+            return 1;
+    }
+    return 0;
+
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/pcy_tree.c b/openssl-1.1.0h/crypto/x509v3/pcy_tree.c
new file mode 100644
index 0000000..b3d1983
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/pcy_tree.c
@@ -0,0 +1,700 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/*
+ * Enable this to print out the complete policy tree at various point during
+ * evaluation.
+ */
+
+/*
+ * #define OPENSSL_POLICY_DEBUG
+ */
+
+#ifdef OPENSSL_POLICY_DEBUG
+
+static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
+                           X509_POLICY_NODE *node, int indent)
+{
+    if ((lev->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
+        BIO_puts(err, "  Not Mapped\n");
+    else {
+        int i;
+        STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
+        ASN1_OBJECT *oid;
+        BIO_puts(err, "  Expected: ");
+        for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
+            oid = sk_ASN1_OBJECT_value(pset, i);
+            if (i)
+                BIO_puts(err, ", ");
+            i2a_ASN1_OBJECT(err, oid);
+        }
+        BIO_puts(err, "\n");
+    }
+}
+
+static void tree_print(char *str, X509_POLICY_TREE *tree,
+                       X509_POLICY_LEVEL *curr)
+{
+    BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE);
+    X509_POLICY_LEVEL *plev;
+
+    if (err == NULL)
+        return;
+    if (!curr)
+        curr = tree->levels + tree->nlevel;
+    else
+        curr++;
+
+    BIO_printf(err, "Level print after %s\n", str);
+    BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
+    for (plev = tree->levels; plev != curr; plev++) {
+        int i;
+
+        BIO_printf(err, "Level %ld, flags = %x\n",
+                   (long)(plev - tree->levels), plev->flags);
+        for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
+            X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+
+            X509_POLICY_NODE_print(err, node, 2);
+            expected_print(err, plev, node, 2);
+            BIO_printf(err, "  Flags: %x\n", node->data->flags);
+        }
+        if (plev->anyPolicy)
+            X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
+    }
+    BIO_free(err);
+}
+#endif
+
+/*-
+ * Return value: <= 0 on error, or positive bit mask:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree (including bare TA case)
+ * X509_PCY_TREE_EXPLICIT: explicit policy required
+ */
+static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+                     unsigned int flags)
+{
+    X509_POLICY_TREE *tree;
+    X509_POLICY_LEVEL *level;
+    const X509_POLICY_CACHE *cache;
+    X509_POLICY_DATA *data = NULL;
+    int ret = X509_PCY_TREE_VALID;
+    int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */
+    int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1;
+    int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1;
+    int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1;
+    int i;
+
+    *ptree = NULL;
+
+    /* Can't do anything with just a trust anchor */
+    if (n == 0)
+        return X509_PCY_TREE_EMPTY;
+
+    /*
+     * First setup the policy cache in all n non-TA certificates, this will be
+     * used in X509_verify_cert() which will invoke the verify callback for all
+     * certificates with invalid policy extensions.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+
+        /* Call for side-effect of computing hash and caching extensions */
+        X509_check_purpose(x, -1, 0);
+
+        /* If cache is NULL, likely ENOMEM: return immediately */
+        if (policy_cache_set(x) == NULL)
+            return X509_PCY_TREE_INTERNAL;
+    }
+
+    /*
+     * At this point check for invalid policies and required explicit policy.
+     * Note that the explicit_policy counter is a count-down to zero, with the
+     * requirement kicking in if and once it does that.  The counter is
+     * decremented for every non-self-issued certificate in the path, but may
+     * be further reduced by policy constraints in a non-leaf certificate.
+     *
+     * The ultimate policy set is the intersection of all the policies along
+     * the path, if we hit a certificate with an empty policy set, and explicit
+     * policy is required we're done.
+     */
+    for (i = n - 1;
+         i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0);
+         i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* All the policies are already cached, we can return early */
+        if (ex_flags & EXFLAG_INVALID_POLICY)
+            return X509_PCY_TREE_INVALID;
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
+            ret = X509_PCY_TREE_EMPTY;
+        if (explicit_policy > 0) {
+            if (!(ex_flags & EXFLAG_SI))
+                explicit_policy--;
+            if ((cache->explicit_skip >= 0)
+                && (cache->explicit_skip < explicit_policy))
+                explicit_policy = cache->explicit_skip;
+        }
+    }
+
+    if (explicit_policy == 0)
+        ret |= X509_PCY_TREE_EXPLICIT;
+    if ((ret & X509_PCY_TREE_VALID) == 0)
+        return ret;
+
+    /* If we get this far initialize the tree */
+    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL)
+        return X509_PCY_TREE_INTERNAL;
+
+    /*
+     * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+     *
+     * The top level is implicitly for the trust anchor with valid expected
+     * policies of anyPolicy.  (RFC 5280 has the TA at depth 0 and the leaf at
+     * depth n, we have the leaf at depth 0 and the TA at depth n).
+     */
+    if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
+        OPENSSL_free(tree);
+        return X509_PCY_TREE_INTERNAL;
+    }
+    tree->nlevel = n+1;
+    level = tree->levels;
+    if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+        goto bad_tree;
+    if (level_add_node(level, data, NULL, tree) == NULL) {
+        policy_data_free(data);
+        goto bad_tree;
+    }
+
+    /*
+     * In this pass initialize all the tree levels and whether anyPolicy and
+     * policy mapping are inhibited at each level.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        X509_up_ref(x);
+        (++level)->cert = x;
+
+        if (!cache->anyPolicy)
+            level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+        /* Determine inhibit any and inhibit map flags */
+        if (any_skip == 0) {
+            /*
+             * Any matching allowed only if certificate is self issued and not
+             * the last in the chain.
+             */
+            if (!(ex_flags & EXFLAG_SI) || (i == 0))
+                level->flags |= X509_V_FLAG_INHIBIT_ANY;
+        } else {
+            if (!(ex_flags & EXFLAG_SI))
+                any_skip--;
+            if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
+                any_skip = cache->any_skip;
+        }
+
+        if (map_skip == 0)
+            level->flags |= X509_V_FLAG_INHIBIT_MAP;
+        else {
+            if (!(ex_flags & EXFLAG_SI))
+                map_skip--;
+            if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
+                map_skip = cache->map_skip;
+        }
+    }
+
+    *ptree = tree;
+    return ret;
+
+ bad_tree:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+                                    X509_POLICY_DATA *data)
+{
+    X509_POLICY_LEVEL *last = curr - 1;
+    int i, matched = 0;
+
+    /* Iterate through all in nodes linking matches */
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (policy_node_match(last, node, data->valid_policy)) {
+            if (level_add_node(curr, data, node, NULL) == NULL)
+                return 0;
+            matched = 1;
+        }
+    }
+    if (!matched && last->anyPolicy) {
+        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(1): link any data from
+ * CertificatePolicies onto matching parent or anyPolicy if no match.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+                           const X509_POLICY_CACHE *cache)
+{
+    int i;
+
+    for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
+        X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+        /* Look for matching nodes in previous level */
+        if (!tree_link_matching_nodes(curr, data))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched
+ * policies in the parent and link to anyPolicy.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+                              const X509_POLICY_CACHE *cache,
+                              const ASN1_OBJECT *id,
+                              X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    X509_POLICY_DATA *data;
+
+    if (id == NULL)
+        id = node->data->valid_policy;
+    /*
+     * Create a new node with qualifiers from anyPolicy and id from unmatched
+     * node.
+     */
+    if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL)
+        return 0;
+
+    /* Curr may not have anyPolicy */
+    data->qualifier_set = cache->anyPolicy->qualifier_set;
+    data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+    if (level_add_node(curr, data, node, tree) == NULL) {
+        policy_data_free(data);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
+                               const X509_POLICY_CACHE *cache,
+                               X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    const X509_POLICY_LEVEL *last = curr - 1;
+    int i;
+
+    if ((last->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAPPED)) {
+        /* If no policy mapping: matched if one child present */
+        if (node->nchild)
+            return 1;
+        if (!tree_add_unmatched(curr, cache, NULL, node, tree))
+            return 0;
+        /* Add it */
+    } else {
+        /* If mapping: matched if one child per expected policy set */
+        STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
+        if (node->nchild == sk_ASN1_OBJECT_num(expset))
+            return 1;
+        /* Locate unmatched nodes */
+        for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) {
+            ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
+            if (level_find_node(curr, node, oid))
+                continue;
+            if (!tree_add_unmatched(curr, cache, oid, node, tree))
+                return 0;
+        }
+
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_any(X509_POLICY_LEVEL *curr,
+                         const X509_POLICY_CACHE *cache,
+                         X509_POLICY_TREE *tree)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    X509_POLICY_LEVEL *last = curr - 1;
+
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (!tree_link_unmatched(curr, cache, node, tree))
+            return 0;
+    }
+    /* Finally add link to anyPolicy */
+    if (last->anyPolicy &&
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        return 0;
+    return 1;
+}
+
+/*-
+ * Prune the tree: delete any child mapped child data on the current level then
+ * proceed up the tree deleting any data with no children. If we ever have no
+ * data on a level we can halt because the tree will be empty.
+ *
+ * Return value: <= 0 error, otherwise one of:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree
+ */
+static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
+{
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    X509_POLICY_NODE *node;
+    int i;
+    nodes = curr->nodes;
+    if (curr->flags & X509_V_FLAG_INHIBIT_MAP) {
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            /* Delete any mapped data: see RFC3280 XXXX */
+            if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+    }
+
+    for (;;) {
+        --curr;
+        nodes = curr->nodes;
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            if (node->nchild == 0) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+        if (curr->anyPolicy && !curr->anyPolicy->nchild) {
+            if (curr->anyPolicy->parent)
+                curr->anyPolicy->parent->nchild--;
+            OPENSSL_free(curr->anyPolicy);
+            curr->anyPolicy = NULL;
+        }
+        if (curr == tree->levels) {
+            /* If we zapped anyPolicy at top then tree is empty */
+            if (!curr->anyPolicy)
+                return X509_PCY_TREE_EMPTY;
+            break;
+        }
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
+                              X509_POLICY_NODE *pcy)
+{
+    if (*pnodes == NULL &&
+        (*pnodes = policy_node_cmp_new()) == NULL)
+        return 0;
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+        return 1;
+    return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
+}
+
+#define TREE_CALC_FAILURE 0
+#define TREE_CALC_OK_NOFREE 1
+#define TREE_CALC_OK_DOFREE 2
+
+/*-
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter is
+ * used as a store for the set of policy nodes used to calculate the user set.
+ * If the authority set is not anyPolicy then pnodes will just point to the
+ * authority set. If however the authority set is anyPolicy then the set of
+ * valid policies (other than anyPolicy) is store in pnodes.
+ *
+ * Return value:
+ *  TREE_CALC_FAILURE on failure,
+ *  TREE_CALC_OK_NOFREE on success and pnodes need not be freed,
+ *  TREE_CALC_OK_DOFREE on success and pnodes needs to be freed
+ */
+static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
+                                        STACK_OF(X509_POLICY_NODE) **pnodes)
+{
+    X509_POLICY_LEVEL *curr;
+    X509_POLICY_NODE *node, *anyptr;
+    STACK_OF(X509_POLICY_NODE) **addnodes;
+    int i, j;
+    curr = tree->levels + tree->nlevel - 1;
+
+    /* If last level contains anyPolicy set is anyPolicy */
+    if (curr->anyPolicy) {
+        if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+            return TREE_CALC_FAILURE;
+        addnodes = pnodes;
+    } else
+        /* Add policies to authority set */
+        addnodes = &tree->auth_policies;
+
+    curr = tree->levels;
+    for (i = 1; i < tree->nlevel; i++) {
+        /*
+         * If no anyPolicy node on this this level it can't appear on lower
+         * levels so end search.
+         */
+        if ((anyptr = curr->anyPolicy) == NULL)
+            break;
+        curr++;
+        for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
+            node = sk_X509_POLICY_NODE_value(curr->nodes, j);
+            if ((node->parent == anyptr)
+                && !tree_add_auth_node(addnodes, node)) {
+                if (addnodes == pnodes) {
+                    sk_X509_POLICY_NODE_free(*pnodes);
+                    *pnodes = NULL;
+                }
+                return TREE_CALC_FAILURE;
+            }
+        }
+    }
+    if (addnodes == pnodes)
+        return TREE_CALC_OK_DOFREE;
+
+    *pnodes = tree->auth_policies;
+    return TREE_CALC_OK_NOFREE;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+                                   STACK_OF(ASN1_OBJECT) *policy_oids,
+                                   STACK_OF(X509_POLICY_NODE) *auth_nodes)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    ASN1_OBJECT *oid;
+    X509_POLICY_NODE *anyPolicy;
+    X509_POLICY_DATA *extra;
+
+    /*
+     * Check if anyPolicy present in authority constrained policy set: this
+     * will happen if it is a leaf node.
+     */
+    if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+        return 1;
+
+    anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        if (OBJ_obj2nid(oid) == NID_any_policy) {
+            tree->flags |= POLICY_FLAG_ANY_POLICY;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        node = tree_find_sk(auth_nodes, oid);
+        if (!node) {
+            if (!anyPolicy)
+                continue;
+            /*
+             * Create a new node with policy ID from user set and qualifiers
+             * from anyPolicy.
+             */
+            extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+            if (extra == NULL)
+                return 0;
+            extra->qualifier_set = anyPolicy->data->qualifier_set;
+            extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                | POLICY_DATA_FLAG_EXTRA_NODE;
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+        }
+        if (!tree->user_policies) {
+            tree->user_policies = sk_X509_POLICY_NODE_new_null();
+            if (!tree->user_policies)
+                return 1;
+        }
+        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+            return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Return value: <= 0 error, otherwise one of:
+ *  X509_PCY_TREE_VALID: valid tree
+ *  X509_PCY_TREE_EMPTY: empty tree
+ * (see tree_prune()).
+ */
+static int tree_evaluate(X509_POLICY_TREE *tree)
+{
+    int ret, i;
+    X509_POLICY_LEVEL *curr = tree->levels + 1;
+    const X509_POLICY_CACHE *cache;
+
+    for (i = 1; i < tree->nlevel; i++, curr++) {
+        cache = policy_cache_set(curr->cert);
+        if (!tree_link_nodes(curr, cache))
+            return X509_PCY_TREE_INTERNAL;
+
+        if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+            && !tree_link_any(curr, cache, tree))
+            return X509_PCY_TREE_INTERNAL;
+#ifdef OPENSSL_POLICY_DEBUG
+        tree_print("before tree_prune()", tree, curr);
+#endif
+        ret = tree_prune(tree, curr);
+        if (ret != X509_PCY_TREE_VALID)
+            return ret;
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+static void exnode_free(X509_POLICY_NODE *node)
+{
+    if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+        OPENSSL_free(node);
+}
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree)
+{
+    X509_POLICY_LEVEL *curr;
+    int i;
+
+    if (!tree)
+        return;
+
+    sk_X509_POLICY_NODE_free(tree->auth_policies);
+    sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
+
+    for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
+        X509_free(curr->cert);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        policy_node_free(curr->anyPolicy);
+    }
+
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+    OPENSSL_free(tree->levels);
+    OPENSSL_free(tree);
+
+}
+
+/*-
+ * Application policy checking function.
+ * Return codes:
+ *  X509_PCY_TREE_FAILURE:  Failure to satisfy explicit policy
+ *  X509_PCY_TREE_INVALID:  Inconsistent or invalid extensions
+ *  X509_PCY_TREE_INTERNAL: Internal error, most likely malloc
+ *  X509_PCY_TREE_VALID:    Success (null tree if empty or bare TA)
+ */
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
+{
+    int init_ret;
+    int ret;
+    int calc_ret;
+    X509_POLICY_TREE *tree = NULL;
+    STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
+
+    *ptree = NULL;
+    *pexplicit_policy = 0;
+    init_ret = tree_init(&tree, certs, flags);
+
+    if (init_ret <= 0)
+        return init_ret;
+
+    if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) {
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
+            return X509_PCY_TREE_VALID;
+        }
+    } else {
+        *pexplicit_policy = 1;
+        /* Tree empty and requireExplicit True: Error */
+        if (init_ret & X509_PCY_TREE_EMPTY)
+            return X509_PCY_TREE_FAILURE;
+    }
+
+    ret = tree_evaluate(tree);
+#ifdef OPENSSL_POLICY_DEBUG
+    tree_print("tree_evaluate()", tree, NULL);
+#endif
+    if (ret <= 0)
+        goto error;
+
+    if (ret == X509_PCY_TREE_EMPTY) {
+        X509_policy_tree_free(tree);
+        if (init_ret & X509_PCY_TREE_EXPLICIT)
+            return X509_PCY_TREE_FAILURE;
+        return X509_PCY_TREE_VALID;
+    }
+
+    /* Tree is not empty: continue */
+
+    if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
+        goto error;
+    ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
+    if (calc_ret == TREE_CALC_OK_DOFREE)
+        sk_X509_POLICY_NODE_free(auth_nodes);
+    if (!ret)
+        goto error;
+
+    *ptree = tree;
+
+    if (init_ret & X509_PCY_TREE_EXPLICIT) {
+        nodes = X509_policy_tree_get0_user_policies(tree);
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+            return X509_PCY_TREE_FAILURE;
+    }
+    return X509_PCY_TREE_VALID;
+
+ error:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/tabtest.c b/openssl-1.1.0h/crypto/x509v3/tabtest.c
new file mode 100644
index 0000000..a33a63a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/tabtest.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Simple program to check the ext_dat.h is correct and print out problems if
+ * it is not.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+main()
+{
+    int i, prev = -1, bad = 0;
+    X509V3_EXT_METHOD **tmp;
+    i = OSSL_NELEM(standard_exts);
+    if (i != STANDARD_EXTENSION_COUNT)
+        fprintf(stderr, "Extension number invalid expecting %d\n", i);
+    tmp = standard_exts;
+    for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+        if ((*tmp)->ext_nid < prev)
+            bad = 1;
+        prev = (*tmp)->ext_nid;
+
+    }
+    if (bad) {
+        tmp = standard_exts;
+        fprintf(stderr, "Extensions out of order!\n");
+        for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+            printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+    } else
+        fprintf(stderr, "Order OK\n");
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_addr.c b/openssl-1.1.0h/crypto/x509v3/v3_addr.c
new file mode 100644
index 0000000..c5183a1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_addr.c
@@ -0,0 +1,1307 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        return 4;
+    case IANA_AFI_IPV6:
+        return 16;
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+{
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+                       const ASN1_BIT_STRING *bs,
+                       const int length, const unsigned char fill)
+{
+    if (bs->length < 0 || bs->length > length)
+        return 0;
+    if (bs->length > 0) {
+        memcpy(addr, bs->data, bs->length);
+        if ((bs->flags & 7) != 0) {
+            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+            if (fill == 0)
+                addr[bs->length - 1] &= ~mask;
+            else
+                addr[bs->length - 1] |= mask;
+        }
+    }
+    memset(addr + bs->length, fill, length - bs->length);
+    return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill, const ASN1_BIT_STRING *bs)
+{
+    unsigned char addr[ADDR_RAW_BUF_LEN];
+    int i, n;
+
+    if (bs->length < 0)
+        return 0;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        if (!addr_expand(addr, bs, 4, fill))
+            return 0;
+        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+        break;
+    case IANA_AFI_IPV6:
+        if (!addr_expand(addr, bs, 16, fill))
+            return 0;
+        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+             n -= 2) ;
+        for (i = 0; i < n; i += 2)
+            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+                       (i < 14 ? ":" : ""));
+        if (i < 16)
+            BIO_puts(out, ":");
+        if (i == 0)
+            BIO_puts(out, ":");
+        break;
+    default:
+        for (i = 0; i < bs->length; i++)
+            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+        break;
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+        BIO_printf(out, "%*s", indent, "");
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+                return 0;
+            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+            continue;
+        case IPAddressOrRange_addressRange:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+                return 0;
+            BIO_puts(out, "-");
+            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+                return 0;
+            BIO_puts(out, "\n");
+            continue;
+        }
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
+                            void *ext, BIO *out, int indent)
+{
+    const IPAddrBlocks *addr = ext;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        const unsigned int afi = X509v3_addr_get_afi(f);
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            BIO_printf(out, "%*sIPv4", indent, "");
+            break;
+        case IANA_AFI_IPV6:
+            BIO_printf(out, "%*sIPv6", indent, "");
+            break;
+        default:
+            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+            break;
+        }
+        if (f->addressFamily->length > 2) {
+            switch (f->addressFamily->data[2]) {
+            case 1:
+                BIO_puts(out, " (Unicast)");
+                break;
+            case 2:
+                BIO_puts(out, " (Multicast)");
+                break;
+            case 3:
+                BIO_puts(out, " (Unicast/Multicast)");
+                break;
+            case 4:
+                BIO_puts(out, " (MPLS)");
+                break;
+            case 64:
+                BIO_puts(out, " (Tunnel)");
+                break;
+            case 65:
+                BIO_puts(out, " (VPLS)");
+                break;
+            case 66:
+                BIO_puts(out, " (BGP MDT)");
+                break;
+            case 128:
+                BIO_puts(out, " (MPLS-labeled VPN)");
+                break;
+            default:
+                BIO_printf(out, " (Unknown SAFI %u)",
+                           (unsigned)f->addressFamily->data[2]);
+                break;
+            }
+        }
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            BIO_puts(out, ": inherit\n");
+            break;
+        case IPAddressChoice_addressesOrRanges:
+            BIO_puts(out, ":\n");
+            if (!i2r_IPAddressOrRanges(out,
+                                       indent + 2,
+                                       f->ipAddressChoice->
+                                       u.addressesOrRanges, afi))
+                return 0;
+            break;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1.  If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b, const int length)
+{
+    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+    int prefixlen_a = 0, prefixlen_b = 0;
+    int r;
+
+    switch (a->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_a = length * 8;
+        break;
+    }
+
+    switch (b->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_b = length * 8;
+        break;
+    }
+
+    if ((r = memcmp(addr_a, addr_b, length)) != 0)
+        return r;
+    else
+        return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max, const int length)
+{
+    unsigned char mask;
+    int i, j;
+
+    OPENSSL_assert(memcmp(min, max, length) <= 0);
+    for (i = 0; i < length && min[i] == max[i]; i++) ;
+    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+    if (i < j)
+        return -1;
+    if (i > j)
+        return i * 8;
+    mask = min[i] ^ max[i];
+    switch (mask) {
+    case 0x01:
+        j = 7;
+        break;
+    case 0x03:
+        j = 6;
+        break;
+    case 0x07:
+        j = 5;
+        break;
+    case 0x0F:
+        j = 4;
+        break;
+    case 0x1F:
+        j = 3;
+        break;
+    case 0x3F:
+        j = 2;
+        break;
+    case 0x7F:
+        j = 1;
+        break;
+    default:
+        return -1;
+    }
+    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+        return -1;
+    else
+        return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr, const int prefixlen)
+{
+    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+    IPAddressOrRange *aor = IPAddressOrRange_new();
+
+    if (aor == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressPrefix;
+    if (aor->u.addressPrefix == NULL &&
+        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+        goto err;
+    aor->u.addressPrefix->flags &= ~7;
+    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (bitlen > 0) {
+        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+        aor->u.addressPrefix->flags |= 8 - bitlen;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max, const int length)
+{
+    IPAddressOrRange *aor;
+    int i, prefixlen;
+
+    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+        return make_addressPrefix(result, min, prefixlen);
+
+    if ((aor = IPAddressOrRange_new()) == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressRange;
+    OPENSSL_assert(aor->u.addressRange == NULL);
+    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->min == NULL &&
+        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->max == NULL &&
+        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+
+    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+        goto err;
+    aor->u.addressRange->min->flags &= ~7;
+    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = min[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != 0)
+            ++j;
+        aor->u.addressRange->min->flags |= 8 - j;
+    }
+
+    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+        goto err;
+    aor->u.addressRange->max->flags &= ~7;
+    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = max[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != (0xFFU >> j))
+            ++j;
+        aor->u.addressRange->max->flags |= 8 - j;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+    IPAddressFamily *f;
+    unsigned char key[3];
+    int keylen;
+    int i;
+
+    key[0] = (afi >> 8) & 0xFF;
+    key[1] = afi & 0xFF;
+    if (safi != NULL) {
+        key[2] = *safi & 0xFF;
+        keylen = 3;
+    } else {
+        keylen = 2;
+    }
+
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        f = sk_IPAddressFamily_value(addr, i);
+        OPENSSL_assert(f->addressFamily->data != NULL);
+        if (f->addressFamily->length == keylen &&
+            !memcmp(f->addressFamily->data, key, keylen))
+            return f;
+    }
+
+    if ((f = IPAddressFamily_new()) == NULL)
+        goto err;
+    if (f->ipAddressChoice == NULL &&
+        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+        goto err;
+    if (f->addressFamily == NULL &&
+        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+        goto err;
+    if (!sk_IPAddressFamily_push(addr, f))
+        goto err;
+
+    return f;
+
+ err:
+    IPAddressFamily_free(f);
+    return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+         f->ipAddressChoice->u.addressesOrRanges != NULL))
+        return 0;
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+        f->ipAddressChoice->u.inherit != NULL)
+        return 1;
+    if (f->ipAddressChoice->u.inherit == NULL &&
+        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+        return 0;
+    f->ipAddressChoice->type = IPAddressChoice_inherit;
+    return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    IPAddressOrRanges *aors = NULL;
+
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+         f->ipAddressChoice->u.inherit != NULL))
+        return NULL;
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (aors != NULL)
+        return aors;
+    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+        return NULL;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+        break;
+    case IANA_AFI_IPV6:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+        break;
+    }
+    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+    f->ipAddressChoice->u.addressesOrRanges = aors;
+    return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi,
+                           const unsigned *safi,
+                           unsigned char *a, const int prefixlen)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Add a range.
+ */
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi,
+                          const unsigned *safi,
+                          unsigned char *min, unsigned char *max)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    int length = length_from_afi(afi);
+    if (aors == NULL)
+        return 0;
+    if (!make_addressRange(&aor, min, max, length))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+                           unsigned char *min, unsigned char *max, int length)
+{
+    if (aor == NULL || min == NULL || max == NULL)
+        return 0;
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+    case IPAddressOrRange_addressRange:
+        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+    }
+    return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int X509v3_addr_get_range(IPAddressOrRange *aor,
+                          const unsigned afi,
+                          unsigned char *min,
+                          unsigned char *max, const int length)
+{
+    int afi_length = length_from_afi(afi);
+    if (aor == NULL || min == NULL || max == NULL ||
+        afi_length == 0 || length < afi_length ||
+        (aor->type != IPAddressOrRange_addressPrefix &&
+         aor->type != IPAddressOrRange_addressRange) ||
+        !extract_min_max(aor, min, max, afi_length))
+        return 0;
+
+    return afi_length;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+                               const IPAddressFamily *const *b_)
+{
+    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+    int len = ((a->length <= b->length) ? a->length : b->length);
+    int cmp = memcmp(a->data, b->data, len);
+    return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int X509v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    IPAddressOrRanges *aors;
+    int i, j, k;
+
+    /*
+     * Empty extension is canonical.
+     */
+    if (addr == NULL)
+        return 1;
+
+    /*
+     * Check whether the top-level list is in order.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+        if (IPAddressFamily_cmp(&a, &b) >= 0)
+            return 0;
+    }
+
+    /*
+     * Top level's ok, now check each address family.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        int length = length_from_afi(X509v3_addr_get_afi(f));
+
+        /*
+         * Inheritance is canonical.  Anything other than inheritance or
+         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+         */
+        if (f == NULL || f->ipAddressChoice == NULL)
+            return 0;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            continue;
+        case IPAddressChoice_addressesOrRanges:
+            break;
+        default:
+            return 0;
+        }
+
+        /*
+         * It's an IPAddressOrRanges sequence, check it.
+         */
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (sk_IPAddressOrRange_num(aors) == 0)
+            return 0;
+        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+            if (!extract_min_max(a, a_min, a_max, length) ||
+                !extract_min_max(b, b_min, b_max, length))
+                return 0;
+
+            /*
+             * Punt misordered list, overlapping start, or inverted range.
+             */
+            if (memcmp(a_min, b_min, length) >= 0 ||
+                memcmp(a_min, a_max, length) > 0 ||
+                memcmp(b_min, b_max, length) > 0)
+                return 0;
+
+            /*
+             * Punt if adjacent or overlapping.  Check for adjacency by
+             * subtracting one from b_min first.
+             */
+            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+            if (memcmp(a_max, b_min, length) >= 0)
+                return 0;
+
+            /*
+             * Check for range that should be expressed as a prefix.
+             */
+            if (a->type == IPAddressOrRange_addressRange &&
+                range_should_be_prefix(a_min, a_max, length) >= 0)
+                return 0;
+        }
+
+        /*
+         * Check range to see if it's inverted or should be a
+         * prefix.
+         */
+        j = sk_IPAddressOrRange_num(aors) - 1;
+        {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+                if (!extract_min_max(a, a_min, a_max, length))
+                    return 0;
+                if (memcmp(a_min, a_max, length) > 0 ||
+                    range_should_be_prefix(a_min, a_max, length) >= 0)
+                    return 0;
+            }
+        }
+    }
+
+    /*
+     * If we made it through all that, we're happy.
+     */
+    return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+    int i, j, length = length_from_afi(afi);
+
+    /*
+     * Sort the IPAddressOrRanges sequence.
+     */
+    sk_IPAddressOrRange_sort(aors);
+
+    /*
+     * Clean up representation issues, punt on duplicates or overlaps.
+     */
+    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+        if (!extract_min_max(a, a_min, a_max, length) ||
+            !extract_min_max(b, b_min, b_max, length))
+            return 0;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (memcmp(a_min, a_max, length) > 0 ||
+            memcmp(b_min, b_max, length) > 0)
+            return 0;
+
+        /*
+         * Punt overlaps.
+         */
+        if (memcmp(a_max, b_min, length) >= 0)
+            return 0;
+
+        /*
+         * Merge if a and b are adjacent.  We check for
+         * adjacency by subtracting one from b_min first.
+         */
+        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+        if (memcmp(a_max, b_min, length) == 0) {
+            IPAddressOrRange *merged;
+            if (!make_addressRange(&merged, a_min, b_max, length))
+                return 0;
+            (void)sk_IPAddressOrRange_set(aors, i, merged);
+            (void)sk_IPAddressOrRange_delete(aors, i + 1);
+            IPAddressOrRange_free(a);
+            IPAddressOrRange_free(b);
+            --i;
+            continue;
+        }
+    }
+
+    /*
+     * Check for inverted final range.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+            if (!extract_min_max(a, a_min, a_max, length))
+                return 0;
+            if (memcmp(a_min, a_max, length) > 0)
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int X509v3_addr_canonize(IPAddrBlocks *addr)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+            !IPAddressOrRanges_canonize(f->ipAddressChoice->
+                                        u.addressesOrRanges,
+                                        X509v3_addr_get_afi(f)))
+            return 0;
+    }
+    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+    sk_IPAddressFamily_sort(addr);
+    OPENSSL_assert(X509v3_addr_is_canonical(addr));
+    return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+    static const char v4addr_chars[] = "0123456789.";
+    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+    IPAddrBlocks *addr = NULL;
+    char *s = NULL, *t;
+    int i;
+
+    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+        unsigned afi, *safi = NULL, safi_;
+        const char *addr_chars = NULL;
+        int prefixlen, i1, i2, delim, length;
+
+        if (!name_cmp(val->name, "IPv4")) {
+            afi = IANA_AFI_IPV4;
+        } else if (!name_cmp(val->name, "IPv6")) {
+            afi = IANA_AFI_IPV6;
+        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+            afi = IANA_AFI_IPV4;
+            safi = &safi_;
+        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+            afi = IANA_AFI_IPV6;
+            safi = &safi_;
+        } else {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            addr_chars = v4addr_chars;
+            break;
+        case IANA_AFI_IPV6:
+            addr_chars = v6addr_chars;
+            break;
+        }
+
+        length = length_from_afi(afi);
+
+        /*
+         * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate
+         * the other input values.
+         */
+        if (safi != NULL) {
+            *safi = strtoul(val->value, &t, 0);
+            t += strspn(t, " \t");
+            if (*safi > 0xFF || *t++ != ':') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            t += strspn(t, " \t");
+            s = OPENSSL_strdup(t);
+        } else {
+            s = OPENSSL_strdup(val->value);
+        }
+        if (s == NULL) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Check for inheritance.  Not worth additional complexity to
+         * optimize this (seldom-used) case.
+         */
+        if (strcmp(s, "inherit") == 0) {
+            if (!X509v3_addr_add_inherit(addr, afi, safi)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_INHERITANCE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(s);
+            s = NULL;
+            continue;
+        }
+
+        i1 = strspn(s, addr_chars);
+        i2 = i1 + strspn(s + i1, " \t");
+        delim = s[i2++];
+        s[i1] = '\0';
+
+        if (a2i_ipadd(min, s) != length) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (delim) {
+        case '/':
+            prefixlen = (int)strtoul(s + i2, &t, 10);
+            if (t == s + i2 || *t != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '-':
+            i1 = i2 + strspn(s + i2, " \t");
+            i2 = i1 + strspn(s + i1, addr_chars);
+            if (i1 == i2 || s[i2] != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (a2i_ipadd(max, s + i1) != length) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_IPADDRESS);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (memcmp(min, max, length_from_afi(afi)) > 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_range(addr, afi, safi, min, max)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '\0':
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        default:
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        OPENSSL_free(s);
+        s = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_addr_canonize(addr))
+        goto err;
+    return addr;
+
+ err:
+    OPENSSL_free(s);
+    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+    NID_sbgp_ipAddrBlock,       /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_IPAddrBlocks,           /* v2i */
+    i2r_IPAddrBlocks,           /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int X509v3_addr_inherits(IPAddrBlocks *addr)
+{
+    int i;
+    if (addr == NULL)
+        return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child, int length)
+{
+    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                             c_min, c_max, length))
+            return -1;
+        for (;; p++) {
+            if (p >= sk_IPAddressOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                                 p_min, p_max, length))
+                return 0;
+            if (memcmp(p_max, c_max, length) < 0)
+                continue;
+            if (memcmp(p_min, c_min, length) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+    int i;
+    if (a == NULL || a == b)
+        return 1;
+    if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
+        return 0;
+    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+        int j = sk_IPAddressFamily_find(b, fa);
+        IPAddressFamily *fb;
+        fb = sk_IPAddressFamily_value(b, j);
+        if (fb == NULL)
+            return 0;
+        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+                           fa->ipAddressChoice->u.addressesOrRanges,
+                           length_from_afi(X509v3_addr_get_afi(fb))))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
+ */
+static int addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       IPAddrBlocks *ext)
+{
+    IPAddrBlocks *child = NULL;
+    int i, j, ret = 1;
+    X509 *x;
+
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if ((ext = x->rfc3779_addr) == NULL)
+            goto done;
+    }
+    if (!X509v3_addr_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+        X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
+                  ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ret = 0;
+        goto done;
+    }
+
+    /*
+     * Now walk up the chain.  No cert may list resources that its
+     * parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if (!X509v3_addr_is_canonical(x->rfc3779_addr))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_addr == NULL) {
+            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+            }
+            continue;
+        }
+        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+                                              IPAddressFamily_cmp);
+        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, k);
+            if (fp == NULL) {
+                if (fc->ipAddressChoice->type ==
+                    IPAddressChoice_addressesOrRanges) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+                continue;
+            }
+            if (fp->ipAddressChoice->type ==
+                IPAddressChoice_addressesOrRanges) {
+                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+                                     fc->ipAddressChoice->u.addressesOrRanges,
+                                     length_from_afi(X509v3_addr_get_afi(fc))))
+                    sk_IPAddressFamily_set(child, j, fp);
+                else
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    OPENSSL_assert(x != NULL);
+    if (x->rfc3779_addr != NULL) {
+        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, j);
+            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+                && sk_IPAddressFamily_find(child, fp) >= 0)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        }
+    }
+
+ done:
+    sk_IPAddressFamily_free(child);
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+    return addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_addr_inherits(ext))
+        return 0;
+    return addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_akey.c b/openssl-1.1.0h/crypto/x509v3/v3_akey.c
new file mode 100644
index 0000000..d9f7704
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_akey.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_akey_id = {
+    NID_authority_key_identifier,
+    X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+    0, 0,
+    NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist)
+{
+    char *tmp;
+    if (akeyid->keyid) {
+        tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
+        X509V3_add_value("keyid", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    if (akeyid->issuer)
+        extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+    if (akeyid->serial) {
+        tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+        X509V3_add_value("serial", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    return extlist;
+}
+
+/*-
+ * Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values)
+{
+    char keyid = 0, issuer = 0;
+    int i;
+    CONF_VALUE *cnf;
+    ASN1_OCTET_STRING *ikeyid = NULL;
+    X509_NAME *isname = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ASN1_INTEGER *serial = NULL;
+    X509_EXTENSION *ext;
+    X509 *cert;
+    AUTHORITY_KEYID *akeyid;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        cnf = sk_CONF_VALUE_value(values, i);
+        if (strcmp(cnf->name, "keyid") == 0) {
+            keyid = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                keyid = 2;
+        } else if (strcmp(cnf->name, "issuer") == 0) {
+            issuer = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                issuer = 2;
+        } else {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+            ERR_add_error_data(2, "name=", cnf->name);
+            return NULL;
+        }
+    }
+
+    if (!ctx || !ctx->issuer_cert) {
+        if (ctx && (ctx->flags == CTX_TEST))
+            return AUTHORITY_KEYID_new();
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                  X509V3_R_NO_ISSUER_CERTIFICATE);
+        return NULL;
+    }
+
+    cert = ctx->issuer_cert;
+
+    if (keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+            ikeyid = X509V3_EXT_d2i(ext);
+        if (keyid == 2 && !ikeyid) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+            return NULL;
+        }
+    }
+
+    if ((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (!isname || !serial) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+            goto err;
+        }
+    }
+
+    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
+        goto err;
+
+    if (isname) {
+        if ((gens = sk_GENERAL_NAME_new_null()) == NULL
+            || (gen = GENERAL_NAME_new()) == NULL
+            || !sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+    }
+
+    akeyid->issuer = gens;
+    gen = NULL;
+    gens = NULL;
+    akeyid->serial = serial;
+    akeyid->keyid = ikeyid;
+
+    return akeyid;
+
+ err:
+    sk_GENERAL_NAME_free(gens);
+    GENERAL_NAME_free(gen);
+    X509_NAME_free(isname);
+    ASN1_INTEGER_free(serial);
+    ASN1_OCTET_STRING_free(ikeyid);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_akeya.c b/openssl-1.1.0h/crypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000..d6dd6bc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_akeya.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_alt.c b/openssl-1.1.0h/crypto/x509v3/v3_alt.c
new file mode 100644
index 0000000..a35d337
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_alt.c
@@ -0,0 +1,576 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+
+const X509V3_EXT_METHOD v3_alt[3] = {
+    {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_subject_alt,
+     NULL, NULL, NULL},
+
+    {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_issuer_alt,
+     NULL, NULL, NULL},
+
+    {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     NULL, NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gens,
+                                        STACK_OF(CONF_VALUE) *ret)
+{
+    int i;
+    GENERAL_NAME *gen;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        ret = i2v_GENERAL_NAME(method, gen, ret);
+    }
+    if (!ret)
+        return sk_CONF_VALUE_new_null();
+    return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret)
+{
+    unsigned char *p;
+    char oline[256], htmp[5];
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        if (!X509V3_add_value("othername", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_X400:
+        if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EDIPARTY:
+        if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EMAIL:
+        if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_DNS:
+        if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_URI:
+        if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
+            return NULL;
+        break;
+
+    case GEN_DIRNAME:
+        if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL
+                || !X509V3_add_value("DirName", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_snprintf(oline, sizeof(oline),
+                         "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            oline[0] = 0;
+            for (i = 0; i < 8; i++) {
+                BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]);
+                p += 2;
+                strcat(oline, htmp);
+                if (i != 7)
+                    strcat(oline, ":");
+            }
+        } else {
+            if (!X509V3_add_value("IP Address", "<invalid>", &ret))
+                return NULL;
+            break;
+        }
+        if (!X509V3_add_value("IP Address", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_RID:
+        i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+        if (!X509V3_add_value("Registered ID", oline, &ret))
+            return NULL;
+        break;
+    }
+    return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+    unsigned char *p;
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        BIO_printf(out, "othername:<unsupported>");
+        break;
+
+    case GEN_X400:
+        BIO_printf(out, "X400Name:<unsupported>");
+        break;
+
+    case GEN_EDIPARTY:
+        /* Maybe fix this: it is supported now */
+        BIO_printf(out, "EdiPartyName:<unsupported>");
+        break;
+
+    case GEN_EMAIL:
+        BIO_printf(out, "email:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DNS:
+        BIO_printf(out, "DNS:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_URI:
+        BIO_printf(out, "URI:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DIRNAME:
+        BIO_printf(out, "DirName:");
+        X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            BIO_printf(out, "IP Address");
+            for (i = 0; i < 8; i++) {
+                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
+                p += 2;
+            }
+            BIO_puts(out, "\n");
+        } else {
+            BIO_printf(out, "IP Address:<invalid>");
+            break;
+        }
+        break;
+
+    case GEN_RID:
+        BIO_printf(out, "Registered ID:");
+        i2a_ASN1_OBJECT(out, gen->d.rid);
+        break;
+    }
+    return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "issuer")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_issuer(ctx, gens))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen);
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+    GENERAL_NAMES *ialt;
+    GENERAL_NAME *gen;
+    X509_EXTENSION *ext;
+    int i;
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return 1;
+    if (!ctx || !ctx->issuer_cert) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+        goto err;
+    }
+    i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+    if (i < 0)
+        return 1;
+    if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL
+        || (ialt = X509V3_EXT_d2i(ext)) == NULL) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+        goto err;
+    }
+
+    for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+        gen = sk_GENERAL_NAME_value(ialt, i);
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_GENERAL_NAME_free(ialt);
+
+    return 1;
+
+ err:
+    return 0;
+
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "email")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_email(ctx, gens, 0))
+                goto err;
+        } else if (!name_cmp(cnf->name, "email")
+                   && cnf->value && strcmp(cnf->value, "move") == 0) {
+            if (!copy_email(ctx, gens, 1))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen);
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/*
+ * Copy any email addresses in a certificate or request to GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+    X509_NAME *nm;
+    ASN1_IA5STRING *email = NULL;
+    X509_NAME_ENTRY *ne;
+    GENERAL_NAME *gen = NULL;
+    int i;
+    if (ctx != NULL && ctx->flags == CTX_TEST)
+        return 1;
+    if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+        X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+        goto err;
+    }
+    /* Find the subject name */
+    if (ctx->subject_cert)
+        nm = X509_get_subject_name(ctx->subject_cert);
+    else
+        nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+    /* Now add any email address(es) to STACK */
+    i = -1;
+    while ((i = X509_NAME_get_index_by_NID(nm,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(nm, i);
+        email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
+        if (move_p) {
+            X509_NAME_delete_entry(nm, i);
+            X509_NAME_ENTRY_free(ne);
+            i--;
+        }
+        if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->d.ia5 = email;
+        email = NULL;
+        gen->type = GEN_EMAIL;
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen = NULL;
+    }
+
+    return 1;
+
+ err:
+    GENERAL_NAME_free(gen);
+    ASN1_IA5STRING_free(email);
+    return 0;
+
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAME *gen;
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+            goto err;
+        sk_GENERAL_NAME_push(gens, gen);
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf)
+{
+    return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+}
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type, const char *value,
+                               int is_nc)
+{
+    char is_string = 0;
+    GENERAL_NAME *gen = NULL;
+
+    if (!value) {
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (out)
+        gen = out;
+    else {
+        gen = GENERAL_NAME_new();
+        if (gen == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
+    switch (gen_type) {
+    case GEN_URI:
+    case GEN_EMAIL:
+    case GEN_DNS:
+        is_string = 1;
+        break;
+
+    case GEN_RID:
+        {
+            ASN1_OBJECT *obj;
+            if ((obj = OBJ_txt2obj(value, 0)) == NULL) {
+                X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+            }
+            gen->d.rid = obj;
+        }
+        break;
+
+    case GEN_IPADD:
+        if (is_nc)
+            gen->d.ip = a2i_IPADDRESS_NC(value);
+        else
+            gen->d.ip = a2i_IPADDRESS(value);
+        if (gen->d.ip == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS);
+            ERR_add_error_data(2, "value=", value);
+            goto err;
+        }
+        break;
+
+    case GEN_DIRNAME:
+        if (!do_dirname(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_DIRNAME_ERROR);
+            goto err;
+        }
+        break;
+
+    case GEN_OTHERNAME:
+        if (!do_othername(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR);
+            goto err;
+        }
+        break;
+    default:
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
+        goto err;
+    }
+
+    if (is_string) {
+        if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
+            !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
+                             strlen(value))) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    gen->type = gen_type;
+
+    return gen;
+
+ err:
+    if (!out)
+        GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
+{
+    int type;
+
+    char *name, *value;
+
+    name = cnf->name;
+    value = cnf->value;
+
+    if (!value) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (!name_cmp(name, "email"))
+        type = GEN_EMAIL;
+    else if (!name_cmp(name, "URI"))
+        type = GEN_URI;
+    else if (!name_cmp(name, "DNS"))
+        type = GEN_DNS;
+    else if (!name_cmp(name, "RID"))
+        type = GEN_RID;
+    else if (!name_cmp(name, "IP"))
+        type = GEN_IPADD;
+    else if (!name_cmp(name, "dirName"))
+        type = GEN_DIRNAME;
+    else if (!name_cmp(name, "otherName"))
+        type = GEN_OTHERNAME;
+    else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        return NULL;
+    }
+
+    return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+
+}
+
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    char *objtmp = NULL, *p;
+    int objlen;
+
+    if ((p = strchr(value, ';')) == NULL)
+        return 0;
+    if ((gen->d.otherName = OTHERNAME_new()) == NULL)
+        return 0;
+    /*
+     * Free this up because we will overwrite it. no need to free type_id
+     * because it is static
+     */
+    ASN1_TYPE_free(gen->d.otherName->value);
+    if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
+        return 0;
+    objlen = p - value;
+    objtmp = OPENSSL_strndup(value, objlen);
+    if (objtmp == NULL)
+        return 0;
+    gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+    OPENSSL_free(objtmp);
+    if (!gen->d.otherName->type_id)
+        return 0;
+    return 1;
+}
+
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    X509_NAME *nm;
+
+    if ((nm = X509_NAME_new()) == NULL)
+        goto err;
+    sk = X509V3_get_section(ctx, value);
+    if (!sk) {
+        X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+        ERR_add_error_data(2, "section=", value);
+        goto err;
+    }
+    /* FIXME: should allow other character types... */
+    ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+    if (!ret)
+        goto err;
+    gen->d.dirn = nm;
+
+err:
+    if (ret == 0)
+        X509_NAME_free(nm);
+    X509V3_section_free(ctx, sk);
+    return ret;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_asid.c b/openssl-1.1.0h/crypto/x509v3/v3_asid.c
new file mode 100644
index 0000000..af4fcf4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_asid.c
@@ -0,0 +1,852 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent, const char *msg)
+{
+    int i;
+    char *s;
+    if (choice == NULL)
+        return 1;
+    BIO_printf(out, "%*s%s:\n", indent, "", msg);
+    switch (choice->type) {
+    case ASIdentifierChoice_inherit:
+        BIO_printf(out, "%*sinherit\n", indent + 2, "");
+        break;
+    case ASIdentifierChoice_asIdsOrRanges:
+        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+            ASIdOrRange *aor =
+                sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+            switch (aor->type) {
+            case ASIdOrRange_id:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+                OPENSSL_free(s);
+                break;
+            case ASIdOrRange_range:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s-", indent + 2, "", s);
+                OPENSSL_free(s);
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+                    return 0;
+                BIO_printf(out, "%s\n", s);
+                OPENSSL_free(s);
+                break;
+            default:
+                return 0;
+            }
+        }
+        break;
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
+                             void *ext, BIO *out, int indent)
+{
+    ASIdentifiers *asid = ext;
+    return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                   "Autonomous System Numbers") &&
+            i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                   "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparison function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
+                           const ASIdOrRange *const *b_)
+{
+    const ASIdOrRange *a = *a_, *b = *b_;
+
+    OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+                   (a->type == ASIdOrRange_range && a->u.range != NULL &&
+                    a->u.range->min != NULL && a->u.range->max != NULL));
+
+    OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+                   (b->type == ASIdOrRange_range && b->u.range != NULL &&
+                    b->u.range->min != NULL && b->u.range->max != NULL));
+
+    if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+    if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+        int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+        return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max,
+                                             b->u.range->max);
+    }
+
+    if (a->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+    else
+        return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+    ASIdentifierChoice **choice;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        OPENSSL_assert((*choice)->u.inherit == NULL);
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_inherit;
+    }
+    return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
+                                int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
+{
+    ASIdentifierChoice **choice;
+    ASIdOrRange *aor;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+        return 0;
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+        (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+        if ((*choice)->u.asIdsOrRanges == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+    }
+    if ((aor = ASIdOrRange_new()) == NULL)
+        return 0;
+    if (max == NULL) {
+        aor->type = ASIdOrRange_id;
+        aor->u.id = min;
+    } else {
+        aor->type = ASIdOrRange_range;
+        if ((aor->u.range = ASRange_new()) == NULL)
+            goto err;
+        ASN1_INTEGER_free(aor->u.range->min);
+        aor->u.range->min = min;
+        ASN1_INTEGER_free(aor->u.range->max);
+        aor->u.range->max = max;
+    }
+    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+        goto err;
+    return 1;
+
+ err:
+    ASIdOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static void extract_min_max(ASIdOrRange *aor,
+                            ASN1_INTEGER **min, ASN1_INTEGER **max)
+{
+    OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+    switch (aor->type) {
+    case ASIdOrRange_id:
+        *min = aor->u.id;
+        *max = aor->u.id;
+        return;
+    case ASIdOrRange_range:
+        *min = aor->u.range->min;
+        *max = aor->u.range->max;
+        return;
+    }
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Empty element or inheritance is canonical.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+        return 0;
+
+    /*
+     * It's a list, check it.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        extract_min_max(a, &a_min, &a_max);
+        extract_min_max(b, &b_min, &b_max);
+
+        /*
+         * Punt misordered list, overlapping start, or inverted range.
+         */
+        if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+            ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * Punt if adjacent or overlapping.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+            goto done;
+    }
+
+    /*
+     * Check for inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            extract_min_max(a, &a_min, &a_max);
+            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_is_canonical(asid->asnum) &&
+             ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Nothing to do for empty element or inheritance.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+        X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        return 0;
+    }
+
+    /*
+     * We have a non-empty list.  Sort it.
+     */
+    sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+    /*
+     * Now check for errors and suboptimal encoding, rejecting the
+     * former and fixing the latter.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        extract_min_max(a, &a_min, &a_max);
+        extract_min_max(b, &b_min, &b_max);
+
+        /*
+         * Make sure we're properly sorted (paranoia).
+         */
+        OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Check for overlaps.
+         */
+        if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            goto done;
+        }
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * If a and b are adjacent, merge them.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+            ASRange *r;
+            switch (a->type) {
+            case ASIdOrRange_id:
+                if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) {
+                    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                              ERR_R_MALLOC_FAILURE);
+                    goto done;
+                }
+                r->min = a_min;
+                r->max = b_max;
+                a->type = ASIdOrRange_range;
+                a->u.range = r;
+                break;
+            case ASIdOrRange_range:
+                ASN1_INTEGER_free(a->u.range->max);
+                a->u.range->max = b_max;
+                break;
+            }
+            switch (b->type) {
+            case ASIdOrRange_id:
+                b->u.id = NULL;
+                break;
+            case ASIdOrRange_range:
+                b->u.range->max = NULL;
+                break;
+            }
+            ASIdOrRange_free(b);
+            (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+            i--;
+            continue;
+        }
+    }
+
+    /*
+     * Check for final inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            extract_min_max(a, &a_min, &a_max);
+            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int X509v3_asid_canonize(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_canonize(asid->asnum) &&
+             ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    ASIdentifiers *asid = NULL;
+    int i;
+
+    if ((asid = ASIdentifiers_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
+
+        /*
+         * Figure out whether this is an AS or an RDI.
+         */
+        if (!name_cmp(val->name, "AS")) {
+            which = V3_ASID_ASNUM;
+        } else if (!name_cmp(val->name, "RDI")) {
+            which = V3_ASID_RDI;
+        } else {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Handle inheritance.
+         */
+        if (strcmp(val->value, "inherit") == 0) {
+            if (X509v3_asid_add_inherit(asid, which))
+                continue;
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_INVALID_INHERITANCE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Number, range, or mistake, pick it apart and figure out which.
+         */
+        i1 = strspn(val->value, "0123456789");
+        if (val->value[i1] == '\0') {
+            is_range = 0;
+        } else {
+            is_range = 1;
+            i2 = i1 + strspn(val->value + i1, " \t");
+            if (val->value[i2] != '-') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASNUMBER);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            i2++;
+            i2 = i2 + strspn(val->value + i2, " \t");
+            i3 = i2 + strspn(val->value + i2, "0123456789");
+            if (val->value[i3] != '\0') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASRANGE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        /*
+         * Syntax is ok, read and add it.
+         */
+        if (!is_range) {
+            if (!X509V3_get_value_int(val, &min)) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        } else {
+            char *s = OPENSSL_strdup(val->value);
+            if (s == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s[i1] = '\0';
+            min = s2i_ASN1_INTEGER(NULL, s);
+            max = s2i_ASN1_INTEGER(NULL, s + i2);
+            OPENSSL_free(s);
+            if (min == NULL || max == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (ASN1_INTEGER_cmp(min, max) > 0) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                goto err;
+            }
+        }
+        if (!X509v3_asid_add_id_or_range(asid, which, min, max)) {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        min = max = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_asid_canonize(asid))
+        goto err;
+    return asid;
+
+ err:
+    ASIdentifiers_free(asid);
+    ASN1_INTEGER_free(min);
+    ASN1_INTEGER_free(max);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+    NID_sbgp_autonomousSysNum,  /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(ASIdentifiers), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_ASIdentifiers,          /* v2i */
+    i2r_ASIdentifiers,          /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid)
+{
+    return (asid != NULL &&
+            ((asid->asnum != NULL &&
+              asid->asnum->type == ASIdentifierChoice_inherit) ||
+             (asid->rdi != NULL &&
+              asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+    ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL;
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+        extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+        for (;; p++) {
+            if (p >= sk_ASIdOrRange_num(parent))
+                return 0;
+            extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+            if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+                continue;
+            if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+    return (a == NULL ||
+            a == b ||
+            (b != NULL &&
+             !X509v3_asid_inherits(a) &&
+             !X509v3_asid_inherits(b) &&
+             asid_contains(b->asnum->u.asIdsOrRanges,
+                           a->asnum->u.asIdsOrRanges) &&
+             asid_contains(b->rdi->u.asIdsOrRanges,
+                           a->rdi->u.asIdsOrRanges)));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       ASIdentifiers *ext)
+{
+    ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+    int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+    X509 *x;
+
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if ((ext = x->rfc3779_asid) == NULL)
+            goto done;
+    }
+    if (!X509v3_asid_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (ext->asnum != NULL) {
+        switch (ext->asnum->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_as = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_as = ext->asnum->u.asIdsOrRanges;
+            break;
+        }
+    }
+    if (ext->rdi != NULL) {
+        switch (ext->rdi->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_rdi = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_rdi = ext->rdi->u.asIdsOrRanges;
+            break;
+        }
+    }
+
+    /*
+     * Now walk up the chain.  Extensions must be in canonical form, no
+     * cert may list resources that its parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if (x->rfc3779_asid == NULL) {
+            if (child_as != NULL || child_rdi != NULL)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            continue;
+        }
+        if (!X509v3_asid_is_canonical(x->rfc3779_asid))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_as = NULL;
+            inherit_as = 0;
+        }
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type ==
+            ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_as
+                || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges,
+                                 child_as)) {
+                child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+                inherit_as = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+        if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_rdi = NULL;
+            inherit_rdi = 0;
+        }
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_rdi ||
+                asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges,
+                              child_rdi)) {
+                child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+                inherit_rdi = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    OPENSSL_assert(x != NULL);
+    if (x->rfc3779_asid != NULL) {
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+
+ done:
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+    return asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_asid_inherits(ext))
+        return 0;
+    return asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_bcons.c b/openssl-1.1.0h/crypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000..3bbf155
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_bcons = {
+    NID_basic_constraints, 0,
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
+    (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist)
+{
+    X509V3_add_value_bool("CA", bcons->ca, &extlist);
+    X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+    return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values)
+{
+    BASIC_CONSTRAINTS *bcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "CA") == 0) {
+            if (!X509V3_get_value_bool(val, &bcons->ca))
+                goto err;
+        } else if (strcmp(val->name, "pathlen") == 0) {
+            if (!X509V3_get_value_int(val, &bcons->pathlen))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return bcons;
+ err:
+    BASIC_CONSTRAINTS_free(bcons);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_bitst.c b/openssl-1.1.0h/crypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000..4802116
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+    {0, "SSL Client", "client"},
+    {1, "SSL Server", "server"},
+    {2, "S/MIME", "email"},
+    {3, "Object Signing", "objsign"},
+    {4, "Unused", "reserved"},
+    {5, "SSL CA", "sslCA"},
+    {6, "S/MIME CA", "emailCA"},
+    {7, "Object Signing CA", "objCA"},
+    {-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+    {0, "Digital Signature", "digitalSignature"},
+    {1, "Non Repudiation", "nonRepudiation"},
+    {2, "Key Encipherment", "keyEncipherment"},
+    {3, "Data Encipherment", "dataEncipherment"},
+    {4, "Key Agreement", "keyAgreement"},
+    {5, "Certificate Sign", "keyCertSign"},
+    {6, "CRL Sign", "cRLSign"},
+    {7, "Encipher Only", "encipherOnly"},
+    {8, "Decipher Only", "decipherOnly"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *ret)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = method->usr_data; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+            X509V3_add_value(bnam->lname, NULL, &ret);
+    }
+    return ret;
+}
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *val;
+    ASN1_BIT_STRING *bs;
+    int i;
+    BIT_STRING_BITNAME *bnam;
+    if ((bs = ASN1_BIT_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        for (bnam = method->usr_data; bnam->lname; bnam++) {
+            if (strcmp(bnam->sname, val->name) == 0
+                || strcmp(bnam->lname, val->name) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+                    X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                              ERR_R_MALLOC_FAILURE);
+                    ASN1_BIT_STRING_free(bs);
+                    return NULL;
+                }
+                break;
+            }
+        }
+        if (!bnam->lname) {
+            X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                      X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+            X509V3_conf_err(val);
+            ASN1_BIT_STRING_free(bs);
+            return NULL;
+        }
+    }
+    return bs;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_conf.c b/openssl-1.1.0h/crypto/x509v3/v3_conf.c
new file mode 100644
index 0000000..3cc5b14
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_conf.c
@@ -0,0 +1,511 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* extension creation utilities */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "internal/x509_int.h"
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int type,
+                                            X509V3_CTX *ctx);
+static char *conf_lhash_get_string(void *db, const char *section, const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len);
+/* CONF *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value)
+{
+    int crit;
+    int ext_type;
+    X509_EXTENSION *ret;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(name, value, crit, ext_type, ctx);
+    ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+    if (!ret) {
+        X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION);
+        ERR_add_error_data(4, "name=", name, ", value=", value);
+    }
+    return ret;
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value)
+{
+    int crit;
+    int ext_type;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(OBJ_nid2sn(ext_nid),
+                                    value, crit, ext_type, ctx);
+    return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value)
+{
+    const X509V3_EXT_METHOD *method;
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    void *ext_struc;
+
+    if (ext_nid == NID_undef) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
+        return NULL;
+    }
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    /* Now get internal extension representation based on type */
+    if (method->v2i) {
+        if (*value == '@')
+            nval = NCONF_get_section(conf, value + 1);
+        else
+            nval = X509V3_parse_list(value);
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
+            X509V3err(X509V3_F_DO_EXT_NCONF,
+                      X509V3_R_INVALID_EXTENSION_STRING);
+            ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+                               value);
+            if (*value != '@')
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+            return NULL;
+        }
+        ext_struc = method->v2i(method, ctx, nval);
+        if (*value != '@')
+            sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+        if (!ext_struc)
+            return NULL;
+    } else if (method->s2i) {
+        if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else if (method->r2i) {
+        if (!ctx->db || !ctx->db_meth) {
+            X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
+            return NULL;
+        }
+        if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else {
+        X509V3err(X509V3_F_DO_EXT_NCONF,
+                  X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+        ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+        return NULL;
+    }
+
+    ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+    if (method->it)
+        ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_struc);
+    return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc)
+{
+    unsigned char *ext_der = NULL;
+    int ext_len;
+    ASN1_OCTET_STRING *ext_oct = NULL;
+    X509_EXTENSION *ext;
+    /* Convert internal representation to DER */
+    if (method->it) {
+        ext_der = NULL;
+        ext_len =
+            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+        if (ext_len < 0)
+            goto merr;
+    } else {
+        unsigned char *p;
+
+        ext_len = method->i2d(ext_struc, NULL);
+        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)
+            goto merr;
+        p = ext_der;
+        method->i2d(ext_struc, &p);
+    }
+    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+    ext_oct->data = ext_der;
+    ext_der = NULL;
+    ext_oct->length = ext_len;
+
+    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+    if (!ext)
+        goto merr;
+    ASN1_OCTET_STRING_free(ext_oct);
+
+    return ext;
+
+ merr:
+    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+    OPENSSL_free(ext_der);
+    ASN1_OCTET_STRING_free(ext_oct);
+    return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+    const X509V3_EXT_METHOD *method;
+
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(const char **value)
+{
+    const char *p = *value;
+    if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+        return 0;
+    p += 9;
+    while (isspace((unsigned char)*p))
+        p++;
+    *value = p;
+    return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(const char **value)
+{
+    int gen_type = 0;
+    const char *p = *value;
+    if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
+        p += 4;
+        gen_type = 1;
+    } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) {
+        p += 5;
+        gen_type = 2;
+    } else
+        return 0;
+
+    while (isspace((unsigned char)*p))
+        p++;
+    *value = p;
+    return gen_type;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
+{
+    unsigned char *ext_der = NULL;
+    long ext_len = 0;
+    ASN1_OBJECT *obj = NULL;
+    ASN1_OCTET_STRING *oct = NULL;
+    X509_EXTENSION *extension = NULL;
+
+    if ((obj = OBJ_txt2obj(ext, 0)) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_NAME_ERROR);
+        ERR_add_error_data(2, "name=", ext);
+        goto err;
+    }
+
+    if (gen_type == 1)
+        ext_der = OPENSSL_hexstr2buf(value, &ext_len);
+    else if (gen_type == 2)
+        ext_der = generic_asn1(value, ctx, &ext_len);
+
+    if (ext_der == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        ERR_add_error_data(2, "value=", value);
+        goto err;
+    }
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    oct->data = ext_der;
+    oct->length = ext_len;
+    ext_der = NULL;
+
+    extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+ err:
+    ASN1_OBJECT_free(obj);
+    ASN1_OCTET_STRING_free(oct);
+    OPENSSL_free(ext_der);
+    return extension;
+
+}
+
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len)
+{
+    ASN1_TYPE *typ;
+    unsigned char *ext_der = NULL;
+    typ = ASN1_generate_v3(value, ctx);
+    if (typ == NULL)
+        return NULL;
+    *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+    ASN1_TYPE_free(typ);
+    return ext_der;
+}
+
+static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+{
+    int idx;
+    ASN1_OBJECT *obj;
+    obj = X509_EXTENSION_get_object(dext);
+    while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) {
+        X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+        X509v3_delete_ext(sk, idx);
+        X509_EXTENSION_free(tmpext);
+    }
+}
+
+/*
+ * This is the main function: add a bunch of extensions based on a config
+ * file section to an extension STACK.
+ */
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk)
+{
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    CONF_VALUE *val;
+    int i;
+
+    if ((nval = NCONF_get_section(conf, section)) == NULL)
+        return 0;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL)
+            return 0;
+        if (ctx->flags == X509V3_CTX_REPLACE)
+            delete_ext(*sk, ext);
+        if (sk != NULL) {
+            if (X509v3_add_ext(sk, ext, -1) == NULL) {
+                X509_EXTENSION_free(ext);
+                return 0;
+            }
+        }
+        X509_EXTENSION_free(ext);
+    }
+    return 1;
+}
+
+/*
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (cert)
+        sk = &cert->cert_info.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (crl)
+        sk = &crl->crl.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+    int i;
+    if (req)
+        sk = &extlist;
+    i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+    if (!i || !sk)
+        return i;
+    i = X509_REQ_add_extensions(req, extlist);
+    sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+    return i;
+}
+
+/* Config database functions */
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
+        X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_string)
+        return ctx->db_meth->get_string(ctx->db, name, section);
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+        X509V3err(X509V3_F_X509V3_GET_SECTION,
+                  X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_section)
+        return ctx->db_meth->get_section(ctx->db, section);
+    return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+    if (!str)
+        return;
+    if (ctx->db_meth->free_string)
+        ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+    if (!section)
+        return;
+    if (ctx->db_meth->free_section)
+        ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *nconf_get_string(void *db, const char *section, const char *value)
+{
+    return NCONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
+{
+    return NCONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD nconf_method = {
+    nconf_get_string,
+    nconf_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+{
+    ctx->db_meth = &nconf_method;
+    ctx->db = conf;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+                    X509_CRL *crl, int flags)
+{
+    ctx->issuer_cert = issuer;
+    ctx->subject_cert = subj;
+    ctx->crl = crl;
+    ctx->subject_req = req;
+    ctx->flags = flags;
+}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+}
+
+static char *conf_lhash_get_string(void *db, const char *section, const char *value)
+{
+    return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
+{
+    return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+    conf_lhash_get_string,
+    conf_lhash_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
+{
+    ctx->db_meth = &conf_lhash_method;
+    ctx->db = lhash;
+}
+
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_cpols.c b/openssl-1.1.0h/crypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000..22c56ba
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,447 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+#include "ext_dat.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+
+const X509V3_EXT_METHOD v3_cpols = {
+    NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_certpol,
+    (X509V3_EXT_R2I)r2i_certpol,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value)
+{
+    STACK_OF(POLICYINFO) *pols = NULL;
+    char *pstr;
+    POLICYINFO *pol;
+    ASN1_OBJECT *pobj;
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *cnf;
+    int i, ia5org;
+    pols = sk_POLICYINFO_new_null();
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    vals = X509V3_parse_list(value);
+    if (vals == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        goto err;
+    }
+    ia5org = 0;
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        cnf = sk_CONF_VALUE_value(vals, i);
+        if (cnf->value || !cnf->name) {
+            X509V3err(X509V3_F_R2I_CERTPOL,
+                      X509V3_R_INVALID_POLICY_IDENTIFIER);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        pstr = cnf->name;
+        if (strcmp(pstr, "ia5org") == 0) {
+            ia5org = 1;
+            continue;
+        } else if (*pstr == '@') {
+            STACK_OF(CONF_VALUE) *polsect;
+            polsect = X509V3_get_section(ctx, pstr + 1);
+            if (!polsect) {
+                X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = policy_section(ctx, polsect, ia5org);
+            X509V3_section_free(ctx, polsect);
+            if (pol == NULL)
+                goto err;
+        } else {
+            if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) {
+                X509V3err(X509V3_F_R2I_CERTPOL,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = POLICYINFO_new();
+            if (pol == NULL) {
+                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+                ASN1_OBJECT_free(pobj);
+                goto err;
+            }
+            pol->policyid = pobj;
+        }
+        if (!sk_POLICYINFO_push(pols, pol)) {
+            POLICYINFO_free(pol);
+            X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pols;
+ err:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+    return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+    int i;
+    CONF_VALUE *cnf;
+    POLICYINFO *pol;
+    POLICYQUALINFO *qual;
+
+    if ((pol = POLICYINFO_new()) == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+        cnf = sk_CONF_VALUE_value(polstrs, i);
+        if (strcmp(cnf->name, "policyIdentifier") == 0) {
+            ASN1_OBJECT *pobj;
+            if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol->policyid = pobj;
+
+        } else if (!name_cmp(cnf->name, "CPS")) {
+            if (pol->qualifiers == NULL)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if ((qual = POLICYQUALINFO_new()) == NULL)
+                goto merr;
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+            if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL)
+                goto merr;
+            if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!name_cmp(cnf->name, "userNotice")) {
+            STACK_OF(CONF_VALUE) *unot;
+            if (*cnf->value != '@') {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_EXPECTED_A_SECTION_NAME);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            unot = X509V3_get_section(ctx, cnf->value + 1);
+            if (!unot) {
+                X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            qual = notice_section(ctx, unot, ia5org);
+            X509V3_section_free(ctx, unot);
+            if (!qual)
+                goto err;
+            if (!pol->qualifiers)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+        } else {
+            X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
+
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    if (!pol->policyid) {
+        X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
+        goto err;
+    }
+
+    return pol;
+
+ merr:
+    X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYINFO_free(pol);
+    return NULL;
+
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+    int i, ret;
+    CONF_VALUE *cnf;
+    USERNOTICE *not;
+    POLICYQUALINFO *qual;
+
+    if ((qual = POLICYQUALINFO_new()) == NULL)
+        goto merr;
+    if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) {
+        X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((not = USERNOTICE_new()) == NULL)
+        goto merr;
+    qual->d.usernotice = not;
+    for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+        cnf = sk_CONF_VALUE_value(unot, i);
+        if (strcmp(cnf->name, "explicitText") == 0) {
+            if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL)
+                goto merr;
+            if (!ASN1_STRING_set(not->exptext, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (strcmp(cnf->name, "organization") == 0) {
+            NOTICEREF *nref;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            if (ia5org)
+                nref->organization->type = V_ASN1_IA5STRING;
+            else
+                nref->organization->type = V_ASN1_VISIBLESTRING;
+            if (!ASN1_STRING_set(nref->organization, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (strcmp(cnf->name, "noticeNumbers") == 0) {
+            NOTICEREF *nref;
+            STACK_OF(CONF_VALUE) *nos;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            nos = X509V3_parse_list(cnf->value);
+            if (!nos || !sk_CONF_VALUE_num(nos)) {
+                X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+                X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+                goto err;
+            }
+            ret = nref_nos(nref->noticenos, nos);
+            sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+            if (!ret)
+                goto err;
+        } else {
+            X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+
+    if (not->noticeref &&
+        (!not->noticeref->noticenos || !not->noticeref->organization)) {
+        X509V3err(X509V3_F_NOTICE_SECTION,
+                  X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+        goto err;
+    }
+
+    return qual;
+
+ merr:
+    X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYQUALINFO_free(qual);
+    return NULL;
+}
+
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+{
+    CONF_VALUE *cnf;
+    ASN1_INTEGER *aint;
+
+    int i;
+
+    for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+        cnf = sk_CONF_VALUE_value(nos, i);
+        if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) {
+            X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+            goto err;
+        }
+        if (!sk_ASN1_INTEGER_push(nnums, aint))
+            goto merr;
+    }
+    return 1;
+
+ merr:
+    ASN1_INTEGER_free(aint);
+    X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+
+ err:
+    return 0;
+}
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent)
+{
+    int i;
+    POLICYINFO *pinfo;
+    /* First print out the policy OIDs */
+    for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
+        pinfo = sk_POLICYINFO_value(pol, i);
+        BIO_printf(out, "%*sPolicy: ", indent, "");
+        i2a_ASN1_OBJECT(out, pinfo->policyid);
+        BIO_puts(out, "\n");
+        if (pinfo->qualifiers)
+            print_qualifiers(out, pinfo->qualifiers, indent + 2);
+    }
+    return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent)
+{
+    POLICYQUALINFO *qualinfo;
+    int i;
+    for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+        qualinfo = sk_POLICYQUALINFO_value(quals, i);
+        switch (OBJ_obj2nid(qualinfo->pqualid)) {
+        case NID_id_qt_cps:
+            BIO_printf(out, "%*sCPS: %s\n", indent, "",
+                       qualinfo->d.cpsuri->data);
+            break;
+
+        case NID_id_qt_unotice:
+            BIO_printf(out, "%*sUser Notice:\n", indent, "");
+            print_notice(out, qualinfo->d.usernotice, indent + 2);
+            break;
+
+        default:
+            BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
+
+            i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+            BIO_puts(out, "\n");
+            break;
+        }
+    }
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+    int i;
+    if (notice->noticeref) {
+        NOTICEREF *ref;
+        ref = notice->noticeref;
+        BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+                   ref->organization->data);
+        BIO_printf(out, "%*sNumber%s: ", indent, "",
+                   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+        for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+            ASN1_INTEGER *num;
+            char *tmp;
+            num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+            if (i)
+                BIO_puts(out, ", ");
+            if (num == NULL)
+                BIO_puts(out, "(null)");
+            else {
+                tmp = i2s_ASN1_INTEGER(NULL, num);
+                if (tmp == NULL)
+                    return;
+                BIO_puts(out, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+        BIO_puts(out, "\n");
+    }
+    if (notice->exptext)
+        BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+                   notice->exptext->data);
+}
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
+{
+    const X509_POLICY_DATA *dat = node->data;
+
+    BIO_printf(out, "%*sPolicy: ", indent, "");
+
+    i2a_ASN1_OBJECT(out, dat->valid_policy);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*s%s\n", indent + 2, "",
+               node_data_critical(dat) ? "Critical" : "Non Critical");
+    if (dat->qualifier_set)
+        print_qualifiers(out, dat->qualifier_set, indent + 2);
+    else
+        BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_crld.c b/openssl-1.1.0h/crypto/x509v3/v3_crld.c
new file mode 100644
index 0000000..c4c77f1
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_crld.c
@@ -0,0 +1,509 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent);
+
+const X509V3_EXT_METHOD v3_crld = {
+    NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_freshest_crl = {
+    NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx,
+                                                    char *sect)
+{
+    STACK_OF(CONF_VALUE) *gnsect;
+    STACK_OF(GENERAL_NAME) *gens;
+    if (*sect == '@')
+        gnsect = X509V3_get_section(ctx, sect + 1);
+    else
+        gnsect = X509V3_parse_list(sect);
+    if (!gnsect) {
+        X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, X509V3_R_SECTION_NOT_FOUND);
+        return NULL;
+    }
+    gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
+    if (*sect == '@')
+        X509V3_section_free(ctx, gnsect);
+    else
+        sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+    return gens;
+}
+
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+                               CONF_VALUE *cnf)
+{
+    STACK_OF(GENERAL_NAME) *fnm = NULL;
+    STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+
+    if (strncmp(cnf->name, "fullname", 9) == 0) {
+        fnm = gnames_from_sectname(ctx, cnf->value);
+        if (!fnm)
+            goto err;
+    } else if (strcmp(cnf->name, "relativename") == 0) {
+        int ret;
+        STACK_OF(CONF_VALUE) *dnsect;
+        X509_NAME *nm;
+        nm = X509_NAME_new();
+        if (nm == NULL)
+            return -1;
+        dnsect = X509V3_get_section(ctx, cnf->value);
+        if (!dnsect) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_SECTION_NOT_FOUND);
+            return -1;
+        }
+        ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
+        X509V3_section_free(ctx, dnsect);
+        rnm = nm->entries;
+        nm->entries = NULL;
+        X509_NAME_free(nm);
+        if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+            goto err;
+        /*
+         * Since its a name fragment can't have more than one RDNSequence
+         */
+        if (sk_X509_NAME_ENTRY_value(rnm,
+                                     sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_INVALID_MULTIPLE_RDNS);
+            goto err;
+        }
+    } else
+        return 0;
+
+    if (*pdp) {
+        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                  X509V3_R_DISTPOINT_ALREADY_SET);
+        goto err;
+    }
+
+    *pdp = DIST_POINT_NAME_new();
+    if (*pdp == NULL)
+        goto err;
+    if (fnm) {
+        (*pdp)->type = 0;
+        (*pdp)->name.fullname = fnm;
+    } else {
+        (*pdp)->type = 1;
+        (*pdp)->name.relativename = rnm;
+    }
+
+    return 1;
+
+ err:
+    sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+    sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+    return -1;
+}
+
+static const BIT_STRING_BITNAME reason_flags[] = {
+    {0, "Unused", "unused"},
+    {1, "Key Compromise", "keyCompromise"},
+    {2, "CA Compromise", "CACompromise"},
+    {3, "Affiliation Changed", "affiliationChanged"},
+    {4, "Superseded", "superseded"},
+    {5, "Cessation Of Operation", "cessationOfOperation"},
+    {6, "Certificate Hold", "certificateHold"},
+    {7, "Privilege Withdrawn", "privilegeWithdrawn"},
+    {8, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+static int set_reasons(ASN1_BIT_STRING **preas, char *value)
+{
+    STACK_OF(CONF_VALUE) *rsk = NULL;
+    const BIT_STRING_BITNAME *pbn;
+    const char *bnam;
+    int i, ret = 0;
+    rsk = X509V3_parse_list(value);
+    if (rsk == NULL)
+        return 0;
+    if (*preas != NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
+        bnam = sk_CONF_VALUE_value(rsk, i)->name;
+        if (*preas == NULL) {
+            *preas = ASN1_BIT_STRING_new();
+            if (*preas == NULL)
+                goto err;
+        }
+        for (pbn = reason_flags; pbn->lname; pbn++) {
+            if (strcmp(pbn->sname, bnam) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1))
+                    goto err;
+                break;
+            }
+        }
+        if (!pbn->lname)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
+    return ret;
+}
+
+static int print_reasons(BIO *out, const char *rname,
+                         ASN1_BIT_STRING *rflags, int indent)
+{
+    int first = 1;
+    const BIT_STRING_BITNAME *pbn;
+    BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+    for (pbn = reason_flags; pbn->lname; pbn++) {
+        if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
+            if (first)
+                first = 0;
+            else
+                BIO_puts(out, ", ");
+            BIO_puts(out, pbn->lname);
+        }
+    }
+    if (first)
+        BIO_puts(out, "<EMPTY>\n");
+    else
+        BIO_puts(out, "\n");
+    return 1;
+}
+
+static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE *cnf;
+    DIST_POINT *point = NULL;
+    point = DIST_POINT_new();
+    if (point == NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        int ret;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(cnf->name, "reasons") == 0) {
+            if (!set_reasons(&point->reasons, cnf->value))
+                goto err;
+        } else if (strcmp(cnf->name, "CRLissuer") == 0) {
+            point->CRLissuer = gnames_from_sectname(ctx, cnf->value);
+            if (!point->CRLissuer)
+                goto err;
+        }
+    }
+
+    return point;
+
+ err:
+    DIST_POINT_free(point);
+    return NULL;
+}
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    STACK_OF(DIST_POINT) *crld = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((crld = sk_DIST_POINT_new_null()) == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        DIST_POINT *point;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!cnf->value) {
+            STACK_OF(CONF_VALUE) *dpsect;
+            dpsect = X509V3_get_section(ctx, cnf->name);
+            if (!dpsect)
+                goto err;
+            point = crldp_from_section(ctx, dpsect);
+            X509V3_section_free(ctx, dpsect);
+            if (!point)
+                goto err;
+            if (!sk_DIST_POINT_push(crld, point)) {
+                DIST_POINT_free(point);
+                goto merr;
+            }
+        } else {
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            if ((gens = GENERAL_NAMES_new()) == NULL)
+                goto merr;
+            if (!sk_GENERAL_NAME_push(gens, gen))
+                goto merr;
+            gen = NULL;
+            if ((point = DIST_POINT_new()) == NULL)
+                goto merr;
+            if (!sk_DIST_POINT_push(crld, point)) {
+                DIST_POINT_free(point);
+                goto merr;
+            }
+            if ((point->distpoint = DIST_POINT_NAME_new()) == NULL)
+                goto merr;
+            point->distpoint->name.fullname = gens;
+            point->distpoint->type = 0;
+            gens = NULL;
+        }
+    }
+    return crld;
+
+ merr:
+    X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+ err:
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+    return NULL;
+}
+
+static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
+
+    switch (operation) {
+    case ASN1_OP_NEW_POST:
+        dpn->dpname = NULL;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        X509_NAME_free(dpn->dpname);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
+
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+
+ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
+        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
+} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval);
+
+const X509V3_EXT_METHOD v3_idp = {
+    NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_idp,
+    i2r_idp, 0,
+    NULL
+};
+
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval)
+{
+    ISSUING_DIST_POINT *idp = NULL;
+    CONF_VALUE *cnf;
+    char *name, *val;
+    int i, ret;
+    idp = ISSUING_DIST_POINT_new();
+    if (idp == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        name = cnf->name;
+        val = cnf->value;
+        ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(name, "onlyuser") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+                goto err;
+        } else if (strcmp(name, "onlyCA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+                goto err;
+        } else if (strcmp(name, "onlyAA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+                goto err;
+        } else if (strcmp(name, "indirectCRL") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+                goto err;
+        } else if (strcmp(name, "onlysomereasons") == 0) {
+            if (!set_reasons(&idp->onlysomereasons, val))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    return idp;
+
+ merr:
+    X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
+ err:
+    ISSUING_DIST_POINT_free(idp);
+    return NULL;
+}
+
+static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
+{
+    int i;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        BIO_printf(out, "%*s", indent + 2, "");
+        GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
+{
+    if (dpn->type == 0) {
+        BIO_printf(out, "%*sFull Name:\n", indent, "");
+        print_gens(out, dpn->name.fullname, indent);
+    } else {
+        X509_NAME ntmp;
+        ntmp.entries = dpn->name.relativename;
+        BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, "");
+        X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent)
+{
+    ISSUING_DIST_POINT *idp = pidp;
+    if (idp->distpoint)
+        print_distpoint(out, idp->distpoint, indent);
+    if (idp->onlyuser > 0)
+        BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
+    if (idp->onlyCA > 0)
+        BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
+    if (idp->indirectCRL > 0)
+        BIO_printf(out, "%*sIndirect CRL\n", indent, "");
+    if (idp->onlysomereasons)
+        print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent);
+    if (idp->onlyattr > 0)
+        BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+    if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
+        && (idp->indirectCRL <= 0) && !idp->onlysomereasons
+        && (idp->onlyattr <= 0))
+        BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+
+    return 1;
+}
+
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent)
+{
+    STACK_OF(DIST_POINT) *crld = pcrldp;
+    DIST_POINT *point;
+    int i;
+    for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        BIO_puts(out, "\n");
+        point = sk_DIST_POINT_value(crld, i);
+        if (point->distpoint)
+            print_distpoint(out, point->distpoint, indent);
+        if (point->reasons)
+            print_reasons(out, "Reasons", point->reasons, indent);
+        if (point->CRLissuer) {
+            BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
+            print_gens(out, point->CRLissuer, indent);
+        }
+    }
+    return 1;
+}
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
+{
+    int i;
+    STACK_OF(X509_NAME_ENTRY) *frag;
+    X509_NAME_ENTRY *ne;
+    if (!dpn || (dpn->type != 1))
+        return 1;
+    frag = dpn->name.relativename;
+    dpn->dpname = X509_NAME_dup(iname);
+    if (!dpn->dpname)
+        return 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
+        ne = sk_X509_NAME_ENTRY_value(frag, i);
+        if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
+            X509_NAME_free(dpn->dpname);
+            dpn->dpname = NULL;
+            return 0;
+        }
+    }
+    /* generate cached encoding of name */
+    if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
+        X509_NAME_free(dpn->dpname);
+        dpn->dpname = NULL;
+        return 0;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_enum.c b/openssl-1.1.0h/crypto/x509v3/v3_enum.c
new file mode 100644
index 0000000..f39cb5a
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_enum.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static ENUMERATED_NAMES crl_reasons[] = {
+    {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"},
+    {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"},
+    {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"},
+    {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed",
+     "affiliationChanged"},
+    {CRL_REASON_SUPERSEDED, "Superseded", "superseded"},
+    {CRL_REASON_CESSATION_OF_OPERATION,
+     "Cessation Of Operation", "cessationOfOperation"},
+    {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"},
+    {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"},
+    {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn",
+     "privilegeWithdrawn"},
+    {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_crl_reason = {
+    NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+    0,
+    0, 0, 0, 0,
+    crl_reasons
+};
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, 
+                                const ASN1_ENUMERATED *e)
+{
+    ENUMERATED_NAMES *enam;
+    long strval;
+
+    strval = ASN1_ENUMERATED_get(e);
+    for (enam = method->usr_data; enam->lname; enam++) {
+        if (strval == enam->bitnum)
+            return OPENSSL_strdup(enam->lname);
+    }
+    return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_extku.c b/openssl-1.1.0h/crypto/x509v3/v3_extku.c
new file mode 100644
index 0000000..bae755e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_extku.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *eku, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+
+const X509V3_EXT_METHOD v3_ext_ku = {
+    NID_ext_key_usage, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD v3_ocsp_accresp = {
+    NID_id_pkix_OCSP_acceptableResponses, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *ext_list)
+{
+    EXTENDED_KEY_USAGE *eku = a;
+    int i;
+    ASN1_OBJECT *obj;
+    char obj_tmp[80];
+    for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+        obj = sk_ASN1_OBJECT_value(eku, i);
+        i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+        X509V3_add_value(NULL, obj_tmp, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval)
+{
+    EXTENDED_KEY_USAGE *extku;
+    char *extval;
+    ASN1_OBJECT *objtmp;
+    CONF_VALUE *val;
+    int i;
+
+    if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+            X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        sk_ASN1_OBJECT_push(extku, objtmp);
+    }
+    return extku;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_genn.c b/openssl-1.1.0h/crypto/x509v3/v3_genn.c
new file mode 100644
index 0000000..85fc3fc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_genn.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+        /* Maybe have a true ANY DEFINED BY later */
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+        /* Don't decode this */
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+{
+    return (GENERAL_NAME *)ASN1_dup((i2d_of_void *)i2d_GENERAL_NAME,
+                                    (d2i_of_void *)d2i_GENERAL_NAME,
+                                    (char *)a);
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+    switch (a->type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+        break;
+
+    case GEN_OTHERNAME:
+        result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
+        break;
+
+    case GEN_DIRNAME:
+        result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
+        break;
+
+    case GEN_IPADD:
+        result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
+        break;
+
+    case GEN_RID:
+        result = OBJ_cmp(a->d.rid, b->d.rid);
+        break;
+    }
+    return result;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
+{
+    int result = -1;
+
+    if (!a || !b)
+        return -1;
+    /* Check their type first. */
+    if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+        return result;
+    /* Check the value. */
+    result = ASN1_TYPE_cmp(a->value, b->value);
+    return result;
+}
+
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+{
+    switch (type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        a->d.other = value;
+        break;
+
+    case GEN_OTHERNAME:
+        a->d.otherName = value;
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        a->d.ia5 = value;
+        break;
+
+    case GEN_DIRNAME:
+        a->d.dirn = value;
+        break;
+
+    case GEN_IPADD:
+        a->d.ip = value;
+        break;
+
+    case GEN_RID:
+        a->d.rid = value;
+        break;
+    }
+    a->type = type;
+}
+
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
+{
+    if (ptype)
+        *ptype = a->type;
+    switch (a->type) {
+    case GEN_X400:
+    case GEN_EDIPARTY:
+        return a->d.other;
+
+    case GEN_OTHERNAME:
+        return a->d.otherName;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        return a->d.ia5;
+
+    case GEN_DIRNAME:
+        return a->d.dirn;
+
+    case GEN_IPADD:
+        return a->d.ip;
+
+    case GEN_RID:
+        return a->d.rid;
+
+    default:
+        return NULL;
+    }
+}
+
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value)
+{
+    OTHERNAME *oth;
+    oth = OTHERNAME_new();
+    if (oth == NULL)
+        return 0;
+    ASN1_TYPE_free(oth->value);
+    oth->type_id = oid;
+    oth->value = value;
+    GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
+    return 1;
+}
+
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
+{
+    if (gen->type != GEN_OTHERNAME)
+        return 0;
+    if (poid)
+        *poid = gen->d.otherName->type_id;
+    if (pvalue)
+        *pvalue = gen->d.otherName->value;
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_ia5.c b/openssl-1.1.0h/crypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000..c1170d4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
+    EXT_IA5STRING(NID_netscape_base_url),
+    EXT_IA5STRING(NID_netscape_revocation_url),
+    EXT_IA5STRING(NID_netscape_ca_revocation_url),
+    EXT_IA5STRING(NID_netscape_renewal_url),
+    EXT_IA5STRING(NID_netscape_ca_policy_url),
+    EXT_IA5STRING(NID_netscape_ssl_server_name),
+    EXT_IA5STRING(NID_netscape_comment),
+    EXT_END
+};
+
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
+{
+    char *tmp;
+
+    if (!ia5 || !ia5->length)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) {
+        X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memcpy(tmp, ia5->data, ia5->length);
+    tmp[ia5->length] = 0;
+    return tmp;
+}
+
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str)
+{
+    ASN1_IA5STRING *ia5;
+    if (!str) {
+        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+        ASN1_IA5STRING_free(ia5);
+        return NULL;
+    }
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif                          /* CHARSET_EBCDIC */
+    return ia5;
+ err:
+    X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_info.c b/openssl-1.1.0h/crypto/x509v3/v3_info.c
new file mode 100644
index 0000000..a0bca5f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_info.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                       *method, AUTHORITY_INFO_ACCESS
+                                                       *ainfo, STACK_OF(CONF_VALUE)
+                                                       *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval);
+
+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
+    X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
+    STACK_OF(CONF_VALUE) *ret)
+{
+    ACCESS_DESCRIPTION *desc;
+    int i, nlen;
+    char objtmp[80], *ntmp;
+    CONF_VALUE *vtmp;
+    STACK_OF(CONF_VALUE) *tret = ret;
+
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+        STACK_OF(CONF_VALUE) *tmp;
+
+        desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+        tmp = i2v_GENERAL_NAME(method, desc->location, tret);
+        if (tmp == NULL)
+            goto err;
+        tret = tmp;
+        vtmp = sk_CONF_VALUE_value(tret, i);
+        i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
+        nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+        ntmp = OPENSSL_malloc(nlen);
+        if (ntmp == NULL)
+            goto err;
+        OPENSSL_strlcpy(ntmp, objtmp, nlen);
+        OPENSSL_strlcat(ntmp, " - ", nlen);
+        OPENSSL_strlcat(ntmp, vtmp->name, nlen);
+        OPENSSL_free(vtmp->name);
+        vtmp->name = ntmp;
+
+    }
+    if (ret == NULL && tret == NULL)
+        return sk_CONF_VALUE_new_null();
+
+    return tret;
+ err:
+    X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+    if (ret == NULL && tret != NULL)
+        sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);
+    return NULL;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval)
+{
+    AUTHORITY_INFO_ACCESS *ainfo = NULL;
+    CONF_VALUE *cnf, ctmp;
+    ACCESS_DESCRIPTION *acc;
+    int i, objlen;
+    char *objtmp, *ptmp;
+
+    if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL
+            || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptmp = strchr(cnf->name, ';');
+        if (!ptmp) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        objlen = ptmp - cnf->name;
+        ctmp.name = ptmp + 1;
+        ctmp.value = cnf->value;
+        if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+            goto err;
+        if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        acc->method = OBJ_txt2obj(objtmp, 0);
+        if (!acc->method) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_BAD_OBJECT);
+            ERR_add_error_data(2, "value=", objtmp);
+            OPENSSL_free(objtmp);
+            goto err;
+        }
+        OPENSSL_free(objtmp);
+
+    }
+    return ainfo;
+ err:
+    sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+    return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a)
+{
+    i2a_ASN1_OBJECT(bp, a->method);
+    return 2;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_int.c b/openssl-1.1.0h/crypto/x509v3/v3_int.c
new file mode 100644
index 0000000..690c90e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_int.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_crl_num = {
+    NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+const X509V3_EXT_METHOD v3_delta_crl = {
+    NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+                          const char *value)
+{
+    return s2i_ASN1_INTEGER(meth, value);
+}
+
+const X509V3_EXT_METHOD v3_inhibit_anyp = {
+    NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    (X509V3_EXT_S2I)s2i_asn1_int,
+    0, 0, 0, 0, NULL
+};
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_lib.c b/openssl-1.1.0h/crypto/x509v3/v3_lib.c
new file mode 100644
index 0000000..d714308
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_lib.c
@@ -0,0 +1,371 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+    if (ext_list == NULL
+        && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b)
+{
+    return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                           const X509V3_EXT_METHOD *, ext);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                             const X509V3_EXT_METHOD *, ext);
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static const X509V3_EXT_METHOD *standard_exts[] = {
+    &v3_nscert,
+    &v3_ns_ia5_list[0],
+    &v3_ns_ia5_list[1],
+    &v3_ns_ia5_list[2],
+    &v3_ns_ia5_list[3],
+    &v3_ns_ia5_list[4],
+    &v3_ns_ia5_list[5],
+    &v3_ns_ia5_list[6],
+    &v3_skey_id,
+    &v3_key_usage,
+    &v3_pkey_usage_period,
+    &v3_alt[0],
+    &v3_alt[1],
+    &v3_bcons,
+    &v3_crl_num,
+    &v3_cpols,
+    &v3_akey_id,
+    &v3_crld,
+    &v3_ext_ku,
+    &v3_delta_crl,
+    &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_invdate,
+#endif
+    &v3_sxnet,
+    &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+    &v3_addr,
+    &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+    &v3_ocsp_nonce,
+    &v3_ocsp_crlid,
+    &v3_ocsp_accresp,
+    &v3_ocsp_nocheck,
+    &v3_ocsp_acutoff,
+    &v3_ocsp_serviceloc,
+#endif
+    &v3_sinfo,
+    &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_hold,
+#endif
+    &v3_pci,
+    &v3_name_constraints,
+    &v3_policy_mappings,
+    &v3_inhibit_anyp,
+    &v3_idp,
+    &v3_alt[2],
+    &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+    &v3_ct_scts[0],
+    &v3_ct_scts[1],
+    &v3_ct_scts[2],
+#endif
+    &v3_tls_feature,
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+    X509V3_EXT_METHOD tmp;
+    const X509V3_EXT_METHOD *t = &tmp, *const *ret;
+    int idx;
+
+    if (nid < 0)
+        return NULL;
+    tmp.ext_nid = nid;
+    ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
+    if (ret)
+        return *ret;
+    if (!ext_list)
+        return NULL;
+    idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+    if (idx == -1)
+        return NULL;
+    return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+    int nid;
+    if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
+        return NULL;
+    return X509V3_EXT_get_nid(nid);
+}
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+    for (; extlist->ext_nid != -1; extlist++)
+        if (!X509V3_EXT_add(extlist))
+            return 0;
+    return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+    const X509V3_EXT_METHOD *ext;
+    X509V3_EXT_METHOD *tmpext;
+
+    if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
+        return 0;
+    }
+    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    *tmpext = *ext;
+    tmpext->ext_nid = nid_to;
+    tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+    return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+    sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+    ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+    if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+        OPENSSL_free(ext);
+}
+
+/*
+ * Legacy function: we don't need to add standard extensions any more because
+ * they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+    return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+    const X509V3_EXT_METHOD *method;
+    const unsigned char *p;
+    ASN1_STRING *extvalue;
+    int extlen;
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return NULL;
+    extvalue = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extvalue);
+    extlen = ASN1_STRING_length(extvalue);
+    if (method->it)
+        return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    return method->d2i(NULL, &p, extlen);
+}
+
+/*-
+ * Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx)
+{
+    int lastpos, i;
+    X509_EXTENSION *ex, *found_ex = NULL;
+
+    if (!x) {
+        if (idx)
+            *idx = -1;
+        if (crit)
+            *crit = -1;
+        return NULL;
+    }
+    if (idx)
+        lastpos = *idx + 1;
+    else
+        lastpos = 0;
+    if (lastpos < 0)
+        lastpos = 0;
+    for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
+        ex = sk_X509_EXTENSION_value(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
+            if (idx) {
+                *idx = i;
+                found_ex = ex;
+                break;
+            } else if (found_ex) {
+                /* Found more than one */
+                if (crit)
+                    *crit = -2;
+                return NULL;
+            }
+            found_ex = ex;
+        }
+    }
+    if (found_ex) {
+        /* Found it */
+        if (crit)
+            *crit = X509_EXTENSION_get_critical(found_ex);
+        return X509V3_EXT_d2i(found_ex);
+    }
+
+    /* Extension not found */
+    if (idx)
+        *idx = -1;
+    if (crit)
+        *crit = -1;
+    return NULL;
+}
+
+/*
+ * This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags)
+{
+    int errcode, extidx = -1;
+    X509_EXTENSION *ext = NULL, *extmp;
+    STACK_OF(X509_EXTENSION) *ret = NULL;
+    unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+    /*
+     * If appending we don't care if it exists, otherwise look for existing
+     * extension.
+     */
+    if (ext_op != X509V3_ADD_APPEND)
+        extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+    /* See if extension exists */
+    if (extidx >= 0) {
+        /* If keep existing, nothing to do */
+        if (ext_op == X509V3_ADD_KEEP_EXISTING)
+            return 1;
+        /* If default then its an error */
+        if (ext_op == X509V3_ADD_DEFAULT) {
+            errcode = X509V3_R_EXTENSION_EXISTS;
+            goto err;
+        }
+        /* If delete, just delete it */
+        if (ext_op == X509V3_ADD_DELETE) {
+            if (!sk_X509_EXTENSION_delete(*x, extidx))
+                return -1;
+            return 1;
+        }
+    } else {
+        /*
+         * If replace existing or delete, error since extension must exist
+         */
+        if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+            (ext_op == X509V3_ADD_DELETE)) {
+            errcode = X509V3_R_EXTENSION_NOT_FOUND;
+            goto err;
+        }
+    }
+
+    /*
+     * If we get this far then we have to create an extension: could have
+     * some flags for alternative encoding schemes...
+     */
+
+    ext = X509V3_EXT_i2d(nid, crit, value);
+
+    if (!ext) {
+        X509V3err(X509V3_F_X509V3_ADD1_I2D,
+                  X509V3_R_ERROR_CREATING_EXTENSION);
+        return 0;
+    }
+
+    /* If extension exists replace it.. */
+    if (extidx >= 0) {
+        extmp = sk_X509_EXTENSION_value(*x, extidx);
+        X509_EXTENSION_free(extmp);
+        if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+            return -1;
+        return 1;
+    }
+
+    ret = *x;
+    if (*x == NULL
+        && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+        goto m_fail;
+    if (!sk_X509_EXTENSION_push(ret, ext))
+        goto m_fail;
+
+    *x = ret;
+    return 1;
+
+ m_fail:
+    /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
+    if (ret != *x)
+        sk_X509_EXTENSION_free(ret);
+    X509_EXTENSION_free(ext);
+    return -1;
+
+ err:
+    if (!(flags & X509V3_ADD_SILENT))
+        X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_ncons.c b/openssl-1.1.0h/crypto/x509v3/v3_ncons.c
new file mode 100644
index 0000000..2eec405
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_ncons.c
@@ -0,0 +1,582 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include "internal/asn1_int.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
+                                   int ind, const char *name);
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
+static int nc_dn(X509_NAME *sub, X509_NAME *nm);
+static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base);
+
+const X509V3_EXT_METHOD v3_name_constraints = {
+    NID_name_constraints, 0,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(GENERAL_SUBTREE) = {
+        ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
+
+ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
+                                                        GENERAL_SUBTREE, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
+                                                        GENERAL_SUBTREE, 1),
+} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
+
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+/*
+ * We cannot use strncasecmp here because that applies locale specific rules.
+ * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
+ * do a simple ASCII case comparison ignoring the locale (that is why we use
+ * numeric constants below).
+ */
+static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
+{
+    for (; n > 0; n--, s1++, s2++) {
+        if (*s1 != *s2) {
+            unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
+
+            /* Convert to lower case */
+            if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
+                c1 += 0x20;
+            if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
+                c2 += 0x20;
+
+            if (c1 == c2)
+                continue;
+
+            if (c1 < c2)
+                return -1;
+
+            /* c1 > c2 */
+            return 1;
+        } else if (*s1 == 0) {
+            /* If we get here we know that *s2 == 0 too */
+            return 0;
+        }
+    }
+
+    return 0;
+}
+
+static int ia5casecmp(const char *s1, const char *s2)
+{
+    return ia5ncasecmp(s1, s2, SIZE_MAX);
+}
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE tval, *val;
+    STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
+    NAME_CONSTRAINTS *ncons = NULL;
+    GENERAL_SUBTREE *sub = NULL;
+
+    ncons = NAME_CONSTRAINTS_new();
+    if (ncons == NULL)
+        goto memerr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) {
+            ptree = &ncons->permittedSubtrees;
+            tval.name = val->name + 10;
+        } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) {
+            ptree = &ncons->excludedSubtrees;
+            tval.name = val->name + 9;
+        } else {
+            X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        tval.value = val->value;
+        sub = GENERAL_SUBTREE_new();
+        if (sub == NULL)
+            goto memerr;
+        if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+            goto err;
+        if (*ptree == NULL)
+            *ptree = sk_GENERAL_SUBTREE_new_null();
+        if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+            goto memerr;
+        sub = NULL;
+    }
+
+    return ncons;
+
+ memerr:
+    X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ err:
+    NAME_CONSTRAINTS_free(ncons);
+    GENERAL_SUBTREE_free(sub);
+
+    return NULL;
+}
+
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind)
+{
+    NAME_CONSTRAINTS *ncons = a;
+    do_i2r_name_constraints(method, ncons->permittedSubtrees,
+                            bp, ind, "Permitted");
+    do_i2r_name_constraints(method, ncons->excludedSubtrees,
+                            bp, ind, "Excluded");
+    return 1;
+}
+
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, const char *name)
+{
+    GENERAL_SUBTREE *tree;
+    int i;
+    if (sk_GENERAL_SUBTREE_num(trees) > 0)
+        BIO_printf(bp, "%*s%s:\n", ind, "", name);
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
+        tree = sk_GENERAL_SUBTREE_value(trees, i);
+        BIO_printf(bp, "%*s", ind + 2, "");
+        if (tree->base->type == GEN_IPADD)
+            print_nc_ipadd(bp, tree->base->d.ip);
+        else
+            GENERAL_NAME_print(bp, tree->base);
+        BIO_puts(bp, "\n");
+    }
+    return 1;
+}
+
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
+    int i, len;
+    unsigned char *p;
+    p = ip->data;
+    len = ip->length;
+    BIO_puts(bp, "IP:");
+    if (len == 8) {
+        BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
+                   p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+    } else if (len == 32) {
+        for (i = 0; i < 16; i++) {
+            BIO_printf(bp, "%X", p[0] << 8 | p[1]);
+            p += 2;
+            if (i == 7)
+                BIO_puts(bp, "/");
+            else if (i != 15)
+                BIO_puts(bp, ":");
+        }
+    } else
+        BIO_printf(bp, "IP Address:<invalid>");
+    return 1;
+}
+
+#define NAME_CHECK_MAX (1 << 20)
+
+static int add_lengths(int *out, int a, int b)
+{
+    /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
+    if (a < 0)
+        a = 0;
+    if (b < 0)
+        b = 0;
+
+    if (a > INT_MAX - b)
+        return 0;
+    *out = a + b;
+    return 1;
+}
+
+/*-
+ * Check a certificate conforms to a specified set of constraints.
+ * Return values:
+ *  X509_V_OK: All constraints obeyed.
+ *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
+ *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
+ *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
+ *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
+ */
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i, name_count, constraint_count;
+    X509_NAME *nm;
+
+    nm = X509_get_subject_name(x);
+
+    /*
+     * Guard against certificates with an excessive number of names or
+     * constraints causing a computationally expensive name constraints check.
+     */
+    if (!add_lengths(&name_count, X509_NAME_entry_count(nm),
+                     sk_GENERAL_NAME_num(x->altname))
+        || !add_lengths(&constraint_count,
+                        sk_GENERAL_SUBTREE_num(nc->permittedSubtrees),
+                        sk_GENERAL_SUBTREE_num(nc->excludedSubtrees))
+        || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count))
+        return X509_V_ERR_UNSPECIFIED;
+
+    if (X509_NAME_entry_count(nm) > 0) {
+        GENERAL_NAME gntmp;
+        gntmp.type = GEN_DIRNAME;
+        gntmp.d.directoryName = nm;
+
+        r = nc_match(&gntmp, nc);
+
+        if (r != X509_V_OK)
+            return r;
+
+        gntmp.type = GEN_EMAIL;
+
+        /* Process any email address attributes in subject name */
+
+        for (i = -1;;) {
+            const X509_NAME_ENTRY *ne;
+
+            i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
+            if (i == -1)
+                break;
+            ne = X509_NAME_get_entry(nm, i);
+            gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
+            if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+            r = nc_match(&gntmp, nc);
+
+            if (r != X509_V_OK)
+                return r;
+        }
+
+    }
+
+    for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
+        r = nc_match(gen, nc);
+        if (r != X509_V_OK)
+            return r;
+    }
+
+    return X509_V_OK;
+
+}
+
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i;
+    X509_NAME *nm;
+
+    ASN1_STRING stmp;
+    GENERAL_NAME gntmp;
+    stmp.flags = 0;
+    stmp.type = V_ASN1_IA5STRING;
+    gntmp.type = GEN_DNS;
+    gntmp.d.dNSName = &stmp;
+
+    nm = X509_get_subject_name(x);
+
+    /* Process any commonName attributes in subject name */
+
+    for (i = -1;;) {
+        X509_NAME_ENTRY *ne;
+        ASN1_STRING *hn;
+        i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
+        if (i == -1)
+            break;
+        ne = X509_NAME_get_entry(nm, i);
+        hn = X509_NAME_ENTRY_get_data(ne);
+        /* Only process attributes that look like host names */
+        if (asn1_valid_host(hn)) {
+            unsigned char *h;
+            int hlen = ASN1_STRING_to_UTF8(&h, hn);
+            if (hlen <= 0)
+                return X509_V_ERR_OUT_OF_MEM;
+
+            stmp.length = hlen;
+            stmp.data = h;
+
+            r = nc_match(&gntmp, nc);
+
+            OPENSSL_free(h);
+
+            if (r != X509_V_OK)
+                    return r;
+        }
+    }
+    return X509_V_OK;
+}
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+{
+    GENERAL_SUBTREE *sub;
+    int i, r, match = 0;
+
+    /*
+     * Permitted subtrees: if any subtrees exist of matching the type at
+     * least one subtree must match.
+     */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+        /* If we already have a match don't bother trying any more */
+        if (match == 2)
+            continue;
+        if (match == 0)
+            match = 1;
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            match = 2;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+    }
+
+    if (match == 1)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    /* Excluded subtrees: must not match any of these */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            return X509_V_ERR_EXCLUDED_VIOLATION;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+
+    }
+
+    return X509_V_OK;
+
+}
+
+static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+{
+    switch (base->type) {
+    case GEN_DIRNAME:
+        return nc_dn(gen->d.directoryName, base->d.directoryName);
+
+    case GEN_DNS:
+        return nc_dns(gen->d.dNSName, base->d.dNSName);
+
+    case GEN_EMAIL:
+        return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
+
+    case GEN_URI:
+        return nc_uri(gen->d.uniformResourceIdentifier,
+                      base->d.uniformResourceIdentifier);
+
+    case GEN_IPADD:
+        return nc_ip(gen->d.iPAddress, base->d.iPAddress);
+
+    default:
+        return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+    }
+
+}
+
+/*
+ * directoryName name constraint matching. The canonical encoding of
+ * X509_NAME makes this comparison easy. It is matched if the subtree is a
+ * subset of the name.
+ */
+
+static int nc_dn(X509_NAME *nm, X509_NAME *base)
+{
+    /* Ensure canonical encodings are up to date.  */
+    if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->canon_enclen > nm->canon_enclen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    return X509_V_OK;
+}
+
+static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+{
+    char *baseptr = (char *)base->data;
+    char *dnsptr = (char *)dns->data;
+    /* Empty matches everything */
+    if (!*baseptr)
+        return X509_V_OK;
+    /*
+     * Otherwise can add zero or more components on the left so compare RHS
+     * and if dns is longer and expect '.' as preceding character.
+     */
+    if (dns->length > base->length) {
+        dnsptr += dns->length - base->length;
+        if (*baseptr != '.' && dnsptr[-1] != '.')
+            return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if (ia5casecmp(baseptr, dnsptr))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *emlptr = (char *)eml->data;
+
+    const char *baseat = strchr(baseptr, '@');
+    const char *emlat = strchr(emlptr, '@');
+    if (!emlat)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    /* Special case: initial '.' is RHS match */
+    if (!baseat && (*baseptr == '.')) {
+        if (eml->length > base->length) {
+            emlptr += eml->length - base->length;
+            if (ia5casecmp(baseptr, emlptr) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    /* If we have anything before '@' match local part */
+
+    if (baseat) {
+        if (baseat != baseptr) {
+            if ((baseat - baseptr) != (emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+            /* Case sensitive match of local part */
+            if (strncmp(baseptr, emlptr, emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        }
+        /* Position base after '@' */
+        baseptr = baseat + 1;
+    }
+    emlptr = emlat + 1;
+    /* Just have hostname left to match: case insensitive */
+    if (ia5casecmp(baseptr, emlptr))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *hostptr = (char *)uri->data;
+    const char *p = strchr(hostptr, ':');
+    int hostlen;
+    /* Check for foo:// and skip past it */
+    if (!p || (p[1] != '/') || (p[2] != '/'))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    hostptr = p + 3;
+
+    /* Determine length of hostname part of URI */
+
+    /* Look for a port indicator as end of hostname first */
+
+    p = strchr(hostptr, ':');
+    /* Otherwise look for trailing slash */
+    if (!p)
+        p = strchr(hostptr, '/');
+
+    if (!p)
+        hostlen = strlen(hostptr);
+    else
+        hostlen = p - hostptr;
+
+    if (hostlen == 0)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Special case: initial '.' is RHS match */
+    if (*baseptr == '.') {
+        if (hostlen > base->length) {
+            p = hostptr + hostlen - base->length;
+            if (ia5ncasecmp(p, baseptr, base->length) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if ((base->length != (int)hostlen)
+        || ia5ncasecmp(hostptr, baseptr, hostlen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base)
+{
+    int hostlen, baselen, i;
+    unsigned char *hostptr, *baseptr, *maskptr;
+    hostptr = ip->data;
+    hostlen = ip->length;
+    baseptr = base->data;
+    baselen = base->length;
+
+    /* Invalid if not IPv4 or IPv6 */
+    if (!((hostlen == 4) || (hostlen == 16)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    if (!((baselen == 8) || (baselen == 32)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Do not match IPv4 with IPv6 */
+    if (hostlen * 2 != baselen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    maskptr = base->data + hostlen;
+
+    /* Considering possible not aligned base ipAddress */
+    /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */
+    for (i = 0; i < hostlen; i++)
+        if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i]))
+            return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_pci.c b/openssl-1.1.0h/crypto/x509v3/v3_pci.c
new file mode 100644
index 0000000..2c05edb
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_pci.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+                   BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *str);
+
+const X509V3_EXT_METHOD v3_pci =
+    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    0, 0, 0, 0,
+    0, 0,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_pci,
+    (X509V3_EXT_R2I)r2i_pci,
+    NULL,
+};
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+                   BIO *out, int indent)
+{
+    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+    if (pci->pcPathLengthConstraint)
+        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+    else
+        BIO_printf(out, "infinite");
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*sPolicy Language: ", indent, "");
+    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+    BIO_puts(out, "\n");
+    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                   pci->proxyPolicy->policy->data);
+    return 1;
+}
+
+static int process_pci_value(CONF_VALUE *val,
+                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+                             ASN1_OCTET_STRING **policy)
+{
+    int free_policy = 0;
+
+    if (strcmp(val->name, "language") == 0) {
+        if (*language) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "pathlen") == 0) {
+        if (*pathlen) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!X509V3_get_value_int(val, pathlen)) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "policy") == 0) {
+        unsigned char *tmp_data = NULL;
+        long val_len;
+        if (!*policy) {
+            *policy = ASN1_OCTET_STRING_new();
+            if (*policy == NULL) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                return 0;
+            }
+            free_policy = 1;
+        }
+        if (strncmp(val->value, "hex:", 4) == 0) {
+            unsigned char *tmp_data2 =
+                OPENSSL_hexstr2buf(val->value + 4, &val_len);
+
+            if (!tmp_data2) {
+                X509V3_conf_err(val);
+                goto err;
+            }
+
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       tmp_data2, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                OPENSSL_free(tmp_data2);
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(tmp_data2);
+        } else if (strncmp(val->value, "file:", 5) == 0) {
+            unsigned char buf[2048];
+            int n;
+            BIO *b = BIO_new_file(val->value + 5, "r");
+            if (!b) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+                   || (n == 0 && BIO_should_retry(b))) {
+                if (!n)
+                    continue;
+
+                tmp_data = OPENSSL_realloc((*policy)->data,
+                                           (*policy)->length + n + 1);
+
+                if (!tmp_data) {
+                    OPENSSL_free((*policy)->data);
+                    (*policy)->data = NULL;
+                    (*policy)->length = 0;
+                    X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                              ERR_R_MALLOC_FAILURE);
+                    X509V3_conf_err(val);
+                    BIO_free_all(b);
+                    goto err;
+                }
+
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                (*policy)->length += n;
+                (*policy)->data[(*policy)->length] = '\0';
+            }
+            BIO_free_all(b);
+
+            if (n < 0) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else if (strncmp(val->value, "text:", 5) == 0) {
+            val_len = strlen(val->value + 5);
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       val->value + 5, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        if (!tmp_data) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (free_policy) {
+        ASN1_OCTET_STRING_free(*policy);
+        *policy = NULL;
+    }
+    return 0;
+}
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *value)
+{
+    PROXY_CERT_INFO_EXTENSION *pci = NULL;
+    STACK_OF(CONF_VALUE) *vals;
+    ASN1_OBJECT *language = NULL;
+    ASN1_INTEGER *pathlen = NULL;
+    ASN1_OCTET_STRING *policy = NULL;
+    int i, j;
+
+    vals = X509V3_parse_list(value);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+            X509V3err(X509V3_F_R2I_PCI,
+                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        if (*cnf->name == '@') {
+            STACK_OF(CONF_VALUE) *sect;
+            int success_p = 1;
+
+            sect = X509V3_get_section(ctx, cnf->name + 1);
+            if (!sect) {
+                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+                success_p =
+                    process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                      &language, &pathlen, &policy);
+            }
+            X509V3_section_free(ctx, sect);
+            if (!success_p)
+                goto err;
+        } else {
+            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+        }
+    }
+
+    /* Language is mandatory */
+    if (!language) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+        goto err;
+    }
+    i = OBJ_obj2nid(language);
+    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+        goto err;
+    }
+
+    pci = PROXY_CERT_INFO_EXTENSION_new();
+    if (pci == NULL) {
+        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pci->proxyPolicy->policyLanguage = language;
+    language = NULL;
+    pci->proxyPolicy->policy = policy;
+    policy = NULL;
+    pci->pcPathLengthConstraint = pathlen;
+    pathlen = NULL;
+    goto end;
+ err:
+    ASN1_OBJECT_free(language);
+    ASN1_INTEGER_free(pathlen);
+    pathlen = NULL;
+    ASN1_OCTET_STRING_free(policy);
+    policy = NULL;
+    PROXY_CERT_INFO_EXTENSION_free(pci);
+    pci = NULL;
+ end:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pci;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_pcia.c b/openssl-1.1.0h/crypto/x509v3/v3_pcia.c
new file mode 100644
index 0000000..e6f7a91
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_pcia.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_pcons.c b/openssl-1.1.0h/crypto/x509v3/v3_pcons.c
new file mode 100644
index 0000000..24f7ff4
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_pcons.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_policy_constraints = {
+    NID_policy_constraints, 0,
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_CONSTRAINTS,
+    v2i_POLICY_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
+} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *extlist)
+{
+    POLICY_CONSTRAINTS *pcons = a;
+    X509V3_add_value_int("Require Explicit Policy",
+                         pcons->requireExplicitPolicy, &extlist);
+    X509V3_add_value_int("Inhibit Policy Mapping",
+                         pcons->inhibitPolicyMapping, &extlist);
+    return extlist;
+}
+
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
+{
+    POLICY_CONSTRAINTS *pcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+                goto err;
+        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
+                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+        goto err;
+    }
+
+    return pcons;
+ err:
+    POLICY_CONSTRAINTS_free(pcons);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_pku.c b/openssl-1.1.0h/crypto/x509v3/v3_pku.c
new file mode 100644
index 0000000..ed82bca
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_pku.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent);
+/*
+ * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+ * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+ */
+const X509V3_EXT_METHOD v3_pkey_usage_period = {
+    NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent)
+{
+    BIO_printf(out, "%*s", indent, "");
+    if (usage->notBefore) {
+        BIO_write(out, "Not Before: ", 12);
+        ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+        if (usage->notAfter)
+            BIO_write(out, ", ", 2);
+    }
+    if (usage->notAfter) {
+        BIO_write(out, "Not After: ", 11);
+        ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+    }
+    return 1;
+}
+
+/*-
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_pmaps.c b/openssl-1.1.0h/crypto/x509v3/v3_pmaps.c
new file mode 100644
index 0000000..73f4ec2
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_pmaps.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *pmps, STACK_OF(CONF_VALUE)
+                                                 *extlist);
+
+const X509V3_EXT_METHOD v3_policy_mappings = {
+    NID_policy_mappings, 0,
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_MAPPINGS,
+    v2i_POLICY_MAPPINGS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_MAPPING) = {
+        ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
+        ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(POLICY_MAPPING)
+
+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
+                                                                POLICY_MAPPING)
+ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *a, STACK_OF(CONF_VALUE)
+                                                 *ext_list)
+{
+    POLICY_MAPPINGS *pmaps = a;
+    POLICY_MAPPING *pmap;
+    int i;
+    char obj_tmp1[80];
+    char obj_tmp2[80];
+    for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
+        pmap = sk_POLICY_MAPPING_value(pmaps, i);
+        i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
+        i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
+        X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    POLICY_MAPPINGS *pmaps = NULL;
+    POLICY_MAPPING *pmap = NULL;
+    ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!val->value || !val->name) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        obj1 = OBJ_txt2obj(val->name, 0);
+        obj2 = OBJ_txt2obj(val->value, 0);
+        if (!obj1 || !obj2) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        pmap = POLICY_MAPPING_new();
+        if (pmap == NULL) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        pmap->issuerDomainPolicy = obj1;
+        pmap->subjectDomainPolicy = obj2;
+        obj1 = obj2 = NULL;
+        sk_POLICY_MAPPING_push(pmaps, pmap);
+    }
+    return pmaps;
+ err:
+    ASN1_OBJECT_free(obj1);
+    ASN1_OBJECT_free(obj2);
+    sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_prn.c b/openssl-1.1.0h/crypto/x509v3/v3_prn.c
new file mode 100644
index 0000000..f384c34
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_prn.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml)
+{
+    int i;
+    CONF_VALUE *nval;
+    if (!val)
+        return;
+    if (!ml || !sk_CONF_VALUE_num(val)) {
+        BIO_printf(out, "%*s", indent, "");
+        if (!sk_CONF_VALUE_num(val))
+            BIO_puts(out, "<EMPTY>\n");
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+        if (ml)
+            BIO_printf(out, "%*s", indent, "");
+        else if (i > 0)
+            BIO_printf(out, ", ");
+        nval = sk_CONF_VALUE_value(val, i);
+        if (!nval->name)
+            BIO_puts(out, nval->value);
+        else if (!nval->value)
+            BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+        else
+            BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+        else {
+            int len;
+            char *tmp;
+            len = strlen(nval->value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, nval->value, len);
+                BIO_printf(out, "%s:%s", nval->name, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+        if (ml)
+            BIO_puts(out, "\n");
+    }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent)
+{
+    void *ext_str = NULL;
+    char *value = NULL;
+    ASN1_OCTET_STRING *extoct;
+    const unsigned char *p;
+    int extlen;
+    const X509V3_EXT_METHOD *method;
+    STACK_OF(CONF_VALUE) *nval = NULL;
+    int ok = 1;
+
+    extoct = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extoct);
+    extlen = ASN1_STRING_length(extoct);
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return unknown_ext_print(out, p, extlen, flag, indent, 0);
+    if (method->it)
+        ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    else
+        ext_str = method->d2i(NULL, &p, extlen);
+
+    if (!ext_str)
+        return unknown_ext_print(out, p, extlen, flag, indent, 1);
+
+    if (method->i2s) {
+        if ((value = method->i2s(method, ext_str)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+#ifndef CHARSET_EBCDIC
+        BIO_printf(out, "%*s%s", indent, "", value);
+#else
+        {
+            int len;
+            char *tmp;
+            len = strlen(value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, value, len);
+                BIO_printf(out, "%*s%s", indent, "", tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+    } else if (method->i2v) {
+        if ((nval = method->i2v(method, ext_str, NULL)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+        X509V3_EXT_val_prn(out, nval, indent,
+                           method->ext_flags & X509V3_EXT_MULTILINE);
+    } else if (method->i2r) {
+        if (!method->i2r(method, ext_str, out, indent))
+            ok = 0;
+    } else
+        ok = 0;
+
+ err:
+    sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    OPENSSL_free(value);
+    if (method->it)
+        ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_str);
+    return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent)
+{
+    int i, j;
+
+    if (sk_X509_EXTENSION_num(exts) <= 0)
+        return 1;
+
+    if (title) {
+        BIO_printf(bp, "%*s%s:\n", indent, "", title);
+        indent += 4;
+    }
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ex;
+        ex = sk_X509_EXTENSION_value(exts, i);
+        if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+            return 0;
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bp, obj);
+        j = X509_EXTENSION_get_critical(ex);
+        if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+            return 0;
+        if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+            BIO_printf(bp, "%*s", indent + 4, "");
+            ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported)
+{
+    switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+
+    case X509V3_EXT_DEFAULT:
+        return 0;
+
+    case X509V3_EXT_ERROR_UNKNOWN:
+        if (supported)
+            BIO_printf(out, "%*s<Parse Error>", indent, "");
+        else
+            BIO_printf(out, "%*s<Not Supported>", indent, "");
+        return 1;
+
+    case X509V3_EXT_PARSE_UNKNOWN:
+        return ASN1_parse_dump(out, ext, extlen, indent, -1);
+    case X509V3_EXT_DUMP_UNKNOWN:
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+    BIO *bio_tmp;
+    int ret;
+
+    if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
+        return 0;
+    ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+    BIO_free(bio_tmp);
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_purp.c b/openssl-1.1.0h/crypto/x509v3/v3_purp.c
new file mode 100644
index 0000000..6d2f354
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_purp.c
@@ -0,0 +1,873 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+#include "internal/x509_int.h"
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+    {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+     check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+    {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+    {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+    {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+     "S/MIME signing", "smimesign", NULL},
+    {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+     check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+    {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+     "CRL signing", "crlsign", NULL},
+    {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
+     NULL},
+    {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+     "OCSP helper", "ocsphelper", NULL},
+    {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
+     check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign",
+     NULL},
+};
+
+#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
+{
+    return (*a)->purpose - (*b)->purpose;
+}
+
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+    int idx;
+    const X509_PURPOSE *pt;
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        CRYPTO_THREAD_write_lock(x->lock);
+        x509v3_cache_extensions(x);
+        CRYPTO_THREAD_unlock(x->lock);
+    }
+    /* Return if side-effect only call */
+    if (id == -1)
+        return 1;
+    idx = X509_PURPOSE_get_by_id(id);
+    if (idx == -1)
+        return -1;
+    pt = X509_PURPOSE_get0(idx);
+    return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+        X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+        return 0;
+    }
+    *p = purpose;
+    return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+    if (!xptable)
+        return X509_PURPOSE_COUNT;
+    return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_PURPOSE_COUNT)
+        return xstandard + idx;
+    return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(const char *sname)
+{
+    int i;
+    X509_PURPOSE *xptmp;
+    for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+        xptmp = X509_PURPOSE_get0(i);
+        if (strcmp(xptmp->sname, sname) == 0)
+            return i;
+    }
+    return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+    X509_PURPOSE tmp;
+    int idx;
+    if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+        return purpose - X509_PURPOSE_MIN;
+    tmp.purpose = purpose;
+    if (!xptable)
+        return -1;
+    idx = sk_X509_PURPOSE_find(xptable, &tmp);
+    if (idx == -1)
+        return -1;
+    return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg)
+{
+    int idx;
+    X509_PURPOSE *ptmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_PURPOSE_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_PURPOSE_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_PURPOSE_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ptmp->flags = X509_PURPOSE_DYNAMIC;
+    } else
+        ptmp = X509_PURPOSE_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+    }
+    /* dup supplied name */
+    ptmp->name = OPENSSL_strdup(name);
+    ptmp->sname = OPENSSL_strdup(sname);
+    if (!ptmp->name || !ptmp->sname) {
+        X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    ptmp->flags &= X509_PURPOSE_DYNAMIC;
+    /* Set all other flags */
+    ptmp->flags |= flags;
+
+    ptmp->purpose = id;
+    ptmp->trust = trust;
+    ptmp->check_purpose = ck;
+    ptmp->usr_data = arg;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (xptable == NULL
+            && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+        OPENSSL_free(ptmp);
+    }
+    return 0;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_PURPOSE_DYNAMIC) {
+        if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+            OPENSSL_free(p->name);
+            OPENSSL_free(p->sname);
+        }
+        OPENSSL_free(p);
+    }
+}
+
+void X509_PURPOSE_cleanup(void)
+{
+    sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+    xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
+{
+    return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
+{
+    return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
+{
+    return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
+{
+    return xp->trust;
+}
+
+static int nid_cmp(const int *a, const int *b)
+{
+    return *a - *b;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
+
+int X509_supported_extension(X509_EXTENSION *ex)
+{
+    /*
+     * This table is a list of the NIDs of supported extensions: that is
+     * those which are used by the verify process. If an extension is
+     * critical and doesn't appear in this list then the verify process will
+     * normally reject the certificate. The list must be kept in numerical
+     * order because it will be searched using bsearch.
+     */
+
+    static const int supported_nids[] = {
+        NID_netscape_cert_type, /* 71 */
+        NID_key_usage,          /* 83 */
+        NID_subject_alt_name,   /* 85 */
+        NID_basic_constraints,  /* 87 */
+        NID_certificate_policies, /* 89 */
+        NID_crl_distribution_points, /* 103 */
+        NID_ext_key_usage,      /* 126 */
+#ifndef OPENSSL_NO_RFC3779
+        NID_sbgp_ipAddrBlock,   /* 290 */
+        NID_sbgp_autonomousSysNum, /* 291 */
+#endif
+        NID_policy_constraints, /* 401 */
+        NID_proxyCertInfo,      /* 663 */
+        NID_name_constraints,   /* 666 */
+        NID_policy_mappings,    /* 747 */
+        NID_inhibit_any_policy  /* 748 */
+    };
+
+    int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+    if (ex_nid == NID_undef)
+        return 0;
+
+    if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))
+        return 1;
+    return 0;
+}
+
+static void setup_dp(X509 *x, DIST_POINT *dp)
+{
+    X509_NAME *iname = NULL;
+    int i;
+    if (dp->reasons) {
+        if (dp->reasons->length > 0)
+            dp->dp_reasons = dp->reasons->data[0];
+        if (dp->reasons->length > 1)
+            dp->dp_reasons |= (dp->reasons->data[1] << 8);
+        dp->dp_reasons &= CRLDP_ALL_REASONS;
+    } else
+        dp->dp_reasons = CRLDP_ALL_REASONS;
+    if (!dp->distpoint || (dp->distpoint->type != 1))
+        return;
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type == GEN_DIRNAME) {
+            iname = gen->d.directoryName;
+            break;
+        }
+    }
+    if (!iname)
+        iname = X509_get_issuer_name(x);
+
+    DIST_POINT_set_dpname(dp->distpoint, iname);
+
+}
+
+static void setup_crldp(X509 *x)
+{
+    int i;
+    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+        setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+}
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static void x509v3_cache_extensions(X509 *x)
+{
+    BASIC_CONSTRAINTS *bs;
+    PROXY_CERT_INFO_EXTENSION *pci;
+    ASN1_BIT_STRING *usage;
+    ASN1_BIT_STRING *ns;
+    EXTENDED_KEY_USAGE *extusage;
+    X509_EXTENSION *ex;
+
+    int i;
+    if (x->ex_flags & EXFLAG_SET)
+        return;
+    X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+    /* V1 should mean no extensions ... */
+    if (!X509_get_version(x))
+        x->ex_flags |= EXFLAG_V1;
+    /* Handle basic constraints */
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+        if (bs->ca)
+            x->ex_flags |= EXFLAG_CA;
+        if (bs->pathlen) {
+            if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+                || !bs->ca) {
+                x->ex_flags |= EXFLAG_INVALID;
+                x->ex_pathlen = 0;
+            } else
+                x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+        } else
+            x->ex_pathlen = -1;
+        BASIC_CONSTRAINTS_free(bs);
+        x->ex_flags |= EXFLAG_BCONS;
+    }
+    /* Handle proxy certificates */
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+        if (x->ex_flags & EXFLAG_CA
+            || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+            || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+            x->ex_flags |= EXFLAG_INVALID;
+        }
+        if (pci->pcPathLengthConstraint) {
+            x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+        } else
+            x->ex_pcpathlen = -1;
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        x->ex_flags |= EXFLAG_PROXY;
+    }
+    /* Handle key usage */
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+        if (usage->length > 0) {
+            x->ex_kusage = usage->data[0];
+            if (usage->length > 1)
+                x->ex_kusage |= usage->data[1] << 8;
+        } else
+            x->ex_kusage = 0;
+        x->ex_flags |= EXFLAG_KUSAGE;
+        ASN1_BIT_STRING_free(usage);
+    }
+    x->ex_xkusage = 0;
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+        x->ex_flags |= EXFLAG_XKUSAGE;
+        for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+            switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+            case NID_server_auth:
+                x->ex_xkusage |= XKU_SSL_SERVER;
+                break;
+
+            case NID_client_auth:
+                x->ex_xkusage |= XKU_SSL_CLIENT;
+                break;
+
+            case NID_email_protect:
+                x->ex_xkusage |= XKU_SMIME;
+                break;
+
+            case NID_code_sign:
+                x->ex_xkusage |= XKU_CODE_SIGN;
+                break;
+
+            case NID_ms_sgc:
+            case NID_ns_sgc:
+                x->ex_xkusage |= XKU_SGC;
+                break;
+
+            case NID_OCSP_sign:
+                x->ex_xkusage |= XKU_OCSP_SIGN;
+                break;
+
+            case NID_time_stamp:
+                x->ex_xkusage |= XKU_TIMESTAMP;
+                break;
+
+            case NID_dvcs:
+                x->ex_xkusage |= XKU_DVCS;
+                break;
+
+            case NID_anyExtendedKeyUsage:
+                x->ex_xkusage |= XKU_ANYEKU;
+                break;
+            }
+        }
+        sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    }
+
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+        if (ns->length > 0)
+            x->ex_nscert = ns->data[0];
+        else
+            x->ex_nscert = 0;
+        x->ex_flags |= EXFLAG_NSCERT;
+        ASN1_BIT_STRING_free(ns);
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+    /* Does subject name match issuer ? */
+    if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
+        x->ex_flags |= EXFLAG_SI;
+        /* If SKID matches AKID also indicate self signed */
+        if (X509_check_akid(x, x->akid) == X509_V_OK &&
+            !ku_reject(x, KU_KEY_CERT_SIGN))
+            x->ex_flags |= EXFLAG_SS;
+    }
+    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
+    if (!x->nc && (i != -1))
+        x->ex_flags |= EXFLAG_INVALID;
+    setup_crldp(x);
+
+#ifndef OPENSSL_NO_RFC3779
+    x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+    x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+                                       NULL, NULL);
+#endif
+    for (i = 0; i < X509_get_ext_count(x); i++) {
+        ex = X509_get_ext(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+            == NID_freshest_crl)
+            x->ex_flags |= EXFLAG_FRESHEST;
+        if (!X509_EXTENSION_get_critical(ex))
+            continue;
+        if (!X509_supported_extension(ex)) {
+            x->ex_flags |= EXFLAG_CRITICAL;
+            break;
+        }
+    }
+    x->ex_flags |= EXFLAG_SET;
+}
+
+/*-
+ * CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ */
+
+static int check_ca(const X509 *x)
+{
+    /* keyUsage if present should allow cert signing */
+    if (ku_reject(x, KU_KEY_CERT_SIGN))
+        return 0;
+    if (x->ex_flags & EXFLAG_BCONS) {
+        if (x->ex_flags & EXFLAG_CA)
+            return 1;
+        /* If basicConstraints says not a CA then say so */
+        else
+            return 0;
+    } else {
+        /* we support V1 roots for...  uh, I don't really know why. */
+        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+            return 3;
+        /*
+         * If key usage present it must have certSign so tolerate it
+         */
+        else if (x->ex_flags & EXFLAG_KUSAGE)
+            return 4;
+        /* Older certificates could have Netscape-specific CA types */
+        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+            return 5;
+        /* can this still be regarded a CA certificate?  I doubt it */
+        return 0;
+    }
+}
+
+void X509_set_proxy_flag(X509 *x)
+{
+    x->ex_flags |= EXFLAG_PROXY;
+}
+
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
+int X509_check_ca(X509 *x)
+{
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        CRYPTO_THREAD_write_lock(x->lock);
+        x509v3_cache_extensions(x);
+        CRYPTO_THREAD_unlock(x->lock);
+    }
+
+    return check_ca(x);
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+    int ca_ret;
+    ca_ret = check_ca(x);
+    if (!ca_ret)
+        return 0;
+    /* check nsCertType if present */
+    if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+        return ca_ret;
+    else
+        return 0;
+}
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_CLIENT))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+    /* We need to do digital signatures or key agreement */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
+        return 0;
+    /* nsCertType if present should allow SSL client use */
+    if (ns_reject(x, NS_SSL_CLIENT))
+        return 0;
+    return 1;
+}
+
+/*
+ * Key usage needed for TLS/SSL server: digital signature, encipherment or
+ * key agreement. The ssl code can check this more thoroughly for individual
+ * key types.
+ */
+#define KU_TLS \
+        KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+
+    if (ns_reject(x, NS_SSL_SERVER))
+        return 0;
+    if (ku_reject(x, KU_TLS))
+        return 0;
+
+    return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = check_purpose_ssl_server(xp, x, ca);
+    if (!ret || ca)
+        return ret;
+    /* We need to encipher or Netscape complains */
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+    if (xku_reject(x, XKU_SMIME))
+        return 0;
+    if (ca) {
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if (!ca_ret)
+            return 0;
+        /* check nsCertType if present */
+        if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (x->ex_flags & EXFLAG_NSCERT) {
+        if (x->ex_nscert & NS_SMIME)
+            return 1;
+        /* Workaround for some buggy certificates */
+        if (x->ex_nscert & NS_SSL_CLIENT)
+            return 2;
+        return 0;
+    }
+    return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca)
+{
+    if (ca) {
+        int ca_ret;
+        if ((ca_ret = check_ca(x)) != 2)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (ku_reject(x, KU_CRL_SIGN))
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    /*
+     * Must be a valid CA.  Should we really support the "I don't know" value
+     * (2)?
+     */
+    if (ca)
+        return check_ca(x);
+    /* leaf certificate is checked in OCSP_verify() */
+    return 1;
+}
+
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca)
+{
+    int i_ext;
+
+    /* If ca is true we must return if this is a valid CA certificate. */
+    if (ca)
+        return check_ca(x);
+
+    /*
+     * Check the optional key usage field:
+     * if Key Usage is present, it must be one of digitalSignature
+     * and/or nonRepudiation (other values are not consistent and shall
+     * be rejected).
+     */
+    if ((x->ex_flags & EXFLAG_KUSAGE)
+        && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+            !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+        return 0;
+
+    /* Only time stamp key usage is permitted and it's required. */
+    if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+        return 0;
+
+    /* Extended Key Usage MUST be critical */
+    i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
+    if (i_ext >= 0) {
+        X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+        if (!X509_EXTENSION_get_critical(ext))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    return 1;
+}
+
+/*-
+ * Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+    if (X509_NAME_cmp(X509_get_subject_name(issuer),
+                      X509_get_issuer_name(subject)))
+        return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+    x509v3_cache_extensions(issuer);
+    x509v3_cache_extensions(subject);
+
+    if (subject->akid) {
+        int ret = X509_check_akid(issuer, subject->akid);
+        if (ret != X509_V_OK)
+            return ret;
+    }
+
+    if (subject->ex_flags & EXFLAG_PROXY) {
+        if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+            return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+    } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+        return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+    return X509_V_OK;
+}
+
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
+{
+
+    if (!akid)
+        return X509_V_OK;
+
+    /* Check key ids (if present) */
+    if (akid->keyid && issuer->skid &&
+        ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
+        return X509_V_ERR_AKID_SKID_MISMATCH;
+    /* Check serial number */
+    if (akid->serial &&
+        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    /* Check issuer name */
+    if (akid->issuer) {
+        /*
+         * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+         * GeneralName. So look for a DirName. There may be more than one but
+         * we only take any notice of the first.
+         */
+        GENERAL_NAMES *gens;
+        GENERAL_NAME *gen;
+        X509_NAME *nm = NULL;
+        int i;
+        gens = akid->issuer;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type == GEN_DIRNAME) {
+                nm = gen->d.dirn;
+                break;
+            }
+        }
+        if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+            return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    }
+    return X509_V_OK;
+}
+
+uint32_t X509_get_extension_flags(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->ex_flags;
+}
+
+uint32_t X509_get_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_KUSAGE)
+        return x->ex_kusage;
+    return UINT32_MAX;
+}
+
+uint32_t X509_get_extended_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_XKUSAGE)
+        return x->ex_xkusage;
+    return UINT32_MAX;
+}
+
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->skid;
+}
+
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return (x->akid != NULL ? x->akid->keyid : NULL);
+}
+
+long X509_get_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_BCONS) == 0)
+        return -1;
+    return x->ex_pathlen;
+}
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_skey.c b/openssl-1.1.0h/crypto/x509v3/v3_skey.c
new file mode 100644
index 0000000..39597dc
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_skey.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include "ext_dat.h"
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_skey_id = {
+    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+    (X509V3_EXT_S2I)s2i_skey_id,
+    0, 0, 0, 0,
+    NULL
+};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 
+                            const ASN1_OCTET_STRING *oct)
+{
+    return OPENSSL_buf2hexstr(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    long length;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
+        ASN1_OCTET_STRING_free(oct);
+        return NULL;
+    }
+
+    oct->length = length;
+
+    return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
+    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    if (strcmp(str, "hash"))
+        return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return oct;
+
+    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    if (ctx->subject_req)
+        pubkey = ctx->subject_req->req_info.pubkey;
+    else
+        pubkey = ctx->subject_cert->cert_info.key;
+
+    if (pubkey == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
+
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    return oct;
+
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_sxnet.c b/openssl-1.1.0h/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000..89cda01
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent);
+#ifdef SXNET_TEST
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval);
+#endif
+const X509V3_EXT_METHOD v3_sxnet = {
+    NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+#ifdef SXNET_TEST
+    (X509V3_EXT_V2I)sxnet_v2i,
+#else
+    0,
+#endif
+    (X509V3_EXT_I2R)sxnet_i2r,
+    0,
+    NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent)
+{
+    long v;
+    char *tmp;
+    SXNETID *id;
+    int i;
+    v = ASN1_INTEGER_get(sx->version);
+    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+        BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+        OPENSSL_free(tmp);
+        ASN1_STRING_print(out, id->user);
+    }
+    return 1;
+}
+
+#ifdef SXNET_TEST
+
+/*
+ * NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *cnf;
+    SXNET *sx = NULL;
+    int i;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+            return NULL;
+    }
+    return sx;
+}
+
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+
+}
+
+/*
+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
+ * passed integer and doesn't make a copy so don't free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
+                         int userlen)
+{
+    SXNET *sx = NULL;
+    SXNETID *id = NULL;
+    if (!psx || !zone || !user) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return 0;
+    }
+    if (userlen == -1)
+        userlen = strlen(user);
+    if (userlen > 64) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
+        return 0;
+    }
+    if (*psx == NULL) {
+        if ((sx = SXNET_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(sx->version, 0))
+            goto err;
+        *psx = sx;
+    } else
+        sx = *psx;
+    if (SXNET_get_id_INTEGER(sx, zone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
+        return 0;
+    }
+
+    if ((id = SXNETID_new()) == NULL)
+        goto err;
+    if (userlen == -1)
+        userlen = strlen(user);
+
+    if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
+        goto err;
+    if (!sk_SXNETID_push(sx->ids, id))
+        goto err;
+    id->zone = zone;
+    return 1;
+
+ err:
+    X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+    SXNETID_free(id);
+    SXNET_free(sx);
+    *psx = NULL;
+    return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+    SXNETID *id;
+    int i;
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        if (!ASN1_INTEGER_cmp(id->zone, zone))
+            return id->user;
+    }
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_tlsf.c b/openssl-1.1.0h/crypto/x509v3/v3_tlsf.c
new file mode 100644
index 0000000..fec6724
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_tlsf.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/o_str.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list);
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+
+ASN1_ITEM_TEMPLATE(TLS_FEATURE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER)
+static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+const X509V3_EXT_METHOD v3_tls_feature = {
+    NID_tlsfeature, 0,
+    ASN1_ITEM_ref(TLS_FEATURE),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V)i2v_TLS_FEATURE,
+    (X509V3_EXT_V2I)v2i_TLS_FEATURE,
+    0, 0,
+    NULL
+};
+
+
+typedef struct {
+    long num;
+    const char *name;
+} TLS_FEATURE_NAME;
+
+static TLS_FEATURE_NAME tls_feature_tbl[] = {
+    { 5, "status_request" },
+    { 17, "status_request_v2" }
+};
+
+/*
+ * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the
+ * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format
+ * used by the CONF library to represent a multi-valued extension.  ext_list is
+ * returned.
+ */
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list)
+{
+    int i;
+    size_t j;
+    ASN1_INTEGER *ai;
+    long tlsextid;
+    for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) {
+        ai = sk_ASN1_INTEGER_value(tls_feature, i);
+        tlsextid = ASN1_INTEGER_get(ai);
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (tlsextid == tls_feature_tbl[j].num)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list);
+        else
+            X509V3_add_value_int(NULL, ai, &ext_list);
+    }
+    return ext_list;
+}
+
+/*
+ * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE
+ * structure, which is returned if the conversion is successful.  In case of
+ * error, NULL is returned.
+ */
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    TLS_FEATURE *tlsf;
+    char *extval, *endptr;
+    ASN1_INTEGER *ai;
+    CONF_VALUE *val;
+    int i;
+    size_t j;
+    long tlsextid;
+
+    if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            tlsextid = tls_feature_tbl[j].num;
+        else {
+            tlsextid = strtol(extval, &endptr, 10);
+            if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) ||
+                (tlsextid > 65535)) {
+                X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        ai = ASN1_INTEGER_new();
+        if (ai == NULL) {
+            X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ASN1_INTEGER_set(ai, tlsextid);
+        sk_ASN1_INTEGER_push(tlsf, ai);
+    }
+    return tlsf;
+
+ err:
+    sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3_utl.c b/openssl-1.1.0h/crypto/x509v3/v3_utl.c
new file mode 100644
index 0000000..418ef06
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3_utl.c
@@ -0,0 +1,1238 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/crypto.h>
+#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char *const *a, const char *const *b);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens);
+static void str_free(OPENSSL_STRING str);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email);
+
+static int ipv4_from_asc(unsigned char *v4, const char *in);
+static int ipv6_from_asc(unsigned char *v6, const char *in);
+static int ipv6_cb(const char *elem, int len, void *usr);
+static int ipv6_hex(unsigned char *out, const char *in, int inlen);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist)
+{
+    CONF_VALUE *vtmp = NULL;
+    char *tname = NULL, *tvalue = NULL;
+    int sk_allocated = (*extlist == NULL);
+
+    if (name && (tname = OPENSSL_strdup(name)) == NULL)
+        goto err;
+    if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
+        goto err;
+    if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
+        goto err;
+    if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    vtmp->section = NULL;
+    vtmp->name = tname;
+    vtmp->value = tvalue;
+    if (!sk_CONF_VALUE_push(*extlist, vtmp))
+        goto err;
+    return 1;
+ err:
+    X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+    if (sk_allocated) {
+        sk_CONF_VALUE_free(*extlist);
+        *extlist = NULL;
+    }
+    OPENSSL_free(vtmp);
+    OPENSSL_free(tname);
+    OPENSSL_free(tvalue);
+    return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist)
+{
+    return X509V3_add_value(name, (const char *)value, extlist);
+}
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+    if (!conf)
+        return;
+    OPENSSL_free(conf->name);
+    OPENSSL_free(conf->value);
+    OPENSSL_free(conf->section);
+    OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return 1;
+}
+
+static char *bignum_to_string(const BIGNUM *bn)
+{
+    char *tmp, *ret;
+    size_t len;
+
+    /*
+     * Display large numbers in hex and small numbers in decimal. Converting to
+     * decimal takes quadratic time and is no more useful than hex for large
+     * numbers.
+     */
+    if (BN_num_bits(bn) < 128)
+        return BN_bn2dec(bn);
+
+    tmp = BN_bn2hex(bn);
+    if (tmp == NULL)
+        return NULL;
+
+    len = strlen(tmp) + 3;
+    ret = OPENSSL_malloc(len);
+    if (ret == NULL) {
+        X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(tmp);
+        return NULL;
+    }
+
+    /* Prepend "0x", but place it after the "-" if negative. */
+    if (tmp[0] == '-') {
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
+    } else {
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
+    }
+    OPENSSL_free(tmp);
+    return ret;
+}
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
+{
+    BIGNUM *bn = NULL;
+    ASN1_INTEGER *aint;
+    int isneg, ishex;
+    int ret;
+    if (value == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
+        return NULL;
+    }
+    bn = BN_new();
+    if (bn == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (value[0] == '-') {
+        value++;
+        isneg = 1;
+    } else
+        isneg = 0;
+
+    if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+        value += 2;
+        ishex = 1;
+    } else
+        ishex = 0;
+
+    if (ishex)
+        ret = BN_hex2bn(&bn, value);
+    else
+        ret = BN_dec2bn(&bn, value);
+
+    if (!ret || value[ret]) {
+        BN_free(bn);
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+        return NULL;
+    }
+
+    if (isneg && BN_is_zero(bn))
+        isneg = 0;
+
+    aint = BN_to_ASN1_INTEGER(bn, NULL);
+    BN_free(bn);
+    if (!aint) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER,
+                  X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+        return NULL;
+    }
+    if (isneg)
+        aint->type |= V_ASN1_NEG;
+    return aint;
+}
+
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist)
+{
+    char *strtmp;
+    int ret;
+
+    if (!aint)
+        return 1;
+    if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL)
+        return 0;
+    ret = X509V3_add_value(name, strtmp, extlist);
+    OPENSSL_free(strtmp);
+    return ret;
+}
+
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
+{
+    const char *btmp;
+
+    if ((btmp = value->value) == NULL)
+        goto err;
+    if (strcmp(btmp, "TRUE") == 0
+        || strcmp(btmp, "true") == 0
+        || strcmp(btmp, "Y") == 0
+        || strcmp(btmp, "y") == 0
+        || strcmp(btmp, "YES") == 0
+        || strcmp(btmp, "yes") == 0) {
+        *asn1_bool = 0xff;
+        return 1;
+    }
+    if (strcmp(btmp, "FALSE") == 0
+        || strcmp(btmp, "false") == 0
+        || strcmp(btmp, "N") == 0
+        || strcmp(btmp, "n") == 0
+        || strcmp(btmp, "NO") == 0
+        || strcmp(btmp, "no") == 0) {
+        *asn1_bool = 0;
+        return 1;
+    }
+ err:
+    X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
+              X509V3_R_INVALID_BOOLEAN_STRING);
+    X509V3_conf_err(value);
+    return 0;
+}
+
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+    ASN1_INTEGER *itmp;
+
+    if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) {
+        X509V3_conf_err(value);
+        return 0;
+    }
+    *aint = itmp;
+    return 1;
+}
+
+#define HDR_NAME        1
+#define HDR_VALUE       2
+
+/*
+ * #define DEBUG
+ */
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+    char *p, *q, c;
+    char *ntmp, *vtmp;
+    STACK_OF(CONF_VALUE) *values = NULL;
+    char *linebuf;
+    int state;
+    /* We are going to modify the line so copy it first */
+    linebuf = OPENSSL_strdup(line);
+    if (linebuf == NULL) {
+        X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    state = HDR_NAME;
+    ntmp = NULL;
+    /* Go through all characters */
+    for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+         p++) {
+
+        switch (state) {
+        case HDR_NAME:
+            if (c == ':') {
+                state = HDR_VALUE;
+                *p = 0;
+                ntmp = strip_spaces(q);
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                q = p + 1;
+            } else if (c == ',') {
+                *p = 0;
+                ntmp = strip_spaces(q);
+                q = p + 1;
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+            }
+            break;
+
+        case HDR_VALUE:
+            if (c == ',') {
+                state = HDR_NAME;
+                *p = 0;
+                vtmp = strip_spaces(q);
+                if (!vtmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_VALUE);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+                ntmp = NULL;
+                q = p + 1;
+            }
+
+        }
+    }
+
+    if (state == HDR_VALUE) {
+        vtmp = strip_spaces(q);
+        if (!vtmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                      X509V3_R_INVALID_NULL_VALUE);
+            goto err;
+        }
+        X509V3_add_value(ntmp, vtmp, &values);
+    } else {
+        ntmp = strip_spaces(q);
+        if (!ntmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+            goto err;
+        }
+        X509V3_add_value(ntmp, NULL, &values);
+    }
+    OPENSSL_free(linebuf);
+    return values;
+
+ err:
+    OPENSSL_free(linebuf);
+    sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+    return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+    char *p, *q;
+    /* Skip over leading spaces */
+    p = name;
+    while (*p && isspace((unsigned char)*p))
+        p++;
+    if (!*p)
+        return NULL;
+    q = p + strlen(p) - 1;
+    while ((q != p) && isspace((unsigned char)*q))
+        q--;
+    if (p != q)
+        q[1] = 0;
+    if (!*p)
+        return NULL;
+    return p;
+}
+
+
+/*
+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+    int len, ret;
+    char c;
+    len = strlen(cmp);
+    if ((ret = strncmp(name, cmp, len)))
+        return ret;
+    c = name[len];
+    if (!c || (c == '.'))
+        return 0;
+    return 1;
+}
+
+static int sk_strcmp(const char *const *a, const char *const *b)
+{
+    return strcmp(*a, *b);
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
+{
+    AUTHORITY_INFO_ACCESS *info;
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    int i;
+
+    info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+    if (!info)
+        return NULL;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+        ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+        if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
+            if (ad->location->type == GEN_URI) {
+                if (!append_ia5
+                    (&ret, ad->location->d.uniformResourceIdentifier))
+                    break;
+            }
+        }
+    }
+    AUTHORITY_INFO_ACCESS_free(info);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(X509_EXTENSION) *exts;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    exts = X509_REQ_get_extensions(x);
+    gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_REQ_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+    return ret;
+}
+
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens)
+{
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    X509_NAME_ENTRY *ne;
+    ASN1_IA5STRING *email;
+    GENERAL_NAME *gen;
+    int i;
+    /* Now add any email address(es) to STACK */
+    i = -1;
+    /* First supplied X509_NAME */
+    while ((i = X509_NAME_get_index_by_NID(name,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(name, i);
+        email = X509_NAME_ENTRY_get_data(ne);
+        if (!append_ia5(&ret, email))
+            return NULL;
+    }
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        if (gen->type != GEN_EMAIL)
+            continue;
+        if (!append_ia5(&ret, gen->d.ia5))
+            return NULL;
+    }
+    return ret;
+}
+
+static void str_free(OPENSSL_STRING str)
+{
+    OPENSSL_free(str);
+}
+
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email)
+{
+    char *emtmp;
+    /* First some sanity checks */
+    if (email->type != V_ASN1_IA5STRING)
+        return 1;
+    if (!email->data || !email->length)
+        return 1;
+    if (*sk == NULL)
+        *sk = sk_OPENSSL_STRING_new(sk_strcmp);
+    if (*sk == NULL)
+        return 0;
+    /* Don't add duplicates */
+    if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
+        return 1;
+    emtmp = OPENSSL_strdup((char *)email->data);
+    if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+        OPENSSL_free(emtmp);    /* free on push failure */
+        X509_email_free(*sk);
+        *sk = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
+{
+    sk_OPENSSL_STRING_pop_free(sk, str_free);
+}
+
+typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
+                         const unsigned char *subject, size_t subject_len,
+                         unsigned int flags);
+
+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+                        size_t subject_len,
+                        unsigned int flags)
+{
+    const unsigned char *pattern = *p;
+    size_t pattern_len = *plen;
+
+    /*
+     * If subject starts with a leading '.' followed by more octets, and
+     * pattern is longer, compare just an equal-length suffix with the
+     * full subject (starting at the '.'), provided the prefix contains
+     * no NULs.
+     */
+    if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
+        return;
+
+    while (pattern_len > subject_len && *pattern) {
+        if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+            *pattern == '.')
+            break;
+        ++pattern;
+        --pattern_len;
+    }
+
+    /* Skip if entire prefix acceptable */
+    if (pattern_len == subject_len) {
+        *p = pattern;
+        *plen = pattern_len;
+    }
+}
+
+/* Compare while ASCII ignoring case. */
+static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
+                        const unsigned char *subject, size_t subject_len,
+                        unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    while (pattern_len) {
+        unsigned char l = *pattern;
+        unsigned char r = *subject;
+        /* The pattern must not contain NUL characters. */
+        if (l == 0)
+            return 0;
+        if (l != r) {
+            if ('A' <= l && l <= 'Z')
+                l = (l - 'A') + 'a';
+            if ('A' <= r && r <= 'Z')
+                r = (r - 'A') + 'a';
+            if (l != r)
+                return 0;
+        }
+        ++pattern;
+        ++subject;
+        --pattern_len;
+    }
+    return 1;
+}
+
+/* Compare using memcmp. */
+static int equal_case(const unsigned char *pattern, size_t pattern_len,
+                      const unsigned char *subject, size_t subject_len,
+                      unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    return !memcmp(pattern, subject, pattern_len);
+}
+
+/*
+ * RFC 5280, section 7.5, requires that only the domain is compared in a
+ * case-insensitive manner.
+ */
+static int equal_email(const unsigned char *a, size_t a_len,
+                       const unsigned char *b, size_t b_len,
+                       unsigned int unused_flags)
+{
+    size_t i = a_len;
+    if (a_len != b_len)
+        return 0;
+    /*
+     * We search backwards for the '@' character, so that we do not have to
+     * deal with quoted local-parts.  The domain part is compared in a
+     * case-insensitive manner.
+     */
+    while (i > 0) {
+        --i;
+        if (a[i] == '@' || b[i] == '@') {
+            if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+                return 0;
+            break;
+        }
+    }
+    if (i == 0)
+        i = a_len;
+    return equal_case(a, i, b, i, 0);
+}
+
+/*
+ * Compare the prefix and suffix with the subject, and check that the
+ * characters in-between are valid.
+ */
+static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
+                          const unsigned char *suffix, size_t suffix_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *wildcard_start;
+    const unsigned char *wildcard_end;
+    const unsigned char *p;
+    int allow_multi = 0;
+    int allow_idna = 0;
+
+    if (subject_len < prefix_len + suffix_len)
+        return 0;
+    if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+        return 0;
+    wildcard_start = subject + prefix_len;
+    wildcard_end = subject + (subject_len - suffix_len);
+    if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+        return 0;
+    /*
+     * If the wildcard makes up the entire first label, it must match at
+     * least one character.
+     */
+    if (prefix_len == 0 && *suffix == '.') {
+        if (wildcard_start == wildcard_end)
+            return 0;
+        allow_idna = 1;
+        if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
+            allow_multi = 1;
+    }
+    /* IDNA labels cannot match partial wildcards */
+    if (!allow_idna &&
+        subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
+        return 0;
+    /* The wildcard may match a literal '*' */
+    if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+        return 1;
+    /*
+     * Check that the part matched by the wildcard contains only
+     * permitted characters and only matches a single label unless
+     * allow_multi is set.
+     */
+    for (p = wildcard_start; p != wildcard_end; ++p)
+        if (!(('0' <= *p && *p <= '9') ||
+              ('A' <= *p && *p <= 'Z') ||
+              ('a' <= *p && *p <= 'z') ||
+              *p == '-' || (allow_multi && *p == '.')))
+            return 0;
+    return 1;
+}
+
+#define LABEL_START     (1 << 0)
+#define LABEL_END       (1 << 1)
+#define LABEL_HYPHEN    (1 << 2)
+#define LABEL_IDNA      (1 << 3)
+
+static const unsigned char *valid_star(const unsigned char *p, size_t len,
+                                       unsigned int flags)
+{
+    const unsigned char *star = 0;
+    size_t i;
+    int state = LABEL_START;
+    int dots = 0;
+    for (i = 0; i < len; ++i) {
+        /*
+         * Locate first and only legal wildcard, either at the start
+         * or end of a non-IDNA first and not final label.
+         */
+        if (p[i] == '*') {
+            int atstart = (state & LABEL_START);
+            int atend = (i == len - 1 || p[i + 1] == '.');
+            /*-
+             * At most one wildcard per pattern.
+             * No wildcards in IDNA labels.
+             * No wildcards after the first label.
+             */
+            if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+                return NULL;
+            /* Only full-label '*.example.com' wildcards? */
+            if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
+                && (!atstart || !atend))
+                return NULL;
+            /* No 'foo*bar' wildcards */
+            if (!atstart && !atend)
+                return NULL;
+            star = &p[i];
+            state &= ~LABEL_START;
+        } else if (('a' <= p[i] && p[i] <= 'z')
+                   || ('A' <= p[i] && p[i] <= 'Z')
+                   || ('0' <= p[i] && p[i] <= '9')) {
+            if ((state & LABEL_START) != 0
+                && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+                state |= LABEL_IDNA;
+            state &= ~(LABEL_HYPHEN | LABEL_START);
+        } else if (p[i] == '.') {
+            if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+                return NULL;
+            state = LABEL_START;
+            ++dots;
+        } else if (p[i] == '-') {
+            /* no domain/subdomain starts with '-' */
+            if ((state & LABEL_START) != 0)
+                return NULL;
+            state |= LABEL_HYPHEN;
+        } else
+            return NULL;
+    }
+
+    /*
+     * The final label must not end in a hyphen or ".", and
+     * there must be at least two dots after the star.
+     */
+    if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+        return NULL;
+    return star;
+}
+
+/* Compare using wildcards. */
+static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *star = NULL;
+
+    /*
+     * Subject names starting with '.' can only match a wildcard pattern
+     * via a subject sub-domain pattern suffix match.
+     */
+    if (!(subject_len > 1 && subject[0] == '.'))
+        star = valid_star(pattern, pattern_len, flags);
+    if (star == NULL)
+        return equal_nocase(pattern, pattern_len,
+                            subject, subject_len, flags);
+    return wildcard_match(pattern, star - pattern,
+                          star + 1, (pattern + pattern_len) - star - 1,
+                          subject, subject_len, flags);
+}
+
+/*
+ * Compare an ASN1_STRING to a supplied string. If they match return 1. If
+ * cmp_type > 0 only compare if string matches the type, otherwise convert it
+ * to UTF8.
+ */
+
+static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
+                           unsigned int flags, const char *b, size_t blen,
+                           char **peername)
+{
+    int rv = 0;
+
+    if (!a->data || !a->length)
+        return 0;
+    if (cmp_type > 0) {
+        if (cmp_type != a->type)
+            return 0;
+        if (cmp_type == V_ASN1_IA5STRING)
+            rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+            rv = 1;
+        if (rv > 0 && peername)
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
+    } else {
+        int astrlen;
+        unsigned char *astr;
+        astrlen = ASN1_STRING_to_UTF8(&astr, a);
+        if (astrlen < 0) {
+            /*
+             * -1 could be an internal malloc failure or a decoding error from
+             * malformed input; we can't distinguish.
+             */
+            return -1;
+        }
+        rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+        if (rv > 0 && peername)
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
+        OPENSSL_free(astr);
+    }
+    return rv;
+}
+
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+                         unsigned int flags, int check_type, char **peername)
+{
+    GENERAL_NAMES *gens = NULL;
+    X509_NAME *name = NULL;
+    int i;
+    int cnid = NID_undef;
+    int alt_type;
+    int san_present = 0;
+    int rv = 0;
+    equal_fn equal;
+
+    /* See below, this flag is internal-only */
+    flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+    if (check_type == GEN_EMAIL) {
+        cnid = NID_pkcs9_emailAddress;
+        alt_type = V_ASN1_IA5STRING;
+        equal = equal_email;
+    } else if (check_type == GEN_DNS) {
+        cnid = NID_commonName;
+        /* Implicit client-side DNS sub-domain pattern */
+        if (chklen > 1 && chk[0] == '.')
+            flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
+        alt_type = V_ASN1_IA5STRING;
+        if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
+            equal = equal_nocase;
+        else
+            equal = equal_wildcard;
+    } else {
+        alt_type = V_ASN1_OCTET_STRING;
+        equal = equal_case;
+    }
+
+    if (chklen == 0)
+        chklen = strlen(chk);
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    if (gens) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            GENERAL_NAME *gen;
+            ASN1_STRING *cstr;
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type != check_type)
+                continue;
+            san_present = 1;
+            if (check_type == GEN_EMAIL)
+                cstr = gen->d.rfc822Name;
+            else if (check_type == GEN_DNS)
+                cstr = gen->d.dNSName;
+            else
+                cstr = gen->d.iPAddress;
+            /* Positive on success, negative on error! */
+            if ((rv = do_check_string(cstr, alt_type, equal, flags,
+                                      chk, chklen, peername)) != 0)
+                break;
+        }
+        GENERAL_NAMES_free(gens);
+        if (rv != 0)
+            return rv;
+        if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
+            return 0;
+    }
+
+    /* We're done if CN-ID is not pertinent */
+    if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
+        return 0;
+
+    i = -1;
+    name = X509_get_subject_name(x);
+    while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
+        const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i);
+        const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne);
+
+        /* Positive on success, negative on error! */
+        if ((rv = do_check_string(str, -1, equal, flags,
+                                  chk, chklen, peername)) != 0)
+            return rv;
+    }
+    return 0;
+}
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen(chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
+}
+
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen((char *)chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
+}
+
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
+}
+
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    if (ipasc == NULL)
+        return -2;
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return -2;
+    return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
+}
+
+/*
+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
+ * with RFC3280.
+ */
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
+{
+    unsigned char ipout[16];
+    ASN1_OCTET_STRING *ret;
+    int iplen;
+
+    /* If string contains a ':' assume IPv6 */
+
+    iplen = a2i_ipadd(ipout, ipasc);
+
+    if (!iplen)
+        return NULL;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
+        ASN1_OCTET_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
+{
+    ASN1_OCTET_STRING *ret = NULL;
+    unsigned char ipout[32];
+    char *iptmp = NULL, *p;
+    int iplen1, iplen2;
+    p = strchr(ipasc, '/');
+    if (!p)
+        return NULL;
+    iptmp = OPENSSL_strdup(ipasc);
+    if (!iptmp)
+        return NULL;
+    p = iptmp + (p - ipasc);
+    *p++ = 0;
+
+    iplen1 = a2i_ipadd(ipout, iptmp);
+
+    if (!iplen1)
+        goto err;
+
+    iplen2 = a2i_ipadd(ipout + iplen1, p);
+
+    OPENSSL_free(iptmp);
+    iptmp = NULL;
+
+    if (!iplen2 || (iplen1 != iplen2))
+        goto err;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+        goto err;
+
+    return ret;
+
+ err:
+    OPENSSL_free(iptmp);
+    ASN1_OCTET_STRING_free(ret);
+    return NULL;
+}
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+{
+    /* If string contains a ':' assume IPv6 */
+
+    if (strchr(ipasc, ':')) {
+        if (!ipv6_from_asc(ipout, ipasc))
+            return 0;
+        return 16;
+    } else {
+        if (!ipv4_from_asc(ipout, ipasc))
+            return 0;
+        return 4;
+    }
+}
+
+static int ipv4_from_asc(unsigned char *v4, const char *in)
+{
+    int a0, a1, a2, a3;
+    if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+        return 0;
+    if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+        || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+        return 0;
+    v4[0] = a0;
+    v4[1] = a1;
+    v4[2] = a2;
+    v4[3] = a3;
+    return 1;
+}
+
+typedef struct {
+    /* Temporary store for IPV6 output */
+    unsigned char tmp[16];
+    /* Total number of bytes in tmp */
+    int total;
+    /* The position of a zero (corresponding to '::') */
+    int zero_pos;
+    /* Number of zeroes */
+    int zero_cnt;
+} IPV6_STAT;
+
+static int ipv6_from_asc(unsigned char *v6, const char *in)
+{
+    IPV6_STAT v6stat;
+    v6stat.total = 0;
+    v6stat.zero_pos = -1;
+    v6stat.zero_cnt = 0;
+    /*
+     * Treat the IPv6 representation as a list of values separated by ':'.
+     * The presence of a '::' will parse as one, two or three zero length
+     * elements.
+     */
+    if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+        return 0;
+
+    /* Now for some sanity checks */
+
+    if (v6stat.zero_pos == -1) {
+        /* If no '::' must have exactly 16 bytes */
+        if (v6stat.total != 16)
+            return 0;
+    } else {
+        /* If '::' must have less than 16 bytes */
+        if (v6stat.total == 16)
+            return 0;
+        /* More than three zeroes is an error */
+        if (v6stat.zero_cnt > 3)
+            return 0;
+        /* Can only have three zeroes if nothing else present */
+        else if (v6stat.zero_cnt == 3) {
+            if (v6stat.total > 0)
+                return 0;
+        }
+        /* Can only have two zeroes if at start or end */
+        else if (v6stat.zero_cnt == 2) {
+            if ((v6stat.zero_pos != 0)
+                && (v6stat.zero_pos != v6stat.total))
+                return 0;
+        } else
+            /* Can only have one zero if *not* start or end */
+        {
+            if ((v6stat.zero_pos == 0)
+                || (v6stat.zero_pos == v6stat.total))
+                return 0;
+        }
+    }
+
+    /* Format result */
+
+    if (v6stat.zero_pos >= 0) {
+        /* Copy initial part */
+        memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+        /* Zero middle */
+        memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+        /* Copy final part */
+        if (v6stat.total != v6stat.zero_pos)
+            memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+                   v6stat.tmp + v6stat.zero_pos,
+                   v6stat.total - v6stat.zero_pos);
+    } else
+        memcpy(v6, v6stat.tmp, 16);
+
+    return 1;
+}
+
+static int ipv6_cb(const char *elem, int len, void *usr)
+{
+    IPV6_STAT *s = usr;
+    /* Error if 16 bytes written */
+    if (s->total == 16)
+        return 0;
+    if (len == 0) {
+        /* Zero length element, corresponds to '::' */
+        if (s->zero_pos == -1)
+            s->zero_pos = s->total;
+        /* If we've already got a :: its an error */
+        else if (s->zero_pos != s->total)
+            return 0;
+        s->zero_cnt++;
+    } else {
+        /* If more than 4 characters could be final a.b.c.d form */
+        if (len > 4) {
+            /* Need at least 4 bytes left */
+            if (s->total > 12)
+                return 0;
+            /* Must be end of string */
+            if (elem[len])
+                return 0;
+            if (!ipv4_from_asc(s->tmp + s->total, elem))
+                return 0;
+            s->total += 4;
+        } else {
+            if (!ipv6_hex(s->tmp + s->total, elem, len))
+                return 0;
+            s->total += 2;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form.
+ */
+
+static int ipv6_hex(unsigned char *out, const char *in, int inlen)
+{
+    unsigned char c;
+    unsigned int num = 0;
+    int x;
+
+    if (inlen > 4)
+        return 0;
+    while (inlen--) {
+        c = *in++;
+        num <<= 4;
+        x = OPENSSL_hexchar2int(c);
+        if (x < 0)
+            return 0;
+        num |= (char)x;
+    }
+    out[0] = num >> 8;
+    out[1] = num & 0xff;
+    return 1;
+}
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype)
+{
+    CONF_VALUE *v;
+    int i, mval, spec_char, plus_char;
+    char *p, *type;
+    if (!nm)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = type; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            mval = -1;
+            type++;
+        } else
+            mval = 0;
+        if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3conf.c b/openssl-1.1.0h/crypto/x509v3/v3conf.c
new file mode 100644
index 0000000..966ab90
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3conf.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+    LHASH *conf;
+    X509 *cert;
+    FILE *inf;
+    char *conf_file;
+    int i;
+    int count;
+    X509_EXTENSION *ext;
+    X509V3_add_standard_extensions();
+    ERR_load_crypto_strings();
+    if (!argv[1]) {
+        fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+        exit(1);
+    }
+    conf_file = argv[2];
+    if (!conf_file)
+        conf_file = "test.cnf";
+    conf = CONF_load(NULL, "test.cnf", NULL);
+    if (!conf) {
+        fprintf(stderr, "Error opening Config file %s\n", conf_file);
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    inf = fopen(argv[1], "r");
+    if (!inf) {
+        fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+        exit(1);
+    }
+    cert = PEM_read_X509(inf, NULL, NULL);
+    if (!cert) {
+        fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+        exit(1);
+    }
+    fclose(inf);
+
+    sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+    cert->cert_info->extensions = NULL;
+
+    if (!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+        fprintf(stderr, "Error adding extensions\n");
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+
+    count = X509_get_ext_count(cert);
+    printf("%d extensions\n", count);
+    for (i = 0; i < count; i++) {
+        ext = X509_get_ext(cert, i);
+        printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+        if (ext->critical)
+            printf(",critical:\n");
+        else
+            printf(":\n");
+        X509V3_EXT_print_fp(stdout, ext, 0, 0);
+        printf("\n");
+
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3err.c b/openssl-1.1.0h/crypto/x509v3/v3err.c
new file mode 100644
index 0000000..d598791
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3err.c
@@ -0,0 +1,188 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
+
+static ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"},
+    {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL),
+     "addr_validate_path_internal"},
+    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
+     "ASIdentifierChoice_canonize"},
+    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
+     "ASIdentifierChoice_is_canonical"},
+    {ERR_FUNC(X509V3_F_BIGNUM_TO_STRING), "bignum_to_string"},
+    {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"},
+    {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"},
+    {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"},
+    {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"},
+    {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"},
+    {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
+    {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),
+     "i2v_AUTHORITY_INFO_ACCESS"},
+    {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"},
+    {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"},
+    {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"},
+    {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"},
+    {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"},
+    {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
+    {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"},
+    {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
+    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
+    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
+    {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"},
+    {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
+    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),
+     "v2i_AUTHORITY_INFO_ACCESS"},
+    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"},
+    {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"},
+    {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"},
+    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
+    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
+    {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"},
+    {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"},
+    {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"},
+    {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"},
+    {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"},
+    {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"},
+    {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"},
+    {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
+    {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
+    {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
+    {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
+    {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+     "bn to asn1 integer error"},
+    {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"},
+    {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"},
+    {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
+    {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),
+     "error creating extension"},
+    {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"},
+    {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
+    {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"},
+    {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
+    {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
+    {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+     "extension setting not supported"},
+    {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
+    {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
+    {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+     "incorrect policy syntax tag"},
+    {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"},
+    {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
+    {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),
+     "invalid extension string"},
+    {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
+    {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"},
+    {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"},
+    {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"},
+    {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),
+     "invalid object identifier"},
+    {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),
+     "invalid policy identifier"},
+    {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),
+     "invalid proxy policy setting"},
+    {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
+    {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+     "need organization and numbers"},
+    {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"},
+    {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
+    {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"},
+    {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
+    {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+     "no proxy cert policy language defined"},
+    {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
+    {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
+    {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
+     "policy language already defined"},
+    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
+    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
+     "policy path length already defined"},
+    {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+     "policy when proxy language requires no policy"},
+    {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
+    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+     "unable to get issuer details"},
+    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+     "unable to get issuer keyid"},
+    {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+     "unknown bit string argument"},
+    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"},
+    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
+    {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"},
+    {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509V3_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, X509V3_str_functs);
+        ERR_load_strings(0, X509V3_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/crypto/x509v3/v3prin.c b/openssl-1.1.0h/crypto/x509v3/v3prin.c
new file mode 100644
index 0000000..7431a4e
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x509v3/v3prin.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int main(int argc, char **argv)
+{
+    X509 *cert;
+    FILE *inf;
+    int i, count;
+    X509_EXTENSION *ext;
+
+    X509V3_add_standard_extensions();
+    ERR_load_crypto_strings();
+    if (!argv[1]) {
+        fprintf(stderr, "Usage v3prin cert.pem\n");
+        exit(1);
+    }
+    if ((inf = fopen(argv[1], "r")) == NULL) {
+        fprintf(stderr, "Can't open %s\n", argv[1]);
+        exit(1);
+    }
+    if ((cert = PEM_read_X509(inf, NULL, NULL)) == NULL) {
+        fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    fclose(inf);
+    count = X509_get_ext_count(cert);
+    printf("%d extensions\n", count);
+    for (i = 0; i < count; i++) {
+        ext = X509_get_ext(cert, i);
+        printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+        if (!X509V3_EXT_print_fp(stdout, ext, 0, 0))
+            ERR_print_errors_fp(stderr);
+        printf("\n");
+
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/crypto/x86_64cpuid.pl b/openssl-1.1.0h/crypto/x86_64cpuid.pl
new file mode 100644
index 0000000..1a6f728
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x86_64cpuid.pl
@@ -0,0 +1,475 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") :	# Win64 order
+				 ("%rdi","%rsi","%rdx","%rcx");	# Unix order
+
+print<<___;
+.extern		OPENSSL_cpuid_setup
+.hidden		OPENSSL_cpuid_setup
+.section	.init
+	call	OPENSSL_cpuid_setup
+
+.hidden	OPENSSL_ia32cap_P
+.comm	OPENSSL_ia32cap_P,16,4
+
+.text
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,\@abi-omnipotent
+.align	16
+OPENSSL_atomic_add:
+	movl	($arg1),%eax
+.Lspin:	leaq	($arg2,%rax),%r8
+	.byte	0xf0		# lock
+	cmpxchgl	%r8d,($arg1)
+	jne	.Lspin
+	movl	%r8d,%eax
+	.byte	0x48,0x98	# cltq/cdqe
+	ret
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,\@abi-omnipotent
+.align	16
+OPENSSL_rdtsc:
+	rdtsc
+	shl	\$32,%rdx
+	or	%rdx,%rax
+	ret
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_ia32_cpuid
+.type	OPENSSL_ia32_cpuid,\@function,1
+.align	16
+OPENSSL_ia32_cpuid:
+	mov	%rbx,%r8		# save %rbx
+
+	xor	%eax,%eax
+	mov	%eax,8(%rdi)		# clear extended feature flags
+	cpuid
+	mov	%eax,%r11d		# max value for standard query level
+
+	xor	%eax,%eax
+	cmp	\$0x756e6547,%ebx	# "Genu"
+	setne	%al
+	mov	%eax,%r9d
+	cmp	\$0x49656e69,%edx	# "ineI"
+	setne	%al
+	or	%eax,%r9d
+	cmp	\$0x6c65746e,%ecx	# "ntel"
+	setne	%al
+	or	%eax,%r9d		# 0 indicates Intel CPU
+	jz	.Lintel
+
+	cmp	\$0x68747541,%ebx	# "Auth"
+	setne	%al
+	mov	%eax,%r10d
+	cmp	\$0x69746E65,%edx	# "enti"
+	setne	%al
+	or	%eax,%r10d
+	cmp	\$0x444D4163,%ecx	# "cAMD"
+	setne	%al
+	or	%eax,%r10d		# 0 indicates AMD CPU
+	jnz	.Lintel
+
+	# AMD specific
+	mov	\$0x80000000,%eax
+	cpuid
+	cmp	\$0x80000001,%eax
+	jb	.Lintel
+	mov	%eax,%r10d
+	mov	\$0x80000001,%eax
+	cpuid
+	or	%ecx,%r9d
+	and	\$0x00000801,%r9d	# isolate AMD XOP bit, 1<<11
+
+	cmp	\$0x80000008,%r10d
+	jb	.Lintel
+
+	mov	\$0x80000008,%eax
+	cpuid
+	movzb	%cl,%r10		# number of cores - 1
+	inc	%r10			# number of cores
+
+	mov	\$1,%eax
+	cpuid
+	bt	\$28,%edx		# test hyper-threading bit
+	jnc	.Lgeneric
+	shr	\$16,%ebx		# number of logical processors
+	cmp	%r10b,%bl
+	ja	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+	jmp	.Lgeneric
+
+.Lintel:
+	cmp	\$4,%r11d
+	mov	\$-1,%r10d
+	jb	.Lnocacheinfo
+
+	mov	\$4,%eax
+	mov	\$0,%ecx		# query L1D
+	cpuid
+	mov	%eax,%r10d
+	shr	\$14,%r10d
+	and	\$0xfff,%r10d		# number of cores -1 per L1D
+
+.Lnocacheinfo:
+	mov	\$1,%eax
+	cpuid
+	and	\$0xbfefffff,%edx	# force reserved bits to 0
+	cmp	\$0,%r9d
+	jne	.Lnotintel
+	or	\$0x40000000,%edx	# set reserved bit#30 on Intel CPUs
+	and	\$15,%ah
+	cmp	\$15,%ah		# examine Family ID
+	jne	.LnotP4
+	or	\$0x00100000,%edx	# set reserved bit#20 to engage RC4_CHAR
+.LnotP4:
+	cmp	\$6,%ah
+	jne	.Lnotintel
+	and	\$0x0fff0ff0,%eax
+	cmp	\$0x00050670,%eax	# Knights Landing
+	je	.Lknights
+	cmp	\$0x00080650,%eax	# Knights Mill (according to sde)
+	jne	.Lnotintel
+.Lknights:
+	and	\$0xfbffffff,%ecx	# clear XSAVE flag to mimic Silvermont
+
+.Lnotintel:
+	bt	\$28,%edx		# test hyper-threading bit
+	jnc	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+	cmp	\$0,%r10d
+	je	.Lgeneric
+
+	or	\$0x10000000,%edx	# 1<<28
+	shr	\$16,%ebx
+	cmp	\$1,%bl			# see if cache is shared
+	ja	.Lgeneric
+	and	\$0xefffffff,%edx	# ~(1<<28)
+.Lgeneric:
+	and	\$0x00000800,%r9d	# isolate AMD XOP flag
+	and	\$0xfffff7ff,%ecx
+	or	%ecx,%r9d		# merge AMD XOP flag
+
+	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
+
+	cmp	\$7,%r11d
+	jb	.Lno_extended_info
+	mov	\$7,%eax
+	xor	%ecx,%ecx
+	cpuid
+	bt	\$26,%r9d		# check XSAVE bit, cleared on Knights
+	jc	.Lnotknights
+	and	\$0xfff7ffff,%ebx	# clear ADCX/ADOX flag
+.Lnotknights:
+	mov	%ebx,8(%rdi)		# save extended feature flags
+.Lno_extended_info:
+
+	bt	\$27,%r9d		# check OSXSAVE bit
+	jnc	.Lclear_avx
+	xor	%ecx,%ecx		# XCR0
+	.byte	0x0f,0x01,0xd0		# xgetbv
+	and	\$6,%eax		# isolate XMM and YMM state support
+	cmp	\$6,%eax
+	je	.Ldone
+.Lclear_avx:
+	mov	\$0xefffe7ff,%eax	# ~(1<<28|1<<12|1<<11)
+	and	%eax,%r9d		# clear AVX, FMA and AMD XOP bits
+	andl	\$0xffffffdf,8(%rdi)	# clear AVX2, ~(1<<5)
+.Ldone:
+	shl	\$32,%r9
+	mov	%r10d,%eax
+	mov	%r8,%rbx		# restore %rbx
+	or	%r9,%rax
+	ret
+.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
+
+.globl  OPENSSL_cleanse
+.type   OPENSSL_cleanse,\@abi-omnipotent
+.align  16
+OPENSSL_cleanse:
+	xor	%rax,%rax
+	cmp	\$15,$arg2
+	jae	.Lot
+	cmp	\$0,$arg2
+	je	.Lret
+.Little:
+	mov	%al,($arg1)
+	sub	\$1,$arg2
+	lea	1($arg1),$arg1
+	jnz	.Little
+.Lret:
+	ret
+.align	16
+.Lot:
+	test	\$7,$arg1
+	jz	.Laligned
+	mov	%al,($arg1)
+	lea	-1($arg2),$arg2
+	lea	1($arg1),$arg1
+	jmp	.Lot
+.Laligned:
+	mov	%rax,($arg1)
+	lea	-8($arg2),$arg2
+	test	\$-8,$arg2
+	lea	8($arg1),$arg1
+	jnz	.Laligned
+	cmp	\$0,$arg2
+	jne	.Little
+	ret
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl  CRYPTO_memcmp
+.type   CRYPTO_memcmp,\@abi-omnipotent
+.align  16
+CRYPTO_memcmp:
+	xor	%rax,%rax
+	xor	%r10,%r10
+	cmp	\$0,$arg3
+	je	.Lno_data
+.Loop_cmp:
+	mov	($arg1),%r10b
+	lea	1($arg1),$arg1
+	xor	($arg2),%r10b
+	lea	1($arg2),$arg2
+	or	%r10b,%al
+	dec	$arg3
+	jnz	.Loop_cmp
+	neg	%rax
+	shr	\$63,%rax
+.Lno_data:
+	ret
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+___
+
+print<<___ if (!$win64);
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@abi-omnipotent
+.align	16
+OPENSSL_wipe_cpu:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%rsi,%rsi
+	xorq	%rdi,%rdi
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	ret
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+___
+print<<___ if ($win64);
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,\@abi-omnipotent
+.align	16
+OPENSSL_wipe_cpu:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	ret
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+___
+{
+my $out="%r10";
+my $cnt="%rcx";
+my $max="%r11";
+my $lasttick="%r8d";
+my $lastdiff="%r9d";
+my $redzone=win64?8:-8;
+
+print<<___;
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,\@abi-omnipotent
+.align	16
+OPENSSL_instrument_bus:
+	mov	$arg1,$out	# tribute to Win64
+	mov	$arg2,$cnt
+	mov	$arg2,$max
+
+	rdtsc			# collect 1st tick
+	mov	%eax,$lasttick	# lasttick = tick
+	mov	\$0,$lastdiff	# lastdiff = 0
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	$lastdiff,($out)
+	jmp	.Loop
+.align	16
+.Loop:	rdtsc
+	mov	%eax,%edx
+	sub	$lasttick,%eax
+	mov	%edx,$lasttick
+	mov	%eax,$lastdiff
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	%eax,($out)
+	lea	4($out),$out
+	sub	\$1,$cnt
+	jnz	.Loop
+
+	mov	$max,%rax
+	ret
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,\@abi-omnipotent
+.align	16
+OPENSSL_instrument_bus2:
+	mov	$arg1,$out	# tribute to Win64
+	mov	$arg2,$cnt
+	mov	$arg3,$max
+	mov	$cnt,$redzone(%rsp)
+
+	rdtsc			# collect 1st tick
+	mov	%eax,$lasttick	# lasttick = tick
+	mov	\$0,$lastdiff	# lastdiff = 0
+
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	$lastdiff,($out)
+
+	rdtsc			# collect 1st diff
+	mov	%eax,%edx
+	sub	$lasttick,%eax	# diff
+	mov	%edx,$lasttick	# lasttick = tick
+	mov	%eax,$lastdiff	# lastdiff = diff
+.Loop2:
+	clflush	($out)
+	.byte	0xf0		# lock
+	add	%eax,($out)	# accumulate diff
+
+	sub	\$1,$max
+	jz	.Ldone2
+
+	rdtsc
+	mov	%eax,%edx
+	sub	$lasttick,%eax	# diff
+	mov	%edx,$lasttick	# lasttick = tick
+	cmp	$lastdiff,%eax
+	mov	%eax,$lastdiff	# lastdiff = diff
+	mov	\$0,%edx
+	setne	%dl
+	sub	%rdx,$cnt	# conditional --$cnt
+	lea	($out,%rdx,4),$out	# conditional ++$out
+	jnz	.Loop2
+
+.Ldone2:
+	mov	$redzone(%rsp),%rax
+	sub	$cnt,%rax
+	ret
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+___
+}
+
+sub gen_random {
+my $rdop = shift;
+print<<___;
+.globl	OPENSSL_ia32_${rdop}
+.type	OPENSSL_ia32_${rdop},\@abi-omnipotent
+.align	16
+OPENSSL_ia32_${rdop}:
+	mov	\$8,%ecx
+.Loop_${rdop}:
+	${rdop}	%rax
+	jc	.Lbreak_${rdop}
+	loop	.Loop_${rdop}
+.Lbreak_${rdop}:
+	cmp	\$0,%rax
+	cmove	%rcx,%rax
+	ret
+.size	OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop}
+
+.globl	OPENSSL_ia32_${rdop}_bytes
+.type	OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
+.align	16
+OPENSSL_ia32_${rdop}_bytes:
+	xor	%rax, %rax	# return value
+	cmp	\$0,$arg2
+	je	.Ldone_${rdop}_bytes
+
+	mov	\$8,%r11
+.Loop_${rdop}_bytes:
+	${rdop}	%r10
+	jc	.Lbreak_${rdop}_bytes
+	dec	%r11
+	jnz	.Loop_${rdop}_bytes
+	jmp	.Ldone_${rdop}_bytes
+
+.align	16
+.Lbreak_${rdop}_bytes:
+	cmp	\$8,$arg2
+	jb	.Ltail_${rdop}_bytes
+	mov	%r10,($arg1)
+	lea	8($arg1),$arg1
+	add	\$8,%rax
+	sub	\$8,$arg2
+	jz	.Ldone_${rdop}_bytes
+	mov	\$8,%r11
+	jmp	.Loop_${rdop}_bytes
+
+.align	16
+.Ltail_${rdop}_bytes:
+	mov	%r10b,($arg1)
+	lea	1($arg1),$arg1
+	inc	%rax
+	shr	\$8,%r8
+	dec	$arg2
+	jnz	.Ltail_${rdop}_bytes
+
+.Ldone_${rdop}_bytes:
+	ret
+.size	OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
+___
+}
+gen_random("rdrand");
+gen_random("rdseed");
+
+close STDOUT;	# flush
diff --git a/openssl-1.1.0h/crypto/x86cpuid.pl b/openssl-1.1.0h/crypto/x86cpuid.pl
new file mode 100644
index 0000000..4622a9f
--- /dev/null
+++ b/openssl-1.1.0h/crypto/x86cpuid.pl
@@ -0,0 +1,559 @@
+#! /usr/bin/env perl
+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}perlasm", "perlasm");
+require "x86asm.pl";
+
+$output = pop;
+open OUT,">$output";
+*STDOUT=*OUT;
+
+&asm_init($ARGV[0],"x86cpuid");
+
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&function_begin("OPENSSL_ia32_cpuid");
+	&xor	("edx","edx");
+	&pushf	();
+	&pop	("eax");
+	&mov	("ecx","eax");
+	&xor	("eax",1<<21);
+	&push	("eax");
+	&popf	();
+	&pushf	();
+	&pop	("eax");
+	&xor	("ecx","eax");
+	&xor	("eax","eax");
+	&mov	("esi",&wparam(0));
+	&mov	(&DWP(8,"esi"),"eax");	# clear extended feature flags
+	&bt	("ecx",21);
+	&jnc	(&label("nocpuid"));
+	&cpuid	();
+	&mov	("edi","eax");		# max value for standard query level
+
+	&xor	("eax","eax");
+	&cmp	("ebx",0x756e6547);	# "Genu"
+	&setne	(&LB("eax"));
+	&mov	("ebp","eax");
+	&cmp	("edx",0x49656e69);	# "ineI"
+	&setne	(&LB("eax"));
+	&or	("ebp","eax");
+	&cmp	("ecx",0x6c65746e);	# "ntel"
+	&setne	(&LB("eax"));
+	&or	("ebp","eax");		# 0 indicates Intel CPU
+	&jz	(&label("intel"));
+
+	&cmp	("ebx",0x68747541);	# "Auth"
+	&setne	(&LB("eax"));
+	&mov	("esi","eax");
+	&cmp	("edx",0x69746E65);	# "enti"
+	&setne	(&LB("eax"));
+	&or	("esi","eax");
+	&cmp	("ecx",0x444D4163);	# "cAMD"
+	&setne	(&LB("eax"));
+	&or	("esi","eax");		# 0 indicates AMD CPU
+	&jnz	(&label("intel"));
+
+	# AMD specific
+	&mov	("eax",0x80000000);
+	&cpuid	();
+	&cmp	("eax",0x80000001);
+	&jb	(&label("intel"));
+	&mov	("esi","eax");
+	&mov	("eax",0x80000001);
+	&cpuid	();
+	&or	("ebp","ecx");
+	&and	("ebp",1<<11|1);	# isolate XOP bit
+	&cmp	("esi",0x80000008);
+	&jb	(&label("intel"));
+
+	&mov	("eax",0x80000008);
+	&cpuid	();
+	&movz	("esi",&LB("ecx"));	# number of cores - 1
+	&inc	("esi");		# number of cores
+
+	&mov	("eax",1);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&bt	("edx",28);
+	&jnc	(&label("generic"));
+	&shr	("ebx",16);
+	&and	("ebx",0xff);
+	&cmp	("ebx","esi");
+	&ja	(&label("generic"));
+	&and	("edx",0xefffffff);	# clear hyper-threading bit
+	&jmp	(&label("generic"));
+	
+&set_label("intel");
+	&cmp	("edi",4);
+	&mov	("esi",-1);
+	&jb	(&label("nocacheinfo"));
+
+	&mov	("eax",4);
+	&mov	("ecx",0);		# query L1D
+	&cpuid	();
+	&mov	("esi","eax");
+	&shr	("esi",14);
+	&and	("esi",0xfff);		# number of cores -1 per L1D
+
+&set_label("nocacheinfo");
+	&mov	("eax",1);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&and	("edx",0xbfefffff);	# force reserved bits #20, #30 to 0
+	&cmp	("ebp",0);
+	&jne	(&label("notintel"));
+	&or	("edx",1<<30);		# set reserved bit#30 on Intel CPUs
+	&and	(&HB("eax"),15);	# familiy ID
+	&cmp	(&HB("eax"),15);	# P4?
+	&jne	(&label("notintel"));
+	&or	("edx",1<<20);		# set reserved bit#20 to engage RC4_CHAR
+&set_label("notintel");
+	&bt	("edx",28);		# test hyper-threading bit
+	&jnc	(&label("generic"));
+	&and	("edx",0xefffffff);
+	&cmp	("esi",0);
+	&je	(&label("generic"));
+
+	&or	("edx",0x10000000);
+	&shr	("ebx",16);
+	&cmp	(&LB("ebx"),1);
+	&ja	(&label("generic"));
+	&and	("edx",0xefffffff);	# clear hyper-threading bit if not
+
+&set_label("generic");
+	&and	("ebp",1<<11);		# isolate AMD XOP flag
+	&and	("ecx",0xfffff7ff);	# force 11th bit to 0
+	&mov	("esi","edx");		# %ebp:%esi is copy of %ecx:%edx
+	&or	("ebp","ecx");		# merge AMD XOP flag
+
+	&cmp	("edi",7);
+	&mov	("edi",&wparam(0));
+	&jb	(&label("no_extended_info"));
+	&mov	("eax",7);
+	&xor	("ecx","ecx");
+	&cpuid	();
+	&mov	(&DWP(8,"edi"),"ebx");	# save extended feature flag
+&set_label("no_extended_info");
+
+	&bt	("ebp",27);		# check OSXSAVE bit
+	&jnc	(&label("clear_avx"));
+	&xor	("ecx","ecx");
+	&data_byte(0x0f,0x01,0xd0);	# xgetbv
+	&and	("eax",6);
+	&cmp	("eax",6);
+	&je	(&label("done"));
+	&cmp	("eax",2);
+	&je	(&label("clear_avx"));
+&set_label("clear_xmm");
+	&and	("ebp",0xfdfffffd);	# clear AESNI and PCLMULQDQ bits
+	&and	("esi",0xfeffffff);	# clear FXSR
+&set_label("clear_avx");
+	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
+	&and	(&DWP(8,"edi"),0xffffffdf);	# clear AVX2
+&set_label("done");
+	&mov	("eax","esi");
+	&mov	("edx","ebp");
+&set_label("nocpuid");
+&function_end("OPENSSL_ia32_cpuid");
+
+&external_label("OPENSSL_ia32cap_P");
+
+&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"ecx"),4);
+	&jnc	(&label("notsc"));
+	&rdtsc	();
+&set_label("notsc");
+	&ret	();
+&function_end_B("OPENSSL_rdtsc");
+
+# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+# but it's safe to call it on any [supported] 32-bit platform...
+# Just check for [non-]zero return value...
+&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"ecx"),4);
+	&jnc	(&label("nohalt"));	# no TSC
+
+	&data_word(0x9058900e);		# push %cs; pop %eax
+	&and	("eax",3);
+	&jnz	(&label("nohalt"));	# not enough privileges
+
+	&pushf	();
+	&pop	("eax");
+	&bt	("eax",9);
+	&jnc	(&label("nohalt"));	# interrupts are disabled
+
+	&rdtsc	();
+	&push	("edx");
+	&push	("eax");
+	&halt	();
+	&rdtsc	();
+
+	&sub	("eax",&DWP(0,"esp"));
+	&sbb	("edx",&DWP(4,"esp"));
+	&add	("esp",8);
+	&ret	();
+
+&set_label("nohalt");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&ret	();
+&function_end_B("OPENSSL_instrument_halt");
+
+# Essentially there is only one use for this function. Under DJGPP:
+#
+#	#include <go32.h>
+#	...
+#	i=OPENSSL_far_spin(_dos_ds,0x46c);
+#	...
+# to obtain the number of spins till closest timer interrupt.
+
+&function_begin_B("OPENSSL_far_spin");
+	&pushf	();
+	&pop	("eax");
+	&bt	("eax",9);
+	&jnc	(&label("nospin"));	# interrupts are disabled
+
+	&mov	("eax",&DWP(4,"esp"));
+	&mov	("ecx",&DWP(8,"esp"));
+	&data_word (0x90d88e1e);	# push %ds, mov %eax,%ds
+	&xor	("eax","eax");
+	&mov	("edx",&DWP(0,"ecx"));
+	&jmp	(&label("spin"));
+
+	&align	(16);
+&set_label("spin");
+	&inc	("eax");
+	&cmp	("edx",&DWP(0,"ecx"));
+	&je	(&label("spin"));
+
+	&data_word (0x1f909090);	# pop	%ds
+	&ret	();
+
+&set_label("nospin");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&ret	();
+&function_end_B("OPENSSL_far_spin");
+
+&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&picmeup("ecx","OPENSSL_ia32cap_P");
+	&mov	("ecx",&DWP(0,"ecx"));
+	&bt	(&DWP(0,"ecx"),1);
+	&jnc	(&label("no_x87"));
+	if ($sse2) {
+		&and	("ecx",1<<26|1<<24);	# check SSE2 and FXSR bits
+		&cmp	("ecx",1<<26|1<<24);
+		&jne	(&label("no_sse2"));
+		&pxor	("xmm0","xmm0");
+		&pxor	("xmm1","xmm1");
+		&pxor	("xmm2","xmm2");
+		&pxor	("xmm3","xmm3");
+		&pxor	("xmm4","xmm4");
+		&pxor	("xmm5","xmm5");
+		&pxor	("xmm6","xmm6");
+		&pxor	("xmm7","xmm7");
+	&set_label("no_sse2");
+	}
+	# just a bunch of fldz to zap the fp/mm bank followed by finit...
+	&data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b);
+&set_label("no_x87");
+	&lea	("eax",&DWP(4,"esp"));
+	&ret	();
+&function_end_B("OPENSSL_wipe_cpu");
+
+&function_begin_B("OPENSSL_atomic_add");
+	&mov	("edx",&DWP(4,"esp"));	# fetch the pointer, 1st arg
+	&mov	("ecx",&DWP(8,"esp"));	# fetch the increment, 2nd arg
+	&push	("ebx");
+	&nop	();
+	&mov	("eax",&DWP(0,"edx"));
+&set_label("spin");
+	&lea	("ebx",&DWP(0,"eax","ecx"));
+	&nop	();
+	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is involved and is always reloaded
+	&jne	(&label("spin"));
+	&mov	("eax","ebx");	# OpenSSL expects the new value
+	&pop	("ebx");
+	&ret	();
+&function_end_B("OPENSSL_atomic_add");
+
+# This function can become handy under Win32 in situations when
+# we don't know which calling convention, __stdcall or __cdecl(*),
+# indirect callee is using. In C it can be deployed as
+#
+#ifdef OPENSSL_CPUID_OBJ
+#	type OPENSSL_indirect_call(void *f,...);
+#	...
+#	OPENSSL_indirect_call(func,[up to $max arguments]);
+#endif
+#
+# (*)	it's designed to work even for __fastcall if number of
+#	arguments is 1 or 2!
+&function_begin_B("OPENSSL_indirect_call");
+	{
+	my ($max,$i)=(7,);	# $max has to be chosen as 4*n-1
+				# in order to preserve eventual
+				# stack alignment
+	&push	("ebp");
+	&mov	("ebp","esp");
+	&sub	("esp",$max*4);
+	&mov	("ecx",&DWP(12,"ebp"));
+	&mov	(&DWP(0,"esp"),"ecx");
+	&mov	("edx",&DWP(16,"ebp"));
+	&mov	(&DWP(4,"esp"),"edx");
+	for($i=2;$i<$max;$i++)
+		{
+		# Some copies will be redundant/bogus...
+		&mov	("eax",&DWP(12+$i*4,"ebp"));
+		&mov	(&DWP(0+$i*4,"esp"),"eax");
+		}
+	&call_ptr	(&DWP(8,"ebp"));# make the call...
+	&mov	("esp","ebp");	# ... and just restore the stack pointer
+				# without paying attention to what we called,
+				# (__cdecl *func) or (__stdcall *one).
+	&pop	("ebp");
+	&ret	();
+	}
+&function_end_B("OPENSSL_indirect_call");
+
+&function_begin_B("OPENSSL_cleanse");
+	&mov	("edx",&wparam(0));
+	&mov	("ecx",&wparam(1));
+	&xor	("eax","eax");
+	&cmp	("ecx",7);
+	&jae	(&label("lot"));
+	&cmp	("ecx",0);
+	&je	(&label("ret"));
+&set_label("little");
+	&mov	(&BP(0,"edx"),"al");
+	&sub	("ecx",1);
+	&lea	("edx",&DWP(1,"edx"));
+	&jnz	(&label("little"));
+&set_label("ret");
+	&ret	();
+
+&set_label("lot",16);
+	&test	("edx",3);
+	&jz	(&label("aligned"));
+	&mov	(&BP(0,"edx"),"al");
+	&lea	("ecx",&DWP(-1,"ecx"));
+	&lea	("edx",&DWP(1,"edx"));
+	&jmp	(&label("lot"));
+&set_label("aligned");
+	&mov	(&DWP(0,"edx"),"eax");
+	&lea	("ecx",&DWP(-4,"ecx"));
+	&test	("ecx",-4);
+	&lea	("edx",&DWP(4,"edx"));
+	&jnz	(&label("aligned"));
+	&cmp	("ecx",0);
+	&jne	(&label("little"));
+	&ret	();
+&function_end_B("OPENSSL_cleanse");
+
+&function_begin_B("CRYPTO_memcmp");
+	&push	("esi");
+	&push	("edi");
+	&mov	("esi",&wparam(0));
+	&mov	("edi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&xor	("eax","eax");
+	&xor	("edx","edx");
+	&cmp	("ecx",0);
+	&je	(&label("no_data"));
+&set_label("loop");
+	&mov	("dl",&BP(0,"esi"));
+	&lea	("esi",&DWP(1,"esi"));
+	&xor	("dl",&BP(0,"edi"));
+	&lea	("edi",&DWP(1,"edi"));
+	&or	("al","dl");
+	&dec	("ecx");
+	&jnz	(&label("loop"));
+	&neg	("eax");
+	&shr	("eax",31);
+&set_label("no_data");
+	&pop	("edi");
+	&pop	("esi");
+	&ret	();
+&function_end_B("CRYPTO_memcmp");
+{
+my $lasttick = "esi";
+my $lastdiff = "ebx";
+my $out = "edi";
+my $cnt = "ecx";
+my $max = "ebp";
+
+&function_begin("OPENSSL_instrument_bus");
+    &mov	("eax",0);
+    if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"edx"),4);
+	&jnc	(&label("nogo"));	# no TSC
+	&bt	(&DWP(0,"edx"),19);
+	&jnc	(&label("nogo"));	# no CLFLUSH
+
+	&mov	($out,&wparam(0));	# load arguments
+	&mov	($cnt,&wparam(1));
+
+	# collect 1st tick
+	&rdtsc	();
+	&mov	($lasttick,"eax");	# lasttick = tick
+	&mov	($lastdiff,0);		# lastdiff = 0
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),$lastdiff);
+	&jmp	(&label("loop"));
+
+&set_label("loop",16);
+	&rdtsc	();
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),"eax");	# accumulate diff
+	&lea	($out,&DWP(4,$out));	# ++$out
+	&sub	($cnt,1);		# --$cnt
+	&jnz	(&label("loop"));
+
+	&mov	("eax",&wparam(1));
+&set_label("nogo");
+    }
+&function_end("OPENSSL_instrument_bus");
+
+&function_begin("OPENSSL_instrument_bus2");
+    &mov	("eax",0);
+    if ($sse2) {
+	&picmeup("edx","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"edx"),4);
+	&jnc	(&label("nogo"));	# no TSC
+	&bt	(&DWP(0,"edx"),19);
+	&jnc	(&label("nogo"));	# no CLFLUSH
+
+	&mov	($out,&wparam(0));	# load arguments
+	&mov	($cnt,&wparam(1));
+	&mov	($max,&wparam(2));
+
+	&rdtsc	();			# collect 1st tick
+	&mov	($lasttick,"eax");	# lasttick = tick
+	&mov	($lastdiff,0);		# lastdiff = 0
+
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),$lastdiff);
+
+	&rdtsc	();			# collect 1st diff
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&jmp	(&label("loop2"));
+
+&set_label("loop2",16);
+	&clflush(&DWP(0,$out));
+	&data_byte(0xf0);		# lock
+	&add	(&DWP(0,$out),"eax");	# accumulate diff
+
+	&sub	($max,1);
+	&jz	(&label("done2"));
+
+	&rdtsc	();
+	&mov	("edx","eax");		# put aside tick (yes, I neglect edx)
+	&sub	("eax",$lasttick);	# diff
+	&mov	($lasttick,"edx");	# lasttick = tick
+	&cmp	("eax",$lastdiff);
+	&mov	($lastdiff,"eax");	# lastdiff = diff
+	&mov	("edx",0);
+	&setne	("dl");
+	&sub	($cnt,"edx");		# conditional --$cnt
+	&lea	($out,&DWP(0,$out,"edx",4));	# conditional ++$out
+	&jnz	(&label("loop2"));
+
+&set_label("done2");
+	&mov	("eax",&wparam(1));
+	&sub	("eax",$cnt);
+&set_label("nogo");
+    }
+&function_end("OPENSSL_instrument_bus2");
+}
+
+sub gen_random {
+my $rdop = shift;
+&function_begin_B("OPENSSL_ia32_${rdop}");
+	&mov	("ecx",8);
+&set_label("loop");
+	&${rdop}("eax");
+	&jc	(&label("break"));
+	&loop	(&label("loop"));
+&set_label("break");
+	&cmp	("eax",0);
+	&cmove	("eax","ecx");
+	&ret	();
+&function_end_B("OPENSSL_ia32_${rdop}");
+
+&function_begin_B("OPENSSL_ia32_${rdop}_bytes");
+	&push	("edi");
+	&push	("ebx");
+	&xor	("eax","eax");		# return value
+	&mov	("edi",&wparam(0));
+	&mov	("ebx",&wparam(1));
+
+	&cmp	("ebx",0);
+	&je	(&label("done"));
+
+	&mov	("ecx",8);
+&set_label("loop");
+	&${rdop}("edx");
+	&jc	(&label("break"));
+	&loop	(&label("loop"));
+	&jmp	(&label("done"));
+
+&set_label("break",16);
+	&cmp	("ebx",4);
+	&jb	(&label("tail"));
+	&mov	(&DWP(0,"edi"),"edx");
+	&lea	("edi",&DWP(4,"edi"));
+	&add	("eax",4);
+	&sub	("ebx",4);
+	&jz	(&label("done"));
+	&mov	("ecx",8);
+	&jmp	(&label("loop"));
+
+&set_label("tail",16);
+	&mov	(&BP(0,"edi"),"dl");
+	&lea	("edi",&DWP(1,"edi"));
+	&inc	("eax");
+	&shr	("edx",8);
+	&dec	("ebx");
+	&jnz	(&label("tail"));
+
+&set_label("done");
+	&pop	("ebx");
+	&pop	("edi");
+	&ret	();
+&function_end_B("OPENSSL_ia32_${rdop}_bytes");
+}
+&gen_random("rdrand");
+&gen_random("rdseed");
+
+&initseg("OPENSSL_cpuid_setup");
+
+&hidden("OPENSSL_cpuid_setup");
+&hidden("OPENSSL_ia32cap_P");
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/demos/README b/openssl-1.1.0h/demos/README
new file mode 100644
index 0000000..d2155ef
--- /dev/null
+++ b/openssl-1.1.0h/demos/README
@@ -0,0 +1,9 @@
+NOTE: Don't expect any of these programs to work with current
+OpenSSL releases, or even with later SSLeay releases.
+
+Original README:
+=============================================================================
+
+Some demo programs sent to me by various people
+
+eric
diff --git a/openssl-1.1.0h/demos/bio/Makefile b/openssl-1.1.0h/demos/bio/Makefile
new file mode 100644
index 0000000..493e8a5
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/Makefile
@@ -0,0 +1,30 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./server-arg
+#    LD_LIBRARY_PATH=../.. ./server-cmod
+#    LD_LIBRARY_PATH=../.. ./server-conf
+#    LD_LIBRARY_PATH=../.. ./client-arg
+#    LD_LIBRARY_PATH=../.. ./client-conf
+#    LD_LIBRARY_PATH=../.. ./saccept
+#    LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/openssl-1.1.0h/demos/bio/README b/openssl-1.1.0h/demos/bio/README
new file mode 100644
index 0000000..a36bb48
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/README
@@ -0,0 +1,7 @@
+This directory contains some simple examples of the use of BIO's
+to simplify socket programming.
+
+The client-conf, server-conf, client-arg and client-conf include examples
+of how to use the SSL_CONF API for configuration file or command line
+processing.
+
diff --git a/openssl-1.1.0h/demos/bio/accept.cnf b/openssl-1.1.0h/demos/bio/accept.cnf
new file mode 100644
index 0000000..eb69658
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/accept.cnf
@@ -0,0 +1,17 @@
+# Example configuration file
+# Port to listen on
+Port = 4433
+# Disable TLS v1.2 for test.
+# Protocol = ALL, -TLSv1.2
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
+Certificate=server.pem
+PrivateKey=server.pem
+ChainCAFile=root.pem
+VerifyCAFile=root.pem
+
+# Request certificate
+VerifyMode=Request
+ClientCAFile=root.pem
diff --git a/openssl-1.1.0h/demos/bio/client-arg.c b/openssl-1.1.0h/demos/bio/client-arg.c
new file mode 100644
index 0000000..e8d5e46
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/client-arg.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+int main(int argc, char **argv)
+{
+    BIO *sbio = NULL, *out = NULL;
+    int len;
+    char tmpbuf[1024];
+    SSL_CTX *ctx;
+    SSL_CONF_CTX *cctx;
+    SSL *ssl;
+    char **args = argv + 1;
+    const char *connect_str = "localhost:4433";
+    int nargs = argc - 1;
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    while (*args && **args == '-') {
+        int rv;
+        /* Parse standard arguments */
+        rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
+        if (rv == -3) {
+            fprintf(stderr, "Missing argument for %s\n", *args);
+            goto end;
+        }
+        if (rv < 0) {
+            fprintf(stderr, "Error in command %s\n", *args);
+            ERR_print_errors_fp(stderr);
+            goto end;
+        }
+        /* If rv > 0 we processed something so proceed to next arg */
+        if (rv > 0)
+            continue;
+        /* Otherwise application specific argument processing */
+        if (strcmp(*args, "-connect") == 0) {
+            connect_str = args[1];
+            if (connect_str == NULL) {
+                fprintf(stderr, "Missing -connect argument\n");
+                goto end;
+            }
+            args += 2;
+            nargs -= 2;
+            continue;
+        } else {
+            fprintf(stderr, "Unknown argument %s\n", *args);
+            goto end;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /*
+     * We'd normally set some stuff like the verify paths and * mode here
+     * because as things stand this will connect to * any server whose
+     * certificate is signed by any CA.
+     */
+
+    sbio = BIO_new_ssl_connect(ctx);
+
+    BIO_get_ssl(sbio, &ssl);
+
+    if (!ssl) {
+        fprintf(stderr, "Can't locate SSL pointer\n");
+        goto end;
+    }
+
+    /* Don't want any retries */
+    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+    /* We might want to do other things with ssl here */
+
+    BIO_set_conn_hostname(sbio, connect_str);
+
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (BIO_do_connect(sbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    if (BIO_do_handshake(sbio) <= 0) {
+        fprintf(stderr, "Error establishing SSL connection\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /* Could examine ssl here to get connection info */
+
+    BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+    for (;;) {
+        len = BIO_read(sbio, tmpbuf, 1024);
+        if (len <= 0)
+            break;
+        BIO_write(out, tmpbuf, len);
+    }
+ end:
+    SSL_CONF_CTX_free(cctx);
+    BIO_free_all(sbio);
+    BIO_free(out);
+    return 0;
+}
diff --git a/openssl-1.1.0h/demos/bio/client-conf.c b/openssl-1.1.0h/demos/bio/client-conf.c
new file mode 100644
index 0000000..e819030
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/client-conf.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char **argv)
+{
+    BIO *sbio = NULL, *out = NULL;
+    int i, len, rv;
+    char tmpbuf[1024];
+    SSL_CTX *ctx = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    SSL *ssl = NULL;
+    CONF *conf = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    CONF_VALUE *cnf;
+    const char *connect_str = "localhost:4433";
+    long errline = -1;
+
+    conf = NCONF_new(NULL);
+
+    if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
+        if (errline <= 0)
+            fprintf(stderr, "Error processing config file\n");
+        else
+            fprintf(stderr, "Error on line %ld\n", errline);
+        goto end;
+    }
+
+    sect = NCONF_get_section(conf, "default");
+
+    if (sect == NULL) {
+        fprintf(stderr, "Error retrieving default section\n");
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+        cnf = sk_CONF_VALUE_value(sect, i);
+        rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
+        if (rv > 0)
+            continue;
+        if (rv != -2) {
+            fprintf(stderr, "Error processing %s = %s\n",
+                    cnf->name, cnf->value);
+            ERR_print_errors_fp(stderr);
+            goto end;
+        }
+        if (strcmp(cnf->name, "Connect") == 0) {
+            connect_str = cnf->value;
+        } else {
+            fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
+            goto end;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /*
+     * We'd normally set some stuff like the verify paths and * mode here
+     * because as things stand this will connect to * any server whose
+     * certificate is signed by any CA.
+     */
+
+    sbio = BIO_new_ssl_connect(ctx);
+
+    BIO_get_ssl(sbio, &ssl);
+
+    if (!ssl) {
+        fprintf(stderr, "Can't locate SSL pointer\n");
+        goto end;
+    }
+
+    /* Don't want any retries */
+    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+    /* We might want to do other things with ssl here */
+
+    BIO_set_conn_hostname(sbio, connect_str);
+
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (BIO_do_connect(sbio) <= 0) {
+        fprintf(stderr, "Error connecting to server\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    if (BIO_do_handshake(sbio) <= 0) {
+        fprintf(stderr, "Error establishing SSL connection\n");
+        ERR_print_errors_fp(stderr);
+        goto end;
+    }
+
+    /* Could examine ssl here to get connection info */
+
+    BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+    for (;;) {
+        len = BIO_read(sbio, tmpbuf, 1024);
+        if (len <= 0)
+            break;
+        BIO_write(out, tmpbuf, len);
+    }
+ end:
+    SSL_CONF_CTX_free(cctx);
+    BIO_free_all(sbio);
+    BIO_free(out);
+    NCONF_free(conf);
+    return 0;
+}
diff --git a/openssl-1.1.0h/demos/bio/cmod.cnf b/openssl-1.1.0h/demos/bio/cmod.cnf
new file mode 100644
index 0000000..39ac54e
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/cmod.cnf
@@ -0,0 +1,24 @@
+# Example config module configuration
+
+# Name supplied by application to CONF_modules_load_file
+# and section containing configuration
+testapp = test_sect
+
+[test_sect]
+# list of configuration modules
+
+# SSL configuration module
+ssl_conf = ssl_sect
+
+[ssl_sect]
+# list of SSL configurations
+server = server_sect
+
+[server_sect]
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+# Certificates and keys
+RSA.Certificate=server.pem
+ECDSA.Certificate=server-ec.pem
diff --git a/openssl-1.1.0h/demos/bio/connect.cnf b/openssl-1.1.0h/demos/bio/connect.cnf
new file mode 100644
index 0000000..4dee03c
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/connect.cnf
@@ -0,0 +1,9 @@
+# Example configuration file
+# Connects to the default port of s_server
+Connect = localhost:4433
+# Disable TLS v1.2 for test.
+# Protocol = ALL, -TLSv1.2
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
diff --git a/openssl-1.1.0h/demos/bio/descrip.mms b/openssl-1.1.0h/demos/bio/descrip.mms
new file mode 100644
index 0000000..8e127b0
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/descrip.mms
@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+	IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+	IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+	DEASSIGN OPT
+
+.DEFAULT :
+	@ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe : 
+	$(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+      server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c
diff --git a/openssl-1.1.0h/demos/bio/intca.pem b/openssl-1.1.0h/demos/bio/intca.pem
new file mode 100644
index 0000000..3551ea9
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/intca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/demos/bio/root.pem b/openssl-1.1.0h/demos/bio/root.pem
new file mode 100644
index 0000000..3bd0e9b
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/root.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
+vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
+q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
+juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
+R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
+77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
+AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
+FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn
+wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI
+/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G
+Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN
+T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz
+9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/demos/bio/saccept.c b/openssl-1.1.0h/demos/bio/saccept.c
new file mode 100644
index 0000000..66c5c61
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/saccept.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * A minimal program to serve an SSL connection.
+ * It uses blocking.
+ * saccept host:port
+ * host is the interface IP to use.  If any interface, use *:port
+ * The default it *:4433
+ *
+ * cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#define CERT_FILE       "server.pem"
+
+static int done = 0;
+
+void interrupt(int sig)
+{
+    done = 1;
+}
+
+void sigsetup(void)
+{
+    struct sigaction sa;
+
+    /*
+     * Catch at most once, and don't restart the accept system call.
+     */
+    sa.sa_flags = SA_RESETHAND;
+    sa.sa_handler = interrupt;
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGINT, &sa, NULL);
+}
+
+int main(int argc, char *argv[])
+{
+    char *port = NULL;
+    BIO *in = NULL;
+    BIO *ssl_bio, *tmp;
+    SSL_CTX *ctx;
+    char buf[512];
+    int ret = 1, i;
+
+    if (argc <= 1)
+        port = "*:4433";
+    else
+        port = argv[1];
+
+    ctx = SSL_CTX_new(TLS_server_method());
+    if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
+        goto err;
+    if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
+        goto err;
+    if (!SSL_CTX_check_private_key(ctx))
+        goto err;
+
+    /* Setup server side SSL bio */
+    ssl_bio = BIO_new_ssl(ctx, 0);
+
+    if ((in = BIO_new_accept(port)) == NULL)
+        goto err;
+
+    /*
+     * This means that when a new connection is accepted on 'in', The ssl_bio
+     * will be 'duplicated' and have the new socket BIO push into it.
+     * Basically it means the SSL BIO will be automatically setup
+     */
+    BIO_set_accept_bios(in, ssl_bio);
+
+    /* Arrange to leave server loop on interrupt */
+    sigsetup();
+
+ again:
+    /*
+     * The first call will setup the accept socket, and the second will get a
+     * socket.  In this loop, the first actual accept will occur in the
+     * BIO_read() function.
+     */
+
+    if (BIO_do_accept(in) <= 0)
+        goto err;
+
+    while (!done) {
+        i = BIO_read(in, buf, 512);
+        if (i == 0) {
+            /*
+             * If we have finished, remove the underlying BIO stack so the
+             * next time we call any function for this BIO, it will attempt
+             * to do an accept
+             */
+            printf("Done\n");
+            tmp = BIO_pop(in);
+            BIO_free_all(tmp);
+            goto again;
+        }
+        if (i < 0)
+            goto err;
+        fwrite(buf, 1, i, stdout);
+        fflush(stdout);
+    }
+
+    ret = 0;
+ err:
+    if (ret) {
+        ERR_print_errors_fp(stderr);
+    }
+    BIO_free(in);
+    exit(ret);
+    return (!ret);
+}
diff --git a/openssl-1.1.0h/demos/bio/sconnect.c b/openssl-1.1.0h/demos/bio/sconnect.c
new file mode 100644
index 0000000..664a1e0
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/sconnect.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * A minimal program to do SSL to a passed host and port.
+ * It is actually using non-blocking IO but in a very simple manner
+ * sconnect host:port - it does a 'GET / HTTP/1.0'
+ *
+ * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#define HOSTPORT "localhost:4433"
+#define CAFILE "root.pem"
+
+extern int errno;
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+    const char *hostport = HOSTPORT;
+    const char *CAfile = CAFILE;
+    char *hostname;
+    char *cp;
+    BIO *out = NULL;
+    char buf[1024 * 10], *p;
+    SSL_CTX *ssl_ctx = NULL;
+    SSL *ssl;
+    BIO *ssl_bio;
+    int i, len, off, ret = 1;
+
+    if (argc > 1)
+        hostport = argv[1];
+    if (argc > 2)
+        CAfile = argv[2];
+
+    hostname = OPENSSL_strdup(hostport);
+    if ((cp = strchr(hostname, ':')) != NULL)
+        *cp = 0;
+
+#ifdef WATT32
+    dbug_init();
+    sock_init();
+#endif
+
+    ssl_ctx = SSL_CTX_new(TLS_client_method());
+
+    /* Enable trust chain verification */
+    SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+    SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
+
+    /* Lets make a SSL structure */
+    ssl = SSL_new(ssl_ctx);
+    SSL_set_connect_state(ssl);
+
+    /* Enable peername verification */
+    if (SSL_set1_host(ssl, hostname) <= 0)
+        goto err;
+
+    /* Use it inside an SSL BIO */
+    ssl_bio = BIO_new(BIO_f_ssl());
+    BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
+
+    /* Lets use a connect BIO under the SSL BIO */
+    out = BIO_new(BIO_s_connect());
+    BIO_set_conn_hostname(out, hostport);
+    BIO_set_nbio(out, 1);
+    out = BIO_push(ssl_bio, out);
+
+    p = "GET / HTTP/1.0\r\n\r\n";
+    len = strlen(p);
+
+    off = 0;
+    for (;;) {
+        i = BIO_write(out, &(p[off]), len);
+        if (i <= 0) {
+            if (BIO_should_retry(out)) {
+                fprintf(stderr, "write DELAY\n");
+                sleep(1);
+                continue;
+            } else {
+                goto err;
+            }
+        }
+        off += i;
+        len -= i;
+        if (len <= 0)
+            break;
+    }
+
+    for (;;) {
+        i = BIO_read(out, buf, sizeof(buf));
+        if (i == 0)
+            break;
+        if (i < 0) {
+            if (BIO_should_retry(out)) {
+                fprintf(stderr, "read DELAY\n");
+                sleep(1);
+                continue;
+            }
+            goto err;
+        }
+        fwrite(buf, 1, i, stdout);
+    }
+
+    ret = 1;
+    goto done;
+
+ err:
+    if (ERR_peek_error() == 0) { /* system call error */
+        fprintf(stderr, "errno=%d ", errno);
+        perror("error");
+    } else
+        ERR_print_errors_fp(stderr);
+ done:
+    BIO_free_all(out);
+    SSL_CTX_free(ssl_ctx);
+    return (ret == 1);
+}
diff --git a/openssl-1.1.0h/demos/bio/server-arg.c b/openssl-1.1.0h/demos/bio/server-arg.c
new file mode 100644
index 0000000..6056969
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/server-arg.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A minimal program to serve an SSL connection. It uses blocking. It use the
+ * SSL_CONF API with the command line. cc -I../../include server-arg.c
+ * -L../.. -lssl -lcrypto -ldl
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+int main(int argc, char *argv[])
+{
+    char *port = "*:4433";
+    BIO *ssl_bio, *tmp;
+    SSL_CTX *ctx;
+    SSL_CONF_CTX *cctx;
+    char buf[512];
+    BIO *in = NULL;
+    int ret = 1, i;
+    char **args = argv + 1;
+    int nargs = argc - 1;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    while (*args && **args == '-') {
+        int rv;
+        /* Parse standard arguments */
+        rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
+        if (rv == -3) {
+            fprintf(stderr, "Missing argument for %s\n", *args);
+            goto err;
+        }
+        if (rv < 0) {
+            fprintf(stderr, "Error in command %s\n", *args);
+            ERR_print_errors_fp(stderr);
+            goto err;
+        }
+        /* If rv > 0 we processed something so proceed to next arg */
+        if (rv > 0)
+            continue;
+        /* Otherwise application specific argument processing */
+        if (strcmp(*args, "-port") == 0) {
+            port = args[1];
+            if (port == NULL) {
+                fprintf(stderr, "Missing -port argument\n");
+                goto err;
+            }
+            args += 2;
+            nargs -= 2;
+            continue;
+        } else {
+            fprintf(stderr, "Unknown argument %s\n", *args);
+            goto err;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto err;
+    }
+#ifdef ITERATE_CERTS
+    /*
+     * Demo of how to iterate over all certificates in an SSL_CTX structure.
+     */
+    {
+        X509 *x;
+        int rv;
+        rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
+        while (rv) {
+            X509 *x = SSL_CTX_get0_certificate(ctx);
+            X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,
+                                  XN_FLAG_ONELINE);
+            printf("\n");
+            rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
+        }
+        fflush(stdout);
+    }
+#endif
+    /* Setup server side SSL bio */
+    ssl_bio = BIO_new_ssl(ctx, 0);
+
+    if ((in = BIO_new_accept(port)) == NULL)
+        goto err;
+
+    /*
+     * This means that when a new connection is accepted on 'in', The ssl_bio
+     * will be 'duplicated' and have the new socket BIO push into it.
+     * Basically it means the SSL BIO will be automatically setup
+     */
+    BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+    /*
+     * The first call will setup the accept socket, and the second will get a
+     * socket.  In this loop, the first actual accept will occur in the
+     * BIO_read() function.
+     */
+
+    if (BIO_do_accept(in) <= 0)
+        goto err;
+
+    for (;;) {
+        i = BIO_read(in, buf, 512);
+        if (i == 0) {
+            /*
+             * If we have finished, remove the underlying BIO stack so the
+             * next time we call any function for this BIO, it will attempt
+             * to do an accept
+             */
+            printf("Done\n");
+            tmp = BIO_pop(in);
+            BIO_free_all(tmp);
+            goto again;
+        }
+        if (i < 0)
+            goto err;
+        fwrite(buf, 1, i, stdout);
+        fflush(stdout);
+    }
+
+    ret = 0;
+ err:
+    if (ret) {
+        ERR_print_errors_fp(stderr);
+    }
+    BIO_free(in);
+    exit(ret);
+    return (!ret);
+}
diff --git a/openssl-1.1.0h/demos/bio/server-cmod.c b/openssl-1.1.0h/demos/bio/server-cmod.c
new file mode 100644
index 0000000..9cb2463
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/server-cmod.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A minimal TLS server it ses SSL_CTX_config and a configuration file to
+ * set most server parameters.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char *argv[])
+{
+    unsigned char buf[512];
+    char *port = "*:4433";
+    BIO *in = NULL;
+    BIO *ssl_bio, *tmp;
+    SSL_CTX *ctx;
+    int ret = 1, i;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+
+    if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
+        fprintf(stderr, "Error processing config file\n");
+        goto err;
+    }
+
+    if (SSL_CTX_config(ctx, "server") == 0) {
+        fprintf(stderr, "Error configuring server.\n");
+        goto err;
+    }
+
+    /* Setup server side SSL bio */
+    ssl_bio = BIO_new_ssl(ctx, 0);
+
+    if ((in = BIO_new_accept(port)) == NULL)
+        goto err;
+
+    /*
+     * This means that when a new connection is accepted on 'in', The ssl_bio
+     * will be 'duplicated' and have the new socket BIO push into it.
+     * Basically it means the SSL BIO will be automatically setup
+     */
+    BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+    /*
+     * The first call will setup the accept socket, and the second will get a
+     * socket.  In this loop, the first actual accept will occur in the
+     * BIO_read() function.
+     */
+
+    if (BIO_do_accept(in) <= 0)
+        goto err;
+
+    for (;;) {
+        i = BIO_read(in, buf, sizeof(buf));
+        if (i == 0) {
+            /*
+             * If we have finished, remove the underlying BIO stack so the
+             * next time we call any function for this BIO, it will attempt
+             * to do an accept
+             */
+            printf("Done\n");
+            tmp = BIO_pop(in);
+            BIO_free_all(tmp);
+            goto again;
+        }
+        if (i < 0) {
+            if (BIO_should_retry(in))
+                continue;
+            goto err;
+        }
+        fwrite(buf, 1, i, stdout);
+        fflush(stdout);
+    }
+
+    ret = 0;
+ err:
+    if (ret) {
+        ERR_print_errors_fp(stderr);
+    }
+    BIO_free(in);
+    exit(ret);
+    return (!ret);
+}
diff --git a/openssl-1.1.0h/demos/bio/server-conf.c b/openssl-1.1.0h/demos/bio/server-conf.c
new file mode 100644
index 0000000..41b1308
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/server-conf.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A minimal program to serve an SSL connection. It uses blocking. It uses
+ * the SSL_CONF API with a configuration file. cc -I../../include saccept.c
+ * -L../.. -lssl -lcrypto -ldl
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char *argv[])
+{
+    char *port = "*:4433";
+    BIO *in = NULL;
+    BIO *ssl_bio, *tmp;
+    SSL_CTX *ctx;
+    SSL_CONF_CTX *cctx = NULL;
+    CONF *conf = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    CONF_VALUE *cnf;
+    long errline = -1;
+    char buf[512];
+    int ret = 1, i;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+
+    conf = NCONF_new(NULL);
+
+    if (NCONF_load(conf, "accept.cnf", &errline) <= 0) {
+        if (errline <= 0)
+            fprintf(stderr, "Error processing config file\n");
+        else
+            fprintf(stderr, "Error on line %ld\n", errline);
+        goto err;
+    }
+
+    sect = NCONF_get_section(conf, "default");
+
+    if (sect == NULL) {
+        fprintf(stderr, "Error retrieving default section\n");
+        goto err;
+    }
+
+    cctx = SSL_CONF_CTX_new();
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+        int rv;
+        cnf = sk_CONF_VALUE_value(sect, i);
+        rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
+        if (rv > 0)
+            continue;
+        if (rv != -2) {
+            fprintf(stderr, "Error processing %s = %s\n",
+                    cnf->name, cnf->value);
+            ERR_print_errors_fp(stderr);
+            goto err;
+        }
+        if (strcmp(cnf->name, "Port") == 0) {
+            port = cnf->value;
+        } else {
+            fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
+            goto err;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        fprintf(stderr, "Finish error\n");
+        ERR_print_errors_fp(stderr);
+        goto err;
+    }
+
+    /* Setup server side SSL bio */
+    ssl_bio = BIO_new_ssl(ctx, 0);
+
+    if ((in = BIO_new_accept(port)) == NULL)
+        goto err;
+
+    /*
+     * This means that when a new connection is accepted on 'in', The ssl_bio
+     * will be 'duplicated' and have the new socket BIO push into it.
+     * Basically it means the SSL BIO will be automatically setup
+     */
+    BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+    /*
+     * The first call will setup the accept socket, and the second will get a
+     * socket.  In this loop, the first actual accept will occur in the
+     * BIO_read() function.
+     */
+
+    if (BIO_do_accept(in) <= 0)
+        goto err;
+
+    for (;;) {
+        i = BIO_read(in, buf, 512);
+        if (i == 0) {
+            /*
+             * If we have finished, remove the underlying BIO stack so the
+             * next time we call any function for this BIO, it will attempt
+             * to do an accept
+             */
+            printf("Done\n");
+            tmp = BIO_pop(in);
+            BIO_free_all(tmp);
+            goto again;
+        }
+        if (i < 0) {
+            if (BIO_should_retry(in))
+                continue;
+            goto err;
+        }
+        fwrite(buf, 1, i, stdout);
+        fflush(stdout);
+    }
+
+    ret = 0;
+ err:
+    if (ret) {
+        ERR_print_errors_fp(stderr);
+    }
+    BIO_free(in);
+    exit(ret);
+    return (!ret);
+}
diff --git a/openssl-1.1.0h/demos/bio/server-ec.pem b/openssl-1.1.0h/demos/bio/server-ec.pem
new file mode 100644
index 0000000..a13fdc7
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/server-ec.pem
@@ -0,0 +1,17 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN
+lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn
+KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM
+FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x
+NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE
+U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg
+BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ
+lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5
+gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm
+fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse
+VktDYjE=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/demos/bio/server.pem b/openssl-1.1.0h/demos/bio/server.pem
new file mode 100644
index 0000000..8a4a51f
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/server.pem
@@ -0,0 +1,77 @@
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+-----BEGIN CERTIFICATE-----
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW
+MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS
+UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD
+QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC
+VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H
+IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g
+3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/
++qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O
+EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi
+Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu
+/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj
+eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2
+w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R
+sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN
+Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr
+hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K
+FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ
+rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox
++ybAZO8hxL6/I08/GQ==
+-----END CERTIFICATE-----
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
+h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
+tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
+D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
+uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
+qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
+zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
+r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
+AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
+5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
+W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
+674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
+utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
+BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
+4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
+WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
+bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
+6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
+4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
+WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
+n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
+JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
+OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/bio/shared.opt b/openssl-1.1.0h/demos/bio/shared.opt
new file mode 100644
index 0000000..4141b93
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/shared.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE
diff --git a/openssl-1.1.0h/demos/bio/static.opt b/openssl-1.1.0h/demos/bio/static.opt
new file mode 100644
index 0000000..9ca1588
--- /dev/null
+++ b/openssl-1.1.0h/demos/bio/static.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB
diff --git a/openssl-1.1.0h/demos/certs/README b/openssl-1.1.0h/demos/certs/README
new file mode 100644
index 0000000..126663a
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/README
@@ -0,0 +1,21 @@
+There is often a need to generate test certificates automatically using
+a script. This is often a cause for confusion which can result in incorrect
+CA certificates, obsolete V1 certificates or duplicate serial numbers.
+The range of command line options can be daunting for a beginner.
+
+The mkcerts.sh script is an example of how to generate certificates
+automatically using scripts. Example creates a root CA, an intermediate CA
+signed by the root and several certificates signed by the intermediate CA.
+
+The script then creates an empty index.txt file and adds entries for the
+certificates and generates a CRL. Then one certificate is revoked and a 
+second CRL generated.
+
+The script ocsprun.sh runs the test responder on port 8888 covering the
+client certificates.
+
+The script ocspquery.sh queries the status of the certificates using the
+test responder.
+
+
+
diff --git a/openssl-1.1.0h/demos/certs/apps/apps.cnf b/openssl-1.1.0h/demos/certs/apps/apps.cnf
new file mode 100644
index 0000000..531afe6
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/apps.cnf
@@ -0,0 +1,69 @@
+#
+# OpenSSL configuration file to create apps directory certificates
+#
+
+# This definition stops the following lines choking if HOME or CN
+# is undefined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+CN			= "Not Defined"
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+# Don't prompt for fields: use those in section directly
+prompt			= no
+distinguished_name	= req_distinguished_name
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= UK
+
+organizationName		= OpenSSL Group
+organizationalUnitName		= FOR TESTING PURPOSES ONLY
+# Take CN from environment so it can come from a script.
+commonName			= $ENV::CN
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+[ ec_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = critical,CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
+
diff --git a/openssl-1.1.0h/demos/certs/apps/ckey.pem b/openssl-1.1.0h/demos/certs/apps/ckey.pem
new file mode 100644
index 0000000..8e9054d
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/ckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
+wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
+agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
+mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
+MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
+HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
+p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
+KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
+1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
+L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
+LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
+Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
+/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
+1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
+1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
+NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
+zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
+mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
+5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
+u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
+HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
+tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
+SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
+kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
+1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/certs/apps/intkey.pem b/openssl-1.1.0h/demos/certs/apps/intkey.pem
new file mode 100644
index 0000000..d586cb7
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/intkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsErw75CmLYD6pkrGW/YhAl/K8L5wJYxDjqu2FghxjD8K308W
+3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VLIdurBEAIEUdbzx0so74FPawgz5EW2CTq
+oJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJGNXND2ip0TcyTSPLROXOyQakcVfIGJmd
+Sa1wHKi+c2gMA4emADudZUOYLrg80gr2ldePm07ynbVsKKzCcStw8MdmoW9Qt3fL
+nPJn2TFUUBNWj+4kvL+88edWCVQXKNdsysD/CDrH4W/hjyPDStVsM6XpiNU0+L2Z
+Y6fcj3OP8d0goOx45xotMn9m8hNkCGsrVXx9IwIDAQABAoIBACg3wIV2o2KIJSZg
+sqXyHY+0GNEZMO5v9E2NAMo//N941lshaN6wrww5FbK39qH9yNylfxmFLe6sgJhA
+fLZprbcXgH+onto+Fpv4UqvCI+4WdHa03U3sJ+70SvxzSy1Gtrbc8FUPJl7qgrFf
+Nn5S8CgOwYb4J6KPguTh5G3Z9RPiCKObwOwEM34hrZUlgPS88wmzu9H6L2GM8A1v
+YBtEr0msBnlJBJOgStyUEfHW2KspNQ+VllQ6c0cedgFXUpl9EoKTLxP+WXwFI1sx
+jFCFzSrMqPcPz1PxU6bXoZE0WH6r+3c8WAW4xR/HVu04BrBDu0CGwn6zAXDy6wCU
+pWogDlkCgYEA4o+nIu2CTzqUlgc22pj+hjenfS5lnCtJfAdrXOJHmnuL+J9h8Nzz
+9kkL+/Y0Xg9bOM6xXPm+81UNpDvOLbUahSSQsfB+LNVEkthJIL4XIk083LsHjFaJ
+9SiCFRbf2OgWrEhe/c1drySwz9u/0f4Q7B6VGqxMnTDjzS5JacZ1pE8CgYEAxzMn
+/n/Dpdn+c4rf14BRNKCv1qBXngPNylKJCmiRpKRJAn+B+Msdwtggk/1Ihju21wSo
+IGy0Gw7WQd1Iq7V85cB2G5PAFY6ybpSV6G3QrzmzuvjHmKvXgUAuuaN+7Pp1YkMY
+rLVjUOcdP5JbXG6XnaCkHYJR8uapPwWPkDt+oO0CgYBI4yZGGlr92j7LNW70TJw1
+2dnMcAzIfTSa7lgf/bxDetPBHKWJs8vYxA9S9BZM3Gvgjr6IxuAjsI0+9O6TzdvG
+UckrNc+h5Mq241ZDbmRK6MZXzOPUxlKDyJBw8Hb7dU82BeJpjJRDMG6hsHS5vh77
+l6sodZ4ARCZFcEq1+N8ICQKBgDeBHJLAXO6YmFrvhkGQ4o+senJuSRuhabUHXGIH
+ExXyJNnKV5fQWOGSwTkbKRsmBmNRS9uFDoY/kxnVI8ucjUmjYAV9HNek5DkFs+OI
+vc4lYNwnN85li23bSWm2kcZMX2ra0URGYn8HdtHg4Q4XTq3ANhp21oi9FsmVrhP9
+T+JdAoGBAK2ebwZ7CXFavDFo4mzLKkGitBjrSi/udFhZECXZWEbNzWlVc3Y3q0cU
+drDqUtbVm+/Xb5CMU044Gqq6SKdObAb3JElKmFylFL9fp2rfL/foUr2sdb87Vqdp
+2j5jZyvt1DKnNaJ7JaFbUdRxlvHQRiqKlZpafN/SMQ0jCs1bSgCg
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/certs/apps/mkacerts.sh b/openssl-1.1.0h/demos/certs/apps/mkacerts.sh
new file mode 100644
index 0000000..7098496
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/mkacerts.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# Recreate the demo certificates in the apps directory.
+
+OPENSSL=openssl
+
+# Root CA: create certificate directly
+CN="OpenSSL Test Root CA" $OPENSSL req -config apps.cnf -x509 -nodes \
+	-keyout root.pem -out root.pem -key rootkey.pem -new -days 3650
+# Intermediate CA: request first
+CN="OpenSSL Test Intermediate CA" $OPENSSL req -config apps.cnf -nodes \
+	-key intkey.pem -out intreq.pem -new
+# Sign request: CA extensions
+$OPENSSL x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \
+	-extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem
+# Client certificate: request first
+CN="Test Client Cert" $OPENSSL req -config apps.cnf -nodes \
+	-key ckey.pem -out creq.pem -new
+# Sign using intermediate CA
+$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
+	$OPENSSL x509 -nameopt oneline -subject -issuer >client.pem
+# Server certificate: request first
+CN="Test Server Cert" $OPENSSL req -config apps.cnf -nodes \
+	-key skey.pem -out sreq.pem -new
+# Sign using intermediate CA
+$OPENSSL x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
+	$OPENSSL x509 -nameopt oneline -subject -issuer >server.pem
+# Server certificate #2: request first
+CN="Test Server Cert #2" $OPENSSL req -config apps.cnf -nodes \
+	-key skey2.pem -out sreq2.pem -new
+# Sign using intermediate CA
+$OPENSSL x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
+	$OPENSSL x509 -nameopt oneline -subject -issuer >server2.pem
+
+# Append keys to file.
+
+cat skey.pem >>server.pem
+cat skey2.pem >>server2.pem
+cat ckey.pem >>client.pem
+
+$OPENSSL verify -CAfile root.pem -untrusted intca.pem \
+				server2.pem server.pem client.pem
diff --git a/openssl-1.1.0h/demos/certs/apps/mkxcerts.sh b/openssl-1.1.0h/demos/certs/apps/mkxcerts.sh
new file mode 100644
index 0000000..0f88a48
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/mkxcerts.sh
@@ -0,0 +1,29 @@
+
+# Create certificates using various algorithms to test multi-certificate
+# functionality.
+
+OPENSSL=../../../apps/openssl
+CN="OpenSSL Test RSA SHA-1 cert" $OPENSSL req \
+	-config apps.cnf -extensions usr_cert -x509 -nodes \
+	-keyout tsha1.pem -out tsha1.pem -new -days 3650 -sha1
+CN="OpenSSL Test RSA SHA-256 cert" $OPENSSL req \
+	-config apps.cnf -extensions usr_cert -x509 -nodes \
+	-keyout tsha256.pem -out tsha256.pem -new -days 3650 -sha256
+CN="OpenSSL Test RSA SHA-512 cert" $OPENSSL req \
+	-config apps.cnf -extensions usr_cert -x509 -nodes \
+	-keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512
+
+# Create EC parameters 
+
+$OPENSSL ecparam -name P-256 -out ecp256.pem
+$OPENSSL ecparam -name P-384 -out ecp384.pem
+
+CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \
+	-config apps.cnf -extensions ec_cert -x509 -nodes \
+	-nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \
+	-days 3650 -sha256
+
+CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \
+	-config apps.cnf -extensions ec_cert -x509 -nodes \
+	-nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \
+	-days 3650 -sha384
diff --git a/openssl-1.1.0h/demos/certs/apps/rootkey.pem b/openssl-1.1.0h/demos/certs/apps/rootkey.pem
new file mode 100644
index 0000000..2600aab
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/rootkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA0xpquKAoY6trkxz8uuE6RyYfMOy+Rgvt19pqG3x8sEpFNjDN
+IG873HniShNaOrseRtrGRgCDcecNOQ0LLOQYo10zz0er8+0YgUWVx5Ag5q3cqN3T
+kjDc+0sRZMONPoUwD0ySOT9dumbJypEjA0q2AgKgWwaO4ilzg/fWTEruLeuL4meX
+K9WZFmMnGuF4kHSocZeKWs5UM86WIOf/+NdtzLNd6a5HwqAB5Azggiz2Ngck6Aet
+Mi0inBr3A1MSn0oIaQ7rGvbQ2QrIOnpdHJ36GadQHuvvtZOm28o8UVONMMWoS1yJ
+/1TaRWQJ+faZJE7yegJtUf75+5HwsxaUP32C3wIDAQABAoIBAQCEybEnwVamm0Vn
+nGw9AT+vUYN9Ou3VEdviUzk7YOrt2Un/9GKTbGSzItf80H+JQfqhhywBDIGiPDxN
+Dq9g5Xm6CP51/BdlsFYhuqukhDyt3d9XOXHEG4hlaarfP0KxeQXqGbhA2mMSxWVZ
+TkI/59blHNHRcCagjIJlGJhsFRYNO1/ApfA5zN7fWCFvH1XWZhuvsPDgUXKm4BS0
+p3ol67MVJHRfYcLb/txBO5rBhSXinK0jEBiljRcE0rWzRycSedmDgG3SNV17wvA0
+UWgMNpPcJ1b7Satr0nM7A8+siV8FRcfvPqCuGPKCYTrNn71hGJEhKXKwlURj9+95
+O5yzRxjBAoGBAPtTRYN40/piRB0XLpi+zNh+4Ba4TGfXSymbaozgC/pI5wfgGXrz
+IpT9ujjV42r8TABHvXa6uiGm0cbxcUgq2n6Y8rf6iHxmn23ezCEBUs7rd6jtt11b
+m58T8o0XWyOgAovaH0UgzMtrlsZYR2fli5254oRkTWwaUTuO38z6CVddAoGBANcH
+nvdu3RniIYStsr5/deu7l81ZQ9rSiR1m3H6Wy8ryMIfkYfa0WqXhwNHrLrhvhLIQ
+7mGnJ+jAkJyVQULE6UdbmVW8tC58Dfrgz/1s7RMeUYPnOmRpx79c/LqZ2IunfFWx
+IvBvFu7vidEHA+1tU2N+oXNsU+B9XpfsJ+/d2QtrAoGBAJTuP58tFtClMp/agO5b
+AqC4bqqIBB704cGCK53XlsF2OhHcprzJH5ES2iub8+wOHit8V7Xn6SzP4jf2E58k
+Zd3nXM3RVNgDKC6/fE+CrUOZHYupcqOMCag29eDOGl/+DgQ5+ZXJXhKdaveWkJns
+2NNat/SkS4zn+4NDozOgZ7CxAoGBAIuXjfJRTUXNUDci0APtGO9U1AJiLbOzs4Gb
+0g539IqmWS0O7S3L/YDsolFkXOsssjcq2KYabsUhpX+RQVGIJWzGoS9QlqQKssSo
+Bz4c5Xbg2shHZtfi9+JaClNVJofazdOPcAAoDfpFFPHWnQ0YSOcxQLx+maEFok/7
+5h1IputLAoGBAKGBWDPwskgRRfCAIFpCJLOu/9D30M/akMtO0kJYQpBjOaKuigUy
+ic7pthFVse/pMUljXHAd1hs2CTjMW1ukEusU3x1Ei6wvnHHqn0Hs+6D5NQFQkcMn
+7rejJ+bpJPRAn40AAV5hGBYI12XycB8ZgyPC4hTUK6unGVK06DC4qvdv
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/certs/apps/skey.pem b/openssl-1.1.0h/demos/certs/apps/skey.pem
new file mode 100644
index 0000000..dbd403d
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/skey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
+h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
+tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
+D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
+uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
+qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
+zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
+r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
+AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
+5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
+W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
+674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
+utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
+BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
+4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
+WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
+bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
+6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
+4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
+WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
+n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
+JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
+OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/certs/apps/skey2.pem b/openssl-1.1.0h/demos/certs/apps/skey2.pem
new file mode 100644
index 0000000..7853822
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/apps/skey2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
+UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
+2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
+92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
+DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
+KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
+x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
+DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
+F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
+rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
++znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
+Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
+E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
+Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
+8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
+rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
+bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
+5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
+3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
+5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
+5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
+38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
+z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
+kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
+NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/certs/ca.cnf b/openssl-1.1.0h/demos/certs/ca.cnf
new file mode 100644
index 0000000..5a8a5f2
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/ca.cnf
@@ -0,0 +1,86 @@
+#
+# OpenSSL example configuration file for automated certificate creation.
+#
+
+# This definition stops the following lines choking if HOME or CN
+# is undefined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+CN			= "Not Defined"
+default_ca		= ca
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+# Don't prompt for fields: use those in section directly
+prompt			= no
+distinguished_name	= req_distinguished_name
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= UK
+
+organizationName		= OpenSSL Group
+# Take CN from environment so it can come from a script.
+commonName			= $ENV::CN
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+# OCSP responder certificate
+[ ocsp_cert ]
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+extendedKeyUsage=OCSPSigning
+
+[ dh_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# DH certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, keyAgreement
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = critical,CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
+# Minimal CA entry to allow generation of CRLs.
+[ca]
+database=index.txt
+crlnumber=crlnum.txt
diff --git a/openssl-1.1.0h/demos/certs/mkcerts.sh b/openssl-1.1.0h/demos/certs/mkcerts.sh
new file mode 100644
index 0000000..18daa6b
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/mkcerts.sh
@@ -0,0 +1,96 @@
+#!/bin/sh
+
+OPENSSL=../../apps/openssl
+OPENSSL_CONF=../../apps/openssl.cnf
+export OPENSSL_CONF
+
+# Root CA: create certificate directly
+CN="Test Root CA" $OPENSSL req -config ca.cnf -x509 -nodes \
+	-keyout root.pem -out root.pem -newkey rsa:2048 -days 3650
+# Intermediate CA: request first
+CN="Test Intermediate CA" $OPENSSL req -config ca.cnf -nodes \
+	-keyout intkey.pem -out intreq.pem -newkey rsa:2048
+# Sign request: CA extensions
+$OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \
+	-extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem
+
+# Server certificate: create request first
+CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \
+	-keyout skey.pem -out req.pem -newkey rsa:1024
+# Sign request: end entity extensions
+$OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial -out server.pem
+
+# Client certificate: request first
+CN="Test Client Cert" $OPENSSL req -config ca.cnf -nodes \
+	-keyout ckey.pem -out creq.pem -newkey rsa:1024
+# Sign using intermediate CA
+$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial -out client.pem
+
+# Revoked certificate: request first
+CN="Test Revoked Cert" $OPENSSL req -config ca.cnf -nodes \
+	-keyout revkey.pem -out rreq.pem -newkey rsa:1024
+# Sign using intermediate CA
+$OPENSSL x509 -req -in rreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial -out rev.pem
+
+# OCSP responder certificate: request first
+CN="Test OCSP Responder Cert" $OPENSSL req -config ca.cnf -nodes \
+	-keyout respkey.pem -out respreq.pem -newkey rsa:1024
+# Sign using intermediate CA and responder extensions
+$OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
+	-extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem
+
+# Example creating a PKCS#3 DH certificate. 
+
+# First DH parameters
+
+[ -f dhp.pem ] || $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem
+
+# Now a DH private key
+$OPENSSL genpkey -paramfile dhp.pem -out dhskey.pem
+# Create DH public key file
+$OPENSSL pkey -in dhskey.pem -pubout -out dhspub.pem
+# Certificate request, key just reuses old one as it is ignored when the
+# request is signed.
+CN="Test Server DH Cert" $OPENSSL req -config ca.cnf -new \
+	-key skey.pem -out dhsreq.pem
+# Sign request: end entity DH extensions
+$OPENSSL x509 -req -in dhsreq.pem -CA root.pem -days 3600 \
+	-force_pubkey dhspub.pem \
+	-extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhserver.pem
+
+# DH client certificate
+
+$OPENSSL genpkey -paramfile dhp.pem -out dhckey.pem
+$OPENSSL pkey -in dhckey.pem -pubout -out dhcpub.pem
+CN="Test Client DH Cert" $OPENSSL req -config ca.cnf -new \
+	-key skey.pem -out dhcreq.pem
+$OPENSSL x509 -req -in dhcreq.pem -CA root.pem -days 3600 \
+	-force_pubkey dhcpub.pem \
+	-extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhclient.pem
+
+# Examples of CRL generation without the need to use 'ca' to issue
+# certificates.
+# Create zero length index file
+>index.txt
+# Create initial crl number file
+echo 01 >crlnum.txt
+# Add entries for server and client certs
+$OPENSSL ca -valid server.pem -keyfile root.pem -cert root.pem \
+		-config ca.cnf -md sha1
+$OPENSSL ca -valid client.pem -keyfile root.pem -cert root.pem \
+		-config ca.cnf -md sha1
+$OPENSSL ca -valid rev.pem -keyfile root.pem -cert root.pem \
+		-config ca.cnf -md sha1
+# Generate a CRL.
+$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
+		-md sha1 -crldays 1 -out crl1.pem
+# Revoke a certificate
+openssl ca -revoke rev.pem -crl_reason superseded \
+		-keyfile root.pem -cert root.pem -config ca.cnf -md sha1
+# Generate another CRL
+$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
+		-md sha1 -crldays 1 -out crl2.pem
+
diff --git a/openssl-1.1.0h/demos/certs/ocspquery.sh b/openssl-1.1.0h/demos/certs/ocspquery.sh
new file mode 100644
index 0000000..f664113
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/ocspquery.sh
@@ -0,0 +1,21 @@
+# Example querying OpenSSL test responder. Assumes ocsprun.sh has been
+# called.
+
+OPENSSL=../../apps/openssl
+OPENSSL_CONF=../../apps/openssl.cnf
+export OPENSSL_CONF
+
+# Send responder queries for each certificate.
+
+echo "Requesting OCSP status for each certificate"
+$OPENSSL ocsp -issuer intca.pem -cert client.pem -CAfile root.pem \
+			-url http://127.0.0.1:8888/
+$OPENSSL ocsp -issuer intca.pem -cert server.pem -CAfile root.pem \
+			-url http://127.0.0.1:8888/
+$OPENSSL ocsp -issuer intca.pem -cert rev.pem -CAfile root.pem \
+			-url http://127.0.0.1:8888/
+# One query for all three certificates.
+echo "Requesting OCSP status for three certificates in one request"
+$OPENSSL ocsp -issuer intca.pem \
+	-cert client.pem -cert server.pem -cert rev.pem \
+	-CAfile root.pem -url http://127.0.0.1:8888/
diff --git a/openssl-1.1.0h/demos/certs/ocsprun.sh b/openssl-1.1.0h/demos/certs/ocsprun.sh
new file mode 100644
index 0000000..a65e5f2
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/ocsprun.sh
@@ -0,0 +1,14 @@
+# Example of running an querying OpenSSL test OCSP responder.
+# This assumes "mkcerts.sh" or similar has been run to set up the
+# necessary file structure.
+
+OPENSSL=../../apps/openssl
+OPENSSL_CONF=../../apps/openssl.cnf
+export OPENSSL_CONF
+
+# Run OCSP responder.
+
+PORT=8888
+
+$OPENSSL ocsp -port $PORT -index index.txt -CA intca.pem \
+	-rsigner resp.pem -rkey respkey.pem -rother intca.pem $*
diff --git a/openssl-1.1.0h/demos/cms/cacert.pem b/openssl-1.1.0h/demos/cms/cacert.pem
new file mode 100644
index 0000000..75cbb34
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/demos/cms/cakey.pem b/openssl-1.1.0h/demos/cms/cakey.pem
new file mode 100644
index 0000000..3b53c5e
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/cms/cms_comp.c b/openssl-1.1.0h/demos/cms/cms_comp.c
new file mode 100644
index 0000000..0d548f9
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_comp.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME compress example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    /*
+     * On OpenSSL 1.0.0+ only:
+     * for streaming set CMS_STREAM
+     */
+    int flags = CMS_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Open content being compressed */
+
+    in = BIO_new_file("comp.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* compress content */
+    cms = CMS_compress(in, NID_zlib_compression, flags);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("smcomp.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_CMS(out, cms, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Compressing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    BIO_free(in);
+    BIO_free(out);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_ddec.c b/openssl-1.1.0h/demos/cms/cms_ddec.c
new file mode 100644
index 0000000..8f2e9ae
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_ddec.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * S/MIME detached data decrypt example: rarely done but should the need
+ * arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
+    X509 *rcert = NULL;
+    EVP_PKEY *rkey = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!rcert || !rkey)
+        goto err;
+
+    /* Open PEM file containing enveloped data */
+
+    in = BIO_new_file("smencr.pem", "r");
+
+    if (!in)
+        goto err;
+
+    /* Parse PEM content */
+    cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
+
+    if (!cms)
+        goto err;
+
+    /* Open file containing detached content */
+    dcont = BIO_new_file("smencr.out", "rb");
+
+    if (!in)
+        goto err;
+
+    out = BIO_new_file("encrout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Decrypt S/MIME message */
+    if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Decrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(rcert);
+    EVP_PKEY_free(rkey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    BIO_free(dcont);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_dec.c b/openssl-1.1.0h/demos/cms/cms_dec.c
new file mode 100644
index 0000000..4f9428b
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_dec.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME decryption example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    EVP_PKEY *rkey = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!rcert || !rkey)
+        goto err;
+
+    /* Open S/MIME message to decrypt */
+
+    in = BIO_new_file("smencr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Parse message */
+    cms = SMIME_read_CMS(in, NULL);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("decout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Decrypt S/MIME message */
+    if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Decrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(rcert);
+    EVP_PKEY_free(rkey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_denc.c b/openssl-1.1.0h/demos/cms/cms_denc.c
new file mode 100644
index 0000000..adba69b
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_denc.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * S/MIME detached data encrypt example: rarely done but should the need
+ * arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
+    X509 *rcert = NULL;
+    STACK_OF(X509) *recips = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    int flags = CMS_STREAM | CMS_DETACHED;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!rcert)
+        goto err;
+
+    /* Create recipient STACK and add recipient cert to it */
+    recips = sk_X509_new_null();
+
+    if (!recips || !sk_X509_push(recips, rcert))
+        goto err;
+
+    /*
+     * sk_X509_pop_free will free up recipient STACK and its contents so set
+     * rcert to NULL so it isn't freed up twice.
+     */
+    rcert = NULL;
+
+    /* Open content being encrypted */
+
+    in = BIO_new_file("encr.txt", "r");
+
+    dout = BIO_new_file("smencr.out", "wb");
+
+    if (!in)
+        goto err;
+
+    /* encrypt content */
+    cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("smencr.pem", "w");
+    if (!out)
+        goto err;
+
+    if (!CMS_final(cms, in, dout, flags))
+        goto err;
+
+    /* Write out CMS structure without content */
+    if (!PEM_write_bio_CMS(out, cms))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Encrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(dout);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_enc.c b/openssl-1.1.0h/demos/cms/cms_enc.c
new file mode 100644
index 0000000..4d17d72
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_enc.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    STACK_OF(X509) *recips = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    /*
+     * On OpenSSL 1.0.0 and later only:
+     * for streaming set CMS_STREAM
+     */
+    int flags = CMS_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!rcert)
+        goto err;
+
+    /* Create recipient STACK and add recipient cert to it */
+    recips = sk_X509_new_null();
+
+    if (!recips || !sk_X509_push(recips, rcert))
+        goto err;
+
+    /*
+     * sk_X509_pop_free will free up recipient STACK and its contents so set
+     * rcert to NULL so it isn't freed up twice.
+     */
+    rcert = NULL;
+
+    /* Open content being encrypted */
+
+    in = BIO_new_file("encr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* encrypt content */
+    cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("smencr.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_CMS(out, cms, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Encrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_sign.c b/openssl-1.1.0h/demos/cms/cms_sign.c
new file mode 100644
index 0000000..15bd5b8
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_sign.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL;
+    EVP_PKEY *skey = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    /*
+     * For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for
+     * streaming detached set CMS_DETACHED|CMS_STREAM for streaming
+     * non-detached set CMS_STREAM
+     */
+    int flags = CMS_DETACHED | CMS_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in signer certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert || !skey)
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    cms = CMS_sign(scert, skey, NULL, in, flags);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!(flags & CMS_STREAM))
+        BIO_reset(in);
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_CMS(out, cms, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_sign2.c b/openssl-1.1.0h/demos/cms/cms_sign2.c
new file mode 100644
index 0000000..14ebf27
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_sign2.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME signing example: 2 signers */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL, *scert2 = NULL;
+    EVP_PKEY *skey = NULL, *skey2 = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    BIO_free(tbio);
+
+    tbio = BIO_new_file("signer2.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert2 || !skey2)
+        goto err;
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM | CMS_PARTIAL);
+
+    if (!cms)
+        goto err;
+
+    /* Add each signer in turn */
+
+    if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
+        goto err;
+
+    if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* NB: content included and finalized by SMIME_write_CMS */
+
+    if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    X509_free(scert2);
+    EVP_PKEY_free(skey2);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_uncomp.c b/openssl-1.1.0h/demos/cms/cms_uncomp.c
new file mode 100644
index 0000000..3e3b4c4
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_uncomp.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME uncompression example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    CMS_ContentInfo *cms = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Open compressed content */
+
+    in = BIO_new_file("smcomp.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    cms = SMIME_read_CMS(in, NULL);
+
+    if (!cms)
+        goto err;
+
+    out = BIO_new_file("smuncomp.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Uncompress S/MIME message */
+    if (!CMS_uncompress(cms, out, NULL, 0))
+        goto err;
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Uncompressing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    BIO_free(in);
+    BIO_free(out);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/cms_ver.c b/openssl-1.1.0h/demos/cms/cms_ver.c
new file mode 100644
index 0000000..43c10e2
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/cms_ver.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+    X509_STORE *st = NULL;
+    X509 *cacert = NULL;
+    CMS_ContentInfo *cms = NULL;
+
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Set up trusted CA certificate store */
+
+    st = X509_STORE_new();
+
+    /* Read in CA certificate */
+    tbio = BIO_new_file("cacert.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!cacert)
+        goto err;
+
+    if (!X509_STORE_add_cert(st, cacert))
+        goto err;
+
+    /* Open message being verified */
+
+    in = BIO_new_file("smout.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* parse message */
+    cms = SMIME_read_CMS(in, &cont);
+
+    if (!cms)
+        goto err;
+
+    /* File to output verified content to */
+    out = BIO_new_file("smver.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
+        fprintf(stderr, "Verification Failure\n");
+        goto err;
+    }
+
+    fprintf(stderr, "Verification Successful\n");
+
+    ret = 0;
+
+ err:
+
+    if (ret) {
+        fprintf(stderr, "Error Verifying Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+
+    CMS_ContentInfo_free(cms);
+    X509_free(cacert);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/cms/comp.txt b/openssl-1.1.0h/demos/cms/comp.txt
new file mode 100644
index 0000000..1672328
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/comp.txt
@@ -0,0 +1,22 @@
+Content-type: text/plain
+
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
diff --git a/openssl-1.1.0h/demos/cms/encr.txt b/openssl-1.1.0h/demos/cms/encr.txt
new file mode 100644
index 0000000..0eceb40
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for CMS encryption
diff --git a/openssl-1.1.0h/demos/cms/sign.txt b/openssl-1.1.0h/demos/cms/sign.txt
new file mode 100644
index 0000000..c3f9d73
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL CMS Signed Content
diff --git a/openssl-1.1.0h/demos/cms/signer.pem b/openssl-1.1.0h/demos/cms/signer.pem
new file mode 100644
index 0000000..bac16ba
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/cms/signer2.pem b/openssl-1.1.0h/demos/cms/signer2.pem
new file mode 100644
index 0000000..25e23d1
--- /dev/null
+++ b/openssl-1.1.0h/demos/cms/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/evp/Makefile b/openssl-1.1.0h/demos/evp/Makefile
new file mode 100644
index 0000000..72c6e81
--- /dev/null
+++ b/openssl-1.1.0h/demos/evp/Makefile
@@ -0,0 +1,20 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./aesccm
+#    LD_LIBRARY_PATH=../.. ./aesgcm
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto
+
+all: aesccm aesgcm 
+
+aesccm: aesccm.o
+aesgcm: aesgcm.o
+
+aesccm aesgcm:
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/openssl-1.1.0h/demos/evp/aesccm.c b/openssl-1.1.0h/demos/evp/aesccm.c
new file mode 100644
index 0000000..cc4d0b5
--- /dev/null
+++ b/openssl-1.1.0h/demos/evp/aesccm.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Simple AES CCM test program, uses the same NIST data used for the FIPS
+ * self test but uses the application level EVP APIs.
+ */
+#include <stdio.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+/* AES-CCM test data from NIST public test vectors */
+
+static const unsigned char ccm_key[] = {
+    0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
+    0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
+};
+
+static const unsigned char ccm_nonce[] = {
+    0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
+};
+
+static const unsigned char ccm_adata[] = {
+    0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
+    0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
+    0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
+};
+
+static const unsigned char ccm_pt[] = {
+    0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
+    0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
+};
+
+static const unsigned char ccm_ct[] = {
+    0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
+    0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
+};
+
+static const unsigned char ccm_tag[] = {
+    0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
+    0x14, 0xdb, 0x50, 0x6d
+};
+
+void aes_ccm_encrypt(void)
+{
+    EVP_CIPHER_CTX *ctx;
+    int outlen, tmplen;
+    unsigned char outbuf[1024];
+    printf("AES CCM Encrypt:\n");
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
+    ctx = EVP_CIPHER_CTX_new();
+    /* Set cipher type and mode */
+    EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
+    /* Set nonce length if default 96 bits is not appropriate */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
+                        NULL);
+    /* Set tag length */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
+    /* Initialise key and IV */
+    EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
+    /* Set plaintext length: only needed if AAD is used */
+    EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt));
+    /* Zero or one call to specify any AAD */
+    EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
+    /* Encrypt plaintext: can only be called once */
+    EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt));
+    /* Output encrypted block */
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+    /* Finalise: note get no output for CCM */
+    EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
+    /* Get tag */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
+    /* Output tag */
+    printf("Tag:\n");
+    BIO_dump_fp(stdout, outbuf, 16);
+    EVP_CIPHER_CTX_free(ctx);
+}
+
+void aes_ccm_decrypt(void)
+{
+    EVP_CIPHER_CTX *ctx;
+    int outlen, tmplen, rv;
+    unsigned char outbuf[1024];
+    printf("AES CCM Derypt:\n");
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
+    ctx = EVP_CIPHER_CTX_new();
+    /* Select cipher */
+    EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
+    /* Set nonce length, omit for 96 bits */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
+                        NULL);
+    /* Set expected tag value */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                        sizeof(ccm_tag), (void *)ccm_tag);
+    /* Specify key and IV */
+    EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
+    /* Set ciphertext length: only needed if we have AAD */
+    EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct));
+    /* Zero or one call to specify any AAD */
+    EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
+    /* Decrypt plaintext, verify tag: can only be called once */
+    rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
+    /* Output decrypted block: if tag verify failed we get nothing */
+    if (rv > 0) {
+        printf("Plaintext:\n");
+        BIO_dump_fp(stdout, outbuf, outlen);
+    } else
+        printf("Plaintext not available: tag verify failed.\n");
+    EVP_CIPHER_CTX_free(ctx);
+}
+
+int main(int argc, char **argv)
+{
+    aes_ccm_encrypt();
+    aes_ccm_decrypt();
+}
diff --git a/openssl-1.1.0h/demos/evp/aesgcm.c b/openssl-1.1.0h/demos/evp/aesgcm.c
new file mode 100644
index 0000000..df59f46
--- /dev/null
+++ b/openssl-1.1.0h/demos/evp/aesgcm.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Simple AES GCM test program, uses the same NIST data used for the FIPS
+ * self test but uses the application level EVP APIs.
+ */
+#include <stdio.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+/* AES-GCM test data from NIST public test vectors */
+
+static const unsigned char gcm_key[] = {
+    0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
+    0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
+    0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
+};
+
+static const unsigned char gcm_iv[] = {
+    0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
+};
+
+static const unsigned char gcm_pt[] = {
+    0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
+    0xcc, 0x2b, 0xf2, 0xa5
+};
+
+static const unsigned char gcm_aad[] = {
+    0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
+    0x7f, 0xec, 0x78, 0xde
+};
+
+static const unsigned char gcm_ct[] = {
+    0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
+    0xb9, 0xf2, 0x17, 0x36
+};
+
+static const unsigned char gcm_tag[] = {
+    0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
+    0x98, 0xf7, 0x7e, 0x0c
+};
+
+void aes_gcm_encrypt(void)
+{
+    EVP_CIPHER_CTX *ctx;
+    int outlen, tmplen;
+    unsigned char outbuf[1024];
+    printf("AES GCM Encrypt:\n");
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt));
+    ctx = EVP_CIPHER_CTX_new();
+    /* Set cipher type and mode */
+    EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+    /* Set IV length if default 96 bits is not appropriate */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
+    /* Initialise key and IV */
+    EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
+    /* Zero or more calls to specify any AAD */
+    EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
+    /* Encrypt plaintext */
+    EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
+    /* Output encrypted block */
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+    /* Finalise: note get no output for GCM */
+    EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
+    /* Get tag */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
+    /* Output tag */
+    printf("Tag:\n");
+    BIO_dump_fp(stdout, outbuf, 16);
+    EVP_CIPHER_CTX_free(ctx);
+}
+
+void aes_gcm_decrypt(void)
+{
+    EVP_CIPHER_CTX *ctx;
+    int outlen, tmplen, rv;
+    unsigned char outbuf[1024];
+    printf("AES GCM Derypt:\n");
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct));
+    ctx = EVP_CIPHER_CTX_new();
+    /* Select cipher */
+    EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
+    /* Set IV length, omit for 96 bits */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
+    /* Specify key and IV */
+    EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
+    /* Zero or more calls to specify any AAD */
+    EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
+    /* Decrypt plaintext */
+    EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct));
+    /* Output decrypted block */
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+    /* Set expected tag value. */
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), 
+                        (void *)gcm_tag);
+    /* Finalise: note get no output for GCM */
+    rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
+    /*
+     * Print out return value. If this is not successful authentication
+     * failed and plaintext is not trustworthy.
+     */
+    printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!");
+    EVP_CIPHER_CTX_free(ctx);
+}
+
+int main(int argc, char **argv)
+{
+    aes_gcm_encrypt();
+    aes_gcm_decrypt();
+}
diff --git a/openssl-1.1.0h/demos/pkcs12/README b/openssl-1.1.0h/demos/pkcs12/README
new file mode 100644
index 0000000..c87434b
--- /dev/null
+++ b/openssl-1.1.0h/demos/pkcs12/README
@@ -0,0 +1,3 @@
+PKCS#12 demo applications
+
+Written by Steve Henson.
diff --git a/openssl-1.1.0h/demos/pkcs12/pkread.c b/openssl-1.1.0h/demos/pkcs12/pkread.c
new file mode 100644
index 0000000..3b87d7a
--- /dev/null
+++ b/openssl-1.1.0h/demos/pkcs12/pkread.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file reader */
+
+int main(int argc, char **argv)
+{
+    FILE *fp;
+    EVP_PKEY *pkey;
+    X509 *cert;
+    STACK_OF(X509) *ca = NULL;
+    PKCS12 *p12;
+    int i;
+    if (argc != 4) {
+        fprintf(stderr, "Usage: pkread p12file password opfile\n");
+        exit(1);
+    }
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+    if ((fp = fopen(argv[1], "rb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        exit(1);
+    }
+    p12 = d2i_PKCS12_fp(fp, NULL);
+    fclose(fp);
+    if (!p12) {
+        fprintf(stderr, "Error reading PKCS#12 file\n");
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
+        fprintf(stderr, "Error parsing PKCS#12 file\n");
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    PKCS12_free(p12);
+    if ((fp = fopen(argv[3], "w")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        exit(1);
+    }
+    if (pkey) {
+        fprintf(fp, "***Private Key***\n");
+        PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+    }
+    if (cert) {
+        fprintf(fp, "***User Certificate***\n");
+        PEM_write_X509_AUX(fp, cert);
+    }
+    if (ca && sk_X509_num(ca)) {
+        fprintf(fp, "***Other Certificates***\n");
+        for (i = 0; i < sk_X509_num(ca); i++)
+            PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
+    }
+    fclose(fp);
+    return 0;
+}
diff --git a/openssl-1.1.0h/demos/pkcs12/pkwrite.c b/openssl-1.1.0h/demos/pkcs12/pkwrite.c
new file mode 100644
index 0000000..e14cf83
--- /dev/null
+++ b/openssl-1.1.0h/demos/pkcs12/pkwrite.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file creator */
+
+int main(int argc, char **argv)
+{
+    FILE *fp;
+    EVP_PKEY *pkey;
+    X509 *cert;
+    PKCS12 *p12;
+    if (argc != 5) {
+        fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
+        exit(1);
+    }
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+    if ((fp = fopen(argv[1], "r")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        exit(1);
+    }
+    cert = PEM_read_X509(fp, NULL, NULL, NULL);
+    rewind(fp);
+    pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+    fclose(fp);
+    p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0);
+    if (!p12) {
+        fprintf(stderr, "Error creating PKCS#12 structure\n");
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    if ((fp = fopen(argv[4], "wb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        ERR_print_errors_fp(stderr);
+        exit(1);
+    }
+    i2d_PKCS12_fp(fp, p12);
+    PKCS12_free(p12);
+    fclose(fp);
+    return 0;
+}
diff --git a/openssl-1.1.0h/demos/smime/cacert.pem b/openssl-1.1.0h/demos/smime/cacert.pem
new file mode 100644
index 0000000..75cbb34
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/demos/smime/cakey.pem b/openssl-1.1.0h/demos/smime/cakey.pem
new file mode 100644
index 0000000..3b53c5e
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/smime/encr.txt b/openssl-1.1.0h/demos/smime/encr.txt
new file mode 100644
index 0000000..f163a32
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for PKCS#7 encryption
diff --git a/openssl-1.1.0h/demos/smime/sign.txt b/openssl-1.1.0h/demos/smime/sign.txt
new file mode 100644
index 0000000..af1341d
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL Signed Content
diff --git a/openssl-1.1.0h/demos/smime/signer.pem b/openssl-1.1.0h/demos/smime/signer.pem
new file mode 100644
index 0000000..bac16ba
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/smime/signer2.pem b/openssl-1.1.0h/demos/smime/signer2.pem
new file mode 100644
index 0000000..25e23d1
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/demos/smime/smdec.c b/openssl-1.1.0h/demos/smime/smdec.c
new file mode 100644
index 0000000..c4d1b09
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/smdec.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    EVP_PKEY *rkey = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!rcert || !rkey)
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("smencr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = SMIME_read_PKCS7(in, NULL);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("encrout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Decrypt S/MIME message */
+    if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(rcert);
+    EVP_PKEY_free(rkey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+
+    return ret;
+
+}
diff --git a/openssl-1.1.0h/demos/smime/smenc.c b/openssl-1.1.0h/demos/smime/smenc.c
new file mode 100644
index 0000000..5d36e9a
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/smenc.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *rcert = NULL;
+    STACK_OF(X509) *recips = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    /*
+     * On OpenSSL 0.9.9 only:
+     * for streaming set PKCS7_STREAM
+     */
+    int flags = PKCS7_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in recipient certificate */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!rcert)
+        goto err;
+
+    /* Create recipient STACK and add recipient cert to it */
+    recips = sk_X509_new_null();
+
+    if (!recips || !sk_X509_push(recips, rcert))
+        goto err;
+
+    /*
+     * sk_X509_pop_free will free up recipient STACK and its contents so set
+     * rcert to NULL so it isn't freed up twice.
+     */
+    rcert = NULL;
+
+    /* Open content being encrypted */
+
+    in = BIO_new_file("encr.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* encrypt content */
+    p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("smencr.txt", "w");
+    if (!out)
+        goto err;
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_PKCS7(out, p7, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Encrypting Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+
+}
diff --git a/openssl-1.1.0h/demos/smime/smsign.c b/openssl-1.1.0h/demos/smime/smsign.c
new file mode 100644
index 0000000..ba0adb3
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/smsign.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL;
+    EVP_PKEY *skey = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    /*
+     * For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only:
+     * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming
+     * non-detached set PKCS7_STREAM
+     */
+    int flags = PKCS7_DETACHED | PKCS7_STREAM;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Read in signer certificate and private key */
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert || !skey)
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = PKCS7_sign(scert, skey, NULL, in, flags);
+
+    if (!p7)
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!(flags & PKCS7_STREAM))
+        BIO_reset(in);
+
+    /* Write out S/MIME message */
+    if (!SMIME_write_PKCS7(out, p7, in, flags))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+
+    return ret;
+
+}
diff --git a/openssl-1.1.0h/demos/smime/smsign2.c b/openssl-1.1.0h/demos/smime/smsign2.c
new file mode 100644
index 0000000..2b7f45b
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/smsign2.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL;
+    X509 *scert = NULL, *scert2 = NULL;
+    EVP_PKEY *skey = NULL, *skey2 = NULL;
+    PKCS7 *p7 = NULL;
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    tbio = BIO_new_file("signer.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    BIO_free(tbio);
+
+    tbio = BIO_new_file("signer2.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    BIO_reset(tbio);
+
+    skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+    if (!scert2 || !skey2)
+        goto err;
+
+    in = BIO_new_file("sign.txt", "r");
+
+    if (!in)
+        goto err;
+
+    p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL);
+
+    if (!p7)
+        goto err;
+
+    /* Add each signer in turn */
+
+    if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
+        goto err;
+
+    if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
+        goto err;
+
+    out = BIO_new_file("smout.txt", "w");
+    if (!out)
+        goto err;
+
+    /* NB: content included and finalized by SMIME_write_PKCS7 */
+
+    if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
+        goto err;
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Signing Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(scert);
+    EVP_PKEY_free(skey);
+    X509_free(scert2);
+    EVP_PKEY_free(skey2);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/demos/smime/smver.c b/openssl-1.1.0h/demos/smime/smver.c
new file mode 100644
index 0000000..75411c4
--- /dev/null
+++ b/openssl-1.1.0h/demos/smime/smver.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+    X509_STORE *st = NULL;
+    X509 *cacert = NULL;
+    PKCS7 *p7 = NULL;
+
+    int ret = 1;
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    /* Set up trusted CA certificate store */
+
+    st = X509_STORE_new();
+
+    /* Read in signer certificate and private key */
+    tbio = BIO_new_file("cacert.pem", "r");
+
+    if (!tbio)
+        goto err;
+
+    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+    if (!cacert)
+        goto err;
+
+    if (!X509_STORE_add_cert(st, cacert))
+        goto err;
+
+    /* Open content being signed */
+
+    in = BIO_new_file("smout.txt", "r");
+
+    if (!in)
+        goto err;
+
+    /* Sign content */
+    p7 = SMIME_read_PKCS7(in, &cont);
+
+    if (!p7)
+        goto err;
+
+    /* File to output verified content to */
+    out = BIO_new_file("smver.txt", "w");
+    if (!out)
+        goto err;
+
+    if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {
+        fprintf(stderr, "Verification Failure\n");
+        goto err;
+    }
+
+    fprintf(stderr, "Verification Successful\n");
+
+    ret = 0;
+
+ err:
+    if (ret) {
+        fprintf(stderr, "Error Verifying Data\n");
+        ERR_print_errors_fp(stderr);
+    }
+    PKCS7_free(p7);
+    X509_free(cacert);
+    BIO_free(in);
+    BIO_free(out);
+    BIO_free(tbio);
+    return ret;
+}
diff --git a/openssl-1.1.0h/doc/HOWTO/certificates.txt b/openssl-1.1.0h/doc/HOWTO/certificates.txt
new file mode 100644
index 0000000..65f8fc8
--- /dev/null
+++ b/openssl-1.1.0h/doc/HOWTO/certificates.txt
@@ -0,0 +1,110 @@
+<DRAFT!>
+			HOWTO certificates
+
+1. Introduction
+
+How you handle certificates depends a great deal on what your role is.
+Your role can be one or several of:
+
+  - User of some client application
+  - User of some server application
+  - Certificate authority
+
+This file is for users who wish to get a certificate of their own.
+Certificate authorities should read https://www.openssl.org/docs/apps/ca.html.
+
+In all the cases shown below, the standard configuration file, as
+compiled into openssl, will be used.  You may find it in /etc/,
+/usr/local/ssl/ or somewhere else.  By default the file is named
+openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
+You can specify a different configuration file using the
+'-config {file}' argument with the commands shown below.
+
+
+2. Relationship with keys
+
+Certificates are related to public key cryptography by containing a
+public key.  To be useful, there must be a corresponding private key
+somewhere.  With OpenSSL, public keys are easily derived from private
+keys, so before you create a certificate or a certificate request, you
+need to create a private key.
+
+Private keys are generated with 'openssl genrsa -out privkey.pem' if
+you want a RSA private key, or if you want a DSA private key:
+'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'.
+
+The private keys created by these commands are not passphrase protected;
+it might or might not be the desirable thing.  Further information on how to
+create private keys can be found at https://www.openssl.org/docs/HOWTO/keys.txt.
+The rest of this text assumes you have a private key in the file privkey.pem.
+
+
+3. Creating a certificate request
+
+To create a certificate, you need to start with a certificate request
+(or, as some certificate authorities like to put it, "certificate
+signing request", since that's exactly what they do, they sign it and
+give you the result back, thus making it authentic according to their
+policies).  A certificate request is sent to a certificate authority
+to get it signed into a certificate. You can also sign the certificate
+yourself if you have your own certificate authority or create a
+self-signed certificate (typically for testing purpose).
+
+The certificate request is created like this:
+
+  openssl req -new -key privkey.pem -out cert.csr
+
+Now, cert.csr can be sent to the certificate authority, if they can
+handle files in PEM format.  If not, use the extra argument '-outform'
+followed by the keyword for the format to use (see another HOWTO
+<formats.txt?>).  In some cases, -outform does not let you output the
+certificate request in the right format and you will have to use one
+of the various other commands that are exposed by openssl (or get
+creative and use a combination of tools).
+
+The certificate authority performs various checks (according to their
+policies) and usually waits for payment from you. Once that is
+complete, they send you your new certificate.
+
+Section 5 will tell you more on how to handle the certificate you
+received.
+
+
+4. Creating a self-signed test certificate
+
+You can create a self-signed certificate if you don't want to deal
+with a certificate authority, or if you just want to create a test
+certificate for yourself.  This is similar to creating a certificate
+request, but creates a certificate instead of a certificate request.
+This is NOT the recommended way to create a CA certificate, see
+https://www.openssl.org/docs/apps/ca.html.
+
+  openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
+
+
+5. What to do with the certificate
+
+If you created everything yourself, or if the certificate authority
+was kind enough, your certificate is a raw DER thing in PEM format.
+Your key most definitely is if you have followed the examples above.
+However, some (most?) certificate authorities will encode them with
+things like PKCS7 or PKCS12, or something else.  Depending on your
+applications, this may be perfectly OK, it all depends on what they
+know how to decode.  If not, There are a number of OpenSSL tools to
+convert between some (most?) formats.
+
+So, depending on your application, you may have to convert your
+certificate and your key to various formats, most often also putting
+them together into one file.  The ways to do this is described in
+another HOWTO <formats.txt?>, I will just mention the simplest case.
+In the case of a raw DER thing in PEM format, and assuming that's all
+right for your applications, simply concatenating the certificate and
+the key into a new file and using that one should be enough.  With
+some applications, you don't even have to do that.
+
+
+By now, you have your certificate and your private key and can start
+using applications that depend on it.
+
+-- 
+Richard Levitte
diff --git a/openssl-1.1.0h/doc/HOWTO/keys.txt b/openssl-1.1.0h/doc/HOWTO/keys.txt
new file mode 100644
index 0000000..1662c17
--- /dev/null
+++ b/openssl-1.1.0h/doc/HOWTO/keys.txt
@@ -0,0 +1,105 @@
+<DRAFT!>
+			HOWTO keys
+
+1. Introduction
+
+Keys are the basis of public key algorithms and PKI.  Keys usually
+come in pairs, with one half being the public key and the other half
+being the private key.  With OpenSSL, the private key contains the
+public key information as well, so a public key doesn't need to be
+generated separately.
+
+Public keys come in several flavors, using different cryptographic
+algorithms.  The most popular ones associated with certificates are
+RSA and DSA, and this HOWTO will show how to generate each of them.
+
+
+2. To generate a RSA key
+
+A RSA key can be used both for encryption and for signing.
+
+Generating a key for the RSA algorithm is quite easy, all you have to
+do is the following:
+
+  openssl genrsa -des3 -out privkey.pem 2048
+
+With this variant, you will be prompted for a protecting password.  If
+you don't want your key to be protected by a password, remove the flag
+'-des3' from the command line above.
+
+The number 2048 is the size of the key, in bits.  Today, 2048 or
+higher is recommended for RSA keys, as fewer amount of bits is
+consider insecure or to be insecure pretty soon.
+
+
+3. To generate a DSA key
+
+A DSA key can be used for signing only.  It is important to
+know what a certificate request with a DSA key can really be used for.
+
+Generating a key for the DSA algorithm is a two-step process.  First,
+you have to generate parameters from which to generate the key:
+
+  openssl dsaparam -out dsaparam.pem 2048
+
+The number 2048 is the size of the key, in bits.  Today, 2048 or
+higher is recommended for DSA keys, as fewer amount of bits is
+consider insecure or to be insecure pretty soon.
+
+When that is done, you can generate a key using the parameters in
+question (actually, several keys can be generated from the same
+parameters):
+
+  openssl gendsa -des3 -out privkey.pem dsaparam.pem
+
+With this variant, you will be prompted for a protecting password.  If
+you don't want your key to be protected by a password, remove the flag
+'-des3' from the command line above.
+
+
+4. To generate an EC key
+
+An EC key can be used both for key agreement (ECDH) and signing (ECDSA).
+
+Generating a key for ECC is similar to generating a DSA key. These are
+two-step processes. First, you have to get the EC parameters from which
+the key will be generated:
+
+  openssl ecparam -name prime256v1 -out prime256v1.pem
+
+The prime256v1, or NIST P-256, which stands for 'X9.62/SECG curve over
+a 256-bit prime field', is the name of an elliptic curve which generates the
+parameters. You can use the following command to list all supported curves:
+
+  openssl ecparam -list_curves
+
+When that is done, you can generate a key using the created parameters (several
+keys can be produced from the same parameters):
+
+  openssl genpkey -des3 -paramfile prime256v1.pem -out private.key
+
+With this variant, you will be prompted for a password to protect your key.
+If you don't want your key to be protected by a password, remove the flag
+'-des3' from the command line above.
+
+You can also directly generate the key in one step:
+
+  openssl ecparam -genkey -name prime256v1 -out private.key
+
+or
+
+  openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256
+
+
+5. NOTE
+
+If you intend to use the key together with a server certificate,
+it may be reasonable to avoid protecting it with a password, since
+otherwise someone would have to type in the password every time the
+server needs to access the key.
+
+For X25519, it's treated as a distinct algorithm but not as one of
+the curves listed with 'ecparam -list_curves' option. You can use
+the following command to generate an X25519 key:
+
+  openssl genpkey -algorithm X25519 -out xkey.pem
diff --git a/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt b/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt
new file mode 100644
index 0000000..642bec9
--- /dev/null
+++ b/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt
@@ -0,0 +1,319 @@
+			HOWTO proxy certificates
+
+0. WARNING
+
+NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED!  The code is just examples to
+show you how things could be done.  There might be typos or type conflicts, and
+you will have to resolve them.
+
+1. Introduction
+
+Proxy certificates are defined in RFC 3820.  They are really usual certificates
+with the mandatory extension proxyCertInfo.
+
+Proxy certificates are issued by an End Entity (typically a user), either
+directly with the EE certificate as issuing certificate, or by extension through
+an already issued proxy certificate.  Proxy certificates are used to extend
+rights to some other entity (a computer process, typically, or sometimes to the
+user itself).  This allows the entity to perform operations on behalf of the
+owner of the EE certificate.
+
+See http://www.ietf.org/rfc/rfc3820.txt for more information.
+
+
+2. A warning about proxy certificates
+
+No one seems to have tested proxy certificates with security in mind.  To this
+date, it seems that proxy certificates have only been used in a context highly
+aware of them.
+
+Existing applications might misbehave when trying to validate a chain of
+certificates which use a proxy certificate.  They might incorrectly consider the
+leaf to be the certificate to check for authorisation data, which is controlled
+by the EE certificate owner.
+
+subjectAltName and issuerAltName are forbidden in proxy certificates, and this
+is enforced in OpenSSL.  The subject must be the same as the issuer, with one
+commonName added on.
+
+Possible threats we can think of at this time include:
+
+ - impersonation through commonName (think server certificates).
+ - use of additional extensions, possibly non-standard ones used in certain
+   environments, that would grant extra or different authorisation rights.
+
+For these reasons, OpenSSL requires that the use of proxy certificates be
+explicitly allowed.  Currently, this can be done using the following methods:
+
+ - if the application directly calls X509_verify_cert(), it can first call:
+
+   X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+
+   Where ctx is the pointer which then gets passed to X509_verify_cert().
+
+ - proxy certificate validation can be enabled before starting the application
+   by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS.
+
+In the future, it might be possible to enable proxy certificates by editing
+openssl.cnf.
+
+
+3. How to create proxy certificates
+
+Creating proxy certificates is quite easy, by taking advantage of a lack of
+checks in the 'openssl x509' application (*ahem*).  You must first create a
+configuration section that contains a definition of the proxyCertInfo extension,
+for example:
+
+  [ v3_proxy ]
+  # A proxy certificate MUST NEVER be a CA certificate.
+  basicConstraints=CA:FALSE
+
+  # Usual authority key ID
+  authorityKeyIdentifier=keyid,issuer:always
+
+  # The extension which marks this certificate as a proxy
+  proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
+
+It's also possible to specify the proxy extension in a separate section:
+
+  proxyCertInfo=critical,@proxy_ext
+
+  [ proxy_ext ]
+  language=id-ppl-anyLanguage
+  pathlen=0
+  policy=text:BC
+
+The policy value has a specific syntax, {syntag}:{string}, where the syntag
+determines what will be done with the string.  The following syntags are
+recognised:
+
+  text  indicates that the string is simply bytes, without any encoding:
+
+          policy=text:räksmörgås
+
+        Previous versions of this design had a specific tag for UTF-8 text.
+        However, since the bytes are copied as-is anyway, there is no need for
+        such a specific tag.
+
+  hex   indicates the string is encoded in hex, with colons between each byte
+        (every second hex digit):
+
+          policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
+
+        Previous versions of this design had a tag to insert a complete DER
+        blob.  However, the only legal use for this would be to surround the
+        bytes that would go with the hex: tag with whatever is needed to
+        construct a correct OCTET STRING.  The DER tag therefore felt
+        superfluous, and was removed.
+
+  file  indicates that the text of the policy should really be taken from a
+        file.  The string is then really a file name.  This is useful for
+        policies that are large (more than a few lines, e.g. XML documents).
+
+The 'policy' setting can be split up in multiple lines like this:
+
+  0.policy=This is
+  1.policy= a multi-
+  2.policy=line policy.
+
+NOTE: the proxy policy value is the part which determines the rights granted to
+the process using the proxy certificate.  The value is completely dependent on
+the application reading and interpreting it!
+
+Now that you have created an extension section for your proxy certificate, you
+can easily create a proxy certificate by doing:
+
+  openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key
+  openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \
+    -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy
+
+You can also create a proxy certificate using another proxy certificate as
+issuer (note: I'm using a different configuration section for it):
+
+  openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key
+  openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \
+    -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2
+
+
+4. How to have your application interpret the policy?
+
+The basic way to interpret proxy policies is to start with some default rights,
+then compute the resulting rights by checking the proxy certificate against
+the chain of proxy certificates, user certificate and CA certificates. You then
+use the final computed rights.  Sounds easy, huh?  It almost is.
+
+The slightly complicated part is figuring out how to pass data between your
+application and the certificate validation procedure.
+
+You need the following ingredients:
+
+ - a callback function that will be called for every certificate being
+   validated.  The callback be called several times for each certificate,
+   so you must be careful to do the proxy policy interpretation at the right
+   time.  You also need to fill in the defaults when the EE certificate is
+   checked.
+
+ - a data structure that is shared between your application code and the
+   callback.
+
+ - a wrapper function that sets it all up.
+
+ - an ex_data index function that creates an index into the generic ex_data
+   store that is attached to an X509 validation context.
+
+Here is some skeleton code you can fill in:
+
+  #include <string.h>
+  #include <netdb.h>
+  #include <openssl/x509.h>
+  #include <openssl/x509v3.h>
+
+  #define total_rights 25
+
+  /*
+   * In this example, I will use a view of granted rights as a bit
+   * array, one bit for each possible right.
+   */
+  typedef struct your_rights {
+      unsigned char rights[(total_rights + 7) / 8];
+  } YOUR_RIGHTS;
+
+  /*
+   * The following procedure will create an index for the ex_data
+   * store in the X509 validation context the first time it's called.
+   * Subsequent calls will return the same index.  */
+  static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+  {
+      static volatile int idx = -1;
+      if (idx < 0) {
+          X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+          if (idx < 0) {
+              idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                    "for verify callback",
+                                                    NULL,NULL,NULL);
+          }
+          X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+      }
+      return idx;
+  }
+
+  /* Callback to be given to the X509 validation procedure.  */
+  static int verify_callback(int ok, X509_STORE_CTX *ctx)
+  {
+      if (ok == 1) {
+          /*
+           * It's REALLY important you keep the proxy policy
+           * check within this section.  It's important to know
+           * that when ok is 1, the certificates are checked
+           * from top to bottom.  You get the CA root first,
+           * followed by the possible chain of intermediate
+           * CAs, followed by the EE certificate, followed by
+           * the possible proxy certificates.
+           */
+          X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
+
+          if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+              YOUR_RIGHTS *rights =
+                  (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                      get_proxy_auth_ex_data_idx(ctx));
+              PROXY_CERT_INFO_EXTENSION *pci =
+                  X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
+
+              switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+              case NID_Independent:
+                  /*
+                   * Do whatever you need to grant explicit rights to
+                   * this particular proxy certificate, usually by
+                   * pulling them from some database.  If there are none
+                   * to be found, clear all rights (making this and any
+                   * subsequent proxy certificate void of any rights).
+                   */
+                  memset(rights->rights, 0, sizeof(rights->rights));
+                  break;
+              case NID_id_ppl_inheritAll:
+                  /*
+                   * This is basically a NOP, we simply let the current
+                   * rights stand as they are.
+                   */
+                  break;
+              default:
+                  /* This is usually the most complex section of code.
+                   * You really do whatever you want as long as you
+                   * follow RFC 3820.  In the example we use here, the
+                   * simplest thing to do is to build another, temporary
+                   * bit array and fill it with the rights granted by
+                   * the current proxy certificate, then use it as a
+                   * mask on the accumulated rights bit array, and
+                   * voilà, you now have a new accumulated rights bit
+                   * array.
+                   */
+                  {
+                      int i;
+                      YOUR_RIGHTS tmp_rights;
+                      memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
+
+                      /*
+                       * process_rights() is supposed to be a procedure
+                       * that takes a string and it's length, interprets
+                       * it and sets the bits in the YOUR_RIGHTS pointed
+                       * at by the third argument.
+                       */
+                      process_rights((char *) pci->proxyPolicy->policy->data,
+                                     pci->proxyPolicy->policy->length,
+                                     &tmp_rights);
+
+                      for(i = 0; i < total_rights / 8; i++)
+                          rights->rights[i] &= tmp_rights.rights[i];
+                  }
+                  break;
+              }
+              PROXY_CERT_INFO_EXTENSION_free(pci);
+          } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+              /* We have an EE certificate, let's use it to set default! */
+              YOUR_RIGHTS *rights =
+                  (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                      get_proxy_auth_ex_data_idx(ctx));
+
+              /* The following procedure finds out what rights the owner
+               * of the current certificate has, and sets them in the
+               * YOUR_RIGHTS structure pointed at by the second
+               * argument.
+               */
+              set_default_rights(xs, rights);
+          }
+      }
+      return ok;
+  }
+
+  static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                                 YOUR_RIGHTS *needed_rights)
+  {
+      int ok;
+      int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+          X509_STORE_CTX_get_verify_cb(ctx);
+      YOUR_RIGHTS rights;
+
+      X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+      X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights);
+      X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+      ok = X509_verify_cert(ctx);
+
+      if (ok == 1) {
+          ok = check_needed_rights(rights, needed_rights);
+      }
+
+      X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
+
+      return ok;
+  }
+
+
+If you use SSL or TLS, you can easily set up a callback to have the
+certificates checked properly, using the code above:
+
+  SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
+
+
+-- 
+Richard Levitte
diff --git a/openssl-1.1.0h/doc/README b/openssl-1.1.0h/doc/README
new file mode 100644
index 0000000..cac4115
--- /dev/null
+++ b/openssl-1.1.0h/doc/README
@@ -0,0 +1,20 @@
+
+README  This file
+
+fingerprints.txt
+        PGP fingerprints of authorised release signers
+
+standards.txt
+        Moved to the web, https://www.openssl.org/docs/standards.html
+
+HOWTO/
+        A few how-to documents; not necessarily up-to-date
+apps/
+        The openssl command-line tools; start with openssl.pod
+ssl/
+        The SSL library; start with ssl.pod
+crypto/
+        The cryptographic library; start with crypto.pod
+
+Formatted versions of the manpages (apps,ssl,crypto) can be found at
+        https://www.openssl.org/docs/manpages.html
diff --git a/openssl-1.1.0h/doc/apps/CA.pl.pod b/openssl-1.1.0h/doc/apps/CA.pl.pod
new file mode 100644
index 0000000..a7f3970
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/CA.pl.pod
@@ -0,0 +1,214 @@
+=pod
+
+=head1 NAME
+
+CA.pl - friendlier interface for OpenSSL certificate programs
+
+=head1 SYNOPSIS
+
+B<CA.pl>
+B<-?> |
+B<-h> |
+B<-help>
+
+B<CA.pl>
+B<-newcert> |
+B<-newreq> |
+B<-newreq-nodes> |
+B<-xsign> |
+B<-sign> |
+B<-signCA> |
+B<-signcert> |
+B<-crl> |
+B<-newca>
+[B<-extra-cmd> extra-params]
+
+B<CA.pl> B<-pkcs12> [B<-extra-pkcs12> extra-params] [B<certname>]
+
+B<CA.pl> B<-verify> [B<-extra-verify> extra-params] B<certfile>...
+
+B<CA.pl> B<-revoke> [B<-extra-ca> extra-params] B<certfile> [B<reason>]
+
+=head1 DESCRIPTION
+
+The B<CA.pl> script is a perl script that supplies the relevant command line
+arguments to the B<openssl> command for some common certificate operations.
+It is intended to simplify the process of certificate creation and management
+by the use of some simple options.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<?>, B<-h>, B<-help>
+
+prints a usage message.
+
+=item B<-newcert>
+
+creates a new self signed certificate. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
+This argument invokes B<openssl req> command.
+
+=item B<-newreq>
+
+creates a new certificate request. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
+Executes B<openssl req> command below the hood.
+
+=item B<-newreq-nodes>
+
+is like B<-newreq> except that the private key will not be encrypted.
+Uses B<openssl req> command.
+
+=item B<-newca>
+
+creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
+and B<-xsign> options). The user is prompted to enter the filename of the CA
+certificates (which should also contain the private key) or by hitting ENTER
+details of the CA will be prompted for. The relevant files and directories
+are created in a directory called "demoCA" in the current directory.
+B<openssl req> and B<openssl ca> commands are get invoked.
+
+=item B<-pkcs12>
+
+create a PKCS#12 file containing the user certificate, private key and CA
+certificate. It expects the user certificate and private key to be in the
+file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
+it creates a file "newcert.p12". This command can thus be called after the
+B<-sign> option. The PKCS#12 file can be imported directly into a browser.
+If there is an additional argument on the command line it will be used as the
+"friendly name" for the certificate (which is typically displayed in the browser
+list box), otherwise the name "My Certificate" is used.
+Delegates work to B<openssl pkcs12> command.
+
+=item B<-sign>, B<-signcert>, B<-xsign>
+
+calls the B<ca> program to sign a certificate request. It expects the request
+to be in the file "newreq.pem". The new certificate is written to the file
+"newcert.pem" except in the case of the B<-xsign> option when it is written
+to standard output. Leverages B<openssl ca> command.
+
+=item B<-signCA>
+
+this option is the same as the B<-signreq> option except it uses the configuration
+file section B<v3_ca> and so makes the signed request a valid CA certificate. This
+is useful when creating intermediate CA from a root CA.
+Extra params are passed on to B<openssl ca> command.
+
+=item B<-signcert>
+
+this option is the same as B<-sign> except it expects a self signed certificate
+to be present in the file "newreq.pem".
+Extra params are passed on to B<openssl x509> and B<openssl ca> commands.
+
+=item B<-crl>
+
+generate a CRL. Executes B<openssl ca> command.
+
+=item B<-revoke certfile [reason]>
+
+revoke the certificate contained in the specified B<certfile>. An optional
+reason may be specified, and must be one of: B<unspecified>,
+B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
+B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+Leverages B<openssl ca> command.
+
+=item B<-verify>
+
+verifies certificates against the CA certificate for "demoCA". If no certificates
+are specified on the command line it tries to verify the file "newcert.pem".
+Invokes B<openssl verify> command.
+
+=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> <extra-params>
+
+The purpose of these parameters is to allow optional parameters to be supplied
+to B<openssl> that this command executes. The B<-extra-cmd> are specific to the
+option being used and the B<openssl> command getting invoked. For example
+when this command invokes B<openssl req> extra parameters can be passed on
+with the B<-extra-req> parameter. The
+B<openssl> commands being invoked per option are documented below.
+Users should consult B<openssl> command documentation for more information.
+
+=back
+
+=head1 EXAMPLES
+
+Create a CA hierarchy:
+
+ CA.pl -newca
+
+Complete certificate creation example: create a CA, create a request, sign
+the request and finally create a PKCS#12 file containing it.
+
+ CA.pl -newca
+ CA.pl -newreq
+ CA.pl -signreq
+ CA.pl -pkcs12 "My Test Certificate"
+
+=head1 DSA CERTIFICATES
+
+Although the B<CA.pl> creates RSA CAs and requests it is still possible to
+use it with DSA certificates and requests using the L<req(1)> command
+directly. The following example shows the steps that would typically be taken.
+
+Create some DSA parameters:
+
+ openssl dsaparam -out dsap.pem 1024
+
+Create a DSA CA certificate and private key:
+
+ openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+
+Create the CA directories and files:
+
+ CA.pl -newca
+
+enter cacert.pem when prompted for the CA file name.
+
+Create a DSA certificate request and private key (a different set of parameters
+can optionally be created first):
+
+ openssl req -out newreq.pem -newkey dsa:dsap.pem
+
+Sign the request:
+
+ CA.pl -signreq
+
+=head1 NOTES
+
+Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
+
+If the demoCA directory already exists then the B<-newca> command will not
+overwrite it and will do nothing. This can happen if a previous call using
+the B<-newca> option terminated abnormally. To get the correct behaviour
+delete the demoCA directory if it already exists.
+
+Under some environments it may not be possible to run the B<CA.pl> script
+directly (for example Win32) and the default configuration file location may
+be wrong. In this case the command:
+
+ perl -S CA.pl
+
+can be used and the B<OPENSSL_CONF> environment variable changed to point to
+the correct path of the configuration file.
+
+The script is intended as a simple front end for the B<openssl> program for use
+by a beginner. Its behaviour isn't always what is wanted. For more control over the
+behaviour of the certificate commands call the B<openssl> command directly.
+
+=head1 SEE ALSO
+
+L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
+L<config(5)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/asn1parse.pod b/openssl-1.1.0h/doc/apps/asn1parse.pod
new file mode 100644
index 0000000..3c607e8
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/asn1parse.pod
@@ -0,0 +1,209 @@
+=pod
+
+=head1 NAME
+
+openssl-asn1parse,
+asn1parse - ASN.1 parsing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<asn1parse>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-offset number>]
+[B<-length number>]
+[B<-i>]
+[B<-oid filename>]
+[B<-dump>]
+[B<-dlimit num>]
+[B<-strparse offset>]
+[B<-genstr string>]
+[B<-genconf file>]
+[B<-strictpem>]
+
+=head1 DESCRIPTION
+
+The B<asn1parse> command is a diagnostic utility that can parse ASN.1
+structures. It can also be used to extract data from ASN.1 formatted data.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform> B<DER|PEM>
+
+the input format. B<DER> is binary format and B<PEM> (the default) is base64
+encoded.
+
+=item B<-in filename>
+
+the input file, default is standard input
+
+=item B<-out filename>
+
+output file to place the DER encoded data into. If this
+option is not present then no data will be output. This is most useful when
+combined with the B<-strparse> option.
+
+=item B<-noout>
+
+don't output the parsed version of the input file.
+
+=item B<-offset number>
+
+starting offset to begin parsing, default is start of file.
+
+=item B<-length number>
+
+number of bytes to parse, default is until end of file.
+
+=item B<-i>
+
+indents the output according to the "depth" of the structures.
+
+=item B<-oid filename>
+
+a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
+file is described in the NOTES section below.
+
+=item B<-dump>
+
+dump unknown data in hex format.
+
+=item B<-dlimit num>
+
+like B<-dump>, but only the first B<num> bytes are output.
+
+=item B<-strparse offset>
+
+parse the contents octets of the ASN.1 object starting at B<offset>. This
+option can be used multiple times to "drill down" into a nested structure.
+
+=item B<-genstr string>, B<-genconf file>
+
+generate encoded data based on B<string>, B<file> or both using
+L<ASN1_generate_nconf(3)> format. If B<file> only is
+present then the string is obtained from the default section using the name
+B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
+though it came from a file, the contents can thus be examined and written to a
+file using the B<out> option.
+
+=item B<-strictpem>
+
+If this option is used then B<-inform> will be ignored. Without this option any
+data in a PEM format input file will be treated as being base64 encoded and
+processed whether it has the normal PEM BEGIN and END markers or not. This
+option will ignore any data prior to the start of the BEGIN marker, or after an
+END marker in a PEM file.
+
+=back
+
+=head2 Output
+
+The output will typically contain lines like this:
+
+  0:d=0  hl=4 l= 681 cons: SEQUENCE
+
+.....
+
+  229:d=3  hl=3 l= 141 prim: BIT STRING
+  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+  376:d=3  hl=3 l= 159 cons: SEQUENCE
+  379:d=4  hl=2 l=  29 cons: SEQUENCE
+  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+  386:d=5  hl=2 l=  22 prim: OCTET STRING
+  410:d=4  hl=2 l= 112 cons: SEQUENCE
+  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+  417:d=5  hl=2 l= 105 prim: OCTET STRING
+  524:d=4  hl=2 l=  12 cons: SEQUENCE
+
+.....
+
+This example is part of a self-signed certificate. Each line starts with the
+offset in decimal. B<d=XX> specifies the current depth. The depth is increased
+within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
+(tag and length octets) of the current type. B<l=XX> gives the length of
+the contents octets.
+
+The B<-i> option can be used to make the output more readable.
+
+Some knowledge of the ASN.1 structure is needed to interpret the output.
+
+In this example the BIT STRING at offset 229 is the certificate public key.
+The contents octets of this will contain the public key information. This can
+be examined using the option B<-strparse 229> to yield:
+
+    0:d=0  hl=3 l= 137 cons: SEQUENCE
+    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+
+=head1 NOTES
+
+If an OID is not part of OpenSSL's internal table it will be represented in
+numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
+allows additional OIDs to be included. Each line consists of three columns,
+the first column is the OID in numerical format and should be followed by white
+space. The second column is the "short name" which is a single word followed
+by white space. The final column is the rest of the line and is the
+"long name". B<asn1parse> displays the long name. Example:
+
+C<1.2.3.4       shortName       A long name>
+
+=head1 EXAMPLES
+
+Parse a file:
+
+ openssl asn1parse -in file.pem
+
+Parse a DER file:
+
+ openssl asn1parse -inform DER -in file.der
+
+Generate a simple UTF8String:
+
+ openssl asn1parse -genstr 'UTF8:Hello World'
+
+Generate and write out a UTF8String, don't print parsed output:
+
+ openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+
+Generate using a config file:
+
+ openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+
+Example config file:
+
+ asn1=SEQUENCE:seq_sect
+
+ [seq_sect]
+
+ field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
+
+
+=head1 BUGS
+
+There should be options to change the format of output lines. The output of some
+ASN.1 types is not well handled (if at all).
+
+=head1 SEE ALSO
+
+L<ASN1_generate_nconf(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ca.pod b/openssl-1.1.0h/doc/apps/ca.pod
new file mode 100644
index 0000000..9918a13
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ca.pod
@@ -0,0 +1,724 @@
+=pod
+
+=head1 NAME
+
+openssl-ca,
+ca - sample minimal CA application
+
+=head1 SYNOPSIS
+
+B<openssl> B<ca>
+[B<-help>]
+[B<-verbose>]
+[B<-config filename>]
+[B<-name section>]
+[B<-gencrl>]
+[B<-revoke file>]
+[B<-valid file>]
+[B<-status serial>]
+[B<-updatedb>]
+[B<-crl_reason reason>]
+[B<-crl_hold instruction>]
+[B<-crl_compromise time>]
+[B<-crl_CA_compromise time>]
+[B<-crldays days>]
+[B<-crlhours hours>]
+[B<-crlexts section>]
+[B<-startdate date>]
+[B<-enddate date>]
+[B<-days arg>]
+[B<-md arg>]
+[B<-policy arg>]
+[B<-keyfile arg>]
+[B<-keyform PEM|DER>]
+[B<-key arg>]
+[B<-passin arg>]
+[B<-cert file>]
+[B<-selfsign>]
+[B<-in file>]
+[B<-out file>]
+[B<-notext>]
+[B<-outdir dir>]
+[B<-infiles>]
+[B<-spkac file>]
+[B<-ss_cert file>]
+[B<-preserveDN>]
+[B<-noemailDN>]
+[B<-batch>]
+[B<-msie_hack>]
+[B<-extensions section>]
+[B<-extfile section>]
+[B<-engine id>]
+[B<-subj arg>]
+[B<-utf8>]
+[B<-create_serial>]
+[B<-multivalue-rdn>]
+
+=head1 DESCRIPTION
+
+The B<ca> command is a minimal CA application. It can be used
+to sign certificate requests in a variety of forms and generate
+CRLs it also maintains a text database of issued certificates
+and their status.
+
+The options descriptions will be divided into each purpose.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-verbose>
+
+this prints extra details about the operations being performed.
+
+=item B<-config filename>
+
+specifies the configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+
+=item B<-name section>
+
+specifies the configuration file section to use (overrides
+B<default_ca> in the B<ca> section).
+
+=item B<-in filename>
+
+an input filename containing a single certificate request to be
+signed by the CA.
+
+=item B<-ss_cert filename>
+
+a single self-signed certificate to be signed by the CA.
+
+=item B<-spkac filename>
+
+a file containing a single Netscape signed public key and challenge
+and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
+section for information on the required input and output format.
+
+=item B<-infiles>
+
+if present this should be the last option, all subsequent arguments
+are taken as the names of files containing certificate requests.
+
+=item B<-out filename>
+
+the output file to output certificates to. The default is standard
+output. The certificate details will also be printed out to this
+file in PEM format (except that B<-spkac> outputs DER format).
+
+=item B<-outdir directory>
+
+the directory to output certificates to. The certificate will be
+written to a filename consisting of the serial number in hex with
+".pem" appended.
+
+=item B<-cert>
+
+the CA certificate file.
+
+=item B<-keyfile filename>
+
+the private key to sign requests with.
+
+=item B<-keyform PEM|DER>
+
+the format of the data in the private key file.
+The default is PEM.
+
+=item B<-key password>
+
+the password used to encrypt the private key. Since on some
+systems the command line arguments are visible (e.g. Unix with
+the 'ps' utility) this option should be used with caution.
+
+=item B<-selfsign>
+
+indicates the issued certificates are to be signed with the key
+the certificate requests were signed with (given with B<-keyfile>).
+Certificate requests signed with a different key are ignored.  If
+B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is
+ignored.
+
+A consequence of using B<-selfsign> is that the self-signed
+certificate appears among the entries in the certificate database
+(see the configuration option B<database>), and uses the same
+serial number counter as all other certificates sign with the
+self-signed certificate.
+
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+
+=item B<-startdate date>
+
+this allows the start date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-enddate date>
+
+this allows the expiry date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-days arg>
+
+the number of days to certify the certificate for.
+
+=item B<-md alg>
+
+the message digest to use.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+This option also applies to CRLs.
+
+=item B<-policy arg>
+
+this option defines the CA "policy" to use. This is a section in
+the configuration file which decides which fields should be mandatory
+or match the CA certificate. Check out the B<POLICY FORMAT> section
+for more information.
+
+=item B<-msie_hack>
+
+this is a legacy option to make B<ca> work with very old versions of
+the IE certificate enrollment control "certenr3". It used UniversalStrings
+for almost everything. Since the old control has various security bugs
+its use is strongly discouraged. The newer control "Xenroll" does not
+need this option.
+
+=item B<-preserveDN>
+
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order
+is the same as the request. This is largely for compatibility with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
+
+=item B<-noemailDN>
+
+The DN of a certificate can contain the EMAIL field if present in the
+request DN, however it is good policy just having the e-mail set into
+the altName extension of the certificate. When this option is set the
+EMAIL field is removed from the certificate' subject and set only in
+the, eventually present, extensions. The B<email_in_dn> keyword can be
+used in the configuration file to enable this behaviour.
+
+=item B<-batch>
+
+this sets the batch mode. In this mode no questions will be asked
+and all certificates will be certified automatically.
+
+=item B<-extensions section>
+
+the section of the configuration file containing certificate extensions
+to be added when a certificate is issued (defaults to B<x509_extensions>
+unless the B<-extfile> option is used). If no extension section is
+present then, a V1 certificate is created. If the extension section
+is present (even if it is empty), then a V3 certificate is created. See the:w
+L<x509v3_config(5)> manual page for details of the
+extension section format.
+
+=item B<-extfile file>
+
+an additional configuration file to read certificate extensions from
+(using the default section unless the B<-extensions> option is also
+used).
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<ca>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-subj arg>
+
+supersedes subject name given in the request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-create_serial>
+
+if reading serial from the text file as specified in the configuration
+fails, specifying this option creates a new random serial to be used as next
+serial number.
+
+=item B<-multivalue-rdn>
+
+This option causes the -subj argument to be interpreted with full
+support for multivalued RDNs. Example:
+
+I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+
+If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
+
+=back
+
+=head1 CRL OPTIONS
+
+=over 4
+
+=item B<-gencrl>
+
+this option generates a CRL based on information in the index file.
+
+=item B<-crldays num>
+
+the number of days before the next CRL is due. That is the days from
+now to place in the CRL nextUpdate field.
+
+=item B<-crlhours num>
+
+the number of hours before the next CRL is due.
+
+=item B<-revoke filename>
+
+a filename containing a certificate to revoke.
+
+=item B<-valid filename>
+
+a filename containing a certificate to add a Valid certificate entry.
+
+=item B<-status serial>
+
+displays the revocation status of the certificate with the specified
+serial number and exits.
+
+=item B<-updatedb>
+
+Updates the database index to purge expired certificates.
+
+=item B<-crl_reason reason>
+
+revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
+B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
+B<certificateHold> or B<removeFromCRL>. The matching of B<reason> is case
+insensitive. Setting any revocation reason will make the CRL v2.
+
+In practice B<removeFromCRL> is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+
+=item B<-crl_hold instruction>
+
+This sets the CRL revocation reason code to B<certificateHold> and the hold
+instruction to B<instruction> which must be an OID. Although any OID can be
+used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
+B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
+
+=item B<-crl_compromise time>
+
+This sets the revocation reason to B<keyCompromise> and the compromise time to
+B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>.
+
+=item B<-crl_CA_compromise time>
+
+This is the same as B<crl_compromise> except the revocation reason is set to
+B<CACompromise>.
+
+=item B<-crlexts section>
+
+the section of the configuration file containing CRL extensions to
+include. If no CRL extension section is present then a V1 CRL is
+created, if the CRL extension section is present (even if it is
+empty) then a V2 CRL is created. The CRL extensions specified are
+CRL extensions and B<not> CRL entry extensions.  It should be noted
+that some software (for example Netscape) can't handle V2 CRLs. See
+L<x509v3_config(5)> manual page for details of the
+extension section format.
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The section of the configuration file containing options for B<ca>
+is found as follows: If the B<-name> command line option is used,
+then it names the section to be used. Otherwise the section to
+be used must be named in the B<default_ca> option of the B<ca> section
+of the configuration file (or in the default section of the
+configuration file). Besides B<default_ca>, the following options are
+read directly from the B<ca> section:
+ RANDFILE
+ preserve
+ msie_hack
+With the exception of B<RANDFILE>, this is probably a bug and may
+change in future releases.
+
+Many of the configuration file options are identical to command line
+options. Where the option is present in the configuration file
+and the command line the command line value is used. Where an
+option is described as mandatory then it must be present in
+the configuration file or the command line equivalent (if
+any) used.
+
+=over 4
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<new_certs_dir>
+
+the same as the B<-outdir> command line option. It specifies
+the directory where new certificates will be placed. Mandatory.
+
+=item B<certificate>
+
+the same as B<-cert>. It gives the file containing the CA
+certificate. Mandatory.
+
+=item B<private_key>
+
+same as the B<-keyfile> option. The file containing the
+CA private key. Mandatory.
+
+=item B<RANDFILE>
+
+a file used to read and write random number seed information, or
+an EGD socket (see L<RAND_egd(3)>).
+
+=item B<default_days>
+
+the same as the B<-days> option. The number of days to certify
+a certificate for.
+
+=item B<default_startdate>
+
+the same as the B<-startdate> option. The start date to certify
+a certificate for. If not set the current time is used.
+
+=item B<default_enddate>
+
+the same as the B<-enddate> option. Either this option or
+B<default_days> (or the command line equivalents) must be
+present.
+
+=item B<default_crl_hours default_crl_days>
+
+the same as the B<-crlhours> and the B<-crldays> options. These
+will only be used if neither command line option is present. At
+least one of these must be present to generate a CRL.
+
+=item B<default_md>
+
+the same as the B<-md> option. Mandatory.
+
+=item B<database>
+
+the text database file to use. Mandatory. This file must be present
+though initially it will be empty.
+
+=item B<unique_subject>
+
+if the value B<yes> is given, the valid certificate entries in the
+database must have unique subjects.  if the value B<no> is given,
+several valid certificate entries may have the exact same subject.
+The default value is B<yes>, to be compatible with older (pre 0.9.8)
+versions of OpenSSL.  However, to make CA certificate roll-over easier,
+it's recommended to use the value B<no>, especially if combined with
+the B<-selfsign> command line option.
+
+Note that it is valid in some circumstances for certificates to be created
+without any subject. In the case where there are multiple certificates without
+subjects this does not count as a duplicate.
+
+=item B<serial>
+
+a text file containing the next serial number to use in hex. Mandatory.
+This file must be present and contain a valid serial number.
+
+=item B<crlnumber>
+
+a text file containing the next CRL number to use in hex. The crl number
+will be inserted in the CRLs only if this file exists. If this file is
+present, it must contain a valid CRL number.
+
+=item B<x509_extensions>
+
+the same as B<-extensions>.
+
+=item B<crl_extensions>
+
+the same as B<-crlexts>.
+
+=item B<preserve>
+
+the same as B<-preserveDN>
+
+=item B<email_in_dn>
+
+the same as B<-noemailDN>. If you want the EMAIL field to be removed
+from the DN of the certificate simply set this to 'no'. If not present
+the default is to allow for the EMAIL filed in the certificate's DN.
+
+=item B<msie_hack>
+
+the same as B<-msie_hack>
+
+=item B<policy>
+
+the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
+for more information.
+
+=item B<name_opt>, B<cert_opt>
+
+these options allow the format used to display the certificate details
+when asking the user to confirm signing. All the options supported by
+the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
+here, except the B<no_signame> and B<no_sigdump> are permanently set
+and cannot be disabled (this is because the certificate signature cannot
+be displayed because the certificate has not been signed at this point).
+
+For convenience the values B<ca_default> are accepted by both to produce
+a reasonable output.
+
+If neither option is present the format used in earlier versions of
+OpenSSL is used. Use of the old format is B<strongly> discouraged because
+it only displays fields mentioned in the B<policy> section, mishandles
+multicharacter string types and does not display extensions.
+
+=item B<copy_extensions>
+
+determines how extensions in certificate requests should be handled.
+If set to B<none> or this option is not present then extensions are
+ignored and not copied to the certificate. If set to B<copy> then any
+extensions present in the request that are not already present are copied
+to the certificate. If set to B<copyall> then all extensions in the
+request are copied to the certificate: if the extension is already present
+in the certificate it is deleted first. See the B<WARNINGS> section before
+using this option.
+
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as subjectAltName.
+
+=back
+
+=head1 POLICY FORMAT
+
+The policy section consists of a set of variables corresponding to
+certificate DN fields. If the value is "match" then the field value
+must match the same field in the CA certificate. If the value is
+"supplied" then it must be present. If the value is "optional" then
+it may be present. Any fields not mentioned in the policy section
+are silently deleted, unless the B<-preserveDN> option is set but
+this can be regarded more of a quirk than intended behaviour.
+
+=head1 SPKAC FORMAT
+
+The input to the B<-spkac> command line option is a Netscape
+signed public key and challenge. This will usually come from
+the B<KEYGEN> tag in an HTML form to create a new private key.
+It is however possible to create SPKACs using the B<spkac> utility.
+
+The file should contain the variable SPKAC set to the value of
+the SPKAC and also the required DN components as name value pairs.
+If you need to include the same component twice then it can be
+preceded by a number and a '.'.
+
+When processing SPKAC format, the output is DER if the B<-out>
+flag is used, but PEM format if sending to stdout or the B<-outdir>
+flag is used.
+
+=head1 EXAMPLES
+
+Note: these examples assume that the B<ca> directory structure is
+already set up and the relevant files already exist. This usually
+involves creating a CA certificate and private key with B<req>, a
+serial number file and an empty index file and placing them in
+the relevant directories.
+
+To use the sample configuration file below the directories demoCA,
+demoCA/private and demoCA/newcerts would be created. The CA
+certificate would be copied to demoCA/cacert.pem and its private
+key to demoCA/private/cakey.pem. A file demoCA/serial would be
+created containing for example "01" and the empty index file
+demoCA/index.txt.
+
+
+Sign a certificate request:
+
+ openssl ca -in req.pem -out newcert.pem
+
+Sign a certificate request, using CA extensions:
+
+ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+
+Generate a CRL
+
+ openssl ca -gencrl -out crl.pem
+
+Sign several requests:
+
+ openssl ca -infiles req1.pem req2.pem req3.pem
+
+Certify a Netscape SPKAC:
+
+ openssl ca -spkac spkac.txt
+
+A sample SPKAC file (the SPKAC line has been truncated for clarity):
+
+ SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+ CN=Steve Test
+ emailAddress=steve@openssl.org
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
+
+A sample configuration file with the relevant sections for B<ca>:
+
+ [ ca ]
+ default_ca      = CA_default            # The default ca section
+
+ [ CA_default ]
+
+ dir            = ./demoCA              # top dir
+ database       = $dir/index.txt        # index file.
+ new_certs_dir  = $dir/newcerts         # new certs dir
+
+ certificate    = $dir/cacert.pem       # The CA cert
+ serial         = $dir/serial           # serial no file
+ private_key    = $dir/private/cakey.pem# CA private key
+ RANDFILE       = $dir/private/.rand    # random number file
+
+ default_days   = 365                   # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+ default_md     = md5                   # md to use
+
+ policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ name_opt       = ca_default            # Subject name display option
+ cert_opt       = ca_default            # Certificate display option
+ copy_extensions = none                 # Don't copy extensions from request
+
+ [ policy_any ]
+ countryName            = supplied
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional
+
+=head1 FILES
+
+Note: the location of all files can change either by compile time options,
+configuration file entries, environment variables or command line options.
+The values below reflect the default values.
+
+ /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA                       - main CA directory
+ ./demoCA/cacert.pem            - CA certificate
+ ./demoCA/private/cakey.pem     - CA private key
+ ./demoCA/serial                - CA serial number file
+ ./demoCA/serial.old            - CA serial number backup file
+ ./demoCA/index.txt             - CA text database file
+ ./demoCA/index.txt.old         - CA text database backup file
+ ./demoCA/certs                 - certificate output file
+ ./demoCA/.rnd                  - CA random seed information
+
+=head1 RESTRICTIONS
+
+The text database index file is a critical part of the process and
+if corrupted it can be difficult to fix. It is theoretically possible
+to rebuild the index file from all the issued certificates and a current
+CRL: however there is no option to do this.
+
+V2 CRL features like delta CRLs are not currently supported.
+
+Although several requests can be input and handled at once it is only
+possible to include one SPKAC or self-signed certificate.
+
+=head1 BUGS
+
+The use of an in-memory text database can cause problems when large
+numbers of certificates are present because, as the name implies
+the database has to be kept in memory.
+
+The B<ca> command really needs rewriting or the required functionality
+exposed at either a command or interface level so a more friendly utility
+(perl script or GUI) can handle things properly. The script
+B<CA.pl> helps a little but not very much.
+
+Any fields in a request that are not present in a policy are silently
+deleted. This does not happen if the B<-preserveDN> option is used. To
+enforce the absence of the EMAIL field within the DN, as suggested by
+RFCs, regardless the contents of the request' subject the B<-noemailDN>
+option can be used. The behaviour should be more friendly and
+configurable.
+
+Canceling some commands by refusing to certify a certificate can
+create an empty file.
+
+=head1 WARNINGS
+
+The B<ca> command is quirky and at times downright unfriendly.
+
+The B<ca> utility was originally meant as an example of how to do things
+in a CA. It was not supposed to be used as a full blown CA itself:
+nevertheless some people are using it for this purpose.
+
+The B<ca> command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one B<ca> command
+on the same database can have unpredictable results.
+
+The B<copy_extensions> option should be used with caution. If care is
+not taken then it can be a security risk. For example if a certificate
+request contains a basicConstraints extension with CA:TRUE and the
+B<copy_extensions> value is set to B<copyall> and the user does not spot
+this when the certificate is displayed then this will hand the requester
+a valid CA certificate.
+
+This situation can be avoided by setting B<copy_extensions> to B<copy>
+and including basicConstraints with CA:FALSE in the configuration file.
+Then if the request contains a basicConstraints extension it will be
+ignored.
+
+It is advisable to also include values for other extensions such
+as B<keyUsage> to prevent a request supplying its own values.
+
+Additional restrictions can be placed on the CA certificate itself.
+For example if the CA certificate has:
+
+ basicConstraints = CA:TRUE, pathlen:0
+
+then even if a certificate is issued with CA:TRUE it will not be valid.
+
+=head1 SEE ALSO
+
+L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
+L<config(5)>, L<x509v3_config(5)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ciphers.pod b/openssl-1.1.0h/doc/apps/ciphers.pod
new file mode 100644
index 0000000..def3bdc
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ciphers.pod
@@ -0,0 +1,731 @@
+=pod
+
+=head1 NAME
+
+openssl-ciphers,
+ciphers - SSL cipher display and cipher list tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<ciphers>
+[B<-help>]
+[B<-s>]
+[B<-v>]
+[B<-V>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-s>]
+[B<-psk>]
+[B<-srp>]
+[B<-stdname>]
+[B<cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print a usage message.
+
+=item B<-s>
+
+Only list supported ciphers: those consistent with the security level, and
+minimum and maximum protocol version.  This is closer to the actual cipher list
+an application will support.
+
+PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
+to enable them.
+
+It also does not change the default list of supported signature algorithms.
+
+On a server the list of supported ciphers might also exclude other ciphers
+depending on the configured certificates and presence of DH parameters.
+
+If this option is not used then all ciphers that match the cipherlist will be
+listed.
+
+=item B<-psk>
+
+When combined with B<-s> includes cipher suites which require PSK.
+
+=item B<-srp>
+
+When combined with B<-s> includes cipher suites which require SRP.
+
+=item B<-v>
+
+Verbose output: For each ciphersuite, list details as provided by
+L<SSL_CIPHER_description(3)>.
+
+=item B<-V>
+
+Like B<-v>, but include the official cipher suite values in hex.
+
+=item B<-tls1_2>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+TLSv1.2 were negotiated.
+
+=item B<-ssl3>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+SSLv3 were negotiated.
+
+=item B<-tls1>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+TLSv1 were negotiated.
+
+=item B<-tls1_1>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+TLSv1.1 were negotiated.
+
+=item B<-stdname>
+
+precede each ciphersuite by its standard name: only available is OpenSSL
+is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
+
+=item B<cipherlist>
+
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+
+=back
+
+=head1 CIPHER LIST FORMAT
+
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+
+The actual cipher string can take several different forms.
+
+It can consist of a single cipher suite such as B<RC4-SHA>.
+
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+algorithms.
+
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+algorithms.
+
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+
+The cipher string B<@STRENGTH> can be used at any point to sort the current
+cipher list in order of encryption algorithm key length.
+
+The cipher string B<@SECLEVEL=n> can be used at any point to set the security
+level to B<n>.
+
+=head1 CIPHER STRINGS
+
+The following is a list of all permitted cipher strings and their meanings.
+
+=over 4
+
+=item B<DEFAULT>
+
+The default cipher list.
+This is determined at compile time and is normally
+B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
+When used, this must be the first cipherstring specified.
+
+=item B<COMPLEMENTOFDEFAULT>
+
+The ciphers included in B<ALL>, but not enabled by default. Currently
+this includes all RC4 and anonymous ciphers. Note that this rule does
+not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
+necessary). Note that RC4 based ciphersuites are not built into OpenSSL by
+default (see the enable-weak-ssl-ciphers option to Configure).
+
+=item B<ALL>
+
+All cipher suites except the B<eNULL> ciphers (which must be explicitly enabled
+if needed).
+As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
+
+=item B<COMPLEMENTOFALL>
+
+The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+
+=item B<HIGH>
+
+"high" encryption cipher suites. This currently means those with key lengths
+larger than 128 bits, and some cipher suites with 128-bit keys.
+
+=item B<MEDIUM>
+
+"medium" encryption cipher suites, currently some of those using 128 bit
+encryption.
+
+=item B<LOW>
+
+"low" encryption cipher suites, currently those using 64 or 56 bit
+encryption algorithms but excluding export cipher suites.  All these
+ciphersuites have been removed as of OpenSSL 1.1.0.
+
+=item B<eNULL>, B<NULL>
+
+The "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are not enabled via either the
+B<DEFAULT> or B<ALL> cipher strings.
+Be careful when building cipherlists out of lower-level primitives such as
+B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.  When in
+doubt, include B<!eNULL> in your cipherlist.
+
+=item B<aNULL>
+
+The cipher suites offering no authentication. This is currently the anonymous
+DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
+to "man in the middle" attacks and so their use is discouraged.
+These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
+ciphers.
+Be careful when building cipherlists out of lower-level primitives such as
+B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
+When in doubt, include B<!aNULL> in your cipherlist.
+
+=item B<kRSA>, B<aRSA>, B<RSA>
+
+Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
+B<kRSA>.
+
+=item B<kDHr>, B<kDHd>, B<kDH>
+
+Cipher suites using static DH key agreement and DH certificates signed by CAs
+with RSA and DSS keys or either respectively.
+All these cipher suites have been removed in OpenSSL 1.1.0.
+
+=item B<kDHE>, B<kEDH>, B<DH>
+
+Cipher suites using ephemeral DH key agreement, including anonymous cipher
+suites.
+
+=item B<DHE>, B<EDH>
+
+Cipher suites using authenticated ephemeral DH key agreement.
+
+=item B<ADH>
+
+Anonymous DH cipher suites, note that this does not include anonymous Elliptic
+Curve DH (ECDH) cipher suites.
+
+=item B<kEECDH>, B<kECDHE>, B<ECDH>
+
+Cipher suites using ephemeral ECDH key agreement, including anonymous
+cipher suites.
+
+=item B<ECDHE>, B<EECDH>
+
+Cipher suites using authenticated ephemeral ECDH key agreement.
+
+=item B<AECDH>
+
+Anonymous Elliptic Curve Diffie-Hellman cipher suites.
+
+=item B<aDSS>, B<DSS>
+
+Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+
+=item B<aDH>
+
+Cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys.
+All these cipher suites have been removed in OpenSSL 1.1.0.
+
+=item B<aECDSA>, B<ECDSA>
+
+Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
+keys.
+
+=item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
+
+Lists ciphersuites which are only supported in at least TLS v1.2, TLS v1.0 or
+SSL v3.0 respectively.
+Note: there are no ciphersuites specific to TLS v1.1.
+Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
+then both TLSv1.0 and SSLv3.0 ciphersuites are available.
+
+Note: these cipher strings B<do not> change the negotiated version of SSL or
+TLS, they only affect the list of available cipher suites.
+
+=item B<AES128>, B<AES256>, B<AES>
+
+cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
+
+=item B<AESGCM>
+
+AES in Galois Counter Mode (GCM): these ciphersuites are only supported
+in TLS v1.2.
+
+=item B<AESCCM>, B<AESCCM8>
+
+AES in Cipher Block Chaining - Message Authentication Mode (CCM): these
+ciphersuites are only supported in TLS v1.2. B<AESCCM> references CCM
+cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
+while B<AESCCM8> only references 8 octet ICV.
+
+=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
+
+cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
+CAMELLIA.
+
+=item B<CHACHA20>
+
+cipher suites using ChaCha20.
+
+=item B<3DES>
+
+cipher suites using triple DES.
+
+=item B<DES>
+
+Cipher suites using DES (not triple DES).
+All these cipher suites have been removed in OpenSSL 1.1.0.
+
+=item B<RC4>
+
+Cipher suites using RC4.
+
+=item B<RC2>
+
+Cipher suites using RC2.
+
+=item B<IDEA>
+
+Cipher suites using IDEA.
+
+=item B<SEED>
+
+Cipher suites using SEED.
+
+=item B<MD5>
+
+Cipher suites using MD5.
+
+=item B<SHA1>, B<SHA>
+
+Cipher suites using SHA1.
+
+=item B<SHA256>, B<SHA384>
+
+Ciphersuites using SHA256 or SHA384.
+
+=item B<aGOST>
+
+Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
+(needs an engine supporting GOST algorithms).
+
+=item B<aGOST01>
+
+Cipher suites using GOST R 34.10-2001 authentication.
+
+=item B<kGOST>
+
+Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+
+=item B<GOST94>
+
+Cipher suites, using HMAC based on GOST R 34.11-94.
+
+=item B<GOST89MAC>
+
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+
+=item B<PSK>
+
+All cipher suites using pre-shared keys (PSK).
+
+=item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK>
+
+Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
+
+=item B<aPSK>
+
+Cipher suites using PSK authentication (currently all PSK modes apart from
+RSA_PSK).
+
+=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
+
+Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
+128 bit (not permitting 192 bit by peer) or 192 bit level of security
+respectively.
+If used these cipherstrings should appear first in the cipher
+list and anything after them is ignored.
+Setting Suite B mode has additional consequences required to comply with
+RFC6460.
+In particular the supported signature algorithms is reduced to support only
+ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be
+used and only the two suite B compliant ciphersuites
+(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are
+permissible.
+
+=back
+
+=head1 CIPHER SUITE NAMES
+
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
+
+=head2 SSL v3.0 cipher suites
+
+ SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+ SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+ SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+ SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+ SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+ SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+
+=head2 TLS v1.0 cipher suites
+
+ TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+ TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+ TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+=head2 AES ciphersuites from RFC3268, extending TLS v1.0
+
+ TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+
+=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
+
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
+
+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
+
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+
+=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
+
+ TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+
+ TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
+
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+
+ TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+
+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+
+=head2 Additional Export 1024 and other cipher suites
+
+Note: these ciphers can also be used in SSL v3.
+
+ TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+
+=head2 Elliptic curve cipher suites.
+
+ TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
+
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
+
+ TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+ TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
+
+=head2 TLS v1.2 cipher suites
+
+ TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
+
+ TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+ TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
+
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
+
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
+
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
+
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
+
+ RSA_WITH_AES_128_CCM                      AES128-CCM
+ RSA_WITH_AES_256_CCM                      AES256-CCM
+ DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
+ DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
+ RSA_WITH_AES_128_CCM_8                    AES128-CCM8
+ RSA_WITH_AES_256_CCM_8                    AES256-CCM8
+ DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
+ DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
+ ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
+ ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
+ ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
+ ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
+
+=head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
+
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
+
+=head2 Pre-shared keying (PSK) ciphersuites
+
+ PSK_WITH_NULL_SHA                         PSK-NULL-SHA
+ DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
+ RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
+
+ PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
+ PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
+ PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
+ PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
+
+ DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
+ DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
+ DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
+ DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
+
+ RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
+ RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
+ RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
+ RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
+
+ PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+ DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
+ DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
+ RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
+ RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
+
+ PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
+ PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
+ PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
+ PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
+ DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
+ DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
+ DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
+ DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
+ RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
+ RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
+ RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
+ RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
+ PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+
+ ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
+ ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
+ ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
+ ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
+ ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
+ ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
+ ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
+
+ PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
+ PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
+
+ DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
+ DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
+
+ RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
+ RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
+
+ ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
+ ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
+
+ PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
+ PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
+ DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
+ DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
+ PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
+ PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
+ DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
+ DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
+
+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
+
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
+
+=head2 Older names used by OpenSSL
+
+The following names are accepted by older releases:
+
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+
+=head1 NOTES
+
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+
+=head1 EXAMPLES
+
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+
+ openssl ciphers -v 'ALL:eNULL'
+
+Include all ciphers except NULL and anonymous DH then sort by
+strength:
+
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+
+Include all ciphers except ones with no encryption (eNULL) or no
+authentication (aNULL):
+
+ openssl ciphers -v 'ALL:!aNULL'
+
+Include only 3DES ciphers and then place RSA ciphers last:
+
+ openssl ciphers -v '3DES:+RSA'
+
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all ciphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
+Set security level to 2 and display all ciphers consistent with level 2:
+
+ openssl ciphers -s -v 'ALL:@SECLEVEL=2'
+
+=head1 SEE ALSO
+
+L<s_client(1)>, L<s_server(1)>, L<ssl(7)>
+
+=head1 HISTORY
+
+The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/cms.pod b/openssl-1.1.0h/doc/apps/cms.pod
new file mode 100644
index 0000000..96acd31
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/cms.pod
@@ -0,0 +1,738 @@
+=pod
+
+=head1 NAME
+
+openssl-cms,
+cms - CMS utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<cms>
+[B<-help>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-verify>]
+[B<-cmsout>]
+[B<-resign>]
+[B<-data_create>]
+[B<-data_out>]
+[B<-digest_create>]
+[B<-digest_verify>]
+[B<-compress>]
+[B<-uncompress>]
+[B<-EncryptedData_encrypt>]
+[B<-sign_receipt>]
+[B<-verify_receipt receipt>]
+[B<-in filename>]
+[B<-inform SMIME|PEM|DER>]
+[B<-rctform SMIME|PEM|DER>]
+[B<-out filename>]
+[B<-outform SMIME|PEM|DER>]
+[B<-stream -indef -noindef>]
+[B<-noindef>]
+[B<-content filename>]
+[B<-text>]
+[B<-noout>]
+[B<-print>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-use_deltas>]
+[B<-auth_level num>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-md digest>]
+[B<-[cipher]>]
+[B<-nointern>]
+[B<-no_signer_cert_verify>]
+[B<-nocerts>]
+[B<-noattr>]
+[B<-nosmimecap>]
+[B<-binary>]
+[B<-crlfeol>]
+[B<-asciicrlf>]
+[B<-nodetach>]
+[B<-certfile file>]
+[B<-certsout file>]
+[B<-signer file>]
+[B<-recip file>]
+[B<-keyid>]
+[B<-receipt_request_all -receipt_request_first>]
+[B<-receipt_request_from emailaddress>]
+[B<-receipt_request_to emailaddress>]
+[B<-receipt_request_print>]
+[B<-secretkey key>]
+[B<-secretkeyid id>]
+[B<-econtent_type type>]
+[B<-inkey file>]
+[B<-keyopt name:parameter>]
+[B<-passin arg>]
+[B<-rand file(s)>]
+[B<cert.pem...>]
+[B<-to addr>]
+[B<-from addr>]
+[B<-subject subj>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and
+verify, compress and uncompress S/MIME messages.
+
+=head1 OPTIONS
+
+There are fourteen operation options that set the type of operation to be
+performed. The meaning of the other options varies according to the operation
+type.
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format. The
+actual CMS type is <B>EnvelopedData<B>.
+
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-debug_decrypt>
+
+this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
+with caution: see the notes section below.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-cmsout>
+
+takes an input message and writes out a PEM encoded CMS structure.
+
+=item B<-resign>
+
+resign a message: take an existing message and one or more new signers.
+
+=item B<-data_create>
+
+Create a CMS B<Data> type.
+
+=item B<-data_out>
+
+B<Data> type and output the content.
+
+=item B<-digest_create>
+
+Create a CMS B<DigestedData> type.
+
+=item B<-digest_verify>
+
+Verify a CMS B<DigestedData> type and output the content.
+
+=item B<-compress>
+
+Create a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib>
+support for this option to work, otherwise it will output an error.
+
+=item B<-uncompress>
+
+Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
+compiled with B<zlib> support for this option to work, otherwise it will
+output an error.
+
+=item B<-EncryptedData_encrypt>
+
+Encrypt content using supplied symmetric key and algorithm using a CMS
+B<EncryptedData> type and output the content.
+
+=item B<-sign_receipt>
+
+Generate and output a signed receipt for the supplied message. The input
+message B<must> contain a signed receipt request. Functionality is otherwise
+similar to the B<-sign> operation.
+
+=item B<-verify_receipt receipt>
+
+Verify a signed receipt in filename B<receipt>. The input message B<must>
+contain the original receipt request. Functionality is otherwise similar
+to the B<-verify> operation.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the message to be decrypted
+or verified.
+
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the CMS structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format CMS structures
+instead. This currently only affects the input format of the CMS
+structure, if no CMS structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
+=item B<-rctform SMIME|PEM|DER>
+
+specify the format for a signed receipt for use with the B<-receipt_verify>
+operation.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the CMS structure. The default
+is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format CMS structures
+instead. This currently only affects the output format of the CMS
+structure, if no CMS structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-stream -indef -noindef>
+
+the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+
+=item B<-noindef>
+
+disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the CMS
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME
+type text/plain then an error occurs.
+
+=item B<-noout>
+
+for the B<-cmsout> operation do not output the parsed CMS structure. This
+is useful when combined with the B<-print> option or if the syntax of the CMS
+structure is being checked.
+
+=item B<-print>
+
+for the B<-cmsout> operation print out all fields of the CMS structure. This
+is mainly useful for testing purposes.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-md digest>
+
+digest algorithm to use when signing or resigning. If not present then the
+default digest algorithm for the signing key will be used (usually SHA1).
+
+=item B<-[cipher]>
+
+the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
+or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
+EVP_get_cipherbyname() function) can also be used preceded by a dash, for
+example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for a list of ciphers
+supported by your version of OpenSSL.
+
+If not specified triple DES is used. Only used with B<-encrypt> and
+B<-EncryptedData_create> commands.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-no_signer_cert_verify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-nosmimecap>
+
+exclude the list of supported algorithms from signed attributes, other options
+such as signing time and content type are still included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
+=item B<-asciicrlf>
+
+when signing use ASCII CRLF format canonicalisation. This strips trailing
+whitespace from all lines, deletes trailing blank lines at EOF and sets
+the encapsulated content type. This option is normally used with detached
+content and an output signature format of DER. This option is not normally
+needed when verifying as it is enabled automatically if the encapsulated
+content format is detected.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-certsout file>
+
+any certificates contained in the message are written to B<file>.
+
+=item B<-signer file>
+
+a signing certificate when signing or resigning a message, this option can be
+used multiple times if more than one signer is required. If a message is being
+verified then the signers certificates will be written to this file if the
+verification was successful.
+
+=item B<-recip file>
+
+when decrypting a message this specifies the recipients certificate. The
+certificate must match one of the recipients of the message or an error
+occurs.
+
+When encrypting a message this option may be used multiple times to specify
+each recipient. This form B<must> be used if customised parameters are
+required (for example to specify RSA-OAEP).
+
+=item B<-keyid>
+
+use subject key identifier to identify certificates instead of issuer name and
+serial number. The supplied certificate B<must> include a subject key
+identifier extension. Supported by B<-sign> and B<-encrypt> options.
+
+=item B<-receipt_request_all -receipt_request_first>
+
+for B<-sign> option include a signed receipt request. Indicate requests should
+be provided by all recipient or first tier recipients (those mailed directly
+and not from a mailing list). Ignored it B<-receipt_request_from> is included.
+
+=item B<-receipt_request_from emailaddress>
+
+for B<-sign> option include a signed receipt request. Add an explicit email
+address where receipts should be supplied.
+
+=item B<-receipt_request_to emailaddress>
+
+Add an explicit email address where signed receipts should be sent to. This
+option B<must> but supplied if a signed receipt it requested.
+
+=item B<-receipt_request_print>
+
+For the B<-verify> operation print out the contents of any signed receipt
+requests.
+
+=item B<-secretkey key>
+
+specify symmetric key to use. The key must be supplied in hex format and be
+consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
+B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
+with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
+content encryption key using an AES key in the B<KEKRecipientInfo> type.
+
+=item B<-secretkeyid id>
+
+the key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
+This option B<must> be present if the B<-secretkey> option is used with
+B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the
+relevant key if it is not supplied then an attempt is used to decrypt any
+B<KEKRecipientInfo> structures.
+
+=item B<-econtent_type type>
+
+set the encapsulated content type to B<type> if not supplied the B<Data> type
+is used. The B<type> argument can be any valid OID name in either text or
+numerical format.
+
+=item B<-inkey file>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
+
+=item B<-keyopt name:opt>
+
+for signing and encryption this option can be used multiple times to
+set customised parameters for the preceding key or certificate. It can
+currently be used to set RSA-PSS for signing, RSA-OAEP for encryption
+or to modify default parameters for ECDH.
+
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message.
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
+B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
+B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+
+Set various certificate chain validation options. See the
+L<verify(1)> manual page for details.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers or many S/MIME clients won't display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process CMS enveloped data: CMS
+encrypted data is used for other purposes.
+
+The B<-resign> option uses an existing message digest when adding a new
+signer. This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+
+The B<-stream> and B<-indef> options enable streaming I/O support.
+As a result the encoding is BER using indefinite length constructed encoding
+and no longer DER. Streaming is supported for the B<-encrypt> operation and the
+B<-sign> operation if the content is not detached.
+
+Streaming is always used for the B<-sign> operation with detached data but
+since the content is no longer part of the CMS structure the encoding
+remains DER.
+
+If the B<-decrypt> option is used without a recipient certificate then an
+attempt is made to locate the recipient by trying each potential recipient
+in turn using the supplied private key. To thwart the MMA attack
+(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
+tried whether they succeed or not and if no recipients match the message
+is "decrypted" using a random key which will typically output garbage.
+The B<-debug_decrypt> option can be used to disable the MMA attack protection
+and return an error if no recipient can be found: this option should be used
+with caution. For a fuller description see L<CMS_decrypt(3)>).
+
+=head1 EXIT CODES
+
+=over 4
+
+=item Z<>0
+
+the operation was completely successfully.
+
+=item Z<>1
+
+an error occurred parsing the command options.
+
+=item Z<>2
+
+one of the input files could not be read.
+
+=item Z<>3
+
+an error occurred creating the CMS file or when reading the MIME
+message.
+
+=item Z<>4
+
+an error occurred decrypting or verifying the message.
+
+=item Z<>5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 COMPATIBILITY WITH PKCS#7 format.
+
+The B<smime> utility can only process the older B<PKCS#7> format. The B<cms>
+utility supports Cryptographic Message Syntax format. Use of some features
+will result in messages which cannot be processed by applications which only
+support the older format. These are detailed below.
+
+The use of the B<-keyid> option with B<-sign> or B<-encrypt>.
+
+The B<-outform PEM> option uses different headers.
+
+The B<-compress> option.
+
+The B<-secretkey> option when used with B<-encrypt>.
+
+The use of PSS with B<-sign>.
+
+The use of OAEP or non-RSA keys with B<-encrypt>.
+
+Additionally the B<-EncryptedData_create> and B<-data_create> type cannot
+be processed by the older B<smime> command.
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
+
+Create an opaque signed message
+
+ openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl cms -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Create a signed message with two signers, use key identifier:
+
+ openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem -keyid
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl cms -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl cms -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl cms -sign -in ml.txt -signer my.pem -text \
+        | openssl cms -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the
+message being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+and using the command,
+
+ openssl cms -verify -inform PEM -in signature.pem -content content.txt
+
+alternatively you can base64 decode the signature and use
+
+ openssl cms -verify -inform DER -in signature.der -content content.txt
+
+Create an encrypted message using 128 bit Camellia:
+
+ openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+
+Add a signer to an existing message:
+
+ openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
+
+Sign mail using RSA-PSS:
+
+ openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -keyopt rsa_padding_mode:pss
+
+Create encrypted mail using RSA-OAEP:
+
+ openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip cert.pem -keyopt rsa_padding_mode:oaep
+
+Use SHA256 KDF with an ECDH certificate:
+
+ openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've
+thrown at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if
+the signer has a separate encryption certificate this must be manually
+extracted. There should be some heuristic that determines the correct
+encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email
+address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+=head1 HISTORY
+
+The use of multiple B<-signer> options and the B<-resign> command were first
+added in OpenSSL 1.0.0
+
+The B<keyopt> option was first added in OpenSSL 1.1.0
+
+The use of B<-recip> to specify the recipient when encrypting mail was first
+added to OpenSSL 1.1.0
+
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+
+The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
+to OpenSSL 1.1.0.
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/config.pod b/openssl-1.1.0h/doc/apps/config.pod
new file mode 100644
index 0000000..76f282f
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/config.pod
@@ -0,0 +1,387 @@
+=pod
+
+=for comment openssl_manual_section:5
+
+=head1 NAME
+
+config - OpenSSL CONF library configuration files
+
+=head1 DESCRIPTION
+
+The OpenSSL CONF library can be used to read configuration files.
+It is used for the OpenSSL master configuration file B<openssl.cnf>
+and in a few other places like B<SPKAC> files and certificate extension
+files for the B<x509> utility. OpenSSL applications can also use the
+CONF library for their own purposes.
+
+A configuration file is divided into a number of sections. Each section
+starts with a line B<[ section_name ]> and ends when a new section is
+started or end of file is reached. A section name can consist of
+alphanumeric characters and underscores.
+
+The first section of a configuration file is special and is referred
+to as the B<default> section this is usually unnamed and is from the
+start of file until the first named section. When a name is being looked up
+it is first looked up in a named section (if any) and then the
+default section.
+
+The environment is mapped onto a section called B<ENV>.
+
+Comments can be included by preceding them with the B<#> character
+
+Each section in a configuration file consists of a number of name and
+value pairs of the form B<name=value>
+
+The B<name> string can contain any alphanumeric characters as well as
+a few punctuation symbols such as B<.> B<,> B<;> and B<_>.
+
+The B<value> string consists of the string following the B<=> character
+until end of line with any leading and trailing white space removed.
+
+The value string undergoes variable expansion. This can be done by
+including the form B<$var> or B<${var}>: this will substitute the value
+of the named variable in the current section. It is also possible to
+substitute a value from another section using the syntax B<$section::name>
+or B<${section::name}>. By using the form B<$ENV::name> environment
+variables can be substituted. It is also possible to assign values to
+environment variables by using the name B<ENV::name>, this will work
+if the program looks up environment variables using the B<CONF> library
+instead of calling getenv() directly. The value string must not exceed 64k in
+length after variable expansion. Otherwise an error will occur.
+
+It is possible to escape certain characters by using any kind of quote
+or the B<\> character. By making the last character of a line a B<\>
+a B<value> string can be spread across multiple lines. In addition
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+
+=head1 OPENSSL LIBRARY CONFIGURATION
+
+Applications can automatically configure certain
+aspects of OpenSSL using the master OpenSSL configuration file, or optionally
+an alternative configuration file. The B<openssl> utility includes this
+functionality: any sub command uses the master OpenSSL configuration file
+unless an option is used in the sub command to use an alternative configuration
+file.
+
+To enable library configuration the default section needs to contain an
+appropriate line which points to the main configuration section. The default
+name is B<openssl_conf> which is used by the B<openssl> utility. Other
+applications may use an alternative name such as B<myapplicaton_conf>.
+
+The configuration section should consist of a set of name value pairs which
+contain specific module configuration information. The B<name> represents
+the name of the I<configuration module> the meaning of the B<value> is
+module specific: it may, for example, represent a further configuration
+section containing configuration module specific information. E.g.
+
+ openssl_conf = openssl_init
+
+ [openssl_init]
+
+ oid_section = new_oids
+ engines = engine_section
+
+ [new_oids]
+
+ ... new oids here ...
+
+ [engine_section]
+
+ ... engine stuff here ...
+
+The features of each configuration module are described below.
+
+=head2 ASN1 Object Configuration Module
+
+This module has the name B<oid_section>. The value of this variable points
+to a section containing name value pairs of OIDs: the name is the OID short
+and long name, the value is the numerical form of the OID. Although some of
+the B<openssl> utility sub commands already have their own ASN1 OBJECT section
+functionality not all do. By using the ASN1 OBJECT configuration module
+B<all> the B<openssl> utility sub commands can see the new objects as well
+as any compliant applications. For example:
+
+ [new_oids]
+
+ some_new_oid = 1.2.3.4
+ some_other_oid = 1.2.3.5
+
+It is also possible to set the value to the long name followed
+by a comma and the numerical OID form. For example:
+
+ shortName = some object long name, 1.2.3.4
+
+=head2 Engine Configuration Module
+
+This ENGINE configuration module has the name B<engines>. The value of this
+variable points to a section containing further ENGINE configuration
+information.
+
+The section pointed to by B<engines> is a table of engine names (though see
+B<engine_id> below) and further sections containing configuration information
+specific to each ENGINE.
+
+Each ENGINE specific section is used to set default algorithms, load
+dynamic, perform initialization and send ctrls. The actual operation performed
+depends on the I<command> name which is the name of the name value pair. The
+currently supported commands are listed below.
+
+For example:
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+ # Configure ENGINE named "bar"
+ bar = bar_section
+
+ [foo_section]
+ ... foo ENGINE specific commands ...
+
+ [bar_section]
+ ... "bar" ENGINE specific commands ...
+
+The command B<engine_id> is used to give the ENGINE name. If used this
+command must be first. For example:
+
+ [engine_section]
+ # This would normally handle an ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Override default name and use "myfoo" instead.
+ engine_id = myfoo
+
+The command B<dynamic_path> loads and adds an ENGINE from the given path. It
+is equivalent to sending the ctrls B<SO_PATH> with the path argument followed
+by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is
+not the required behaviour then alternative ctrls can be sent directly
+to the dynamic ENGINE using ctrl commands.
+
+The command B<init> determines whether to initialize the ENGINE. If the value
+is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to
+initialized the ENGINE immediately. If the B<init> command is not present
+then an attempt will be made to initialize the ENGINE after all commands in
+its section have been processed.
+
+The command B<default_algorithms> sets the default algorithms an ENGINE will
+supply using the functions ENGINE_set_default_string().
+
+If the name matches none of the above command names it is assumed to be a
+ctrl command which is sent to the ENGINE. The value of the command is the
+argument to the ctrl command. If the value is the string B<EMPTY> then no
+value is sent to the command.
+
+For example:
+
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Load engine from DSO
+ dynamic_path = /some/path/fooengine.so
+ # A foo specific ctrl.
+ some_ctrl = some_value
+ # Another ctrl that doesn't take a value.
+ other_ctrl = EMPTY
+ # Supply all default algorithms
+ default_algorithms = ALL
+
+=head2 EVP Configuration Module
+
+This modules has the name B<alg_section> which points to a section containing
+algorithm commands.
+
+Currently the only algorithm command supported is B<fips_mode> whose
+value should be a boolean string such as B<on> or B<off>. If the value is
+B<on> this attempt to enter FIPS mode. If the call fails or the library is
+not FIPS capable then an error occurs.
+
+For example:
+
+ alg_section = evp_settings
+
+ [evp_settings]
+
+ fips_mode = on
+
+=head2 SSL Configuration Module
+
+This module has the name B<ssl_conf> which points to a section containing
+SSL configurations.
+
+Each line in the SSL configuration section contains the name of the
+configuration and the section containing it.
+
+Each configuration section consists of command value pairs for B<SSL_CONF>.
+Each pair will be passed to a B<SSL_CTX> or B<SSL> structure if it calls
+SSL_CTX_config() or SSL_config() with the appropriate configuration name.
+
+Note: any characters before an initial dot in the configuration section are
+ignored so the same command can be used multiple times.
+
+For example:
+
+ ssl_conf = ssl_sect
+
+ [ssl_sect]
+
+ server = server_section
+
+ [server_section]
+
+ RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
+
+=head1 NOTES
+
+If a configuration file attempts to expand a variable that doesn't exist
+then an error is flagged and the file will not load. This can happen
+if an attempt is made to expand an environment variable that doesn't
+exist. For example in a previous version of OpenSSL the default OpenSSL
+master configuration file used the value of B<HOME> which may not be
+defined on non Unix systems and would cause an error.
+
+This can be worked around by including a B<default> section to provide
+a default value: then if the environment lookup fails the default value
+will be used instead. For this to work properly the default value must
+be defined earlier in the configuration file than the expansion. See
+the B<EXAMPLES> section for an example of how to do this.
+
+If the same variable exists in the same section then all but the last
+value will be silently ignored. In certain circumstances such as with
+DNs the same field may occur multiple times. This is usually worked
+around by ignoring any characters before an initial B<.> e.g.
+
+ 1.OU="My first OU"
+ 2.OU="My Second OU"
+
+=head1 EXAMPLES
+
+Here is a sample configuration file using some of the features
+mentioned above.
+
+ # This is the default section.
+
+ HOME=/temp
+ RANDFILE= ${ENV::HOME}/.rnd
+ configdir=$ENV::HOME/config
+
+ [ section_one ]
+
+ # We are now in section one.
+
+ # Quotes permit leading and trailing whitespace
+ any = " any variable name "
+
+ other = A string that can \
+ cover several lines \
+ by including \\ characters
+
+ message = Hello World\n
+
+ [ section_two ]
+
+ greeting = $section_one::message
+
+This next example shows how to expand environment variables safely.
+
+Suppose you want a variable called B<tmpfile> to refer to a
+temporary filename. The directory it is placed in can determined by
+the B<TEMP> or B<TMP> environment variables but they may not be
+set to any value at all. If you just include the environment variable
+names and the variable doesn't exist then this will cause an error when
+an attempt is made to load the configuration file. By making use of the
+default section both values can be looked up with B<TEMP> taking
+priority and B</tmp> used if neither is defined:
+
+ TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ TEMP=$ENV::TMP
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
+
+Simple OpenSSL library configuration example to enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+
+ [evp_sect]
+ # Set to "yes" to enter FIPS mode if supported
+ fips_mode = yes
+
+Note: in the above example you will get an error in non FIPS capable versions
+of OpenSSL.
+
+More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+ oid_section = new_oids
+
+ [evp_sect]
+ # This will have no effect as FIPS mode is off by default.
+ # Set to "yes" to enter FIPS mode, if supported
+ fips_mode = no
+
+ [new_oids]
+ # New OID, just short name
+ newoid1 = 1.2.3.4.1
+ # New OID shortname and long name
+ newoid2 = New OID 2 long name, 1.2.3.4.2
+
+The above examples can be used with any application supporting library
+configuration if "openssl_conf" is modified to match the appropriate "appname".
+
+For example if the second sample file above is saved to "example.cnf" then
+the command line:
+
+ OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+
+will output:
+
+    0:d=0  hl=2 l=   4 prim: OBJECT            :newoid1
+
+showing that the OID "newoid1" has been added as "1.2.3.4.1".
+
+=head1 BUGS
+
+Currently there is no way to include characters using the octal B<\nnn>
+form. Strings are all null terminated so nulls cannot form part of
+the value.
+
+The escaping isn't quite right: if you want to use sequences like B<\n>
+you can't use any quote escaping on the same line.
+
+Files are loaded in a single pass. This means that an variable expansion
+will only work if the variables referenced are defined earlier in the
+file.
+
+=head1 SEE ALSO
+
+L<x509(1)>, L<req(1)>, L<ca(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/crl.pod b/openssl-1.1.0h/doc/apps/crl.pod
new file mode 100644
index 0000000..fded397
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/crl.pod
@@ -0,0 +1,143 @@
+=pod
+
+=head1 NAME
+
+openssl-crl,
+crl - CRL utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<crl>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-text>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-nameopt option>]
+[B<-noout>]
+[B<-hash>]
+[B<-issuer>]
+[B<-lastupdate>]
+[B<-nextupdate>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+
+=head1 DESCRIPTION
+
+The B<crl> command processes CRL files in DER or PEM format.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded CRL
+structure. B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-text>
+
+print out the CRL in text form.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. See
+the description of B<-nameopt> in L<x509(1)>.
+
+=item B<-noout>
+
+don't output the encoded version of the CRL.
+
+=item B<-hash>
+
+output a hash of the issuer name. This can be use to lookup CRLs in
+a directory by issuer name.
+
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
+=item B<-issuer>
+
+output the issuer name.
+
+=item B<-lastupdate>
+
+output the lastUpdate field.
+
+=item B<-nextupdate>
+
+output the nextUpdate field.
+
+=item B<-CAfile file>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<file>
+
+=item B<-CApath dir>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<dir>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=back
+
+=head1 NOTES
+
+The PEM CRL format uses the header and footer lines:
+
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+
+=head1 EXAMPLES
+
+Convert a CRL file from PEM to DER:
+
+ openssl crl -in crl.pem -outform DER -out crl.der
+
+Output the text form of a DER encoded certificate:
+
+ openssl crl -in crl.der -text -noout
+
+=head1 BUGS
+
+Ideally it should be possible to create a CRL using appropriate options
+and files too.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/crl2pkcs7.pod b/openssl-1.1.0h/doc/apps/crl2pkcs7.pod
new file mode 100644
index 0000000..933750a
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/crl2pkcs7.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+openssl-crl2pkcs7,
+crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
+
+=head1 SYNOPSIS
+
+B<openssl> B<crl2pkcs7>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-certfile filename>]
+[B<-nocrl>]
+
+=head1 DESCRIPTION
+
+The B<crl2pkcs7> command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate "certificates
+only" structure.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the CRL input format. B<DER> format is DER encoded CRL
+structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the PKCS#7 structure output format. B<DER> format is DER
+encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-in filename>
+
+This specifies the input filename to read a CRL from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write the PKCS#7 structure to or standard
+output by default.
+
+=item B<-certfile filename>
+
+specifies a filename containing one or more certificates in B<PEM> format.
+All certificates in the file will be added to the PKCS#7 structure. This
+option can be used more than once to read certificates form multiple
+files.
+
+=item B<-nocrl>
+
+normally a CRL is included in the output file. With this option no CRL is
+included in the output file and a CRL is not read from the input file.
+
+=back
+
+=head1 EXAMPLES
+
+Create a PKCS#7 structure from a certificate and CRL:
+
+ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+
+Creates a PKCS#7 structure in DER format with no CRL from several
+different certificates:
+
+ openssl crl2pkcs7 -nocrl -certfile newcert.pem
+        -certfile demoCA/cacert.pem -outform DER -out p7.der
+
+=head1 NOTES
+
+The output file is a PKCS#7 signed data structure containing no signers and
+just certificates and an optional CRL.
+
+This utility can be used to send certificates and CAs to Netscape as part of
+the certificate enrollment process. This involves sending the DER encoded output
+as MIME type application/x-x509-user-cert.
+
+The B<PEM> encoded form with the header and footer lines removed can be used to
+install user certificates and CAs in MSIE using the Xenroll control.
+
+=head1 SEE ALSO
+
+L<pkcs7(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/dgst.pod b/openssl-1.1.0h/doc/apps/dgst.pod
new file mode 100644
index 0000000..59919c3
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/dgst.pod
@@ -0,0 +1,239 @@
+=pod
+
+=head1 NAME
+
+openssl-dgst,
+dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests
+
+=head1 SYNOPSIS
+
+B<openssl> B<dgst>
+[B<-help>]
+[B<-I<digest>>]
+[B<-c>]
+[B<-d>]
+[B<-hex>]
+[B<-binary>]
+[B<-r>]
+[B<-out filename>]
+[B<-sign filename>]
+[B<-keyform arg>]
+[B<-passin arg>]
+[B<-verify filename>]
+[B<-prverify filename>]
+[B<-signature filename>]
+[B<-hmac key>]
+[B<-fips-fingerprint>]
+[B<-engine id>]
+[B<-engine_impl>]
+[B<file...>]
+
+B<openssl>
+[I<digest>]
+[B<...>]
+
+=head1 DESCRIPTION
+
+The digest functions output the message digest of a supplied file or files
+in hexadecimal.  The digest functions also generate and verify digital
+signatures using message digests.
+
+The generic name, B<dgst>, may be used with an option specifying the
+algorithm to be used.
+The default digest is I<sha256>.
+A supported I<digest> name may also be used as the command name.
+To see the list of supported algorithms, use the I<list --digest-commands>
+command.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-I<digest>>
+
+Specifies name of a supported digest to be used. To see the list of
+supported digests, use the command I<list --digest-commands>.
+
+=item B<-c>
+
+Print out the digest in two digit groups separated by colons, only relevant if
+B<hex> format output is used.
+
+=item B<-d>
+
+Print out BIO debugging information.
+
+=item B<-hex>
+
+Digest is to be output as a hex dump. This is the default case for a "normal"
+digest as opposed to a digital signature.  See NOTES below for digital
+signatures using B<-hex>.
+
+=item B<-binary>
+
+Output the digest or signature in binary form.
+
+=item B<-r>
+
+Output the digest in the "coreutils" format used by programs like B<sha1sum>.
+
+=item B<-out filename>
+
+Filename to output to, or standard output by default.
+
+=item B<-sign filename>
+
+Digitally sign the digest using the private key in "filename".
+
+=item B<-keyform arg>
+
+Specifies the key format to sign digest with. The DER, PEM, P12,
+and ENGINE formats are supported.
+
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
+=item B<-passin arg>
+
+The private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-verify filename>
+
+Verify the signature using the public key in "filename".
+The output is either "Verification OK" or "Verification Failure".
+
+=item B<-prverify filename>
+
+Verify the signature using the private key in "filename".
+
+=item B<-signature filename>
+
+The actual signature to verify.
+
+=item B<-hmac key>
+
+Create a hashed MAC using "key".
+
+=item B<-mac alg>
+
+Create MAC (keyed Message Authentication Code). The most popular MAC
+algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
+which are not based on hash, for instance B<gost-mac> algorithm,
+supported by B<ccgost> engine. MAC keys and other options should be set
+via B<-macopt> parameter.
+
+=item B<-macopt nm:v>
+
+Passes options to MAC algorithm, specified by B<-mac> key.
+Following options are supported by both by B<HMAC> and B<gost-mac>:
+
+=over 4
+
+=item B<key:string>
+
+Specifies MAC key as alphanumeric string (use if key contain printable
+characters only). String length must conform to any restrictions of
+the MAC algorithm for example exactly 32 chars for gost-mac.
+
+=item B<hexkey:string>
+
+Specifies MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm
+for example exactly 32 chars for gost-mac.
+
+=back
+
+=item B<-rand file(s)>
+
+A file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-fips-fingerprint>
+
+Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
+
+=item B<-engine id>
+
+Use engine B<id> for operations (including private key storage).
+This engine is not used as source for digest algorithms, unless it is
+also specified in the configuration file or B<-engine_impl> is also
+specified.
+
+=item B<-engine_impl>
+
+When used with the B<-engine> option, it specifies to also use
+engine B<id> for digest operations.
+
+=item B<file...>
+
+File or files to digest. If no files are specified then standard input is
+used.
+
+=back
+
+
+=head1 EXAMPLES
+
+To create a hex-encoded message digest of a file:
+ openssl dgst -md5 -hex file.txt
+
+To sign a file using SHA-256 with binary file output:
+ openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt
+
+To verify a signature:
+ openssl dgst -sha256 -verify publickey.pem \
+ -signature signature.sign \
+ file.txt
+
+
+=head1 NOTES
+
+The digest mechanisms that are available will depend on the options
+used when building OpenSSL.
+The B<list digest-commands> command can be used to list them.
+
+New or agile applications should use probably use SHA-256. Other digests,
+particularly SHA-1 and MD5, are still widely used for interoperating
+with existing formats and protocols.
+
+When signing a file, B<dgst> will automatically determine the algorithm
+(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info.
+When verifying signatures, it only handles the RSA, DSA, or ECDSA signature
+itself, not the related data to identify the signer and algorithm used in
+formats such as x.509, CMS, and S/MIME.
+
+A source of random numbers is required for certain signing algorithms, in
+particular ECDSA and DSA.
+
+The signing and verify options should only be used if a single file is
+being signed or verified.
+
+Hex signatures cannot be verified using B<openssl>.  Instead, use "xxd -r"
+or similar program to transform the hex signature into a binary signature
+prior to verification.
+
+=head1 HISTORY
+
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
+The FIPS-related options were removed in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/dhparam.pod b/openssl-1.1.0h/doc/apps/dhparam.pod
new file mode 100644
index 0000000..52fc0df
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/dhparam.pod
@@ -0,0 +1,160 @@
+=pod
+
+=head1 NAME
+
+openssl-dhparam,
+dhparam - DH parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dhparam>
+[B<-help>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+[B<-dsaparam>]
+[B<-check>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-2>]
+[B<-5>]
+[B<-rand> I<file(s)>]
+[B<-engine id>]
+[I<numbits>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate DH parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#3 DHparameter structure. The PEM form is the
+default format: it consists of the B<DER> format base64 encoded with
+additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in> I<filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+
+=item B<-out> I<filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-dsaparam>
+
+If this option is used, DSA rather than DH parameters are read or created;
+they are converted to DH format.  Otherwise, "strong" primes (such
+that (p-1)/2 is also prime) will be used for DH parameter generation.
+
+DH parameter generation with the B<-dsaparam> option is much faster,
+and the recommended exponent length is shorter, which makes DH key
+exchange more efficient.  Beware that with such DSA-style DH
+parameters, a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+
+=item B<-check>
+
+Performs numerous checks to see if the supplied parameters are valid and
+displays a warning if not.
+
+=item B<-2>, B<-5>
+
+The generator to use, either 2 or 5. If present then the
+input file is ignored and parameters are generated instead. If not
+present but B<numbits> is present, parameters are generated with the
+default generator 2.
+
+=item B<-rand> I<file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item I<numbits>
+
+this option specifies that a parameter set should be generated of size
+I<numbits>. It must be the last option. If this option is present then
+the input file is ignored and parameters are generated instead. If
+this option is not present but a generator (B<-2> or B<-5>) is
+present, parameters are generated with a default length of 2048 bits.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DH parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the get_dhNNNN() function.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<dhparam>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 WARNINGS
+
+The program B<dhparam> combines the functionality of the programs B<dh> and
+B<gendh> in previous versions of OpenSSL. The B<dh> and B<gendh>
+programs are retained for now but may have different purposes in future
+versions of OpenSSL.
+
+=head1 NOTES
+
+PEM format DH parameters use the header and footer lines:
+
+ -----BEGIN DH PARAMETERS-----
+ -----END DH PARAMETERS-----
+
+OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
+DH.
+
+This program manipulates DH parameters not keys.
+
+=head1 BUGS
+
+There should be a way to generate and manipulate DH keys.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/dsa.pod b/openssl-1.1.0h/doc/apps/dsa.pod
new file mode 100644
index 0000000..3735804
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/dsa.pod
@@ -0,0 +1,179 @@
+=pod
+
+=head1 NAME
+
+openssl-dsa,
+dsa - DSA key processing
+
+=head1 SYNOPSIS
+
+B<openssl> B<dsa>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-pubin>]
+[B<-pubout>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<dsa> command processes DSA keys. They can be converted between various
+forms and their components printed out. B<Note> This command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option with a private key uses
+an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
+version (currently zero), p, q, g, the public and private key components
+respectively as ASN.1 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
+
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<dsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the public, private key components and parameters.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the public key component of the key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this option a
+public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<dsa>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN DSA PRIVATE KEY-----
+ -----END DSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+=head1 EXAMPLES
+
+To remove the pass phrase on a DSA private key:
+
+ openssl dsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl dsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl dsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl dsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl dsa -in key.pem -pubout -out pubkey.pem
+
+=head1 SEE ALSO
+
+L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
+L<genrsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/dsaparam.pod b/openssl-1.1.0h/doc/apps/dsaparam.pod
new file mode 100644
index 0000000..0dfda66
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/dsaparam.pod
@@ -0,0 +1,125 @@
+=pod
+
+=head1 NAME
+
+openssl-dsaparam,
+dsaparam - DSA parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dsaparam>
+[B<-help>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-rand file(s)>]
+[B<-genkey>]
+[B<-engine id>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate or generate DSA parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting
+of p, q and g respectively. The PEM form is the default format: it consists
+of the B<DER> format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified. If the B<numbits> parameter is included then
+this option will be ignored.
+
+=item B<-out filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DSA parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the get_dsaXXX() function.
+
+=item B<-genkey>
+
+this option will generate a DSA either using the specified or generated
+parameters.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<numbits>
+
+this option specifies that a parameter set should be generated of size
+B<numbits>. It must be the last option. If this option is included then
+the input file (if any) is ignored.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<dsaparam>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 NOTES
+
+PEM format DSA parameters use the header and footer lines:
+
+ -----BEGIN DSA PARAMETERS-----
+ -----END DSA PARAMETERS-----
+
+DSA parameter generation is a slow process and as a result the same set of
+DSA parameters is often used to generate several distinct keys.
+
+=head1 SEE ALSO
+
+L<gendsa(1)>, L<dsa(1)>, L<genrsa(1)>,
+L<rsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ec.pod b/openssl-1.1.0h/doc/apps/ec.pod
new file mode 100644
index 0000000..c06005d
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ec.pod
@@ -0,0 +1,207 @@
+=pod
+
+=head1 NAME
+
+openssl-ec,
+ec - EC key processing
+
+=head1 SYNOPSIS
+
+B<openssl> B<ec>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-param_out>]
+[B<-pubin>]
+[B<-pubout>]
+[B<-conv_form arg>]
+[B<-param_enc arg>]
+[B<-no_public>]
+[B<-check>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<ec> command processes EC keys. They can be converted between various
+forms and their components printed out. B<Note> OpenSSL uses the
+private key format specified in 'SEC 1: Elliptic Curve Cryptography'
+(http://www.secg.org/). To convert an OpenSSL EC private key into the
+PKCS#8 private key format use the B<pkcs8> command.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option with a private key uses
+an ASN.1 DER encoded SEC1 private key. When used with a public key it
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, IDEA or
+any other cipher supported by OpenSSL before outputting it. A pass phrase is
+prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<ec> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the public, private key components and parameters.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the public key component of the key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this option a
+public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+
+=item B<-conv_form>
+
+This specifies how the points on the elliptic curve are converted
+into octet strings. Possible values are: B<compressed> (the default
+value), B<uncompressed> and B<hybrid>. For more information regarding
+the point conversion forms please read the X9.62 standard.
+B<Note> Due to patent issues the B<compressed> option is disabled
+by default for binary curves and can be enabled by defining
+the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
+
+=item B<-param_enc arg>
+
+This specifies how the elliptic curve parameters are encoded.
+Possible value are: B<named_curve>, i.e. the ec parameters are
+specified by an OID, or B<explicit> where the ec parameters are
+explicitly given (see RFC 3279 for the definition of the
+EC parameters structures). The default value is B<named_curve>.
+B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
+is currently not implemented in OpenSSL.
+
+=item B<-no_public>
+
+This option omits the public key components from the private key output.
+
+=item B<-check>
+
+this option checks the consistency of an EC private or public key.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<ec>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN EC PRIVATE KEY-----
+ -----END EC PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+=head1 EXAMPLES
+
+To encrypt a private key using triple DES:
+
+ openssl ec -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl ec -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl ec -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl ec -in key.pem -pubout -out pubkey.pem
+
+To change the parameters encoding to B<explicit>:
+
+ openssl ec -in key.pem -param_enc explicit -out keyout.pem
+
+To change the point conversion form to B<compressed>:
+
+ openssl ec -in key.pem -conv_form compressed -out keyout.pem
+
+=head1 SEE ALSO
+
+L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ecparam.pod b/openssl-1.1.0h/doc/apps/ecparam.pod
new file mode 100644
index 0000000..69a2631
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ecparam.pod
@@ -0,0 +1,186 @@
+=pod
+
+=head1 NAME
+
+openssl-ecparam,
+ecparam - EC parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl ecparam>
+[B<-help>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-check>]
+[B<-name arg>]
+[B<-list_curves>]
+[B<-conv_form arg>]
+[B<-param_enc arg>]
+[B<-no_seed>]
+[B<-rand file(s)>]
+[B<-genkey>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate or generate EC parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
+form compatible with RFC 3279 EcpkParameters. The PEM form is the default
+format: it consists of the B<DER> format base64 encoded with additional
+header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-noout>
+
+This option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+This option prints out the EC parameters in human readable form.
+
+=item B<-C>
+
+This option converts the EC parameters into C code. The parameters can then
+be loaded by calling the get_ec_group_XXX() function.
+
+=item B<-check>
+
+Validate the elliptic curve parameters.
+
+=item B<-name arg>
+
+Use the EC parameters with the specified 'short' name. Use B<-list_curves>
+to get a list of all currently implemented EC parameters.
+
+=item B<-list_curves>
+
+If this options is specified B<ecparam> will print out a list of all
+currently implemented EC parameters names and exit.
+
+=item B<-conv_form>
+
+This specifies how the points on the elliptic curve are converted
+into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
+default value) and B<hybrid>. For more information regarding
+the point conversion forms please read the X9.62 standard.
+B<Note> Due to patent issues the B<compressed> option is disabled
+by default for binary curves and can be enabled by defining
+the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
+
+=item B<-param_enc arg>
+
+This specifies how the elliptic curve parameters are encoded.
+Possible value are: B<named_curve>, i.e. the ec parameters are
+specified by an OID, or B<explicit> where the ec parameters are
+explicitly given (see RFC 3279 for the definition of the
+EC parameters structures). The default value is B<named_curve>.
+B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
+is currently not implemented in OpenSSL.
+
+=item B<-no_seed>
+
+This option inhibits that the 'seed' for the parameter generation
+is included in the ECParameters structure (see RFC 3279).
+
+=item B<-genkey>
+
+This option will generate an EC private key using the specified parameters.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<ecparam>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 NOTES
+
+PEM format EC parameters use the header and footer lines:
+
+ -----BEGIN EC PARAMETERS-----
+ -----END EC PARAMETERS-----
+
+OpenSSL is currently not able to generate new groups and therefore
+B<ecparam> can only create EC parameters from known (named) curves.
+
+=head1 EXAMPLES
+
+To create EC parameters with the group 'prime192v1':
+
+  openssl ecparam -out ec_param.pem -name prime192v1
+
+To create EC parameters with explicit parameters:
+
+  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
+
+To validate given EC parameters:
+
+  openssl ecparam -in ec_param.pem -check
+
+To create EC parameters and a private key:
+
+  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
+
+To change the point encoding to 'compressed':
+
+  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
+
+To print out the EC parameters to standard output:
+
+  openssl ecparam -in ec_param.pem -noout -text
+
+=head1 SEE ALSO
+
+L<ec(1)>, L<dsaparam(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/enc.pod b/openssl-1.1.0h/doc/apps/enc.pod
new file mode 100644
index 0000000..6338d6c
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/enc.pod
@@ -0,0 +1,354 @@
+=pod
+
+=head1 NAME
+
+openssl-enc,
+enc - symmetric cipher routines
+
+=head1 SYNOPSIS
+
+B<openssl enc -ciphername>
+[B<-help>]
+[B<-ciphers>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-pass arg>]
+[B<-e>]
+[B<-d>]
+[B<-a/-base64>]
+[B<-A>]
+[B<-k password>]
+[B<-kfile filename>]
+[B<-K key>]
+[B<-iv IV>]
+[B<-S salt>]
+[B<-salt>]
+[B<-nosalt>]
+[B<-z>]
+[B<-md digest>]
+[B<-p>]
+[B<-P>]
+[B<-bufsize number>]
+[B<-nopad>]
+[B<-debug>]
+[B<-none>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided. Base64 encoding or decoding can also be performed
+either by itself or in addition to the encryption or decryption.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-ciphers>
+
+List all supported ciphers.
+
+=item B<-in filename>
+
+the input filename, standard input by default.
+
+=item B<-out filename>
+
+the output filename, standard output by default.
+
+=item B<-pass arg>
+
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-e>
+
+encrypt the input data: this is the default.
+
+=item B<-d>
+
+decrypt the input data.
+
+=item B<-a>
+
+base64 process the data. This means that if encryption is taking place
+the data is base64 encoded after encryption. If decryption is set then
+the input data is base64 decoded before being decrypted.
+
+=item B<-base64>
+
+same as B<-a>
+
+=item B<-A>
+
+if the B<-a> option is set then base64 process the data on one line.
+
+=item B<-k password>
+
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
+
+=item B<-kfile filename>
+
+read the password to derive the key from the first line of B<filename>.
+This is for compatibility with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
+
+=item B<-md digest>
+
+Use the specified digest to create the key from the passphrase.
+The default algorithm is sha-256.
+
+=item B<-nosalt>
+
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
+used except for test purposes or compatibility with ancient versions of
+OpenSSL.
+
+=item B<-salt>
+
+use salt (randomly generated or provide with B<-S> option) when
+encrypting (this is the default).
+
+=item B<-S salt>
+
+the actual salt to use: this must be represented as a string of hex digits.
+
+=item B<-K key>
+
+the actual key to use: this must be represented as a string comprised only
+of hex digits. If only the key is specified, the IV must additionally specified
+using the B<-iv> option. When both a key and a password are specified, the
+key given with the B<-K> option will be used and the IV generated from the
+password will be taken. It probably does not make much sense to specify
+both key and password.
+
+=item B<-iv IV>
+
+the actual IV to use: this must be represented as a string comprised only
+of hex digits. When only the key is specified using the B<-K> option, the
+IV must explicitly be defined. When a password is being specified using
+one of the other options, the IV is generated from this password.
+
+=item B<-p>
+
+print out the key and IV used.
+
+=item B<-P>
+
+print out the key and IV used then immediately exit: don't do any encryption
+or decryption.
+
+=item B<-bufsize number>
+
+set the buffer size for I/O
+
+=item B<-nopad>
+
+disable standard block padding
+
+=item B<-debug>
+
+debug the BIOs used for I/O.
+
+=item B<-z>
+
+Compress or decompress clear text using zlib before encryption or after
+decryption. This option exists only if OpenSSL with compiled with zlib
+or zlib-dynamic option.
+
+=item B<-none>
+
+Use NULL cipher (no encryption or decryption of input).
+
+=back
+
+=head1 NOTES
+
+The program can be called either as B<openssl ciphername> or
+B<openssl enc -ciphername>. But the first form doesn't work with
+engine-provided ciphers, because this form is processed before the
+configuration file is read and any ENGINEs loaded.
+
+Engines which provide entirely new encryption algorithms (such as ccgost
+engine which provides gost89 algorithm) should be configured in the
+configuration file. Engines, specified in the command line using -engine
+options can only be used for hardware-assisted implementations of
+ciphers, which are supported by OpenSSL core or other engine, specified
+in the configuration file.
+
+When enc command lists supported ciphers, ciphers provided by engines,
+specified in the configuration files are listed too.
+
+A password will be prompted for to derive the key and IV if necessary.
+
+The B<-salt> option should B<ALWAYS> be used if the key is being derived
+from a password unless you want compatibility with previous versions of
+OpenSSL.
+
+Without the B<-salt> option it is possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data. The reason
+for this is that without the salt the same password always generates the same
+encryption key. When the salt is being used the first eight bytes of the
+encrypted data are reserved for the salt: it is generated at random when
+encrypting a file and read from the encrypted file when it is decrypted.
+
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly. A beginner is advised to just use
+a strong block cipher in CBC mode such as bf or des3.
+
+All the block ciphers normally use PKCS#5 padding also known as standard block
+padding: this allows a rudimentary integrity or password check to be
+performed. However since the chance of random data passing the test is
+better than 1 in 256 it isn't a very good test.
+
+If padding is disabled then the input data must be a multiple of the cipher
+block length.
+
+All RC2 ciphers have the same key and effective key length.
+
+Blowfish and RC5 algorithms use a 128 bit key.
+
+=head1 SUPPORTED CIPHERS
+
+Note that some of these ciphers can be disabled at compile time
+and some are available only if an appropriate engine is configured
+in the configuration file. The output of the B<enc> command run with
+unsupported options (for example B<openssl enc -help>) includes a
+list of ciphers, supported by your version of OpenSSL, including
+ones provided by configured engines.
+
+The B<enc> program does not support authenticated encryption modes
+like CCM and GCM. The utility does not store or retrieve the
+authentication tag.
+
+
+ base64             Base 64
+
+ bf-cbc             Blowfish in CBC mode
+ bf                 Alias for bf-cbc
+ bf-cfb             Blowfish in CFB mode
+ bf-ecb             Blowfish in ECB mode
+ bf-ofb             Blowfish in OFB mode
+
+ cast-cbc           CAST in CBC mode
+ cast               Alias for cast-cbc
+ cast5-cbc          CAST5 in CBC mode
+ cast5-cfb          CAST5 in CFB mode
+ cast5-ecb          CAST5 in ECB mode
+ cast5-ofb          CAST5 in OFB mode
+
+ des-cbc            DES in CBC mode
+ des                Alias for des-cbc
+ des-cfb            DES in CBC mode
+ des-ofb            DES in OFB mode
+ des-ecb            DES in ECB mode
+
+ des-ede-cbc        Two key triple DES EDE in CBC mode
+ des-ede            Two key triple DES EDE in ECB mode
+ des-ede-cfb        Two key triple DES EDE in CFB mode
+ des-ede-ofb        Two key triple DES EDE in OFB mode
+
+ des-ede3-cbc       Three key triple DES EDE in CBC mode
+ des-ede3           Three key triple DES EDE in ECB mode
+ des3               Alias for des-ede3-cbc
+ des-ede3-cfb       Three key triple DES EDE CFB mode
+ des-ede3-ofb       Three key triple DES EDE in OFB mode
+
+ desx               DESX algorithm.
+
+ gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
+
+ idea-cbc           IDEA algorithm in CBC mode
+ idea               same as idea-cbc
+ idea-cfb           IDEA in CFB mode
+ idea-ecb           IDEA in ECB mode
+ idea-ofb           IDEA in OFB mode
+
+ rc2-cbc            128 bit RC2 in CBC mode
+ rc2                Alias for rc2-cbc
+ rc2-cfb            128 bit RC2 in CFB mode
+ rc2-ecb            128 bit RC2 in ECB mode
+ rc2-ofb            128 bit RC2 in OFB mode
+ rc2-64-cbc         64 bit RC2 in CBC mode
+ rc2-40-cbc         40 bit RC2 in CBC mode
+
+ rc4                128 bit RC4
+ rc4-64             64 bit RC4
+ rc4-40             40 bit RC4
+
+ rc5-cbc            RC5 cipher in CBC mode
+ rc5                Alias for rc5-cbc
+ rc5-cfb            RC5 cipher in CFB mode
+ rc5-ecb            RC5 cipher in ECB mode
+ rc5-ofb            RC5 cipher in OFB mode
+
+ aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+ aes[128|192|256]       Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
+
+=head1 EXAMPLES
+
+Just base64 encode a binary file:
+
+ openssl base64 -in file.bin -out file.b64
+
+Decode the same file
+
+ openssl base64 -d -in file.b64 -out file.bin
+
+Encrypt a file using triple DES in CBC mode using a prompted password:
+
+ openssl des3 -salt -in file.txt -out file.des3
+
+Decrypt a file using a supplied password:
+
+ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+
+Encrypt a file then base64 encode it (so it can be sent via mail for example)
+using Blowfish in CBC mode:
+
+ openssl bf -a -salt -in file.txt -out file.bf
+
+Base64 decode a file then decrypt it:
+
+ openssl bf -d -salt -a -in file.bf -out file.txt
+
+Decrypt some data using a supplied 40 bit RC4 key:
+
+ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+
+=head1 BUGS
+
+The B<-A> option when used with large files doesn't work properly.
+
+There should be an option to allow an iteration count to be included.
+
+The B<enc> program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use RC2 with a
+76 bit key or RC4 with an 84 bit key you can't use this program.
+
+=head1 HISTORY
+
+The default digest was changed from MD5 to SHA256 in Openssl 1.1.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/engine.pod b/openssl-1.1.0h/doc/apps/engine.pod
new file mode 100644
index 0000000..155cc62
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/engine.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+openssl-engine,
+engine - load and query engines
+
+=head1 SYNOPSIS
+
+B<openssl engine>
+[ I<engine...> ]
+[B<-v>]
+[B<-vv>]
+[B<-vvv>]
+[B<-vvv>]
+[B<-vvv>]
+[B<-c>]
+[B<-t>]
+[B<-tt>]
+[B<-pre> I<command>]
+[B<-post> I<command>]
+[ I<engine...> ]
+
+=head1 DESCRIPTION
+
+The B<engine> command is used to query the status and capabilities
+of the specified B<engine>'s.
+Engines may be specified before and after all other command-line flags.
+Only those specified are queried.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-v> B<-vv> B<-vvv> B<-vvvv>
+
+Provides information about each specified engine. The first flag lists
+all the possible run-time control commands; the second adds a
+description of each command; the third adds the input flags, and the
+final option adds the internal input flags.
+
+=item B<-c>
+
+Lists the capabilities of each engine.
+
+=item B<-t>
+
+Tests if each specified engine is available, and displays the answer.
+
+=item B<-tt>
+
+Displays an error trace for any unavailable engine.
+
+=item B<-pre> I<command>
+
+=item B<-post> I<command>
+
+Command-line configuration of engines.
+The B<-pre> command is given to the engine before it is loaded and
+the B<-post> command is given after the engine is loaded.
+The I<command> is of the form I<cmd:val> where I<cmd> is the command,
+and I<val> is the value for the command.
+See the example below.
+
+=back
+
+=head1 EXAMPLE
+
+To list all the commands available to a dynamic engine:
+
+ % openssl engine -t -tt -vvvv dynamic
+ (dynamic) Dynamic engine loading support
+      [ unavailable ]
+      SO_PATH: Specifies the path to the new ENGINE shared library
+           (input flags): STRING
+      NO_VCHECK: Specifies to continue even if version checking fails (boolean)
+           (input flags): NUMERIC
+      ID: Specifies an ENGINE id name for loading
+           (input flags): STRING
+      LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_ADD: Adds a directory from which ENGINEs can be loaded
+           (input flags): STRING
+      LOAD: Load up the ENGINE specified by other settings
+           (input flags): NO_INPUT
+
+To list the capabilities of the I<rsax> engine:
+
+ % openssl engine -c
+ (rsax) RSAX engine support
+  [RSA]
+ (dynamic) Dynamic engine loading support
+
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL_ENGINES>
+
+The path to the engines directory.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/errstr.pod b/openssl-1.1.0h/doc/apps/errstr.pod
new file mode 100644
index 0000000..3c89b8f
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/errstr.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+openssl-errstr,
+errstr - lookup error codes
+
+=head1 SYNOPSIS
+
+B<openssl errstr error_code>
+
+=head1 DESCRIPTION
+
+Sometimes an application will not load error message and only
+numerical forms will be available. The B<errstr> utility can be used to
+display the meaning of the hex code. The hex code is the hex digits after the
+second colon.
+
+=head1 OPTIONS
+
+None.
+
+=head1 EXAMPLE
+
+The error code:
+
+ 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
+
+can be displayed with:
+
+ openssl errstr 2006D080
+
+to produce the error message:
+
+ error:2006D080:BIO routines:BIO_new_file:no such file
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/gendsa.pod b/openssl-1.1.0h/doc/apps/gendsa.pod
new file mode 100644
index 0000000..36c810a
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/gendsa.pod
@@ -0,0 +1,92 @@
+=pod
+
+=head1 NAME
+
+openssl-gendsa,
+gendsa - generate a DSA private key from a set of parameters
+
+=head1 SYNOPSIS
+
+B<openssl> B<gendsa>
+[B<-help>]
+[B<-out filename>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-rand file(s)>]
+[B<-engine id>]
+[B<paramfile>]
+
+=head1 DESCRIPTION
+
+The B<gendsa> command generates a DSA private key from a DSA parameter file
+(which will be typically generated by the B<openssl dsaparam> command).
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-out filename>
+
+Output the key to the specified file. If this argument is not specified then
+standard output is used.
+
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+
+These options encrypt the private key with specified
+cipher before outputting it. A pass phrase is prompted for.
+If none of these options is specified no encryption is used.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<gendsa>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<paramfile>
+
+This option specifies the DSA parameter file to use. The parameters in this
+file determine the size of the private key. DSA parameters can be generated
+and examined using the B<openssl dsaparam> command.
+
+=back
+
+=head1 NOTES
+
+DSA key generation is little more than random number generation so it is
+much quicker that RSA key generation for example.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)>, L<dsa(1)>, L<genrsa(1)>,
+L<rsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/genpkey.pod b/openssl-1.1.0h/doc/apps/genpkey.pod
new file mode 100644
index 0000000..d486952
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/genpkey.pod
@@ -0,0 +1,278 @@
+=pod
+
+=head1 NAME
+
+openssl-genpkey,
+genpkey - generate a private key
+
+=head1 SYNOPSIS
+
+B<openssl> B<genpkey>
+[B<-help>]
+[B<-out filename>]
+[B<-outform PEM|DER>]
+[B<-pass arg>]
+[B<-cipher>]
+[B<-engine id>]
+[B<-paramfile file>]
+[B<-algorithm alg>]
+[B<-pkeyopt opt:value>]
+[B<-genparam>]
+[B<-text>]
+
+=head1 DESCRIPTION
+
+The B<genpkey> command generates a private key.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-out filename>
+
+Output the key to the specified file. If this argument is not specified then
+standard output is used.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format DER or PEM.
+
+=item B<-pass arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-cipher>
+
+This option encrypts the private key with the supplied cipher. Any algorithm
+name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<genpkey>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms. If used this option should precede all other
+options.
+
+=item B<-algorithm alg>
+
+public key algorithm to use such as RSA, DSA or DH. If used this option must
+precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
+are mutually exclusive.
+
+=item B<-pkeyopt opt:value>
+
+set the public key algorithm option B<opt> to B<value>. The precise set of
+options supported depends on the public key algorithm used and its
+implementation. See B<KEY GENERATION OPTIONS> below for more details.
+
+=item B<-genparam>
+
+generate a set of parameters instead of a private key. If used this option must
+precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
+
+=item B<-paramfile filename>
+
+Some public key algorithms generate a private key based on a set of parameters.
+They can be supplied using this option. If this option is used the public key
+algorithm used is determined by the parameters. If used this option must
+precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
+are mutually exclusive.
+
+=item B<-text>
+
+Print an (unencrypted) text representation of private and public keys and
+parameters along with the PEM or DER structure.
+
+=back
+
+=head1 KEY GENERATION OPTIONS
+
+The options supported by each algorithm and indeed each implementation of an
+algorithm can vary. The options for the OpenSSL implementations are detailed
+below.
+
+=head1 RSA KEY GENERATION OPTIONS
+
+=over 4
+
+=item B<rsa_keygen_bits:numbits>
+
+The number of bits in the generated key. If not specified 1024 is used.
+
+=item B<rsa_keygen_pubexp:value>
+
+The RSA public exponent value. This can be a large decimal or
+hexadecimal value if preceded by B<0x>. Default value is 65537.
+
+=back
+
+=head1 DSA PARAMETER GENERATION OPTIONS
+
+=over 4
+
+=item B<dsa_paramgen_bits:numbits>
+
+The number of bits in the generated parameters. If not specified 1024 is used.
+
+=back
+
+=head1 DH PARAMETER GENERATION OPTIONS
+
+=over 4
+
+=item B<dh_paramgen_prime_len:numbits>
+
+The number of bits in the prime parameter B<p>.
+
+=item B<dh_paramgen_generator:value>
+
+The value to use for the generator B<g>.
+
+=item B<dh_rfc5114:num>
+
+If this option is set then the appropriate RFC5114 parameters are used
+instead of generating new parameters. The value B<num> can take the
+values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
+1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
+and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
+2.1, 2.2 and 2.3 respectively.
+
+=back
+
+=head1 EC PARAMETER GENERATION OPTIONS
+
+The EC parameter generation options below can also
+be supplied as EC key generation options. This can (for example) generate a
+key from a named curve without the need to use an explicit parameter file.
+
+=over 4
+
+=item B<ec_paramgen_curve:curve>
+
+the EC curve to use. OpenSSL supports NIST curve names such as "P-256".
+
+=item B<ec_param_enc:encoding>
+
+the encoding to use for parameters. The "encoding" parameter must be either
+"named_curve" or "explicit".
+
+=back
+
+=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
+
+Gost 2001 support is not enabled by default. To enable this algorithm,
+one should load the ccgost engine in the OpenSSL configuration file.
+See README.gost file in the engines/ccgost directory of the source
+distribution for more details.
+
+Use of a parameter file for the GOST R 34.10 algorithm is optional.
+Parameters can be specified during key generation directly as well as
+during generation of parameter file.
+
+=over 4
+
+=item B<paramset:name>
+
+Specifies GOST R 34.10-2001 parameter set according to RFC 4357.
+Parameter set can be specified using abbreviated name, object short name or
+numeric OID. Following parameter sets are supported:
+
+  paramset   OID               Usage
+  A          1.2.643.2.2.35.1  Signature
+  B          1.2.643.2.2.35.2  Signature
+  C          1.2.643.2.2.35.3  Signature
+  XA         1.2.643.2.2.36.0  Key exchange
+  XB         1.2.643.2.2.36.1  Key exchange
+  test       1.2.643.2.2.35.0  Test purposes
+
+=back
+
+=head1 X25519 KEY GENERATION OPTIONS
+
+The X25519 algorithm does not currently support any key generation options.
+
+
+=head1 NOTES
+
+The use of the genpkey program is encouraged over the algorithm specific
+utilities because additional algorithm options and ENGINE provided algorithms
+can be used.
+
+=head1 EXAMPLES
+
+Generate an RSA private key using default parameters:
+
+ openssl genpkey -algorithm RSA -out key.pem
+
+Encrypt output private key using 128 bit AES and the passphrase "hello":
+
+ openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
+
+Generate a 2048 bit RSA key using 3 as the public exponent:
+
+ openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
+                                                -pkeyopt rsa_keygen_pubexp:3
+
+Generate 1024 bit DSA parameters:
+
+ openssl genpkey -genparam -algorithm DSA -out dsap.pem \
+                                                -pkeyopt dsa_paramgen_bits:1024
+
+Generate DSA key from parameters:
+
+ openssl genpkey -paramfile dsap.pem -out dsakey.pem
+
+Generate 1024 bit DH parameters:
+
+ openssl genpkey -genparam -algorithm DH -out dhp.pem \
+                                        -pkeyopt dh_paramgen_prime_len:1024
+
+Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
+
+ openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
+
+Generate DH key from parameters:
+
+ openssl genpkey -paramfile dhp.pem -out dhkey.pem
+
+Generate EC parameters:
+
+ openssl genpkey -genparam -algorithm EC -out ecp.pem \
+        -pkeyopt ec_paramgen_curve:secp384r1 \
+        -pkeyopt ec_param_enc:named_curve
+
+Generate EC key from parameters:
+
+ openssl genpkey -paramfile ecp.pem -out eckey.pem
+
+Generate EC key directly:
+
+ openssl genpkey -algorithm EC -out eckey.pem \
+        -pkeyopt ec_paramgen_curve:P-384 \
+        -pkeyopt ec_param_enc:named_curve
+
+Generate an X25519 private key:
+
+ openssl genpkey -algorithm X25519 -out xkey.pem
+
+=head1 HISTORY
+
+The ability to use NIST curve names, and to generate an EC key directly,
+were added in OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/genrsa.pod b/openssl-1.1.0h/doc/apps/genrsa.pod
new file mode 100644
index 0000000..8be0683
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/genrsa.pod
@@ -0,0 +1,119 @@
+=pod
+
+=head1 NAME
+
+openssl-genrsa,
+genrsa - generate an RSA private key
+
+=head1 SYNOPSIS
+
+B<openssl> B<genrsa>
+[B<-help>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-aria128>]
+[B<-aria192>]
+[B<-aria256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-f4>]
+[B<-3>]
+[B<-rand file(s)>]
+[B<-engine id>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+The B<genrsa> command generates an RSA private key.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-out filename>
+
+Output the key to the specified file. If this argument is not specified then
+standard output is used.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+
+These options encrypt the private key with specified
+cipher before outputting it. If none of these options is
+specified no encryption is used. If encryption is used a pass phrase is prompted
+for if it is not supplied via the B<-passout> argument.
+
+=item B<-F4|-3>
+
+the public exponent to use, either 65537 or 3. The default is 65537.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<genrsa>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<numbits>
+
+the size of the private key to generate in bits. This must be the last option
+specified. The default is 2048.
+
+=back
+
+=head1 NOTES
+
+RSA private key generation essentially involves the generation of two prime
+numbers. When generating a private key various symbols will be output to
+indicate the progress of the generation. A B<.> represents each number which
+has passed an initial sieve test, B<+> means a number has passed a single
+round of the Miller-Rabin primality test. A newline means that the number has
+passed all the prime tests (the actual number depends on the key size).
+
+Because key generation is a random process the time taken to generate a key
+may vary somewhat.
+
+=head1 BUGS
+
+A quirk of the prime generation algorithm is that it cannot generate small
+primes. Therefore the number of bits should not be less that 64. For typical
+private keys this will not matter because for security reasons they will
+be much larger (typically 1024 bits).
+
+=head1 SEE ALSO
+
+L<gendsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/list.pod b/openssl-1.1.0h/doc/apps/list.pod
new file mode 100644
index 0000000..1088762
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/list.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+openssl-list,
+list - list algorithms and features
+
+=head1 SYNOPSIS
+
+B<openssl list>
+[B<-help>]
+[B<-commands>]
+[B<-digest-commands>]
+[B<-digest-algorithms>]
+[B<-cipher-commands>]
+[B<-cipher-algorithms>]
+[B<-public-key-algorithms>]
+[B<-disabled>]
+
+=head1 DESCRIPTION
+
+This command is used to generate list of algorithms or disabled
+features.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Display out a usage message.
+
+=item B<-commands>
+
+Display a list of standard commands.
+
+=item B<-digest-commands>
+
+Display a list of message digest commands, which are typically used
+as input to the L<dgst(1)> or L<speed(1)> commands.
+
+=item B<-digest-algorithms>
+
+Display a list of message digest algorithms.
+If a line is of the form
+  foo => bar
+then B<foo> is an alias for the official algorithm name, B<bar>.
+
+=item B<-cipher-commands>
+
+Display a list of cipher commands, which are typically used as input
+to the L<dgst(1)> or L<speed(1)> commands.
+
+=item B<-cipher-algorithms>
+
+Display a list of cipher algorithms.
+If a line is of the form
+  foo => bar
+then B<foo> is an alias for the official algorithm name, B<bar>.
+
+=item B<-public-key-algorithms>
+
+Display a list of public key algorithms, with each algorithm as
+a block of multiple lines, all but the first are indented.
+
+=item B<-disabled>
+
+Display a list of disabled features, those that were compiled out
+of the installation.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/nseq.pod b/openssl-1.1.0h/doc/apps/nseq.pod
new file mode 100644
index 0000000..6b25e22
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/nseq.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+openssl-nseq,
+nseq - create or examine a Netscape certificate sequence
+
+=head1 SYNOPSIS
+
+B<openssl> B<nseq>
+[B<-help>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-toseq>]
+
+=head1 DESCRIPTION
+
+The B<nseq> command takes a file containing a Netscape certificate
+sequence and prints out the certificates contained in it or takes a
+file of certificates and converts it into a Netscape certificate
+sequence.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies the input filename to read or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename or standard output by default.
+
+=item B<-toseq>
+
+normally a Netscape certificate sequence will be input and the output
+is the certificates contained in it. With the B<-toseq> option the
+situation is reversed: a Netscape certificate sequence is created from
+a file of certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Output the certificates in a Netscape certificate sequence
+
+ openssl nseq -in nseq.pem -out certs.pem
+
+Create a Netscape certificate sequence
+
+ openssl nseq -in certs.pem -toseq -out nseq.pem
+
+=head1 NOTES
+
+The B<PEM> encoded form uses the same headers and footers as a certificate:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+A Netscape certificate sequence is a Netscape specific form that can be sent
+to browsers as an alternative to the standard PKCS#7 format when several
+certificates are sent to the browser: for example during certificate enrollment.
+It is used by Netscape certificate server for example.
+
+=head1 BUGS
+
+This program needs a few more options: like allowing DER or PEM input and
+output files and allowing multiple certificate files to be used.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ocsp.pod b/openssl-1.1.0h/doc/apps/ocsp.pod
new file mode 100644
index 0000000..5e273cf
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ocsp.pod
@@ -0,0 +1,467 @@
+=pod
+
+=head1 NAME
+
+openssl-ocsp,
+ocsp - Online Certificate Status Protocol utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<ocsp>
+[B<-help>]
+[B<-out file>]
+[B<-issuer file>]
+[B<-cert file>]
+[B<-serial n>]
+[B<-signer file>]
+[B<-signkey file>]
+[B<-sign_other file>]
+[B<-no_certs>]
+[B<-req_text>]
+[B<-resp_text>]
+[B<-text>]
+[B<-reqout file>]
+[B<-respout file>]
+[B<-reqin file>]
+[B<-respin file>]
+[B<-nonce>]
+[B<-no_nonce>]
+[B<-url URL>]
+[B<-host host:port>]
+[B<-header>]
+[B<-path>]
+[B<-CApath dir>]
+[B<-CAfile file>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-use_deltas>]
+[B<-auth_level num>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-VAfile file>]
+[B<-validity_period n>]
+[B<-status_age n>]
+[B<-noverify>]
+[B<-verify_other file>]
+[B<-trust_other>]
+[B<-no_intern>]
+[B<-no_signature_verify>]
+[B<-no_cert_verify>]
+[B<-no_chain>]
+[B<-no_cert_checks>]
+[B<-no_explicit>]
+[B<-port num>]
+[B<-index file>]
+[B<-CA file>]
+[B<-rsigner file>]
+[B<-rkey file>]
+[B<-rother file>]
+[B<-resp_no_certs>]
+[B<-nmin n>]
+[B<-ndays n>]
+[B<-resp_key_id>]
+[B<-nrequest n>]
+[B<-md5|-sha1|...>]
+
+=head1 DESCRIPTION
+
+The Online Certificate Status Protocol (OCSP) enables applications to
+determine the (revocation) state of an identified certificate (RFC 2560).
+
+The B<ocsp> command performs many common OCSP tasks. It can be used
+to print out requests and responses, create requests and send queries
+to an OCSP responder and behave like a mini OCSP server itself.
+
+=head1 OPTIONS
+
+This command operates as either a client or a server.
+The options are described below, divided into those two modes.
+
+=head2 OCSP Client Options
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-out filename>
+
+specify output filename, default is standard output.
+
+=item B<-issuer filename>
+
+This specifies the current issuer certificate. This option can be used
+multiple times. The certificate specified in B<filename> must be in
+PEM format. This option B<MUST> come before any B<-cert> options.
+
+=item B<-cert filename>
+
+Add the certificate B<filename> to the request. The issuer certificate
+is taken from the previous B<issuer> option, or an error occurs if no
+issuer certificate is specified.
+
+=item B<-serial num>
+
+Same as the B<cert> option except the certificate with serial number
+B<num> is added to the request. The serial number is interpreted as a
+decimal integer unless preceded by B<0x>. Negative integers can also
+be specified by preceding the value by a B<-> sign.
+
+=item B<-signer filename>, B<-signkey filename>
+
+Sign the OCSP request using the certificate specified in the B<signer>
+option and the private key specified by the B<signkey> option. If
+the B<signkey> option is not present then the private key is read
+from the same file as the certificate. If neither option is specified then
+the OCSP request is not signed.
+
+=item B<-sign_other filename>
+
+Additional certificates to include in the signed request.
+
+=item B<-nonce>, B<-no_nonce>
+
+Add an OCSP nonce extension to a request or disable OCSP nonce addition.
+Normally if an OCSP request is input using the B<reqin> option no
+nonce is added: using the B<nonce> option will force addition of a nonce.
+If an OCSP request is being created (using B<cert> and B<serial> options)
+a nonce is automatically added specifying B<no_nonce> overrides this.
+
+=item B<-req_text>, B<-resp_text>, B<-text>
+
+print out the text form of the OCSP request, response or both respectively.
+
+=item B<-reqout file>, B<-respout file>
+
+write out the DER encoded certificate request or response to B<file>.
+
+=item B<-reqin file>, B<-respin file>
+
+read OCSP request or response file from B<file>. These option are ignored
+if OCSP request or response creation is implied by other options (for example
+with B<serial>, B<cert> and B<host> options).
+
+=item B<-url responder_url>
+
+specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
+
+=item B<-host hostname:port>, B<-path pathname>
+
+if the B<host> option is present then the OCSP request is sent to the host
+B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
+or "/" by default.  This is equivalent to specifying B<-url> with scheme
+http:// and the given hostname, port, and pathname.
+
+=item B<-header name=value>
+
+Adds the header B<name> with the specified B<value> to the OCSP request
+that is sent to the responder.
+This may be repeated.
+
+=item B<-timeout seconds>
+
+connection timeout to the OCSP responder in seconds
+
+=item B<-CAfile file>, B<-CApath pathname>
+
+file or pathname containing trusted CA certificates. These are used to verify
+the signature on the OCSP response.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
+B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
+B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+
+Set different certificate verification options.
+See L<verify(1)> manual page for details.
+
+=item B<-verify_other file>
+
+file containing additional certificates to search when attempting to locate
+the OCSP response signing certificate. Some responders omit the actual signer's
+certificate from the response: this option can be used to supply the necessary
+certificate in such cases.
+
+=item B<-trust_other>
+
+the certificates specified by the B<-verify_other> option should be explicitly
+trusted and no additional checks will be performed on them. This is useful
+when the complete responder certificate chain is not available or trusting a
+root CA is not appropriate.
+
+=item B<-VAfile file>
+
+file containing explicitly trusted responder certificates. Equivalent to the
+B<-verify_other> and B<-trust_other> options.
+
+=item B<-noverify>
+
+don't attempt to verify the OCSP response signature or the nonce values. This
+option will normally only be used for debugging since it disables all verification
+of the responders certificate.
+
+=item B<-no_intern>
+
+ignore certificates contained in the OCSP response when searching for the
+signers certificate. With this option the signers certificate must be specified
+with either the B<-verify_other> or B<-VAfile> options.
+
+=item B<-no_signature_verify>
+
+don't check the signature on the OCSP response. Since this option tolerates invalid
+signatures on OCSP responses it will normally only be used for testing purposes.
+
+=item B<-no_cert_verify>
+
+don't verify the OCSP response signers certificate at all. Since this option allows
+the OCSP response to be signed by any certificate it should only be used for
+testing purposes.
+
+=item B<-no_chain>
+
+do not use certificates in the response as additional untrusted CA
+certificates.
+
+=item B<-no_explicit>
+
+do not explicitly trust the root CA if it is set to be trusted for OCSP signing.
+
+=item B<-no_cert_checks>
+
+don't perform any additional checks on the OCSP response signers certificate.
+That is do not make any checks to see if the signers certificate is authorised
+to provide the necessary status information: as a result this option should
+only be used for testing purposes.
+
+=item B<-validity_period nsec>, B<-status_age age>
+
+these options specify the range of times, in seconds, which will be tolerated
+in an OCSP response. Each certificate status response includes a B<notBefore>
+time and an optional B<notAfter> time. The current time should fall between
+these two values, but the interval between the two times may be only a few
+seconds. In practice the OCSP responder and clients clocks may not be precisely
+synchronised and so such a check may fail. To avoid this the
+B<-validity_period> option can be used to specify an acceptable error range in
+seconds, the default value is 5 minutes.
+
+If the B<notAfter> time is omitted from a response then this means that new
+status information is immediately available. In this case the age of the
+B<notBefore> field is checked to see it is not older than B<age> seconds old.
+By default this additional check is not performed.
+
+=item B<-[digest]>
+
+this option sets digest algorithm to use for certificate identification in the
+OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used.
+The default is SHA-1. This option may be used multiple times to specify the
+digest used by subsequent certificate identifiers.
+
+=back
+
+=head2 OCSP Server Options
+
+=over 4
+
+=item B<-index indexfile>
+
+B<indexfile> is a text index file in B<ca> format containing certificate revocation
+information.
+
+If the B<index> option is specified the B<ocsp> utility is in responder mode, otherwise
+it is in client mode. The request(s) the responder processes can be either specified on
+the command line (using B<issuer> and B<serial> options), supplied in a file (using the
+B<reqin> option) or via external OCSP clients (if B<port> or B<url> is specified).
+
+If the B<index> option is present then the B<CA> and B<rsigner> options must also be
+present.
+
+=item B<-CA file>
+
+CA certificate corresponding to the revocation information in B<indexfile>.
+
+=item B<-rsigner file>
+
+The certificate to sign OCSP responses with.
+
+=item B<-rother file>
+
+Additional certificates to include in the OCSP response.
+
+=item B<-resp_no_certs>
+
+Don't include any certificates in the OCSP response.
+
+=item B<-resp_key_id>
+
+Identify the signer certificate using the key ID, default is to use the subject name.
+
+=item B<-rkey file>
+
+The private key to sign OCSP responses with: if not present the file specified in the
+B<rsigner> option is used.
+
+=item B<-port portnum>
+
+Port to listen for OCSP requests on. The port may also be specified using the B<url>
+option.
+
+=item B<-nrequest number>
+
+The OCSP server will exit after receiving B<number> requests, default unlimited.
+
+=item B<-nmin minutes>, B<-ndays days>
+
+Number of minutes or days when fresh revocation information is available: used in the
+B<nextUpdate> field. If neither option is present then the B<nextUpdate> field
+is omitted meaning fresh revocation information is immediately available.
+
+=back
+
+=head1 OCSP Response verification.
+
+OCSP Response follows the rules specified in RFC2560.
+
+Initially the OCSP responder certificate is located and the signature on
+the OCSP request checked using the responder certificate's public key.
+
+Then a normal certificate verify is performed on the OCSP responder certificate
+building up a certificate chain in the process. The locations of the trusted
+certificates used to build the chain can be specified by the B<CAfile>
+and B<CApath> options or they will be looked for in the standard OpenSSL
+certificates directory.
+
+If the initial verify fails then the OCSP verify process halts with an
+error.
+
+Otherwise the issuing CA certificate in the request is compared to the OCSP
+responder certificate: if there is a match then the OCSP verify succeeds.
+
+Otherwise the OCSP responder certificate's CA is checked against the issuing
+CA certificate in the request. If there is a match and the OCSPSigning
+extended key usage is present in the OCSP responder certificate then the
+OCSP verify succeeds.
+
+Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders
+CA is checked to see if it is trusted for OCSP signing. If it is the OCSP
+verify succeeds.
+
+If none of these checks is successful then the OCSP verify fails.
+
+What this effectively means if that if the OCSP responder certificate is
+authorised directly by the CA it is issuing revocation information about
+(and it is correctly configured) then verification will succeed.
+
+If the OCSP responder is a "global responder" which can give details about
+multiple CAs and has its own separate certificate chain then its root
+CA can be trusted for OCSP signing. For example:
+
+ openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+
+Alternatively the responder certificate itself can be explicitly trusted
+with the B<-VAfile> option.
+
+=head1 NOTES
+
+As noted, most of the verify options are for testing or debugging purposes.
+Normally only the B<-CApath>, B<-CAfile> and (if the responder is a 'global
+VA') B<-VAfile> options need to be used.
+
+The OCSP server is only useful for test and demonstration purposes: it is
+not really usable as a full OCSP responder. It contains only a very
+simple HTTP request handling and can only handle the POST form of OCSP
+queries. It also handles requests serially meaning it cannot respond to
+new requests until it has processed the current one. The text index file
+format of revocation is also inefficient for large quantities of revocation
+data.
+
+It is possible to run the B<ocsp> application in responder mode via a CGI
+script using the B<reqin> and B<respout> options.
+
+=head1 EXAMPLES
+
+Create an OCSP request and write it to a file:
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
+
+Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
+response to a file, print it out in text form, and verify the response:
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+     -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+
+Read in an OCSP response and print out text form:
+
+ openssl ocsp -respin resp.der -text -noverify
+
+OCSP server on port 8888 using a standard B<ca> configuration, and a separate
+responder certificate. All requests and responses are printed to a file.
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+        -text -out log.txt
+
+As above but exit after processing one request:
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+     -nrequest 1
+
+Query status information using an internally generated request:
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -issuer demoCA/cacert.pem -serial 1
+
+Query status information using request read from a file, and write the response
+to a second file.
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -reqin req.der -respout resp.der
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/openssl.pod b/openssl-1.1.0h/doc/apps/openssl.pod
new file mode 100644
index 0000000..6e822a6
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/openssl.pod
@@ -0,0 +1,461 @@
+=pod
+
+=head1 NAME
+
+openssl - OpenSSL command line tool
+
+=head1 SYNOPSIS
+
+B<openssl>
+I<command>
+[ I<command_opts> ]
+[ I<command_args> ]
+
+B<openssl> B<list> [ B<standard-commands> | B<digest-commands> | B<cipher-commands> | B<cipher-algorithms> | B<digest-algorithms> | B<public-key-algorithms>]
+
+B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
+
+=head1 DESCRIPTION
+
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+
+The B<openssl> program is a command line tool for using the various
+cryptography functions of OpenSSL's B<crypto> library from the shell.
+It can be used for
+
+ o  Creation and management of private keys, public keys and parameters
+ o  Public key cryptographic operations
+ o  Creation of X.509 certificates, CSRs and CRLs
+ o  Calculation of Message Digests
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+ o  Handling of S/MIME signed or encrypted mail
+ o  Time Stamp requests, generation and verification
+
+=head1 COMMAND SUMMARY
+
+The B<openssl> program provides a rich variety of commands (I<command> in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I<command_opts> and I<command_args> in the SYNOPSIS).
+
+Many commands use an external configuration file for some or all of their
+arguments and have a B<-config> option to specify that file.
+The environment variable B<OPENSSL_CONF> can be used to specify
+the location of the file.
+If the environment variable is not specified, then the file is named
+B<openssl.cnf> in the default certificate storage area, whose value
+depends on the configuration flags specified when the OpenSSL
+was built.
+
+The list parameters B<standard-commands>, B<digest-commands>,
+and B<cipher-commands> output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present B<openssl> utility.
+
+The list parameters B<cipher-algorithms> and
+B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
+
+ from => to
+
+The list parameter B<public-key-algorithms> lists all supported public
+key algorithms.
+
+The command B<no->I<XXX> tests whether a command of the
+specified name is available.  If no command named I<XXX> exists, it
+returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
+and prints I<XXX>.  In both cases, the output goes to B<stdout> and
+nothing is printed to B<stderr>.  Additional command line arguments
+are always ignored.  Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
+not able to detect pseudo-commands such as B<quit>,
+B<list>, or B<no->I<XXX> itself.)
+
+=head2 Standard Commands
+
+=over 4
+
+=item L<B<asn1parse>|asn1parse(1)>
+
+Parse an ASN.1 sequence.
+
+=item L<B<ca>|ca(1)>
+
+Certificate Authority (CA) Management.
+
+=item L<B<ciphers>|ciphers(1)>
+
+Cipher Suite Description Determination.
+
+=item L<B<cms>|cms(1)>
+
+CMS (Cryptographic Message Syntax) utility.
+
+=item L<B<crl>|crl(1)>
+
+Certificate Revocation List (CRL) Management.
+
+=item L<B<crl2pkcs7>|crl2pkcs7(1)>
+
+CRL to PKCS#7 Conversion.
+
+=item L<B<dgst>|dgst(1)>
+
+Message Digest Calculation.
+
+=item B<dh>
+
+Diffie-Hellman Parameter Management.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
+
+=item L<B<dhparam>|dhparam(1)>
+
+Generation and Management of Diffie-Hellman Parameters. Superseded by
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
+
+=item L<B<dsa>|dsa(1)>
+
+DSA Data Management.
+
+=item L<B<dsaparam>|dsaparam(1)>
+
+DSA Parameter Generation and Management. Superseded by
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
+
+=item L<B<ec>|ec(1)>
+
+EC (Elliptic curve) key processing.
+
+=item L<B<ecparam>|ecparam(1)>
+
+EC parameter manipulation and generation.
+
+=item L<B<enc>|enc(1)>
+
+Encoding with Ciphers.
+
+=item L<B<engine>|engine(1)>
+
+Engine (loadable module) information and manipulation.
+
+=item L<B<errstr>|errstr(1)>
+
+Error Number to Error String Conversion.
+
+=item B<gendh>
+
+Generation of Diffie-Hellman Parameters.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
+
+=item L<B<gendsa>|gendsa(1)>
+
+Generation of DSA Private Key from Parameters. Superseded by
+L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.
+
+=item L<B<genpkey>|genpkey(1)>
+
+Generation of Private Key or Parameters.
+
+=item L<B<genrsa>|genrsa(1)>
+
+Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
+
+=item L<B<nseq>|nseq(1)>
+
+Create or examine a Netscape certificate sequence.
+
+=item L<B<ocsp>|ocsp(1)>
+
+Online Certificate Status Protocol utility.
+
+=item L<B<passwd>|passwd(1)>
+
+Generation of hashed passwords.
+
+=item L<B<pkcs12>|pkcs12(1)>
+
+PKCS#12 Data Management.
+
+=item L<B<pkcs7>|pkcs7(1)>
+
+PKCS#7 Data Management.
+
+=item L<B<pkcs8>|pkcs8(1)>
+
+PKCS#8 format private key conversion tool.
+
+=item L<B<pkey>|pkey(1)>
+
+Public and private key management.
+
+=item L<B<pkeyparam>|pkeyparam(1)>
+
+Public key algorithm parameter management.
+
+=item L<B<pkeyutl>|pkeyutl(1)>
+
+Public key algorithm cryptographic operation utility.
+
+=item L<B<rand>|rand(1)>
+
+Generate pseudo-random bytes.
+
+=item L<B<rehash>|rehash(1)>
+
+Create symbolic links to certificate and CRL files named by the hash values.
+
+=item L<B<req>|req(1)>
+
+PKCS#10 X.509 Certificate Signing Request (CSR) Management.
+
+=item L<B<rsa>|rsa(1)>
+
+RSA key management.
+
+
+=item L<B<rsautl>|rsautl(1)>
+
+RSA utility for signing, verification, encryption, and decryption. Superseded
+by  L<B<pkeyutl>|pkeyutl(1)>.
+
+=item L<B<s_client>|s_client(1)>
+
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B<ssl> library.
+
+=item L<B<s_server>|s_server(1)>
+
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B<ssl> library.  It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+
+=item L<B<s_time>|s_time(1)>
+
+SSL Connection Timer.
+
+=item L<B<sess_id>|sess_id(1)>
+
+SSL Session Data Management.
+
+=item L<B<smime>|smime(1)>
+
+S/MIME mail processing.
+
+=item L<B<speed>|speed(1)>
+
+Algorithm Speed Measurement.
+
+=item L<B<spkac>|spkac(1)>
+
+SPKAC printing and generating utility.
+
+=item L<B<ts>|ts(1)>
+
+Time Stamping Authority tool (client/server).
+
+=item L<B<verify>|verify(1)>
+
+X.509 Certificate Verification.
+
+=item L<B<version>|version(1)>
+
+OpenSSL Version Information.
+
+=item L<B<x509>|x509(1)>
+
+X.509 Certificate Data Management.
+
+=back
+
+=head2 Message Digest Commands
+
+=over 4
+
+=item B<md2>
+
+MD2 Digest
+
+=item B<md5>
+
+MD5 Digest
+
+=item B<mdc2>
+
+MDC2 Digest
+
+=item B<rmd160>
+
+RMD-160 Digest
+
+=item B<sha>
+
+SHA Digest
+
+=item B<sha1>
+
+SHA-1 Digest
+
+=item B<sha224>
+
+SHA-224 Digest
+
+=item B<sha256>
+
+SHA-256 Digest
+
+=item B<sha384>
+
+SHA-384 Digest
+
+=item B<sha512>
+
+SHA-512 Digest
+
+=back
+
+=head2 Encoding and Cipher Commands
+
+=over 4
+
+=item B<base64>
+
+Base64 Encoding
+
+=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+
+Blowfish Cipher
+
+=item B<cast cast-cbc>
+
+CAST Cipher
+
+=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+
+CAST5 Cipher
+
+=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+
+DES Cipher
+
+=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+
+Triple-DES Cipher
+
+=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+
+IDEA Cipher
+
+=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+
+RC2 Cipher
+
+=item B<rc4>
+
+RC4 Cipher
+
+=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+
+RC5 Cipher
+
+=back
+
+=head1 OPTIONS
+
+Details of which options are available depend on the specific command.
+This section describes some common options with common behavior.
+
+=head2 Common Options
+
+=over 4
+
+=item B<-help>
+
+Provides a terse summary of all options.
+
+=back
+
+=head2 Pass Phrase Options
+
+Several commands accept password arguments, typically using B<-passin>
+and B<-passout> for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+
+=over 4
+
+=item B<pass:password>
+
+The actual password is B<password>. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+
+=item B<env:var>
+
+Obtain the password from the environment variable B<var>. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+
+=item B<file:pathname>
+
+The first line of B<pathname> is the password. If the same B<pathname>
+argument is supplied to B<-passin> and B<-passout> arguments then the first
+line will be used for the input password and the next line for the output
+password. B<pathname> need not refer to a regular file: it could for example
+refer to a device or named pipe.
+
+=item B<fd:number>
+
+Read the password from the file descriptor B<number>. This can be used to
+send the data via a pipe for example.
+
+=item B<stdin>
+
+Read the password from standard input.
+
+=back
+
+=head1 SEE ALSO
+
+L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
+L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
+L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
+L<ec(1)>, L<ecparam(1)>,
+L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
+L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
+L<passwd(1)>,
+L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
+L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>,
+L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
+L<rsautl(1)>, L<s_client(1)>,
+L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
+L<smime(1)>, L<speed(1)>, L<spkac(1)>,
+L<ts(1)>,
+L<verify(1)>, L<version(1)>, L<x509(1)>,
+L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
+
+=head1 HISTORY
+
+The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
+For notes on the availability of other commands, see their individual
+manual pages.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/passwd.pod b/openssl-1.1.0h/doc/apps/passwd.pod
new file mode 100644
index 0000000..4663201
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/passwd.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+openssl-passwd,
+passwd - compute password hashes
+
+=head1 SYNOPSIS
+
+B<openssl passwd>
+[B<-help>]
+[B<-crypt>]
+[B<-1>]
+[B<-apr1>]
+[B<-salt> I<string>]
+[B<-in> I<file>]
+[B<-stdin>]
+[B<-noverify>]
+[B<-quiet>]
+[B<-table>]
+{I<password>}
+
+=head1 DESCRIPTION
+
+The B<passwd> command computes the hash of a password typed at
+run-time or the hash of each password in a list.  The password list is
+taken from the named file for option B<-in file>, from stdin for
+option B<-stdin>, or from the command line, or from the terminal otherwise.
+The Unix standard algorithm B<crypt> and the MD5-based BSD password
+algorithm B<1> and its Apache variant B<apr1> are available.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-crypt>
+
+Use the B<crypt> algorithm (default).
+
+=item B<-1>
+
+Use the MD5 based BSD password algorithm B<1>.
+
+=item B<-apr1>
+
+Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
+
+=item B<-salt> I<string>
+
+Use the specified salt.
+When reading a password from the terminal, this implies B<-noverify>.
+
+=item B<-in> I<file>
+
+Read passwords from I<file>.
+
+=item B<-stdin>
+
+Read passwords from B<stdin>.
+
+=item B<-noverify>
+
+Don't verify when reading a password from the terminal.
+
+=item B<-quiet>
+
+Don't output warnings when passwords given at the command line are truncated.
+
+=item B<-table>
+
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+
+=back
+
+=head1 EXAMPLES
+
+B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+
+B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkcs12.pod b/openssl-1.1.0h/doc/apps/pkcs12.pod
new file mode 100644
index 0000000..44ee3d4
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkcs12.pod
@@ -0,0 +1,381 @@
+=pod
+
+=head1 NAME
+
+openssl-pkcs12,
+pkcs12 - PKCS#12 file utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs12>
+[B<-help>]
+[B<-export>]
+[B<-chain>]
+[B<-inkey file_or_id>]
+[B<-certfile filename>]
+[B<-name name>]
+[B<-caname name>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-nomacver>]
+[B<-nocerts>]
+[B<-clcerts>]
+[B<-cacerts>]
+[B<-nokeys>]
+[B<-info>]
+[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>]
+[B<-noiter>]
+[B<-maciter | -nomaciter | -nomac>]
+[B<-twopass>]
+[B<-descert>]
+[B<-certpbe cipher>]
+[B<-keypbe cipher>]
+[B<-macalg digest>]
+[B<-keyex>]
+[B<-keysig>]
+[B<-password arg>]
+[B<-passin arg>]
+[B<-passout arg>]
+[B<-rand file(s)>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-CSP name>]
+
+=head1 DESCRIPTION
+
+The B<pkcs12> command allows PKCS#12 files (sometimes referred to as
+PFX files) to be created and parsed. PKCS#12 files are used by several
+programs including Netscape, MSIE and MS Outlook.
+
+=head1 OPTIONS
+
+There are a lot of options the meaning of some depends of whether a PKCS#12 file
+is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12
+file can be created by using the B<-export> option (see below).
+
+=head1 PARSING OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies filename of the PKCS#12 file to be parsed. Standard input is used
+by default.
+
+=item B<-out filename>
+
+The filename to write certificates and private keys to, standard output by
+default.  They are all written in PEM format.
+
+=item B<-passin arg>
+
+the PKCS#12 file (i.e. input file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)>.
+
+=item B<-passout arg>
+
+pass phrase source to encrypt any outputted private keys with. For more
+information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
+in L<openssl(1)>.
+
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
+=item B<-noout>
+
+this option inhibits output of the keys and certificates to the output file
+version of the PKCS#12 file.
+
+=item B<-clcerts>
+
+only output client certificates (not CA certificates).
+
+=item B<-cacerts>
+
+only output CA certificates (not client certificates).
+
+=item B<-nocerts>
+
+no certificates at all will be output.
+
+=item B<-nokeys>
+
+no private keys will be output.
+
+=item B<-info>
+
+output additional information about the PKCS#12 file structure, algorithms used and
+iteration counts.
+
+=item B<-des>
+
+use DES to encrypt private keys before outputting.
+
+=item B<-des3>
+
+use triple DES to encrypt private keys before outputting, this is the default.
+
+=item B<-idea>
+
+use IDEA to encrypt private keys before outputting.
+
+=item B<-aes128>, B<-aes192>, B<-aes256>
+
+use AES to encrypt private keys before outputting.
+
+=item B<-camellia128>, B<-camellia192>, B<-camellia256>
+
+use Camellia to encrypt private keys before outputting.
+
+=item B<-nodes>
+
+don't encrypt the private keys at all.
+
+=item B<-nomacver>
+
+don't attempt to verify the integrity MAC before reading the file.
+
+=item B<-twopass>
+
+prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+
+=back
+
+=head1 FILE CREATION OPTIONS
+
+=over 4
+
+=item B<-export>
+
+This option specifies that a PKCS#12 file will be created rather than
+parsed.
+
+=item B<-out filename>
+
+This specifies filename to write the PKCS#12 file to. Standard output is used
+by default.
+
+=item B<-in filename>
+
+The filename to read certificates and private keys from, standard input by
+default.  They must all be in PEM format. The order doesn't matter but one
+private key and its corresponding certificate should be present. If additional
+certificates are present they will also be included in the PKCS#12 file.
+
+=item B<-inkey file_or_id>
+
+file to read private key from. If not present then a private key must be present
+in the input file.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
+
+=item B<-name friendlyname>
+
+This specifies the "friendly name" for the certificate and private key. This
+name is typically displayed in list boxes by software importing the file.
+
+=item B<-certfile filename>
+
+A filename to read additional certificates from.
+
+=item B<-caname friendlyname>
+
+This specifies the "friendly name" for other certificates. This option may be
+used multiple times to specify names for all certificates in the order they
+appear. Netscape ignores friendly names on other certificates whereas MSIE
+displays them.
+
+=item B<-pass arg>, B<-passout arg>
+
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)>.
+
+=item B<-passin password>
+
+pass phrase source to decrypt any input private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)>.
+
+=item B<-chain>
+
+if this option is present then an attempt is made to include the entire
+certificate chain of the user certificate. The standard CA store is used
+for this search. If the search fails it is considered a fatal error.
+
+=item B<-descert>
+
+encrypt the certificate using triple DES, this may render the PKCS#12
+file unreadable by some "export grade" software. By default the private
+key is encrypted using triple DES and the certificate using 40 bit RC2.
+
+=item B<-keypbe alg>, B<-certpbe alg>
+
+these options allow the algorithm used to encrypt the private key and
+certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
+can be used (see B<NOTES> section for more information). If a cipher name
+(as output by the B<list-cipher-algorithms> command is specified then it
+is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
+use PKCS#12 algorithms.
+
+=item B<-keyex|-keysig>
+
+specifies that the private key is to be used for key exchange or just signing.
+This option is only interpreted by MSIE and similar MS software. Normally
+"export grade" software will only allow 512 bit RSA keys to be used for
+encryption purposes but arbitrary length keys for signing. The B<-keysig>
+option marks the key for signing only. Signing only keys can be used for
+S/MIME signing, authenticode (ActiveX control signing)  and SSL client
+authentication, however due to a bug only MSIE 5.0 and later support
+the use of signing only keys for SSL client authentication.
+
+=item B<-macalg digest>
+
+specify the MAC digest algorithm. If not included them SHA1 will be used.
+
+=item B<-nomaciter>, B<-noiter>
+
+these options affect the iteration counts on the MAC and key algorithms.
+Unless you wish to produce files compatible with MSIE 4.0 you should leave
+these options alone.
+
+To discourage attacks by using large dictionaries of common passwords the
+algorithm that derives keys from passwords can have an iteration count applied
+to it: this causes a certain part of the algorithm to be repeated and slows it
+down. The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default both MAC and encryption iteration counts are set to 2048, using
+these options the MAC and encryption iteration counts can be set to 1, since
+this reduces the file security you should not use these options unless you
+really have to. Most software supports both MAC and key iteration counts.
+MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
+option.
+
+=item B<-maciter>
+
+This option is included for compatibility with previous versions, it used
+to be needed to use MAC iterations counts but they are now used by default.
+
+=item B<-nomac>
+
+don't attempt to provide the MAC integrity.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-CAfile file>
+
+CA storage as a file.
+
+=item B<-CApath dir>
+
+CA storage as a directory. This directory must be a standard certificate
+directory: that is a hash of each subject name (using B<x509 -hash>) should be
+linked to each certificate.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-CSP name>
+
+write B<name> as a Microsoft CSP name.
+
+=back
+
+=head1 NOTES
+
+Although there are a large number of options most of them are very rarely
+used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
+for PKCS#12 file creation B<-export> and B<-name> are also used.
+
+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputting the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+
+The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
+algorithms for private keys and certificates to be specified. Normally
+the defaults are fine but occasionally software can't handle triple DES
+encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can
+be used to reduce the private key encryption to 40 bit RC2. A complete
+description of all algorithms is contained in the B<pkcs8> manual page.
+
+Prior 1.1 release passwords containing non-ASCII characters were encoded
+in non-compliant manner, which limited interoperability, in first hand
+with Windows. But switching to standard-compliant password encoding
+poses problem accessing old data protected with broken encoding. For
+this reason even legacy encodings is attempted when reading the
+data. If you use PKCS#12 files in production application you are advised
+to convert the data, because implemented heuristic approach is not
+MT-safe, its sole goal is to facilitate the data upgrade with this
+utility.
+
+=head1 EXAMPLES
+
+Parse a PKCS#12 file and output it to a file:
+
+ openssl pkcs12 -in file.p12 -out file.pem
+
+Output only client certificates to a file:
+
+ openssl pkcs12 -in file.p12 -clcerts -out file.pem
+
+Don't encrypt the private key:
+
+ openssl pkcs12 -in file.p12 -out file.pem -nodes
+
+Print some info about a PKCS#12 file:
+
+ openssl pkcs12 -in file.p12 -info -noout
+
+Create a PKCS#12 file:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+
+Include some extra certificates:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+  -certfile othercerts.pem
+
+=head1 SEE ALSO
+
+L<pkcs8(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkcs7.pod b/openssl-1.1.0h/doc/apps/pkcs7.pod
new file mode 100644
index 0000000..340b72d
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkcs7.pod
@@ -0,0 +1,120 @@
+=pod
+
+=head1 NAME
+
+openssl-pkcs7,
+pkcs7 - PKCS#7 utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs7>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-print_certs>]
+[B<-text>]
+[B<-noout>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<pkcs7> command processes PKCS#7 files in DER or PEM format.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded PKCS#7
+v1.5 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-print_certs>
+
+prints out any certificates or CRLs contained in the file. They are
+preceded by their subject and issuer names in one line format.
+
+=item B<-text>
+
+prints out certificates details in full rather than just subject and
+issuer names.
+
+=item B<-noout>
+
+don't output the encoded version of the PKCS#7 structure (or certificates
+is B<-print_certs> is set).
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkcs7>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 EXAMPLES
+
+Convert a PKCS#7 file from PEM to DER:
+
+ openssl pkcs7 -in file.pem -outform DER -out file.der
+
+Output all certificates in a file:
+
+ openssl pkcs7 -in file.pem -print_certs -out certs.pem
+
+=head1 NOTES
+
+The PEM PKCS#7 format uses the header and footer lines:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+For compatibility with some CAs it will also accept:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+=head1 RESTRICTIONS
+
+There is no option to print out all the fields of a PKCS#7 file.
+
+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
+cannot currently parse, for example, the new CMS as described in RFC2630.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkcs8.pod b/openssl-1.1.0h/doc/apps/pkcs8.pod
new file mode 100644
index 0000000..402e7b2
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkcs8.pod
@@ -0,0 +1,302 @@
+=pod
+
+=head1 NAME
+
+openssl-pkcs8,
+pkcs8 - PKCS#8 format private key conversion tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs8>
+[B<-help>]
+[B<-topk8>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-iter count>]
+[B<-noiter>]
+[B<-nocrypt>]
+[B<-traditional>]
+[B<-v2 alg>]
+[B<-v2prf alg>]
+[B<-v1 alg>]
+[B<-engine id>]
+[B<-scrypt>]
+[B<-scrypt_N N>]
+[B<-scrypt_r r>]
+[B<-scrypt_p p>]
+
+=head1 DESCRIPTION
+
+The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
+both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
+format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-topk8>
+
+Normally a PKCS#8 private key is expected on input and a private key will be
+written to the output file. With the B<-topk8> option the situation is
+reversed: it reads a private key and writes a PKCS#8 format key.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format: see L<KEY FORMATS> for more details.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format: see L<KEY FORMATS> for more details.
+
+=item B<-traditional>
+
+When this option is present and B<-topk8> is not a traditional format private
+key is written.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+default. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-iter count>
+
+When creating new PKCS#8 containers, use a given number of iterations on
+the password in deriving the encryption key for the PKCS#8 output.
+High values increase the time required to brute-force a PKCS#8 container.
+
+=item B<-nocrypt>
+
+PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
+structures using an appropriate password based encryption algorithm. With
+this option an unencrypted PrivateKeyInfo structure is expected or output.
+This option does not encrypt private keys at all and should only be used
+when absolutely necessary. Certain software such as some versions of Java
+code signing software used unencrypted private keys.
+
+=item B<-v2 alg>
+
+This option sets the PKCS#5 v2.0 algorithm.
+
+The B<alg> argument is the encryption algorithm to use, valid values include
+B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
+is used.
+
+=item B<-v2prf alg>
+
+This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
+value would be B<hmacWithSHA256>. If this option isn't set then the default
+for the cipher is used or B<hmacWithSHA256> if there is no default.
+
+Some implementations may not support custom PRF algorithms and may require
+the B<hmacWithSHA1> option to work.
+
+=item B<-v1 alg>
+
+This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used.  Some
+older implementations may not support PKCS#5 v2.0 and may require this option.
+If not specified PKCS#5 v2.0 form is used.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkcs8>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-scrypt>
+
+uses the B<scrypt> algorithm for private key encryption using default
+parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
+key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
+B<-scrypt_p> and B<-v2> options.
+
+B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p>
+
+sets the scrypt B<N>, B<r> or B<p> parameters.
+
+=back
+
+=head1 KEY FORMATS
+
+Various different formats are used by the pkcs8 utility. These are detailed
+below.
+
+If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is
+not used) then the input file must be in PKCS#8 format. An encrypted
+key is expected unless B<-nocrypt> is included.
+
+If B<-topk8> is not used and B<PEM> mode is set the output file will be an
+unencrypted private key in PKCS#8 format. If the B<-traditional> option is
+used then a traditional format private key is written instead.
+
+If B<-topk8> is not used and B<DER> mode is set the output file will be an
+unencrypted private key in traditional DER format.
+
+If B<-topk8> is used then any supported private key can be used for the input
+file in a format specified by B<-inform>. The output file will be encrypted
+PKCS#8 format using the specified encryption parameters unless B<-nocrypt>
+is included.
+
+=head1 NOTES
+
+By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
+AES with HMAC and SHA256 is used.
+
+Some older implementations do not support PKCS#5 v2.0 format and require
+the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
+encryption algorithms such as 56 bit DES.
+
+The encrypted form of a PEM encode PKCS#8 files uses the following
+headers and footers:
+
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
+ -----END ENCRYPTED PRIVATE KEY-----
+
+The unencrypted form uses:
+
+ -----BEGIN PRIVATE KEY-----
+ -----END PRIVATE KEY-----
+
+Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
+counts are more secure that those encrypted using the traditional
+SSLeay compatible formats. So if additional security is considered
+important the keys should be converted.
+
+It is possible to write out DER encoded encrypted private keys in
+PKCS#8 format because the encryption details are included at an ASN1
+level whereas the traditional format includes them at a PEM level.
+
+=head1 PKCS#5 v1.5 and PKCS#12 algorithms.
+
+Various algorithms can be used with the B<-v1> command line option,
+including PKCS#5 v1.5 and PKCS#12. These are described in more detail
+below.
+
+=over 4
+
+=item B<PBE-MD2-DES PBE-MD5-DES>
+
+These algorithms were included in the original PKCS#5 v1.5 specification.
+They only offer 56 bits of protection since they both use DES.
+
+=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+
+These algorithms are not mentioned in the original PKCS#5 v1.5 specification
+but they use the same key derivation algorithm and are supported by some
+software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
+56 bit DES.
+
+=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+
+These algorithms use the PKCS#12 password based encryption algorithm and
+allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+
+=back
+
+=head1 EXAMPLES
+
+Convert a private key to PKCS#8 format using default parameters (AES with
+256 bit key and B<hmacWithSHA256>):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+
+Convert a private key to PKCS#8 unencrypted format:
+
+ openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
+
+Convert a private key to PKCS#5 v2.0 format using triple DES:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+
+Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC
+mode and B<hmacWithSHA512> PRF:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+(DES):
+
+ openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+(3DES):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+
+Read a DER unencrypted PKCS#8 format private key:
+
+ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+
+Convert a private key from any PKCS#8 encrypted format to traditional format:
+
+ openssl pkcs8 -in pk8.pem -traditional -out key.pem
+
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
+one million iterations of the password:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
+
+=head1 STANDARDS
+
+Test vectors from this PKCS#5 v2.0 implementation were posted to the
+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
+counts, several people confirmed that they could decrypt the private
+keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+implementation is reasonably accurate at least as far as these
+algorithms are concerned.
+
+The format of PKCS#8 DSA (and other) private keys is not well documented:
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.
+
+=head1 BUGS
+
+There should be an option that prints out the encryption algorithm
+in use and other details such as the iteration count.
+
+=head1 SEE ALSO
+
+L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>,
+L<gendsa(1)>
+
+=head1 HISTORY
+
+The B<-iter> option was added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkey.pod b/openssl-1.1.0h/doc/apps/pkey.pod
new file mode 100644
index 0000000..ef2e463
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkey.pod
@@ -0,0 +1,156 @@
+=pod
+
+=head1 NAME
+
+openssl-pkey,
+pkey - public or private key processing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkey>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-traditional>]
+[B<-cipher>]
+[B<-text>]
+[B<-text_pub>]
+[B<-noout>]
+[B<-pubin>]
+[B<-pubout>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<pkey> command processes public or private keys. They can be converted
+between various forms and their components printed out.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format DER or PEM.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout password>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-traditional>
+
+normally a private key is written using standard format: this is PKCS#8 form
+with the appropriate encryption algorithm (if any). If the B<-traditional>
+option is specified then the older "traditional" format is used instead.
+
+=item B<-cipher>
+
+These options encrypt the private key with the supplied cipher. Any algorithm
+name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+
+=item B<-text_pub>
+
+print out only public key components even if a private key is being processed.
+
+=item B<-noout>
+
+do not output the encoded version of the key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this
+option a public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkey>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 EXAMPLES
+
+To remove the pass phrase on an RSA private key:
+
+ openssl pkey -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl pkey -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl pkey -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl pkey -in key.pem -text -noout
+
+To print out the public components of a private key to standard output:
+
+ openssl pkey -in key.pem -text_pub -noout
+
+To just output the public part of a private key:
+
+ openssl pkey -in key.pem -pubout -out pubkey.pem
+
+=head1 SEE ALSO
+
+L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
+L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkeyparam.pod b/openssl-1.1.0h/doc/apps/pkeyparam.pod
new file mode 100644
index 0000000..309e249
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkeyparam.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+openssl-pkeyparam,
+pkeyparam - public key algorithm parameter processing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkeyparam>
+[B<-help>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-text>]
+[B<-noout>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<pkey> command processes public or private keys. They can be converted
+between various forms and their components printed out.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename to write parameters to or standard output if
+this option is not specified.
+
+=item B<-text>
+
+prints out the parameters in plain text in addition to the encoded version.
+
+=item B<-noout>
+
+do not output the encoded version of the parameters.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkeyparam>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 EXAMPLE
+
+Print out text version of parameters:
+
+ openssl pkeyparam -in param.pem -text
+
+=head1 NOTES
+
+There are no B<-inform> or B<-outform> options for this command because only
+PEM format is supported because the key type is determined by the PEM headers.
+
+=head1 SEE ALSO
+
+L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
+L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/pkeyutl.pod b/openssl-1.1.0h/doc/apps/pkeyutl.pod
new file mode 100644
index 0000000..e72486d
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/pkeyutl.pod
@@ -0,0 +1,293 @@
+=pod
+
+=head1 NAME
+
+openssl-pkeyutl,
+pkeyutl - public key algorithm utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkeyutl>
+[B<-help>]
+[B<-in file>]
+[B<-out file>]
+[B<-sigfile file>]
+[B<-inkey file>]
+[B<-keyform PEM|DER|ENGINE>]
+[B<-passin arg>]
+[B<-peerkey file>]
+[B<-peerform PEM|DER|ENGINE>]
+[B<-pubin>]
+[B<-certin>]
+[B<-rev>]
+[B<-sign>]
+[B<-verify>]
+[B<-verifyrecover>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-derive>]
+[B<-kdf algorithm>]
+[B<-kdflen length>]
+[B<-pkeyopt opt:value>]
+[B<-hexdump>]
+[B<-asn1parse>]
+[B<-engine id>]
+[B<-engine_impl>]
+
+=head1 DESCRIPTION
+
+The B<pkeyutl> command can be used to perform public key operations using
+any supported algorithm.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies the input filename to read data from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-sigfile file>
+
+Signature file, required for B<verify> operations only
+
+=item B<-inkey file>
+
+the input key file, by default it should be a private key.
+
+=item B<-keyform PEM|DER|ENGINE>
+
+the key format PEM, DER or ENGINE. Default is PEM.
+
+=item B<-passin arg>
+
+the input key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+
+=item B<-peerkey file>
+
+the peer key file, used by key derivation (agreement) operations.
+
+=item B<-peerform PEM|DER|ENGINE>
+
+the peer key format PEM, DER or ENGINE. Default is PEM.
+
+=item B<-pubin>
+
+the input file is a public key.
+
+=item B<-certin>
+
+the input is a certificate containing a public key.
+
+=item B<-rev>
+
+reverse the order of the input buffer. This is useful for some libraries
+(such as CryptoAPI) which represent the buffer in little endian format.
+
+=item B<-sign>
+
+sign the input data and output the signed result. This requires
+a private key.
+
+=item B<-verify>
+
+verify the input data against the signature file and indicate if the
+verification succeeded or failed.
+
+=item B<-verifyrecover>
+
+verify the input data and output the recovered data.
+
+=item B<-encrypt>
+
+encrypt the input data using a public key.
+
+=item B<-decrypt>
+
+decrypt the input data using a private key.
+
+=item B<-derive>
+
+derive a shared secret using the peer key.
+
+=item B<-kdf algorithm>
+
+Use key derivation function B<algorithm>.  The supported algorithms are
+at present B<TLS1-PRF> and B<HKDF>.
+Note: additional parameters and the KDF output length will normally have to be
+set for this to work.
+See L<EVP_PKEY_CTX_set_hkdf_md(3)> and L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
+for the supported string parameters of each algorithm.
+
+=item B<-kdflen length>
+
+Set the output length for KDF.
+
+=item B<-pkeyopt opt:value>
+
+Public key options specified as opt:value. See NOTES below for more details.
+
+=item B<-hexdump>
+
+hex dump the output data.
+
+=item B<-asn1parse>
+
+asn1parse the output data, this is useful when combined with the
+B<-verifyrecover> option when an ASN1 structure is signed.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-engine_impl>
+
+When used with the B<-engine> option, it specifies to also use
+engine B<id> for crypto operations.
+
+=back
+
+=head1 NOTES
+
+The operations and options supported vary according to the key algorithm
+and its implementation. The OpenSSL operations and options are indicated below.
+
+Unless otherwise mentioned all algorithms support the B<digest:alg> option
+which specifies the digest in use for sign, verify and verifyrecover operations.
+The value B<alg> should represent a digest name as used in the
+EVP_get_digestbyname() function for example B<sha1>.
+This value is used only for sanity-checking the lengths of data passed in to
+the B<pkeyutl> and for creating the structures that make up the signature
+(e.g. B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures).
+In case of RSA, ECDSA and DSA signatures, this utility
+will not perform hashing on input data but rather use the data directly as
+input of signature algorithm. Depending on key type, signature type and mode
+of padding, the maximum acceptable lengths of input data differ. In general,
+with RSA the signed data can't be longer than the key modulus, in case of ECDSA
+and DSA the data shouldn't be longer than field size, otherwise it will be
+silently truncated to field size.
+
+In other words, if the value of digest is B<sha1> the input should be 20 bytes
+long binary encoding of SHA-1 hash function output.
+
+=head1 RSA ALGORITHM
+
+The RSA algorithm generally supports the encrypt, decrypt, sign,
+verify and verifyrecover operations. However, some padding modes
+support only a subset of these operations. The following additional
+B<pkeyopt> values are supported:
+
+=over 4
+
+=item B<rsa_padding_mode:mode>
+
+This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
+PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
+for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
+
+In PKCS#1 padding if the message digest is not set then the supplied data is
+signed or verified directly instead of using a B<DigestInfo> structure. If a
+digest is set then the a B<DigestInfo> structure is used and its the length
+must correspond to the digest type.
+
+For B<oaep> mode only encryption and decryption is supported.
+
+For B<x931> if the digest type is set it is used to format the block data
+otherwise the first byte is used to specify the X9.31 digest ID. Sign,
+verify and verifyrecover are can be performed in this mode.
+
+For B<pss> mode only sign and verify are supported and the digest type must be
+specified.
+
+=item B<rsa_pss_saltlen:len>
+
+For B<pss> mode only this option specifies the salt length. Two special values
+are supported: -1 sets the salt length to the digest length. When signing -2
+sets the salt length to the maximum permissible value. When verifying -2 causes
+the salt length to be automatically determined based on the B<PSS> block
+structure.
+
+=back
+
+=head1 DSA ALGORITHM
+
+The DSA algorithm supports signing and verification operations only. Currently
+there are no additional options other than B<digest>. Only the SHA1
+digest can be used and this digest is assumed by default.
+
+=head1 DH ALGORITHM
+
+The DH algorithm only supports the derivation operation and no additional
+options.
+
+=head1 EC ALGORITHM
+
+The EC algorithm supports sign, verify and derive operations. The sign and
+verify operations use ECDSA and derive uses ECDH. Currently there are no
+additional options other than B<digest>. Only the SHA1 digest can be used and
+this digest is assumed by default.
+
+=head1 X25519 ALGORITHM
+
+The X25519 algorithm supports key derivation only. Currently there are no
+additional options.
+
+=head1 EXAMPLES
+
+Sign some data using a private key:
+
+ openssl pkeyutl -sign -in file -inkey key.pem -out sig
+
+Recover the signed data (e.g. if an RSA key is used):
+
+ openssl pkeyutl -verifyrecover -in sig -inkey key.pem
+
+Verify the signature (e.g. a DSA key):
+
+ openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
+
+Sign data using a message digest value (this is currently only valid for RSA):
+
+ openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
+
+Derive a shared secret value:
+
+ openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
+
+Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and
+seed consisting of the single byte 0xFF:
+
+ openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+    -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+
+=head1 SEE ALSO
+
+L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
+L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/rand.pod b/openssl-1.1.0h/doc/apps/rand.pod
new file mode 100644
index 0000000..4cdb370
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/rand.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+openssl-rand,
+rand - generate pseudo-random bytes
+
+=head1 SYNOPSIS
+
+B<openssl rand>
+[B<-help>]
+[B<-out> I<file>]
+[B<-rand> I<file(s)>]
+[B<-base64>]
+[B<-hex>]
+I<num>
+
+=head1 DESCRIPTION
+
+The B<rand> command outputs I<num> pseudo-random bytes after seeding
+the random number generator once.  As in other B<openssl> command
+line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
+in addition to the files given in the B<-rand> option.  A new
+I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
+seeding was obtained from these sources.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-out> I<file>
+
+Write to I<file> instead of standard output.
+
+=item B<-rand> I<file(s)>
+
+Use specified file or files or EGD socket (see L<RAND_egd(3)>)
+for seeding the random number generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-base64>
+
+Perform base64 encoding on the output.
+
+=item B<-hex>
+
+Show the output as a hex string.
+
+=back
+
+=head1 SEE ALSO
+
+L<RAND_bytes(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/rehash.pod b/openssl-1.1.0h/doc/apps/rehash.pod
new file mode 100644
index 0000000..79268d4
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/rehash.pod
@@ -0,0 +1,140 @@
+=pod
+
+=for comment
+Original text by James Westby, contributed under the OpenSSL license.
+
+=head1 NAME
+
+openssl-c_rehash, openssl-rehash,
+c_rehash, rehash - Create symbolic links to files named by the hash values
+
+=head1 SYNOPSIS
+
+B<openssl>
+B<rehash>
+B<[-h]>
+B<[-help]>
+B<[-old]>
+B<[-n]>
+B<[-v]>
+[ I<directory>...]
+
+B<c_rehash>
+I<flags...>
+
+=head1 DESCRIPTION
+
+On some platforms, the OpenSSL B<rehash> command is available as
+an external script called B<c_rehash>.  They are functionally equivalent,
+except for minor differences noted below.
+
+B<rehash> scans directories and calculates a hash value of each
+C<.pem>, C<.crt>, C<.cer>, or C<.crl>
+file in the specified directory list and creates symbolic links
+for each file, where the name of the link is the hash value.
+(If the platform does not support symbolic links, a copy is made.)
+This utility is useful as many programs that use OpenSSL require
+directories to be set up like this in order to find certificates.
+
+If any directories are named on the command line, then those are
+processed in turn. If not, then the B<SSL_CERT_DIR> environment variable
+is consulted; this should be a colon-separated list of directories,
+like the Unix B<PATH> variable.
+If that is not set then the default directory (installation-specific
+but often B</usr/local/ssl/certs>) is processed.
+
+In order for a directory to be processed, the user must have write
+permissions on that directory, otherwise an error will be generated.
+
+The links created are of the form C<HHHHHHHH.D>, where each B<H>
+is a hexadecimal character and B<D> is a single decimal digit.
+When processing a directory, B<rehash> will first remove all links
+that have a name in that syntax, even if they are being used for some
+other purpose.
+To skip the removal step, use the B<-n> flag.
+Hashes for CRL's look similar except the letter B<r> appears after
+the period, like this: C<HHHHHHHH.rD>.
+
+Multiple objects may have the same hash; they will be indicated by
+incrementing the B<D> value. Duplicates are found by comparing the
+full SHA-1 fingerprint. A warning will be displayed if a duplicate
+is found.
+
+A warning will also be displayed if there are files that
+cannot be parsed as either a certificate or a CRL or if
+more than one such object appears in the file.
+
+=head2 Script Configuration
+
+The B<c_rehash> script
+uses the B<openssl> program to compute the hashes and
+fingerprints. If not found in the user's B<PATH>, then set the
+B<OPENSSL> environment variable to the full pathname.
+Any program can be used, it will be invoked as follows for either
+a certificate or CRL:
+
+  $OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+  $OPENSSL crl -hash -fingerprint -noout -in FILENAME
+
+where B<FILENAME> is the filename. It must output the hash of the
+file on the first line, and the fingerprint on the second,
+optionally prefixed with some text and an equals sign.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help> B<-h>
+
+Display a brief usage message.
+
+=item B<-old>
+
+Use old-style hashing (MD5, as opposed to SHA-1) for generating
+links to be used for releases before 1.0.0.
+Note that current versions will not use the old style.
+
+=item B<-n>
+
+Do not remove existing links.
+This is needed when keeping new and old-style links in the same directory.
+
+=item B<-v>
+
+Print messages about old links removed and new links created.
+By default, B<rehash> only lists each directory as it is processed.
+
+=back
+
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL>
+
+The path to an executable to use to generate hashes and
+fingerprints (see above).
+
+=item B<SSL_CERT_DIR>
+
+Colon separated list of directories to operate on.
+Ignored if directories are listed on the command line.
+
+=back
+
+=head1 SEE ALSO
+
+L<openssl(1)>,
+L<crl(1)>.
+L<x509(1)>.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/req.pod b/openssl-1.1.0h/doc/apps/req.pod
new file mode 100644
index 0000000..c5b5260
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/req.pod
@@ -0,0 +1,662 @@
+=pod
+
+=head1 NAME
+
+openssl-req,
+req - PKCS#10 certificate request and certificate generating utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<req>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-text>]
+[B<-pubkey>]
+[B<-noout>]
+[B<-verify>]
+[B<-modulus>]
+[B<-new>]
+[B<-rand file(s)>]
+[B<-newkey rsa:bits>]
+[B<-newkey alg:file>]
+[B<-nodes>]
+[B<-key filename>]
+[B<-keyform PEM|DER>]
+[B<-keyout filename>]
+[B<-keygen_engine id>]
+[B<-[digest]>]
+[B<-config filename>]
+[B<-multivalue-rdn>]
+[B<-x509>]
+[B<-days n>]
+[B<-set_serial n>]
+[B<-newhdr>]
+[B<-extensions section>]
+[B<-reqexts section>]
+[B<-utf8>]
+[B<-nameopt>]
+[B<-reqopt>]
+[B<-subject>]
+[B<-subj arg>]
+[B<-batch>]
+[B<-verbose>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<req> command primarily creates and processes certificate requests
+in PKCS#10 format. It can additionally create self signed certificates
+for use as root CAs for example.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#10. The B<PEM> form is the default format: it
+consists of the B<DER> format base64 encoded with additional header and
+footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a request from or standard input
+if this option is not specified. A request is only read if the creation
+options (B<-new> and B<-newkey>) are not specified.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-text>
+
+prints out the certificate request in text form.
+
+=item B<-subject>
+
+prints out the request subject (or certificate subject if B<-x509> is
+specified)
+
+=item B<-pubkey>
+
+outputs the public key.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the request.
+
+=item B<-verify>
+
+verifies the signature on the request.
+
+=item B<-new>
+
+this option generates a new certificate request. It will prompt
+the user for the relevant field values. The actual fields
+prompted for and their maximum and minimum sizes are specified
+in the configuration file and any requested extensions.
+
+If the B<-key> option is not used it will generate a new RSA private
+key using information specified in the configuration file.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-newkey arg>
+
+this option creates a new certificate request and a new private
+key. The argument takes one of several forms. B<rsa:nbits>, where
+B<nbits> is the number of bits, generates an RSA key B<nbits>
+in size. If B<nbits> is omitted, i.e. B<-newkey rsa> specified,
+the default key size, specified in the configuration file is used.
+
+All other algorithms support the B<-newkey alg:file> form, where file may be
+an algorithm parameter file, created by the B<genpkey -genparam> command
+or and X.509 certificate for a key with appropriate algorithm.
+
+B<param:file> generates a key using the parameter file or certificate B<file>,
+the algorithm is determined by the parameters. B<algname:file> use algorithm
+B<algname> and parameter file B<file>: the two algorithms must match or an
+error occurs. B<algname> just uses algorithm B<algname>, and parameters,
+if necessary should be specified via B<-pkeyopt> parameter.
+
+B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>. B<ec:filename> generates EC key (usable both with
+ECDSA or ECDH algorithms), B<gost2001:filename> generates GOST R
+34.10-2001 key (requires B<ccgost> engine configured in the configuration
+file). If just B<gost2001> is specified a parameter set should be
+specified by B<-pkeyopt paramset:X>
+
+
+=item B<-pkeyopt opt:value>
+
+set the public key algorithm option B<opt> to B<value>. The precise set of
+options supported depends on the public key algorithm used and its
+implementation. See B<KEY GENERATION OPTIONS> in the B<genpkey> manual page
+for more details.
+
+=item B<-key filename>
+
+This specifies the file to read the private key from. It also
+accepts PKCS#8 format private keys for PEM format files.
+
+=item B<-keyform PEM|DER>
+
+the format of the private key file specified in the B<-key>
+argument. PEM is the default.
+
+=item B<-keyout filename>
+
+this gives the filename to write the newly created private key to.
+If this option is not specified then the filename present in the
+configuration file is used.
+
+=item B<-nodes>
+
+if this option is specified then if a private key is created it
+will not be encrypted.
+
+=item B<-[digest]>
+
+this specifies the message digest to sign the request.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+This overrides the digest algorithm specified in
+the configuration file.
+
+Some public key algorithms may override this choice. For instance, DSA
+signatures always use SHA1, GOST R 34.10 signatures always use
+GOST R 34.11-94 (B<-md_gost94>).
+
+=item B<-config filename>
+
+this allows an alternative configuration file to be specified.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+
+=item B<-subj arg>
+
+sets subject name for new request or supersedes the subject name
+when processing a request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
+=item B<-multivalue-rdn>
+
+this option causes the -subj argument to be interpreted with full
+support for multivalued RDNs. Example:
+
+I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
+
+If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
+
+=item B<-x509>
+
+this option outputs a self signed certificate instead of a certificate
+request. This is typically used to generate a test certificate or
+a self signed root CA. The extensions added to the certificate
+(if any) are specified in the configuration file. Unless specified
+using the B<set_serial> option, a large random number will be used for
+the serial number.
+
+If existing request is specified with the B<-in> option, it is converted
+to the self signed certificate otherwise new request is created.
+
+=item B<-days n>
+
+when the B<-x509> option is being used this specifies the number of
+days to certify the certificate for. The default is 30 days.
+
+=item B<-set_serial n>
+
+serial number to use when outputting a self signed certificate. This
+may be specified as a decimal value or a hex value if preceded by B<0x>.
+
+=item B<-extensions section>
+
+=item B<-reqexts section>
+
+these options specify alternative sections to include certificate
+extensions (if the B<-x509> option is present) or certificate
+request extensions. This allows several different sections to
+be used in the same configuration file to specify requests for
+a variety of purposes.
+
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)> manual page for details.
+
+=item B<-reqopt>
+
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas.
+
+See discussion of the  B<-certopt> parameter in the L<x509(1)>
+command.
+
+=item B<-newhdr>
+
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
+request. Some software (Netscape certificate server) and some CAs need this.
+
+=item B<-batch>
+
+non-interactive mode.
+
+=item B<-verbose>
+
+print extra details about the operations being performed.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-keygen_engine id>
+
+specifies an engine (by its unique B<id> string) which would be used
+for key generation operations.
+
+=back
+
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration options are specified in the B<req> section of
+the configuration file. As with all configuration files if no
+value is specified in the specific section (i.e. B<req>) then
+the initial unnamed or B<default> section is searched too.
+
+The options available are described in detail below.
+
+=over 4
+
+=item B<input_password output_password>
+
+The passwords for the input private key file (if present) and
+the output private key file (if one will be created). The
+command line options B<passin> and B<passout> override the
+configuration file values.
+
+=item B<default_bits>
+
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
+
+=item B<default_keyfile>
+
+This is the default filename to write a private key to. If not
+specified the key is written to standard output. This can be
+overridden by the B<-keyout> option.
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<RANDFILE>
+
+This specifies a filename in which random number seed information is
+placed and read from, or an EGD socket (see L<RAND_egd(3)>).
+It is used for private key generation.
+
+=item B<encrypt_key>
+
+If this is set to B<no> then if a private key is generated it is
+B<not> encrypted. This is equivalent to the B<-nodes> command line
+option. For compatibility B<encrypt_rsa_key> is an equivalent option.
+
+=item B<default_md>
+
+This option specifies the digest algorithm to use.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+If not present then MD5 is used.
+This option can be overridden on the command line.
+
+=item B<string_mask>
+
+This option masks out the use of certain string types in certain
+fields. Most users will not need to change this option.
+
+It can be set to several values B<default> which is also the default
+option uses PrintableStrings, T61Strings and BMPStrings if the
+B<pkix> value is used then only PrintableStrings and BMPStrings will
+be used. This follows the PKIX recommendation in RFC2459. If the
+B<utf8only> option is used then only UTF8Strings will be used: this
+is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
+option just uses PrintableStrings and T61Strings: certain software has
+problems with BMPStrings and UTF8Strings: in particular Netscape.
+
+=item B<req_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to the certificate request. It can be overridden
+by the B<-reqexts> command line switch. See the
+L<x509v3_config(5)> manual page for details of the
+extension section format.
+
+=item B<x509_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to certificate generated when the B<-x509> switch
+is used. It can be overridden by the B<-extensions> command line switch.
+
+=item B<prompt>
+
+if set to the value B<no> this disables prompting of certificate fields
+and just takes values from the config file directly. It also changes the
+expected format of the B<distinguished_name> and B<attributes> sections.
+
+=item B<utf8>
+
+if set to the value B<yes> then field values to be interpreted as UTF8
+strings, by default they are interpreted as ASCII. This means that
+the field values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<attributes>
+
+this specifies the section containing any request attributes: its format
+is the same as B<distinguished_name>. Typically these may contain the
+challengePassword or unstructuredName types. They are currently ignored
+by OpenSSL's request signing utilities but some CAs might want them.
+
+=item B<distinguished_name>
+
+This specifies the section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request. The format
+is described in the next section.
+
+=back
+
+=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
+
+There are two separate formats for the distinguished name and attribute
+sections. If the B<prompt> option is set to B<no> then these sections
+just consist of field names and values: for example,
+
+ CN=My Name
+ OU=My Organization
+ emailAddress=someone@somewhere.org
+
+This allows external programs (e.g. GUI based) to generate a template file
+with all the field names and values and just pass it to B<req>. An example
+of this kind of configuration file is contained in the B<EXAMPLES> section.
+
+Alternatively if the B<prompt> option is absent or not set to B<no> then the
+file contains field prompting information. It consists of lines of the form:
+
+ fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
+
+"fieldName" is the field name being used, for example commonName (or CN).
+The "prompt" string is used to ask the user to enter the relevant
+details. If the user enters nothing then the default value is used if no
+default value is present then the field is omitted. A field can
+still be omitted if a default value is present if the user just
+enters the '.' character.
+
+The number of characters entered must be between the fieldName_min and
+fieldName_max limits: there may be additional restrictions based
+on the field being used (for example countryName can only ever be
+two characters long and must fit in a PrintableString).
+
+Some fields (such as organizationName) can be used more than once
+in a DN. This presents a problem because configuration files will
+not recognize the same name occurring twice. To avoid this problem
+if the fieldName contains some characters followed by a full stop
+they will be ignored. So for example a second organizationName can
+be input by calling it "1.organizationName".
+
+The actual permitted field names are any object identifier short or
+long names. These are compiled into OpenSSL and include the usual
+values such as commonName, countryName, localityName, organizationName,
+organizationalUnitName, stateOrProvinceName. Additionally emailAddress
+is include as well as name, surname, givenName initials and dnQualifier.
+
+Additional object identifiers can be defined with the B<oid_file> or
+B<oid_section> options in the configuration file. Any additional fields
+will be treated as though they were a DirectoryString.
+
+
+=head1 EXAMPLES
+
+Examine and verify certificate request:
+
+ openssl req -in req.pem -text -verify -noout
+
+Create a private key and then generate a certificate request from it:
+
+ openssl genrsa -out key.pem 2048
+ openssl req -new -key key.pem -out req.pem
+
+The same but just using req:
+
+ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
+
+Generate a self signed root certificate:
+
+ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
+
+Example of a file pointed to by the B<oid_file> option:
+
+ 1.2.3.4        shortName       A longer Name
+ 1.2.3.6        otherName       Other longer Name
+
+Example of a section pointed to by B<oid_section> making use of variable
+expansion:
+
+ testoid1=1.2.3.5
+ testoid2=${testoid1}.6
+
+Sample configuration file prompting for field values:
+
+ [ req ]
+ default_bits           = 2048
+ default_keyfile        = privkey.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ req_extensions         = v3_ca
+
+ dirstring_type = nobmp
+
+ [ req_distinguished_name ]
+ countryName                    = Country Name (2 letter code)
+ countryName_default            = AU
+ countryName_min                = 2
+ countryName_max                = 2
+
+ localityName                   = Locality Name (eg, city)
+
+ organizationalUnitName         = Organizational Unit Name (eg, section)
+
+ commonName                     = Common Name (eg, YOUR name)
+ commonName_max                 = 64
+
+ emailAddress                   = Email Address
+ emailAddress_max               = 40
+
+ [ req_attributes ]
+ challengePassword              = A challenge password
+ challengePassword_min          = 4
+ challengePassword_max          = 20
+
+ [ v3_ca ]
+
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = critical, CA:true
+
+Sample configuration containing all field values:
+
+
+ RANDFILE               = $ENV::HOME/.rnd
+
+ [ req ]
+ default_bits           = 2048
+ default_keyfile        = keyfile.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ prompt                 = no
+ output_password        = mypass
+
+ [ req_distinguished_name ]
+ C                      = GB
+ ST                     = Test State or Province
+ L                      = Test Locality
+ O                      = Organization Name
+ OU                     = Organizational Unit Name
+ CN                     = Common Name
+ emailAddress           = test@email.address
+
+ [ req_attributes ]
+ challengePassword              = A challenge password
+
+
+=head1 NOTES
+
+The header and footer lines in the B<PEM> format are normally:
+
+ -----BEGIN CERTIFICATE REQUEST-----
+ -----END CERTIFICATE REQUEST-----
+
+some software (some versions of Netscape certificate server) instead needs:
+
+ -----BEGIN NEW CERTIFICATE REQUEST-----
+ -----END NEW CERTIFICATE REQUEST-----
+
+which is produced with the B<-newhdr> option but is otherwise compatible.
+Either form is accepted transparently on input.
+
+The certificate requests generated by B<Xenroll> with MSIE have extensions
+added. It includes the B<keyUsage> extension which determines the type of
+key (signature only or general purpose) and any additional OIDs entered
+by the script in an extendedKeyUsage extension.
+
+=head1 DIAGNOSTICS
+
+The following messages are frequently asked about:
+
+        Using configuration from /some/path/openssl.cnf
+        Unable to load config info
+
+This is followed some time later by...
+
+        unable to find 'distinguished_name' in config
+        problems making Certificate Request
+
+The first error message is the clue: it can't find the configuration
+file! Certain operations (like examining a certificate request) don't
+need a configuration file so its use isn't enforced. Generation of
+certificates or requests however does need a configuration file. This
+could be regarded as a bug.
+
+Another puzzling message is this:
+
+        Attributes:
+            a0:00
+
+this is displayed when no attributes are present and the request includes
+the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
+0x00). If you just see:
+
+        Attributes:
+
+then the B<SET OF> is missing and the encoding is technically invalid (but
+it is tolerated). See the description of the command line option B<-asn1-kludge>
+for more information.
+
+=head1 BUGS
+
+OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
+treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
+This can cause problems if you need characters that aren't available in
+PrintableStrings and you don't want to or can't use BMPStrings.
+
+As a consequence of the T61String handling the only correct way to represent
+accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
+currently chokes on these. If you have to use accented characters with Netscape
+and MSIE then you currently need to use the invalid T61String form.
+
+The current prompting is not very friendly. It doesn't allow you to confirm what
+you've just entered. Other things like extensions in certificate requests are
+statically defined in the configuration file. Some of these: like an email
+address in subjectAltName should be input by the user.
+
+=head1 SEE ALSO
+
+L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
+L<gendsa(1)>, L<config(5)>,
+L<x509v3_config(5)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/rsa.pod b/openssl-1.1.0h/doc/apps/rsa.pod
new file mode 100644
index 0000000..dcbf514
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/rsa.pod
@@ -0,0 +1,217 @@
+=pod
+
+=head1 NAME
+
+openssl-rsa,
+rsa - RSA key processing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsa>
+[B<-help>]
+[B<-inform PEM|NET|DER>]
+[B<-outform PEM|NET|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-check>]
+[B<-pubin>]
+[B<-pubout>]
+[B<-RSAPublicKey_in>]
+[B<-RSAPublicKey_out>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<rsa> command processes RSA keys. They can be converted between various
+forms and their components printed out. B<Note> this command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+utility.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|NET|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. On input PKCS#8 format private
+keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
+section.
+
+=item B<-outform DER|NET|PEM>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout password>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<rsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the key.
+
+=item B<-check>
+
+this option checks the consistency of an RSA private key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this
+option a public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+
+=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
+
+like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<rsa>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN RSA PRIVATE KEY-----
+ -----END RSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+The PEM B<RSAPublicKey> format uses the header and footer lines:
+
+ -----BEGIN RSA PUBLIC KEY-----
+ -----END RSA PUBLIC KEY-----
+
+The B<NET> form is a format compatible with older Netscape servers
+and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
+It is not very secure and so should only be used when necessary.
+
+Some newer version of IIS have additional data in the exported .key
+files. To use these with the utility, view the file with a binary editor
+and look for the string "private-key", then trace back to the byte
+sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
+from this point onwards to another file and use that as the input
+to the B<rsa> utility with the B<-inform NET> option.
+
+=head1 EXAMPLES
+
+To remove the pass phrase on an RSA private key:
+
+ openssl rsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl rsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format:
+
+ openssl rsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl rsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+
+Output the public part of a private key in B<RSAPublicKey> format:
+
+ openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
+
+=head1 BUGS
+
+The command line password arguments don't currently work with
+B<NET> format.
+
+There should be an option that automatically handles .key files,
+without having to manually edit them.
+
+=head1 SEE ALSO
+
+L<pkcs8(1)>, L<dsa(1)>, L<genrsa(1)>,
+L<gendsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/rsautl.pod b/openssl-1.1.0h/doc/apps/rsautl.pod
new file mode 100644
index 0000000..c07d60a
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/rsautl.pod
@@ -0,0 +1,205 @@
+=pod
+
+=head1 NAME
+
+openssl-rsautl,
+rsautl - RSA utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsautl>
+[B<-help>]
+[B<-in file>]
+[B<-out file>]
+[B<-inkey file>]
+[B<-keyform PEM|DER|ENGINE>]
+[B<-pubin>]
+[B<-certin>]
+[B<-sign>]
+[B<-verify>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-pkcs>]
+[B<-ssl>]
+[B<-raw>]
+[B<-hexdump>]
+[B<-asn1parse>]
+
+=head1 DESCRIPTION
+
+The B<rsautl> command can be used to sign, verify, encrypt and decrypt
+data using the RSA algorithm.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies the input filename to read data from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-inkey file>
+
+the input key file, by default it should be an RSA private key.
+
+=item B<-keyform PEM|DER|ENGINE>
+
+the key format PEM, DER or ENGINE.
+
+=item B<-pubin>
+
+the input file is an RSA public key.
+
+=item B<-certin>
+
+the input is a certificate containing an RSA public key.
+
+=item B<-sign>
+
+sign the input data and output the signed result. This requires
+an RSA private key.
+
+=item B<-verify>
+
+verify the input data and output the recovered data.
+
+=item B<-encrypt>
+
+encrypt the input data using an RSA public key.
+
+=item B<-decrypt>
+
+decrypt the input data using an RSA private key.
+
+=item B<-pkcs, -oaep, -ssl, -raw>
+
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
+special padding used in SSL v2 backwards compatible handshakes,
+or no padding, respectively.
+For signatures, only B<-pkcs> and B<-raw> can be used.
+
+=item B<-hexdump>
+
+hex dump the output data.
+
+=item B<-asn1parse>
+
+asn1parse the output data, this is useful when combined with the
+B<-verify> option.
+
+=back
+
+=head1 NOTES
+
+B<rsautl> because it uses the RSA algorithm directly can only be
+used to sign or verify small pieces of data.
+
+=head1 EXAMPLES
+
+Sign some data using a private key:
+
+ openssl rsautl -sign -in file -inkey key.pem -out sig
+
+Recover the signed data
+
+ openssl rsautl -verify -in sig -inkey key.pem
+
+Examine the raw signed data:
+
+ openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
+
+ 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
+
+The PKCS#1 block formatting is evident from this. If this was done using
+encrypt and decrypt the block would have been of type 2 (the second byte)
+and random padding data visible instead of the 0xff bytes.
+
+It is possible to analyse the signature of certificates using this
+utility in conjunction with B<asn1parse>. Consider the self signed
+example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
+
+ openssl asn1parse -in pca-cert.pem
+
+    0:d=0  hl=4 l= 742 cons: SEQUENCE
+    4:d=1  hl=4 l= 591 cons:  SEQUENCE
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL
+   31:d=2  hl=2 l=  92 cons:   SEQUENCE
+   33:d=3  hl=2 l=  11 cons:    SET
+   35:d=4  hl=2 l=   9 cons:     SEQUENCE
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+  ....
+  599:d=1  hl=2 l=  13 cons:  SEQUENCE
+  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+  612:d=2  hl=2 l=   0 prim:   NULL
+  614:d=1  hl=3 l= 129 prim:  BIT STRING
+
+
+The final BIT STRING contains the actual signature. It can be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+
+The certificate public key can be extracted with:
+
+ openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
+
+The signature can be analysed with:
+
+ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
+
+    0:d=0  hl=2 l=  32 cons: SEQUENCE
+    2:d=1  hl=2 l=  12 cons:  SEQUENCE
+    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+   14:d=2  hl=2 l=   0 prim:   NULL
+   16:d=1  hl=2 l=  16 prim:  OCTET STRING
+      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+
+This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
+the digest used was md5. The actual part of the certificate that was signed can
+be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+
+and its digest computed with:
+
+ openssl md5 -c tbs
+ MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+
+which it can be seen agrees with the recovered value above.
+
+=head1 SEE ALSO
+
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/s_client.pod b/openssl-1.1.0h/doc/apps/s_client.pod
new file mode 100644
index 0000000..01a6c5f
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/s_client.pod
@@ -0,0 +1,619 @@
+=pod
+
+=head1 NAME
+
+openssl-s_client,
+s_client - SSL/TLS client program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_client>
+[B<-help>]
+[B<-connect host:port>]
+[B<-proxy host:port>]
+[B<-unix path>]
+[B<-4>]
+[B<-6>]
+[B<-servername name>]
+[B<-verify depth>]
+[B<-verify_return_error>]
+[B<-cert filename>]
+[B<-certform DER|PEM>]
+[B<-key filename>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-dane_tlsa_domain domain>]
+[B<-dane_tlsa_rrdata rrdata>]
+[B<-dane_ee_no_namechecks>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-use_deltas>]
+[B<-auth_level num>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-reconnect>]
+[B<-showcerts>]
+[B<-debug>]
+[B<-msg>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-crlf>]
+[B<-ign_eof>]
+[B<-no_ign_eof>]
+[B<-quiet>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-no_tls1_1>]
+[B<-no_tls1_2>]
+[B<-dtls>]
+[B<-dtls1>]
+[B<-dtls1_2>]
+[B<-fallback_scsv>]
+[B<-async>]
+[B<-split_send_frag>]
+[B<-max_pipelines>]
+[B<-read_buf>]
+[B<-bugs>]
+[B<-comp>]
+[B<-no_comp>]
+[B<-sigalgs sigalglist>]
+[B<-curves curvelist>]
+[B<-cipher cipherlist>]
+[B<-serverpref>]
+[B<-starttls protocol>]
+[B<-xmpphost hostname>]
+[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
+[B<-rand file(s)>]
+[B<-serverinfo types>]
+[B<-status>]
+[B<-alpn protocols>]
+[B<-nextprotoneg protocols>]
+[B<-ct|noct>]
+[B<-ctlogfile>]
+
+=head1 DESCRIPTION
+
+The B<s_client> command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
+SSL servers.
+
+=head1 OPTIONS
+
+In addition to the options below the B<s_client> utility also supports the
+common and client only options documented in the
+in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)>
+manual page.
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+
+=item B<-proxy host:port>
+
+When used with the B<-connect> flag, the program uses the host and port
+specified with this flag and issues an HTTP CONNECT command to connect
+to the desired server.
+
+=item B<-unix path>
+
+Connect over the specified Unix-domain socket.
+
+=item B<-4>
+
+Use IPv4 only.
+
+=item B<-6>
+
+Use IPv6 only.
+
+=item B<-servername name>
+
+Set the TLS SNI (Server Name Indication) extension in the ClientHello message.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-dane_tlsa_domain domain>
+
+Enable RFC6698/RFC7671 DANE TLSA authentication and specify the
+TLSA base domain which becomes the default SNI hint and the primary
+reference identifier for hostname checks.  This must be used in
+combination with at least one instance of the B<-dane_tlsa_rrdata>
+option below.
+
+When DANE authentication succeeds, the diagnostic output will include
+the lowest (closest to 0) depth at which a TLSA record authenticated
+a chain certificate.  When that TLSA record is a "2 1 0" trust
+anchor public key that signed (rather than matched) the top-most
+certificate of the chain, the result is reported as "TA public key
+verified".  Otherwise, either the TLSA record "matched TA certificate"
+at a positive depth or else "matched EE certificate" at depth 0.
+
+=item B<-dane_tlsa_rrdata rrdata>
+
+Use one or more times to specify the RRDATA fields of the DANE TLSA
+RRset associated with the target service.  The B<rrdata> value is
+specied in "presentation form", that is four whitespace separated
+fields that specify the usage, selector, matching type and associated
+data, with the last of these encoded in hexadecimal.  Optional
+whitespace is ignored in the associated data field.  For example:
+
+  $ openssl s_client -brief -starttls smtp \
+    -connect smtp.example.com:25 \
+    -dane_tlsa_domain smtp.example.com \
+    -dane_tlsa_rrdata "2 1 1
+      B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
+    -dane_tlsa_rrdata "2 1 1
+      60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
+  ...
+  Verification: OK
+  Verified peername: smtp.example.com
+  DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
+  ...
+
+=item B<-dane_ee_no_namechecks>
+
+This disables server name checks when authenticating via DANE-EE(3) TLSA
+records.
+For some applications, primarily web browsers, it is not safe to disable name
+checks due to "unknown key share" attacks, in which a malicious server can
+convince a client that a connection to a victim server is instead a secure
+connection to the malicious server.
+The malicious server may then be able to violate cross-origin scripting
+restrictions.
+Thus, despite the text of RFC7671, name checks are by default enabled for
+DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
+to do so.
+In particular, SMTP and XMPP clients should set this option as SRV and MX
+records already make it possible for a remote domain to redirect client
+connections to any server of its choice, and in any case SMTP and XMPP clients
+do not execute scripts downloaded from remote servers.
+
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
+B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
+B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+
+Set various certificate chain validation options. See the
+L<verify(1)> manual page for details.
+
+=item B<-reconnect>
+
+reconnects to the same server 5 times using the same session ID, this can
+be used as a test that session caching is working.
+
+=item B<-showcerts>
+
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+
+=item B<-prexit>
+
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain URL. Note: the output produced by this
+option is not always accurate because a connection might never have been
+established.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
+=item B<-trace>
+
+show verbose trace output of protocol messages. OpenSSL needs to be compiled
+with B<enable-ssl-trace> for this option to work.
+
+=item B<-msgfile>
+
+file to send output of B<-msg> or B<-trace> to, default standard output.
+
+=item B<-nbio_test>
+
+tests non-blocking I/O
+
+=item B<-nbio>
+
+turns on non-blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF as required
+by some servers.
+
+=item B<-ign_eof>
+
+inhibit shutting down the connection when end of file is reached in the
+input.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.  This implicitly
+turns on B<-ign_eof> as well.
+
+=item B<-no_ign_eof>
+
+shut down the connection when end of file is reached in the input.
+Can be used to override the implicit B<-ign_eof> after B<-quiet>.
+
+=item B<-psk_identity identity>
+
+Use the PSK identity B<identity> when using a PSK cipher suite.
+The default value is "Client_identity" (without the quotes).
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+This option must be provided in order to use a PSK cipher.
+
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+These options require or disable the use of the specified SSL or TLS protocols.
+By default B<s_client> will negotiate the highest mutually supported protocol
+version.
+When a specific TLS version is required, only that version will be offered to
+and accepted from the server.
+
+=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+These options make B<s_client> use DTLS protocols instead of TLS.
+With B<-dtls>, B<s_client> will negotiate any supported DTLS protocol version,
+whilst B<-dtls1> and B<-dtls1_2> will only support DTLS1.0 and DTLS1.2
+respectively.
+
+=item B<-fallback_scsv>
+
+Send TLS_FALLBACK_SCSV in the ClientHello.
+
+=item B<-async>
+
+switch on asynchronous mode. Cryptographic operations will be performed
+asynchronously. This will only have an effect if an asynchronous capable engine
+is also used via the B<-engine> option. For test purposes the dummy async engine
+(dasync) can be used (if available).
+
+=item B<-split_send_frag int>
+
+The size used to split data for encrypt pipelines. If more data is written in
+one go than this value then it will be split into multiple pipelines, up to the
+maximum number of pipelines defined by max_pipelines. This only has an effect if
+a suitable ciphersuite has been negotiated, an engine that supports pipelining
+has been loaded, and max_pipelines is greater than 1. See
+L<SSL_CTX_set_split_send_fragment(3)> for further information.
+
+=item B<-max_pipelines int>
+
+The maximum number of encrypt/decrypt pipelines to be used. This will only have
+an effect if an engine has been loaded that supports pipelining (e.g. the dasync
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
+See L<SSL_CTX_set_max_pipelines(3)> for further information.
+
+=item B<-read_buf int>
+
+The default read buffer size to be used for connections. This will only have an
+effect if the buffer size is larger than the size that would otherwise be used
+and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
+further information).
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-comp>
+
+Enables support for SSL/TLS compression.
+This option was introduced in OpenSSL 1.1.0.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-no_comp>
+
+Disables support for SSL/TLS compression.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-brief>
+
+only provide a brief summary of connection parameters instead of the
+normal verbose output.
+
+=item B<-sigalgs sigalglist>
+
+Specifies the list of signature algorithms that are sent by the client.
+The server selects one entry in the list based on its preferences.
+For example strings, see L<SSL_CTX_set1_sigalgs(3)>
+
+=item B<-curves curvelist>
+
+Specifies the list of supported curves to be sent by the client. The curve is
+is ultimately selected by the server. For a list of all curves, use:
+
+    $ openssl ecparam -list_curves
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the B<ciphers>
+command for more information.
+
+=item B<-starttls protocol>
+
+send the protocol-specific message(s) to switch to TLS for communication.
+B<protocol> is a keyword for the intended protocol.  Currently, the only
+supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server",
+and "irc."
+
+=item B<-xmpphost hostname>
+
+This option, when used with "-starttls xmpp" or "-starttls xmpp-server",
+specifies the host for the "to" attribute of the stream element.
+If this option is not specified, then the host specified with "-connect"
+will be used.
+
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support.
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-serverinfo types>
+
+a list of comma-separated TLS Extension Types (numbers between 0 and
+65535).  Each type will be sent as an empty ClientHello TLS Extension.
+The server's response (if any) will be encoded and displayed as a PEM
+file.
+
+=item B<-status>
+
+sends a certificate status request to the server (OCSP stapling). The server
+response (if any) is printed out.
+
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
+
+these flags enable the 
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
+comma-separated protocol names that the client should advertise
+support for. The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+Empty list of protocols is treated specially and will cause the client to
+advertise support for the TLS extension but disconnect just after
+receiving ServerHello with a list of server supported protocols.
+
+=item B<-ct|noct>
+
+Use one of these two options to control whether Certificate Transparency (CT)
+is enabled (B<-ct>) or disabled (B<-noct>).
+If CT is enabled, signed certificate timestamps (SCTs) will be requested from
+the server and reported at handshake completion.
+
+Enabling CT also enables OCSP stapling, as this is one possible delivery method
+for SCTs.
+
+=item B<-ctlogfile>
+
+A file containing a list of known Certificate Transparency logs. See
+L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection is established with an SSL server then any data received
+from the server is displayed and any key presses will be sent to the
+server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
+have been given), the session will be renegotiated if the line begins with an
+B<R>, and if the line begins with a B<Q> or if end of file is reached, the
+connection will be closed down.
+
+=head1 NOTES
+
+B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
+server the command:
+
+ openssl s_client -connect servername:443
+
+would typically be used (https uses port 443). If the connection succeeds
+then an HTTP command can be given such as "GET /" to retrieve a web page.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>,
+B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using B<s_client> the CA list can be viewed
+and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> option and send an HTTP request
+for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+If there are problems verifying a server certificate then the
+B<-showcerts> option can be used to show the whole chain.
+
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of the
+techniques used are rather old, the C source of B<s_client> is rather hard to
+read and not a model of how things should be done.
+A typical SSL client program would be much simpler.
+
+The B<-prexit> option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_cmd(3)>,
+L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/s_server.pod b/openssl-1.1.0h/doc/apps/s_server.pod
new file mode 100644
index 0000000..e8ec91b
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/s_server.pod
@@ -0,0 +1,616 @@
+=pod
+
+=head1 NAME
+
+openssl-s_server,
+s_server - SSL/TLS server program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_server>
+[B<-help>]
+[B<-port port>]
+[B<-accept val>]
+[B<-naccept count>]
+[B<-unix val>]
+[B<-unlink>]
+[B<-4>]
+[B<-6>]
+[B<-context id>]
+[B<-verify depth>]
+[B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-cert filename>]
+[B<-certform DER|PEM>]
+[B<-key keyfile>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
+[B<-dcert filename>]
+[B<-dcertform DER|PEM>]
+[B<-dkey keyfile>]
+[B<-dkeyform DER|PEM>]
+[B<-dpass arg>]
+[B<-dhparam filename>]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-crlf>]
+[B<-debug>]
+[B<-msg>]
+[B<-state>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-use_deltas>]
+[B<-auth_level num>]
+[B<-verify_depth num>]
+[B<-verify_return_error>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-nocert>]
+[B<-client_sigalgs sigalglist>]
+[B<-named_curve curve>]
+[B<-cipher cipherlist>]
+[B<-serverpref>]
+[B<-quiet>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-dtls>]
+[B<-dtls1>]
+[B<-dtls1_2>]
+[B<-listen>]
+[B<-async>]
+[B<-split_send_frag>]
+[B<-max_pipelines>]
+[B<-read_buf>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-no_tls1_1>]
+[B<-no_tls1_2>]
+[B<-no_dhe>]
+[B<-bugs>]
+[B<-comp>]
+[B<-no_comp>]
+[B<-brief>]
+[B<-www>]
+[B<-WWW>]
+[B<-HTTP>]
+[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-id_prefix arg>]
+[B<-rand file(s)>]
+[B<-serverinfo file>]
+[B<-no_resumption_on_reneg>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
+[B<-alpn protocols>]
+[B<-nextprotoneg protocols>]
+
+=head1 DESCRIPTION
+
+The B<s_server> command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+
+=head1 OPTIONS
+
+In addition to the options below the B<s_server> utility also supports the
+common and server only options documented in the
+in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)>
+manual page.
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-port port>
+
+The TCP port to listen on for connections. If not specified 4433 is used.
+
+=item B<-accept val>
+
+The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.
+
+=item B<-naccept count>
+
+The server will exit after receiving B<number> connections, default unlimited.
+
+=item B<-unix val>
+
+Unix domain socket to accept on.
+
+=item B<-unlink>
+
+For -unix, unlink existing socket first.
+
+=item B<-4>
+
+Use IPv4 only.
+
+=item B<-6>
+
+Use IPv6 only.
+
+=item B<-context id>
+
+Sets the SSL context id. It can be given any string value. If this option
+is not present a default value will be used.
+
+=item B<-cert certname>
+
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the DSS cipher suites require a certificate containing a DSS
+(DSA) key. If not specified then the filename "server.pem" will be used.
+
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+The private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-dcert filename>, B<-dkey keyname>
+
+Specify an additional certificate and private key, these behave in the
+same manner as the B<-cert> and B<-key> options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an RSA key
+and some a DSS (DSA) key. By using RSA and DSS certificates and keys
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+
+=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
+
+Additional certificate and private key format and passphrase respectively.
+
+=item B<-nocert>
+
+If this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+DH).
+
+=item B<-dhparam filename>
+
+The DH parameter file to use. The ephemeral DH cipher suites generate keys
+using a set of DH parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file.
+If this fails then a static set of parameters hard coded into the B<s_server>
+program will be used.
+
+=item B<-no_dhe>
+
+If this option is set then no DH parameters will be loaded effectively
+disabling the ephemeral DH cipher suites.
+
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
+=item B<-CApath directory>
+
+The directory to use for client certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the server certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-verify depth>, B<-Verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
+B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
+B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+
+Set different peer certificate verification options.
+See the L<verify(1)> manual page for details.
+
+=item B<-verify_return_error>
+
+Verification errors normally just print a message but allow the
+connection to continue, for debugging purposes.
+If this option is used, then verification errors close the connection.
+
+=item B<-state>
+
+Prints the SSL session states.
+
+=item B<-debug>
+
+Print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+Show all protocol messages with hex dump.
+
+=item B<-trace>
+
+Show verbose trace output of protocol messages. OpenSSL needs to be compiled
+with B<enable-ssl-trace> for this option to work.
+
+=item B<-msgfile>
+
+File to send output of B<-msg> or B<-trace> to, default standard output.
+
+=item B<-nbio_test>
+
+Tests non blocking I/O
+
+=item B<-nbio>
+
+Turns on non blocking I/O
+
+=item B<-crlf>
+
+This option translated a line feed from the terminal into CR+LF.
+
+=item B<-quiet>
+
+Inhibit printing of session and certificate information.
+
+=item B<-psk_hint hint>
+
+Use the PSK identity hint B<hint> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+This option must be provided in order to use a PSK cipher.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+These options require or disable the use of the specified SSL or TLS protocols.
+By default B<s_server> will negotiate the highest mutually supported protocol
+version.
+When a specific TLS version is required, only that version will be accepted
+from the client.
+
+=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+These options make B<s_server> use DTLS protocols instead of TLS.
+With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
+whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
+respectively.
+
+=item B<-listen>
+
+This option can only be used in conjunction with one of the DTLS options above.
+With this option B<s_server> will listen on a UDP port for incoming connections.
+Any ClientHellos that arrive will be checked to see if they have a cookie in
+them or not.
+Any without a cookie will be responded to with a HelloVerifyRequest.
+If a ClientHello with a cookie is received then B<s_server> will connect to
+that peer and complete the handshake.
+
+=item B<-async>
+
+Switch on asynchronous mode. Cryptographic operations will be performed
+asynchronously. This will only have an effect if an asynchronous capable engine
+is also used via the B<-engine> option. For test purposes the dummy async engine
+(dasync) can be used (if available).
+
+=item B<-split_send_frag int>
+
+The size used to split data for encrypt pipelines. If more data is written in
+one go than this value then it will be split into multiple pipelines, up to the
+maximum number of pipelines defined by max_pipelines. This only has an effect if
+a suitable ciphersuite has been negotiated, an engine that supports pipelining
+has been loaded, and max_pipelines is greater than 1. See
+L<SSL_CTX_set_split_send_fragment(3)> for further information.
+
+=item B<-max_pipelines int>
+
+The maximum number of encrypt/decrypt pipelines to be used. This will only have
+an effect if an engine has been loaded that supports pipelining (e.g. the dasync
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
+See L<SSL_CTX_set_max_pipelines(3)> for further information.
+
+=item B<-read_buf int>
+
+The default read buffer size to be used for connections. This will only have an
+effect if the buffer size is larger than the size that would otherwise be used
+and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
+further information).
+
+=item B<-bugs>
+
+There are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-comp>
+
+Enable negotiation of TLS compression.
+This option was introduced in OpenSSL 1.1.0.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-no_comp>
+
+Disable negotiation of TLS compression.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-brief>
+
+Provide a brief summary of connection parameters instead of the normal verbose
+output.
+
+=item B<-client_sigalgs sigalglist>
+
+Signature algorithms to support for client certificate authentication
+(colon-separated list)
+
+=item B<-named_curve curve>
+
+Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
+For a list of all possible curves, use:
+
+    $ openssl ecparam -list_curves
+
+=item B<-cipher cipherlist>
+
+This allows the cipher list used by the server to be modified.  When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the B<ciphers> command for more information.
+
+=item B<-serverpref>
+
+Use the server's cipher preferences, rather than the client's preferences.
+
+=item B<-tlsextdebug>
+
+Print a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+Disable RFC4507bis session ticket support.
+
+=item B<-www>
+
+Sends a status message back to the client when it connects. This includes
+information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+
+=item B<-WWW>
+
+Emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded.
+
+=item B<-HTTP>
+
+Emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded. The files loaded are
+assumed to contain a complete and correct HTTP response (lines that
+are part of the HTTP response line and headers must end with CRLF).
+
+=item B<-rev>
+
+Simple test server which just reverses the text received from the client
+and sends it back to the server. Also sets B<-brief>.
+
+=item B<-engine id>
+
+Specifying an engine (by its unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-id_prefix arg>
+
+Generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
+for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
+servers, when each of which might be generating a unique range of session
+IDs (eg. with a certain prefix).
+
+=item B<-rand file(s)>
+
+A file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-serverinfo file>
+
+A file containing one or more blocks of PEM data.  Each PEM block
+must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
+followed by "length" bytes of extension data).  If the client sends
+an empty TLS ClientHello extension matching the type, the corresponding
+ServerHello extension will be returned.
+
+=item B<-no_resumption_on_reneg>
+
+Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
+
+=item B<-status>
+
+Enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+Enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+Sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+Sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
+
+these flags enable the 
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection request is established with an SSL client and neither the
+B<-www> nor the B<-WWW> option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client.
+
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+
+=over 4
+
+=item B<q>
+
+end the current SSL connection but still accept new connections.
+
+=item B<Q>
+
+end the current SSL connection and exit.
+
+=item B<r>
+
+renegotiate the SSL session.
+
+=item B<R>
+
+renegotiate the SSL session and request a client certificate.
+
+=item B<P>
+
+send some plain text down the underlying TCP connection: this should
+cause the client to disconnect due to a protocol violation.
+
+=item B<S>
+
+print out some session cache status information.
+
+=back
+
+=head1 NOTES
+
+B<s_server> can be used to debug SSL clients. To accept connections from
+a web browser the command:
+
+ openssl s_server -accept 443 -www
+
+can be used for example.
+
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some SSL clients interpret this to
+mean any CA is acceptable. This is useful for debugging purposes.
+
+The session parameters can printed out using the B<sess_id> program.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of the
+techniques used are rather old, the C source of B<s_server> is rather hard to
+read and not a model of how things should be done.
+A typical SSL server program would be much simpler.
+
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+
+There should be a way for the B<s_server> program to print out details of any
+unknown cipher suites a client says it supports.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_cmd(3)>,
+L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/s_time.pod b/openssl-1.1.0h/doc/apps/s_time.pod
new file mode 100644
index 0000000..d44dd93
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/s_time.pod
@@ -0,0 +1,195 @@
+=pod
+
+=head1 NAME
+
+openssl-s_time,
+s_time - SSL/TLS performance timing program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_time>
+[B<-help>]
+[B<-connect host:port>]
+[B<-www page>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-reuse>]
+[B<-new>]
+[B<-verify depth>]
+[B<-nbio>]
+[B<-time seconds>]
+[B<-ssl3>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<s_time> command implements a generic SSL/TLS client which connects to a
+remote host using SSL/TLS. It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements. It measures
+the number of connections within a given timeframe, the amount of data
+transferred (if any), and calculates the average time spent for one connection.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to.
+
+=item B<-www page>
+
+This specifies the page to GET from the server. A value of '/' gets the
+index.htm[l] page. If this parameter is not specified, then B<s_time> will only
+perform the handshake to establish SSL connections but not transfer any
+payload data.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate. The file is in PEM format.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used. The file is in PEM format.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-new>
+
+performs the timing test using a new session ID for each connection.
+If neither B<-new> nor B<-reuse> are specified, they are both on by default
+and executed in sequence.
+
+=item B<-reuse>
+
+performs the timing test using the same session ID; this can be used as a test
+that session caching is working. If neither B<-new> nor B<-reuse> are
+specified, they are both on by default and executed in sequence.
+
+=item B<-nbio>
+
+turns on non-blocking I/O.
+
+=item B<-ssl3>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3 or TLS as appropriate.
+The timing program is not as rich in options to turn protocols on and off as
+the L<s_client(1)> program and may not connect to all servers.
+
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-ssl3> option.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client.
+See the L<ciphers(1)> command for more information.
+
+=item B<-time length>
+
+specifies how long (in seconds) B<s_time> should establish connections and
+optionally transfer payload data from a server. Server and client performance
+and the link speed determine how many connections B<s_time> can establish.
+
+=back
+
+=head1 NOTES
+
+B<s_time> can be used to measure the performance of an SSL connection.
+To connect to an SSL HTTP server and get the default page the command
+
+ openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+
+would typically be used (https uses port 443). 'commoncipher' is a cipher to
+which both client and server can agree, see the L<ciphers(1)> command
+for details.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs> and
+B<-ssl3> options can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using L<s_client(1)> the CA list can be
+viewed and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> option of L<s_client(1)> and
+send an HTTP request for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+=head1 BUGS
+
+Because this program does not have all the options of the
+L<s_client(1)> program to turn protocols on and off, you may not be
+able to measure the performance of all protocols with all servers.
+
+The B<-verify> option should really exit if the server verification
+fails.
+
+=head1 SEE ALSO
+
+L<s_client(1)>, L<s_server(1)>, L<ciphers(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/sess_id.pod b/openssl-1.1.0h/doc/apps/sess_id.pod
new file mode 100644
index 0000000..7766c71
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/sess_id.pod
@@ -0,0 +1,164 @@
+=pod
+
+=head1 NAME
+
+openssl-sess_id,
+sess_id - SSL/TLS session handling utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<sess_id>
+[B<-help>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER|NSS>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-text>]
+[B<-noout>]
+[B<-context ID>]
+
+=head1 DESCRIPTION
+
+The B<sess_id> process the encoded version of the SSL session structure
+and optionally prints out SSL session details (for example the SSL session
+master key) in human readable format. Since this is a diagnostic tool that
+needs some knowledge of the SSL protocol to use properly, most users will
+not need to use it.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+format containing session details. The precise format can vary from one version
+to the next.  The B<PEM> form is the default format: it consists of the B<DER>
+format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM|NSS>
+
+This specifies the output format. The B<PEM> and B<DER> options have the same meaning
+as the B<-inform> option. The B<NSS> option outputs the session id and the master key
+in NSS keylog format.
+
+=item B<-in filename>
+
+This specifies the input filename to read session information from or standard
+input by default.
+
+=item B<-out filename>
+
+This specifies the output filename to write session information to or standard
+output if this option is not specified.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+
+=item B<-cert>
+
+if a certificate is present in the session it will be output using this option,
+if the B<-text> option is also present then it will be printed out in text form.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the session.
+
+=item B<-context ID>
+
+this option can set the session id so the output session information uses the
+supplied ID. The ID can be any string of characters. This option won't normally
+be used.
+
+=back
+
+=head1 OUTPUT
+
+Typical output:
+
+ SSL-Session:
+     Protocol  : TLSv1
+     Cipher    : 0016
+     Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+     Session-ID-ctx: 01000000
+     Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+     Key-Arg   : None
+     Start Time: 948459261
+     Timeout   : 300 (sec)
+     Verify return code 0 (ok)
+
+Theses are described below in more detail.
+
+=over 4
+
+=item B<Protocol>
+
+this is the protocol in use TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
+
+=item B<Cipher>
+
+the cipher used this is the actual raw SSL or TLS cipher code, see the SSL
+or TLS specifications for more information.
+
+=item B<Session-ID>
+
+the SSL session ID in hex format.
+
+=item B<Session-ID-ctx>
+
+the session ID context in hex format.
+
+=item B<Master-Key>
+
+this is the SSL session master key.
+
+=item B<Start Time>
+
+this is the session start time represented as an integer in standard Unix format.
+
+=item B<Timeout>
+
+the timeout in seconds.
+
+=item B<Verify return code>
+
+this is the return code when an SSL client certificate is verified.
+
+=back
+
+=head1 NOTES
+
+The PEM encoded session format uses the header and footer lines:
+
+ -----BEGIN SSL SESSION PARAMETERS-----
+ -----END SSL SESSION PARAMETERS-----
+
+Since the SSL session output contains the master key it is possible to read the contents
+of an encrypted session using this information. Therefore appropriate security precautions
+should be taken if the information is being output by a "real" application. This is
+however strongly discouraged and should only be used for debugging purposes.
+
+=head1 BUGS
+
+The cipher and start time should be printed out in human readable form.
+
+=head1 SEE ALSO
+
+L<ciphers(1)>, L<s_server(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/smime.pod b/openssl-1.1.0h/doc/apps/smime.pod
new file mode 100644
index 0000000..753e275
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/smime.pod
@@ -0,0 +1,518 @@
+=pod
+
+=head1 NAME
+
+openssl-smime,
+smime - S/MIME utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<smime>
+[B<-help>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-resign>]
+[B<-verify>]
+[B<-pk7out>]
+[B<-binary>]
+[B<-crlfeol>]
+[B<-[cipher]>]
+[B<-in file>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-use_deltas>]
+[B<-auth_level num>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-certfile file>]
+[B<-signer file>]
+[B<-recip  file>]
+[B<-inform SMIME|PEM|DER>]
+[B<-passin arg>]
+[B<-inkey file_or_id>]
+[B<-out file>]
+[B<-outform SMIME|PEM|DER>]
+[B<-content file>]
+[B<-to addr>]
+[B<-from ad>]
+[B<-subject s>]
+[B<-text>]
+[B<-indef>]
+[B<-noindef>]
+[B<-stream>]
+[B<-rand file(s)>]
+[B<-md digest>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+
+=head1 OPTIONS
+
+There are six operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format.
+
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-pk7out>
+
+takes an input message and writes out a PEM encoded PKCS#7 structure.
+
+=item B<-resign>
+
+resign a message: take an existing message and one or more new signers.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the MIME message to
+be decrypted or verified.
+
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the PKCS#7 structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the PKCS#7 structure. The default
+is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-stream -indef -noindef>
+
+the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+
+=item B<-noindef>
+
+disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME
+type text/plain then an error occurs.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-md digest>
+
+digest algorithm to use when signing or resigning. If not present then the
+default digest algorithm for the signing key will be used (usually SHA1).
+
+=item B<-[cipher]>
+
+the encryption algorithm to use. For example DES  (56 bits) - B<-des>,
+triple DES (168 bits) - B<-des3>,
+EVP_get_cipherbyname() function) can also be used preceded by a dash, for
+example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for list of ciphers
+supported by your version of OpenSSL.
+
+If not specified triple DES is used. Only used with B<-encrypt>.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-noverify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nochain>
+
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+
+=item B<-nosigs>
+
+don't try to verify the signatures on the message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-crlfeol>
+
+normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-signer file>
+
+a signing certificate when signing or resigning a message, this option can be
+used multiple times if more than one signer is required. If a message is being
+verified then the signers certificates will be written to this file if the
+verification was successful.
+
+=item B<-recip file>
+
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+
+=item B<-inkey file_or_id>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
+
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message.
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
+B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
+B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+
+Set various options of certificate chain verification. See
+L<verify(1)> manual page for details.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers or many S/MIME clients won't display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+
+The B<-resign> option uses an existing message digest when adding a new
+signer. This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+
+The B<-stream> and B<-indef> options enable streaming I/O support.
+As a result the encoding is BER using indefinite length constructed encoding
+and no longer DER. Streaming is supported for the B<-encrypt> operation and the
+B<-sign> operation if the content is not detached.
+
+Streaming is always used for the B<-sign> operation with detached data but
+since the content is no longer part of the PKCS#7 structure the encoding
+remains DER.
+
+=head1 EXIT CODES
+
+=over 4
+
+=item Z<>0
+
+the operation was completely successfully.
+
+=item Z<>1
+
+an error occurred parsing the command options.
+
+=item Z<>2
+
+one of the input files could not be read.
+
+=item Z<>3
+
+an error occurred creating the PKCS#7 file or when reading the MIME
+message.
+
+=item Z<>4
+
+an error occurred decrypting or verifying the message.
+
+=item Z<>5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
+
+Create an opaque signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl smime -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Create a signed message with two signers:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl smime -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl smime -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl smime -sign -in ml.txt -signer my.pem -text \
+        | openssl smime -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the
+message being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+and using the command:
+
+ openssl smime -verify -inform PEM -in signature.pem -content content.txt
+
+Alternatively you can base64 decode the signature and use:
+
+ openssl smime -verify -inform DER -in signature.der -content content.txt
+
+Create an encrypted message using 128 bit Camellia:
+
+ openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+
+Add a signer to an existing message:
+
+ openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've
+thrown at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if
+the signer has a separate encryption certificate this must be manually
+extracted. There should be some heuristic that determines the correct
+encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email
+address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. This means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
+
+=head1 HISTORY
+
+The use of multiple B<-signer> options and the B<-resign> command were first
+added in OpenSSL 1.0.0
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/speed.pod b/openssl-1.1.0h/doc/apps/speed.pod
new file mode 100644
index 0000000..4379319
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/speed.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+openssl-speed,
+speed - test library performance
+
+=head1 SYNOPSIS
+
+B<openssl speed>
+[B<-help>]
+[B<-engine id>]
+[B<-elapsed>]
+[B<-evp algo>]
+[B<-decrypt>]
+[B<algorithm...>]
+
+=head1 DESCRIPTION
+
+This command is used to test the performance of cryptographic algorithms.
+To see the list of supported algorithms, use the I<list --digest-commands>
+or I<list --cipher-commands> command.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-elapsed>
+
+Measure time in real time instead of CPU time. It can be useful when testing
+speed of hardware engines.
+
+=item B<-evp algo>
+
+Use the specified cipher or message digest algorithm via the EVP interface.
+
+=item B<-decrypt>
+
+Time the decryption instead of encryption. Affects only the EVP testing.
+
+=item B<[zero or more test algorithms]>
+
+If any options are given, B<speed> tests those algorithms, otherwise all of
+the above are tested.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/spkac.pod b/openssl-1.1.0h/doc/apps/spkac.pod
new file mode 100644
index 0000000..e337e4e
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/spkac.pod
@@ -0,0 +1,148 @@
+=pod
+
+=head1 NAME
+
+openssl-spkac,
+spkac - SPKAC printing and generating utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<spkac>
+[B<-help>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-key keyfile>]
+[B<-passin arg>]
+[B<-challenge string>]
+[B<-pubkey>]
+[B<-spkac spkacname>]
+[B<-spksect section>]
+[B<-noout>]
+[B<-verify>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<spkac> command processes Netscape signed public key and challenge
+(SPKAC) files. It can print out their contents, verify the signature and
+produce its own SPKACs from a supplied private key.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified. Ignored if the B<-key> option is used.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-key keyfile>
+
+create an SPKAC file using the private key in B<keyfile>. The
+B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
+present.
+
+=item B<-passin password>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-challenge string>
+
+specifies the challenge string if an SPKAC is being created.
+
+=item B<-spkac spkacname>
+
+allows an alternative name form the variable containing the
+SPKAC. The default is "SPKAC". This option affects both
+generated and input SPKAC files.
+
+=item B<-spksect section>
+
+allows an alternative name form the section containing the
+SPKAC. The default is the default section.
+
+=item B<-noout>
+
+don't output the text version of the SPKAC (not used if an
+SPKAC is being created).
+
+=item B<-pubkey>
+
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+
+=item B<-verify>
+
+verifies the digital signature on the supplied SPKAC.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<spkac>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head1 EXAMPLES
+
+Print out the contents of an SPKAC:
+
+ openssl spkac -in spkac.cnf
+
+Verify the signature of an SPKAC:
+
+ openssl spkac -in spkac.cnf -noout -verify
+
+Create an SPKAC using the challenge string "hello":
+
+ openssl spkac -key key.pem -challenge hello -out spkac.cnf
+
+Example of an SPKAC, (long lines split up for clarity):
+
+ SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\
+ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\
+ PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\
+ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\
+ 4=
+
+=head1 NOTES
+
+A created SPKAC with suitable DN components appended can be fed into
+the B<ca> utility.
+
+SPKACs are typically generated by Netscape when a form is submitted
+containing the B<KEYGEN> tag as part of the certificate enrollment
+process.
+
+The challenge string permits a primitive form of proof of possession
+of private key. By checking the SPKAC signature and a random challenge
+string some guarantee is given that the user knows the private key
+corresponding to the public key being certified. This is important in
+some applications. Without this it is possible for a previous SPKAC
+to be used in a "replay attack".
+
+=head1 SEE ALSO
+
+L<ca(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/ts.pod b/openssl-1.1.0h/doc/apps/ts.pod
new file mode 100644
index 0000000..0c949bf
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/ts.pod
@@ -0,0 +1,662 @@
+=pod
+
+=head1 NAME
+
+openssl-ts,
+ts - Time Stamping Authority tool (client/server)
+
+=head1 SYNOPSIS
+
+B<openssl> B<ts>
+B<-query>
+[B<-rand> file:file...]
+[B<-config> configfile]
+[B<-data> file_to_hash]
+[B<-digest> digest_bytes]
+[B<-[digest]>]
+[B<-tspolicy> object_id]
+[B<-no_nonce>]
+[B<-cert>]
+[B<-in> request.tsq]
+[B<-out> request.tsq]
+[B<-text>]
+
+B<openssl> B<ts>
+B<-reply>
+[B<-config> configfile]
+[B<-section> tsa_section]
+[B<-queryfile> request.tsq]
+[B<-passin> password_src]
+[B<-signer> tsa_cert.pem]
+[B<-inkey> file_or_id]
+[B<-sha1|-sha224|-sha256|-sha384|-sha512>]
+[B<-chain> certs_file.pem]
+[B<-tspolicy> object_id]
+[B<-in> response.tsr]
+[B<-token_in>]
+[B<-out> response.tsr]
+[B<-token_out>]
+[B<-text>]
+[B<-engine> id]
+
+B<openssl> B<ts>
+B<-verify>
+[B<-data> file_to_hash]
+[B<-digest> digest_bytes]
+[B<-queryfile> request.tsq]
+[B<-in> response.tsr]
+[B<-token_in>]
+[B<-CApath> trusted_cert_path]
+[B<-CAfile> trusted_certs.pem]
+[B<-untrusted> cert_file.pem]
+[I<verify options>]
+
+I<verify options:>
+[-attime timestamp]
+[-check_ss_sig]
+[-crl_check]
+[-crl_check_all]
+[-explicit_policy]
+[-extended_crl]
+[-ignore_critical]
+[-inhibit_any]
+[-inhibit_map]
+[-issuer_checks]
+[-no_alt_chains]
+[-no_check_time]
+[-partial_chain]
+[-policy arg]
+[-policy_check]
+[-policy_print]
+[-purpose purpose]
+[-suiteB_128]
+[-suiteB_128_only]
+[-suiteB_192]
+[-trusted_first]
+[-use_deltas]
+[-auth_level num]
+[-verify_depth num]
+[-verify_email email]
+[-verify_hostname hostname]
+[-verify_ip ip]
+[-verify_name name]
+[-x509_strict]
+
+=head1 DESCRIPTION
+
+The B<ts> command is a basic Time Stamping Authority (TSA) client and server
+application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A
+TSA can be part of a PKI deployment and its role is to provide long
+term proof of the existence of a certain datum before a particular
+time. Here is a brief description of the protocol:
+
+=over 4
+
+=item 1.
+
+The TSA client computes a one-way hash value for a data file and sends
+the hash to the TSA.
+
+=item 2.
+
+The TSA attaches the current date and time to the received hash value,
+signs them and sends the time stamp token back to the client. By
+creating this token the TSA certifies the existence of the original
+data file at the time of response generation.
+
+=item 3.
+
+The TSA client receives the time stamp token and verifies the
+signature on it. It also checks if the token contains the same hash
+value that it had sent to the TSA.
+
+=back
+
+There is one DER encoded protocol data unit defined for transporting a time
+stamp request to the TSA and one for sending the time stamp response
+back to the client. The B<ts> command has three main functions:
+creating a time stamp request based on a data file,
+creating a time stamp response based on a request, verifying if a
+response corresponds to a particular request or a data file.
+
+There is no support for sending the requests/responses automatically
+over HTTP or TCP yet as suggested in RFC 3161. The users must send the
+requests either by ftp or e-mail.
+
+=head1 OPTIONS
+
+=head2 Time Stamp Request generation
+
+The B<-query> switch can be used for creating and printing a time stamp
+request with the following options:
+
+=over 4
+
+=item B<-rand> file:file...
+
+The files containing random data for seeding the random number
+generator. Multiple files can be specified, the separator is B<;> for
+MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
+
+=item B<-config> configfile
+
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+
+=item B<-data> file_to_hash
+
+The data file for which the time stamp request needs to be
+created. stdin is the default if neither the B<-data> nor the B<-digest>
+parameter is specified. (Optional)
+
+=item B<-digest> digest_bytes
+
+It is possible to specify the message imprint explicitly without the data
+file. The imprint must be specified in a hexadecimal format, two characters
+per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
+1AF601...). The number of bytes must match the message digest algorithm
+in use. (Optional)
+
+=item B<-[digest]>
+
+The message digest to apply to the data file.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+The default is SHA-1. (Optional)
+
+=item B<-tspolicy> object_id
+
+The policy that the client expects the TSA to use for creating the
+time stamp token. Either the dotted OID notation or OID names defined
+in the config file can be used. If no policy is requested the TSA will
+use its own default policy. (Optional)
+
+=item B<-no_nonce>
+
+No nonce is specified in the request if this option is
+given. Otherwise a 64 bit long pseudo-random none is
+included in the request. It is recommended to use nonce to
+protect against replay-attacks. (Optional)
+
+=item B<-cert>
+
+The TSA is expected to include its signing certificate in the
+response. (Optional)
+
+=item B<-in> request.tsq
+
+This option specifies a previously created time stamp request in DER
+format that will be printed into the output file. Useful when you need
+to examine the content of a request in human-readable
+format. (Optional)
+
+=item B<-out> request.tsq
+
+Name of the output file to which the request will be written. Default
+is stdout. (Optional)
+
+=item B<-text>
+
+If this option is specified the output is human-readable text format
+instead of DER. (Optional)
+
+=back
+
+=head2 Time Stamp Response generation
+
+A time stamp response (TimeStampResp) consists of a response status
+and the time stamp token itself (ContentInfo), if the token generation was
+successful. The B<-reply> command is for creating a time stamp
+response or time stamp token based on a request and printing the
+response/token in human-readable format. If B<-token_out> is not
+specified the output is always a time stamp response (TimeStampResp),
+otherwise it is a time stamp token (ContentInfo).
+
+=over 4
+
+=item B<-config> configfile
+
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+See B<CONFIGURATION FILE OPTIONS> for configurable variables.
+
+=item B<-section> tsa_section
+
+The name of the config file section containing the settings for the
+response generation. If not specified the default TSA section is
+used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional)
+
+=item B<-queryfile> request.tsq
+
+The name of the file containing a DER encoded time stamp request. (Optional)
+
+=item B<-passin> password_src
+
+Specifies the password source for the private key of the TSA. See
+B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional)
+
+=item B<-signer> tsa_cert.pem
+
+The signer certificate of the TSA in PEM format. The TSA signing
+certificate must have exactly one extended key usage assigned to it:
+timeStamping. The extended key usage must also be critical, otherwise
+the certificate is going to be refused. Overrides the B<signer_cert>
+variable of the config file. (Optional)
+
+=item B<-inkey> file_or_id
+
+The signer private key of the TSA in PEM format. Overrides the
+B<signer_key> config file option. (Optional)
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
+
+=item B<-sha1|-sha224|-sha256|-sha384|-sha512>
+
+Signing digest to use. Overrides the B<signer_digest> config file
+option. (Optional)
+
+=item B<-chain> certs_file.pem
+
+The collection of certificates in PEM format that will all
+be included in the response in addition to the signer certificate if
+the B<-cert> option was used for the request. This file is supposed to
+contain the certificate chain for the signer certificate from its
+issuer upwards. The B<-reply> command does not build a certificate
+chain automatically. (Optional)
+
+=item B<-tspolicy> object_id
+
+The default policy to use for the response unless the client
+explicitly requires a particular TSA policy. The OID can be specified
+either in dotted notation or with its name. Overrides the
+B<default_policy> config file option. (Optional)
+
+=item B<-in> response.tsr
+
+Specifies a previously created time stamp response or time stamp token
+(if B<-token_in> is also specified) in DER format that will be written
+to the output file. This option does not require a request, it is
+useful e.g. when you need to examine the content of a response or
+token or you want to extract the time stamp token from a response. If
+the input is a token and the output is a time stamp response a default
+'granted' status info is added to the token. (Optional)
+
+=item B<-token_in>
+
+This flag can be used together with the B<-in> option and indicates
+that the input is a DER encoded time stamp token (ContentInfo) instead
+of a time stamp response (TimeStampResp). (Optional)
+
+=item B<-out> response.tsr
+
+The response is written to this file. The format and content of the
+file depends on other options (see B<-text>, B<-token_out>). The default is
+stdout. (Optional)
+
+=item B<-token_out>
+
+The output is a time stamp token (ContentInfo) instead of time stamp
+response (TimeStampResp). (Optional)
+
+=item B<-text>
+
+If this option is specified the output is human-readable text format
+instead of DER. (Optional)
+
+=item B<-engine> id
+
+Specifying an engine (by its unique B<id> string) will cause B<ts>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms. Default is builtin. (Optional)
+
+=back
+
+=head2 Time Stamp Response verification
+
+The B<-verify> command is for verifying if a time stamp response or time
+stamp token is valid and matches a particular time stamp request or
+data file. The B<-verify> command does not use the configuration file.
+
+=over 4
+
+=item B<-data> file_to_hash
+
+The response or token must be verified against file_to_hash. The file
+is hashed with the message digest algorithm specified in the token.
+The B<-digest> and B<-queryfile> options must not be specified with this one.
+(Optional)
+
+=item B<-digest> digest_bytes
+
+The response or token must be verified against the message digest specified
+with this option. The number of bytes must match the message digest algorithm
+specified in the token. The B<-data> and B<-queryfile> options must not be
+specified with this one. (Optional)
+
+=item B<-queryfile> request.tsq
+
+The original time stamp request in DER format. The B<-data> and B<-digest>
+options must not be specified with this one. (Optional)
+
+=item B<-in> response.tsr
+
+The time stamp response that needs to be verified in DER format. (Mandatory)
+
+=item B<-token_in>
+
+This flag can be used together with the B<-in> option and indicates
+that the input is a DER encoded time stamp token (ContentInfo) instead
+of a time stamp response (TimeStampResp). (Optional)
+
+=item B<-CApath> trusted_cert_path
+
+The name of the directory containing the trusted CA certificates of the
+client. See the similar option of L<verify(1)> for additional
+details. Either this option or B<-CAfile> must be specified. (Optional)
+
+
+=item B<-CAfile> trusted_certs.pem
+
+The name of the file containing a set of trusted self-signed CA
+certificates in PEM format. See the similar option of
+L<verify(1)> for additional details. Either this option
+or B<-CApath> must be specified.
+(Optional)
+
+=item B<-untrusted> cert_file.pem
+
+Set of additional untrusted certificates in PEM format which may be
+needed when building the certificate chain for the TSA's signing
+certificate. This file must contain the TSA signing certificate and
+all intermediate CA certificates unless the response includes them.
+(Optional)
+
+=item I<verify options>
+
+The options B<-attime timestamp>, B<-check_ss_sig>, B<-crl_check>,
+B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>,
+B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-no_alt_chains>,
+B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>,
+B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>,
+B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>,
+B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
+B<-verify_name>, and B<-x509_strict> can be used to control timestamp
+verification.  See L<verify(1)>.
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The B<-query> and B<-reply> commands make use of a configuration file.
+See L<config(5)>
+for a general description of the syntax of the config file. The
+B<-query> command uses only the symbolic OID names section
+and it can work without it. However, the B<-reply> command needs the
+config file for its operation.
+
+When there is a command line switch equivalent of a variable the
+switch always overrides the settings in the config file.
+
+=over 4
+
+=item B<tsa> section, B<default_tsa>
+
+This is the main section and it specifies the name of another section
+that contains all the options for the B<-reply> command. This default
+section can be overridden with the B<-section> command line switch. (Optional)
+
+=item B<oid_file>
+
+See L<ca(1)> for description. (Optional)
+
+=item B<oid_section>
+
+See L<ca(1)> for description. (Optional)
+
+=item B<RANDFILE>
+
+See L<ca(1)> for description. (Optional)
+
+=item B<serial>
+
+The name of the file containing the hexadecimal serial number of the
+last time stamp response created. This number is incremented by 1 for
+each response. If the file does not exist at the time of response
+generation a new file is created with serial number 1. (Mandatory)
+
+=item B<crypto_device>
+
+Specifies the OpenSSL engine that will be set as the default for
+all available algorithms. The default value is builtin, you can specify
+any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM).
+(Optional)
+
+=item B<signer_cert>
+
+TSA signing certificate in PEM format. The same as the B<-signer>
+command line option. (Optional)
+
+=item B<certs>
+
+A file containing a set of PEM encoded certificates that need to be
+included in the response. The same as the B<-chain> command line
+option. (Optional)
+
+=item B<signer_key>
+
+The private key of the TSA in PEM format. The same as the B<-inkey>
+command line option. (Optional)
+
+=item B<signer_digest>
+
+Signing digest to use. The same as the
+B<-sha1|-sha224|-sha256|-sha384|-sha512> command line option. (Optional)
+
+=item B<default_policy>
+
+The default policy to use when the request does not mandate any
+policy. The same as the B<-tspolicy> command line option. (Optional)
+
+=item B<other_policies>
+
+Comma separated list of policies that are also acceptable by the TSA
+and used only if the request explicitly specifies one of them. (Optional)
+
+=item B<digests>
+
+The list of message digest algorithms that the TSA accepts. At least
+one algorithm must be specified. (Mandatory)
+
+=item B<accuracy>
+
+The accuracy of the time source of the TSA in seconds, milliseconds
+and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of
+the components is missing zero is assumed for that field. (Optional)
+
+=item B<clock_precision_digits>
+
+Specifies the maximum number of digits, which represent the fraction of
+seconds, that  need to be included in the time field. The trailing zeroes
+must be removed from the time, so there might actually be fewer digits,
+or no fraction of seconds at all. Supported only on UNIX platforms.
+The maximum value is 6, default is 0.
+(Optional)
+
+=item B<ordering>
+
+If this option is yes the responses generated by this TSA can always
+be ordered, even if the time difference between two responses is less
+than the sum of their accuracies. Default is no. (Optional)
+
+=item B<tsa_name>
+
+Set this option to yes if the subject name of the TSA must be included in
+the TSA name field of the response. Default is no. (Optional)
+
+=item B<ess_cert_id_chain>
+
+The SignedData objects created by the TSA always contain the
+certificate identifier of the signing certificate in a signed
+attribute (see RFC 2634, Enhanced Security Services). If this option
+is set to yes and either the B<certs> variable or the B<-chain> option
+is specified then the certificate identifiers of the chain will also
+be included in the SigningCertificate signed attribute. If this
+variable is set to no, only the signing certificate identifier is
+included. Default is no. (Optional)
+
+=back
+
+=head1 EXAMPLES
+
+All the examples below presume that B<OPENSSL_CONF> is set to a proper
+configuration file, e.g. the example configuration file
+openssl/apps/openssl.cnf will do.
+
+=head2 Time Stamp Request
+
+To create a time stamp request for design1.txt with SHA-1
+without nonce and policy and no certificate is required in the response:
+
+  openssl ts -query -data design1.txt -no_nonce \
+        -out design1.tsq
+
+To create a similar time stamp request with specifying the message imprint
+explicitly:
+
+  openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+         -no_nonce -out design1.tsq
+
+To print the content of the previous request in human readable format:
+
+  openssl ts -query -in design1.tsq -text
+
+To create a time stamp request which includes the MD-5 digest
+of design2.txt, requests the signer certificate and nonce,
+specifies a policy id (assuming the tsa_policy1 name is defined in the
+OID section of the config file):
+
+  openssl ts -query -data design2.txt -md5 \
+        -tspolicy tsa_policy1 -cert -out design2.tsq
+
+=head2 Time Stamp Response
+
+Before generating a response a signing certificate must be created for
+the TSA that contains the B<timeStamping> critical extended key usage extension
+without any other key usage extensions. You can add the
+'extendedKeyUsage = critical,timeStamping' line to the user certificate section
+of the config file to generate a proper certificate. See L<req(1)>,
+L<ca(1)>, L<x509(1)> for instructions. The examples
+below assume that cacert.pem contains the certificate of the CA,
+tsacert.pem is the signing certificate issued by cacert.pem and
+tsakey.pem is the private key of the TSA.
+
+To create a time stamp response for a request:
+
+  openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
+        -signer tsacert.pem -out design1.tsr
+
+If you want to use the settings in the config file you could just write:
+
+  openssl ts -reply -queryfile design1.tsq -out design1.tsr
+
+To print a time stamp reply to stdout in human readable format:
+
+  openssl ts -reply -in design1.tsr -text
+
+To create a time stamp token instead of time stamp response:
+
+  openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
+
+To print a time stamp token to stdout in human readable format:
+
+  openssl ts -reply -in design1_token.der -token_in -text -token_out
+
+To extract the time stamp token from a response:
+
+  openssl ts -reply -in design1.tsr -out design1_token.der -token_out
+
+To add 'granted' status info to a time stamp token thereby creating a
+valid response:
+
+  openssl ts -reply -in design1_token.der -token_in -out design1.tsr
+
+=head2 Time Stamp Verification
+
+To verify a time stamp reply against a request:
+
+  openssl ts -verify -queryfile design1.tsq -in design1.tsr \
+        -CAfile cacert.pem -untrusted tsacert.pem
+
+To verify a time stamp reply that includes the certificate chain:
+
+  openssl ts -verify -queryfile design2.tsq -in design2.tsr \
+        -CAfile cacert.pem
+
+To verify a time stamp token against the original data file:
+  openssl ts -verify -data design2.txt -in design2.tsr \
+        -CAfile cacert.pem
+
+To verify a time stamp token against a message imprint:
+  openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+         -in design2.tsr -CAfile cacert.pem
+
+You could also look at the 'test' directory for more examples.
+
+=head1 BUGS
+
+=for comment foreign manuals: procmail(1), perl(1)
+
+If you find any bugs or you have suggestions please write to
+Zoltan Glozik <zglozik@opentsa.org>. Known issues:
+
+=over 2
+
+=item *
+
+No support for time stamps over SMTP, though it is quite easy
+to implement an automatic e-mail based TSA with L<procmail(1)>
+and L<perl(1)>. HTTP server support is provided in the form of
+a separate apache module. HTTP client support is provided by
+L<tsget(1)>. Pure TCP/IP protocol is not supported.
+
+=item *
+
+The file containing the last serial number of the TSA is not
+locked when being read or written. This is a problem if more than one
+instance of L<openssl(1)> is trying to create a time stamp
+response at the same time. This is not an issue when using the apache
+server module, it does proper locking.
+
+=item *
+
+Look for the FIXME word in the source files.
+
+=item *
+
+The source code should really be reviewed by somebody else, too.
+
+=item *
+
+More testing is needed, I have done only some basic tests (see
+test/testtsa).
+
+=back
+
+=head1 SEE ALSO
+
+L<tsget(1)>, L<openssl(1)>, L<req(1)>,
+L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
+L<config(5)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/tsget.pod b/openssl-1.1.0h/doc/apps/tsget.pod
new file mode 100644
index 0000000..f566f3a
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/tsget.pod
@@ -0,0 +1,200 @@
+=pod
+
+=head1 NAME
+
+openssl-tsget,
+tsget - Time Stamping HTTP/HTTPS client
+
+=head1 SYNOPSIS
+
+B<tsget>
+B<-h> server_url
+[B<-e> extension]
+[B<-o> output]
+[B<-v>]
+[B<-d>]
+[B<-k> private_key.pem]
+[B<-p> key_password]
+[B<-c> client_cert.pem]
+[B<-C> CA_certs.pem]
+[B<-P> CA_path]
+[B<-r> file:file...]
+[B<-g> EGD_socket]
+[request]...
+
+=head1 DESCRIPTION
+
+The B<tsget> command can be used for sending a time stamp request, as
+specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing
+the time stamp response in a file. This tool cannot be used for creating the
+requests and verifying responses, you can use the OpenSSL B<ts(1)> command to
+do that. B<tsget> can send several requests to the server without closing
+the TCP connection if more than one requests are specified on the command
+line.
+
+The tool sends the following HTTP request for each time stamp request:
+
+        POST url HTTP/1.1
+        User-Agent: OpenTSA tsget.pl/<version>
+        Host: <host>:<port>
+        Pragma: no-cache
+        Content-Type: application/timestamp-query
+        Accept: application/timestamp-reply
+        Content-Length: length of body
+
+        ...binary request specified by the user...
+
+B<tsget> expects a response of type application/timestamp-reply, which is
+written to a file without any interpretation.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-h> server_url
+
+The URL of the HTTP/HTTPS server listening for time stamp requests.
+
+=item B<-e> extension
+
+If the B<-o> option is not given this argument specifies the extension of the
+output files. The base name of the output file will be the same as those of
+the input files. Default extension is '.tsr'. (Optional)
+
+=item B<-o> output
+
+This option can be specified only when just one request is sent to the
+server. The time stamp response will be written to the given output file. '-'
+means standard output. In case of multiple time stamp requests or the absence
+of this argument the names of the output files will be derived from the names
+of the input files and the default or specified extension argument. (Optional)
+
+=item B<-v>
+
+The name of the currently processed request is printed on standard
+error. (Optional)
+
+=item B<-d>
+
+Switches on verbose mode for the underlying B<curl> library. You can see
+detailed debug messages for the connection. (Optional)
+
+=item B<-k> private_key.pem
+
+(HTTPS) In case of certificate-based client authentication over HTTPS
+<private_key.pem> must contain the private key of the user. The private key
+file can optionally be protected by a passphrase. The B<-c> option must also
+be specified. (Optional)
+
+=item B<-p> key_password
+
+(HTTPS) Specifies the passphrase for the private key specified by the B<-k>
+argument. If this option is omitted and the key is passphrase protected B<tsget>
+will ask for it. (Optional)
+
+=item B<-c> client_cert.pem
+
+(HTTPS) In case of certificate-based client authentication over HTTPS
+<client_cert.pem> must contain the X.509 certificate of the user.  The B<-k>
+option must also be specified. If this option is not specified no
+certificate-based client authentication will take place. (Optional)
+
+=item B<-C> CA_certs.pem
+
+(HTTPS) The trusted CA certificate store. The certificate chain of the peer's
+certificate must include one of the CA certificates specified in this file.
+Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional)
+
+=item B<-P> CA_path
+
+(HTTPS) The path containing the trusted CA certificates to verify the peer's
+certificate. The directory must be prepared with the B<c_rehash>
+OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
+HTTPS. (Optional)
+
+=item B<-rand> file:file...
+
+The files containing random data for seeding the random number
+generator. Multiple files can be specified, the separator is B<;> for
+MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
+
+=item B<-g> EGD_socket
+
+The name of an EGD socket to get random data from. (Optional)
+
+=item [request]...
+
+List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
+requests are specified only one request will be sent to the server and it will be
+read from the standard input. (Optional)
+
+=back
+
+=head1 ENVIRONMENT VARIABLES
+
+The B<TSGET> environment variable can optionally contain default
+arguments. The content of this variable is added to the list of command line
+arguments.
+
+=head1 EXAMPLES
+
+The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid
+time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
+and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
+absolute path.
+
+Get a time stamp response for file1.tsq over HTTP, output is written to
+file1.tsr:
+
+  tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
+
+Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
+progress, output is written to file1.reply and file2.reply respectively:
+
+  tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
+        file1.tsq file2.tsq
+
+Create a time stamp request, write it to file3.tsq, send it to the server and
+write the response to file3.tsr:
+
+  openssl ts -query -data file3.txt -cert | tee file3.tsq \
+        | tsget -h http://tsa.opentsa.org:8080/tsa \
+        -o file3.tsr
+
+Get a time stamp response for file1.tsq over HTTPS without client
+authentication:
+
+  tsget -h https://tsa.opentsa.org:8443/tsa \
+        -C cacerts.pem file1.tsq
+
+Get a time stamp response for file1.tsq over HTTPS with certificate-based
+client authentication (it will ask for the passphrase if client_key.pem is
+protected):
+
+  tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem file1.tsq
+
+You can shorten the previous command line if you make use of the B<TSGET>
+environment variable. The following commands do the same as the previous
+example:
+
+  TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem'
+  export TSGET
+  tsget file1.tsq
+
+=head1 SEE ALSO
+
+L<openssl(1)>, L<ts(1)>, L<curl(1)>,
+B<RFC 3161>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/verify.pod b/openssl-1.1.0h/doc/apps/verify.pod
new file mode 100644
index 0000000..38fa346
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/verify.pod
@@ -0,0 +1,725 @@
+=pod
+
+=head1 NAME
+
+openssl-verify,
+verify - Utility to verify certificates
+
+=head1 SYNOPSIS
+
+B<openssl> B<verify>
+[B<-help>]
+[B<-CAfile file>]
+[B<-CApath directory>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+[B<-allow_proxy_certs>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-CRLfile file>]
+[B<-crl_download>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-engine id>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
+[B<-untrusted file>]
+[B<-trusted file>]
+[B<-use_deltas>]
+[B<-verbose>]
+[B<-auth_level level>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
+[B<-show_chain>]
+[B<->]
+[certificates]
+
+=head1 DESCRIPTION
+
+The B<verify> command verifies certificate chains.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-CAfile file>
+
+A B<file> of trusted certificates.
+The file should contain one or more certificates in PEM format.
+
+=item B<-CApath directory>
+
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form ("hash" is the hashed certificate subject name: see the B<-hash> option
+of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
+create symbolic links to a directory of certificates.
+
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates
+
+=item B<-attime timestamp>
+
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
+
+=item B<-check_ss_sig>
+
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
+
+=item B<-CRLfile file>
+
+The B<file> should contain one or more CRLs in PEM format.
+This option can be specified more than once to include CRLs from multiple
+B<files>.
+
+=item B<-crl_download>
+
+Attempt to download CRL information for this certificate.
+
+=item B<-crl_check>
+
+Checks end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found an error occurs.
+
+=item B<-crl_check_all>
+
+Checks the validity of B<all> certificates in the chain by attempting
+to look up valid CRLs.
+
+=item B<-engine id>
+
+Specifying an engine B<id> will cause L<verify(1)> to attempt to load the
+specified engine.
+The engine will then be set as the default for all its supported algorithms.
+If you want to load certificates or CRLs that require engine support via any of
+the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option
+must be specified before those options.
+
+=item B<-explicit_policy>
+
+Set policy variable require-explicit-policy (see RFC5280).
+
+=item B<-extended_crl>
+
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+
+=item B<-ignore_critical>
+
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
+
+=item B<-inhibit_any>
+
+Set policy variable inhibit-any-policy (see RFC5280).
+
+=item B<-inhibit_map>
+
+Set policy variable inhibit-policy-mapping (see RFC5280).
+
+=item B<-no_check_time>
+
+This option suppresses checking the validity period of certificates and CRLs
+against the current time. If option B<-attime timestamp> is used to specify
+a verification time, the check is not suppressed.
+
+=item B<-partial_chain>
+
+Allow verification to succeed even if a I<complete> chain cannot be built to a
+self-signed trust-anchor, provided it is possible to construct a chain to a
+trusted certificate that might not be self-signed.
+
+=item B<-policy arg>
+
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
+
+=item B<-policy_check>
+
+Enables certificate policy processing.
+
+=item B<-policy_print>
+
+Print out diagnostics related to policy processing.
+
+=item B<-purpose purpose>
+
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
+
+=item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>
+
+enable the Suite B mode operation at 128 bit Level of Security, 128 bit or
+192 bit, or only 192 bit Level of Security respectively.
+See RFC6460 for details. In particular the supported signature algorithms are
+reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves
+P-256 and P-384.
+
+=item B<-trusted_first>
+
+When constructing the certificate chain, use the trusted certificates specified
+via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via
+B<-untrusted>.
+This can be useful in environments with Bridge or Cross-Certified CAs.
+As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
+
+=item B<-no_alt_chains>
+
+By default, unless B<-trusted_first> is specified, when building a certificate
+chain, if the first certificate chain found is not trusted, then OpenSSL will
+attempt to replace untrusted issuer certificates with certificates from the
+trust store to see if an alternative chain can be found that is trusted.
+As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no
+effect.
+
+=item B<-untrusted file>
+
+A B<file> of additional untrusted certificates (intermediate issuer CAs) used
+to construct a certificate chain from the subject certificate to a trust-anchor.
+The B<file> should contain one or more certificates in PEM format.
+This option can be specified more than once to include untrusted certificates
+from multiple B<files>.
+
+=item B<-trusted file>
+
+A B<file> of trusted certificates, which must be self-signed, unless the
+B<-partial_chain> option is specified.
+The B<file> contains one or more certificates in PEM format.
+With this option, no additional (e.g., default) certificate lists are
+consulted.
+That is, the only trust-anchors are those listed in B<file>.
+This option can be specified more than once to include trusted certificates
+from multiple B<files>.
+This option implies the B<-no-CAfile> and B<-no-CApath> options.
+This option cannot be used in combination with either of the B<-CAfile> or
+B<-CApath> options.
+
+=item B<-use_deltas>
+
+Enable support for delta CRLs.
+
+=item B<-verbose>
+
+Print extra information about the operations being performed.
+
+=item B<-auth_level level>
+
+Set the certificate chain authentication security level to B<level>.
+The authentication security level determines the acceptable signature and
+public key strength when verifying certificate chains.
+For a certificate chain to validate, the public keys of all the certificates
+must meet the specified security B<level>.
+The signature algorithm security level is enforced for all the certificates in
+the chain except for the chain's I<trust anchor>, which is either directly
+trusted or validated by means other than its signature.
+See L<SSL_CTX_set_security_level(3)> for the definitions of the available
+levels.
+The default security level is -1, or "not set".
+At security level 0 or lower all algorithms are acceptable.
+Security level 1 requires at least 80-bit-equivalent security and is broadly
+interoperable, though it will, for example, reject MD5 signatures or RSA keys
+shorter than 1024 bits.
+
+=item B<-verify_depth num>
+
+Limit the certificate chain to B<num> intermediate CA certificates.
+A maximal depth chain can have up to B<num+2> certificates, since neither the
+end-entity certificate nor the trust-anchor certificate count against the
+B<-verify_depth> limit.
+
+=item B<-verify_email email>
+
+Verify if the B<email> matches the email address in Subject Alternative Name or
+the email in the subject Distinguished Name.
+
+=item B<-verify_hostname hostname>
+
+Verify if the B<hostname> matches DNS name in Subject Alternative Name or
+Common Name in the subject certificate.
+
+=item B<-verify_ip ip>
+
+Verify if the B<ip> matches the IP address in Subject Alternative Name of
+the subject certificate.
+
+=item B<-verify_name name>
+
+Use default verification policies like trust model and required certificate
+policies identified by B<name>.
+The trust model determines which auxiliary trust or reject OIDs are applicable
+to verifying the given certificate chain.
+See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line
+utility.
+Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>,
+B<ssl_client>, B<ssl_server>.
+These mimics the combinations of purpose and trust settings used in SSL, CMS
+and S/MIME.
+As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
+specified, so the B<-verify_name> options are functionally equivalent to the
+corresponding B<-purpose> settings.
+
+=item B<-x509_strict>
+
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
+
+=item B<-show_chain>
+
+Display information about the certificate chain that has been built (if
+successful). Certificates in the chain that came from the untrusted list will be
+flagged as "untrusted".
+
+=item B<->
+
+Indicates the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a B<->.
+
+=item B<certificates>
+
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
+
+=back
+
+=head1 VERIFY OPERATION
+
+The B<verify> program uses the same functions as the internal SSL and S/MIME
+verification, therefore this description applies to these verify operations
+too.
+
+There is one crucial difference between the verify operations performed
+by the B<verify> program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+determined.
+
+The verify operation consists of a number of separate steps.
+
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA.
+It is an error if the whole chain cannot be built up.
+The chain is built up by looking up the issuers certificate of the current
+certificate.
+If a certificate is found which is its own issuer it is assumed to be the root
+CA.
+
+The process of 'looking up the issuers certificate' itself involves a number of
+steps.
+After all certificates whose subject name matches the issuer name of the current
+certificate are subject to further tests.
+The relevant authority key identifier components of the current certificate (if
+present) must match the subject key identifier (if present) and issuer and
+serial number of the candidate issuer, in addition the keyUsage extension of
+the candidate issuer (if present) must permit certificate signing.
+
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root CA
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+list.
+
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the B<-purpose> option is not included
+then no checks are done. The supplied or "leaf" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+CA certificates. The precise extensions required are described in more detail in
+the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
+
+The third operation is to check the trust settings on the root CA. The root CA
+should be trusted for the supplied purpose.
+For compatibility with previous versions of OpenSSL, a certificate with no
+trust settings is considered to be valid for all purposes.
+
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+point.
+
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+
+=head1 DIAGNOSTICS
+
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+
+ server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
+
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the CA that signed the certificate and so on. Finally a text version
+of the error number is presented.
+
+A partial list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as "unused".
+
+=over 4
+
+=item B<X509_V_OK>
+
+The operation was successful.
+
+=item B<X509_V_ERR_UNSPECIFIED>
+
+Unspecified error; should not happen.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT>
+
+The issuer certificate of a looked up certificate could not be found. This
+normally means the list of trusted certificates is not complete.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL>
+
+The CRL of a certificate could not be found.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE>
+
+The certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for RSA keys.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE>
+
+The CRL signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY>
+
+The public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE>
+
+The signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE>
+
+The signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CERT_NOT_YET_VALID>
+
+The certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<X509_V_ERR_CERT_HAS_EXPIRED>
+
+The certificate has expired: that is the notAfter date is before the current time.
+
+=item B<X509_V_ERR_CRL_NOT_YET_VALID>
+
+The CRL is not yet valid.
+
+=item B<X509_V_ERR_CRL_HAS_EXPIRED>
+
+The CRL has expired.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD>
+
+The certificate notBefore field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD>
+
+The certificate notAfter field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD>
+
+The CRL lastUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD>
+
+The CRL nextUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_OUT_OF_MEM>
+
+An error occurred trying to allocate memory. This should never happen.
+
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
+
+The passed certificate is self-signed and the same certificate cannot be found in the list of
+trusted certificates.
+
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>
+
+The certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY>
+
+The issuer certificate could not be found: this occurs if the issuer
+certificate of an untrusted certificate cannot be found.
+
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE>
+
+No signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG>
+
+The certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<X509_V_ERR_CERT_REVOKED>
+
+The certificate has been revoked.
+
+=item B<X509_V_ERR_INVALID_CA>
+
+A CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+with the supplied purpose.
+
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED>
+
+The basicConstraints pathlength parameter has been exceeded.
+
+=item B<X509_V_ERR_INVALID_PURPOSE>
+
+The supplied certificate cannot be used for the specified purpose.
+
+=item B<X509_V_ERR_CERT_UNTRUSTED>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<X509_V_ERR_CERT_REJECTED>
+
+The root CA is marked to reject the specified purpose.
+
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH>
+
+not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+B<-issuer_checks> option.
+
+=item B<X509_V_ERR_AKID_SKID_MISMATCH>
+
+Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+B<-issuer_checks> option.
+
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH>
+
+Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+B<-issuer_checks> option.
+
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN>
+
+Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
+B<-issuer_checks> option.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER>
+
+Unable to get CRL issuer certificate.
+
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION>
+
+Unhandled critical extension.
+
+=item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN>
+
+Key usage does not include CRL signing.
+
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION>
+
+Unhandled critical CRL extension.
+
+=item B<X509_V_ERR_INVALID_NON_CA>
+
+Invalid non-CA certificate has CA markings.
+
+=item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED>
+
+Proxy path length constraint exceeded.
+
+=item B<X509_V_ERR_PROXY_SUBJECT_INVALID>
+
+Proxy certificate subject is invalid.  It MUST be the same as the issuer
+with a single CN component added.
+
+=item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE>
+
+Key usage does not include digital signature.
+
+=item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED>
+
+Proxy certificates not allowed, please use B<-allow_proxy_certs>.
+
+=item B<X509_V_ERR_INVALID_EXTENSION>
+
+Invalid or inconsistent certificate extension.
+
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION>
+
+Invalid or inconsistent certificate policy extension.
+
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY>
+
+No explicit policy.
+
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE>
+
+Different CRL scope.
+
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE>
+
+Unsupported extension feature.
+
+=item B<X509_V_ERR_UNNESTED_RESOURCE>
+
+RFC 3779 resource not subset of parent's resources.
+
+=item B<X509_V_ERR_PERMITTED_VIOLATION>
+
+Permitted subtree violation.
+
+=item B<X509_V_ERR_EXCLUDED_VIOLATION>
+
+Excluded subtree violation.
+
+=item B<X509_V_ERR_SUBTREE_MINMAX>
+
+Name constraints minimum and maximum not supported.
+
+=item B<X509_V_ERR_APPLICATION_VERIFICATION>
+
+Application verification failure. Unused.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE>
+
+Unsupported name constraint type.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX>
+
+Unsupported or invalid name constraint syntax.
+
+=item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX>
+
+Unsupported or invalid name syntax.
+
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR>
+
+CRL path validation error.
+
+=item B<X509_V_ERR_PATH_LOOP>
+
+Path loop.
+
+=item B<X509_V_ERR_SUITE_B_INVALID_VERSION>
+
+Suite B: certificate version invalid.
+
+=item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM>
+
+Suite B: invalid public key algorithm.
+
+=item B<X509_V_ERR_SUITE_B_INVALID_CURVE>
+
+Suite B: invalid ECC curve.
+
+=item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM>
+
+Suite B: invalid signature algorithm.
+
+=item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED>
+
+Suite B: curve not allowed for this LOS.
+
+=item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256>
+
+Suite B: cannot sign P-384 with P-256.
+
+=item B<X509_V_ERR_HOSTNAME_MISMATCH>
+
+Hostname mismatch.
+
+=item B<X509_V_ERR_EMAIL_MISMATCH>
+
+Email address mismatch.
+
+=item B<X509_V_ERR_IP_ADDRESS_MISMATCH>
+
+IP address mismatch.
+
+=item B<X509_V_ERR_DANE_NO_MATCH>
+
+DANE TLSA authentication is enabled, but no TLSA records matched the
+certificate chain.
+This error is only possible in L<s_client(1)>.
+
+=back
+
+=head1 BUGS
+
+Although the issuer checks are a considerable improvement over the old technique they still
+suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
+trusted certificates with matching subject name must either appear in a file (as specified by the
+B<-CAfile> option) or a directory (as specified by B<-CApath>). If they occur in both then only
+the certificates in the file will be recognised.
+
+Previous versions of OpenSSL assume certificates with matching subject name are identical and
+mishandled them.
+
+Previous versions of this documentation swapped the meaning of the
+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
+
+=head1 SEE ALSO
+
+L<x509(1)>
+
+=head1 HISTORY
+
+The B<-show_chain> option was first added to OpenSSL 1.1.0.
+
+The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
+is silently ignored.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/version.pod b/openssl-1.1.0h/doc/apps/version.pod
new file mode 100644
index 0000000..305a1b7
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/version.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+openssl-version,
+version - print OpenSSL version information
+
+=head1 SYNOPSIS
+
+B<openssl version>
+[B<-help>]
+[B<-a>]
+[B<-v>]
+[B<-b>]
+[B<-o>]
+[B<-f>]
+[B<-p>]
+[B<-d>]
+[B<-e>]
+
+=head1 DESCRIPTION
+
+This command is used to print out version information about OpenSSL.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-a>
+
+all information, this is the same as setting all the other flags.
+
+=item B<-v>
+
+the current OpenSSL version.
+
+=item B<-b>
+
+the date the current version of OpenSSL was built.
+
+=item B<-o>
+
+option information: various options set when the library was built.
+
+=item B<-f>
+
+compilation flags.
+
+=item B<-p>
+
+platform setting.
+
+=item B<-d>
+
+OPENSSLDIR setting.
+
+=item B<-e>
+
+ENGINESDIR setting.
+
+=back
+
+=head1 NOTES
+
+The output of B<openssl version -a> would typically be used when sending
+in a bug report.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/x509.pod b/openssl-1.1.0h/doc/apps/x509.pod
new file mode 100644
index 0000000..f2dcef2
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/x509.pod
@@ -0,0 +1,898 @@
+=pod
+
+=head1 NAME
+
+openssl-x509,
+x509 - Certificate display and signing utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<x509>
+[B<-help>]
+[B<-inform DER|PEM|NET>]
+[B<-outform DER|PEM|NET>]
+[B<-keyform DER|PEM>]
+[B<-CAform DER|PEM>]
+[B<-CAkeyform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-serial>]
+[B<-hash>]
+[B<-subject_hash>]
+[B<-issuer_hash>]
+[B<-ocspid>]
+[B<-subject>]
+[B<-issuer>]
+[B<-nameopt option>]
+[B<-email>]
+[B<-ocsp_uri>]
+[B<-startdate>]
+[B<-enddate>]
+[B<-purpose>]
+[B<-dates>]
+[B<-checkend num>]
+[B<-modulus>]
+[B<-pubkey>]
+[B<-fingerprint>]
+[B<-alias>]
+[B<-noout>]
+[B<-trustout>]
+[B<-clrtrust>]
+[B<-clrreject>]
+[B<-addtrust arg>]
+[B<-addreject arg>]
+[B<-setalias arg>]
+[B<-days arg>]
+[B<-set_serial n>]
+[B<-signkey filename>]
+[B<-passin arg>]
+[B<-x509toreq>]
+[B<-req>]
+[B<-CA filename>]
+[B<-CAkey filename>]
+[B<-CAcreateserial>]
+[B<-CAserial filename>]
+[B<-force_pubkey key>]
+[B<-text>]
+[B<-certopt option>]
+[B<-C>]
+[B<-[digest]>]
+[B<-clrext>]
+[B<-extfile filename>]
+[B<-extensions section>]
+[B<-engine id>]
+
+=head1 DESCRIPTION
+
+The B<x509> command is a multi purpose certificate utility. It can be
+used to display certificate information, convert certificates to
+various forms, sign certificate requests like a "mini CA" or edit
+certificate trust settings.
+
+Since there are a large number of options they will split up into
+various sections.
+
+=head1 OPTIONS
+
+=head2 Input, Output, and General Purpose Options
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-inform DER|PEM|NET>
+
+This specifies the input format normally the command will expect an X509
+certificate but this can change if other options such as B<-req> are
+present. The DER format is the DER encoding of the certificate and PEM
+is the base64 encoding of the DER encoding with header and footer lines
+added. The NET option is an obscure Netscape server format that is now
+obsolete.
+
+=item B<-outform DER|PEM|NET>
+
+This specifies the output format, the options have the same meaning as the
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a certificate from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-[digest]>
+
+the digest to use.
+This affects any signing or display option that uses a message
+digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+If not specified then SHA1 is used with B<-fingerprint> or
+the default digest for the signing algorithm is used, typically SHA256.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<x509>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=back
+
+=head2 Display Options
+
+Note: the B<-alias> and B<-purpose> options are also display options
+but are described in the B<TRUST SETTINGS> section.
+
+=over 4
+
+=item B<-text>
+
+prints out the certificate in text form. Full details are output including the
+public key, signature algorithms, issuer and subject names, serial number
+any extensions present and any trust settings.
+
+=item B<-certopt option>
+
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. The B<-certopt> switch
+may be also be used more than once to set multiple options. See the B<TEXT OPTIONS>
+section for more information.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-pubkey>
+
+outputs the certificate's SubjectPublicKeyInfo block in PEM format.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the certificate.
+
+=item B<-serial>
+
+outputs the certificate serial number.
+
+=item B<-subject_hash>
+
+outputs the "hash" of the certificate subject name. This is used in OpenSSL to
+form an index to allow certificates in a directory to be looked up by subject
+name.
+
+=item B<-issuer_hash>
+
+outputs the "hash" of the certificate issuer name.
+
+=item B<-ocspid>
+
+outputs the OCSP hash values for the subject name and public key.
+
+=item B<-hash>
+
+synonym for "-subject_hash" for backward compatibility reasons.
+
+=item B<-subject_hash_old>
+
+outputs the "hash" of the certificate subject name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
+=item B<-issuer_hash_old>
+
+outputs the "hash" of the certificate issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
+=item B<-subject>
+
+outputs the subject name.
+
+=item B<-issuer>
+
+outputs the issuer name.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the B<NAME OPTIONS> section for more information.
+
+=item B<-email>
+
+outputs the email address(es) if any.
+
+=item B<-ocsp_uri>
+
+outputs the OCSP responder address(es) if any.
+
+=item B<-startdate>
+
+prints out the start date of the certificate, that is the notBefore date.
+
+=item B<-enddate>
+
+prints out the expiry date of the certificate, that is the notAfter date.
+
+=item B<-dates>
+
+prints out the start and expiry dates of a certificate.
+
+=item B<-checkend arg>
+
+checks if the certificate expires within the next B<arg> seconds and exits
+non-zero if yes it will expire or zero if not.
+
+=item B<-fingerprint>
+
+Calculates and outputs the digest of the DER encoded version of the entire
+certificate (see digest options).
+This is commonly called a "fingerprint". Because of the nature of message
+digests, the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
+
+=item B<-C>
+
+this outputs the certificate in the form of a C source file.
+
+=back
+
+=head2 Trust Settings
+
+A B<trusted certificate> is an ordinary certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an "alias".
+
+Normally when a certificate is being verified at least one certificate
+must be "trusted". By default a trusted certificate must be stored
+locally and must be a root CA: any certificate chain ending in this CA
+is then usable for any purpose.
+
+Trust settings currently are only used with a root CA. They allow a finer
+control over the purposes the root CA can be used for. For example a CA
+may be trusted for SSL client but not SSL server use.
+
+See the description of the B<verify> utility for more information on the
+meaning of trust settings.
+
+Future versions of OpenSSL will recognize trust settings on any
+certificate: not just root CAs.
+
+
+=over 4
+
+=item B<-trustout>
+
+this causes B<x509> to output a B<trusted> certificate. An ordinary
+or trusted certificate can be input but by default an ordinary
+certificate is output and any trust settings are discarded. With the
+B<-trustout> option a trusted certificate is output. A trusted
+certificate is automatically output if any trust settings are modified.
+
+=item B<-setalias arg>
+
+sets the alias of the certificate. This will allow the certificate
+to be referred to using a nickname for example "Steve's Certificate".
+
+=item B<-alias>
+
+outputs the certificate alias, if any.
+
+=item B<-clrtrust>
+
+clears all the permitted or trusted uses of the certificate.
+
+=item B<-clrreject>
+
+clears all the prohibited or rejected uses of the certificate.
+
+=item B<-addtrust arg>
+
+adds a trusted certificate use.
+Any object name can be used here but currently only B<clientAuth> (SSL client
+use), B<serverAuth> (SSL server use), B<emailProtection> (S/MIME email) and
+B<anyExtendedKeyUsage> are used.
+As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or
+enables all purposes when trusted.
+Other OpenSSL applications may define additional uses.
+
+=item B<-addreject arg>
+
+adds a prohibited use. It accepts the same values as the B<-addtrust>
+option.
+
+=item B<-purpose>
+
+this option performs tests on the certificate extensions and outputs
+the results. For a more complete description see the B<CERTIFICATE
+EXTENSIONS> section.
+
+=back
+
+=head2 Signing Options
+
+The B<x509> utility can be used to sign certificates and requests: it
+can thus behave like a "mini CA".
+
+=over 4
+
+=item B<-signkey filename>
+
+this option causes the input file to be self signed using the supplied
+private key.
+
+If the input file is a certificate it sets the issuer name to the
+subject name (i.e.  makes it self signed) changes the public key to the
+supplied value and changes the start and end dates. The start date is
+set to the current time and the end date is set to a value determined
+by the B<-days> option. Any certificate extensions are retained unless
+the B<-clrext> option is supplied; this includes, for example, any existing
+key identifier extensions.
+
+If the input is a certificate request then a self signed certificate
+is created using the supplied private key using the subject name in
+the request.
+
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+
+=item B<-clrext>
+
+delete any extensions from a certificate. This option is used when a
+certificate is being created from another certificate (for example with
+the B<-signkey> or the B<-CA> options). Normally all extensions are
+retained.
+
+=item B<-keyform PEM|DER>
+
+specifies the format (DER or PEM) of the private key file used in the
+B<-signkey> option.
+
+=item B<-days arg>
+
+specifies the number of days to make a certificate valid for. The default
+is 30 days.
+
+=item B<-x509toreq>
+
+converts a certificate into a certificate request. The B<-signkey> option
+is used to pass the required private key.
+
+=item B<-req>
+
+by default a certificate is expected on input. With this option a
+certificate request is expected instead.
+
+=item B<-set_serial n>
+
+specifies the serial number to use. This option can be used with either
+the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
+option the serial number file (as specified by the B<-CAserial> or
+B<-CAcreateserial> options) is not used.
+
+The serial number can be decimal or hex (if preceded by B<0x>).
+
+=item B<-CA filename>
+
+specifies the CA certificate to be used for signing. When this option is
+present B<x509> behaves like a "mini CA". The input file is signed by this
+CA using this option: that is its issuer name is set to the subject name
+of the CA and it is digitally signed using the CAs private key.
+
+This option is normally combined with the B<-req> option. Without the
+B<-req> option the input is a certificate which must be self signed.
+
+=item B<-CAkey filename>
+
+sets the CA private key to sign a certificate with. If this option is
+not specified then it is assumed that the CA private key is present in
+the CA certificate file.
+
+=item B<-CAserial filename>
+
+sets the CA serial number file to use.
+
+When the B<-CA> option is used to sign a certificate it uses a serial
+number specified in a file. This file consist of one line containing
+an even number of hex digits with the serial number to use. After each
+use the serial number is incremented and written out to the file again.
+
+The default filename consists of the CA certificate file base name with
+".srl" appended. For example if the CA certificate file is called
+"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+
+=item B<-CAcreateserial>
+
+with this option the CA serial number file is created if it does not exist:
+it will contain the serial number "02" and the certificate being signed will
+have the 1 as its serial number. If the B<-CA> option is specified
+and the serial number file does not exist a random number is generated;
+this is the recommended practice.
+
+=item B<-extfile filename>
+
+file containing certificate extensions to use. If not specified then
+no extensions are added to the certificate.
+
+=item B<-extensions section>
+
+the section to add certificate extensions from. If this option is not
+specified then the extensions should either be contained in the unnamed
+(default) section or the default section should contain a variable called
+"extensions" which contains the section to use. See the
+L<x509v3_config(5)> manual page for details of the
+extension section format.
+
+=item B<-force_pubkey key>
+
+when a certificate is created set its public key to B<key> instead of the
+key in the certificate or certificate request. This option is useful for
+creating certificates where the algorithm can't normally sign requests, for
+example DH.
+
+The format or B<key> can be specified using the B<-keyform> option.
+
+=back
+
+=head2 Name Options
+
+The B<nameopt> command line switch determines how the subject and issuer
+names are displayed. If no B<nameopt> switch is present the default "oneline"
+format is used which is compatible with previous versions of OpenSSL.
+Each option is described in detail below, all options can be preceded by
+a B<-> to turn the option off. Only the first four will normally be used.
+
+=over 4
+
+=item B<compat>
+
+use the old format.
+
+=item B<RFC2253>
+
+displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
+B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
+B<sep_comma_plus>, B<dn_rev> and B<sname>.
+
+=item B<oneline>
+
+a oneline format which is more readable than RFC2253. It is equivalent to
+specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
+B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
+options.  This is the I<default> of no name options are given explicitly.
+
+=item B<multiline>
+
+a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
+B<space_eq>, B<lname> and B<align>.
+
+=item B<esc_2253>
+
+escape the "special" characters required by RFC2253 in a field. That is
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
+and a space character at the beginning or end of a string.
+
+=item B<esc_2254>
+
+escape the "special" characters required by RFC2254 in a field. That is
+the B<NUL> character as well as and B<()*>.
+
+=item B<esc_ctrl>
+
+escape control characters. That is those with ASCII values less than
+0x20 (space) and the delete (0x7f) character. They are escaped using the
+RFC2253 \XX notation (where XX are two hex digits representing the
+character value).
+
+=item B<esc_msb>
+
+escape characters with the MSB set, that is with ASCII values larger than
+127.
+
+=item B<use_quote>
+
+escapes some characters by surrounding the whole string with B<"> characters,
+without the option all escaping is done with the B<\> character.
+
+=item B<utf8>
+
+convert all strings to UTF8 format first. This is required by RFC2253. If
+you are lucky enough to have a UTF8 compatible terminal then the use
+of this option (and B<not> setting B<esc_msb>) may result in the correct
+display of multibyte (international) characters. Is this option is not
+present then multibyte characters larger than 0xff will be represented
+using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
+Also if this option is off any UTF8Strings will be converted to their
+character form first.
+
+=item B<ignore_type>
+
+this option does not attempt to interpret multibyte characters in any
+way. That is their content octets are merely dumped as though one octet
+represents each character. This is useful for diagnostic purposes but
+will result in rather odd looking output.
+
+=item B<show_type>
+
+show the type of the ASN1 character string. The type precedes the
+field contents. For example "BMPSTRING: Hello World".
+
+=item B<dump_der>
+
+when this option is set any fields that need to be hexdumped will
+be dumped using the DER encoding of the field. Otherwise just the
+content octets will be displayed. Both options use the RFC2253
+B<#XXXX...> format.
+
+=item B<dump_nostr>
+
+dump non character string types (for example OCTET STRING) if this
+option is not set then non character string types will be displayed
+as though each content octet represents a single character.
+
+=item B<dump_all>
+
+dump all fields. This option when used with B<dump_der> allows the
+DER encoding of the structure to be unambiguously determined.
+
+=item B<dump_unknown>
+
+dump any field whose OID is not recognised by OpenSSL.
+
+=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
+B<sep_multiline>
+
+these options determine the field separators. The first character is
+between RDNs and the second between multiple AVAs (multiple AVAs are
+very rare and their use is discouraged). The options ending in
+"space" additionally place a space after the separator to make it
+more readable. The B<sep_multiline> uses a linefeed character for
+the RDN separator and a spaced B<+> for the AVA separator. It also
+indents the fields by four characters. If no field separator is specified
+then B<sep_comma_plus_space> is used by default.
+
+=item B<dn_rev>
+
+reverse the fields of the DN. This is required by RFC2253. As a side
+effect this also reverses the order of multiple AVAs but this is
+permissible.
+
+=item B<nofname>, B<sname>, B<lname>, B<oid>
+
+these options alter how the field name is displayed. B<nofname> does
+not display the field at all. B<sname> uses the "short name" form
+(CN for commonName for example). B<lname> uses the long form.
+B<oid> represents the OID in numerical form and is useful for
+diagnostic purpose.
+
+=item B<align>
+
+align field values for a more readable output. Only usable with
+B<sep_multiline>.
+
+=item B<space_eq>
+
+places spaces round the B<=> character which follows the field
+name.
+
+=back
+
+=head2 Text Options
+
+As well as customising the name output format, it is also possible to
+customise the actual fields printed using the B<certopt> options when
+the B<text> option is present. The default behaviour is to print all fields.
+
+=over 4
+
+=item B<compatible>
+
+use the old format. This is equivalent to specifying no output options at all.
+
+=item B<no_header>
+
+don't print header information: that is the lines saying "Certificate" and "Data".
+
+=item B<no_version>
+
+don't print out the version number.
+
+=item B<no_serial>
+
+don't print out the serial number.
+
+=item B<no_signame>
+
+don't print out the signature algorithm used.
+
+=item B<no_validity>
+
+don't print the validity, that is the B<notBefore> and B<notAfter> fields.
+
+=item B<no_subject>
+
+don't print out the subject name.
+
+=item B<no_issuer>
+
+don't print out the issuer name.
+
+=item B<no_pubkey>
+
+don't print out the public key.
+
+=item B<no_sigdump>
+
+don't give a hexadecimal dump of the certificate signature.
+
+=item B<no_aux>
+
+don't print out certificate trust information.
+
+=item B<no_extensions>
+
+don't print out any X509V3 extensions.
+
+=item B<ext_default>
+
+retain default extension behaviour: attempt to print out unsupported certificate extensions.
+
+=item B<ext_error>
+
+print an error message for unsupported certificate extensions.
+
+=item B<ext_parse>
+
+ASN1 parse unsupported extensions.
+
+=item B<ext_dump>
+
+hex dump unsupported extensions.
+
+=item B<ca_default>
+
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>,
+B<no_header>, and B<no_version>.
+
+=back
+
+=head1 EXAMPLES
+
+Note: in these examples the '\' means the example should be all on one
+line.
+
+Display the contents of a certificate:
+
+ openssl x509 -in cert.pem -noout -text
+
+Display the certificate serial number:
+
+ openssl x509 -in cert.pem -noout -serial
+
+Display the certificate subject name:
+
+ openssl x509 -in cert.pem -noout -subject
+
+Display the certificate subject name in RFC2253 form:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+
+Display the certificate subject name in oneline form on a terminal
+supporting UTF8:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
+
+Display the certificate SHA1 fingerprint:
+
+ openssl x509 -sha1 -in cert.pem -noout -fingerprint
+
+Convert a certificate from PEM to DER format:
+
+ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+Convert a certificate to a certificate request:
+
+ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+
+Convert a certificate request into a self signed certificate using
+extensions for a CA:
+
+ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+        -signkey key.pem -out cacert.pem
+
+Sign a certificate request using the CA certificate above and add user
+certificate extensions:
+
+ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+        -CA cacert.pem -CAkey key.pem -CAcreateserial
+
+
+Set a certificate to be trusted for SSL client use and change set its alias to
+"Steve's Class 1 CA"
+
+ openssl x509 -in cert.pem -addtrust clientAuth \
+        -setalias "Steve's Class 1 CA" -out trust.pem
+
+=head1 NOTES
+
+The PEM format uses the header and footer lines:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+it will also handle files containing:
+
+ -----BEGIN X509 CERTIFICATE-----
+ -----END X509 CERTIFICATE-----
+
+Trusted certificates have the lines
+
+ -----BEGIN TRUSTED CERTIFICATE-----
+ -----END TRUSTED CERTIFICATE-----
+
+The conversion to UTF8 format used with the name options assumes that
+T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+and MSIE do this as do many certificates. So although this is incorrect
+it is more likely to display the majority of certificates correctly.
+
+The B<-email> option searches the subject name and the subject alternative
+name extension. Only unique email addresses will be printed out: it will
+not print the same address more than once.
+
+=head1 CERTIFICATE EXTENSIONS
+
+The B<-purpose> option checks the certificate extensions and determines
+what the certificate can be used for. The actual checks done are rather
+complex and include various hacks and workarounds to handle broken
+certificates and software.
+
+The same code is used when verifying untrusted certificates in chains
+so this section is useful if a chain is rejected by the verify code.
+
+The basicConstraints extension CA flag is used to determine whether the
+certificate can be used as a CA. If the CA flag is true then it is a CA,
+if the CA flag is false then it is not a CA. B<All> CAs should have the
+CA flag set to true.
+
+If the basicConstraints extension is absent then the certificate is
+considered to be a "possible CA" other extensions are checked according
+to the intended use of the certificate. A warning is given in this case
+because the certificate should really not be regarded as a CA: however
+it is allowed to be a CA to work around some broken software.
+
+If the certificate is a V1 certificate (and thus has no extensions) and
+it is self signed it is also assumed to be a CA but a warning is again
+given: this is to work around the problem of Verisign roots which are V1
+self signed certificates.
+
+If the keyUsage extension is present then additional restraints are
+made on the uses of the certificate. A CA certificate B<must> have the
+keyCertSign bit set if the keyUsage extension is present.
+
+The extended key usage extension places additional restrictions on the
+certificate uses. If this extension is present (whether critical or not)
+the key can only be used for the purposes specified.
+
+A complete description of each test is given below. The comments about
+basicConstraints and keyUsage and V1 certificates above apply to B<all>
+CA certificates.
+
+
+=over 4
+
+=item B<SSL Client>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID.  keyUsage must be absent or it must have the
+digitalSignature bit set. Netscape certificate type must be absent or it must
+have the SSL client bit set.
+
+=item B<SSL Client CA>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID. Netscape certificate type must be absent or it must have
+the SSL CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+
+=item B<SSL Server>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs.  keyUsage must be absent or it
+must have the digitalSignature, the keyEncipherment set or both bits set.
+Netscape certificate type must be absent or have the SSL server bit set.
+
+=item B<SSL Server CA>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs.  Netscape certificate type must
+be absent or the SSL CA bit must be set: this is used as a work around if the
+basicConstraints extension is absent.
+
+=item B<Netscape SSL Server>
+
+For Netscape SSL clients to connect to an SSL server it must have the
+keyEncipherment bit set if the keyUsage extension is present. This isn't
+always valid because some cipher suites use the key for digital signing.
+Otherwise it is the same as a normal SSL server.
+
+=item B<Common S/MIME Client Tests>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or should have the
+S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type
+then the SSL client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+
+=item B<S/MIME Signing>
+
+In addition to the common S/MIME client tests the digitalSignature bit must
+be set if the keyUsage extension is present.
+
+=item B<S/MIME Encryption>
+
+In addition to the common S/MIME tests the keyEncipherment bit must be set
+if the keyUsage extension is present.
+
+=item B<S/MIME CA>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or must have the
+S/MIME CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+
+=item B<CRL Signing>
+
+The keyUsage extension must be absent or it must have the CRL signing bit
+set.
+
+=item B<CRL Signing CA>
+
+The normal CA tests apply. Except in this case the basicConstraints extension
+must be present.
+
+=back
+
+=head1 BUGS
+
+Extensions in certificates are not transferred to certificate requests and
+vice versa.
+
+It is possible to produce invalid certificates or requests by specifying the
+wrong private key or using inconsistent options in some cases: these should
+be checked.
+
+There should be options to explicitly set such things as start and end
+dates rather than an offset from the current time.
+
+=head1 SEE ALSO
+
+L<req(1)>, L<ca(1)>, L<genrsa(1)>,
+L<gendsa(1)>, L<verify(1)>,
+L<x509v3_config(5)>
+
+=head1 HISTORY
+
+The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
+before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
+of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
+canonical version of the DN using SHA1. This means that any directories using
+the old form must have their links rebuilt using B<c_rehash> or similar.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/apps/x509v3_config.pod b/openssl-1.1.0h/doc/apps/x509v3_config.pod
new file mode 100644
index 0000000..c0742c8
--- /dev/null
+++ b/openssl-1.1.0h/doc/apps/x509v3_config.pod
@@ -0,0 +1,541 @@
+=pod
+
+=for comment openssl_manual_section:5
+
+=head1 NAME
+
+x509v3_config - X509 V3 certificate extension configuration format
+
+=head1 DESCRIPTION
+
+Several of the OpenSSL utilities can add extensions to a certificate or
+certificate request based on the contents of a configuration file.
+
+Typically the application will contain an option to point to an extension
+section. Each line of the extension section takes the form:
+
+ extension_name=[critical,] extension_options
+
+If B<critical> is present then the extension will be critical.
+
+The format of B<extension_options> depends on the value of B<extension_name>.
+
+There are four main types of extension: I<string> extensions, I<multi-valued>
+extensions, I<raw> and I<arbitrary> extensions.
+
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+
+For example:
+
+ nsComment="This is a Comment"
+
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+
+ basicConstraints=critical,CA:true,pathlen:1
+
+The long form allows the values to be placed in a separate section:
+
+ basicConstraints=critical,@bs_section
+
+ [bs_section]
+
+ CA=true
+ pathlen=1
+
+Both forms are equivalent.
+
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+
+If an extension type is unsupported then the I<arbitrary> extension syntax
+must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
+
+=head1 STANDARD EXTENSIONS
+
+The following sections describe each supported extension in detail.
+
+=head2 Basic Constraints.
+
+This is a multi valued extension which indicates whether a certificate is
+a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or
+B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by an
+non-negative value can be included.
+
+For example:
+
+ basicConstraints=CA:TRUE
+
+ basicConstraints=CA:FALSE
+
+ basicConstraints=critical,CA:TRUE, pathlen:0
+
+A CA certificate B<must> include the basicConstraints value with the CA field
+set to TRUE. An end user certificate must either set CA to FALSE or exclude the
+extension entirely. Some software may require the inclusion of basicConstraints
+with CA set to FALSE for end entity certificates.
+
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a CA with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs.
+
+
+=head2 Key Usage.
+
+Key usage is a multi valued extension consisting of a list of names of the
+permitted key usages.
+
+The supported names are: digitalSignature, nonRepudiation, keyEncipherment,
+dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
+and decipherOnly.
+
+Examples:
+
+ keyUsage=digitalSignature, nonRepudiation
+
+ keyUsage=critical, keyCertSign
+
+
+=head2 Extended Key Usage.
+
+This extensions consists of a list of usages indicating purposes for which
+the certificate public key can be used for,
+
+These can either be object short names or the dotted numerical form of OIDs.
+While any OID can be used only certain values make sense. In particular the
+following PKIX, NS and MS values are meaningful:
+
+ Value                  Meaning
+ -----                  -------
+ serverAuth             SSL/TLS Web Server Authentication.
+ clientAuth             SSL/TLS Web Client Authentication.
+ codeSigning            Code signing.
+ emailProtection        E-mail Protection (S/MIME).
+ timeStamping           Trusted Timestamping
+ OCSPSigning            OCSP Signing
+ ipsecIKE               ipsec Internet Key Exchange
+ msCodeInd              Microsoft Individual Code Signing (authenticode)
+ msCodeCom              Microsoft Commercial Code Signing (authenticode)
+ msCTLSign              Microsoft Trust List Signing
+ msEFS                  Microsoft Encrypted File System
+
+Examples:
+
+ extendedKeyUsage=critical,codeSigning,1.2.3.4
+ extendedKeyUsage=serverAuth,clientAuth
+
+
+=head2 Subject Key Identifier.
+
+This is really a string extension and can take two possible values. Either
+the word B<hash> which will automatically follow the guidelines in RFC3280
+or a hex string giving the extension value to include. The use of the hex
+string is strongly discouraged.
+
+Example:
+
+ subjectKeyIdentifier=hash
+
+
+=head2 Authority Key Identifier.
+
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value "always".
+
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value "always" is present
+then an error is returned if the option fails.
+
+The issuer option copies the issuer and serial number from the issuer
+certificate. This will only be done if the keyid option fails or
+is not included unless the "always" flag will always include the value.
+
+Example:
+
+ authorityKeyIdentifier=keyid,issuer
+
+
+=head2 Subject Alternative Name.
+
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include B<email> (an email address)
+B<URI> a uniform resource indicator, B<DNS> (a DNS domain name), B<RID> (a
+registered ID: OBJECT IDENTIFIER), B<IP> (an IP address), B<dirName>
+(a distinguished name) and otherName.
+
+The email option include a special 'copy' value. This will automatically
+include any email addresses contained in the certificate subject name in
+the extension.
+
+The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
+
+The value of B<dirName> should point to a section containing the distinguished
+name to use as a set of name value pairs. Multi values AVAs can be formed by
+prefacing the name with a B<+> character.
+
+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+L<ASN1_generate_nconf(3)> format.
+
+Examples:
+
+ subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+ subjectAltName=IP:192.168.7.1
+ subjectAltName=IP:13::17
+ subjectAltName=email:my@other.address,RID:1.2.3.4
+ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+
+ subjectAltName=dirName:dir_sect
+
+ [dir_sect]
+ C=UK
+ O=My Organization
+ OU=My Unit
+ CN=My Name
+
+
+=head2 Issuer Alternative Name.
+
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does B<not> support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer
+certificate (if possible).
+
+Example:
+
+ issuserAltName = issuer:copy
+
+
+=head2 Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where I<location> has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful, for example OCSP and caIssuers.
+
+Example:
+
+ authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+ authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
+
+=head2 CRL distribution points
+
+This is a multi-valued extension whose options can be either in name:value pair
+using the same form as subject alternative name or a single value representing
+a section name containing all the distribution point fields.
+
+For a name:value pair a new DistributionPoint with the fullName field set to
+the given value both the cRLissuer and reasons fields are omitted in this case.
+
+In the single option case the section indicated contains values for each
+field. In this section:
+
+If the name is "fullname" the value field should contain the full name
+of the distribution point in the same format as subject alternative name.
+
+If the name is "relativename" then the value field should contain a section
+name whose contents represent a DN fragment to be placed in this field.
+
+The name "CRLIssuer" if present should contain a value for this field in
+subject alternative name format.
+
+If the name is "reasons" the value field should consist of a comma
+separated field containing the reasons. Valid reasons are: "keyCompromise",
+"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation",
+"certificateHold", "privilegeWithdrawn" and "AACompromise".
+
+
+Simple examples:
+
+ crlDistributionPoints=URI:http://myhost.com/myca.crl
+ crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+
+Full distribution point example:
+
+ crlDistributionPoints=crldp1_section
+
+ [crldp1_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ CRLissuer=dirName:issuer_sect
+ reasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+=head2 Issuing Distribution Point
+
+This extension should only appear in CRLs. It is a multi valued extension
+whose syntax is similar to the "section" pointed to by the CRL distribution
+points extension with a few differences.
+
+The names "reasons" and "CRLissuer" are not recognized.
+
+The name "onlysomereasons" is accepted which sets this field. The value is
+in the same format as the CRL distribution point "reasons" field.
+
+The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted
+the values should be a boolean value (TRUE or FALSE) to indicate the value of
+the corresponding field.
+
+Example:
+
+ issuingDistributionPoint=critical, @idp_section
+
+ [idp_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ indirectCRL=TRUE
+ onlysomereasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+
+=head2 Certificate Policies.
+
+This is a I<raw> extension. All the fields of this extension can be set by
+using the appropriate syntax.
+
+If you follow the PKIX recommendations and just using one OID then you just
+include the value of that OID. Multiple OIDs can be set separated by commas,
+for example:
+
+ certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+ CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+ userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must BOTH be present. If you use the userNotice option with IE5
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+
+Example:
+
+ certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+ [polsect]
+
+ policyIdentifier = 1.3.5.8
+ CPS.1="http://my.host.name/"
+ CPS.2="http://my.your.name/"
+ userNotice.1=@notice
+
+ [notice]
+
+ explicitText="Explicit Text Here"
+ organization="Organisation Name"
+ noticeNumbers=1,2,3,4
+
+The B<ia5org> option changes the type of the I<organization> field. In RFC2459
+it can only be of type DisplayText. In RFC3280 IA5String is also permissible.
+Some software (for example some versions of MSIE) may require ia5org.
+
+=head2 Policy Constraints
+
+This is a multi-valued extension which consisting of the names
+B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative integer
+value. At least one component must be present.
+
+Example:
+
+ policyConstraints = requireExplicitPolicy:3
+
+
+=head2 Inhibit Any Policy
+
+This is a string extension whose value must be a non negative integer.
+
+Example:
+
+ inhibitAnyPolicy = 2
+
+
+=head2 Name Constraints
+
+The name constraints extension is a multi-valued extension. The name should
+begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of
+the name and the value follows the syntax of subjectAltName except email:copy
+is not supported and the B<IP> form should consist of an IP addresses and
+subnet mask separated by a B</>.
+
+Examples:
+
+ nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
+
+ nameConstraints=permitted;email:.somedomain.com
+
+ nameConstraints=excluded;email:.com
+
+
+=head2 OCSP No Check
+
+The OCSP No Check extension is a string extension but its value is ignored.
+
+Example:
+
+ noCheck = ignored
+
+
+=head2 TLS Feature (aka Must Staple)
+
+This is a multi-valued extension consisting of a list of TLS extension
+identifiers. Each identifier may be a number (0..65535) or a supported name.
+When a TLS client sends a listed extension, the TLS server is expected to
+include that extension in its reply.
+
+The supported names are: B<status_request> and B<status_request_v2>.
+
+Example:
+
+ tlsfeature = status_request
+
+
+=head1 DEPRECATED EXTENSIONS
+
+The following extensions are non standard, Netscape specific and largely
+obsolete. Their use in new applications is discouraged.
+
+=head2 Netscape String extensions.
+
+Netscape Comment (B<nsComment>) is a string extension containing a comment
+which will be displayed when the certificate is viewed in some browsers.
+
+Example:
+
+ nsComment = "Some Random Comment"
+
+Other supported extensions in this category are: B<nsBaseUrl>,
+B<nsRevocationUrl>, B<nsCaRevocationUrl>, B<nsRenewalUrl>, B<nsCaPolicyUrl>
+and B<nsSslServerName>.
+
+
+=head2 Netscape Certificate Type
+
+This is a multi-valued extensions which consists of a list of flags to be
+included. It was used to indicate the purposes for which a certificate could
+be used. The basicConstraints, keyUsage and extended key usage extensions are
+now used instead.
+
+Acceptable values for nsCertType are: B<client>, B<server>, B<email>,
+B<objsign>, B<reserved>, B<sslCA>, B<emailCA>, B<objCA>.
+
+
+=head1 ARBITRARY EXTENSIONS
+
+If an extension is not supported by the OpenSSL code then it must be encoded
+using the arbitrary extension format. It is also possible to use the arbitrary
+format for supported extensions. Extreme care should be taken to ensure that
+the data is formatted correctly for the given extension type.
+
+There are two ways to encode arbitrary extensions.
+
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as L<ASN1_generate_nconf(3)>.
+For example:
+
+ 1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+ 1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+ [seq_sect]
+
+ field1 = UTF8:field1
+ field2 = UTF8:field2
+
+It is also possible to use the word DER to include the raw encoded data in any
+extension.
+
+ 1.2.3.4=critical,DER:01:02:03:04
+ 1.2.3.4=DER:01020304
+
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+ basicConstraints=critical,DER:00:01:02:03
+
+=head1 WARNING
+
+There is no guarantee that a specific implementation will process a given
+extension. It may therefore be sometimes possible to use certificates for
+purposes prohibited by their extensions because a specific application does
+not recognize or honour the values of the relevant extensions.
+
+The DER and ASN1 options should be used with caution. It is possible to create
+totally invalid extensions if they are not used carefully.
+
+
+=head1 NOTES
+
+If an extension is multi-value and a field value must contain a comma the long
+form must be used otherwise the comma would be misinterpreted as a field
+separator. For example:
+
+ subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+
+will produce an error but the equivalent form:
+
+ subjectAltName=@subject_alt_section
+
+ [subject_alt_section]
+ subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+
+is valid.
+
+Due to the behaviour of the OpenSSL B<conf> library the same field name
+can only occur once in a section. This means that:
+
+ subjectAltName=@alt_section
+
+ [alt_section]
+
+ email=steve@here
+ email=steve@there
+
+will only recognize the last value. This can be worked around by using the form:
+
+ [alt_section]
+
+ email.1=steve@here
+ email.2=steve@there
+
+=head1 SEE ALSO
+
+L<req(1)>, L<ca(1)>, L<x509(1)>,
+L<ASN1_generate_nconf(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_INTEGER_get_int64.pod b/openssl-1.1.0h/doc/crypto/ASN1_INTEGER_get_int64.pod
new file mode 100644
index 0000000..f61268d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_INTEGER_get_int64.pod
@@ -0,0 +1,133 @@
+=pod
+
+=head1 NAME
+
+ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64,
+ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN
+- ASN.1 INTEGER and ENUMERATED utilities
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_INTEGER_get(const ASN1_INTEGER *a, long v);
+
+ int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+ long ASN1_INTEGER_set(const ASN1_INTEGER *a);
+
+ int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+
+ int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r);
+ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+=head1 DESCRIPTION
+
+These functions convert to and from B<ASN1_INTEGER> and B<ASN1_ENUMERATED>
+structures.
+
+ASN1_INTEGER_get_int64() converts an B<ASN1_INTEGER> into an B<int64_t> type
+If successful it returns 1 and sets B<*pr> to the value of B<a>. If it fails
+(due to invalid type or the value being too big to fit into an B<int64_t> type)
+it returns 0.
+
+ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it
+converts to a B<uint64_t> type and an error is returned if the passed integer
+is negative.
+
+ASN1_INTEGER_get() also returns the value of B<a> but it returns 0 if B<a> is
+NULL and -1 on error (which is ambiguous because -1 is a legitimate value for
+an B<ASN1_INTEGER>). New applications should use ASN1_INTEGER_get_int64()
+instead.
+
+ASN1_INTEGER_set_int64() sets the value of B<ASN1_INTEGER> B<a> to the
+B<int64_t> value B<r>.
+
+ASN1_INTEGER_set_uint64() sets the value of B<ASN1_INTEGER> B<a> to the
+B<uint64_t> value B<r>.
+
+ASN1_INTEGER_set() sets the value of B<ASN1_INTEGER> B<a> to the B<long> value
+B<v>.
+
+BN_to_ASN1_INTEGER() converts B<BIGNUM> B<bn> to an B<ASN1_INTEGER>. If B<ai>
+is NULL a new B<ASN1_INTEGER> structure is returned. If B<ai> is not NULL then
+the existing structure will be used instead.
+
+ASN1_INTEGER_to_BN() converts ASN1_INTEGER B<ai> into a B<BIGNUM>. If B<bn> is
+NULL a new B<BIGNUM> structure is returned. If B<bn> is not NULL then the
+existing structure will be used instead.
+
+ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(),
+ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN()
+behave in an identical way to their ASN1_INTEGER counterparts except they
+operate on an B<ASN1_ENUMERATED> value.
+
+ASN1_ENUMERATED_get() returns the value of B<a> in a similar way to
+ASN1_INTEGER_get() but it returns B<0xffffffffL> if the value of B<a> will not
+fit in a long type. New applications should use ASN1_ENUMERATED_get_int64()
+instead.
+
+=head1 NOTES
+
+In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an
+integer of almost arbitrary size and so cannot always be represented by a C
+B<int64_t> type. However in many cases (for example version numbers) they
+represent small integers which can be more easily manipulated if converted to
+an appropriate C integer type.
+
+=head1 BUGS
+
+The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
+mean these functions should be avoided if possible. They are retained for
+compatibility. Normally the ambiguous return values are not legitimate
+values for the fields they represent.
+
+=head1 RETURN VALUES
+
+ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and
+ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only
+fail if a memory allocation error occurs.
+
+ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success
+and 0 for failure. They will fail if the passed type is incorrect (this will
+only happen if there is a programming error) or if the value exceeds the range
+of an B<int64_t> type.
+
+BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an B<ASN1_INTEGER> or
+B<ASN1_ENUMERATED> structure respectively or NULL if an error occurs. They will
+only fail due to a memory allocation error.
+
+ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a B<BIGNUM> structure
+of NULL if an error occurs. They can fail if the passed type is incorrect
+(due to programming error) or due to a memory allocation failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 HISTORY
+
+ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
+ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
+were added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_OBJECT_new.pod b/openssl-1.1.0h/doc/crypto/ASN1_OBJECT_new.pod
new file mode 100644
index 0000000..4c018ef
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_OBJECT_new.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ASN1_OBJECT_new, ASN1_OBJECT_free - object allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
+
+=head1 DESCRIPTION
+
+The ASN1_OBJECT allocation routines, allocate and free an
+ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
+
+ASN1_OBJECT_new() allocates and initializes an ASN1_OBJECT structure.
+
+ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
+If B<a> is NULL, nothing is done.
+
+=head1 NOTES
+
+Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it
+is almost never used in applications. The ASN1 object utility functions
+such as OBJ_nid2obj() are used instead.
+
+=head1 RETURN VALUES
+
+If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+ASN1_OBJECT_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_STRING_length.pod b/openssl-1.1.0h/doc/crypto/ASN1_STRING_length.pod
new file mode 100644
index 0000000..20a372d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_STRING_length.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data,
+ASN1_STRING_to_UTF8 - ASN1_STRING utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_STRING_length(ASN1_STRING *x);
+ const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
+ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+ ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+
+ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+
+ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+ int ASN1_STRING_type(const ASN1_STRING *x);
+
+ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+=head1 DESCRIPTION
+
+These functions allow an B<ASN1_STRING> structure to be manipulated.
+
+ASN1_STRING_length() returns the length of the content of B<x>.
+
+ASN1_STRING_get0_data() returns an internal pointer to the data of B<x>.
+Since this is an internal pointer it should B<not> be freed or
+modified in any way.
+
+ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the
+returned value is not constant. This function is deprecated:
+applications should use ASN1_STRING_get0_data() instead.
+
+ASN1_STRING_dup() returns a copy of the structure B<a>.
+
+ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
+are identical. The string types and content are compared.
+
+ASN1_STRING_set() sets the data of string B<str> to the buffer
+B<data> or length B<len>. The supplied data is copied. If B<len>
+is -1 then the length is determined by strlen(data).
+
+ASN1_STRING_type() returns the type of B<x>, using standard constants
+such as B<V_ASN1_OCTET_STRING>.
+
+ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
+converted data is allocated in a buffer in B<*out>. The length of
+B<out> is returned or a negative error code. The buffer B<*out>
+should be freed using OPENSSL_free().
+
+=head1 NOTES
+
+Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedef'ed
+to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
+B<ASN1_STRING> is also used for some B<CHOICE> types which consist
+entirely of primitive string types such as B<DirectoryString> and
+B<Time>.
+
+These functions should B<not> be used to examine or modify B<ASN1_INTEGER>
+or B<ASN1_ENUMERATED> types: the relevant B<INTEGER> or B<ENUMERATED>
+utility functions should be used instead.
+
+In general it cannot be assumed that the data returned by ASN1_STRING_data()
+is null terminated or does not contain embedded nulls. The actual format
+of the data will depend on the actual string type itself: for example
+for an IA5String the data will be ASCII, for a BMPString two bytes per
+character in big endian format, and for an UTF8String it will be in UTF8 format.
+
+Similar care should be take to ensure the data is in the correct format
+when calling ASN1_STRING_set().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_STRING_new.pod b/openssl-1.1.0h/doc/crypto/ASN1_STRING_new.pod
new file mode 100644
index 0000000..7bd2fc1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_STRING_new.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free -
+ASN1_STRING allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ ASN1_STRING * ASN1_STRING_new(void);
+ ASN1_STRING * ASN1_STRING_type_new(int type);
+ void ASN1_STRING_free(ASN1_STRING *a);
+
+=head1 DESCRIPTION
+
+ASN1_STRING_new() returns an allocated B<ASN1_STRING> structure. Its type
+is undefined.
+
+ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
+type B<type>.
+
+ASN1_STRING_free() frees up B<a>.
+If B<a> is NULL nothing is done.
+
+=head1 NOTES
+
+Other string types call the B<ASN1_STRING> functions. For example
+ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+
+=head1 RETURN VALUES
+
+ASN1_STRING_new() and ASN1_STRING_type_new() return a valid
+ASN1_STRING structure or B<NULL> if an error occurred.
+
+ASN1_STRING_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_STRING_print_ex.pod b/openssl-1.1.0h/doc/crypto/ASN1_STRING_print_ex.pod
new file mode 100644
index 0000000..a521f78
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_STRING_print_ex.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print
+- ASN1_STRING output routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
+
+ const char *ASN1_tag2str(int tag);
+
+=head1 DESCRIPTION
+
+These functions output an B<ASN1_STRING> structure. B<ASN1_STRING> is used to
+represent all the ASN1 string types.
+
+ASN1_STRING_print_ex() outputs B<str> to B<out>, the format is determined by
+the options B<flags>. ASN1_STRING_print_ex_fp() is identical except it outputs
+to B<fp> instead.
+
+ASN1_STRING_print() prints B<str> to B<out> but using a different format to
+ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF)
+with '.'.
+
+ASN1_tag2str() returns a human-readable name of the specified ASN.1 B<tag>.
+
+=head1 NOTES
+
+ASN1_STRING_print() is a legacy function which should be avoided in new applications.
+
+Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
+suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
+
+The complete set of supported options for B<flags> is listed below.
+
+Various characters can be escaped. If B<ASN1_STRFLGS_ESC_2253> is set the characters
+determined by RFC2253 are escaped. If B<ASN1_STRFLGS_ESC_CTRL> is set control
+characters are escaped. If B<ASN1_STRFLGS_ESC_MSB> is set characters with the
+MSB set are escaped: this option should B<not> be used if the terminal correctly
+interprets UTF8 sequences.
+
+Escaping takes several forms.
+
+If the character being escaped is a 16 bit character then the form "\UXXXX" is used
+using exactly four characters for the hex representation. If it is 32 bits then
+"\WXXXXXXXX" is used using eight characters of its hex representation. These forms
+will only be used if UTF8 conversion is not set (see below).
+
+Printable characters are normally escaped using the backslash '\' character. If
+B<ASN1_STRFLGS_ESC_QUOTE> is set then the whole string is instead surrounded by
+double quote characters: this is arguably more readable than the backslash
+notation. Other characters use the "\XX" using exactly two characters of the hex
+representation.
+
+If B<ASN1_STRFLGS_UTF8_CONVERT> is set then characters are converted to UTF8
+format first. If the terminal supports the display of UTF8 sequences then this
+option will correctly display multi byte characters.
+
+If B<ASN1_STRFLGS_IGNORE_TYPE> is set then the string type is not interpreted at
+all: everything is assumed to be one byte per character. This is primarily for
+debugging purposes and can result in confusing output in multi character strings.
+
+If B<ASN1_STRFLGS_SHOW_TYPE> is set then the string type itself is printed out
+before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().
+
+The content of a string instead of being interpreted can be "dumped": this just
+outputs the value of the string using the form #XXXX using hex format for each
+octet.
+
+If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
+
+Normally non character string types (such as OCTET STRING) are assumed to be
+one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
+be dumped instead.
+
+When a type is dumped normally just the content octets are printed, if
+B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
+instead (including tag and length octets).
+
+B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
+equivalent to:
+ ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
+ ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
+
+=head1 SEE ALSO
+
+L<X509_NAME_print_ex(3)>,
+L<ASN1_tag2str(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_TIME_set.pod b/openssl-1.1.0h/doc/crypto/ASN1_TIME_set.pod
new file mode 100644
index 0000000..457b721
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_TIME_set.pod
@@ -0,0 +1,138 @@
+=pod
+
+=head1 NAME
+
+ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string,
+ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions
+
+=head1 SYNOPSIS
+
+ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                          int offset_day, long offset_sec);
+ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+ int ASN1_TIME_check(const ASN1_TIME *t);
+ int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+
+ int ASN1_TIME_diff(int *pday, int *psec,
+                    const ASN1_TIME *from, const ASN1_TIME *to);
+
+=head1 DESCRIPTION
+
+The function ASN1_TIME_set() sets the ASN1_TIME structure B<s> to the
+time represented by the time_t value B<t>. If B<s> is NULL a new ASN1_TIME
+structure is allocated and returned.
+
+ASN1_TIME_adj() sets the ASN1_TIME structure B<s> to the time represented
+by the time B<offset_day> and B<offset_sec> after the time_t value B<t>.
+The values of B<offset_day> or B<offset_sec> can be negative to set a
+time before B<t>. The B<offset_sec> value can also exceed the number of
+seconds in a day. If B<s> is NULL a new ASN1_TIME structure is allocated
+and returned.
+
+ASN1_TIME_set_string() sets ASN1_TIME structure B<s> to the time
+represented by string B<str> which must be in appropriate ASN.1 time
+format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ).
+
+ASN1_TIME_check() checks the syntax of ASN1_TIME structure B<s>.
+
+ASN1_TIME_print() prints out the time B<s> to BIO B<b> in human readable
+format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example
+"Feb  3 00:55:52 2015 GMT" it does not include a newline. If the time
+structure has invalid format it prints out "Bad time value" and returns
+an error.
+
+ASN1_TIME_diff() sets B<*pday> and B<*psec> to the time difference between
+B<from> and B<to>. If B<to> represents a time later than B<from> then
+one or both (depending on the time difference) of B<*pday> and B<*psec>
+will be positive. If B<to> represents a time earlier than B<from> then
+one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from>
+represent the same time then B<*pday> and B<*psec> will both be zero.
+If both B<*pday> and B<*psec> are non-zero they will always have the same
+sign. The value of B<*psec> will always be less than the number of seconds
+in a day. If B<from> or B<to> is NULL the current time is used.
+
+=head1 NOTES
+
+The ASN1_TIME structure corresponds to the ASN.1 structure B<Time>
+defined in RFC5280 et al. The time setting functions obey the rules outlined
+in RFC5280: if the date can be represented by UTCTime it is used, else
+GeneralizedTime is used.
+
+The ASN1_TIME structure is represented as an ASN1_STRING internally and can
+be freed up using ASN1_STRING_free().
+
+The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt
+is made to correct ancient calendar changes (for example from Julian to
+Gregorian calendars).
+
+Some applications add offset times directly to a time_t value and pass the
+results to ASN1_TIME_set() (or equivalent). This can cause problems as the
+time_t value can overflow on some systems resulting in unexpected results.
+New applications should use ASN1_TIME_adj() instead and pass the offset value
+in the B<offset_sec> and B<offset_day> parameters instead of directly
+manipulating a time_t value.
+
+=head1 BUGS
+
+ASN1_TIME_print() currently does not print out the time zone: it either prints
+out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT
+anyway.
+
+=head1 EXAMPLES
+
+Set a time structure to one hour after the current time and print it out:
+
+ #include <time.h>
+ #include <openssl/asn1.h>
+ ASN1_TIME *tm;
+ time_t t;
+ BIO *b;
+ t = time(NULL);
+ tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+ b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ ASN1_TIME_print(b, tm);
+ ASN1_STRING_free(tm);
+ BIO_free(b);
+
+Determine if one time is later or sooner than the current time:
+
+ int day, sec;
+
+ if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+        /* Invalid time format */
+
+ if (day > 0 || sec > 0)
+   printf("Later\n");
+ else if (day < 0 || sec < 0)
+   printf("Sooner\n");
+ else
+   printf("Same\n");
+
+=head1 RETURN VALUES
+
+ASN1_TIME_set() and ASN1_TIME_adj() return a pointer to an ASN1_TIME structure
+or NULL if an error occurred.
+
+ASN1_TIME_set_string() returns 1 if the time value is successfully set and
+0 otherwise.
+
+ASN1_TIME_check() returns 1 if the structure is syntactically correct and 0
+otherwise.
+
+ASN1_TIME_print() returns 1 if the time is successfully printed out and 0 if
+an error occurred (I/O error or invalid time format).
+
+ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the
+pass ASN1_TIME structure has invalid syntax for example.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_TYPE_get.pod b/openssl-1.1.0h/doc/crypto/ASN1_TYPE_get.pod
new file mode 100644
index 0000000..70c5687
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_TYPE_get.pod
@@ -0,0 +1,100 @@
+=pod
+
+=head1 NAME
+
+ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence - ASN1_TYPE utility
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_TYPE_get(const ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s,
+                                    ASN1_TYPE **t);
+
+=head1 DESCRIPTION
+
+These functions allow an ASN1_TYPE structure to be manipulated. The
+ASN1_TYPE structure can contain any ASN.1 type or constructed type
+such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.
+
+ASN1_TYPE_get() returns the type of B<a>.
+
+ASN1_TYPE_set() sets the value of B<a> to B<type> and B<value>. This
+function uses the pointer B<value> internally so it must B<not> be freed
+up after the call.
+
+ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>.
+
+ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if
+they are identical and non-zero otherwise.
+
+ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in
+B<t> using the ASN.1 structure B<it>. If successful it returns a pointer
+to the ASN.1 structure corresponding to B<it> which must be freed by the
+caller. If it fails it return NULL.
+
+ASN1_TYPE_pack_sequence() attempts to encode the ASN.1 structure B<s>
+corresponding to B<it> into an ASN1_TYPE. If successful the encoded
+ASN1_TYPE is returned. If B<t> and B<*t> are not NULL the encoded type
+is written to B<t> overwriting any existing data. If B<t> is not NULL
+but B<*t> is NULL the returned ASN1_TYPE is written to B<*t>.
+
+=head1 NOTES
+
+The type and meaning of the B<value> parameter for ASN1_TYPE_set() and
+ASN1_TYPE_set1() is determined by the B<type> parameter.
+If B<type> is V_ASN1_NULL B<value> is ignored. If B<type> is V_ASN1_BOOLEAN
+then the boolean is set to TRUE if B<value> is not NULL. If B<type> is
+V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise B<type>
+is and ASN1_STRING structure. If B<type> corresponds to a primitive type
+(or a string type) then the contents of the ASN1_STRING contain the content
+octets of the type. If B<type> corresponds to a constructed type or
+a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the
+ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and
+length octets).
+
+ASN1_TYPE_cmp() may not return zero if two types are equivalent but have
+different encodings. For example the single content octet of the boolean TRUE
+value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will
+only return zero if the values are the same.
+
+If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
+return value is non-zero. Technically if both parameters are NULL the two
+types could be absent OPTIONAL fields and so should match, however passing
+NULL values could also indicate a programming error (for example an
+unparseable type which returns NULL) for types which do B<not> match. So
+applications should handle the case of two absent values separately.
+
+=head1 RETURN VALUES
+
+ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.
+
+ASN1_TYPE_set() does not return a value.
+
+ASN1_TYPE_set1() returns 1 for success and 0 for failure.
+
+ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise.
+
+ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or
+NULL on failure.
+
+ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or
+NULL on failure.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASN1_generate_nconf.pod b/openssl-1.1.0h/doc/crypto/ASN1_generate_nconf.pod
new file mode 100644
index 0000000..bf29af6
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASN1_generate_nconf.pod
@@ -0,0 +1,270 @@
+=pod
+
+=head1 NAME
+
+ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+
+=head1 DESCRIPTION
+
+These functions generate the ASN1 encoding of a string
+in an B<ASN1_TYPE> structure.
+
+B<str> contains the string to encode B<nconf> or B<cnf> contains
+the optional configuration information where additional strings
+will be read from. B<nconf> will typically come from a config
+file whereas B<cnf> is obtained from an B<X509V3_CTX> structure
+which will typically be used by X509 v3 certificate extension
+functions. B<cnf> or B<nconf> can be set to B<NULL> if no additional
+configuration will be used.
+
+=head1 GENERATION STRING FORMAT
+
+The actual data encoded is determined by the string B<str> and
+the configuration information. The general format of the string
+is:
+
+=over 4
+
+=item B<[modifier,]type[:value]>
+
+=back
+
+That is zero or more comma separated modifiers followed by a type
+followed by an optional colon and a value. The formats of B<type>,
+B<value> and B<modifier> are explained below.
+
+=head2 Supported Types
+
+The supported types are listed below. Unless otherwise specified
+only the B<ASCII> format is permissible.
+
+=over 4
+
+=item B<BOOLEAN>, B<BOOL>
+
+This encodes a boolean type. The B<value> string is mandatory and
+should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
+B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
+are acceptable.
+
+=item B<NULL>
+
+Encode the B<NULL> type, the B<value> string must not be present.
+
+=item B<INTEGER>, B<INT>
+
+Encodes an ASN1 B<INTEGER> type. The B<value> string represents
+the value of the integer, it can be prefaced by a minus sign and
+is normally interpreted as a decimal value unless the prefix B<0x>
+is included.
+
+=item B<ENUMERATED>, B<ENUM>
+
+Encodes the ASN1 B<ENUMERATED> type, it is otherwise identical to
+B<INTEGER>.
+
+=item B<OBJECT>, B<OID>
+
+Encodes an ASN1 B<OBJECT IDENTIFIER>, the B<value> string can be
+a short name, a long name or numerical format.
+
+=item B<UTCTIME>, B<UTC>
+
+Encodes an ASN1 B<UTCTime> structure, the value should be in
+the format B<YYMMDDHHMMSSZ>.
+
+=item B<GENERALIZEDTIME>, B<GENTIME>
+
+Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
+the format B<YYYYMMDDHHMMSSZ>.
+
+=item B<OCTETSTRING>, B<OCT>
+
+Encodes an ASN1 B<OCTET STRING>. B<value> represents the contents
+of this structure, the format strings B<ASCII> and B<HEX> can be
+used to specify the format of B<value>.
+
+=item B<BITSTRING>, B<BITSTR>
+
+Encodes an ASN1 B<BIT STRING>. B<value> represents the contents
+of this structure, the format strings B<ASCII>, B<HEX> and B<BITLIST>
+can be used to specify the format of B<value>.
+
+If the format is anything other than B<BITLIST> the number of unused
+bits is set to zero.
+
+=item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>,
+B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>,
+B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>,
+B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>, B<NUMERICSTRING>,
+B<NUMERIC>
+
+These encode the corresponding string types. B<value> represents the
+contents of this structure. The format can be B<ASCII> or B<UTF8>.
+
+=item B<SEQUENCE>, B<SEQ>, B<SET>
+
+Formats the result as an ASN1 B<SEQUENCE> or B<SET> type. B<value>
+should be a section name which will contain the contents. The
+field names in the section are ignored and the values are in the
+generated string format. If B<value> is absent then an empty SEQUENCE
+will be encoded.
+
+=back
+
+=head2 Modifiers
+
+Modifiers affect the following structure, they can be used to
+add EXPLICIT or IMPLICIT tagging, add wrappers or to change
+the string format of the final type and value. The supported
+formats are documented below.
+
+=over 4
+
+=item B<EXPLICIT>, B<EXP>
+
+Add an explicit tag to the following structure. This string
+should be followed by a colon and the tag value to use as a
+decimal value.
+
+By following the number with B<U>, B<A>, B<P> or B<C> UNIVERSAL,
+APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used,
+the default is CONTEXT SPECIFIC.
+
+=item B<IMPLICIT>, B<IMP>
+
+This is the same as B<EXPLICIT> except IMPLICIT tagging is used
+instead.
+
+=item B<OCTWRAP>, B<SEQWRAP>, B<SETWRAP>, B<BITWRAP>
+
+The following structure is surrounded by an OCTET STRING, a SEQUENCE,
+a SET or a BIT STRING respectively. For a BIT STRING the number of unused
+bits is set to zero.
+
+=item B<FORMAT>
+
+This specifies the format of the ultimate value. It should be followed
+by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
+
+If no format specifier is included then B<ASCII> is used. If B<UTF8> is
+specified then the value string must be a valid B<UTF8> string. For B<HEX> the
+output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT
+STRING) is a comma separated list of the indices of the set bits, all other
+bits are zero.
+
+=back
+
+=head1 EXAMPLES
+
+A simple IA5String:
+
+ IA5STRING:Hello World
+
+An IA5String explicitly tagged:
+
+ EXPLICIT:0,IA5STRING:Hello World
+
+An IA5String explicitly tagged using APPLICATION tagging:
+
+ EXPLICIT:0A,IA5STRING:Hello World
+
+A BITSTRING with bits 1 and 5 set and all others zero:
+
+ FORMAT:BITLIST,BITSTRING:1,5
+
+A more complex example using a config file to produce a
+SEQUENCE consisting of a BOOL an OID and a UTF8String:
+
+ asn1 = SEQUENCE:seq_section
+
+ [seq_section]
+
+ field1 = BOOLEAN:TRUE
+ field2 = OID:commonName
+ field3 = UTF8:Third field
+
+This example produces an RSAPrivateKey structure, this is the
+key contained in the file client.pem in all OpenSSL distributions
+(note: the field names such as 'coeff' are ignored and are present just
+for clarity):
+
+ asn1=SEQUENCE:private_key
+ [private_key]
+ version=INTEGER:0
+
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+ e=INTEGER:0x010001
+
+ d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+ F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
+
+ p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+ D4BD57
+
+ q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+ 46EC4F
+
+ exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+ 9C0A39B9
+
+ exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+ E7B2458F
+
+ coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+ 628657053A
+
+This example is the corresponding public key in a SubjectPublicKeyInfo
+structure:
+
+ # Start with a SEQUENCE
+ asn1=SEQUENCE:pubkeyinfo
+
+ # pubkeyinfo contains an algorithm identifier and the public key wrapped
+ # in a BIT STRING
+ [pubkeyinfo]
+ algorithm=SEQUENCE:rsa_alg
+ pubkey=BITWRAP,SEQUENCE:rsapubkey
+
+ # algorithm ID for RSA is just an OID and a NULL
+ [rsa_alg]
+ algorithm=OID:rsaEncryption
+ parameter=NULL
+
+ # Actual public key: modulus and exponent
+ [rsapubkey]
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+ e=INTEGER:0x010001
+
+=head1 RETURN VALUES
+
+ASN1_generate_nconf() and ASN1_generate_v3() return the encoded
+data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred.
+
+The error codes that can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASYNC_WAIT_CTX_new.pod b/openssl-1.1.0h/doc/crypto/ASYNC_WAIT_CTX_new.pod
new file mode 100644
index 0000000..2fb00a3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASYNC_WAIT_CTX_new.pod
@@ -0,0 +1,144 @@
+=pod
+
+=head1 NAME
+
+ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd,
+ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
+ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd - functions to manage
+waiting for asynchronous jobs to complete
+
+=head1 SYNOPSIS
+
+ #include <openssl/async.h>
+
+ ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+ void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                                OSSL_ASYNC_FD fd,
+                                void *custom_data,
+                                void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+ int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                           OSSL_ASYNC_FD *fd, void **custom_data);
+ int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                                size_t *numfds);
+ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                    size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                    size_t *numdelfds);
+ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+
+
+=head1 DESCRIPTION
+
+For an overview of how asynchronous operations are implemented in OpenSSL see
+L<ASYNC_start_job(3)>. An ASYNC_WAIT_CTX object represents an asynchronous
+"session", i.e. a related set of crypto operations. For example in SSL terms
+this would have a one-to-one correspondence with an SSL connection.
+
+Application code must create an ASYNC_WAIT_CTX using the ASYNC_WAIT_CTX_new()
+function prior to calling ASYNC_start_job() (see L<ASYNC_start_job(3)>). When
+the job is started it is associated with the ASYNC_WAIT_CTX for the duration of
+that job. An ASYNC_WAIT_CTX should only be used for one ASYNC_JOB at any one
+time, but can be reused after an ASYNC_JOB has finished for a subsequent
+ASYNC_JOB. When the session is complete (e.g. the SSL connection is closed),
+application code cleans up with ASYNC_WAIT_CTX_free().
+
+ASYNC_WAIT_CTXs can have "wait" file descriptors associated with them. Calling
+ASYNC_WAIT_CTX_get_all_fds() and passing in a pointer to an ASYNC_WAIT_CTX in
+the B<ctx> parameter will return the wait file descriptors associated with that
+job in B<*fd>. The number of file descriptors returned will be stored in
+B<*numfds>. It is the caller's responsibility to ensure that sufficient memory
+has been allocated in B<*fd> to receive all the file descriptors. Calling
+ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file
+descriptors but will still populate B<*numfds>. Therefore application code is
+typically expected to call this function twice: once to get the number of fds,
+and then again when sufficient memory has been allocated. If only one
+asynchronous engine is being used then normally this call will only ever return
+one fd. If multiple asynchronous engines are being used then more could be
+returned.
+
+The function ASYNC_WAIT_CTX_get_changed_fds() can be used to detect if any fds
+have changed since the last call time ASYNC_start_job() returned an ASYNC_PAUSE
+result (or since the ASYNC_WAIT_CTX was created if no ASYNC_PAUSE result has
+been received). The B<numaddfds> and B<numdelfds> parameters will be populated
+with the number of fds added or deleted respectively. B<*addfd> and B<*delfd>
+will be populated with the list of added and deleted fds respectively. Similarly
+to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not
+NULL then the caller is responsible for ensuring sufficient memory is allocated.
+
+Implementors of async aware code (e.g. engines) are encouraged to return a
+stable fd for the lifetime of the ASYNC_WAIT_CTX in order to reduce the "churn"
+of regularly changing fds - although no guarantees of this are provided to
+applications.
+
+Applications can wait for the file descriptor to be ready for "read" using a
+system function call such as select or poll (being ready for "read" indicates
+that the job should be resumed). If no file descriptor is made available then an
+application will have to periodically "poll" the job by attempting to restart it
+to see if it is ready to continue.
+
+Async aware code (e.g. engines) can get the current ASYNC_WAIT_CTX from the job
+via L<ASYNC_get_wait_ctx(3)> and provide a file descriptor to use for waiting
+on by calling ASYNC_WAIT_CTX_set_wait_fd(). Typically this would be done by an
+engine immediately prior to calling ASYNC_pause_job() and not by end user code.
+An existing association with a file descriptor can be obtained using
+ASYNC_WAIT_CTX_get_fd() and cleared using ASYNC_WAIT_CTX_clear_fd(). Both of
+these functions requires a B<key> value which is unique to the async aware
+code.  This could be any unique value but a good candidate might be the
+B<ENGINE *> for the engine. The B<custom_data> parameter can be any value, and
+will be returned in a subsequent call to ASYNC_WAIT_CTX_get_fd(). The
+ASYNC_WAIT_CTX_set_wait_fd() function also expects a pointer to a "cleanup"
+routine. This can be NULL but if provided will automatically get called when
+the ASYNC_WAIT_CTX is freed, and gives the engine the opportunity to close the
+fd or any other resources. Note: The "cleanup" routine does not get called if
+the fd is cleared directly via a call to ASYNC_WAIT_CTX_clear_fd().
+
+An example of typical usage might be an async capable engine. User code would
+initiate cryptographic operations. The engine would initiate those operations
+asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd() followed by
+ASYNC_pause_job() to return control to the user code. The user code can then
+perform other tasks or wait for the job to be ready by calling "select" or other
+similar function on the wait file descriptor. The engine can signal to the user
+code that the job should be resumed by making the wait file descriptor
+"readable". Once resumed the engine should clear the wake signal on the wait
+file descriptor.
+
+=head1 RETURN VALUES
+
+ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated ASYNC_WAIT_CTX or
+NULL on error.
+
+ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
+ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on
+success or 0 on error.
+
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
+=head1 SEE ALSO
+
+L<crypto(3)>, L<ASYNC_start_job(3)>
+
+=head1 HISTORY
+
+ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd,
+ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
+ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
+OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ASYNC_start_job.pod b/openssl-1.1.0h/doc/crypto/ASYNC_start_job.pod
new file mode 100644
index 0000000..c10a66f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ASYNC_start_job.pod
@@ -0,0 +1,330 @@
+=pod
+
+=head1 NAME
+
+ASYNC_get_wait_ctx,
+ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job,
+ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable
+- asynchronous job management functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/async.h>
+
+ int ASYNC_init_thread(size_t max_size, size_t init_size);
+ void ASYNC_cleanup_thread(void);
+
+ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                     int (*func)(void *), void *args, size_t size);
+ int ASYNC_pause_job(void);
+
+ ASYNC_JOB *ASYNC_get_current_job(void);
+ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+ void ASYNC_block_pause(void);
+ void ASYNC_unblock_pause(void);
+
+ int ASYNC_is_capable(void);
+
+=head1 DESCRIPTION
+
+OpenSSL implements asynchronous capabilities through an ASYNC_JOB. This
+represents code that can be started and executes until some event occurs. At
+that point the code can be paused and control returns to user code until some
+subsequent event indicates that the job can be resumed.
+
+The creation of an ASYNC_JOB is a relatively expensive operation. Therefore, for
+efficiency reasons, jobs can be created up front and reused many times. They are
+held in a pool until they are needed, at which point they are removed from the
+pool, used, and then returned to the pool when the job completes. If the user
+application is multi-threaded, then ASYNC_init_thread() may be called for each
+thread that will initiate asynchronous jobs. Before
+user code exits per-thread resources need to be cleaned up. This will normally
+occur automatically (see L<OPENSSL_init_crypto(3)>) but may be explicitly
+initiated by using ASYNC_cleanup_thread(). No asynchronous jobs must be
+outstanding for the thread when ASYNC_cleanup_thread() is called. Failing to
+ensure this will result in memory leaks.
+
+The B<max_size> argument limits the number of ASYNC_JOBs that will be held in
+the pool. If B<max_size> is set to 0 then no upper limit is set. When an
+ASYNC_JOB is needed but there are none available in the pool already then one
+will be automatically created, as long as the total of ASYNC_JOBs managed by the
+pool does not exceed B<max_size>. When the pool is first initialised
+B<init_size> ASYNC_JOBs will be created immediately. If ASYNC_init_thread() is
+not called before the pool is first used then it will be called automatically
+with a B<max_size> of 0 (no upper limit) and an B<init_size> of 0 (no ASYNC_JOBs
+created up front).
+
+An asynchronous job is started by calling the ASYNC_start_job() function.
+Initially B<*job> should be NULL. B<ctx> should point to an ASYNC_WAIT_CTX
+object created through the L<ASYNC_WAIT_CTX_new(3)> function. B<ret> should
+point to a location where the return value of the asynchronous function should
+be stored on completion of the job. B<func> represents the function that should
+be started asynchronously. The data pointed to by B<args> and of size B<size>
+will be copied and then passed as an argument to B<func> when the job starts.
+ASYNC_start_job will return one of the following values:
+
+=over 4
+
+=item B<ASYNC_ERR>
+
+An error occurred trying to start the job. Check the OpenSSL error queue (e.g.
+see L<ERR_print_errors(3)>) for more details.
+
+=item B<ASYNC_NO_JOBS>
+
+There are no jobs currently available in the pool. This call can be retried
+again at a later time.
+
+=item B<ASYNC_PAUSE>
+
+The job was successfully started but was "paused" before it completed (see
+ASYNC_pause_job() below). A handle to the job is placed in B<*job>. Other work
+can be performed (if desired) and the job restarted at a later time. To restart
+a job call ASYNC_start_job() again passing the job handle in B<*job>. The
+B<func>, B<args> and B<size> parameters will be ignored when restarting a job.
+When restarting a job ASYNC_start_job() B<must> be called from the same thread
+that the job was originally started from.
+
+=item B<ASYNC_FINISH>
+
+The job completed. B<*job> will be NULL and the return value from B<func> will
+be placed in B<*ret>.
+
+=back
+
+At any one time there can be a maximum of one job actively running per thread
+(you can have many that are paused). ASYNC_get_current_job() can be used to get
+a pointer to the currently executing ASYNC_JOB. If no job is currently executing
+then this will return NULL.
+
+If executing within the context of a job (i.e. having been called directly or
+indirectly by the function "func" passed as an argument to ASYNC_start_job())
+then ASYNC_pause_job() will immediately return control to the calling
+application with ASYNC_PAUSE returned from the ASYNC_start_job() call. A
+subsequent call to ASYNC_start_job passing in the relevant ASYNC_JOB in the
+B<*job> parameter will resume execution from the ASYNC_pause_job() call. If
+ASYNC_pause_job() is called whilst not within the context of a job then no
+action is taken and ASYNC_pause_job() returns immediately.
+
+ASYNC_get_wait_ctx() can be used to get a pointer to the ASYNC_WAIT_CTX
+for the B<job>. ASYNC_WAIT_CTXs can have a "wait" file descriptor associated
+with them. Applications can wait for the file descriptor to be ready for "read"
+using a system function call such as select or poll (being ready for "read"
+indicates that the job should be resumed). If no file descriptor is made
+available then an application will have to periodically "poll" the job by
+attempting to restart it to see if it is ready to continue.
+
+An example of typical usage might be an async capable engine. User code would
+initiate cryptographic operations. The engine would initiate those operations
+asynchronously and then call L<ASYNC_WAIT_CTX_set_wait_fd(3)> followed by
+ASYNC_pause_job() to return control to the user code. The user code can then
+perform other tasks or wait for the job to be ready by calling "select" or other
+similar function on the wait file descriptor. The engine can signal to the user
+code that the job should be resumed by making the wait file descriptor
+"readable". Once resumed the engine should clear the wake signal on the wait
+file descriptor.
+
+The ASYNC_block_pause() function will prevent the currently active job from
+pausing. The block will remain in place until a subsequent call to
+ASYNC_unblock_pause(). These functions can be nested, e.g. if you call
+ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in
+order to re-enable pausing. If these functions are called while there is no
+currently active job then they have no effect. This functionality can be useful
+to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an
+application acquires a lock. It then calls some cryptographic function which
+invokes ASYNC_pause_job(). This returns control back to the code that created
+the ASYNC_JOB. If that code then attempts to acquire the same lock before
+resuming the original job then a deadlock can occur. By calling
+ASYNC_block_pause() immediately after acquiring the lock and
+ASYNC_unblock_pause() immediately before releasing it then this situation cannot
+occur.
+
+Some platforms cannot support async operations. The ASYNC_is_capable() function
+can be used to detect whether the current platform is async capable or not.
+
+=head1 RETURN VALUES
+
+ASYNC_init_thread returns 1 on success or 0 otherwise.
+
+ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or
+ASYNC_FINISH as described above.
+
+ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when
+not within the context of an ASYNC_JOB then this is counted as success so 1 is
+returned.
+
+ASYNC_get_current_job returns a pointer to the currently executing ASYNC_JOB or
+NULL if not within the context of a job.
+
+ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.
+
+ASYNC_is_capable() returns 1 if the current platform is async capable or 0
+otherwise.
+
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
+=head1 EXAMPLE
+
+The following example demonstrates how to use most of the core async APIs:
+
+ #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <openssl/async.h>
+ #include <openssl/crypto.h>
+
+ int unique = 0;
+
+ void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+ {
+     OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
+     close(r);
+     close(*w);
+     OPENSSL_free(w);
+ }
+
+ int jobfunc(void *arg)
+ {
+     ASYNC_JOB *currjob;
+     unsigned char *msg;
+     int pipefds[2] = {0, 0};
+     OSSL_ASYNC_FD *wptr;
+     char buf = 'X';
+
+     currjob = ASYNC_get_current_job();
+     if (currjob != NULL) {
+         printf("Executing within a job\n");
+     } else {
+         printf("Not executing within a job - should not happen\n");
+         return 0;
+     }
+
+     msg = (unsigned char *)arg;
+     printf("Passed in message is: %s\n", msg);
+
+     if (pipe(pipefds) != 0) {
+         printf("Failed to create pipe\n");
+         return 0;
+     }
+     wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD));
+     if (wptr == NULL) {
+         printf("Failed to malloc\n");
+         return 0;
+     }
+     *wptr = pipefds[1];
+     ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique,
+                                pipefds[0], wptr, cleanup);
+
+     /*
+      * Normally some external event would cause this to happen at some
+      * later point - but we do it here for demo purposes, i.e.
+      * immediately signalling that the job is ready to be woken up after
+      * we return to main via ASYNC_pause_job().
+      */
+     write(pipefds[1], &buf, 1);
+
+     /* Return control back to main */
+     ASYNC_pause_job();
+
+     /* Clear the wake signal */
+     read(pipefds[0], &buf, 1);
+
+     printf ("Resumed the job after a pause\n");
+
+     return 1;
+ }
+
+ int main(void)
+ {
+     ASYNC_JOB *job = NULL;
+     ASYNC_WAIT_CTX *ctx = NULL;
+     int ret;
+     OSSL_ASYNC_FD waitfd;
+     fd_set waitfdset;
+     size_t numfds;
+     unsigned char msg[13] = "Hello world!";
+
+     printf("Starting...\n");
+
+     ctx = ASYNC_WAIT_CTX_new();
+     if (ctx == NULL) {
+         printf("Failed to create ASYNC_WAIT_CTX\n");
+         abort();
+     }
+
+     for (;;) {
+         switch(ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+         case ASYNC_ERR:
+         case ASYNC_NO_JOBS:
+                 printf("An error occurred\n");
+                 goto end;
+         case ASYNC_PAUSE:
+                 printf("Job was paused\n");
+                 break;
+         case ASYNC_FINISH:
+                 printf("Job finished with return value %d\n", ret);
+                 goto end;
+         }
+
+         /* Wait for the job to be woken */
+         printf("Waiting for the job to be woken up\n");
+
+         if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
+                 || numfds > 1) {
+             printf("Unexpected number of fds\n");
+             abort();
+         }
+         ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds);
+         FD_ZERO(&waitfdset);
+         FD_SET(waitfd, &waitfdset);
+         select(waitfd + 1, &waitfdset, NULL, NULL, NULL);
+     }
+
+ end:
+     ASYNC_WAIT_CTX_free(ctx);
+     printf("Finishing\n");
+
+     return 0;
+ }
+
+The expected output from executing the above example program is:
+
+ Starting...
+ Executing within a job
+ Passed in message is: Hello world!
+ Job was paused
+ Waiting for the job to be woken up
+ Resumed the job after a pause
+ Job finished with return value 1
+ Finishing
+
+=head1 SEE ALSO
+
+L<crypto(3)>, L<ERR_print_errors(3)>
+
+=head1 HISTORY
+
+ASYNC_init_thread, ASYNC_cleanup_thread,
+ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(),
+ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first
+added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BF_encrypt.pod b/openssl-1.1.0h/doc/crypto/BF_encrypt.pod
new file mode 100644
index 0000000..0401e90
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BF_encrypt.pod
@@ -0,0 +1,117 @@
+=pod
+
+=head1 NAME
+
+BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/blowfish.h>
+
+ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+         BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+         long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+         long length, BF_KEY *schedule, unsigned char *ivec, int *num,
+         int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+         long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ const char *BF_options(void);
+
+ void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+=head1 DESCRIPTION
+
+This library implements the Blowfish cipher, which was invented and described
+by Counterpane (see http://www.counterpane.com/blowfish.html ).
+
+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+It uses a variable size key, but typically, 128 bit (16 byte) keys are
+considered good for strong encryption.  Blowfish can be used in the same
+modes as DES (see L<des_modes(7)>).  Blowfish is currently one
+of the faster block ciphers.  It is quite a bit faster than DES, and much
+faster than IDEA or RC2.
+
+Blowfish consists of a key setup phase and the actual encryption or decryption
+phase.
+
+BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
+at B<data>.
+
+BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
+It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
+putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed.  The vector pointed at by
+B<in> and B<out> must be 64 bits in length, no less.  If they are larger,
+everything after the first 64 bits is ignored.
+
+The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
+all operate on variable length data.  They all take an initialization vector
+B<ivec> which needs to be passed along into the next call of the same function
+for the same message.  B<ivec> may be initialized with anything, but the
+recipient needs to know what it was initialized with, or it won't be able
+to decrypt.  Some programs and protocols simplify this, like SSH, where
+B<ivec> is simply initialized to zero.
+BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+number of bytes (the amount does not have to be an exact multiple of 8).  The
+purpose of the latter two is to simulate stream ciphers, and therefore, they
+need the parameter B<num>, which is a pointer to an integer where the current
+offset in B<ivec> is stored between calls.  This integer must be initialized
+to zero when B<ivec> is initialized.
+
+BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.  It
+encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
+putting the result in B<out>.  B<enc> decides if encryption (BF_ENCRYPT) or
+decryption (BF_DECRYPT) shall be performed.  B<ivec> must point at an 8 byte
+long initialization vector.
+
+BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
+It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
+putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed.  B<ivec> must point at an
+8 byte long initialization vector. B<num> must point at an integer which must
+be initially zero.
+
+BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
+It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
+the same way.
+
+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
+B<data>, using the key B<key>.  These functions should not be used unless you
+implement 'modes' of Blowfish.  The alternative is to use BF_ecb_encrypt().
+If you still want to use these functions, you should be aware that they take
+each 32-bit chunk in host-byte order, which is little-endian on little-endian
+platforms and big-endian on big-endian ones.
+
+=head1 RETURN VALUES
+
+None of the functions presented here return any value.
+
+=head1 NOTE
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)> etc. instead of calling these
+functions directly.
+
+=head1 SEE ALSO
+
+L<EVP_EncryptInit(3)>,
+L<des_modes(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_ADDR.pod b/openssl-1.1.0h/doc/crypto/BIO_ADDR.pod
new file mode 100644
index 0000000..4b169e8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_ADDR.pod
@@ -0,0 +1,125 @@
+=pod
+
+=head1 NAME
+
+BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake,
+BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport,
+BIO_ADDR_hostname_string, BIO_ADDR_service_string,
+BIO_ADDR_path_string - BIO_ADDR routines
+
+=head1 SYNOPSIS
+
+ #include <sys/types.h>
+ #include <openssl/bio.h>
+
+ typedef union bio_addr_st BIO_ADDR;
+
+ BIO_ADDR *BIO_ADDR_new(void);
+ void BIO_ADDR_free(BIO_ADDR *);
+ void BIO_ADDR_clear(BIO_ADDR *ap);
+ int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                      const void *where, size_t wherelen, unsigned short port);
+ int BIO_ADDR_family(const BIO_ADDR *ap);
+ int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+ unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+ char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+=head1 DESCRIPTION
+
+The B<BIO_ADDR> type is a wrapper around all types of socket
+addresses that OpenSSL deals with, currently transparently
+supporting AF_INET, AF_INET6 and AF_UNIX according to what's
+available on the platform at hand.
+
+BIO_ADDR_new() creates a new unfilled B<BIO_ADDR>, to be used
+with routines that will fill it with information, such as
+BIO_accept_ex().
+
+BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new().
+
+BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets
+it back to an uninitialised state.
+
+BIO_ADDR_rawmake() takes a protocol B<family>, an byte array of
+size B<wherelen> with an address in network byte order pointed at
+by B<where> and a port number in network byte order in B<port> (except
+for the B<AF_UNIX> protocol family, where B<port> is meaningless and
+therefore ignored) and populates the given B<BIO_ADDR> with them.
+In case this creates a B<AF_UNIX> B<BIO_ADDR>, B<wherelen> is expected
+to be the length of the path string (not including the terminating
+NUL, such as the result of a call to strlen()).
+I<Read on about the addresses in L</RAW ADDRESSES> below>.
+
+BIO_ADDR_family() returns the protocol family of the given
+B<BIO_ADDR>.  The possible non-error results are one of the
+constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the
+BIO_ADDR has not been initialised.
+
+BIO_ADDR_rawaddress() will write the raw address of the given
+B<BIO_ADDR> in the area pointed at by B<p> if B<p> is non-NULL,
+and will set B<*l> to be the amount of bytes the raw address
+takes up if B<l> is non-NULL.
+A technique to only find out the size of the address is a call
+with B<p> set to B<NULL>.  The raw address will be in network byte
+order, most significant byte first.
+In case this is a B<AF_UNIX> B<BIO_ADDR>, B<l> gets the length of the
+path string (not including the terminating NUL, such as the result of
+a call to strlen()).
+I<Read on about the addresses in L</RAW ADDRESSES> below>.
+
+BIO_ADDR_rawport() returns the raw port of the given B<BIO_ADDR>.
+The raw port will be in network byte order.
+
+BIO_ADDR_hostname_string() returns a character string with the
+hostname of the given B<BIO_ADDR>.  If B<numeric> is 1, the string
+will contain the numerical form of the address.  This only works for
+B<BIO_ADDR> of the protocol families AF_INET and AF_INET6.  The
+returned string has been allocated on the heap and must be freed
+with OPENSSL_free().
+
+BIO_ADDR_service_string() returns a character string with the
+service name of the port of the given B<BIO_ADDR>.  If B<numeric>
+is 1, the string will contain the port number.  This only works
+for B<BIO_ADDR> of the protocol families AF_INET and AF_INET6.  The
+returned string has been allocated on the heap and must be freed
+with OPENSSL_free().
+
+BIO_ADDR_path_string() returns a character string with the path
+of the given B<BIO_ADDR>.  This only works for B<BIO_ADDR> of the
+protocol family AF_UNIX.  The returned string has been allocated
+on the heap and must be freed with OPENSSL_free().
+
+=head1 RAW ADDRESSES
+
+Both BIO_ADDR_rawmake() and BIO_ADDR_rawaddress() take a pointer to a
+network byte order address of a specific site.  Internally, those are
+treated as a pointer to B<struct in_addr> (for B<AF_INET>), B<struct
+in6_addr> (for B<AF_INET6>) or B<char *> (for B<AF_UNIX>), all
+depending on the protocol family the address is for.
+
+=head1 RETURN VALUES
+
+The string producing functions BIO_ADDR_hostname_string(),
+BIO_ADDR_service_string() and BIO_ADDR_path_string() will
+return B<NULL> on error and leave an error indication on the
+OpenSSL error stack.
+
+All other functions described here return 0 or B<NULL> when the
+information they should return isn't available.
+
+=head1 SEE ALSO
+
+L<BIO_connect(3)>, L<BIO_s_connect(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_ADDRINFO.pod b/openssl-1.1.0h/doc/crypto/BIO_ADDRINFO.pod
new file mode 100644
index 0000000..7811da4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_ADDRINFO.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+BIO_lookup_type,
+BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free,
+BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol,
+BIO_ADDRINFO_address,
+BIO_lookup
+- BIO_ADDRINFO type and routines
+
+=head1 SYNOPSIS
+
+ #include <sys/types.h>
+ #include <openssl/bio.h>
+
+ typedef union bio_addrinfo_st BIO_ADDRINFO;
+
+ enum BIO_lookup_type {
+     BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+ };
+ int BIO_lookup(const char *node, const char *service,
+                enum BIO_lookup_type lookup_type,
+                int family, int socktype, BIO_ADDRINFO **res);
+
+ const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+ const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+ void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+=head1 DESCRIPTION
+
+The B<BIO_ADDRINFO> type is a wrapper for address information
+types provided on your platform.
+
+B<BIO_ADDRINFO> normally forms a chain of several that can be
+picked at one by one.
+
+BIO_lookup() looks up a specified B<host> and B<service>, and
+uses B<lookup_type> to determine what the default address should
+be if B<host> is B<NULL>.  B<family>, B<socktype> are used to
+determine what protocol family and protocol should be used for
+the lookup.  B<family> can be any of AF_INET, AF_INET6, AF_UNIX and
+AF_UNSPEC, and B<socktype> can be SOCK_STREAM or SOCK_DGRAM.
+B<res> points at a pointer to hold the start of a B<BIO_ADDRINFO>
+chain.
+For the family B<AF_UNIX>, BIO_lookup() will ignore the B<service>
+parameter and expects the B<node> parameter to hold the path to the
+socket file.
+
+BIO_ADDRINFO_family() returns the family of the given
+B<BIO_ADDRINFO>.  The result will be one of the constants
+AF_INET, AF_INET6 and AF_UNIX.
+
+BIO_ADDRINFO_socktype() returns the socket type of the given
+B<BIO_ADDRINFO>.  The result will be one of the constants
+SOCK_STREAM and SOCK_DGRAM.
+
+BIO_ADDRINFO_protocol() returns the protocol id of the given
+B<BIO_ADDRINFO>.  The result will be one of the constants
+IPPROTO_TCP and IPPROTO_UDP.
+
+BIO_ADDRINFO_address() returns the underlying B<BIO_ADDR>
+of the given B<BIO_ADDRINFO>.
+
+BIO_ADDRINFO_next() returns the next B<BIO_ADDRINFO> in the chain
+from the given one.
+
+BIO_ADDRINFO_free() frees the chain of B<BIO_ADDRINFO> starting
+with the given one.
+
+=head1 RETURN VALUES
+
+BIO_lookup() returns 1 on success and 0 when an error occurred, and
+will leave an error indication on the OpenSSL error stack in that case.
+
+All other functions described here return 0 or B<NULL> when the
+information they should return isn't available.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_connect.pod b/openssl-1.1.0h/doc/crypto/BIO_connect.pod
new file mode 100644
index 0000000..5194033
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_connect.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+BIO_socket, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket - BIO
+socket communication setup routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_socket(int domain, int socktype, int protocol, int options);
+ int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+ int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+ int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options);
+ int BIO_closesocket(int sock);
+
+=head1 DESCRIPTION
+
+BIO_socket() creates a socket in the domain B<domain>, of type
+B<socktype> and B<protocol>.  Socket B<options> are currently unused,
+but is present for future use.
+
+BIO_connect() connects B<sock> to the address and service given by
+B<addr>.  Connection B<options> may be zero or any combination of
+B<BIO_SOCK_KEEPALIVE>, B<BIO_SOCK_NONBLOCK> and B<BIO_SOCK_NODELAY>.
+The flags are described in L</FLAGS> below.
+
+BIO_listen() has B<sock> start listening on the address and service
+given by B<addr>.  Connection B<options> may be zero or any
+combination of B<BIO_SOCK_KEEPALIVE>, B<BIO_SOCK_NONBLOCK>,
+B<BIO_SOCK_NODELAY>, B<BIO_SOCK_REUSEADDR> and B<BIO_SOCK_V6_ONLY>.
+The flags are described in L</FLAGS> below.
+
+BIO_accept_ex() waits for an incoming connections on the given
+socket B<accept_sock>.  When it gets a connection, the address and
+port of the peer gets stored in B<peer> if that one is non-NULL.
+Accept B<options> may be zero or B<BIO_SOCK_NONBLOCK>, and is applied
+on the accepted socket.  The flags are described in L</FLAGS> below.
+
+BIO_closesocket() closes B<sock>.
+
+=head1 FLAGS
+
+=over 4
+
+=item BIO_SOCK_KEEPALIVE
+
+Enables regular sending of keep-alive messages.
+
+=item BIO_SOCK_NONBLOCK
+
+Sets the socket to non-blocking mode.
+
+=item BIO_SOCK_NODELAY
+
+Corresponds to B<TCP_NODELAY>, and disables the Nagle algorithm.  With
+this set, any data will be sent as soon as possible instead of being
+buffered until there's enough for the socket to send out in one go.
+
+=item BIO_SOCK_REUSEADDR
+
+Try to reuse the address and port combination for a recently closed
+port.
+
+=item BIO_SOCK_V6_ONLY
+
+When creating an IPv6 socket, make it only listen for IPv6 addresses
+and not IPv4 addresses mapped to IPv6.
+
+=back
+
+These flags are bit flags, so they are to be combined with the
+C<|> operator, for example:
+
+  BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
+
+=head1 RETURN VALUES
+
+BIO_socket() returns the socket number on success or B<INVALID_SOCKET>
+(-1) on error.  When an error has occurred, the OpenSSL error stack
+will hold the error data and errno has the system error.
+
+BIO_connect() and BIO_listen() return 1 on success or 0 on error.
+When an error has occurred, the OpenSSL error stack will hold the error
+data and errno has the system error.
+
+BIO_accept_ex() returns the accepted socket on success or
+B<INVALID_SOCKET> (-1) on error.  When an error has occurred, the
+OpenSSL error stack will hold the error data and errno has the system
+error.
+
+=head1 HISTORY
+
+BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(),
+BIO_get_accept_socket() and BIO_accept() are deprecated since OpenSSL
+1.1.  Use the functions described above instead.
+
+=head1 SEE ALSO
+
+L<BIO_ADDR(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_ctrl.pod b/openssl-1.1.0h/doc/crypto/BIO_ctrl.pod
new file mode 100644
index 0000000..60cd108
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_ctrl.pod
@@ -0,0 +1,136 @@
+=pod
+
+=head1 NAME
+
+BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
+BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
+BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
+- BIO control operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ typedef int BIO_info_cb(BIO *b, int state, int res);
+
+ long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
+ char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+ long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+
+ int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+ int BIO_set_close(BIO *b, long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
+
+ int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
+ int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
+
+=head1 DESCRIPTION
+
+BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
+are BIO "control" operations taking arguments of various types.
+These functions are not normally called directly, various macros
+are used instead. The standard macros are described below, macros
+specific to a particular type of BIO are described in the specific
+BIOs manual page as well as any special features of the standard
+calls.
+
+BIO_reset() typically resets a BIO to some initial state, in the case
+of file related BIOs for example it rewinds the file pointer to the
+start of the file.
+
+BIO_seek() resets a file related BIO's (that is file descriptor and
+FILE BIOs) file position pointer to B<ofs> bytes from start of file.
+
+BIO_tell() returns the current file position of a file related BIO.
+
+BIO_flush() normally writes out any internally buffered data, in some
+cases it is used to signal EOF and that no more data will be written.
+
+BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of
+"EOF" varies according to the BIO type.
+
+BIO_set_close() sets the BIO B<b> close flag to B<flag>. B<flag> can
+take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used
+in a source/sink BIO to indicate that the underlying I/O stream should
+be closed when the BIO is freed.
+
+BIO_get_close() returns the BIOs close flag.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the number of pending characters in the BIOs read and write buffers.
+Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
+return a size_t type and are functions, BIO_pending() and BIO_wpending() are
+macros which call BIO_ctrl().
+
+=head1 RETURN VALUES
+
+BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
+BIOs are an exception, they return 0 for success and -1 for failure.
+
+BIO_seek() and BIO_tell() both return the current file position on success
+and -1 for failure, except file BIOs which for BIO_seek() always return 0
+for success and -1 for failure.
+
+BIO_flush() returns 1 for success and 0 or -1 for failure.
+
+BIO_eof() returns 1 if EOF has been reached 0 otherwise.
+
+BIO_set_close() always returns 1.
+
+BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the amount of pending data.
+
+=head1 NOTES
+
+BIO_flush(), because it can write data may return 0 or -1 indicating
+that the call should be retried later in a similar manner to BIO_write_ex().
+The BIO_should_retry() call should be used and appropriate action taken
+is the call fails.
+
+The return values of BIO_pending() and BIO_wpending() may not reliably
+determine the amount of pending data in all cases. For example in the
+case of a file BIO some data may be available in the FILE structures
+internal buffers but it is not possible to determine this in a
+portably way. For other types of BIO they may not be supported.
+
+Filter BIOs if they do not internally handle a particular BIO_ctrl()
+operation usually pass the operation to the next BIO in the chain.
+This often means there is no need to locate the required BIO for
+a particular operation, it can be called on a chain and it will
+be automatically passed to the relevant BIO. However this can cause
+unexpected results: for example no current filter BIOs implement
+BIO_seek(), but this may still succeed if the chain ends in a FILE
+or file descriptor BIO.
+
+Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl()
+operation.
+
+=head1 BUGS
+
+Some of the return values are ambiguous and care should be taken. In
+particular a return value of 0 can be returned if an operation is not
+supported, if an error occurred, if EOF has not been reached and in
+the case of BIO_seek() on a file BIO for a successful operation.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_base64.pod b/openssl-1.1.0h/doc/crypto/BIO_f_base64.pod
new file mode 100644
index 0000000..19df1dd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_base64.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+BIO_f_base64 - base64 BIO filter
+
+=for comment multiple includes
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ const BIO_METHOD *BIO_f_base64(void);
+
+=head1 DESCRIPTION
+
+BIO_f_base64() returns the base64 BIO method. This is a filter
+BIO that base64 encodes any data written through it and decodes
+any data read through it.
+
+Base64 BIOs do not support BIO_gets() or BIO_puts().
+
+BIO_flush() on a base64 BIO that is being written through is
+used to signal that no more data is to be encoded: this is used
+to flush the final block through the BIO.
+
+The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags()
+to encode the data all on one line or expect the data to be all
+on one line.
+
+=head1 NOTES
+
+Because of the format of base64 encoding the end of the encoded
+block cannot always be reliably determined.
+
+=head1 RETURN VALUES
+
+BIO_f_base64() returns the base64 BIO method.
+
+=head1 EXAMPLES
+
+Base64 encode the string "Hello World\n" and write the result
+to standard output:
+
+ BIO *bio, *b64;
+ char message[] = "Hello World \n";
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
+
+ BIO_free_all(b64);
+
+Read Base64 encoded data from standard input and write the decoded
+data to standard output:
+
+ BIO *bio, *b64, *bio_out;
+ char inbuf[512];
+ int inlen;
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
+        BIO_write(bio_out, inbuf, inlen);
+
+ BIO_flush(bio_out);
+ BIO_free_all(b64);
+
+=head1 BUGS
+
+The ambiguity of EOF in base64 encoded data can cause additional
+data following the base64 encoded block to be misinterpreted.
+
+There should be some way of specifying a test that the BIO can perform
+to reliably determine EOF (for example a MIME boundary).
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_buffer.pod b/openssl-1.1.0h/doc/crypto/BIO_f_buffer.pod
new file mode 100644
index 0000000..3224710
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_buffer.pod
@@ -0,0 +1,92 @@
+=pod
+
+=head1 NAME
+
+BIO_get_buffer_num_lines,
+BIO_set_read_buffer_size,
+BIO_set_write_buffer_size,
+BIO_set_buffer_size,
+BIO_set_buffer_read_data,
+BIO_f_buffer
+- buffering BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_f_buffer(void);
+
+ long BIO_get_buffer_num_lines(BIO *b);
+ long BIO_set_read_buffer_size(BIO *b, long size);
+ long BIO_set_write_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
+
+=head1 DESCRIPTION
+
+BIO_f_buffer() returns the buffering BIO method.
+
+Data written to a buffering BIO is buffered and periodically written
+to the next BIO in the chain. Data read from a buffering BIO comes from
+an internal buffer which is filled from the next BIO in the chain.
+Both BIO_gets() and BIO_puts() are supported.
+
+Calling BIO_reset() on a buffering BIO clears any buffered data.
+
+BIO_get_buffer_num_lines() returns the number of lines currently buffered.
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+set the read, write or both read and write buffer sizes to B<size>. The initial
+buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the
+buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
+when the buffer is resized.
+
+BIO_set_buffer_read_data() clears the read buffer and fills it with B<num>
+bytes of B<buf>. If B<num> is larger than the current buffer size the buffer
+is expanded.
+
+=head1 NOTES
+
+These functions, other than BIO_f_buffer(), are implemented as macros.
+
+Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
+next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
+possible to provide BIO_gets() functionality if the following BIOs do not
+support it (for example SSL BIOs).
+
+Data is only written to the next BIO in the chain when the write buffer fills
+or when BIO_flush() is called. It is therefore important to call BIO_flush()
+whenever any pending data should be written such as when removing a buffering
+BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate
+source/sink BIO is non blocking.
+
+=head1 RETURN VALUES
+
+BIO_f_buffer() returns the buffering BIO method.
+
+BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+return 1 if the buffer was successfully resized or 0 for failure.
+
+BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+L<BIO(3)>,
+L<BIO_reset(3)>,
+L<BIO_flush(3)>,
+L<BIO_pop(3)>,
+L<BIO_ctrl(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_cipher.pod b/openssl-1.1.0h/doc/crypto/BIO_f_cipher.pod
new file mode 100644
index 0000000..87ab3cc
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_cipher.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
+
+=for comment multiple includes
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ const BIO_METHOD *BIO_f_cipher(void);
+ void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+                unsigned char *key, unsigned char *iv, int enc);
+ int BIO_get_cipher_status(BIO *b)
+ int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+
+=head1 DESCRIPTION
+
+BIO_f_cipher() returns the cipher BIO method. This is a filter
+BIO that encrypts any data written through it, and decrypts any data
+read from it. It is a BIO wrapper for the cipher routines
+EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
+
+Cipher BIOs do not support BIO_gets() or BIO_puts().
+
+BIO_flush() on an encryption BIO that is being written through is
+used to signal that no more data is to be encrypted: this is used
+to flush and possibly pad the final block through the BIO.
+
+BIO_set_cipher() sets the cipher of BIO B<b> to B<cipher> using key B<key>
+and IV B<iv>. B<enc> should be set to 1 for encryption and zero for
+decryption.
+
+When reading from an encryption BIO the final block is automatically
+decrypted and checked when EOF is detected. BIO_get_cipher_status()
+is a BIO_ctrl() macro which can be called to determine whether the
+decryption operation was successful.
+
+BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal
+BIO cipher context. The retrieved context can be used in conjunction
+with the standard cipher routines to set it up. This is useful when
+BIO_set_cipher() is not flexible enough for the applications needs.
+
+=head1 NOTES
+
+When encrypting BIO_flush() B<must> be called to flush the final block
+through the BIO. If it is not then the final block will fail a subsequent
+decrypt.
+
+When decrypting an error on the final block is signaled by a zero
+return value from the read operation. A successful decrypt followed
+by EOF will also return zero for the final read. BIO_get_cipher_status()
+should be called to determine if the decrypt was successful.
+
+As always, if BIO_gets() or BIO_puts() support is needed then it can
+be achieved by preceding the cipher BIO with a buffering BIO.
+
+=head1 RETURN VALUES
+
+BIO_f_cipher() returns the cipher BIO method.
+
+BIO_set_cipher() does not return a value.
+
+BIO_get_cipher_status() returns 1 for a successful decrypt and 0
+for failure.
+
+BIO_get_cipher_ctx() currently always returns 1.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_md.pod b/openssl-1.1.0h/doc/crypto/BIO_f_md.pod
new file mode 100644
index 0000000..32f0046
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_md.pod
@@ -0,0 +1,156 @@
+=pod
+
+=head1 NAME
+
+BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
+
+=for comment multiple includes
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ const BIO_METHOD *BIO_f_md(void);
+ int BIO_set_md(BIO *b, EVP_MD *md);
+ int BIO_get_md(BIO *b, EVP_MD **mdp);
+ int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
+
+=head1 DESCRIPTION
+
+BIO_f_md() returns the message digest BIO method. This is a filter
+BIO that digests any data passed through it, it is a BIO wrapper
+for the digest routines EVP_DigestInit(), EVP_DigestUpdate()
+and EVP_DigestFinal().
+
+Any data written or read through a digest BIO using BIO_read() and
+BIO_write() is digested.
+
+BIO_gets(), if its B<size> parameter is large enough finishes the
+digest calculation and returns the digest value. BIO_puts() is
+not supported.
+
+BIO_reset() reinitialises a digest BIO.
+
+BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
+must be called to initialize a digest BIO before any data is
+passed through it. It is a BIO_ctrl() macro.
+
+BIO_get_md() places the a pointer to the digest BIOs digest method
+in B<mdp>, it is a BIO_ctrl() macro.
+
+BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.
+
+=head1 NOTES
+
+The context returned by BIO_get_md_ctx() can be used in calls
+to EVP_DigestFinal() and also the signature routines EVP_SignFinal()
+and EVP_VerifyFinal().
+
+The context returned by BIO_get_md_ctx() is an internal context
+structure. Changes made to this context will affect the digest
+BIO itself and the context pointer will become invalid when the digest
+BIO is freed.
+
+After the digest has been retrieved from a digest BIO it must be
+reinitialized by calling BIO_reset(), or BIO_set_md() before any more
+data is passed through it.
+
+If an application needs to call BIO_gets() or BIO_puts() through
+a chain containing digest BIOs then this can be done by prepending
+a buffering BIO.
+
+Calling BIO_get_md_ctx() will return the context and initialize the BIO
+state. This allows applications to initialize the context externally
+if the standard calls such as BIO_set_md() are not sufficiently flexible.
+
+=head1 RETURN VALUES
+
+BIO_f_md() returns the digest BIO method.
+
+BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and
+0 for failure.
+
+=head1 EXAMPLES
+
+The following example creates a BIO chain containing an SHA1 and MD5
+digest BIO and passes the string "Hello World" through it. Error
+checking has been omitted for clarity.
+
+ BIO *bio, *mdtmp;
+ char message[] = "Hello World";
+ bio = BIO_new(BIO_s_null());
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ /* For BIO_push() we want to append the sink BIO and keep a note of
+  * the start of the chain.
+  */
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ /* Note: mdtmp can now be discarded */
+ BIO_write(bio, message, strlen(message));
+
+The next example digests data by reading through a chain instead:
+
+ BIO *bio, *mdtmp;
+ char buf[1024];
+ int rdlen;
+ bio = BIO_new_file(file, "rb");
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ do {
+        rdlen = BIO_read(bio, buf, sizeof(buf));
+        /* Might want to do something with the data here */
+ } while (rdlen > 0);
+
+This next example retrieves the message digests from a BIO chain and
+outputs them. This could be used with the examples above.
+
+ BIO *mdtmp;
+ unsigned char mdbuf[EVP_MAX_MD_SIZE];
+ int mdlen;
+ int i;
+ mdtmp = bio;   /* Assume bio has previously been set up */
+ do {
+        EVP_MD *md;
+        mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+        if (!mdtmp) break;
+        BIO_get_md(mdtmp, &md);
+        printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+        mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+        for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+        printf("\n");
+        mdtmp = BIO_next(mdtmp);
+ } while (mdtmp);
+
+ BIO_free_all(bio);
+
+=head1 BUGS
+
+The lack of support for BIO_puts() and the non standard behaviour of
+BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets()
+and BIO_puts() should be passed to the next BIO in the chain and digest
+the data passed through and that digests should be retrieved using a
+separate BIO_ctrl() call.
+
+=head1 HISTORY
+
+Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the
+BIO was initialized first.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_null.pod b/openssl-1.1.0h/doc/crypto/BIO_f_null.pod
new file mode 100644
index 0000000..c4e4c66
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_null.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+BIO_f_null - null filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *     BIO_f_null(void);
+
+=head1 DESCRIPTION
+
+BIO_f_null() returns the null filter BIO method. This is a filter BIO
+that does nothing.
+
+All requests to a null filter BIO are passed through to the next BIO in
+the chain: this means that a BIO chain containing a null filter BIO
+behaves just as though the BIO was not there.
+
+=head1 NOTES
+
+As may be apparent a null filter BIO is not particularly useful.
+
+=head1 RETURN VALUES
+
+BIO_f_null() returns the null filter BIO method.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_f_ssl.pod b/openssl-1.1.0h/doc/crypto/BIO_f_ssl.pod
new file mode 100644
index 0000000..3f9635e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_f_ssl.pod
@@ -0,0 +1,298 @@
+=pod
+
+=head1 NAME
+
+BIO_do_handshake,
+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode,
+BIO_set_ssl_renegotiate_bytes,
+BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
+BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
+BIO_ssl_shutdown - SSL BIO
+
+=for comment multiple includes
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/ssl.h>
+
+ const BIO_METHOD *BIO_f_ssl(void);
+
+ long BIO_set_ssl(BIO *b, SSL *ssl, long c);
+ long BIO_get_ssl(BIO *b, SSL **sslp);
+ long BIO_set_ssl_mode(BIO *b, long client);
+ long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
+ long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
+ long BIO_get_num_renegotiates(BIO *b);
+
+ BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+ BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+ int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+ void BIO_ssl_shutdown(BIO *bio);
+
+ long BIO_do_handshake(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
+is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
+SSL I/O.
+
+I/O performed on an SSL BIO communicates using the SSL protocol with
+the SSLs read and write BIOs. If an SSL connection is not established
+then an attempt is made to establish one on the first I/O call.
+
+If a BIO is appended to an SSL BIO using BIO_push() it is automatically
+used as the SSL BIOs read and write BIOs.
+
+Calling BIO_reset() on an SSL BIO closes down any current SSL connection
+by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in
+the chain: this will typically disconnect the underlying transport.
+The SSL BIO is then reset to the initial accept or connect state.
+
+If the close flag is set when an SSL BIO is freed then the internal
+SSL structure is also freed using SSL_free().
+
+BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
+the close flag B<c>.
+
+BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
+manipulated using the standard SSL library functions.
+
+BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
+is 1 client mode is set. If B<client> is 0 server mode is set.
+
+BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
+to B<num>. When set after every B<num> bytes of I/O (read and write)
+the SSL session is automatically renegotiated. B<num> must be at
+least 512 bytes.
+
+BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
+B<seconds>. When the renegotiate timeout elapses the session is
+automatically renegotiated.
+
+BIO_get_num_renegotiates() returns the total number of session
+renegotiations due to I/O or timeout.
+
+BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
+client mode if B<client> is non zero.
+
+BIO_new_ssl_connect() creates a new BIO chain consisting of an
+SSL BIO (using B<ctx>) followed by a connect BIO.
+
+BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
+of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
+BIO.
+
+BIO_ssl_copy_session_id() copies an SSL session id between
+BIO chains B<from> and B<to>. It does this by locating the
+SSL BIOs in each chain and calling SSL_copy_session_id() on
+the internal SSL pointer.
+
+BIO_ssl_shutdown() closes down an SSL connection on BIO
+chain B<bio>. It does this by locating the SSL BIO in the
+chain and calling SSL_shutdown() on its internal SSL
+pointer.
+
+BIO_do_handshake() attempts to complete an SSL handshake on the
+supplied BIO and establish the SSL connection. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried. If an SSL connection has
+already been established this call has no effect.
+
+=head1 NOTES
+
+SSL BIOs are exceptional in that if the underlying transport
+is non blocking they can still request a retry in exceptional
+circumstances. Specifically this will happen if a session
+renegotiation takes place during a BIO_read() operation, one
+case where this happens is when step up occurs.
+
+The SSL flag SSL_AUTO_RETRY can be
+set to disable this behaviour. That is when this flag is set
+an SSL BIO using a blocking transport will never request a
+retry.
+
+Since unknown BIO_ctrl() operations are sent through filter
+BIOs the servers name and port can be set using BIO_set_host()
+on the BIO returned by BIO_new_ssl_connect() without having
+to locate the connect BIO first.
+
+Applications do not have to call BIO_do_handshake() but may wish
+to do so to separate the handshake process from other I/O
+processing.
+
+BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(),
+BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(),
+BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.
+
+=head1 EXAMPLE
+
+This SSL/TLS client example, attempts to retrieve a page from an
+SSL/TLS web server. The I/O routines are identical to those of the
+unencrypted example in L<BIO_s_connect(3)>.
+
+ BIO *sbio, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ /* XXX Seed the PRNG if needed. */
+
+ ctx = SSL_CTX_new(TLS_client_method());
+
+ /* XXX Set verify paths and mode here. */
+
+ sbio = BIO_new_ssl_connect(ctx);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ /* XXX We might want to do other things with ssl here */
+
+ /* An empty host part means the loopback address */
+ BIO_set_conn_hostname(sbio, ":https");
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(sbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ if (BIO_do_handshake(sbio) <= 0) {
+        fprintf(stderr, "Error establishing SSL connection\n");
+        ERR_print_errors_fp(stderr);
+        exit(1);
+ }
+
+ /* XXX Could examine ssl here to get connection info */
+
+ BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+ for ( ; ; ) {
+     len = BIO_read(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free_all(sbio);
+ BIO_free(out);
+
+Here is a simple server example. It makes use of a buffering
+BIO to allow lines to be read from the SSL BIO using BIO_gets.
+It creates a pseudo web page containing the actual request from
+a client and also echoes the request to standard output.
+
+ BIO *sbio, *bbio, *acpt, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ /* XXX Seed the PRNG if needed. */
+
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_check_private_key(ctx)) {
+     fprintf(stderr, "Error setting up SSL_CTX\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ /* XXX Other things like set verify locations, EDH temp callbacks. */
+
+ /* New SSL BIO setup as server */
+ sbio = BIO_new_ssl(ctx, 0);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ bbio = BIO_new(BIO_f_buffer());
+ sbio = BIO_push(bbio, sbio);
+ acpt = BIO_new_accept("4433");
+
+ /*
+  * By doing this when a new connection is established
+  * we automatically have sbio inserted into it. The
+  * BIO chain is now 'swallowed' by the accept BIO and
+  * will be freed when the accept BIO is freed.
+  */
+ BIO_set_accept_bios(acpt, sbio);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ /* Setup accept BIO */
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error setting up accept BIO\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error in connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ /* We only want one connection so remove and free accept BIO */
+ sbio = BIO_pop(acpt);
+ BIO_free_all(acpt);
+
+ if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error in SSL handshake\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+
+ for ( ; ; ) {
+     len = BIO_gets(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(sbio, tmpbuf, len);
+     BIO_write(out, tmpbuf, len);
+     /* Look for blank line signifying end of headers*/
+     if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+         break;
+ }
+
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+ BIO_puts(sbio, "\r\n");
+ BIO_flush(sbio);
+ BIO_free_all(sbio);
+
+=head1 BUGS
+
+In OpenSSL versions before 1.0.0 the BIO_pop() call was handled incorrectly,
+the I/O BIO reference count was incorrectly incremented (instead of
+decremented) and dissociated with the SSL BIO even if the SSL BIO was not
+explicitly being popped (e.g. a pop higher up the chain). Applications which
+included workarounds for this bug (e.g. freeing BIOs more than once) should
+be modified to handle this fix or they may free up an already freed BIO.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_find_type.pod b/openssl-1.1.0h/doc/crypto/BIO_find_type.pod
new file mode 100644
index 0000000..ff7b488
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_find_type.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *BIO_find_type(BIO *b, int bio_type);
+ BIO *BIO_next(BIO *b);
+ int BIO_method_type(const BIO *b);
+
+=head1 DESCRIPTION
+
+The BIO_find_type() searches for a BIO of a given type in a chain, starting
+at BIO B<b>. If B<type> is a specific type (such as B<BIO_TYPE_MEM>) then a search
+is made for a BIO of that type. If B<type> is a general type (such as
+B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
+searched for. BIO_find_type() returns the next matching BIO or NULL if none is
+found.
+
+The following general types are defined:
+B<BIO_TYPE_DESCRIPTOR>, B<BIO_TYPE_FILTER>, and B<BIO_TYPE_SOURCE_SINK>.
+
+For a list of the specific types, see the B<openssl/bio.h> header file.
+
+BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
+certain type.
+
+BIO_method_type() returns the type of a BIO.
+
+=head1 RETURN VALUES
+
+BIO_find_type() returns a matching BIO or NULL for no match.
+
+BIO_next() returns the next BIO in a chain.
+
+BIO_method_type() returns the type of the BIO B<b>.
+
+=head1 EXAMPLE
+
+Traverse a chain looking for digest BIOs:
+
+ BIO *btmp;
+ btmp = in_bio; /* in_bio is chain to search through */
+
+ do {
+        btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+        if (btmp == NULL) break; /* Not found */
+        /* btmp is a digest BIO, do something with it ...*/
+        ...
+
+        btmp = BIO_next(btmp);
+ } while (btmp);
+
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_get_data.pod b/openssl-1.1.0h/doc/crypto/BIO_get_data.pod
new file mode 100644
index 0000000..c3137c4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_get_data.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown,
+BIO_get_shutdown - functions for managing BIO state information
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ void BIO_set_data(BIO *a, void *ptr);
+ void *BIO_get_data(BIO *a);
+ void BIO_set_init(BIO *a, int init);
+ int BIO_get_init(BIO *a);
+ void BIO_set_shutdown(BIO *a, int shut);
+ int BIO_get_shutdown(BIO *a);
+
+=head1 DESCRIPTION
+
+These functions are mainly useful when implementing a custom BIO.
+
+The BIO_set_data() function associates the custom data pointed to by B<ptr> with
+the BIO. This data can subsequently be retrieved via a call to BIO_get_data().
+This can be used by custom BIOs for storing implementation specific information.
+
+The BIO_set_init() function sets the value of the BIO's "init" flag to indicate
+whether initialisation has been completed for this BIO or not. A non-zero value
+indicates that initialisation is complete, whilst zero indicates that it is not.
+Often initialisation will complete during initial construction of the BIO. For
+some BIOs however, initialisation may not complete until after additional steps
+have occurred (for example through calling custom ctrls). The BIO_get_init()
+function returns the value of the "init" flag.
+
+The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of
+this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource
+is also closed when the BIO is freed.
+
+=head1 RETURN VALUES
+
+BIO_get_data() returns a pointer to the implementation specific custom data
+associated with this BIO, or NULL if none has been set.
+
+BIO_get_init() returns the state of the BIO's init flag.
+
+BIO_get_shutdown() returns the stat of the BIO's shutdown (i.e. BIO_CLOSE) flag.
+
+=head1 SEE ALSO
+
+L<bio>, L<BIO_meth_new>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_get_ex_new_index.pod b/openssl-1.1.0h/doc/crypto/BIO_get_ex_new_index.pod
new file mode 100644
index 0000000..9cf20c2
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_get_ex_new_index.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data,
+ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data,
+UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data,
+X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data,
+X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data,
+X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data,
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data,
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data,
+ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data,
+EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
+- application-specific data
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int TYPE_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
+
+ void *TYPE_get_ex_data(TYPE *d, int idx);
+
+=head1 DESCRIPTION
+
+In the description here, I<TYPE> is used a placeholder
+for any of the OpenSSL datatypes listed in
+L<CRYPTO_get_ex_new_index(3)>.
+
+These functions handle application-specific data for OpenSSL data
+structures.
+
+TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index()
+with the correct B<index> value.
+
+TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with
+an offset into the opaque exdata part of the TYPE object.
+
+TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with an
+an offset into the opaque exdata part of the TYPE object.
+
+=head1 SEE ALSO
+
+L<CRYPTO_get_ex_new_index(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_meth_new.pod b/openssl-1.1.0h/doc/crypto/BIO_meth_new.pod
new file mode 100644
index 0000000..f682c37
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_meth_new.pod
@@ -0,0 +1,131 @@
+=pod
+
+=head1 NAME
+
+BIO_get_new_index,
+BIO_meth_new, BIO_meth_free, BIO_meth_get_write, BIO_meth_set_write,
+BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts,
+BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl,
+BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy,
+BIO_meth_set_destroy, BIO_meth_get_callback_ctrl,
+BIO_meth_set_callback_ctrl - Routines to build up BIO methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_get_new_index(void);
+ BIO_METHOD *BIO_meth_new(int type, const char *name);
+ void BIO_meth_free(BIO_METHOD *biom);
+ int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int);
+ int BIO_meth_set_write(BIO_METHOD *biom,
+                        int (*write) (BIO *, const char *, int));
+ int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int);
+ int BIO_meth_set_read(BIO_METHOD *biom,
+                       int (*read) (BIO *, char *, int));
+ int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *);
+ int BIO_meth_set_puts(BIO_METHOD *biom,
+                       int (*puts) (BIO *, const char *));
+ int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int);
+ int BIO_meth_set_gets(BIO_METHOD *biom,
+                       int (*gets) (BIO *, char *, int));
+ long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *);
+ int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                       long (*ctrl) (BIO *, int, long, void *));
+ int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *);
+ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+ int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *);
+ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+ long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))
+                                  (BIO *, int, BIO_info_cb *);
+ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                                long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *));
+
+=head1 DESCRIPTION
+
+The B<BIO_METHOD> type is a structure used for the implementation of new BIO
+types. It provides a set of of functions used by OpenSSL for the implementation
+of the various BIO capabilities. See the L<bio> page for more information.
+
+BIO_meth_new() creates a new B<BIO_METHOD> structure. It should be given a
+unique integer B<type> and a string that represents its B<name>.
+Use BIO_get_new_index() to get the value for B<type>.
+
+The set of
+standard OpenSSL provided BIO types is provided in B<bio.h>. Some examples
+include B<BIO_TYPE_BUFFER> and B<BIO_TYPE_CIPHER>. Filter BIOs should have a
+type which have the "filter" bit set (B<BIO_TYPE_FILTER>). Source/sink BIOs
+should have the "source/sink" bit set (B<BIO_TYPE_SOURCE_SINK>). File descriptor
+based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the
+"descriptor" bit set (B<BIO_TYPE_DESCRIPTOR>). See the L<BIO_find_type> page for
+more information.
+
+BIO_meth_free() destroys a B<BIO_METHOD> structure and frees up any memory
+associated with it.
+
+BIO_meth_get_write() and BIO_meth_set_write() get and set the function used for
+writing arbitrary length data to the BIO respectively. This function will be
+called in response to the application calling BIO_write(). The parameters for
+the function have the same meaning as for BIO_write().
+
+BIO_meth_get_read() and BIO_meth_set_read() get and set the function used for
+reading arbitrary length data from the BIO respectively. This function will be
+called in response to the application calling BIO_read(). The parameters for the
+function have the same meaning as for BIO_read().
+
+BIO_meth_get_puts() and BIO_meth_set_puts() get and set the function used for
+writing a NULL terminated string to the BIO respectively. This function will be
+called in response to the application calling BIO_puts(). The parameters for
+the function have the same meaning as for BIO_puts().
+
+BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically
+used for reading a line of data from the BIO respectively (see the L<BIO_gets(3)>
+page for more information). This function will be called in response to the
+application calling BIO_gets(). The parameters for the function have the same
+meaning as for BIO_gets().
+
+BIO_meth_get_ctrl() and BIO_meth_set_ctrl() get and set the function used for
+processing ctrl messages in the BIO respectively. See the L<BIO_ctrl> page for
+more information. This function will be called in response to the application
+calling BIO_ctrl(). The parameters for the function have the same meaning as for
+BIO_ctrl().
+
+BIO_meth_get_create() and BIO_meth_set_create() get and set the function used
+for creating a new instance of the BIO respectively. This function will be
+called in response to the application calling BIO_new() and passing
+in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the
+memory for the new BIO, and a pointer to this newly allocated structure will
+be passed as a parameter to the function.
+
+BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used
+for destroying an instance of a BIO respectively. This function will be
+called in response to the application calling BIO_free(). A pointer to the BIO
+to be destroyed is passed as a parameter. The destroy function should be used
+for BIO specific clean up. The memory for the BIO itself should not be freed by
+this function.
+
+BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the
+function used for processing callback ctrl messages in the BIO respectively. See
+the L<BIO_callback_ctrl(3)> page for more information. This function will be called
+in response to the application calling BIO_callback_ctrl(). The parameters for
+the function have the same meaning as for BIO_callback_ctrl().
+
+=head1 SEE ALSO
+
+L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L<BIO_read>, L<BIO_new>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_new.pod b/openssl-1.1.0h/doc/crypto/BIO_new.pod
new file mode 100644
index 0000000..006cf59
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_new.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all,
+BIO_set - BIO allocation and freeing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *  BIO_new(const BIO_METHOD *type);
+ int    BIO_set(BIO *a, const BIO_METHOD *type);
+ int    BIO_up_ref(BIO *a);
+ int    BIO_free(BIO *a);
+ void   BIO_vfree(BIO *a);
+ void   BIO_free_all(BIO *a);
+
+=head1 DESCRIPTION
+
+The BIO_new() function returns a new BIO using method B<type>.
+
+BIO_up_ref() increments the reference count associated with the BIO object.
+
+BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
+but it does not return a value.
+If B<a> is NULL nothing is done.
+Calling BIO_free() may also have some effect
+on the underlying I/O structure, for example it may close the file being
+referred to under certain circumstances. For more details see the individual
+BIO_METHOD descriptions.
+
+BIO_free_all() frees up an entire BIO chain, it does not halt if an error
+occurs freeing up an individual BIO in the chain.
+If B<a> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+BIO_new() returns a newly created BIO or NULL if the call fails.
+
+BIO_set(), BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.
+
+BIO_free_all() and BIO_vfree() do not return values.
+
+=head1 NOTES
+
+If BIO_free() is called on a BIO chain it will only free one BIO resulting
+in a memory leak.
+
+Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free()
+on it other than the discarded return value.
+
+=head1 HISTORY
+
+BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.
+
+=head1 EXAMPLE
+
+Create a memory BIO:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_new_CMS.pod b/openssl-1.1.0h/doc/crypto/BIO_new_CMS.pod
new file mode 100644
index 0000000..b06c224
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_new_CMS.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+BIO_new_CMS - CMS streaming filter BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+
+=head1 DESCRIPTION
+
+BIO_new_CMS() returns a streaming filter BIO chain based on B<cms>. The output
+of the filter is written to B<out>. Any data written to the chain is
+automatically translated to a BER format CMS structure of the appropriate type.
+
+=head1 NOTES
+
+The chain returned by this function behaves like a standard filter BIO. It
+supports non blocking I/O. Content is processed and streamed on the fly and not
+all held in memory at once: so it is possible to encode very large structures.
+After all content has been written through the chain BIO_flush() must be called
+to finalise the structure.
+
+The B<CMS_STREAM> flag must be included in the corresponding B<flags>
+parameter of the B<cms> creation function.
+
+If an application wishes to write additional data to B<out> BIOs should be
+removed from the chain using BIO_pop() and freed with BIO_free() until B<out>
+is reached. If no additional data needs to be written BIO_free_all() can be
+called to free up the whole chain.
+
+Any content written through the filter is used verbatim: no canonical
+translation is performed.
+
+It is possible to chain multiple BIOs to, for example, create a triple wrapped
+signed, enveloped, signed structure. In this case it is the applications
+responsibility to set the inner content type of any outer CMS_ContentInfo
+structures.
+
+Large numbers of small writes through the chain should be avoided as this will
+produce an output consisting of lots of OCTET STRING structures. Prepending
+a BIO_f_buffer() buffering BIO will prevent this.
+
+=head1 BUGS
+
+There is currently no corresponding inverse BIO: i.e. one which can decode
+a CMS structure on the fly.
+
+=head1 RETURN VALUES
+
+BIO_new_CMS() returns a BIO chain when successful or NULL if an error
+occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_encrypt(3)>
+
+=head1 HISTORY
+
+BIO_new_CMS() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_parse_hostserv.pod b/openssl-1.1.0h/doc/crypto/BIO_parse_hostserv.pod
new file mode 100644
index 0000000..426e4de
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_parse_hostserv.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+BIO_hostserv_priorities,
+BIO_parse_hostserv
+- utility routines to parse a standard host and service string
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ enum BIO_hostserv_priorities {
+     BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+ };
+ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                        enum BIO_hostserv_priorities hostserv_prio);
+
+=head1 DESCRIPTION
+
+BIO_parse_hostserv() will parse the information given in B<hostserv>,
+create strings with the host name and service name and give those
+back via B<host> and B<service>.  Those will need to be freed after
+they are used.  B<hostserv_prio> helps determine if B<hostserv> shall
+be interpreted primarily as a host name or a service name in ambiguous
+cases.
+
+The syntax the BIO_parse_hostserv() recognises is:
+
+ host + ':' + service
+ host + ':' + '*'
+ host + ':'
+        ':' + service
+ '*'  + ':' + service
+ host
+ service
+
+The host part can be a name or an IP address.  If it's a IPv6
+address, it MUST be enclosed in brackets, such as '[::1]'.
+
+The service part can  be a service name or its port number.
+
+The returned values will depend on the given B<hostserv> string
+and B<hostserv_prio>, as follows:
+
+ host + ':' + service  => *host = "host", *service = "service"
+ host + ':' + '*'      => *host = "host", *service = NULL
+ host + ':'            => *host = "host", *service = NULL
+        ':' + service  => *host = NULL, *service = "service"
+  '*' + ':' + service  => *host = NULL, *service = "service"
+
+ in case no ':' is present in the string, the result depends on
+ hostserv_prio, as follows:
+
+ when hostserv_prio == BIO_PARSE_PRIO_HOST
+ host                 => *host = "host", *service untouched
+
+ when hostserv_prio == BIO_PARSE_PRIO_SERV
+ service              => *host untouched, *service = "service"
+
+=head1 SEE ALSO
+
+L<BIO_ADDRINFO(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_printf.pod b/openssl-1.1.0h/doc/crypto/BIO_printf.pod
new file mode 100644
index 0000000..8045b64
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_printf.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf
+- formatted output to a BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_printf(BIO *bio, const char *format, ...)
+ int BIO_vprintf(BIO *bio, const char *format, va_list args)
+
+ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+
+=head1 DESCRIPTION
+
+BIO_printf() is similar to the standard C printf() function, except that
+the output is sent to the specified BIO, B<bio>, rather than standard
+output.  All common format specifiers are supported.
+
+BIO_vprintf() is similar to the vprintf() function found on many platforms,
+the output is sent to the specified BIO, B<bio>, rather than standard
+output.  All common format specifiers are supported. The argument
+list B<args> is a stdarg argument list.
+
+BIO_snprintf() is for platforms that do not have the common snprintf()
+function. It is like sprintf() except that the size parameter, B<n>,
+specifies the size of the output buffer.
+
+BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf().
+
+=head1 RETURN VALUES
+
+All functions return the number of bytes written, or -1 on error.
+For BIO_snprintf() and BIO_vsnprintf() this includes when the output
+buffer is too small.
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_push.pod b/openssl-1.1.0h/doc/crypto/BIO_push.pod
new file mode 100644
index 0000000..ce56db9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_push.pod
@@ -0,0 +1,89 @@
+=pod
+
+=head1 NAME
+
+BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *BIO_push(BIO *b, BIO *append);
+ BIO *BIO_pop(BIO *b);
+ void BIO_set_next(BIO *b, BIO *next);
+
+=head1 DESCRIPTION
+
+The BIO_push() function appends the BIO B<append> to B<b>, it returns
+B<b>.
+
+BIO_pop() removes the BIO B<b> from a chain and returns the next BIO
+in the chain, or NULL if there is no next BIO. The removed BIO then
+becomes a single BIO with no association with the original chain,
+it can thus be freed or attached to a different chain.
+
+BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to
+by B<next>. The new chain may include some of the same BIOs from the old chain
+or it may be completely different.
+
+=head1 NOTES
+
+The names of these functions are perhaps a little misleading. BIO_push()
+joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain,
+the deleted BIO does not need to be at the end of a chain.
+
+The process of calling BIO_push() and BIO_pop() on a BIO may have additional
+consequences (a control call is made to the affected BIOs) any effects will
+be noted in the descriptions of individual BIOs.
+
+=head1 EXAMPLES
+
+For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is
+a base64 BIO and B<f> is a file BIO.
+
+If the call:
+
+ BIO_push(b64, f);
+
+is made then the new chain will be B<b64-f>. After making the calls
+
+ BIO_push(md2, b64);
+ BIO_push(md1, md2);
+
+the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
+by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
+
+It should be noted that reading causes data to pass in the reverse
+direction, that is data is read from B<f>, base64 B<decoded> and digested
+by B<md1> and B<md2>. If the call:
+
+ BIO_pop(md2);
+
+The call will return B<b64> and the new chain will be B<md1-b64-f> data can
+be written to B<md1> as before.
+
+=head1 RETURN VALUES
+
+BIO_push() returns the end of the chain, B<b>.
+
+BIO_pop() returns the next BIO in the chain, or NULL if there is no next
+BIO.
+
+=head1 SEE ALSO
+
+L<bio>
+
+=head1 HISTORY
+
+The BIO_set_next() function was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_read.pod b/openssl-1.1.0h/doc/crypto/BIO_read.pod
new file mode 100644
index 0000000..45871c1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_read.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int    BIO_read(BIO *b, void *buf, int len);
+ int    BIO_gets(BIO *b, char *buf, int size);
+ int    BIO_write(BIO *b, const void *buf, int len);
+ int    BIO_puts(BIO *b, const char *buf);
+
+=head1 DESCRIPTION
+
+BIO_read() attempts to read B<len> bytes from BIO B<b> and places
+the data in B<buf>.
+
+BIO_gets() performs the BIOs "gets" operation and places the data
+in B<buf>. Usually this operation will attempt to read a line of data
+from the BIO of maximum length B<len-1>. There are exceptions to this,
+however; for example, BIO_gets() on a digest BIO will calculate and
+return the digest and other BIOs may not support BIO_gets() at all.
+The returned string is always NUL-terminated.
+
+BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
+
+BIO_puts() attempts to write a NUL-terminated string B<buf> to BIO B<b>.
+
+=head1 RETURN VALUES
+
+All these functions return either the amount of data successfully read or
+written (if the return value is positive) or that no data was successfully
+read or written if the result is 0 or -1. If the return value is -2 then
+the operation is not implemented in the specific BIO type.  The trailing
+NUL is not included in the length returned by BIO_gets().
+
+=head1 NOTES
+
+A 0 or -1 return is not necessarily an indication of an error. In
+particular when the source/sink is non-blocking or of a certain type
+it may merely be an indication that no data is currently available and that
+the application should retry the operation later.
+
+One technique sometimes used with blocking sockets is to use a system call
+(such as select(), poll() or equivalent) to determine when data is available
+and then call read() to read the data. The equivalent with BIOs (that is call
+select() on the underlying I/O structure and then call BIO_read() to
+read the data) should B<not> be used because a single call to BIO_read()
+can cause several reads (and writes in the case of SSL BIOs) on the underlying
+I/O structure and may block as a result. Instead select() (or equivalent)
+should be combined with non blocking I/O so successive reads will request
+a retry instead of blocking.
+
+See L<BIO_should_retry(3)> for details of how to
+determine the cause of a retry and other I/O issues.
+
+If the BIO_gets() function is not supported by a BIO then it possible to
+work around this by adding a buffering BIO L<BIO_f_buffer(3)>
+to the chain.
+
+=head1 SEE ALSO
+
+L<BIO_should_retry(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_accept.pod b/openssl-1.1.0h/doc/crypto/BIO_s_accept.pod
new file mode 100644
index 0000000..ce9995d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_accept.pod
@@ -0,0 +1,222 @@
+=pod
+
+=head1 NAME
+
+BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name,
+BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios,
+BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_s_accept(void);
+
+ long BIO_set_accept_name(BIO *b, char *name);
+ char *BIO_get_accept_name(BIO *b);
+
+ long BIO_set_accept_port(BIO *b, char *port);
+ char *BIO_get_accept_port(BIO *b);
+
+ BIO *BIO_new_accept(char *host_port);
+
+ long BIO_set_nbio_accept(BIO *b, int n);
+ long BIO_set_accept_bios(BIO *b, char *bio);
+
+ long BIO_set_bind_mode(BIO *b, long mode);
+ long BIO_get_bind_mode(BIO *b);
+
+ int BIO_do_accept(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_accept() returns the accept BIO method. This is a wrapper
+round the platform's TCP/IP socket accept routines.
+
+Using accept BIOs, TCP/IP connections can be accepted and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on an accept BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port (see below) is set up properly then the BIO
+waits for an incoming connection.
+
+Accept BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on an accept BIO then any active
+connection on that chain is shutdown and the socket closed when
+the BIO is freed.
+
+Calling BIO_reset() on an accept BIO will close any active
+connection and reset the BIO into a state where it awaits another
+incoming connection.
+
+BIO_get_fd() and BIO_set_fd() can be called to retrieve or set
+the accept socket. See L<BIO_s_fd(3)>
+
+BIO_set_accept_name() uses the string B<name> to set the accept
+name. The name is represented as a string of the form "host:port",
+where "host" is the interface to use and "port" is the port.
+The host can be "*" or empty which is interpreted as meaning
+any interface.  If the host is an IPv6 address, it has to be
+enclosed in brackets, for example "[::1]:https".  "port" has the
+same syntax as the port specified in BIO_set_conn_port() for
+connect BIOs, that is it can be a numerical port string or a
+string to lookup using getservbyname() and a string table.
+
+BIO_set_accept_port() uses the string B<port> to set the accept
+port.  "port" has the same syntax as the port specified in
+BIO_set_conn_port() for connect BIOs, that is it can be a numerical
+port string or a string to lookup using getservbyname() and a string
+table.
+
+BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into
+a single call: that is it creates a new accept BIO with port
+B<host_port>.
+
+BIO_set_nbio_accept() sets the accept socket to blocking mode
+(the default) if B<n> is 0 or non blocking mode if B<n> is 1.
+
+BIO_set_accept_bios() can be used to set a chain of BIOs which
+will be duplicated and prepended to the chain when an incoming
+connection is received. This is useful if, for example, a
+buffering or SSL BIO is required for each connection. The
+chain of BIOs must not be freed after this call, they will
+be automatically freed when the accept BIO is freed.
+
+BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
+the current bind mode. If B<BIO_BIND_NORMAL> (the default) is set
+then another socket cannot be bound to the same port. If
+B<BIO_BIND_REUSEADDR> is set then other sockets can bind to the
+same port. If B<BIO_BIND_REUSEADDR_IF_UNUSED> is set then and
+attempt is first made to use BIO_BIN_NORMAL, if this fails
+and the port is not in use then a second attempt is made
+using B<BIO_BIND_REUSEADDR>.
+
+BIO_do_accept() serves two functions. When it is first
+called, after the accept BIO has been setup, it will attempt
+to create the accept socket and bind an address to it. Second
+and subsequent calls to BIO_do_accept() will await an incoming
+connection, or request a retry in non blocking mode.
+
+=head1 NOTES
+
+When an accept BIO is at the end of a chain it will await an
+incoming connection before processing I/O calls. When an accept
+BIO is not at then end of a chain it passes I/O calls to the next
+BIO in the chain.
+
+When a connection is established a new socket BIO is created for
+the connection and appended to the chain. That is the chain is now
+accept->socket. This effectively means that attempting I/O on
+an initial accept socket will await an incoming connection then
+perform I/O on it.
+
+If any additional BIOs have been set using BIO_set_accept_bios()
+then they are placed between the socket and the accept BIO,
+that is the chain will be accept->otherbios->socket.
+
+If a server wishes to process multiple connections (as is normally
+the case) then the accept BIO must be made available for further
+incoming connections. This can be done by waiting for a connection and
+then calling:
+
+ connection = BIO_pop(accept);
+
+After this call B<connection> will contain a BIO for the recently
+established connection and B<accept> will now be a single BIO
+again which can be used to await further incoming connections.
+If no further connections will be accepted the B<accept> can
+be freed using BIO_free().
+
+If only a single connection will be processed it is possible to
+perform I/O using the accept BIO itself. This is often undesirable
+however because the accept BIO will still accept additional incoming
+connections. This can be resolved by using BIO_pop() (see above)
+and freeing up the accept BIO after the initial connection.
+
+If the underlying accept socket is non-blocking and BIO_do_accept() is
+called to await an incoming connection it is possible for
+BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens
+then it is an indication that an accept attempt would block: the application
+should take appropriate action to wait until the underlying socket has
+accepted a connection and retry the call.
+
+BIO_set_accept_name(), BIO_get_accept_name(), BIO_set_accept_port(),
+BIO_get_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(),
+BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.
+
+=head1 RETURN VALUES
+
+BIO_do_accept(),
+BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(),
+BIO_set_accept_bios(), and BIO_set_bind_mode(), return 1 for success and 0 or
+-1 for failure.
+
+BIO_get_accept_name() returns the accept name or NULL on error.
+
+BIO_get_accept_port() returns the port as a string or NULL on error.
+
+BIO_get_bind_mode() returns the set of B<BIO_BIND> flags, or -1 on failure.
+
+BIO_new_accept() returns a BIO or NULL on error.
+
+=head1 EXAMPLE
+
+This example accepts two connections on port 4444, sends messages
+down each and finally closes both down.
+
+ BIO *abio, *cbio, *cbio2;
+
+ /* First call to BIO_accept() sets up accept BIO */
+ abio = BIO_new_accept("4444");
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error setting up accept\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+
+ /* Wait for incoming connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 1 established\n");
+
+ /* Retrieve BIO for connection */
+ cbio = BIO_pop(abio);
+ BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+ fprintf(stderr, "Sent out data on connection 1\n");
+
+ /* Wait for another connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 2 established\n");
+
+ /* Close accept BIO to refuse further connections */
+ cbio2 = BIO_pop(abio);
+ BIO_free(abio);
+ BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+ fprintf(stderr, "Sent out data on connection 2\n");
+
+ BIO_puts(cbio, "Connection 1: Second connection established\n");
+
+ /* Close the two established connections */
+ BIO_free(cbio);
+ BIO_free(cbio2);
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_bio.pod b/openssl-1.1.0h/doc/crypto/BIO_s_bio.pod
new file mode 100644
index 0000000..cb46546
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_bio.pod
@@ -0,0 +1,201 @@
+=pod
+
+=head1 NAME
+
+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
+BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
+BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
+BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_s_bio(void);
+
+ int BIO_make_bio_pair(BIO *b1, BIO *b2);
+ int BIO_destroy_bio_pair(BIO *b);
+ int BIO_shutdown_wr(BIO *b);
+
+
+ int BIO_set_write_buf_size(BIO *b, long size);
+ size_t BIO_get_write_buf_size(BIO *b, long size);
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+ int BIO_get_write_guarantee(BIO *b);
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+ int BIO_get_read_request(BIO *b);
+ size_t BIO_ctrl_get_read_request(BIO *b);
+ int BIO_ctrl_reset_read_request(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
+BIOs where data written to either half of the pair is buffered and can be read from
+the other half. Both halves must usually by handled by the same application thread
+since no locking is done on the internal data structures.
+
+Since BIO chains typically end in a source/sink BIO it is possible to make this
+one half of a BIO pair and have all the data processed by the chain under application
+control.
+
+One typical use of BIO pairs is to place TLS/SSL I/O under application control, this
+can be used when the application wishes to use a non standard transport for
+TLS/SSL or the normal socket routines are inappropriate.
+
+Calls to BIO_read() will read data from the buffer or request a retry if no
+data is available.
+
+Calls to BIO_write() will place data in the buffer or request a retry if the
+buffer is full.
+
+The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to
+determine the amount of pending data in the read or write buffer.
+
+BIO_reset() clears any data in the write buffer.
+
+BIO_make_bio_pair() joins two separate BIOs into a connected pair.
+
+BIO_destroy_pair() destroys the association between two connected BIOs. Freeing
+up any half of the pair will automatically destroy the association.
+
+BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
+writes on BIO B<b> are allowed (they will return an error). Reads on the other
+half of the pair will return any pending data or EOF when all pending data has
+been read.
+
+BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
+If the size is not initialized a default value is used. This is currently
+17K, sufficient for a maximum size TLS record.
+
+BIO_get_write_buf_size() returns the size of the write buffer.
+
+BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
+BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
+with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
+zero then the default size is used.  BIO_new_bio_pair() does not check whether
+B<bio1> or B<bio2> do point to some other BIO, the values are overwritten,
+BIO_free() is not called.
+
+BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
+length of data that can be currently written to the BIO. Writes larger than this
+value will return a value from BIO_write() less than the amount requested or if the
+buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function
+whereas BIO_get_write_guarantee() is a macro.
+
+BIO_get_read_request() and BIO_ctrl_get_read_request() return the
+amount of data requested, or the buffer size if it is less, if the
+last read attempt at the other half of the BIO pair failed due to an
+empty buffer.  This can be used to determine how much data should be
+written to the BIO so the next read will succeed: this is most useful
+in TLS/SSL applications where the amount of data read is usually
+meaningful rather than just a buffer size. After a successful read
+this call will return zero.  It also will return zero once new data
+has been written satisfying the read request or part of it.
+Note that BIO_get_read_request() never returns an amount larger
+than that returned by BIO_get_write_guarantee().
+
+BIO_ctrl_reset_read_request() can also be used to reset the value returned by
+BIO_get_read_request() to zero.
+
+=head1 NOTES
+
+Both halves of a BIO pair should be freed. That is even if one half is implicit
+freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.
+
+When used in bidirectional applications (such as TLS/SSL) care should be taken to
+flush any data in the write buffer. This can be done by calling BIO_pending()
+on the other half of the pair and, if any data is pending, reading it and sending
+it to the underlying transport. This must be done before any normal processing
+(such as calling select() ) due to a request and BIO_should_read() being true.
+
+To see why this is important consider a case where a request is sent using
+BIO_write() and a response read with BIO_read(), this can occur during an
+TLS/SSL handshake for example. BIO_write() will succeed and place data in the write
+buffer. BIO_read() will initially fail and BIO_should_read() will be true. If
+the application then waits for data to be available on the underlying transport
+before flushing the write buffer it will never succeed because the request was
+never sent!
+
+BIO_eof() is true if no data is in the peer BIO and the peer BIO has been
+shutdown.
+
+BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(),
+BIO_set_write_buf_size(), BIO_get_write_buf_size(),
+BIO_get_write_guarantee(), and BIO_get_read_request() are implemented
+as macros.
+
+=head1 RETURN VALUES
+
+BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
+B<bio1> and B<bio2>, or 0 on failure, with NULL pointers stored into the
+locations for B<bio1> and B<bio2>. Check the error stack for more information.
+
+[XXXXX: More return values need to be added here]
+
+=head1 EXAMPLE
+
+The BIO pair can be used to have full control over the network access of an
+application. The application can call select() on the socket as required
+without having to go through the SSL-interface.
+
+ BIO *internal_bio, *network_bio;
+ ...
+ BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations(); //e.g SSL_read and SSL_write
+ ...
+
+ application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+             |   BIO-pair (network_bio)
+             |     ||     /\
+             |     \/     ||
+    +-----------< BIO_operations()
+    |        |
+    |        |
+   socket
+
+  ...
+  SSL_free(ssl);                /* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
+
+As the BIO pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+
+Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
+and must be transferred to the network. Use BIO_ctrl_get_read_request() to
+find out, how many bytes must be written into the buffer before the
+SSL_operation() can successfully be continued.
+
+=head1 WARNING
+
+As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of SSL_operation() but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)>, L<ssl(3)>, L<bio(3)>,
+L<BIO_should_retry(3)>, L<BIO_read(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_connect.pod b/openssl-1.1.0h/doc/crypto/BIO_s_connect.pod
new file mode 100644
index 0000000..2143acd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_connect.pod
@@ -0,0 +1,200 @@
+=pod
+
+=head1 NAME
+
+BIO_set_conn_address, BIO_get_conn_address,
+BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_get_conn_hostname,
+BIO_get_conn_port,
+BIO_set_nbio, BIO_do_connect - connect BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD * BIO_s_connect(void);
+
+ BIO *BIO_new_connect(char *name);
+
+ long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_address(BIO *b, BIO_ADDR *addr);
+ const char *BIO_get_conn_hostname(BIO *b);
+ const char *BIO_get_conn_port(BIO *b);
+ const BIO_ADDR *BIO_get_conn_address(BIO *b);
+
+ long BIO_set_nbio(BIO *b, long n);
+
+ int BIO_do_connect(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_connect() returns the connect BIO method. This is a wrapper
+round the platform's TCP/IP socket connection routines.
+
+Using connect BIOs, TCP/IP connections can be made and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on a connect BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port and hostname (see below) is set up properly then
+a connection is established first.
+
+Connect BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on a connect BIO then any active
+connection is shutdown and the socket closed when the BIO
+is freed.
+
+Calling BIO_reset() on a connect BIO will close any active
+connection and reset the BIO into a state where it can connect
+to the same host again.
+
+BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
+it also returns the socket . If B<c> is not NULL it should be of
+type (int *).
+
+BIO_set_conn_hostname() uses the string B<name> to set the hostname.
+The hostname can be an IP address; if the address is an IPv6 one, it
+must be enclosed with brackets. The hostname can also include the
+port in the form hostname:port.
+
+BIO_set_conn_port() sets the port to B<port>. B<port> can be the
+numerical form or a string such as "http". A string will be looked
+up first using getservbyname() on the host platform but if that
+fails a standard table of port names will be used. This internal
+list is http, telnet, socks, https, ssl, ftp, and gopher.
+
+BIO_set_conn_address() sets the address and port information using
+a BIO_ADDR(3ssl).
+
+BIO_get_conn_hostname() returns the hostname of the connect BIO or
+NULL if the BIO is initialized but no hostname is set.
+This return value is an internal pointer which should not be modified.
+
+BIO_get_conn_port() returns the port as a string.
+This return value is an internal pointer which should not be modified.
+
+BIO_get_conn_address() returns the address information as a BIO_ADDR.
+This return value is an internal pointer which should not be modified.
+
+BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
+zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
+is set. Blocking I/O is the default. The call to BIO_set_nbio()
+should be made before the connection is established because
+non blocking I/O is set during the connect process.
+
+BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
+a single call: that is it creates a new connect BIO with B<name>.
+
+BIO_do_connect() attempts to connect the supplied BIO. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried.
+
+=head1 NOTES
+
+If blocking I/O is set then a non positive return value from any
+I/O call is caused by an error condition, although a zero return
+will normally mean that the connection was closed.
+
+If the port name is supplied as part of the host name then this will
+override any value set with BIO_set_conn_port(). This may be undesirable
+if the application does not wish to allow connection to arbitrary
+ports. This can be avoided by checking for the presence of the ':'
+character in the passed hostname and either indicating an error or
+truncating the string at that point.
+
+The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
+connection attempt is made. Before any connection attempt the values
+returned are those set by the application itself.
+
+Applications do not have to call BIO_do_connect() but may wish to do
+so to separate the connection process from other I/O processing.
+
+If non blocking I/O is set then retries will be requested as appropriate.
+
+It addition to BIO_should_read() and BIO_should_write() it is also
+possible for BIO_should_io_special() to be true during the initial
+connection process with the reason BIO_RR_CONNECT. If this is returned
+then this is an indication that a connection attempt would block,
+the application should then take appropriate action to wait until
+the underlying socket has connected and retry the call.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
+BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
+BIO_do_connect() are macros.
+
+=head1 RETURN VALUES
+
+BIO_s_connect() returns the connect BIO method.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not
+been initialized.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
+BIO_set_conn_int_port() always return 1.
+
+BIO_get_conn_hostname() returns the connected hostname or NULL is
+none was set.
+
+BIO_get_conn_port() returns a string representing the connected
+port or NULL if not set.
+
+BIO_get_conn_ip() returns a pointer to the connected IP address in
+binary form or all zeros if not set.
+
+BIO_get_conn_int_port() returns the connected port or 0 if none was
+set.
+
+BIO_set_nbio() always returns 1.
+
+BIO_do_connect() returns 1 if the connection was successfully
+established and 0 or -1 if the connection failed.
+
+=head1 EXAMPLE
+
+This is example connects to a webserver on the local host and attempts
+to retrieve a page and copy the result to standard output.
+
+
+ BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
+
+ cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(cbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for ( ; ; ) {
+     len = BIO_read(cbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
+
+
+=head1 SEE ALSO
+
+L<BIO_ADDR(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_fd.pod b/openssl-1.1.0h/doc/crypto/BIO_s_fd.pod
new file mode 100644
index 0000000..79c4a59
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_fd.pod
@@ -0,0 +1,98 @@
+=pod
+
+=head1 NAME
+
+BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_s_fd(void);
+
+ int BIO_set_fd(BIO *b, int fd, int c);
+ int BIO_get_fd(BIO *b, int *c);
+
+ BIO *BIO_new_fd(int fd, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_fd() returns the file descriptor BIO method. This is a wrapper
+round the platforms file descriptor routines such as read() and write().
+
+BIO_read() and BIO_write() read or write the underlying descriptor.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then close() is called on the underlying
+file descriptor when the BIO is freed.
+
+BIO_reset() attempts to change the file pointer to the start of file
+such as by using B<lseek(fd, 0, 0)>.
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+such as by using B<lseek(fd, ofs, 0)>.
+
+BIO_tell() returns the current file position such as by calling
+B<lseek(fd, 0, 1)>.
+
+BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
+flag to B<c>.
+
+BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
+returns the file descriptor.
+
+BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
+
+=head1 NOTES
+
+The behaviour of BIO_read() and BIO_write() depends on the behavior of the
+platforms read() and write() calls on the descriptor. If the underlying
+file descriptor is in a non blocking mode then the BIO will behave in the
+manner described in the L<BIO_read(3)> and L<BIO_should_retry(3)>
+manual pages.
+
+File descriptor BIOs should not be used for socket I/O. Use socket BIOs
+instead.
+
+BIO_set_fd() and BIO_get_fd() are implemented as macros.
+
+=head1 RETURN VALUES
+
+BIO_s_fd() returns the file descriptor BIO method.
+
+BIO_set_fd() always returns 1.
+
+BIO_get_fd() returns the file descriptor or -1 if the BIO has not
+been initialized.
+
+BIO_new_fd() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 EXAMPLE
+
+This is a file descriptor BIO version of "Hello World":
+
+ BIO *out;
+
+ out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)>, L<BIO_tell(3)>,
+L<BIO_reset(3)>, L<BIO_read(3)>,
+L<BIO_write(3)>, L<BIO_puts(3)>,
+L<BIO_gets(3)>, L<BIO_printf(3)>,
+L<BIO_set_close(3)>, L<BIO_get_close(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_file.pod b/openssl-1.1.0h/doc/crypto/BIO_s_file.pod
new file mode 100644
index 0000000..e19d824
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_file.pod
@@ -0,0 +1,159 @@
+=pod
+
+=head1 NAME
+
+BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+BIO_read_filename, BIO_write_filename, BIO_append_filename,
+BIO_rw_filename - FILE bio
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *     BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int flags);
+
+ BIO_set_fp(BIO *b, FILE *fp, int flags);
+ BIO_get_fp(BIO *b, FILE **fpp);
+
+ int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+ int BIO_append_filename(BIO *b, char *name)
+ int BIO_rw_filename(BIO *b, char *name)
+
+=head1 DESCRIPTION
+
+BIO_s_file() returns the BIO file method. As its name implies it
+is a wrapper round the stdio FILE structure and it is a
+source/sink BIO.
+
+Calls to BIO_read() and BIO_write() read and write data to the
+underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
+
+BIO_flush() on a file BIO calls the fflush() function on the wrapped
+stream.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using fseek(stream, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using fseek(stream, ofs, 0).
+
+BIO_eof() calls feof().
+
+Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
+is freed.
+
+BIO_new_file() creates a new file BIO with mode B<mode> the meaning
+of B<mode> is the same as the stdio function fopen(). The BIO_CLOSE
+flag is set on the returned BIO.
+
+BIO_new_fp() creates a file BIO wrapping B<stream>. Flags can be:
+BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying
+stream to text mode, default is binary: this only has any effect under
+Win32).
+
+BIO_set_fp() set the fp of a file BIO to B<fp>. B<flags> has the same
+meaning as in BIO_new_fp(), it is a macro.
+
+BIO_get_fp() retrieves the fp of a file BIO, it is a macro.
+
+BIO_seek() is a macro that sets the position pointer to B<offset> bytes
+from the start of file.
+
+BIO_tell() returns the value of the position pointer.
+
+BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
+BIO_rw_filename() set the file BIO B<b> to use file B<name> for
+reading, writing, append or read write respectively.
+
+=head1 NOTES
+
+When wrapping stdout, stdin or stderr the underlying stream should not
+normally be closed so the BIO_NOCLOSE flag should be set.
+
+Because the file BIO calls the underlying stdio functions any quirks
+in stdio behaviour will be mirrored by the corresponding BIO.
+
+On Windows BIO_new_files reserves for the filename argument to be
+UTF-8 encoded. In other words if you have to make it work in multi-
+lingual environment, encode file names in UTF-8.
+
+=head1 EXAMPLES
+
+File BIO "hello world":
+
+ BIO *bio_out;
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_printf(bio_out, "Hello World\n");
+
+Alternative technique:
+
+ BIO *bio_out;
+ bio_out = BIO_new(BIO_s_file());
+ if (bio_out == NULL) /* Error ... */
+ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+ BIO_printf(bio_out, "Hello World\n");
+
+Write to a file:
+
+ BIO *out;
+ out = BIO_new_file("filename.txt", "w");
+ if (!out) /* Error occurred */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+Alternative technique:
+
+ BIO *out;
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) /* Error ... */
+ if (!BIO_write_filename(out, "filename.txt")) /* Error ... */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 RETURN VALUES
+
+BIO_s_file() returns the file BIO method.
+
+BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
+occurred.
+
+BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
+(although the current implementation never return 0).
+
+BIO_seek() returns the same value as the underlying fseek() function:
+0 for success or -1 for failure.
+
+BIO_tell() returns the current file position.
+
+BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
+BIO_rw_filename() return 1 for success or 0 for failure.
+
+=head1 BUGS
+
+BIO_reset() and BIO_seek() are implemented using fseek() on the underlying
+stream. The return value for fseek() is 0 for success or -1 if an error
+occurred this differs from other types of BIO which will typically return
+1 for success and a non positive value if an error occurred.
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)>, L<BIO_tell(3)>,
+L<BIO_reset(3)>, L<BIO_flush(3)>,
+L<BIO_read(3)>,
+L<BIO_write(3)>, L<BIO_puts(3)>,
+L<BIO_gets(3)>, L<BIO_printf(3)>,
+L<BIO_set_close(3)>, L<BIO_get_close(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_mem.pod b/openssl-1.1.0h/doc/crypto/BIO_s_mem.pod
new file mode 100644
index 0000000..eb67cbe
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_mem.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+BIO_s_secmem,
+BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *     BIO_s_mem(void);
+ const BIO_METHOD *     BIO_s_secmem(void);
+
+ BIO_set_mem_eof_return(BIO *b, int v)
+ long BIO_get_mem_data(BIO *b, char **pp)
+ BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
+ BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
+
+ BIO *BIO_new_mem_buf(const void *buf, int len);
+
+=head1 DESCRIPTION
+
+BIO_s_mem() return the memory BIO method function.
+
+A memory BIO is a source/sink BIO which uses memory for its I/O. Data
+written to a memory BIO is stored in a BUF_MEM structure which is extended
+as appropriate to accommodate the stored data.
+
+BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used
+for buffer storage.
+
+Any data written to a memory BIO can be recalled by reading from it.
+Unless the memory BIO is read only any data read from it is deleted from
+the BIO.
+
+Memory BIOs support BIO_gets() and BIO_puts().
+
+If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying
+BUF_MEM structure is also freed.
+
+Calling BIO_reset() on a read write memory BIO clears any data in it if the
+flag BIO_FLAGS_NONCLEAR_RST is not set. On a read only BIO or if the flag
+BIO_FLAGS_NONCLEAR_RST is set it restores the BIO to its original state and
+the data can be read again.
+
+BIO_eof() is true if no data is in the BIO.
+
+BIO_ctrl_pending() returns the number of bytes currently stored.
+
+BIO_set_mem_eof_return() sets the behaviour of memory BIO B<b> when it is
+empty. If the B<v> is zero then an empty memory BIO will return EOF (that is
+it will return zero and BIO_should_retry(b) will be false. If B<v> is non
+zero then it will return B<v> when it is empty and it will set the read retry
+flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
+positive return value B<v> should be set to a negative value, typically -1.
+
+BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data
+and returns the total amount of data available. It is implemented as a macro.
+
+BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
+close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
+It is a macro.
+
+BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B<pp>. It is
+a macro.
+
+BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
+if B<len> is -1 then the B<buf> is assumed to be nul terminated and its
+length is determined by B<strlen>. The BIO is set to a read only state and
+as a result cannot be written to. This is useful when some data needs to be
+made available from a static area of memory in the form of a BIO. The
+supplied data is read directly from the supplied buffer: it is B<not> copied
+first, so the supplied area of memory must be unchanged until the BIO is freed.
+
+=head1 NOTES
+
+Writes to memory BIOs will always succeed if memory is available: that is
+their size can grow indefinitely.
+
+Every read from a read write memory BIO will remove the data just read with
+an internal copy operation, if a BIO contains a lot of data and it is
+read in small chunks the operation can be very slow. The use of a read only
+memory BIO avoids this problem. If the BIO must be read write then adding
+a buffering BIO to the chain will speed up the process.
+
+Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will
+give undefined results, including perhaps a program crash.
+
+=head1 BUGS
+
+There should be an option to set the maximum size of a memory BIO.
+
+=head1 EXAMPLE
+
+Create a memory BIO and write some data to it:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem, "Hello World\n");
+
+Create a read only memory BIO:
+
+ char data[] = "Hello World";
+ BIO *mem;
+ mem = BIO_new_mem_buf(data, -1);
+
+Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
+
+ BUF_MEM *bptr;
+ BIO_get_mem_ptr(mem, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+ BIO_free(mem);
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_null.pod b/openssl-1.1.0h/doc/crypto/BIO_s_null.pod
new file mode 100644
index 0000000..5a1d84d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_null.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+BIO_s_null - null data sink
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *     BIO_s_null(void);
+
+=head1 DESCRIPTION
+
+BIO_s_null() returns the null sink BIO method. Data written to
+the null sink is discarded, reads return EOF.
+
+=head1 NOTES
+
+A null sink BIO behaves in a similar manner to the Unix /dev/null
+device.
+
+A null bio can be placed on the end of a chain to discard any data
+passed through it.
+
+A null sink is useful if, for example, an application wishes to digest some
+data by writing through a digest bio but not send the digested data anywhere.
+Since a BIO chain must normally include a source/sink BIO this can be achieved
+by adding a null sink BIO to the end of the chain
+
+=head1 RETURN VALUES
+
+BIO_s_null() returns the null sink BIO method.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_s_socket.pod b/openssl-1.1.0h/doc/crypto/BIO_s_socket.pod
new file mode 100644
index 0000000..ad0574a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_s_socket.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+BIO_s_socket, BIO_new_socket - socket BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_s_socket(void);
+
+ BIO *BIO_new_socket(int sock, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_socket() returns the socket BIO method. This is a wrapper
+round the platform's socket routines.
+
+BIO_read() and BIO_write() read or write the underlying socket.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then the socket is shut down and closed
+when the BIO is freed.
+
+BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
+
+=head1 NOTES
+
+Socket BIOs also support any relevant functionality of file descriptor
+BIOs.
+
+The reason for having separate file descriptor and socket BIOs is that on some
+platforms sockets are not file descriptors and use distinct I/O routines,
+Windows is one such platform. Any code mixing the two will not work on
+all platforms.
+
+=head1 RETURN VALUES
+
+BIO_s_socket() returns the socket BIO method.
+
+BIO_new_socket() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_set_callback.pod b/openssl-1.1.0h/doc/crypto/BIO_set_callback.pod
new file mode 100644
index 0000000..27aa4f4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_set_callback.pod
@@ -0,0 +1,221 @@
+=pod
+
+=head1 NAME
+
+BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback,
+BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback,
+BIO_callback_fn_ex, BIO_callback_fn
+- BIO callback functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                    size_t len, int argi,
+                                    long argl, int ret, size_t *processed);
+ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                 long argl, long ret);
+
+ void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+ BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+
+ void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+ BIO_callback_fn BIO_get_callback(BIO *b);
+ void BIO_set_callback_arg(BIO *b, char *arg);
+ char *BIO_get_callback_arg(const BIO *b);
+
+ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                         long argl, long ret);
+
+=head1 DESCRIPTION
+
+BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO
+callback. The callback is called during most high level BIO operations. It can
+be used for debugging purposes to trace operations on a BIO or to modify its
+operation.
+
+BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO
+callback. New code should not use these functions, but they are retained for
+backwards compatibility. Any callback set via BIO_set_callback_ex() will get
+called in preference to any set by BIO_set_callback().
+
+BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
+used to set and retrieve an argument for use in the callback.
+
+BIO_debug_callback() is a standard debugging callback which prints
+out information relating to each BIO operation. If the callback
+argument is set it is interpreted as a BIO to send the information
+to, otherwise stderr is used.
+
+BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn()
+is the type of the old format callback function. The meaning of each argument
+is described below:
+
+=over 4
+
+=item B<b>
+
+The BIO the callback is attached to is passed in B<b>.
+
+=item B<oper>
+
+B<oper> is set to the operation being performed. For some operations
+the callback is called twice, once before and once after the actual
+operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
+
+=item B<len>
+
+The length of the data requested to be read or written. This is only useful if
+B<oper> is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.
+
+=item B<argp> B<argi> B<argl>
+
+The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
+the value of B<oper>, that is the operation being performed.
+
+=item B<processed>
+
+B<processed> is a pointer to a location which will be updated with the amount of
+data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE,
+BIO_CB_GETS and BIO_CB_PUTS.
+
+=item B<ret>
+
+B<ret> is the return value that would be returned to the
+application if no callback were present. The actual value returned
+is the return value of the callback itself. In the case of callbacks
+called before the actual BIO operation 1 is placed in B<ret>, if
+the return value is not positive it will be immediately returned to
+the application and the BIO operation will not be performed.
+
+=back
+
+The callback should normally simply return B<ret> when it has
+finished processing, unless it specifically wishes to modify the
+value returned to the application.
+
+=head1 CALLBACK OPERATIONS
+
+In the notes below, B<callback> defers to the actual callback
+function that is called.
+
+=over 4
+
+=item B<BIO_free(b)>
+
+ callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
+
+or
+
+ callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
+
+is called before the free operation.
+
+=item B<BIO_read_ex(b, data, dlen, readbytes)>
+
+ callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, readbytes)
+
+or
+
+ callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
+
+is called before the read and
+
+ callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, readbytes)
+
+or
+
+ callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+
+after.
+
+=item B<BIO_write(b, data, dlen, written)>
+
+ callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, written)
+
+or
+
+ callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
+
+is called before the write and
+
+ callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, written)
+
+or
+
+ callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+
+after.
+
+=item B<BIO_gets(b, buf, size)>
+
+ callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
+
+or
+
+ callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
+
+is called before the operation and
+
+ callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, readbytes)
+
+or
+
+ callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
+
+after.
+
+=item B<BIO_puts(b, buf)>
+
+ callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+
+or
+
+ callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
+
+is called before the operation and
+
+ callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, written)
+
+or
+
+ callback(b, BIO_CB_WRITE|BIO_CB_RETURN, buf, 0, 0L, retvalue)
+
+after.
+
+=item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
+
+ callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
+
+or
+
+ callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
+
+is called before the call and
+
+ callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
+
+or
+
+ callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
+
+after.
+
+=back
+
+=head1 EXAMPLE
+
+The BIO_debug_callback() function is a good example, its source is
+in crypto/bio/bio_cb.c
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BIO_should_retry.pod b/openssl-1.1.0h/doc/crypto/BIO_should_retry.pod
new file mode 100644
index 0000000..d01d5bb
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BIO_should_retry.pod
@@ -0,0 +1,132 @@
+=pod
+
+=head1 NAME
+
+BIO_should_read, BIO_should_write,
+BIO_should_io_special, BIO_retry_type, BIO_should_retry,
+BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_should_read(BIO *b);
+ int BIO_should_write(BIO *b);
+ int BIO_should_io_special(iBIO *b);
+ int BIO_retry_type(BIO *b);
+ int BIO_should_retry(BIO *b);
+
+ BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+ int BIO_get_retry_reason(BIO *bio);
+ void BIO_set_retry_reason(BIO *bio, int reason);
+
+=head1 DESCRIPTION
+
+These functions determine why a BIO is not able to read or write data.
+They will typically be called after a failed BIO_read() or BIO_write()
+call.
+
+BIO_should_retry() is true if the call that produced this condition
+should then be retried at a later time.
+
+If BIO_should_retry() is false then the cause is an error condition.
+
+BIO_should_read() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_write() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_io_special() is true if some "special" condition, that is a
+reason other than reading or writing is the cause of the condition.
+
+BIO_retry_type() returns a mask of the cause of a retry condition
+consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
+B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
+these.
+
+BIO_get_retry_BIO() determines the precise reason for the special
+condition, it returns the BIO that caused this condition and if
+B<reason> is not NULL it contains the reason code. The meaning of
+the reason code and the action that should be taken depends on
+the type of BIO that resulted in this condition.
+
+BIO_get_retry_reason() returns the reason for a special condition if
+passed the relevant BIO, for example as returned by BIO_get_retry_BIO().
+
+BIO_set_retry_reason() sets the retry reason for a special condition for a given
+BIO. This would usually only be called by BIO implementations.
+
+=head1 NOTES
+
+BIO_should_read(), BIO_should_write(), BIO_should_io_special(),
+BIO_retry_type(), and BIO_should_retry(), are implemented as macros.
+
+If BIO_should_retry() returns false then the precise "error condition"
+depends on the BIO type that caused it and the return code of the BIO
+operation. For example if a call to BIO_read() on a socket BIO returns
+0 and BIO_should_retry() is false then the cause will be that the
+connection closed. A similar condition on a file BIO will mean that it
+has reached EOF. Some BIO types may place additional information on
+the error queue. For more details see the individual BIO type manual
+pages.
+
+If the underlying I/O structure is in a blocking mode almost all current
+BIO types will not request a retry, because the underlying I/O
+calls will not. If the application knows that the BIO type will never
+signal a retry then it need not call BIO_should_retry() after a failed
+BIO I/O call. This is typically done with file BIOs.
+
+SSL BIOs are the only current exception to this rule: they can request a
+retry even if the underlying I/O structure is blocking, if a handshake
+occurs during a call to BIO_read(). An application can retry the failed
+call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY
+on the underlying SSL structure.
+
+While an application may retry a failed non blocking call immediately
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.
+
+For example if the cause is ultimately a socket and BIO_should_read()
+is true then a call to select() may be made to wait until data is
+available and then retry the BIO operation. By combining the retry
+conditions of several non blocking BIOs in a single select() call
+it is possible to service several BIOs in a single thread, though
+the performance may be poor if SSL BIOs are present because long delays
+can occur during the initial handshake process.
+
+It is possible for a BIO to block indefinitely if the underlying I/O
+structure cannot process or return any data. This depends on the behaviour of
+the platforms I/O functions. This is often not desirable: one solution
+is to use non blocking I/O and use a timeout on the select() (or
+equivalent) call.
+
+=head1 BUGS
+
+The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O:
+that is they cannot retry after a partial read or write. This is usually
+worked around by only passing the relevant data to ASN1 functions when
+the entire structure can be read or written.
+
+=head1 SEE ALSO
+
+L<bio>
+
+=head1 HISTORY
+
+The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in
+OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_BLINDING_new.pod b/openssl-1.1.0h/doc/crypto/BN_BLINDING_new.pod
new file mode 100644
index 0000000..4229e75
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_BLINDING_new.pod
@@ -0,0 +1,122 @@
+=pod
+
+=head1 NAME
+
+BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
+BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
+BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread,
+BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags,
+BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+        BIGNUM *mod);
+ void BN_BLINDING_free(BN_BLINDING *b);
+ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+        BN_CTX *ctx);
+ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+        BN_CTX *ctx);
+ int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+ void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+ int BN_BLINDING_lock(BN_BLINDING *b);
+ int BN_BLINDING_unlock(BN_BLINDING *b);
+ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+        BN_MONT_CTX *m_ctx);
+
+=head1 DESCRIPTION
+
+BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies
+the B<A> and B<Ai> values into the newly created B<BN_BLINDING> object.
+
+BN_BLINDING_free() frees the B<BN_BLINDING> structure.
+If B<b> is NULL, nothing is done.
+
+BN_BLINDING_update() updates the B<BN_BLINDING> parameters by squaring
+the B<A> and B<Ai> or, after specific number of uses and if the
+necessary parameters are set, by re-creating the blinding parameters.
+
+BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
+If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
+returned in B<r> (this is useful if a B<RSA> object is shared among
+several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
+inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
+the inverse blinding.
+
+BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper
+functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex()
+with B<r> set to NULL.
+
+BN_BLINDING_is_current_thread() returns whether the B<BN_BLINDING>
+structure is owned by the current thread. This is to help users
+provide proper locking if needed for multi-threaded use.
+
+BN_BLINDING_set_current_thread() sets the current thread as the
+owner of the B<BN_BLINDING> structure.
+
+BN_BLINDING_lock() locks the B<BN_BLINDING> structure.
+
+BN_BLINDING_unlock() unlocks the B<BN_BLINDING> structure.
+
+BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently
+there are two supported flags: B<BN_BLINDING_NO_UPDATE> and
+B<BN_BLINDING_NO_RECREATE>. B<BN_BLINDING_NO_UPDATE> inhibits the
+automatic update of the B<BN_BLINDING> parameters after each use
+and B<BN_BLINDING_NO_RECREATE> inhibits the automatic re-creation
+of the B<BN_BLINDING> parameters after a fixed number of uses (currently
+32). In newly allocated B<BN_BLINDING> objects no flags are set.
+BN_BLINDING_set_flags() sets the B<BN_BLINDING> parameters flags.
+
+BN_BLINDING_create_param() creates new B<BN_BLINDING> parameters
+using the exponent B<e> and the modulus B<m>. B<bn_mod_exp> and
+B<m_ctx> can be used to pass special functions for exponentiation
+(normally BN_mod_exp_mont() and B<BN_MONT_CTX>).
+
+=head1 RETURN VALUES
+
+BN_BLINDING_new() returns the newly allocated B<BN_BLINDING> structure
+or NULL in case of an error.
+
+BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
+BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
+success and 0 if an error occurred.
+
+BN_BLINDING_is_current_thread() returns 1 if the current thread owns
+the B<BN_BLINDING> object, 0 otherwise.
+
+BN_BLINDING_set_current_thread() doesn't return anything.
+
+BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation
+succeeded or 0 on error.
+
+BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
+(a B<unsigned long> value).
+
+BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
+parameters or NULL on error.
+
+=head1 HISTORY
+
+BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it
+deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().
+
+=head1 COPYRIGHT
+
+Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_CTX_new.pod b/openssl-1.1.0h/doc/crypto/BN_CTX_new.pod
new file mode 100644
index 0000000..623fcd5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_CTX_new.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_CTX *BN_CTX_new(void);
+
+ BN_CTX *BN_CTX_secure_new(void);
+
+ void BN_CTX_free(BN_CTX *c);
+
+=head1 DESCRIPTION
+
+A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
+library functions. Since dynamic memory allocation to create B<BIGNUM>s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the B<BN_CTX> structure is used.
+
+BN_CTX_new() allocates and initializes a B<BN_CTX> structure.
+BN_CTX_secure_new() allocates and initializes a B<BN_CTX> structure
+but uses the secure heap (see L<CRYPTO_secure_malloc(3)>) to hold the
+B<BIGNUM>s.
+
+BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
+created by BN_CTX_new(), also the structure itself.
+If L<BN_CTX_start(3)> has been used on the B<BN_CTX>,
+L<BN_CTX_end(3)> must be called before the B<BN_CTX>
+may be freed by BN_CTX_free().
+If B<c> is NULL, nothing is done.
+
+=head1 RETURN VALUES
+
+BN_CTX_new() and BN_CTX_secure_new() return a pointer to the B<BN_CTX>.
+If the allocation fails,
+they return B<NULL> and sets an error code that can be obtained by
+L<ERR_get_error(3)>.
+
+BN_CTX_free() has no return values.
+
+=head1 REMOVED FUNCTIONALITY
+
+ void BN_CTX_init(BN_CTX *c);
+
+BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should
+replace use of BN_CTX_init with BN_CTX_new instead:
+
+ BN_CTX *ctx;
+ ctx = BN_CTX_new();
+ if(!ctx) /* Handle error */
+ ...
+ BN_CTX_free(ctx);
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_add(3)>,
+L<BN_CTX_start(3)>
+
+=head1 HISTORY
+
+BN_CTX_init() was removed in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_CTX_start.pod b/openssl-1.1.0h/doc/crypto/BN_CTX_start.pod
new file mode 100644
index 0000000..372da50
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_CTX_start.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_CTX_start(BN_CTX *ctx);
+
+ BIGNUM *BN_CTX_get(BN_CTX *ctx);
+
+ void BN_CTX_end(BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions are used to obtain temporary B<BIGNUM> variables from
+a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)>)
+in order to save the overhead of repeatedly creating and
+freeing B<BIGNUM>s in functions that are called from inside a loop.
+
+A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
+called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
+calls must be made before calling any other functions that use the
+B<ctx> as an argument.
+
+Finally, BN_CTX_end() must be called before returning from the function.
+When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
+BN_CTX_get() become invalid.
+
+=head1 RETURN VALUES
+
+BN_CTX_start() and BN_CTX_end() return no values.
+
+BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
+Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
+as well, so it is sufficient to check the return value of the last
+BN_CTX_get() call. In case of an error, an error code is set, which
+can be obtained by L<ERR_get_error(3)>.
+
+
+=head1 SEE ALSO
+
+L<BN_CTX_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_add.pod b/openssl-1.1.0h/doc/crypto/BN_add.pod
new file mode 100644
index 0000000..db3b0d4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_add.pod
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
+arithmetic operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+         BN_CTX *ctx);
+
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+         const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
+
+BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
+
+BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
+For multiplication by powers of 2, use L<BN_lshift(3)>.
+
+BN_sqr() takes the square of I<a> and places the result in I<r>
+(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
+This function is faster than BN_mul(r,a,a).
+
+BN_div() divides I<a> by I<d> and places the result in I<dv> and the
+remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
+be B<NULL>, in which case the respective value is not returned.
+The result is rounded towards zero; thus if I<a> is negative, the
+remainder will be zero or negative.
+For division by powers of 2, use BN_rshift(3).
+
+BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
+
+BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
+remainder in I<r>.
+
+BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
+result in I<r>.
+
+BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
+non-negative result in I<r>.
+
+BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
+remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
+the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
+repeated computations using the same modulus, see
+L<BN_mod_mul_montgomery(3)> and
+L<BN_mod_mul_reciprocal(3)>.
+
+BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
+result in I<r>.
+
+BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
+(C<r=a^p>). This function is faster than repeated applications of
+BN_mul().
+
+BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
+m>). This function uses less time and space than BN_exp().
+
+BN_gcd() computes the greatest common divisor of I<a> and I<b> and
+places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
+I<b>.
+
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables; see L<BN_CTX_new(3)>.
+
+Unless noted otherwise, the result B<BIGNUM> must be different from
+the arguments.
+
+=head1 RETURN VALUES
+
+For all functions, 1 is returned for success, 0 on error. The return
+value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_CTX_new(3)>,
+L<BN_add_word(3)>, L<BN_set_bit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_add_word.pod b/openssl-1.1.0h/doc/crypto/BN_add_word.pod
new file mode 100644
index 0000000..6c69bc4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_add_word.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
+functions on BIGNUMs with integers
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+=head1 DESCRIPTION
+
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers. They are much more efficient than the normal BIGNUM
+arithmetic operations.
+
+BN_add_word() adds B<w> to B<a> (C<a+=w>).
+
+BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
+
+BN_mul_word() multiplies B<a> and B<w> (C<a*=w>).
+
+BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
+
+BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%w>).
+
+For BN_div_word() and BN_mod_word(), B<w> must not be 0.
+
+=head1 RETURN VALUES
+
+BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
+on error. The error codes can be obtained by L<ERR_get_error(3)>.
+
+BN_mod_word() and BN_div_word() return B<a>%B<w> on success and
+B<(BN_ULONG)-1> if an error occurred.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_add(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_bn2bin.pod b/openssl-1.1.0h/doc/crypto/BN_bn2bin.pod
new file mode 100644
index 0000000..ac46948
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_bn2bin.pod
@@ -0,0 +1,116 @@
+=pod
+
+=head1 NAME
+
+BN_bn2binpad,
+BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec,
+BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi,
+BN_mpi2bn - format conversions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+ int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+=head1 DESCRIPTION
+
+BN_bn2bin() converts the absolute value of B<a> into big-endian form
+and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
+memory.
+
+BN_bn2binpad() also converts the absolute value of B<a> into big-endian form
+and stores it at B<to>. B<tolen> indicates the length of the output buffer
+B<to>. The result is padded with zeroes if necessary. If B<tolen> is less than
+BN_num_bytes(B<a>) an error is returned.
+
+BN_bin2bn() converts the positive integer in big-endian form of length
+B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
+NULL, a new B<BIGNUM> is created.
+
+BN_bn2lebinpad() and BN_bin2lbn() are identical to BN_bn2binpad() and
+BN_bin2bn() except the buffer is in little-endian format.
+
+BN_bn2hex() and BN_bn2dec() return printable strings containing the
+hexadecimal and decimal encoding of B<a> respectively. For negative
+numbers, the string is prefaced with a leading '-'. The string must be
+freed later using OPENSSL_free().
+
+BN_hex2bn() takes as many characters as possible from the string B<str>,
+including the leading character '-' which means negative, to form a valid
+hexadecimal number representation and converts them to a B<BIGNUM> and
+stores it in **B<bn>. If *B<bn> is NULL, a new B<BIGNUM> is created. If
+B<bn> is NULL, it only computes the length of valid representation.
+A "negative zero" is converted to zero.
+BN_dec2bn() is the same using the decimal system.
+
+BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
+with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
+B<fp>.
+
+BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+that consists of the number's length in bytes represented as a 4-byte
+big-endian number, and the number itself in big-endian format, where
+the most significant bit signals a negative number (the representation
+of numbers with the MSB set is prefixed with null byte).
+
+BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
+must be large enough to hold the result. The size can be determined by
+calling BN_bn2mpi(B<a>, NULL).
+
+BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
+a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
+if B<ret> is NULL.
+
+=head1 RETURN VALUES
+
+BN_bn2bin() returns the length of the big-endian number placed at B<to>.
+BN_bin2bn() returns the B<BIGNUM>, NULL on error.
+
+BN_bn2binpad() returns the number of bytes written or -1 if the supplied
+buffer is too small.
+
+BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
+on error. BN_hex2bn() and BN_dec2bn() return the number of characters
+used in parsing, or 0 on error, in which
+case no new B<BIGNUM> will be created.
+
+BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
+
+BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
+returns the B<BIGNUM>, and NULL on error.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_zero(3)>,
+L<ASN1_INTEGER_to_BN(3)>,
+L<BN_num_bytes(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_cmp.pod b/openssl-1.1.0h/doc/crypto/BN_cmp.pod
new file mode 100644
index 0000000..95d162f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_cmp.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
+absolute values.
+
+BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
+or B<w> respectively. BN_is_odd() tests if a is odd.
+
+BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
+
+=head1 RETURN VALUES
+
+BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
+B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
+of B<a> and B<b>.
+
+BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
+the condition is true, 0 otherwise.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_copy.pod b/openssl-1.1.0h/doc/crypto/BN_copy.pod
new file mode 100644
index 0000000..46de544
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_copy.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BN_copy, BN_dup, BN_with_flags - copy BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+
+ BIGNUM *BN_dup(const BIGNUM *from);
+
+ void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+=head1 DESCRIPTION
+
+BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
+containing the value B<from>.
+
+BN_with_flags creates a B<temporary> shallow copy of B<b> in B<dest>. It places
+significant restrictions on the copied data. Applications that do no adhere to
+these restrictions may encounter unexpected side effects or crashes. For that
+reason use of this function is discouraged. Any flags provided in B<flags> will
+be set in B<dest> in addition to any flags already set in B<b>. For example this
+might commonly be used to create a temporary copy of a BIGNUM with the
+B<BN_FLG_CONSTTIME> flag set for constant time operations. The temporary copy in
+B<dest> will share some internal state with B<b>. For this reason the following
+restrictions apply to the use of B<dest>:
+
+=over 2
+
+=item *
+
+B<dest> should be a newly allocated BIGNUM obtained via a call to BN_new(). It
+should not have been used for other purposes or initialised in any way.
+
+=item *
+
+B<dest> must only be used in "read-only" operations, i.e. typically those
+functions where the relevant parameter is declared "const".
+
+=item *
+
+B<dest> must be used and freed before any further subsequent use of B<b>
+
+=back
+
+=head1 RETURN VALUES
+
+BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
+the new B<BIGNUM>, and NULL on error. The error codes can be obtained
+by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_generate_prime.pod b/openssl-1.1.0h/doc/crypto/BN_generate_prime.pod
new file mode 100644
index 0000000..c97536b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_generate_prime.pod
@@ -0,0 +1,194 @@
+=pod
+
+=head1 NAME
+
+BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call,
+BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg,
+BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test
+for primality
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+     const BIGNUM *rem, BN_GENCB *cb);
+
+ int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+
+ int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+     int do_trial_division, BN_GENCB *cb);
+
+ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+ BN_GENCB *BN_GENCB_new(void);
+
+ void BN_GENCB_free(BN_GENCB *cb);
+
+ void BN_GENCB_set_old(BN_GENCB *gencb,
+     void (*callback)(int, int, void *), void *cb_arg);
+
+ void BN_GENCB_set(BN_GENCB *gencb,
+     int (*callback)(int, int, BN_GENCB *), void *cb_arg);
+
+ void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+     BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+
+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
+     void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+     void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+     int do_trial_division);
+ #endif
+
+=head1 DESCRIPTION
+
+BN_generate_prime_ex() generates a pseudo-random prime number of
+at least bit length B<bits>.
+If B<ret> is not B<NULL>, it will be used to store the number.
+
+If B<cb> is not B<NULL>, it is used as follows:
+
+=over 2
+
+=item *
+
+B<BN_GENCB_call(cb, 0, i)> is called after generating the i-th
+potential prime number.
+
+=item *
+
+While the number is being tested for primality,
+B<BN_GENCB_call(cb, 1, j)> is called as described below.
+
+=item *
+
+When a prime has been found, B<BN_GENCB_call(cb, 2, i)> is called.
+
+=back
+
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+
+If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
+== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
+generator.
+
+If B<safe> is true, it will be a safe prime (i.e. a prime p so
+that (p-1)/2 is also prime).
+
+The PRNG must be seeded prior to calling BN_generate_prime_ex().
+The prime number generation has a negligible error probability.
+
+BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is
+prime.  The following tests are performed until one of them shows that
+B<p> is composite; if B<p> passes all these tests, it is considered
+prime.
+
+BN_is_prime_fasttest_ex(), when called with B<do_trial_division == 1>,
+first attempts trial division by a number of small primes;
+if no divisors are found by this test and B<cb> is not B<NULL>,
+B<BN_GENCB_call(cb, 1, -1)> is called.
+If B<do_trial_division == 0>, this test is skipped.
+
+Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin
+probabilistic primality test with B<nchecks> iterations. If
+B<nchecks == BN_prime_checks>, a number of iterations is used that
+yields a false positive rate of at most 2^-80 for random input.
+
+If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
+after the j-th iteration (j = 0, 1, ...). B<ctx> is a
+pre-allocated B<BN_CTX> (to save the overhead of allocating and
+freeing the structure in a loop), or B<NULL>.
+
+BN_GENCB_call calls the callback function held in the B<BN_GENCB> structure
+and passes the ints B<a> and B<b> as arguments. There are two types of
+B<BN_GENCB> structure that are supported: "new" style and "old" style. New
+programs should prefer the "new" style, whilst the "old" style is provided
+for backwards compatibility purposes.
+
+A BN_GENCB structure should be created through a call to BN_GENCB_new(),
+and freed through a call to BN_GENCB_free().
+
+For "new" style callbacks a BN_GENCB structure should be initialised with a
+call to BN_GENCB_set(), where B<gencb> is a B<BN_GENCB *>, B<callback> is of
+type B<int (*callback)(int, int, BN_GENCB *)> and B<cb_arg> is a B<void *>.
+"Old" style callbacks are the same except they are initialised with a call
+to BN_GENCB_set_old() and B<callback> is of type
+B<void (*callback)(int, int, void *)>.
+
+A callback is invoked through a call to B<BN_GENCB_call>. This will check
+the type of the callback and will invoke B<callback(a, b, gencb)> for new
+style callbacks or B<callback(a, b, cb_arg)> for old style.
+
+It is possible to obtained the argument associated with a BN_GENCB structure
+(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.
+
+BN_generate_prime (deprecated) works in the same way as
+BN_generate_prime_ex but expects an old style callback function
+directly in the B<callback> parameter, and an argument to pass to it in
+the B<cb_arg>. Similarly BN_is_prime and BN_is_prime_fasttest are
+deprecated and can be compared to BN_is_prime_ex and
+BN_is_prime_fasttest_ex respectively.
+
+=head1 RETURN VALUES
+
+BN_generate_prime_ex() return 1 on success or 0 on error.
+
+BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and
+BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is
+prime with an error probability of less than 0.25^B<nchecks>, and
+-1 on error.
+
+BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
+
+BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or B<NULL>
+otherwise.
+
+BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB
+structure.
+
+Callback functions should return 1 on success or 0 on error.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 REMOVED FUNCTIONALITY
+
+As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure
+directly, as in:
+
+ BN_GENCB callback;
+
+Instead applications should create a BN_GENCB structure using BN_GENCB_new:
+
+ BN_GENCB *callback;
+ callback = BN_GENCB_new();
+ if(!callback) /* handle error */
+ ...
+ BN_GENCB_free(callback);
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<RAND_bytes(3)>
+
+=head1 HISTORY
+
+BN_GENCB_new(), BN_GENCB_free(),
+and BN_GENCB_get_arg() were added in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_mod_inverse.pod b/openssl-1.1.0h/doc/crypto/BN_mod_inverse.pod
new file mode 100644
index 0000000..cb84a14
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_mod_inverse.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+BN_mod_inverse - compute inverse modulo n
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+           BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_inverse() computes the inverse of B<a> modulo B<n>
+places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
+a new B<BIGNUM> is created.
+
+B<ctx> is a previously allocated B<BN_CTX> used for temporary
+variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
+
+=head1 RETURN VALUES
+
+BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and
+NULL on error. The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_add(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_mod_mul_montgomery.pod b/openssl-1.1.0h/doc/crypto/BN_mod_mul_montgomery.pod
new file mode 100644
index 0000000..81056c7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_mod_mul_montgomery.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_montgomery, BN_MONT_CTX_new,
+BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
+BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+         BN_MONT_CTX *mont, BN_CTX *ctx);
+
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions implement Montgomery multiplication. They are used
+automatically when L<BN_mod_exp(3)> is called with suitable input,
+but they may be useful when several operations are to be performed
+using the same modulus.
+
+BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
+
+BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
+by precomputing its inverse and a value R.
+
+BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
+
+BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
+it was created by BN_MONT_CTX_new(), also the structure itself.
+If B<mont> is NULL, nothing is done.
+
+BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
+the result in I<r>.
+
+BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
+
+BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
+Note that I<a> must be non-negative and smaller than the modulus.
+
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables.
+
+=head1 RETURN VALUES
+
+BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
+on error.
+
+BN_MONT_CTX_free() has no return value.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 WARNING
+
+The inputs must be reduced modulo B<m>, otherwise the result will be
+outside the expected range.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_add(3)>,
+L<BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_MONT_CTX_init() was removed in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_mod_mul_reciprocal.pod b/openssl-1.1.0h/doc/crypto/BN_mod_mul_reciprocal.pod
new file mode 100644
index 0000000..d480fed
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new,
+BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
+reciprocal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+        BN_CTX *ctx);
+
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_mul_reciprocal() can be used to perform an efficient
+L<BN_mod_mul(3)> operation when the operation will be performed
+repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
+using B<recp>=1/B<m>, which is set as described below.  B<ctx> is a
+previously allocated B<BN_CTX> used for temporary variables.
+
+BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
+
+BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
+was created by BN_RECP_CTX_new(), also the structure itself.
+If B<recp> is NULL, nothing is done.
+
+BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
+1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
+integer. The result and the number of bits it was shifted left will
+later be stored in B<recp>.
+
+BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
+in B<dv> and the remainder in B<rem>.
+
+The B<BN_RECP_CTX> structure cannot be shared between threads.
+
+=head1 RETURN VALUES
+
+BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
+on error.
+
+BN_RECP_CTX_free() has no return value.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<BN_add(3)>,
+L<BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_RECP_CTX_init() was removed in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_new.pod b/openssl-1.1.0h/doc/crypto/BN_new.pod
new file mode 100644
index 0000000..08aae5e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_new.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+
+ BIGNUM *BN_secure_new(void);
+
+ void BN_clear(BIGNUM *a);
+
+ void BN_free(BIGNUM *a);
+
+ void BN_clear_free(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_new() allocates and initializes a B<BIGNUM> structure.
+BN_secure_new() does the same except that the secure heap
+OPENSSL_secure_malloc(3) is used to store the value.
+
+BN_clear() is used to destroy sensitive data such as keys when they
+are no longer needed. It erases the memory used by B<a> and sets it
+to the value 0.
+
+BN_free() frees the components of the B<BIGNUM>, and if it was created
+by BN_new(), also the structure itself. BN_clear_free() additionally
+overwrites the data before the memory is returned to the system.
+If B<a> is NULL, nothing is done.
+
+=head1 RETURN VALUES
+
+BN_new() and BN_secure_new()
+return a pointer to the B<BIGNUM> initialised to the value 0.
+If the allocation fails,
+they return B<NULL> and set an error code that can be obtained
+by L<ERR_get_error(3)>.
+
+BN_clear(), BN_free() and BN_clear_free() have no return values.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 HISTORY
+
+BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_num_bytes.pod b/openssl-1.1.0h/doc/crypto/BN_num_bytes.pod
new file mode 100644
index 0000000..9e0465d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_num_bytes.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_num_bytes(const BIGNUM *a);
+
+ int BN_num_bits(const BIGNUM *a);
+
+ int BN_num_bits_word(BN_ULONG w);
+
+=head1 DESCRIPTION
+
+BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
+
+BN_num_bits_word() returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns I<floor(log2(w))+1>.
+
+BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
+following the same principle as BN_num_bits_word().
+
+BN_num_bytes() is a macro.
+
+=head1 RETURN VALUES
+
+The size.
+
+=head1 NOTES
+
+Some have tried using BN_num_bits() on individual numbers in RSA keys,
+DH keys and DSA keys, and found that they don't always come up with
+the number of bits they expected (something like 512, 1024, 2048,
+...).  This is because generating a number with some specific number
+of bits doesn't always set the highest bits, thereby making the number
+of I<significant> bits a little lower.  If you want to know the "key
+size" of such a key, either use functions like RSA_size(), DH_size()
+and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
+there's no real guarantee that will match the "key size", just a lot
+more probability).
+
+=head1 SEE ALSO
+
+L<DH_size(3)>, L<DSA_size(3)>,
+L<RSA_size(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_rand.pod b/openssl-1.1.0h/doc/crypto/BN_rand.pod
new file mode 100644
index 0000000..08d14de
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_rand.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+=head1 DESCRIPTION
+
+BN_rand() generates a cryptographically strong pseudo-random number of
+B<bits> in length and stores it in B<rnd>.
+If B<bits> is less than zero, or too small to
+accommodate the requirements specified by the B<top> and B<bottom>
+parameters, an error is returned.
+The B<top> parameters specifies
+requirements on the most significant bit of the generated number.
+If it is B<BN_RAND_TOP_ANY>, there is no constraint.
+If it is B<BN_RAND_TOP_ONE>, the top bit must be one.
+If it is B<BN_RAND_TOP_TWO>, the two most significant bits of
+the number will be set to 1, so that the product of two such random
+numbers will always have 2*B<bits> length.
+If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
+is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
+If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
+
+BN_pseudo_rand() does the same, but pseudo-random numbers generated by
+this function are not necessarily unpredictable. They can be used for
+non-cryptographic purposes and for certain purposes in cryptographic
+protocols, but usually not for key generation etc.
+
+BN_rand_range() generates a cryptographically strong pseudo-random
+number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
+BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
+and hence numbers generated by it are not necessarily unpredictable.
+
+The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
+
+=head1 RETURN VALUES
+
+The functions return 1 on success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<RAND_add(3)>, L<RAND_bytes(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_set_bit.pod b/openssl-1.1.0h/doc/crypto/BN_set_bit.pod
new file mode 100644
index 0000000..af02983
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_set_bit.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+
+ int BN_is_bit_set(const BIGNUM *a, int n);
+
+ int BN_mask_bits(BIGNUM *a, int n);
+
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
+number is expanded if necessary.
+
+BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
+error occurs if B<a> is shorter than B<n> bits.
+
+BN_is_bit_set() tests if bit B<n> in B<a> is set.
+
+BN_mask_bits() truncates B<a> to an B<n> bit number
+(C<a&=~((~0)E<gt>E<gt>n)>).  An error occurs if B<a> already is
+shorter than B<n> bits.
+
+BN_lshift() shifts B<a> left by B<n> bits and places the result in
+B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
+B<a> left by one and places the result in B<r> (C<r=2*a>).
+
+BN_rshift() shifts B<a> right by B<n> bits and places the result in
+B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
+B<a> right by one and places the result in B<r> (C<r=a/2>).
+
+For the shift functions, B<r> and B<a> may be the same variable.
+
+=head1 RETURN VALUES
+
+BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
+
+All other functions return 1 for success, 0 on error. The error codes
+can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<BN_num_bytes(3)>, L<BN_add(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_swap.pod b/openssl-1.1.0h/doc/crypto/BN_swap.pod
new file mode 100644
index 0000000..9f77f22
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_swap.pod
@@ -0,0 +1,26 @@
+=pod
+
+=head1 NAME
+
+BN_swap - exchange BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_swap(BIGNUM *a, BIGNUM *b);
+
+=head1 DESCRIPTION
+
+BN_swap() exchanges the values of I<a> and I<b>.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BN_zero.pod b/openssl-1.1.0h/doc/crypto/BN_zero.pod
new file mode 100644
index 0000000..2ca8850
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BN_zero.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment
+operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+
+ const BIGNUM *BN_value_one(void);
+
+ int BN_set_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_get_word(BIGNUM *a);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ int BN_zero(BIGNUM *a);
+ #endif
+
+=head1 DESCRIPTION
+
+B<BN_ULONG> is a macro that will be an unsigned integral type optimied
+for the most efficient implementation on the local platform.
+
+BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
+B<w> respectively.  BN_zero() and BN_one() are macros.
+
+BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
+is useful for use in comparisons and assignment.
+
+BN_get_word() returns B<a>, if it can be represented as a B<BN_ULONG>.
+
+=head1 RETURN VALUES
+
+BN_get_word() returns the value B<a>, or all-bits-set if B<a> cannot
+be represented as a B<BN_ULONG>.
+
+BN_one(), BN_set_word() and the deprecated version of BN_zero()
+return 1 on success, 0 otherwise.
+BN_value_one() returns the constant.
+The preferred version of BN_zero() never fails and returns no value.
+
+=head1 BUGS
+
+If a B<BIGNUM> is equal to the value of all-bits-set, it will collide
+with the error condition returned by BN_get_word() which uses that
+as an error value.
+
+B<BN_ULONG> should probably be a typedef.
+
+=head1 SEE ALSO
+
+L<BN_bn2bin(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/BUF_MEM_new.pod b/openssl-1.1.0h/doc/crypto/BUF_MEM_new.pod
new file mode 100644
index 0000000..1d89159
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/BUF_MEM_new.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow,
+BUF_MEM_grow_clean, BUF_reverse
+- simple character array structure
+
+standard C library equivalents
+
+=head1 SYNOPSIS
+
+ #include <openssl/buffer.h>
+
+ BUF_MEM *BUF_MEM_new(void);
+
+ BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+
+ void BUF_MEM_free(BUF_MEM *a);
+
+ int BUF_MEM_grow(BUF_MEM *str, int len);
+ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+
+ void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
+
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+
+BUF_MEM_new() allocates a new buffer of zero size.
+
+BUF_MEM_new_ex() allocates a buffer with the specified flags.
+The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer
+should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
+
+BUF_MEM_free() frees up an already existing buffer. The data is zeroed
+before freeing up in case the buffer contains sensitive data.
+
+BUF_MEM_grow() changes the size of an already existing buffer to
+B<len>. Any data already in the buffer is preserved if it increases in
+size.
+
+BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd
+or additionally-allocated memory to zero.
+
+BUF_reverse() reverses B<size> bytes at B<in> into B<out>.  If B<in>
+is NULL, the array is reversed in-place.
+
+=head1 RETURN VALUES
+
+BUF_MEM_new() returns the buffer or NULL on error.
+
+BUF_MEM_free() has no return value.
+
+BUF_MEM_grow() and BUF_MEM_grow_clean() return
+zero on error or the new size (i.e., B<len>).
+
+=head1 SEE ALSO
+
+L<bio(7)>,
+L<CRYPTO_secure_malloc(3)>.
+
+=head1 HISTORY
+
+BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_add0_cert.pod b/openssl-1.1.0h/doc/crypto/CMS_add0_cert.pod
new file mode 100644
index 0000000..a5be002
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_add0_cert.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
+- CMS certificate and CRL utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+
+=head1 DESCRIPTION
+
+CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
+must be of type signed data or enveloped data.
+
+CMS_get1_certs() returns all certificates in B<cms>.
+
+CMS_add0_crl() and CMS_add1_crl() add CRL B<crl> to B<cms>. CMS_get1_crls()
+returns any CRLs in B<cms>.
+
+=head1 NOTES
+
+The CMS_ContentInfo structure B<cms> must be of type signed data or enveloped
+data or an error will be returned.
+
+For signed data certificates and CRLs are added to the B<certificates> and
+B<crls> fields of SignedData structure. For enveloped data they are added to
+B<OriginatorInfo>.
+
+As the B<0> implies CMS_add0_cert() adds B<cert> internally to B<cms> and it
+must not be freed up after the call as opposed to CMS_add1_cert() where B<cert>
+must be freed up.
+
+The same certificate or CRL must not be added to the same cms structure more
+than once.
+
+=head1 RETURN VALUES
+
+CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
+1 for success and 0 for failure.
+
+CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
+or NULL if there are none or an error occurs. The only error which will occur
+in practice is if the B<cms> type is invalid.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<CMS_sign(3)>,
+L<CMS_encrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_add1_recipient_cert.pod b/openssl-1.1.0h/doc/crypto/CMS_add1_recipient_cert.pod
new file mode 100644
index 0000000..0dae5cf
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_add1_recipient_cert.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags);
+
+ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);
+
+=head1 DESCRIPTION
+
+CMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped
+data structure B<cms> as a KeyTransRecipientInfo structure.
+
+CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using
+wrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional
+values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped
+data structure B<cms> as a KEKRecipientInfo structure.
+
+The CMS_ContentInfo structure should be obtained from an initial call to
+CMS_encrypt() with the flag B<CMS_PARTIAL> set.
+
+=head1 NOTES
+
+The main purpose of this function is to provide finer control over a CMS
+enveloped data structure where the simpler CMS_encrypt() function defaults are
+not appropriate. For example if one or more KEKRecipientInfo structures
+need to be added. New attributes can also be added using the returned
+CMS_RecipientInfo structure and the CMS attribute utility functions.
+
+OpenSSL will by default identify recipient certificates using issuer name
+and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
+identifier value instead. An error occurs if all recipient certificates do not
+have a subject key identifier extension.
+
+Currently only AES based key wrapping algorithms are supported for B<nid>,
+specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
+If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used
+consistent with B<keylen>.
+
+=head1 RETURN VALUES
+
+CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal
+pointer to the CMS_RecipientInfo structure just added or NULL if an error
+occurs.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_decrypt(3)>,
+L<CMS_final(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_add1_signer.pod b/openssl-1.1.0h/doc/crypto/CMS_add1_signer.pod
new file mode 100644
index 0000000..f4738e0
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_add1_signer.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags);
+
+ int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+
+
+=head1 DESCRIPTION
+
+CMS_add1_signer() adds a signer with certificate B<signcert> and private
+key B<pkey> using message digest B<md> to CMS_ContentInfo SignedData
+structure B<cms>.
+
+The CMS_ContentInfo structure should be obtained from an initial call to
+CMS_sign() with the flag B<CMS_PARTIAL> set or in the case or re-signing a
+valid CMS_ContentInfo SignedData structure.
+
+If the B<md> parameter is B<NULL> then the default digest for the public
+key algorithm will be used.
+
+Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo
+structure is not complete and must be finalized either by streaming (if
+applicable) or a call to CMS_final().
+
+The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo
+structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags
+are both set.
+
+=head1 NOTES
+
+The main purpose of CMS_add1_signer() is to provide finer control
+over a CMS signed data structure where the simpler CMS_sign() function defaults
+are not appropriate. For example if multiple signers or non default digest
+algorithms are needed. New attributes can also be added using the returned
+CMS_SignerInfo structure and the CMS attribute utility functions or the
+CMS signed receipt request functions.
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+
+If B<CMS_REUSE_DIGEST> is set then an attempt is made to copy the content
+digest value from the CMS_ContentInfo structure: to add a signer to an existing
+structure.  An error occurs if a matching digest value cannot be found to copy.
+The returned CMS_ContentInfo structure will be valid and finalized when this
+flag is set.
+
+If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
+CMS_SignerInfo structure will not be finalized so additional attributes
+can be added. In this case an explicit call to CMS_SignerInfo_sign() is
+needed to finalize it.
+
+If B<CMS_NOCERTS> is set the signer's certificate will not be included in the
+CMS_ContentInfo structure, the signer's certificate must still be supplied in
+the B<signcert> parameter though. This can reduce the size of the signature if
+the signers certificate can be obtained by other means: for example a
+previously signed message.
+
+The SignedData structure includes several CMS signedAttributes including the
+signing time, the CMS content type and the supported list of ciphers in an
+SMIMECapabilities attribute. If B<CMS_NOATTR> is set then no signedAttributes
+will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are
+omitted.
+
+OpenSSL will by default identify signing certificates using issuer name
+and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
+identifier value instead. An error occurs if the signing certificate does not
+have a subject key identifier extension.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192
+bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2.
+If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is
+not loaded.
+
+CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
+structure just added, this can be used to set additional attributes
+before it is finalized.
+
+=head1 RETURN VALUES
+
+CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
+structure just added or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_final(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_compress.pod b/openssl-1.1.0h/doc/crypto/CMS_compress.pod
new file mode 100644
index 0000000..e405108
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_compress.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+CMS_compress - create a CMS CompressedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_compress() creates and returns a CMS CompressedData structure. B<comp_nid>
+is the compression algorithm to use or B<NID_undef> to use the default
+algorithm (zlib compression). B<in> is the content to be compressed.
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The only currently supported compression algorithm is zlib using the NID
+NID_zlib_compression.
+
+If zlib support is not compiled into OpenSSL then CMS_compress() will return
+an error.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are
+prepended to the data.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<CMS_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If B<CMS_BINARY> is set then
+B<CMS_TEXT> is ignored.
+
+If the B<CMS_STREAM> flag is set a partial B<CMS_ContentInfo> structure is
+returned suitable for streaming I/O: no data is read from the BIO B<in>.
+
+The compressed data is included in the CMS_ContentInfo structure, unless
+B<CMS_DETACHED> is set in which case it is omitted. This is rarely used in
+practice and is not supported by SMIME_write_CMS().
+
+=head1 NOTES
+
+If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is
+B<not> complete and outputting its contents via a function that does not
+properly finalize the B<CMS_ContentInfo> structure will give unpredictable
+results.
+
+Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(),
+PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_CMS().
+
+Additional compression parameters such as the zlib compression level cannot
+currently be set.
+
+=head1 RETURN VALUES
+
+CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error
+occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_uncompress(3)>
+
+=head1 HISTORY
+
+The B<CMS_STREAM> flag was added in OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_decrypt.pod b/openssl-1.1.0h/doc/crypto/CMS_decrypt.pod
new file mode 100644
index 0000000..b3b196c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_decrypt.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+CMS_decrypt - decrypt content from a CMS envelopedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipient's certificate, B<out> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+The B<dcont> parameter is used in the rare case where the encrypted content
+is detached. It will normally be set to NULL.
+
+=head1 NOTES
+
+Although the recipients certificate is not needed to decrypt the data it is
+needed to locate the appropriate (of possible several) recipients in the CMS
+structure.
+
+If B<cert> is set to NULL all possible recipients are tried. This case however
+is problematic. To thwart the MMA attack (Bleichenbacher's attack on
+PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
+not. If no recipient succeeds then a random symmetric key is used to decrypt
+the content: this will typically output garbage and may (but is not guaranteed
+to) ultimately return a padding error only. If CMS_decrypt() just returned an
+error when all recipient encrypted keys failed to decrypt an attacker could
+use this in a timing attack. If the special flag B<CMS_DEBUG_DECRYPT> is set
+then the above behaviour is modified and an error B<is> returned if no
+recipient encrypted key can be decrypted B<without> generating a random
+content encryption key. Applications should use this flag with
+B<extreme caution> especially in automated gateways as it can leave them
+open to attack.
+
+It is possible to determine the correct recipient key by other means (for
+example looking them up in a database) and setting them in the CMS structure
+in advance using the CMS utility functions such as CMS_set1_pkey(). In this
+case both B<cert> and B<pkey> should be set to NULL.
+
+To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
+and CMS_ReceipientInfo_decrypt() should be called before CMS_decrypt() and
+B<cert> and B<pkey> set to NULL.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+CMS_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+The lack of single pass processing and the need to hold all data in memory as
+mentioned in CMS_verify() also applies to CMS_decrypt().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_encrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_encrypt.pod b/openssl-1.1.0h/doc/crypto/CMS_encrypt.pod
new file mode 100644
index 0000000..0ed4262
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_encrypt.pod
@@ -0,0 +1,104 @@
+=pod
+
+=head1 NAME
+
+CMS_encrypt - create a CMS envelopedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_encrypt() creates and returns a CMS EnvelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Only certificates carrying RSA keys are supported so the recipient certificates
+supplied to this function must all contain RSA public keys, though they do not
+have to be signed using the RSA algorithm.
+
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
+because most clients will support it.
+
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
+its parameters.
+
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+CMS_encrypt().
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are
+prepended to the data.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<CMS_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If B<CMS_BINARY> is set then
+B<CMS_TEXT> is ignored.
+
+OpenSSL will by default identify recipient certificates using issuer name
+and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
+identifier value instead. An error occurs if all recipient certificates do not
+have a subject key identifier extension.
+
+If the B<CMS_STREAM> flag is set a partial B<CMS_ContentInfo> structure is
+returned suitable for streaming I/O: no data is read from the BIO B<in>.
+
+If the B<CMS_PARTIAL> flag is set a partial B<CMS_ContentInfo> structure is
+returned to which additional recipients and attributes can be added before
+finalization.
+
+The data being encrypted is included in the CMS_ContentInfo structure, unless
+B<CMS_DETACHED> is set in which case it is omitted. This is rarely used in
+practice and is not supported by SMIME_write_CMS().
+
+=head1 NOTES
+
+If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is
+B<not> complete and outputting its contents via a function that does not
+properly finalize the B<CMS_ContentInfo> structure will give unpredictable
+results.
+
+Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(),
+PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_CMS().
+
+The recipients specified in B<certs> use a CMS KeyTransRecipientInfo info
+structure. KEKRecipientInfo is also supported using the flag B<CMS_PARTIAL>
+and CMS_add0_recipient_key().
+
+The parameter B<certs> may be NULL if B<CMS_PARTIAL> is set and recipients
+added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().
+
+=head1 RETURN VALUES
+
+CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error
+occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_decrypt(3)>
+
+=head1 HISTORY
+
+The B<CMS_STREAM> flag was first supported in OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_final.pod b/openssl-1.1.0h/doc/crypto/CMS_final.pod
new file mode 100644
index 0000000..264fe7b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_final.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+CMS_final - finalise a CMS_ContentInfo structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_final() finalises the structure B<cms>. It's purpose is to perform any
+operations necessary on B<cms> (digest computation for example) and set the
+appropriate fields. The parameter B<data> contains the content to be
+processed. The B<dcont> parameter contains a BIO to write content to after
+processing: this is only used with detached data and will usually be set to
+NULL.
+
+=head1 NOTES
+
+This function will normally be called when the B<CMS_PARTIAL> flag is used. It
+should only be used when streaming is not performed because the streaming
+I/O functions perform finalisation operations internally.
+
+=head1 RETURN VALUES
+
+CMS_final() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_encrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_get0_RecipientInfos.pod b/openssl-1.1.0h/doc/crypto/CMS_get0_RecipientInfos.pod
new file mode 100644
index 0000000..6c33c22
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_get0_RecipientInfos.pod
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+CMS_get0_RecipientInfos, CMS_RecipientInfo_type,
+CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp,
+CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id,
+CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key,
+CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
+- CMS envelopedData RecipientInfo routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+
+ int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+ int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+
+ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
+ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen);
+ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen);
+
+ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+=head1 DESCRIPTION
+
+The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo
+structures associated with a CMS EnvelopedData structure.
+
+CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>.
+It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
+CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
+
+CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
+identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
+must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
+B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
+
+CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
+CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
+It returns zero if the comparison is successful and non zero if not.
+
+CMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with
+the CMS_RecipientInfo structure B<ri>, which must be of type
+CMS_RECIPINFO_TRANS.
+
+CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the
+CMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK.  Any
+of the remaining parameters can be NULL if the application is not interested in
+the value of a field. Where a field is optional and absent NULL will be written
+to the corresponding parameter. The keyEncryptionAlgorithm field is written to
+B<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if
+present is written to B<pdate>, if the B<other> field is present the components
+B<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and
+B<pothertype>.
+
+CMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen>
+parameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>,
+which must be of type CMS_RECIPINFO_KEK.  It returns zero if the comparison is
+successful and non zero if not.
+
+CMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length
+B<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type
+CMS_RECIPINFO_KEK.
+
+CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure
+B<ri> in structure B<cms>. A key must have been associated with the structure
+first.
+
+CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure
+B<ri> in structure B<cms>. A key must have been associated with the structure
+first and the content encryption key must be available: for example by a
+previous call to CMS_RecipientInfo_decrypt().
+
+=head1 NOTES
+
+The main purpose of these functions is to enable an application to lookup
+recipient keys using any appropriate technique when the simpler method
+of CMS_decrypt() is not appropriate.
+
+In typical usage and application will retrieve all CMS_RecipientInfo structures
+using CMS_get0_RecipientInfos() and check the type of each using
+CMS_RecpientInfo_type(). Depending on the type the CMS_RecipientInfo structure
+can be ignored or its key identifier data retrieved using an appropriate
+function. Then if the corresponding secret or private key can be obtained by
+any appropriate means it can then associated with the structure and
+CMS_RecpientInfo_decrypt() called. If successful CMS_decrypt() can be called
+with a NULL key to decrypt the enveloped content.
+
+The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an
+existing enveloped data structure. Typically an application will first decrypt
+an appropriate CMS_RecipientInfo structure to make the content encrypt key
+available, it will then add a new recipient using a function such as
+CMS_add1_recipient_cert() and finally encrypt the content encryption key
+using CMS_RecipientInfo_encrypt().
+
+=head1 RETURN VALUES
+
+CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if
+an error occurs.
+
+CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(),
+CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and
+CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs.
+CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.
+
+CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0
+for a successful comparison and non zero otherwise.
+
+Any error can be obtained from L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_get0_SignerInfos.pod b/openssl-1.1.0h/doc/crypto/CMS_get0_SignerInfos.pod
new file mode 100644
index 0000000..e5532c9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_get0_SignerInfos.pod
@@ -0,0 +1,89 @@
+=pod
+
+=head1 NAME
+
+CMS_SignerInfo_set1_signer_cert,
+CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id,
+CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp
+- CMS signedData signer functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+ int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+ int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+
+=head1 DESCRIPTION
+
+The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures
+associated with a CMS signedData structure.
+
+CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier
+associated with a specific CMS_SignerInfo structure B<si>. Either the
+keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
+in B<issuer> and B<sno>.
+
+CMS_SignerInfo_get0_signature() retrieves the signature associated with
+B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned
+corresponds to the internal signature value if B<si> so it may be read or
+modified.
+
+CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer
+identifier B<si>. It returns zero if the comparison is successful and non zero
+if not.
+
+CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to
+B<signer>.
+
+=head1 NOTES
+
+The main purpose of these functions is to enable an application to lookup
+signers certificates using any appropriate technique when the simpler method
+of CMS_verify() is not appropriate.
+
+In typical usage and application will retrieve all CMS_SignerInfo structures
+using CMS_get0_SignerInfo() and retrieve the identifier information using
+CMS. It will then obtain the signer certificate by some unspecified means
+(or return and error if it cannot be found) and set it using
+CMS_SignerInfo_set1_signer_cert().
+
+Once all signer certificates have been set CMS_verify() can be used.
+
+Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if
+there are no signers this is not a problem in practice because the only
+error which can occur is if the B<cms> structure is not of type signedData
+due to application error.
+
+=head1 RETURN VALUES
+
+CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there
+are no signers or an error occurs.
+
+CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.
+
+CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non
+zero otherwise.
+
+CMS_SignerInfo_set1_signer_cert() does not return a value.
+
+Any error can be obtained from L<ERR_get_error(3)>
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_get0_type.pod b/openssl-1.1.0h/doc/crypto/CMS_get0_type.pod
new file mode 100644
index 0000000..cad8d3f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_get0_type.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+ const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+
+=head1 DESCRIPTION
+
+CMS_get0_type() returns the content type of a CMS_ContentInfo structure as
+and ASN1_OBJECT pointer. An application can then decide how to process the
+CMS_ContentInfo structure based on this value.
+
+CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo
+structure. It should be called with CMS functions with the B<CMS_PARTIAL>
+flag and B<before> the structure is finalised, otherwise the results are
+undefined.
+
+ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded
+content type.
+
+CMS_get0_content() returns a pointer to the B<ASN1_OCTET_STRING> pointer
+containing the embedded content.
+
+=head1 NOTES
+
+As the B<0> implies CMS_get0_type(), CMS_get0_eContentType() and
+CMS_get0_content() return internal pointers which should B<not> be freed up.
+CMS_set1_eContentType() copies the supplied OID and it B<should> be freed up
+after use.
+
+The B<ASN1_OBJECT> values returned can be converted to an integer B<NID> value
+using OBJ_obj2nid(). For the currently supported content types the following
+values are returned:
+
+ NID_pkcs7_data
+ NID_pkcs7_signed
+ NID_pkcs7_digest
+ NID_id_smime_ct_compressedData:
+ NID_pkcs7_encrypted
+ NID_pkcs7_enveloped
+
+The return value of CMS_get0_content() is a pointer to the B<ASN1_OCTET_STRING>
+content pointer. That means that for example:
+
+ ASN1_OCTET_STRING **pconf = CMS_get0_content(cms);
+
+B<*pconf> could be NULL if there is no embedded content. Applications can
+access, modify or create the embedded content in a B<CMS_ContentInfo> structure
+using this function. Applications usually will not need to modify the
+embedded content as it is normally set by higher level functions.
+
+=head1 RETURN VALUES
+
+CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure.
+
+CMS_set1_eContentType() returns 1 for success or 0 if an error occurred.  The
+error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_get1_ReceiptRequest.pod b/openssl-1.1.0h/doc/crypto/CMS_get1_ReceiptRequest.pod
new file mode 100644
index 0000000..79f5f42
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_get1_ReceiptRequest.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo);
+ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto);
+
+=head1 DESCRIPTION
+
+CMS_ReceiptRequest_create0() creates a signed receipt request structure. The
+B<signedContentIdentifier> field is set using B<id> and B<idlen>, or it is set
+to 32 bytes of pseudo random data if B<id> is NULL. If B<receiptList> is NULL
+the allOrFirstTier option in B<receiptsFrom> is used and set to the value of
+the B<allorfirst> parameter. If B<receiptList> is not NULL the B<receiptList>
+option in B<receiptsFrom> is used. The B<receiptsTo> parameter specifies the
+B<receiptsTo> field value.
+
+The CMS_add1_ReceiptRequest() function adds a signed receipt request B<rr>
+to SignerInfo structure B<si>.
+
+int CMS_get1_ReceiptRequest() looks for a signed receipt request in B<si>, if
+any is found it is decoded and written to B<prr>.
+
+CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request.
+The signedContentIdentifier is copied to B<pcid>. If the B<allOrFirstTier>
+option of B<receiptsFrom> is used its value is copied to B<pallorfirst>
+otherwise the B<receiptList> field is copied to B<plist>. The B<receiptsTo>
+parameter is copied to B<prto>.
+
+=head1 NOTES
+
+For more details of the meaning of the fields see RFC2634.
+
+The contents of a signed receipt should only be considered meaningful if the
+corresponding CMS_ContentInfo structure can be successfully verified using
+CMS_verify().
+
+=head1 RETURN VALUES
+
+CMS_ReceiptRequest_create0() returns a signed receipt request structure or
+NULL if an error occurred.
+
+CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred.
+
+CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and
+decoded. It returns 0 if a signed receipt request is not present and -1 if
+it is present but malformed.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_sign_receipt(3)>, L<CMS_verify(3)>
+L<CMS_verify_receipt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_sign.pod b/openssl-1.1.0h/doc/crypto/CMS_sign.pod
new file mode 100644
index 0000000..396deef
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_sign.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+CMS_sign - create a CMS SignedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_sign() creates and returns a CMS SignedData structure. B<signcert> is
+the certificate to sign with, B<pkey> is the corresponding private key.
+B<certs> is an optional additional set of certificates to include in the CMS
+structure (for example any intermediate CAs in the chain). Any or all of
+these parameters can be B<NULL>, see B<NOTES> below.
+
+The data to be signed is read from BIO B<data>.
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+If B<CMS_NOCERTS> is set the signer's certificate will not be included in the
+CMS_ContentInfo structure, the signer's certificate must still be supplied in
+the B<signcert> parameter though. This can reduce the size of the signature if
+the signers certificate can be obtained by other means: for example a
+previously signed message.
+
+The data being signed is included in the CMS_ContentInfo structure, unless
+B<CMS_DETACHED> is set in which case it is omitted. This is used for
+CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed
+messages for example.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<CMS_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+
+The SignedData structure includes several CMS signedAttributes including the
+signing time, the CMS content type and the supported list of ciphers in an
+SMIMECapabilities attribute. If B<CMS_NOATTR> is set then no signedAttributes
+will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are
+omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192
+bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2.
+If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is
+not loaded.
+
+OpenSSL will by default identify signing certificates using issuer name
+and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
+identifier value instead. An error occurs if the signing certificate does not
+have a subject key identifier extension.
+
+If the flags B<CMS_STREAM> is set then the returned B<CMS_ContentInfo>
+structure is just initialized ready to perform the signing operation. The
+signing is however B<not> performed and the data to be signed is not read from
+the B<data> parameter. Signing is deferred until after the data has been
+written. In this way data can be signed in a single pass.
+
+If the B<CMS_PARTIAL> flag is set a partial B<CMS_ContentInfo> structure is
+output to which additional signers and capabilities can be added before
+finalization.
+
+If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is
+B<not> complete and outputting its contents via a function that does not
+properly finalize the B<CMS_ContentInfo> structure will give unpredictable
+results.
+
+Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(),
+PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_CMS().
+
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+
+If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
+output.
+
+The function CMS_sign() is a basic CMS signing function whose output will be
+suitable for many purposes. For finer control of the output format the
+B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
+B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
+function CMS_sign_add1_signer(), non default digests can be used and custom
+attributes added. CMS_final() must then be called to finalize the
+structure if streaming is not enabled.
+
+=head1 BUGS
+
+Some attributes such as counter signatures are not supported.
+
+=head1 RETURN VALUES
+
+CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error
+occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_verify(3)>
+
+=head1 HISTORY
+
+The B<CMS_STREAM> flag is only supported for detached data in OpenSSL 0.9.8,
+it is supported for embedded data in OpenSSL 1.0.0 and later.
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_sign_receipt.pod b/openssl-1.1.0h/doc/crypto/CMS_sign_receipt.pod
new file mode 100644
index 0000000..8ea6df1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_sign_receipt.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+CMS_sign_receipt - create a CMS signed receipt
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_sign_receipt() creates and returns a CMS signed receipt structure. B<si> is
+the B<CMS_SignerInfo> structure containing the signed receipt request.
+B<signcert> is the certificate to sign with, B<pkey> is the corresponding
+private key.  B<certs> is an optional additional set of certificates to include
+in the CMS structure (for example any intermediate CAs in the chain).
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+This functions behaves in a similar way to CMS_sign() except the flag values
+B<CMS_DETACHED>, B<CMS_BINARY>, B<CMS_NOATTR>, B<CMS_TEXT> and B<CMS_STREAM>
+are not supported since they do not make sense in the context of signed
+receipts.
+
+=head1 RETURN VALUES
+
+CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if
+an error occurred.  The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<CMS_verify_receipt(3)>,
+L<CMS_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_uncompress.pod b/openssl-1.1.0h/doc/crypto/CMS_uncompress.pod
new file mode 100644
index 0000000..80f9c0d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_uncompress.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+CMS_uncompress - uncompress a CMS CompressedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_uncompress() extracts and uncompresses the content from a CMS
+CompressedData structure B<cms>. B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+The B<dcont> parameter is used in the rare case where the compressed content
+is detached. It will normally be set to NULL.
+
+=head1 NOTES
+
+The only currently supported compression algorithm is zlib: if the structure
+indicates the use of any other algorithm an error is returned.
+
+If zlib support is not compiled into OpenSSL then CMS_uncompress() will always
+return an error.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+CMS_uncompress() returns either 1 for success or 0 for failure. The error can
+be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+The lack of single pass processing and the need to hold all data in memory as
+mentioned in CMS_verify() also applies to CMS_decompress().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_compress(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_verify.pod b/openssl-1.1.0h/doc/crypto/CMS_verify.pod
new file mode 100644
index 0000000..c2ff57b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_verify.pod
@@ -0,0 +1,131 @@
+=pod
+
+=head1 NAME
+
+CMS_verify, CMS_get0_signers - verify a CMS SignedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags);
+
+ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+=head1 DESCRIPTION
+
+CMS_verify() verifies a CMS SignedData structure. B<cms> is the CMS_ContentInfo
+structure to verify. B<certs> is a set of certificates in which to search for
+the signing certificate(s). B<store> is a trusted certificate store used for
+chain verification. B<indata> is the detached content if the content is not
+present in B<cms>. The content is written to B<out> if it is not NULL.
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must
+be called after a successful CMS_verify() operation.
+
+=head1 VERIFY PROCESS
+
+Normally the verify process proceeds as follows.
+
+Initially some sanity checks are performed on B<cms>. The type of B<cms> must
+be SignedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.
+
+An attempt is made to locate all the signing certificate(s), first looking in
+the B<certs> parameter (if it is not NULL) and then looking in any
+certificates contained in the B<cms> structure itself. If any signing
+certificate cannot be located the operation fails.
+
+Each signing certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If CRL checking is enabled in B<store> any internal
+CRLs are used in addition to attempting to look them up in B<store>. If any
+chain verify fails an error code is returned.
+
+Finally the signed content is read (and written to B<out> is it is not NULL)
+and the signature's checked.
+
+If all signature's verify correctly then the function is successful.
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter to change the default verify behaviour.
+
+If B<CMS_NOINTERN> is set the certificates in the message itself are not
+searched when locating the signing certificate(s). This means that all the
+signing certificates must be in the B<certs> parameter.
+
+If B<CMS_NOCRL> is set and CRL checking is enabled in B<store> then any
+CRLs in the message itself are ignored.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
+verified.
+
+If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
+verified.
+
+If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
+
+=head1 NOTES
+
+One application of B<CMS_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+
+In some cases the standard techniques for looking up and validating
+certificates are not appropriate: for example an application may wish to
+lookup certificates in a database or perform customised verification. This
+can be achieved by setting and verifying the signers certificates manually
+using the signed data utility functions.
+
+Care should be taken when modifying the default verify behaviour, for example
+setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
+and any modified content will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+
+Chain verification should arguably be performed using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+
+=head1 RETURN VALUES
+
+CMS_verify() returns 1 for a successful verification and zero if an error
+occurred.
+
+CMS_get0_signers() returns all signers or NULL if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)>
+
+=head1 BUGS
+
+The trusted certificate store is not searched for the signing certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+
+The lack of single pass processing means that the signed content must all
+be held in memory if it is not detached.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CMS_verify_receipt.pod b/openssl-1.1.0h/doc/crypto/CMS_verify_receipt.pod
new file mode 100644
index 0000000..193241c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CMS_verify_receipt.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+CMS_verify_receipt - verify a CMS signed receipt
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
+
+=head1 DESCRIPTION
+
+CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed
+receipt to verify. B<ocms> is the original SignedData structure containing the
+receipt request. B<certs> is a set of certificates in which to search for the
+signing certificate. B<store> is a trusted certificate store (used for chain
+verification).
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+=head1 NOTES
+
+This functions behaves in a similar way to CMS_verify() except the flag values
+B<CMS_DETACHED>, B<CMS_BINARY>, B<CMS_TEXT> and B<CMS_STREAM> are not
+supported since they do not make sense in the context of signed receipts.
+
+=head1 RETURN VALUES
+
+CMS_verify_receipt() returns 1 for a successful verification and zero if an
+error occurred.
+
+The error can be obtained from L<ERR_get_error(3)>
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<CMS_sign_receipt(3)>,
+L<CMS_verify(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CONF_modules_free.pod b/openssl-1.1.0h/doc/crypto/CONF_modules_free.pod
new file mode 100644
index 0000000..ac59f37
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CONF_modules_free.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
+OpenSSL configuration cleanup functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void CONF_modules_finish(void);
+ void CONF_modules_unload(int all);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void CONF_modules_free(void)
+ #endif
+
+=head1 DESCRIPTION
+
+CONF_modules_free() closes down and frees up all memory allocated by all
+configuration modules.
+
+CONF_modules_finish() calls each configuration modules B<finish> handler
+to free up any configuration that module may have performed.
+
+CONF_modules_unload() finishes and unloads configuration modules. If
+B<all> is set to B<0> only modules loaded from DSOs will be unloads. If
+B<all> is B<1> all modules, including builtin modules will be unloaded.
+
+=head1 NOTES
+
+Normally in versions of OpenSSL prior to 1.1.0 applications will only call
+CONF_modules_free() at application exit to tidy up any configuration performed.
+From 1.1.0 CONF_modules_free() is deprecated and no explicit CONF cleanup is
+required at all. For more information see L<OPENSSL_init_crypto(3)>.
+
+=head1 RETURN VALUE
+
+None of the functions return a value.
+
+=head1 SEE ALSO
+
+L<conf(5)>, L<OPENSSL_config(3)>,
+L<CONF_modules_load_file(3)>
+
+=head1 HISTORY
+
+CONF_modules_free() was deprecated in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CONF_modules_load_file.pod b/openssl-1.1.0h/doc/crypto/CONF_modules_load_file.pod
new file mode 100644
index 0000000..4f02f52
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CONF_modules_load_file.pod
@@ -0,0 +1,135 @@
+=pod
+
+=head1 NAME
+
+CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ int CONF_modules_load_file(const char *filename, const char *appname,
+                                        unsigned long flags);
+ int CONF_modules_load(const CONF *cnf, const char *appname,
+                               unsigned long flags);
+
+=head1 DESCRIPTION
+
+The function CONF_modules_load_file() configures OpenSSL using file
+B<filename> and application name B<appname>. If B<filename> is NULL
+the standard OpenSSL configuration file is used. If B<appname> is
+NULL the standard OpenSSL application name B<openssl_conf> is used.
+The behaviour can be customized using B<flags>.
+
+CONF_modules_load() is identical to CONF_modules_load_file() except it
+reads configuration information from B<cnf>.
+
+=head1 NOTES
+
+The following B<flags> are currently recognized:
+
+B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual
+configuration modules are ignored. If not set the first module error is
+considered fatal and no further modules are loaded.
+
+Normally any modules errors will add error information to the error queue. If
+B<CONF_MFLAGS_SILENT> is set no error information is added.
+
+If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
+disabled.
+
+B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
+ignore missing configuration files. Normally a missing configuration file
+return an error.
+
+B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
+default section pointed to by B<openssl_conf> if B<appname> does not exist.
+
+By using CONF_modules_load_file() with appropriate flags an application can
+customise application configuration to best suit its needs. In some cases the
+use of a configuration file is optional and its absence is not an error: in
+this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
+
+Errors during configuration may also be handled differently by different
+applications. For example in some cases an error may simply print out a warning
+message and the application continue. In other cases an application might
+consider a configuration file error as fatal and exit immediately.
+
+Applications can use the CONF_modules_load() function if they wish to load a
+configuration file themselves and have finer control over how errors are
+treated.
+
+=head1 EXAMPLES
+
+Load a configuration file and print out any errors and exit (missing file
+considered fatal):
+
+ if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+ }
+
+Load default configuration file using the section indicated by "myapp",
+tolerate missing files, but exit on other errors:
+
+ if (CONF_modules_load_file(NULL, "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+ }
+
+Load custom configuration file and section, only print warnings on error,
+missing configuration file ignored:
+
+ if (CONF_modules_load_file("/something/app.cnf", "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "WARNING: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+ }
+
+Load and parse configuration file manually, custom error handling:
+
+ FILE *fp;
+ CONF *cnf = NULL;
+ long eline;
+ fp = fopen("/somepath/app.cnf", "r");
+ if (fp == NULL) {
+    fprintf(stderr, "Error opening configuration file\n");
+    /* Other missing configuration file behaviour */
+ } else {
+    cnf = NCONF_new(NULL);
+    if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+        fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+        ERR_print_errors_fp(stderr);
+        /* Other malformed configuration file behaviour */
+    } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+      fprintf(stderr, "Error configuring application\n");
+      ERR_print_errors_fp(stderr);
+      /* Other configuration error behaviour */
+    }
+    fclose(fp);
+    NCONF_free(cnf);
+  }
+
+=head1 RETURN VALUES
+
+These functions return 1 for success and a zero or negative value for
+failure. If module errors are not ignored the return code will reflect the
+return value of the failing module (this will always be zero or negative).
+
+=head1 SEE ALSO
+
+L<config(5)>, L<OPENSSL_config(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CRYPTO_THREAD_run_once.pod b/openssl-1.1.0h/doc/crypto/CRYPTO_THREAD_run_once.pod
new file mode 100644
index 0000000..b256a18
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CRYPTO_THREAD_run_once.pod
@@ -0,0 +1,170 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_THREAD_run_once,
+CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
+CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
+ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+=head1 DESCRIPTION
+
+OpenSSL can be safely used in multi-threaded applications provided that
+support for the underlying OS threading API is built-in. Currently, OpenSSL
+supports the pthread and Windows APIs. OpenSSL can also be built without
+any multi-threading support, for example on platforms that don't provide
+any threading support or that provide a threading API that is not yet
+supported by OpenSSL.
+
+The following multi-threading function are provided:
+
+=over 2
+
+=item *
+
+CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
+The B<once> argument must be a pointer to a static object of type
+B<CRYPTO_ONCE> that was statically initialized to the value
+B<CRYPTO_ONCE_STATIC_INIT>.
+The B<init> argument is a pointer to a function that performs the desired
+exactly once initialization.
+In particular, this can be used to allocate locks in a thread-safe manner,
+which can then be used with the locking functions below.
+
+=item *
+
+CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
+lock.
+
+=item *
+
+CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
+
+=item *
+
+CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
+
+=item *
+
+CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
+
+=item *
+
+CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
+
+=item *
+
+CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
+result of the operation in B<ret>. B<lock> will be locked, unless atomic
+operations are supported on the specific platform. Because of this, if a
+variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
+be the only way that the variable is modified.
+
+=back
+
+=head1 RETURN VALUES
+
+CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.
+
+CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
+
+CRYPTO_THREAD_lock_frees() returns no value.
+
+The other functions return 1 on success or 0 on error.
+
+=head1 NOTES
+
+On Windows platforms the CRYPTO_THREAD_* types and functions in the
+openssl/crypto.h header are dependent on some of the types customarily
+made available by including windows.h. The application developer is
+likely to require control over when the latter is included, commonly as
+one of the first included headers. Therefore it is defined as an
+application developer's responsibility to include windows.h prior to
+crypto.h where use of CRYPTO_THREAD_* types and functions is required.
+
+=head1 EXAMPLE
+
+This example safely initializes and uses a lock.
+
+  #ifdef _WIN32
+  # include <windows.h>
+  #endif
+  #include <openssl/crypto.h>
+
+  static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+  static CRYPTO_RWLOCK *lock;
+
+  static void myinit(void)
+  {
+      lock = CRYPTO_THREAD_lock_new();
+  }
+
+  static int mylock(void)
+  {
+      if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+          return 0;
+      return CRYPTO_THREAD_write_lock(lock);
+  }
+
+  static int myunlock(void)
+  {
+      return CRYPTO_THREAD_unlock(lock);
+  }
+
+  int serialized(void)
+  {
+      int ret = 0;
+
+      if (mylock()) {
+          /* Your code here, do not return without releasing the lock! */
+          ret = ... ;
+      }
+      myunlock();
+      return ret;
+  }
+
+Finalization of locks is an advanced topic, not covered in this example.
+This can only be done at process exit or when a dynamically loaded library is
+no longer in use and is unloaded.
+The simplest solution is to just "leak" the lock in applications and not
+repeatedly load/unload shared libraries that allocate locks.
+
+=head1 NOTES
+
+You can find out if OpenSSL was configured with thread support:
+
+ #include <openssl/opensslconf.h>
+ #if defined(OPENSSL_THREADS)
+   // thread support enabled
+ #else
+   // no thread support
+ #endif
+
+=head1 SEE ALSO
+
+L<crypto(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CRYPTO_get_ex_new_index.pod b/openssl-1.1.0h/doc/crypto/CRYPTO_get_ex_new_index.pod
new file mode 100644
index 0000000..a5bf620
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CRYPTO_get_ex_new_index.pod
@@ -0,0 +1,166 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup,
+CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data,
+CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data
+- functions supporting application-specific data
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ int CRYPTO_get_ex_new_index(int class_index,
+                long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int idx, long argl, void *argp);
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
+
+ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
+ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+
+ void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+
+ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r);
+
+ int CRYPTO_free_ex_index(int class_index, int idx);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application-specific data attached to them,
+known as "exdata."
+The specific structures are:
+
+    SSL
+    SSL_CTX
+    SSL_SESSION
+    X509
+    X509_STORE
+    X509_STORE_CTX
+    DH
+    DSA
+    EC_KEY
+    RSA
+    ENGINE
+    UI
+    UI_METHOD
+    BIO
+
+Each is identified by an B<CRYPTO_EX_INDEX_xxx> define in the B<crypto.h>
+header file.  In addition, B<CRYPTO_EX_INDEX_APP> is reserved for
+applications to use this facility for their own structures.
+
+The API described here is used by OpenSSL to manipulate exdata for specific
+structures.  Since the application data can be anything at all it is passed
+and retrieved as a B<void *> type.
+
+The B<CRYPTO_EX_DATA> type is opaque.  To initialize the exdata part of
+a structure, call CRYPTO_new_ex_data(). This is only necessary for
+B<CRYPTO_EX_INDEX_APP> objects.
+
+Exdata types are identified by an B<index>, an integer guaranteed to be
+unique within structures for the lifetime of the program.  Applications
+using exdata typically call B<CRYPTO_get_ex_new_index> at startup, and
+store the result in a global variable, or write a wrapper function to
+provide lazy evaluation.  The B<class_index> should be one of the
+B<CRYPTO_EX_INDEX_xxx> values. The B<argl> and B<argp> parameters are saved
+to be passed to the callbacks but are otherwise not used.  In order to
+transparently manipulate exdata, three callbacks must be provided. The
+semantics of those callbacks are described below.
+
+When copying or releasing objects with exdata, the callback functions
+are called in increasing order of their B<index> value.
+
+If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index()
+when this is done.
+This will replace the callbacks with no-ops
+so that applications don't crash.  Any existing exdata will be leaked.
+
+To set or get the exdata on an object, the appropriate type-specific
+routine must be used.  This is because the containing structure is opaque
+and the B<CRYPTO_EX_DATA> field is not accessible.  In both API's, the
+B<idx> parameter should be an already-created index value.
+
+When setting exdata, the pointer specified with a particular index is saved,
+and returned on a subsequent "get" call.  If the application is going to
+release the data, it must make sure to set a B<NULL> value at the index,
+to avoid likely double-free crashes.
+
+The function B<CRYPTO_free_ex_data> is used to free all exdata attached
+to a structure. The appropriate type-specific routine must be used.
+The B<class_index> identifies the structure type, the B<obj> is
+be the pointer to the actual structure, and B<r> is a pointer to the
+structure's exdata field.
+
+=head2 Callback Functions
+
+This section describes how the callback functions are used. Applications
+that are defining their own exdata using B<CYPRTO_EX_INDEX_APP> must
+call them as described here.
+
+When a structure is initially allocated (such as RSA_new()) then the
+new_func() is called for every defined index. There is no requirement
+that the entire parent, or containing, structure has been set up.
+The new_func() is typically used only to allocate memory to store the
+exdata, and perhaps an "initialized" flag within that memory.
+The exdata value should be set by calling CRYPTO_set_ex_data().
+
+When a structure is free'd (such as SSL_CTX_free()) then the
+free_func() is called for every defined index.  Again, the state of the
+parent structure is not guaranteed.  The free_func() may be called with a
+NULL pointer.
+
+Both new_func() and free_func() take the same parameters.
+The B<parent> is the pointer to the structure that contains the exdata.
+The B<ptr> is the current exdata item; for new_func() this will typically
+be NULL.  The B<r> parameter is a pointer to the exdata field of the object.
+The B<idx> is the index and is the value returned when the callbacks were
+initially registered via CRYPTO_get_ex_new_index() and can be used if
+the same callback handles different types of exdata.
+
+dup_func() is called when a structure is being copied.  This is only done
+for B<SSL>, B<SSL_SESSION>, B<EC_KEY> objects and B<BIO> chains via
+BIO_dup_chain().  The B<to> and B<from> parameters
+are pointers to the destination and source B<CRYPTO_EX_DATA> structures,
+respectively.  The B<from_d> parameter needs to be cast to a B<void **pptr>
+as the API has currently the wrong signature; that will be changed in a
+future version.  The B<*pptr> is a pointer to the source exdata.
+When the dup_func() returns, the value in B<*pptr> is copied to the
+destination ex_data.  If the pointer contained in B<*pptr> is not modified
+by the dup_func(), then both B<to> and B<from> will point to the same data.
+The B<idx>, B<argl> and B<argp> parameters are as described for the other
+two callbacks.  If the dup_func() returns B<0> the whole CRYPTO_dup_ex_data()
+will fail.
+
+=head1 RETURN VALUES
+
+CRYPTO_get_ex_new_index() returns a new index or -1 on failure; the
+value B<0> is reserved for the legacy "app_data" API's.
+
+CRYPTO_free_ex_index() and
+CRYPTO_set_ex_data() return 1 on success or 0 on failure.
+
+CRYPTO_get_ex_data() returns the application data or NULL on failure;
+note that NULL may be a valid value.
+
+dup_func() should return 0 for failure and 1 for success.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CTLOG_STORE_get0_log_by_id.pod b/openssl-1.1.0h/doc/crypto/CTLOG_STORE_get0_log_by_id.pod
new file mode 100644
index 0000000..c517e95
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CTLOG_STORE_get0_log_by_id.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+CTLOG_STORE_get0_log_by_id -
+Get a Certificate Transparency log from a CTLOG_STORE
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                         const uint8_t *log_id,
+                                         size_t log_id_len);
+
+=head1 DESCRIPTION
+
+A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency
+(CT) log that issued it using the log's LogID (see RFC 6962, Section 3.2).
+Therefore, it is useful to be able to look up more information about a log
+(e.g. its public key) using this LogID.
+
+CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG
+in a CTLOG_STORE that has a given LogID.
+
+=head1 RETURN VALUES
+
+B<CTLOG_STORE_get0_log_by_id> returns a CTLOG with the given LogID, if it
+exists in the given CTLOG_STORE, otherwise it returns NULL.
+
+=head1 SEE ALSO
+
+L<ct(3)>,
+L<CTLOG_STORE_new(3)>
+
+=head1 HISTORY
+
+This function was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CTLOG_STORE_new.pod b/openssl-1.1.0h/doc/crypto/CTLOG_STORE_new.pod
new file mode 100644
index 0000000..2a38f26
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CTLOG_STORE_new.pod
@@ -0,0 +1,79 @@
+=pod
+
+=head1 NAME
+
+CTLOG_STORE_new, CTLOG_STORE_free,
+CTLOG_STORE_load_default_file, CTLOG_STORE_load_file -
+Create and populate a Certificate Transparency log list
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ CTLOG_STORE *CTLOG_STORE_new(void);
+ void CTLOG_STORE_free(CTLOG_STORE *store);
+
+ int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+=head1 DESCRIPTION
+
+A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
+logs). The list can be loaded from one or more files and then searched by LogID
+(see RFC 6962, Section 3.2, for the definition of a LogID).
+
+CTLOG_STORE_new() creates an empty list of CT logs. This is then populated
+by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file().
+CTLOG_STORE_load_default_file() loads from the default file, which is named
+"ct_log_list.cnf" in OPENSSLDIR (see the output of L<version>). This can be
+overridden using an environment variable named "CTLOG_FILE".
+CTLOG_STORE_load_file() loads from a caller-specified file path instead.
+Both of these functions append any loaded CT logs to the CTLOG_STORE.
+
+The expected format of the file is:
+
+ enabled_logs=foo,bar
+
+ [foo]
+ description = Log 1
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
+
+ [bar]
+ description = Log 2
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
+
+Once a CTLOG_STORE is no longer required, it should be passed to
+CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
+with the CTLOG_STORE itself.
+
+=head1 NOTES
+
+If there are any invalid CT logs in a file, they are skipped and the remaining
+valid logs will still be added to the CTLOG_STORE. A CT log will be considered
+invalid if it is missing a "key" or "description" field.
+
+=head1 RETURN VALUES
+
+Both B<CTLOG_STORE_load_default_file> and B<CTLOG_STORE_load_file> return 1 if
+all CT logs in the file are successfully parsed and loaded, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ct(3)>,
+L<CTLOG_STORE_get0_log_by_id(3)>,
+L<SSL_CTX_set_ctlog_list_file(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CTLOG_new.pod b/openssl-1.1.0h/doc/crypto/CTLOG_new.pod
new file mode 100644
index 0000000..ccda6b9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CTLOG_new.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+CTLOG_new, CTLOG_new_from_base64, CTLOG_free,
+CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key -
+encapsulates information about a Certificate Transparency log
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+ int CTLOG_new_from_base64(CTLOG ** ct_log,
+                           const char *pkey_base64, const char *name);
+ void CTLOG_free(CTLOG *log);
+ const char *CTLOG_get0_name(const CTLOG *log);
+ void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                        size_t *log_id_len);
+ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+=head1 DESCRIPTION
+
+CTLOG_new() returns a new CTLOG that represents the Certificate Transparency
+(CT) log with the given public key. A name must also be provided that can be
+used to help users identify this log. Ownership of the public key is
+transferred.
+
+CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in
+base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG.
+The base64 will be decoded and the public key parsed.
+
+Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the
+caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer
+needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that
+was passed to it.
+
+CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was
+created. Ownership of the string remains with the CTLOG.
+
+CTLOG_get0_log_id() sets *log_id to point to a string containing that log's
+LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a
+v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of
+the string remains with the CTLOG.
+
+CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the
+EVP_PKEY remains with the CTLOG.
+
+=head1 RETURN VALUES
+
+CTLOG_new() will return NULL if an error occurs.
+
+CTLOG_new_from_base64() will return 1 on success, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ct(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/CT_POLICY_EVAL_CTX_new.pod b/openssl-1.1.0h/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
new file mode 100644
index 0000000..7839fd3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free,
+CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert,
+CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer,
+CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE,
+CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time -
+Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+ X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+ X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+ const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, CTLOG_STORE *log_store);
+ uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+=head1 DESCRIPTION
+
+A B<CT_POLICY_EVAL_CTX> is used by functions that evaluate whether Signed
+Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy.
+This policy may be, for example, that at least one valid SCT is available. To
+determine this, an SCT's timestamp and signature must be verified.
+This requires:
+
+=over 4
+
+=item * the public key of the log that issued the SCT
+
+=item * the certificate that the SCT was issued for
+
+=item * the issuer certificate (if the SCT was issued for a pre-certificate)
+
+=item * the current time
+
+=back
+
+The above requirements are met using the setters described below.
+
+CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
+should then be populated using:
+
+=over 4
+
+=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
+
+Increments the reference count of the certificate.
+
+=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate
+
+Increments the reference count of the certificate.
+
+=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs
+
+Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the
+CT_POLICY_EVAL_CTX.
+
+=item * CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid
+
+The SCT timestamp will be compared to this time to check whether the SCT was
+issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
+timestamp is in the future". By default, this will be set to 5 minutes in the
+future (e.g. (time() + 300) * 1000), to allow for clock drift.
+
+The time should be in milliseconds since the Unix epoch.
+
+=back
+
+Each setter has a matching getter for accessing the current value.
+
+When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to
+CT_POLICY_EVAL_CTX_free() to delete it.
+
+=head1 NOTES
+
+The issuer certificate only needs to be provided if at least one of the SCTs
+was issued for a pre-certificate. This will be the case for SCTs embedded in a
+certificate (i.e. those in an X.509 extension), but may not be the case for SCTs
+found in the TLS SCT extension or OCSP response.
+
+=head1 RETURN VALUES
+
+CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.
+
+=head1 SEE ALSO
+
+L<ct(7)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DEFINE_STACK_OF.pod b/openssl-1.1.0h/doc/crypto/DEFINE_STACK_OF.pod
new file mode 100644
index 0000000..f655f84
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DEFINE_STACK_OF.pod
@@ -0,0 +1,241 @@
+=pod
+
+=head1 NAME
+
+DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
+DEFINE_SPECIAL_STACK_OF_CONST,
+OPENSSL_sk_deep_copy, OPENSSL_sk_delete, OPENSSL_sk_delete_ptr,
+OPENSSL_sk_dup, OPENSSL_sk_find, OPENSSL_sk_find_ex, OPENSSL_sk_free,
+OPENSSL_sk_insert, OPENSSL_sk_is_sorted, OPENSSL_sk_new, OPENSSL_sk_new_null,
+OPENSSL_sk_num, OPENSSL_sk_pop, OPENSSL_sk_pop_free, OPENSSL_sk_push,
+OPENSSL_sk_set, OPENSSL_sk_set_cmp_func, OPENSSL_sk_shift, OPENSSL_sk_sort,
+OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero,
+sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_free,
+sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push,
+sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free,
+sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort,
+sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func -
+stack container
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/safestack.h>
+
+ STACK_OF(TYPE)
+ DEFINE_STACK_OF(TYPE)
+ DEFINE_STACK_OF_CONST(TYPE)
+ DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
+ DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
+
+ typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
+ typedef void (*sk_TYPE_freefunc)(TYPE *a);
+
+ int sk_TYPE_num(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
+ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
+ STACK_OF(TYPE) *sk_TYPE_new_null(void);
+ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
+ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
+ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
+ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
+ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
+ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
+ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
+ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
+ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
+                                   sk_TYPE_copyfunc copyfunc,
+                                   sk_TYPE_freefunc freefunc);
+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, sk_TYPE_compfunc compare);
+
+=head1 DESCRIPTION
+
+Applications can create and use their own stacks by placing any of the macros
+described below in a header file. These macros define typesafe inline
+functions that wrap around the utility B<OPENSSL_sk_> API.
+In the description here, I<TYPE> is used
+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
+
+STACK_OF() returns the name for a stack of the specified B<TYPE>.
+DEFINE_STACK_OF() creates set of functions for a stack of B<TYPE>. This
+will mean that type B<TYPE> is stored in each stack, the type is referenced by
+STACK_OF(TYPE) and each function name begins with I<sk_TYPE_>. For example:
+
+ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+
+DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except
+each element is constant. For example:
+
+ const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+
+DEFINE_SPECIAL_STACK_OF() defines a stack of B<TYPE> but
+each function uses B<FUNCNAME> in the function name. For example:
+
+ TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+
+DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is
+constant:
+
+ const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+
+sk_TYPE_num() returns the number of elements in B<sk> or -1 if B<sk> is
+B<NULL>.
+
+sk_TYPE_value() returns element B<idx> in B<sk>, where B<idx> starts at
+zero. If B<idx> is out of range then B<NULL> is returned.
+
+sk_TYPE_new() allocates a new empty stack using comparison function B<compare>.
+If B<compare> is B<NULL> then no comparison function is used.
+
+sk_TYPE_new_null() allocates a new empty stack with no comparison function.
+
+sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compare>.
+The previous comparison function is returned or B<NULL> if there was
+no previous comparison function.
+
+sk_TYPE_free() frees up the B<sk> structure. It does B<not> free up any
+elements of B<sk>. After this call B<sk> is no longer valid.
+
+sk_TYPE_zero() sets the number of elements in B<sk> to zero. It does not free
+B<sk> so after this call B<sk> is still valid.
+
+sk_TYPE_pop_free() frees up all elements of B<sk> and B<sk> itself. The
+free function freefunc() is called on each element to free it.
+
+sk_TYPE_delete() deletes element B<i> from B<sk>. It returns the deleted
+element or B<NULL> if B<i> is out of range.
+
+sk_TYPE_delete_ptr() deletes element matching B<ptr> from B<sk>. It returns
+the deleted element or B<NULL> if no element matching B<ptr> was found.
+
+sk_TYPE_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
+elements at or after B<idx> are moved downwards. If B<idx> is out of range
+the new element is appended to B<sk>. sk_TYPE_insert() either returns the
+number of elements in B<sk> after the new element is inserted or zero if
+an error (such as memory allocation failure) occurred.
+
+sk_TYPE_push() appends B<ptr> to B<sk> it is equivalent to:
+
+ sk_TYPE_insert(sk, ptr, -1);
+
+sk_TYPE_unshift() inserts B<ptr> at the start of B<sk> it is equivalent to:
+
+ sk_TYPE_insert(sk, ptr, 0);
+
+sk_TYPE_pop() returns and removes the last element from B<sk>.
+
+sk_TYPE_shift() returns and removes the first element from B<sk>.
+
+sk_TYPE_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
+element. The new element value is returned or B<NULL> if an error occurred:
+this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
+
+sk_TYPE_find() searches B<sk> for the element B<ptr>.  In the case
+where no comparison function has been specified, the function performs
+a linear search for a pointer equal to B<ptr>. The index of the first
+matching element is returned or B<-1> if there is no match. In the case
+where a comparison function has been specified, B<sk> is sorted then
+sk_TYPE_find() returns the index of a matching element or B<-1> if there
+is no match. Note that, in this case, the matching element returned is
+not guaranteed to be the first; the comparison function will usually
+compare the values pointed to rather than the pointers themselves and
+the order of elements in B<sk> could change.
+
+sk_TYPE_find_ex() operates like sk_TYPE_find() except when a comparison
+function has been specified and no matching element is found. Instead
+of returning B<-1>, sk_TYPE_find_ex() returns the index of the element
+either before or after the location where B<ptr> would be if it were
+present in B<sk>.
+
+sk_TYPE_sort() sorts B<sk> using the supplied comparison function.
+
+sk_TYPE_is_sorted() returns B<1> if B<sk> is sorted and B<0> otherwise.
+
+sk_TYPE_dup() returns a copy of B<sk>. Note the pointers in the copy
+are identical to the original.
+
+sk_TYPE_deep_copy() returns a new stack where each element has been copied.
+Copying is performed by the supplied copyfunc() and freeing by freefunc(). The
+function freefunc() is only called if an error occurs.
+
+=head1 NOTES
+
+Care should be taken when accessing stacks in multi-threaded environments.
+Any operation which increases the size of a stack such as sk_TYPE_insert() or
+sk_push() can "grow" the size of an internal array and cause race conditions
+if the same stack is accessed in a different thread. Operations such as
+sk_find() and sk_sort() can also reorder the stack.
+
+Any comparison function supplied should use a metric suitable
+for use in a binary search operation. That is it should return zero, a
+positive or negative value if B<a> is equal to, greater than
+or less than B<b> respectively.
+
+Care should be taken when checking the return values of the functions
+sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the
+matching element. In particular B<0> indicates a matching first element.
+A failed search is indicated by a B<-1> return value.
+
+STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and
+DEFINE_SPECIAL_STACK_OF() are implemented as macros.
+
+=head1 RETURN VALUES
+
+sk_TYPE_num() returns the number of elements in the stack or B<-1> if the
+passed stack is B<NULL>.
+
+sk_TYPE_value() returns a pointer to a stack element or B<NULL> if the
+index is out of range.
+
+sk_TYPE_new() and sk_TYPE_new_null() return an empty stack or B<NULL> if
+an error occurs.
+
+sk_TYPE_set_cmp_func() returns the old comparison function or B<NULL> if
+there was no old comparison function.
+
+sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do
+not return values.
+
+sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr()
+return a pointer to the deleted element or B<NULL> on error.
+
+sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total
+number of elements in the stack and 0 if an error occurred.
+
+sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on
+error.
+
+sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element
+or B<-1> on error.
+
+sk_TYPE_is_sorted() returns B<1> if the stack is sorted and B<0> if it is
+not.
+
+sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the
+stack.
+
+=head1 HISTORY
+
+Before OpenSSL 1.1.0, this was implemented via macros and not inline functions
+and was not a public API.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DES_random_key.pod b/openssl-1.1.0h/doc/crypto/DES_random_key.pod
new file mode 100644
index 0000000..77cfdda
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DES_random_key.pod
@@ -0,0 +1,310 @@
+=pod
+
+=head1 NAME
+
+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
+DES_fcrypt, DES_crypt - DES encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/des.h>
+
+ void DES_random_key(DES_cblock *ret);
+
+ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
+
+ void DES_set_odd_parity(DES_cblock *key);
+ int DES_is_weak_key(const_DES_cblock *key);
+
+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+        DES_key_schedule *ks, int enc);
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+        DES_key_schedule *ks1, DES_key_schedule *ks2,
+        DES_key_schedule *ks3, int enc);
+
+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int enc);
+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec, int enc);
+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec);
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int enc);
+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int *num, int enc);
+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int *num);
+
+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+ void DES_ede2_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+ void DES_ede3_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
+        int enc);
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_key_schedule *ks3,
+        DES_cblock *ivec, int *num);
+
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+        long length, DES_key_schedule *schedule,
+        const_DES_cblock *ivec);
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+        long length, int out_count, DES_cblock *seed);
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1,
+        DES_cblock *key2);
+
+ char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+ char *DES_crypt(const char *buf, const char *salt);
+
+=head1 DESCRIPTION
+
+This library contains a fast implementation of the DES encryption
+algorithm.
+
+There are two phases to the use of DES encryption.  The first is the
+generation of a I<DES_key_schedule> from a key, the second is the
+actual encryption.  A DES key is of type I<DES_cblock>. This type is
+consists of 8 bytes with odd parity.  The least significant bit in
+each byte is the parity bit.  The key schedule is an expanded form of
+the key; it is used to speed the encryption process.
+
+DES_random_key() generates a random key.  The PRNG must be seeded
+prior to using this function (see L<rand(3)>).  If the PRNG
+could not generate a secure key, 0 is returned.
+
+Before a DES key can be used, it must be converted into the
+architecture dependent I<DES_key_schedule> via the
+DES_set_key_checked() or DES_set_key_unchecked() function.
+
+DES_set_key_checked() will check that the key passed is of odd parity
+and is not a weak or semi-weak key.  If the parity is wrong, then -1
+is returned.  If the key is a weak key, then -2 is returned.  If an
+error is returned, the key schedule is not generated.
+
+DES_set_key() works like
+DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
+otherwise like DES_set_key_unchecked().  These functions are available
+for compatibility; it is recommended to use a function that does not
+depend on a global variable.
+
+DES_set_odd_parity() sets the parity of the passed I<key> to odd.
+
+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+is ok.
+
+The following routines mostly operate on an input and output stream of
+I<DES_cblock>s.
+
+DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
+decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
+(ECB) mode.  It always transforms the input data, pointed to by
+I<input>, into the output data, pointed to by the I<output> argument.
+If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
+(cleartext) is encrypted in to the I<output> (ciphertext) using the
+key_schedule specified by the I<schedule> argument, previously set via
+I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
+ciphertext) is decrypted into the I<output> (now cleartext).  Input
+and output may overlap.  DES_ecb_encrypt() does not return a value.
+
+DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
+three-key Triple-DES encryption in ECB mode.  This involves encrypting
+the input with I<ks1>, decrypting with the key schedule I<ks2>, and
+then encrypting with I<ks3>.  This routine greatly reduces the chances
+of brute force breaking of DES and has the advantage of if I<ks1>,
+I<ks2> and I<ks3> are the same, it is equivalent to just encryption
+using ECB mode and I<ks1> as the key.
+
+The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
+encryption by using I<ks1> for the final encryption.
+
+DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
+(CBC) mode of DES.  If the I<encrypt> argument is non-zero, the
+routine cipher-block-chain encrypts the cleartext data pointed to by
+the I<input> argument into the ciphertext pointed to by the I<output>
+argument, using the key schedule provided by the I<schedule> argument,
+and initialization vector provided by the I<ivec> argument.  If the
+I<length> argument is not an integral multiple of eight bytes, the
+last block is copied to a temporary area and zero filled.  The output
+is always an integral multiple of eight bytes.
+
+DES_xcbc_encrypt() is RSA's DESX mode of DES.  It uses I<inw> and
+I<outw> to 'whiten' the encryption.  I<inw> and I<outw> are secret
+(unlike the iv) and are as such, part of the key.  So the key is sort
+of 24 bytes.  This is much better than CBC DES.
+
+DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
+three keys. This means that each DES operation inside the CBC mode is
+an C<C=E(ks3,D(ks2,E(ks1,M)))>.  This mode is used by SSL.
+
+The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
+reusing I<ks1> for the final encryption.  C<C=E(ks1,D(ks2,E(ks1,M)))>.
+This form of Triple-DES is used by the RSAREF library.
+
+DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+chaining mode used by Kerberos v4. Its parameters are the same as
+DES_ncbc_encrypt().
+
+DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode.  This
+method takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete DES ECB encryption per I<numbits>, this function is only
+suggested for use when sending small numbers of characters.
+
+DES_cfb64_encrypt()
+implements CFB mode of DES with 64bit feedback.  Why is this
+useful you ask?  Because this routine will allow you to encrypt an
+arbitrary number of bytes, no 8 byte padding.  Each call to this
+routine will encrypt the input bytes to output and then update ivec
+and num.  num contains 'how far' we are though ivec.  If this does
+not make much sense, read more about cfb mode of DES :-).
+
+DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
+DES_cfb64_encrypt() except that Triple-DES is used.
+
+DES_ofb_encrypt() encrypts using output feedback mode.  This method
+takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete DES ECB encryption per numbits, this function is only
+suggested for use when sending small numbers of characters.
+
+DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
+Feed Back mode.
+
+DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
+DES_ofb64_encrypt(), using Triple-DES.
+
+The following functions are included in the DES library for
+compatibility with the MIT Kerberos library.
+
+DES_cbc_cksum() produces an 8 byte checksum based on the input stream
+(via CBC encryption).  The last 4 bytes of the checksum are returned
+and the complete 8 bytes are placed in I<output>. This function is
+used by Kerberos v4.  Other applications should use
+L<EVP_DigestInit(3)> etc. instead.
+
+DES_quad_cksum() is a Kerberos v4 function.  It returns a 4 byte
+checksum from the input bytes.  The algorithm can be iterated over the
+input, depending on I<out_count>, 1, 2, 3 or 4 times.  If I<output> is
+non-NULL, the 8 bytes generated by each pass are written into
+I<output>.
+
+The following are DES-based transformations:
+
+DES_fcrypt() is a fast version of the Unix crypt(3) function.  This
+version takes only a small amount of space relative to other fast
+crypt() implementations.  This is different to the normal crypt in
+that the third parameter is the buffer that the return value is
+written into.  It needs to be at least 14 bytes long.  This function
+is thread safe, unlike the normal crypt.
+
+DES_crypt() is a faster replacement for the normal system crypt().
+This function calls DES_fcrypt() with a static array passed as the
+third parameter.  This mostly emulates the normal non-thread-safe semantics
+of crypt(3).
+The B<salt> must be two ASCII characters.
+
+DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
+buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
+using I<sched> for the key and I<iv> as a starting vector.  The actual
+data send down I<fd> consists of 4 bytes (in network byte order)
+containing the length of the following encrypted data.  The encrypted
+data then follows, padded with random data out to a multiple of 8
+bytes.
+
+=head1 BUGS
+
+DES_3cbc_encrypt() is flawed and must not be used in applications.
+
+DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
+instead.
+
+DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of
+the second input byte.  The second 12 bits will have the low 8 bits
+taken from the 3rd input byte and the top 4 bits taken from the 4th
+input byte.  The same holds for output.  This function has been
+implemented this way because most people will be using a multiple of 8
+and because once you get into pulling bytes input bytes apart things
+get ugly!
+
+DES_string_to_key() is available for backward compatibility with the
+MIT library.  New applications should use a cryptographic hash function.
+The same applies for DES_string_to_2key().
+
+=head1 NOTES
+
+The B<des> library was written to be source code compatible with
+the MIT Kerberos library.
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)> etc. instead of calling these
+functions directly.
+
+Single-key DES is insecure due to its short key size.  ECB mode is
+not suitable for most applications; see L<des_modes(7)>.
+
+=head1 HISTORY
+
+The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
+be two ASCII characters was first enforced in
+OpenSSL 1.1.0.  Previous versions tried to use the letter uppercase B<A>
+if both character were not present, and could crash when given non-ASCII
+on some platforms.
+
+=head1 SEE ALSO
+
+L<des_modes(7)>,
+L<EVP_EncryptInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_generate_key.pod b/openssl-1.1.0h/doc/crypto/DH_generate_key.pod
new file mode 100644
index 0000000..de0847a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_generate_key.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_generate_key(DH *dh);
+
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+=head1 DESCRIPTION
+
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
+
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+
+=head1 RETURN VALUES
+
+DH_generate_key() returns 1 on success, 0 otherwise.
+
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>, L<DH_size(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_generate_parameters.pod b/openssl-1.1.0h/doc/crypto/DH_generate_parameters.pod
new file mode 100644
index 0000000..ce178af
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_generate_parameters.pod
@@ -0,0 +1,134 @@
+=pod
+
+=head1 NAME
+
+DH_generate_parameters_ex, DH_generate_parameters,
+DH_check, DH_check_params - generate and check Diffie-Hellman
+parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+
+ int DH_check(DH *dh, int *codes);
+ int DH_check_params(DH *dh, int *codes);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ DH *DH_generate_parameters(int prime_len, int generator,
+     void (*callback)(int, int, void *), void *cb_arg);
+ #endif
+
+=head1 DESCRIPTION
+
+DH_generate_parameters_ex() generates Diffie-Hellman parameters that can
+be shared among a group of users, and stores them in the provided B<DH>
+structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<cb> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
+is called. See L<BN_generate_prime(3)> for information on
+the BN_GENCB_call() function.
+
+DH_check_params() confirms that the B<p> and B<g> are likely enough to
+be valid.
+This is a lightweight check, if a more thorough check is needed, use
+DH_check().
+The value of B<*codes> is updated with any problems found.
+If B<*codes> is zero then no problems were found, otherwise the
+following bits may be set:
+
+=over 4
+
+=item DH_CHECK_P_NOT_PRIME
+
+The parameter B<p> has been determined to not being an odd prime.
+Note that the lack of this bit doesn't guarantee that B<p> is a
+prime.
+
+=item DH_NOT_SUITABLE_GENERATOR
+
+The generator B<g> is not suitable.
+Note that the lack of this bit doesn't guarantee that B<g> is
+suitable, unless B<p> is known to be a strong prime.
+
+=back
+
+DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
+value of B<*codes> is updated with any problems found. If B<*codes> is zero then
+no problems were found, otherwise the following bits may be set:
+
+=over 4
+
+=item DH_CHECK_P_NOT_PRIME
+
+The parameter B<p> is not prime.
+
+=item DH_CHECK_P_NOT_SAFE_PRIME
+
+The parameter B<p> is not a safe prime and no B<q> value is present.
+
+=item DH_UNABLE_TO_CHECK_GENERATOR
+
+The generator B<g> cannot be checked for suitability.
+
+=item DH_NOT_SUITABLE_GENERATOR
+
+The generator B<g> is not suitable.
+
+=item DH_CHECK_Q_NOT_PRIME
+
+The parameter B<q> is not prime.
+
+=item DH_CHECK_INVALID_Q_VALUE
+
+The parameter B<q> is invalid.
+
+=item DH_CHECK_INVALID_J_VALUE
+
+The parameter B<j> is invalid.
+
+=back
+
+=head1 RETURN VALUES
+
+DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1
+if the check could be performed, 0 otherwise.
+
+DH_generate_parameters() (deprecated) returns a pointer to the DH structure, or
+NULL if the parameter generation fails.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+DH_generate_parameters_ex() and DH_generate_parameters() may run for several
+hours before finding a suitable prime.
+
+The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
+are not to be used in signature schemes.
+
+=head1 SEE ALSO
+
+L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>,
+L<DH_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_get0_pqg.pod b/openssl-1.1.0h/doc/crypto/DH_get0_pqg.pod
new file mode 100644
index 0000000..3809813
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_get0_pqg.pod
@@ -0,0 +1,110 @@
+=pod
+
+=head1 NAME
+
+DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_clear_flags,
+DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length,
+DH_set_length - Routines for getting and setting data in a DH object
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ void DH_get0_pqg(const DH *dh,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DH_get0_key(const DH *dh,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+ void DH_clear_flags(DH *dh, int flags);
+ int DH_test_flags(const DH *dh, int flags);
+ void DH_set_flags(DH *dh, int flags);
+ ENGINE *DH_get0_engine(DH *d);
+ long DH_get_length(const DH *dh);
+ int DH_set_length(DH *dh, long length);
+
+=head1 DESCRIPTION
+
+A DH object contains the parameters B<p>, B<q> and B<g>. Note that the B<q>
+parameter is optional. It also contains a public key (B<pub_key>) and
+(optionally) a private key (B<priv_key>).
+
+The B<p>, B<q> and B<g> parameters can be obtained by calling DH_get0_pqg().
+If the parameters have not yet been set then B<*p>, B<*q> and B<*g> will be set
+to NULL. Otherwise they are set to pointers to their respective values. These
+point directly to the internal representations of the values and therefore
+should not be freed directly.
+
+The B<p>, B<q> and B<g> values can be set by calling DH_set0_pqg() and passing
+the new values for B<p>, B<q> and B<g> as parameters to the function. Calling
+this function transfers the memory management of the values to the DH object,
+and therefore the values that have been passed in should not be freed directly
+after this function has been called. The B<q> parameter may be NULL.
+
+To get the public and private key values use the DH_get0_key() function. A
+pointer to the public key will be stored in B<*pub_key>, and a pointer to the
+private key will be stored in B<*priv_key>. Either may be NULL if they have not
+been set yet, although if the private key has been set then the public key must
+be. The values point to the internal representation of the public key and
+private key values. This memory should not be freed directly.
+
+The public and private key values can be set using DH_set0_key(). Either
+parameter may be NULL, which means the corresponding DH field is left
+untouched. As with DH_set0_pqg() this function transfers the memory management
+of the key values to the DH object, and therefore they should not be freed
+directly after this function has been called.
+
+DH_set_flags() sets the flags in the B<flags> parameter on the DH object.
+Multiple flags can be passed in one go (bitwise ORed together). Any flags that
+are already set are left set. DH_test_flags() tests to see whether the flags
+passed in the B<flags> parameter are currently set in the DH object. Multiple
+flags can be tested in one go. All flags that are currently set are returned, or
+zero if none of the flags are set. DH_clear_flags() clears the specified flags
+within the DH object.
+
+DH_get0_engine() returns a handle to the ENGINE that has been set for this DH
+object, or NULL if no such ENGINE has been set.
+
+The DH_get_length() and DH_set_length() functions get and set the optional
+length parameter associated with this DH object. If the length is non-zero then
+it is used, otherwise it is ignored. The B<length> parameter indicates the
+length of the secret exponent (private key) in bits.
+
+=head1 NOTES
+
+Values retrieved with DH_get0_key() are owned by the DH object used
+in the call and may therefore I<not> be passed to DH_set0_key().  If
+needed, duplicate the received value using BN_dup() and pass the
+duplicate.  The same applies to DH_get0_pqg() and DH_set0_pqg().
+
+=head1 RETURN VALUES
+
+DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.
+
+DH_test_flags() returns the current state of the flags in the DH object.
+
+DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE
+has been set.
+
+DH_get_length() returns the length of the secret exponent (private key) in bits,
+or zero if no such length has been explicitly set.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<DH_new(3)>, L<DH_generate_parameters(3)>, L<DH_generate_key(3)>,
+L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_get_1024_160.pod b/openssl-1.1.0h/doc/crypto/DH_get_1024_160.pod
new file mode 100644
index 0000000..4044f10
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_get_1024_160.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+DH_get_1024_160,
+DH_get_2048_224,
+DH_get_2048_256,
+BN_get0_nist_prime_192,
+BN_get0_nist_prime_224,
+BN_get0_nist_prime_256,
+BN_get0_nist_prime_384,
+BN_get0_nist_prime_521,
+BN_get_rfc2409_prime_768,
+BN_get_rfc2409_prime_1024,
+BN_get_rfc3526_prime_1536,
+BN_get_rfc3526_prime_2048,
+BN_get_rfc3526_prime_3072,
+BN_get_rfc3526_prime_4096,
+BN_get_rfc3526_prime_6144,
+BN_get_rfc3526_prime_8192
+- Create standardized public primes or DH pairs
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ DH *DH_get_1024_160(void)
+ DH *DH_get_2048_224(void)
+ DH *DH_get_2048_256(void)
+
+ const BIGNUM *BN_get0_nist_prime_192(void)
+ const BIGNUM *BN_get0_nist_prime_224(void)
+ const BIGNUM *BN_get0_nist_prime_256(void)
+ const BIGNUM *BN_get0_nist_prime_384(void)
+ const BIGNUM *BN_get0_nist_prime_521(void)
+
+ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+
+=head1 DESCRIPTION
+
+DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return
+a DH object for the IETF RFC 5114 value.
+
+BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(),
+BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return
+a BIGNUM for the specific NIST prime curve (e.g., P-256).
+
+BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(),
+BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(),
+BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(),
+BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions
+return a BIGNUM for the specified size from IETF RFC 2409.  If B<bn>
+is not NULL, the BIGNUM will be set into that location as well.
+
+=head1 RETURN VALUES
+
+Defined above.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_meth_new.pod b/openssl-1.1.0h/doc/crypto/DH_meth_new.pod
new file mode 100644
index 0000000..d768da8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_meth_new.pod
@@ -0,0 +1,156 @@
+=pod
+
+=head1 NAME
+
+DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name,
+DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data,
+DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key,
+DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp,
+DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish,
+DH_meth_set_finish, DH_meth_get_generate_params,
+DH_meth_set_generate_params - Routines to build up DH methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH_METHOD *DH_meth_new(const char *name, int flags);
+ void DH_meth_free(DH_METHOD *dhm);
+ DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+ const char *DH_meth_get0_name(const DH_METHOD *dhm);
+ int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+ int DH_meth_get_flags(DH_METHOD *dhm);
+ int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+ void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+ int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+ int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+ int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+ int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+         (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ int DH_meth_set_compute_key(DH_METHOD *dhm,
+         int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+ int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+     (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+     int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx));
+ int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+ int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+ int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+ int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+         (DH *, int, int, BN_GENCB *);
+ int DH_meth_set_generate_params(DH_METHOD *dhm,
+         int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+=head1 DESCRIPTION
+
+The B<DH_METHOD> type is a structure used for the provision of custom DH
+implementations. It provides a set of of functions used by OpenSSL for the
+implementation of the various DH capabilities.
+
+DH_meth_new() creates a new B<DH_METHOD> structure. It should be given a
+unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
+string, which will be duplicated and stored in the B<DH_METHOD> object. It is
+the callers responsibility to free the original string. The flags will be used
+during the construction of a new B<DH> object based on this B<DH_METHOD>. Any
+new B<DH> object will have those flags set by default.
+
+DH_meth_dup() creates a duplicate copy of the B<DH_METHOD> object passed as a
+parameter. This might be useful for creating a new B<DH_METHOD> based on an
+existing one, but with some differences.
+
+DH_meth_free() destroys a B<DH_METHOD> structure and frees up any memory
+associated with it.
+
+DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This
+is a pointer to the internal name string and so should not be freed by the
+caller. DH_meth_set1_name() sets the name of the DH_METHOD to B<name>. The
+string is duplicated and the copy is stored in the DH_METHOD structure, so the
+caller remains responsible for freeing the memory associated with the name.
+
+DH_meth_get_flags() returns the current value of the flags associated with this
+DH_METHOD. DH_meth_set_flags() provides the ability to set these flags.
+
+The functions DH_meth_get0_app_data() and DH_meth_set0_app_data() provide the
+ability to associate implementation specific data with the DH_METHOD. It is
+the application's responsibility to free this data before the DH_METHOD is
+freed via a call to DH_meth_free().
+
+DH_meth_get_generate_key() and DH_meth_set_generate_key() get and set the
+function used for generating a new DH key pair respectively. This function will
+be called in response to the application calling DH_generate_key(). The
+parameter for the function has the same meaning as for DH_generate_key().
+
+DH_meth_get_compute_key() and DH_meth_set_compute_key() get and set the
+function used for computing a new DH shared secret respectively. This function
+will be called in response to the application calling DH_compute_key(). The
+parameters for the function have the same meaning as for DH_compute_key().
+
+DH_meth_get_bn_mod_exp() and DH_meth_set_bn_mod_exp() get and set the function
+used for computing the following value:
+
+ r = a ^ p mod m
+
+This function will be called by the default OpenSSL function for
+DH_generate_key(). The result is stored in the B<r> parameter. This function
+may be NULL unless using the default generate key function, in which case it
+must be present.
+
+DH_meth_get_init() and DH_meth_set_init() get and set the function used
+for creating a new DH instance respectively. This function will be
+called in response to the application calling DH_new() (if the current default
+DH_METHOD is this one) or DH_new_method(). The DH_new() and DH_new_method()
+functions will allocate the memory for the new DH object, and a pointer to this
+newly allocated structure will be passed as a parameter to the function. This
+function may be NULL.
+
+DH_meth_get_finish() and DH_meth_set_finish() get and set the function used
+for destroying an instance of a DH object respectively. This function will be
+called in response to the application calling DH_free(). A pointer to the DH
+to be destroyed is passed as a parameter. The destroy function should be used
+for DH implementation specific clean up. The memory for the DH itself should
+not be freed by this function. This function may be NULL.
+
+DH_meth_get_generate_params() and DH_meth_set_generate_params() get and set the
+function used for generating DH parameters respectively. This function will be
+called in response to the application calling DH_generate_parameters_ex() (or
+DH_generate_parameters()). The parameters for the function have the same
+meaning as for DH_generate_parameters_ex(). This function may be NULL.
+
+=head1 RETURN VALUES
+
+DH_meth_new() and DH_meth_dup() return the newly allocated DH_METHOD object
+or NULL on failure.
+
+DH_meth_get0_name() and DH_meth_get_flags() return the name and flags
+associated with the DH_METHOD respectively.
+
+All other DH_meth_get_*() functions return the appropriate function pointer
+that has been set in the DH_METHOD, or NULL if no such pointer has yet been
+set.
+
+DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or
+0 on failure.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<DH_new(3)>, L<DH_generate_parameters(3)>, L<DH_generate_key(3)>,
+L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_new.pod b/openssl-1.1.0h/doc/crypto/DH_new.pod
new file mode 100644
index 0000000..959a470
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_new.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+DH_new, DH_free - allocate and free DH objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH* DH_new(void);
+
+ void DH_free(DH *dh);
+
+=head1 DESCRIPTION
+
+DH_new() allocates and initializes a B<DH> structure.
+
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+If B<dh> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+DH_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<ERR_get_error(3)>,
+L<DH_generate_parameters(3)>,
+L<DH_generate_key(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_set_method.pod b/openssl-1.1.0h/doc/crypto/DH_set_method.pod
new file mode 100644
index 0000000..2100608
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_set_method.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ void DH_set_default_method(const DH_METHOD *meth);
+
+ const DH_METHOD *DH_get_default_method(void);
+
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+
+ DH *DH_new_method(ENGINE *engine);
+
+ const DH_METHOD *DH_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later.
+B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependent on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
+
+A new DH_METHOD object may be constructed using DH_meth_new() (see
+L<DH_meth_new(3)>).
+
+=head1 RETURN VALUES
+
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DH_size.pod b/openssl-1.1.0h/doc/crypto/DH_size.pod
new file mode 100644
index 0000000..8c1d151
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DH_size.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+DH_size, DH_bits - get Diffie-Hellman prime size
+
+=head1 SYNOPSIS
+
+#include <openssl/dh.h>
+
+int DH_size(const DH *dh);
+
+int DH_bits(const DH *dh);
+
+=head1 DESCRIPTION
+
+DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+
+DH_bits() returns the number of significant bits.
+
+B<dh> and B<dh-E<gt>p> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<DH_generate_key(3)>,
+L<BN_num_bits(3)>
+
+=head1 HISTORY
+
+DH_bits() was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_SIG_new.pod b/openssl-1.1.0h/doc/crypto/DSA_SIG_new.pod
new file mode 100644
index 0000000..7503460
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_SIG_new.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+DSA_SIG_get0, DSA_SIG_set0,
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+=head1 DESCRIPTION
+
+DSA_SIG_new() allocates an empty B<DSA_SIG> structure.
+
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+
+DSA_SIG_get0() returns internal pointers to the B<r> and B<s> values contained
+in B<sig>.
+
+The B<r> and B<s> values can be set by calling DSA_SIG_set0() and passing the
+new values for B<r> and B<s> as parameters to the function. Calling this
+function transfers the memory management of the values to the DSA_SIG object,
+and therefore the values that have been passed in should not be freed directly
+after this function has been called.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_SIG_free() returns no value.
+
+DSA_SIG_set0() returns 1 on success or 0 on failure.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<ERR_get_error(3)>,
+L<DSA_do_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_do_sign.pod b/openssl-1.1.0h/doc/crypto/DSA_do_sign.pod
new file mode 100644
index 0000000..5e56d20
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_do_sign.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+             DSA_SIG *sig, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+
+L<DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
+key.
+
+=head1 RETURN VALUES
+
+DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
+L<DSA_SIG_new(3)>,
+L<DSA_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_dup_DH.pod b/openssl-1.1.0h/doc/crypto/DSA_dup_DH.pod
new file mode 100644
index 0000000..6967ef3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_dup_DH.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+DSA_dup_DH - create a DH structure out of DSA structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DH * DSA_dup_DH(const DSA *r);
+
+=head1 DESCRIPTION
+
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+
+=head1 RETURN VALUE
+
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 NOTE
+
+Be careful to avoid small subgroup attacks when using this.
+
+=head1 SEE ALSO
+
+L<dh(3)>, L<dsa(3)>, L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_generate_key.pod b/openssl-1.1.0h/doc/crypto/DSA_generate_key.pod
new file mode 100644
index 0000000..4781abe
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_generate_key.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_key - generate DSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_generate_key(DSA *a);
+
+=head1 DESCRIPTION
+
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+
+The PRNG must be seeded prior to calling DSA_generate_key().
+
+=head1 RETURN VALUE
+
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
+L<DSA_generate_parameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod b/openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod
new file mode 100644
index 0000000..fc05149
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod
@@ -0,0 +1,122 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                const unsigned char *seed, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *), void *cb_arg);
+ #endif
+
+=head1 DESCRIPTION
+
+DSA_generate_parameters_ex() generates primes p and q and a generator g
+for use in the DSA and stores the result in B<dsa>.
+
+B<bits> is the length of the prime p to be generated.
+For lengths under 2048 bits, the length of q is 160 bits; for lengths
+greater than or equal to 2048 bits, the length of q is set to 256 bits.
+
+If B<seed> is NULL, the primes will be generated at random.
+If B<seed_len> is less than the length of q, an error is returned.
+
+DSA_generate_parameters_ex() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<cb> is not B<NULL>, it will be
+called as shown below. For information on the BN_GENCB structure and the
+BN_GENCB_call function discussed below, refer to
+L<BN_generate_prime(3)>.
+
+=over 2
+
+=item *
+
+When a candidate for q is generated, B<BN_GENCB_call(cb, 0, m++)> is called
+(m is 0 for the first candidate).
+
+=item *
+
+When a candidate for q has passed a test by trial division,
+B<BN_GENCB_call(cb, 1, -1)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<BN_GENCB_call(cb, 1, i)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+
+=item *
+
+When a prime q has been found, B<BN_GENCB_call(cb, 2, 0)> and
+B<BN_GENCB_call(cb, 3, 0)> are called.
+
+=item *
+
+Before a candidate for p (other than the first) is generated and tested,
+B<BN_GENCB_call(cb, 0, counter)> is called.
+
+=item *
+
+When a candidate for p has passed the test by trial division,
+B<BN_GENCB_call(cb, 1, -1)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<BN_GENCB_call(cb, 1, i)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+
+=item *
+
+When p has been found, B<BN_GENCB_call(cb, 2, 1)> is called.
+
+=item *
+
+When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called.
+
+=back
+
+DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B<dsa> parameter is passed and
+instead a newly allocated B<DSA> structure is returned. Additionally "old
+style" callbacks are used instead of the newer BN_GENCB based approach.
+Refer to L<BN_generate_prime(3)> for further information.
+
+=head1 RETURN VALUE
+
+DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise.
+
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 BUGS
+
+Seed lengths E<gt> 20 are not supported.
+
+=head1 SEE ALSO
+
+L<DSA_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>,
+L<DSA_free(3)>, L<BN_generate_prime(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_get0_pqg.pod b/openssl-1.1.0h/doc/crypto/DSA_get0_pqg.pod
new file mode 100644
index 0000000..6c1c09a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_get0_pqg.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_clear_flags,
+DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and
+setting data in a DSA object
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ void DSA_get0_pqg(const DSA *d,
+                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DSA_get0_key(const DSA *d,
+                   const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+ void DSA_clear_flags(DSA *d, int flags);
+ int DSA_test_flags(const DSA *d, int flags);
+ void DSA_set_flags(DSA *d, int flags);
+ ENGINE *DSA_get0_engine(DSA *d);
+
+=head1 DESCRIPTION
+
+A DSA object contains the parameters B<p>, B<q> and B<g>. It also contains a
+public key (B<pub_key>) and (optionally) a private key (B<priv_key>).
+
+The B<p>, B<q> and B<g> parameters can be obtained by calling DSA_get0_pqg().
+If the parameters have not yet been set then B<*p>, B<*q> and B<*g> will be set
+to NULL. Otherwise they are set to pointers to their respective values. These
+point directly to the internal representations of the values and therefore
+should not be freed directly.
+
+The B<p>, B<q> and B<g> values can be set by calling DSA_set0_pqg() and passing
+the new values for B<p>, B<q> and B<g> as parameters to the function. Calling
+this function transfers the memory management of the values to the DSA object,
+and therefore the values that have been passed in should not be freed directly
+after this function has been called.
+
+To get the public and private key values use the DSA_get0_key() function. A
+pointer to the public key will be stored in B<*pub_key>, and a pointer to the
+private key will be stored in B<*priv_key>. Either may be NULL if they have not
+been set yet, although if the private key has been set then the public key must
+be. The values point to the internal representation of the public key and
+private key values. This memory should not be freed directly.
+
+The public and private key values can be set using DSA_set0_key(). The public
+key must be non-NULL the first time this function is called on a given DSA
+object. The private key may be NULL.  On subsequent calls, either may be NULL,
+which means the corresponding DSA field is left untouched. As for DSA_set0_pqg()
+this function transfers the memory management of the key values to the DSA
+object, and therefore they should not be freed directly after this function has
+been called.
+
+DSA_set_flags() sets the flags in the B<flags> parameter on the DSA object.
+Multiple flags can be passed in one go (bitwise ORed together). Any flags that
+are already set are left set. DSA_test_flags() tests to see whether the flags
+passed in the B<flags> parameter are currently set in the DSA object. Multiple
+flags can be tested in one go. All flags that are currently set are returned, or
+zero if none of the flags are set. DSA_clear_flags() clears the specified flags
+within the DSA object.
+
+DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA
+object, or NULL if no such ENGINE has been set.
+
+=head1 NOTES
+
+Values retrieved with DSA_get0_key() are owned by the DSA object used
+in the call and may therefore I<not> be passed to DSA_set0_key().  If
+needed, duplicate the received value using BN_dup() and pass the
+duplicate.  The same applies to DSA_get0_pqg() and DSA_set0_pqg().
+
+=head1 RETURN VALUES
+
+DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.
+
+DSA_test_flags() returns the current state of the flags in the DSA object.
+
+DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE
+has been set.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
+L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new(3)>,
+L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_meth_new(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_meth_new.pod b/openssl-1.1.0h/doc/crypto/DSA_meth_new.pod
new file mode 100644
index 0000000..948ab29
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_meth_new.pod
@@ -0,0 +1,193 @@
+=pod
+
+=head1 NAME
+
+DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name,
+DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags,
+DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign,
+DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup,
+DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp,
+DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp,
+DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish,
+DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen,
+DSA_meth_set_keygen - Routines to build up DSA methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_METHOD *DSA_meth_new(const char *name, int flags);
+ void DSA_meth_free(DSA_METHOD *dsam);
+ DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+ const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+ int DSA_meth_get_flags(DSA_METHOD *dsam);
+ int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+ void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+ int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+ DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+         (const unsigned char *, int, DSA *);
+ int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+ int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+         (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+ int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+         int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+ int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+         (const unsigned char *, int , DSA_SIG *, DSA *);
+ int DSA_meth_set_verify(DSA_METHOD *dsam,
+     int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+ int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+         BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+     int (*mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+                     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
+ int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+     (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+      BN_CTX *ctx, BN_MONT_CTX *mont);
+ int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+     int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
+ int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+ int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+ int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+ int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+         (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+          BN_GENCB *);
+ int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+         int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                          unsigned long *, BN_GENCB *));
+ int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+=head1 DESCRIPTION
+
+The B<DSA_METHOD> type is a structure used for the provision of custom DSA
+implementations. It provides a set of of functions used by OpenSSL for the
+implementation of the various DSA capabilities. See the L<dsa> page for more
+information.
+
+DSA_meth_new() creates a new B<DSA_METHOD> structure. It should be given a
+unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
+string, which will be duplicated and stored in the B<DSA_METHOD> object. It is
+the callers responsibility to free the original string. The flags will be used
+during the construction of a new B<DSA> object based on this B<DSA_METHOD>. Any
+new B<DSA> object will have those flags set by default.
+
+DSA_meth_dup() creates a duplicate copy of the B<DSA_METHOD> object passed as a
+parameter. This might be useful for creating a new B<DSA_METHOD> based on an
+existing one, but with some differences.
+
+DSA_meth_free() destroys a B<DSA_METHOD> structure and frees up any memory
+associated with it.
+
+DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This
+is a pointer to the internal name string and so should not be freed by the
+caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to B<name>. The
+string is duplicated and the copy is stored in the DSA_METHOD structure, so the
+caller remains responsible for freeing the memory associated with the name.
+
+DSA_meth_get_flags() returns the current value of the flags associated with this
+DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.
+
+The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the
+ability to associate implementation specific data with the DSA_METHOD. It is
+the application's responsibility to free this data before the DSA_METHOD is
+freed via a call to DSA_meth_free().
+
+DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for
+creating a DSA signature respectively. This function will be
+called in response to the application calling DSA_do_sign() (or DSA_sign()). The
+parameters for the function have the same meaning as for DSA_do_sign().
+
+DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function
+used for precalculating the DSA signature values B<k^-1> and B<r>. This function
+will be called in response to the application calling DSA_sign_setup(). The
+parameters for the function have the same meaning as for DSA_sign_setup().
+
+DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used
+for verifying a DSA signature respectively. This function will be called in
+response to the application calling DSA_do_verify() (or DSA_verify()). The
+parameters for the function have the same meaning as for DSA_do_verify().
+
+DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used
+for computing the following value:
+
+ rr = a1^p1 * a2^p2 mod m
+
+This function will be called by the default OpenSSL method during verification
+of a DSA signature. The result is stored in the B<rr> parameter. This function
+may be NULL.
+
+DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function
+used for computing the following value:
+
+ r = a ^ p mod m
+
+This function will be called by the default OpenSSL function for
+DSA_sign_setup(). The result is stored in the B<r> parameter. This function
+may be NULL.
+
+DSA_meth_get_init() and DSA_meth_set_init() get and set the function used
+for creating a new DSA instance respectively. This function will be
+called in response to the application calling DSA_new() (if the current default
+DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method()
+functions will allocate the memory for the new DSA object, and a pointer to this
+newly allocated structure will be passed as a parameter to the function. This
+function may be NULL.
+
+DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used
+for destroying an instance of a DSA object respectively. This function will be
+called in response to the application calling DSA_free(). A pointer to the DSA
+to be destroyed is passed as a parameter. The destroy function should be used
+for DSA implementation specific clean up. The memory for the DSA itself should
+not be freed by this function. This function may be NULL.
+
+DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function
+used for generating DSA parameters respectively. This function will be called in
+response to the application calling DSA_generate_parameters_ex() (or
+DSA_generate_parameters()). The parameters for the function have the same
+meaning as for DSA_generate_parameters_ex().
+
+DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function
+used for generating a new DSA key pair respectively. This function will be
+called in response to the application calling DSA_generate_key(). The parameter
+for the function has the same meaning as for DSA_generate_key().
+
+=head1 RETURN VALUES
+
+DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object
+or NULL on failure.
+
+DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags
+associated with the DSA_METHOD respectively.
+
+All other DSA_meth_get_*() functions return the appropriate function pointer
+that has been set in the DSA_METHOD, or NULL if no such pointer has yet been
+set.
+
+DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or
+0 on failure.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
+L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new(3)>,
+L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_new.pod b/openssl-1.1.0h/doc/crypto/DSA_new.pod
new file mode 100644
index 0000000..a967ab5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_new.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+DSA_new, DSA_free - allocate and free DSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA* DSA_new(void);
+
+ void DSA_free(DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
+
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+If B<dsa> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<ERR_get_error(3)>,
+L<DSA_generate_parameters(3)>,
+L<DSA_generate_key(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_set_method.pod b/openssl-1.1.0h/doc/crypto/DSA_set_method.pod
new file mode 100644
index 0000000..d870f56
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_set_method.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+
+ const DSA_METHOD *DSA_get_default_method(void);
+
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+
+ DSA *DSA_new_method(ENGINE *engine);
+
+ DSA_METHOD *DSA_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later.
+B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependent on
+whether the ENGINE API is being used, so this function is no longer
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results. See L<DSA_meth_new> for information on constructing custom DSA_METHOD
+objects;
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
+
+=head1 RETURN VALUES
+
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
+
+DSA_set_default_method() returns no value.
+
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated structure.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_sign.pod b/openssl-1.1.0h/doc/crypto/DSA_sign.pod
new file mode 100644
index 0000000..ba0f6b8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_sign.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int    DSA_sign(int type, const unsigned char *dgst, int len,
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+
+ int    DSA_verify(int type, const unsigned char *dgst, int len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+
+The B<type> parameter is ignored.
+
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+
+=head1 RETURN VALUES
+
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+L<ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
+L<DSA_do_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/DSA_size.pod b/openssl-1.1.0h/doc/crypto/DSA_size.pod
new file mode 100644
index 0000000..16e6f3a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/DSA_size.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+DSA_size, DSA_bits - get DSA signature size or key bits
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_size(const DSA *dsa);
+ int DSA_bits(const DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
+for key B<dsa> in bytes. It can be used to determine how much memory must
+be allocated for a DSA signature.
+
+B<dsa-E<gt>q> must not be B<NULL>.
+
+DSA_bits() returns the number of bits in key B<dsa>: this is the number
+of bits in the B<p> parameter.
+
+=head1 RETURN VALUE
+
+DSA_size() returns the size in bytes.
+
+DSA_bits() returns the number of bits in the key.
+
+=head1 SEE ALSO
+
+L<dsa(3)>, L<DSA_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ECDSA_SIG_new.pod b/openssl-1.1.0h/doc/crypto/ECDSA_SIG_new.pod
new file mode 100644
index 0000000..9e1f662
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ECDSA_SIG_new.pod
@@ -0,0 +1,207 @@
+=pod
+
+=head1 NAME
+
+ECDSA_SIG_get0, ECDSA_SIG_set0,
+ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
+ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
+ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
+algorithm (ECDSA) functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ecdsa.h>
+
+ ECDSA_SIG *ECDSA_SIG_new(void);
+ void ECDSA_SIG_free(ECDSA_SIG *sig);
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+ int ECDSA_size(const EC_KEY *eckey);
+
+ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+                unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                          EC_KEY *eckey);
+
+ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                  const unsigned char *sig, int siglen, EC_KEY *eckey);
+ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                     const ECDSA_SIG *sig, EC_KEY* eckey);
+
+ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                             const BIGNUM *kinv, const BIGNUM *rp,
+                             EC_KEY *eckey);
+ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                   unsigned char *sig, unsigned int *siglen,
+                   const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+=head1 DESCRIPTION
+
+Note: these functions provide a low level interface to ECDSA. Most
+applications should use the higher level B<EVP> interface such as
+L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
+
+B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the
+B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2).
+
+ECDSA_SIG_new() allocates an empty B<ECDSA_SIG> structure. Note: before
+OpenSSL 1.1.0 the: the B<r> and B<s> components were initialised.
+
+ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
+
+ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
+in B<sig>.
+
+The B<r> and B<s> values can be set by calling ECDSA_SIG_set0() and passing the
+new values for B<r> and B<s> as parameters to the function. Calling this
+function transfers the memory management of the values to the ECDSA_SIG object,
+and therefore the values that have been passed in should not be freed directly
+after this function has been called.
+
+i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and
+writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()
+returns the expected length in bytes of the DER encoded signature).
+i2d_ECDSA_SIG() returns the length of the DER encoded signature (or 0 on
+error).
+
+d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns the decoded
+signature in a newly allocated B<ECDSA_SIG> structure. B<*sig> points to the
+buffer containing the DER encoded signature of size B<len>.
+
+ECDSA_size() returns the maximum length of a DER encoded ECDSA signature
+created with the private EC key B<eckey>.
+
+ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value
+B<dgst> using the private EC key B<eckey>. The DER encoded signatures is
+stored in B<sig> and its length is returned in B<sig_len>. Note: B<sig> must
+point to ECDSA_size(eckey) bytes of memory. The parameter B<type> is currently
+ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with B<kinv>
+and B<rp> set to NULL.
+
+ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned
+as a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign()
+is a wrapper function for ECDSA_do_sign_ex() with B<kinv> and B<rp> set to
+NULL.
+
+ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a
+valid ECDSA signature of the hash value B<dgst> of size B<dgstlen> using the
+public key B<eckey>.  The parameter B<type> is ignored.
+
+ECDSA_do_verify() is similar to ECDSA_verify() except the signature is
+presented in the form of a pointer to an B<ECDSA_SIG> structure.
+
+The remaining functions utilise the internal B<kinv> and B<r> values used
+during signature computation. Most applications will never need to call these
+and some external ECDSA ENGINE implementations may not support them at all if
+either B<kinv> or B<r> is not B<NULL>.
+
+ECDSA_sign_setup() may be used to precompute parts of the signing operation.
+B<eckey> is the private EC key and B<ctx> is a pointer to B<BN_CTX> structure
+(or NULL). The precomputed values or returned in B<kinv> and B<rp> and can be
+used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
+
+ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes hash value
+B<dgst> using the private EC key B<eckey> and the optional pre-computed values
+B<kinv> and B<rp>. The DER encoded signature is stored in B<sig> and its
+length is returned in B<sig_len>. Note: B<sig> must point to ECDSA_size(eckey)
+bytes of memory. The parameter B<type> is ignored.
+
+ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
+returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error).
+
+=head1 RETURN VALUES
+
+ECDSA_SIG_set0() returns 1 on success or 0 on failure.
+
+ECDSA_size() returns the maximum length signature or 0 on error.
+
+ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful
+or 0 on error.
+
+ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated
+B<ECDSA_SIG> structure or NULL on error.
+
+ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
+signature, 0 for an invalid signature and -1 on error.
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 EXAMPLES
+
+Creating an ECDSA signature of a given SHA-256 hash value using the
+named curve prime256v1 (aka P-256).
+
+First step: create an EC_KEY object (note: this part is B<not> ECDSA
+specific)
+
+ int        ret;
+ ECDSA_SIG *sig;
+ EC_KEY    *eckey;
+ eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (eckey == NULL) {
+    /* error */
+ }
+ if (EC_KEY_generate_key(eckey) == 0) {
+    /* error */
+ }
+
+Second step: compute the ECDSA signature of a SHA-256 hash value
+using ECDSA_do_sign():
+
+ sig = ECDSA_do_sign(digest, 32, eckey);
+ if (sig == NULL) {
+    /* error */
+ }
+
+or using ECDSA_sign():
+
+ unsigned char *buffer, *pp;
+ int            buf_len;
+ buf_len = ECDSA_size(eckey);
+ buffer  = OPENSSL_malloc(buf_len);
+ pp = buffer;
+ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
+    /* error */
+ }
+
+Third step: verify the created ECDSA signature using ECDSA_do_verify():
+
+ ret = ECDSA_do_verify(digest, 32, sig, eckey);
+
+or using ECDSA_verify():
+
+ ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
+
+and finally evaluate the return value:
+
+ if (ret == 1) {
+    /* signature ok */
+ } else if (ret == 0) {
+    /* incorrect signature */
+ } else {
+    /* error */
+ }
+
+=head1 CONFORMING TO
+
+ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
+(Digital Signature Standard, DSS)
+
+=head1 SEE ALSO
+
+L<DSA_new(3)>,
+L<EVP_DigestSignInit(3)>,
+L<EVP_DigestVerifyInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ECPKParameters_print.pod b/openssl-1.1.0h/doc/crypto/ECPKParameters_print.pod
new file mode 100644
index 0000000..24b6bb9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ECPKParameters_print.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and
+encoding ASN1 representations of elliptic curve entities
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+
+=head1 DESCRIPTION
+
+The ECPKParameters represent the public parameters for an
+B<EC_GROUP> structure, which represents a curve.
+
+The ECPKParameters_print() and ECPKParameters_print_fp() functions print
+a human-readable output of the public parameters of the EC_GROUP to B<bp>
+or B<fp>. The output lines are indented by B<off> spaces.
+
+=head1 RETURN VALUES
+
+ECPKParameters_print() and ECPKParameters_print_fp()
+return 1 for success and 0 if an error occurs.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+L<EC_GFp_simple_method(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_GFp_simple_method.pod b/openssl-1.1.0h/doc/crypto/EC_GFp_simple_method.pod
new file mode 100644
index 0000000..f283d8e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_GFp_simple_method.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ const EC_METHOD *EC_GFp_simple_method(void);
+ const EC_METHOD *EC_GFp_mont_method(void);
+ const EC_METHOD *EC_GFp_nist_method(void);
+ const EC_METHOD *EC_GFp_nistp224_method(void);
+ const EC_METHOD *EC_GFp_nistp256_method(void);
+ const EC_METHOD *EC_GFp_nistp521_method(void);
+
+ const EC_METHOD *EC_GF2m_simple_method(void);
+
+ int EC_METHOD_get_field_type(const EC_METHOD *meth);
+
+=head1 DESCRIPTION
+
+The Elliptic Curve library provides a number of different implementations through a single common interface.
+When constructing a curve using EC_GROUP_new (see L<EC_GROUP_new(3)>) an
+implementation method must be provided. The functions described here all return a const pointer to an
+B<EC_METHOD> structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation
+type for the form of curve selected is used.
+
+For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.
+
+For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All
+other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the
+use of montgomery multiplication (see L<BN_mod_mul_montgomery(3)>). EC_GFp_nist_method
+offers an implementation optimised for use with NIST recommended curves (NIST curves are available through
+EC_GROUP_new_by_curve_name as described in L<EC_GROUP_new(3)>).
+
+The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit
+optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these
+implementations are not available on all platforms.
+
+EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either
+F2^m or Fp. If the field type is Fp then the value B<NID_X9_62_prime_field> is returned. If the field type is
+F2^m then the value B<NID_X9_62_characteristic_two_field> is returned. These values are defined in the
+obj_mac.h header file.
+
+=head1 RETURN VALUES
+
+All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure.
+
+EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+L<d2i_ECPKParameters(3)>,
+L<BN_mod_mul_montgomery(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_GROUP_copy.pod b/openssl-1.1.0h/doc/crypto/EC_GROUP_copy.pod
new file mode 100644
index 0000000..fd5f58c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_GROUP_copy.pod
@@ -0,0 +1,206 @@
+=pod
+
+=head1 NAME
+
+EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor,
+EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator,
+EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor,
+EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag,
+EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form,
+EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed,
+EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree,
+EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp,
+EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis,
+EC_GROUP_get_pentanomial_basis
+- Functions for manipulating EC_GROUP objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+ int EC_GROUP_order_bits(const EC_GROUP *group);
+ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+ void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+ int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+ void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+ int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+ void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+ size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+ int EC_GROUP_get_degree(const EC_GROUP *group);
+
+ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+ int EC_GROUP_get_basis_type(const EC_GROUP *);
+ int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+        unsigned int *k2, unsigned int *k3);
+
+=head1 DESCRIPTION
+
+EC_GROUP_copy copies the curve B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD.
+
+EC_GROUP_dup creates a new EC_GROUP object and copies the content from B<src> to the newly created
+EC_GROUP object.
+
+EC_GROUP_method_of obtains the EC_METHOD of B<group>.
+
+EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These
+parameters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
+curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and
+n-1 where n is the B<order>. The B<order> multiplied by the B<cofactor> gives the number of points on the curve.
+
+EC_GROUP_get0_generator returns the generator for the identified B<group>.
+
+The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided B<order> and B<cofactor> parameters
+with the respective order and cofactors for the B<group>.
+
+The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively
+(see L<EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name
+will return 0.
+
+The asn1_flag value is used to determine whether the curve encoding uses
+explicit parameters or a named curve using an ASN1 OID: many applications only
+support the latter form. If asn1_flag is B<OPENSSL_EC_NAMED_CURVE> then the
+named curve form is used and the parameters must have a corresponding
+named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the
+parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and
+EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve.
+Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for
+previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
+1.1.0 the default form was to use explicit parameters (meaning that
+applications would have to explicitly set the named curve form) in OpenSSL
+1.1.0 and later the named curve form is the default.
+
+The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
+point_conversion_form_t is an enum defined as follows:
+
+ typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *   which solution of the quadratic equation y is  */
+        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+        POINT_CONVERSION_HYBRID = 6
+ } point_conversion_form_t;
+
+For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
+the octets for x, followed by the octets for y.
+
+For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For
+POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
+the two possible solutions for y has been used, followed by the octets for x.
+
+For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
+possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
+
+The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form
+for the curve respectively.
+
+ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages
+in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it.
+If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library
+does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block
+containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the
+builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using
+EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use
+this seed value, although it will be preserved in any ASN1 based communications.
+
+EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p.  For F2^m fields this will be
+the value m.
+
+The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid.
+For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is
+simply b. In either case for the curve to be valid the discriminant must be non zero.
+
+The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include
+verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has
+the correct order.
+
+EC_GROUP_cmp compares B<a> and B<b> to determine whether they represent the same curve or not.
+
+The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves
+defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial
+function f(x). This function is either a trinomial of the form:
+
+f(x) = x^m + x^k + 1 with m > k >= 1
+
+or a pentanomial of the form:
+
+f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
+
+The function EC_GROUP_get_basis_type returns a NID identifying whether a trinomial or pentanomial is in use for the field. The
+function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of B<k>. Similarly
+the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of B<k1>,
+B<k2> and B<k3> respectively.
+
+=head1 RETURN VALUES
+
+The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check,
+EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis.
+
+EC_GROUP_dup returns a pointer to the duplicated curve, or NULL on error.
+
+EC_GROUP_method_of returns the EC_METHOD implementation in use for the given curve or NULL on error.
+
+EC_GROUP_get0_generator returns the generator for the given curve or NULL on error.
+
+EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form
+and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the
+specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0.
+
+EC_GROUP_get0_order() returns an internal pointer to the group order.
+EC_GROUP_get_order_bits() returns the number of bits in the group order.
+EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.
+
+EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not
+specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified.
+
+EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is
+0, the return value will be 1. On error 0 is returned.
+
+EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.
+
+EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a
+trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>,
+L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_GROUP_new.pod b/openssl-1.1.0h/doc/crypto/EC_GROUP_new.pod
new file mode 100644
index 0000000..2f658dc
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_GROUP_new.pod
@@ -0,0 +1,120 @@
+=pod
+
+=head1 NAME
+
+EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters,
+EC_GROUP_new, EC_GROUP_new_from_ecparameters,
+EC_GROUP_new_from_ecpkparameters,
+EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp,
+EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp,
+EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m,
+EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
+objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+ void EC_GROUP_free(EC_GROUP *group);
+ void EC_GROUP_clear_free(EC_GROUP *group);
+
+ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
+ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
+
+ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+=head1 DESCRIPTION
+
+Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the
+prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised
+elliptic curve equation as follows:
+
+y^2 mod p = x^3 +ax + b mod p
+
+The second form is those defined over a binary field F2^m where the elements of the field are integers of length at
+most m bits. For this form the elliptic curve equation is modified to:
+
+y^2 + xy = x^3 + ax^2 + b (where b != 0)
+
+Operations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL
+use a trinomial or a pentanomial for this parameter.
+
+A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see
+L<EC_GFp_simple_method(3)>). It is then necessary to call either EC_GROUP_set_curve_GFp or
+EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively.
+EC_GROUP_new_from_ecparameters() will create a group from the
+specified B<params> and
+EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B<params>.
+
+EC_GROUP_set_curve_GFp sets the curve parameters B<p>, B<a> and B<b> for a curve over Fp stored in B<group>.
+EC_group_get_curve_GFp obtains the previously set curve parameters.
+
+EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B<p> represents
+the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three
+or five bits set dependent on whether the polynomial is a trinomial or a pentanomial.
+EC_group_get_curve_GF2m obtains the previously set curve parameters.
+
+The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the
+appropriate EC_group_set_curve function. An appropriate default implementation method will be used.
+
+Whilst the library can be used to create any curve using the functions described above, there are also a number of
+predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function
+EC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function
+will populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of
+curves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be
+provided. The return value is the total number of curves available (whether that number has been populated in B<r> or
+not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
+The EC_builtin_curve structure is defined as follows:
+
+ typedef struct {
+        int nid;
+        const char *comment;
+        } EC_builtin_curve;
+
+Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
+
+In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to
+be constructed.
+
+EC_GROUP_free frees the memory associated with the EC_GROUP.
+If B<group> is NULL nothing is done.
+
+EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory.
+If B<group> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error.
+
+EC_get_builtin_curves returns the number of builtin curves that are available.
+
+EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_copy(3)>,
+L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_KEY_get_enc_flags.pod b/openssl-1.1.0h/doc/crypto/EC_KEY_get_enc_flags.pod
new file mode 100644
index 0000000..4f73a1d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_KEY_get_enc_flags.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+EC_KEY_get_enc_flags, EC_KEY_set_enc_flags
+- Get and set flags for encoding EC_KEY structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+ void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+
+=head1 DESCRIPTION
+
+The format of the external representation of the public key written by
+i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is
+described by the point_conversion_form. See L<EC_GROUP_copy(3)>
+for a description of point_conversion_form.
+
+When reading a private key encoded without an associated public key (e.g. if
+EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates
+the missing public key automatically. Private keys encoded without parameters
+(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using
+d2i_ECPrivateKey().
+
+The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the
+value of the encoding flags for the B<key>. There are two encoding flags
+currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY.  These flags
+define the behaviour of how the  B<key> is converted into ASN1 in a call to
+i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for
+the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is
+set then the public key is not encoded along with the private key.
+
+=head1 RETURN VALUES
+
+EC_KEY_get_enc_flags() returns the value of the current encoding flags for the
+EC_KEY.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>,
+L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
+L<EC_POINT_add(3)>,
+L<EC_GFp_simple_method(3)>,
+L<d2i_ECPKParameters(3)>,
+L<d2i_ECPrivateKey(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_KEY_new.pod b/openssl-1.1.0h/doc/crypto/EC_KEY_new.pod
new file mode 100644
index 0000000..591529f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_KEY_new.pod
@@ -0,0 +1,183 @@
+=pod
+
+=head1 NAME
+
+EC_KEY_get_method, EC_KEY_set_method,
+EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
+EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref,
+EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
+EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
+EC_KEY_get_conv_form,
+EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult,
+EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates,
+EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct,
+EC_KEY_priv2buf - Functions for creating, destroying and manipulating
+EC_KEY objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ EC_KEY *EC_KEY_new(void);
+ int EC_KEY_get_flags(const EC_KEY *key);
+ void EC_KEY_set_flags(EC_KEY *key, int flags);
+ void EC_KEY_clear_flags(EC_KEY *key, int flags);
+ EC_KEY *EC_KEY_new_by_curve_name(int nid);
+ void EC_KEY_free(EC_KEY *key);
+ EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+ EC_KEY *EC_KEY_dup(const EC_KEY *src);
+ int EC_KEY_up_ref(EC_KEY *key);
+ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+ point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+ void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+ int EC_KEY_generate_key(EC_KEY *key);
+ int EC_KEY_check_key(const EC_KEY *key);
+ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
+                                              BIGNUM *x, BIGNUM *y);
+ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+
+ int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len,
+                    BN_CTX *ctx);
+ size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+                       unsigned char **pbuf, BN_CTX *ctx);
+
+ int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
+
+ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+
+=head1 DESCRIPTION
+
+An EC_KEY represents a public key and, optionally, the associated private
+key. A new EC_KEY with no associated curve can be constructed by calling
+EC_KEY_new(). The reference count for the newly created EC_KEY is initially
+set to 1. A curve can be associated with the EC_KEY by calling
+EC_KEY_set_group().
+
+Alternatively a new EC_KEY can be constructed by calling
+EC_KEY_new_by_curve_name() and supplying the nid of the associated curve. See
+L<EC_GROUP_new(3)> for a description of curve names. This function simply
+wraps calls to EC_KEY_new() and EC_GROUP_new_by_curve_name().
+
+Calling EC_KEY_free() decrements the reference count for the EC_KEY object,
+and if it has dropped to zero then frees the memory associated with it.  If
+B<key> is NULL nothing is done.
+
+EC_KEY_copy() copies the contents of the EC_KEY in B<src> into B<dest>.
+
+EC_KEY_dup() creates a new EC_KEY object and copies B<ec_key> into it.
+
+EC_KEY_up_ref() increments the reference count associated with the EC_KEY
+object.
+
+EC_KEY_generate_key() generates a new public and private key for the supplied
+B<eckey> object. B<eckey> must have an EC_GROUP object associated with it
+before calling this function. The private key is a random integer (0 < priv_key
+< order, where I<order> is the order of the EC_GROUP object). The public key is
+an EC_POINT on the curve calculated by multiplying the generator for the
+curve by the private key.
+
+EC_KEY_check_key() performs various sanity checks on the EC_KEY object to
+confirm that it is valid.
+
+EC_KEY_set_public_key_affine_coordinates() sets the public key for B<key> based
+on its affine co-ordinates; i.e., it constructs an EC_POINT object based on
+the supplied B<x> and B<y> values and sets the public key to be this
+EC_POINT. It also performs certain sanity checks on the key to confirm
+that it is valid.
+
+The functions EC_KEY_get0_group(), EC_KEY_set_group(),
+EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(),
+and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key,
+and the EC_POINT public key for the B<key> respectively.
+
+The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the
+point_conversion_form for the B<key>. For a description of
+point_conversion_forms please see L<EC_POINT_new(3)>.
+
+EC_KEY_set_flags() sets the flags in the B<flags> parameter on the EC_KEY
+object. Any flags that are already set are left set. The flags currently
+defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In
+addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH.
+EC_KEY_get_flags() returns the current flags that are set for this EC_KEY.
+EC_KEY_clear_flags() clears the flags indicated by the B<flags> parameter; all
+other flags are left in their existing state.
+
+EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object
+(if set). Refer to L<EC_GROUP_copy(3)> for further information on the
+asn1_flag.
+
+EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
+for faster point multiplication. See also L<EC_POINT_add(3)>.
+
+EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions
+EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key
+EC_POINT in B<eckey>.
+
+EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key
+component of B<eckey> and octet form. The octet form consists of the content
+octets of the B<privateKey> OCTET STRING in an B<ECPrivateKey> ASN.1 structure.
+
+The function EC_KEY_priv2oct() must be supplied with a buffer long enough to
+store the octet form. The return value provides the number of octets stored.
+Calling the function with a NULL buffer will not perform the conversion but
+will just return the required buffer length.
+
+The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes
+an EC_KEY to it in octet format. The allocated buffer is written to B<*pbuf>
+and its length is returned. The caller must free up the allocated buffer with a
+call to OPENSSL_free(). Since the allocated buffer value is written to B<*pbuf>
+the B<pbuf> parameter B<MUST NOT> be B<NULL>.
+
+EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.
+
+=head1 RETURN VALUES
+
+EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() return a pointer to
+the newly created EC_KEY object, or NULL on error.
+
+EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an
+integer.
+
+EC_KEY_copy() returns a pointer to the destination key, or NULL on error.
+
+EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(),
+EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(),
+EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(),
+EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error.
+
+EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY.
+
+EC_KEY_get0_private_key() returns the private key associated with the EC_KEY.
+
+EC_KEY_get_conv_form() return the point_conversion_form for the EC_KEY.
+
+EC_KEY_key2buf(), EC_KEY_priv2oct() and EC_KEY_priv2buf() return the length
+of the buffer or 0 on error.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>,
+L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
+L<EC_POINT_add(3)>,
+L<EC_GFp_simple_method(3)>,
+L<d2i_ECPKParameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_POINT_add.pod b/openssl-1.1.0h/doc/crypto/EC_POINT_add.pod
new file mode 100644
index 0000000..6f3e230
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_POINT_add.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
+ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+
+
+=head1 DESCRIPTION
+
+EC_POINT_add adds the two points B<a> and B<b> and places the result in B<r>. Similarly EC_POINT_dbl doubles the point B<a> and places the
+result in B<r>. In both cases it is valid for B<r> to be one of B<a> or B<b>.
+
+EC_POINT_invert calculates the inverse of the supplied point B<a>. The result is placed back in B<a>.
+
+The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.
+
+EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.
+
+EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.
+
+The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine
+co-ordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be
+forced.
+
+EC_POINT_mul calculates the value generator * B<n> + B<q> * B<m> and stores the result in B<r>. The value B<n> may be NULL in which case the result is just B<q> * B<m>.
+
+EC_POINTs_mul calculates the value generator * B<n> + B<q[0]> * B<m[0]> + ... + B<q[num-1]> * B<m[num-1]>. As for EC_POINT_mul the value
+B<n> may be NULL.
+
+The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst
+EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)> for information
+about the generator.
+
+
+=head1 RETURN VALUES
+
+The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine,
+EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.
+
+EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.
+
+EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error.
+
+EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error.
+
+EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+L<EC_POINT_new(3)>, L<EC_KEY_new(3)>,
+L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EC_POINT_new.pod b/openssl-1.1.0h/doc/crypto/EC_POINT_new.pod
new file mode 100644
index 0000000..5ac41b3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EC_POINT_new.pod
@@ -0,0 +1,196 @@
+=pod
+
+=head1 NAME
+
+EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf,
+EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of,
+EC_POINT_set_to_infinity,
+EC_POINT_get_Jprojective_coordinates_GFp,
+EC_POINT_set_affine_coordinates_GFp,
+EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp,
+EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m,
+EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct,
+EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex,
+EC_POINT_hex2point
+- Functions for creating, destroying and manipulating EC_POINT objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ec.h>
+
+ EC_POINT *EC_POINT_new(const EC_GROUP *group);
+ void EC_POINT_free(EC_POINT *point);
+ void EC_POINT_clear_free(EC_POINT *point);
+ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, const BIGNUM *y,
+                                              const BIGNUM *z, BN_CTX *ctx);
+ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              const EC_POINT *p,
+                                              BIGNUM *x, BIGNUM *y, BIGNUM *z,
+                                              BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                         const EC_POINT *p,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                          const BIGNUM *x, const BIGNUM *y,
+                                          BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                          const EC_POINT *p,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *ctx);
+ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form,
+                           unsigned char *buf, size_t len, BN_CTX *ctx);
+ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                           point_conversion_form_t form,
+                           unsigned char **pbuf, BN_CTX *ctx);
+ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                        const unsigned char *buf, size_t len, BN_CTX *ctx);
+ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form, BIGNUM *bn,
+                           BN_CTX *ctx);
+ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                             EC_POINT *p, BN_CTX *ctx);
+ char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form, BN_CTX *ctx);
+ EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex,
+                              EC_POINT *p, BN_CTX *ctx);
+
+
+=head1 DESCRIPTION
+
+An B<EC_POINT> structure represents a point on a curve. A new point is
+constructed by calling the function EC_POINT_new() and providing the
+B<group> object that the point relates to.
+
+EC_POINT_free() frees the memory associated with the B<EC_POINT>.
+if B<point> is NULL nothing is done.
+
+EC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and
+then frees its memory. If B<point> is NULL nothing is done.
+
+EC_POINT_copy() copies the point B<src> into B<dst>. Both B<src> and B<dst>
+must use the same B<EC_METHOD>.
+
+EC_POINT_dup() creates a new B<EC_POINT> object and copies the content from
+B<src> to the newly created B<EC_POINT> object.
+
+EC_POINT_method_of() obtains the B<EC_METHOD> associated with B<point>.
+
+A valid point on a curve is the special point at infinity. A point is set to
+be at infinity by calling EC_POINT_set_to_infinity().
+
+The affine co-ordinates for a point describe a point in terms of its x and y
+position. The functions EC_POINT_set_affine_coordinates_GFp() and
+EC_POINT_set_affine_coordinates_GF2m() set the B<x> and B<y> co-ordinates for
+the point B<p> defined over the curve given in B<group>.
+
+As well as the affine co-ordinates, a point can alternatively be described in
+terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian
+projective co-ordinates are expressed as three values x, y and z. Working in
+this co-ordinate system provides more efficient point multiplication
+operations.  A mapping exists between Jacobian projective co-ordinates and
+affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
+as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
+projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped
+to (x, y, 1). To set or get the projective co-ordinates use
+EC_POINT_set_Jprojective_coordinates_GFp() and
+EC_POINT_get_Jprojective_coordinates_GFp() respectively.
+
+Points can also be described in terms of their compressed co-ordinates. For a
+point (x, y), for any given value for x such that the point is on the curve
+there will only ever be two possible values for y. Therefore a point can be set
+using the EC_POINT_set_compressed_coordinates_GFp() and
+EC_POINT_set_compressed_coordinates_GF2m() functions where B<x> is the x
+co-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two
+possible values for y should be used.
+
+In addition B<EC_POINT> can be converted to and from various external
+representations. The octet form is the binary encoding of the B<ECPoint>
+structure (as defined in RFC5480 and used in certificates and TLS records):
+only the content octets are present, the B<OCTET STRING> tag and length are
+not included. B<BIGNUM> form is the octet form interpreted as a big endian
+integer converted to a B<BIGNUM> structure. Hexadecimal form is the octet
+form converted to a NULL terminated character string where each character
+is one of the printable values 0-9 or A-F (or a-f).
+
+The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(),
+EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from
+and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.
+
+The function EC_POINT_point2oct() must be supplied with a buffer long enough to
+store the octet form. The return value provides the number of octets stored.
+Calling the function with a NULL buffer will not perform the conversion but
+will still return the required buffer length.
+
+The function EC_POINT_point2buf() allocates a buffer of suitable length and
+writes an EC_POINT to it in octet format. The allocated buffer is written to
+B<*pbuf> and its length is returned. The caller must free up the allocated
+buffer with a call to OPENSSL_free(). Since the allocated buffer value is
+written to B<*pbuf> the B<pbuf> parameter B<MUST NOT> be B<NULL>.
+
+The function EC_POINT_point2hex() will allocate sufficient memory to store the
+hexadecimal string. It is the caller's responsibility to free this memory with
+a subsequent call to OPENSSL_free().
+
+=head1 RETURN VALUES
+
+EC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL
+on error.
+
+The following functions return 1 on success or 0 on error: EC_POINT_copy(),
+EC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(),
+EC_POINT_get_Jprojective_coordinates_GFp(),
+EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(),
+EC_POINT_set_compressed_coordinates_GFp(),
+EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(),
+EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().
+
+EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.
+
+EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required
+buffer or 0 on error.
+
+EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on
+error.
+
+EC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on
+error.
+
+EC_POINT_point2hex() returns a pointer to the hex string, or NULL on error.
+
+EC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on
+error.
+
+=head1 SEE ALSO
+
+L<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
+L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
+L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ENGINE_add.pod b/openssl-1.1.0h/doc/crypto/ENGINE_add.pod
new file mode 100644
index 0000000..d5a7d72
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ENGINE_add.pod
@@ -0,0 +1,621 @@
+=pod
+
+=head1 NAME
+
+ENGINE_get_DH, ENGINE_get_DSA, ENGINE_get_ECDH, ENGINE_get_ECDSA,
+ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH,
+ENGINE_get_default_DSA, ENGINE_get_default_ECDH,
+ENGINE_get_default_ECDSA, ENGINE_get_default_RAND,
+ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first,
+ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new,
+ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests,
+ENGINE_get_destroy_function, ENGINE_get_finish_function,
+ENGINE_get_init_function, ENGINE_get_load_privkey_function,
+ENGINE_get_load_pubkey_function, ENGINE_load_private_key,
+ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id,
+ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher,
+ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable,
+ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string,
+ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init,
+ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_ECDH,
+ENGINE_register_ECDSA, ENGINE_register_RAND, ENGINE_register_RSA,
+ENGINE_register_all_complete, ENGINE_register_ciphers,
+ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove,
+ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_ECDH, ENGINE_set_ECDSA,
+ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers,
+ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default,
+ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_ECDH,
+ENGINE_set_default_ECDSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA,
+ENGINE_set_default_ciphers, ENGINE_set_default_digests,
+ENGINE_set_default_string, ENGINE_set_destroy_function,
+ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags,
+ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function,
+ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref,
+ENGINE_get_table_flags, ENGINE_cleanup,
+ENGINE_load_builtin_engines, ENGINE_register_all_DH,
+ENGINE_register_all_DSA, ENGINE_register_all_ECDH,
+ENGINE_register_all_ECDSA, ENGINE_register_all_RAND,
+ENGINE_register_all_RSA, ENGINE_register_all_ciphers,
+ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH,
+ENGINE_unregister_DSA, ENGINE_unregister_ECDH, ENGINE_unregister_ECDSA,
+ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers,
+ENGINE_unregister_digests
+- ENGINE cryptographic module support
+
+=head1 SYNOPSIS
+
+ #include <openssl/engine.h>
+
+ ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
+
+ int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
+
+ ENGINE *ENGINE_by_id(const char *id);
+
+ int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
+
+ void ENGINE_load_builtin_engines(void);
+
+ ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_ECDH(void);
+ ENGINE *ENGINE_get_default_ECDSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
+
+ int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_ECDH(ENGINE *e);
+ int ENGINE_set_default_ECDSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+ unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
+
+ int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_ECDH(ENGINE *e);
+ void ENGINE_unregister_ECDH(ENGINE *e);
+ void ENGINE_register_all_ECDH(void);
+ int ENGINE_register_ECDSA(ENGINE *e);
+ void ENGINE_unregister_ECDSA(ENGINE *e);
+ void ENGINE_register_all_ECDSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
+
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+         long i, void *p, void (*f)(void), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+         int cmd_optional);
+
+ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+
+ int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
+ int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+ const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+ const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void ENGINE_cleanup(void)
+ #endif
+
+=head1 DESCRIPTION
+
+These functions create, manipulate, and use cryptographic modules in the
+form of B<ENGINE> objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+
+The cryptographic functionality that can be provided by an B<ENGINE>
+implementation includes the following abstractions;
+
+ RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+       - similarly for other OpenSSL APIs
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
+
+=head2 Reference counting and handles
+
+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+treated as handles - ie. not only as pointers, but also as references to
+the underlying ENGINE object. Ie. one should obtain a new reference when
+making copies of an ENGINE pointer if the copies will be used (and
+released) independently.
+
+ENGINE objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each ENGINE pointer is
+inherently a B<structural> reference - a structural reference is required
+to use the pointer value at all, as this kind of reference is a guarantee
+that the structure can not be deallocated until the reference is released.
+
+However, a structural reference provides no guarantee that the ENGINE is
+initialised and able to use any of its cryptographic
+implementations. Indeed it's quite possible that most ENGINEs will not
+initialise at all in typical environments, as ENGINEs are typically used to
+support specialised hardware. To use an ENGINE's functionality, you need a
+B<functional> reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well - however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independently. If you have a functional reference to an
+ENGINE, you have a guarantee that the ENGINE has been initialised and
+is ready to perform cryptographic operations, and will remain initialised
+until after you have released your reference.
+
+I<Structural references>
+
+This basic type of reference is used for instantiating new ENGINEs,
+iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an ENGINE implementation rather than use its functionality.
+
+The ENGINE_new() function returns a structural reference to a new (empty)
+ENGINE object. There are other ENGINE API functions that return structural
+references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
+ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
+released by a corresponding to call to the ENGINE_free() function - the
+ENGINE object itself will only actually be cleaned up and deallocated when
+the last structural reference is released.
+
+It should also be noted that many ENGINE API function calls that accept a
+structural reference will internally obtain another reference - typically
+this happens whenever the supplied ENGINE will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new ENGINE to
+OpenSSL's internal list is ENGINE_add() - if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+ENGINE_free() when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+ENGINE_get_prev() functions are used for iterating across the internal
+ENGINE list - they will return a new structural reference to the next (or
+previous) ENGINE in the list or NULL if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+
+To clarify a particular function's handling of references, one should
+always consult that function's documentation "man" page, or failing that
+the openssl/engine.h header file includes some hints.
+
+I<Functional references>
+
+As mentioned, functional references exist when the cryptographic
+functionality of an ENGINE is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required ENGINE, or by asking OpenSSL for the default
+operational ENGINE for a given cryptographic purpose.
+
+To obtain a functional reference from an existing structural reference,
+call the ENGINE_init() function. This returns zero if the ENGINE was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the ENGINE is now operational and will
+have allocated a new B<functional> reference to the ENGINE. All functional
+references are released by calling ENGINE_finish() (which removes the
+implicit structural reference as well).
+
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+
+=head2 Default implementations
+
+For each supported abstraction, the ENGINE code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables and indexed by an 'nid' value, because
+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+algorithms and modes, and ENGINEs can support arbitrarily many of them.
+In the case of other abstractions like RSA, DSA, etc, there is only one
+"algorithm" so all implementations implicitly register using the same 'nid'
+index.
+
+When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
+when calling RSA_new_method(NULL)), a "get_default" call will be made to the
+ENGINE subsystem to process the corresponding state table and return a
+functional reference to an initialised ENGINE whose implementation should be
+used. If no ENGINE should (or can) be used, it will return NULL and the caller
+will operate with a NULL ENGINE handle - this usually equates to using the
+conventional software implementation. In the latter case, OpenSSL will from
+then on behave the way it used to before the ENGINE API existed.
+
+Each state table has a flag to note whether it has processed this
+"get_default" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an ENGINE, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a NULL
+response if no ENGINE was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+ENGINE_set_table_flags()), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL ENGINE to the
+"get_default" query will be if one is expressly set in the table. Eg.
+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+that it also sets the state table's cached response for the "get_default"
+query. In the case of abstractions like EVP_CIPHER, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
+value.
+
+=head2 Application requirements
+
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the ENGINE functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative ENGINE modules available to the
+application and user. OpenSSL maintains an internal linked list of
+"visible" ENGINEs from which it has to operate - at start-up, this list is
+empty and in fact if an application does not call any ENGINE API calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative ENGINE code at all. So the first
+consideration is whether any/all available ENGINE implementations should be
+made visible to OpenSSL - this is controlled by calling the various "load"
+functions.
+
+Having called any of these functions, ENGINE objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important API function;
+
+ void ENGINE_cleanup(void)
+
+If no ENGINE API functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the ENGINE functionality.
+However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are
+never registered or used, it was necessary to use the ENGINE_cleanup() function
+to correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism used an internal callback registration table
+so that any ENGINE API functionality that knows it requires cleanup can
+register its cleanup details to be called during ENGINE_cleanup(). This
+approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible ENGINE functionality - only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call
+ENGINE_cleanup and this function is deprecated. Cleanup automatically takes
+place at program exit.
+
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+"registered" or called into use by OpenSSL automatically - that behaviour
+is something for the application to control. Some applications
+will want to allow the user to specify exactly which ENGINE they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any ENGINE that is able to
+successfully initialise - ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+
+I<Using a specific ENGINE implementation>
+
+Here we'll assume an application has been configured by its user or admin
+to want to use the "ACME" ENGINE if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all RSA, DSA, and symmetric cipher operations, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+
+ ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if(!e)
+     /* the engine isn't available */
+     return;
+ if(!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if(!ENGINE_set_default_RSA(e))
+     /* This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did. */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
+
+I<Automatically using builtin ENGINE implementations>
+
+Here we'll assume we want to load and register all ENGINE implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL - if there is an ENGINE that implements it and can be initialised,
+it should be used. The following code illustrates how this can work;
+
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+default for RSA use from then on.
+
+=head2 Advanced configuration support
+
+There is a mechanism supported by the ENGINE framework that allows each
+ENGINE implementation to define an arbitrary set of configuration
+"commands" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration "directives" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded ENGINE
+implementations for the names, descriptions, and input flags of their
+available "control commands", providing a more flexible configuration
+scheme. However, if the user is expected to know which ENGINE device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to pass settings into ENGINEs
+exactly as they are provided by the user.
+
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an ENGINE B<before> attempting to initialise it, ie. before
+calling ENGINE_init(). The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after ENGINE_init(), or
+in some cases both. ENGINE implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+
+I<Issuing control commands to an ENGINE>
+
+Let's illustrate by example; a function for which the caller supplies the
+name of the ENGINE it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command "name"
+followed by the command "parameter" - the parameter could be NULL in some
+cases but the name can not. This function should initialise the ENGINE
+(issuing the "pre" commands beforehand and the "post" commands afterwards)
+and set it as the default for everything except RAND and then return a
+boolean success or failure.
+
+ int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if (!e) return 0;
+     while (pre_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+         pre_cmds += 2;
+     }
+     if (!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /* ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id(). */
+     ENGINE_free(e);
+     while(post_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+         post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
+
+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+relax the semantics of the function - if set non-zero it will only return
+failure if the ENGINE supported the given command name but failed while
+executing it, if the ENGINE doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given ENGINE so we set this to
+FALSE.
+
+I<Discovering supported control commands>
+
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported by an ENGINE using a
+structural reference. Note that some control commands are defined by OpenSSL
+itself and it will intercept and handle these control commands on behalf of the
+ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
+openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
+implemented by ENGINEs should be numbered from. Any command value lower than
+this symbol is considered a "generic" command is handled directly by the
+OpenSSL core routines.
+
+It is using these "core" control commands that one can discover the control
+commands implemented by a given ENGINE, specifically the commands:
+
+ ENGINE_HAS_CTRL_FUNCTION
+ ENGINE_CTRL_GET_FIRST_CMD_TYPE
+ ENGINE_CTRL_GET_NEXT_CMD_TYPE
+ ENGINE_CTRL_GET_CMD_FROM_NAME
+ ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+ ENGINE_CTRL_GET_NAME_FROM_CMD
+ ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+ ENGINE_CTRL_GET_DESC_FROM_CMD
+ ENGINE_CTRL_GET_CMD_FLAGS
+
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE to process these
+queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+the ENGINE's flags, and it can expose an array of control command descriptions.
+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+simply pass all these "core" control commands directly to the ENGINE's ctrl()
+handler (and thus, it must have supplied one), so it is up to the ENGINE to
+reply to these "discovery" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+
+ if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
+
+If the ENGINE's array of control commands is empty then all other commands will
+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+identifier of a command supported by the ENGINE and returns the next command
+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+possible values:
+
+ ENGINE_CMD_FLAG_NUMERIC
+ ENGINE_CMD_FLAG_STRING
+ ENGINE_CMD_FLAG_NO_INPUT
+ ENGINE_CMD_FLAG_INTERNAL
+
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+"INTERNAL" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via ENGINE_ctrl(), including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications to determine if an ENGINE
+supports certain specific commands it might want to use (eg. application "foo"
+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+and ENGINE could therefore decide whether or not to support this "foo"-specific
+extension).
+
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL_ENGINES>
+
+The path to the engines directory.
+
+=back
+
+=head1 SEE ALSO
+
+L<OPENSSL_init_crypto(3)>, L<RSA_new_method(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
+
+=head1 HISTORY
+
+ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
+ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
+OPENSSL_init_crypto().
+
+=head1 COPYRIGHT
+
+Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_GET_LIB.pod b/openssl-1.1.0h/doc/crypto/ERR_GET_LIB.pod
new file mode 100644
index 0000000..5602a8e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_GET_LIB.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR
+- get information from error codes
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ int ERR_GET_LIB(unsigned long e);
+
+ int ERR_GET_FUNC(unsigned long e);
+
+ int ERR_GET_REASON(unsigned long e);
+
+ int ERR_FATAL_ERROR(unsigned long e);
+
+=head1 DESCRIPTION
+
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+
+ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.
+
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library.  Note that different
+libraries may use the same value to signal different functions and
+reasons.
+
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+
+ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR()
+ are macros.
+
+=head1 RETURN VALUES
+
+The library number, function code, reason code, and whether the error
+is fatal, respectively.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of OpenSSL.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_clear_error.pod b/openssl-1.1.0h/doc/crypto/ERR_clear_error.pod
new file mode 100644
index 0000000..c876615
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_clear_error.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+ERR_clear_error - clear the error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_clear_error(void);
+
+=head1 DESCRIPTION
+
+ERR_clear_error() empties the current thread's error queue.
+
+=head1 RETURN VALUES
+
+ERR_clear_error() has no return value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_error_string.pod b/openssl-1.1.0h/doc/crypto/ERR_error_string.pod
new file mode 100644
index 0000000..695eaf2
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_error_string.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string - obtain human-readable
+error message
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ char *ERR_error_string(unsigned long e, char *buf);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+=head1 DESCRIPTION
+
+ERR_error_string() generates a human-readable string representing the
+error code I<e>, and places it at I<buf>. I<buf> must be at least 256
+bytes long. If I<buf> is B<NULL>, the error string is placed in a
+static buffer.
+Note that this function is not thread-safe and does no checks on the size
+of the buffer; use ERR_error_string_n() instead.
+
+ERR_error_string_n() is a variant of ERR_error_string() that writes
+at most I<len> characters (including the terminating 0)
+and truncates the string if necessary.
+For ERR_error_string_n(), I<buf> may not be B<NULL>.
+
+The string will have the following format:
+
+ error:[error code]:[library name]:[function name]:[reason string]
+
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+L<ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+
+=head1 RETURN VALUES
+
+ERR_error_string() returns a pointer to a static buffer containing the
+string if I<buf> B<== NULL>, I<buf> otherwise.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<ERR_print_errors(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_get_error.pod b/openssl-1.1.0h/doc/crypto/ERR_get_error.pod
new file mode 100644
index 0000000..3b223c9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_get_error.pod
@@ -0,0 +1,79 @@
+=pod
+
+=head1 NAME
+
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data - obtain error code and data
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
+
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
+
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+
+=head1 DESCRIPTION
+
+ERR_get_error() returns the earliest error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+
+ERR_peek_error() returns the earliest error code from the thread's
+error queue without modifying it.
+
+ERR_peek_last_error() returns the latest error code from the thread's
+error queue without modifying it.
+
+See L<ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)> for human-readable error
+messages.
+
+ERR_get_error_line(), ERR_peek_error_line() and
+ERR_peek_last_error_line() are the same as the above, but they
+additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+
+ERR_get_error_line_data(), ERR_peek_error_line_data() and
+ERR_peek_last_error_line_data() store additional data and flags
+associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING> is true.
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
+
+=head1 RETURN VALUES
+
+The error code, or 0 if there is no error in the queue.
+
+=head1 SEE ALSO
+
+L<ERR_error_string(3)>,
+L<ERR_GET_LIB(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_load_crypto_strings.pod b/openssl-1.1.0h/doc/crypto/ERR_load_crypto_strings.pod
new file mode 100644
index 0000000..56d91d5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_load_crypto_strings.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+
+=head1 SYNOPSIS
+
+Deprecated:
+
+ #include <openssl/err.h>
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+ #endif
+
+ #include <openssl/ssl.h>
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void SSL_load_error_strings(void);
+ #endif
+
+=head1 DESCRIPTION
+
+All of the following functions are deprecated from OpenSSL 1.1.0. No explicit
+initialisation or de-initialisation is necessary. See L<OPENSSL_init_crypto(3)>
+and L<OPENSSL_init_ssl(3)>.
+
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+
+In versions of OpenSSL prior to 1.1.0 ERR_free_strings() freed all previously
+loaded error strings. However from OpenSSL 1.1.0 it does nothing.
+
+=head1 RETURN VALUES
+
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+
+=head1 SEE ALSO
+
+L<ERR_error_string(3)>
+
+=head1 HISTORY
+
+The ERR_load_crypto_strings(), SSL_load_error_strings(), and
+ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by
+OPENSSL_init_crypto() and OPENSSL_init_ssl().
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_load_strings.pod b/openssl-1.1.0h/doc/crypto/ERR_load_strings.pod
new file mode 100644
index 0000000..ee8de2c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_load_strings.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+ int ERR_get_next_error_library(void);
+
+ unsigned long ERR_PACK(int lib, int func, int reason);
+
+=head1 DESCRIPTION
+
+ERR_load_strings() registers error strings for library number B<lib>.
+
+B<str> is an array of error string data:
+
+ typedef struct ERR_string_data_st
+ {
+        unsigned long error;
+        char *string;
+ } ERR_STRING_DATA;
+
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+
+The last entry in the array is {0,0}.
+
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+
+=head1 RETURN VALUE
+
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns zero on failure, otherwise a new
+library number.
+
+=head1 SEE ALSO
+
+L<ERR_load_strings(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_print_errors.pod b/openssl-1.1.0h/doc/crypto/ERR_print_errors.pod
new file mode 100644
index 0000000..134b374
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_print_errors.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb
+- print error messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+                          void *u)
+
+
+=head1 DESCRIPTION
+
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+
+ERR_print_errors_fp() is the same, except that the output goes to a
+B<FILE>.
+
+ERR_print_errors_cb() is the same, except that the callback function,
+B<cb>, is called for each error line with the string, length, and userdata
+B<u> as the callback parameters.
+
+The error strings will have the following format:
+
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+=head1 RETURN VALUES
+
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+
+=head1 SEE ALSO
+
+L<ERR_error_string(3)>,
+L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_put_error.pod b/openssl-1.1.0h/doc/crypto/ERR_put_error.pod
new file mode 100644
index 0000000..14695ba
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_put_error.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+ERR_put_error, ERR_add_error_data - record an error
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+         int line);
+
+ void ERR_add_error_data(int num, ...);
+ void ERR_add_error_data(int num, va_list arg);
+
+=head1 DESCRIPTION
+
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+ERR_add_error_vdata() is similar except the argument is a B<va_list>.
+
+L<ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+
+=head2 Reporting errors
+
+Each sub-library has a specific macro XXXerr() that is used to report
+errors. Its first argument is a function code B<XXX_F_...>, the second
+argument is a reason code B<XXX_R_...>. Function codes are derived
+from the function names; reason codes consist of textual error
+descriptions. For example, the function ssl3_read_bytes() reports a
+"handshake failure" as follows:
+
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL3_READ_BYTES" in the above example.
+
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.
+
+
+=head1 RETURN VALUES
+
+ERR_put_error() and ERR_add_error_data() return
+no values.
+
+=head1 SEE ALSO
+
+L<ERR_load_strings(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_remove_state.pod b/openssl-1.1.0h/doc/crypto/ERR_remove_state.pod
new file mode 100644
index 0000000..617b4b7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_remove_state.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+ERR_remove_thread_state, ERR_remove_state - DEPRECATED
+
+=head1 SYNOPSIS
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10000000L
+ void ERR_remove_state(unsigned long pid);
+ #endif
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void ERR_remove_thread_state(void *);
+ #endif
+
+=head1 DESCRIPTION
+
+The functions described here were used to free the error queue
+associated with the current or specified thread.
+
+They are now deprecated and do nothing, as the OpenSSL libraries now
+normally do all thread initialisation and deinitialisation
+automatically (see L<OPENSSL_init_crypto(3)>).
+
+=head1 RETURN VALUE
+
+The functions described here return no value.
+
+=head1 SEE ALSO
+
+LL<OPENSSL_init_crypto(3)>
+
+=head1 HISTORY
+
+ERR_remove_state() was deprecated in OpenSSL 1.0.0 when
+ERR_remove_thread_state() was introduced.
+
+ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0 when the
+thread handling functionality was entirely rewritten.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ERR_set_mark.pod b/openssl-1.1.0h/doc/crypto/ERR_set_mark.pod
new file mode 100644
index 0000000..b3afea8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ERR_set_mark.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ int ERR_set_mark(void);
+
+ int ERR_pop_to_mark(void);
+
+=head1 DESCRIPTION
+
+ERR_set_mark() sets a mark on the current topmost error record if there
+is one.
+
+ERR_pop_to_mark() will pop the top of the error stack until a mark is found.
+The mark is then removed.  If there is no mark, the whole stack is removed.
+
+=head1 RETURN VALUES
+
+ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.
+
+ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which
+implies that the stack became empty, otherwise 1.
+
+=head1 COPYRIGHT
+
+Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_BytesToKey.pod b/openssl-1.1.0h/doc/crypto/EVP_BytesToKey.pod
new file mode 100644
index 0000000..728c94e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_BytesToKey.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+EVP_BytesToKey - password based encryption routine
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                    const unsigned char *salt,
+                    const unsigned char *data, int datal, int count,
+                    unsigned char *key, unsigned char *iv);
+
+=head1 DESCRIPTION
+
+EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
+the cipher to derive the key and IV for. B<md> is the message digest to use.
+The B<salt> parameter is used as a salt in the derivation: it should point to
+an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
+B<datal> bytes which is used to derive the keying data. B<count> is the
+iteration count to use. The derived key and IV will be written to B<key>
+and B<iv> respectively.
+
+=head1 NOTES
+
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<data> parameter.
+
+Increasing the B<count> parameter slows down the algorithm which makes it
+harder for an attacker to perform a brute force attack using a large number
+of candidate passwords.
+
+If the total key and IV length is less than the digest length and
+B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+
+Newer applications should use a more modern algorithm such as PBKDF2 as
+defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
+
+=head1 KEY DERIVATION ALGORITHM
+
+The key and IV is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and IV. D_i is defined as:
+
+        D_i = HASH^count(D_(i-1) || data || salt)
+
+where || denotes concatenation, D_0 is empty, HASH is the digest
+algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
+is HASH(HASH(data)) and so on.
+
+The initial bytes are used for the key and the subsequent bytes for
+the IV.
+
+=head1 RETURN VALUES
+
+If B<data> is NULL, then EVP_BytesToKey() returns the number of bytes
+needed to store the derived key.
+Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes,
+or 0 on error.
+
+=head1 SEE ALSO
+
+L<evp(3)>, L<rand(3)>,
+L<PKCS5_PBKDF2_HMAC(3)>,
+L<EVP_EncryptInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod b/openssl-1.1.0h/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
new file mode 100644
index 0000000..3a57fcd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data - Routines to
+inspect and modify EVP_CIPHER_CTX objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+
+=head1 DESCRIPTION
+
+The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the cipher
+data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the
+particular implementation of the cipher. For example this data can be used by
+engines to store engine specific information. The data is automatically
+allocated and freed by OpenSSL, so applications and engines should not normally
+free this directly (but see below).
+
+The EVP_CIPHER_CTX_set_cipher_data() function allows an application or engine to
+replace the cipher data with new data. A pointer to any existing cipher data is
+returned from this function. If the old data is no longer required then it
+should be freed through a call to OPENSSL_free().
+
+=head1 RETURN VALUES
+
+The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the current
+cipher data for the EVP_CIPHER_CTX.
+
+The EVP_CIPHER_CTX_set_cipher_data() function returns a pointer to the old
+cipher data for the EVP_CIPHER_CTX.
+
+=head1 HISTORY
+
+The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data()
+functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_CIPHER_meth_new.pod b/openssl-1.1.0h/doc/crypto/EVP_CIPHER_meth_new.pod
new file mode 100644
index 0000000..08e8290
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_CIPHER_meth_new.pod
@@ -0,0 +1,253 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free,
+EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags,
+EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init,
+EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup,
+EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params,
+EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init,
+EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup,
+EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params,
+EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+ int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+ int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+ int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                              int (*init) (EVP_CIPHER_CTX *ctx,
+                                           const unsigned char *key,
+                                           const unsigned char *iv,
+                                           int enc));
+ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                   int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                     unsigned char *out,
+                                                     const unsigned char *in,
+                                                     size_t inl));
+ int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                 int (*cleanup) (EVP_CIPHER_CTX *));
+ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                         int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                         int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                              int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                           int arg, void *ptr));
+
+ int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                           const unsigned char *key,
+                                                           const unsigned char *iv,
+                                                           int enc);
+ int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                                unsigned char *out,
+                                                                const unsigned char *in,
+                                                                size_t inl);
+ int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+ int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                      ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                           int type, int arg,
+                                                           void *ptr);
+
+=head1 DESCRIPTION
+
+The B<EVP_CIPHER> type is a structure for symmetric cipher method
+implementation.
+
+EVP_CIPHER_meth_new() creates a new B<EVP_CIPHER> structure.
+
+EVP_CIPHER_meth_dup() creates a copy of B<cipher>.
+
+EVP_CIPHER_meth_free() destroys a B<EVP_CIPHER> structure.
+
+EVP_CIPHER_meth_iv_length() sets the length of the IV.
+This is only needed when the implemented cipher mode requires it.
+
+EVP_CIPHER_meth_set_flags() sets the flags to describe optional
+behaviours in the particular B<cipher>.
+With the exception of cipher modes, of which only one may be present,
+several flags can be or'd together.
+The available flags are:
+
+=over 4
+
+=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
+EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
+EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
+EVP_CIPH_OCB_MODE
+
+The cipher mode.
+
+=item EVP_CIPH_VARIABLE_LENGTH
+
+This cipher is of variable length.
+
+=item EVP_CIPH_CUSTOM_IV
+
+Storing and initialising the IV is left entirely to the
+implementation.
+
+=item EVP_CIPH_ALWAYS_CALL_INIT
+
+Set this if the implementation's init() function should be called even
+if B<key> is B<NULL>.
+
+=item EVP_CIPH_CTRL_INIT
+
+Set this to have the implementation's ctrl() function called with
+command code B<EVP_CTRL_INIT> early in its setup.
+
+=item EVP_CIPH_CUSTOM_KEY_LENGTH
+
+Checking and setting the key length after creating the B<EVP_CIPHER>
+is left to the implementation.
+Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a
+B<EVP_CIPHER> with this flag set, the implementation's ctrl() function
+will be called with the control code B<EVP_CTRL_SET_KEY_LENGTH> and
+the key length in B<arg>.
+
+=item EVP_CIPH_NO_PADDING
+
+Don't use standard block padding.
+
+=item EVP_CIPH_RAND_KEY
+
+Making a key with random content is left to the implementation.
+This is done by calling the implementation's ctrl() function with the
+control code B<EVP_CTRL_RAND_KEY> and the pointer to the key memory
+storage in B<ptr>.
+
+=item EVP_CIPH_CUSTOM_COPY
+
+Set this to have the implementation's ctrl() function called with
+command code B<EVP_CTRL_COPY> at the end of EVP_CIPHER_CTX_copy().
+The intended use is for further things to deal with after the
+implementation specific data block has been copied.
+The destination B<EVP_CIPHER_CTX> is passed to the control with the
+B<ptr> parameter.
+The implementation specific data block is reached with
+EVP_CIPHER_CTX_get_cipher_data().
+
+=item EVP_CIPH_FLAG_DEFAULT_ASN1
+
+Use the default EVP routines to pass IV to and from ASN.1.
+
+=item EVP_CIPH_FLAG_LENGTH_BITS
+
+Signals that the length of the input buffer for encryption /
+decryption is to be understood as the number of bits bits instead of
+bytes for this implementation.
+This is only useful for CFB1 ciphers.
+
+=begin comment
+The FIPS flags seem to be unused, so I'm hiding them until I get an
+explanation or they get removed.  /RL
+
+=item EVP_CIPH_FLAG_FIPS
+
+=item EVP_CIPH_FLAG_NON_FIPS_ALLOW
+
+=end comment
+
+=item EVP_CIPH_FLAG_CUSTOM_CIPHER
+
+This indicates that the implementation takes care of everything,
+including padding, buffering and finalization.
+The EVP routines will simply give them control and do nothing more.
+
+=item EVP_CIPH_FLAG_AEAD_CIPHER
+
+This indicates that this is an AEAD cipher implementation.
+
+=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+
+Allow interleaving of crypto blocks, a particular optimization only applicable
+to certain TLS ciphers.
+
+=back
+
+EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's
+implementation context so that it can be automatically allocated.
+
+EVP_CIPHER_meth_set_init() sets the cipher init function for
+B<cipher>.
+The cipher init function is called by EVP_CipherInit(),
+EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(),
+EVP_DecryptInit(), EVP_DecryptInit_ex().
+
+EVP_CIPHER_meth_set_do_cipher() sets the cipher function for
+B<cipher>.
+The cipher function is called by EVP_CipherUpdate(),
+EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(),
+EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and
+EVP_DecryptFinal_ex().
+
+EVP_CIPHER_meth_set_cleanup() sets the function for B<cipher> to do
+extra cleanup before the method's private data structure is cleaned
+out and freed.
+Note that the cleanup function is passed a B<EVP_CIPHER_CTX *>, the
+private data structure is then available with
+EVP_CIPHER_CTX_get_cipher_data().
+This cleanup function is called by EVP_CIPHER_CTX_reset() and
+EVP_CIPHER_CTX_free().
+
+EVP_CIPHER_meth_set_set_asn1_params() sets the function for B<cipher>
+to set the AlgorithmIdentifier "parameter" based on the passed cipher.
+This function is called by EVP_CIPHER_param_to_asn1().
+EVP_CIPHER_meth_set_get_asn1_params() sets the function for B<cipher>
+that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier
+"parameter".
+Both these functions are needed when there is a need for custom data
+(more or other than the cipher IV).
+They are called by EVP_CIPHER_param_to_asn1() and
+EVP_CIPHER_asn1_to_param() respectively if defined.
+
+EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
+
+EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(),
+EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(),
+EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl()
+are all used to retrieve the method data given with the
+EVP_CIPHER_meth_set_*() functions above.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a
+newly created B<EVP_CIPHER>, or NULL on failure.
+All EVP_CIPHER_meth_set_*() functions return 1.
+All EVP_CIPHER_meth_get_*() functions return pointers to their
+respective B<cipher> function.
+
+=head1 SEE ALSO
+
+L<EVP_EncryptInit>
+
+=head1 HISTORY
+
+The B<EVP_CIPHER> structure was openly available in OpenSSL before version
+1.1.0.
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_DigestInit.pod b/openssl-1.1.0h/doc/crypto/EVP_DigestInit.pod
new file mode 100644
index 0000000..bb7ef7a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_DigestInit.pod
@@ -0,0 +1,259 @@
+=pod
+
+=head1 NAME
+
+EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex,
+EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex,
+EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
+EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
+EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
+EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2,
+EVP_ripemd160, EVP_blake2b512, EVP_blake2s256, EVP_get_digestbyname,
+EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_MD_CTX *EVP_MD_CTX_new(void);
+ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
+
+ int EVP_MD_type(const EVP_MD *md);
+ int EVP_MD_pkey_type(const EVP_MD *md);
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_block_size(const EVP_MD *md);
+
+ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_size(const EVP_MD *ctx);
+ int EVP_MD_CTX_block_size(const EVP_MD *ctx);
+ int EVP_MD_CTX_type(const EVP_MD *ctx);
+
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_blake2b512(void);
+ const EVP_MD *EVP_blake2s256(void);
+
+ const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ const EVP_MD *EVP_get_digestbynid(int type);
+ const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
+
+=head1 DESCRIPTION
+
+The EVP digest routines are a high level interface to message digests,
+and should be used instead of the cipher-specific functions.
+
+EVP_MD_CTX_new() allocates, initializes and returns a digest context.
+
+EVP_MD_CTX_reset() resets the digest context B<ctx>.  This can be used
+to reuse an already existing context.
+
+EVP_MD_CTX_free() cleans up digest context B<ctx> and frees up the
+space allocated to it.
+
+EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+function. B<type> will typically be supplied by a function such as EVP_sha1().
+If B<impl> is NULL then the default implementation of digest B<type> is used.
+
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This function can be called several times on the
+same B<ctx> to hash additional data.
+
+EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit_ex() can be called to initialize a new
+digest operation.
+
+EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes. B<out> must be initialized
+before calling this function.
+
+EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
+the passed context B<ctx> does not have to be initialized, and it always
+uses the default digest implementation.
+
+EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
+context B<ctx> is automatically cleaned up.
+
+EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
+B<out> does not have to be initialized.
+
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
+are no longer linked this function is only retained for compatibility
+reasons.
+
+EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and
+EVP_blake2s256() return B<EVP_MD> structures for the MD2, MD5, SHA1, SHA224,
+SHA256, SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b-512, and BLAKE2s-256 digest
+algorithms respectively.
+
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively.
+
+=head1 RETURN VALUES
+
+EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
+success and 0 for failure.
+
+EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
+EVP_MD_CTX_block_size() return the digest or block size in bytes.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
+EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and EVP_blake2s256() return
+pointers to the corresponding EVP_MD structures.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+
+=head1 NOTES
+
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+
+New applications should use the SHA2 digest algorithms such as SHA256.
+The other digest algorithms are still in common use.
+
+For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
+set to NULL to use the default digest implementation.
+
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
+EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+
+If digest contexts are not cleaned up after use
+memory leaks will occur.
+
+EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(),
+EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as
+macros.
+
+
+=head1 EXAMPLE
+
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+
+ #include <stdio.h>
+ #include <openssl/evp.h>
+
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX *mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ if(!argv[1]) {
+        printf("Usage: mdtest digestname\n");
+        exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+
+ if(!md) {
+        printf("Unknown message digest %s\n", argv[1]);
+        exit(1);
+ }
+
+ mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit_ex(mdctx, md, NULL);
+ EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+ EVP_MD_CTX_free(mdctx);
+
+ printf("Digest is: ");
+ for (i = 0; i < md_len; i++)
+        printf("%02x", md_value[i]);
+ printf("\n");
+
+ exit(0);
+ }
+
+=head1 SEE ALSO
+
+L<dgst(1)>,
+L<evp(7)>
+
+=head1 HISTORY
+
+B<EVP_MD_CTX> became opaque in OpenSSL 1.1.  Consequently, stack
+allocated B<EVP_MD_CTX>s are no longer supported.
+
+EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
+EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.
+
+The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1()
+was removed in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_DigestSignInit.pod b/openssl-1.1.0h/doc/crypto/EVP_DigestSignInit.pod
new file mode 100644
index 0000000..7ec06b7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_DigestSignInit.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital signatures.
+
+EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
+ENGINE B<impl> and private key B<pkey>. B<ctx> must be created with
+EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
+be used to set alternative signing options.
+
+EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+using a macro.
+
+EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
+If B<sig> is B<NULL> then the maximum size of the output buffer is written to
+the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
+B<siglen> parameter should contain the length of the B<sig> buffer, if the
+call is successful the signature is written to B<sig> and the amount of data
+written to B<siglen>.
+
+=head1 RETURN VALUES
+
+EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
+1 for success and 0 or a negative value for failure. In particular a return
+value of -2 indicates the operation is not supported by the public key
+algorithm.
+
+The error codes can be obtained from L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+
+For some key types and parameters the random number generator must be seeded
+or the operation will fail.
+
+The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_DigestSignUpdate() and
+EVP_DigestSignFinal() can be called later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+The use of EVP_PKEY_size() with these functions is discouraged because some
+signature operations may have a signature length which depends on the
+parameters set. As a result EVP_PKEY_size() would have to return a value
+which indicates the maximum possible signature for any set of parameters.
+
+=head1 SEE ALSO
+
+L<EVP_DigestVerifyInit(3)>,
+L<EVP_DigestInit(3)>,
+L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
+L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
+L<SHA1(3)>, L<dgst(1)>
+
+=head1 HISTORY
+
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
+were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_DigestVerifyInit.pod b/openssl-1.1.0h/doc/crypto/EVP_DigestVerifyInit.pod
new file mode 100644
index 0000000..ce59422
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_DigestVerifyInit.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital signatures.
+
+EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be created
+with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
+can be used to set alternative verification options.
+
+EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+using a macro.
+
+EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
+B<sig> of length B<siglen>.
+
+=head1 RETURN VALUES
+
+EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
+for failure.
+
+EVP_DigestVerifyFinal() returns 1 for success; any other value indicates
+failure.  A return value of zero indicates that the signature did not verify
+successfully (that is, tbs did not match the original data or the signature had
+an invalid form), while other values indicate a more serious error (and
+sometimes also indicate an invalid signature form).
+
+The error codes can be obtained from L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+
+For some key types and parameters the random number generator must be seeded
+or the operation will fail.
+
+The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
+context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
+be called later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 SEE ALSO
+
+L<EVP_DigestSignInit(3)>,
+L<EVP_DigestInit(3)>,
+L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
+L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
+L<SHA1(3)>, L<dgst(1)>
+
+=head1 HISTORY
+
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
+were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_EncodeInit.pod b/openssl-1.1.0h/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
index 0000000..d919b14
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,162 @@
+=pod
+
+=head1 NAME
+
+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy,
+EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal,
+EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal,
+EVP_DecodeBlock - EVP base 64 encode/decode routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                     char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+=head1 DESCRIPTION
+
+The EVP encode routines provide a high level interface to base 64 encoding and
+decoding. Base 64 encoding converts binary data into a printable form that uses
+the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
+bytes of binary data provided 4 bytes of base 64 encoded data will be produced
+plus some occasional newlines (see below). If the input data length is not a
+multiple of 3 then the output data will be padded at the end using the "="
+character.
+
+EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
+the encode/decode functions.
+
+EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
+space allocated to it.
+
+Encoding of binary data is performed in blocks of 48 input bytes (or less for
+the final block). For each 48 byte input block encoded 64 bytes of base 64 data
+is output plus an additional newline character (i.e. 65 bytes in total). The
+final block (which may be less than 48 bytes) will output 4 bytes for every 3
+bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
+still output for the final 1 or 2 bytes of input. Similarly a newline character
+will also be output.
+
+EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
+
+EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
+B<in>. The output is stored in the buffer B<out> and the number of bytes output
+is stored in B<*outl>. It is the caller's responsibility to ensure that the
+buffer at B<out> is sufficiently large to accommodate the output data. Only full
+blocks of data (48 bytes) will be immediately processed and output by this
+function. Any remainder is held in the B<ctx> object and will be processed by a
+subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
+required size of the output buffer add together the value of B<inl> with the
+amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
+any remainder). This gives the number of blocks of data that will be processed.
+Ensure the output buffer contains 65 bytes of storage for each block, plus an
+additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
+repeatedly to process large amounts of input data. In the event of an error
+EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 will be
+returned.
+
+EVP_EncodeFinal() must be called at the end of an encoding operation. It will
+process any partial block of data remaining in the B<ctx> object. The output
+data will be stored in B<out> and the length of the data written will be stored
+in B<*outl>. It is the caller's responsibility to ensure that B<out> is
+sufficiently large to accommodate the output data which will never be more than
+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
+
+EVP_ENCODE_CTX_copy() can be used to copy a context B<sctx> to a context
+B<dctx>. B<dctx> must be initialized before calling this function.
+
+EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
+be encoded or decoded that are pending in the B<ctx> object.
+
+EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
+B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
+output data will be produced. If B<dlen> is not divisible by 3 then the block is
+encoded as a final block of data and the output is padded such that it is always
+divisible by 4. Additionally a NUL terminator character will be added. For
+example if 16 bytes of input data is provided then 24 bytes of encoded data is
+created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
+the data generated I<without> the NUL terminator is returned from the function.
+
+EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
+
+EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
+to by B<in>. The output is stored in the buffer B<out> and the number of bytes
+output is stored in B<*outl>. It is the caller's responsibility to ensure that
+the buffer at B<out> is sufficiently large to accommodate the output data. This
+function will attempt to decode as much data as possible in 4 byte chunks. Any
+whitespace, newline or carriage return characters are ignored. Any partial chunk
+of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
+the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
+any illegal base 64 characters are encountered or if the base 64 padding
+character "=" is encountered in the middle of the data then the function returns
+-1 to indicate an error. A return value of 0 or 1 indicates successful
+processing of the data. A return value of 0 additionally indicates that the last
+input data characters processed included the base 64 padding character "=" and
+therefore no more non-padding character data is expected to be processed. For
+every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
+line feeds), 3 bytes of binary output data will be produced (or less at the end
+of the data where the padding character "=" has been used).
+
+EVP_DecodeFinal() must be called at the end of a decoding operation. If there
+is any unprocessed data still in B<ctx> then the input data must not have been
+a multiple of 4 and therefore an error has occurred. The function will return -1
+in this case. Otherwise the function returns 1 on success.
+
+EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
+contained in B<f> and store the result in B<t>. Any leading whitespace will be
+trimmed as will any trailing whitespace, newlines, carriage returns or EOF
+characters. After such trimming the length of the data in B<f> must be divisible
+by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
+output will be padded with 0 bits if necessary to ensure that the output is
+always 3 bytes for every 4 input bytes. This function will return the length of
+the data decoded or -1 on error.
+
+=head1 RETURN VALUES
+
+EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
+object or NULL on error.
+
+EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in
+B<ctx>.
+
+EVP_EncodeUpdate() returns 0 on error or 1 on success.
+
+EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
+terminator.
+
+EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
+then no more non-padding base 64 characters are expected.
+
+EVP_DecodeFinal() returns -1 on error or 1 on success.
+
+EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
+
+=head1 SEE ALSO
+
+L<evp(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_EncryptInit.pod b/openssl-1.1.0h/doc/crypto/EVP_EncryptInit.pod
new file mode 100644
index 0000000..d1af772
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_EncryptInit.pod
@@ -0,0 +1,661 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free,
+EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex,
+EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex,
+EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex,
+EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb,
+EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb,
+EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb,
+EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5,
+EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc,
+EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc,
+EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc,
+EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc,
+EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb,
+EVP_aes_128_cbc, EVP_aes_128_ecb, EVP_aes_128_cfb, EVP_aes_128_ofb,
+EVP_aes_192_cbc, EVP_aes_192_ecb, EVP_aes_192_cfb, EVP_aes_192_ofb,
+EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb,
+EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm,
+EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm,
+EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1,
+EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256,
+EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines
+
+=head1 SYNOPSIS
+
+=for comment generic
+
+ #include <openssl/evp.h>
+
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+
+ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, const unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, const unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, const unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ const EVP_CIPHER *EVP_get_cipherbynid(int nid);
+ const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
+
+ int EVP_CIPHER_nid(const EVP_CIPHER *e);
+ int EVP_CIPHER_block_size(const EVP_CIPHER *e);
+ int EVP_CIPHER_key_length(const EVP_CIPHER *e)
+ int EVP_CIPHER_key_length(const EVP_CIPHER *e);
+ int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
+ int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
+
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+=head1 DESCRIPTION
+
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+
+EVP_CIPHER_CTX_new() creates a cipher context.
+
+EVP_CIPHER_CTX_free() clears all information from a cipher context
+and free up any allocated memory associate with it, including B<ctx>
+itself. This function should be called after all operations using a
+cipher are complete so sensitive information does not remain in
+memory.
+
+EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
+with cipher B<type> from ENGINE B<impl>. B<ctx> must be created
+before calling this function. B<type> is normally supplied
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the
+default implementation is used. B<key> is the symmetric key to use
+and B<iv> is the IV to use (if necessary), the actual number of bytes
+used for the key and IV depends on the cipher. It is possible to set
+all parameters to NULL except B<type> in an initial call and supply
+the remaining parameters in subsequent calls, all of which have B<type>
+set to NULL. This is done when the default cipher parameters are not
+appropriate.
+
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<out> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>. It also
+checks if B<in> and B<out> are partially overlapping, and if they are
+0 is returned to indicate failure.
+
+If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
+the "final" data, that is any data that remains in a partial block.
+It uses standard block padding (aka PKCS padding) as described in
+the NOTES section, below. The encrypted
+final data is written to B<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in B<outl>. After
+this function is called the encryption operation is finished and no further
+calls to EVP_EncryptUpdate() should be made.
+
+If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size.
+
+EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer B<out>
+passed to EVP_DecryptUpdate() should have sufficient room for
+(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
+which case B<inl> bytes is sufficient.
+
+EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the B<enc> parameter. It should be set
+to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+
+EVP_CIPHER_CTX_reset() clears all information from a cipher context
+and free up any allocated memory associate with it, except the B<ctx>
+itself. This function should be called anytime B<ctx> is to be reused
+for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal()
+series of calls.
+
+EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
+similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
+initialized and they always use the default cipher implementation.
+
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are
+identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex(). In previous releases they also cleaned up
+the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean()
+must be called to free any context resources.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
+value is an internal value which may not have a corresponding OBJECT
+IDENTIFIER.
+
+EVP_CIPHER_CTX_set_padding() enables or disables padding. This
+function should be called after the context is set up for encryption
+or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or
+EVP_CipherInit_ex(). By default encryption operations are padded using
+standard block padding and the padding is checked and removed when
+decrypting. If the B<pad> parameter is zero then no padding is
+performed, the total amount of data encrypted or decrypted must then
+be a multiple of the block size or an error will occur.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
+given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
+for variable key length ciphers.
+
+EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV.  The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the maximum block
+length for all ciphers.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+B<NID_undef>.
+
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+
+EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
+EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
+EVP_CIPH_STREAM_CIPHER is returned.
+
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+is not supported.
+
+EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
+and set.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_CTX_new() returns a pointer to a newly created
+B<EVP_CIPHER_CTX> for success and B<NULL> for failure.
+
+EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
+return 1 for success and 0 for failure.
+
+EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
+EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
+
+EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
+
+EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length.
+
+EVP_CIPHER_CTX_set_padding() always returns 1.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater
+than zero for success and zero or a negative number.
+
+=head1 CIPHER LISTING
+
+All algorithms have a fixed key length unless otherwise stated.
+
+=over 4
+
+=item EVP_enc_null()
+
+Null cipher: does nothing.
+
+=item EVP_aes_128_cbc(), EVP_aes_128_ecb(), EVP_aes_128_cfb(), EVP_aes_128_ofb()
+
+AES with a 128-bit key in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_192_cbc(), EVP_aes_192_ecb(), EVP_aes_192_cfb(), EVP_aes_192_ofb()
+
+AES with a 192-bit key in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_aes_256_cbc(), EVP_aes_256_ecb(), EVP_aes_256_cfb(), EVP_aes_256_ofb()
+
+AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_ofb()
+
+DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_ede_cbc(), EVP_des_ede(), EVP_des_ede_ofb(), EVP_des_ede_cfb()
+
+Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_ede3_cbc(), EVP_des_ede3(), EVP_des_ede3_ofb(), EVP_des_ede3_cfb()
+
+Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_desx_cbc()
+
+DESX algorithm in CBC mode.
+
+=item EVP_rc4()
+
+RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
+
+=item EVP_rc4_40()
+
+RC4 stream cipher with 40 bit key length.
+This is obsolete and new code should use EVP_rc4()
+and the EVP_CIPHER_CTX_set_key_length() function.
+
+=item EVP_idea_cbc() EVP_idea_ecb(), EVP_idea_cfb(), EVP_idea_ofb()
+
+IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_rc2_cbc(), EVP_rc2_ecb(), EVP_rc2_cfb(), EVP_rc2_ofb()
+
+RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher with an additional parameter called "effective key bits" or "effective key length".
+By default both are set to 128 bits.
+
+=item EVP_rc2_40_cbc(), EVP_rc2_64_cbc()
+
+RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
+EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
+
+=item EVP_bf_cbc(), EVP_bf_ecb(), EVP_bf_cfb(), EVP_bf_ofb()
+
+Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_ofb()
+
+CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_ofb()
+
+RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
+cipher with an additional "number of rounds" parameter. By default the key length is set to 128
+bits and 12 rounds.
+
+=item EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm()
+
+AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
+These ciphers require additional control operations to function correctly: see
+the L</GCM and OCB Modes> section below for details.
+
+=item EVP_aes_128_ocb(void), EVP_aes_192_ocb(void), EVP_aes_256_ocb(void)
+
+Offset Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively.
+These ciphers require additional control operations to function correctly: see
+the L</GCM and OCB Modes> section below for details.
+
+=item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm()
+
+AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys respectively.
+These ciphers require additional control operations to function correctly: see
+CCM mode section below for details.
+
+=item EVP_chacha20()
+
+The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long.
+
+=item EVP_chacha20_poly1305()
+
+Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20() the key is
+256 bits and the IV is 96 bits. This supports additional authenticated
+data (AAD) and produces a 128 bit authentication tag. See the
+L</GCM and OCB Modes> section for more information.
+
+=back
+
+=head1 GCM and OCB Modes
+
+For GCM and OCB mode ciphers the behaviour of the EVP interface is subtly
+altered and several additional ctrl operations are supported.
+
+To specify any additional authenticated data (AAD) a call to EVP_CipherUpdate(),
+EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
+parameter B<out> set to B<NULL>.
+
+When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal()
+indicates if the operation was successful. If it does not indicate success
+the authentication operation has failed and any output data B<MUST NOT>
+be used as it is corrupted.
+
+The following ctrls are supported in both GCM and OCB modes:
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL);
+
+Sets the IV length: this call can only be made before specifying an IV. If
+not called a default IV length is used. For GCM AES and OCB AES the default is
+12 (i.e. 96 bits). For OCB mode the maximum is 15.
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
+
+Writes B<taglen> bytes of the tag value to the buffer indicated by B<tag>.
+This call can only be made when encrypting data and B<after> all data has been
+processed (e.g. after an EVP_EncryptFinal() call). For OCB mode the taglen must
+either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN.
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
+
+Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal
+when decrypting data. For OCB mode the taglen must either be 16 or the value
+previously set via EVP_CTRL_AEAD_SET_TAG.
+
+In OCB mode calling this with B<tag> set to NULL sets the tag length. The tag
+length can only be set before specifying an IV. If not called a default tag
+length is used. For OCB AES the default is 16 (i.e. 128 bits). This is also the
+maximum tag length for OCB.
+
+=head1 CCM Mode
+
+The behaviour of CCM mode ciphers is similar to GCM mode but with a few
+additional requirements and different ctrl values.
+
+Like GCM and OCB modes any additional authenticated data (AAD) is passed by calling
+EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output
+parameter B<out> set to B<NULL>. Additionally the total plaintext or ciphertext
+length B<MUST> be passed to EVP_CipherUpdate(), EVP_EncryptUpdate() or
+EVP_DecryptUpdate() with the output and input parameters (B<in> and B<out>)
+set to B<NULL> and the length passed in the B<inl> parameter.
+
+The following ctrls are supported in CCM mode:
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
+
+This call is made to set the expected B<CCM> tag value when decrypting or
+the length of the tag (with the B<tag> parameter set to NULL) when encrypting.
+The tag length is often referred to as B<M>. If not set a default value is
+used (12 for AES).
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL);
+
+Sets the CCM B<L> value. If not set a default is used (8 for AES).
+
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL);
+
+Sets the CCM nonce (IV) length: this call can only be made before specifying
+an nonce value. The nonce length is given by B<15 - L> so it is 7 by default
+for AES.
+
+=head1 NOTES
+
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible. Additionally, the
+B<EVP> interface will ensure the use of platform specific cryptographic
+acceleration such as AES-NI (the low level interfaces do not provide the
+guarantee).
+
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+
+When decrypting the final block is checked to see if it has the correct form.
+
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
+
+The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
+EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
+compatibility with existing code. New code should use EVP_EncryptInit_ex(),
+EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
+EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+existing context without allocating and freeing it up on each call.
+
+EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
+
+=head1 BUGS
+
+For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current RC5 code rather than the EVP interface.
+
+EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a
+generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
+
+The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+
+=head1 EXAMPLES
+
+Encrypt a string using IDEA:
+
+ int do_crypt(char *outfile)
+        {
+        unsigned char outbuf[1024];
+        int outlen, tmplen;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+        unsigned char iv[] = {1,2,3,4,5,6,7,8};
+        char intext[] = "Some Crypto Text";
+        EVP_CIPHER_CTX *ctx;
+        FILE *out;
+
+        ctx = EVP_CIPHER_CTX_new();
+        EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
+        if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
+                {
+                /* Error */
+                return 0;
+                }
+        /* Buffer passed to EVP_EncryptFinal() must be after data just
+         * encrypted to avoid overwriting it.
+         */
+        if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
+                {
+                /* Error */
+                return 0;
+                }
+        outlen += tmplen;
+        EVP_CIPHER_CTX_free(ctx);
+        /* Need binary mode for fopen because encrypted data is
+         * binary data. Also cannot use strlen() on it because
+         * it won't be null terminated and may contain embedded
+         * nulls.
+         */
+        out = fopen(outfile, "wb");
+        fwrite(outbuf, 1, outlen, out);
+        fclose(out);
+        return 1;
+        }
+
+The ciphertext from the above example can be decrypted using the B<openssl>
+utility with the command line (shown on two lines for clarity):
+
+ openssl idea -d <filename
+          -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708
+
+General encryption and decryption function example using FILE I/O and AES128
+with a 128-bit key:
+
+ int do_crypt(FILE *in, FILE *out, int do_encrypt)
+        {
+        /* Allow enough space in output buffer for additional block */
+        unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+        int inlen, outlen;
+        EVP_CIPHER_CTX *ctx;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = "0123456789abcdeF";
+        unsigned char iv[] = "1234567887654321";
+
+        /* Don't set key or IV right away; we want to check lengths */
+        ctx = EVP_CIPHER_CTX_new();
+        EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+                do_encrypt);
+        OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+
+        /* Now we can set key and IV */
+        EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+
+        for(;;)
+                {
+                inlen = fread(inbuf, 1, 1024, in);
+                if (inlen <= 0) break;
+                if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
+                        {
+                        /* Error */
+                        EVP_CIPHER_CTX_free(ctx);
+                        return 0;
+                        }
+                fwrite(outbuf, 1, outlen, out);
+                }
+        if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
+                {
+                /* Error */
+                EVP_CIPHER_CTX_free(ctx);
+                return 0;
+                }
+        fwrite(outbuf, 1, outlen, out);
+
+        EVP_CIPHER_CTX_free(ctx);
+        return 1;
+        }
+
+
+=head1 SEE ALSO
+
+L<evp(7)>
+
+=head1 HISTORY
+
+Support for OCB mode was added in OpenSSL 1.1.0
+
+B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0.  As a result,
+EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
+disappeared.  EVP_CIPHER_CTX_init() remains as an alias for
+EVP_CIPHER_CTX_reset().
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_MD_meth_new.pod b/openssl-1.1.0h/doc/crypto/EVP_MD_meth_new.pod
new file mode 100644
index 0000000..4dac672
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_MD_meth_new.pod
@@ -0,0 +1,179 @@
+=pod
+
+=head1 NAME
+
+EVP_MD_meth_dup,
+EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
+EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
+EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
+EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup,
+EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize,
+EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
+EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
+EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
+EVP_MD_meth_get_ctrl
+- Routines to build up EVP_MD methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+ void EVP_MD_meth_free(EVP_MD *md);
+ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+
+ int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+ int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+ int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+ int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+ int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                      const void *data,
+                                                      size_t count));
+ int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                    unsigned char *md));
+ int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                  const EVP_MD_CTX *from));
+ int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                  int p1, void *p2));
+
+ int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+ int EVP_MD_meth_get_result_size(const EVP_MD *md);
+ int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+ unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+ int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                 const void *data,
+                                                 size_t count);
+ int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                unsigned char *md);
+ int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                               const EVP_MD_CTX *from);
+ int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                               int p1, void *p2);
+
+=head1 DESCRIPTION
+
+The B<EVP_MD> type is a structure for digest method implementation.
+It can also have associated public/private key signing and verifying
+routines.
+
+EVP_MD_meth_new() creates a new B<EVP_MD> structure.
+
+EVP_MD_meth_dup() creates a copy of B<md>.
+
+EVP_MD_meth_free() destroys a B<EVP_MD> structure.
+
+EVP_MD_meth_set_input_blocksize() sets the internal input block size
+for the method B<md> to B<blocksize> bytes.
+
+EVP_MD_meth_set_result_size() sets the size of the result that the
+digest method in B<md> is expected to produce to B<resultsize> bytes.
+
+The digest method may have its own private data, which OpenSSL will
+allocate for it.  EVP_MD_meth_set_app_datasize() should be used to
+set the size for it to B<datasize>.
+
+EVP_MD_meth_set_flags() sets the flags to describe optional
+behaviours in the particular B<md>.  Several flags can be or'd
+together.  The available flags are:
+
+=over 4
+
+=item EVP_MD_FLAG_ONESHOT
+
+This digest method can only handles one block of input.
+
+=item EVP_MD_FLAG_DIGALGID_NULL
+
+When setting up a DigestAlgorithmIdentifier, this flag will have the
+parameter set to NULL by default.  Use this for PKCS#1.  I<Note: if
+combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.>
+
+=item EVP_MD_FLAG_DIGALGID_ABSENT
+
+When setting up a DigestAlgorithmIdentifier, this flag will have the
+parameter be left absent by default.  I<Note: if combined with
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
+
+=item EVP_MD_FLAG_DIGALGID_CUSTOM
+
+Custom DigestAlgorithmIdentifier handling via ctrl, with
+B<EVP_MD_FLAG_DIGALGID_ABSENT> as default.  I<Note: if combined with
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
+Currently unused.
+
+=back
+
+EVP_MD_meth_set_init() sets the digest init function for B<md>.
+The digest init function is called by EVP_DigestInit(),
+EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit()
+and EVP_VerifyInit_ex().
+
+EVP_MD_meth_set_update() sets the digest update function for B<md>.
+The digest update function is called by EVP_DigestUpdate(),
+EVP_SignUpdate().
+
+EVP_MD_meth_set_final() sets the digest final function for B<md>.
+The digest final function is called by EVP_DigestFinal(),
+EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().
+
+EVP_MD_meth_set_copy() sets the function for B<md> to do extra
+computations after the method's private data structure has been copied
+from one B<EVP_MD_CTX> to another.  If all that's needed is to copy
+the data, there is no need for this copy function.
+Note that the copy function is passed two B<EVP_MD_CTX *>, the private
+data structure is then available with EVP_MD_CTX_md_data().
+This copy function is called by EVP_MD_CTX_copy() and
+EVP_MD_CTX_copy_ex().
+
+EVP_MD_meth_set_cleanup() sets the function for B<md> to do extra
+cleanup before the method's private data structure is cleaned out and
+freed.
+Note that the cleanup function is passed a B<EVP_MD_CTX *>, the
+private data structure is then available with EVP_MD_CTX_md_data().
+This cleanup function is called by EVP_MD_CTX_reset() and
+EVP_MD_CTX_free().
+
+EVP_MD_meth_set_ctrl() sets the control function for B<md>.
+
+EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(),
+EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(),
+EVP_MD_meth_get_init(), EVP_MD_meth_get_update(),
+EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(),
+EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used
+to retrieve the method data given with the EVP_MD_meth_set_*()
+functions above.
+
+=head1 RETURN VALUES
+
+EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly
+created B<EVP_MD>, or NULL on failure.
+All EVP_MD_meth_set_*() functions return 1.
+EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(),
+EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the
+indicated sizes or flags.
+All other EVP_CIPHER_meth_get_*() functions return pointers to their
+respective B<md> function.
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
+
+=head1 HISTORY
+
+The B<EVP_MD> structure was openly available in OpenSSL before version
+1.1.0.  The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_OpenInit.pod b/openssl-1.1.0h/doc/crypto/EVP_OpenInit.pod
new file mode 100644
index 0000000..ff84490
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_OpenInit.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+                int ekl, unsigned char *iv, EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+
+EVP_OpenInit() initializes a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
+documented on the L<EVP_EncryptInit(3)> manual
+page.
+
+=head1 NOTES
+
+It is possible to call EVP_OpenInit() twice in the same way as
+EVP_DecryptInit(). The first call should have B<priv> set to NULL
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+If the cipher passed in the B<type> parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
+
+=head1 RETURN VALUES
+
+EVP_OpenInit() returns 0 on error or a non zero integer (actually the
+recovered secret key size) if successful.
+
+EVP_OpenUpdate() returns 1 for success or 0 for failure.
+
+EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
+
+=head1 SEE ALSO
+
+L<evp(3)>, L<rand(3)>,
+L<EVP_EncryptInit(3)>,
+L<EVP_SealInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_ASN1_METHOD.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_ASN1_METHOD.pod
new file mode 100644
index 0000000..0eece53
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_ASN1_METHOD.pod
@@ -0,0 +1,358 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_ASN1_METHOD,
+EVP_PKEY_asn1_new,
+EVP_PKEY_asn1_copy,
+EVP_PKEY_asn1_free,
+EVP_PKEY_asn1_add0,
+EVP_PKEY_asn1_add_alias,
+EVP_PKEY_asn1_set_public,
+EVP_PKEY_asn1_set_private,
+EVP_PKEY_asn1_set_param,
+EVP_PKEY_asn1_set_free,
+EVP_PKEY_asn1_set_ctrl,
+EVP_PKEY_asn1_set_item,
+EVP_PKEY_asn1_set_security_bits,
+EVP_PKEY_get0_asn1
+- manipulating and registering EVP_PKEY_ASN1_METHOD structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                         const char *pem_str,
+                                         const char *info);
+ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                         const EVP_PKEY_ASN1_METHOD *src);
+ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add_alias(int to, int from);
+
+ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*pub_decode) (EVP_PKEY *pk,
+                                                  X509_PUBKEY *pub),
+                               int (*pub_encode) (X509_PUBKEY *pub,
+                                                  const EVP_PKEY *pk),
+                               int (*pub_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                               int (*pub_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx),
+                               int (*pkey_size) (const EVP_PKEY *pk),
+                               int (*pkey_bits) (const EVP_PKEY *pk));
+ void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                                int (*priv_decode) (EVP_PKEY *pk,
+                                                    const PKCS8_PRIV_KEY_INFO
+                                                    *p8inf),
+                                int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                    const EVP_PKEY *pk),
+                                int (*priv_print) (BIO *out,
+                                                   const EVP_PKEY *pkey,
+                                                   int indent,
+                                                   ASN1_PCTX *pctx));
+ void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*param_decode) (EVP_PKEY *pkey,
+                                                   const unsigned char **pder,
+                                                   int derlen),
+                              int (*param_encode) (const EVP_PKEY *pkey,
+                                                   unsigned char **pder),
+                              int (*param_missing) (const EVP_PKEY *pk),
+                              int (*param_copy) (EVP_PKEY *to,
+                                                 const EVP_PKEY *from),
+                              int (*param_cmp) (const EVP_PKEY *a,
+                                                const EVP_PKEY *b),
+                              int (*param_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+
+ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                             void (*pkey_free) (EVP_PKEY *pkey));
+ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                               long arg1, void *arg2));
+ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*item_verify) (EVP_MD_CTX *ctx,
+                                                 const ASN1_ITEM *it,
+                                                 void *asn,
+                                                 X509_ALGOR *a,
+                                                 ASN1_BIT_STRING *sig,
+                                                 EVP_PKEY *pkey),
+                             int (*item_sign) (EVP_MD_CTX *ctx,
+                                               const ASN1_ITEM *it,
+                                               void *asn,
+                                               X509_ALGOR *alg1,
+                                               X509_ALGOR *alg2,
+                                               ASN1_BIT_STRING *sig));
+
+ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                      int (*pkey_security_bits) (const EVP_PKEY
+                                                                 *pk));
+
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+B<EVP_PKEY_ASN1_METHOD> is a structure which holds a set of ASN.1
+conversion, printing and information methods for a specific public key
+algorithm.
+
+There are two places where the B<EVP_PKEY_ASN1_METHOD> objects are
+stored: one is a built-in array representing the standard methods for
+different algorithms, and the other one is a stack of user-defined
+application-specific methods, which can be manipulated by using
+L<EVP_PKEY_asn1_add0(3)>.
+
+=head2 Methods
+
+The methods are the underlying implementations of a particular public
+key algorithm present by the B<EVP_PKEY> object.
+
+ int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                   ASN1_PCTX *pctx);
+
+The pub_decode() and pub_encode() methods are called to decode /
+encode B<X509_PUBKEY> ASN.1 parameters to / from B<pk>.
+They MUST return 0 on error, 1 on success.
+They're called by L<X509_PUBKEY_get0(3)> and L<X509_PUBKEY_set(3)>.
+
+The pub_cmp() method is called when two public keys are to be
+compared.
+It MUST return 1 when the keys are equal, 0 otherwise.
+It's called by L<EVP_PKEY_cmp(3)>.
+
+The pub_print() method is called to print a public key in humanly
+readable text to B<out>, indented B<indent> spaces.
+It MUST return 0 on error, 1 on success.
+It's called by L<EVP_PKEY_print_public(3)>.
+
+ int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                    ASN1_PCTX *pctx);
+
+The priv_decode() and priv_encode() methods are called to decode /
+encode B<PKCS8_PRIV_KEY_INFO> form private key to / from B<pk>.
+They MUST return 0 on error, 1 on success.
+They're called by L<EVP_PKCS82PKEY(3)> and L<EVP_PKEY2PKCS8(3)>.
+
+The priv_print() method is called to print a private key in humanly
+readable text to B<out>, indented B<indent> spaces.
+It MUST return 0 on error, 1 on success.
+It's called by L<EVP_PKEY_print_private(3)>.
+
+ int (*pkey_size) (const EVP_PKEY *pk);
+ int (*pkey_bits) (const EVP_PKEY *pk);
+ int (*pkey_security_bits) (const EVP_PKEY *pk);
+
+The pkey_size() method returns the key size in bytes.
+It's called by L<EVP_PKEY_size(3)>.
+
+The pkey_bits() method returns the key size in bits.
+It's called by L<EVP_PKEY_bits(3)>.
+
+ int (*param_decode) (EVP_PKEY *pkey,
+                      const unsigned char **pder, int derlen);
+ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ int (*param_missing) (const EVP_PKEY *pk);
+ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                     ASN1_PCTX *pctx);
+
+The param_decode() and param_encode() methods are called to decode /
+encode DER formatted parameters to / from B<pk>.
+They MUST return 0 on error, 1 on success.
+They're called by L<PEM_read_bio_Parameters(3)> and the B<file:>
+L<OSSL_STORE_LOADER(3)>.
+
+The param_missing() method returns 0 if a key parameter is missing,
+otherwise 1.
+It's called by L<EVP_PKEY_missing_parameters(3)>.
+
+The param_copy() method copies key parameters from B<from> to B<to>.
+It MUST return 0 on error, 1 on success.
+It's called by L<EVP_PKEY_copy_parameters(3)>.
+
+The param_cmp() method compares the parameters of keys B<a> and B<b>.
+It MUST return 1 when the keys are equal, 0 when not equal, or a
+negative number on error.
+It's called by L<EVP_PKEY_cmp_parameters(3)>.
+
+The param_print() method prints the private key parameters in humanly
+readable text to B<out>, indented B<indent> spaces.
+It MUST return 0 on error, 1 on success.
+It's called by L<EVP_PKEY_print_params(3)>.
+
+ int (*sig_print) (BIO *out,
+                   const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                   int indent, ASN1_PCTX *pctx);
+
+The sig_print() method prints a signature in humanly readable text to
+B<out>, indented B<indent> spaces.
+B<sigalg> contains the exact signature algorithm.
+If the signature in B<sig> doesn't correspond to what this method
+expects, X509_signature_dump() must be used as a last resort.
+It MUST return 0 on error, 1 on success.
+It's called by L<X509_signature_print(3)>.
+
+ void (*pkey_free) (EVP_PKEY *pkey);
+
+The pkey_free() method helps freeing the internals of B<pkey>.
+It's called by L<EVP_PKEY_free(3)>, L<EVP_PKEY_set_type(3)>,
+L<EVP_PKEY_set_type_str(3)>, and L<EVP_PKEY_assign(3)>.
+
+ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+
+The pkey_ctrl() method adds extra algorithm specific control.
+It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
+L<EVP_PKEY_set1_tls_encodedpoint(3)>,
+L<EVP_PKEY_get1_tls_encodedpoint(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
+L<PKCS7_RECIP_INFO_set(3)>, ...
+
+ int (*old_priv_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+
+The old_priv_decode() and old_priv_encode() methods decode / encode
+they private key B<pkey> from / to a DER formatted array.
+These are exclusively used to help decoding / encoding older (pre
+PKCS#8) PEM formatted encrypted private keys.
+old_priv_decode() MUST return 0 on error, 1 on success.
+old_priv_encode() MUST the return same kind of values as
+i2d_PrivateKey().
+They're called by L<d2i_PrivateKey(3)> and L<i2d_PrivateKey(3)>.
+
+ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                     X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                   X509_ALGOR *alg1, X509_ALGOR *alg2,
+                   ASN1_BIT_STRING *sig);
+
+The item_sign() and  item_verify() methods make it possible to have
+algorithm specific signatures and verification of them.
+
+item_sign() MUST return one of:
+
+=over 4
+
+=item <=0
+
+error
+
+=item Z<>1
+
+item_sign() did everything, OpenSSL internals just needs to pass the
+signature length back.
+
+=item Z<>2
+
+item_sign() did nothing, OpenSSL internal standard routines are
+expected to continue with the default signature production.
+
+=item Z<>3
+
+item_sign() set the algorithm identifier B<algor1> and B<algor2>,
+OpenSSL internals should just sign using those algorithms.
+
+=back
+
+item_verify() MUST return one of:
+
+=over 4
+
+=item <=0
+
+error
+
+=item Z<>1
+
+item_sign() did everything, OpenSSL internals just needs to pass the
+signature length back.
+
+=item Z<>2
+
+item_sign() did nothing, OpenSSL internal standard routines are
+expected to continue with the default signature production.
+
+=back
+
+item_verify() and item_sign() are called by L<ASN1_item_verify(3)> and
+L<ASN1_item_sign(3)>, and by extension, L<X509_verify(3)>,
+L<X509_REQ_verify(3)>, L<X509_sign(3)>, L<X509_REQ_sign(3)>, ...
+
+=head2 Functions
+
+EVP_PKEY_asn1_new() creates and returns a new B<EVP_PKEY_ASN1_METHOD>
+object, and associates the given B<id>, B<flags>, B<pem_str> and
+B<info>.
+B<id> is a NID, B<pem_str> is the PEM type string, B<info> is a
+descriptive string.
+The following B<flags> are supported:
+
+ ASN1_PKEY_SIGPARAM_NULL
+
+If B<ASN1_PKEY_SIGPARAM_NULL> is set, then the signature algorithm
+parameters are given the type B<V_ASN1_NULL> by default, otherwise
+they will be given the type B<V_ASN1_UNDEF> (i.e. the parameter is
+omitted).
+See L<X509_ALGOR_set0(3)> for more information.
+
+EVP_PKEY_asn1_copy() copies an B<EVP_PKEY_ASN1_METHOD> object from
+B<src> to B<dst>.
+This function is not thread safe, it's recommended to only use this
+when initializing the application.
+
+EVP_PKEY_asn1_free() frees an existing B<EVP_PKEY_ASN1_METHOD> pointed
+by B<ameth>.
+
+EVP_PKEY_asn1_add0() adds B<ameth> to the user defined stack of
+methods unless another B<EVP_PKEY_ASN1_METHOD> with the same NID is
+already there.
+This function is not thread safe, it's recommended to only use this
+when initializing the application.
+
+EVP_PKEY_asn1_add_alias() creates an alias with the NID B<to> for the
+B<EVP_PKEY_ASN1_METHOD> with NID B<from> unless another
+B<EVP_PKEY_ASN1_METHOD> with the same NID is already added.
+This function is not thread safe, it's recommended to only use this
+when initializing the application.
+
+EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(),
+EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(),
+EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), and
+EVP_PKEY_asn1_set_security_bits() set the diverse methods of the given
+B<EVP_PKEY_ASN1_METHOD> object.
+
+EVP_PKEY_get0_asn1() finds the B<EVP_PKEY_ASN1_METHOD> associated
+with the key B<pkey>.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an
+B<EVP_PKEY_ASN1_METHOD> object otherwise.
+
+EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error,
+or 1 on success.
+
+EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant
+B<EVP_PKEY_ASN1_METHOD> object otherwise.
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_ctrl.pod
new file mode 100644
index 0000000..a30450b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -0,0 +1,154 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str,
+EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding,
+EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits,
+EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits,
+EVP_PKEY_CTX_set_dh_paramgen_prime_len,
+EVP_PKEY_CTX_set_dh_paramgen_generator,
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
+EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+
+ #include <openssl/rsa.h>
+
+ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+
+ #include <openssl/dsa.h>
+ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+
+ #include <openssl/dh.h>
+ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+
+ #include <openssl/ec.h>
+ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+
+=head1 DESCRIPTION
+
+The function EVP_PKEY_CTX_ctrl() sends a control operation to the context
+B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter
+B<optype> is a mask indicating which operations the control can be applied to.
+The control command is indicated in B<cmd> and any additional arguments in
+B<p1> and B<p2>.
+
+Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
+instead call one of the algorithm specific macros below.
+
+The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm
+specific control operation to a context B<ctx> in string form. This is
+intended to be used for options specified on the command line or in text
+files. The commands supported are documented in the openssl utility
+command line pages for the option B<-pkeyopt> which is supported by the
+B<pkeyutl>, B<genpkey> and B<req> commands.
+
+All the remaining "functions" are implemented as macros.
+
+The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
+in a signature. It can be used with any public key algorithm supporting
+signature operations.
+
+The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
+RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
+RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
+RSA_X931_PADDING for X9.31 padding (signature operations only) and
+RSA_PKCS1_PSS_PADDING (sign and verify only).
+
+Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
+is used. If this macro is called for PKCS#1 padding the plaintext buffer is
+an actual digest value and is encapsulated in a DigestInfo structure according
+to PKCS#1 when signing and this structure is expected (and stripped off) when
+verifying. If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated. In the case of X9.31
+padding for RSA the algorithm identifier byte is added or checked and removed
+if this control is called. If it is not called then the first byte of the plaintext
+buffer is expected to be the algorithm identifier byte.
+
+The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
+B<len> as its name implies it is only supported for PSS padding.  Two special
+values are supported: -1 sets the salt length to the digest length. When
+signing -2 sets the salt length to the maximum permissible value. When
+verifying -2 causes the salt length to be automatically determined based on the
+B<PSS> block structure. If this macro is not called a salt length value of -2
+is used by default.
+
+The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for
+RSA key generation to B<bits>. If not specified 1024 bits is used.
+
+The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
+for RSA key generation to B<pubexp> currently it should be an odd integer. The
+B<pubexp> pointer is used internally by this function so it should not be
+modified or free after the call. If this macro is not called then 65537 is used.
+
+The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+for DSA parameter generation to B<bits>. If not specified 1024 is used.
+
+The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+prime parameter B<p> for DH parameter generation. If this macro is not called
+then 1024 is used.
+
+The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
+for DH parameter generation. If not specified 2 is used.
+
+The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
+generation to B<nid>. For EC parameter generation this macro must be called
+or an error occurs because there is no default curve.
+This function can also be called to set the curve explicitly when
+generating an EC key.
+
+The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to
+B<param_enc> when generating EC parameters or an EC key. The encoding can be
+B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
+of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
+For maximum compatibility the named curve form should be used. Note: the
+B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
+versions should use 0 instead.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+L<EVP_PKEY_keygen(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_new.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_new.pod
new file mode 100644
index 0000000..eff94cd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_new.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_CTX_new() function allocates public key algorithm context using
+the algorithm specified in B<pkey> and ENGINE B<e>.
+
+The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
+using the algorithm specified by B<id> and ENGINE B<e>. It is normally used
+when no B<EVP_PKEY> structure is associated with the operations, for example
+during parameter generation of key generation for some algorithms.
+
+EVP_PKEY_CTX_dup() duplicates the context B<ctx>.
+
+EVP_PKEY_CTX_free() frees up the context B<ctx>.
+If B<ctx> is NULL, nothing is done.
+
+=head1 NOTES
+
+The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
+by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between
+threads: that is it is not permissible to use the same context simultaneously
+in two threads.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either
+the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred.
+
+EVP_PKEY_CTX_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod
new file mode 100644
index 0000000..61e0eec
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
+EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
+HMAC-based Extract-and-Expand key derivation algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/kdf.h>
+
+ int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+
+ int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                 int saltlen);
+
+ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+                                int keylen);
+
+ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+                                 int infolen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
+HKDF follows the "extract-then-expand" paradigm, where the KDF logically
+consists of two modules. The first stage takes the input keying material
+and "extracts" from it a fixed-length pseudorandom key K. The second stage
+"expands" the key K into several additional pseudorandom keys (the output
+of the KDF).
+
+EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
+
+EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
+buffer B<salt>. Any existing value is replaced.
+
+EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
+B<key>. Any existing value is replaced.
+
+EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
+buffer B<info>. If a value is already set, it is appended to the existing
+value.
+
+=head1 STRING CTRLS
+
+HKDF also supports string based control operations via
+L<EVP_PKEY_CTX_ctrl_str(3)>.
+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+algorithm to use.
+The B<type> parameters "salt", "key" and "info" use the supplied B<value>
+parameter as a B<seed>, B<key> or B<info> value.
+The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
+string which is converted to binary.
+
+=head1 NOTES
+
+All these functions are implemented as macros.
+
+A context for HKDF can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL);
+
+The digest, key, salt and info values must be set before a key is derived or
+an error occurs.
+
+The total length of the info buffer cannot exceed 1024 bytes in length: this
+should be more than enough for any normal use of HKDF.
+
+The output length of the KDF is specified via the length parameter to the
+L<EVP_PKEY_derive(3)> function.
+Since the HKDF output length is variable, passing a B<NULL> buffer as a means
+to obtain the requisite length is not meaningful with HKDF.
+Instead, the caller must allocate a buffer of the desired length, and pass that
+buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
+desired length.
+
+Optimised versions of HKDF can be implemented in an ENGINE.
+
+=head1 RETURN VALUES
+
+All these functions return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLE
+
+This example derives 10 bytes using SHA-256 with the secret key "secret",
+salt value "salt" and info value "label":
+
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+
+ if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
+    /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+
+=head1 CONFORMING TO
+
+RFC 5869
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_CTX_ctrl_str(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod
new file mode 100644
index 0000000..f1f0ae4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_CTX_set_tls1_prf_md,
+EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed -
+TLS PRF key derivation algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/kdf.h>
+
+ int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                       unsigned char *sec, int seclen);
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                     unsigned char *seed, int seedlen);
+
+=head1 DESCRIPTION
+
+The B<EVP_PKEY_TLS1_PRF> algorithm implements the PRF key derivation function for
+TLS. It has no associated private key and only implements key derivation
+using L<EVP_PKEY_derive(3)>.
+
+EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
+TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
+algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
+
+EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF
+to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced
+and any seed is reset.
+
+EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
+If a seed is already set it is appended to the existing value.
+
+=head1 STRING CTRLS
+
+The TLS PRF also supports string based control operations using
+L<EVP_PKEY_CTX_ctrl_str(3)>.
+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
+algorithm to use.
+The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
+as a secret or seed value.
+The names "hexsecret" and "hexseed" are similar except they take a hex string
+which is converted to binary.
+
+=head1 NOTES
+
+All these functions are implemented as macros.
+
+A context for the TLS PRF can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL);
+
+The digest, secret value and seed must be set before a key is derived or an
+error occurs.
+
+The total length of all seeds cannot exceed 1024 bytes in length: this should
+be more than enough for any normal use of the TLS PRF.
+
+The output length of the PRF is specified by the length parameter in the
+EVP_PKEY_derive() function. Since the output length is variable, setting
+the buffer to B<NULL> is not meaningful for the TLS PRF.
+
+Optimised versions of the TLS PRF can be implemented in an ENGINE.
+
+=head1 RETURN VALUES
+
+All these functions return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLE
+
+This example derives 10 bytes using SHA-256 with the secret key "secret"
+and seed value "seed":
+
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+ if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+    /* Error */
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+    /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_CTX_ctrl_str(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_asn1_get_count.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_asn1_get_count.pod
new file mode 100644
index 0000000..9ad2dae
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_asn1_get_count.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_asn1_find,
+EVP_PKEY_asn1_find_str,
+EVP_PKEY_asn1_get_count,
+EVP_PKEY_asn1_get0,
+EVP_PKEY_asn1_get0_info
+- enumerate public key ASN.1 methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_asn1_get_count(void);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                    const char *str, int len);
+ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                             int *ppkey_flags, const char **pinfo,
+                             const char **ppem_str,
+                             const EVP_PKEY_ASN1_METHOD *ameth);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_asn1_count() returns a count of the number of public key
+ASN.1 methods available: it includes standard methods and any methods
+added by the application.
+
+EVP_PKEY_asn1_get0() returns the public key ASN.1 method B<idx>.
+The value of B<idx> must be between zero and EVP_PKEY_asn1_get_count()
+- 1.
+
+EVP_PKEY_asn1_find() looks up the B<EVP_PKEY_ASN1_METHOD> with NID
+B<type>.
+If B<pe> isn't B<NULL>, then it will look up an engine implementing a
+B<EVP_PKEY_ASN1_METHOD> for the NID B<type> and return that instead,
+and also set B<*pe> to point at the engine that implements it.
+
+EVP_PKEY_asn1_find_str() looks up the B<EVP_PKEY_ASN1_METHOD> with PEM
+type string B<str>.
+Just like EVP_PKEY_asn1_find(), if B<pe> isn't B<NULL>, then it will
+look up an engine implementing a B<EVP_PKEY_ASN1_METHOD> for the NID
+B<type> and return that instead, and also set B<*pe> to point at the
+engine that implements it.
+
+EVP_PKEY_asn1_get0_info() returns the public key ID, base public key
+ID (both NIDs), any flags, the method description and PEM type string
+associated with the public key ASN.1 method B<*ameth>. 
+
+EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and
+EVP_PKEY_asn1_find_str() are not thread safe, but as long as all
+B<EVP_PKEY_ASN1_METHOD> objects are added before the application gets
+threaded, using them is safe.  See L<EVP_PKEY_asn1_add0(3)>.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_asn1_count() returns the number of available public key methods.
+
+EVP_PKEY_asn1_get0() return a public key method or B<NULL> if B<idx> is
+out of range.
+
+EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_cmp.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_cmp.pod
new file mode 100644
index 0000000..270d635
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_cmp.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters,
+EVP_PKEY_cmp - public key parameter and comparison functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+
+ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+=head1 DESCRIPTION
+
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+
+The function EVP_PKEY_copy_parameters() copies the parameters from key
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.
+
+The function EVP_PKEY_cmp_parameters() compares the parameters of keys
+B<a> and B<b>.
+
+The function EVP_PKEY_cmp() compares the public key components and parameters
+(if present) of keys B<a> and B<b>.
+
+=head1 NOTES
+
+The main purpose of the functions EVP_PKEY_missing_parameters() and
+EVP_PKEY_copy_parameters() is to handle public keys in certificates where the
+parameters are sometimes omitted from a public key if they are inherited from
+the CA that signed it.
+
+Since OpenSSL private keys contain public key components too the function
+EVP_PKEY_cmp() can also be used to determine if a private key matches
+a public key.
+
+=head1 RETURN VALUES
+
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+
+These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
+failure.
+
+The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the
+keys match, 0 if they don't match, -1 if the key types are different and
+-2 if the operation is not supported.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_decrypt.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_decrypt.pod
new file mode 100644
index 0000000..ca732ed
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_decrypt.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_decrypt_init() function initializes a public key algorithm
+context using key B<pkey> for a decryption operation.
+
+The EVP_PKEY_decrypt() function performs a public key decryption operation
+using B<ctx>. The data to be decrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the decrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_decrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_decrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Decrypt data using OAEP (for RSA keys):
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ out = OPENSSL_malloc(outlen);
+
+ if (!out)
+        /* malloc failure */
+
+ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ /* Decrypted data is outlen bytes written to buffer out */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_derive.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_derive.pod
new file mode 100644
index 0000000..f70a0b8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_derive.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_derive_init() function initializes a public key algorithm
+context using key B<pkey> for shared secret derivation.
+
+The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally
+be a public key.
+
+The EVP_PKEY_derive() derives a shared secret using B<ctx>.
+If B<key> is B<NULL> then the maximum size of the output buffer is written to
+the B<keylen> parameter. If B<key> is not B<NULL> then before the call the
+B<keylen> parameter should contain the length of the B<key> buffer, if the call
+is successful the shared secret is written to B<key> and the amount of data
+written to B<keylen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_derive_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_derive() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Derive shared secret (for example DH or EC keys):
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, peerkey have been already set up */
+
+ ctx = EVP_PKEY_CTX_new(pkey);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+        /* Error */
+
+ skey = OPENSSL_malloc(skeylen);
+
+ if (!skey)
+        /* malloc failure */
+
+ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+        /* Error */
+
+ /* Shared secret is skey bytes written to buffer skey */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_encrypt.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_encrypt.pod
new file mode 100644
index 0000000..01336e1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_encrypt.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_encrypt_init() function initializes a public key algorithm
+context using key B<pkey> for an encryption operation.
+
+The EVP_PKEY_encrypt() function performs a public key encryption operation
+using B<ctx>. The data to be encrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the encrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_encrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_encrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)> or
+L<d2i_X509(3)> for means to load a public key. You may also simply
+set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
+
+ EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
+ /* NB: assumes eng, key, in, inlen are already set up,
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key, eng);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ out = OPENSSL_malloc(outlen);
+
+ if (!out)
+        /* malloc failure */
+
+ if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ /* Encrypted data is outlen bytes written to buffer out */
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<engine(3)>,
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_get_default_digest_nid.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
new file mode 100644
index 0000000..3dce5c5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_get_default_digest_nid - get default signature digest
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
+message digest NID for the public key signature operations associated with key
+B<pkey>.
+
+=head1 NOTES
+
+For all current standard OpenSSL public key algorithms SHA1 is returned.
+
+=head1 RETURN VALUES
+
+The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
+is advisory (that is other digests can be used) and 2 if it is mandatory (other
+digests can not be used).  It returns 0 or a negative value for failure. In
+particular a return value of -2 indicates the operation is not supported by the
+public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+
+=head1 HISTORY
+
+This function was first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_keygen.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_keygen.pod
new file mode 100644
index 0000000..b1e708f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_keygen.pod
@@ -0,0 +1,175 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
+EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
+EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
+EVP_PKEY_CTX_get_app_data,
+EVP_PKEY_gen_cb
+- key and parameter generation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+ void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+ void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_keygen_init() function initializes a public key algorithm
+context using key B<pkey> for a key generation operation.
+
+The EVP_PKEY_keygen() function performs a key generation operation, the
+generated key is written to B<ppkey>.
+
+The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
+except parameters are generated.
+
+The function EVP_PKEY_set_cb() sets the key or parameter generation callback
+to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
+generation callback.
+
+The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
+with the generation operation. If B<idx> is -1 the total number of
+parameters available is returned. Any non negative value returns the value of
+that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
+B<idx> should only be called within the generation callback.
+
+If the callback returns 0 then the key generation operation is aborted and an
+error occurs. This might occur during a time consuming operation where
+a user clicks on a "cancel" button.
+
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
+and retrieve an opaque pointer. This can be used to set some application
+defined value which can be retrieved in the callback: for example a handle
+which is used to update a "progress dialog".
+
+=head1 NOTES
+
+After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
+specific control operations can be performed to set any appropriate parameters
+for the operation.
+
+The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
+once on the same context if several operations are performed using the same
+parameters.
+
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specific implementation of the algorithm. Some might not
+give any useful information at all during key or parameter generation. Others
+might not even call the callback.
+
+The operation performed by key or parameter generation depends on the algorithm
+used. In some cases (e.g. EC with a supplied named curve) the "generation"
+option merely sets the appropriate fields in an EVP_PKEY structure.
+
+In OpenSSL an EVP_PKEY structure containing a private key also contains the
+public key components and parameters (if any). An OpenSSL private key is
+equivalent to what some libraries call a "key pair". A private key can be used
+in functions which require the use of a public key or parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
+EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLES
+
+Generate a 2048 bit RSA key:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+        /* Error */
+
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+
+Generate a key from a set of parameters:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL, *param;
+ /* Assumed param is set up already */
+ ctx = EVP_PKEY_CTX_new(param);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+
+Example of generation callback for OpenSSL public key implementations:
+
+ /* Application data is a BIO to output status to */
+
+ EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+
+ static int genpkey_cb(EVP_PKEY_CTX *ctx)
+        {
+        char c = '*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0) c = '.';
+        if (p == 1) c = '+';
+        if (p == 2) c = '*';
+        if (p == 3) c = '\n';
+        BIO_write(b, &c, 1);
+        (void)BIO_flush(b);
+        return 1;
+        }
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_new.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_new.pod
new file mode 100644
index 0000000..956d699
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_new.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *EVP_PKEY_new(void);
+ int EVP_PKEY_up_ref(EVP_PKEY *key);
+ void EVP_PKEY_free(EVP_PKEY *key);
+
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> structure which is
+used by OpenSSL to store private keys. The reference count is set to B<1>.
+
+EVP_PKEY_up_ref() increments the reference count of B<key>.
+
+EVP_PKEY_free() decrements the reference count of B<key> and, if the reference
+count is zero, frees it up. If B<key> is NULL, nothing is done.
+
+=head1 NOTES
+
+The B<EVP_PKEY> structure is used by various OpenSSL functions which require a
+general private key without reference to any particular algorithm.
+
+The structure returned by EVP_PKEY_new() is empty. To add a private key to this
+empty structure the functions described in L<EVP_PKEY_set1_RSA(3)> should be
+used.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> structure or
+B<NULL> if an error occurred.
+
+EVP_PKEY_up_ref() returns 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_set1_RSA(3)>
+
+=head1 HISTORY
+
+EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL.
+
+EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_print_private.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_print_private.pod
new file mode 100644
index 0000000..9f1d324
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_print_private.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+
+=head1 DESCRIPTION
+
+The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and
+EVP_PKEY_print_params() print out the public, private or parameter components
+of key B<pkey> respectively. The key is sent to BIO B<out> in human readable
+form. The parameter B<indent> indicated how far the printout should be indented.
+
+The B<pctx> parameter allows the print output to be finely tuned by using
+ASN1 printing options. If B<pctx> is set to NULL then default values will
+be used.
+
+=head1 NOTES
+
+Currently no public key algorithms include any options in the B<pctx> parameter
+parameter.
+
+If the key does not include all the components indicated by the function then
+only those contained in the key will be printed. For example passing a public
+key to EVP_PKEY_print_private() will only print the public components.
+
+=head1 RETURN VALUES
+
+These functions all return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_set1_RSA.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000..884cf91
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,131 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
+EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
+EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+
+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+ int EVP_PKEY_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_type(int type);
+
+ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
+B<NULL> if the key is not of the correct type.
+
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
+EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
+referenced key in B<pkey> or B<NULL> if the key is not of the
+correct type but the reference count of the returned key is
+B<not> incremented and so must not be freed up after use.
+
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+however these use the supplied B<key> internally and so B<key>
+will be freed when the parent B<pkey> is freed.
+
+EVP_PKEY_base_id() returns the type of B<pkey>. For example
+an RSA key will return B<EVP_PKEY_RSA>.
+
+EVP_PKEY_id() returns the actual OID associated with B<pkey>. Historically keys
+using the same algorithm could use different OIDs. For example an RSA key could
+use the OIDs corresponding to the NIDs B<NID_rsaEncryption> (equivalent to
+B<EVP_PKEY_RSA>) or B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
+alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
+often seen in practice.
+
+EVP_PKEY_type() returns the underlying type of the NID B<type>. For example
+EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
+
+EVP_PKEY_set1_engine() sets the ENGINE handling B<pkey> to B<engine>. It
+must be called after the key algorithm and components are set up.
+If B<engine> does not include an B<EVP_PKEY_METHOD> for B<pkey> an
+error occurs.
+
+=head1 NOTES
+
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the B<pkey> using the B<1> functions must be
+freed as well as B<pkey>.
+
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() are implemented as macros.
+
+Most applications wishing to know a key type will simply call
+EVP_PKEY_base_id() and will not care about the actual type:
+which will be identical in almost all cases.
+
+Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
+to determine the type of a key. Since B<EVP_PKEY> is now opaque this
+is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
+
+EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
+key as part of its routine to load a private key.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
+an error occurred.
+
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+
+EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
+type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
+
+EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_sign.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_sign.pod
new file mode 100644
index 0000000..9b3c8d4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_sign.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_sign_init() function initializes a public key algorithm
+context using key B<pkey> for a signing operation.
+
+The EVP_PKEY_sign() function performs a public key signing operation
+using B<ctx>. The data to be signed is specified using the B<tbs> and
+B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
+buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
+before the call the B<siglen> parameter should contain the length of the
+B<sig> buffer, if the call is successful the signature is written to
+B<sig> and the amount of data written to B<siglen>.
+
+=head1 NOTES
+
+EVP_PKEY_sign() does not hash the data to be signed, and therefore is
+normally used to sign digests. For signing arbitrary messages, see the
+L<EVP_DigestSignInit(3)> and
+L<EVP_SignInit(3)> signing interfaces instead.
+
+After the call to EVP_PKEY_sign_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation (see L<EVP_PKEY_CTX_ctrl(3)>).
+
+The function EVP_PKEY_sign() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Sign data using RSA with PKCS#1 padding and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ /* md is a SHA-256 digest in this example. */
+ unsigned char *md, *sig;
+ size_t mdlen = 32, siglen;
+ EVP_PKEY *signing_key;
+
+ /*
+  * NB: assumes signing_key and md are set up before the next
+  * step. signing_key must be an RSA private key and md must
+  * point to the SHA-256 digest to be signed.
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+        /* Error */
+
+ sig = OPENSSL_malloc(siglen);
+
+ if (!sig)
+        /* malloc failure */
+
+ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+        /* Error */
+
+ /* Signature is siglen bytes written to buffer sig */
+
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_CTX_ctrl(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify.pod
new file mode 100644
index 0000000..e84f880
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify.pod
@@ -0,0 +1,100 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_verify_init() function initializes a public key algorithm
+context using key B<pkey> for a signature verification operation.
+
+The EVP_PKEY_verify() function performs a public key verification operation
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. The verified data (i.e. the data believed originally
+signed) is specified using the B<tbs> and B<tbslen> parameters.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_verify_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_verify() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+EVP_PKEY_verify() only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
+
+A negative value indicates an error other that signature verification failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLE
+
+Verify signature using PKCS#1 and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen;
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+
+ /* ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify_recover.pod b/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify_recover.pod
new file mode 100644
index 0000000..837bc64
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_PKEY_verify_recover.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
+context using key B<pkey> for a verify recover operation.
+
+The EVP_PKEY_verify_recover() function recovers signed data
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
+buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
+before the call the B<routlen> parameter should contain the length of the
+B<rout> buffer, if the call is successful recovered data is written to
+B<rout> and the amount of data written to B<routlen>.
+
+=head1 NOTES
+
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the EVP_verify() function should be
+used.
+
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example RSA in PKCS padding mode).
+
+After the call to EVP_PKEY_verify_recover_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_verify_recover() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
+and 0 or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen;
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+        /* Error */
+
+ rout = OPENSSL_malloc(routlen);
+
+ if (!rout)
+        /* malloc failure */
+
+ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+
+ /* Recovered data is routlen bytes written to buffer rout */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod b/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod
new file mode 100644
index 0000000..30bd680
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_SealInit.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                  unsigned char **ek, int *ekl, unsigned char *iv,
+                  EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and IV (if required) then
+"envelope" it by using public key encryption. Data can then be
+encrypted using this key.
+
+EVP_SealInit() initializes a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV. B<type> is normally
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
+using one or more public keys, this allows the same encrypted data to be
+decrypted using any of the corresponding private keys. B<ek> is an array of
+buffers where the public key encrypted secret key will be written, each buffer
+must contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+
+The B<iv> parameter is a buffer where the generated IV is written to. It must
+contain enough room for the corresponding cipher's IV, as determined by (for
+example) EVP_CIPHER_iv_length(type).
+
+If the cipher does not require an IV then the B<iv> parameter is ignored
+and can be B<NULL>.
+
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
+documented on the L<EVP_EncryptInit(3)> manual
+page.
+
+=head1 RETURN VALUES
+
+EVP_SealInit() returns 0 on error or B<npubk> if successful.
+
+EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+failure.
+
+=head1 NOTES
+
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+
+It is possible to call EVP_SealInit() twice in the same way as
+EVP_EncryptInit(). The first call should have B<npubk> set to 0
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+=head1 SEE ALSO
+
+L<evp(3)>, L<rand(3)>,
+L<EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_SignInit.pod b/openssl-1.1.0h/doc/crypto/EVP_SignInit.pod
new file mode 100644
index 0000000..21eb868
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_SignInit.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_size,
+EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
+
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital
+signatures.
+
+EVP_SignInit_ex() sets up signing context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be created with
+EVP_MD_CTX_new() before calling this function.
+
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
+places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+bytes in size. B<s> is an OUT parameter, and not used as an IN parameter.
+The number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written.
+
+EVP_SignInit() initializes a signing context B<ctx> to use the default
+implementation of digest B<type>.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+
+=head1 RETURN VALUES
+
+EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
+for success and 0 for failure.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+
+The call to EVP_SignFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
+later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to
+EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+
+Since the private key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+
+It is not possible to change the signing parameters using these function.
+
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
+
+=head1 SEE ALSO
+
+L<EVP_VerifyInit(3)>,
+L<EVP_DigestInit(3)>,
+L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
+L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
+L<SHA1(3)>, L<dgst(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/EVP_VerifyInit.pod b/openssl-1.1.0h/doc/crypto/EVP_VerifyInit.pod
new file mode 100644
index 0000000..9214609
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/EVP_VerifyInit.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+EVP_VerifyInit_ex,
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal
+- EVP signature verification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey);
+
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+=head1 DESCRIPTION
+
+The EVP signature verification routines are a high level interface to digital
+signatures.
+
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be created by calling
+EVP_MD_CTX_new() before calling this function.
+
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>.
+
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
+
+=head1 RETURN VALUES
+
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
+
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+
+Since the public key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+
+It is not possible to change the signing parameters using these function.
+
+The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
+
+=head1 SEE ALSO
+
+L<evp(7)>,
+L<EVP_SignInit(3)>,
+L<EVP_DigestInit(3)>,
+L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
+L<MD5(3)>, L<MDC2(3)>, L<RIPEMD160(3)>,
+L<SHA1(3)>, L<dgst(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/HMAC.pod b/openssl-1.1.0h/doc/crypto/HMAC.pod
new file mode 100644
index 0000000..219c9ba
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/HMAC.pod
@@ -0,0 +1,152 @@
+=pod
+
+=head1 NAME
+
+HMAC,
+HMAC_CTX_new,
+HMAC_CTX_reset,
+HMAC_CTX_free,
+HMAC_Init,
+HMAC_Init_ex,
+HMAC_Update,
+HMAC_Final,
+HMAC_CTX_copy,
+HMAC_CTX_set_flags,
+HMAC_CTX_get_md
+- HMAC message authentication code
+
+=head1 SYNOPSIS
+
+ #include <openssl/hmac.h>
+
+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+               int key_len, const unsigned char *d, int n,
+               unsigned char *md, unsigned int *md_len);
+
+ HMAC_CTX *HMAC_CTX_new(void);
+ int HMAC_CTX_reset(HMAC_CTX *ctx);
+
+ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+                   const EVP_MD *md, ENGINE *impl);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+
+ void HMAC_CTX_free(HMAC_CTX *ctx);
+
+ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+ const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+               const EVP_MD *md);
+ #endif
+
+=head1 DESCRIPTION
+
+HMAC is a MAC (message authentication code), i.e. a keyed hash
+function used for message authentication, which is based on a hash
+function.
+
+HMAC() computes the message authentication code of the B<n> bytes at
+B<d> using the hash function B<evp_md> and the key B<key> which is
+B<key_len> bytes long.
+
+It places the result in B<md> (which must have space for the output of
+the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
+If B<md> is NULL, the digest is placed in a static array.  The size of
+the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
+value for B<md>  to use the static array is not thread safe.
+
+B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
+
+HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
+
+HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
+resources, making it suitable for new computations as if it was newly
+created with HMAC_CTX_new().
+
+HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
+releases any associated resources and finally frees the B<HMAC_CTX>
+itself.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and the key B<key> which is B<key_len> bytes
+long. It is deprecated and only included for backward compatibility
+with OpenSSL 0.9.6b.
+
+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
+as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
+reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
+of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
+behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
+in programs that expect it will cause them to stop working>.
+
+B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
+same as the previous digest used by B<ctx> then an error is returned
+because reuse of an existing key with a different digest is not supported.
+
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
+
+HMAC_Final() places the message authentication code in B<md>, which
+must have space for the hash function output.
+
+HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
+
+HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
+These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
+
+HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
+supplied HMAC_CTX.
+
+=head1 RETURN VALUES
+
+HMAC() returns a pointer to the message authentication code or NULL if
+an error occurred.
+
+HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
+B<NULL> if an error occurred.
+
+HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
+HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
+
+HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
+NULL if no EVP_MD has been set.
+
+=head1 CONFORMING TO
+
+RFC 2104
+
+=head1 SEE ALSO
+
+L<sha(3)>, L<evp(3)>
+
+=head1 HISTORY
+
+HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0.
+
+HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0.
+
+HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version
+1.1.0.
+
+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
+versions of OpenSSL before 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/MD5.pod b/openssl-1.1.0h/doc/crypto/MD5.pod
new file mode 100644
index 0000000..78da750
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/MD5.pod
@@ -0,0 +1,101 @@
+=pod
+
+=head1 NAME
+
+MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/md2.h>
+
+ unsigned char *MD2(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ int MD2_Init(MD2_CTX *c);
+ int MD2_Update(MD2_CTX *c, const unsigned char *data,
+                  unsigned long len);
+ int MD2_Final(unsigned char *md, MD2_CTX *c);
+
+
+ #include <openssl/md4.h>
+
+ unsigned char *MD4(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ int MD4_Init(MD4_CTX *c);
+ int MD4_Update(MD4_CTX *c, const void *data,
+                  unsigned long len);
+ int MD4_Final(unsigned char *md, MD4_CTX *c);
+
+
+ #include <openssl/md5.h>
+
+ unsigned char *MD5(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ int MD5_Init(MD5_CTX *c);
+ int MD5_Update(MD5_CTX *c, const void *data,
+                  unsigned long len);
+ int MD5_Final(unsigned char *md, MD5_CTX *c);
+
+=head1 DESCRIPTION
+
+MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
+
+MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
+of the B<n> bytes at B<d> and place it in B<md> (which must have space
+for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
+bytes of output). If B<md> is NULL, the digest is placed in a static
+array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MD2_Init() initializes a B<MD2_CTX> structure.
+
+MD2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MD2_Final() places the message digest in B<md>, which must have space
+for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
+
+MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
+MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)>
+etc. instead of calling the hash functions directly.
+
+=head1 NOTE
+
+MD2, MD4, and MD5 are recommended only for compatibility with existing
+applications. In new applications, SHA-1 or RIPEMD-160 should be
+preferred.
+
+=head1 RETURN VALUES
+
+MD2(), MD4(), and MD5() return pointers to the hash value.
+
+MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
+MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
+success, 0 otherwise.
+
+=head1 CONFORMING TO
+
+RFC 1319, RFC 1320, RFC 1321
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/MDC2_Init.pod b/openssl-1.1.0h/doc/crypto/MDC2_Init.pod
new file mode 100644
index 0000000..f7db71b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/MDC2_Init.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/mdc2.h>
+
+ unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ int MDC2_Init(MDC2_CTX *c);
+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                  unsigned long len);
+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+
+=head1 DESCRIPTION
+
+MDC2 is a method to construct hash functions with 128 bit output from
+block ciphers.  These functions are an implementation of MDC2 with
+DES.
+
+MDC2() computes the MDC2 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MDC2_Init() initializes a B<MDC2_CTX> structure.
+
+MDC2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MDC2_Final() places the message digest in B<md>, which must have space
+for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+
+=head1 RETURN VALUES
+
+MDC2() returns a pointer to the hash value.
+
+MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-2, with DES
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OBJ_nid2obj.pod b/openssl-1.1.0h/doc/crypto/OBJ_nid2obj.pod
new file mode 100644
index 0000000..3ada667
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OBJ_nid2obj.pod
@@ -0,0 +1,198 @@
+=pod
+
+=head1 NAME
+
+i2t_ASN1_OBJECT,
+OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln,
+OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp,
+OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup
+- ASN1 object utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/objects.h>
+
+ ASN1_OBJECT *OBJ_nid2obj(int n);
+ const char *OBJ_nid2ln(int n);
+ const char *OBJ_nid2sn(int n);
+
+ int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
+
+ int OBJ_txt2nid(const char *s);
+
+ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+ int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+
+ int OBJ_create(const char *oid, const char *sn, const char *ln);
+
+ size_t OBJ_length(const ASN1_OBJECT *obj);
+ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void OBJ_cleanup(void)
+ #endif
+
+=head1 DESCRIPTION
+
+The ASN1 object utility functions process ASN1_OBJECT structures which are
+a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+For convenience, OIDs are usually represented in source code as numeric
+identifiers, or B<NID>s.  OpenSSL has an internal table of OIDs that
+are generated when the library is built, and their corresponding NIDs
+are available as defined constants.  For the functions below, application
+code should treat all returned values -- OIDs, NIDs, or names -- as
+constants.
+
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
+an ASN1_OBJECT structure, its long name and its short name respectively,
+or B<NULL> is an error occurred.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
+for the object B<o>, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+
+OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
+a long name, a short name or the numerical representation of an object.
+
+OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
+If B<no_name> is 0 then long names and short names will be interpreted
+as well as numerical forms. If B<no_name> is 1 only the numerical form
+is acceptable.
+
+OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
+The representation is written as a null terminated string to B<buf>
+at most B<buf_len> bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If B<no_name> is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If B<no_name> is 1 then the numerical
+form will always be used.
+
+i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the B<no_name> set to zero.
+
+OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
+
+OBJ_dup() returns a copy of B<o>.
+
+OBJ_create() adds a new object to the internal table. B<oid> is the
+numerical form of the object, B<sn> the short name and B<ln> the
+long name. A new NID is returned for the created object.
+
+OBJ_length() returns the size of the content octets of B<obj>.
+
+OBJ_get0_data() returns a pointer to the content octets of B<obj>.
+The returned pointer is an internal pointer which B<must not> be freed.
+
+In OpenSSL versions prior to 1.1.0 OBJ_cleanup() cleaned up OpenSSLs internal
+object table and was called before an application exits if any new objects were
+added using OBJ_create(). This function is deprecated in version 1.1.0 and now
+does nothing if called. No explicit de-initialisation is now required. See
+L<OPENSSL_init_crypto(3)> for further information.
+
+=head1 NOTES
+
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (NID) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file B<objects.h>.
+
+For example the OID for commonName has the following definitions:
+
+ #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
+
+New objects can be added by calling OBJ_create().
+
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+
+Objects which are not in the table have the NID value NID_undef.
+
+Objects do not need to be in the internal tables to be processed,
+the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
+form of an OID.
+
+Some objects are used to represent algorithms which do not have a
+corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently
+exists for a particular algorithm). As a result they B<cannot> be encoded or
+decoded as part of ASN.1 structures. Applications can determine if there
+is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
+
+These functions cannot return B<const> because an B<ASN1_OBJECT> can
+represent both an internal, constant, OID and a dynamically-created one.
+The latter cannot be constant because it needs to be freed after use.
+
+=head1 EXAMPLES
+
+Create an object for B<commonName>:
+
+ ASN1_OBJECT *o;
+ o = OBJ_nid2obj(NID_commonName);
+
+Check if an object is B<commonName>
+
+ if (OBJ_obj2nid(obj) == NID_commonName)
+        /* Do something */
+
+Create a new NID and initialize an object from it:
+
+ int new_nid;
+ ASN1_OBJECT *obj;
+
+ new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+
+ obj = OBJ_nid2obj(new_nid);
+
+Create a new object directly:
+
+ obj = OBJ_txt2obj("1.2.3.4", 1);
+
+=head1 BUGS
+
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
+convention of other OpenSSL functions where the buffer can be set
+to B<NULL> to determine the amount of data that should be written.
+Instead B<buf> must point to a valid buffer and B<buf_len> should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any OID encountered in practice.
+
+=head1 RETURN VALUES
+
+OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
+error occurred.
+
+OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
+on error.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
+a NID or B<NID_undef> on error.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+
+=head1 HISTORY
+
+OBJ_cleanup() was deprecated in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_REQUEST_new.pod b/openssl-1.1.0h/doc/crypto/OCSP_REQUEST_new.pod
new file mode 100644
index 0000000..97c2337
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_REQUEST_new.pod
@@ -0,0 +1,118 @@
+=pod
+
+=head1 NAME
+
+OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign,
+OCSP_request_add1_cert, OCSP_request_onereq_count,
+OCSP_request_onereq_get0 - OCSP request functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_REQUEST *OCSP_REQUEST_new(void);
+ void OCSP_REQUEST_free(OCSP_REQUEST *req);
+
+ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+ int OCSP_request_sign(OCSP_REQUEST *req,
+                       X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                       STACK_OF(X509) *certs, unsigned long flags);
+
+ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+ int OCSP_request_onereq_count(OCSP_REQUEST *req);
+ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+
+=head1 DESCRIPTION
+
+OCSP_REQUEST_new() allocates and returns an empty B<OCSP_REQUEST> structure.
+
+OCSP_REQUEST_free() frees up the request structure B<req>.
+
+OCSP_request_add0_id() adds certificate ID B<cid> to B<req>. It returns
+the B<OCSP_ONEREQ> structure added so an application can add additional
+extensions to the request. The B<id> parameter B<MUST NOT> be freed up after
+the operation.
+
+OCSP_request_sign() signs OCSP request B<req> using certificate
+B<signer>, private key B<key>, digest B<dgst> and additional certificates
+B<certs>. If the B<flags> option B<OCSP_NOCERTS> is set then no certificates
+will be included in the request.
+
+OCSP_request_add1_cert() adds certificate B<cert> to request B<req>. The
+application is responsible for freeing up B<cert> after use.
+
+OCSP_request_onereq_count() returns the total number of B<OCSP_ONEREQ>
+structures in B<req>.
+
+OCSP_request_onereq_get0() returns an internal pointer to the B<OCSP_ONEREQ>
+contained in B<req> of index B<i>. The index value B<i> runs from 0 to
+OCSP_request_onereq_count(req) - 1.
+
+=head1 RETURN VALUES
+
+OCSP_REQUEST_new() returns an empty B<OCSP_REQUEST> structure or B<NULL> if
+an error occurred.
+
+OCSP_request_add0_id() returns the B<OCSP_ONEREQ> structure containing B<cid>
+or B<NULL> if an error occurred.
+
+OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0
+for failure.
+
+OCSP_request_onereq_count() returns the total number of B<OCSP_ONEREQ>
+structures in B<req>.
+
+OCSP_request_onereq_get0() returns a pointer to an B<OCSP_ONEREQ> structure
+or B<NULL> if the index value is out or range.
+
+=head1 NOTES
+
+An OCSP request structure contains one or more B<OCSP_ONEREQ> structures
+corresponding to each certificate.
+
+OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by
+OCSP responders.
+
+=head1 EXAMPLE
+
+Create an B<OCSP_REQUEST> structure for certificate B<cert> with issuer
+B<issuer>:
+
+ OCSP_REQUEST *req;
+ OCSP_ID *cid;
+
+ req = OCSP_REQUEST_new();
+ if (req == NULL)
+    /* error */
+ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+ if (cid == NULL)
+    /* error */
+
+ if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+    /* error */
+
+  /* Do something with req, e.g. query responder */
+
+ OCSP_REQUEST_free(req);
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)>,
+L<OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_cert_to_id.pod b/openssl-1.1.0h/doc/crypto/OCSP_cert_to_id.pod
new file mode 100644
index 0000000..0e37937
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_cert_to_id.pod
@@ -0,0 +1,89 @@
+=pod
+
+=head1 NAME
+
+OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp,
+OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+                              X509 *subject, X509 *issuer);
+
+ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                               X509_NAME *issuerName,
+                               ASN1_BIT_STRING *issuerKey,
+                               ASN1_INTEGER *serialNumber);
+
+ void OCSP_CERTID_free(OCSP_CERTID *id);
+
+ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                       ASN1_OCTET_STRING **pikeyHash,
+                       ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+
+
+=head1 DESCRIPTION
+
+OCSP_cert_to_id() creates and returns a new B<OCSP_CERTID> structure using
+message digest B<dgst> for certificate B<subject> with issuer B<issuer>. If
+B<dgst> is B<NULL> then SHA1 is used.
+
+OCSP_cert_id_new() creates and returns a new B<OCSP_CERTID> using B<dgst> and
+issuer name B<issuerName>, issuer key hash B<issuerKey> and serial number
+B<serialNumber>.
+
+OCSP_CERTID_free() frees up B<id>.
+
+OCSP_id_cmp() compares B<OCSP_CERTID> B<a> and B<b>.
+
+OCSP_id_issuer_cmp() compares only the issuer name of B<OCSP_CERTID> B<a> and B<b>.
+
+OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and
+serial number contained in B<cid>. If any of the values are not required the
+corresponding parameter can be set to B<NULL>.
+
+=head1 RETURN VALUES
+
+OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid
+B<OCSP_CERTID> structure or B<NULL> if an error occurred.
+
+OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero
+otherwise.
+
+OCSP_CERTID_free() does not return a value.
+
+OCSP_id_get0_info() returns 1 for success and 0 for failure.
+
+=head1 NOTES
+
+OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new():
+the other functions are used by responder applications.
+
+The values returned by OCSP_id_get0_info() are internal pointers and B<MUST
+NOT> be freed up by an application: they will be freed when the corresponding
+B<OCSP_CERTID> structure is freed.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_request_add1_nonce.pod b/openssl-1.1.0h/doc/crypto/OCSP_request_add1_nonce.pod
new file mode 100644
index 0000000..dab42c6
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_request_add1_nonce.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
+
+=head1 DESCRIPTION
+
+OCSP_request_add1_nonce() adds a nonce of value B<val> and length B<len> to
+OCSP request B<req>. If B<val> is B<NULL> a random nonce is used. If B<len>
+is zero or negative a default length will be used (currently 16 bytes).
+
+OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except
+it adds a nonce to OCSP basic response B<resp>.
+
+OCSP_check_nonce() compares the nonce value in B<req> and B<resp>.
+
+OCSP_copy_nonce() copys any nonce value present in B<req> to B<resp>.
+
+=head1 RETURN VALUES
+
+OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success
+and 0 for failure.
+
+OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce
+was present in B<req> and 0 if an error occurred.
+
+OCSP_check_nonce() returns the result of the nonce comparison between B<req>
+and B<resp>. The return value indicates the result of the comparison.  If
+nonces are present and equal 1 is returned. If the nonces are absent 2 is
+returned. If a nonce is present in the response only 3 is returned. If nonces
+are present and unequal 0 is returned. If the nonce is present in the request
+only then -1 is returned.
+
+=head1 NOTES
+
+For most purposes the nonce value in a request is set to a random value so
+the B<val> parameter in OCSP_request_add1_nonce() is usually NULL.
+
+An OCSP nonce is typically added to an OCSP request to thwart replay attacks
+by checking the same nonce value appears in the response.
+
+Some responders may include a nonce in all responses even if one is not
+supplied.
+
+Some responders cache OCSP responses and do not sign each response for
+performance reasons. As a result they do not support nonces.
+
+The return values of OCSP_check_nonce() can be checked to cover each case.  A
+positive return value effectively indicates success: nonces are both present
+and match, both absent or present in the response only. A non-zero return
+additionally covers the case where the nonce is present in the request only:
+this will happen if the responder doesn't support nonces. A zero return value
+indicates present and mismatched nonces: this should be treated as an error
+condition.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<OCSP_cert_to_id(3)>,
+L<OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_resp_find_status.pod b/openssl-1.1.0h/doc/crypto/OCSP_resp_find_status.pod
new file mode 100644
index 0000000..5123f0a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_resp_find_status.pod
@@ -0,0 +1,152 @@
+=pod
+
+=head1 NAME
+
+OCSP_resp_get0_certs,
+OCSP_resp_get0_signer,
+OCSP_resp_get0_id,
+OCSP_resp_get0_produced_at,
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
+OCSP_single_get0_status, OCSP_check_validity
+- OCSP response utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                           int *reason,
+                           ASN1_GENERALIZEDTIME **revtime,
+                           ASN1_GENERALIZEDTIME **thisupd,
+                           ASN1_GENERALIZEDTIME **nextupd);
+
+ int OCSP_resp_count(OCSP_BASICRESP *bs);
+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                             ASN1_GENERALIZEDTIME **revtime,
+                             ASN1_GENERALIZEDTIME **thisupd,
+                             ASN1_GENERALIZEDTIME **nextupd);
+
+ const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
+                             const OCSP_BASICRESP* single);
+
+ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+
+ int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                           STACK_OF(X509) *extra_certs);
+
+ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                       const ASN1_OCTET_STRING **pid,
+                       const X509_NAME **pname);
+
+ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                         ASN1_GENERALIZEDTIME *nextupd,
+                         long sec, long maxsec);
+
+=head1 DESCRIPTION
+
+OCSP_resp_find_status() searches B<bs> for an OCSP response for B<id>. If it is
+successful the fields of the response are returned in B<*status>, B<*reason>,
+B<*revtime>, B<*thisupd> and B<*nextupd>.  The B<*status> value will be one of
+B<V_OCSP_CERTSTATUS_GOOD>, B<V_OCSP_CERTSTATUS_REVOKED> or
+B<V_OCSP_CERTSTATUS_UNKNOWN>. The B<*reason> and B<*revtime> fields are only
+set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the B<*reason> field
+will be set to the revocation reason which will be one of
+B<OCSP_REVOKED_STATUS_NOSTATUS>, B<OCSP_REVOKED_STATUS_UNSPECIFIED>,
+B<OCSP_REVOKED_STATUS_KEYCOMPROMISE>, B<OCSP_REVOKED_STATUS_CACOMPROMISE>,
+B<OCSP_REVOKED_STATUS_AFFILIATIONCHANGED>, B<OCSP_REVOKED_STATUS_SUPERSEDED>,
+B<OCSP_REVOKED_STATUS_CESSATIONOFOPERATION>,
+B<OCSP_REVOKED_STATUS_CERTIFICATEHOLD> or B<OCSP_REVOKED_STATUS_REMOVEFROMCRL>.
+
+OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in B<bs>.
+
+OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in B<bs>
+corresponding to index B<idx>. Where B<idx> runs from 0 to
+OCSP_resp_count(bs) - 1.
+
+OCSP_resp_find() searches B<bs> for B<id> and returns the index of the first
+matching entry after B<last> or starting from the beginning if B<last> is -1.
+
+OCSP_single_get0_status() extracts the fields of B<single> in B<*reason>,
+B<*revtime>, B<*thisupd> and B<*nextupd>.
+
+OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
+single response B<bs>.
+
+OCSP_resp_get0_certs() returns any certificates included in B<bs>.
+
+OCSP_resp_get0_signer() attempts to retrieve the certificate that directly
+signed B<bs>.  The OCSP protocol does not require that this certificate
+is included in the B<certs> field of the response, so additional certificates
+can be supplied in B<extra_certs> if the certificates that may have
+signed the response are known via some out-of-band mechanism.
+
+OCSP_resp_get0_id() gets the responder id of B<bs>. If the responder ID is
+a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
+responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
+is set to NULL.
+
+OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
+which will be typically obtained from OCSP_resp_find_status() or
+OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
+leeway should be allowed in the check. If B<maxsec> is positive it indicates
+the maximum age of B<thisupd> in seconds.
+
+=head1 RETURN VALUES
+
+OCSP_resp_find_status() returns 1 if B<id> is found in B<bs> and 0 otherwise.
+
+OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in
+B<bs>.
+
+OCSP_resp_get0() returns a pointer to an B<OCSP_SINGLERESP> structure or
+B<NULL> if B<idx> is out of range.
+
+OCSP_resp_find() returns the index of B<id> in B<bs> (which may be 0) or -1 if
+B<id> was not found.
+
+OCSP_single_get0_status() returns the status of B<single> or -1 if an error
+occurred.
+
+OCSP_resp_get0_signer() returns 1 if the signing certificate was located,
+or 0 on error.
+
+=head1 NOTES
+
+Applications will typically call OCSP_resp_find_status() using the certificate
+ID of interest and then check its validity using OCSP_check_validity(). They
+can then take appropriate action based on the status of the certificate.
+
+An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate>
+fields. Normally the current time should be between these two values. To
+account for clock skew the B<maxsec> field can be set to non-zero in
+OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this
+would otherwise mean an ancient response would be considered valid: the
+B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
+age of responses.
+
+The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by
+OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers
+which B<MUST NOT> be freed up by the calling application. Any or all of these
+parameters can be set to NULL if their value is not required.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)>,
+L<OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_response_status.pod b/openssl-1.1.0h/doc/crypto/OCSP_response_status.pod
new file mode 100644
index 0000000..180ab8d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_response_status.pod
@@ -0,0 +1,100 @@
+=pod
+
+=head1 NAME
+
+OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
+OCSP_RESPONSE_free, OCSP_RESPID_set_by_name,
+OCSP_RESPID_set_by_key, OCSP_RESPID_match - OCSP response functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_response_status(OCSP_RESPONSE *resp);
+ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+ void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
+
+ int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+=head1 DESCRIPTION
+
+OCSP_response_status() returns the OCSP response status of B<resp>. It returns
+one of the values: B<OCSP_RESPONSE_STATUS_SUCCESSFUL>,
+B<OCSP_RESPONSE_STATUS_MALFORMEDREQUEST>,
+B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B<OCSP_RESPONSE_STATUS_TRYLATER>
+B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
+
+OCSP_response_get1_basic() decodes and returns the B<OCSP_BASICRESP> structure
+contained in B<resp>.
+
+OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
+B<status> and optionally including basic response B<bs>.
+
+OCSP_RESPONSE_free() frees up OCSP response B<resp>.
+
+OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the
+subject name in the supplied X509 certificate B<cert> for the OCSP responder.
+
+OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the
+key in the supplied X509 certificate B<cert> for the OCSP responder. The key is
+stored as a SHA1 hash.
+
+Note that an OCSP_RESPID can only have one of the name, or the key set. Calling
+OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing
+setting.
+
+OCSP_RESPID_match() tests whether the OCSP_RESPID given in B<respid> matches
+with the X509 certificate B<cert>.
+
+=head1 RETURN VALUES
+
+OCSP_RESPONSE_status() returns a status value.
+
+OCSP_response_get1_basic() returns an B<OCSP_BASICRESP> structure pointer or
+B<NULL> if an error occurred.
+
+OCSP_response_create() returns an B<OCSP_RESPONSE> structure pointer or B<NULL>
+if an error occurred.
+
+OCSP_RESPONSE_free() does not return a value.
+
+OCSP_RESPID_set_by_name() and OCSP_RESPID_set_by_key() return 1 on success or 0
+on failure.
+
+OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match
+or 0 otherwise.
+
+=head1 NOTES
+
+OCSP_response_get1_basic() is only called if the status of a response is
+B<OCSP_RESPONSE_STATUS_SUCCESSFUL>.
+
+=head1 SEE ALSO
+
+L<crypto(3)>
+L<OCSP_cert_to_id(3)>
+L<OCSP_request_add1_nonce(3)>
+L<OCSP_REQUEST_new(3)>
+L<OCSP_response_find_status(3)>
+L<OCSP_sendreq_new(3)>
+L<OCSP_RESPID_new(3)>
+L<OCSP_RESPID_free(3)>
+
+=head1 HISTORY
+
+The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match()
+functions were added in OpenSSL 1.1.0a.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OCSP_sendreq_new.pod b/openssl-1.1.0h/doc/crypto/OCSP_sendreq_new.pod
new file mode 100644
index 0000000..c7fdc9b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OCSP_sendreq_new.pod
@@ -0,0 +1,122 @@
+=pod
+
+=head1 NAME
+
+OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
+OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
+OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                                int maxline);
+
+ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+
+ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+
+ void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+
+ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                              const char *name, const char *value);
+
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+
+ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req,
+                                 int maxline);
+
+=head1 DESCRIPTION
+
+The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
+responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
+response header maximum line length of B<maxline>. If B<maxline> is zero a
+default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
+and provided later if required.
+
+OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context
+B<rctx>. When the operation is complete it returns the response in B<*presp>.
+
+OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
+
+OCSP_set_max_response_length() sets the maximum response length for B<rctx>
+to B<len>. If the response exceeds this length an error occurs. If not
+set a default value of 100k is used.
+
+OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
+context B<rctx>. It can be called more than once to add multiple headers.
+It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
+parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
+additional headers are set.
+
+OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
+function should be called after any calls to OCSP_REQ_CTX_add1_header().
+
+OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
+path B<path>, the OCSP request B<req> and with a response header maximum line
+length of B<maxline>. If B<maxline> is zero a default value of 4k is used.
+
+=head1 RETURN VALUES
+
+OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL> if
+an error occurred.
+
+OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
+B<-1> if the operation should be retried and B<0> if an error occurred.
+
+OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
+and B<0> for failure.
+
+OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
+responder or B<NULL> if an error occurred.
+
+OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.
+
+=head1 NOTES
+
+These functions only perform a minimal HTTP query to a responder. If an
+application wishes to support more advanced features it should use an
+alternative more complete HTTP library.
+
+Currently only HTTP POST queries to responders are supported.
+
+The arguments to OCSP_sendreq_new() correspond to the components of the URL.
+For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
+B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
+should be set to B<"/ocspreq">
+
+The headers added with OCSP_REQ_CTX_add1_header() are of the form
+"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
+a Host header for B<ocsp.com> you would call:
+
+ OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
+
+If OCSP_sendreq_nbio() indicates an operation should be retried the
+corresponding BIO can be examined to determine which operation (read or
+write) should be retried and appropriate action taken (for example a select()
+call on the underlying socket).
+
+OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking
+I/O efficiently. It is retained for compatibility and its use in new
+applications is not recommended.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_Applink.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_Applink.pod
new file mode 100644
index 0000000..d3a461b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_Applink.pod
@@ -0,0 +1,31 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time
+
+=head1 SYNOPSIS
+
+ __declspec(dllexport) void **OPENSSL_Applink();
+
+=head1 DESCRIPTION
+
+OPENSSL_Applink is application-side interface which provides a glue
+between OpenSSL BIO layer and Win32 compiler run-time environment.
+Even though it appears at application side, it's essentially OpenSSL
+private interface. For this reason application developers are not
+expected to implement it, but to compile provided module with
+compiler of their choice and link it into the target application.
+The referred module is available as F<applink.c>, located alongside
+the public header files (only on the platforms where applicable).
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_LH_COMPFUNC.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_LH_COMPFUNC.pod
new file mode 100644
index 0000000..e760ae3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_LH_COMPFUNC.pod
@@ -0,0 +1,239 @@
+=pod
+
+=head1 NAME
+
+DECLARE_LHASH_OF,
+OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC,
+LHASH_DOALL_ARG_FN_TYPE,
+IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN,
+lh_TYPE_new, lh_TYPE_free,
+lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ DECLARE_LHASH_OF(TYPE);
+
+ LHASH *lh_TYPE_new();
+ void lh_TYPE_free(LHASH_OF(TYPE *table);
+
+ TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data);
+ TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data);
+ TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data);
+
+ void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func);
+ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
+          TYPE, TYPE *arg);
+
+ int lh_TYPE_error(LHASH_OF(TYPE) *table);
+
+ typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
+ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
+ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+
+=head1 DESCRIPTION
+
+This library implements type-checked dynamic hash tables. The hash
+table entries can be arbitrary structures. Usually they consist of key
+and value fields.  In the description here, I<TYPE> is used a placeholder
+for any of the OpenSSL datatypes, such as I<SSL_SESSION>.
+
+lh_TYPE_new() creates a new B<LHASH_OF(TYPE)> structure to store
+arbitrary data entries, and specifies the 'hash' and 'compare'
+callbacks to be used in organising the table's entries.  The B<hash>
+callback takes a pointer to a table entry as its argument and returns
+an unsigned long hash value for its key field.  The hash value is
+normally truncated to a power of 2, so make sure that your hash
+function returns well mixed low order bits.  The B<compare> callback
+takes two arguments (pointers to two hash table entries), and returns
+0 if their keys are equal, non-zero otherwise.
+
+If your hash table
+will contain items of some particular type and the B<hash> and
+B<compare> callbacks hash/compare these types, then the
+B<IMPLEMENT_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
+used to create callback wrappers of the prototypes required by
+lh_TYPE_new() as shown in this example:
+
+ /*
+  * Implement the hash and compare functions; "stuff" can be any word.
+  */
+ static unsigned long stuff_hash(const TYPE *a)
+ {
+     ...
+ }
+ static int stuff_cmp(const TYPE *a, const TYPE *b)
+ {
+     ...
+ }
+
+ /*
+  * Implement the wrapper functions.
+  */
+ static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
+ static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
+
+If the type is going to be used in several places, the following macros
+can be used in a common header file to declare the function wrappers:
+
+ DECLARE_LHASH_HASH_FN(stuff, TYPE)
+ DECLARE_LHASH_COMP_FN(stuff, TYPE)
+
+Then a hash table of TYPE objects can be created using this:
+
+ LHASH_OF(TYPE) *htable;
+
+ htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
+
+lh_TYPE_free() frees the B<LHASH_OF(TYPE)> structure
+B<table>. Allocated hash table entries will not be freed; consider
+using lh_TYPE_doall() to deallocate any remaining entries in the
+hash table (see below).
+
+lh_TYPE_insert() inserts the structure pointed to by B<data> into
+B<table>.  If there already is an entry with the same key, the old
+value is replaced. Note that lh_TYPE_insert() stores pointers, the
+data are not copied.
+
+lh_TYPE_delete() deletes an entry from B<table>.
+
+lh_TYPE_retrieve() looks up an entry in B<table>. Normally, B<data>
+is a structure with the key field(s) set; the function will return a
+pointer to a fully populated structure.
+
+lh_TYPE_doall() will, for every entry in the hash table, call
+B<func> with the data item as its parameter.
+For example:
+
+ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+ void TYPE_cleanup_doall(TYPE *a);
+
+ /* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
+ IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
+
+ /* Call "TYPE_cleanup" against all items in a hash table. */
+ lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
+
+ /* Then the hash table itself can be deallocated */
+ lh_TYPE_free(hashtable);
+
+When doing this, be careful if you delete entries from the hash table
+in your callbacks: the table may decrease in size, moving the item
+that you are currently on down lower in the hash table - this could
+cause some entries to be skipped during the iteration.  The second
+best solution to this problem is to set hash-E<gt>down_load=0 before
+you start (which will stop the hash table ever decreasing in size).
+The best solution is probably to avoid deleting items from the hash
+table inside a "doall" callback!
+
+lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that
+B<func> will be called with B<arg> as the second argument and B<func>
+should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
+that is passed both the table entry and an extra argument).  As with
+lh_doall(), you can instead choose to declare your callback with a
+prototype matching the types you are dealing with and use the
+declare/implement macros to create compatible wrappers that cast
+variables before calling your type-specific callbacks.  An example of
+this is demonstrated here (printing all hash table entries to a BIO
+that is provided by the caller):
+
+ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+ void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
+
+ /* Implement a prototype-compatible wrapper for "TYPE_print" */
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
+
+ /* Print out the entire hashtable to a particular BIO */
+ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
+                   logging_bio);
+
+
+lh_TYPE_error() can be used to determine if an error occurred in the last
+operation.
+
+=head1 RETURN VALUES
+
+lh_TYPE_new() returns B<NULL> on error, otherwise a pointer to the new
+B<LHASH> structure.
+
+When a hash table entry is replaced, lh_TYPE_insert() returns the value
+being replaced. B<NULL> is returned on normal operation and on error.
+
+lh_TYPE_delete() returns the entry being deleted.  B<NULL> is returned if
+there is no such value in the hash table.
+
+lh_TYPE_retrieve() returns the hash table entry if it has been found,
+B<NULL> otherwise.
+
+lh_TYPE_error() returns 1 if an error occurred in the last operation, 0
+otherwise.
+
+lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.
+
+=head1 NOTE
+
+The various LHASH macros and callback types exist to make it possible
+to write type-checked code without resorting to function-prototype
+casting - an evil that makes application code much harder to
+audit/verify and also opens the window of opportunity for stack
+corruption and other hard-to-find bugs.  It also, apparently, violates
+ANSI-C.
+
+The LHASH code regards table entries as constant data.  As such, it
+internally represents lh_insert()'d items with a "const void *"
+pointer type.  This is why callbacks such as those used by lh_doall()
+and lh_doall_arg() declare their prototypes with "const", even for the
+parameters that pass back the table items' data pointers - for
+consistency, user-provided data is "const" at all times as far as the
+LHASH code is concerned.  However, as callers are themselves providing
+these pointers, they can choose whether they too should be treating
+all such parameters as constant.
+
+As an example, a hash table may be maintained by code that, for
+reasons of encapsulation, has only "const" access to the data being
+indexed in the hash table (ie. it is returned as "const" from
+elsewhere in their code) - in this case the LHASH prototypes are
+appropriate as-is.  Conversely, if the caller is responsible for the
+life-time of the data in question, then they may well wish to make
+modifications to table item passed back in the lh_doall() or
+lh_doall_arg() callbacks (see the "TYPE_cleanup" example above).  If
+so, the caller can either cast the "const" away (if they're providing
+the raw callbacks themselves) or use the macros to declare/implement
+the wrapper functions without "const" types.
+
+Callers that only have "const" access to data they're indexing in a
+table, yet declare callbacks without constant types (or cast the
+"const" away themselves), are therefore creating their own risks/bugs
+without being encouraged to do so by the API.  On a related note,
+those auditing code should pay special attention to any instances of
+DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
+without any "const" qualifiers.
+
+=head1 BUGS
+
+lh_TYPE_insert() returns B<NULL> both for success and error.
+
+=head1 SEE ALSO
+
+L<lh_stats(3)>
+
+=head1 HISTORY
+
+In OpenSSL 1.0.0, the lhash interface was revamped for better
+type checking.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_LH_stats.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_LH_stats.pod
new file mode 100644
index 0000000..c454a47
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_LH_stats.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats,
+OPENSSL_LH_stats_bio,
+OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ void OPENSSL_LH_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
+
+ void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
+
+=head1 DESCRIPTION
+
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table.  This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+
+OPENSSL_LH_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+
+OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+
+OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the
+hash table.  It prints the 'load' and the 'actual load'.  The load is
+the average number of data items per 'bucket' in the hash table.  The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries.  So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+
+OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+
+=head1 RETURN VALUES
+
+These functions do not return values.
+
+=head1 SEE ALSO
+
+L<bio(3)>, L<lhash(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 0000000..f50faec
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_VERSION_NUMBER, OpenSSL_version,
+OpenSSL_version_num - get OpenSSL version number
+
+=head1 SYNOPSIS
+
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+
+ #include <openssl/crypto.h>
+
+ unsigned long OpenSSL_version_num();
+ const char *OpenSSL_version(int t);
+
+=head1 DESCRIPTION
+
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+
+ MNNFFPPS: major minor fix patch status
+
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+
+for example
+
+ 0x000906000 == 0.9.6 dev
+ 0x000906023 == 0.9.6b beta 3
+ 0x00090605f == 0.9.6e release
+
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+
+ MMNNFFRBB major minor fix final beta/patch
+
+for example
+
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity.  The
+number was therefore 0x0090581f.
+
+OpenSSL_version_num() returns the version number.
+
+The macro OPENSSL_VERSION_AT_LEAST(major,minor) can be used at compile
+time test if the current version is at least as new as the version provided.
+The arguments major, minor and fix correspond to the version information
+as given above.
+
+OpenSSL_version() returns different strings depending on B<t>:
+
+=over 4
+
+=item OPENSSL_VERSION
+
+The text variant of the version number and the release date.  For example,
+"OpenSSL 1.0.1a 15 Oct 2015".
+
+=item OPENSSL_CFLAGS
+
+The compiler flags set for the compilation process in the form
+"compiler: ..."  if available or "compiler: information not available"
+otherwise.
+
+=item OPENSSL_BUILT_ON
+
+The date of the build process in the form "built on: ..." if available
+or "built on: date not available" otherwise.
+
+=item OPENSSL_PLATFORM
+
+The "Configure" target of the library build in the form "platform: ..."
+if available or "platform: information not available" otherwise.
+
+=item OPENSSL_DIR
+
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+
+=item OPENSSL_ENGINES_DIR
+
+The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "...""
+if available or "ENGINESDIR: N/A" otherwise.
+
+=back
+
+For an unknown B<t>, the text "not available" is returned.
+
+=head1 RETURN VALUE
+
+The version number.
+
+=head1 SEE ALSO
+
+L<crypto(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_config.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_config.pod
new file mode 100644
index 0000000..eae634a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_config.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void OPENSSL_config(const char *appname);
+ void OPENSSL_no_config(void);
+ #endif
+
+=head1 DESCRIPTION
+
+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
+reads from the application section B<appname>. If B<appname> is NULL then
+the default section, B<openssl_conf>, will be used.
+Errors are silently ignored.
+Multiple calls have no effect.
+
+OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
+no configuration takes place.
+
+If the application is built with B<OPENSSL_LOAD_CONF> defined, then a
+call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config()
+first.
+
+=head1 NOTES
+
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function.
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_modules_load() directly. This function is deprecated
+and its use should be avoided.
+Applications should instead call CONF_modules_load() during
+initialization (that is before starting any threads).
+
+There are several reasons why calling the OpenSSL configuration routines is
+advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs).
+However very few applications currently support the control interface and so
+very few can load and use dynamic ENGINEs. Equally in future more sophisticated
+ENGINEs will require certain control operations to customize them. If an
+application calls OPENSSL_config() it doesn't need to know or care about
+ENGINE control operations because they can be performed by editing a
+configuration file.
+
+=head1 RETURN VALUES
+
+Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
+
+=head1 SEE ALSO
+
+L<conf(5)>,
+L<CONF_modules_load_file(3)>
+
+=head1 HISTORY
+
+The OPENSSL_no_config() and OPENSSL_config() functions were
+deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_ia32cap.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_ia32cap.pod
new file mode 100644
index 0000000..b0ab0ce
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_ia32cap.pod
@@ -0,0 +1,140 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_ia32cap - the x86[_64] processor capabilities vector
+
+=head1 SYNOPSIS
+
+ env OPENSSL_ia32cap=... <application>
+
+=head1 DESCRIPTION
+
+OpenSSL supports a range of x86[_64] instruction set extensions. These
+extensions are denoted by individual bits in capability vector returned
+by processor in EDX:ECX register pair after executing CPUID instruction
+with EAX=1 input value (see Intel Application Note #241618). This vector
+is copied to memory upon toolkit initialization and used to choose
+between different code paths to provide optimal performance across wide
+range of processors. For the moment of this writing following bits are
+significant:
+
+=over 4
+
+=item bit #4 denoting presence of Time-Stamp Counter.
+
+=item bit #19 denoting availability of CLFLUSH instruction;
+
+=item bit #20, reserved by Intel, is used to choose among RC4 code paths;
+
+=item bit #23 denoting MMX support;
+
+=item bit #24, FXSR bit, denoting availability of XMM registers;
+
+=item bit #25 denoting SSE support;
+
+=item bit #26 denoting SSE2 support;
+
+=item bit #28 denoting Hyperthreading, which is used to distinguish
+cores with shared cache;
+
+=item bit #30, reserved by Intel, denotes specifically Intel CPUs;
+
+=item bit #33 denoting availability of PCLMULQDQ instruction;
+
+=item bit #41 denoting SSSE3, Supplemental SSE3, support;
+
+=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
+
+=item bit #54 denoting availability of MOVBE instruction;
+
+=item bit #57 denoting AES-NI instruction set extension;
+
+=item bit #58, XSAVE bit, lack of which in combination with MOVBE is used
+to identify Atom Silvermont core;
+
+=item bit #59, OSXSAVE bit, denoting availability of YMM registers;
+
+=item bit #60 denoting AVX extension;
+
+=item bit #62 denoting availability of RDRAND instruction;
+
+=back
+
+For example, in 32-bit application context clearing bit #26 at run-time
+disables high-performance SSE2 code present in the crypto library, while
+clearing bit #24 disables SSE2 code operating on 128-bit XMM register
+bank. You might have to do the latter if target OpenSSL application is
+executed on SSE2 capable CPU, but under control of OS that does not
+enable XMM registers. Historically address of the capability vector copy
+was exposed to application through OPENSSL_ia32cap_loc(), but not
+anymore. Now the only way to affect the capability detection is to set
+OPENSSL_ia32cap environment variable prior target application start. To
+give a specific example, on Intel P4 processor 'env
+OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env
+OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired
+effect. Alternatively you can reconfigure the toolkit with no-sse2
+option and recompile.
+
+Less intuitive is clearing bit #28, or ~0x10000000 in the "environment
+variable" terms. The truth is that it's not copied from CPUID output
+verbatim, but is adjusted to reflect whether or not the data cache is
+actually shared between logical cores. This in turn affects the decision
+on whether or not expensive countermeasures against cache-timing attacks
+are applied, most notably in AES assembler module.
+
+The capability vector is further extended with EBX value returned by
+CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
+
+=over 4
+
+=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
+
+=item bit #64+5 denoting availability of AVX2 instructions;
+
+=item bit #64+8 denoting availability of BMI2 instructions, e.g. MULX
+and RORX;
+
+=item bit #64+16 denoting availability of AVX512F extension;
+
+=item bit #64+18 denoting availability of RDSEED instruction;
+
+=item bit #64+19 denoting availability of ADCX and ADOX instructions;
+
+=item bit #64+29 denoting availability of SHA extension;
+
+=item bit #64+30 denoting availability of AVX512BW extension;
+
+=item bit #64+31 denoting availability of AVX512VL extension;
+
+=back
+
+To control this extended capability word use ':' as delimiter when
+setting up OPENSSL_ia32cap environment variable. For example assigning
+':~0x20' would disable AVX2 code paths, and ':0' - all post-AVX
+extensions.
+
+It should be noted that whether or not some of the most "fancy"
+extension code paths are actually assembled depends on current assembler
+version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code
+paths are always assembled. Besides that, minimum assembler version
+requirements are summarized in below table:
+
+   Extension   | GNU as | nasm   | llvm
+   ------------+--------+--------+--------
+   AVX         | 2.19   | 2.09   | 3.0
+   AVX2        | 2.22   | 2.10   | 3.1
+   AVX512      | 2.25   | 2.11.8 | 3.6
+
+B<OPENSSL_ia32cap> is a macro returning the first word of the vector.
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_init_crypto.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_init_crypto.pod
new file mode 100644
index 0000000..f0b3c8a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_init_crypto.pod
@@ -0,0 +1,245 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_init_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
+OPENSSL_init_crypto, OPENSSL_cleanup,
+OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
+initialisation and deinitialisation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ void OPENSSL_cleanup(void);
+ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_atexit(void (*handler)(void));
+ void OPENSSL_thread_stop(void);
+
+ OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
+ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
+                                     const char* name);
+ void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
+
+=head1 DESCRIPTION
+
+During normal operation OpenSSL (libcrypto) will allocate various resources at
+start up that must, subsequently, be freed on close down of the library.
+Additionally some resources are allocated on a per thread basis (if the
+application is multi-threaded), and these resources must be freed prior to the
+thread closing.
+
+As of version 1.1.0 OpenSSL will automatically allocate all resources that it
+needs so no explicit initialisation is required. Similarly it will also
+automatically deinitialise as required.
+
+However, there way be situations when explicit initialisation is desirable or
+needed, for example when some non-default initialisation is required. The
+function OPENSSL_init_crypto() can be used for this purpose for
+libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
+equivalent).
+
+Numerous internal OpenSSL functions call OPENSSL_init_crypto().
+Therefore, in order to perform non-default initialisation,
+OPENSSL_init_crypto() MUST be called by application code prior to
+any other OpenSSL function calls.
+
+The B<opts> parameter specifies which aspects of libcrypto should be
+initialised. Valid options are:
+
+=over 4
+
+=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
+
+Suppress automatic loading of the libcrypto error strings. This option is
+not a default option. Once selected subsequent calls to
+OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
+
+=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+
+Automatic loading of the libcrypto error strings. With this option the
+library will automatically load the libcrypto error strings.
+This option is a default option. Once selected subsequent calls to
+OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
+
+=item OPENSSL_INIT_ADD_ALL_CIPHERS
+
+With this option the library will automatically load and make available all
+libcrypto ciphers. This option is a default option. Once selected subsequent
+calls to OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
+
+=item OPENSSL_INIT_ADD_ALL_DIGESTS
+
+With this option the library will automatically load and make available all
+libcrypto digests. This option is a default option. Once selected subsequent
+calls to OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
+
+=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+
+With this option the library will suppress automatic loading of libcrypto
+ciphers. This option is not a default option. Once selected subsequent
+calls to OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
+
+=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
+
+With this option the library will suppress automatic loading of libcrypto
+digests. This option is not a default option. Once selected subsequent
+calls to OPENSSL_init_crypto() with the option
+B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
+
+=item OPENSSL_INIT_LOAD_CONFIG
+
+With this option an OpenSSL configuration file will be automatically loaded and
+used by calling OPENSSL_config(). This is not a default option.
+See the description of OPENSSL_init_new(), below.
+
+=item OPENSSL_INIT_NO_LOAD_CONFIG
+
+With this option the loading of OpenSSL configuration files will be suppressed.
+It is the equivalent of calling OPENSSL_no_config(). This is not a default
+option.
+
+=item OPENSSL_INIT_ASYNC
+
+With this option the library with automatically initialise the libcrypto async
+sub-library (see L<ASYNC_start_job(3)>). This is a default option.
+
+=item OPENSSL_INIT_ENGINE_RDRAND
+
+With this option the library will automatically load and initialise the
+RDRAND engine (if available). This not a default option.
+
+=item OPENSSL_INIT_ENGINE_DYNAMIC
+
+With this option the library will automatically load and initialise the
+dynamic engine. This not a default option.
+
+=item OPENSSL_INIT_ENGINE_OPENSSL
+
+With this option the library will automatically load and initialise the
+openssl engine. This not a default option.
+
+=item OPENSSL_INIT_ENGINE_CRYPTODEV
+
+With this option the library will automatically load and initialise the
+cryptodev engine (if available). This not a default option.
+
+=item OPENSSL_INIT_ENGINE_CAPI
+
+With this option the library will automatically load and initialise the
+CAPI engine (if available). This not a default option.
+
+=item OPENSSL_INIT_ENGINE_PADLOCK
+
+With this option the library will automatically load and initialise the
+padlock engine (if available). This not a default option.
+
+=item OPENSSL_INIT_ENGINE_DASYNC
+
+With this option the library will automatically load and initialise the
+DASYNC engine. This not a default option.
+
+=item OPENSSL_INIT_ENGINE_ALL_BUILTIN
+
+With this option the library will automatically load and initialise all the
+built in engines listed above with the exception of the openssl and dasync
+engines. This not a default option.
+
+=back
+
+Multiple options may be combined together in a single call to
+OPENSSL_init_crypto(). For example:
+
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
+
+The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
+and libssl). All resources allocated by OpenSSL are freed. Typically there
+should be no need to call this function directly as it is initiated
+automatically on application exit. This is done via the standard C library
+atexit() function. In the event that the application will close in a manner
+that will not call the registered atexit() handlers then the application should
+call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
+are discouraged from calling this function and should instead, typically, rely
+on auto-deinitialisation. This is to avoid error conditions where both an
+application and a library it depends on both use OpenSSL, and the library
+deinitialises it before the application has finished using it.
+
+Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
+Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
+will be added to the error stack. Note that because initialisation has failed
+OpenSSL error strings will not be available, only an error code. This code can
+be put through the openssl errstr command line application to produce a human
+readable error (see L<errstr(1)>).
+
+The OPENSSL_atexit() function enables the registration of a
+function to be called during OPENSSL_cleanup(). Stop handlers are
+called after deinitialisation of resources local to a thread, but before other
+process wide resources are freed. In the event that multiple stop handlers are
+registered, no guarantees are made about the order of execution.
+
+The OPENSSL_thread_stop() function deallocates resources associated
+with the current thread. Typically this function will be called automatically by
+the library when the thread exits. This should only be called directly if
+resources should be freed at an earlier time, or under the circumstances
+described in the NOTES section below.
+
+The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
+file.  To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
+be created and used. The routines
+OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can be used to
+allocate the object and set the application name, and then the
+object can be released with OPENSSL_INIT_free() when done.
+
+=head1 NOTES
+
+Resources local to a thread are deallocated automatically when the thread exits
+(e.g. in a pthreads environment, when pthread_exit() is called). On Windows
+platforms this is done in response to a DLL_THREAD_DETACH message being sent to
+the libcrypto32.dll entry point. Some windows functions may cause threads to exit
+without sending this message (for example ExitProcess()). If the application
+uses such functions, then the application must free up OpenSSL resources
+directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
+message will also not be sent if OpenSSL is linked statically, and therefore
+applications using static linking should also call OPENSSL_thread_stop() on each
+thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
+threads are not destroyed until after FreeLibrary() is called then each thread
+should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
+
+On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
+multi-threaded and if dlclose() is subsequently called prior to the threads
+being destroyed then OpenSSL will not be able to deallocate resources associated
+with those threads. The application should either call OPENSSL_thread_stop() on
+each thread prior to the dlclose() call, or alternatively the original dlopen()
+call should use the RTLD_NODELETE flag (where available on the platform).
+
+=head1 RETURN VALUES
+
+The functions OPENSSL_init_crypto, OPENSSL_atexit() and
+OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<OPENSSL_init_ssl(3)>
+
+=head1 HISTORY
+
+The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
+OPENSSL_thread_stop(), OPENSSL_init_new(), OPENSSL_INIT_set_config_appname()
+and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_instrument_bus.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_instrument_bus.pod
new file mode 100644
index 0000000..1407261
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_instrument_bus.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus
+
+=head1 SYNOPSIS
+
+ #ifdef OPENSSL_CPUID_OBJ
+ size_t OPENSSL_instrument_bus(int *vector, size_t num);
+ size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
+ #endif
+
+=head1 DESCRIPTION
+
+It was empirically found that timings of references to primary memory
+are subject to irregular, apparently non-deterministic variations. The
+subroutines in question instrument these references for purposes of
+gathering entropy for random number generator. In order to make it
+bus-bound a 'flush cache line' instruction is used between probes. In
+addition probes are added to B<vector> elements in atomic or
+interlocked manner, which should contribute additional noise on
+multi-processor systems. This also means that B<vector[num]> should be
+zeroed upon invocation (if you want to retrieve actual probe values).
+
+OPENSSL_instrument_bus() performs B<num> probes and records the number of
+oscillator cycles every probe took.
+
+OPENSSL_instrument_bus2() on the other hand B<accumulates> consecutive
+probes with the same value, i.e. in a way it records duration of
+periods when probe values appeared deterministic. The subroutine
+performs at most B<max> probes in attempt to fill the B<vector[num]>,
+with B<max> value of 0 meaning "as many as it takes."
+
+=head1 RETURN VALUE
+
+Return value of 0 indicates that CPU is not capable of performing the
+benchmark, either because oscillator counter or 'flush cache line' is
+not available on current platform. For reference, on x86 'flush cache
+line' was introduced with the SSE2 extensions.
+
+Otherwise number of recorded values is returned.
+
+=head1 COPYRIGHT
+
+Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_load_builtin_modules.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_load_builtin_modules.pod
new file mode 100644
index 0000000..112718a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_load_builtin_modules.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ ENGINE_add_conf_module();
+
+=head1 DESCRIPTION
+
+The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
+configuration modules to the internal list. They can then be used by the
+OpenSSL configuration code.
+
+ASN1_add_oid_module() adds just the ASN1 OBJECT module.
+
+ENGINE_add_conf_module() adds just the ENGINE configuration module.
+
+=head1 NOTES
+
+If the simple configuration function OPENSSL_config() is called then
+OPENSSL_load_builtin_modules() is called automatically.
+
+Applications which use the configuration functions directly will need to
+call OPENSSL_load_builtin_modules() themselves I<before> any other
+configuration code.
+
+Applications should call OPENSSL_load_builtin_modules() to load all
+configuration modules instead of adding modules selectively: otherwise
+functionality may be missing from the application if an when new
+modules are added.
+
+=head1 RETURN VALUE
+
+None of the functions return a value.
+
+=head1 SEE ALSO
+
+L<conf(3)>, L<OPENSSL_config(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_malloc.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_malloc.pod
new file mode 100644
index 0000000..2104f43
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_malloc.pod
@@ -0,0 +1,207 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_malloc_init,
+OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
+OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse,
+CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free,
+OPENSSL_strdup, OPENSSL_strndup,
+OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat,
+OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int,
+CRYPTO_strdup, CRYPTO_strndup,
+OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop,
+CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
+CRYPTO_clear_realloc, CRYPTO_clear_free,
+CRYPTO_get_mem_functions, CRYPTO_set_mem_functions,
+CRYPTO_set_mem_debug, CRYPTO_mem_ctrl,
+CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ int OPENSSL_malloc_init(void)
+
+ void *OPENSSL_malloc(size_t num)
+ void *OPENSSL_zalloc(size_t num)
+ void *OPENSSL_realloc(void *addr, size_t num)
+ void OPENSSL_free(void *addr)
+ char *OPENSSL_strdup(const char *str)
+ char *OPENSSL_strndup(const char *str, size_t s)
+ size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+ void *OPENSSL_memdup(void *data, size_t s)
+ void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
+ void OPENSSL_clear_free(void *str, size_t num)
+ void OPENSSL_cleanse(void *ptr, size_t len);
+
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+ int OPENSSL_hexchar2int(unsigned char c);
+
+ void *CRYPTO_malloc(size_t num, const char *file, int line)
+ void *CRYPTO_zalloc(size_t num, const char *file, int line)
+ void *CRYPTO_realloc(void *p, size_t num, const char *file, int line)
+ void CRYPTO_free(void *str, const char *, int)
+ char *CRYPTO_strdup(const char *p, const char *file, int line)
+ char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line)
+ void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line)
+ void CRYPTO_clear_free(void *str, size_t num, const char *, int)
+
+ void CRYPTO_get_mem_functions(
+         void *(**m)(size_t, const char *, int),
+         void *(**r)(void *, size_t, const char *, int),
+         void (**f)(void *, const char *, int))
+ int CRYPTO_set_mem_functions(
+         void *(*m)(size_t, const char *, int),
+         void *(*r)(void *, size_t, const char *, int),
+         void (*f)(void *, const char *, int))
+
+ int CRYPTO_set_mem_debug(int onoff)
+
+ int CRYPTO_mem_ctrl(int mode);
+
+ int OPENSSL_mem_debug_push(const char *info)
+ int OPENSSL_mem_debug_pop(void);
+
+ int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+ int CRYPTO_mem_debug_pop(void);
+
+ void CRYPTO_mem_leaks(BIO *b);
+ void CRYPTO_mem_leaks_fp(FILE *fp);
+
+=head1 DESCRIPTION
+
+OpenSSL memory allocation is handled by the B<OPENSSL_xxx> API. These are
+generally macro's that add the standard C B<__FILE__> and B<__LINE__>
+parameters and call a lower-level B<CRYPTO_xxx> API.
+Some functions do not add those parameters, but exist for consistency.
+
+OPENSSL_malloc_init() sets the lower-level memory allocation functions
+to their default implementation.
+It is generally not necessary to call this, except perhaps in certain
+shared-library situations.
+
+OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the
+C malloc(), realloc(), and free() functions.
+OPENSSL_zalloc() calls memset() to zero the memory before returning.
+
+OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
+when the buffer at B<addr> holds sensitive information.
+The old buffer is filled with zero's by calling OPENSSL_cleanse()
+before ultimately calling OPENSSL_free().
+
+OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
+Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
+If the storage controller uses write compression, then its possible
+that sensitive tail bytes will survive zeroization because the block of
+zeros will be compressed. If the storage controller uses wear leveling,
+then the old sensitive data will not be overwritten; rather, a block of
+0's will be written at a new physical location.
+
+OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the
+equivalent C functions, except that memory is allocated by calling the
+OPENSSL_malloc() and should be released by calling OPENSSL_free().
+
+OPENSSL_strlcpy(),
+OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C
+library functions and are provided for portability.
+
+OPENSSL_hexstr2buf() parses B<str> as a hex string and returns a
+pointer to the parsed value. The memory is allocated by calling
+OPENSSL_malloc() and should be released by calling OPENSSL_free().
+If B<len> is not NULL, it is filled in with the output length.
+Colons between two-character hex "bytes" are ignored.
+An odd number of hex digits is an error.
+
+OPENSSL_buf2hexstr() takes the specified buffer and length, and returns
+a hex string for value, or NULL on error.
+B<Buffer> cannot be NULL; if B<len> is 0 an empty string is returned.
+
+OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent,
+or returns -1 on error.
+
+If no allocations have been done, it is possible to "swap out" the default
+implementations for OPENSSL_malloc(), OPENSSL_realloc and OPENSSL_free()
+and replace them with alternate versions (hooks).
+CRYPTO_get_mem_functions() function fills in the given arguments with the
+function pointers for the current implementations.
+With CRYPTO_set_mem_functions(), you can specify a different set of functions.
+If any of B<m>, B<r>, or B<f> are NULL, then the function is not changed.
+
+The default implementation can include some debugging capability (if enabled
+at build-time).
+This adds some overhead by keeping a list of all memory allocations, and
+removes items from the list when they are free'd.
+This is most useful for identifying memory leaks.
+CRYPTO_set_mem_debug() turns this tracking on and off.  In order to have
+any effect, is must be called before any of the allocation functions
+(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the
+first lines of main() in an application.
+
+CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking.
+To enable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
+the B<CRYPTO_MEM_CHECK_ON>.
+To disable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
+the B<CRYPTO_MEM_CHECK_OFF>.
+
+While checking memory, it can be useful to store additional context
+about what is being done.
+For example, identifying the field names when parsing a complicated
+data structure.
+OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push())
+attachs an identifying string to the allocation stack.
+This must be a global or other static string; it is not copied.
+OPENSSL_mem_debug_pop() removes identifying state from the stack.
+
+At the end of the program, calling CRYPTO_mem_leaks() or
+CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it
+to the specified BIO B<b> or FILE B<fp>. These functions return 1 if
+there are no leaks, 0 if there are leaks and -1 if an error occurred.
+
+=head1 RETURN VALUES
+
+OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free()
+CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions()
+return no value.
+
+CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return 1 if there
+are no leaks, 0 if there are leaks and -1 if an error occurred.
+
+OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(),
+OPENSSL_clear_realloc(),
+CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(),
+CRYPTO_clear_realloc(),
+OPENSSL_buf2hexstr(), OPENSSL_hexstr2buf(),
+OPENSSL_strdup(), and OPENSSL_strndup()
+return a pointer to allocated memory or NULL on error.
+
+CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug()
+return 1 on success or 0 on failure (almost
+always because allocations have already happened).
+
+CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the
+previous value of the mode.
+
+OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop()
+return 1 on success or 0 on failure.
+
+=head1 NOTES
+
+While it's permitted to swap out only a few and not all the functions
+with CRYPTO_set_mem_functions(), it's recommended to swap them all out
+at once.  I<This applies specially if OpenSSL was built with the
+configuration option> C<crypto-mdebug> I<enabled.  In case, swapping out
+only, say, the malloc() implementation is outright dangerous.>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OPENSSL_secure_malloc.pod b/openssl-1.1.0h/doc/crypto/OPENSSL_secure_malloc.pod
new file mode 100644
index 0000000..3f27d76
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OPENSSL_secure_malloc.pod
@@ -0,0 +1,131 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
+CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
+OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
+OPENSSL_secure_clear_free, CRYPTO_secure_free, CRYPTO_secure_clear_free,
+OPENSSL_secure_actual_size, OPENSSL_secure_allocated, CRYPTO_secure_used
+- secure heap storage
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ int CRYPTO_secure_malloc_init(size_t size, int minsize);
+
+ int CRYPTO_secure_malloc_initialized();
+
+ int CRYPTO_secure_malloc_done();
+
+ void *OPENSSL_secure_malloc(size_t num);
+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+
+ void *OPENSSL_secure_zalloc(size_t num);
+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+
+ void OPENSSL_secure_free(void* ptr);
+ void CRYPTO_secure_free(void *ptr, const char *, int);
+
+ void OPENSSL_secure_clear_free(void* ptr, size_t num);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
+
+ size_t OPENSSL_secure_actual_size(const void *ptr);
+ int OPENSSL_secure_allocated(const void *ptr);
+
+ size_t CRYPTO_secure_used();
+
+=head1 DESCRIPTION
+
+In order to help protect applications (particularly long-running servers)
+from pointer overruns or underruns that could return arbitrary data from
+the program's dynamic memory area, where keys and other sensitive
+information might be stored, OpenSSL supports the concept of a "secure heap."
+The level and type of security guarantees depend on the operating system.
+It is a good idea to review the code and see if it addresses your
+threat model and concerns.
+
+If a secure heap is used, then private key B<BIGNUM> values are stored there.
+This protects long-term storage of private keys, but will not necessarily
+put all intermediate values and computations there.
+
+CRYPTO_secure_malloc_init() creates the secure heap, with the specified
+C<size> in bytes. The C<minsize> parameter is the minimum size to
+allocate from the heap. Both C<size> and C<minsize> must be a power
+of two.
+
+CRYPTO_secure_malloc_initialized() indicates whether or not the secure
+heap as been initialized and is available.
+
+CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable
+to the process if all secure memory has been freed.
+It can take noticeably long to complete.
+
+OPENSSL_secure_malloc() allocates C<num> bytes from the heap.
+If CRYPTO_secure_malloc_init() is not called, this is equivalent to
+calling OPENSSL_malloc().
+It is a macro that expands to
+CRYPTO_secure_malloc() and adds the C<__FILE__> and C<__LINE__> parameters.
+
+OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like
+OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively,
+except that they call memset() to zero the memory before returning.
+
+OPENSSL_secure_free() releases the memory at C<ptr> back to the heap.
+It must be called with a value previously obtained from
+OPENSSL_secure_malloc().
+If CRYPTO_secure_malloc_init() is not called, this is equivalent to
+calling OPENSSL_free().
+It exists for consistency with OPENSSL_secure_malloc() , and
+is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__>
+and C<__LINE__> parameters..
+
+OPENSSL_secure_allocated() tells whether or not a pointer is within
+the secure heap.
+OPENSSL_secure_actual_size() tells the actual size allocated to the
+pointer; implementations may allocate more space than initially
+requested, in order to "round up" and reduce secure heap fragmentation.
+
+CRYPTO_secure_used() returns the number of bytes allocated in the
+secure heap.
+
+=head1 RETURN VALUES
+
+CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful,
+and 2 if successful but the heap could not be protected by memory
+mapping.
+
+CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is
+available (that is, if CRYPTO_secure_malloc_init() has been called,
+but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.
+
+OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into
+the secure heap of the requested size, or C<NULL> if memory could not be
+allocated.
+
+CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
+
+CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
+
+OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
+
+=head1 SEE ALSO
+
+L<OPENSSL_malloc(3)>,
+L<BN_new(3)>
+
+=head1 HISTORY
+
+OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/OpenSSL_add_all_algorithms.pod b/openssl-1.1.0h/doc/crypto/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 0000000..aaa28dd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup -
+add algorithms to internal table
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+Deprecated:
+
+ # if OPENSSL_API_COMPAT < 0x10100000L
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void)
+# endif
+
+=head1 DESCRIPTION
+
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname(). In
+OpenSSL versions prior to 1.1.0 these functions initialised and de-initialised
+this table. From OpenSSL 1.1.0 they are deprecated. No explicit initialisation
+or de-initialisation is required. See L<OPENSSL_init_crypto(3)> for further
+information.
+
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+ciphers).
+
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+
+In versions prior to 1.1.0 EVP_cleanup() removed all ciphers and digests from
+the table. It no longer has any effect in OpenSSL 1.1.0.
+
+=head1 RETURN VALUES
+
+None of the functions return a value.
+
+=head1 NOTES
+
+A typical application will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialized several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+
+=head1 BUGS
+
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+
+=head1 SEE ALSO
+
+L<evp(3)>, L<EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)>
+
+=head1 HISTORY
+
+The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(),
+OpenSSL_add_all_digests(), and EVP_cleanup(), functions
+were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PEM_read.pod b/openssl-1.1.0h/doc/crypto/PEM_read.pod
new file mode 100644
index 0000000..66cbc7d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PEM_read.pod
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+PEM_write, PEM_write_bio,
+PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO
+- PEM encoding routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ int PEM_write(FILE *fp, const char *name, const char *header,
+               const unsigned char *data, long len)
+ int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                   const unsigned char *data, long len)
+
+ int PEM_read(FILE *fp, char **name, char **header,
+              unsigned char **data, long *len);
+ int PEM_read_bio(BIO *bp, char **name, char **header,
+                  unsigned char **data, long *len);
+
+ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+                   pem_password_cb *cb, void *u);
+
+=head1 DESCRIPTION
+
+These functions read and write PEM-encoded objects, using the PEM
+type B<name>, any additional B<header> information, and the raw
+B<data> of length B<len>.
+
+PEM is the term used for binary content encoding first defined in IETF
+RFC 1421.  The content is a series of base64-encoded lines, surrounded
+by begin/end markers each on their own line.  For example:
+
+ -----BEGIN PRIVATE KEY-----
+ MIICdg....
+ ... bhTQ==
+ -----END PRIVATE KEY-----
+
+Optional header line(s) may appear after the begin line, and their
+existence depends on the type of object being written or read.
+
+PEM_write() writes to the file B<fp>, while PEM_write_bio() writes to
+the BIO B<bp>.  The B<name> is the name to use in the marker, the
+B<header> is the header value or NULL, and B<data> and B<len> specify
+the data and its length.
+
+The final B<data> buffer is typically an ASN.1 object which can be decoded with
+the B<d2i> function appropriate to the type B<name>; see L<d2i_X509(3)>
+for examples.
+
+PEM_read() reads from the file B<fp>, while PEM_read_bio() reads
+from the BIO B<bp>.
+Both skip any non-PEM data that precedes the start of the next PEM object.
+When an object is successfully retrieved, the type name from the "----BEGIN
+<type>-----" is returned via the B<name> argument, any encapsulation headers
+are returned in B<header> and the base64-decoded content and its length are
+returned via B<data> and B<len> respectively.
+The B<name>, B<header> and B<data> pointers are allocated via OPENSSL_malloc()
+and should be freed by the caller via OPENSSL_free() when no longer needed.
+
+PEM_get_EVP_CIPHER_INFO() can be used to determine the B<data> returned by
+PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher
+and IV.
+The caller passes a pointer to structure of type B<EVP_CIPHER_INFO> via the
+B<cinfo> argument and the B<header> returned via PEM_read() or PEM_read_bio().
+If the call is successful 1 is returned and the cipher and IV are stored at the
+address pointed to by B<cinfo>.
+When the header is malformed, or not supported or when the cipher is unknown
+or some internal error happens 0 is returned.
+This function is deprecated, see B<NOTES> below.
+
+PEM_do_header() can then be used to decrypt the data if the header
+indicates encryption.
+The B<cinfo> argument is a pointer to the structure initialized by the previous
+call to PEM_get_EVP_CIPHER_INFO().
+The B<data> and B<len> arguments are those returned by the previous call to
+PEM_read() or PEM_read_bio().
+The B<cb> and B<u> arguments make it possible to override the default password
+prompt function as described in L<PEM_read_PrivateKey(3)>.
+On successful completion the B<data> is decrypted in place, and B<len> is
+updated to indicate the plaintext length.
+This function is deprecated, see B<NOTES> below.
+
+If the data is a priori known to not be encrypted, then neither PEM_do_header()
+nor PEM_get_EVP_CIPHER_INFO() need be called.
+
+=head1 RETURN VALUES
+
+PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter
+includes the case when no more PEM objects remain in the input file.
+To distinguish end of file from more serious errors the caller must peek at the
+error stack and check for B<PEM_R_NO_START_LINE>, which indicates that no more
+PEM objects were found.  See L<ERR_peek_last_error(3)>, L<ERR_GET_REASON(3)>.
+
+PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on
+failure.
+The B<data> is likely meaningless if these functions fail.
+
+=head1 NOTES
+
+The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated.
+This is because the underlying PEM encryption format is obsolete, and should
+be avoided.
+It uses an encryption format with an OpenSSL-specific key-derivation function,
+which employs MD5 with an iteration count of 1!
+Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5
+v2.0 PBE.
+See L<PEM_write_PrivateKey(3)> and L<d2i_PKCS8PrivateKey_bio(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>,
+L<d2i_PKCS8PrivateKey_bio(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PEM_read_CMS.pod b/openssl-1.1.0h/doc/crypto/PEM_read_CMS.pod
new file mode 100644
index 0000000..649c808
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PEM_read_CMS.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+DECLARE_PEM_rw,
+PEM_read_CMS,
+PEM_read_bio_CMS,
+PEM_write_CMS,
+PEM_write_bio_CMS,
+PEM_write_DHxparams,
+PEM_write_bio_DHxparams,
+PEM_read_ECPKParameters,
+PEM_read_bio_ECPKParameters,
+PEM_write_ECPKParameters,
+PEM_write_bio_ECPKParameters,
+PEM_read_ECPrivateKey,
+PEM_write_ECPrivateKey,
+PEM_write_bio_ECPrivateKey,
+PEM_read_EC_PUBKEY,
+PEM_read_bio_EC_PUBKEY,
+PEM_write_EC_PUBKEY,
+PEM_write_bio_EC_PUBKEY,
+PEM_read_NETSCAPE_CERT_SEQUENCE,
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_write_NETSCAPE_CERT_SEQUENCE,
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_read_PKCS8,
+PEM_read_bio_PKCS8,
+PEM_write_PKCS8,
+PEM_write_bio_PKCS8,
+PEM_write_PKCS8_PRIV_KEY_INFO,
+PEM_read_bio_PKCS8_PRIV_KEY_INFO,
+PEM_read_PKCS8_PRIV_KEY_INFO,
+PEM_write_bio_PKCS8_PRIV_KEY_INFO,
+PEM_read_SSL_SESSION,
+PEM_read_bio_SSL_SESSION,
+PEM_write_SSL_SESSION,
+PEM_write_bio_SSL_SESSION
+- PEM object encoding routines
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ DECLARE_PEM_rw(name, TYPE)
+
+ TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
+ int PEM_write_TYPE(FILE *fp, const TYPE *a);
+ int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
+
+=head1 DESCRIPTION
+
+In the description below, I<TYPE> is used
+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
+The macro B<DECLARE_PEM_rw> expands to the set of declarations shown in
+the next four lines of the synopsis.
+
+These routines convert between local instances of ASN1 datatypes and
+the PEM encoding.  For more information on the templates, see
+L<ASN1_ITEM(3)>.  For more information on the lower-level routines used
+by the functions here, see L<PEM_read(3)>.
+
+PEM_read_TYPE() reads a PEM-encoded object of I<TYPE> from the file B<fp>
+and returns it.  The B<cb> and B<u> parameters are as described in
+L<pem_password_cb(3)>.
+
+PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from the BIO B<bp>.
+
+PEM_write_TYPE() writes the PEM encoding of the object B<a> to the file B<fp>.
+
+PEM_write_bio_TYPE() similarly writes to the BIO B<bp>.
+
+=head1 RETURN VALUES
+
+PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated
+object, which should be released by calling TYPE_free(), or NULL on error.
+
+PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes written
+or zero on error.
+
+=head1 SEE ALSO
+
+L<PEM_read(3)>
+
+=head1 COPYRIGHT
+
+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PEM_read_bio_PrivateKey.pod b/openssl-1.1.0h/doc/crypto/PEM_read_bio_PrivateKey.pod
new file mode 100644
index 0000000..6b3006e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PEM_read_bio_PrivateKey.pod
@@ -0,0 +1,481 @@
+=pod
+
+=head1 NAME
+
+pem_password_cb,
+PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
+PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
+PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
+PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
+PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
+PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
+PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
+PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
+PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
+PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
+PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
+PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
+PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
+PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
+PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
+PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
+PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
+PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
+PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
+PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
+
+ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+                                   pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              unsigned char *kstr, int klen,
+                              pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                          const EVP_CIPHER *enc,
+                                          unsigned char *kstr, int klen,
+                                          pem_password_cb *cb, void *u);
+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                          unsigned char *kstr, int klen,
+                          pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                       char *kstr, int klen,
+                                       pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+                           pem_password_cb *cb, void *u);
+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+
+ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+                                 pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+                                pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+                            pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+
+ RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+                              pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+
+ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+                                 pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+                              pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+
+ DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+ int PEM_write_DSAparams(FILE *fp, DSA *x);
+
+ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
+ int PEM_write_DHparams(FILE *fp, DH *x);
+
+ X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509(BIO *bp, X509 *x);
+ int PEM_write_X509(FILE *fp, X509 *x);
+
+ X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
+
+ X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+                                 pem_password_cb *cb, void *u);
+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+
+ X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+                                 pem_password_cb *cb, void *u);
+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+
+ PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+
+=head1 DESCRIPTION
+
+The PEM functions read or write structures in PEM format. In
+this sense PEM format is simply base64 encoded data surrounded
+by header lines.
+
+For more details about the meaning of arguments see the
+B<PEM FUNCTION ARGUMENTS> section.
+
+Each operation has four functions associated with it. For
+clarity the term "B<foobar> functions" will be used to collectively
+refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
+PEM_write_bio_foobar() and PEM_write_foobar() functions.
+
+The B<PrivateKey> functions read or write a private key in PEM format using an
+EVP_PKEY structure. The write routines use PKCS#8 private key format and are
+equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
+handle traditional and PKCS#8 format encrypted and unencrypted keys.
+
+PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
+"traditional" format.
+
+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
+key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
+PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
+specifies the encryption algorithm to use: unlike some other PEM routines the
+encryption is applied at the PKCS#8 level and not in the PEM headers. If
+B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
+structure is used instead.
+
+PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
+also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
+it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
+to use is specified in the B<nid> parameter and should be the NID of the
+corresponding OBJECT IDENTIFIER (see NOTES section).
+
+The B<PUBKEY> functions process a public key using an EVP_PKEY
+structure. The public key is encoded as a SubjectPublicKeyInfo
+structure.
+
+The B<RSAPrivateKey> functions process an RSA private key using an
+RSA structure. The write routines uses traditional format. The read
+routines handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not RSA.
+
+The B<RSAPublicKey> functions process an RSA public key using an
+RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
+structure.
+
+The B<RSA_PUBKEY> functions also process an RSA public key using
+an RSA structure. However the public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not RSA.
+
+The B<DSAPrivateKey> functions process a DSA private key using a
+DSA structure. The write routines uses traditional format. The read
+routines handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not DSA.
+
+The B<DSA_PUBKEY> functions process a DSA public key using
+a DSA structure. The public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not DSA.
+
+The B<DSAparams> functions process DSA parameters using a DSA
+structure. The parameters are encoded using a Dss-Parms structure
+as defined in RFC2459.
+
+The B<DHparams> functions process DH parameters using a DH
+structure. The parameters are encoded using a PKCS#3 DHparameter
+structure.
+
+The B<X509> functions process an X509 certificate using an X509
+structure. They will also process a trusted X509 certificate but
+any trust settings are discarded.
+
+The B<X509_AUX> functions process a trusted X509 certificate using
+an X509 structure.
+
+The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
+certificate request using an X509_REQ structure. The B<X509_REQ>
+write functions use B<CERTIFICATE REQUEST> in the header whereas
+the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
+(as required by some CAs). The B<X509_REQ> read functions will
+handle either form so there are no B<X509_REQ_NEW> read functions.
+
+The B<X509_CRL> functions process an X509 CRL using an X509_CRL
+structure.
+
+The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
+structure.
+
+=head1 PEM FUNCTION ARGUMENTS
+
+The PEM functions have many common arguments.
+
+The B<bp> BIO parameter (if present) specifies the BIO to read from
+or write to.
+
+The B<fp> FILE parameter (if present) specifies the FILE pointer to
+read from or write to.
+
+The PEM read functions all take an argument B<TYPE **x> and return
+a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
+uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
+NULL but B<*x> is NULL then the structure returned will be written
+to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
+to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
+Irrespective of the value of B<x> a pointer to the structure is always
+returned (or NULL if an error occurred).
+
+The PEM functions which write private keys take an B<enc> parameter
+which specifies the encryption algorithm to use, encryption is done
+at the PEM level. If this parameter is set to NULL then the private
+key is written in unencrypted form.
+
+The B<cb> argument is the callback to use when querying for the pass
+phrase used for encrypted PEM structures (normally only private keys).
+
+For the PEM write routines if the B<kstr> parameter is not NULL then
+B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
+ignored.
+
+If the B<cb> parameters is set to NULL and the B<u> parameter is not
+NULL then the B<u> parameter is interpreted as a null terminated string
+to use as the passphrase. If both B<cb> and B<u> are NULL then the
+default callback routine is used which will typically prompt for the
+passphrase on the current terminal with echoing turned off.
+
+The default passphrase callback is sometimes inappropriate (for example
+in a GUI application) so an alternative can be supplied. The callback
+routine has the following form:
+
+ int cb(char *buf, int size, int rwflag, void *u);
+
+B<buf> is the buffer to write the passphrase to. B<size> is the maximum
+length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
+which is set to 0 when reading and 1 when writing. A typical routine
+will ask the user to verify the passphrase (for example by prompting
+for it twice) if B<rwflag> is 1. The B<u> parameter has the same
+value as the B<u> parameter passed to the PEM routine. It allows
+arbitrary data to be passed to the callback by the application
+(for example a window handle in a GUI application). The callback
+B<must> return the number of characters in the passphrase or 0 if
+an error occurred.
+
+=head1 EXAMPLES
+
+Although the PEM routines take several arguments in almost all applications
+most of them are set to 0 or NULL.
+
+Read a certificate in PEM format from a BIO:
+
+ X509 *x;
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+ if (x == NULL) {
+     /* Error */
+ }
+
+Alternative method:
+
+ X509 *x = NULL;
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+     /* Error */
+ }
+
+Write a certificate to a BIO:
+
+ if (!PEM_write_bio_X509(bp, x)) {
+     /* Error */
+ }
+
+Write a private key (using traditional format) to a BIO using
+triple DES encryption, the pass phrase is prompted for:
+
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
+     /* Error */
+ }
+
+Write a private key (using PKCS#8 format) to a BIO using triple
+DES encryption, using the pass phrase "hello":
+
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
+     /* Error */
+ }
+
+Read a private key from a BIO using a pass phrase callback:
+
+ key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+ if (key == NULL) {
+     /* Error */
+ }
+
+Skeleton pass phrase callback:
+
+ int pass_cb(char *buf, int size, int rwflag, void *u)
+ {
+     int len;
+     char *tmp;
+
+     /* We'd probably do something else if 'rwflag' is 1 */
+     printf("Enter pass phrase for \"%s\"\n", (char *)u);
+
+     /* get pass phrase, length 'len' into 'tmp' */
+     tmp = "hello";
+     len = strlen(tmp);
+     if (len <= 0)
+         return 0;
+
+     if (len > size)
+         len = size;
+     memcpy(buf, tmp, len);
+     return len;
+ }
+
+=head1 NOTES
+
+The old B<PrivateKey> write routines are retained for compatibility.
+New applications should write private keys using the
+PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
+because they are more secure (they use an iteration count of 2048 whereas
+the traditional routines use a count of 1) unless compatibility with older
+versions of OpenSSL is important.
+
+The B<PrivateKey> read routines can be used in all applications because
+they handle all formats transparently.
+
+A frequent cause of problems is attempting to use the PEM routines like
+this:
+
+ X509 *x;
+ PEM_read_bio_X509(bp, &x, 0, NULL);
+
+this is a bug because an attempt will be made to reuse the data at B<x>
+which is an uninitialised pointer.
+
+=head1 PEM ENCRYPTION FORMAT
+
+These old B<PrivateKey> routines use a non standard technique for encryption.
+
+The private key (or other data) takes the following form:
+
+ -----BEGIN RSA PRIVATE KEY-----
+ Proc-Type: 4,ENCRYPTED
+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+
+ ...base64 encoded data...
+ -----END RSA PRIVATE KEY-----
+
+The line beginning with I<Proc-Type> contains the version and the
+protection on the encapsulated data. The line beginning I<DEK-Info>
+contains two comma separated values: the encryption algorithm name as
+used by EVP_get_cipherbyname() and an initialization vector used by the
+cipher encoded as a set of hexadecimal digits. After those two lines is
+the base64-encoded encrypted data.
+
+The encryption key is derived using EVP_BytesToKey(). The cipher's
+initialization vector is passed to EVP_BytesToKey() as the B<salt>
+parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
+(regardless of the size of the initialization vector). The user's
+password is passed to EVP_BytesToKey() using the B<data> and B<datal>
+parameters. Finally, the library uses an iteration count of 1 for
+EVP_BytesToKey().
+
+The B<key> derived by EVP_BytesToKey() along with the original initialization
+vector is then used to decrypt the encrypted data. The B<iv> produced by
+EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
+the function.
+
+The pseudo code to derive the key would look similar to:
+
+ EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+ EVP_MD* md = EVP_md5();
+
+ unsigned int nkey = EVP_CIPHER_key_length(cipher);
+ unsigned int niv = EVP_CIPHER_iv_length(cipher);
+ unsigned char key[nkey];
+ unsigned char iv[niv];
+
+ memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+ rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+ if (rc != nkey) {
+     /* Error */
+ }
+
+ /* On success, use key and iv to initialize the cipher */
+
+=head1 BUGS
+
+The PEM read routines in some versions of OpenSSL will not correctly reuse
+an existing structure. Therefore the following:
+
+ PEM_read_bio_X509(bp, &x, 0, NULL);
+
+where B<x> already contains a valid certificate, may not work, whereas:
+
+ X509_free(x);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+
+is guaranteed to work.
+
+=head1 RETURN CODES
+
+The read routines return either a pointer to the structure read or NULL
+if an error occurred.
+
+The write routines return 1 for success or 0 for failure.
+
+=head1 HISTORY
+
+The old Netscape certificate sequences were no longer documented
+in OpenSSL 1.1; applications should use the PKCS7 standard instead
+as they will be formally deprecated in a future releases.
+
+=head1 SEE ALSO
+
+L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PEM_write_bio_CMS_stream.pod b/openssl-1.1.0h/doc/crypto/PEM_write_bio_CMS_stream.pod
new file mode 100644
index 0000000..c73fafd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PEM_write_bio_CMS_stream.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.
+
+It is otherwise identical to the function SMIME_write_CMS().
+
+=head1 NOTES
+
+This function is effectively a version of the PEM_write_bio_CMS() supporting
+streaming.
+
+=head1 RETURN VALUES
+
+PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_verify(3)>, L<CMS_encrypt(3)>
+L<CMS_decrypt(3)>,
+L<PEM_write(3)>,
+L<SMIME_write_CMS(3)>,
+L<i2d_CMS_bio_stream(3)>
+
+=head1 HISTORY
+
+PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/openssl-1.1.0h/doc/crypto/PEM_write_bio_PKCS7_stream.pod
new file mode 100644
index 0000000..77f97aa
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PEM_write_bio_PKCS7_stream.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.
+
+It is otherwise identical to the function SMIME_write_PKCS7().
+
+=head1 NOTES
+
+This function is effectively a version of the PEM_write_bio_PKCS7() supporting
+streaming.
+
+=head1 RETURN VALUES
+
+PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
+L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)>,
+L<i2d_PKCS7_bio_stream(3)>
+
+=head1 HISTORY
+
+PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS12_create.pod b/openssl-1.1.0h/doc/crypto/PKCS12_create.pod
new file mode 100644
index 0000000..0a43b96
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS12_create.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+PKCS12_create - create a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                       X509 *cert, STACK_OF(X509) *ca,
+                       int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+
+=head1 DESCRIPTION
+
+PKCS12_create() creates a PKCS#12 structure.
+
+B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
+the supplied certificate and key. B<pkey> is the private key to include in
+the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
+is an optional set of certificates to also include in the structure.
+
+B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
+for the key and certificate respectively. B<iter> is the encryption algorithm
+iteration count to use and B<mac_iter> is the MAC iteration count to use.
+B<keytype> is the type of key.
+
+=head1 NOTES
+
+The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
+can all be set to zero and sensible defaults will be used.
+
+These defaults are: 40 bit RC2 encryption for certificates, triple DES
+encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
+(currently 2048) and a MAC iteration count of 1.
+
+The default MAC iteration count is 1 in order to retain compatibility with
+old software which did not interpret MAC iteration counts. If such compatibility
+is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
+
+B<keytype> adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by MSIE. If set to zero the flag is omitted,
+if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+
+If a certificate contains an B<alias> or B<keyid> then this will be
+used for the corresponding B<friendlyName> or B<localKeyID> in the
+PKCS12 structure.
+
+Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or
+certificate is required. In previous versions both had to be present or
+a fatal error is returned.
+
+B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
+should be used.
+
+B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS12_newpass.pod b/openssl-1.1.0h/doc/crypto/PKCS12_newpass.pod
new file mode 100644
index 0000000..6b22fd7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS12_newpass.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+PKCS12_newpass - change the password of a PKCS12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+ int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+=head1 DESCRIPTION
+
+PKCS12_newpass() changes the password of a PKCS12 structure.
+
+B<p12> is a pointer to a PKCS12 structure. B<oldpass> is the existing password
+and B<newpass> is the new password.
+
+=head1 NOTES
+
+Each of B<oldpass> and B<newpass> is independently interpreted as a string in
+the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1
+instead.
+
+In particular, this means that passwords in the locale character set
+(or code page on Windows) must potentially be converted to UTF-8 before
+use. This may include passwords from local text files, or input from
+the terminal or command line. Refer to the documentation of
+L<UI_OpenSSL(3)>, for example.
+
+=head1 RETURN VALUES
+
+PKCS12_newpass() returns 1 on success or 0 on failure. Applications can
+retrieve the most recent error from PKCS12_newpass() with ERR_get_error().
+
+=head1 EXAMPLE
+
+This example loads a PKCS#12 file, changes its password and writes out
+the result to a new file.
+
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/pkcs12.h>
+
+ int main(int argc, char **argv)
+ {
+    FILE *fp;
+    PKCS12 *p12;
+    if (argc != 5) {
+        fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+        return 1;
+    }
+    if ((fp = fopen(argv[1], "rb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        return 1;
+    }
+    p12 = d2i_PKCS12_fp(fp, NULL);
+    fclose(fp);
+    if (p12 == NULL) {
+        fprintf(stderr, "Error reading PKCS#12 file\n");
+        ERR_print_errors_fp(stderr);
+        return 1;
+    }
+    if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+        fprintf(stderr, "Error changing password\n");
+        ERR_print_errors_fp(stderr);
+        PKCS12_free(p12);
+        return 1;
+    }
+    if ((fp = fopen(argv[4], "wb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[4]);
+        PKCS12_free(p12);
+        return 1;
+    }
+    i2d_PKCS12_fp(fp, p12);
+    PKCS12_free(p12);
+    fclose(fp);
+    return 0;
+ }
+
+
+=head1 NOTES
+
+If the PKCS#12 structure does not have a password, then you must use the empty
+string "" for B<oldpass>. Using NULL for B<oldpass> will result in a
+PKCS12_newpass() failure.
+
+If the wrong password is used for B<oldpass> then the function will fail,
+with a MAC verification error. In rare cases the PKCS12 structure does not
+contain a MAC: in this case it will usually fail with a decryption padding
+error.
+
+=head1 BUGS
+
+The password format is a NULL terminated ASCII string which is converted to
+Unicode form internally. As a result some passwords cannot be supplied to
+this function.
+
+=head1 SEE ALSO
+
+L<PKCS12_create(3)>, L<ERR_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS12_parse.pod b/openssl-1.1.0h/doc/crypto/PKCS12_parse.pod
new file mode 100644
index 0000000..c03c371
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS12_parse.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+PKCS12_parse - parse a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+=head1 DESCRIPTION
+
+PKCS12_parse() parses a PKCS12 structure.
+
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+
+=head1 NOTES
+
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in
+which case additional certificates will be discarded. B<*ca> can also be a
+valid STACK in which case additional certificates are appended to B<*ca>. If
+B<*ca> is B<NULL> a new STACK will be allocated.
+
+The B<friendlyName> and B<localKeyID> attributes (if present) on each
+certificate will be stored in the B<alias> and B<keyid> attributes of the
+B<X509> structure.
+
+The parameter B<pass> is interpreted as a string in the UTF-8 encoding. If it
+is not valid UTF-8, then it is assumed to be ISO8859-1 instead.
+
+In particular, this means that passwords in the locale character set
+(or code page on Windows) must potentially be converted to UTF-8 before
+use. This may include passwords from local text files, or input from
+the terminal or command line. Refer to the documentation of
+L<UI_OpenSSL(3)>, for example.
+
+=head1 RETURN VALUES
+
+PKCS12_parse() returns 1 for success and zero if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)>
+
+=head1 BUGS
+
+Only a single private key and corresponding certificate is returned by this
+function. More complex PKCS#12 files with multiple private keys will only
+return the first match.
+
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in
+certificates. Other attributes are discarded.
+
+Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/openssl-1.1.0h/doc/crypto/PKCS5_PBKDF2_HMAC.pod
new file mode 100644
index 0000000..5cc2caa
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS5_PBKDF2_HMAC.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                       const unsigned char *salt, int saltlen, int iter,
+                       const EVP_MD *digest,
+                       int keylen, unsigned char *out);
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+
+=head1 DESCRIPTION
+
+PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count
+as specified in RFC 2898.
+
+B<pass> is the password used in the derivation of length B<passlen>. B<pass>
+is an optional parameter and can be NULL. If B<passlen> is -1, then the
+function will calculate the length of B<pass> using strlen().
+
+B<salt> is the salt used in the derivation of length B<saltlen>. If the
+B<salt> is NULL, then B<saltlen> must be 0. The function will not
+attempt to calculate the length of the B<salt> because it is not assumed to
+be NULL terminated.
+
+B<iter> is the iteration count and its value should be greater than or
+equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
+B<iter> less than 1 is treated as a single iteration.
+
+B<digest> is the message digest function used in the derivation. Values include
+any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls
+PKCS5_PBKDF2_HMAC() with EVP_sha1().
+
+The derived key will be written to B<out>. The size of the B<out> buffer
+is specified via B<keylen>.
+
+=head1 NOTES
+
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<pass>, a salt in B<salt>,
+and an iteration count.
+
+Increasing the B<iter> parameter slows down the algorithm which makes it
+harder for an attacker to perform a brute force attack using a large number
+of candidate passwords.
+
+=head1 RETURN VALUES
+
+PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<evp(3)>, L<rand(3)>,
+L<EVP_BytesToKey(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS7_decrypt.pod b/openssl-1.1.0h/doc/crypto/PKCS7_decrypt.pod
new file mode 100644
index 0000000..4ed8aa7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS7_decrypt.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipients certificate, B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+PKCS7_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_encrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS7_encrypt.pod b/openssl-1.1.0h/doc/crypto/PKCS7_encrypt.pod
new file mode 100644
index 0000000..4e1afc9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS7_encrypt.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
+certificates supplied to this function must all contain RSA public keys, though
+they do not have to be signed using the RSA algorithm.
+
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
+because most clients will support it.
+
+Some old "export grade" clients may only support weak encryption using 40 or 64
+bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+respectively.
+
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
+its parameters.
+
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are
+prepended to the data.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then
+B<PKCS7_TEXT> is ignored.
+
+If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output
+suitable for streaming I/O: no data is read from the BIO B<in>.
+
+=head1 NOTES
+
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not
+properly finalize the B<PKCS7> structure will give unpredictable
+results.
+
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+
+=head1 RETURN VALUES
+
+PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS7_sign.pod b/openssl-1.1.0h/doc/crypto/PKCS7_sign.pod
new file mode 100644
index 0000000..f319f66
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS7_sign.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign - create a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
+the certificate to sign with, B<pkey> is the corresponding private key.
+B<certs> is an optional additional set of certificates to include in the PKCS#7
+structure (for example any intermediate CAs in the chain).
+
+The data to be signed is read from BIO B<data>.
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+
+The data being signed is included in the PKCS7 structure, unless
+B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+
+The signedData structure includes several PKCS#7 authenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+
+If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
+just initialized ready to perform the signing operation. The signing is however
+B<not> performed and the data to be signed is not read from the B<data>
+parameter. Signing is deferred until after the data has been written. In this
+way data can be signed in a single pass.
+
+If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
+which additional signers and capabilities can be added before finalization.
+
+
+=head1 NOTES
+
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not properly
+finalize the B<PKCS7> structure will give unpredictable results.
+
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+
+The B<certs>, B<signcert> and B<pkey> parameters can all be
+B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+using the function PKCS7_sign_add_signer(). PKCS7_final() must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
+
+If B<signcert> and B<pkey> are NULL then a certificates only
+PKCS#7 structure is output.
+
+In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
+B<NOT> be NULL.
+
+=head1 BUGS
+
+Some advanced attributes such as counter signatures are not supported.
+
+=head1 RETURN VALUES
+
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error
+occurred.  The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_verify(3)>
+
+=head1 HISTORY
+
+The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>,
+and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0
+
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS7_sign_add_signer.pod b/openssl-1.1.0h/doc/crypto/PKCS7_sign_add_signer.pod
new file mode 100644
index 0000000..88fef77
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS7_sign_add_signer.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+
+
+=head1 DESCRIPTION
+
+PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
+key B<pkey> using message digest B<md> to a PKCS7 signed data structure
+B<p7>.
+
+The PKCS7 structure should be obtained from an initial call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7
+signed data structure.
+
+If the B<md> parameter is B<NULL> then the default digest for the public
+key algorithm will be used.
+
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure
+is not complete and must be finalized either by streaming (if applicable) or
+a call to PKCS7_final().
+
+
+=head1 NOTES
+
+The main purpose of this function is to provide finer control over a PKCS#7
+signed data structure where the simpler PKCS7_sign() function defaults are
+not appropriate. For example if multiple signers or non default digest
+algorithms are needed.
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+
+If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content
+digest value from the PKCS7 structure: to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy. The
+returned PKCS7 structure will be valid and finalized when this flag is set.
+
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
+B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
+can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
+needed to finalize it.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+
+The signedData structure includes several PKCS#7 authenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+
+
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added, this can be used to set additional attributes
+before it is finalized.
+
+=head1 RETURN VALUES
+
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
+L<PKCS7_final(3)>,
+
+=head1 HISTORY
+
+PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/PKCS7_verify.pod b/openssl-1.1.0h/doc/crypto/PKCS7_verify.pod
new file mode 100644
index 0000000..c34808e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/PKCS7_verify.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
+structure to verify. B<certs> is a set of certificates in which to search for
+the signer's certificate. B<store> is a trusted certificate store (used for
+chain verification). B<indata> is the signed data if the content is not
+present in B<p7> (that is it is detached). The content is written to B<out>
+if it is not NULL.
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
+B<not> check their validity or whether any signatures are valid. The B<certs>
+and B<flags> parameters have the same meanings as in PKCS7_verify().
+
+=head1 VERIFY PROCESS
+
+Normally the verify process proceeds as follows.
+
+Initially some sanity checks are performed on B<p7>. The type of B<p7> must
+be signedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.  If the content is
+not detached and B<indata> is not B<NULL>, then the structure has both
+embedded and external content. To treat this as an error, use the flag
+B<PKCS7_NO_DUAL_CONTENT>.
+The default behavior allows this, for compatibility with older
+versions of OpenSSL.
+
+An attempt is made to locate all the signer's certificates, first looking in
+the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
+contained in the B<p7> structure itself. If any signer's certificates cannot be
+located the operation fails.
+
+Each signer's certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+
+Finally the signed content is read (and written to B<out> is it is not NULL) and
+the signature's checked.
+
+If all signature's verify correctly then the function is successful.
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter
+to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
+meaningful to PKCS7_get0_signers().
+
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the B<certs> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
+
+If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+
+If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
+
+=head1 NOTES
+
+One application of B<PKCS7_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+
+Care should be taken when modifying the default verify behaviour, for example
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+
+Chain verification should arguably be performed  using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+
+=head1 RETURN VALUES
+
+PKCS7_verify() returns one for a successful verification and zero
+if an error occurs.
+
+PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)>
+
+=head1 BUGS
+
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_add.pod b/openssl-1.1.0h/doc/crypto/RAND_add.pod
new file mode 100644
index 0000000..46de165
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_add.pod
@@ -0,0 +1,79 @@
+=pod
+
+=head1 NAME
+
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_seed(const void *buf, int num);
+
+ void RAND_add(const void *buf, int num, double entropy);
+
+ int  RAND_status(void);
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
+ #endif
+
+=head1 DESCRIPTION
+
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+L<RAND_egd(3)>
+or L<RAND_load_file(3)>.
+
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+
+RAND_event() and RAND_screen() are deprecated and should not be called.
+
+=head1 RETURN VALUES
+
+RAND_status() returns 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
+
+RAND_event() calls RAND_poll() and returns RAND_status().
+
+RAND_screen calls RAND_poll().
+
+The other functions do not return values.
+
+=head1 HISTORY
+
+RAND_event() and RAND_screen() are deprecated since OpenSSL
+1.1.0.  Use the functions described above instead.
+
+=head1 SEE ALSO
+
+L<rand(3)>, L<RAND_egd(3)>,
+L<RAND_load_file(3)>, L<RAND_cleanup(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_bytes.pod b/openssl-1.1.0h/doc/crypto/RAND_bytes.pod
new file mode 100644
index 0000000..684215c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_bytes.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+RAND_bytes, RAND_pseudo_bytes - generate random data
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_bytes(unsigned char *buf, int num);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+ #endif
+
+=head1 DESCRIPTION
+
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+
+RAND_pseudo_bytes() has been deprecated. Users should use RAND_bytes() instead.
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+
+The contents of B<buf> is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see FAQ).
+
+=head1 RETURN VALUES
+
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+method.
+
+=head1 SEE ALSO
+
+L<rand(3)>, L<ERR_get_error(3)>,
+L<RAND_add(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_cleanup.pod b/openssl-1.1.0h/doc/crypto/RAND_cleanup.pod
new file mode 100644
index 0000000..2640c7d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_cleanup.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+RAND_cleanup - erase the PRNG state
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void RAND_cleanup(void)
+ #endif
+
+=head1 DESCRIPTION
+
+Prior to OpenSSL 1.1.0 RAND_cleanup() erases the memory used by the PRNG. This
+function is deprecated and as of version 1.1.0 does nothing. No explicit
+initialisation or de-initialisation is necessary. See L<OPENSSL_init_crypto(3)>.
+
+=head1 RETURN VALUE
+
+RAND_cleanup() returns no value.
+
+=head1 SEE ALSO
+
+L<rand(3)>
+
+=head1 HISTORY
+
+RAND_cleanup() was deprecated in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_egd.pod b/openssl-1.1.0h/doc/crypto/RAND_egd.pod
new file mode 100644
index 0000000..fcc57c0
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_egd.pod
@@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_egd(const char *path);
+ int RAND_egd_bytes(const char *path, int bytes);
+
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+
+=head1 DESCRIPTION
+
+RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
+It queries 255 bytes and uses L<RAND_add(3)> to seed the
+OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
+RAND_egd_bytes(path, 255);
+
+RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
+It queries B<bytes> bytes and uses L<RAND_add(3)> to seed the
+OpenSSL built-in PRNG.
+This function is more flexible than RAND_egd().
+When only one secret key must
+be generated, it is not necessary to request the full amount 255 bytes from
+the EGD socket. This can be advantageous, since the amount of entropy
+that can be retrieved from EGD over time is limited.
+
+RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
+B<path>. If B<buf> is given, B<bytes> bytes are queried and written into
+B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the
+OpenSSL built-in PRNG using L<RAND_add(3)>.
+
+=head1 NOTES
+
+On systems without /dev/*random devices providing entropy from the kernel,
+the EGD entropy gathering daemon can be used to collect entropy. It provides
+a socket interface through which entropy can be gathered in chunks up to
+255 bytes. Several chunks can be queried during one connection.
+
+EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
+Makefile.PL; make; make install> to install). It is run as B<egd>
+I<path>, where I<path> is an absolute path designating a socket. When
+RAND_egd() is called with that path as an argument, it tries to read
+random bytes that EGD has collected. RAND_egd() retrieves entropy from the
+daemon using the daemon's "non-blocking read" command which shall
+be answered immediately by the daemon without waiting for additional
+entropy to be collected. The write and read socket operations in the
+communication are blocking.
+
+Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
+available from
+http://prngd.sourceforge.net/ .
+PRNGD does employ an internal PRNG itself and can therefore never run
+out of entropy.
+
+OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
+or the status is checked via RAND_status() for the first time, if the socket
+is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
+
+=head1 RETURN VALUE
+
+RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
+daemon on success, and -1 if the connection failed or the daemon did not
+return enough data to fully seed the PRNG.
+
+RAND_query_egd_bytes() returns the number of bytes read from the daemon on
+success, and -1 if the connection failed. The PRNG state is not considered.
+
+=head1 SEE ALSO
+
+L<rand(3)>, L<RAND_add(3)>,
+L<RAND_cleanup(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_load_file.pod b/openssl-1.1.0h/doc/crypto/RAND_load_file.pod
new file mode 100644
index 0000000..1053a92
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_load_file.pod
@@ -0,0 +1,79 @@
+=pod
+
+=head1 NAME
+
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ const char *RAND_file_name(char *buf, size_t num);
+
+ int RAND_load_file(const char *filename, long max_bytes);
+
+ int RAND_write_file(const char *filename);
+
+=head1 DESCRIPTION
+
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename.
+
+On all systems, if the environment variable B<RANDFILE> is set, its
+value will be used as the seed file name.
+
+Otherwise, the file is called ".rnd", found in platform dependent locations:
+
+=over 4
+
+=item On Windows (in order of preference)
+
+%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
+
+=item On VMS
+
+SYS$LOGIN:
+
+=item On all other systems
+
+$HOME
+
+=back
+
+If C<$HOME> (on non-Windows and non-VMS system) is not set either, or
+B<num> is too small for the path name, an error occurs.
+
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to B<max_bytes> are read;
+if B<max_bytes> is -1, the complete file is read.
+
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+
+=head1 RETURN VALUES
+
+RAND_load_file() returns the number of bytes read or -1 on error.
+
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+error.
+
+=head1 SEE ALSO
+
+L<rand(3)>, L<RAND_add(3)>, L<RAND_cleanup(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RAND_set_rand_method.pod b/openssl-1.1.0h/doc/crypto/RAND_set_rand_method.pod
new file mode 100644
index 0000000..02fe90c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RAND_set_rand_method.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+
+ const RAND_METHOD *RAND_get_rand_method(void);
+
+ RAND_METHOD *RAND_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
+
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_OpenSSL().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependent on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+=head1 THE RAND_METHOD STRUCTURE
+
+ typedef struct rand_meth_st
+ {
+        void (*seed)(const void *buf, int num);
+        int (*bytes)(unsigned char *buf, int num);
+        void (*cleanup)(void);
+        void (*add)(const void *buf, int num, int entropy);
+        int (*pseudorand)(unsigned char *buf, int num);
+        int (*status)(void);
+ } RAND_METHOD;
+
+The components point to method implementations used by (or called by), in order,
+RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand()
+and RAND_status().
+Each component may be NULL if the function is not implemented.
+
+=head1 RETURN VALUES
+
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_OpenSSL() return pointers to the respective methods.
+
+=head1 NOTES
+
+RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<rand(3)>, L<engine(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RC4_set_key.pod b/openssl-1.1.0h/doc/crypto/RC4_set_key.pod
new file mode 100644
index 0000000..fe5d2d1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RC4_set_key.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+RC4_set_key, RC4 - RC4 encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/rc4.h>
+
+ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+
+ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+          unsigned char *outdata);
+
+=head1 DESCRIPTION
+
+This library implements the Alleged RC4 cipher, which is described for
+example in I<Applied Cryptography>.  It is believed to be compatible
+with RC4[TM], a proprietary cipher of RSA Security Inc.
+
+RC4 is a stream cipher with variable key length.  Typically, 128 bit
+(16 byte) keys are used for strong encryption, but shorter insecure
+key sizes have been widely used due to export restrictions.
+
+RC4 consists of a key setup phase and the actual encryption or
+decryption phase.
+
+RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
+key at B<data>.
+
+RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
+B<key> and places the result at B<outdata>.  Repeated RC4() calls with
+the same B<key> yield a continuous key stream.
+
+Since RC4 is a stream cipher (the input is XORed with a pseudo-random
+key stream to produce the output), decryption uses the same function
+calls as encryption.
+
+=head1 RETURN VALUES
+
+RC4_set_key() and RC4() do not return values.
+
+=head1 NOTE
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)> etc. instead of calling these
+functions directly.
+
+It is difficult to securely use stream ciphers. For example, do not perform
+multiple encryptions using the same key stream.
+
+=head1 SEE ALSO
+
+L<EVP_EncryptInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RIPEMD160_Init.pod b/openssl-1.1.0h/doc/crypto/RIPEMD160_Init.pod
new file mode 100644
index 0000000..a372e32
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RIPEMD160_Init.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
+RIPEMD-160 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ripemd.h>
+
+ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ int RIPEMD160_Init(RIPEMD160_CTX *c);
+ int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+                  unsigned long len);
+ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+
+=head1 DESCRIPTION
+
+RIPEMD-160 is a cryptographic hash function with a
+160 bit output.
+
+RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
+
+RIPEMD160_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+RIPEMD160_Final() places the message digest in B<md>, which must have
+space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
+the B<RIPEMD160_CTX>.
+
+=head1 RETURN VALUES
+
+RIPEMD160() returns a pointer to the hash value.
+
+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
+success, 0 otherwise.
+
+=head1 NOTE
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)> etc. instead of calling these
+functions directly.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-3 (draft) (??)
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_blinding_on.pod b/openssl-1.1.0h/doc/crypto/RSA_blinding_on.pod
new file mode 100644
index 0000000..33d49d3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_blinding_on.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+ void RSA_blinding_off(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+
+=head1 RETURN VALUES
+
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+
+RSA_blinding_off() returns no value.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_check_key.pod b/openssl-1.1.0h/doc/crypto/RSA_check_key.pod
new file mode 100644
index 0000000..d8689f4
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_check_key.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+RSA_check_key_ex, RSA_check_key - validate private RSA keys
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
+
+ int RSA_check_key(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_check_key_ex() function validates RSA keys.
+It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+
+It does not work on RSA public keys that have only the modulus
+and public exponent elements populated.
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+Therefore, it cannot be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation.
+
+The B<cb> parameter is a callback that will be invoked in the same
+manner as L<BN_is_prime_ex(3)>.
+
+RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B<cb>.
+
+=head1 RETURN VALUE
+
+RSA_check_key_ex() and RSA_check_key()
+return 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+They return -1 if an error occurs while checking the key.
+
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)>.
+
+=head1 NOTES
+
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+
+=head1 BUGS
+
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+
+=head1 SEE ALSO
+
+L<BN_is_prime_ex(3)>,
+L<ERR_get_error(3)>
+
+=head1 HISTORY
+
+RSA_check_key_ex() appeared after OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_generate_key.pod b/openssl-1.1.0h/doc/crypto/RSA_generate_key.pod
new file mode 100644
index 0000000..e51c0b1
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_generate_key.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+RSA_generate_key_ex, RSA_generate_key - generate RSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int, int, void *), void *cb_arg);
+ #endif
+
+=head1 DESCRIPTION
+
+RSA_generate_key_ex() generates a key pair and stores it in the B<RSA>
+structure provided in B<rsa>. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key_ex().
+
+The modulus size will be of length B<bits>, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3, 17 or 65537.
+
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<cb> is not B<NULL>, it
+will be called as follows using the BN_GENCB_call() function
+described on the L<BN_generate_prime(3)> page.
+
+=over 2
+
+=item *
+
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)>.
+
+=item *
+
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called.
+
+=item *
+
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<BN_GENCB_call(cb, 3, 0)>.
+
+=back
+
+The process is then repeated for prime q with B<BN_GENCB_call(cb, 3, 1)>.
+
+RSA_generate_key() is deprecated (new applications should use
+RSA_generate_key_ex() instead). RSA_generate_key() works in the same way as
+RSA_generate_key_ex() except it uses "old style" call backs. See
+L<BN_generate_prime(3)> for further details.
+
+=head1 RETURN VALUE
+
+RSA_generate_key_ex() returns 1 on success or 0 on error.
+RSA_generate_key() returns the key on success or B<NULL> on error.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
+
+RSA_generate_key() goes into an infinite loop for illegal input values.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<RAND_bytes(3)>,
+L<RSA_generate_key(3)>, L<BN_generate_prime(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_get0_key.pod b/openssl-1.1.0h/doc/crypto/RSA_get0_key.pod
new file mode 100644
index 0000000..579a2df
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_get0_key.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key,
+RSA_get0_factors, RSA_get0_crt_params, RSA_clear_flags,
+RSA_test_flags, RSA_set_flags, RSA_get0_engine - Routines for getting
+and setting data in an RSA object
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+ void RSA_get0_key(const RSA *r,
+                   const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+ void RSA_get0_crt_params(const RSA *r,
+                          const BIGNUM **dmp1, const BIGNUM **dmq1,
+                          const BIGNUM **iqmp);
+ void RSA_clear_flags(RSA *r, int flags);
+ int RSA_test_flags(const RSA *r, int flags);
+ void RSA_set_flags(RSA *r, int flags);
+ ENGINE *RSA_get0_engine(RSA *r);
+
+=head1 DESCRIPTION
+
+An RSA object contains the components for the public and private key,
+B<n>, B<e>, B<d>, B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp>.  B<n> is
+the modulus common to both public and private key, B<e> is the public
+exponent and B<d> is the private exponent.  B<p>, B<q>, B<dmp1>,
+B<dmq1> and B<iqmp> are the factors for the second representation of a
+private key (see PKCS#1 section 3 Key Types), where B<p> and B<q> are
+the first and second factor of B<n> and B<dmp1>, B<dmq1> and B<iqmp>
+are the exponents and coefficient for CRT calculations.
+
+The B<n>, B<e> and B<d> parameters can be obtained by calling
+RSA_get0_key().  If they have not been set yet, then B<*n>, B<*e> and
+B<*d> will be set to NULL.  Otherwise, they are set to pointers to
+their respective values. These point directly to the internal
+representations of the values and therefore should not be freed
+by the caller.
+
+The B<n>, B<e> and B<d> parameter values can be set by calling
+RSA_set0_key() and passing the new values for B<n>, B<e> and B<d> as
+parameters to the function.  The values B<n> and B<e> must be non-NULL
+the first time this function is called on a given RSA object. The
+value B<d> may be NULL. On subsequent calls any of these values may be
+NULL which means the corresponding RSA field is left untouched.
+Calling this function transfers the memory management of the values to
+the RSA object, and therefore the values that have been passed in
+should not be freed by the caller after this function has been called.
+
+In a similar fashion, the B<p> and B<q> parameters can be obtained and
+set with RSA_get0_factors() and RSA_set0_factors(), and the B<dmp1>,
+B<dmq1> and B<iqmp> parameters can be obtained and set with
+RSA_get0_crt_params() and RSA_set0_crt_params().
+
+For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(),
+NULL value BIGNUM ** output parameters are permitted.  The functions
+ignore NULL parameters but return values for other, non-NULL, parameters.
+
+RSA_set_flags() sets the flags in the B<flags> parameter on the RSA
+object. Multiple flags can be passed in one go (bitwise ORed together).
+Any flags that are already set are left set. RSA_test_flags() tests to
+see whether the flags passed in the B<flags> parameter are currently
+set in the RSA object. Multiple flags can be tested in one go. All
+flags that are currently set are returned, or zero if none of the
+flags are set. RSA_clear_flags() clears the specified flags within the
+RSA object.
+
+RSA_get0_engine() returns a handle to the ENGINE that has been set for
+this RSA object, or NULL if no such ENGINE has been set.
+
+=head1 NOTES
+
+Values retrieved with RSA_get0_key() are owned by the RSA object used
+in the call and may therefore I<not> be passed to RSA_set0_key().  If
+needed, duplicate the received value using BN_dup() and pass the
+duplicate.  The same applies to RSA_get0_factors() and RSA_set0_factors()
+as well as RSA_get0_crt_params() and RSA_set0_crt_params().
+
+=head1 RETURN VALUES
+
+RSA_set0_key(), RSA_set0_factors and RSA_set0_crt_params() return 1 on
+success or 0 on failure.
+
+RSA_test_flags() returns the current state of the flags in the RSA object.
+
+RSA_get0_engine() returns the ENGINE set for the RSA object or NULL if no
+ENGINE has been set.
+
+=head1 SEE ALSO
+
+L<rsa(3)>, L<RSA_new(3)>, L<RSA_size(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_meth_new.pod b/openssl-1.1.0h/doc/crypto/RSA_meth_new.pod
new file mode 100644
index 0000000..9970aa6
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_meth_new.pod
@@ -0,0 +1,235 @@
+=pod
+
+=head1 NAME
+
+RSA_meth_get0_app_data, RSA_meth_set0_app_data,
+RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
+RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
+RSA_meth_get_pub_enc,
+RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
+RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
+RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
+RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
+RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
+RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
+RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen
+- Routines to build up RSA methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA_METHOD *RSA_meth_new(const char *name, int flags);
+ void RSA_meth_free(RSA_METHOD *meth);
+ RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+ const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+ int RSA_meth_get_flags(RSA_METHOD *meth);
+ int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+ void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+ int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+ int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                          int (*pub_enc) (int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa,
+                                          int padding));
+ int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                          int (*pub_dec) (int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa,
+                                          int padding));
+ int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                           int (*priv_enc) (int flen, const unsigned char *from,
+                                            unsigned char *to, RSA *rsa,
+                                            int padding));
+ int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                           int (*priv_dec) (int flen, const unsigned char *from,
+                                            unsigned char *to, RSA *rsa,
+                                            int padding));
+     /* Can be null */
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+     (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                          int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                          BN_CTX *ctx));
+     /* Can be null */
+ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+     (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                             int (*bn_mod_exp) (BIGNUM *r,
+                                                const BIGNUM *a,
+                                                const BIGNUM *p,
+                                                const BIGNUM *m,
+                                                BN_CTX *ctx,
+                                                BN_MONT_CTX *m_ctx));
+     /* called at new */
+ int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+ int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+     /* called at free */
+ int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+ int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+ int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+     (int type,
+      const unsigned char *m, unsigned int m_length,
+      unsigned char *sigret, unsigned int *siglen,
+      const RSA *rsa);
+ int RSA_meth_set_sign(RSA_METHOD *rsa,
+                       int (*sign) (int type, const unsigned char *m,
+                                    unsigned int m_length,
+                                    unsigned char *sigret, unsigned int *siglen,
+                                    const RSA *rsa));
+ int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+     (int dtype, const unsigned char *m,
+      unsigned int m_length, const unsigned char *sigbuf,
+      unsigned int siglen, const RSA *rsa);
+ int RSA_meth_set_verify(RSA_METHOD *rsa,
+                         int (*verify) (int dtype, const unsigned char *m,
+                                        unsigned int m_length,
+                                        const unsigned char *sigbuf,
+                                        unsigned int siglen, const RSA *rsa));
+ int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+     (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+ int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                         int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                        BN_GENCB *cb));
+
+=head1 DESCRIPTION
+
+The B<RSA_METHOD> type is a structure used for the provision of custom
+RSA implementations. It provides a set of of functions used by OpenSSL
+for the implementation of the various RSA capabilities. See the L<rsa>
+page for more information.
+
+RSA_meth_new() creates a new B<RSA_METHOD> structure. It should be
+given a unique B<name> and a set of B<flags>. The B<name> should be a
+NULL terminated string, which will be duplicated and stored in the
+B<RSA_METHOD> object. It is the callers responsibility to free the
+original string. The flags will be used during the construction of a
+new B<RSA> object based on this B<RSA_METHOD>. Any new B<RSA> object
+will have those flags set by default.
+
+RSA_meth_dup() creates a duplicate copy of the B<RSA_METHOD> object
+passed as a parameter. This might be useful for creating a new
+B<RSA_METHOD> based on an existing one, but with some differences.
+
+RSA_meth_free() destroys an B<RSA_METHOD> structure and frees up any
+memory associated with it.
+
+RSA_meth_get0_name() will return a pointer to the name of this
+RSA_METHOD. This is a pointer to the internal name string and so
+should not be freed by the caller. RSA_meth_set1_name() sets the name
+of the RSA_METHOD to B<name>. The string is duplicated and the copy is
+stored in the RSA_METHOD structure, so the caller remains responsible
+for freeing the memory associated with the name.
+
+RSA_meth_get_flags() returns the current value of the flags associated
+with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set
+these flags.
+
+The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data()
+provide the ability to associate implementation specific data with the
+RSA_METHOD. It is the application's responsibility to free this data
+before the RSA_METHOD is freed via a call to RSA_meth_free().
+
+RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function
+used for creating an RSA signature respectively. This function will be
+called in response to the application calling RSA_sign(). The
+parameters for the function have the same meaning as for RSA_sign().
+
+RSA_meth_get_verify() and RSA_meth_set_verify() get and set the
+function used for verifying an RSA signature respectively. This
+function will be called in response to the application calling
+RSA_verify(). The parameters for the function have the same meaning as
+for RSA_verify().
+
+RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the
+function used for CRT computations.
+
+RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set
+the function used for CRT computations, specifically the following
+value:
+
+ r = a ^ p mod m
+
+Both the mod_exp() and bn_mod_exp() functions are called by the
+default OpenSSL method during encryption, decryption, signing and
+verification.
+
+RSA_meth_get_init() and RSA_meth_set_init() get and set the function
+used for creating a new RSA instance respectively. This function will
+be called in response to the application calling RSA_new() (if the
+current default RSA_METHOD is this one) or RSA_new_method(). The
+RSA_new() and RSA_new_method() functions will allocate the memory for
+the new RSA object, and a pointer to this newly allocated structure
+will be passed as a parameter to the function. This function may be
+NULL.
+
+RSA_meth_get_finish() and RSA_meth_set_finish() get and set the
+function used for destroying an instance of an RSA object respectively.
+This function will be called in response to the application calling
+RSA_free(). A pointer to the RSA to be destroyed is passed as a
+parameter. The destroy function should be used for RSA implementation
+specific clean up. The memory for the RSA itself should not be freed
+by this function. This function may be NULL.
+
+RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the
+function used for generating a new RSA key pair respectively. This
+function will be called in response to the application calling
+RSA_generate_key(). The parameter for the function has the same
+meaning as for RSA_generate_key().
+
+RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(),
+RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(),
+RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(),
+RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the
+functions used for public and private key encryption and decryption.
+These functions will be called in response to the application calling
+RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and
+RSA_public_decrypt() and take the same parameters as those.
+
+
+=head1 RETURN VALUES
+
+RSA_meth_new() and RSA_meth_dup() return the newly allocated
+RSA_METHOD object or NULL on failure.
+
+RSA_meth_get0_name() and RSA_meth_get_flags() return the name and
+flags associated with the RSA_METHOD respectively.
+
+All other RSA_meth_get_*() functions return the appropriate function
+pointer that has been set in the RSA_METHOD, or NULL if no such
+pointer has yet been set.
+
+RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on
+success or 0 on failure.
+
+=head1 SEE ALSO
+
+L<RSA_new(3)>, L<RSA_generate_key(3)>, L<RSA_sign(3)>,
+L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_new.pod b/openssl-1.1.0h/doc/crypto/RSA_new.pod
new file mode 100644
index 0000000..3317920
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_new.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+RSA_new, RSA_free - allocate and free RSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * RSA_new(void);
+
+ void RSA_free(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
+
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+If B<rsa> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+RSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<RSA_generate_key(3)>,
+L<RSA_new_method(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/openssl-1.1.0h/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 0000000..5b53eb9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,129 @@
+=pod
+
+=head1 NAME
+
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+padding
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, unsigned char *p, int pl);
+
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+=head1 DESCRIPTION
+
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+parameter.
+
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+
+The following encoding methods are implemented:
+
+=over 4
+
+=item PKCS1_type_1
+
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+
+=item PKCS1_type_2
+
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+
+=item PKCS1_OAEP
+
+PKCS #1 v2.0 EME-OAEP
+
+=item SSLv23
+
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+
+=item none
+
+simply copy the data
+
+=back
+
+The random number generator must be seeded prior to calling
+RSA_padding_add_xxx().
+
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+
+=head1 RETURN VALUES
+
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+L<ERR_get_error(3)>.
+
+=head1 WARNING
+
+The RSA_padding_check_PKCS1_type_2() padding check leaks timing
+information which can potentially be used to mount a Bleichenbacher
+padding oracle attack. This is an inherent weakness in the PKCS #1
+v1.5 padding design. Prefer PKCS1_OAEP padding.
+
+=head1 SEE ALSO
+
+L<RSA_public_encrypt(3)>,
+L<RSA_private_decrypt(3)>,
+L<RSA_sign(3)>, L<RSA_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_print.pod b/openssl-1.1.0h/doc/crypto/RSA_print.pod
new file mode 100644
index 0000000..1367478
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_print.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ #include <openssl/dsa.h>
+
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+ #include <openssl/dh.h>
+
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+
+=head1 DESCRIPTION
+
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+
+The output lines are indented by B<offset> spaces.
+
+=head1 RETURN VALUES
+
+These functions return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<BN_bn2bin(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_private_encrypt.pod b/openssl-1.1.0h/doc/crypto/RSA_private_encrypt.pod
new file mode 100644
index 0000000..1eb7a0a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_private_encrypt.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_private_encrypt(int flen, const unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_public_decrypt(int flen, const unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+These functions handle RSA signatures at a low level.
+
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be
+used.
+
+=item RSA_NO_PADDING
+
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+
+=back
+
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+
+=head1 RETURN VALUES
+
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<RSA_sign(3)>, L<RSA_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_public_encrypt.pod b/openssl-1.1.0h/doc/crypto/RSA_public_encrypt.pod
new file mode 100644
index 0000000..b1dd50d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_public_encrypt.pod
@@ -0,0 +1,95 @@
+=pod
+
+=head1 NAME
+
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_public_encrypt(int flen, const unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_private_decrypt(int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+
+=item RSA_PKCS1_OAEP_PADDING
+
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+
+=item RSA_SSLV23_PADDING
+
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+
+=item RSA_NO_PADDING
+
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+
+=back
+
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, less than RSA_size(B<rsa>) - 41 for
+RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
+The random number generator must be seeded prior to calling
+RSA_public_encrypt().
+
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+
+=head1 RETURN VALUES
+
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)>.
+
+=head1 WARNING
+
+Decryption failures in the RSA_PKCS1_PADDING mode leak information
+which can potentially be used to mount a Bleichenbacher padding oracle
+attack. This is an inherent weakness in the PKCS #1 v1.5 padding
+design. Prefer RSA_PKCS1_OAEP_PADDING.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<rand(3)>,
+L<RSA_size(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_set_method.pod b/openssl-1.1.0h/doc/crypto/RSA_set_method.pod
new file mode 100644
index 0000000..668ad7a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_set_method.pod
@@ -0,0 +1,186 @@
+=pod
+
+=head1 NAME
+
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags,
+RSA_new_method - select RSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ void RSA_set_default_method(const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_default_method(void);
+
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
+
+ RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+ int RSA_flags(const RSA *rsa);
+
+ RSA *RSA_new_method(ENGINE *engine);
+
+=head1 DESCRIPTION
+
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_OpenSSL().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later.
+B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependent on
+whether the ENGINE API is being used, so this function is no longer
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
+
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE RSA_METHOD STRUCTURE
+
+ typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+        const char *name;
+
+     /* encrypt */
+        int (*rsa_pub_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* verify arbitrary data */
+        int (*rsa_pub_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* sign arbitrary data */
+        int (*rsa_priv_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* decrypt */
+        int (*rsa_priv_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+                                        implementations) */
+        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+     /* called at RSA_new */
+        int (*init)(RSA *rsa);
+
+     /* called at RSA_free */
+        int (*finish)(RSA *rsa);
+
+     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+        int flags;
+
+        char *app_data; /* ?? */
+
+        int (*rsa_sign)(int type,
+                const unsigned char *m, unsigned int m_length,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+        int (*rsa_verify)(int dtype,
+                const unsigned char *m, unsigned int m_length,
+                const unsigned char *sigbuf, unsigned int siglen,
+                                                                const RSA *rsa);
+     /* keygen. If NULL builtin RSA key generation will be used */
+        int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+ } RSA_METHOD;
+
+=head1 RETURN VALUES
+
+RSA_PKCS1_OpenSSL(), RSA_PKCS1_null_method(), RSA_get_default_method()
+and RSA_get_method() return pointers to the respective RSA_METHODs.
+
+RSA_set_default_method() returns no value.
+
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
+
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
+=head1 SEE ALSO
+
+L<RSA_new(3)>
+
+=head1 HISTORY
+
+The RSA_null_method(), which was a partial attempt to avoid patent issues,
+was replaced to always return NULL in OpenSSL 1.1.0f.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_sign.pod b/openssl-1.1.0h/doc/crypto/RSA_sign.pod
new file mode 100644
index 0000000..fbb38d8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_sign.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+RSA_sign, RSA_verify - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+ int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It
+stores the signature in B<sigret> and the signature size in B<siglen>.
+B<sigret> must point to RSA_size(B<rsa>) bytes of memory.
+Note that PKCS #1 adds meta-data, placing limits on the size of the
+key that can be used.
+See L<RSA_private_encrypt(3)> for lower-level
+operations.
+
+B<type> denotes the message digest algorithm that was used to generate
+B<m>.
+If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+
+=head1 RETURN VALUES
+
+RSA_sign() returns 1 on success.
+RSA_verify() returns 1 on successful verification.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/openssl-1.1.0h/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 0000000..16303c9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+memory.
+
+B<dummy> is ignored.
+
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+
+=head1 RETURN VALUES
+
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)>.
+
+=head1 BUGS
+
+These functions serve no recognizable purpose.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<rand(3)>, L<RSA_sign(3)>,
+L<RSA_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/RSA_size.pod b/openssl-1.1.0h/doc/crypto/RSA_size.pod
new file mode 100644
index 0000000..eb6e481
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/RSA_size.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+RSA_size, RSA_bits - get RSA modulus size
+
+=head1 SYNOPSIS
+
+#include <openssl/rsa.h>
+
+int RSA_size(const RSA *rsa);
+
+int RSA_bits(const RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_size() returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+value.
+
+RSA_bits() returns the number of significant bits.
+
+B<rsa> and B<rsa-E<gt>n> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size.
+
+=head1 SEE ALSO
+
+L<BN_num_bits(3)>
+
+=head1 HISTORY
+
+RSA_bits() was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SCT_new.pod b/openssl-1.1.0h/doc/crypto/SCT_new.pod
new file mode 100644
index 0000000..fb395a5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SCT_new.pod
@@ -0,0 +1,194 @@
+=pod
+
+=head1 NAME
+
+SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free,
+SCT_get_version, SCT_set_version,
+SCT_get_log_entry_type, SCT_set_log_entry_type,
+SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id,
+SCT_get_timestamp, SCT_set_timestamp,
+SCT_get_signature_nid, SCT_set_signature_nid,
+SCT_get0_signature, SCT_set0_signature, SCT_set1_signature,
+SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions,
+SCT_get_source, SCT_set_source
+- A Certificate Transparency Signed Certificate Timestamp
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ typedef enum {
+  CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+  CT_LOG_ENTRY_TYPE_X509 = 0,
+  CT_LOG_ENTRY_TYPE_PRECERT = 1
+ } ct_log_entry_type_t;
+
+ typedef enum {
+  SCT_VERSION_NOT_SET = -1,
+  SCT_VERSION_V1 = 0
+ } sct_version_t;
+
+ typedef enum {
+  SCT_SOURCE_UNKNOWN,
+  SCT_SOURCE_TLS_EXTENSION,
+  SCT_SOURCE_X509V3_EXTENSION,
+  SCT_SOURCE_OCSP_STAPLED_RESPONSE
+ } sct_source_t;
+
+ SCT *SCT_new(void);
+ SCT *SCT_new_from_base64(unsigned char version,
+                          const char *logid_base64,
+                          ct_log_entry_type_t entry_type,
+                          uint64_t timestamp,
+                          const char *extensions_base64,
+                          const char *signature_base64);
+
+ void SCT_free(SCT *sct);
+ void SCT_LIST_free(STACK_OF(SCT) *a);
+
+ sct_version_t SCT_get_version(const SCT *sct);
+ int SCT_set_version(SCT *sct, sct_version_t version);
+
+ ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+ int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+ size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+ int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+ int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len);
+
+ uint64_t SCT_get_timestamp(const SCT *sct);
+ void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+ int SCT_get_signature_nid(const SCT *sct);
+ int SCT_set_signature_nid(SCT *sct, int nid);
+
+ size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+ void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+ int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len);
+
+ size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+ void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+ int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len);
+
+ sct_source_t SCT_get_source(const SCT *sct);
+ int SCT_set_source(SCT *sct, sct_source_t source);
+
+=head1 DESCRIPTION
+
+Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2.
+They constitute a promise by a Certificate Transparency (CT) log to publicly
+record a certificate. By cryptographically verifying that a log did indeed issue
+an SCT, some confidence can be gained that the certificate is publicly known.
+
+An internal representation of an SCT can be created in one of two ways.
+The first option is to create a blank SCT, using SCT_new(), and then populate
+it using:
+
+=over 4
+
+=item * SCT_set_version() to set the SCT version.
+
+Only SCT_VERSION_V1 is currently supported.
+
+=item * SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:
+
+B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate.
+B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
+
+=item * SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.
+
+The former takes ownership, whereas the latter makes a copy.
+See RFC 6962, Section 3.2 for the definition of LogID.
+
+=item * SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).
+
+=item * SCT_set_signature_nid() to set the NID of the signature.
+
+=item * SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.
+
+The former takes ownership, whereas the latter makes a copy.
+
+=item * SCT_set0_extensions() or B<SCT_set1_extensions> to provide SCT extensions.
+
+The former takes ownership, whereas the latter makes a copy.
+
+=back
+
+Alternatively, the SCT can be pre-populated from the following data using
+SCT_new_from_base64():
+
+=over 4
+
+=item * The SCT version (only SCT_VERSION_V1 is currently supported).
+
+=item * The LogID (see RFC 6962, Section 3.2), base64 encoded.
+
+=item * The type of certificate the SCT was issued for:
+
+B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate.
+B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
+
+=item * The time that the SCT was issued (epoch time in milliseconds).
+
+=item * The SCT extensions, base64 encoded.
+
+=item * The SCT signature, base64 encoded.
+
+=back
+
+SCT_set_source() can be used to record where the SCT was found
+(TLS extension, X.509 certificate extension or OCSP response). This is not
+required for verifying the SCT.
+
+=head1 NOTES
+
+Some of the setters return int, instead of void. These will all return 1 on
+success, 0 on failure. They will not make changes on failure.
+
+All of the setters will reset the validation status of the SCT to
+SCT_VALIDATION_STATUS_NOT_SET (see L<SCT_validate(3)>).
+
+SCT_set_source() will call SCT_set_log_entry_type() if the type of
+certificate the SCT was issued for can be inferred from where the SCT was found.
+For example, an SCT found in an X.509 extension must have been issued for a pre-
+certificate.
+
+SCT_set_source() will not refuse unknown values.
+
+=head1 RETURN VALUES
+
+SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.
+
+SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.
+
+SCT_set0_log_id() and B<SCT_set1_log_id> return 1 if the specified LogID is a
+valid SHA-256 hash, 0 otherwise. Additionally, B<SCT_set1_log_id> returns 0 if
+malloc fails.
+
+B<SCT_set_signature_nid> returns 1 if the specified NID is supported, 0 otherwise.
+
+B<SCT_set1_extensions> and B<SCT_set1_signature> return 1 if the supplied buffer
+is copied successfully, 0 otherwise (i.e. if malloc fails).
+
+B<SCT_set_source> returns 1 on success, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ct(7)>,
+L<SCT_validate(3)>,
+L<OBJ_nid2obj(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SCT_print.pod b/openssl-1.1.0h/doc/crypto/SCT_print.pod
new file mode 100644
index 0000000..88ad43e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SCT_print.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SCT_print, SCT_LIST_print, SCT_validation_status_string -
+Prints Signed Certificate Timestamps in a human-readable way
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                     const char *separator, const CTLOG_STORE *logs);
+ const char *SCT_validation_status_string(const SCT *sct);
+
+=head1 DESCRIPTION
+
+SCT_print() prints a single Signed Certificate Timestamp (SCT) to a L<bio> in
+a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a
+similar way. A separator can be specified to delimit each SCT in the output.
+
+The output can be indented by a specified number of spaces. If a B<CTLOG_STORE>
+is provided, it will be used to print the description of the CT log that issued
+each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed
+as the CTLOG_STORE parameter to disable this feature.
+
+SCT_validation_status_string() will return the validation status of an SCT as
+a human-readable string. Call SCT_validate() or SCT_LIST_validate()
+beforehand in order to set the validation status of an SCT first.
+
+=head1 SEE ALSO
+
+L<ct(3)>,
+L<bio(3)>,
+L<CTLOG_STORE_new(3)>,
+L<SCT_validate(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SCT_validate.pod b/openssl-1.1.0h/doc/crypto/SCT_validate.pod
new file mode 100644
index 0000000..3c03e97
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SCT_validate.pod
@@ -0,0 +1,98 @@
+=pod
+
+=head1 NAME
+
+SCT_validate, SCT_LIST_validate, SCT_get_validation_status -
+checks Signed Certificate Timestamps (SCTs) are valid
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ typedef enum {
+  SCT_VALIDATION_STATUS_NOT_SET,
+  SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+  SCT_VALIDATION_STATUS_VALID,
+  SCT_VALIDATION_STATUS_INVALID,
+  SCT_VALIDATION_STATUS_UNVERIFIED,
+  SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+ } sct_validation_status_t;
+
+ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+ int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+ sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+=head1 DESCRIPTION
+
+SCT_validate() will check that an SCT is valid and verify its signature.
+SCT_LIST_validate() performs the same checks on an entire stack of SCTs.
+The result of the validation checks can be obtained by passing the SCT to
+SCT_get_validation_status().
+
+A CT_POLICY_EVAL_CTX must be provided that specifies:
+
+=over 4
+
+=item * The certificate the SCT was issued for.
+
+Failure to provide the certificate will result in the validation status being
+SCT_VALIDATION_STATUS_UNVERIFIED.
+
+=item * The issuer of that certificate.
+
+This is only required if the SCT was issued for a pre-certificate
+(see RFC 6962). If it is required but not provided, the validation status will
+be SCT_VALIDATION_STATUS_UNVERIFIED.
+
+=item * A CTLOG_STORE that contains the CT log that issued this SCT.
+
+If the SCT was issued by a log that is not in this CTLOG_STORE, the validation
+status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.
+
+=back
+
+If the SCT is of an unsupported version (only v1 is currently supported), the
+validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.
+
+If the SCT's signature is incorrect, its timestamp is in the future (relative to
+the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation
+status will be SCT_VALIDATION_STATUS_INVALID.
+
+If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.
+
+=head1 NOTES
+
+A return value of 0 from SCT_LIST_validate() should not be interpreted as a
+failure. At a minimum, only one valid SCT may provide sufficient confidence
+that a certificate has been publicly logged.
+
+=head1 RETURN VALUES
+
+SCT_validate() returns a negative integer if an internal error occurs, 0 if the
+SCT fails validation, or 1 if the SCT passes validation.
+
+SCT_LIST_validate() returns a negative integer if an internal error occurs, 0
+if any of SCTs fails validation, or 1 if they all pass validation.
+
+SCT_get_validation_status() returns the validation status of the SCT.
+If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the
+returned value will be SCT_VALIDATION_STATUS_NOT_SET.
+
+=head1 SEE ALSO
+
+L<ct(7)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SHA256_Init.pod b/openssl-1.1.0h/doc/crypto/SHA256_Init.pod
new file mode 100644
index 0000000..f3565bb
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SHA256_Init.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update,
+SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384,
+SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
+SHA512_Final - Secure Hash Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/sha.h>
+
+ int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+ unsigned char *SHA1(const unsigned char *d, size_t n,
+      unsigned char *md);
+
+ int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA224(const unsigned char *d, size_t n,
+      unsigned char *md);
+
+ int SHA256_Init(SHA256_CTX *c);
+ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA256(const unsigned char *d, size_t n,
+      unsigned char *md);
+
+ int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA384(const unsigned char *d, size_t n,
+      unsigned char *md);
+
+ int SHA512_Init(SHA512_CTX *c);
+ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA512(const unsigned char *d, size_t n,
+      unsigned char *md);
+
+=head1 DESCRIPTION
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)> etc. instead of calling the hash
+functions directly.
+
+SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
+160 bit output.
+
+SHA1() computes the SHA-1 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array. Note: setting B<md> to NULL is B<not thread safe>.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+SHA1_Init() initializes a B<SHA_CTX> structure.
+
+SHA1_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+SHA1_Final() places the message digest in B<md>, which must have space
+for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
+
+The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the
+same way as for the SHA1 functions. Note that SHA224 and SHA256 use a
+B<SHA256_CTX> object instead of B<SHA_CTX>. SHA384 and SHA512 use B<SHA512_CTX>.
+The buffer B<md> must have space for the output from the SHA variant being used
+(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and
+SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
+SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
+B<md> is NULL.
+
+The predecessor of SHA-1, SHA, is also implemented, but it should be
+used only when backward compatibility is required.
+
+=head1 RETURN VALUES
+
+SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
+value.
+
+SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
+SHA384 and SHA512 functions return 1 for success, 0 otherwise.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash
+Standard),
+ANSI X9.30
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SMIME_read_CMS.pod b/openssl-1.1.0h/doc/crypto/SMIME_read_CMS.pod
new file mode 100644
index 0000000..efde0bd
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SMIME_read_CMS.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+SMIME_read_CMS - parse S/MIME message
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_CMS() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in a memory bio which is
+written to B<*bcont>, otherwise B<*bcont> is set to NULL.
+
+The parsed CMS_ContentInfo structure is returned or NULL if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can
+then be passed to CMS_verify() with the B<CMS_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using CMS_get0_type().
+
+To support future functionality if B<bcont> is not NULL B<*bcont> should be
+initialized to NULL. For example:
+
+ BIO *cont = NULL;
+ CMS_ContentInfo *cms;
+
+ cms = SMIME_read_CMS(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_CMS() is somewhat primitive.  While it will
+handle most S/MIME messages more complex compound formats may not work.
+
+The parser assumes that the CMS_ContentInfo structure is always base64 encoded
+and will not handle the case where it is in binary format or uses quoted
+printable format.
+
+The use of a memory BIO to hold the signed content limits the size of message
+which can be processed due to memory restraints: a streaming single pass option
+should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL>
+if an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_type(3)>
+L<SMIME_read_CMS(3)>, L<CMS_sign(3)>,
+L<CMS_verify(3)>, L<CMS_encrypt(3)>
+L<CMS_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SMIME_read_PKCS7.pod b/openssl-1.1.0h/doc/crypto/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000..3eb8bbc
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SMIME_read_PKCS7.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+SMIME_read_PKCS7 - parse S/MIME message
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_PKCS7() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in
+a memory bio which is written to B<*bcont>, otherwise
+B<*bcont> is set to B<NULL>.
+
+The parsed PKCS#7 structure is returned or B<NULL> if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not B<NULL> then the message is clear text
+signed. B<*bcont> can then be passed to PKCS7_verify() with
+the B<PKCS7_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using PKCS7_type_is_enveloped(), etc.
+
+To support future functionality if B<bcont> is not B<NULL>
+B<*bcont> should be initialized to B<NULL>. For example:
+
+ BIO *cont = NULL;
+ PKCS7 *p7;
+
+ p7 = SMIME_read_PKCS7(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+
+The parser assumes that the PKCS7 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+
+The use of a memory BIO to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
+is an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>,
+L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>,
+L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SMIME_write_CMS.pod b/openssl-1.1.0h/doc/crypto/SMIME_write_CMS.pod
new file mode 100644
index 0000000..d58baeb
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SMIME_write_CMS.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+SMIME_write_CMS - convert CMS structure to S/MIME format
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_CMS() adds the appropriate MIME headers to a CMS
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<cms> is the appropriate
+B<CMS_ContentInfo> structure. If streaming is enabled then the content must be
+supplied in the B<data> argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<CMS_DETACHED> is set then cleartext signing will be used, this option only
+makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is
+called.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to
+the content, this only makes sense if B<CMS_DETACHED> is also set.
+
+If the B<CMS_STREAM> flag is set streaming is performed. This flag should only
+be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo
+creation function.
+
+If cleartext signing is being used and B<CMS_STREAM> not set then the data must
+be read twice: once to compute the signature in CMS_sign() and once to output
+the S/MIME message.
+
+If streaming is performed the content is output in BER format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+
+=head1 BUGS
+
+SMIME_write_CMS() always base64 encodes CMS structures, there should be an
+option to disable this.
+
+=head1 RETURN VALUES
+
+SMIME_write_CMS() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_verify(3)>, L<CMS_encrypt(3)>
+L<CMS_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SMIME_write_PKCS7.pod b/openssl-1.1.0h/doc/crypto/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000..b573123
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SMIME_write_PKCS7.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7>
+structure. If streaming is enabled then the content must be supplied in the
+B<data> argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<PKCS7_DETACHED> is set then cleartext signing will be used,
+this option only makes sense for signedData where B<PKCS7_DETACHED>
+is also set when PKCS7_sign() is also called.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
+are added to the content, this only makes sense if B<PKCS7_DETACHED>
+is also set.
+
+If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
+only be set if B<PKCS7_STREAM> was also set in the previous call to
+PKCS7_sign() or PKCS7_encrypt().
+
+If cleartext signing is being used and B<PKCS7_STREAM> not set then
+the data must be read twice: once to compute the signature in PKCS7_sign()
+and once to output the S/MIME message.
+
+If streaming is performed the content is output in BER format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+
+=head1 BUGS
+
+SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+
+=head1 RETURN VALUES
+
+SMIME_write_PKCS7() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
+L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod b/openssl-1.1.0h/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod
new file mode 100644
index 0000000..2746d50
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod
@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_use_srtp,
+SSL_set_tlsext_use_srtp,
+SSL_get_srtp_profiles,
+SSL_get_selected_srtp_profile
+- Configure and query SRTP support
+
+=head1 SYNOPSIS
+
+ #include <openssl/srtp.h>
+
+ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+ int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+
+=head1 DESCRIPTION
+
+SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for
+the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for
+establishing SRTP keying material, algorithms and parameters using DTLS. This
+capability may be used as part of an implementation that conforms to RFC5763.
+OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not
+support the use of SRTP Master Key Identifiers (MKIs). Also note that this
+extension is only supported in DTLS. Any SRTP configuration will be ignored if a
+TLS connection is attempted.
+
+An OpenSSL client wishing to send the "use_srtp" extension should call
+SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently
+created from an SSL_CTX. Alternatively a client may call
+SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The
+B<profiles> parameters should point to a NUL-terminated, colon delimited list of
+SRTP protection profile names.
+
+The currently supported protection profile names are:
+
+=over 4
+
+=item SRTP_AES128_CM_SHA1_80
+
+This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.
+
+=item SRTP_AES128_CM_SHA1_32
+
+This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.
+
+=item SRTP_AEAD_AES_128_GCM
+
+This corresponds to the profile of the same name defined in RFC7714.
+
+=item SRTP_AEAD_AES_256_GCM
+
+This corresponds to the profile of the same name defined in RFC7714.
+
+=back
+
+Supplying an unrecognised protection profile name will result in an error.
+
+An OpenSSL server wishing to support the "use_srtp" extension should also call
+SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the
+protection profiles that it is willing to negotiate.
+
+The currently configured list of protection profiles for either a client or a
+server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack
+of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of
+this function should not be freed by the caller.
+
+After a handshake has been completed the negotiated SRTP protection profile (if
+any) can be obtained (on the client or the server) by calling
+SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP
+protection profile was negotiated. The memory returned from this function should
+not be freed by the caller.
+
+If an SRTP protection profile has been sucessfully negotiated then the SRTP
+keying material (on both the client and server) should be obtained via a call to
+L<SSL_export_keying_material(3)>. This call should provide a label value of
+"EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total
+length of keying material obtained should be equal to two times the sum of the
+master key length and the salt length as defined for the protection profile in
+use. This provides the client write master key, the server write master key, the
+client write master salt and the server write master salt in that order.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success
+or 1 on error.
+
+SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on
+success or NULL on error or if no protection profiles have been configured.
+
+SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE
+object if one has been negotiated or NULL otherwise.
+
+=head1 SEE ALSO
+
+L<SSL_export_keying_material(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/UI_STRING.pod b/openssl-1.1.0h/doc/crypto/UI_STRING.pod
new file mode 100644
index 0000000..340d9b2
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/UI_STRING.pod
@@ -0,0 +1,135 @@
+=pod
+
+=head1 NAME
+
+UI_STRING, UI_string_types, UI_get_string_type,
+UI_get_input_flags, UI_get0_output_string,
+UI_get0_action_string, UI_get0_result_string,
+UI_get0_test_string, UI_get_result_minsize,
+UI_get_result_maxsize, UI_set_result
+- User interface string parsing
+
+=head1 SYNOPSIS
+
+ #include <openssl/ui.h>
+
+ typedef struct ui_string_st UI_STRING;
+
+ enum UI_string_types {
+     UIT_NONE = 0,
+     UIT_PROMPT,                 /* Prompt for a string */
+     UIT_VERIFY,                 /* Prompt for a string and verify */
+     UIT_BOOLEAN,                /* Prompt for a yes/no response */
+     UIT_INFO,                   /* Send info to the user */
+     UIT_ERROR                   /* Send an error message to the user */
+ };
+
+ enum UI_string_types UI_get_string_type(UI_STRING *uis);
+ int UI_get_input_flags(UI_STRING *uis);
+ const char *UI_get0_output_string(UI_STRING *uis);
+ const char *UI_get0_action_string(UI_STRING *uis);
+ const char *UI_get0_result_string(UI_STRING *uis);
+ const char *UI_get0_test_string(UI_STRING *uis);
+ int UI_get_result_minsize(UI_STRING *uis);
+ int UI_get_result_maxsize(UI_STRING *uis);
+ int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+=head1 DESCRIPTION
+
+The B<UI_STRING> gets created internally and added to a B<UI> whenever
+one of the functions UI_add_input_string(), UI_dup_input_string(),
+UI_add_verify_string(), UI_dup_verify_string(),
+UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(),
+UI_dup_info_string(), UI_add_error_string() or UI_dup_error_string()
+is called.
+For a B<UI_METHOD> user, there's no need to know more.
+For a B<UI_METHOD> creator, it is of interest to fetch text from these
+B<UI_STRING> objects as well as adding results to some of them.
+
+UI_get_string_type() is used to retrieve the type of the given
+B<UI_STRING>.
+
+UI_get_input_flags() is used to retrieve the flags associated with the
+given B<UI_STRING>.
+
+UI_get0_output_string() is used to retrieve the actual string to
+output (prompt, info, error, ...).
+
+UI_get0_action_string() is used to retrieve the action description
+associated with a B<UIT_BOOLEAN> type B<UI_STRING>.
+For all other B<UI_STRING> types, NULL is returned.
+See L<UI_add_input_boolean(3)>.
+
+UI_get0_result_string() is used to retrieve the result of a prompt.
+This is only useful for B<UIT_PROMPT> and B<UIT_VERIFY> type strings.
+For all other B<UI_STRING> types, NULL is returned.
+
+UI_get0_test_string() is used to retrieve the string to compare the
+prompt result with.
+This is only useful for B<UIT_VERIFY> type strings.
+For all other B<UI_STRING> types, NULL is returned.
+
+UI_get_result_minsize() and UI_get_result_maxsize() are used to
+retrieve the minimum and maximum required size of the result.
+This is only useful for B<UIT_PROMPT> and B<UIT_VERIFY> type strings.
+For all other B<UI_STRING> types, -1 is returned.
+
+UI_set_result() is used to set the result value of a prompt.
+For B<UIT_PROMPT> and B<UIT_VERIFY> type UI strings, this sets the
+result retrievable with UI_get0_result_string() by copying the
+contents of B<result> if its length fits the minimum and maximum size
+requirements.
+For B<UIT_BOOLEAN> type UI strings, this sets the first character of
+the result retrievable with UI_get0_result_string() to the first
+B<ok_char> given with UI_add_input_boolean() or UI_dup_input_boolean()
+if the B<result> matched any of them, or the first of the
+B<cancel_chars> if the B<result> matched any of them, otherwise it's
+set to the NUL char C<\0>.
+See L<UI_add_input_boolean(3)> for more information on B<ok_chars> and
+B<cancel_chars>.
+
+=head1 RETURN VALUES
+
+UI_get_string_type() returns the UI string type.
+
+UI_get_input_flags() returns the UI string flags.
+
+UI_get0_output_string() returns the UI string output string.
+
+UI_get0_action_string() returns the UI string action description
+string for B<UIT_BOOLEAN> type UI strings, NULL for any other type.
+
+UI_get0_result_string() returns the UI string result buffer for
+B<UIT_PROMPT> and B<UIT_VERIFY> type UI strings, NULL for any other
+type.
+
+UI_get0_test_string() returns the UI string action description
+string for B<UIT_VERIFY> type UI strings, NULL for any other type.
+
+UI_get_result_minsize() returns the minimum allowed result size for
+the UI string for  for B<UIT_PROMPT> and B<UIT_VERIFY> type strings,
+-1 for any other type.
+
+UI_get_result_maxsize() returns the minimum allowed result size for
+the UI string for  for B<UIT_PROMPT> and B<UIT_VERIFY> type strings,
+-1 for any other type.
+
+UI_set_result() returns 0 on success or when the UI string is of any
+type other than B<UIT_PROMPT>, B<UIT_VERIFY> or B<UIT_BOOLEAN>, -1 on
+error.
+
+=head1 SEE ALSO
+
+L<UI(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+
diff --git a/openssl-1.1.0h/doc/crypto/UI_create_method.pod b/openssl-1.1.0h/doc/crypto/UI_create_method.pod
new file mode 100644
index 0000000..1c40153
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/UI_create_method.pod
@@ -0,0 +1,202 @@
+=pod
+
+=head1 NAME
+
+UI_METHOD,
+UI_create_method, UI_destroy_method, UI_method_set_opener,
+UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader,
+UI_method_set_closer, UI_method_set_prompt_constructor,
+UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer,
+UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer,
+UI_method_get_prompt_constructor, UI_method_get_ex_data - user
+interface method creation and destruction
+
+=head1 SYNOPSIS
+
+ #include <openssl/ui.h>
+
+ typedef struct ui_method_st UI_METHOD;
+
+ UI_METHOD *UI_create_method(const char *name);
+ void UI_destroy_method(UI_METHOD *ui_method);
+ int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+ int UI_method_set_writer(UI_METHOD *method,
+                          int (*writer) (UI *ui, UI_STRING *uis));
+ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+ int UI_method_set_reader(UI_METHOD *method,
+                          int (*reader) (UI *ui, UI_STRING *uis));
+ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+ int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                      char *(*prompt_constructor) (UI *ui,
+                                                                   const char
+                                                                   *object_desc,
+                                                                   const char
+                                                                   *object_name));
+ int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+ int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+ char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+     (UI *, const char *, const char *);
+ const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
+
+=head1 DESCRIPTION
+
+A method contains a few functions that implement the low level of the
+User Interface.
+These functions are:
+
+=over 4
+
+=item an opener
+
+This function takes a reference to a UI and starts a session, for
+example by opening a channel to a tty, or by creating a dialog box.
+
+=item a writer
+
+This function takes a reference to a UI and a UI String, and writes
+the string where appropriate, maybe to the tty, maybe added as a field
+label in a dialog box.
+Note that this gets fed all strings associated with a UI, one after
+the other, so care must be taken which ones it actually uses.
+
+=item a flusher
+
+This function takes a reference to a UI, and flushes everything that
+has been output so far.
+For example, if the method builds up a dialog box, this can be used to
+actually display it and accepting input ended with a pressed button.
+
+=item a reader
+
+This function takes a reference to a UI and a UI string and reads off
+the given prompt, maybe from the tty, maybe from a field in a dialog
+box.
+Note that this gets fed all strings associated with a UI, one after
+the other, so care must be taken which ones it actually uses.
+
+=item a closer
+
+This function takes a reference to a UI, and closes the session, maybe
+by closing the channel to the tty, maybe by destroying a dialog box.
+
+=back
+
+All of these functions are expected to return 0 on error, 1 on
+success, or -1 on out-off-band events, for example if some prompting
+has been cancelled (by pressing Ctrl-C, for example).
+Only the flusher or the reader are expected to return -1.
+If returned by another of the functions, it's treated as if 0 was
+returned.
+
+Regarding the writer and the reader, don't assume the former should
+only write and don't assume the latter should only read.
+This depends on the needs of the method.
+
+For example, a typical tty reader wouldn't write the prompts in the
+write, but would rather do so in the reader, because of the sequential
+nature of prompting on a tty.
+This is how the UI_OpenSSL() method does it.
+
+In contrast, a method that builds up a dialog box would add all prompt
+text in the writer, have all input read in the flusher and store the
+results in some temporary buffer, and finally have the reader just
+fetch those results.
+
+The central function that uses these method functions is UI_process(),
+and it does it in five steps:
+
+=over 4
+
+=item 1.
+
+Open the session using the opener function if that one's defined.
+If an error occurs, jump to 5.
+
+=item 2.
+
+For every UI String associated with the UI, call the writer function
+if that one's defined.
+If an error occurs, jump to 5.
+
+=item 3.
+
+Flush everything using the flusher function if that one's defined.
+If an error occurs, jump to 5.
+
+=item 4.
+
+For every UI String associated with the UI, call the reader function
+if that one's defined.
+If an error occurs, jump to 5.
+
+=item 5.
+
+Close the session using the closer function if that one's defined.
+
+=back
+
+UI_create_method() creates a new UI method with a given B<name>.
+
+UI_destroy_method() destroys the given UI method B<ui_method>.
+
+UI_method_set_opener(), UI_method_set_writer(),
+UI_method_set_flusher(), UI_method_set_reader() and
+UI_method_set_closer() set the five main method function to the given
+function pointer.
+
+UI_method_set_prompt_constructor() sets the prompt constructor.
+See L<UI_construct_prompt(3)>.
+
+UI_method_set_ex_data() sets application specific data with a given
+EX_DATA index.
+See L<CRYPTO_get_ex_new_index(3)> for general information on how to
+get that index.
+
+UI_method_get_opener(), UI_method_get_writer(),
+UI_method_get_flusher(), UI_method_get_reader(),
+UI_method_get_closer() and UI_method_get_prompt_constructor() return
+the different method functions.
+
+UI_method_get_ex_data() returns the application data previously stored
+with UI_method_set_ex_data().
+
+=head1 RETURN VALUES
+
+UI_create_method() returns a UI_METHOD pointer on success, NULL on
+error.
+
+UI_method_set_opener(), UI_method_set_writer(),
+UI_method_set_flusher(), UI_method_set_reader(),
+UI_method_set_closer() and UI_method_set_prompt_constructor() return
+0 on success, -1 if the given B<method> is NULL.
+
+UI_method_set_ex_data() returns 1 on success and 0 on error (because
+CRYPTO_set_ex_data() does so).
+
+UI_method_get_opener(), UI_method_get_writer(),
+UI_method_get_flusher(), UI_method_get_reader(),
+UI_method_get_closer() and UI_method_get_prompt_constructor() return
+the requested function pointer if it's set in the method, otherwise
+NULL.
+
+UI_method_get_ex_data() returns a pointer to the application specific
+data associated with the method.
+
+=head1 SEE ALSO
+
+L<UI(3)>, L<CRYPTO_get_ex_data(3)>, L<UI_STRING(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/UI_new.pod b/openssl-1.1.0h/doc/crypto/UI_new.pod
new file mode 100644
index 0000000..5b98cf8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/UI_new.pod
@@ -0,0 +1,203 @@
+=pod
+
+=head1 NAME
+
+UI,
+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
+UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
+UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
+UI_set_method, UI_OpenSSL, UI_null - user interface
+
+=head1 SYNOPSIS
+
+ #include <openssl/ui.h>
+
+ typedef struct ui_st UI;
+
+ UI *UI_new(void);
+ UI *UI_new_method(const UI_METHOD *method);
+ void UI_free(UI *ui);
+
+ int UI_add_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize);
+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize);
+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf);
+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf);
+ int UI_add_info_string(UI *ui, const char *text);
+ int UI_dup_info_string(UI *ui, const char *text);
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
+
+ char *UI_construct_prompt(UI *ui_method,
+        const char *object_desc, const char *object_name);
+
+ void *UI_add_user_data(UI *ui, void *user_data);
+ void *UI_get0_user_data(UI *ui);
+
+ const char *UI_get0_result(UI *ui, int i);
+
+ int UI_process(UI *ui);
+
+ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+ void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
+ const UI_METHOD *UI_get_method(UI *ui);
+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+ UI_METHOD *UI_OpenSSL(void);
+ const UI_METHOD *UI_null(void);
+
+=head1 DESCRIPTION
+
+UI stands for User Interface, and is general purpose set of routines to
+prompt the user for text-based information.  Through user-written methods
+(see L<UI_create_method(3)>), prompting can be done in any way
+imaginable, be it plain text prompting, through dialog boxes or from a
+cell phone.
+
+All the functions work through a context of the type UI.  This context
+contains all the information needed to prompt correctly as well as a
+reference to a UI_METHOD, which is an ordered vector of functions that
+carry out the actual prompting.
+
+The first thing to do is to create a UI with UI_new() or UI_new_method(),
+then add information to it with the UI_add or UI_dup functions.  Also,
+user-defined random data can be passed down to the underlying method
+through calls to UI_add_user_data.  The default UI method doesn't care
+about these data, but other methods might.  Finally, use UI_process()
+to actually perform the prompting and UI_get0_result() to find the result
+to the prompt.
+
+A UI can contain more than one prompt, which are performed in the given
+sequence.  Each prompt gets an index number which is returned by the
+UI_add and UI_dup functions, and has to be used to get the corresponding
+result with UI_get0_result().
+
+The functions are as follows:
+
+UI_new() creates a new UI using the default UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_new_method() creates a new UI using the given UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_OpenSSL() returns the built-in UI method (note: not necessarely the
+default one, since the default can be changed.  See further on).  This
+method is the most machine/OS dependent part of OpenSSL and normally
+generates the most problems when porting.
+
+UI_null() returns a UI method that does nothing.  Its use is to avoid
+getting internal defaults for passed UI_METHOD pointers.
+
+UI_free() removes a UI from memory, along with all other pieces of memory
+that's connected to it, like duplicated input strings, results and others.
+If B<ui> is NULL nothing is done.
+
+UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
+as well as flags and a result buffer and the desired minimum and maximum
+sizes of the result, not counting the final NUL character.  The given
+information is used to prompt for information, for example a password,
+and to verify a password (i.e. having the user enter it twice and check
+that the same string was entered twice).  UI_add_verify_string() takes
+and extra argument that should be a pointer to the result buffer of the
+input string that it's supposed to verify, or verification will fail.
+
+UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
+in a boolean way, with a single character for yes and a different character
+for no.  A set of characters that can be used to cancel the prompt is given
+as well.  The prompt itself is divided in two, one part being the
+descriptive text (given through the I<prompt> argument) and one describing
+the possible answers (given through the I<action_desc> argument).
+
+UI_add_info_string() and UI_add_error_string() add strings that are shown at
+the same time as the prompt for extra information or to show an error string.
+The difference between the two is only conceptual.  With the builtin method,
+there's no technical difference between them.  Other methods may make a
+difference between them, however.
+
+The flags currently supported are B<UI_INPUT_FLAG_ECHO>, which is relevant for
+UI_add_input_string() and will have the users response be echoed (when
+prompting for a password, this flag should obviously not be used, and
+B<UI_INPUT_FLAG_DEFAULT_PWD>, which means that a default password of some
+sort will be used (completely depending on the application and the UI
+method).
+
+UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
+UI_dup_info_string() and UI_dup_error_string() are basically the same
+as their UI_add counterparts, except that they make their own copies
+of all strings.
+
+UI_construct_prompt() is a helper function that can be used to create
+a prompt from two pieces of information: an description and a name.
+The default constructor (if there is none provided by the method used)
+creates a string "Enter I<description> for I<name>:".  With the
+description "pass phrase" and the file name "foo.key", that becomes
+"Enter pass phrase for foo.key:".  Other methods may create whatever
+string and may include encodings that will be processed by the other
+method functions.
+
+UI_add_user_data() adds a piece of memory for the method to use at any
+time.  The builtin UI method doesn't care about this info.  Note that several
+calls to this function doesn't add data, it replaces the previous blob
+with the one given as argument.
+
+UI_get0_user_data() retrieves the data that has last been given to the
+UI with UI_add_user_data().
+
+UI_get0_result() returns a pointer to the result buffer associated with
+the information indexed by I<i>.
+
+UI_process() goes through the information given so far, does all the printing
+and prompting and returns the final status, which is -2 on out-of-band events
+(Interrupt, Cancel, ...), -1 on error and 0 on success.
+
+UI_ctrl() adds extra control for the application author.  For now, it
+understands two commands: B<UI_CTRL_PRINT_ERRORS>, which makes UI_process()
+print the OpenSSL error stack as part of processing the UI, and
+B<UI_CTRL_IS_REDOABLE>, which returns a flag saying if the used UI can
+be used again or not.
+
+UI_set_default_method() changes the default UI method to the one given.
+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.
+
+UI_get_default_method() returns a pointer to the current default UI method.
+
+UI_get_method() returns the UI method associated with a given UI.
+
+UI_set_method() changes the UI method associated with a given UI.
+
+=head1 NOTES
+
+The resulting strings that the built in method UI_OpenSSL() generate
+are assumed to be encoded according to the current locale or (for
+Windows) code page.
+For applications having different demands, these strings need to be
+converted appropriately by the caller.
+For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set,
+the built-in method UI_OpenSSL() will produce UTF-8 encoded strings
+instead.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509V3_get_d2i.pod b/openssl-1.1.0h/doc/crypto/X509V3_get_d2i.pod
new file mode 100644
index 0000000..ac560b2
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509V3_get_d2i.pod
@@ -0,0 +1,241 @@
+=pod
+
+=head1 NAME
+
+X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
+X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
+X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
+X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
+X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
+ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                      int *idx);
+ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                     int crit, unsigned long flags);
+
+ void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
+
+ void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                       unsigned long flags);
+
+ void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+ int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+                           unsigned long flags);
+
+ void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+                               unsigned long flags);
+
+ const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+ const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+=head1 DESCRIPTION
+
+X509V3_get_ext_d2i() looks for an extension with OID B<nid> in the extensions
+B<x> and, if found, decodes it. If B<idx> is B<NULL> then only one
+occurrence of an extension is permissible otherwise the first extension after
+index B<*idx> is returned and B<*idx> updated to the location of the extension.
+If B<crit> is not B<NULL> then B<*crit> is set to a status value: -2 if the
+extension occurs multiple times (this is only returned if B<idx> is B<NULL>),
+-1 if the extension could not be found, 0 if the extension is found and is
+not critical and 1 if critical. A pointer to an extension specific structure
+or B<NULL> is returned.
+
+X509V3_add1_i2d() adds extension B<value> to STACK B<*x> (allocating a new
+STACK if necessary) using OID B<nid> and criticality B<crit> according
+to B<flags>.
+
+X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension
+B<ext> and returns a pointer to an extension specific structure or B<NULL>
+if the extension could not be decoded (invalid syntax or not supported).
+
+X509V3_EXT_i2d() encodes the extension specific structure B<ext>
+with OID B<ext_nid> and criticality B<crit>.
+
+X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
+certificate B<x>, they are otherwise identical to X509V3_get_d2i() and
+X509V3_add_i2d().
+
+X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
+of CRL B<crl>, they are otherwise identical to X509V3_get_d2i() and
+X509V3_add_i2d().
+
+X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
+extensions of B<X509_REVOKED> structure B<r> (i.e for CRL entry extensions),
+they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
+
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of all the extensions
+of a certificate a CRL or a CRL entry respectively.
+
+=head1 NOTES
+
+In almost all cases an extension can occur at most once and multiple
+occurrences is an error. Therefore the B<idx> parameter is usually B<NULL>.
+
+The B<flags> parameter may be one of the following values.
+
+B<X509V3_ADD_DEFAULT> appends a new extension only if the extension does
+not already exist. An error is returned if the extension does already
+exist.
+
+B<X509V3_ADD_APPEND> appends a new extension, ignoring whether the extension
+already exists.
+
+B<X509V3_ADD_REPLACE> replaces an extension if it exists otherwise appends
+a new extension.
+
+B<X509V3_ADD_REPLACE_EXISTING> replaces an existing extension if it exists
+otherwise returns an error.
+
+B<X509V3_ADD_KEEP_EXISTING> appends a new extension only if the extension does
+not already exist. An error B<is not> returned if the extension does already
+exist.
+
+B<X509V3_ADD_DELETE> extension B<nid> is deleted: no new extension is added.
+
+If B<X509V3_ADD_SILENT> is ored with B<flags>: any error returned will not
+be added to the error queue.
+
+The function X509V3_get_d2i() will return B<NULL> if the extension is not
+found, occurs multiple times or cannot be decoded. It is possible to
+determine the precise reason by checking the value of B<*crit>.
+
+=head1 SUPPORTED EXTENSIONS
+
+The following sections contain a list of all supported extensions
+including their name and NID.
+
+=head2 PKIX Certificate Extensions
+
+The following certificate extensions are defined in PKIX standards such as
+RFC5280.
+
+ Basic Constraints                  NID_basic_constraints
+ Key Usage                          NID_key_usage
+ Extended Key Usage                 NID_ext_key_usage
+
+ Subject Key Identifier             NID_subject_key_identifier
+ Authority Key Identifier           NID_authority_key_identifier
+
+ Private Key Usage Period           NID_private_key_usage_period
+
+ Subject Alternative Name           NID_subject_alt_name
+ Issuer Alternative Name            NID_issuer_alt_name
+
+ Authority Information Access       NID_info_access
+ Subject Information Access         NID_sinfo_access
+
+ Name Constraints                   NID_name_constraints
+
+ Certificate Policies               NID_certificate_policies
+ Policy Mappings                    NID_policy_mappings
+ Policy Constraints                 NID_policy_constraints
+ Inhibit Any Policy                 NID_inhibit_any_policy
+
+ TLS Feature                        NID_tlsfeature
+
+=head2 Netscape Certificate Extensions
+
+The following are (largely obsolete) Netscape certificate extensions.
+
+ Netscape Cert Type                 NID_netscape_cert_type
+ Netscape Base Url                  NID_netscape_base_url
+ Netscape Revocation Url            NID_netscape_revocation_url
+ Netscape CA Revocation Url         NID_netscape_ca_revocation_url
+ Netscape Renewal Url               NID_netscape_renewal_url
+ Netscape CA Policy Url             NID_netscape_ca_policy_url
+ Netscape SSL Server Name           NID_netscape_ssl_server_name
+ Netscape Comment                   NID_netscape_comment
+
+=head2 Miscellaneous Certificate Extensions
+
+ Strong Extranet ID                 NID_sxnet
+ Proxy Certificate Information      NID_proxyCertInfo
+
+=head2 PKIX CRL Extensions
+
+The following are CRL extensions from PKIX standards such as RFC5280.
+
+ CRL Number                         NID_crl_number
+ CRL Distribution Points            NID_crl_distribution_points
+ Delta CRL Indicator                NID_delta_crl
+ Freshest CRL                       NID_freshest_crl
+ Invalidity Date                    NID_invalidity_date
+ Issuing Distribution Point         NID_issuing_distribution_point
+
+The following are CRL entry extensions from PKIX standards such as RFC5280.
+
+ CRL Reason Code                    NID_crl_reason
+ Certificate Issuer                 NID_certificate_issuer
+
+=head2 OCSP Extensions
+
+ OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+ OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+ Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+ OCSP No Check                      NID_id_pkix_OCSP_noCheck
+ OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+ OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+ Hold Instruction Code              NID_hold_instruction_code
+
+=head2 Certificate Transparency Extensions
+
+The following extensions are used by certificate transparency, RFC6962
+
+ CT Precertificate SCTs             NID_ct_precert_scts
+ CT Certificate SCTs                NID_ct_cert_scts
+
+=head1 RETURN VALUES
+
+X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension
+specific structure of B<NULL> if an error occurs.
+
+X509V3_EXT_i2d() returns a pointer to an B<X509_EXTENSION> structure
+or B<NULL> if an error occurs.
+
+X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it
+fails due to a non-fatal error (extension not found, already exists,
+cannot be encoded) or -1 due to a fatal error such as a memory allocation
+failure.
+
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of extensions. They return
+NULL if no extensions are present.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_ALGOR_dup.pod b/openssl-1.1.0h/doc/crypto/X509_ALGOR_dup.pod
new file mode 100644
index 0000000..21845e9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_ALGOR_dup.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                      const void **ppval, const X509_ALGOR *alg);
+ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+
+=head1 DESCRIPTION
+
+X509_ALGOR_dup() returns a copy of B<alg>.
+
+X509_ALGOR_set0() sets the algorithm OID of B<alg> to B<aobj> and the
+associated parameter type to B<ptype> with value B<pval>. If B<ptype> is
+B<V_ASN1_UNDEF> the parameter is omitted, otherwise B<ptype> and B<pval> have
+the same meaning as the B<type> and B<value> parameters to ASN1_TYPE_set().
+All the supplied parameters are used internally so must B<NOT> be freed after
+this call.
+
+X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the
+algorithm OID in B<*paobj> and the associated parameter in B<*pptype>
+and B<*ppval> from the B<AlgorithmIdentifier> B<alg>.
+
+X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate
+values for the message digest B<md>.
+
+X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
+encodings and non-zero otherwise.
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_CRL_get0_by_serial.pod b/openssl-1.1.0h/doc/crypto/X509_CRL_get0_by_serial.pod
new file mode 100644
index 0000000..a704228
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_CRL_get0_by_serial.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED,
+X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate,
+X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate,
+X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_CRL_get0_by_serial(X509_CRL *crl,
+                             X509_REVOKED **ret, ASN1_INTEGER *serial);
+ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+
+ const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
+ const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
+
+ int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial);
+ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+
+ int X509_CRL_sort(X509_CRL *crl);
+
+=head1 DESCRIPTION
+
+X509_CRL_get0_by_serial() attempts to find a revoked entry in B<crl> for
+serial number B<serial>. If it is successful it sets B<*ret> to the internal
+pointer of the matching entry, as a result B<*ret> must not be freed up
+after the call.
+
+X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it
+looks for a revoked entry using the serial number of certificate B<x>.
+
+X509_CRL_get_REVOKED() returns an internal pointer to a stack of all
+revoked entries for B<crl>.
+
+X509_REVOKED_get0_serialNumber() returns an internal pointer to the
+serial number of B<r>.
+
+X509_REVOKED_get0_revocationDate() returns an internal pointer to the
+revocation date of B<r>.
+
+X509_REVOKED_set_serialNumber() sets the serial number of B<r> to B<serial>.
+The supplied B<serial> pointer is not used internally so it should be
+freed up after use.
+
+X509_REVOKED_set_revocationDate() sets the revocation date of B<r> to
+B<tm>. The supplied B<tm> pointer is not used internally so it should be
+freed up after use.
+
+X509_CRL_add0_revoked() appends revoked entry B<rev> to CRL B<crl>. The
+pointer B<rev> is used internally so it must not be freed up after the call:
+it is freed when the parent CRL is freed.
+
+X509_CRL_sort() sorts the revoked entries of B<crl> into ascending serial
+number order.
+
+=head1 NOTES
+
+Applications can determine the number of revoked entries returned by
+X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one
+in turn using sk_X509_REVOKED_value().
+
+=head1 RETURN VALUES
+
+X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure,
+1 on success except if the revoked entry has the reason C<removeFromCRL> (8),
+in which case 2 is returned.
+
+X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(),
+X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for
+failure.
+
+X509_REVOKED_get0_serialNumber() returns an B<ASN1_INTEGER> pointer.
+
+X509_REVOKED_get0_revocationDate() returns an B<ASN1_TIME> value.
+
+X509_CRL_get_REVOKED() returns a STACK of revoked entries.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_EXTENSION_set_object.pod b/openssl-1.1.0h/doc/crypto/X509_EXTENSION_set_object.pod
new file mode 100644
index 0000000..f3f0de6
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_EXTENSION_set_object.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+X509_EXTENSION_set_object, X509_EXTENSION_set_critical,
+X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID,
+X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object,
+X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility
+functions
+
+=head1 SYNOPSIS
+
+ int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+
+ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                              int nid, int crit,
+                                              ASN1_OCTET_STRING *data);
+ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                              const ASN1_OBJECT *obj, int crit,
+                                              ASN1_OCTET_STRING *data);
+
+ ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+
+=head1 DESCRIPTION
+
+X509_EXTENSION_set_object() sets the extension type of B<ex> to B<obj>. The
+B<obj> pointer is duplicated internally so B<obj> should be freed up after use.
+
+X509_EXTENSION_set_critical() sets the criticality of B<ex> to B<crit>. If
+B<crit> is zero the extension in non-critical otherwise it is critical.
+
+X509_EXTENSION_set_data() sets the data in extension B<ex> to B<data>. The
+B<data> pointer is duplicated internally.
+
+X509_EXTENSION_create_by_NID() creates an extension of type B<nid>,
+criticality B<crit> using data B<data>. The created extension is returned and
+written to B<*ex> reusing or allocating a new extension if necessary so B<*ex>
+should either be B<NULL> or a valid B<X509_EXTENSION> structure it must
+B<not> be an uninitialised pointer.
+
+X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID()
+except it creates and extension using B<obj> instead of a NID.
+
+X509_EXTENSION_get_object() returns the extension type of B<ex> as an
+B<ASN1_OBJECT> pointer. The returned pointer is an internal value which must
+not be freed up.
+
+X509_EXTENSION_get_critical() returns the criticality of extension B<ex> it
+returns B<1> for critical and B<0> for non-critical.
+
+X509_EXTENSION_get_data() returns the data of extension B<ex>. The returned
+pointer is an internal value which must not be freed up.
+
+=head1 NOTES
+
+These functions manipulate the contents of an extension directly. Most
+applications will want to parse or encode and add an extension: they should
+use the extension encode and decode functions instead such as
+X509_add1_ext_i2d() and X509_get_ext_d2i().
+
+The B<data> associated with an extension is the extension encoding in an
+B<ASN1_OCTET_STRING> structure.
+
+=head1 RETURN VALUES
+
+X509_EXTENSION_set_object() X509_EXTENSION_set_critical() and
+X509_EXTENSION_set_data() return B<1> for success and B<0> for failure.
+
+X509_EXTENSION_create_by_NID() and X509_EXTENSION_create_by_OBJ() return
+an B<X509_EXTENSION> pointer or B<NULL> if an error occurs.
+
+X509_EXTENSION_get_object() returns an B<ASN1_OBJECT> pointer.
+
+X509_EXTENSION_get_critical() returns B<0> for non-critical and B<1> for
+critical.
+
+X509_EXTENSION_get_data() returns an B<ASN1_OCTET_STRING> pointer.
+
+=head1 SEE ALSO
+
+L<X509V3_get_d2i(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_LOOKUP_hash_dir.pod b/openssl-1.1.0h/doc/crypto/X509_LOOKUP_hash_dir.pod
new file mode 100644
index 0000000..5f8dfa9
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_LOOKUP_hash_dir.pod
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+X509_LOOKUP_hash_dir, X509_LOOKUP_file,
+X509_load_cert_file,
+X509_load_crl_file,
+X509_load_cert_crl_file - Default OpenSSL certificate
+lookup methods
+
+=head1 SYNOPSIS
+
+  #include <openssl/x509_vfy.h>
+
+  X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+  X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+  int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+  int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+  int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+
+=head1 DESCRIPTION
+
+B<X509_LOOKUP_hash_dir> and B<X509_LOOKUP_file> are two certificate
+lookup methods to use with B<X509_STORE>, provided by OpenSSL library.
+
+Users of the library typically do not need to create instances of these
+methods manually, they would be created automatically by
+L<X509_STORE_load_locations(3)> or
+L<SSL_CTX_load_verify_locations(3)>
+functions.
+
+Internally loading of certificates and CRLs is implemented via functions
+B<X509_load_cert_crl_file>, B<X509_load_cert_file> and
+B<X509_load_crl_file>. These functions support parameter I<type>, which
+can be one of constants B<FILETYPE_PEM>, B<FILETYPE_ASN1> and
+B<FILETYPE_DEFAULT>. They load certificates and/or CRLs from specified
+file into memory cache of B<X509_STORE> objects which given B<ctx>
+parameter is associated with.
+
+Functions B<X509_load_cert_file> and
+B<X509_load_crl_file> can load both PEM and DER formats depending of
+type value. Because DER format cannot contain more than one certificate
+or CRL object (while PEM can contain several concatenated PEM objects)
+B<X509_load_cert_crl_file> with B<FILETYPE_ASN1> is equivalent to
+B<X509_load_cert_file>.
+
+Constant B<FILETYPE_DEFAULT> with NULL filename causes these functions
+to load default certificate store file (see
+L<X509_STORE_set_default_paths(3)>.
+
+
+Functions return number of objects loaded from file or 0 in case of
+error.
+
+Both methods support adding several certificate locations into one
+B<X509_STORE>.
+
+This page documents certificate store formats used by these methods and
+caching policy.
+
+=head2 File Method
+
+The B<X509_LOOKUP_file> method loads all the certificates or CRLs
+present in a file into memory at the time the file is added as a
+lookup source.
+
+File format is ASCII text which contains concatenated PEM certificates
+and CRLs.
+
+This method should be used by applications which work with a small
+set of CAs.
+
+=head2 Hashed Directory Method
+
+B<X509_LOOKUP_hash_dir> is a more advanced method, which loads
+certificates and CRLs on demand, and caches them in memory once
+they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs
+upon each lookup, so that newer CRLs are as soon as they appear in
+the directory.
+
+The directory should contain one certificate or CRL per file in PEM format,
+with a file name of the form I<hash>.I<N> for a certificate, or
+I<hash>.B<r>I<N> for a CRL.
+The I<hash> is the value returned by the L<X509_NAME_hash(3)> function applied
+to the subject name for certificates or issuer name for CRLs.
+The hash can also be obtained via the B<-hash> option of the L<x509(1)> or
+L<crl(1)> commands.
+
+The .I<N> or .B<r>I<N> suffix is a sequence number that starts at zero, and is
+incremented consecutively for each certificate or CRL with the same I<hash>
+value.
+Gaps in the sequence numbers are not supported, it is assumed that there are no
+more objects with the same hash beyond the first missing number in the
+sequence.
+
+Sequence numbers make it possible for the directory to contain multiple
+certificates with same subject name hash value.
+For example, it is possible to have in the store several certificates with same
+subject or several CRLs with same issuer (and, for example, different validity
+period).
+
+When checking for new CRLs once one CRL for given hash value is
+loaded, hash_dir lookup method checks only for certificates with
+sequence number greater than that of the already cached CRL.
+
+Note that the hash algorithm used for subject name hashing changed in OpenSSL
+1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL
+0.9.8 to 1.0.0.
+
+OpenSSL includes a L<rehash(1)> utility which creates symlinks with correct
+hashed names for all files with .pem suffix in a given directory.
+
+=head1 SEE ALSO
+
+L<PEM_read_PrivateKey(3)>,
+L<X509_STORE_load_locations(3)>,
+L<X509_store_add_lookup(3)>,
+L<SSL_CTX_load_verify_locations(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_NAME_ENTRY_get_object.pod b/openssl-1.1.0h/doc/crypto/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000..72e0f7b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+
+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
+and B<ASN1_OBJECT> structure.
+
+X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
+and B<ASN1_STRING> structure.
+
+X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
+
+X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+B<type> and value determined by B<bytes> and B<len>.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
+B<X509_NAME_ENTRY> structure.
+
+=head1 NOTES
+
+X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
+used to examine an B<X509_NAME_ENTRY> function as returned by
+X509_NAME_get_entry() for example.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
+X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
+are seldom used in practice because B<X509_NAME_ENTRY> structures
+are almost always part of B<X509_NAME> structures and the
+corresponding B<X509_NAME> functions are typically used to
+create and add new entries in a single operation.
+
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding B<X509_NAME> functions such as
+X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
+set first so the relevant field information can be looked up internally.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>,
+L<OBJ_nid2obj(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_NAME_add_entry_by_txt.pod b/openssl-1.1.0h/doc/crypto/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000..27e5baf
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,123 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len, int loc, int set);
+
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set);
+
+ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
+
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+
+=head1 DESCRIPTION
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
+X509_NAME_add_entry_by_NID() add a field whose name is defined
+by a string B<field>, an object B<obj> or a NID B<nid> respectively.
+The field value to be added is in B<bytes> of length B<len>. If
+B<len> is -1 then the field length is calculated internally using
+strlen(bytes).
+
+The type of field is determined by B<type> which can either be a
+definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
+standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
+added to a position determined by B<loc> and B<set>.
+
+X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
+to B<name>. The new entry is added to a position determined by B<loc>
+and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
+the call.
+
+X509_NAME_delete_entry() deletes an entry from B<name> at position
+B<loc>. The deleted entry is returned and must be freed up.
+
+=head1 NOTES
+
+The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
+is strongly recommended for the B<type> parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using ASN1_STRING_set_by_NID().
+
+If instead an ASN1 type is used no checks are performed and the
+supplied data in B<bytes> is used directly.
+
+In X509_NAME_add_entry_by_txt() the B<field> string represents
+the field name using OBJ_txt2obj(field, 0).
+
+The B<loc> and B<set> parameters determine where a new entry should
+be added. For almost all applications B<loc> can be set to -1 and B<set>
+to 0. This adds a new entry to the end of B<name> as a single valued
+RelativeDistinguishedName (RDN).
+
+B<loc> actually determines the index where the new entry is inserted:
+if it is -1 it is appended.
+
+B<set> determines how the new type is added. If it is zero a
+new RDN is created.
+
+If B<set> is -1 or 1 it is added to the previous or next RDN
+structure respectively. This will then be a multivalued RDN:
+since multivalues RDNs are very seldom used B<set> is almost
+always set to zero.
+
+=head1 EXAMPLES
+
+Create an B<X509_NAME> structure:
+
+"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
+
+ X509_NAME *nm;
+ nm = X509_NAME_new();
+ if (nm == NULL)
+        /* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+                        "UK", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+                        "Disorganized Organization", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+                        "Joe Bloggs", -1, -1, 0))
+        /* Error */
+
+=head1 RETURN VALUES
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
+X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
+success of 0 if an error occurred.
+
+X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
+structure of B<NULL> if an error occurred.
+
+=head1 BUGS
+
+B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_NAME_get0_der.pod b/openssl-1.1.0h/doc/crypto/X509_NAME_get0_der.pod
new file mode 100644
index 0000000..f91fd4d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_NAME_get0_der.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_get0_der - get X509_NAME DER encoding
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                        size_t *pderlen)
+
+
+=head1 DESCRIPTION
+
+The function X509_NAME_get0_der() returns an internal pointer to the
+encoding of an B<X509_NAME> structure in B<*pder> and consisting of
+B<*pderlen> bytes. It is useful for applications that wish to examine
+the encoding of an B<X509_NAME> structure without copying it.
+
+=head1 RETURN VALUES
+
+The function X509_NAME_get0_der() returns 1 for success and 0 if an error
+occurred.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_NAME_get_index_by_NID.pod b/openssl-1.1.0h/doc/crypto/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000..2d6713b
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,123 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
+X509_NAME lookup and enumeration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos);
+
+ int X509_NAME_entry_count(const X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len);
+
+=head1 DESCRIPTION
+
+These functions allow an B<X509_NAME> structure to be examined. The
+B<X509_NAME> structure is the same as the B<Name> type defined in
+RFC2459 (and elsewhere) and used for example in certificate subject
+and issuer names.
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
+the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
+should initially be set to -1. If there are no more entries -1 is returned.
+If B<nid> is invalid (doesn't correspond to a valid OID) then -2 is returned.
+
+X509_NAME_entry_count() returns the total number of entries in B<name>.
+
+X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
+corresponding to index B<loc>. Acceptable values for B<loc> run from
+0 to (X509_NAME_entry_count(name) - 1). The value returned is an
+internal pointer which must not be freed.
+
+X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
+the "text" from the first entry in B<name> which matches B<nid> or
+B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+will be written and the text written to B<buf> will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If B<buf> is <NULL> then the amount
+of space needed in B<buf> (excluding the final null) is returned.
+
+=head1 NOTES
+
+X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a multicharacter string type
+like a BMPString or a UTF8String.
+
+For a more general solution X509_NAME_get_index_by_NID() or
+X509_NAME_get_index_by_OBJ() should be used followed by
+X509_NAME_get_entry() on any matching indices and then the
+various B<X509_NAME_ENTRY> utility functions on the result.
+
+The list of all relevant B<NID_*> and B<OBJ_* codes> can be found in
+the source code header files E<lt>openssl/obj_mac.hE<gt> and/or
+E<lt>openssl/objects.hE<gt>.
+
+Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID()
+should check for the return value of -2. Alternatively the NID validity
+can be determined first by checking OBJ_nid2obj(nid) is not NULL.
+
+=head1 EXAMPLES
+
+Process all entries:
+
+ int i;
+ X509_NAME_ENTRY *e;
+
+ for (i = 0; i < X509_NAME_entry_count(nm); i++)
+        {
+        e = X509_NAME_get_entry(nm, i);
+        /* Do something with e */
+        }
+
+Process all commonName entries:
+
+ int lastpos = -1;
+ X509_NAME_ENTRY *e;
+
+ for (;;)
+        {
+        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+        if (lastpos == -1)
+                break;
+        e = X509_NAME_get_entry(nm, lastpos);
+        /* Do something with e */
+        }
+
+=head1 RETURN VALUES
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
+return the index of the next matching entry or -1 if not found.
+X509_NAME_get_index_by_NID() can also return -2 if the supplied
+NID is invalid.
+
+X509_NAME_entry_count() returns the total number of entries.
+
+X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
+requested entry or B<NULL> if the index is invalid.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_NAME_print_ex.pod b/openssl-1.1.0h/doc/crypto/X509_NAME_print_ex.pod
new file mode 100644
index 0000000..3e9caa8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_NAME_print_ex.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline - X509_NAME printing routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
+ char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+
+=head1 DESCRIPTION
+
+X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
+line (for multiline formats) is indented by B<indent> spaces. The output format
+can be extensively customised by use of the B<flags> parameter.
+
+X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
+written to FILE pointer B<fp>.
+
+X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>.
+If B<buf> is B<NULL> then a buffer is dynamically allocated and returned, and
+B<size> is ignored.
+Otherwise, at most B<size> bytes will be written, including the ending '\0',
+and B<buf> is returned.
+
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+
+=head1 NOTES
+
+The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+
+Although there are a large number of possible flags for most purposes
+B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
+As noted on the L<ASN1_STRING_print_ex(3)> manual page
+for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
+
+The complete set of the flags supported by X509_NAME_print_ex() is listed below.
+
+Several options can be ored together.
+
+The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
+B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same RDN for a multi-valued RDN. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+
+B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
+spaced newline and plus respectively.
+
+If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
+
+The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
+B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
+use the short name (e.g. CN) the long name (e.g. commonName) always
+use OID numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+
+If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
+separating field names and values.
+
+If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
+printed instead of the values.
+
+If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to
+control how each field value is displayed.
+
+In addition a number options can be set for commonly used formats.
+
+B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
+is equivalent to:
+ B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
+
+
+B<XN_FLAG_ONELINE> is a more readable one line format which is the same as:
+ B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
+
+B<XN_FLAG_MULTILINE> is a multiline format which is the same as:
+ B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
+
+B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
+
+=head1 SEE ALSO
+
+L<ASN1_STRING_print_ex(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_PUBKEY_new.pod b/openssl-1.1.0h/doc/crypto/X509_PUBKEY_new.pod
new file mode 100644
index 0000000..b133105
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_PUBKEY_new.pod
@@ -0,0 +1,120 @@
+=pod
+
+=head1 NAME
+
+X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0,
+X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
+i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
+X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_PUBKEY *X509_PUBKEY_new(void);
+ void X509_PUBKEY_free(X509_PUBKEY *a);
+
+ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+
+ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+
+ EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+
+ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+ int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+
+ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                            int ptype, void *pval,
+                            unsigned char *penc, int penclen);
+ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                            const unsigned char **pk, int *ppklen,
+                            X509_ALGOR **pa, X509_PUBKEY *pub);
+
+=head1 DESCRIPTION
+
+The B<X509_PUBKEY> structure represents the ASN.1 B<SubjectPublicKeyInfo>
+structure defined in RFC5280 and used in certificates and certificate requests.
+
+X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
+
+X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
+nothing is done.
+
+X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
+in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
+public key structure will be freed.
+
+X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
+value is an internal pointer which B<MUST NOT> be freed after use.
+
+X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
+count on the returned key is incremented so it B<MUST> be freed using
+EVP_PKEY_free() after use.
+
+d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
+using B<SubjectPublicKeyInfo> format. They otherwise follow the conventions of
+other ASN.1 functions such as d2i_X509().
+
+d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
+similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
+B<BIO> or B<FILE> pointer.
+
+X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
+OID associated with the algorithm is set to B<aobj>. The type of the
+algorithm parameters is set to B<type> using the structure B<pval>.
+The encoding of the public key itself is set to the B<penclen>
+bytes contained in buffer B<penc>. On success ownership of all the supplied
+parameters is passed to B<pub> so they must not be freed after the
+call.
+
+X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
+B<*ppkalg> is set to the associated OID and the encoding consists of
+B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
+AlgorithmIdentifier for the public key. If the value of any of these
+parameters is not required it can be set to B<NULL>. All of the
+retrieved pointers are internal and must not be freed after the
+call.
+
+=head1 NOTES
+
+The B<X509_PUBKEY> functions can be used to encode and decode public keys
+in a standard format.
+
+In many cases applications will not call the B<X509_PUBKEY> functions
+directly: they will instead call wrapper functions such as X509_get0_pubkey().
+
+=head1 RETURN VALUES
+
+If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)>.
+
+Otherwise it returns a pointer to the newly allocated structure.
+
+X509_PUBKEY_free() does not return a value.
+
+X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
+structure or B<NULL> if an error occurs.
+
+X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
+return 1 for success and 0 if an error occurred.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_get_pubkey(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_SIG_get0.pod b/openssl-1.1.0h/doc/crypto/X509_SIG_get0.pod
new file mode 100644
index 0000000..d24eadc
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_SIG_get0.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+X509_SIG_get0, X509_SIG_getm - DigestInfo functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                    const ASN1_OCTET_STRING **pdigest);
+ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                    ASN1_OCTET_STRING **pdigest,
+
+=head1 DESCRIPTION
+
+X509_SIG_get0() returns pointers to the algorithm identifier and digest
+value in B<sig>. X509_SIG_getm() is identical to X509_SIG_get0()
+except the pointers returned are not constant and can be modified:
+for example to initialise them.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_get_error.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_get_error.pod
new file mode 100644
index 0000000..105e051
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -0,0 +1,338 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,
+X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth,
+X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert,
+X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain,
+X509_verify_cert_error_string - get or set certificate verification status
+information
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int   X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+ int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+
+ const char *X509_verify_cert_error_string(long n);
+
+=head1 DESCRIPTION
+
+These functions are typically called after X509_verify_cert() has indicated
+an error or in a verification callback to determine the nature of an error.
+
+X509_STORE_CTX_get_error() returns the error code of B<ctx>, see
+the B<ERROR CODES> section for a full description of all error codes.
+
+X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example
+it might be used in a verification callback to set an error based on additional
+checks.
+
+X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
+non-negative integer representing where in the certificate chain the error
+occurred. If it is zero it occurred in the end entity certificate, one if
+it is the certificate which signed the end entity certificate and so on.
+
+X509_STORE_CTX_set_error_depth() sets the error B<depth>.
+This can be used in combination with X509_STORE_CTX_set_error() to set the
+depth at which an error condition was detected.
+
+X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
+caused the error or B<NULL> if no certificate is relevant.
+
+X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which
+caused the error.
+This value is not intended to remain valid for very long, and remains owned by
+the caller.
+It may be examined by a verification callback invoked to handle each error
+encountered during chain verification and is no longer required after such a
+callback.
+If a callback wishes the save the certificate for use after it returns, it
+needs to increment its reference count via L<X509_up_ref(3)>.
+Once such a I<saved> certificate is no longer needed it can be freed with
+L<X509_free(3)>.
+
+X509_STORE_CTX_get0_cert() retrieves an internal pointer to the
+certificate being verified by the B<ctx>.
+
+X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
+call to X509_verify_cert() is successful. If the call to X509_verify_cert()
+is B<not> successful the returned chain may be incomplete or invalid. The
+returned chain persists after the B<ctx> structure is freed, when it is
+no longer needed it should be free up using:
+
+  sk_X509_pop_free(chain, X509_free);
+
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code.
+
+X509_STORE_CTX_get_error_depth() returns a non-negative error depth.
+
+X509_STORE_CTX_get_current_cert() returns the certificate which caused the
+error or B<NULL> if no certificate is relevant to the error.
+
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+
+=head1 ERROR CODES
+
+A list of error codes and messages is shown below.  Some of the
+error codes are defined but currently never returned: these are described as
+"unused".
+
+=over 4
+
+=item B<X509_V_OK: ok>
+
+the operation was successful.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+
+the CRL of a certificate could not be found.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+
+the certificate signature could not be decrypted. This means that the actual
+signature value could not be determined rather than it not matching the
+expected value, this is only meaningful for RSA keys.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+
+the CRL signature could not be decrypted: this means that the actual signature
+value could not be determined rather than it not matching the expected value.
+Unused.
+
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+
+the certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+
+the certificate has expired: that is the notAfter date is before the current time.
+
+=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+
+the CRL is not yet valid.
+
+=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+
+the CRL has expired.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+
+the certificate notBefore field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+
+the certificate notAfter field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+
+the CRL lastUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+
+the CRL nextUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_OUT_OF_MEM: out of memory>
+
+an error occurred trying to allocate memory. This should never happen.
+
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+
+the passed certificate is self signed and the same certificate cannot be found
+in the list of trusted certificates.
+
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+
+the certificate chain could be built up using the untrusted certificates but
+the root could not be found locally.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+
+the issuer certificate of a locally looked up certificate could not be found.
+This normally means the list of trusted certificates is not complete.
+
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+
+no signatures could be verified because the chain contains only one certificate
+and it is not self signed.
+
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+
+the certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<X509_V_ERR_CERT_REVOKED: certificate revoked>
+
+the certificate has been revoked.
+
+=item B<X509_V_ERR_INVALID_CA: invalid CA certificate>
+
+a CA certificate is invalid. Either it is not a CA or its extensions are not
+consistent with the supplied purpose.
+
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+
+the basicConstraints path-length parameter has been exceeded.
+
+=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+
+the supplied certificate cannot be used for the specified purpose.
+
+=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<X509_V_ERR_CERT_REJECTED: certificate rejected>
+
+the root CA is marked to reject the specified purpose.
+
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. This is only set
+if issuer check debugging is enabled it is used for status notification and
+is B<not> in itself an error.
+
+=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. This is only set if issuer check debugging is enabled it is used
+for status notification and is B<not> in itself an error.
+
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier of
+the current certificate. This is only set if issuer check debugging is enabled
+it is used for status notification and is B<not> in itself an error.
+
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+
+the current candidate issuer certificate was rejected because its keyUsage
+extension does not permit certificate signing. This is only set if issuer check
+debugging is enabled it is used for status notification and is B<not> in itself
+an error.
+
+=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+
+A certificate extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions.
+
+
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+
+A certificate policies extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions. This error only
+occurs if policy processing is enabled.
+
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+
+The verification flags were set to require and explicit policy but none was
+present.
+
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+
+The only CRLs that could be found did not match the scope of the certificate.
+
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+
+Some feature of a certificate extension is not supported. Unused.
+
+=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+
+A name constraint violation occurred in the permitted subtrees.
+
+=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+
+A name constraint violation occurred in the excluded subtrees.
+
+=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+
+A certificate name constraints extension included a minimum or maximum field:
+this is not supported.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+
+An unsupported name constraint type was encountered. OpenSSL currently only
+supports directory name, DNS name, email and URI types.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+
+The format of the name constraint is not recognised: for example an email
+address format of a form not mentioned in RFC3280. This could be caused by
+a garbage extension or some new feature not currently supported.
+
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+
+An error occurred when attempting to verify the CRL path. This error can only
+happen if extended CRL checking is enabled.
+
+=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+
+an application specific error. This will never be returned unless explicitly
+set by an application.
+
+=back
+
+=head1 NOTES
+
+The above functions should be used instead of directly referencing the fields
+in the B<X509_VERIFY_CTX> structure.
+
+In versions of OpenSSL before 1.0 the current certificate returned by
+X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should
+check the return value before printing out any debugging information relating
+to the current certificate.
+
+If an unrecognised error code is passed to X509_verify_cert_error_string() the
+numerical value of the unknown code is returned in a static buffer. This is not
+thread safe but will never happen unless an invalid code is passed.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)>,
+L<X509_up_ref(3)>,
+L<X509_free(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_new.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_new.pod
new file mode 100644
index 0000000..2828ed7
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_new.pod
@@ -0,0 +1,174 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free,
+X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert,
+X509_STORE_CTX_set0_crls,
+X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
+X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
+X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
+X509_STORE_CTX_get_num_untrusted,
+X509_STORE_CTX_set_default,
+X509_STORE_CTX_set_verify,
+X509_STORE_CTX_verify_fn
+- X509_STORE_CTX initialisation
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
+
+ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+ STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+ int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+ typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+ void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
+
+=head1 DESCRIPTION
+
+These functions initialise an B<X509_STORE_CTX> structure for subsequent use
+by X509_verify_cert().
+
+X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
+
+X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
+The context can then be reused with an new call to X509_STORE_CTX_init().
+
+X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
+is no longer valid.
+If B<ctx> is NULL nothing is done.
+
+X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
+It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
+good for one call to X509_verify_cert(); if you want to verify a second
+certificate with the same B<ctx> then you must call X509_STORE_CTX_cleanup()
+and then X509_STORE_CTX_init() again before the second call to
+X509_verify_cert(). The trusted certificate store is set to B<store>, the end
+entity certificate to be verified is set to B<x509> and a set of additional
+certificates (which will be untrusted but may be used to build the chain) in
+B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
+B<NULL>.
+
+X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of
+B<ctx> to B<sk>. This is an alternative way of specifying trusted certificates
+instead of using an B<X509_STORE>.
+
+X509_STORE_CTX_set_cert() sets the certificate to be verified in B<ctx> to
+B<x>.
+
+X509_STORE_CTX_set0_verified_chain() sets the validated chain used
+by B<ctx> to be B<chain>.
+Ownership of the chain is transferred to B<ctx> and should not be
+free'd by the caller.
+X509_STORE_CTX_get0_chain() returns a the internal pointer used by the
+B<ctx> that contains the validated chain.
+
+X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
+verification to B<sk>. These CRLs will only be used if CRL verification is
+enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
+used where additional "useful" CRLs are supplied as part of a protocol,
+for example in a PKCS#7 structure.
+
+X509_STORE_CTX_get0_param() retrieves an internal pointer
+to the verification parameters associated with B<ctx>.
+
+X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
+stack of untrusted certificates associated with B<ctx>.
+
+X509_STORE_CTX_set0_untrusted() sets the internal point to the stack
+of untrusted certificates associated with B<ctx> to B<sk>.
+
+X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
+to B<param>. After this call B<param> should not be used.
+
+X509_STORE_CTX_set_default() looks up and sets the default verification
+method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
+find an appropriate set of parameters from B<name>.
+
+X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
+that were used in building the chain following a call to X509_verify_cert().
+
+X509_STORE_CTX_set_verify() provides the capability for overriding the default
+verify function. This function is responsible for verifying chain signatures and
+expiration times.
+
+A verify function is defined as an X509_STORE_CTX_verify type which has the
+following signature:
+
+ int (*verify)(X509_STORE_CTX *);
+
+This function should receive the current X509_STORE_CTX as a parameter and
+return 1 on success or 0 on failure.
+
+=head1 NOTES
+
+The certificates and CRLs in a store are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed.
+
+=head1 BUGS
+
+The certificates and CRLs in a context are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
+should be made or reference counts increased instead.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
+error occurred.
+
+X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
+
+X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
+structure or B<NULL> if an error occurred.
+
+X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(),
+X509_STORE_CTX_set0_trusted_stack(),
+X509_STORE_CTX_set_cert(),
+X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
+values.
+
+X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+
+X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
+used.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)>
+L<X509_VERIFY_PARAM_set_flags(3)>
+
+=head1 HISTORY
+
+X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
+X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
new file mode 100644
index 0000000..3be256d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
@@ -0,0 +1,215 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_get_cleanup,
+X509_STORE_CTX_get_lookup_crls,
+X509_STORE_CTX_get_lookup_certs,
+X509_STORE_CTX_get_check_policy,
+X509_STORE_CTX_get_cert_crl,
+X509_STORE_CTX_get_check_crl,
+X509_STORE_CTX_get_get_crl,
+X509_STORE_CTX_get_check_revocation,
+X509_STORE_CTX_get_check_issued,
+X509_STORE_CTX_get_get_issuer,
+X509_STORE_CTX_get_verify_cb,
+X509_STORE_CTX_set_verify_cb,
+X509_STORE_CTX_verify_cb
+- get and set verification callback
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+
+ X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                   X509_STORE_CTX_verify_cb verify_cb);
+
+ X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+
+=head1 DESCRIPTION
+
+X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+
+The verification callback can be used to customise the operation of certificate
+verification, either by overriding error conditions or logging errors for
+debugging purposes.
+
+However a verification callback is B<not> essential and the default operation
+is often sufficient.
+
+The B<ok> parameter to the callback indicates the value the callback should
+return to retain the default behaviour. If it is zero then an error condition
+is indicated. If it is 1 then no error occurred. If the flag
+B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
+policy checking is complete.
+
+The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that
+is performing the verification operation. A callback can examine this
+structure and receive additional information about the error, for example
+by calling X509_STORE_CTX_get_current_cert(). Additional application data can
+be passed to the callback via the B<ex_data> mechanism.
+
+X509_STORE_CTX_get_verify_cb() returns the value of the current callback
+for the specific B<ctx>.
+
+X509_STORE_CTX_get_get_issuer(),
+X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
+X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
+X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
+X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
+and X509_STORE_CTX_get_cleanup() return the function pointers cached
+from the corresponding B<X509_STORE>, please see
+L<X509_STORE_set_verify(3)> for more information.
+
+
+=head1 WARNING
+
+In general a verification callback should B<NOT> unconditionally return 1 in
+all circumstances because this will allow verification to succeed no matter
+what the error. This effectively removes all security from the application
+because B<any> certificate (including untrusted generated ones) will be
+accepted.
+
+=head1 NOTES
+
+The verification callback can be set and inherited from the parent structure
+performing the operation. In some cases (such as S/MIME verification) the
+B<X509_STORE_CTX> structure is created and destroyed internally and the
+only way to set a custom verification callback is by inheriting it from the
+associated B<X509_STORE>.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_set_verify_cb() does not return a value.
+
+=head1 EXAMPLES
+
+Default callback operation:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        return ok;
+        }
+
+Simple example, suppose a certificate in the chain is expired and we wish
+to continue after this error:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        /* Tolerate certificate expiration */
+        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+                        return 1;
+        /* Otherwise don't override */
+        return ok;
+        }
+
+More complex example, we don't wish to continue after B<any> certificate has
+expired just one specific case:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        int err = X509_STORE_CTX_get_error(ctx);
+        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+                {
+                if (check_is_acceptable_expired_cert(err_cert)
+                        return 1;
+                }
+        return ok;
+        }
+
+Full featured logging callback. In this case the B<bio_err> is assumed to be
+a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
+B<ex_data>.
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        X509 *err_cert;
+        int err, depth;
+
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err =   X509_STORE_CTX_get_error(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
+
+        BIO_printf(bio_err, "depth=%d ", depth);
+        if (err_cert)
+                {
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                }
+        else
+                BIO_puts(bio_err, "<no cert>\n");
+        if (!ok)
+                BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                        X509_verify_cert_error_string(err));
+        switch (err)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                BIO_puts(bio_err, "issuer= ");
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err, "notBefore=");
+                ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+                BIO_printf(bio_err, "\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err, "notAfter=");
+                ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+                BIO_printf(bio_err, "\n");
+                break;
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+                policies_print(bio_err, ctx);
+                break;
+                }
+        if (err == X509_V_OK && ok == 2)
+                /* print out policies */
+
+        BIO_printf(bio_err, "verify return:%d\n", ok);
+        return(ok);
+        }
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_get_error(3)>
+L<X509_STORE_set_verify_cb_func(3)>
+L<X509_STORE_CTX_get_ex_new_index(3)>
+
+=head1 HISTORY
+
+X509_STORE_CTX_get_get_issuer(),
+X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
+X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
+X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
+X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
+and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_get0_param.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_get0_param.pod
new file mode 100644
index 0000000..0aed725
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_get0_param.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_get0_param, X509_STORE_set1_param,
+X509_STORE_get0_objects - X509_STORE setter and getter functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
+
+=head1 DESCRIPTION
+
+X509_STORE_set1_param() sets the verification parameters
+to B<pm> for B<ctx>.
+
+X509_STORE_get0_param() retrieves an internal pointer to the verification
+parameters for B<ctx>. The returned pointer must not be freed by the
+calling application
+
+X509_STORE_get0_objects() retrieve an internal pointer to the store's
+X509 object cache. The cache contains B<X509> and B<X509_CRL> objects. The
+returned pointer must not be freed by the calling application.
+
+
+=head1 RETURN VALUES
+
+X509_STORE_get0_param() returns a pointer to an
+B<X509_VERIFY_PARAM> structure.
+
+X509_STORE_set1_param() returns 1 for success and 0 for failure.
+
+X509_STORE_get0_objects() returns a pointer to a stack of B<X509_OBJECT>.
+
+=head1 SEE ALSO
+
+L<X509_STORE_new(3)>
+
+=head1 HISTORY
+
+B<X509_STORE_get0_param> and B<X509_STORE_get0_objects> were added in
+OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_new.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_new.pod
new file mode 100644
index 0000000..f7a5c81
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_new.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,
+X509_STORE_unlock - X509_STORE allocation, freeing and locking functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ X509_STORE *X509_STORE_new(void);
+ void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_lock(X509_STORE *v);
+ int X509_STORE_unlock(X509_STORE *v);
+ int X509_STORE_up_ref(X509_STORE *v);
+
+=head1 DESCRIPTION
+
+The X509_STORE_new() function returns a new X509_STORE.
+
+X509_STORE_up_ref() increments the reference count associated with the
+X509_STORE object.
+
+X509_STORE_lock() locks the store from modification by other threads,
+X509_STORE_unlock() locks it.
+
+X509_STORE_free() frees up a single X509_STORE object.
+
+=head1 RETURN VALUES
+
+X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
+
+X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return
+1 for success and 0 for failure.
+
+X509_STORE_free() does not return values.
+
+=head1 SEE ALSO
+
+L<X509_STORE_set_verify_cb_func(3)>
+L<X509_STORE_get0_param(3)>
+
+=head1 HISTORY
+
+The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
+functions were added in OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_STORE_set_verify_cb_func.pod b/openssl-1.1.0h/doc/crypto/X509_STORE_set_verify_cb_func.pod
new file mode 100644
index 0000000..12a4646
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_STORE_set_verify_cb_func.pod
@@ -0,0 +1,265 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_set_lookup_crls_cb,
+X509_STORE_set_verify_func,
+X509_STORE_get_cleanup,
+X509_STORE_set_cleanup,
+X509_STORE_get_lookup_crls,
+X509_STORE_set_lookup_crls,
+X509_STORE_get_lookup_certs,
+X509_STORE_set_lookup_certs,
+X509_STORE_get_check_policy,
+X509_STORE_set_check_policy,
+X509_STORE_get_cert_crl,
+X509_STORE_set_cert_crl,
+X509_STORE_get_check_crl,
+X509_STORE_set_check_crl,
+X509_STORE_get_get_crl,
+X509_STORE_set_get_crl,
+X509_STORE_get_check_revocation,
+X509_STORE_set_check_revocation,
+X509_STORE_get_check_issued,
+X509_STORE_set_check_issued,
+X509_STORE_get_get_issuer,
+X509_STORE_set_get_issuer,
+X509_STORE_CTX_get_verify,
+X509_STORE_set_verify,
+X509_STORE_get_verify_cb,
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
+X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
+X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
+X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
+X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
+X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
+- set verification callback
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                             X509_STORE_CTX *ctx, X509 *x);
+ typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                               X509 *x, X509 *issuer);
+ typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL **crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+ typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                           X509_CRL *crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+ typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                           X509_NAME *nm);
+ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                              X509_NAME *nm);
+ typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                               X509_STORE_CTX_verify_cb verify_cb);
+ X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                                X509_STORE_CTX_get_issuer_fn get_issuer);
+ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_issued_fn check_issued);
+ X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                      X509_STORE_CTX_check_revocation_fn check_revocation);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_get_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_get_crl_fn get_crl);
+ X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_check_crl(X509_STORE *ctx,
+                               X509_STORE_CTX_check_crl_fn check_crl);
+ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_cert_crl_fn cert_crl);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_policy_fn check_policy);
+ X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
+
+ void X509_STORE_set_cleanup(X509_STORE *ctx,
+                             X509_STORE_CTX_cleanup_fn cleanup);
+ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
+
+ /* Aliases */
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                    X509_STORE_CTX_verify_cb verify_cb);
+ void X509_STORE_set_verify_func(X509_STORE *ctx,
+                                 X509_STORE_CTX_verify_fn verify);
+ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+                                    X509_STORE_CTX_lookup_crls_fn lookup_crls);
+
+=head1 DESCRIPTION
+
+X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting the previous callback.
+The callback assigned with this function becomes a default for the one
+that can be assigned directly to the corresponding B<X509_STORE_CTX>,
+please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
+
+X509_STORE_set_verify() sets the final chain verification function for
+B<ctx> to B<verify>.
+Its purpose is to go through the chain of certificates and check that
+all signatures are valid and that the current time is within the
+limits of each certificate's first and last validity time.
+The final chain verification functions must return 0 on failure and 1
+on success.
+I<If no chain verification function is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_get_issuer() sets the function to get the issuer
+certificate that verifies the given certificate B<x>.
+When found, the issuer certificate must be assigned to B<*issuer>.
+This function must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_check_issued() sets the function to check that a given
+certificate B<x> is issued with the issuer certificate B<issuer>.
+This function must return 0 on failure (among others if B<x> hasn't
+been issued with B<issuer>) and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_check_revocation() sets the revocation checking
+function.
+Its purpose is to look through the final chain and check the
+revocation status for each certificate.
+It must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_get_crl() sets the function to get the crl for a given
+certificate B<x>.
+When found, the crl must be assigned to B<*crl>.
+This function must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_check_crl() sets the function to check the validity of
+the given B<crl>.
+This function must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_cert_crl() sets the function to check the revocation
+status of the given certificate B<x> against the given B<crl>.
+This function must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_check_policy() sets the function to check the policies
+of all the certificates in the final chain..
+This function must return 0 on failure and 1 on success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
+functions to look up all the certs or all the CRLs that match the
+given name B<nm>.
+These functions return NULL on failure and a pointer to a stack of
+certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
+success.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_set_cleanup() sets the final cleanup function, which is
+called when the context (B<X509_STORE_CTX>) is being torn down.
+This function doesn't return any value.
+I<If no function to get the issuer is provided, the internal default
+function will be used instead.>
+
+X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
+X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
+X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
+X509_STORE_get_check_crl(), X509_STORE_set_verify(),
+X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
+X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
+X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
+the function pointer assigned with X509_STORE_set_check_issued(),
+X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
+X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
+X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
+X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
+no assignment has been made.
+
+X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
+X509_STORE_set_lookup_crls_cb() are aliases for
+X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
+X509_STORE_set_lookup_crls, available as macros for backward
+compatibility.
+
+=head1 NOTES
+
+All the callbacks from a B<X509_STORE> are inherited by the
+corresponding B<X509_STORE_CTX> structure when it is initialized.
+See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
+
+=head1 BUGS
+
+The macro version of this function was the only one available before
+OpenSSL 1.0.0.
+
+=head1 RETURN VALUES
+
+The X509_STORE_set_*() functions do not return a value.
+
+The X509_STORE_get_*() functions return a pointer of the appropriate
+function type.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
+L<X509_STORE_CTX_verify_cb(3)>, L<X509_STORE_CTX_verify_fn(3)>,
+L<CMS_verify(3)>
+
+=head1 HISTORY
+
+X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
+
+X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
+X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
+X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
+X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
+X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
+X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
+X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
+X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
+X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
+X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
+X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
+X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in
+OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
new file mode 100644
index 0000000..5263fac
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -0,0 +1,359 @@
+=pod
+
+=head1 NAME
+
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
+X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,
+X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,
+X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
+X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
+X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
+X509_VERIFY_PARAM_get_time,
+X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
+X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
+X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
+X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip,
+X509_VERIFY_PARAM_set1_ip_asc
+- X509 verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                 unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                   unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+
+ int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                     uint32_t flags);
+ uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+
+ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                        ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                        STACK_OF(ASN1_OBJECT) *policies);
+
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
+                                        int auth_level);
+ int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+
+ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                      unsigned int flags);
+ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                               const unsigned char *ip, size_t iplen);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
+
+=head1 DESCRIPTION
+
+These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
+a certificate verification operation.
+
+The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
+it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
+description of values the B<flags> parameter can take.
+
+X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
+
+X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in B<param>
+which specifies how verification flags are copied from one structure to
+another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags.
+See the B<INHERITANCE FLAGS> section for a description of these bits.
+
+X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
+
+X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
+to B<purpose>. This determines the acceptable purpose of the certificate
+chain, for example SSL client or SSL server.
+
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
+B<trust>.
+
+X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+B<t>. Normally the current time is used.
+
+X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+by default) and adds B<policy> to the acceptable policy set.
+
+X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+by default) and sets the acceptable policy set to B<policies>. Any existing
+policy set is cleared. The B<policies> parameter can be B<NULL> to clear
+an existing policy set.
+
+X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
+That is the maximum number of intermediate CA certificates that can appear in a
+chain.
+A maximal depth chain contains 2 more certificates than the limit, since
+neither the end-entity certificate nor the trust-anchor count against this
+limit.
+Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
+directly by the trust-anchor, while with a B<depth> limit of 1 there can be one
+intermediate CA certificate between the trust-anchor and the end-entity
+certificate.
+
+X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to
+B<auth_level>.
+The authentication security level determines the acceptable signature and public
+key strength when verifying certificate chains.
+For a certificate chain to validate, the public keys of all the certificates
+must meet the specified security level.
+The signature algorithm security level is not enforced for the chain's I<trust
+anchor> certificate, which is either directly trusted or validated by means other
+than its signature.
+See L<SSL_CTX_set_security_level(3)> for the definitions of the available
+levels.
+The default security level is -1, or "not set".
+At security level 0 or lower all algorithms are acceptable.
+Security level 1 requires at least 80-bit-equivalent security and is broadly
+interoperable, though it will, for example, reject MD5 signatures or RSA keys
+shorter than 1024 bits.
+
+X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to
+B<name> clearing any previously specified host name or names.  If
+B<name> is NULL, or empty the list of hostnames is cleared, and
+name checks are not performed on the peer certificate.  If B<name>
+is NUL-terminated, B<namelen> may be zero, otherwise B<namelen>
+must be set to the length of B<name>.  When a hostname is specified,
+certificate verification automatically invokes L<X509_check_host(3)>
+with flags equal to the B<flags> argument given to
+X509_VERIFY_PARAM_set_hostflags() (default zero).  Applications
+are strongly advised to use this interface in preference to explicitly
+calling L<X509_check_host(3)>, hostname checks are out of scope
+with the DANE-EE(3) certificate usage, and the internal check will
+be suppressed as appropriate when DANE support is added to OpenSSL.
+
+X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference
+identifier that can match the peer's certificate.  Any previous names
+set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host()
+are retained, no change is made if B<name> is NULL or empty.  When
+multiple names are configured, the peer is considered verified when
+any name matches.
+
+X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject
+CommonName from the peer certificate that matched one of the reference
+identifiers.  When wildcard matching is not disabled, or when a
+reference identifier specifies a parent domain (starts with ".")
+rather than a hostname, the peer name may be a wildcard name or a
+sub-domain of the reference identifier respectively.  The return
+string is allocated by the library and is no longer valid once the
+associated B<param> argument is freed.  Applications must not free
+the return value.
+
+X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to
+B<email>.  If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise
+B<emaillen> must be set to the length of B<email>.  When an email address
+is specified, certificate verification automatically invokes
+L<X509_check_email(3)>.
+
+X509_VERIFY_PARAM_set1_ip() sets the expected IP address to B<ip>.
+The B<ip> argument is in binary format, in network byte-order and
+B<iplen> must be set to 4 for IPv4 and 16 for IPv6.  When an IP
+address is specified, certificate verification automatically invokes
+L<X509_check_ip(3)>.
+
+X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to
+B<ipasc>.  The B<ipasc> argument is a NUL-terminal ASCII string:
+dotted decimal quad for IPv4 and colon-separated hexadecimal for
+IPv6.  The condensed "::" notation is supported for IPv6 addresses.
+
+=head1 RETURN VALUES
+
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),
+X509_VERIFY_PARAM_set_inh_flags(),
+X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
+X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(),
+X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(),
+X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and
+X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for
+failure.
+
+X509_VERIFY_PARAM_get_flags() returns the current verification flags.
+
+X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.
+
+X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
+values.
+
+X509_VERIFY_PARAM_get_depth() returns the current verification depth.
+
+X509_VERIFY_PARAM_get_auth_level() returns the current authentication security
+level.
+
+=head1 VERIFICATION FLAGS
+
+The verification flags consists of zero or more of the following flags
+ored together.
+
+B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
+certificate. An error occurs if a suitable CRL cannot be found.
+
+B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
+chain.
+
+B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs results
+in a fatal error. If this flag is set unhandled critical extensions are
+ignored. B<WARNING> setting this option for anything other than debugging
+purposes can be a security risk. Finer control over which extensions are
+supported can be performed in the verification callback.
+
+The B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken
+certificates and makes the verification strictly apply B<X509> rules.
+
+B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
+
+B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
+no policy checking is performed. Additional information is sent to the
+verification callback relating to policy checking.
+
+B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
+B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any
+policy> and B<inhibit policy mapping> flags respectively as defined in
+B<RFC3280>. Policy checking is automatically enabled if any of these flags
+are set.
+
+If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful
+a special status code is set to the verification callback. This permits it
+to examine the valid policy tree and perform additional checks or simply
+log it for debugging purposes.
+
+By default some additional features such as indirect CRLs and CRLs signed by
+different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
+they are enabled.
+
+If B<X509_V_FLAG_USE_DELTAS> is set delta CRLs (if present) are used to
+determine certificate status. If not set deltas are ignored.
+
+B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed
+certificate signature. By default this check is disabled because it doesn't
+add any additional security but in some cases applications might want to
+check the signature anyway. A side effect of not checking the root CA
+signature is that disabled or unsupported message digests on the root CA
+are not treated as fatal errors.
+
+When B<X509_V_FLAG_TRUSTED_FIRST> is set, construction of the certificate chain
+in L<X509_verify_cert(3)> will search the trust store for issuer certificates
+before searching the provided untrusted certificates.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important when some certificates in the trust store have
+explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
+As of OpenSSL 1.1.0 this option is on by default.
+
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
+chains.
+By default, unless B<X509_V_FLAG_TRUSTED_FIRST> is set, when building a
+certificate chain, if the first certificate chain found is not trusted, then
+OpenSSL will attempt to replace untrusted certificates supplied by the peer
+with certificates from the trust store to see if an alternative chain can be
+found that is trusted.
+As of OpenSSL 1.1.0, with B<X509_V_FLAG_TRUSTED_FIRST> always set, this option
+has no effect.
+
+The B<X509_V_FLAG_PARTIAL_CHAIN> flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root CA certificates.
+This makes it possible to trust certificates issued by an intermediate CA
+without having to trust its ancestor root CA.
+With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain
+construction stops as soon as the first certificate from the trust store is
+added to the chain, whether that certificate is a self-signed "root"
+certificate or a not self-signed intermediate certificate.
+Thus, when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may be shorter than it otherwise would
+be without the B<X509_V_FLAG_PARTIAL_CHAIN> flag.
+
+The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
+of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
+is used to specify a verification time, the check is not suppressed.
+
+=head1 INHERITANCE FLAGS
+
+These flags specify how parameters are "inherited" from one structure to
+another.
+
+If B<X509_VP_FLAG_ONCE> is set then the current setting is zeroed
+after the next call.
+
+If B<X509_VP_FLAG_LOCKED> is set then no values are copied.  This overrides
+all of the following flags.
+
+If B<X509_VP_FLAG_DEFAULT> is set then anything set in the source is copied
+to the destination. Effectively the values in "to" become default values
+which will be used only if nothing new is set in "from".  This is the
+default.
+
+If B<X509_VP_FLAG_OVERWRITE> is set then all value are copied across whether
+they are set or not. Flags is still Ored though.
+
+If B<X509_VP_FLAG_RESET_FLAGS> is set then the flags value is copied instead
+of ORed.
+
+=head1 NOTES
+
+The above functions should be used to manipulate verification parameters
+instead of legacy functions which work in specific structures such as
+X509_STORE_CTX_set_flags().
+
+=head1 BUGS
+
+Delta CRL checking is currently primitive. Only a single delta can be used and
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not
+maintained.
+
+If CRLs checking is enable CRLs are expected to be available in the
+corresponding B<X509_STORE> structure. No attempt is made to download
+CRLs from the CRL distribution points extension.
+
+=head1 EXAMPLE
+
+Enable CRL checking when performing certificate verification during SSL
+connections associated with an B<SSL_CTX> structure B<ctx>:
+
+  X509_VERIFY_PARAM *param;
+  param = X509_VERIFY_PARAM_new();
+  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+  SSL_CTX_set1_param(ctx, param);
+  X509_VERIFY_PARAM_free(param);
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)>,
+L<X509_check_host(3)>,
+L<X509_check_email(3)>,
+L<X509_check_ip(3)>,
+L<x509(1)>
+
+=head1 HISTORY
+
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0
+The legacy B<X509_V_FLAG_CB_ISSUER_CHECK> flag is deprecated as of
+OpenSSL 1.1.0, and has no effect.
+
+=head1 COPYRIGHT
+
+Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_check_ca.pod b/openssl-1.1.0h/doc/crypto/X509_check_ca.pod
new file mode 100644
index 0000000..b79efb5
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_check_ca.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+X509_check_ca - check if given certificate is CA certificate
+
+=head1 SYNOPSIS
+
+   #include <openssl/x509v3.h>
+
+   int X509_check_ca(X509 *cert);
+
+=head1 DESCRIPTION
+
+This function checks if given certificate is CA certificate (can be used
+to sign other certificates).
+
+=head1 RETURN VALUE
+
+Function return 0, if it is not CA certificate, 1 if it is proper X509v3
+CA certificate with B<basicConstraints> extension CA:TRUE,
+3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
+B<keyUsage> extension with bit B<keyCertSign> set, but without
+B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
+extension telling that it is CA certificate.
+
+Actually, any non-zero value means that this certificate could have been
+used to sign other certificates.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)>,
+L<X509_check_issued(3)>,
+L<X509_check_purpose(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_check_host.pod b/openssl-1.1.0h/doc/crypto/X509_check_host.pod
new file mode 100644
index 0000000..9384815
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_check_host.pod
@@ -0,0 +1,157 @@
+=pod
+
+=head1 NAME
+
+X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_check_host(X509 *, const char *name, size_t namelen,
+                     unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+                      unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                   unsigned int flags);
+ int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
+
+=head1 DESCRIPTION
+
+The certificate matching functions are used to check whether a
+certificate matches a given host name, email address, or IP address.
+The validity of the certificate and its trust level has to be checked by
+other means.
+
+X509_check_host() checks if the certificate Subject Alternative
+Name (SAN) or Subject CommonName (CN) matches the specified host
+name, which must be encoded in the preferred name syntax described
+in section 3.5 of RFC 1034.  By default, wildcards are supported
+and they match  only in the left-most label; but they may match
+part of that label with an explicit prefix or suffix.  For example,
+by default, the host B<name> "www.example.com" would match a
+certificate with a SAN or CN value of "*.example.com", "w*.example.com"
+or "*w.example.com".
+
+Per section 6.4.2 of RFC 6125, B<name> values representing international
+domain names must be given in A-label form.  The B<namelen> argument
+must be the number of characters in the name string or zero in which
+case the length is calculated with strlen(B<name>).  When B<name> starts
+with a dot (e.g ".example.com"), it will be matched by a certificate
+valid for any sub-domain of B<name>, (see also
+B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS> below).
+
+When the certificate is matched, and B<peername> is not NULL, a
+pointer to a copy of the matching SAN or CN from the peer certificate
+is stored at the address passed in B<peername>.  The application
+is responsible for freeing the peername via OPENSSL_free() when it
+is no longer needed.
+
+X509_check_email() checks if the certificate matches the specified
+email B<address>.  Only the mailbox syntax of RFC 822 is supported,
+comments are not allowed, and no attempt is made to normalize quoted
+characters.  The B<addresslen> argument must be the number of
+characters in the address string or zero in which case the length
+is calculated with strlen(B<address>).
+
+X509_check_ip() checks if the certificate matches a specified IPv4 or
+IPv6 address.  The B<address> array is in binary format, in network
+byte order.  The length is either 4 (IPv4) or 16 (IPv6).  Only
+explicitly marked addresses in the certificates are considered; IP
+addresses stored in DNS names and Common Names are ignored.
+
+X509_check_ip_asc() is similar, except that the NUL-terminated
+string B<address> is first converted to the internal representation.
+
+The B<flags> argument is usually 0.  It can be the bitwise OR of the
+flags:
+
+=over 4
+
+=item B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT>,
+
+=item B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>,
+
+=item B<X509_CHECK_FLAG_NO_WILDCARDS>,
+
+=item B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS>,
+
+=item B<X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS>.
+
+=item B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS>.
+
+=back
+
+The B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> flag causes the function
+to consider the subject DN even if the certificate contains at least
+one subject alternative name of the right type (DNS name or email
+address as appropriate); the default is to ignore the subject DN
+when at least one corresponding subject alternative names is present.
+
+The B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> flag causes the function to never
+consider the subject DN even if the certificate contains no subject alternative
+names of the right type (DNS name or email address as appropriate); the default
+is to use the subject DN when no corresponding subject alternative names are
+present.
+
+If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard
+expansion; this only applies to B<X509_check_host>.
+
+If set, B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS> suppresses support
+for "*" as wildcard pattern in labels that have a prefix or suffix,
+such as: "www*" or "*www"; this only applies to B<X509_check_host>.
+
+If set, B<X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS> allows a "*" that
+constitutes the complete label of a DNS name (e.g. "*.example.com")
+to match more than one label in B<name>; this flag only applies
+to B<X509_check_host>.
+
+If set, B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS> restricts B<name>
+values which start with ".", that would otherwise match any sub-domain
+in the peer certificate, to only match direct child sub-domains.
+Thus, for instance, with this flag set a B<name> of ".example.com"
+would match a peer certificate with a DNS name of "www.example.com",
+but would not match a peer certificate with a DNS name of
+"www.sub.example.com"; this flag only applies to B<X509_check_host>.
+
+=head1 RETURN VALUES
+
+The functions return 1 for a successful match, 0 for a failed match
+and -1 for an internal error: typically a memory allocation failure
+or an ASN.1 decoding error.
+
+All functions can also return -2 if the input is malformed. For example,
+X509_check_host() returns -2 if the provided B<name> contains embedded
+NULs.
+
+=head1 NOTES
+
+Applications are encouraged to use X509_VERIFY_PARAM_set1_host()
+rather than explicitly calling L<X509_check_host(3)>. Host name
+checks are out of scope with the DANE-EE(3) certificate usage,
+and the internal checks will be suppressed as appropriate when
+DANE support is added to OpenSSL.
+
+=head1 SEE ALSO
+
+L<SSL_get_verify_result(3)>,
+L<X509_VERIFY_PARAM_set1_host(3)>,
+L<X509_VERIFY_PARAM_add1_host(3)>,
+L<X509_VERIFY_PARAM_set1_email(3)>,
+L<X509_VERIFY_PARAM_set1_ip(3)>,
+L<X509_VERIFY_PARAM_set1_ipasc(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_check_issued.pod b/openssl-1.1.0h/doc/crypto/X509_check_issued.pod
new file mode 100644
index 0000000..8e4b111
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_check_issued.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+X509_check_issued - checks if certificate is issued by another
+certificate
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
+ int X509_check_issued(X509 *issuer, X509 *subject);
+
+
+=head1 DESCRIPTION
+
+This function checks if certificate I<subject> was issued using CA
+certificate I<issuer>. This function takes into account not only
+matching of issuer field of I<subject> with subject field of I<issuer>,
+but also compares B<authorityKeyIdentifier> extension of I<subject> with
+B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier>
+present in the I<subject> certificate and checks B<keyUsage> field of
+I<issuer>.
+
+=head1 RETURN VALUE
+
+Function return B<X509_V_OK> if certificate I<subject> is issued by
+I<issuer> or some B<X509_V_ERR*> constant to indicate an error.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)>,
+L<X509_check_ca(3)>,
+L<verify(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_digest.pod b/openssl-1.1.0h/doc/crypto/X509_digest.pod
new file mode 100644
index 0000000..3c76c8f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_digest.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+X509_digest, X509_CRL_digest,
+X509_pubkey_digest,
+X509_NAME_digest,
+X509_REQ_digest,
+PKCS7_ISSUER_AND_SERIAL_digest
+- get digest of various objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
+
+ int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
+
+ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                        unsigned char *md, unsigned int *len);
+
+ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                      unsigned char *md, unsigned int *len);
+
+ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                    const EVP_MD *type, unsigned char *md,
+                                    unsigned int *len);
+
+=head1 DESCRIPTION
+
+X509_pubkey_digest() returns a digest of the DER representation of the public
+key in the specified X509 B<data> object.
+All other functions described here return a digest of the DER representation
+of their entire B<data> objects.
+
+The B<type> parameter specifies the digest to
+be used, such as EVP_sha1(). The B<md> is a pointer to the buffer where the
+digest will be copied and is assumed to be large enough; the constant
+B<EVP_MAX_MD_SIZE> is suggested. The B<len> parameter, if not NULL, points
+to a place where the digest size will be stored.
+
+=head1 RETURN VALUES
+
+All functions described here return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_sha1(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_dup.pod b/openssl-1.1.0h/doc/crypto/X509_dup.pod
new file mode 100644
index 0000000..c5d01b2
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_dup.pod
@@ -0,0 +1,303 @@
+=pod
+
+=head1 NAME
+
+DECLARE_ASN1_FUNCTIONS,
+IMPLEMENT_ASN1_FUNCTIONS,
+ASN1_ITEM,
+ACCESS_DESCRIPTION_free,
+ACCESS_DESCRIPTION_new,
+ASIdOrRange_free,
+ASIdOrRange_new,
+ASIdentifierChoice_free,
+ASIdentifierChoice_new,
+ASIdentifiers_free,
+ASIdentifiers_new,
+ASRange_free,
+ASRange_new,
+AUTHORITY_INFO_ACCESS_free,
+AUTHORITY_INFO_ACCESS_new,
+AUTHORITY_KEYID_free,
+AUTHORITY_KEYID_new,
+BASIC_CONSTRAINTS_free,
+BASIC_CONSTRAINTS_new,
+CERTIFICATEPOLICIES_free,
+CERTIFICATEPOLICIES_new,
+CMS_ContentInfo_free,
+CMS_ContentInfo_new,
+CMS_ContentInfo_print_ctx,
+CMS_ReceiptRequest_free,
+CMS_ReceiptRequest_new,
+CRL_DIST_POINTS_free,
+CRL_DIST_POINTS_new,
+DIRECTORYSTRING_free,
+DIRECTORYSTRING_new,
+DISPLAYTEXT_free,
+DISPLAYTEXT_new,
+DIST_POINT_NAME_free,
+DIST_POINT_NAME_new,
+DIST_POINT_free,
+DIST_POINT_new,
+DSAparams_dup,
+ECPARAMETERS_free,
+ECPARAMETERS_new,
+ECPKPARAMETERS_free,
+ECPKPARAMETERS_new,
+EDIPARTYNAME_free,
+EDIPARTYNAME_new,
+ESS_CERT_ID_dup,
+ESS_CERT_ID_free,
+ESS_CERT_ID_new,
+ESS_ISSUER_SERIAL_dup,
+ESS_ISSUER_SERIAL_free,
+ESS_ISSUER_SERIAL_new,
+ESS_SIGNING_CERT_dup,
+ESS_SIGNING_CERT_free,
+ESS_SIGNING_CERT_new,
+EXTENDED_KEY_USAGE_free,
+EXTENDED_KEY_USAGE_new,
+GENERAL_NAMES_free,
+GENERAL_NAMES_new,
+GENERAL_NAME_dup,
+GENERAL_NAME_free,
+GENERAL_NAME_new,
+GENERAL_SUBTREE_free,
+GENERAL_SUBTREE_new,
+IPAddressChoice_free,
+IPAddressChoice_new,
+IPAddressFamily_free,
+IPAddressFamily_new,
+IPAddressOrRange_free,
+IPAddressOrRange_new,
+IPAddressRange_free,
+IPAddressRange_new,
+ISSUING_DIST_POINT_free,
+ISSUING_DIST_POINT_new,
+NAME_CONSTRAINTS_free,
+NAME_CONSTRAINTS_new,
+NETSCAPE_CERT_SEQUENCE_free,
+NETSCAPE_CERT_SEQUENCE_new,
+NETSCAPE_SPKAC_free,
+NETSCAPE_SPKAC_new,
+NETSCAPE_SPKI_free,
+NETSCAPE_SPKI_new,
+NOTICEREF_free,
+NOTICEREF_new,
+OCSP_BASICRESP_free,
+OCSP_BASICRESP_new,
+OCSP_CERTID_dup,
+OCSP_CERTID_new,
+OCSP_CERTSTATUS_free,
+OCSP_CERTSTATUS_new,
+OCSP_CRLID_free,
+OCSP_CRLID_new,
+OCSP_ONEREQ_free,
+OCSP_ONEREQ_new,
+OCSP_REQINFO_free,
+OCSP_REQINFO_new,
+OCSP_RESPBYTES_free,
+OCSP_RESPBYTES_new,
+OCSP_RESPDATA_free,
+OCSP_RESPDATA_new,
+OCSP_RESPID_free,
+OCSP_RESPID_new,
+OCSP_RESPONSE_new,
+OCSP_REVOKEDINFO_free,
+OCSP_REVOKEDINFO_new,
+OCSP_SERVICELOC_free,
+OCSP_SERVICELOC_new,
+OCSP_SIGNATURE_free,
+OCSP_SIGNATURE_new,
+OCSP_SINGLERESP_free,
+OCSP_SINGLERESP_new,
+OTHERNAME_free,
+OTHERNAME_new,
+PBE2PARAM_free,
+PBE2PARAM_new,
+PBEPARAM_free,
+PBEPARAM_new,
+PBKDF2PARAM_free,
+PBKDF2PARAM_new,
+PKCS12_BAGS_free,
+PKCS12_BAGS_new,
+PKCS12_MAC_DATA_free,
+PKCS12_MAC_DATA_new,
+PKCS12_SAFEBAG_free,
+PKCS12_SAFEBAG_new,
+PKCS12_free,
+PKCS12_new,
+PKCS7_DIGEST_free,
+PKCS7_DIGEST_new,
+PKCS7_ENCRYPT_free,
+PKCS7_ENCRYPT_new,
+PKCS7_ENC_CONTENT_free,
+PKCS7_ENC_CONTENT_new,
+PKCS7_ENVELOPE_free,
+PKCS7_ENVELOPE_new,
+PKCS7_ISSUER_AND_SERIAL_free,
+PKCS7_ISSUER_AND_SERIAL_new,
+PKCS7_RECIP_INFO_free,
+PKCS7_RECIP_INFO_new,
+PKCS7_SIGNED_free,
+PKCS7_SIGNED_new,
+PKCS7_SIGNER_INFO_free,
+PKCS7_SIGNER_INFO_new,
+PKCS7_SIGN_ENVELOPE_free,
+PKCS7_SIGN_ENVELOPE_new,
+PKCS7_dup,
+PKCS7_free,
+PKCS7_new,
+PKCS7_print_ctx,
+PKCS8_PRIV_KEY_INFO_free,
+PKCS8_PRIV_KEY_INFO_new,
+PKEY_USAGE_PERIOD_free,
+PKEY_USAGE_PERIOD_new,
+POLICYINFO_free,
+POLICYINFO_new,
+POLICYQUALINFO_free,
+POLICYQUALINFO_new,
+POLICY_CONSTRAINTS_free,
+POLICY_CONSTRAINTS_new,
+POLICY_MAPPING_free,
+POLICY_MAPPING_new,
+PROXY_CERT_INFO_EXTENSION_free,
+PROXY_CERT_INFO_EXTENSION_new,
+PROXY_POLICY_free,
+PROXY_POLICY_new,
+RSAPrivateKey_dup,
+RSAPublicKey_dup,
+RSA_OAEP_PARAMS_free,
+RSA_OAEP_PARAMS_new,
+RSA_PSS_PARAMS_free,
+RSA_PSS_PARAMS_new,
+SCT_LIST_free,
+SXNETID_free,
+SXNETID_new,
+SXNET_free,
+SXNET_new,
+TLS_FEATURE_free,
+TLS_FEATURE_new,
+TS_ACCURACY_dup,
+TS_ACCURACY_free,
+TS_ACCURACY_new,
+TS_MSG_IMPRINT_dup,
+TS_MSG_IMPRINT_free,
+TS_MSG_IMPRINT_new,
+TS_REQ_dup,
+TS_REQ_free,
+TS_REQ_new,
+TS_RESP_dup,
+TS_RESP_free,
+TS_RESP_new,
+TS_STATUS_INFO_dup,
+TS_STATUS_INFO_free,
+TS_STATUS_INFO_new,
+TS_TST_INFO_dup,
+TS_TST_INFO_free,
+TS_TST_INFO_new,
+USERNOTICE_free,
+USERNOTICE_new,
+X509_ALGOR_free,
+X509_ALGOR_new,
+X509_ATTRIBUTE_dup,
+X509_ATTRIBUTE_free,
+X509_ATTRIBUTE_new,
+X509_CERT_AUX_free,
+X509_CERT_AUX_new,
+X509_CINF_free,
+X509_CINF_new,
+X509_CRL_INFO_free,
+X509_CRL_INFO_new,
+X509_CRL_dup,
+X509_CRL_free,
+X509_CRL_new,
+X509_EXTENSION_dup,
+X509_EXTENSION_free,
+X509_EXTENSION_new,
+X509_NAME_ENTRY_dup,
+X509_NAME_ENTRY_free,
+X509_NAME_ENTRY_new,
+X509_NAME_dup,
+X509_NAME_free,
+X509_NAME_new,
+X509_REQ_INFO_free,
+X509_REQ_INFO_new,
+X509_REQ_dup,
+X509_REQ_free,
+X509_REQ_new,
+X509_REVOKED_dup,
+X509_REVOKED_free,
+X509_REVOKED_new,
+X509_SIG_free,
+X509_SIG_new,
+X509_VAL_free,
+X509_VAL_new,
+X509_dup,
+- ASN1 object utilities
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1t.h>
+
+ DECLARE_ASN1_FUNCTIONS(type)
+ IMPLEMENT_ASN1_FUNCTIONS(stname)
+
+ typedef struct ASN1_ITEM_st ASN1_ITEM;
+
+ extern const ASN1_ITEM TYPE_it;
+ TYPE *TYPE_new(void);
+ TYPE *TYPE_dup(TYPE *a);
+ void TYPE_free(TYPE *a);
+ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
+
+=head1 DESCRIPTION
+
+In the description below, I<TYPE> is used
+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
+
+The OpenSSL ASN1 parsing library templates are like a data-driven bytecode
+interpreter.
+Every ASN1 object as a global variable, TYPE_it, that describes the item
+such as its fields.  (On systems which cannot export variables from shared
+libraries, the global is instead a function which returns a pointer to a
+static variable.
+
+The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files
+to generate the function declarations.
+
+The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file
+to generate the function bodies.
+
+
+TYPE_new() allocates an empty object of the indicated type.
+The object returned must be released by calling TYPE_free().
+
+TYPE_dup() copies an existing object.
+
+TYPE_free() releases the object and all pointers and sub-objects
+within it.
+
+TYPE_print_ctx() prints the object B<a> on the specified BIO B<out>.
+Each line will be prefixed with B<indent> spaces.
+The B<pctx> specifies the printing context and is for internal
+use; use NULL to get the default behavior.  If a print function is
+user-defined, then pass in any B<pctx> down to any nested calls.
+
+=head1 RETURN VALUES
+
+TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.
+
+TYPE_print_ctx() returns 1 on success or zero on failure.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get0_notBefore.pod b/openssl-1.1.0h/doc/crypto/X509_get0_notBefore.pod
new file mode 100644
index 0000000..0427d41
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get0_notBefore.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter,
+X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter,
+X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
+X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+ const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+
+ ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ ASN1_TIME *X509_getm_notAfter(const X509 *x);
+
+ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+
+ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+
+ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+
+=head1 DESCRIPTION
+
+X509_get0_notBefore() and X509_get0_notAfter() return the B<notBefore>
+and B<notAfter> fields of certificate B<x> respectively. The value
+returned is an internal pointer which must not be freed up after
+the call.
+
+X509_getm_notBefore() and X509_getm_notAfter() are similar to
+X509_get0_notBefore() and X509_get0_notAfter() except they return
+non-constant mutable references to the associated date field of
+the certificate.
+
+X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
+and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
+parameter B<tm> is not transferred by these functions so it must
+be freed up after the call.
+
+X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the
+B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value
+returned is an internal pointer which must not be freed up after
+the call. If the B<nextUpdate> field is absent from B<crl> then
+B<NULL> is returned.
+
+X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the B<lastUpdate>
+and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter
+B<tm> is not transferred by these functions so it must be freed up after the
+call.
+
+=head1 RETURN VALUES
+
+X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate()
+return a pointer to an B<ASN1_TIME> structure.
+
+X509_CRL_get0_lastUpdate() return a pointer to an B<ASN1_TIME> structure
+or NULL if the B<lastUpdate> field is absent.
+
+X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and
+X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 HISTORY
+
+These functions are available in all versions of OpenSSL.
+
+X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL
+1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get0_signature.pod b/openssl-1.1.0h/doc/crypto/X509_get0_signature.pod
new file mode 100644
index 0000000..61a2dda
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get0_signature.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
+X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
+X509_CRL_get_signature_nid - signature information
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                          const X509_ALGOR **palg,
+                          const X509 *x);
+ int X509_get_signature_nid(const X509 *x);
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+ void X509_REQ_get0_signature(const X509_REQ *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_REQ_get_signature_nid(const X509_REQ *crl);
+
+ void X509_CRL_get0_signature(const X509_CRL *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_CRL_get_signature_nid(const X509_CRL *crl);
+
+=head1 DESCRIPTION
+
+X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
+to the signature algorithm of B<x>. The values returned are internal
+pointers which B<MUST NOT> be freed up after the call.
+
+X509_get0_tbs_sigalg() returns the signature algorithm in the signed
+portion of B<x>.
+
+X509_get_signature_nid() returns the NID corresponding to the signature
+algorithm of B<x>.
+
+X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
+X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
+same function for certificate requests and CRLs.
+
+=head1 NOTES
+
+These functions provide lower level access to signatures in certificates
+where an application wishes to analyse or generate a signature in a form
+where X509_sign() et al is not appropriate (for example a non standard
+or unsupported format).
+
+=head1 RETURN VALUES
+
+X509_get_signature_nid(), X509_REQ_get_signature_nid() and
+X509_CRL_get_signature_nid() return a NID.
+
+X509_get0_signature(), X509_REQ_get0_signature() and
+X509_CRL_get0_signature() do not return values.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 HISTORY
+
+X509_get0_signature() and X509_get_signature_nid() were first added to
+OpenSSL 1.0.2.
+
+X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
+X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added
+to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get0_uids.pod b/openssl-1.1.0h/doc/crypto/X509_get0_uids.pod
new file mode 100644
index 0000000..4eab26e
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get0_uids.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+X509_get0_uids - get certificate unique identifiers
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                     const ASN1_BIT_STRING **psuid);
+
+=head1 DESCRIPTION
+
+X509_get0_uids() sets B<*piuid> and B<*psuid> to the issuer and subject unique
+identifiers of certificate B<x> or NULL if the fields are not present.
+
+=head1 NOTES
+
+The issuer and subject unique identifier fields are very rarely encountered in
+practice outside test cases.
+
+=head1 RETURN VALUES
+
+X509_get0_uids() does not return a value.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get_extension_flags.pod b/openssl-1.1.0h/doc/crypto/X509_get_extension_flags.pod
new file mode 100644
index 0000000..c07ef97
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get_extension_flags.pod
@@ -0,0 +1,181 @@
+=pod
+
+=head1 NAME
+
+X509_get0_subject_key_id,
+X509_get0_authority_key_id,
+X509_get_pathlen,
+X509_get_extension_flags,
+X509_get_key_usage,
+X509_get_extended_key_usage,
+X509_set_proxy_flag,
+X509_set_proxy_pathlen,
+X509_get_proxy_pathlen - retrieve certificate extension data
+
+=head1 SYNOPSIS
+
+   #include <openssl/x509v3.h>
+
+   long X509_get_pathlen(X509 *x);
+   uint32_t X509_get_extension_flags(X509 *x);
+   uint32_t X509_get_key_usage(X509 *x);
+   uint32_t X509_get_extended_key_usage(X509 *x);
+   const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+   const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+   void X509_set_proxy_flag(X509 *x);
+   void X509_set_proxy_pathlen(int l);
+   long X509_get_proxy_pathlen(X509 *x);
+
+=head1 DESCRIPTION
+
+These functions retrieve information related to commonly used certificate extensions.
+
+X509_get_pathlen() retrieves the path length extension from a certificate.
+This extension is used to limit the length of a cert chain that may be
+issued from that CA.
+
+X509_get_extension_flags() retrieves general information about a certificate,
+it will return one or more of the following flags ored together.
+
+=over 4
+
+=item B<EXFLAG_V1>
+
+The certificate is an obsolete version 1 certificate.
+
+=item B<EXFLAG_BCONS>
+
+The certificate contains a basic constraints extension.
+
+=item B<EXFLAG_CA>
+
+The certificate contains basic constraints and asserts the CA flag.
+
+=item B<EXFLAG_PROXY>
+
+The certificate is a valid proxy certificate.
+
+=item B<EXFLAG_SI>
+
+The certificate is self issued (that is subject and issuer names match).
+
+=item B<EXFLAG_SS>
+
+The subject and issuer names match and extension values imply it is self
+signed.
+
+=item B<EXFLAG_FRESHEST>
+
+The freshest CRL extension is present in the certificate.
+
+=item B<EXFLAG_CRITICAL>
+
+The certificate contains an unhandled critical extension.
+
+=item B<EXFLAG_INVALID>
+
+Some certificate extension values are invalid or inconsistent. The
+certificate should be rejected.
+
+=item B<EXFLAG_KUSAGE>
+
+The certificate contains a key usage extension. The value can be retrieved
+using X509_get_key_usage().
+
+=item B<EXFLAG_XKUSAGE>
+
+The certificate contains an extended key usage extension. The value can be
+retrieved using X509_get_extended_key_usage().
+
+=back
+
+X509_get_key_usage() returns the value of the key usage extension.  If key
+usage is present will return zero or more of the flags:
+B<KU_DIGITAL_SIGNATURE>, B<KU_NON_REPUDIATION>, B<KU_KEY_ENCIPHERMENT>,
+B<KU_DATA_ENCIPHERMENT>, B<KU_KEY_AGREEMENT>, B<KU_KEY_CERT_SIGN>,
+B<KU_CRL_SIGN>, B<KU_ENCIPHER_ONLY> or B<KU_DECIPHER_ONLY> corresponding to
+individual key usage bits. If key usage is absent then B<UINT32_MAX> is
+returned.
+
+X509_get_extended_key_usage() returns the value of the extended key usage
+extension. If extended key usage is present it will return zero or more of the
+flags: B<XKU_SSL_SERVER>, B<XKU_SSL_CLIENT>, B<XKU_SMIME>, B<XKU_CODE_SIGN>
+B<XKU_OCSP_SIGN>, B<XKU_TIMESTAMP>, B<XKU_DVCS> or B<XKU_ANYEKU>. These
+correspond to the OIDs B<id-kp-serverAuth>, B<id-kp-clientAuth>,
+B<id-kp-emailProtection>, B<id-kp-codeSigning>, B<id-kp-OCSPSigning>,
+B<id-kp-timeStamping>, B<id-kp-dvcs> and B<anyExtendedKeyUsage> respectively.
+Additionally B<XKU_SGC> is set if either Netscape or Microsoft SGC OIDs are
+present.
+
+X509_get0_subject_key_id() returns an internal pointer to the subject key
+identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
+is not present or cannot be parsed.
+
+X509_get0_authority_key_id() returns an internal pointer to the authority key
+identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
+is not present or cannot be parsed.
+
+X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
+This is for the users who need to mark non-RFC3820 proxy certificates as
+such, as OpenSSL only detects RFC3820 compliant ones.
+
+X509_set_proxy_pathlen() sets the proxy certificate path length for the given
+certificate B<x>.  This is for the users who need to mark non-RFC3820 proxy
+certificates as such, as OpenSSL only detects RFC3820 compliant ones.
+
+X509_get_proxy_pathlen() returns the proxy certificate path length for the
+given certificate B<x> if it is a proxy certificate.
+
+=head1 NOTES
+
+The value of the flags correspond to extension values which are cached
+in the B<X509> structure. If the flags returned do not provide sufficient
+information an application should examine extension values directly
+for example using X509_get_ext_d2i().
+
+If the key usage or extended key usage extension is absent then typically usage
+is unrestricted. For this reason X509_get_key_usage() and
+X509_get_extended_key_usage() return B<UINT32_MAX> when the corresponding
+extension is absent. Applications can additionally check the return value of
+X509_get_extension_flags() and take appropriate action is an extension is
+absent.
+
+If X509_get0_subject_key_id() returns B<NULL> then the extension may be
+absent or malformed. Applications can determine the precise reason using
+X509_get_ext_d2i().
+
+=head1 RETURN VALUE
+
+X509_get_pathlen() returns the path length value, or -1 if the extension
+is not present.
+
+X509_get_extension_flags(), X509_get_key_usage() and
+X509_get_extended_key_usage() return sets of flags corresponding to the
+certificate extension values.
+
+X509_get0_subject_key_id() returns the subject key identifier as a
+pointer to an B<ASN1_OCTET_STRING> structure or B<NULL> if the extension
+is absent or an error occurred during parsing.
+
+X509_get_proxy_pathlen() returns the path length value if the given
+certificate is a proxy one and has a path length set, and -1 otherwise.
+
+=head1 SEE ALSO
+
+L<X509_check_purpose(3)>
+
+=head1 HISTORY
+
+X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and
+X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get_pubkey.pod b/openssl-1.1.0h/doc/crypto/X509_get_pubkey.pod
new file mode 100644
index 0000000..2b9a956
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get_pubkey.pod
@@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY,
+X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey,
+X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request
+public key
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ EVP_PKEY *X509_get_pubkey(X509 *x);
+ EVP_PKEY *X509_get0_pubkey(const X509 *x);
+ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
+
+ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+ EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x);
+
+=head1 DESCRIPTION
+
+X509_get_pubkey() attempts to decode the public key for certificate B<x>. If
+successful it returns the public key as an B<EVP_PKEY> pointer with its
+reference count incremented: this means the returned key must be freed up
+after use. X509_get0_pubkey() is similar except it does B<not> increment
+the reference count of the returned B<EVP_PKEY> so it must not be freed up
+after use.
+
+X509_get_X509_PUBKEY() returns an internal pointer to the B<X509_PUBKEY>
+structure which encodes the certificate of B<x>. The returned value
+must not be freed up after use.
+
+X509_set_pubkey() attempts to set the public key for certificate B<x> to
+B<pkey>. The key B<pkey> should be freed up after use.
+
+X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and
+X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request B<req>.
+
+=head1 NOTES
+
+The first time a public key is decoded the B<EVP_PKEY> structure is
+cached in the certificate or certificate request itself. Subsequent calls
+return the cached structure with its reference count incremented to
+improve performance.
+
+=head1 RETURN VALUES
+
+X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(),
+X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or
+B<NULL> if an error occurred.
+
+X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0
+for failure.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get_serialNumber.pod b/openssl-1.1.0h/doc/crypto/X509_get_serialNumber.pod
new file mode 100644
index 0000000..2e81c62
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get_serialNumber.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+X509_get_serialNumber,
+X509_get0_serialNumber,
+X509_set_serialNumber
+- get or set certificate serial number
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+
+=head1 DESCRIPTION
+
+X509_get_serialNumber() returns the serial number of certificate B<x> as an
+B<ASN1_INTEGER> structure which can be examined or initialised. The value
+returned is an internal pointer which B<MUST NOT> be freed up after the call.
+
+X509_get0_serialNumber() is the same as X509_get_serialNumber() except it
+accepts a const parameter and returns a const result.
+
+X509_set_serialNumber() sets the serial number of certificate B<x> to
+B<serial>. A copy of the serial number is used internally so B<serial> should
+be freed up after use.
+
+=head1 RETURN VALUES
+
+X509_get_serialNumber() and X509_get0_serialNumber() return an B<ASN1_INTEGER>
+structure.
+
+X509_set_serialNumber() returns 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 HISTORY
+
+X509_get_serialNumber() and X509_set_serialNumber() are available in
+all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get_subject_name.pod b/openssl-1.1.0h/doc/crypto/X509_get_subject_name.pod
new file mode 100644
index 0000000..ce36bbf
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get_subject_name.pod
@@ -0,0 +1,86 @@
+=pod
+
+=head1 NAME
+
+X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name,
+X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name,
+X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or
+subject names
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_NAME *X509_get_subject_name(const X509 *x);
+ int X509_set_subject_name(X509 *x, X509_NAME *name);
+
+ X509_NAME *X509_get_issuer_name(const X509 *x);
+ int X509_set_issuer_name(X509 *x, X509_NAME *name);
+
+ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+
+ X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+
+=head1 DESCRIPTION
+
+X509_get_subject_name() returns the subject name of certificate B<x>. The
+returned value is an internal pointer which B<MUST NOT> be freed.
+
+X509_set_subject_name() sets the issuer name of certificate B<x> to
+B<name>. The B<name> parameter is copied internally and should be freed
+up when it is no longer needed.
+
+X509_get_issuer_name() and X509_set_issuer_name() are identical to
+X509_get_subject_name() and X509_set_subject_name() except the get and
+set the issuer name of B<x>.
+
+Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(),
+ X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
+or issuer names of certificate requests of CRLs respectively.
+
+=head1 RETURN VALUES
+
+X509_get_subject_name(), X509_get_issuer_name(), X509_REQ_get_subject_name()
+and X509_CRL_get_issuer() return an B<X509_NAME> pointer.
+
+X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name()
+and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.
+
+=head1 HISTORY
+
+X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in
+earlier versions.
+
+X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was first added
+to OpenSSL 1.0.0 as a macro.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>, L<d2i_X509(3)>
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_get_version.pod b/openssl-1.1.0h/doc/crypto/X509_get_version.pod
new file mode 100644
index 0000000..c1826ea
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_get_version.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version,
+X509_CRL_get_version, X509_CRL_set_version - get or set certificate,
+certificate request or CRL version
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ long X509_get_version(const X509 *x);
+ int X509_set_version(X509 *x, long version);
+
+ long X509_REQ_get_version(const X509_REQ *req);
+ int X509_REQ_set_version(X509_REQ *x, long version);
+
+ long X509_CRL_get_version(const X509_CRL *crl);
+ int X509_CRL_set_version(X509_CRL *x, long version);
+
+=head1 DESCRIPTION
+
+X509_get_version() returns the numerical value of the version field of
+certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
+less than the certificate version. So a version 3 certificate will return 2 and
+a version 1 certificate will return 0.
+
+X509_set_version() sets the numerical value of the version field of certificate
+B<x> to B<version>.
+
+Similarly X509_REQ_get_version(), X509_REQ_set_version(),
+X509_CRL_get_version() and X509_CRL_set_version() get and set the version
+number of certificate requests and CRLs.
+
+=head1 NOTES
+
+The version field of certificates, certificate requests and CRLs has a
+DEFAULT value of B<v1(0)> meaning the field should be omitted for version
+1. This is handled transparently by these functions.
+
+=head1 RETURN VALUES
+
+X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version()
+return the numerical value of the version field.
+
+X509_set_version(), X509_REQ_set_version() and X509_CRL_set_version()
+return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 HISTORY
+
+X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are
+functions in OpenSSL 1.1.0, in previous versions they were macros.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_new.pod b/openssl-1.1.0h/doc/crypto/X509_new.pod
new file mode 100644
index 0000000..4f53499
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_new.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+X509_chain_up_ref,
+X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509 *X509_new(void);
+ void X509_free(X509 *a);
+ int X509_up_ref(X509 *a);
+ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
+
+=head1 DESCRIPTION
+
+The X509 ASN1 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+
+X509_new() allocates and initializes a X509 structure with reference count
+B<1>.
+
+X509_free() decrements the reference count of B<X509> structure B<a> and
+frees it up if the reference count is zero. If B<a> is NULL nothing is done.
+
+X509_up_ref() increments the reference count of B<a>.
+
+X509_chain_up_ref() increases the reference count of all certificates in
+chain B<x> and returns a copy of the stack.
+
+=head1 NOTES
+
+The function X509_up_ref() if useful if a certificate structure is being
+used by several different operations each of which will free it up after
+use: this avoids the need to duplicate the entire certificate structure.
+
+The function X509_chain_up_ref() doesn't just up the reference count of
+each certificate it also returns a copy of the stack, using sk_X509_dup(),
+but it serves a similar purpose: the returned chain persists after the
+original has been freed.
+
+=head1 RETURN VALUES
+
+If the allocation fails, X509_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+X509_up_ref() returns 1 for success and 0 for failure.
+
+X509_chain_up_ref() returns a copy of the stack or B<NULL> if an error
+occurred.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_sign.pod b/openssl-1.1.0h/doc/crypto/X509_sign.pod
new file mode 100644
index 0000000..994fd43
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_sign.pod
@@ -0,0 +1,99 @@
+=pod
+
+=head1 NAME
+
+X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx,
+X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify -
+sign or verify certificate, certificate request or CRL signature
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+ int X509_verify(X509 *a, EVP_PKEY *r);
+
+ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+
+ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+ int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+
+=head1 DESCRIPTION
+
+X509_sign() signs certificate B<x> using private key B<pkey> and message
+digest B<md> and sets the signature in B<x>. X509_sign_ctx() also signs
+certificate B<x> but uses the parameters contained in digest context B<ctx>.
+
+X509_verify() verifies the signature of certificate B<x> using public key
+B<pkey>. Only the signature is checked: no other checks (such as certificate
+chain validity) are performed.
+
+X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(),
+X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify
+certificate requests and CRLs respectively.
+
+=head1 NOTES
+
+X509_sign_ctx() is used where the default parameters for the corresponding
+public key and digest are not suitable. It can be used to sign keys using
+RSA-PSS for example.
+
+For efficiency reasons and to work around ASN.1 encoding issues the encoding
+of the signed portion of a certificate, certificate request and CRL is cached
+internally. If the signed portion of the structure is modified the encoding
+is not always updated meaning a stale version is sometimes used. This is not
+normally a problem because modifying the signed portion will invalidate the
+signature and signing will always update the encoding.
+
+=head1 RETURN VALUES
+
+X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(),
+X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature
+in bytes for success and zero for failure.
+
+X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the
+signature is valid and 0 if the signature check fails. If the signature
+could not be checked at all because it was invalid or some other error
+occurred then -1 is returned.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 HISTORY
+
+X509_sign(), X509_REQ_sign() and X509_CRL_sign() are available in all
+versions of OpenSSL.
+
+X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added
+to OpenSSL 1.0.1.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509_verify_cert.pod b/openssl-1.1.0h/doc/crypto/X509_verify_cert.pod
new file mode 100644
index 0000000..74acf8d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509_verify_cert.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+X509_verify_cert - discover and verify X509 certificate chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_verify_cert(X509_STORE_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The X509_verify_cert() function attempts to discover and validate a
+certificate chain based on parameters in B<ctx>. A complete description of
+the process is contained in the L<verify(1)> manual page.
+
+=head1 RETURN VALUES
+
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+
+If the function fails additional error information can be obtained by
+examining B<ctx> using, for example X509_STORE_CTX_get_error().
+
+=head1 NOTES
+
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+
+A negative return value from X509_verify_cert() can occur if it is invoked
+incorrectly, such as with no certificate set in B<ctx>, or when it is called
+twice in succession without reinitialising B<ctx> for the second call.
+A negative return value can also happen due to internal resource problems or if
+a retry operation is requested during internal lookups (which never happens
+with standard lookup methods).
+Applications must check for <= 0 return value on error.
+
+=head1 BUGS
+
+This function uses the header B<x509.h> as opposed to most chain verification
+functions which use B<x509_vfy.h>.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/X509v3_get_ext_by_NID.pod b/openssl-1.1.0h/doc/crypto/X509v3_get_ext_by_NID.pod
new file mode 100644
index 0000000..032f71c
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/X509v3_get_ext_by_NID.pod
@@ -0,0 +1,140 @@
+=pod
+
+=head1 NAME
+
+X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID,
+X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext,
+X509v3_add_ext, X509_get_ext_count, X509_get_ext,
+X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical,
+X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext,
+X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical,
+X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count,
+X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ,
+X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext,
+X509_REVOKED_add_ext - extension stack utility functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+
+ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                           int nid, int lastpos);
+ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                           const ASN1_OBJECT *obj, int lastpos);
+ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                                int crit, int lastpos);
+ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                          X509_EXTENSION *ex, int loc);
+
+ int X509_get_ext_count(const X509 *x);
+ X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+ int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+ int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+ X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+
+ int X509_CRL_get_ext_count(const X509_CRL *x);
+ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+
+ int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+ int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+
+=head1 DESCRIPTION
+
+X509v3_get_ext_count() retrieves the number of extensions in B<x>.
+
+X509v3_get_ext() retrieves extension B<loc> from B<x>. The index B<loc>
+can take any value from B<0> to X509_get_ext_count(x) - 1. The returned
+extension is an internal pointer which B<must not> be freed up by the
+application.
+
+X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension
+with B<nid> or B<obj> from extension stack B<x>. The search starts from the
+extension after B<lastpos> or from the beginning if <lastpos> is B<-1>. If
+the extension is found its index is returned otherwise B<-1> is returned.
+
+X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it
+looks for an extension of criticality B<crit>. A zero value for B<crit>
+looks for a non-critical extension a non-zero value looks for a critical
+extension.
+
+X509v3_delete_ext() deletes the extension with index B<loc> from B<x>. The
+deleted extension is returned and must be freed by the caller. If B<loc>
+is in invalid index value B<NULL> is returned.
+
+X509v3_add_ext() adds extension B<ex> to stack B<*x> at position B<loc>. If
+B<loc> is B<-1> the new extension is added to the end. If B<*x> is B<NULL>
+a new stack will be allocated. The passed extension B<ex> is duplicated
+internally so it must be freed after use.
+
+X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(),
+X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext()
+and X509_add_ext() operate on the extensions of certificate B<x> they are
+otherwise identical to the X509v3 functions.
+
+X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(),
+X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(),
+X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of
+CRL B<x> they are otherwise identical to the X509v3 functions.
+
+X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(),
+X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(),
+X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and
+X509_REVOKED_add_ext() operate on the extensions of CRL entry B<x>
+they are otherwise identical to the X509v3 functions.
+
+=head1 NOTES
+
+These functions are used to examine stacks of extensions directly. Many
+applications will want to parse or encode and add an extension: they should
+use the extension encode and decode functions instead such as
+X509_add1_ext_i2d() and X509_get_ext_d2i().
+
+Extension indices start from zero, so a zero index return value is B<not> an
+error. These search functions start from the extension B<after> the B<lastpos>
+parameter so it should initially be set to B<-1>, if it is set to zero the
+initial extension will not be checked.
+
+=head1 RETURN VALUES
+
+X509v3_get_ext_count() returns the extension count.
+
+X509v3_get_ext() and X509v3_delete_ext() return an B<X509_EXTENSION> pointer
+or B<NULL> if an error occurs.
+
+X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and
+X509v3_get_ext_by_critical() return the an extension index or B<-1> if an
+error occurs.
+
+X509v3_add_ext() returns a stack of extensions or B<NULL> on error.
+
+=head1 SEE ALSO
+
+L<X509V3_get_d2i(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/bio.pod b/openssl-1.1.0h/doc/crypto/bio.pod
new file mode 100644
index 0000000..1e1dd02
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/bio.pod
@@ -0,0 +1,90 @@
+=pod
+
+=for comment openssl_manual_section 7
+
+=head1 NAME
+
+bio - Basic I/O abstraction
+
+=for comment generic
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+=head1 DESCRIPTION
+
+A BIO is an I/O abstraction, it hides many of the underlying I/O
+details from an application. If an application uses a BIO for its
+I/O it can transparently handle SSL connections, unencrypted network
+connections and file I/O.
+
+There are two type of BIO, a source/sink BIO and a filter BIO.
+
+As its name implies a source/sink BIO is a source and/or sink of data,
+examples include a socket BIO and a file BIO.
+
+A filter BIO takes data from one BIO and passes it through to
+another, or the application. The data may be left unmodified (for
+example a message digest BIO) or translated (for example an
+encryption BIO). The effect of a filter BIO may change according
+to the I/O operation it is performing: for example an encryption
+BIO will encrypt data if it is being written to and decrypt data
+if it is being read from.
+
+BIOs can be joined together to form a chain (a single BIO is a chain
+with one component). A chain normally consist of one source/sink
+BIO and one or more filter BIOs. Data read from or written to the
+first BIO then traverses the chain to the end (normally a source/sink
+BIO).
+
+
+Some BIOs (such as memory BIOs) can be used immediately after calling
+BIO_new(). Others (such as file BIOs) need some additional initialization,
+and frequently a utility function exists to create and initialize such BIOs.
+
+If BIO_free() is called on a BIO chain it will only free one BIO resulting
+in a memory leak.
+
+Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
+on it other than the discarded return value.
+
+Normally the B<type> argument is supplied by a function which returns a
+pointer to a BIO_METHOD. There is a naming convention for such functions:
+a source/sink BIO is normally called BIO_s_*() and a filter BIO
+BIO_f_*();
+
+=head1 EXAMPLE
+
+Create a memory BIO:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+
+=head1 SEE ALSO
+
+L<BIO_ctrl(3)>,
+L<BIO_f_base64(3)>, L<BIO_f_buffer(3)>,
+L<BIO_f_cipher(3)>, L<BIO_f_md(3)>,
+L<BIO_f_null(3)>, L<BIO_f_ssl(3)>,
+L<BIO_find_type(3)>, L<BIO_new(3)>,
+L<BIO_new_bio_pair(3)>,
+L<BIO_push(3)>, L<BIO_read(3)>,
+L<BIO_s_accept(3)>, L<BIO_s_bio(3)>,
+L<BIO_s_connect(3)>, L<BIO_s_fd(3)>,
+L<BIO_s_file(3)>, L<BIO_s_mem(3)>,
+L<BIO_s_mem(3)>,
+L<BIO_s_null(3)>, L<BIO_s_socket(3)>,
+L<BIO_set_callback(3)>,
+L<BIO_should_retry(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+
diff --git a/openssl-1.1.0h/doc/crypto/crypto.pod b/openssl-1.1.0h/doc/crypto/crypto.pod
new file mode 100644
index 0000000..082f843
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/crypto.pod
@@ -0,0 +1,62 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+crypto - OpenSSL cryptographic library
+
+=head1 SYNOPSIS
+
+See the individual manual pages for details.
+
+=head1 DESCRIPTION
+
+The OpenSSL B<crypto> library implements a wide range of cryptographic
+algorithms used in various Internet standards. The services provided
+by this library are used by the OpenSSL implementations of SSL, TLS
+and S/MIME, and they have also been used to implement SSH, OpenPGP, and
+other cryptographic standards.
+
+B<libcrypto> consists of a number of sub-libraries that implement the
+individual algorithms.
+
+The functionality includes symmetric encryption, public key
+cryptography and key agreement, certificate handling, cryptographic
+hash functions, cryptographic pseudo-random number generator, and
+various utilities.
+
+=head1 NOTES
+
+Some of the newer functions follow a naming convention using the numbers
+B<0> and B<1>. For example the functions:
+
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+ int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+
+The B<0> version uses the supplied structure pointer directly
+in the parent and it will be freed up when the parent is freed.
+In the above example B<crl> would be freed but B<rev> would not.
+
+The B<1> function uses a copy of the supplied structure pointer
+(or in some cases increases its link count) in the parent and
+so both (B<x> and B<obj> above) should be freed up.
+
+=head1 RETURN VALUES
+
+See the individual manual pages for details.
+
+=head1 SEE ALSO
+
+L<openssl(1)>, L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/ct.pod b/openssl-1.1.0h/doc/crypto/ct.pod
new file mode 100644
index 0000000..60718b3
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/ct.pod
@@ -0,0 +1,55 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+ct - Certificate Transparency
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+=head1 DESCRIPTION
+
+This library implements Certificate Transparency (CT) verification for TLS
+clients, as defined in RFC 6962. This verification can provide some confidence
+that a certificate has been publicly logged in a set of CT logs.
+
+By default, these checks are disabled. They can be enabled using
+SSL_CTX_ct_enable() or SSL_ct_enable().
+
+This library can also be used to parse and examine CT data structures, such as
+Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are
+functions for:
+- decoding and encoding SCTs in DER and TLS wire format.
+- printing SCTs.
+- verifying the authenticity of SCTs.
+- loading a CT log list from a CONF file.
+
+=head1 SEE ALSO
+
+L<d2i_SCT_LIST(3)>,
+L<CTLOG_STORE_new(3)>,
+L<CTLOG_STORE_get0_log_by_id(3)>,
+L<SCT_new(3)>,
+L<SCT_print(3)>,
+L<SCT_validate(3)>,
+L<SCT_validate(3)>,
+L<CT_POLICY_EVAL_CTX_new(3)>,
+L<SSL_CTX_set_ct_validation_callback(3)>
+
+=head1 HISTORY
+
+This library was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/d2i_DHparams.pod b/openssl-1.1.0h/doc/crypto/d2i_DHparams.pod
new file mode 100644
index 0000000..cd1c162
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/d2i_DHparams.pod
@@ -0,0 +1,35 @@
+=pod
+
+=head1 NAME
+
+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode PKCS#3 DH parameters using the
+DHparameter structure described in PKCS#3.
+
+Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/d2i_Netscape_RSA.pod b/openssl-1.1.0h/doc/crypto/d2i_Netscape_RSA.pod
new file mode 100644
index 0000000..ee39bd8
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/d2i_Netscape_RSA.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+i2d_Netscape_RSA,
+d2i_Netscape_RSA
+- insecure RSA public and private key encoding functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
+
+=head1 DESCRIPTION
+
+These functions decode and encode an RSA private
+key in NET format.  These functions are present to provide compatibility
+with very old software. This format has some severe security weaknesses
+and should be avoided if possible.
+
+These functions are similar to the B<d2i_RSAPrivateKey> functions.
+
+=head1 SEE ALSO
+
+L<d2i_RSAPrivateKey(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/d2i_PKCS8PrivateKey_bio.pod b/openssl-1.1.0h/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
new file mode 100644
index 0000000..164d93f
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+=head1 DESCRIPTION
+
+The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
+PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
+
+Other than the use of DER as opposed to PEM these functions are identical to the
+corresponding B<PEM> function as described in L<PEM_read_PrivateKey(3)>.
+
+=head1 NOTES
+
+These functions are currently the only way to store encrypted private keys using DER format.
+
+Currently all the functions use BIOs or FILE pointers, there are no functions which
+work directly on memory: this can be readily worked around by converting the buffers
+to memory BIOs, see L<BIO_s_mem(3)> for details.
+
+=head1 SEE ALSO
+
+L<PEM_read_PrivateKey(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/d2i_PrivateKey.pod b/openssl-1.1.0h/doc/crypto/d2i_PrivateKey.pod
new file mode 100644
index 0000000..f5b4667
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/d2i_PrivateKey.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey,
+i2d_PrivateKey, i2d_PublicKey,
+d2i_PrivateKey_bio, d2i_PrivateKey_fp
+- decode and encode functions for reading and saving EVP_PKEY structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                          long length);
+ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                              long length);
+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+
+=head1 DESCRIPTION
+
+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
+use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
+B<type> parameter should be a public key algorithm constant such as
+B<EVP_PKEY_RSA>. An error occurs if the decoded key does not match B<type>.
+d2i_PublicKey() does the same for public keys.
+
+d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to
+automatically detect the private key format.
+
+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
+i2d_PublicKey() does the same for public keys.
+
+These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
+
+=head1 NOTES
+
+All these functions use DER format and unencrypted keys. Applications wishing
+to encrypt or decrypt private keys should use other functions such as
+d2i_PKC8PrivateKey() instead.
+
+If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
+(i.e. an existing structure is being reused) and the key format is PKCS#8
+then B<*a> will be freed and replaced on a successful call.
+
+=head1 RETURN VALUES
+
+d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
+or B<NULL> if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+i2d_PrivateKey() returns the number of bytes successfully encoded or a
+negative value if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<crypto(7)>,
+L<d2i_PKCS8PrivateKey_bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/d2i_X509.pod b/openssl-1.1.0h/doc/crypto/d2i_X509.pod
new file mode 100644
index 0000000..1fbe5ca
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/d2i_X509.pod
@@ -0,0 +1,601 @@
+=pod
+
+=head1 NAME
+
+d2i_ACCESS_DESCRIPTION,
+d2i_ASIdOrRange,
+d2i_ASIdentifierChoice,
+d2i_ASIdentifiers,
+d2i_ASN1_BIT_STRING,
+d2i_ASN1_BMPSTRING,
+d2i_ASN1_ENUMERATED,
+d2i_ASN1_GENERALIZEDTIME,
+d2i_ASN1_GENERALSTRING,
+d2i_ASN1_IA5STRING,
+d2i_ASN1_INTEGER,
+d2i_ASN1_NULL,
+d2i_ASN1_OBJECT,
+d2i_ASN1_OCTET_STRING,
+d2i_ASN1_PRINTABLE,
+d2i_ASN1_PRINTABLESTRING,
+d2i_ASN1_SEQUENCE_ANY,
+d2i_ASN1_SET_ANY,
+d2i_ASN1_T61STRING,
+d2i_ASN1_TIME,
+d2i_ASN1_TYPE,
+d2i_ASN1_UINTEGER,
+d2i_ASN1_UNIVERSALSTRING,
+d2i_ASN1_UTCTIME,
+d2i_ASN1_UTF8STRING,
+d2i_ASN1_VISIBLESTRING,
+d2i_ASRange,
+d2i_AUTHORITY_INFO_ACCESS,
+d2i_AUTHORITY_KEYID,
+d2i_BASIC_CONSTRAINTS,
+d2i_CERTIFICATEPOLICIES,
+d2i_CMS_ContentInfo,
+d2i_CMS_ReceiptRequest,
+d2i_CMS_bio,
+d2i_CRL_DIST_POINTS,
+d2i_DHxparams,
+d2i_DIRECTORYSTRING,
+d2i_DISPLAYTEXT,
+d2i_DIST_POINT,
+d2i_DIST_POINT_NAME,
+d2i_DSAPrivateKey,
+d2i_DSAPrivateKey_bio,
+d2i_DSAPrivateKey_fp,
+d2i_DSAPublicKey,
+d2i_DSA_PUBKEY,
+d2i_DSA_PUBKEY_bio,
+d2i_DSA_PUBKEY_fp,
+d2i_DSA_SIG,
+d2i_DSAparams,
+d2i_ECPKParameters,
+d2i_ECParameters,
+d2i_ECPrivateKey,
+d2i_ECPrivateKey_bio,
+d2i_ECPrivateKey_fp,
+d2i_EC_PUBKEY,
+d2i_EC_PUBKEY_bio,
+d2i_EC_PUBKEY_fp,
+d2i_EDIPARTYNAME,
+d2i_ESS_CERT_ID,
+d2i_ESS_ISSUER_SERIAL,
+d2i_ESS_SIGNING_CERT,
+d2i_EXTENDED_KEY_USAGE,
+d2i_GENERAL_NAME,
+d2i_GENERAL_NAMES,
+d2i_IPAddressChoice,
+d2i_IPAddressFamily,
+d2i_IPAddressOrRange,
+d2i_IPAddressRange,
+d2i_ISSUING_DIST_POINT,
+d2i_NETSCAPE_CERT_SEQUENCE,
+d2i_NETSCAPE_SPKAC,
+d2i_NETSCAPE_SPKI,
+d2i_NOTICEREF,
+d2i_OCSP_BASICRESP,
+d2i_OCSP_CERTID,
+d2i_OCSP_CERTSTATUS,
+d2i_OCSP_CRLID,
+d2i_OCSP_ONEREQ,
+d2i_OCSP_REQINFO,
+d2i_OCSP_REQUEST,
+d2i_OCSP_RESPBYTES,
+d2i_OCSP_RESPDATA,
+d2i_OCSP_RESPID,
+d2i_OCSP_RESPONSE,
+d2i_OCSP_REVOKEDINFO,
+d2i_OCSP_SERVICELOC,
+d2i_OCSP_SIGNATURE,
+d2i_OCSP_SINGLERESP,
+d2i_OTHERNAME,
+d2i_PBE2PARAM,
+d2i_PBEPARAM,
+d2i_PBKDF2PARAM,
+d2i_PKCS12,
+d2i_PKCS12_BAGS,
+d2i_PKCS12_MAC_DATA,
+d2i_PKCS12_SAFEBAG,
+d2i_PKCS12_bio,
+d2i_PKCS12_fp,
+d2i_PKCS7,
+d2i_PKCS7_DIGEST,
+d2i_PKCS7_ENCRYPT,
+d2i_PKCS7_ENC_CONTENT,
+d2i_PKCS7_ENVELOPE,
+d2i_PKCS7_ISSUER_AND_SERIAL,
+d2i_PKCS7_RECIP_INFO,
+d2i_PKCS7_SIGNED,
+d2i_PKCS7_SIGNER_INFO,
+d2i_PKCS7_SIGN_ENVELOPE,
+d2i_PKCS7_bio,
+d2i_PKCS7_fp,
+d2i_PKCS8_PRIV_KEY_INFO,
+d2i_PKCS8_PRIV_KEY_INFO_bio,
+d2i_PKCS8_PRIV_KEY_INFO_fp,
+d2i_PKCS8_bio,
+d2i_PKCS8_fp,
+d2i_PKEY_USAGE_PERIOD,
+d2i_POLICYINFO,
+d2i_POLICYQUALINFO,
+d2i_PROXY_CERT_INFO_EXTENSION,
+d2i_PROXY_POLICY,
+d2i_RSAPrivateKey,
+d2i_RSAPrivateKey_bio,
+d2i_RSAPrivateKey_fp,
+d2i_RSAPublicKey,
+d2i_RSAPublicKey_bio,
+d2i_RSAPublicKey_fp,
+d2i_RSA_OAEP_PARAMS,
+d2i_RSA_PSS_PARAMS,
+d2i_RSA_PUBKEY,
+d2i_RSA_PUBKEY_bio,
+d2i_RSA_PUBKEY_fp,
+d2i_SCT_LIST,
+d2i_SXNET,
+d2i_SXNETID,
+d2i_TS_ACCURACY,
+d2i_TS_MSG_IMPRINT,
+d2i_TS_MSG_IMPRINT_bio,
+d2i_TS_MSG_IMPRINT_fp,
+d2i_TS_REQ,
+d2i_TS_REQ_bio,
+d2i_TS_REQ_fp,
+d2i_TS_RESP,
+d2i_TS_RESP_bio,
+d2i_TS_RESP_fp,
+d2i_TS_STATUS_INFO,
+d2i_TS_TST_INFO,
+d2i_TS_TST_INFO_bio,
+d2i_TS_TST_INFO_fp,
+d2i_USERNOTICE,
+d2i_X509,
+d2i_X509_ALGOR,
+d2i_X509_ALGORS,
+d2i_X509_ATTRIBUTE,
+d2i_X509_CERT_AUX,
+d2i_X509_CINF,
+d2i_X509_CRL,
+d2i_X509_CRL_INFO,
+d2i_X509_CRL_bio,
+d2i_X509_CRL_fp,
+d2i_X509_EXTENSION,
+d2i_X509_EXTENSIONS,
+d2i_X509_NAME,
+d2i_X509_NAME_ENTRY,
+d2i_X509_PUBKEY,
+d2i_X509_REQ,
+d2i_X509_REQ_INFO,
+d2i_X509_REQ_bio,
+d2i_X509_REQ_fp,
+d2i_X509_REVOKED,
+d2i_X509_SIG,
+d2i_X509_VAL,
+i2d_ACCESS_DESCRIPTION,
+i2d_ASIdOrRange,
+i2d_ASIdentifierChoice,
+i2d_ASIdentifiers,
+i2d_ASN1_BIT_STRING,
+i2d_ASN1_BMPSTRING,
+i2d_ASN1_ENUMERATED,
+i2d_ASN1_GENERALIZEDTIME,
+i2d_ASN1_GENERALSTRING,
+i2d_ASN1_IA5STRING,
+i2d_ASN1_INTEGER,
+i2d_ASN1_NULL,
+i2d_ASN1_OBJECT,
+i2d_ASN1_OCTET_STRING,
+i2d_ASN1_PRINTABLE,
+i2d_ASN1_PRINTABLESTRING,
+i2d_ASN1_SEQUENCE_ANY,
+i2d_ASN1_SET_ANY,
+i2d_ASN1_T61STRING,
+i2d_ASN1_TIME,
+i2d_ASN1_TYPE,
+i2d_ASN1_UNIVERSALSTRING,
+i2d_ASN1_UTCTIME,
+i2d_ASN1_UTF8STRING,
+i2d_ASN1_VISIBLESTRING,
+i2d_ASN1_bio_stream,
+i2d_ASRange,
+i2d_AUTHORITY_INFO_ACCESS,
+i2d_AUTHORITY_KEYID,
+i2d_BASIC_CONSTRAINTS,
+i2d_CERTIFICATEPOLICIES,
+i2d_CMS_ContentInfo,
+i2d_CMS_ReceiptRequest,
+i2d_CMS_bio,
+i2d_CRL_DIST_POINTS,
+i2d_DHxparams,
+i2d_DIRECTORYSTRING,
+i2d_DISPLAYTEXT,
+i2d_DIST_POINT,
+i2d_DIST_POINT_NAME,
+i2d_DSAPrivateKey,
+i2d_DSAPrivateKey_bio,
+i2d_DSAPrivateKey_fp,
+i2d_DSAPublicKey,
+i2d_DSA_PUBKEY,
+i2d_DSA_PUBKEY_bio,
+i2d_DSA_PUBKEY_fp,
+i2d_DSA_SIG,
+i2d_DSAparams,
+i2d_ECPKParameters,
+i2d_ECParameters,
+i2d_ECPrivateKey,
+i2d_ECPrivateKey_bio,
+i2d_ECPrivateKey_fp,
+i2d_EC_PUBKEY,
+i2d_EC_PUBKEY_bio,
+i2d_EC_PUBKEY_fp,
+i2d_EDIPARTYNAME,
+i2d_ESS_CERT_ID,
+i2d_ESS_ISSUER_SERIAL,
+i2d_ESS_SIGNING_CERT,
+i2d_EXTENDED_KEY_USAGE,
+i2d_GENERAL_NAME,
+i2d_GENERAL_NAMES,
+i2d_IPAddressChoice,
+i2d_IPAddressFamily,
+i2d_IPAddressOrRange,
+i2d_IPAddressRange,
+i2d_ISSUING_DIST_POINT,
+i2d_NETSCAPE_CERT_SEQUENCE,
+i2d_NETSCAPE_SPKAC,
+i2d_NETSCAPE_SPKI,
+i2d_NOTICEREF,
+i2d_OCSP_BASICRESP,
+i2d_OCSP_CERTID,
+i2d_OCSP_CERTSTATUS,
+i2d_OCSP_CRLID,
+i2d_OCSP_ONEREQ,
+i2d_OCSP_REQINFO,
+i2d_OCSP_REQUEST,
+i2d_OCSP_RESPBYTES,
+i2d_OCSP_RESPDATA,
+i2d_OCSP_RESPID,
+i2d_OCSP_RESPONSE,
+i2d_OCSP_REVOKEDINFO,
+i2d_OCSP_SERVICELOC,
+i2d_OCSP_SIGNATURE,
+i2d_OCSP_SINGLERESP,
+i2d_OTHERNAME,
+i2d_PBE2PARAM,
+i2d_PBEPARAM,
+i2d_PBKDF2PARAM,
+i2d_PKCS12,
+i2d_PKCS12_BAGS,
+i2d_PKCS12_MAC_DATA,
+i2d_PKCS12_SAFEBAG,
+i2d_PKCS12_bio,
+i2d_PKCS12_fp,
+i2d_PKCS7,
+i2d_PKCS7_DIGEST,
+i2d_PKCS7_ENCRYPT,
+i2d_PKCS7_ENC_CONTENT,
+i2d_PKCS7_ENVELOPE,
+i2d_PKCS7_ISSUER_AND_SERIAL,
+i2d_PKCS7_NDEF,
+i2d_PKCS7_RECIP_INFO,
+i2d_PKCS7_SIGNED,
+i2d_PKCS7_SIGNER_INFO,
+i2d_PKCS7_SIGN_ENVELOPE,
+i2d_PKCS7_bio,
+i2d_PKCS7_fp,
+i2d_PKCS8PrivateKeyInfo_bio,
+i2d_PKCS8PrivateKeyInfo_fp,
+i2d_PKCS8_PRIV_KEY_INFO,
+i2d_PKCS8_PRIV_KEY_INFO_bio,
+i2d_PKCS8_PRIV_KEY_INFO_fp,
+i2d_PKCS8_bio,
+i2d_PKCS8_fp,
+i2d_PKEY_USAGE_PERIOD,
+i2d_POLICYINFO,
+i2d_POLICYQUALINFO,
+i2d_PROXY_CERT_INFO_EXTENSION,
+i2d_PROXY_POLICY,
+i2d_PublicKey,
+i2d_RSAPrivateKey,
+i2d_RSAPrivateKey_bio,
+i2d_RSAPrivateKey_fp,
+i2d_RSAPublicKey,
+i2d_RSAPublicKey_bio,
+i2d_RSAPublicKey_fp,
+i2d_RSA_OAEP_PARAMS,
+i2d_RSA_PSS_PARAMS,
+i2d_RSA_PUBKEY,
+i2d_RSA_PUBKEY_bio,
+i2d_RSA_PUBKEY_fp,
+i2d_SCT_LIST,
+i2d_SXNET,
+i2d_SXNETID,
+i2d_TS_ACCURACY,
+i2d_TS_MSG_IMPRINT,
+i2d_TS_MSG_IMPRINT_bio,
+i2d_TS_MSG_IMPRINT_fp,
+i2d_TS_REQ,
+i2d_TS_REQ_bio,
+i2d_TS_REQ_fp,
+i2d_TS_RESP,
+i2d_TS_RESP_bio,
+i2d_TS_RESP_fp,
+i2d_TS_STATUS_INFO,
+i2d_TS_TST_INFO,
+i2d_TS_TST_INFO_bio,
+i2d_TS_TST_INFO_fp,
+i2d_USERNOTICE,
+i2d_X509,
+i2d_X509_ALGOR,
+i2d_X509_ALGORS,
+i2d_X509_ATTRIBUTE,
+i2d_X509_CERT_AUX,
+i2d_X509_CINF,
+i2d_X509_CRL,
+i2d_X509_CRL_INFO,
+i2d_X509_CRL_bio,
+i2d_X509_CRL_fp,
+i2d_X509_EXTENSION,
+i2d_X509_EXTENSIONS,
+i2d_X509_NAME,
+i2d_X509_NAME_ENTRY,
+i2d_X509_PUBKEY,
+i2d_X509_REQ,
+i2d_X509_REQ_INFO,
+i2d_X509_REQ_bio,
+i2d_X509_REQ_fp,
+i2d_X509_REVOKED,
+i2d_X509_SIG,
+i2d_X509_VAL,
+- convert objects from/to ASN.1/DER representation
+
+=head1 SYNOPSIS
+
+=for comment generic
+
+ TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
+ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
+
+ int i2d_TYPE(TYPE *a, unsigned char **ppout);
+ int i2d_TYPE_fp(FILE *fp, TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, TYPE *a);
+
+=head1 DESCRIPTION
+
+In the description here, I<TYPE> is used a placeholder
+for any of the OpenSSL datatypes, such as I<X509_CRL>.
+The function parameters I<ppin> and I<ppout> are generally
+either both named I<pp> in the headers, or I<in> and I<out>.
+
+These functions convert OpenSSL objects to and from their ASN.1/DER
+encoding.  Unlike the C structures which can have pointers to sub-objects
+within, the DER is a serialized encoding, suitable for sending over the
+network, writing to a file, and so on.
+
+d2i_TYPE() attempts to decode B<len> bytes at B<*ppin>. If successful a
+pointer to the B<TYPE> structure is returned and B<*ppin> is incremented to
+the byte following the parsed data.  If B<a> is not B<NULL> then a pointer
+to the returned structure is also written to B<*a>.  If an error occurred
+then B<NULL> is returned.
+
+On a successful return, if B<*a> is not B<NULL> then it is assumed that B<*a>
+contains a valid B<TYPE> structure and an attempt is made to reuse it. This
+"reuse" capability is present for historical compatibility but its use is
+B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
+VALUES section).
+
+d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts
+to parse data from BIO B<bp>.
+
+d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts
+to parse data from FILE pointer B<fp>.
+
+i2d_TYPE() encodes the structure pointed to by B<a> into DER format.
+If B<ppout> is not B<NULL>, it writes the DER encoded data to the buffer
+at B<*ppout>, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data.
+
+If B<*ppout> is B<NULL> memory will be allocated for a buffer and the encoded
+data written to it. In this case B<*ppout> is not incremented and it points
+to the start of the data just written.
+
+i2d_TYPE_bio() is similar to i2d_TYPE() except it writes
+the encoding of the structure B<a> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+i2d_TYPE_fp() is similar to i2d_TYPE() except it writes
+the encoding of the structure B<a> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+These routines do not encrypt private keys and therefore offer no
+security; use L<PEM_write_PrivateKey(3)> or similar for writing to files.
+
+=head1 NOTES
+
+The letters B<i> and B<d> in B<i2d_TYPE> stand for
+"internal" (that is, an internal C structure) and "DER" respectively.
+So B<i2d_TYPE> converts from internal to DER.
+
+The functions can also understand B<BER> forms.
+
+The actual TYPE structure passed to i2d_TYPE() must be a valid
+populated B<TYPE> structure -- it B<cannot> simply be fed with an
+empty structure such as that returned by TYPE_new().
+
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any FILE pointers or BIOs should be opened in binary mode.
+Functions such as strlen() will B<not> return the correct length
+of the encoded structure.
+
+The ways that B<*ppin> and B<*ppout> are incremented after the operation
+can trap the unwary. See the B<WARNINGS> section for some common
+errors.
+The reason for this-auto increment behaviour is to reflect a typical
+usage of ASN1 functions: after one structure is encoded or decoded
+another will be processed after it.
+
+The following points about the data types might be useful:
+
+=over 4
+
+=item B<ASN1_OBJECT>
+
+Represents an ASN1 OBJECT IDENTIFIER.
+
+=item B<DHparams>
+
+Represents a PKCS#3 DH parameters structure.
+
+=item B<DHparamx>
+
+Represents a ANSI X9.42 DH parameters structure.
+
+=item B<DSA_PUBKEY>
+
+Represents a DSA public key using a B<SubjectPublicKeyInfo> structure.
+
+=item B<DSAPublicKey, DSAPrivateKey>
+
+Use a non-standard OpenSSL format and should be avoided; use B<DSA_PUBKEY>,
+B<PEM_write_PrivateKey(3)>, or similar instead.
+
+=item B<RSAPublicKey>
+
+Represents a PKCS#1 RSA public key structure.
+
+=item B<X509_ALGOR>
+
+Represents an B<AlgorithmIdentifier> structure as used in IETF RFC 6960 and
+elsewhere.
+
+=item B<X509_Name>
+
+Represents a B<Name> type as used for subject and issuer names in
+IETF RFC 6960 and elsewhere.
+
+=item B<X509_REQ>
+
+Represents a PKCS#10 certificate request.
+
+=item B<X509_SIG>
+
+Represents the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+
+=back
+
+=head1 EXAMPLES
+
+Allocate and encode the DER encoding of an X509 structure:
+
+ int len;
+ unsigned char *buf;
+
+ buf = NULL;
+ len = i2d_X509(x, &buf);
+ if (len < 0)
+     /* error */
+
+Attempt to decode a buffer:
+
+ X509 *x;
+ unsigned char *buf, *p;
+ int len;
+
+ /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = d2i_X509(NULL, &p, len);
+ if (x == NULL)
+     /* error */
+
+Alternative technique:
+
+ X509 *x;
+ unsigned char *buf, *p;
+ int len;
+
+ /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = NULL;
+
+ if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
+
+=head1 WARNINGS
+
+Using a temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+
+ int len;
+ unsigned char *buf;
+
+ len = i2d_X509(x, NULL);
+ buf = OPENSSL_malloc(len);
+ ...
+ i2d_X509(x, &buf);
+ ...
+ OPENSSL_free(buf);
+
+This code will result in B<buf> apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also B<buf> will no longer contain the pointer allocated by OPENSSL_malloc()
+and the subsequent call to OPENSSL_free() is likely to crash.
+
+Another trap to avoid is misuse of the B<a> argument to d2i_TYPE():
+
+ X509 *x;
+
+ if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
+
+This will probably crash somewhere in d2i_X509(). The reason for this
+is that the variable B<x> is uninitialized and an attempt will be made to
+interpret its (invalid) value as an B<X509> structure, typically causing
+a segmentation violation. If B<x> is set to NULL first then this will not
+happen.
+
+=head1 BUGS
+
+In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when
+B<*px> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this "reuse" behaviour is strongly discouraged.
+
+i2d_TYPE() will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by d2i_TYPE(). This may be
+fixed in future so code should not assume that i2d_TYPE() will
+always succeed.
+
+Any function which encodes a structure (i2d_TYPE(),
+i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the
+structure has been modified after deserialization or previous
+serialization. This is because some objects cache the encoding for
+efficiency reasons.
+
+=head1 RETURN VALUES
+
+d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
+or B<NULL> if an error occurs.  If the "reuse" capability has been used with
+a valid structure being passed in via B<a>, then the object is not freed in
+the event of error but may be in a potentially invalid or inconsistent state.
+
+i2d_TYPE() returns the number of bytes successfully encoded or a negative
+value if an error occurs.
+
+i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error
+occurs.
+
+=head1 COPYRIGHT
+
+Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/des_modes.pod b/openssl-1.1.0h/doc/crypto/des_modes.pod
new file mode 100644
index 0000000..d5a3f8d
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/des_modes.pod
@@ -0,0 +1,261 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+des_modes - the variants of DES and other crypto algorithms of OpenSSL
+
+=head1 DESCRIPTION
+
+Several crypto algorithms for OpenSSL can be used in a number of modes.  Those
+are used for using block ciphers in a way similar to stream ciphers, among
+other things.
+
+=head1 OVERVIEW
+
+=head2 Electronic Codebook Mode (ECB)
+
+Normally, this is found as the function I<algorithm>_ecb_encrypt().
+
+=over 4
+
+=item *
+
+64 bits are enciphered at a time.
+
+=item *
+
+The order of the blocks can be rearranged without detection.
+
+=item *
+
+The same plaintext block always produces the same ciphertext block
+(for the same key) making it vulnerable to a 'dictionary attack'.
+
+=item *
+
+An error will only affect one ciphertext block.
+
+=back
+
+=head2 Cipher Block Chaining Mode (CBC)
+
+Normally, this is found as the function I<algorithm>_cbc_encrypt().
+Be aware that des_cbc_encrypt() is not really DES CBC (it does
+not update the IV); use des_ncbc_encrypt() instead.
+
+=over 4
+
+=item *
+
+a multiple of 64 bits are enciphered at a time.
+
+=item *
+
+The CBC mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext blocks dependent on the
+current and all preceding plaintext blocks and therefore blocks can not
+be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+An error will affect the current and the following ciphertext blocks.
+
+=back
+
+=head2 Cipher Feedback Mode (CFB)
+
+Normally, this is found as the function I<algorithm>_cfb_encrypt().
+
+=over 4
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The CFB mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext variables dependent on the
+current and all preceding variables and therefore j-bit variables are
+chained together and can not be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+The strength of the CFB mode depends on the size of k (maximal if
+j == k).  In my implementation this is always the case.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+An error will affect the current and the following ciphertext variables.
+
+=back
+
+=head2 Output Feedback Mode (OFB)
+
+Normally, this is found as the function I<algorithm>_ofb_encrypt().
+
+=over 4
+
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The OFB mode produces the same ciphertext whenever the same
+plaintext enciphered using the same key and starting variable.  More
+over, in the OFB mode the same key stream is produced when the same
+key and start variable are used.  Consequently, for security reasons
+a specific start variable should be used only once for a given key.
+
+=item *
+
+The absence of chaining makes the OFB more vulnerable to specific attacks.
+
+=item *
+
+The use of different start variables values prevents the same
+plaintext enciphering to the same ciphertext, by producing different
+key streams.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+OFB mode of operation does not extend ciphertext errors in the
+resultant plaintext output.  Every bit error in the ciphertext causes
+only one bit to be in error in the deciphered plaintext.
+
+=item *
+
+OFB mode is not self-synchronizing.  If the two operation of
+encipherment and decipherment get out of synchronism, the system needs
+to be re-initialized.
+
+=item *
+
+Each re-initialization should use a value of the start variable
+different from the start variable values used before with the same
+key.  The reason for this is that an identical bit stream would be
+produced each time from the same parameters.  This would be
+susceptible to a 'known plaintext' attack.
+
+=back
+
+=head2 Triple ECB Mode
+
+Normally, this is found as the function I<algorithm>_ecb3_encrypt().
+
+=over 4
+
+=item *
+
+Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+
+=item *
+
+As for ECB encryption but increases the key length to 168 bits.
+There are theoretic attacks that can be used that make the effective
+key length 112 bits, but this attack also requires 2^56 blocks of
+memory, not very likely, even for the NSA.
+
+=item *
+
+If both keys are the same it is equivalent to encrypting once with
+just one key.
+
+=item *
+
+If the first and last key are the same, the key length is 112 bits.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
+
+=item *
+
+If all 3 keys are the same, this is effectively the same as normal
+ecb mode.
+
+=back
+
+=head2 Triple CBC Mode
+
+Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
+
+=over 4
+
+=item *
+
+Encrypt with key1, decrypt with key2 and then encrypt with key3.
+
+=item *
+
+As for CBC encryption but increases the key length to 168 bits with
+the same restrictions as for triple ecb mode.
+
+=back
+
+=head1 NOTES
+
+This text was been written in large parts by Eric Young in his original
+documentation for SSLeay, the predecessor of OpenSSL.  In turn, he attributed
+it to:
+
+        AS 2805.5.2
+        Australian Standard
+        Electronic funds transfer - Requirements for interfaces,
+        Part 5.2: Modes of operation for an n-bit block cipher algorithm
+        Appendix A
+
+=head1 SEE ALSO
+
+L<BF_encrypt(3)>, L<DES_crypt(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/evp.pod b/openssl-1.1.0h/doc/crypto/evp.pod
new file mode 100644
index 0000000..02051df
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/evp.pod
@@ -0,0 +1,116 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provides a high-level interface to cryptographic
+functions.
+
+L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)>
+provide public key encryption and decryption to implement digital "envelopes".
+
+The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and
+L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement
+digital signatures and Message Authentication Codes (MACs). Also see the older
+L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)>
+functions.
+
+Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)>
+functions.  The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests.
+
+The B<EVP_PKEY>I<...> functions provide a high level interface to
+asymmetric algorithms. To create a new EVP_PKEY see
+L<EVP_PKEY_new(3)>. EVP_PKEYs can be associated
+with a private key of a particular algorithm by using the functions
+described on the L<EVP_PKEY_set1_RSA(3)> page, or
+new keys can be generated using L<EVP_PKEY_keygen(3)>.
+EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)>, or printed using
+L<EVP_PKEY_print_private(3)>.
+
+The EVP_PKEY functions support the full range of asymmetric algorithm operations:
+
+=over 4
+
+=item For key agreement see L<EVP_PKEY_derive(3)>
+
+=item For signing and verifying see L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>.
+However, note that
+these functions do not perform a digest of the data to be signed. Therefore
+normally you would use the L<EVP_DigestSignInit(3)>
+functions for this purpose.
+
+=item For encryption and decryption see L<EVP_PKEY_encrypt(3)>
+and L<EVP_PKEY_decrypt(3)> respectively. However, note that
+these functions perform encryption and decryption only. As public key
+encryption is an expensive operation, normally you would wrap
+an encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and
+L<EVP_OpenInit(3)> functions.
+
+=back
+
+The L<EVP_BytesToKey(3)> function provides some limited support for password
+based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible
+implementation. However, new applications should not typically use this (preferring, for example,
+PBKDF2 from PCKS#5).
+
+The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
+L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
+and decoding.
+
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
+(public key algorithms) can be replaced by L<engine(3)> modules providing alternative
+implementations. If ENGINE implementations of ciphers or digests are registered
+as defaults, then the various EVP functions will automatically use those
+implementations automatically in preference to built in software
+implementations. For more information, consult the engine(3) man page.
+
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an ENGINE and ENGINE
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)>,
+L<EVP_SealInit(3)>,
+L<EVP_DigestSignInit(3)>,
+L<EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)>,
+L<EVP_EncodeInit(3)>,
+L<EVP_PKEY_new(3)>,
+L<EVP_PKEY_set1_RSA(3)>,
+L<EVP_PKEY_keygen(3)>,
+L<EVP_PKEY_print_private(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_derive(3)>,
+L<EVP_BytesToKey(3)>,
+L<engine(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/i2d_CMS_bio_stream.pod b/openssl-1.1.0h/doc/crypto/i2d_CMS_bio_stream.pod
new file mode 100644
index 0000000..ece7a48
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/i2d_CMS_bio_stream.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.
+
+It is otherwise identical to the function SMIME_write_CMS().
+
+=head1 NOTES
+
+This function is effectively a version of the i2d_CMS_bio() supporting
+streaming.
+
+=head1 BUGS
+
+The prefix "i2d" is arguably wrong because the function outputs BER format.
+
+=head1 RETURN VALUES
+
+i2d_CMS_bio_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<CMS_sign(3)>,
+L<CMS_verify(3)>, L<CMS_encrypt(3)>
+L<CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)>,
+L<PEM_write_bio_CMS_stream(3)>
+
+=head1 HISTORY
+
+i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/i2d_PKCS7_bio_stream.pod b/openssl-1.1.0h/doc/crypto/i2d_PKCS7_bio_stream.pod
new file mode 100644
index 0000000..b42940a
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/i2d_PKCS7_bio_stream.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+i2d_PKCS7_bio_stream - output PKCS7 structure in BER format
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.
+
+It is otherwise identical to the function SMIME_write_PKCS7().
+
+=head1 NOTES
+
+This function is effectively a version of the d2i_PKCS7_bio() supporting
+streaming.
+
+=head1 BUGS
+
+The prefix "i2d" is arguably wrong because the function outputs BER format.
+
+=head1 RETURN VALUES
+
+i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
+L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)>,
+L<PEM_write_bio_PKCS7_stream(3)>
+
+=head1 HISTORY
+
+i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
+
+=head1 COPYRIGHT
+
+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/i2d_re_X509_tbs.pod b/openssl-1.1.0h/doc/crypto/i2d_re_X509_tbs.pod
new file mode 100644
index 0000000..672c7ab
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/i2d_re_X509_tbs.pod
@@ -0,0 +1,79 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_AUX, i2d_X509_AUX,
+i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs
+- X509 encode and decode functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
+ int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
+ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+The X509 encode and decode routines encode and parse an
+B<X509> structure, which represents an X509 certificate.
+
+d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to
+consist of an X509 certificate followed by auxiliary trust information.
+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
+This function should not be called on untrusted input.
+
+i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output
+contains both the certificate and any auxiliary trust information.
+This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
+Note that this is a non-standard OpenSSL-specific data format.
+
+i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only
+the TBSCertificate portion of the certificate.  i2d_re_X509_CRL_tbs()
+and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request,
+respectively.  The "re" in B<i2d_re_X509_tbs> stands for "re-encode",
+and ensures that a fresh encoding is generated in case the object has been
+modified after creation (see the BUGS section).
+
+The encoding of the TBSCertificate portion of a certificate is cached
+in the B<X509> structure internally to improve encoding performance
+and to ensure certificate signatures are verified correctly in some
+certificates with broken (non-DER) encodings.
+
+If, after modification, the B<X509> object is re-signed with X509_sign(),
+the encoding is automatically renewed. Otherwise, the encoding of the
+TBSCertificate portion of the B<X509> can be manually renewed by calling
+i2d_re_X509_tbs().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)>
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/o2i_SCT_LIST.pod b/openssl-1.1.0h/doc/crypto/o2i_SCT_LIST.pod
new file mode 100644
index 0000000..82922fc
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/o2i_SCT_LIST.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT -
+decode and encode Signed Certificate Timestamp lists in TLS wire format
+
+=head1 SYNOPSIS
+
+ #include <openssl/ct.h>
+
+ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len);
+ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+ int i2o_SCT(const SCT *sct, unsigned char **out);
+
+=head1 DESCRIPTION
+
+The SCT_LIST and SCT functions are very similar to the i2d and d2i family of
+functions, except that they convert to and from TLS wire format, as described in
+RFC 6962. See L<d2i_SCT_LIST> for more information about how the parameters are
+treated and the return values.
+
+=head1 RETURN VALUES
+
+All of the functions have return values consistent with those stated for
+L<d2i_SCT_LIST> and L<i2d_SCT_LIST>.
+
+=head1 SEE ALSO
+
+L<ct(3)>,
+L<d2i_SCT_LIST(3)>,
+L<i2d_SCT_LIST(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/crypto/x509.pod b/openssl-1.1.0h/doc/crypto/x509.pod
new file mode 100644
index 0000000..483b037
--- /dev/null
+++ b/openssl-1.1.0h/doc/crypto/x509.pod
@@ -0,0 +1,75 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+x509 - X.509 certificate handling
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+=head1 DESCRIPTION
+
+An X.509 certificate is a structured grouping of information about
+an individual, a device, or anything one can imagine.  A X.509 CRL
+(certificate revocation list) is a tool to help determine if a
+certificate is still valid.  The exact definition of those can be
+found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
+In OpenSSL, the type X509 is used to express such a certificate, and
+the type X509_CRL is used to express a CRL.
+
+A related structure is a certificate request, defined in PKCS#10 from
+RSA Security, Inc, also reflected in RFC2896.  In OpenSSL, the type
+X509_REQ is used to express such a certificate request.
+
+To handle some complex parts of a certificate, there are the types
+X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
+a certificate attributes), X509_EXTENSION (to express a certificate
+extension) and a few more.
+
+Finally, there's the supertype X509_INFO, which can contain a CRL, a
+certificate and a corresponding private key.
+
+B<X509_>I<...>, B<d2i_X509_>I<...> and B<i2d_X509_>I<...> handle X.509
+certificates, with some exceptions, shown below.
+
+B<X509_CRL_>I<...>, B<d2i_X509_CRL_>I<...> and B<i2d_X509_CRL_>I<...>
+handle X.509 CRLs.
+
+B<X509_REQ_>I<...>, B<d2i_X509_REQ_>I<...> and B<i2d_X509_REQ_>I<...>
+handle PKCS#10 certificate requests.
+
+B<X509_NAME_>I<...> handle certificate names.
+
+B<X509_ATTRIBUTE_>I<...> handle certificate attributes.
+
+B<X509_EXTENSION_>I<...> handle certificate extensions.
+
+=head1 SEE ALSO
+
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_add_entry_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_NAME_new(3)>,
+L<d2i_X509(3)>,
+L<d2i_X509_ALGOR(3)>,
+L<d2i_X509_CRL(3)>,
+L<d2i_X509_NAME(3)>,
+L<d2i_X509_REQ(3)>,
+L<d2i_X509_SIG(3)>,
+L<X509v3(3)>,
+L<crypto(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/dir-locals.example.el b/openssl-1.1.0h/doc/dir-locals.example.el
new file mode 100644
index 0000000..dc0d554
--- /dev/null
+++ b/openssl-1.1.0h/doc/dir-locals.example.el
@@ -0,0 +1,15 @@
+;;; This is an example of what a .dir-locals.el suitable for OpenSSL
+;;; development could look like.
+;;;
+;;; Apart from setting the CC mode style to "OpenSSL-II", it also
+;;; makes sure that tabs are never used for indentation in any file,
+;;; and that the fill column is 78.
+;;;
+;;; For more information see (info "(emacs) Directory Variables")
+
+((nil
+  (indent-tabs-mode . nil)
+  (fill-column . 70)
+  )
+ (c-mode
+  (c-file-style . "OpenSSL-II")))
diff --git a/openssl-1.1.0h/doc/fingerprints.txt b/openssl-1.1.0h/doc/fingerprints.txt
new file mode 100644
index 0000000..1863224
--- /dev/null
+++ b/openssl-1.1.0h/doc/fingerprints.txt
@@ -0,0 +1,27 @@
+Fingerprints for Signing Releases
+
+OpenSSL releases are signed with PGP/GnuPG keys.  This file contains
+the fingerprints of team members who are "authorized" to sign the
+next release.
+
+The signature is a detached cleartxt signature, with the same name
+as the release but with ".asc" appended.  For example, release
+1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature
+in the file named openssl-1.0.1h.tar.gz.asc.
+
+The following is the list of fingerprints for the keys that are
+currently in use to sign OpenSSL distributions:
+
+pub   4096R/7DF9EE8C 2014-10-04
+      Key fingerprint = 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
+uid                  Richard Levitte <richard@opensslfoundation.com>
+uid                  Richard Levitte <levitte@openssl.org>
+uid                  Richard Levitte <richard@openssl.com>
+
+pub   4096R/FA40E9E2 2005-03-19
+      Key fingerprint = 6260 5AA4 334A F9F0 DDE5  D349 D357 7507 FA40 E9E2
+uid                  Dr Stephen N Henson <steve@openssl.org>
+
+pub   2048R/0E604491 2013-04-30            
+      Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid                  Matt Caswell <frodo@baggins.org>
diff --git a/openssl-1.1.0h/doc/openssl-c-indent.el b/openssl-1.1.0h/doc/openssl-c-indent.el
new file mode 100644
index 0000000..cca1183
--- /dev/null
+++ b/openssl-1.1.0h/doc/openssl-c-indent.el
@@ -0,0 +1,62 @@
+;;; This Emacs Lisp file defines a C indentation style for OpenSSL.
+;;;
+;;; This definition is for the "CC mode" package, which is the default
+;;; mode for editing C source files in Emacs 20, not for the older
+;;; c-mode.el (which was the default in less recent release of Emacs 19).
+;;;
+;;; Recommended use is to add this line in your .emacs:
+;;;
+;;;   (load (expand-file-name "~/PATH/TO/openssl-c-indent.el"))
+;;;
+;;; To activate this indentation style, visit a C file, type
+;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
+;;; To toggle the auto-newline feature of CC mode, type C-c C-a.
+;;;
+;;; If you're an OpenSSL developer, you might find it more comfortable
+;;; to have this style be permanent in your OpenSSL development
+;;; directory.  To have that, please perform this:
+;;;
+;;;    M-x add-dir-local-variable <RET> c-mode <RET> c-file-style <RET>
+;;;    "OpenSSL-II" <RET>
+;;;
+;;; A new buffer with .dir-locals.el will appear.  Save it (C-x C-s).
+;;;
+;;; Alternatively, have a look at dir-locals.example.el
+
+;;; For suggesting improvements, please send e-mail to levitte@openssl.org.
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Note, it could be easy to inherit from the "gnu" style...  however,
+;; one never knows if that style will change somewhere in the future,
+;; so I've chosen to copy the "gnu" style values explicitly instead
+;; and mark them with a comment.                // RLevitte 2015-08-31
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(c-add-style "OpenSSL-II"
+             '((c-basic-offset . 4)
+               (indent-tabs-mode . nil)
+               (fill-column . 78)
+               (comment-column . 33)
+               (c-comment-only-line-offset 0 . 0)            ; From "gnu" style
+               (c-hanging-braces-alist                       ; From "gnu" style
+                (substatement-open before after)             ; From "gnu" style
+                (arglist-cont-nonempty))                     ; From "gnu" style
+               (c-offsets-alist
+                (statement-block-intro . +)                  ; From "gnu" style
+                (knr-argdecl-intro . 0)
+                (knr-argdecl . 0)
+                (substatement-open . +)                      ; From "gnu" style
+                (substatement-label . 0)                     ; From "gnu" style
+                (label . 1)
+                (statement-case-open . +)                    ; From "gnu" style
+                (statement-cont . +)                         ; From "gnu" style
+                (arglist-intro . c-lineup-arglist-intro-after-paren) ; From "gnu" style
+                (arglist-close . c-lineup-arglist)           ; From "gnu" style
+                (inline-open . 0)                            ; From "gnu" style
+                (brace-list-open . +)                        ; From "gnu" style
+                (topmost-intro-cont first c-lineup-topmost-intro-cont
+                                    c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style
+                )
+               (c-special-indent-hook . c-gnu-impose-minimum) ; From "gnu" style
+               (c-block-comment-prefix . "* ")
+               ))
diff --git a/openssl-1.1.0h/doc/ssl/DTLSv1_listen.pod b/openssl-1.1.0h/doc/ssl/DTLSv1_listen.pod
new file mode 100644
index 0000000..a839d9f
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/DTLSv1_listen.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+DTLSv1_listen - listen for incoming DTLS connections
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
+
+=head1 DESCRIPTION
+
+DTLSv1_listen() listens for new incoming DTLS connections. If a ClientHello is
+received that does not contain a cookie, then DTLSv1_listen() responds with a
+HelloVerifyRequest. If a ClientHello is received with a cookie that is verified
+then control is returned to user code to enable the handshake to be completed
+(for example by using SSL_accept()).
+
+=head1 NOTES
+
+Datagram based protocols can be susceptible to Denial of Service attacks. A
+DTLS attacker could, for example, submit a series of handshake initiation
+requests that cause the server to allocate state (and possibly perform
+cryptographic operations) thus consuming server resources. The attacker could
+also (with UDP) quite simply forge the source IP address in such an attack.
+
+As a counter measure to that DTLS includes a stateless cookie mechanism. The
+idea is that when a client attempts to connect to a server it sends a
+ClientHello message. The server responds with a HelloVerifyRequest which
+contains a unique cookie. The client then resends the ClientHello, but this time
+includes the cookie in the message thus proving that the client is capable of
+receiving messages sent to that address. All of this can be done by the server
+without allocating any state, and thus without consuming expensive resources.
+
+OpenSSL implements this capability via the DTLSv1_listen() function. The B<ssl>
+parameter should be a newly allocated SSL object with its read and write BIOs
+set, in the same way as might be done for a call to SSL_accept(). Typically the
+read BIO will be in an "unconnected" state and thus capable of receiving
+messages from any peer.
+
+When a ClientHello is received that contains a cookie that has been verified,
+then DTLSv1_listen() will return with the B<ssl> parameter updated into a state
+where the handshake can be continued by a call to (for example) SSL_accept().
+Additionally the B<BIO_ADDR> pointed to by B<peer> will be filled in with
+details of the peer that sent the ClientHello. If the underlying BIO is unable
+to obtain the B<BIO_ADDR> of the peer (for example because the BIO does not
+support this), then B<*peer> will be cleared and the family set to AF_UNSPEC.
+Typically user code is expected to "connect" the underlying socket to the peer
+and continue the handshake in a connected state.
+
+Prior to calling DTLSv1_listen() user code must ensure that cookie generation
+and verification callbacks have been set up using
+SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb()
+respectively.
+
+Since DTLSv1_listen() operates entirely statelessly whilst processing incoming
+ClientHellos it is unable to process fragmented messages (since this would
+require the allocation of state). An implication of this is that DTLSv1_listen()
+B<only> supports ClientHellos that fit inside a single datagram.
+
+=head1 RETURN VALUES
+
+From OpenSSL 1.1.0 a return value of >= 1 indicates success. In this instance
+the B<peer> value will be filled in and the B<ssl> object set up ready to
+continue the handshake.
+
+A return value of 0 indicates a non-fatal error. This could (for
+example) be because of non-blocking IO, or some invalid message having been
+received from a peer. Errors may be placed on the OpenSSL error queue with
+further information if appropriate. Typically user code is expected to retry the
+call to DTLSv1_listen() in the event of a non-fatal error. Any old errors on the
+error queue will be cleared in the subsequent call.
+
+A return value of <0 indicates a fatal error. This could (for example) be
+because of a failure to allocate sufficient memory for the operation.
+
+Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return codes
+<= 0 (in typical implementations user code treats all errors as non-fatal),
+whilst return codes >0 indicate success.
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_accept(3)>,
+L<ssl(3)>, L<bio(3)>
+
+=head1 HISTORY
+
+DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer"
+also changed in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/OPENSSL_init_ssl.pod b/openssl-1.1.0h/doc/ssl/OPENSSL_init_ssl.pod
new file mode 100644
index 0000000..b963e5e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/OPENSSL_init_ssl.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+=head1 DESCRIPTION
+
+During normal operation OpenSSL (libssl and libcrypto) will allocate various
+resources at start up that must, subsequently, be freed on close down of the
+library. Additionally some resources are allocated on a per thread basis (if the
+application is multi-threaded), and these resources must be freed prior to the
+thread closing.
+
+As of version 1.1.0 OpenSSL will automatically allocate all resources that it
+needs so no explicit initialisation is required. Similarly it will also
+automatically deinitialise as required.
+
+However, there may be situations when explicit initialisation is desirable or
+needed, for example when some non-default initialisation is required. The
+function OPENSSL_init_ssl() can be used for this purpose. Calling
+this function will explicitly initialise BOTH libcrypto and libssl. To
+explicitly initialise ONLY libcrypto see the
+L<OPENSSL_init_crypto(3)> function.
+
+Numerous internal OpenSSL functions call OPENSSL_init_ssl().
+Therefore, in order to perform non-default initialisation,
+OPENSSL_init_ssl() MUST be called by application code prior to
+any other OpenSSL function calls.
+
+The B<opts> parameter specifies which aspects of libssl and libcrypto should be
+initialised. Valid options for libcrypto are described on the
+L<OPENSSL_init_crypto(3)> page. In addition to any libcrypto
+specific option the following libssl options can also be used:
+
+=over 4
+
+=item OPENSSL_INIT_NO_LOAD_SSL_STRINGS
+
+Suppress automatic loading of the libssl error strings. This option is
+not a default option. Once selected subsequent calls to
+OPENSSL_init_ssl() with the option
+B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
+
+=item OPENSSL_INIT_LOAD_SSL_STRINGS
+
+Automatic loading of the libssl error strings. This option is a
+default option. Once selected subsequent calls to
+OPENSSL_init_ssl() with the option
+B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
+
+=back
+
+OPENSSL_init_ssl() takes a B<settings> parameter which can be used to
+set parameter values.  See L<OPENSSL_init_crypto(3)> for details.
+
+=head1 RETURN VALUES
+
+The function OPENSSL_init_ssl() returns 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<OPENSSL_init_crypto(3)>
+
+=head1 HISTORY
+
+The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CIPHER_get_name.pod b/openssl-1.1.0h/doc/ssl/SSL_CIPHER_get_name.pod
new file mode 100644
index 0000000..b7ee3c8
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CIPHER_get_name.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_kx_nid,
+SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead,
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits,
+SSL_CIPHER_get_version, SSL_CIPHER_description
+- get SSL_CIPHER properties
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+ char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+=head1 DESCRIPTION
+
+SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
+B<cipher> is NULL, it returns "(NONE)".
+
+SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.
+If B<cipher> is NULL, 0 is returned.
+
+SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
+version that first defined the cipher.  It returns "(NONE)" if B<cipher> is NULL.
+
+SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to B<c>.
+If there is no cipher (e.g. for ciphersuites with no encryption) then
+B<NID_undef> is returned.
+
+SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC
+used by B<c>. If there is no digest (e.g. for AEAD ciphersuites) then
+B<NID_undef> is returned.
+
+SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method
+used by B<c>. If there is no key exchange, then B<NID_undef> is returned. Examples (not comprehensive):
+
+ NID_kx_rsa
+ NID_kx_ecdhe
+ NID_kx_dhe
+ NID_kx_psk
+
+SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method
+used by B<c>. If there is no authentication, then B<NID_undef> is returned.
+Examples (not comprehensive):
+
+ NID_auth_rsa
+ NID_auth_ecdsa
+ NID_auth_psk
+
+SSL_CIPHER_is_aead() returns 1 if the cipher B<c> is AEAD (e.g. GCM or
+ChaCha20/Poly1305), and 0 if it is not AEAD.
+
+SSL_CIPHER_description() returns a textual description of the cipher used
+into the buffer B<buf> of length B<len> provided.  If B<buf> is provided, it
+must be at least 128 bytes, otherwise a buffer will be allocated using
+OPENSSL_malloc().  If the provided buffer is too small, or the allocation fails,
+B<NULL> is returned.
+
+The string returned by SSL_CIPHER_description() consists of several fields
+separated by whitespace:
+
+=over 4
+
+=item <ciphername>
+
+Textual representation of the cipher name.
+
+=item <protocol version>
+
+Protocol version, such as B<TLSv1.2>, when the cipher was first defined.
+
+=item Kx=<key exchange>
+
+Key exchange method such as B<RSA>, B<ECDHE>, etc.
+
+=item Au=<authentication>
+
+Authentication method such as B<RSA>, B<None>, etc.. None is the
+representation of anonymous ciphers.
+
+=item Enc=<symmetric encryption method>
+
+Encryption method, with number of secret bits, such as B<AESGCM(128)>.
+
+=item Mac=<message authentication code>
+
+Message digest, such as B<SHA256>.
+
+=back
+
+Some examples for the output of SSL_CIPHER_description():
+
+ ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
+ RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
+
+=head1 HISTORY
+
+SSL_CIPHER_get_version() was updated to always return the correct protocol
+string in OpenSSL 1.1.
+
+SSL_CIPHER_description() was changed to return B<NULL> on error,
+rather than a fixed string, in OpenSSL 1.1
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_current_cipher(3)>,
+L<SSL_get_ciphers(3)>, L<ciphers(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_COMP_add_compression_method.pod b/openssl-1.1.0h/doc/ssl/SSL_COMP_add_compression_method.pod
new file mode 100644
index 0000000..15929df
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -0,0 +1,116 @@
+=pod
+
+=head1 NAME
+
+SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods,
+SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods
+- handle SSL/TLS integrated compression methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+ const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+ int SSL_COMP_get_id(const SSL_COMP *comp);
+
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void SSL_COMP_free_compression_methods(void)
+ #endif
+
+=head1 DESCRIPTION
+
+SSL_COMP_add_compression_method() adds the compression method B<cm> with
+the identifier B<id> to the list of available compression methods. This
+list is globally maintained for all SSL operations within this application.
+It cannot be set for specific SSL_CTX or SSL objects.
+
+SSL_COMP_get_compression_methods() returns a stack of all of the available
+compression methods or NULL on error.
+
+SSL_COMP_get0_name() returns the name of the compression method B<comp>.
+
+SSL_COMP_get_id() returns the id of the compression method B<comp>.
+
+In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed
+the internal table of compression methods that were built internally, and
+possibly augmented by adding SSL_COMP_add_compression_method(). However this is
+now unnecessary from version 1.1.0.  No explicit initialisation or
+de-initialisation is necessary. See L<OPENSSL_init_crypto(3)> and
+L<OPENSSL_init_ssl(3)>. From OpenSSL 1.1.0 calling this function does nothing.
+
+=head1 NOTES
+
+The TLS standard (or SSLv3) allows the integration of compression methods
+into the communication. The TLS RFC does however not specify compression
+methods or their corresponding identifiers, so there is currently no compatible
+way to integrate compression with unknown peers. It is therefore currently not
+recommended to integrate compression into applications. Applications for
+non-public use may agree on certain compression methods. Using different
+compression methods with the same identifier will lead to connection failure.
+
+An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
+will unconditionally send the list of all compression methods enabled with
+SSL_COMP_add_compression_method() to the server during the handshake.
+Unlike the mechanisms to set a cipher list, there is no method available to
+restrict the list of compression method on a per connection basis.
+
+An OpenSSL server will match the identifiers listed by a client against
+its own compression methods and will unconditionally activate compression
+when a matching identifier is found. There is no way to restrict the list
+of compression methods supported on a per connection basis.
+
+If enabled during compilation, the OpenSSL library will have the
+COMP_zlib() compression method available.
+
+=head1 WARNINGS
+
+Once the identities of the compression methods for the TLS protocol have
+been standardized, the compression API will most likely be changed. Using
+it in the current state is not recommended.
+
+=head1 RETURN VALUES
+
+SSL_COMP_add_compression_method() may return the following values:
+
+=over 4
+
+=item Z<>0
+
+The operation succeeded.
+
+=item Z<>1
+
+The operation failed. Check the error queue to find out the reason.
+
+=back
+
+SSL_COMP_get_compression_methods() returns the stack of compressions methods or
+NULL on error.
+
+SSL_COMP_get0_name() returns the name of the compression method or NULL on error.
+
+SSL_COMP_get_id() returns the name of the compression method or -1 on error.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0.
+SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_new.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_new.pod
new file mode 100644
index 0000000..79f0bbc
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_new.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+
+=head1 DESCRIPTION
+
+The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX>
+structure for use with the SSL_CONF functions.
+
+The function SSL_CONF_CTX_free() frees up the context B<cctx>.
+If B<cctx> is NULL nothing is done.
+
+=head1 RETURN VALUES
+
+SSL_CONF_CTX_new() returns either the newly allocated B<SSL_CONF_CTX> structure
+or B<NULL> if an error occurs.
+
+SSL_CONF_CTX_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_set_flags(3)>,
+L<SSL_CONF_CTX_set_ssl_ctx(3)>,
+L<SSL_CONF_CTX_set1_prefix(3)>,
+L<SSL_CONF_cmd(3)>,
+L<SSL_CONF_cmd_argv(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
new file mode 100644
index 0000000..da9e580
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_CTX_set1_prefix - Set configuration context command prefix
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
+
+=head1 DESCRIPTION
+
+The function SSL_CONF_CTX_set1_prefix() sets the command prefix of B<cctx>
+to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value.
+
+=head1 NOTES
+
+Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd()
+calls. For example for files, if the prefix "SSL" is set then command names
+such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol"
+and "Options". Similarly for command lines if the prefix is "--ssl-" then
+"--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".
+
+If the B<SSL_CONF_FLAG_CMDLINE> flag is set then prefix checks are case
+sensitive and "-" is the default. In the unlikely even an application
+explicitly wants to set no prefix it must be explicitly set to "".
+
+If the B<SSL_CONF_FLAG_FILE> flag is set then prefix checks are case
+insensitive and no prefix is the default.
+
+=head1 RETURN VALUES
+
+SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_new(3)>,
+L<SSL_CONF_CTX_set_flags(3)>,
+L<SSL_CONF_CTX_set_ssl_ctx(3)>,
+L<SSL_CONF_cmd(3)>,
+L<SSL_CONF_cmd_argv(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_flags.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_flags.pod
new file mode 100644
index 0000000..efd8da3
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_flags.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set of clear SSL configuration context flags
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+ unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+
+=head1 DESCRIPTION
+
+The function SSL_CONF_CTX_set_flags() sets B<flags> in the context B<cctx>.
+
+The function SSL_CONF_CTX_clear_flags() clears B<flags> in the context B<cctx>.
+
+=head1 NOTES
+
+The flags set affect how subsequent calls to SSL_CONF_cmd() or
+SSL_CONF_argv() behave.
+
+Currently the following B<flags> values are recognised:
+
+=over 4
+
+=item SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE
+
+recognise options intended for command line or configuration file use. At
+least one of these flags must be set.
+
+=item SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
+
+recognise options intended for use in SSL/TLS clients or servers. One or
+both of these flags must be set.
+
+=item SSL_CONF_FLAG_CERTIFICATE
+
+recognise certificate and private key options.
+
+=item SSL_CONF_FLAG_REQUIRE_PRIVATE
+
+If this option is set then if a private key is not specified for a certificate
+it will attempt to load a private key from the certificate file when
+SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate
+file an error occurs.
+
+=item SSL_CONF_FLAG_SHOW_ERRORS
+
+indicate errors relating to unrecognised options or missing arguments in
+the error queue. If this option isn't set such errors are only reflected
+in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv()
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags
+value after setting or clearing flags.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_new(3)>,
+L<SSL_CONF_CTX_set_ssl_ctx(3)>,
+L<SSL_CONF_CTX_set1_prefix(3)>,
+L<SSL_CONF_cmd(3)>,
+L<SSL_CONF_cmd_argv(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
new file mode 100644
index 0000000..7e4120f
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CONF_CTX_set_ssl_ctx() sets the context associated with B<cctx> to the
+B<SSL_CTX> structure B<ctx>. Any previous B<SSL> or B<SSL_CTX> associated with
+B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
+B<ctx>.
+
+SSL_CONF_CTX_set_ssl() sets the context associated with B<cctx> to the
+B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with
+B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
+B<ssl>.
+
+=head1 NOTES
+
+The context need not be set or it can be set to B<NULL> in which case only
+syntax checking of commands is performed, where possible.
+
+=head1 RETURN VALUES
+
+SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_new(3)>,
+L<SSL_CONF_CTX_set_flags(3)>,
+L<SSL_CONF_CTX_set1_prefix(3)>,
+L<SSL_CONF_cmd(3)>,
+L<SSL_CONF_cmd_argv(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd.pod
new file mode 100644
index 0000000..a28e218
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd.pod
@@ -0,0 +1,563 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_cmd_value_type, SSL_CONF_finish,
+SSL_CONF_cmd - send configuration command
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+ int SSL_CONF_finish(SSL_CONF_CTX *cctx);
+
+=head1 DESCRIPTION
+
+The function SSL_CONF_cmd() performs configuration operation B<cmd> with
+optional parameter B<value> on B<ctx>. Its purpose is to simplify application
+configuration of B<SSL_CTX> or B<SSL> structures by providing a common
+framework for command line options or configuration files.
+
+SSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to.
+
+The function SSL_CONF_finish() must be called after all configuration
+operations have been completed. It is used to finalise any operations
+or to process defaults.
+
+=head1 SUPPORTED COMMAND LINE COMMANDS
+
+Currently supported B<cmd> names for command lines (i.e. when the
+flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names
+are case sensitive. Unless otherwise stated commands can be used by
+both clients and servers and the B<value> parameter is not used. The default
+prefix for command line commands is B<-> and that is reflected below.
+
+=over 4
+
+=item B<-sigalgs>
+
+This sets the supported signature algorithms for TLS v1.2. For clients this
+value is used directly for the supported signature algorithms extension. For
+servers it is used to determine which signature algorithms to support.
+
+The B<value> argument should be a colon separated list of signature algorithms
+in order of decreasing preference of the form B<algorithm+hash>. B<algorithm>
+is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
+OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
+Note: algorithm and hash names are case sensitive.
+
+If this option is not set then all signature algorithms supported by the
+OpenSSL library are permissible.
+
+=item B<-client_sigalgs>
+
+This sets the supported signature algorithms associated with client
+authentication for TLS v1.2. For servers the value is used in the supported
+signature algorithms field of a certificate request. For clients it is
+used to determine which signature algorithm to with the client certificate.
+If a server does not request a certificate this option has no effect.
+
+The syntax of B<value> is identical to B<-sigalgs>. If not set then
+the value set for B<-sigalgs> will be used instead.
+
+=item B<-curves>
+
+This sets the supported elliptic curves. For clients the curves are
+sent using the supported curves extension. For servers it is used
+to determine which curve to use. This setting affects curves used for both
+signatures and key exchange, if applicable.
+
+The B<value> argument is a colon separated list of curves. The curve can be
+either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
+B<prime256v1>). Curve names are case sensitive.
+
+=item B<-named_curve>
+
+This sets the temporary curve used for ephemeral ECDH modes. Only used by
+servers
+
+The B<value> argument is a curve name or the special value B<auto> which
+picks an appropriate curve based on client and server preferences. The curve
+can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
+(e.g B<prime256v1>). Curve names are case sensitive.
+
+=item B<-cipher>
+
+Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
+currently not performed unless a B<SSL> or B<SSL_CTX> structure is
+associated with B<cctx>.
+
+=item B<-cert>
+
+Attempts to use the file B<value> as the certificate for the appropriate
+context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
+structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
+structure is set. This option is only supported if certificate operations
+are permitted.
+
+=item B<-key>
+
+Attempts to use the file B<value> as the private key for the appropriate
+context. This option is only supported if certificate operations
+are permitted. Note: if no B<-key> option is set then a private key is
+not loaded unless the flag B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
+
+=item B<-dhparam>
+
+Attempts to use the file B<value> as the set of temporary DH parameters for
+the appropriate context. This option is only supported if certificate
+operations are permitted.
+
+=item B<-no_renegotiation>
+
+Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+B<SSL_OP_NO_RENEGOTIATION>.
+
+=item B<-min_protocol>, B<-max_protocol>
+
+Sets the minimum and maximum supported protocol.
+Currently supported protocol values are B<SSLv3>, B<TLSv1>,
+B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
+and B<None> for no limit.
+If the either bound is not specified then only the other bound applies,
+if specified.
+To restrict the supported protocol versions use these commands rather
+than the deprecated alternative commands below.
+
+=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the
+corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>
+and B<SSL_OP_NO_TLSv1_2> respectively.
+These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>.
+
+=item B<-bugs>
+
+Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
+
+=item B<-comp>
+
+Enables support for SSL/TLS compression, same as clearing
+B<SSL_OP_NO_COMPRESSION>.
+This command was introduced in OpenSSL 1.1.0.
+As of OpenSSL 1.1.0, compression is off by default.
+
+=item B<-no_comp>
+
+Disables support for SSL/TLS compression, same as setting
+B<SSL_OP_NO_COMPRESSION>.
+As of OpenSSL 1.1.0, compression is off by default.
+
+=item B<-no_ticket>
+
+Disables support for session tickets, same as setting B<SSL_OP_NO_TICKET>.
+
+=item B<-serverpref>
+
+Use server and not client preference order when determining which cipher suite,
+signature algorithm or elliptic curve to use for an incoming connection.
+Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
+
+=item B<-no_resumption_on_reneg>
+
+set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
+
+=item B<-legacyrenegotiation>
+
+permits the use of unsafe legacy renegotiation. Equivalent to setting
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
+
+=item B<-legacy_server_connect>, B<-no_legacy_server_connect>
+
+permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
+clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
+Set by default.
+
+=item B<-strict>
+
+enables strict mode protocol handling. Equivalent to setting
+B<SSL_CERT_FLAG_TLS_STRICT>.
+
+=back
+
+=head1 SUPPORTED CONFIGURATION FILE COMMANDS
+
+Currently supported B<cmd> names for configuration files (i.e. when the
+flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file
+B<cmd> names are case insensitive so B<signaturealgorithms> is recognised
+as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names
+are also case insensitive.
+
+Note: the command prefix (if set) alters the recognised B<cmd> values.
+
+=over 4
+
+=item B<CipherString>
+
+Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
+currently not performed unless an B<SSL> or B<SSL_CTX> structure is
+associated with B<cctx>.
+
+=item B<Certificate>
+
+Attempts to use the file B<value> as the certificate for the appropriate
+context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
+structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
+structure is set. This option is only supported if certificate operations
+are permitted.
+
+=item B<PrivateKey>
+
+Attempts to use the file B<value> as the private key for the appropriate
+context. This option is only supported if certificate operations
+are permitted. Note: if no B<PrivateKey> option is set then a private key is
+not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.
+
+=item B<ChainCAFile>, B<ChainCAPath>, B<VerifyCAFile>, B<VerifyCAPath>
+
+These options indicate a file or directory used for building certificate
+chains or verifying certificate chains. These options are only supported
+if certificate operations are permitted.
+
+=item B<ServerInfoFile>
+
+Attempts to use the file B<value> in the "serverinfo" extension using the
+function SSL_CTX_use_serverinfo_file.
+
+=item B<DHParameters>
+
+Attempts to use the file B<value> as the set of temporary DH parameters for
+the appropriate context. This option is only supported if certificate
+operations are permitted.
+
+=item B<NoRenegotiation>
+
+Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+B<SSL_OP_NO_RENEGOTIATION>.
+
+=item B<SignatureAlgorithms>
+
+This sets the supported signature algorithms for TLS v1.2. For clients this
+value is used directly for the supported signature algorithms extension. For
+servers it is used to determine which signature algorithms to support.
+
+The B<value> argument should be a colon separated list of signature algorithms
+in order of decreasing preference of the form B<algorithm+hash>. B<algorithm>
+is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm
+OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>.
+Note: algorithm and hash names are case sensitive.
+
+If this option is not set then all signature algorithms supported by the
+OpenSSL library are permissible.
+
+=item B<ClientSignatureAlgorithms>
+
+This sets the supported signature algorithms associated with client
+authentication for TLS v1.2. For servers the value is used in the supported
+signature algorithms field of a certificate request. For clients it is
+used to determine which signature algorithm to with the client certificate.
+
+The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then
+the value set for B<SignatureAlgorithms> will be used instead.
+
+=item B<Curves>
+
+This sets the supported elliptic curves. For clients the curves are
+sent using the supported curves extension. For servers it is used
+to determine which curve to use. This setting affects curves used for both
+signatures and key exchange, if applicable.
+
+The B<value> argument is a colon separated list of curves. The curve can be
+either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
+B<prime256v1>). Curve names are case sensitive.
+
+=item B<MinProtocol>
+
+This sets the minimum supported SSL, TLS or DTLS version.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
+B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
+
+=item B<MaxProtocol>
+
+This sets the maximum supported SSL, TLS or DTLS version.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
+B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
+
+=item B<Protocol>
+
+This can be used to enable or disable certain versions of the SSL,
+TLS or DTLS protocol.
+
+The B<value> argument is a comma separated list of supported protocols
+to enable or disable.
+If a protocol is preceded by B<-> that version is disabled.
+
+All protocol versions are enabled by default.
+You need to disable at least one protocol version for this setting have any
+effect.
+Only enabling some protocol versions does not disable the other protocol
+versions.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
+B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The special value B<ALL> refers to all supported versions.
+
+This can't enable protocols that are disabled using B<MinProtocol>
+or B<MaxProtocol>, but can disable protocols that are still allowed
+by them.
+
+The B<Protocol> command is fragile and deprecated; do not use it.
+Use B<MinProtocol> and B<MaxProtocol> instead.
+If you do use B<Protocol>, make sure that the resulting range of enabled
+protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make
+sure to also leave TLS 1.1 enabled.
+
+=item B<Options>
+
+The B<value> argument is a comma separated list of various flags to set.
+If a flag string is preceded B<-> it is disabled.
+See the L<SSL_CTX_set_options(3)> function for more details of
+individual options.
+
+Each option is listed below. Where an operation is enabled by default
+the B<-flag> syntax is needed to disable it.
+
+B<SessionTicket>: session ticket support, enabled by default. Inverse of
+B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting
+B<SSL_OP_NO_TICKET>.
+
+B<Compression>: SSL/TLS compression support, enabled by default. Inverse
+of B<SSL_OP_NO_COMPRESSION>.
+
+B<EmptyFragments>: use empty fragments as a countermeasure against a
+SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It
+is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>.
+
+B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>.
+
+B<DHSingle>: enable single use DH keys, set by default. Inverse of
+B<SSL_OP_DH_SINGLE>. Only used by servers.
+
+B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of
+B<SSL_OP_ECDH_SINGLE>. Only used by servers.
+
+B<ServerPreference> use server and not client preference order when
+determining which cipher suite, signature algorithm or elliptic curve
+to use for an incoming connection.  Equivalent to
+B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
+
+B<NoResumptionOnRenegotiation> set
+B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
+
+B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation.
+Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
+
+B<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation
+for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>.
+Set by default.
+
+=item B<VerifyMode>
+
+The B<value> argument is a comma separated list of flags to set.
+
+B<Peer> enables peer verification: for clients only.
+
+B<Request> requests but does not require a certificate from the client.
+Servers only.
+
+B<Require> requests and requires a certificate from the client: an error
+occurs if the client does not present a certificate. Servers only.
+
+B<Once> requests a certificate from a client only on the initial connection:
+not when renegotiating. Servers only.
+
+=item B<ClientCAFile>, B<ClientCAPath>
+
+A file or directory of certificates in PEM format whose names are used as the
+set of acceptable names for client CAs. Servers only. This option is only
+supported if certificate operations are permitted.
+
+=back
+
+=head1 SUPPORTED COMMAND TYPES
+
+The function SSL_CONF_cmd_value_type() currently returns one of the following
+types:
+
+=over 4
+
+=item B<SSL_CONF_TYPE_UNKNOWN>
+
+The B<cmd> string is unrecognised, this return value can be use to flag
+syntax errors.
+
+=item B<SSL_CONF_TYPE_STRING>
+
+The value is a string without any specific structure.
+
+=item B<SSL_CONF_TYPE_FILE>
+
+The value is a file name.
+
+=item B<SSL_CONF_TYPE_DIR>
+
+The value is a directory name.
+
+=item B<SSL_CONF_TYPE_NONE>
+
+The value string is not used e.g. a command line option which doesn't take an
+argument.
+
+=back
+
+=head1 NOTES
+
+The order of operations is significant. This can be used to set either defaults
+or values which cannot be overridden. For example if an application calls:
+
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ SSL_CONF_cmd(ctx, userparam, uservalue);
+
+it will disable SSLv3 support by default but the user can override it. If
+however the call sequence is:
+
+ SSL_CONF_cmd(ctx, userparam, uservalue);
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+
+SSLv3 is B<always> disabled and attempt to override this by the user are
+ignored.
+
+By checking the return code of SSL_CTX_cmd() it is possible to query if a
+given B<cmd> is recognised, this is useful if SSL_CTX_cmd() values are
+mixed with additional application specific operations.
+
+For example an application might call SSL_CTX_cmd() and if it returns
+-2 (unrecognised command) continue with processing of application specific
+commands.
+
+Applications can also use SSL_CTX_cmd() to process command lines though the
+utility function SSL_CTX_cmd_argv() is normally used instead. One way
+to do this is to set the prefix to an appropriate value using
+SSL_CONF_CTX_set1_prefix(), pass the current argument to B<cmd> and the
+following argument to B<value> (which may be NULL).
+
+In this case if the return value is positive then it is used to skip that
+number of arguments as they have been processed by SSL_CTX_cmd(). If -2 is
+returned then B<cmd> is not recognised and application specific arguments
+can be checked instead. If -3 is returned a required argument is missing
+and an error is indicated. If 0 is returned some other error occurred and
+this can be reported back to the user.
+
+The function SSL_CONF_cmd_value_type() can be used by applications to
+check for the existence of a command or to perform additional syntax
+checking or translation of the command value. For example if the return
+value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
+pathname to an absolute pathname.
+
+=head1 EXAMPLES
+
+Set supported signature algorithms:
+
+ SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
+
+There are various ways to select the supported protocols.
+
+This set the minimum protocol version to TLSv1, and so disables SSLv3.
+This is the recommended way to disable protocols.
+
+ SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
+
+The following also disables SSLv3:
+
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+
+The following will first enable all protocols, and then disable
+SSLv3.
+If no protocol versions were disabled before this has the same effect as
+"-SSLv3", but if some versions were disables this will re-enable them before
+disabling SSLv3.
+
+ SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
+
+Only enable TLSv1.2:
+
+ SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+ SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
+
+This also only enables TLSv1.2:
+
+ SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
+
+Disable TLS session tickets:
+
+ SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
+
+Enable compression:
+
+ SSL_CONF_cmd(ctx, "Options", "Compression");
+
+Set supported curves to P-256, P-384:
+
+ SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
+
+Set automatic support for any elliptic curve for key exchange:
+
+ SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
+
+=head1 RETURN VALUES
+
+SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is
+B<NOT> used and 2 if both B<cmd> and B<value> are used. In other words it
+returns the number of arguments processed. This is useful when processing
+command lines.
+
+A return value of -2 means B<cmd> is not recognised.
+
+A return value of -3 means B<cmd> is recognised and the command requires a
+value but B<value> is NULL.
+
+A return code of 0 indicates that both B<cmd> and B<value> are valid but an
+error occurred attempting to perform the operation: for example due to an
+error in the syntax of B<value> in this case the error queue may provide
+additional information.
+
+SSL_CONF_finish() returns 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_new(3)>,
+L<SSL_CONF_CTX_set_flags(3)>,
+L<SSL_CONF_CTX_set1_prefix(3)>,
+L<SSL_CONF_CTX_set_ssl_ctx(3)>,
+L<SSL_CONF_cmd_argv(3)>,
+L<SSL_CTX_set_options(3)>
+
+=head1 HISTORY
+
+SSL_CONF_cmd() was first added to OpenSSL 1.0.2
+
+B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained
+for backwards compatibility.
+
+B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of
+OpenSSL passing a command which didn't take an argument would return
+B<SSL_CONF_TYPE_UNKNOWN>.
+
+B<MinProtocol> and B<MaxProtocol> where added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd_argv.pod b/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd_argv.pod
new file mode 100644
index 0000000..15529a5
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CONF_cmd_argv.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CONF_cmd_argv - SSL configuration command line processing
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+
+=head1 DESCRIPTION
+
+The function SSL_CONF_cmd_argv() processes at most two command line
+arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc>
+are updated to reflect the number of command options processed. The B<pargc>
+argument can be set to B<NULL> is it is not used.
+
+=head1 RETURN VALUES
+
+SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2
+or a negative error code.
+
+If -2 is returned then an argument for a command is missing.
+
+If -1 is returned the command is recognised but couldn't be processed due
+to an error: for example a syntax error in the argument.
+
+=head1 SEE ALSO
+
+L<SSL_CONF_CTX_new(3)>,
+L<SSL_CONF_CTX_set_flags(3)>,
+L<SSL_CONF_CTX_set1_prefix(3)>,
+L<SSL_CONF_CTX_set_ssl_ctx(3)>,
+L<SSL_CONF_cmd(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2
+
+=head1 COPYRIGHT
+
+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_add1_chain_cert.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_add1_chain_cert.pod
new file mode 100644
index 0000000..1f0418b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_add1_chain_cert.pod
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert,
+SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs,
+SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert,
+SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain,
+SSL_build_cert_chain, SSL_CTX_select_current_cert,
+SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra
+chain certificate processing
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
+
+ int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+ int SSL_clear_chain_certs(SSL *ssl);
+
+ int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+ int SSL_build_cert_chain(SSL *ssl, flags);
+
+ int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_select_current_cert(SSL *ssl, X509 *x509);
+ int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+ int SSL_set_current_cert(SSL *ssl, long op);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
+associated with the current certificate of B<ctx> to B<sk>.
+
+SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single
+certificate B<x509> to the chain associated with the current certificate of
+B<ctx>.
+
+SSL_CTX_get0_chain_certs() retrieves the chain associated with the current
+certificate of B<ctx>.
+
+SSL_CTX_clear_chain_certs() clears any existing chain associated with the
+current certificate of B<ctx>.  (This is implemented by calling
+SSL_CTX_set0_chain() with B<sk> set to B<NULL>).
+
+SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
+this uses the chain store or the verify store if the chain store is not set.
+If the function is successful the built chain will replace any existing chain.
+The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use
+existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT>
+to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to
+use all existing chain certificates only to build the chain (effectively
+sanity checking and rearranging them if necessary), the flag
+B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification:
+if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors
+are cleared from the error queue.
+
+Each of these functions operates on the I<current> end entity
+(i.e. server or client) certificate. This is the last certificate loaded or
+selected on the corresponding B<ctx> structure.
+
+SSL_CTX_select_current_cert() selects B<x509> as the current end entity
+certificate, but only if B<x509> has already been loaded into B<ctx> using a
+function such as SSL_CTX_use_certificate().
+
+SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(),
+SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(),
+SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert()
+are similar except they apply to SSL structure B<ssl>.
+
+SSL_CTX_set_current_cert() changes the current certificate to a value based
+on the B<op> argument. Currently B<op> can be B<SSL_CERT_SET_FIRST> to use
+the first valid certificate or B<SSL_CERT_SET_NEXT> to set the next valid
+certificate after the current certificate. These two operations can be
+used to iterate over all certificates in an B<SSL_CTX> structure.
+
+SSL_set_current_cert() also supports the option B<SSL_CERT_SET_SERVER>.
+If B<ssl> is a server and has sent a certificate to a connected client
+this option sets that certificate to the current certificate and returns 1.
+If the negotiated ciphersuite is anonymous (and thus no certificate will
+be sent) 2 is returned and the current certificate is unchanged. If B<ssl>
+is not a server or a certificate has not been sent 0 is returned and
+the current certificate is unchanged.
+
+All these functions are implemented as macros. Those containing a B<1>
+increment the reference count of the supplied certificate or chain so it must
+be freed at some point after the operation. Those containing a B<0> do
+not increment reference counts and the supplied certificate or chain
+B<MUST NOT> be freed after the operation.
+
+=head1 NOTES
+
+The chains associate with an SSL_CTX structure are copied to any SSL
+structures when SSL_new() is called. SSL structures will not be affected
+by any chains subsequently changed in the parent SSL_CTX.
+
+One chain can be set for each key type supported by a server. So, for example,
+an RSA and a DSA certificate can (and often will) have different chains.
+
+The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can
+be used to check application configuration and to ensure any necessary
+subordinate CAs are sent in the correct order. Misconfigured applications
+sending incorrect certificate chains often cause problems with peers.
+
+For example an application can add any set of certificates using
+SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain()
+with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them.
+
+Applications can issue non fatal warnings when checking chains by setting
+the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS> and checking the return
+value.
+
+Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more
+efficient than the automatic chain building as it is only performed once.
+Automatic chain building is performed on each new session.
+
+If any certificates are added using these functions no certificates added
+using SSL_CTX_add_extra_chain_cert() will be used.
+
+=head1 RETURN VALUES
+
+SSL_set_current_cert() with B<SSL_CERT_SET_SERVER> return 1 for success, 2 if
+no server certificate is used because the ciphersuites is anonymous and 0
+for failure.
+
+SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success
+and 0 for failure. If the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> and
+a verification error occurs then 2 is returned.
+
+All other functions return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_add_extra_chain_cert(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
new file mode 100644
index 0000000..e2783de
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
+extra chain certificates
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
+certificates associated with B<ctx>. Several certificates can be added one
+after another.
+
+SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
+associated with B<ctx>.
+
+These functions are implemented as macros.
+
+=head1 NOTES
+
+When sending a certificate chain, extra chain certificates are sent in order
+following the end entity certificate.
+
+If no chain is specified, the library will try to complete the chain from the
+available CA certificates in the trusted CA storage, see
+L<SSL_CTX_load_verify_locations(3)>.
+
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
+freed by the library when the B<SSL_CTX> is destroyed. An application
+B<should not> free the B<x509> object.
+
+=head1 RESTRICTIONS
+
+Only one set of extra chain certificates can be specified per SSL_CTX
+structure. Different chains for different certificates (for example if both
+RSA and DSA certificates are specified by the same server) or different SSL
+structures with the same parent SSL_CTX cannot be specified using this
+function. For more flexibility functions such as SSL_add1_chain_cert() should
+be used instead.
+
+=head1 RETURN VALUES
+
+SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
+1 on success and 0 for failure. Check out the error stack to find out the
+reason for failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_load_verify_locations(3)>
+L<SSL_CTX_set0_chain(3)>
+L<SSL_CTX_set1_chain(3)>
+L<SSL_CTX_add0_chain_cert(3)>
+L<SSL_CTX_add1_chain_cert(3)>
+L<SSL_set0_chain(3)>
+L<SSL_set1_chain(3)>
+L<SSL_add0_chain_cert(3)>
+L<SSL_add1_chain_cert(3)>
+L<SSL_CTX_build_cert_chain(3)>
+L<SSL_build_cert_chain(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_add_session.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_add_session.pod
new file mode 100644
index 0000000..dbdd9f0
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_add_session.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+ int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+ int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
+reference count for session B<c> is incremented by 1. If a session with
+the same session id already exists, the old session is removed by calling
+L<SSL_SESSION_free(3)>.
+
+SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.
+L<SSL_SESSION_free(3)> is called once for B<c>.
+
+SSL_add_session() and SSL_remove_session() are synonyms for their
+SSL_CTX_*() counterparts.
+
+=head1 NOTES
+
+When adding a new session to the internal session cache, it is examined
+whether a session with the same session id already exists. In this case
+it is assumed that both sessions are identical. If the same session is
+stored in a different SSL_SESSION object, The old session is
+removed and replaced by the new session. If the session is actually
+identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+is a no-op, and the return value is 0.
+
+If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the SSL/TLS implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+application can use SSL_CTX_add_session() directly to have full control
+over the sessions that can be resumed if desired.
+
+
+=head1 RETURN VALUES
+
+The following values are returned by all functions:
+
+=over 4
+
+=item Z<>0
+
+ The operation failed. In case of the add operation, it was tried to add
+ the same (identical) session twice. In case of the remove operation, the
+ session was not found in the cache.
+
+=item Z<>1
+
+ The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_config.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_config.pod
new file mode 100644
index 0000000..ec744ad
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_config.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+ int SSL_config(SSL *s, const char *name);
+
+=head1 DESCRIPTION
+
+The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or
+B<SSL> structure using the configuration B<name>.
+
+=head1 NOTES
+
+By calling SSL_CTX_config() or SSL_config() an application can perform many
+complex tasks based on the contents of the configuration file: greatly
+simplifying application configuration code. A degree of future proofing
+can also be achieved: an application can support configuration features
+in newer versions of OpenSSL automatically.
+
+A configuration file must have been previously loaded, for example using
+CONF_modules_load_file(). See L<config(3)> for details of the configuration
+file syntax.
+
+=head1 RETURN VALUES
+
+SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error
+occurred.
+
+=head1 EXAMPLE
+
+If the file "config.cnf" contains the following:
+
+ testapp = test_sect
+
+ [test_sect]
+ # list of configuration modules
+
+ ssl_conf = ssl_sect
+
+ [ssl_sect]
+
+ server = server_section
+
+ [server_section]
+
+ RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
+
+An application could call:
+
+ if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
+      fprintf(stderr, "Error processing config file\n");
+      goto err;
+ }
+
+ ctx = SSL_CTX_new(TLS_server_method());
+
+ if (SSL_CTX_config(ctx, "server") == 0) {
+     fprintf(stderr, "Error configuring server.\n");
+     goto err;
+ }
+
+In this example two certificates and the cipher list are configured without
+the need for any additional application code.
+
+=head1 SEE ALSO
+
+L<config(3)>,
+L<SSL_CONF_cmd(3)>,
+L<CONF_modules_load_file(3)>
+
+=head1 HISTORY
+
+SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_ctrl.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_ctrl.pod
new file mode 100644
index 0000000..e8386a5
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_ctrl.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+ long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
+
+ long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+ long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
+
+=head1 DESCRIPTION
+
+The SSL_*_ctrl() family of functions is used to manipulate settings of
+the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
+B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
+be called directly. All functionalities needed are made available via
+other functions or macros.
+
+=head1 RETURN VALUES
+
+The return values of the SSL*_ctrl() functions depend on the command
+supplied via the B<cmd> parameter.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_dane_enable.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_dane_enable.pod
new file mode 100644
index 0000000..cdb6d1b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_dane_enable.pod
@@ -0,0 +1,384 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable,
+SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa,
+SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags,
+SSL_dane_set_flags, SSL_dane_clear_flags
+- enable DANE TLS authentication of the remote TLS server in the local
+TLS client
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_dane_enable(SSL_CTX *ctx);
+ int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                            uint8_t mtype, uint8_t ord);
+ int SSL_dane_enable(SSL *s, const char *basedomain);
+ int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                       uint8_t mtype, unsigned char *data, size_t dlen);
+ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                        uint8_t *mtype, unsigned const char **data,
+                        size_t *dlen);
+ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+=head1 DESCRIPTION
+
+These functions implement support for DANE TLSA (RFC6698 and RFC7671)
+peer authentication.
+
+SSL_CTX_dane_enable() must be called first to initialize the shared state
+required for DANE support.
+Individual connections associated with the context can then enable
+per-connection DANE support as appropriate.
+DANE authentication is implemented in the L<X509_verify_cert(3)> function, and
+applications that override L<X509_verify_cert(3)> via
+L<SSL_CTX_set_cert_verify_callback(3)> are responsible to authenticate the peer
+chain in whatever manner they see fit.
+
+SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the
+supported digest algorithms.
+This must be done before any SSL handles are created for the context.
+
+The B<mtype> argument specifies a DANE TLSA matching type and the B<md>
+argument specifies the associated digest algorithm handle.
+The B<ord> argument specifies a strength ordinal.
+Algorithms with a larger strength ordinal are considered more secure.
+Strength ordinals are used to implement RFC7671 digest algorithm agility.
+Specifying a B<NULL> digest algorithm for a matching type disables
+support for that matching type.
+Matching type Full(0) cannot be modified or disabled.
+
+By default, matching type C<SHA2-256(1)> (see RFC7218 for definitions
+of the DANE TLSA parameter acronyms) is mapped to C<EVP_sha256()>
+with a strength ordinal of C<1> and matching type C<SHA2-512(2)>
+is mapped to C<EVP_sha512()> with a strength ordinal of C<2>.
+
+SSL_dane_enable() must be called before the SSL handshake is initiated with
+L<SSL_connect(3)> if (and only if) you want to enable DANE for that connection.
+(The connection must be associated with a DANE-enabled SSL context).
+The B<basedomain> argument specifies the RFC7671 TLSA base domain,
+which will be the primary peer reference identifier for certificate
+name checks.
+Additional server names can be specified via L<SSL_add1_host(3)>.
+The B<basedomain> is used as the default SNI hint if none has yet been
+specified via L<SSL_set_tlsext_host_name(3)>.
+
+SSL_dane_tlsa_add() may then be called one or more times, to load each of the
+TLSA records that apply to the remote TLS peer.
+(This too must be done prior to the beginning of the SSL handshake).
+The arguments specify the fields of the TLSA record.
+The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal
+ASCII presentation form, with an explicit length passed via B<dlen>.
+The library takes a copy of the B<data> buffer contents and the caller may
+free the original B<data> buffer when convenient.
+A return value of 0 indicates that "unusable" TLSA records (with invalid or
+unsupported parameters) were provided.
+A negative return value indicates an internal error in processing the record.
+
+The caller is expected to check the return value of each SSL_dane_tlsa_add()
+call and take appropriate action if none are usable or an internal error
+is encountered in processing some records.
+
+If no TLSA records are added successfully, DANE authentication is not enabled,
+and authentication will be based on any configured traditional trust-anchors;
+authentication success in this case does not mean that the peer was
+DANE-authenticated.
+
+SSL_get0_dane_authority() can be used to get more detailed information about
+the matched DANE trust-anchor after successful connection completion.
+The return value is negative if DANE verification failed (or was not enabled),
+0 if an EE TLSA record directly matched the leaf certificate, or a positive
+number indicating the depth at which a TA record matched an issuer certificate.
+The complete verified chain can be retrieved via L<SSL_get0_verified_chain(3)>.
+The return value is an index into this verified chain, rather than the list of
+certificates sent by the peer as returned by L<SSL_get_peer_cert_chain(3)>.
+
+If the B<mcert> argument is not B<NULL> and a TLSA record matched a chain
+certificate, a pointer to the matching certificate is returned via B<mcert>.
+The returned address is a short-term internal reference to the certificate and
+must not be freed by the application.
+Applications that want to retain access to the certificate can call
+L<X509_up_ref(3)> to obtain a long-term reference which must then be freed via
+L<X509_free(3)> once no longer needed.
+
+If no TLSA records directly matched any elements of the certificate chain, but
+a DANE-TA(2) SPKI(1) Full(0) record provided the public key that signed an
+element of the chain, then that key is returned via B<mspki> argument (if not
+NULL).
+In this case the return value is the depth of the top-most element of the
+validated certificate chain.
+As with B<mcert> this is a short-term internal reference, and
+L<EVP_PKEY_up_ref(3)> and L<EVP_PKEY_free(3)> can be used to acquire and
+release long-term references respectively.
+
+SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that
+matched the peer certificate chain.
+The return value indicates the match depth or failure to match just as with
+SSL_get0_dane_authority().
+When the return value is non-negative, the storage pointed to by the B<usage>,
+B<selector>, B<mtype> and B<data> parameters is updated to the corresponding
+TLSA record fields.
+The B<data> field is in binary wire form, and is therefore not NUL-terminated,
+its length is returned via the B<dlen> parameter.
+If any of these parameters is NULL, the corresponding field is not returned.
+The B<data> parameter is set to a short-term internal-copy of the associated
+data field and must not be freed by the application.
+Applications that need long-term access to this field need to copy the content.
+
+SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable
+optional DANE verification features.
+SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable
+the same features.
+The B<flags> argument is a bitmask of the features to enable or disable.
+The B<flags> set for an B<SSL_CTX> context are copied to each B<SSL> handle
+associated with that context at the time the handle is created.
+Subsequent changes in the context's B<flags> have no effect on the B<flags> set
+for the handle.
+
+At present, the only available option is B<DANE_FLAG_NO_DANE_EE_NAMECHECKS>
+which can be used to disable server name checks when authenticating via
+DANE-EE(3) TLSA records.
+For some applications, primarily web browsers, it is not safe to disable name
+checks due to "unknown key share" attacks, in which a malicious server can
+convince a client that a connection to a victim server is instead a secure
+connection to the malicious server.
+The malicious server may then be able to violate cross-origin scripting
+restrictions.
+Thus, despite the text of RFC7671, name checks are by default enabled for
+DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
+to do so.
+In particular, SMTP and XMPP clients should set this option as SRV and MX
+records already make it possible for a remote domain to redirect client
+connections to any server of its choice, and in any case SMTP and XMPP clients
+do not execute scripts downloaded from remote servers.
+
+=head1 RETURN VALUES
+
+The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(),
+SSL_dane_enable() and SSL_dane_tlsa_add() return a positive value on success.
+Negative return values indicate resource problems (out of memory, etc.) in the
+SSL library, while a return value of B<0> indicates incorrect usage or invalid
+input, such as an unsupported TLSA record certificate usage, selector or
+matching type.
+Invalid input also includes malformed data, either a digest length that does
+not match the digest algorithm, or a C<Full(0)> (binary ASN.1 DER form)
+certificate or a public key that fails to parse.
+
+The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a
+negative value when DANE authentication failed or was not enabled, a
+non-negative value indicates the chain depth at which the TLSA record matched a
+chain certificate, or the depth of the top-most certificate, when the TLSA
+record is a full public key that is its signer.
+
+The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(),
+SSL_dane_set_flags() and SSL_dane_clear_flags() return the B<flags> in effect
+before they were called.
+
+=head1 EXAMPLE
+
+Suppose "smtp.example.com" is the MX host of the domain "example.com", and has
+DNSSEC-validated TLSA records.
+The calls below will perform DANE authentication and arrange to match either
+the MX hostname or the destination domain name in the SMTP server certificate.
+Wildcards are supported, but must match the entire label.
+The actual name matched in the certificate (which might be a wildcard) is
+retrieved, and must be copied by the application if it is to be retained beyond
+the lifetime of the SSL connection.
+
+  SSL_CTX *ctx;
+  SSL *ssl;
+  int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+  int num_usable = 0;
+  const char *nexthop_domain = "example.com";
+  const char *dane_tlsa_domain = "smtp.example.com";
+  uint8_t usage, selector, mtype;
+
+  if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+    /* handle error */
+  if (SSL_CTX_dane_enable(ctx) <= 0)
+    /* handle error */
+
+  if ((ssl = SSL_new(ctx)) == NULL)
+    /* handle error */
+
+  if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+    /* handle error */
+
+  /*
+   * For many applications it is safe to skip DANE-EE(3) namechecks.  Do not
+   * disable the checks unless "unknown key share" attacks pose no risk for
+   * your application.
+   */
+  SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+  if (!SSL_add1_host(ssl, nexthop_domain))
+    /* handle error */
+  SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+  for (... each TLSA record ...) {
+    unsigned char *data;
+    size_t len;
+    int ret;
+
+    /* set usage, selector, mtype, data, len */
+
+    /*
+     * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+     * They treat all other certificate usages, and in particular PKIX-TA(0)
+     * and PKIX-EE(1), as unusable.
+     */
+    switch (usage) {
+    default:
+    case 0:     /* PKIX-TA(0) */
+    case 1:     /* PKIX-EE(1) */
+        continue;
+    case 2:     /* DANE-TA(2) */
+    case 3:     /* DANE-EE(3) */
+        break;
+    }
+
+    ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+    /* free data as appropriate */
+
+    if (ret < 0)
+        /* handle SSL library internal error */
+    else if (ret == 0)
+        /* handle unusable TLSA record */
+    else
+      ++num_usable;
+  }
+
+  /*
+   * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+   * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+   * are unusable, so continue the handshake even if authentication fails.
+   */
+  if (num_usable == 0) {
+    /* Log all records unusable? */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+    SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+  } else {
+    /* At least one usable record.  We expect to verify the peer */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+
+    /*
+     * Below we elect to fail the handshake when peer verification fails.
+     * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+     * complete the handshake, check the verification status, and if not
+     * verified disconnect gracefully at the application layer, especially if
+     * application protocol supports informing the server that authentication
+     * failed.
+     */
+    SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+  }
+
+  /*
+   * Load any saved session for resumption, making sure that the previous
+   * session applied the same security and authentication requirements that
+   * would be expected of a fresh connection.
+   */
+
+  /* Perform SSL_connect() handshake and handle errors here */
+
+  if (SSL_session_reused(ssl)) {
+      if (SSL_get_verify_result(ssl) == X509_V_OK) {
+        /*
+         * Resumed session was originally verified, this connection is
+         * authenticated.
+         */
+      } else {
+        /*
+         * Resumed session was not originally verified, this connection is not
+         * authenticated.
+         */
+      }
+  } else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+    const char *peername = SSL_get0_peername(ssl);
+    EVP_PKEY *mspki = NULL;
+
+    int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+    if (depth >= 0) {
+        (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+        printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+               (mspki != NULL) ? "TA public key verified certificate" :
+               depth ? "matched TA certificate" : "matched EE certificate",
+               depth);
+    }
+    if (peername != NULL) {
+      /* Name checks were in scope and matched the peername */
+      printf("Verified peername: %s\n", peername);
+    }
+  } else {
+    /*
+     * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+     * callback suppressed connection termination despite the presence of
+     * usable TLSA RRs none of which matched.  Do whatever is appropriate for
+     * fresh unauthenticated connections.
+     */
+  }
+
+=head1 NOTES
+
+It is expected that the majority of clients employing DANE TLS will be doing
+"opportunistic DANE TLS" in the sense of RFC7672 and RFC7435.
+That is, they will use DANE authentication when DNSSEC-validated TLSA records
+are published for a given peer, and otherwise will use unauthenticated TLS or
+even cleartext.
+
+Such applications should generally treat any TLSA records published by the peer
+with usages PKIX-TA(0) and PKIX-EE(1) as "unusable", and should not include
+them among the TLSA records used to authenticate peer connections.
+In addition, some TLSA records with supported usages may be "unusable" as a
+result of invalid or unsupported parameters.
+
+When a peer has TLSA records, but none are "usable", an opportunistic
+application must avoid cleartext, but cannot authenticate the peer,
+and so should generally proceed with an unauthenticated connection.
+Opportunistic applications need to note the return value of each
+call to SSL_dane_tlsa_add(), and if all return 0 (due to invalid
+or unsupported parameters) disable peer authentication by calling
+L<SSL_set_verify(3)> with B<mode> equal to B<SSL_VERIFY_NONE>.
+
+=head1 SEE ALSO
+
+L<SSL_new(3)>,
+L<SSL_add1_host(3)>,
+L<SSL_set_hostflags(3)>,
+L<SSL_set_tlsext_host_name(3)>,
+L<SSL_set_verify(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_get0_verified_chain(3)>,
+L<SSL_get_peer_cert_chain(3)>,
+L<SSL_get_verify_result(3)>,
+L<SSL_connect(3)>,
+L<SSL_get0_peername(3)>,
+L<X509_verify_cert(3)>,
+L<X509_up_ref(3)>,
+L<X509_free(3)>,
+L<EVP_get_digestbyname(3)>,
+L<EVP_PKEY_up_ref(3)>,
+L<EVP_PKEY_free(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_flush_sessions.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_flush_sessions.pod
new file mode 100644
index 0000000..7639451
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_flush_sessions.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+ void SSL_flush_sessions(SSL_CTX *ctx, long tm);
+
+=head1 DESCRIPTION
+
+SSL_CTX_flush_sessions() causes a run through the session cache of
+B<ctx> to remove sessions expired at time B<tm>.
+
+SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().
+
+=head1 NOTES
+
+If enabled, the internal session cache will collect all sessions established
+up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
+As sessions will not be reused ones they are expired, they should be
+removed from the cache to save resources. This can either be done
+ automatically whenever 255 new sessions were established (see
+L<SSL_CTX_set_session_cache_mode(3)>)
+or manually by calling SSL_CTX_flush_sessions().
+
+The parameter B<tm> specifies the time which should be used for the
+expiration test, in most cases the actual time given by time(0)
+will be used.
+
+SSL_CTX_flush_sessions() will only check sessions stored in the internal
+cache. When a session is found and removed, the remove_session_cb is however
+called to synchronize with the external cache (see
+L<SSL_CTX_sess_set_get_cb(3)>).
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_free.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_free.pod
new file mode 100644
index 0000000..e5cc1aa
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_free.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_free - free an allocated SSL_CTX object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_free(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the reference count has reached 0.
+
+It also calls the free()ing procedures for indirectly affected items, if
+applicable: the session cache, the list of ciphers, the list of Client CAs,
+the certificates and keys.
+
+If B<ctx> is NULL nothing is done.
+
+=head1 WARNINGS
+
+If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
+callback will be called for each session being freed from B<ctx>'s
+session cache. This implies, that all corresponding sessions from an
+external session cache are removed as well. If this is not desired, the user
+should explicitly unset the callback by calling
+SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
+
+=head1 RETURN VALUES
+
+SSL_CTX_free() does not provide diagnostic information.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)>, L<ssl(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_get0_param.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_get0_param.pod
new file mode 100644
index 0000000..6b93737
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_get0_param.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param -
+get and set verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+
+=head1 DESCRIPTION
+
+SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to
+the verification parameters for B<ctx> or B<ssl> respectively. The returned
+pointer must not be freed by the calling application.
+
+SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters
+to B<vpm> for B<ctx> or B<ssl>.
+
+=head1 NOTES
+
+Typically parameters are retrieved from an B<SSL_CTX> or B<SSL> structure
+using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies
+them to suit its needs: for example to add a hostname check.
+
+=head1 EXAMPLE
+
+Check hostname matches "www.foo.com" in peer certificate:
+
+ X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+ X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
+
+=head1 RETURN VALUES
+
+SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an
+B<X509_VERIFY_PARAM> structure.
+
+SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0
+for failure.
+
+=head1 SEE ALSO
+
+L<X509_VERIFY_PARAM_set_flags(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_get_verify_mode.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_get_verify_mode.pod
new file mode 100644
index 0000000..bd10034
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+ int SSL_get_verify_mode(const SSL *ssl);
+ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+ int SSL_get_verify_depth(const SSL *ssl);
+ int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+ int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
+
+=head1 DESCRIPTION
+
+SSL_CTX_get_verify_mode() returns the verification mode currently set in
+B<ctx>.
+
+SSL_get_verify_mode() returns the verification mode currently set in
+B<ssl>.
+
+SSL_CTX_get_verify_depth() returns the verification depth limit currently set
+in B<ctx>. If no limit has been explicitly set, -1 is returned and the
+default value will be used.
+
+SSL_get_verify_depth() returns the verification depth limit currently set
+in B<ssl>. If no limit has been explicitly set, -1 is returned and the
+default value will be used.
+
+SSL_CTX_get_verify_callback() returns a function pointer to the verification
+callback currently set in B<ctx>. If no callback was explicitly set, the
+NULL pointer is returned and the default callback will be used.
+
+SSL_get_verify_callback() returns a function pointer to the verification
+callback currently set in B<ssl>. If no callback was explicitly set, the
+NULL pointer is returned and the default callback will be used.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_has_client_custom_ext.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_has_client_custom_ext.pod
new file mode 100644
index 0000000..d9e9a06
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_has_client_custom_ext.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_has_client_custom_ext - check whether a handler exists for a particular
+client extension type
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type);
+
+=head1 DESCRIPTION
+
+SSL_CTX_has_client_custom_ext() checks whether a handler has been set for a
+client extension of type B<ext_type> using SSL_CTX_add_client_custom_ext().
+
+=head1 RETURN VALUES
+
+Returns 1 if a handler has been set, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_add_client_custom_ext(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_load_verify_locations.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_load_verify_locations.pod
new file mode 100644
index 0000000..59d11e0
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -0,0 +1,161 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths,
+SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file - set
+default locations for trusted CA certificates
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                   const char *CApath);
+
+ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+
+ int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+
+ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
+which CA certificates for verification purposes are located. The certificates
+available via B<CAfile> and B<CApath> are trusted.
+
+SSL_CTX_set_default_verify_paths() specifies that the default locations from
+which CA certificates are loaded should be used. There is one default directory
+and one default file. The default CA certificates directory is called "certs" in
+the default OpenSSL directory. Alternatively the SSL_CERT_DIR environment
+variable can be defined to override this location. The default CA certificates
+file is called "cert.pem" in the default OpenSSL directory. Alternatively the
+SSL_CERT_FILE environment variable can be defined to override this location.
+
+SSL_CTX_set_default_verify_dir() is similar to
+SSL_CTX_set_default_verify_paths() except that just the default directory is
+used.
+
+SSL_CTX_set_default_verify_file() is similar to
+SSL_CTX_set_default_verify_paths() except that just the default file is
+used.
+
+=head1 NOTES
+
+If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
+format. The file can contain several CA certificates identified by
+
+ -----BEGIN CERTIFICATE-----
+ ... (CA certificate in base64 encoding) ...
+ -----END CERTIFICATE-----
+
+sequences. Before, between, and after the certificates text is allowed
+which can be used e.g. for descriptions of the certificates.
+
+The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
+function.
+
+If B<CApath> is not NULL, it points to a directory containing CA certificates
+in PEM format. The files each contain one CA certificate. The files are
+looked up by the CA subject name hash value, which must hence be available.
+If more than one CA certificate with the same name hash value exist, the
+extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
+is performed in the ordering of the extension number, regardless of other
+properties of the certificates.
+Use the B<c_rehash> utility to create the necessary links.
+
+The certificates in B<CApath> are only looked up when required, e.g. when
+building the certificate chain or when actually performing the verification
+of a peer certificate.
+
+When looking up CA certificates, the OpenSSL library will first search the
+certificates in B<CAfile>, then those in B<CApath>. Certificate matching
+is done based on the subject name, the key identifier (if present), and the
+serial number as taken from the certificate to be verified. If these data
+do not match, the next certificate will be tried. If a first certificate
+matching the parameters is found, the verification process will be performed;
+no other certificates for the same parameters will be searched in case of
+failure.
+
+In server mode, when requesting a client certificate, the server must send
+the list of CAs of which it will accept client certificates. This list
+is not influenced by the contents of B<CAfile> or B<CApath> and must
+explicitly be set using the
+L<SSL_CTX_set_client_CA_list(3)>
+family of functions.
+
+When building its own certificate chain, an OpenSSL client/server will
+try to fill in missing certificates from B<CAfile>/B<CApath>, if the
+certificate chain was not explicitly specified (see
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_use_certificate(3)>.
+
+=head1 WARNINGS
+
+If several CA certificates matching the name, key identifier, and serial
+number condition are available, only the first one will be examined. This
+may lead to unexpected results if the same CA certificate is available
+with different expiration dates. If a "certificate expired" verification
+error occurs, no other certificate will be searched. Make sure to not
+have expired certificates mixed with valid ones.
+
+=head1 EXAMPLES
+
+Generate a CA certificate file with descriptive text from the CA certificates
+ca1.pem ca2.pem ca3.pem:
+
+ #!/bin/sh
+ rm CAfile.pem
+ for i in ca1.pem ca2.pem ca3.pem ; do
+   openssl x509 -in $i -text >> CAfile.pem
+ done
+
+Prepare the directory /some/where/certs containing several CA certificates
+for use as B<CApath>:
+
+ cd /some/where/certs
+ c_rehash .
+
+=head1 RETURN VALUES
+
+For SSL_CTX_load_verify_locations the following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The operation failed because B<CAfile> and B<CApath> are NULL or the
+processing at one of the locations specified failed. Check the error
+stack to find out the reason.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and
+SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A
+missing default location is still treated as a success.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)>,
+L<SSL_get_client_CA_list(3)>,
+L<SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_set_cert_store(3)>,
+L<SSL_CTX_set_client_CA_list(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_new.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_new.pod
new file mode 100644
index 0000000..7b35bdd
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_new.pod
@@ -0,0 +1,218 @@
+=pod
+
+=head1 NAME
+
+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
+SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
+SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
+TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
+SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
+DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method
+- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
+functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+ const SSL_METHOD *TLS_method(void);
+ const SSL_METHOD *TLS_server_method(void);
+ const SSL_METHOD *TLS_client_method(void);
+
+ const SSL_METHOD *SSLv23_method(void);
+ const SSL_METHOD *SSLv23_server_method(void);
+ const SSL_METHOD *SSLv23_client_method(void);
+
+ #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
+ const SSL_METHOD *SSLv3_server_method(void);
+ const SSL_METHOD *SSLv3_client_method(void);
+ #endif
+
+ #ifndef OPENSSL_NO_TLS1_METHOD
+ const SSL_METHOD *TLSv1_method(void);
+ const SSL_METHOD *TLSv1_server_method(void);
+ const SSL_METHOD *TLSv1_client_method(void);
+ #endif
+
+ #ifndef OPENSSL_NO_TLS1_1_METHOD
+ const SSL_METHOD *TLSv1_1_method(void);
+ const SSL_METHOD *TLSv1_1_server_method(void);
+ const SSL_METHOD *TLSv1_1_client_method(void);
+ #endif
+
+ #ifndef OPENSSL_NO_TLS1_2_METHOD
+ const SSL_METHOD *TLSv1_2_method(void);
+ const SSL_METHOD *TLSv1_2_server_method(void);
+ const SSL_METHOD *TLSv1_2_client_method(void);
+ #endif
+
+ const SSL_METHOD *DTLS_method(void);
+ const SSL_METHOD *DTLS_server_method(void);
+ const SSL_METHOD *DTLS_client_method(void);
+
+ #ifndef OPENSSL_NO_DTLS1_METHOD
+ const SSL_METHOD *DTLSv1_method(void);
+ const SSL_METHOD *DTLSv1_server_method(void);
+ const SSL_METHOD *DTLSv1_client_method(void);
+ #endif
+
+ #ifndef OPENSSL_NO_DTLS1_2_METHOD
+ const SSL_METHOD *DTLSv1_2_method(void);
+ const SSL_METHOD *DTLSv1_2_server_method(void);
+ const SSL_METHOD *DTLSv1_2_client_method(void);
+ #endif
+
+=head1 DESCRIPTION
+
+SSL_CTX_new() creates a new B<SSL_CTX> object as framework to
+establish TLS/SSL or DTLS enabled connections. An B<SSL_CTX> object is
+reference counted. Creating an B<SSL_CTX> object for the first time increments
+the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the
+B<SSL_CTX> object are freed. SSL_CTX_up_ref() increments the reference count for
+an existing B<SSL_CTX> structure.
+
+=head1 NOTES
+
+The SSL_CTX object uses B<method> as connection method.
+The methods exist in a generic type (for client and server use), a server only
+type, and a client only type.
+B<method> can be of the following types:
+
+=over 4
+
+=item TLS_method(), TLS_server_method(), TLS_client_method()
+
+These are the general-purpose I<version-flexible> SSL/TLS methods.
+The actual protocol version used will be negotiated to the highest version
+mutually supported by the client and the server.
+The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
+Applications should use these methods, and avoid the version-specific
+methods described below.
+
+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
+
+Use of these functions is deprecated. They have been replaced with the above
+TLS_method(), TLS_server_method() and TLS_client_method() respectively. New
+code should use those functions instead.
+
+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1.2 protocol.
+
+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1.1 protocol.
+
+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol.
+
+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 protocol.
+The SSLv3 protocol is deprecated and should not be used.
+
+=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
+
+These are the version-flexible DTLS methods.
+Currently supported protocols are DTLS 1.0 and DTLS 1.2.
+
+=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
+
+These are the version-specific methods for DTLSv1.2.
+
+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
+
+These are the version-specific methods for DTLSv1.
+
+=back
+
+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the
+callbacks, the keys and certificates and the options to their default values.
+
+TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(),
+DTLS_server_method() and DTLS_client_method() are the I<version-flexible>
+methods.
+All other methods only support one specific protocol version.
+Use the I<version-flexible> methods instead of the version specific methods.
+
+If you want to limit the supported protocols for the version flexible
+methods you can use L<SSL_CTX_set_min_proto_version(3)>,
+L<SSL_set_min_proto_version(3)>, L<SSL_CTX_set_max_proto_version(3)> and
+L<SSL_set_max_proto_version(3)> functions.
+Using these functions it is possible to choose e.g. TLS_server_method()
+and be able to negotiate with all possible clients, but to only
+allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2.
+
+The list of protocols available can also be limited using the
+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and
+B<SSL_OP_NO_TLSv1_2> options of the L<SSL_CTX_set_options(3)> or
+L<SSL_set_options(3)> functions, but this approach is not recommended.
+Clients should avoid creating "holes" in the set of protocols they support.
+When disabling a protocol, make sure that you also disable either all previous
+or all subsequent protocol versions.
+In clients, when a protocol version is disabled without disabling I<all>
+previous protocol versions, the effect is to also disable all subsequent
+protocol versions.
+
+The SSLv3 protocol is deprecated and should generally not be used.
+Applications should typically use L<SSL_CTX_set_min_proto_version(3)> to set
+the minimum protocol to at least B<TLS1_VERSION>.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL_CTX object failed. Check the error stack to find out
+the reason.
+
+=item Pointer to an SSL_CTX object
+
+The return value points to an allocated SSL_CTX object.
+
+SSL_CTX_up_ref() returns 1 for success and 0 for failure.
+
+=back
+
+=head1 HISTORY
+
+Support for SSLv2 and the corresponding SSLv2_method(),
+SSLv2_server_method() and SSLv2_client_method() functions where
+removed in OpenSSL 1.1.0.
+
+SSLv23_method(), SSLv23_server_method() and SSLv23_client_method()
+were deprecated and the preferred TLS_method(), TLS_server_method()
+and TLS_client_method() functions were introduced in OpenSSL 1.1.0.
+
+All version-specific methods were deprecated in OpenSSL 1.1.0.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
+L<SSL_CTX_set_min_proto_version(3)>, L<ssl(3)>, L<SSL_set_connect_state(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_number.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_number.pod
new file mode 100644
index 0000000..049c04c
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_number.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_sess_number(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_misses(SSL_CTX *ctx);
+ long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+ long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_number() returns the current number of sessions in the internal
+session cache.
+
+SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in
+client mode.
+
+SSL_CTX_sess_connect_good() returns the number of successfully established
+SSL/TLS sessions in client mode.
+
+SSL_CTX_sess_connect_renegotiate() returns the number of start renegotiations
+in client mode.
+
+SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in
+server mode.
+
+SSL_CTX_sess_accept_good() returns the number of successfully established
+SSL/TLS sessions in server mode.
+
+SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations
+in server mode.
+
+SSL_CTX_sess_hits() returns the number of successfully reused sessions.
+In client mode a session set with L<SSL_set_session(3)>
+successfully reused is counted as a hit. In server mode a session successfully
+retrieved from internal or external cache is counted as a hit.
+
+SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions
+from the external session cache in server mode.
+
+SSL_CTX_sess_misses() returns the number of sessions proposed by clients
+that were not found in the internal session cache in server mode.
+
+SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients
+and either found in the internal or external session cache in server mode,
+ but that were invalid due to timeout. These sessions are not included in
+the SSL_CTX_sess_hits() count.
+
+SSL_CTX_sess_cache_full() returns the number of sessions that were removed
+because the maximum session cache size was exceeded.
+
+=head1 RETURN VALUES
+
+The functions return the values indicated in the DESCRIPTION section.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_set_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>
+L<SSL_CTX_sess_set_cache_size(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_cache_size.pod
new file mode 100644
index 0000000..5aef10b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_cache_size.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+ long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
+of context B<ctx> to B<t>.
+This value is a hint and not an absolute; see the notes below.
+
+SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
+
+=head1 NOTES
+
+The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
+currently 1024*20, so that up to 20000 sessions can be held. This size
+can be modified using the SSL_CTX_sess_set_cache_size() call. A special
+case is the size 0, which is used for unlimited size.
+
+If adding the session makes the cache exceed its size, then unused
+sessions are dropped from the end of the cache.
+Cache space may also be reclaimed by calling
+L<SSL_CTX_flush_sessions(3)> to remove
+expired sessions.
+
+If the size of the session cache is reduced and more sessions are already
+in the session cache, old session will be removed at the next time a
+session shall be added. This removal is not synchronized with the
+expiration of sessions.
+
+=head1 RETURN VALUES
+
+SSL_CTX_sess_set_cache_size() returns the previously valid size.
+
+SSL_CTX_sess_get_cache_size() returns the currently valid size.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_sess_number(3)>,
+L<SSL_CTX_flush_sessions(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_get_cb.pod
new file mode 100644
index 0000000..d2b0e04
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                              int (*new_session_cb)(SSL *, SSL_SESSION *));
+ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+           void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
+ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+           SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *));
+
+ int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, const unsigned char *data, int len, int *copy);
+
+ int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+               int len, int *copy);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
+called whenever a new session was negotiated.
+
+SSL_CTX_sess_set_remove_cb() sets the callback function, which is
+automatically called whenever a session is removed by the SSL engine,
+because it is considered faulty or the session has become obsolete because
+of exceeding the timeout value.
+
+SSL_CTX_sess_set_get_cb() sets the callback function which is called,
+whenever a SSL/TLS client proposed to resume a session but the session
+could not be found in the internal session cache (see
+L<SSL_CTX_set_session_cache_mode(3)>).
+(SSL/TLS server only.)
+
+SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
+SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
+provided callback functions. If a callback function has not been set,
+the NULL pointer is returned.
+
+=head1 NOTES
+
+In order to allow external session caching, synchronization with the internal
+session cache is realized via callback functions. Inside these callback
+functions, session can be saved to disk or put into a database using the
+L<d2i_SSL_SESSION(3)> interface.
+
+The new_session_cb() is called, whenever a new session has been negotiated
+and session caching is enabled (see
+L<SSL_CTX_set_session_cache_mode(3)>).
+The new_session_cb() is passed the B<ssl> connection and the ssl session
+B<sess>. If the callback returns B<0>, the session will be immediately
+removed again.
+
+The remove_session_cb() is called, whenever the SSL engine removes a session
+from the internal cache. This happens when the session is removed because
+it is expired or when a connection was not shutdown cleanly. It also happens
+for all sessions in the internal session cache when
+L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed
+the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
+
+The get_session_cb() is only called on SSL/TLS servers with the session id
+proposed by the client. The get_session_cb() is always called, also when
+session caching was disabled. The get_session_cb() is passed the
+B<ssl> connection, the session id of length B<length> at the memory location
+B<data>. With the parameter B<copy> the callback can require the
+SSL engine to increment the reference count of the SSL_SESSION object,
+Normally the reference count is not incremented and therefore the
+session must not be explicitly freed with
+L<SSL_SESSION_free(3)>.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<d2i_SSL_SESSION(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_flush_sessions(3)>,
+L<SSL_SESSION_free(3)>,
+L<SSL_CTX_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_sessions.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_sessions.pod
new file mode 100644
index 0000000..bc4a55e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_sessions.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sessions - access internal session cache
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sessions() returns a pointer to the lhash databases containing the
+internal session cache for B<ctx>.
+
+=head1 NOTES
+
+The sessions in the internal session cache are kept in an
+L<lhash(3)> type database. It is possible to directly
+access this database e.g. for searching. In parallel, the sessions
+form a linked list which is maintained separately from the
+L<lhash(3)> operations, so that the database must not be
+modified directly but by using the
+L<SSL_CTX_add_session(3)> family of functions.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<lhash(3)>,
+L<SSL_CTX_add_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_curves.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_curves.pod
new file mode 100644
index 0000000..b0276c8
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_curves.pod
@@ -0,0 +1,90 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
+SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+ int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
+
+ int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+ int SSL_set1_curves_list(SSL *ssl, char *list);
+
+ int SSL_get1_curves(SSL *ssl, int *curves);
+ int SSL_get_shared_curve(SSL *s, int n);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen>
+curves in the array B<clist>. The array consist of all NIDs of curves in
+preference order. For a TLS client the curves are used directly in the
+supported curves extension. For a TLS server the curves are used to
+determine the set of shared curves.
+
+SSL_CTX_set1_curves_list() sets the supported curves for B<ctx> to
+string B<list>. The string is a colon separated list of curve NIDs or
+names, for example "P-521:P-384:P-256".
+
+SSL_set1_curves() and SSL_set1_curves_list() are similar except they set
+supported curves for the SSL structure B<ssl>.
+
+SSL_get1_curves() returns the set of supported curves sent by a client
+in the supported curves extension. It returns the total number of
+supported curves. The B<curves> parameter can be B<NULL> to simply
+return the number of curves for memory allocation purposes. The
+B<curves> array is in the form of a set of curve NIDs in preference
+order. It can return zero if the client did not send a supported curves
+extension.
+
+SSL_get_shared_curve() returns shared curve B<n> for a server-side
+SSL B<ssl>. If B<n> is -1 then the total number of shared curves is
+returned, which may be zero. Other than for diagnostic purposes,
+most applications will only be interested in the first shared curve
+so B<n> is normally set to zero. If the value B<n> is out of range,
+NID_undef is returned.
+
+All these functions are implemented as macros.
+
+=head1 NOTES
+
+If an application wishes to make use of several of these functions for
+configuration purposes either on a command line or in a file it should
+consider using the SSL_CONF interface instead of manually parsing options.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and
+SSL_set1_curves_list(), return 1 for success and 0 for failure.
+
+SSL_get1_curves() returns the number of curves, which may be zero.
+
+SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there
+is no shared curve B<n>; or the total number of shared curves if B<n>
+is -1.
+
+When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and
+returns -1.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_add_extra_chain_cert(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_sigalgs.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_sigalgs.pod
new file mode 100644
index 0000000..e9073b9
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_sigalgs.pod
@@ -0,0 +1,113 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list,
+SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs,
+SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list,
+SSL_set1_client_sigalgs_list - set supported signature algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
+
+ long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature
+algorithms for B<ctx> or B<ssl>. The array B<slist> of length B<slistlen>
+must consist of pairs of NIDs corresponding to digest and public key
+algorithms.
+
+SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported
+signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
+must be a null terminated string consisting or a colon separated list of
+public key algorithms and digests separated by B<+>.
+
+SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(),
+SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set
+signature algorithms related to client authentication, otherwise they are
+identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(),
+SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().
+
+All these functions are implemented as macros. The signature algorithm
+parameter (integer array or string) is not freed: the application should
+free it, if necessary.
+
+=head1 NOTES
+
+If an application wishes to allow the setting of signature algorithms
+as one of many user configurable options it should consider using the more
+flexible SSL_CONF API instead.
+
+The signature algorithms set by a client are used directly in the supported
+signature algorithm in the client hello message.
+
+The supported signature algorithms set by a server are not sent to the
+client but are used to determine the set of shared signature algorithms
+and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE)
+their order.
+
+The client authentication signature algorithms set by a server are sent
+in a certificate request message if client authentication is enabled,
+otherwise they are unused.
+
+Similarly client authentication signature algorithms set by a client are
+used to determined the set of client authentication shared signature
+algorithms.
+
+Signature algorithms will neither be advertised nor used if the security level
+prohibits them (for example SHA1 if the security level is 4 or more).
+
+Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and
+NID_sha512 digest NIDs are supported and the public key algorithm NIDs
+EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC.
+
+The short or long name values for digests can be used in a string (for
+example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and
+the public key algorithm strings "RSA", "DSA" or "ECDSA".
+
+The use of MD5 as a digest is strongly discouraged due to security weaknesses.
+
+=head1 EXAMPLES
+
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
+using an array:
+
+    const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+
+    SSL_CTX_set1_sigalgs(ctx, slist, 4);
+
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
+using a string:
+
+    SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
+
+=head1 RETURN VALUES
+
+All these functions return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_shared_sigalgs(3)>,
+L<SSL_CONF_CTX_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
new file mode 100644
index 0000000..bfe8b70
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
@@ -0,0 +1,100 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store,
+SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store,
+SSL_set0_verify_cert_store, SSL_set1_verify_cert_store,
+SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate
+verification or chain store
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+
+ int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store()
+set the certificate store used for certificate verification to B<st>.
+
+SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store()
+set the certificate store used for certificate chain building to B<st>.
+
+SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(),
+SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar
+except they apply to SSL structure B<ssl>.
+
+All these functions are implemented as macros. Those containing a B<1>
+increment the reference count of the supplied store so it must
+be freed at some point after the operation. Those containing a B<0> do
+not increment reference counts and the supplied store B<MUST NOT> be freed
+after the operation.
+
+=head1 NOTES
+
+The stores pointers associated with an SSL_CTX structure are copied to any SSL
+structures when SSL_new() is called. As a result SSL structures will not be
+affected if the parent SSL_CTX store pointer is set to a new value.
+
+The verification store is used to verify the certificate chain sent by the
+peer: that is an SSL/TLS client will use the verification store to verify
+the server's certificate chain and a SSL/TLS server will use it to verify
+any client certificate chain.
+
+The chain store is used to build the certificate chain.
+
+If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
+configured already (for example using the functions such as
+L<SSL_CTX_add1_chain_cert(3)> or
+L<SSL_CTX_add_extra_chain_cert(3)>) then
+automatic chain building is disabled.
+
+If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building
+is disabled.
+
+If the chain or the verification store is not set then the store associated
+with the parent SSL_CTX is used instead to retain compatibility with previous
+versions of OpenSSL.
+
+=head1 RETURN VALUES
+
+All these functions return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_set0_chain(3)>
+L<SSL_CTX_set1_chain(3)>
+L<SSL_CTX_add0_chain_cert(3)>
+L<SSL_CTX_add1_chain_cert(3)>
+L<SSL_set0_chain(3)>
+L<SSL_set1_chain(3)>
+L<SSL_add0_chain_cert(3)>
+L<SSL_add1_chain_cert(3)>
+L<SSL_CTX_build_cert_chain(3)>
+L<SSL_build_cert_chain(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_alpn_select_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
new file mode 100644
index 0000000..56c8609
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
@@ -0,0 +1,197 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb,
+SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb,
+SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
+- handle application layer protocol negotiation (ALPN)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                             unsigned int protos_len);
+ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                         unsigned int protos_len);
+ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                 int (*cb) (SSL *ssl,
+                                            const unsigned char **out,
+                                            unsigned char *outlen,
+                                            const unsigned char *in,
+                                            unsigned int inlen,
+                                            void *arg), void *arg);
+ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                             unsigned int *len);
+
+ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                            int (*cb)(SSL *ssl,
+                                                      const unsigned char **out,
+                                                      unsigned int *outlen,
+                                                      void *arg),
+                                            void *arg);
+ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                               int (*cb)(SSL *s,
+                                         unsigned char **out,
+                                         unsigned char *outlen,
+                                         const unsigned char *in,
+                                         unsigned int inlen,
+                                         void *arg),
+                               void *arg);
+ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                           const unsigned char *server,
+                           unsigned int server_len,
+                           const unsigned char *client,
+                           unsigned int client_len)
+ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                             unsigned *len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
+set the list of protocols available to be negotiated. The B<protos> must be in
+protocol-list format, described below. The length of B<protos> is specified in
+B<protos_len>.
+
+SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
+server to select which protocol to use for the incoming connection. When B<cb>
+is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
+the application callback.
+
+B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
+vector in protocol-list format. The value of the B<out>, B<outlen> vector
+should be set to the value of a single protocol selected from the B<in>,
+B<inlen> vector. The B<out> buffer may point directly into B<in>, or to a
+buffer that outlives the handshake. The B<arg> parameter is the pointer set via
+SSL_CTX_set_alpn_select_cb().
+
+SSL_select_next_proto() is a helper function used to select protocols. It
+implements the standard protocol selection. It is expected that this function
+is called from the application callback B<cb>. The protocol data in B<server>,
+B<server_len> and B<client>, B<client_len> must be in the protocol-list format
+described below. The first item in the B<server>, B<server_len> list that
+matches an item in the B<client>, B<client_len> list is selected, and returned
+in B<out>, B<outlen>. The B<out> value will point into either B<server> or
+B<client>, so it should be copied immediately. If no match is found, the first
+item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
+function can also be used in the NPN callback.
+
+SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
+client needs to select a protocol from the server's provided list, and a
+user-defined pointer argument B<arg> which will be passed to this callback.
+For the callback itself, B<out>
+must be set to point to the selected protocol (which may be within B<in>).
+The length of the protocol name must be written into B<outlen>. The
+server's advertised protocols are provided in B<in> and B<inlen>. The
+callback can assume that B<in> is syntactically valid. The client must
+select a protocol. It is fatal to the connection if this callback returns
+a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
+set via SSL_CTX_set_next_proto_select_cb().
+
+SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
+when a TLS server needs a list of supported protocols for Next Protocol
+Negotiation. The returned list must be in protocol-list format, described
+below.  The list is
+returned by setting B<out> to point to it and B<outlen> to its length. This
+memory will not be modified, but the B<SSL> does keep a
+reference to it. The callback should return B<SSL_TLSEXT_ERR_OK> if it
+wishes to advertise. Otherwise, no such extension will be included in the
+ServerHello.
+
+SSL_get0_alpn_selected() returns a pointer to the selected protocol in B<data>
+with length B<len>. It is not NUL-terminated. B<data> is set to NULL and B<len>
+is set to 0 if no protocol has been selected. B<data> must not be freed.
+
+SSL_get0_next_proto_negotiated() sets B<data> and B<len> to point to the
+client's requested protocol for this connection. If the client did not
+request any protocol or NPN is not enabled, then B<data> is set to NULL and
+B<len> to 0. Note that
+the client can request any protocol it chooses. The value returned from
+this function need not be a member of the list of supported protocols
+provided by the callback.
+
+=head1 NOTES
+
+The protocol-lists must be in wire-format, which is defined as a vector of
+non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
+included in the length. Each string is limited to 255 bytes. A byte-string
+length of 0 is invalid. A truncated byte-string is invalid. The length of the
+vector is not in the vector itself, but in a separate variable.
+
+Example:
+
+ unsigned char vector[] = {
+     6, 's', 'p', 'd', 'y', '/', '1',
+     8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+ };
+ unsigned int length = sizeof(vector);
+
+The ALPN callback is executed after the servername callback; as that servername
+callback may update the SSL_CTX, and subsequently, the ALPN callback.
+
+If there is no ALPN proposed in the ClientHello, the ALPN callback is not
+invoked.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and
+non-0 on failure. WARNING: these functions reverse the return value convention.
+
+SSL_select_next_proto() returns one of the following:
+
+=over 4
+
+=item OPENSSL_NPN_NEGOTIATED
+
+A match was found and is returned in B<out>, B<outlen>.
+
+=item OPENSSL_NPN_NO_OVERLAP
+
+No match was found. The first item in B<client>, B<client_len> is returned in
+B<out>, B<outlen>.
+
+=back
+
+The ALPN select callback B<cb>, must return one of the following:
+
+=over 4
+
+=item SSL_TLSEXT_ERR_OK
+
+ALPN protocol selected.
+
+=item SSL_TLSEXT_ERR_ALERT_FATAL
+
+There was no overlap between the client's supplied list and the server
+configuration.
+
+=item SSL_TLSEXT_ERR_NOACK
+
+ALPN protocol not selected, e.g., because no ALPN protocols are configured for
+this connection.
+
+=back
+
+The callback set using SSL_CTX_set_next_proto_select_cb() should return
+B<SSL_TLSEXT_ERR_OK> if successful. Any other value is fatal to the connection.
+
+The callback set using SSL_CTX_set_next_protos_advertised_cb() should return
+B<SSL_TLSEXT_ERR_OK> if it wishes to advertise. Otherwise, no such extension
+will be included in the ServerHello.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
+L<SSL_CTX_set_tlsext_servername_arg(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod
new file mode 100644
index 0000000..eaa7a4e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+ void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+
+ int (*cert_cb)(SSL *ssl, void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback,
+B<arg> value is pointer which is passed to the application callback.
+
+When cert_cb() is NULL, no callback function is used.
+
+cert_cb() is the application defined callback. It is called before a
+certificate will be used by a client or server. The callback can then inspect
+the passed B<ssl> structure and set or clear any appropriate certificates. If
+the callback is successful it B<MUST> return 1 even if no certificates have
+been set. A zero is returned on error which will abort the handshake with a
+fatal internal error alert. A negative return value will suspend the handshake
+and the handshake function will return immediately.
+L<SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to
+indicate, that the handshake was suspended. The next call to the handshake
+function will again lead to the call of cert_cb(). It is the job of the
+cert_cb() to store information about the state of the last call,
+if required to continue.
+
+=head1 NOTES
+
+An application will typically call SSL_use_certificate() and
+SSL_use_PrivateKey() to set the end entity certificate and private key.
+It can add intermediate and optionally the root CA certificates using
+SSL_add1_chain_cert().
+
+It might also call SSL_certs_clear() to delete any certificates associated
+with the B<SSL> object.
+
+The certificate callback functionality supersedes the (largely broken)
+functionality provided by the old client certificate callback interface.
+It is B<always> called even is a certificate is already set so the callback
+can modify or delete the existing certificate.
+
+A more advanced callback might examine the handshake parameters and set
+whatever chain is appropriate. For example a legacy client supporting only
+TLS v1.0 might receive a certificate chain signed using SHA1 whereas a
+TLS v1.2 client which advertises support for SHA256 could receive a chain
+using SHA256.
+
+Normal server sanity checks are performed on any certificates set
+by the callback. So if an EC chain is set for a curve the client does not
+support it will B<not> be used.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_use_certificate(3)>,
+L<SSL_add1_chain_cert(3)>,
+L<SSL_get_client_CA_list(3)>,
+L<SSL_clear(3)>, L<SSL_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_store.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_store.pod
new file mode 100644
index 0000000..7f7a794
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_store.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
+of B<ctx> to/with B<store>. If another X509_STORE object is currently
+set in B<ctx>, it will be X509_STORE_free()ed.
+
+SSL_CTX_get_cert_store() returns a pointer to the current certificate
+verification storage.
+
+=head1 NOTES
+
+In order to verify the certificates presented by the peer, trusted CA
+certificates must be accessed. These CA certificates are made available
+via lookup methods, handled inside the X509_STORE. From the X509_STORE
+the X509_STORE_CTX used when verifying certificates is created.
+
+Typically the trusted certificate store is handled indirectly via using
+L<SSL_CTX_load_verify_locations(3)>.
+Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
+it is possible to manipulate the X509_STORE object beyond the
+L<SSL_CTX_load_verify_locations(3)>
+call.
+
+Currently no detailed documentation on how to use the X509_STORE
+object is available. Not all members of the X509_STORE are used when
+the verification takes place. So will e.g. the verify_callback() be
+overridden with the verify_callback() set via the
+L<SSL_CTX_set_verify(3)> family of functions.
+This document must therefore be updated when documentation about the
+X509_STORE object and its handling becomes available.
+
+=head1 RESTRICTIONS
+
+The X509_STORE structure used by an SSL_CTX is used for verifying peer
+certificates and building certificate chains, it is also shared by
+every child SSL structure. Applications wanting finer control can use
+functions such as SSL_CTX_set1_verify_cert_store() instead.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_store() does not return diagnostic output.
+
+SSL_CTX_get_cert_store() returns the current setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_load_verify_locations(3)>,
+L<SSL_CTX_set_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
new file mode 100644
index 0000000..af303f2
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cert_verify_callback() sets the verification callback function for
+I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at
+the time when L<SSL_new(3)> is called.
+
+=head1 NOTES
+
+Whenever a certificate is verified during a SSL/TLS handshake, a verification
+function is called. If the application does not explicitly specify a
+verification callback function, the built-in verification function is used.
+If a verification callback I<callback> is specified via
+SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
+instead. By setting I<callback> to NULL, the default behaviour is restored.
+
+When the verification must be performed, I<callback> will be called with
+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
+argument I<arg> is specified by the application when setting I<callback>.
+
+I<callback> should return 1 to indicate verification success and 0 to
+indicate verification failure. If SSL_VERIFY_PEER is set and I<callback>
+returns 0, the handshake will fail. As the verification procedure may
+allow to continue the connection in case of failure (by always returning 1)
+the verification result must be set in any case using the B<error>
+member of I<x509_store_ctx> so that the calling application will be informed
+about the detailed result of the verification procedure!
+
+Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
+function set using L<SSL_CTX_set_verify(3)>.
+
+=head1 WARNINGS
+
+Do not mix the verification callback described in this function with the
+B<verify_callback> function called during the verification process. The
+latter is set using the L<SSL_CTX_set_verify(3)>
+family of functions.
+
+Providing a complete verification procedure including certificate purpose
+settings etc is a complex task. The built-in procedure is quite powerful
+and in most cases it should be sufficient to modify its behaviour using
+the B<verify_callback> function.
+
+=head1 BUGS
+
+SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_verify(3)>,
+L<SSL_get_verify_result(3)>,
+L<SSL_CTX_load_verify_locations(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cipher_list.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cipher_list.pod
new file mode 100644
index 0000000..4e66917
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+ int SSL_set_cipher_list(SSL *ssl, const char *str);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx>
+using the control string B<str>. The format of the string is described
+in L<ciphers(1)>. The list of ciphers is inherited by all
+B<ssl> objects created from B<ctx>.
+
+SSL_set_cipher_list() sets the list of ciphers only for B<ssl>.
+
+=head1 NOTES
+
+The control string B<str> should be universally usable and not depend
+on details of the library configuration (ciphers compiled in). Thus no
+syntax checking takes place. Items that are not recognized, because the
+corresponding ciphers are not compiled in or because they are mistyped,
+are simply ignored. Failure is only flagged if no ciphers could be collected
+at all.
+
+It should be noted, that inclusion of a cipher to be used into the list is
+a necessary condition. On the client side, the inclusion into the list is
+also sufficient unless the security level excludes it. On the server side,
+additional restrictions apply. All ciphers have additional requirements.
+ADH ciphers don't need a certificate, but DH-parameters must have been set.
+All other ciphers need a corresponding certificate and key.
+
+A RSA cipher can only be chosen, when a RSA certificate is available.
+RSA ciphers using DHE need a certificate and key and additional DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)>).
+
+A DSA cipher can only be chosen, when a DSA certificate is available.
+DSA ciphers always use DH key exchange and therefore need DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)>).
+
+When these conditions are not met for any cipher in the list (e.g. a
+client only supports export RSA ciphers with an asymmetric key length
+of 512 bits and the server is not configured to use temporary RSA
+keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
+and the handshake will fail.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
+could be selected and 0 on complete failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_ciphers(3)>,
+L<SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<ciphers(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_CA_list.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_CA_list.pod
new file mode 100644
index 0000000..0252e7b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+SSL_add_client_CA - set list of CAs sent to the client when requesting a
+client certificate
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for B<ctx>.
+
+SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for the chosen B<ssl>, overriding the
+setting valid for B<ssl>'s SSL_CTX object.
+
+SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+B<ctx>.
+
+SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
+
+=head1 NOTES
+
+When a TLS/SSL server requests a client certificate (see
+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
+it will accept certificates, to the client.
+
+This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+specified overrides the previous setting. The CAs listed do not become
+trusted (B<list> only contains the names, not the complete certificates); use
+L<SSL_CTX_load_verify_locations(3)>
+to additionally load them for verification.
+
+If the list of acceptable CAs is compiled in a file, the
+L<SSL_load_client_CA_file(3)>
+function can be used to help importing the necessary data.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+items the list of client CAs. If no list was specified before using
+SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+CA list for B<ctx> or B<ssl> (as appropriate) is opened.
+
+These functions are only useful for TLS/SSL servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
+diagnostic information.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
+values:
+
+=over 4
+
+=item Z<>0
+
+A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+the X509_NAME could not be extracted from B<cacert>. Check the error stack
+to find out the reason.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+=head1 EXAMPLES
+
+Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+  SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_get_client_CA_list(3)>,
+L<SSL_load_client_CA_file(3)>,
+L<SSL_CTX_load_verify_locations(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_cert_cb.pod
new file mode 100644
index 0000000..aed7d4f
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_cert_cb.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is
+called when a client certificate is requested by a server and no certificate
+was yet set for the SSL object.
+
+When client_cert_cb() is NULL, no callback function is used.
+
+SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
+function.
+
+client_cert_cb() is the application defined callback. If it wants to
+set a certificate, a certificate/private key combination must be set
+using the B<x509> and B<pkey> arguments and "1" must be returned. The
+certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
+If no certificate should be set, "0" has to be returned and no certificate
+will be sent. A negative return value will suspend the handshake and the
+handshake function will return immediately. L<SSL_get_error(3)>
+will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
+suspended. The next call to the handshake function will again lead to the call
+of client_cert_cb(). It is the job of the client_cert_cb() to store information
+about the state of the last call, if required to continue.
+
+=head1 NOTES
+
+During a handshake (or renegotiation) a server may request a certificate
+from the client. A client certificate must only be sent, when the server
+did send the request.
+
+When a certificate was set using the
+L<SSL_CTX_use_certificate(3)> family of functions,
+it will be sent to the server. The TLS standard requires that only a
+certificate is sent, if it matches the list of acceptable CAs sent by the
+server. This constraint is violated by the default behavior of the OpenSSL
+library. Using the callback function it is possible to implement a proper
+selection routine or to allow a user interaction to choose the certificate to
+be sent.
+
+If a callback function is defined and no certificate was yet defined for the
+SSL object, the callback function will be called.
+If the callback function returns a certificate, the OpenSSL library
+will try to load the private key and certificate data into the SSL
+object using the SSL_use_certificate() and SSL_use_private_key() functions.
+Thus it will permanently install the certificate and key for this SSL
+object. It will not be reset by calling L<SSL_clear(3)>.
+If the callback returns no certificate, the OpenSSL library will not send
+a certificate.
+
+=head1 BUGS
+
+The client_cert_cb() cannot return a complete certificate chain, it can
+only return one client certificate. If the chain only has a length of 2,
+the root CA certificate may be omitted according to the TLS standard and
+thus a standard conforming answer can be sent to the server. For a
+longer chain, the client must send the complete chain (with the option
+to leave out the root CA certificate). This can only be accomplished by
+either adding the intermediate CA certificates into the trusted
+certificate store for the SSL_CTX object (resulting in having to add
+CA certificates that otherwise maybe would not be trusted), or by adding
+the chain certificates using the
+L<SSL_CTX_add_extra_chain_cert(3)>
+function, which is only available for the SSL_CTX object as a whole and that
+therefore probably can only apply for one client certificate, making
+the concept of the callback function (to allow the choice from several
+certificates) questionable.
+
+Once the SSL object has been used in conjunction with the callback function,
+the certificate will be set for the SSL object and will not be cleared
+even when L<SSL_clear(3)> is being called. It is therefore
+mandatory to destroy the SSL object using L<SSL_free(3)>
+and create a new one to return to the previous state.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_get_client_CA_list(3)>,
+L<SSL_clear(3)>, L<SSL_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ct_validation_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
new file mode 100644
index 0000000..afa45dc
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
@@ -0,0 +1,145 @@
+=pod
+
+=head1 NAME
+
+ssl_ct_validation_cb,
+SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct,
+SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback,
+SSL_ct_is_enabled, SSL_CTX_ct_is_enabled -
+control Certificate Transparency policy
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
+
+ int SSL_enable_ct(SSL *s, int validation_mode);
+ int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                    void *arg);
+ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                        ssl_ct_validation_cb callback,
+                                        void *arg);
+ void SSL_disable_ct(SSL *s);
+ void SSL_CTX_disable_ct(SSL_CTX *ctx);
+ int SSL_ct_is_enabled(const SSL *s);
+ int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed
+certificate timestamps (SCTs) either for a given SSL connection or for all
+connections that share the given SSL context, respectively.
+This is accomplished by setting a built-in CT validation callback.
+The behaviour of the callback is determined by the B<validation_mode> argument,
+which can be either of B<SSL_CT_VALIDATION_PERMISSIVE> or
+B<SSL_CT_VALIDATION_STRICT> as described below.
+
+If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
+TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
+presents no valid SCTs the handshake will be aborted.
+If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
+despite lack of valid SCTs.
+However, in that case if the verification status before the built-in callback
+was B<X509_V_OK> it will be set to B<X509_V_ERR_NO_VALID_SCTS> after the
+callback.
+Applications can call L<SSL_get_verify_result(3)> to check the status at
+handshake completion, even after session resumption since the verification
+status is part of the saved session state.
+See L<SSL_set_verify(3)>, <SSL_get_verify_result(3)>, L<SSL_session_reused(3)>.
+
+If B<validation_mode> is equal to B<SSL_CT_VALIDATION_PERMISSIVE>, then the
+handshake continues, and the verification status is not modified, regardless of
+the validation status of any SCTs.
+The application can still inspect the validation status of the SCTs at
+handshake completion.
+Note that with session resumption there will not be any SCTs presented during
+the handshake.
+Therefore, in applications that delay SCT policy enforcement until after
+handshake completion, such delayed SCT checks should only be performed when the
+session is not resumed.
+
+SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback()
+register a custom callback that may implement a different policy than either of
+the above.
+This callback can examine the peer's SCTs and determine whether they are
+sufficient to allow the connection to continue.
+The TLS handshake is aborted if the verification mode is not B<SSL_VERIFY_NONE>
+and the callback returns a non-positive result.
+
+An arbitrary callback context argument, B<arg>, can be passed in when setting
+the callback.
+This will be passed to the callback whenever it is invoked.
+Ownership of this context remains with the caller.
+
+If no callback is set, SCTs will not be requested and Certificate Transparency
+validation will not occur.
+
+No callback will be invoked when the peer presents no certificate, e.g. by
+employing an anonymous (aNULL) ciphersuite.
+In that case the handshake continues as it would had no callback been
+requested.
+Callbacks are also not invoked when the peer certificate chain is invalid or
+validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509
+PKI, or no X.509 PKI at all, respectively.
+Clients that require SCTs are expected to not have enabled any aNULL ciphers
+nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA
+records.
+
+SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether
+enabled via the built-in or the custom callbacks, by setting a NULL callback.
+These may be implemented as macros.
+
+SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is
+enabled via either SSL_enable_ct() or a non-null custom callback, and 0
+otherwise.
+
+=head1 NOTES
+
+When SCT processing is enabled, OCSP stapling will be enabled. This is because
+one possible source of SCTs is the OCSP response from a server.
+
+The time returned by SSL_SESSION_get_time() will be used to evaluate whether any
+presented SCTs have timestamps that are in the future (and therefore invalid).
+
+=head1 RESTRICTIONS
+
+Certificate Transparency validation cannot be enabled and so a callback cannot
+be set if a custom client extension handler has been registered to handle SCT
+extensions (B<TLSEXT_TYPE_signed_certificate_timestamp>).
+
+=head1 RETURN VALUES
+
+SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and
+SSL_set_ct_validation_callback() return 1 if the B<callback> is successfully
+set.
+They return 0 if an error occurs, e.g. a custom client extension handler has
+been setup to handle SCTs.
+
+SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result.
+
+SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT
+validation callback is set, or 0 if no callback (or equivalently a NULL
+callback) is set.
+
+=head1 SEE ALSO
+
+L<ssl(7)>,
+<SSL_get_verify_result(3)>,
+L<SSL_session_reused(3)>,
+L<SSL_set_verify(3)>,
+L<SSL_CTX_set_verify(3)>,
+L<SSL_SESSION_get_time(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ctlog_list_file.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
new file mode 100644
index 0000000..4a2fa94
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file -
+load a Certificate Transparency log list from a file
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_default_ctlog_list_file() loads a list of Certificate Transparency
+(CT) logs from the default file location, "ct_log_list.cnf", found in the
+directory where OpenSSL is installed.
+
+SSL_CTX_set_ctlog_list_file() loads a list of CT logs from a specific path.
+See L<CTLOG_STORE_new(3)> for the file format.
+
+=head1 NOTES
+
+These functions will not clear the existing CT log list - it will be appended
+to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. 
+
+If an error occurs whilst parsing a particular log entry in the file, that log
+entry will be skipped.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_default_ctlog_list_file() and SSL_CTX_set_ctlog_list_file()
+return 1 if the log list is successfully loaded, and 0 if an error occurs. In
+the case of an error, the log list may have been partially loaded.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_ct_validation_callback(3)>,
+L<CTLOG_STORE_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
new file mode 100644
index 0000000..2196906
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -0,0 +1,113 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata,
+SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata,
+SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata,
+SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata - set or
+get passwd callback for encrypted PEM file handling
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+ pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+ void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+
+ void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+ void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+ pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+ void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_default_passwd_cb() sets the default password callback called
+when loading/storing a PEM certificate with encryption.
+
+SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, B<u>,
+which will be provided to the password callback on invocation.
+
+SSL_CTX_get_default_passwd_cb() returns a function pointer to the password
+callback currently set in B<ctx>. If no callback was explicitly set, the
+NULL pointer is returned.
+
+SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata
+currently set in B<ctx>. If no userdata was explicitly set, the NULL pointer
+is returned.
+
+SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(),
+SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform
+the same function as their SSL_CTX counterparts, but using an SSL object.
+
+The password callback, which must be provided by the application, hands back the
+password to be used during decryption.
+On invocation a pointer to userdata
+is provided. The function must store the password into the provided buffer
+B<buf> which is of size B<size>. The actual length of the password must
+be returned to the calling function. B<rwflag> indicates whether the
+callback is used for reading/decryption (rwflag=0) or writing/encryption
+(rwflag=1).
+For more details, see L<pem_password_cb(3)>.
+
+=head1 NOTES
+
+When loading or storing private keys, a password might be supplied to
+protect the private key. The way this password can be supplied may depend
+on the application. If only one private key is handled, it can be practical
+to have the callback handle the password dialog interactively. If several
+keys have to be handled, it can be practical to ask for the password once,
+then keep it in memory and use it several times. In the last case, the
+password could be stored into the userdata storage and the
+callback only returns the password already stored.
+
+When asking for the password interactively, the callback can use
+B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
+In this case the password dialog may ask for the same password twice
+for comparison in order to catch typos, that would make decryption
+impossible.
+
+Other items in PEM formatting (certificates) can also be encrypted, it is
+however not usual, as certificate information is considered public.
+
+=head1 RETURN VALUES
+
+These functions do not provide diagnostic information.
+
+=head1 EXAMPLES
+
+The following example returns the password provided as userdata to the
+calling function. The password is considered to be a '\0' terminated
+string. If the password does not fit into the buffer, the password is
+truncated.
+
+ int my_cb(char *buf, int size, int rwflag, void *u)
+ {
+      strncpy(buf, (char *)u, size);
+      buf[size - 1] = '\0';
+      return strlen(buf);
+ }
+
+=head1 HISTORY
+
+SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(),
+SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were
+first added to OpenSSL 1.1.0
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_use_certificate(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ex_data.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ex_data.pod
new file mode 100644
index 0000000..fd0364b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ex_data.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get_ex_data, SSL_CTX_set_ex_data,
+SSL_get_ex_data, SSL_set_ex_data
+- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
+
+ int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg);
+
+ void *SSL_get_ex_data(const SSL *s, int idx);
+
+ int SSL_set_ex_data(SSL *s, int idx, void *arg);
+
+=head1 DESCRIPTION
+
+SSL*_set_ex_data() functions can be used to store arbitrary user data into the
+B<SSL_CTX>, or B<SSL> object. The user must supply a unique index
+which they can subsequently use to retrieve the data using SSL*_get_ex_data().
+
+For more detailed information see L<CRYPTO_get_ex_data(3)> and
+L<CRYPTO_set_ex_data(3)> which implement these functions and
+L<CRYPTO_get_ex_new_index(3)> for generating a unique index.
+
+=head1 RETURN VALUES
+
+The SSL*_set_ex_data() functions return 1 if the item is successfully stored
+and 0 if it is not.
+The SSL*_get_ex_data() functions return the ex_data pointer if successful,
+otherwise NULL.
+
+=head1 SEE ALSO
+
+L<CRYPTO_get_ex_data(3)>, L<CRYPTO_set_ex_data(3)>,
+L<CRYPTO_get_ex_new_index(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_generate_session_id.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_generate_session_id.pod
new file mode 100644
index 0000000..1b1171f
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_generate_session_id.pod
@@ -0,0 +1,139 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_generate_session_id, SSL_set_generate_session_id,
+SSL_has_matching_session_id, GEN_SESSION_CB
+- manipulate generation of SSL session IDs (server only)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+ int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                 unsigned int id_len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
+
+SSL_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
+
+SSL_has_matching_session_id() checks, whether a session with id B<id>
+(of length B<id_len>) is already contained in the internal session cache
+of the parent context of B<ssl>.
+
+=head1 NOTES
+
+When a new session is established between client and server, the server
+generates a session id. The session id is an arbitrary sequence of bytes.
+The length of the session id is between 1 and 32 bytes.  The session id is not
+security critical but must be unique for the server. Additionally, the session id is
+transmitted in the clear when reusing the session so it must not contain
+sensitive information.
+
+Without a callback being set, an OpenSSL server will generate a unique
+session id from pseudo random numbers of the maximum possible length.
+Using the callback function, the session id can be changed to contain
+additional information like e.g. a host id in order to improve load balancing
+or external caching techniques.
+
+The callback function receives a pointer to the memory location to put
+B<id> into and a pointer to the maximum allowed length B<id_len>. The
+buffer at location B<id> is only guaranteed to have the size B<id_len>.
+The callback is only allowed to generate a shorter id and reduce B<id_len>;
+the callback B<must never> increase B<id_len> or write to the location
+B<id> exceeding the given limit.
+
+The location B<id> is filled with 0x00 before the callback is called, so the
+callback may only fill part of the possible length and leave B<id_len>
+untouched while maintaining reproducibility.
+
+Since the sessions must be distinguished, session ids must be unique.
+Without the callback a random number is used, so that the probability
+of generating the same session id is extremely small (2^256 for SSLv3/TLSv1).
+In order to assure the uniqueness of the generated session id, the callback must call
+SSL_has_matching_session_id() and generate another id if a conflict occurs.
+If an id conflict is not resolved, the handshake will fail.
+If the application codes e.g. a unique host id, a unique process number, and
+a unique sequence number into the session id, uniqueness could easily be
+achieved without randomness added (it should however be taken care that
+no confidential information is leaked this way). If the application can not
+guarantee uniqueness, it is recommended to use the maximum B<id_len> and
+fill in the bytes not used to code special information with random data
+to avoid collisions.
+
+SSL_has_matching_session_id() will only query the internal session cache,
+not the external one. Since the session id is generated before the
+handshake is completed, it is not immediately added to the cache. If
+another thread is using the same internal session cache, a race condition
+can occur in that another thread generates the same session id.
+Collisions can also occur when using an external session cache, since
+the external cache is not tested with SSL_has_matching_session_id()
+and the same race condition applies.
+
+The callback must return 0 if it cannot generate a session id for whatever
+reason and return 1 on success.
+
+=head1 EXAMPLES
+
+The callback function listed will generate a session id with the
+server id given, and will fill the rest with pseudo random bytes:
+
+ const char session_id_prefix = "www-18";
+
+ #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(const SSL *ssl, unsigned char *id,
+                              unsigned int *id_len)
+ {
+      unsigned int count = 0;
+      do {
+          RAND_pseudo_bytes(id, *id_len);
+          /*
+           * Prefix the session_id with the required prefix. NB: If our
+           * prefix is too long, clip it - but there will be worse effects
+           * anyway, eg. the server could only possibly create 1 session
+           * ID (ie. the prefix!) so all future session negotiations will
+           * fail due to conflicts.
+           */
+          memcpy(id, session_id_prefix,
+                 (strlen(session_id_prefix) < *id_len) ?
+                    strlen(session_id_prefix) : *id_len);
+      }
+      while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+              (++count < MAX_SESSION_ID_ATTEMPTS));
+      if (count >= MAX_SESSION_ID_ATTEMPTS)
+              return 0;
+      return 1;
+  }
+
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id()
+always return 1.
+
+SSL_has_matching_session_id() returns 1 if another session with the
+same id is already in the cache.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_get_version(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_info_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_info_callback.pod
new file mode 100644
index 0000000..f36f217
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_info_callback.pod
@@ -0,0 +1,162 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+ void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
+
+ void SSL_set_info_callback(SSL *ssl, void (*callback)());
+ void (*SSL_get_info_callback(const SSL *ssl))();
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
+obtain state information for SSL objects created from B<ctx> during connection
+setup and use. The setting for B<ctx> is overridden from the setting for
+a specific SSL object, if specified.
+When B<callback> is NULL, no callback function is used.
+
+SSL_set_info_callback() sets the B<callback> function, that can be used to
+obtain state information for B<ssl> during connection setup and use.
+When B<callback> is NULL, the callback setting currently valid for
+B<ctx> is used.
+
+SSL_CTX_get_info_callback() returns a pointer to the currently set information
+callback function for B<ctx>.
+
+SSL_get_info_callback() returns a pointer to the currently set information
+callback function for B<ssl>.
+
+=head1 NOTES
+
+When setting up a connection and during use, it is possible to obtain state
+information from the SSL/TLS engine. When set, an information callback function
+is called whenever the state changes, an alert appears, or an error occurs.
+
+The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
+The B<where> argument specifies information about where (in which context)
+the callback function was called. If B<ret> is 0, an error condition occurred.
+If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
+information.
+
+B<where> is a bitmask made up of the following bits:
+
+=over 4
+
+=item SSL_CB_LOOP
+
+Callback has been called to indicate state change inside a loop.
+
+=item SSL_CB_EXIT
+
+Callback has been called to indicate error exit of a handshake function.
+(May be soft error with retry option for non-blocking setups.)
+
+=item SSL_CB_READ
+
+Callback has been called during read operation.
+
+=item SSL_CB_WRITE
+
+Callback has been called during write operation.
+
+=item SSL_CB_ALERT
+
+Callback has been called due to an alert being sent or received.
+
+=item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+
+=item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+
+=item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+
+=item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+
+=item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+
+=item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+
+=item SSL_CB_HANDSHAKE_START
+
+Callback has been called because a new handshake is started.
+
+=item SSL_CB_HANDSHAKE_DONE           0x20
+
+Callback has been called because a handshake is finished.
+
+=back
+
+The current state information can be obtained using the
+L<SSL_state_string(3)> family of functions.
+
+The B<ret> information can be evaluated using the
+L<SSL_alert_type_string(3)> family of functions.
+
+=head1 RETURN VALUES
+
+SSL_set_info_callback() does not provide diagnostic information.
+
+SSL_get_info_callback() returns the current setting.
+
+=head1 EXAMPLES
+
+The following example callback function prints state strings, information
+about alerts being handled and error messages to the B<bio_err> BIO.
+
+ void apps_ssl_info_callback(SSL *s, int where, int ret)
+        {
+        const char *str;
+        int w;
+
+        w = where & ~SSL_ST_MASK;
+
+        if (w & SSL_ST_CONNECT) str = "SSL_connect";
+        else if (w & SSL_ST_ACCEPT) str = "SSL_accept";
+        else str = "undefined";
+
+        if (where & SSL_CB_LOOP)
+                {
+                BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+                }
+        else if (where & SSL_CB_ALERT)
+                {
+                str = (where & SSL_CB_READ) ? "read" : "write";
+                BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+                        str,
+                        SSL_alert_type_string_long(ret),
+                        SSL_alert_desc_string_long(ret));
+                }
+        else if (where & SSL_CB_EXIT)
+                {
+                if (ret == 0)
+                        BIO_printf(bio_err, "%s:failed in %s\n",
+                                str, SSL_state_string_long(s));
+                else if (ret < 0)
+                        {
+                        BIO_printf(bio_err, "%s:error in %s\n",
+                                str, SSL_state_string_long(s));
+                        }
+                }
+        }
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_state_string(3)>,
+L<SSL_alert_type_string(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_max_cert_list.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_max_cert_list.pod
new file mode 100644
index 0000000..482751e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_max_cert_list.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+ long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+
+ long SSL_set_max_cert_list(SSL *ssl, long size);
+ long SSL_get_max_cert_list(SSL *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
+The SSL objects inherit the setting valid for B<ctx> at the time
+L<SSL_new(3)> is being called.
+
+SSL_CTX_get_max_cert_list() returns the currently set maximum size for B<ctx>.
+
+SSL_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for B<ssl> to be <size> bytes. This setting stays valid
+until a new value is set.
+
+SSL_get_max_cert_list() returns the currently set maximum size for B<ssl>.
+
+=head1 NOTES
+
+During the handshake process, the peer may send a certificate chain.
+The TLS/SSL standard does not give any maximum size of the certificate chain.
+The OpenSSL library handles incoming data by a dynamically allocated buffer.
+In order to prevent this buffer from growing without bounds due to data
+received from a faulty or malicious peer, a maximum size for the certificate
+chain is set.
+
+The default value for the maximum certificate chain size is 100kB (30kB
+on the 16bit DOS platform). This should be sufficient for usual certificate
+chains (OpenSSL's default maximum chain length is 10, see
+L<SSL_CTX_set_verify(3)>, and certificates
+without special extensions have a typical size of 1-2kB).
+
+For special applications it can be necessary to extend the maximum certificate
+chain size allowed to be sent by the peer, see e.g. the work on
+"Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
+and "TLS Delegation Protocol" at http://www.ietf.org/ and
+http://www.globus.org/ .
+
+Under normal conditions it should never be necessary to set a value smaller
+than the default, as the buffer is handled dynamically and only uses the
+memory actually required by the data sent by the peer.
+
+If the maximum certificate chain size allowed is exceeded, the handshake will
+fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously
+set value.
+
+SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently
+set value.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>,
+L<SSL_CTX_set_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_min_proto_version.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_min_proto_version.pod
new file mode 100644
index 0000000..ff080e4
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_min_proto_version.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version,
+SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version,
+SSL_set_min_proto_version, SSL_set_max_proto_version,
+SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum
+and maximum supported protocol version
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+ int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
+
+ int SSL_set_min_proto_version(SSL *ssl, int version);
+ int SSL_set_max_proto_version(SSL *ssl, int version);
+ int SSL_get_min_proto_version(SSL *ssl);
+ int SSL_get_max_proto_version(SSL *ssl);
+
+=head1 DESCRIPTION
+
+The functions get or set the minimum and maximum supported protocol versions
+for the B<ctx> or B<ssl>.
+This works in combination with the options set via
+L<SSL_CTX_set_options(3)> that also make it possible to disable
+specific protocol versions.
+Use these functions instead of disabling specific protocol versions.
+
+Setting the minimum or maximum version to 0, will enable protocol
+versions down to the lowest version, or up to the highest version
+supported by the library, respectively.
+
+Getters return 0 in case B<ctx> or B<ssl> have been configured to
+automatically use the lowest or highest version supported by the library.
+
+Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>,
+B<TLS1_1_VERSION>, B<TLS1_2_VERSION> for TLS and B<DTLS1_VERSION>,
+B<DTLS1_2_VERSION> for DTLS.
+
+=head1 RETURN VALUES
+
+These setter functions return 1 on success and 0 on failure. The getter
+functions return the configured version or 0 for auto-configuration of
+lowest or highest protocol, respectively.
+
+=head1 NOTES
+
+All these functions are implemented using macros.
+
+=head1 HISTORY
+
+The setter functions were added in OpenSSL 1.1.0. The getter functions
+were added in OpenSSL 1.1.1.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_options(3)>, L<SSL_CONF_cmd(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_mode.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_mode.pod
new file mode 100644
index 0000000..1b3e783
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_mode.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+ long SSL_set_mode(SSL *ssl, long mode);
+
+ long SSL_CTX_get_mode(SSL_CTX *ctx);
+ long SSL_get_mode(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
+Options already set before are not cleared.
+
+SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
+Options already set before are not cleared.
+
+SSL_CTX_get_mode() returns the mode set for B<ctx>.
+
+SSL_get_mode() returns the mode set for B<ssl>.
+
+=head1 NOTES
+
+The following mode changes are available:
+
+=over 4
+
+=item SSL_MODE_ENABLE_PARTIAL_WRITE
+
+Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+when just a single record has been written). When not set (the default),
+SSL_write() will only report success once the complete chunk was written.
+Once SSL_write() returns with r, r bytes have been successfully written
+and the next call to SSL_write() must only send the n-r bytes left,
+imitating the behaviour of write().
+
+=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+Make it possible to retry SSL_write() with changed buffer location
+(the buffer contents must stay the same). This is not the default to avoid
+the misconception that non-blocking SSL_write() behaves like
+non-blocking write().
+
+=item SSL_MODE_AUTO_RETRY
+
+Never bother the application with retries if the transport is blocking.
+If a renegotiation take place during normal operation, a
+L<SSL_read(3)> or L<SSL_write(3)> would return
+with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
+In a non-blocking environment applications must be prepared to handle
+incomplete read/write operations.
+In a blocking environment, applications are not always prepared to
+deal with read/write operations returning without success report. The
+flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
+return after the handshake and successful completion.
+
+=item SSL_MODE_RELEASE_BUFFERS
+
+When we no longer need a read buffer or a write buffer for a given SSL,
+then release the memory we were using to hold it.
+Using this flag can
+save around 34k per idle SSL connection.
+This flag has no effect on SSL v2 connections, or on DTLS connections.
+
+=item SSL_MODE_SEND_FALLBACK_SCSV
+
+Send TLS_FALLBACK_SCSV in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft-ietf-tls-downgrade-scsv-00 for details.
+
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
+=item SSL_MODE_ASYNC
+
+Enable asynchronous processing. TLS I/O operations may indicate a retry with
+SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is
+used to perform cryptographic operations. See L<SSL_get_error(3)>.
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
+after adding B<mode>.
+
+SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3)>, L<SSL_get_error(3)>
+
+=head1 HISTORY
+
+SSL_MODE_ASYNC was first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_msg_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_msg_callback.pod
new file mode 100644
index 0000000..9546e75
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg - install callback for observing protocol messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
+define a message callback function I<cb> for observing all SSL/TLS
+protocol messages (such as handshake messages) that are received or
+sent.  SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
+can be used to set argument I<arg> to the callback function, which is
+available for arbitrary application use.
+
+SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
+default settings that will be copied to new B<SSL> objects by
+L<SSL_new(3)>. SSL_set_msg_callback() and
+SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
+object. Using a B<0> pointer for I<cb> disables the message callback.
+
+When I<cb> is called by the SSL/TLS library for a protocol message,
+the function arguments have the following meaning:
+
+=over 4
+
+=item I<write_p>
+
+This flag is B<0> when a protocol message has been received and B<1>
+when a protocol message has been sent.
+
+=item I<version>
+
+The protocol version according to which the protocol message is
+interpreted by the library. Currently, this is one of
+B<SSL2_VERSION>, B<SSL3_VERSION> and B<TLS1_VERSION> (for SSL 2.0, SSL
+3.0 and TLS 1.0, respectively).
+
+=item I<content_type>
+
+In the case of SSL 2.0, this is always B<0>.  In the case of SSL 3.0
+or TLS 1.0, this is one of the B<ContentType> values defined in the
+protocol specification (B<change_cipher_spec(20)>, B<alert(21)>,
+B<handshake(22)>; but never B<application_data(23)> because the
+callback will only be called for protocol messages).
+
+=item I<buf>, I<len>
+
+I<buf> points to a buffer containing the protocol message, which
+consists of I<len> bytes. The buffer is no longer valid after the
+callback function has returned.
+
+=item I<ssl>
+
+The B<SSL> object that received or sent the message.
+
+=item I<arg>
+
+The user-defined argument optionally defined by
+SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
+
+=back
+
+=head1 NOTES
+
+Protocol messages are passed to the callback function after decryption
+and fragment collection where applicable. (Thus record boundaries are
+not visible.)
+
+If processing a received protocol message results in an error,
+the callback function may not be called.  For example, the callback
+function will never see messages that are considered too large to be
+processed.
+
+Due to automatic protocol version negotiation, I<version> is not
+necessarily the protocol version used by the sender of the message: If
+a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
+I<version> will be B<SSL3_VERSION>.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_options.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_options.pod
new file mode 100644
index 0000000..241aeb3
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_options.pod
@@ -0,0 +1,307 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options,
+SSL_clear_options, SSL_CTX_get_options, SSL_get_options,
+SSL_get_secure_renegotiation_support - manipulate SSL options
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
+
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
+
+ long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
+
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+Options already set before are not cleared!
+
+SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+Options already set before are not cleared!
+
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+
+SSL_CTX_get_options() returns the options set for B<ctx>.
+
+SSL_get_options() returns the options set for B<ssl>.
+
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
+Note, this is implemented via a macro.
+
+=head1 NOTES
+
+The behaviour of the SSL library can be changed by setting several options.
+The options are coded as bitmasks and can be combined by a bitwise B<or>
+operation (|).
+
+SSL_CTX_set_options() and SSL_set_options() affect the (external)
+protocol behaviour of the SSL library. The (internal) behaviour of
+the API can be changed by using the similar
+L<SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
+
+During a handshake, the option settings of the SSL object are used. When
+a new SSL object is created from a context using SSL_new(), the current
+option setting is copied. Changes to B<ctx> do not affect already created
+SSL objects. SSL_clear() does not affect the settings.
+
+The following B<bug workaround> options are available:
+
+=over 4
+
+=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+...
+
+=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+...
+
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+
+=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+...
+
+=item SSL_OP_TLS_D5_BUG
+
+...
+
+=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
+vulnerability affecting CBC ciphers, which cannot be handled by some
+broken SSL implementations.  This option has no effect for connections
+using other ciphers.
+
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
+=item SSL_OP_ALL
+
+All of the above bug workarounds.
+
+=back
+
+It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
+
+The following B<modifying> options are available:
+
+=over 4
+
+=item SSL_OP_TLS_ROLLBACK_BUG
+
+Disable version rollback attack detection.
+
+During the client key exchange, the client must send the same information
+about acceptable SSL/TLS protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+
+=item SSL_OP_SINGLE_DH_USE
+
+Always create a new key when using temporary/ephemeral DH parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)>).
+This option must be used to prevent small subgroup attacks, when
+the DH parameters were not generated using "strong" primes
+(e.g. when using DSA-parameters, see L<dhparam(1)>).
+If "strong" primes were used, it is not strictly necessary to generate
+a new DH key during each handshake but it is also recommended.
+B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
+temporary/ephemeral DH parameters are used.
+
+=item SSL_OP_EPHEMERAL_RSA
+
+This option is no longer implemented and is treated as no op.
+
+=item SSL_OP_CIPHER_SERVER_PREFERENCE
+
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the SSL server will always follow the clients
+preferences. When set, the SSL/TLS server will choose following its
+own preferences.
+
+=item SSL_OP_PKCS1_CHECK_1
+
+...
+
+=item SSL_OP_PKCS1_CHECK_2
+
+...
+
+
+=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
+SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+
+These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol
+versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS,
+respectively.
+As of OpenSSL 1.1.0, these options are deprecated, use
+L<SSL_CTX_set_min_proto_version(3)> and
+L<SSL_CTX_set_max_proto_version(3)> instead.
+
+=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake). This option is not needed for clients.
+
+=item SSL_OP_NO_TICKET
+
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption.
+
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
+
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the B<SECURE RENEGOTIATION> section for more details.
+
+=item SSL_OP_LEGACY_SERVER_CONNECT
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched servers
+B<only>: this option is currently set by default. See the
+B<SECURE RENEGOTIATION> section for more details.
+
+=item SSL_OP_NO_ENCRYPT_THEN_MAC
+
+Normally clients and servers will transparently attempt to negotiate the
+RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
+
+If this option is set, Encrypt-then-MAC is disabled. Clients will not
+propose, and servers will not accept the extension.
+
+=item SSL_OP_NO_RENEGOTIATION
+
+Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+messages, and ignore renegotiation requests via ClientHello.
+
+=back
+
+=head1 SECURE RENEGOTIATION
+
+OpenSSL always attempts to use secure renegotiation as
+described in RFC5746. This counters the prefix attack described in
+CVE-2009-3555 and elsewhere.
+
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+
+The following sections describe the operations permitted by OpenSSL's secure
+renegotiation implementation.
+
+=head2 Patched client and server
+
+Connections and renegotiation are always permitted by OpenSSL implementations.
+
+=head2 Unpatched client and patched OpenSSL server
+
+The initial connection succeeds but client renegotiation is denied by the
+server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
+B<handshake_failure> alert in SSL v3.0.
+
+If the patched OpenSSL server attempts to renegotiate a fatal
+B<handshake_failure> alert is sent. This is because the server code may be
+unaware of the unpatched nature of the client.
+
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
+renegotiation B<always> succeeds.
+
+=head2 Patched OpenSSL client and unpatched server.
+
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+and renegotiation between patched OpenSSL clients and unpatched servers
+succeeds. If neither option is set then initial connections to unpatched
+servers will fail.
+
+The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
+though it has security implications: otherwise it would be impossible to
+connect to unpatched servers (i.e. all of them initially) and this is clearly
+not acceptable. Renegotiation is permitted because this does not add any
+additional security issues: during an attack clients do not see any
+renegotiations anyway.
+
+As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
+B<not> be set by default in a future version of OpenSSL.
+
+OpenSSL client applications wishing to ensure they can connect to unpatched
+servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
+
+OpenSSL client applications that want to ensure they can B<not> connect to
+unpatched servers (and thus avoid any security issues) should always B<clear>
+B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
+SSL_clear_options().
+
+The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
+B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
+renegotiation between OpenSSL clients and unpatched servers B<only>, while
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
+and renegotiation between OpenSSL and unpatched clients or servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+after adding B<options>.
+
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
+
+SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_min_proto_version(3)>,
+L<dhparam(1)>
+
+=head1 HISTORY
+
+The attempt to always try to use secure renegotiation was added in
+Openssl 0.9.8m.
+
+B<SSL_OP_NO_RENEGOTIATION> was added in OpenSSL 1.1.0h.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_psk_client_callback.pod
new file mode 100644
index 0000000..a417508
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_psk_client_callback.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client callback
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+        unsigned int (*callback)(SSL *ssl, const char *hint,
+        char *identity, unsigned int max_identity_len,
+        unsigned char *psk, unsigned int max_psk_len));
+ void SSL_set_psk_client_callback(SSL *ssl,
+        unsigned int (*callback)(SSL *ssl, const char *hint,
+        char *identity, unsigned int max_identity_len,
+        unsigned char *psk, unsigned int max_psk_len));
+
+
+=head1 DESCRIPTION
+
+A client application must provide a callback function which is called
+when the client is sending the ClientKeyExchange message to the server.
+
+The purpose of the callback function is to select the PSK identity and
+the pre-shared key to use during the connection setup phase.
+
+The callback is set using functions SSL_CTX_set_psk_client_callback()
+or SSL_set_psk_client_callback(). The callback function is given the
+connection in parameter B<ssl>, a B<NULL>-terminated PSK identity hint
+sent by the server in parameter B<hint>, a buffer B<identity> of
+length B<max_identity_len> bytes where the resulting
+B<NULL>-terminated identity is to be stored, and a buffer B<psk> of
+length B<max_psk_len> bytes where the resulting pre-shared key is to
+be stored.
+
+=head1 NOTES
+
+Note that parameter B<hint> given to the callback may be B<NULL>.
+
+=head1 RETURN VALUES
+
+Return values from the client callback are interpreted as follows:
+
+On success (callback found a PSK identity and a pre-shared key to use)
+the length (> 0) of B<psk> in bytes is returned.
+
+Otherwise or on errors callback should return 0. In this case
+the connection setup fails.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+Copyright 2005 Nokia.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
new file mode 100644
index 0000000..d39d747
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+ void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+ int SSL_get_quiet_shutdown(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
+B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
+L<SSL_new(3)> is called. B<mode> may be 0 or 1.
+
+SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
+
+SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
+B<mode>. The setting stays valid until B<ssl> is removed with
+L<SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
+It is not changed when L<SSL_clear(3)> is called.
+B<mode> may be 0 or 1.
+
+SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
+
+=head1 NOTES
+
+Normally when a SSL connection is finished, the parties must send out
+"close notify" alert messages using L<SSL_shutdown(3)>
+for a clean shutdown.
+
+When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)>
+will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
+(L<SSL_shutdown(3)> then behaves like
+L<SSL_set_shutdown(3)> called with
+SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
+The session is thus considered to be shutdown, but no "close notify" alert
+is sent to the peer. This behaviour violates the TLS standard.
+
+The default is normal shutdown behaviour as described by the TLS standard.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
+diagnostic information.
+
+SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
+setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_shutdown(3)>,
+L<SSL_set_shutdown(3)>, L<SSL_new(3)>,
+L<SSL_clear(3)>, L<SSL_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_read_ahead.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 0000000..bea8390
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead,
+SSL_set_read_ahead, SSL_get_read_ahead,
+SSL_CTX_get_default_read_ahead
+- manage whether to read as many input bytes as possible
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_read_ahead(SSL *s, int yes);
+ int SSL_get_read_ahead(const SSL *s);
+
+ SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().
+
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+
+=head1 NOTES
+
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting
+B<read_ahead> can impact the behaviour of the SSL_pending() function
+(see L<SSL_pending(3)>).
+
+=head1 RETURN VALUES
+
+SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off,
+and non zero otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_pending(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_security_level.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_security_level.pod
new file mode 100644
index 0000000..577b393
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_security_level.pod
@@ -0,0 +1,169 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+ void SSL_set_security_level(SSL *s, int level);
+
+ int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+ int SSL_get_security_level(const SSL *s);
+
+ void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
+                                                        void *other, void *ex));
+
+ void SSL_set_security_callback(SSL *s,
+                int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
+                                                        void *other, void *ex));
+
+ int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
+ int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
+
+ void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+ void SSL_set0_security_ex_data(SSL *s, void *ex);
+
+ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+ void *SSL_get0_security_ex_data(const SSL *s);
+
+=head1 DESCRIPTION
+
+The functions SSL_CTX_set_security_level() and SSL_set_security_level() set
+the security level to B<level>. If not set the library default security level
+is used.
+
+The functions SSL_CTX_get_security_level() and SSL_get_security_level()
+retrieve the current security level.
+
+SSL_CTX_set_security_callback(), SSL_set_security_callback(),
+SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set
+the security callback associated with B<ctx> or B<s>. If not set a default
+security callback is used. The meaning of the parameters and the behaviour
+of the default callbacks is described below.
+
+SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(),
+SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the
+extra data pointer passed to the B<ex> parameter of the callback. This
+value is passed to the callback verbatim and can be set to any convenient
+application specific value.
+
+=head1 DEFAULT CALLBACK BEHAVIOUR
+
+If an application doesn't set its own security callback the default
+callback is used. It is intended to provide sane defaults. The meaning
+of each level is described below.
+
+=over 4
+
+=item B<Level 0>
+
+Everything is permitted. This retains compatibility with previous versions of
+OpenSSL.
+
+=item B<Level 1>
+
+The security level corresponds to a minimum of 80 bits of security. Any
+parameters offering below 80 bits of security are excluded. As a result RSA,
+DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits
+are prohibited. All export ciphersuites are prohibited since they all offer
+less than 80 bits of security. SSL version 2 is prohibited. Any ciphersuite
+using MD5 for the MAC is also prohibited.
+
+=item B<Level 2>
+
+Security level set to 112 bits of security. As a result RSA, DSA and DH keys
+shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
+In addition to the level 1 exclusions any ciphersuite using RC4 is also
+prohibited. SSL version 3 is also not allowed. Compression is disabled.
+
+=item B<Level 3>
+
+Security level set to 128 bits of security. As a result RSA, DSA and DH keys
+shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited.
+In addition to the level 2 exclusions ciphersuites not offering forward
+secrecy are prohibited. TLS versions below 1.1 are not permitted. Session
+tickets are disabled.
+
+=item B<Level 4>
+
+Security level set to 192 bits of security. As a result RSA, DSA and DH keys
+shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited.
+Ciphersuites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are
+not permitted.
+
+=item B<Level 5>
+
+Security level set to 256 bits of security. As a result RSA, DSA and DH keys
+shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.
+
+=back
+
+=head1 APPLICATION DEFINED SECURITY CALLBACKS
+
+I<Documentation to be provided.>
+
+=head1 NOTES
+
+B<WARNING> at this time setting the security level higher than 1 for
+general internet use is likely to cause B<considerable> interoperability
+issues and is not recommended. This is because the B<SHA1> algorithm
+is very widely used in certificates and will be rejected at levels
+higher than 1 because it only offers 80 bits of security.
+
+The default security level can be configured when OpenSSL is compiled by
+setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used.
+
+The security framework disables or reject parameters inconsistent with the
+set security level. In the past this was difficult as applications had to set
+a number of distinct parameters (supported ciphers, supported curves supported
+signature algorithms) to achieve this end and some cases (DH parameter size
+for example) could not be checked at all.
+
+By setting an appropriate security level much of this complexity can be
+avoided.
+
+The bits of security limits affect all relevant parameters including
+ciphersuite encryption algorithms, supported ECC curves, supported
+signature algorithms, DH parameter sizes, certificate key sizes and
+signature algorithms. This limit applies no matter what other custom
+settings an application has set: so if the ciphersuite is set to B<ALL>
+then only ciphersuites consistent with the security level are permissible.
+
+See SP800-57 for how the security limits are related to individual
+algorithms.
+
+Some security levels require large key sizes for non-ECC public key
+algorithms which can severely degrade performance. For example 256 bits
+of security requires the use of RSA keys of at least 15360 bits in size.
+
+Some restrictions can be gracefully handled: for example ciphersuites
+offering insufficient security are not sent by the client and will not
+be selected by the server. Other restrictions such as the peer certificate
+key size or the DH parameter size will abort the handshake with a fatal
+alert.
+
+Attempts to set certificates or parameters with insufficient security are
+also blocked. For example trying to set a certificate using a 512 bit RSA
+key using SSL_CTX_use_certificate() at level 1. Applications which do not
+check the return values for errors will misbehave: for example it might
+appear that a certificate is not set at all because it had been rejected.
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_cache_mode.pod
new file mode 100644
index 0000000..b237076
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -0,0 +1,141 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+ long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_session_cache_mode() enables/disables session caching
+by setting the operational mode for B<ctx> to <mode>.
+
+SSL_CTX_get_session_cache_mode() returns the currently used cache mode.
+
+=head1 NOTES
+
+The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
+The sessions can be held in memory for each B<ctx>, if more than one
+SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
+object.
+
+In order to reuse a session, a client must send the session's id to the
+server. It can only send exactly one id.  The server then either
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
+
+A server will look up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+the external storage if available.
+
+Since a client may try to reuse a session intended for use in a different
+context, the session id context must be set by the server (see
+L<SSL_CTX_set_session_id_context(3)>).
+
+The following session cache modes and modifiers are available:
+
+=over 4
+
+=item SSL_SESS_CACHE_OFF
+
+No session caching for client or server takes place.
+
+=item SSL_SESS_CACHE_CLIENT
+
+Client sessions are added to the session cache. As there is no reliable way
+for the OpenSSL library to know whether a session should be reused or which
+session to choose (due to the abstract BIO layer the SSL engine does not
+have details about the connection), the application must select the session
+to be reused by using the L<SSL_set_session(3)>
+function. This option is not activated by default.
+
+=item SSL_SESS_CACHE_SERVER
+
+Server sessions are added to the session cache. When a client proposes a
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session.  This is the default.
+
+=item SSL_SESS_CACHE_BOTH
+
+Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.
+
+=item SSL_SESS_CACHE_NO_AUTO_CLEAR
+
+Normally the session cache is checked for expired sessions every
+255 connections using the
+L<SSL_CTX_flush_sessions(3)> function. Since
+this may lead to a delay which cannot be controlled, the automatic
+flushing may be disabled and
+L<SSL_CTX_flush_sessions(3)> can be called
+explicitly by the application.
+
+=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+
+By setting this flag, session-resume operations in an SSL/TLS server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+clients.
+
+=item SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
+sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the SSL_CTX. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using L<SSL_CTX_add_session(3)>). Note:
+in any SSL/TLS servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues - this flag
+prevents these additions to the internal cache as well.
+
+=item SSL_SESS_CACHE_NO_INTERNAL
+
+Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
+SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
+
+
+=back
+
+The default mode is SSL_SESS_CACHE_SERVER.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_session_cache_mode() returns the previously set cache mode.
+
+SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
+
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_set_session(3)>,
+L<SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)>,
+L<SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_set_session_id_context(3)>,
+L<SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_flush_sessions(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_id_context.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_id_context.pod
new file mode 100644
index 0000000..a873b03
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -0,0 +1,92 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                    unsigned int sid_ctx_len);
+ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length
+B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
+
+SSL_set_session_id_context() sets the context B<sid_ctx> of length
+B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
+
+=head1 NOTES
+
+Sessions are generated within a certain context. When exporting/importing
+sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
+to re-import a session generated from another context (e.g. another
+application), which might lead to malfunctions. Therefore each application
+must set its own session id context B<sid_ctx> which is used to distinguish
+the contexts and is stored in exported sessions. The B<sid_ctx> can be
+any kind of binary data with a given length, it is therefore possible
+to use e.g. the name of the application and/or the hostname and/or service
+name ...
+
+The session id context becomes part of the session. The session id context
+is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
+SSL_set_session_id_context() functions are therefore only useful on the
+server side.
+
+OpenSSL clients will check the session id context returned by the server
+when reusing a session.
+
+The maximum length of the B<sid_ctx> is limited to
+B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+
+=head1 WARNINGS
+
+If the session id context is not set on an SSL/TLS server and client
+certificates are used, stored sessions
+will not be reused but a fatal error will be flagged and the handshake
+will fail.
+
+If a server returns a different session id context to an OpenSSL client
+when reusing a session, an error will be flagged and the handshake will
+fail. OpenSSL servers will always return the correct session id context,
+as an OpenSSL server checks the session id context itself before reusing
+a session as described above.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
+return the following values:
+
+=over 4
+
+=item Z<>0
+
+The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+is logged to the error stack.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_split_send_fragment.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_split_send_fragment.pod
new file mode 100644
index 0000000..accf5af
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_split_send_fragment.pod
@@ -0,0 +1,132 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment,
+SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment,
+SSL_CTX_set_max_pipelines, SSL_set_max_pipelines,
+SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len - Control
+fragment sizes and pipelining operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
+ long SSL_set_max_send_fragment(SSL *ssl, long m);
+
+ long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
+ long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
+
+ long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
+ long SSL_set_split_send_fragment(SSL *ssl, long m);
+
+ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+ void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+=head1 DESCRIPTION
+
+Some engines are able to process multiple simultaneous crypto operations. This
+capability could be utilised to parallelise the processing of a single
+connection. For example a single write can be split into multiple records and
+each one encrypted independently and in parallel. Note: this will only work in
+TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This
+capability is known as "pipelining" within OpenSSL.
+
+In order to benefit from the pipelining capability. You need to have an engine
+that provides ciphers that support this. The OpenSSL "dasync" engine provides
+AES128-SHA based ciphers that have this capability. However these are for
+development and test purposes only.
+
+SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the
+B<max_send_fragment> parameter for SSL_CTX and SSL objects respectively. This
+value restricts the amount of plaintext bytes that will be sent in any one
+SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These
+functions will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH.
+
+SSL_CTX_set_max_pipelines() and SSL_set_max_pipelines() set the maximum number
+of pipelines that will be used at any one time. This value applies to both
+"read" pipelining and "write" pipelining. By default only one pipeline will be
+used (i.e. normal non-parallel operation). The number of pipelines set must be
+in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also
+automatically turn on "read_ahead" (see L<SSL_CTX_set_read_ahead(3)>). This is
+explained further below. OpenSSL will only every use more than one pipeline if
+a ciphersuite is negotiated that uses a pipeline capable cipher provided by an
+engine.
+
+Pipelining operates slightly differently for reading encrypted data compared to
+writing encrypted data. SSL_CTX_set_split_send_fragment() and
+SSL_set_split_send_fragment() define how data is split up into pipelines when
+writing encrypted data. The number of pipelines used will be determined by the
+amount of data provided to the SSL_write() call divided by
+B<split_send_fragment>.
+
+For example if B<split_send_fragment> is set to 2000 and B<max_pipelines> is 4
+then:
+
+SSL_write called with 0-2000 bytes == 1 pipeline used
+
+SSL_write called with 2001-4000 bytes == 2 pipelines used
+
+SSL_write called with 4001-6000 bytes == 3 pipelines used
+
+SSL_write called with 6001+ bytes == 4 pipelines used
+
+B<split_send_fragment> must always be less than or equal to
+B<max_send_fragment>. By default it is set to be equal to B<max_send_fragment>.
+This will mean that the same number of records will always be created as would
+have been created in the non-parallel case, although the data will be
+apportioned differently. In the parallel case data will be spread equally
+between the pipelines.
+
+Read pipelining is controlled in a slightly different way than with write
+pipelining. While reading we are constrained by the number of records that the
+peer (and the network) can provide to us in one go. The more records we can get
+in one go the more opportunity we have to parallelise the processing. As noted
+above when setting B<max_pipelines> to a value greater than one, B<read_ahead>
+is automatically set. The B<read_ahead> parameter causes OpenSSL to attempt to
+read as much data into the read buffer as the network can provide and will fit
+into the buffer. Without this set data is read into the read buffer one record
+at a time. The more data that can be read, the more opportunity there is for
+parallelising the processing at the cost of increased memory overhead per
+connection. Setting B<read_ahead> can impact the behaviour of the SSL_pending()
+function (see L<SSL_pending(3)>).
+
+The SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len()
+functions control the size of the read buffer that will be used. The B<len>
+parameter sets the size of the buffer. The value will only be used if it is
+greater than the default that would have been used anyway. The normal default
+value depends on a number of factors but it will be at least
+SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes.
+
+=head1 RETURN VALUES
+
+All non-void functions return 1 on success and 0 on failure.
+
+=head1 NOTES
+
+With the exception of SSL_CTX_set_default_read_buffer_len() and
+SSL_set_default_read_buffer_len() all these functions are implemented using
+macros.
+
+=head1 HISTORY
+
+The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(),
+SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(),
+SSL_CTX_set_default_read_buffer_len() and  SSL_set_default_read_buffer_len()
+functions were added in OpenSSL 1.1.0.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_read_ahead(3)>, L<SSL_pending(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ssl_version.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ssl_version.pod
new file mode 100644
index 0000000..22c0370
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+- choose a new TLS/SSL method
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+ const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
+newly created from this B<ctx>. SSL objects already created with
+L<SSL_new(3)> are not affected, except when
+L<SSL_clear(3)> is being called.
+
+SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
+object. It may be reset, when SSL_clear() is called.
+
+SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
+set in B<ssl>.
+
+=head1 NOTES
+
+The available B<method> choices are described in
+L<SSL_CTX_new(3)>.
+
+When L<SSL_clear(3)> is called and no session is connected to
+an SSL object, the method of the SSL object is reset to the method currently
+set in the corresponding SSL_CTX object.
+
+=head1 RETURN VALUES
+
+The following return values can occur for SSL_CTX_set_ssl_version()
+and SSL_set_ssl_method():
+
+=over 4
+
+=item Z<>0
+
+The new choice failed, check the error stack to find out the reason.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)>, L<SSL_new(3)>,
+L<SSL_clear(3)>, L<ssl(3)>,
+L<SSL_set_connect_state(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_timeout.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_timeout.pod
new file mode 100644
index 0000000..470efdf
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_timeout.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+ long SSL_CTX_get_timeout(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_timeout() sets the timeout for newly created sessions for
+B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
+
+SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
+
+=head1 NOTES
+
+Whenever a new session is created, it is assigned a maximum lifetime. This
+lifetime is specified by storing the creation time of the session and the
+timeout value valid at this time. If the actual time is later than creation
+time plus timeout, the session is not reused.
+
+Due to this realization, all sessions behave according to the timeout value
+valid at the time of the session negotiation. Changes of the timeout value
+do not affect already established sessions.
+
+The expiration time of a single session can be modified using the
+L<SSL_SESSION_get_time(3)> family of functions.
+
+Expired sessions are removed from the internal session cache, whenever
+L<SSL_CTX_flush_sessions(3)> is called, either
+directly by the application or automatically (see
+L<SSL_CTX_set_session_cache_mode(3)>)
+
+The default value for session timeout is decided on a per protocol
+basis, see L<SSL_get_default_timeout(3)>.
+All currently supported protocols have the same default timeout value
+of 300 seconds.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_timeout() returns the previously set timeout value.
+
+SSL_CTX_get_timeout() returns the currently set timeout value.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_CTX_flush_sessions(3)>,
+L<SSL_get_default_timeout(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
new file mode 100644
index 0000000..c12ff0e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
@@ -0,0 +1,125 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_status_cb,
+SSL_CTX_get_tlsext_status_cb,
+SSL_CTX_set_tlsext_status_arg,
+SSL_CTX_get_tlsext_status_arg,
+SSL_CTX_set_tlsext_status_type,
+SSL_CTX_get_tlsext_status_type,
+SSL_set_tlsext_status_type,
+SSL_get_tlsext_status_type,
+SSL_get_tlsext_status_ocsp_resp,
+SSL_set_tlsext_status_ocsp_resp
+- OCSP Certificate Status Request functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/tls1.h>
+
+ long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
+                                   int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx,
+                                   int (**callback)(SSL *, void *));
+
+ long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
+
+ long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
+ long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
+
+ long SSL_set_tlsext_status_type(SSL *s, int type);
+ long SSL_get_tlsext_status_type(SSL *s);
+
+ long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+ long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
+
+=head1 DESCRIPTION
+
+A client application may request that a server send back an OCSP status response
+(also known as OCSP stapling). To do so the client should call the
+SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL
+objects. Alternatively an application can call the SSL_set_tlsext_status_type()
+function on an individual SSL object prior to the start of the handshake.
+Currently the only supported type is B<TLSEXT_STATUSTYPE_ocsp>. This value
+should be passed in the B<type> argument. Calling
+SSL_CTX_get_tlsext_status_type() will return the type B<TLSEXT_STATUSTYPE_ocsp>
+previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.
+
+The client should additionally provide a callback function to decide what to do
+with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The
+callback function should determine whether the returned OCSP response is
+acceptable or not. The callback will be passed as an argument the value
+previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the
+callback will not be called in the event of a handshake where session resumption
+occurs (because there are no Certificates exchanged in such a handshake).
+The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved
+by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling
+SSL_CTX_get_tlsext_status_arg().
+
+On the client side SSL_get_tlsext_status_type() can be used to determine whether
+the client has previously called SSL_set_tlsext_status_type(). It will return
+B<TLSEXT_STATUSTYPE_ocsp> if it has been called or -1 otherwise. On the server
+side SSL_get_tlsext_status_type() can be used to determine whether the client
+requested OCSP stapling. If the client requested it then this function will
+return B<TLSEXT_STATUSTYPE_ocsp>, or -1 otherwise.
+
+The response returned by the server can be obtained via a call to
+SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point
+to the OCSP response data and the return value will be the length of that data.
+Typically a callback would obtain an OCSP_RESPONSE object from this data via a
+call to the d2i_OCSP_RESPONSE() function. If the server has not provided any
+response data then B<*resp> will be NULL and the return value from
+SSL_get_tlsext_status_ocsp_resp() will be -1.
+
+A server application must also call the SSL_CTX_set_tlsext_status_cb() function
+if it wants to be able to provide clients with OCSP Certificate Status
+responses. Typically the server callback would obtain the server certificate
+that is being sent back to the client via a call to SSL_get_certificate();
+obtain the OCSP response to be sent back; and then set that response data by
+calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should
+be provided in the B<resp> argument, and the length of that data should be in
+the B<len> argument.
+
+=head1 RETURN VALUES
+
+The callback when used on the client side should return a negative value on
+error; 0 if the response is not acceptable (in which case the handshake will
+fail) or a positive value if it is acceptable.
+
+The callback when used on the server side should return with either
+SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be
+returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be
+returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has
+occurred).
+
+SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),
+SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and
+SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.
+
+SSL_CTX_get_tlsext_status_type() returns the value previously set by
+SSL_CTX_set_tlsext_status_type(), or -1 if not set.
+
+SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data
+or -1 if there is no OCSP response data.
+
+SSL_get_tlsext_status_type() returns B<TLSEXT_STATUSTYPE_ocsp> on the client
+side if SSL_set_tlsext_status_type() was previously called, or on the server
+side if the client requested OCSP stapling. Otherwise -1 is returned.
+
+=head1 HISTORY
+
+SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and
+SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
new file mode 100644
index 0000000..34d8ce9
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -0,0 +1,198 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
+
+=head1 SYNOPSIS
+
+ #include <openssl/tls1.h>
+
+ long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+        int (*cb)(SSL *s, unsigned char key_name[16],
+                  unsigned char iv[EVP_MAX_IV_LENGTH],
+                  EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function I<cb> for handling
+session tickets for the ssl context I<sslctx>. Session tickets, defined in
+RFC5077 provide an enhanced session resumption capability where the server
+implementation is not required to maintain per session state. It only applies
+to TLS and there is no SSLv3 implementation.
+
+The callback function I<cb> will be called for every client instigated TLS
+session when session ticket extension is presented in the TLS hello
+message. It is the responsibility of this function to create or retrieve the
+cryptographic parameters and to maintain their state.
+
+The OpenSSL library uses your callback function to help implement a common TLS
+ticket construction state according to RFC5077 Section 4 such that per session
+state is unnecessary and a small set of cryptographic variables needs to be
+maintained by the callback function implementation.
+
+In order to reuse a session, a TLS client must send the a session ticket
+extension to the server. The client can only send exactly one session ticket.
+The server, through the callback function, either agrees to reuse the session
+ticket information or it starts a full TLS handshake to create a new session
+ticket.
+
+Before the callback function is started I<ctx> and I<hctx> have been
+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+
+For new sessions tickets, when the client doesn't present a session ticket, or
+an attempted retrieval of the ticket failed, or a renew option was indicated,
+the callback function will be called with I<enc> equal to 1. The OpenSSL
+library expects that the function will set an arbitrary I<name>, initialize
+I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
+
+The I<name> is 16 characters long and is used as a key identifier.
+
+The I<iv> length is the length of the IV of the corresponding cipher. The
+maximum IV length is B<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>.
+
+The initialization vector I<iv> should be a random value. The cipher context
+I<ctx> should use the initialisation vector I<iv>. The cipher context can be
+set using L<EVP_EncryptInit_ex(3)>. The hmac context can be set using
+L<HMAC_Init_ex(3)>.
+
+When the client presents a session ticket, the callback function with be called
+with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
+of parameters. In this case I<name> and I<iv> have already been parsed out of
+the session ticket. The OpenSSL library expects that the I<name> will be used
+to retrieve a cryptographic parameters and that the cryptographic context
+I<ctx> will be set with the retrieved parameters and the initialization vector
+I<iv>. using a function like L<EVP_DecryptInit_ex(3)>. The I<hctx> needs to be
+set using L<HMAC_Init_ex(3)>.
+
+If the I<name> is still valid but a renewal of the ticket is required the
+callback function should return 2. The library will call the callback again
+with an argument of enc equal to 1 to set the new ticket.
+
+The return value of the I<cb> function is used by OpenSSL to determine what
+further processing will occur. The following return values have meaning:
+
+=over 4
+
+=item Z<>2
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters. Additionally it indicates that the session
+ticket is in a renewal period and should be replaced. The OpenSSL library will
+call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
+3.3 paragraph 2).
+
+=item Z<>1
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters.
+
+=item Z<>0
+
+This indicates that it was not possible to set/retrieve a session ticket and
+the SSL/TLS session will continue by negotiating a set of cryptographic
+parameters or using the alternate SSL/TLS resumption mechanism, session ids.
+
+If called with enc equal to 0 the library will call the I<cb> again to get
+a new set of parameters.
+
+=item less than 0
+
+This indicates an error.
+
+=back
+
+=head1 NOTES
+
+Session resumption shortcuts the TLS so that the client certificate
+negotiation don't occur. It makes up for this by storing client certificate
+an all other negotiated state information encrypted within the ticket. In a
+resumed session the applications will have all this state information available
+exactly as if a full negotiation had occurred.
+
+If an attacker can obtain the key used to encrypt a session ticket, they can
+obtain the master secret for any ticket using that key and decrypt any traffic
+using that session: even if the ciphersuite supports forward secrecy. As
+a result applications may wish to use multiple keys and avoid using long term
+keys stored in files.
+
+Applications can use longer keys to maintain a consistent level of security.
+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
+the overall security is only 128 bits because breaking the ticket key will
+enable an attacker to obtain the session keys.
+
+=head1 EXAMPLES
+
+Reference Implementation:
+  SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
+  ....
+
+  static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+  {
+      if (enc) { /* create new session */
+          if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
+              return -1; /* insufficient random */
+          }
+
+          key = currentkey(); /* something that you need to implement */
+          if ( !key ) {
+              /* current key doesn't exist or isn't valid */
+              key = createkey(); /* something that you need to implement.
+                                   * createkey needs to initialise, a name,
+                                   * an aes_key, a hmac_key and optionally
+                                   * an expire time. */
+              if ( !key ) { /* key couldn't be created */
+                  return 0;
+              }
+          }
+          memcpy(key_name, key->name, 16);
+
+          EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+          HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+          return 1;
+
+      } else { /* retrieve session */
+          key = findkey(name);
+
+          if  (!key || key->expire < now() ) {
+              return 0;
+          }
+
+          HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+          EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
+
+          if (key->expire < ( now() - RENEW_TIME ) ) {
+              /* return 2 - this session will get a new ticket even though the current is still valid */
+              return 2;
+          }
+          return 1;
+
+      }
+  }
+
+
+
+=head1 RETURN VALUES
+
+returns 0 to indicate the callback function was set.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_set_session(3)>,
+L<SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)>,
+L<SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_set_session_id_context(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
new file mode 100644
index 0000000..fbfb8cb
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
@@ -0,0 +1,137 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+
+ void SSL_set_tmp_dh_callback(SSL *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
+used when a DH parameters are required to B<tmp_dh_callback>.
+The callback is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
+The key is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
+
+SSL_set_tmp_dh() sets the parameters only for B<ssl>.
+
+These functions apply to SSL/TLS servers only.
+
+=head1 NOTES
+
+When using a cipher with RSA authentication, an ephemeral DH key exchange
+can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
+In these cases, the session data are negotiated using the
+ephemeral/temporary DH key and the key supplied and certified
+by the certificate chain is only used for signing.
+Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
+
+Using ephemeral DH key exchange yields forward secrecy, as the connection
+can only be decrypted, when the DH key is known. By generating a temporary
+DH key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) key, as this key was
+only used for signing.
+
+In order to perform a DH key exchange the server must use a DH group
+(DH parameters) and generate a DH key. The server will always generate
+a new DH key during the negotiation.
+
+As generating DH parameters is extremely time consuming, an application
+should not generate the parameters on the fly but supply the parameters.
+DH parameters can be reused, as the actual key is newly generated during
+the negotiation. The risk in reusing DH parameters is that an attacker
+may specialize on a very often used DH group. Applications should therefore
+generate their own DH parameters during the installation process using the
+openssl L<dhparam(1)> application. This application
+guarantees that "strong" primes are used.
+
+Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
+version of the OpenSSL distribution contain the 'SKIP' DH parameters,
+which use safe primes and were generated verifiably pseudo-randomly.
+These files can be converted into C code using the B<-C> option of the
+L<dhparam(1)> application. Generation of custom DH
+parameters during installation should still be preferred to stop an
+attacker from specializing on a commonly used group. File dh1024.pem
+contains old parameters that must not be used by applications.
+
+An application may either directly specify the DH parameters or
+can supply the DH parameters via a callback function.
+
+Previous versions of the callback used B<is_export> and B<keylength>
+parameters to control parameter generation for export and non-export
+cipher suites. Modern servers that do not support export ciphersuites
+are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use
+the callback but ignore B<keylength> and B<is_export> and simply
+supply at least 2048-bit parameters in the callback.
+
+=head1 EXAMPLES
+
+Setup DH parameters with a key length of 2048 bits. (Error handling
+partly left out.)
+
+ Command-line parameter generation:
+ $ openssl dhparam -out dh_param_2048.pem 2048
+
+ Code for setting up parameters during server initialization:
+
+ ...
+ SSL_CTX ctx = SSL_CTX_new();
+ ...
+
+ /* Set up ephemeral DH parameters. */
+ DH *dh_2048 = NULL;
+ FILE *paramfile;
+ paramfile = fopen("dh_param_2048.pem", "r");
+ if (paramfile) {
+   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+   fclose(paramfile);
+ } else {
+   /* Error. */
+ }
+ if (dh_2048 == NULL) {
+   /* Error. */
+ }
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+   /* Error. */
+ }
+ ...
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
+diagnostic output.
+
+SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_options(3)>,
+L<ciphers(1)>, L<dhparam(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_verify.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_verify.pod
new file mode 100644
index 0000000..7993498
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_verify.pod
@@ -0,0 +1,307 @@
+=pod
+
+=head1 NAME
+
+SSL_get_ex_data_X509_STORE_CTX_idx,
+SSL_CTX_set_verify, SSL_set_verify,
+SSL_CTX_set_verify_depth, SSL_set_verify_depth,
+SSL_verify_cb
+- set peer certificate verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+ void SSL_set_verify(SSL *s, int mode, SSL_verify_cb verify_callback);
+ SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+ void SSL_set_verify_depth(SSL *s, int depth);
+
+
+ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> and
+specifies the B<verify_callback> function to be used. If no callback function
+shall be specified, the NULL pointer can be used for B<verify_callback>.
+
+SSL_set_verify() sets the verification flags for B<ssl> to be B<mode> and
+specifies the B<verify_callback> function to be used. If no callback function
+shall be specified, the NULL pointer can be used for B<verify_callback>. In
+this case last B<verify_callback> set specifically for this B<ssl> remains. If
+no special B<callback> was set before, the default callback for the underlying
+B<ctx> is used, that was valid at the time B<ssl> was created with
+L<SSL_new(3)>. Within the callback function,
+B<SSL_get_ex_data_X509_STORE_CTX_idx> can be called to get the data index
+of the current SSL object that is doing the verification.
+
+SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
+verification that shall be allowed for B<ctx>.
+
+SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
+verification that shall be allowed for B<ssl>.
+
+=head1 NOTES
+
+The verification of certificates can be controlled by a set of logically
+or'ed B<mode> flags:
+
+=over 4
+
+=item SSL_VERIFY_NONE
+
+B<Server mode:> the server will not send a client certificate request to the
+client, so the client will not send a certificate.
+
+B<Client mode:> if not using an anonymous cipher (by default disabled), the
+server will send a certificate which will be checked. The result of the
+certificate verification process can be checked after the TLS/SSL handshake
+using the L<SSL_get_verify_result(3)> function.
+The handshake will be continued regardless of the verification result.
+
+=item SSL_VERIFY_PEER
+
+B<Server mode:> the server sends a client certificate request to the client.
+The certificate returned (if any) is checked. If the verification process
+fails, the TLS/SSL handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure.
+The behaviour can be controlled by the additional
+SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
+
+B<Client mode:> the server certificate is verified. If the verification process
+fails, the TLS/SSL handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure. If no server certificate is sent, because an
+anonymous cipher is used, SSL_VERIFY_PEER is ignored.
+
+=item SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+
+B<Server mode:> if the client did not return a certificate, the TLS/SSL
+handshake is immediately terminated with a "handshake failure" alert.
+This flag must be used together with SSL_VERIFY_PEER.
+
+B<Client mode:> ignored
+
+=item SSL_VERIFY_CLIENT_ONCE
+
+B<Server mode:> only request a client certificate on the initial TLS/SSL
+handshake. Do not ask for a client certificate again in case of a
+renegotiation. This flag must be used together with SSL_VERIFY_PEER.
+
+B<Client mode:> ignored
+
+=back
+
+If the B<mode> is SSL_VERIFY_NONE none of the other flags may be set.
+
+The actual verification procedure is performed either using the built-in
+verification procedure or using another application provided verification
+function set with
+L<SSL_CTX_set_cert_verify_callback(3)>.
+The following descriptions apply in the case of the built-in procedure. An
+application provided procedure also has access to the verify depth information
+and the verify_callback() function, but the way this information is used
+may be different.
+
+SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set a limit on the
+number of certificates between the end-entity and trust-anchor certificates.
+Neither the
+end-entity nor the trust-anchor certificates count against B<depth>. If the
+certificate chain needed to reach a trusted issuer is longer than B<depth+2>,
+X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued.
+The depth count is "level 0:peer certificate", "level 1: CA certificate",
+"level 2: higher level CA certificate", and so on. Setting the maximum
+depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the
+trust-anchor).
+The default depth limit is 100,
+allowing for the peer certificate, at most 100 intermediate CA certificates and
+a final trust anchor certificate.
+
+The B<verify_callback> function is used to control the behaviour when the
+SSL_VERIFY_PEER flag is set. It must be supplied by the application and
+receives two arguments: B<preverify_ok> indicates, whether the verification of
+the certificate in question was passed (preverify_ok=1) or not
+(preverify_ok=0). B<x509_ctx> is a pointer to the complete context used
+for the certificate chain verification.
+
+The certificate chain is checked starting with the deepest nesting level
+(the root CA certificate) and worked upward to the peer's certificate.
+At each level signatures and issuer attributes are checked. Whenever
+a verification error is found, the error number is stored in B<x509_ctx>
+and B<verify_callback> is called with B<preverify_ok>=0. By applying
+X509_CTX_store_* functions B<verify_callback> can locate the certificate
+in question and perform additional steps (see EXAMPLES). If no error is
+found for a certificate, B<verify_callback> is called with B<preverify_ok>=1
+before advancing to the next level.
+
+The return value of B<verify_callback> controls the strategy of the further
+verification process. If B<verify_callback> returns 0, the verification
+process is immediately stopped with "verification failed" state. If
+SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
+the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
+the verification process is continued. If B<verify_callback> always returns
+1, the TLS/SSL handshake will not be terminated with respect to verification
+failures and the connection will be established. The calling process can
+however retrieve the error code of the last verification error using
+L<SSL_get_verify_result(3)> or by maintaining its
+own error storage managed by B<verify_callback>.
+
+If no B<verify_callback> is specified, the default callback will be used.
+Its return value is identical to B<preverify_ok>, so that any verification
+failure will lead to a termination of the TLS/SSL handshake with an
+alert message, if SSL_VERIFY_PEER is set.
+
+=head1 BUGS
+
+In client mode, it is not checked whether the SSL_VERIFY_PEER flag
+is set, but whether any flags are set. This can lead to
+unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as
+required.
+
+=head1 RETURN VALUES
+
+The SSL*_set_verify*() functions do not provide diagnostic information.
+
+=head1 EXAMPLES
+
+The following code sequence realizes an example B<verify_callback> function
+that will always continue the TLS/SSL handshake regardless of verification
+failure, if wished. The callback realizes a verification depth limit with
+more informational output.
+
+All verification errors are printed; information about the certificate chain
+is printed on request.
+The example is realized for a server that does allow but not require client
+certificates.
+
+The example makes use of the ex_data technique to store application data
+into/retrieve application data from the SSL structure
+(see L<CRYPTO_get_ex_new_index(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
+
+ ...
+ typedef struct {
+   int verbose_mode;
+   int verify_depth;
+   int always_continue;
+ } mydata_t;
+ int mydata_index;
+ ...
+ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+ {
+    char    buf[256];
+    X509   *err_cert;
+    int     err, depth;
+    SSL    *ssl;
+    mydata_t *mydata;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    /*
+     * Retrieve the pointer to the SSL of the connection currently treated
+     * and the application specific data stored into the SSL object.
+     */
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    mydata = SSL_get_ex_data(ssl, mydata_index);
+
+    X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+
+    /*
+     * Catch a too long certificate chain. The depth limit set using
+     * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+     * that whenever the "depth>verify_depth" condition is met, we
+     * have violated the limit and want to log this error condition.
+     * We must do it here, because the CHAIN_TOO_LONG error would not
+     * be found explicitly; only errors introduced by cutting off the
+     * additional certificates would be logged.
+     */
+    if (depth > mydata->verify_depth) {
+        preverify_ok = 0;
+        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        X509_STORE_CTX_set_error(ctx, err);
+    }
+    if (!preverify_ok) {
+        printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+                 X509_verify_cert_error_string(err), depth, buf);
+    }
+    else if (mydata->verbose_mode)
+    {
+        printf("depth=%d:%s\n", depth, buf);
+    }
+
+    /*
+     * At this point, err contains the last verification error. We can use
+     * it for something special
+     */
+    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+    {
+      X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+      printf("issuer= %s\n", buf);
+    }
+
+    if (mydata->always_continue)
+      return 1;
+    else
+      return preverify_ok;
+ }
+ ...
+
+ mydata_t mydata;
+
+ ...
+ mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+
+ ...
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                    verify_callback);
+
+ /*
+  * Let the verify_callback catch the verify_depth error so that we get
+  * an appropriate error in the logfile.
+  */
+ SSL_CTX_set_verify_depth(verify_depth + 1);
+
+ /*
+  * Set up the SSL specific data into "mydata" and store it into th SSL
+  * structure.
+  */
+ mydata.verify_depth = verify_depth; ...
+ SSL_set_ex_data(ssl, mydata_index, &mydata);
+
+ ...
+ SSL_accept(ssl);       /* check of success left out for clarity */
+ if (peer = SSL_get_peer_certificate(ssl))
+ {
+   if (SSL_get_verify_result(ssl) == X509_V_OK)
+   {
+     /* The client sent a certificate which verified OK */
+   }
+ }
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_new(3)>,
+L<SSL_CTX_get_verify_mode(3)>,
+L<SSL_get_verify_result(3)>,
+L<SSL_CTX_load_verify_locations(3)>,
+L<SSL_get_peer_certificate(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<CRYPTO_get_ex_new_index(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_use_certificate.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_certificate.pod
new file mode 100644
index 0000000..c645f58
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_certificate.pod
@@ -0,0 +1,180 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1,
+SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1,
+SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file,
+SSL_use_certificate_chain_file,
+SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1,
+SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey,
+SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file,
+SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey,
+SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1,
+SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key
+- load certificate and key data
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_certificate(SSL *ssl, X509 *x);
+ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+ int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+
+ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+                                 long len);
+ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+ int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+ int SSL_check_private_key(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+These functions load the certificates and private keys into the SSL_CTX
+or SSL object, respectively.
+
+The SSL_CTX_* class of functions loads the certificates and keys into the
+SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl>
+created from B<ctx> with L<SSL_new(3)> by copying, so that
+changes applied to B<ctx> do not propagate to already existing SSL objects.
+
+The SSL_* class of functions only loads certificates and keys into a
+specific SSL object. The specific information is kept, when
+L<SSL_clear(3)> is called for this SSL object.
+
+SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
+SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
+certificates needed to form the complete certificate chain can be
+specified using the
+L<SSL_CTX_add_extra_chain_cert(3)>
+function.
+
+SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
+the memory location B<d> (with length B<len>) into B<ctx>,
+SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
+
+SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
+into B<ctx>. The formatting B<type> of the certificate must be specified
+from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
+SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
+See the NOTES section on why SSL_CTX_use_certificate_chain_file()
+should be preferred.
+
+SSL_CTX_use_certificate_chain_file() loads a certificate chain from
+B<file> into B<ctx>. The certificates must be in PEM format and must
+be sorted starting with the subject's certificate (actual client or server
+certificate), followed by intermediate CA certificates if applicable, and
+ending at the highest level (root) CA. SSL_use_certificate_chain_file() is
+similar except it loads the certificate chain into B<ssl>.
+
+SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
+SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
+to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>;
+SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>.
+If a certificate has already been set and the private does not belong
+to the certificate an error is returned. To change a certificate, private
+key pair the new certificate needs to be set with SSL_use_certificate()
+or SSL_CTX_use_certificate() before setting the private key with
+SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().
+
+
+SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
+stored at memory location B<d> (length B<len>) to B<ctx>.
+SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA
+stored at memory location B<d> (length B<len>) to B<ctx>.
+SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private
+key to B<ssl>.
+
+SSL_CTX_use_PrivateKey_file() adds the first private key found in
+B<file> to B<ctx>. The formatting B<type> of the certificate must be specified
+from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
+SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in
+B<file> to B<ctx>. SSL_use_PrivateKey_file() adds the first private key found
+in B<file> to B<ssl>; SSL_use_RSAPrivateKey_file() adds the first private
+RSA key found to B<ssl>.
+
+SSL_CTX_check_private_key() checks the consistency of a private key with
+the corresponding certificate loaded into B<ctx>. If more than one
+key/certificate pair (RSA/DSA) is installed, the last item installed will
+be checked. If e.g. the last item was a RSA certificate or key, the RSA
+key/certificate pair will be checked. SSL_check_private_key() performs
+the same check for B<ssl>. If no key/certificate was explicitly added for
+this B<ssl>, the last item added into B<ctx> will be checked.
+
+=head1 NOTES
+
+The internal certificate store of OpenSSL can hold several private
+key/certificate pairs at a time. The certificate used depends on the
+cipher selected, see also L<SSL_CTX_set_cipher_list(3)>.
+
+When reading certificates and private keys from file, files of type
+SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
+one certificate or private key, consequently
+SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
+Files of type SSL_FILETYPE_PEM can contain more than one item.
+
+SSL_CTX_use_certificate_chain_file() adds the first certificate found
+in the file to the certificate store. The other certificates are added
+to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single
+certificate chain store for all certificate types, OpenSSL 1.0.2 and later
+have a separate chain store for each type. SSL_CTX_use_certificate_chain_file()
+should be used instead of the SSL_CTX_use_certificate_file() function in order
+to allow the use of complete certificate chains even when no trusted CA
+storage is used or when the CA issuing the certificate shall not be added to
+the trusted CA storage.
+
+If additional certificates are needed to complete the chain during the
+TLS negotiation, CA certificates are additionally looked up in the
+locations of trusted CA certificates, see
+L<SSL_CTX_load_verify_locations(3)>.
+
+The private keys loaded from file can be encrypted. In order to successfully
+load encrypted keys, a function returning the passphrase must have been
+supplied, see
+L<SSL_CTX_set_default_passwd_cb(3)>.
+(Certificate files might be encrypted as well from the technical point
+of view, it however does not make sense as the data in the certificate
+is considered public anyway.)
+
+=head1 RETURN VALUES
+
+On success, the functions return 1.
+Otherwise check out the error stack to find out the reason.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
+L<SSL_CTX_load_verify_locations(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
new file mode 100644
index 0000000..753074a
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint,
+SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK
+identity hint to use
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+        unsigned int (*callback)(SSL *ssl, const char *identity,
+        unsigned char *psk, int max_psk_len));
+ void SSL_set_psk_server_callback(SSL *ssl,
+        unsigned int (*callback)(SSL *ssl, const char *identity,
+        unsigned char *psk, int max_psk_len));
+
+
+=head1 DESCRIPTION
+
+SSL_CTX_use_psk_identity_hint() sets the given B<NULL>-terminated PSK
+identity hint B<hint> to SSL context object
+B<ctx>. SSL_use_psk_identity_hint() sets the given B<NULL>-terminated
+PSK identity hint B<hint> to SSL connection object B<ssl>. If B<hint>
+is B<NULL> the current hint from B<ctx> or B<ssl> is deleted.
+
+In the case where PSK identity hint is B<NULL>, the server
+does not send the ServerKeyExchange message to the client.
+
+A server application must provide a callback function which is called
+when the server receives the ClientKeyExchange message from the
+client. The purpose of the callback function is to validate the
+received PSK identity and to fetch the pre-shared key used during the
+connection setup phase. The callback is set using functions
+SSL_CTX_set_psk_server_callback() or
+SSL_set_psk_server_callback(). The callback function is given the
+connection in parameter B<ssl>, B<NULL>-terminated PSK identity sent
+by the client in parameter B<identity>, and a buffer B<psk> of length
+B<max_psk_len> bytes where the pre-shared key is to be stored.
+
+
+=head1 RETURN VALUES
+
+SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
+1 on success, 0 otherwise.
+
+Return values from the server callback are interpreted as follows:
+
+=over 4
+
+=item Z<>0
+
+PSK identity was not found. An "unknown_psk_identity" alert message
+will be sent and the connection setup fails.
+
+=item E<gt>0
+
+PSK identity was found and the server callback has provided the PSK
+successfully in parameter B<psk>. Return value is the length of
+B<psk> in bytes. It is an error to return a value greater than
+B<max_psk_len>.
+
+If the PSK identity was not found but the callback instructs the
+protocol to continue anyway, the callback must provide some random
+data to B<psk> and return the length of the random data, so the
+connection will fail with decryption_error before it will be finished
+completely.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+Copyright 2005 Nokia.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_use_serverinfo.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_serverinfo.pod
new file mode 100644
index 0000000..bd496ff
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_use_serverinfo.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - use serverinfo extension
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                            size_t serverinfo_length);
+
+ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+=head1 DESCRIPTION
+
+These functions load "serverinfo" TLS ServerHello Extensions into the SSL_CTX.
+A "serverinfo" extension is returned in response to an empty ClientHello
+Extension.
+
+SSL_CTX_use_serverinfo() loads one or more serverinfo extensions from
+a byte array into B<ctx>.  The extensions must be concatenated into a
+sequence of bytes.  Each extension must consist of a 2-byte Extension Type,
+a 2-byte length, and then length bytes of extension_data.
+
+SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
+B<file> into B<ctx>.  The extensions must be in PEM format.  Each extension
+must consist of a 2-byte Extension Type, a 2-byte length, and then length
+bytes of extension_data.  Each PEM extension name must begin with the phrase
+"BEGIN SERVERINFO FOR ".
+
+If more than one certificate (RSA/DSA) is installed using
+SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
+last certificate installed.  If e.g. the last item was a RSA certificate, the
+loaded serverinfo extension data will be loaded for that certificate.  To
+use the serverinfo extension for multiple certificates,
+SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
+each time a certificate is loaded.
+
+=head1 RETURN VALUES
+
+On success, the functions return 1.
+On failure, the functions return 0.  Check out the error stack to find out
+the reason.
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_free.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_free.pod
new file mode 100644
index 0000000..5bea785
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_free.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_new,
+SSL_SESSION_up_ref,
+SSL_SESSION_free - create, free and manage SSL_SESSION structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *SSL_SESSION_new(void);
+ int SSL_SESSION_up_ref(SSL_SESSION *ses);
+ void SSL_SESSION_free(SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to
+it.
+
+SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION
+structure.
+
+SSL_SESSION_free() decrements the reference count of B<session> and removes
+the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+memory, if the reference count has reached 0.
+If B<session> is NULL nothing is done.
+
+=head1 NOTES
+
+SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
+is successfully completed. Depending on the settings, see
+L<SSL_CTX_set_session_cache_mode(3)>,
+the SSL_SESSION objects are internally referenced by the SSL_CTX and
+linked into its session cache. SSL objects may be using the SSL_SESSION object;
+as a session may be reused, several SSL objects may be using one SSL_SESSION
+object at the same time. It is therefore crucial to keep the reference
+count (usage information) correct and not delete a SSL_SESSION object
+that is still used, as this may lead to program failures due to
+dangling pointers. These failures may also appear delayed, e.g.
+when an SSL_SESSION object was completely freed as the reference count
+incorrectly became 0, but it is still referenced in the internal
+session cache and the cache list is processed during a
+L<SSL_CTX_flush_sessions(3)> operation.
+
+SSL_SESSION_free() must only be called for SSL_SESSION objects, for
+which the reference count was explicitly incremented (e.g.
+by calling SSL_get1_session(), see L<SSL_get_session(3)>)
+or when the SSL_SESSION object was generated outside a TLS handshake
+operation, e.g. by using L<d2i_SSL_SESSION(3)>.
+It must not be called on other SSL_SESSION objects, as this would cause
+incorrect reference counts and therefore program failures.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure
+or NULL on error.
+
+SSL_SESSION_up_ref returns 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_flush_sessions(3)>,
+L<d2i_SSL_SESSION(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_cipher.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_cipher.pod
new file mode 100644
index 0000000..fdd36ed
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_cipher.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_cipher - retrieve the SSL cipher associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_cipher() retrieves the cipher that was used by the
+connection when the session was created, or NULL if it cannot be determined.
+
+The value returned is a pointer to an object maintained within B<s> and
+should not be released.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<d2i_SSL_SESSION(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_SESSION_get0_hostname(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_hostname.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_hostname.pod
new file mode 100644
index 0000000..6fb12be
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_hostname.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_SESSION_get0_hostname(const SSL_SESSSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
+client when the session was created, or NULL if no value was sent.
+
+The value returned is a pointer to memory maintained within B<s> and
+should not be free'd.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<d2i_SSL_SESSION(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_id_context.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_id_context.pod
new file mode 100644
index 0000000..ee4a256
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_id_context.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_id_context,
+SSL_SESSION_set1_id_context
+- get and set the SSL ID context associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                  unsigned int *len)
+ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
+
+=head1 DESCRIPTION
+
+See L<SSL_CTX_set_session_id_context(3)> for further details on session ID
+contexts.
+
+SSL_SESSION_get0_id_context() returns the ID context associated with
+the SSL/TLS session B<s>. The length of the ID context is written to
+B<*len> if B<len> is not NULL.
+
+The value returned is a pointer to an object maintained within B<s> and
+should not be released.
+
+SSL_SESSION_set1_id_context() takes a copy of the provided ID context given in
+B<sid_ctx> and associates it with the session B<s>. The length of the ID context
+is given by B<sid_ctx_len> which must not exceed SSL_MAX_SID_CTX_LENGTH bytes.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_set1_id_context() returns 1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_set_session_id_context(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_peer.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_peer.pod
new file mode 100644
index 0000000..a95f8a5
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_peer.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_peer
+- get details about peer's certificate for a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_peer() returns the peer certificate associated with the session
+B<s> or NULL if no peer certificate is available. The caller should not free the
+returned value (unless L<X509_up_ref(3)> has also been called).
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if
+no peer certificate is available.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_compress_id.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_compress_id.pod
new file mode 100644
index 0000000..5045c53
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_compress_id.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_compress_id
+- get details about the compression associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+
+=head1 DESCRIPTION
+
+If compression has been negotiated for an ssl session then
+SSL_SESSION_get_compress_id() will return the id for the compression method or
+0 otherwise. The only built-in supported compression method is zlib which has an
+id of 1.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_compress_id() returns the id of the compression method or 0 if
+none.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_ex_data.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_ex_data.pod
new file mode 100644
index 0000000..e922abc
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_ex_data.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_set_ex_data,
+SSL_SESSION_get_ex_data
+- get and set application specific data on a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+ void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_set_ex_data() enables an application to store arbitrary application
+specific data B<data> in an SSL_SESSION structure B<ss>. The index B<idx> should
+be a value previously returned from a call to L<CRYPTO_get_ex_new_index(3)>.
+
+SSL_SESSION_get_ex_data() retrieves application specific data previously stored
+in an SSL_SESSION structure B<s>. The B<idx> value should be the same as that
+used when originally storing the data.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_set_ex_data() returns 1 for success or 0 for failure.
+
+SSL_SESSION_get_ex_data() returns the previously stored value or NULL on
+failure. NULL may also be a valid value.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<CRYPTO_get_ex_new_index(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_protocol_version.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_protocol_version.pod
new file mode 100644
index 0000000..a033fdd
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_protocol_version.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_protocol_version - retrieve session protocol version
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_protocol_version() returns the protocol version number used
+by session B<s>.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_protocol_version() returns a number indicating the protocol
+version used for the session; this number matches the constants I<e.g.>
+B<TLS1_VERSION> or B<TLS1_2_VERSION>.
+
+Note that the SSL_SESSION_get_protocol_version() function
+does B<not> perform a null check on the provided session B<s> pointer.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_time.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_time.pod
new file mode 100644
index 0000000..e98d128
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_get_time.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout,
+SSL_SESSION_set_timeout,
+SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout
+- retrieve and manipulate session time and timeout settings
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_SESSION_get_time(const SSL_SESSION *s);
+ long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+ long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+ long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
+
+ long SSL_get_time(const SSL_SESSION *s);
+ long SSL_set_time(SSL_SESSION *s, long tm);
+ long SSL_get_timeout(const SSL_SESSION *s);
+ long SSL_set_timeout(SSL_SESSION *s, long tm);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_time() returns the time at which the session B<s> was
+established. The time is given in seconds since the Epoch and therefore
+compatible to the time delivered by the time() call.
+
+SSL_SESSION_set_time() replaces the creation time of the session B<s> with
+the chosen value B<tm>.
+
+SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
+in seconds.
+
+SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
+to B<tm>.
+
+The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
+functions are synonyms for the SSL_SESSION_*() counterparts.
+
+=head1 NOTES
+
+Sessions are expired by examining the creation time and the timeout value.
+Both are set at creation time of the session to the actual time and the
+default timeout value at creation, respectively, as set by
+L<SSL_CTX_set_timeout(3)>.
+Using these functions it is possible to extend or shorten the lifetime
+of the session.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently
+valid values.
+
+SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
+
+If any of the function is passed the NULL pointer for the session B<s>,
+0 is returned.
+
+=head1 SEE ALSO
+
+L<ssl(7)>,
+L<SSL_CTX_set_timeout(3)>,
+L<SSL_get_default_timeout(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_has_ticket.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_has_ticket.pod
new file mode 100644
index 0000000..a84440b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_has_ticket.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_ticket,
+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint
+- get details about the ticket associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+ void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                              size_t *len);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with
+this session, and 0 otherwise.
+
+SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds
+associated with the session ticket.
+
+SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a
+session. The length of the ticket is written to B<*len>. If B<tick> is non
+NULL then a pointer to the ticket is written to B<*tick>. The pointer is only
+valid while the connection is in use. The session (and hence the ticket pointer)
+may also become invalid as a result of a call to SSL_CTX_flush_sessions().
+
+=head1 SEE ALSO
+
+L<ssl(7)>,
+L<d2i_SSL_SESSION(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and
+SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_print.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_print.pod
new file mode 100644
index 0000000..9a44c11
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_print.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_print,
+SSL_SESSION_print_fp,
+SSL_SESSION_print_keylog
+- printf information about a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_print() prints summary information about the session provided in
+B<ses> to the BIO B<fp>.
+
+SSL_SESSION_print_fp() does the same as SSL_SESSION_print() except it prints it
+to the FILE B<fp>.
+
+SSL_SESSION_print_keylog() prints session information to the provided BIO <bp>
+in NSS keylog format.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return
+1 on success or 0 on error.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_SESSION_set1_id.pod b/openssl-1.1.0h/doc/ssl/SSL_SESSION_set1_id.pod
new file mode 100644
index 0000000..0bd9b83
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_SESSION_set1_id.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_id,
+SSL_SESSION_set1_id
+- get and set the SSL session ID
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                         unsigned int *len)
+ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                         unsigned int sid_len);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_id() returns a pointer to the internal session id value for the
+session B<s>. The length of the id in bytes is stored in B<*len>. The length may
+be 0. The caller should not free the returned pointer directly.
+
+SSL_SESSION_set1_id() sets the the session ID for the B<ssl> SSL/TLS session
+to B<sid> of length B<sid_len>.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_id() returns a pointer to the session id value.
+SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example
+if the supplied session ID length exceeds B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_accept.pod b/openssl-1.1.0h/doc/ssl/SSL_accept.pod
new file mode 100644
index 0000000..3248cac
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_accept.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_accept(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
+The communication channel must already have been set and assigned to the
+B<ssl> by setting an underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_accept() depends on the underlying BIO.
+
+If the underlying BIO is B<blocking>, SSL_accept() will only return once the
+handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_accept() will also return
+when the underlying BIO could not satisfy the needs of SSL_accept()
+to continue the handshake, indicating the problem by the return value -1.
+In this case a call to SSL_get_error() with the
+return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_accept().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_connect(3)>,
+L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>,
+L<SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)>,
+L<SSL_CTX_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_alert_type_string.pod b/openssl-1.1.0h/doc/ssl/SSL_alert_type_string.pod
new file mode 100644
index 0000000..6e2768e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_alert_type_string.pod
@@ -0,0 +1,242 @@
+=pod
+
+=head1 NAME
+
+SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_alert_type_string(int value);
+ const char *SSL_alert_type_string_long(int value);
+
+ const char *SSL_alert_desc_string(int value);
+ const char *SSL_alert_desc_string_long(int value);
+
+=head1 DESCRIPTION
+
+SSL_alert_type_string() returns a one letter string indicating the
+type of the alert specified by B<value>.
+
+SSL_alert_type_string_long() returns a string indicating the type of the alert
+specified by B<value>.
+
+SSL_alert_desc_string() returns a two letter string as a short form
+describing the reason of the alert specified by B<value>.
+
+SSL_alert_desc_string_long() returns a string describing the reason
+of the alert specified by B<value>.
+
+=head1 NOTES
+
+When one side of an SSL/TLS communication wants to inform the peer about
+a special situation, it sends an alert. The alert is sent as a special message
+and does not influence the normal data stream (unless its contents results
+in the communication being canceled).
+
+A warning alert is sent, when a non-fatal error condition occurs. The
+"close notify" alert is sent as a warning alert. Other examples for
+non-fatal errors are certificate errors ("certificate expired",
+"unsupported certificate"), for which a warning alert may be sent.
+(The sending party may however decide to send a fatal error.) The
+receiving side may cancel the connection on reception of a warning
+alert on it discretion.
+
+Several alert messages must be sent as fatal alert messages as specified
+by the TLS RFC. A fatal alert always leads to a connection abort.
+
+=head1 RETURN VALUES
+
+The following strings can occur for SSL_alert_type_string() or
+SSL_alert_type_string_long():
+
+=over 4
+
+=item "W"/"warning"
+
+=item "F"/"fatal"
+
+=item "U"/"unknown"
+
+This indicates that no support is available for this alert type.
+Probably B<value> does not contain a correct alert message.
+
+=back
+
+The following strings can occur for SSL_alert_desc_string() or
+SSL_alert_desc_string_long():
+
+=over 4
+
+=item "CN"/"close notify"
+
+The connection shall be closed. This is a warning alert.
+
+=item "UM"/"unexpected message"
+
+An inappropriate message was received. This alert is always fatal
+and should never be observed in communication between proper
+implementations.
+
+=item "BM"/"bad record mac"
+
+This alert is returned if a record is received with an incorrect
+MAC. This message is always fatal.
+
+=item "DF"/"decompression failure"
+
+The decompression function received improper input (e.g. data
+that would expand to excessive length). This message is always
+fatal.
+
+=item "HF"/"handshake failure"
+
+Reception of a handshake_failure alert message indicates that the
+sender was unable to negotiate an acceptable set of security
+parameters given the options available. This is a fatal error.
+
+=item "NC"/"no certificate"
+
+A client, that was asked to send a certificate, does not send a certificate
+(SSLv3 only).
+
+=item "BC"/"bad certificate"
+
+A certificate was corrupt, contained signatures that did not
+verify correctly, etc
+
+=item "UC"/"unsupported certificate"
+
+A certificate was of an unsupported type.
+
+=item "CR"/"certificate revoked"
+
+A certificate was revoked by its signer.
+
+=item "CE"/"certificate expired"
+
+A certificate has expired or is not currently valid.
+
+=item "CU"/"certificate unknown"
+
+Some other (unspecified) issue arose in processing the
+certificate, rendering it unacceptable.
+
+=item "IP"/"illegal parameter"
+
+A field in the handshake was out of range or inconsistent with
+other fields. This is always fatal.
+
+=item "DC"/"decryption failed"
+
+A TLSCiphertext decrypted in an invalid way: either it wasn't an
+even multiple of the block length or its padding values, when
+checked, weren't correct. This message is always fatal.
+
+=item "RO"/"record overflow"
+
+A TLSCiphertext record was received which had a length more than
+2^14+2048 bytes, or a record decrypted to a TLSCompressed record
+with more than 2^14+1024 bytes. This message is always fatal.
+
+=item "CA"/"unknown CA"
+
+A valid certificate chain or partial chain was received, but the
+certificate was not accepted because the CA certificate could not
+be located or couldn't be matched with a known, trusted CA.  This
+message is always fatal.
+
+=item "AD"/"access denied"
+
+A valid certificate was received, but when access control was
+applied, the sender decided not to proceed with negotiation.
+This message is always fatal.
+
+=item "DE"/"decode error"
+
+A message could not be decoded because some field was out of the
+specified range or the length of the message was incorrect. This
+message is always fatal.
+
+=item "CY"/"decrypt error"
+
+A handshake cryptographic operation failed, including being
+unable to correctly verify a signature, decrypt a key exchange,
+or validate a finished message.
+
+=item "ER"/"export restriction"
+
+A negotiation not in compliance with export restrictions was
+detected; for example, attempting to transfer a 1024 bit
+ephemeral RSA key for the RSA_EXPORT handshake method. This
+message is always fatal.
+
+=item "PV"/"protocol version"
+
+The protocol version the client has attempted to negotiate is
+recognized, but not supported. (For example, old protocol
+versions might be avoided for security reasons). This message is
+always fatal.
+
+=item "IS"/"insufficient security"
+
+Returned instead of handshake_failure when a negotiation has
+failed specifically because the server requires ciphers more
+secure than those supported by the client. This message is always
+fatal.
+
+=item "IE"/"internal error"
+
+An internal error unrelated to the peer or the correctness of the
+protocol makes it impossible to continue (such as a memory
+allocation failure). This message is always fatal.
+
+=item "US"/"user canceled"
+
+This handshake is being canceled for some reason unrelated to a
+protocol failure. If the user cancels an operation after the
+handshake is complete, just closing the connection by sending a
+close_notify is more appropriate. This alert should be followed
+by a close_notify. This message is generally a warning.
+
+=item "NR"/"no renegotiation"
+
+Sent by the client in response to a hello request or by the
+server in response to a client hello after initial handshaking.
+Either of these would normally lead to renegotiation; when that
+is not appropriate, the recipient should respond with this alert;
+at that point, the original requester can decide whether to
+proceed with the connection. One case where this would be
+appropriate would be where a server has spawned a process to
+satisfy a request; the process might receive security parameters
+(key length, authentication, etc.) at startup and it might be
+difficult to communicate changes to these parameters after that
+point. This message is always a warning.
+
+=item "UP"/"unknown PSK identity"
+
+Sent by the server to indicate that it does not recognize a PSK
+identity or an SRP identity.
+
+=item "UK"/"unknown"
+
+This indicates that no description is available for this alert type.
+Probably B<value> does not contain a correct alert message.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_check_chain.pod b/openssl-1.1.0h/doc/ssl/SSL_check_chain.pod
new file mode 100644
index 0000000..8691994
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_check_chain.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+SSL_check_chain - check certificate chain suitability
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+=head1 DESCRIPTION
+
+SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
+certificate chain B<chain> is suitable for use with the current session
+B<s>.
+
+=head1 RETURN VALUES
+
+SSL_check_chain() returns a bitmap of flags indicating the validity of the
+chain.
+
+B<CERT_PKEY_VALID>: the chain can be used with the current session.
+If this flag is B<not> set then the certificate will never be used even
+if the application tries to set it because it is inconsistent with the
+peer preferences.
+
+B<CERT_PKEY_SIGN>: the EE key can be used for signing.
+
+B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
+acceptable.
+
+B<CERT_PKEY_CA_SIGNATURE>: the signature algorithms of all CA certificates
+are acceptable.
+
+B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
+acceptable (e.g. it is a supported curve).
+
+B<CERT_PKEY_CA_PARAM>: the parameters of all CA certificates are acceptable.
+
+B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
+can be used explicitly for signing (i.e. it is mentioned in the signature
+algorithms extension).
+
+B<CERT_PKEY_ISSUER_NAME>: the issuer name is acceptable. This is only
+meaningful for client authentication.
+
+B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
+for client authentication.
+
+B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use.
+
+=head1 NOTES
+
+SSL_check_chain() must be called in servers after a client hello message or in
+clients after a certificate request message. It will typically be called
+in the certificate callback.
+
+An application wishing to support multiple certificate chains may call this
+function on each chain in turn: starting with the one it considers the
+most secure. It could then use the chain of the first set which returns
+suitable flags.
+
+As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be
+usable. An application supporting multiple chains with different CA signature
+algorithms may also wish to check B<CERT_PKEY_CA_SIGNATURE> too. If no
+chain is suitable a server should fall back to the most secure chain which
+sets B<CERT_PKEY_VALID>.
+
+The validity of a chain is determined by checking if it matches a supported
+signature algorithm, supported curves and in the case of client authentication
+certificate types and issuer names.
+
+Since the supported signature algorithms extension is only used in TLS 1.2
+and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be
+very useful. Applications may wish to specify a different "legacy" chain
+for earlier versions of TLS or DTLS.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_cert_cb(3)>,
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_clear.pod b/openssl-1.1.0h/doc/ssl/SSL_clear.pod
new file mode 100644
index 0000000..ed0ad60
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_clear.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+SSL_clear - reset SSL object to allow another connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_clear(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Reset B<ssl> to allow another connection. All settings (method, ciphers,
+BIOs) are kept.
+
+=head1 NOTES
+
+SSL_clear is used to prepare an SSL object for a new connection. While all
+settings are kept, a side effect is the handling of the current SSL session.
+If a session is still B<open>, it is considered bad and will be removed
+from the session cache, as required by RFC2246. A session is considered open,
+if L<SSL_shutdown(3)> was not called for the connection
+or at least L<SSL_set_shutdown(3)> was used to
+set the SSL_SENT_SHUTDOWN state.
+
+If a session was closed cleanly, the session object will be kept and all
+settings corresponding. This explicitly means, that e.g. the special method
+used during the session will be kept for the next handshake. So if the
+session was a TLSv1 session, a SSL client object will use a TLSv1 client
+method for the next handshake and a SSL server object will use a TLSv1
+server method, even if TLS_*_methods were chosen on startup. This
+will might lead to connection failures (see L<SSL_new(3)>)
+for a description of the method's properties.
+
+=head1 WARNINGS
+
+SSL_clear() resets the SSL object to allow for another connection. The
+reset operation however keeps several settings of the last sessions
+(some of these settings were made automatically during the last
+handshake). It only makes sense for a new connection with the exact
+same peer that shares these settings, and may fail if that peer
+changes its settings between connections. Use the sequence
+L<SSL_get_session(3)>;
+L<SSL_new(3)>;
+L<SSL_set_session(3)>;
+L<SSL_free(3)>
+instead to avoid such failures
+(or simply L<SSL_free(3)>; L<SSL_new(3)>
+if session reuse is not desired).
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The SSL_clear() operation could not be performed. Check the error stack to
+find out the reason.
+
+=item Z<>1
+
+The SSL_clear() operation was successful.
+
+=back
+
+L<SSL_new(3)>, L<SSL_free(3)>,
+L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
+L<SSL_CTX_set_options(3)>, L<ssl(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_connect.pod b/openssl-1.1.0h/doc/ssl/SSL_connect.pod
new file mode 100644
index 0000000..df198f9
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_connect.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_connect(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_connect() initiates the TLS/SSL handshake with a server. The communication
+channel must already have been set and assigned to the B<ssl> by setting an
+underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_connect() depends on the underlying BIO.
+
+If the underlying BIO is B<blocking>, SSL_connect() will only return once the
+handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_connect() will also return
+when the underlying BIO could not satisfy the needs of SSL_connect()
+to continue the handshake, indicating the problem by the return value -1.
+In this case a call to SSL_get_error() with the
+return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_connect().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful, because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_accept(3)>,
+L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>,
+L<SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)>,
+L<SSL_CTX_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_do_handshake.pod b/openssl-1.1.0h/doc/ssl/SSL_do_handshake.pod
new file mode 100644
index 0000000..ffb71cc
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_do_handshake.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+SSL_do_handshake - perform a TLS/SSL handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_do_handshake(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
+connection is in client mode, the handshake will be started. The handshake
+routines may have to be explicitly set in advance using either
+L<SSL_set_connect_state(3)> or
+L<SSL_set_accept_state(3)>.
+
+=head1 NOTES
+
+The behaviour of SSL_do_handshake() depends on the underlying BIO.
+
+If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
+once the handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
+when the underlying BIO could not satisfy the needs of SSL_do_handshake()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_do_handshake().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item Z<>1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_connect(3)>,
+L<SSL_accept(3)>, L<ssl(3)>, L<bio(3)>,
+L<SSL_set_connect_state(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_export_keying_material.pod b/openssl-1.1.0h/doc/ssl/SSL_export_keying_material.pod
new file mode 100644
index 0000000..ccb99ec
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_export_keying_material.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+SSL_export_keying_material - obtain keying material for application use
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context);
+
+=head1 DESCRIPTION
+
+During the creation of a TLS or DTLS connection shared keying material is
+established between the two endpoints. The function SSL_export_keying_material()
+enables an application to use some of this keying material for its own purposes
+in accordance with RFC5705.
+
+An application may need to securely establish the context within which this
+keying material will be used. For example this may include identifiers for the
+application session, application algorithms or parameters, or the lifetime of
+the context. The context value is left to the application but must be the same
+on both sides of the communication.
+
+For a given SSL connection B<s>, B<olen> bytes of data will be written to
+B<out>. The application specific context should be supplied in the location
+pointed to by B<context> and should be B<contextlen> bytes long. Provision of
+a context is optional. If the context should be omitted entirely then
+B<use_context> should be set to 0. Otherwise it should be any other value. If
+B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
+Note that a zero length context is treated differently to no context at all, and
+will result in different keying material being returned.
+
+An application specific label should be provided in the location pointed to by
+B<label> and should be B<llen> bytes long. Typically this will be a value from
+the IANA Exporter Label Registry
+(L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
+Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
+to be used without registration.
+
+Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
+above. Attempting to use it in SSLv3 will result in an error.
+
+=head1 RETURN VALUES
+
+SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_extension_supported.pod b/openssl-1.1.0h/doc/ssl/SSL_extension_supported.pod
new file mode 100644
index 0000000..166c35a
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_extension_supported.pod
@@ -0,0 +1,145 @@
+=pod
+
+=head1 NAME
+
+SSL_extension_supported,
+SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext,
+custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb
+- custom TLS extension handling
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
+
+ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
+
+ int SSL_extension_supported(unsigned int ext_type);
+
+ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                  const unsigned char **out,
+                                  size_t *outlen, int *al,
+                                  void *add_arg);
+
+ typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *out,
+                                    void *add_arg);
+
+ typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *in,
+                                    size_t inlen, int *al,
+                                    void *parse_arg);
+
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client
+with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
+B<parse_cb>.
+
+SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server
+with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
+B<parse_cb>.
+
+In both cases the extension type must not be handled by OpenSSL internally
+or an error occurs.
+
+SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
+internally by OpenSSL and 0 otherwise.
+
+=head1 EXTENSION CALLBACKS
+
+The callback B<add_cb> is called to send custom extension data to be
+included in ClientHello for TLS clients or ServerHello for servers. The
+B<ext_type> parameter is set to the extension type which will be added and
+B<add_arg> to the value set when the extension handler was added.
+
+If the application wishes to include the extension B<ext_type> it should
+set B<*out> to the extension data, set B<*outlen> to the length of the
+extension data and return 1.
+
+If the B<add_cb> does not wish to include the extension it must return 0.
+
+If B<add_cb> returns -1 a fatal handshake error occurs using the TLS
+alert value specified in B<*al>.
+
+For clients (but not servers) if B<add_cb> is set to NULL a zero length
+extension is added for B<ext_type>.
+
+For clients every registered B<add_cb> is always called to see if the
+application wishes to add an extension to ClientHello.
+
+For servers every registered B<add_cb> is called once if and only if the
+corresponding extension was received in ClientHello to see if the application
+wishes to add the extension to ServerHello. That is, if no corresponding extension
+was received in ClientHello then B<add_cb> will not be called.
+
+If an extension is added (that is B<add_cb> returns 1) B<free_cb> is called
+(if it is set) with the value of B<out> set by the add callback. It can be
+used to free up any dynamic extension data set by B<add_cb>. Since B<out> is
+constant (to permit use of constant data in B<add_cb>) applications may need to
+cast away const to free the data.
+
+The callback B<parse_cb> receives data for TLS extensions. For TLS clients
+the extension data will come from ServerHello and for TLS servers it will
+come from ClientHello.
+
+The extension data consists of B<inlen> bytes in the buffer B<in> for the
+extension B<extension_type>.
+
+If the B<parse_cb> considers the extension data acceptable it must return
+1. If it returns 0 or a negative value a fatal handshake error occurs
+using the TLS alert value specified in B<*al>.
+
+The buffer B<in> is a temporary internal buffer which will not be valid after
+the callback returns.
+
+=head1 NOTES
+
+The B<add_arg> and B<parse_arg> parameters can be set to arbitrary values
+which will be passed to the corresponding callbacks. They can, for example,
+be used to store the extension data received in a convenient structure or
+pass the extension data to be added or freed when adding extensions.
+
+The B<ext_type> parameter corresponds to the B<extension_type> field of
+RFC5246 et al. It is B<not> a NID.
+
+If the same custom extension type is received multiple times a fatal
+B<decode_error> alert is sent and the handshake aborts. If a custom extension
+is received in ServerHello which was not sent in ClientHello a fatal
+B<unsupported_extension> alert is sent and the handshake is aborted. The
+ServerHello B<add_cb> callback is only called if the corresponding extension
+was received in ClientHello. This is compliant with the TLS specifications.
+This behaviour ensures that each callback is called at most once and that
+an application can never send unsolicited extensions.
+
+=head1 RETURN VALUES
+
+SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for
+success and 0 for failure. A failure can occur if an attempt is made to
+add the same B<ext_type> more than once, if an attempt is made to use an
+extension type handled internally by OpenSSL or if an internal error occurs
+(for example a memory allocation failure).
+
+SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
+internally by OpenSSL and 0 otherwise.
+
+=head1 COPYRIGHT
+
+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_free.pod b/openssl-1.1.0h/doc/ssl/SSL_free.pod
new file mode 100644
index 0000000..eb69a16
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_free.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_free - free an allocated SSL structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_free(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_free() decrements the reference count of B<ssl>, and removes the SSL
+structure pointed to by B<ssl> and frees up the allocated memory if the
+reference count has reached 0.
+If B<ssl> is NULL nothing is done.
+
+=head1 NOTES
+
+SSL_free() also calls the free()ing procedures for indirectly affected items, if
+applicable: the buffering BIO, the read and write BIOs,
+cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
+Do not explicitly free these indirectly freed up items before or after
+calling SSL_free(), as trying to free things twice may lead to program
+failure.
+
+The ssl session has reference counts from two users: the SSL object, for
+which the reference count is removed by SSL_free() and the internal
+session cache. If the session is considered bad, because
+L<SSL_shutdown(3)> was not called for the connection
+and L<SSL_set_shutdown(3)> was not used to set the
+SSL_SENT_SHUTDOWN state, the session will also be removed
+from the session cache as required by RFC2246.
+
+=head1 RETURN VALUES
+
+SSL_free() does not provide diagnostic information.
+
+L<SSL_new(3)>, L<SSL_clear(3)>,
+L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get0_peer_scts.pod b/openssl-1.1.0h/doc/ssl/SSL_get0_peer_scts.pod
new file mode 100644
index 0000000..05d39fe
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get0_peer_scts.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+SSL_get0_peer_scts - get SCTs received
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+=head1 DESCRIPTION
+
+SSL_get0_peer_scts() returns the signed certificate timestamps (SCTs) that have
+been received. If this is the first time that this function has been called for
+a given B<SSL> instance, it will examine the TLS extensions, OCSP response and
+the peer's certificate for SCTs. Future calls will return the same SCTs.
+
+=head1 RESTRICTIONS
+
+If no Certificate Transparency validation callback has been set (using
+B<SSL_CTX_set_ct_validation_callback> or B<SSL_set_ct_validation_callback>),
+this function is not guaranteed to return all of the SCTs that the peer is
+capable of sending.
+
+=head1 RETURN VALUES
+
+SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_ct_validation_callback(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_SSL_CTX.pod b/openssl-1.1.0h/doc/ssl/SSL_get_SSL_CTX.pod
new file mode 100644
index 0000000..98b9bc6
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_SSL_CTX.pod
@@ -0,0 +1,35 @@
+=pod
+
+=head1 NAME
+
+SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
+B<ssl> was created with L<SSL_new(3)>.
+
+=head1 RETURN VALUES
+
+The pointer to the SSL_CTX object is returned.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_all_async_fds.pod b/openssl-1.1.0h/doc/ssl/SSL_get_all_async_fds.pod
new file mode 100644
index 0000000..b4fa4ee
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_all_async_fds.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+SSL_waiting_for_async,
+SSL_get_all_async_fds,
+SSL_get_changed_async_fds
+- manage asynchronous operations
+
+=for comment multiple includes
+
+=head1 SYNOPSIS
+
+ #include <openssl/async.h>
+ #include <openssl/ssl.h>
+
+ int SSL_waiting_for_async(SSL *s);
+ int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds);
+ int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                               OSSL_ASYNC_FD *delfd, size_t *numdelfds);
+
+=head1 DESCRIPTION
+
+SSL_waiting_for_async() determines whether an SSL connection is currently
+waiting for asynchronous operations to complete (see the SSL_MODE_ASYNC mode in
+L<SSL_CTX_set_mode(3)>).
+
+SSL_get_all_async_fds() returns a list of file descriptor which can be used in a
+call to select() or poll() to determine whether the current asynchronous
+operation has completed or not. A completed operation will result in data
+appearing as "read ready" on the file descriptor (no actual data should be read
+from the file descriptor). This function should only be called if the SSL object
+is currently waiting for asynchronous work to complete (i.e.
+SSL_ERROR_WANT_ASYNC has been received - see L<SSL_get_error(3)>). Typically the
+list will only contain one file descriptor. However if multiple asynchronous
+capable engines are in use then more than one is possible. The number of file
+descriptors returned is stored in B<*numfds> and the file descriptors themselves
+are in B<*fds>. The B<fds> parameter may be NULL in which case no file
+descriptors are returned but B<*numfds> is still populated. It is the callers
+responsibility to ensure sufficient memory is allocated at B<*fds> so typically
+this function is called twice (once with a NULL B<fds> parameter and once
+without).
+
+SSL_get_changed_async_fds() returns a list of the asynchronous file descriptors
+that have been added and a list that have been deleted since the last
+SSL_ERROR_WANT_ASYNC was received (or since the SSL object was created if no
+SSL_ERROR_WANT_ASYNC has been received). Similar to SSL_get_all_async_fds() it
+is the callers responsibility to ensure that B<*addfd> and B<*delfd> have
+sufficient memory allocated, although they may be NULL. The number of added fds
+and the number of deleted fds are stored in B<*numaddfds> and B<*numdelfds>
+respectively.
+
+=head1 RETURN VALUES
+
+SSL_waiting_for_async() will return 1 if the current SSL operation is waiting
+for an async operation to complete and 0 otherwise.
+
+SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
+0 on error.
+
+=head1 NOTES
+
+On Windows platforms the openssl/async.h header is dependent on some
+of the types customarily made available by including windows.h. The
+application developer is likely to require control over when the latter
+is included, commonly as one of the first included headers. Therefore
+it is defined as an application developer's responsibility to include
+windows.h prior to async.h.
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
+
+=head1 HISTORY
+
+SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds()
+were first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_ciphers.pod b/openssl-1.1.0h/doc/ssl/SSL_get_ciphers.pod
new file mode 100644
index 0000000..cc55095
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_ciphers.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+SSL_get1_supported_ciphers, SSL_get_client_ciphers,
+SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list
+- get list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+ STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
+ const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+
+=head1 DESCRIPTION
+
+SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
+sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
+is returned.
+
+SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>.
+
+SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for
+B<ssl>, sorted by preference.
+The list depends on settings like the cipher list, the supported protocol
+versions, the security level, and the enabled signature algorithms.
+SRP and PSK ciphers are only enabled if the appropriate callbacks or settings
+have been applied.
+This is the list that will be sent by the client to the server.
+The list supported by the server might include more ciphers in case there is a
+hole in the list of supported protocols.
+The server will also not use ciphers from this list depending on the
+configured certificates and DH parameters.
+If B<ssl> is NULL or no ciphers are available, NULL is returned.
+
+SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the
+list received from the client on B<ssl>. If B<ssl> is NULL, no ciphers are
+available, or B<ssl> is not operating in server mode, NULL is returned.
+
+SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
+listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
+available, or there are less ciphers than B<priority> available, NULL
+is returned.
+
+=head1 NOTES
+
+The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers()
+SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using
+the L<SSL_CIPHER_get_name(3)> family of functions.
+
+Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
+sorted list of available ciphers, until NULL is returned.
+
+Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers()
+return a pointer to an internal cipher stack, which will be freed later on when
+the SSL or SSL_SESSION object is freed.  Therefore, the calling code B<MUST NOT>
+free the return value itself.
+
+The stack returned by SSL_get1_supported_ciphers() should be freed using
+sk_SSL_CIPHER_free().
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CIPHER_get_name(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_client_CA_list.pod b/openssl-1.1.0h/doc/ssl/SSL_get_client_CA_list.pod
new file mode 100644
index 0000000..b6092fe
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_client_CA_list.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
+B<ctx> using L<SSL_CTX_set_client_CA_list(3)>.
+
+SSL_get_client_CA_list() returns the list of client CAs explicitly
+set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
+L<SSL_CTX_set_client_CA_list(3)>, when in
+server mode. In client mode, SSL_get_client_CA_list returns the list of
+client CAs sent from the server, if any.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
+diagnostic information.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
+values:
+
+=over 4
+
+=item STACK_OF(X509_NAMES)
+
+List of CA names explicitly set (for B<ctx> or in server mode) or send
+by the server (client mode).
+
+=item NULL
+
+No client CA list was explicitly set (for B<ctx> or in server mode) or
+the server did not send a list of CAs (client mode).
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_client_random.pod b/openssl-1.1.0h/doc/ssl/SSL_get_client_random.pod
new file mode 100644
index 0000000..46a2aa3
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_client_random.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);
+
+=head1 DESCRIPTION
+
+SSL_get_client_random() extracts the random value sent from the client
+to the server during the initial SSL/TLS handshake.  It copies as many
+bytes as it can of this value into the buffer provided in B<out>,
+which must have at least B<outlen> bytes available. It returns the
+total number of bytes that were actually copied.  If B<outlen> is
+zero, SSL_get_client_random() copies nothing, and returns the
+total size of the client_random value.
+
+SSL_get_server_random() behaves the same, but extracts the random value
+sent from the server to the client during the initial SSL/TLS handshake.
+
+SSL_SESSION_get_master_key() behaves the same, but extracts the master
+secret used to guarantee the security of the SSL/TLS session.  This one
+can be dangerous if misused; see NOTES below.
+
+
+=head1 NOTES
+
+You probably shouldn't use these functions.
+
+These functions expose internal values from the TLS handshake, for
+use in low-level protocols.  You probably should not use them, unless
+you are implementing something that needs access to the internal protocol
+details.
+
+Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
+ARE NOT random number generators.  Instead, they return the mostly-random values that
+were already generated and used in the TLS protocol.  Using them
+in place of RAND_bytes() would be grossly foolish.
+
+The security of your TLS session depends on keeping the master key secret:
+do not expose it, or any information about it, to anybody.
+If you need to calculate another secret value that depends on the master
+secret, you should probably use SSL_export_keying_material() instead, and
+forget that you ever saw these functions.
+
+In current versions of the TLS protocols, the length of client_random
+(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for
+other outlen arguments to the SSL_get_*_random() functions is provided
+in case of the unlikely event that a future version or variant of TLS
+uses some other length there.
+
+Finally, though the "client_random" and "server_random" values are called
+"random", many TLS implementations will generate four bytes of those
+values based on their view of the current time.
+
+
+=head1 RETURN VALUES
+
+If B<outlen> is greater than 0, these functions return the number of bytes
+actually copied, which will be less than or equal to B<outlen>.
+
+If B<outlen> is 0, these functions return the maximum number
+of bytes they would copy--that is, the length of the underlying field.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<RAND_bytes(3)>,
+L<SSL_export_keying_material(3)>
+
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_current_cipher.pod b/openssl-1.1.0h/doc/ssl/SSL_get_current_cipher.pod
new file mode 100644
index 0000000..87cecb0
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_current_cipher.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher,
+SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+
+ const char *SSL_get_cipher_name(const SSL *s);
+ const char *SSL_get_cipher(const SSL *s);
+ int SSL_get_cipher_bits(const SSL *s, int *np) \
+ const char *SSL_get_cipher_version(const SSL *s);
+
+=head1 DESCRIPTION
+
+SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
+the description of the actually used cipher of a connection established with
+the B<ssl> object.
+See L<SSL_CIPHER_get_name(3)> for more details.
+
+SSL_get_cipher_name() obtains the
+name of the currently used cipher.
+SSL_get_cipher() is identical to SSL_get_cipher_name().
+SSL_get_cipher_bits() is a
+macro to obtain the number of secret/algorithm bits used and
+SSL_get_cipher_version() returns the protocol name.
+
+=head1 RETURN VALUES
+
+SSL_get_current_cipher() returns the cipher actually used, or NULL if
+no session has been established.
+
+=head1 NOTES
+
+These are implemented as macros.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CIPHER_get_name(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_default_timeout.pod b/openssl-1.1.0h/doc/ssl/SSL_get_default_timeout.pod
new file mode 100644
index 0000000..875d38a
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_default_timeout.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+SSL_get_default_timeout - get default session timeout value
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_default_timeout(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_default_timeout() returns the default timeout value assigned to
+SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
+
+=head1 NOTES
+
+Whenever a new session is negotiated, it is assigned a timeout value,
+after which it will not be accepted for session reuse. If the timeout
+value was not explicitly set using
+L<SSL_CTX_set_timeout(3)>, the hardcoded default
+timeout for the protocol will be used.
+
+SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
+for all currently supported protocols.
+
+=head1 RETURN VALUES
+
+See description.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_CTX_flush_sessions(3)>,
+L<SSL_get_default_timeout(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_error.pod b/openssl-1.1.0h/doc/ssl/SSL_get_error.pod
new file mode 100644
index 0000000..47d2358
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_error.pod
@@ -0,0 +1,143 @@
+=pod
+
+=head1 NAME
+
+SSL_get_error - obtain result code for TLS/SSL I/O operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_error(const SSL *ssl, int ret);
+
+=head1 DESCRIPTION
+
+SSL_get_error() returns a result code (suitable for the C "switch"
+statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
+SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
+that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+B<ret>.
+
+In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
+current thread's OpenSSL error queue.  Thus, SSL_get_error() must be
+used in the same thread that performed the TLS/SSL I/O operation, and no
+other OpenSSL function calls should appear in between.  The current
+thread's error queue must be empty before the TLS/SSL I/O operation is
+attempted, or SSL_get_error() will not work reliably.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item SSL_ERROR_NONE
+
+The TLS/SSL I/O operation completed.  This result code is returned
+if and only if B<ret E<gt> 0>.
+
+=item SSL_ERROR_ZERO_RETURN
+
+The TLS/SSL connection has been closed.
+If the protocol version is SSL 3.0 or higher, this result code is returned only
+if a closure alert has occurred in the protocol, i.e. if the connection has been
+closed cleanly.
+Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
+indicate that the underlying transport has been closed.
+
+
+=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
+
+The operation did not complete; the same TLS/SSL I/O function should be
+called again later.  If, by then, the underlying B<BIO> has data
+available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
+or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
+protocol progress will take place, i.e. at least part of an TLS/SSL
+record will be read or written.  Note that the retry may again lead to
+a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
+There is no fixed upper limit for the number of iterations that
+may be necessary until progress becomes visible at application
+protocol level.
+
+For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
+poll() on the underlying socket can be used to find out when the
+TLS/SSL I/O function should be retried.
+
+Caveat: Any TLS/SSL I/O function can lead to either of
+B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>.  In particular,
+SSL_read() or SSL_peek() may want to write data and SSL_write() may want
+to read data.  This is mainly because TLS/SSL handshakes may occur at any
+time during the protocol (initiated by either the client or the server);
+SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
+
+=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
+
+The operation did not complete; the same TLS/SSL I/O function should be
+called again later. The underlying BIO was not connected yet to the peer
+and the call would block in connect()/accept(). The SSL function should be
+called again when the connection is established. These messages can only
+appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
+In order to find out, when the connection has been successfully established,
+on many platforms select() or poll() for writing on the socket file descriptor
+can be used.
+
+=item SSL_ERROR_WANT_X509_LOOKUP
+
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+The TLS/SSL I/O function should be called again later.
+Details depend on the application.
+
+=item SSL_ERROR_WANT_ASYNC
+
+The operation did not complete because an asynchronous engine is still
+processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC
+using L<SSL_CTX_set_mode(3)> or L<SSL_set_mode(3)> and an asynchronous capable
+engine is being used. An application can determine whether the engine has
+completed its processing using select() or poll() on the asynchronous wait file
+descriptor. This file descriptor is available by calling
+L<SSL_get_all_async_fds(3)> or L<SSL_get_changed_async_fds(3)>. The TLS/SSL I/O
+function should be called again later. The function B<must> be called from the
+same thread that the original call was made from.
+
+=item SSL_ERROR_WANT_ASYNC_JOB
+
+The asynchronous job could not be started because there were no async jobs
+available in the pool (see ASYNC_init_thread(3)). This will only occur if the
+mode has been set to SSL_MODE_ASYNC using L<SSL_CTX_set_mode(3)> or
+L<SSL_set_mode(3)> and a maximum limit has been set on the async job pool
+through a call to L<ASYNC_init_thread(3)>. The application should retry the
+operation after a currently executing asynchronous operation for the current
+thread has completed.
+
+=item SSL_ERROR_SYSCALL
+
+Some non-recoverable I/O error occurred.
+The OpenSSL error queue may contain more information on the error.
+For socket I/O on Unix systems, consult B<errno> for details.
+
+=item SSL_ERROR_SSL
+
+A failure in the SSL library occurred, usually a protocol error.  The
+OpenSSL error queue contains more information on the error.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<err(3)>
+
+=head1 HISTORY
+
+SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_extms_support.pod b/openssl-1.1.0h/doc/ssl/SSL_get_extms_support.pod
new file mode 100644
index 0000000..ba4de3a
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_extms_support.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+SSL_get_extms_support - extended master secret support
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_extms_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_extms_support() indicates whether the current session used extended
+master secret.
+
+This function is implemented as a macro.
+
+=head1 RETURN VALUES
+
+SSL_get_extms_support() returns 1 if the current session used extended
+master secret, 0 if it did not and -1 if a handshake is currently in
+progress i.e. it is not possible to determine if extended master secret
+was used.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_fd.pod b/openssl-1.1.0h/doc/ssl/SSL_get_fd.pod
new file mode 100644
index 0000000..cd5b6ec
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_fd.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_fd(const SSL *ssl);
+ int SSL_get_rfd(const SSL *ssl);
+ int SSL_get_wfd(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_fd() returns the file descriptor which is linked to B<ssl>.
+SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the
+read or the write channel, which can be different. If the read and the
+write channel are different, SSL_get_fd() will return the file descriptor
+of the read channel.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item -1
+
+The operation failed, because the underlying BIO is not of the correct type
+(suitable for file descriptors).
+
+=item E<gt>=0
+
+The file descriptor linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_fd(3)>, L<ssl(3)> , L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_peer_cert_chain.pod b/openssl-1.1.0h/doc/ssl/SSL_get_peer_cert_chain.pod
new file mode 100644
index 0000000..f122124
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
+chain of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+ STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates
+forming the certificate chain sent by the peer. If called on the client side,
+the stack also contains the peer's certificate; if called on the server
+side, the peer's certificate must be obtained separately using
+L<SSL_get_peer_certificate(3)>.
+If the peer did not present a certificate, NULL is returned.
+
+NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it
+only consists of certificates the peer has sent (in the order the peer
+has sent them) it is B<not> a verified chain.
+
+SSL_get0_verified_chain() returns the B<verified> certificate chain
+of the peer including the peer's end entity certificate. It must be called
+after a session has been successfully established. If peer verification was
+not successful (as indicated by SSL_get_verify_result() not returning
+X509_V_OK) the chain may be incomplete or invalid.
+
+=head1 NOTES
+
+If the session is resumed peers do not send certificates so a NULL pointer
+is returned by these functions. Applications can call SSL_session_reused()
+to determine whether a session is resumed.
+
+The reference count of each certificate in the returned STACK_OF(X509) object
+is not incremented and the returned stack may be invalidated by renegotiation.
+If applications wish to use any certificates in the returned chain
+indefinitely they must increase the reference counts using X509_up_ref() or
+obtain a copy of the whole chain with X509_chain_up_ref().
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established
+or the certificate chain is no longer available when a session is reused.
+
+=item Pointer to a STACK_OF(X509)
+
+The return value points to the certificate chain presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_peer_certificate(3)>, L<X509_up_ref(3)>,
+L<X509_chain_up_ref(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_peer_certificate.pod b/openssl-1.1.0h/doc/ssl/SSL_get_peer_certificate.pod
new file mode 100644
index 0000000..57ed272
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_peer_certificate.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_certificate - get the X509 certificate of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509 *SSL_get_peer_certificate(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_certificate() returns a pointer to the X509 certificate the
+peer presented. If the peer did not present a certificate, NULL is returned.
+
+=head1 NOTES
+
+Due to the protocol definition, a TLS/SSL server will always send a
+certificate, if present. A client will only send a certificate when
+explicitly requested to do so by the server (see
+L<SSL_CTX_set_verify(3)>). If an anonymous cipher
+is used, no certificates are sent.
+
+That a certificate is returned does not indicate information about the
+verification state, use L<SSL_get_verify_result(3)>
+to check the verification state.
+
+The reference count of the X509 object is incremented by one, so that it
+will not be destroyed when the session containing the peer certificate is
+freed. The X509 object must be explicitly freed using X509_free().
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established.
+
+=item Pointer to an X509 certificate
+
+The return value points to the certificate presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_verify_result(3)>,
+L<SSL_CTX_set_verify(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_psk_identity.pod b/openssl-1.1.0h/doc/ssl/SSL_get_psk_identity.pod
new file mode 100644
index 0000000..d330eee
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_psk_identity.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_get_psk_identity_hint(const SSL *ssl);
+ const char *SSL_get_psk_identity(const SSL *ssl);
+
+
+=head1 DESCRIPTION
+
+SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint
+used during the connection setup related to SSL object
+B<ssl>. Similarly, SSL_get_psk_identity() is used to retrieve the PSK
+identity used during the connection setup.
+
+
+=head1 RETURN VALUES
+
+If non-B<NULL>, SSL_get_psk_identity_hint() returns the PSK identity
+hint and SSL_get_psk_identity() returns the PSK identity. Both are
+B<NULL>-terminated. SSL_get_psk_identity_hint() may return B<NULL> if
+no PSK identity hint was used during the connection setup.
+
+Note that the return value is valid only during the lifetime of the
+SSL object B<ssl>.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+Copyright 2005 Nokia.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_rbio.pod b/openssl-1.1.0h/doc/ssl/SSL_get_rbio.pod
new file mode 100644
index 0000000..5ac4ca2
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_rbio.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ BIO *SSL_get_rbio(SSL *ssl);
+ BIO *SSL_get_wbio(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the
+read or the write channel, which can be different. The reference count
+of the BIO is not incremented.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No BIO was connected to the SSL object
+
+=item Any other pointer
+
+The BIO linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)>, L<ssl(3)> , L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_session.pod b/openssl-1.1.0h/doc/ssl/SSL_get_session.pod
new file mode 100644
index 0000000..99936ad
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_session.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *SSL_get_session(const SSL *ssl);
+ SSL_SESSION *SSL_get0_session(const SSL *ssl);
+ SSL_SESSION *SSL_get1_session(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
+B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
+that the pointer can become invalid by other operations.
+
+SSL_get0_session() is the same as SSL_get_session().
+
+SSL_get1_session() is the same as SSL_get_session(), but the reference
+count of the B<SSL_SESSION> is incremented by one.
+
+=head1 NOTES
+
+The ssl session contains all information required to re-establish the
+connection without a new handshake.
+
+SSL_get0_session() returns a pointer to the actual session. As the
+reference counter is not incremented, the pointer is only valid while
+the connection is in use. If L<SSL_clear(3)> or
+L<SSL_free(3)> is called, the session may be removed completely
+(if considered bad), and the pointer obtained will become invalid. Even
+if the session is valid, it can be removed at any time due to timeout
+during L<SSL_CTX_flush_sessions(3)>.
+
+If the data is to be kept, SSL_get1_session() will increment the reference
+count, so that the session will not be implicitly removed by other operations
+but stays in memory. In order to remove the session
+L<SSL_SESSION_free(3)> must be explicitly called once
+to decrement the reference count again.
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+There is no session available in B<ssl>.
+
+=item Pointer to an SSL_SESSION
+
+The return value points to the data of an SSL session.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_free(3)>,
+L<SSL_clear(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_shared_sigalgs.pod b/openssl-1.1.0h/doc/ssl/SSL_get_shared_sigalgs.pod
new file mode 100644
index 0000000..6a70e90
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_shared_sigalgs.pod
@@ -0,0 +1,86 @@
+=pod
+
+=head1 NAME
+
+SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_shared_sigalgs(SSL *s, int idx,
+                            int *psign, int *phash, int *psignhash,
+                            unsigned char *rsig, unsigned char *rhash);
+
+ int SSL_get_sigalgs(SSL *s, int idx,
+                     int *psign, int *phash, int *psignhash,
+                     unsigned char *rsig, unsigned char *rhash);
+
+=head1 DESCRIPTION
+
+SSL_get_shared_sigalgs() returns information about the shared signature
+algorithms supported by peer B<s>. The parameter B<idx> indicates the index
+of the shared signature algorithm to return starting from zero. The signature
+algorithm NID is written to B<*psign>, the hash NID to B<*phash> and the
+sign and hash NID to B<*psignhash>. The raw signature and hash values
+are written to B<*rsig> and B<*rhash>.
+
+SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns
+information about all signature algorithms supported by B<s> in the order
+they were sent by the peer.
+
+=head1 RETURN VALUES
+
+SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of
+signature algorithms or B<0> if the B<idx> parameter is out of range.
+
+=head1 NOTES
+
+These functions are typically called for debugging purposes (to report
+the peer's preferences) or where an application wants finer control over
+certificate selection. Most applications will rely on internal handling
+and will not need to call them.
+
+If an application is only interested in the highest preference shared
+signature algorithm it can just set B<idx> to zero.
+
+Any or all of the parameters B<psign>, B<phash>, B<psignhash>, B<rsig> or
+B<rhash> can be set to B<NULL> if the value is not required. By setting
+them all to B<NULL> and setting B<idx> to zero the total number of
+signature algorithms can be determined: which can be zero.
+
+These functions must be called after the peer has sent a list of supported
+signature algorithms: after a client hello (for servers) or a certificate
+request (for clients). They can (for example) be called in the certificate
+callback.
+
+Only TLS 1.2 and DTLS 1.2 currently support signature algorithms. If these
+functions are called on an earlier version of TLS or DTLS zero is returned.
+
+The shared signature algorithms returned by SSL_get_shared_sigalgs() are
+ordered according to configuration and peer preferences.
+
+The raw values correspond to the on the wire form as defined by RFC5246 et al.
+The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and
+rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig>
+NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption.
+
+If a signature algorithm is not recognised the corresponding NIDs
+will be set to B<NID_undef>. This may be because the value is not supported
+or is not an appropriate combination (for example MD5 and DSA).
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_cert_cb(3)>,
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_verify_result.pod b/openssl-1.1.0h/doc/ssl/SSL_get_verify_result.pod
new file mode 100644
index 0000000..3b8b657
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_verify_result.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+SSL_get_verify_result - get result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_verify_result(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_verify_result() returns the result of the verification of the
+X509 certificate presented by the peer, if any.
+
+=head1 NOTES
+
+SSL_get_verify_result() can only return one error code while the verification
+of a certificate can fail because of many reasons at the same time. Only
+the last verification error that occurred during the processing is available
+from SSL_get_verify_result().
+
+The verification result is part of the established session and is restored
+when a session is reused.
+
+=head1 BUGS
+
+If no peer certificate was presented, the returned result code is
+X509_V_OK. This is because no verification error occurred, it does however
+not indicate success. SSL_get_verify_result() is only useful in connection
+with L<SSL_get_peer_certificate(3)>.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item X509_V_OK
+
+The verification succeeded or no peer certificate was presented.
+
+=item Any other value
+
+Documented in L<verify(1)>.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_set_verify_result(3)>,
+L<SSL_get_peer_certificate(3)>,
+L<verify(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_get_version.pod b/openssl-1.1.0h/doc/ssl/SSL_get_version.pod
new file mode 100644
index 0000000..23b6497
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_get_version.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+SSL_get_version, SSL_is_dtls - get the protocol information of a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_get_version(const SSL *ssl);
+
+ int SSL_is_dtls(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_version() returns the name of the protocol used for the
+connection B<ssl>.
+
+SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
+
+=head1 RETURN VALUES
+
+SSL_get_version() returns one of the following strings:
+
+=over 4
+
+=item SSLv3
+
+The connection uses the SSLv3 protocol.
+
+=item TLSv1
+
+The connection uses the TLSv1.0 protocol.
+
+=item TLSv1.1
+
+The connection uses the TLSv1.1 protocol.
+
+=item TLSv1.2
+
+The connection uses the TLSv1.2 protocol.
+
+=item unknown
+
+This indicates that no version has been set (no connection established).
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_is_dtls() was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_library_init.pod b/openssl-1.1.0h/doc/ssl/SSL_library_init.pod
new file mode 100644
index 0000000..85768a1
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_library_init.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_library_init, OpenSSL_add_ssl_algorithms
+- initialize SSL library by registering algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_library_init(void);
+
+ int OpenSSL_add_ssl_algorithms(void);
+
+=head1 DESCRIPTION
+
+SSL_library_init() registers the available SSL/TLS ciphers and digests.
+
+OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is
+implemented as a macro.
+
+=head1 NOTES
+
+SSL_library_init() must be called before any other action takes place.
+SSL_library_init() is not reentrant.
+
+=head1 WARNING
+
+SSL_library_init() adds ciphers and digests used directly and indirectly by
+SSL/TLS.
+
+=head1 RETURN VALUES
+
+SSL_library_init() always returns "1", so it is safe to discard the return
+value.
+
+=head1 SEE ALSO
+
+L<ssl(7)>,
+L<RAND_add(3)>
+
+=head1 HISTORY
+
+The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were
+deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_load_client_CA_file.pod b/openssl-1.1.0h/doc/ssl/SSL_load_client_CA_file.pod
new file mode 100644
index 0000000..cc6a19c
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_load_client_CA_file.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+SSL_load_client_CA_file - load certificate names from file
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+
+=head1 DESCRIPTION
+
+SSL_load_client_CA_file() reads certificates from B<file> and returns
+a STACK_OF(X509_NAME) with the subject names found.
+
+=head1 NOTES
+
+SSL_load_client_CA_file() reads a file of PEM formatted certificates and
+extracts the X509_NAMES of the certificates found. While the name suggests
+the specific usage as support function for
+L<SSL_CTX_set_client_CA_list(3)>,
+it is not limited to CA certificates.
+
+=head1 EXAMPLES
+
+Load names of CAs from file and use it as a client CA list:
+
+ SSL_CTX *ctx;
+ STACK_OF(X509_NAME) *cert_names;
+
+ ...
+ cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+ if (cert_names != NULL)
+   SSL_CTX_set_client_CA_list(ctx, cert_names);
+ else
+   error_handling();
+ ...
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The operation failed, check out the error stack for the reason.
+
+=item Pointer to STACK_OF(X509_NAME)
+
+Pointer to the subject names of the successfully read certificates.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_new.pod b/openssl-1.1.0h/doc/ssl/SSL_new.pod
new file mode 100644
index 0000000..a5a3ff9
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_new.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+SSL_new, SSL_up_ref - create a new SSL structure for a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL *SSL_new(SSL_CTX *ctx);
+ int SSL_up_ref(SSL *s);
+
+=head1 DESCRIPTION
+
+SSL_new() creates a new B<SSL> structure which is needed to hold the
+data for a TLS/SSL connection. The new structure inherits the settings
+of the underlying context B<ctx>: connection method,
+options, verification settings, timeout settings. An B<SSL> structure is
+reference counted. Creating an B<SSL> structure for the first time increments
+the reference count. Freeing it (using SSL_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the B<SSL>
+structure are freed. SSL_up_ref() increments the reference count for an
+existing B<SSL> structure.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL structure failed. Check the error stack to
+find out the reason.
+
+=item Pointer to an SSL structure
+
+The return value points to an allocated SSL structure.
+
+SSL_up_ref() returns 1 for success and 0 for failure.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_free(3)>, L<SSL_clear(3)>,
+L<SSL_CTX_set_options(3)>,
+L<SSL_get_SSL_CTX(3)>,
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_pending.pod b/openssl-1.1.0h/doc/ssl/SSL_pending.pod
new file mode 100644
index 0000000..f6ed565
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_pending.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+SSL_pending, SSL_has_pending - check for readable bytes buffered in an
+SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_pending(const SSL *ssl);
+ int SSL_has_pending(const SSL *s);
+
+=head1 DESCRIPTION
+
+Data is received in whole blocks known as records from the peer. A whole record
+is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is
+read by the application via a call to L<SSL_read(3)>.
+
+SSL_pending() returns the number of bytes which have been processed, buffered
+and are available inside B<ssl> for immediate read.
+
+If the B<SSL> object's I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)>), additional protocol bytes (beyond the current
+record) may have been read containing more TLS/SSL records. This also applies to
+DTLS and pipelining (see L<SSL_CTX_set_split_send_fragment(3)>). These
+additional bytes will be buffered by OpenSSL but will remain unprocessed until
+they are needed. As these bytes are still in an unprocessed state SSL_pending()
+will ignore them. Therefore it is possible for no more bytes to be readable from
+the underlying BIO (because OpenSSL has already read them) and for SSL_pending()
+to return 0, even though readable application data bytes are available (because
+the data is in unprocessed buffered records).
+
+SSL_has_pending() returns 1 if B<s> has buffered data (whether processed or
+unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to
+return 1, and then a subsequent call to SSL_read() to return no data because the
+unprocessed buffered data when processed yielded no application data (for
+example this can happen during renegotiation). It is also possible in this
+scenario for SSL_has_pending() to continue to return 1 even after an SSL_read()
+call because the buffered and unprocessed data is not yet processable (e.g.
+because OpenSSL has only received a partial record so far).
+
+=head1 RETURN VALUES
+
+SSL_pending() returns the number of buffered and processed application data
+bytes that are pending and are available for immediate read. SSL_has_pending()
+returns 1 if there is buffered record data in the SSL object and 0 otherwise.
+
+=head1 SEE ALSO
+
+L<SSL_read(3)>, L<SSL_CTX_set_read_ahead(3)>,
+L<SSL_CTX_set_split_send_fragment(3)>, L<ssl(3)>
+
+=head1 HISTORY
+
+The SSL_has_pending() function was added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_read.pod b/openssl-1.1.0h/doc/ssl/SSL_read.pod
new file mode 100644
index 0000000..20ccf40
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_read.pod
@@ -0,0 +1,121 @@
+=pod
+
+=head1 NAME
+
+SSL_read - read bytes from a TLS/SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_read(SSL *ssl, void *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
+buffer B<buf>.
+
+=head1 NOTES
+
+If necessary, SSL_read() will negotiate a TLS/SSL session, if
+not already explicitly performed by L<SSL_connect(3)> or
+L<SSL_accept(3)>. If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_read() operation. The behaviour of SSL_read() depends on the
+underlying BIO.
+
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is being done by calling
+L<SSL_set_connect_state(3)> or SSL_set_accept_state()
+before the first call to an SSL_read() or L<SSL_write(3)>
+function.
+
+SSL_read() works based on the SSL/TLS records. The data are received in
+records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
+record has been completely received, it can be processed (decryption and
+check of integrity). Therefore data that was not retrieved at the last
+call of SSL_read() can still be buffered inside the SSL layer and will be
+retrieved on the next call to SSL_read(). If B<num> is higher than the
+number of bytes buffered, SSL_read() will return with the bytes buffered.
+If no more bytes are in the buffer, SSL_read() will trigger the processing
+of the next record. Only when the record has been received and processed
+completely, SSL_read() will return reporting success. At most the contents
+of the record will be returned. As the size of an SSL/TLS record may exceed
+the maximum packet size of the underlying transport (e.g. TCP), it may
+be necessary to read several packets from the transport layer before the
+record is complete and SSL_read() can succeed.
+
+If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+read operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)> call.
+
+If the underlying BIO is B<non-blocking>, SSL_read() will also return
+when the underlying BIO could not satisfy the needs of SSL_read()
+to continue the operation. In this case a call to
+L<SSL_get_error(3)> with the
+return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_read() can also cause write operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_read(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+L<SSL_pending(3)> can be used to find out whether there
+are buffered bytes available for immediate retrieval. In this case
+SSL_read() can be called without blocking or actually receiving new
+data from the underlying socket.
+
+=head1 WARNING
+
+When an SSL_read() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt> 0
+
+The read operation was successful.
+The return value is the number of bytes actually read from the TLS/SSL
+connection.
+
+=item Z<><= 0
+
+The read operation was not successful, because either the connection was closed,
+an error occurred or action must be taken by the calling process.
+Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
+
+Old documentation indicated a difference between 0 and -1, and that -1 was
+retryable.
+You should instead call SSL_get_error() to find out if it's retryable.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_write(3)>,
+L<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>,
+L<SSL_connect(3)>, L<SSL_accept(3)>
+L<SSL_set_connect_state(3)>,
+L<SSL_pending(3)>,
+L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
+L<ssl(3)>, L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_rstate_string.pod b/openssl-1.1.0h/doc/ssl/SSL_rstate_string.pod
new file mode 100644
index 0000000..7775913
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_rstate_string.pod
@@ -0,0 +1,68 @@
+=pod
+
+=head1 NAME
+
+SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_rstate_string(SSL *ssl);
+ const char *SSL_rstate_string_long(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_rstate_string() returns a 2 letter string indicating the current read state
+of the SSL object B<ssl>.
+
+SSL_rstate_string_long() returns a string indicating the current read state of
+the SSL object B<ssl>.
+
+=head1 NOTES
+
+When performing a read operation, the SSL/TLS engine must parse the record,
+consisting of header and body. When working in a blocking environment,
+SSL_rstate_string[_long]() should always return "RD"/"read done".
+
+This function should only seldom be needed in applications.
+
+=head1 RETURN VALUES
+
+SSL_rstate_string() and SSL_rstate_string_long() can return the following
+values:
+
+=over 4
+
+=item "RH"/"read header"
+
+The header of the record is being evaluated.
+
+=item "RB"/"read body"
+
+The body of the record is being evaluated.
+
+=item "RD"/"read done"
+
+The record has been completely processed.
+
+=item "unknown"/"unknown"
+
+The read state is unknown. This should never happen.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_session_reused.pod b/openssl-1.1.0h/doc/ssl/SSL_session_reused.pod
new file mode 100644
index 0000000..eda66b2
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_session_reused.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_session_reused - query whether a reused session was negotiated during handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_session_reused(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Query, whether a reused session was negotiated during the handshake.
+
+=head1 NOTES
+
+During the negotiation, a client can propose to reuse a session. The server
+then looks up the session in its cache. If both client and server agree
+on the session, it will be reused and a flag is being set that can be
+queried by the application.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+A new session was negotiated.
+
+=item Z<>1
+
+A session was reused.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_set_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set1_host.pod b/openssl-1.1.0h/doc/ssl/SSL_set1_host.pod
new file mode 100644
index 0000000..3339a0e
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set1_host.pod
@@ -0,0 +1,121 @@
+=pod
+
+=head1 NAME
+
+SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername -
+SSL server verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set1_host(SSL *s, const char *hostname);
+ int SSL_add1_host(SSL *s, const char *hostname);
+ void SSL_set_hostflags(SSL *s, unsigned int flags);
+ const char *SSL_get0_peername(SSL *s);
+
+=head1 DESCRIPTION
+
+These functions configure server hostname checks in the SSL client.
+
+SSL_set1_host() sets the expected DNS hostname to B<name> clearing
+any previously specified host name or names.  If B<name> is NULL,
+or the empty string the list of hostnames is cleared, and name
+checks are not performed on the peer certificate.  When a non-empty
+B<name> is specified, certificate verification automatically checks
+the peer hostname via L<X509_check_host(3)> with B<flags> as specified
+via SSL_set_hostflags().  Clients that enable DANE TLSA authentication
+via L<SSL_dane_enable(3)> should leave it to that function to set
+the primary reference identifier of the peer, and should not call
+SSL_set1_host().
+
+SSL_add1_host() adds B<name> as an additional reference identifier
+that can match the peer's certificate.  Any previous names set via
+SSL_set1_host() or SSL_add1_host() are retained, no change is made
+if B<name> is NULL or empty.  When multiple names are configured,
+the peer is considered verified when any name matches.  This function
+is required for DANE TLSA in the presence of service name indirection
+via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or
+RFC7673.
+
+SSL_set_hostflags() sets the B<flags> that will be passed to
+L<X509_check_host(3)> when name checks are applicable, by default
+the B<flags> value is 0.  See L<X509_check_host(3)> for the list
+of available flags and their meaning.
+
+SSL_get0_peername() returns the DNS hostname or subject CommonName
+from the peer certificate that matched one of the reference
+identifiers.  When wildcard matching is not disabled, the name
+matched in the peer certificate may be a wildcard name.  When one
+of the reference identifiers configured via SSL_set1_host() or
+SSL_add1_host() starts with ".", which indicates a parent domain prefix
+rather than a fixed name, the matched peer name may be a sub-domain
+of the reference identifier.  The returned string is allocated by
+the library and is no longer valid once the associated B<ssl> handle
+is cleared or freed, or a renegotiation takes place.  Applications
+must not free the return value.
+
+SSL clients are advised to use these functions in preference to
+explicitly calling L<X509_check_host(3)>.  Hostname checks are out
+of scope with the RFC7671 DANE-EE(3) certificate usage, and the
+internal check will be suppressed as appropriate when DANE is
+enabled.
+
+=head1 RETURN VALUES
+
+SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for
+failure.
+
+SSL_get0_peername() returns NULL if peername verification is not
+applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
+matched.  Otherwise, it returns the matched peername.  To determine
+whether verification succeeded call L<SSL_get_verify_result(3)>.
+
+=head1 EXAMPLE
+
+Suppose "smtp.example.com" is the MX host of the domain "example.com".
+The calls below will arrange to match either the MX hostname or the
+destination domain name in the SMTP server certificate.  Wildcards
+are supported, but must match the entire label.  The actual name
+matched in the certificate (which might be a wildcard) is retrieved,
+and must be copied by the application if it is to be retained beyond
+the lifetime of the SSL connection.
+
+  SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+  if (!SSL_set1_host(ssl, "smtp.example.com")) {
+    /* handle error */
+  }
+  if (!SSL_add1_host(ssl, "example.com")) {
+    /* handle error */
+  }
+
+  /* XXX: Perform SSL_connect() handshake and handle errors here */
+
+  if (SSL_get_verify_result(ssl) == X509_V_OK) {
+      const char *peername = SSL_get0_peername(ssl);
+
+      if (peername != NULL) {
+          /* Name checks were in scope and matched the peername */
+      }
+  }
+
+=head1 SEE ALSO
+
+L<X509_check_host(3)>,
+L<SSL_get_verify_result(3)>.
+L<SSL_dane_enable(3)>.
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_bio.pod b/openssl-1.1.0h/doc/ssl/SSL_set_bio.pod
new file mode 100644
index 0000000..4230940
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_bio.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+ void SSL_set0_rbio(SSL *s, BIO *rbio);
+ void SSL_set0_wbio(SSL *s, BIO *wbio);
+
+=head1 DESCRIPTION
+
+SSL_set0_rbio() connects the BIO B<rbio> for the read operations of the B<ssl>
+object. The SSL engine inherits the behaviour of B<rbio>. If the BIO is
+non-blocking then the B<ssl> object will also have non-blocking behaviour. This
+function transfers ownership of B<rbio> to B<ssl>. It will be automatically
+freed using L<BIO_free_all(3)> when the B<ssl> is freed. On calling this
+function, any existing B<rbio> that was previously set will also be freed via a
+call to L<BIO_free_all(3)> (this includes the case where the B<rbio> is set to
+the same value as previously).
+
+SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects
+the BIO B<wbio> for the write operations of the B<ssl> object. Note that if the
+rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take
+ownership of one reference. Therefore it may be necessary to increment the
+number of references available using L<BIO_up_ref(3)> before calling the set0
+functions.
+
+SSL_set_bio() does a similar job as SSL_set0_rbio() and SSL_set0_wbio() except
+that it connects both the B<rbio> and the B<wbio> at the same time. This
+function transfers the ownership of B<rbio> and B<wbio> to B<ssl> except that
+the rules for this are much more complex. For this reason this function is
+considered a legacy function and SSL_set0_rbio() and SSL_set0_wbio() should be
+used in preference. The ownership rules are as follows:
+
+=over 2
+
+=item *
+
+If neither the rbio or wbio have changed from their previous values then nothing
+is done.
+
+=item *
+
+If the rbio and wbio parameters are different and both are different to their
+previously set values then one reference is consumed for the rbio and one
+reference is consumed for the wbio.
+
+=item *
+
+If the rbio and wbio parameters are the same and the rbio is not the same as the
+previously set value then one reference is consumed.
+
+=item *
+
+If the rbio and wbio parameters are the same and the rbio is the same as the
+previously set value, then no additional references are consumed.
+
+=item *
+
+If the rbio and wbio parameters are different and the rbio is the same as the
+previously set value then one reference is consumed for the wbio and no
+references are consumed for the rbio.
+
+=item *
+
+If the rbio and wbio parameters are different and the wbio is the same as the
+previously set value and the old rbio and wbio values were the same as each
+other then one reference is consumed for the rbio and no references are consumed
+for the wbio.
+
+=item *
+
+If the rbio and wbio parameters are different and the wbio is the same as the
+previously set value and the old rbio and wbio values were different to each
+other then one reference is consumed for the rbio and one reference is consumed
+for the wbio.
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail.
+
+=head1 SEE ALSO
+
+L<SSL_get_rbio(3)>,
+L<SSL_connect(3)>, L<SSL_accept(3)>,
+L<SSL_shutdown(3)>, L<ssl(7)>, L<bio(7)>
+
+=head1 HISTORY
+
+SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_connect_state.pod b/openssl-1.1.0h/doc/ssl/SSL_set_connect_state.pod
new file mode 100644
index 0000000..9031aa7
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_connect_state.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+SSL_set_connect_state, SSL_set_accept_state - prepare SSL object to work in client or server mode
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_connect_state(SSL *ssl);
+
+ void SSL_set_accept_state(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_set_connect_state() sets B<ssl> to work in client mode.
+
+SSL_set_accept_state() sets B<ssl> to work in server mode.
+
+=head1 NOTES
+
+When the SSL_CTX object was created with L<SSL_CTX_new(3)>,
+it was either assigned a dedicated client method, a dedicated server
+method, or a generic method, that can be used for both client and
+server connections. (The method might have been changed with
+L<SSL_CTX_set_ssl_version(3)> or
+SSL_set_ssl_method(3).)
+
+When beginning a new handshake, the SSL engine must know whether it must
+call the connect (client) or accept (server) routines. Even though it may
+be clear from the method chosen, whether client or server mode was
+requested, the handshake routines must be explicitly set.
+
+When using the L<SSL_connect(3)> or
+L<SSL_accept(3)> routines, the correct handshake
+routines are automatically set. When performing a transparent negotiation
+using L<SSL_write(3)> or L<SSL_read(3)>, the
+handshake routines must be explicitly set in advance using either
+SSL_set_connect_state() or SSL_set_accept_state().
+
+=head1 RETURN VALUES
+
+SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic
+information.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_new(3)>, L<SSL_CTX_new(3)>,
+LL<SSL_connect(3)>, L<SSL_accept(3)>,
+L<SSL_write(3)>, L<SSL_read(3)>,
+L<SSL_do_handshake(3)>,
+L<SSL_CTX_set_ssl_version(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_fd.pod b/openssl-1.1.0h/doc/ssl/SSL_set_fd.pod
new file mode 100644
index 0000000..e1f9988
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_fd.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_fd(SSL *ssl, int fd);
+ int SSL_set_rfd(SSL *ssl, int fd);
+ int SSL_set_wfd(SSL *ssl, int fd);
+
+=head1 DESCRIPTION
+
+SSL_set_fd() sets the file descriptor B<fd> as the input/output facility
+for the TLS/SSL (encrypted) side of B<ssl>. B<fd> will typically be the
+socket file descriptor of a network connection.
+
+When performing the operation, a B<socket BIO> is automatically created to
+interface between the B<ssl> and B<fd>. The BIO and hence the SSL engine
+inherit the behaviour of B<fd>. If B<fd> is non-blocking, the B<ssl> will
+also have non-blocking behaviour.
+
+If there was already a BIO connected to B<ssl>, BIO_free() will be called
+(for both the reading and writing side, if different).
+
+SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only
+for the read channel or the write channel, which can be set independently.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The operation failed. Check the error stack to find out why.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_fd(3)>, L<SSL_set_bio(3)>,
+L<SSL_connect(3)>, L<SSL_accept(3)>,
+L<SSL_shutdown(3)>, L<ssl(3)> , L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_session.pod b/openssl-1.1.0h/doc/ssl/SSL_set_session.pod
new file mode 100644
index 0000000..1de533f
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_session.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_set_session() sets B<session> to be used when the TLS/SSL connection
+is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+When the session is set, the reference count of B<session> is incremented
+by 1. If the session is not reused, the reference count is decremented
+again during SSL_connect(). Whether the session was reused can be queried
+with the L<SSL_session_reused(3)> call.
+
+If there is already a session set inside B<ssl> (because it was set with
+SSL_set_session() before or because the same B<ssl> was already used for
+a connection), SSL_SESSION_free() will be called for that session. If that old
+session is still B<open>, it is considered bad and will be removed from the
+session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
+not called for the connection (or at least L<SSL_set_shutdown(3)> was used to
+set the SSL_SENT_SHUTDOWN state).
+
+=head1 NOTES
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The operation failed; check the error stack to find out the reason.
+
+=item Z<>1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_SESSION_free(3)>,
+L<SSL_get_session(3)>,
+L<SSL_session_reused(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_shutdown.pod b/openssl-1.1.0h/doc/ssl/SSL_set_shutdown.pod
new file mode 100644
index 0000000..ecdf60c
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_shutdown.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_shutdown(SSL *ssl, int mode);
+
+ int SSL_get_shutdown(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_set_shutdown() sets the shutdown state of B<ssl> to B<mode>.
+
+SSL_get_shutdown() returns the shutdown mode of B<ssl>.
+
+=head1 NOTES
+
+The shutdown state of an ssl connection is a bitmask of:
+
+=over 4
+
+=item Z<>0
+
+No shutdown setting, yet.
+
+=item SSL_SENT_SHUTDOWN
+
+A "close notify" shutdown alert was sent to the peer, the connection is being
+considered closed and the session is closed and correct.
+
+=item SSL_RECEIVED_SHUTDOWN
+
+A shutdown alert was received form the peer, either a normal "close notify"
+or a fatal error.
+
+=back
+
+SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.
+
+The shutdown state of the connection is used to determine the state of
+the ssl session. If the session is still open, when
+L<SSL_clear(3)> or L<SSL_free(3)> is called,
+it is considered bad and removed according to RFC2246.
+The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
+(according to the TLS RFC, it is acceptable to only send the "close notify"
+alert but to not wait for the peer's answer, when the underlying connection
+is closed).
+SSL_set_shutdown() can be used to set this state without sending a
+close alert to the peer (see L<SSL_shutdown(3)>).
+
+If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
+for setting SSL_SENT_SHUTDOWN the application must however still call
+L<SSL_shutdown(3)> or SSL_set_shutdown() itself.
+
+=head1 RETURN VALUES
+
+SSL_set_shutdown() does not return diagnostic information.
+
+SSL_get_shutdown() returns the current setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_clear(3)>, L<SSL_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_set_verify_result.pod b/openssl-1.1.0h/doc/ssl/SSL_set_verify_result.pod
new file mode 100644
index 0000000..8738d78
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_set_verify_result.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+SSL_set_verify_result - override result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_verify_result(SSL *ssl, long verify_result);
+
+=head1 DESCRIPTION
+
+SSL_set_verify_result() sets B<verify_result> of the object B<ssl> to be the
+result of the verification of the X509 certificate presented by the peer,
+if any.
+
+=head1 NOTES
+
+SSL_set_verify_result() overrides the verification result. It only changes
+the verification result of the B<ssl> object. It does not become part of the
+established session, so if the session is to be reused later, the original
+value will reappear.
+
+The valid codes for B<verify_result> are documented in L<verify(1)>.
+
+=head1 RETURN VALUES
+
+SSL_set_verify_result() does not provide a return value.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_get_verify_result(3)>,
+L<SSL_get_peer_certificate(3)>,
+L<verify(1)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_shutdown.pod b/openssl-1.1.0h/doc/ssl/SSL_shutdown.pod
new file mode 100644
index 0000000..e8ec454
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_shutdown.pod
@@ -0,0 +1,132 @@
+=pod
+
+=head1 NAME
+
+SSL_shutdown - shut down a TLS/SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_shutdown(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
+"close notify" shutdown alert to the peer.
+
+=head1 NOTES
+
+SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
+Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
+a currently open session is considered closed and good and will be kept in the
+session cache for further reuse.
+
+The shutdown procedure consists of 2 steps: the sending of the "close notify"
+shutdown alert and the reception of the peer's "close notify" shutdown
+alert. According to the TLS standard, it is acceptable for an application
+to only send its shutdown alert and then close the underlying connection
+without waiting for the peer's response (this way resources can be saved,
+as the process can already terminate or serve another connection).
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure (bidirectional "close notify" alerts) must be
+performed, so that the peers stay synchronized.
+
+SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
+behaviour.
+
+=over 4
+
+=item When the application is the first party to send the "close notify"
+alert, SSL_shutdown() will only send the alert and then set the
+SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
+be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
+shutdown is enough (the underlying connection shall be closed anyway), this
+first call to SSL_shutdown() is sufficient. In order to complete the
+bidirectional shutdown handshake, SSL_shutdown() must be called again.
+The second call will make SSL_shutdown() wait for the peer's "close notify"
+shutdown alert. On success, the second call to SSL_shutdown() will return
+with 1.
+
+=item If the peer already sent the "close notify" alert B<and> it was
+already processed implicitly inside another function
+(L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
+SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
+flag and will immediately return with 1.
+Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
+SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call.
+
+=back
+
+It is therefore recommended, to check the return value of SSL_shutdown()
+and call SSL_shutdown() again, if the bidirectional shutdown is not yet
+complete (return value of the first call is 0).
+
+The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
+
+If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+handshake step has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+when the underlying BIO could not satisfy the needs of SSL_shutdown()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_shutdown() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_shutdown().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+SSL_shutdown() can be modified to only set the connection to "shutdown"
+state but not actually send the "close notify" alert messages,
+see L<SSL_CTX_set_quiet_shutdown(3)>.
+When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
+and return 1.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item Z<>0
+
+The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+if a bidirectional shutdown shall be performed.
+The output of L<SSL_get_error(3)> may be misleading, as an
+erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+
+=item Z<>1
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
+=item E<lt>0
+
+The shutdown was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. It can also occur if
+action is need to continue the operation for non-blocking BIOs.
+Call L<SSL_get_error(3)> with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_connect(3)>,
+L<SSL_accept(3)>, L<SSL_set_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_clear(3)>, L<SSL_free(3)>,
+L<ssl(3)>, L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_state_string.pod b/openssl-1.1.0h/doc/ssl/SSL_state_string.pod
new file mode 100644
index 0000000..a2f59e8
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_state_string.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_state_string(const SSL *ssl);
+ const char *SSL_state_string_long(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_state_string() returns a 6 letter string indicating the current state
+of the SSL object B<ssl>.
+
+SSL_state_string_long() returns a string indicating the current state of
+the SSL object B<ssl>.
+
+=head1 NOTES
+
+During its use, an SSL objects passes several states. The state is internally
+maintained. Querying the state information is not very informative before
+or when a connection has been established. It however can be of significant
+interest during the handshake.
+
+When using non-blocking sockets, the function call performing the handshake
+may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
+so that SSL_state_string[_long]() may be called.
+
+For both blocking or non-blocking sockets, the details state information
+can be used within the info_callback function set with the
+SSL_set_info_callback() call.
+
+=head1 RETURN VALUES
+
+Detailed description of possible states to be included later.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_want.pod b/openssl-1.1.0h/doc/ssl/SSL_want.pod
new file mode 100644
index 0000000..e179d6b
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_want.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup,
+SSL_want_async, SSL_want_async_job - obtain state information TLS/SSL I/O
+operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_want(const SSL *ssl);
+ int SSL_want_nothing(const SSL *ssl);
+ int SSL_want_read(const SSL *ssl);
+ int SSL_want_write(const SSL *ssl);
+ int SSL_want_x509_lookup(const SSL *ssl);
+ int SSL_want_async(const SSL *ssl);
+ int SSL_want_async_job(const SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_want() returns state information for the SSL object B<ssl>.
+
+The other SSL_want_*() calls are shortcuts for the possible states returned
+by SSL_want().
+
+=head1 NOTES
+
+SSL_want() examines the internal state information of the SSL object. Its
+return values are similar to that of L<SSL_get_error(3)>.
+Unlike L<SSL_get_error(3)>, which also evaluates the
+error queue, the results are obtained by examining an internal state flag
+only. The information must therefore only be used for normal operation under
+non-blocking I/O. Error conditions are not handled and must be treated
+using L<SSL_get_error(3)>.
+
+The result returned by SSL_want() should always be consistent with
+the result of L<SSL_get_error(3)>.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur for SSL_want():
+
+=over 4
+
+=item SSL_NOTHING
+
+There is no data to be written or to be read.
+
+=item SSL_WRITING
+
+There are data in the SSL buffer that must be written to the underlying
+B<BIO> layer in order to complete the actual SSL_*() operation.
+A call to L<SSL_get_error(3)> should return
+SSL_ERROR_WANT_WRITE.
+
+=item SSL_READING
+
+More data must be read from the underlying B<BIO> layer in order to
+complete the actual SSL_*() operation.
+A call to L<SSL_get_error(3)> should return
+SSL_ERROR_WANT_READ.
+
+=item SSL_X509_LOOKUP
+
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+A call to L<SSL_get_error(3)> should return
+SSL_ERROR_WANT_X509_LOOKUP.
+
+=item SSL_ASYNC_PAUSED
+
+An asynchronous operation partially completed and was then paused. See
+L<SSL_get_all_async_fds(3)>. A call to L<SSL_get_error(3)> should return
+SSL_ERROR_WANT_ASYNC.
+
+=item SSL_ASYNC_NO_JOBS
+
+The asynchronous job could not be started because there were no async jobs
+available in the pool (see ASYNC_init_thread(3)). A call to L<SSL_get_error(3)>
+should return SSL_ERROR_WANT_ASYNC_JOB.
+
+=back
+
+SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(),
+SSL_want_async() and SSL_want_async_job() return 1, when the corresponding
+condition is true or 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<err(3)>, L<SSL_get_error(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/SSL_write.pod b/openssl-1.1.0h/doc/ssl/SSL_write.pod
new file mode 100644
index 0000000..ef3b92a
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/SSL_write.pod
@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+SSL_write - write bytes to a TLS/SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_write(SSL *ssl, const void *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
+B<ssl> connection.
+
+=head1 NOTES
+
+If necessary, SSL_write() will negotiate a TLS/SSL session, if
+not already explicitly performed by L<SSL_connect(3)> or
+L<SSL_accept(3)>. If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_write() operation. The behaviour of SSL_write() depends on the
+underlying BIO.
+
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is being done by calling
+L<SSL_set_connect_state(3)> or SSL_set_accept_state()
+before the first call to an L<SSL_read(3)> or SSL_write() function.
+
+If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+write operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)> call.
+
+If the underlying BIO is B<non-blocking>, SSL_write() will also return,
+when the underlying BIO could not satisfy the needs of SSL_write()
+to continue the operation. In this case a call to
+L<SSL_get_error(3)> with the
+return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_write() can also cause read operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_write(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+SSL_write() will only return with success, when the complete contents
+of B<buf> of length B<num> has been written. This default behaviour
+can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
+L<SSL_CTX_set_mode(3)>. When this flag is set,
+SSL_write() will also return with success, when a partial write has been
+successfully completed. In this case the SSL_write() operation is considered
+completed. The bytes are sent and a new SSL_write() operation with a new
+buffer (with the already sent bytes removed) must be started.
+A partial write is performed with the size of a message block, which is
+16kB for SSLv3/TLSv1.
+
+=head1 WARNING
+
+When an SSL_write() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+When calling SSL_write() with num=0 bytes to be sent the behaviour is
+undefined.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt> 0
+
+The write operation was successful, the return value is the number of
+bytes actually written to the TLS/SSL connection.
+
+=item Z<><= 0
+
+The write operation was not successful, because either the connection was
+closed, an error occurred or action must be taken by the calling process.
+Call SSL_get_error() with the return value B<ret> to find out the reason.
+
+Old documentation indicated a difference between 0 and -1, and that -1 was
+retryable.
+You should instead call SSL_get_error() to find out if it's retryable.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)>, L<SSL_read(3)>,
+L<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>,
+L<SSL_connect(3)>, L<SSL_accept(3)>
+L<SSL_set_connect_state(3)>,
+L<ssl(3)>, L<bio(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/d2i_SSL_SESSION.pod b/openssl-1.1.0h/doc/ssl/d2i_SSL_SESSION.pod
new file mode 100644
index 0000000..d6b1707
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/d2i_SSL_SESSION.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
+ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an SSL_SESSION object.
+For encoding details see L<d2i_X509(3)>.
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+=head1 RETURN VALUES
+
+d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
+object. In case of failure the NULL-pointer is returned and the error message
+can be retrieved from the error stack.
+
+i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes.
+When the session is not valid, B<0> is returned and no operation is performed.
+
+=head1 SEE ALSO
+
+L<ssl(3)>, L<SSL_SESSION_free(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>,
+L<d2i_X509(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/doc/ssl/ssl.pod b/openssl-1.1.0h/doc/ssl/ssl.pod
new file mode 100644
index 0000000..4d91907
--- /dev/null
+++ b/openssl-1.1.0h/doc/ssl/ssl.pod
@@ -0,0 +1,843 @@
+=pod
+
+=for comment openssl_manual_section:7
+
+=head1 NAME
+
+ssl - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+See the individual manual pages for details.
+
+=head1 DESCRIPTION
+
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+Then an B<SSL_CTX> object is created as a framework to establish
+TLS/SSL enabled connections (see L<SSL_CTX_new(3)>).
+Various options regarding certificates, algorithms etc. can be set
+in this object.
+
+When a network connection has been created, it can be assigned to an
+B<SSL> object. After the B<SSL> object has been created using
+L<SSL_new(3)>, L<SSL_set_fd(3)> or
+L<SSL_set_bio(3)> can be used to associate the network
+connection with the object.
+
+Then the TLS/SSL handshake is performed using
+L<SSL_accept(3)> or L<SSL_connect(3)>
+respectively.
+L<SSL_read(3)> and L<SSL_write(3)> are
+used to read and write data on the TLS/SSL connection.
+L<SSL_shutdown(3)> can be used to shut down the
+TLS/SSL connection.
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv3
+TLSv1, ...). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current TLS/SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and functions:
+
+=over 4
+
+=item B<ssl.h>
+
+That's the common header file for the SSL/TLS API.  Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+OPENSSL_VERSION_AT_LEAST(major,minor) can be
+used in C<#if> statements in order to determine which version of the library is
+being used. This can be used to either enable optional features at compile
+time, or work around issues with a previous version.
+See L<OPENSSL_VERSION_NUMBER(3)>.
+
+=item B<ssl2.h>
+
+Unused. Present for backwards compatibility only.
+
+=item B<ssl3.h>
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<tls1.h>
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+
+=head2 Dealing with Protocol Methods
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+
+=over 4
+
+=item const SSL_METHOD *B<TLS_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for clients,
+servers or both.
+See L<SSL_CTX_new(3)> for details.
+
+=item const SSL_METHOD *B<TLS_client_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLS_server_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<TLSv1_2_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers or both.
+
+=item const SSL_METHOD *B<TLSv1_2_client_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_2_server_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<TLSv1_1_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers or both.
+
+=item const SSL_METHOD *B<TLSv1_1_client_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_1_server_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<TLSv1_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for clients, servers or both.
+
+=item const SSL_METHOD *B<TLSv1_client_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_server_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<SSLv3_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for clients, servers or both.
+
+=item const SSL_METHOD *B<SSLv3_client_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<SSLv3_server_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for servers.
+
+=back
+
+=head2 Dealing with Ciphers
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+
+=over 4
+
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+
+=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+
+=item const char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+
+Returns a string like "C<SSLv3>" or "C<TLSv1.2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 Dealing with Protocol Contexts
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+
+=over 4
+
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
+
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_ciphers>(const SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
+=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
+
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
+
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+
+=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
+
+=item int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx, t);
+
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
+
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item int B<SSL_CTX_set_ct_validation_callback>(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);
+
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+
+Use the default paths to locate trusted CA certificates. There is one default
+directory path and one default file path. Both are set via this call.
+
+=item int B<SSL_CTX_set_default_verify_dir>(SSL_CTX *ctx)
+
+Use the default directory path to locate trusted CA certificates.
+
+=item int B<SSL_CTX_set_default_verify_file>(SSL_CTX *ctx)
+
+Use the file path to locate trusted CA certificates.
+
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
+
+=item unsigned long B<SSL_CTX_clear_options>(SSL_CTX *ctx, unsigned long op);
+
+=item unsigned long B<SSL_CTX_get_options>(SSL_CTX *ctx);
+
+=item unsigned long B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
+
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
+
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, const char *file, int type);
+
+=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
+
+=item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx);
+
+=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
+
+=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+
+=back
+
+=head2 Dealing with Sessions
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+
+=over 4
+
+=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
+
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+
+=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
+
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
+
+=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
+
+=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
+
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+
+=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
+
+=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
+
+=item int B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+
+=back
+
+=head2 Dealing with Connections
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+
+=over 4
+
+=item int B<SSL_accept>(SSL *ssl);
+
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+
+=item char *B<SSL_alert_desc_string>(int value);
+
+=item char *B<SSL_alert_desc_string_long>(int value);
+
+=item char *B<SSL_alert_type_string>(int value);
+
+=item char *B<SSL_alert_type_string_long>(int value);
+
+=item int B<SSL_check_private_key>(const SSL *ssl);
+
+=item void B<SSL_clear>(SSL *ssl);
+
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_connect>(SSL *ssl);
+
+=item int B<SSL_copy_session_id>(SSL *t, const SSL *f);
+
+Sets the session details for B<t> to be the same as in B<f>. Returns 1 on
+success or 0 on failure.
+
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B<SSL_do_handshake>(SSL *ssl);
+
+=item SSL *B<SSL_dup>(SSL *ssl);
+
+SSL_dup() allows applications to configure an SSL handle for use
+in multiple SSL connections, and then duplicate it prior to initiating
+each connection with the duplicated handle.
+Use of SSL_dup() avoids the need to repeat the configuration of the
+handles for each connection.
+
+For SSL_dup() to work, the connection MUST be in its initial state
+and MUST NOT have not yet have started the SSL handshake.
+For connections that are not in their initial state SSL_dup() just
+increments an internal reference count and returns the I<same>
+handle.
+It may be possible to use L<SSL_clear(3)> to recycle an SSL handle
+that is not in its initial state for re-use, but this is best
+avoided.
+Instead, save and restore the session, if desired, and construct a
+fresh handle for each connection.
+
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+
+=item void B<SSL_free>(SSL *ssl);
+
+=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
+
+=item char *B<SSL_get_app_data>(SSL *ssl);
+
+=item X509 *B<SSL_get_certificate>(const SSL *ssl);
+
+=item const char *B<SSL_get_cipher>(const SSL *ssl);
+
+=item int B<SSL_is_dtls>(const SSL *ssl);
+
+=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
+
+=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
+
+=item char *B<SSL_get_cipher_name>(const SSL *ssl);
+
+=item char *B<SSL_get_cipher_version>(const SSL *ssl);
+
+=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
+
+=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+
+=item long B<SSL_get_default_timeout>(const SSL *ssl);
+
+=item int B<SSL_get_error>(const SSL *ssl, int i);
+
+=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
+
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B<SSL_get_fd>(const SSL *ssl);
+
+=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
+
+=item int B<SSL_get_key_update_type>(SSL *s);
+
+=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
+
+=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
+
+=item const STACK_OF(SCT) *B<SSL_get0_peer_scts>(SSL *s);
+
+=item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl);
+
+=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
+
+=item BIO *B<SSL_get_rbio>(const SSL *ssl);
+
+=item int B<SSL_get_read_ahead>(const SSL *ssl);
+
+=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
+
+=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
+
+=item int B<SSL_get_shutdown>(const SSL *ssl);
+
+=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+
+=item int B<SSL_get_state>(const SSL *ssl);
+
+=item long B<SSL_get_time>(const SSL *ssl);
+
+=item long B<SSL_get_timeout>(const SSL *ssl);
+
+=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int, X509_STORE_CTX *)
+
+=item int B<SSL_get_verify_mode>(const SSL *ssl);
+
+=item long B<SSL_get_verify_result>(const SSL *ssl);
+
+=item char *B<SSL_get_version>(const SSL *ssl);
+
+=item BIO *B<SSL_get_wbio>(const SSL *ssl);
+
+=item int B<SSL_in_accept_init>(SSL *ssl);
+
+=item int B<SSL_in_before>(SSL *ssl);
+
+=item int B<SSL_in_connect_init>(SSL *ssl);
+
+=item int B<SSL_in_init>(SSL *ssl);
+
+=item int B<SSL_is_init_finished>(SSL *ssl);
+
+=item int B<SSL_key_update>(SSL *s, int updatetype);
+
+=item STACK *B<SSL_load_client_CA_file>(const char *file);
+
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+
+=item int SSL_up_ref(SSL *s);
+
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_pending>(const SSL *ssl);
+
+=item int B<SSL_read>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_renegotiate>(SSL *ssl);
+
+=item char *B<SSL_rstate_string>(SSL *ssl);
+
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+
+=item long B<SSL_session_reused>(SSL *ssl);
+
+=item void B<SSL_set_accept_state>(SSL *ssl);
+
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+
+=item void B<SSL_set_connect_state>(SSL *ssl);
+
+=item int B<SSL_set_ct_validation_callback>(SSL *ssl, ssl_ct_validation_cb callback, void *arg);
+
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+
+=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
+
+=item unsigned long B<SSL_clear_options>(SSL *ssl, unsigned long op);
+
+=item unsigned long B<SSL_get_options>(SSL *ssl);
+
+=item unsigned long B<SSL_set_options>(SSL *ssl, unsigned long op);
+
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+
+=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth);
+
+=item void B<SSL_set_time>(SSL *ssl, long t);
+
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+
+=item int B<SSL_shutdown>(SSL *ssl);
+
+=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl);
+
+Returns the current handshake state.
+
+=item char *B<SSL_state_string>(const SSL *ssl);
+
+=item char *B<SSL_state_string_long>(const SSL *ssl);
+
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, const char *file, int type);
+
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, const char *file, int type);
+
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+
+=item int B<SSL_use_certificate_file>(SSL *ssl, const char *file, int type);
+
+=item int B<SSL_version>(const SSL *ssl);
+
+=item int B<SSL_want>(const SSL *ssl);
+
+=item int B<SSL_want_nothing>(const SSL *ssl);
+
+=item int B<SSL_want_read>(const SSL *ssl);
+
+=item int B<SSL_want_write>(const SSL *ssl);
+
+=item int B<SSL_want_x509_lookup>(const SSL *ssl);
+
+=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
+
+=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint);
+
+=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl);
+
+=item const char *B<SSL_get_psk_identity>(SSL *ssl);
+
+=back
+
+=head1 RETURN VALUES
+
+See the individual manual pages for details.
+
+=head1 SEE ALSO
+
+L<openssl(1)>, L<crypto(7)>,
+L<CRYPTO_get_ex_new_index(3)>,
+L<SSL_accept(3)>, L<SSL_clear(3)>,
+L<SSL_connect(3)>,
+L<SSL_CIPHER_get_name(3)>,
+L<SSL_COMP_add_compression_method(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_add_session(3)>,
+L<SSL_CTX_ctrl(3)>,
+L<SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_get_verify_mode(3)>,
+L<SSL_CTX_load_verify_locations(3)>
+L<SSL_CTX_new(3)>,
+L<SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_sessions(3)>,
+L<SSL_CTX_set_cert_store(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_generate_session_id(3)>,
+L<SSL_CTX_set_info_callback(3)>,
+L<SSL_CTX_set_max_cert_list(3)>,
+L<SSL_CTX_set_mode(3)>,
+L<SSL_CTX_set_msg_callback(3)>,
+L<SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)>,
+L<SSL_CTX_set_security_level(3)>,
+L<SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_session_id_context(3)>,
+L<SSL_CTX_set_ssl_version(3)>,
+L<SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_verify(3)>,
+L<SSL_CTX_use_certificate(3)>,
+L<SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)>,
+L<SSL_enable_ct(3)>,
+L<SSL_get_SSL_CTX(3)>,
+L<SSL_get_ciphers(3)>,
+L<SSL_get_client_CA_list(3)>,
+L<SSL_get_default_timeout(3)>,
+L<SSL_get_error(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)>,
+L<SSL_get_rbio(3)>,
+L<SSL_get_session(3)>,
+L<SSL_get_verify_result(3)>,
+L<SSL_get_version(3)>,
+L<SSL_load_client_CA_file(3)>,
+L<SSL_new(3)>,
+L<SSL_pending(3)>,
+L<SSL_read_ex(3)>,
+L<SSL_read(3)>,
+L<SSL_rstate_string(3)>,
+L<SSL_session_reused(3)>,
+L<SSL_set_bio(3)>,
+L<SSL_set_connect_state(3)>,
+L<SSL_set_fd(3)>,
+L<SSL_set_session(3)>,
+L<SSL_set_shutdown(3)>,
+L<SSL_shutdown(3)>,
+L<SSL_state_string(3)>,
+L<SSL_want(3)>,
+L<SSL_write_ex(3)>,
+L<SSL_write(3)>,
+L<SSL_SESSION_free(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<d2i_SSL_SESSION(3)>,
+L<SSL_CTX_set_psk_client_callback(3)>,
+L<SSL_CTX_use_psk_identity_hint(3)>,
+L<SSL_get_psk_identity(3)>,
+L<DTLSv1_listen(3)>
+
+=head1 HISTORY
+
+B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> were removed
+in OpenSSL 1.1.0.
+
+The return type of B<SSL_copy_session_id> was changed from void to int in
+OpenSSL 1.1.0.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/openssl-1.1.0h/e_os.h b/openssl-1.1.0h/e_os.h
new file mode 100644
index 0000000..dfa159f
--- /dev/null
+++ b/openssl-1.1.0h/e_os.h
@@ -0,0 +1,527 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS_H
+# define HEADER_E_OS_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+/*
+ * <openssl/e_os2.h> contains what we can justify to make visible to the
+ * outside; this file e_os.h is not part of the exported interface.
+ */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+# if defined(OPENSSL_NO_STDIO)
+#  if defined(REF_PRINT)
+#   error "REF_PRINT requires stdio"
+#  endif
+# endif
+
+/*
+ * BIO_printf format modifier for [u]int64_t.
+ */
+# if defined(__LP64__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
+#  define BIO_PRI64 "l"     /* 'll' does work "universally", but 'l' is
+                             * here to shut -Wformat warnings in LP64... */
+# else
+#  define BIO_PRI64 "ll"
+# endif
+
+# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO)
+#  define REF_ASSERT_ISNT(test) \
+    (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0)
+# else
+#  define REF_ASSERT_ISNT(i)
+# endif
+# ifdef REF_PRINT
+#  define REF_PRINT_COUNT(a, b) \
+        fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
+# else
+#  define REF_PRINT_COUNT(a, b)
+# endif
+
+# define osslargused(x)      (void)x
+# define OPENSSL_CONF        "openssl.cnf"
+
+# ifndef DEVRANDOM
+/*
+ * set this to a comma-separated list of 'random' device files to try out. My
+ * default, we will try to read at least one of these files
+ */
+#  define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+# endif
+# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
+/*
+ * set this to a comma-separated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device
+ * files listed in DEVRANDOM did not return enough entropy.
+ */
+#  define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS)
+#  define NO_SYS_PARAM_H
+#  define NO_CHMOD
+#  define NO_SYSLOG
+# endif
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+#  define WIN32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+#  define MSDOS
+# endif
+
+# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS)
+#  define GETPID_IS_MEANINGLESS
+# endif
+
+# ifdef WIN32
+#  define NO_SYS_UN_H
+#  define get_last_sys_error()    GetLastError()
+#  define clear_sys_error()       SetLastError(0)
+#  if !defined(WINNT)
+#   define WIN_CONSOLE_BUG
+#  endif
+# else
+#  define get_last_sys_error()    errno
+#  define clear_sys_error()       errno=0
+# endif
+
+# if defined(WINDOWS)
+#  define get_last_socket_error() WSAGetLastError()
+#  define clear_socket_error()    WSASetLastError(0)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(__DJGPP__)
+#  define WATT32
+#  define WATT32_NO_OLDIES
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define closesocket(s)          close_s(s)
+#  define readsocket(s,b,n)       read_s(s,b,n)
+#  define writesocket(s,b,n)      send(s,b,n,0)
+# elif defined(OPENSSL_SYS_VMS)
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_VXWORKS)
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
+#  define closesocket(s)              close(s)
+#  define readsocket(s,b,n)           read((s),(b),(n))
+#  define writesocket(s,b,n)          write((s),(char *)(b),(n))
+# else
+#  define get_last_socket_error() errno
+#  define clear_socket_error()    errno=0
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       read((s),(b),(n))
+#  define writesocket(s,b,n)      write((s),(b),(n))
+# endif
+
+# if (defined(WINDOWS) || defined(MSDOS))
+
+#  ifdef __DJGPP__
+#   include <unistd.h>
+#   include <sys/stat.h>
+#   include <sys/socket.h>
+#   include <sys/un.h>
+#   include <tcp.h>
+#   include <netdb.h>
+#   define _setmode setmode
+#   define _O_TEXT O_TEXT
+#   define _O_BINARY O_BINARY
+#   define HAS_LFN_SUPPORT(name)  (pathconf((name), _PC_NAME_MAX) > 12)
+#   undef DEVRANDOM_EGD  /*  Neither MS-DOS nor FreeDOS provide 'egd' sockets.  */
+#   undef DEVRANDOM
+#   define DEVRANDOM "/dev/urandom\x24"
+#  endif                        /* __DJGPP__ */
+
+#  ifndef S_IFDIR
+#   define S_IFDIR     _S_IFDIR
+#  endif
+
+#  ifndef S_IFMT
+#   define S_IFMT      _S_IFMT
+#  endif
+
+#  if !defined(WINNT) && !defined(__DJGPP__)
+#   define NO_SYSLOG
+#  endif
+
+#  ifdef WINDOWS
+#   if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
+       /*
+        * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+        * Most notably we ought to check for availability of each specific
+        * routine that was introduced after denoted _WIN32_WINNT with
+        * GetProcAddress(). Normally newer functions are masked with higher
+        * _WIN32_WINNT in SDK headers. So that if you wish to use them in
+        * some module, you'd need to override _WIN32_WINNT definition in
+        * the target module in order to "reach for" prototypes, but replace
+        * calls to new functions with indirect calls. Alternatively it
+        * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
+        * and check for current OS version instead.
+        */
+#    define _WIN32_WINNT 0x0501
+#   endif
+#   if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
+       /*
+        * Just like defining _WIN32_WINNT including winsock2.h implies
+        * certain "discipline" for maintaining [broad] binary compatibility.
+        * As long as structures are invariant among Winsock versions,
+        * it's sufficient to check for specific Winsock2 API availability
+        * at run-time [DSO_global_lookup is recommended]...
+        */
+#    include <winsock2.h>
+#    include <ws2tcpip.h>
+       /* yes, they have to be #included prior to <windows.h> */
+#   endif
+#   include <windows.h>
+#   include <stdio.h>
+#   include <stddef.h>
+#   include <errno.h>
+#   if defined(_WIN32_WCE) && !defined(EACCES)
+#    define EACCES   13
+#   endif
+#   include <string.h>
+#   ifdef _WIN64
+#    define strlen(s) _strlen31(s)
+/* cut strings to 2GB */
+static __inline unsigned int _strlen31(const char *str)
+{
+    unsigned int len = 0;
+    while (*str && len < 0x80000000U)
+        str++, len++;
+    return len & 0x7FFFFFFF;
+}
+#   endif
+#   include <malloc.h>
+#   if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace)
+       /* compensate for bug in VC6 ctype.h */
+#    undef isspace
+#    undef isdigit
+#    undef isalnum
+#    undef isupper
+#    undef isxdigit
+#   endif
+#   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
+#    if _MSC_VER>=1300 && _MSC_VER<1600
+#     undef stdin
+#     undef stdout
+#     undef stderr
+FILE *__iob_func();
+#     define stdin  (&__iob_func()[0])
+#     define stdout (&__iob_func()[1])
+#     define stderr (&__iob_func()[2])
+#    elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049)
+#     undef stdin
+#     undef stdout
+#     undef stderr
+         /*
+          * pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
+          * or in other words with /MD. Declaring implicit import, i.e. with
+          * _imp_ prefix, works correctly with all compiler options, but
+          * without /MD results in LINK warning LNK4049: 'locally defined
+          * symbol "__iob" imported'.
+          */
+extern FILE *_imp___iob;
+#     define stdin  (&_imp___iob[0])
+#     define stdout (&_imp___iob[1])
+#     define stderr (&_imp___iob[2])
+#    endif
+#   endif
+#  endif
+#  include <io.h>
+#  include <fcntl.h>
+
+#  ifdef OPENSSL_SYS_WINCE
+#   define OPENSSL_NO_POSIX_IO
+#  endif
+
+#  define EXIT(n) exit(n)
+#  define LIST_SEPARATOR_CHAR ';'
+#  ifndef X_OK
+#   define X_OK        0
+#  endif
+#  ifndef W_OK
+#   define W_OK        2
+#  endif
+#  ifndef R_OK
+#   define R_OK        4
+#  endif
+#  ifdef OPENSSL_SYS_WINCE
+#   define DEFAULT_HOME  ""
+#  else
+#   define DEFAULT_HOME  "C:"
+#  endif
+
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+#  if defined(_MSC_VER) && _MSC_VER>=1800
+#   define check_winnt() (1)
+#   define check_win_minplat(x) (1)
+#  else
+#   define check_winnt() (GetVersion() < 0x80000000)
+#   define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
+#  endif
+
+# else                          /* The non-microsoft world */
+
+#  ifdef OPENSSL_SYS_VMS
+#   define VMS 1
+  /*
+   * some programs don't include stdlib, so exit() and others give implicit
+   * function warnings
+   */
+#   include <stdlib.h>
+#   if defined(__DECC)
+#    include <unistd.h>
+#   else
+#    include <unixlib.h>
+#   endif
+#   define LIST_SEPARATOR_CHAR ','
+  /* We don't have any well-defined random devices on VMS, yet... */
+#   undef DEVRANDOM
+  /*-
+     We need to do this since VMS has the following coding on status codes:
+
+     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+               The important thing to know is that odd numbers are considered
+               good, while even ones are considered errors.
+     Bits 3-15: actual status number
+     Bits 16-27: facility number.  0 is considered "unknown"
+     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to
+                 output the message (which, for random codes, just looks ugly)
+
+     So, what we do here is to change 0 to 1 to get the default success status,
+     and everything else is shifted up to fit into the status number field, and
+     the status is tagged as an error, which is what is wanted here.
+
+     Finally, we add the VMS C facility code 0x35a000, because there are some
+     programs, such as Perl, that will reinterpret the code back to something
+     POSIXly.  'man perlvms' explains it further.
+
+     NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
+     codes (status type = 1).  I couldn't disagree more.  Fortunately, the
+     status type doesn't seem to bother Perl.
+     -- Richard Levitte
+  */
+#   define EXIT(n)  exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
+
+#   define NO_SYS_PARAM_H
+#   define NO_SYS_UN_H
+
+#   define DEFAULT_HOME "SYS$LOGIN:"
+
+#  else
+     /* !defined VMS */
+#   ifdef OPENSSL_UNISTD
+#    include OPENSSL_UNISTD
+#   else
+#    include <unistd.h>
+#   endif
+#   include <sys/types.h>
+#   ifdef OPENSSL_SYS_WIN32_CYGWIN
+#    include <io.h>
+#    include <fcntl.h>
+#   endif
+
+#   define LIST_SEPARATOR_CHAR ':'
+#   define EXIT(n)             exit(n)
+#  endif
+
+# endif
+
+/*************/
+
+# ifdef USE_SOCKETS
+#  ifdef OPENSSL_NO_SOCK
+#  elif defined(WINDOWS) || defined(MSDOS)
+      /* windows world */
+#   if !defined(__DJGPP__)
+#    if defined(_WIN32_WCE) && _WIN32_WCE<410
+#     define getservbyname _masked_declaration_getservbyname
+#    endif
+#    if !defined(IPPROTO_IP)
+         /* winsock[2].h was included already? */
+#     include <winsock.h>
+#    endif
+#    ifdef getservbyname
+#     undef getservbyname
+         /* this is used to be wcecompat/include/winsock_extras.h */
+struct servent *PASCAL getservbyname(const char *, const char *);
+#    endif
+
+#    ifdef _WIN64
+/*
+ * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
+ * the value constitutes an index in per-process table of limited size
+ * and not a real pointer. And we also depend on fact that all processors
+ * Windows run on happen to be two's-complement, which allows to
+ * interchange INVALID_SOCKET and -1.
+ */
+#     define socket(d,t,p)   ((int)socket(d,t,p))
+#     define accept(s,f,l)   ((int)accept(s,f,l))
+#    endif
+#   else
+#   endif
+
+#  else
+
+#   ifndef NO_SYS_PARAM_H
+#    include <sys/param.h>
+#   endif
+#   ifdef OPENSSL_SYS_VXWORKS
+#    include <time.h>
+#   endif
+
+#   include <netdb.h>
+#   if defined(OPENSSL_SYS_VMS_NODECC)
+#    include <socket.h>
+#    include <in.h>
+#    include <inet.h>
+#   else
+#    include <sys/socket.h>
+#    ifndef NO_SYS_UN_H
+#     ifdef OPENSSL_SYS_VXWORKS
+#      include <streams/un.h>
+#     else
+#      include <sys/un.h>
+#     endif
+#     ifndef UNIX_PATH_MAX
+#      define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
+#     endif
+#    endif
+#    ifdef FILIO_H
+#     include <sys/filio.h> /* FIONBIO in some SVR4, e.g. unixware, solaris */
+#    endif
+#    include <netinet/in.h>
+#    include <arpa/inet.h>
+#    include <netinet/tcp.h>
+#   endif
+
+#   ifdef OPENSSL_SYS_AIX
+#    include <sys/select.h>
+#   endif
+
+#   ifdef __QNX__
+#    include <sys/select.h>
+#   endif
+
+#   ifndef VMS
+#    include <sys/ioctl.h>
+#   else
+        /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#    if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#     include <sys/ioctl.h>
+#    endif
+#   endif
+
+#   ifdef VMS
+#    include <unixio.h>
+#    if defined(TCPIP_TYPE_SOCKETSHR)
+#     include <socketshr.h>
+#    endif
+#   endif
+
+#   ifndef INVALID_SOCKET
+#    define INVALID_SOCKET      (-1)
+#   endif                       /* INVALID_SOCKET */
+#  endif
+
+/*
+ * Some IPv6 implementations are broken, disable them in known bad versions.
+ */
+#  if !defined(OPENSSL_USE_IPV6)
+#   if defined(AF_INET6) && !defined(NETWARE_CLIB)
+#    define OPENSSL_USE_IPV6 1
+#   else
+#    define OPENSSL_USE_IPV6 0
+#   endif
+#  endif
+
+# endif
+
+# ifndef OPENSSL_EXIT
+#  if defined(MONOLITH) && !defined(OPENSSL_C)
+#   define OPENSSL_EXIT(n) return(n)
+#  else
+#   define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+#  endif
+# endif
+
+/***********************************************/
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  define strcasecmp _stricmp
+#  define strncasecmp _strnicmp
+#  if (_MSC_VER >= 1310)
+#   define open _open
+#   define fdopen _fdopen
+#   define close _close
+#   ifndef strdup
+#    define strdup _strdup
+#   endif
+#   define unlink _unlink
+#  endif
+# else
+#  include <strings.h>
+# endif
+
+/* vxworks */
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <ioLib.h>
+#  include <tickLib.h>
+#  include <sysLib.h>
+
+#  define TTY_STRUCT int
+
+#  define sleep(a) taskDelay((a) * sysClkRateGet())
+
+#  include <vxWorks.h>
+#  include <sockLib.h>
+#  include <taskLib.h>
+
+#  define getpid taskIdSelf
+
+/*
+ * NOTE: these are implemented by helpers in database app! if the database is
+ * not linked, we need to implement them elswhere
+ */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
+# endif
+/* end vxworks */
+
+#define OSSL_NELEM(x)    (sizeof(x)/sizeof((x)[0]))
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/engines/afalg/build.info b/openssl-1.1.0h/engines/afalg/build.info
new file mode 100644
index 0000000..8601b1a
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/build.info
@@ -0,0 +1,13 @@
+IF[{- !$disabled{"engine"} -}]
+  IF[{- !$disabled{afalg} -}]
+    IF[{- $disabled{"dynamic-engine"} -}]
+      LIBS=../../libcrypto
+      SOURCE[../../libcrypto]=e_afalg.c e_afalg_err.c
+    ELSE
+      ENGINES=afalg
+      SOURCE[afalg]=e_afalg.c e_afalg_err.c
+      DEPEND[afalg]=../../libcrypto
+      INCLUDE[afalg]= ../../include
+    ENDIF
+  ENDIF
+ENDIF
diff --git a/openssl-1.1.0h/engines/afalg/e_afalg.c b/openssl-1.1.0h/engines/afalg/e_afalg.c
new file mode 100644
index 0000000..6d6e877
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/e_afalg.c
@@ -0,0 +1,830 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Required for vmsplice */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/err.h>
+
+#include <sys/socket.h>
+#include <linux/version.h>
+#define K_MAJ   4
+#define K_MIN1  1
+#define K_MIN2  0
+#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
+    !defined(AF_ALG)
+# ifndef PEDANTIC
+#  warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
+#  warning "Skipping Compilation of AFALG engine"
+# endif
+void engine_load_afalg_int(void);
+void engine_load_afalg_int(void)
+{
+}
+#else
+
+# include <linux/if_alg.h>
+# include <fcntl.h>
+# include <sys/utsname.h>
+
+# include <linux/aio_abi.h>
+# include <sys/syscall.h>
+# include <errno.h>
+
+# include "e_afalg.h"
+
+# define AFALG_LIB_NAME "AFALG"
+# include "e_afalg_err.h"
+
+# ifndef SOL_ALG
+#  define SOL_ALG 279
+# endif
+
+# ifdef ALG_ZERO_COPY
+#  ifndef SPLICE_F_GIFT
+#   define SPLICE_F_GIFT    (0x08)
+#  endif
+# endif
+
+# define ALG_AES_IV_LEN 16
+# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+# define ALG_OP_TYPE     unsigned int
+# define ALG_OP_LEN      (sizeof(ALG_OP_TYPE))
+
+#define ALG_MAX_SALG_NAME       64
+#define ALG_MAX_SALG_TYPE       14
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_afalg_int(void);
+# endif
+
+/* Local Linkage Functions */
+static int afalg_init_aio(afalg_aio *aio);
+static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
+                                unsigned char *buf, size_t len);
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername);
+static int afalg_destroy(ENGINE *e);
+static int afalg_init(ENGINE *e);
+static int afalg_finish(ENGINE *e);
+static const EVP_CIPHER *afalg_aes_128_cbc(void);
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid);
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
+static int afalg_chk_platform(void);
+
+/* Engine Id and Name */
+static const char *engine_afalg_id = "afalg";
+static const char *engine_afalg_name = "AFALG engine support";
+
+static int afalg_cipher_nids[] = {
+    NID_aes_128_cbc
+};
+
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+
+static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
+{
+    return syscall(__NR_io_setup, n, ctx);
+}
+
+static ossl_inline int eventfd(int n)
+{
+    return syscall(__NR_eventfd2, n, 0);
+}
+
+static ossl_inline int io_destroy(aio_context_t ctx)
+{
+    return syscall(__NR_io_destroy, ctx);
+}
+
+static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+{
+    return syscall(__NR_io_submit, ctx, n, iocb);
+}
+
+static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
+                               struct io_event *events,
+                               struct timespec *timeout)
+{
+    return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+}
+
+static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                                 OSSL_ASYNC_FD waitfd, void *custom)
+{
+    close(waitfd);
+}
+
+static int afalg_setup_async_event_notification(afalg_aio *aio)
+{
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    void *custom = NULL;
+    int ret;
+
+    if ((job = ASYNC_get_current_job()) != NULL) {
+        /* Async mode */
+        waitctx = ASYNC_get_wait_ctx(job);
+        if (waitctx == NULL) {
+            ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__);
+            return 0;
+        }
+        /* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */
+        ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
+                                    &aio->efd, &custom);
+        if (ret == 0) {
+            /*
+             * waitfd is not set in ASYNC_WAIT_CTX, create a new one
+             * and set it. efd will be signaled when AIO operation completes
+             */
+            aio->efd = eventfd(0);
+            if (aio->efd == -1) {
+                ALG_PERR("%s: Failed to get eventfd : ", __func__);
+                AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                         AFALG_R_EVENTFD_FAILED);
+                return 0;
+            }
+            ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
+                                             aio->efd, custom,
+                                             afalg_waitfd_cleanup);
+            if (ret == 0) {
+                ALG_WARN("%s: Failed to set wait fd", __func__);
+                close(aio->efd);
+                return 0;
+            }
+            /* make fd non-blocking in async mode */
+            if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
+                ALG_WARN("%s: Failed to set event fd as NONBLOCKING",
+                         __func__);
+            }
+        }
+        aio->mode = MODE_ASYNC;
+    } else {
+        /* Sync mode */
+        aio->efd = eventfd(0);
+        if (aio->efd == -1) {
+            ALG_PERR("%s: Failed to get eventfd : ", __func__);
+            AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                     AFALG_R_EVENTFD_FAILED);
+            return 0;
+        }
+        aio->mode = MODE_SYNC;
+    }
+    return 1;
+}
+
+static int afalg_init_aio(afalg_aio *aio)
+{
+    int r = -1;
+
+    /* Initialise for AIO */
+    aio->aio_ctx = 0;
+    r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
+    if (r < 0) {
+        ALG_PERR("%s: io_setup error : ", __func__);
+        AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
+        return 0;
+    }
+
+    memset(aio->cbt, 0, sizeof(aio->cbt));
+    aio->efd = -1;
+    aio->mode = MODE_UNINIT;
+
+    return 1;
+}
+
+static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+                                size_t len)
+{
+    int r;
+    int retry = 0;
+    unsigned int done = 0;
+    struct iocb *cb;
+    struct timespec timeout;
+    struct io_event events[MAX_INFLIGHTS];
+    u_int64_t eval = 0;
+
+    timeout.tv_sec = 0;
+    timeout.tv_nsec = 0;
+
+    /* if efd has not been initialised yet do it here */
+    if (aio->mode == MODE_UNINIT) {
+        r = afalg_setup_async_event_notification(aio);
+        if (r == 0)
+            return 0;
+    }
+
+    cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
+    memset(cb, '\0', sizeof(*cb));
+    cb->aio_fildes = sfd;
+    cb->aio_lio_opcode = IOCB_CMD_PREAD;
+    /*
+     * The pointer has to be converted to unsigned value first to avoid
+     * sign extension on cast to 64 bit value in 32-bit builds
+     */
+    cb->aio_buf = (size_t)buf;
+    cb->aio_offset = 0;
+    cb->aio_data = 0;
+    cb->aio_nbytes = len;
+    cb->aio_flags = IOCB_FLAG_RESFD;
+    cb->aio_resfd = aio->efd;
+
+    /*
+     * Perform AIO read on AFALG socket, this in turn performs an async
+     * crypto operation in kernel space
+     */
+    r = io_read(aio->aio_ctx, 1, &cb);
+    if (r < 0) {
+        ALG_PWARN("%s: io_read failed : ", __func__);
+        return 0;
+    }
+
+    do {
+        /* While AIO read is being performed pause job */
+        ASYNC_pause_job();
+
+        /* Check for completion of AIO read */
+        r = read(aio->efd, &eval, sizeof(eval));
+        if (r < 0) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK)
+                continue;
+            ALG_PERR("%s: read failed for event fd : ", __func__);
+            return 0;
+        } else if (r == 0 || eval <= 0) {
+            ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r,
+                     eval);
+        }
+        if (eval > 0) {
+
+            /* Get results of AIO read */
+            r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
+                             events, &timeout);
+            if (r > 0) {
+                /*
+                 * events.res indicates the actual status of the operation.
+                 * Handle the error condition first.
+                 */
+                if (events[0].res < 0) {
+                    /*
+                     * Underlying operation cannot be completed at the time
+                     * of previous submission. Resubmit for the operation.
+                     */
+                    if (events[0].res == -EBUSY && retry++ < 3) {
+                        r = io_read(aio->aio_ctx, 1, &cb);
+                        if (r < 0) {
+                            ALG_PERR("%s: retry %d for io_read failed : ",
+                                     __func__, retry);
+                            return 0;
+                        }
+                        continue;
+                    } else {
+                        /*
+                         * Retries exceed for -EBUSY or unrecoverable error
+                         * condition for this instance of operation.
+                         */
+                        ALG_WARN
+                            ("%s: Crypto Operation failed with code %lld\n",
+                             __func__, events[0].res);
+                        return 0;
+                    }
+                }
+                /* Operation successful. */
+                done = 1;
+            } else if (r < 0) {
+                ALG_PERR("%s: io_getevents failed : ", __func__);
+                return 0;
+            } else {
+                ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__);
+            }
+        }
+    } while (!done);
+
+    return 1;
+}
+
+static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
+                                   const ALG_OP_TYPE op)
+{
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_OP;
+    cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
+    memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
+}
+
+static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+                            const unsigned int len)
+{
+    struct af_alg_iv *aiv;
+
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_IV;
+    cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
+    aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
+    aiv->ivlen = len;
+    memcpy(aiv->iv, iv, len);
+}
+
+static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+                                const int klen)
+{
+    int ret;
+    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
+    if (ret < 0) {
+        ALG_PERR("%s: Failed to set socket option : ", __func__);
+        AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername)
+{
+    struct sockaddr_alg sa;
+    int r = -1;
+
+    actx->bfd = actx->sfd = -1;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.salg_family = AF_ALG;
+    strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
+    sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
+    strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
+    sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
+
+    actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (actx->bfd == -1) {
+        ALG_PERR("%s: Failed to open socket : ", __func__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
+        goto err;
+    }
+
+    r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
+    if (r < 0) {
+        ALG_PERR("%s: Failed to bind socket : ", __func__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
+        goto err;
+    }
+
+    actx->sfd = accept(actx->bfd, NULL, 0);
+    if (actx->sfd < 0) {
+        ALG_PERR("%s: Socket Accept Failed : ", __func__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
+        goto err;
+    }
+
+    return 1;
+
+ err:
+    if (actx->bfd >= 0)
+        close(actx->bfd);
+    if (actx->sfd >= 0)
+        close(actx->sfd);
+    actx->bfd = actx->sfd = -1;
+    return 0;
+}
+
+static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
+                                 size_t inl, const unsigned char *iv,
+                                 unsigned int enc)
+{
+    struct msghdr msg = { 0 };
+    struct cmsghdr *cmsg;
+    struct iovec iov;
+    ssize_t sbytes;
+# ifdef ALG_ZERO_COPY
+    int ret;
+# endif
+    char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
+
+    memset(cbuf, 0, sizeof(cbuf));
+    msg.msg_control = cbuf;
+    msg.msg_controllen = sizeof(cbuf);
+
+    /*
+     * cipher direction (i.e. encrypt or decrypt) and iv are sent to the
+     * kernel as part of sendmsg()'s ancillary data
+     */
+    cmsg = CMSG_FIRSTHDR(&msg);
+    afalg_set_op_sk(cmsg, enc);
+    cmsg = CMSG_NXTHDR(&msg, cmsg);
+    afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
+
+    /* iov that describes input data */
+    iov.iov_base = (unsigned char *)in;
+    iov.iov_len = inl;
+
+    msg.msg_flags = MSG_MORE;
+
+# ifdef ALG_ZERO_COPY
+    /*
+     * ZERO_COPY mode
+     * Works best when buffer is 4k aligned
+     * OPENS: out of place processing (i.e. out != in)
+     */
+
+    /* Input data is not sent as part of call to sendmsg() */
+    msg.msg_iovlen = 0;
+    msg.msg_iov = NULL;
+
+    /* Sendmsg() sends iv and cipher direction to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ",
+                 __func__);
+        return 0;
+    }
+
+    /*
+     * vmsplice and splice are used to pin the user space input buffer for
+     * kernel space processing avoiding copys from user to kernel space
+     */
+    ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
+    if (ret < 0) {
+        ALG_PERR("%s: vmsplice failed : ", __func__);
+        return 0;
+    }
+
+    ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
+    if (ret < 0) {
+        ALG_PERR("%s: splice failed : ", __func__);
+        return 0;
+    }
+# else
+    msg.msg_iovlen = 1;
+    msg.msg_iov = &iov;
+
+    /* Sendmsg() sends iv, cipher direction and input data to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__);
+        return 0;
+    }
+
+    if (sbytes != (ssize_t) inl) {
+        ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
+                inl);
+        return 0;
+    }
+# endif
+
+    return 1;
+}
+
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ciphertype;
+    int ret;
+    afalg_ctx *actx;
+    char ciphername[ALG_MAX_SALG_NAME];
+
+    if (ctx == NULL || key == NULL) {
+        ALG_WARN("%s: Null Parameter\n", __func__);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        ALG_WARN("%s: Cipher object NULL\n", __func__);
+        return 0;
+    }
+
+    actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL) {
+        ALG_WARN("%s: Cipher data NULL\n", __func__);
+        return 0;
+    }
+
+    ciphertype = EVP_CIPHER_CTX_nid(ctx);
+    switch (ciphertype) {
+    case NID_aes_128_cbc:
+        strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
+        break;
+    default:
+        ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype);
+        return 0;
+    }
+    ciphername[ALG_MAX_SALG_NAME-1]='\0';
+
+    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
+        ALG_WARN("%s: Unsupported IV length :%d\n", __func__,
+                EVP_CIPHER_CTX_iv_length(ctx));
+        return 0;
+    }
+
+    /* Setup AFALG socket for crypto processing */
+    ret = afalg_create_sk(actx, "skcipher", ciphername);
+    if (ret < 1)
+        return 0;
+
+
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    if (ret < 1)
+        goto err;
+
+    /* Setup AIO ctx to allow async AFALG crypto processing */
+    if (afalg_init_aio(&actx->aio) == 0)
+        goto err;
+
+# ifdef ALG_ZERO_COPY
+    pipe(actx->zc_pipe);
+# endif
+
+    actx->init_done = MAGIC_INIT_NUM;
+
+    return 1;
+
+err:
+    close(actx->sfd);
+    close(actx->bfd);
+    return 0;
+}
+
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    afalg_ctx *actx;
+    int ret;
+    char nxtiv[ALG_AES_IV_LEN] = { 0 };
+
+    if (ctx == NULL || out == NULL || in == NULL) {
+        ALG_WARN("NULL parameter passed to function %s\n", __func__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    /*
+     * set iv now for decrypt operation as the input buffer can be
+     * overwritten for inplace operation where in = out.
+     */
+    if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
+        memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
+    }
+
+    /* Send input data to kernel space */
+    ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
+                                EVP_CIPHER_CTX_iv(ctx),
+                                EVP_CIPHER_CTX_encrypting(ctx));
+    if (ret < 1) {
+        return 0;
+    }
+
+    /* Perform async crypto operation in kernel space */
+    ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
+    if (ret < 1)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
+               ALG_AES_IV_LEN);
+    } else {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
+    }
+
+    return 1;
+}
+
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    afalg_ctx *actx;
+
+    if (ctx == NULL) {
+        ALG_WARN("NULL parameter passed to function %s\n", __func__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    close(actx->sfd);
+    close(actx->bfd);
+# ifdef ALG_ZERO_COPY
+    close(actx->zc_pipe[0]);
+    close(actx->zc_pipe[1]);
+# endif
+    /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
+    if (actx->aio.mode == MODE_SYNC)
+        close(actx->aio.efd);
+    io_destroy(actx->aio.aio_ctx);
+
+    return 1;
+}
+
+static const EVP_CIPHER *afalg_aes_128_cbc(void)
+{
+    if (_hidden_aes_128_cbc == NULL
+        && ((_hidden_aes_128_cbc =
+             EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                 AES_BLOCK_SIZE,
+                                 AES_KEY_SIZE_128)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_CBC_MODE |
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         afalg_cipher_init)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              afalg_do_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
+                                            afalg_cipher_cleanup)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                                  sizeof(afalg_ctx)))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+    return _hidden_aes_128_cbc;
+}
+
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid)
+{
+    int r = 1;
+
+    if (cipher == NULL) {
+        *nids = afalg_cipher_nids;
+        return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
+    }
+
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = afalg_aes_128_cbc();
+        break;
+    default:
+        *cipher = NULL;
+        r = 0;
+    }
+
+    return r;
+}
+
+static int bind_afalg(ENGINE *e)
+{
+    /* Ensure the afalg error handling is set up */
+    ERR_load_AFALG_strings();
+
+    if (!ENGINE_set_id(e, engine_afalg_id)
+        || !ENGINE_set_name(e, engine_afalg_name)
+        || !ENGINE_set_destroy_function(e, afalg_destroy)
+        || !ENGINE_set_init_function(e, afalg_init)
+        || !ENGINE_set_finish_function(e, afalg_finish)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
+     * now, as bind_aflag can only be called by one thread at a
+     * time.
+     */
+    if (afalg_aes_128_cbc() == NULL) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_afalg_id) != 0))
+        return 0;
+
+    if (!afalg_chk_platform())
+        return 0;
+
+    if (!bind_afalg(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static int afalg_chk_platform(void)
+{
+    int ret;
+    int i;
+    int kver[3] = { -1, -1, -1 };
+    int sock;
+    char *str;
+    struct utsname ut;
+
+    ret = uname(&ut);
+    if (ret != 0) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
+        return 0;
+    }
+
+    str = strtok(ut.release, ".");
+    for (i = 0; i < 3 && str != NULL; i++) {
+        kver[i] = atoi(str);
+        str = strtok(NULL, ".");
+    }
+
+    if (KERNEL_VERSION(kver[0], kver[1], kver[2])
+        < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
+        ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
+                 kver[0], kver[1], kver[2]);
+        ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
+                 K_MAJ, K_MIN1, K_MIN2);
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
+        return 0;
+    }
+
+    /* Test if we can actually create an AF_ALG socket */
+    sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (sock == -1) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
+        return 0;
+    }
+    close(sock);
+
+    return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_afalg(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_afalg(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_afalg_int(void)
+{
+    ENGINE *toadd;
+
+    if (!afalg_chk_platform())
+        return;
+
+    toadd = engine_afalg();
+    if (toadd == NULL)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int afalg_init(ENGINE *e)
+{
+    return 1;
+}
+
+static int afalg_finish(ENGINE *e)
+{
+    return 1;
+}
+
+static int afalg_destroy(ENGINE *e)
+{
+    ERR_unload_AFALG_strings();
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    _hidden_aes_128_cbc = NULL;
+    return 1;
+}
+
+#endif                          /* KERNEL VERSION */
diff --git a/openssl-1.1.0h/engines/afalg/e_afalg.ec b/openssl-1.1.0h/engines/afalg/e_afalg.ec
new file mode 100644
index 0000000..2d14d65
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/e_afalg.ec
@@ -0,0 +1 @@
+L       AFALG    e_afalg_err.h e_afalg_err.c
diff --git a/openssl-1.1.0h/engines/afalg/e_afalg.h b/openssl-1.1.0h/engines/afalg/e_afalg.h
new file mode 100644
index 0000000..948d67e
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/e_afalg.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AFALG_H
+# define HEADER_AFALG_H
+
+# if defined(__GNUC__) && __GNUC__ >= 4 && \
+     (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
+#  pragma GCC diagnostic ignored "-Wvariadic-macros"
+# endif
+
+# ifdef ALG_DEBUG
+#  define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
+#  define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
+#  define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
+# else
+#  define ALG_DGB(x, ...)
+#  define ALG_INFO(x, ...)
+#  define ALG_WARN(x, ...)
+# endif
+
+# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
+# define ALG_PERR(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+# define ALG_PWARN(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+
+# ifndef AES_BLOCK_SIZE
+#  define AES_BLOCK_SIZE   16
+# endif
+# define AES_KEY_SIZE_128 16
+# define AES_IV_LEN       16
+
+# define MAX_INFLIGHTS 1
+
+typedef enum {
+    MODE_UNINIT = 0,
+    MODE_SYNC,
+    MODE_ASYNC
+} op_mode;
+
+struct afalg_aio_st {
+    int efd;
+    op_mode mode;
+    aio_context_t aio_ctx;
+    struct io_event events[MAX_INFLIGHTS];
+    struct iocb cbt[MAX_INFLIGHTS];
+};
+typedef struct afalg_aio_st afalg_aio;
+
+/*
+ * MAGIC Number to identify correct initialisation
+ * of afalg_ctx.
+ */
+# define MAGIC_INIT_NUM 0x1890671
+
+struct afalg_ctx_st {
+    int init_done;
+    int sfd;
+    int bfd;
+# ifdef ALG_ZERO_COPY
+    int zc_pipe[2];
+# endif
+    afalg_aio aio;
+};
+
+typedef struct afalg_ctx_st afalg_ctx;
+#endif
diff --git a/openssl-1.1.0h/engines/afalg/e_afalg_err.c b/openssl-1.1.0h/engines/afalg/e_afalg_err.c
new file mode 100644
index 0000000..ca394ed
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/e_afalg_err.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_afalg_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA AFALG_str_functs[] = {
+    {ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"},
+    {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"},
+    {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"},
+    {ERR_FUNC(AFALG_F_AFALG_CREATE_SK), "afalg_create_sk"},
+    {ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"},
+    {ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION),
+     "afalg_setup_async_event_notification"},
+    {ERR_FUNC(AFALG_F_AFALG_SET_KEY), "afalg_set_key"},
+    {ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"},
+    {ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"},
+    {ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA AFALG_str_reasons[] = {
+    {ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"},
+    {ERR_REASON(AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
+     "failed to get platform info"},
+    {ERR_REASON(AFALG_R_INIT_FAILED), "init failed"},
+    {ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"},
+    {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
+     "kernel does not support afalg"},
+    {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
+     "kernel does not support async afalg"},
+    {ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
+    {ERR_REASON(AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
+    {ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
+    {ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
+    {ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"},
+    {ERR_REASON(AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef AFALG_LIB_NAME
+static ERR_STRING_DATA AFALG_lib_name[] = {
+    {0, AFALG_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int AFALG_lib_error_code = 0;
+static int AFALG_error_init = 1;
+
+void ERR_load_AFALG_strings(void)
+{
+    if (AFALG_lib_error_code == 0)
+        AFALG_lib_error_code = ERR_get_next_error_library();
+
+    if (AFALG_error_init) {
+        AFALG_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(AFALG_lib_error_code, AFALG_str_functs);
+        ERR_load_strings(AFALG_lib_error_code, AFALG_str_reasons);
+#endif
+
+#ifdef AFALG_LIB_NAME
+        AFALG_lib_name->error = ERR_PACK(AFALG_lib_error_code, 0, 0);
+        ERR_load_strings(0, AFALG_lib_name);
+#endif
+    }
+}
+
+void ERR_unload_AFALG_strings(void)
+{
+    if (AFALG_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(AFALG_lib_error_code, AFALG_str_functs);
+        ERR_unload_strings(AFALG_lib_error_code, AFALG_str_reasons);
+#endif
+
+#ifdef AFALG_LIB_NAME
+        ERR_unload_strings(0, AFALG_lib_name);
+#endif
+        AFALG_error_init = 1;
+    }
+}
+
+void ERR_AFALG_error(int function, int reason, char *file, int line)
+{
+    if (AFALG_lib_error_code == 0)
+        AFALG_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(AFALG_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl-1.1.0h/engines/afalg/e_afalg_err.h b/openssl-1.1.0h/engines/afalg/e_afalg_err.h
new file mode 100644
index 0000000..21abc97
--- /dev/null
+++ b/openssl-1.1.0h/engines/afalg/e_afalg_err.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#ifndef HEADER_AFALG_ERR_H
+# define HEADER_AFALG_ERR_H
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* BEGIN ERROR CODES */
+void ERR_load_AFALG_strings(void);
+void ERR_unload_AFALG_strings(void);
+void ERR_AFALG_error(int function, int reason, char *file, int line);
+# define AFALGerr(f,r) ERR_AFALG_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the AFALG functions. */
+
+/* Function codes. */
+# define AFALG_F_AFALG_CHK_PLATFORM                       100
+# define AFALG_F_AFALG_CREATE_BIND_SK                     106
+# define AFALG_F_AFALG_CREATE_BIND_SOCKET                 105
+# define AFALG_F_AFALG_CREATE_SK                          108
+# define AFALG_F_AFALG_INIT_AIO                           101
+# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION     107
+# define AFALG_F_AFALG_SET_KEY                            109
+# define AFALG_F_AFALG_SOCKET                             102
+# define AFALG_F_AFALG_START_CIPHER_SK                    103
+# define AFALG_F_BIND_AFALG                               104
+
+/* Reason codes. */
+# define AFALG_R_EVENTFD_FAILED                           108
+# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO              111
+# define AFALG_R_INIT_FAILED                              100
+# define AFALG_R_IO_SETUP_FAILED                          105
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG            101
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG      107
+# define AFALG_R_MEM_ALLOC_FAILED                         102
+# define AFALG_R_SOCKET_ACCEPT_FAILED                     110
+# define AFALG_R_SOCKET_BIND_FAILED                       103
+# define AFALG_R_SOCKET_CREATE_FAILED                     109
+# define AFALG_R_SOCKET_OPERATION_FAILED                  104
+# define AFALG_R_SOCKET_SET_KEY_FAILED                    106
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/engines/asm/e_padlock-x86.pl b/openssl-1.1.0h/engines/asm/e_padlock-x86.pl
new file mode 100644
index 0000000..bf6b312
--- /dev/null
+++ b/openssl-1.1.0h/engines/asm/e_padlock-x86.pl
@@ -0,0 +1,618 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. Compared to original engine
+# version relying on inline assembler and compiled with gcc 3.4.6 it
+# was measured to provide ~100% improvement on misaligned data in ECB
+# mode and ~75% in CBC mode. For aligned data improvement can be
+# observed for short inputs only, e.g. 45% for 64-byte messages in
+# ECB mode, 20% in CBC. Difference in performance for aligned vs.
+# misaligned data depends on misalignment and is either ~1.8x or 2.9x.
+# These are approximately same factors as for hardware support, so
+# there is little reason to rely on the latter. On the contrary, it
+# might actually hurt performance in mixture of aligned and misaligned
+# buffers, because a) if you choose to flip 'align' flag in control
+# word on per-buffer basis, then you'd have to reload key context,
+# which incurs penalty; b) if you choose to set 'align' flag
+# permanently, it limits performance even for aligned data to ~1/2.
+# All above mentioned results were collected on 1.5GHz C7. Nano on the
+# other hand handles unaligned data more gracefully. Depending on
+# algorithm and how unaligned data is, hardware can be up to 70% more
+# efficient than below software alignment procedures, nor does 'align'
+# flag have affect on aligned performance [if has any meaning at all].
+# Therefore suggestion is to unconditionally set 'align' flag on Nano
+# for optimal performance.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../crypto/perlasm");
+require "x86asm.pl";
+
+$output=pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],$0);
+
+%PADLOCK_PREFETCH=(ecb=>128, cbc=>64);	# prefetch errata
+$PADLOCK_CHUNK=512;	# Must be a power of 2 larger than 16
+
+$ctx="edx";
+$out="edi";
+$inp="esi";
+$len="ecx";
+$chunk="ebx";
+
+&function_begin_B("padlock_capability");
+	&push	("ebx");
+	&pushf	();
+	&pop	("eax");
+	&mov	("ecx","eax");
+	&xor	("eax",1<<21);
+	&push	("eax");
+	&popf	();
+	&pushf	();
+	&pop	("eax");
+	&xor	("ecx","eax");
+	&xor	("eax","eax");
+	&bt	("ecx",21);
+	&jnc	(&label("noluck"));
+	&cpuid	();
+	&xor	("eax","eax");
+	&cmp	("ebx","0x".unpack("H*",'tneC'));
+	&jne	(&label("noluck"));
+	&cmp	("edx","0x".unpack("H*",'Hrua'));
+	&jne	(&label("noluck"));
+	&cmp	("ecx","0x".unpack("H*",'slua'));
+	&jne	(&label("noluck"));
+	&mov	("eax",0xC0000000);
+	&cpuid	();
+	&mov	("edx","eax");
+	&xor	("eax","eax");
+	&cmp	("edx",0xC0000001);
+	&jb	(&label("noluck"));
+	&mov	("eax",1);
+	&cpuid	();
+	&or	("eax",0x0f);
+	&xor	("ebx","ebx");
+	&and	("eax",0x0fff);
+	&cmp	("eax",0x06ff);		# check for Nano
+	&sete	("bl");
+	&mov	("eax",0xC0000001);
+	&push	("ebx");
+	&cpuid	();
+	&pop	("ebx");
+	&mov	("eax","edx");
+	&shl	("ebx",4);		# bit#4 denotes Nano
+	&and	("eax",0xffffffef);
+	&or	("eax","ebx")
+&set_label("noluck");
+	&pop	("ebx");
+	&ret	();
+&function_end_B("padlock_capability")
+
+&function_begin_B("padlock_key_bswap");
+	&mov	("edx",&wparam(0));
+	&mov	("ecx",&DWP(240,"edx"));
+&set_label("bswap_loop");
+	&mov	("eax",&DWP(0,"edx"));
+	&bswap	("eax");
+	&mov	(&DWP(0,"edx"),"eax");
+	&lea	("edx",&DWP(4,"edx"));
+	&sub	("ecx",1);
+	&jnz	(&label("bswap_loop"));
+	&ret	();
+&function_end_B("padlock_key_bswap");
+
+# This is heuristic key context tracing. At first one
+# believes that one should use atomic swap instructions,
+# but it's not actually necessary. Point is that if
+# padlock_saved_context was changed by another thread
+# after we've read it and before we compare it with ctx,
+# our key *shall* be reloaded upon thread context switch
+# and we are therefore set in either case...
+&static_label("padlock_saved_context");
+
+&function_begin_B("padlock_verify_context");
+	&mov	($ctx,&wparam(0));
+	&lea	("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
+		       &DWP(&label("padlock_saved_context")."-".&label("verify_pic_point")));
+	&pushf	();
+	&call	("_padlock_verify_ctx");
+&set_label("verify_pic_point");
+	&lea	("esp",&DWP(4,"esp"));
+	&ret	();
+&function_end_B("padlock_verify_context");
+
+&function_begin_B("_padlock_verify_ctx");
+	&add	("eax",&DWP(0,"esp")) if(!($::win32 or $::coff));# &padlock_saved_context
+	&bt	(&DWP(4,"esp"),30);		# eflags
+	&jnc	(&label("verified"));
+	&cmp	($ctx,&DWP(0,"eax"));
+	&je	(&label("verified"));
+	&pushf	();
+	&popf	();
+&set_label("verified");
+	&mov	(&DWP(0,"eax"),$ctx);
+	&ret	();
+&function_end_B("_padlock_verify_ctx");
+
+&function_begin_B("padlock_reload_key");
+	&pushf	();
+	&popf	();
+	&ret	();
+&function_end_B("padlock_reload_key");
+
+&function_begin_B("padlock_aes_block");
+	&push	("edi");
+	&push	("esi");
+	&push	("ebx");
+	&mov	($out,&wparam(0));		# must be 16-byte aligned
+	&mov	($inp,&wparam(1));		# must be 16-byte aligned
+	&mov	($ctx,&wparam(2));
+	&mov	($len,1);
+	&lea	("ebx",&DWP(32,$ctx));		# key
+	&lea	($ctx,&DWP(16,$ctx));		# control word
+	&data_byte(0xf3,0x0f,0xa7,0xc8);	# rep xcryptecb
+	&pop	("ebx");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_aes_block");
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+#		struct padlock_cipher_data *ctx, size_t len);
+&function_begin("padlock_${mode}_encrypt");
+	&mov	($out,&wparam(0));
+	&mov	($inp,&wparam(1));
+	&mov	($ctx,&wparam(2));
+	&mov	($len,&wparam(3));
+	&test	($ctx,15);
+	&jnz	(&label("${mode}_abort"));
+	&test	($len,15);
+	&jnz	(&label("${mode}_abort"));
+	&lea	("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
+		       &DWP(&label("padlock_saved_context")."-".&label("${mode}_pic_point")));
+	&pushf	();
+	&cld	();
+	&call	("_padlock_verify_ctx");
+&set_label("${mode}_pic_point");
+	&lea	($ctx,&DWP(16,$ctx));	# control word
+	&xor	("eax","eax");
+					if ($mode eq "ctr32") {
+	&movq	("mm0",&QWP(-16,$ctx));	# load [upper part of] counter
+					} else {
+	&xor	("ebx","ebx");
+	&test	(&DWP(0,$ctx),1<<5);	# align bit in control word
+	&jnz	(&label("${mode}_aligned"));
+	&test	($out,0x0f);
+	&setz	("al");			# !out_misaligned
+	&test	($inp,0x0f);
+	&setz	("bl");			# !inp_misaligned
+	&test	("eax","ebx");
+	&jnz	(&label("${mode}_aligned"));
+	&neg	("eax");
+					}
+	&mov	($chunk,$PADLOCK_CHUNK);
+	&not	("eax");		# out_misaligned?-1:0
+	&lea	("ebp",&DWP(-24,"esp"));
+	&cmp	($len,$chunk);
+	&cmovc	($chunk,$len);		# chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+	&and	("eax",$chunk);		# out_misaligned?chunk:0
+	&mov	($chunk,$len);
+	&neg	("eax");
+	&and	($chunk,$PADLOCK_CHUNK-1);	# chunk=len%PADLOCK_CHUNK
+	&lea	("esp",&DWP(0,"eax","ebp"));	# alloca
+	&mov	("eax",$PADLOCK_CHUNK);
+	&cmovz	($chunk,"eax");			# chunk=chunk?:PADLOCK_CHUNK
+	&mov	("eax","ebp");
+	&and	("ebp",-16);
+	&and	("esp",-16);
+	&mov	(&DWP(16,"ebp"),"eax");
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&cmp	($len,$chunk);
+	&ja	(&label("${mode}_loop"));
+	&mov	("eax",$inp);		# check if prefetch crosses page
+	&cmp	("ebp","esp");
+	&cmove	("eax",$out);
+	&add	("eax",$len);
+	&neg	("eax");
+	&and	("eax",0xfff);		# distance to page boundary
+	&cmp	("eax",$PADLOCK_PREFETCH{$mode});
+	&mov	("eax",-$PADLOCK_PREFETCH{$mode});
+	&cmovae	("eax",$chunk);		# mask=distance<prefetch?-prefetch:-1
+	&and	($chunk,"eax");
+	&jz	(&label("${mode}_unaligned_tail"));
+    }
+	&jmp	(&label("${mode}_loop"));
+
+&set_label("${mode}_loop",16);
+	&mov	(&DWP(0,"ebp"),$out);		# save parameters
+	&mov	(&DWP(4,"ebp"),$inp);
+	&mov	(&DWP(8,"ebp"),$len);
+	&mov	($len,$chunk);
+	&mov	(&DWP(12,"ebp"),$chunk);	# chunk
+						if ($mode eq "ctr32") {
+	&mov	("ecx",&DWP(-4,$ctx));
+	&xor	($out,$out);
+	&mov	("eax",&DWP(-8,$ctx));		# borrow $len
+&set_label("${mode}_prepare");
+	&mov	(&DWP(12,"esp",$out),"ecx");
+	&bswap	("ecx");
+	&movq	(&QWP(0,"esp",$out),"mm0");
+	&inc	("ecx");
+	&mov	(&DWP(8,"esp",$out),"eax");
+	&bswap	("ecx");
+	&lea	($out,&DWP(16,$out));
+	&cmp	($out,$chunk);
+	&jb	(&label("${mode}_prepare"));
+
+	&mov	(&DWP(-4,$ctx),"ecx");
+	&lea	($inp,&DWP(0,"esp"));
+	&lea	($out,&DWP(0,"esp"));
+	&mov	($len,$chunk);
+						} else {
+	&test	($out,0x0f);			# out_misaligned
+	&cmovnz	($out,"esp");
+	&test	($inp,0x0f);			# inp_misaligned
+	&jz	(&label("${mode}_inp_aligned"));
+	&shr	($len,2);
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&sub	($out,$chunk);
+	&mov	($len,$chunk);
+	&mov	($inp,$out);
+&set_label("${mode}_inp_aligned");
+						}
+	&lea	("eax",&DWP(-16,$ctx));		# ivp
+	&lea	("ebx",&DWP(16,$ctx));		# key
+	&shr	($len,4);			# len/=AES_BLOCK_SIZE
+	&data_byte(0xf3,0x0f,0xa7,$opcode);	# rep xcrypt*
+						if ($mode !~ /ecb|ctr/) {
+	&movaps	("xmm0",&QWP(0,"eax"));
+	&movaps	(&QWP(-16,$ctx),"xmm0");	# copy [or refresh] iv
+						}
+	&mov	($out,&DWP(0,"ebp"));		# restore parameters
+	&mov	($chunk,&DWP(12,"ebp"));
+						if ($mode eq "ctr32") {
+	&mov	($inp,&DWP(4,"ebp"));
+	&xor	($len,$len);
+&set_label("${mode}_xor");
+	&movups	("xmm1",&QWP(0,$inp,$len));
+	&lea	($len,&DWP(16,$len));
+	&pxor	("xmm1",&QWP(-16,"esp",$len));
+	&movups	(&QWP(-16,$out,$len),"xmm1");
+	&cmp	($len,$chunk);
+	&jb	(&label("${mode}_xor"));
+						} else {
+	&test	($out,0x0f);
+	&jz	(&label("${mode}_out_aligned"));
+	&mov	($len,$chunk);
+	&lea	($inp,&DWP(0,"esp"));
+	&shr	($len,2);
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&sub	($out,$chunk);
+&set_label("${mode}_out_aligned");
+	&mov	($inp,&DWP(4,"ebp"));
+						}
+	&mov	($len,&DWP(8,"ebp"));
+	&add	($out,$chunk);
+	&add	($inp,$chunk);
+	&sub	($len,$chunk);
+	&mov	($chunk,$PADLOCK_CHUNK);
+    if (!$PADLOCK_PREFETCH{$mode}) {
+	&jnz	(&label("${mode}_loop"));
+    } else {
+	&jz	(&label("${mode}_break"));
+	&cmp	($len,$chunk);
+	&jae	(&label("${mode}_loop"));
+
+&set_label("${mode}_unaligned_tail");
+	&xor	("eax","eax");
+	&cmp	("esp","ebp");
+	&cmove	("eax",$len);
+	&sub	("esp","eax");			# alloca
+	&mov	("eax", $out);			# save parameters
+	&mov	($chunk,$len);
+	&shr	($len,2);
+	&lea	($out,&DWP(0,"esp"));
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&mov	($inp,"esp");
+	&mov	($out,"eax");			# restore parameters
+	&mov	($len,$chunk);
+	&jmp	(&label("${mode}_loop"));
+
+&set_label("${mode}_break",16);
+    }
+						if ($mode ne "ctr32") {
+	&cmp	("esp","ebp");
+	&je	(&label("${mode}_done"));
+						}
+	&pxor	("xmm0","xmm0");
+	&lea	("eax",&DWP(0,"esp"));
+&set_label("${mode}_bzero");
+	&movaps	(&QWP(0,"eax"),"xmm0");
+	&lea	("eax",&DWP(16,"eax"));
+	&cmp	("ebp","eax");
+	&ja	(&label("${mode}_bzero"));
+
+&set_label("${mode}_done");
+	&mov	("ebp",&DWP(16,"ebp"));
+	&lea	("esp",&DWP(24,"ebp"));
+						if ($mode ne "ctr32") {
+	&jmp	(&label("${mode}_exit"));
+
+&set_label("${mode}_aligned",16);
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&lea	("ebp",&DWP(0,$inp,$len));
+	&neg	("ebp");
+	&and	("ebp",0xfff);			# distance to page boundary
+	&xor	("eax","eax");
+	&cmp	("ebp",$PADLOCK_PREFETCH{$mode});
+	&mov	("ebp",$PADLOCK_PREFETCH{$mode}-1);
+	&cmovae	("ebp","eax");
+	&and	("ebp",$len);			# remainder
+	&sub	($len,"ebp");
+	&jz	(&label("${mode}_aligned_tail"));
+    }
+	&lea	("eax",&DWP(-16,$ctx));		# ivp
+	&lea	("ebx",&DWP(16,$ctx));		# key
+	&shr	($len,4);			# len/=AES_BLOCK_SIZE
+	&data_byte(0xf3,0x0f,0xa7,$opcode);	# rep xcrypt*
+						if ($mode ne "ecb") {
+	&movaps	("xmm0",&QWP(0,"eax"));
+	&movaps	(&QWP(-16,$ctx),"xmm0");	# copy [or refresh] iv
+						}
+    if ($PADLOCK_PREFETCH{$mode}) {
+	&test	("ebp","ebp");
+	&jz	(&label("${mode}_exit"));
+
+&set_label("${mode}_aligned_tail");
+	&mov	($len,"ebp");
+	&lea	("ebp",&DWP(-24,"esp"));
+	&mov	("esp","ebp");
+	&mov	("eax","ebp");
+	&sub	("esp",$len);
+	&and	("ebp",-16);
+	&and	("esp",-16);
+	&mov	(&DWP(16,"ebp"),"eax");
+	&mov	("eax", $out);			# save parameters
+	&mov	($chunk,$len);
+	&shr	($len,2);
+	&lea	($out,&DWP(0,"esp"));
+	&data_byte(0xf3,0xa5);			# rep movsl
+	&mov	($inp,"esp");
+	&mov	($out,"eax");			# restore parameters
+	&mov	($len,$chunk);
+	&jmp	(&label("${mode}_loop"));
+    }
+&set_label("${mode}_exit");			}
+	&mov	("eax",1);
+	&lea	("esp",&DWP(4,"esp"));		# popf
+	&emms	()				if ($mode eq "ctr32");
+&set_label("${mode}_abort");
+&function_end("padlock_${mode}_encrypt");
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+&generate_mode("cfb",0xe0);
+&generate_mode("ofb",0xe8);
+&generate_mode("ctr32",0xc8);	# yes, it implements own CTR with ECB opcode,
+				# because hardware CTR was introduced later
+				# and even has errata on certain C7 stepping.
+				# own implementation *always* works, though
+				# ~15% slower than dedicated hardware...
+
+&function_begin_B("padlock_xstore");
+	&push	("edi");
+	&mov	("edi",&wparam(0));
+	&mov	("edx",&wparam(1));
+	&data_byte(0x0f,0xa7,0xc0);		# xstore
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_xstore");
+
+&function_begin_B("_win32_segv_handler");
+	&mov	("eax",1);			# ExceptionContinueSearch
+	&mov	("edx",&wparam(0));		# *ExceptionRecord
+	&mov	("ecx",&wparam(2));		# *ContextRecord
+	&cmp	(&DWP(0,"edx"),0xC0000005)	# ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION
+	&jne	(&label("ret"));
+	&add	(&DWP(184,"ecx"),4);		# skip over rep sha*
+	&mov	("eax",0);			# ExceptionContinueExecution
+&set_label("ret");
+	&ret	();
+&function_end_B("_win32_segv_handler");
+&safeseh("_win32_segv_handler")			if ($::win32);
+
+&function_begin_B("padlock_sha1_oneshot");
+	&push	("edi");
+	&push	("esi");
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+    if ($::win32 or $::coff) {
+    	&push	(&::islabel("_win32_segv_handler"));
+	&data_byte(0x64,0xff,0x30);		# push	%fs:(%eax)
+	&data_byte(0x64,0x89,0x20);		# mov	%esp,%fs:(%eax)
+    }
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);			# 32 is enough but spec says 128
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&mov	("eax",&DWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&mov	(&DWP(16,"esp"),"eax");
+	&xor	("eax","eax");
+	&data_byte(0xf3,0x0f,0xa6,0xc8);	# rep xsha1
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&mov	("eax",&DWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+    if ($::win32 or $::coff) {
+	&data_byte(0x64,0x8f,0x05,0,0,0,0);	# pop	%fs:0
+	&lea	("esp",&DWP(4,"esp"));
+    }
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&mov	(&DWP(16,"edi"),"eax");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha1_oneshot");
+
+&function_begin_B("padlock_sha1_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("edx","esp");			# put aside %esp
+	&mov	("ecx",&wparam(2));
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&mov	("eax",&DWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&mov	(&DWP(16,"esp"),"eax");
+	&mov	("eax",-1);
+	&data_byte(0xf3,0x0f,0xa6,0xc8);	# rep xsha1
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&mov	("eax",&DWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&mov	(&DWP(16,"edi"),"eax");
+ 	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha1_blocks");
+
+&function_begin_B("padlock_sha256_oneshot");
+	&push	("edi");
+	&push	("esi");
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+    if ($::win32 or $::coff) {
+    	&push	(&::islabel("_win32_segv_handler"));
+	&data_byte(0x64,0xff,0x30);		# push	%fs:(%eax)
+	&data_byte(0x64,0x89,0x20);		# mov	%esp,%fs:(%eax)
+    }
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&xor	("eax","eax");
+	&data_byte(0xf3,0x0f,0xa6,0xd0);	# rep xsha256
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+    if ($::win32 or $::coff) {
+	&data_byte(0x64,0x8f,0x05,0,0,0,0);	# pop	%fs:0
+	&lea	("esp",&DWP(4,"esp"));
+    }
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha256_oneshot");
+
+&function_begin_B("padlock_sha256_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&mov	("eax",-1);
+	&data_byte(0xf3,0x0f,0xa6,0xd0);	# rep xsha256
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha256_blocks");
+
+&function_begin_B("padlock_sha512_blocks");
+	&push	("edi");
+	&push	("esi");
+	&mov	("edi",&wparam(0));
+	&mov	("esi",&wparam(1));
+	&mov	("ecx",&wparam(2));
+	&mov	("edx","esp");			# put aside %esp
+	&add	("esp",-128);
+	&movups	("xmm0",&QWP(0,"edi"));		# copy-in context
+	&and	("esp",-16);
+	&movups	("xmm1",&QWP(16,"edi"));
+	&movups	("xmm2",&QWP(32,"edi"));
+	&movups	("xmm3",&QWP(48,"edi"));
+	&movaps	(&QWP(0,"esp"),"xmm0");
+	&mov	("edi","esp");
+	&movaps	(&QWP(16,"esp"),"xmm1");
+	&movaps	(&QWP(32,"esp"),"xmm2");
+	&movaps	(&QWP(48,"esp"),"xmm3");
+	&data_byte(0xf3,0x0f,0xa6,0xe0);	# rep xsha512
+	&movaps	("xmm0",&QWP(0,"esp"));
+	&movaps	("xmm1",&QWP(16,"esp"));
+	&movaps	("xmm2",&QWP(32,"esp"));
+	&movaps	("xmm3",&QWP(48,"esp"));
+	&mov	("esp","edx");			# restore %esp
+	&mov	("edi",&wparam(0));
+	&movups	(&QWP(0,"edi"),"xmm0");		# copy-out context
+	&movups	(&QWP(16,"edi"),"xmm1");
+	&movups	(&QWP(32,"edi"),"xmm2");
+	&movups	(&QWP(48,"edi"),"xmm3");
+	&pop	("esi");
+	&pop	("edi");
+	&ret	();
+&function_end_B("padlock_sha512_blocks");
+
+&asciz	("VIA Padlock x86 module, CRYPTOGAMS by <appro\@openssl.org>");
+&align	(16);
+
+&dataseg();
+# Essentially this variable belongs in thread local storage.
+# Having this variable global on the other hand can only cause
+# few bogus key reloads [if any at all on signle-CPU system],
+# so we accept the penalty...
+&set_label("padlock_saved_context",4);
+&data_word(0);
+
+&asm_finish();
+
+close STDOUT;
diff --git a/openssl-1.1.0h/engines/asm/e_padlock-x86_64.pl b/openssl-1.1.0h/engines/asm/e_padlock-x86_64.pl
new file mode 100644
index 0000000..da285ab
--- /dev/null
+++ b/openssl-1.1.0h/engines/asm/e_padlock-x86_64.pl
@@ -0,0 +1,574 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# ====================================================================
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# September 2011
+#
+# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
+# details.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
+*STDOUT=*OUT;
+
+$code=".text\n";
+
+%PADLOCK_PREFETCH=(ecb=>128, cbc=>64, ctr32=>32);	# prefetch errata
+$PADLOCK_CHUNK=512;	# Must be a power of 2 between 32 and 2^20
+
+$ctx="%rdx";
+$out="%rdi";
+$inp="%rsi";
+$len="%rcx";
+$chunk="%rbx";
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+                                 ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+$code.=<<___;
+.globl	padlock_capability
+.type	padlock_capability,\@abi-omnipotent
+.align	16
+padlock_capability:
+	mov	%rbx,%r8
+	xor	%eax,%eax
+	cpuid
+	xor	%eax,%eax
+	cmp	\$`"0x".unpack("H*",'tneC')`,%ebx
+	jne	.Lnoluck
+	cmp	\$`"0x".unpack("H*",'Hrua')`,%edx
+	jne	.Lnoluck
+	cmp	\$`"0x".unpack("H*",'slua')`,%ecx
+	jne	.Lnoluck
+	mov	\$0xC0000000,%eax
+	cpuid
+	mov	%eax,%edx
+	xor	%eax,%eax
+	cmp	\$0xC0000001,%edx
+	jb	.Lnoluck
+	mov	\$0xC0000001,%eax
+	cpuid
+	mov	%edx,%eax
+	and	\$0xffffffef,%eax
+	or	\$0x10,%eax		# set Nano bit#4
+.Lnoluck:
+	mov	%r8,%rbx
+	ret
+.size	padlock_capability,.-padlock_capability
+
+.globl	padlock_key_bswap
+.type	padlock_key_bswap,\@abi-omnipotent,0
+.align	16
+padlock_key_bswap:
+	mov	240($arg1),%edx
+.Lbswap_loop:
+	mov	($arg1),%eax
+	bswap	%eax
+	mov	%eax,($arg1)
+	lea	4($arg1),$arg1
+	sub	\$1,%edx
+	jnz	.Lbswap_loop
+	ret
+.size	padlock_key_bswap,.-padlock_key_bswap
+
+.globl	padlock_verify_context
+.type	padlock_verify_context,\@abi-omnipotent
+.align	16
+padlock_verify_context:
+	mov	$arg1,$ctx
+	pushf
+	lea	.Lpadlock_saved_context(%rip),%rax
+	call	_padlock_verify_ctx
+	lea	8(%rsp),%rsp
+	ret
+.size	padlock_verify_context,.-padlock_verify_context
+
+.type	_padlock_verify_ctx,\@abi-omnipotent
+.align	16
+_padlock_verify_ctx:
+	mov	8(%rsp),%r8
+	bt	\$30,%r8
+	jnc	.Lverified
+	cmp	(%rax),$ctx
+	je	.Lverified
+	pushf
+	popf
+.Lverified:
+	mov	$ctx,(%rax)
+	ret
+.size	_padlock_verify_ctx,.-_padlock_verify_ctx
+
+.globl	padlock_reload_key
+.type	padlock_reload_key,\@abi-omnipotent
+.align	16
+padlock_reload_key:
+	pushf
+	popf
+	ret
+.size	padlock_reload_key,.-padlock_reload_key
+
+.globl	padlock_aes_block
+.type	padlock_aes_block,\@function,3
+.align	16
+padlock_aes_block:
+	mov	%rbx,%r8
+	mov	\$1,$len
+	lea	32($ctx),%rbx		# key
+	lea	16($ctx),$ctx		# control word
+	.byte	0xf3,0x0f,0xa7,0xc8	# rep xcryptecb
+	mov	%r8,%rbx
+	ret
+.size	padlock_aes_block,.-padlock_aes_block
+
+.globl	padlock_xstore
+.type	padlock_xstore,\@function,2
+.align	16
+padlock_xstore:
+	mov	%esi,%edx
+	.byte	0x0f,0xa7,0xc0		# xstore
+	ret
+.size	padlock_xstore,.-padlock_xstore
+
+.globl	padlock_sha1_oneshot
+.type	padlock_sha1_oneshot,\@function,3
+.align	16
+padlock_sha1_oneshot:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	mov	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	mov	%eax,16(%rsp)
+	xor	%rax,%rax
+	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
+	movaps	(%rsp),%xmm0
+	mov	16(%rsp),%eax
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	mov	%eax,16(%rdx)
+	ret
+.size	padlock_sha1_oneshot,.-padlock_sha1_oneshot
+
+.globl	padlock_sha1_blocks
+.type	padlock_sha1_blocks,\@function,3
+.align	16
+padlock_sha1_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	mov	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	mov	%eax,16(%rsp)
+	mov	\$-1,%rax
+	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
+	movaps	(%rsp),%xmm0
+	mov	16(%rsp),%eax
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	mov	%eax,16(%rdx)
+	ret
+.size	padlock_sha1_blocks,.-padlock_sha1_blocks
+
+.globl	padlock_sha256_oneshot
+.type	padlock_sha256_oneshot,\@function,3
+.align	16
+padlock_sha256_oneshot:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	xor	%rax,%rax
+	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	ret
+.size	padlock_sha256_oneshot,.-padlock_sha256_oneshot
+
+.globl	padlock_sha256_blocks
+.type	padlock_sha256_blocks,\@function,3
+.align	16
+padlock_sha256_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	mov	\$-1,%rax
+	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	ret
+.size	padlock_sha256_blocks,.-padlock_sha256_blocks
+
+.globl	padlock_sha512_blocks
+.type	padlock_sha512_blocks,\@function,3
+.align	16
+padlock_sha512_blocks:
+	mov	%rdx,%rcx
+	mov	%rdi,%rdx		# put aside %rdi
+	movups	(%rdi),%xmm0		# copy-in context
+	sub	\$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movups	32(%rdi),%xmm2
+	movups	48(%rdi),%xmm3
+	movaps	%xmm0,(%rsp)
+	mov	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movaps	%xmm2,32(%rsp)
+	movaps	%xmm3,48(%rsp)
+	.byte	0xf3,0x0f,0xa6,0xe0	# rep xha512
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	movaps	32(%rsp),%xmm2
+	movaps	48(%rsp),%xmm3
+	add	\$128+8,%rsp
+	movups	%xmm0,(%rdx)		# copy-out context
+	movups	%xmm1,16(%rdx)
+	movups	%xmm2,32(%rdx)
+	movups	%xmm3,48(%rdx)
+	ret
+.size	padlock_sha512_blocks,.-padlock_sha512_blocks
+___
+
+sub generate_mode {
+my ($mode,$opcode) = @_;
+# int padlock_$mode_encrypt(void *out, const void *inp,
+#		struct padlock_cipher_data *ctx, size_t len);
+$code.=<<___;
+.globl	padlock_${mode}_encrypt
+.type	padlock_${mode}_encrypt,\@function,4
+.align	16
+padlock_${mode}_encrypt:
+	push	%rbp
+	push	%rbx
+
+	xor	%eax,%eax
+	test	\$15,$ctx
+	jnz	.L${mode}_abort
+	test	\$15,$len
+	jnz	.L${mode}_abort
+	lea	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	lea	16($ctx),$ctx		# control word
+	xor	%eax,%eax
+	xor	%ebx,%ebx
+	testl	\$`1<<5`,($ctx)		# align bit in control word
+	jnz	.L${mode}_aligned
+	test	\$0x0f,$out
+	setz	%al			# !out_misaligned
+	test	\$0x0f,$inp
+	setz	%bl			# !inp_misaligned
+	test	%ebx,%eax
+	jnz	.L${mode}_aligned
+	neg	%rax
+	mov	\$$PADLOCK_CHUNK,$chunk
+	not	%rax			# out_misaligned?-1:0
+	lea	(%rsp),%rbp
+	cmp	$chunk,$len
+	cmovc	$len,$chunk		# chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
+	and	$chunk,%rax		# out_misaligned?chunk:0
+	mov	$len,$chunk
+	neg	%rax
+	and	\$$PADLOCK_CHUNK-1,$chunk	# chunk%=PADLOCK_CHUNK
+	lea	(%rax,%rbp),%rsp
+	mov	\$$PADLOCK_CHUNK,%rax
+	cmovz	%rax,$chunk			# chunk=chunk?:PADLOCK_CHUNK
+___
+$code.=<<___				if ($mode eq "ctr32");
+.L${mode}_reenter:
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	neg	%eax
+	and	\$`$PADLOCK_CHUNK/16-1`,%eax
+	mov	\$$PADLOCK_CHUNK,$chunk
+	shl	\$4,%eax
+	cmovz	$chunk,%rax
+	cmp	%rax,$len
+	cmova	%rax,$chunk		# don't let counter cross PADLOCK_CHUNK
+	cmovbe	$len,$chunk
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	cmp	$chunk,$len
+	ja	.L${mode}_loop
+	mov	$inp,%rax		# check if prefetch crosses page
+	cmp	%rsp,%rbp
+	cmove	$out,%rax
+	add	$len,%rax
+	neg	%rax
+	and	\$0xfff,%rax		# distance to page boundary
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
+	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
+	cmovae	$chunk,%rax		# mask=distance<prefetch?-prefetch:-1
+	and	%rax,$chunk
+	jz	.L${mode}_unaligned_tail
+___
+$code.=<<___;
+	jmp	.L${mode}_loop
+.align	16
+.L${mode}_loop:
+	cmp	$len,$chunk		# ctr32 artefact
+	cmova	$len,$chunk		# ctr32 artefact
+	mov	$out,%r8		# save parameters
+	mov	$inp,%r9
+	mov	$len,%r10
+	mov	$chunk,$len
+	mov	$chunk,%r11
+	test	\$0x0f,$out		# out_misaligned
+	cmovnz	%rsp,$out
+	test	\$0x0f,$inp		# inp_misaligned
+	jz	.L${mode}_inp_aligned
+	shr	\$3,$len
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	sub	$chunk,$out
+	mov	$chunk,$len
+	mov	$out,$inp
+.L${mode}_inp_aligned:
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+___
+$code.=<<___				if ($mode !~ /ecb|ctr/);
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	test	\$0xffff0000,%eax
+	jnz	.L${mode}_no_carry
+	bswap	%eax
+	add	\$0x10000,%eax
+	bswap	%eax
+	mov	%eax,-4($ctx)
+.L${mode}_no_carry:
+___
+$code.=<<___;
+	mov	%r8,$out		# restore parameters
+	mov	%r11,$chunk
+	test	\$0x0f,$out
+	jz	.L${mode}_out_aligned
+	mov	$chunk,$len
+	lea	(%rsp),$inp
+	shr	\$3,$len
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	sub	$chunk,$out
+.L${mode}_out_aligned:
+	mov	%r9,$inp
+	mov	%r10,$len
+	add	$chunk,$out
+	add	$chunk,$inp
+	sub	$chunk,$len
+	mov	\$$PADLOCK_CHUNK,$chunk
+___
+					if (!$PADLOCK_PREFETCH{$mode}) {
+$code.=<<___;
+	jnz	.L${mode}_loop
+___
+					} else {
+$code.=<<___;
+	jz	.L${mode}_break
+	cmp	$chunk,$len
+	jae	.L${mode}_loop
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	$len,$chunk
+	mov	$inp,%rax		# check if prefetch crosses page
+	cmp	%rsp,%rbp
+	cmove	$out,%rax
+	add	$len,%rax
+	neg	%rax
+	and	\$0xfff,%rax		# distance to page boundary
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
+	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
+	cmovae	$chunk,%rax
+	and	%rax,$chunk
+	jnz	.L${mode}_loop
+___
+$code.=<<___;
+.L${mode}_unaligned_tail:
+	xor	%eax,%eax
+	cmp	%rsp,%rbp
+	cmove	$len,%rax
+	mov	$out,%r8		# save parameters
+	mov	$len,$chunk
+	sub	%rax,%rsp		# alloca
+	shr	\$3,$len
+	lea	(%rsp),$out
+	.byte	0xf3,0x48,0xa5		# rep movsq
+	mov	%rsp,$inp
+	mov	%r8, $out		# restore parameters
+	mov	$chunk,$len
+	jmp	.L${mode}_loop
+.align	16
+.L${mode}_break:
+___
+					}
+$code.=<<___;
+	cmp	%rbp,%rsp
+	je	.L${mode}_done
+
+	pxor	%xmm0,%xmm0
+	lea	(%rsp),%rax
+.L${mode}_bzero:
+	movaps	%xmm0,(%rax)
+	lea	16(%rax),%rax
+	cmp	%rax,%rbp
+	ja	.L${mode}_bzero
+
+.L${mode}_done:
+	lea	(%rbp),%rsp
+	jmp	.L${mode}_exit
+
+.align	16
+.L${mode}_aligned:
+___
+$code.=<<___				if ($mode eq "ctr32");
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	neg	%eax
+	and	\$0xffff,%eax
+	mov	\$`16*0x10000`,$chunk
+	shl	\$4,%eax
+	cmovz	$chunk,%rax
+	cmp	%rax,$len
+	cmova	%rax,$chunk		# don't let counter cross 2^16
+	cmovbe	$len,$chunk
+	jbe	.L${mode}_aligned_skip
+
+.L${mode}_aligned_loop:
+	mov	$len,%r10		# save parameters
+	mov	$chunk,$len
+	mov	$chunk,%r11
+
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len		# len/=AES_BLOCK_SIZE
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+
+	mov	-4($ctx),%eax		# pull 32-bit counter
+	bswap	%eax
+	add	\$0x10000,%eax
+	bswap	%eax
+	mov	%eax,-4($ctx)
+
+	mov	%r10,$len		# restore parameters
+	sub	%r11,$len
+	mov	\$`16*0x10000`,$chunk
+	jz	.L${mode}_exit
+	cmp	$chunk,$len
+	jae	.L${mode}_aligned_loop
+
+.L${mode}_aligned_skip:
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	lea	($inp,$len),%rbp
+	neg	%rbp
+	and	\$0xfff,%rbp		# distance to page boundary
+	xor	%eax,%eax
+	cmp	\$$PADLOCK_PREFETCH{$mode},%rbp
+	mov	\$$PADLOCK_PREFETCH{$mode}-1,%rbp
+	cmovae	%rax,%rbp
+	and	$len,%rbp		# remainder
+	sub	%rbp,$len
+	jz	.L${mode}_aligned_tail
+___
+$code.=<<___;
+	lea	-16($ctx),%rax		# ivp
+	lea	16($ctx),%rbx		# key
+	shr	\$4,$len		# len/=AES_BLOCK_SIZE
+	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
+___
+$code.=<<___				if ($mode !~ /ecb|ctr/);
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
+___
+$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
+	test	%rbp,%rbp		# check remainder
+	jz	.L${mode}_exit
+
+.L${mode}_aligned_tail:
+	mov	$out,%r8
+	mov	%rbp,$chunk
+	mov	%rbp,$len
+	lea	(%rsp),%rbp
+	sub	$len,%rsp
+	shr	\$3,$len
+	lea	(%rsp),$out
+	.byte	0xf3,0x48,0xa5		# rep movsq	
+	lea	(%r8),$out
+	lea	(%rsp),$inp
+	mov	$chunk,$len
+	jmp	.L${mode}_loop
+___
+$code.=<<___;
+.L${mode}_exit:
+	mov	\$1,%eax
+	lea	8(%rsp),%rsp
+.L${mode}_abort:
+	pop	%rbx
+	pop	%rbp
+	ret
+.size	padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
+___
+}
+
+&generate_mode("ecb",0xc8);
+&generate_mode("cbc",0xd0);
+&generate_mode("cfb",0xe0);
+&generate_mode("ofb",0xe8);
+&generate_mode("ctr32",0xd8);	# all 64-bit CPUs have working CTR...
+
+$code.=<<___;
+.asciz	"VIA Padlock x86_64 module, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+.data
+.align	8
+.Lpadlock_saved_context:
+	.quad	0
+___
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/openssl-1.1.0h/engines/build.info b/openssl-1.1.0h/engines/build.info
new file mode 100644
index 0000000..1c47e77
--- /dev/null
+++ b/openssl-1.1.0h/engines/build.info
@@ -0,0 +1,32 @@
+IF[{- !$disabled{"engine"} -}]
+  IF[{- $disabled{"dynamic-engine"} -}]
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=\
+            e_padlock.c {- $target{padlock_asm_src} -}
+    IF[{- !$disabled{capieng} -}]
+      SOURCE[../libcrypto]=e_capi.c
+    ENDIF
+  ELSE
+    ENGINES=padlock
+    SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
+    DEPEND[padlock]=../libcrypto
+    INCLUDE[padlock]=../include
+    IF[{- !$disabled{capieng} -}]
+      ENGINES=capi
+      SOURCE[capi]=e_capi.c
+      DEPEND[capi]=../libcrypto
+      INCLUDE[capi]=../include
+    ENDIF
+
+    ENGINES_NO_INST=ossltest dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto
+    INCLUDE[ossltest]=../include
+  ENDIF
+
+  GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
+  GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
+ENDIF
diff --git a/openssl-1.1.0h/engines/e_capi.c b/openssl-1.1.0h/engines/e_capi.c
new file mode 100644
index 0000000..4660f1a
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_capi.c
@@ -0,0 +1,1888 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef _WIN32
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <wincrypt.h>
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+
+# include <openssl/crypto.h>
+
+# ifndef OPENSSL_NO_CAPIENG
+
+#  include <openssl/buffer.h>
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+
+/*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+ * one of possible values you can pass to function in question. By
+ * checking if it's defined we can see if wincrypt.h and accompanying
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
+ */
+#  if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
+#   define __COMPILE_CAPIENG
+#  endif                        /* CERT_KEY_PROV_INFO_PROP_ID */
+# endif                         /* OPENSSL_NO_CAPIENG */
+#endif                          /* _WIN32 */
+
+#ifdef __COMPILE_CAPIENG
+
+# undef X509_EXTENSIONS
+
+/* Definitions which may be missing from earlier version of headers */
+# ifndef CERT_STORE_OPEN_EXISTING_FLAG
+#  define CERT_STORE_OPEN_EXISTING_FLAG                   0x00004000
+# endif
+
+# ifndef CERT_STORE_CREATE_NEW_FLAG
+#  define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
+# endif
+
+# ifndef CERT_SYSTEM_STORE_CURRENT_USER
+#  define CERT_SYSTEM_STORE_CURRENT_USER                  0x00010000
+# endif
+
+# ifndef ALG_SID_SHA_256
+#  define ALG_SID_SHA_256   12
+# endif
+# ifndef ALG_SID_SHA_384
+#  define ALG_SID_SHA_384   13
+# endif
+# ifndef ALG_SID_SHA_512
+#  define ALG_SID_SHA_512   14
+# endif
+
+# ifndef CALG_SHA_256
+#  define CALG_SHA_256      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+# endif
+# ifndef CALG_SHA_384
+#  define CALG_SHA_384      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+# endif
+# ifndef CALG_SHA_512
+#  define CALG_SHA_512      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+# endif
+
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
+# endif
+
+# include <openssl/engine.h>
+# include <openssl/pem.h>
+# include <openssl/x509v3.h>
+
+# include "e_capi_err.h"
+# include "e_capi_err.c"
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m,
+                         unsigned int m_len, unsigned char *sigret,
+                         unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+# endif
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# endif
+
+void engine_load_capi_int(void);
+
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+                                        LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN)(void);
+
+/*
+ * This structure contains CAPI ENGINE specific data: it contains various
+ * global options and affects how other functions behave.
+ */
+
+# define CAPI_DBG_TRACE  2
+# define CAPI_DBG_ERROR  1
+
+struct CAPI_CTX_st {
+    int debug_level;
+    char *debug_file;
+    /* Parameters to use for container lookup */
+    DWORD keytype;
+    LPSTR cspname;
+    DWORD csptype;
+    /* Certificate store name to use */
+    LPSTR storename;
+    LPSTR ssl_client_store;
+    /* System store flags */
+    DWORD store_flags;
+/* Lookup string meanings in load_private_key */
+# define CAPI_LU_SUBSTR          1  /* Substring of subject: uses "storename" */
+# define CAPI_LU_FNAME           2  /* Friendly name: uses storename */
+# define CAPI_LU_CONTNAME        3  /* Container name: uses cspname, keytype */
+    int lookup_method;
+/* Info to dump with dumpcerts option */
+# define CAPI_DMP_SUMMARY        0x1    /* Issuer and serial name strings */
+# define CAPI_DMP_FNAME          0x2    /* Friendly name */
+# define CAPI_DMP_FULL           0x4    /* Full X509_print dump */
+# define CAPI_DMP_PEM            0x8    /* Dump PEM format certificate */
+# define CAPI_DMP_PSKEY          0x10   /* Dump pseudo key (if possible) */
+# define CAPI_DMP_PKEYINFO       0x20   /* Dump key info (if possible) */
+    DWORD dump_flags;
+    int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+    CERTDLG certselectdlg;
+    GETCONSWIN getconswindow;
+};
+
+static CAPI_CTX *capi_ctx_new(void);
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
+
+# define CAPI_CMD_LIST_CERTS             ENGINE_CMD_BASE
+# define CAPI_CMD_LOOKUP_CERT            (ENGINE_CMD_BASE + 1)
+# define CAPI_CMD_DEBUG_LEVEL            (ENGINE_CMD_BASE + 2)
+# define CAPI_CMD_DEBUG_FILE             (ENGINE_CMD_BASE + 3)
+# define CAPI_CMD_KEYTYPE                (ENGINE_CMD_BASE + 4)
+# define CAPI_CMD_LIST_CSPS              (ENGINE_CMD_BASE + 5)
+# define CAPI_CMD_SET_CSP_IDX            (ENGINE_CMD_BASE + 6)
+# define CAPI_CMD_SET_CSP_NAME           (ENGINE_CMD_BASE + 7)
+# define CAPI_CMD_SET_CSP_TYPE           (ENGINE_CMD_BASE + 8)
+# define CAPI_CMD_LIST_CONTAINERS        (ENGINE_CMD_BASE + 9)
+# define CAPI_CMD_LIST_OPTIONS           (ENGINE_CMD_BASE + 10)
+# define CAPI_CMD_LOOKUP_METHOD          (ENGINE_CMD_BASE + 11)
+# define CAPI_CMD_STORE_NAME             (ENGINE_CMD_BASE + 12)
+# define CAPI_CMD_STORE_FLAGS            (ENGINE_CMD_BASE + 13)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+    {CAPI_CMD_LIST_CERTS,
+     "list_certs",
+     "List all certificates in store",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LOOKUP_CERT,
+     "lookup_cert",
+     "Lookup and output certificates",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_DEBUG_LEVEL,
+     "debug_level",
+     "debug level (1=errors, 2=trace)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_DEBUG_FILE,
+     "debug_file",
+     "debugging filename)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_KEYTYPE,
+     "key_type",
+     "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CSPS,
+     "list_csps",
+     "List all CSPs",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_SET_CSP_IDX,
+     "csp_idx",
+     "Set CSP by index",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_SET_CSP_NAME,
+     "csp_name",
+     "Set CSP name, (default CSP used if not specified)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_SET_CSP_TYPE,
+     "csp_type",
+     "Set CSP type, (default RSA_PROV_FULL)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CONTAINERS,
+     "list_containers",
+     "list container names",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LIST_OPTIONS,
+     "list_options",
+     "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+     "32=private key info)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LOOKUP_METHOD,
+     "lookup_method",
+     "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_STORE_NAME,
+     "store_name",
+     "certificate store name, default \"MY\"",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_STORE_FLAGS,
+     "store_flags",
+     "Certificate store flags: 1 = system store",
+     ENGINE_CMD_FLAG_NUMERIC},
+
+    {0, NULL, NULL, 0}
+};
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ret = 1;
+    CAPI_CTX *ctx;
+    BIO *out;
+    LPSTR tmpstr;
+    if (capi_idx == -1) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+        return 0;
+    }
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+        return 0;
+    }
+    switch (cmd) {
+    case CAPI_CMD_LIST_CSPS:
+        ret = capi_list_providers(ctx, out);
+        break;
+
+    case CAPI_CMD_LIST_CERTS:
+        ret = capi_list_certs(ctx, out, NULL);
+        break;
+
+    case CAPI_CMD_LOOKUP_CERT:
+        ret = capi_list_certs(ctx, out, p);
+        break;
+
+    case CAPI_CMD_LIST_CONTAINERS:
+        ret = capi_list_containers(ctx, out);
+        break;
+
+    case CAPI_CMD_STORE_NAME:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            OPENSSL_free(ctx->storename);
+            ctx->storename = tmpstr;
+            CAPI_trace(ctx, "Setting store name to %s\n", p);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_STORE_FLAGS:
+        if (i & 1) {
+            ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
+        } else {
+            ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
+        }
+        CAPI_trace(ctx, "Setting flags to %d\n", i);
+        break;
+
+    case CAPI_CMD_DEBUG_LEVEL:
+        ctx->debug_level = (int)i;
+        CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+        break;
+
+    case CAPI_CMD_DEBUG_FILE:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            ctx->debug_file = tmpstr;
+            CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_KEYTYPE:
+        ctx->keytype = i;
+        CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+        break;
+
+    case CAPI_CMD_SET_CSP_IDX:
+        ret = capi_ctx_set_provname_idx(ctx, i);
+        break;
+
+    case CAPI_CMD_LIST_OPTIONS:
+        ctx->dump_flags = i;
+        break;
+
+    case CAPI_CMD_LOOKUP_METHOD:
+        if (i < 1 || i > 3) {
+            CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+            BIO_free(out);
+            return 0;
+        }
+        ctx->lookup_method = i;
+        break;
+
+    case CAPI_CMD_SET_CSP_NAME:
+        ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+        break;
+
+    case CAPI_CMD_SET_CSP_TYPE:
+        ctx->csptype = i;
+        break;
+
+    default:
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+        ret = 0;
+    }
+
+    BIO_free(out);
+    return ret;
+
+}
+
+static RSA_METHOD *capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD *capi_dsa_method = NULL;
+# endif
+
+static int use_aes_csp = 0;
+static const WCHAR rsa_aes_cspname[] =
+    L"Microsoft Enhanced RSA and AES Cryptographic Provider";
+static const WCHAR rsa_enh_cspname[] =
+    L"Microsoft Enhanced Cryptographic Provider v1.0";
+
+static int capi_init(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    const RSA_METHOD *ossl_rsa_meth;
+# ifndef OPENSSL_NO_DSA
+    const DSA_METHOD *ossl_dsa_meth;
+# endif
+    HCRYPTPROV hprov;
+
+    if (capi_idx < 0) {
+        capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        if (capi_idx < 0)
+            goto memerr;
+
+        cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+        /* Setup RSA_METHOD */
+        rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_rsa_meth = RSA_PKCS1_OpenSSL();
+        if (   !RSA_meth_set_pub_enc(capi_rsa_method,
+                                     RSA_meth_get_pub_enc(ossl_rsa_meth))
+            || !RSA_meth_set_pub_dec(capi_rsa_method,
+                                     RSA_meth_get_pub_dec(ossl_rsa_meth))
+            || !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc)
+            || !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec)
+            || !RSA_meth_set_mod_exp(capi_rsa_method,
+                                     RSA_meth_get_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_bn_mod_exp(capi_rsa_method,
+                                        RSA_meth_get_bn_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free)
+            || !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) {
+            goto memerr;
+        }
+
+# ifndef OPENSSL_NO_DSA
+        /* Setup DSA Method */
+        dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_dsa_meth = DSA_OpenSSL();
+        if (   !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+            || !DSA_meth_set_verify(capi_dsa_method,
+                                    DSA_meth_get_verify(ossl_dsa_meth))
+            || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+            || !DSA_meth_set_mod_exp(capi_dsa_method,
+                                     DSA_meth_get_mod_exp(ossl_dsa_meth))
+            || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+                                    DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+            goto memerr;
+        }
+# endif
+    }
+
+    ctx = capi_ctx_new();
+    if (ctx == NULL)
+        goto memerr;
+
+    ENGINE_set_ex_data(e, capi_idx, ctx);
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+    {
+        HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+        HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
+        if (cryptui)
+            ctx->certselectdlg =
+                (CERTDLG) GetProcAddress(cryptui,
+                                         "CryptUIDlgSelectCertificateFromStore");
+        if (kernel)
+            ctx->getconswindow =
+                (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
+        if (cryptui && !OPENSSL_isservice())
+            ctx->client_cert_select = cert_select_dialog;
+    }
+# endif
+
+    /* See if there is RSA+AES CSP */
+    if (CryptAcquireContextW(&hprov, NULL, rsa_aes_cspname, PROV_RSA_AES,
+                             CRYPT_VERIFYCONTEXT)) {
+        use_aes_csp = 1;
+        CryptReleaseContext(hprov, 0);
+    }
+
+    return 1;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+    return 0;
+
+    return 1;
+}
+
+static int capi_destroy(ENGINE *e)
+{
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    ERR_unload_CAPI_strings();
+    return 1;
+}
+
+static int capi_finish(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    capi_ctx_free(ctx);
+    ENGINE_set_ex_data(e, capi_idx, NULL);
+    return 1;
+}
+
+/*
+ * CryptoAPI key application data. This contains a handle to the private key
+ * container (for sign operations) and a handle to the key (for decrypt
+ * operations).
+ */
+
+struct CAPI_KEY_st {
+    /* Associated certificate context (if any) */
+    PCCERT_CONTEXT pcert;
+    HCRYPTPROV hprov;
+    HCRYPTKEY key;
+    DWORD keyspec;
+};
+
+static int bind_capi(ENGINE *e)
+{
+    capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
+    if (capi_rsa_method == NULL)
+        return 0;
+# ifndef OPENSSL_NO_DSA
+    capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+    if (capi_dsa_method == NULL)
+        goto memerr;
+# endif
+    if (!ENGINE_set_id(e, engine_capi_id)
+        || !ENGINE_set_name(e, engine_capi_name)
+        || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
+        || !ENGINE_set_init_function(e, capi_init)
+        || !ENGINE_set_finish_function(e, capi_finish)
+        || !ENGINE_set_destroy_function(e, capi_destroy)
+        || !ENGINE_set_RSA(e, capi_rsa_method)
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, capi_dsa_method)
+# endif
+        || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+        || !ENGINE_set_load_ssl_client_cert_function(e,
+                                                     capi_load_ssl_client_cert)
+        || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+        || !ENGINE_set_ctrl_function(e, capi_ctrl))
+        goto memerr;
+    ERR_load_CAPI_strings();
+
+    return 1;
+ memerr:
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    return 0;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_capi_id) != 0))
+        return 0;
+    if (!bind_capi(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_capi(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_capi(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_capi_int(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_capi();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+{
+    int i;
+    /*
+     * Reverse buffer in place: since this is a keyblob structure that will
+     * be freed up after conversion anyway it doesn't matter if we change
+     * it.
+     */
+    for (i = 0; i < binlen / 2; i++) {
+        unsigned char c;
+        c = bin[i];
+        bin[i] = bin[binlen - i - 1];
+        bin[binlen - i - 1] = c;
+    }
+
+    if (!BN_bin2bn(bin, binlen, bn))
+        return 0;
+    return 1;
+}
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
+{
+    unsigned char *pubkey = NULL;
+    DWORD len;
+    BLOBHEADER *bh;
+    RSA *rkey = NULL;
+    DSA *dkey = NULL;
+    EVP_PKEY *ret = NULL;
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    pubkey = OPENSSL_malloc(len);
+
+    if (pubkey == NULL)
+        goto memerr;
+
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+
+    bh = (BLOBHEADER *) pubkey;
+    if (bh->bType != PUBLICKEYBLOB) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+        goto err;
+    }
+    if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
+        RSAPUBKEY *rp;
+        DWORD rsa_modlen;
+        BIGNUM *e = NULL, *n = NULL;
+        unsigned char *rsa_modulus;
+        rp = (RSAPUBKEY *) (bh + 1);
+        if (rp->magic != 0x31415352) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", rp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        rsa_modulus = (unsigned char *)(rp + 1);
+        rkey = RSA_new_method(eng);
+        if (!rkey)
+            goto memerr;
+
+        e = BN_new();
+        n = BN_new();
+
+        if (e == NULL || n == NULL) {
+            BN_free(e);
+            BN_free(n);
+            goto memerr;
+        }
+
+        RSA_set0_key(rkey, n, e, NULL);
+
+        if (!BN_set_word(e, rp->pubexp))
+            goto memerr;
+
+        rsa_modlen = rp->bitlen / 8;
+        if (!lend_tobn(n, rsa_modulus, rsa_modlen))
+            goto memerr;
+
+        RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_RSA(ret, rkey);
+        rkey = NULL;
+
+# ifndef OPENSSL_NO_DSA
+    } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
+        DSSPUBKEY *dp;
+        DWORD dsa_plen;
+        unsigned char *btmp;
+        BIGNUM *p, *q, *g, *pub_key;
+        dp = (DSSPUBKEY *) (bh + 1);
+        if (dp->magic != 0x31535344) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", dp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        dsa_plen = dp->bitlen / 8;
+        btmp = (unsigned char *)(dp + 1);
+        dkey = DSA_new_method(eng);
+        if (!dkey)
+            goto memerr;
+        p = BN_new();
+        q = BN_new();
+        g = BN_new();
+        pub_key = BN_new();
+        if (p == NULL || q == NULL || g == NULL || pub_key == NULL) {
+            BN_free(p);
+            BN_free(q);
+            BN_free(g);
+            BN_free(pub_key);
+            goto memerr;
+        }
+        DSA_set0_pqg(dkey, p, q, g);
+        DSA_set0_key(dkey, pub_key, NULL);
+        if (!lend_tobn(p, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(q, btmp, 20))
+            goto memerr;
+        btmp += 20;
+        if (!lend_tobn(g, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(pub_key, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+
+        DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_DSA(ret, dkey);
+        dkey = NULL;
+# endif
+    } else {
+        char algstr[10];
+        BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
+        CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+        ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+        goto err;
+    }
+
+ err:
+    OPENSSL_free(pubkey);
+    if (!ret) {
+        RSA_free(rkey);
+# ifndef OPENSSL_NO_DSA
+        DSA_free(dkey);
+# endif
+    }
+
+    return ret;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+}
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data)
+{
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    EVP_PKEY *ret;
+    ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+    if (!ctx) {
+        CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+        return NULL;
+    }
+
+    key = capi_find_key(ctx, key_id);
+
+    if (!key)
+        return NULL;
+
+    ret = capi_get_pkey(eng, key);
+
+    if (!ret)
+        capi_free_key(key);
+    return ret;
+
+}
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+    return -1;
+}
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+                  unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+{
+    ALG_ID alg;
+    HCRYPTHASH hash;
+    DWORD slen;
+    unsigned int i;
+    int ret = -1;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+/* Convert the signature type to a CryptoAPI algorithm ID */
+    switch (dtype) {
+    case NID_sha256:
+        alg = CALG_SHA_256;
+        break;
+
+    case NID_sha384:
+        alg = CALG_SHA_384;
+        break;
+
+    case NID_sha512:
+        alg = CALG_SHA_512;
+        break;
+
+    case NID_sha1:
+        alg = CALG_SHA1;
+        break;
+
+    case NID_md5:
+        alg = CALG_MD5;
+        break;
+
+    case NID_md5_sha1:
+        alg = CALG_SSL3_SHAMD5;
+        break;
+    default:
+        {
+            char algstr[10];
+            BIO_snprintf(algstr, 10, "%x", dtype);
+            CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+            ERR_add_error_data(2, "NID=0x", algstr);
+            return -1;
+        }
+    }
+
+/* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return -1;
+    }
+/* Set the hash value to the value passed */
+
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+/* Finally sign it */
+    slen = RSA_size(rsa);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        ret = 1;
+        /* Inplace byte reversal of signature */
+        for (i = 0; i < slen / 2; i++) {
+            unsigned char c;
+            c = sigret[i];
+            sigret[i] = sigret[slen - i - 1];
+            sigret[slen - i - 1] = c;
+        }
+        *siglen = slen;
+    }
+
+    /* Now cleanup */
+
+ err:
+    CryptDestroyHash(hash);
+
+    return ret;
+}
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    int i;
+    unsigned char *tmpbuf;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    DWORD dlen;
+
+    if (flen <= 0)
+        return flen;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+
+    if (padding != RSA_PKCS1_PADDING) {
+        char errstr[10];
+        BIO_snprintf(errstr, 10, "%d", padding);
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+        ERR_add_error_data(2, "padding=", errstr);
+        return -1;
+    }
+
+    /* Create temp reverse order version of input */
+    if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    for (i = 0; i < flen; i++)
+        tmpbuf[flen - i - 1] = from[i];
+
+    /* Finally decrypt it */
+    dlen = flen;
+    if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &dlen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+        capi_addlasterror();
+        OPENSSL_free(tmpbuf);
+        return -1;
+    } else {
+        memcpy(to, tmpbuf, (flen = (int)dlen));
+    }
+    OPENSSL_free(tmpbuf);
+
+    return flen;
+}
+
+static int capi_rsa_free(RSA *rsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    capi_free_key(capi_key);
+    RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DSA
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa)
+{
+    HCRYPTHASH hash;
+    DWORD slen;
+    DSA_SIG *ret = NULL;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    unsigned char csigbuf[40];
+
+    ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+        return NULL;
+    }
+
+    if (dlen != 20) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+        return NULL;
+    }
+
+    /* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    /* Set the hash value to the value passed */
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+    /* Finally sign it */
+    slen = sizeof(csigbuf);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        BIGNUM *r = BN_new(), *s = BN_new();
+
+        if (r == NULL || s == NULL
+            || !lend_tobn(r, csigbuf, 20)
+            || !lend_tobn(s, csigbuf + 20, 20)
+            || (ret = DSA_SIG_new()) == NULL) {
+            BN_free(r); /* BN_free checks for BIGNUM * being NULL */
+            BN_free(s);
+            goto err;
+        }
+        DSA_SIG_set0(ret, r, s);
+    }
+
+    /* Now cleanup */
+
+ err:
+    OPENSSL_cleanse(csigbuf, 40);
+    CryptDestroyHash(hash);
+    return ret;
+}
+
+static int capi_dsa_free(DSA *dsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+    capi_free_key(capi_key);
+    DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+    return 1;
+}
+# endif
+
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format,
+                        va_list argptr)
+{
+    BIO *out;
+
+    if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+        return;
+    out = BIO_new_file(ctx->debug_file, "a+");
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+        return;
+    }
+    BIO_vprintf(out, format, argptr);
+    BIO_free(out);
+}
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
+{
+    va_list args;
+    va_start(args, format);
+    capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+    va_end(args);
+}
+
+static void capi_addlasterror(void)
+{
+    capi_adderror(GetLastError());
+}
+
+static void capi_adderror(DWORD err)
+{
+    char errstr[10];
+    BIO_snprintf(errstr, 10, "%lX", err);
+    ERR_add_error_data(2, "Error code= 0x", errstr);
+}
+
+static char *wide_to_asc(LPCWSTR wstr)
+{
+    char *str;
+    int len_0, sz;
+
+    if (!wstr)
+        return NULL;
+    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+    sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
+    if (!sz) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    str = OPENSSL_malloc(sz);
+    if (str == NULL) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!WideCharToMultiByte(CP_ACP, 0, wstr, len_0, str, sz, NULL, NULL)) {
+        OPENSSL_free(str);
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    return str;
+}
+
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype,
+                             DWORD idx)
+{
+    DWORD len, err;
+    LPTSTR name;
+    CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) {
+        err = GetLastError();
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    name = OPENSSL_malloc(len);
+    if (name == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
+        err = GetLastError();
+        OPENSSL_free(name);
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        *pname = wide_to_asc((WCHAR *)name);
+        OPENSSL_free(name);
+        if (*pname == NULL)
+            return 0;
+    } else {
+        *pname = (char *)name;
+    }
+    CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
+               *ptype);
+
+    return 1;
+}
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
+{
+    DWORD idx, ptype;
+    int ret;
+    LPSTR provname = NULL;
+    CAPI_trace(ctx, "capi_list_providers\n");
+    BIO_printf(out, "Available CSPs:\n");
+    for (idx = 0;; idx++) {
+        ret = capi_get_provname(ctx, &provname, &ptype, idx);
+        if (ret == 2)
+            break;
+        if (ret == 0)
+            break;
+        BIO_printf(out, "%lu. %s, type %lu\n", idx, provname, ptype);
+        OPENSSL_free(provname);
+    }
+    return 1;
+}
+
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
+{
+    int ret = 1;
+    HCRYPTPROV hprov;
+    DWORD err, idx, flags, buflen = 0, clen;
+    LPSTR cname;
+    LPWSTR cspname = NULL;
+
+    CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
+               ctx->csptype);
+    if (ctx->cspname != NULL) {
+        if ((clen = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                        NULL, 0))) {
+            cspname = alloca(clen * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname,
+                                clen);
+        }
+        if (cspname == NULL) {
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+            capi_addlasterror();
+            return 0;
+        }
+    }
+    if (!CryptAcquireContextW(&hprov, NULL, cspname, ctx->csptype,
+                              CRYPT_VERIFYCONTEXT)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
+                CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        return 0;
+    }
+    if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen,
+                           CRYPT_FIRST)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(hprov, 0);
+        return 0;
+    }
+    CAPI_trace(ctx, "Got max container len %d\n", buflen);
+    if (buflen == 0)
+        buflen = 1024;
+    cname = OPENSSL_malloc(buflen);
+    if (cname == NULL) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (idx = 0;; idx++) {
+        clen = buflen;
+        cname[0] = 0;
+
+        if (idx == 0)
+            flags = CRYPT_FIRST;
+        else
+            flags = 0;
+        if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname,
+                               &clen, flags)) {
+            err = GetLastError();
+            if (err == ERROR_NO_MORE_ITEMS)
+                goto done;
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+            capi_adderror(err);
+            goto err;
+        }
+        CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n",
+                   cname, clen, idx, flags);
+        if (!cname[0] && (clen == buflen)) {
+            CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+            goto done;
+        }
+        BIO_printf(out, "%lu. %s\n", idx, cname);
+    }
+ err:
+
+    ret = 0;
+
+ done:
+    OPENSSL_free(cname);
+    CryptReleaseContext(hprov, 0);
+
+    return ret;
+}
+
+static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx,
+                                               PCCERT_CONTEXT cert)
+{
+    DWORD len;
+    CRYPT_KEY_PROV_INFO *pinfo;
+
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           NULL, &len))
+        return NULL;
+    pinfo = OPENSSL_malloc(len);
+    if (pinfo == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           pinfo, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
+                CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+        capi_addlasterror();
+        OPENSSL_free(pinfo);
+        return NULL;
+    }
+    return pinfo;
+}
+
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out,
+                                CRYPT_KEY_PROV_INFO *pinfo)
+{
+    char *provname = NULL, *contname = NULL;
+    if (!pinfo) {
+        BIO_printf(out, "  No Private Key\n");
+        return;
+    }
+    provname = wide_to_asc(pinfo->pwszProvName);
+    contname = wide_to_asc(pinfo->pwszContainerName);
+    if (!provname || !contname)
+        goto err;
+
+    BIO_printf(out, "  Private Key Info:\n");
+    BIO_printf(out, "    Provider Name:  %s, Provider Type %lu\n", provname,
+               pinfo->dwProvType);
+    BIO_printf(out, "    Container Name: %s, Key Type %lu\n", contname,
+               pinfo->dwKeySpec);
+ err:
+    OPENSSL_free(provname);
+    OPENSSL_free(contname);
+}
+
+static char *capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    LPWSTR wfname;
+    DWORD dlen;
+
+    CAPI_trace(ctx, "capi_cert_get_fname\n");
+    if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                           NULL, &dlen))
+        return NULL;
+    wfname = OPENSSL_malloc(dlen);
+    if (wfname == NULL)
+        return NULL;
+    if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                          wfname, &dlen)) {
+        char *fname = wide_to_asc(wfname);
+        OPENSSL_free(wfname);
+        return fname;
+    }
+    CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+    capi_addlasterror();
+
+    OPENSSL_free(wfname);
+    return NULL;
+}
+
+static void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
+{
+    X509 *x;
+    const unsigned char *p;
+    unsigned long flags = ctx->dump_flags;
+    if (flags & CAPI_DMP_FNAME) {
+        char *fname;
+        fname = capi_cert_get_fname(ctx, cert);
+        if (fname) {
+            BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
+            OPENSSL_free(fname);
+        } else {
+            BIO_printf(out, "  <No Friendly Name>\n");
+        }
+    }
+
+    p = cert->pbCertEncoded;
+    x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+    if (!x)
+        BIO_printf(out, "  <Can't parse certificate>\n");
+    if (flags & CAPI_DMP_SUMMARY) {
+        BIO_printf(out, "  Subject: ");
+        X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n  Issuer: ");
+        X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n");
+    }
+    if (flags & CAPI_DMP_FULL)
+        X509_print_ex(out, x, XN_FLAG_ONELINE, 0);
+
+    if (flags & CAPI_DMP_PKEYINFO) {
+        CRYPT_KEY_PROV_INFO *pinfo;
+        pinfo = capi_get_prov_info(ctx, cert);
+        capi_dump_prov_info(ctx, out, pinfo);
+        OPENSSL_free(pinfo);
+    }
+
+    if (flags & CAPI_DMP_PEM)
+        PEM_write_bio_X509(out, x);
+    X509_free(x);
+}
+
+static HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
+{
+    HCERTSTORE hstore;
+
+    if (!storename)
+        storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+    hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
+                           ctx->store_flags, storename);
+    if (!hstore) {
+        CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+        capi_addlasterror();
+    }
+    return hstore;
+}
+
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
+{
+    char *storename;
+    int idx;
+    int ret = 1;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL;
+
+    storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    if (id) {
+        cert = capi_find_cert(ctx, id, hstore);
+        if (!cert) {
+            ret = 0;
+            goto err;
+        }
+        capi_dump_cert(ctx, out, cert);
+        CertFreeCertificateContext(cert);
+    } else {
+        for (idx = 0;; idx++) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                break;
+            BIO_printf(out, "Certificate %d\n", idx);
+            capi_dump_cert(ctx, out, cert);
+        }
+    }
+ err:
+    CertCloseStore(hstore, 0);
+    return ret;
+}
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore)
+{
+    PCCERT_CONTEXT cert = NULL;
+    char *fname = NULL;
+    int match;
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+        return CertFindCertificateInStore(hstore, X509_ASN_ENCODING, 0,
+                                          CERT_FIND_SUBJECT_STR_A, id, NULL);
+    case CAPI_LU_FNAME:
+        for (;;) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                return NULL;
+            fname = capi_cert_get_fname(ctx, cert);
+            if (fname) {
+                if (strcmp(fname, id))
+                    match = 0;
+                else
+                    match = 1;
+                OPENSSL_free(fname);
+                if (match)
+                    return cert;
+            }
+        }
+    default:
+        return NULL;
+    }
+}
+
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname,
+                              const WCHAR *provname, DWORD ptype,
+                              DWORD keyspec)
+{
+    DWORD dwFlags = 0;
+    CAPI_KEY *key = OPENSSL_malloc(sizeof(*key));
+
+    if (key == NULL)
+        return NULL;
+    /* If PROV_RSA_AES supported use it instead */
+    if (ptype == PROV_RSA_FULL && use_aes_csp &&
+        wcscmp(provname, rsa_enh_cspname) == 0) {
+        provname = rsa_aes_cspname;
+        ptype = PROV_RSA_AES;
+    }
+    if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+        /* above 'if' is [complementary] copy from CAPI_trace and serves
+	 * as optimization to minimize [below] malloc-ations */
+        char *_contname = wide_to_asc(contname);
+        char *_provname = wide_to_asc(provname);
+
+        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+                   _contname, _provname, ptype);
+        OPENSSL_free(_provname);
+        OPENSSL_free(_contname);
+    }
+    if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextW(&key->hprov, contname, provname, ptype,
+                              dwFlags)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+    if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(key->hprov, 0);
+        goto err;
+    }
+    key->keyspec = keyspec;
+    key->pcert = NULL;
+    return key;
+
+ err:
+    OPENSSL_free(key);
+    return NULL;
+}
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    CAPI_KEY *key = NULL;
+    CRYPT_KEY_PROV_INFO *pinfo = NULL;
+
+    pinfo = capi_get_prov_info(ctx, cert);
+
+    if (pinfo != NULL)
+        key = capi_get_key(ctx, pinfo->pwszContainerName, pinfo->pwszProvName,
+                           pinfo->dwProvType, pinfo->dwKeySpec);
+
+    OPENSSL_free(pinfo);
+    return key;
+}
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
+{
+    PCCERT_CONTEXT cert;
+    HCERTSTORE hstore;
+    CAPI_KEY *key = NULL;
+
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+    case CAPI_LU_FNAME:
+        hstore = capi_open_store(ctx, NULL);
+        if (!hstore)
+            return NULL;
+        cert = capi_find_cert(ctx, id, hstore);
+        if (cert) {
+            key = capi_get_cert_key(ctx, cert);
+            CertFreeCertificateContext(cert);
+        }
+        CertCloseStore(hstore, 0);
+        break;
+
+    case CAPI_LU_CONTNAME:
+        {
+            WCHAR *contname, *provname;
+            DWORD len;
+
+            if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) &&
+                (contname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) &&
+                (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                           NULL, 0)) &&
+                (provname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                     provname, len)))
+                key = capi_get_key(ctx, contname, provname,
+                                   ctx->csptype, ctx->keytype);
+        }
+        break;
+    }
+
+    return key;
+}
+
+void capi_free_key(CAPI_KEY *key)
+{
+    if (!key)
+        return;
+    CryptDestroyKey(key->key);
+    CryptReleaseContext(key->hprov, 0);
+    if (key->pcert)
+        CertFreeCertificateContext(key->pcert);
+    OPENSSL_free(key);
+}
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new(void)
+{
+    CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->csptype = PROV_RSA_FULL;
+    ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
+    ctx->keytype = AT_KEYEXCHANGE;
+    ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
+        CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
+    ctx->lookup_method = CAPI_LU_SUBSTR;
+    ctx->client_cert_select = cert_select_simple;
+    return ctx;
+}
+
+static void capi_ctx_free(CAPI_CTX *ctx)
+{
+    CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+    if (!ctx)
+        return;
+    OPENSSL_free(ctx->cspname);
+    OPENSSL_free(ctx->debug_file);
+    OPENSSL_free(ctx->storename);
+    OPENSSL_free(ctx->ssl_client_store);
+    OPENSSL_free(ctx);
+}
+
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check)
+{
+    LPSTR tmpcspname;
+
+    CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+    if (check) {
+        HCRYPTPROV hprov;
+        LPWSTR name = NULL;
+        DWORD len;
+
+        if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
+            name = alloca(len * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
+        }
+        if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type,
+                                                  CRYPT_VERIFYCONTEXT)) {
+            CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
+                    CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+            capi_addlasterror();
+            return 0;
+        }
+        CryptReleaseContext(hprov, 0);
+    }
+    tmpcspname = OPENSSL_strdup(pname);
+    if (tmpcspname == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(ctx->cspname);
+    ctx->cspname = tmpcspname;
+    ctx->csptype = type;
+    return 1;
+}
+
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
+{
+    LPSTR pname;
+    DWORD type;
+    int res;
+    if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+        return 0;
+    res = capi_ctx_set_provname(ctx, pname, type, 0);
+    OPENSSL_free(pname);
+    return res;
+}
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+{
+    int i;
+    X509_NAME *nm;
+    /* Special case: empty list: match anything */
+    if (sk_X509_NAME_num(ca_dn) <= 0)
+        return 1;
+    for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) {
+        nm = sk_X509_NAME_value(ca_dn, i);
+        if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+            return 1;
+    }
+    return 0;
+}
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data)
+{
+    STACK_OF(X509) *certs = NULL;
+    X509 *x;
+    char *storename;
+    const unsigned char *p;
+    int i, client_cert_idx;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL, excert = NULL;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+
+    *pcert = NULL;
+    *pkey = NULL;
+
+    storename = ctx->ssl_client_store;
+    if (!storename)
+        storename = "MY";
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    /* Enumerate all certificates collect any matches */
+    for (i = 0;; i++) {
+        cert = CertEnumCertificatesInStore(hstore, cert);
+        if (!cert)
+            break;
+        p = cert->pbCertEncoded;
+        x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+        if (!x) {
+            CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+            continue;
+        }
+        if (cert_issuer_match(ca_dn, x)
+            && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) {
+            key = capi_get_cert_key(ctx, cert);
+            if (!key) {
+                X509_free(x);
+                continue;
+            }
+            /*
+             * Match found: attach extra data to it so we can retrieve the
+             * key later.
+             */
+            excert = CertDuplicateCertificateContext(cert);
+            key->pcert = excert;
+            X509_set_ex_data(x, cert_capi_idx, key);
+
+            if (!certs)
+                certs = sk_X509_new_null();
+
+            sk_X509_push(certs, x);
+        } else {
+            X509_free(x);
+        }
+    }
+
+    if (cert)
+        CertFreeCertificateContext(cert);
+    if (hstore)
+        CertCloseStore(hstore, 0);
+
+    if (!certs)
+        return 0;
+
+    /* Select the appropriate certificate */
+
+    client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+    /* Set the selected certificate and free the rest */
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        if (i == client_cert_idx)
+            *pcert = x;
+        else {
+            key = X509_get_ex_data(x, cert_capi_idx);
+            capi_free_key(key);
+            X509_free(x);
+        }
+    }
+
+    sk_X509_free(certs);
+
+    if (!*pcert)
+        return 0;
+
+    /* Setup key for selected certificate */
+
+    key = X509_get_ex_data(*pcert, cert_capi_idx);
+    *pkey = capi_get_pkey(e, key);
+    X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+    return 1;
+
+}
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    return 0;
+}
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+
+/*
+ * More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+/*
+ * Definitions which are in cryptuiapi.h but this is not present in older
+ * versions of headers.
+ */
+
+#  ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+#   define CRYPTUI_SELECT_LOCATION_COLUMN                   0x000000010
+#   define CRYPTUI_SELECT_INTENDEDUSE_COLUMN                0x000000004
+#  endif
+
+#  define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+#  define dlg_prompt L"Select a certificate to use for authentication"
+#  define dlg_columns      CRYPTUI_SELECT_LOCATION_COLUMN \
+                        |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    X509 *x;
+    HCERTSTORE dstore;
+    PCCERT_CONTEXT cert;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    HWND hwnd;
+    int i, idx = -1;
+    if (sk_X509_num(certs) == 1)
+        return 0;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    /* Create an in memory store of certificates */
+    dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+                           CERT_STORE_CREATE_NEW_FLAG, NULL);
+    if (!dstore) {
+        CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
+        capi_addlasterror();
+        goto err;
+    }
+    /* Add all certificates to store */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        key = X509_get_ex_data(x, cert_capi_idx);
+
+        if (!CertAddCertificateContextToStore(dstore, key->pcert,
+                                              CERT_STORE_ADD_NEW, NULL)) {
+            CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
+            capi_addlasterror();
+            goto err;
+        }
+
+    }
+    hwnd = GetForegroundWindow();
+    if (!hwnd)
+        hwnd = GetActiveWindow();
+    if (!hwnd && ctx->getconswindow)
+        hwnd = ctx->getconswindow();
+    /* Call dialog to select one */
+    cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+                              dlg_columns, 0, NULL);
+
+    /* Find matching cert from list */
+    if (cert) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            key = X509_get_ex_data(x, cert_capi_idx);
+            if (CertCompareCertificate
+                (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo,
+                 key->pcert->pCertInfo)) {
+                idx = i;
+                break;
+            }
+        }
+    }
+
+ err:
+    if (dstore)
+        CertCloseStore(dstore, 0);
+    return idx;
+
+}
+# endif
+
+#else                           /* !__COMPILE_CAPIENG */
+# include <openssl/engine.h>
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# else
+void engine_load_capi_int(void);
+void engine_load_capi_int(void)
+{
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_capi.ec b/openssl-1.1.0h/engines/e_capi.ec
new file mode 100644
index 0000000..d2ad668
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_capi.ec
@@ -0,0 +1 @@
+L       CAPI    e_capi_err.h e_capi_err.c
diff --git a/openssl-1.1.0h/engines/e_capi_err.c b/openssl-1.1.0h/engines/e_capi_err.c
new file mode 100644
index 0000000..64e963a
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_capi_err.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_capi_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CAPI_str_functs[] = {
+    {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
+    {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
+    {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
+    {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
+    {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
+    {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
+    {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
+    {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
+    {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
+    {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
+    {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
+    {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
+    {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
+    {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
+    {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
+    {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
+    {ERR_FUNC(CAPI_F_CAPI_VTRACE), "CAPI_VTRACE"},
+    {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
+    {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
+    {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CAPI_str_reasons[] = {
+    {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+    {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+    {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"},
+    {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+    {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+     "cryptacquirecontext error"},
+    {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"},
+    {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+    {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+    {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+    {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+    {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+     "error getting friendly name"},
+    {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+     "error getting key provider info"},
+    {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+    {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+    {ERR_REASON(CAPI_R_FILE_OPEN_ERROR), "file open error"},
+    {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+    {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+    {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+    {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+     "invalid dsa public key blob magic number"},
+    {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+    {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+    {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+     "invalid rsa public key blob magic number"},
+    {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+    {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+     "pubkey export length error"},
+    {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+     "unsupported algorithm nid"},
+    {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+    {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+     "unsupported public key algorithm"},
+    {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef CAPI_LIB_NAME
+static ERR_STRING_DATA CAPI_lib_name[] = {
+    {0, CAPI_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int CAPI_lib_error_code = 0;
+static int CAPI_error_init = 1;
+
+static void ERR_load_CAPI_strings(void)
+{
+    if (CAPI_lib_error_code == 0)
+        CAPI_lib_error_code = ERR_get_next_error_library();
+
+    if (CAPI_error_init) {
+        CAPI_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs);
+        ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons);
+#endif
+
+#ifdef CAPI_LIB_NAME
+        CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0);
+        ERR_load_strings(0, CAPI_lib_name);
+#endif
+    }
+}
+
+static void ERR_unload_CAPI_strings(void)
+{
+    if (CAPI_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs);
+        ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons);
+#endif
+
+#ifdef CAPI_LIB_NAME
+        ERR_unload_strings(0, CAPI_lib_name);
+#endif
+        CAPI_error_init = 1;
+    }
+}
+
+static void ERR_CAPI_error(int function, int reason, char *file, int line)
+{
+    if (CAPI_lib_error_code == 0)
+        CAPI_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl-1.1.0h/engines/e_capi_err.h b/openssl-1.1.0h/engines/e_capi_err.h
new file mode 100644
index 0000000..bbaffad
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_capi_err.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#ifndef HEADER_CAPI_ERR_H
+# define HEADER_CAPI_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+static void ERR_load_CAPI_strings(void);
+static void ERR_unload_CAPI_strings(void);
+static void ERR_CAPI_error(int function, int reason, char *file, int line);
+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+/* Error codes for the CAPI functions. */
+
+/* Function codes. */
+# define CAPI_F_CAPI_CERT_GET_FNAME                       99
+# define CAPI_F_CAPI_CTRL                                 100
+# define CAPI_F_CAPI_CTX_NEW                              101
+# define CAPI_F_CAPI_CTX_SET_PROVNAME                     102
+# define CAPI_F_CAPI_DSA_DO_SIGN                          114
+# define CAPI_F_CAPI_GET_KEY                              103
+# define CAPI_F_CAPI_GET_PKEY                             115
+# define CAPI_F_CAPI_GET_PROVNAME                         104
+# define CAPI_F_CAPI_GET_PROV_INFO                        105
+# define CAPI_F_CAPI_INIT                                 106
+# define CAPI_F_CAPI_LIST_CONTAINERS                      107
+# define CAPI_F_CAPI_LOAD_PRIVKEY                         108
+# define CAPI_F_CAPI_OPEN_STORE                           109
+# define CAPI_F_CAPI_RSA_PRIV_DEC                         110
+# define CAPI_F_CAPI_RSA_PRIV_ENC                         111
+# define CAPI_F_CAPI_RSA_SIGN                             112
+# define CAPI_F_CAPI_VTRACE                               118
+# define CAPI_F_CERT_SELECT_DIALOG                        117
+# define CAPI_F_CLIENT_CERT_SELECT                        116
+# define CAPI_F_WIDE_TO_ASC                               113
+
+/* Reason codes. */
+# define CAPI_R_CANT_CREATE_HASH_OBJECT                   99
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT                    100
+# define CAPI_R_CANT_GET_KEY                              101
+# define CAPI_R_CANT_SET_HASH_VALUE                       102
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR                 103
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR                  104
+# define CAPI_R_DECRYPT_ERROR                             105
+# define CAPI_R_ENGINE_NOT_INITIALIZED                    106
+# define CAPI_R_ENUMCONTAINERS_ERROR                      107
+# define CAPI_R_ERROR_ADDING_CERT                         125
+# define CAPI_R_ERROR_CREATING_STORE                      126
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME               108
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO           109
+# define CAPI_R_ERROR_OPENING_STORE                       110
+# define CAPI_R_ERROR_SIGNING_HASH                        111
+# define CAPI_R_FILE_OPEN_ERROR                           128
+# define CAPI_R_FUNCTION_NOT_SUPPORTED                    112
+# define CAPI_R_GETUSERKEY_ERROR                          113
+# define CAPI_R_INVALID_DIGEST_LENGTH                     124
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  122
+# define CAPI_R_INVALID_LOOKUP_METHOD                     114
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB                   115
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  123
+# define CAPI_R_PUBKEY_EXPORT_ERROR                       116
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR                117
+# define CAPI_R_UNKNOWN_COMMAND                           118
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID                 119
+# define CAPI_R_UNSUPPORTED_PADDING                       120
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM          121
+# define CAPI_R_WIN32_ERROR                               127
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_chil.c b/openssl-1.1.0h/engines/e_chil.c
new file mode 100644
index 0000000..8d81b46
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_chil.c
@@ -0,0 +1,1285 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include "internal/dso.h"
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_CHIL
+
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#  ifdef FLAT_INC
+#   include "hwcryptohook.h"
+#  else
+#   include "vendor_defns/hwcryptohook.h"
+#  endif
+
+#  define HWCRHK_LIB_NAME "CHIL engine"
+#  include "e_chil_err.c"
+
+static CRYPTO_RWLOCK *chil_lock;
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
+                             HWCryptoHook_CallerContext *);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx);
+
+#  ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx,
+                             BN_MONT_CTX *m_ctx);
+#  endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+                                    UI_METHOD *ui_method,
+                                    void *callback_data);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+                              const char *wrong_info,
+                              HWCryptoHook_PassphraseContext * ppctx,
+                              HWCryptoHook_CallerContext * cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+                           int *len_io, char *buf,
+                           HWCryptoHook_PassphraseContext * ppctx,
+                           HWCryptoHook_CallerContext * cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+#  define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
+#  define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
+#  define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
+#  define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#  define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+    {HWCRHK_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the 'hwcrhk' shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {HWCRHK_CMD_FORK_CHECK,
+     "FORK_CHECK",
+     "Turns fork() checking on (non-zero) or off (zero)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {HWCRHK_CMD_THREAD_LOCKING,
+     "THREAD_LOCKING",
+     "Turns thread-safe locking on (zero) or off (non-zero)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {HWCRHK_CMD_SET_USER_INTERFACE,
+     "SET_USER_INTERFACE",
+     "Set the global user interface (internal)",
+     ENGINE_CMD_FLAG_INTERNAL},
+    {HWCRHK_CMD_SET_CALLBACK_DATA,
+     "SET_CALLBACK_DATA",
+     "Set the global user interface extra data (internal)",
+     ENGINE_CMD_FLAG_INTERNAL},
+    {0, NULL, NULL, 0}
+};
+
+#  ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa = {
+    "CHIL RSA method",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    hwcrhk_rsa_mod_exp,
+    hwcrhk_mod_exp_mont,
+    NULL,
+    hwcrhk_rsa_finish,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh = {
+    "CHIL DH method",
+    NULL,
+    NULL,
+    hwcrhk_mod_exp_dh,
+    NULL,
+    NULL,
+    0,
+    NULL,
+    NULL
+};
+#  endif
+
+static RAND_METHOD hwcrhk_rand = {
+    /* "CHIL RAND method", */
+    NULL,
+    hwcrhk_rand_bytes,
+    NULL,
+    NULL,
+    hwcrhk_rand_bytes,
+    hwcrhk_rand_status,
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "CHIL hardware engine support";
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/* Compatibility hack, the dynamic library uses this form in the path */
+static const char *engine_hwcrhk_id_alt = "ncipher";
+#  endif
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/*
+ * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+ * into HWCryptoHook_Mutex
+ */
+struct HWCryptoHook_MutexValue {
+    CRYPTO_RWLOCK *lock;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
+ */
+struct HWCryptoHook_PassphraseContextValue {
+    UI_METHOD *ui_method;
+    void *callback_data;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
+ */
+struct HWCryptoHook_CallerContextValue {
+    pem_password_cb *password_callback; /* Deprecated! Only present for
+                                         * backward compatibility! */
+    UI_METHOD *ui_method;
+    void *callback_data;
+};
+
+/*
+ * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+ * BIGNUM's, so lets define a couple of conversion macros
+ */
+#  define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#  define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/*
+ * One might wonder why these are needed, since one can pass down at least a
+ * UI_METHOD and a pointer to callback data to the key-loading functions. The
+ * thing is that the ModExp and RSAImmed functions can load keys as well, if
+ * the data they get is in a special, nCipher-defined format (hint: if you
+ * look at the private exponent of the RSA data as a string, you'll see this
+ * string: "nCipher KM tool key id", followed by some bytes, followed a key
+ * identity string, followed by more bytes.  This happens when you use
+ * "embed" keys instead of "hwcrhk" keys).  Unfortunately, those functions do
+ * not take any passphrase or caller context, and our functions can't really
+ * take any callback data either.  Still, the "insert_card" and
+ * "get_passphrase" callbacks may be called down the line, and will need to
+ * know what user interface callbacks to call, and having callback data from
+ * the application may be a nice thing as well, so we need to keep track of
+ * that globally.
+ */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+    HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+    &logstream,                 /* logstream */
+    sizeof(BN_ULONG),           /* limbsize */
+    0,                          /* mslimb first: false for BNs */
+    -1,                         /* msbyte first: use native */
+    0,                          /* Max mutexes, 0 = no small limit */
+    0,                          /* Max simultaneous, 0 = default */
+
+    /*
+     * The next few are mutex stuff: we write wrapper functions around the OS
+     * mutex functions.  We initialise them to 0 here, and change that to
+     * actual function pointers in hwcrhk_init() if dynamic locks are
+     * supported (that is, if the application programmer has made sure of
+     * setting up callbacks bafore starting this engine) *and* if
+     * disable_mutex_callbacks hasn't been set by a call to
+     * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
+     */
+    sizeof(HWCryptoHook_Mutex),
+    0,
+    0,
+    0,
+    0,
+
+    /*
+     * The next few are condvar stuff: we write wrapper functions round the
+     * OS functions.  Currently not implemented and not and absolute
+     * necessity even in threaded programs, therefore 0'ed.  Will hopefully
+     * be implemented some day, since it enhances the efficiency of
+     * HWCryptoHook.
+     */
+    0,                          /* sizeof(HWCryptoHook_CondVar), */
+    0,                          /* hwcrhk_cv_init, */
+    0,                          /* hwcrhk_cv_wait, */
+    0,                          /* hwcrhk_cv_signal, */
+    0,                          /* hwcrhk_cv_broadcast, */
+    0,                          /* hwcrhk_cv_destroy, */
+
+    hwcrhk_get_pass,            /* pass phrase */
+    hwcrhk_insert_card,         /* insert a card */
+    hwcrhk_log_message          /* Log message */
+};
+
+/* Now, to our own code */
+
+/*
+ * This internal function is used by ENGINE_chil() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+#  ifndef OPENSSL_NO_RSA
+    const RSA_METHOD *meth1;
+#  endif
+#  ifndef OPENSSL_NO_DH
+    const DH_METHOD *meth2;
+#  endif
+
+    chil_lock = CRYPTO_THREAD_lock_new();
+    if (chil_lock == NULL) {
+        HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
+        !ENGINE_set_name(e, engine_hwcrhk_name) ||
+#  ifndef OPENSSL_NO_RSA
+        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#  endif
+#  ifndef OPENSSL_NO_DH
+        !ENGINE_set_DH(e, &hwcrhk_dh) ||
+#  endif
+        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+        !ENGINE_set_init_function(e, hwcrhk_init) ||
+        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+        return 0;
+
+#  ifndef OPENSSL_NO_RSA
+    /*
+     * We know that the "PKCS1_OpenSSL()" functions hook properly to the
+     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+     * We don't use ENGINE_openssl() or anything "more generic" because
+     * something like the RSAref code may not hook properly, and if you own
+     * one of these cards then you have the right to do RSA operations on it
+     * anyway!
+     */
+    meth1 = RSA_PKCS1_OpenSSL();
+    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+    /* Much the same for Diffie-Hellman */
+    meth2 = DH_OpenSSL();
+    hwcrhk_dh.generate_key = meth2->generate_key;
+    hwcrhk_dh.compute_key = meth2->compute_key;
+#  endif
+
+    /* Ensure the hwcrhk error handling is set up */
+    ERR_load_HWCRHK_strings();
+
+    return 1;
+}
+
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_chil(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void ENGINE_load_chil(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_chil();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+#  endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * HWCryptoHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#  ifndef OPENSSL_NO_RSA
+/* Index for KM handle.  Not really used yet. */
+static int hndidx_rsa = -1;
+#  endif
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#  endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#  ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+{
+    OPENSSL_free(HWCRHK_LIBNAME);
+    HWCRHK_LIBNAME = NULL;
+}
+
+static const char *get_HWCRHK_LIBNAME(void)
+{
+    if (HWCRHK_LIBNAME)
+        return HWCRHK_LIBNAME;
+    return "nfhwcrhk";
+}
+
+static long set_HWCRHK_LIBNAME(const char *name)
+{
+    free_HWCRHK_LIBNAME();
+    return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#  ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#  endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#  ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#  endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/*
+ * HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle * hac,
+                       HWCryptoHook_CallerContext * cac)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
+    if (!*hac)
+        return 0;
+    return 1;
+}
+
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+{
+    p_hwcrhk_Finish(hac);
+}
+
+/* Destructor (complements the "ENGINE_chil()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+{
+    free_HWCRHK_LIBNAME();
+    ERR_unload_HWCRHK_strings();
+    CRYPTO_THREAD_lock_free(chil_lock);
+    return 1;
+}
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+{
+    HWCryptoHook_Init_t *p1;
+    HWCryptoHook_Finish_t *p2;
+    HWCryptoHook_ModExp_t *p3;
+#  ifndef OPENSSL_NO_RSA
+    HWCryptoHook_RSA_t *p4;
+    HWCryptoHook_RSALoadKey_t *p5;
+    HWCryptoHook_RSAGetPublicKey_t *p6;
+    HWCryptoHook_RSAUnloadKey_t *p7;
+#  endif
+    HWCryptoHook_RandomBytes_t *p8;
+    HWCryptoHook_ModExpCRT_t *p9;
+
+    if (hwcrhk_dso != NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
+        goto err;
+    }
+    /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+    hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+    if (hwcrhk_dso == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+        goto err;
+    }
+
+#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name)
+    if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL
+        || (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL
+        || (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL
+#  ifndef OPENSSL_NO_RSA
+        || (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL
+        || (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL
+        || (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL
+        || (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL
+#  endif
+        || (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL
+        || (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+        goto err;
+    }
+    /* Copy the pointers */
+    p_hwcrhk_Init = p1;
+    p_hwcrhk_Finish = p2;
+    p_hwcrhk_ModExp = p3;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = p4;
+    p_hwcrhk_RSALoadKey = p5;
+    p_hwcrhk_RSAGetPublicKey = p6;
+    p_hwcrhk_RSAUnloadKey = p7;
+#  endif
+    p_hwcrhk_RandomBytes = p8;
+    p_hwcrhk_ModExpCRT = p9;
+
+    /*
+     * Check if the application decided to support dynamic locks, and if it
+     * does, use them.
+     */
+    if (disable_mutex_callbacks == 0) {
+        hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+        hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+        hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+        hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+    }
+
+    /*
+     * Try and get a context - if not, we may have a DSO but no accelerator!
+     */
+    if (!get_context(&hwcrhk_context, &password_context)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
+        goto err;
+    }
+    /* Everything's fine. */
+#  ifndef OPENSSL_NO_RSA
+    if (hndidx_rsa == -1)
+        hndidx_rsa = RSA_get_ex_new_index(0,
+                                          "nFast HWCryptoHook RSA key handle",
+                                          NULL, NULL, NULL);
+#  endif
+    return 1;
+ err:
+    DSO_free(hwcrhk_dso);
+    hwcrhk_dso = NULL;
+    p_hwcrhk_Init = NULL;
+    p_hwcrhk_Finish = NULL;
+    p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = NULL;
+    p_hwcrhk_RSALoadKey = NULL;
+    p_hwcrhk_RSAGetPublicKey = NULL;
+    p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+    p_hwcrhk_ModExpCRT = NULL;
+    p_hwcrhk_RandomBytes = NULL;
+    return 0;
+}
+
+static int hwcrhk_finish(ENGINE *e)
+{
+    int to_return = 1;
+    free_HWCRHK_LIBNAME();
+    if (hwcrhk_dso == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
+        to_return = 0;
+        goto err;
+    }
+    release_context(hwcrhk_context);
+    if (!DSO_free(hwcrhk_dso)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
+        to_return = 0;
+        goto err;
+    }
+ err:
+    BIO_free(logstream);
+    hwcrhk_dso = NULL;
+    p_hwcrhk_Init = NULL;
+    p_hwcrhk_Finish = NULL;
+    p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = NULL;
+    p_hwcrhk_RSALoadKey = NULL;
+    p_hwcrhk_RSAGetPublicKey = NULL;
+    p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+    p_hwcrhk_ModExpCRT = NULL;
+    p_hwcrhk_RandomBytes = NULL;
+    return to_return;
+}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int to_return = 1;
+
+    switch (cmd) {
+    case HWCRHK_CMD_SO_PATH:
+        if (hwcrhk_dso) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
+            return 0;
+        }
+        if (p == NULL) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+            return 0;
+        }
+        return set_HWCRHK_LIBNAME((const char *)p);
+    case ENGINE_CTRL_SET_LOGSTREAM:
+        {
+            BIO *bio = (BIO *)p;
+
+            CRYPTO_THREAD_write_lock(chil_lock);
+            BIO_free(logstream);
+            logstream = NULL;
+            if (BIO_up_ref(bio))
+                logstream = bio;
+            else
+                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
+        }
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+    case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        password_context.password_callback = (pem_password_cb *)f;
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+    case ENGINE_CTRL_SET_USER_INTERFACE:
+    case HWCRHK_CMD_SET_USER_INTERFACE:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        password_context.ui_method = (UI_METHOD *)p;
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+    case ENGINE_CTRL_SET_CALLBACK_DATA:
+    case HWCRHK_CMD_SET_CALLBACK_DATA:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        password_context.callback_data = p;
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+        /*
+         * this enables or disables the "SimpleForkCheck" flag used in the
+         * initialisation structure.
+         */
+    case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+    case HWCRHK_CMD_FORK_CHECK:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        if (i)
+            hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
+        else
+            hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+        /*
+         * This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading.
+         */
+    case ENGINE_CTRL_CHIL_NO_LOCKING:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        disable_mutex_callbacks = 1;
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+    case HWCRHK_CMD_THREAD_LOCKING:
+        CRYPTO_THREAD_write_lock(chil_lock);
+        disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+        CRYPTO_THREAD_unlock(chil_lock);
+        break;
+
+        /* The command isn't understood by this engine */
+    default:
+        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+                  HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        to_return = 0;
+        break;
+    }
+
+    return to_return;
+}
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data)
+{
+#  ifndef OPENSSL_NO_RSA
+    RSA *rtmp = NULL;
+#  endif
+    EVP_PKEY *res = NULL;
+#  ifndef OPENSSL_NO_RSA
+    HWCryptoHook_MPI e, n;
+    HWCryptoHook_RSAKeyHandle *hptr;
+#  endif
+#  if !defined(OPENSSL_NO_RSA)
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    HWCryptoHook_PassphraseContext ppctx;
+#  endif
+
+#  if !defined(OPENSSL_NO_RSA)
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+#  endif
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+#  ifndef OPENSSL_NO_RSA
+    hptr = OPENSSL_malloc(sizeof(*hptr));
+    if (hptr == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ppctx.ui_method = ui_method;
+    ppctx.callback_data = callback_data;
+    if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    if (!*hptr) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
+        goto err;
+    }
+#  endif
+#  ifndef OPENSSL_NO_RSA
+    rtmp = RSA_new_method(eng);
+    RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+    rtmp->e = BN_new();
+    rtmp->n = BN_new();
+    rtmp->flags |= RSA_FLAG_EXT_PKEY;
+    MPI2BN(rtmp->e, e);
+    MPI2BN(rtmp->n, n);
+    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+        != HWCRYPTOHOOK_ERROR_MPISIZE) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+
+    bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
+    bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+    MPI2BN(rtmp->e, e);
+    MPI2BN(rtmp->n, n);
+
+    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    rtmp->e->top = e.size / sizeof(BN_ULONG);
+    bn_fix_top(rtmp->e);
+    rtmp->n->top = n.size / sizeof(BN_ULONG);
+    bn_fix_top(rtmp->n);
+
+    res = EVP_PKEY_new();
+    if (res == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        goto err;
+    }
+    EVP_PKEY_assign_RSA(res, rtmp);
+#  endif
+
+    if (res == NULL)
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                  HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+    return res;
+ err:
+#  ifndef OPENSSL_NO_RSA
+    RSA_free(rtmp);
+#  endif
+    return NULL;
+}
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+                                    UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *res = NULL;
+
+#  ifndef OPENSSL_NO_RSA
+    res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
+#  endif
+
+    if (res)
+        switch (res->type) {
+#  ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+            {
+                RSA *rsa = NULL;
+
+                CRYPTO_THREAD_write_lock(chil_lock);
+                rsa = res->pkey.rsa;
+                res->pkey.rsa = RSA_new();
+                res->pkey.rsa->n = rsa->n;
+                res->pkey.rsa->e = rsa->e;
+                rsa->n = NULL;
+                rsa->e = NULL;
+                CRYPTO_THREAD_unlock(chil_lock);
+                RSA_free(rsa);
+            }
+            break;
+#  endif
+        default:
+            HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                      HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+            goto err;
+        }
+
+    return res;
+ err:
+    EVP_PKEY_free(res);
+    return NULL;
+}
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    /*
+     * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
+     * directly, plus a little macro magic.  We only thing we need to make
+     * sure of is that enough space is allocated.
+     */
+    HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+    int to_return, ret;
+
+    to_return = 0;              /* expect failure */
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+    /* Prepare the params */
+    bn_expand2(r, m->top);      /* Check for error !! */
+    BN2MPI(m_a, a);
+    BN2MPI(m_p, p);
+    BN2MPI(m_n, m);
+    MPI2BN(r, m_r);
+
+    /* Perform the operation */
+    ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+    /* Convert the response */
+    r->top = m_r.size / sizeof(BN_ULONG);
+    bn_fix_top(r);
+
+    if (ret < 0) {
+        /*
+         * FIXME: When this error is returned, HWCryptoHook is telling us
+         * that falling back to software computation might be a good thing.
+         */
+        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
+        } else {
+            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
+        }
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+
+    to_return = 1;
+ err:
+    return to_return;
+}
+
+#  ifndef OPENSSL_NO_RSA
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    HWCryptoHook_RSAKeyHandle *hptr;
+    int to_return = 0, ret;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+
+    /*
+     * This provides support for nForce keys.  Since that's opaque data all
+     * we do is provide a handle to the proper key and let HWCryptoHook take
+     * care of the rest.
+     */
+    if ((hptr =
+         (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+        != NULL) {
+        HWCryptoHook_MPI m_a, m_r;
+
+        if (!rsa->n) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                      HWCRHK_R_MISSING_KEY_COMPONENTS);
+            goto err;
+        }
+
+        /* Prepare the params */
+        bn_expand2(r, rsa->n->top); /* Check for error !! */
+        BN2MPI(m_a, I);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0) {
+            /*
+             * FIXME: When this error is returned, HWCryptoHook is telling us
+             * that falling back to software computation might be a good
+             * thing.
+             */
+            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FALLBACK);
+            } else {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FAILED);
+            }
+            ERR_add_error_data(1, rmsg.buf);
+            goto err;
+        }
+    } else {
+        HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                      HWCRHK_R_MISSING_KEY_COMPONENTS);
+            goto err;
+        }
+
+        /* Prepare the params */
+        bn_expand2(r, rsa->n->top); /* Check for error !! */
+        BN2MPI(m_a, I);
+        BN2MPI(m_p, rsa->p);
+        BN2MPI(m_q, rsa->q);
+        BN2MPI(m_dmp1, rsa->dmp1);
+        BN2MPI(m_dmq1, rsa->dmq1);
+        BN2MPI(m_iqmp, rsa->iqmp);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+                                 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0) {
+            /*
+             * FIXME: When this error is returned, HWCryptoHook is telling us
+             * that falling back to software computation might be a good
+             * thing.
+             */
+            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FALLBACK);
+            } else {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FAILED);
+            }
+            ERR_add_error_data(1, rmsg.buf);
+            goto err;
+        }
+    }
+    /*
+     * If we're here, we must be here with some semblance of success :-)
+     */
+    to_return = 1;
+ err:
+    return to_return;
+}
+#  endif
+
+#  ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *m_ctx)
+{
+    return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+{
+    HWCryptoHook_RSAKeyHandle *hptr;
+
+    hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+    if (hptr) {
+        p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+        OPENSSL_free(hptr);
+        RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+    }
+    return 1;
+}
+
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+#  endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    int to_return = 0;          /* assume failure */
+    int ret;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+
+    ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+    if (ret < 0) {
+        /*
+         * FIXME: When this error is returned, HWCryptoHook is telling us
+         * that falling back to software computation might be a good thing.
+         */
+        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
+        } else {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
+        }
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    to_return = 1;
+ err:
+    return to_return;
+}
+
+static int hwcrhk_rand_status(void)
+{
+    return 1;
+}
+
+/*
+ * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+                             HWCryptoHook_CallerContext * cactx)
+{
+    mt->lock = CRYPTO_THREAD_lock_new();
+    if (mt->lock == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
+        return 1;               /* failure */
+    }
+    return 0;                   /* success */
+}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_THREAD_write_lock(mt->lock);
+    return 0;
+}
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_THREAD_unlock(mt->lock);
+}
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_THREAD_lock_free(mt->lock);
+}
+
+static int hwcrhk_get_pass(const char *prompt_info,
+                           int *len_io, char *buf,
+                           HWCryptoHook_PassphraseContext * ppctx,
+                           HWCryptoHook_CallerContext * cactx)
+{
+    pem_password_cb *callback = NULL;
+    void *callback_data = NULL;
+    UI_METHOD *ui_method = NULL;
+    /*
+     * Despite what the documentation says prompt_info can be an empty
+     * string.
+     */
+    if (prompt_info && !*prompt_info)
+        prompt_info = NULL;
+
+    if (cactx) {
+        if (cactx->ui_method)
+            ui_method = cactx->ui_method;
+        if (cactx->password_callback)
+            callback = cactx->password_callback;
+        if (cactx->callback_data)
+            callback_data = cactx->callback_data;
+    }
+    if (ppctx) {
+        if (ppctx->ui_method) {
+            ui_method = ppctx->ui_method;
+            callback = NULL;
+        }
+        if (ppctx->callback_data)
+            callback_data = ppctx->callback_data;
+    }
+    if (callback == NULL && ui_method == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
+        return -1;
+    }
+
+    if (ui_method) {
+        UI *ui = UI_new_method(ui_method);
+        if (ui) {
+            int ok;
+            char *prompt = UI_construct_prompt(ui,
+                                               "pass phrase", prompt_info);
+
+            ok = UI_add_input_string(ui, prompt,
+                                     UI_INPUT_FLAG_DEFAULT_PWD,
+                                     buf, 0, (*len_io) - 1);
+            UI_add_user_data(ui, callback_data);
+            UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+            if (ok >= 0)
+                do {
+                    ok = UI_process(ui);
+                }
+                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+            if (ok >= 0)
+                *len_io = strlen(buf);
+
+            UI_free(ui);
+            OPENSSL_free(prompt);
+        }
+    } else {
+        *len_io = callback(buf, *len_io, 0, callback_data);
+    }
+    if (!*len_io)
+        return -1;
+    return 0;
+}
+
+static int hwcrhk_insert_card(const char *prompt_info,
+                              const char *wrong_info,
+                              HWCryptoHook_PassphraseContext * ppctx,
+                              HWCryptoHook_CallerContext * cactx)
+{
+    int ok = -1;
+    UI *ui;
+    void *callback_data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if (cactx) {
+        if (cactx->ui_method)
+            ui_method = cactx->ui_method;
+        if (cactx->callback_data)
+            callback_data = cactx->callback_data;
+    }
+    if (ppctx) {
+        if (ppctx->ui_method)
+            ui_method = ppctx->ui_method;
+        if (ppctx->callback_data)
+            callback_data = ppctx->callback_data;
+    }
+    if (ui_method == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
+        return -1;
+    }
+
+    ui = UI_new_method(ui_method);
+
+    if (ui) {
+        char answer = '\0';
+        char buf[BUFSIZ];
+        /*
+         * Despite what the documentation says wrong_info can be an empty
+         * string.
+         */
+        if (wrong_info && *wrong_info)
+            BIO_snprintf(buf, sizeof(buf) - 1,
+                         "Current card: \"%s\"\n", wrong_info);
+        else
+            buf[0] = 0;
+        ok = UI_dup_info_string(ui, buf);
+        if (ok >= 0 && prompt_info) {
+            BIO_snprintf(buf, sizeof(buf) - 1,
+                         "Insert card \"%s\"", prompt_info);
+            ok = UI_dup_input_boolean(ui, buf,
+                                      "\n then hit <enter> or C<enter> to cancel\n",
+                                      "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
+                                      &answer);
+        }
+        UI_add_user_data(ui, callback_data);
+
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+
+        if (ok == -2 || (ok >= 0 && answer == 'C'))
+            ok = 1;
+        else if (ok < 0)
+            ok = -1;
+        else
+            ok = 0;
+    }
+    return ok;
+}
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+{
+    BIO *lstream = NULL;
+
+    if (logstr)
+        lstream = *(BIO **)logstr;
+    if (lstream) {
+        BIO_printf(lstream, "%s\n", message);
+    }
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
+        (strcmp(id, engine_hwcrhk_id_alt) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif                         /* !OPENSSL_NO_HW_CHIL */
+#endif                          /* !OPENSSL_NO_HW */
diff --git a/openssl-1.1.0h/engines/e_chil.ec b/openssl-1.1.0h/engines/e_chil.ec
new file mode 100644
index 0000000..b5a76e1
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_chil.ec
@@ -0,0 +1 @@
+L HWCRHK	e_chil_err.h			e_chil_err.c
diff --git a/openssl-1.1.0h/engines/e_chil_err.c b/openssl-1.1.0h/engines/e_chil_err.c
new file mode 100644
index 0000000..0058684
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_chil_err.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_chil_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA HWCRHK_str_functs[] = {
+    {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
+    {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA HWCRHK_str_reasons[] = {
+    {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"},
+    {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"},
+    {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"},
+    {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+     "ctrl command not implemented"},
+    {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"},
+    {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
+    {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"},
+    {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"},
+    {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"},
+    {ERR_REASON(HWCRHK_R_NO_KEY), "no key"},
+    {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),
+     "private key algorithms disabled"},
+    {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"},
+    {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"},
+    {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[] = {
+    {0, HWCRHK_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int HWCRHK_lib_error_code = 0;
+static int HWCRHK_error_init = 1;
+
+static void ERR_load_HWCRHK_strings(void)
+{
+    if (HWCRHK_lib_error_code == 0)
+        HWCRHK_lib_error_code = ERR_get_next_error_library();
+
+    if (HWCRHK_error_init) {
+        HWCRHK_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+        ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+        HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0);
+        ERR_load_strings(0, HWCRHK_lib_name);
+#endif
+    }
+}
+
+static void ERR_unload_HWCRHK_strings(void)
+{
+    if (HWCRHK_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+        ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+        ERR_unload_strings(0, HWCRHK_lib_name);
+#endif
+        HWCRHK_error_init = 1;
+    }
+}
+
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+{
+    if (HWCRHK_lib_error_code == 0)
+        HWCRHK_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl-1.1.0h/engines/e_chil_err.h b/openssl-1.1.0h/engines/e_chil_err.h
new file mode 100644
index 0000000..b0f0dd9
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_chil_err.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#ifndef HEADER_HWCRHK_ERR_H
+# define HEADER_HWCRHK_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+/* Error codes for the HWCRHK functions. */
+
+/* Function codes. */
+# define HWCRHK_F_HWCRHK_CTRL                             100
+# define HWCRHK_F_HWCRHK_FINISH                           101
+# define HWCRHK_F_HWCRHK_GET_PASS                         102
+# define HWCRHK_F_HWCRHK_INIT                             103
+# define HWCRHK_F_HWCRHK_INSERT_CARD                      104
+# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY                     105
+# define HWCRHK_F_HWCRHK_LOAD_PUBKEY                      106
+# define HWCRHK_F_HWCRHK_MOD_EXP                          107
+# define HWCRHK_F_HWCRHK_RAND_BYTES                       108
+# define HWCRHK_F_HWCRHK_RSA_MOD_EXP                      109
+# define HWCRHK_F_BIND_HELPER                             110
+# define HWCRHK_F_HWCRHK_MUTEX_INIT                       111
+
+/* Reason codes. */
+# define HWCRHK_R_ALREADY_LOADED                          100
+# define HWCRHK_R_BIO_WAS_FREED                           101
+# define HWCRHK_R_CHIL_ERROR                              102
+# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
+# define HWCRHK_R_DSO_FAILURE                             104
+# define HWCRHK_R_MISSING_KEY_COMPONENTS                  105
+# define HWCRHK_R_NOT_INITIALISED                         106
+# define HWCRHK_R_NOT_LOADED                              107
+# define HWCRHK_R_NO_CALLBACK                             108
+# define HWCRHK_R_NO_KEY                                  109
+# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED         110
+# define HWCRHK_R_REQUEST_FAILED                          111
+# define HWCRHK_R_REQUEST_FALLBACK                        112
+# define HWCRHK_R_UNIT_FAILURE                            113
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_dasync.c b/openssl-1.1.0h/engines/e_dasync.c
new file mode 100644
index 0000000..b672a3a
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_dasync.c
@@ -0,0 +1,771 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/async.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/modes.h>
+
+#if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
+# undef ASYNC_POSIX
+# define ASYNC_POSIX
+# include <unistd.h>
+#elif defined(_WIN32)
+# undef ASYNC_WIN
+# define ASYNC_WIN
+#endif
+
+#define DASYNC_LIB_NAME "DASYNC"
+#include "e_dasync_err.c"
+
+/* Engine Id and Name */
+static const char *engine_dasync_id = "dasync";
+static const char *engine_dasync_name = "Dummy Async engine support";
+
+
+/* Engine Lifetime functions */
+static int dasync_destroy(ENGINE *e);
+static int dasync_init(ENGINE *e);
+static int dasync_finish(ENGINE *e);
+void engine_load_dasync_int(void);
+
+
+/* Set up digests. Just SHA1 for now */
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+
+static void dummy_pause_job(void);
+
+/* SHA1 */
+static int dasync_sha1_init(EVP_MD_CTX *ctx);
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+/*
+ * Holds the EVP_MD object for sha1 in this engine. Set up once only during
+ * engine bind and can then be reused many times.
+ */
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *dasync_sha1(void)
+{
+    return _hidden_sha1_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+}
+
+static int dasync_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = dasync_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* RSA */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding);
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx);
+
+static int dasync_rsa_init(RSA *rsa);
+static int dasync_rsa_finish(RSA *rsa);
+
+static RSA_METHOD *dasync_rsa_method = NULL;
+
+/* AES */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr);
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t inl);
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr);
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                 const unsigned char *key,
+                                                 const unsigned char *iv,
+                                                 int enc);
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl);
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
+
+struct dasync_pipeline_ctx {
+    void *inner_cipher_data;
+    unsigned int numpipes;
+    unsigned char **inbufs;
+    unsigned char **outbufs;
+    size_t *lens;
+    int enc;
+    unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    unsigned int aadctr;
+};
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
+ * during engine bind and can then be reused many times.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc(void)
+{
+    return _hidden_aes_128_cbc;
+}
+
+/*
+ * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
+ * once only during engine bind and can then be reused many times.
+ */
+static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
+static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
+{
+    return _hidden_aes_128_cbc_hmac_sha1;
+}
+
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+    _hidden_aes_128_cbc = NULL;
+    _hidden_aes_128_cbc_hmac_sha1 = NULL;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid);
+
+static int dasync_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_128_cbc_hmac_sha1,
+    0
+};
+
+static int bind_dasync(ENGINE *e)
+{
+    /* Setup RSA_METHOD */
+    if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
+        || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
+        || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
+        || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
+        || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
+        || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
+        || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
+        || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
+        || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /* Ensure the dasync error handling is set up */
+    ERR_load_DASYNC_strings();
+
+    if (!ENGINE_set_id(e, engine_dasync_id)
+        || !ENGINE_set_name(e, engine_dasync_name)
+        || !ENGINE_set_RSA(e, dasync_rsa_method)
+        || !ENGINE_set_digests(e, dasync_digests)
+        || !ENGINE_set_ciphers(e, dasync_ciphers)
+        || !ENGINE_set_destroy_function(e, dasync_destroy)
+        || !ENGINE_set_init_function(e, dasync_init)
+        || !ENGINE_set_finish_function(e, dasync_finish)) {
+        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
+     * supplied by this engine
+     */
+    _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
+    if (_hidden_sha1_md == NULL
+        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
+        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
+        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
+                                         sizeof(EVP_MD *) + sizeof(SHA_CTX))
+        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
+        || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
+        || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
+        EVP_MD_meth_free(_hidden_sha1_md);
+        _hidden_sha1_md = NULL;
+    }
+
+    _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                              16 /* block size */,
+                                              16 /* key len */);
+    if (_hidden_aes_128_cbc == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         dasync_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              dasync_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
+                                            dasync_aes128_cbc_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
+                                         dasync_aes128_cbc_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+
+    _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
+                                                NID_aes_128_cbc_hmac_sha1,
+                                                16 /* block size */,
+                                                16 /* key len */);
+    if (_hidden_aes_128_cbc_hmac_sha1 == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
+                                            EVP_CIPH_CBC_MODE
+                                          | EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_FLAG_AEAD_CIPHER
+                                          | EVP_CIPH_FLAG_PIPELINE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cipher)
+            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
+                                            dasync_aes128_cbc_hmac_sha1_cleanup)
+            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
+                                         dasync_aes128_cbc_hmac_sha1_ctrl)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
+                                sizeof(struct dasync_pipeline_ctx))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
+        _hidden_aes_128_cbc_hmac_sha1 = NULL;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_dasync_id) != 0))
+        return 0;
+    if (!bind_dasync(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static ENGINE *engine_dasync(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!bind_dasync(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dasync_int(void)
+{
+    ENGINE *toadd = engine_dasync();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+static int dasync_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int dasync_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    RSA_meth_free(dasync_rsa_method);
+    ERR_unload_DASYNC_strings();
+    return 1;
+}
+
+static int dasync_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return dasync_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_sha1:
+        *digest = dasync_sha1();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                   const int **nids, int nid)
+{
+    int ok = 1;
+    if (cipher == NULL) {
+        /* We are returning a list of supported nids */
+        *nids = dasync_cipher_nids;
+        return (sizeof(dasync_cipher_nids) -
+                1) / sizeof(dasync_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = dasync_aes_128_cbc();
+        break;
+    case NID_aes_128_cbc_hmac_sha1:
+        *cipher = dasync_aes_128_cbc_hmac_sha1();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                         OSSL_ASYNC_FD readfd, void *pvwritefd)
+{
+    OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
+#if defined(ASYNC_WIN)
+    CloseHandle(readfd);
+    CloseHandle(*pwritefd);
+#elif defined(ASYNC_POSIX)
+    close(readfd);
+    close(*pwritefd);
+#endif
+    OPENSSL_free(pwritefd);
+}
+
+#define DUMMY_CHAR 'X'
+
+static void dummy_pause_job(void) {
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    OSSL_ASYNC_FD pipefds[2] = {0, 0};
+    OSSL_ASYNC_FD *writefd;
+#if defined(ASYNC_WIN)
+    DWORD numwritten, numread;
+    char buf = DUMMY_CHAR;
+#elif defined(ASYNC_POSIX)
+    char buf = DUMMY_CHAR;
+#endif
+
+    if ((job = ASYNC_get_current_job()) == NULL)
+        return;
+
+    waitctx = ASYNC_get_wait_ctx(job);
+
+    if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
+                              (void **)&writefd)) {
+        pipefds[1] = *writefd;
+    } else {
+        writefd = OPENSSL_malloc(sizeof(*writefd));
+        if (writefd == NULL)
+            return;
+#if defined(ASYNC_WIN)
+        if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#elif defined(ASYNC_POSIX)
+        if (pipe(pipefds) != 0) {
+            OPENSSL_free(writefd);
+            return;
+        }
+#endif
+        *writefd = pipefds[1];
+
+        if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
+                                       writefd, wait_cleanup)) {
+            wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
+            return;
+        }
+    }
+    /*
+     * In the Dummy async engine we are cheating. We signal that the job
+     * is complete by waking it before the call to ASYNC_pause_job(). A real
+     * async engine would only wake when the job was actually complete
+     */
+#if defined(ASYNC_WIN)
+    WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
+#elif defined(ASYNC_POSIX)
+    if (write(pipefds[1], &buf, 1) < 0)
+        return;
+#endif
+
+    /* Ignore errors - we carry on anyway */
+    ASYNC_pause_job();
+
+    /* Clear the wake signal */
+#if defined(ASYNC_WIN)
+    ReadFile(pipefds[0], &buf, 1, &numread, NULL);
+#elif defined(ASYNC_POSIX)
+    if (read(pipefds[0], &buf, 1) < 0)
+        return;
+#endif
+}
+
+/*
+ * SHA1 implementation. At the moment we just defer to the standard
+ * implementation
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int dasync_sha1_init(EVP_MD_CTX *ctx)
+{
+    dummy_pause_job();
+
+    return SHA1_Init(data(ctx));
+}
+
+static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    dummy_pause_job();
+
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    dummy_pause_job();
+
+    return SHA1_Final(md, data(ctx));
+}
+
+/*
+ * RSA implementation
+ */
+
+static int dasync_pub_enc(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_pub_dec(int flen, const unsigned char *from,
+                    unsigned char *to, RSA *rsa, int padding) {
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
+        (flen, from, to, rsa, padding);
+}
+
+static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    /* Ignore errors - we carry on anyway */
+    dummy_pause_job();
+    return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
+}
+
+static int dasync_rsa_init(RSA *rsa)
+{
+    return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
+}
+static int dasync_rsa_finish(RSA *rsa)
+{
+    return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
+}
+
+/* Cipher helper functions */
+
+static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                     void *ptr, int aeadcapable)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx == NULL)
+        return 0;
+
+    switch (type) {
+        case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->outbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->inbufs = (unsigned char **)ptr;
+            break;
+
+        case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
+            pipe_ctx->numpipes = arg;
+            pipe_ctx->lens = (size_t *)ptr;
+            break;
+
+        case EVP_CTRL_AEAD_SET_MAC_KEY:
+            if (!aeadcapable)
+                return -1;
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+            ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
+                                          (ctx, type, arg, ptr);
+            EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+            return ret;
+
+        case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
+                return -1;
+
+            memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
+                   EVP_AEAD_TLS1_AAD_LEN);
+            pipe_ctx->aadctr++;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (pipe_ctx->enc) {
+                if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                }
+
+                return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
+                        & -AES_BLOCK_SIZE) - len;
+            } else {
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+
+        default:
+            return 0;
+    }
+
+    return 1;
+}
+
+static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
+                                         const unsigned char *key,
+                                         const unsigned char *iv, int enc,
+                                         const EVP_CIPHER *cipher)
+{
+    int ret;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (pipe_ctx->inner_cipher_data == NULL
+            && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
+        pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
+            EVP_CIPHER_impl_ctx_size(cipher));
+        if (pipe_ctx->inner_cipher_data == NULL) {
+            DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
+                        ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    pipe_ctx->numpipes = 0;
+    pipe_ctx->aadctr = 0;
+
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+
+    return ret;
+}
+
+static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl,
+                                const EVP_CIPHER *cipher)
+{
+    int ret = 1;
+    unsigned int i, pipes;
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    pipes = pipe_ctx->numpipes;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
+    if (pipes == 0) {
+        if (pipe_ctx->aadctr != 0) {
+            if (pipe_ctx->aadctr != 1)
+                return -1;
+            EVP_CIPHER_meth_get_ctrl(cipher)
+                                    (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                     EVP_AEAD_TLS1_AAD_LEN,
+                                     pipe_ctx->tlsaad[0]);
+        }
+        ret = EVP_CIPHER_meth_get_do_cipher(cipher)
+                                           (ctx, out, in, inl);
+    } else {
+        if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
+            return -1;
+        for (i = 0; i < pipes; i++) {
+            if (pipe_ctx->aadctr > 0) {
+                EVP_CIPHER_meth_get_ctrl(cipher)
+                                        (ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                         EVP_AEAD_TLS1_AAD_LEN,
+                                         pipe_ctx->tlsaad[i]);
+            }
+            ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
+                                (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
+                                 pipe_ctx->lens[i]);
+        }
+        pipe_ctx->numpipes = 0;
+    }
+    pipe_ctx->aadctr = 0;
+    EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
+    return ret;
+}
+
+static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
+                                        const EVP_CIPHER *cipher)
+{
+    struct dasync_pipeline_ctx *pipe_ctx =
+        (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
+                       EVP_CIPHER_impl_ctx_size(cipher));
+
+    return 1;
+}
+
+/*
+ * AES128 CBC Implementation
+ */
+
+static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
+}
+
+static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
+}
+
+static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
+}
+
+
+/*
+ * AES128 CBC HMAC SHA1 Implementation
+ */
+
+static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+                                             int arg, void *ptr)
+{
+    return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
+}
+
+static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                                const unsigned char *key,
+                                                const unsigned char *iv,
+                                                int enc)
+{
+    return dasync_cipher_init_key_helper(ctx, key, iv, enc,
+                                         EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+                                               unsigned char *out,
+                                               const unsigned char *in,
+                                               size_t inl)
+{
+    return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
+}
+
+static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
+}
diff --git a/openssl-1.1.0h/engines/e_dasync.ec b/openssl-1.1.0h/engines/e_dasync.ec
new file mode 100644
index 0000000..385faa0
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_dasync.ec
@@ -0,0 +1 @@
+L       DASYNC    e_dasync_err.h e_dasync_err.c
diff --git a/openssl-1.1.0h/engines/e_dasync_err.c b/openssl-1.1.0h/engines/e_dasync_err.c
new file mode 100644
index 0000000..a9e7765
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_dasync_err.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_dasync_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA DASYNC_str_functs[] = {
+    {ERR_FUNC(DASYNC_F_BIND_DASYNC), "bind_dasync"},
+    {ERR_FUNC(DASYNC_F_CIPHER_AES_128_CBC_CODE), "CIPHER_AES_128_CBC_CODE"},
+    {ERR_FUNC(DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY),
+     "dasync_aes128_cbc_hmac_sha1_init_key"},
+    {ERR_FUNC(DASYNC_F_DASYNC_AES128_INIT_KEY), "dasync_aes128_init_key"},
+    {ERR_FUNC(DASYNC_F_DASYNC_BN_MOD_EXP), "DASYNC_BN_MOD_EXP"},
+    {ERR_FUNC(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER),
+     "dasync_cipher_init_key_helper"},
+    {ERR_FUNC(DASYNC_F_DASYNC_MOD_EXP), "DASYNC_MOD_EXP"},
+    {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_DECRYPT), "DASYNC_PRIVATE_DECRYPT"},
+    {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_ENCRYPT), "DASYNC_PRIVATE_ENCRYPT"},
+    {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_DECRYPT), "DASYNC_PUBLIC_DECRYPT"},
+    {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_ENCRYPT), "DASYNC_PUBLIC_ENCRYPT"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA DASYNC_str_reasons[] = {
+    {ERR_REASON(DASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_REASON(DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED),
+     "length not block aligned"},
+    {ERR_REASON(DASYNC_R_UNKNOWN_FAULT), "unknown fault"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef DASYNC_LIB_NAME
+static ERR_STRING_DATA DASYNC_lib_name[] = {
+    {0, DASYNC_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int DASYNC_lib_error_code = 0;
+static int DASYNC_error_init = 1;
+
+static void ERR_load_DASYNC_strings(void)
+{
+    if (DASYNC_lib_error_code == 0)
+        DASYNC_lib_error_code = ERR_get_next_error_library();
+
+    if (DASYNC_error_init) {
+        DASYNC_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_functs);
+        ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_reasons);
+#endif
+
+#ifdef DASYNC_LIB_NAME
+        DASYNC_lib_name->error = ERR_PACK(DASYNC_lib_error_code, 0, 0);
+        ERR_load_strings(0, DASYNC_lib_name);
+#endif
+    }
+}
+
+static void ERR_unload_DASYNC_strings(void)
+{
+    if (DASYNC_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_functs);
+        ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_reasons);
+#endif
+
+#ifdef DASYNC_LIB_NAME
+        ERR_unload_strings(0, DASYNC_lib_name);
+#endif
+        DASYNC_error_init = 1;
+    }
+}
+
+static void ERR_DASYNC_error(int function, int reason, char *file, int line)
+{
+    if (DASYNC_lib_error_code == 0)
+        DASYNC_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(DASYNC_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl-1.1.0h/engines/e_dasync_err.h b/openssl-1.1.0h/engines/e_dasync_err.h
new file mode 100644
index 0000000..b01fead
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_dasync_err.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#ifndef HEADER_DASYNC_ERR_H
+# define HEADER_DASYNC_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+static void ERR_load_DASYNC_strings(void);
+static void ERR_unload_DASYNC_strings(void);
+static void ERR_DASYNC_error(int function, int reason, char *file, int line);
+# define DASYNCerr(f,r) ERR_DASYNC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+/* Error codes for the DASYNC functions. */
+
+/* Function codes. */
+# define DASYNC_F_BIND_DASYNC                             107
+# define DASYNC_F_CIPHER_AES_128_CBC_CODE                 100
+# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY    109
+# define DASYNC_F_DASYNC_AES128_INIT_KEY                  108
+# define DASYNC_F_DASYNC_BN_MOD_EXP                       101
+# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER           110
+# define DASYNC_F_DASYNC_MOD_EXP                          102
+# define DASYNC_F_DASYNC_PRIVATE_DECRYPT                  103
+# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT                  104
+# define DASYNC_F_DASYNC_PUBLIC_DECRYPT                   105
+# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT                   106
+
+/* Reason codes. */
+# define DASYNC_R_INIT_FAILED                             102
+# define DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED                100
+# define DASYNC_R_UNKNOWN_FAULT                           101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_ossltest.c b/openssl-1.1.0h/engines/e_ossltest.c
new file mode 100644
index 0000000..b4c83cb
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_ossltest.c
@@ -0,0 +1,568 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the OSSLTEST engine. It provides deliberately crippled digest
+ * implementations for test purposes. It is highly insecure and must NOT be
+ * used for any purpose except testing
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/modes.h>
+#include <openssl/aes.h>
+#include <openssl/crypto.h>
+
+#define OSSLTEST_LIB_NAME "OSSLTEST"
+#include "e_ossltest_err.c"
+
+/* Engine Id and Name */
+static const char *engine_ossltest_id = "ossltest";
+static const char *engine_ossltest_name = "OpenSSL Test engine support";
+
+
+/* Engine Lifetime functions */
+static int ossltest_destroy(ENGINE *e);
+static int ossltest_init(ENGINE *e);
+static int ossltest_finish(ENGINE *e);
+void ENGINE_load_ossltest(void);
+
+
+/* Set up digests */
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid);
+
+/* MD5 */
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count);
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_md5_md = NULL;
+static const EVP_MD *digest_md5(void)
+{
+    if (_hidden_md5_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(MD5_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, digest_md5_init)
+            || !EVP_MD_meth_set_update(md, digest_md5_update)
+            || !EVP_MD_meth_set_final(md, digest_md5_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_md5_md = md;
+    }
+    return _hidden_md5_md;
+}
+
+/* SHA1 */
+static int digest_sha1_init(EVP_MD_CTX *ctx);
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count);
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *digest_sha1(void)
+{
+    if (_hidden_sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha1_init)
+            || !EVP_MD_meth_set_update(md, digest_sha1_update)
+            || !EVP_MD_meth_set_final(md, digest_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha1_md = md;
+    }
+    return _hidden_sha1_md;
+}
+
+/* SHA256 */
+static int digest_sha256_init(EVP_MD_CTX *ctx);
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha256_md = NULL;
+static const EVP_MD *digest_sha256(void)
+{
+    if (_hidden_sha256_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA256_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha256_init)
+            || !EVP_MD_meth_set_update(md, digest_sha256_update)
+            || !EVP_MD_meth_set_final(md, digest_sha256_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha256_md = md;
+    }
+    return _hidden_sha256_md;
+}
+
+/* SHA384/SHA512 */
+static int digest_sha384_init(EVP_MD_CTX *ctx);
+static int digest_sha512_init(EVP_MD_CTX *ctx);
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count);
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static EVP_MD *_hidden_sha384_md = NULL;
+static const EVP_MD *digest_sha384(void)
+{
+    if (_hidden_sha384_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha384_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha384_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha384_md = md;
+    }
+    return _hidden_sha384_md;
+}
+static EVP_MD *_hidden_sha512_md = NULL;
+static const EVP_MD *digest_sha512(void)
+{
+    if (_hidden_sha512_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha512_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha512_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha512_md = md;
+    }
+    return _hidden_sha512_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_md5_md);
+    _hidden_md5_md = NULL;
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+    EVP_MD_meth_free(_hidden_sha256_md);
+    _hidden_sha256_md = NULL;
+    EVP_MD_meth_free(_hidden_sha384_md);
+    _hidden_sha384_md = NULL;
+    EVP_MD_meth_free(_hidden_sha512_md);
+    _hidden_sha512_md = NULL;
+}
+static int ossltest_digest_nids(const int **nids)
+{
+    static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = digest_md5()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha256()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha384()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha512()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+/* Setup ciphers */
+static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
+                            const int **, int);
+
+static int ossltest_cipher_nids[] = {
+    NID_aes_128_cbc, 0
+};
+
+/* AES128 */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl);
+
+static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static const EVP_CIPHER *ossltest_aes_128_cbc(void)
+{
+    if (_hidden_aes_128_cbc == NULL
+        && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
+                                                       16 /* block size */,
+                                                       16 /* key len */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
+                                          EVP_CIPH_FLAG_DEFAULT_ASN1
+                                          | EVP_CIPH_CBC_MODE)
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
+                                         ossltest_aes128_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
+                                              ossltest_aes128_cbc_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
+                                                  EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
+        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+        _hidden_aes_128_cbc = NULL;
+    }
+    return _hidden_aes_128_cbc;
+}
+static void destroy_ciphers(void)
+{
+    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+    _hidden_aes_128_cbc = NULL;
+}
+
+static int bind_ossltest(ENGINE *e)
+{
+    /* Ensure the ossltest error handling is set up */
+    ERR_load_OSSLTEST_strings();
+
+    if (!ENGINE_set_id(e, engine_ossltest_id)
+        || !ENGINE_set_name(e, engine_ossltest_name)
+        || !ENGINE_set_digests(e, ossltest_digests)
+        || !ENGINE_set_ciphers(e, ossltest_ciphers)
+        || !ENGINE_set_destroy_function(e, ossltest_destroy)
+        || !ENGINE_set_init_function(e, ossltest_init)
+        || !ENGINE_set_finish_function(e, ossltest_finish)) {
+        OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_ossltest_id) != 0))
+        return 0;
+    if (!bind_ossltest(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#endif
+
+static ENGINE *engine_ossltest(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_ossltest(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void ENGINE_load_ossltest(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_ossltest();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+
+static int ossltest_init(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_finish(ENGINE *e)
+{
+    return 1;
+}
+
+
+static int ossltest_destroy(ENGINE *e)
+{
+    destroy_digests();
+    destroy_ciphers();
+    ERR_unload_OSSLTEST_strings();
+    return 1;
+}
+
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return ossltest_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    switch (nid) {
+    case NID_md5:
+        *digest = digest_md5();
+        break;
+    case NID_sha1:
+        *digest = digest_sha1();
+        break;
+    case NID_sha256:
+        *digest = digest_sha256();
+        break;
+    case NID_sha384:
+        *digest = digest_sha384();
+        break;
+    case NID_sha512:
+        *digest = digest_sha512();
+        break;
+    default:
+        ok = 0;
+        *digest = NULL;
+        break;
+    }
+    return ok;
+}
+
+static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                          const int **nids, int nid)
+{
+    int ok = 1;
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        *nids = ossltest_cipher_nids;
+        return (sizeof(ossltest_cipher_nids) - 1)
+               / sizeof(ossltest_cipher_nids[0]);
+    }
+    /* We are being asked for a specific cipher */
+    switch (nid) {
+    case NID_aes_128_cbc:
+        *cipher = ossltest_aes_128_cbc();
+        break;
+    default:
+        ok = 0;
+        *cipher = NULL;
+        break;
+    }
+    return ok;
+}
+
+static void fill_known_data(unsigned char *md, unsigned int len)
+{
+    unsigned int i;
+
+    for (i=0; i<len; i++) {
+        md[i] = (unsigned char)(i & 0xff);
+    }
+}
+
+/*
+ * MD5 implementation. We go through the motions of doing MD5 by deferring to
+ * the standard implementation. Then we overwrite the result with a will defined
+ * value, so that all "MD5" digests using the test engine always end up with
+ * the same value.
+ */
+#undef data
+#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_md5_init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(data(ctx));
+}
+
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+                             size_t count)
+{
+    return MD5_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = MD5_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, MD5_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA1 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha1_init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(data(ctx));
+}
+
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+                              size_t count)
+{
+    return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA1_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA256 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha256_init(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(data(ctx));
+}
+
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA256_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA256_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA256_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * SHA384/512 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
+static int digest_sha384_init(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(data(ctx));
+}
+
+static int digest_sha512_init(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(data(ctx));
+}
+
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+                                size_t count)
+{
+    return SHA512_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    /* Actually uses SHA512_Final! */
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA384_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    int ret;
+    ret = SHA512_Final(md, data(ctx));
+
+    if (ret > 0) {
+        fill_known_data(md, SHA512_DIGEST_LENGTH);
+    }
+    return ret;
+}
+
+/*
+ * AES128 Implementation
+ */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
+}
+
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t inl)
+{
+    unsigned char *tmpbuf;
+    int ret;
+
+    tmpbuf = OPENSSL_malloc(inl);
+    if (tmpbuf == NULL)
+        return -1;
+
+    /* Remember what we were asked to encrypt */
+    memcpy(tmpbuf, in, inl);
+
+    /* Go through the motions of encrypting it */
+    ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
+
+    /* Throw it all away and just use the plaintext as the output */
+    memcpy(out, tmpbuf, inl);
+    OPENSSL_free(tmpbuf);
+
+    return ret;
+}
diff --git a/openssl-1.1.0h/engines/e_ossltest.ec b/openssl-1.1.0h/engines/e_ossltest.ec
new file mode 100644
index 0000000..d8a1bef
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_ossltest.ec
@@ -0,0 +1 @@
+L       OSSLTEST    e_ossltest_err.h e_ossltest_err.c
diff --git a/openssl-1.1.0h/engines/e_ossltest_err.c b/openssl-1.1.0h/engines/e_ossltest_err.c
new file mode 100644
index 0000000..71d0578
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_ossltest_err.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_ossltest_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA OSSLTEST_str_functs[] = {
+    {ERR_FUNC(OSSLTEST_F_BIND_OSSLTEST), "BIND_OSSLTEST"},
+    {ERR_FUNC(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY),
+     "OSSLTEST_AES128_INIT_KEY"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
+    {ERR_REASON(OSSLTEST_R_INIT_FAILED), "init failed"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef OSSLTEST_LIB_NAME
+static ERR_STRING_DATA OSSLTEST_lib_name[] = {
+    {0, OSSLTEST_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int OSSLTEST_lib_error_code = 0;
+static int OSSLTEST_error_init = 1;
+
+static void ERR_load_OSSLTEST_strings(void)
+{
+    if (OSSLTEST_lib_error_code == 0)
+        OSSLTEST_lib_error_code = ERR_get_next_error_library();
+
+    if (OSSLTEST_error_init) {
+        OSSLTEST_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
+        ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
+#endif
+
+#ifdef OSSLTEST_LIB_NAME
+        OSSLTEST_lib_name->error = ERR_PACK(OSSLTEST_lib_error_code, 0, 0);
+        ERR_load_strings(0, OSSLTEST_lib_name);
+#endif
+    }
+}
+
+static void ERR_unload_OSSLTEST_strings(void)
+{
+    if (OSSLTEST_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
+        ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
+#endif
+
+#ifdef OSSLTEST_LIB_NAME
+        ERR_unload_strings(0, OSSLTEST_lib_name);
+#endif
+        OSSLTEST_error_init = 1;
+    }
+}
+
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
+{
+    if (OSSLTEST_lib_error_code == 0)
+        OSSLTEST_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(OSSLTEST_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl-1.1.0h/engines/e_ossltest_err.h b/openssl-1.1.0h/engines/e_ossltest_err.h
new file mode 100644
index 0000000..a323c39
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_ossltest_err.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#ifndef HEADER_OSSLTEST_ERR_H
+# define HEADER_OSSLTEST_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+static void ERR_load_OSSLTEST_strings(void);
+static void ERR_unload_OSSLTEST_strings(void);
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
+# define OSSLTESTerr(f,r) ERR_OSSLTEST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+/* Error codes for the OSSLTEST functions. */
+
+/* Function codes. */
+# define OSSLTEST_F_BIND_OSSLTEST                         100
+# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY              101
+
+/* Reason codes. */
+# define OSSLTEST_R_INIT_FAILED                           100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_padlock.c b/openssl-1.1.0h/engines/e_padlock.c
new file mode 100644
index 0000000..b86f165
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_padlock.c
@@ -0,0 +1,747 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_PADLOCK
+
+/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+#  if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#    define DYNAMIC_ENGINE
+#   endif
+#  elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#   ifdef ENGINE_DYNAMIC_SUPPORT
+#    define DYNAMIC_ENGINE
+#   endif
+#  else
+#   error "Only OpenSSL >= 0.9.7 is supported"
+#  endif
+
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ */
+
+#  undef COMPILE_HW_PADLOCK
+#  if !defined(I386_ONLY) && defined(PADLOCK_ASM)
+#   define COMPILE_HW_PADLOCK
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *ENGINE_padlock(void);
+#   endif
+#  endif
+
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_padlock_int(void);
+void engine_load_padlock_int(void)
+{
+/* On non-x86 CPUs it just returns. */
+#   ifdef COMPILE_HW_PADLOCK
+    ENGINE *toadd = ENGINE_padlock();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+#   endif
+}
+
+#  endif
+
+#  ifdef COMPILE_HW_PADLOCK
+
+/* Function for ENGINE detection and control */
+static int padlock_available(void);
+static int padlock_init(ENGINE *e);
+
+/* RNG Stuff */
+static RAND_METHOD padlock_rand;
+
+/* Cipher Stuff */
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+
+/* Engine names */
+static const char *padlock_id = "padlock";
+static char padlock_name[100];
+
+/* Available features */
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+
+/* ===== Engine "management" functions ===== */
+
+/* Prepare the ENGINE structure for registration */
+static int padlock_bind_helper(ENGINE *e)
+{
+    /* Check available features */
+    padlock_available();
+
+    /*
+     * RNG is currently disabled for reasons discussed in commentary just
+     * before padlock_rand_bytes function.
+     */
+    padlock_use_rng = 0;
+
+    /* Generate a nice engine name with available features */
+    BIO_snprintf(padlock_name, sizeof(padlock_name),
+                 "VIA PadLock (%s, %s)",
+                 padlock_use_rng ? "RNG" : "no-RNG",
+                 padlock_use_ace ? "ACE" : "no-ACE");
+
+    /* Register everything or return with an error */
+    if (!ENGINE_set_id(e, padlock_id) ||
+        !ENGINE_set_name(e, padlock_name) ||
+        !ENGINE_set_init_function(e, padlock_init) ||
+        (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+        (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+        return 0;
+    }
+
+    /* Everything looks good */
+    return 1;
+}
+
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+/* Constructor */
+static ENGINE *ENGINE_padlock(void)
+{
+    ENGINE *eng = ENGINE_new();
+
+    if (eng == NULL) {
+        return NULL;
+    }
+
+    if (!padlock_bind_helper(eng)) {
+        ENGINE_free(eng);
+        return NULL;
+    }
+
+    return eng;
+}
+#   endif
+
+/* Check availability of the engine */
+static int padlock_init(ENGINE *e)
+{
+    return (padlock_use_rng || padlock_use_ace);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#   ifdef DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, padlock_id) != 0)) {
+        return 0;
+    }
+
+    if (!padlock_bind_helper(e)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+#   endif                       /* DYNAMIC_ENGINE */
+/* ===== Here comes the "real" engine ===== */
+
+/* Some AES-related constants */
+#   define AES_BLOCK_SIZE          16
+#   define AES_KEY_SIZE_128        16
+#   define AES_KEY_SIZE_192        24
+#   define AES_KEY_SIZE_256        32
+    /*
+     * Here we store the status information relevant to the current context.
+     */
+    /*
+     * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+     * the order of items in this structure.  Don't blindly modify, reorder,
+     * etc!
+     */
+struct padlock_cipher_data {
+    unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+    union {
+        unsigned int pad[4];
+        struct {
+            int rounds:4;
+            int dgst:1;         /* n/a in C3 */
+            int align:1;        /* n/a in C3 */
+            int ciphr:1;        /* n/a in C3 */
+            unsigned int keygen:1;
+            int interm:1;
+            unsigned int encdec:1;
+            int ksize:2;
+        } b;
+    } cword;                    /* Control word */
+    AES_KEY ks;                 /* Encryption key */
+};
+
+/* Interface to assembler module */
+unsigned int padlock_capability();
+void padlock_key_bswap(AES_KEY *key);
+void padlock_verify_context(struct padlock_cipher_data *ctx);
+void padlock_reload_key();
+void padlock_aes_block(void *out, const void *inp,
+                       struct padlock_cipher_data *ctx);
+int padlock_ecb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cbc_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cfb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ofb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ctr32_encrypt(void *out, const void *inp,
+                          struct padlock_cipher_data *ctx, size_t len);
+int padlock_xstore(void *out, int edx);
+void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha1(void *ctx, const void *inp, size_t len);
+void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha256(void *ctx, const void *inp, size_t len);
+
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
+{
+    unsigned int edx = padlock_capability();
+
+    /* Fill up some flags */
+    padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+    padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+    return padlock_use_ace + padlock_use_rng;
+}
+
+/* ===== AES encryption/decryption ===== */
+
+#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#    define NID_aes_128_cfb NID_aes_128_cfb128
+#   endif
+
+#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#    define NID_aes_128_ofb NID_aes_128_ofb128
+#   endif
+
+#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#    define NID_aes_192_cfb NID_aes_192_cfb128
+#   endif
+
+#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#    define NID_aes_192_ofb NID_aes_192_ofb128
+#   endif
+
+#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#    define NID_aes_256_cfb NID_aes_256_cfb128
+#   endif
+
+#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#    define NID_aes_256_ofb NID_aes_256_ofb128
+#   endif
+
+/* List of supported ciphers. */
+static const int padlock_cipher_nids[] = {
+    NID_aes_128_ecb,
+    NID_aes_128_cbc,
+    NID_aes_128_cfb,
+    NID_aes_128_ofb,
+    NID_aes_128_ctr,
+
+    NID_aes_192_ecb,
+    NID_aes_192_cbc,
+    NID_aes_192_cfb,
+    NID_aes_192_ofb,
+    NID_aes_192_ctr,
+
+    NID_aes_256_ecb,
+    NID_aes_256_cbc,
+    NID_aes_256_cfb,
+    NID_aes_256_ofb,
+    NID_aes_256_ctr
+};
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+                                      sizeof(padlock_cipher_nids[0]));
+
+/* Function prototypes ... */
+static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc);
+
+#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
+#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
+
+static int
+padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    return padlock_ecb_encrypt(out_arg, in_arg,
+                               ALIGNED_CIPHER_DATA(ctx), nbytes);
+}
+
+static int
+padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    int ret;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+    if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+    return ret;
+}
+
+static int
+padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                chunk++, nbytes--;
+        } else
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ ivp[chunk];
+                ivp[chunk++] = c, nbytes--;
+            }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        if (cdata->cword.b.encdec) {
+            cdata->cword.b.encdec = 0;
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            cdata->cword.b.encdec = 1;
+            padlock_reload_key();
+            while (nbytes) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ *ivp;
+                *(ivp++) = c, nbytes--;
+            }
+        } else {
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            padlock_reload_key();
+            while (nbytes) {
+                *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+                ivp++, nbytes--;
+            }
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static int
+padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    /*
+     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+     */
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+            *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+            chunk++, nbytes--;
+        }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        padlock_reload_key();   /* empirically found */
+        padlock_aes_block(ivp, ivp, cdata);
+        padlock_reload_key();   /* empirically found */
+        while (nbytes) {
+            *(out_arg++) = *(in_arg++) ^ *ivp;
+            ivp++, nbytes--;
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static void padlock_ctr32_encrypt_glue(const unsigned char *in,
+                                       unsigned char *out, size_t blocks,
+                                       struct padlock_cipher_data *ctx,
+                                       const unsigned char *ivec)
+{
+    memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
+    padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
+}
+
+static int
+padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+
+    CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
+                                cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                (ctr128_f) padlock_ctr32_encrypt_glue);
+
+    EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
+    return 1;
+}
+
+#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_OFB       1
+#   define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_CTR       1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
+static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
+{                                                                       \
+    if (_hidden_aes_##ksize##_##lmode == NULL                           \
+        && ((_hidden_aes_##ksize##_##lmode =                            \
+             EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode,             \
+                                 EVP_CIPHER_block_size_##umode,         \
+                                 AES_KEY_SIZE_##ksize)) == NULL         \
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
+                                              AES_BLOCK_SIZE)           \
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
+                                          0 | EVP_CIPH_##umode##_MODE)  \
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
+                                         padlock_aes_init_key)          \
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
+                                              padlock_##lmode##_cipher) \
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
+                                                  sizeof(struct padlock_cipher_data) + 16) \
+            || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_set_asn1_iv) \
+            || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_get_asn1_iv))) { \
+        EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode);            \
+        _hidden_aes_##ksize##_##lmode = NULL;                           \
+    }                                                                   \
+    return _hidden_aes_##ksize##_##lmode;                               \
+}
+
+DECLARE_AES_EVP(128, ecb, ECB)
+DECLARE_AES_EVP(128, cbc, CBC)
+DECLARE_AES_EVP(128, cfb, CFB)
+DECLARE_AES_EVP(128, ofb, OFB)
+DECLARE_AES_EVP(128, ctr, CTR)
+
+DECLARE_AES_EVP(192, ecb, ECB)
+DECLARE_AES_EVP(192, cbc, CBC)
+DECLARE_AES_EVP(192, cfb, CFB)
+DECLARE_AES_EVP(192, ofb, OFB)
+DECLARE_AES_EVP(192, ctr, CTR)
+
+DECLARE_AES_EVP(256, ecb, ECB)
+DECLARE_AES_EVP(256, cbc, CBC)
+DECLARE_AES_EVP(256, cfb, CFB)
+DECLARE_AES_EVP(256, ofb, OFB)
+DECLARE_AES_EVP(256, ctr, CTR)
+
+static int
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+                int nid)
+{
+    /* No specific cipher => return a list of supported nids ... */
+    if (!cipher) {
+        *nids = padlock_cipher_nids;
+        return padlock_cipher_nids_num;
+    }
+
+    /* ... or the requested "cipher" otherwise */
+    switch (nid) {
+    case NID_aes_128_ecb:
+        *cipher = padlock_aes_128_ecb();
+        break;
+    case NID_aes_128_cbc:
+        *cipher = padlock_aes_128_cbc();
+        break;
+    case NID_aes_128_cfb:
+        *cipher = padlock_aes_128_cfb();
+        break;
+    case NID_aes_128_ofb:
+        *cipher = padlock_aes_128_ofb();
+        break;
+    case NID_aes_128_ctr:
+        *cipher = padlock_aes_128_ctr();
+        break;
+
+    case NID_aes_192_ecb:
+        *cipher = padlock_aes_192_ecb();
+        break;
+    case NID_aes_192_cbc:
+        *cipher = padlock_aes_192_cbc();
+        break;
+    case NID_aes_192_cfb:
+        *cipher = padlock_aes_192_cfb();
+        break;
+    case NID_aes_192_ofb:
+        *cipher = padlock_aes_192_ofb();
+        break;
+    case NID_aes_192_ctr:
+        *cipher = padlock_aes_192_ctr();
+        break;
+
+    case NID_aes_256_ecb:
+        *cipher = padlock_aes_256_ecb();
+        break;
+    case NID_aes_256_cbc:
+        *cipher = padlock_aes_256_cbc();
+        break;
+    case NID_aes_256_cfb:
+        *cipher = padlock_aes_256_cfb();
+        break;
+    case NID_aes_256_ofb:
+        *cipher = padlock_aes_256_ofb();
+        break;
+    case NID_aes_256_ctr:
+        *cipher = padlock_aes_256_ctr();
+        break;
+
+    default:
+        /* Sorry, we don't support this NID */
+        *cipher = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Prepare the encryption key for PadLock usage */
+static int
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                     const unsigned char *iv, int enc)
+{
+    struct padlock_cipher_data *cdata;
+    int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (key == NULL)
+        return 0;               /* ERROR */
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    memset(cdata, 0, sizeof(*cdata));
+
+    /* Prepare Control word. */
+    if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
+        cdata->cword.b.encdec = 0;
+    else
+        cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
+    cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+    cdata->cword.b.ksize = (key_len - 128) / 64;
+
+    switch (key_len) {
+    case 128:
+        /*
+         * PadLock can generate an extended key for AES128 in hardware
+         */
+        memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+        cdata->cword.b.keygen = 0;
+        break;
+
+    case 192:
+    case 256:
+        /*
+         * Generate an extended AES key in software. Needed for AES192/AES256
+         */
+        /*
+         * Well, the above applies to Stepping 8 CPUs and is listed as
+         * hardware errata. They most likely will fix it at some point and
+         * then a check for stepping would be due here.
+         */
+        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+            && !enc)
+            AES_set_decrypt_key(key, key_len, &cdata->ks);
+        else
+            AES_set_encrypt_key(key, key_len, &cdata->ks);
+#   ifndef AES_ASM
+        /*
+         * OpenSSL C functions use byte-swapped extended key.
+         */
+        padlock_key_bswap(&cdata->ks);
+#   endif
+        cdata->cword.b.keygen = 1;
+        break;
+
+    default:
+        /* ERROR */
+        return 0;
+    }
+
+    /*
+     * This is done to cover for cases when user reuses the
+     * context for new key. The catch is that if we don't do
+     * this, padlock_eas_cipher might proceed with old key...
+     */
+    padlock_reload_key();
+
+    return 1;
+}
+
+/* ===== Random Number Generator ===== */
+/*
+ * This code is not engaged. The reason is that it does not comply
+ * with recommendations for VIA RNG usage for secure applications
+ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
+ * provide meaningful error control...
+ */
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
+{
+    unsigned int eax, buf;
+
+    while (count >= 8) {
+        eax = padlock_xstore(output, 0);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 8)
+            return 0;           /* fatal failure...  */
+        output += 8;
+        count -= 8;
+    }
+    while (count > 0) {
+        eax = padlock_xstore(&buf, 3);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 1)
+            return 0;           /* fatal failure...  */
+        *output++ = (unsigned char)buf;
+        count--;
+    }
+    OPENSSL_cleanse(&buf, sizeof(buf));
+
+    return 1;
+}
+
+/* Dummy but necessary function */
+static int padlock_rand_status(void)
+{
+    return 1;
+}
+
+/* Prepare structure for registration */
+static RAND_METHOD padlock_rand = {
+    NULL,                       /* seed */
+    padlock_rand_bytes,         /* bytes */
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    padlock_rand_bytes,         /* pseudorand */
+    padlock_rand_status,        /* rand status */
+};
+
+#  endif                        /* COMPILE_HW_PADLOCK */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
+
+#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
+        || !defined(COMPILE_HW_PADLOCK)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# endif
+#endif
diff --git a/openssl-1.1.0h/engines/e_padlock.ec b/openssl-1.1.0h/engines/e_padlock.ec
new file mode 100644
index 0000000..5c8a1d2
--- /dev/null
+++ b/openssl-1.1.0h/engines/e_padlock.ec
@@ -0,0 +1 @@
+L PADLOCK	e_padlock_err.h			e_padlock_err.c
diff --git a/openssl-1.1.0h/engines/vendor_defns/hwcryptohook.h b/openssl-1.1.0h/engines/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000..c3dcd56
--- /dev/null
+++ b/openssl-1.1.0h/engines/vendor_defns/hwcryptohook.h
@@ -0,0 +1,509 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ *    this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions, and the following
+ *    disclaimer, in the documentation and/or other materials provided
+ *    with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence.  Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage.  In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation."  Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty.  If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above.  You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ */
+
+#ifndef HWCRYPTOHOOK_H
+# define HWCRYPTOHOOK_H
+
+# include <sys/types.h>
+# include <stdio.h>
+
+# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#  define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+# endif
+
+# define HWCRYPTOHOOK_ERROR_FAILED   -1
+# define HWCRYPTOHOOK_ERROR_FALLBACK -2
+# define HWCRYPTOHOOK_ERROR_MPISIZE  -3
+
+# if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/*-
+ * These structs are defined by the application and opaque to the
+ * crypto plugin.  The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types.  (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue
+ HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+# endif                         /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/*-
+ * These next two structs are opaque to the application.  The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+    char *buf;
+    size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/*-
+ * Used for error reporting.  When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ *
+ * size is the size of the buffer, and will not be modified.  If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+    unsigned char *buf;
+    size_t size;
+} HWCryptoHook_MPI;
+/*-
+ * When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available.  Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size.  Zero limbs at the MS end are not
+ * permitted.
+ */
+
+# define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
+# define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
+/*-
+ * Enable requesting fallback to software in case of problems with the
+ * hardware support.  This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+# define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
+/*-
+ * Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed.  However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish.  Instead, they should call exit (or die with a signal)
+ * without calling _Finish.  After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+    unsigned long flags;
+    void *logstream;            /* usually a FILE*.  See below. */
+    size_t limbsize;            /* bignum format - size of radix type, must
+                                 * be power of 2 */
+    int mslimbfirst;            /* 0 or 1 */
+    int msbytefirst;            /* 0 or 1; -1 = native */
+    /*-
+    * All the callback functions should return 0 on success, or a
+    * nonzero integer (whose value will be visible in the error message
+    * put in the buffer passed to the call).
+    *
+    * If a callback is not available pass a null function pointer.
+    *
+    * The callbacks may not call down again into the crypto plugin.
+    */
+    /*-
+    * For thread-safety.  Set everything to 0 if you promise only to be
+    * singlethreaded.  maxsimultaneous is the number of calls to
+    * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
+    * put there then say 0 and the hook library will use a default.
+    *
+    * maxmutexes is a small limit on the number of simultaneous mutexes
+    * which will be requested by the library.  If there is no small
+    * limit, set it to 0.  If the crypto plugin cannot create the
+    * advertised number of mutexes the calls to its functions may fail.
+    * If a low number of mutexes is advertised the plugin will try to
+    * do the best it can.  Making larger numbers of mutexes available
+    * may improve performance and parallelism by reducing contention
+    * over critical sections.  Unavailability of any mutexes, implying
+    * single-threaded operation, should be indicated by the setting
+    * mutex_init et al to 0.
+    */
+    int maxmutexes;
+    int maxsimultaneous;
+    size_t mutexsize;
+    int (*mutex_init) (HWCryptoHook_Mutex *,
+                       HWCryptoHook_CallerContext * cactx);
+    int (*mutex_acquire) (HWCryptoHook_Mutex *);
+    void (*mutex_release) (HWCryptoHook_Mutex *);
+    void (*mutex_destroy) (HWCryptoHook_Mutex *);
+    /*-
+    * For greater efficiency, can use condition vars internally for
+    * synchronisation.  In this case maxsimultaneous is ignored, but
+    * the other mutex stuff must be available.  In singlethreaded
+    * programs, set everything to 0.
+    */
+    size_t condvarsize;
+    int (*condvar_init) (HWCryptoHook_CondVar *,
+                         HWCryptoHook_CallerContext * cactx);
+    int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
+    void (*condvar_signal) (HWCryptoHook_CondVar *);
+    void (*condvar_broadcast) (HWCryptoHook_CondVar *);
+    void (*condvar_destroy) (HWCryptoHook_CondVar *);
+    /*-
+    * The semantics of acquiring and releasing mutexes and broadcasting
+    * and waiting on condition variables are expected to be those from
+    * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
+    * fast mutexes, recursive mutexes, or nonrecursive ones.
+    *
+    * The _release/_signal/_broadcast and _destroy functions must
+    * always succeed when given a valid argument; if they are given an
+    * invalid argument then the program (crypto plugin + application)
+    * has an internal error, and they should abort the program.
+    */
+    int (*getpassphrase) (const char *prompt_info,
+                          int *len_io, char *buf,
+                          HWCryptoHook_PassphraseContext * ppctx,
+                          HWCryptoHook_CallerContext * cactx);
+    /*-
+    * Passphrases and the prompt_info, if they contain high-bit-set
+    * characters, are UTF-8.  The prompt_info may be a null pointer if
+    * no prompt information is available (it should not be an empty
+    * string).  It will not contain text like `enter passphrase';
+    * instead it might say something like `Operator Card for John
+    * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+    *
+    * buf points to a buffer in which to return the passphrase; on
+    * entry *len_io is the length of the buffer.  It should be updated
+    * by the callback.  The returned passphrase should not be
+    * null-terminated by the callback.
+    */
+    int (*getphystoken) (const char *prompt_info,
+                         const char *wrong_info,
+                         HWCryptoHook_PassphraseContext * ppctx,
+                         HWCryptoHook_CallerContext * cactx);
+    /*-
+    * Requests that the human user physically insert a different
+    * smartcard, DataKey, etc.  The plugin should check whether the
+    * currently inserted token(s) are appropriate, and if they are it
+    * should not make this call.
+    *
+    * prompt_info is as before.  wrong_info is a description of the
+    * currently inserted token(s) so that the user is told what
+    * something is.  wrong_info, like prompt_info, may be null, but
+    * should not be an empty string.  Its contents should be
+    * syntactically similar to that of prompt_info.
+    */
+    /*-
+    * Note that a single LoadKey operation might cause several calls to
+    * getpassphrase and/or requestphystoken.  If requestphystoken is
+    * not provided (ie, a null pointer is passed) then the plugin may
+    * not support loading keys for which authorisation by several cards
+    * is required.  If getpassphrase is not provided then cards with
+    * passphrases may not be supported.
+    *
+    * getpassphrase and getphystoken do not need to check that the
+    * passphrase has been entered correctly or the correct token
+    * inserted; the crypto plugin will do that.  If this is not the
+    * case then the crypto plugin is responsible for calling these
+    * routines again as appropriate until the correct token(s) and
+    * passphrase(s) are supplied as required, or until any retry limits
+    * implemented by the crypto plugin are reached.
+    *
+    * In either case, the application must allow the user to say `no'
+    * or `cancel' to indicate that they do not know the passphrase or
+    * have the appropriate token; this should cause the callback to
+    * return nonzero indicating error.
+    */
+    void (*logmessage) (void *logstream, const char *message);
+    /*-
+    * A log message will be generated at least every time something goes
+    * wrong and an ErrMsgBuf is filled in (or would be if one was
+    * provided).  Other diagnostic information may be written there too,
+    * including more detailed reasons for errors which are reported in an
+    * ErrMsgBuf.
+    *
+    * When a log message is generated, this callback is called.  It
+    * should write a message to the relevant logging arrangements.
+    *
+    * The message string passed will be null-terminated and may be of arbitrary
+    * length.  It will not be prefixed by the time and date, nor by the
+    * name of the library that is generating it - if this is required,
+    * the logmessage callback must do it.  The message will not have a
+    * trailing newline (though it may contain internal newlines).
+    *
+    * If a null pointer is passed for logmessage a default function is
+    * used.  The default function treats logstream as a FILE* which has
+    * been converted to a void*.  If logstream is 0 it does nothing.
+    * Otherwise it prepends the date and time and library name and
+    * writes the message to logstream.  Each line will be prefixed by a
+    * descriptive string containing the date, time and identity of the
+    * crypto plugin.  Errors on the logstream are not reported
+    * anywhere, and the default function doesn't flush the stream, so
+    * the application must set the buffering how it wants it.
+    *
+    * The crypto plugin may also provide a facility to have copies of
+    * log messages sent elsewhere, and or for adjusting the verbosity
+    * of the log messages; any such facilities will be configured by
+    * external means.
+    */
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
+                                               initinfo, size_t initinfosize,
+                                               const HWCryptoHook_ErrMsgBuf *
+                                               errors,
+                                               HWCryptoHook_CallerContext *
+                                               cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/*-
+ * Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/*-
+ * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct.  In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/*-
+ * The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.  They are otherwise identical.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+                               unsigned char *buf, size_t len,
+                               const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+                          HWCryptoHook_MPI a,
+                          HWCryptoHook_MPI p,
+                          HWCryptoHook_MPI n,
+                          HWCryptoHook_MPI * r,
+                          const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+                               HWCryptoHook_MPI m,
+                               HWCryptoHook_MPI e,
+                               HWCryptoHook_MPI n,
+                               HWCryptoHook_MPI * r,
+                               const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+                             HWCryptoHook_MPI a,
+                             HWCryptoHook_MPI p,
+                             HWCryptoHook_MPI q,
+                             HWCryptoHook_MPI dmp1,
+                             HWCryptoHook_MPI dmq1,
+                             HWCryptoHook_MPI iqmp,
+                             HWCryptoHook_MPI * r,
+                             const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+                                HWCryptoHook_MPI m,
+                                HWCryptoHook_MPI p,
+                                HWCryptoHook_MPI q,
+                                HWCryptoHook_MPI dmp1,
+                                HWCryptoHook_MPI dmq1,
+                                HWCryptoHook_MPI iqmp,
+                                HWCryptoHook_MPI * r,
+                                const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/*-
+ * The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ *    should be no attempt to fall back to software.  (Eg, for some
+ *    applications, which support only the acceleration-only
+ *    functions, the `key material' may actually be an encoded key
+ *    identifier, and doing the operation in software would give wrong
+ *    answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ *    reasonable.  If an application pays attention to this and is
+ *    able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+                              const char *key_ident,
+                              HWCryptoHook_RSAKeyHandle * keyhandle_r,
+                              const HWCryptoHook_ErrMsgBuf * errors,
+                              HWCryptoHook_PassphraseContext * ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/*-
+ * The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system.  The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters.  The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters  _ - + . / @ ~  (the user is expected to be able
+ * to enter these without quoting).  The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+                                   HWCryptoHook_MPI * n,
+                                   HWCryptoHook_MPI * e,
+                                   const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/*-
+ * The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format.  These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request.  Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+                                const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+                       HWCryptoHook_RSAKeyHandle k,
+                       HWCryptoHook_MPI * r,
+                       const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+
+#endif                          /* HWCRYPTOHOOK_H */
diff --git a/openssl-1.1.0h/external/perl/Downloaded.txt b/openssl-1.1.0h/external/perl/Downloaded.txt
new file mode 100644
index 0000000..af0c20a
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Downloaded.txt
@@ -0,0 +1,13 @@
+Intro
+-----
+
+If we find a useful Perl module that isn't one of the core Perl
+modules, we may choose to bundle it with the OpenSSL source.
+
+Here, we simply list those modules and where we downloaded them from.
+
+Downloaded and bundled Perl modules
+-----------------------------------
+
+Text::Template 1.46 was downloaded from
+http://search.cpan.org/CPAN/authors/id/M/MJ/MJD/Text-Template-1.46.tar.gz
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/Artistic b/openssl-1.1.0h/external/perl/Text-Template-1.46/Artistic
new file mode 100644
index 0000000..5f22124
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/Artistic
@@ -0,0 +1,131 @@
+
+
+
+
+			 The "Artistic License"
+
+				Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+	"Package" refers to the collection of files distributed by the
+	Copyright Holder, and derivatives of that collection of files
+	created through textual modification.
+
+	"Standard Version" refers to such a Package if it has not been
+	modified, or has been modified in accordance with the wishes
+	of the Copyright Holder as specified below.
+
+	"Copyright Holder" is whoever is named in the copyright or
+	copyrights for the package.
+
+	"You" is you, if you're thinking about copying or distributing
+	this Package.
+
+	"Reasonable copying fee" is whatever you can justify on the
+	basis of media cost, duplication charges, time of people involved,
+	and so on.  (You will not be required to justify it to the
+	Copyright Holder, but only to the computing community at large
+	as a market that must bear the fee.)
+
+	"Freely Available" means that no fee is charged for the item
+	itself, though there may be fees involved in handling the item.
+	It also means that recipients of the item may redistribute it
+	under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+				The End
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/COPYING b/openssl-1.1.0h/external/perl/Text-Template-1.46/COPYING
new file mode 100644
index 0000000..a3f6b12
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          59 Temple Place - Suite 330, Boston, MA
+                          02111-1307, USA.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/INSTALL b/openssl-1.1.0h/external/perl/Text-Template-1.46/INSTALL
new file mode 100644
index 0000000..7c5e4c6
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/INSTALL
@@ -0,0 +1,31 @@
+
+To install:
+
+	perl Makefile.PL
+
+to construct the Makefile, then
+
+	make test
+
+to test the package.  If it fails any tests, please send me the output
+of `make test' and `perl -V'.  I'll tell you whether it is safe to go
+ahead, or I'll provide a fix.
+
+If it passes the tests, use
+
+	make install
+
+to install it.
+
+Detailed documentation is at the bottom of the lib/Text/Template.pm
+file.  You may be able to view it with the following command:
+
+        perldoc Text::Template
+ 
+Or:
+
+        perldoc lib/Text/Template.pm
+
+If you have problems, send me mail:
+
+mjd-perl-template+@plover.com
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/MANIFEST b/openssl-1.1.0h/external/perl/Text-Template-1.46/MANIFEST
new file mode 100644
index 0000000..22460fe
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/MANIFEST
@@ -0,0 +1,25 @@
+MANIFEST
+COPYING
+Artistic
+Makefile.PL
+INSTALL
+README
+lib/Text/Template.pm
+lib/Text/Template/Preprocess.pm
+t/00-version.t
+t/01-basic.t
+t/02-hash.t
+t/03-out.t
+t/04-safe.t
+t/05-safe2.t
+t/06-ofh.t
+t/07-safe3.t
+t/08-exported.t
+t/09-error.t
+t/10-delimiters.t
+t/11-prepend.t
+t/12-preprocess.t
+t/13-taint.t
+t/14-broken.t
+META.yml                                 Module meta-data (added by MakeMaker)
+META.json                                Module JSON meta-data (added by MakeMaker)
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/META.json b/openssl-1.1.0h/external/perl/Text-Template-1.46/META.json
new file mode 100644
index 0000000..6b335eb
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/META.json
@@ -0,0 +1,39 @@
+{
+   "abstract" : "unknown",
+   "author" : [
+      "unknown"
+   ],
+   "dynamic_config" : 1,
+   "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630",
+   "license" : [
+      "unknown"
+   ],
+   "meta-spec" : {
+      "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
+      "version" : "2"
+   },
+   "name" : "Text-Template",
+   "no_index" : {
+      "directory" : [
+         "t",
+         "inc"
+      ]
+   },
+   "prereqs" : {
+      "build" : {
+         "requires" : {
+            "ExtUtils::MakeMaker" : "0"
+         }
+      },
+      "configure" : {
+         "requires" : {
+            "ExtUtils::MakeMaker" : "0"
+         }
+      },
+      "runtime" : {
+         "requires" : {}
+      }
+   },
+   "release_status" : "stable",
+   "version" : "1.46"
+}
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/META.yml b/openssl-1.1.0h/external/perl/Text-Template-1.46/META.yml
new file mode 100644
index 0000000..a2e2715
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/META.yml
@@ -0,0 +1,21 @@
+---
+abstract: unknown
+author:
+  - unknown
+build_requires:
+  ExtUtils::MakeMaker: 0
+configure_requires:
+  ExtUtils::MakeMaker: 0
+dynamic_config: 1
+generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630'
+license: unknown
+meta-spec:
+  url: http://module-build.sourceforge.net/META-spec-v1.4.html
+  version: 1.4
+name: Text-Template
+no_index:
+  directory:
+    - t
+    - inc
+requires: {}
+version: 1.46
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/Makefile.PL b/openssl-1.1.0h/external/perl/Text-Template-1.46/Makefile.PL
new file mode 100644
index 0000000..491e03c
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/Makefile.PL
@@ -0,0 +1,7 @@
+use ExtUtils::MakeMaker;
+WriteMakefile(
+	      NAME => 'Text::Template',
+	      VERSION_FROM => 'lib/Text/Template.pm',
+#	      'linkext' => {LINKTYPE => ''},
+	      'dist' => {COMPRESS => 'gzip', SUFFIX => 'gz'},
+);
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/README b/openssl-1.1.0h/external/perl/Text-Template-1.46/README
new file mode 100644
index 0000000..e184d8c
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/README
@@ -0,0 +1,339 @@
+
+Text::Template v1.46
+
+This is a library for generating form letters, building HTML pages, or
+filling in templates generally.  A `template' is a piece of text that
+has little Perl programs embedded in it here and there.  When you
+`fill in' a template, you evaluate the little programs and replace
+them with their values.  
+
+Here's an example of a template:
+
+	Dear {$title} {$lastname},
+
+	It has come to our attention that you are delinquent in your
+	{$monthname[$last_paid_month]} payment.  Please remit
+	${sprintf("%.2f", $amount)} immediately, or your patellae may
+	be needlessly endangered.
+
+			Love,
+
+			Mark "{nickname(rand 20)}" Dominus
+
+
+The result of filling in this template is a string, which might look
+something like this:
+
+	Dear Mr. Gates,
+
+	It has come to our attention that you are delinquent in your
+	February payment.  Please remit
+	$392.12 immediately, or your patellae may
+	be needlessly endangered.
+
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+You can store a template in a file outside your program.  People can
+modify the template without modifying the program.  You can separate
+the formatting details from the main code, and put the formatting
+parts of the program into the template.  That prevents code bloat and
+encourages functional separation.
+
+You can fill in the template in a `Safe' compartment.  This means that
+if you don't trust the person who wrote the code in the template, you
+won't have to worry that they are tampering with your program when you
+execute it.  
+
+----------------------------------------------------------------
+
+Text::Template was originally released some time in late 1995 or early
+1996.  After three years of study and investigation, I rewrote it from
+scratch in January 1999.  The new version, 1.0, was much faster,
+delivered better functionality and was almost 100% backward-compatible
+with the previous beta versions.
+
+I have added a number of useful features and conveniences since the
+1.0 release, while still retaining backward compatibility.  With one
+merely cosmetic change, the current version of Text::Template passes
+the test suite that the old beta versions passed.
+
+Questions or comments should be addressed to
+mjd-perl-template+@plover.com.  This address goes directly to me, and
+not to anyone else; it is not a mailing list address.
+
+To receive occasional announcements of new versions of T::T, send an
+empty note to mjd-perl-template-request@plover.com.  This mailing list
+is not for discussion; it is for announcements only.  Therefore, there
+is no address for sending messages to the list.
+
+You can get the most recent version of Text::Template, news, comments,
+and other collateral information from
+<URL:http://www.plover.com/~mjd/perl/Template/>.
+
+----------------------------------------------------------------
+
+What's new in v1.46 since v1.44:
+
+        Thanks to Rik Signes, there is a new
+        Text::Template->append_text_to_output method, which
+        Text::Template always uses whenever it wants to emit output.
+        You can subclass this to get control over the output, for
+        example for postprocessing.
+
+        A spurious warning is no longer emitted when the TYPE
+        parameter to ->new is omitted.
+
+----------------------------------------------------------------
+What's new in v1.44 since v1.43: 
+
+This is a maintentance release.  There are no feature changes.
+
+        _scrubpkg, which was responsible for eptying out temporary
+        packages after the module had done with them, wasn't always
+        working; the result was memory-leaks in long-running
+        applications.  This should be fixed now, and there is a test
+        in the test suite for it.
+
+        Minor changes to the test suite to prevent spurious errors.
+
+        Minor documentation changes.
+
+----------------------------------------------------------------
+What's new in v1.43 since v1.42:
+
+        The ->new method now fails immediately and sets
+        $Text::Template::ERROR if the file that is named by a filename
+        argument does not exist or cannot be opened for some other
+        reason.  Formerly, the constructor would succeed and the
+        ->fill_in call would fail.
+
+----------------------------------------------------------------
+
+What's new in v1.42 since v1.41:
+
+This is a maintentance release.  There are no feature changes.
+
+        Fixed a bug relating to use of UNTAINT under perl 5.005_03 and
+        possibly other versions.
+
+        Taint-related tests are now more comprehensive.
+----------------------------------------------------------------
+
+What's new in v1.41 since v1.40:
+
+This is a maintentance release.  There are no feature changes.
+
+        Tests now work correctly on Windows systems and possibly on
+        other non-unix systems.
+
+----------------------------------------------------------------
+
+What's new in v1.40 since v1.31:
+
+        New UNTAINT option tells the module that it is safe to 'eval'
+        code even though it has come from a file or filehandle.
+
+        Code added to prevent memory leaks when filling many
+        templates.  Thanks to Itamar Almeida de Carvalho.
+
+        Bug fix:  $OUT was not correctly initialized when used in
+        conjunction with SAFE.
+
+        You may now use a glob ref when passing a filehandle to the
+        ->new funcion.  Formerly, a glob was reuqired.
+
+        New subclass:  Text::Template::Preprocess.  Just like
+        Text::Template, but you may supply a PREPROCESS option in the
+        constructor or the fill_in call; this is a function which
+        receives each code fragment prior to evaluation, and which may
+        modify and return the fragment; the modified fragment is what
+        is evaluated.
+
+        Error messages passed to BROKEN subroutines will now report
+        the correct line number of the template at which the error
+        occurred:
+
+                Illegal division by zero at template line 37.
+
+        If the template comes from a file, the filename will be
+        reported as well:
+
+                Illegal division by zero at catalog.tmpl line 37.
+
+
+        INCOMPATIBLE CHANGE:
+
+        The format of the default error message has changed.  It used
+        to look like:
+
+                Program fragment at line 30 delivered error ``Illegal division by zero''
+
+        It now looks like:
+
+                Program fragment delivered error ``Illegal division by zero at catalog.tmpl line 37''
+
+        Note that the default message used to report the line number
+        at which the program fragment began; it now reports the line
+        number at which the error actually occurred.
+
+----------------------------------------------------------------
+What's new in v1.31 since v1.23:
+
+	Just bug fixes---fill_in_string was failing.  Thanks to 
+        Donald L. Greer Jr. for the test case.
+
+----------------------------------------------------------------
+What's new in v1.23 since v1.22:
+
+	Small bug fix:  DELIMITER and other arguments were being
+	ignored in calls to fill_in_file and fill_this_in.  (Thanks to
+	Jonathan Roy for reporting this.)
+
+----------------------------------------------------------------
+What's new in v1.22 since v1.20:
+
+	You can now specify that certain Perl statements be prepended
+	to the beginning of every program fragment in a template,
+	either per template, or for all templates, or for the duration
+	of only one call to fill_in.  This is useful, for example, if
+	you want to enable `strict' checks in your templates but you
+	don't want to manually add `use strict' to the front of every
+	program fragment everywhere.
+
+----------------------------------------------------------------
+What's new in v1.20 since v1.12:
+
+	You can now specify that the program fragment delimiters are
+	strings other than { and }.  This has three interesting
+	effects: First, it changes the delimiter strings.  Second, it
+	disables the special meaning of \, so you have to be really,
+	really sure that the delimiters will not appear in your
+	templates.  And third, because of the simplifications
+	introduced by the elimination of \ processing, template
+	parsing is 20-25% faster.
+
+	See the manual section on `Alternative Delimiters'.
+
+	Fixed bug having to do with undefined values in HASH options.
+	In particular, Text::Template no longer generates a warning if
+	you try to give a variable an undefined value.
+
+----------------------------------------------------------------
+
+What's new in v1.12 since v1.11:
+
+	I forgot to say that Text::Template ISA Exporter, so the
+	exported functions never got exported.  Duhhh!
+
+	Template TYPEs are now case-insensitive.  The `new' method now
+	diagnoses attempts to use an invalid TYPE.
+
+	More tests for these things.
+
+----------------------------------------------------------------
+
+What's new in v1.11 since v1.10:
+
+	Fixed a bug in the way backslashes were processed.  The 1.10
+	behavior was incompatible with the beta versions and was also
+	inconvenient.  (`\n' in templates was replaced with `n' before
+	it was given to Perl for evaluation.)  The new behavior is
+	also incompatible with the beta versions, but it is only a
+	little bit incompatible, and it is probbaly better.
+
+	Documentation for the new behavior, and tests for the bug.
+
+----------------------------------------------------------------
+
+What's new in v1.10 since v1.03:
+
+	New OUTPUT option delivers template results directly to a
+	filehandle instead of making them into a string.  Saves space
+	and time. 
+
+	PACKAGE and HASH now work intelligently with SAFE.
+
+	Fragments may now output data directly to the template, rather
+	than having to arrange to return it as a return value at the
+	end.  This means that where you used to have to write this:
+
+			{ my $blist = '';
+		          foreach $i (@items) {
+		            $blist .= qq{  * $i\n};
+		          }    
+		          $blist;
+		        } 
+
+	You can now write this instead, because $OUT is special.
+
+			{ foreach $i (@items) {
+		            $OUT.= "  * $i\n";
+		          }    
+		        } 
+
+	(`A spoonful of sugar makes the medicine go down.')
+
+	Fixed some small bugs.  Worked around a bug in Perl that does
+	the wrong thing with $x = <Y> when $x contains a glob.
+
+	More documentation.  Errors fixed.
+
+	Lots more tests.  
+
+----------------------------------------------------------------
+
+What's new in v1.03 since v1.0:
+
+	Code added to support HASH option to fill_in.
+	(Incl. `_gensym' function.)
+	
+	Documentation for HASH.
+	
+	New test file for HASH.
+	
+	Note about failure of lexical variables to propagate into
+ 	templates.  Why does this surprise people?
+	
+	Bug fix: program fragments are evaluated in an environment with
+ 	`no strict' by default.  Otherwise, you get a lot of `Global
+ 	symbol "$v" requires explicit package name' failures.  Why didn't
+ 	the test program pick this up?  Because the only variable the test
+ 	program ever used was `$a', which is exempt.  Duhhhhh.
+	
+	Fixed the test program.
+	
+	Various minor documentation fixes.
+
+
+
+----------------------------------------------------------------
+
+Improvements of 1.0 over the old 0.1beta:
+
+New features:
+
+      At least twice as fast 
+
+      Better support for filling out the same template more than once 
+
+      Now supports evaluation of program fragments in Safe
+      compartments. (Thanks, Jonathan!)  
+
+      Better argument syntax 
+
+      More convenience functions 
+
+      The parser is much better and simpler. 
+
+      Once a template is parsed, the parsed version is stored so that
+      it needn't be parsed again.  
+
+      BROKEN function behavior is rationalized. You can now pass an
+      arbitrary argument to your BROKEN function, or return a value
+      from it to the main program.  
+
+      Documentation overhauled. 
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template.pm b/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template.pm
new file mode 100644
index 0000000..dc4f3ba
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template.pm
@@ -0,0 +1,1973 @@
+# -*- perl -*-
+# Text::Template.pm
+#
+# Fill in `templates'
+#
+# Copyright 2013 M. J. Dominus.
+# You may copy and distribute this program under the
+# same terms as Perl iteself.  
+# If in doubt, write to mjd-perl-template+@plover.com for a license.
+#
+# Version 1.46
+
+package Text::Template;
+require 5.004;
+use Exporter;
+@ISA = qw(Exporter);
+@EXPORT_OK = qw(fill_in_file fill_in_string TTerror);
+use vars '$ERROR';
+use strict;
+
+$Text::Template::VERSION = '1.46';
+my %GLOBAL_PREPEND = ('Text::Template' => '');
+
+sub Version {
+  $Text::Template::VERSION;
+}
+
+sub _param {
+  my $kk;
+  my ($k, %h) = @_;
+  for $kk ($k, "\u$k", "\U$k", "-$k", "-\u$k", "-\U$k") {
+    return $h{$kk} if exists $h{$kk};
+  }
+  return;
+}
+
+sub always_prepend
+{
+  my $pack = shift;
+  my $old = $GLOBAL_PREPEND{$pack};
+  $GLOBAL_PREPEND{$pack} = shift;
+  $old;
+}
+
+{
+  my %LEGAL_TYPE;
+  BEGIN { 
+    %LEGAL_TYPE = map {$_=>1} qw(FILE FILEHANDLE STRING ARRAY);
+  }
+  sub new {
+    my $pack = shift;
+    my %a = @_;
+    my $stype = uc(_param('type', %a) || "FILE");
+    my $source = _param('source', %a);
+    my $untaint = _param('untaint', %a);
+    my $prepend = _param('prepend', %a);
+    my $alt_delim = _param('delimiters', %a);
+    my $broken = _param('broken', %a);
+    unless (defined $source) {
+      require Carp;
+      Carp::croak("Usage: $ {pack}::new(TYPE => ..., SOURCE => ...)");
+    }
+    unless ($LEGAL_TYPE{$stype}) {
+      require Carp;
+      Carp::croak("Illegal value `$stype' for TYPE parameter");
+    }
+    my $self = {TYPE => $stype,
+		PREPEND => $prepend,
+                UNTAINT => $untaint,
+                BROKEN => $broken,
+		(defined $alt_delim ? (DELIM => $alt_delim) : ()),
+	       };
+    # Under 5.005_03, if any of $stype, $prepend, $untaint, or $broken
+    # are tainted, all the others become tainted too as a result of
+    # sharing the expression with them.  We install $source separately
+    # to prevent it from acquiring a spurious taint.
+    $self->{SOURCE} = $source;
+
+    bless $self => $pack;
+    return unless $self->_acquire_data;
+    
+    $self;
+  }
+}
+
+# Convert template objects of various types to type STRING,
+# in which the template data is embedded in the object itself.
+sub _acquire_data {
+  my ($self) = @_;
+  my $type = $self->{TYPE};
+  if ($type eq 'STRING') {
+    # nothing necessary    
+  } elsif ($type eq 'FILE') {
+    my $data = _load_text($self->{SOURCE});
+    unless (defined $data) {
+      # _load_text already set $ERROR
+      return undef;
+    }
+    if ($self->{UNTAINT} && _is_clean($self->{SOURCE})) {
+      _unconditionally_untaint($data);
+    }
+    $self->{TYPE} = 'STRING';
+    $self->{FILENAME} = $self->{SOURCE};
+    $self->{SOURCE} = $data;
+  } elsif ($type eq 'ARRAY') {
+    $self->{TYPE} = 'STRING';
+    $self->{SOURCE} = join '', @{$self->{SOURCE}};
+  } elsif ($type eq 'FILEHANDLE') {
+    $self->{TYPE} = 'STRING';
+    local $/;
+    my $fh = $self->{SOURCE};
+    my $data = <$fh>; # Extra assignment avoids bug in Solaris perl5.00[45].
+    if ($self->{UNTAINT}) {
+      _unconditionally_untaint($data);
+    }
+    $self->{SOURCE} = $data;
+  } else {
+    # This should have been caught long ago, so it represents a 
+    # drastic `can't-happen' sort of failure
+    my $pack = ref $self;
+    die "Can only acquire data for $pack objects of subtype STRING, but this is $type; aborting";
+  }
+  $self->{DATA_ACQUIRED} = 1;
+}
+
+sub source {
+  my ($self) = @_;
+  $self->_acquire_data unless $self->{DATA_ACQUIRED};
+  return $self->{SOURCE};
+}
+
+sub set_source_data {
+  my ($self, $newdata) = @_;
+  $self->{SOURCE} = $newdata;
+  $self->{DATA_ACQUIRED} = 1;
+  $self->{TYPE} = 'STRING';
+  1;
+}
+
+sub compile {
+  my $self = shift;
+
+  return 1 if $self->{TYPE} eq 'PREPARSED';
+
+  return undef unless $self->_acquire_data;
+  unless ($self->{TYPE} eq 'STRING') {
+    my $pack = ref $self;
+    # This should have been caught long ago, so it represents a 
+    # drastic `can't-happen' sort of failure
+    die "Can only compile $pack objects of subtype STRING, but this is $self->{TYPE}; aborting";
+  }
+
+  my @tokens;
+  my $delim_pats = shift() || $self->{DELIM};
+
+  
+
+  my ($t_open, $t_close) = ('{', '}');
+  my $DELIM;			# Regex matches a delimiter if $delim_pats
+  if (defined $delim_pats) {
+    ($t_open, $t_close) = @$delim_pats;
+    $DELIM = "(?:(?:\Q$t_open\E)|(?:\Q$t_close\E))";
+    @tokens = split /($DELIM|\n)/, $self->{SOURCE};
+  } else {
+    @tokens = split /(\\\\(?=\\*[{}])|\\[{}]|[{}\n])/, $self->{SOURCE};
+  }
+  my $state = 'TEXT';
+  my $depth = 0;
+  my $lineno = 1;
+  my @content;
+  my $cur_item = '';
+  my $prog_start;
+  while (@tokens) {
+    my $t = shift @tokens;
+    next if $t eq '';
+    if ($t eq $t_open) {	# Brace or other opening delimiter
+      if ($depth == 0) {
+	push @content, [$state, $cur_item, $lineno] if $cur_item ne '';
+	$cur_item = '';
+	$state = 'PROG';
+	$prog_start = $lineno;
+      } else {
+	$cur_item .= $t;
+      }
+      $depth++;
+    } elsif ($t eq $t_close) {	# Brace or other closing delimiter
+      $depth--;
+      if ($depth < 0) {
+	$ERROR = "Unmatched close brace at line $lineno";
+	return undef;
+      } elsif ($depth == 0) {
+	push @content, [$state, $cur_item, $prog_start] if $cur_item ne '';
+	$state = 'TEXT';
+	$cur_item = '';
+      } else {
+	$cur_item .= $t;
+      }
+    } elsif (!$delim_pats && $t eq '\\\\') { # precedes \\\..\\\{ or \\\..\\\}
+      $cur_item .= '\\';
+    } elsif (!$delim_pats && $t =~ /^\\([{}])$/) { # Escaped (literal) brace?
+	$cur_item .= $1;
+    } elsif ($t eq "\n") {	# Newline
+      $lineno++;
+      $cur_item .= $t;
+    } else {			# Anything else
+      $cur_item .= $t;
+    }
+  }
+
+  if ($state eq 'PROG') {
+    $ERROR = "End of data inside program text that began at line $prog_start";
+    return undef;
+  } elsif ($state eq 'TEXT') {
+    push @content, [$state, $cur_item, $lineno] if $cur_item ne '';
+  } else {
+    die "Can't happen error #1";
+  }
+  
+  $self->{TYPE} = 'PREPARSED';
+  $self->{SOURCE} = \@content;
+  1;
+}
+
+sub prepend_text {
+  my ($self) = @_;
+  my $t = $self->{PREPEND};
+  unless (defined $t) {
+    $t = $GLOBAL_PREPEND{ref $self};
+    unless (defined $t) {
+      $t = $GLOBAL_PREPEND{'Text::Template'};
+    }
+  }
+  $self->{PREPEND} = $_[1] if $#_ >= 1;
+  return $t;
+}
+
+sub fill_in {
+  my $fi_self = shift;
+  my %fi_a = @_;
+
+  unless ($fi_self->{TYPE} eq 'PREPARSED') {
+    my $delims = _param('delimiters', %fi_a);
+    my @delim_arg = (defined $delims ? ($delims) : ());
+    $fi_self->compile(@delim_arg)
+      or return undef;
+  }
+
+  my $fi_varhash = _param('hash', %fi_a);
+  my $fi_package = _param('package', %fi_a) ;
+  my $fi_broken  = 
+    _param('broken', %fi_a)  || $fi_self->{BROKEN} || \&_default_broken;
+  my $fi_broken_arg = _param('broken_arg', %fi_a) || [];
+  my $fi_safe = _param('safe', %fi_a);
+  my $fi_ofh = _param('output', %fi_a);
+  my $fi_eval_package;
+  my $fi_scrub_package = 0;
+  my $fi_filename = _param('filename') || $fi_self->{FILENAME} || 'template';
+
+  my $fi_prepend = _param('prepend', %fi_a);
+  unless (defined $fi_prepend) {
+    $fi_prepend = $fi_self->prepend_text;
+  }
+
+  if (defined $fi_safe) {
+    $fi_eval_package = 'main';
+  } elsif (defined $fi_package) {
+    $fi_eval_package = $fi_package;
+  } elsif (defined $fi_varhash) {
+    $fi_eval_package = _gensym();
+    $fi_scrub_package = 1;
+  } else {
+    $fi_eval_package = caller;
+  }
+
+  my $fi_install_package;
+  if (defined $fi_varhash) {
+    if (defined $fi_package) {
+      $fi_install_package = $fi_package;
+    } elsif (defined $fi_safe) {
+      $fi_install_package = $fi_safe->root;
+    } else {
+      $fi_install_package = $fi_eval_package; # The gensymmed one
+    }
+    _install_hash($fi_varhash => $fi_install_package);
+  }
+
+  if (defined $fi_package && defined $fi_safe) {
+    no strict 'refs';
+    # Big fat magic here: Fix it so that the user-specified package
+    # is the default one available in the safe compartment.
+    *{$fi_safe->root . '::'} = \%{$fi_package . '::'};   # LOD
+  }
+
+  my $fi_r = '';
+  my $fi_item;
+  foreach $fi_item (@{$fi_self->{SOURCE}}) {
+    my ($fi_type, $fi_text, $fi_lineno) = @$fi_item;
+    if ($fi_type eq 'TEXT') {
+      $fi_self->append_text_to_output(
+        text   => $fi_text,
+        handle => $fi_ofh,
+        out    => \$fi_r,
+        type   => $fi_type,
+      );
+    } elsif ($fi_type eq 'PROG') {
+      no strict;
+      my $fi_lcomment = "#line $fi_lineno $fi_filename";
+      my $fi_progtext = 
+        "package $fi_eval_package; $fi_prepend;\n$fi_lcomment\n$fi_text;";
+      my $fi_res;
+      my $fi_eval_err = '';
+      if ($fi_safe) {
+        $fi_safe->reval(q{undef $OUT});
+	$fi_res = $fi_safe->reval($fi_progtext);
+	$fi_eval_err = $@;
+	my $OUT = $fi_safe->reval('$OUT');
+	$fi_res = $OUT if defined $OUT;
+      } else {
+	my $OUT;
+	$fi_res = eval $fi_progtext;
+	$fi_eval_err = $@;
+	$fi_res = $OUT if defined $OUT;
+      }
+
+      # If the value of the filled-in text really was undef,
+      # change it to an explicit empty string to avoid undefined
+      # value warnings later.
+      $fi_res = '' unless defined $fi_res;
+
+      if ($fi_eval_err) {
+	$fi_res = $fi_broken->(text => $fi_text,
+			       error => $fi_eval_err,
+			       lineno => $fi_lineno,
+			       arg => $fi_broken_arg,
+			       );
+	if (defined $fi_res) {
+          $fi_self->append_text_to_output(
+            text   => $fi_res,
+            handle => $fi_ofh,
+            out    => \$fi_r,
+            type   => $fi_type,
+          );
+	} else {
+	  return $fi_res;		# Undefined means abort processing
+	}
+      } else {
+        $fi_self->append_text_to_output(
+          text   => $fi_res,
+          handle => $fi_ofh,
+          out    => \$fi_r,
+          type   => $fi_type,
+        );
+      }
+    } else {
+      die "Can't happen error #2";
+    }
+  }
+
+  _scrubpkg($fi_eval_package) if $fi_scrub_package;
+  defined $fi_ofh ? 1 : $fi_r;
+}
+
+sub append_text_to_output {
+  my ($self, %arg) = @_;
+
+  if (defined $arg{handle}) {
+    print { $arg{handle} } $arg{text};
+  } else {
+    ${ $arg{out} } .= $arg{text};
+  }
+
+  return;
+}
+
+sub fill_this_in {
+  my $pack = shift;
+  my $text = shift;
+  my $templ = $pack->new(TYPE => 'STRING', SOURCE => $text, @_)
+    or return undef;
+  $templ->compile or return undef;
+  my $result = $templ->fill_in(@_);
+  $result;
+}
+
+sub fill_in_string {
+  my $string = shift;
+  my $package = _param('package', @_);
+  push @_, 'package' => scalar(caller) unless defined $package;
+  Text::Template->fill_this_in($string, @_);
+}
+
+sub fill_in_file {
+  my $fn = shift;
+  my $templ = Text::Template->new(TYPE => 'FILE', SOURCE => $fn, @_)
+    or return undef;
+  $templ->compile or return undef;
+  my $text = $templ->fill_in(@_);
+  $text;
+}
+
+sub _default_broken {
+  my %a = @_;
+  my $prog_text = $a{text};
+  my $err = $a{error};
+  my $lineno = $a{lineno};
+  chomp $err;
+#  $err =~ s/\s+at .*//s;
+  "Program fragment delivered error ``$err''";
+}
+
+sub _load_text {
+  my $fn = shift;
+  local *F;
+  unless (open F, $fn) {
+    $ERROR = "Couldn't open file $fn: $!";
+    return undef;
+  }
+  local $/;
+  <F>;
+}
+
+sub _is_clean {
+  my $z;
+  eval { ($z = join('', @_)), eval '#' . substr($z,0,0); 1 }   # LOD
+}
+
+sub _unconditionally_untaint {
+  for (@_) {
+    ($_) = /(.*)/s;
+  }
+}
+
+{
+  my $seqno = 0;
+  sub _gensym {
+    __PACKAGE__ . '::GEN' . $seqno++;
+  }
+  sub _scrubpkg {
+    my $s = shift;
+    $s =~ s/^Text::Template:://;
+    no strict 'refs';
+    my $hash = $Text::Template::{$s."::"};
+    foreach my $key (keys %$hash) {
+      undef $hash->{$key};
+    }
+  }
+}
+  
+# Given a hashful of variables (or a list of such hashes)
+# install the variables into the specified package,
+# overwriting whatever variables were there before.
+sub _install_hash {
+  my $hashlist = shift;
+  my $dest = shift;
+  if (UNIVERSAL::isa($hashlist, 'HASH')) {
+    $hashlist = [$hashlist];
+  }
+  my $hash;
+  foreach $hash (@$hashlist) {
+    my $name;
+    foreach $name (keys %$hash) {
+      my $val = $hash->{$name};
+      no strict 'refs';
+      local *SYM = *{"$ {dest}::$name"};
+      if (! defined $val) {
+	delete ${"$ {dest}::"}{$name};
+      } elsif (ref $val) {
+	*SYM = $val;
+      } else {
+ 	*SYM = \$val;
+      }
+    }
+  }
+}
+
+sub TTerror { $ERROR }
+
+1;
+
+
+=head1 NAME 
+
+Text::Template - Expand template text with embedded Perl
+
+=head1 VERSION
+
+This file documents C<Text::Template> version B<1.46>
+
+=head1 SYNOPSIS
+
+ use Text::Template;
+
+
+ $template = Text::Template->new(TYPE => 'FILE',  SOURCE => 'filename.tmpl');
+ $template = Text::Template->new(TYPE => 'ARRAY', SOURCE => [ ... ] );
+ $template = Text::Template->new(TYPE => 'FILEHANDLE', SOURCE => $fh );
+ $template = Text::Template->new(TYPE => 'STRING', SOURCE => '...' );
+ $template = Text::Template->new(PREPEND => q{use strict;}, ...);
+
+ # Use a different template file syntax:
+ $template = Text::Template->new(DELIMITERS => [$open, $close], ...);
+
+ $recipient = 'King';
+ $text = $template->fill_in();  # Replaces `{$recipient}' with `King'
+ print $text;
+
+ $T::recipient = 'Josh';
+ $text = $template->fill_in(PACKAGE => T);
+
+ # Pass many variables explicitly
+ $hash = { recipient => 'Abed-Nego',
+           friends => [ 'me', 'you' ],
+           enemies => { loathsome => 'Bill Gates',
+                        fearsome => 'Larry Ellison' },
+         };
+ $text = $template->fill_in(HASH => $hash, ...);
+ # $recipient is Abed-Nego,
+ # @friends is ( 'me', 'you' ),
+ # %enemies is ( loathsome => ..., fearsome => ... )
+
+
+ # Call &callback in case of programming errors in template
+ $text = $template->fill_in(BROKEN => \&callback, BROKEN_ARG => $ref, ...);
+
+ # Evaluate program fragments in Safe compartment with restricted permissions
+ $text = $template->fill_in(SAFE => $compartment, ...);
+
+ # Print result text instead of returning it
+ $success = $template->fill_in(OUTPUT => \*FILEHANDLE, ...);
+
+ # Parse template with different template file syntax:
+ $text = $template->fill_in(DELIMITERS => [$open, $close], ...);
+ # Note that this is *faster* than using the default delimiters
+
+ # Prepend specified perl code to each fragment before evaluating:
+ $text = $template->fill_in(PREPEND => q{use strict 'vars';}, ...);
+
+ use Text::Template 'fill_in_string';
+ $text = fill_in_string( <<EOM, PACKAGE => 'T', ...);
+ Dear {$recipient},
+ Pay me at once.
+        Love, 
+         G.V.
+ EOM
+
+ use Text::Template 'fill_in_file';
+ $text = fill_in_file($filename, ...);
+
+ # All templates will always have `use strict vars' attached to all fragments
+ Text::Template->always_prepend(q{use strict 'vars';});
+
+=head1 DESCRIPTION
+
+This is a library for generating form letters, building HTML pages, or
+filling in templates generally.  A `template' is a piece of text that
+has little Perl programs embedded in it here and there.  When you
+`fill in' a template, you evaluate the little programs and replace
+them with their values.  
+
+You can store a template in a file outside your program.  People can
+modify the template without modifying the program.  You can separate
+the formatting details from the main code, and put the formatting
+parts of the program into the template.  That prevents code bloat and
+encourages functional separation.
+
+=head2 Example
+
+Here's an example of a template, which we'll suppose is stored in the
+file C<formletter.tmpl>:
+
+	Dear {$title} {$lastname},
+
+	It has come to our attention that you are delinquent in your
+	{$monthname[$last_paid_month]} payment.  Please remit
+	${sprintf("%.2f", $amount)} immediately, or your patellae may
+	be needlessly endangered.
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+
+The result of filling in this template is a string, which might look
+something like this:
+
+	Dear Mr. Gates,
+
+	It has come to our attention that you are delinquent in your
+	February payment.  Please remit
+	$392.12 immediately, or your patellae may
+	be needlessly endangered.
+
+
+			Love,
+
+			Mark "Vizopteryx" Dominus
+
+Here is a complete program that transforms the example
+template into the example result, and prints it out:
+
+	use Text::Template;
+
+	my $template = Text::Template->new(SOURCE => 'formletter.tmpl')
+	  or die "Couldn't construct template: $Text::Template::ERROR";
+
+	my @monthname = qw(January February March April May June
+                           July August September October November December);
+	my %vars = (title => 'Mr.',
+		    firstname => 'Bill',
+		    lastname => 'Gates',
+		    last_paid_month => 1,   # February
+		    amount => 392.12,
+		    monthname => \@monthname,
+		   );
+
+	my $result = $template->fill_in(HASH => \%vars);
+
+	if (defined $result) { print $result }
+	else { die "Couldn't fill in template: $Text::Template::ERROR" }
+
+
+=head2 Philosophy
+
+When people make a template module like this one, they almost always
+start by inventing a special syntax for substitutions.  For example,
+they build it so that a string like C<%%VAR%%> is replaced with the
+value of C<$VAR>.  Then they realize the need extra formatting, so
+they put in some special syntax for formatting.  Then they need a
+loop, so they invent a loop syntax.  Pretty soon they have a new
+little template language.
+
+This approach has two problems: First, their little language is
+crippled. If you need to do something the author hasn't thought of,
+you lose.  Second: Who wants to learn another language?  You already
+know Perl, so why not use it?
+
+C<Text::Template> templates are programmed in I<Perl>.  You embed Perl
+code in your template, with C<{> at the beginning and C<}> at the end.
+If you want a variable interpolated, you write it the way you would in
+Perl.  If you need to make a loop, you can use any of the Perl loop
+constructions.  All the Perl built-in functions are available.
+
+=head1 Details
+
+=head2 Template Parsing
+
+The C<Text::Template> module scans the template source.  An open brace
+C<{> begins a program fragment, which continues until the matching
+close brace C<}>.  When the template is filled in, the program
+fragments are evaluated, and each one is replaced with the resulting
+value to yield the text that is returned.
+
+A backslash C<\> in front of a brace (or another backslash that is in
+front of a brace) escapes its special meaning.  The result of filling
+out this template:
+
+	\{ The sum of 1 and 2 is {1+2}  \}
+
+is
+
+	{ The sum of 1 and 2 is 3  }
+
+If you have an unmatched brace, C<Text::Template> will return a
+failure code and a warning about where the problem is.  Backslashes
+that do not precede a brace are passed through unchanged.  If you have
+a template like this:
+
+	{ "String that ends in a newline.\n" }
+
+The backslash inside the string is passed through to Perl unchanged,
+so the C<\n> really does turn into a newline.  See the note at the end
+for details about the way backslashes work.  Backslash processing is
+I<not> done when you specify alternative delimiters with the
+C<DELIMITERS> option.  (See L<"Alternative Delimiters">, below.)
+
+Each program fragment should be a sequence of Perl statements, which
+are evaluated the usual way.  The result of the last statement
+executed will be evaluted in scalar context; the result of this
+statement is a string, which is interpolated into the template in
+place of the program fragment itself.
+
+The fragments are evaluated in order, and side effects from earlier
+fragments will persist into later fragments:
+
+	{$x = @things; ''}The Lord High Chamberlain has gotten {$x}
+	things for me this year.  
+	{ $diff = $x - 17; 
+	  $more = 'more'
+	  if ($diff == 0) {
+	    $diff = 'no';
+	  } elsif ($diff < 0) {
+	    $more = 'fewer';
+	  } 
+          '';
+	} 
+	That is {$diff} {$more} than he gave me last year.
+
+The value of C<$x> set in the first line will persist into the next
+fragment that begins on the third line, and the values of C<$diff> and
+C<$more> set in the second fragment will persist and be interpolated
+into the last line.  The output will look something like this:
+
+	The Lord High Chamberlain has gotten 42
+	things for me this year.  
+
+	That is 25 more than he gave me last year.
+
+That is all the syntax there is.  
+
+=head2 The C<$OUT> variable
+
+There is one special trick you can play in a template.  Here is the
+motivation for it:  Suppose you are going to pass an array, C<@items>,
+into the template, and you want the template to generate a bulleted
+list with a header, like this:
+
+	Here is a list of the things I have got for you since 1907:
+	  * Ivory
+	  * Apes
+	  * Peacocks
+	  * ...
+
+One way to do it is with a template like this:
+
+	Here is a list of the things I have got for you since 1907:
+	{ my $blist = '';
+          foreach $i (@items) {
+            $blist .= qq{  * $i\n};
+          }    
+          $blist;
+        } 
+
+Here we construct the list in a variable called C<$blist>, which we
+return at the end.  This is a little cumbersome.  There is a shortcut.
+
+Inside of templates, there is a special variable called C<$OUT>.
+Anything you append to this variable will appear in the output of the
+template.  Also, if you use C<$OUT> in a program fragment, the normal
+behavior, of replacing the fragment with its return value, is
+disabled; instead the fragment is replaced with the value of C<$OUT>.
+This means that you can write the template above like this:
+
+	Here is a list of the things I have got for you since 1907:
+	{ foreach $i (@items) {
+            $OUT .= "  * $i\n";
+          }    
+        } 
+
+C<$OUT> is reinitialized to the empty string at the start of each
+program fragment.  It is private to C<Text::Template>, so 
+you can't use a variable named C<$OUT> in your template without
+invoking the special behavior.
+
+=head2 General Remarks
+
+All C<Text::Template> functions return C<undef> on failure, and set the
+variable C<$Text::Template::ERROR> to contain an explanation of what
+went wrong.  For example, if you try to create a template from a file
+that does not exist, C<$Text::Template::ERROR> will contain something like:
+
+	Couldn't open file xyz.tmpl: No such file or directory
+
+=head2 C<new>
+
+	$template = new Text::Template ( TYPE => ..., SOURCE => ... );
+
+This creates and returns a new template object.  C<new> returns
+C<undef> and sets C<$Text::Template::ERROR> if it can't create the
+template object.  C<SOURCE> says where the template source code will
+come from.  C<TYPE> says what kind of object the source is.
+
+The most common type of source is a file:
+
+	new Text::Template ( TYPE => 'FILE', SOURCE => $filename );
+
+This reads the template from the specified file.  The filename is
+opened with the Perl C<open> command, so it can be a pipe or anything
+else that makes sense with C<open>.
+
+The C<TYPE> can also be C<STRING>, in which case the C<SOURCE> should
+be a string:
+
+	new Text::Template ( TYPE => 'STRING', 
+                             SOURCE => "This is the actual template!" );
+
+The C<TYPE> can be C<ARRAY>, in which case the source should be a
+reference to an array of strings.  The concatenation of these strings
+is the template:
+
+	new Text::Template ( TYPE => 'ARRAY', 
+                             SOURCE => [ "This is ", "the actual", 
+                                         " template!",
+                                       ]
+                           );
+
+The C<TYPE> can be FILEHANDLE, in which case the source should be an
+open filehandle (such as you got from the C<FileHandle> or C<IO::*>
+packages, or a glob, or a reference to a glob).  In this case
+C<Text::Template> will read the text from the filehandle up to
+end-of-file, and that text is the template:
+
+	# Read template source code from STDIN:
+	new Text::Template ( TYPE => 'FILEHANDLE', 
+                             SOURCE => \*STDIN  );
+
+
+If you omit the C<TYPE> attribute, it's taken to be C<FILE>.
+C<SOURCE> is required.  If you omit it, the program will abort.
+
+The words C<TYPE> and C<SOURCE> can be spelled any of the following ways:
+
+	TYPE	SOURCE
+	Type	Source
+	type	source
+	-TYPE	-SOURCE
+	-Type	-Source
+	-type	-source
+
+Pick a style you like and stick with it.
+
+=over 4
+
+=item C<DELIMITERS>
+
+You may also add a C<DELIMITERS> option.  If this option is present,
+its value should be a reference to an array of two strings.  The first
+string is the string that signals the beginning of each program
+fragment, and the second string is the string that signals the end of
+each program fragment.  See L<"Alternative Delimiters">, below.
+
+=item C<UNTAINT>
+
+If your program is running in taint mode, you may have problems if
+your templates are stored in files.  Data read from files is
+considered 'untrustworthy', and taint mode will not allow you to
+evaluate the Perl code in the file.  (It is afraid that a malicious
+person might have tampered with the file.)
+
+In some environments, however, local files are trustworthy.  You can
+tell C<Text::Template> that a certain file is trustworthy by supplying
+C<UNTAINT =E<gt> 1> in the call to C<new>.  This will tell
+C<Text::Template> to disable taint checks on template code that has
+come from a file, as long as the filename itself is considered
+trustworthy.  It will also disable taint checks on template code that
+comes from a filehandle.  When used with C<TYPE =E<gt> 'string'> or C<TYPE
+=E<gt> 'array'>, it has no effect.
+
+See L<perlsec> for more complete information about tainting.
+
+Thanks to Steve Palincsar, Gerard Vreeswijk, and Dr. Christoph Baehr
+for help with this feature.
+
+=item C<PREPEND>
+
+This option is passed along to the C<fill_in> call unless it is
+overridden in the arguments to C<fill_in>.  See L<C<PREPEND> feature
+and using C<strict> in templates> below.
+
+=item C<BROKEN>
+
+This option is passed along to the C<fill_in> call unless it is
+overridden in the arguments to C<fill_in>.  See L<C<BROKEN>> below.
+
+=back
+
+=head2 C<compile>
+
+	$template->compile()
+
+Loads all the template text from the template's source, parses and
+compiles it.  If successful, returns true; otherwise returns false and
+sets C<$Text::Template::ERROR>.  If the template is already compiled,
+it returns true and does nothing.  
+
+You don't usually need to invoke this function, because C<fill_in>
+(see below) compiles the template if it isn't compiled already.
+
+If there is an argument to this function, it must be a reference to an
+array containing alternative delimiter strings.  See C<"Alternative
+Delimiters">, below.
+
+=head2 C<fill_in>
+
+	$template->fill_in(OPTIONS);
+
+Fills in a template.  Returns the resulting text if successful.
+Otherwise, returns C<undef>  and sets C<$Text::Template::ERROR>.
+
+The I<OPTIONS> are a hash, or a list of key-value pairs.  You can
+write the key names in any of the six usual styles as above; this
+means that where this manual says C<PACKAGE> (for example) you can
+actually use any of
+
+	PACKAGE Package package -PACKAGE -Package -package
+
+Pick a style you like and stick with it.  The all-lowercase versions
+may yield spurious warnings about
+
+	Ambiguous use of package => resolved to "package"
+
+so you might like to avoid them and use the capitalized versions.
+
+At present, there are eight legal options:  C<PACKAGE>, C<BROKEN>,
+C<BROKEN_ARG>, C<SAFE>, C<HASH>, C<OUTPUT>, and C<DELIMITERS>.
+
+=over 4
+
+=item C<PACKAGE>
+
+C<PACKAGE> specifies the name of a package in which the program
+fragments should be evaluated.  The default is to use the package from
+which C<fill_in> was called.  For example, consider this template:
+
+	The value of the variable x is {$x}.
+
+If you use C<$template-E<gt>fill_in(PACKAGE =E<gt> 'R')> , then the C<$x> in
+the template is actually replaced with the value of C<$R::x>.  If you
+omit the C<PACKAGE> option, C<$x> will be replaced with the value of
+the C<$x> variable in the package that actually called C<fill_in>.
+
+You should almost always use C<PACKAGE>.  If you don't, and your
+template makes changes to variables, those changes will be propagated
+back into the main program.  Evaluating the template in a private
+package helps prevent this.  The template can still modify variables
+in your program if it wants to, but it will have to do so explicitly.
+See the section at the end on `Security'.
+
+Here's an example of using C<PACKAGE>:
+
+	Your Royal Highness,
+
+	Enclosed please find a list of things I have gotten
+	for you since 1907:
+
+	{ foreach $item (@items) {
+            $item_no++;
+	    $OUT .= " $item_no. \u$item\n";
+	  }
+	}
+
+	Signed,
+	Lord High Chamberlain
+
+We want to pass in an array which will be assigned to the array
+C<@items>.  Here's how to do that:
+
+
+	@items = ('ivory', 'apes', 'peacocks', );
+	$template->fill_in();
+
+This is not very safe.  The reason this isn't as safe is that if you
+had a variable named C<$item_no> in scope in your program at the point
+you called C<fill_in>, its value would be clobbered by the act of
+filling out the template.  The problem is the same as if you had
+written a subroutine that used those variables in the same way that
+the template does.  (C<$OUT> is special in templates and is always
+safe.)
+
+One solution to this is to make the C<$item_no> variable private to the
+template by declaring it with C<my>.  If the template does this, you
+are safe.
+
+But if you use the C<PACKAGE> option, you will probably be safe even
+if the template does I<not> declare its variables with C<my>:
+
+	@Q::items = ('ivory', 'apes', 'peacocks', );
+	$template->fill_in(PACKAGE => 'Q');
+
+In this case the template will clobber the variable C<$Q::item_no>,
+which is not related to the one your program was using.
+
+Templates cannot affect variables in the main program that are
+declared with C<my>, unless you give the template references to those
+variables.
+
+=item C<HASH>
+
+You may not want to put the template variables into a package.
+Packages can be hard to manage:  You can't copy them, for example.
+C<HASH> provides an alternative.  
+
+The value for C<HASH> should be a reference to a hash that maps
+variable names to values.  For example, 
+
+	$template->fill_in(HASH => { recipient => "The King",
+				     items => ['gold', 'frankincense', 'myrrh'],
+	                             object => \$self,
+				   });
+
+will fill out the template and use C<"The King"> as the value of
+C<$recipient> and the list of items as the value of C<@items>.  Note
+that we pass an array reference, but inside the template it appears as
+an array.  In general, anything other than a simple string or number
+should be passed by reference.
+
+We also want to pass an object, which is in C<$self>; note that we
+pass a reference to the object, C<\$self> instead.  Since we've passed
+a reference to a scalar, inside the template the object appears as
+C<$object>.  
+
+The full details of how it works are a little involved, so you might
+want to skip to the next section.
+
+Suppose the key in the hash is I<key> and the value is I<value>.  
+
+=over 4
+
+=item *
+
+If the I<value> is C<undef>, then any variables named C<$key>,
+C<@key>, C<%key>, etc., are undefined.  
+
+=item *
+
+If the I<value> is a string or a number, then C<$key> is set to that
+value in the template.
+
+=item *
+
+For anything else, you must pass a reference.
+
+If the I<value> is a reference to an array, then C<@key> is set to
+that array.  If the I<value> is a reference to a hash, then C<%key> is
+set to that hash.  Similarly if I<value> is any other kind of
+reference.  This means that
+
+	var => "foo"
+
+and
+
+	var => \"foo"
+
+have almost exactly the same effect.  (The difference is that in the
+former case, the value is copied, and in the latter case it is
+aliased.)  
+
+=item *
+
+In particular, if you want the template to get an object or any kind,
+you must pass a reference to it:
+
+	$template->fill_in(HASH => { database_handle => \$dbh, ... });
+
+If you do this, the template will have a variable C<$database_handle>
+which is the database handle object.  If you leave out the C<\>, the
+template will have a hash C<%database_handle>, which exposes the
+internal structure of the database handle object; you don't want that.
+
+=back
+
+Normally, the way this works is by allocating a private package,
+loading all the variables into the package, and then filling out the
+template as if you had specified that package.  A new package is
+allocated each time.  However, if you I<also> use the C<PACKAGE>
+option, C<Text::Template> loads the variables into the package you
+specified, and they stay there after the call returns.  Subsequent
+calls to C<fill_in> that use the same package will pick up the values
+you loaded in.
+
+If the argument of C<HASH> is a reference to an array instead of a
+reference to a hash, then the array should contain a list of hashes
+whose contents are loaded into the template package one after the
+other.  You can use this feature if you want to combine several sets
+of variables.  For example, one set of variables might be the defaults
+for a fill-in form, and the second set might be the user inputs, which
+override the defaults when they are present:
+
+	$template->fill_in(HASH => [\%defaults, \%user_input]);
+
+You can also use this to set two variables with the same name:
+
+	$template->fill_in(HASH => [{ v => "The King" },
+                                    { v => [1,2,3] },
+	                           ]
+                          );
+
+This sets C<$v> to C<"The King"> and C<@v> to C<(1,2,3)>.	
+
+=item C<BROKEN>
+
+If any of the program fragments fails to compile or aborts for any
+reason, and you have set the C<BROKEN> option to a function reference,
+C<Text::Template> will invoke the function.  This function is called
+the I<C<BROKEN> function>.  The C<BROKEN> function will tell
+C<Text::Template> what to do next.  
+
+If the C<BROKEN> function returns C<undef>, C<Text::Template> will
+immediately abort processing the template and return the text that it
+has accumulated so far.  If your function does this, it should set a
+flag that you can examine after C<fill_in> returns so that you can
+tell whether there was a premature return or not. 
+
+If the C<BROKEN> function returns any other value, that value will be
+interpolated into the template as if that value had been the return
+value of the program fragment to begin with.  For example, if the
+C<BROKEN> function returns an error string, the error string will be
+interpolated into the output of the template in place of the program
+fragment that cased the error.
+
+If you don't specify a C<BROKEN> function, C<Text::Template> supplies
+a default one that returns something like
+
+	Program fragment delivered error ``Illegal division by 0 at
+	template line 37''
+
+(Note that the format of this message has changed slightly since
+version 1.31.)  The return value of the C<BROKEN> function is
+interpolated into the template at the place the error occurred, so
+that this template:
+
+	(3+4)*5 = { 3+4)*5 }
+
+yields this result:
+
+	(3+4)*5 = Program fragment delivered error ``syntax error at template line 1''
+
+If you specify a value for the C<BROKEN> attribute, it should be a
+reference to a function that C<fill_in> can call instead of the
+default function.
+
+C<fill_in> will pass a hash to the C<broken> function.
+The hash will have at least these three members:
+
+=over 4
+
+=item C<text>
+
+The source code of the program fragment that failed
+
+=item C<error>
+
+The text of the error message (C<$@>) generated by eval.
+
+The text has been modified to omit the trailing newline and to include
+the name of the template file (if there was one).  The line number
+counts from the beginning of the template, not from the beginning of
+the failed program fragment.
+
+=item C<lineno>
+
+The line number of the template at which the program fragment began.
+
+=back
+
+There may also be an C<arg> member.  See C<BROKEN_ARG>, below
+
+=item C<BROKEN_ARG>
+
+If you supply the C<BROKEN_ARG> option to C<fill_in>, the value of the
+option is passed to the C<BROKEN> function whenever it is called.  The
+default C<BROKEN> function ignores the C<BROKEN_ARG>, but you can
+write a custom C<BROKEN> function that uses the C<BROKEN_ARG> to get
+more information about what went wrong. 
+
+The C<BROKEN> function could also use the C<BROKEN_ARG> as a reference
+to store an error message or some other information that it wants to
+communicate back to the caller.  For example:
+
+	$error = '';
+
+	sub my_broken {	
+	   my %args = @_;
+	   my $err_ref = $args{arg};
+	   ...
+	   $$err_ref = "Some error message";
+	   return undef;
+	}
+
+	$template->fill_in(BROKEN => \&my_broken,
+			   BROKEN_ARG => \$error,
+			  );
+
+	if ($error) {
+	  die "It didn't work: $error";
+	}
+
+If one of the program fragments in the template fails, it will call
+the C<BROKEN> function, C<my_broken>, and pass it the C<BROKEN_ARG>,
+which is a reference to C<$error>.  C<my_broken> can store an error
+message into C<$error> this way.  Then the function that called
+C<fill_in> can see if C<my_broken> has left an error message for it
+to find, and proceed accordingly.
+
+=item C<SAFE>
+
+If you give C<fill_in> a C<SAFE> option, its value should be a safe
+compartment object from the C<Safe> package.  All evaluation of
+program fragments will be performed in this compartment.  See L<Safe>
+for full details about such compartments and how to restrict the
+operations that can be performed in them.
+
+If you use the C<PACKAGE> option with C<SAFE>, the package you specify
+will be placed into the safe compartment and evaluation will take
+place in that package as usual.  
+
+If not, C<SAFE> operation is a little different from the default.
+Usually, if you don't specify a package, evaluation of program
+fragments occurs in the package from which the template was invoked.
+But in C<SAFE> mode the evaluation occurs inside the safe compartment
+and cannot affect the calling package.  Normally, if you use C<HASH>
+without C<PACKAGE>, the hash variables are imported into a private,
+one-use-only package.  But if you use C<HASH> and C<SAFE> together
+without C<PACKAGE>, the hash variables will just be loaded into the
+root namespace of the C<Safe> compartment.
+
+=item C<OUTPUT>
+
+If your template is going to generate a lot of text that you are just
+going to print out again anyway,  you can save memory by having
+C<Text::Template> print out the text as it is generated instead of
+making it into a big string and returning the string.  If you supply
+the C<OUTPUT> option to C<fill_in>, the value should be a filehandle.
+The generated text will be printed to this filehandle as it is
+constructed.  For example:
+
+	$template->fill_in(OUTPUT => \*STDOUT, ...);
+
+fills in the C<$template> as usual, but the results are immediately
+printed to STDOUT.  This may result in the output appearing more
+quickly than it would have otherwise.
+
+If you use C<OUTPUT>, the return value from C<fill_in> is still true on
+success and false on failure, but the complete text is not returned to
+the caller.
+
+=item C<PREPEND>
+
+You can have some Perl code prepended automatically to the beginning
+of every program fragment.  See L<C<PREPEND> feature and using
+C<strict> in templates> below.
+
+=item C<DELIMITERS>
+
+If this option is present, its value should be a reference to a list
+of two strings.  The first string is the string that signals the
+beginning of each program fragment, and the second string is the
+string that signals the end of each program fragment.  See
+L<"Alternative Delimiters">, below.  
+
+If you specify C<DELIMITERS> in the call to C<fill_in>, they override
+any delimiters you set when you created the template object with
+C<new>. 
+
+=back
+
+=head1 Convenience Functions
+
+=head2 C<fill_this_in>
+
+The basic way to fill in a template is to create a template object and
+then call C<fill_in> on it.   This is useful if you want to fill in
+the same template more than once.
+
+In some programs, this can be cumbersome.  C<fill_this_in> accepts a
+string, which contains the template, and a list of options, which are
+passed to C<fill_in> as above.  It constructs the template object for
+you, fills it in as specified, and returns the results.  It returns
+C<undef> and sets C<$Text::Template::ERROR> if it couldn't generate
+any results.
+
+An example:
+
+	$Q::name = 'Donald';
+	$Q::amount = 141.61;
+	$Q::part = 'hyoid bone';
+
+	$text = Text::Template->fill_this_in( <<'EOM', PACKAGE => Q);
+	Dear {$name},
+	You owe me \\${sprintf('%.2f', $amount)}.  
+	Pay or I will break your {$part}.
+		Love,
+		Grand Vizopteryx of Irkutsk.
+	EOM
+
+Notice how we included the template in-line in the program by using a
+`here document' with the C<E<lt>E<lt>> notation.
+
+C<fill_this_in> is a deprecated feature.  It is only here for
+backwards compatibility, and may be removed in some far-future version
+in C<Text::Template>.  You should use C<fill_in_string> instead.  It
+is described in the next section.
+
+=head2 C<fill_in_string>
+
+It is stupid that C<fill_this_in> is a class method.  It should have
+been just an imported function, so that you could omit the
+C<Text::Template-E<gt>> in the example above.  But I made the mistake
+four years ago and it is too late to change it.
+
+C<fill_in_string> is exactly like C<fill_this_in> except that it is
+not a method and you can omit the C<Text::Template-E<gt>> and just say
+
+	print fill_in_string(<<'EOM', ...);
+	Dear {$name},
+	  ...
+	EOM
+
+To use C<fill_in_string>, you need to say
+
+	use Text::Template 'fill_in_string';
+
+at the top of your program.   You should probably use
+C<fill_in_string> instead of C<fill_this_in>.
+
+=head2 C<fill_in_file>
+
+If you import C<fill_in_file>, you can say
+
+	$text = fill_in_file(filename, ...);
+
+The C<...> are passed to C<fill_in> as above.  The filename is the
+name of the file that contains the template you want to fill in.  It
+returns the result text. or C<undef>, as usual.
+
+If you are going to fill in the same file more than once in the same
+program you should use the longer C<new> / C<fill_in> sequence instead.
+It will be a lot faster because it only has to read and parse the file
+once.
+
+=head2 Including files into templates
+
+People always ask for this.  ``Why don't you have an include
+function?'' they want to know.  The short answer is this is Perl, and
+Perl already has an include function.  If you want it, you can just put
+
+	{qx{cat filename}}
+
+into your template.  VoilE<agrave>.
+
+If you don't want to use C<cat>, you can write a little four-line
+function that opens a file and dumps out its contents, and call it
+from the template.  I wrote one for you.  In the template, you can say
+
+	{Text::Template::_load_text(filename)}
+
+If that is too verbose, here is a trick.  Suppose the template package
+that you are going to be mentioning in the C<fill_in> call is package
+C<Q>.  Then in the main program, write
+
+	*Q::include = \&Text::Template::_load_text;
+
+This imports the C<_load_text> function into package C<Q> with the
+name C<include>.  From then on, any template that you fill in with
+package C<Q> can say
+
+	{include(filename)}
+
+to insert the text from the named file at that point.  If you are
+using the C<HASH> option instead, just put C<include =E<gt>
+\&Text::Template::_load_text> into the hash instead of importing it
+explicitly.
+
+Suppose you don't want to insert a plain text file, but rather you
+want to include one template within another?  Just use C<fill_in_file>
+in the template itself:
+
+	{Text::Template::fill_in_file(filename)}
+
+You can do the same importing trick if this is too much to type.
+
+=head1 Miscellaneous
+
+=head2 C<my> variables
+
+People are frequently surprised when this doesn't work:
+
+	my $recipient = 'The King';
+	my $text = fill_in_file('formletter.tmpl');
+
+The text C<The King> doesn't get into the form letter.  Why not?
+Because C<$recipient> is a C<my> variable, and the whole point of
+C<my> variables is that they're private and inaccessible except in the
+scope in which they're declared.  The template is not part of that
+scope, so the template can't see C<$recipient>.  
+
+If that's not the behavior you want, don't use C<my>.  C<my> means a
+private variable, and in this case you don't want the variable to be
+private.  Put the variables into package variables in some other
+package, and use the C<PACKAGE> option to C<fill_in>:
+
+	$Q::recipient = $recipient;
+	my $text = fill_in_file('formletter.tmpl', PACKAGE => 'Q');
+	
+
+or pass the names and values in a hash with the C<HASH> option:
+
+	my $text = fill_in_file('formletter.tmpl', HASH => { recipient => $recipient });
+
+=head2 Security Matters
+
+All variables are evaluated in the package you specify with the
+C<PACKAGE> option of C<fill_in>.  if you use this option, and if your
+templates don't do anything egregiously stupid, you won't have to
+worry that evaluation of the little programs will creep out into the
+rest of your program and wreck something.
+
+Nevertheless, there's really no way (except with C<Safe>) to protect
+against a template that says
+
+	{ $Important::Secret::Security::Enable = 0; 
+	  # Disable security checks in this program 
+	}
+
+or
+
+	{ $/ = "ho ho ho";   # Sabotage future uses of <FH>.
+	  # $/ is always a global variable
+	}
+
+or even
+
+	{ system("rm -rf /") }
+
+so B<don't> go filling in templates unless you're sure you know what's
+in them.  If you're worried, or you can't trust the person who wrote
+the template, use the C<SAFE> option.
+
+A final warning: program fragments run a small risk of accidentally
+clobbering local variables in the C<fill_in> function itself.  These
+variables all have names that begin with C<$fi_>, so if you stay away
+from those names you'll be safe.  (Of course, if you're a real wizard
+you can tamper with them deliberately for exciting effects; this is
+actually how C<$OUT> works.)  I can fix this, but it will make the
+package slower to do it, so I would prefer not to.  If you are worried
+about this, send me mail and I will show you what to do about it.
+
+=head2 Alternative Delimiters
+
+Lorenzo Valdettaro pointed out that if you are using C<Text::Template>
+to generate TeX output, the choice of braces as the program fragment
+delimiters makes you suffer suffer suffer.  Starting in version 1.20,
+you can change the choice of delimiters to something other than curly
+braces.
+
+In either the C<new()> call or the C<fill_in()> call, you can specify
+an alternative set of delimiters with the C<DELIMITERS> option.  For
+example, if you would like code fragments to be delimited by C<[@-->
+and C<--@]> instead of C<{> and C<}>, use
+
+	... DELIMITERS => [ '[@--', '--@]' ], ...
+
+Note that these delimiters are I<literal strings>, not regexes.  (I
+tried for regexes, but it complicates the lexical analysis too much.)
+Note also that C<DELIMITERS> disables the special meaning of the
+backslash, so if you want to include the delimiters in the literal
+text of your template file, you are out of luck---it is up to you to
+choose delimiters that do not conflict with what you are doing.  The
+delimiter strings may still appear inside of program fragments as long
+as they nest properly.  This means that if for some reason you
+absolutely must have a program fragment that mentions one of the
+delimiters, like this:
+
+	[@--
+		print "Oh no, a delimiter: --@]\n"
+	--@]
+
+you may be able to make it work by doing this instead:
+
+	[@--
+		# Fake matching delimiter in a comment: [@--
+		print "Oh no, a delimiter: --@]\n"
+	--@]
+
+It may be safer to choose delimiters that begin with a newline
+character.  
+
+Because the parsing of templates is simplified by the absence of
+backslash escapes, using alternative C<DELIMITERS> may speed up the
+parsing process by 20-25%.  This shows that my original choice of C<{>
+and C<}> was very bad. 
+
+=head2 C<PREPEND> feature and using C<strict> in templates
+
+Suppose you would like to use C<strict> in your templates to detect
+undeclared variables and the like.  But each code fragment is a
+separate lexical scope, so you have to turn on C<strict> at the top of
+each and every code fragment:
+
+	{ use strict;
+	  use vars '$foo';
+	  $foo = 14;
+	  ...
+	}
+
+	...
+
+	{ # we forgot to put `use strict' here
+	  my $result = $boo + 12;    # $boo is misspelled and should be $foo
+	  # No error is raised on `$boo'
+	}
+
+Because we didn't put C<use strict> at the top of the second fragment,
+it was only active in the first fragment, and we didn't get any
+C<strict> checking in the second fragment.  Then we mispelled C<$foo>
+and the error wasn't caught.  
+
+C<Text::Template> version 1.22 and higher has a new feature to make
+this easier.  You can specify that any text at all be automatically
+added to the beginning of each program fragment.  
+
+When you make a call to C<fill_in>, you can specify a
+
+	PREPEND => 'some perl statements here'
+
+option; the statements will be prepended to each program fragment for
+that one call only.  Suppose that the C<fill_in> call included a
+
+	PREPEND => 'use strict;'
+
+option, and that the template looked like this:
+
+	{ use vars '$foo';
+	  $foo = 14;
+	  ...
+	}
+
+	...
+
+	{ my $result = $boo + 12;    # $boo is misspelled and should be $foo
+	  ...
+	}
+
+The code in the second fragment would fail, because C<$boo> has not
+been declared.  C<use strict> was implied, even though you did not
+write it explicitly, because the C<PREPEND> option added it for you
+automatically.
+
+There are two other ways to do this.  At the time you create the
+template object with C<new>, you can also supply a C<PREPEND> option,
+in which case the statements will be prepended each time you fill in
+that template.  If the C<fill_in> call has its own C<PREPEND> option,
+this overrides the one specified at the time you created the
+template.  Finally, you can make the class method call
+
+	Text::Template->always_prepend('perl statements');
+
+If you do this, then call calls to C<fill_in> for I<any> template will
+attach the perl statements to the beginning of each program fragment,
+except where overridden by C<PREPEND> options to C<new> or C<fill_in>.
+
+=head2 Prepending in Derived Classes
+
+This section is technical, and you should skip it on the first few
+readings. 
+
+Normally there are three places that prepended text could come from.
+It could come from the C<PREPEND> option in the C<fill_in> call, from
+the C<PREPEND> option in the C<new> call that created the template
+object, or from the argument of the C<always_prepend> call.
+C<Text::Template> looks for these three things in order and takes the
+first one that it finds.
+
+In a subclass of C<Text::Template>, this last possibility is
+ambiguous.  Suppose C<S> is a subclass of C<Text::Template>.  Should 
+
+	Text::Template->always_prepend(...);
+
+affect objects in class C<Derived>?  The answer is that you can have it
+either way.  
+
+The C<always_prepend> value for C<Text::Template> is normally stored
+in  a hash variable named C<%GLOBAL_PREPEND> under the key
+C<Text::Template>.  When C<Text::Template> looks to see what text to
+prepend, it first looks in the template object itself, and if not, it
+looks in C<$GLOBAL_PREPEND{I<class>}> where I<class> is the class to
+which the template object belongs.  If it doesn't find any value, it
+looks in C<$GLOBAL_PREPEND{'Text::Template'}>.  This means that
+objects in class C<Derived> I<will> be affected by
+
+	Text::Template->always_prepend(...);
+
+I<unless> there is also a call to
+
+	Derived->always_prepend(...);
+
+So when you're designing your derived class, you can arrange to have
+your objects ignore C<Text::Template::always_prepend> calls by simply
+putting C<Derived-E<gt>always_prepend('')> at the top of your module.
+
+Of course, there is also a final escape hatch: Templates support a
+C<prepend_text> that is used to look up the appropriate text to be
+prepended at C<fill_in> time.  Your derived class can override this
+method to get an arbitrary effect.
+
+=head2 JavaScript
+
+Jennifer D. St Clair asks:
+
+	> Most of my pages contain JavaScript and Stylesheets.
+        > How do I change the template identifier?  
+
+Jennifer is worried about the braces in the JavaScript being taken as
+the delimiters of the Perl program fragments.  Of course, disaster
+will ensue when perl tries to evaluate these as if they were Perl
+programs.  The best choice is to find some unambiguous delimiter
+strings that you can use in your template instead of curly braces, and
+then use the C<DELIMITERS> option.  However, if you can't do this for
+some reason, there are  two easy workarounds:
+
+1. You can put C<\> in front of C<{>, C<}>, or C<\> to remove its
+special meaning.  So, for example, instead of
+
+	    if (br== "n3") { 
+		// etc.
+	    }
+
+you can put
+
+	    if (br== "n3") \{ 
+		// etc.
+	    \}
+
+and it'll come out of the template engine the way you want.
+
+But here is another method that is probably better.  To see how it
+works, first consider what happens if you put this into a template:
+
+	    { 'foo' }
+
+Since it's in braces, it gets evaluated, and obviously, this is going
+to turn into
+
+	    foo
+
+So now here's the trick: In Perl, C<q{...}> is the same as C<'...'>.
+So if we wrote
+
+	    {q{foo}}
+
+it would turn into 
+
+	    foo
+
+So for your JavaScript, just write
+
+	    {q{if (br== "n3") { 
+	  	 // etc.
+	       }}
+	    }
+
+and it'll come out as
+
+	      if (br== "n3") { 
+	  	  // etc.
+	      }
+
+which is what you want.
+
+
+=head2 Shut Up!
+
+People sometimes try to put an initialization section at the top of
+their templates, like this:
+
+	{ ...
+	  $var = 17;
+	}
+
+Then they complain because there is a C<17> at the top of the output
+that they didn't want to have there.  
+
+Remember that a program fragment is replaced with its own return
+value, and that in Perl the return value of a code block is the value
+of the last expression that was evaluated, which in this case is 17.
+If it didn't do that, you wouldn't be able to write C<{$recipient}>
+and have the recipient filled in.
+
+To prevent the 17 from appearing in the output is very simple:
+
+	{ ...
+	  $var = 17;
+	  '';
+	}
+
+Now the last expression evaluated yields the empty string, which is
+invisible.  If you don't like the way this looks, use
+
+	{ ...
+	  $var = 17;
+	  ($SILENTLY);
+	}
+
+instead.  Presumably, C<$SILENTLY> has no value, so nothing will be
+interpolated.  This is what is known as a `trick'.
+
+=head2 Compatibility
+
+Every effort has been made to make this module compatible with older
+versions.  The only known exceptions follow:
+
+The output format of the default C<BROKEN> subroutine has changed
+twice, most recently between versions 1.31 and 1.40.
+
+Starting in version 1.10, the C<$OUT> variable is arrogated for a
+special meaning.  If you had templates before version 1.10 that
+happened to use a variable named C<$OUT>, you will have to change them
+to use some other variable or all sorts of strangeness will result.
+
+Between versions 0.1b and 1.00 the behavior of the \ metacharacter
+changed.  In 0.1b, \\ was special everywhere, and the template
+processor always replaced it with a single backslash before passing
+the code to Perl for evaluation.  The rule now is more complicated but
+probably more convenient.  See the section on backslash processing,
+below, for a full discussion.
+
+=head2 Backslash Processing
+
+In C<Text::Template> beta versions, the backslash was special whenever
+it appeared before a brace or another backslash.  That meant that
+while C<{"\n"}> did indeed generate a newline, C<{"\\"}> did not
+generate a backslash, because the code passed to Perl for evaluation
+was C<"\"> which is a syntax error.  If you wanted a backslash, you
+would have had to write C<{"\\\\"}>.
+
+In C<Text::Template> versions 1.00 through 1.10, there was a bug:
+Backslash was special everywhere.  In these versions, C<{"\n"}>
+generated the letter C<n>.
+
+The bug has been corrected in version 1.11, but I did not go back to
+exactly the old rule, because I did not like the idea of having to
+write C<{"\\\\"}> to get one backslash.  The rule is now more
+complicated to remember, but probably easier to use.  The rule is now:
+Backslashes are always passed to Perl unchanged I<unless> they occur
+as part of a sequence like C<\\\\\\{> or C<\\\\\\}>.  In these
+contexts, they are special; C<\\> is replaced with C<\>, and C<\{> and
+C<\}> signal a literal brace. 
+
+Examples:
+
+	\{ foo \}
+
+is I<not> evaluated, because the C<\> before the braces signals that
+they should be taken literally.  The result in the output looks like this: 
+
+	{ foo }
+
+
+This is a syntax error:
+
+	{ "foo}" }
+
+because C<Text::Template> thinks that the code ends at the first C<}>,
+and then gets upset when it sees the second one.  To make this work
+correctly, use
+
+	{ "foo\}" }
+
+This passes C<"foo}"> to Perl for evaluation.  Note there's no C<\> in
+the evaluated code.  If you really want a C<\> in the evaluated code,
+use
+
+	{ "foo\\\}" }
+
+This passes C<"foo\}"> to Perl for evaluation.
+
+Starting with C<Text::Template> version 1.20, backslash processing is
+disabled if you use the C<DELIMITERS> option to specify alternative
+delimiter strings.
+
+=head2 A short note about C<$Text::Template::ERROR>
+
+In the past some people have fretted about `violating the package
+boundary' by examining a variable inside the C<Text::Template>
+package.  Don't feel this way.  C<$Text::Template::ERROR> is part of
+the published, official interface to this package.  It is perfectly OK
+to inspect this variable.  The interface is not going to change.
+
+If it really, really bothers you, you can import a function called
+C<TTerror> that returns the current value of the C<$ERROR> variable.
+So you can say:
+
+	use Text::Template 'TTerror';
+
+	my $template = new Text::Template (SOURCE => $filename);
+	unless ($template) {
+	  my $err = TTerror;
+	  die "Couldn't make template: $err; aborting";
+	}
+
+I don't see what benefit this has over just doing this:
+
+	use Text::Template;
+
+	my $template = new Text::Template (SOURCE => $filename)
+	  or die "Couldn't make template: $Text::Template::ERROR; aborting";
+
+But if it makes you happy to do it that way, go ahead.
+
+=head2 Sticky Widgets in Template Files
+
+The C<CGI> module provides functions for `sticky widgets', which are
+form input controls that retain their values from one page to the
+next.   Sometimes people want to know how to include these widgets
+into their template output.
+
+It's totally straightforward.  Just call the C<CGI> functions from
+inside the template:
+
+	{ $q->checkbox_group(NAME => 'toppings',
+		  	     LINEBREAK => true,
+			     COLUMNS => 3,
+			     VALUES => \@toppings,
+			    );
+	}
+
+=head2 Automatic preprocessing of program fragments
+
+It may be useful to preprocess the program fragments before they are
+evaluated.  See C<Text::Template::Preprocess> for more details.
+
+=head2 Automatic postprocessing of template hunks
+
+It may be useful to process hunks of output before they are appended to
+the result text.  For this, subclass and replace the C<append_text_to_result>
+method.  It is passed a list of pairs with these entries:
+
+  handle - a filehandle to which to print the desired output
+  out    - a ref to a string to which to append, to use if handle is not given
+  text   - the text that will be appended
+  type   - where the text came from: TEXT for literal text, PROG for code
+
+=head2 Author
+
+Mark Jason Dominus, Plover Systems
+
+Please send questions and other remarks about this software to
+C<mjd-perl-template+@plover.com>
+
+You can join a very low-volume (E<lt>10 messages per year) mailing
+list for announcements about this package.  Send an empty note to
+C<mjd-perl-template-request@plover.com> to join.
+
+For updates, visit C<http://www.plover.com/~mjd/perl/Template/>.
+
+=head2 Support?
+
+This software is version 1.46.  It may have bugs.  Suggestions and bug
+reports are always welcome.  Send them to
+C<mjd-perl-template+@plover.com>.  (That is my address, not the address
+of the mailing list.  The mailing list address is a secret.)
+
+=head1 LICENSE
+
+    Text::Template version 1.46
+    Copyright 2013 Mark Jason Dominus
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.  You may also can
+    redistribute it and/or modify it under the terms of the Perl
+    Artistic License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received copies of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+=head1 THANKS
+
+Many thanks to the following people for offering support,
+encouragement, advice, bug reports, and all the other good stuff.  
+
+David H. Adler /
+Joel Appelbaum /
+Klaus Arnhold /
+AntE<oacute>nio AragE<atilde>o /
+Kevin Atteson /
+Chris.Brezil /
+Mike Brodhead /
+Tom Brown /
+Dr. Frank Bucolo /
+Tim Bunce /
+Juan E. Camacho /
+Itamar Almeida de Carvalho /
+Joseph Cheek /
+Gene Damon /
+San Deng /
+Bob Dougherty /
+Marek Grac /
+Dan Franklin /
+gary at dls.net /
+Todd A. Green /
+Donald L. Greer Jr. /
+Michelangelo Grigni /
+Zac Hansen /
+Tom Henry /
+Jarko Hietaniemi /
+Matt X. Hunter /
+Robert M. Ioffe /
+Daniel LaLiberte /
+Reuven M. Lerner /
+Trip Lilley / 
+Yannis Livassof /
+Val Luck /
+Kevin Madsen /
+David Marshall /
+James Mastros /
+Joel Meulenberg /
+Jason Moore /
+Sergey Myasnikov /
+Chris Nandor /
+Bek Oberin /
+Steve Palincsar /
+Ron Pero /
+Hans Persson /
+Sean Roehnelt /
+Jonathan Roy /
+Shabbir J. Safdar /
+Jennifer D. St Clair /
+Uwe Schneider /
+Randal L. Schwartz /
+Michael G Schwern /
+Yonat Sharon /
+Brian C. Shensky /
+Niklas Skoglund /
+Tom Snee /
+Fred Steinberg /
+Hans Stoop /
+Michael J. Suzio /
+Dennis Taylor /
+James H. Thompson /
+Shad Todd /
+Lieven Tomme /
+Lorenzo Valdettaro /
+Larry Virden /
+Andy Wardley /
+Archie Warnock /
+Chris Wesley /
+Matt Womer /
+Andrew G Wood /
+Daini Xie /
+Michaely Yeung
+
+Special thanks to:
+
+=over 2
+
+=item Jonathan Roy 
+
+for telling me how to do the C<Safe> support (I spent two years
+worrying about it, and then Jonathan pointed out that it was trivial.)
+
+=item Ranjit Bhatnagar 
+
+for demanding less verbose fragments like they have in ASP, for
+helping me figure out the Right Thing, and, especially, for talking me
+out of adding any new syntax.  These discussions resulted in the
+C<$OUT> feature.
+
+=back
+
+=head2 Bugs and Caveats
+
+C<my> variables in C<fill_in> are still susceptible to being clobbered
+by template evaluation.  They all begin with C<fi_>, so avoid those
+names in your templates.
+
+The line number information will be wrong if the template's lines are
+not terminated by C<"\n">.  You should let me know if this is a
+problem.  If you do, I will fix it.
+
+The C<$OUT> variable has a special meaning in templates, so you cannot
+use it as if it were a regular variable.
+
+There are not quite enough tests in the test suite.
+
+=cut
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm b/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm
new file mode 100644
index 0000000..1e41037
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm
@@ -0,0 +1,144 @@
+
+package Text::Template::Preprocess;
+use Text::Template;
+@ISA = qw(Text::Template);
+$Text::Template::Preprocess::VERSION = 1.46;
+
+sub fill_in {
+  my $self = shift;
+  my (%args) = @_;
+  my $pp = $args{PREPROCESSOR} || $self->{PREPROCESSOR} ;
+  if ($pp) {
+    local $_ = $self->source();
+#    print "# fill_in: before <$_>\n";
+    &$pp;
+#    print "# fill_in: after <$_>\n";
+    $self->set_source_data($_);
+  }
+  $self->SUPER::fill_in(@_);
+}
+
+sub preprocessor {
+  my ($self, $pp) = @_;
+  my $old_pp = $self->{PREPROCESSOR};
+  $self->{PREPROCESSOR} = $pp if @_ > 1;  # OK to pass $pp=undef
+  $old_pp;
+}
+
+1;
+
+
+=head1 NAME 
+
+Text::Template::Preprocess - Expand template text with embedded Perl
+
+=head1 VERSION
+
+This file documents C<Text::Template::Preprocess> version B<1.46>
+
+=head1 SYNOPSIS
+
+ use Text::Template::Preprocess;
+
+ my $t = Text::Template::Preprocess->new(...);  # identical to Text::Template
+
+ # Fill in template, but preprocess each code fragment with pp().
+ my $result = $t->fill_in(..., PREPROCESSOR => \&pp);
+
+ my $old_pp = $t->preprocessor(\&new_pp);
+
+=head1 DESCRIPTION
+
+C<Text::Template::Preprocess> provides a new C<PREPROCESSOR> option to
+C<fill_in>.  If the C<PREPROCESSOR> option is supplied, it must be a
+reference to a preprocessor subroutine.  When filling out a template,
+C<Text::Template::Preprocessor> will use this subroutine to preprocess
+the program fragment prior to evaluating the code.
+
+The preprocessor subroutine will be called repeatedly, once for each
+program fragment.  The program fragment will be in C<$_>.  The
+subroutine should modify the contents of C<$_> and return.
+C<Text::Template::Preprocess> will then execute contents of C<$_> and
+insert the result into the appropriate part of the template.
+
+C<Text::Template::Preprocess> objects also support a utility method,
+C<preprocessor()>, which sets a new preprocessor for the object.  This
+preprocessor is used for all subsequent calls to C<fill_in> except
+where overridden by an explicit C<PREPROCESSOR> option.
+C<preprocessor()> returns the previous default preprocessor function,
+or undefined if there wasn't one.  When invoked with no arguments,
+C<preprocessor()> returns the object's current default preprocessor
+function without changing it.
+
+In all other respects, C<Text::Template::Preprocess> is identical to
+C<Text::Template>.
+
+=head1 WHY?
+
+One possible purpose:  If your files contain a lot of JavaScript, like
+this:
+
+
+        Plain text here...
+        { perl code }
+        <script language=JavaScript>
+     	      if (br== "n3") { 
+	  	  // etc.
+	      }
+        </script>
+        { more perl code }
+        More plain text...
+
+You don't want C<Text::Template> to confuse the curly braces in the
+JavaScript program with executable Perl code.  One strategy:
+
+        sub quote_scripts {
+          s(<script(.*?)</script>)(q{$1})gsi;
+        }
+
+Then use C<PREPROCESSOR =E<gt> \&quote_scripts>.  This will transform 
+
+
+
+=head1 SEE ALSO
+
+L<Text::Template>
+
+=head1 AUTHOR
+
+
+Mark Jason Dominus, Plover Systems
+
+Please send questions and other remarks about this software to
+C<mjd-perl-template+@plover.com>
+
+You can join a very low-volume (E<lt>10 messages per year) mailing
+list for announcements about this package.  Send an empty note to
+C<mjd-perl-template-request@plover.com> to join.
+
+For updates, visit C<http://www.plover.com/~mjd/perl/Template/>.
+
+=head1 LICENSE
+
+    Text::Template::Preprocess version 1.46
+    Copyright 2013 Mark Jason Dominus
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.  You may also can
+    redistribute it and/or modify it under the terms of the Perl
+    Artistic License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received copies of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+=cut
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/00-version.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/00-version.t
new file mode 100644
index 0000000..5f9560f
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/00-version.t
@@ -0,0 +1,11 @@
+#!perl
+
+use Text::Template;
+print "1..1\n";
+
+if ($Text::Template::VERSION == 1.46) {
+        print "ok 1\n";
+} else {
+        print "not ok 1\n";
+}
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/01-basic.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/01-basic.t
new file mode 100644
index 0000000..be43390
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/01-basic.t
@@ -0,0 +1,266 @@
+#!perl
+#
+# Tests of basic, essential functionality
+#
+
+use Text::Template;
+$X::v = $Y::v = 0;		# Suppress `var used only once'
+
+print "1..31\n";
+
+$n=1;
+
+$template_1 = <<EOM;
+We will put value of \$v (which is "abc") here -> {\$v}
+We will evaluate 1+1 here -> {1 + 1}
+EOM
+
+# (1) Construct temporary template file for testing
+# file operations
+$TEMPFILE = "tt$$";
+open(TMP, "> $TEMPFILE") or print "not ok $n\n" && &abort("Couldn\'t write tempfile $TEMPFILE: $!");
+print TMP $template_1;
+close TMP;
+print "ok $n\n"; $n++;
+
+# (2) Build template from file
+$template = new Text::Template ('type' => 'FILE', 'source' => $TEMPFILE);
+if (defined($template)) {
+  print "ok $n\n";
+} else {
+  print "not ok $n $Text::Template::ERROR\n";
+}
+$n++;
+
+# (3) Fill in template from file
+$X::v = "abc";	
+$resultX = <<EOM;
+We will put value of \$v (which is "abc") here -> abc
+We will evaluate 1+1 here -> 2
+EOM
+$Y::v = "ABC";	
+$resultY = <<EOM;
+We will put value of \$v (which is "abc") here -> ABC
+We will evaluate 1+1 here -> 2
+EOM
+
+$text = $template->fill_in('package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (4) Fill in same template again
+$text = $template->fill_in('package' => Y);
+if ($text eq $resultY) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+
+
+# (5) Simple test of `fill_this_in'
+$text = Text::Template->fill_this_in( $template_1, 'package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (6) test creation of template from filehandle
+if (open (TMPL, "< $TEMPFILE")) {
+  $template = new Text::Template ('type' => 'FILEHANDLE', 
+				  'source' => *TMPL);
+  if (defined($template)) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n $Text::Template::ERROR\n";
+  }
+  $n++;
+
+# (7) test filling in of template from filehandle
+  $text = $template->fill_in('package' => X);
+  if ($text eq $resultX) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+
+# (8) test second fill_in on same template object
+  $text = $template->fill_in('package' => Y);
+  if ($text eq $resultY) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+  close TMPL;
+} else {
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+}
+
+
+# (9) test creation of template from array
+$template = new Text::Template 
+    ('type' => 'ARRAY', 
+     'source' => [ 
+		  'We will put value of $v (which is "abc") here -> {$v}',
+		  "\n",
+		  'We will evaluate 1+1 here -> {1+1}',
+		  "\n",
+		  ]);
+if (defined($template)) {
+  print "ok $n\n";
+} else {
+  print "not ok $n $Text::Template::ERROR\n";
+}
+$n++;
+
+# (10) test filling in of template from array
+$text = $template->fill_in('package' => X);
+if ($text eq $resultX) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+}
+$n++;
+
+# (11) test second fill_in on same array template object
+$text = $template->fill_in('package' => Y);
+if ($text eq $resultY) {
+  print "ok $n\n";
+} else {
+  print "not ok $n\n";
+  print STDERR "$resultX\n---\n$text";
+  unless (!defined($text)) { print STDERR "ERROR: $Text::Template::ERROR\n"};
+}
+$n++;
+
+
+
+# (12) Make sure \ is working properly
+# Test added for version 1.11
+my $tmpl = Text::Template->new(TYPE => 'STRING',
+			       SOURCE => 'B{"\\}"}C{"\\{"}D',
+			       );
+# This should fail if the \ are not interpreted properly.
+my $text = $tmpl->fill_in();
+print +($text eq "B}C{D" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (13) Make sure \ is working properly
+# Test added for version 1.11
+$tmpl = Text::Template->new(TYPE => 'STRING',
+			    SOURCE => qq{A{"\t"}B},
+			   );
+# Symptom of old problem:  ALL \ were special in templates, so
+# The lexer would return (A, PROGTEXT("t"), B), and the
+# result text would be AtB instead of A(tab)B.
+$text = $tmpl->fill_in();
+
+print +($text eq "A\tB" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (14-27) Make sure \ is working properly
+# Test added for version 1.11
+# This is a sort of general test.
+my @tests = ('{""}' => '',	# (14)
+	     '{"}"}' => undef,  # (15)
+	     '{"\\}"}' => '}',	# One backslash
+	     '{"\\\\}"}' => undef, # Two backslashes
+	     '{"\\\\\\}"}' => '}', # Three backslashes
+	     '{"\\\\\\\\}"}' => undef, # Four backslashes
+	     '{"\\\\\\\\\\}"}' => '\}', # Five backslashes  (20)
+	     '{"x20"}' => 'x20',
+	     '{"\\x20"}' => ' ',	# One backslash
+	     '{"\\\\x20"}' => '\\x20', # Two backslashes
+	     '{"\\\\\\x20"}' => '\\ ', # Three backslashes
+	     '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes  (25)
+	     '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes
+	     '{"\\x20\\}"}' => ' }', # (27)
+	    );
+
+my $i;
+for ($i=0; $i<@tests; $i+=2) {
+  my $tmpl = Text::Template->new(TYPE => 'STRING',
+				 SOURCE => $tests[$i],
+				);
+  my $text = $tmpl->fill_in;
+  my $result = $tests[$i+1];
+  my $ok = (! defined $text && ! defined $result
+	    || $text eq $result);
+  unless ($ok) {
+    print STDERR "($n) expected .$result., got .$text.\n";
+  }
+  print +($ok ? '' : 'not '), "ok $n\n";
+  $n++;
+}
+
+
+# (28-30) I discovered that you can't pass a glob ref as your filehandle.
+# MJD 20010827
+# (28) test creation of template from filehandle
+if (open (TMPL, "< $TEMPFILE")) {
+  $template = new Text::Template ('type' => 'FILEHANDLE', 
+				  'source' => \*TMPL);
+  if (defined($template)) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n $Text::Template::ERROR\n";
+  }
+  $n++;
+
+# (29) test filling in of template from filehandle
+  $text = $template->fill_in('package' => X);
+  if ($text eq $resultX) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+
+# (30) test second fill_in on same template object
+  $text = $template->fill_in('package' => Y);
+  if ($text eq $resultY) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n";
+  }
+  $n++;
+  close TMPL;
+} else {
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+  print "not ok $n\n";  $n++;
+}
+
+# (31) Test _scrubpkg for leakiness
+$Text::Template::GEN0::test = 1;
+Text::Template::_scrubpkg('Text::Template::GEN0');
+if ($Text::Template::GEN0::test) {
+  print "not ok $n\n";
+} else {
+  print "ok $n\n";
+}
+$n++;
+
+
+END {unlink $TEMPFILE;}
+
+exit;
+
+
+
+
+sub abort {
+  unlink $TEMPFILE;
+  die $_[0];
+}
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/02-hash.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/02-hash.t
new file mode 100644
index 0000000..29ba51a
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/02-hash.t
@@ -0,0 +1,111 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+
+print "1..12\n";
+
+$n=1;
+
+$template = 'We will put value of $v (which is "good") here -> {$v}';
+
+$v = 'oops (main)';
+$Q::v = 'oops (Q)';
+
+$vars = { 'v' => \'good' };
+
+# (1) Build template from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template);
+print +($template ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Fill in template in anonymous package
+$result2 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result2 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Did we clobber the main variable?
+print +($v eq 'oops (main)' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Fill in same template again
+$result4 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (5) Now with a package
+$result5 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars, PACKAGE => 'Q');
+print +($text eq $result5 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (6) We expect to have clobbered the Q variable.
+print +($Q::v eq 'good' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (7) Now let's try it without a package
+$result7 = 'We will put value of $v (which is "good") here -> good';
+$text = $template->fill_in(HASH => $vars);
+print +($text eq $result7 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (8-11) Now what does it do when we pass a hash with undefined values?
+# Roy says it does something bad. (Added for 1.20.)
+my $WARNINGS = 0;
+{
+  local $SIG{__WARN__} = sub {$WARNINGS++};
+  local $^W = 1;       # Make sure this is on for this test
+  $template8 = 'We will put value of $v (which is "good") here -> {defined $v ? "bad" : "good"}';
+  $result8 = 'We will put value of $v (which is "good") here -> good';
+  my $template = 
+    new Text::Template ('type' => 'STRING', 'source' => $template8);
+  my $text = $template->fill_in(HASH => {'v' => undef});
+  # (8) Did we generate a warning?
+  print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n";
+  $n++;
+  
+  # (9) Was the output correct?
+  print +($text eq $result8 ? '' : 'not '), "ok $n\n";
+  $n++;
+
+  # (10-11) Let's try that again, with a twist this time
+  $WARNINGS = 0;
+  $text = $template->fill_in(HASH => [{'v' => 17}, {'v' => undef}]);
+  # (10) Did we generate a warning?
+  print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n";
+  $n++;
+  
+  # (11) Was the output correct?
+  if ($] < 5.005) {
+    print "ok $n # skipped -- not supported before 5.005\n";
+  } else {
+    print +($text eq $result8 ? '' : 'not '), "ok $n\n";
+  }
+  $n++;
+}
+
+
+# (12) Now we'll test the multiple-hash option  (Added for 1.20.)
+$text = Text::Template::fill_in_string(q{$v: {$v}.  @v: [{"@v"}].},
+				       HASH => [{'v' => 17}, 
+						{'v' => ['a', 'b', 'c']},
+						{'v' => \23},
+					       ]);
+$result = q{$v: 23.  @v: [a b c].};
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/03-out.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/03-out.t
new file mode 100644
index 0000000..0ba65a5
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/03-out.t
@@ -0,0 +1,56 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+#
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..1\n";
+
+$n=1;
+
+$template = q{
+This line should have a 3: {1+2}
+
+This line should have several numbers:
+{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t }
+};
+
+$templateOUT = q{
+This line should have a 3: { $OUT = 1+2 }
+
+This line should have several numbers:
+{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } }
+};
+
+# Build templates from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT)
+  or die;
+
+# Fill in templates
+$text = $template->fill_in()
+  or die;
+$textOUT = $templateOUT->fill_in()
+  or die;
+
+# (1) They should be the same
+print +($text eq $textOUT ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Missing:  Test this feature in Safe compartments; 
+# it's a totally different code path.
+# Decision: Put that into safe.t, because that file should
+# be skipped when Safe.pm is unavailable.
+
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/04-safe.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/04-safe.t
new file mode 100644
index 0000000..4c07121
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/04-safe.t
@@ -0,0 +1,161 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..16\n";
+
+if ($^O eq 'MacOS') {
+  $BADOP = qq{};
+  $FAILURE = q{};
+} else {
+  $BADOP = qq{kill 0};
+  $FAILURE = q{Program fragment at line 1 delivered error ``kill trapped by operation mask''};
+}
+
+$n=1;
+$v = $v = 119;
+
+$c = new Safe or die;
+
+$goodtemplate = q{This should succeed: { $v }};
+$goodoutput   = q{This should succeed: 119};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => $c);
+$ERR2 = $@;
+$text3 = $template2->fill_in(SAFE => $c);
+$ERR3 = $@;
+
+# (1)(2)(3) None of these should have failed.
+print +(defined $text1 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Safe and non-safe fills of different template objects with the
+# same template text should yield the same result.
+# print +($text1 eq $text3 ? '' : 'not '), "ok $n\n";
+# (4) voided this test:  it's not true, because the unsafe fill
+# uses package main, while the safe fill uses the secret safe package.
+# We could alias the secret safe package to be identical to main,
+# but that wouldn't be safe.  If you want the aliasing, you have to
+# request it explicitly with `PACKAGE'.
+print "ok $n\n";
+$n++;
+
+# (5) Safe and non-safe fills of the same template object
+# should yield the same result.
+# (5) voided this test for the same reason as #4.
+# print +($text1 eq $text2 ? '' : 'not '), "ok $n\n";
+print "ok $n\n";
+$n++;
+
+# (6) Make sure the output was actually correct
+print +($text1 eq $goodoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+$badtemplate     = qq{This should fail: { $BADOP; 'NOFAIL' }};
+$badnosafeoutput = q{This should fail: NOFAIL};
+$badsafeoutput   = q{This should fail: Program fragment delivered error ``kill trapped by operation mask at template line 1.''};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => $c);
+$ERR2 = $@;
+$text3 = $template2->fill_in(SAFE => $c);
+$ERR3 = $@;
+$text4 = $template1->fill_in();
+
+# (7)(8)(9)(10) None of these should have failed.
+print +(defined $text1 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+print +(defined $text4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (11) text1 and text4 should be the same (using safe in between
+# didn't change anything.)
+print +($text1 eq $text4 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (12) text2 and text3 should be the same (same template text in different
+# objects
+print +($text2 eq $text3 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (13) text1 should yield badnosafeoutput
+print +($text1 eq $badnosafeoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (14) text2 should yield badsafeoutput
+$text2 =~ s/'kill'/kill/;  # 5.8.1 added quote marks around the op name
+print "# expected: <$badsafeoutput>\n# got     : <$text2>\n";
+print +($text2 eq $badsafeoutput ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+$template = q{{$x=1}{$x+1}};
+
+$template1 = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+$template2 = new Text::Template ('type' => 'STRING', 'source' => $template)
+  or die;
+
+$text1 = $template1->fill_in();
+$text2 = $template1->fill_in(SAFE => new Safe);
+
+# (15) Do effects persist in safe compartments?
+print +($text1 eq $text2 ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (16) Try the BROKEN routine in safe compartments
+sub my_broken { 
+  my %a = @_; $a{error} =~ s/ at.*//s;
+  "OK! text:$a{text} error:$a{error} lineno:$a{lineno} arg:$a{arg}" ;
+}
+$templateB = new Text::Template (TYPE => 'STRING', SOURCE => '{die}')
+    or die;
+$text1 = $templateB->fill_in(BROKEN => \&my_broken, 
+			     BROKEN_ARG => 'barg',
+			     SAFE => new Safe,
+			     );
+$result1 = qq{OK! text:die error:Died lineno:1 arg:barg};
+print +($text1 eq $result1 ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/05-safe2.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/05-safe2.t
new file mode 100644
index 0000000..0353477
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/05-safe2.t
@@ -0,0 +1,105 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..12\n";
+$n = 1;
+
+$c = new Safe or die;
+
+# Test handling of packages and importing.
+$c->reval('$P = "safe root"');
+$P = $P = 'main';
+$Q::P = $Q::P = 'Q';
+
+# How to effectively test the gensymming?
+
+$t = new Text::Template TYPE => 'STRING', SOURCE => 'package is {$P}'
+    or die;
+
+# (1) Default behavior: Inherit from calling package, `main' in this case.
+$text = $t->fill_in();
+print +($text eq 'package is main' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) When a package is specified, we should use that package instead.
+$text = $t->fill_in(PACKAGE => 'Q');
+print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) When no package is specified in safe mode, we should use the
+# default safe root.
+$text = $t->fill_in(SAFE => $c);
+print +($text eq 'package is safe root' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) When a package is specified in safe mode, we should use the
+# default safe root, after aliasing to the specified package
+$text = $t->fill_in(SAFE => $c, PACKAGE => Q);
+print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Now let's see if hash vars are installed properly into safe templates
+$t = new Text::Template TYPE => 'STRING', SOURCE => 'hash is {$H}'
+    or die;
+
+# (5) First in default mode
+$text = $t->fill_in(HASH => {H => 'good5'} );
+print +($text eq 'hash is good5' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (6) Now in packages
+$text = $t->fill_in(HASH => {H => 'good6'}, PACKAGE => 'Q' );
+print +($text eq 'hash is good6' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (7) Now in the default root of the safe compartment
+$text = $t->fill_in(HASH => {H => 'good7'}, SAFE => $c );
+print +($text eq 'hash is good7' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (8) Now in the default root after aliasing to a package that
+# got the hash stuffed in
+$text = $t->fill_in(HASH => {H => 'good8'}, SAFE => $c, PACKAGE => 'Q2' );
+print +($text eq 'hash is good8' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# Now let's make sure that none of the packages leaked on each other.
+# (9) This var should NOT have been installed into the main package
+print +(defined $H ? 'not ' : ''), "ok $n\n";
+$H=$H;
+$n++;
+
+# (10) good6 was overwritten in test 7, so there's nothing to test for here.
+print "ok $n\n";
+$n++;
+
+# (11) this value overwrote the one from test 6.
+print +($Q::H eq 'good7' ? '' : 'not '), "ok $n\n";
+$Q::H = $Q::H;
+$n++;
+
+# (12) 
+print +($Q2::H eq 'good8' ? '' : 'not '), "ok $n\n";
+$Q2::H = $Q2::H;
+$n++;
+
+
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/06-ofh.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/06-ofh.t
new file mode 100644
index 0000000..6865ad1
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/06-ofh.t
@@ -0,0 +1,39 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..2\n";
+
+$n=1;
+
+$template = new Text::Template TYPE => STRING, SOURCE => q{My process ID is {$$}};
+$of = "t$$";
+END { unlink $of }
+open O, "> $of" or die;
+
+$text = $template->fill_in(OUTPUT => \*O);
+
+# (1) No $text should have been constructed.  Return value should be true.
+print +($text eq '1' ? '' : 'not '), "ok $n\n";
+$n++;
+
+close O or die;
+open I, "< $of" or die;
+{ local $/; $t = <I> }
+close I;
+
+# (2) The text should have been printed to the file
+print +($t eq "My process ID is $$" ? '' : 'not '), "ok $n\n";
+$n++;
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/07-safe3.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/07-safe3.t
new file mode 100644
index 0000000..5f438f6
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/07-safe3.t
@@ -0,0 +1,91 @@
+#!perl
+#
+# test apparatus for Text::Template module
+
+use Text::Template;
+
+BEGIN {
+  eval "use Safe";
+  if ($@) {
+    print "1..0\n";
+    exit 0;
+  }
+}
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..3\n";
+
+$n=1;
+
+# Test the OUT feature with safe compartments
+
+$template = q{
+This line should have a 3: {1+2}
+
+This line should have several numbers:
+{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t }
+};
+
+$templateOUT = q{
+This line should have a 3: { $OUT = 1+2 }
+
+This line should have several numbers:
+{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } }
+};
+
+$c = new Safe;
+
+# Build templates from string
+$template = new Text::Template ('type' => 'STRING', 'source' => $template,
+			       SAFE => $c)
+  or die;
+$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT,
+				  SAFE => $c)
+  or die;
+
+# Fill in templates
+$text = $template->fill_in()
+  or die;
+$textOUT = $templateOUT->fill_in()
+  or die;
+
+# (1) They should be the same
+print +($text eq $textOUT ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2-3)  "Joel Appelbaum" <joel@orbz.com> <000701c0ac2c$aed1d6e0$0201a8c0@prime>
+# "Contrary to the documentation the $OUT variable is not always
+# undefined at the start of each program fragment.  The $OUT variable
+# is never undefined after it is used once if you are using the SAFE
+# option.  The result is that every fragment after the fragment that
+# $OUT was used in is replaced by the old $OUT value instead of the
+# result of the fragment.  This holds true even after the
+# Text::Template object goes out of scope and a new one is created!"
+#
+# Also reported by Daini Xie.
+
+{
+  my $template = q{{$OUT = 'x'}y{$OUT .= 'z'}};
+  my $expected = "xyz";
+  my $s = Safe->new;
+  my $o = Text::Template->new(type => 'string',
+                              source => $template,
+                             );
+  for (1..2) {
+    my $r = $o->fill_in(SAFE => $s);
+    if ($r ne $expected) {
+      print "not ok $n # <$r>\n";
+    } else {
+      print "ok $n\n";
+    }
+    $n++;
+  }
+}
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/08-exported.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/08-exported.t
new file mode 100644
index 0000000..ef9cfaf
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/08-exported.t
@@ -0,0 +1,75 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template 'fill_in_file', 'fill_in_string';
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..6\n";
+
+$n=1;
+$Q::n = $Q::n = 119; 
+
+# (1) Test fill_in_string
+$out = fill_in_string('The value of $n is {$n}.', PACKAGE => 'Q' );
+print +($out eq 'The value of $n is 119.' ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Test fill_in_file
+$TEMPFILE = "tt$$";
+open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting";
+print F 'The value of $n is {$n}.', "\n";
+close F or die "Couldn't write test file: $!; aborting";
+$R::n = $R::n = 8128; 
+
+$out = fill_in_file($TEMPFILE, PACKAGE => 'R');
+print +($out eq "The value of \$n is 8128.\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Jonathan Roy reported this bug:
+open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting";
+print F "With a message here? [% \$var %]\n";
+close F  or die "Couldn't close test file: $!; aborting";
+$out = fill_in_file($TEMPFILE, DELIMITERS => ['[%', '%]'],
+		    HASH => { "var" => \"It is good!" });
+print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) It probably occurs in fill_this_in also:
+$out = 
+  Text::Template->fill_this_in("With a message here? [% \$var %]\n",
+                      DELIMITERS => ['[%', '%]'],
+                      HASH => { "var" => \"It is good!" });
+print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (5) This test failed in 1.25.  It was supplied by Donald L. Greer Jr.
+# Note that it's different from (1)  in that there's no explicit 
+# package=> argument.
+use vars qw($string $foo $r);
+$string='Hello {$foo}';
+$foo="Don";
+$r = fill_in_string($string);
+print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $n++, "\n");
+
+# (6) This test failed in 1.25.  It's a variation on (5)
+package Q2;
+use Text::Template 'fill_in_string';
+use vars qw($string $foo $r);
+$string='Hello {$foo}';
+$foo="Don";
+$r = fill_in_string($string);
+print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $main::n++, "\n");
+
+package main;
+
+END { $TEMPFILE && unlink $TEMPFILE }
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/09-error.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/09-error.t
new file mode 100644
index 0000000..40f9fac
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/09-error.t
@@ -0,0 +1,63 @@
+#!perl
+#
+# test apparatus for Text::Template module
+# still incomplete.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..5\n";
+$n = 1;
+
+# (1-2) Missing source
+eval {
+  Text::Template->new();
+};
+unless ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) {
+  print STDERR $@;
+  print "not ";
+}
+print "ok $n\n";
+$n++;
+
+eval {
+  Text::Template->new(TYPE => 'FILE');
+};
+if ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) {
+  print "ok $n\n";
+} else {
+  print STDERR $@;
+  print "not ok $n\n";
+}
+$n++;
+
+# (3) Invalid type
+eval {
+  Text::Template->new(TYPE => 'wlunch', SOURCE => 'fish food');
+};
+if ($@ =~ /^\QIllegal value `WLUNCH' for TYPE parameter/) {
+  print "ok $n\n";
+} else {
+  print STDERR $@;
+  print "not ok $n\n";
+}
+$n++;
+
+# (4-5) File does not exist
+my $o = Text::Template->new(TYPE => 'file', 
+                            SOURCE => 'this file does not exist');
+print $o ? "not ok $n\n" : "ok $n\n";
+$n++;
+print defined($Text::Template::ERROR) 
+      && $Text::Template::ERROR =~ /^Couldn't open file/
+  ? "ok $n\n" : "not ok $n\n";
+$n++;
+
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/10-delimiters.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/10-delimiters.t
new file mode 100644
index 0000000..f74d591
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/10-delimiters.t
@@ -0,0 +1,99 @@
+#!perl
+#
+# Tests for user-specified delimiter functions
+# These tests first appeared in version 1.20.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..18\n";
+$n = 1;
+
+# (1) Try a simple delimiter: <<..>>
+# First with the delimiters specified at object creation time
+$V = $V = 119;
+$template = q{The value of $V is <<$V>>.};
+$result = q{The value of $V is 119.};
+$template1 = Text::Template->new(TYPE => STRING, 
+				 SOURCE => $template,
+				 DELIMITERS => ['<<', '>>']
+				)
+  or die "Couldn't construct template object: $Text::Template::ERROR; aborting";
+$text = $template1->fill_in();
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (2) Now with delimiter choice deferred until fill-in time.
+$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template);
+$text = $template1->fill_in(DELIMITERS => ['<<', '>>']);
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (3) Now we'll try using regex metacharacters
+# First with the delimiters specified at object creation time
+$template = q{The value of $V is [$V].};
+$template1 = Text::Template->new(TYPE => STRING, 
+				 SOURCE => $template,
+				 DELIMITERS => ['[', ']']
+				)
+  or die "Couldn't construct template object: $Text::Template::ERROR; aborting";
+$text = $template1->fill_in();
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+# (4) Now with delimiter choice deferred until fill-in time.
+$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template);
+$text = $template1->fill_in(DELIMITERS => ['[', ']']);
+print +($text eq $result ? '' : 'not '), "ok $n\n";
+$n++;
+
+
+
+# (5-18) Make sure \ is working properly
+# (That is to say, it is ignored.)
+# These tests are similar to those in 01-basic.t.
+my @tests = ('{""}' => '',	# (5)
+
+	     # Backslashes don't matter
+	     '{"}"}' => undef,
+	     '{"\\}"}' => undef,	# One backslash
+	     '{"\\\\}"}' => undef, # Two backslashes
+	     '{"\\\\\\}"}' => undef, # Three backslashes 
+	     '{"\\\\\\\\}"}' => undef, # Four backslashes (10)
+	     '{"\\\\\\\\\\}"}' => undef, # Five backslashes
+	     
+	     # Backslashes are always passed directly to Perl
+	     '{"x20"}' => 'x20',
+	     '{"\\x20"}' => ' ',	# One backslash
+	     '{"\\\\x20"}' => '\\x20', # Two backslashes
+	     '{"\\\\\\x20"}' => '\\ ', # Three backslashes (15)
+	     '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes
+	     '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes
+	     '{"\\x20\\}"}' => undef, # (18)
+	    );
+
+my $i;
+for ($i=0; $i<@tests; $i+=2) {
+  my $tmpl = Text::Template->new(TYPE => 'STRING',
+				 SOURCE => $tests[$i],
+				 DELIMITERS => ['{', '}'],
+				);
+  my $text = $tmpl->fill_in;
+  my $result = $tests[$i+1];
+  my $ok = (! defined $text && ! defined $result
+	    || $text eq $result);
+  unless ($ok) {
+    print STDERR "($n) expected .$result., got .$text.\n";
+  }
+  print +($ok ? '' : 'not '), "ok $n\n";
+  $n++;
+}
+
+
+exit;
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/11-prepend.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/11-prepend.t
new file mode 100644
index 0000000..fe242e5
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/11-prepend.t
@@ -0,0 +1,94 @@
+#!perl
+#
+# Tests for PREPEND features
+# These tests first appeared in version 1.22.
+
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+print "1..9\n";
+my $n = 1;
+
+@Emptyclass1::ISA = 'Text::Template';
+@Emptyclass2::ISA = 'Text::Template';
+
+my $tin = q{The value of $foo is: {$foo}};
+
+Text::Template->always_prepend(q{$foo = "global"});
+
+$tmpl1 = Text::Template->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Text::Template->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T1');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T2');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T3');
+
+($t1 eq 'The value of $foo is: global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+Emptyclass1->always_prepend(q{$foo = 'Emptyclass global';});
+$tmpl1 = Emptyclass1->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Emptyclass1->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T4');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T5');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6');
+
+($t1 eq 'The value of $foo is: Emptyclass global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+$tmpl1 = Emptyclass2->new(TYPE => 'STRING',
+				SOURCE => $tin,		
+			      );
+
+$tmpl2 = Emptyclass2->new(TYPE => 'STRING',
+			     SOURCE => $tin,		
+			     PREPEND => q{$foo = "template"},
+			     );
+
+$tmpl1->compile;
+$tmpl2->compile;
+
+$t1 = $tmpl1->fill_in(PACKAGE => 'T4');
+$t2 = $tmpl2->fill_in(PACKAGE => 'T5');
+$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6');
+
+($t1 eq 'The value of $foo is: global') or print "not ";
+print "ok $n\n"; $n++;
+($t2 eq 'The value of $foo is: template') or print "not ";
+print "ok $n\n"; $n++;
+($t3 eq 'The value of $foo is: fillin') or print "not ";
+print "ok $n\n"; $n++;
+
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/12-preprocess.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/12-preprocess.t
new file mode 100644
index 0000000..60b6b0c
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/12-preprocess.t
@@ -0,0 +1,52 @@
+#!perl
+#
+# Tests for PREPROCESSOR features
+# These tests first appeared in version 1.25.
+
+use Text::Template::Preprocess;
+
+die "This is the test program for Text::Template::Preprocess version 1.46.
+You are using version $Text::Template::Preprocess::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::Preprocess::VERSION == 1.46;
+
+$TMPFILE = "tt$$";
+
+print "1..8\n";
+my $n = 1;
+
+my $py = sub { tr/x/y/ };
+my $pz = sub { tr/x/z/ };
+
+my $t = 'xxx The value of $x is {$x}';
+my $outx = 'xxx The value of $x is 119';
+my $outy = 'yyy The value of $y is 23';
+my $outz = 'zzz The value of $z is 5';
+open TF, "> $TMPFILE" or die "Couldn't open test file: $!; aborting";
+print TF $t;
+close TF;
+
+@result = ($outx, $outy, $outz, $outz);
+for my $trial (1, 0) {
+  for my $test (0 .. 3) {
+    my $tmpl;
+    if ($trial == 0) {
+      $tmpl = new Text::Template::Preprocess 
+	(TYPE => 'STRING', SOURCE => $t) or die;
+    } else {
+      open TF, "< $TMPFILE" or die "Couldn't open test file: $!; aborting";
+      $tmpl = new Text::Template::Preprocess 
+	(TYPE => 'FILEHANDLE', SOURCE => \*TF) or die;
+    }
+    $tmpl->preprocessor($py) if ($test & 1) == 1;
+    my @args = ((($test & 2) == 2) ? (PREPROCESSOR => $pz) : ());
+    my $o = $tmpl->fill_in(@args, 
+			   HASH => {x => 119, 'y' => 23, z => 5});
+#    print STDERR "$o/$result[$test]\n";
+    print +(($o eq $result[$test]) ? '' : 'not '), "ok $n\n";
+    $n++;
+  }
+}
+
+unlink $TMPFILE;
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/13-taint.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/13-taint.t
new file mode 100644
index 0000000..d92a374
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/13-taint.t
@@ -0,0 +1,119 @@
+#!perl -T
+# Tests for taint-mode features
+
+use lib 'blib/lib';
+use Text::Template;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+my $r = int(rand(10000));
+my $file = "tt$r";
+
+# makes its arguments tainted
+sub taint {
+  for (@_) {
+    $_ .= substr($0,0,0);       # LOD
+  }
+}
+
+
+print "1..21\n";
+
+my $n =1;
+print "ok ", $n++, "\n";
+
+my $template = 'The value of $n is {$n}.';
+
+open T, "> $file" or die "Couldn't write temporary file $file: $!";
+print T $template, "\n";
+close T or die "Couldn't finish temporary file $file: $!";
+
+sub should_fail {
+  my $obj = Text::Template->new(@_);
+  eval {$obj->fill_in()};
+  if ($@) {
+    print "ok $n # $@\n";
+  } else {
+    print "not ok $n # (didn't fail)\n";
+  }
+  $n++;
+}
+
+sub should_work {
+  my $obj = Text::Template->new(@_);
+  eval {$obj->fill_in()};
+  if ($@) {
+    print "not ok $n # $@\n";
+  } else {
+    print "ok $n\n";
+  }
+  $n++;
+}
+
+sub should_be_tainted {
+  if (Text::Template::_is_clean($_[0])) {
+    print "not ok $n\n"; $n++; return;
+  }
+  print "ok $n\n"; $n++; return; 
+}
+
+sub should_be_clean {
+  unless (Text::Template::_is_clean($_[0])) {
+    print "not ok $n\n"; $n++; return;
+  }
+  print "ok $n\n"; $n++; return; 
+}
+
+# Tainted filename should die with and without UNTAINT option
+# untainted filename should die without UNTAINT option
+# filehandle should die without UNTAINT option
+# string and array with tainted data should die either way
+
+# (2)-(7)
+my $tfile = $file;
+taint($tfile);
+should_be_tainted($tfile);
+should_be_clean($file);
+should_fail TYPE => 'file', SOURCE => $tfile;
+should_fail TYPE => 'file', SOURCE => $tfile, UNTAINT => 1;
+should_fail TYPE => 'file', SOURCE => $file;
+should_work TYPE => 'file', SOURCE => $file, UNTAINT => 1;
+
+# (8-9)
+open H, "< $file" or die "Couldn't open $file for reading: $!; aborting";
+should_fail TYPE => 'filehandle', SOURCE => \*H;
+close H;
+open H, "< $file" or die "Couldn't open $file for reading: $!; aborting";
+should_work TYPE => 'filehandle', SOURCE => \*H, UNTAINT => 1;
+close H;
+
+# (10-15)
+my $ttemplate = $template;
+taint($ttemplate);
+should_be_tainted($ttemplate);
+should_be_clean($template);
+should_fail TYPE => 'string', SOURCE => $ttemplate;
+should_fail TYPE => 'string', SOURCE => $ttemplate, UNTAINT => 1;
+should_work TYPE => 'string', SOURCE => $template;
+should_work TYPE => 'string', SOURCE => $template, UNTAINT => 1;
+
+# (16-19)
+my $array = [ $template ];
+my $tarray = [ $ttemplate ];
+should_fail TYPE => 'array', SOURCE => $tarray;
+should_fail TYPE => 'array', SOURCE => $tarray, UNTAINT => 1;
+should_work TYPE => 'array', SOURCE => $array;
+should_work TYPE => 'array', SOURCE => $array, UNTAINT => 1;
+
+# (20-21) Test _unconditionally_untaint utility function
+Text::Template::_unconditionally_untaint($ttemplate);
+should_be_clean($ttemplate);
+Text::Template::_unconditionally_untaint($tfile);
+should_be_clean($tfile);
+
+END { unlink $file }
+
diff --git a/openssl-1.1.0h/external/perl/Text-Template-1.46/t/14-broken.t b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/14-broken.t
new file mode 100644
index 0000000..d362395
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/Text-Template-1.46/t/14-broken.t
@@ -0,0 +1,82 @@
+#!perl
+# test apparatus for Text::Template module
+
+use Text::Template;
+
+print "1..5\n";
+
+$n=1;
+
+die "This is the test program for Text::Template version 1.46.
+You are using version $Text::Template::VERSION instead.
+That does not make sense.\n
+Aborting"
+  unless $Text::Template::VERSION == 1.46;
+
+# (1) basic error delivery
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in();
+  if ($r eq q{Program fragment delivered error ``Illegal division by zero at template line 1.''}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (2) BROKEN sub called in ->new?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                              BROKEN => sub {'---'},
+                             )->fill_in();
+  if ($r eq q{---}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (3) BROKEN sub called in ->fill_in?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in(BROKEN => sub {'---'});
+  if ($r eq q{---}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (4) BROKEN sub passed correct args when called in ->new?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                              BROKEN => sub { my %a = @_;
+                                qq{$a{lineno},$a{error},$a{text}}
+                              },
+                             )->fill_in();
+  if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
+# (5) BROKEN sub passed correct args when called in ->fill_in?
+{ my $r = Text::Template->new(TYPE => 'string',
+                              SOURCE => '{1/0}',
+                             )->fill_in(BROKEN => 
+                                        sub { my %a = @_;
+                                              qq{$a{lineno},$a{error},$a{text}}
+                                            });
+  if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) {
+    print "ok $n\n";
+  } else {
+    print "not ok $n\n# $r\n";
+  }
+  $n++;
+}
+
diff --git a/openssl-1.1.0h/external/perl/transfer/Text/Template.pm b/openssl-1.1.0h/external/perl/transfer/Text/Template.pm
new file mode 100644
index 0000000..7dbfe3f
--- /dev/null
+++ b/openssl-1.1.0h/external/perl/transfer/Text/Template.pm
@@ -0,0 +1,20 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Quick transfer to the downloaded Text::Template
+
+BEGIN {
+    use File::Spec::Functions;
+    use File::Basename;
+    use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1.46", "lib");
+    # Some unpackers on VMS convert periods in directory names to underscores
+    use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1_46", "lib");
+    use Text::Template;
+    shift @INC;                 # Takes away the effect of use lib
+    shift @INC;                 # Takes away the effect of use lib
+}
+1;
diff --git a/openssl-1.1.0h/fuzz/README.md b/openssl-1.1.0h/fuzz/README.md
new file mode 100644
index 0000000..c5a1ba9
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/README.md
@@ -0,0 +1,66 @@
+# I Can Haz Fuzz?
+
+LibFuzzer
+=========
+
+Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html).
+
+Starting from a vanilla+OpenSSH server Ubuntu install.
+
+Use Chrome's handy recent build of clang. Older versions may also work.
+
+    $ sudo apt-get install git
+    $ mkdir git-work
+    $ git clone https://chromium.googlesource.com/chromium/src/tools/clang
+    $ clang/scripts/update.py
+
+You may want to git pull and re-run the update from time to time.
+
+Update your path:
+
+    $ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH
+
+Get and build libFuzzer (there is a git mirror at
+https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
+
+    $ cd
+    $ sudo apt-get install subversion
+    $ mkdir svn-work
+    $ cd svn-work
+    $ svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
+    $ cd Fuzzer
+    $ clang++ -c -g -O2 -std=c++11 *.cpp
+    $ ar r libFuzzer.a *.o
+    $ ranlib libFuzzer.a
+
+Configure for fuzzing:
+
+    $ CC=clang ./config enable-fuzz-libfuzzer \
+            --with-fuzzer-include=../../svn-work/Fuzzer \
+            --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
+            -DPEDANTIC enable-asan enable-ubsan no-shared
+    $ sudo apt-get install make
+    $ LDCMD=clang++ make -j
+    $ fuzz/helper.py $FUZZER
+
+Where $FUZZER is one of the executables in `fuzz/`.
+
+If you get a crash, you should find a corresponding input file in
+`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
+
+    $ fuzz/$FUZZER <crashfile>
+
+AFL
+===
+
+Configure for fuzzing:
+
+    $ sudo apt-get install afl-clang
+    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
+    $ make
+
+Run one of the fuzzers:
+
+    $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
+
+Where $FUZZER is one of the executables in `fuzz/`.
diff --git a/openssl-1.1.0h/fuzz/asn1.c b/openssl-1.1.0h/fuzz/asn1.c
new file mode 100644
index 0000000..5125f36
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/asn1.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz ASN.1 parsing for various data structures. Specify which on the
+ * command line:
+ *
+ * asn1 <data structure>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/ts.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "fuzzer.h"
+
+static ASN1_ITEM_EXP *item_type[] = {
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+    ASN1_ITEM_ref(ASIdOrRange),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+    ASN1_ITEM_ref(LONG),
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(SXNETID),
+    /*ASN1_ITEM_ref(TS_RESP),  want to do this, but type is hidden, however d2i exists... */
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+    ASN1_ITEM_ref(ZLONG),
+    NULL
+};
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    int n;
+
+    ASN1_PCTX *pctx = ASN1_PCTX_new();
+
+    ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
+        ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
+        ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
+    ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
+        ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
+
+    for (n = 0; item_type[n] != NULL; ++n) {
+        const uint8_t *b = buf;
+        unsigned char *der = NULL;
+        const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
+        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
+
+        if (o != NULL) {
+            BIO *bio = BIO_new(BIO_s_null());
+            ASN1_item_print(bio, o, 4, i, pctx);
+            BIO_free(bio);
+
+            ASN1_item_i2d(o, &der, i);
+            OPENSSL_free(der);
+
+            ASN1_item_free(o, i);
+        }
+    }
+
+    ASN1_PCTX_free(pctx);
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/asn1parse.c b/openssl-1.1.0h/fuzz/asn1parse.c
new file mode 100644
index 0000000..b3a6dab
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/asn1parse.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz the parser used for dumping ASN.1 using "openssl asn1parse".
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    static BIO *bio_out;
+
+    if (bio_out == NULL)
+        bio_out = BIO_new_file("/dev/null", "w");
+
+    (void)ASN1_parse_dump(bio_out, buf, len, 0, 0);
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/bignum.c b/openssl-1.1.0h/fuzz/bignum.c
new file mode 100644
index 0000000..43e134b
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/bignum.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Confirm that a^b mod c agrees when calculated cleverly vs naively, for
+ * random a, b and c.
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    static BN_CTX *ctx;
+    static BIGNUM *b1;
+    static BIGNUM *b2;
+    static BIGNUM *b3;
+    static BIGNUM *b4;
+    static BIGNUM *b5;
+    int success = 0;
+    size_t l1 = 0, l2 = 0, l3 = 0;
+    int s1 = 0, s2 = 0, s3 = 0;
+
+    if (ctx == NULL) {
+        b1 = BN_new();
+        b2 = BN_new();
+        b3 = BN_new();
+        b4 = BN_new();
+        b5 = BN_new();
+        ctx = BN_CTX_new();
+    }
+    /* Divide the input into three parts, using the values of the first two
+     * bytes to choose lengths, which generate b1, b2 and b3. Use three bits
+     * of the third byte to choose signs for the three numbers.
+     */
+    if (len > 2) {
+        len -= 3;
+        l1 = (buf[0] * len) / 255;
+        ++buf;
+        l2 = (buf[0] * (len - l1)) / 255;
+        ++buf;
+        l3 = len - l1 - l2;
+
+        s1 = buf[0] & 1;
+        s2 = buf[0] & 2;
+        s3 = buf[0] & 4;
+        ++buf;
+    }
+    OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
+    BN_set_negative(b1, s1);
+    OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
+    BN_set_negative(b2, s2);
+    OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3);
+    BN_set_negative(b3, s3);
+
+    /* mod 0 is undefined */
+    if (BN_is_zero(b3)) {
+        success = 1;
+        goto done;
+    }
+
+    OPENSSL_assert(BN_mod_exp(b4, b1, b2, b3, ctx));
+    OPENSSL_assert(BN_mod_exp_simple(b5, b1, b2, b3, ctx));
+
+    success = BN_cmp(b4, b5) == 0;
+    if (!success) {
+        BN_print_fp(stdout, b1);
+        putchar('\n');
+        BN_print_fp(stdout, b2);
+        putchar('\n');
+        BN_print_fp(stdout, b3);
+        putchar('\n');
+        BN_print_fp(stdout, b4);
+        putchar('\n');
+        BN_print_fp(stdout, b5);
+        putchar('\n');
+    }
+
+ done:
+    OPENSSL_assert(success);
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/bndiv.c b/openssl-1.1.0h/fuzz/bndiv.c
new file mode 100644
index 0000000..45a3937
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/bndiv.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Confirm that if (d, r) = a / b, then b * d + r == a, and that sign(d) ==
+ * sign(a), and 0 <= r <= b
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    static BN_CTX *ctx;
+    static BIGNUM *b1;
+    static BIGNUM *b2;
+    static BIGNUM *b3;
+    static BIGNUM *b4;
+    static BIGNUM *b5;
+    int success = 0;
+    size_t l1 = 0, l2 = 0;
+    /* s1 and s2 will be the signs for b1 and b2. */
+    int s1 = 0, s2 = 0;
+
+    if (ctx == NULL) {
+        b1 = BN_new();
+        b2 = BN_new();
+        b3 = BN_new();
+        b4 = BN_new();
+        b5 = BN_new();
+        ctx = BN_CTX_new();
+    }
+    /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and
+     * b2.
+     */
+    if (len > 0) {
+        --len;
+        /* Use first byte to divide the remaining buffer into 3Fths. I admit
+         * this disallows some number sizes. If it matters, better ideas are
+         * welcome (Ben).
+         */
+        l1 = ((buf[0] & 0x3f) * len) / 0x3f;
+        s1 = buf[0] & 0x40;
+        s2 = buf[0] & 0x80;
+        ++buf;
+        l2 = len - l1;
+    }
+    OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
+    BN_set_negative(b1, s1);
+    OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
+    BN_set_negative(b2, s2);
+
+    /* divide by 0 is an error */
+    if (BN_is_zero(b2)) {
+        success = 1;
+        goto done;
+    }
+
+    OPENSSL_assert(BN_div(b3, b4, b1, b2, ctx));
+    if (BN_is_zero(b1))
+        success = BN_is_zero(b3) && BN_is_zero(b4);
+    else if (BN_is_negative(b1))
+        success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3))
+            && (BN_is_negative(b4) || BN_is_zero(b4));
+    else
+        success = (BN_is_negative(b3) == BN_is_negative(b2)  || BN_is_zero(b3))
+            && (!BN_is_negative(b4) || BN_is_zero(b4));
+    OPENSSL_assert(BN_mul(b5, b3, b2, ctx));
+    OPENSSL_assert(BN_add(b5, b5, b4));
+
+    success = success && BN_cmp(b5, b1) == 0;
+    if (!success) {
+        BN_print_fp(stdout, b1);
+        putchar('\n');
+        BN_print_fp(stdout, b2);
+        putchar('\n');
+        BN_print_fp(stdout, b3);
+        putchar('\n');
+        BN_print_fp(stdout, b4);
+        putchar('\n');
+        BN_print_fp(stdout, b5);
+        putchar('\n');
+        printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1),
+               BN_is_negative(b2),
+               BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4),
+               BN_is_negative(b3) != BN_is_negative(b2)
+               && (BN_is_negative(b4) || BN_is_zero(b4)),
+               BN_cmp(b5, b1));
+        puts("----\n");
+    }
+
+ done:
+    OPENSSL_assert(success);
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/build.info b/openssl-1.1.0h/fuzz/build.info
new file mode 100644
index 0000000..eade218
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/build.info
@@ -0,0 +1,113 @@
+{- use File::Spec::Functions;
+   our $ex_inc = $withargs{fuzzer_include} &&
+       (file_name_is_absolute($withargs{fuzzer_include}) ?
+        $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
+   our $ex_lib = $withargs{fuzzer_lib} &&
+       (file_name_is_absolute($withargs{fuzzer_lib}) ?
+        $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
+   ""
+-}
+
+IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
+  PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv conf crl server x509
+
+  IF[{- !$disabled{"cms"} -}]
+    PROGRAMS_NO_INST=cms
+  ENDIF
+
+  IF[{- !$disabled{"ct"} -}]
+    PROGRAMS_NO_INST=ct
+  ENDIF
+
+  SOURCE[asn1]=asn1.c driver.c
+  INCLUDE[asn1]=../include {- $ex_inc -}
+  DEPEND[asn1]=../libcrypto {- $ex_lib -}
+
+  SOURCE[asn1parse]=asn1parse.c driver.c
+  INCLUDE[asn1parse]=../include {- $ex_inc -}
+  DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
+
+  SOURCE[bignum]=bignum.c driver.c
+  INCLUDE[bignum]=../include {- $ex_inc -}
+  DEPEND[bignum]=../libcrypto {- $ex_lib -}
+
+  SOURCE[bndiv]=bndiv.c driver.c
+  INCLUDE[bndiv]=../include {- $ex_inc -}
+  DEPEND[bndiv]=../libcrypto {- $ex_lib -}
+
+  SOURCE[cms]=cms.c driver.c
+  INCLUDE[cms]=../include {- $ex_inc -}
+  DEPEND[cms]=../libcrypto {- $ex_lib -}
+
+  SOURCE[conf]=conf.c driver.c
+  INCLUDE[conf]=../include {- $ex_inc -}
+  DEPEND[conf]=../libcrypto {- $ex_lib -}
+
+  SOURCE[crl]=crl.c driver.c
+  INCLUDE[crl]=../include {- $ex_inc -}
+  DEPEND[crl]=../libcrypto {- $ex_lib -}
+
+  SOURCE[ct]=ct.c driver.c
+  INCLUDE[ct]=../include {- $ex_inc -}
+  DEPEND[ct]=../libcrypto {- $ex_lib -}
+
+  SOURCE[server]=server.c driver.c
+  INCLUDE[server]=../include {- $ex_inc -}
+  DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
+
+  SOURCE[x509]=x509.c driver.c
+  INCLUDE[x509]=../include {- $ex_inc -}
+  DEPEND[x509]=../libcrypto {- $ex_lib -}
+ENDIF
+
+IF[{- !$disabled{tests} -}]
+  PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test conf-test crl-test server-test x509-test
+
+  IF[{- !$disabled{"cms"} -}]
+    PROGRAMS_NO_INST=cms-test
+  ENDIF
+
+  IF[{- !$disabled{"ct"} -}]
+    PROGRAMS_NO_INST=ct-test
+  ENDIF
+
+  SOURCE[asn1-test]=asn1.c test-corpus.c
+  INCLUDE[asn1-test]=../include
+  DEPEND[asn1-test]=../libcrypto
+
+  SOURCE[asn1parse-test]=asn1parse.c test-corpus.c
+  INCLUDE[asn1parse-test]=../include
+  DEPEND[asn1parse-test]=../libcrypto
+
+  SOURCE[bignum-test]=bignum.c test-corpus.c
+  INCLUDE[bignum-test]=../include
+  DEPEND[bignum-test]=../libcrypto
+
+  SOURCE[bndiv-test]=bndiv.c test-corpus.c
+  INCLUDE[bndiv-test]=../include
+  DEPEND[bndiv-test]=../libcrypto
+
+  SOURCE[cms-test]=cms.c test-corpus.c
+  INCLUDE[cms-test]=../include
+  DEPEND[cms-test]=../libcrypto
+
+  SOURCE[conf-test]=conf.c test-corpus.c
+  INCLUDE[conf-test]=../include
+  DEPEND[conf-test]=../libcrypto
+
+  SOURCE[crl-test]=crl.c test-corpus.c
+  INCLUDE[crl-test]=../include
+  DEPEND[crl-test]=../libcrypto
+
+  SOURCE[ct-test]=ct.c test-corpus.c
+  INCLUDE[ct-test]=../include
+  DEPEND[ct-test]=../libcrypto
+
+  SOURCE[server-test]=server.c test-corpus.c
+  INCLUDE[server-test]=../include
+  DEPEND[server-test]=../libcrypto ../libssl
+
+  SOURCE[x509-test]=x509.c test-corpus.c
+  INCLUDE[x509-test]=../include
+  DEPEND[x509-test]=../libcrypto
+ENDIF
diff --git a/openssl-1.1.0h/fuzz/cms.c b/openssl-1.1.0h/fuzz/cms.c
new file mode 100644
index 0000000..94390e7
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/cms.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Test CMS DER parsing.
+ */
+
+#include <openssl/bio.h>
+#include <openssl/cms.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    CMS_ContentInfo *i;
+    BIO *in;
+    if (!len) {
+        return 0;
+    }
+
+    in = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    i = d2i_CMS_bio(in, NULL);
+    CMS_ContentInfo_free(i);
+    BIO_free(in);
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/conf.c b/openssl-1.1.0h/fuzz/conf.c
new file mode 100644
index 0000000..30b13c8
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/conf.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Test configuration parsing.
+ */
+
+#include <openssl/conf.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    CONF *conf;
+    BIO *in;
+    long eline;
+
+    if (len == 0)
+        return 0;
+
+    conf = NCONF_new(NULL);
+    in = BIO_new(BIO_s_mem());
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    NCONF_load_bio(conf, in, &eline);
+    NCONF_free(conf);
+    BIO_free(in);
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/crl.c b/openssl-1.1.0h/fuzz/crl.c
new file mode 100644
index 0000000..728943f
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/crl.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    const unsigned char *p = buf;
+    unsigned char *der = NULL;
+
+    X509_CRL *crl = d2i_X509_CRL(NULL, &p, len);
+    if (crl != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        X509_CRL_print(bio, crl);
+        BIO_free(bio);
+
+        i2d_X509_CRL(crl, &der);
+        OPENSSL_free(der);
+
+        X509_CRL_free(crl);
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/ct.c b/openssl-1.1.0h/fuzz/ct.c
new file mode 100644
index 0000000..411ccef
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/ct.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Fuzz the SCT parser.
+ */
+
+#include <stdio.h>
+#include <openssl/ct.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    const uint8_t **pp = &buf;
+    unsigned char *der = NULL;
+    STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
+    if (scts != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        SCT_LIST_print(scts, bio, 4, "\n", NULL);
+        BIO_free(bio);
+
+        if (i2d_SCT_LIST(scts, &der)) {
+            /* Silence unused result warning */
+        }
+        OPENSSL_free(der);
+
+        SCT_LIST_free(scts);
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/driver.c b/openssl-1.1.0h/fuzz/driver.c
new file mode 100644
index 0000000..c530fed
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/driver.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h>
+#include "fuzzer.h"
+
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+    if (FuzzerInitialize)
+        return FuzzerInitialize(argc, argv);
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    return FuzzerTestOneInput(buf, len);
+}
+
+#elif !defined(OPENSSL_NO_FUZZ_AFL)
+
+#define BUF_SIZE 65536
+
+int main(int argc, char** argv)
+{
+    if (FuzzerInitialize)
+        FuzzerInitialize(&argc, &argv);
+
+    while (__AFL_LOOP(10000)) {
+        uint8_t *buf = malloc(BUF_SIZE);
+        size_t size = read(0, buf, BUF_SIZE);
+
+        FuzzerTestOneInput(buf, size);
+        free(buf);
+    }
+    return 0;
+}
+
+#else
+
+#error "Unsupported fuzzer"
+
+#endif
diff --git a/openssl-1.1.0h/fuzz/fuzzer.h b/openssl-1.1.0h/fuzz/fuzzer.h
new file mode 100644
index 0000000..04d605d
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/fuzzer.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len);
+int FuzzerInitialize(int *argc, char ***argv);
diff --git a/openssl-1.1.0h/fuzz/helper.py b/openssl-1.1.0h/fuzz/helper.py
new file mode 100755
index 0000000..f5f9d77
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/helper.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+#
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+"""Fuzzing helper, creates and uses corpus/crash directories.
+
+fuzzer.py <fuzzer> <extra fuzzer arguments>
+"""
+
+import os
+import subprocess
+import sys
+
+FUZZER = sys.argv[1]
+
+THIS_DIR = os.path.abspath(os.path.dirname(__file__))
+CORPORA_DIR = os.path.abspath(os.path.join(THIS_DIR, "corpora"))
+
+FUZZER_DIR = os.path.abspath(os.path.join(CORPORA_DIR, FUZZER))
+if not os.path.isdir(FUZZER_DIR):
+    os.mkdir(FUZZER_DIR)
+
+corpora = []
+
+def _create(d):
+    dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
+    if not os.path.isdir(dd):
+        os.mkdir(dd)
+    corpora.append(dd)
+
+def _add(d):
+    dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
+    if os.path.isdir(dd):
+        corpora.append(dd)
+
+def main():
+    _create(FUZZER)
+    _create(FUZZER + "-crash")
+    _add(FUZZER + "-seed")
+
+    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))]  + sys.argv[2:]
+           + ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
+    print " ".join(cmd)
+    subprocess.call(cmd)
+
+if __name__ == "__main__":
+    main()
diff --git a/openssl-1.1.0h/fuzz/server.c b/openssl-1.1.0h/fuzz/server.c
new file mode 100644
index 0000000..35449d8
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/server.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/* Shamelessly copied from BoringSSL and converted to C. */
+
+/* Test first part of SSL server handshake. */
+
+
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include "fuzzer.h"
+
+static const uint8_t kCertificateDER[] = {
+    0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
+    0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
+    0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
+    0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
+    0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
+    0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
+    0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
+    0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+    0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
+    0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
+    0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
+    0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
+    0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
+    0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
+    0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
+    0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
+    0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
+    0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
+    0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
+    0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
+    0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
+    0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
+    0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
+    0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
+    0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
+    0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
+    0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
+    0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
+    0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
+    0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
+    0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
+    0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
+    0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
+    0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
+    0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
+    0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
+    0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
+    0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
+    0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
+    0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
+    0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
+    0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
+    0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
+    0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
+    0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
+    0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
+    0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
+    0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
+    0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
+    0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
+    0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
+    0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
+    0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
+    0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
+    0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
+    0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
+    0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
+    0x76, 0x8a, 0xbb,
+};
+
+static const uint8_t kRSAPrivateKeyDER[] = {
+    0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
+    0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
+    0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
+    0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
+    0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
+    0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
+    0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
+    0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
+    0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
+    0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
+    0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
+    0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
+    0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
+    0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
+    0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
+    0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
+    0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
+    0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
+    0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
+    0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
+    0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
+    0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
+    0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
+    0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
+    0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
+    0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
+    0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
+    0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
+    0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
+    0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
+    0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
+    0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
+    0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
+    0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
+    0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
+    0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
+    0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
+    0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
+    0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
+    0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
+    0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
+    0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
+    0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
+    0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
+    0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
+    0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
+    0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
+    0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
+    0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
+    0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
+    0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
+    0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
+    0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
+    0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
+    0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
+    0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
+    0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
+    0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
+    0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
+    0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
+    0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
+    0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
+    0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
+    0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
+    0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
+    0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
+    0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
+    0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
+    0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
+    0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
+    0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
+    0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
+    0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
+    0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
+    0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
+    0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
+    0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
+    0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
+    0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
+    0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
+    0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
+    0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
+    0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
+    0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
+    0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
+    0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
+    0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
+    0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
+    0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
+    0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
+    0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
+    0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
+    0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
+    0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
+    0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
+    0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
+    0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
+    0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
+    0x98, 0x46, 0x89, 0x82, 0x40,
+};
+
+static SSL_CTX *ctx;
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    const uint8_t *bufp = kRSAPrivateKeyDER;
+    RSA *privkey;
+    EVP_PKEY *pkey;
+    int ret;
+    X509 *cert;
+
+    ctx = SSL_CTX_new(SSLv23_method());
+    privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
+    OPENSSL_assert(privkey != NULL);
+    pkey = EVP_PKEY_new();
+    EVP_PKEY_assign_RSA(pkey, privkey);
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    OPENSSL_assert(ret == 1);
+    EVP_PKEY_free(pkey);
+    bufp = kCertificateDER;
+    cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
+    OPENSSL_assert(cert != NULL);
+    ret = SSL_CTX_use_certificate(ctx, cert);
+    OPENSSL_assert(ret == 1);
+    X509_free(cert);
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    SSL *server;
+    BIO *in;
+    BIO *out;
+    if (!len) {
+        return 0;
+    }
+    /* TODO: make this work for OpenSSL. There's a PREDICT define that may do
+     * the job.
+     * TODO: use the ossltest engine (optionally?) to disable crypto checks.
+     * RAND_reset_for_fuzzing();
+     */
+
+    /* This only fuzzes the initial flow from the client so far. */
+    server = SSL_new(ctx);
+    in = BIO_new(BIO_s_mem());
+    out = BIO_new(BIO_s_mem());
+    SSL_set_bio(server, in, out);
+    SSL_set_accept_state(server);
+    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+    if (SSL_do_handshake(server) == 1) {
+        /* Keep reading application data until error or EOF. */
+        uint8_t tmp[1024];
+        for (;;) {
+            if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
+                break;
+            }
+        }
+    }
+    SSL_free(server);
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/test-corpus.c b/openssl-1.1.0h/fuzz/test-corpus.c
new file mode 100644
index 0000000..c553697
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/test-corpus.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+/*
+ * Given a list of files, run each of them through the fuzzer.  Note that
+ * failure will be indicated by some kind of crash. Switching on things like
+ * asan improves the test.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <openssl/crypto.h>
+#include "fuzzer.h"
+
+int main(int argc, char **argv) {
+    int n;
+
+    FuzzerInitialize(&argc, &argv);
+
+    for (n = 1; n < argc; ++n) {
+        struct stat st;
+        FILE *f;
+        unsigned char *buf;
+        size_t s;
+
+        stat(argv[n], &st);
+        f = fopen(argv[n], "rb");
+        if (f == NULL)
+            continue;
+        buf = malloc(st.st_size);
+        s = fread(buf, 1, st.st_size, f);
+        OPENSSL_assert(s == (size_t)st.st_size);
+        FuzzerTestOneInput(buf, s);
+        free(buf);
+        fclose(f);
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/fuzz/x509.c b/openssl-1.1.0h/fuzz/x509.c
new file mode 100644
index 0000000..b2851f1
--- /dev/null
+++ b/openssl-1.1.0h/fuzz/x509.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv) {
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    const unsigned char *p = buf;
+    unsigned char *der = NULL;
+
+    X509 *x509 = d2i_X509(NULL, &p, len);
+    if (x509 != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+        /* This will load and print the public key as well as extensions */
+        X509_print(bio, x509);
+        BIO_free(bio);
+
+        i2d_X509(x509, &der);
+        OPENSSL_free(der);
+
+        X509_free(x509);
+    }
+    return 0;
+}
diff --git a/openssl-1.1.0h/include/internal/asn1t.h b/openssl-1.1.0h/include/internal/asn1t.h
new file mode 100644
index 0000000..32d637d
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/asn1t.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
diff --git a/openssl-1.1.0h/include/internal/bio.h b/openssl-1.1.0h/include/internal/bio.h
new file mode 100644
index 0000000..3a933e0
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/bio.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+
+struct bio_method_st {
+    int type;
+    char *name;
+    int (*bwrite) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, BIO_info_cb *);
+};
+
+void bio_free_ex_data(BIO *bio);
+void bio_cleanup(void);
diff --git a/openssl-1.1.0h/include/internal/comp.h b/openssl-1.1.0h/include/internal/comp.h
new file mode 100644
index 0000000..ac6e38b
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/comp.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/comp.h>
+
+void comp_zlib_cleanup_int(void);
diff --git a/openssl-1.1.0h/include/internal/conf.h b/openssl-1.1.0h/include/internal/conf.h
new file mode 100644
index 0000000..ada3f92
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/conf.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_CONF_H
+# define HEADER_INTERNAL_CONF_H
+
+#include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+struct ossl_init_settings_st {
+    char *appname;
+};
+
+void openssl_config_int(const char *appname);
+void openssl_no_config_int(void);
+void conf_modules_free_int(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/internal/constant_time_locl.h b/openssl-1.1.0h/include/internal/constant_time_locl.h
new file mode 100644
index 0000000..d27fb14
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/constant_time_locl.h
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
+
+# include <openssl/e_os2.h>              /* For 'ossl_inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ *   c = a;
+ * } else {
+ *   c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static ossl_inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b);
+/* Signed integers. */
+static ossl_inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b);
+/* Convenience method for unsigned chars. */
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b);
+/* Convenience method for signed integers. */
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b);
+
+static ossl_inline unsigned int constant_time_msb(unsigned int a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)(constant_time_lt(a, b));
+}
+
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b)
+{
+    return ~constant_time_lt(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)(constant_time_ge(a, b));
+}
+
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
+{
+    return constant_time_msb(~a & (a - 1));
+}
+
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+    return (unsigned char)(constant_time_is_zero(a));
+}
+
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_is_zero(a ^ b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)(constant_time_eq(a, b));
+}
+
+static ossl_inline unsigned int constant_time_eq_int(int a, int b)
+{
+    return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b)
+{
+    return (unsigned char)(constant_time_select(mask, a, b));
+}
+
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b)
+{
+    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/openssl-1.1.0h/include/internal/dane.h b/openssl-1.1.0h/include/internal/dane.h
new file mode 100644
index 0000000..a1cb548
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/dane.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_DANE_H
+#define HEADER_INTERNAL_DANE_H
+
+#include <openssl/safestack.h>
+
+/*-
+ * Certificate usages:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.1
+ */
+#define DANETLS_USAGE_PKIX_TA   0
+#define DANETLS_USAGE_PKIX_EE   1
+#define DANETLS_USAGE_DANE_TA   2
+#define DANETLS_USAGE_DANE_EE   3
+#define DANETLS_USAGE_LAST      DANETLS_USAGE_DANE_EE
+
+/*-
+ * Selectors:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.2
+ */
+#define DANETLS_SELECTOR_CERT   0
+#define DANETLS_SELECTOR_SPKI   1
+#define DANETLS_SELECTOR_LAST   DANETLS_SELECTOR_SPKI
+
+/*-
+ * Matching types:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.3
+ */
+#define DANETLS_MATCHING_FULL   0
+#define DANETLS_MATCHING_2256   1
+#define DANETLS_MATCHING_2512   2
+#define DANETLS_MATCHING_LAST   DANETLS_MATCHING_2512
+
+typedef struct danetls_record_st {
+    uint8_t usage;
+    uint8_t selector;
+    uint8_t mtype;
+    unsigned char *data;
+    size_t dlen;
+    EVP_PKEY *spki;
+} danetls_record;
+
+DEFINE_STACK_OF(danetls_record)
+
+/*
+ * Shared DANE context
+ */
+struct dane_ctx_st {
+    const EVP_MD  **mdevp;      /* mtype -> digest */
+    uint8_t        *mdord;      /* mtype -> preference */
+    uint8_t         mdmax;      /* highest supported mtype */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+/*
+ * Per connection DANE state
+ */
+struct ssl_dane_st {
+    struct dane_ctx_st *dctx;
+    STACK_OF(danetls_record) *trecs;
+    STACK_OF(X509) *certs;      /* DANE-TA(2) Cert(0) Full(0) certs */
+    danetls_record *mtlsa;      /* Matching TLSA record */
+    X509           *mcert;      /* DANE matched cert */
+    uint32_t        umask;      /* Usages present */
+    int             mdpth;      /* Depth of matched cert */
+    int             pdpth;      /* Depth of PKIX trust */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+#define DANETLS_ENABLED(dane)  \
+    ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
+
+#define DANETLS_USAGE_BIT(u)   (((uint32_t)1) << u)
+
+#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
+#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE))
+#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA))
+#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE))
+
+#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK)
+#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK)
+#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK)
+#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK)
+
+#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK))
+#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK))
+#define DANETLS_HAS_TA(dane)   ((dane) && ((dane)->umask & DANETLS_TA_MASK))
+#define DANETLS_HAS_EE(dane)   ((dane) && ((dane)->umask & DANETLS_EE_MASK))
+
+#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK))
+#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK))
+#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
+#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
+
+#endif /* HEADER_INTERNAL_DANE_H */
diff --git a/openssl-1.1.0h/include/internal/dso.h b/openssl-1.1.0h/include/internal/dso.h
new file mode 100644
index 0000000..7c52032
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/dso.h
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_H
+# define HEADER_DSO_H
+
+# include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS      1
+# define DSO_CTRL_SET_FLAGS      2
+# define DSO_CTRL_OR_FLAGS       3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform using the dso_name_converter function of the
+ * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will
+ * transform it into "libblah.so". This callback could even utilise the
+ * DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be
+ * set in a DSO to prevent *any* native name-translation at all - eg. if
+ * the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/*
+ * Don't unload the DSO when we call DSO_free()
+ */
+# define DSO_FLAG_NO_UNLOAD_ON_FREE              0x04
+/*
+ * The following flag controls the translation of symbol names to upper case.
+ * This is currently only being implemented for OpenVMS.
+ */
+# define DSO_FLAG_UPCASE_SYMBOL                  0x10
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+typedef struct dso_meth_st DSO_METHOD;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independently of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independently of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question.  The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority.  One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+DSO *DSO_new(void);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * These functions can be used to get/set the platform-independent filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up_ref and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This function writes null-terminated pathname of DSO module containing
+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of
+ * characters [including trailing zero] written to it. If 'sz' is 0 or
+ * negative, 'path' is ignored and required amount of characters [including
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero return value
+ * denotes error.
+ */
+int DSO_pathbyaddr(void *addr, char *path, int sz);
+
+/*
+ * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol
+ * or NULL on error.
+ */
+DSO *DSO_dsobyaddr(void *addr, int flags);
+
+/*
+ * This function should be used with caution! It looks up symbols in *all*
+ * loaded modules and if module gets unloaded by somebody else attempt to
+ * dereference the pointer is doomed to have fatal consequences. Primary
+ * usage for this function is to probe *core* system functionality, e.g.
+ * check if getnameinfo(3) is available at run-time without bothering about
+ * OS-specific details such as libc.so.versioning or where does it actually
+ * reside: in libc itself or libsocket.
+ */
+void *DSO_global_lookup(const char *name);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_DSO_strings(void);
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+# define DSO_F_DLFCN_BIND_FUNC                            100
+# define DSO_F_DLFCN_LOAD                                 102
+# define DSO_F_DLFCN_MERGER                               130
+# define DSO_F_DLFCN_NAME_CONVERTER                       123
+# define DSO_F_DLFCN_UNLOAD                               103
+# define DSO_F_DL_BIND_FUNC                               104
+# define DSO_F_DL_LOAD                                    106
+# define DSO_F_DL_MERGER                                  131
+# define DSO_F_DL_NAME_CONVERTER                          124
+# define DSO_F_DL_UNLOAD                                  107
+# define DSO_F_DSO_BIND_FUNC                              108
+# define DSO_F_DSO_CONVERT_FILENAME                       126
+# define DSO_F_DSO_CTRL                                   110
+# define DSO_F_DSO_FREE                                   111
+# define DSO_F_DSO_GET_FILENAME                           127
+# define DSO_F_DSO_GLOBAL_LOOKUP                          139
+# define DSO_F_DSO_LOAD                                   112
+# define DSO_F_DSO_MERGE                                  132
+# define DSO_F_DSO_NEW_METHOD                             113
+# define DSO_F_DSO_PATHBYADDR                             105
+# define DSO_F_DSO_SET_FILENAME                           129
+# define DSO_F_DSO_UP_REF                                 114
+# define DSO_F_VMS_BIND_SYM                               115
+# define DSO_F_VMS_LOAD                                   116
+# define DSO_F_VMS_MERGER                                 133
+# define DSO_F_VMS_UNLOAD                                 117
+# define DSO_F_WIN32_BIND_FUNC                            101
+# define DSO_F_WIN32_GLOBALLOOKUP                         142
+# define DSO_F_WIN32_JOINER                               135
+# define DSO_F_WIN32_LOAD                                 120
+# define DSO_F_WIN32_MERGER                               134
+# define DSO_F_WIN32_NAME_CONVERTER                       125
+# define DSO_F_WIN32_PATHBYADDR                           109
+# define DSO_F_WIN32_SPLITTER                             136
+# define DSO_F_WIN32_UNLOAD                               121
+
+/* Reason codes. */
+# define DSO_R_CTRL_FAILED                                100
+# define DSO_R_DSO_ALREADY_LOADED                         110
+# define DSO_R_EMPTY_FILE_STRUCTURE                       113
+# define DSO_R_FAILURE                                    114
+# define DSO_R_FILENAME_TOO_BIG                           101
+# define DSO_R_FINISH_FAILED                              102
+# define DSO_R_INCORRECT_FILE_SYNTAX                      115
+# define DSO_R_LOAD_FAILED                                103
+# define DSO_R_NAME_TRANSLATION_FAILED                    109
+# define DSO_R_NO_FILENAME                                111
+# define DSO_R_NULL_HANDLE                                104
+# define DSO_R_SET_FILENAME_FAILED                        112
+# define DSO_R_STACK_ERROR                                105
+# define DSO_R_SYM_FAILURE                                106
+# define DSO_R_UNLOAD_FAILED                              107
+# define DSO_R_UNSUPPORTED                                108
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/internal/err.h b/openssl-1.1.0h/include/internal/err.h
new file mode 100644
index 0000000..d46b8bd
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/err.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef INTERNAL_ERR_H
+# define INTERNAL_ERR_H
+
+void err_free_strings_int(void);
+
+#endif
diff --git a/openssl-1.1.0h/include/internal/numbers.h b/openssl-1.1.0h/include/internal/numbers.h
new file mode 100644
index 0000000..31931df
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/numbers.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_NUMBERS_H
+# define HEADER_NUMBERS_H
+
+# include <limits.h>
+
+# if (-1 & 3) == 0x03		/* Two's complement */
+
+#  define __MAXUINT__(T) ((T) -1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T) - 1)
+
+# elif (-1 & 3) == 0x02		/* One's complement */
+
+#  define __MAXUINT__(T) (((T) -1) + 1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# elif (-1 & 3) == 0x01		/* Sign/magnitude */
+
+#  define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2))))
+#  define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# else
+
+#  error "do not know the integer encoding on this architecture"
+
+# endif
+
+# ifndef INT8_MAX
+#  define INT8_MIN __MININT__(int8_t)
+#  define INT8_MAX __MAXINT__(int8_t)
+#  define UINT8_MAX __MAXUINT__(uint8_t)
+# endif
+
+# ifndef INT16_MAX
+#  define INT16_MIN __MININT__(int16_t)
+#  define INT16_MAX __MAXINT__(int16_t)
+#  define UINT16_MAX __MAXUINT__(uint16_t)
+# endif
+
+# ifndef INT32_MAX
+#  define INT32_MIN __MININT__(int32_t)
+#  define INT32_MAX __MAXINT__(int32_t)
+#  define UINT32_MAX __MAXUINT__(uint32_t)
+# endif
+
+# ifndef INT64_MAX
+#  define INT64_MIN __MININT__(int64_t)
+#  define INT64_MAX __MAXINT__(int64_t)
+#  define UINT64_MAX __MAXUINT__(uint64_t)
+# endif
+
+# ifndef SIZE_MAX
+#  define SIZE_MAX __MAXUINT__(size_t)
+# endif
+
+#endif
+
diff --git a/openssl-1.1.0h/include/internal/o_dir.h b/openssl-1.1.0h/include/internal/o_dir.h
new file mode 100644
index 0000000..178c2ed
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/o_dir.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef O_DIR_H
+# define O_DIR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+  /*
+   * returns NULL on error or end-of-directory. If it is end-of-directory,
+   * errno will be zero
+   */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+  /* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* LPDIR_H */
diff --git a/openssl-1.1.0h/include/internal/o_str.h b/openssl-1.1.0h/include/internal/o_str.h
new file mode 100644
index 0000000..86403c9
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/o_str.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_O_STR_H
+# define HEADER_O_STR_H
+
+# include <stddef.h>            /* to get size_t */
+
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif
diff --git a/openssl-1.1.0h/include/internal/thread_once.h b/openssl-1.1.0h/include/internal/thread_once.h
new file mode 100644
index 0000000..2242443
--- /dev/null
+++ b/openssl-1.1.0h/include/internal/thread_once.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+#define DEFINE_RUN_ONCE(init)                   \
+    static int init(void);                     \
+    int init##_ossl_ret_ = 0;                   \
+    void init##_ossl_(void)                     \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+#define DECLARE_RUN_ONCE(init)                  \
+    extern int init##_ossl_ret_;                \
+    void init##_ossl_(void);
+
+#define DEFINE_RUN_ONCE_STATIC(init)            \
+    static int init(void);                     \
+    static int init##_ossl_ret_ = 0;            \
+    static void init##_ossl_(void)              \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
+ * @once: pointer to static object of type CRYPTO_ONCE
+ * @init: function name that was previously given to DEFINE_RUN_ONCE,
+ *        DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.  This function
+ *        must return 1 for success or 0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE(once, init)                                            \
+    (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
diff --git a/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 0000000..c350018
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 0000000..9a9c777
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/openssl-1.1.0h/include/openssl/aes.h b/openssl-1.1.0h/include/openssl/aes.h
new file mode 100644
index 0000000..245c552
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/aes.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define AES_ENCRYPT     1
+# define AES_DECRYPT     0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+    unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/asn1.h b/openssl-1.1.0h/include/openssl/asn1.h
new file mode 100644
index 0000000..05ae1db
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/asn1.h
@@ -0,0 +1,1100 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include <time.h>
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+
+# include <openssl/symhacks.h>
+
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL                0x00
+# define V_ASN1_APPLICATION              0x40
+# define V_ASN1_CONTEXT_SPECIFIC         0x80
+# define V_ASN1_PRIVATE                  0xc0
+
+# define V_ASN1_CONSTRUCTED              0x20
+# define V_ASN1_PRIMITIVE_TAG            0x1f
+# define V_ASN1_PRIMATIVE_TAG            0x1f
+
+# define V_ASN1_APP_CHOOSE               -2/* let the recipient choose */
+# define V_ASN1_OTHER                    -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY                      -4/* used in ASN1 template code */
+
+# define V_ASN1_UNDEF                    -1
+/* ASN.1 tag values */
+# define V_ASN1_EOC                      0
+# define V_ASN1_BOOLEAN                  1 /**/
+# define V_ASN1_INTEGER                  2
+# define V_ASN1_BIT_STRING               3
+# define V_ASN1_OCTET_STRING             4
+# define V_ASN1_NULL                     5
+# define V_ASN1_OBJECT                   6
+# define V_ASN1_OBJECT_DESCRIPTOR        7
+# define V_ASN1_EXTERNAL                 8
+# define V_ASN1_REAL                     9
+# define V_ASN1_ENUMERATED               10
+# define V_ASN1_UTF8STRING               12
+# define V_ASN1_SEQUENCE                 16
+# define V_ASN1_SET                      17
+# define V_ASN1_NUMERICSTRING            18 /**/
+# define V_ASN1_PRINTABLESTRING          19
+# define V_ASN1_T61STRING                20
+# define V_ASN1_TELETEXSTRING            20/* alias */
+# define V_ASN1_VIDEOTEXSTRING           21 /**/
+# define V_ASN1_IA5STRING                22
+# define V_ASN1_UTCTIME                  23
+# define V_ASN1_GENERALIZEDTIME          24 /**/
+# define V_ASN1_GRAPHICSTRING            25 /**/
+# define V_ASN1_ISO64STRING              26 /**/
+# define V_ASN1_VISIBLESTRING            26/* alias */
+# define V_ASN1_GENERALSTRING            27 /**/
+# define V_ASN1_UNIVERSALSTRING          28 /**/
+# define V_ASN1_BMPSTRING                30
+
+/*
+ * NB the constants below are used internally by ASN1_INTEGER
+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
+ * the wire tag values.
+ */
+
+# define V_ASN1_NEG                      0x100
+# define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+# define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING    0x0001
+# define B_ASN1_PRINTABLESTRING  0x0002
+# define B_ASN1_T61STRING        0x0004
+# define B_ASN1_TELETEXSTRING    0x0004
+# define B_ASN1_VIDEOTEXSTRING   0x0008
+# define B_ASN1_IA5STRING        0x0010
+# define B_ASN1_GRAPHICSTRING    0x0020
+# define B_ASN1_ISO64STRING      0x0040
+# define B_ASN1_VISIBLESTRING    0x0040
+# define B_ASN1_GENERALSTRING    0x0080
+# define B_ASN1_UNIVERSALSTRING  0x0100
+# define B_ASN1_OCTET_STRING     0x0200
+# define B_ASN1_BIT_STRING       0x0400
+# define B_ASN1_BMPSTRING        0x0800
+# define B_ASN1_UNKNOWN          0x1000
+# define B_ASN1_UTF8STRING       0x2000
+# define B_ASN1_UTCTIME          0x4000
+# define B_ASN1_GENERALIZEDTIME  0x8000
+# define B_ASN1_SEQUENCE         0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG           0x1000
+# define MBSTRING_UTF8           (MBSTRING_FLAG)
+# define MBSTRING_ASC            (MBSTRING_FLAG|1)
+# define MBSTRING_BMP            (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME           0x400
+# define SMIME_CRLFEOL           0x800
+# define SMIME_STREAM            0x1000
+    struct X509_algor_st;
+DEFINE_STACK_OF(X509_ALGOR)
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+# define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+    int length;
+    int type;
+    unsigned char *data;
+    /*
+     * The value of the following field depends on the type being held.  It
+     * is mostly being used for BIT_STRING so if the input data has a
+     * non-zero 'unused bits' value, it will be handled correctly
+     */
+    long flags;
+};
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+    unsigned char *enc;         /* DER encoding */
+    long len;                   /* Length of encoding */
+    int modified;               /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC     0x01
+/*
+ * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted
+ * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting
+ * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias
+ * STABLE_FLAGS_CLEAR to reflect this.
+ */
+# define STABLE_FLAGS_CLEAR      STABLE_FLAGS_MALLOC
+# define STABLE_NO_MASK          0x02
+# define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+    int nid;
+    long minsize;
+    long maxsize;
+    unsigned long mask;
+    unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name                         32768
+# define ub_common_name                  64
+# define ub_locality_name                128
+# define ub_state_name                   128
+# define ub_organization_name            64
+# define ub_organization_unit_name       64
+# define ub_title                        64
+# define ub_email_address                128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+        int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a);
+
+# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+    ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+    ((void**) (1 ? p : (type**)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#  define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#  define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#  define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253           1
+# define ASN1_STRFLGS_ESC_CTRL           2
+# define ASN1_STRFLGS_ESC_MSB            4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE          8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253          0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL           0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER           0x200
+
+/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254           0x400
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+DEFINE_STACK_OF(ASN1_GENERALSTRING)
+
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
+typedef struct asn1_type_st {
+    int type;
+    union {
+        char *ptr;
+        ASN1_BOOLEAN boolean;
+        ASN1_STRING *asn1_string;
+        ASN1_OBJECT *object;
+        ASN1_INTEGER *integer;
+        ASN1_ENUMERATED *enumerated;
+        ASN1_BIT_STRING *bit_string;
+        ASN1_OCTET_STRING *octet_string;
+        ASN1_PRINTABLESTRING *printablestring;
+        ASN1_T61STRING *t61string;
+        ASN1_IA5STRING *ia5string;
+        ASN1_GENERALSTRING *generalstring;
+        ASN1_BMPSTRING *bmpstring;
+        ASN1_UNIVERSALSTRING *universalstring;
+        ASN1_UTCTIME *utctime;
+        ASN1_GENERALIZEDTIME *generalizedtime;
+        ASN1_VISIBLESTRING *visiblestring;
+        ASN1_UTF8STRING *utf8string;
+        /*
+         * set and sequence are left complete and still contain the set or
+         * sequence bytes
+         */
+        ASN1_STRING *set;
+        ASN1_STRING *sequence;
+        ASN1_VALUE *asn1_value;
+    } value;
+} ASN1_TYPE;
+
+DEFINE_STACK_OF(ASN1_TYPE)
+
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+    int bitnum;
+    const char *lname;
+    const char *sname;
+} BIT_STRING_BITNAME;
+
+# define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+                        B_ASN1_NUMERICSTRING| \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_SEQUENCE|\
+                        B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
+  /*
+   * Since this is used to store all sorts of things, via macros, for now,
+   * make its data void *
+   */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(const ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(const ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len);
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent);
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+                          int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln);
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+unsigned long ASN1_tag2bit(int tag);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+                     int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_STDIO
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+#  define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+                        CHECKED_D2I_OF(type, d2i), \
+                        in, \
+                        CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+#  define ASN1_i2d_fp_of(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+#  define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+                          CHECKED_D2I_OF(type, d2i), \
+                          in, \
+                          CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+#  define ASN1_i2d_bio_of(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *buf, int off);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump);
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write Netscape format cert */
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+                                  unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len);
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+                            ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+                          long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
+/* Mark start and end of SEQUENCE */
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+# define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+# define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+# define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+# define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx));
+void ASN1_SCTX_free(ASN1_SCTX *p);
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p);
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p);
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p);
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data);
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);
+
+const BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_ASN1_strings(void);
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+# define ASN1_F_A2D_ASN1_OBJECT                           100
+# define ASN1_F_A2I_ASN1_INTEGER                          102
+# define ASN1_F_A2I_ASN1_STRING                           103
+# define ASN1_F_APPEND_EXP                                176
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
+# define ASN1_F_ASN1_CB                                   177
+# define ASN1_F_ASN1_CHECK_TLEN                           104
+# define ASN1_F_ASN1_COLLECT                              106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+# define ASN1_F_ASN1_D2I_FP                               109
+# define ASN1_F_ASN1_D2I_READ_BIO                         107
+# define ASN1_F_ASN1_DIGEST                               184
+# define ASN1_F_ASN1_DO_ADB                               110
+# define ASN1_F_ASN1_DO_LOCK                              233
+# define ASN1_F_ASN1_DUP                                  111
+# define ASN1_F_ASN1_EX_C2I                               204
+# define ASN1_F_ASN1_FIND_END                             190
+# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
+# define ASN1_F_ASN1_GENERATE_V3                          178
+# define ASN1_F_ASN1_GET_INT64                            224
+# define ASN1_F_ASN1_GET_OBJECT                           114
+# define ASN1_F_ASN1_GET_UINT64                           225
+# define ASN1_F_ASN1_I2D_BIO                              116
+# define ASN1_F_ASN1_I2D_FP                               117
+# define ASN1_F_ASN1_ITEM_D2I_FP                          206
+# define ASN1_F_ASN1_ITEM_DUP                             191
+# define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
+# define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
+# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+# define ASN1_F_ASN1_ITEM_I2D_FP                          193
+# define ASN1_F_ASN1_ITEM_PACK                            198
+# define ASN1_F_ASN1_ITEM_SIGN                            195
+# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
+# define ASN1_F_ASN1_ITEM_UNPACK                          199
+# define ASN1_F_ASN1_ITEM_VERIFY                          197
+# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
+# define ASN1_F_ASN1_OBJECT_NEW                           123
+# define ASN1_F_ASN1_OUTPUT_DATA                          214
+# define ASN1_F_ASN1_PCTX_NEW                             205
+# define ASN1_F_ASN1_SCTX_NEW                             221
+# define ASN1_F_ASN1_SIGN                                 128
+# define ASN1_F_ASN1_STR2TYPE                             179
+# define ASN1_F_ASN1_STRING_GET_INT64                     227
+# define ASN1_F_ASN1_STRING_GET_UINT64                    230
+# define ASN1_F_ASN1_STRING_SET                           186
+# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+# define ASN1_F_ASN1_STRING_TO_BN                         228
+# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+# define ASN1_F_ASN1_TEMPLATE_NEW                         133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+# define ASN1_F_ASN1_TIME_ADJ                             217
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+# define ASN1_F_ASN1_UTCTIME_ADJ                          218
+# define ASN1_F_ASN1_VERIFY                               137
+# define ASN1_F_B64_READ_ASN1                             209
+# define ASN1_F_B64_WRITE_ASN1                            210
+# define ASN1_F_BIO_NEW_NDEF                              208
+# define ASN1_F_BITSTR_CB                                 180
+# define ASN1_F_BN_TO_ASN1_STRING                         229
+# define ASN1_F_C2I_ASN1_BIT_STRING                       189
+# define ASN1_F_C2I_ASN1_INTEGER                          194
+# define ASN1_F_C2I_ASN1_OBJECT                           196
+# define ASN1_F_C2I_IBUF                                  226
+# define ASN1_F_C2I_UINT64_INT                            101
+# define ASN1_F_COLLECT_DATA                              140
+# define ASN1_F_D2I_ASN1_OBJECT                           147
+# define ASN1_F_D2I_ASN1_UINTEGER                         150
+# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
+# define ASN1_F_D2I_PRIVATEKEY                            154
+# define ASN1_F_D2I_PUBLICKEY                             155
+# define ASN1_F_DO_TCREATE                                222
+# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
+# define ASN1_F_I2D_DSA_PUBKEY                            161
+# define ASN1_F_I2D_EC_PUBKEY                             181
+# define ASN1_F_I2D_PRIVATEKEY                            163
+# define ASN1_F_I2D_PUBLICKEY                             164
+# define ASN1_F_I2D_RSA_PUBKEY                            165
+# define ASN1_F_LONG_C2I                                  166
+# define ASN1_F_OID_MODULE_INIT                           174
+# define ASN1_F_PARSE_TAGGING                             182
+# define ASN1_F_PKCS5_PBE2_SET_IV                         167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
+# define ASN1_F_PKCS5_PBE_SET                             202
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
+# define ASN1_F_PKCS5_PBKDF2_SET                          219
+# define ASN1_F_PKCS5_SCRYPT_SET                          232
+# define ASN1_F_SMIME_READ_ASN1                           212
+# define ASN1_F_SMIME_TEXT                                213
+# define ASN1_F_STBL_MODULE_INIT                          223
+# define ASN1_F_UINT32_C2I                                105
+# define ASN1_F_UINT64_C2I                                112
+# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+# define ASN1_F_X509_INFO_NEW                             170
+# define ASN1_F_X509_NAME_ENCODE                          203
+# define ASN1_F_X509_NAME_EX_D2I                          158
+# define ASN1_F_X509_NAME_EX_NEW                          171
+# define ASN1_F_X509_PKEY_NEW                             173
+
+/* Reason codes. */
+# define ASN1_R_ADDING_OBJECT                             171
+# define ASN1_R_ASN1_PARSE_ERROR                          203
+# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
+# define ASN1_R_AUX_ERROR                                 100
+# define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
+# define ASN1_R_BN_LIB                                    105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+# define ASN1_R_BUFFER_TOO_SMALL                          107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+# define ASN1_R_CONTEXT_NOT_INITIALISED                   217
+# define ASN1_R_DATA_IS_WRONG                             109
+# define ASN1_R_DECODE_ERROR                              110
+# define ASN1_R_DEPTH_EXCEEDED                            174
+# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
+# define ASN1_R_ENCODE_ERROR                              112
+# define ASN1_R_ERROR_GETTING_TIME                        173
+# define ASN1_R_ERROR_LOADING_SECTION                     172
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+# define ASN1_R_EXPECTING_AN_INTEGER                      115
+# define ASN1_R_EXPECTING_AN_OBJECT                       116
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+# define ASN1_R_FIELD_MISSING                             121
+# define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+# define ASN1_R_HEADER_TOO_LONG                           123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
+# define ASN1_R_ILLEGAL_BOOLEAN                           176
+# define ASN1_R_ILLEGAL_CHARACTERS                        124
+# define ASN1_R_ILLEGAL_FORMAT                            177
+# define ASN1_R_ILLEGAL_HEX                               178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
+# define ASN1_R_ILLEGAL_INTEGER                           180
+# define ASN1_R_ILLEGAL_NEGATIVE_VALUE                    226
+# define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
+# define ASN1_R_ILLEGAL_NULL                              125
+# define ASN1_R_ILLEGAL_NULL_VALUE                        182
+# define ASN1_R_ILLEGAL_OBJECT                            183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+# define ASN1_R_ILLEGAL_PADDING                           221
+# define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+# define ASN1_R_ILLEGAL_TIME_VALUE                        184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT                      222
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+# define ASN1_R_INVALID_DIGIT                             130
+# define ASN1_R_INVALID_MIME_TYPE                         205
+# define ASN1_R_INVALID_MODIFIER                          186
+# define ASN1_R_INVALID_NUMBER                            187
+# define ASN1_R_INVALID_OBJECT_ENCODING                   216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS                 227
+# define ASN1_R_INVALID_SEPARATOR                         131
+# define ASN1_R_INVALID_STRING_TABLE_VALUE                218
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+# define ASN1_R_INVALID_UTF8STRING                        134
+# define ASN1_R_INVALID_VALUE                             219
+# define ASN1_R_LIST_ERROR                                188
+# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
+# define ASN1_R_MIME_PARSE_ERROR                          207
+# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
+# define ASN1_R_MISSING_EOC                               137
+# define ASN1_R_MISSING_SECOND_NUMBER                     138
+# define ASN1_R_MISSING_VALUE                             189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+# define ASN1_R_MSTRING_WRONG_TAG                         140
+# define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           201
+# define ASN1_R_NON_HEX_CHARACTERS                        141
+# define ASN1_R_NOT_ASCII_FORMAT                          190
+# define ASN1_R_NOT_ENOUGH_DATA                           142
+# define ASN1_R_NO_CONTENT_TYPE                           209
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
+# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
+# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
+# define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
+# define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
+# define ASN1_R_SHORT_LINE                                150
+# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
+# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
+# define ASN1_R_STRING_TOO_LONG                           151
+# define ASN1_R_STRING_TOO_SHORT                          152
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+# define ASN1_R_TOO_LARGE                                 223
+# define ASN1_R_TOO_LONG                                  155
+# define ASN1_R_TOO_SMALL                                 224
+# define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+# define ASN1_R_TYPE_NOT_PRIMITIVE                        195
+# define ASN1_R_UNEXPECTED_EOC                            159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
+# define ASN1_R_UNKNOWN_FORMAT                            160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
+# define ASN1_R_UNKNOWN_TAG                               194
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+# define ASN1_R_UNSUPPORTED_TYPE                          196
+# define ASN1_R_WRONG_INTEGER_TYPE                        225
+# define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
+# define ASN1_R_WRONG_TAG                                 168
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/asn1t.h b/openssl-1.1.0h/include/openssl/asn1t.h
new file mode 100644
index 0000000..a524829
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/asn1t.h
@@ -0,0 +1,929 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1T_H
+# define HEADER_ASN1T_H
+
+# include <stddef.h>
+# include <openssl/e_os2.h>
+# include <openssl/asn1.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static const ASN1_ITEM itname##_it = {
+
+#  define ASN1_ITEM_end(itname)                 \
+                };
+
+# else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static ASN1_ITEM_start(itname)
+
+#  define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+# endif
+
+/* Macros to aid ASN1 template writing */
+
+# define ASN1_ITEM_TEMPLATE(tname) \
+        static const ASN1_TEMPLATE tname##_item_tt
+
+# define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+/* This is a ASN1 type which just embeds a template */
+
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+# define ASN1_SEQUENCE(tname) \
+        static const ASN1_TEMPLATE tname##_seq_tt[]
+
+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
+# define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE(tname) \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+        ASN1_SEQUENCE_cb(tname, cb)
+
+# define ASN1_SEQUENCE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_BROKEN_SEQUENCE(tname) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_ref(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+        static_ASN1_SEQUENCE_END_ref(stname, stname)
+
+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/*-
+ * This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+# define ASN1_CHOICE(tname) \
+        static const ASN1_TEMPLATE tname##_ch_tt[]
+
+# define ASN1_CHOICE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+# define ASN1_IMP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+# define ASN1_EXP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# else
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+# endif
+/* Plain simple type */
+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
+
+/* OPTIONAL simple type */
+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* Same as above but EXPLICIT */
+
+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* SEQUENCE OF type */
+# define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+# define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+# define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+# define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+# define ASN1_NDEF_EXP(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+# define ASN1_ADB(name) \
+        static const ASN1_ADB_TABLE name##_adbtbl[]
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+# else
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ITEM *name##_adb(void) \
+        { \
+        static const ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+# endif
+
+# define ADB_ENTRY(val, template) {val, template}
+
+# define ASN1_ADB_TEMPLATE(name) \
+        static const ASN1_TEMPLATE name##_tt
+
+/*
+ * This is the ASN1 template structure that defines a wrapper round the
+ * actual type. It determines the actual position of the field in the value
+ * structure, various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+    unsigned long flags;        /* Various flags */
+    long tag;                   /* tag, not used if no tagging */
+    unsigned long offset;       /* Offset of this field in structure */
+    const char *field_name;     /* Field name */
+    ASN1_ITEM_EXP *item;        /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+# define ASN1_TEMPLATE_item(t) (t->item_ptr)
+# define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+    unsigned long flags;        /* Various flags */
+    unsigned long offset;       /* Offset of selector field */
+    int (*adb_cb)(long *psel);  /* Application callback */
+    const ASN1_ADB_TABLE *tbl;  /* Table of possible types */
+    long tblcount;              /* Number of entries in tbl */
+    const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+    const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+    long value;                 /* NID for an object or value for an int */
+    const ASN1_TEMPLATE tt;     /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+# define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+# define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+# define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/*
+ * Special case: this refers to a SET OF that will be sorted into DER order
+ * when encoded *and* the corresponding STACK will be modified to match the
+ * new order.
+ */
+# define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+# define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/*
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
+ * then the underlying type is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+# define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+/* EXPLICIT tagging, inner tag from underlying type */
+# define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+# define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+# define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+# define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/*
+ * If tagging is in force these determine the type of tag to use. Otherwise
+ * the tag is determined by the underlying type. These values reflect the
+ * actual octet format.
+ */
+
+/* Universal tag */
+# define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */
+# define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */
+# define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */
+# define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+# define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/*
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
+ * an ASN1_ADB structure which contains a table of values to decode the
+ * relevant type
+ */
+
+# define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+# define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+# define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/*
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
+ * indefinite length constructed encoding to be used if required.
+ */
+
+# define ASN1_TFLG_NDEF          (0x1<<11)
+
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED         (0x1 << 12)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+    char itype;                 /* The item type, primitive, SEQUENCE, CHOICE
+                                 * or extern */
+    long utype;                 /* underlying type */
+    const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
+                                     * the contents */
+    long tcount;                /* Number of templates if SEQUENCE or CHOICE */
+    const void *funcs;          /* functions that handle this type */
+    long size;                  /* Structure size (usually) */
+    const char *sname;          /* Structure name */
+};
+
+/*-
+ * These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE            0x0
+
+# define ASN1_ITYPE_SEQUENCE             0x1
+
+# define ASN1_ITYPE_CHOICE               0x2
+
+# define ASN1_ITYPE_EXTERN               0x4
+
+# define ASN1_ITYPE_MSTRING              0x5
+
+# define ASN1_ITYPE_NDEF_SEQUENCE        0x6
+
+/*
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st {
+    char valid;                 /* Values below are valid */
+    int ret;                    /* return value */
+    long plen;                  /* length */
+    int ptag;                   /* class value */
+    int pclass;                 /* class value */
+    int hdrlen;                 /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                        const ASN1_ITEM *it, int tag, int aclass, char opt,
+                        ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                        const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
+                               int indent, const char *fname,
+                               const ASN1_PCTX *pctx);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+                               int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
+                               int len, int utype, char *free_cont,
+                               const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
+                                 const ASN1_ITEM *it, int indent,
+                                 const ASN1_PCTX *pctx);
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+    void *app_data;
+    ASN1_ex_new_func *asn1_ex_new;
+    ASN1_ex_free_func *asn1_ex_free;
+    ASN1_ex_free_func *asn1_ex_clear;
+    ASN1_ex_d2i *asn1_ex_d2i;
+    ASN1_ex_i2d *asn1_ex_i2d;
+    ASN1_ex_print_func *asn1_ex_print;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+    void *app_data;
+    unsigned long flags;
+    ASN1_ex_new_func *prim_new;
+    ASN1_ex_free_func *prim_free;
+    ASN1_ex_free_func *prim_clear;
+    ASN1_primitive_c2i *prim_c2i;
+    ASN1_primitive_i2c *prim_i2c;
+    ASN1_primitive_print *prim_print;
+} ASN1_PRIMITIVE_FUNCS;
+
+/*
+ * This is the ASN1_AUX structure: it handles various miscellaneous
+ * requirements. For example the use of reference counts and an informational
+ * callback. The "informational callback" is called at various points during
+ * the ASN1 encoding and decoding. It can be used to provide minor
+ * customisation of the structures used. This is most useful where the
+ * supplied routines *almost* do the right thing but need some extra help at
+ * a few points. If the callback returns zero then it is assumed a fatal
+ * error has occurred and the main operation should be abandoned. If major
+ * changes in the default behaviour are required then an external type is
+ * more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                        void *exarg);
+
+typedef struct ASN1_AUX_st {
+    void *app_data;
+    int flags;
+    int ref_offset;             /* Offset of reference value */
+    int ref_lock;               /* Lock type to use */
+    ASN1_aux_cb *asn1_cb;
+    int enc_offset;             /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+    BIO *out;
+    int indent;
+    const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+    /* BIO to stream through */
+    BIO *out;
+    /* BIO with filters appended */
+    BIO *ndef_bio;
+    /* Streaming I/O boundary */
+    unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+# define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+# define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+# define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+# define ASN1_OP_NEW_PRE         0
+# define ASN1_OP_NEW_POST        1
+# define ASN1_OP_FREE_PRE        2
+# define ASN1_OP_FREE_POST       3
+# define ASN1_OP_D2I_PRE         4
+# define ASN1_OP_D2I_POST        5
+# define ASN1_OP_I2D_PRE         6
+# define ASN1_OP_I2D_POST        7
+# define ASN1_OP_PRINT_PRE       8
+# define ASN1_OP_PRINT_POST      9
+# define ASN1_OP_STREAM_PRE      10
+# define ASN1_OP_STREAM_POST     11
+# define ASN1_OP_DETACHED_PRE    12
+# define ASN1_OP_DETACHED_POST   13
+
+/* Macro to implement a primitive type */
+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+        }
+
+# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
+        static stname *d2i_##stname(stname **a, \
+                                   const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+                                               ASN1_ITEM_rptr(stname)); \
+        } \
+        static int i2d_##stname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+                                     ASN1_ITEM_rptr(stname)); \
+        }
+
+/*
+ * This includes evil casts to remove const: they will go away when full ASN1
+ * constification is done.
+ */
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DEFINE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it, int tag, int aclass, char opt,
+                     ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/async.h b/openssl-1.1.0h/include/openssl/async.h
new file mode 100644
index 0000000..5b2e496
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/async.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#ifndef HEADER_ASYNC_H
+# define HEADER_ASYNC_H
+
+#if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
+#define OSSL_ASYNC_FD       HANDLE
+#define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
+#else
+#define OSSL_ASYNC_FD       int
+#define OSSL_BAD_ASYNC_FD   -1
+#endif
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct async_job_st ASYNC_JOB;
+typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+
+#define ASYNC_ERR      0
+#define ASYNC_NO_JOBS  1
+#define ASYNC_PAUSE    2
+#define ASYNC_FINISH   3
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+#ifdef OSSL_ASYNC_FD
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                        OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
+
+int ASYNC_is_capable(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_ASYNC_strings(void);
+
+/* Error codes for the ASYNC functions. */
+
+/* Function codes. */
+# define ASYNC_F_ASYNC_CTX_NEW                            100
+# define ASYNC_F_ASYNC_INIT_THREAD                        101
+# define ASYNC_F_ASYNC_JOB_NEW                            102
+# define ASYNC_F_ASYNC_PAUSE_JOB                          103
+# define ASYNC_F_ASYNC_START_FUNC                         104
+# define ASYNC_F_ASYNC_START_JOB                          105
+
+/* Reason codes. */
+# define ASYNC_R_FAILED_TO_SET_POOL                       101
+# define ASYNC_R_FAILED_TO_SWAP_CONTEXT                   102
+# define ASYNC_R_INIT_FAILED                              105
+# define ASYNC_R_INVALID_POOL_SIZE                        103
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/bio.h b/openssl-1.1.0h/include/openssl/bio.h
new file mode 100644
index 0000000..f435bd8
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/bio.h
@@ -0,0 +1,852 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+
+# include <openssl/crypto.h>
+
+# ifndef OPENSSL_NO_SCTP
+#  include <openssl/e_os2.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR     0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER         0x0200
+# define BIO_TYPE_SOURCE_SINK    0x0400
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE             0
+# define BIO_TYPE_MEM            ( 1|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_FILE           ( 2|BIO_TYPE_SOURCE_SINK)
+
+# define BIO_TYPE_FD             ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_SOCKET         ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_NULL           ( 6|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_SSL            ( 7|BIO_TYPE_FILTER)
+# define BIO_TYPE_MD             ( 8|BIO_TYPE_FILTER)
+# define BIO_TYPE_BUFFER         ( 9|BIO_TYPE_FILTER)
+# define BIO_TYPE_CIPHER         (10|BIO_TYPE_FILTER)
+# define BIO_TYPE_BASE64         (11|BIO_TYPE_FILTER)
+# define BIO_TYPE_CONNECT        (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ACCEPT         (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+
+# define BIO_TYPE_NBIO_TEST      (16|BIO_TYPE_FILTER)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER    (17|BIO_TYPE_FILTER)
+# define BIO_TYPE_BIO            (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */
+# define BIO_TYPE_LINEBUFFER     (20|BIO_TYPE_FILTER)
+# define BIO_TYPE_DGRAM          (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ASN1           (22|BIO_TYPE_FILTER)
+# define BIO_TYPE_COMP           (23|BIO_TYPE_FILTER)
+# ifndef OPENSSL_NO_SCTP
+#  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# endif
+
+#define BIO_TYPE_START           128
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE             0x00
+# define BIO_CLOSE               0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF            2/* opt - are we at the eof */
+# define BIO_CTRL_INFO           3/* opt - extra tit-bits */
+# define BIO_CTRL_SET            4/* man - set the 'IO' type */
+# define BIO_CTRL_GET            5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH           6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP            7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE      8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE      9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING        10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
+# define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
+
+# define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+                                         * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
+# define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
+                                              * want to use this if asking
+                                              * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
+                                              * exceed in the previous write
+                                              * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER           46
+# define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
+                                              * to adjust socket timeouts */
+# define BIO_CTRL_DGRAM_SET_DONT_FRAG      48
+
+# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
+
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
+# ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
+#  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
+#  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
+#  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
+#  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
+#  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
+#  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
+#  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
+#  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
+#  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
+# endif
+
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE      71
+
+/* modifiers */
+# define BIO_FP_READ             0x02
+# define BIO_FP_WRITE            0x04
+# define BIO_FP_APPEND           0x08
+# define BIO_FP_TEXT             0x10
+
+# define BIO_FLAGS_READ          0x01
+# define BIO_FLAGS_WRITE         0x02
+# define BIO_FLAGS_IO_SPECIAL    0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY  0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+#  define BIO_FLAGS_UPLINK        0
+# endif
+
+# define BIO_FLAGS_BASE64_NO_NL  0x100
+
+/*
+ * This is used with memory BIOs:
+ * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
+ */
+# define BIO_FLAGS_MEM_RDONLY    0x200
+# define BIO_FLAGS_NONCLEAR_RST  0x400
+
+typedef union bio_addr_st BIO_ADDR;
+typedef struct bio_addrinfo_st BIO_ADDRINFO;
+
+int BIO_get_new_index(void);
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT                  0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT                   0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE     0x01
+# define BIO_CB_READ     0x02
+# define BIO_CB_WRITE    0x03
+# define BIO_CB_PUTS     0x04
+# define BIO_CB_GETS     0x05
+# define BIO_CB_CTRL     0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN   0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+BIO_callback_fn BIO_get_callback(const BIO *b);
+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+typedef struct bio_method_st BIO_METHOD;
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef int BIO_info_cb(BIO *, int, int);
+typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
+
+DEFINE_STACK_OF(BIO)
+
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
+                          void *parg);
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo {
+    uint16_t snd_sid;
+    uint16_t snd_flags;
+    uint32_t snd_ppid;
+    uint32_t snd_context;
+};
+
+struct bio_dgram_sctp_rcvinfo {
+    uint16_t rcv_sid;
+    uint16_t rcv_ssn;
+    uint16_t rcv_flags;
+    uint32_t rcv_ppid;
+    uint32_t rcv_tsn;
+    uint32_t rcv_cumtsn;
+    uint32_t rcv_context;
+};
+
+struct bio_dgram_sctp_prinfo {
+    uint16_t pr_policy;
+    uint32_t pr_value;
+};
+# endif
+
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT                       100
+# define BIO_C_DO_STATE_MACHINE                  101
+# define BIO_C_SET_NBIO                          102
+/* # define BIO_C_SET_PROXY_PARAM                   103 */
+# define BIO_C_SET_FD                            104
+# define BIO_C_GET_FD                            105
+# define BIO_C_SET_FILE_PTR                      106
+# define BIO_C_GET_FILE_PTR                      107
+# define BIO_C_SET_FILENAME                      108
+# define BIO_C_SET_SSL                           109
+# define BIO_C_GET_SSL                           110
+# define BIO_C_SET_MD                            111
+# define BIO_C_GET_MD                            112
+# define BIO_C_GET_CIPHER_STATUS                 113
+# define BIO_C_SET_BUF_MEM                       114
+# define BIO_C_GET_BUF_MEM_PTR                   115
+# define BIO_C_GET_BUFF_NUM_LINES                116
+# define BIO_C_SET_BUFF_SIZE                     117
+# define BIO_C_SET_ACCEPT                        118
+# define BIO_C_SSL_MODE                          119
+# define BIO_C_GET_MD_CTX                        120
+/* # define BIO_C_GET_PROXY_PARAM                   121 */
+# define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
+# define BIO_C_GET_CONNECT                       123
+# define BIO_C_GET_ACCEPT                        124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+# define BIO_C_FILE_SEEK                         128
+# define BIO_C_GET_CIPHER_CTX                    129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
+                                                     * value */
+# define BIO_C_SET_BIND_MODE                     131
+# define BIO_C_GET_BIND_MODE                     132
+# define BIO_C_FILE_TELL                         133
+# define BIO_C_GET_SOCKS                         134
+# define BIO_C_SET_SOCKS                         135
+
+# define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE                137
+# define BIO_C_MAKE_BIO_PAIR                     138
+# define BIO_C_DESTROY_BIO_PAIR                  139
+# define BIO_C_GET_WRITE_GUARANTEE               140
+# define BIO_C_GET_READ_REQUEST                  141
+# define BIO_C_SHUTDOWN_WR                       142
+# define BIO_C_NREAD0                            143
+# define BIO_C_NREAD                             144
+# define BIO_C_NWRITE0                           145
+# define BIO_C_NWRITE                            146
+# define BIO_C_RESET_READ_REQUEST                147
+# define BIO_C_SET_MD_CTX                        148
+
+# define BIO_C_SET_PREFIX                        149
+# define BIO_C_GET_PREFIX                        150
+# define BIO_C_SET_SUFFIX                        151
+# define BIO_C_GET_SUFFIX                        152
+
+# define BIO_C_SET_EX_ARG                        153
+# define BIO_C_GET_EX_ARG                        154
+
+# define BIO_C_SET_CONNECT_MODE                  155
+
+# define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+
+# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+# ifndef OPENSSL_NO_SOCK
+/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+/* Note: the underlying operating system may not support some of them */
+#  define BIO_FAMILY_IPV4                         4
+#  define BIO_FAMILY_IPV6                         6
+#  define BIO_FAMILY_IPANY                        256
+
+/* BIO_s_connect() */
+#  define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#  define BIO_set_conn_port(b,port)     BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#  define BIO_set_conn_address(b,addr)  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
+#  define BIO_set_conn_ip_family(b,f)   BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
+#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
+#  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+
+/* BIO_s_accept() */
+#  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#  define BIO_set_accept_port(b,port)   BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port)
+#  define BIO_get_accept_name(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
+#  define BIO_get_accept_port(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
+#  define BIO_get_peer_name(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
+#  define BIO_get_peer_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#  define BIO_set_nbio_accept(b,n)      BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
+#  define BIO_set_accept_bios(b,bio)    BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio)
+#  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
+#  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+
+/* Aliases kept for backward compatibility */
+#  define BIO_BIND_NORMAL                 0
+#  define BIO_BIND_REUSEADDR              BIO_SOCK_REUSEADDR
+#  define BIO_BIND_REUSEADDR_IF_UNUSED    BIO_SOCK_REUSEADDR
+#  define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#  define BIO_get_bind_mode(b)    BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+/* BIO_s_accept() and BIO_s_connect() */
+#  define BIO_do_connect(b)       BIO_do_handshake(b)
+#  define BIO_do_accept(b)        BIO_do_handshake(b)
+# endif /* OPENSSL_NO_SOCK */
+
+# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
+# define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+/* BIO_s_file() */
+# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+/* BIO_s_fd() and BIO_s_file() */
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+#  define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)name)
+# endif
+# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure.  This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio.  So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+# define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
+# define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+# define BIO_set_mem_eof_return(b,v) \
+                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+                                                   cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer)  \
+                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
+# define BIO_ctrl_set_connected(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer)
+# define BIO_dgram_recv_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
+# define BIO_dgram_set_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+# define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+
+#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+uint64_t BIO_number_read(BIO *bio);
+uint64_t BIO_number_written(BIO *bio);
+
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free);
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+# ifndef OPENSSL_NO_STDIO
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# endif
+BIO *BIO_new(const BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_up_ref(BIO *a);
+int BIO_read(BIO *b, void *data, int len);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int len);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+# ifndef OPENSSL_NO_SOCK
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+# endif
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_linebuffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_datagram(void);
+int BIO_dgram_non_fatal_error(int error);
+BIO *BIO_new_dgram(int fd, int close_flag);
+#  ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void);
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void *context,
+                                                                 void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+# endif
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_STDIO
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen);
+
+# ifndef OPENSSL_NO_SOCK
+BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_sock_init(void);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define BIO_sock_cleanup() while(0) continue
+# endif
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
+DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
+DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
+DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
+DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+
+union BIO_sock_info_u {
+    BIO_ADDR *addr;
+};
+enum BIO_sock_info_type {
+    BIO_SOCK_INFO_ADDRESS
+};
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info);
+
+#  define BIO_SOCK_REUSEADDR    0x01
+#  define BIO_SOCK_V6_ONLY      0x02
+#  define BIO_SOCK_KEEPALIVE    0x04
+#  define BIO_SOCK_NONBLOCK     0x08
+#  define BIO_SOCK_NODELAY      0x10
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+int BIO_closesocket(int sock);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
+# endif /* OPENSSL_NO_SOCK*/
+
+BIO *BIO_new_fd(int fd, int close_flag);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+                     BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# ifdef __GNUC__
+#  define __bio_h__attr__ __attribute__
+# else
+#  define __bio_h__attr__(x)
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 3, 0)));
+# undef __bio_h__attr__
+
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int);
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write) (BIO *, const char *, int));
+int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*read) (BIO *, char *, int));
+int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*puts) (BIO *, const char *));
+int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets) (BIO *, char *, int));
+long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *));
+int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))
+                                 (BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *));
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_BIO_strings(void);
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+# define BIO_F_ACPT_STATE                                 100
+# define BIO_F_ADDR_STRINGS                               134
+# define BIO_F_BIO_ACCEPT                                 101
+# define BIO_F_BIO_ACCEPT_EX                              137
+# define BIO_F_BIO_ADDR_NEW                               144
+# define BIO_F_BIO_CALLBACK_CTRL                          131
+# define BIO_F_BIO_CONNECT                                138
+# define BIO_F_BIO_CTRL                                   103
+# define BIO_F_BIO_GETS                                   104
+# define BIO_F_BIO_GET_HOST_IP                            106
+# define BIO_F_BIO_GET_NEW_INDEX                          102
+# define BIO_F_BIO_GET_PORT                               107
+# define BIO_F_BIO_LISTEN                                 139
+# define BIO_F_BIO_LOOKUP                                 135
+# define BIO_F_BIO_MAKE_PAIR                              121
+# define BIO_F_BIO_METH_NEW                               146
+# define BIO_F_BIO_NEW                                    108
+# define BIO_F_BIO_NEW_FILE                               109
+# define BIO_F_BIO_NEW_MEM_BUF                            126
+# define BIO_F_BIO_NREAD                                  123
+# define BIO_F_BIO_NREAD0                                 124
+# define BIO_F_BIO_NWRITE                                 125
+# define BIO_F_BIO_NWRITE0                                122
+# define BIO_F_BIO_PARSE_HOSTSERV                         136
+# define BIO_F_BIO_PUTS                                   110
+# define BIO_F_BIO_READ                                   111
+# define BIO_F_BIO_SOCKET                                 140
+# define BIO_F_BIO_SOCKET_NBIO                            142
+# define BIO_F_BIO_SOCK_INFO                              141
+# define BIO_F_BIO_SOCK_INIT                              112
+# define BIO_F_BIO_WRITE                                  113
+# define BIO_F_BUFFER_CTRL                                114
+# define BIO_F_CONN_CTRL                                  127
+# define BIO_F_CONN_STATE                                 115
+# define BIO_F_DGRAM_SCTP_READ                            132
+# define BIO_F_DGRAM_SCTP_WRITE                           133
+# define BIO_F_FILE_CTRL                                  116
+# define BIO_F_FILE_READ                                  130
+# define BIO_F_LINEBUFFER_CTRL                            129
+# define BIO_F_MEM_WRITE                                  117
+# define BIO_F_SSL_NEW                                    118
+
+/* Reason codes. */
+# define BIO_R_ACCEPT_ERROR                               100
+# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET               141
+# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE                  129
+# define BIO_R_BAD_FOPEN_MODE                             101
+# define BIO_R_BROKEN_PIPE                                124
+# define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+# define BIO_R_GETSOCKNAME_ERROR                          132
+# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS              133
+# define BIO_R_GETTING_SOCKTYPE                           134
+# define BIO_R_INVALID_ARGUMENT                           125
+# define BIO_R_INVALID_SOCKET                             135
+# define BIO_R_IN_USE                                     123
+# define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOOKUP_RETURNED_NOTHING                    142
+# define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
+# define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
+# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
+# define BIO_R_NO_PORT_DEFINED                            113
+# define BIO_R_NO_SUCH_FILE                               128
+# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+# define BIO_R_UNABLE_TO_KEEPALIVE                        137
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+# define BIO_R_UNABLE_TO_NODELAY                          138
+# define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNAVAILABLE_IP_FAMILY                      145
+# define BIO_R_UNINITIALIZED                              120
+# define BIO_R_UNKNOWN_INFO_TYPE                          140
+# define BIO_R_UNSUPPORTED_IP_FAMILY                      146
+# define BIO_R_UNSUPPORTED_METHOD                         121
+# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
+# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+# define BIO_R_WSASTARTUP                                 122
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/blowfish.h b/openssl-1.1.0h/include/openssl/blowfish.h
new file mode 100644
index 0000000..cd3e460
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/blowfish.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_BF
+# include <openssl/e_os2.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define BF_ENCRYPT      1
+# define BF_DECRYPT      0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define BF_LONG unsigned int
+
+# define BF_ROUNDS       16
+# define BF_BLOCK        8
+
+typedef struct bf_key_st {
+    BF_LONG P[BF_ROUNDS + 2];
+    BF_LONG S[4 * 256];
+} BF_KEY;
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/bn.h b/openssl-1.1.0h/include/openssl/bn.h
new file mode 100644
index 0000000..54ae760
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/bn.h
@@ -0,0 +1,575 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULONG        unsigned long
+#  define BN_BYTES        8
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  define BN_ULONG        unsigned long long
+#  define BN_BYTES        8
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  define BN_ULONG        unsigned int
+#  define BN_BYTES        4
+# endif
+
+# define BN_BITS2       (BN_BYTES * 8)
+# define BN_BITS        (BN_BITS2 * 2)
+# define BN_TBIT        ((BN_ULONG)1 << (BN_BITS2 - 1))
+
+# define BN_FLG_MALLOCED         0x01
+# define BN_FLG_STATIC_DATA      0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME        0x04
+# define BN_FLG_SECURE           0x08
+
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag */
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+#  define BN_FLG_FREE            0x8000 /* used for debugging */
+# endif
+
+void BN_set_flags(BIGNUM *b, int n);
+int BN_get_flags(const BIGNUM *b, int n);
+
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY    -1
+#define BN_RAND_TOP_ONE     0
+#define BN_RAND_TOP_TWO     1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY  0
+#define BN_RAND_BOTTOM_ODD  1
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
+ * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that
+ * has not been otherwise initialised or used.
+ */
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+/* Wrapper function to make using BN_GENCB easier */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg);
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+# define BN_prime_checks 0      /* default: select number of iterations based
+                                 * on the size of the number */
+
+/*
+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error
+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
+ * 177-194)
+ */
+# define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
+                                (b) >=  850 ?  3 : \
+                                (b) >=  650 ?  4 : \
+                                (b) >=  550 ?  5 : \
+                                (b) >=  450 ?  6 : \
+                                (b) >=  400 ?  7 : \
+                                (b) >=  350 ?  8 : \
+                                (b) >=  300 ?  9 : \
+                                (b) >=  250 ? 12 : \
+                                (b) >=  200 ? 15 : \
+                                (b) >=  150 ? 18 : \
+                                /* b >= 100 */ 27)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_zero(const BIGNUM *a);
+int BN_is_one(const BIGNUM *a);
+int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_odd(const BIGNUM *a);
+
+# define BN_one(a)       (BN_set_word((a),1))
+
+void BN_zero_ex(BIGNUM *a);
+
+# if OPENSSL_API_COMPAT >= 0x00908000L
+#  define BN_zero(a)      BN_zero_ex(a)
+# else
+#  define BN_zero(a)      (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new(void);
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG l);
+int BN_security_bits(int L, int N);
+BIGNUM *BN_new(void);
+BIGNUM *BN_secure_new(void);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  b  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+int BN_is_negative(const BIGNUM *b);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+int BN_print(BIO *bio, const BIGNUM *a);
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+                                                                  * -2 for
+                                                                  * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                                             const BIGNUM *add,
+                                             const BIGNUM *rem,
+                                             void (*callback) (int, int,
+                                                               void *),
+                                             void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime(const BIGNUM *p, int nchecks,
+                               void (*callback) (int, int, void *),
+                               BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                                        void (*callback) (int, int, void *),
+                                        BN_CTX *ctx, void *cb_arg,
+                                        int do_trial_division))
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+                              BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE   0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *);
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+                                                  * mont */
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx);
+#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+                        BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+                         const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+                               const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx);
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx);
+
+/* Primes from RFC 2409 */
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+#  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+#  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+#  define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+#  define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+#  define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+#  define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+#  define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_BN_strings(void);
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+# define BN_F_BNRAND                                      127
+# define BN_F_BN_BLINDING_CONVERT_EX                      100
+# define BN_F_BN_BLINDING_CREATE_PARAM                    128
+# define BN_F_BN_BLINDING_INVERT_EX                       101
+# define BN_F_BN_BLINDING_NEW                             102
+# define BN_F_BN_BLINDING_UPDATE                          103
+# define BN_F_BN_BN2DEC                                   104
+# define BN_F_BN_BN2HEX                                   105
+# define BN_F_BN_COMPUTE_WNAF                             142
+# define BN_F_BN_CTX_GET                                  116
+# define BN_F_BN_CTX_NEW                                  106
+# define BN_F_BN_CTX_START                                129
+# define BN_F_BN_DIV                                      107
+# define BN_F_BN_DIV_RECP                                 130
+# define BN_F_BN_EXP                                      123
+# define BN_F_BN_EXPAND_INTERNAL                          120
+# define BN_F_BN_GENCB_NEW                                143
+# define BN_F_BN_GENERATE_DSA_NONCE                       140
+# define BN_F_BN_GENERATE_PRIME_EX                        141
+# define BN_F_BN_GF2M_MOD                                 131
+# define BN_F_BN_GF2M_MOD_EXP                             132
+# define BN_F_BN_GF2M_MOD_MUL                             133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
+# define BN_F_BN_GF2M_MOD_SQR                             136
+# define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
+# define BN_F_BN_MOD_EXP2_MONT                            118
+# define BN_F_BN_MOD_EXP_MONT                             109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
+# define BN_F_BN_MOD_EXP_MONT_WORD                        117
+# define BN_F_BN_MOD_EXP_RECP                             125
+# define BN_F_BN_MOD_EXP_SIMPLE                           126
+# define BN_F_BN_MOD_INVERSE                              110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
+# define BN_F_BN_MOD_LSHIFT_QUICK                         119
+# define BN_F_BN_MOD_SQRT                                 121
+# define BN_F_BN_MPI2BN                                   112
+# define BN_F_BN_NEW                                      113
+# define BN_F_BN_RAND                                     114
+# define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RSHIFT                                   146
+# define BN_F_BN_SET_WORDS                                144
+# define BN_F_BN_USUB                                     115
+
+/* Reason codes. */
+# define BN_R_ARG2_LT_ARG3                                100
+# define BN_R_BAD_RECIPROCAL                              101
+# define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
+# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+# define BN_R_DIV_BY_ZERO                                 103
+# define BN_R_ENCODING_ERROR                              104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+# define BN_R_INPUT_NOT_REDUCED                           110
+# define BN_R_INVALID_LENGTH                              106
+# define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
+# define BN_R_NOT_A_SQUARE                                111
+# define BN_R_NOT_INITIALIZED                             107
+# define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_SOLUTION                                 116
+# define BN_R_PRIVATE_KEY_TOO_LARGE                       117
+# define BN_R_P_IS_NOT_PRIME                              112
+# define BN_R_TOO_MANY_ITERATIONS                         113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/buffer.h b/openssl-1.1.0h/include/openssl/buffer.h
new file mode 100644
index 0000000..35160b4
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/buffer.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include <openssl/ossl_typ.h>
+# ifndef HEADER_CRYPTO_H
+#  include <openssl/crypto.h>
+# endif
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <stddef.h>
+# include <sys/types.h>
+
+/*
+ * These names are outdated as of OpenSSL 1.1; a future release
+ * will move them to be deprecated.
+ */
+# define BUF_strdup(s) OPENSSL_strdup(s)
+# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+# define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
+# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+
+struct buf_mem_st {
+    size_t length;              /* current number of bytes */
+    char *data;
+    size_t max;                 /* size of buffer */
+    unsigned long flags;
+};
+
+# define BUF_MEM_FLAG_SECURE  0x01
+
+BUF_MEM *BUF_MEM_new(void);
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+void BUF_MEM_free(BUF_MEM *a);
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_BUF_strings(void);
+
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+# define BUF_F_BUF_MEM_GROW                               100
+# define BUF_F_BUF_MEM_GROW_CLEAN                         105
+# define BUF_F_BUF_MEM_NEW                                101
+
+/* Reason codes. */
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/camellia.h b/openssl-1.1.0h/include/openssl/camellia.h
new file mode 100644
index 0000000..151f3c1
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/camellia.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAMELLIA
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define CAMELLIA_ENCRYPT        1
+# define CAMELLIA_DECRYPT        0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
+                                                               * with WORD */
+
+struct camellia_key_st {
+    union {
+        double d;               /* ensures 64-bit align */
+        KEY_TABLE_TYPE rd_key;
+    } u;
+    int grand_rounds;
+};
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t length, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/cast.h b/openssl-1.1.0h/include/openssl/cast.h
new file mode 100644
index 0000000..2cc89ae
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/cast.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAST
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define CAST_ENCRYPT    1
+# define CAST_DECRYPT    0
+
+# define CAST_LONG unsigned int
+
+# define CAST_BLOCK      8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+    CAST_LONG data[32];
+    int short_key;              /* Use reduced rounds for short key */
+} CAST_KEY;
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/cmac.h b/openssl-1.1.0h/include/openssl/cmac.h
new file mode 100644
index 0000000..3535a9a
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/cmac.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMAC_H
+# define HEADER_CMAC_H
+
+# ifndef OPENSSL_NO_CMAC
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/evp.h>
+
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
+
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/cms.h b/openssl-1.1.0h/include/openssl/cms.h
new file mode 100644
index 0000000..7e534e0
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/cms.h
@@ -0,0 +1,512 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_H
+# define HEADER_CMS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_NONE              -1
+# define CMS_RECIPINFO_TRANS             0
+# define CMS_RECIPINFO_AGREE             1
+# define CMS_RECIPINFO_KEK               2
+# define CMS_RECIPINFO_PASS              3
+# define CMS_RECIPINFO_OTHER             4
+
+/* S/MIME related flags */
+
+# define CMS_TEXT                        0x1
+# define CMS_NOCERTS                     0x2
+# define CMS_NO_CONTENT_VERIFY           0x4
+# define CMS_NO_ATTR_VERIFY              0x8
+# define CMS_NOSIGS                      \
+                        (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+# define CMS_NOINTERN                    0x10
+# define CMS_NO_SIGNER_CERT_VERIFY       0x20
+# define CMS_NOVERIFY                    0x20
+# define CMS_DETACHED                    0x40
+# define CMS_BINARY                      0x80
+# define CMS_NOATTR                      0x100
+# define CMS_NOSMIMECAP                  0x200
+# define CMS_NOOLDMIMETYPE               0x400
+# define CMS_CRLFEOL                     0x800
+# define CMS_STREAM                      0x1000
+# define CMS_NOCRL                       0x2000
+# define CMS_PARTIAL                     0x4000
+# define CMS_REUSE_DIGEST                0x8000
+# define CMS_USE_KEYID                   0x10000
+# define CMS_DEBUG_DECRYPT               0x20000
+# define CMS_KEY_PARAM                   0x40000
+# define CMS_ASCIICRLF                   0x80000
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+# ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
+              unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                             const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass,
+                                    ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags);
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                           unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                               int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type);
+
+# ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto);
+# endif
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm);
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert);
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek);
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_CMS_strings(void);
+
+/* Error codes for the CMS functions. */
+
+/* Function codes. */
+# define CMS_F_CHECK_CONTENT                              99
+# define CMS_F_CMS_ADD0_CERT                              164
+# define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
+# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
+# define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
+# define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
+# define CMS_F_CMS_ADD1_SIGNER                            102
+# define CMS_F_CMS_ADD1_SIGNINGTIME                       103
+# define CMS_F_CMS_COMPRESS                               104
+# define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
+# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
+# define CMS_F_CMS_COPY_CONTENT                           107
+# define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
+# define CMS_F_CMS_DATA                                   109
+# define CMS_F_CMS_DATAFINAL                              110
+# define CMS_F_CMS_DATAINIT                               111
+# define CMS_F_CMS_DECRYPT                                112
+# define CMS_F_CMS_DECRYPT_SET1_KEY                       113
+# define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
+# define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
+# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
+# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
+# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
+# define CMS_F_CMS_DIGEST_VERIFY                          118
+# define CMS_F_CMS_ENCODE_RECEIPT                         161
+# define CMS_F_CMS_ENCRYPT                                119
+# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
+# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
+# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
+# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
+# define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
+# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
+# define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
+# define CMS_F_CMS_ENV_ASN1_CTRL                          171
+# define CMS_F_CMS_FINAL                                  127
+# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
+# define CMS_F_CMS_GET0_CONTENT                           129
+# define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
+# define CMS_F_CMS_GET0_ENVELOPED                         131
+# define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
+# define CMS_F_CMS_GET0_SIGNED                            133
+# define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
+# define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
+# define CMS_F_CMS_RECEIPT_VERIFY                         160
+# define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
+# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
+# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
+# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
+# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
+# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
+# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
+# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
+# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
+# define CMS_F_CMS_SD_ASN1_CTRL                           170
+# define CMS_F_CMS_SET1_IAS                               176
+# define CMS_F_CMS_SET1_KEYID                             177
+# define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
+# define CMS_F_CMS_SET_DETACHED                           147
+# define CMS_F_CMS_SIGN                                   148
+# define CMS_F_CMS_SIGNED_DATA_INIT                       149
+# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
+# define CMS_F_CMS_SIGNERINFO_SIGN                        151
+# define CMS_F_CMS_SIGNERINFO_VERIFY                      152
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
+# define CMS_F_CMS_SIGN_RECEIPT                           163
+# define CMS_F_CMS_STREAM                                 155
+# define CMS_F_CMS_UNCOMPRESS                             156
+# define CMS_F_CMS_VERIFY                                 157
+
+/* Reason codes. */
+# define CMS_R_ADD_SIGNER_ERROR                           99
+# define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
+# define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
+# define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+# define CMS_R_CIPHER_INITIALISATION_ERROR                101
+# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
+# define CMS_R_CMS_DATAFINAL_ERROR                        103
+# define CMS_R_CMS_LIB                                    104
+# define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
+# define CMS_R_CONTENT_NOT_FOUND                          105
+# define CMS_R_CONTENT_TYPE_MISMATCH                      171
+# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
+# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
+# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
+# define CMS_R_CONTENT_VERIFY_ERROR                       109
+# define CMS_R_CTRL_ERROR                                 110
+# define CMS_R_CTRL_FAILURE                               111
+# define CMS_R_DECRYPT_ERROR                              112
+# define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
+# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
+# define CMS_R_ERROR_SETTING_KEY                          115
+# define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
+# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
+# define CMS_R_INVALID_KEY_LENGTH                         118
+# define CMS_R_MD_BIO_INIT_ERROR                          119
+# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
+# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
+# define CMS_R_MSGSIGDIGEST_ERROR                         172
+# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
+# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
+# define CMS_R_NEED_ONE_SIGNER                            164
+# define CMS_R_NOT_A_SIGNED_RECEIPT                       165
+# define CMS_R_NOT_ENCRYPTED_DATA                         122
+# define CMS_R_NOT_KEK                                    123
+# define CMS_R_NOT_KEY_AGREEMENT                          181
+# define CMS_R_NOT_KEY_TRANSPORT                          124
+# define CMS_R_NOT_PWRI                                   177
+# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
+# define CMS_R_NO_CIPHER                                  126
+# define CMS_R_NO_CONTENT                                 127
+# define CMS_R_NO_CONTENT_TYPE                            173
+# define CMS_R_NO_DEFAULT_DIGEST                          128
+# define CMS_R_NO_DIGEST_SET                              129
+# define CMS_R_NO_KEY                                     130
+# define CMS_R_NO_KEY_OR_CERT                             174
+# define CMS_R_NO_MATCHING_DIGEST                         131
+# define CMS_R_NO_MATCHING_RECIPIENT                      132
+# define CMS_R_NO_MATCHING_SIGNATURE                      166
+# define CMS_R_NO_MSGSIGDIGEST                            167
+# define CMS_R_NO_PASSWORD                                178
+# define CMS_R_NO_PRIVATE_KEY                             133
+# define CMS_R_NO_PUBLIC_KEY                              134
+# define CMS_R_NO_RECEIPT_REQUEST                         168
+# define CMS_R_NO_SIGNERS                                 135
+# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
+# define CMS_R_RECEIPT_DECODE_ERROR                       169
+# define CMS_R_RECIPIENT_ERROR                            137
+# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
+# define CMS_R_SIGNFINAL_ERROR                            139
+# define CMS_R_SMIME_TEXT_ERROR                           140
+# define CMS_R_STORE_INIT_ERROR                           141
+# define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
+# define CMS_R_TYPE_NOT_DATA                              143
+# define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
+# define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
+# define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
+# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
+# define CMS_R_UNKNOWN_CIPHER                             148
+# define CMS_R_UNKNOWN_DIGEST_ALGORIHM                    149
+# define CMS_R_UNKNOWN_ID                                 150
+# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+# define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
+# define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
+# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
+# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE              155
+# define CMS_R_UNSUPPORTED_TYPE                           156
+# define CMS_R_UNWRAP_ERROR                               157
+# define CMS_R_UNWRAP_FAILURE                             180
+# define CMS_R_VERIFICATION_FAILURE                       158
+# define CMS_R_WRAP_ERROR                                 159
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/comp.h b/openssl-1.1.0h/include/openssl/comp.h
new file mode 100644
index 0000000..260ff1e
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/comp.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/crypto.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen);
+
+COMP_METHOD *COMP_zlib(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define COMP_zlib_cleanup() while(0) continue
+#endif
+
+# ifdef HEADER_BIO_H
+#  ifdef ZLIB
+const BIO_METHOD *BIO_f_zlib(void);
+#  endif
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_COMP_strings(void);
+
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+# define COMP_F_BIO_ZLIB_FLUSH                            99
+# define COMP_F_BIO_ZLIB_NEW                              100
+# define COMP_F_BIO_ZLIB_READ                             101
+# define COMP_F_BIO_ZLIB_WRITE                            102
+
+/* Reason codes. */
+# define COMP_R_ZLIB_DEFLATE_ERROR                        99
+# define COMP_R_ZLIB_INFLATE_ERROR                        100
+# define COMP_R_ZLIB_NOT_SUPPORTED                        101
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/conf.h b/openssl-1.1.0h/include/openssl/conf.h
new file mode 100644
index 0000000..980a51b
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/conf.h
@@ -0,0 +1,217 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+    char *section;
+    char *name;
+    char *value;
+} CONF_VALUE;
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_LHASH_OF(CONF_VALUE);
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+    const char *name;
+    CONF *(*create) (CONF_METHOD *meth);
+    int (*init) (CONF *conf);
+    int (*destroy) (CONF *conf);
+    int (*destroy_data) (CONF *conf);
+    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+    int (*dump) (const CONF *conf, BIO *bp);
+    int (*is_number) (const CONF *conf, char c);
+    int (*to_int) (const CONF *conf, char c);
+    int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS       0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT              0x4
+# define CONF_MFLAGS_NO_DSO              0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION     0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline);
+# ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
+# endif
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+
+DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OPENSSL_no_config() \
+    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
+#endif
+
+/*
+ * New conf code.  The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+    CONF_METHOD *meth;
+    void *meth_data;
+    LHASH_OF(CONF_VALUE) *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+                                        const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result);
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define CONF_modules_free() while(0) continue
+#endif
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_CONF_strings(void);
+
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+# define CONF_F_CONF_DUMP_FP                              104
+# define CONF_F_CONF_LOAD                                 100
+# define CONF_F_CONF_LOAD_FP                              103
+# define CONF_F_CONF_PARSE_LIST                           119
+# define CONF_F_DEF_LOAD                                  120
+# define CONF_F_DEF_LOAD_BIO                              121
+# define CONF_F_MODULE_INIT                               115
+# define CONF_F_MODULE_LOAD_DSO                           117
+# define CONF_F_MODULE_RUN                                118
+# define CONF_F_NCONF_DUMP_BIO                            105
+# define CONF_F_NCONF_DUMP_FP                             106
+# define CONF_F_NCONF_GET_NUMBER_E                        112
+# define CONF_F_NCONF_GET_SECTION                         108
+# define CONF_F_NCONF_GET_STRING                          109
+# define CONF_F_NCONF_LOAD                                113
+# define CONF_F_NCONF_LOAD_BIO                            110
+# define CONF_F_NCONF_LOAD_FP                             114
+# define CONF_F_NCONF_NEW                                 111
+# define CONF_F_STR_COPY                                  101
+
+/* Reason codes. */
+# define CONF_R_ERROR_LOADING_DSO                         110
+# define CONF_R_LIST_CANNOT_BE_NULL                       115
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+# define CONF_R_MISSING_EQUAL_SIGN                        101
+# define CONF_R_MISSING_INIT_FUNCTION                     112
+# define CONF_R_MODULE_INITIALIZATION_ERROR               109
+# define CONF_R_NO_CLOSE_BRACE                            102
+# define CONF_R_NO_CONF                                   105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
+# define CONF_R_NO_SECTION                                107
+# define CONF_R_NO_SUCH_FILE                              114
+# define CONF_R_NO_VALUE                                  108
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+# define CONF_R_UNKNOWN_MODULE_NAME                       113
+# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
+# define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/conf_api.h b/openssl-1.1.0h/include/openssl/conf_api.h
new file mode 100644
index 0000000..a0275ad
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/conf_api.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+                      const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/crypto.h b/openssl-1.1.0h/include/openssl/crypto.h
new file mode 100644
index 0000000..1ba7f25
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/crypto.h
@@ -0,0 +1,467 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include <stdlib.h>
+# include <time.h>
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+# include <openssl/opensslv.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include <openssl/symhacks.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/opensslv.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSLeay                  OpenSSL_version_num
+#  define SSLeay_version          OpenSSL_version
+#  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
+#  define SSLEAY_VERSION          OPENSSL_VERSION
+#  define SSLEAY_CFLAGS           OPENSSL_CFLAGS
+#  define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
+#  define SSLEAY_PLATFORM         OPENSSL_PLATFORM
+#  define SSLEAY_DIR              OPENSSL_DIR
+
+/*
+ * Old type for allocating dynamic locks. No longer used. Use the new thread
+ * API instead.
+ */
+typedef struct {
+    int dummy;
+} CRYPTO_dynlock;
+
+# endif /* OPENSSL_API_COMPAT */
+
+typedef void CRYPTO_RWLOCK;
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
+ */
+# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
+# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
+
+struct crypto_ex_data_st {
+    STACK_OF(void) *sk;
+};
+DEFINE_STACK_OF(void)
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL              0
+# define CRYPTO_EX_INDEX_SSL_CTX          1
+# define CRYPTO_EX_INDEX_SSL_SESSION      2
+# define CRYPTO_EX_INDEX_X509             3
+# define CRYPTO_EX_INDEX_X509_STORE       4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
+# define CRYPTO_EX_INDEX_DH               6
+# define CRYPTO_EX_INDEX_DSA              7
+# define CRYPTO_EX_INDEX_EC_KEY           8
+# define CRYPTO_EX_INDEX_RSA              9
+# define CRYPTO_EX_INDEX_ENGINE          10
+# define CRYPTO_EX_INDEX_UI              11
+# define CRYPTO_EX_INDEX_BIO             12
+# define CRYPTO_EX_INDEX_APP             13
+# define CRYPTO_EX_INDEX__COUNT          14
+
+/*
+ * This is the default callbacks, but we can have others as well: this is
+ * needed in Win32 where the application malloc and the library malloc may
+ * not be the same.
+ */
+#define OPENSSL_malloc_init() \
+    CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free)
+
+int CRYPTO_mem_ctrl(int mode);
+
+# define OPENSSL_malloc(num) \
+        CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_zalloc(num) \
+        CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_realloc(addr, num) \
+        CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_realloc(addr, old_num, num) \
+        CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_free(addr, num) \
+        CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_free(addr) \
+        CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_memdup(str, s) \
+        CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strdup(str) \
+        CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strndup(str, n) \
+        CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_malloc(num) \
+        CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_zalloc(num) \
+        CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_free(addr) \
+        CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+        CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_actual_size(ptr) \
+        CRYPTO_secure_actual_size(ptr)
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+# define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
+
+unsigned long OpenSSL_version_num(void);
+const char *OpenSSL_version(int type);
+# define OPENSSL_VERSION          0
+# define OPENSSL_CFLAGS           1
+# define OPENSSL_BUILT_ON         2
+# define OPENSSL_PLATFORM         3
+# define OPENSSL_DIR              4
+# define OPENSSL_ENGINES_DIR      5
+
+int OPENSSL_issetugid(void);
+
+typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
+__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+/* No longer use an index. */
+int CRYPTO_free_ex_index(int class_index, int idx);
+
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+# define CRYPTO_cleanup_all_ex_data() while(0) continue
+
+/*
+ * The old locking functions have been removed completely without compatibility
+ * macros. This is because the old functions either could not properly report
+ * errors, or the returned error values were not clearly documented.
+ * Replacing the locking functions with with no-ops would cause race condition
+ * issues in the affected applications. It is far better for them to fail at
+ * compile time.
+ * On the other hand, the locking callbacks are no longer used.  Consequently,
+ * the callback management functions can be safely replaced with no-op macros.
+ */
+#  define CRYPTO_num_locks()            (1)
+#  define CRYPTO_set_locking_callback(func)
+#  define CRYPTO_get_locking_callback()         (NULL)
+#  define CRYPTO_set_add_lock_callback(func)
+#  define CRYPTO_get_add_lock_callback()        (NULL)
+
+/*
+ * These defines where used in combination with the old locking callbacks,
+ * they are not called anymore, but old code that's not called might still
+ * use them.
+ */
+#  define CRYPTO_LOCK             1
+#  define CRYPTO_UNLOCK           2
+#  define CRYPTO_READ             4
+#  define CRYPTO_WRITE            8
+
+/* This structure is no longer used */
+typedef struct crypto_threadid_st {
+    int dummy;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+#  define CRYPTO_THREADID_set_numeric(id, val)
+#  define CRYPTO_THREADID_set_pointer(id, ptr)
+#  define CRYPTO_THREADID_set_callback(threadid_func)   (0)
+#  define CRYPTO_THREADID_get_callback()                (NULL)
+#  define CRYPTO_THREADID_current(id)
+#  define CRYPTO_THREADID_cmp(a, b)                     (-1)
+#  define CRYPTO_THREADID_cpy(dest, src)
+#  define CRYPTO_THREADID_hash(id)                      (0UL)
+
+#  if OPENSSL_API_COMPAT < 0x10000000L
+#   define CRYPTO_set_id_callback(func)
+#   define CRYPTO_get_id_callback()                     (NULL)
+#   define CRYPTO_thread_id()                           (0UL)
+#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
+
+#  define CRYPTO_set_dynlock_create_callback(dyn_create_function)
+#  define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
+#  define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function)
+#  define CRYPTO_get_dynlock_create_callback()          (NULL)
+#  define CRYPTO_get_dynlock_lock_callback()            (NULL)
+#  define CRYPTO_get_dynlock_destroy_callback()         (NULL)
+# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+
+int CRYPTO_set_mem_functions(
+        void *(*m) (size_t, const char *, int),
+        void *(*r) (void *, size_t, const char *, int),
+        void (*f) (void *, const char *, int));
+int CRYPTO_set_mem_debug(int flag);
+void CRYPTO_get_mem_functions(
+        void *(**m) (size_t, const char *, int),
+        void *(**r) (void *, size_t, const char *, int),
+        void (**f) (void *, const char *, int));
+
+void *CRYPTO_malloc(size_t num, const char *file, int line);
+void *CRYPTO_zalloc(size_t num, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void CRYPTO_free(void *ptr, const char *file, int line);
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                           const char *file, int line);
+
+int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_done(void);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line);
+int CRYPTO_secure_allocated(const void *ptr);
+int CRYPTO_secure_malloc_initialized(void);
+size_t CRYPTO_secure_actual_size(void *ptr);
+size_t CRYPTO_secure_used(void);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+#  define OPENSSL_mem_debug_push(info) \
+        CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+#  define OPENSSL_mem_debug_pop() \
+        CRYPTO_mem_debug_pop()
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+
+/*-
+ * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
+ * The flag argument has the following significance:
+ *   0:   called before the actual memory allocation has taken place
+ *   1:   called after the actual memory allocation has taken place
+ */
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_free(void *addr, int flag,
+        const char *file, int line);
+
+#  ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *);
+#  endif
+int CRYPTO_mem_leaks(BIO *bio);
+# endif
+
+/* die if we have to */
+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
+# endif
+# define OPENSSL_assert(e) \
+    (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
+
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const volatile void * volatile in_a,
+                  const volatile void * volatile in_b,
+                  size_t len);
+
+/* Standard initialisation options */
+# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
+# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+# define OPENSSL_INIT_ADD_ALL_CIPHERS        0x00000004L
+# define OPENSSL_INIT_ADD_ALL_DIGESTS        0x00000008L
+# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS     0x00000010L
+# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS     0x00000020L
+# define OPENSSL_INIT_LOAD_CONFIG            0x00000040L
+# define OPENSSL_INIT_NO_LOAD_CONFIG         0x00000080L
+# define OPENSSL_INIT_ASYNC                  0x00000100L
+# define OPENSSL_INIT_ENGINE_RDRAND          0x00000200L
+# define OPENSSL_INIT_ENGINE_DYNAMIC         0x00000400L
+# define OPENSSL_INIT_ENGINE_OPENSSL         0x00000800L
+# define OPENSSL_INIT_ENGINE_CRYPTODEV       0x00001000L
+# define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
+# define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
+# define OPENSSL_INIT_ENGINE_AFALG           0x00008000L
+/* OPENSSL_INIT flag 0x00010000 reserved for internal use */
+/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* Max OPENSSL_INIT flag value is 0x80000000 */
+
+/* openssl and dasync not counted as builtin */
+# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \
+    (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \
+    | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
+    OPENSSL_INIT_ENGINE_PADLOCK)
+
+
+/* Library initialisation functions */
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+/* Low-level control of initialization */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *config_file);
+# endif
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
+
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_CRYPTO_strings(void);
+
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+# define CRYPTO_F_CRYPTO_MEMDUP                           115
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
+# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+# define CRYPTO_F_FIPS_MODE_SET                           109
+# define CRYPTO_F_GET_AND_LOCK                            113
+# define CRYPTO_F_OPENSSL_BUF2HEXSTR                      117
+# define CRYPTO_F_OPENSSL_HEXSTR2BUF                      118
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO                     116
+
+/* Reason codes. */
+# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+# define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
+# define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ct.h b/openssl-1.1.0h/include/openssl/ct.h
new file mode 100644
index 0000000..bf29fba
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ct.h
@@ -0,0 +1,533 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CT_H
+# define HEADER_CT_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+# include <openssl/ossl_typ.h>
+# include <openssl/safestack.h>
+# include <openssl/x509.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+/* Minimum RSA key size, from RFC6962 */
+# define SCT_MIN_RSA_BITS 2048
+
+/* All hashes are SHA256 in v1 of Certificate Transparency */
+# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF(CTLOG)
+
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/*
+ * Creates a new, empty policy evaluation context.
+ * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
+ * with the CT_POLICY_EVAL_CTX.
+ */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context and anything it owns. */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Increments the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+
+/*
+ * Gets the time, in milliseconds since the Unix epoch, that will be used as the
+ * current time when checking whether an SCT was issued in the future.
+ * Such SCTs will fail validation, as required by RFC6962.
+ */
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * whose timestamp is in the future", so an SCT will not validate in this case.
+ */
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+/*****************
+ * SCT functions *
+ *****************/
+
+/*
+ * Creates a new, blank SCT.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Creates a new SCT from some base64-encoded strings.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+/*
+ * Frees the SCT and the underlying data structures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Free a stack of SCTs, and the underlying SCTs themselves.
+ * Intended to be compatible with X509V3_EXT_FREE.
+ */
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+__owur int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+/*
+ * Gets the ID of the log that an SCT came from.
+ * Ownership of the log ID remains with the SCT.
+ * Returns the length of the log ID.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Set the log ID of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the log ID of an SCT.
+ * This makes a copy of the log_id.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+                           size_t log_id_len);
+
+/*
+ * Returns the timestamp for the SCT (epoch time in milliseconds).
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Set the timestamp of an SCT (epoch time in milliseconds).
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Return the NID for the signature used by the SCT.
+ * For CT v1, this will be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set the signature type of an SCT
+ * For CT v1, this should be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the extensions of an SCT.
+ * This takes a copy of the ext.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+                               size_t ext_len);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Set the signature of an SCT to be a copy of the *sig specified.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+                              size_t sig_len);
+
+/*
+ * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ */
+sct_source_t SCT_get_source(const SCT *sct);
+
+/*
+ * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_source(SCT *sct, sct_source_t source);
+
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
+/*
+ * Pretty-prints an |sct| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
+ * from, so that the log name can be printed.
+ */
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+
+/*
+ * Pretty-prints an |sct_list| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * SCTs will be delimited by |separator|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
+ * came from, so that the log names can be printed.
+ */
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Sets the "validation_status" field of each SCT.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+                             CT_POLICY_EVAL_CTX *ctx);
+
+
+/*********************************
+ * SCT parsing and serialisation *
+ *********************************/
+
+/*
+ * Serialize (to TLS format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just return the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Convert TLS format SCT list to a stack of SCTs.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+
+/*
+ * Serialize (to DER format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just returns the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Parses an SCT list in DER format and returns it.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len);
+
+/*
+ * Serialize (to TLS format) an |sct| and write it to |out|.
+ * If |out| is null, no SCT will be output but the length will still be returned.
+ * If |out| points to a null pointer, a string will be allocated to hold the
+ * TLS-format SCT. It is the responsibility of the caller to free it.
+ * If |out| points to an allocated string, the TLS-format SCT will be written
+ * to it.
+ * The length of the SCT in TLS format will be returned.
+ */
+__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+
+/*
+ * Parses an SCT in TLS format and returns it.
+ * If |psct| is not null, it will end up pointing to the parsed SCT. If it
+ * already points to a non-null pointer, the pointer will be free'd.
+ * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| will be advanced to the end of the SCT if parsing succeeds.
+ * |len| should be the length of the SCT in |in|.
+ * Returns NULL if an error occurs.
+ * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
+ * fields will be populated (with |in| and |len| respectively).
+ */
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+
+/********************
+ * CT log functions *
+ ********************/
+
+/*
+ * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
+ * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+
+/*
+ * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
+ * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * Returns 1 on success, 0 on failure.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+
+/*
+ * Deletes a CT log instance and its fields.
+ */
+void CTLOG_free(CTLOG *log);
+
+/* Gets the name of the CT log */
+const char *CTLOG_get0_name(const CTLOG *log);
+/* Gets the ID of the CT log */
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+/* Gets the public key of the CT log */
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+/**************************
+ * CT log store functions *
+ **************************/
+
+/*
+ * Creates a new CT log store.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new(void);
+
+/*
+ * Deletes a CT log store and all of the CT log instances held within.
+ */
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+/*
+ * Finds a CT log in the store based on its log ID.
+ * Returns the CT log, or NULL if no match is found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+
+/*
+ * Loads a CT log list into a |store| from a |file|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+/*
+ * Loads the default CT log list into a |store|.
+ * See internal/cryptlib.h for the environment variable and file path that are
+ * consulted to find the default file.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_CT_strings(void);
+
+/* Error codes for the CT functions. */
+
+/* Function codes. */
+# define CT_F_CTLOG_NEW                                   117
+# define CT_F_CTLOG_NEW_FROM_BASE64                       118
+# define CT_F_CTLOG_NEW_FROM_CONF                         119
+# define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
+# define CT_F_CTLOG_STORE_LOAD_FILE                       123
+# define CT_F_CTLOG_STORE_LOAD_LOG                        130
+# define CT_F_CTLOG_STORE_NEW                             131
+# define CT_F_CT_BASE64_DECODE                            124
+# define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
+# define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
+# define CT_F_I2O_SCT                                     107
+# define CT_F_I2O_SCT_LIST                                108
+# define CT_F_I2O_SCT_SIGNATURE                           109
+# define CT_F_O2I_SCT                                     110
+# define CT_F_O2I_SCT_LIST                                111
+# define CT_F_O2I_SCT_SIGNATURE                           112
+# define CT_F_SCT_CTX_NEW                                 126
+# define CT_F_SCT_CTX_VERIFY                              128
+# define CT_F_SCT_NEW                                     100
+# define CT_F_SCT_NEW_FROM_BASE64                         127
+# define CT_F_SCT_SET0_LOG_ID                             101
+# define CT_F_SCT_SET1_EXTENSIONS                         114
+# define CT_F_SCT_SET1_LOG_ID                             115
+# define CT_F_SCT_SET1_SIGNATURE                          116
+# define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
+# define CT_F_SCT_SET_SIGNATURE_NID                       103
+# define CT_F_SCT_SET_VERSION                             104
+
+/* Reason codes. */
+# define CT_R_BASE64_DECODE_ERROR                         108
+# define CT_R_INVALID_LOG_ID_LENGTH                       100
+# define CT_R_LOG_CONF_INVALID                            109
+# define CT_R_LOG_CONF_INVALID_KEY                        110
+# define CT_R_LOG_CONF_MISSING_DESCRIPTION                111
+# define CT_R_LOG_CONF_MISSING_KEY                        112
+# define CT_R_LOG_KEY_INVALID                             113
+# define CT_R_SCT_FUTURE_TIMESTAMP                        116
+# define CT_R_SCT_INVALID                                 104
+# define CT_R_SCT_INVALID_SIGNATURE                       107
+# define CT_R_SCT_LIST_INVALID                            105
+# define CT_R_SCT_LOG_ID_MISMATCH                         114
+# define CT_R_SCT_NOT_SET                                 106
+# define CT_R_SCT_UNSUPPORTED_VERSION                     115
+# define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
+# define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
+# define CT_R_UNSUPPORTED_VERSION                         103
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/des.h b/openssl-1.1.0h/include/openssl/des.h
new file mode 100644
index 0000000..be4abbd
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/des.h
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DES
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+
+typedef unsigned int DES_LONG;
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/*
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
+ * const_DES_cblock * are incompatible pointer types.
+ */
+
+typedef struct DES_ks {
+    union {
+        DES_cblock cblock;
+        /*
+         * make sure things are correct size on machines with 8 byte longs
+         */
+        DES_LONG deslong[2];
+    } ks[16];
+} DES_key_schedule;
+
+# define DES_KEY_SZ      (sizeof(DES_cblock))
+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+# define DES_ENCRYPT     1
+# define DES_DECRYPT     0
+
+# define DES_CBC_MODE    0
+# define DES_PCBC_MODE   1
+
+# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc);
+
+/*
+ * This is the DES encryption function that gets called by just about every
+ * other DES routine in the library.  You should not use this function except
+ * to implement 'modes' of DES.  I say this because the functions that call
+ * this routine do the conversion from 'char *' to long, and this needs to be
+ * done to make sure 'non-aligned' memory access do not occur.  The
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
+ * long's and ks is the DES_key_schedule to use.  enc, is non zero specifies
+ * encryption, zero if decryption.
+ */
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+/*
+ * This functions is the same as DES_encrypt1() except that the DES initial
+ * permutation (IP) and final permutation (FP) have been left out.  As for
+ * DES_encrypt1(), you should not use this function. It is used by the
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
+ * DES_encrypt1() DES_encrypt1() except faster :-).
+ */
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length,
+                          DES_key_schedule *ks1, DES_key_schedule *ks2,
+                          DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num);
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/*
+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise.
+ */
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num);
+
+# define DES_fixup_key_parity DES_set_odd_parity
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/dh.h b/openssl-1.1.0h/include/openssl/dh.h
new file mode 100644
index 0000000..fbd4790
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/dh.h
@@ -0,0 +1,361 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+#  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P     0x01
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DH_FLAG_FIPS_METHOD                     0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DH_FLAG_NON_FIPS_ALLOW                  0x0400
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+# define DH_GENERATOR_2          2
+/* #define DH_GENERATOR_3       3 */
+# define DH_GENERATOR_5          5
+
+/* DH_check error codes */
+# define DH_CHECK_P_NOT_PRIME            0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+# define DH_NOT_SUITABLE_GENERATOR       0x08
+# define DH_CHECK_Q_NOT_PRIME            0x10
+# define DH_CHECK_INVALID_Q_VALUE        0x20
+# define DH_CHECK_INVALID_J_VALUE        0x40
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE       0x02
+# define DH_CHECK_PUBKEY_INVALID         0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHxparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+
+DH *DHparams_dup(DH *);
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+                                              void (*callback) (int, int,
+                                                                void *),
+                                              void *cb_arg))
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+                              BN_GENCB *cb);
+
+int DH_check_params(const DH *dh, int *ret);
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+# ifndef OPENSSL_NO_CMS
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN  (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE          (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE               (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD                 (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD             (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN             (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN         (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM                (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM            (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID                (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID            (EVP_PKEY_ALG_CTRL + 14)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_DH_strings(void);
+
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+# define DH_F_COMPUTE_KEY                                 102
+# define DH_F_DHPARAMS_PRINT_FP                           101
+# define DH_F_DH_BUILTIN_GENPARAMS                        106
+# define DH_F_DH_CMS_DECRYPT                              114
+# define DH_F_DH_CMS_SET_PEERKEY                          115
+# define DH_F_DH_CMS_SET_SHARED_INFO                      116
+# define DH_F_DH_METH_DUP                                 117
+# define DH_F_DH_METH_NEW                                 118
+# define DH_F_DH_METH_SET1_NAME                           119
+# define DH_F_DH_NEW_METHOD                               105
+# define DH_F_DH_PARAM_DECODE                             107
+# define DH_F_DH_PRIV_DECODE                              110
+# define DH_F_DH_PRIV_ENCODE                              111
+# define DH_F_DH_PUB_DECODE                               108
+# define DH_F_DH_PUB_ENCODE                               109
+# define DH_F_DO_DH_PRINT                                 100
+# define DH_F_GENERATE_KEY                                103
+# define DH_F_PKEY_DH_DERIVE                              112
+# define DH_F_PKEY_DH_KEYGEN                              113
+
+/* Reason codes. */
+# define DH_R_BAD_GENERATOR                               101
+# define DH_R_BN_DECODE_ERROR                             109
+# define DH_R_BN_ERROR                                    106
+# define DH_R_DECODE_ERROR                                104
+# define DH_R_INVALID_PUBKEY                              102
+# define DH_R_KDF_PARAMETER_ERROR                         112
+# define DH_R_KEYS_NOT_SET                                108
+# define DH_R_MODULUS_TOO_LARGE                           103
+# define DH_R_NO_PARAMETERS_SET                           107
+# define DH_R_NO_PRIVATE_VALUE                            100
+# define DH_R_PARAMETER_ENCODING_ERROR                    105
+# define DH_R_PEER_KEY_ERROR                              111
+# define DH_R_SHARED_INFO_ERROR                           113
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/dsa.h b/openssl-1.1.0h/include/openssl/dsa.h
new file mode 100644
index 0000000..139718e
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/dsa.h
@@ -0,0 +1,283 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch@sheba.arc.nasa.gov>.
+ */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
+# include <openssl/bn.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/dh.h>
+# endif
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P   0x01
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DSA_FLAG_NO_EXP_CONSTTIME       0x00
+# endif
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+# define DSA_FLAG_FIPS_CHECKED                   0x0800
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st DSA_SIG;
+
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA *DSAparams_dup(DSA *x);
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+int DSA_bits(const DSA *d);
+int DSA_security_bits(const DSA *d);
+        /* next 4 return -1 on error */
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa);
+#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
+                                                unsigned char *seed,
+                                                int seed_len,
+                                                int *counter_ret,
+                                                unsigned long *h_ret, void
+                                                 (*callback) (int, int,
+                                                              void *),
+                                                void *cb_arg))
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 50
+/*
+ * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
+ * Rabin-Miller
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int , DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_DSA_strings(void);
+
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+# define DSA_F_DSAPARAMS_PRINT                            100
+# define DSA_F_DSAPARAMS_PRINT_FP                         101
+# define DSA_F_DSA_BUILTIN_PARAMGEN                       125
+# define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
+# define DSA_F_DSA_DO_SIGN                                112
+# define DSA_F_DSA_DO_VERIFY                              113
+# define DSA_F_DSA_METH_DUP                               127
+# define DSA_F_DSA_METH_NEW                               128
+# define DSA_F_DSA_METH_SET1_NAME                         129
+# define DSA_F_DSA_NEW_METHOD                             103
+# define DSA_F_DSA_PARAM_DECODE                           119
+# define DSA_F_DSA_PRINT_FP                               105
+# define DSA_F_DSA_PRIV_DECODE                            115
+# define DSA_F_DSA_PRIV_ENCODE                            116
+# define DSA_F_DSA_PUB_DECODE                             117
+# define DSA_F_DSA_PUB_ENCODE                             118
+# define DSA_F_DSA_SIGN                                   106
+# define DSA_F_DSA_SIGN_SETUP                             107
+# define DSA_F_DSA_SIG_NEW                                102
+# define DSA_F_OLD_DSA_PRIV_DECODE                        122
+# define DSA_F_PKEY_DSA_CTRL                              120
+# define DSA_F_PKEY_DSA_KEYGEN                            121
+
+/* Reason codes. */
+# define DSA_R_BAD_Q_VALUE                                102
+# define DSA_R_BN_DECODE_ERROR                            108
+# define DSA_R_BN_ERROR                                   109
+# define DSA_R_DECODE_ERROR                               104
+# define DSA_R_INVALID_DIGEST_TYPE                        106
+# define DSA_R_INVALID_PARAMETERS                         112
+# define DSA_R_MISSING_PARAMETERS                         101
+# define DSA_R_MODULUS_TOO_LARGE                          103
+# define DSA_R_NO_PARAMETERS_SET                          107
+# define DSA_R_PARAMETER_ENCODING_ERROR                   105
+# define DSA_R_Q_NOT_PRIME                                113
+# define DSA_R_SEED_LEN_SMALL                             110
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/dtls1.h b/openssl-1.1.0h/include/openssl/dtls1.h
new file mode 100644
index 0000000..f4769f8
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/dtls1.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS_MIN_VERSION                DTLS1_VERSION
+# define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
+
+# define DTLS1_BAD_VER                   0x0100
+
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION                0x1FFFF
+
+/* lengths of messages */
+# define DTLS1_COOKIE_LENGTH                     256
+
+# define DTLS1_RT_HEADER_LENGTH                  13
+
+# define DTLS1_HM_HEADER_LENGTH                  12
+
+# define DTLS1_HM_BAD_FRAGMENT                   -2
+# define DTLS1_HM_FRAGMENT_RETRY                 -3
+
+# define DTLS1_CCS_HEADER_LENGTH                  1
+
+# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+#  define DTLS1_AL_HEADER_LENGTH                   7
+# else
+#  define DTLS1_AL_HEADER_LENGTH                   2
+# endif
+
+
+/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+# define DTLS1_TMO_READ_COUNT                      2
+# define DTLS1_TMO_WRITE_COUNT                     2
+
+# define DTLS1_TMO_ALERT_COUNT                     12
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/e_os2.h b/openssl-1.1.0h/include/openssl/e_os2.h
new file mode 100644
index 0000000..9800e15
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/e_os2.h
@@ -0,0 +1,297 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+# include <openssl/opensslconf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYS_MSDOS)
+#  undef OPENSSL_SYS_UNIX
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+#  undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_UWIN
+# else
+#  if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
+#   define OPENSSL_SYS_WIN32_CYGWIN
+#  else
+#   if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN32)
+#     define OPENSSL_SYS_WIN32
+#    endif
+#   endif
+#   if defined(_WIN64) || defined(OPENSSL_SYS_WIN64)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN64)
+#     define OPENSSL_SYS_WIN64
+#    endif
+#   endif
+#   if defined(OPENSSL_SYS_WINNT)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#   if defined(OPENSSL_SYS_WINCE)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#  endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_SYS_MSDOS
+#   define OPENSSL_SYS_MSDOS
+#  endif
+# endif
+
+/*
+ * DLL settings.  This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_OPT_WINDLL
+#   if defined(_WINDLL)         /* This is used when building OpenSSL to
+                                 * indicate that DLL linkage should be used */
+#    define OPENSSL_OPT_WINDLL
+#   endif
+#  endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+#  if !defined(OPENSSL_SYS_VMS)
+#   undef OPENSSL_SYS_UNIX
+#  endif
+#  define OPENSSL_SYS_VMS
+#  if defined(__DECC)
+#   define OPENSSL_SYS_VMS_DECC
+#  elif defined(__DECCXX)
+#   define OPENSSL_SYS_VMS_DECC
+#   define OPENSSL_SYS_VMS_DECCXX
+#  else
+#   define OPENSSL_SYS_VMS_NODECC
+#  endif
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+#  if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX)
+#   define OPENSSL_SYS_LINUX
+#  endif
+#  if defined(_AIX) && !defined(OPENSSL_SYS_AIX)
+#   define OPENSSL_SYS_AIX
+#  endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS)
+#  define OPENSSL_SYS_VOS
+#  ifdef __HPPA__
+#   define OPENSSL_SYS_VOS_HPPA
+#  endif
+#  ifdef __IA32__
+#   define OPENSSL_SYS_VOS_IA32
+#  endif
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+#  define OPENSSL_UNISTD_IO <io.h>
+#  define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
+# endif
+
+/*-
+ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+ * certain global symbols that, with some compilers under VMS, have to be
+ * defined and declared explicitly with globaldef and globalref.
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+ * DLL exports and imports for compilers under Win32.  These are a little
+ * more complicated to use.  Basically, for any library that exports some
+ * global variables, the following code must be present in the header file
+ * that declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT, OPENSSL_EXTERN and OPENSSL_GLOBAL
+ * have some generally sensible values.
+ */
+
+# if defined(OPENSSL_SYS_VMS_NODECC)
+#  define OPENSSL_EXPORT globalref
+#  define OPENSSL_EXTERN globalref
+#  define OPENSSL_GLOBAL globaldef
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+#  define OPENSSL_EXPORT extern __declspec(dllexport)
+#  define OPENSSL_EXTERN extern __declspec(dllimport)
+#  define OPENSSL_GLOBAL
+# else
+#  define OPENSSL_EXPORT extern
+#  define OPENSSL_EXTERN extern
+#  define OPENSSL_GLOBAL
+# endif
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ *      // in foobar.c
+ *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ *      // in foobar.h
+ *      OPENSSL_DECLARE_GLOBAL(int,foobar);
+ *      #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
+        type *_shadow_##name(void)                                      \
+        { static type _hide_##name=value; return &_hide_##name; }
+#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
+#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+# ifdef _WIN32
+#  ifdef _WIN64
+#   define ossl_ssize_t __int64
+#   define OSSL_SSIZE_MAX _I64_MAX
+#  else
+#   define ossl_ssize_t int
+#   define OSSL_SSIZE_MAX INT_MAX
+#  endif
+# endif
+
+# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t)
+#  define ossl_ssize_t INTN
+#  define OSSL_SSIZE_MAX MAX_INTN
+# endif
+
+# ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#  if defined(SSIZE_MAX)
+#   define OSSL_SSIZE_MAX SSIZE_MAX
+#  elif defined(_POSIX_SSIZE_MAX)
+#   define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
+#  endif
+# endif
+
+# ifdef DEBUG_UNUSED
+#  define __owur __attribute__((__warn_unused_result__))
+# else
+#  define __owur
+# endif
+
+/* Standard integer types */
+# if defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     defined(__osf__) || defined(__sgi) || defined(__hpux) || \
+     defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
+#  include <inttypes.h>
+# elif defined(_MSC_VER) && _MSC_VER<=1500
+/*
+ * minimally required typdefs for systems not supporting inttypes.h or
+ * stdint.h: currently just older VC++
+ */
+typedef signed char int8_t;
+typedef unsigned char uint8_t;
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+# else
+#  include <stdint.h>
+# endif
+
+/* ossl_inline: portable inline definition usable in public headers */
+# if !defined(inline) && !defined(__cplusplus)
+#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+   /* just use inline */
+#   define ossl_inline inline
+#  elif defined(__GNUC__) && __GNUC__>=2
+#   define ossl_inline __inline__
+#  elif defined(_MSC_VER)
+  /*
+   * Visual Studio: inline is available in C++ only, however
+   * __inline is available for C, see
+   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+   */
+#   define ossl_inline __inline
+#  else
+#   define ossl_inline
+#  endif
+# else
+#  define ossl_inline inline
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#  define ossl_noreturn _Noreturn
+# elif defined(__GNUC__) && __GNUC__ >= 2
+#  define ossl_noreturn __attribute__((noreturn))
+# else
+#  define ossl_noreturn
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ebcdic.h b/openssl-1.1.0h/include/openssl/ebcdic.h
new file mode 100644
index 0000000..aa01285
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ebcdic.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EBCDIC_H
+# define HEADER_EBCDIC_H
+
+# include <stdlib.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Avoid name clashes with other applications */
+# define os_toascii   _openssl_os_toascii
+# define os_toebcdic  _openssl_os_toebcdic
+# define ebcdic2ascii _openssl_ebcdic2ascii
+# define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ec.h b/openssl-1.1.0h/include/openssl/ec.h
new file mode 100644
index 0000000..f06680a
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ec.h
@@ -0,0 +1,1576 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_EC_H
+# define HEADER_EC_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+# include <openssl/asn1.h>
+# include <openssl/symhacks.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_ECC_MAX_FIELD_BITS
+#  define OPENSSL_ECC_MAX_FIELD_BITS 661
+# endif
+
+/** Enum for the point conversion form as defined in X9.62 (ECDSA)
+ *  for the encoding of a elliptic curve point (x,y) */
+typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+    POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+typedef struct ec_method_st EC_METHOD;
+typedef struct ec_group_st EC_GROUP;
+typedef struct ec_point_st EC_POINT;
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+typedef struct ec_parameters_st ECPARAMETERS;
+
+/********************************************************************/
+/*               EC_METHODs for curves over GF(p)                   */
+/********************************************************************/
+
+/** Returns the basic GFp ec methods which provides the basis for the
+ *  optimized methods.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+
+/** Returns GFp methods using montgomery multiplication.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_mont_method(void);
+
+/** Returns GFp methods using optimized methods for NIST recommended curves
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nist_method(void);
+
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/** Returns 64-bit optimized methods for nistp224
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp224_method(void);
+
+/** Returns 64-bit optimized methods for nistp256
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp256_method(void);
+
+/** Returns 64-bit optimized methods for nistp521
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp521_method(void);
+# endif
+
+# ifndef OPENSSL_NO_EC2M
+/********************************************************************/
+/*           EC_METHOD for curves over GF(2^m)                      */
+/********************************************************************/
+
+/** Returns the basic GF2m ec method
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+# endif
+
+/********************************************************************/
+/*                   EC_GROUP functions                             */
+/********************************************************************/
+
+/** Creates a new EC_GROUP object
+ *  \param   meth  EC_METHOD to use
+ *  \return  newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+
+/** Frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be freed.
+ */
+void EC_GROUP_free(EC_GROUP *group);
+
+/** Clears and frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+void EC_GROUP_clear_free(EC_GROUP *group);
+
+/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
+ *  \param  dst  destination EC_GROUP object
+ *  \param  src  source EC_GROUP object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+
+/** Creates a new EC_GROUP object and copies the copies the content
+ *  form src to the newly created EC_KEY object
+ *  \param  src  source EC_GROUP object
+ *  \return newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+
+/** Sets the generator and it's order/cofactor of a EC_GROUP object.
+ *  \param  group      EC_GROUP object
+ *  \param  generator  EC_POINT object with the generator.
+ *  \param  order      the order of the group generated by the generator.
+ *  \param  cofactor   the index of the sub-group generated by the generator
+ *                     in the group of all points on the elliptic curve.
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor);
+
+/** Returns the generator of a EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return the currently used generator (possibly NULL).
+ */
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+/** Returns the montgomery data for order(Generator)
+ *  \param  group  EC_GROUP object
+ *  \return the currently used montgomery data (possibly NULL).
+*/
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
+
+/** Gets the order of a EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \param  order  BIGNUM to which the order is copied
+ *  \param  ctx    unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+
+/** Gets the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group order
+ */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
+/** Gets the number of bits of the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return number of bits of group order.
+ */
+int EC_GROUP_order_bits(const EC_GROUP *group);
+
+/** Gets the cofactor of a EC_GROUP
+ *  \param  group     EC_GROUP object
+ *  \param  cofactor  BIGNUM to which the cofactor is copied
+ *  \param  ctx       unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx);
+
+/** Gets the cofactor of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group cofactor
+ */
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+/** Sets the name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \param  nid    NID of the curve name OID
+ */
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+
+/** Returns the curve name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \return NID of the curve name OID or 0 if not set.
+ */
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx);
+
+/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the prime number
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the polynomial defining the underlying field
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx);
+
+/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the polynomial defining the underlying field
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                            BIGNUM *b, BN_CTX *ctx);
+# endif
+/** Returns the number of bits needed to represent a field element
+ *  \param  group  EC_GROUP object
+ *  \return number of bits needed to represent a field element
+ */
+int EC_GROUP_get_degree(const EC_GROUP *group);
+
+/** Checks whether the parameter in the EC_GROUP define a valid ec group
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if group is a valid ec group and 0 otherwise
+ */
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Checks whether the discriminant of the elliptic curve is zero or not
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the discriminant is not zero and 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Compares two EC_GROUP objects
+ *  \param  a    first EC_GROUP object
+ *  \param  b    second EC_GROUP object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 0 if the groups are equal, 1 if not, or -1 on error
+ */
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+/*
+ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after
+ * choosing an appropriate EC_METHOD
+ */
+
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
+ *  \param  p    BIGNUM with the prime number
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx);
+# ifndef OPENSSL_NO_EC2M
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
+ *  \param  p    BIGNUM with the polynomial defining the underlying field
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+# endif
+
+/** Creates a EC_GROUP object with a curve specified by a NID
+ *  \param  nid  NID of the OID of the curve name
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+/** Creates a new EC_GROUP object from an ECPARAMETERS object
+ *  \param  params  pointer to the ECPARAMETERS object
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
+
+/** Creates an ECPARAMETERS object for the the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPARAMETERS object or NULL
+ *  \return pointer to the new ECPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params);
+
+/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
+ *  \return newly created EC_GROUP object with specified curve, or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
+
+/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
+ *  \return pointer to the new ECPKPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params);
+
+/********************************************************************/
+/*               handling of internal curves                        */
+/********************************************************************/
+
+typedef struct {
+    int nid;
+    const char *comment;
+} EC_builtin_curve;
+
+/*
+ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
+ * available curves or zero if a error occurred. In case r is not zero,
+ * nitems EC_builtin_curve structures are filled with the data of the first
+ * nitems internal groups
+ */
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+const char *EC_curve_nid2nist(int nid);
+int EC_curve_nist2nid(const char *name);
+
+/********************************************************************/
+/*                    EC_POINT functions                            */
+/********************************************************************/
+
+/** Creates a new EC_POINT object for the specified EC_GROUP
+ *  \param  group  EC_GROUP the underlying EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+
+/** Frees a EC_POINT object
+ *  \param  point  EC_POINT object to be freed
+ */
+void EC_POINT_free(EC_POINT *point);
+
+/** Clears and frees a EC_POINT object
+ *  \param  point  EC_POINT object to be cleared and freed
+ */
+void EC_POINT_clear_free(EC_POINT *point);
+
+/** Copies EC_POINT object
+ *  \param  dst  destination EC_POINT object
+ *  \param  src  source EC_POINT object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+
+/** Creates a new EC_POINT object and copies the content of the supplied
+ *  EC_POINT
+ *  \param  src    source EC_POINT object
+ *  \param  group  underlying the EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+
+/** Returns the EC_METHOD used in EC_POINT object
+ *  \param  point  EC_POINT object
+ *  \return the EC_METHOD used
+ */
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+
+/** Sets a point to infinity (neutral element)
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT to set to infinity
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+
+/** Sets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  z      BIGNUM with the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Gets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  z      BIGNUM for the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *p, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Sets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, const BIGNUM *y,
+                                        BN_CTX *ctx);
+
+/** Gets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *p, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx);
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *p, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx);
+# ifndef OPENSSL_NO_EC2M
+/** Sets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+
+/** Gets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *p, BIGNUM *x,
+                                         BIGNUM *y, BN_CTX *ctx);
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *p, const BIGNUM *x,
+                                             int y_bit, BN_CTX *ctx);
+# endif
+/** Encodes a EC_POINT object to a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form,
+                          unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Decodes a EC_POINT from a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Encodes an EC_POINT object to an allocated octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+
+/* other interfaces to point2oct/oct2point: */
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+                          point_conversion_form_t form, BIGNUM *, BN_CTX *);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+                            EC_POINT *, BN_CTX *);
+char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, BN_CTX *);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+                             EC_POINT *, BN_CTX *);
+
+/********************************************************************/
+/*         functions for doing EC_POINT arithmetic                  */
+/********************************************************************/
+
+/** Computes the sum of two EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = a + b)
+ *  \param  a      EC_POINT object with the first summand
+ *  \param  b      EC_POINT object with the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx);
+
+/** Computes the double of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = 2 * a)
+ *  \param  a      EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx);
+
+/** Computes the inverse of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+
+/** Checks whether the point is the neutral element of the group
+ *  \param  group  the underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \return 1 if the point is the neutral element and 0 otherwise
+ */
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+
+/** Checks whether the point is on the curve
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object to check
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the point is on the curve, 0 if not, or -1 on error
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+/** Compares two EC_POINTs
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      first EC_POINT object
+ *  \param  b      second EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the points are not equal, 0 if they are, or -1 on error
+ */
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx);
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx);
+
+/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  num    number further summands
+ *  \param  p      array of size num of EC_POINT objects
+ *  \param  m      array of size num of BIGNUM objects
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                  size_t num, const EC_POINT *p[], const BIGNUM *m[],
+                  BN_CTX *ctx);
+
+/** Computes r = generator * n + q * m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  q      EC_POINT object with the first factor of the second summand
+ *  \param  m      BIGNUM with the second factor of the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+
+/** Stores multiples of generator for faster point multiplication
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+
+/** Reports whether a precomputation has been done
+ *  \param  group  EC_GROUP object
+ *  \return 1 if a pre-computation has been done and 0 otherwise
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+
+/********************************************************************/
+/*                       ASN1 stuff                                 */
+/********************************************************************/
+
+DECLARE_ASN1_ITEM(ECPKPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS)
+DECLARE_ASN1_ITEM(ECPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+/*
+ * EC_GROUP_get_basis_type() returns the NID of the basis type used to
+ * represent the field elements
+ */
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+# ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3);
+# endif
+
+# define OPENSSL_EC_EXPLICIT_CURVE  0x000
+# define OPENSSL_EC_NAMED_CURVE     0x001
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+
+# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
+# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
+# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
+                (unsigned char *)(x))
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+# endif
+
+/********************************************************************/
+/*                      EC_KEY functions                            */
+/********************************************************************/
+
+/* some values for the encoding_flag */
+# define EC_PKEY_NO_PARAMETERS   0x001
+# define EC_PKEY_NO_PUBKEY       0x002
+
+/* some values for the flags field */
+# define EC_FLAG_NON_FIPS_ALLOW  0x1
+# define EC_FLAG_FIPS_CHECKED    0x2
+# define EC_FLAG_COFACTOR_ECDH   0x1000
+
+/** Creates a new EC_KEY object.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new(void);
+
+int EC_KEY_get_flags(const EC_KEY *key);
+
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+
+/** Creates a new EC_KEY object using a named curve as underlying
+ *  EC_GROUP object.
+ *  \param  nid  NID of the named curve.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+
+/** Frees a EC_KEY object.
+ *  \param  key  EC_KEY object to be freed.
+ */
+void EC_KEY_free(EC_KEY *key);
+
+/** Copies a EC_KEY object.
+ *  \param  dst  destination EC_KEY object
+ *  \param  src  src EC_KEY object
+ *  \return dst or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+
+/** Creates a new EC_KEY object and copies the content from src to it.
+ *  \param  src  the source EC_KEY object
+ *  \return newly created EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+
+/** Increases the internal reference count of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_up_ref(EC_KEY *key);
+
+/** Returns the EC_GROUP object of a EC_KEY object
+ *  \param  key  EC_KEY object
+ *  \return the EC_GROUP object (possibly NULL).
+ */
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+
+/** Sets the EC_GROUP of a EC_KEY object.
+ *  \param  key    EC_KEY object
+ *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
+ *                 object will use an own copy of the EC_GROUP).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+
+/** Returns the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return a BIGNUM with the private key (possibly NULL).
+ */
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+
+/** Sets the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
+ *               will use an own copy of the BIGNUM).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+
+/** Returns the public key of a EC_KEY object.
+ *  \param  key  the EC_KEY object
+ *  \return a EC_POINT object with the public key (possibly NULL)
+ */
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+
+/** Sets the public key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
+ *               will use an own copy of the EC_POINT object).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+
+unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+
+#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+/* wrapper functions for the underlying EC_GROUP object */
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+
+/** Creates a table of pre-computed multiples of the generator to
+ *  accelerate further EC_KEY operations.
+ *  \param  key  EC_KEY object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+
+/** Creates a new ec private (and optional a new public) key.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_generate_key(EC_KEY *key);
+
+/** Verifies that a private and/or public key is valid.
+ *  \param  key  the EC_KEY object
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_check_key(const EC_KEY *key);
+
+/** Indicates if an EC_KEY can be used for signing.
+ *  \param  eckey  the EC_KEY object
+ *  \return 1 if can can sign and 0 otherwise.
+ */
+int EC_KEY_can_sign(const EC_KEY *eckey);
+
+/** Sets a public key from affine coordinates performing
+ *  necessary NIST PKV tests.
+ *  \param  key  the EC_KEY object
+ *  \param  x    public key x coordinate
+ *  \param  y    public key y coordinate
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y);
+
+/** Encodes an EC_KEY public key to an allocated octet string
+ *  \param  key    key to encode
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+/** Decodes a EC_KEY public key from a octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx);
+
+/** Decodes an EC_KEY private key from an octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded private key
+ *  \param  len    length of the encoded key
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+
+/** Encodes a EC_KEY private key to an octet string
+ *  \param  key    key to encode
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+
+size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+
+/** Encodes an EC_KEY private key to an allocated octet string
+ *  \param  eckey  key to encode
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+
+/********************************************************************/
+/*        de- and encoding functions for SEC1 ECPrivateKey          */
+/********************************************************************/
+
+/** Decodes a private key from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded private key
+ *  \param  len  length of the DER encoded private key
+ *  \return the decoded private key or NULL if an error occurred.
+ */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a private key object and stores the result in a buffer.
+ *  \param  key  the EC_KEY object to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*        de- and encoding functions for EC parameters              */
+/********************************************************************/
+
+/** Decodes ec parameter from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded ec parameters
+ *  \param  len  length of the DER encoded ec parameters
+ *  \return a EC_KEY object with the decoded parameters or NULL if an error
+ *          occurred.
+ */
+EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes ec parameter and stores the result in a buffer.
+ *  \param  key  the EC_KEY object with ec parameters to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*         de- and encoding functions for EC public key             */
+/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
+/********************************************************************/
+
+/** Decodes a ec public key from a octet string.
+ *  \param  key  a pointer to a EC_KEY object which should be used
+ *  \param  in   memory buffer with the encoded public key
+ *  \param  len  length of the encoded public key
+ *  \return EC_KEY object with decoded public key or NULL if an error
+ *          occurred.
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a ec public key in an octet string.
+ *  \param  key  the EC_KEY object with the public key
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred
+ */
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
+
+/** Prints out the ec parameters on human readable form.
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print(BIO *bp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
+
+# ifndef OPENSSL_NO_STDIO
+/** Prints out the ec parameters on human readable form.
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+
+# endif
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+EC_KEY *EC_KEY_new_method(ENGINE *engine);
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *ecdh,
+                     void *(*KDF) (const void *in, size_t inlen,
+                                   void *out, size_t *outlen));
+
+typedef struct ECDSA_SIG_st ECDSA_SIG;
+
+/** Allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_SIG_new(void);
+
+/** frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
+ */
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or 0
+ */
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)).
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
+ *  \param  len  length of the buffer
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
+ */
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+
+/** Accessor for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG pointer
+ *  \param  pr   pointer to BIGNUM pointer for r (may be NULL)
+ *  \param  ps   pointer to BIGNUM pointer for s (may be NULL)
+ */
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+
+/** Setter for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG pointer
+ *  \param  r    pointer to BIGNUM for r (may be NULL)
+ *  \param  s    pointer to BIGNUM for s (may be NULL)
+ */
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+/** Computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+
+/** Verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  sig       ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey);
+
+/** Precompute parts of the signing operation
+ *  \param  eckey  EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+/** Verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/** Returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
+ */
+int ECDSA_size(const EC_KEY *eckey);
+
+/********************************************************************/
+/*  EC_KEY_METHOD constructors, destructors, writers and accessors  */
+/********************************************************************/
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey));
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey));
+
+# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
+
+# ifndef __cplusplus
+#  if defined(__SUNPRO_C)
+#   if __SUNPRO_C >= 0x520
+#    pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+#   endif
+#  endif
+# endif
+
+# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                        EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen)
+
+# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p)
+
+# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p)
+
+# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_EC_PARAM_ENC                      (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_EC_KDF_TYPE                       (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_EC_KDF_MD                         (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_GET_EC_KDF_MD                     (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_EC_KDF_OUTLEN                     (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+/* KDF types */
+# define EVP_PKEY_ECDH_KDF_NONE                          1
+# define EVP_PKEY_ECDH_KDF_X9_62                         2
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_EC_strings(void);
+
+/* Error codes for the EC functions. */
+
+/* Function codes. */
+# define EC_F_BN_TO_FELEM                                 224
+# define EC_F_D2I_ECPARAMETERS                            144
+# define EC_F_D2I_ECPKPARAMETERS                          145
+# define EC_F_D2I_ECPRIVATEKEY                            146
+# define EC_F_DO_EC_KEY_PRINT                             221
+# define EC_F_ECDH_CMS_DECRYPT                            238
+# define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
+# define EC_F_ECDH_COMPUTE_KEY                            246
+# define EC_F_ECDH_SIMPLE_COMPUTE_KEY                     257
+# define EC_F_ECDSA_DO_SIGN_EX                            251
+# define EC_F_ECDSA_DO_VERIFY                             252
+# define EC_F_ECDSA_SIGN_EX                               254
+# define EC_F_ECDSA_SIGN_SETUP                            248
+# define EC_F_ECDSA_SIG_NEW                               265
+# define EC_F_ECDSA_VERIFY                                253
+# define EC_F_ECKEY_PARAM2TYPE                            223
+# define EC_F_ECKEY_PARAM_DECODE                          212
+# define EC_F_ECKEY_PRIV_DECODE                           213
+# define EC_F_ECKEY_PRIV_ENCODE                           214
+# define EC_F_ECKEY_PUB_DECODE                            215
+# define EC_F_ECKEY_PUB_ENCODE                            216
+# define EC_F_ECKEY_TYPE2PARAM                            220
+# define EC_F_ECPARAMETERS_PRINT                          147
+# define EC_F_ECPARAMETERS_PRINT_FP                       148
+# define EC_F_ECPKPARAMETERS_PRINT                        149
+# define EC_F_ECPKPARAMETERS_PRINT_FP                     150
+# define EC_F_ECP_NISTZ256_GET_AFFINE                     240
+# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
+# define EC_F_ECP_NISTZ256_POINTS_MUL                     241
+# define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
+# define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
+# define EC_F_ECX_KEY_OP                                  266
+# define EC_F_ECX_PRIV_ENCODE                             267
+# define EC_F_ECX_PUB_ENCODE                              268
+# define EC_F_EC_ASN1_GROUP2CURVE                         153
+# define EC_F_EC_ASN1_GROUP2FIELDID                       154
+# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
+# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
+# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
+# define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
+# define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
+# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
+# define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
+# define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+# define EC_F_EC_GFP_MONT_FIELD_MUL                       131
+# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
+# define EC_F_EC_GFP_MONT_FIELD_SQR                       132
+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
+# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
+# define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
+# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
+# define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
+# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
+# define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
+# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
+# define EC_F_EC_GFP_NIST_FIELD_MUL                       200
+# define EC_F_EC_GFP_NIST_FIELD_SQR                       201
+# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
+# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
+# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
+# define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
+# define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
+# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
+# define EC_F_EC_GROUP_CHECK                              170
+# define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
+# define EC_F_EC_GROUP_COPY                               106
+# define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
+# define EC_F_EC_GROUP_GET_CURVE_GFP                      130
+# define EC_F_EC_GROUP_GET_DEGREE                         173
+# define EC_F_EC_GROUP_GET_ECPARAMETERS                   261
+# define EC_F_EC_GROUP_GET_ECPKPARAMETERS                 262
+# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
+# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
+# define EC_F_EC_GROUP_NEW                                108
+# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
+# define EC_F_EC_GROUP_NEW_FROM_DATA                      175
+# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS              263
+# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS            264
+# define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
+# define EC_F_EC_GROUP_SET_CURVE_GFP                      109
+# define EC_F_EC_GROUP_SET_GENERATOR                      111
+# define EC_F_EC_KEY_CHECK_KEY                            177
+# define EC_F_EC_KEY_COPY                                 178
+# define EC_F_EC_KEY_GENERATE_KEY                         179
+# define EC_F_EC_KEY_NEW                                  182
+# define EC_F_EC_KEY_NEW_METHOD                           245
+# define EC_F_EC_KEY_OCT2PRIV                             255
+# define EC_F_EC_KEY_PRINT                                180
+# define EC_F_EC_KEY_PRINT_FP                             181
+# define EC_F_EC_KEY_PRIV2OCT                             256
+# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
+# define EC_F_EC_KEY_SIMPLE_CHECK_KEY                     258
+# define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
+# define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
+# define EC_F_EC_POINTS_MAKE_AFFINE                       136
+# define EC_F_EC_POINT_ADD                                112
+# define EC_F_EC_POINT_CMP                                113
+# define EC_F_EC_POINT_COPY                               114
+# define EC_F_EC_POINT_DBL                                115
+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
+# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
+# define EC_F_EC_POINT_INVERT                             210
+# define EC_F_EC_POINT_IS_AT_INFINITY                     118
+# define EC_F_EC_POINT_IS_ON_CURVE                        119
+# define EC_F_EC_POINT_MAKE_AFFINE                        120
+# define EC_F_EC_POINT_NEW                                121
+# define EC_F_EC_POINT_OCT2POINT                          122
+# define EC_F_EC_POINT_POINT2OCT                          123
+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
+# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
+# define EC_F_EC_POINT_SET_TO_INFINITY                    127
+# define EC_F_EC_PRE_COMP_NEW                             196
+# define EC_F_EC_WNAF_MUL                                 187
+# define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
+# define EC_F_I2D_ECPARAMETERS                            190
+# define EC_F_I2D_ECPKPARAMETERS                          191
+# define EC_F_I2D_ECPRIVATEKEY                            192
+# define EC_F_I2O_ECPUBLICKEY                             151
+# define EC_F_NISTP224_PRE_COMP_NEW                       227
+# define EC_F_NISTP256_PRE_COMP_NEW                       236
+# define EC_F_NISTP521_PRE_COMP_NEW                       237
+# define EC_F_O2I_ECPUBLICKEY                             152
+# define EC_F_OLD_EC_PRIV_DECODE                          222
+# define EC_F_OSSL_ECDH_COMPUTE_KEY                       247
+# define EC_F_OSSL_ECDSA_SIGN_SIG                         249
+# define EC_F_OSSL_ECDSA_VERIFY_SIG                       250
+# define EC_F_PKEY_ECX_DERIVE                             269
+# define EC_F_PKEY_EC_CTRL                                197
+# define EC_F_PKEY_EC_CTRL_STR                            198
+# define EC_F_PKEY_EC_DERIVE                              217
+# define EC_F_PKEY_EC_KEYGEN                              199
+# define EC_F_PKEY_EC_PARAMGEN                            219
+# define EC_F_PKEY_EC_SIGN                                218
+
+/* Reason codes. */
+# define EC_R_ASN1_ERROR                                  115
+# define EC_R_BAD_SIGNATURE                               156
+# define EC_R_BIGNUM_OUT_OF_RANGE                         144
+# define EC_R_BUFFER_TOO_SMALL                            100
+# define EC_R_COORDINATES_OUT_OF_RANGE                    146
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
+# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
+# define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+# define EC_R_DECODE_ERROR                                142
+# define EC_R_DISCRIMINANT_IS_ZERO                        118
+# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
+# define EC_R_FIELD_TOO_LARGE                             143
+# define EC_R_GF2M_NOT_SUPPORTED                          147
+# define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
+# define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
+# define EC_R_INCOMPATIBLE_OBJECTS                        101
+# define EC_R_INVALID_ARGUMENT                            112
+# define EC_R_INVALID_COMPRESSED_POINT                    110
+# define EC_R_INVALID_COMPRESSION_BIT                     109
+# define EC_R_INVALID_CURVE                               141
+# define EC_R_INVALID_DIGEST                              151
+# define EC_R_INVALID_DIGEST_TYPE                         138
+# define EC_R_INVALID_ENCODING                            102
+# define EC_R_INVALID_FIELD                               103
+# define EC_R_INVALID_FORM                                104
+# define EC_R_INVALID_GROUP_ORDER                         122
+# define EC_R_INVALID_KEY                                 116
+# define EC_R_INVALID_OUTPUT_LENGTH                       161
+# define EC_R_INVALID_PEER_KEY                            133
+# define EC_R_INVALID_PENTANOMIAL_BASIS                   132
+# define EC_R_INVALID_PRIVATE_KEY                         123
+# define EC_R_INVALID_TRINOMIAL_BASIS                     137
+# define EC_R_KDF_PARAMETER_ERROR                         148
+# define EC_R_KEYS_NOT_SET                                140
+# define EC_R_MISSING_PARAMETERS                          124
+# define EC_R_MISSING_PRIVATE_KEY                         125
+# define EC_R_NEED_NEW_SETUP_VALUES                       157
+# define EC_R_NOT_A_NIST_PRIME                            135
+# define EC_R_NOT_IMPLEMENTED                             126
+# define EC_R_NOT_INITIALIZED                             111
+# define EC_R_NO_PARAMETERS_SET                           139
+# define EC_R_NO_PRIVATE_VALUE                            154
+# define EC_R_OPERATION_NOT_SUPPORTED                     152
+# define EC_R_PASSED_NULL_PARAMETER                       134
+# define EC_R_PEER_KEY_ERROR                              149
+# define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
+# define EC_R_POINT_ARITHMETIC_FAILURE                    155
+# define EC_R_POINT_AT_INFINITY                           106
+# define EC_R_POINT_IS_NOT_ON_CURVE                       107
+# define EC_R_RANDOM_NUMBER_GENERATION_FAILED             158
+# define EC_R_SHARED_INFO_ERROR                           150
+# define EC_R_SLOT_FULL                                   108
+# define EC_R_UNDEFINED_GENERATOR                         113
+# define EC_R_UNDEFINED_ORDER                             128
+# define EC_R_UNKNOWN_GROUP                               129
+# define EC_R_UNKNOWN_ORDER                               114
+# define EC_R_UNSUPPORTED_FIELD                           131
+# define EC_R_WRONG_CURVE_PARAMETERS                      145
+# define EC_R_WRONG_ORDER                                 130
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ecdh.h b/openssl-1.1.0h/include/openssl/ecdh.h
new file mode 100644
index 0000000..681f3d5
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ecdh.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/openssl-1.1.0h/include/openssl/ecdsa.h b/openssl-1.1.0h/include/openssl/ecdsa.h
new file mode 100644
index 0000000..681f3d5
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ecdsa.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/openssl-1.1.0h/include/openssl/engine.h b/openssl-1.1.0h/include/openssl/engine.h
new file mode 100644
index 0000000..26cf714
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/engine.h
@@ -0,0 +1,840 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_H
+# define HEADER_ENGINE_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+#  include <openssl/ec.h>
+#  include <openssl/rand.h>
+#  include <openssl/ui.h>
+#  include <openssl/err.h>
+# endif
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/x509.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * These flags are used to control combinations of algorithm (methods) by
+ * bitwise "OR"ing.
+ */
+# define ENGINE_METHOD_RSA               (unsigned int)0x0001
+# define ENGINE_METHOD_DSA               (unsigned int)0x0002
+# define ENGINE_METHOD_DH                (unsigned int)0x0004
+# define ENGINE_METHOD_RAND              (unsigned int)0x0008
+# define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+# define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+# define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+# define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
+# define ENGINE_METHOD_EC                (unsigned int)0x0800
+/* Obvious all-or-nothing cases. */
+# define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+# define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/*
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised.
+ */
+# define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* Not used */
+/* #define ENGINE_FLAGS_MALLOCED        0x0001 */
+
+/*
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
+ * these control commands on behalf of the ENGINE using their "cmd_defns"
+ * data.
+ */
+# define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+
+/*
+ * This flag is for ENGINEs who return new duplicate structures when found
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
+ * process like key-generation setup and execution), it can set this flag -
+ * then each attempt to obtain the ENGINE will result in it being copied into
+ * a new structure. Normally, ENGINEs don't declare this flag so
+ * ENGINE_by_id() just increments the existing ENGINE's structural reference
+ * count.
+ */
+# define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+
+/*
+ * This flag if for an ENGINE that does not want its methods registered as
+ * part of ENGINE_register_all_complete() for example if the methods are not
+ * usable as default methods.
+ */
+
+# define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
+
+/*
+ * ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+ * each command expects. Currently only numeric and string input is
+ * supported. If a control command supports none of the _NUMERIC, _STRING, or
+ * _NO_INPUT options, then it is regarded as an "internal" control command -
+ * and not for use in config setting situations. As such, they're not
+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+ * access. Changes to this list of 'command types' should be reflected
+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+ */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+# define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+/*
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+ * to ENGINE_ctrl)
+ */
+# define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+/*
+ * Indicates that the control command takes *no* input. Ie. the control
+ * command is unparameterised.
+ */
+# define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+/*
+ * Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function.
+ */
+# define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+
+/*
+ * NB: These 3 control commands are deprecated and should not be used.
+ * ENGINEs relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate
+ * the same functionality to their own ENGINE-specific control functions that
+ * can be "discovered" by calling applications. The fact these control
+ * commands wouldn't be "executable" (ie. usable by text-based config)
+ * doesn't change the fact that application code can find and use them
+ * without requiring per-ENGINE hacking.
+ */
+
+/*
+ * These flags are used to tell the ctrl function what should be done. All
+ * command numbers are shared between all engines, even if some don't make
+ * sense to some engines.  In such a case, they do nothing but return the
+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+ */
+# define ENGINE_CTRL_SET_LOGSTREAM               1
+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+# define ENGINE_CTRL_HUP                         3/* Close and reinitialise
+                                                   * any handles/connections
+                                                   * etc. */
+# define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
+# define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
+                                                   * when calling the password
+                                                   * callback and the user
+                                                   * interface */
+# define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
+                                                   * given a string that
+                                                   * represents a file name
+                                                   * or so */
+# define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
+                                                   * section in the already
+                                                   * loaded configuration */
+
+/*
+ * These control commands allow an application to deal with an arbitrary
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+ * commands, including ENGINE-specific command types, return zero for an
+ * error. An ENGINE can choose to implement these ctrl functions, and can
+ * internally manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+ * ctrl() handler need only implement its own commands - the above "meta"
+ * commands will be taken care of.
+ */
+
+/*
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+ * then all the remaining control commands will return failure, so it is
+ * worth checking this first if the caller is trying to "discover" the
+ * engine's capabilities and doesn't want errors generated unnecessarily.
+ */
+# define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+/*
+ * Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported.
+ */
+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+/*
+ * The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more.
+ */
+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+/*
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it.
+ */
+# define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+/*
+ * The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the
+ * NAME_LEN case, the return value is the length of the command name (not
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+ * string buffer large enough, and it will be populated with the name of the
+ * command (WITH a trailing EOL).
+ */
+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+# define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+/* The next two are similar but give a "short description" of a command. */
+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+# define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+/*
+ * With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects.
+ */
+# define ENGINE_CTRL_GET_CMD_FLAGS               18
+
+/*
+ * ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+ */
+# define ENGINE_CMD_BASE                         200
+
+/*
+ * NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before
+ * these are removed.
+ */
+
+/* Flags specific to the nCipher "chil" engine */
+# define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /*
+         * Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+# define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /*
+         * This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library.
+         */
+
+/*
+ * If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
+ * described by the array). NB: The array must be ordered in increasing order
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+ * has cmd_num set to zero and/or cmd_name set to NULL.
+ */
+typedef struct ENGINE_CMD_DEFN_st {
+    unsigned int cmd_num;       /* The command number */
+    const char *cmd_name;       /* The command name itself */
+    const char *cmd_desc;       /* A short description of the command */
+    unsigned int cmd_flags;     /* The input the command expects */
+} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR) (void);
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+                                     void (*f) (void));
+/* Generic load_key function pointer */
+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+                                         UI_METHOD *ui_method,
+                                         void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+                                           STACK_OF(X509_NAME) *ca_dn,
+                                           X509 **pcert, EVP_PKEY **pkey,
+                                           STACK_OF(X509) **pother,
+                                           UI_METHOD *ui_method,
+                                           void *callback_data);
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/*
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
+ * second parameter is non-NULL it is set to the size of the returned array.
+ */
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+                                   const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+                                   int);
+typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
+                                      const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
+                                           const int **, int);
+/*
+ * STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference". This
+ * means that their reference is to allowed access to the structure but it
+ * does not imply that the structure is functional. To simply increment or
+ * decrement the structural reference count, use ENGINE_by_id and
+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+ * as it will automatically decrement the structural reference count of the
+ * "current" ENGINE and increment the structural reference count of the
+ * ENGINE it returns (unless it is NULL).
+ */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ENGINE_load_openssl() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
+# define ENGINE_load_dynamic() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  define ENGINE_load_padlock() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
+#  define ENGINE_load_capi() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
+#  define ENGINE_load_afalg() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
+# endif
+# define ENGINE_load_cryptodev() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
+# define ENGINE_load_rdrand() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
+#endif
+void ENGINE_load_builtin_engines(void);
+
+/*
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling.
+ */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required.
+ */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_EC(ENGINE *e);
+void ENGINE_unregister_EC(ENGINE *e);
+void ENGINE_register_all_EC(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
+
+/*
+ * These functions register all support from the above categories. Note, use
+ * of these functions can result in static linkage of code your application
+ * may not need. If you only need a subset of functionality, consider using
+ * more selective initialisation.
+ */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/*
+ * Send parametrised control commands to the engine. The possibilities to
+ * send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending on the
+ * command number. In actuality, this function only requires a structural
+ * (rather than functional) reference to an engine, but many control commands
+ * may require the engine be functional. The caller should be aware of trying
+ * commands that require an operational ENGINE, and only use functional
+ * references in such situations.
+ */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * This function tests if an ENGINE-specific command is usable as a
+ * "setting". Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+ */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/*
+ * This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+ * on how to use the cmd_name and cmd_optional.
+ */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional);
+
+/*
+ * This function passes a command-name and argument to an ENGINE. The
+ * cmd_name is converted to a command number and the control command is
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
+ * a command, in which case no control command is called). The command is
+ * checked for input flags, and if necessary the argument will be converted
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+ * doesn't support the given cmd_name the return value will be success
+ * anyway. This function is intended for applications to use so that users
+ * (or config files) can supply engine-specific config data to the ENGINE at
+ * run-time to control behaviour of specific engines. As such, it shouldn't
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
+ * binary data, or that are otherwise supposed to be used directly through
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+ * operation in this function will be lost - the return value is interpreted
+ * as failure if the return value is zero, success otherwise, and this
+ * function returns a boolean value as a result. In other words, vendors of
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
+ * applications can work consistently with the same configuration for the
+ * same ENGINE-enabled devices, across applications.
+ */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional);
+
+/*
+ * These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an
+ * ENGINE structure with personalised implementations of things prior to
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+ * These are also here so that the ENGINE structure doesn't have to be
+ * exposed and break binary compatibility!
+ */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions allow control over any per-structure ENGINE data. */
+#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef)
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function previously cleaned up anything that needs it. Auto-deinit will
+ * now take care of it so it is no longer required to call this function.
+ */
+# define ENGINE_cleanup() while(0) continue
+#endif
+
+/*
+ * These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic!
+ */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+
+/*
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
+ * have (or will) be initialised for use. Broadly speaking, the structural
+ * functions are useful for iterating the list of available engine types,
+ * creating new engine types, and other "list" operations. These functions
+ * actually deal with ENGINEs that are to be used. As such these functions
+ * can fail (if applicable) when particular engines are unavailable - eg. if
+ * a hardware accelerator is not attached or not functioning correctly. Each
+ * ENGINE has 2 reference counts; structural and functional. Every time a
+ * functional reference is obtained or released, a corresponding structural
+ * reference is automatically obtained or released too.
+ */
+
+/*
+ * Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently operational
+ * and cannot initialise.
+ */
+int ENGINE_init(ENGINE *e);
+/*
+ * Free a functional reference to a engine type. This does not require a
+ * corresponding call to ENGINE_free as it also releases a structural
+ * reference.
+ */
+int ENGINE_finish(ENGINE *e);
+
+/*
+ * The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever.
+ */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data);
+
+/*
+ * This returns a pointer for the current ENGINE structure that is (by
+ * default) performing any RSA operations. The value returned is an
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
+ * discarded.
+ */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_EC(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/*
+ * These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid".
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
+
+/*
+ * This sets a new default ENGINE structure for performing RSA operations. If
+ * the result is non-zero (success) then the ENGINE structure will have had
+ * its reference count up'd so the caller should still free their own
+ * reference 'e'.
+ */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_EC(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
+
+/*
+ * The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions.
+ */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
+/*
+ * Binary versions older than this are too old for us (whether we're a loader
+ * or a loadee)
+ */
+# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000
+
+/*
+ * When compiling an ENGINE entirely as an external shared library, loadable
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+ * structure type provides the calling application's (or library's) error
+ * functionality and memory management function pointers to the loaded
+ * library. These should be used/set in the loaded library code so that the
+ * loading application's 'state' will be used/changed in all operations. The
+ * 'static_state' pointer allows the loaded library to know if it shares the
+ * same static data as the calling application (or library), and thus whether
+ * these callbacks need to be set or not.
+ */
+typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int);
+typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int);
+typedef void (*dyn_MEM_free_fn) (void *, const char *, int);
+typedef struct st_dynamic_MEM_fns {
+    dyn_MEM_malloc_fn malloc_fn;
+    dyn_MEM_realloc_fn realloc_fn;
+    dyn_MEM_free_fn free_fn;
+} dynamic_MEM_fns;
+/*
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+ * use these types so we (and any other dependent code) can simplify a bit??
+ */
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+    void *static_state;
+    dynamic_MEM_fns mem_fns;
+} dynamic_fns;
+
+/*
+ * The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+ * code. If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's
+ * version is unsatisfactory and could veto the load. The function is
+ * expected to be implemented with the symbol name "v_check", and a default
+ * implementation can be fully instantiated with
+ * IMPLEMENT_DYNAMIC_CHECK_FN().
+ */
+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+                if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                return 0; }
+
+/*
+ * This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+ * the structure, and (c) the shared library will be unloaded. So
+ * implementations should do their own internal cleanup in failure
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
+ * the shared library can choose to return failure or to initialise a
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+ * ENGINE matching the passed 'id'. The function is expected to be
+ * implemented with the symbol name "bind_engine". A standard implementation
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+ * 'fn' is a callback function that populates the ENGINE structure and
+ * returns an int value (zero for failure). 'fn' should have prototype;
+ * [static] int fn(ENGINE *e, const char *id);
+ */
+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+                                    const dynamic_fns *fns);
+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+            if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+            CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+                                     fns->mem_fns.realloc_fn, \
+                                     fns->mem_fns.free_fn); \
+        skip_cbs: \
+            if (!fn(e, id)) return 0; \
+            return 1; }
+
+/*
+ * If the loading application (or library) and the loaded ENGINE library
+ * share the same static data (eg. they're both dynamically linked to the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+ * this would fail, and for the same reason that it's unnecessary to try. If
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
+ * the libcrypto static data, we will need to set the callbacks. The easiest
+ * way to detect this is to have a function that returns a pointer to some
+ * static data and let the loading application and loaded ENGINE compare
+ * their respective values.
+ */
+void *ENGINE_get_static_state(void);
+
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+# define ENGINE_F_DYNAMIC_CTRL                            180
+# define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+# define ENGINE_F_DYNAMIC_LOAD                            182
+# define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
+# define ENGINE_F_ENGINE_ADD                              105
+# define ENGINE_F_ENGINE_BY_ID                            106
+# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+# define ENGINE_F_ENGINE_CTRL                             142
+# define ENGINE_F_ENGINE_CTRL_CMD                         178
+# define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+# define ENGINE_F_ENGINE_FINISH                           107
+# define ENGINE_F_ENGINE_GET_CIPHER                       185
+# define ENGINE_F_ENGINE_GET_DIGEST                       186
+# define ENGINE_F_ENGINE_GET_FIRST                        195
+# define ENGINE_F_ENGINE_GET_LAST                         196
+# define ENGINE_F_ENGINE_GET_NEXT                         115
+# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+# define ENGINE_F_ENGINE_GET_PKEY_METH                    192
+# define ENGINE_F_ENGINE_GET_PREV                         116
+# define ENGINE_F_ENGINE_INIT                             119
+# define ENGINE_F_ENGINE_LIST_ADD                         120
+# define ENGINE_F_ENGINE_LIST_REMOVE                      121
+# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
+# define ENGINE_F_ENGINE_NEW                              122
+# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR               197
+# define ENGINE_F_ENGINE_REMOVE                           123
+# define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+# define ENGINE_F_ENGINE_SET_ID                           129
+# define ENGINE_F_ENGINE_SET_NAME                         130
+# define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+# define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
+# define ENGINE_F_ENGINE_UP_REF                           190
+# define ENGINE_F_INT_CTRL_HELPER                         172
+# define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+# define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
+
+/* Reason codes. */
+# define ENGINE_R_ALREADY_LOADED                          100
+# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+# define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+# define ENGINE_R_COMMAND_TAKES_INPUT                     135
+# define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+# define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+# define ENGINE_R_DSO_FAILURE                             104
+# define ENGINE_R_DSO_NOT_FOUND                           132
+# define ENGINE_R_ENGINES_SECTION_ERROR                   148
+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
+# define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+# define ENGINE_R_ENGINE_SECTION_ERROR                    149
+# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+# define ENGINE_R_FINISH_FAILED                           106
+# define ENGINE_R_ID_OR_NAME_MISSING                      108
+# define ENGINE_R_INIT_FAILED                             109
+# define ENGINE_R_INTERNAL_LIST_ERROR                     110
+# define ENGINE_R_INVALID_ARGUMENT                        143
+# define ENGINE_R_INVALID_CMD_NAME                        137
+# define ENGINE_R_INVALID_CMD_NUMBER                      138
+# define ENGINE_R_INVALID_INIT_VALUE                      151
+# define ENGINE_R_INVALID_STRING                          150
+# define ENGINE_R_NOT_INITIALISED                         117
+# define ENGINE_R_NOT_LOADED                              112
+# define ENGINE_R_NO_CONTROL_FUNCTION                     120
+# define ENGINE_R_NO_INDEX                                144
+# define ENGINE_R_NO_LOAD_FUNCTION                        125
+# define ENGINE_R_NO_REFERENCE                            130
+# define ENGINE_R_NO_SUCH_ENGINE                          116
+# define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+# define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
+# define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/err.h b/openssl-1.1.0h/include/openssl/err.h
new file mode 100644
index 0000000..29a261c
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/err.h
@@ -0,0 +1,260 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ERR_H
+# define HEADER_ERR_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+#  include <stdlib.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_NO_ERR
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+# else
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+# endif
+
+# include <errno.h>
+
+# define ERR_TXT_MALLOCED        0x01
+# define ERR_TXT_STRING          0x02
+
+# define ERR_FLAG_MARK           0x01
+
+# define ERR_NUM_ERRORS  16
+typedef struct err_state_st {
+    int err_flags[ERR_NUM_ERRORS];
+    unsigned long err_buffer[ERR_NUM_ERRORS];
+    char *err_data[ERR_NUM_ERRORS];
+    int err_data_flags[ERR_NUM_ERRORS];
+    const char *err_file[ERR_NUM_ERRORS];
+    int err_line[ERR_NUM_ERRORS];
+    int top, bottom;
+} ERR_STATE;
+
+/* library */
+# define ERR_LIB_NONE            1
+# define ERR_LIB_SYS             2
+# define ERR_LIB_BN              3
+# define ERR_LIB_RSA             4
+# define ERR_LIB_DH              5
+# define ERR_LIB_EVP             6
+# define ERR_LIB_BUF             7
+# define ERR_LIB_OBJ             8
+# define ERR_LIB_PEM             9
+# define ERR_LIB_DSA             10
+# define ERR_LIB_X509            11
+/* #define ERR_LIB_METH         12 */
+# define ERR_LIB_ASN1            13
+# define ERR_LIB_CONF            14
+# define ERR_LIB_CRYPTO          15
+# define ERR_LIB_EC              16
+# define ERR_LIB_SSL             20
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
+# define ERR_LIB_BIO             32
+# define ERR_LIB_PKCS7           33
+# define ERR_LIB_X509V3          34
+# define ERR_LIB_PKCS12          35
+# define ERR_LIB_RAND            36
+# define ERR_LIB_DSO             37
+# define ERR_LIB_ENGINE          38
+# define ERR_LIB_OCSP            39
+# define ERR_LIB_UI              40
+# define ERR_LIB_COMP            41
+# define ERR_LIB_ECDSA           42
+# define ERR_LIB_ECDH            43
+# define ERR_LIB_STORE           44
+# define ERR_LIB_FIPS            45
+# define ERR_LIB_CMS             46
+# define ERR_LIB_TS              47
+# define ERR_LIB_HMAC            48
+/* # define ERR_LIB_JPAKE       49 */
+# define ERR_LIB_CT              50
+# define ERR_LIB_ASYNC           51
+# define ERR_LIB_KDF             52
+
+# define ERR_LIB_USER            128
+
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+# define ERR_PACK(l,f,r) ( \
+        (((unsigned int)(l) & 0x0FF) << 24L) | \
+        (((unsigned int)(f) & 0xFFF) << 12L) | \
+        (((unsigned int)(r) & 0xFFF)       ) )
+# define ERR_GET_LIB(l)          (int)(((l) >> 24L) & 0x0FFL)
+# define ERR_GET_FUNC(l)         (int)(((l) >> 12L) & 0xFFFL)
+# define ERR_GET_REASON(l)       (int)( (l)         & 0xFFFL)
+# define ERR_FATAL_ERROR(l)      (int)( (l)         & ERR_R_FATAL)
+
+/* OS functions */
+# define SYS_F_FOPEN             1
+# define SYS_F_CONNECT           2
+# define SYS_F_GETSERVBYNAME     3
+# define SYS_F_SOCKET            4
+# define SYS_F_IOCTLSOCKET       5
+# define SYS_F_BIND              6
+# define SYS_F_LISTEN            7
+# define SYS_F_ACCEPT            8
+# define SYS_F_WSASTARTUP        9/* Winsock stuff */
+# define SYS_F_OPENDIR           10
+# define SYS_F_FREAD             11
+# define SYS_F_GETADDRINFO       12
+# define SYS_F_GETNAMEINFO       13
+# define SYS_F_SETSOCKOPT        14
+# define SYS_F_GETSOCKOPT        15
+# define SYS_F_GETSOCKNAME       16
+# define SYS_F_GETHOSTBYNAME     17
+# define SYS_F_FFLUSH            18
+
+/* reasons */
+# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
+# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
+# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
+# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
+# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
+# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
+# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
+# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
+# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
+# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
+# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
+# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
+# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
+
+# define ERR_R_NESTED_ASN1_ERROR                 58
+# define ERR_R_MISSING_ASN1_EOS                  63
+
+/* fatal error */
+# define ERR_R_FATAL                             64
+# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
+# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
+
+/*
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
+ * the individual libraries
+ */
+
+typedef struct ERR_string_data_st {
+    unsigned long error;
+    const char *string;
+} ERR_STRING_DATA;
+
+DEFINE_LHASH_OF(ERR_STRING_DATA);
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+void ERR_set_error_data(char *data, int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+void ERR_clear_error(void);
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u);
+# ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp);
+# endif
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
+int ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+int ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
+int ERR_load_ERR_strings(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ERR_load_crypto_strings() \
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# define ERR_free_strings() while(0) continue
+#endif
+
+DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
+ERR_STATE *ERR_get_state(void);
+
+int ERR_get_next_error_library(void);
+
+int ERR_set_mark(void);
+int ERR_pop_to_mark(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/evp.h b/openssl-1.1.0h/include/openssl/evp.h
new file mode 100644
index 0000000..43c97a7
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/evp.h
@@ -0,0 +1,1597 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENVELOPE_H
+# define HEADER_ENVELOPE_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/bio.h>
+
+# define EVP_MAX_MD_SIZE                 64/* longest known is SHA512 */
+# define EVP_MAX_KEY_LENGTH              64
+# define EVP_MAX_IV_LENGTH               16
+# define EVP_MAX_BLOCK_LENGTH            32
+
+# define PKCS5_SALT_LEN                  8
+/* Default PKCS#5 iteration count */
+# define PKCS5_DEFAULT_ITER              2048
+
+# include <openssl/objects.h>
+
+# define EVP_PK_RSA      0x0001
+# define EVP_PK_DSA      0x0002
+# define EVP_PK_DH       0x0004
+# define EVP_PK_EC       0x0008
+# define EVP_PKT_SIGN    0x0010
+# define EVP_PKT_ENC     0x0020
+# define EVP_PKT_EXCH    0x0040
+# define EVP_PKS_RSA     0x0100
+# define EVP_PKS_DSA     0x0200
+# define EVP_PKS_EC      0x0400
+
+# define EVP_PKEY_NONE   NID_undef
+# define EVP_PKEY_RSA    NID_rsaEncryption
+# define EVP_PKEY_RSA2   NID_rsa
+# define EVP_PKEY_DSA    NID_dsa
+# define EVP_PKEY_DSA1   NID_dsa_2
+# define EVP_PKEY_DSA2   NID_dsaWithSHA
+# define EVP_PKEY_DSA3   NID_dsaWithSHA1
+# define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
+# define EVP_PKEY_DH     NID_dhKeyAgreement
+# define EVP_PKEY_DHX    NID_dhpublicnumber
+# define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_HMAC   NID_hmac
+# define EVP_PKEY_CMAC   NID_cmac
+# define EVP_PKEY_TLS1_PRF NID_tls1_prf
+# define EVP_PKEY_HKDF   NID_hkdf
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_MO_SIGN        0x0001
+# define EVP_PKEY_MO_VERIFY      0x0002
+# define EVP_PKEY_MO_ENCRYPT     0x0004
+# define EVP_PKEY_MO_DECRYPT     0x0008
+
+# ifndef EVP_MD
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+void EVP_MD_meth_free(EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
+
+/* digest can only handle a single block */
+#  define EVP_MD_FLAG_ONESHOT     0x0001
+
+/* DigestAlgorithmIdentifier flags... */
+
+#  define EVP_MD_FLAG_DIGALGID_MASK               0x0018
+
+/* NULL or absent parameter accepted. Use NULL */
+
+#  define EVP_MD_FLAG_DIGALGID_NULL               0x0000
+
+/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
+
+#  define EVP_MD_FLAG_DIGALGID_ABSENT             0x0008
+
+/* Custom handling via ctrl */
+
+#  define EVP_MD_FLAG_DIGALGID_CUSTOM             0x0018
+
+/* Note if suitable for use in FIPS mode */
+#  define EVP_MD_FLAG_FIPS        0x0400
+
+/* Digest ctrls */
+
+#  define EVP_MD_CTRL_DIGALGID                    0x1
+#  define EVP_MD_CTRL_MICALG                      0x2
+
+/* Minimum Algorithm specific ctrl value */
+
+#  define EVP_MD_CTRL_ALG_CTRL                    0x1000
+
+# endif                         /* !EVP_MD */
+
+/* values for EVP_MD_CTX flags */
+
+# define EVP_MD_CTX_FLAG_ONESHOT         0x0001/* digest update will be
+                                                * called once only */
+# define EVP_MD_CTX_FLAG_CLEANED         0x0002/* context has already been
+                                                * cleaned */
+# define EVP_MD_CTX_FLAG_REUSE           0x0004/* Don't free up ctx->md_data
+                                                * in EVP_MD_CTX_reset */
+/*
+ * FIPS and pad options are ignored in 1.0.0, definitions are here so we
+ * don't accidentally reuse the values for other purposes.
+ */
+
+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008/* Allow use of non FIPS
+                                                * digest in FIPS mode */
+
+/*
+ * The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
+# define EVP_MD_CTX_FLAG_PAD_MASK        0xF0/* RSA mode to use */
+# define EVP_MD_CTX_FLAG_PAD_PKCS1       0x00/* PKCS#1 v1.5 mode */
+# define EVP_MD_CTX_FLAG_PAD_X931        0x10/* X9.31 mode */
+# define EVP_MD_CTX_FLAG_PAD_PSS         0x20/* PSS mode */
+
+# define EVP_MD_CTX_FLAG_NO_INIT         0x0100/* Don't initialize md_data */
+/*
+ * Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+# define EVP_MD_CTX_FLAG_FINALISE        0x0200
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+# define         EVP_CIPH_STREAM_CIPHER          0x0
+# define         EVP_CIPH_ECB_MODE               0x1
+# define         EVP_CIPH_CBC_MODE               0x2
+# define         EVP_CIPH_CFB_MODE               0x3
+# define         EVP_CIPH_OFB_MODE               0x4
+# define         EVP_CIPH_CTR_MODE               0x5
+# define         EVP_CIPH_GCM_MODE               0x6
+# define         EVP_CIPH_CCM_MODE               0x7
+# define         EVP_CIPH_XTS_MODE               0x10001
+# define         EVP_CIPH_WRAP_MODE              0x10002
+# define         EVP_CIPH_OCB_MODE               0x10003
+# define         EVP_CIPH_MODE                   0xF0007
+/* Set if variable length cipher */
+# define         EVP_CIPH_VARIABLE_LENGTH        0x8
+/* Set if the iv handling should be done by the cipher itself */
+# define         EVP_CIPH_CUSTOM_IV              0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+# define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
+/* Call ctrl() to init cipher parameters */
+# define         EVP_CIPH_CTRL_INIT              0x40
+/* Don't use standard key length function */
+# define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
+/* Don't use standard block padding */
+# define         EVP_CIPH_NO_PADDING             0x100
+/* cipher handles random key generation */
+# define         EVP_CIPH_RAND_KEY               0x200
+/* cipher has its own additional copying logic */
+# define         EVP_CIPH_CUSTOM_COPY            0x400
+/* Allow use default ASN1 get/set iv */
+# define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+# define         EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+# define         EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+# define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/*
+ * Cipher handles any and all padding logic as well as finalisation.
+ */
+# define         EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+# define         EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+# define         EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+/* Cipher can handle pipeline operations */
+# define         EVP_CIPH_FLAG_PIPELINE          0X800000
+
+/*
+ * Cipher context flag to indicate we can handle wrap mode: if allowed in
+ * older applications it could overflow buffers.
+ */
+
+# define         EVP_CIPHER_CTX_FLAG_WRAP_ALLOW  0x1
+
+/* ctrl() values */
+
+# define         EVP_CTRL_INIT                   0x0
+# define         EVP_CTRL_SET_KEY_LENGTH         0x1
+# define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
+# define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
+# define         EVP_CTRL_GET_RC5_ROUNDS         0x4
+# define         EVP_CTRL_SET_RC5_ROUNDS         0x5
+# define         EVP_CTRL_RAND_KEY               0x6
+# define         EVP_CTRL_PBE_PRF_NID            0x7
+# define         EVP_CTRL_COPY                   0x8
+# define         EVP_CTRL_AEAD_SET_IVLEN         0x9
+# define         EVP_CTRL_AEAD_GET_TAG           0x10
+# define         EVP_CTRL_AEAD_SET_TAG           0x11
+# define         EVP_CTRL_AEAD_SET_IV_FIXED      0x12
+# define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_GCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_GCM_IV_GEN             0x13
+# define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_CCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_CCM_SET_L              0x14
+# define         EVP_CTRL_CCM_SET_MSGLEN         0x15
+/*
+ * AEAD cipher deduces payload length and returns number of bytes required to
+ * store MAC and eventual padding. Subsequent call to EVP_Cipher even
+ * appends/verifies MAC.
+ */
+# define         EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+# define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+# define         EVP_CTRL_GCM_SET_IV_INV         0x18
+
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
+
+# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define         EVP_CTRL_SET_SBOX                       0x1e
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define         EVP_CTRL_SBOX_USED                      0x1f
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define         EVP_CTRL_KEY_MESH                       0x20
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define         EVP_CTRL_BLOCK_PADDING_MODE             0x21
+
+/* Set the output buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS       0x22
+/* Set the input buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_BUFS        0x23
+/* Set the input buffer lengths to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7       1
+#define EVP_PADDING_ISO7816_4   2
+#define EVP_PADDING_ANSI923     3
+#define EVP_PADDING_ISO10126    4
+#define EVP_PADDING_ZERO        5
+
+/* RFC 5246 defines additional data to be 13 bytes in length */
+# define         EVP_AEAD_TLS1_AAD_LEN           13
+
+typedef struct {
+    unsigned char *out;
+    const unsigned char *inp;
+    size_t len;
+    unsigned int interleave;
+} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_GCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_GCM_TLS_EXPLICIT_IV_LEN                     8
+/* Length of tag for TLS */
+# define EVP_GCM_TLS_TAG_LEN                             16
+
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN                     8
+
+typedef struct evp_cipher_info_st {
+    const EVP_CIPHER *cipher;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+} EVP_CIPHER_INFO;
+
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
+                              int passlen, ASN1_TYPE *param,
+                              const EVP_CIPHER *cipher, const EVP_MD *md,
+                              int en_de);
+
+# ifndef OPENSSL_NO_RSA
+#  define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+# endif
+
+# ifndef OPENSSL_NO_DSA
+#  define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+                                        (char *)(dsa))
+# endif
+
+# ifndef OPENSSL_NO_DH
+#  define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+                                        (char *)(dh))
+# endif
+
+# ifndef OPENSSL_NO_EC
+#  define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
+                                        (char *)(eckey))
+# endif
+
+/* Add some extra combinations */
+# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+int EVP_MD_type(const EVP_MD *md);
+# define EVP_MD_nid(e)                   EVP_MD_type(e)
+# define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
+# define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+# define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_flags(c)       EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
+# endif
+# define EVP_CIPHER_CTX_mode(c)         EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
+
+# define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
+# define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+
+# define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
+# define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
+# define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
+# define EVP_VerifyInit_ex(a,b,c)        EVP_DigestInit_ex(a,b,c)
+# define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
+# define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
+# define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
+# define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)
+# define EVP_DigestSignUpdate(a,b,c)     EVP_DigestUpdate(a,b,c)
+# define EVP_DigestVerifyUpdate(a,b,c)   EVP_DigestUpdate(a,b,c)
+
+# ifdef CONST_STRICT
+void BIO_set_md(BIO *, const EVP_MD *md);
+# else
+#  define BIO_set_md(b,md)               BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+# endif
+# define BIO_get_md(b,mdp)               BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
+# define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+# define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
+# define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+# define BIO_get_cipher_ctx(b,c_pp)      BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
+
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+                          unsigned char *out,
+                          const unsigned char *in, unsigned int inl);
+
+# define EVP_add_cipher_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_add_digest_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_delete_cipher_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+# define EVP_delete_digest_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_create()     EVP_MD_CTX_new()
+# define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))
+# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+                                 ENGINE *impl);
+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+                                size_t cnt);
+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+                                  unsigned int *s);
+__owur int EVP_Digest(const void *data, size_t count,
+                          unsigned char *md, unsigned int *size,
+                          const EVP_MD *type, ENGINE *impl);
+
+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+                           unsigned int *s);
+
+#ifndef OPENSSL_NO_UI
+int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
+int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
+                           const char *prompt, int verify);
+void EVP_set_pw_prompt(const char *prompt);
+char *EVP_get_pw_prompt(void);
+#endif
+
+__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                          const unsigned char *salt,
+                          const unsigned char *data, int datal, int count,
+                          unsigned char *key, unsigned char *iv);
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
+
+__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                   int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                int *outl);
+
+__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                            int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                                   int *outl);
+
+__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                          const unsigned char *key, const unsigned char *iv,
+                          int enc);
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+                                 const EVP_CIPHER *cipher, ENGINE *impl,
+                                 const unsigned char *key,
+                                 const unsigned char *iv, int enc);
+__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            int *outl, const unsigned char *in, int inl);
+__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                           int *outl);
+__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                              int *outl);
+
+__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                         EVP_PKEY *pkey);
+
+__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                           unsigned int siglen, EVP_PKEY *pkey);
+
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                  const EVP_MD *type, ENGINE *e,
+                                  EVP_PKEY *pkey);
+__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                               size_t *siglen);
+
+__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                const EVP_MD *type, ENGINE *e,
+                                EVP_PKEY *pkey);
+__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                 size_t siglen);
+
+# ifndef OPENSSL_NO_RSA
+__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        const unsigned char *ek, int ekl,
+                        const unsigned char *iv, EVP_PKEY *priv);
+__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        unsigned char **ek, int *ekl, unsigned char *iv,
+                        EVP_PKEY **pubk, int npubk);
+__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+# endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                    char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_init(c)      EVP_CIPHER_CTX_reset(c)
+#  define EVP_CIPHER_CTX_cleanup(c)   EVP_CIPHER_CTX_reset(c)
+# endif
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+const BIO_METHOD *BIO_f_md(void);
+const BIO_METHOD *BIO_f_base64(void);
+const BIO_METHOD *BIO_f_cipher(void);
+const BIO_METHOD *BIO_f_reliable(void);
+__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                          const unsigned char *i, int enc);
+
+const EVP_MD *EVP_md_null(void);
+# ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+# endif
+# ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+# endif
+# ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
+# endif
+# ifndef OPENSSL_NO_BLAKE2
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+# endif
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+# ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+# endif
+# ifndef OPENSSL_NO_RMD160
+const EVP_MD *EVP_ripemd160(void);
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+const EVP_MD *EVP_whirlpool(void);
+# endif
+const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
+# ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb64(void);
+#  define EVP_des_cfb EVP_des_cfb64
+const EVP_CIPHER *EVP_des_cfb1(void);
+const EVP_CIPHER *EVP_des_cfb8(void);
+const EVP_CIPHER *EVP_des_ede_cfb64(void);
+#  define EVP_des_ede_cfb EVP_des_ede_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+#  define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_wrap(void);
+/*
+ * This should now be supported through the dev_crypto ENGINE. But also, why
+ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
+ * branch?
+ */
+# endif
+# ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#  ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#  endif
+# endif
+# ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb64(void);
+#  define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+# endif
+# ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb64(void);
+#  define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_ofb(void);
+# endif
+# ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb64(void);
+#  define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_ofb(void);
+# endif
+# ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb64(void);
+#  define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_ofb(void);
+# endif
+# ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
+#  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb1(void);
+const EVP_CIPHER *EVP_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_aes_128_cfb128(void);
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_128_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb1(void);
+const EVP_CIPHER *EVP_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_aes_192_cfb128(void);
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_192_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb1(void);
+const EVP_CIPHER *EVP_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_aes_256_cfb128(void);
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_256_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
+# ifndef OPENSSL_NO_CAMELLIA
+const EVP_CIPHER *EVP_camellia_128_ecb(void);
+const EVP_CIPHER *EVP_camellia_128_cbc(void);
+const EVP_CIPHER *EVP_camellia_128_cfb1(void);
+const EVP_CIPHER *EVP_camellia_128_cfb8(void);
+const EVP_CIPHER *EVP_camellia_128_cfb128(void);
+#  define EVP_camellia_128_cfb EVP_camellia_128_cfb128
+const EVP_CIPHER *EVP_camellia_128_ofb(void);
+const EVP_CIPHER *EVP_camellia_128_ctr(void);
+const EVP_CIPHER *EVP_camellia_192_ecb(void);
+const EVP_CIPHER *EVP_camellia_192_cbc(void);
+const EVP_CIPHER *EVP_camellia_192_cfb1(void);
+const EVP_CIPHER *EVP_camellia_192_cfb8(void);
+const EVP_CIPHER *EVP_camellia_192_cfb128(void);
+#  define EVP_camellia_192_cfb EVP_camellia_192_cfb128
+const EVP_CIPHER *EVP_camellia_192_ofb(void);
+const EVP_CIPHER *EVP_camellia_192_ctr(void);
+const EVP_CIPHER *EVP_camellia_256_ecb(void);
+const EVP_CIPHER *EVP_camellia_256_cbc(void);
+const EVP_CIPHER *EVP_camellia_256_cfb1(void);
+const EVP_CIPHER *EVP_camellia_256_cfb8(void);
+const EVP_CIPHER *EVP_camellia_256_cfb128(void);
+#  define EVP_camellia_256_cfb EVP_camellia_256_cfb128
+const EVP_CIPHER *EVP_camellia_256_ofb(void);
+const EVP_CIPHER *EVP_camellia_256_ctr(void);
+# endif
+# ifndef OPENSSL_NO_CHACHA
+const EVP_CIPHER *EVP_chacha20(void);
+#  ifndef OPENSSL_NO_POLY1305
+const EVP_CIPHER *EVP_chacha20_poly1305(void);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SEED
+const EVP_CIPHER *EVP_seed_ecb(void);
+const EVP_CIPHER *EVP_seed_cbc(void);
+const EVP_CIPHER *EVP_seed_cfb128(void);
+#  define EVP_seed_cfb EVP_seed_cfb128
+const EVP_CIPHER *EVP_seed_ofb(void);
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OPENSSL_add_all_algorithms_conf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  define OPENSSL_add_all_algorithms_noconf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  ifdef OPENSSL_LOAD_CONF
+#   define OpenSSL_add_all_algorithms() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  else
+#   define OpenSSL_add_all_algorithms() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+#  endif
+
+#  define OpenSSL_add_all_ciphers() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)
+#  define OpenSSL_add_all_digests() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  define EVP_cleanup() while(0) continue
+# endif
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg);
+void EVP_CIPHER_do_all_sorted(void (*fn)
+                               (const EVP_CIPHER *ciph, const char *from,
+                                const char *to, void *x), void *arg);
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph,
+                               const char *from, const char *to, void *x),
+                   void *arg);
+void EVP_MD_do_all_sorted(void (*fn)
+                           (const EVP_MD *ciph, const char *from,
+                            const char *to, void *x), void *arg);
+
+int EVP_PKEY_decrypt_old(unsigned char *dec_key,
+                         const unsigned char *enc_key, int enc_key_len,
+                         EVP_PKEY *private_key);
+int EVP_PKEY_encrypt_old(unsigned char *enc_key,
+                         const unsigned char *key, int key_len,
+                         EVP_PKEY *pub_key);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_id(const EVP_PKEY *pkey);
+int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_size(EVP_PKEY *pkey);
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+# ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+# endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+
+# ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_EC
+struct ec_key_st;
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+# endif
+
+EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
+void EVP_PKEY_free(EVP_PKEY *pkey);
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                                   const unsigned char *pt, size_t ptlen);
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de);
+
+#ifndef OPENSSL_NO_SCRYPT
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen);
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+
+/* PBE type */
+
+/* Can appear as the outermost AlgorithmIdentifier */
+# define EVP_PBE_TYPE_OUTER      0x0
+/* Is an PRF type OID */
+# define EVP_PBE_TYPE_PRF        0x1
+/* Is a PKCS#5 v2.0 KDF */
+# define EVP_PBE_TYPE_KDF        0x2
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
+                 EVP_PBE_KEYGEN **pkeygen);
+void EVP_PBE_cleanup(void);
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
+
+# define ASN1_PKEY_ALIAS         0x1
+# define ASN1_PKEY_DYNAMIC       0x2
+# define ASN1_PKEY_SIGPARAM_NULL 0x4
+
+# define ASN1_PKEY_CTRL_PKCS7_SIGN       0x1
+# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT    0x2
+# define ASN1_PKEY_CTRL_DEFAULT_MD_NID   0x3
+# define ASN1_PKEY_CTRL_CMS_SIGN         0x5
+# define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
+# define ASN1_PKEY_CTRL_CMS_RI_TYPE      0x8
+
+# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT   0x9
+# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT   0xa
+
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str,
+                                        const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent,
+                                                 ASN1_PCTX *pctx));
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
+# define EVP_PKEY_OP_UNDEFINED           0
+# define EVP_PKEY_OP_PARAMGEN            (1<<1)
+# define EVP_PKEY_OP_KEYGEN              (1<<2)
+# define EVP_PKEY_OP_SIGN                (1<<3)
+# define EVP_PKEY_OP_VERIFY              (1<<4)
+# define EVP_PKEY_OP_VERIFYRECOVER       (1<<5)
+# define EVP_PKEY_OP_SIGNCTX             (1<<6)
+# define EVP_PKEY_OP_VERIFYCTX           (1<<7)
+# define EVP_PKEY_OP_ENCRYPT             (1<<8)
+# define EVP_PKEY_OP_DECRYPT             (1<<9)
+# define EVP_PKEY_OP_DERIVE              (1<<10)
+
+# define EVP_PKEY_OP_TYPE_SIG    \
+        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+# define EVP_PKEY_OP_TYPE_CRYPT \
+        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+# define EVP_PKEY_OP_TYPE_NOGEN \
+        (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
+
+# define EVP_PKEY_OP_TYPE_GEN \
+                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+# define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
+
+# define  EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd)
+
+# define  EVP_PKEY_CTX_set_mac_key(ctx, key, len)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN,  \
+                                  EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key)
+
+# define EVP_PKEY_CTRL_MD                1
+# define EVP_PKEY_CTRL_PEER_KEY          2
+
+# define EVP_PKEY_CTRL_PKCS7_ENCRYPT     3
+# define EVP_PKEY_CTRL_PKCS7_DECRYPT     4
+
+# define EVP_PKEY_CTRL_PKCS7_SIGN        5
+
+# define EVP_PKEY_CTRL_SET_MAC_KEY       6
+
+# define EVP_PKEY_CTRL_DIGESTINIT        7
+
+/* Used by GOST key encryption in TLS */
+# define EVP_PKEY_CTRL_SET_IV            8
+
+# define EVP_PKEY_CTRL_CMS_ENCRYPT       9
+# define EVP_PKEY_CTRL_CMS_DECRYPT       10
+# define EVP_PKEY_CTRL_CMS_SIGN          11
+
+# define EVP_PKEY_CTRL_CIPHER            12
+
+# define EVP_PKEY_CTRL_GET_MD            13
+
+# define EVP_PKEY_ALG_CTRL               0x1000
+
+# define EVP_PKEY_FLAG_AUTOARGLEN        2
+/*
+ * Method handles all operations: don't assume any digest related defaults.
+ */
+# define EVP_PKEY_FLAG_SIGCTX_CUSTOM     4
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                          const char *value);
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen);
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen));
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen));
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen));
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value));
+
+void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen));
+
+void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen));
+
+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen));
+
+void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value));
+
+void EVP_add_alg_module(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_EVP_strings(void);
+
+/* Error codes for the EVP functions. */
+
+/* Function codes. */
+# define EVP_F_AESNI_INIT_KEY                             165
+# define EVP_F_AES_INIT_KEY                               133
+# define EVP_F_AES_OCB_CIPHER                             169
+# define EVP_F_AES_T4_INIT_KEY                            178
+# define EVP_F_AES_WRAP_CIPHER                            170
+# define EVP_F_ALG_MODULE_INIT                            177
+# define EVP_F_CAMELLIA_INIT_KEY                          159
+# define EVP_F_CHACHA20_POLY1305_CTRL                     182
+# define EVP_F_CMLL_T4_INIT_KEY                           179
+# define EVP_F_DES_EDE3_WRAP_CIPHER                       171
+# define EVP_F_DO_SIGVER_INIT                             161
+# define EVP_F_EVP_CIPHERINIT_EX                          123
+# define EVP_F_EVP_CIPHER_CTX_COPY                        163
+# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+# define EVP_F_EVP_DECRYPTFINAL_EX                        101
+# define EVP_F_EVP_DECRYPTUPDATE                          166
+# define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+# define EVP_F_EVP_ENCRYPTUPDATE                          167
+# define EVP_F_EVP_MD_CTX_COPY_EX                         110
+# define EVP_F_EVP_MD_SIZE                                162
+# define EVP_F_EVP_OPENINIT                               102
+# define EVP_F_EVP_PBE_ALG_ADD                            115
+# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
+# define EVP_F_EVP_PBE_CIPHERINIT                         116
+# define EVP_F_EVP_PBE_SCRYPT                             181
+# define EVP_F_EVP_PKCS82PKEY                             111
+# define EVP_F_EVP_PKEY2PKCS8                             113
+# define EVP_F_EVP_PKEY_ASN1_ADD0                         168
+# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+# define EVP_F_EVP_PKEY_CTX_CTRL                          137
+# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+# define EVP_F_EVP_PKEY_CTX_DUP                           156
+# define EVP_F_EVP_PKEY_DECRYPT                           104
+# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+# define EVP_F_EVP_PKEY_DERIVE                            153
+# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
+# define EVP_F_EVP_PKEY_ENCRYPT                           105
+# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
+# define EVP_F_EVP_PKEY_GET0_DH                           119
+# define EVP_F_EVP_PKEY_GET0_DSA                          120
+# define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         183
+# define EVP_F_EVP_PKEY_GET0_RSA                          121
+# define EVP_F_EVP_PKEY_KEYGEN                            146
+# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
+# define EVP_F_EVP_PKEY_NEW                               106
+# define EVP_F_EVP_PKEY_PARAMGEN                          148
+# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+# define EVP_F_EVP_PKEY_SET1_ENGINE                       187
+# define EVP_F_EVP_PKEY_SIGN                              140
+# define EVP_F_EVP_PKEY_SIGN_INIT                         141
+# define EVP_F_EVP_PKEY_VERIFY                            142
+# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
+# define EVP_F_EVP_SIGNFINAL                              107
+# define EVP_F_EVP_VERIFYFINAL                            108
+# define EVP_F_INT_CTX_NEW                                157
+# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
+# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
+# define EVP_F_PKEY_SET_TYPE                              158
+# define EVP_F_RC2_MAGIC_TO_METH                          109
+# define EVP_F_RC5_CTRL                                   125
+
+/* Reason codes. */
+# define EVP_R_AES_KEY_SETUP_FAILED                       143
+# define EVP_R_BAD_DECRYPT                                100
+# define EVP_R_BUFFER_TOO_SMALL                           155
+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CIPHER_PARAMETER_ERROR                     122
+# define EVP_R_COMMAND_NOT_SUPPORTED                      147
+# define EVP_R_COPY_ERROR                                 173
+# define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
+# define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DIFFERENT_KEY_TYPES                        101
+# define EVP_R_DIFFERENT_PARAMETERS                       153
+# define EVP_R_ERROR_LOADING_SECTION                      165
+# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
+# define EVP_R_EXPECTING_AN_RSA_KEY                       127
+# define EVP_R_EXPECTING_A_DH_KEY                         128
+# define EVP_R_EXPECTING_A_DSA_KEY                        129
+# define EVP_R_EXPECTING_A_EC_KEY                         142
+# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
+# define EVP_R_INITIALIZATION_ERROR                       134
+# define EVP_R_INPUT_NOT_INITIALIZED                      111
+# define EVP_R_INVALID_DIGEST                             152
+# define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
+# define EVP_R_INVALID_KEY_LENGTH                         130
+# define EVP_R_INVALID_OPERATION                          148
+# define EVP_R_KEYGEN_FAILURE                             120
+# define EVP_R_MEMORY_LIMIT_EXCEEDED                      172
+# define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+# define EVP_R_METHOD_NOT_SUPPORTED                       144
+# define EVP_R_MISSING_PARAMETERS                         103
+# define EVP_R_NO_CIPHER_SET                              131
+# define EVP_R_NO_DEFAULT_DIGEST                          158
+# define EVP_R_NO_DIGEST_SET                              139
+# define EVP_R_NO_KEY_SET                                 154
+# define EVP_R_NO_OPERATION_SET                           149
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+# define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_PARTIALLY_OVERLAPPING                      162
+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
+# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED        164
+# define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+# define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
+# define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_UNKNOWN_CIPHER                             160
+# define EVP_R_UNKNOWN_DIGEST                             161
+# define EVP_R_UNKNOWN_OPTION                             169
+# define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNSUPPORTED_ALGORITHM                      156
+# define EVP_R_UNSUPPORTED_CIPHER                         107
+# define EVP_R_UNSUPPORTED_KEYLENGTH                      123
+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
+# define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
+# define EVP_R_UNSUPPORTED_PRF                            125
+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
+# define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+# define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/hmac.h b/openssl-1.1.0h/include/openssl/hmac.h
new file mode 100644
index 0000000..9f06896
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/hmac.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_H
+# define HEADER_HMAC_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/evp.h>
+
+# define HMAC_MAX_MD_CBLOCK      128/* largest known is SHA512 */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+size_t HMAC_size(const HMAC_CTX *e);
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+                     const EVP_MD *md))
+
+/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                            const EVP_MD *md, ENGINE *impl);
+/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+                           size_t len);
+/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+                          unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len);
+__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/idea.h b/openssl-1.1.0h/include/openssl/idea.h
new file mode 100644
index 0000000..4334f3e
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/idea.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_IDEA_H
+# define HEADER_IDEA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_IDEA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int IDEA_INT;
+
+# define IDEA_ENCRYPT    1
+# define IDEA_DECRYPT    0
+
+# define IDEA_BLOCK      8
+# define IDEA_KEY_LENGTH 16
+
+typedef struct idea_key_st {
+    IDEA_INT data[9][6];
+} IDEA_KEY_SCHEDULE;
+
+const char *IDEA_options(void);
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int enc);
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num, int enc);
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num);
+void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define idea_options          IDEA_options
+#  define idea_ecb_encrypt      IDEA_ecb_encrypt
+#  define idea_set_encrypt_key  IDEA_set_encrypt_key
+#  define idea_set_decrypt_key  IDEA_set_decrypt_key
+#  define idea_cbc_encrypt      IDEA_cbc_encrypt
+#  define idea_cfb64_encrypt    IDEA_cfb64_encrypt
+#  define idea_ofb64_encrypt    IDEA_ofb64_encrypt
+#  define idea_encrypt          IDEA_encrypt
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/kdf.h b/openssl-1.1.0h/include/openssl/kdf.h
new file mode 100644
index 0000000..9f87f78
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/kdf.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDF_H
+# define HEADER_KDF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_CTRL_TLS_MD       (EVP_PKEY_ALG_CTRL)
+# define EVP_PKEY_CTRL_TLS_SECRET   (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED     (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD      (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT    (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY     (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO    (EVP_PKEY_ALG_CTRL + 6)
+
+# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)sec)
+
+# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed)
+
+# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt)
+
+# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key)
+
+# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info)
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_KDF_strings(void);
+
+/* Error codes for the KDF functions. */
+
+/* Function codes. */
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
+# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
+
+/* Reason codes. */
+# define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_VALUE_MISSING                              102
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/lhash.h b/openssl-1.1.0h/include/openssl/lhash.h
new file mode 100644
index 0000000..82d40c1
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/lhash.h
@@ -0,0 +1,217 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+# define HEADER_LHASH_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st OPENSSL_LH_NODE;
+typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC) (void *);
+typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *);
+typedef struct lhash_st OPENSSL_LHASH;
+
+/*
+ * Macros for declaring and implementing type-safe wrappers for LHASH
+ * callbacks. This way, callbacks can be provided to LHASH structures without
+ * function pointer casting and the macro-defined callbacks provide
+ * per-variable casting before deferring to the underlying type-specific
+ * callbacks. NB: It is possible to place a "static" in front of both the
+ * DECLARE and IMPLEMENT macros if the functions are strictly internal.
+ */
+
+/* First: "hash" functions */
+# define DECLARE_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *);
+# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
+                const o_type *a = arg; \
+                return name##_hash(a); }
+# define LHASH_HASH_FN(name) name##_LHASH_HASH
+
+/* Second: "compare" functions */
+# define DECLARE_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *, const void *);
+# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                const o_type *a = arg1;             \
+                const o_type *b = arg2; \
+                return name##_cmp(a,b); }
+# define LHASH_COMP_FN(name) name##_LHASH_COMP
+
+/* Fourth: "doall_arg" functions */
+# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *, void *);
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+                o_type *a = arg1; \
+                a_type *b = arg2; \
+                name##_doall_arg(a, b); }
+# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+
+
+# define LH_LOAD_MULT    256
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh);
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
+void OPENSSL_LH_free(OPENSSL_LHASH *lh);
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
+unsigned long OPENSSL_LH_strhash(const char *c);
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh);
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+# endif
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _LHASH OPENSSL_LHASH
+#  define LHASH_NODE OPENSSL_LH_NODE
+#  define lh_error OPENSSL_LH_error
+#  define lh_new OPENSSL_lh_new
+#  define lh_free OPENSSL_LH_free
+#  define lh_insert OPENSSL_LH_insert
+#  define lh_delete OPENSSL_LH_delete
+#  define lh_retrieve OPENSSL_LH_retrieve
+#  define lh_doall OPENSSL_LH_doall
+#  define lh_doall_arg OPENSSL_LH_doall_arg
+#  define lh_strhash OPENSSL_LH_strhash
+#  define lh_num_items OPENSSL_LH_num_items
+#  ifndef OPENSSL_NO_STDIO
+#   define lh_stats OPENSSL_LH_stats
+#   define lh_node_stats OPENSSL_LH_node_stats
+#   define lh_node_usage_stats OPENSSL_LH_node_usage_stats
+#  endif
+#  define lh_stats_bio OPENSSL_LH_stats_bio
+#  define lh_node_stats_bio OPENSSL_LH_node_stats_bio
+#  define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio
+# endif
+
+/* Type checking... */
+
+# define LHASH_OF(type) struct lhash_st_##type
+
+# define DEFINE_LHASH_OF(type) \
+    LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
+    static ossl_inline LHASH_OF(type) * \
+        lh_##type##_new(unsigned long (*hfn)(const type *), \
+                        int (*cfn)(const type *, const type *)) \
+    { \
+        return (LHASH_OF(type) *) \
+            OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
+    } \
+    static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    { \
+        OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    { \
+        return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    { \
+        OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
+    } \
+    static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
+                                         void (*doall)(type *)) \
+    { \
+        OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
+    } \
+    LHASH_OF(type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
+    int_implement_lhash_doall(type, argtype, const type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \
+    int_implement_lhash_doall(type, argtype, type)
+
+#define int_implement_lhash_doall(type, argtype, cbargtype) \
+    static ossl_inline void \
+        lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \
+                                   void (*fn)(cbargtype *, argtype *), \
+                                   argtype *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
+    } \
+    LHASH_OF(type)
+
+DEFINE_LHASH_OF(OPENSSL_STRING);
+# ifdef _MSC_VER
+/*
+ * push and pop this warning:
+ *   warning C4090: 'function': different 'const' qualifiers
+ */
+#  pragma warning (push)
+#  pragma warning (disable: 4090)
+# endif
+
+DEFINE_LHASH_OF(OPENSSL_CSTRING);
+
+# ifdef _MSC_VER
+#  pragma warning (pop)
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/md2.h b/openssl-1.1.0h/include/openssl/md2.h
new file mode 100644
index 0000000..7faf8e3
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/md2.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD2_H
+# define HEADER_MD2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD2
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned char MD2_INT;
+
+# define MD2_DIGEST_LENGTH       16
+# define MD2_BLOCK               16
+
+typedef struct MD2state_st {
+    unsigned int num;
+    unsigned char data[MD2_BLOCK];
+    MD2_INT cksm[MD2_BLOCK];
+    MD2_INT state[MD2_BLOCK];
+} MD2_CTX;
+
+const char *MD2_options(void);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/md4.h b/openssl-1.1.0h/include/openssl/md4.h
new file mode 100644
index 0000000..940e29d
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/md4.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD4_H
+# define HEADER_MD4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD4
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD4_LONG unsigned int
+
+# define MD4_CBLOCK      64
+# define MD4_LBLOCK      (MD4_CBLOCK/4)
+# define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st {
+    MD4_LONG A, B, C, D;
+    MD4_LONG Nl, Nh;
+    MD4_LONG data[MD4_LBLOCK];
+    unsigned int num;
+} MD4_CTX;
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/md5.h b/openssl-1.1.0h/include/openssl/md5.h
new file mode 100644
index 0000000..2deb772
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/md5.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD5_H
+# define HEADER_MD5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD5
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD5_LONG unsigned int
+
+# define MD5_CBLOCK      64
+# define MD5_LBLOCK      (MD5_CBLOCK/4)
+# define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st {
+    MD5_LONG A, B, C, D;
+    MD5_LONG Nl, Nh;
+    MD5_LONG data[MD5_LBLOCK];
+    unsigned int num;
+} MD5_CTX;
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/mdc2.h b/openssl-1.1.0h/include/openssl/mdc2.h
new file mode 100644
index 0000000..aabd2bf
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/mdc2.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MDC2_H
+# define HEADER_MDC2_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_MDC2
+# include <stdlib.h>
+# include <openssl/des.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define MDC2_BLOCK              8
+# define MDC2_DIGEST_LENGTH      16
+
+typedef struct mdc2_ctx_st {
+    unsigned int num;
+    unsigned char data[MDC2_BLOCK];
+    DES_cblock h, hh;
+    int pad_type;               /* either 1 or 2, default 1 */
+} MDC2_CTX;
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/modes.h b/openssl-1.1.0h/include/openssl/modes.h
new file mode 100644
index 0000000..a04c6a5
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/modes.h
@@ -0,0 +1,203 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef void (*block128_f) (const unsigned char in[16],
+                            unsigned char out[16], const void *key);
+
+typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
+                          size_t len, const void *key,
+                          unsigned char ivec[16], int enc);
+
+typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16]);
+
+typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16],
+                          unsigned char cmac[16]);
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block);
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f ctr);
+
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           block128_f block);
+
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct ccm128_context CCM128_CONTEXT;
+
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block);
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce,
+                        size_t nlen, size_t mlen);
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad,
+                       size_t alen);
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc);
+
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block);
+
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out,
+                         const unsigned char *in, size_t inlen,
+                         block128_f block);
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out, const unsigned char *in,
+                           size_t inlen, block128_f block);
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out, const unsigned char *in,
+                             size_t inlen, block128_f block);
+
+#ifndef OPENSSL_NO_OCB
+typedef struct ocb128_context OCB128_CONTEXT;
+
+typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          size_t start_block_num,
+                          unsigned char offset_i[16],
+                          const unsigned char L_[][16],
+                          unsigned char checksum[16]);
+
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream);
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream);
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec);
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen);
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
+#endif                          /* OPENSSL_NO_OCB */
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/openssl-1.1.0h/include/openssl/obj_mac.h b/openssl-1.1.0h/include/openssl/obj_mac.h
new file mode 100644
index 0000000..f97f3ea
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/obj_mac.h
@@ -0,0 +1,4577 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
+ *
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+#define SN_itu_t                "ITU-T"
+#define LN_itu_t                "itu-t"
+#define NID_itu_t               645
+#define OBJ_itu_t               0L
+
+#define NID_ccitt               404
+#define OBJ_ccitt               OBJ_itu_t
+
+#define SN_iso          "ISO"
+#define LN_iso          "iso"
+#define NID_iso         181
+#define OBJ_iso         1L
+
+#define SN_joint_iso_itu_t              "JOINT-ISO-ITU-T"
+#define LN_joint_iso_itu_t              "joint-iso-itu-t"
+#define NID_joint_iso_itu_t             646
+#define OBJ_joint_iso_itu_t             2L
+
+#define NID_joint_iso_ccitt             393
+#define OBJ_joint_iso_ccitt             OBJ_joint_iso_itu_t
+
+#define SN_member_body          "member-body"
+#define LN_member_body          "ISO Member Body"
+#define NID_member_body         182
+#define OBJ_member_body         OBJ_iso,2L
+
+#define SN_identified_organization              "identified-organization"
+#define NID_identified_organization             676
+#define OBJ_identified_organization             OBJ_iso,3L
+
+#define SN_hmac_md5             "HMAC-MD5"
+#define LN_hmac_md5             "hmac-md5"
+#define NID_hmac_md5            780
+#define OBJ_hmac_md5            OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
+
+#define SN_hmac_sha1            "HMAC-SHA1"
+#define LN_hmac_sha1            "hmac-sha1"
+#define NID_hmac_sha1           781
+#define OBJ_hmac_sha1           OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
+
+#define SN_certicom_arc         "certicom-arc"
+#define NID_certicom_arc                677
+#define OBJ_certicom_arc                OBJ_identified_organization,132L
+
+#define SN_international_organizations          "international-organizations"
+#define LN_international_organizations          "International Organizations"
+#define NID_international_organizations         647
+#define OBJ_international_organizations         OBJ_joint_iso_itu_t,23L
+
+#define SN_wap          "wap"
+#define NID_wap         678
+#define OBJ_wap         OBJ_international_organizations,43L
+
+#define SN_wap_wsg              "wap-wsg"
+#define NID_wap_wsg             679
+#define OBJ_wap_wsg             OBJ_wap,1L
+
+#define SN_selected_attribute_types             "selected-attribute-types"
+#define LN_selected_attribute_types             "Selected Attribute Types"
+#define NID_selected_attribute_types            394
+#define OBJ_selected_attribute_types            OBJ_joint_iso_itu_t,5L,1L,5L
+
+#define SN_clearance            "clearance"
+#define NID_clearance           395
+#define OBJ_clearance           OBJ_selected_attribute_types,55L
+
+#define SN_ISO_US               "ISO-US"
+#define LN_ISO_US               "ISO US Member Body"
+#define NID_ISO_US              183
+#define OBJ_ISO_US              OBJ_member_body,840L
+
+#define SN_X9_57                "X9-57"
+#define LN_X9_57                "X9.57"
+#define NID_X9_57               184
+#define OBJ_X9_57               OBJ_ISO_US,10040L
+
+#define SN_X9cm         "X9cm"
+#define LN_X9cm         "X9.57 CM ?"
+#define NID_X9cm                185
+#define OBJ_X9cm                OBJ_X9_57,4L
+
+#define SN_dsa          "DSA"
+#define LN_dsa          "dsaEncryption"
+#define NID_dsa         116
+#define OBJ_dsa         OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1          "DSA-SHA1"
+#define LN_dsaWithSHA1          "dsaWithSHA1"
+#define NID_dsaWithSHA1         113
+#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
+
+#define SN_ansi_X9_62           "ansi-X9-62"
+#define LN_ansi_X9_62           "ANSI X9.62"
+#define NID_ansi_X9_62          405
+#define OBJ_ansi_X9_62          OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType          OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field            "prime-field"
+#define NID_X9_62_prime_field           406
+#define OBJ_X9_62_prime_field           OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field               "characteristic-two-field"
+#define NID_X9_62_characteristic_two_field              407
+#define OBJ_X9_62_characteristic_two_field              OBJ_X9_62_id_fieldType,2L
+
+#define SN_X9_62_id_characteristic_two_basis            "id-characteristic-two-basis"
+#define NID_X9_62_id_characteristic_two_basis           680
+#define OBJ_X9_62_id_characteristic_two_basis           OBJ_X9_62_characteristic_two_field,3L
+
+#define SN_X9_62_onBasis                "onBasis"
+#define NID_X9_62_onBasis               681
+#define OBJ_X9_62_onBasis               OBJ_X9_62_id_characteristic_two_basis,1L
+
+#define SN_X9_62_tpBasis                "tpBasis"
+#define NID_X9_62_tpBasis               682
+#define OBJ_X9_62_tpBasis               OBJ_X9_62_id_characteristic_two_basis,2L
+
+#define SN_X9_62_ppBasis                "ppBasis"
+#define NID_X9_62_ppBasis               683
+#define OBJ_X9_62_ppBasis               OBJ_X9_62_id_characteristic_two_basis,3L
+
+#define OBJ_X9_62_id_publicKeyType              OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey         "id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey                408
+#define OBJ_X9_62_id_ecPublicKey                OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve         OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve            OBJ_X9_62_ellipticCurve,0L
+
+#define SN_X9_62_c2pnb163v1             "c2pnb163v1"
+#define NID_X9_62_c2pnb163v1            684
+#define OBJ_X9_62_c2pnb163v1            OBJ_X9_62_c_TwoCurve,1L
+
+#define SN_X9_62_c2pnb163v2             "c2pnb163v2"
+#define NID_X9_62_c2pnb163v2            685
+#define OBJ_X9_62_c2pnb163v2            OBJ_X9_62_c_TwoCurve,2L
+
+#define SN_X9_62_c2pnb163v3             "c2pnb163v3"
+#define NID_X9_62_c2pnb163v3            686
+#define OBJ_X9_62_c2pnb163v3            OBJ_X9_62_c_TwoCurve,3L
+
+#define SN_X9_62_c2pnb176v1             "c2pnb176v1"
+#define NID_X9_62_c2pnb176v1            687
+#define OBJ_X9_62_c2pnb176v1            OBJ_X9_62_c_TwoCurve,4L
+
+#define SN_X9_62_c2tnb191v1             "c2tnb191v1"
+#define NID_X9_62_c2tnb191v1            688
+#define OBJ_X9_62_c2tnb191v1            OBJ_X9_62_c_TwoCurve,5L
+
+#define SN_X9_62_c2tnb191v2             "c2tnb191v2"
+#define NID_X9_62_c2tnb191v2            689
+#define OBJ_X9_62_c2tnb191v2            OBJ_X9_62_c_TwoCurve,6L
+
+#define SN_X9_62_c2tnb191v3             "c2tnb191v3"
+#define NID_X9_62_c2tnb191v3            690
+#define OBJ_X9_62_c2tnb191v3            OBJ_X9_62_c_TwoCurve,7L
+
+#define SN_X9_62_c2onb191v4             "c2onb191v4"
+#define NID_X9_62_c2onb191v4            691
+#define OBJ_X9_62_c2onb191v4            OBJ_X9_62_c_TwoCurve,8L
+
+#define SN_X9_62_c2onb191v5             "c2onb191v5"
+#define NID_X9_62_c2onb191v5            692
+#define OBJ_X9_62_c2onb191v5            OBJ_X9_62_c_TwoCurve,9L
+
+#define SN_X9_62_c2pnb208w1             "c2pnb208w1"
+#define NID_X9_62_c2pnb208w1            693
+#define OBJ_X9_62_c2pnb208w1            OBJ_X9_62_c_TwoCurve,10L
+
+#define SN_X9_62_c2tnb239v1             "c2tnb239v1"
+#define NID_X9_62_c2tnb239v1            694
+#define OBJ_X9_62_c2tnb239v1            OBJ_X9_62_c_TwoCurve,11L
+
+#define SN_X9_62_c2tnb239v2             "c2tnb239v2"
+#define NID_X9_62_c2tnb239v2            695
+#define OBJ_X9_62_c2tnb239v2            OBJ_X9_62_c_TwoCurve,12L
+
+#define SN_X9_62_c2tnb239v3             "c2tnb239v3"
+#define NID_X9_62_c2tnb239v3            696
+#define OBJ_X9_62_c2tnb239v3            OBJ_X9_62_c_TwoCurve,13L
+
+#define SN_X9_62_c2onb239v4             "c2onb239v4"
+#define NID_X9_62_c2onb239v4            697
+#define OBJ_X9_62_c2onb239v4            OBJ_X9_62_c_TwoCurve,14L
+
+#define SN_X9_62_c2onb239v5             "c2onb239v5"
+#define NID_X9_62_c2onb239v5            698
+#define OBJ_X9_62_c2onb239v5            OBJ_X9_62_c_TwoCurve,15L
+
+#define SN_X9_62_c2pnb272w1             "c2pnb272w1"
+#define NID_X9_62_c2pnb272w1            699
+#define OBJ_X9_62_c2pnb272w1            OBJ_X9_62_c_TwoCurve,16L
+
+#define SN_X9_62_c2pnb304w1             "c2pnb304w1"
+#define NID_X9_62_c2pnb304w1            700
+#define OBJ_X9_62_c2pnb304w1            OBJ_X9_62_c_TwoCurve,17L
+
+#define SN_X9_62_c2tnb359v1             "c2tnb359v1"
+#define NID_X9_62_c2tnb359v1            701
+#define OBJ_X9_62_c2tnb359v1            OBJ_X9_62_c_TwoCurve,18L
+
+#define SN_X9_62_c2pnb368w1             "c2pnb368w1"
+#define NID_X9_62_c2pnb368w1            702
+#define OBJ_X9_62_c2pnb368w1            OBJ_X9_62_c_TwoCurve,19L
+
+#define SN_X9_62_c2tnb431r1             "c2tnb431r1"
+#define NID_X9_62_c2tnb431r1            703
+#define OBJ_X9_62_c2tnb431r1            OBJ_X9_62_c_TwoCurve,20L
+
+#define OBJ_X9_62_primeCurve            OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1             "prime192v1"
+#define NID_X9_62_prime192v1            409
+#define OBJ_X9_62_prime192v1            OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2             "prime192v2"
+#define NID_X9_62_prime192v2            410
+#define OBJ_X9_62_prime192v2            OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3             "prime192v3"
+#define NID_X9_62_prime192v3            411
+#define OBJ_X9_62_prime192v3            OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1             "prime239v1"
+#define NID_X9_62_prime239v1            412
+#define OBJ_X9_62_prime239v1            OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2             "prime239v2"
+#define NID_X9_62_prime239v2            413
+#define OBJ_X9_62_prime239v2            OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3             "prime239v3"
+#define NID_X9_62_prime239v3            414
+#define OBJ_X9_62_prime239v3            OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1             "prime256v1"
+#define NID_X9_62_prime256v1            415
+#define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1             416
+#define OBJ_ecdsa_with_SHA1             OBJ_X9_62_id_ecSigType,1L
+
+#define SN_ecdsa_with_Recommended               "ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended              791
+#define OBJ_ecdsa_with_Recommended              OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified         "ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified                792
+#define OBJ_ecdsa_with_Specified                OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224            "ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224           793
+#define OBJ_ecdsa_with_SHA224           OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256            "ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256           794
+#define OBJ_ecdsa_with_SHA256           OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384            "ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384           795
+#define OBJ_ecdsa_with_SHA384           OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512            "ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512           796
+#define OBJ_ecdsa_with_SHA512           OBJ_ecdsa_with_Specified,4L
+
+#define OBJ_secg_ellipticCurve          OBJ_certicom_arc,0L
+
+#define SN_secp112r1            "secp112r1"
+#define NID_secp112r1           704
+#define OBJ_secp112r1           OBJ_secg_ellipticCurve,6L
+
+#define SN_secp112r2            "secp112r2"
+#define NID_secp112r2           705
+#define OBJ_secp112r2           OBJ_secg_ellipticCurve,7L
+
+#define SN_secp128r1            "secp128r1"
+#define NID_secp128r1           706
+#define OBJ_secp128r1           OBJ_secg_ellipticCurve,28L
+
+#define SN_secp128r2            "secp128r2"
+#define NID_secp128r2           707
+#define OBJ_secp128r2           OBJ_secg_ellipticCurve,29L
+
+#define SN_secp160k1            "secp160k1"
+#define NID_secp160k1           708
+#define OBJ_secp160k1           OBJ_secg_ellipticCurve,9L
+
+#define SN_secp160r1            "secp160r1"
+#define NID_secp160r1           709
+#define OBJ_secp160r1           OBJ_secg_ellipticCurve,8L
+
+#define SN_secp160r2            "secp160r2"
+#define NID_secp160r2           710
+#define OBJ_secp160r2           OBJ_secg_ellipticCurve,30L
+
+#define SN_secp192k1            "secp192k1"
+#define NID_secp192k1           711
+#define OBJ_secp192k1           OBJ_secg_ellipticCurve,31L
+
+#define SN_secp224k1            "secp224k1"
+#define NID_secp224k1           712
+#define OBJ_secp224k1           OBJ_secg_ellipticCurve,32L
+
+#define SN_secp224r1            "secp224r1"
+#define NID_secp224r1           713
+#define OBJ_secp224r1           OBJ_secg_ellipticCurve,33L
+
+#define SN_secp256k1            "secp256k1"
+#define NID_secp256k1           714
+#define OBJ_secp256k1           OBJ_secg_ellipticCurve,10L
+
+#define SN_secp384r1            "secp384r1"
+#define NID_secp384r1           715
+#define OBJ_secp384r1           OBJ_secg_ellipticCurve,34L
+
+#define SN_secp521r1            "secp521r1"
+#define NID_secp521r1           716
+#define OBJ_secp521r1           OBJ_secg_ellipticCurve,35L
+
+#define SN_sect113r1            "sect113r1"
+#define NID_sect113r1           717
+#define OBJ_sect113r1           OBJ_secg_ellipticCurve,4L
+
+#define SN_sect113r2            "sect113r2"
+#define NID_sect113r2           718
+#define OBJ_sect113r2           OBJ_secg_ellipticCurve,5L
+
+#define SN_sect131r1            "sect131r1"
+#define NID_sect131r1           719
+#define OBJ_sect131r1           OBJ_secg_ellipticCurve,22L
+
+#define SN_sect131r2            "sect131r2"
+#define NID_sect131r2           720
+#define OBJ_sect131r2           OBJ_secg_ellipticCurve,23L
+
+#define SN_sect163k1            "sect163k1"
+#define NID_sect163k1           721
+#define OBJ_sect163k1           OBJ_secg_ellipticCurve,1L
+
+#define SN_sect163r1            "sect163r1"
+#define NID_sect163r1           722
+#define OBJ_sect163r1           OBJ_secg_ellipticCurve,2L
+
+#define SN_sect163r2            "sect163r2"
+#define NID_sect163r2           723
+#define OBJ_sect163r2           OBJ_secg_ellipticCurve,15L
+
+#define SN_sect193r1            "sect193r1"
+#define NID_sect193r1           724
+#define OBJ_sect193r1           OBJ_secg_ellipticCurve,24L
+
+#define SN_sect193r2            "sect193r2"
+#define NID_sect193r2           725
+#define OBJ_sect193r2           OBJ_secg_ellipticCurve,25L
+
+#define SN_sect233k1            "sect233k1"
+#define NID_sect233k1           726
+#define OBJ_sect233k1           OBJ_secg_ellipticCurve,26L
+
+#define SN_sect233r1            "sect233r1"
+#define NID_sect233r1           727
+#define OBJ_sect233r1           OBJ_secg_ellipticCurve,27L
+
+#define SN_sect239k1            "sect239k1"
+#define NID_sect239k1           728
+#define OBJ_sect239k1           OBJ_secg_ellipticCurve,3L
+
+#define SN_sect283k1            "sect283k1"
+#define NID_sect283k1           729
+#define OBJ_sect283k1           OBJ_secg_ellipticCurve,16L
+
+#define SN_sect283r1            "sect283r1"
+#define NID_sect283r1           730
+#define OBJ_sect283r1           OBJ_secg_ellipticCurve,17L
+
+#define SN_sect409k1            "sect409k1"
+#define NID_sect409k1           731
+#define OBJ_sect409k1           OBJ_secg_ellipticCurve,36L
+
+#define SN_sect409r1            "sect409r1"
+#define NID_sect409r1           732
+#define OBJ_sect409r1           OBJ_secg_ellipticCurve,37L
+
+#define SN_sect571k1            "sect571k1"
+#define NID_sect571k1           733
+#define OBJ_sect571k1           OBJ_secg_ellipticCurve,38L
+
+#define SN_sect571r1            "sect571r1"
+#define NID_sect571r1           734
+#define OBJ_sect571r1           OBJ_secg_ellipticCurve,39L
+
+#define OBJ_wap_wsg_idm_ecid            OBJ_wap_wsg,4L
+
+#define SN_wap_wsg_idm_ecid_wtls1               "wap-wsg-idm-ecid-wtls1"
+#define NID_wap_wsg_idm_ecid_wtls1              735
+#define OBJ_wap_wsg_idm_ecid_wtls1              OBJ_wap_wsg_idm_ecid,1L
+
+#define SN_wap_wsg_idm_ecid_wtls3               "wap-wsg-idm-ecid-wtls3"
+#define NID_wap_wsg_idm_ecid_wtls3              736
+#define OBJ_wap_wsg_idm_ecid_wtls3              OBJ_wap_wsg_idm_ecid,3L
+
+#define SN_wap_wsg_idm_ecid_wtls4               "wap-wsg-idm-ecid-wtls4"
+#define NID_wap_wsg_idm_ecid_wtls4              737
+#define OBJ_wap_wsg_idm_ecid_wtls4              OBJ_wap_wsg_idm_ecid,4L
+
+#define SN_wap_wsg_idm_ecid_wtls5               "wap-wsg-idm-ecid-wtls5"
+#define NID_wap_wsg_idm_ecid_wtls5              738
+#define OBJ_wap_wsg_idm_ecid_wtls5              OBJ_wap_wsg_idm_ecid,5L
+
+#define SN_wap_wsg_idm_ecid_wtls6               "wap-wsg-idm-ecid-wtls6"
+#define NID_wap_wsg_idm_ecid_wtls6              739
+#define OBJ_wap_wsg_idm_ecid_wtls6              OBJ_wap_wsg_idm_ecid,6L
+
+#define SN_wap_wsg_idm_ecid_wtls7               "wap-wsg-idm-ecid-wtls7"
+#define NID_wap_wsg_idm_ecid_wtls7              740
+#define OBJ_wap_wsg_idm_ecid_wtls7              OBJ_wap_wsg_idm_ecid,7L
+
+#define SN_wap_wsg_idm_ecid_wtls8               "wap-wsg-idm-ecid-wtls8"
+#define NID_wap_wsg_idm_ecid_wtls8              741
+#define OBJ_wap_wsg_idm_ecid_wtls8              OBJ_wap_wsg_idm_ecid,8L
+
+#define SN_wap_wsg_idm_ecid_wtls9               "wap-wsg-idm-ecid-wtls9"
+#define NID_wap_wsg_idm_ecid_wtls9              742
+#define OBJ_wap_wsg_idm_ecid_wtls9              OBJ_wap_wsg_idm_ecid,9L
+
+#define SN_wap_wsg_idm_ecid_wtls10              "wap-wsg-idm-ecid-wtls10"
+#define NID_wap_wsg_idm_ecid_wtls10             743
+#define OBJ_wap_wsg_idm_ecid_wtls10             OBJ_wap_wsg_idm_ecid,10L
+
+#define SN_wap_wsg_idm_ecid_wtls11              "wap-wsg-idm-ecid-wtls11"
+#define NID_wap_wsg_idm_ecid_wtls11             744
+#define OBJ_wap_wsg_idm_ecid_wtls11             OBJ_wap_wsg_idm_ecid,11L
+
+#define SN_wap_wsg_idm_ecid_wtls12              "wap-wsg-idm-ecid-wtls12"
+#define NID_wap_wsg_idm_ecid_wtls12             745
+#define OBJ_wap_wsg_idm_ecid_wtls12             OBJ_wap_wsg_idm_ecid,12L
+
+#define SN_cast5_cbc            "CAST5-CBC"
+#define LN_cast5_cbc            "cast5-cbc"
+#define NID_cast5_cbc           108
+#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb            "CAST5-ECB"
+#define LN_cast5_ecb            "cast5-ecb"
+#define NID_cast5_ecb           109
+
+#define SN_cast5_cfb64          "CAST5-CFB"
+#define LN_cast5_cfb64          "cast5-cfb"
+#define NID_cast5_cfb64         110
+
+#define SN_cast5_ofb64          "CAST5-OFB"
+#define LN_cast5_ofb64          "cast5-ofb"
+#define NID_cast5_ofb64         111
+
+#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC              112
+#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_id_PasswordBasedMAC          "id-PasswordBasedMAC"
+#define LN_id_PasswordBasedMAC          "password based MAC"
+#define NID_id_PasswordBasedMAC         782
+#define OBJ_id_PasswordBasedMAC         OBJ_ISO_US,113533L,7L,66L,13L
+
+#define SN_id_DHBasedMac                "id-DHBasedMac"
+#define LN_id_DHBasedMac                "Diffie-Hellman based MAC"
+#define NID_id_DHBasedMac               783
+#define OBJ_id_DHBasedMac               OBJ_ISO_US,113533L,7L,66L,30L
+
+#define SN_rsadsi               "rsadsi"
+#define LN_rsadsi               "RSA Data Security, Inc."
+#define NID_rsadsi              1
+#define OBJ_rsadsi              OBJ_ISO_US,113549L
+
+#define SN_pkcs         "pkcs"
+#define LN_pkcs         "RSA Data Security, Inc. PKCS"
+#define NID_pkcs                2
+#define OBJ_pkcs                OBJ_rsadsi,1L
+
+#define SN_pkcs1                "pkcs1"
+#define NID_pkcs1               186
+#define OBJ_pkcs1               OBJ_pkcs,1L
+
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption                7
+#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
+
+#define SN_md4WithRSAEncryption         "RSA-MD4"
+#define LN_md4WithRSAEncryption         "md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption                396
+#define OBJ_md4WithRSAEncryption                OBJ_pkcs1,3L
+
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption                8
+#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption                "RSA-SHA1"
+#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption               65
+#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
+
+#define SN_rsaesOaep            "RSAES-OAEP"
+#define LN_rsaesOaep            "rsaesOaep"
+#define NID_rsaesOaep           919
+#define OBJ_rsaesOaep           OBJ_pkcs1,7L
+
+#define SN_mgf1         "MGF1"
+#define LN_mgf1         "mgf1"
+#define NID_mgf1                911
+#define OBJ_mgf1                OBJ_pkcs1,8L
+
+#define SN_pSpecified           "PSPECIFIED"
+#define LN_pSpecified           "pSpecified"
+#define NID_pSpecified          935
+#define OBJ_pSpecified          OBJ_pkcs1,9L
+
+#define SN_rsassaPss            "RSASSA-PSS"
+#define LN_rsassaPss            "rsassaPss"
+#define NID_rsassaPss           912
+#define OBJ_rsassaPss           OBJ_pkcs1,10L
+
+#define SN_sha256WithRSAEncryption              "RSA-SHA256"
+#define LN_sha256WithRSAEncryption              "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption             668
+#define OBJ_sha256WithRSAEncryption             OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption              "RSA-SHA384"
+#define LN_sha384WithRSAEncryption              "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption             669
+#define OBJ_sha384WithRSAEncryption             OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption              "RSA-SHA512"
+#define LN_sha512WithRSAEncryption              "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption             670
+#define OBJ_sha512WithRSAEncryption             OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption              "RSA-SHA224"
+#define LN_sha224WithRSAEncryption              "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption             671
+#define OBJ_sha224WithRSAEncryption             OBJ_pkcs1,14L
+
+#define SN_pkcs3                "pkcs3"
+#define NID_pkcs3               27
+#define OBJ_pkcs3               OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#define SN_pkcs5                "pkcs5"
+#define NID_pkcs5               187
+#define OBJ_pkcs5               OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC                9
+#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC                10
+#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC                168
+#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC                169
+#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC               170
+#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC               68
+#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2            "PBKDF2"
+#define NID_id_pbkdf2           69
+#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
+
+#define LN_pbes2                "PBES2"
+#define NID_pbes2               161
+#define OBJ_pbes2               OBJ_pkcs5,13L
+
+#define LN_pbmac1               "PBMAC1"
+#define NID_pbmac1              162
+#define OBJ_pbmac1              OBJ_pkcs5,14L
+
+#define SN_pkcs7                "pkcs7"
+#define NID_pkcs7               20
+#define OBJ_pkcs7               OBJ_pkcs,7L
+
+#define LN_pkcs7_data           "pkcs7-data"
+#define NID_pkcs7_data          21
+#define OBJ_pkcs7_data          OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed         "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped            24
+#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest         "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#define SN_pkcs9                "pkcs9"
+#define NID_pkcs9               47
+#define OBJ_pkcs9               OBJ_pkcs,9L
+
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName               "unstructuredName"
+#define NID_pkcs9_unstructuredName              49
+#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature               "countersignature"
+#define NID_pkcs9_countersignature              53
+#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword              "challengePassword"
+#define NID_pkcs9_challengePassword             54
+#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress           55
+#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes             56
+#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
+
+#define SN_ext_req              "extReq"
+#define LN_ext_req              "Extension Request"
+#define NID_ext_req             172
+#define OBJ_ext_req             OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities            "SMIME-CAPS"
+#define LN_SMIMECapabilities            "S/MIME Capabilities"
+#define NID_SMIMECapabilities           167
+#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#define SN_SMIME                "SMIME"
+#define LN_SMIME                "S/MIME"
+#define NID_SMIME               188
+#define OBJ_SMIME               OBJ_pkcs9,16L
+
+#define SN_id_smime_mod         "id-smime-mod"
+#define NID_id_smime_mod                189
+#define OBJ_id_smime_mod                OBJ_SMIME,0L
+
+#define SN_id_smime_ct          "id-smime-ct"
+#define NID_id_smime_ct         190
+#define OBJ_id_smime_ct         OBJ_SMIME,1L
+
+#define SN_id_smime_aa          "id-smime-aa"
+#define NID_id_smime_aa         191
+#define OBJ_id_smime_aa         OBJ_SMIME,2L
+
+#define SN_id_smime_alg         "id-smime-alg"
+#define NID_id_smime_alg                192
+#define OBJ_id_smime_alg                OBJ_SMIME,3L
+
+#define SN_id_smime_cd          "id-smime-cd"
+#define NID_id_smime_cd         193
+#define OBJ_id_smime_cd         OBJ_SMIME,4L
+
+#define SN_id_smime_spq         "id-smime-spq"
+#define NID_id_smime_spq                194
+#define OBJ_id_smime_spq                OBJ_SMIME,5L
+
+#define SN_id_smime_cti         "id-smime-cti"
+#define NID_id_smime_cti                195
+#define OBJ_id_smime_cti                OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms             "id-smime-mod-cms"
+#define NID_id_smime_mod_cms            196
+#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess             "id-smime-mod-ess"
+#define NID_id_smime_mod_ess            197
+#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid             "id-smime-mod-oid"
+#define NID_id_smime_mod_oid            198
+#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3         199
+#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88              200
+#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97              201
+#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88              202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97              203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt         204
+#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData         "id-smime-ct-authData"
+#define NID_id_smime_ct_authData                205
+#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert             206
+#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo         207
+#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo         208
+#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo             209
+#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData         210
+#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData                211
+#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
+
+#define SN_id_smime_ct_compressedData           "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData          786
+#define OBJ_id_smime_ct_compressedData          OBJ_id_smime_ct,9L
+
+#define SN_id_smime_ct_contentCollection                "id-smime-ct-contentCollection"
+#define NID_id_smime_ct_contentCollection               1058
+#define OBJ_id_smime_ct_contentCollection               OBJ_id_smime_ct,19L
+
+#define SN_id_smime_ct_authEnvelopedData                "id-smime-ct-authEnvelopedData"
+#define NID_id_smime_ct_authEnvelopedData               1059
+#define OBJ_id_smime_ct_authEnvelopedData               OBJ_id_smime_ct,23L
+
+#define SN_id_ct_asciiTextWithCRLF              "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF             787
+#define OBJ_id_ct_asciiTextWithCRLF             OBJ_id_smime_ct,27L
+
+#define SN_id_ct_xml            "id-ct-xml"
+#define NID_id_ct_xml           1060
+#define OBJ_id_ct_xml           OBJ_id_smime_ct,28L
+
+#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest          212
+#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel           213
+#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory         214
+#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint             215
+#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest            216
+#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType                217
+#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier               218
+#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue                219
+#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels                220
+#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference                221
+#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref           222
+#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate              223
+#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts               224
+#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken          225
+#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId         226
+#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType              227
+#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation              228
+#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr          229
+#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert                230
+#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp            231
+#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs             232
+#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs              233
+#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues          234
+#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues            235
+#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp                236
+#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp            237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp            238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType           239
+#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc                240
+#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
+
+#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES           241
+#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2            242
+#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap               243
+#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap                244
+#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH           245
+#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap            246
+#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap             247
+#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
+
+#define SN_id_alg_PWRI_KEK              "id-alg-PWRI-KEK"
+#define NID_id_alg_PWRI_KEK             893
+#define OBJ_id_alg_PWRI_KEK             OBJ_id_smime_alg,9L
+
+#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap            248
+#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri            249
+#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice                250
+#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin              251
+#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt             252
+#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery            253
+#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender              254
+#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval            255
+#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation            256
+#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
+
+#define LN_friendlyName         "friendlyName"
+#define NID_friendlyName                156
+#define OBJ_friendlyName                OBJ_pkcs9,20L
+
+#define LN_localKeyID           "localKeyID"
+#define NID_localKeyID          157
+#define OBJ_localKeyID          OBJ_pkcs9,21L
+
+#define SN_ms_csp_name          "CSPName"
+#define LN_ms_csp_name          "Microsoft CSP Name"
+#define NID_ms_csp_name         417
+#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+
+#define SN_LocalKeySet          "LocalKeySet"
+#define LN_LocalKeySet          "Microsoft Local Key set"
+#define NID_LocalKeySet         856
+#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+
+#define OBJ_certTypes           OBJ_pkcs9,22L
+
+#define LN_x509Certificate              "x509Certificate"
+#define NID_x509Certificate             158
+#define OBJ_x509Certificate             OBJ_certTypes,1L
+
+#define LN_sdsiCertificate              "sdsiCertificate"
+#define NID_sdsiCertificate             159
+#define OBJ_sdsiCertificate             OBJ_certTypes,2L
+
+#define OBJ_crlTypes            OBJ_pkcs9,23L
+
+#define LN_x509Crl              "x509Crl"
+#define NID_x509Crl             160
+#define OBJ_x509Crl             OBJ_crlTypes,1L
+
+#define OBJ_pkcs12              OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4            144
+#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4             145
+#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC                148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC         149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag               "keyBag"
+#define NID_keyBag              150
+#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag         151
+#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag              "certBag"
+#define NID_certBag             152
+#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag               "crlBag"
+#define NID_crlBag              153
+#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag            "secretBag"
+#define NID_secretBag           154
+#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag              "safeContentsBag"
+#define NID_safeContentsBag             155
+#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
+
+#define SN_md2          "MD2"
+#define LN_md2          "md2"
+#define NID_md2         3
+#define OBJ_md2         OBJ_rsadsi,2L,2L
+
+#define SN_md4          "MD4"
+#define LN_md4          "md4"
+#define NID_md4         257
+#define OBJ_md4         OBJ_rsadsi,2L,4L
+
+#define SN_md5          "MD5"
+#define LN_md5          "md5"
+#define NID_md5         4
+#define OBJ_md5         OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1             "MD5-SHA1"
+#define LN_md5_sha1             "md5-sha1"
+#define NID_md5_sha1            114
+
+#define LN_hmacWithMD5          "hmacWithMD5"
+#define NID_hmacWithMD5         797
+#define OBJ_hmacWithMD5         OBJ_rsadsi,2L,6L
+
+#define LN_hmacWithSHA1         "hmacWithSHA1"
+#define NID_hmacWithSHA1                163
+#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
+
+#define LN_hmacWithSHA224               "hmacWithSHA224"
+#define NID_hmacWithSHA224              798
+#define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
+
+#define LN_hmacWithSHA256               "hmacWithSHA256"
+#define NID_hmacWithSHA256              799
+#define OBJ_hmacWithSHA256              OBJ_rsadsi,2L,9L
+
+#define LN_hmacWithSHA384               "hmacWithSHA384"
+#define NID_hmacWithSHA384              800
+#define OBJ_hmacWithSHA384              OBJ_rsadsi,2L,10L
+
+#define LN_hmacWithSHA512               "hmacWithSHA512"
+#define NID_hmacWithSHA512              801
+#define OBJ_hmacWithSHA512              OBJ_rsadsi,2L,11L
+
+#define SN_rc2_cbc              "RC2-CBC"
+#define LN_rc2_cbc              "rc2-cbc"
+#define NID_rc2_cbc             37
+#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb              "RC2-ECB"
+#define LN_rc2_ecb              "rc2-ecb"
+#define NID_rc2_ecb             38
+
+#define SN_rc2_cfb64            "RC2-CFB"
+#define LN_rc2_cfb64            "rc2-cfb"
+#define NID_rc2_cfb64           39
+
+#define SN_rc2_ofb64            "RC2-OFB"
+#define LN_rc2_ofb64            "rc2-ofb"
+#define NID_rc2_ofb64           40
+
+#define SN_rc2_40_cbc           "RC2-40-CBC"
+#define LN_rc2_40_cbc           "rc2-40-cbc"
+#define NID_rc2_40_cbc          98
+
+#define SN_rc2_64_cbc           "RC2-64-CBC"
+#define LN_rc2_64_cbc           "rc2-64-cbc"
+#define NID_rc2_64_cbc          166
+
+#define SN_rc4          "RC4"
+#define LN_rc4          "rc4"
+#define NID_rc4         5
+#define OBJ_rc4         OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40               "RC4-40"
+#define LN_rc4_40               "rc4-40"
+#define NID_rc4_40              97
+
+#define SN_des_ede3_cbc         "DES-EDE3-CBC"
+#define LN_des_ede3_cbc         "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc              "RC5-CBC"
+#define LN_rc5_cbc              "rc5-cbc"
+#define NID_rc5_cbc             120
+#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb              "RC5-ECB"
+#define LN_rc5_ecb              "rc5-ecb"
+#define NID_rc5_ecb             121
+
+#define SN_rc5_cfb64            "RC5-CFB"
+#define LN_rc5_cfb64            "rc5-cfb"
+#define NID_rc5_cfb64           122
+
+#define SN_rc5_ofb64            "RC5-OFB"
+#define LN_rc5_ofb64            "rc5-ofb"
+#define NID_rc5_ofb64           123
+
+#define SN_ms_ext_req           "msExtReq"
+#define LN_ms_ext_req           "Microsoft Extension Request"
+#define NID_ms_ext_req          171
+#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind          "msCodeInd"
+#define LN_ms_code_ind          "Microsoft Individual Code Signing"
+#define NID_ms_code_ind         134
+#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com          "msCodeCom"
+#define LN_ms_code_com          "Microsoft Commercial Code Signing"
+#define NID_ms_code_com         135
+#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign          "msCTLSign"
+#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign         136
+#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc               "msSGC"
+#define LN_ms_sgc               "Microsoft Server Gated Crypto"
+#define NID_ms_sgc              137
+#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs               "msEFS"
+#define LN_ms_efs               "Microsoft Encrypted File System"
+#define NID_ms_efs              138
+#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_ms_smartcard_login           "msSmartcardLogin"
+#define LN_ms_smartcard_login           "Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login          648
+#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn               "msUPN"
+#define LN_ms_upn               "Microsoft Universal Principal Name"
+#define NID_ms_upn              649
+#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
+#define SN_idea_cbc             "IDEA-CBC"
+#define LN_idea_cbc             "idea-cbc"
+#define NID_idea_cbc            34
+#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb             "IDEA-ECB"
+#define LN_idea_ecb             "idea-ecb"
+#define NID_idea_ecb            36
+
+#define SN_idea_cfb64           "IDEA-CFB"
+#define LN_idea_cfb64           "idea-cfb"
+#define NID_idea_cfb64          35
+
+#define SN_idea_ofb64           "IDEA-OFB"
+#define LN_idea_ofb64           "idea-ofb"
+#define NID_idea_ofb64          46
+
+#define SN_bf_cbc               "BF-CBC"
+#define LN_bf_cbc               "bf-cbc"
+#define NID_bf_cbc              91
+#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb               "BF-ECB"
+#define LN_bf_ecb               "bf-ecb"
+#define NID_bf_ecb              92
+
+#define SN_bf_cfb64             "BF-CFB"
+#define LN_bf_cfb64             "bf-cfb"
+#define NID_bf_cfb64            93
+
+#define SN_bf_ofb64             "BF-OFB"
+#define LN_bf_ofb64             "bf-ofb"
+#define NID_bf_ofb64            94
+
+#define SN_id_pkix              "PKIX"
+#define NID_id_pkix             127
+#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod          "id-pkix-mod"
+#define NID_id_pkix_mod         258
+#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
+
+#define SN_id_pe                "id-pe"
+#define NID_id_pe               175
+#define OBJ_id_pe               OBJ_id_pkix,1L
+
+#define SN_id_qt                "id-qt"
+#define NID_id_qt               259
+#define OBJ_id_qt               OBJ_id_pkix,2L
+
+#define SN_id_kp                "id-kp"
+#define NID_id_kp               128
+#define OBJ_id_kp               OBJ_id_pkix,3L
+
+#define SN_id_it                "id-it"
+#define NID_id_it               260
+#define OBJ_id_it               OBJ_id_pkix,4L
+
+#define SN_id_pkip              "id-pkip"
+#define NID_id_pkip             261
+#define OBJ_id_pkip             OBJ_id_pkix,5L
+
+#define SN_id_alg               "id-alg"
+#define NID_id_alg              262
+#define OBJ_id_alg              OBJ_id_pkix,6L
+
+#define SN_id_cmc               "id-cmc"
+#define NID_id_cmc              263
+#define OBJ_id_cmc              OBJ_id_pkix,7L
+
+#define SN_id_on                "id-on"
+#define NID_id_on               264
+#define OBJ_id_on               OBJ_id_pkix,8L
+
+#define SN_id_pda               "id-pda"
+#define NID_id_pda              265
+#define OBJ_id_pda              OBJ_id_pkix,9L
+
+#define SN_id_aca               "id-aca"
+#define NID_id_aca              266
+#define OBJ_id_aca              OBJ_id_pkix,10L
+
+#define SN_id_qcs               "id-qcs"
+#define NID_id_qcs              267
+#define OBJ_id_qcs              OBJ_id_pkix,11L
+
+#define SN_id_cct               "id-cct"
+#define NID_id_cct              268
+#define OBJ_id_cct              OBJ_id_pkix,12L
+
+#define SN_id_ppl               "id-ppl"
+#define NID_id_ppl              662
+#define OBJ_id_ppl              OBJ_id_pkix,21L
+
+#define SN_id_ad                "id-ad"
+#define NID_id_ad               176
+#define OBJ_id_ad               OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88                269
+#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88                270
+#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93                271
+#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93                272
+#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf          "id-mod-crmf"
+#define NID_id_mod_crmf         273
+#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc           "id-mod-cmc"
+#define NID_id_mod_cmc          274
+#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88               275
+#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93               276
+#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp           "id-mod-cmp"
+#define NID_id_mod_cmp          277
+#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88            278
+#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93            279
+#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert               280
+#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol           281
+#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp          "id-mod-ocsp"
+#define NID_id_mod_ocsp         282
+#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs          "id-mod-dvcs"
+#define NID_id_mod_dvcs         283
+#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000               "id-mod-cmp2000"
+#define NID_id_mod_cmp2000              284
+#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
+
+#define SN_info_access          "authorityInfoAccess"
+#define LN_info_access          "Authority Information Access"
+#define NID_info_access         177
+#define OBJ_info_access         OBJ_id_pe,1L
+
+#define SN_biometricInfo                "biometricInfo"
+#define LN_biometricInfo                "Biometric Info"
+#define NID_biometricInfo               285
+#define OBJ_biometricInfo               OBJ_id_pe,2L
+
+#define SN_qcStatements         "qcStatements"
+#define NID_qcStatements                286
+#define OBJ_qcStatements                OBJ_id_pe,3L
+
+#define SN_ac_auditEntity               "ac-auditEntity"
+#define NID_ac_auditEntity              287
+#define OBJ_ac_auditEntity              OBJ_id_pe,4L
+
+#define SN_ac_targeting         "ac-targeting"
+#define NID_ac_targeting                288
+#define OBJ_ac_targeting                OBJ_id_pe,5L
+
+#define SN_aaControls           "aaControls"
+#define NID_aaControls          289
+#define OBJ_aaControls          OBJ_id_pe,6L
+
+#define SN_sbgp_ipAddrBlock             "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock            290
+#define OBJ_sbgp_ipAddrBlock            OBJ_id_pe,7L
+
+#define SN_sbgp_autonomousSysNum                "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum               291
+#define OBJ_sbgp_autonomousSysNum               OBJ_id_pe,8L
+
+#define SN_sbgp_routerIdentifier                "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier               292
+#define OBJ_sbgp_routerIdentifier               OBJ_id_pe,9L
+
+#define SN_ac_proxying          "ac-proxying"
+#define NID_ac_proxying         397
+#define OBJ_ac_proxying         OBJ_id_pe,10L
+
+#define SN_sinfo_access         "subjectInfoAccess"
+#define LN_sinfo_access         "Subject Information Access"
+#define NID_sinfo_access                398
+#define OBJ_sinfo_access                OBJ_id_pe,11L
+
+#define SN_proxyCertInfo                "proxyCertInfo"
+#define LN_proxyCertInfo                "Proxy Certificate Information"
+#define NID_proxyCertInfo               663
+#define OBJ_proxyCertInfo               OBJ_id_pe,14L
+
+#define SN_tlsfeature           "tlsfeature"
+#define LN_tlsfeature           "TLS Feature"
+#define NID_tlsfeature          1020
+#define OBJ_tlsfeature          OBJ_id_pe,24L
+
+#define SN_id_qt_cps            "id-qt-cps"
+#define LN_id_qt_cps            "Policy Qualifier CPS"
+#define NID_id_qt_cps           164
+#define OBJ_id_qt_cps           OBJ_id_qt,1L
+
+#define SN_id_qt_unotice                "id-qt-unotice"
+#define LN_id_qt_unotice                "Policy Qualifier User Notice"
+#define NID_id_qt_unotice               165
+#define OBJ_id_qt_unotice               OBJ_id_qt,2L
+
+#define SN_textNotice           "textNotice"
+#define NID_textNotice          293
+#define OBJ_textNotice          OBJ_id_qt,3L
+
+#define SN_server_auth          "serverAuth"
+#define LN_server_auth          "TLS Web Server Authentication"
+#define NID_server_auth         129
+#define OBJ_server_auth         OBJ_id_kp,1L
+
+#define SN_client_auth          "clientAuth"
+#define LN_client_auth          "TLS Web Client Authentication"
+#define NID_client_auth         130
+#define OBJ_client_auth         OBJ_id_kp,2L
+
+#define SN_code_sign            "codeSigning"
+#define LN_code_sign            "Code Signing"
+#define NID_code_sign           131
+#define OBJ_code_sign           OBJ_id_kp,3L
+
+#define SN_email_protect                "emailProtection"
+#define LN_email_protect                "E-mail Protection"
+#define NID_email_protect               132
+#define OBJ_email_protect               OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem               "ipsecEndSystem"
+#define LN_ipsecEndSystem               "IPSec End System"
+#define NID_ipsecEndSystem              294
+#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
+
+#define SN_ipsecTunnel          "ipsecTunnel"
+#define LN_ipsecTunnel          "IPSec Tunnel"
+#define NID_ipsecTunnel         295
+#define OBJ_ipsecTunnel         OBJ_id_kp,6L
+
+#define SN_ipsecUser            "ipsecUser"
+#define LN_ipsecUser            "IPSec User"
+#define NID_ipsecUser           296
+#define OBJ_ipsecUser           OBJ_id_kp,7L
+
+#define SN_time_stamp           "timeStamping"
+#define LN_time_stamp           "Time Stamping"
+#define NID_time_stamp          133
+#define OBJ_time_stamp          OBJ_id_kp,8L
+
+#define SN_OCSP_sign            "OCSPSigning"
+#define LN_OCSP_sign            "OCSP Signing"
+#define NID_OCSP_sign           180
+#define OBJ_OCSP_sign           OBJ_id_kp,9L
+
+#define SN_dvcs         "DVCS"
+#define LN_dvcs         "dvcs"
+#define NID_dvcs                297
+#define OBJ_dvcs                OBJ_id_kp,10L
+
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
+#define SN_capwapAC             "capwapAC"
+#define LN_capwapAC             "Ctrl/provision WAP Access"
+#define NID_capwapAC            1023
+#define OBJ_capwapAC            OBJ_id_kp,18L
+
+#define SN_capwapWTP            "capwapWTP"
+#define LN_capwapWTP            "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP           1024
+#define OBJ_capwapWTP           OBJ_id_kp,19L
+
+#define SN_sshClient            "secureShellClient"
+#define LN_sshClient            "SSH Client"
+#define NID_sshClient           1025
+#define OBJ_sshClient           OBJ_id_kp,21L
+
+#define SN_sshServer            "secureShellServer"
+#define LN_sshServer            "SSH Server"
+#define NID_sshServer           1026
+#define OBJ_sshServer           OBJ_id_kp,22L
+
+#define SN_sendRouter           "sendRouter"
+#define LN_sendRouter           "Send Router"
+#define NID_sendRouter          1027
+#define OBJ_sendRouter          OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter            "sendProxiedRouter"
+#define LN_sendProxiedRouter            "Send Proxied Router"
+#define NID_sendProxiedRouter           1028
+#define OBJ_sendProxiedRouter           OBJ_id_kp,24L
+
+#define SN_sendOwner            "sendOwner"
+#define LN_sendOwner            "Send Owner"
+#define NID_sendOwner           1029
+#define OBJ_sendOwner           OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner             "sendProxiedOwner"
+#define LN_sendProxiedOwner             "Send Proxied Owner"
+#define NID_sendProxiedOwner            1030
+#define OBJ_sendProxiedOwner            OBJ_id_kp,26L
+
+#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert         298
+#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes              299
+#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes               300
+#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg              301
+#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo               302
+#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
+
+#define SN_id_it_currentCRL             "id-it-currentCRL"
+#define NID_id_it_currentCRL            303
+#define OBJ_id_it_currentCRL            OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs               304
+#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest           305
+#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse          306
+#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq               307
+#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep               308
+#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase          "id-it-revPassphrase"
+#define NID_id_it_revPassphrase         309
+#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm               310
+#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime               311
+#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage                312
+#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
+
+#define SN_id_it_suppLangTags           "id-it-suppLangTags"
+#define NID_id_it_suppLangTags          784
+#define OBJ_id_it_suppLangTags          OBJ_id_it,16L
+
+#define SN_id_regCtrl           "id-regCtrl"
+#define NID_id_regCtrl          313
+#define OBJ_id_regCtrl          OBJ_id_pkip,1L
+
+#define SN_id_regInfo           "id-regInfo"
+#define NID_id_regInfo          314
+#define OBJ_id_regInfo          OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken         315
+#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator            316
+#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo               317
+#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions                318
+#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID                319
+#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey          320
+#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs                321
+#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq           "id-regInfo-certReq"
+#define NID_id_regInfo_certReq          322
+#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40         "id-alg-des40"
+#define NID_id_alg_des40                323
+#define OBJ_id_alg_des40                OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature           "id-alg-noSignature"
+#define NID_id_alg_noSignature          324
+#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1             325
+#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop                "id-alg-dh-pop"
+#define NID_id_alg_dh_pop               326
+#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo           327
+#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification                "id-cmc-identification"
+#define NID_id_cmc_identification               328
+#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof         "id-cmc-identityProof"
+#define NID_id_cmc_identityProof                329
+#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn           330
+#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId         "id-cmc-transactionId"
+#define NID_id_cmc_transactionId                331
+#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce          332
+#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce               333
+#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions                334
+#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP         335
+#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP         336
+#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness                337
+#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert               "id-cmc-getCert"
+#define NID_id_cmc_getCert              338
+#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL                "id-cmc-getCRL"
+#define NID_id_cmc_getCRL               339
+#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest                340
+#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo               "id-cmc-regInfo"
+#define NID_id_cmc_regInfo              341
+#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo         342
+#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending          "id-cmc-queryPending"
+#define NID_id_cmc_queryPending         343
+#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom                344
+#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness               345
+#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance                346
+#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
+
+#define SN_id_on_personalData           "id-on-personalData"
+#define NID_id_on_personalData          347
+#define OBJ_id_on_personalData          OBJ_id_on,1L
+
+#define SN_id_on_permanentIdentifier            "id-on-permanentIdentifier"
+#define LN_id_on_permanentIdentifier            "Permanent Identifier"
+#define NID_id_on_permanentIdentifier           858
+#define OBJ_id_on_permanentIdentifier           OBJ_id_on,3L
+
+#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth          348
+#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth         349
+#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
+
+#define SN_id_pda_gender                "id-pda-gender"
+#define NID_id_pda_gender               351
+#define OBJ_id_pda_gender               OBJ_id_pda,3L
+
+#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship         352
+#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence           353
+#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,5L
+
+#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo           354
+#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity               355
+#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity             356
+#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
+
+#define SN_id_aca_group         "id-aca-group"
+#define NID_id_aca_group                357
+#define OBJ_id_aca_group                OBJ_id_aca,4L
+
+#define SN_id_aca_role          "id-aca-role"
+#define NID_id_aca_role         358
+#define OBJ_id_aca_role         OBJ_id_aca,5L
+
+#define SN_id_aca_encAttrs              "id-aca-encAttrs"
+#define NID_id_aca_encAttrs             399
+#define OBJ_id_aca_encAttrs             OBJ_id_aca,6L
+
+#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1              359
+#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
+
+#define SN_id_cct_crs           "id-cct-crs"
+#define NID_id_cct_crs          360
+#define OBJ_id_cct_crs          OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData               "id-cct-PKIData"
+#define NID_id_cct_PKIData              361
+#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse          362
+#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
+
+#define SN_id_ppl_anyLanguage           "id-ppl-anyLanguage"
+#define LN_id_ppl_anyLanguage           "Any language"
+#define NID_id_ppl_anyLanguage          664
+#define OBJ_id_ppl_anyLanguage          OBJ_id_ppl,0L
+
+#define SN_id_ppl_inheritAll            "id-ppl-inheritAll"
+#define LN_id_ppl_inheritAll            "Inherit all"
+#define NID_id_ppl_inheritAll           665
+#define OBJ_id_ppl_inheritAll           OBJ_id_ppl,1L
+
+#define SN_Independent          "id-ppl-independent"
+#define LN_Independent          "Independent"
+#define NID_Independent         667
+#define OBJ_Independent         OBJ_id_ppl,2L
+
+#define SN_ad_OCSP              "OCSP"
+#define LN_ad_OCSP              "OCSP"
+#define NID_ad_OCSP             178
+#define OBJ_ad_OCSP             OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers                "caIssuers"
+#define LN_ad_ca_issuers                "CA Issuers"
+#define NID_ad_ca_issuers               179
+#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#define SN_ad_timeStamping              "ad_timestamping"
+#define LN_ad_timeStamping              "AD Time Stamping"
+#define NID_ad_timeStamping             363
+#define OBJ_ad_timeStamping             OBJ_id_ad,3L
+
+#define SN_ad_dvcs              "AD_DVCS"
+#define LN_ad_dvcs              "ad dvcs"
+#define NID_ad_dvcs             364
+#define OBJ_ad_dvcs             OBJ_id_ad,4L
+
+#define SN_caRepository         "caRepository"
+#define LN_caRepository         "CA Repository"
+#define NID_caRepository                785
+#define OBJ_caRepository                OBJ_id_ad,5L
+
+#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic          365
+#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce           "Nonce"
+#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce          366
+#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID           "CrlID"
+#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID          367
+#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses            368
+#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck         "noCheck"
+#define LN_id_pkix_OCSP_noCheck         "OCSP No Check"
+#define NID_id_pkix_OCSP_noCheck                369
+#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff          370
+#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator         371
+#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus         372
+#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid           "valid"
+#define NID_id_pkix_OCSP_valid          373
+#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path            "path"
+#define NID_id_pkix_OCSP_path           374
+#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
+#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
+#define NID_id_pkix_OCSP_trustRoot              375
+#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm            "algorithm"
+#define LN_algorithm            "algorithm"
+#define NID_algorithm           376
+#define OBJ_algorithm           1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA           "RSA-NP-MD5"
+#define LN_md5WithRSA           "md5WithRSA"
+#define NID_md5WithRSA          104
+#define OBJ_md5WithRSA          OBJ_algorithm,3L
+
+#define SN_des_ecb              "DES-ECB"
+#define LN_des_ecb              "des-ecb"
+#define NID_des_ecb             29
+#define OBJ_des_ecb             OBJ_algorithm,6L
+
+#define SN_des_cbc              "DES-CBC"
+#define LN_des_cbc              "des-cbc"
+#define NID_des_cbc             31
+#define OBJ_des_cbc             OBJ_algorithm,7L
+
+#define SN_des_ofb64            "DES-OFB"
+#define LN_des_ofb64            "des-ofb"
+#define NID_des_ofb64           45
+#define OBJ_des_ofb64           OBJ_algorithm,8L
+
+#define SN_des_cfb64            "DES-CFB"
+#define LN_des_cfb64            "des-cfb"
+#define NID_des_cfb64           30
+#define OBJ_des_cfb64           OBJ_algorithm,9L
+
+#define SN_rsaSignature         "rsaSignature"
+#define NID_rsaSignature                377
+#define OBJ_rsaSignature                OBJ_algorithm,11L
+
+#define SN_dsa_2                "DSA-old"
+#define LN_dsa_2                "dsaEncryption-old"
+#define NID_dsa_2               67
+#define OBJ_dsa_2               OBJ_algorithm,12L
+
+#define SN_dsaWithSHA           "DSA-SHA"
+#define LN_dsaWithSHA           "dsaWithSHA"
+#define NID_dsaWithSHA          66
+#define OBJ_dsaWithSHA          OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption                42
+#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
+
+#define SN_des_ede_ecb          "DES-EDE"
+#define LN_des_ede_ecb          "des-ede"
+#define NID_des_ede_ecb         32
+#define OBJ_des_ede_ecb         OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb         "DES-EDE3"
+#define LN_des_ede3_ecb         "des-ede3"
+#define NID_des_ede3_ecb                33
+
+#define SN_des_ede_cbc          "DES-EDE-CBC"
+#define LN_des_ede_cbc          "des-ede-cbc"
+#define NID_des_ede_cbc         43
+
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+
+#define SN_desx_cbc             "DESX-CBC"
+#define LN_desx_cbc             "desx-cbc"
+#define NID_desx_cbc            80
+
+#define SN_sha          "SHA"
+#define LN_sha          "sha"
+#define NID_sha         41
+#define OBJ_sha         OBJ_algorithm,18L
+
+#define SN_sha1         "SHA1"
+#define LN_sha1         "sha1"
+#define NID_sha1                64
+#define OBJ_sha1                OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2               70
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#define SN_sha1WithRSA          "RSA-SHA1-2"
+#define LN_sha1WithRSA          "sha1WithRSA"
+#define NID_sha1WithRSA         115
+#define OBJ_sha1WithRSA         OBJ_algorithm,29L
+
+#define SN_ripemd160            "RIPEMD160"
+#define LN_ripemd160            "ripemd160"
+#define NID_ripemd160           117
+#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+#define SN_blake2b512           "BLAKE2b512"
+#define LN_blake2b512           "blake2b512"
+#define NID_blake2b512          1056
+#define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+
+#define SN_blake2s256           "BLAKE2s256"
+#define LN_blake2s256           "blake2s256"
+#define NID_blake2s256          1057
+#define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+
+#define SN_sxnet                "SXNetID"
+#define LN_sxnet                "Strong Extranet ID"
+#define NID_sxnet               143
+#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
+
+#define SN_X500         "X500"
+#define LN_X500         "directory services (X.500)"
+#define NID_X500                11
+#define OBJ_X500                2L,5L
+
+#define SN_X509         "X509"
+#define NID_X509                12
+#define OBJ_X509                OBJ_X500,4L
+
+#define SN_commonName           "CN"
+#define LN_commonName           "commonName"
+#define NID_commonName          13
+#define OBJ_commonName          OBJ_X509,3L
+
+#define SN_surname              "SN"
+#define LN_surname              "surname"
+#define NID_surname             100
+#define OBJ_surname             OBJ_X509,4L
+
+#define LN_serialNumber         "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+
+#define SN_countryName          "C"
+#define LN_countryName          "countryName"
+#define NID_countryName         14
+#define OBJ_countryName         OBJ_X509,6L
+
+#define SN_localityName         "L"
+#define LN_localityName         "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#define SN_streetAddress                "street"
+#define LN_streetAddress                "streetAddress"
+#define NID_streetAddress               660
+#define OBJ_streetAddress               OBJ_X509,9L
+
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+
+#define SN_organizationalUnitName               "OU"
+#define LN_organizationalUnitName               "organizationalUnitName"
+#define NID_organizationalUnitName              18
+#define OBJ_organizationalUnitName              OBJ_X509,11L
+
+#define SN_title                "title"
+#define LN_title                "title"
+#define NID_title               106
+#define OBJ_title               OBJ_X509,12L
+
+#define LN_description          "description"
+#define NID_description         107
+#define OBJ_description         OBJ_X509,13L
+
+#define LN_searchGuide          "searchGuide"
+#define NID_searchGuide         859
+#define OBJ_searchGuide         OBJ_X509,14L
+
+#define LN_businessCategory             "businessCategory"
+#define NID_businessCategory            860
+#define OBJ_businessCategory            OBJ_X509,15L
+
+#define LN_postalAddress                "postalAddress"
+#define NID_postalAddress               861
+#define OBJ_postalAddress               OBJ_X509,16L
+
+#define LN_postalCode           "postalCode"
+#define NID_postalCode          661
+#define OBJ_postalCode          OBJ_X509,17L
+
+#define LN_postOfficeBox                "postOfficeBox"
+#define NID_postOfficeBox               862
+#define OBJ_postOfficeBox               OBJ_X509,18L
+
+#define LN_physicalDeliveryOfficeName           "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName          863
+#define OBJ_physicalDeliveryOfficeName          OBJ_X509,19L
+
+#define LN_telephoneNumber              "telephoneNumber"
+#define NID_telephoneNumber             864
+#define OBJ_telephoneNumber             OBJ_X509,20L
+
+#define LN_telexNumber          "telexNumber"
+#define NID_telexNumber         865
+#define OBJ_telexNumber         OBJ_X509,21L
+
+#define LN_teletexTerminalIdentifier            "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier           866
+#define OBJ_teletexTerminalIdentifier           OBJ_X509,22L
+
+#define LN_facsimileTelephoneNumber             "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber            867
+#define OBJ_facsimileTelephoneNumber            OBJ_X509,23L
+
+#define LN_x121Address          "x121Address"
+#define NID_x121Address         868
+#define OBJ_x121Address         OBJ_X509,24L
+
+#define LN_internationaliSDNNumber              "internationaliSDNNumber"
+#define NID_internationaliSDNNumber             869
+#define OBJ_internationaliSDNNumber             OBJ_X509,25L
+
+#define LN_registeredAddress            "registeredAddress"
+#define NID_registeredAddress           870
+#define OBJ_registeredAddress           OBJ_X509,26L
+
+#define LN_destinationIndicator         "destinationIndicator"
+#define NID_destinationIndicator                871
+#define OBJ_destinationIndicator                OBJ_X509,27L
+
+#define LN_preferredDeliveryMethod              "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod             872
+#define OBJ_preferredDeliveryMethod             OBJ_X509,28L
+
+#define LN_presentationAddress          "presentationAddress"
+#define NID_presentationAddress         873
+#define OBJ_presentationAddress         OBJ_X509,29L
+
+#define LN_supportedApplicationContext          "supportedApplicationContext"
+#define NID_supportedApplicationContext         874
+#define OBJ_supportedApplicationContext         OBJ_X509,30L
+
+#define SN_member               "member"
+#define NID_member              875
+#define OBJ_member              OBJ_X509,31L
+
+#define SN_owner                "owner"
+#define NID_owner               876
+#define OBJ_owner               OBJ_X509,32L
+
+#define LN_roleOccupant         "roleOccupant"
+#define NID_roleOccupant                877
+#define OBJ_roleOccupant                OBJ_X509,33L
+
+#define SN_seeAlso              "seeAlso"
+#define NID_seeAlso             878
+#define OBJ_seeAlso             OBJ_X509,34L
+
+#define LN_userPassword         "userPassword"
+#define NID_userPassword                879
+#define OBJ_userPassword                OBJ_X509,35L
+
+#define LN_userCertificate              "userCertificate"
+#define NID_userCertificate             880
+#define OBJ_userCertificate             OBJ_X509,36L
+
+#define LN_cACertificate                "cACertificate"
+#define NID_cACertificate               881
+#define OBJ_cACertificate               OBJ_X509,37L
+
+#define LN_authorityRevocationList              "authorityRevocationList"
+#define NID_authorityRevocationList             882
+#define OBJ_authorityRevocationList             OBJ_X509,38L
+
+#define LN_certificateRevocationList            "certificateRevocationList"
+#define NID_certificateRevocationList           883
+#define OBJ_certificateRevocationList           OBJ_X509,39L
+
+#define LN_crossCertificatePair         "crossCertificatePair"
+#define NID_crossCertificatePair                884
+#define OBJ_crossCertificatePair                OBJ_X509,40L
+
+#define SN_name         "name"
+#define LN_name         "name"
+#define NID_name                173
+#define OBJ_name                OBJ_X509,41L
+
+#define SN_givenName            "GN"
+#define LN_givenName            "givenName"
+#define NID_givenName           99
+#define OBJ_givenName           OBJ_X509,42L
+
+#define SN_initials             "initials"
+#define LN_initials             "initials"
+#define NID_initials            101
+#define OBJ_initials            OBJ_X509,43L
+
+#define LN_generationQualifier          "generationQualifier"
+#define NID_generationQualifier         509
+#define OBJ_generationQualifier         OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier                503
+#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
+
+#define SN_dnQualifier          "dnQualifier"
+#define LN_dnQualifier          "dnQualifier"
+#define NID_dnQualifier         174
+#define OBJ_dnQualifier         OBJ_X509,46L
+
+#define LN_enhancedSearchGuide          "enhancedSearchGuide"
+#define NID_enhancedSearchGuide         885
+#define OBJ_enhancedSearchGuide         OBJ_X509,47L
+
+#define LN_protocolInformation          "protocolInformation"
+#define NID_protocolInformation         886
+#define OBJ_protocolInformation         OBJ_X509,48L
+
+#define LN_distinguishedName            "distinguishedName"
+#define NID_distinguishedName           887
+#define OBJ_distinguishedName           OBJ_X509,49L
+
+#define LN_uniqueMember         "uniqueMember"
+#define NID_uniqueMember                888
+#define OBJ_uniqueMember                OBJ_X509,50L
+
+#define LN_houseIdentifier              "houseIdentifier"
+#define NID_houseIdentifier             889
+#define OBJ_houseIdentifier             OBJ_X509,51L
+
+#define LN_supportedAlgorithms          "supportedAlgorithms"
+#define NID_supportedAlgorithms         890
+#define OBJ_supportedAlgorithms         OBJ_X509,52L
+
+#define LN_deltaRevocationList          "deltaRevocationList"
+#define NID_deltaRevocationList         891
+#define OBJ_deltaRevocationList         OBJ_X509,53L
+
+#define SN_dmdName              "dmdName"
+#define NID_dmdName             892
+#define OBJ_dmdName             OBJ_X509,54L
+
+#define LN_pseudonym            "pseudonym"
+#define NID_pseudonym           510
+#define OBJ_pseudonym           OBJ_X509,65L
+
+#define SN_role         "role"
+#define LN_role         "role"
+#define NID_role                400
+#define OBJ_role                OBJ_X509,72L
+
+#define SN_X500algorithms               "X500algorithms"
+#define LN_X500algorithms               "directory services - algorithms"
+#define NID_X500algorithms              378
+#define OBJ_X500algorithms              OBJ_X500,8L
+
+#define SN_rsa          "RSA"
+#define LN_rsa          "rsa"
+#define NID_rsa         19
+#define OBJ_rsa         OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA          "RSA-MDC2"
+#define LN_mdc2WithRSA          "mdc2WithRSA"
+#define NID_mdc2WithRSA         96
+#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2         "MDC2"
+#define LN_mdc2         "mdc2"
+#define NID_mdc2                95
+#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce                "id-ce"
+#define NID_id_ce               81
+#define OBJ_id_ce               OBJ_X500,29L
+
+#define SN_subject_directory_attributes         "subjectDirectoryAttributes"
+#define LN_subject_directory_attributes         "X509v3 Subject Directory Attributes"
+#define NID_subject_directory_attributes                769
+#define OBJ_subject_directory_attributes                OBJ_id_ce,9L
+
+#define SN_subject_key_identifier               "subjectKeyIdentifier"
+#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier              82
+#define OBJ_subject_key_identifier              OBJ_id_ce,14L
+
+#define SN_key_usage            "keyUsage"
+#define LN_key_usage            "X509v3 Key Usage"
+#define NID_key_usage           83
+#define OBJ_key_usage           OBJ_id_ce,15L
+
+#define SN_private_key_usage_period             "privateKeyUsagePeriod"
+#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period            84
+#define OBJ_private_key_usage_period            OBJ_id_ce,16L
+
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#define SN_crl_number           "crlNumber"
+#define LN_crl_number           "X509v3 CRL Number"
+#define NID_crl_number          88
+#define OBJ_crl_number          OBJ_id_ce,20L
+
+#define SN_crl_reason           "CRLReason"
+#define LN_crl_reason           "X509v3 CRL Reason Code"
+#define NID_crl_reason          141
+#define OBJ_crl_reason          OBJ_id_ce,21L
+
+#define SN_invalidity_date              "invalidityDate"
+#define LN_invalidity_date              "Invalidity Date"
+#define NID_invalidity_date             142
+#define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#define SN_delta_crl            "deltaCRL"
+#define LN_delta_crl            "X509v3 Delta CRL Indicator"
+#define NID_delta_crl           140
+#define OBJ_delta_crl           OBJ_id_ce,27L
+
+#define SN_issuing_distribution_point           "issuingDistributionPoint"
+#define LN_issuing_distribution_point           "X509v3 Issuing Distribution Point"
+#define NID_issuing_distribution_point          770
+#define OBJ_issuing_distribution_point          OBJ_id_ce,28L
+
+#define SN_certificate_issuer           "certificateIssuer"
+#define LN_certificate_issuer           "X509v3 Certificate Issuer"
+#define NID_certificate_issuer          771
+#define OBJ_certificate_issuer          OBJ_id_ce,29L
+
+#define SN_name_constraints             "nameConstraints"
+#define LN_name_constraints             "X509v3 Name Constraints"
+#define NID_name_constraints            666
+#define OBJ_name_constraints            OBJ_id_ce,30L
+
+#define SN_crl_distribution_points              "crlDistributionPoints"
+#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points             103
+#define OBJ_crl_distribution_points             OBJ_id_ce,31L
+
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies                89
+#define OBJ_certificate_policies                OBJ_id_ce,32L
+
+#define SN_any_policy           "anyPolicy"
+#define LN_any_policy           "X509v3 Any Policy"
+#define NID_any_policy          746
+#define OBJ_any_policy          OBJ_certificate_policies,0L
+
+#define SN_policy_mappings              "policyMappings"
+#define LN_policy_mappings              "X509v3 Policy Mappings"
+#define NID_policy_mappings             747
+#define OBJ_policy_mappings             OBJ_id_ce,33L
+
+#define SN_authority_key_identifier             "authorityKeyIdentifier"
+#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier            90
+#define OBJ_authority_key_identifier            OBJ_id_ce,35L
+
+#define SN_policy_constraints           "policyConstraints"
+#define LN_policy_constraints           "X509v3 Policy Constraints"
+#define NID_policy_constraints          401
+#define OBJ_policy_constraints          OBJ_id_ce,36L
+
+#define SN_ext_key_usage                "extendedKeyUsage"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#define NID_ext_key_usage               126
+#define OBJ_ext_key_usage               OBJ_id_ce,37L
+
+#define SN_freshest_crl         "freshestCRL"
+#define LN_freshest_crl         "X509v3 Freshest CRL"
+#define NID_freshest_crl                857
+#define OBJ_freshest_crl                OBJ_id_ce,46L
+
+#define SN_inhibit_any_policy           "inhibitAnyPolicy"
+#define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
+#define NID_inhibit_any_policy          748
+#define OBJ_inhibit_any_policy          OBJ_id_ce,54L
+
+#define SN_target_information           "targetInformation"
+#define LN_target_information           "X509v3 AC Targeting"
+#define NID_target_information          402
+#define OBJ_target_information          OBJ_id_ce,55L
+
+#define SN_no_rev_avail         "noRevAvail"
+#define LN_no_rev_avail         "X509v3 No Revocation Available"
+#define NID_no_rev_avail                403
+#define OBJ_no_rev_avail                OBJ_id_ce,56L
+
+#define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
+#define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
+#define NID_anyExtendedKeyUsage         910
+#define OBJ_anyExtendedKeyUsage         OBJ_ext_key_usage,0L
+
+#define SN_netscape             "Netscape"
+#define LN_netscape             "Netscape Communications Corp."
+#define NID_netscape            57
+#define OBJ_netscape            2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension              "nsCertExt"
+#define LN_netscape_cert_extension              "Netscape Certificate Extension"
+#define NID_netscape_cert_extension             58
+#define OBJ_netscape_cert_extension             OBJ_netscape,1L
+
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url              "nsRevocationUrl"
+#define LN_netscape_revocation_url              "Netscape Revocation Url"
+#define NID_netscape_revocation_url             73
+#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url          74
+#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url                75
+#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url              76
+#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name             "nsSslServerName"
+#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name            77
+#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence               "nsCertSequence"
+#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence              79
+#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc               "nsSGC"
+#define LN_ns_sgc               "Netscape Server Gated Crypto"
+#define NID_ns_sgc              139
+#define OBJ_ns_sgc              OBJ_netscape,4L,1L
+
+#define SN_org          "ORG"
+#define LN_org          "org"
+#define NID_org         379
+#define OBJ_org         OBJ_iso,3L
+
+#define SN_dod          "DOD"
+#define LN_dod          "dod"
+#define NID_dod         380
+#define OBJ_dod         OBJ_org,6L
+
+#define SN_iana         "IANA"
+#define LN_iana         "iana"
+#define NID_iana                381
+#define OBJ_iana                OBJ_dod,1L
+
+#define OBJ_internet            OBJ_iana
+
+#define SN_Directory            "directory"
+#define LN_Directory            "Directory"
+#define NID_Directory           382
+#define OBJ_Directory           OBJ_internet,1L
+
+#define SN_Management           "mgmt"
+#define LN_Management           "Management"
+#define NID_Management          383
+#define OBJ_Management          OBJ_internet,2L
+
+#define SN_Experimental         "experimental"
+#define LN_Experimental         "Experimental"
+#define NID_Experimental                384
+#define OBJ_Experimental                OBJ_internet,3L
+
+#define SN_Private              "private"
+#define LN_Private              "Private"
+#define NID_Private             385
+#define OBJ_Private             OBJ_internet,4L
+
+#define SN_Security             "security"
+#define LN_Security             "Security"
+#define NID_Security            386
+#define OBJ_Security            OBJ_internet,5L
+
+#define SN_SNMPv2               "snmpv2"
+#define LN_SNMPv2               "SNMPv2"
+#define NID_SNMPv2              387
+#define OBJ_SNMPv2              OBJ_internet,6L
+
+#define LN_Mail         "Mail"
+#define NID_Mail                388
+#define OBJ_Mail                OBJ_internet,7L
+
+#define SN_Enterprises          "enterprises"
+#define LN_Enterprises          "Enterprises"
+#define NID_Enterprises         389
+#define OBJ_Enterprises         OBJ_Private,1L
+
+#define SN_dcObject             "dcobject"
+#define LN_dcObject             "dcObject"
+#define NID_dcObject            390
+#define OBJ_dcObject            OBJ_Enterprises,1466L,344L
+
+#define SN_mime_mhs             "mime-mhs"
+#define LN_mime_mhs             "MIME MHS"
+#define NID_mime_mhs            504
+#define OBJ_mime_mhs            OBJ_Mail,1L
+
+#define SN_mime_mhs_headings            "mime-mhs-headings"
+#define LN_mime_mhs_headings            "mime-mhs-headings"
+#define NID_mime_mhs_headings           505
+#define OBJ_mime_mhs_headings           OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies              "mime-mhs-bodies"
+#define LN_mime_mhs_bodies              "mime-mhs-bodies"
+#define NID_mime_mhs_bodies             506
+#define OBJ_mime_mhs_bodies             OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message               "id-hex-partial-message"
+#define LN_id_hex_partial_message               "id-hex-partial-message"
+#define NID_id_hex_partial_message              507
+#define OBJ_id_hex_partial_message              OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message             "id-hex-multipart-message"
+#define LN_id_hex_multipart_message             "id-hex-multipart-message"
+#define NID_id_hex_multipart_message            508
+#define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
+
+#define SN_zlib_compression             "ZLIB"
+#define LN_zlib_compression             "zlib compression"
+#define NID_zlib_compression            125
+#define OBJ_zlib_compression            OBJ_id_smime_alg,8L
+
+#define OBJ_csor                2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms              OBJ_csor,4L
+
+#define OBJ_aes         OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb          "AES-128-ECB"
+#define LN_aes_128_ecb          "aes-128-ecb"
+#define NID_aes_128_ecb         418
+#define OBJ_aes_128_ecb         OBJ_aes,1L
+
+#define SN_aes_128_cbc          "AES-128-CBC"
+#define LN_aes_128_cbc          "aes-128-cbc"
+#define NID_aes_128_cbc         419
+#define OBJ_aes_128_cbc         OBJ_aes,2L
+
+#define SN_aes_128_ofb128               "AES-128-OFB"
+#define LN_aes_128_ofb128               "aes-128-ofb"
+#define NID_aes_128_ofb128              420
+#define OBJ_aes_128_ofb128              OBJ_aes,3L
+
+#define SN_aes_128_cfb128               "AES-128-CFB"
+#define LN_aes_128_cfb128               "aes-128-cfb"
+#define NID_aes_128_cfb128              421
+#define OBJ_aes_128_cfb128              OBJ_aes,4L
+
+#define SN_id_aes128_wrap               "id-aes128-wrap"
+#define NID_id_aes128_wrap              788
+#define OBJ_id_aes128_wrap              OBJ_aes,5L
+
+#define SN_aes_128_gcm          "id-aes128-GCM"
+#define LN_aes_128_gcm          "aes-128-gcm"
+#define NID_aes_128_gcm         895
+#define OBJ_aes_128_gcm         OBJ_aes,6L
+
+#define SN_aes_128_ccm          "id-aes128-CCM"
+#define LN_aes_128_ccm          "aes-128-ccm"
+#define NID_aes_128_ccm         896
+#define OBJ_aes_128_ccm         OBJ_aes,7L
+
+#define SN_id_aes128_wrap_pad           "id-aes128-wrap-pad"
+#define NID_id_aes128_wrap_pad          897
+#define OBJ_id_aes128_wrap_pad          OBJ_aes,8L
+
+#define SN_aes_192_ecb          "AES-192-ECB"
+#define LN_aes_192_ecb          "aes-192-ecb"
+#define NID_aes_192_ecb         422
+#define OBJ_aes_192_ecb         OBJ_aes,21L
+
+#define SN_aes_192_cbc          "AES-192-CBC"
+#define LN_aes_192_cbc          "aes-192-cbc"
+#define NID_aes_192_cbc         423
+#define OBJ_aes_192_cbc         OBJ_aes,22L
+
+#define SN_aes_192_ofb128               "AES-192-OFB"
+#define LN_aes_192_ofb128               "aes-192-ofb"
+#define NID_aes_192_ofb128              424
+#define OBJ_aes_192_ofb128              OBJ_aes,23L
+
+#define SN_aes_192_cfb128               "AES-192-CFB"
+#define LN_aes_192_cfb128               "aes-192-cfb"
+#define NID_aes_192_cfb128              425
+#define OBJ_aes_192_cfb128              OBJ_aes,24L
+
+#define SN_id_aes192_wrap               "id-aes192-wrap"
+#define NID_id_aes192_wrap              789
+#define OBJ_id_aes192_wrap              OBJ_aes,25L
+
+#define SN_aes_192_gcm          "id-aes192-GCM"
+#define LN_aes_192_gcm          "aes-192-gcm"
+#define NID_aes_192_gcm         898
+#define OBJ_aes_192_gcm         OBJ_aes,26L
+
+#define SN_aes_192_ccm          "id-aes192-CCM"
+#define LN_aes_192_ccm          "aes-192-ccm"
+#define NID_aes_192_ccm         899
+#define OBJ_aes_192_ccm         OBJ_aes,27L
+
+#define SN_id_aes192_wrap_pad           "id-aes192-wrap-pad"
+#define NID_id_aes192_wrap_pad          900
+#define OBJ_id_aes192_wrap_pad          OBJ_aes,28L
+
+#define SN_aes_256_ecb          "AES-256-ECB"
+#define LN_aes_256_ecb          "aes-256-ecb"
+#define NID_aes_256_ecb         426
+#define OBJ_aes_256_ecb         OBJ_aes,41L
+
+#define SN_aes_256_cbc          "AES-256-CBC"
+#define LN_aes_256_cbc          "aes-256-cbc"
+#define NID_aes_256_cbc         427
+#define OBJ_aes_256_cbc         OBJ_aes,42L
+
+#define SN_aes_256_ofb128               "AES-256-OFB"
+#define LN_aes_256_ofb128               "aes-256-ofb"
+#define NID_aes_256_ofb128              428
+#define OBJ_aes_256_ofb128              OBJ_aes,43L
+
+#define SN_aes_256_cfb128               "AES-256-CFB"
+#define LN_aes_256_cfb128               "aes-256-cfb"
+#define NID_aes_256_cfb128              429
+#define OBJ_aes_256_cfb128              OBJ_aes,44L
+
+#define SN_id_aes256_wrap               "id-aes256-wrap"
+#define NID_id_aes256_wrap              790
+#define OBJ_id_aes256_wrap              OBJ_aes,45L
+
+#define SN_aes_256_gcm          "id-aes256-GCM"
+#define LN_aes_256_gcm          "aes-256-gcm"
+#define NID_aes_256_gcm         901
+#define OBJ_aes_256_gcm         OBJ_aes,46L
+
+#define SN_aes_256_ccm          "id-aes256-CCM"
+#define LN_aes_256_ccm          "aes-256-ccm"
+#define NID_aes_256_ccm         902
+#define OBJ_aes_256_ccm         OBJ_aes,47L
+
+#define SN_id_aes256_wrap_pad           "id-aes256-wrap-pad"
+#define NID_id_aes256_wrap_pad          903
+#define OBJ_id_aes256_wrap_pad          OBJ_aes,48L
+
+#define SN_aes_128_cfb1         "AES-128-CFB1"
+#define LN_aes_128_cfb1         "aes-128-cfb1"
+#define NID_aes_128_cfb1                650
+
+#define SN_aes_192_cfb1         "AES-192-CFB1"
+#define LN_aes_192_cfb1         "aes-192-cfb1"
+#define NID_aes_192_cfb1                651
+
+#define SN_aes_256_cfb1         "AES-256-CFB1"
+#define LN_aes_256_cfb1         "aes-256-cfb1"
+#define NID_aes_256_cfb1                652
+
+#define SN_aes_128_cfb8         "AES-128-CFB8"
+#define LN_aes_128_cfb8         "aes-128-cfb8"
+#define NID_aes_128_cfb8                653
+
+#define SN_aes_192_cfb8         "AES-192-CFB8"
+#define LN_aes_192_cfb8         "aes-192-cfb8"
+#define NID_aes_192_cfb8                654
+
+#define SN_aes_256_cfb8         "AES-256-CFB8"
+#define LN_aes_256_cfb8         "aes-256-cfb8"
+#define NID_aes_256_cfb8                655
+
+#define SN_aes_128_ctr          "AES-128-CTR"
+#define LN_aes_128_ctr          "aes-128-ctr"
+#define NID_aes_128_ctr         904
+
+#define SN_aes_192_ctr          "AES-192-CTR"
+#define LN_aes_192_ctr          "aes-192-ctr"
+#define NID_aes_192_ctr         905
+
+#define SN_aes_256_ctr          "AES-256-CTR"
+#define LN_aes_256_ctr          "aes-256-ctr"
+#define NID_aes_256_ctr         906
+
+#define SN_aes_128_ocb          "AES-128-OCB"
+#define LN_aes_128_ocb          "aes-128-ocb"
+#define NID_aes_128_ocb         958
+
+#define SN_aes_192_ocb          "AES-192-OCB"
+#define LN_aes_192_ocb          "aes-192-ocb"
+#define NID_aes_192_ocb         959
+
+#define SN_aes_256_ocb          "AES-256-OCB"
+#define LN_aes_256_ocb          "aes-256-ocb"
+#define NID_aes_256_ocb         960
+
+#define SN_aes_128_xts          "AES-128-XTS"
+#define LN_aes_128_xts          "aes-128-xts"
+#define NID_aes_128_xts         913
+
+#define SN_aes_256_xts          "AES-256-XTS"
+#define LN_aes_256_xts          "aes-256-xts"
+#define NID_aes_256_xts         914
+
+#define SN_des_cfb1             "DES-CFB1"
+#define LN_des_cfb1             "des-cfb1"
+#define NID_des_cfb1            656
+
+#define SN_des_cfb8             "DES-CFB8"
+#define LN_des_cfb8             "des-cfb8"
+#define NID_des_cfb8            657
+
+#define SN_des_ede3_cfb1                "DES-EDE3-CFB1"
+#define LN_des_ede3_cfb1                "des-ede3-cfb1"
+#define NID_des_ede3_cfb1               658
+
+#define SN_des_ede3_cfb8                "DES-EDE3-CFB8"
+#define LN_des_ede3_cfb8                "des-ede3-cfb8"
+#define NID_des_ede3_cfb8               659
+
+#define OBJ_nist_hashalgs               OBJ_nistAlgorithms,2L
+
+#define SN_sha256               "SHA256"
+#define LN_sha256               "sha256"
+#define NID_sha256              672
+#define OBJ_sha256              OBJ_nist_hashalgs,1L
+
+#define SN_sha384               "SHA384"
+#define LN_sha384               "sha384"
+#define NID_sha384              673
+#define OBJ_sha384              OBJ_nist_hashalgs,2L
+
+#define SN_sha512               "SHA512"
+#define LN_sha512               "sha512"
+#define NID_sha512              674
+#define OBJ_sha512              OBJ_nist_hashalgs,3L
+
+#define SN_sha224               "SHA224"
+#define LN_sha224               "sha224"
+#define NID_sha224              675
+#define OBJ_sha224              OBJ_nist_hashalgs,4L
+
+#define OBJ_dsa_with_sha2               OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA224              "dsa_with_SHA224"
+#define NID_dsa_with_SHA224             802
+#define OBJ_dsa_with_SHA224             OBJ_dsa_with_sha2,1L
+
+#define SN_dsa_with_SHA256              "dsa_with_SHA256"
+#define NID_dsa_with_SHA256             803
+#define OBJ_dsa_with_SHA256             OBJ_dsa_with_sha2,2L
+
+#define SN_hold_instruction_code                "holdInstructionCode"
+#define LN_hold_instruction_code                "Hold Instruction Code"
+#define NID_hold_instruction_code               430
+#define OBJ_hold_instruction_code               OBJ_id_ce,23L
+
+#define OBJ_holdInstruction             OBJ_X9_57,2L
+
+#define SN_hold_instruction_none                "holdInstructionNone"
+#define LN_hold_instruction_none                "Hold Instruction None"
+#define NID_hold_instruction_none               431
+#define OBJ_hold_instruction_none               OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer         "holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer         "Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer                432
+#define OBJ_hold_instruction_call_issuer                OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject              "holdInstructionReject"
+#define LN_hold_instruction_reject              "Hold Instruction Reject"
+#define NID_hold_instruction_reject             433
+#define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
+
+#define SN_data         "data"
+#define NID_data                434
+#define OBJ_data                OBJ_itu_t,9L
+
+#define SN_pss          "pss"
+#define NID_pss         435
+#define OBJ_pss         OBJ_data,2342L
+
+#define SN_ucl          "ucl"
+#define NID_ucl         436
+#define OBJ_ucl         OBJ_pss,19200300L
+
+#define SN_pilot                "pilot"
+#define NID_pilot               437
+#define OBJ_pilot               OBJ_ucl,100L
+
+#define LN_pilotAttributeType           "pilotAttributeType"
+#define NID_pilotAttributeType          438
+#define OBJ_pilotAttributeType          OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax         "pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax                439
+#define OBJ_pilotAttributeSyntax                OBJ_pilot,3L
+
+#define LN_pilotObjectClass             "pilotObjectClass"
+#define NID_pilotObjectClass            440
+#define OBJ_pilotObjectClass            OBJ_pilot,4L
+
+#define LN_pilotGroups          "pilotGroups"
+#define NID_pilotGroups         441
+#define OBJ_pilotGroups         OBJ_pilot,10L
+
+#define LN_iA5StringSyntax              "iA5StringSyntax"
+#define NID_iA5StringSyntax             442
+#define OBJ_iA5StringSyntax             OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax            "caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax           443
+#define OBJ_caseIgnoreIA5StringSyntax           OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject          "pilotObject"
+#define NID_pilotObject         444
+#define OBJ_pilotObject         OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson          "pilotPerson"
+#define NID_pilotPerson         445
+#define OBJ_pilotPerson         OBJ_pilotObjectClass,4L
+
+#define SN_account              "account"
+#define NID_account             446
+#define OBJ_account             OBJ_pilotObjectClass,5L
+
+#define SN_document             "document"
+#define NID_document            447
+#define OBJ_document            OBJ_pilotObjectClass,6L
+
+#define SN_room         "room"
+#define NID_room                448
+#define OBJ_room                OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries               "documentSeries"
+#define NID_documentSeries              449
+#define OBJ_documentSeries              OBJ_pilotObjectClass,9L
+
+#define SN_Domain               "domain"
+#define LN_Domain               "Domain"
+#define NID_Domain              392
+#define OBJ_Domain              OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart              "rFC822localPart"
+#define NID_rFC822localPart             450
+#define OBJ_rFC822localPart             OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain            "dNSDomain"
+#define NID_dNSDomain           451
+#define OBJ_dNSDomain           OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject          "domainRelatedObject"
+#define NID_domainRelatedObject         452
+#define OBJ_domainRelatedObject         OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry              "friendlyCountry"
+#define NID_friendlyCountry             453
+#define OBJ_friendlyCountry             OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject         "simpleSecurityObject"
+#define NID_simpleSecurityObject                454
+#define OBJ_simpleSecurityObject                OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization            "pilotOrganization"
+#define NID_pilotOrganization           455
+#define OBJ_pilotOrganization           OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA             "pilotDSA"
+#define NID_pilotDSA            456
+#define OBJ_pilotDSA            OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData          "qualityLabelledData"
+#define NID_qualityLabelledData         457
+#define OBJ_qualityLabelledData         OBJ_pilotObjectClass,22L
+
+#define SN_userId               "UID"
+#define LN_userId               "userId"
+#define NID_userId              458
+#define OBJ_userId              OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress         "textEncodedORAddress"
+#define NID_textEncodedORAddress                459
+#define OBJ_textEncodedORAddress                OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox                "mail"
+#define LN_rfc822Mailbox                "rfc822Mailbox"
+#define NID_rfc822Mailbox               460
+#define OBJ_rfc822Mailbox               OBJ_pilotAttributeType,3L
+
+#define SN_info         "info"
+#define NID_info                461
+#define OBJ_info                OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink               "favouriteDrink"
+#define NID_favouriteDrink              462
+#define OBJ_favouriteDrink              OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber           "roomNumber"
+#define NID_roomNumber          463
+#define OBJ_roomNumber          OBJ_pilotAttributeType,6L
+
+#define SN_photo                "photo"
+#define NID_photo               464
+#define OBJ_photo               OBJ_pilotAttributeType,7L
+
+#define LN_userClass            "userClass"
+#define NID_userClass           465
+#define OBJ_userClass           OBJ_pilotAttributeType,8L
+
+#define SN_host         "host"
+#define NID_host                466
+#define OBJ_host                OBJ_pilotAttributeType,9L
+
+#define SN_manager              "manager"
+#define NID_manager             467
+#define OBJ_manager             OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier           "documentIdentifier"
+#define NID_documentIdentifier          468
+#define OBJ_documentIdentifier          OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle                "documentTitle"
+#define NID_documentTitle               469
+#define OBJ_documentTitle               OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion              "documentVersion"
+#define NID_documentVersion             470
+#define OBJ_documentVersion             OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor               "documentAuthor"
+#define NID_documentAuthor              471
+#define OBJ_documentAuthor              OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation             "documentLocation"
+#define NID_documentLocation            472
+#define OBJ_documentLocation            OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber          "homeTelephoneNumber"
+#define NID_homeTelephoneNumber         473
+#define OBJ_homeTelephoneNumber         OBJ_pilotAttributeType,20L
+
+#define SN_secretary            "secretary"
+#define NID_secretary           474
+#define OBJ_secretary           OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox         "otherMailbox"
+#define NID_otherMailbox                475
+#define OBJ_otherMailbox                OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime             "lastModifiedTime"
+#define NID_lastModifiedTime            476
+#define OBJ_lastModifiedTime            OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy               "lastModifiedBy"
+#define NID_lastModifiedBy              477
+#define OBJ_lastModifiedBy              OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent              "DC"
+#define LN_domainComponent              "domainComponent"
+#define NID_domainComponent             391
+#define OBJ_domainComponent             OBJ_pilotAttributeType,25L
+
+#define LN_aRecord              "aRecord"
+#define NID_aRecord             478
+#define OBJ_aRecord             OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27         "pilotAttributeType27"
+#define NID_pilotAttributeType27                479
+#define OBJ_pilotAttributeType27                OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord             "mXRecord"
+#define NID_mXRecord            480
+#define OBJ_mXRecord            OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord             "nSRecord"
+#define NID_nSRecord            481
+#define OBJ_nSRecord            OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord            "sOARecord"
+#define NID_sOARecord           482
+#define OBJ_sOARecord           OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord          "cNAMERecord"
+#define NID_cNAMERecord         483
+#define OBJ_cNAMERecord         OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain             "associatedDomain"
+#define NID_associatedDomain            484
+#define OBJ_associatedDomain            OBJ_pilotAttributeType,37L
+
+#define LN_associatedName               "associatedName"
+#define NID_associatedName              485
+#define OBJ_associatedName              OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress            "homePostalAddress"
+#define NID_homePostalAddress           486
+#define OBJ_homePostalAddress           OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle                "personalTitle"
+#define NID_personalTitle               487
+#define OBJ_personalTitle               OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber                "mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber               488
+#define OBJ_mobileTelephoneNumber               OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber         "pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber                489
+#define OBJ_pagerTelephoneNumber                OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName          "friendlyCountryName"
+#define NID_friendlyCountryName         490
+#define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
+
+#define SN_uniqueIdentifier             "uid"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_pilotAttributeType,44L
+
+#define LN_organizationalStatus         "organizationalStatus"
+#define NID_organizationalStatus                491
+#define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox         "janetMailbox"
+#define NID_janetMailbox                492
+#define OBJ_janetMailbox                OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption         "mailPreferenceOption"
+#define NID_mailPreferenceOption                493
+#define OBJ_mailPreferenceOption                OBJ_pilotAttributeType,47L
+
+#define LN_buildingName         "buildingName"
+#define NID_buildingName                494
+#define OBJ_buildingName                OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality           "dSAQuality"
+#define NID_dSAQuality          495
+#define OBJ_dSAQuality          OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality           "singleLevelQuality"
+#define NID_singleLevelQuality          496
+#define OBJ_singleLevelQuality          OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality                "subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality               497
+#define OBJ_subtreeMinimumQuality               OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality                "subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality               498
+#define OBJ_subtreeMaximumQuality               OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature            "personalSignature"
+#define NID_personalSignature           499
+#define OBJ_personalSignature           OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect          "dITRedirect"
+#define NID_dITRedirect         500
+#define OBJ_dITRedirect         OBJ_pilotAttributeType,54L
+
+#define SN_audio                "audio"
+#define NID_audio               501
+#define OBJ_audio               OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher            "documentPublisher"
+#define NID_documentPublisher           502
+#define OBJ_documentPublisher           OBJ_pilotAttributeType,56L
+
+#define SN_id_set               "id-set"
+#define LN_id_set               "Secure Electronic Transactions"
+#define NID_id_set              512
+#define OBJ_id_set              OBJ_international_organizations,42L
+
+#define SN_set_ctype            "set-ctype"
+#define LN_set_ctype            "content types"
+#define NID_set_ctype           513
+#define OBJ_set_ctype           OBJ_id_set,0L
+
+#define SN_set_msgExt           "set-msgExt"
+#define LN_set_msgExt           "message extensions"
+#define NID_set_msgExt          514
+#define OBJ_set_msgExt          OBJ_id_set,1L
+
+#define SN_set_attr             "set-attr"
+#define NID_set_attr            515
+#define OBJ_set_attr            OBJ_id_set,3L
+
+#define SN_set_policy           "set-policy"
+#define NID_set_policy          516
+#define OBJ_set_policy          OBJ_id_set,5L
+
+#define SN_set_certExt          "set-certExt"
+#define LN_set_certExt          "certificate extensions"
+#define NID_set_certExt         517
+#define OBJ_set_certExt         OBJ_id_set,7L
+
+#define SN_set_brand            "set-brand"
+#define NID_set_brand           518
+#define OBJ_set_brand           OBJ_id_set,8L
+
+#define SN_setct_PANData                "setct-PANData"
+#define NID_setct_PANData               519
+#define OBJ_setct_PANData               OBJ_set_ctype,0L
+
+#define SN_setct_PANToken               "setct-PANToken"
+#define NID_setct_PANToken              520
+#define OBJ_setct_PANToken              OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly                "setct-PANOnly"
+#define NID_setct_PANOnly               521
+#define OBJ_setct_PANOnly               OBJ_set_ctype,2L
+
+#define SN_setct_OIData         "setct-OIData"
+#define NID_setct_OIData                522
+#define OBJ_setct_OIData                OBJ_set_ctype,3L
+
+#define SN_setct_PI             "setct-PI"
+#define NID_setct_PI            523
+#define OBJ_setct_PI            OBJ_set_ctype,4L
+
+#define SN_setct_PIData         "setct-PIData"
+#define NID_setct_PIData                524
+#define OBJ_setct_PIData                OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned         "setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned                525
+#define OBJ_setct_PIDataUnsigned                OBJ_set_ctype,6L
+
+#define SN_setct_HODInput               "setct-HODInput"
+#define NID_setct_HODInput              526
+#define OBJ_setct_HODInput              OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage         "setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage                527
+#define OBJ_setct_AuthResBaggage                OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage              "setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage             528
+#define OBJ_setct_AuthRevReqBaggage             OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage              "setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage             529
+#define OBJ_setct_AuthRevResBaggage             OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq            "setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq           530
+#define OBJ_setct_CapTokenSeq           OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData           "setct-PInitResData"
+#define NID_setct_PInitResData          531
+#define OBJ_setct_PInitResData          OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS         "setct-PI-TBS"
+#define NID_setct_PI_TBS                532
+#define OBJ_setct_PI_TBS                OBJ_set_ctype,13L
+
+#define SN_setct_PResData               "setct-PResData"
+#define NID_setct_PResData              533
+#define OBJ_setct_PResData              OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS             "setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS            534
+#define OBJ_setct_AuthReqTBS            OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS             "setct-AuthResTBS"
+#define NID_setct_AuthResTBS            535
+#define OBJ_setct_AuthResTBS            OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX            "setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX           536
+#define OBJ_setct_AuthResTBSX           OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS           "setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS          537
+#define OBJ_setct_AuthTokenTBS          OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData           "setct-CapTokenData"
+#define NID_setct_CapTokenData          538
+#define OBJ_setct_CapTokenData          OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS            "setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS           539
+#define OBJ_setct_CapTokenTBS           OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg         "setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg                540
+#define OBJ_setct_AcqCardCodeMsg                OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS          "setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS         541
+#define OBJ_setct_AuthRevReqTBS         OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData         "setct-AuthRevResData"
+#define NID_setct_AuthRevResData                542
+#define OBJ_setct_AuthRevResData                OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS          "setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS         543
+#define OBJ_setct_AuthRevResTBS         OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS              "setct-CapReqTBS"
+#define NID_setct_CapReqTBS             544
+#define OBJ_setct_CapReqTBS             OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX             "setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX            545
+#define OBJ_setct_CapReqTBSX            OBJ_set_ctype,27L
+
+#define SN_setct_CapResData             "setct-CapResData"
+#define NID_setct_CapResData            546
+#define OBJ_setct_CapResData            OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS           "setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS          547
+#define OBJ_setct_CapRevReqTBS          OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX          "setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX         548
+#define OBJ_setct_CapRevReqTBSX         OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData          "setct-CapRevResData"
+#define NID_setct_CapRevResData         549
+#define OBJ_setct_CapRevResData         OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS             "setct-CredReqTBS"
+#define NID_setct_CredReqTBS            550
+#define OBJ_setct_CredReqTBS            OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX            "setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX           551
+#define OBJ_setct_CredReqTBSX           OBJ_set_ctype,33L
+
+#define SN_setct_CredResData            "setct-CredResData"
+#define NID_setct_CredResData           552
+#define OBJ_setct_CredResData           OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS          "setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS         553
+#define OBJ_setct_CredRevReqTBS         OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX         "setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX                554
+#define OBJ_setct_CredRevReqTBSX                OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData         "setct-CredRevResData"
+#define NID_setct_CredRevResData                555
+#define OBJ_setct_CredRevResData                OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData           "setct-PCertReqData"
+#define NID_setct_PCertReqData          556
+#define OBJ_setct_PCertReqData          OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS            "setct-PCertResTBS"
+#define NID_setct_PCertResTBS           557
+#define OBJ_setct_PCertResTBS           OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData              "setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData             558
+#define OBJ_setct_BatchAdminReqData             OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData              "setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData             559
+#define OBJ_setct_BatchAdminResData             OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS                "setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS               560
+#define OBJ_setct_CardCInitResTBS               OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS                "setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS               561
+#define OBJ_setct_MeAqCInitResTBS               OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS          "setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS         562
+#define OBJ_setct_RegFormResTBS         OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData            "setct-CertReqData"
+#define NID_setct_CertReqData           563
+#define OBJ_setct_CertReqData           OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS             "setct-CertReqTBS"
+#define NID_setct_CertReqTBS            564
+#define OBJ_setct_CertReqTBS            OBJ_set_ctype,46L
+
+#define SN_setct_CertResData            "setct-CertResData"
+#define NID_setct_CertResData           565
+#define OBJ_setct_CertResData           OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS          "setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS         566
+#define OBJ_setct_CertInqReqTBS         OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS               "setct-ErrorTBS"
+#define NID_setct_ErrorTBS              567
+#define OBJ_setct_ErrorTBS              OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE                "setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE               568
+#define OBJ_setct_PIDualSignedTBE               OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE          "setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE         569
+#define OBJ_setct_PIUnsignedTBE         OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE             "setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE            570
+#define OBJ_setct_AuthReqTBE            OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE             "setct-AuthResTBE"
+#define NID_setct_AuthResTBE            571
+#define OBJ_setct_AuthResTBE            OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX            "setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX           572
+#define OBJ_setct_AuthResTBEX           OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE           "setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE          573
+#define OBJ_setct_AuthTokenTBE          OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE            "setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE           574
+#define OBJ_setct_CapTokenTBE           OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX           "setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX          575
+#define OBJ_setct_CapTokenTBEX          OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE              "setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE             576
+#define OBJ_setct_AcqCardCodeMsgTBE             OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE          "setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE         577
+#define OBJ_setct_AuthRevReqTBE         OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE          "setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE         578
+#define OBJ_setct_AuthRevResTBE         OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB         "setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB                579
+#define OBJ_setct_AuthRevResTBEB                OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE              "setct-CapReqTBE"
+#define NID_setct_CapReqTBE             580
+#define OBJ_setct_CapReqTBE             OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX             "setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX            581
+#define OBJ_setct_CapReqTBEX            OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE              "setct-CapResTBE"
+#define NID_setct_CapResTBE             582
+#define OBJ_setct_CapResTBE             OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE           "setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE          583
+#define OBJ_setct_CapRevReqTBE          OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX          "setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX         584
+#define OBJ_setct_CapRevReqTBEX         OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE           "setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE          585
+#define OBJ_setct_CapRevResTBE          OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE             "setct-CredReqTBE"
+#define NID_setct_CredReqTBE            586
+#define OBJ_setct_CredReqTBE            OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX            "setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX           587
+#define OBJ_setct_CredReqTBEX           OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE             "setct-CredResTBE"
+#define NID_setct_CredResTBE            588
+#define OBJ_setct_CredResTBE            OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE          "setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE         589
+#define OBJ_setct_CredRevReqTBE         OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX         "setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX                590
+#define OBJ_setct_CredRevReqTBEX                OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE          "setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE         591
+#define OBJ_setct_CredRevResTBE         OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE               "setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE              592
+#define OBJ_setct_BatchAdminReqTBE              OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE               "setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE              593
+#define OBJ_setct_BatchAdminResTBE              OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE          "setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE         594
+#define OBJ_setct_RegFormReqTBE         OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE             "setct-CertReqTBE"
+#define NID_setct_CertReqTBE            595
+#define OBJ_setct_CertReqTBE            OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX            "setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX           596
+#define OBJ_setct_CertReqTBEX           OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE             "setct-CertResTBE"
+#define NID_setct_CertResTBE            597
+#define OBJ_setct_CertResTBE            OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS             "setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS            598
+#define OBJ_setct_CRLNotificationTBS            OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS          "setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS         599
+#define OBJ_setct_CRLNotificationResTBS         OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS             "setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS            600
+#define OBJ_setct_BCIDistributionTBS            OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt              "setext-genCrypt"
+#define LN_setext_genCrypt              "generic cryptogram"
+#define NID_setext_genCrypt             601
+#define OBJ_setext_genCrypt             OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth                "setext-miAuth"
+#define LN_setext_miAuth                "merchant initiated auth"
+#define NID_setext_miAuth               602
+#define OBJ_setext_miAuth               OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure             "setext-pinSecure"
+#define NID_setext_pinSecure            603
+#define OBJ_setext_pinSecure            OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny                "setext-pinAny"
+#define NID_setext_pinAny               604
+#define OBJ_setext_pinAny               OBJ_set_msgExt,5L
+
+#define SN_setext_track2                "setext-track2"
+#define NID_setext_track2               605
+#define OBJ_setext_track2               OBJ_set_msgExt,7L
+
+#define SN_setext_cv            "setext-cv"
+#define LN_setext_cv            "additional verification"
+#define NID_setext_cv           606
+#define OBJ_setext_cv           OBJ_set_msgExt,8L
+
+#define SN_set_policy_root              "set-policy-root"
+#define NID_set_policy_root             607
+#define OBJ_set_policy_root             OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot           "setCext-hashedRoot"
+#define NID_setCext_hashedRoot          608
+#define OBJ_setCext_hashedRoot          OBJ_set_certExt,0L
+
+#define SN_setCext_certType             "setCext-certType"
+#define NID_setCext_certType            609
+#define OBJ_setCext_certType            OBJ_set_certExt,1L
+
+#define SN_setCext_merchData            "setCext-merchData"
+#define NID_setCext_merchData           610
+#define OBJ_setCext_merchData           OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired                "setCext-cCertRequired"
+#define NID_setCext_cCertRequired               611
+#define OBJ_setCext_cCertRequired               OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling            "setCext-tunneling"
+#define NID_setCext_tunneling           612
+#define OBJ_setCext_tunneling           OBJ_set_certExt,4L
+
+#define SN_setCext_setExt               "setCext-setExt"
+#define NID_setCext_setExt              613
+#define OBJ_setCext_setExt              OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf             "setCext-setQualf"
+#define NID_setCext_setQualf            614
+#define OBJ_setCext_setQualf            OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities             "setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities            615
+#define OBJ_setCext_PGWYcapabilities            OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier              "setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier             616
+#define OBJ_setCext_TokenIdentifier             OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data           "setCext-Track2Data"
+#define NID_setCext_Track2Data          617
+#define OBJ_setCext_Track2Data          OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType            "setCext-TokenType"
+#define NID_setCext_TokenType           618
+#define OBJ_setCext_TokenType           OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities           "setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities          619
+#define OBJ_setCext_IssuerCapabilities          OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert         "setAttr-Cert"
+#define NID_setAttr_Cert                620
+#define OBJ_setAttr_Cert                OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap              "setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap              "payment gateway capabilities"
+#define NID_setAttr_PGWYcap             621
+#define OBJ_setAttr_PGWYcap             OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType            "setAttr-TokenType"
+#define NID_setAttr_TokenType           622
+#define OBJ_setAttr_TokenType           OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap               "setAttr-IssCap"
+#define LN_setAttr_IssCap               "issuer capabilities"
+#define NID_setAttr_IssCap              623
+#define OBJ_setAttr_IssCap              OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb             "set-rootKeyThumb"
+#define NID_set_rootKeyThumb            624
+#define OBJ_set_rootKeyThumb            OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy                "set-addPolicy"
+#define NID_set_addPolicy               625
+#define OBJ_set_addPolicy               OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV            "setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV           626
+#define OBJ_setAttr_Token_EMV           OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime                "setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime               627
+#define OBJ_setAttr_Token_B0Prime               OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM           "setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM          628
+#define OBJ_setAttr_IssCap_CVM          OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2            "setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2           629
+#define OBJ_setAttr_IssCap_T2           OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig           "setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig          630
+#define OBJ_setAttr_IssCap_Sig          OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm          "setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm          "generate cryptogram"
+#define NID_setAttr_GenCryptgrm         631
+#define OBJ_setAttr_GenCryptgrm         OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc                "setAttr-T2Enc"
+#define LN_setAttr_T2Enc                "encrypted track 2"
+#define NID_setAttr_T2Enc               632
+#define OBJ_setAttr_T2Enc               OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt           "setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt           "cleartext track 2"
+#define NID_setAttr_T2cleartxt          633
+#define OBJ_setAttr_T2cleartxt          OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig            "setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig            "ICC or token signature"
+#define NID_setAttr_TokICCsig           634
+#define OBJ_setAttr_TokICCsig           OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig            "setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig            "secure device signature"
+#define NID_setAttr_SecDevSig           635
+#define OBJ_setAttr_SecDevSig           OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA           "set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA          636
+#define OBJ_set_brand_IATA_ATA          OBJ_set_brand,1L
+
+#define SN_set_brand_Diners             "set-brand-Diners"
+#define NID_set_brand_Diners            637
+#define OBJ_set_brand_Diners            OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress            "set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress           638
+#define OBJ_set_brand_AmericanExpress           OBJ_set_brand,34L
+
+#define SN_set_brand_JCB                "set-brand-JCB"
+#define NID_set_brand_JCB               639
+#define OBJ_set_brand_JCB               OBJ_set_brand,35L
+
+#define SN_set_brand_Visa               "set-brand-Visa"
+#define NID_set_brand_Visa              640
+#define OBJ_set_brand_Visa              OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard         "set-brand-MasterCard"
+#define NID_set_brand_MasterCard                641
+#define OBJ_set_brand_MasterCard                OBJ_set_brand,5L
+
+#define SN_set_brand_Novus              "set-brand-Novus"
+#define NID_set_brand_Novus             642
+#define OBJ_set_brand_Novus             OBJ_set_brand,6011L
+
+#define SN_des_cdmf             "DES-CDMF"
+#define LN_des_cdmf             "des-cdmf"
+#define NID_des_cdmf            643
+#define OBJ_des_cdmf            OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET         "rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET                644
+#define OBJ_rsaOAEPEncryptionSET                OBJ_rsadsi,1L,1L,6L
+
+#define SN_ipsec3               "Oakley-EC2N-3"
+#define LN_ipsec3               "ipsec3"
+#define NID_ipsec3              749
+
+#define SN_ipsec4               "Oakley-EC2N-4"
+#define LN_ipsec4               "ipsec4"
+#define NID_ipsec4              750
+
+#define SN_whirlpool            "whirlpool"
+#define NID_whirlpool           804
+#define OBJ_whirlpool           OBJ_iso,0L,10118L,3L,0L,55L
+
+#define SN_cryptopro            "cryptopro"
+#define NID_cryptopro           805
+#define OBJ_cryptopro           OBJ_member_body,643L,2L,2L
+
+#define SN_cryptocom            "cryptocom"
+#define NID_cryptocom           806
+#define OBJ_cryptocom           OBJ_member_body,643L,2L,9L
+
+#define SN_id_tc26              "id-tc26"
+#define NID_id_tc26             974
+#define OBJ_id_tc26             OBJ_member_body,643L,7L,1L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001          "id-GostR3411-94-with-GostR3410-2001"
+#define LN_id_GostR3411_94_with_GostR3410_2001          "GOST R 34.11-94 with GOST R 34.10-2001"
+#define NID_id_GostR3411_94_with_GostR3410_2001         807
+#define OBJ_id_GostR3411_94_with_GostR3410_2001         OBJ_cryptopro,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_94            "id-GostR3411-94-with-GostR3410-94"
+#define LN_id_GostR3411_94_with_GostR3410_94            "GOST R 34.11-94 with GOST R 34.10-94"
+#define NID_id_GostR3411_94_with_GostR3410_94           808
+#define OBJ_id_GostR3411_94_with_GostR3410_94           OBJ_cryptopro,4L
+
+#define SN_id_GostR3411_94              "md_gost94"
+#define LN_id_GostR3411_94              "GOST R 34.11-94"
+#define NID_id_GostR3411_94             809
+#define OBJ_id_GostR3411_94             OBJ_cryptopro,9L
+
+#define SN_id_HMACGostR3411_94          "id-HMACGostR3411-94"
+#define LN_id_HMACGostR3411_94          "HMAC GOST 34.11-94"
+#define NID_id_HMACGostR3411_94         810
+#define OBJ_id_HMACGostR3411_94         OBJ_cryptopro,10L
+
+#define SN_id_GostR3410_2001            "gost2001"
+#define LN_id_GostR3410_2001            "GOST R 34.10-2001"
+#define NID_id_GostR3410_2001           811
+#define OBJ_id_GostR3410_2001           OBJ_cryptopro,19L
+
+#define SN_id_GostR3410_94              "gost94"
+#define LN_id_GostR3410_94              "GOST R 34.10-94"
+#define NID_id_GostR3410_94             812
+#define OBJ_id_GostR3410_94             OBJ_cryptopro,20L
+
+#define SN_id_Gost28147_89              "gost89"
+#define LN_id_Gost28147_89              "GOST 28147-89"
+#define NID_id_Gost28147_89             813
+#define OBJ_id_Gost28147_89             OBJ_cryptopro,21L
+
+#define SN_gost89_cnt           "gost89-cnt"
+#define NID_gost89_cnt          814
+
+#define SN_gost89_cnt_12                "gost89-cnt-12"
+#define NID_gost89_cnt_12               975
+
+#define SN_gost89_cbc           "gost89-cbc"
+#define NID_gost89_cbc          1009
+
+#define SN_gost89_ecb           "gost89-ecb"
+#define NID_gost89_ecb          1010
+
+#define SN_gost89_ctr           "gost89-ctr"
+#define NID_gost89_ctr          1011
+
+#define SN_id_Gost28147_89_MAC          "gost-mac"
+#define LN_id_Gost28147_89_MAC          "GOST 28147-89 MAC"
+#define NID_id_Gost28147_89_MAC         815
+#define OBJ_id_Gost28147_89_MAC         OBJ_cryptopro,22L
+
+#define SN_gost_mac_12          "gost-mac-12"
+#define NID_gost_mac_12         976
+
+#define SN_id_GostR3411_94_prf          "prf-gostr3411-94"
+#define LN_id_GostR3411_94_prf          "GOST R 34.11-94 PRF"
+#define NID_id_GostR3411_94_prf         816
+#define OBJ_id_GostR3411_94_prf         OBJ_cryptopro,23L
+
+#define SN_id_GostR3410_2001DH          "id-GostR3410-2001DH"
+#define LN_id_GostR3410_2001DH          "GOST R 34.10-2001 DH"
+#define NID_id_GostR3410_2001DH         817
+#define OBJ_id_GostR3410_2001DH         OBJ_cryptopro,98L
+
+#define SN_id_GostR3410_94DH            "id-GostR3410-94DH"
+#define LN_id_GostR3410_94DH            "GOST R 34.10-94 DH"
+#define NID_id_GostR3410_94DH           818
+#define OBJ_id_GostR3410_94DH           OBJ_cryptopro,99L
+
+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing         "id-Gost28147-89-CryptoPro-KeyMeshing"
+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing                819
+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing                OBJ_cryptopro,14L,1L
+
+#define SN_id_Gost28147_89_None_KeyMeshing              "id-Gost28147-89-None-KeyMeshing"
+#define NID_id_Gost28147_89_None_KeyMeshing             820
+#define OBJ_id_Gost28147_89_None_KeyMeshing             OBJ_cryptopro,14L,0L
+
+#define SN_id_GostR3411_94_TestParamSet         "id-GostR3411-94-TestParamSet"
+#define NID_id_GostR3411_94_TestParamSet                821
+#define OBJ_id_GostR3411_94_TestParamSet                OBJ_cryptopro,30L,0L
+
+#define SN_id_GostR3411_94_CryptoProParamSet            "id-GostR3411-94-CryptoProParamSet"
+#define NID_id_GostR3411_94_CryptoProParamSet           822
+#define OBJ_id_GostR3411_94_CryptoProParamSet           OBJ_cryptopro,30L,1L
+
+#define SN_id_Gost28147_89_TestParamSet         "id-Gost28147-89-TestParamSet"
+#define NID_id_Gost28147_89_TestParamSet                823
+#define OBJ_id_Gost28147_89_TestParamSet                OBJ_cryptopro,31L,0L
+
+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet         "id-Gost28147-89-CryptoPro-A-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet                824
+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet                OBJ_cryptopro,31L,1L
+
+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet         "id-Gost28147-89-CryptoPro-B-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet                825
+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet                OBJ_cryptopro,31L,2L
+
+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet         "id-Gost28147-89-CryptoPro-C-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet                826
+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet                OBJ_cryptopro,31L,3L
+
+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet         "id-Gost28147-89-CryptoPro-D-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet                827
+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet                OBJ_cryptopro,31L,4L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                828
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                OBJ_cryptopro,31L,5L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                829
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                OBJ_cryptopro,31L,6L
+
+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet             "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            830
+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            OBJ_cryptopro,31L,7L
+
+#define SN_id_GostR3410_94_TestParamSet         "id-GostR3410-94-TestParamSet"
+#define NID_id_GostR3410_94_TestParamSet                831
+#define OBJ_id_GostR3410_94_TestParamSet                OBJ_cryptopro,32L,0L
+
+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet         "id-GostR3410-94-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet                832
+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet                OBJ_cryptopro,32L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet         "id-GostR3410-94-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet                833
+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet                OBJ_cryptopro,32L,3L
+
+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet         "id-GostR3410-94-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet                834
+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet                OBJ_cryptopro,32L,4L
+
+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet         "id-GostR3410-94-CryptoPro-D-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet                835
+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet                OBJ_cryptopro,32L,5L
+
+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet              "id-GostR3410-94-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet             836
+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet             OBJ_cryptopro,33L,1L
+
+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet              "id-GostR3410-94-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet             837
+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet             OBJ_cryptopro,33L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet              "id-GostR3410-94-CryptoPro-XchC-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet             838
+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet             OBJ_cryptopro,33L,3L
+
+#define SN_id_GostR3410_2001_TestParamSet               "id-GostR3410-2001-TestParamSet"
+#define NID_id_GostR3410_2001_TestParamSet              839
+#define OBJ_id_GostR3410_2001_TestParamSet              OBJ_cryptopro,35L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet               "id-GostR3410-2001-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet              840
+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet              OBJ_cryptopro,35L,1L
+
+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet               "id-GostR3410-2001-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet              841
+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet              OBJ_cryptopro,35L,2L
+
+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet               "id-GostR3410-2001-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet              842
+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet              OBJ_cryptopro,35L,3L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet            "id-GostR3410-2001-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet           843
+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet           OBJ_cryptopro,36L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet            "id-GostR3410-2001-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet           844
+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet           OBJ_cryptopro,36L,1L
+
+#define SN_id_GostR3410_94_a            "id-GostR3410-94-a"
+#define NID_id_GostR3410_94_a           845
+#define OBJ_id_GostR3410_94_a           OBJ_id_GostR3410_94,1L
+
+#define SN_id_GostR3410_94_aBis         "id-GostR3410-94-aBis"
+#define NID_id_GostR3410_94_aBis                846
+#define OBJ_id_GostR3410_94_aBis                OBJ_id_GostR3410_94,2L
+
+#define SN_id_GostR3410_94_b            "id-GostR3410-94-b"
+#define NID_id_GostR3410_94_b           847
+#define OBJ_id_GostR3410_94_b           OBJ_id_GostR3410_94,3L
+
+#define SN_id_GostR3410_94_bBis         "id-GostR3410-94-bBis"
+#define NID_id_GostR3410_94_bBis                848
+#define OBJ_id_GostR3410_94_bBis                OBJ_id_GostR3410_94,4L
+
+#define SN_id_Gost28147_89_cc           "id-Gost28147-89-cc"
+#define LN_id_Gost28147_89_cc           "GOST 28147-89 Cryptocom ParamSet"
+#define NID_id_Gost28147_89_cc          849
+#define OBJ_id_Gost28147_89_cc          OBJ_cryptocom,1L,6L,1L
+
+#define SN_id_GostR3410_94_cc           "gost94cc"
+#define LN_id_GostR3410_94_cc           "GOST 34.10-94 Cryptocom"
+#define NID_id_GostR3410_94_cc          850
+#define OBJ_id_GostR3410_94_cc          OBJ_cryptocom,1L,5L,3L
+
+#define SN_id_GostR3410_2001_cc         "gost2001cc"
+#define LN_id_GostR3410_2001_cc         "GOST 34.10-2001 Cryptocom"
+#define NID_id_GostR3410_2001_cc                851
+#define OBJ_id_GostR3410_2001_cc                OBJ_cryptocom,1L,5L,4L
+
+#define SN_id_GostR3411_94_with_GostR3410_94_cc         "id-GostR3411-94-with-GostR3410-94-cc"
+#define LN_id_GostR3411_94_with_GostR3410_94_cc         "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_94_cc                852
+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc                OBJ_cryptocom,1L,3L,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001_cc               "id-GostR3411-94-with-GostR3410-2001-cc"
+#define LN_id_GostR3411_94_with_GostR3410_2001_cc               "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_2001_cc              853
+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc              OBJ_cryptocom,1L,3L,4L
+
+#define SN_id_GostR3410_2001_ParamSet_cc                "id-GostR3410-2001-ParamSet-cc"
+#define LN_id_GostR3410_2001_ParamSet_cc                "GOST R 3410-2001 Parameter Set Cryptocom"
+#define NID_id_GostR3410_2001_ParamSet_cc               854
+#define OBJ_id_GostR3410_2001_ParamSet_cc               OBJ_cryptocom,1L,8L,1L
+
+#define SN_id_tc26_algorithms           "id-tc26-algorithms"
+#define NID_id_tc26_algorithms          977
+#define OBJ_id_tc26_algorithms          OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign         "id-tc26-sign"
+#define NID_id_tc26_sign                978
+#define OBJ_id_tc26_sign                OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256                "gost2012_256"
+#define LN_id_GostR3410_2012_256                "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256               979
+#define OBJ_id_GostR3410_2012_256               OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512                "gost2012_512"
+#define LN_id_GostR3410_2012_512                "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512               980
+#define OBJ_id_GostR3410_2012_512               OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest               "id-tc26-digest"
+#define NID_id_tc26_digest              981
+#define OBJ_id_tc26_digest              OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256                "md_gost12_256"
+#define LN_id_GostR3411_2012_256                "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256               982
+#define OBJ_id_GostR3411_2012_256               OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512                "md_gost12_512"
+#define LN_id_GostR3411_2012_512                "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512               983
+#define OBJ_id_GostR3411_2012_512               OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest               "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest              984
+#define OBJ_id_tc26_signwithdigest              OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256             "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256             "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256            985
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256            OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512             "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512             "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512            986
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512            OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac          "id-tc26-mac"
+#define NID_id_tc26_mac         987
+#define OBJ_id_tc26_mac         OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256              "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256              "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256             988
+#define OBJ_id_tc26_hmac_gost_3411_2012_256             OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512              "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512              "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512             989
+#define OBJ_id_tc26_hmac_gost_3411_2012_512             OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher               "id-tc26-cipher"
+#define NID_id_tc26_cipher              990
+#define OBJ_id_tc26_cipher              OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_agreement            "id-tc26-agreement"
+#define NID_id_tc26_agreement           991
+#define OBJ_id_tc26_agreement           OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256         "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256                992
+#define OBJ_id_tc26_agreement_gost_3410_2012_256                OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512         "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512                993
+#define OBJ_id_tc26_agreement_gost_3410_2012_512                OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_constants            "id-tc26-constants"
+#define NID_id_tc26_constants           994
+#define OBJ_id_tc26_constants           OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants               "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants              995
+#define OBJ_id_tc26_sign_constants              OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_constants         "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants                996
+#define OBJ_id_tc26_gost_3410_2012_512_constants                OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest              "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest              "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest             997
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest             OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA         "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA         "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA                998
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA                OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB         "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB         "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB                999
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB                OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_digest_constants             "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants            1000
+#define OBJ_id_tc26_digest_constants            OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants             "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants            1001
+#define OBJ_id_tc26_cipher_constants            OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants         "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants                1002
+#define OBJ_id_tc26_gost_28147_constants                OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z           "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z           "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z          1003
+#define OBJ_id_tc26_gost_28147_param_Z          OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN          "INN"
+#define LN_INN          "INN"
+#define NID_INN         1004
+#define OBJ_INN         OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN         "OGRN"
+#define LN_OGRN         "OGRN"
+#define NID_OGRN                1005
+#define OBJ_OGRN                OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS                "SNILS"
+#define LN_SNILS                "SNILS"
+#define NID_SNILS               1006
+#define OBJ_SNILS               OBJ_member_body,643L,100L,3L
+
+#define SN_subjectSignTool              "subjectSignTool"
+#define LN_subjectSignTool              "Signing Tool of Subject"
+#define NID_subjectSignTool             1007
+#define OBJ_subjectSignTool             OBJ_member_body,643L,100L,111L
+
+#define SN_issuerSignTool               "issuerSignTool"
+#define LN_issuerSignTool               "Signing Tool of Issuer"
+#define NID_issuerSignTool              1008
+#define OBJ_issuerSignTool              OBJ_member_body,643L,100L,112L
+
+#define SN_grasshopper_ecb              "grasshopper-ecb"
+#define NID_grasshopper_ecb             1012
+
+#define SN_grasshopper_ctr              "grasshopper-ctr"
+#define NID_grasshopper_ctr             1013
+
+#define SN_grasshopper_ofb              "grasshopper-ofb"
+#define NID_grasshopper_ofb             1014
+
+#define SN_grasshopper_cbc              "grasshopper-cbc"
+#define NID_grasshopper_cbc             1015
+
+#define SN_grasshopper_cfb              "grasshopper-cfb"
+#define NID_grasshopper_cfb             1016
+
+#define SN_grasshopper_mac              "grasshopper-mac"
+#define NID_grasshopper_mac             1017
+
+#define SN_camellia_128_cbc             "CAMELLIA-128-CBC"
+#define LN_camellia_128_cbc             "camellia-128-cbc"
+#define NID_camellia_128_cbc            751
+#define OBJ_camellia_128_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,2L
+
+#define SN_camellia_192_cbc             "CAMELLIA-192-CBC"
+#define LN_camellia_192_cbc             "camellia-192-cbc"
+#define NID_camellia_192_cbc            752
+#define OBJ_camellia_192_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,3L
+
+#define SN_camellia_256_cbc             "CAMELLIA-256-CBC"
+#define LN_camellia_256_cbc             "camellia-256-cbc"
+#define NID_camellia_256_cbc            753
+#define OBJ_camellia_256_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,4L
+
+#define SN_id_camellia128_wrap          "id-camellia128-wrap"
+#define NID_id_camellia128_wrap         907
+#define OBJ_id_camellia128_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,2L
+
+#define SN_id_camellia192_wrap          "id-camellia192-wrap"
+#define NID_id_camellia192_wrap         908
+#define OBJ_id_camellia192_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,3L
+
+#define SN_id_camellia256_wrap          "id-camellia256-wrap"
+#define NID_id_camellia256_wrap         909
+#define OBJ_id_camellia256_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,4L
+
+#define OBJ_ntt_ds              0L,3L,4401L,5L
+
+#define OBJ_camellia            OBJ_ntt_ds,3L,1L,9L
+
+#define SN_camellia_128_ecb             "CAMELLIA-128-ECB"
+#define LN_camellia_128_ecb             "camellia-128-ecb"
+#define NID_camellia_128_ecb            754
+#define OBJ_camellia_128_ecb            OBJ_camellia,1L
+
+#define SN_camellia_128_ofb128          "CAMELLIA-128-OFB"
+#define LN_camellia_128_ofb128          "camellia-128-ofb"
+#define NID_camellia_128_ofb128         766
+#define OBJ_camellia_128_ofb128         OBJ_camellia,3L
+
+#define SN_camellia_128_cfb128          "CAMELLIA-128-CFB"
+#define LN_camellia_128_cfb128          "camellia-128-cfb"
+#define NID_camellia_128_cfb128         757
+#define OBJ_camellia_128_cfb128         OBJ_camellia,4L
+
+#define SN_camellia_128_gcm             "CAMELLIA-128-GCM"
+#define LN_camellia_128_gcm             "camellia-128-gcm"
+#define NID_camellia_128_gcm            961
+#define OBJ_camellia_128_gcm            OBJ_camellia,6L
+
+#define SN_camellia_128_ccm             "CAMELLIA-128-CCM"
+#define LN_camellia_128_ccm             "camellia-128-ccm"
+#define NID_camellia_128_ccm            962
+#define OBJ_camellia_128_ccm            OBJ_camellia,7L
+
+#define SN_camellia_128_ctr             "CAMELLIA-128-CTR"
+#define LN_camellia_128_ctr             "camellia-128-ctr"
+#define NID_camellia_128_ctr            963
+#define OBJ_camellia_128_ctr            OBJ_camellia,9L
+
+#define SN_camellia_128_cmac            "CAMELLIA-128-CMAC"
+#define LN_camellia_128_cmac            "camellia-128-cmac"
+#define NID_camellia_128_cmac           964
+#define OBJ_camellia_128_cmac           OBJ_camellia,10L
+
+#define SN_camellia_192_ecb             "CAMELLIA-192-ECB"
+#define LN_camellia_192_ecb             "camellia-192-ecb"
+#define NID_camellia_192_ecb            755
+#define OBJ_camellia_192_ecb            OBJ_camellia,21L
+
+#define SN_camellia_192_ofb128          "CAMELLIA-192-OFB"
+#define LN_camellia_192_ofb128          "camellia-192-ofb"
+#define NID_camellia_192_ofb128         767
+#define OBJ_camellia_192_ofb128         OBJ_camellia,23L
+
+#define SN_camellia_192_cfb128          "CAMELLIA-192-CFB"
+#define LN_camellia_192_cfb128          "camellia-192-cfb"
+#define NID_camellia_192_cfb128         758
+#define OBJ_camellia_192_cfb128         OBJ_camellia,24L
+
+#define SN_camellia_192_gcm             "CAMELLIA-192-GCM"
+#define LN_camellia_192_gcm             "camellia-192-gcm"
+#define NID_camellia_192_gcm            965
+#define OBJ_camellia_192_gcm            OBJ_camellia,26L
+
+#define SN_camellia_192_ccm             "CAMELLIA-192-CCM"
+#define LN_camellia_192_ccm             "camellia-192-ccm"
+#define NID_camellia_192_ccm            966
+#define OBJ_camellia_192_ccm            OBJ_camellia,27L
+
+#define SN_camellia_192_ctr             "CAMELLIA-192-CTR"
+#define LN_camellia_192_ctr             "camellia-192-ctr"
+#define NID_camellia_192_ctr            967
+#define OBJ_camellia_192_ctr            OBJ_camellia,29L
+
+#define SN_camellia_192_cmac            "CAMELLIA-192-CMAC"
+#define LN_camellia_192_cmac            "camellia-192-cmac"
+#define NID_camellia_192_cmac           968
+#define OBJ_camellia_192_cmac           OBJ_camellia,30L
+
+#define SN_camellia_256_ecb             "CAMELLIA-256-ECB"
+#define LN_camellia_256_ecb             "camellia-256-ecb"
+#define NID_camellia_256_ecb            756
+#define OBJ_camellia_256_ecb            OBJ_camellia,41L
+
+#define SN_camellia_256_ofb128          "CAMELLIA-256-OFB"
+#define LN_camellia_256_ofb128          "camellia-256-ofb"
+#define NID_camellia_256_ofb128         768
+#define OBJ_camellia_256_ofb128         OBJ_camellia,43L
+
+#define SN_camellia_256_cfb128          "CAMELLIA-256-CFB"
+#define LN_camellia_256_cfb128          "camellia-256-cfb"
+#define NID_camellia_256_cfb128         759
+#define OBJ_camellia_256_cfb128         OBJ_camellia,44L
+
+#define SN_camellia_256_gcm             "CAMELLIA-256-GCM"
+#define LN_camellia_256_gcm             "camellia-256-gcm"
+#define NID_camellia_256_gcm            969
+#define OBJ_camellia_256_gcm            OBJ_camellia,46L
+
+#define SN_camellia_256_ccm             "CAMELLIA-256-CCM"
+#define LN_camellia_256_ccm             "camellia-256-ccm"
+#define NID_camellia_256_ccm            970
+#define OBJ_camellia_256_ccm            OBJ_camellia,47L
+
+#define SN_camellia_256_ctr             "CAMELLIA-256-CTR"
+#define LN_camellia_256_ctr             "camellia-256-ctr"
+#define NID_camellia_256_ctr            971
+#define OBJ_camellia_256_ctr            OBJ_camellia,49L
+
+#define SN_camellia_256_cmac            "CAMELLIA-256-CMAC"
+#define LN_camellia_256_cmac            "camellia-256-cmac"
+#define NID_camellia_256_cmac           972
+#define OBJ_camellia_256_cmac           OBJ_camellia,50L
+
+#define SN_camellia_128_cfb1            "CAMELLIA-128-CFB1"
+#define LN_camellia_128_cfb1            "camellia-128-cfb1"
+#define NID_camellia_128_cfb1           760
+
+#define SN_camellia_192_cfb1            "CAMELLIA-192-CFB1"
+#define LN_camellia_192_cfb1            "camellia-192-cfb1"
+#define NID_camellia_192_cfb1           761
+
+#define SN_camellia_256_cfb1            "CAMELLIA-256-CFB1"
+#define LN_camellia_256_cfb1            "camellia-256-cfb1"
+#define NID_camellia_256_cfb1           762
+
+#define SN_camellia_128_cfb8            "CAMELLIA-128-CFB8"
+#define LN_camellia_128_cfb8            "camellia-128-cfb8"
+#define NID_camellia_128_cfb8           763
+
+#define SN_camellia_192_cfb8            "CAMELLIA-192-CFB8"
+#define LN_camellia_192_cfb8            "camellia-192-cfb8"
+#define NID_camellia_192_cfb8           764
+
+#define SN_camellia_256_cfb8            "CAMELLIA-256-CFB8"
+#define LN_camellia_256_cfb8            "camellia-256-cfb8"
+#define NID_camellia_256_cfb8           765
+
+#define SN_kisa         "KISA"
+#define LN_kisa         "kisa"
+#define NID_kisa                773
+#define OBJ_kisa                OBJ_member_body,410L,200004L
+
+#define SN_seed_ecb             "SEED-ECB"
+#define LN_seed_ecb             "seed-ecb"
+#define NID_seed_ecb            776
+#define OBJ_seed_ecb            OBJ_kisa,1L,3L
+
+#define SN_seed_cbc             "SEED-CBC"
+#define LN_seed_cbc             "seed-cbc"
+#define NID_seed_cbc            777
+#define OBJ_seed_cbc            OBJ_kisa,1L,4L
+
+#define SN_seed_cfb128          "SEED-CFB"
+#define LN_seed_cfb128          "seed-cfb"
+#define NID_seed_cfb128         779
+#define OBJ_seed_cfb128         OBJ_kisa,1L,5L
+
+#define SN_seed_ofb128          "SEED-OFB"
+#define LN_seed_ofb128          "seed-ofb"
+#define NID_seed_ofb128         778
+#define OBJ_seed_ofb128         OBJ_kisa,1L,6L
+
+#define SN_hmac         "HMAC"
+#define LN_hmac         "hmac"
+#define NID_hmac                855
+
+#define SN_cmac         "CMAC"
+#define LN_cmac         "cmac"
+#define NID_cmac                894
+
+#define SN_rc4_hmac_md5         "RC4-HMAC-MD5"
+#define LN_rc4_hmac_md5         "rc4-hmac-md5"
+#define NID_rc4_hmac_md5                915
+
+#define SN_aes_128_cbc_hmac_sha1                "AES-128-CBC-HMAC-SHA1"
+#define LN_aes_128_cbc_hmac_sha1                "aes-128-cbc-hmac-sha1"
+#define NID_aes_128_cbc_hmac_sha1               916
+
+#define SN_aes_192_cbc_hmac_sha1                "AES-192-CBC-HMAC-SHA1"
+#define LN_aes_192_cbc_hmac_sha1                "aes-192-cbc-hmac-sha1"
+#define NID_aes_192_cbc_hmac_sha1               917
+
+#define SN_aes_256_cbc_hmac_sha1                "AES-256-CBC-HMAC-SHA1"
+#define LN_aes_256_cbc_hmac_sha1                "aes-256-cbc-hmac-sha1"
+#define NID_aes_256_cbc_hmac_sha1               918
+
+#define SN_aes_128_cbc_hmac_sha256              "AES-128-CBC-HMAC-SHA256"
+#define LN_aes_128_cbc_hmac_sha256              "aes-128-cbc-hmac-sha256"
+#define NID_aes_128_cbc_hmac_sha256             948
+
+#define SN_aes_192_cbc_hmac_sha256              "AES-192-CBC-HMAC-SHA256"
+#define LN_aes_192_cbc_hmac_sha256              "aes-192-cbc-hmac-sha256"
+#define NID_aes_192_cbc_hmac_sha256             949
+
+#define SN_aes_256_cbc_hmac_sha256              "AES-256-CBC-HMAC-SHA256"
+#define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+#define NID_aes_256_cbc_hmac_sha256             950
+
+#define SN_chacha20_poly1305            "ChaCha20-Poly1305"
+#define LN_chacha20_poly1305            "chacha20-poly1305"
+#define NID_chacha20_poly1305           1018
+
+#define SN_chacha20             "ChaCha20"
+#define LN_chacha20             "chacha20"
+#define NID_chacha20            1019
+
+#define SN_dhpublicnumber               "dhpublicnumber"
+#define LN_dhpublicnumber               "X9.42 DH"
+#define NID_dhpublicnumber              920
+#define OBJ_dhpublicnumber              OBJ_ISO_US,10046L,2L,1L
+
+#define SN_brainpoolP160r1              "brainpoolP160r1"
+#define NID_brainpoolP160r1             921
+#define OBJ_brainpoolP160r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,1L
+
+#define SN_brainpoolP160t1              "brainpoolP160t1"
+#define NID_brainpoolP160t1             922
+#define OBJ_brainpoolP160t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,2L
+
+#define SN_brainpoolP192r1              "brainpoolP192r1"
+#define NID_brainpoolP192r1             923
+#define OBJ_brainpoolP192r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,3L
+
+#define SN_brainpoolP192t1              "brainpoolP192t1"
+#define NID_brainpoolP192t1             924
+#define OBJ_brainpoolP192t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,4L
+
+#define SN_brainpoolP224r1              "brainpoolP224r1"
+#define NID_brainpoolP224r1             925
+#define OBJ_brainpoolP224r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,5L
+
+#define SN_brainpoolP224t1              "brainpoolP224t1"
+#define NID_brainpoolP224t1             926
+#define OBJ_brainpoolP224t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,6L
+
+#define SN_brainpoolP256r1              "brainpoolP256r1"
+#define NID_brainpoolP256r1             927
+#define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
+
+#define SN_brainpoolP256t1              "brainpoolP256t1"
+#define NID_brainpoolP256t1             928
+#define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
+
+#define SN_brainpoolP320r1              "brainpoolP320r1"
+#define NID_brainpoolP320r1             929
+#define OBJ_brainpoolP320r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,9L
+
+#define SN_brainpoolP320t1              "brainpoolP320t1"
+#define NID_brainpoolP320t1             930
+#define OBJ_brainpoolP320t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,10L
+
+#define SN_brainpoolP384r1              "brainpoolP384r1"
+#define NID_brainpoolP384r1             931
+#define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
+
+#define SN_brainpoolP384t1              "brainpoolP384t1"
+#define NID_brainpoolP384t1             932
+#define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
+
+#define SN_brainpoolP512r1              "brainpoolP512r1"
+#define NID_brainpoolP512r1             933
+#define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
+
+#define SN_brainpoolP512t1              "brainpoolP512t1"
+#define NID_brainpoolP512t1             934
+#define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
+
+#define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L
+
+#define OBJ_secg_scheme         OBJ_certicom_arc,1L
+
+#define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha1kdf_scheme           936
+#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme           OBJ_x9_63_scheme,2L
+
+#define SN_dhSinglePass_stdDH_sha224kdf_scheme          "dhSinglePass-stdDH-sha224kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha224kdf_scheme         937
+#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme         OBJ_secg_scheme,11L,0L
+
+#define SN_dhSinglePass_stdDH_sha256kdf_scheme          "dhSinglePass-stdDH-sha256kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha256kdf_scheme         938
+#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme         OBJ_secg_scheme,11L,1L
+
+#define SN_dhSinglePass_stdDH_sha384kdf_scheme          "dhSinglePass-stdDH-sha384kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha384kdf_scheme         939
+#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme         OBJ_secg_scheme,11L,2L
+
+#define SN_dhSinglePass_stdDH_sha512kdf_scheme          "dhSinglePass-stdDH-sha512kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha512kdf_scheme         940
+#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme         OBJ_secg_scheme,11L,3L
+
+#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme               "dhSinglePass-cofactorDH-sha1kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme              941
+#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme              OBJ_x9_63_scheme,3L
+
+#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme             "dhSinglePass-cofactorDH-sha224kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme            942
+#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme            OBJ_secg_scheme,14L,0L
+
+#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme             "dhSinglePass-cofactorDH-sha256kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme            943
+#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme            OBJ_secg_scheme,14L,1L
+
+#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme             "dhSinglePass-cofactorDH-sha384kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme            944
+#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme            OBJ_secg_scheme,14L,2L
+
+#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme             "dhSinglePass-cofactorDH-sha512kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme            945
+#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme            OBJ_secg_scheme,14L,3L
+
+#define SN_dh_std_kdf           "dh-std-kdf"
+#define NID_dh_std_kdf          946
+
+#define SN_dh_cofactor_kdf              "dh-cofactor-kdf"
+#define NID_dh_cofactor_kdf             947
+
+#define SN_ct_precert_scts              "ct_precert_scts"
+#define LN_ct_precert_scts              "CT Precertificate SCTs"
+#define NID_ct_precert_scts             951
+#define OBJ_ct_precert_scts             1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
+
+#define SN_ct_precert_poison            "ct_precert_poison"
+#define LN_ct_precert_poison            "CT Precertificate Poison"
+#define NID_ct_precert_poison           952
+#define OBJ_ct_precert_poison           1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
+
+#define SN_ct_precert_signer            "ct_precert_signer"
+#define LN_ct_precert_signer            "CT Precertificate Signer"
+#define NID_ct_precert_signer           953
+#define OBJ_ct_precert_signer           1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
+
+#define SN_ct_cert_scts         "ct_cert_scts"
+#define LN_ct_cert_scts         "CT Certificate SCTs"
+#define NID_ct_cert_scts                954
+#define OBJ_ct_cert_scts                1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
+
+#define SN_jurisdictionLocalityName             "jurisdictionL"
+#define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
+#define NID_jurisdictionLocalityName            955
+#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+
+#define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
+#define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
+#define NID_jurisdictionStateOrProvinceName             956
+#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+
+#define SN_jurisdictionCountryName              "jurisdictionC"
+#define LN_jurisdictionCountryName              "jurisdictionCountryName"
+#define NID_jurisdictionCountryName             957
+#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+#define SN_id_scrypt            "id-scrypt"
+#define NID_id_scrypt           973
+#define OBJ_id_scrypt           1L,3L,6L,1L,4L,1L,11591L,4L,11L
+
+#define SN_tls1_prf             "TLS1-PRF"
+#define LN_tls1_prf             "tls1-prf"
+#define NID_tls1_prf            1021
+
+#define SN_hkdf         "HKDF"
+#define LN_hkdf         "hkdf"
+#define NID_hkdf                1036
+
+#define SN_id_pkinit            "id-pkinit"
+#define NID_id_pkinit           1031
+#define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth             "pkInitClientAuth"
+#define LN_pkInitClientAuth             "PKINIT Client Auth"
+#define NID_pkInitClientAuth            1032
+#define OBJ_pkInitClientAuth            OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC            "pkInitKDC"
+#define LN_pkInitKDC            "Signing KDC Response"
+#define NID_pkInitKDC           1033
+#define OBJ_pkInitKDC           OBJ_id_pkinit,5L
+
+#define SN_X25519               "X25519"
+#define NID_X25519              1034
+#define OBJ_X25519              1L,3L,101L,110L
+
+#define SN_X448         "X448"
+#define NID_X448                1035
+#define OBJ_X448                1L,3L,101L,111L
+
+#define SN_kx_rsa               "KxRSA"
+#define LN_kx_rsa               "kx-rsa"
+#define NID_kx_rsa              1037
+
+#define SN_kx_ecdhe             "KxECDHE"
+#define LN_kx_ecdhe             "kx-ecdhe"
+#define NID_kx_ecdhe            1038
+
+#define SN_kx_dhe               "KxDHE"
+#define LN_kx_dhe               "kx-dhe"
+#define NID_kx_dhe              1039
+
+#define SN_kx_ecdhe_psk         "KxECDHE-PSK"
+#define LN_kx_ecdhe_psk         "kx-ecdhe-psk"
+#define NID_kx_ecdhe_psk                1040
+
+#define SN_kx_dhe_psk           "KxDHE-PSK"
+#define LN_kx_dhe_psk           "kx-dhe-psk"
+#define NID_kx_dhe_psk          1041
+
+#define SN_kx_rsa_psk           "KxRSA_PSK"
+#define LN_kx_rsa_psk           "kx-rsa-psk"
+#define NID_kx_rsa_psk          1042
+
+#define SN_kx_psk               "KxPSK"
+#define LN_kx_psk               "kx-psk"
+#define NID_kx_psk              1043
+
+#define SN_kx_srp               "KxSRP"
+#define LN_kx_srp               "kx-srp"
+#define NID_kx_srp              1044
+
+#define SN_kx_gost              "KxGOST"
+#define LN_kx_gost              "kx-gost"
+#define NID_kx_gost             1045
+
+#define SN_auth_rsa             "AuthRSA"
+#define LN_auth_rsa             "auth-rsa"
+#define NID_auth_rsa            1046
+
+#define SN_auth_ecdsa           "AuthECDSA"
+#define LN_auth_ecdsa           "auth-ecdsa"
+#define NID_auth_ecdsa          1047
+
+#define SN_auth_psk             "AuthPSK"
+#define LN_auth_psk             "auth-psk"
+#define NID_auth_psk            1048
+
+#define SN_auth_dss             "AuthDSS"
+#define LN_auth_dss             "auth-dss"
+#define NID_auth_dss            1049
+
+#define SN_auth_gost01          "AuthGOST01"
+#define LN_auth_gost01          "auth-gost01"
+#define NID_auth_gost01         1050
+
+#define SN_auth_gost12          "AuthGOST12"
+#define LN_auth_gost12          "auth-gost12"
+#define NID_auth_gost12         1051
+
+#define SN_auth_srp             "AuthSRP"
+#define LN_auth_srp             "auth-srp"
+#define NID_auth_srp            1052
+
+#define SN_auth_null            "AuthNULL"
+#define LN_auth_null            "auth-null"
+#define NID_auth_null           1053
diff --git a/openssl-1.1.0h/include/openssl/objects.h b/openssl-1.1.0h/include/openssl/objects.h
new file mode 100644
index 0000000..d4462fe
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/objects.h
@@ -0,0 +1,1097 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJECTS_H
+# define HEADER_OBJECTS_H
+
+# define USE_OBJ_MAC
+
+# ifdef USE_OBJ_MAC
+#  include <openssl/obj_mac.h>
+# else
+#  define SN_undef                        "UNDEF"
+#  define LN_undef                        "undefined"
+#  define NID_undef                       0
+#  define OBJ_undef                       0L
+
+#  define SN_Algorithm                    "Algorithm"
+#  define LN_algorithm                    "algorithm"
+#  define NID_algorithm                   38
+#  define OBJ_algorithm                   1L,3L,14L,3L,2L
+
+#  define LN_rsadsi                       "rsadsi"
+#  define NID_rsadsi                      1
+#  define OBJ_rsadsi                      1L,2L,840L,113549L
+
+#  define LN_pkcs                         "pkcs"
+#  define NID_pkcs                        2
+#  define OBJ_pkcs                        OBJ_rsadsi,1L
+
+#  define SN_md2                          "MD2"
+#  define LN_md2                          "md2"
+#  define NID_md2                         3
+#  define OBJ_md2                         OBJ_rsadsi,2L,2L
+
+#  define SN_md5                          "MD5"
+#  define LN_md5                          "md5"
+#  define NID_md5                         4
+#  define OBJ_md5                         OBJ_rsadsi,2L,5L
+
+#  define SN_rc4                          "RC4"
+#  define LN_rc4                          "rc4"
+#  define NID_rc4                         5
+#  define OBJ_rc4                         OBJ_rsadsi,3L,4L
+
+#  define LN_rsaEncryption                "rsaEncryption"
+#  define NID_rsaEncryption               6
+#  define OBJ_rsaEncryption               OBJ_pkcs,1L,1L
+
+#  define SN_md2WithRSAEncryption         "RSA-MD2"
+#  define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#  define NID_md2WithRSAEncryption        7
+#  define OBJ_md2WithRSAEncryption        OBJ_pkcs,1L,2L
+
+#  define SN_md5WithRSAEncryption         "RSA-MD5"
+#  define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#  define NID_md5WithRSAEncryption        8
+#  define OBJ_md5WithRSAEncryption        OBJ_pkcs,1L,4L
+
+#  define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#  define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#  define NID_pbeWithMD2AndDES_CBC        9
+#  define OBJ_pbeWithMD2AndDES_CBC        OBJ_pkcs,5L,1L
+
+#  define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#  define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#  define NID_pbeWithMD5AndDES_CBC        10
+#  define OBJ_pbeWithMD5AndDES_CBC        OBJ_pkcs,5L,3L
+
+#  define LN_X500                         "X500"
+#  define NID_X500                        11
+#  define OBJ_X500                        2L,5L
+
+#  define LN_X509                         "X509"
+#  define NID_X509                        12
+#  define OBJ_X509                        OBJ_X500,4L
+
+#  define SN_commonName                   "CN"
+#  define LN_commonName                   "commonName"
+#  define NID_commonName                  13
+#  define OBJ_commonName                  OBJ_X509,3L
+
+#  define SN_countryName                  "C"
+#  define LN_countryName                  "countryName"
+#  define NID_countryName                 14
+#  define OBJ_countryName                 OBJ_X509,6L
+
+#  define SN_localityName                 "L"
+#  define LN_localityName                 "localityName"
+#  define NID_localityName                15
+#  define OBJ_localityName                OBJ_X509,7L
+
+/* Postal Address? PA */
+
+/* should be "ST" (rfc1327) but MS uses 'S' */
+#  define SN_stateOrProvinceName          "ST"
+#  define LN_stateOrProvinceName          "stateOrProvinceName"
+#  define NID_stateOrProvinceName         16
+#  define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#  define SN_organizationName             "O"
+#  define LN_organizationName             "organizationName"
+#  define NID_organizationName            17
+#  define OBJ_organizationName            OBJ_X509,10L
+
+#  define SN_organizationalUnitName       "OU"
+#  define LN_organizationalUnitName       "organizationalUnitName"
+#  define NID_organizationalUnitName      18
+#  define OBJ_organizationalUnitName      OBJ_X509,11L
+
+#  define SN_rsa                          "RSA"
+#  define LN_rsa                          "rsa"
+#  define NID_rsa                         19
+#  define OBJ_rsa                         OBJ_X500,8L,1L,1L
+
+#  define LN_pkcs7                        "pkcs7"
+#  define NID_pkcs7                       20
+#  define OBJ_pkcs7                       OBJ_pkcs,7L
+
+#  define LN_pkcs7_data                   "pkcs7-data"
+#  define NID_pkcs7_data                  21
+#  define OBJ_pkcs7_data                  OBJ_pkcs7,1L
+
+#  define LN_pkcs7_signed                 "pkcs7-signedData"
+#  define NID_pkcs7_signed                22
+#  define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#  define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#  define NID_pkcs7_enveloped             23
+#  define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#  define LN_pkcs7_signedAndEnveloped     "pkcs7-signedAndEnvelopedData"
+#  define NID_pkcs7_signedAndEnveloped    24
+#  define OBJ_pkcs7_signedAndEnveloped    OBJ_pkcs7,4L
+
+#  define LN_pkcs7_digest                 "pkcs7-digestData"
+#  define NID_pkcs7_digest                25
+#  define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#  define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#  define NID_pkcs7_encrypted             26
+#  define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#  define LN_pkcs3                        "pkcs3"
+#  define NID_pkcs3                       27
+#  define OBJ_pkcs3                       OBJ_pkcs,3L
+
+#  define LN_dhKeyAgreement               "dhKeyAgreement"
+#  define NID_dhKeyAgreement              28
+#  define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#  define SN_des_ecb                      "DES-ECB"
+#  define LN_des_ecb                      "des-ecb"
+#  define NID_des_ecb                     29
+#  define OBJ_des_ecb                     OBJ_algorithm,6L
+
+#  define SN_des_cfb64                    "DES-CFB"
+#  define LN_des_cfb64                    "des-cfb"
+#  define NID_des_cfb64                   30
+/* IV + num */
+#  define OBJ_des_cfb64                   OBJ_algorithm,9L
+
+#  define SN_des_cbc                      "DES-CBC"
+#  define LN_des_cbc                      "des-cbc"
+#  define NID_des_cbc                     31
+/* IV */
+#  define OBJ_des_cbc                     OBJ_algorithm,7L
+
+#  define SN_des_ede                      "DES-EDE"
+#  define LN_des_ede                      "des-ede"
+#  define NID_des_ede                     32
+/* ?? */
+#  define OBJ_des_ede                     OBJ_algorithm,17L
+
+#  define SN_des_ede3                     "DES-EDE3"
+#  define LN_des_ede3                     "des-ede3"
+#  define NID_des_ede3                    33
+
+#  define SN_idea_cbc                     "IDEA-CBC"
+#  define LN_idea_cbc                     "idea-cbc"
+#  define NID_idea_cbc                    34
+#  define OBJ_idea_cbc                    1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#  define SN_idea_cfb64                   "IDEA-CFB"
+#  define LN_idea_cfb64                   "idea-cfb"
+#  define NID_idea_cfb64                  35
+
+#  define SN_idea_ecb                     "IDEA-ECB"
+#  define LN_idea_ecb                     "idea-ecb"
+#  define NID_idea_ecb                    36
+
+#  define SN_rc2_cbc                      "RC2-CBC"
+#  define LN_rc2_cbc                      "rc2-cbc"
+#  define NID_rc2_cbc                     37
+#  define OBJ_rc2_cbc                     OBJ_rsadsi,3L,2L
+
+#  define SN_rc2_ecb                      "RC2-ECB"
+#  define LN_rc2_ecb                      "rc2-ecb"
+#  define NID_rc2_ecb                     38
+
+#  define SN_rc2_cfb64                    "RC2-CFB"
+#  define LN_rc2_cfb64                    "rc2-cfb"
+#  define NID_rc2_cfb64                   39
+
+#  define SN_rc2_ofb64                    "RC2-OFB"
+#  define LN_rc2_ofb64                    "rc2-ofb"
+#  define NID_rc2_ofb64                   40
+
+#  define SN_sha                          "SHA"
+#  define LN_sha                          "sha"
+#  define NID_sha                         41
+#  define OBJ_sha                         OBJ_algorithm,18L
+
+#  define SN_shaWithRSAEncryption         "RSA-SHA"
+#  define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#  define NID_shaWithRSAEncryption        42
+#  define OBJ_shaWithRSAEncryption        OBJ_algorithm,15L
+
+#  define SN_des_ede_cbc                  "DES-EDE-CBC"
+#  define LN_des_ede_cbc                  "des-ede-cbc"
+#  define NID_des_ede_cbc                 43
+
+#  define SN_des_ede3_cbc                 "DES-EDE3-CBC"
+#  define LN_des_ede3_cbc                 "des-ede3-cbc"
+#  define NID_des_ede3_cbc                44
+#  define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#  define SN_des_ofb64                    "DES-OFB"
+#  define LN_des_ofb64                    "des-ofb"
+#  define NID_des_ofb64                   45
+#  define OBJ_des_ofb64                   OBJ_algorithm,8L
+
+#  define SN_idea_ofb64                   "IDEA-OFB"
+#  define LN_idea_ofb64                   "idea-ofb"
+#  define NID_idea_ofb64                  46
+
+#  define LN_pkcs9                        "pkcs9"
+#  define NID_pkcs9                       47
+#  define OBJ_pkcs9                       OBJ_pkcs,9L
+
+#  define SN_pkcs9_emailAddress           "Email"
+#  define LN_pkcs9_emailAddress           "emailAddress"
+#  define NID_pkcs9_emailAddress          48
+#  define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#  define LN_pkcs9_unstructuredName       "unstructuredName"
+#  define NID_pkcs9_unstructuredName      49
+#  define OBJ_pkcs9_unstructuredName      OBJ_pkcs9,2L
+
+#  define LN_pkcs9_contentType            "contentType"
+#  define NID_pkcs9_contentType           50
+#  define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#  define LN_pkcs9_messageDigest          "messageDigest"
+#  define NID_pkcs9_messageDigest         51
+#  define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#  define LN_pkcs9_signingTime            "signingTime"
+#  define NID_pkcs9_signingTime           52
+#  define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#  define LN_pkcs9_countersignature       "countersignature"
+#  define NID_pkcs9_countersignature      53
+#  define OBJ_pkcs9_countersignature      OBJ_pkcs9,6L
+
+#  define LN_pkcs9_challengePassword      "challengePassword"
+#  define NID_pkcs9_challengePassword     54
+#  define OBJ_pkcs9_challengePassword     OBJ_pkcs9,7L
+
+#  define LN_pkcs9_unstructuredAddress    "unstructuredAddress"
+#  define NID_pkcs9_unstructuredAddress   55
+#  define OBJ_pkcs9_unstructuredAddress   OBJ_pkcs9,8L
+
+#  define LN_pkcs9_extCertAttributes      "extendedCertificateAttributes"
+#  define NID_pkcs9_extCertAttributes     56
+#  define OBJ_pkcs9_extCertAttributes     OBJ_pkcs9,9L
+
+#  define SN_netscape                     "Netscape"
+#  define LN_netscape                     "Netscape Communications Corp."
+#  define NID_netscape                    57
+#  define OBJ_netscape                    2L,16L,840L,1L,113730L
+
+#  define SN_netscape_cert_extension      "nsCertExt"
+#  define LN_netscape_cert_extension      "Netscape Certificate Extension"
+#  define NID_netscape_cert_extension     58
+#  define OBJ_netscape_cert_extension     OBJ_netscape,1L
+
+#  define SN_netscape_data_type           "nsDataType"
+#  define LN_netscape_data_type           "Netscape Data Type"
+#  define NID_netscape_data_type          59
+#  define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#  define SN_des_ede_cfb64                "DES-EDE-CFB"
+#  define LN_des_ede_cfb64                "des-ede-cfb"
+#  define NID_des_ede_cfb64               60
+
+#  define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#  define LN_des_ede3_cfb64               "des-ede3-cfb"
+#  define NID_des_ede3_cfb64              61
+
+#  define SN_des_ede_ofb64                "DES-EDE-OFB"
+#  define LN_des_ede_ofb64                "des-ede-ofb"
+#  define NID_des_ede_ofb64               62
+
+#  define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#  define LN_des_ede3_ofb64               "des-ede3-ofb"
+#  define NID_des_ede3_ofb64              63
+
+/* I'm not sure about the object ID */
+#  define SN_sha1                         "SHA1"
+#  define LN_sha1                         "sha1"
+#  define NID_sha1                        64
+#  define OBJ_sha1                        OBJ_algorithm,26L
+/* 28 Jun 1996 - eay */
+/* #define OBJ_sha1                     1L,3L,14L,2L,26L,05L <- wrong */
+
+#  define SN_sha1WithRSAEncryption        "RSA-SHA1"
+#  define LN_sha1WithRSAEncryption        "sha1WithRSAEncryption"
+#  define NID_sha1WithRSAEncryption       65
+#  define OBJ_sha1WithRSAEncryption       OBJ_pkcs,1L,5L
+
+#  define SN_dsaWithSHA                   "DSA-SHA"
+#  define LN_dsaWithSHA                   "dsaWithSHA"
+#  define NID_dsaWithSHA                  66
+#  define OBJ_dsaWithSHA                  OBJ_algorithm,13L
+
+#  define SN_dsa_2                        "DSA-old"
+#  define LN_dsa_2                        "dsaEncryption-old"
+#  define NID_dsa_2                       67
+#  define OBJ_dsa_2                       OBJ_algorithm,12L
+
+/* proposed by microsoft to RSA */
+#  define SN_pbeWithSHA1AndRC2_CBC        "PBE-SHA1-RC2-64"
+#  define LN_pbeWithSHA1AndRC2_CBC        "pbeWithSHA1AndRC2-CBC"
+#  define NID_pbeWithSHA1AndRC2_CBC       68
+#  define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L
+
+/*
+ * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined
+ * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely
+ * different.
+ */
+#  define LN_id_pbkdf2                    "PBKDF2"
+#  define NID_id_pbkdf2                   69
+#  define OBJ_id_pbkdf2                   OBJ_pkcs,5L,12L
+
+#  define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#  define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#  define NID_dsaWithSHA1_2               70
+/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
+#  define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#  define SN_netscape_cert_type           "nsCertType"
+#  define LN_netscape_cert_type           "Netscape Cert Type"
+#  define NID_netscape_cert_type          71
+#  define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#  define SN_netscape_base_url            "nsBaseUrl"
+#  define LN_netscape_base_url            "Netscape Base Url"
+#  define NID_netscape_base_url           72
+#  define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#  define SN_netscape_revocation_url      "nsRevocationUrl"
+#  define LN_netscape_revocation_url      "Netscape Revocation Url"
+#  define NID_netscape_revocation_url     73
+#  define OBJ_netscape_revocation_url     OBJ_netscape_cert_extension,3L
+
+#  define SN_netscape_ca_revocation_url   "nsCaRevocationUrl"
+#  define LN_netscape_ca_revocation_url   "Netscape CA Revocation Url"
+#  define NID_netscape_ca_revocation_url  74
+#  define OBJ_netscape_ca_revocation_url  OBJ_netscape_cert_extension,4L
+
+#  define SN_netscape_renewal_url         "nsRenewalUrl"
+#  define LN_netscape_renewal_url         "Netscape Renewal Url"
+#  define NID_netscape_renewal_url        75
+#  define OBJ_netscape_renewal_url        OBJ_netscape_cert_extension,7L
+
+#  define SN_netscape_ca_policy_url       "nsCaPolicyUrl"
+#  define LN_netscape_ca_policy_url       "Netscape CA Policy Url"
+#  define NID_netscape_ca_policy_url      76
+#  define OBJ_netscape_ca_policy_url      OBJ_netscape_cert_extension,8L
+
+#  define SN_netscape_ssl_server_name     "nsSslServerName"
+#  define LN_netscape_ssl_server_name     "Netscape SSL Server Name"
+#  define NID_netscape_ssl_server_name    77
+#  define OBJ_netscape_ssl_server_name    OBJ_netscape_cert_extension,12L
+
+#  define SN_netscape_comment             "nsComment"
+#  define LN_netscape_comment             "Netscape Comment"
+#  define NID_netscape_comment            78
+#  define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#  define SN_netscape_cert_sequence       "nsCertSequence"
+#  define LN_netscape_cert_sequence       "Netscape Certificate Sequence"
+#  define NID_netscape_cert_sequence      79
+#  define OBJ_netscape_cert_sequence      OBJ_netscape_data_type,5L
+
+#  define SN_desx_cbc                     "DESX-CBC"
+#  define LN_desx_cbc                     "desx-cbc"
+#  define NID_desx_cbc                    80
+
+#  define SN_id_ce                        "id-ce"
+#  define NID_id_ce                       81
+#  define OBJ_id_ce                       2L,5L,29L
+
+#  define SN_subject_key_identifier       "subjectKeyIdentifier"
+#  define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
+#  define NID_subject_key_identifier      82
+#  define OBJ_subject_key_identifier      OBJ_id_ce,14L
+
+#  define SN_key_usage                    "keyUsage"
+#  define LN_key_usage                    "X509v3 Key Usage"
+#  define NID_key_usage                   83
+#  define OBJ_key_usage                   OBJ_id_ce,15L
+
+#  define SN_private_key_usage_period     "privateKeyUsagePeriod"
+#  define LN_private_key_usage_period     "X509v3 Private Key Usage Period"
+#  define NID_private_key_usage_period    84
+#  define OBJ_private_key_usage_period    OBJ_id_ce,16L
+
+#  define SN_subject_alt_name             "subjectAltName"
+#  define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#  define NID_subject_alt_name            85
+#  define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#  define SN_issuer_alt_name              "issuerAltName"
+#  define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#  define NID_issuer_alt_name             86
+#  define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#  define SN_basic_constraints            "basicConstraints"
+#  define LN_basic_constraints            "X509v3 Basic Constraints"
+#  define NID_basic_constraints           87
+#  define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#  define SN_crl_number                   "crlNumber"
+#  define LN_crl_number                   "X509v3 CRL Number"
+#  define NID_crl_number                  88
+#  define OBJ_crl_number                  OBJ_id_ce,20L
+
+#  define SN_certificate_policies         "certificatePolicies"
+#  define LN_certificate_policies         "X509v3 Certificate Policies"
+#  define NID_certificate_policies        89
+#  define OBJ_certificate_policies        OBJ_id_ce,32L
+
+#  define SN_authority_key_identifier     "authorityKeyIdentifier"
+#  define LN_authority_key_identifier     "X509v3 Authority Key Identifier"
+#  define NID_authority_key_identifier    90
+#  define OBJ_authority_key_identifier    OBJ_id_ce,35L
+
+#  define SN_bf_cbc                       "BF-CBC"
+#  define LN_bf_cbc                       "bf-cbc"
+#  define NID_bf_cbc                      91
+#  define OBJ_bf_cbc                      1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#  define SN_bf_ecb                       "BF-ECB"
+#  define LN_bf_ecb                       "bf-ecb"
+#  define NID_bf_ecb                      92
+
+#  define SN_bf_cfb64                     "BF-CFB"
+#  define LN_bf_cfb64                     "bf-cfb"
+#  define NID_bf_cfb64                    93
+
+#  define SN_bf_ofb64                     "BF-OFB"
+#  define LN_bf_ofb64                     "bf-ofb"
+#  define NID_bf_ofb64                    94
+
+#  define SN_mdc2                         "MDC2"
+#  define LN_mdc2                         "mdc2"
+#  define NID_mdc2                        95
+#  define OBJ_mdc2                        2L,5L,8L,3L,101L
+/* An alternative?                      1L,3L,14L,3L,2L,19L */
+
+#  define SN_mdc2WithRSA                  "RSA-MDC2"
+#  define LN_mdc2WithRSA                  "mdc2withRSA"
+#  define NID_mdc2WithRSA                 96
+#  define OBJ_mdc2WithRSA                 2L,5L,8L,3L,100L
+
+#  define SN_rc4_40                       "RC4-40"
+#  define LN_rc4_40                       "rc4-40"
+#  define NID_rc4_40                      97
+
+#  define SN_rc2_40_cbc                   "RC2-40-CBC"
+#  define LN_rc2_40_cbc                   "rc2-40-cbc"
+#  define NID_rc2_40_cbc                  98
+
+#  define SN_givenName                    "G"
+#  define LN_givenName                    "givenName"
+#  define NID_givenName                   99
+#  define OBJ_givenName                   OBJ_X509,42L
+
+#  define SN_surname                      "S"
+#  define LN_surname                      "surname"
+#  define NID_surname                     100
+#  define OBJ_surname                     OBJ_X509,4L
+
+#  define SN_initials                     "I"
+#  define LN_initials                     "initials"
+#  define NID_initials                    101
+#  define OBJ_initials                    OBJ_X509,43L
+
+#  define SN_uniqueIdentifier             "UID"
+#  define LN_uniqueIdentifier             "uniqueIdentifier"
+#  define NID_uniqueIdentifier            102
+#  define OBJ_uniqueIdentifier            OBJ_X509,45L
+
+#  define SN_crl_distribution_points      "crlDistributionPoints"
+#  define LN_crl_distribution_points      "X509v3 CRL Distribution Points"
+#  define NID_crl_distribution_points     103
+#  define OBJ_crl_distribution_points     OBJ_id_ce,31L
+
+#  define SN_md5WithRSA                   "RSA-NP-MD5"
+#  define LN_md5WithRSA                   "md5WithRSA"
+#  define NID_md5WithRSA                  104
+#  define OBJ_md5WithRSA                  OBJ_algorithm,3L
+
+#  define SN_serialNumber                 "SN"
+#  define LN_serialNumber                 "serialNumber"
+#  define NID_serialNumber                105
+#  define OBJ_serialNumber                OBJ_X509,5L
+
+#  define SN_title                        "T"
+#  define LN_title                        "title"
+#  define NID_title                       106
+#  define OBJ_title                       OBJ_X509,12L
+
+#  define SN_description                  "D"
+#  define LN_description                  "description"
+#  define NID_description                 107
+#  define OBJ_description                 OBJ_X509,13L
+
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+#  define SN_cast5_cbc                    "CAST5-CBC"
+#  define LN_cast5_cbc                    "cast5-cbc"
+#  define NID_cast5_cbc                   108
+#  define OBJ_cast5_cbc                   1L,2L,840L,113533L,7L,66L,10L
+
+#  define SN_cast5_ecb                    "CAST5-ECB"
+#  define LN_cast5_ecb                    "cast5-ecb"
+#  define NID_cast5_ecb                   109
+
+#  define SN_cast5_cfb64                  "CAST5-CFB"
+#  define LN_cast5_cfb64                  "cast5-cfb"
+#  define NID_cast5_cfb64                 110
+
+#  define SN_cast5_ofb64                  "CAST5-OFB"
+#  define LN_cast5_ofb64                  "cast5-ofb"
+#  define NID_cast5_ofb64                 111
+
+#  define LN_pbeWithMD5AndCast5_CBC       "pbeWithMD5AndCast5CBC"
+#  define NID_pbeWithMD5AndCast5_CBC      112
+#  define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
+
+/*-
+ * This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID  ::= {
+ *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+#  define SN_dsaWithSHA1                  "DSA-SHA1"
+#  define LN_dsaWithSHA1                  "dsaWithSHA1"
+#  define NID_dsaWithSHA1                 113
+#  define OBJ_dsaWithSHA1                 1L,2L,840L,10040L,4L,3L
+
+#  define NID_md5_sha1                    114
+#  define SN_md5_sha1                     "MD5-SHA1"
+#  define LN_md5_sha1                     "md5-sha1"
+
+#  define SN_sha1WithRSA                  "RSA-SHA1-2"
+#  define LN_sha1WithRSA                  "sha1WithRSA"
+#  define NID_sha1WithRSA                 115
+#  define OBJ_sha1WithRSA                 OBJ_algorithm,29L
+
+#  define SN_dsa                          "DSA"
+#  define LN_dsa                          "dsaEncryption"
+#  define NID_dsa                         116
+#  define OBJ_dsa                         1L,2L,840L,10040L,4L,1L
+
+#  define SN_ripemd160                    "RIPEMD160"
+#  define LN_ripemd160                    "ripemd160"
+#  define NID_ripemd160                   117
+#  define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
+
+/*
+ * The name should actually be rsaSignatureWithripemd160, but I'm going to
+ * continue using the convention I'm using with the other ciphers
+ */
+#  define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#  define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#  define NID_ripemd160WithRSA            119
+#  define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+/*-
+ * Taken from rfc2040
+ *  RC5_CBC_Parameters ::= SEQUENCE {
+ *      version           INTEGER (v1_0(16)),
+ *      rounds            INTEGER (8..127),
+ *      blockSizeInBits   INTEGER (64, 128),
+ *      iv                OCTET STRING OPTIONAL
+ *      }
+ */
+#  define SN_rc5_cbc                      "RC5-CBC"
+#  define LN_rc5_cbc                      "rc5-cbc"
+#  define NID_rc5_cbc                     120
+#  define OBJ_rc5_cbc                     OBJ_rsadsi,3L,8L
+
+#  define SN_rc5_ecb                      "RC5-ECB"
+#  define LN_rc5_ecb                      "rc5-ecb"
+#  define NID_rc5_ecb                     121
+
+#  define SN_rc5_cfb64                    "RC5-CFB"
+#  define LN_rc5_cfb64                    "rc5-cfb"
+#  define NID_rc5_cfb64                   122
+
+#  define SN_rc5_ofb64                    "RC5-OFB"
+#  define LN_rc5_ofb64                    "rc5-ofb"
+#  define NID_rc5_ofb64                   123
+
+#  define SN_rle_compression              "RLE"
+#  define LN_rle_compression              "run length compression"
+#  define NID_rle_compression             124
+#  define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
+
+#  define SN_zlib_compression             "ZLIB"
+#  define LN_zlib_compression             "zlib compression"
+#  define NID_zlib_compression            125
+#  define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
+
+#  define SN_ext_key_usage                "extendedKeyUsage"
+#  define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#  define NID_ext_key_usage               126
+#  define OBJ_ext_key_usage               OBJ_id_ce,37
+
+#  define SN_id_pkix                      "PKIX"
+#  define NID_id_pkix                     127
+#  define OBJ_id_pkix                     1L,3L,6L,1L,5L,5L,7L
+
+#  define SN_id_kp                        "id-kp"
+#  define NID_id_kp                       128
+#  define OBJ_id_kp                       OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#  define SN_server_auth                  "serverAuth"
+#  define LN_server_auth                  "TLS Web Server Authentication"
+#  define NID_server_auth                 129
+#  define OBJ_server_auth                 OBJ_id_kp,1L
+
+#  define SN_client_auth                  "clientAuth"
+#  define LN_client_auth                  "TLS Web Client Authentication"
+#  define NID_client_auth                 130
+#  define OBJ_client_auth                 OBJ_id_kp,2L
+
+#  define SN_code_sign                    "codeSigning"
+#  define LN_code_sign                    "Code Signing"
+#  define NID_code_sign                   131
+#  define OBJ_code_sign                   OBJ_id_kp,3L
+
+#  define SN_email_protect                "emailProtection"
+#  define LN_email_protect                "E-mail Protection"
+#  define NID_email_protect               132
+#  define OBJ_email_protect               OBJ_id_kp,4L
+
+#  define SN_time_stamp                   "timeStamping"
+#  define LN_time_stamp                   "Time Stamping"
+#  define NID_time_stamp                  133
+#  define OBJ_time_stamp                  OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#  define SN_ms_code_ind                  "msCodeInd"
+#  define LN_ms_code_ind                  "Microsoft Individual Code Signing"
+#  define NID_ms_code_ind                 134
+#  define OBJ_ms_code_ind                 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#  define SN_ms_code_com                  "msCodeCom"
+#  define LN_ms_code_com                  "Microsoft Commercial Code Signing"
+#  define NID_ms_code_com                 135
+#  define OBJ_ms_code_com                 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#  define SN_ms_ctl_sign                  "msCTLSign"
+#  define LN_ms_ctl_sign                  "Microsoft Trust List Signing"
+#  define NID_ms_ctl_sign                 136
+#  define OBJ_ms_ctl_sign                 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#  define SN_ms_sgc                       "msSGC"
+#  define LN_ms_sgc                       "Microsoft Server Gated Crypto"
+#  define NID_ms_sgc                      137
+#  define OBJ_ms_sgc                      1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#  define SN_ms_efs                       "msEFS"
+#  define LN_ms_efs                       "Microsoft Encrypted File System"
+#  define NID_ms_efs                      138
+#  define OBJ_ms_efs                      1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Additional usage: Netscape */
+
+#  define SN_ns_sgc                       "nsSGC"
+#  define LN_ns_sgc                       "Netscape Server Gated Crypto"
+#  define NID_ns_sgc                      139
+#  define OBJ_ns_sgc                      OBJ_netscape,4L,1L
+
+#  define SN_delta_crl                    "deltaCRL"
+#  define LN_delta_crl                    "X509v3 Delta CRL Indicator"
+#  define NID_delta_crl                   140
+#  define OBJ_delta_crl                   OBJ_id_ce,27L
+
+#  define SN_crl_reason                   "CRLReason"
+#  define LN_crl_reason                   "CRL Reason Code"
+#  define NID_crl_reason                  141
+#  define OBJ_crl_reason                  OBJ_id_ce,21L
+
+#  define SN_invalidity_date              "invalidityDate"
+#  define LN_invalidity_date              "Invalidity Date"
+#  define NID_invalidity_date             142
+#  define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#  define SN_sxnet                        "SXNetID"
+#  define LN_sxnet                        "Strong Extranet ID"
+#  define NID_sxnet                       143
+#  define OBJ_sxnet                       1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+#  define OBJ_pkcs12                      OBJ_pkcs,12L
+#  define OBJ_pkcs12_pbeids               OBJ_pkcs12, 1
+
+#  define SN_pbe_WithSHA1And128BitRC4     "PBE-SHA1-RC4-128"
+#  define LN_pbe_WithSHA1And128BitRC4     "pbeWithSHA1And128BitRC4"
+#  define NID_pbe_WithSHA1And128BitRC4    144
+#  define OBJ_pbe_WithSHA1And128BitRC4    OBJ_pkcs12_pbeids, 1L
+
+#  define SN_pbe_WithSHA1And40BitRC4      "PBE-SHA1-RC4-40"
+#  define LN_pbe_WithSHA1And40BitRC4      "pbeWithSHA1And40BitRC4"
+#  define NID_pbe_WithSHA1And40BitRC4     145
+#  define OBJ_pbe_WithSHA1And40BitRC4     OBJ_pkcs12_pbeids, 2L
+
+#  define SN_pbe_WithSHA1And3_Key_TripleDES_CBC   "PBE-SHA1-3DES"
+#  define LN_pbe_WithSHA1And3_Key_TripleDES_CBC   "pbeWithSHA1And3-KeyTripleDES-CBC"
+#  define NID_pbe_WithSHA1And3_Key_TripleDES_CBC  146
+#  define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 3L
+
+#  define SN_pbe_WithSHA1And2_Key_TripleDES_CBC   "PBE-SHA1-2DES"
+#  define LN_pbe_WithSHA1And2_Key_TripleDES_CBC   "pbeWithSHA1And2-KeyTripleDES-CBC"
+#  define NID_pbe_WithSHA1And2_Key_TripleDES_CBC  147
+#  define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 4L
+
+#  define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#  define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#  define NID_pbe_WithSHA1And128BitRC2_CBC        148
+#  define OBJ_pbe_WithSHA1And128BitRC2_CBC        OBJ_pkcs12_pbeids, 5L
+
+#  define SN_pbe_WithSHA1And40BitRC2_CBC  "PBE-SHA1-RC2-40"
+#  define LN_pbe_WithSHA1And40BitRC2_CBC  "pbeWithSHA1And40BitRC2-CBC"
+#  define NID_pbe_WithSHA1And40BitRC2_CBC 149
+#  define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
+
+#  define OBJ_pkcs12_Version1     OBJ_pkcs12, 10L
+
+#  define OBJ_pkcs12_BagIds       OBJ_pkcs12_Version1, 1L
+
+#  define LN_keyBag               "keyBag"
+#  define NID_keyBag              150
+#  define OBJ_keyBag              OBJ_pkcs12_BagIds, 1L
+
+#  define LN_pkcs8ShroudedKeyBag  "pkcs8ShroudedKeyBag"
+#  define NID_pkcs8ShroudedKeyBag 151
+#  define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
+
+#  define LN_certBag              "certBag"
+#  define NID_certBag             152
+#  define OBJ_certBag             OBJ_pkcs12_BagIds, 3L
+
+#  define LN_crlBag               "crlBag"
+#  define NID_crlBag              153
+#  define OBJ_crlBag              OBJ_pkcs12_BagIds, 4L
+
+#  define LN_secretBag            "secretBag"
+#  define NID_secretBag           154
+#  define OBJ_secretBag           OBJ_pkcs12_BagIds, 5L
+
+#  define LN_safeContentsBag      "safeContentsBag"
+#  define NID_safeContentsBag     155
+#  define OBJ_safeContentsBag     OBJ_pkcs12_BagIds, 6L
+
+#  define LN_friendlyName         "friendlyName"
+#  define NID_friendlyName        156
+#  define OBJ_friendlyName        OBJ_pkcs9, 20L
+
+#  define LN_localKeyID           "localKeyID"
+#  define NID_localKeyID          157
+#  define OBJ_localKeyID          OBJ_pkcs9, 21L
+
+#  define OBJ_certTypes           OBJ_pkcs9, 22L
+
+#  define LN_x509Certificate      "x509Certificate"
+#  define NID_x509Certificate     158
+#  define OBJ_x509Certificate     OBJ_certTypes, 1L
+
+#  define LN_sdsiCertificate      "sdsiCertificate"
+#  define NID_sdsiCertificate     159
+#  define OBJ_sdsiCertificate     OBJ_certTypes, 2L
+
+#  define OBJ_crlTypes            OBJ_pkcs9, 23L
+
+#  define LN_x509Crl              "x509Crl"
+#  define NID_x509Crl             160
+#  define OBJ_x509Crl             OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+#  define LN_pbes2                "PBES2"
+#  define NID_pbes2               161
+#  define OBJ_pbes2               OBJ_pkcs,5L,13L
+
+#  define LN_pbmac1               "PBMAC1"
+#  define NID_pbmac1              162
+#  define OBJ_pbmac1              OBJ_pkcs,5L,14L
+
+#  define LN_hmacWithSHA1         "hmacWithSHA1"
+#  define NID_hmacWithSHA1        163
+#  define OBJ_hmacWithSHA1        OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+#  define LN_id_qt_cps            "Policy Qualifier CPS"
+#  define SN_id_qt_cps            "id-qt-cps"
+#  define NID_id_qt_cps           164
+#  define OBJ_id_qt_cps           OBJ_id_pkix,2L,1L
+
+#  define LN_id_qt_unotice        "Policy Qualifier User Notice"
+#  define SN_id_qt_unotice        "id-qt-unotice"
+#  define NID_id_qt_unotice       165
+#  define OBJ_id_qt_unotice       OBJ_id_pkix,2L,2L
+
+#  define SN_rc2_64_cbc                   "RC2-64-CBC"
+#  define LN_rc2_64_cbc                   "rc2-64-cbc"
+#  define NID_rc2_64_cbc                  166
+
+#  define SN_SMIMECapabilities            "SMIME-CAPS"
+#  define LN_SMIMECapabilities            "S/MIME Capabilities"
+#  define NID_SMIMECapabilities           167
+#  define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#  define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#  define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#  define NID_pbeWithMD2AndRC2_CBC        168
+#  define OBJ_pbeWithMD2AndRC2_CBC        OBJ_pkcs,5L,4L
+
+#  define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#  define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#  define NID_pbeWithMD5AndRC2_CBC        169
+#  define OBJ_pbeWithMD5AndRC2_CBC        OBJ_pkcs,5L,6L
+
+#  define SN_pbeWithSHA1AndDES_CBC        "PBE-SHA1-DES"
+#  define LN_pbeWithSHA1AndDES_CBC        "pbeWithSHA1AndDES-CBC"
+#  define NID_pbeWithSHA1AndDES_CBC       170
+#  define OBJ_pbeWithSHA1AndDES_CBC       OBJ_pkcs,5L,10L
+
+/* Extension request OIDs */
+
+#  define LN_ms_ext_req                   "Microsoft Extension Request"
+#  define SN_ms_ext_req                   "msExtReq"
+#  define NID_ms_ext_req                  171
+#  define OBJ_ms_ext_req                  1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#  define LN_ext_req                      "Extension Request"
+#  define SN_ext_req                      "extReq"
+#  define NID_ext_req                     172
+#  define OBJ_ext_req                     OBJ_pkcs9,14L
+
+#  define SN_name                         "name"
+#  define LN_name                         "name"
+#  define NID_name                        173
+#  define OBJ_name                        OBJ_X509,41L
+
+#  define SN_dnQualifier                  "dnQualifier"
+#  define LN_dnQualifier                  "dnQualifier"
+#  define NID_dnQualifier                 174
+#  define OBJ_dnQualifier                 OBJ_X509,46L
+
+#  define SN_id_pe                        "id-pe"
+#  define NID_id_pe                       175
+#  define OBJ_id_pe                       OBJ_id_pkix,1L
+
+#  define SN_id_ad                        "id-ad"
+#  define NID_id_ad                       176
+#  define OBJ_id_ad                       OBJ_id_pkix,48L
+
+#  define SN_info_access                  "authorityInfoAccess"
+#  define LN_info_access                  "Authority Information Access"
+#  define NID_info_access                 177
+#  define OBJ_info_access                 OBJ_id_pe,1L
+
+#  define SN_ad_OCSP                      "OCSP"
+#  define LN_ad_OCSP                      "OCSP"
+#  define NID_ad_OCSP                     178
+#  define OBJ_ad_OCSP                     OBJ_id_ad,1L
+
+#  define SN_ad_ca_issuers                "caIssuers"
+#  define LN_ad_ca_issuers                "CA Issuers"
+#  define NID_ad_ca_issuers               179
+#  define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#  define SN_OCSP_sign                    "OCSPSigning"
+#  define LN_OCSP_sign                    "OCSP Signing"
+#  define NID_OCSP_sign                   180
+#  define OBJ_OCSP_sign                   OBJ_id_kp,9L
+# endif                         /* USE_OBJ_MAC */
+
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+
+# define OBJ_NAME_TYPE_UNDEF             0x00
+# define OBJ_NAME_TYPE_MD_METH           0x01
+# define OBJ_NAME_TYPE_CIPHER_METH       0x02
+# define OBJ_NAME_TYPE_PKEY_METH         0x03
+# define OBJ_NAME_TYPE_COMP_METH         0x04
+# define OBJ_NAME_TYPE_NUM               0x05
+
+# define OBJ_NAME_ALIAS                  0x8000
+
+# define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st {
+    int type;
+    int alias;
+    const char *name;
+    const char *data;
+} OBJ_NAME;
+
+# define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name, int type);
+int OBJ_NAME_add(const char *name, int type, const char *data);
+int OBJ_NAME_remove(const char *name, int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg);
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg);
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int OBJ_txt2nid(const char *s);
+int OBJ_ln2nid(const char *s);
+int OBJ_sn2nid(const char *s);
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *));
+const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags);
+
+# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+/*-
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignment discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, declare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+
+# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+
+# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
+
+int OBJ_new_nid(int num);
+int OBJ_add_object(const ASN1_OBJECT *obj);
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OBJ_cleanup() while(0) continue
+#endif
+int OBJ_create_objects(BIO *in);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_OBJ_strings(void);
+
+/* Error codes for the OBJ functions. */
+
+/* Function codes. */
+# define OBJ_F_OBJ_ADD_OBJECT                             105
+# define OBJ_F_OBJ_CREATE                                 100
+# define OBJ_F_OBJ_DUP                                    101
+# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
+# define OBJ_F_OBJ_NID2LN                                 102
+# define OBJ_F_OBJ_NID2OBJ                                103
+# define OBJ_F_OBJ_NID2SN                                 104
+
+/* Reason codes. */
+# define OBJ_R_OID_EXISTS                                 102
+# define OBJ_R_UNKNOWN_NID                                101
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ocsp.h b/openssl-1.1.0h/include/openssl/ocsp.h
new file mode 100644
index 0000000..90ebe5c
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ocsp.h
@@ -0,0 +1,398 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSP_H
+# define HEADER_OCSP_H
+
+#include <openssl/opensslconf.h>
+
+/*
+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
+ * historical reasons they have OCSP_* names, they can actually be used
+ * independently of OCSP. E.g. see RFC5280
+ */
+/*-
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#  define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#  define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#  define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#  define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#  define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#  define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#  define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#  define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#  define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+
+# ifndef OPENSSL_NO_OCSP
+
+#  include <openssl/ossl_typ.h>
+#  include <openssl/x509.h>
+#  include <openssl/x509v3.h>
+#  include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#  define OCSP_DEFAULT_NONCE_LENGTH       16
+
+#  define OCSP_NOCERTS                    0x1
+#  define OCSP_NOINTERN                   0x2
+#  define OCSP_NOSIGS                     0x4
+#  define OCSP_NOCHAIN                    0x8
+#  define OCSP_NOVERIFY                   0x10
+#  define OCSP_NOEXPLICIT                 0x20
+#  define OCSP_NOCASIGN                   0x40
+#  define OCSP_NODELEGATED                0x80
+#  define OCSP_NOCHECKS                   0x100
+#  define OCSP_TRUSTOTHER                 0x200
+#  define OCSP_RESPID_KEY                 0x400
+#  define OCSP_NOTIME                     0x800
+
+typedef struct ocsp_cert_id_st OCSP_CERTID;
+
+DEFINE_STACK_OF(OCSP_CERTID)
+
+typedef struct ocsp_one_request_st OCSP_ONEREQ;
+
+DEFINE_STACK_OF(OCSP_ONEREQ)
+
+typedef struct ocsp_req_info_st OCSP_REQINFO;
+typedef struct ocsp_signature_st OCSP_SIGNATURE;
+typedef struct ocsp_request_st OCSP_REQUEST;
+
+#  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
+#  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#  define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#  define OCSP_RESPONSE_STATUS_TRYLATER             3
+#  define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#  define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
+
+#  define V_OCSP_RESPID_NAME 0
+#  define V_OCSP_RESPID_KEY  1
+
+DEFINE_STACK_OF(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+
+typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
+
+#  define V_OCSP_CERTSTATUS_GOOD    0
+#  define V_OCSP_CERTSTATUS_REVOKED 1
+#  define V_OCSP_CERTSTATUS_UNKNOWN 2
+
+typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
+typedef struct ocsp_single_response_st OCSP_SINGLERESP;
+
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
+typedef struct ocsp_response_data_st OCSP_RESPDATA;
+
+typedef struct ocsp_basic_response_st OCSP_BASICRESP;
+
+typedef struct ocsp_crl_id_st OCSP_CRLID;
+typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
+
+#  define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#  define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#  define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+#  define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+
+#  define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#   define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#  define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#  define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#  define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+
+#  define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+
+#  define ASN1_BIT_STRING_digest(data,type,md,len) \
+        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#  define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
+                          const ASN1_ITEM *it);
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
+                                int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+const char *OCSP_response_status_str(long s);
+const char *OCSP_cert_status_str(long s);
+const char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_OCSP_strings(void);
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+# define OCSP_F_D2I_OCSP_NONCE                            102
+# define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
+# define OCSP_F_OCSP_BASIC_SIGN                           104
+# define OCSP_F_OCSP_BASIC_VERIFY                         105
+# define OCSP_F_OCSP_CERT_ID_NEW                          101
+# define OCSP_F_OCSP_CHECK_DELEGATED                      106
+# define OCSP_F_OCSP_CHECK_IDS                            107
+# define OCSP_F_OCSP_CHECK_ISSUER                         108
+# define OCSP_F_OCSP_CHECK_VALIDITY                       115
+# define OCSP_F_OCSP_MATCH_ISSUERID                       109
+# define OCSP_F_OCSP_PARSE_URL                            114
+# define OCSP_F_OCSP_REQUEST_SIGN                         110
+# define OCSP_F_OCSP_REQUEST_VERIFY                       116
+# define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
+# define OCSP_F_PARSE_HTTP_LINE1                          118
+
+/* Reason codes. */
+# define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
+# define OCSP_R_DIGEST_ERR                                102
+# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
+# define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
+# define OCSP_R_ERROR_PARSING_URL                         121
+# define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
+# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
+# define OCSP_R_NOT_BASIC_RESPONSE                        104
+# define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
+# define OCSP_R_NO_RESPONSE_DATA                          108
+# define OCSP_R_NO_REVOKED_TIME                           109
+# define OCSP_R_NO_SIGNER_KEY                             130
+# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
+# define OCSP_R_REQUEST_NOT_SIGNED                        128
+# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
+# define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
+# define OCSP_R_SERVER_RESPONSE_ERROR                     114
+# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
+# define OCSP_R_SIGNATURE_FAILURE                         117
+# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
+# define OCSP_R_STATUS_EXPIRED                            125
+# define OCSP_R_STATUS_NOT_YET_VALID                      126
+# define OCSP_R_STATUS_TOO_OLD                            127
+# define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
+# define OCSP_R_UNKNOWN_NID                               120
+# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/opensslconf.h.in b/openssl-1.1.0h/include/openssl/opensslconf.h.in
new file mode 100644
index 0000000..9f8634a
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/opensslconf.h.in
@@ -0,0 +1,141 @@
+/*
+ * {- join("\n * ", @autowarntext) -}
+ *
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+{- if (@{$config{openssl_sys_defines}}) {
+      foreach (@{$config{openssl_sys_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_ 1\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    foreach (@{$config{openssl_api_defines}}) {
+        (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/;
+        $OUT .= "#define $macro $value\n";
+    }
+    if (@{$config{openssl_algorithm_defines}}) {
+      foreach (@{$config{openssl_algorithm_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    if (@{$config{openssl_thread_defines}}) {
+      foreach (@{$config{openssl_thread_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    if (@{$config{openssl_other_defines}}) {
+      foreach (@{$config{openssl_other_defines}}) {
+	$OUT .= "#ifndef $_\n";
+	$OUT .= "# define $_\n";
+	$OUT .= "#endif\n";
+      }
+    }
+    "";
+-}
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#else
+# define DECLARE_DEPRECATED(f)   f;
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+{- $target{cpuid_obj} ne "mem_clr.o" ? "#define OPENSSL_CPUID_OBJ" : "" -}
+
+/* Generate 80386 code? */
+{- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD {- $target{unistd} -}
+
+{- $config{export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG
+/* Only one for the following should be defined */
+{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64}  ? "# define" : "# undef" -} SIXTY_FOUR_BIT
+{- $config{b32}  ? "# define" : "# undef" -} THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT {- $config{rc4_int} -}
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/openssl-1.1.0h/include/openssl/opensslv.h b/openssl-1.1.0h/include/openssl/opensslv.h
new file mode 100644
index 0000000..4fb437f
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/opensslv.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev      0x00903000
+ * 0.9.3-beta1    0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3          0x0090300f
+ * 0.9.3a         0x0090301f
+ * 0.9.4          0x0090400f
+ * 1.2.3z         0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER  0x1010008fL
+# ifdef OPENSSL_FIPS
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0h-fips  27 Mar 2018"
+# else
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0h  27 Mar 2018"
+# endif
+
+#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch)
+
+/* use this for #if tests, should never depend upon fix/patch */
+#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER)
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major version number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "1.1"
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* HEADER_OPENSSLV_H */
diff --git a/openssl-1.1.0h/include/openssl/ossl_typ.h b/openssl-1.1.0h/include/openssl/ossl_typ.h
new file mode 100644
index 0000000..129a67f
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ossl_typ.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+# define HEADER_OPENSSL_TYPES_H
+
+#include <limits.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/e_os2.h>
+
+# ifdef NO_ASN1_TYPEDEFS
+#  define ASN1_INTEGER            ASN1_STRING
+#  define ASN1_ENUMERATED         ASN1_STRING
+#  define ASN1_BIT_STRING         ASN1_STRING
+#  define ASN1_OCTET_STRING       ASN1_STRING
+#  define ASN1_PRINTABLESTRING    ASN1_STRING
+#  define ASN1_T61STRING          ASN1_STRING
+#  define ASN1_IA5STRING          ASN1_STRING
+#  define ASN1_UTCTIME            ASN1_STRING
+#  define ASN1_GENERALIZEDTIME    ASN1_STRING
+#  define ASN1_TIME               ASN1_STRING
+#  define ASN1_GENERALSTRING      ASN1_STRING
+#  define ASN1_UNIVERSALSTRING    ASN1_STRING
+#  define ASN1_BMPSTRING          ASN1_STRING
+#  define ASN1_VISIBLESTRING      ASN1_STRING
+#  define ASN1_UTF8STRING         ASN1_STRING
+#  define ASN1_BOOLEAN            int
+#  define ASN1_NULL               int
+# else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef struct asn1_string_st ASN1_STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+# endif
+
+typedef struct asn1_object_st ASN1_OBJECT;
+
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct asn1_pctx_st ASN1_PCTX;
+typedef struct asn1_sctx_st ASN1_SCTX;
+
+# ifdef _WIN32
+#  undef X509_NAME
+#  undef X509_EXTENSIONS
+#  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
+#  undef OCSP_REQUEST
+#  undef OCSP_RESPONSE
+# endif
+
+# ifdef BIGNUM
+#  undef BIGNUM
+# endif
+struct dane_st;
+typedef struct bio_st BIO;
+typedef struct bignum_st BIGNUM;
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+
+typedef struct buf_mem_st BUF_MEM;
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct evp_md_st EVP_MD;
+typedef struct evp_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
+
+typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
+
+typedef struct hmac_ctx_st HMAC_CTX;
+
+typedef struct dh_st DH;
+typedef struct dh_method DH_METHOD;
+
+typedef struct dsa_st DSA;
+typedef struct dsa_method DSA_METHOD;
+
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
+
+typedef struct rand_meth_st RAND_METHOD;
+
+typedef struct ssl_dane_st SSL_DANE;
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct x509_crl_method_st X509_CRL_METHOD;
+typedef struct x509_revoked_st X509_REVOKED;
+typedef struct X509_name_st X509_NAME;
+typedef struct X509_pubkey_st X509_PUBKEY;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct x509_object_st X509_OBJECT;
+typedef struct x509_lookup_st X509_LOOKUP;
+typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
+typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
+
+typedef struct v3_ext_ctx X509V3_CTX;
+typedef struct conf_st CONF;
+typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
+
+typedef struct ui_st UI;
+typedef struct ui_method_st UI_METHOD;
+
+typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+typedef struct comp_ctx_st COMP_CTX;
+typedef struct comp_method_st COMP_METHOD;
+
+typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
+typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
+typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
+typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+
+typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
+typedef struct DIST_POINT_st DIST_POINT;
+typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
+typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
+
+typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+
+typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
+typedef struct ocsp_response_st OCSP_RESPONSE;
+typedef struct ocsp_responder_id_st OCSP_RESPID;
+
+typedef struct sct_st SCT;
+typedef struct sct_ctx_st SCT_CTX;
+typedef struct ctlog_st CTLOG;
+typedef struct ctlog_store_st CTLOG_STORE;
+typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+typedef intmax_t ossl_intmax_t;
+typedef uintmax_t ossl_uintmax_t;
+#else
+/*
+ * Not long long, because the C-library can only be expected to provide
+ * strtoll(), strtoull() at the same time as intmax_t and strtoimax(),
+ * strtoumax().  Since we use these for parsing arguments, we need the
+ * conversion functions, not just the sizes.
+ */
+typedef long ossl_intmax_t;
+typedef unsigned long ossl_uintmax_t;
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* def HEADER_OPENSSL_TYPES_H */
diff --git a/openssl-1.1.0h/include/openssl/pem.h b/openssl-1.1.0h/include/openssl/pem.h
new file mode 100644
index 0000000..2375d63
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/pem.h
@@ -0,0 +1,501 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEM_H
+# define HEADER_PEM_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define PEM_BUFSIZE             1024
+
+# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+# define PEM_STRING_X509         "CERTIFICATE"
+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+# define PEM_STRING_X509_CRL     "X509 CRL"
+# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+# define PEM_STRING_PUBLIC       "PUBLIC KEY"
+# define PEM_STRING_RSA          "RSA PRIVATE KEY"
+# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+# define PEM_STRING_DSA          "DSA PRIVATE KEY"
+# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
+# define PEM_STRING_PKCS7        "PKCS7"
+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
+# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
+# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+# define PEM_STRING_DHXPARAMS    "X9.42 DH PARAMETERS"
+# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+# define PEM_STRING_PARAMETERS   "PARAMETERS"
+# define PEM_STRING_CMS          "CMS"
+
+# define PEM_TYPE_ENCRYPTED      10
+# define PEM_TYPE_MIC_ONLY       20
+# define PEM_TYPE_MIC_CLEAR      30
+# define PEM_TYPE_CLEAR          40
+
+typedef struct pem_recip_st {
+    char *name;
+    X509_NAME *dn;
+    int cipher;
+    int key_enc;
+    /*      char iv[8]; unused and wrong size */
+} PEM_USER;
+
+typedef struct pem_ctx_st {
+    int type;                   /* what type of object */
+    struct {
+        int version;
+        int mode;
+    } proc_type;
+
+    char *domain;
+
+    struct {
+        int cipher;
+        /*-
+        unused, and wrong size
+        unsigned char iv[8]; */
+    } DEK_info;
+
+    PEM_USER *originator;
+
+    int num_recipient;
+    PEM_USER **recipient;
+
+/*-
+    XXX(ben): don#t think this is used!
+        STACK *x509_chain;      / * certificate chain */
+    EVP_MD *md;                 /* signature type */
+
+    int md_enc;                 /* is the md encrypted or not? */
+    int md_len;                 /* length of md_data */
+    char *md_data;              /* message digest, could be pkey encrypted */
+
+    EVP_CIPHER *dec;            /* date encryption cipher */
+    int key_len;                /* key length */
+    unsigned char *key;         /* key */
+  /*-
+    unused, and wrong size
+    unsigned char iv[8]; */
+
+    int data_enc;               /* is the data encrypted */
+    int data_len;
+    unsigned char *data;
+} PEM_CTX;
+
+/*
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
+ * IMPLEMENT_PEM_rw_cb(...)
+ */
+
+# ifdef OPENSSL_NO_STDIO
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
+# else
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
+}
+
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, const type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+# endif
+
+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
+}
+
+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+# if defined(OPENSSL_NO_STDIO)
+
+#  define DECLARE_PEM_read_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp_const(name, type) /**/
+#  define DECLARE_PEM_write_cb_fp(name, type) /**/
+# else
+
+#  define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#  define DECLARE_PEM_write_fp_const(name, type) \
+        int PEM_write_##name(FILE *fp, const type *x);
+
+#  define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# endif
+
+#  define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#  define DECLARE_PEM_write_bio_const(name, type) \
+        int PEM_write_bio_##name(BIO *bp, const type *x);
+
+#  define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type)
+# define DECLARE_PEM_write_const(name, type) \
+        DECLARE_PEM_write_bio_const(name, type) \
+        DECLARE_PEM_write_fp_const(name, type)
+# define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type)
+# define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+# define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+# define DECLARE_PEM_rw_const(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_const(name, type)
+# define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
+                  pem_password_cb *callback, void *u);
+
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
+                  const unsigned char *data, long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u);
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
+                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+                       pem_password_cb *cb, void *u);
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u);
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cd, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_write(FILE *fp, const char *name, const char *hdr,
+              const unsigned char *data, long len);
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u);
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u);
+#endif
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey);
+
+int PEM_def_callback(char *buf, int num, int w, void *key);
+void PEM_proc_type(char *buf, int type);
+void PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+# include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+DECLARE_PEM_rw(X509_AUX, X509)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+DECLARE_PEM_rw(PKCS7, PKCS7)
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# endif
+# ifndef OPENSSL_NO_DSA
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+# endif
+# ifndef OPENSSL_NO_DH
+DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_write_const(DHxparams, DH)
+# endif
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u);
+
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cd,
+                              void *u);
+# endif
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+
+# ifndef OPENSSL_NO_DSA
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+#  ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+#  endif
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_PEM_strings(void);
+
+/* Error codes for the PEM functions. */
+
+/* Function codes. */
+# define PEM_F_B2I_DSS                                    127
+# define PEM_F_B2I_PVK_BIO                                128
+# define PEM_F_B2I_RSA                                    129
+# define PEM_F_CHECK_BITLEN_DSA                           130
+# define PEM_F_CHECK_BITLEN_RSA                           131
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+# define PEM_F_DO_B2I                                     132
+# define PEM_F_DO_B2I_BIO                                 133
+# define PEM_F_DO_BLOB_HEADER                             134
+# define PEM_F_DO_PK8PKEY                                 126
+# define PEM_F_DO_PK8PKEY_FP                              125
+# define PEM_F_DO_PVK_BODY                                135
+# define PEM_F_DO_PVK_HEADER                              136
+# define PEM_F_I2B_PVK                                    137
+# define PEM_F_I2B_PVK_BIO                                138
+# define PEM_F_LOAD_IV                                    101
+# define PEM_F_PEM_ASN1_READ                              102
+# define PEM_F_PEM_ASN1_READ_BIO                          103
+# define PEM_F_PEM_ASN1_WRITE                             104
+# define PEM_F_PEM_ASN1_WRITE_BIO                         105
+# define PEM_F_PEM_DEF_CALLBACK                           100
+# define PEM_F_PEM_DO_HEADER                              106
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+# define PEM_F_PEM_READ                                   108
+# define PEM_F_PEM_READ_BIO                               109
+# define PEM_F_PEM_READ_BIO_DHPARAMS                      141
+# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
+# define PEM_F_PEM_READ_DHPARAMS                          142
+# define PEM_F_PEM_READ_PRIVATEKEY                        124
+# define PEM_F_PEM_SIGNFINAL                              112
+# define PEM_F_PEM_WRITE                                  113
+# define PEM_F_PEM_WRITE_BIO                              114
+# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
+# define PEM_F_PEM_X509_INFO_READ                         115
+# define PEM_F_PEM_X509_INFO_READ_BIO                     116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/* Reason codes. */
+# define PEM_R_BAD_BASE64_DECODE                          100
+# define PEM_R_BAD_DECRYPT                                101
+# define PEM_R_BAD_END_LINE                               102
+# define PEM_R_BAD_IV_CHARS                               103
+# define PEM_R_BAD_MAGIC_NUMBER                           116
+# define PEM_R_BAD_PASSWORD_READ                          104
+# define PEM_R_BAD_VERSION_NUMBER                         117
+# define PEM_R_BIO_WRITE_FAILURE                          118
+# define PEM_R_CIPHER_IS_NULL                             127
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+# define PEM_R_HEADER_TOO_LONG                            128
+# define PEM_R_INCONSISTENT_HEADER                        121
+# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+# define PEM_R_KEYBLOB_TOO_SHORT                          123
+# define PEM_R_MISSING_DEK_IV                             129
+# define PEM_R_NOT_DEK_INFO                               105
+# define PEM_R_NOT_ENCRYPTED                              106
+# define PEM_R_NOT_PROC_TYPE                              107
+# define PEM_R_NO_START_LINE                              108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+# define PEM_R_PVK_DATA_TOO_SHORT                         124
+# define PEM_R_PVK_TOO_SHORT                              125
+# define PEM_R_READ_KEY                                   111
+# define PEM_R_SHORT_HEADER                               112
+# define PEM_R_UNEXPECTED_DEK_IV                          130
+# define PEM_R_UNSUPPORTED_CIPHER                         113
+# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/pem2.h b/openssl-1.1.0h/include/openssl/pem2.h
new file mode 100644
index 0000000..cfe73f1
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/pem2.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef HEADER_PEM_H
+int ERR_load_PEM_strings(void);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/openssl-1.1.0h/include/openssl/pkcs12.h b/openssl-1.1.0h/include/openssl/pkcs12.h
new file mode 100644
index 0000000..deaded9
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/pkcs12.h
@@ -0,0 +1,282 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID   1
+# define PKCS12_IV_ID    2
+# define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* It's not clear if these are actually needed... */
+# define PKCS12_key_gen PKCS12_key_gen_utf8
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8
+
+/* MS key usage constants */
+
+# define KEY_EX  0x10
+# define KEY_SIG 0x80
+
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
+
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st PKCS12_BAGS;
+
+# define PKCS12_ERROR    0
+# define PKCS12_OK       1
+
+/* Compatibility macros */
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+
+# define M_PKCS12_bag_type PKCS12_bag_type
+# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
+
+# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
+# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
+
+#endif
+
+DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid))
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(const PKCS12 *p12);
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12);
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                        PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen,
+                                int en_de);
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                     int saltlen, const EVP_MD *md_type);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen);
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                      int iter, int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int key_nid, const char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int safe_nid, int iter, const char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+# endif
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+# ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+# endif
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_PKCS12_strings(void);
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+# define PKCS12_F_PKCS12_CREATE                           105
+# define PKCS12_F_PKCS12_GEN_MAC                          107
+# define PKCS12_F_PKCS12_INIT                             109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+# define PKCS12_F_PKCS12_KEY_GEN_UTF8                     116
+# define PKCS12_F_PKCS12_NEWPASS                          128
+# define PKCS12_F_PKCS12_PACK_P7DATA                      114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+# define PKCS12_F_PKCS12_PARSE                            118
+# define PKCS12_F_PKCS12_PBE_CRYPT                        119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF            112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8            113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT     133
+# define PKCS12_F_PKCS12_SETUP_MAC                        122
+# define PKCS12_F_PKCS12_SET_MAC                          123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+# define PKCS12_F_PKCS12_VERIFY_MAC                       126
+# define PKCS12_F_PKCS8_ENCRYPT                           125
+# define PKCS12_F_PKCS8_SET0_PBE                          132
+
+/* Reason codes. */
+# define PKCS12_R_CANT_PACK_STRUCTURE                     100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
+# define PKCS12_R_DECODE_ERROR                            101
+# define PKCS12_R_ENCODE_ERROR                            102
+# define PKCS12_R_ENCRYPT_ERROR                           103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+# define PKCS12_R_IV_GEN_ERROR                            106
+# define PKCS12_R_KEY_GEN_ERROR                           107
+# define PKCS12_R_MAC_ABSENT                              108
+# define PKCS12_R_MAC_GENERATION_ERROR                    109
+# define PKCS12_R_MAC_SETUP_ERROR                         110
+# define PKCS12_R_MAC_STRING_SET_ERROR                    111
+# define PKCS12_R_MAC_VERIFY_FAILURE                      113
+# define PKCS12_R_PARSE_ERROR                             114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/pkcs7.h b/openssl-1.1.0h/include/openssl/pkcs7.h
new file mode 100644
index 0000000..691f722
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/pkcs7.h
@@ -0,0 +1,404 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7_H
+# define HEADER_PKCS7_H
+
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/symhacks.h>
+# include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+Encryption_ID           DES-CBC
+Digest_ID               MD5
+Digest_Encryption_ID    rsaEncryption
+Key_Encryption_ID       rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serial;
+} PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *digest_alg;
+    STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
+    X509_ALGOR *digest_enc_alg;
+    ASN1_OCTET_STRING *enc_digest;
+    STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
+    /* The private key to sign with */
+    EVP_PKEY *pkey;
+} PKCS7_SIGNER_INFO;
+
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *key_enc_algor;
+    ASN1_OCTET_STRING *enc_key;
+    X509 *cert;                 /* get the pub-key from this */
+} PKCS7_RECIP_INFO;
+
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    struct pkcs7_st *contents;
+} PKCS7_SIGNED;
+/*
+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about
+ * merging the two
+ */
+
+typedef struct pkcs7_enc_content_st {
+    ASN1_OBJECT *content_type;
+    X509_ALGOR *algorithm;
+    ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
+    const EVP_CIPHER *cipher;
+} PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    PKCS7_ENC_CONTENT *enc_data;
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+} PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    X509_ALGOR *md;             /* md used */
+    struct pkcs7_st *contents;
+    ASN1_OCTET_STRING *digest;
+} PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st {
+    /*
+     * The following is non NULL if it contains ASN1 encoding of this
+     * structure
+     */
+    unsigned char *asn1;
+    long length;
+# define PKCS7_S_HEADER  0
+# define PKCS7_S_BODY    1
+# define PKCS7_S_TAIL    2
+    int state;                  /* used during processing */
+    int detached;
+    ASN1_OBJECT *type;
+    /* content as defined by the type */
+    /*
+     * all encryption/message digests are applied to the 'contents', leaving
+     * out the 'type' field.
+     */
+    union {
+        char *ptr;
+        /* NID_pkcs7_data */
+        ASN1_OCTET_STRING *data;
+        /* NID_pkcs7_signed */
+        PKCS7_SIGNED *sign;
+        /* NID_pkcs7_enveloped */
+        PKCS7_ENVELOPE *enveloped;
+        /* NID_pkcs7_signedAndEnveloped */
+        PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+        /* NID_pkcs7_digest */
+        PKCS7_DIGEST *digest;
+        /* NID_pkcs7_encrypted */
+        PKCS7_ENCRYPT *encrypted;
+        /* Anything else */
+        ASN1_TYPE *other;
+    } d;
+} PKCS7;
+
+DEFINE_STACK_OF(PKCS7)
+
+# define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+# define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+
+# define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+# define PKCS7_get_attributes(si)        ((si)->unauth_attr)
+
+# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+# define PKCS7_type_is_signedAndEnveloped(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+# define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+# define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+
+# define PKCS7_set_detached(p,v) \
+                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+# define PKCS7_get_detached(p) \
+                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
+/* S/MIME related flags */
+
+# define PKCS7_TEXT              0x1
+# define PKCS7_NOCERTS           0x2
+# define PKCS7_NOSIGS            0x4
+# define PKCS7_NOCHAIN           0x8
+# define PKCS7_NOINTERN          0x10
+# define PKCS7_NOVERIFY          0x20
+# define PKCS7_DETACHED          0x40
+# define PKCS7_BINARY            0x80
+# define PKCS7_NOATTR            0x100
+# define PKCS7_NOSMIMECAP        0x200
+# define PKCS7_NOOLDMIMETYPE     0x400
+# define PKCS7_CRLFEOL           0x800
+# define PKCS7_STREAM            0x1000
+# define PKCS7_NOCRL             0x2000
+# define PKCS7_PARTIAL           0x4000
+# define PKCS7_REUSE_DIGEST      0x8000
+# define PKCS7_NO_DUAL_CONTENT   0x10000
+
+/* Flags: for compatibility with older code */
+
+# define SMIME_TEXT      PKCS7_TEXT
+# define SMIME_NOCERTS   PKCS7_NOCERTS
+# define SMIME_NOSIGS    PKCS7_NOSIGS
+# define SMIME_NOCHAIN   PKCS7_NOCHAIN
+# define SMIME_NOINTERN  PKCS7_NOINTERN
+# define SMIME_NOVERIFY  PKCS7_NOVERIFY
+# define SMIME_DETACHED  PKCS7_DETACHED
+# define SMIME_BINARY    PKCS7_BINARY
+# define SMIME_NOATTR    PKCS7_NOATTR
+
+/* CRLF ASCII canonicalisation */
+# define SMIME_ASCIICRLF         0x80000
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len);
+# ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
+# endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
+DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst);
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+                     BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+                                       EVP_PKEY *pkey, const EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig);
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type,
+                               void *data);
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags);
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
+                                         X509 *signcert, EVP_PKEY *pkey,
+                                         const EVP_MD *md, int flags);
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
+                  int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_PKCS7_strings(void);
+
+/* Error codes for the PKCS7 functions. */
+
+/* Function codes. */
+# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
+# define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+# define PKCS7_F_PKCS7_ADD_CRL                            101
+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+# define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
+# define PKCS7_F_PKCS7_ADD_SIGNER                         103
+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
+# define PKCS7_F_PKCS7_CTRL                               104
+# define PKCS7_F_PKCS7_DATADECODE                         112
+# define PKCS7_F_PKCS7_DATAFINAL                          128
+# define PKCS7_F_PKCS7_DATAINIT                           105
+# define PKCS7_F_PKCS7_DATAVERIFY                         107
+# define PKCS7_F_PKCS7_DECRYPT                            114
+# define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+# define PKCS7_F_PKCS7_ENCODE_RINFO                       132
+# define PKCS7_F_PKCS7_ENCRYPT                            115
+# define PKCS7_F_PKCS7_FINAL                              134
+# define PKCS7_F_PKCS7_FIND_DIGEST                        127
+# define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+# define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
+# define PKCS7_F_PKCS7_SET_CIPHER                         108
+# define PKCS7_F_PKCS7_SET_CONTENT                        109
+# define PKCS7_F_PKCS7_SET_DIGEST                         126
+# define PKCS7_F_PKCS7_SET_TYPE                           110
+# define PKCS7_F_PKCS7_SIGN                               116
+# define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+# define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+# define PKCS7_F_PKCS7_VERIFY                             117
+
+/* Reason codes. */
+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
+# define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
+# define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+# define PKCS7_R_CTRL_ERROR                               152
+# define PKCS7_R_DECRYPT_ERROR                            119
+# define PKCS7_R_DIGEST_FAILURE                           101
+# define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
+# define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
+# define PKCS7_R_ERROR_SETTING_CIPHER                     121
+# define PKCS7_R_INVALID_NULL_POINTER                     143
+# define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
+# define PKCS7_R_NO_CONTENT                               122
+# define PKCS7_R_NO_DEFAULT_DIGEST                        151
+# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+# define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+# define PKCS7_R_NO_SIGNERS                               142
+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
+# define PKCS7_R_PKCS7_DATASIGN                           145
+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+# define PKCS7_R_SIGNATURE_FAILURE                        105
+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+# define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
+# define PKCS7_R_SMIME_TEXT_ERROR                         129
+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+# define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+# define PKCS7_R_UNKNOWN_OPERATION                        110
+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+# define PKCS7_R_WRONG_CONTENT_TYPE                       113
+# define PKCS7_R_WRONG_PKCS7_TYPE                         114
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/rand.h b/openssl-1.1.0h/include/openssl/rand.h
new file mode 100644
index 0000000..d521ae1
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/rand.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_H
+# define HEADER_RAND_H
+
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct rand_meth_st RAND_METHOD; */
+
+struct rand_meth_st {
+    int (*seed) (const void *buf, int num);
+    int (*bytes) (unsigned char *buf, int num);
+    void (*cleanup) (void);
+    int (*add) (const void *buf, int num, double entropy);
+    int (*pseudorand) (unsigned char *buf, int num);
+    int (*status) (void);
+};
+
+# ifdef BN_DEBUG
+extern int rand_predictable;
+# endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+# endif
+RAND_METHOD *RAND_OpenSSL(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define RAND_cleanup() while(0) continue
+#endif
+int RAND_bytes(unsigned char *buf, int num);
+DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
+void RAND_seed(const void *buf, int num);
+#if defined(__ANDROID__) && defined(__NDK_FPABI__)
+__NDK_FPABI__	/* __attribute__((pcs("aapcs"))) on ARM */
+#endif
+void RAND_add(const void *buf, int num, double entropy);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
+int RAND_status(void);
+# ifndef OPENSSL_NO_EGD
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path, int bytes);
+# endif
+int RAND_poll(void);
+
+#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_RAND_strings(void);
+
+/* Error codes for the RAND functions. */
+
+/* Function codes. */
+# define RAND_F_RAND_BYTES                                100
+
+/* Reason codes. */
+# define RAND_R_PRNG_NOT_SEEDED                           100
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/rc2.h b/openssl-1.1.0h/include/openssl/rc2.h
new file mode 100644
index 0000000..585f9e4
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/rc2.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC2_H
+# define HEADER_RC2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC2
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int RC2_INT;
+
+# define RC2_ENCRYPT     1
+# define RC2_DECRYPT     0
+
+# define RC2_BLOCK       8
+# define RC2_KEY_LENGTH  16
+
+typedef struct rc2_key_st {
+    RC2_INT data[64];
+} RC2_KEY;
+
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     RC2_KEY *key, int enc);
+void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/rc4.h b/openssl-1.1.0h/include/openssl/rc4.h
new file mode 100644
index 0000000..86803b3
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/rc4.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_H
+# define HEADER_RC4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC4
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st {
+    RC4_INT x, y;
+    RC4_INT data[256];
+} RC4_KEY;
+
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/rc5.h b/openssl-1.1.0h/include/openssl/rc5.h
new file mode 100644
index 0000000..793f88e
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/rc5.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC5_H
+# define HEADER_RC5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC5
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RC5_ENCRYPT     1
+# define RC5_DECRYPT     0
+
+# define RC5_32_INT unsigned int
+
+# define RC5_32_BLOCK            8
+# define RC5_32_KEY_LENGTH       16/* This is a default, max is 255 */
+
+/*
+ * This are the only values supported.  Tweak the code if you want more The
+ * most supported modes will be RC5-32/12/16 RC5-32/16/8
+ */
+# define RC5_8_ROUNDS    8
+# define RC5_12_ROUNDS   12
+# define RC5_16_ROUNDS   16
+
+typedef struct rc5_key_st {
+    /* Number of rounds */
+    int rounds;
+    RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
+} RC5_32_KEY;
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *key, int enc);
+void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ripemd.h b/openssl-1.1.0h/include/openssl/ripemd.h
new file mode 100644
index 0000000..c42026a
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ripemd.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RIPEMD_H
+# define HEADER_RIPEMD_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RIPEMD160_LONG unsigned int
+
+# define RIPEMD160_CBLOCK        64
+# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
+# define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st {
+    RIPEMD160_LONG A, B, C, D, E;
+    RIPEMD160_LONG Nl, Nh;
+    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+    unsigned int num;
+} RIPEMD160_CTX;
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/rsa.h b/openssl-1.1.0h/include/openssl/rsa.h
new file mode 100644
index 0000000..d97d6e0
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/rsa.h
@@ -0,0 +1,590 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSA_H
+# define HEADER_RSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RSA
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
+
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+#  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
+# endif
+
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+#  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+
+/* exponent limit enforced for "large" modulus only */
+#  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
+# endif
+
+# define RSA_3   0x3L
+# define RSA_F4  0x10001L
+
+# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
+                                                * match */
+
+# define RSA_FLAG_CACHE_PUBLIC           0x0002
+# define RSA_FLAG_CACHE_PRIVATE          0x0004
+# define RSA_FLAG_BLINDING               0x0008
+# define RSA_FLAG_THREAD_SAFE            0x0010
+/*
+ * This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag
+ * bn_mod_exp gets called when private key components are absent.
+ */
+# define RSA_FLAG_EXT_PKEY               0x0020
+
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+# define RSA_FLAG_NO_BLINDING            0x0080
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define RSA_FLAG_NO_CONSTTIME           0x0000
+# endif
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+#  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
+
+# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
+                                pad, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
+                                EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
+# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
+                                len, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                                EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
+                                0, plen)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+
+# define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)  \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                                EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
+
+# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md)  \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                                EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md)
+
+# define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                                EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
+
+# define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                                EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd)
+
+# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                                EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l)
+
+# define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l)       \
+                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                                EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l)
+
+# define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
+
+# define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
+
+# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
+
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+
+# define RSA_PKCS1_PADDING       1
+# define RSA_SSLV23_PADDING      2
+# define RSA_NO_PADDING          3
+# define RSA_PKCS1_OAEP_PADDING  4
+# define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+# define RSA_PKCS1_PSS_PADDING   6
+
+# define RSA_PKCS1_PADDING_SIZE  11
+
+# define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+
+RSA *RSA_new(void);
+RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
+int RSA_size(const RSA *rsa);
+int RSA_security_bits(const RSA *rsa);
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+ENGINE *RSA_get0_engine(const RSA *r);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
+                                         (*callback) (int, int, void *),
+                                         void *cb_arg))
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb);
+
+int RSA_check_key(const RSA *);
+int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
+        /* next 4 return -1 on error */
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+int RSA_public_decrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+void RSA_free(RSA *r);
+/* "up" the RSA object's reference count */
+int RSA_up_ref(RSA *r);
+
+int RSA_flags(const RSA *r);
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* these are the actual RSA functions */
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+const RSA_METHOD *RSA_null_method(void);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+typedef struct rsa_pss_params_st {
+    X509_ALGOR *hashAlgorithm;
+    X509_ALGOR *maskGenAlgorithm;
+    ASN1_INTEGER *saltLength;
+    ASN1_INTEGER *trailerField;
+} RSA_PSS_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+typedef struct rsa_oaep_params_st {
+    X509_ALGOR *hashFunc;
+    X509_ALGOR *maskGenFunc;
+    X509_ALGOR *pSourceFunc;
+} RSA_OAEP_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+# ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
+
+int RSA_print(BIO *bp, const RSA *r, int offset);
+
+/*
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/*
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_length,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
+                                 unsigned int m_length, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
+               long seedlen, const EVP_MD *dgst);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md);
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash, const EVP_MD *Hash,
+                              int sLen);
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen);
+
+#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
+int RSA_set_ex_data(RSA *r, int idx, void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/*
+ * If this flag is set the RSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define RSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
+/*
+ * Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+# define RSA_FLAG_CHECKED                        0x0800
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_get_flags(RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                         BN_CTX *ctx));
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx));
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_RSA_strings(void);
+
+/* Error codes for the RSA functions. */
+
+/* Function codes. */
+# define RSA_F_CHECK_PADDING_MD                           140
+# define RSA_F_ENCODE_PKCS1                               146
+# define RSA_F_INT_RSA_VERIFY                             145
+# define RSA_F_OLD_RSA_PRIV_DECODE                        147
+# define RSA_F_PKEY_RSA_CTRL                              143
+# define RSA_F_PKEY_RSA_CTRL_STR                          144
+# define RSA_F_PKEY_RSA_SIGN                              142
+# define RSA_F_PKEY_RSA_VERIFY                            149
+# define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
+# define RSA_F_RSA_ALGOR_TO_MD                            156
+# define RSA_F_RSA_BUILTIN_KEYGEN                         129
+# define RSA_F_RSA_CHECK_KEY                              123
+# define RSA_F_RSA_CHECK_KEY_EX                           160
+# define RSA_F_RSA_CMS_DECRYPT                            159
+# define RSA_F_RSA_ITEM_VERIFY                            148
+# define RSA_F_RSA_METH_DUP                               161
+# define RSA_F_RSA_METH_NEW                               162
+# define RSA_F_RSA_METH_SET1_NAME                         163
+# define RSA_F_RSA_MGF1_TO_MD                             157
+# define RSA_F_RSA_NEW_METHOD                             106
+# define RSA_F_RSA_NULL                                   124
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
+# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
+# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
+# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103
+# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT                    104
+# define RSA_F_RSA_PADDING_ADD_NONE                       107
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            154
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             152
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
+# define RSA_F_RSA_PADDING_ADD_SSLV23                     110
+# define RSA_F_RSA_PADDING_ADD_X931                       127
+# define RSA_F_RSA_PADDING_CHECK_NONE                     111
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          153
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
+# define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
+# define RSA_F_RSA_PADDING_CHECK_X931                     128
+# define RSA_F_RSA_PRINT                                  115
+# define RSA_F_RSA_PRINT_FP                               116
+# define RSA_F_RSA_PRIV_ENCODE                            138
+# define RSA_F_RSA_PSS_TO_CTX                             155
+# define RSA_F_RSA_PUB_DECODE                             139
+# define RSA_F_RSA_SETUP_BLINDING                         136
+# define RSA_F_RSA_SIGN                                   117
+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
+# define RSA_F_RSA_VERIFY                                 119
+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  126
+
+/* Reason codes. */
+# define RSA_R_ALGORITHM_MISMATCH                         100
+# define RSA_R_BAD_E_VALUE                                101
+# define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+# define RSA_R_BAD_PAD_BYTE_COUNT                         103
+# define RSA_R_BAD_SIGNATURE                              104
+# define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+# define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+# define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+# define RSA_R_DATA_TOO_LARGE                             109
+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
+# define RSA_R_DATA_TOO_SMALL                             111
+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
+# define RSA_R_DIGEST_DOES_NOT_MATCH                      158
+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
+# define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
+# define RSA_R_FIRST_OCTET_INVALID                        133
+# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+# define RSA_R_INVALID_DIGEST                             157
+# define RSA_R_INVALID_DIGEST_LENGTH                      143
+# define RSA_R_INVALID_HEADER                             137
+# define RSA_R_INVALID_LABEL                              160
+# define RSA_R_INVALID_MESSAGE_LENGTH                     131
+# define RSA_R_INVALID_MGF1_MD                            156
+# define RSA_R_INVALID_OAEP_PARAMETERS                    161
+# define RSA_R_INVALID_PADDING                            138
+# define RSA_R_INVALID_PADDING_MODE                       141
+# define RSA_R_INVALID_PSS_PARAMETERS                     149
+# define RSA_R_INVALID_PSS_SALTLEN                        146
+# define RSA_R_INVALID_SALT_LENGTH                        150
+# define RSA_R_INVALID_TRAILER                            139
+# define RSA_R_INVALID_X931_DIGEST                        142
+# define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
+# define RSA_R_KEY_SIZE_TOO_SMALL                         120
+# define RSA_R_LAST_OCTET_INVALID                         134
+# define RSA_R_MODULUS_TOO_LARGE                          105
+# define RSA_R_NO_PUBLIC_EXPONENT                         140
+# define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+# define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
+# define RSA_R_OAEP_DECODING_ERROR                        121
+# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
+# define RSA_R_PADDING_CHECK_FAILED                       114
+# define RSA_R_PKCS_DECODING_ERROR                        159
+# define RSA_R_P_NOT_PRIME                                128
+# define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
+# define RSA_R_SLEN_CHECK_FAILED                          136
+# define RSA_R_SLEN_RECOVERY_FAILED                       135
+# define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+# define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+# define RSA_R_UNKNOWN_DIGEST                             166
+# define RSA_R_UNKNOWN_MASK_DIGEST                        151
+# define RSA_R_UNKNOWN_PADDING_TYPE                       118
+# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                162
+# define RSA_R_UNSUPPORTED_LABEL_SOURCE                   163
+# define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
+# define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
+# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
+# define RSA_R_VALUE_MISSING                              147
+# define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/safestack.h b/openssl-1.1.0h/include/openssl/safestack.h
new file mode 100644
index 0000000..9fe733c
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/safestack.h
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SAFESTACK_H
+# define HEADER_SAFESTACK_H
+
+# include <openssl/stack.h>
+# include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define STACK_OF(type) struct stack_st_##type
+
+# define SKM_DEFINE_STACK_OF(t1, t2, t3) \
+    STACK_OF(t1); \
+    typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
+    typedef void (*sk_##t1##_freefunc)(t3 *a); \
+    typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
+    static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
+    { \
+        return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
+    } \
+    static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_free((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
+    { \
+        return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
+    } \
+    static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
+                                           (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
+    { \
+        OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
+    { \
+        return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \
+    } \
+    static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
+                                                    sk_##t1##_copyfunc copyfunc, \
+                                                    sk_##t1##_freefunc freefunc) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \
+                                            (OPENSSL_sk_copyfunc)copyfunc, \
+                                            (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
+    { \
+        return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
+    }
+
+# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
+# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
+# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
+            SKM_DEFINE_STACK_OF(t1, const t2, t2)
+# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
+
+/*-
+ * Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+ * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+
+/*-
+ * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
+ * above, instead of a single char each entry is a NUL-terminated array of
+ * chars. So, we have to implement STRING specially for STACK_OF. This is
+ * dealt with in the autogenerated macros below.
+ */
+DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+
+/*
+ * Similarly, we sometimes use a block of characters, NOT nul-terminated.
+ * These should also be distinguished from "normal" stacks.
+ */
+typedef void *OPENSSL_BLOCK;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/seed.h b/openssl-1.1.0h/include/openssl/seed.h
new file mode 100644
index 0000000..de10b08
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/seed.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef HEADER_SEED_H
+# define HEADER_SEED_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SEED
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* look whether we need 'long' to get 32 bits */
+# ifdef AES_LONG
+#  ifndef SEED_LONG
+#   define SEED_LONG 1
+#  endif
+# endif
+
+# include <sys/types.h>
+
+# define SEED_BLOCK_SIZE 16
+# define SEED_KEY_LENGTH 16
+
+typedef struct seed_key_st {
+# ifdef SEED_LONG
+    unsigned long data[32];
+# else
+    unsigned int data[32];
+# endif
+} SEED_KEY_SCHEDULE;
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+                      const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/sha.h b/openssl-1.1.0h/include/openssl/sha.h
new file mode 100644
index 0000000..6a1eb0d
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/sha.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide.                    !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define SHA_LONG unsigned int
+
+# define SHA_LBLOCK      16
+# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+    SHA_LONG h0, h1, h2, h3, h4;
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num;
+} SHA_CTX;
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+
+# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+
+typedef struct SHA256state_st {
+    SHA_LONG h[8];
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num, md_len;
+} SHA256_CTX;
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+
+# define SHA224_DIGEST_LENGTH    28
+# define SHA256_DIGEST_LENGTH    32
+# define SHA384_DIGEST_LENGTH    48
+# define SHA512_DIGEST_LENGTH    64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+/*
+ * SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values.
+ */
+# define SHA512_CBLOCK   (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define SHA_LONG64 unsigned __int64
+#  define U64(C)     C##UI64
+# elif defined(__arch64__)
+#  define SHA_LONG64 unsigned long
+#  define U64(C)     C##UL
+# else
+#  define SHA_LONG64 unsigned long long
+#  define U64(C)     C##ULL
+# endif
+
+typedef struct SHA512state_st {
+    SHA_LONG64 h[8];
+    SHA_LONG64 Nl, Nh;
+    union {
+        SHA_LONG64 d[SHA_LBLOCK];
+        unsigned char p[SHA512_CBLOCK];
+    } u;
+    unsigned int num, md_len;
+} SHA512_CTX;
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/srp.h b/openssl-1.1.0h/include/openssl/srp.h
new file mode 100644
index 0000000..f2b6ec7
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/srp.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SRP_H
+# define HEADER_SRP_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SRP
+# include <stdio.h>
+# include <string.h>
+# include <openssl/safestack.h>
+# include <openssl/bn.h>
+# include <openssl/crypto.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct SRP_gN_cache_st {
+    char *b64_bn;
+    BIGNUM *bn;
+} SRP_gN_cache;
+
+
+DEFINE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st {
+    /* Owned by us. */
+    char *id;
+    BIGNUM *s;
+    BIGNUM *v;
+    /* Not owned by us. */
+    const BIGNUM *g;
+    const BIGNUM *N;
+    /* Owned by us. */
+    char *info;
+} SRP_user_pwd;
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+DEFINE_STACK_OF(SRP_user_pwd)
+
+typedef struct SRP_VBASE_st {
+    STACK_OF(SRP_user_pwd) *users_pwd;
+    STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+    char *seed_key;
+    const BIGNUM *default_g;
+    const BIGNUM *default_N;
+} SRP_VBASE;
+
+/*
+ * Internal structure storing N and g pair
+ */
+typedef struct SRP_gN_st {
+    char *id;
+    const BIGNUM *g;
+    const BIGNUM *N;
+} SRP_gN;
+
+DEFINE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+void SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+
+/* This method ignores the configured seed and fails for an unknown user. */
+DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username))
+/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g);
+
+# define SRP_NO_ERROR 0
+# define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+# define SRP_ERR_VBASE_BN_LIB 2
+# define SRP_ERR_OPEN_FILE 3
+# define SRP_ERR_MEMORY 4
+
+# define DB_srptype      0
+# define DB_srpverifier  1
+# define DB_srpsalt      2
+# define DB_srpid        3
+# define DB_srpgN        4
+# define DB_srpinfo      5
+# undef  DB_NUMBER
+# define DB_NUMBER       6
+
+# define DB_SRP_INDEX    'I'
+# define DB_SRP_VALID    'V'
+# define DB_SRP_REVOKED  'R'
+# define DB_SRP_MODIF    'v'
+
+/* see srp.c */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+SRP_gN *SRP_get_default_gN(const char *id);
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
+
+# define SRP_MINIMAL_N 1024
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/srtp.h b/openssl-1.1.0h/include/openssl/srtp.h
new file mode 100644
index 0000000..0b57c23
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/srtp.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#ifndef HEADER_D1_SRTP_H
+# define HEADER_D1_SRTP_H
+
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SRTP_AES128_CM_SHA1_80 0x0001
+# define SRTP_AES128_CM_SHA1_32 0x0002
+# define SRTP_AES128_F8_SHA1_80 0x0003
+# define SRTP_AES128_F8_SHA1_32 0x0004
+# define SRTP_NULL_SHA1_80      0x0005
+# define SRTP_NULL_SHA1_32      0x0006
+
+/* AEAD SRTP protection profiles from RFC 7714 */
+# define SRTP_AEAD_AES_128_GCM  0x0007
+# define SRTP_AEAD_AES_256_GCM  0x0008
+
+# ifndef OPENSSL_NO_SRTP
+
+__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ssl.h b/openssl-1.1.0h/include/openssl/ssl.h
new file mode 100644
index 0000000..f070bd2
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ssl.h
@@ -0,0 +1,2567 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/x509.h>
+#  include <openssl/crypto.h>
+#  include <openssl/lhash.h>
+#  include <openssl/buffer.h>
+# endif
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+# include <openssl/async.h>
+
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* OpenSSL version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+# define SSL_MAX_SID_CTX_LENGTH                  32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH                  8
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* The maximum number of encrypt/decrypt pipelines we can support */
+# define SSL_MAX_PIPELINES  32
+
+/* text strings for the ciphers */
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_LOW             "LOW"
+# define SSL_TXT_MEDIUM          "MEDIUM"
+# define SSL_TXT_HIGH            "HIGH"
+# define SSL_TXT_FIPS            "FIPS"
+
+# define SSL_TXT_aNULL           "aNULL"
+# define SSL_TXT_eNULL           "eNULL"
+# define SSL_TXT_NULL            "NULL"
+
+# define SSL_TXT_kRSA            "kRSA"
+# define SSL_TXT_kDHr            "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd            "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH             "kDH"/* this cipher class has been removed */
+# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
+# define SSL_TXT_kDHE            "kDHE"
+# define SSL_TXT_kECDHr          "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe          "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH           "kECDH"/* this cipher class has been removed */
+# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
+# define SSL_TXT_kECDHE          "kECDHE"
+# define SSL_TXT_kPSK            "kPSK"
+# define SSL_TXT_kRSAPSK         "kRSAPSK"
+# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
+# define SSL_TXT_kDHEPSK         "kDHEPSK"
+# define SSL_TXT_kGOST           "kGOST"
+# define SSL_TXT_kSRP            "kSRP"
+
+# define SSL_TXT_aRSA            "aRSA"
+# define SSL_TXT_aDSS            "aDSS"
+# define SSL_TXT_aDH             "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH           "aECDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDSA          "aECDSA"
+# define SSL_TXT_aPSK            "aPSK"
+# define SSL_TXT_aGOST94         "aGOST94"
+# define SSL_TXT_aGOST01         "aGOST01"
+# define SSL_TXT_aGOST12         "aGOST12"
+# define SSL_TXT_aGOST           "aGOST"
+# define SSL_TXT_aSRP            "aSRP"
+
+# define SSL_TXT_DSS             "DSS"
+# define SSL_TXT_DH              "DH"
+# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
+# define SSL_TXT_EDH             "EDH"/* alias for DHE */
+# define SSL_TXT_ADH             "ADH"
+# define SSL_TXT_RSA             "RSA"
+# define SSL_TXT_ECDH            "ECDH"
+# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
+# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
+# define SSL_TXT_AECDH           "AECDH"
+# define SSL_TXT_ECDSA           "ECDSA"
+# define SSL_TXT_PSK             "PSK"
+# define SSL_TXT_SRP             "SRP"
+
+# define SSL_TXT_DES             "DES"
+# define SSL_TXT_3DES            "3DES"
+# define SSL_TXT_RC4             "RC4"
+# define SSL_TXT_RC2             "RC2"
+# define SSL_TXT_IDEA            "IDEA"
+# define SSL_TXT_SEED            "SEED"
+# define SSL_TXT_AES128          "AES128"
+# define SSL_TXT_AES256          "AES256"
+# define SSL_TXT_AES             "AES"
+# define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_AES_CCM         "AESCCM"
+# define SSL_TXT_AES_CCM_8       "AESCCM8"
+# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
+# define SSL_TXT_CAMELLIA        "CAMELLIA"
+# define SSL_TXT_CHACHA20        "CHACHA20"
+# define SSL_TXT_GOST            "GOST89"
+
+# define SSL_TXT_MD5             "MD5"
+# define SSL_TXT_SHA1            "SHA1"
+# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94          "GOST94"
+# define SSL_TXT_GOST89MAC       "GOST89MAC"
+# define SSL_TXT_GOST12          "GOST12"
+# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
+# define SSL_TXT_SHA256          "SHA256"
+# define SSL_TXT_SHA384          "SHA384"
+
+# define SSL_TXT_SSLV3           "SSLv3"
+# define SSL_TXT_TLSV1           "TLSv1"
+# define SSL_TXT_TLSV1_1         "TLSv1.1"
+# define SSL_TXT_TLSV1_2         "TLSv1.2"
+
+# define SSL_TXT_ALL             "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
+typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
+typedef struct ssl_comp_st SSL_COMP;
+
+STACK_OF(SSL_CIPHER);
+STACK_OF(SSL_COMP);
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+    const char *name;
+    unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
+                                             const unsigned char *data,
+                                             int len, void *arg);
+typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
+                                         int *secret_len,
+                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                         const SSL_CIPHER **cipher, void *arg);
+
+/* Typedefs for handling custom extensions */
+
+typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
+                                  const unsigned char **out,
+                                  size_t *outlen, int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type,
+                                    const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
+                                    const unsigned char *in,
+                                    size_t inlen, int *al, void *parse_arg);
+
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
+# define SSL_OP_TLSEXT_PADDING                           0x00000010U
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
+ * workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL. Added in 0.9.6e
+ */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                             0x00001000U
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE                          0x00002000U
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                                0x00004000U
+# ifndef OPENSSL_NO_DTLS1_METHOD
+/* Use Cisco's "speshul" version of DTLS_BAD_VER
+ * (only with deprecated DTLSv1_client_method())  */
+#  define SSL_OP_CISCO_ANYCONNECT                        0x00008000U
+# endif
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           0x00020000U
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
+
+# define SSL_OP_NO_SSLv3                                 0x02000000U
+# define SSL_OP_NO_TLSv1                                 0x04000000U
+# define SSL_OP_NO_TLSv1_2                               0x08000000U
+# define SSL_OP_NO_TLSv1_1                               0x10000000U
+
+# define SSL_OP_NO_DTLSv1                                0x04000000U
+# define SSL_OP_NO_DTLSv1_2                              0x08000000U
+
+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
+/* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION                         0x40000000U
+
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7.
+ * This used to be 0x80000BFFU before 1.1.1.
+ */
+# define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
+                            SSL_OP_LEGACY_SERVER_CONNECT|\
+                            SSL_OP_TLSEXT_PADDING|\
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+
+/* OBSOLETE OPTIONS: retained for compatibility */
+
+/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
+/* Related to removed SSLv2. */
+# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
+/* Related to removed SSLv2. */
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
+/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
+/* Dead forever, see CVE-2010-4180 */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
+/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
+/* Refers to ancient SSLREF and SSLv2. */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
+/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
+/* Ancient SSLeay version. */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
+# define SSL_OP_TLS_D5_BUG                               0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
+# define SSL_OP_SINGLE_ECDH_USE                          0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
+# define SSL_OP_SINGLE_DH_USE                            0x0
+/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
+# define SSL_OP_EPHEMERAL_RSA                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
+# define SSL_OP_NO_SSLv2                                 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
+# define SSL_OP_PKCS1_CHECK_1                            0x0
+/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
+# define SSL_OP_PKCS1_CHECK_2                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ 
+# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
+/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004U
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) "Released" buffers are put onto a free-list in the context or
+ * just freed (depending on the context's setting for freelist_max_len).
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
+/*
+ * Support Asynchronous operation
+ */
+# define SSL_MODE_ASYNC 0x00000100U
+
+/* Cert related flags */
+/*
+ * Many implementations ignore some aspects of the TLS standards such as
+ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
+
+/* Suite B modes, takes same values as certificate verify flags */
+# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
+/* Suite B 192 bit only mode */
+# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
+
+/* Perform all sorts of protocol violations for testing purposes */
+# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
+
+/* Flags for building certificate chains */
+/* Treat any existing certificates as untrusted CAs */
+# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
+/* Don't include root CA in chain */
+# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
+/* Just check certificates already there */
+# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
+/* Ignore verification errors */
+# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
+/* Clear verification errors from queue */
+# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
+
+/* Flags returned by SSL_check_chain */
+/* Certificate can be used with this session */
+# define CERT_PKEY_VALID         0x1
+/* Certificate can also be used for signing */
+# define CERT_PKEY_SIGN          0x2
+/* EE certificate signing algorithm OK */
+# define CERT_PKEY_EE_SIGNATURE  0x10
+/* CA signature algorithms OK */
+# define CERT_PKEY_CA_SIGNATURE  0x20
+/* EE certificate parameters OK */
+# define CERT_PKEY_EE_PARAM      0x40
+/* CA certificate parameters OK */
+# define CERT_PKEY_CA_PARAM      0x80
+/* Signing explicitly allowed as opposed to SHA1 fallback */
+# define CERT_PKEY_EXPLICIT_SIGN 0x100
+/* Client CA issuer names match (always set for server cert) */
+# define CERT_PKEY_ISSUER_NAME   0x200
+/* Cert type matches client types (always set for server cert) */
+# define CERT_PKEY_CERT_TYPE     0x400
+/* Cert chain suitable to Suite B */
+# define CERT_PKEY_SUITEB        0x800
+
+# define SSL_CONF_FLAG_CMDLINE           0x1
+# define SSL_CONF_FLAG_FILE              0x2
+# define SSL_CONF_FLAG_CLIENT            0x4
+# define SSL_CONF_FLAG_SERVER            0x8
+# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
+# define SSL_CONF_FLAG_CERTIFICATE       0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
+/* Configuration value types */
+# define SSL_CONF_TYPE_UNKNOWN           0x0
+# define SSL_CONF_TYPE_STRING            0x1
+# define SSL_CONF_TYPE_FILE              0x2
+# define SSL_CONF_TYPE_DIR               0x3
+# define SSL_CONF_TYPE_NONE              0x4
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
+unsigned long SSL_get_options(const SSL* s);
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_clear_options(SSL *s, unsigned long op);
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_set_options(SSL *s, unsigned long op);
+
+# define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+# define SSL_CTX_set_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_set_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_CTX_clear_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+# define SSL_clear_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# define SSL_get_extms_support(s) \
+        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
+# ifndef OPENSSL_NO_SRP
+
+/* see tls_srp.c */
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_Calc_A_param(SSL *s);
+
+# endif
+
+/* 100k max cert list */
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
+ * bytes. The callback can alter this length to be less if desired. It is
+ * also an error for the callback to set the size to zero.
+ */
+typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+# define SSL_SESS_CACHE_OFF                      0x0000
+# define SSL_SESS_CACHE_CLIENT                   0x0001
+# define SSL_SESS_CACHE_SERVER                   0x0002
+# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb) (struct ssl_st *ssl,
+                                                    SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb) (struct ssl_ctx_st
+                                                           *ctx,
+                                                           SSL_SESSION
+                                                           *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*get_session_cb) (struct ssl_st
+                                                             *ssl,
+                                                             const unsigned char
+                                                             *data, int len,
+                                                             int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type,
+                                           int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned char
+                                                               *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                           int (*cb) (SSL *ssl,
+                                                      const unsigned char
+                                                      **out,
+                                                      unsigned int *outlen,
+                                                      void *arg), void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                      int (*cb) (SSL *ssl,
+                                                 unsigned char **out,
+                                                 unsigned char *outlen,
+                                                 const unsigned char *in,
+                                                 unsigned int inlen,
+                                                 void *arg), void *arg);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len);
+# endif
+
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *in, unsigned int inlen,
+                          const unsigned char *client,
+                          unsigned int client_len);
+
+# define OPENSSL_NPN_UNSUPPORTED 0
+# define OPENSSL_NPN_NEGOTIATED  1
+# define OPENSSL_NPN_NO_OVERLAP  2
+
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                                   unsigned int protos_len);
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                               unsigned int protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg), void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+#  define PSK_MAX_IDENTITY_LEN 128
+#  define PSK_MAX_PSK_LEN 256
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+                                     unsigned int (*psk_client_callback) (SSL
+                                                                          *ssl,
+                                                                          const
+                                                                          char
+                                                                          *hint,
+                                                                          char
+                                                                          *identity,
+                                                                          unsigned
+                                                                          int
+                                                                          max_identity_len,
+                                                                          unsigned
+                                                                          char
+                                                                          *psk,
+                                                                          unsigned
+                                                                          int
+                                                                          max_psk_len));
+void SSL_set_psk_client_callback(SSL *ssl,
+                                 unsigned int (*psk_client_callback) (SSL
+                                                                      *ssl,
+                                                                      const
+                                                                      char
+                                                                      *hint,
+                                                                      char
+                                                                      *identity,
+                                                                      unsigned
+                                                                      int
+                                                                      max_identity_len,
+                                                                      unsigned
+                                                                      char
+                                                                      *psk,
+                                                                      unsigned
+                                                                      int
+                                                                      max_psk_len));
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+                                     unsigned int (*psk_server_callback) (SSL
+                                                                          *ssl,
+                                                                          const
+                                                                          char
+                                                                          *identity,
+                                                                          unsigned
+                                                                          char
+                                                                          *psk,
+                                                                          unsigned
+                                                                          int
+                                                                          max_psk_len));
+void SSL_set_psk_server_callback(SSL *ssl,
+                                 unsigned int (*psk_server_callback) (SSL
+                                                                      *ssl,
+                                                                      const
+                                                                      char
+                                                                      *identity,
+                                                                      unsigned
+                                                                      char
+                                                                      *psk,
+                                                                      unsigned
+                                                                      int
+                                                                      max_psk_len));
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
+__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
+                                         unsigned int ext_type);
+
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+__owur int SSL_extension_supported(unsigned int ext_type);
+
+# define SSL_NOTHING            1
+# define SSL_WRITING            2
+# define SSL_READING            3
+# define SSL_X509_LOOKUP        4
+# define SSL_ASYNC_PAUSED       5
+# define SSL_ASYNC_NO_JOBS      6
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s)       (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s)   (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h>     /* Datagram TLS */
+# include <openssl/srtp.h>      /* Support for the use_srtp extension */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These need to be after the above set of includes due to a compiler bug
+ * in VisualStudio 2015
+ */
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(SSL_COMP)
+
+/* compatibility */
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
+# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
+# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
+
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+    TLS_ST_BEFORE,
+    TLS_ST_OK,
+    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+    TLS_ST_CR_SRVR_HELLO,
+    TLS_ST_CR_CERT,
+    TLS_ST_CR_CERT_STATUS,
+    TLS_ST_CR_KEY_EXCH,
+    TLS_ST_CR_CERT_REQ,
+    TLS_ST_CR_SRVR_DONE,
+    TLS_ST_CR_SESSION_TICKET,
+    TLS_ST_CR_CHANGE,
+    TLS_ST_CR_FINISHED,
+    TLS_ST_CW_CLNT_HELLO,
+    TLS_ST_CW_CERT,
+    TLS_ST_CW_KEY_EXCH,
+    TLS_ST_CW_CERT_VRFY,
+    TLS_ST_CW_CHANGE,
+    TLS_ST_CW_NEXT_PROTO,
+    TLS_ST_CW_FINISHED,
+    TLS_ST_SW_HELLO_REQ,
+    TLS_ST_SR_CLNT_HELLO,
+    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+    TLS_ST_SW_SRVR_HELLO,
+    TLS_ST_SW_CERT,
+    TLS_ST_SW_KEY_EXCH,
+    TLS_ST_SW_CERT_REQ,
+    TLS_ST_SW_SRVR_DONE,
+    TLS_ST_SR_CERT,
+    TLS_ST_SR_KEY_EXCH,
+    TLS_ST_SR_CERT_VRFY,
+    TLS_ST_SR_NEXT_PROTO,
+    TLS_ST_SR_CHANGE,
+    TLS_ST_SR_FINISHED,
+    TLS_ST_SW_SESSION_TICKET,
+    TLS_ST_SW_CERT_STATUS,
+    TLS_ST_SW_CHANGE,
+    TLS_ST_SW_FINISHED
+} OSSL_HANDSHAKE_STATE;
+
+/*
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
+ */
+
+# define SSL_ST_CONNECT                  0x1000
+# define SSL_ST_ACCEPT                   0x2000
+
+# define SSL_ST_MASK                     0x0FFF
+
+# define SSL_CB_LOOP                     0x01
+# define SSL_CB_EXIT                     0x02
+# define SSL_CB_READ                     0x04
+# define SSL_CB_WRITE                    0x08
+# define SSL_CB_ALERT                    0x4000/* used in callback */
+# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START          0x10
+# define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
+# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
+int SSL_in_init(SSL *s);
+int SSL_in_before(SSL *s);
+int SSL_is_init_finished(SSL *s);
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+/*-
+ * Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+
+# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
+# endif
+
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a)         SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
+                                              * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return
+                                           * value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_WANT_ASYNC            9
+# define SSL_ERROR_WANT_ASYNC_JOB       10
+# define SSL_CTRL_SET_TMP_DH                     3
+# define SSL_CTRL_SET_TMP_ECDH                   4
+# define SSL_CTRL_SET_TMP_DH_CB                  6
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+# define SSL_CTRL_GET_FLAGS                      13
+# define SSL_CTRL_EXTRA_CHAIN_CERT               14
+# define SSL_CTRL_SET_MSG_CALLBACK               15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU                17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER                    20
+# define SSL_CTRL_SESS_CONNECT                   21
+# define SSL_CTRL_SESS_CONNECT_GOOD              22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+# define SSL_CTRL_SESS_ACCEPT                    24
+# define SSL_CTRL_SESS_ACCEPT_GOOD               25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+# define SSL_CTRL_SESS_HIT                       27
+# define SSL_CTRL_SESS_CB_HIT                    28
+# define SSL_CTRL_SESS_MISSES                    29
+# define SSL_CTRL_SESS_TIMEOUTS                  30
+# define SSL_CTRL_SESS_CACHE_FULL                31
+# define SSL_CTRL_MODE                           33
+# define SSL_CTRL_GET_READ_AHEAD                 40
+# define SSL_CTRL_SET_READ_AHEAD                 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+# define SSL_CTRL_SET_SESS_CACHE_MODE            44
+# define SSL_CTRL_GET_SESS_CACHE_MODE            45
+# define SSL_CTRL_GET_MAX_CERT_LIST              50
+# define SSL_CTRL_SET_MAX_CERT_LIST              51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
+/* see tls1.h for macros based on these */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
+# define SSL_CTRL_SET_SRP_ARG            78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
+#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
+#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
+# endif
+# define DTLS_CTRL_GET_TIMEOUT           73
+# define DTLS_CTRL_HANDLE_TIMEOUT        74
+# define SSL_CTRL_GET_RI_SUPPORT                 76
+# define SSL_CTRL_CLEAR_MODE                     78
+# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
+# define SSL_CTRL_CHAIN                          88
+# define SSL_CTRL_CHAIN_CERT                     89
+# define SSL_CTRL_GET_CURVES                     90
+# define SSL_CTRL_SET_CURVES                     91
+# define SSL_CTRL_SET_CURVES_LIST                92
+# define SSL_CTRL_GET_SHARED_CURVE               93
+# define SSL_CTRL_SET_SIGALGS                    97
+# define SSL_CTRL_SET_SIGALGS_LIST               98
+# define SSL_CTRL_CERT_FLAGS                     99
+# define SSL_CTRL_CLEAR_CERT_FLAGS               100
+# define SSL_CTRL_SET_CLIENT_SIGALGS             101
+# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
+# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
+# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
+# define SSL_CTRL_BUILD_CERT_CHAIN               105
+# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
+# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
+# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
+# define SSL_CTRL_GET_SERVER_TMP_KEY             109
+# define SSL_CTRL_GET_RAW_CIPHERLIST             110
+# define SSL_CTRL_GET_EC_POINT_FORMATS           111
+# define SSL_CTRL_GET_CHAIN_CERTS                115
+# define SSL_CTRL_SELECT_CURRENT_CERT            116
+# define SSL_CTRL_SET_CURRENT_CERT               117
+# define SSL_CTRL_SET_DH_AUTO                    118
+# define DTLS_CTRL_SET_LINK_MTU                  120
+# define DTLS_CTRL_GET_LINK_MIN_MTU              121
+# define SSL_CTRL_GET_EXTMS_SUPPORT              122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
+# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
+# define SSL_CTRL_SET_MAX_PIPELINES              126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
+# define SSL_CTRL_GET_MIN_PROTO_VERSION          130
+# define SSL_CTRL_GET_MAX_PROTO_VERSION          131
+# define SSL_CERT_SET_FIRST                      1
+# define SSL_CERT_SET_NEXT                       2
+# define SSL_CERT_SET_SERVER                     3
+# define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+# define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+# define SSL_CTX_set_dh_auto(ctx, onoff) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_dh_auto(s, onoff) \
+        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# define SSL_CTX_set0_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
+# define SSL_CTX_set1_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
+# define SSL_CTX_add0_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
+# define SSL_CTX_add1_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
+# define SSL_CTX_get0_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_chain_certs(ctx) \
+        SSL_CTX_set0_chain(ctx,NULL)
+# define SSL_CTX_build_cert_chain(ctx, flags) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_CTX_select_current_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+# define SSL_CTX_set_current_cert(ctx, op) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_CTX_set0_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
+# define SSL_CTX_set1_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
+# define SSL_CTX_set0_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
+# define SSL_CTX_set1_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
+# define SSL_set0_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
+# define SSL_set1_chain(ctx,sk) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
+# define SSL_add0_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
+# define SSL_add1_chain_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
+# define SSL_get0_chain_certs(ctx,px509) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_clear_chain_certs(ctx) \
+        SSL_set0_chain(ctx,NULL)
+# define SSL_build_cert_chain(s, flags) \
+        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_select_current_cert(ctx,x509) \
+        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+# define SSL_set_current_cert(ctx,op) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_set0_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
+# define SSL_set1_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
+# define SSL_set0_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
+# define SSL_set1_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
+# define SSL_get1_curves(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s)
+# define SSL_CTX_set1_curves(ctx, clist, clistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
+# define SSL_CTX_set1_curves_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
+# define SSL_set1_curves(ctx, clist, clistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
+# define SSL_set1_curves_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
+# define SSL_get_shared_curve(s, n) \
+        SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL)
+# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
+# define SSL_CTX_set1_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
+# define SSL_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
+# define SSL_set1_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
+# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
+# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
+# define SSL_set1_client_sigalgs_list(ctx, s) \
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+# define SSL_get0_certificate_types(s, clist) \
+        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist)
+# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
+# define SSL_set1_client_certificate_types(s, clist, clistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
+# define SSL_get_peer_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
+# define SSL_get_server_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+# define SSL_get0_raw_cipherlist(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
+# define SSL_get0_ec_point_formats(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#define SSL_CTX_get_min_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+#define SSL_CTX_get_max_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+#define SSL_set_min_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_set_max_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#define SSL_get_min_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+#define SSL_get_max_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/* Provide some compatibility macros for removed functionality. */
+# define SSL_CTX_need_tmp_RSA(ctx)                0
+# define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
+# define SSL_need_tmp_RSA(ssl)                    0
+# define SSL_set_tmp_rsa(ssl,rsa)                 1
+# define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
+# define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
+/*
+ * We "pretend" to call the callback to avoid warnings about unused static
+ * functions.
+ */
+# define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
+# define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
+#endif
+
+__owur const BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+void SSL_CTX_free(SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
+__owur int SSL_has_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
+# endif
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
+void SSL_set_verify_depth(SSL *s, int depth);
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
+# endif
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+                            long len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+
+/* Set serverinfo data for the current active cert. */
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+#endif
+
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+#endif
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+/* PEM type */
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                        const char *file);
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                       const char *dir);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_load_error_strings() \
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+#endif
+
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                            size_t *len);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                               unsigned int sid_len);
+
+__owur SSL_SESSION *SSL_SESSION_new(void);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                unsigned int *len);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *ses);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+
+# ifdef HEADER_X509_H
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg);
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
+                         void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                   long len);
+# endif
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+                                const unsigned char *d, long len);
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                 const unsigned char *d);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);
+
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+
+__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+__owur int SSL_set_purpose(SSL *s, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+__owur int SSL_set_trust(SSL *s, int trust);
+
+__owur int SSL_set1_host(SSL *s, const char *hostname);
+__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur const char *SSL_get0_peername(SSL *s);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+
+__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
+__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                                  uint8_t mtype, uint8_t ord);
+__owur int SSL_dane_enable(SSL *s, const char *basedomain);
+__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                             uint8_t mtype, unsigned const char *data, size_t dlen);
+__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                              uint8_t *mtype, unsigned const char **data,
+                              size_t *dlen);
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+SSL_DANE *SSL_get0_dane(SSL *ssl);
+/*
+ * DANE flags
+ */
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp);
+
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);
+
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+void SSL_certs_clear(SSL *s);
+void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows application developer has to include windows.h to use these.
+ */
+__owur int SSL_waiting_for_async(SSL *s);
+__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                     size_t *numdelfds);
+# endif
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */
+# endif
+
+#define SSLv23_method           TLS_method
+#define SSLv23_server_method    TLS_server_method
+#define SSLv23_client_method    TLS_client_method
+
+/* Negotiate highest available SSL/TLS version */
+__owur const SSL_METHOD *TLS_method(void);
+__owur const SSL_METHOD *TLS_server_method(void);
+__owur const SSL_METHOD *TLS_client_method(void);
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */
+# endif
+
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */
+#endif
+
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+
+__owur int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+__owur int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(SSL *s);
+int SSL_shutdown(SSL *s);
+
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+__owur long SSL_get_default_timeout(const SSL *s);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
+#endif
+
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+
+__owur SSL *SSL_dup(SSL *ssl);
+
+__owur X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_client_version(const SSL *s);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+                                               int val);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+__owur long SSL_get_verify_result(const SSL *ssl);
+__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
+
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
+                                         unsigned char *out, size_t outlen);
+
+#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_split_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_set_split_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_max_pipelines(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_max_pipelines(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                             DH *(*dh) (SSL *ssl, int is_export,
+                                        int keylength));
+# endif
+
+__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+__owur int SSL_COMP_get_id(const SSL_COMP *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_COMP_free_compression_methods() while(0) continue
+#endif
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+
+/* TLS extensions functions */
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg);
+
+/* Pre-shared secret session resumption functions */
+__owur int SSL_set_session_secret_cb(SSL *s,
+                              tls_session_secret_cb_fn tls_session_secret_cb,
+                              void *arg);
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure));
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int
+                                                       is_forward_secure));
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_cache_hit(s) SSL_session_reused(s)
+# endif
+
+__owur int SSL_session_reused(SSL *s);
+__owur int SSL_is_server(const SSL *s);
+
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
+# ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t len, SSL *ssl, void *arg);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                   const STACK_OF(SCT) *scts, void *arg);
+
+/*
+ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
+ * the received SCTs.
+ * If the callback returns a non-positive result, the connection is terminated.
+ * Call this function before beginning a handshake.
+ * If a NULL |callback| is provided, SCT validation is disabled.
+ * |arg| is arbitrary userdata that will be passed to the callback whenever it
+ * is invoked. Ownership of |arg| remains with the caller.
+ *
+ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
+ *       will be requested.
+ */
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+#define SSL_disable_ct(s) \
+        ((void) SSL_set_validation_callback((s), NULL, NULL))
+#define SSL_CTX_disable_ct(ctx) \
+        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
+
+/*
+ * The validation type enumerates the available behaviours of the built-in SSL
+ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
+ * The underlying callback is a static function in libssl.
+ */
+enum {
+    SSL_CT_VALIDATION_PERMISSIVE = 0,
+    SSL_CT_VALIDATION_STRICT
+};
+
+/*
+ * Enable CT by setting up a callback that implements one of the built-in
+ * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
+ * continues the handshake, the application can make appropriate decisions at
+ * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
+ * least one valid SCT, or else handshake termination will be requested.  The
+ * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
+ */
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+
+/*
+ * Report whether a non-NULL callback is enabled.
+ */
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+/* Gets the SCTs received from a connection */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+/*
+ * Loads the CT log list from the default location.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+
+/*
+ * Loads the CT log list from the specified file path.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+/*
+ * Sets the CT log list used by all SSL connections created from this SSL_CTX.
+ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
+ */
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
+
+/*
+ * Gets the CT log list used by all SSL connections created from this SSL_CTX.
+ * This will be NULL unless one of the following functions has been called:
+ * - SSL_CTX_set_default_ctlog_list_file
+ * - SSL_CTX_set_ctlog_list_file
+ * - SSL_CTX_set_ctlog_store
+ */
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
+
+# endif /* OPENSSL_NO_CT */
+
+/* What the "other" parameter contains in security callback */
+/* Mask for type */
+# define SSL_SECOP_OTHER_TYPE    0xffff0000
+# define SSL_SECOP_OTHER_NONE    0
+# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
+# define SSL_SECOP_OTHER_CURVE   (2 << 16)
+# define SSL_SECOP_OTHER_DH      (3 << 16)
+# define SSL_SECOP_OTHER_PKEY    (4 << 16)
+# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
+# define SSL_SECOP_OTHER_CERT    (6 << 16)
+
+/* Indicated operation refers to peer key or certificate */
+# define SSL_SECOP_PEER          0x1000
+
+/* Values for "op" parameter in security callback */
+
+/* Called to filter ciphers */
+/* Ciphers client supports */
+# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
+/* Cipher shared by client/server */
+# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
+/* Sanity check of cipher server selects */
+# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
+/* Curves supported by client */
+# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
+/* Curves shared by client/server */
+# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
+/* Sanity check of curve server selects */
+# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
+/* Temporary DH key */
+# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
+/* SSL/TLS version */
+# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
+/* Session tickets */
+# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
+/* Supported signature algorithms sent to peer */
+# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
+/* Shared signature algorithm */
+# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
+/* Sanity check signature algorithm allowed */
+# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
+/* Used to get mask of supported public key signature algorithms */
+# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
+/* Use to see if compression is allowed */
+# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
+/* EE key in certificate */
+# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
+/* CA key in certificate */
+# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
+/* CA digest algorithm in certificate */
+# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
+/* Peer EE key in certificate */
+# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
+/* Peer CA key in certificate */
+# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
+/* Peer CA digest algorithm in certificate */
+# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
+
+void SSL_set_security_level(SSL *s, int level);
+__owur int SSL_get_security_level(const SSL *s);
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
+                                          int bits, int nid, void *other,
+                                          void *ex));
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
+                                                int bits, int nid,
+                                                void *other, void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+__owur void *SSL_get0_security_ex_data(const SSL *s);
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
+                                              int bits, int nid, void *other,
+                                              void *ex));
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex);
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+
+/* OPENSSL_INIT flag 0x010000 reserved for internal use */
+#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
+#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+
+#define OPENSSL_INIT_SSL_DEFAULT \
+        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+extern const char SSL_version_str[];
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_SSL_strings(void);
+
+/* Error codes for the SSL functions. */
+
+/* Function codes. */
+# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
+# define SSL_F_CT_MOVE_SCTS                               345
+# define SSL_F_CT_STRICT                                  349
+# define SSL_F_D2I_SSL_SESSION                            103
+# define SSL_F_DANE_CTX_ENABLE                            347
+# define SSL_F_DANE_MTYPE_SET                             393
+# define SSL_F_DANE_TLSA_ADD                              394
+# define SSL_F_DO_DTLS1_WRITE                             245
+# define SSL_F_DO_SSL3_WRITE                              104
+# define SSL_F_DTLS1_BUFFER_RECORD                        247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
+# define SSL_F_DTLS1_HEARTBEAT                            305
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
+# define SSL_F_DTLS1_PROCESS_RECORD                       257
+# define SSL_F_DTLS1_READ_BYTES                           258
+# define SSL_F_DTLS1_READ_FAILED                          339
+# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
+# define SSL_F_DTLSV1_LISTEN                              350
+# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
+# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
+# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
+# define SSL_F_DTLS_WAIT_FOR_DRY                          592
+# define SSL_F_OPENSSL_INIT_SSL                           342
+# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
+# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
+# define SSL_F_READ_STATE_MACHINE                         352
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+# define SSL_F_SSL3_CTRL                                  213
+# define SSL_F_SSL3_CTX_CTRL                              133
+# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
+# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
+# define SSL_F_SSL3_GET_RECORD                            143
+# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+# define SSL_F_SSL3_READ_BYTES                            148
+# define SSL_F_SSL3_READ_N                                149
+# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
+# define SSL_F_SSL3_TAKE_MAC                              425
+# define SSL_F_SSL3_WRITE_BYTES                           158
+# define SSL_F_SSL3_WRITE_PENDING                         159
+# define SSL_F_SSL_ADD_CERT_CHAIN                         316
+# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
+# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
+# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
+# define SSL_F_SSL_BAD_METHOD                             160
+# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
+# define SSL_F_SSL_CERT_DUP                               221
+# define SSL_F_SSL_CERT_NEW                               162
+# define SSL_F_SSL_CERT_SET0_CHAIN                        340
+# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+# define SSL_F_SSL_CLEAR                                  164
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+# define SSL_F_SSL_CONF_CMD                               334
+# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+# define SSL_F_SSL_CTRL                                   232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+# define SSL_F_SSL_CTX_ENABLE_CT                          398
+# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
+# define SSL_F_SSL_CTX_NEW                                169
+# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
+# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
+# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
+# define SSL_F_SSL_DANE_DUP                               403
+# define SSL_F_SSL_DANE_ENABLE                            395
+# define SSL_F_SSL_DO_CONFIG                              391
+# define SSL_F_SSL_DO_HANDSHAKE                           180
+# define SSL_F_SSL_DUP_CA_LIST                            408
+# define SSL_F_SSL_ENABLE_CT                              402
+# define SSL_F_SSL_GET_NEW_SESSION                        181
+# define SSL_F_SSL_GET_PREV_SESSION                       217
+# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
+# define SSL_F_SSL_GET_SIGN_PKEY                          183
+# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+# define SSL_F_SSL_MODULE_INIT                            392
+# define SSL_F_SSL_NEW                                    186
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
+# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
+# define SSL_F_SSL_PEEK                                   270
+# define SSL_F_SSL_READ                                   223
+# define SSL_F_SSL_RENEGOTIATE                            516
+# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546
+# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
+# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
+# define SSL_F_SSL_SESSION_DUP                            348
+# define SSL_F_SSL_SESSION_NEW                            189
+# define SSL_F_SSL_SESSION_PRINT_FP                       190
+# define SSL_F_SSL_SESSION_SET1_ID                        423
+# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
+# define SSL_F_SSL_SET_ALPN_PROTOS                        344
+# define SSL_F_SSL_SET_CERT                               191
+# define SSL_F_SSL_SET_CIPHER_LIST                        271
+# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
+# define SSL_F_SSL_SET_FD                                 192
+# define SSL_F_SSL_SET_PKEY                               193
+# define SSL_F_SSL_SET_RFD                                194
+# define SSL_F_SSL_SET_SESSION                            195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
+# define SSL_F_SSL_SET_WFD                                196
+# define SSL_F_SSL_SHUTDOWN                               224
+# define SSL_F_SSL_SRP_CTX_INIT                           313
+# define SSL_F_SSL_START_ASYNC_JOB                        389
+# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
+# define SSL_F_SSL_USE_CERTIFICATE                        198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+# define SSL_F_SSL_USE_PRIVATEKEY                         201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
+# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+# define SSL_F_SSL_VALIDATE_CT                            400
+# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+# define SSL_F_SSL_WRITE                                  208
+# define SSL_F_STATE_MACHINE                              353
+# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
+# define SSL_F_TLS1_ENC                                   401
+# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
+# define SSL_F_TLS1_GET_CURVELIST                         338
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
+# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
+# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
+# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
+# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
+# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
+# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           355
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 356
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          357
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                358
+# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
+# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           374
+# define SSL_F_TLS_CONSTRUCT_SERVER_DONE                  375
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 376
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          377
+# define SSL_F_TLS_GET_MESSAGE_BODY                       351
+# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
+# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
+# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
+# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
+# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
+# define SSL_F_TLS_PROCESS_CKE_DHE                        411
+# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
+# define SSL_F_TLS_PROCESS_CKE_GOST                       413
+# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
+# define SSL_F_TLS_PROCESS_CKE_RSA                        415
+# define SSL_F_TLS_PROCESS_CKE_SRP                        416
+# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
+# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
+# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
+# define SSL_F_TLS_PROCESS_FINISHED                       364
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
+# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
+# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
+# define SSL_F_TLS_PROCESS_SKE_DHE                        419
+# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
+# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
+# define SSL_F_TLS_PROCESS_SKE_SRP                        422
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
+
+/* Reason codes. */
+# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
+# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+# define SSL_R_BAD_DATA                                   390
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+# define SSL_R_BAD_DECOMPRESSION                          107
+# define SSL_R_BAD_DH_VALUE                               102
+# define SSL_R_BAD_DIGEST_LENGTH                          111
+# define SSL_R_BAD_ECC_CERT                               304
+# define SSL_R_BAD_ECPOINT                                306
+# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
+# define SSL_R_BAD_HELLO_REQUEST                          105
+# define SSL_R_BAD_LENGTH                                 271
+# define SSL_R_BAD_PACKET_LENGTH                          115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+# define SSL_R_BAD_RSA_ENCRYPT                            119
+# define SSL_R_BAD_SIGNATURE                              123
+# define SSL_R_BAD_SRP_A_LENGTH                           347
+# define SSL_R_BAD_SRP_PARAMETERS                         371
+# define SSL_R_BAD_SRTP_MKI_VALUE                         352
+# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
+# define SSL_R_BAD_SSL_FILETYPE                           124
+# define SSL_R_BAD_VALUE                                  384
+# define SSL_R_BAD_WRITE_RETRY                            127
+# define SSL_R_BIO_NOT_SET                                128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+# define SSL_R_BN_LIB                                     130
+# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+# define SSL_R_CA_KEY_TOO_SMALL                           397
+# define SSL_R_CA_MD_TOO_WEAK                             398
+# define SSL_R_CCS_RECEIVED_EARLY                         133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+# define SSL_R_CERT_CB_ERROR                              377
+# define SSL_R_CERT_LENGTH_MISMATCH                       135
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+# define SSL_R_CLIENTHELLO_TLSEXT                         226
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+# define SSL_R_COMPRESSION_DISABLED                       343
+# define SSL_R_COMPRESSION_FAILURE                        141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
+# define SSL_R_COOKIE_MISMATCH                            308
+# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
+# define SSL_R_DANE_ALREADY_ENABLED                       172
+# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
+# define SSL_R_DANE_NOT_ENABLED                           175
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
+# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
+# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
+# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
+# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
+# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
+# define SSL_R_DANE_TLSA_NULL_DATA                        203
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+# define SSL_R_DATA_LENGTH_TOO_LONG                       146
+# define SSL_R_DECRYPTION_FAILED                          147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           394
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+# define SSL_R_DIGEST_CHECK_FAILED                        149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
+# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
+# define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_FAILED_TO_INIT_ASYNC                       405
+# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+# define SSL_R_HTTPS_PROXY_REQUEST                        155
+# define SSL_R_HTTP_REQUEST                               156
+# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
+# define SSL_R_INAPPROPRIATE_FALLBACK                     373
+# define SSL_R_INCONSISTENT_COMPRESSION                   340
+# define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INVALID_COMMAND                            280
+# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
+# define SSL_R_INVALID_CONFIGURATION_NAME                 113
+# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
+# define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
+# define SSL_R_INVALID_SERVERINFO_DATA                    388
+# define SSL_R_INVALID_SRP_USERNAME                       357
+# define SSL_R_INVALID_STATUS_RESPONSE                    328
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_LONG                            404
+# define SSL_R_LENGTH_TOO_SHORT                           160
+# define SSL_R_LIBRARY_BUG                                274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
+# define SSL_R_MISSING_RSA_CERTIFICATE                    168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+# define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_TMP_DH_KEY                         171
+# define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_NO_CERTIFICATES_RETURNED                   176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+# define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CIPHERS_AVAILABLE                       181
+# define SSL_R_NO_CIPHERS_SPECIFIED                       183
+# define SSL_R_NO_CIPHER_MATCH                            185
+# define SSL_R_NO_CLIENT_CERT_METHOD                      331
+# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
+# define SSL_R_NO_METHOD_SPECIFIED                        188
+# define SSL_R_NO_PEM_EXTENSIONS                          389
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+# define SSL_R_NO_RENEGOTIATION                           339
+# define SSL_R_NO_REQUIRED_DIGEST                         324
+# define SSL_R_NO_SHARED_CIPHER                           193
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
+# define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_VALID_SCTS                              216
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
+# define SSL_R_NULL_SSL_CTX                               195
+# define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+# define SSL_R_PARSE_TLSEXT                               227
+# define SSL_R_PATH_TOO_LONG                              270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+# define SSL_R_PEM_NAME_BAD_PREFIX                        391
+# define SSL_R_PEM_NAME_TOO_SHORT                         392
+# define SSL_R_PIPELINE_FAILURE                           406
+# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+# define SSL_R_PSK_NO_CLIENT_CB                           224
+# define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_READ_BIO_NOT_SET                           211
+# define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORD_LENGTH_MISMATCH                     213
+# define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+# define SSL_R_RENEGOTIATION_MISMATCH                     337
+# define SSL_R_REQUIRED_CIPHER_MISSING                    215
+# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+# define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SERVERHELLO_TLSEXT                         275
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
+# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+# define SSL_R_SRP_A_CALC                                 361
+# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
+# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
+# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
+# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+# define SSL_R_SSL_NEGATIVE_LENGTH                        372
+# define SSL_R_SSL_SECTION_EMPTY                          126
+# define SSL_R_SSL_SECTION_NOT_FOUND                      136
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
+# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
+# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
+# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
+# define SSL_R_TLS_HEARTBEAT_PENDING                      366
+# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+# define SSL_R_UNEXPECTED_MESSAGE                         244
+# define SSL_R_UNEXPECTED_RECORD                          245
+# define SSL_R_UNINITIALIZED                              276
+# define SSL_R_UNKNOWN_ALERT_TYPE                         246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+# define SSL_R_UNKNOWN_CMD_NAME                           386
+# define SSL_R_UNKNOWN_COMMAND                            139
+# define SSL_R_UNKNOWN_DIGEST                             368
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_PKEY_TYPE                          251
+# define SSL_R_UNKNOWN_PROTOCOL                           252
+# define SSL_R_UNKNOWN_SSL_VERSION                        254
+# define SSL_R_UNKNOWN_STATE                              255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
+# define SSL_R_UNSUPPORTED_PROTOCOL                       258
+# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
+# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
+# define SSL_R_VERSION_TOO_HIGH                           166
+# define SSL_R_VERSION_TOO_LOW                            396
+# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
+# define SSL_R_WRONG_CIPHER_RETURNED                      261
+# define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+# define SSL_R_WRONG_SIGNATURE_SIZE                       265
+# define SSL_R_WRONG_SIGNATURE_TYPE                       370
+# define SSL_R_WRONG_SSL_VERSION                          266
+# define SSL_R_WRONG_VERSION_NUMBER                       267
+# define SSL_R_X509_LIB                                   268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ssl2.h b/openssl-1.1.0h/include/openssl/ssl2.h
new file mode 100644
index 0000000..5321bd2
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ssl2.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL2_H
+# define HEADER_SSL2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL2_VERSION            0x0002
+
+# define SSL2_MT_CLIENT_HELLO            1
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ssl3.h b/openssl-1.1.0h/include/openssl/ssl3.h
new file mode 100644
index 0000000..4ca434e
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ssl3.h
@@ -0,0 +1,310 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_SSL3_H
+# define HEADER_SSL3_H
+
+# include <openssl/comp.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+ */
+# define SSL3_CK_SCSV                            0x030000FF
+
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV                   0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5                    0x03000001
+# define SSL3_CK_RSA_NULL_SHA                    0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          0x03000011
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          0x03000012
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        0x03000013
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          0x03000014
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          0x03000015
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        0x03000016
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
+
+# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+
+# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
+
+/*
+ * This next block of six "EDH" labels is for backward compatibility with
+ * older versions of OpenSSL.  New code should use the six "DHE" labels above
+ * instead:
+ */
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+
+# define SSL3_SSL_SESSION_ID_LENGTH              32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+
+# define SSL3_MASTER_SECRET_SIZE                 48
+# define SSL3_RANDOM_SIZE                        32
+# define SSL3_SESSION_ID_SIZE                    32
+# define SSL3_RT_HEADER_LENGTH                   5
+
+# define SSL3_HM_HEADER_LENGTH                  4
+
+# ifndef SSL3_ALIGN_PAYLOAD
+ /*
+  * Some will argue that this increases memory footprint, but it's not
+  * actually true. Point is that malloc has to return at least 64-bit aligned
+  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
+  * Suggested pre-gaping simply moves these wasted bytes from the end of
+  * allocated region to its front, but makes data payload aligned, which
+  * improves performance:-)
+  */
+#  define SSL3_ALIGN_PAYLOAD                     8
+# else
+#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#   error "insane SSL3_ALIGN_PAYLOAD"
+#   undef SSL3_ALIGN_PAYLOAD
+#  endif
+# endif
+
+/*
+ * This is the maximum MAC (digest) size used by the SSL library. Currently
+ * maximum of 20 is used by SHA1, but we reserve for future extension for
+ * 512-bit hashes.
+ */
+
+# define SSL3_RT_MAX_MD_SIZE                     64
+
+/*
+ * Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
+# define SSL3_RT_MAX_EXTRA                       (16384)
+
+/* Maximum plaintext length: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+
+/*
+ * The standards give a maximum encryption overhead of 1024 bytes. In
+ * practice the value is lower than this. The overhead is the maximum number
+ * of padding bytes (256) plus the mac size.
+ */
+# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
+
+/*
+ * OpenSSL currently only uses a padding length of at most one block so the
+ * send overhead is smaller.
+ */
+
+# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
+# ifdef OPENSSL_NO_COMP
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
+# else
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+# endif
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
+                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_PACKET_SIZE         \
+                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
+# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
+# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
+
+# define SSL3_VERSION                    0x0300
+# define SSL3_VERSION_MAJOR              0x03
+# define SSL3_VERSION_MINOR              0x00
+
+# define SSL3_RT_CHANGE_CIPHER_SPEC      20
+# define SSL3_RT_ALERT                   21
+# define SSL3_RT_HANDSHAKE               22
+# define SSL3_RT_APPLICATION_DATA        23
+# define DTLS1_RT_HEARTBEAT              24
+
+/* Pseudo content types to indicate additional parameters */
+# define TLS1_RT_CRYPTO                  0x1000
+# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
+# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
+# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
+# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
+
+# define TLS1_RT_CRYPTO_READ             0x0000
+# define TLS1_RT_CRYPTO_WRITE            0x0100
+# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
+# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
+# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
+# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content type for SSL/TLS header info */
+# define SSL3_RT_HEADER                  0x100
+
+# define SSL3_AL_WARNING                 1
+# define SSL3_AL_FATAL                   2
+
+# define SSL3_AD_CLOSE_NOTIFY             0
+# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE          41
+# define SSL3_AD_BAD_CERTIFICATE         42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED     44
+# define SSL3_AD_CERTIFICATE_EXPIRED     45
+# define SSL3_AD_CERTIFICATE_UNKNOWN     46
+# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
+
+# define TLS1_HB_REQUEST         1
+# define TLS1_HB_RESPONSE        2
+
+
+# define SSL3_CT_RSA_SIGN                        1
+# define SSL3_CT_DSS_SIGN                        2
+# define SSL3_CT_RSA_FIXED_DH                    3
+# define SSL3_CT_DSS_FIXED_DH                    4
+# define SSL3_CT_RSA_EPHEMERAL_DH                5
+# define SSL3_CT_DSS_EPHEMERAL_DH                6
+# define SSL3_CT_FORTEZZA_DMS                    20
+/*
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
+ * contain all of the cert types defined either for SSLv3 and TLSv1.
+ */
+# define SSL3_CT_NUMBER                  9
+
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+
+/* Removed from OpenSSL 1.1.0 */
+# define TLS1_FLAGS_TLS_PADDING_BUG              0x0
+
+# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
+
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ        0x0100
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC             TLS1_FLAGS_ENCRYPT_THEN_MAC_READ
+
+/* Set if extended master secret extension received from peer */
+# define TLS1_FLAGS_RECEIVED_EXTMS               0x0200
+
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE       0x0400
+
+# define SSL3_MT_HELLO_REQUEST                   0
+# define SSL3_MT_CLIENT_HELLO                    1
+# define SSL3_MT_SERVER_HELLO                    2
+# define SSL3_MT_NEWSESSION_TICKET               4
+# define SSL3_MT_CERTIFICATE                     11
+# define SSL3_MT_SERVER_KEY_EXCHANGE             12
+# define SSL3_MT_CERTIFICATE_REQUEST             13
+# define SSL3_MT_SERVER_DONE                     14
+# define SSL3_MT_CERTIFICATE_VERIFY              15
+# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+# define SSL3_MT_FINISHED                        20
+# define SSL3_MT_CERTIFICATE_STATUS              22
+# ifndef OPENSSL_NO_NEXTPROTONEG
+#  define SSL3_MT_NEXT_PROTO                      67
+# endif
+# define DTLS1_MT_HELLO_VERIFY_REQUEST    3
+
+/* Dummy message type for handling CCS like a normal handshake message */
+# define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101
+
+# define SSL3_MT_CCS                             1
+
+/* These are used when changing over to a new cipher */
+# define SSL3_CC_READ            0x01
+# define SSL3_CC_WRITE           0x02
+# define SSL3_CC_CLIENT          0x10
+# define SSL3_CC_SERVER          0x20
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
+# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/stack.h b/openssl-1.1.0h/include/openssl/stack.h
new file mode 100644
index 0000000..23ad3b8
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/stack.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STACK_H
+# define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
+
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data);
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+void OPENSSL_sk_free(OPENSSL_STACK *);
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f);
+int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where);
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data);
+void *OPENSSL_sk_shift(OPENSSL_STACK *st);
+void *OPENSSL_sk_pop(OPENSSL_STACK *st);
+void OPENSSL_sk_zero(OPENSSL_STACK *st);
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _STACK OPENSSL_STACK
+#  define sk_num OPENSSL_sk_num
+#  define sk_value OPENSSL_sk_value
+#  define sk_set OPENSSL_sk_set
+#  define sk_new OPENSSL_sk_new
+#  define sk_new_null OPENSSL_sk_new_null
+#  define sk_free OPENSSL_sk_free
+#  define sk_pop_free OPENSSL_sk_pop_free
+#  define sk_deep_copy OPENSSL_sk_deep_copy
+#  define sk_insert OPENSSL_sk_insert
+#  define sk_delete OPENSSL_sk_delete
+#  define sk_delete_ptr OPENSSL_sk_delete_ptr
+#  define sk_find OPENSSL_sk_find
+#  define sk_find_ex OPENSSL_sk_find_ex
+#  define sk_push OPENSSL_sk_push
+#  define sk_unshift OPENSSL_sk_unshift
+#  define sk_shift OPENSSL_sk_shift
+#  define sk_pop OPENSSL_sk_pop
+#  define sk_zero OPENSSL_sk_zero
+#  define sk_set_cmp_func OPENSSL_sk_set_cmp_func
+#  define sk_dup OPENSSL_sk_dup
+#  define sk_sort OPENSSL_sk_sort
+#  define sk_is_sorted OPENSSL_sk_is_sorted
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/symhacks.h b/openssl-1.1.0h/include/openssl/symhacks.h
new file mode 100644
index 0000000..caf1f1a
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/symhacks.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SYMHACKS_H
+# define HEADER_SYMHACKS_H
+
+# include <openssl/e_os2.h>
+
+/* Case insensitive linking causes problems.... */
+# if defined(OPENSSL_SYS_VMS)
+#  undef ERR_load_CRYPTO_strings
+#  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#  undef OCSP_crlID_new
+#  define OCSP_crlID_new                          OCSP_crlID2_new
+
+#  undef d2i_ECPARAMETERS
+#  define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#  undef i2d_ECPARAMETERS
+#  define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#  undef d2i_ECPKPARAMETERS
+#  define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#  undef i2d_ECPKPARAMETERS
+#  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/*
+ * These functions do not seem to exist! However, I'm paranoid... Original
+ * command in x509v3.h: These functions are being redefined in another
+ * directory, and clash when the linker is case-insensitive, so let's hide
+ * them a little, by giving them an extra 'o' at the beginning of the name...
+ */
+#  undef X509v3_cleanup_extensions
+#  define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#  undef X509v3_add_extension
+#  define X509v3_add_extension                    oX509v3_add_extension
+#  undef X509v3_add_netscape_extensions
+#  define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#  undef X509v3_add_standard_extensions
+#  define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+
+/* This one clashes with CMS_data_create */
+#  undef cms_Data_create
+#  define cms_Data_create                         priv_cms_Data_create
+
+# endif
+
+#endif                          /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/openssl-1.1.0h/include/openssl/tls1.h b/openssl-1.1.0h/include/openssl/tls1.h
new file mode 100644
index 0000000..3fe01fe
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/tls1.h
@@ -0,0 +1,972 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifndef HEADER_TLS1_H
+# define HEADER_TLS1_H
+
+# include <openssl/buffer.h>
+# include <openssl/x509.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Default security level if not overridden at config time */
+# ifndef OPENSSL_TLS_SECURITY_LEVEL
+#  define OPENSSL_TLS_SECURITY_LEVEL 1
+# endif
+
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS_MAX_VERSION                 TLS1_2_VERSION
+
+/* Special value for method supporting multiple versions */
+# define TLS_ANY_VERSION                 0x10000
+
+# define TLS1_VERSION_MAJOR              0x03
+# define TLS1_VERSION_MINOR              0x01
+
+# define TLS1_1_VERSION_MAJOR            0x03
+# define TLS1_1_VERSION_MINOR            0x02
+
+# define TLS1_2_VERSION_MAJOR            0x03
+# define TLS1_2_VERSION_MINOR            0x03
+
+# define TLS1_get_version(s) \
+                ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0)
+
+# define TLS1_get_client_version(s) \
+                ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0)
+
+# define TLS1_AD_DECRYPTION_FAILED       21
+# define TLS1_AD_RECORD_OVERFLOW         22
+# define TLS1_AD_UNKNOWN_CA              48/* fatal */
+# define TLS1_AD_ACCESS_DENIED           49/* fatal */
+# define TLS1_AD_DECODE_ERROR            50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR           51
+# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
+# define TLS1_AD_USER_CANCELLED          90
+# define TLS1_AD_NO_RENEGOTIATION        100
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION   110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME       112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
+# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
+
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
+# define TLSEXT_TYPE_server_name                 0
+# define TLSEXT_TYPE_max_fragment_length         1
+# define TLSEXT_TYPE_client_certificate_url      2
+# define TLSEXT_TYPE_trusted_ca_keys             3
+# define TLSEXT_TYPE_truncated_hmac              4
+# define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4681 */
+# define TLSEXT_TYPE_user_mapping                6
+/* ExtensionType values from RFC5878 */
+# define TLSEXT_TYPE_client_authz                7
+# define TLSEXT_TYPE_server_authz                8
+/* ExtensionType values from RFC6091 */
+# define TLSEXT_TYPE_cert_type           9
+
+/* ExtensionType values from RFC4492 */
+# define TLSEXT_TYPE_elliptic_curves             10
+# define TLSEXT_TYPE_ec_point_formats            11
+
+/* ExtensionType value from RFC5054 */
+# define TLSEXT_TYPE_srp                         12
+
+/* ExtensionType values from RFC5246 */
+# define TLSEXT_TYPE_signature_algorithms        13
+
+/* ExtensionType value from RFC5764 */
+# define TLSEXT_TYPE_use_srtp    14
+
+/* ExtensionType value from RFC5620 */
+# define TLSEXT_TYPE_heartbeat   15
+
+/* ExtensionType value from RFC7301 */
+# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+
+/*
+ * Extension type for Certificate Transparency
+ * https://tools.ietf.org/html/rfc6962#section-3.3.1
+ */
+# define TLSEXT_TYPE_signed_certificate_timestamp    18
+
+/*
+ * ExtensionType value for TLS padding extension.
+ * http://tools.ietf.org/html/draft-agl-tls-padding
+ */
+# define TLSEXT_TYPE_padding     21
+
+/* ExtensionType value from RFC7366 */
+# define TLSEXT_TYPE_encrypt_then_mac    22
+
+/* ExtensionType value from RFC7627 */
+# define TLSEXT_TYPE_extended_master_secret      23
+
+/* ExtensionType value from RFC4507 */
+# define TLSEXT_TYPE_session_ticket              35
+
+/* Temporary extension type */
+# define TLSEXT_TYPE_renegotiate                 0xff01
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#  define TLSEXT_TYPE_next_proto_neg              13172
+# endif
+
+/* NameType value from RFC3546 */
+# define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC3546 */
+# define TLSEXT_STATUSTYPE_ocsp 1
+
+/* ECPointFormat values from RFC4492 */
+# define TLSEXT_ECPOINTFORMAT_first                      0
+# define TLSEXT_ECPOINTFORMAT_uncompressed               0
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
+# define TLSEXT_ECPOINTFORMAT_last                       2
+
+/* Signature and hash algorithms from RFC5246 */
+# define TLSEXT_signature_anonymous                      0
+# define TLSEXT_signature_rsa                            1
+# define TLSEXT_signature_dsa                            2
+# define TLSEXT_signature_ecdsa                          3
+# define TLSEXT_signature_gostr34102001                  237
+# define TLSEXT_signature_gostr34102012_256              238
+# define TLSEXT_signature_gostr34102012_512              239
+
+/* Total number of different signature algorithms */
+# define TLSEXT_signature_num                            7
+
+# define TLSEXT_hash_none                                0
+# define TLSEXT_hash_md5                                 1
+# define TLSEXT_hash_sha1                                2
+# define TLSEXT_hash_sha224                              3
+# define TLSEXT_hash_sha256                              4
+# define TLSEXT_hash_sha384                              5
+# define TLSEXT_hash_sha512                              6
+# define TLSEXT_hash_gostr3411                           237
+# define TLSEXT_hash_gostr34112012_256                   238
+# define TLSEXT_hash_gostr34112012_512                   239
+
+/* Total number of different digest algorithms */
+
+# define TLSEXT_hash_num                                 10
+
+/* Flag set for unrecognised algorithms */
+# define TLSEXT_nid_unknown                              0x1000000
+
+/* ECC curves */
+
+# define TLSEXT_curve_P_256                              23
+# define TLSEXT_curve_P_384                              24
+
+# define TLSEXT_MAXLEN_host_name 255
+
+__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur int SSL_get_servername_type(const SSL *s);
+/*
+ * SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.) It returns 1 on success and
+ * 0 or -1 otherwise.
+ */
+__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen, int use_context);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignandhash,
+                    unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignandhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+# define SSL_set_tlsext_host_name(s,name) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+
+# define SSL_set_tlsext_debug_callback(ssl, cb) \
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+
+# define SSL_set_tlsext_debug_arg(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+
+# define SSL_get_tlsext_status_type(ssl) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL)
+
+# define SSL_set_tlsext_status_type(ssl, type) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+
+# define SSL_get_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+# define SSL_set_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+# define SSL_get_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+# define SSL_set_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+
+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+
+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+
+# define SSL_TLSEXT_ERR_OK 0
+# define SSL_TLSEXT_ERR_ALERT_WARNING 1
+# define SSL_TLSEXT_ERR_ALERT_FATAL 2
+# define SSL_TLSEXT_ERR_NOACK 3
+
+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+
+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+
+#define SSL_CTX_set_tlsext_status_type(ssl, type) \
+        SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
+
+#define SSL_CTX_get_tlsext_status_type(ssl) \
+        SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
+
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_DTLSEXT_HB_ENABLED                   0x01
+#  define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS        0x02
+#  define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS        0x04
+#  define SSL_get_dtlsext_heartbeat_pending(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#  define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+
+#  if OPENSSL_API_COMPAT < 0x10100000L
+#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
+        SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
+#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
+        SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
+#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
+        SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
+#   define SSL_TLSEXT_HB_ENABLED \
+        SSL_DTLSEXT_HB_ENABLED
+#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
+#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
+#   define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_get_dtlsext_heartbeat_pending(ssl)
+#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_set_dtlsext_heartbeat_no_requests(ssl, arg)
+#  endif
+# endif
+
+/* PSK ciphersuites from 4279 */
+# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
+# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
+
+# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA                0x0300008E
+# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA           0x0300008F
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA            0x03000090
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA            0x03000091
+
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA                0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA           0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA            0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA            0x03000095
+
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256             0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384             0x030000A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256         0x030000AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384         0x030000AB
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256         0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384         0x030000AD
+
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256             0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384             0x030000AF
+# define TLS1_CK_PSK_WITH_NULL_SHA256                    0x030000B0
+# define TLS1_CK_PSK_WITH_NULL_SHA384                    0x030000B1
+
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256         0x030000B2
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384         0x030000B3
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256                0x030000B4
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384                0x030000B5
+
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256         0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384         0x030000B7
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
+# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
+
+# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
+# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
+# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
+# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
+# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
+# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
+# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
+# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
+# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
+# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
+# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
+# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
+# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
+# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
+# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_CK_RSA_WITH_AES_128_CCM                    0x0300C09C
+# define TLS1_CK_RSA_WITH_AES_256_CCM                    0x0300C09D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM                0x0300C09E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM                0x0300C09F
+# define TLS1_CK_RSA_WITH_AES_128_CCM_8                  0x0300C0A0
+# define TLS1_CK_RSA_WITH_AES_256_CCM_8                  0x0300C0A1
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8              0x0300C0A2
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8              0x0300C0A3
+# define TLS1_CK_PSK_WITH_AES_128_CCM                    0x0300C0A4
+# define TLS1_CK_PSK_WITH_AES_256_CCM                    0x0300C0A5
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM                0x0300C0A6
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM                0x0300C0A7
+# define TLS1_CK_PSK_WITH_AES_128_CCM_8                  0x0300C0A8
+# define TLS1_CK_PSK_WITH_AES_256_CCM_8                  0x0300C0A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8              0x0300C0AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8              0x0300C0AB
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8          0x0300C0AE
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8          0x0300C0AF
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256                0x030000BA
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256             0x030000BB
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256             0x030000BC
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256            0x030000BD
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256            0x030000BE
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256                0x030000BF
+
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256                0x030000C0
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256             0x030000C1
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256             0x030000C2
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256            0x030000C3
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256            0x030000C4
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256                0x030000C5
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+
+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+
+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+
+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+
+/* SRP ciphersuites from RFC 5054 */
+# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
+# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
+# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
+# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
+# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
+/* ECDHE PSK ciphersuites from RFC5489 */
+# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA              0x0300C033
+# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA         0x0300C034
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
+
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038
+
+/* NULL PSK ciphersuites from RFC4785 */
+
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0x0300C074
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0x0300C075
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0x0300C076
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0x0300C077
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x0300C078
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0x0300C079
+
+# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256         0x0300C094
+# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384         0x0300C095
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C096
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C097
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C098
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C099
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
+# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305               0x0300CCAB
+# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305         0x0300CCAC
+# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
+# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
+
+/*
+ * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
+ * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
+ * using DHE everywhere, though we may indefinitely maintain aliases for
+ * users or configurations that used "EDH"
+ */
+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
+
+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
+
+# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+
+/* PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
+# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA               "DHE-PSK-RC4-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "DHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA           "DHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA           "DHE-PSK-AES256-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA               "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA           "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA           "RSA-PSK-AES256-CBC-SHA"
+
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256        "DHE-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384        "DHE-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256        "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384        "RSA-PSK-AES256-GCM-SHA384"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256            "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384            "PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_PSK_WITH_NULL_SHA256                   "PSK-NULL-SHA256"
+# define TLS1_TXT_PSK_WITH_NULL_SHA384                   "PSK-NULL-SHA384"
+
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256        "DHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384        "DHE-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256               "DHE-PSK-NULL-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384               "DHE-PSK-NULL-SHA384"
+
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256        "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384        "RSA-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256               "RSA-PSK-NULL-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384               "RSA-PSK-NULL-SHA384"
+
+/* SRP ciphersuite from RFC 5054 */
+# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256               "CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256            "DH-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256            "DH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           "DHE-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           "DHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256               "ADH-CAMELLIA128-SHA256"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256               "CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256            "DH-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256            "DH-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           "DHE-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           "DHE-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256               "ADH-CAMELLIA256-SHA256"
+
+# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256               "PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384               "PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256           "DHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384           "DHE-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256           "RSA-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384           "RSA-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256         "ECDHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384         "ECDHE-PSK-CAMELLIA256-SHA384"
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
+
+/* CCM ciphersuites from RFC6655 */
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM                   "AES128-CCM"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM                   "AES256-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM               "DHE-RSA-AES128-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM               "DHE-RSA-AES256-CCM"
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM_8                 "AES128-CCM8"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM_8                 "AES256-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8             "DHE-RSA-AES128-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8             "DHE-RSA-AES256-CCM8"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM                   "PSK-AES128-CCM"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM                   "PSK-AES256-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM               "DHE-PSK-AES128-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM               "DHE-PSK-AES256-CCM"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM_8                 "PSK-AES128-CCM8"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM_8                 "PSK-AES256-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8             "DHE-PSK-AES128-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8             "DHE-PSK-AES256-CCM8"
+
+/* CCM ciphersuites from RFC7251 */
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM       "ECDHE-ECDSA-AES128-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM       "ECDHE-ECDSA-AES256-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8     "ECDHE-ECDSA-AES128-CCM8"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8     "ECDHE-ECDSA-AES256-CCM8"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
+
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+
+/* ECDHE PSK ciphersuites from RFC 5489 */
+# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA               "ECDHE-PSK-RC4-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          "ECDHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA           "ECDHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA           "ECDHE-PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256        "ECDHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384        "ECDHE-PSK-AES256-CBC-SHA384"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA                  "ECDHE-PSK-NULL-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256               "ECDHE-PSK-NULL-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384               "ECDHE-PSK-NULL-SHA384"
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  "ECDH-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  "ECDH-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "ECDHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   "ECDHE-RSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305               "PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305         "ECDHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
+
+# define TLS_CT_RSA_SIGN                 1
+# define TLS_CT_DSS_SIGN                 2
+# define TLS_CT_RSA_FIXED_DH             3
+# define TLS_CT_DSS_FIXED_DH             4
+# define TLS_CT_ECDSA_SIGN               64
+# define TLS_CT_RSA_FIXED_ECDH           65
+# define TLS_CT_ECDSA_FIXED_ECDH         66
+# define TLS_CT_GOST01_SIGN              22
+# define TLS_CT_GOST12_SIGN              238
+# define TLS_CT_GOST12_512_SIGN          239
+
+/*
+ * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there)
+ */
+# define TLS_CT_NUMBER                   9
+
+# define TLS1_FINISH_MAC_LENGTH          12
+
+# define TLS_MD_MAX_CONST_SIZE                   22
+# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+# define TLS_MD_SERVER_FINISH_CONST              "server finished"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_IV_BLOCK_CONST                   "IV block"
+# define TLS_MD_IV_BLOCK_CONST_SIZE              8
+# define TLS_MD_MASTER_SECRET_CONST              "master secret"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST     "extended master secret"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE        22
+
+# ifdef CHARSET_EBCDIC
+#  undef TLS_MD_CLIENT_FINISH_CONST
+/*
+ * client finished
+ */
+#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_FINISH_CONST
+/*
+ * server finished
+ */
+#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_KEY_EXPANSION_CONST
+/*
+ * key expansion
+ */
+#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+
+#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
+/*
+ * client write key
+ */
+#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_IV_BLOCK_CONST
+/*
+ * IV block
+ */
+#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+
+#  undef TLS_MD_MASTER_SECRET_CONST
+/*
+ * master secret
+ */
+#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+#  undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
+/*
+ * extended master secret
+ */
+#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# endif
+
+/* TLS Session Ticket extension struct */
+struct tls_session_ticket_ext_st {
+    unsigned short length;
+    void *data;
+};
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ts.h b/openssl-1.1.0h/include/openssl/ts.h
new file mode 100644
index 0000000..a565982
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ts.h
@@ -0,0 +1,643 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TS_H
+# define HEADER_TS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/dh.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+
+typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
+typedef struct TS_req_st TS_REQ;
+typedef struct TS_accuracy_st TS_ACCURACY;
+typedef struct TS_tst_info_st TS_TST_INFO;
+
+/* Possible values for status. */
+# define TS_STATUS_GRANTED                       0
+# define TS_STATUS_GRANTED_WITH_MODS             1
+# define TS_STATUS_REJECTION                     2
+# define TS_STATUS_WAITING                       3
+# define TS_STATUS_REVOCATION_WARNING            4
+# define TS_STATUS_REVOCATION_NOTIFICATION       5
+
+/* Possible values for failure_info. */
+# define TS_INFO_BAD_ALG                 0
+# define TS_INFO_BAD_REQUEST             2
+# define TS_INFO_BAD_DATA_FORMAT         5
+# define TS_INFO_TIME_NOT_AVAILABLE      14
+# define TS_INFO_UNACCEPTED_POLICY       15
+# define TS_INFO_UNACCEPTED_EXTENSION    16
+# define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
+# define TS_INFO_SYSTEM_FAILURE          25
+
+
+typedef struct TS_status_info_st TS_STATUS_INFO;
+typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
+typedef struct ESS_cert_id ESS_CERT_ID;
+typedef struct ESS_signing_cert ESS_SIGNING_CERT;
+
+DEFINE_STACK_OF(ESS_CERT_ID)
+
+typedef struct TS_resp_st TS_RESP;
+
+TS_REQ *TS_REQ_new(void);
+void TS_REQ_free(TS_REQ *a);
+int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
+TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
+
+TS_REQ *TS_REQ_dup(TS_REQ *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
+TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
+int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
+void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
+int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
+                                   const unsigned char **pp, long length);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
+
+TS_RESP *TS_RESP_new(void);
+void TS_RESP_free(TS_RESP *a);
+int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
+TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
+TS_RESP *TS_RESP_dup(TS_RESP *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
+
+TS_STATUS_INFO *TS_STATUS_INFO_new(void);
+void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
+int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
+TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
+                                   const unsigned char **pp, long length);
+TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
+
+TS_TST_INFO *TS_TST_INFO_new(void);
+void TS_TST_INFO_free(TS_TST_INFO *a);
+int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
+TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
+                             long length);
+TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
+
+TS_ACCURACY *TS_ACCURACY_new(void);
+void TS_ACCURACY_free(TS_ACCURACY *a);
+int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
+TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
+                             long length);
+TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
+
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
+void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
+int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
+ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
+                                         const unsigned char **pp,
+                                         long length);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
+
+ESS_CERT_ID *ESS_CERT_ID_new(void);
+void ESS_CERT_ID_free(ESS_CERT_ID *a);
+int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
+ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
+                             long length);
+ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
+
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
+void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
+int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
+ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
+                                       const unsigned char **pp, long length);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+
+int TS_REQ_set_version(TS_REQ *a, long version);
+long TS_REQ_get_version(const TS_REQ *a);
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i);
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a);
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a);
+
+const ASN1_BIT_STRING *
+TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a);
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
+int TS_REQ_get_cert_req(const TS_REQ *a);
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
+void TS_REQ_ext_free(TS_REQ *a);
+int TS_REQ_get_ext_count(TS_REQ *a);
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
+
+/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
+PKCS7 *TS_RESP_get_token(TS_RESP *a);
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
+long TS_TST_INFO_get_version(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
+void TS_TST_INFO_ext_free(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
+                               int lastpos);
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
+
+/*
+ * Declarations related to response generation, defined in ts/ts_resp_sign.c.
+ */
+
+/* Optional flags for response generation. */
+
+/* Don't include the TSA name in response. */
+# define TS_TSA_NAME             0x01
+
+/* Set ordering to true in response. */
+# define TS_ORDERING             0x02
+
+/*
+ * Include the signer certificate and the other specified certificates in
+ * the ESS signing certificate attribute beside the PKCS7 signed data.
+ * Only the signer certificates is included by default.
+ */
+# define TS_ESS_CERT_ID_CHAIN    0x04
+
+/* Forward declaration. */
+struct TS_resp_ctx;
+
+/* This must return a unique number less than 160 bits long. */
+typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
+
+/*
+ * This must return the seconds and microseconds since Jan 1, 1970 in the sec
+ * and usec variables allocated by the caller. Return non-zero for success
+ * and zero for failure.
+ */
+typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
+                           long *usec);
+
+/*
+ * This must process the given extension. It can modify the TS_TST_INFO
+ * object of the context. Return values: !0 (processed), 0 (error, it must
+ * set the status info/failure info of the response).
+ */
+typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
+                                void *);
+
+typedef struct TS_resp_ctx TS_RESP_CTX;
+
+DEFINE_STACK_OF_CONST(EVP_MD)
+
+/* Creates a response context that can be used for generating responses. */
+TS_RESP_CTX *TS_RESP_CTX_new(void);
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx,
+                                  const EVP_MD *signer_digest);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy);
+
+/* No additional certs are included in the response by default. */
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
+
+/*
+ * Adds a new acceptable policy, only the default policy is accepted by
+ * default.
+ */
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
+
+/*
+ * Adds a new acceptable message digest. Note that no message digests are
+ * accepted by default. The md argument is shared with the caller.
+ */
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* Accuracy is not included by default. */
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros);
+
+/*
+ * Clock precision digits, i.e. the number of decimal digits: '0' means sec,
+ * '3' msec, '6' usec, and so on. Default is 0.
+ */
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned clock_precision_digits);
+/* At most we accept usec precision. */
+# define TS_MAX_CLOCK_PRECISION_DIGITS   6
+
+/* Maximum status message length */
+# define TS_MAX_STATUS_LENGTH   (1024 * 1024)
+
+/* No flags are set by default. */
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
+
+/* Default callback always returns a constant. */
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
+
+/* Default callback uses the gettimeofday() and gmtime() system calls. */
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
+
+/*
+ * Default callback rejects all extensions. The extension callback is called
+ * when the TS_TST_INFO object is already set up and not signed yet.
+ */
+/* FIXME: extension handling is not tested yet. */
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data);
+
+/* The following methods can be used in the callbacks. */
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text);
+
+/* Sets the status info only if it is still TS_STATUS_GRANTED. */
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text);
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
+
+/* The get methods below can be used in the extension callback. */
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
+
+/*
+ * Creates the signed TS_TST_INFO and puts it in TS_RESP.
+ * In case of errors it sets the status info properly.
+ * Returns NULL only in case of memory allocation/fatal error.
+ */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
+
+/*
+ * Declarations related to response verification,
+ * they are defined in ts/ts_resp_verify.c.
+ */
+
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out);
+
+/* Context structure for the generic verify method. */
+
+/* Verify the signer's certificate and the signature of the response. */
+# define TS_VFY_SIGNATURE        (1u << 0)
+/* Verify the version number of the response. */
+# define TS_VFY_VERSION          (1u << 1)
+/* Verify if the policy supplied by the user matches the policy of the TSA. */
+# define TS_VFY_POLICY           (1u << 2)
+/*
+ * Verify the message imprint provided by the user. This flag should not be
+ * specified with TS_VFY_DATA.
+ */
+# define TS_VFY_IMPRINT          (1u << 3)
+/*
+ * Verify the message imprint computed by the verify method from the user
+ * provided data and the MD algorithm of the response. This flag should not
+ * be specified with TS_VFY_IMPRINT.
+ */
+# define TS_VFY_DATA             (1u << 4)
+/* Verify the nonce value. */
+# define TS_VFY_NONCE            (1u << 5)
+/* Verify if the TSA name field matches the signer certificate. */
+# define TS_VFY_SIGNER           (1u << 6)
+/* Verify if the TSA name field equals to the user provided name. */
+# define TS_VFY_TSA_NAME         (1u << 7)
+
+/* You can use the following convenience constants. */
+# define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_IMPRINT       \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+# define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_DATA          \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+
+typedef struct TS_verify_ctx TS_VERIFY_CTX;
+
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
+
+/*
+ * Declarations related to response verification context,
+ */
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len);
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
+
+/*-
+ * If ctx is NULL, it allocates and returns a new object, otherwise
+ * it returns ctx. It initialises all the members as follows:
+ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
+ * certs = NULL
+ * store = NULL
+ * policy = policy from the request or NULL if absent (in this case
+ *      TS_VFY_POLICY is cleared from flags as well)
+ * md_alg = MD algorithm from request
+ * imprint, imprint_len = imprint from request
+ * data = NULL
+ * nonce, nonce_len = nonce from the request or NULL if absent (in this case
+ *      TS_VFY_NONCE is cleared from flags as well)
+ * tsa_name = NULL
+ * Important: after calling this method TS_VFY_SIGNATURE should be added!
+ */
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
+
+/* Common utility functions defined in ts/ts_lib.c */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+
+/*
+ * Function declarations for handling configuration options, defined in
+ * ts/ts_conf.c
+ */
+
+X509 *TS_CONF_load_cert(const char *file);
+STACK_OF(X509) *TS_CONF_load_certs(const char *file);
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device);
+int TS_CONF_set_default_engine(const char *name);
+#endif
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx);
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                               const char *md, TS_RESP_CTX *ctx);
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx);
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx);
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx);
+
+/* -------------------------------------------------- */
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_TS_strings(void);
+
+/* Error codes for the TS functions. */
+
+/* Function codes. */
+# define TS_F_DEF_SERIAL_CB                               110
+# define TS_F_DEF_TIME_CB                                 111
+# define TS_F_ESS_ADD_SIGNING_CERT                        112
+# define TS_F_ESS_CERT_ID_NEW_INIT                        113
+# define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+# define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+# define TS_F_PKCS7_TO_TS_TST_INFO                        148
+# define TS_F_TS_ACCURACY_SET_MICROS                      115
+# define TS_F_TS_ACCURACY_SET_MILLIS                      116
+# define TS_F_TS_ACCURACY_SET_SECONDS                     117
+# define TS_F_TS_CHECK_IMPRINTS                           100
+# define TS_F_TS_CHECK_NONCES                             101
+# define TS_F_TS_CHECK_POLICY                             102
+# define TS_F_TS_CHECK_SIGNING_CERTS                      103
+# define TS_F_TS_CHECK_STATUS_INFO                        104
+# define TS_F_TS_COMPUTE_IMPRINT                          145
+# define TS_F_TS_CONF_INVALID                             151
+# define TS_F_TS_CONF_LOAD_CERT                           153
+# define TS_F_TS_CONF_LOAD_CERTS                          154
+# define TS_F_TS_CONF_LOAD_KEY                            155
+# define TS_F_TS_CONF_LOOKUP_FAIL                         152
+# define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+# define TS_F_TS_GET_STATUS_TEXT                          105
+# define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+# define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+# define TS_F_TS_REQ_SET_NONCE                            120
+# define TS_F_TS_REQ_SET_POLICY_ID                        121
+# define TS_F_TS_RESP_CREATE_RESPONSE                     122
+# define TS_F_TS_RESP_CREATE_TST_INFO                     123
+# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+# define TS_F_TS_RESP_CTX_ADD_MD                          125
+# define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+# define TS_F_TS_RESP_CTX_NEW                             127
+# define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+# define TS_F_TS_RESP_CTX_SET_CERTS                       129
+# define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+# define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+# define TS_F_TS_RESP_GET_POLICY                          133
+# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+# define TS_F_TS_RESP_SET_STATUS_INFO                     135
+# define TS_F_TS_RESP_SET_TST_INFO                        150
+# define TS_F_TS_RESP_SIGN                                136
+# define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+# define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+# define TS_F_TS_TST_INFO_SET_NONCE                       139
+# define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+# define TS_F_TS_TST_INFO_SET_SERIAL                      141
+# define TS_F_TS_TST_INFO_SET_TIME                        142
+# define TS_F_TS_TST_INFO_SET_TSA                         143
+# define TS_F_TS_VERIFY                                   108
+# define TS_F_TS_VERIFY_CERT                              109
+# define TS_F_TS_VERIFY_CTX_NEW                           144
+
+/* Reason codes. */
+# define TS_R_BAD_PKCS7_TYPE                              132
+# define TS_R_BAD_TYPE                                    133
+# define TS_R_CANNOT_LOAD_CERT                            137
+# define TS_R_CANNOT_LOAD_KEY                             138
+# define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+# define TS_R_COULD_NOT_SET_ENGINE                        127
+# define TS_R_COULD_NOT_SET_TIME                          115
+# define TS_R_DETACHED_CONTENT                            134
+# define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+# define TS_R_INVALID_NULL_POINTER                        102
+# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+# define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+# define TS_R_NONCE_MISMATCH                              104
+# define TS_R_NONCE_NOT_RETURNED                          105
+# define TS_R_NO_CONTENT                                  106
+# define TS_R_NO_TIME_STAMP_TOKEN                         107
+# define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+# define TS_R_POLICY_MISMATCH                             108
+# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+# define TS_R_RESPONSE_SETUP_ERROR                        121
+# define TS_R_SIGNATURE_FAILURE                           109
+# define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+# define TS_R_TIME_SYSCALL_ERROR                          122
+# define TS_R_TOKEN_NOT_PRESENT                           130
+# define TS_R_TOKEN_PRESENT                               131
+# define TS_R_TSA_NAME_MISMATCH                           111
+# define TS_R_TSA_UNTRUSTED                               112
+# define TS_R_TST_INFO_SETUP_ERROR                        123
+# define TS_R_TS_DATASIGN                                 124
+# define TS_R_UNACCEPTABLE_POLICY                         125
+# define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+# define TS_R_UNSUPPORTED_VERSION                         113
+# define TS_R_VAR_BAD_VALUE                               135
+# define TS_R_VAR_LOOKUP_FAILURE                          136
+# define TS_R_WRONG_CONTENT_TYPE                          114
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/txt_db.h b/openssl-1.1.0h/include/openssl/txt_db.h
new file mode 100644
index 0000000..0e6c943
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/txt_db.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TXT_DB_H
+# define HEADER_TXT_DB_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/lhash.h>
+
+# define DB_ERROR_OK                     0
+# define DB_ERROR_MALLOC                 1
+# define DB_ERROR_INDEX_CLASH            2
+# define DB_ERROR_INDEX_OUT_OF_RANGE     3
+# define DB_ERROR_NO_INDEX               4
+# define DB_ERROR_INSERT_INDEX_CLASH     5
+# define DB_ERROR_WRONG_NUM_FIELDS       6
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
+
+typedef struct txt_db_st {
+    int num_fields;
+    STACK_OF(OPENSSL_PSTRING) *data;
+    LHASH_OF(OPENSSL_STRING) **index;
+    int (**qual) (OPENSSL_STRING *);
+    long error;
+    long arg1;
+    long arg2;
+    OPENSSL_STRING *arg_row;
+} TXT_DB;
+
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp);
+void TXT_DB_free(TXT_DB *db);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/ui.h b/openssl-1.1.0h/include/openssl/ui.h
new file mode 100644
index 0000000..49e763d
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/ui.h
@@ -0,0 +1,378 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UI_H
+# define HEADER_UI_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_UI
+
+#  if OPENSSL_API_COMPAT < 0x10100000L
+#   include <openssl/crypto.h>
+#  endif
+#  include <openssl/safestack.h>
+#  include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * All the following functions return -1 or NULL on error and in some cases
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
+ * all depending on their purpose.
+ */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/*-
+   The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+        add     add a text or prompt string.  The pointers given to these
+                functions are used verbatim, no copying is done.
+        dup     make a copy of the text or prompt string, then add the copy
+                to the collection of strings in the user interface.
+        <function>
+                The function is a name for the functionality that the given
+                string shall be used for.  It can be one of:
+                        input   use the string as data prompt.
+                        verify  use the string as verification prompt.  This
+                                is used to verify a previous input.
+                        info    use the string for informational output.
+                        error   use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is useful when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+# define UI_INPUT_FLAG_ECHO              0x01
+/*
+ * Use a default password.  Where that password is found is completely up to
+ * the application, it might for example be in the user data set with
+ * UI_add_user_data().  It is not recommended to have more than one input in
+ * each UI being marked with this flag, or the application might get
+ * confused.
+ */
+#  define UI_INPUT_FLAG_DEFAULT_PWD       0x02
+
+/*-
+ * The user of these routines may want to define flags of their own.  The core
+ * UI won't look at those, but will pass them on to the method routines.  They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * example of use is this:
+ *
+ *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
+*/
+#  define UI_INPUT_FLAG_USER_BASE 16
+
+/*-
+ * The following function helps construct a prompt.  object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ *       "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ *       "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+                          const char *object_desc, const char *object_name);
+
+/*
+ * The following function is used to store a pointer to user-specific data.
+ * Any previous such pointer will be returned and replaced.
+ *
+ * For callback purposes, this function makes a lot more sense than using
+ * ex_data, since the latter requires that different parts of OpenSSL or
+ * applications share the same ex_data index.
+ *
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
+ * methods may not, however.
+ */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/*
+ * Give a user interface parametrised control commands.  This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a UI.
+ */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+
+/* The commands */
+/*
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+ * OpenSSL error stack before printing any info or added error messages and
+ * before any prompting.
+ */
+#  define UI_CTRL_PRINT_ERRORS            1
+/*
+ * Check if a UI_process() is possible to do again with the same instance of
+ * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+ * if not.
+ */
+# define UI_CTRL_IS_REDOABLE             2
+
+/* Some methods may use extra data */
+# define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+# define UI_get_app_data(s)             UI_get_ex_data(s,0)
+
+#define UI_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef)
+int UI_set_ex_data(UI *r, int idx, void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+/* ---------- For method writers ---------- */
+/*-
+   A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+        an opener       This function starts a session, maybe by opening
+                        a channel to a tty, or by opening a window.
+        a writer        This function is called to write a given string,
+                        maybe to the tty, maybe as a field label in a
+                        window.
+        a flusher       This function is called to flush everything that
+                        has been output so far.  It can be used to actually
+                        display a dialog box after it has been built.
+        a reader        This function is called to read a given prompt,
+                        maybe from the tty, maybe from a field in a
+                        window.  Note that it's called with all string
+                        structures, not only the prompt ones, so it must
+                        check such things itself.
+        a closer        This function closes the session, maybe by closing
+                        the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+        0       on error.
+        1       on success.
+        -1      on out-of-band events, for example if some prompting has
+                been canceled (by pressing Ctrl-C, for example).  This is
+                only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/*
+ * The UI_STRING type is the data structure that contains all the needed info
+ * about a string or a prompt, including test data for a verification prompt.
+ */
+typedef struct ui_string_st UI_STRING;
+DEFINE_STACK_OF(UI_STRING)
+
+/*
+ * The different types of strings that are currently supported. This is only
+ * needed by method authors.
+ */
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(const char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
+                                                              const char *,
+                                                              const char *);
+
+/*
+ * The following functions are helpers for method writers to access relevant
+ * data from a UI_STRING.
+ */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/*
+ * Return the optional action string to output (the boolean prompt
+ * instruction)
+ */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/*
+ * Return the string to test the result against.  Only useful with verifies.
+ */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+# define UI_F_CLOSE_CONSOLE                               115
+# define UI_F_ECHO_CONSOLE                                116
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+# define UI_F_NOECHO_CONSOLE                              117
+# define UI_F_OPEN_CONSOLE                                114
+# define UI_F_UI_CREATE_METHOD                            112
+# define UI_F_UI_CTRL                                     111
+# define UI_F_UI_DUP_ERROR_STRING                         101
+# define UI_F_UI_DUP_INFO_STRING                          102
+# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+# define UI_F_UI_DUP_INPUT_STRING                         103
+# define UI_F_UI_DUP_VERIFY_STRING                        106
+# define UI_F_UI_GET0_RESULT                              107
+# define UI_F_UI_NEW_METHOD                               104
+# define UI_F_UI_PROCESS                                  113
+# define UI_F_UI_SET_RESULT                               105
+
+/* Reason codes. */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+# define UI_R_INDEX_TOO_LARGE                             102
+# define UI_R_INDEX_TOO_SMALL                             103
+# define UI_R_NO_RESULT_BUFFER                            105
+# define UI_R_PROCESSING_ERROR                            107
+# define UI_R_RESULT_TOO_LARGE                            100
+# define UI_R_RESULT_TOO_SMALL                            101
+# define UI_R_SYSASSIGN_ERROR                             109
+# define UI_R_SYSDASSGN_ERROR                             110
+# define UI_R_SYSQIOW_ERROR                               111
+# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE                  108
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/whrlpool.h b/openssl-1.1.0h/include/openssl/whrlpool.h
new file mode 100644
index 0000000..20ea350
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/whrlpool.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_WHRLPOOL_H
+# define HEADER_WHRLPOOL_H
+
+#include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define WHIRLPOOL_DIGEST_LENGTH (512/8)
+# define WHIRLPOOL_BBLOCK        512
+# define WHIRLPOOL_COUNTER       (256/8)
+
+typedef struct {
+    union {
+        unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
+        /* double q is here to ensure 64-bit alignment */
+        double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)];
+    } H;
+    unsigned char data[WHIRLPOOL_BBLOCK / 8];
+    unsigned int bitoff;
+    size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
+} WHIRLPOOL_CTX;
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/include/openssl/x509.h b/openssl-1.1.0h/include/openssl/x509.h
new file mode 100644
index 0000000..ee98df8
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/x509.h
@@ -0,0 +1,1123 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_X509_H
+# define HEADER_X509_H
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/ec.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+# endif
+
+# include <openssl/sha.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define X509_FILETYPE_PEM       1
+# define X509_FILETYPE_ASN1      2
+# define X509_FILETYPE_DEFAULT   3
+
+# define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+# define X509v3_KU_NON_REPUDIATION       0x0040
+# define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+# define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+# define X509v3_KU_KEY_AGREEMENT         0x0008
+# define X509v3_KU_KEY_CERT_SIGN         0x0004
+# define X509v3_KU_CRL_SIGN              0x0002
+# define X509v3_KU_ENCIPHER_ONLY         0x0001
+# define X509v3_KU_DECIPHER_ONLY         0x8000
+# define X509v3_KU_UNDEF                 0xffff
+
+struct X509_algor_st {
+    ASN1_OBJECT *algorithm;
+    ASN1_TYPE *parameter;
+} /* X509_ALGOR */ ;
+
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
+typedef struct X509_val_st {
+    ASN1_TIME *notBefore;
+    ASN1_TIME *notAfter;
+} X509_VAL;
+
+typedef struct X509_sig_st X509_SIG;
+
+typedef struct X509_name_entry_st X509_NAME_ENTRY;
+
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
+DEFINE_STACK_OF(X509_NAME)
+
+# define X509_EX_V_NETSCAPE_HACK         0x8000
+# define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st X509_EXTENSION;
+
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
+DEFINE_STACK_OF(X509_EXTENSION)
+
+typedef struct x509_attributes_st X509_ATTRIBUTE;
+
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st X509_REQ_INFO;
+
+typedef struct X509_req_st X509_REQ;
+
+typedef struct x509_cert_aux_st X509_CERT_AUX;
+
+typedef struct x509_cinf_st X509_CINF;
+
+DEFINE_STACK_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+    int trust;
+    int flags;
+    int (*check_trust) (struct x509_trust_st *, X509 *, int);
+    char *name;
+    int arg1;
+    void *arg2;
+} X509_TRUST;
+
+DEFINE_STACK_OF(X509_TRUST)
+
+/* standard trust ids */
+
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
+
+# define X509_TRUST_COMPAT       1
+# define X509_TRUST_SSL_CLIENT   2
+# define X509_TRUST_SSL_SERVER   3
+# define X509_TRUST_EMAIL        4
+# define X509_TRUST_OBJECT_SIGN  5
+# define X509_TRUST_OCSP_SIGN    6
+# define X509_TRUST_OCSP_REQUEST 7
+# define X509_TRUST_TSA          8
+
+/* Keep these up to date! */
+# define X509_TRUST_MIN          1
+# define X509_TRUST_MAX          8
+
+/* trust_flags values */
+# define X509_TRUST_DYNAMIC      (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+/* No compat trust if self-signed, preempts "DO_SS" */
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
+/* Compat trust if no explicit accepted trust EKUs */
+# define X509_TRUST_DO_SS_COMPAT (1U << 3)
+/* Accept "anyEKU" as a wildcard trust OID */
+# define X509_TRUST_OK_ANY_EKU   (1U << 4)
+
+/* check_trust return codes */
+
+# define X509_TRUST_TRUSTED      1
+# define X509_TRUST_REJECTED     2
+# define X509_TRUST_UNTRUSTED    3
+
+/* Flags for X509_print_ex() */
+
+# define X509_FLAG_COMPAT                0
+# define X509_FLAG_NO_HEADER             1L
+# define X509_FLAG_NO_VERSION            (1L << 1)
+# define X509_FLAG_NO_SERIAL             (1L << 2)
+# define X509_FLAG_NO_SIGNAME            (1L << 3)
+# define X509_FLAG_NO_ISSUER             (1L << 4)
+# define X509_FLAG_NO_VALIDITY           (1L << 5)
+# define X509_FLAG_NO_SUBJECT            (1L << 6)
+# define X509_FLAG_NO_PUBKEY             (1L << 7)
+# define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+# define X509_FLAG_NO_SIGDUMP            (1L << 9)
+# define X509_FLAG_NO_AUX                (1L << 10)
+# define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
+# define X509_FLAG_NO_IDS                (1L << 12)
+
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+# define XN_FLAG_SEP_MASK        (0xf << 16)
+
+# define XN_FLAG_COMPAT          0/* Traditional; use old X509_NAME_print */
+# define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
+# define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
+# define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
+# define XN_FLAG_SEP_MULTILINE   (4 << 16)/* One line per field */
+
+# define XN_FLAG_DN_REV          (1 << 20)/* Reverse DN order */
+
+/* How the field name is shown */
+
+# define XN_FLAG_FN_MASK         (0x3 << 21)
+
+# define XN_FLAG_FN_SN           0/* Object short name */
+# define XN_FLAG_FN_LN           (1 << 21)/* Object long name */
+# define XN_FLAG_FN_OID          (2 << 21)/* Always use OIDs */
+# define XN_FLAG_FN_NONE         (3 << 21)/* No field names */
+
+# define XN_FLAG_SPC_EQ          (1 << 23)/* Put spaces round '=' */
+
+/*
+ * This determines if we dump fields we don't recognise: RFC2253 requires
+ * this.
+ */
+
+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+# define XN_FLAG_FN_ALIGN        (1 << 25)/* Align field names to 20
+                                           * characters */
+
+/* Complete set of RFC2253 flags */
+
+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
+
+DEFINE_STACK_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st X509_CRL_INFO;
+
+DEFINE_STACK_OF(X509_CRL)
+
+typedef struct private_key_st {
+    int version;
+    /* The PKCS#8 data types */
+    X509_ALGOR *enc_algor;
+    ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+    /* When decrypted, the following will not be NULL */
+    EVP_PKEY *dec_pkey;
+    /* used to encrypt and decrypt */
+    int key_length;
+    char *key_data;
+    int key_free;               /* true if we should auto free key_data */
+    /* expanded version of 'enc_algor' */
+    EVP_CIPHER_INFO cipher;
+} X509_PKEY;
+
+typedef struct X509_info_st {
+    X509 *x509;
+    X509_CRL *crl;
+    X509_PKEY *x_pkey;
+    EVP_CIPHER_INFO enc_cipher;
+    int enc_len;
+    char *enc_data;
+} X509_INFO;
+
+DEFINE_STACK_OF(X509_INFO)
+
+/*
+ * The next 2 structures and their 8 routines were sent to me by Pat Richard
+ * <patr@x509.com> and are used to manipulate Netscapes spki structures -
+ * useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st {
+    X509_PUBKEY *pubkey;
+    ASN1_IA5STRING *challenge;  /* challenge sent in atlas >= PR2 */
+} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st {
+    NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
+    X509_ALGOR sig_algor;
+    ASN1_BIT_STRING *signature;
+} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence {
+    ASN1_OBJECT *type;
+    STACK_OF(X509) *certs;
+} NETSCAPE_CERT_SEQUENCE;
+
+/*- Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+    X509_ALGOR *keyfunc;
+    X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+/* Usually OCTET STRING but could be anything */
+    ASN1_TYPE *salt;
+    ASN1_INTEGER *iter;
+    ASN1_INTEGER *keylength;
+    X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+#ifdef  __cplusplus
+}
+#endif
+
+# include <openssl/x509_vfy.h>
+# include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define X509_EXT_PACK_UNKNOWN   1
+# define X509_EXT_PACK_STRING    2
+
+# define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
+# define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+# define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
+
+const char *X509_verify_cert_error_string(long n);
+
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+                         const ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
+# endif
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+# endif
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data, const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+# ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp, X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+# endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+int i2d_X509_bio(BIO *bp, X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
+                    void *pval);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+int X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(const ASN1_TIME *s);
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *t);
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_dir(void);
+const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_dir_env(void);
+const char *X509_get_default_cert_file_env(void);
+const char *X509_get_default_private_dir(void);
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+long X509_get_pathlen(X509 *x);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+# ifndef OPENSSL_NO_RSA
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_DSA
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_EC
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest);
+
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+#define X509_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int i2d_X509_AUX(X509 *a, unsigned char **pp);
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+
+int X509_trusted(const X509 *x);
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+X509_PKEY *X509_PKEY_new(void);
+void X509_PKEY_free(X509_PKEY *a);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+X509_INFO *X509_INFO_new(void);
+void X509_INFO_free(X509_INFO *a);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+                ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len);
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+              char *data, EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+                     unsigned char *md, unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                     ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
+                   EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                       void *asn, EVP_MD_CTX *ctx);
+
+long X509_get_version(const X509 *x);
+int X509_set_version(X509 *x, long version);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_issuer_name(const X509 *a);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_subject_name(const X509 *a);
+const ASN1_TIME * X509_get0_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+int X509_up_ref(X509 *x);
+int X509_get_signature_type(const X509 *x);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_get_notBefore X509_getm_notBefore
+#  define X509_get_notAfter X509_getm_notAfter
+#  define X509_set_notBefore X509_set1_notBefore
+#  define X509_set_notAfter X509_set1_notAfter
+#endif
+
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x), &buf)
+ */
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
+EVP_PKEY *X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
+
+long X509_REQ_get_version(const X509_REQ *req);
+int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
+int X509_REQ_extension_nid(int nid);
+int *X509_REQ_get_extension_nids(void);
+void X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+int X509_CRL_up_ref(X509_CRL *crl);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#  define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
+
+long X509_CRL_get_version(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+const STACK_OF(X509_EXTENSION) *
+X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
+
+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_chain_check_suiteb(int *perror_depth,
+                            X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags);
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_and_serial_hash(X509 *a);
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_name_hash(X509 *a);
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_subject_name_hash(X509 *x);
+
+# ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *a);
+unsigned long X509_subject_name_hash_old(X509 *x);
+# endif
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long X509_NAME_hash(X509_NAME *x);
+unsigned long X509_NAME_hash_old(X509_NAME *x);
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+int X509_aux_print(BIO *out, X509 *x, int indent);
+# ifndef OPENSSL_NO_STDIO
+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag);
+int X509_print_fp(FILE *bp, X509 *x);
+int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags);
+# endif
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags);
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+                  unsigned long cflag);
+int X509_print(BIO *bp, X509 *x);
+int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CRL_print(BIO *bp, X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+                      unsigned long cflag);
+int X509_REQ_print(BIO *bp, X509_REQ *req);
+
+int X509_NAME_entry_count(const X509_NAME *name);
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len);
+
+/*
+ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
+ * lastpos, search after that position on.
+ */
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
+                        int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type, 
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen);
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          const ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+int X509_CRL_get_ext_count(const X509_CRL *x);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
+                                     int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
+                               int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+                               void *data);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen);
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid);
+
+#ifndef OPENSSL_NO_SCRYPT
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p);
+#endif
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version, int ptype, void *pval,
+                    unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST *X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(const X509_TRUST *xp);
+char *X509_TRUST_get0_name(const X509_TRUST *xp);
+int X509_TRUST_get_trust(const X509_TRUST *xp);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_X509_strings(void);
+
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+# define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BUILD_CHAIN                               106
+# define X509_F_BY_FILE_CTRL                              101
+# define X509_F_CHECK_NAME_CONSTRAINTS                    149
+# define X509_F_CHECK_POLICY                              145
+# define X509_F_DANE_I2D                                  107
+# define X509_F_DIR_CTRL                                  102
+# define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_X509AT_ADD1_ATTR                          135
+# define X509_F_X509V3_ADD_EXT                            104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+# define X509_F_X509_CHECK_PRIVATE_KEY                    128
+# define X509_F_X509_CRL_DIFF                             105
+# define X509_F_X509_CRL_PRINT_FP                         147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+# define X509_F_X509_LOAD_CERT_FILE                       111
+# define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+# define X509_F_X509_NAME_ONELINE                         116
+# define X509_F_X509_NAME_PRINT                           117
+# define X509_F_X509_OBJECT_NEW                           150
+# define X509_F_X509_PRINT_EX_FP                          118
+# define X509_F_X509_PUBKEY_DECODE                        148
+# define X509_F_X509_PUBKEY_GET0                          119
+# define X509_F_X509_PUBKEY_SET                           120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+# define X509_F_X509_REQ_PRINT_EX                         121
+# define X509_F_X509_REQ_PRINT_FP                         122
+# define X509_F_X509_REQ_TO_X509                          123
+# define X509_F_X509_STORE_ADD_CERT                       124
+# define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
+# define X509_F_X509_STORE_CTX_INIT                       143
+# define X509_F_X509_STORE_CTX_NEW                        142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_TO_X509_REQ                          126
+# define X509_F_X509_TRUST_ADD                            133
+# define X509_F_X509_TRUST_SET                            141
+# define X509_F_X509_VERIFY_CERT                          127
+
+/* Reason codes. */
+# define X509_R_AKID_MISMATCH                             110
+# define X509_R_BAD_SELECTOR                              133
+# define X509_R_BAD_X509_FILETYPE                         100
+# define X509_R_BASE64_DECODE_ERROR                       118
+# define X509_R_CANT_CHECK_DH_KEY                         114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+# define X509_R_CRL_ALREADY_DELTA                         127
+# define X509_R_CRL_VERIFY_FAILURE                        131
+# define X509_R_IDP_MISMATCH                              128
+# define X509_R_INVALID_DIRECTORY                         113
+# define X509_R_INVALID_FIELD_NAME                        119
+# define X509_R_INVALID_TRUST                             123
+# define X509_R_ISSUER_MISMATCH                           129
+# define X509_R_KEY_TYPE_MISMATCH                         115
+# define X509_R_KEY_VALUES_MISMATCH                       116
+# define X509_R_LOADING_CERT_DIR                          103
+# define X509_R_LOADING_DEFAULTS                          104
+# define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
+# define X509_R_NEWER_CRL_NOT_NEWER                       132
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+# define X509_R_NO_CRL_NUMBER                             130
+# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
+# define X509_R_SHOULD_RETRY                              106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+# define X509_R_UNKNOWN_KEY_TYPE                          117
+# define X509_R_UNKNOWN_NID                               109
+# define X509_R_UNKNOWN_PURPOSE_ID                        121
+# define X509_R_UNKNOWN_TRUST_ID                          120
+# define X509_R_UNSUPPORTED_ALGORITHM                     111
+# define X509_R_WRONG_LOOKUP_TYPE                         112
+# define X509_R_WRONG_TYPE                                122
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/x509_vfy.h b/openssl-1.1.0h/include/openssl/x509_vfy.h
new file mode 100644
index 0000000..1aa0a33
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/x509_vfy.h
@@ -0,0 +1,544 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509_VFY_H
+# define HEADER_X509_VFY_H
+
+/*
+ * Protect against recursion, x509.h and x509_vfy.h each include the other.
+ */
+# ifndef HEADER_X509_H
+#  include <openssl/x509.h>
+# endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/lhash.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+SSL_CTX -> X509_STORE
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+
+SSL     -> X509_STORE_CTX
+                ->X509_STORE
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+typedef enum {
+    X509_LU_NONE = 0,
+    X509_LU_X509, X509_LU_CRL
+} X509_LOOKUP_TYPE;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define X509_LU_RETRY   -1
+#define X509_LU_FAIL    0
+#endif
+
+DEFINE_STACK_OF(X509_LOOKUP)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(X509_VERIFY_PARAM)
+
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+
+# define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+# define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+
+# define X509_L_FILE_LOAD        1
+# define X509_L_ADD_DIR          2
+
+# define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+# define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+# define         X509_V_OK                                       0
+# define         X509_V_ERR_UNSPECIFIED                          1
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+# define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+# define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+# define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+# define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+# define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+# define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+# define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+# define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+# define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+# define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+# define         X509_V_ERR_OUT_OF_MEM                           17
+# define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+# define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+# define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+# define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+# define         X509_V_ERR_CERT_REVOKED                         23
+# define         X509_V_ERR_INVALID_CA                           24
+# define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+# define         X509_V_ERR_INVALID_PURPOSE                      26
+# define         X509_V_ERR_CERT_UNTRUSTED                       27
+# define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+# define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+# define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+# define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+# define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+# define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+# define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+# define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+# define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+# define         X509_V_ERR_INVALID_NON_CA                       37
+# define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+# define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+# define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+# define         X509_V_ERR_INVALID_EXTENSION                    41
+# define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
+# define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+# define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+# define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+# define         X509_V_ERR_UNNESTED_RESOURCE                    46
+# define         X509_V_ERR_PERMITTED_VIOLATION                  47
+# define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+# define         X509_V_ERR_SUBTREE_MINMAX                       49
+/* The application is not happy */
+# define         X509_V_ERR_APPLICATION_VERIFICATION             50
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+# define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+# define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
+/* Another issuer check debug option */
+# define         X509_V_ERR_PATH_LOOP                            55
+/* Suite B mode algorithm violation */
+# define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
+# define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
+# define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
+# define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
+# define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+# define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
+/* Host, email and IP check errors */
+# define         X509_V_ERR_HOSTNAME_MISMATCH                    62
+# define         X509_V_ERR_EMAIL_MISMATCH                       63
+# define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
+/* DANE TLSA errors */
+# define         X509_V_ERR_DANE_NO_MATCH                        65
+/* security level errors */
+# define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
+# define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
+# define         X509_V_ERR_CA_MD_TOO_WEAK                       68
+/* Caller error */
+# define         X509_V_ERR_INVALID_CALL                         69
+/* Issuer lookup error */
+# define         X509_V_ERR_STORE_LOOKUP                         70
+/* Certificate transparency */
+# define         X509_V_ERR_NO_VALID_SCTS                        71
+
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+
+/* Certificate verify flags */
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_V_FLAG_CB_ISSUER_CHECK             0x0   /* Deprecated */
+# endif
+/* Use check time instead of current time */
+# define X509_V_FLAG_USE_CHECK_TIME              0x2
+/* Lookup CRLs */
+# define X509_V_FLAG_CRL_CHECK                   0x4
+/* Lookup CRLs for whole chain */
+# define X509_V_FLAG_CRL_CHECK_ALL               0x8
+/* Ignore unhandled critical extensions */
+# define X509_V_FLAG_IGNORE_CRITICAL             0x10
+/* Disable workarounds for broken certificates */
+# define X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+# define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
+/* Enable policy checking */
+# define X509_V_FLAG_POLICY_CHECK                0x80
+/* Policy variable require-explicit-policy */
+# define X509_V_FLAG_EXPLICIT_POLICY             0x100
+/* Policy variable inhibit-any-policy */
+# define X509_V_FLAG_INHIBIT_ANY                 0x200
+/* Policy variable inhibit-policy-mapping */
+# define X509_V_FLAG_INHIBIT_MAP                 0x400
+/* Notify callback that policy is OK */
+# define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+# define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+# define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check self-signed CA signature */
+# define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+/* Use trusted store first */
+# define X509_V_FLAG_TRUSTED_FIRST               0x8000
+/* Suite B 128 bit only mode: not normally used */
+# define X509_V_FLAG_SUITEB_128_LOS_ONLY         0x10000
+/* Suite B 192 bit only mode */
+# define X509_V_FLAG_SUITEB_192_LOS              0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define X509_V_FLAG_SUITEB_128_LOS              0x30000
+/* Allow partial chains if at least one certificate is in trusted store */
+# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag
+ * will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+/* Do not check certificate/CRL validity against current time */
+# define X509_V_FLAG_NO_CHECK_TIME               0x200000
+
+# define X509_VP_FLAG_DEFAULT                    0x1
+# define X509_VP_FLAG_OVERWRITE                  0x2
+# define X509_VP_FLAG_RESET_FLAGS                0x4
+# define X509_VP_FLAG_LOCKED                     0x8
+# define X509_VP_FLAG_ONCE                       0x10
+
+/* Internal use: mask of policy related options */
+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
+                                | X509_V_FLAG_EXPLICIT_POLICY \
+                                | X509_V_FLAG_INHIBIT_ANY \
+                                | X509_V_FLAG_INHIBIT_MAP)
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x);
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+X509_OBJECT *X509_OBJECT_new(void);
+void X509_OBJECT_free(X509_OBJECT *a);
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
+int X509_STORE_up_ref(X509_STORE *v);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb);
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+    X509_STORE_set_lookup_crls((ctx), (func))
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
+
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify);
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
+# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
+# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
+#endif
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret);
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+
+#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t);
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
+#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
+
+/* X509_VERIFY_PARAM functions */
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
+                              const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
+                                  const char *ipasc);
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_count(void);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+void X509_VERIFY_PARAM_table_cleanup(void);
+
+/* Non positive return values are errors */
+#define X509_PCY_TREE_FAILURE  -2 /* Failure to satisfy explicit policy */
+#define X509_PCY_TREE_INVALID  -1 /* Inconsistent or invalid extensions */
+#define X509_PCY_TREE_INTERNAL  0 /* Internal error, most likely malloc */
+
+/*
+ * Positive return values form a bit mask, all but the first are internal to
+ * the library and don't appear in results from X509_policy_check().
+ */
+#define X509_PCY_TREE_VALID     1 /* The policy tree is valid */
+#define X509_PCY_TREE_EMPTY     2 /* The policy tree is empty */
+#define X509_PCY_TREE_EXPLICIT  4 /* Explicit policy required */
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree);
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree);
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
+                                              int i);
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/include/openssl/x509v3.h b/openssl-1.1.0h/include/openssl/x509v3.h
new file mode 100644
index 0000000..c93b112
--- /dev/null
+++ b/openssl-1.1.0h/include/openssl/x509v3.h
@@ -0,0 +1,1008 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3_H
+# define HEADER_X509V3_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void *(*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE) (void *);
+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) *
+    (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
+                       STACK_OF(CONF_VALUE) *extlist);
+typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx,
+                                STACK_OF(CONF_VALUE) *values);
+typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
+                                void *ext);
+typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
+                               BIO *out, int indent);
+typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+    int ext_nid;
+    int ext_flags;
+/* If this is set the following four fields are ignored */
+    ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+    X509V3_EXT_NEW ext_new;
+    X509V3_EXT_FREE ext_free;
+    X509V3_EXT_D2I d2i;
+    X509V3_EXT_I2D i2d;
+/* The following pair is used for string extensions */
+    X509V3_EXT_I2S i2s;
+    X509V3_EXT_S2I s2i;
+/* The following pair is used for multi-valued extensions */
+    X509V3_EXT_I2V i2v;
+    X509V3_EXT_V2I v2i;
+/* The following are used for raw extensions */
+    X509V3_EXT_I2R i2r;
+    X509V3_EXT_R2I r2i;
+    void *usr_data;             /* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+    char *(*get_string) (void *db, const char *section, const char *value);
+    STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
+    void (*free_string) (void *db, char *string);
+    void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+# define CTX_TEST 0x1
+# define X509V3_CTX_REPLACE 0x2
+    int flags;
+    X509 *issuer_cert;
+    X509 *subject_cert;
+    X509_REQ *subject_req;
+    X509_CRL *crl;
+    X509V3_CONF_METHOD *db_meth;
+    void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+# define X509V3_EXT_DYNAMIC      0x1
+# define X509V3_EXT_CTX_DEP      0x2
+# define X509V3_EXT_MULTILINE    0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+    int ca;
+    ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+typedef struct PKEY_USAGE_PERIOD_st {
+    ASN1_GENERALIZEDTIME *notBefore;
+    ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+    ASN1_OBJECT *type_id;
+    ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+    ASN1_STRING *nameAssigner;
+    ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+# define GEN_OTHERNAME   0
+# define GEN_EMAIL       1
+# define GEN_DNS         2
+# define GEN_X400        3
+# define GEN_DIRNAME     4
+# define GEN_EDIPARTY    5
+# define GEN_URI         6
+# define GEN_IPADD       7
+# define GEN_RID         8
+    int type;
+    union {
+        char *ptr;
+        OTHERNAME *otherName;   /* otherName */
+        ASN1_IA5STRING *rfc822Name;
+        ASN1_IA5STRING *dNSName;
+        ASN1_TYPE *x400Address;
+        X509_NAME *directoryName;
+        EDIPARTYNAME *ediPartyName;
+        ASN1_IA5STRING *uniformResourceIdentifier;
+        ASN1_OCTET_STRING *iPAddress;
+        ASN1_OBJECT *registeredID;
+        /* Old names */
+        ASN1_OCTET_STRING *ip;  /* iPAddress */
+        X509_NAME *dirn;        /* dirn */
+        ASN1_IA5STRING *ia5;    /* rfc822Name, dNSName,
+                                 * uniformResourceIdentifier */
+        ASN1_OBJECT *rid;       /* registeredID */
+        ASN1_TYPE *other;       /* x400Address */
+    } d;
+} GENERAL_NAME;
+
+typedef struct ACCESS_DESCRIPTION_st {
+    ASN1_OBJECT *method;
+    GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
+
+DEFINE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DEFINE_STACK_OF(GENERAL_NAMES)
+
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+    int type;
+    union {
+        GENERAL_NAMES *fullname;
+        STACK_OF(X509_NAME_ENTRY) *relativename;
+    } name;
+/* If relativename then this contains the full distribution point name */
+    X509_NAME *dpname;
+} DIST_POINT_NAME;
+/* All existing reasons */
+# define CRLDP_ALL_REASONS       0x807f
+
+# define CRL_REASON_NONE                         -1
+# define CRL_REASON_UNSPECIFIED                  0
+# define CRL_REASON_KEY_COMPROMISE               1
+# define CRL_REASON_CA_COMPROMISE                2
+# define CRL_REASON_AFFILIATION_CHANGED          3
+# define CRL_REASON_SUPERSEDED                   4
+# define CRL_REASON_CESSATION_OF_OPERATION       5
+# define CRL_REASON_CERTIFICATE_HOLD             6
+# define CRL_REASON_REMOVE_FROM_CRL              8
+# define CRL_REASON_PRIVILEGE_WITHDRAWN          9
+# define CRL_REASON_AA_COMPROMISE                10
+
+struct DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    ASN1_BIT_STRING *reasons;
+    GENERAL_NAMES *CRLissuer;
+    int dp_reasons;
+};
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DEFINE_STACK_OF(DIST_POINT)
+
+struct AUTHORITY_KEYID_st {
+    ASN1_OCTET_STRING *keyid;
+    GENERAL_NAMES *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+    ASN1_INTEGER *zone;
+    ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DEFINE_STACK_OF(SXNETID)
+
+typedef struct SXNET_st {
+    ASN1_INTEGER *version;
+    STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+    ASN1_STRING *organization;
+    STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+    NOTICEREF *noticeref;
+    ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+    ASN1_OBJECT *pqualid;
+    union {
+        ASN1_IA5STRING *cpsuri;
+        USERNOTICE *usernotice;
+        ASN1_TYPE *other;
+    } d;
+} POLICYQUALINFO;
+
+DEFINE_STACK_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+    ASN1_OBJECT *policyid;
+    STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DEFINE_STACK_OF(POLICYINFO)
+
+typedef struct POLICY_MAPPING_st {
+    ASN1_OBJECT *issuerDomainPolicy;
+    ASN1_OBJECT *subjectDomainPolicy;
+} POLICY_MAPPING;
+
+DEFINE_STACK_OF(POLICY_MAPPING)
+
+typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
+
+typedef struct GENERAL_SUBTREE_st {
+    GENERAL_NAME *base;
+    ASN1_INTEGER *minimum;
+    ASN1_INTEGER *maximum;
+} GENERAL_SUBTREE;
+
+DEFINE_STACK_OF(GENERAL_SUBTREE)
+
+struct NAME_CONSTRAINTS_st {
+    STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
+    STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
+};
+
+typedef struct POLICY_CONSTRAINTS_st {
+    ASN1_INTEGER *requireExplicitPolicy;
+    ASN1_INTEGER *inhibitPolicyMapping;
+} POLICY_CONSTRAINTS;
+
+/* Proxy certificate structures, see RFC 3820 */
+typedef struct PROXY_POLICY_st {
+    ASN1_OBJECT *policyLanguage;
+    ASN1_OCTET_STRING *policy;
+} PROXY_POLICY;
+
+typedef struct PROXY_CERT_INFO_EXTENSION_st {
+    ASN1_INTEGER *pcPathLengthConstraint;
+    PROXY_POLICY *proxyPolicy;
+} PROXY_CERT_INFO_EXTENSION;
+
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+
+struct ISSUING_DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    int onlyuser;
+    int onlyCA;
+    ASN1_BIT_STRING *onlysomereasons;
+    int indirectCRL;
+    int onlyattr;
+};
+
+/* Values in idp_flags field */
+/* IDP present */
+# define IDP_PRESENT     0x1
+/* IDP values inconsistent */
+# define IDP_INVALID     0x2
+/* onlyuser true */
+# define IDP_ONLYUSER    0x4
+/* onlyCA true */
+# define IDP_ONLYCA      0x8
+/* onlyattr true */
+# define IDP_ONLYATTR    0x10
+/* indirectCRL true */
+# define IDP_INDIRECT    0x20
+/* onlysomereasons present */
+# define IDP_REASONS     0x40
+
+# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+# define X509V3_set_ctx_test(ctx) \
+                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+                        0,0,0,0, \
+                        0,0, \
+                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+                        NULL, NULL, \
+                        table}
+
+# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+                        0,0,0,0, \
+                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+                        0,0,0,0, \
+                        NULL}
+
+# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+/* X509_PURPOSE stuff */
+
+# define EXFLAG_BCONS            0x1
+# define EXFLAG_KUSAGE           0x2
+# define EXFLAG_XKUSAGE          0x4
+# define EXFLAG_NSCERT           0x8
+
+# define EXFLAG_CA               0x10
+/* Really self issued not necessarily self signed */
+# define EXFLAG_SI               0x20
+# define EXFLAG_V1               0x40
+# define EXFLAG_INVALID          0x80
+/* EXFLAG_SET is set to indicate that some values have been precomputed */
+# define EXFLAG_SET              0x100
+# define EXFLAG_CRITICAL         0x200
+# define EXFLAG_PROXY            0x400
+
+# define EXFLAG_INVALID_POLICY   0x800
+# define EXFLAG_FRESHEST         0x1000
+/* Self signed */
+# define EXFLAG_SS               0x2000
+
+# define KU_DIGITAL_SIGNATURE    0x0080
+# define KU_NON_REPUDIATION      0x0040
+# define KU_KEY_ENCIPHERMENT     0x0020
+# define KU_DATA_ENCIPHERMENT    0x0010
+# define KU_KEY_AGREEMENT        0x0008
+# define KU_KEY_CERT_SIGN        0x0004
+# define KU_CRL_SIGN             0x0002
+# define KU_ENCIPHER_ONLY        0x0001
+# define KU_DECIPHER_ONLY        0x8000
+
+# define NS_SSL_CLIENT           0x80
+# define NS_SSL_SERVER           0x40
+# define NS_SMIME                0x20
+# define NS_OBJSIGN              0x10
+# define NS_SSL_CA               0x04
+# define NS_SMIME_CA             0x02
+# define NS_OBJSIGN_CA           0x01
+# define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+# define XKU_SSL_SERVER          0x1
+# define XKU_SSL_CLIENT          0x2
+# define XKU_SMIME               0x4
+# define XKU_CODE_SIGN           0x8
+# define XKU_SGC                 0x10
+# define XKU_OCSP_SIGN           0x20
+# define XKU_TIMESTAMP           0x40
+# define XKU_DVCS                0x80
+# define XKU_ANYEKU              0x100
+
+# define X509_PURPOSE_DYNAMIC    0x1
+# define X509_PURPOSE_DYNAMIC_NAME       0x2
+
+typedef struct x509_purpose_st {
+    int purpose;
+    int trust;                  /* Default trust ID */
+    int flags;
+    int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
+    char *name;
+    char *sname;
+    void *usr_data;
+} X509_PURPOSE;
+
+# define X509_PURPOSE_SSL_CLIENT         1
+# define X509_PURPOSE_SSL_SERVER         2
+# define X509_PURPOSE_NS_SSL_SERVER      3
+# define X509_PURPOSE_SMIME_SIGN         4
+# define X509_PURPOSE_SMIME_ENCRYPT      5
+# define X509_PURPOSE_CRL_SIGN           6
+# define X509_PURPOSE_ANY                7
+# define X509_PURPOSE_OCSP_HELPER        8
+# define X509_PURPOSE_TIMESTAMP_SIGN     9
+
+# define X509_PURPOSE_MIN                1
+# define X509_PURPOSE_MAX                9
+
+/* Flags for X509V3_EXT_print() */
+
+# define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+# define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+# define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+# define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+# define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+# define X509V3_ADD_OP_MASK              0xfL
+# define X509V3_ADD_DEFAULT              0L
+# define X509V3_ADD_APPEND               1L
+# define X509V3_ADD_REPLACE              2L
+# define X509V3_ADD_REPLACE_EXISTING     3L
+# define X509V3_ADD_KEEP_EXISTING        4L
+# define X509V3_ADD_DELETE               5L
+# define X509V3_ADD_SILENT               0x10
+
+DEFINE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen);
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+                         int userlen);
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *extlist);
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gen,
+                                        STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+DECLARE_ASN1_ITEM(POLICY_MAPPING)
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
+
+DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+
+DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type,
+                               const char *value, int is_nc);
+
+# ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf,
+                                  int is_nc);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid,
+                                    const char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
+# endif
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                    X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+                                const ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx);
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/* The new declarations are in crypto.h, but the old ones were here. */
+# define hex_to_string OPENSSL_buf2hexstr
+# define string_to_hex OPENSSL_hexstr2buf
+#endif
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent);
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+#endif
+int X509V3_extensions_print(BIO *out, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent);
+
+int X509_check_ca(X509 *x);
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(X509 *x, long l);
+long X509_get_proxy_pathlen(X509 *x);
+
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE *X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(const char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg);
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(const X509_PURPOSE *);
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
+/* Flags for X509_check_* functions */
+
+/*
+ * Always check subject name for host match even if subject alt names present
+ */
+# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT    0x1
+/* Disable wildcard matching for dnsName fields and common name. */
+# define X509_CHECK_FLAG_NO_WILDCARDS    0x2
+/* Wildcards must not match a partial label. */
+# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
+/* Allow (non-partial) wildcards to match multiple labels. */
+# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
+/* Constraint verifier subdomain patterns to match a single labels. */
+# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT    0x20
+/*
+ * Match reference identifiers starting with "." to any sub-domain.
+ * This is a non-public flag, turned on implicitly when the subject
+ * reference identity is a DNS name.
+ */
+# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername);
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags);
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags);
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype);
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DEFINE_STACK_OF(X509_POLICY_NODE)
+
+#ifndef OPENSSL_NO_RFC3779
+typedef struct ASRange_st {
+    ASN1_INTEGER *min, *max;
+} ASRange;
+
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
+
+typedef struct ASIdOrRange_st {
+    int type;
+    union {
+        ASN1_INTEGER *id;
+        ASRange *range;
+    } u;
+} ASIdOrRange;
+
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DEFINE_STACK_OF(ASIdOrRange)
+
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
+
+typedef struct ASIdentifierChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        ASIdOrRanges *asIdsOrRanges;
+    } u;
+} ASIdentifierChoice;
+
+typedef struct ASIdentifiers_st {
+    ASIdentifierChoice *asnum, *rdi;
+} ASIdentifiers;
+
+DECLARE_ASN1_FUNCTIONS(ASRange)
+DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
+DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
+DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
+
+typedef struct IPAddressRange_st {
+    ASN1_BIT_STRING *min, *max;
+} IPAddressRange;
+
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
+
+typedef struct IPAddressOrRange_st {
+    int type;
+    union {
+        ASN1_BIT_STRING *addressPrefix;
+        IPAddressRange *addressRange;
+    } u;
+} IPAddressOrRange;
+
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DEFINE_STACK_OF(IPAddressOrRange)
+
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
+
+typedef struct IPAddressChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        IPAddressOrRanges *addressesOrRanges;
+    } u;
+} IPAddressChoice;
+
+typedef struct IPAddressFamily_st {
+    ASN1_OCTET_STRING *addressFamily;
+    IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DEFINE_STACK_OF(IPAddressFamily)
+
+DECLARE_ASN1_FUNCTIONS(IPAddressRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
+DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
+
+/*
+ * AFI values, assigned by IANA.  It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
+
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+                                ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi, const unsigned *safi,
+                           unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi, const unsigned *safi,
+                          unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+                          unsigned char *min, unsigned char *max,
+                          const int length);
+
+/*
+ * Canonical forms.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
+
+/*
+ * Tests for inheritance and containment.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext,
+                                      int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                      IPAddrBlocks *ext, int allow_inheritance);
+
+#endif                         /* OPENSSL_NO_RFC3779 */
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_X509V3_strings(void);
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+# define X509V3_F_A2I_GENERAL_NAME                        164
+# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL             166
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
+# define X509V3_F_BIGNUM_TO_STRING                        167
+# define X509V3_F_COPY_EMAIL                              122
+# define X509V3_F_COPY_ISSUER                             123
+# define X509V3_F_DO_DIRNAME                              144
+# define X509V3_F_DO_EXT_I2D                              135
+# define X509V3_F_DO_EXT_NCONF                            151
+# define X509V3_F_GNAMES_FROM_SECTNAME                    156
+# define X509V3_F_I2S_ASN1_ENUMERATED                     121
+# define X509V3_F_I2S_ASN1_IA5STRING                      149
+# define X509V3_F_I2S_ASN1_INTEGER                        120
+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+# define X509V3_F_NOTICE_SECTION                          132
+# define X509V3_F_NREF_NOS                                133
+# define X509V3_F_POLICY_SECTION                          131
+# define X509V3_F_PROCESS_PCI_VALUE                       150
+# define X509V3_F_R2I_CERTPOL                             130
+# define X509V3_F_R2I_PCI                                 155
+# define X509V3_F_S2I_ASN1_IA5STRING                      100
+# define X509V3_F_S2I_ASN1_INTEGER                        108
+# define X509V3_F_S2I_ASN1_OCTET_STRING                   112
+# define X509V3_F_S2I_SKEY_ID                             115
+# define X509V3_F_SET_DIST_POINT_NAME                     158
+# define X509V3_F_SXNET_ADD_ID_ASC                        125
+# define X509V3_F_SXNET_ADD_ID_INTEGER                    126
+# define X509V3_F_SXNET_ADD_ID_ULONG                      127
+# define X509V3_F_SXNET_GET_ID_ASC                        128
+# define X509V3_F_SXNET_GET_ID_ULONG                      129
+# define X509V3_F_V2I_ASIDENTIFIERS                       163
+# define X509V3_F_V2I_ASN1_BIT_STRING                     101
+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
+# define X509V3_F_V2I_AUTHORITY_KEYID                     119
+# define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
+# define X509V3_F_V2I_CRLD                                134
+# define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
+# define X509V3_F_V2I_GENERAL_NAMES                       118
+# define X509V3_F_V2I_GENERAL_NAME_EX                     117
+# define X509V3_F_V2I_IDP                                 157
+# define X509V3_F_V2I_IPADDRBLOCKS                        159
+# define X509V3_F_V2I_ISSUER_ALT                          153
+# define X509V3_F_V2I_NAME_CONSTRAINTS                    147
+# define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
+# define X509V3_F_V2I_POLICY_MAPPINGS                     145
+# define X509V3_F_V2I_SUBJECT_ALT                         154
+# define X509V3_F_V2I_TLS_FEATURE                         165
+# define X509V3_F_V3_GENERIC_EXTENSION                    116
+# define X509V3_F_X509V3_ADD1_I2D                         140
+# define X509V3_F_X509V3_ADD_VALUE                        105
+# define X509V3_F_X509V3_EXT_ADD                          104
+# define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
+# define X509V3_F_X509V3_EXT_I2D                          136
+# define X509V3_F_X509V3_EXT_NCONF                        152
+# define X509V3_F_X509V3_GET_SECTION                      142
+# define X509V3_F_X509V3_GET_STRING                       143
+# define X509V3_F_X509V3_GET_VALUE_BOOL                   110
+# define X509V3_F_X509V3_PARSE_LIST                       109
+# define X509V3_F_X509_PURPOSE_ADD                        137
+# define X509V3_F_X509_PURPOSE_SET                        141
+
+/* Reason codes. */
+# define X509V3_R_BAD_IP_ADDRESS                          118
+# define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BN_DEC2BN_ERROR                         100
+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
+# define X509V3_R_DIRNAME_ERROR                           149
+# define X509V3_R_DISTPOINT_ALREADY_SET                   160
+# define X509V3_R_DUPLICATE_ZONE_ID                       133
+# define X509V3_R_ERROR_CONVERTING_ZONE                   131
+# define X509V3_R_ERROR_CREATING_EXTENSION                144
+# define X509V3_R_ERROR_IN_EXTENSION                      128
+# define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+# define X509V3_R_EXTENSION_EXISTS                        145
+# define X509V3_R_EXTENSION_NAME_ERROR                    115
+# define X509V3_R_EXTENSION_NOT_FOUND                     102
+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
+# define X509V3_R_EXTENSION_VALUE_ERROR                   116
+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
+# define X509V3_R_INVALID_ASNUMBER                        162
+# define X509V3_R_INVALID_ASRANGE                         163
+# define X509V3_R_INVALID_BOOLEAN_STRING                  104
+# define X509V3_R_INVALID_EXTENSION_STRING                105
+# define X509V3_R_INVALID_INHERITANCE                     165
+# define X509V3_R_INVALID_IPADDRESS                       166
+# define X509V3_R_INVALID_MULTIPLE_RDNS                   161
+# define X509V3_R_INVALID_NAME                            106
+# define X509V3_R_INVALID_NULL_ARGUMENT                   107
+# define X509V3_R_INVALID_NULL_NAME                       108
+# define X509V3_R_INVALID_NULL_VALUE                      109
+# define X509V3_R_INVALID_NUMBER                          140
+# define X509V3_R_INVALID_NUMBERS                         141
+# define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
+# define X509V3_R_INVALID_OPTION                          138
+# define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+# define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
+# define X509V3_R_INVALID_PURPOSE                         146
+# define X509V3_R_INVALID_SAFI                            164
+# define X509V3_R_INVALID_SECTION                         135
+# define X509V3_R_INVALID_SYNTAX                          143
+# define X509V3_R_ISSUER_DECODE_ERROR                     126
+# define X509V3_R_MISSING_VALUE                           124
+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
+# define X509V3_R_NO_CONFIG_DATABASE                      136
+# define X509V3_R_NO_ISSUER_CERTIFICATE                   121
+# define X509V3_R_NO_ISSUER_DETAILS                       127
+# define X509V3_R_NO_POLICY_IDENTIFIER                    139
+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
+# define X509V3_R_NO_PUBLIC_KEY                           114
+# define X509V3_R_NO_SUBJECT_DETAILS                      125
+# define X509V3_R_OPERATION_NOT_DEFINED                   148
+# define X509V3_R_OTHERNAME_ERROR                         147
+# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
+# define X509V3_R_POLICY_PATH_LENGTH                      156
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
+# define X509V3_R_SECTION_NOT_FOUND                       150
+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
+# define X509V3_R_UNKNOWN_EXTENSION                       129
+# define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
+# define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNSUPPORTED_OPTION                      117
+# define X509V3_R_UNSUPPORTED_TYPE                        167
+# define X509V3_R_USER_TOO_LONG                           132
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/openssl-1.1.0h/ms/applink.c b/openssl-1.1.0h/ms/applink.c
new file mode 100644
index 0000000..238dbff
--- /dev/null
+++ b/openssl-1.1.0h/ms/applink.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define APPLINK_STDIN   1
+#define APPLINK_STDOUT  2
+#define APPLINK_STDERR  3
+#define APPLINK_FPRINTF 4
+#define APPLINK_FGETS   5
+#define APPLINK_FREAD   6
+#define APPLINK_FWRITE  7
+#define APPLINK_FSETMOD 8
+#define APPLINK_FEOF    9
+#define APPLINK_FCLOSE  10      /* should not be used */
+
+#define APPLINK_FOPEN   11      /* solely for completeness */
+#define APPLINK_FSEEK   12
+#define APPLINK_FTELL   13
+#define APPLINK_FFLUSH  14
+#define APPLINK_FERROR  15
+#define APPLINK_CLEARERR 16
+#define APPLINK_FILENO  17      /* to be used with below */
+
+#define APPLINK_OPEN    18      /* formally can't be used, as flags can vary */
+#define APPLINK_READ    19
+#define APPLINK_WRITE   20
+#define APPLINK_LSEEK   21
+#define APPLINK_CLOSE   22
+#define APPLINK_MAX     22      /* always same as last macro */
+
+#ifndef APPMACROS_ONLY
+# include <stdio.h>
+# include <io.h>
+# include <fcntl.h>
+
+static void *app_stdin(void)
+{
+    return stdin;
+}
+
+static void *app_stdout(void)
+{
+    return stdout;
+}
+
+static void *app_stderr(void)
+{
+    return stderr;
+}
+
+static int app_feof(FILE *fp)
+{
+    return feof(fp);
+}
+
+static int app_ferror(FILE *fp)
+{
+    return ferror(fp);
+}
+
+static void app_clearerr(FILE *fp)
+{
+    clearerr(fp);
+}
+
+static int app_fileno(FILE *fp)
+{
+    return _fileno(fp);
+}
+
+static int app_fsetmod(FILE *fp, char mod)
+{
+    return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+__declspec(dllexport)
+void **
+# if defined(__BORLANDC__)
+/*
+ * __stdcall appears to be the only way to get the name
+ * decoration right with Borland C. Otherwise it works
+ * purely incidentally, as we pass no parameters.
+ */
+__stdcall
+# else
+__cdecl
+# endif
+OPENSSL_Applink(void)
+{
+    static int once = 1;
+    static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
+        { (void *)APPLINK_MAX };
+
+    if (once) {
+        OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
+        OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
+        OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
+        OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
+        OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
+        OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
+        OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
+        OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
+        OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
+        OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
+
+        OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
+        OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
+        OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
+        OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
+        OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
+        OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
+        OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
+
+        OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
+        OPENSSL_ApplinkTable[APPLINK_READ] = _read;
+        OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
+        OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
+        OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
+
+        once = 0;
+    }
+
+    return OPENSSL_ApplinkTable;
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/openssl-1.1.0h/ms/cmp.pl b/openssl-1.1.0h/ms/cmp.pl
new file mode 100755
index 0000000..265ce56
--- /dev/null
+++ b/openssl-1.1.0h/ms/cmp.pl
@@ -0,0 +1,53 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
+
+open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n";
+open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n";
+binmode IN0;
+binmode IN1;
+
+$tot=0;
+$ret=1;
+for (;;)
+{
+    $n1=sysread(IN0,$b1,4096);
+    $n2=sysread(IN1,$b2,4096);
+
+    last if ($n1 != $n2);
+    last if ($b1 ne $b2);
+    last if ($n1 < 0);
+    if ($n1 == 0)
+    {
+        $ret=0;
+        last;
+    }
+    $tot+=$n1;
+}
+
+close(IN0);
+close(IN1);
+if ($ret)
+{
+    printf STDERR "$ARGV[0] and $ARGV[1] are different\n";
+    @a1=unpack("C*",$b1);
+    @a2=unpack("C*",$b2);
+    for ($i=0; $i<=$#a1; $i++)
+    {
+        if ($a1[$i] ne $a2[$i])
+        {
+            printf "%02X %02X <<\n",$a1[$i],$a2[$i];
+            last;
+        }
+    }
+    $nm=$tot+$n1;
+    $tot+=$i+1;
+    printf STDERR "diff at char $tot of $nm\n";
+}
+exit($ret);
diff --git a/openssl-1.1.0h/ms/segrenam.pl b/openssl-1.1.0h/ms/segrenam.pl
new file mode 100755
index 0000000..372444a
--- /dev/null
+++ b/openssl-1.1.0h/ms/segrenam.pl
@@ -0,0 +1,71 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+my $quiet = 1;
+
+unpack("L",pack("N",1))!=1 || die "only little-endian hosts are supported";
+
+# first argument can specify custom suffix...
+$suffix=(@ARGV[0]=~/^\$/) ? shift(@ARGV) : "\$m";
+#################################################################
+# rename segments in COFF modules according to %map table below #
+%map=( ".text"  => "fipstx$suffix",                             #
+       ".text\$"=> "fipstx$suffix",                             #
+       ".rdata" => "fipsrd$suffix",                             #
+       ".data"  => "fipsda$suffix" );                           #
+#################################################################
+
+# collect file list
+foreach (@ARGV) {
+    if (/\*/) { push(@files,glob($_)); }
+    else      { push(@files,$_);       }
+}
+
+use Fcntl;
+use Fcntl ":seek";
+
+foreach (@files) {
+    $file=$_;
+    print "processing $file\n" unless $quiet;
+
+    sysopen(FD,$file,O_RDWR|O_BINARY) || die "sysopen($file): $!";
+
+    # read IMAGE_DOS_HEADER
+    sysread(FD,$mz,64)==64 || die "$file is too short";
+    @dos_header=unpack("a2C58I",$mz);
+    if (@dos_header[0] eq "MZ") {
+        $e_lfanew=pop(@dos_header);
+        sysseek(FD,$e_lfanew,SEEK_SET) || die "$file is too short";
+        sysread(FD,$Magic,4)==4        || die "$file is too short";
+        unpack("I",$Magic)==0x4550     || die "$file is not COFF image";
+    } elsif ($file =~ /\.obj$/i) {
+        # .obj files have no IMAGE_DOS_HEADER
+        sysseek(FD,0,SEEK_SET)         || die "unable to rewind $file";
+    } else { next; }
+
+    # read IMAGE_FILE_HEADER
+    sysread(FD,$coff,20)==20 || die "$file is too short";
+    ($Machine,$NumberOfSections,$TimeDateStamp,
+     $PointerToSymbolTable,$NumberOfSysmbols,
+     $SizeOfOptionalHeader,$Characteristics)=unpack("SSIIISS",$coff);
+
+    # skip over IMAGE_OPTIONAL_HEADER
+    sysseek(FD,$SizeOfOptionalHeader,SEEK_CUR) || die "$file is too short";
+
+    # traverse IMAGE_SECTION_HEADER table
+    for($i=0;$i<$NumberOfSections;$i++) {
+        sysread(FD,$SectionHeader,40)==40 || die "$file is too short";
+        ($Name,@opaque)=unpack("Z8C*",$SectionHeader);
+        if ($map{$Name}) {
+            sysseek(FD,-40,SEEK_CUR) || die "unable to rewind $file";
+            syswrite(FD,pack("a8C*",$map{$Name},@opaque))==40 || die "syswrite failed: $!";
+            printf "    %-8s -> %.8s\n",$Name,$map{$Name} unless $quiet;
+        }
+    }
+    close(FD);
+}
diff --git a/openssl-1.1.0h/ms/tlhelp32.h b/openssl-1.1.0h/ms/tlhelp32.h
new file mode 100644
index 0000000..9408dc3
--- /dev/null
+++ b/openssl-1.1.0h/ms/tlhelp32.h
@@ -0,0 +1,136 @@
+/*-
+        tlhelp32.h - Include file for Tool help functions.
+
+        Written by Mumit Khan <khan@nanotech.wisc.edu>
+
+        This file is part of a free library for the Win32 API.
+
+        This library is distributed in the hope that it will be useful,
+        but WITHOUT ANY WARRANTY; without even the implied warranty of
+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+*/
+#ifndef _TLHELP32_H
+# define _TLHELP32_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+# define HF32_DEFAULT    1
+# define HF32_SHARED     2
+# define LF32_FIXED      0x1
+# define LF32_FREE       0x2
+# define LF32_MOVEABLE   0x4
+# define MAX_MODULE_NAME32       255
+# define TH32CS_SNAPHEAPLIST     0x1
+# define TH32CS_SNAPPROCESS      0x2
+# define TH32CS_SNAPTHREAD       0x4
+# define TH32CS_SNAPMODULE       0x8
+# define TH32CS_SNAPALL  (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
+# define TH32CS_INHERIT  0x80000000
+typedef struct tagHEAPLIST32 {
+    DWORD dwSize;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+    DWORD dwFlags;
+} HEAPLIST32, *PHEAPLIST32, *LPHEAPLIST32;
+typedef struct tagHEAPENTRY32 {
+    DWORD dwSize;
+    HANDLE hHandle;
+    DWORD dwAddress;
+    DWORD dwBlockSize;
+    DWORD dwFlags;
+    DWORD dwLockCount;
+    DWORD dwResvd;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+} HEAPENTRY32, *PHEAPENTRY32, *LPHEAPENTRY32;
+typedef struct tagPROCESSENTRY32W {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ProcessID;
+    DWORD th32DefaultHeapID;
+    DWORD th32ModuleID;
+    DWORD cntThreads;
+    DWORD th32ParentProcessID;
+    LONG pcPriClassBase;
+    DWORD dwFlags;
+    WCHAR szExeFile[MAX_PATH];
+} PROCESSENTRY32W, *PPROCESSENTRY32W, *LPPROCESSENTRY32W;
+typedef struct tagPROCESSENTRY32 {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ProcessID;
+    DWORD th32DefaultHeapID;
+    DWORD th32ModuleID;
+    DWORD cntThreads;
+    DWORD th32ParentProcessID;
+    LONG pcPriClassBase;
+    DWORD dwFlags;
+    CHAR szExeFile[MAX_PATH];
+} PROCESSENTRY32, *PPROCESSENTRY32, *LPPROCESSENTRY32;
+typedef struct tagTHREADENTRY32 {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ThreadID;
+    DWORD th32OwnerProcessID;
+    LONG tpBasePri;
+    LONG tpDeltaPri;
+    DWORD dwFlags;
+} THREADENTRY32, *PTHREADENTRY32, *LPTHREADENTRY32;
+typedef struct tagMODULEENTRY32W {
+    DWORD dwSize;
+    DWORD th32ModuleID;
+    DWORD th32ProcessID;
+    DWORD GlblcntUsage;
+    DWORD ProccntUsage;
+    BYTE *modBaseAddr;
+    DWORD modBaseSize;
+    HMODULE hModule;
+    WCHAR szModule[MAX_MODULE_NAME32 + 1];
+    WCHAR szExePath[MAX_PATH];
+} MODULEENTRY32W, *PMODULEENTRY32W, *LPMODULEENTRY32W;
+typedef struct tagMODULEENTRY32 {
+    DWORD dwSize;
+    DWORD th32ModuleID;
+    DWORD th32ProcessID;
+    DWORD GlblcntUsage;
+    DWORD ProccntUsage;
+    BYTE *modBaseAddr;
+    DWORD modBaseSize;
+    HMODULE hModule;
+    char szModule[MAX_MODULE_NAME32 + 1];
+    char szExePath[MAX_PATH];
+} MODULEENTRY32, *PMODULEENTRY32, *LPMODULEENTRY32;
+BOOL WINAPI Heap32First(LPHEAPENTRY32, DWORD, DWORD);
+BOOL WINAPI Heap32ListFirst(HANDLE, LPHEAPLIST32);
+BOOL WINAPI Heap32ListNext(HANDLE, LPHEAPLIST32);
+BOOL WINAPI Heap32Next(LPHEAPENTRY32);
+BOOL WINAPI Module32First(HANDLE, LPMODULEENTRY32);
+BOOL WINAPI Module32FirstW(HANDLE, LPMODULEENTRY32W);
+BOOL WINAPI Module32Next(HANDLE, LPMODULEENTRY32);
+BOOL WINAPI Module32NextW(HANDLE, LPMODULEENTRY32W);
+BOOL WINAPI Process32First(HANDLE, LPPROCESSENTRY32);
+BOOL WINAPI Process32FirstW(HANDLE, LPPROCESSENTRY32W);
+BOOL WINAPI Process32Next(HANDLE, LPPROCESSENTRY32);
+BOOL WINAPI Process32NextW(HANDLE, LPPROCESSENTRY32W);
+BOOL WINAPI Thread32First(HANDLE, LPTHREADENTRY32);
+BOOL WINAPI Thread32Next(HANDLE, LPTHREADENTRY32);
+BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD, LPCVOID, LPVOID, DWORD,
+                                        LPDWORD);
+HANDLE WINAPI CreateToolhelp32Snapshot(DWORD, DWORD);
+# ifdef UNICODE
+#  define LPMODULEENTRY32 LPMODULEENTRY32W
+#  define LPPROCESSENTRY32 LPPROCESSENTRY32W
+#  define MODULEENTRY32 MODULEENTRY32W
+#  define Module32First Module32FirstW
+#  define Module32Next Module32NextW
+#  define PMODULEENTRY32 PMODULEENTRY32W
+#  define PPROCESSENTRY32 PPROCESSENTRY32W
+#  define PROCESSENTRY32 PROCESSENTRY32W
+#  define Process32First Process32FirstW
+#  define Process32Next Process32NextW
+# endif                         /* UNICODE */
+#ifdef __cplusplus
+}
+#endif
+#endif                          /* _TLHELP32_H */
diff --git a/openssl-1.1.0h/ms/uplink-common.pl b/openssl-1.1.0h/ms/uplink-common.pl
new file mode 100755
index 0000000..e2ab594
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink-common.pl
@@ -0,0 +1,28 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# pull APPLINK_MAX value from applink.c...
+$applink_c=$0;
+$applink_c=~s|[^/\\]+$||g;
+$applink_c.="applink.c";
+open(INPUT,$applink_c) || die "can't open $applink_c: $!";
+@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
+close(INPUT);
+($#max==0) or die "can't find APPLINK_MAX in $applink_c";
+
+$max[0]=~/APPLINK_MAX\s+(\d+)/;
+$N=$1;	# number of entries in OPENSSL_UplinkTable not including
+	# OPENSSL_UplinkTable[0], which contains this value...
+
+1;
+
+# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
+# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
+# and then dereference themselves. Latter shall result in endless
+# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
+# something else, e.g. as 'table[index]=unimplemented;'...
diff --git a/openssl-1.1.0h/ms/uplink-ia64.pl b/openssl-1.1.0h/ms/uplink-ia64.pl
new file mode 100755
index 0000000..0636f13
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink-ia64.pl
@@ -0,0 +1,61 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$output = pop;
+open STDOUT,">$output";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}.");
+
+require "uplink-common.pl";
+
+local $V=8;	# max number of args uplink functions may accept...
+my $loc0 = "r".(32+$V);
+print <<___;
+.text
+.global	OPENSSL_Uplink#
+.type	OPENSSL_Uplink#,\@function
+
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.proc	lazy$i#
+lazy$i:
+	.prologue
+{ .mii;	.save	ar.pfs,$loc0
+	alloc	loc0=ar.pfs,$V,3,2,0
+	.save	b0,loc1
+	mov	loc1=b0
+	addl	loc2=\@ltoff(OPENSSL_UplinkTable#),gp	};;
+	.body
+{ .mmi;	ld8	out0=[loc2]
+	mov	out1=$i					};;
+{ .mib;	add	loc2=8*$i,out0
+	br.call.sptk.many	b0=OPENSSL_Uplink#	};;
+{ .mmi;	ld8	r31=[loc2];;
+	ld8	r30=[r31],8				};;
+{ .mii;	ld8	gp=[r31]
+	mov	b6=r30
+	mov	b0=loc1					};;
+{ .mib;	mov	ar.pfs=loc0
+	br.many	b6					};;
+.endp	lazy$i#
+
+___
+}
+print <<___;
+.data
+.global OPENSSL_UplinkTable#
+OPENSSL_UplinkTable:    data8   $N      // amount of following entries
+___
+for ($i=1;$i<=$N;$i++) {   print "      data8   \@fptr(lazy$i#)\n";   }
+print <<___;
+.size   OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
+___
+
+close STDOUT;
diff --git a/openssl-1.1.0h/ms/uplink-x86.pl b/openssl-1.1.0h/ms/uplink-x86.pl
new file mode 100755
index 0000000..e25668e
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink-x86.pl
@@ -0,0 +1,44 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}.", "${dir}../crypto/perlasm");
+require "x86asm.pl";
+
+require "uplink-common.pl";
+
+$output = pop;
+open STDOUT,">$output";
+
+&asm_init($ARGV[0],"uplink-x86");
+
+&external_label("OPENSSL_Uplink");
+&public_label("OPENSSL_UplinkTable");
+
+for ($i=1;$i<=$N;$i++) {
+&function_begin_B("_\$lazy${i}");
+	&lea	("eax",&DWP(&label("OPENSSL_UplinkTable")));
+	&push	($i);
+	&push	("eax");
+	&call	(&label("OPENSSL_Uplink"));
+	&pop	("eax");
+	&add	("esp",4);
+	&jmp_ptr(&DWP(4*$i,"eax"));
+&function_end_B("_\$lazy${i}");
+}
+
+&dataseg();
+&align(4);
+&set_label("OPENSSL_UplinkTable");
+&data_word($N);
+for ($i=1;$i<=$N;$i++) {
+&data_word(&label("_\$lazy${i}"));
+}
+&asm_finish();
+
+close OUTPUT;
diff --git a/openssl-1.1.0h/ms/uplink-x86_64.pl b/openssl-1.1.0h/ms/uplink-x86_64.pl
new file mode 100755
index 0000000..1f24450
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink-x86_64.pl
@@ -0,0 +1,71 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+$output=pop;
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
+*STDOUT=*OUT;
+push(@INC,"${dir}.");
+
+require "uplink-common.pl";
+
+$prefix="_lazy";
+
+print <<___;
+.text
+.extern	OPENSSL_Uplink
+.globl	OPENSSL_UplinkTable
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.type	$prefix${i},\@abi-omnipotent
+.align	16
+$prefix${i}:
+	.byte	0x48,0x83,0xEC,0x28	# sub rsp,40
+	mov	%rcx,48(%rsp)
+	mov	%rdx,56(%rsp)
+	mov	%r8,64(%rsp)
+	mov	%r9,72(%rsp)
+	lea	OPENSSL_UplinkTable(%rip),%rcx
+	mov	\$$i,%rdx
+	call	OPENSSL_Uplink
+	mov	48(%rsp),%rcx
+	mov	56(%rsp),%rdx
+	mov	64(%rsp),%r8
+	mov	72(%rsp),%r9
+	lea	OPENSSL_UplinkTable(%rip),%rax
+	add	\$40,%rsp
+	jmp	*8*$i(%rax)
+$prefix${i}_end:
+.size	$prefix${i},.-$prefix${i}
+___
+}
+print <<___;
+.data
+OPENSSL_UplinkTable:
+        .quad   $N
+___
+for ($i=1;$i<=$N;$i++) {   print "      .quad   $prefix$i\n";   }
+print <<___;
+.section	.pdata,"r"
+.align		4
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+	.rva	$prefix${i},$prefix${i}_end,${prefix}_unwind_info
+___
+}
+print <<___;
+.section	.xdata,"r"
+.align		8
+${prefix}_unwind_info:
+	.byte	0x01,0x04,0x01,0x00
+	.byte	0x04,0x42,0x00,0x00
+___
+
+close STDOUT;
diff --git a/openssl-1.1.0h/ms/uplink.c b/openssl-1.1.0h/ms/uplink.c
new file mode 100644
index 0000000..7f7abfb
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
+# define UNICODE
+#endif
+#if defined(UNICODE) && !defined(_UNICODE)
+# define _UNICODE
+#endif
+#if defined(_UNICODE) && !defined(UNICODE)
+# define UNICODE
+#endif
+
+#include <windows.h>
+#include <tchar.h>
+#include <stdio.h>
+#include "uplink.h"
+void OPENSSL_showfatal(const char *, ...);
+
+static TCHAR msg[128];
+
+static void unimplemented(void)
+{
+    OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
+    ExitProcess(1);
+}
+
+void OPENSSL_Uplink(volatile void **table, int index)
+{
+    static HMODULE volatile apphandle = NULL;
+    static void **volatile applinktable = NULL;
+    int len;
+    void (*func) (void) = unimplemented;
+    HANDLE h;
+    void **p;
+
+    /*
+     * Note that the below code is not MT-safe in respect to msg buffer, but
+     * what's the worst thing that can happen? Error message might be
+     * misleading or corrupted. As error condition is fatal and should never
+     * be risen, I accept the risk...
+     */
+    /*
+     * One can argue that I should have used InterlockedExchangePointer or
+     * something to update static variables and table[]. Well, store
+     * instructions are as atomic as they can get and assigned values are
+     * effectively constant... So that volatile qualifier should be
+     * sufficient [it prohibits compiler to reorder memory access
+     * instructions].
+     */
+    do {
+        len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR),
+                         _T("OPENSSL_Uplink(%p,%02X): "), table, index);
+        _tcscpy(msg + len, _T("unimplemented function"));
+
+        if ((h = apphandle) == NULL) {
+            if ((h = GetModuleHandle(NULL)) == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no host application"));
+                break;
+            }
+            apphandle = h;
+        }
+        if ((h = apphandle) == (HMODULE) - 1) /* revalidate */
+            break;
+
+        if (applinktable == NULL) {
+            void **(*applink) ();
+
+            applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink");
+            if (applink == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no OPENSSL_Applink"));
+                break;
+            }
+            p = (*applink) ();
+            if (p == NULL) {
+                apphandle = (HMODULE) - 1;
+                _tcscpy(msg + len, _T("no ApplinkTable"));
+                break;
+            }
+            applinktable = p;
+        } else
+            p = applinktable;
+
+        if (index > (int)p[0])
+            break;
+
+        if (p[index])
+            func = p[index];
+    } while (0);
+
+    table[index] = func;
+}
+
+#if defined(_MSC_VER) && defined(_M_IX86)
+# define LAZY(i)         \
+__declspec(naked) static void lazy##i (void) {  \
+        _asm    push i                          \
+        _asm    push OFFSET OPENSSL_UplinkTable \
+        _asm    call OPENSSL_Uplink             \
+        _asm    add  esp,8                      \
+        _asm    jmp  OPENSSL_UplinkTable+4*i    }
+
+# if APPLINK_MAX>25
+#  error "Add more stubs..."
+# endif
+/* make some in advance... */
+LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5)
+    LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10)
+    LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
+    LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
+    LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
+void *OPENSSL_UplinkTable[] = {
+    (void *)APPLINK_MAX,
+    lazy1, lazy2, lazy3, lazy4, lazy5,
+    lazy6, lazy7, lazy8, lazy9, lazy10,
+    lazy11, lazy12, lazy13, lazy14, lazy15,
+    lazy16, lazy17, lazy18, lazy19, lazy20,
+    lazy21, lazy22, lazy23, lazy24, lazy25,
+};
+#endif
+
+#ifdef SELFTEST
+main()
+{
+    UP_fprintf(UP_stdout, "hello, world!\n");
+}
+#endif
diff --git a/openssl-1.1.0h/ms/uplink.h b/openssl-1.1.0h/ms/uplink.h
new file mode 100644
index 0000000..f6cd038
--- /dev/null
+++ b/openssl-1.1.0h/ms/uplink.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define APPMACROS_ONLY
+#include "applink.c"
+
+extern void *OPENSSL_UplinkTable[];
+
+#define UP_stdin  (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])()
+#define UP_stdout (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDOUT])()
+#define UP_stderr (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDERR])()
+#define UP_fprintf (*(int (*)(void *,const char *,...))OPENSSL_UplinkTable[APPLINK_FPRINTF])
+#define UP_fgets  (*(char *(*)(char *,int,void *))OPENSSL_UplinkTable[APPLINK_FGETS])
+#define UP_fread  (*(size_t (*)(void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FREAD])
+#define UP_fwrite (*(size_t (*)(const void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FWRITE])
+#define UP_fsetmod (*(int (*)(void *,char))OPENSSL_UplinkTable[APPLINK_FSETMOD])
+#define UP_feof   (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF])
+#define UP_fclose (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FCLOSE])
+
+#define UP_fopen  (*(void *(*)(const char *,const char *))OPENSSL_UplinkTable[APPLINK_FOPEN])
+#define UP_fseek  (*(int (*)(void *,long,int))OPENSSL_UplinkTable[APPLINK_FSEEK])
+#define UP_ftell  (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL])
+#define UP_fflush (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FFLUSH])
+#define UP_ferror (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FERROR])
+#define UP_clearerr (*(void (*)(void *))OPENSSL_UplinkTable[APPLINK_CLEARERR])
+#define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO])
+
+#define UP_open   (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN])
+#define UP_read   (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
+#define UP_write  (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
+#define UP_lseek  (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK])
+#define UP_close  (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE])
diff --git a/openssl-1.1.0h/os-dep/haiku.h b/openssl-1.1.0h/os-dep/haiku.h
new file mode 100644
index 0000000..7e908ef
--- /dev/null
+++ b/openssl-1.1.0h/os-dep/haiku.h
@@ -0,0 +1,2 @@
+#include <sys/select.h>
+#include <sys/time.h>
diff --git a/openssl-1.1.0h/ssl/bio_ssl.c b/openssl-1.1.0h/ssl/bio_ssl.c
new file mode 100644
index 0000000..97540e6
--- /dev/null
+++ b/openssl-1.1.0h/ssl/bio_ssl.c
@@ -0,0 +1,516 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "internal/bio.h"
+#include <openssl/err.h>
+#include "ssl_locl.h"
+
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct bio_ssl_st {
+    SSL *ssl;                   /* The ssl handle :-) */
+    /* re-negotiate every time the total number of bytes is this size */
+    int num_renegotiates;
+    unsigned long renegotiate_count;
+    unsigned long byte_count;
+    unsigned long renegotiate_timeout;
+    unsigned long last_time;
+} BIO_SSL;
+
+static const BIO_METHOD methods_sslp = {
+    BIO_TYPE_SSL,
+    "ssl",
+    ssl_write,
+    ssl_read,
+    ssl_puts,
+    NULL,                       /* ssl_gets,      */
+    ssl_ctrl,
+    ssl_new,
+    ssl_free,
+    ssl_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_ssl(void)
+{
+    return (&methods_sslp);
+}
+
+static int ssl_new(BIO *bi)
+{
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
+
+    if (bs == NULL) {
+        BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, bs);
+    /* Clear all flags */
+    BIO_clear_flags(bi, ~0);
+
+    return 1;
+}
+
+static int ssl_free(BIO *a)
+{
+    BIO_SSL *bs;
+
+    if (a == NULL)
+        return (0);
+    bs = BIO_get_data(a);
+    if (bs->ssl != NULL)
+        SSL_shutdown(bs->ssl);
+    if (BIO_get_shutdown(a)) {
+        if (BIO_get_init(a))
+            SSL_free(bs->ssl);
+        /* Clear all flags */
+        BIO_clear_flags(a, ~0);
+        BIO_set_init(a, 0);
+    }
+    OPENSSL_free(bs);
+    return 1;
+}
+
+static int ssl_read(BIO *b, char *out, int outl)
+{
+    int ret = 1;
+    BIO_SSL *sb;
+    SSL *ssl;
+    int retry_reason = 0;
+    int r = 0;
+
+    if (out == NULL)
+        return (0);
+    sb = BIO_get_data(b);
+    ssl = sb->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    ret = SSL_read(ssl, out, outl);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (ret <= 0)
+            break;
+        if (sb->renegotiate_count > 0) {
+            sb->byte_count += ret;
+            if (sb->byte_count > sb->renegotiate_count) {
+                sb->byte_count = 0;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((sb->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > sb->last_time + sb->renegotiate_timeout) {
+                sb->last_time = tm;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_ACCEPT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_ACCEPT;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+        break;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    case SSL_ERROR_ZERO_RETURN:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+    return (ret);
+}
+
+static int ssl_write(BIO *b, const char *out, int outl)
+{
+    int ret, r = 0;
+    int retry_reason = 0;
+    SSL *ssl;
+    BIO_SSL *bs;
+
+    if (out == NULL)
+        return (0);
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    /*
+     * ret=SSL_do_handshake(ssl); if (ret > 0)
+     */
+    ret = SSL_write(ssl, out, outl);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (ret <= 0)
+            break;
+        if (bs->renegotiate_count > 0) {
+            bs->byte_count += ret;
+            if (bs->byte_count > bs->renegotiate_count) {
+                bs->byte_count = 0;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((bs->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > bs->last_time + bs->renegotiate_timeout) {
+                bs->last_time = tm;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+    return ret;
+}
+
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    SSL **sslp, *ssl;
+    BIO_SSL *bs, *dbs;
+    BIO *dbio, *bio;
+    long ret = 1;
+    BIO *next;
+
+    bs = BIO_get_data(b);
+    next = BIO_next(b);
+    ssl = bs->ssl;
+    if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
+        return (0);
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        SSL_shutdown(ssl);
+
+        if (ssl->handshake_func == ssl->method->ssl_connect)
+            SSL_set_connect_state(ssl);
+        else if (ssl->handshake_func == ssl->method->ssl_accept)
+            SSL_set_accept_state(ssl);
+
+        if (!SSL_clear(ssl)) {
+            ret = 0;
+            break;
+        }
+
+        if (next != NULL)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        else if (ssl->rbio != NULL)
+            ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        else
+            ret = 1;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SSL_MODE:
+        if (num)                /* client mode */
+            SSL_set_connect_state(ssl);
+        else
+            SSL_set_accept_state(ssl);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+        ret = bs->renegotiate_timeout;
+        if (num < 60)
+            num = 5;
+        bs->renegotiate_timeout = (unsigned long)num;
+        bs->last_time = (unsigned long)time(NULL);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+        ret = bs->renegotiate_count;
+        if ((long)num >= 512)
+            bs->renegotiate_count = (unsigned long)num;
+        break;
+    case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+        ret = bs->num_renegotiates;
+        break;
+    case BIO_C_SET_SSL:
+        if (ssl != NULL) {
+            ssl_free(b);
+            if (!ssl_new(b))
+                return 0;
+        }
+        BIO_set_shutdown(b, num);
+        ssl = (SSL *)ptr;
+        bs->ssl = ssl;
+        bio = SSL_get_rbio(ssl);
+        if (bio != NULL) {
+            if (next != NULL)
+                BIO_push(bio, next);
+            BIO_set_next(b, bio);
+            BIO_up_ref(bio);
+        }
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_SSL:
+        if (ptr != NULL) {
+            sslp = (SSL **)ptr;
+            *sslp = ssl;
+        } else
+            ret = 0;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = BIO_get_shutdown(b);
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        BIO_set_shutdown(b, (int)num);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:
+        ret = SSL_pending(ssl);
+        if (ret == 0)
+            ret = BIO_pending(ssl->rbio);
+        break;
+    case BIO_CTRL_FLUSH:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_PUSH:
+        if ((next != NULL) && (next != ssl->rbio)) {
+            /*
+             * We are going to pass ownership of next to the SSL object...but
+             * we don't own a reference to pass yet - so up ref
+             */
+            BIO_up_ref(next);
+            SSL_set_bio(ssl, next, next);
+        }
+        break;
+    case BIO_CTRL_POP:
+        /* Only detach if we are the BIO explicitly being popped */
+        if (b == ptr) {
+            /* This will clear the reference we obtained during push */
+            SSL_set_bio(ssl, NULL, NULL);
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+
+        BIO_set_retry_reason(b, 0);
+        ret = (int)SSL_do_handshake(ssl);
+
+        switch (SSL_get_error(ssl, (int)ret)) {
+        case SSL_ERROR_WANT_READ:
+            BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_WRITE:
+            BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_CONNECT:
+            BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
+            BIO_set_retry_reason(b, BIO_get_retry_reason(next));
+            break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+            BIO_set_retry_special(b);
+            BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
+            break;
+        default:
+            break;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dbs = BIO_get_data(dbio);
+        SSL_free(dbs->ssl);
+        dbs->ssl = SSL_dup(ssl);
+        dbs->num_renegotiates = bs->num_renegotiates;
+        dbs->renegotiate_count = bs->renegotiate_count;
+        dbs->byte_count = bs->byte_count;
+        dbs->renegotiate_timeout = bs->renegotiate_timeout;
+        dbs->last_time = bs->last_time;
+        ret = (dbs->ssl != NULL);
+        break;
+    case BIO_C_GET_FD:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        {
+#if 0                           /* FIXME: Should this be used? -- Richard
+                                 * Levitte */
+            SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            ret = -1;
+#else
+            ret = 0;
+#endif
+        }
+        break;
+    default:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    SSL *ssl;
+    BIO_SSL *bs;
+    long ret = 1;
+
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int ssl_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = BIO_write(bp, str, n);
+    return (ret);
+}
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *buf = NULL, *ssl = NULL;
+
+    if ((buf = BIO_new(BIO_f_buffer())) == NULL)
+        return (NULL);
+    if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
+        goto err;
+    if ((ret = BIO_push(buf, ssl)) == NULL)
+        goto err;
+    return (ret);
+ err:
+    BIO_free(buf);
+    BIO_free(ssl);
+#endif
+    return (NULL);
+}
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *con = NULL, *ssl = NULL;
+
+    if ((con = BIO_new(BIO_s_connect())) == NULL)
+        return (NULL);
+    if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
+        goto err;
+    if ((ret = BIO_push(ssl, con)) == NULL)
+        goto err;
+    return (ret);
+ err:
+    BIO_free(con);
+#endif
+    return (NULL);
+}
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+{
+    BIO *ret;
+    SSL *ssl;
+
+    if ((ret = BIO_new(BIO_f_ssl())) == NULL)
+        return (NULL);
+    if ((ssl = SSL_new(ctx)) == NULL) {
+        BIO_free(ret);
+        return (NULL);
+    }
+    if (client)
+        SSL_set_connect_state(ssl);
+    else
+        SSL_set_accept_state(ssl);
+
+    BIO_set_ssl(ret, ssl, BIO_CLOSE);
+    return (ret);
+}
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+{
+    BIO_SSL *tdata, *fdata;
+    t = BIO_find_type(t, BIO_TYPE_SSL);
+    f = BIO_find_type(f, BIO_TYPE_SSL);
+    if ((t == NULL) || (f == NULL))
+        return 0;
+    tdata = BIO_get_data(t);
+    fdata = BIO_get_data(f);
+    if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
+        return (0);
+    if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
+        return 0;
+    return (1);
+}
+
+void BIO_ssl_shutdown(BIO *b)
+{
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
+    }
+}
diff --git a/openssl-1.1.0h/ssl/build.info b/openssl-1.1.0h/ssl/build.info
new file mode 100644
index 0000000..6977246
--- /dev/null
+++ b/openssl-1.1.0h/ssl/build.info
@@ -0,0 +1,14 @@
+LIBS=../libssl
+SOURCE[../libssl]=\
+        pqueue.c \
+        statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c record/rec_layer_s3.c \
+        statem/statem_lib.c s3_cbc.c s3_msg.c \
+        methods.c   t1_lib.c  t1_enc.c t1_ext.c \
+        d1_lib.c  record/rec_layer_d1.c d1_msg.c \
+        statem/statem_dtls.c d1_srtp.c \
+        ssl_lib.c ssl_cert.c ssl_sess.c \
+        ssl_ciph.c ssl_stat.c ssl_rsa.c \
+        ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c  ssl_mcnf.c \
+        bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
+        record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
+        statem/statem.c
diff --git a/openssl-1.1.0h/ssl/d1_lib.c b/openssl-1.1.0h/ssl/d1_lib.c
new file mode 100644
index 0000000..55a81c3
--- /dev/null
+++ b/openssl-1.1.0h/ssl/d1_lib.c
@@ -0,0 +1,1087 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#define USE_SOCKETS
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include "ssl_locl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+# include <sys/timeb.h>
+#elif defined(OPENSSL_SYS_VXWORKS)
+# include <sys/times.h>
+#elif !defined(OPENSSL_SYS_WIN32)
+# include <sys/time.h>
+#endif
+
+static void get_current_time(struct timeval *t);
+static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
+static int dtls1_handshake_write(SSL *s);
+static unsigned int dtls1_link_min_mtu(void);
+
+/* XDTLS:  figure out the right values */
+static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
+
+const SSL3_ENC_METHOD DTLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
+    DTLS1_HM_HEADER_LENGTH,
+    dtls1_set_handshake_header,
+    dtls1_handshake_write
+};
+
+const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS
+        | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    DTLS1_HM_HEADER_LENGTH,
+    dtls1_set_handshake_header,
+    dtls1_handshake_write
+};
+
+long dtls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int dtls1_new(SSL *s)
+{
+    DTLS1_STATE *d1;
+
+    if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+
+    if (!ssl3_new(s))
+        return (0);
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
+        ssl3_free(s);
+        return (0);
+    }
+
+    d1->buffered_messages = pqueue_new();
+    d1->sent_messages = pqueue_new();
+
+    if (s->server) {
+        d1->cookie_len = sizeof(s->d1->cookie);
+    }
+
+    d1->link_mtu = 0;
+    d1->mtu = 0;
+
+    if (d1->buffered_messages == NULL || d1->sent_messages == NULL) {
+        pqueue_free(d1->buffered_messages);
+        pqueue_free(d1->sent_messages);
+        OPENSSL_free(d1);
+        ssl3_free(s);
+        return (0);
+    }
+
+    s->d1 = d1;
+    s->method->ssl_clear(s);
+    return (1);
+}
+
+static void dtls1_clear_queues(SSL *s)
+{
+    dtls1_clear_received_buffer(s);
+    dtls1_clear_sent_buffer(s);
+}
+
+void dtls1_clear_received_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+void dtls1_clear_sent_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+
+void dtls1_free(SSL *s)
+{
+    DTLS_RECORD_LAYER_free(&s->rlayer);
+
+    ssl3_free(s);
+
+    dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->buffered_messages);
+    pqueue_free(s->d1->sent_messages);
+
+    OPENSSL_free(s->d1);
+    s->d1 = NULL;
+}
+
+void dtls1_clear(SSL *s)
+{
+    pqueue *buffered_messages;
+    pqueue *sent_messages;
+    unsigned int mtu;
+    unsigned int link_mtu;
+
+    DTLS_RECORD_LAYER_clear(&s->rlayer);
+
+    if (s->d1) {
+        buffered_messages = s->d1->buffered_messages;
+        sent_messages = s->d1->sent_messages;
+        mtu = s->d1->mtu;
+        link_mtu = s->d1->link_mtu;
+
+        dtls1_clear_queues(s);
+
+        memset(s->d1, 0, sizeof(*s->d1));
+
+        if (s->server) {
+            s->d1->cookie_len = sizeof(s->d1->cookie);
+        }
+
+        if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
+            s->d1->mtu = mtu;
+            s->d1->link_mtu = link_mtu;
+        }
+
+        s->d1->buffered_messages = buffered_messages;
+        s->d1->sent_messages = sent_messages;
+    }
+
+    ssl3_clear(s);
+
+    if (s->method->version == DTLS_ANY_VERSION)
+        s->version = DTLS_MAX_VERSION;
+#ifndef OPENSSL_NO_DTLS1_METHOD
+    else if (s->options & SSL_OP_CISCO_ANYCONNECT)
+        s->client_version = s->version = DTLS1_BAD_VER;
+#endif
+    else
+        s->version = s->method->version;
+}
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case DTLS_CTRL_GET_TIMEOUT:
+        if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+            ret = 1;
+        }
+        break;
+    case DTLS_CTRL_HANDLE_TIMEOUT:
+        ret = dtls1_handle_timeout(s);
+        break;
+    case DTLS_CTRL_SET_LINK_MTU:
+        if (larg < (long)dtls1_link_min_mtu())
+            return 0;
+        s->d1->link_mtu = larg;
+        return 1;
+    case DTLS_CTRL_GET_LINK_MIN_MTU:
+        return (long)dtls1_link_min_mtu();
+    case SSL_CTRL_SET_MTU:
+        /*
+         *  We may not have a BIO set yet so can't call dtls1_min_mtu()
+         *  We'll have to make do with dtls1_link_min_mtu() and max overhead
+         */
+        if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+            return 0;
+        s->d1->mtu = larg;
+        return larg;
+    default:
+        ret = ssl3_ctrl(s, cmd, larg, parg);
+        break;
+    }
+    return (ret);
+}
+
+void dtls1_start_timer(SSL *s)
+{
+#ifndef OPENSSL_NO_SCTP
+    /* Disable timer for SCTP */
+    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+        return;
+    }
+#endif
+
+    /* If timer is not set, initialize duration with 1 second */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        s->d1->timeout_duration = 1;
+    }
+
+    /* Set timeout to current time */
+    get_current_time(&(s->d1->next_timeout));
+
+    /* Add duration to current time */
+    s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+}
+
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+{
+    struct timeval timenow;
+
+    /* If no timeout is set, just return NULL */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        return NULL;
+    }
+
+    /* Get current time */
+    get_current_time(&timenow);
+
+    /* If timer already expired, set remaining time to 0 */
+    if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+        (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+         s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
+        memset(timeleft, 0, sizeof(*timeleft));
+        return timeleft;
+    }
+
+    /* Calculate time left until timer expires */
+    memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+    timeleft->tv_sec -= timenow.tv_sec;
+    timeleft->tv_usec -= timenow.tv_usec;
+    if (timeleft->tv_usec < 0) {
+        timeleft->tv_sec--;
+        timeleft->tv_usec += 1000000;
+    }
+
+    /*
+     * If remaining time is less than 15 ms, set it to 0 to prevent issues
+     * because of small divergences with socket timeouts.
+     */
+    if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
+        memset(timeleft, 0, sizeof(*timeleft));
+    }
+
+    return timeleft;
+}
+
+int dtls1_is_timer_expired(SSL *s)
+{
+    struct timeval timeleft;
+
+    /* Get time left until timeout, return false if no timer running */
+    if (dtls1_get_timeout(s, &timeleft) == NULL) {
+        return 0;
+    }
+
+    /* Return false if timer is not expired yet */
+    if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+        return 0;
+    }
+
+    /* Timer expired, so return true */
+    return 1;
+}
+
+void dtls1_double_timeout(SSL *s)
+{
+    s->d1->timeout_duration *= 2;
+    if (s->d1->timeout_duration > 60)
+        s->d1->timeout_duration = 60;
+    dtls1_start_timer(s);
+}
+
+void dtls1_stop_timer(SSL *s)
+{
+    /* Reset everything */
+    memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
+    memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+    s->d1->timeout_duration = 1;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+    /* Clear retransmission buffer */
+    dtls1_clear_sent_buffer(s);
+}
+
+int dtls1_check_timeout_num(SSL *s)
+{
+    unsigned int mtu;
+
+    s->d1->timeout.num_alerts++;
+
+    /* Reduce MTU after 2 unsuccessful retransmissions */
+    if (s->d1->timeout.num_alerts > 2
+        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+        mtu =
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+        if (mtu < s->d1->mtu)
+            s->d1->mtu = mtu;
+    }
+
+    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+        /* fail the connection, enough alerts have been sent */
+        SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+        return -1;
+    }
+
+    return 0;
+}
+
+int dtls1_handle_timeout(SSL *s)
+{
+    /* if no timer is expired, don't do anything */
+    if (!dtls1_is_timer_expired(s)) {
+        return 0;
+    }
+
+    dtls1_double_timeout(s);
+
+    if (dtls1_check_timeout_num(s) < 0)
+        return -1;
+
+    s->d1->timeout.read_timeouts++;
+    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+        s->d1->timeout.read_timeouts = 1;
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    if (s->tlsext_hb_pending) {
+        s->tlsext_hb_pending = 0;
+        return dtls1_heartbeat(s);
+    }
+#endif
+
+    dtls1_start_timer(s);
+    return dtls1_retransmit_buffered_messages(s);
+}
+
+static void get_current_time(struct timeval *t)
+{
+#if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+    /* re-bias to 1/1/1970 */
+# ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+# else
+    /* *INDENT-OFF* */
+    now.ul -= 116444736000000000UI64;
+    /* *INDENT-ON* */
+# endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+#elif defined(OPENSSL_SYS_VMS)
+    struct timeb tb;
+    ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+#else
+    gettimeofday(t, NULL);
+#endif
+}
+
+#define LISTEN_SUCCESS              2
+#define LISTEN_SEND_VERIFY_REQUEST  1
+
+#ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client)
+{
+    int next, n, ret = 0, clearpkt = 0;
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    unsigned char seq[SEQ_NUM_SIZE];
+    const unsigned char *data;
+    unsigned char *p, *buf;
+    unsigned long reclen, fragoff, fraglen, msglen;
+    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
+    BIO *rbio, *wbio;
+    BUF_MEM *bufm;
+    BIO_ADDR *tmpclient = NULL;
+    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
+
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return -1;
+
+    ERR_clear_error();
+
+    rbio = SSL_get_rbio(s);
+    wbio = SSL_get_wbio(s);
+
+    if (!rbio || !wbio) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
+        return -1;
+    }
+
+    /*
+     * We only peek at incoming ClientHello's until we're sure we are going to
+     * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
+     * cookie then we leave it in the BIO for accept to handle.
+     */
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
+
+    /*
+     * Note: This check deliberately excludes DTLS1_BAD_VER because that version
+     * requires the MAC to be calculated *including* the first ClientHello
+     * (without the cookie). Since DTLSv1_listen is stateless that cannot be
+     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via
+     * SSL_accept)
+     */
+    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
+        return -1;
+    }
+
+    if (s->init_buf == NULL) {
+        if ((bufm = BUF_MEM_new()) == NULL) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+
+        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
+            BUF_MEM_free(bufm);
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        s->init_buf = bufm;
+    }
+    buf = (unsigned char *)s->init_buf->data;
+
+    do {
+        /* Get a packet */
+
+        clear_sys_error();
+        /*
+         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
+         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
+         * the record header as well, but we do here. We've set up init_buf to
+         * be the standard size for simplicity. In practice we shouldn't ever
+         * receive a ClientHello as long as this. If we do it will get dropped
+         * in the record length check below.
+         */
+        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rbio)) {
+                /* Non-blocking IO */
+                goto end;
+            }
+            return -1;
+        }
+
+        /* If we hit any problems we need to clear this packet from the BIO */
+        clearpkt = 1;
+
+        if (!PACKET_buf_init(&pkt, buf, n)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /*
+         * Parse the received record. If there are any problems with it we just
+         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is
+         * resilient in the face of invalid records (e.g., invalid formatting,
+         * length, MAC, etc.).  In general, invalid records SHOULD be silently
+         * discarded, thus preserving the association; however, an error MAY be
+         * logged for diagnostic purposes."
+         */
+
+        /* this packet contained a partial record, dump it */
+        if (n < DTLS1_RT_HEADER_LENGTH) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
+                            DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+        /* Get the record header */
+        if (!PACKET_get_1(&pkt, &rectype)
+            || !PACKET_get_1(&pkt, &versmajor)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (rectype != SSL3_RT_HANDSHAKE) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /*
+         * Check record version number. We only check that the major version is
+         * the same.
+         */
+        if (versmajor != DTLS1_VERSION_MAJOR) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&pkt, 1)
+            /* Save the sequence number: 64 bits, with top 2 bytes = epoch */
+            || !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
+            || !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+        /*
+         * We allow data remaining at the end of the packet because there could
+         * be a second record (but we ignore it)
+         */
+
+        /* This is an initial ClientHello so the epoch has to be 0 */
+        if (seq[0] != 0 || seq[1] != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Get a pointer to the raw message for the later callback */
+        data = PACKET_data(&msgpkt);
+
+        /* Finished processing the record header, now process the message */
+        if (!PACKET_get_1(&msgpkt, &msgtype)
+            || !PACKET_get_net_3(&msgpkt, &msglen)
+            || !PACKET_get_net_2(&msgpkt, &msgseq)
+            || !PACKET_get_net_3(&msgpkt, &fragoff)
+            || !PACKET_get_net_3(&msgpkt, &fraglen)
+            || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
+            || PACKET_remaining(&msgpkt) != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (msgtype != SSL3_MT_CLIENT_HELLO) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Message sequence number can only be 0 or 1 */
+        if (msgseq > 2) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
+            goto end;
+        }
+
+        /*
+         * We don't support fragment reassembly for ClientHellos whilst
+         * listening because that would require server side state (which is
+         * against the whole point of the ClientHello/HelloVerifyRequest
+         * mechanism). Instead we only look at the first ClientHello fragment
+         * and require that the cookie must be contained within it.
+         */
+        if (fragoff != 0 || fraglen > msglen) {
+            /* Non initial ClientHello fragment (or bad fragment) */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
+                            fraglen + DTLS1_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+        if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Verify client version is supported
+         */
+        if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
+            s->method->version != DTLS_ANY_VERSION) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&msgpayload, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &session)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &cookiepkt)) {
+            /*
+             * Could be malformed or the cookie does not fit within the initial
+             * ClientHello fragment. Either way we can't handle it.
+             */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Check if we have a cookie or not. If not we need to send a
+         * HelloVerifyRequest.
+         */
+        if (PACKET_remaining(&cookiepkt) == 0) {
+            next = LISTEN_SEND_VERIFY_REQUEST;
+        } else {
+            /*
+             * We have a cookie, so lets check it.
+             */
+            if (s->ctx->app_verify_cookie_cb == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
+                /* This is fatal */
+                return -1;
+            }
+            if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
+                                             PACKET_remaining(&cookiepkt)) ==
+                0) {
+                /*
+                 * We treat invalid cookies in the same was as no cookie as
+                 * per RFC6347
+                 */
+                next = LISTEN_SEND_VERIFY_REQUEST;
+            } else {
+                /* Cookie verification succeeded */
+                next = LISTEN_SUCCESS;
+            }
+        }
+
+        if (next == LISTEN_SEND_VERIFY_REQUEST) {
+            /*
+             * There was no cookie in the ClientHello so we need to send a
+             * HelloVerifyRequest. If this fails we do not worry about trying
+             * to resend, we just drop it.
+             */
+
+            /*
+             * Dump the read packet, we don't need it any more. Ignore return
+             * value
+             */
+            BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
+            BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+            BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
+
+            /* Generate the cookie */
+            if (s->ctx->app_gen_cookie_cb == NULL ||
+                s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
+                cookielen > 255) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+                /* This is fatal */
+                return -1;
+            }
+
+            p = &buf[DTLS1_RT_HEADER_LENGTH];
+            msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,
+                                                   cookie, cookielen);
+
+            *p++ = DTLS1_MT_HELLO_VERIFY_REQUEST;
+
+            /* Message length */
+            l2n3(msglen, p);
+
+            /* Message sequence number is always 0 for a HelloVerifyRequest */
+            s2n(0, p);
+
+            /*
+             * We never fragment a HelloVerifyRequest, so fragment offset is 0
+             * and fragment length is message length
+             */
+            l2n3(0, p);
+            l2n3(msglen, p);
+
+            /* Set reclen equal to length of whole handshake message */
+            reclen = msglen + DTLS1_HM_HEADER_LENGTH;
+
+            /* Add the record header */
+            p = buf;
+
+            *(p++) = SSL3_RT_HANDSHAKE;
+            /*
+             * Special case: for hello verify request, client version 1.0 and we
+             * haven't decided which version to use yet send back using version
+             * 1.0 header: otherwise some clients will ignore it.
+             */
+            if (s->method->version == DTLS_ANY_VERSION) {
+                *(p++) = DTLS1_VERSION >> 8;
+                *(p++) = DTLS1_VERSION & 0xff;
+            } else {
+                *(p++) = s->version >> 8;
+                *(p++) = s->version & 0xff;
+            }
+
+            /*
+             * Record sequence number is always the same as in the received
+             * ClientHello
+             */
+            memcpy(p, seq, SEQ_NUM_SIZE);
+            p += SEQ_NUM_SIZE;
+
+            /* Length */
+            s2n(reclen, p);
+
+            /*
+             * Set reclen equal to length of whole record including record
+             * header
+             */
+            reclen += DTLS1_RT_HEADER_LENGTH;
+
+            if (s->msg_callback)
+                s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
+                                DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+            if ((tmpclient = BIO_ADDR_new()) == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+                goto end;
+            }
+
+            /*
+             * This is unnecessary if rbio and wbio are one and the same - but
+             * maybe they're not. We ignore errors here - some BIOs do not
+             * support this.
+             */
+            if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
+                (void)BIO_dgram_set_peer(wbio, tmpclient);
+            }
+            BIO_ADDR_free(tmpclient);
+            tmpclient = NULL;
+
+            if (BIO_write(wbio, buf, reclen) < (int)reclen) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+
+            if (BIO_flush(wbio) <= 0) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+        }
+    } while (next != LISTEN_SUCCESS);
+
+    /*
+     * Set expected sequence numbers to continue the handshake.
+     */
+    s->d1->handshake_read_seq = 1;
+    s->d1->handshake_write_seq = 1;
+    s->d1->next_handshake_write_seq = 1;
+    DTLS_RECORD_LAYER_set_write_sequence(&s->rlayer, seq);
+
+    /*
+     * We are doing cookie exchange, so make sure we set that option in the
+     * SSL object
+     */
+    SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
+
+    /*
+     * Some BIOs may not support this. If we fail we clear the client address
+     */
+    if (BIO_dgram_get_peer(rbio, client) <= 0)
+        BIO_ADDR_clear(client);
+
+    ret = 1;
+    clearpkt = 0;
+ end:
+    BIO_ADDR_free(tmpclient);
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
+    if (clearpkt) {
+        /* Dump this packet. Ignore return value */
+        BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
+    }
+    return ret;
+}
+#endif
+
+static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+{
+    dtls1_set_message_header(s, htype, len, 0, len);
+    s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
+    s->init_off = 0;
+    /* Buffer the message to handle re-xmits */
+
+    if (!dtls1_buffer_message(s, 0))
+        return 0;
+
+    return 1;
+}
+
+static int dtls1_handshake_write(SSL *s)
+{
+    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+#ifndef OPENSSL_NO_HEARTBEATS
+
+# define HEARTBEAT_SIZE(payload, padding) ( \
+    1 /* heartbeat type */ + \
+    2 /* heartbeat length */ + \
+    (payload) + (padding))
+
+# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
+
+int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
+{
+    unsigned char *pl;
+    unsigned short hbtype;
+    unsigned int payload;
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT,
+                        p, length, s, s->msg_callback_arg);
+
+    /* Read type and payload length */
+    if (HEARTBEAT_SIZE_STD(0) > length)
+        return 0;               /* silently discard */
+    if (length > SSL3_RT_MAX_PLAIN_LENGTH)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+
+    hbtype = *p++;
+    n2s(p, payload);
+    if (HEARTBEAT_SIZE_STD(payload) > length)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+    pl = p;
+
+    if (hbtype == TLS1_HB_REQUEST) {
+        unsigned char *buffer, *bp;
+        unsigned int write_length = HEARTBEAT_SIZE(payload, padding);
+        int r;
+
+        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+
+        /* Allocate memory for the response. */
+        buffer = OPENSSL_malloc(write_length);
+        if (buffer == NULL)
+            return -1;
+        bp = buffer;
+
+        /* Enter response type, length and copy payload */
+        *bp++ = TLS1_HB_RESPONSE;
+        s2n(payload, bp);
+        memcpy(bp, pl, payload);
+        bp += payload;
+        /* Random padding */
+        if (RAND_bytes(bp, padding) <= 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
+
+        r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length);
+
+        if (r >= 0 && s->msg_callback)
+            s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
+                            buffer, write_length, s, s->msg_callback_arg);
+
+        OPENSSL_free(buffer);
+
+        if (r < 0)
+            return r;
+    } else if (hbtype == TLS1_HB_RESPONSE) {
+        unsigned int seq;
+
+        /*
+         * We only send sequence numbers (2 bytes unsigned int), and 16
+         * random bytes, so we just try to read the sequence number
+         */
+        n2s(pl, seq);
+
+        if (payload == 18 && seq == s->tlsext_hb_seq) {
+            dtls1_stop_timer(s);
+            s->tlsext_hb_seq++;
+            s->tlsext_hb_pending = 0;
+        }
+    }
+
+    return 0;
+}
+
+int dtls1_heartbeat(SSL *s)
+{
+    unsigned char *buf, *p;
+    int ret = -1;
+    unsigned int payload = 18;  /* Sequence number + random bytes */
+    unsigned int padding = 16;  /* Use minimum padding */
+    unsigned int size;
+
+    /* Only send if peer supports and accepts HB requests... */
+    if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) ||
+        s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_SEND_REQUESTS) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+        return -1;
+    }
+
+    /* ...and there is none in flight yet... */
+    if (s->tlsext_hb_pending) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
+        return -1;
+    }
+
+    /* ...and no handshake in progress. */
+    if (SSL_in_init(s) || ossl_statem_get_in_handshake(s)) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*-
+     * Create HeartBeat message, we just use a sequence number
+     * as payload to distinguish different messages and add
+     * some random stuff.
+     */
+    size = HEARTBEAT_SIZE(payload, padding);
+    buf = OPENSSL_malloc(size);
+    if (buf == NULL) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    p = buf;
+    /* Message Type */
+    *p++ = TLS1_HB_REQUEST;
+    /* Payload length (18 bytes here) */
+    s2n(payload, p);
+    /* Sequence number */
+    s2n(s->tlsext_hb_seq, p);
+    /* 16 random bytes */
+    if (RAND_bytes(p, 16) <= 0) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    p += 16;
+    /* Random padding */
+    if (RAND_bytes(p, padding) <= 0) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size);
+    if (ret >= 0) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
+                            buf, size, s, s->msg_callback_arg);
+
+        dtls1_start_timer(s);
+        s->tlsext_hb_pending = 1;
+    }
+
+ err:
+    OPENSSL_free(buf);
+
+    return ret;
+}
+#endif
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
+
+int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
+    return 1;
+}
+
+static unsigned int dtls1_link_min_mtu(void)
+{
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
+}
+
+unsigned int dtls1_min_mtu(SSL *s)
+{
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
diff --git a/openssl-1.1.0h/ssl/d1_msg.c b/openssl-1.1.0h/ssl/d1_msg.c
new file mode 100644
index 0000000..7471fd3
--- /dev/null
+++ b/openssl-1.1.0h/ssl/d1_msg.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define USE_SOCKETS
+#include "ssl_locl.h"
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
+{
+    int i;
+
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+                   SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+        return -1;
+    }
+
+    i = dtls1_write_bytes(s, type, buf_, len);
+    return i;
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+    int i, j;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+    unsigned char *ptr = &buf[0];
+
+    s->s3->alert_dispatch = 0;
+
+    memset(buf, 0, sizeof(buf));
+    *ptr++ = s->s3->send_alert[0];
+    *ptr++ = s->s3->send_alert[1];
+
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+    if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+        s2n(s->d1->handshake_read_seq, ptr);
+        l2n3(s->d1->r_msg_hdr.frag_off, ptr);
+    }
+#endif
+
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+        /* fprintf( stderr, "not done with alert\n" ); */
+    } else {
+        if (s->s3->send_alert[0] == SSL3_AL_FATAL
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+            || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+#endif
+            )
+            (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return (i);
+}
diff --git a/openssl-1.1.0h/ssl/d1_srtp.c b/openssl-1.1.0h/ssl/d1_srtp.c
new file mode 100644
index 0000000..7e88f17
--- /dev/null
+++ b/openssl-1.1.0h/ssl/d1_srtp.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRTP
+
+static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+    {
+     "SRTP_AES128_CM_SHA1_80",
+     SRTP_AES128_CM_SHA1_80,
+     },
+    {
+     "SRTP_AES128_CM_SHA1_32",
+     SRTP_AES128_CM_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_AES_128_GCM",
+     SRTP_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_AEAD_AES_256_GCM",
+     SRTP_AEAD_AES_256_GCM,
+     },
+    {0}
+};
+
+static int find_profile_by_name(char *profile_name,
+                                SRTP_PROTECTION_PROFILE **pptr, unsigned len)
+{
+    SRTP_PROTECTION_PROFILE *p;
+
+    p = srtp_known_profiles;
+    while (p->name) {
+        if ((len == strlen(p->name))
+            && strncmp(p->name, profile_name, len) == 0) {
+            *pptr = p;
+            return 0;
+        }
+
+        p++;
+    }
+
+    return 1;
+}
+
+static int ssl_ctx_make_profiles(const char *profiles_string,
+                                 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
+
+    char *col;
+    char *ptr = (char *)profiles_string;
+    SRTP_PROTECTION_PROFILE *p;
+
+    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+               SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+        return 1;
+    }
+
+    do {
+        col = strchr(ptr, ':');
+
+        if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
+            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                goto err;
+            }
+
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+                goto err;
+            }
+        } else {
+            SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                   SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+            goto err;
+        }
+
+        if (col)
+            ptr = col + 1;
+    } while (col);
+
+    sk_SRTP_PROTECTION_PROFILE_free(*out);
+
+    *out = profiles;
+
+    return 0;
+ err:
+    sk_SRTP_PROTECTION_PROFILE_free(profiles);
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
+}
+
+int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
+}
+
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
+{
+    if (s != NULL) {
+        if (s->srtp_profiles != NULL) {
+            return s->srtp_profiles;
+        } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
+            return s->ctx->srtp_profiles;
+        }
+    }
+
+    return NULL;
+}
+
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
+{
+    return s->srtp_profile;
+}
+
+/*
+ * Note: this function returns 0 length if there are no profiles specified
+ */
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                     int maxlen)
+{
+    int ct = 0;
+    int i;
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
+    SRTP_PROTECTION_PROFILE *prof;
+
+    clnt = SSL_get_srtp_profiles(s);
+    ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
+
+    if (p) {
+        if (ct == 0) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
+                   SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
+            return 1;
+        }
+
+        if ((2 + ct * 2 + 1) > maxlen) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
+                   SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+            return 1;
+        }
+
+        /* Add the length */
+        s2n(ct * 2, p);
+        for (i = 0; i < ct; i++) {
+            prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+            s2n(prof->id, p);
+        }
+
+        /* Add an empty use_mki value */
+        *p++ = 0;
+    }
+
+    *len = 2 + ct * 2 + 1;
+
+    return 0;
+}
+
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
+{
+    SRTP_PROTECTION_PROFILE *sprof;
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
+    unsigned int ct, mki_len, id;
+    int i, srtp_pref;
+    PACKET subpkt;
+
+    /* Pull off the length of the cipher suite list  and check it is even */
+    if (!PACKET_get_net_2(pkt, &ct)
+        || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        *al = SSL_AD_DECODE_ERROR;
+        return 1;
+    }
+
+    srvr = SSL_get_srtp_profiles(s);
+    s->srtp_profile = NULL;
+    /* Search all profiles for a match initially */
+    srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
+
+    while (PACKET_remaining(&subpkt)) {
+        if (!PACKET_get_net_2(&subpkt, &id)) {
+            SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+                   SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+            *al = SSL_AD_DECODE_ERROR;
+            return 1;
+        }
+
+        /*
+         * Only look for match in profiles of higher preference than
+         * current match.
+         * If no profiles have been have been configured then this
+         * does nothing.
+         */
+        for (i = 0; i < srtp_pref; i++) {
+            sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
+            if (sprof->id == id) {
+                s->srtp_profile = sprof;
+                srtp_pref = i;
+                break;
+            }
+        }
+    }
+
+    /*
+     * Now extract the MKI value as a sanity check, but discard it for now
+     */
+    if (!PACKET_get_1(pkt, &mki_len)) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        *al = SSL_AD_DECODE_ERROR;
+        return 1;
+    }
+
+    if (!PACKET_forward(pkt, mki_len)
+        || PACKET_remaining(pkt)) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+               SSL_R_BAD_SRTP_MKI_VALUE);
+        *al = SSL_AD_DECODE_ERROR;
+        return 1;
+    }
+
+    return 0;
+}
+
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                     int maxlen)
+{
+    if (p) {
+        if (maxlen < 5) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
+                   SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+            return 1;
+        }
+
+        if (s->srtp_profile == 0) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
+                   SSL_R_USE_SRTP_NOT_NEGOTIATED);
+            return 1;
+        }
+        s2n(2, p);
+        s2n(s->srtp_profile->id, p);
+        *p++ = 0;
+    }
+    *len = 5;
+
+    return 0;
+}
+
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
+{
+    unsigned int id, ct, mki;
+    int i;
+
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
+    SRTP_PROTECTION_PROFILE *prof;
+
+    if (!PACKET_get_net_2(pkt, &ct)
+        || ct != 2 || !PACKET_get_net_2(pkt, &id)
+        || !PACKET_get_1(pkt, &mki)
+        || PACKET_remaining(pkt) != 0) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        *al = SSL_AD_DECODE_ERROR;
+        return 1;
+    }
+
+    if (mki != 0) {
+        /* Must be no MKI, since we never offer one */
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
+               SSL_R_BAD_SRTP_MKI_VALUE);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 1;
+    }
+
+    clnt = SSL_get_srtp_profiles(s);
+
+    /* Throw an error if the server gave us an unsolicited extension */
+    if (clnt == NULL) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
+               SSL_R_NO_SRTP_PROFILES);
+        *al = SSL_AD_DECODE_ERROR;
+        return 1;
+    }
+
+    /*
+     * Check to see if the server gave us something we support (and
+     * presumably offered)
+     */
+    for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
+        prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof->id == id) {
+            s->srtp_profile = prof;
+            *al = 0;
+            return 0;
+        }
+    }
+
+    SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
+           SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+    *al = SSL_AD_DECODE_ERROR;
+    return 1;
+}
+
+#endif
diff --git a/openssl-1.1.0h/ssl/methods.c b/openssl-1.1.0h/ssl/methods.c
new file mode 100644
index 0000000..c846143
--- /dev/null
+++ b/openssl-1.1.0h/ssl/methods.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/*-
+ * TLS/SSLv3 methods
+ */
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_method,
+                        ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
+#endif
+/*-
+ * TLS/SSLv3 server methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_server_method,
+                         ossl_statem_accept, ssl_undefined_function)
+#endif
+/*-
+ * TLS/SSLv3 client methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_client_method,
+                         ssl_undefined_function, ossl_statem_connect)
+#endif
+/*-
+ * DTLS methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS server methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS client methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtls_bad_ver_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void)
+{
+    return tlsv1_2_method();
+}
+
+const SSL_METHOD *TLSv1_2_server_method(void)
+{
+    return tlsv1_2_server_method();
+}
+
+const SSL_METHOD *TLSv1_2_client_method(void)
+{
+    return tlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void)
+{
+    return tlsv1_1_method();
+}
+
+const SSL_METHOD *TLSv1_1_server_method(void)
+{
+    return tlsv1_1_server_method();
+}
+
+const SSL_METHOD *TLSv1_1_client_method(void)
+{
+    return tlsv1_1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void)
+{
+    return tlsv1_method();
+}
+
+const SSL_METHOD *TLSv1_server_method(void)
+{
+    return tlsv1_server_method();
+}
+
+const SSL_METHOD *TLSv1_client_method(void)
+{
+    return tlsv1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void)
+{
+    return sslv3_method();
+}
+
+const SSL_METHOD *SSLv3_server_method(void)
+{
+    return sslv3_server_method();
+}
+
+const SSL_METHOD *SSLv3_client_method(void)
+{
+    return sslv3_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void)
+{
+    return dtlsv1_2_method();
+}
+
+const SSL_METHOD *DTLSv1_2_server_method(void)
+{
+    return dtlsv1_2_server_method();
+}
+
+const SSL_METHOD *DTLSv1_2_client_method(void)
+{
+    return dtlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void)
+{
+    return dtlsv1_method();
+}
+
+const SSL_METHOD *DTLSv1_server_method(void)
+{
+    return dtlsv1_server_method();
+}
+
+const SSL_METHOD *DTLSv1_client_method(void)
+{
+    return dtlsv1_client_method();
+}
+# endif
+
+#endif
diff --git a/openssl-1.1.0h/ssl/packet_locl.h b/openssl-1.1.0h/ssl/packet_locl.h
new file mode 100644
index 0000000..d34034d
--- /dev/null
+++ b/openssl-1.1.0h/ssl/packet_locl.h
@@ -0,0 +1,555 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PACKET_LOCL_H
+# define HEADER_PACKET_LOCL_H
+
+# include <string.h>
+# include <openssl/bn.h>
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+
+# include "internal/numbers.h"
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+    /* Pointer to where we are currently reading from */
+    const unsigned char *curr;
+    /* Number of bytes remaining */
+    size_t remaining;
+} PACKET;
+
+/* Internal unchecked shorthand; don't use outside this file. */
+static ossl_inline void packet_forward(PACKET *pkt, size_t len)
+{
+    pkt->curr += len;
+    pkt->remaining -= len;
+}
+
+/*
+ * Returns the number of bytes remaining to be read in the PACKET
+ */
+static ossl_inline size_t PACKET_remaining(const PACKET *pkt)
+{
+    return pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the first byte after the packet data.
+ * Useful for integrating with non-PACKET parsing code.
+ * Specifically, we use PACKET_end() to verify that a d2i_... call
+ * has consumed the entire packet contents.
+ */
+static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
+{
+    return pkt->curr + pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the PACKET's current position.
+ * For use in non-PACKETized APIs.
+ */
+static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt)
+{
+    return pkt->curr;
+}
+
+/*
+ * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
+ * copy of the data so |buf| must be present for the whole time that the PACKET
+ * is being used.
+ */
+__owur static ossl_inline int PACKET_buf_init(PACKET *pkt,
+                                              const unsigned char *buf,
+                                              size_t len)
+{
+    /* Sanity check for negative values. */
+    if (len > (size_t)(SIZE_MAX / 2))
+        return 0;
+
+    pkt->curr = buf;
+    pkt->remaining = len;
+    return 1;
+}
+
+/* Initialize a PACKET to hold zero bytes. */
+static ossl_inline void PACKET_null_init(PACKET *pkt)
+{
+    pkt->curr = NULL;
+    pkt->remaining = 0;
+}
+
+/*
+ * Returns 1 if the packet has length |num| and its contents equal the |num|
+ * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).
+ * If lengths are equal, performs the comparison in constant time.
+ */
+__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
+                                           size_t num)
+{
+    if (PACKET_remaining(pkt) != num)
+        return 0;
+    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;
+}
+
+/*
+ * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
+                                                     PACKET *subpkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    return PACKET_buf_init(subpkt, pkt->curr, len);
+}
+
+/*
+ * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not
+ * copied: the |subpkt| packet will share its underlying buffer with the
+ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
+                                                    PACKET *subpkt, size_t len)
+{
+    if (!PACKET_peek_sub_packet(pkt, subpkt, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 2 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
+                                                unsigned int *data)
+{
+    if (PACKET_remaining(pkt) < 2)
+        return 0;
+
+    *data = ((unsigned int)(*pkt->curr)) << 8;
+    *data |= *(pkt->curr + 1);
+
+    return 1;
+}
+
+/* Equivalent of n2s */
+/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_net_2(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 2);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 3 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 3)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= *(pkt->curr + 2);
+
+    return 1;
+}
+
+/* Equivalent of n2l3 */
+/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_3(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 3);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 4 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 24;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 8;
+    *data |= *(pkt->curr + 3);
+
+    return 1;
+}
+
+/* Equivalent of n2l */
+/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt,
+                                            unsigned int *data)
+{
+    if (!PACKET_remaining(pkt))
+        return 0;
+
+    *data = *pkt->curr;
+
+    return 1;
+}
+
+/* Get 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_1(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 1);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value
+ * in |*data|
+ */
+__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt,
+                                            unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = *pkt->curr;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 3))) << 24;
+
+    return 1;
+}
+
+/* Equivalent of c2l */
+/*
+ * Get 4 bytes in reverse network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
+ * |*data|. This just points at the underlying buffer that |pkt| is using. The
+ * caller should not free this data directly (it will be freed when the
+ * underlying buffer gets freed
+ */
+__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt,
+                                                const unsigned char **data,
+                                                size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    *data = pkt->curr;
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
+ * just points at the underlying buffer that |pkt| is using. The caller should
+ * not free this data directly (it will be freed when the underlying buffer gets
+ * freed
+ */
+__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt,
+                                               const unsigned char **data,
+                                               size_t len)
+{
+    if (!PACKET_peek_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
+__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
+                                                     unsigned char *data,
+                                                     size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    memcpy(data, pkt->curr, len);
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from |pkt| and copy them to |data|.
+ * The caller is responsible for ensuring that |data| can hold |len| bytes.
+ */
+__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
+                                                unsigned char *data, size_t len)
+{
+    if (!PACKET_peek_copy_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Copy packet data to |dest|, and set |len| to the number of copied bytes.
+ * If the packet has more than |dest_len| bytes, nothing is copied.
+ * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt,
+                                              unsigned char *dest,
+                                              size_t dest_len, size_t *len)
+{
+    if (PACKET_remaining(pkt) > dest_len) {
+        *len = 0;
+        return 0;
+    }
+    *len = pkt->remaining;
+    memcpy(dest, pkt->curr, pkt->remaining);
+    return 1;
+}
+
+/*
+ * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the
+ * result in |*data|, and the length in |len|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the packet is empty, or malloc fails, |*data| will be set to NULL.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_memdup(const PACKET *pkt,
+                                            unsigned char **data, size_t *len)
+{
+    size_t length;
+
+    OPENSSL_free(*data);
+    *data = NULL;
+    *len = 0;
+
+    length = PACKET_remaining(pkt);
+
+    if (length == 0)
+        return 1;
+
+    *data = OPENSSL_memdup(pkt->curr, length);
+    if (*data == NULL)
+        return 0;
+
+    *len = length;
+    return 1;
+}
+
+/*
+ * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated
+ * buffer. Store a pointer to the result in |*data|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the data in |pkt| does not contain a NUL-byte, the entire data is
+ * copied and NUL-terminated.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing done
+ * with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
+{
+    OPENSSL_free(*data);
+
+    /* This will succeed on an empty packet, unless pkt->curr == NULL. */
+    *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt));
+    return (*data != NULL);
+}
+
+/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
+static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
+{
+    return memchr(pkt->curr, 0, pkt->remaining) != NULL;
+}
+
+/* Move the current reading position forward |len| bytes */
+__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a one-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_1, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a two-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_2, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a three-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned long length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_net_3(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+# ifdef __cplusplus
+}
+# endif
+
+#endif                          /* HEADER_PACKET_LOCL_H */
diff --git a/openssl-1.1.0h/ssl/pqueue.c b/openssl-1.1.0h/ssl/pqueue.c
new file mode 100644
index 0000000..b447e1d
--- /dev/null
+++ b/openssl-1.1.0h/ssl/pqueue.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+#include <openssl/bn.h>
+
+struct pqueue_st {
+    pitem *items;
+    int count;
+};
+
+pitem *pitem_new(unsigned char *prio64be, void *data)
+{
+    pitem *item = OPENSSL_malloc(sizeof(*item));
+    if (item == NULL)
+        return NULL;
+
+    memcpy(item->priority, prio64be, sizeof(item->priority));
+
+    item->data = data;
+    item->next = NULL;
+
+    return item;
+}
+
+void pitem_free(pitem *item)
+{
+    OPENSSL_free(item);
+}
+
+pqueue *pqueue_new()
+{
+    pqueue *pq = OPENSSL_zalloc(sizeof(*pq));
+
+    return pq;
+}
+
+void pqueue_free(pqueue *pq)
+{
+    OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue *pq, pitem *item)
+{
+    pitem *curr, *next;
+
+    if (pq->items == NULL) {
+        pq->items = item;
+        return item;
+    }
+
+    for (curr = NULL, next = pq->items;
+         next != NULL; curr = next, next = next->next) {
+        /*
+         * we can compare 64-bit value in big-endian encoding with memcmp:-)
+         */
+        int cmp = memcmp(next->priority, item->priority, 8);
+        if (cmp > 0) {          /* next > item */
+            item->next = next;
+
+            if (curr == NULL)
+                pq->items = item;
+            else
+                curr->next = item;
+
+            return item;
+        }
+
+        else if (cmp == 0)      /* duplicates not allowed */
+            return NULL;
+    }
+
+    item->next = NULL;
+    curr->next = item;
+
+    return item;
+}
+
+pitem *pqueue_peek(pqueue *pq)
+{
+    return pq->items;
+}
+
+pitem *pqueue_pop(pqueue *pq)
+{
+    pitem *item = pq->items;
+
+    if (pq->items != NULL)
+        pq->items = pq->items->next;
+
+    return item;
+}
+
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be)
+{
+    pitem *next;
+    pitem *found = NULL;
+
+    if (pq->items == NULL)
+        return NULL;
+
+    for (next = pq->items; next->next != NULL; next = next->next) {
+        if (memcmp(next->priority, prio64be, 8) == 0) {
+            found = next;
+            break;
+        }
+    }
+
+    /* check the one last node */
+    if (memcmp(next->priority, prio64be, 8) == 0)
+        found = next;
+
+    if (!found)
+        return NULL;
+
+    return found;
+}
+
+pitem *pqueue_iterator(pqueue *pq)
+{
+    return pqueue_peek(pq);
+}
+
+pitem *pqueue_next(pitem **item)
+{
+    pitem *ret;
+
+    if (item == NULL || *item == NULL)
+        return NULL;
+
+    /* *item != NULL */
+    ret = *item;
+    *item = (*item)->next;
+
+    return ret;
+}
+
+int pqueue_size(pqueue *pq)
+{
+    pitem *item = pq->items;
+    int count = 0;
+
+    while (item != NULL) {
+        count++;
+        item = item->next;
+    }
+    return count;
+}
diff --git a/openssl-1.1.0h/ssl/record/README b/openssl-1.1.0h/ssl/record/README
new file mode 100644
index 0000000..987e9fd
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/README
@@ -0,0 +1,74 @@
+Record Layer Design
+===================
+
+This file provides some guidance on the thinking behind the design of the
+record layer code to aid future maintenance.
+
+The record layer is divided into a number of components. At the time of writing
+there are four: SSL3_RECORD, SSL3_BUFFER, DLTS1_BITMAP and RECORD_LAYER. Each
+of these components is defined by:
+1) A struct definition of the same name as the component
+2) A set of source files that define the functions for that component
+3) A set of accessor macros
+
+All struct definitions are in record.h. The functions and macros are either
+defined in record.h or record_locl.h dependent on whether they are intended to
+be private to the record layer, or whether they form part of the API to the rest
+of libssl.
+
+The source files map to components as follows:
+
+dtls1_bitmap.c                                   -> DTLS1_BITMAP component
+ssl3_buffer.c                                    -> SSL3_BUFFER component
+ssl3_record.c                                    -> SSL3_RECORD component
+rec_layer_s3.c, rec_layer_d1.c                   -> RECORD_LAYER component
+
+The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified
+interface to the record layer for the rest of libssl. The other 3 components are
+entirely private to the record layer and therefore should never be accessed
+directly by libssl.
+
+Any component can directly access its own members - they are private to that
+component, e.g. ssl3_buffer.c can access members of the SSL3_BUFFER struct
+without using a macro. No component can directly access the members of another
+component, e.g. ssl3_buffer cannot reach inside the RECORD_LAYER component to
+directly access its members. Instead components use accessor macros, so if code
+in ssl3_buffer.c wants to access the members of the RECORD_LAYER it uses the
+RECORD_LAYER_* macros.
+
+Conceptually it looks like this:
+
+                        libssl
+                           |
+---------------------------|-----record.h--------------------------------------
+                           |
+                    _______V______________
+                   |                      |
+                   |    RECORD_LAYER      |
+                   |                      |
+                   |    rec_layer_s3.c    |
+                   |          ^           |
+                   | _________|__________ |
+                   ||                    ||
+                   || DTLS1_RECORD_LAYER ||
+                   ||                    ||
+                   || rec_layer_d1.c     ||
+                   ||____________________||
+                   |______________________|
+        record_locl.h     ^   ^   ^
+         _________________|   |   |_________________
+        |                     |                     |
+   _____V_________      ______V________      _______V________
+  |               |    |               |    |                |
+  | SSL3_BUFFER   |    | SSL3_RECORD   |    | DTLS1_BITMAP   |
+  |               |--->|               |    |                |
+  | ssl3_buffer.c |    | ssl3_record.c |    | dtls1_bitmap.c |
+  |_______________|    |_______________|    |________________|
+
+
+The two RECORD_LAYER source files build on each other, i.e.
+the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second
+one is rec_layer_d1.c which builds off of the SSL/TLS code to provide DTLS
+specific capabilities. It uses some DTLS specific RECORD_LAYER component members
+which should only be accessed from rec_layer_d1.c. These are held in the
+DTLS1_RECORD_LAYER struct.
diff --git a/openssl-1.1.0h/ssl/record/dtls1_bitmap.c b/openssl-1.1.0h/ssl/record/dtls1_bitmap.c
new file mode 100644
index 0000000..5923c53
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/dtls1_bitmap.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+/* mod 128 saturating subtract of two 64-bit values in big-endian order */
+static int satsub64be(const unsigned char *v1, const unsigned char *v2)
+{
+    int64_t ret;
+    uint64_t l1, l2;
+
+    n2l8(v1, l1);
+    n2l8(v2, l2);
+
+    ret = l1 - l2;
+
+    /* We do not permit wrap-around */
+    if (l1 > l2 && ret < 0)
+        return 128;
+    else if (l2 > l1 && ret > 0)
+        return -128;
+
+    if (ret > 128)
+        return 128;
+    else if (ret < -128)
+        return -128;
+    else
+        return (int)ret;
+}
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->rlayer.read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+        return 1;               /* this record in new */
+    }
+    shift = -cmp;
+    if (shift >= sizeof(bitmap->map) * 8)
+        return 0;               /* stale, outside the window */
+    else if (bitmap->map & (1UL << shift))
+        return 0;               /* record previously received */
+
+    SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+    return 1;
+}
+
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        shift = cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map <<= shift, bitmap->map |= 1UL;
+        else
+            bitmap->map = 1UL;
+        memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
+    } else {
+        shift = -cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map |= 1UL << shift;
+    }
+}
diff --git a/openssl-1.1.0h/ssl/record/rec_layer_d1.c b/openssl-1.1.0h/ssl/record/rec_layer_d1.c
new file mode 100644
index 0000000..b3ff5f1
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/rec_layer_d1.c
@@ -0,0 +1,1229 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include "record_locl.h"
+
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+
+    if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
+        return (0);
+
+    rl->d = d;
+
+    d->unprocessed_rcds.q = pqueue_new();
+    d->processed_rcds.q = pqueue_new();
+    d->buffered_app_data.q = pqueue_new();
+
+    if (d->unprocessed_rcds.q == NULL || d->processed_rcds.q == NULL
+        || d->buffered_app_data.q == NULL) {
+        pqueue_free(d->unprocessed_rcds.q);
+        pqueue_free(d->processed_rcds.q);
+        pqueue_free(d->buffered_app_data.q);
+        OPENSSL_free(d);
+        rl->d = NULL;
+        return (0);
+    }
+
+    return 1;
+}
+
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER_clear(rl);
+    pqueue_free(rl->d->unprocessed_rcds.q);
+    pqueue_free(rl->d->processed_rcds.q);
+    pqueue_free(rl->d->buffered_app_data.q);
+    OPENSSL_free(rl->d);
+    rl->d = NULL;
+}
+
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+    pitem *item = NULL;
+    DTLS1_RECORD_DATA *rdata;
+    pqueue *unprocessed_rcds;
+    pqueue *processed_rcds;
+    pqueue *buffered_app_data;
+
+    d = rl->d;
+
+    while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    unprocessed_rcds = d->unprocessed_rcds.q;
+    processed_rcds = d->processed_rcds.q;
+    buffered_app_data = d->buffered_app_data.q;
+    memset(d, 0, sizeof(*d));
+    d->unprocessed_rcds.q = unprocessed_rcds;
+    d->processed_rcds.q = processed_rcds;
+    d->buffered_app_data.q = buffered_app_data;
+}
+
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
+{
+    if (e == rl->d->w_epoch - 1) {
+        memcpy(rl->d->curr_write_sequence,
+               rl->write_sequence, sizeof(rl->write_sequence));
+        memcpy(rl->write_sequence,
+               rl->d->last_write_sequence, sizeof(rl->write_sequence));
+    } else if (e == rl->d->w_epoch + 1) {
+        memcpy(rl->d->last_write_sequence,
+               rl->write_sequence, sizeof(unsigned char[8]));
+        memcpy(rl->write_sequence,
+               rl->d->curr_write_sequence, sizeof(rl->write_sequence));
+    }
+    rl->d->w_epoch = e;
+}
+
+void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl)
+{
+    memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence));
+}
+
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
+{
+    memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
+}
+
+static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+                                   int len);
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+
+    SSL3_BUFFER_release(&s->rlayer.rbuf);
+
+    s->rlayer.packet = rdata->packet;
+    s->rlayer.packet_length = rdata->packet_length;
+    memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
+
+    /* Set proper sequence number for mac calculation */
+    memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
+
+    return (1);
+}
+
+int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+    pitem *item;
+
+    /* Limit the size of the queue to prevent DOS attacks */
+    if (pqueue_size(queue->q) >= 100)
+        return 0;
+
+    rdata = OPENSSL_malloc(sizeof(*rdata));
+    item = pitem_new(priority, rdata);
+    if (rdata == NULL || item == NULL) {
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    rdata->packet = s->rlayer.packet;
+    rdata->packet_length = s->rlayer.packet_length;
+    memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
+
+    item->data = rdata;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Store bio_dgram_sctp_rcvinfo struct */
+    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
+                 sizeof(rdata->recordinfo), &rdata->recordinfo);
+    }
+#endif
+
+    s->rlayer.packet = NULL;
+    s->rlayer.packet_length = 0;
+    memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf));
+    memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));
+
+    if (!ssl3_setup_buffers(s)) {
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return (-1);
+    }
+
+    /* insert should not fail, since duplicates are dropped */
+    if (pqueue_insert(queue->q, item) == NULL) {
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return (-1);
+    }
+
+    return (1);
+}
+
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item) {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        return (1);
+    }
+
+    return (0);
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->rlayer.d->unprocessed_rcds))
+
+int dtls1_process_buffered_records(SSL *s)
+{
+    pitem *item;
+    SSL3_BUFFER *rb;
+    SSL3_RECORD *rr;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+    int replayok = 1;
+
+    item = pqueue_peek(s->rlayer.d->unprocessed_rcds.q);
+    if (item) {
+        /* Check if epoch is current. */
+        if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch)
+            return 1;         /* Nothing to do. */
+
+        rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+        rb = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+        if (SSL3_BUFFER_get_left(rb) > 0) {
+            /*
+             * We've still got data from the current packet to read. There could
+             * be a record from the new epoch in it - so don't overwrite it
+             * with the unprocessed records yet (we'll do it when we've
+             * finished reading the current packet).
+             */
+            return 1;
+        }
+
+        /* Process all the records. */
+        while (pqueue_peek(s->rlayer.d->unprocessed_rcds.q)) {
+            dtls1_get_unprocessed_record(s);
+            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+            if (bitmap == NULL) {
+                /*
+                 * Should not happen. This will only ever be NULL when the
+                 * current record is from a different epoch. But that cannot
+                 * be the case because we already checked the epoch above
+                 */
+                 SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+                        ERR_R_INTERNAL_ERROR);
+                 return 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            /* Only do replay check if no SCTP bio */
+            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+#endif
+            {
+                /*
+                 * Check whether this is a repeat, or aged record. We did this
+                 * check once already when we first received the record - but
+                 * we might have updated the window since then due to
+                 * records we subsequently processed.
+                 */
+                replayok = dtls1_record_replay_check(s, bitmap);
+            }
+
+            if (!replayok || !dtls1_process_record(s, bitmap)) {
+                /* dump this record */
+                rr->length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                continue;
+            }
+
+            if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                    SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0)
+                return 0;
+        }
+    }
+
+    /*
+     * sync epoch numbers once all the unprocessed records have been
+     * processed
+     */
+    s->rlayer.d->processed_rcds.epoch = s->rlayer.d->r_epoch;
+    s->rlayer.d->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1;
+
+    return 1;
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                     int len, int peek)
+{
+    int al, i, j, ret;
+    unsigned int n;
+    SSL3_RECORD *rr;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_buffers(s))
+            return (-1);
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+         (type != SSL3_RT_HANDSHAKE)) ||
+        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /*
+     * check whether there's a handshake message (client hello?) waiting
+     */
+    if ((ret = have_handshake_fragment(s, type, buf, len))) {
+        *recvd_type = SSL3_RT_HANDSHAKE;
+        return ret;
+    }
+
+    /*
+     * Now s->rlayer.d->handshake_fragment_len == 0 if
+     * type == SSL3_RT_HANDSHAKE.
+     */
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s))
+    {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+    }
+
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * s->s3->rrec.type         - is the type of record
+     * s->s3->rrec.data,    - data
+     * s->s3->rrec.off,     - offset into 'data' for next read
+     * s->s3->rrec.length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+
+    /*
+     * We are not handshaking and have no data yet, so process data buffered
+     * during the last handshake in advance, if any.
+     */
+    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
+        pitem *item;
+        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
+        if (item) {
+#ifndef OPENSSL_NO_SCTP
+            /* Restore bio_dgram_sctp_rcvinfo struct */
+            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+                         sizeof(rdata->recordinfo), &rdata->recordinfo);
+            }
+#endif
+
+            dtls1_copy_record(s, item);
+
+            OPENSSL_free(item->data);
+            pitem_free(item);
+        }
+    }
+
+    /* Check for timeout */
+    if (dtls1_handle_timeout(s) > 0)
+        goto start;
+
+    /* get new packet if necessary */
+    if ((SSL3_RECORD_get_length(rr) == 0)
+        || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        ret = dtls1_get_record(s);
+        if (ret <= 0) {
+            ret = dtls1_read_failed(s, ret);
+            /* anything other than a timeout is an error */
+            if (ret <= 0)
+                return (ret);
+            else
+                goto start;
+        }
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        /*
+         * We now have application data between CCS and Finished. Most likely
+         * the packets were reordered on their way, so buffer the application
+         * data for later processing rather than dropping the connection.
+         */
+        if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
+                                SSL3_RECORD_get_seq_num(rr)) < 0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_set_length(rr, 0);
+        goto start;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+            goto f_err;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len <= 0)
+            return (len);
+
+        if ((unsigned int)len > SSL3_RECORD_get_length(rr))
+            n = SSL3_RECORD_get_length(rr);
+        else
+            n = (unsigned int)len;
+
+        memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
+        if (!peek) {
+            SSL3_RECORD_sub_length(rr, n);
+            SSL3_RECORD_add_off(rr, n);
+            if (SSL3_RECORD_get_length(rr) == 0) {
+                s->rlayer.rstate = SSL_ST_READ_HEADER;
+                SSL3_RECORD_set_off(rr, 0);
+            }
+        }
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * We might had to delay a close_notify alert because of reordered
+         * app data. If there was an alert and there is no message to read
+         * anymore, finally set shutdown.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            s->d1->shutdown_received
+            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return (0);
+        }
+#endif
+        return (n);
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello).
+     */
+
+    /*
+     * In case of record types for which we have 'fragment' storage, fill
+     * that so that we can process the data at a fixed place.
+     */
+    {
+        unsigned int k, dest_maxlen = 0;
+        unsigned char *dest = NULL;
+        unsigned int *dest_len = NULL;
+
+        if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+            dest_maxlen = sizeof(s->rlayer.d->handshake_fragment);
+            dest = s->rlayer.d->handshake_fragment;
+            dest_len = &s->rlayer.d->handshake_fragment_len;
+        } else if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+            dest_maxlen = sizeof(s->rlayer.d->alert_fragment);
+            dest = s->rlayer.d->alert_fragment;
+            dest_len = &s->rlayer.d->alert_fragment_len;
+        }
+#ifndef OPENSSL_NO_HEARTBEATS
+        else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) {
+            /* We allow a 0 return */
+            if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
+                                        SSL3_RECORD_get_length(rr)) < 0) {
+                return -1;
+            }
+            /* Exit and notify application to read again */
+            SSL3_RECORD_set_length(rr, 0);
+            s->rwstate = SSL_READING;
+            BIO_clear_retry_flags(SSL_get_rbio(s));
+            BIO_set_retry_read(SSL_get_rbio(s));
+            return (-1);
+        }
+#endif
+        /* else it's a CCS message, or application data or wrong */
+        else if (SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC) {
+            /*
+             * Application data while renegotiating is allowed. Try again
+             * reading.
+             */
+            if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) {
+                BIO *bio;
+                s->s3->in_read_app_data = 2;
+                bio = SSL_get_rbio(s);
+                s->rwstate = SSL_READING;
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return (-1);
+            }
+
+            /* Not certain if this is the right error handling */
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+            goto f_err;
+        }
+
+        if (dest_maxlen > 0) {
+            /*
+             * XDTLS: In a pathological case, the Client Hello may be
+             * fragmented--don't always expect dest_maxlen bytes
+             */
+            if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+                /*
+                 * for normal alerts rr->length is 2, while
+                 * dest_maxlen is 7 if we were to handle this
+                 * non-existing alert...
+                 */
+                FIX ME;
+#endif
+                s->rlayer.rstate = SSL_ST_READ_HEADER;
+                SSL3_RECORD_set_length(rr, 0);
+                goto start;
+            }
+
+            /* now move 'n' bytes: */
+            for (k = 0; k < dest_maxlen; k++) {
+                dest[k] = SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)];
+                SSL3_RECORD_add_off(rr, 1);
+                SSL3_RECORD_add_length(rr, -1);
+            }
+            *dest_len = dest_maxlen;
+        }
+    }
+
+    /*-
+     * s->rlayer.d->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * s->rlayer.d->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    /* If we are a client, check for an incoming 'Hello Request': */
+    if ((!s->server) &&
+        (s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+        (s->rlayer.d->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+        (s->session != NULL) && (s->session->cipher != NULL)) {
+        s->rlayer.d->handshake_fragment_len = 0;
+
+        if ((s->rlayer.d->handshake_fragment[1] != 0) ||
+            (s->rlayer.d->handshake_fragment[2] != 0) ||
+            (s->rlayer.d->handshake_fragment[3] != 0)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+            goto f_err;
+        }
+
+        /*
+         * no need to check sequence number on HELLO REQUEST messages
+         */
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                            s->rlayer.d->handshake_fragment, 4, s,
+                            s->msg_callback_arg);
+
+        if (SSL_is_init_finished(s) &&
+            (s->options & SSL_OP_NO_RENEGOTIATION) == 0 &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+            !s->s3->renegotiate) {
+            s->d1->handshake_read_seq++;
+            s->new_session = 1;
+            ssl3_renegotiate(s);
+            if (ssl3_renegotiate_check(s)) {
+                i = s->handshake_func(s);
+                if (i < 0)
+                    return (i);
+                if (i == 0) {
+                    SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+                    return (-1);
+                }
+
+                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                    if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                        /* no read-ahead left? */
+                        BIO *bio;
+                        /*
+                         * In the case where we try to read application data,
+                         * but we trigger an SSL handshake, we return -1 with
+                         * the retry option set.  Otherwise renegotiation may
+                         * cause nasty problems in the blocking world
+                         */
+                        s->rwstate = SSL_READING;
+                        bio = SSL_get_rbio(s);
+                        BIO_clear_retry_flags(bio);
+                        BIO_set_retry_read(bio);
+                        return (-1);
+                    }
+                }
+            }
+        } else {
+            SSL3_RECORD_set_length(rr, 0);
+            ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        }
+        /*
+         * we either finished a handshake or ignored the request, now try
+         * again to obtain the (application) data we were asked for
+         */
+        goto start;
+    }
+
+    /*
+     * If we are a server and get a client hello when renegotiation isn't
+     * allowed send back a no renegotiation alert and carry on.
+     */
+    if (s->server
+            && SSL_is_init_finished(s)
+            && s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH
+            && s->rlayer.d->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+            && s->s3->previous_client_finished_len != 0
+            && ((!s->s3->send_connection_binding
+                    && (s->options
+                        & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)
+                || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) {
+        s->rlayer.d->handshake_fragment_len = 0;
+        SSL3_RECORD_set_length(rr, 0);
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        goto start;
+    }
+
+    if (s->rlayer.d->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
+        int alert_level = s->rlayer.d->alert_fragment[0];
+        int alert_descr = s->rlayer.d->alert_fragment[1];
+
+        s->rlayer.d->alert_fragment_len = 0;
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT,
+                            s->rlayer.d->alert_fragment, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * With SCTP and streams the socket may deliver app data
+                 * after a close_notify alert. We have to check this first so
+                 * that nothing gets discarded.
+                 */
+                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    s->d1->shutdown_received = 1;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    return -1;
+                }
+#endif
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return (0);
+            }
+#if 0
+            /* XXX: this is a possible improvement in the future */
+            /* now check if it's a missing record */
+            if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+                unsigned short seq;
+                unsigned int frag_off;
+                unsigned char *p = &(s->rlayer.d->alert_fragment[2]);
+
+                n2s(p, seq);
+                n2l3(p, frag_off);
+
+                dtls1_retransmit_message(s,
+                                         dtls1_get_queue_priority
+                                         (frag->msg_header.seq, 0), frag_off,
+                                         &found);
+                if (!found && SSL_in_init(s)) {
+                    /*
+                     * fprintf( stderr,"in init = %d\n", SSL_in_init(s));
+                     */
+                    /*
+                     * requested a message not yet sent, send an alert
+                     * ourselves
+                     */
+                    ssl3_send_alert(s, SSL3_AL_WARNING,
+                                    DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+                }
+            }
+#endif
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return (0);
+        } else {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+            goto f_err;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        SSL3_RECORD_set_length(rr, 0);
+        return (0);
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        /*
+         * We can't process a CCS now, because previous handshake messages
+         * are still missing, so just drop it.
+         */
+        SSL3_RECORD_set_length(rr, 0);
+        goto start;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+        !ossl_statem_get_in_handshake(s)) {
+        struct hm_header_st msg_hdr;
+
+        /* this may just be a stale retransmit */
+        dtls1_get_message_header(rr->data, &msg_hdr);
+        if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch) {
+            SSL3_RECORD_set_length(rr, 0);
+            goto start;
+        }
+
+        /*
+         * If we are server, we may have a repeated FINISHED of the client
+         * here, then retransmit our CCS and FINISHED.
+         */
+        if (msg_hdr.type == SSL3_MT_FINISHED) {
+            if (dtls1_check_timeout_num(s) < 0)
+                return -1;
+
+            dtls1_retransmit_buffered_messages(s);
+            SSL3_RECORD_set_length(rr, 0);
+            goto start;
+        }
+
+        if (SSL_is_init_finished(s) &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
+            ossl_statem_set_in_init(s, 1);
+            s->renegotiate = 1;
+            s->new_session = 1;
+        }
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return (-1);
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        /* TLS just ignores unknown message types */
+        if (s->version == TLS1_VERSION) {
+            SSL3_RECORD_set_length(rr, 0);
+            goto start;
+        }
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+        goto f_err;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (s->s3->in_read_app_data &&
+            (s->s3->total_renegotiations != 0) &&
+            ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return (-1);
+        } else {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+            goto f_err;
+        }
+    }
+    /* not reached */
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return (-1);
+}
+
+        /*
+         * this only happens when a client hello is received and a handshake
+         * is started.
+         */
+static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+                                   int len)
+{
+
+    if ((type == SSL3_RT_HANDSHAKE)
+        && (s->rlayer.d->handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->rlayer.d->handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k, n;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->rlayer.d->handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->rlayer.d->handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->rlayer.d->handshake_fragment_len; k++)
+            s->rlayer.d->handshake_fragment[k] = *src++;
+        return n;
+    }
+
+    return 0;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
+{
+    int i;
+
+    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
+    s->rwstate = SSL_NOTHING;
+    i = do_dtls1_write(s, type, buf, len, 0);
+    return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   unsigned int len, int create_empty_fragment)
+{
+    unsigned char *p, *pseq;
+    int i, mac_size, clear = 0;
+    int prefix_len = 0;
+    int eivlen;
+    SSL3_RECORD wr;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+
+    wb = &s->rlayer.wbuf[0];
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (SSL3_BUFFER_get_left(wb) != 0) {
+        OPENSSL_assert(0);      /* XDTLS: want to see if we ever get here */
+        return (ssl3_write_pending(s, type, buf, len));
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return (i);
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (len == 0 && !create_empty_fragment)
+        return 0;
+
+    if (len > s->max_send_fragment) {
+        SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+        return 0;
+    }
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+        clear = 1;
+
+    if (clear)
+        mac_size = 0;
+    else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0)
+            goto err;
+    }
+
+    p = SSL3_BUFFER_get_buf(wb) + prefix_len;
+
+    /* write the header */
+
+    *(p++) = type & 0xff;
+    SSL3_RECORD_set_type(&wr, type);
+    /*
+     * Special case: for hello verify request, client version 1.0 and we
+     * haven't decided which version to use yet send back using version 1.0
+     * header: otherwise some clients will ignore it.
+     */
+    if (s->method->version == DTLS_ANY_VERSION &&
+        s->max_proto_version != DTLS1_BAD_VER) {
+        *(p++) = DTLS1_VERSION >> 8;
+        *(p++) = DTLS1_VERSION & 0xff;
+    } else {
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+    }
+
+    /* field where we are to write out packet epoch, seq num and len */
+    pseq = p;
+    p += 10;
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        }
+        /* Need explicit part of IV for GCM mode */
+        else if (mode == EVP_CIPH_GCM_MODE)
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        else
+            eivlen = 0;
+    } else
+        eivlen = 0;
+
+    /* lets setup the record stuff. */
+    SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */
+    SSL3_RECORD_set_length(&wr, (int)len);
+    SSL3_RECORD_set_input(&wr, (unsigned char *)buf);
+
+    /*
+     * we now 'read' from wr.input, wr.length bytes into wr.data
+     */
+
+    /* first we compress */
+    if (s->compress != NULL) {
+        if (!ssl3_do_compress(s, &wr)) {
+            SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
+            goto err;
+        }
+    } else {
+        memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr),
+               SSL3_RECORD_get_length(&wr));
+        SSL3_RECORD_reset_input(&wr);
+    }
+
+    /*
+     * we should still have the output to wr.data and the input from
+     * wr.input.  Length should be wr.length. wr.data still points in the
+     * wb->buf
+     */
+
+    if (mac_size != 0) {
+        if (s->method->ssl3_enc->mac(s, &wr,
+                                     &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
+                                     1) < 0)
+            goto err;
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* this is true regardless of mac size */
+    SSL3_RECORD_set_data(&wr, p);
+    SSL3_RECORD_reset_input(&wr);
+
+    if (eivlen)
+        SSL3_RECORD_add_length(&wr, eivlen);
+
+    if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1)
+        goto err;
+
+    /* record length after mac and block padding */
+    /*
+     * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && !
+     * SSL_in_init(s)))
+     */
+
+    /* there's only one epoch between handshake and app data */
+
+    s2n(s->rlayer.d->w_epoch, pseq);
+
+    /* XDTLS: ?? */
+    /*
+     * else s2n(s->d1->handshake_epoch, pseq);
+     */
+
+    memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
+    pseq += 6;
+    s2n(SSL3_RECORD_get_length(&wr), pseq);
+
+    if (s->msg_callback)
+        s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
+                        DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+    /*
+     * we should now have wr.data pointing to the encrypted data, which is
+     * wr->length long
+     */
+    SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
+    SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
+
+    ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
+
+    if (create_empty_fragment) {
+        /*
+         * we are in a recursive call; just return the length, don't write
+         * out anything here
+         */
+        return wr.length;
+    }
+
+    /* now let's set up wb */
+    SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
+    SSL3_BUFFER_set_offset(wb, 0);
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = len;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = len;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, len);
+ err:
+    return -1;
+}
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch)
+{
+
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->rlayer.d->r_epoch)
+        return &s->rlayer.d->bitmap;
+
+    /*
+     * Only HM and ALERT messages can be from the next epoch and only if we
+     * have already processed all of the unprocessed records from the last
+     * epoch
+     */
+    else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
+             s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch &&
+             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+        *is_next_epoch = 1;
+        return &s->rlayer.d->next_bitmap;
+    }
+
+    return NULL;
+}
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+    unsigned char *seq;
+    unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
+
+    if (rw & SSL3_CC_READ) {
+        seq = s->rlayer.read_sequence;
+        s->rlayer.d->r_epoch++;
+        memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
+               sizeof(s->rlayer.d->bitmap));
+        memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
+
+        /*
+         * We must not use any buffered messages received from the previous
+         * epoch
+         */
+        dtls1_clear_received_buffer(s);
+    } else {
+        seq = s->rlayer.write_sequence;
+        memcpy(s->rlayer.d->last_write_sequence, seq,
+               sizeof(s->rlayer.write_sequence));
+        s->rlayer.d->w_epoch++;
+    }
+
+    memset(seq, 0, seq_bytes);
+}
diff --git a/openssl-1.1.0h/ssl/record/rec_layer_s3.c b/openssl-1.1.0h/ssl/record/rec_layer_s3.c
new file mode 100644
index 0000000..1ffc120
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/rec_layer_s3.c
@@ -0,0 +1,1549 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "../ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include "record_locl.h"
+
+#if     defined(OPENSSL_SMALL_FOOTPRINT) || \
+        !(      defined(AES_ASM) &&     ( \
+                defined(__x86_64)       || defined(__x86_64__)  || \
+                defined(_M_AMD64)       || defined(_M_X64)      ) \
+        )
+# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+#endif
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
+{
+    rl->s = s;
+    RECORD_LAYER_set_first_record(&s->rlayer);
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+void RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    rl->rstate = SSL_ST_READ_HEADER;
+
+    /*
+     * Do I need to clear read_ahead? As far as I can tell read_ahead did not
+     * previously get reset by SSL_clear...so I'll keep it that way..but is
+     * that right?
+     */
+
+    rl->packet = NULL;
+    rl->packet_length = 0;
+    rl->wnum = 0;
+    memset(rl->alert_fragment, 0, sizeof(rl->alert_fragment));
+    rl->alert_fragment_len = 0;
+    memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+    rl->handshake_fragment_len = 0;
+    rl->wpend_tot = 0;
+    rl->wpend_type = 0;
+    rl->wpend_ret = 0;
+    rl->wpend_buf = NULL;
+
+    SSL3_BUFFER_clear(&rl->rbuf);
+    ssl3_release_write_buffer(rl->s);
+    rl->numrpipes = 0;
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+    RECORD_LAYER_reset_read_sequence(rl);
+    RECORD_LAYER_reset_write_sequence(rl);
+
+    if (rl->d)
+        DTLS_RECORD_LAYER_clear(rl);
+}
+
+void RECORD_LAYER_release(RECORD_LAYER *rl)
+{
+    if (SSL3_BUFFER_is_initialised(&rl->rbuf))
+        ssl3_release_read_buffer(rl->s);
+    if (rl->numwpipes > 0)
+        ssl3_release_write_buffer(rl->s);
+    SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+/* Checks if we have unprocessed read ahead data pending */
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+{
+    return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+}
+
+/* Checks if we have decrypted unread record data pending */
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+{
+    size_t curr_rec = 0, num_recs = RECORD_LAYER_get_numrpipes(rl);
+    const SSL3_RECORD *rr = rl->rrec;
+
+    while (curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]))
+        curr_rec++;
+
+    return curr_rec < num_recs;
+}
+
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
+{
+    return (rl->numwpipes > 0)
+        && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
+}
+
+int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
+{
+    rl->packet_length = len;
+    if (len != 0) {
+        rl->rstate = SSL_ST_READ_HEADER;
+        if (!SSL3_BUFFER_is_initialised(&rl->rbuf))
+            if (!ssl3_setup_read_buffer(rl->s))
+                return 0;
+    }
+
+    rl->packet = SSL3_BUFFER_get_buf(&rl->rbuf);
+    SSL3_BUFFER_set_data(&rl->rbuf, buf, len);
+
+    return 1;
+}
+
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+}
+
+int ssl3_pending(const SSL *s)
+{
+    unsigned int i;
+    int num = 0;
+
+    if (s->rlayer.rstate == SSL_ST_READ_BODY)
+        return 0;
+
+    for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+        if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+            != SSL3_RT_APPLICATION_DATA)
+            return 0;
+        num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+    }
+
+    return num;
+}
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "read header";
+    case SSL_ST_READ_BODY:
+        return "read body";
+    case SSL_ST_READ_DONE:
+        return "read done";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "RH";
+    case SSL_ST_READ_BODY:
+        return "RB";
+    case SSL_ST_READ_DONE:
+        return "RD";
+    default:
+        return "unknown";
+    }
+}
+
+/*
+ * Return values are as per SSL_read()
+ */
+int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
+{
+    /*
+     * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+     * packet by another n bytes. The packet will be in the sub-array of
+     * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
+     * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
+     * s->packet_length bytes if extend == 1].)
+     * if clearold == 1, move the packet to the start of the buffer; if
+     * clearold == 0 then leave any old packets where they were
+     */
+    int i, len, left;
+    size_t align = 0;
+    unsigned char *pkt;
+    SSL3_BUFFER *rb;
+
+    if (n <= 0)
+        return n;
+
+    rb = &s->rlayer.rbuf;
+    if (rb->buf == NULL)
+        if (!ssl3_setup_read_buffer(s))
+            return -1;
+
+    left = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+
+    if (!extend) {
+        /* start with empty packet ... */
+        if (left == 0)
+            rb->offset = align;
+        else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
+            /*
+             * check if next packet length is large enough to justify payload
+             * alignment...
+             */
+            pkt = rb->buf + rb->offset;
+            if (pkt[0] == SSL3_RT_APPLICATION_DATA
+                && (pkt[3] << 8 | pkt[4]) >= 128) {
+                /*
+                 * Note that even if packet is corrupted and its length field
+                 * is insane, we can only be led to wrong decision about
+                 * whether memmove will occur or not. Header values has no
+                 * effect on memmove arguments and therefore no buffer
+                 * overrun can be triggered.
+                 */
+                memmove(rb->buf + align, pkt, left);
+                rb->offset = align;
+            }
+        }
+        s->rlayer.packet = rb->buf + rb->offset;
+        s->rlayer.packet_length = 0;
+        /* ... now we can act as if 'extend' was set */
+    }
+
+    len = s->rlayer.packet_length;
+    pkt = rb->buf + align;
+    /*
+     * Move any available bytes to front of buffer: 'len' bytes already
+     * pointed to by 'packet', 'left' extra ones at the end
+     */
+    if (s->rlayer.packet != pkt && clearold == 1) {
+        memmove(pkt, s->rlayer.packet, len + left);
+        s->rlayer.packet = pkt;
+        rb->offset = len + align;
+    }
+
+    /*
+     * For DTLS/UDP reads should not span multiple packets because the read
+     * operation returns the whole packet at once (as long as it fits into
+     * the buffer).
+     */
+    if (SSL_IS_DTLS(s)) {
+        if (left == 0 && extend)
+            return 0;
+        if (left > 0 && n > left)
+            n = left;
+    }
+
+    /* if there is enough in the buffer from a previous read, take some */
+    if (left >= n) {
+        s->rlayer.packet_length += n;
+        rb->left = left - n;
+        rb->offset += n;
+        return (n);
+    }
+
+    /* else we need to read more data */
+
+    if (n > (int)(rb->len - rb->offset)) { /* does not happen */
+        SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+        /* ignore max parameter */
+        max = n;
+    else {
+        if (max < n)
+            max = n;
+        if (max > (int)(rb->len - rb->offset))
+            max = rb->len - rb->offset;
+    }
+
+    while (left < n) {
+        /*
+         * Now we have len+left bytes at the front of s->s3->rbuf.buf and
+         * need to read in more until we have len+n (up to len+max if
+         * possible)
+         */
+
+        clear_sys_error();
+        if (s->rbio != NULL) {
+            s->rwstate = SSL_READING;
+            i = BIO_read(s->rbio, pkt + len + left, max - left);
+        } else {
+            SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
+            i = -1;
+        }
+
+        if (i <= 0) {
+            rb->left = left;
+            if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+                if (len + left == 0)
+                    ssl3_release_read_buffer(s);
+            return i;
+        }
+        left += i;
+        /*
+         * reads should *never* span multiple packets for DTLS because the
+         * underlying transport protocol is message oriented as opposed to
+         * byte oriented as in the TLS case.
+         */
+        if (SSL_IS_DTLS(s)) {
+            if (n > left)
+                n = left;       /* makes the while condition false */
+        }
+    }
+
+    /* done reading, now the book-keeping */
+    rb->offset += n;
+    rb->left = left - n;
+    s->rlayer.packet_length += n;
+    s->rwstate = SSL_NOTHING;
+    return (n);
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+{
+    const unsigned char *buf = buf_;
+    int tot;
+    unsigned int n, split_send_fragment, maxpipes;
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    unsigned int max_send_fragment, nw;
+    unsigned int u_len = (unsigned int)len;
+#endif
+    SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
+    int i;
+
+    if (len < 0) {
+        SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH);
+        return -1;
+    }
+
+    s->rwstate = SSL_NOTHING;
+    tot = s->rlayer.wnum;
+    /*
+     * ensure that if we end up with a smaller value of data to write out
+     * than the the original len from a write which didn't complete for
+     * non-blocking I/O and also somehow ended up avoiding the check for
+     * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+     * possible to end up with (len-tot) as a large number that will then
+     * promptly send beyond the end of the users buffer ... so we trap and
+     * report the error in a way the user will notice
+     */
+    if (((unsigned int)len < s->rlayer.wnum) 
+        || ((wb->left != 0) && ((unsigned int)len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
+        SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    s->rlayer.wnum = 0;
+
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (wb->left != 0) {
+        i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot);
+        if (i <= 0) {
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+        tot += i;               /* this might be last fragment */
+    }
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    /*
+     * Depending on platform multi-block can deliver several *times*
+     * better performance. Downside is that it has to allocate
+     * jumbo buffer to accommodate up to 8 records, but the
+     * compromise is considered worthy.
+     */
+    if (type == SSL3_RT_APPLICATION_DATA &&
+        u_len >= 4 * (max_send_fragment = s->max_send_fragment) &&
+        s->compress == NULL && s->msg_callback == NULL &&
+        !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
+        EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+        unsigned char aad[13];
+        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+        int packlen;
+
+        /* minimize address aliasing conflicts */
+        if ((max_send_fragment & 0xfff) == 0)
+            max_send_fragment -= 512;
+
+        if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
+            ssl3_release_write_buffer(s);
+
+            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+                                          max_send_fragment, NULL);
+
+            if (u_len >= 8 * max_send_fragment)
+                packlen *= 8;
+            else
+                packlen *= 4;
+
+            if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+                SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+        } else if (tot == len) { /* done? */
+            /* free jumbo buffer */
+            ssl3_release_write_buffer(s);
+            return tot;
+        }
+
+        n = (len - tot);
+        for (;;) {
+            if (n < 4 * max_send_fragment) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            if (s->s3->alert_dispatch) {
+                i = s->method->ssl_dispatch_alert(s);
+                if (i <= 0) {
+                    s->rlayer.wnum = tot;
+                    return i;
+                }
+            }
+
+            if (n >= 8 * max_send_fragment)
+                nw = max_send_fragment * (mb_param.interleave = 8);
+            else
+                nw = max_send_fragment * (mb_param.interleave = 4);
+
+            memcpy(aad, s->rlayer.write_sequence, 8);
+            aad[8] = type;
+            aad[9] = (unsigned char)(s->version >> 8);
+            aad[10] = (unsigned char)(s->version);
+            aad[11] = 0;
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = nw;
+
+            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+
+            if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            mb_param.out = wb->buf;
+            mb_param.inp = &buf[tot];
+            mb_param.len = nw;
+
+            if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                    EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param) <= 0)
+                return -1;
+
+            s->rlayer.write_sequence[7] += mb_param.interleave;
+            if (s->rlayer.write_sequence[7] < mb_param.interleave) {
+                int j = 6;
+                while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
+            }
+
+            wb->offset = 0;
+            wb->left = packlen;
+
+            s->rlayer.wpend_tot = nw;
+            s->rlayer.wpend_buf = &buf[tot];
+            s->rlayer.wpend_type = type;
+            s->rlayer.wpend_ret = nw;
+
+            i = ssl3_write_pending(s, type, &buf[tot], nw);
+            if (i <= 0) {
+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+                    /* free jumbo buffer */
+                    ssl3_release_write_buffer(s);
+                }
+                s->rlayer.wnum = tot;
+                return i;
+            }
+            if (i == (int)n) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                return tot + i;
+            }
+            n -= i;
+            tot += i;
+        }
+    } else
+#endif
+    if (tot == len) {           /* done? */
+        if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+            ssl3_release_write_buffer(s);
+
+        return tot;
+    }
+
+    n = (len - tot);
+
+    split_send_fragment = s->split_send_fragment;
+    /*
+     * If max_pipelines is 0 then this means "undefined" and we default to
+     * 1 pipeline. Similarly if the cipher does not support pipelined
+     * processing then we also only use 1 pipeline, or if we're not using
+     * explicit IVs
+     */
+    maxpipes = s->max_pipelines;
+    if (maxpipes > SSL_MAX_PIPELINES) {
+        /*
+         * We should have prevented this when we set max_pipelines so we
+         * shouldn't get here
+         */
+        SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    if (maxpipes == 0
+        || s->enc_write_ctx == NULL
+        || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
+             & EVP_CIPH_FLAG_PIPELINE)
+        || !SSL_USE_EXPLICIT_IV(s))
+        maxpipes = 1;
+    if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment
+        || split_send_fragment == 0) {
+        /*
+         * We should have prevented this when we set the split and max send
+         * fragments so we shouldn't get here
+         */
+        SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    for (;;) {
+        unsigned int pipelens[SSL_MAX_PIPELINES], tmppipelen, remain;
+        unsigned int numpipes, j;
+
+        if (n == 0)
+            numpipes = 1;
+        else
+            numpipes = ((n - 1) / split_send_fragment) + 1;
+        if (numpipes > maxpipes)
+            numpipes = maxpipes;
+
+        if (n / numpipes >= s->max_send_fragment) {
+            /*
+             * We have enough data to completely fill all available
+             * pipelines
+             */
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = s->max_send_fragment;
+            }
+        } else {
+            /* We can partially fill all available pipelines */
+            tmppipelen = n / numpipes;
+            remain = n % numpipes;
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = tmppipelen;
+                if (j < remain)
+                    pipelens[j]++;
+            }
+        }
+
+        i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0);
+        if (i <= 0) {
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+
+        if ((i == (int)n) ||
+            (type == SSL3_RT_APPLICATION_DATA &&
+             (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+            /*
+             * next chunk of data should get another prepended empty fragment
+             * in ciphersuites with known-IV weakness:
+             */
+            s->s3->empty_fragment_done = 0;
+
+            if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                !SSL_IS_DTLS(s))
+                ssl3_release_write_buffer(s);
+
+            return tot + i;
+        }
+
+        n -= i;
+        tot += i;
+    }
+}
+
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  unsigned int *pipelens, unsigned int numpipes,
+                  int create_empty_fragment)
+{
+    unsigned char *outbuf[SSL_MAX_PIPELINES], *plen[SSL_MAX_PIPELINES];
+    SSL3_RECORD wr[SSL_MAX_PIPELINES];
+    int i, mac_size, clear = 0;
+    int prefix_len = 0;
+    int eivlen;
+    size_t align = 0;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+    unsigned int totlen = 0;
+    unsigned int j;
+
+    for (j = 0; j < numpipes; j++)
+        totlen += pipelens[j];
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (RECORD_LAYER_write_pending(&s->rlayer))
+        return (ssl3_write_pending(s, type, buf, totlen));
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return (i);
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (s->rlayer.numwpipes < numpipes)
+        if (!ssl3_setup_write_buffer(s, numpipes, 0))
+            return -1;
+
+    if (totlen == 0 && !create_empty_fragment)
+        return 0;
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+        clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
+        mac_size = 0;
+    } else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0)
+            goto err;
+    }
+
+    /*
+     * 'create_empty_fragment' is true only when this function calls itself
+     */
+    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+        /*
+         * countermeasure against known-IV weakness in CBC ciphersuites (see
+         * http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+
+        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+            /*
+             * recursive function call with 'create_empty_fragment' set; this
+             * prepares and buffers the data for an empty fragment (these
+             * 'prefix_len' bytes are sent out later together with the actual
+             * payload)
+             */
+            unsigned int tmppipelen = 0;
+
+            prefix_len = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1);
+            if (prefix_len <= 0)
+                goto err;
+
+            if (prefix_len >
+                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
+                /* insufficient space */
+                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        s->s3->empty_fragment_done = 1;
+    }
+
+    if (create_empty_fragment) {
+        wb = &s->rlayer.wbuf[0];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        /*
+         * extra fragment would be couple of cipher blocks, which would be
+         * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
+         * payload, then we can just pretend we simply have two headers.
+         */
+        align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+        outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
+        SSL3_BUFFER_set_offset(wb, align);
+    } else if (prefix_len) {
+        wb = &s->rlayer.wbuf[0];
+        outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb)
+            + prefix_len;
+    } else {
+        for (j = 0; j < numpipes; j++) {
+            wb = &s->rlayer.wbuf[j];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+            align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+            outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
+            SSL3_BUFFER_set_offset(wb, align);
+        }
+    }
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        }
+        /* Need explicit part of IV for GCM mode */
+        else if (mode == EVP_CIPH_GCM_MODE)
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        else
+            eivlen = 0;
+    } else
+        eivlen = 0;
+
+    totlen = 0;
+    /* Clear our SSL3_RECORD structures */
+    memset(wr, 0, sizeof(wr));
+    for (j = 0; j < numpipes; j++) {
+        /* write the header */
+        *(outbuf[j]++) = type & 0xff;
+        SSL3_RECORD_set_type(&wr[j], type);
+
+        *(outbuf[j]++) = (s->version >> 8);
+        /*
+         * Some servers hang if initial client hello is larger than 256 bytes
+         * and record version number > TLS 1.0
+         */
+        if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
+            && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
+            *(outbuf[j]++) = 0x1;
+        else
+            *(outbuf[j]++) = s->version & 0xff;
+
+        /* field where we are to write out packet length */
+        plen[j] = outbuf[j];
+        outbuf[j] += 2;
+
+        /* lets setup the record stuff. */
+        SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen);
+        SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]);
+        SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]);
+        totlen += pipelens[j];
+
+        /*
+         * we now 'read' from wr->input, wr->length bytes into wr->data
+         */
+
+        /* first we compress */
+        if (s->compress != NULL) {
+            if (!ssl3_do_compress(s, &wr[j])) {
+                SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
+                goto err;
+            }
+        } else {
+            memcpy(wr[j].data, wr[j].input, wr[j].length);
+            SSL3_RECORD_reset_input(&wr[j]);
+        }
+
+        /*
+         * we should still have the output to wr->data and the input from
+         * wr->input.  Length should be wr->length. wr->data still points in the
+         * wb->buf
+         */
+
+        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+            if (s->method->ssl3_enc->mac(s, &wr[j],
+                                         &(outbuf[j][wr[j].length + eivlen]),
+                                         1) < 0)
+                goto err;
+            SSL3_RECORD_add_length(&wr[j], mac_size);
+        }
+
+        SSL3_RECORD_set_data(&wr[j], outbuf[j]);
+        SSL3_RECORD_reset_input(&wr[j]);
+
+        if (eivlen) {
+            /*
+             * if (RAND_pseudo_bytes(p, eivlen) <= 0) goto err;
+             */
+            SSL3_RECORD_add_length(&wr[j], eivlen);
+        }
+    }
+
+    if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1)
+        goto err;
+
+    for (j = 0; j < numpipes; j++) {
+        if (SSL_WRITE_ETM(s) && mac_size != 0) {
+            if (s->method->ssl3_enc->mac(s, &wr[j],
+                                         outbuf[j] + wr[j].length, 1) < 0)
+                goto err;
+            SSL3_RECORD_add_length(&wr[j], mac_size);
+        }
+
+        /* record length after mac and block padding */
+        s2n(SSL3_RECORD_get_length(&wr[j]), plen[j]);
+
+        if (s->msg_callback)
+            s->msg_callback(1, 0, SSL3_RT_HEADER, plen[j] - 5, 5, s,
+                            s->msg_callback_arg);
+
+        /*
+         * we should now have wr->data pointing to the encrypted data, which is
+         * wr->length long
+         */
+        SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for
+                                             * debugging */
+        SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH);
+
+        if (create_empty_fragment) {
+            /*
+             * we are in a recursive call; just return the length, don't write
+             * out anything here
+             */
+            if (j > 0) {
+                /* We should never be pipelining an empty fragment!! */
+                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            return SSL3_RECORD_get_length(wr);
+        }
+
+        /* now let's set up wb */
+        SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
+                             prefix_len + SSL3_RECORD_get_length(&wr[j]));
+    }
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = totlen;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = totlen;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, totlen);
+ err:
+    return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write()
+ */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                       unsigned int len)
+{
+    int i;
+    SSL3_BUFFER *wb = s->rlayer.wbuf;
+    unsigned int currbuf = 0;
+
+    if ((s->rlayer.wpend_tot > (int)len)
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->rlayer.wpend_buf != buf))
+        || (s->rlayer.wpend_type != type)) {
+        SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
+        return (-1);
+    }
+
+    for (;;) {
+        /* Loop until we find a buffer we haven't written out yet */
+        if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
+            && currbuf < s->rlayer.numwpipes - 1) {
+            currbuf++;
+            continue;
+        }
+        clear_sys_error();
+        if (s->wbio != NULL) {
+            s->rwstate = SSL_WRITING;
+            i = BIO_write(s->wbio, (char *)
+                          &(SSL3_BUFFER_get_buf(&wb[currbuf])
+                            [SSL3_BUFFER_get_offset(&wb[currbuf])]),
+                          (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
+        } else {
+            SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
+            i = -1;
+        }
+        if (i == SSL3_BUFFER_get_left(&wb[currbuf])) {
+            SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            SSL3_BUFFER_add_offset(&wb[currbuf], i);
+            if (currbuf + 1 < s->rlayer.numwpipes)
+                continue;
+            s->rwstate = SSL_NOTHING;
+            return (s->rlayer.wpend_ret);
+        } else if (i <= 0) {
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * For DTLS, just drop it. That's kind of the whole point in
+                 * using a datagram service
+                 */
+                SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            }
+            return i;
+        }
+        SSL3_BUFFER_add_offset(&wb[currbuf], i);
+        SSL3_BUFFER_add_left(&wb[currbuf], -i);
+    }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                    int len, int peek)
+{
+    int al, i, j, ret;
+    unsigned int n, curr_rec, num_recs, read_bytes;
+    SSL3_RECORD *rr;
+    SSL3_BUFFER *rbuf;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    rbuf = &s->rlayer.rbuf;
+
+    if (!SSL3_BUFFER_is_initialised(rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_read_buffer(s))
+            return (-1);
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA)
+         && (type != SSL3_RT_HANDSHAKE)) || (peek
+                                             && (type !=
+                                                 SSL3_RT_APPLICATION_DATA))) {
+        SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->rlayer.handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->rlayer.handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->rlayer.handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
+            s->rlayer.handshake_fragment[k] = *src++;
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RT_HANDSHAKE;
+
+        return n;
+    }
+
+    /*
+     * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+     */
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+    }
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * For each record 'i' up to |num_recs]
+     * rr[i].type     - is the type of record
+     * rr[i].data,    - data
+     * rr[i].off,     - offset into 'data' for next read
+     * rr[i].length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+    num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+    do {
+        /* get new records if necessary */
+        if (num_recs == 0) {
+            ret = ssl3_get_record(s);
+            if (ret <= 0)
+                return (ret);
+            num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+            if (num_recs == 0) {
+                /* Shouldn't happen */
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                goto f_err;
+            }
+        }
+        /* Skip over any records we have already read */
+        for (curr_rec = 0;
+             curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+             curr_rec++) ;
+        if (curr_rec == num_recs) {
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+            num_recs = 0;
+            curr_rec = 0;
+        }
+    } while (num_recs == 0);
+    rr = &rr[curr_rec];
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+        goto f_err;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+            goto f_err;
+        }
+
+        if (type == SSL3_RT_HANDSHAKE
+            && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && s->rlayer.handshake_fragment_len > 0) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+            goto f_err;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len <= 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return len;
+        }
+
+        read_bytes = 0;
+        do {
+            if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr))
+                n = SSL3_RECORD_get_length(rr);
+            else
+                n = (unsigned int)len - read_bytes;
+
+            memcpy(buf, &(rr->data[rr->off]), n);
+            buf += n;
+            if (peek) {
+                /* Mark any zero length record as consumed CVE-2016-6305 */
+                if (SSL3_RECORD_get_length(rr) == 0)
+                    SSL3_RECORD_set_read(rr);
+            } else {
+                SSL3_RECORD_sub_length(rr, n);
+                SSL3_RECORD_add_off(rr, n);
+                if (SSL3_RECORD_get_length(rr) == 0) {
+                    s->rlayer.rstate = SSL_ST_READ_HEADER;
+                    SSL3_RECORD_set_off(rr, 0);
+                    SSL3_RECORD_set_read(rr);
+                }
+            }
+            if (SSL3_RECORD_get_length(rr) == 0
+                || (peek && n == SSL3_RECORD_get_length(rr))) {
+                curr_rec++;
+                rr++;
+            }
+            read_bytes += n;
+        } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+                 && read_bytes < (unsigned int)len);
+        if (read_bytes == 0) {
+            /* We must have read empty records. Get more data */
+            goto start;
+        }
+        if (!peek && curr_rec == num_recs
+            && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+            && SSL3_BUFFER_get_left(rbuf) == 0)
+            ssl3_release_read_buffer(s);
+        return read_bytes;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello) or invalid (we
+     * were actually expecting a CCS).
+     */
+
+    /*
+     * Lets just double check that we've not got an SSLv2 record
+     */
+    if (rr->rec_version == SSL2_VERSION) {
+        /*
+         * Should never happen. ssl3_get_record() should only give us an SSLv2
+         * record back if this is the first packet and we are looking for an
+         * initial ClientHello. Therefore |type| should always be equal to
+         * |rr->type|. If not then something has gone horribly wrong
+         */
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    }
+
+    if (s->method->version == TLS_ANY_VERSION
+        && (s->server || rr->type != SSL3_RT_ALERT)) {
+        /*
+         * If we've got this far and still haven't decided on what version
+         * we're using then this must be a client side alert we're dealing with
+         * (we don't allow heartbeats yet). We shouldn't be receiving anything
+         * other than a ClientHello if we are a server.
+         */
+        s->version = rr->rec_version;
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    /*
+     * In case of record types for which we have 'fragment' storage, fill
+     * that so that we can process the data at a fixed place.
+     */
+    {
+        unsigned int dest_maxlen = 0;
+        unsigned char *dest = NULL;
+        unsigned int *dest_len = NULL;
+
+        if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+            dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+            dest = s->rlayer.handshake_fragment;
+            dest_len = &s->rlayer.handshake_fragment_len;
+        } else if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+            dest_maxlen = sizeof(s->rlayer.alert_fragment);
+            dest = s->rlayer.alert_fragment;
+            dest_len = &s->rlayer.alert_fragment_len;
+        }
+
+        if (dest_maxlen > 0) {
+            n = dest_maxlen - *dest_len; /* available space in 'dest' */
+            if (SSL3_RECORD_get_length(rr) < n)
+                n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+            /* now move 'n' bytes: */
+            while (n-- > 0) {
+                dest[(*dest_len)++] =
+                    SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)];
+                SSL3_RECORD_add_off(rr, 1);
+                SSL3_RECORD_add_length(rr, -1);
+            }
+
+            if (*dest_len < dest_maxlen) {
+                SSL3_RECORD_set_read(rr);
+                goto start;     /* fragment was too small */
+            }
+        }
+    }
+
+    /*-
+     * s->rlayer.handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * s->rlayer.alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    /* If we are a client, check for an incoming 'Hello Request': */
+    if ((!s->server) &&
+        (s->rlayer.handshake_fragment_len >= 4) &&
+        (s->rlayer.handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+        (s->session != NULL) && (s->session->cipher != NULL)) {
+        s->rlayer.handshake_fragment_len = 0;
+
+        if ((s->rlayer.handshake_fragment[1] != 0) ||
+            (s->rlayer.handshake_fragment[2] != 0) ||
+            (s->rlayer.handshake_fragment[3] != 0)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+            goto f_err;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                            s->rlayer.handshake_fragment, 4, s,
+                            s->msg_callback_arg);
+        if (SSL_is_init_finished(s) &&
+            (s->options & SSL_OP_NO_RENEGOTIATION) == 0 &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+            !s->s3->renegotiate) {
+            ssl3_renegotiate(s);
+            if (ssl3_renegotiate_check(s)) {
+                i = s->handshake_func(s);
+                if (i < 0)
+                    return (i);
+                if (i == 0) {
+                    SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+                    return (-1);
+                }
+
+                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                    if (SSL3_BUFFER_get_left(rbuf) == 0) {
+                        /* no read-ahead left? */
+                        BIO *bio;
+                        /*
+                         * In the case where we try to read application data,
+                         * but we trigger an SSL handshake, we return -1 with
+                         * the retry option set.  Otherwise renegotiation may
+                         * cause nasty problems in the blocking world
+                         */
+                        s->rwstate = SSL_READING;
+                        bio = SSL_get_rbio(s);
+                        BIO_clear_retry_flags(bio);
+                        BIO_set_retry_read(bio);
+                        return (-1);
+                    }
+                }
+            } else {
+                SSL3_RECORD_set_read(rr);
+            }
+        } else {
+            ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+            SSL3_RECORD_set_read(rr);
+        }
+        /*
+         * we either finished a handshake or ignored the request, now try
+         * again to obtain the (application) data we were asked for
+         */
+        goto start;
+    }
+    /*
+     * If we are a server and get a client hello when renegotiation isn't
+     * allowed send back a no renegotiation alert and carry on.
+     */
+    if (s->server
+            && SSL_is_init_finished(s)
+            && s->version > SSL3_VERSION
+            && s->rlayer.handshake_fragment_len >= SSL3_HM_HEADER_LENGTH
+            && s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+            && s->s3->previous_client_finished_len != 0
+            && ((!s->s3->send_connection_binding
+                    && (s->options
+                        & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)
+                || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) {
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        goto start;
+    }
+    if (s->rlayer.alert_fragment_len >= 2) {
+        int alert_level = s->rlayer.alert_fragment[0];
+        int alert_descr = s->rlayer.alert_fragment[1];
+
+        s->rlayer.alert_fragment_len = 0;
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT,
+                            s->rlayer.alert_fragment, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return (0);
+            }
+            /*
+             * This is a warning but we receive it if we requested
+             * renegotiation and the peer denied it. Terminate with a fatal
+             * alert because if application tried to renegotiate it
+             * presumably had a good reason and expects it to succeed. In
+             * future we might have a renegotiation where we don't care if
+             * the peer refused it where we carry on.
+             */
+            else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
+                goto f_err;
+            }
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                return (0);
+#endif
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return (0);
+        } else {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+            goto f_err;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        return (0);
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+        goto f_err;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((s->rlayer.handshake_fragment_len >= 4)
+        && !ossl_statem_get_in_handshake(s)) {
+        if (SSL_is_init_finished(s) &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
+            ossl_statem_set_in_init(s, 1);
+            s->renegotiate = 1;
+            s->new_session = 1;
+        }
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return (-1);
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        /*
+         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+         * TLS 1.2 says you MUST send an unexpected message alert. We use the
+         * TLS 1.2 behaviour for all protocol versions to prevent issues where
+         * no progress is being made and the peer continually sends unrecognised
+         * record types, using up resources processing them.
+         */
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+        goto f_err;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return (-1);
+        } else {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+            goto f_err;
+        }
+    }
+    /* not reached */
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return (-1);
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) {
+        ++seq[i];
+        if (seq[i] != 0)
+            break;
+    }
+}
+
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
+}
+
+/*
+ * Returns the length in bytes of the current rrec
+ */
+unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_get_length(&rl->rrec[0]);
+}
diff --git a/openssl-1.1.0h/ssl/record/record.h b/openssl-1.1.0h/ssl/record/record.h
new file mode 100644
index 0000000..9bb2431
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/record.h
@@ -0,0 +1,243 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These structures should be considered PRIVATE to the record layer. No     *
+ * non-record layer code should be using these structures in any way.        *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct ssl3_buffer_st {
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+    unsigned char *buf;
+    /* default buffer size (or 0 if no default set) */
+    size_t default_len;
+    /* buffer size */
+    size_t len;
+    /* where to 'copy from' */
+    int offset;
+    /* how many bytes left */
+    int left;
+} SSL3_BUFFER;
+
+#define SEQ_NUM_SIZE                            8
+
+typedef struct ssl3_record_st {
+    /* Record layer version */
+    /* r */
+    int rec_version;
+    /* type of record */
+    /* r */
+    int type;
+    /* How many bytes available */
+    /* rw */
+    unsigned int length;
+    /*
+     * How many bytes were available before padding was removed? This is used
+     * to implement the MAC check in constant time for CBC records.
+     */
+    /* rw */
+    unsigned int orig_len;
+    /* read/write offset into 'buf' */
+    /* r */
+    unsigned int off;
+    /* pointer to the record data */
+    /* rw */
+    unsigned char *data;
+    /* where the decode bytes are */
+    /* rw */
+    unsigned char *input;
+    /* only used with decompression - malloc()ed */
+    /* r */
+    unsigned char *comp;
+    /* Whether the data from this record has already been read or not */
+    /* r */
+    unsigned int read;
+    /* epoch number, needed by DTLS1 */
+    /* r */
+    unsigned long epoch;
+    /* sequence number, needed by DTLS1 */
+    /* r */
+    unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+typedef struct dtls1_bitmap_st {
+    /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
+    unsigned long map;
+    /* Max record number seen so far, 64-bit value in big-endian encoding */
+    unsigned char max_seq_num[SEQ_NUM_SIZE];
+} DTLS1_BITMAP;
+
+typedef struct record_pqueue_st {
+    unsigned short epoch;
+    struct pqueue_st *q;
+} record_pqueue;
+
+typedef struct dtls1_record_data_st {
+    unsigned char *packet;
+    unsigned int packet_length;
+    SSL3_BUFFER rbuf;
+    SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+    struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
+} DTLS1_RECORD_DATA;
+
+typedef struct dtls_record_layer_st {
+    /*
+     * The current data and handshake epoch.  This is initially
+     * undefined, and starts at zero once the initial handshake is
+     * completed
+     */
+    unsigned short r_epoch;
+    unsigned short w_epoch;
+    /* records being received in the current epoch */
+    DTLS1_BITMAP bitmap;
+    /* renegotiation starts a new set of sequence numbers */
+    DTLS1_BITMAP next_bitmap;
+    /* Received handshake records (processed and unprocessed) */
+    record_pqueue unprocessed_rcds;
+    record_pqueue processed_rcds;
+    /*
+     * Buffered application records. Only for records between CCS and
+     * Finished to prevent either protocol violation or unnecessary message
+     * loss.
+     */
+    record_pqueue buffered_app_data;
+    /*
+     * storage for Alert/Handshake protocol data received but not yet
+     * processed by ssl3_read_bytes:
+     */
+    unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
+    unsigned int alert_fragment_len;
+    unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
+    unsigned int handshake_fragment_len;
+    /* save last and current sequence numbers for retransmissions */
+    unsigned char last_write_sequence[8];
+    unsigned char curr_write_sequence[8];
+} DTLS_RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * record layer. No non-record layer code should be accessing the members of *
+ * this structure.                                                           *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct record_layer_st {
+    /* The parent SSL structure */
+    SSL *s;
+    /*
+     * Read as many input bytes as possible (for
+     * non-blocking reads)
+     */
+    int read_ahead;
+    /* where we are when reading */
+    int rstate;
+    /* How many pipelines can be used to read data */
+    unsigned int numrpipes;
+    /* How many pipelines can be used to write data */
+    unsigned int numwpipes;
+    /* read IO goes into here */
+    SSL3_BUFFER rbuf;
+    /* write IO goes into here */
+    SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
+    /* each decoded record goes in here */
+    SSL3_RECORD rrec[SSL_MAX_PIPELINES];
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    unsigned int packet_length;
+    /* number of bytes sent so far */
+    unsigned int wnum;
+    /*
+     * storage for Alert/Handshake protocol data received but not yet
+     * processed by ssl3_read_bytes:
+     */
+    unsigned char alert_fragment[2];
+    unsigned int alert_fragment_len;
+    unsigned char handshake_fragment[4];
+    unsigned int handshake_fragment_len;
+    /* The number of consecutive empty records we have received */
+    unsigned int empty_record_count;
+    /* partial write - check the numbers match */
+    /* number bytes written */
+    int wpend_tot;
+    int wpend_type;
+    /* number of bytes submitted */
+    int wpend_ret;
+    const unsigned char *wpend_buf;
+    unsigned char read_sequence[SEQ_NUM_SIZE];
+    unsigned char write_sequence[SEQ_NUM_SIZE];
+    /* Set to true if this is the first record in a connection */
+    unsigned int is_first_record;
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
+    DTLS_RECORD_LAYER *d;
+} RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * record layer. Any libssl code may call these functions/macros             *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MIN_SSL2_RECORD_LEN     9
+
+#define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
+#define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
+#define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define DTLS_RECORD_LAYER_get_w_epoch(rl)       ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+                                                ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+                                                ((rl)->d->unprocessed_rcds)
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
+void RECORD_LAYER_clear(RECORD_LAYER *rl);
+void RECORD_LAYER_release(RECORD_LAYER *rl);
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+__owur int ssl3_pending(const SSL *s);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                         unsigned int *pipelens, unsigned int numpipes,
+                         int create_empty_fragment);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, int len, int peek);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
+__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                              unsigned int len);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send);
+__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+                            unsigned char *buf, int len, int peek);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                          unsigned int len, int create_empty_fragement);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
diff --git a/openssl-1.1.0h/ssl/record/record_locl.h b/openssl-1.1.0h/ssl/record/record_locl.h
new file mode 100644
index 0000000..b69afd8
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/record_locl.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions are PRIVATE to the record layer. They      *
+ * should NOT be used outside of the record layer.                           *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MAX_WARN_ALERT_COUNT    5
+
+/* Functions/macros provided by the RECORD_LAYER component */
+
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)
+#define RECORD_LAYER_get_rrec(rl)               ((rl)->rrec)
+#define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
+#define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)
+#define RECORD_LAYER_get_rstate(rl)             ((rl)->rstate)
+#define RECORD_LAYER_set_rstate(rl, st)         ((rl)->rstate = (st))
+#define RECORD_LAYER_get_read_sequence(rl)      ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl)     ((rl)->write_sequence)
+#define RECORD_LAYER_get_numrpipes(rl)          ((rl)->numrpipes)
+#define RECORD_LAYER_set_numrpipes(rl, n)       ((rl)->numrpipes = (n))
+#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
+#define RECORD_LAYER_reset_empty_record_count(rl) \
+                                                ((rl)->empty_record_count = 0)
+#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
+#define RECORD_LAYER_is_first_record(rl)        ((rl)->is_first_record)
+#define RECORD_LAYER_set_first_record(rl)       ((rl)->is_first_record = 1)
+#define RECORD_LAYER_clear_first_record(rl)     ((rl)->is_first_record = 0)
+#define DTLS_RECORD_LAYER_get_r_epoch(rl)       ((rl)->d->r_epoch)
+
+__owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
+
+void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch);
+int dtls1_process_buffered_records(SSL *s);
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
+int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
+void ssl3_record_sequence_update(unsigned char *seq);
+
+/* Functions provided by the DTLS1_BITMAP component */
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+
+/* Macros/functions provided by the SSL3_BUFFER component */
+
+#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b)              ((b)->len)
+#define SSL3_BUFFER_set_len(b, l)           ((b)->len = (l))
+#define SSL3_BUFFER_get_left(b)             ((b)->left)
+#define SSL3_BUFFER_set_left(b, l)          ((b)->left = (l))
+#define SSL3_BUFFER_add_left(b, l)          ((b)->left += (l))
+#define SSL3_BUFFER_get_offset(b)           ((b)->offset)
+#define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
+#define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
+#define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+#define SSL3_BUFFER_set_default_len(b, l)   ((b)->default_len = (l))
+
+void SSL3_BUFFER_clear(SSL3_BUFFER *b);
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
+__owur int ssl3_setup_read_buffer(SSL *s);
+__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
+int ssl3_release_read_buffer(SSL *s);
+int ssl3_release_write_buffer(SSL *s);
+
+/* Macros/functions provided by the SSL3_RECORD component */
+
+#define SSL3_RECORD_get_type(r)                 ((r)->type)
+#define SSL3_RECORD_set_type(r, t)              ((r)->type = (t))
+#define SSL3_RECORD_get_length(r)               ((r)->length)
+#define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
+#define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
+#define SSL3_RECORD_get_data(r)                 ((r)->data)
+#define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
+#define SSL3_RECORD_get_input(r)                ((r)->input)
+#define SSL3_RECORD_set_input(r, i)             ((r)->input = (i))
+#define SSL3_RECORD_reset_input(r)              ((r)->input = (r)->data)
+#define SSL3_RECORD_get_seq_num(r)              ((r)->seq_num)
+#define SSL3_RECORD_get_off(r)                  ((r)->off)
+#define SSL3_RECORD_set_off(r, o)               ((r)->off = (o))
+#define SSL3_RECORD_add_off(r, o)               ((r)->off += (o))
+#define SSL3_RECORD_get_epoch(r)                ((r)->epoch)
+#define SSL3_RECORD_is_sslv2_record(r) \
+            ((r)->rec_version == SSL2_VERSION)
+#define SSL3_RECORD_is_read(r)                  ((r)->read)
+#define SSL3_RECORD_set_read(r)                 ((r)->read = 1)
+
+void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs);
+void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs);
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
+int ssl3_get_record(SSL *s);
+__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
+__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
+void ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, unsigned md_size);
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                                   unsigned block_size, unsigned mac_size);
+__owur int tls1_cbc_remove_padding(const SSL *s,
+                                   SSL3_RECORD *rec,
+                                   unsigned block_size, unsigned mac_size);
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
+__owur int dtls1_get_record(SSL *s);
diff --git a/openssl-1.1.0h/ssl/record/ssl3_buffer.c b/openssl-1.1.0h/ssl/record/ssl3_buffer.c
new file mode 100644
index 0000000..b6ed771
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/ssl3_buffer.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_locl.h"
+#include "record_locl.h"
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n)
+{
+    if (d != NULL)
+        memcpy(b->buf, d, n);
+    b->left = n;
+    b->offset = 0;
+}
+
+/*
+ * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
+ * retains the default_len setting
+ */
+void SSL3_BUFFER_clear(SSL3_BUFFER *b)
+{
+    b->offset = 0;
+    b->left = 0;
+}
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+}
+
+int ssl3_setup_read_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    if (SSL_IS_DTLS(s))
+        headerlen = DTLS1_RT_HEADER_LENGTH;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (b->buf == NULL) {
+        len = SSL3_RT_MAX_PLAIN_LENGTH
+            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (b->default_len > len)
+            len = b->default_len;
+        if ((p = OPENSSL_malloc(len)) == NULL)
+            goto err;
+        b->buf = p;
+        b->len = len;
+    }
+
+    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
+    return 1;
+
+ err:
+    SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len)
+{
+    unsigned char *p;
+    size_t align = 0, headerlen;
+    SSL3_BUFFER *wb;
+    unsigned int currpipe;
+
+    s->rlayer.numwpipes = numwpipes;
+
+    if (len == 0) {
+        if (SSL_IS_DTLS(s))
+            headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+        else
+            headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+        len = s->max_send_fragment
+            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+    }
+
+    wb = RECORD_LAYER_get_wbuf(&s->rlayer);
+    for (currpipe = 0; currpipe < numwpipes; currpipe++) {
+        SSL3_BUFFER *thiswb = &wb[currpipe];
+
+        if (thiswb->buf == NULL) {
+            p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                s->rlayer.numwpipes = currpipe;
+                goto err;
+            }
+            memset(thiswb, 0, sizeof(SSL3_BUFFER));
+            thiswb->buf = p;
+            thiswb->len = len;
+        }
+    }
+
+    return 1;
+
+ err:
+    SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+    if (!ssl3_setup_read_buffer(s))
+        return 0;
+    if (!ssl3_setup_write_buffer(s, 1, 0))
+        return 0;
+    return 1;
+}
+
+int ssl3_release_write_buffer(SSL *s)
+{
+    SSL3_BUFFER *wb;
+    unsigned int pipes;
+
+    pipes = s->rlayer.numwpipes;
+    while (pipes > 0) {
+        wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
+
+        OPENSSL_free(wb->buf);
+        wb->buf = NULL;
+        pipes--;
+    }
+    s->rlayer.numwpipes = 0;
+    return 1;
+}
+
+int ssl3_release_read_buffer(SSL *s)
+{
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+    return 1;
+}
diff --git a/openssl-1.1.0h/ssl/record/ssl3_record.c b/openssl-1.1.0h/ssl/record/ssl3_record.c
new file mode 100644
index 0000000..c7a54fe
--- /dev/null
+++ b/openssl-1.1.0h/ssl/record/ssl3_record.c
@@ -0,0 +1,1641 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "../ssl_locl.h"
+#include "internal/constant_time_locl.h"
+#include <openssl/rand.h>
+#include "record_locl.h"
+
+static const unsigned char ssl3_pad_1[48] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static const unsigned char ssl3_pad_2[48] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+/*
+ * Clear the contents of an SSL3_RECORD but retain any memory allocated
+ */
+void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs)
+{
+    unsigned char *comp;
+    unsigned int i;
+
+    for (i = 0; i < num_recs; i++) {
+        comp = r[i].comp;
+
+        memset(&r[i], 0, sizeof(*r));
+        r[i].comp = comp;
+    }
+}
+
+void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs)
+{
+    unsigned int i;
+
+    for (i = 0; i < num_recs; i++) {
+        OPENSSL_free(r[i].comp);
+        r[i].comp = NULL;
+    }
+}
+
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
+{
+    memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
+}
+
+/*
+ * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
+ * for us in the buffer.
+ */
+static int ssl3_record_app_data_waiting(SSL *s)
+{
+    SSL3_BUFFER *rbuf;
+    int left, len;
+    unsigned char *p;
+
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    p = SSL3_BUFFER_get_buf(rbuf);
+    if (p == NULL)
+        return 0;
+
+    left = SSL3_BUFFER_get_left(rbuf);
+
+    if (left < SSL3_RT_HEADER_LENGTH)
+        return 0;
+
+    p += SSL3_BUFFER_get_offset(rbuf);
+
+    /*
+     * We only check the type and record length, we will sanity check version
+     * etc later
+     */
+    if (*p != SSL3_RT_APPLICATION_DATA)
+        return 0;
+
+    p += 3;
+    n2s(p, len);
+
+    if (left < SSL3_RT_HEADER_LENGTH + len)
+        return 0;
+
+    return 1;
+}
+
+/*
+ * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
+ * will be processed per call to ssl3_get_record. Without this limit an
+ * attacker could send empty records at a faster rate than we can process and
+ * cause ssl3_get_record to loop forever.
+ */
+#define MAX_EMPTY_RECORDS 32
+
+#define SSL2_RT_HEADER_LENGTH   2
+/*-
+ * Call this to get new input records.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, |numrpipes| records have been decoded. For each record 'i':
+ * rr[i].type    - is the type of record
+ * rr[i].data,   - data
+ * rr[i].length, - number of bytes
+ * Multiple records will only be returned if the record types are all
+ * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
+ * |max_pipelines|
+ */
+/* used only by ssl3_read_bytes */
+int ssl3_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor, al;
+    int enc_err, n, i, ret = -1;
+    SSL3_RECORD *rr;
+    SSL3_BUFFER *rbuf;
+    SSL_SESSION *sess;
+    unsigned char *p;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    short version;
+    unsigned mac_size;
+    int imac_size;
+    unsigned int num_recs = 0;
+    unsigned int max_recs;
+    unsigned int j;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+    max_recs = s->max_pipelines;
+    if (max_recs == 0)
+        max_recs = 1;
+    sess = s->session;
+
+    do {
+        /* check if we have the header */
+        if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+            (RECORD_LAYER_get_packet_length(&s->rlayer)
+             < SSL3_RT_HEADER_LENGTH)) {
+            n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+                            SSL3_BUFFER_get_len(rbuf), 0,
+                            num_recs == 0 ? 1 : 0);
+            if (n <= 0)
+                return (n);     /* error or non-blocking */
+            RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+            p = RECORD_LAYER_get_packet(&s->rlayer);
+
+            /*
+             * The first record received by the server may be a V2ClientHello.
+             */
+            if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
+                && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
+                /*
+                 *  SSLv2 style record
+                 *
+                 * |num_recs| here will actually always be 0 because
+                 * |num_recs > 0| only ever occurs when we are processing
+                 * multiple app data records - which we know isn't the case here
+                 * because it is an SSLv2ClientHello. We keep it using
+                 * |num_recs| for the sake of consistency
+                 */
+                rr[num_recs].type = SSL3_RT_HANDSHAKE;
+                rr[num_recs].rec_version = SSL2_VERSION;
+
+                rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];
+
+                if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
+                    - SSL2_RT_HEADER_LENGTH) {
+                    al = SSL_AD_RECORD_OVERFLOW;
+                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
+                    goto f_err;
+                }
+
+                if (rr[num_recs].length < MIN_SSL2_RECORD_LEN) {
+                    al = SSL_AD_HANDSHAKE_FAILURE;
+                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
+                    goto f_err;
+                }
+            } else {
+                /* SSLv3+ style record */
+                if (s->msg_callback)
+                    s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
+                                    s->msg_callback_arg);
+
+                /* Pull apart the header into the SSL3_RECORD */
+                rr[num_recs].type = *(p++);
+                ssl_major = *(p++);
+                ssl_minor = *(p++);
+                version = (ssl_major << 8) | ssl_minor;
+                rr[num_recs].rec_version = version;
+                n2s(p, rr[num_recs].length);
+
+                /* Lets check version */
+                if (!s->first_packet && version != s->version) {
+                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
+                    if ((s->version & 0xFF00) == (version & 0xFF00)
+                        && !s->enc_write_ctx && !s->write_hash) {
+                        if (rr->type == SSL3_RT_ALERT) {
+                            /*
+                             * The record is using an incorrect version number,
+                             * but what we've got appears to be an alert. We
+                             * haven't read the body yet to check whether its a
+                             * fatal or not - but chances are it is. We probably
+                             * shouldn't send a fatal alert back. We'll just
+                             * end.
+                             */
+                            goto err;
+                        }
+                        /*
+                         * Send back error using their minor version number :-)
+                         */
+                        s->version = (unsigned short)version;
+                    }
+                    al = SSL_AD_PROTOCOL_VERSION;
+                    goto f_err;
+                }
+
+                if ((version >> 8) != SSL3_VERSION_MAJOR) {
+                    if (RECORD_LAYER_is_first_record(&s->rlayer)) {
+                        /* Go back to start of packet, look at the five bytes
+                         * that we have. */
+                        p = RECORD_LAYER_get_packet(&s->rlayer);
+                        if (strncmp((char *)p, "GET ", 4) == 0 ||
+                            strncmp((char *)p, "POST ", 5) == 0 ||
+                            strncmp((char *)p, "HEAD ", 5) == 0 ||
+                            strncmp((char *)p, "PUT ", 4) == 0) {
+                            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST);
+                            goto err;
+                        } else if (strncmp((char *)p, "CONNE", 5) == 0) {
+                            SSLerr(SSL_F_SSL3_GET_RECORD,
+                                   SSL_R_HTTPS_PROXY_REQUEST);
+                            goto err;
+                        }
+
+                        /* Doesn't look like TLS - don't send an alert */
+                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                               SSL_R_WRONG_VERSION_NUMBER);
+                        goto err;
+                    } else {
+                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                               SSL_R_WRONG_VERSION_NUMBER);
+                        al = SSL_AD_PROTOCOL_VERSION;
+                        goto f_err;
+                    }
+                }
+
+                if (rr[num_recs].length >
+                    SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
+                    al = SSL_AD_RECORD_OVERFLOW;
+                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
+                    goto f_err;
+                }
+            }
+
+            /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+        }
+
+        /*
+         * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data.
+         * Calculate how much more data we need to read for the rest of the
+         * record
+         */
+        if (rr[num_recs].rec_version == SSL2_VERSION) {
+            i = rr[num_recs].length + SSL2_RT_HEADER_LENGTH
+                - SSL3_RT_HEADER_LENGTH;
+        } else {
+            i = rr[num_recs].length;
+        }
+        if (i > 0) {
+            /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+
+            n = ssl3_read_n(s, i, i, 1, 0);
+            if (n <= 0)
+                return (n);     /* error or non-blocking io */
+        }
+
+        /* set state for later operations */
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+        /*
+         * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length,
+         * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length
+         * and we have that many bytes in s->packet
+         */
+        if (rr[num_recs].rec_version == SSL2_VERSION) {
+            rr[num_recs].input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
+        } else {
+            rr[num_recs].input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);
+        }
+
+        /*
+         * ok, we can now read from 's->packet' data into 'rr' rr->input points
+         * at rr->length bytes, which need to be copied into rr->data by either
+         * the decryption or by the decompression When the data is 'copied' into
+         * the rr->data buffer, rr->input will be pointed at the new buffer
+         */
+
+        /*
+         * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+         * bytes of encrypted compressed stuff.
+         */
+
+        /* check is not needed I believe */
+        if (rr[num_recs].length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            al = SSL_AD_RECORD_OVERFLOW;
+            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+            goto f_err;
+        }
+
+        /* decrypt in place in 'rr->input' */
+        rr[num_recs].data = rr[num_recs].input;
+        rr[num_recs].orig_len = rr[num_recs].length;
+
+        /* Mark this record as not read by upper layers yet */
+        rr[num_recs].read = 0;
+
+        num_recs++;
+
+        /* we have pulled in a full packet so zero things */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        RECORD_LAYER_clear_first_record(&s->rlayer);
+    } while (num_recs < max_recs
+             && rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA
+             && SSL_USE_EXPLICIT_IV(s)
+             && s->enc_read_ctx != NULL
+             && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
+                 & EVP_CIPH_FLAG_PIPELINE)
+             && ssl3_record_app_data_waiting(s));
+
+    /*
+     * If in encrypt-then-mac mode calculate mac from encrypted record. All
+     * the details below are public so no timing details can leak.
+     */
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE);
+        if (imac_size < 0 || imac_size > EVP_MAX_MD_SIZE) {
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP);
+                goto f_err;
+        }
+        mac_size = (unsigned)imac_size;
+
+        for (j = 0; j < num_recs; j++) {
+            if (rr[j].length < mac_size) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
+                goto f_err;
+            }
+            rr[j].length -= mac_size;
+            mac = rr[j].data + rr[j].length;
+            i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ );
+            if (i < 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
+                al = SSL_AD_BAD_RECORD_MAC;
+                SSLerr(SSL_F_SSL3_GET_RECORD,
+                       SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                goto f_err;
+            }
+        }
+    }
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publically invalid.
+     *    1: if the padding is valid
+     *    -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        al = SSL_AD_DECRYPTION_FAILED;
+        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+        goto f_err;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %d\n", rr->length);
+    {
+        unsigned int z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) &&
+        (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+        for (j = 0; j < num_recs; j++) {
+            /*
+             * orig_len is the length of the record before any padding was
+             * removed. This is public information, as is the MAC in use,
+             * therefore we can safely process the record in a different amount
+             * of time if it's too short to possibly contain a MAC.
+             */
+            if (rr[j].orig_len < mac_size ||
+                /* CBC records must have a padding length byte too. */
+                (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                 rr[j].orig_len < mac_size + 1)) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
+                goto f_err;
+            }
+
+            if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                /*
+                 * We update the length so that the TLS header bytes can be
+                 * constructed correctly but we need to extract the MAC in
+                 * constant time from within the record, without leaking the
+                 * contents of the padding bytes.
+                 */
+                mac = mac_tmp;
+                ssl3_cbc_copy_mac(mac_tmp, &rr[j], mac_size);
+                rr[j].length -= mac_size;
+            } else {
+                /*
+                 * In this case there's no padding, so |rec->orig_len| equals
+                 * |rec->length| and we checked that there's enough bytes for
+                 * |mac_size| above.
+                 */
+                rr[j].length -= mac_size;
+                mac = &rr[j].data[rr[j].length];
+            }
+
+            i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ );
+            if (i < 0 || mac == NULL
+                || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                enc_err = -1;
+            if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+                enc_err = -1;
+        }
+    }
+
+    if (enc_err < 0) {
+        /*
+         * A separate 'decryption_failed' alert was introduced with TLS 1.0,
+         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+         * failure is directly visible from the ciphertext anyway, we should
+         * not reveal which kind of error occurred -- this might become
+         * visible to an attacker (e.g. via a logfile)
+         */
+        al = SSL_AD_BAD_RECORD_MAC;
+        SSLerr(SSL_F_SSL3_GET_RECORD,
+               SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+        goto f_err;
+    }
+
+    for (j = 0; j < num_recs; j++) {
+        /* rr[j].length is now just compressed */
+        if (s->expand != NULL) {
+            if (rr[j].length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+                al = SSL_AD_RECORD_OVERFLOW;
+                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                goto f_err;
+            }
+            if (!ssl3_do_uncompress(s, &rr[j])) {
+                al = SSL_AD_DECOMPRESSION_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
+                goto f_err;
+            }
+        }
+
+        if (rr[j].length > SSL3_RT_MAX_PLAIN_LENGTH) {
+            al = SSL_AD_RECORD_OVERFLOW;
+            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+            goto f_err;
+        }
+
+        rr[j].off = 0;
+        /*-
+         * So at this point the following is true
+         * rr[j].type   is the type of record
+         * rr[j].length == number of bytes in record
+         * rr[j].off    == offset to first valid byte
+         * rr[j].data   == where to take bytes from, increment after use :-).
+         */
+
+        /* just read a 0 length packet */
+        if (rr[j].length == 0) {
+            RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+            if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+                > MAX_EMPTY_RECORDS) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
+                goto f_err;
+            }
+        } else {
+            RECORD_LAYER_reset_empty_record_count(&s->rlayer);
+        }
+    }
+
+    RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
+    return 1;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    return ret;
+}
+
+int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    if (rr->comp == NULL) {
+        rr->comp = (unsigned char *)
+            OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+    }
+    if (rr->comp == NULL)
+        return 0;
+
+    i = COMP_expand_block(ssl->expand, rr->comp,
+                          SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
+    if (i < 0)
+        return 0;
+    else
+        rr->length = i;
+    rr->data = rr->comp;
+#endif
+    return 1;
+}
+
+int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    i = COMP_compress_block(ssl->compress, wr->data,
+                            SSL3_RT_MAX_COMPRESSED_LENGTH,
+                            wr->input, (int)wr->length);
+    if (i < 0)
+        return (0);
+    else
+        wr->length = i;
+
+    wr->input = wr->data;
+#endif
+    return (1);
+}
+
+/*-
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occurred.
+ */
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending)
+{
+    SSL3_RECORD *rec;
+    EVP_CIPHER_CTX *ds;
+    unsigned long l;
+    int bs, i, mac_size = 0;
+    const EVP_CIPHER *enc;
+
+    rec = inrecs;
+    /*
+     * We shouldn't ever be called with more than one record in the SSLv3 case
+     */
+    if (n_recs != 1)
+        return 0;
+    if (sending) {
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+    } else {
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+    } else {
+        l = rec->length;
+        bs = EVP_CIPHER_CTX_block_size(ds);
+
+        /* COMPRESS */
+
+        if ((bs != 1) && sending) {
+            i = bs - ((int)l % bs);
+
+            /* we need to add 'i-1' padding bytes */
+            l += i;
+            /*
+             * the last of these zero bytes will be overwritten with the
+             * padding length.
+             */
+            memset(&rec->input[rec->length], 0, i);
+            rec->length += i;
+            rec->input[l - 1] = (i - 1);
+        }
+
+        if (!sending) {
+            if (l == 0 || l % bs != 0)
+                return 0;
+            /* otherwise, rec->length >= bs */
+        }
+
+        if (EVP_Cipher(ds, rec->data, rec->input, l) < 1)
+            return -1;
+
+        if (EVP_MD_CTX_md(s->read_hash) != NULL)
+            mac_size = EVP_MD_CTX_size(s->read_hash);
+        if ((bs != 1) && !sending)
+            return ssl3_cbc_remove_padding(rec, bs, mac_size);
+    }
+    return (1);
+}
+
+/*-
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ds;
+    size_t reclen[SSL_MAX_PIPELINES];
+    unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    int bs, i, j, k, pad = 0, ret, mac_size = 0;
+    const EVP_CIPHER *enc;
+    unsigned int ctr;
+
+    if (n_recs == 0)
+        return 0;
+
+    if (sending) {
+        if (EVP_MD_CTX_md(s->write_hash)) {
+            int n = EVP_MD_CTX_size(s->write_hash);
+            OPENSSL_assert(n >= 0);
+        }
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else {
+            int ivlen;
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+            /* For TLSv1.1 and later explicit IV */
+            if (SSL_USE_EXPLICIT_IV(s)
+                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_iv_length(enc);
+            else
+                ivlen = 0;
+            if (ivlen > 1) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    if (recs[ctr].data != recs[ctr].input) {
+                        /*
+                         * we can't write into the input stream: Can this ever
+                         * happen?? (steve)
+                         */
+                        SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+                        SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    }
+                }
+            }
+        }
+    } else {
+        if (EVP_MD_CTX_md(s->read_hash)) {
+            int n = EVP_MD_CTX_size(s->read_hash);
+            OPENSSL_assert(n >= 0);
+        }
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);
+            recs[ctr].input = recs[ctr].data;
+        }
+        ret = 1;
+    } else {
+        bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+
+        if (n_recs > 1) {
+            if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                  & EVP_CIPH_FLAG_PIPELINE)) {
+                /*
+                 * We shouldn't have been called with pipeline data if the
+                 * cipher doesn't support pipelining
+                 */
+                SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            reclen[ctr] = recs[ctr].length;
+
+            if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                & EVP_CIPH_FLAG_AEAD_CIPHER) {
+                unsigned char *seq;
+
+                seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                    : RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+                if (SSL_IS_DTLS(s)) {
+                    /* DTLS does not support pipelining */
+                    unsigned char dtlsseq[9], *p = dtlsseq;
+
+                    s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+                        DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+                    memcpy(p, &seq[2], 6);
+                    memcpy(buf[ctr], dtlsseq, 8);
+                } else {
+                    memcpy(buf[ctr], seq, 8);
+                    for (i = 7; i >= 0; i--) { /* increment */
+                        ++seq[i];
+                        if (seq[i] != 0)
+                            break;
+                    }
+                }
+
+                buf[ctr][8] = recs[ctr].type;
+                buf[ctr][9] = (unsigned char)(s->version >> 8);
+                buf[ctr][10] = (unsigned char)(s->version);
+                buf[ctr][11] = recs[ctr].length >> 8;
+                buf[ctr][12] = recs[ctr].length & 0xff;
+                pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+                if (pad <= 0)
+                    return -1;
+
+                if (sending) {
+                    reclen[ctr] += pad;
+                    recs[ctr].length += pad;
+                }
+
+            } else if ((bs != 1) && sending) {
+                i = bs - ((int)reclen[ctr] % bs);
+
+                /* Add weird padding of upto 256 bytes */
+
+                /* we need to add 'i' padding bytes of value j */
+                j = i - 1;
+                for (k = (int)reclen[ctr]; k < (int)(reclen[ctr] + i); k++)
+                    recs[ctr].input[k] = j;
+                reclen[ctr] += i;
+                recs[ctr].length += i;
+            }
+
+            if (!sending) {
+                if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
+                    return 0;
+            }
+        }
+        if (n_recs > 1) {
+            unsigned char *data[SSL_MAX_PIPELINES];
+
+            /* Set the output buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].data;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
+                                    n_recs, data) <= 0) {
+                SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+            }
+            /* Set the input buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].input;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
+                                    n_recs, data) <= 0
+                || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
+                                       n_recs, reclen) <= 0) {
+                SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+
+        i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]);
+        if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+             & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+            ? (i < 0)
+            : (i == 0))
+            return -1;          /* AEAD can fail to verify MAC */
+        if (sending == 0) {
+            if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                }
+            } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                }
+            }
+        }
+
+        ret = 1;
+        if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)
+            mac_size = EVP_MD_CTX_size(s->read_hash);
+        if ((bs != 1) && !sending) {
+            int tmpret;
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
+                /*
+                 * If tmpret == 0 then this means publicly invalid so we can
+                 * short circuit things here. Otherwise we must respect constant
+                 * time behaviour.
+                 */
+                if (tmpret == 0)
+                    return 0;
+                ret = constant_time_select_int(constant_time_eq_int(tmpret, 1),
+                                               ret, -1);
+            }
+        }
+        if (pad && !sending) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                recs[ctr].length -= pad;
+            }
+        }
+    }
+    return ret;
+}
+
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *mac_sec, *seq;
+    const EVP_MD_CTX *hash;
+    unsigned char *p, rec_char;
+    size_t md_size;
+    int npad;
+    int t;
+
+    if (sending) {
+        mac_sec = &(ssl->s3->write_mac_secret[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        mac_sec = &(ssl->s3->read_mac_secret[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (t < 0)
+        return -1;
+    md_size = t;
+    npad = (48 / md_size) * md_size;
+
+    if (!sending &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(hash)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+
+        /*-
+         * npad is, at most, 48 bytes and that's with MD5:
+         *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+         *
+         * With SHA-1 (the largest hash speced for SSLv3) the hash size
+         * goes up 4, but npad goes down by 8, resulting in a smaller
+         * total size.
+         */
+        unsigned char header[75];
+        unsigned j = 0;
+        memcpy(header + j, mac_sec, md_size);
+        j += md_size;
+        memcpy(header + j, ssl3_pad_1, npad);
+        j += npad;
+        memcpy(header + j, seq, 8);
+        j += 8;
+        header[j++] = rec->type;
+        header[j++] = rec->length >> 8;
+        header[j++] = rec->length & 0xff;
+
+        /* Final param == is SSLv3 */
+        if (ssl3_cbc_digest_record(hash,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   mac_sec, md_size, 1) <= 0)
+            return -1;
+    } else {
+        unsigned int md_size_u;
+        /* Chop the digest off the end :-) */
+        EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+
+        if (md_ctx == NULL)
+            return -1;
+
+        rec_char = rec->type;
+        p = md;
+        s2n(rec->length, p);
+        if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
+            || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
+            || EVP_DigestUpdate(md_ctx, md, 2) <= 0
+            || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
+            || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
+            EVP_MD_CTX_free(md_ctx);
+            return -1;
+        }
+        md_size = md_size_u;
+
+        EVP_MD_CTX_free(md_ctx);
+    }
+
+    ssl3_record_sequence_update(seq);
+    return (md_size);
+}
+
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *seq;
+    EVP_MD_CTX *hash;
+    size_t md_size;
+    int i;
+    EVP_MD_CTX *hmac = NULL, *mac_ctx;
+    unsigned char header[13];
+    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int t;
+
+    if (sending) {
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    OPENSSL_assert(t >= 0);
+    md_size = t;
+
+    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+    if (stream_mac) {
+        mac_ctx = hash;
+    } else {
+        hmac = EVP_MD_CTX_new();
+        if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
+            EVP_MD_CTX_free(hmac);
+            return -1;
+        }
+        mac_ctx = hmac;
+    }
+
+    if (SSL_IS_DTLS(ssl)) {
+        unsigned char dtlsseq[8], *p = dtlsseq;
+
+        s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+            DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
+        memcpy(p, &seq[2], 6);
+
+        memcpy(header, dtlsseq, 8);
+    } else
+        memcpy(header, seq, 8);
+
+    header[8] = rec->type;
+    header[9] = (unsigned char)(ssl->version >> 8);
+    header[10] = (unsigned char)(ssl->version);
+    header[11] = (rec->length) >> 8;
+    header[12] = (rec->length) & 0xff;
+
+    if (!sending && !SSL_READ_ETM(ssl) &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(mac_ctx)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+        /* Final param == not SSLv3 */
+        if (ssl3_cbc_digest_record(mac_ctx,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   ssl->s3->read_mac_secret,
+                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return -1;
+        }
+    } else {
+        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+            || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return -1;
+        }
+        if (!sending && !SSL_READ_ETM(ssl) && FIPS_mode())
+            if (!tls_fips_digest_extra(ssl->enc_read_ctx,
+                                       mac_ctx, rec->input,
+                                       rec->length, rec->orig_len)) {
+                EVP_MD_CTX_free(hmac);
+                return -1;
+            }
+    }
+
+    EVP_MD_CTX_free(hmac);
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "seq=");
+    {
+        int z;
+        for (z = 0; z < 8; z++)
+            fprintf(stderr, "%02X ", seq[z]);
+        fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "rec=");
+    {
+        unsigned int z;
+        for (z = 0; z < rec->length; z++)
+            fprintf(stderr, "%02X ", rec->data[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+
+    if (!SSL_IS_DTLS(ssl)) {
+        for (i = 7; i >= 0; i--) {
+            ++seq[i];
+            if (seq[i] != 0)
+                break;
+        }
+    }
+#ifdef SSL_DEBUG
+    {
+        unsigned int z;
+        for (z = 0; z < md_size; z++)
+            fprintf(stderr, "%02X ", md[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+    return (md_size);
+}
+
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+ * record in |rec| by updating |rec->length| in constant time.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                            unsigned block_size, unsigned mac_size)
+{
+    unsigned padding_length, good;
+    const unsigned overhead = 1 /* padding length byte */  + mac_size;
+
+    /*
+     * These lengths are all public so we can test them in non-constant time.
+     */
+    if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+    good = constant_time_ge(rec->length, padding_length + overhead);
+    /* SSLv3 requires that the padding is minimal. */
+    good &= constant_time_ge(block_size, padding_length + 1);
+    rec->length -= good & (padding_length + 1);
+    return constant_time_select_int(good, 1, -1);
+}
+
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+ * record in |rec| in constant time and returns 1 if the padding is valid and
+ * -1 otherwise. It also removes any explicit IV from the start of the record
+ * without leaking any timing about whether there was enough space after the
+ * padding was removed.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int tls1_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            unsigned block_size, unsigned mac_size)
+{
+    unsigned padding_length, good, to_check, i;
+    const unsigned overhead = 1 /* padding length byte */  + mac_size;
+    /* Check if version requires explicit IV */
+    if (SSL_USE_EXPLICIT_IV(s)) {
+        /*
+         * These lengths are all public so we can test them in non-constant
+         * time.
+         */
+        if (overhead + block_size > rec->length)
+            return 0;
+        /* We can now safely skip explicit IV */
+        rec->data += block_size;
+        rec->input += block_size;
+        rec->length -= block_size;
+        rec->orig_len -= block_size;
+    } else if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
+        EVP_CIPH_FLAG_AEAD_CIPHER) {
+        /* padding is already verified */
+        rec->length -= padding_length + 1;
+        return 1;
+    }
+
+    good = constant_time_ge(rec->length, overhead + padding_length);
+    /*
+     * The padding consists of a length byte at the end of the record and
+     * then that many bytes of padding, all with the same value as the length
+     * byte. Thus, with the length byte included, there are i+1 bytes of
+     * padding. We can't check just |padding_length+1| bytes because that
+     * leaks decrypted information. Therefore we always have to check the
+     * maximum amount of padding possible. (Again, the length of the record
+     * is public information so we can use it.)
+     */
+    to_check = 256;            /* maximum amount of padding, inc length byte. */
+    if (to_check > rec->length)
+        to_check = rec->length;
+
+    for (i = 0; i < to_check; i++) {
+        unsigned char mask = constant_time_ge_8(padding_length, i);
+        unsigned char b = rec->data[rec->length - 1 - i];
+        /*
+         * The final |padding_length+1| bytes should all have the value
+         * |padding_length|. Therefore the XOR should be zero.
+         */
+        good &= ~(mask & (padding_length ^ b));
+    }
+
+    /*
+     * If any of the final |padding_length+1| bytes had the wrong value, one
+     * or more of the lower eight bits of |good| will be cleared.
+     */
+    good = constant_time_eq(0xff, good & 0xff);
+    rec->length -= good & (padding_length + 1);
+
+    return constant_time_select_int(good, 1, -1);
+}
+
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+ * constant time (independent of the concrete value of rec->length, which may
+ * vary within a 256-byte window).
+ *
+ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
+ * this function.
+ *
+ * On entry:
+ *   rec->orig_len >= md_size
+ *   md_size <= EVP_MAX_MD_SIZE
+ *
+ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
+ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
+ */
+#define CBC_MAC_ROTATE_IN_PLACE
+
+void ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, unsigned md_size)
+{
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
+    unsigned char *rotated_mac;
+#else
+    unsigned char rotated_mac[EVP_MAX_MD_SIZE];
+#endif
+
+    /*
+     * mac_end is the index of |rec->data| just after the end of the MAC.
+     */
+    unsigned mac_end = rec->length;
+    unsigned mac_start = mac_end - md_size;
+    unsigned in_mac;
+    /*
+     * scan_start contains the number of bytes that we can ignore because the
+     * MAC's position can only vary by 255 bytes.
+     */
+    unsigned scan_start = 0;
+    unsigned i, j;
+    unsigned rotate_offset;
+
+    OPENSSL_assert(rec->orig_len >= md_size);
+    OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
+#endif
+
+    /* This information is public so it's safe to branch based on it. */
+    if (rec->orig_len > md_size + 255 + 1)
+        scan_start = rec->orig_len - (md_size + 255 + 1);
+
+    in_mac = 0;
+    rotate_offset = 0;
+    memset(rotated_mac, 0, md_size);
+    for (i = scan_start, j = 0; i < rec->orig_len; i++) {
+        unsigned mac_started = constant_time_eq(i, mac_start);
+        unsigned mac_ended = constant_time_lt(i, mac_end);
+        unsigned char b = rec->data[i];
+
+        in_mac |= mac_started;
+        in_mac &= mac_ended;
+        rotate_offset |= j & mac_started;
+        rotated_mac[j++] |= b & in_mac;
+        j &= constant_time_lt(j, md_size);
+    }
+
+    /* Now rotate the MAC */
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    j = 0;
+    for (i = 0; i < md_size; i++) {
+        /* in case cache-line is 32 bytes, touch second line */
+        ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
+        out[j++] = rotated_mac[rotate_offset++];
+        rotate_offset &= constant_time_lt(rotate_offset, md_size);
+    }
+#else
+    memset(out, 0, md_size);
+    rotate_offset = md_size - rotate_offset;
+    rotate_offset &= constant_time_lt(rotate_offset, md_size);
+    for (i = 0; i < md_size; i++) {
+        for (j = 0; j < md_size; j++)
+            out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
+        rotate_offset++;
+        rotate_offset &= constant_time_lt(rotate_offset, md_size);
+    }
+#endif
+}
+
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int i, al;
+    int enc_err;
+    SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+    unsigned int mac_size;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    sess = s->session;
+
+    /*
+     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+     * and we have that many bytes in s->packet
+     */
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
+
+    /*
+     * ok, we can now read from 's->packet' data into 'rr' rr->input points
+     * at rr->length bytes, which need to be copied into rr->data by either
+     * the decryption or by the decompression When the data is 'copied' into
+     * the rr->data buffer, rr->input will be pointed at the new buffer
+     */
+
+    /*
+     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+     * bytes of encrypted compressed stuff.
+     */
+
+    /* check is not needed I believe */
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+        al = SSL_AD_RECORD_OVERFLOW;
+        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    /* decrypt in place in 'rr->input' */
+    rr->data = rr->input;
+    rr->orig_len = rr->length;
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publically invalid.
+     *    1: if the padding is valid
+     *   -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        /* For DTLS we simply ignore bad packets. */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto err;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %d\n", rr->length);
+    {
+        unsigned int z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+        /*
+         * orig_len is the length of the record before any padding was
+         * removed. This is public information, as is the MAC in use,
+         * therefore we can safely process the record in a different amount
+         * of time if it's too short to possibly contain a MAC.
+         */
+        if (rr->orig_len < mac_size ||
+            /* CBC records must have a padding length byte too. */
+            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+             rr->orig_len < mac_size + 1)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+
+        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+            /*
+             * We update the length so that the TLS header bytes can be
+             * constructed correctly but we need to extract the MAC in
+             * constant time from within the record, without leaking the
+             * contents of the padding bytes.
+             */
+            mac = mac_tmp;
+            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size);
+            rr->length -= mac_size;
+        } else {
+            /*
+             * In this case there's no padding, so |rec->orig_len| equals
+             * |rec->length| and we checked that there's enough bytes for
+             * |mac_size| above.
+             */
+            rr->length -= mac_size;
+            mac = &rr->data[rr->length];
+        }
+
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i < 0 || mac == NULL
+            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+            enc_err = -1;
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+            enc_err = -1;
+    }
+
+    if (enc_err < 0) {
+        /* decryption failed, silently discard message */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto err;
+    }
+
+    /* r->length is now just compressed */
+    if (s->expand != NULL) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+            al = SSL_AD_RECORD_OVERFLOW;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
+                   SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+            goto f_err;
+        }
+        if (!ssl3_do_uncompress(s, rr)) {
+            al = SSL_AD_DECOMPRESSION_FAILURE;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+            goto f_err;
+        }
+    }
+
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+        al = SSL_AD_RECORD_OVERFLOW;
+        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    rr->off = 0;
+    /*-
+     * So at this point the following is true
+     * ssl->s3->rrec.type   is the type of record
+     * ssl->s3->rrec.length == number of bytes in record
+     * ssl->s3->rrec.off    == offset to first valid byte
+     * ssl->s3->rrec.data   == where to take bytes from, increment
+     *                         after use :-).
+     */
+
+    /* we have pulled in a full packet so zero things */
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
+
+    /* Mark receipt of record. */
+    dtls1_record_bitmap_update(s, bitmap);
+
+    return (1);
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    return (0);
+}
+
+/*
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
+ */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)))
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor;
+    int i, n;
+    SSL3_RECORD *rr;
+    unsigned char *p = NULL;
+    unsigned short version;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+ again:
+    /*
+     * The epoch may have changed.  If so, process all the pending records.
+     * This is a non-blocking operation.
+     */
+    if (!dtls1_process_buffered_records(s))
+        return -1;
+
+    /* if we're renegotiating, then there may be buffered records */
+    if (dtls1_get_processed_record(s))
+        return 1;
+
+    /* get something from the wire */
+
+    /* check if we have the header */
+    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
+        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+                        SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1);
+        /* read timeout is handled by dtls1_read_bytes */
+        if (n <= 0)
+            return (n);         /* error or non-blocking */
+
+        /* this packet contained a partial record, dump it */
+        if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
+            DTLS1_RT_HEADER_LENGTH) {
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+        p = RECORD_LAYER_get_packet(&s->rlayer);
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
+                            s, s->msg_callback_arg);
+
+        /* Pull apart the header into the DTLS1_RECORD */
+        rr->type = *(p++);
+        ssl_major = *(p++);
+        ssl_minor = *(p++);
+        version = (ssl_major << 8) | ssl_minor;
+
+        /* sequence number is 64 bits, with top 2 bytes = epoch */
+        n2s(p, rr->epoch);
+
+        memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
+        p += 6;
+
+        n2s(p, rr->length);
+
+        /*
+         * Lets check the version. We tolerate alerts that don't have the exact
+         * version number (e.g. because of protocol version errors)
+         */
+        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
+            if (version != s->version) {
+                /* unexpected version, silently discard */
+                rr->length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                goto again;
+            }
+        }
+
+        if ((version & 0xff00) != (s->version & 0xff00)) {
+            /* wrong version, silently discard record */
+            rr->length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+    }
+
+    /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */
+
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
+        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+        i = rr->length;
+        n = ssl3_read_n(s, i, i, 1, 1);
+        /* this packet contained a partial record, dump it */
+        if (n != i) {
+            rr->length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /*
+         * now n == rr->length, and s->packet_length ==
+         * DTLS1_RT_HEADER_LENGTH + rr->length
+         */
+    }
+    /* set state for later operations */
+    RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+    /* match epochs.  NULL means the packet is dropped on the floor */
+    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+    if (bitmap == NULL) {
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+#ifndef OPENSSL_NO_SCTP
+    /* Only do replay check if no SCTP bio */
+    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+#endif
+        /* Check whether this is a repeat, or aged record. */
+        /*
+         * TODO: Does it make sense to have replay protection in epoch 0 where
+         * we have no integrity negotiated yet?
+         */
+        if (!dtls1_record_replay_check(s, bitmap)) {
+            rr->length = 0;
+            RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+            goto again;         /* get another record */
+        }
+#ifndef OPENSSL_NO_SCTP
+    }
+#endif
+
+    /* just read a 0 length packet */
+    if (rr->length == 0)
+        goto again;
+
+    /*
+     * If this record is from the next epoch (either HM or ALERT), and a
+     * handshake is currently in progress, buffer it since it cannot be
+     * processed at this time.
+     */
+    if (is_next_epoch) {
+        if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
+            if (dtls1_buffer_record
+                (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+                 rr->seq_num) < 0)
+                return -1;
+        }
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto again;
+    }
+
+    if (!dtls1_process_record(s, bitmap)) {
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+
+    return (1);
+
+}
diff --git a/openssl-1.1.0h/ssl/s3_cbc.c b/openssl-1.1.0h/ssl/s3_cbc.c
new file mode 100644
index 0000000..9a228f7
--- /dev/null
+++ b/openssl-1.1.0h/ssl/s3_cbc.c
@@ -0,0 +1,529 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time_locl.h"
+#include "ssl_locl.h"
+
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+/*
+ * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's
+ * length field. (SHA-384/512 have 128-bit length.)
+ */
+#define MAX_HASH_BIT_COUNT_BYTES 16
+
+/*
+ * MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
+ * Currently SHA-384/512 has a 128-byte block size and that's the largest
+ * supported by TLS.)
+ */
+#define MAX_HASH_BLOCK_SIZE 128
+
+/*
+ * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
+ * little-endian order. The value of p is advanced by four.
+ */
+#define u32toLE(n, p) \
+        (*((p)++)=(unsigned char)(n), \
+         *((p)++)=(unsigned char)(n>>8), \
+         *((p)++)=(unsigned char)(n>>16), \
+         *((p)++)=(unsigned char)(n>>24))
+
+/*
+ * These functions serialize the state of a hash and thus perform the
+ * standard "final" operation without adding the padding and length that such
+ * a function typically does.
+ */
+static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
+{
+    MD5_CTX *md5 = ctx;
+    u32toLE(md5->A, md_out);
+    u32toLE(md5->B, md_out);
+    u32toLE(md5->C, md_out);
+    u32toLE(md5->D, md_out);
+}
+
+static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA_CTX *sha1 = ctx;
+    l2n(sha1->h0, md_out);
+    l2n(sha1->h1, md_out);
+    l2n(sha1->h2, md_out);
+    l2n(sha1->h3, md_out);
+    l2n(sha1->h4, md_out);
+}
+
+static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA256_CTX *sha256 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n(sha256->h[i], md_out);
+    }
+}
+
+static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA512_CTX *sha512 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n8(sha512->h[i], md_out);
+    }
+}
+
+#undef  LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
+
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+{
+    if (FIPS_mode())
+        return 0;
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+/*-
+ * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
+ * record.
+ *
+ *   ctx: the EVP_MD_CTX from which we take the hash function.
+ *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
+ *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
+ *   md_out_size: if non-NULL, the number of output bytes is written here.
+ *   header: the 13-byte, TLS record header.
+ *   data: the record data itself, less any preceding explicit IV.
+ *   data_plus_mac_size: the secret, reported length of the data and MAC
+ *     once the padding has been removed.
+ *   data_plus_mac_plus_padding_size: the public length of the whole
+ *     record, including padding.
+ *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
+ *
+ * On entry: by virtue of having been through one of the remove_padding
+ * functions, above, we know that data_plus_mac_size is large enough to contain
+ * a padding byte and MAC. (If the padding was invalid, it might contain the
+ * padding too. )
+ * Returns 1 on success or 0 on error
+ */
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                           unsigned char *md_out,
+                           size_t *md_out_size,
+                           const unsigned char header[13],
+                           const unsigned char *data,
+                           size_t data_plus_mac_size,
+                           size_t data_plus_mac_plus_padding_size,
+                           const unsigned char *mac_secret,
+                           unsigned mac_secret_length, char is_sslv3)
+{
+    union {
+        double align;
+        unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
+    } md_state;
+    void (*md_final_raw) (void *ctx, unsigned char *md_out);
+    void (*md_transform) (void *ctx, const unsigned char *block);
+    unsigned md_size, md_block_size = 64;
+    unsigned sslv3_pad_length = 40, header_length, variance_blocks,
+        len, max_mac_bytes, num_blocks,
+        num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
+    unsigned int bits;          /* at most 18 bits */
+    unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
+    /* hmac_pad is the masked HMAC key. */
+    unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
+    unsigned char first_block[MAX_HASH_BLOCK_SIZE];
+    unsigned char mac_out[EVP_MAX_MD_SIZE];
+    unsigned i, j, md_out_size_u;
+    EVP_MD_CTX *md_ctx = NULL;
+    /*
+     * mdLengthSize is the number of bytes in the length field that
+     * terminates * the hash.
+     */
+    unsigned md_length_size = 8;
+    char length_is_big_endian = 1;
+    int ret;
+
+    /*
+     * This is a, hopefully redundant, check that allows us to forget about
+     * many possible overflows later in this function.
+     */
+    OPENSSL_assert(data_plus_mac_plus_padding_size < 1024 * 1024);
+
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+        if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_md5_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
+        md_size = 16;
+        sslv3_pad_length = 48;
+        length_is_big_endian = 0;
+        break;
+    case NID_sha1:
+        if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha1_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
+        md_size = 20;
+        break;
+    case NID_sha224:
+        if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 224 / 8;
+        break;
+    case NID_sha256:
+        if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 32;
+        break;
+    case NID_sha384:
+        if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 384 / 8;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    case NID_sha512:
+        if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 64;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    default:
+        /*
+         * ssl3_cbc_record_digest_supported should have been called first to
+         * check that the hash function is supported.
+         */
+        OPENSSL_assert(0);
+        if (md_out_size)
+            *md_out_size = 0;
+        return 0;
+    }
+
+    OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
+    OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
+    OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+
+    header_length = 13;
+    if (is_sslv3) {
+        header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence
+                                                                  * number */  +
+            1 /* record type */  +
+            2 /* record length */ ;
+    }
+
+    /*
+     * variance_blocks is the number of blocks of the hash that we have to
+     * calculate in constant time because they could be altered by the
+     * padding value. In SSLv3, the padding must be minimal so the end of
+     * the plaintext varies by, at most, 15+20 = 35 bytes. (We conservatively
+     * assume that the MAC size varies from 0..20 bytes.) In case the 9 bytes
+     * of hash termination (0x80 + 64-bit length) don't fit in the final
+     * block, we say that the final two blocks can vary based on the padding.
+     * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
+     * required to be minimal. Therefore we say that the final six blocks can
+     * vary based on the padding. Later in the function, if the message is
+     * short and there obviously cannot be this many blocks then
+     * variance_blocks can be reduced.
+     */
+    variance_blocks = is_sslv3 ? 2 : 6;
+    /*
+     * From now on we're dealing with the MAC, which conceptually has 13
+     * bytes of `header' before the start of the data (TLS) or 71/75 bytes
+     * (SSLv3)
+     */
+    len = data_plus_mac_plus_padding_size + header_length;
+    /*
+     * max_mac_bytes contains the maximum bytes of bytes in the MAC,
+     * including * |header|, assuming that there's no padding.
+     */
+    max_mac_bytes = len - md_size - 1;
+    /* num_blocks is the maximum number of hash blocks. */
+    num_blocks =
+        (max_mac_bytes + 1 + md_length_size + md_block_size -
+         1) / md_block_size;
+    /*
+     * In order to calculate the MAC in constant time we have to handle the
+     * final blocks specially because the padding value could cause the end
+     * to appear somewhere in the final |variance_blocks| blocks and we can't
+     * leak where. However, |num_starting_blocks| worth of data can be hashed
+     * right away because no padding value can affect whether they are
+     * plaintext.
+     */
+    num_starting_blocks = 0;
+    /*
+     * k is the starting byte offset into the conceptual header||data where
+     * we start processing.
+     */
+    k = 0;
+    /*
+     * mac_end_offset is the index just past the end of the data to be MACed.
+     */
+    mac_end_offset = data_plus_mac_size + header_length - md_size;
+    /*
+     * c is the index of the 0x80 byte in the final hash block that contains
+     * application data.
+     */
+    c = mac_end_offset % md_block_size;
+    /*
+     * index_a is the hash block number that contains the 0x80 terminating
+     * value.
+     */
+    index_a = mac_end_offset / md_block_size;
+    /*
+     * index_b is the hash block number that contains the 64-bit hash length,
+     * in bits.
+     */
+    index_b = (mac_end_offset + md_length_size) / md_block_size;
+    /*
+     * bits is the hash-length in bits. It includes the additional hash block
+     * for the masked HMAC key, or whole of |header| in the case of SSLv3.
+     */
+
+    /*
+     * For SSLv3, if we're going to have any starting blocks then we need at
+     * least two because the header is larger than a single block.
+     */
+    if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
+        num_starting_blocks = num_blocks - variance_blocks;
+        k = md_block_size * num_starting_blocks;
+    }
+
+    bits = 8 * mac_end_offset;
+    if (!is_sslv3) {
+        /*
+         * Compute the initial HMAC block. For SSLv3, the padding and secret
+         * bytes are included in |header| because they take more than a
+         * single block.
+         */
+        bits += 8 * md_block_size;
+        memset(hmac_pad, 0, md_block_size);
+        OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
+        memcpy(hmac_pad, mac_secret, mac_secret_length);
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x36;
+
+        md_transform(md_state.c, hmac_pad);
+    }
+
+    if (length_is_big_endian) {
+        memset(length_bytes, 0, md_length_size - 4);
+        length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 1] = (unsigned char)bits;
+    } else {
+        memset(length_bytes, 0, md_length_size);
+        length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 8] = (unsigned char)bits;
+    }
+
+    if (k > 0) {
+        if (is_sslv3) {
+            unsigned overhang;
+
+            /*
+             * The SSLv3 header is larger than a single block. overhang is
+             * the number of bytes beyond a single block that the header
+             * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no
+             * ciphersuites in SSLv3 that are not SHA1 or MD5 based and
+             * therefore we can be confident that the header_length will be
+             * greater than |md_block_size|. However we add a sanity check just
+             * in case
+             */
+            if (header_length <= md_block_size) {
+                /* Should never happen */
+                return 0;
+            }
+            overhang = header_length - md_block_size;
+            md_transform(md_state.c, header);
+            memcpy(first_block, header + md_block_size, overhang);
+            memcpy(first_block + overhang, data, md_block_size - overhang);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size - 1; i++)
+                md_transform(md_state.c, data + md_block_size * i - overhang);
+        } else {
+            /* k is a multiple of md_block_size. */
+            memcpy(first_block, header, 13);
+            memcpy(first_block + 13, data, md_block_size - 13);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size; i++)
+                md_transform(md_state.c, data + md_block_size * i - 13);
+        }
+    }
+
+    memset(mac_out, 0, sizeof(mac_out));
+
+    /*
+     * We now process the final hash blocks. For each block, we construct it
+     * in constant time. If the |i==index_a| then we'll include the 0x80
+     * bytes and zero pad etc. For each block we selectively copy it, in
+     * constant time, to |mac_out|.
+     */
+    for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
+         i++) {
+        unsigned char block[MAX_HASH_BLOCK_SIZE];
+        unsigned char is_block_a = constant_time_eq_8(i, index_a);
+        unsigned char is_block_b = constant_time_eq_8(i, index_b);
+        for (j = 0; j < md_block_size; j++) {
+            unsigned char b = 0, is_past_c, is_past_cp1;
+            if (k < header_length)
+                b = header[k];
+            else if (k < data_plus_mac_plus_padding_size + header_length)
+                b = data[k - header_length];
+            k++;
+
+            is_past_c = is_block_a & constant_time_ge_8(j, c);
+            is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1);
+            /*
+             * If this is the block containing the end of the application
+             * data, and we are at the offset for the 0x80 value, then
+             * overwrite b with 0x80.
+             */
+            b = constant_time_select_8(is_past_c, 0x80, b);
+            /*
+             * If this the the block containing the end of the application
+             * data and we're past the 0x80 value then just write zero.
+             */
+            b = b & ~is_past_cp1;
+            /*
+             * If this is index_b (the final block), but not index_a (the end
+             * of the data), then the 64-bit length didn't fit into index_a
+             * and we're having to add an extra block of zeros.
+             */
+            b &= ~is_block_b | is_block_a;
+
+            /*
+             * The final bytes of one of the blocks contains the length.
+             */
+            if (j >= md_block_size - md_length_size) {
+                /* If this is index_b, write a length byte. */
+                b = constant_time_select_8(is_block_b,
+                                           length_bytes[j -
+                                                        (md_block_size -
+                                                         md_length_size)], b);
+            }
+            block[j] = b;
+        }
+
+        md_transform(md_state.c, block);
+        md_final_raw(md_state.c, block);
+        /* If this is index_b, copy the hash value to |mac_out|. */
+        for (j = 0; j < md_size; j++)
+            mac_out[j] |= block[j] & is_block_b;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL)
+        goto err;
+    if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
+        goto err;
+    if (is_sslv3) {
+        /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
+        memset(hmac_pad, 0x5c, sslv3_pad_length);
+
+        if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
+            || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    } else {
+        /* Complete the HMAC in the standard manner. */
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x6a;
+
+        if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    }
+    ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
+    if (ret && md_out_size)
+        *md_out_size = md_out_size_u;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
+
+/*
+ * Due to the need to use EVP in FIPS mode we can't reimplement digests but
+ * we can ensure the number of blocks processed is equal for all cases by
+ * digesting additional data.
+ */
+
+int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+                          EVP_MD_CTX *mac_ctx, const unsigned char *data,
+                          size_t data_len, size_t orig_len)
+{
+    size_t block_size, digest_pad, blocks_data, blocks_orig;
+    if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
+        return 1;
+    block_size = EVP_MD_CTX_block_size(mac_ctx);
+    /*-
+     * We are in FIPS mode if we get this far so we know we have only SHA*
+     * digests and TLS to deal with.
+     * Minimum digest padding length is 17 for SHA384/SHA512 and 9
+     * otherwise.
+     * Additional header is 13 bytes. To get the number of digest blocks
+     * processed round up the amount of data plus padding to the nearest
+     * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
+     * So we have:
+     * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
+     * equivalently:
+     * blocks = (payload_len + digest_pad + 12)/block_size + 1
+     * HMAC adds a constant overhead.
+     * We're ultimately only interested in differences so this becomes
+     * blocks = (payload_len + 29)/128
+     * for SHA384/SHA512 and
+     * blocks = (payload_len + 21)/64
+     * otherwise.
+     */
+    digest_pad = block_size == 64 ? 21 : 29;
+    blocks_orig = (orig_len + digest_pad) / block_size;
+    blocks_data = (data_len + digest_pad) / block_size;
+    /*
+     * MAC enough blocks to make up the difference between the original and
+     * actual lengths plus one extra block to ensure this is never a no op.
+     * The "data" pointer should always have enough space to perform this
+     * operation as it is large enough for a maximum length TLS buffer.
+     */
+    return EVP_DigestSignUpdate(mac_ctx, data,
+                                (blocks_orig - blocks_data + 1) * block_size);
+}
diff --git a/openssl-1.1.0h/ssl/s3_enc.c b/openssl-1.1.0h/ssl/s3_enc.c
new file mode 100644
index 0000000..e08857d
--- /dev/null
+++ b/openssl-1.1.0h/ssl/s3_enc.c
@@ -0,0 +1,550 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+    EVP_MD_CTX *m5;
+    EVP_MD_CTX *s1;
+    unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
+    unsigned char c = 'A';
+    unsigned int i, j, k;
+    int ret = 0;
+
+#ifdef CHARSET_EBCDIC
+    c = os_toascii[c];          /* 'A' in ASCII */
+#endif
+    k = 0;
+    m5 = EVP_MD_CTX_new();
+    s1 = EVP_MD_CTX_new();
+    if (m5 == NULL || s1 == NULL) {
+        SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
+        k++;
+        if (k > sizeof(buf)) {
+            /* bug: 'buf' is too small for this ciphersuite */
+            SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        for (j = 0; j < k; j++)
+            buf[j] = c;
+        c++;
+        if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+            || !EVP_DigestUpdate(s1, buf, k)
+            || !EVP_DigestUpdate(s1, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestFinal_ex(s1, smd, NULL)
+            || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+            || !EVP_DigestUpdate(m5, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH))
+            goto err;
+        if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+            if (!EVP_DigestFinal_ex(m5, smd, NULL))
+                goto err;
+            memcpy(km, smd, (num - i));
+        } else {
+            if (!EVP_DigestFinal_ex(m5, km, NULL))
+                goto err;
+        }
+
+        km += MD5_DIGEST_LENGTH;
+    }
+    OPENSSL_cleanse(smd, sizeof(smd));
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(m5);
+    EVP_MD_CTX_free(s1);
+    return ret;
+}
+
+int ssl3_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char exp_key[EVP_MAX_KEY_LENGTH];
+    unsigned char exp_iv[EVP_MAX_IV_LENGTH];
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    COMP_METHOD *comp;
+#endif
+    const EVP_MD *m;
+    int n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    /* m == NULL will lead to a crash later */
+    OPENSSL_assert(m);
+#ifndef OPENSSL_NO_COMP
+    if (s->s3->tmp.new_compression == NULL)
+        comp = NULL;
+    else
+        comp = s->s3->tmp.new_compression->method;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL)
+            reuse_dd = 1;
+        else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
+            goto err;
+        else
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        dd = s->enc_read_ctx;
+
+        if (ssl_replace_hash(&s->read_hash, m) == NULL) {
+            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp);
+            if (s->expand == NULL) {
+                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+    } else {
+        if (s->enc_write_ctx != NULL)
+            reuse_dd = 1;
+        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+            goto err;
+        else
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        dd = s->enc_write_ctx;
+        if (ssl_replace_hash(&s->write_hash, m) == NULL) {
+            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp);
+            if (s->compress == NULL) {
+                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    i = EVP_MD_size(m);
+    if (i < 0)
+        goto err2;
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
+        goto err2;
+
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
+    return (1);
+ err:
+    SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ err2:
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
+    return (0);
+}
+
+int ssl3_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int num;
+    int ret = 0;
+    SSL_COMP *comp;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return (1);
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return (0);
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+#ifdef OPENSSL_NO_COMP
+    s->s3->tmp.new_compression = NULL;
+#else
+    s->s3->tmp.new_compression = comp;
+#endif
+
+    num = EVP_MD_size(hash);
+    if (num < 0)
+        return 0;
+
+    num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL)
+        goto err;
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+    ret = ssl3_generate_key_block(s, p, num);
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    return ret;
+
+ err:
+    SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+    return (0);
+}
+
+void ssl3_cleanup_key_block(SSL *s)
+{
+    OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+    s->s3->tmp.key_block = NULL;
+    s->s3->tmp.key_block_length = 0;
+}
+
+int ssl3_init_finished_mac(SSL *s)
+{
+    BIO *buf = BIO_new(BIO_s_mem());
+
+    if (buf == NULL) {
+        SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ssl3_free_digest_list(s);
+    s->s3->handshake_buffer = buf;
+    (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
+    return 1;
+}
+
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
+void ssl3_free_digest_list(SSL *s)
+{
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(s->s3->handshake_dgst);
+    s->s3->handshake_dgst = NULL;
+}
+
+int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+{
+    if (s->s3->handshake_dgst == NULL)
+        /* Note: this writes to a memory BIO so a failure is a fatal error */
+        return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len;
+    else
+        return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+}
+
+int ssl3_digest_cached_records(SSL *s, int keep)
+{
+    const EVP_MD *md;
+    long hdatalen;
+    void *hdata;
+
+    if (s->s3->handshake_dgst == NULL) {
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                   SSL_R_BAD_HANDSHAKE_LENGTH);
+            return 0;
+        }
+
+        s->s3->handshake_dgst = EVP_MD_CTX_new();
+        if (s->s3->handshake_dgst == NULL) {
+            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        md = ssl_handshake_md(s);
+        if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
+            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (keep == 0) {
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+    }
+
+    return 1;
+}
+
+int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
+{
+    int ret;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (!ssl3_digest_cached_records(s, 0))
+        return 0;
+
+    if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) {
+        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, SSL_R_NO_REQUIRED_DIGEST);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
+        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ret = EVP_MD_CTX_size(ctx);
+    if (ret < 0) {
+        EVP_MD_CTX_reset(ctx);
+        return 0;
+    }
+
+    if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
+        || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                           s->session->master_key_length,
+                           s->session->master_key) <= 0
+        || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
+        ret = 0;
+    }
+
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                int len)
+{
+    static const unsigned char *salt[3] = {
+#ifndef CHARSET_EBCDIC
+        (const unsigned char *)"A",
+        (const unsigned char *)"BB",
+        (const unsigned char *)"CCC",
+#else
+        (const unsigned char *)"\x41",
+        (const unsigned char *)"\x42\x42",
+        (const unsigned char *)"\x43\x43\x43",
+#endif
+    };
+    unsigned char buf[EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int i, ret = 0;
+    unsigned int n;
+
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < 3; i++) {
+        if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
+            || EVP_DigestUpdate(ctx, salt[i],
+                                strlen((const char *)salt[i])) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
+            || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, buf, n) <= 0
+            || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
+            SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+            ret = 0;
+            break;
+        }
+        out += n;
+        ret += n;
+    }
+    EVP_MD_CTX_free(ctx);
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    return (ret);
+}
+
+int ssl3_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return (SSL3_AD_CLOSE_NOTIFY);
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return (SSL3_AD_UNEXPECTED_MESSAGE);
+    case SSL_AD_BAD_RECORD_MAC:
+        return (SSL3_AD_BAD_RECORD_MAC);
+    case SSL_AD_DECRYPTION_FAILED:
+        return (SSL3_AD_BAD_RECORD_MAC);
+    case SSL_AD_RECORD_OVERFLOW:
+        return (SSL3_AD_BAD_RECORD_MAC);
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return (SSL3_AD_DECOMPRESSION_FAILURE);
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_NO_CERTIFICATE:
+        return (SSL3_AD_NO_CERTIFICATE);
+    case SSL_AD_BAD_CERTIFICATE:
+        return (SSL3_AD_BAD_CERTIFICATE);
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return (SSL3_AD_CERTIFICATE_REVOKED);
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return (SSL3_AD_CERTIFICATE_EXPIRED);
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return (SSL3_AD_CERTIFICATE_UNKNOWN);
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return (SSL3_AD_ILLEGAL_PARAMETER);
+    case SSL_AD_UNKNOWN_CA:
+        return (SSL3_AD_BAD_CERTIFICATE);
+    case SSL_AD_ACCESS_DENIED:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_DECODE_ERROR:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_DECRYPT_ERROR:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_EXPORT_RESTRICTION:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_PROTOCOL_VERSION:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_INTERNAL_ERROR:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_USER_CANCELLED:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_NO_RENEGOTIATION:
+        return (-1);            /* Don't send it :-) */
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return (TLS1_AD_NO_APPLICATION_PROTOCOL);
+    default:
+        return (-1);
+    }
+}
diff --git a/openssl-1.1.0h/ssl/s3_lib.c b/openssl-1.1.0h/ssl/s3_lib.c
new file mode 100644
index 0000000..ad7532b
--- /dev/null
+++ b/openssl-1.1.0h/ssl/s3_lib.c
@@ -0,0 +1,4140 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+
+#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
+
+/*
+ * The list of available ciphers, mostly organized into the following
+ * groups:
+ *      Always there
+ *      EC
+ *      PSK
+ *      SRP (within that: RSA EC PSK)
+ *      Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
+ *      Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] = {
+    {
+     1,
+     SSL3_TXT_RSA_NULL_MD5,
+     SSL3_CK_RSA_NULL_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_NULL_SHA,
+     SSL3_CK_RSA_NULL_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_RSA_DES_192_CBC3_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_CK_ADH_DES_192_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#endif
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_CK_RSA_WITH_AES_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_CK_ADH_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_CK_RSA_WITH_AES_256_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_CK_ADH_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_CK_RSA_WITH_NULL_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_CK_ADH_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_CK_RSA_WITH_AES_128_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_CK_RSA_WITH_AES_256_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_RSA_WITH_AES_128_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_RSA_WITH_AES_256_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_CK_PSK_WITH_AES_128_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_CK_PSK_WITH_AES_256_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_PSK_WITH_AES_128_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_PSK_WITH_AES_256_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+
+#ifndef OPENSSL_NO_EC
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_EC */
+
+#ifndef OPENSSL_NO_PSK
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_CK_PSK_WITH_NULL_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_CK_PSK_WITH_NULL_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_EC
+#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#  endif
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+# endif                         /* OPENSSL_NO_EC */
+#endif                          /* OPENSSL_NO_PSK */
+
+#ifndef OPENSSL_NO_SRP
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_SRP */
+
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+# ifndef OPENSSL_NO_RSA
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+# endif                         /* OPENSSL_NO_RSA */
+
+# ifndef OPENSSL_NO_EC
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+# endif                         /* OPENSSL_NO_EC */
+
+# ifndef OPENSSL_NO_PSK
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+# endif                         /* OPENSSL_NO_PSK */
+#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
+                                 * !defined(OPENSSL_NO_POLY1305) */
+
+#ifndef OPENSSL_NO_CAMELLIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+# ifndef OPENSSL_NO_EC
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+# endif                         /* OPENSSL_NO_EC */
+
+# ifndef OPENSSL_NO_PSK
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+# endif                         /* OPENSSL_NO_PSK */
+
+#endif                          /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_GOST
+    {
+     1,
+     "GOST2001-GOST89-GOST89",
+     0x3000081,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2001-NULL-GOST94",
+     0x3000083,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST94,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0,
+     },
+    {
+     1,
+     "GOST2012-GOST8912-GOST8912",
+     0x0300ff85,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eGOST2814789CNT12,
+     SSL_GOST89MAC12,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2012-NULL-GOST12",
+     0x0300ff87,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST12_256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     0,
+     0,
+     },
+#endif                          /* OPENSSL_NO_GOST */
+
+#ifndef OPENSSL_NO_IDEA
+    {
+     1,
+     SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_CK_RSA_IDEA_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_1_VERSION,
+     DTLS1_BAD_VER, DTLS1_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    {
+     1,
+     TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_CK_RSA_WITH_SEED_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_CK_ADH_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_CK_RSA_RC4_128_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_CK_RSA_RC4_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_CK_ADH_RC4_128_MD5,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+# ifndef OPENSSL_NO_EC
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+# endif                         /* OPENSSL_NO_EC */
+
+# ifndef OPENSSL_NO_PSK
+    {
+     1,
+     TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_PSK_WITH_RC4_128_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+# endif                         /* OPENSSL_NO_PSK */
+
+#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
+
+};
+
+static int cipher_compare(const void *a, const void *b)
+{
+    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
+    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
+
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
+}
+
+void ssl_sort_cipher_list(void)
+{
+    qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof(ssl3_ciphers[0]),
+          cipher_compare);
+}
+
+static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
+                                    const char * t, size_t u,
+                                    const unsigned char * v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+const SSL3_ENC_METHOD SSLv3_enc_data = {
+    ssl3_enc,
+    n_ssl3_mac,
+    ssl3_setup_key_block,
+    ssl3_generate_master_secret,
+    ssl3_change_cipher_state,
+    ssl3_final_finish_mac,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    SSL3_MD_CLIENT_FINISHED_CONST, 4,
+    SSL3_MD_SERVER_FINISHED_CONST, 4,
+    ssl3_alert_code,
+    ssl_undefined_function_1,
+    0,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    ssl3_handshake_write
+};
+
+long ssl3_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int ssl3_num_ciphers(void)
+{
+    return (SSL3_NUM_CIPHERS);
+}
+
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+{
+    if (u < SSL3_NUM_CIPHERS)
+        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+    else
+        return (NULL);
+}
+
+int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
+{
+    unsigned char *p = (unsigned char *)s->init_buf->data;
+    *(p++) = htype;
+    l2n3(len, p);
+    s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
+    s->init_off = 0;
+
+    return 1;
+}
+
+int ssl3_handshake_write(SSL *s)
+{
+    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int ssl3_new(SSL *s)
+{
+    SSL3_STATE *s3;
+
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
+        goto err;
+    s->s3 = s3;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_SRP_CTX_init(s))
+        goto err;
+#endif
+    s->method->ssl_clear(s);
+    return (1);
+ err:
+    return (0);
+}
+
+void ssl3_free(SSL *s)
+{
+    if (s == NULL || s->s3 == NULL)
+        return;
+
+    ssl3_cleanup_key_block(s);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+#endif
+
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    ssl3_free_digest_list(s);
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+#ifndef OPENSSL_NO_SRP
+    SSL_SRP_CTX_free(s);
+#endif
+    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
+    s->s3 = NULL;
+}
+
+void ssl3_clear(SSL *s)
+{
+    ssl3_cleanup_key_block(s);
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    EVP_PKEY_free(s->s3->peer_tmp);
+#endif                          /* !OPENSSL_NO_EC */
+
+    ssl3_free_digest_list(s);
+
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+    /* NULL/zero-out everything in the s3 struct */
+    memset(s->s3, 0, sizeof(*s->s3));
+
+    ssl_free_wbio_buffer(s);
+
+    s->version = SSL3_VERSION;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->next_proto_negotiated);
+    s->next_proto_negotiated = NULL;
+    s->next_proto_negotiated_len = 0;
+#endif
+}
+
+#ifndef OPENSSL_NO_SRP
+static char *srp_password_from_info_cb(SSL *s, void *arg)
+{
+    return OPENSSL_strdup(s->srp_ctx.info);
+}
+#endif
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+        break;
+    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        break;
+    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        s->s3->num_renegotiations = 0;
+        break;
+    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+        ret = s->s3->total_renegotiations;
+        break;
+    case SSL_CTRL_GET_FLAGS:
+        ret = (int)(s->s3->flags);
+        break;
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return (ret);
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return ret;
+            }
+            EVP_PKEY_free(s->cert->dh_tmp);
+            s->cert->dh_tmp = pkdh;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (ret);
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        s->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+                                   &s->tlsext_ellipticcurvelist_length,
+                                   &nid, 1);
+        }
+        break;
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
+            OPENSSL_free(s->tlsext_hostname);
+            s->tlsext_hostname = NULL;
+
+            ret = 1;
+            if (parg == NULL)
+                break;
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                return 0;
+            }
+            if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+        s->tlsext_debug_arg = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        ret = s->tlsext_status_type;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        s->tlsext_status_type = larg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+        s->tlsext_ocsp_exts = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+        s->tlsext_ocsp_ids = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        *(unsigned char **)parg = s->tlsext_ocsp_resp;
+        return s->tlsext_ocsp_resplen;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        OPENSSL_free(s->tlsext_ocsp_resp);
+        s->tlsext_ocsp_resp = parg;
+        s->tlsext_ocsp_resplen = larg;
+        ret = 1;
+        break;
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
+        if (SSL_IS_DTLS(s))
+            ret = dtls1_heartbeat(s);
+        break;
+
+    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+        if (SSL_IS_DTLS(s))
+            ret = s->tlsext_hb_pending;
+        break;
+
+    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+        if (SSL_IS_DTLS(s)) {
+            if (larg)
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+            else
+                s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+            ret = 1;
+        }
+        break;
+#endif
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = s->cert->key->chain;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(s->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        if (larg == SSL_CERT_SET_SERVER) {
+            CERT_PKEY *cpk;
+            const SSL_CIPHER *cipher;
+            if (!s->server)
+                return 0;
+            cipher = s->s3->tmp.new_cipher;
+            if (!cipher)
+                return 0;
+            /*
+             * No certificate for unauthenticated ciphersuites or using SRP
+             * authentication
+             */
+            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+                return 2;
+            cpk = ssl_get_server_send_pkey(s);
+            if (!cpk)
+                return 0;
+            s->cert->key = cpk;
+            return 1;
+        }
+        return ssl_cert_set_current(s->cert, larg);
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_CURVES:
+        {
+            unsigned char *clist;
+            size_t clistlen;
+            if (!s->session)
+                return 0;
+            clist = s->session->tlsext_ellipticcurvelist;
+            clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+            if (parg) {
+                size_t i;
+                int *cptr = parg;
+                unsigned int cid, nid;
+                for (i = 0; i < clistlen; i++) {
+                    n2s(clist, cid);
+                    nid = tls1_ec_curve_id2nid(cid, NULL);
+                    if (nid != 0)
+                        cptr[i] = nid;
+                    else
+                        cptr[i] = TLSEXT_nid_unknown | cid;
+                }
+            }
+            return (int)clistlen;
+        }
+
+    case SSL_CTRL_SET_CURVES:
+        return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+                               &s->tlsext_ellipticcurvelist_length, parg, larg);
+
+    case SSL_CTRL_SET_CURVES_LIST:
+        return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
+                                    &s->tlsext_ellipticcurvelist_length, parg);
+
+    case SSL_CTRL_GET_SHARED_CURVE:
+        return tls1_shared_curve(s, larg);
+
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 1);
+
+    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
+        {
+            const unsigned char **pctype = parg;
+            if (s->server || !s->s3->tmp.cert_req)
+                return 0;
+            if (s->cert->ctypes) {
+                if (pctype)
+                    *pctype = s->cert->ctypes;
+                return (int)s->cert->ctype_num;
+            }
+            if (pctype)
+                *pctype = (unsigned char *)s->s3->tmp.ctype;
+            return s->s3->tmp.ctype_num;
+        }
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        if (!s->server)
+            return 0;
+        return ssl3_set_req_cert_type(s->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(s, NULL, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
+
+    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
+        if (SSL_USE_SIGALGS(s)) {
+            if (s->session) {
+                const EVP_MD *sig;
+                sig = s->s3->tmp.peer_md;
+                if (sig) {
+                    *(int *)parg = EVP_MD_type(sig);
+                    return 1;
+                }
+            }
+            return 0;
+        }
+        /* Might want to do something here for other versions */
+        else
+            return 0;
+
+    case SSL_CTRL_GET_SERVER_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
+            return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
+        }
+#else
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_EC_POINT_FORMATS:
+        {
+            SSL_SESSION *sess = s->session;
+            const unsigned char **pformat = parg;
+            if (!sess || !sess->tlsext_ecpointformatlist)
+                return 0;
+            *pformat = sess->tlsext_ecpointformatlist;
+            return (int)sess->tlsext_ecpointformatlist_length;
+        }
+#endif
+
+    default:
+        break;
+    }
+    return (ret);
+}
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    int ret = 0;
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
+                                       const unsigned char *, int, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        break;
+    }
+    return (ret);
+}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return 1;
+            }
+            EVP_PKEY_free(ctx->cert->dh_tmp);
+            ctx->cert->dh_tmp = pkdh;
+            return 1;
+        }
+        /*
+         * break;
+         */
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (0);
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        ctx->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+                                   &ctx->tlsext_ellipticcurvelist_length,
+                                   &nid, 1);
+        }
+        /* break; */
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+        ctx->tlsext_servername_arg = parg;
+        break;
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+        {
+            unsigned char *keys = parg;
+            long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
+                                       sizeof(ctx->tlsext_tick_hmac_key) +
+                                       sizeof(ctx->tlsext_tick_aes_key));
+            if (keys == NULL)
+                return tlsext_tick_keylen;
+            if (larg != tlsext_tick_keylen) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+            }
+            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
+                memcpy(ctx->tlsext_tick_key_name, keys,
+                       sizeof(ctx->tlsext_tick_key_name));
+                memcpy(ctx->tlsext_tick_hmac_key,
+                       keys + sizeof(ctx->tlsext_tick_key_name),
+                       sizeof(ctx->tlsext_tick_hmac_key));
+                memcpy(ctx->tlsext_tick_aes_key,
+                       keys + sizeof(ctx->tlsext_tick_key_name) +
+                       sizeof(ctx->tlsext_tick_hmac_key),
+                       sizeof(ctx->tlsext_tick_aes_key));
+            } else {
+                memcpy(keys, ctx->tlsext_tick_key_name,
+                       sizeof(ctx->tlsext_tick_key_name));
+                memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
+                       ctx->tlsext_tick_hmac_key,
+                       sizeof(ctx->tlsext_tick_hmac_key));
+                memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
+                       sizeof(ctx->tlsext_tick_hmac_key),
+                       ctx->tlsext_tick_aes_key,
+                       sizeof(ctx->tlsext_tick_aes_key));
+            }
+            return 1;
+        }
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        return ctx->tlsext_status_type;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        ctx->tlsext_status_type = larg;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+        ctx->tlsext_status_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+        *(void**)parg = ctx->tlsext_status_arg;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+        *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        OPENSSL_free(ctx->srp_ctx.login);
+        ctx->srp_ctx.login = NULL;
+        if (parg == NULL)
+            break;
+        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+            return 0;
+        }
+        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            srp_password_from_info_cb;
+        if (ctx->srp_ctx.info != NULL)
+            OPENSSL_free(ctx->srp_ctx.info);
+        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_SRP_ARG:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_cb_arg = parg;
+        break;
+
+    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
+        ctx->srp_ctx.strength = larg;
+        break;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_CURVES:
+        return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+                               &ctx->tlsext_ellipticcurvelist_length,
+                               parg, larg);
+
+    case SSL_CTRL_SET_CURVES_LIST:
+        return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
+                                    &ctx->tlsext_ellipticcurvelist_length,
+                                    parg);
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 1);
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(NULL, ctx, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
+
+        /* A Thawte special :-) */
+    case SSL_CTRL_EXTRA_CHAIN_CERT:
+        if (ctx->extra_certs == NULL) {
+            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        break;
+
+    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+        if (ctx->extra_certs == NULL && larg == 0)
+            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        else
+            *(STACK_OF(X509) **)parg = ctx->extra_certs;
+        break;
+
+    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+        break;
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        return ssl_cert_set_current(ctx->cert, larg);
+
+    default:
+        return (0);
+    }
+    return (1);
+}
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
+                                             unsigned char *,
+                                             EVP_CIPHER_CTX *,
+                                             HMAC_CTX *, int))fp;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.TLS_ext_srp_username_callback =
+            (int (*)(SSL *, int *, void *))fp;
+        break;
+    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            (char *(*)(SSL *, void *))fp;
+        break;
+#endif
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        return (0);
+    }
+    return (1);
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+    SSL_CIPHER c;
+    const SSL_CIPHER *cp;
+    uint32_t id;
+
+    id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
+    c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+    return cp;
+}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+    long l;
+
+    if (p != NULL) {
+        l = c->id;
+        if ((l & 0xff000000) != 0x03000000)
+            return (0);
+        p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+        p[1] = ((unsigned char)(l)) & 0xFF;
+    }
+    return (2);
+}
+
+/*
+ * ssl3_choose_cipher - choose a cipher from those offered by the client
+ * @s: SSL connection
+ * @clnt: ciphers offered by the client
+ * @srvr: ciphers enabled on the server?
+ *
+ * Returns the selected cipher or NULL when no common ciphers.
+ */
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                                     STACK_OF(SSL_CIPHER) *srvr)
+{
+    const SSL_CIPHER *c, *ret = NULL;
+    STACK_OF(SSL_CIPHER) *prio, *allow;
+    int i, ii, ok;
+    unsigned long alg_k, alg_a, mask_k, mask_a;
+
+    /* Let's see which ciphers we can support */
+
+#if 0
+    /*
+     * Do not set the compare functions, because this may lead to a
+     * reordering by "id". We want to keep the original ordering. We may pay
+     * a price in performance during sk_SSL_CIPHER_find(), but would have to
+     * pay with the price of sk_SSL_CIPHER_dup().
+     */
+    sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+    sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
+            (void *)srvr);
+    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+        c = sk_SSL_CIPHER_value(srvr, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
+            (void *)clnt);
+    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+        c = sk_SSL_CIPHER_value(clnt, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+#endif
+
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
+        prio = srvr;
+        allow = clnt;
+    } else {
+        prio = clnt;
+        allow = srvr;
+    }
+
+    tls1_set_cert_validity(s);
+    ssl_set_masks(s);
+
+    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+        c = sk_SSL_CIPHER_value(prio, i);
+
+        /* Skip ciphers not supported by the protocol version */
+        if (!SSL_IS_DTLS(s) &&
+            ((s->version < c->min_tls) || (s->version > c->max_tls)))
+            continue;
+        if (SSL_IS_DTLS(s) &&
+            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
+             DTLS_VERSION_GT(s->version, c->max_dtls)))
+            continue;
+
+        mask_k = s->s3->tmp.mask_k;
+        mask_a = s->s3->tmp.mask_a;
+#ifndef OPENSSL_NO_SRP
+        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+            mask_k |= SSL_kSRP;
+            mask_a |= SSL_aSRP;
+        }
+#endif
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+
+#ifndef OPENSSL_NO_PSK
+        /* with PSK there must be server callback set */
+        if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+            continue;
+#endif                          /* OPENSSL_NO_PSK */
+
+        ok = (alg_k & mask_k) && (alg_a & mask_a);
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+                alg_a, mask_k, mask_a, (void *)c, c->name);
+#endif
+
+#ifndef OPENSSL_NO_EC
+        /*
+         * if we are considering an ECC cipher suite that uses an ephemeral
+         * EC key check it
+         */
+        if (alg_k & SSL_kECDHE)
+            ok = ok && tls1_check_ec_tmp_key(s, c->id);
+#endif                          /* OPENSSL_NO_EC */
+
+        if (!ok)
+            continue;
+        ii = sk_SSL_CIPHER_find(allow, c);
+        if (ii >= 0) {
+            /* Check security callback permits this cipher */
+            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
+                              c->strength_bits, 0, (void *)c))
+                continue;
+#if !defined(OPENSSL_NO_EC)
+            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
+                && s->s3->is_probably_safari) {
+                if (!ret)
+                    ret = sk_SSL_CIPHER_value(allow, ii);
+                continue;
+            }
+#endif
+            ret = sk_SSL_CIPHER_value(allow, ii);
+            break;
+        }
+    }
+    return (ret);
+}
+
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+{
+    int ret = 0;
+    uint32_t alg_k, alg_a = 0;
+
+    /* If we have custom certificate types set, use them */
+    if (s->cert->ctypes) {
+        memcpy(p, s->cert->ctypes, s->cert->ctype_num);
+        return (int)s->cert->ctype_num;
+    }
+    /* Get mask of algorithms disabled by signature list */
+    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_GOST
+    if (s->version >= TLS1_VERSION) {
+        if (alg_k & SSL_kGOST) {
+            p[ret++] = TLS_CT_GOST01_SIGN;
+            p[ret++] = TLS_CT_GOST12_SIGN;
+            p[ret++] = TLS_CT_GOST12_512_SIGN;
+            return (ret);
+        }
+    }
+#endif
+
+    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
+#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_RSA
+        p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
+# endif
+# ifndef OPENSSL_NO_DSA
+        p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
+# endif
+#endif                          /* !OPENSSL_NO_DH */
+    }
+#ifndef OPENSSL_NO_RSA
+    if (!(alg_a & SSL_aRSA))
+        p[ret++] = SSL3_CT_RSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if (!(alg_a & SSL_aDSS))
+        p[ret++] = SSL3_CT_DSS_SIGN;
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * ECDSA certs can be used with RSA cipher suites too so we don't
+     * need to check for SSL_kECDH or SSL_kECDHE
+     */
+    if (s->version >= TLS1_VERSION) {
+        if (!(alg_a & SSL_aECDSA))
+            p[ret++] = TLS_CT_ECDSA_SIGN;
+    }
+#endif
+    return (ret);
+}
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(c->ctypes);
+    c->ctypes = NULL;
+    if (!p || !len)
+        return 1;
+    if (len > 0xff)
+        return 0;
+    c->ctypes = OPENSSL_malloc(len);
+    if (c->ctypes == NULL)
+        return 0;
+    memcpy(c->ctypes, p, len);
+    c->ctype_num = len;
+    return 1;
+}
+
+int ssl3_shutdown(SSL *s)
+{
+    int ret;
+
+    /*
+     * Don't do anything much if we have not done the handshake or we don't
+     * want to send messages :-)
+     */
+    if (s->quiet_shutdown || SSL_in_before(s)) {
+        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        return (1);
+    }
+
+    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        s->shutdown |= SSL_SENT_SHUTDOWN;
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
+        /*
+         * our shutdown alert has been sent now, and if it still needs to be
+         * written, s->s3->alert_dispatch will be true
+         */
+        if (s->s3->alert_dispatch)
+            return (-1);        /* return WANT_WRITE */
+    } else if (s->s3->alert_dispatch) {
+        /* resend it if not sent */
+        ret = s->method->ssl_dispatch_alert(s);
+        if (ret == -1) {
+            /*
+             * we only get to return -1 here the 2nd/Nth invocation, we must
+             * have already signalled return 0 upon a previous invocation,
+             * return WANT_WRITE
+             */
+            return (ret);
+        }
+    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        /*
+         * If we are waiting for a close from our peer, we are closed
+         */
+        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
+        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+            return (-1);        /* return WANT_READ */
+        }
+    }
+
+    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
+        !s->s3->alert_dispatch)
+        return (1);
+    else
+        return (0);
+}
+
+int ssl3_write(SSL *s, const void *buf, int len)
+{
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s);
+
+    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
+}
+
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+{
+    int ret;
+
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s);
+    s->s3->in_read_app_data = 1;
+    ret =
+        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
+                                  peek);
+    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+        /*
+         * ssl3_read_bytes decided to call s->handshake_func, which called
+         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
+         * actually found application data and thinks that application data
+         * makes sense here; so disable handshake processing and try to read
+         * application data again.
+         */
+        ossl_statem_set_in_handshake(s, 1);
+        ret =
+            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+                                      len, peek);
+        ossl_statem_set_in_handshake(s, 0);
+    } else
+        s->s3->in_read_app_data = 0;
+
+    return (ret);
+}
+
+int ssl3_read(SSL *s, void *buf, int len)
+{
+    return ssl3_read_internal(s, buf, len, 0);
+}
+
+int ssl3_peek(SSL *s, void *buf, int len)
+{
+    return ssl3_read_internal(s, buf, len, 1);
+}
+
+int ssl3_renegotiate(SSL *s)
+{
+    if (s->handshake_func == NULL)
+        return (1);
+
+    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+        return (0);
+
+    s->s3->renegotiate = 1;
+    return (1);
+}
+
+int ssl3_renegotiate_check(SSL *s)
+{
+    int ret = 0;
+
+    if (s->s3->renegotiate) {
+        if (!RECORD_LAYER_read_pending(&s->rlayer)
+            && !RECORD_LAYER_write_pending(&s->rlayer)
+            && !SSL_in_init(s)) {
+            /*
+             * if we are the server, and we have sent a 'RENEGOTIATE'
+             * message, we need to set the state machine into the renegotiate
+             * state.
+             */
+            ossl_statem_set_renegotiate(s);
+            s->s3->renegotiate = 0;
+            s->s3->num_renegotiations++;
+            s->s3->total_renegotiations++;
+            ret = 1;
+        }
+    }
+    return (ret);
+}
+
+/*
+ * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
+ * handshake macs if required.
+ *
+ * If PSK and using SHA384 for TLS < 1.2 switch to default.
+ */
+long ssl_get_algorithm2(SSL *s)
+{
+    long alg2;
+    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
+        return -1;
+    alg2 = s->s3->tmp.new_cipher->algorithm2;
+    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
+            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+    }
+    return alg2;
+}
+
+/*
+ * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
+ * failure, 1 on success.
+ */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+{
+    int send_time = 0;
+
+    if (len < 4)
+        return 0;
+    if (server)
+        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+    else
+        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+    if (send_time) {
+        unsigned long Time = (unsigned long)time(NULL);
+        unsigned char *p = result;
+        l2n(Time, p);
+        return RAND_bytes(p, len - 4);
+    } else
+        return RAND_bytes(result, len);
+}
+
+int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                               int free_pms)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    if (alg_k & SSL_PSK) {
+#ifndef OPENSSL_NO_PSK
+        unsigned char *pskpms, *t;
+        size_t psklen = s->s3->tmp.psklen;
+        size_t pskpmslen;
+
+        /* create PSK premaster_secret */
+
+        /* For plain PSK "other_secret" is psklen zeroes */
+        if (alg_k & SSL_kPSK)
+            pmslen = psklen;
+
+        pskpmslen = 4 + pmslen + psklen;
+        pskpms = OPENSSL_malloc(pskpmslen);
+        if (pskpms == NULL) {
+            s->session->master_key_length = 0;
+            goto err;
+        }
+        t = pskpms;
+        s2n(pmslen, t);
+        if (alg_k & SSL_kPSK)
+            memset(t, 0, pmslen);
+        else
+            memcpy(t, pms, pmslen);
+        t += pmslen;
+        s2n(psklen, t);
+        memcpy(t, s->s3->tmp.psk, psklen);
+
+        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+        s->s3->tmp.psk = NULL;
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->session->master_key,
+                                                        pskpms, pskpmslen);
+        OPENSSL_clear_free(pskpms, pskpmslen);
+#else
+        /* Should never happen */
+        s->session->master_key_length = 0;
+        goto err;
+#endif
+    } else {
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->session->master_key,
+                                                        pms, pmslen);
+    }
+
+ err:
+    if (pms) {
+        if (free_pms)
+            OPENSSL_clear_free(pms, pmslen);
+        else
+            OPENSSL_cleanse(pms, pmslen);
+    }
+    if (s->server == 0)
+        s->s3->tmp.pms = NULL;
+    return s->session->master_key_length >= 0;
+}
+
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key a curve ID */
+EVP_PKEY *ssl_generate_pkey_curve(int id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned int curve_flags;
+    int nid = tls1_ec_curve_id2nid(id, &curve_flags);
+
+    if (nid == 0)
+        goto err;
+    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pctx = EVP_PKEY_CTX_new_id(nid, NULL);
+        nid = 0;
+    } else {
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    }
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#endif
+
+/* Derive premaster or master secret for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
+{
+    int rv = 0;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+    EVP_PKEY_CTX *pctx;
+
+    if (privkey == NULL || pubkey == NULL)
+        return 0;
+
+    pctx = EVP_PKEY_CTX_new(privkey, NULL);
+
+    if (EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
+        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
+        goto err;
+    }
+
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL)
+        goto err;
+
+    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
+        goto err;
+
+    if (s->server) {
+        /* For server generate master secret and discard premaster */
+        rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+        pms = NULL;
+    } else {
+        /* For client just save premaster secret */
+        s->s3->tmp.pms = pms;
+        s->s3->tmp.pmslen = pmslen;
+        pms = NULL;
+        rv = 1;
+    }
+
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+    EVP_PKEY *ret;
+    if (dh == NULL)
+        return NULL;
+    ret = EVP_PKEY_new();
+    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+        EVP_PKEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/ssl/s3_msg.c b/openssl-1.1.0h/ssl/s3_msg.c
new file mode 100644
index 0000000..4961cc8
--- /dev/null
+++ b/openssl-1.1.0h/ssl/s3_msg.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define USE_SOCKETS
+#include "ssl_locl.h"
+
+int ssl3_do_change_cipher_spec(SSL *s)
+{
+    int i;
+
+    if (s->server)
+        i = SSL3_CHANGE_CIPHER_SERVER_READ;
+    else
+        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+    if (s->s3->tmp.key_block == NULL) {
+        if (s->session == NULL || s->session->master_key_length == 0) {
+            /* might happen if dtls1_read_bytes() calls this */
+            SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+            return (0);
+        }
+
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s))
+            return (0);
+    }
+
+    if (!s->method->ssl3_enc->change_cipher_state(s, i))
+        return (0);
+
+    return 1;
+}
+
+int ssl3_send_alert(SSL *s, int level, int desc)
+{
+    /* Map tls/ssl alert value to correct one */
+    desc = s->method->ssl3_enc->alert_value(desc);
+    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
+                                          * protocol_version alerts */
+    if (desc < 0)
+        return -1;
+    /* If a fatal one, remove from cache */
+    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+
+    s->s3->alert_dispatch = 1;
+    s->s3->send_alert[0] = level;
+    s->s3->send_alert[1] = desc;
+    if (!RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* data still being written out? */
+        return s->method->ssl_dispatch_alert(s);
+    }
+    /*
+     * else data is still being written out, we will get written some time in
+     * the future
+     */
+    return -1;
+}
+
+int ssl3_dispatch_alert(SSL *s)
+{
+    int i, j;
+    unsigned int alertlen;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    s->s3->alert_dispatch = 0;
+    alertlen = 2;
+    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+    } else {
+        /*
+         * Alert sent to BIO.  If it is important, flush it now. If the
+         * message does not get sent due to non-blocking IO, we will not
+         * worry too much.
+         */
+        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+            (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return (i);
+}
diff --git a/openssl-1.1.0h/ssl/ssl_asn1.c b/openssl-1.1.0h/ssl/ssl_asn1.c
new file mode 100644
index 0000000..3e9c1c4
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_asn1.c
@@ -0,0 +1,367 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include "internal/asn1t.h"
+#include <openssl/x509.h>
+
+typedef struct {
+    uint32_t version;
+    int32_t ssl_version;
+    ASN1_OCTET_STRING *cipher;
+    ASN1_OCTET_STRING *comp_id;
+    ASN1_OCTET_STRING *master_key;
+    ASN1_OCTET_STRING *session_id;
+    ASN1_OCTET_STRING *key_arg;
+    int64_t time;
+    int64_t timeout;
+    X509 *peer;
+    ASN1_OCTET_STRING *session_id_context;
+    int32_t verify_result;
+    ASN1_OCTET_STRING *tlsext_hostname;
+    int64_t tlsext_tick_lifetime_hint;
+    ASN1_OCTET_STRING *tlsext_tick;
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING *psk_identity_hint;
+    ASN1_OCTET_STRING *psk_identity;
+#endif
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING *srp_username;
+#endif
+    uint64_t flags;
+} SSL_SESSION_ASN1;
+
+ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
+    ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
+    ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
+    ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
+#ifndef OPENSSL_NO_PSK
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
+#ifndef OPENSSL_NO_SRP
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13)
+} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+
+/* Utility functions for i2d_SSL_SESSION */
+
+/* Initialise OCTET STRING from buffer and length */
+
+static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              unsigned char *data, size_t len)
+{
+    os->data = data;
+    os->length = len;
+    os->flags = 0;
+    *dest = os;
+}
+
+/* Initialise OCTET STRING from string */
+static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              char *data)
+{
+    if (data != NULL)
+        ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data));
+    else
+        *dest = NULL;
+}
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+{
+
+    SSL_SESSION_ASN1 as;
+
+    ASN1_OCTET_STRING cipher;
+    unsigned char cipher_data[2];
+    ASN1_OCTET_STRING master_key, session_id, sid_ctx;
+
+#ifndef OPENSSL_NO_COMP
+    ASN1_OCTET_STRING comp_id;
+    unsigned char comp_id_data;
+#endif
+
+    ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
+
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING srp_username;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING psk_identity, psk_identity_hint;
+#endif
+
+    long l;
+
+    if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+        return 0;
+
+    memset(&as, 0, sizeof(as));
+
+    as.version = SSL_SESSION_ASN1_VERSION;
+    as.ssl_version = in->ssl_version;
+
+    if (in->cipher == NULL)
+        l = in->cipher_id;
+    else
+        l = in->cipher->id;
+    cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
+    cipher_data[1] = ((unsigned char)(l)) & 0xff;
+
+    ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
+
+#ifndef OPENSSL_NO_COMP
+    if (in->compress_meth) {
+        comp_id_data = (unsigned char)in->compress_meth;
+        ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
+    }
+#endif
+
+    ssl_session_oinit(&as.master_key, &master_key,
+                      in->master_key, in->master_key_length);
+
+    ssl_session_oinit(&as.session_id, &session_id,
+                      in->session_id, in->session_id_length);
+
+    ssl_session_oinit(&as.session_id_context, &sid_ctx,
+                      in->sid_ctx, in->sid_ctx_length);
+
+    as.time = in->time;
+    as.timeout = in->timeout;
+    as.verify_result = in->verify_result;
+
+    as.peer = in->peer;
+
+    ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
+                      in->tlsext_hostname);
+    if (in->tlsext_tick) {
+        ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
+                          in->tlsext_tick, in->tlsext_ticklen);
+    }
+    if (in->tlsext_tick_lifetime_hint > 0)
+        as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint;
+#ifndef OPENSSL_NO_PSK
+    ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
+                      in->psk_identity_hint);
+    ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
+#endif                          /* OPENSSL_NO_SRP */
+
+    as.flags = in->flags;
+
+    return i2d_SSL_SESSION_ASN1(&as, pp);
+
+}
+
+/* Utility functions for d2i_SSL_SESSION */
+
+/* OPENSSL_strndup an OCTET STRING */
+
+static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
+{
+    OPENSSL_free(*pdst);
+    *pdst = NULL;
+    if (src == NULL)
+        return 1;
+    *pdst = OPENSSL_strndup((char *)src->data, src->length);
+    if (*pdst == NULL)
+        return 0;
+    return 1;
+}
+
+/* Copy an OCTET STRING, return error if it exceeds maximum length */
+
+static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen,
+                              ASN1_OCTET_STRING *src, int maxlen)
+{
+    if (src == NULL) {
+        *pdstlen = 0;
+        return 1;
+    }
+    if (src->length > maxlen)
+        return 0;
+    memcpy(dst, src->data, src->length);
+    *pdstlen = src->length;
+    return 1;
+}
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length)
+{
+    long id;
+    unsigned int tmpl;
+    const unsigned char *p = *pp;
+    SSL_SESSION_ASN1 *as = NULL;
+    SSL_SESSION *ret = NULL;
+
+    as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
+    /* ASN.1 code returns suitable error */
+    if (as == NULL)
+        goto err;
+
+    if (!a || !*a) {
+        ret = SSL_SESSION_new();
+        if (ret == NULL)
+            goto err;
+    } else {
+        ret = *a;
+    }
+
+    if (as->version != SSL_SESSION_ASN1_VERSION) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
+        goto err;
+    }
+
+    if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
+        && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
+        && as->ssl_version != DTLS1_BAD_VER) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+        goto err;
+    }
+
+    ret->ssl_version = (int)as->ssl_version;
+
+    if (as->cipher->length != 2) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
+        goto err;
+    }
+
+    id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
+                     | (unsigned long)as->cipher->data[1];
+
+    ret->cipher = NULL;
+    ret->cipher_id = id;
+
+    if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
+                            as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
+        goto err;
+
+    if (!ssl_session_memcpy(ret->master_key, &tmpl,
+                            as->master_key, SSL_MAX_MASTER_KEY_LENGTH))
+        goto err;
+
+    ret->master_key_length = tmpl;
+
+    if (as->time != 0)
+        ret->time = as->time;
+    else
+        ret->time = (unsigned long)time(NULL);
+
+    if (as->timeout != 0)
+        ret->timeout = as->timeout;
+    else
+        ret->timeout = 3;
+
+    X509_free(ret->peer);
+    ret->peer = as->peer;
+    as->peer = NULL;
+
+    if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
+                            as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
+        goto err;
+
+    /* NB: this defaults to zero which is X509_V_OK */
+    ret->verify_result = as->verify_result;
+
+    if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
+        goto err;
+    if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
+        goto err;
+#endif
+
+    ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint;
+    if (as->tlsext_tick) {
+        ret->tlsext_tick = as->tlsext_tick->data;
+        ret->tlsext_ticklen = as->tlsext_tick->length;
+        as->tlsext_tick->data = NULL;
+    } else {
+        ret->tlsext_tick = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (as->comp_id) {
+        if (as->comp_id->length != 1) {
+            SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
+            goto err;
+        }
+        ret->compress_meth = as->comp_id->data[0];
+    } else {
+        ret->compress_meth = 0;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+    if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
+        goto err;
+#endif                          /* OPENSSL_NO_SRP */
+    /* Flags defaults to zero which is fine */
+    ret->flags = as->flags;
+
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+
+    if ((a != NULL) && (*a == NULL))
+        *a = ret;
+    *pp = p;
+    return ret;
+
+ err:
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+    if ((a == NULL) || (*a != ret))
+        SSL_SESSION_free(ret);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/ssl/ssl_cert.c b/openssl-1.1.0h/ssl/ssl_cert.c
new file mode 100644
index 0000000..deaaeb0
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_cert.c
@@ -0,0 +1,1087 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "e_os.h"
+#include "internal/o_dir.h"
+#include <openssl/lhash.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex);
+
+static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+static volatile int ssl_x509_store_ctx_idx = -1;
+
+DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
+{
+    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                             "SSL for verify callback",
+                                                             NULL, NULL, NULL);
+    return ssl_x509_store_ctx_idx >= 0;
+}
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+{
+
+    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
+        return -1;
+    return ssl_x509_store_ctx_idx;
+}
+
+CERT *ssl_cert_new(void)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+    ret->references = 1;
+    ret->sec_cb = ssl_security_default_callback;
+    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
+    ret->sec_ex = NULL;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+CERT *ssl_cert_dup(CERT *cert)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+    int i;
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->key = &ret->pkeys[cert->key - cert->pkeys];
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_DH
+    if (cert->dh_tmp != NULL) {
+        ret->dh_tmp = cert->dh_tmp;
+        EVP_PKEY_up_ref(ret->dh_tmp);
+    }
+    ret->dh_tmp_cb = cert->dh_tmp_cb;
+    ret->dh_tmp_auto = cert->dh_tmp_auto;
+#endif
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = cert->pkeys + i;
+        CERT_PKEY *rpk = ret->pkeys + i;
+        if (cpk->x509 != NULL) {
+            rpk->x509 = cpk->x509;
+            X509_up_ref(rpk->x509);
+        }
+
+        if (cpk->privatekey != NULL) {
+            rpk->privatekey = cpk->privatekey;
+            EVP_PKEY_up_ref(cpk->privatekey);
+        }
+
+        if (cpk->chain) {
+            rpk->chain = X509_chain_up_ref(cpk->chain);
+            if (!rpk->chain) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if (cert->pkeys[i].serverinfo != NULL) {
+            /* Just copy everything. */
+            ret->pkeys[i].serverinfo =
+                OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
+            if (ret->pkeys[i].serverinfo == NULL) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
+            memcpy(ret->pkeys[i].serverinfo,
+                   cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
+        }
+    }
+
+    /* Configured sigalgs copied across */
+    if (cert->conf_sigalgs) {
+        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
+        if (ret->conf_sigalgs == NULL)
+            goto err;
+        memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
+        ret->conf_sigalgslen = cert->conf_sigalgslen;
+    } else
+        ret->conf_sigalgs = NULL;
+
+    if (cert->client_sigalgs) {
+        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+        if (ret->client_sigalgs == NULL)
+            goto err;
+        memcpy(ret->client_sigalgs, cert->client_sigalgs,
+               cert->client_sigalgslen);
+        ret->client_sigalgslen = cert->client_sigalgslen;
+    } else
+        ret->client_sigalgs = NULL;
+    /* Shared sigalgs also NULL */
+    ret->shared_sigalgs = NULL;
+    /* Copy any custom client certificate types */
+    if (cert->ctypes) {
+        ret->ctypes = OPENSSL_malloc(cert->ctype_num);
+        if (ret->ctypes == NULL)
+            goto err;
+        memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
+        ret->ctype_num = cert->ctype_num;
+    }
+
+    ret->cert_flags = cert->cert_flags;
+
+    ret->cert_cb = cert->cert_cb;
+    ret->cert_cb_arg = cert->cert_cb_arg;
+
+    if (cert->verify_store) {
+        X509_STORE_up_ref(cert->verify_store);
+        ret->verify_store = cert->verify_store;
+    }
+
+    if (cert->chain_store) {
+        X509_STORE_up_ref(cert->chain_store);
+        ret->chain_store = cert->chain_store;
+    }
+
+    ret->sec_cb = cert->sec_cb;
+    ret->sec_level = cert->sec_level;
+    ret->sec_ex = cert->sec_ex;
+
+    if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
+        goto err;
+    if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
+        goto err;
+#ifndef OPENSSL_NO_PSK
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
+#endif
+    return ret;
+
+ err:
+    ssl_cert_free(ret);
+
+    return NULL;
+}
+
+/* Free up and clear all certificates and chains */
+
+void ssl_cert_clear_certs(CERT *c)
+{
+    int i;
+    if (c == NULL)
+        return;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        X509_free(cpk->x509);
+        cpk->x509 = NULL;
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
+        sk_X509_pop_free(cpk->chain, X509_free);
+        cpk->chain = NULL;
+        OPENSSL_free(cpk->serverinfo);
+        cpk->serverinfo = NULL;
+        cpk->serverinfo_length = 0;
+    }
+}
+
+void ssl_cert_free(CERT *c)
+{
+    int i;
+
+    if (c == NULL)
+        return;
+
+    CRYPTO_atomic_add(&c->references, -1, &i, c->lock);
+    REF_PRINT_COUNT("CERT", c);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(c->dh_tmp);
+#endif
+
+    ssl_cert_clear_certs(c);
+    OPENSSL_free(c->conf_sigalgs);
+    OPENSSL_free(c->client_sigalgs);
+    OPENSSL_free(c->shared_sigalgs);
+    OPENSSL_free(c->ctypes);
+    X509_STORE_free(c->verify_store);
+    X509_STORE_free(c->chain_store);
+    custom_exts_free(&c->cli_ext);
+    custom_exts_free(&c->srv_ext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
+#endif
+    CRYPTO_THREAD_lock_free(c->lock);
+    OPENSSL_free(c);
+}
+
+int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    int i, r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
+        if (r != 1) {
+            SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
+            return 0;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    return 1;
+}
+
+int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *dchain;
+    if (!chain)
+        return ssl_cert_set0_chain(s, ctx, NULL);
+    dchain = X509_chain_up_ref(chain);
+    if (!dchain)
+        return 0;
+    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
+        sk_X509_pop_free(dchain, X509_free);
+        return 0;
+    }
+    return 1;
+}
+
+int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    int r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    r = ssl_security_cert(s, ctx, x, 0, 0);
+    if (r != 1) {
+        SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
+        return 0;
+    }
+    if (!cpk->chain)
+        cpk->chain = sk_X509_new_null();
+    if (!cpk->chain || !sk_X509_push(cpk->chain, x))
+        return 0;
+    return 1;
+}
+
+int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    if (!ssl_cert_add0_chain_cert(s, ctx, x))
+        return 0;
+    X509_up_ref(x);
+    return 1;
+}
+
+int ssl_cert_select_current(CERT *c, X509 *x)
+{
+    int i;
+    if (x == NULL)
+        return 0;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 == x && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int ssl_cert_set_current(CERT *c, long op)
+{
+    int i, idx;
+    if (!c)
+        return 0;
+    if (op == SSL_CERT_SET_FIRST)
+        idx = 0;
+    else if (op == SSL_CERT_SET_NEXT) {
+        idx = (int)(c->key - c->pkeys + 1);
+        if (idx >= SSL_PKEY_NUM)
+            return 0;
+    } else
+        return 0;
+    for (i = idx; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    c->cert_cb = cb;
+    c->cert_cb_arg = arg;
+}
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
+{
+    X509 *x;
+    int i = 0;
+    X509_STORE *verify_store;
+    X509_STORE_CTX *ctx = NULL;
+    X509_VERIFY_PARAM *param;
+
+    if ((sk == NULL) || (sk_X509_num(sk) == 0))
+        return 0;
+
+    if (s->cert->verify_store)
+        verify_store = s->cert->verify_store;
+    else
+        verify_store = s->ctx->cert_store;
+
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    x = sk_X509_value(sk, 0);
+    if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
+        goto end;
+    }
+    param = X509_STORE_CTX_get0_param(ctx);
+    /*
+     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
+     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
+     * and PKI authentication.
+     */
+    X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
+
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+    if (!X509_STORE_CTX_set_ex_data
+        (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+        goto end;
+    }
+
+    /* Verify via DANE if enabled */
+    if (DANETLS_ENABLED(&s->dane))
+        X509_STORE_CTX_set0_dane(ctx, &s->dane);
+
+    /*
+     * We need to inherit the verify parameters. These can be determined by
+     * the context: if its a server it will verify SSL client certificates or
+     * vice versa.
+     */
+
+    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
+    /*
+     * Anything non-default in "s->param" should overwrite anything in the ctx.
+     */
+    X509_VERIFY_PARAM_set1(param, s->param);
+
+    if (s->verify_callback)
+        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
+
+    if (s->ctx->app_verify_callback != NULL)
+        i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
+    else
+        i = X509_verify_cert(ctx);
+
+    s->verify_result = X509_STORE_CTX_get_error(ctx);
+    sk_X509_pop_free(s->verified_chain, X509_free);
+    s->verified_chain = NULL;
+    if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
+        if (s->verified_chain == NULL) {
+            SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            i = 0;
+        }
+    }
+
+    /* Move peername from the store context params to the SSL handle's */
+    X509_VERIFY_PARAM_move_peername(s->param, param);
+
+ end:
+    X509_STORE_CTX_free(ctx);
+    return i;
+}
+
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
+                               STACK_OF(X509_NAME) *name_list)
+{
+    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
+    *ca_list = name_list;
+}
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+{
+    int i;
+    STACK_OF(X509_NAME) *ret;
+    X509_NAME *name;
+
+    ret = sk_X509_NAME_new_null();
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+        name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
+        if (name == NULL || !sk_X509_NAME_push(ret, name)) {
+            sk_X509_NAME_pop_free(ret, X509_NAME_free);
+            X509_NAME_free(name);
+            return NULL;
+        }
+    }
+    return (ret);
+}
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    set_client_CA_list(&(s->client_CA), name_list);
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set_client_CA_list(&(ctx->client_CA), name_list);
+}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
+{
+    return (ctx->client_CA);
+}
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
+{
+    if (!s->server) {           /* we are in the client */
+        if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
+            return (s->s3->tmp.ca_names);
+        else
+            return (NULL);
+    } else {
+        if (s->client_CA != NULL)
+            return (s->client_CA);
+        else
+            return (s->ctx->client_CA);
+    }
+}
+
+static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
+{
+    X509_NAME *name;
+
+    if (x == NULL)
+        return (0);
+    if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
+        return (0);
+
+    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+        return (0);
+
+    if (!sk_X509_NAME_push(*sk, name)) {
+        X509_NAME_free(name);
+        return (0);
+    }
+    return (1);
+}
+
+int SSL_add_client_CA(SSL *ssl, X509 *x)
+{
+    return (add_client_CA(&(ssl->client_CA), x));
+}
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+    return (add_client_CA(&(ctx->client_CA), x));
+}
+
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return (X509_NAME_cmp(*a, *b));
+}
+
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    return X509_NAME_cmp(a, b);
+}
+
+static unsigned long xname_hash(const X509_NAME *a)
+{
+    return X509_NAME_hash((X509_NAME *)a);
+}
+
+/**
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+{
+    BIO *in = BIO_new(BIO_s_file());
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    STACK_OF(X509_NAME) *ret = NULL;
+    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
+
+    if ((name_hash == NULL) || (in == NULL)) {
+        SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if (ret == NULL) {
+            ret = sk_X509_NAME_new_null();
+            if (ret == NULL) {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        /* check for duplicates */
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+            xn = NULL;
+        } else {
+            lh_X509_NAME_insert(name_hash, xn);
+            if (!sk_X509_NAME_push(ret, xn))
+                goto err;
+        }
+    }
+    goto done;
+
+ err:
+    X509_NAME_free(xn);
+    sk_X509_NAME_pop_free(ret, X509_NAME_free);
+    ret = NULL;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    lh_X509_NAME_free(name_hash);
+    if (ret != NULL)
+        ERR_clear_error();
+    return (ret);
+}
+
+/**
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+{
+    BIO *in;
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    int ret = 1;
+    int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
+
+    oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
+
+    in = BIO_new(BIO_s_file());
+
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (sk_X509_NAME_find(stack, xn) >= 0) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+        } else if (!sk_X509_NAME_push(stack, xn)) {
+            X509_NAME_free(xn);
+            goto err;
+        }
+    }
+
+    ERR_clear_error();
+    goto done;
+
+ err:
+    ret = 0;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
+    return ret;
+}
+
+/**
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+{
+    OPENSSL_DIR_CTX *d = NULL;
+    const char *filename;
+    int ret = 0;
+
+    /* Note that a side effect is that the CAs will be sorted by name */
+
+    while ((filename = OPENSSL_DIR_read(&d, dir))) {
+        char buf[1024];
+        int r;
+
+        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
+            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
+                   SSL_R_PATH_TOO_LONG);
+            goto err;
+        }
+#ifdef OPENSSL_SYS_VMS
+        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
+#else
+        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
+#endif
+        if (r <= 0 || r >= (int)sizeof(buf))
+            goto err;
+        if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
+            goto err;
+    }
+
+    if (errno) {
+        SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+        ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
+        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    if (d)
+        OPENSSL_DIR_end(&d);
+
+    return ret;
+}
+
+/* Add a certificate to a BUF_MEM structure */
+
+static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+{
+    int n;
+    unsigned char *p;
+
+    n = i2d_X509(x, NULL);
+    if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+        return 0;
+    }
+    p = (unsigned char *)&(buf->data[*l]);
+    l2n3(n, p);
+    n = i2d_X509(x, &p);
+    if (n < 0) {
+        /* Shouldn't happen */
+        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+        return 0;
+    }
+    *l += n + 3;
+
+    return 1;
+}
+
+/* Add certificate chain to internal SSL BUF_MEM structure */
+int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
+{
+    BUF_MEM *buf = s->init_buf;
+    int i, chain_count;
+    X509 *x;
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(X509) *chain = NULL;
+    X509_STORE *chain_store;
+
+    /* TLSv1 sends a chain with nothing in it, instead of an alert */
+    if (!BUF_MEM_grow_clean(buf, 10)) {
+        SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_BUF_LIB);
+        return 0;
+    }
+
+    if (!cpk || !cpk->x509)
+        return 1;
+
+    x = cpk->x509;
+
+    /*
+     * If we have a certificate specific chain use it, else use parent ctx.
+     */
+    if (cpk->chain)
+        extra_certs = cpk->chain;
+    else
+        extra_certs = s->ctx->extra_certs;
+
+    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
+        chain_store = NULL;
+    else if (s->cert->chain_store)
+        chain_store = s->cert->chain_store;
+    else
+        chain_store = s->ctx->cert_store;
+
+    if (chain_store) {
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
+
+        if (xs_ctx == NULL) {
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {
+            X509_STORE_CTX_free(xs_ctx);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_X509_LIB);
+            return (0);
+        }
+        /*
+         * It is valid for the chain not to be complete (because normally we
+         * don't include the root cert in the chain). Therefore we deliberately
+         * ignore the error return from this call. We're not actually verifying
+         * the cert - we're just building as much of the chain as we can
+         */
+        (void)X509_verify_cert(xs_ctx);
+        /* Don't leave errors in the queue */
+        ERR_clear_error();
+        chain = X509_STORE_CTX_get0_chain(xs_ctx);
+        i = ssl_security_cert_chain(s, chain, NULL, 0);
+        if (i != 1) {
+#if 0
+            /* Dummy error calls so mkerr generates them */
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
+#endif
+            X509_STORE_CTX_free(xs_ctx);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        chain_count = sk_X509_num(chain);
+        for (i = 0; i < chain_count; i++) {
+            x = sk_X509_value(chain, i);
+
+            if (!ssl_add_cert_to_buf(buf, l, x)) {
+                X509_STORE_CTX_free(xs_ctx);
+                return 0;
+            }
+        }
+        X509_STORE_CTX_free(xs_ctx);
+    } else {
+        i = ssl_security_cert_chain(s, extra_certs, x, 0);
+        if (i != 1) {
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        if (!ssl_add_cert_to_buf(buf, l, x))
+            return 0;
+        for (i = 0; i < sk_X509_num(extra_certs); i++) {
+            x = sk_X509_value(extra_certs, i);
+            if (!ssl_add_cert_to_buf(buf, l, x))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+/* Build a certificate chain for current certificate */
+int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
+{
+    CERT *c = s ? s->cert : ctx->cert;
+    CERT_PKEY *cpk = c->key;
+    X509_STORE *chain_store = NULL;
+    X509_STORE_CTX *xs_ctx = NULL;
+    STACK_OF(X509) *chain = NULL, *untrusted = NULL;
+    X509 *x;
+    int i, rv = 0;
+    unsigned long error;
+
+    if (!cpk->x509) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
+        goto err;
+    }
+    /* Rearranging and check the chain: add everything to a store */
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
+        chain_store = X509_STORE_new();
+        if (chain_store == NULL)
+            goto err;
+        for (i = 0; i < sk_X509_num(cpk->chain); i++) {
+            x = sk_X509_value(cpk->chain, i);
+            if (!X509_STORE_add_cert(chain_store, x)) {
+                error = ERR_peek_last_error();
+                if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+                    ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+                    goto err;
+                ERR_clear_error();
+            }
+        }
+        /* Add EE cert too: it might be self signed */
+        if (!X509_STORE_add_cert(chain_store, cpk->x509)) {
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+                ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+                goto err;
+            ERR_clear_error();
+        }
+    } else {
+        if (c->chain_store)
+            chain_store = c->chain_store;
+        else if (s)
+            chain_store = s->ctx->cert_store;
+        else
+            chain_store = ctx->cert_store;
+
+        if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
+            untrusted = cpk->chain;
+    }
+
+    xs_ctx = X509_STORE_CTX_new();
+    if (xs_ctx == NULL) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
+        goto err;
+    }
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(xs_ctx,
+                             c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
+
+    i = X509_verify_cert(xs_ctx);
+    if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
+        if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
+            ERR_clear_error();
+        i = 1;
+        rv = 2;
+    }
+    if (i > 0)
+        chain = X509_STORE_CTX_get1_chain(xs_ctx);
+    if (i <= 0) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
+        i = X509_STORE_CTX_get_error(xs_ctx);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(i));
+
+        goto err;
+    }
+    /* Remove EE certificate from chain */
+    x = sk_X509_shift(chain);
+    X509_free(x);
+    if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
+        if (sk_X509_num(chain) > 0) {
+            /* See if last cert is self signed */
+            x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
+                x = sk_X509_pop(chain);
+                X509_free(x);
+            }
+        }
+    }
+    /*
+     * Check security level of all CA certificates: EE will have been checked
+     * already.
+     */
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        rv = ssl_security_cert(s, ctx, x, 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
+            sk_X509_pop_free(chain, X509_free);
+            rv = 0;
+            goto err;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    if (rv == 0)
+        rv = 1;
+ err:
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
+        X509_STORE_free(chain_store);
+    X509_STORE_CTX_free(xs_ctx);
+
+    return rv;
+}
+
+int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
+{
+    X509_STORE **pstore;
+    if (chain)
+        pstore = &c->chain_store;
+    else
+        pstore = &c->verify_store;
+    X509_STORE_free(*pstore);
+    *pstore = store;
+    if (ref && store)
+        X509_STORE_up_ref(store);
+    return 1;
+}
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex)
+{
+    int level, minbits;
+    static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
+    if (ctx)
+        level = SSL_CTX_get_security_level(ctx);
+    else
+        level = SSL_get_security_level(s);
+
+    if (level <= 0) {
+        /*
+         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
+         * anything goes.
+         */
+        if (op == SSL_SECOP_TMP_DH && bits < 80)
+            return 0;
+        return 1;
+    }
+    if (level > 5)
+        level = 5;
+    minbits = minbits_table[level - 1];
+    switch (op) {
+    case SSL_SECOP_CIPHER_SUPPORTED:
+    case SSL_SECOP_CIPHER_SHARED:
+    case SSL_SECOP_CIPHER_CHECK:
+        {
+            const SSL_CIPHER *c = other;
+            /* No ciphers below security level */
+            if (bits < minbits)
+                return 0;
+            /* No unauthenticated ciphersuites */
+            if (c->algorithm_auth & SSL_aNULL)
+                return 0;
+            /* No MD5 mac ciphersuites */
+            if (c->algorithm_mac & SSL_MD5)
+                return 0;
+            /* SHA1 HMAC is 160 bits of security */
+            if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+                return 0;
+            /* Level 2: no RC4 */
+            if (level >= 2 && c->algorithm_enc == SSL_RC4)
+                return 0;
+            /* Level 3: forward secure ciphersuites only */
+            if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
+                return 0;
+            break;
+        }
+    case SSL_SECOP_VERSION:
+        if (!SSL_IS_DTLS(s)) {
+            /* SSLv3 not allowed at level 2 */
+            if (nid <= SSL3_VERSION && level >= 2)
+                return 0;
+            /* TLS v1.1 and above only for level 3 */
+            if (nid <= TLS1_VERSION && level >= 3)
+                return 0;
+            /* TLS v1.2 only for level 4 and above */
+            if (nid <= TLS1_1_VERSION && level >= 4)
+                return 0;
+        } else {
+            /* DTLS v1.2 only for level 4 and above */
+            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)
+                return 0;
+        }
+        break;
+
+    case SSL_SECOP_COMPRESSION:
+        if (level >= 2)
+            return 0;
+        break;
+    case SSL_SECOP_TICKET:
+        if (level >= 3)
+            return 0;
+        break;
+    default:
+        if (bits < minbits)
+            return 0;
+    }
+    return 1;
+}
+
+int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
+{
+    return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
+}
+
+int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
+{
+    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
+                             ctx->cert->sec_ex);
+}
diff --git a/openssl-1.1.0h/ssl/ssl_ciph.c b/openssl-1.1.0h/ssl/ssl_ciph.c
new file mode 100644
index 0000000..7a393cb
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_ciph.c
@@ -0,0 +1,1962 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_NULL_IDX        5
+#define SSL_ENC_AES128_IDX      6
+#define SSL_ENC_AES256_IDX      7
+#define SSL_ENC_CAMELLIA128_IDX 8
+#define SSL_ENC_CAMELLIA256_IDX 9
+#define SSL_ENC_GOST89_IDX      10
+#define SSL_ENC_SEED_IDX        11
+#define SSL_ENC_AES128GCM_IDX   12
+#define SSL_ENC_AES256GCM_IDX   13
+#define SSL_ENC_AES128CCM_IDX   14
+#define SSL_ENC_AES256CCM_IDX   15
+#define SSL_ENC_AES128CCM8_IDX  16
+#define SSL_ENC_AES256CCM8_IDX  17
+#define SSL_ENC_GOST8912_IDX    18
+#define SSL_ENC_CHACHA_IDX      19
+#define SSL_ENC_NUM_IDX         20
+
+/* NB: make sure indices in these tables match values above */
+
+typedef struct {
+    uint32_t mask;
+    int nid;
+} ssl_cipher_table;
+
+/* Table of NIDs for each cipher */
+static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
+    {SSL_DES, NID_des_cbc},     /* SSL_ENC_DES_IDX 0 */
+    {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */
+    {SSL_RC4, NID_rc4},         /* SSL_ENC_RC4_IDX 2 */
+    {SSL_RC2, NID_rc2_cbc},     /* SSL_ENC_RC2_IDX 3 */
+    {SSL_IDEA, NID_idea_cbc},   /* SSL_ENC_IDEA_IDX 4 */
+    {SSL_eNULL, NID_undef},     /* SSL_ENC_NULL_IDX 5 */
+    {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */
+    {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */
+    {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */
+    {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */
+    {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
+    {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
+    {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
+    {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+    {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
+    {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
+    {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
+    {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */
+    {SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
+};
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+    NULL, NULL
+};
+
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
+
+/*
+ * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
+ * in the ssl_locl.h
+ */
+
+#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
+
+/* NB: make sure indices in this table matches values above */
+static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
+    {SSL_MD5, NID_md5},         /* SSL_MD_MD5_IDX 0 */
+    {SSL_SHA1, NID_sha1},       /* SSL_MD_SHA1_IDX 1 */
+    {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */
+    {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
+    {SSL_SHA256, NID_sha256},   /* SSL_MD_SHA256_IDX 4 */
+    {SSL_SHA384, NID_sha384},   /* SSL_MD_SHA384_IDX 5 */
+    {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+    {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+    {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+    {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
+    {0, NID_sha512}             /* SSL_MD_SHA512_IDX 11 */
+};
+
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/* *INDENT-OFF* */
+static const ssl_cipher_table ssl_cipher_table_kx[] = {
+    {SSL_kRSA,      NID_kx_rsa},
+    {SSL_kECDHE,    NID_kx_ecdhe},
+    {SSL_kDHE,      NID_kx_dhe},
+    {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+    {SSL_kDHEPSK,   NID_kx_dhe_psk},
+    {SSL_kRSAPSK,   NID_kx_rsa_psk},
+    {SSL_kPSK,      NID_kx_psk},
+    {SSL_kSRP,      NID_kx_srp},
+    {SSL_kGOST,     NID_kx_gost}
+};
+
+static const ssl_cipher_table ssl_cipher_table_auth[] = {
+    {SSL_aRSA,    NID_auth_rsa},
+    {SSL_aECDSA,  NID_auth_ecdsa},
+    {SSL_aPSK,    NID_auth_psk},
+    {SSL_aDSS,    NID_auth_dss},
+    {SSL_aGOST01, NID_auth_gost01},
+    {SSL_aGOST12, NID_auth_gost12},
+    {SSL_aSRP,    NID_auth_srp},
+    {SSL_aNULL,   NID_auth_null}
+};
+/* *INDENT-ON* */
+
+/* Utility function for table lookup */
+static int ssl_cipher_info_find(const ssl_cipher_table * table,
+                                size_t table_cnt, uint32_t mask)
+{
+    size_t i;
+    for (i = 0; i < table_cnt; i++, table++) {
+        if (table->mask == mask)
+            return i;
+    }
+    return -1;
+}
+
+#define ssl_cipher_info_lookup(table, x) \
+    ssl_cipher_info_find(table, OSSL_NELEM(table), x)
+
+/*
+ * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
+ * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
+ * found
+ */
+static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
+    /* MD5, SHA, GOST94, MAC89 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* SHA256, SHA384, GOST2012_256, MAC89-12 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* GOST2012_512 */
+    EVP_PKEY_HMAC,
+};
+
+static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
+
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+#define CIPHER_SPECIAL  5
+/*
+ * Bump the ciphers to the top of the list.
+ * This rule isn't currently supported by the public cipherstring API.
+ */
+#define CIPHER_BUMP     6
+
+typedef struct cipher_order_st {
+    const SSL_CIPHER *cipher;
+    int active;
+    int dead;
+    struct cipher_order_st *next, *prev;
+} CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[] = {
+    /* "ALL" doesn't include eNULL (must be specifically enabled) */
+    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
+    /* "COMPLEMENTOFALL" */
+    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
+
+    /*
+     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
+     * ALL!)
+     */
+    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+
+    /*
+     * key exchange aliases (some of those using only a single bit here
+     * combine multiple key exchange algs according to the RFCs, e.g. kDHE
+     * combines DHE_DSS and DHE_RSA)
+     */
+    {0, SSL_TXT_kRSA, 0, SSL_kRSA},
+
+    {0, SSL_TXT_kEDH, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, 0, SSL_kDHE},
+
+    {0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, 0, SSL_kECDHE},
+
+    {0, SSL_TXT_kPSK, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, 0, SSL_kGOST},
+
+    /* server authentication aliases */
+    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
+
+    /* aliases combining key exchange and server authentication */
+    {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, 0, SSL_kSRP},
+
+    /* symmetric encryption aliases */
+    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+    {0, SSL_TXT_AES128, 0, 0, 0,
+     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
+    {0, SSL_TXT_AES256, 0, 0, 0,
+     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+    {0, SSL_TXT_AES_CCM, 0, 0, 0,
+     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
+
+    /* MAC aliases */
+    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
+
+    /* protocol version aliases */
+    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+
+    /* strength classes */
+    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+    /* FIPS 140-2 approved ciphersuite */
+    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+
+    /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
+     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
+     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+
+};
+
+/*
+ * Search for public key algorithm with given name and return its pkey_id if
+ * it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
+    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                         ameth) > 0) {
+        return pkey_id;
+    }
+    return 0;
+}
+
+#else
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
+    if (ameth) {
+        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                    ameth) <= 0)
+            pkey_id = 0;
+    }
+    ENGINE_finish(tmpeng);
+    return pkey_id;
+}
+
+#endif
+
+/* masks of disabled algorithms */
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;
+
+void ssl_load_ciphers(void)
+{
+    size_t i;
+    const ssl_cipher_table *t;
+
+    disabled_enc_mask = 0;
+    ssl_sort_cipher_list();
+    for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
+        if (t->nid == NID_undef) {
+            ssl_cipher_methods[i] = NULL;
+        } else {
+            const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid);
+            ssl_cipher_methods[i] = cipher;
+            if (cipher == NULL)
+                disabled_enc_mask |= t->mask;
+        }
+    }
+#ifdef SSL_FORBID_ENULL
+    disabled_enc_mask |= SSL_eNULL;
+#endif
+    disabled_mac_mask = 0;
+    for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
+        const EVP_MD *md = EVP_get_digestbynid(t->nid);
+        ssl_digest_methods[i] = md;
+        if (md == NULL) {
+            disabled_mac_mask |= t->mask;
+        } else {
+            ssl_mac_secret_size[i] = EVP_MD_size(md);
+            OPENSSL_assert(ssl_mac_secret_size[i] >= 0);
+        }
+    }
+    /* Make sure we can access MD5 and SHA1 */
+    OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
+    OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
+
+    disabled_mkey_mask = 0;
+    disabled_auth_mask = 0;
+
+#ifdef OPENSSL_NO_RSA
+    disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
+    disabled_auth_mask |= SSL_aRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+    disabled_auth_mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+    disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
+#endif
+#ifdef OPENSSL_NO_EC
+    disabled_mkey_mask |= SSL_kECDHEPSK;
+    disabled_auth_mask |= SSL_aECDSA;
+#endif
+#ifdef OPENSSL_NO_PSK
+    disabled_mkey_mask |= SSL_PSK;
+    disabled_auth_mask |= SSL_aPSK;
+#endif
+#ifdef OPENSSL_NO_SRP
+    disabled_mkey_mask |= SSL_kSRP;
+#endif
+
+    /*
+     * Check for presence of GOST 34.10 algorithms, and if they are not
+     * present, disable appropriate auth and key exchange
+     */
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
+    } else {
+        disabled_mac_mask |= SSL_GOST89MAC;
+    }
+
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+        get_optional_pkey_id("gost-mac-12");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
+        ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
+    } else {
+        disabled_mac_mask |= SSL_GOST89MAC12;
+    }
+
+    if (!get_optional_pkey_id("gost2001"))
+        disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_256"))
+        disabled_auth_mask |= SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_512"))
+        disabled_auth_mask |= SSL_aGOST12;
+    /*
+     * Disable GOST key exchange if no GOST signature algs are available *
+     */
+    if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+        (SSL_aGOST01 | SSL_aGOST12))
+        disabled_mkey_mask |= SSL_kGOST;
+}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+    return ((*a)->id - (*b)->id);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
+{
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            sk_SSL_COMP_push(ssl_comp_methods, comp);
+            sk_SSL_COMP_sort(ssl_comp_methods);
+        }
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 1;
+}
+
+static int load_builtin_compressions(void)
+{
+    return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
+}
+#endif
+
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                       const EVP_MD **md, int *mac_pkey_type,
+                       int *mac_secret_size, SSL_COMP **comp, int use_etm)
+{
+    int i;
+    const SSL_CIPHER *c;
+
+    c = s->cipher;
+    if (c == NULL)
+        return (0);
+    if (comp != NULL) {
+        SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+        if (!load_builtin_compressions()) {
+            /*
+             * Currently don't care, since a failure only means that
+             * ssl_comp_methods is NULL, which is perfectly OK
+             */
+        }
+#endif
+        *comp = NULL;
+        ctmp.id = s->compress_meth;
+        if (ssl_comp_methods != NULL) {
+            i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+            if (i >= 0)
+                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+            else
+                *comp = NULL;
+        }
+        /* If were only interested in comp then return success */
+        if ((enc == NULL) && (md == NULL))
+            return 1;
+    }
+
+    if ((enc == NULL) || (md == NULL))
+        return 0;
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+
+    if (i == -1)
+        *enc = NULL;
+    else {
+        if (i == SSL_ENC_NULL_IDX)
+            *enc = EVP_enc_null();
+        else
+            *enc = ssl_cipher_methods[i];
+    }
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+    if (i == -1) {
+        *md = NULL;
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = NID_undef;
+        if (mac_secret_size != NULL)
+            *mac_secret_size = 0;
+        if (c->algorithm_mac == SSL_AEAD)
+            mac_pkey_type = NULL;
+    } else {
+        *md = ssl_digest_methods[i];
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = ssl_mac_pkey_id[i];
+        if (mac_secret_size != NULL)
+            *mac_secret_size = ssl_mac_secret_size[i];
+    }
+
+    if ((*enc != NULL) &&
+        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
+        && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
+        const EVP_CIPHER *evp;
+
+        if (use_etm)
+            return 1;
+
+        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+            s->ssl_version < TLS1_VERSION)
+            return 1;
+
+        if (FIPS_mode())
+            return 1;
+
+        if (c->algorithm_enc == SSL_RC4 &&
+            c->algorithm_mac == SSL_MD5 &&
+            (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        return (1);
+    } else
+        return (0);
+}
+
+const EVP_MD *ssl_md(int idx)
+{
+    idx &= SSL_HANDSHAKE_MAC_MASK;
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+const EVP_MD *ssl_handshake_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s));
+}
+
+const EVP_MD *ssl_prf_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
+}
+
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *tail)
+        return;
+    if (curr == *head)
+        *head = curr->next;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    (*tail)->next = curr;
+    curr->prev = *tail;
+    curr->next = NULL;
+    *tail = curr;
+}
+
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *head)
+        return;
+    if (curr == *tail)
+        *tail = curr->prev;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    (*head)->prev = curr;
+    curr->next = *head;
+    curr->prev = NULL;
+    *head = curr;
+}
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+                                       int num_of_ciphers,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *co_list,
+                                       CIPHER_ORDER **head_p,
+                                       CIPHER_ORDER **tail_p)
+{
+    int i, co_list_num;
+    const SSL_CIPHER *c;
+
+    /*
+     * We have num_of_ciphers descriptions compiled in, depending on the
+     * method selected (SSLv3, TLSv1 etc).
+     * These will later be sorted in a linked list with at most num
+     * entries.
+     */
+
+    /* Get the initial list of ciphers */
+    co_list_num = 0;            /* actual count of ciphers */
+    for (i = 0; i < num_of_ciphers; i++) {
+        c = ssl_method->get_cipher(i);
+        /* drop those that use any of that is not available */
+        if (c == NULL || !c->valid)
+            continue;
+        if (FIPS_mode() && (c->algo_strength & SSL_FIPS))
+            continue;
+        if ((c->algorithm_mkey & disabled_mkey) ||
+            (c->algorithm_auth & disabled_auth) ||
+            (c->algorithm_enc & disabled_enc) ||
+            (c->algorithm_mac & disabled_mac))
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
+            c->min_tls == 0)
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
+            c->min_dtls == 0)
+            continue;
+
+        co_list[co_list_num].cipher = c;
+        co_list[co_list_num].next = NULL;
+        co_list[co_list_num].prev = NULL;
+        co_list[co_list_num].active = 0;
+        co_list_num++;
+        /*
+         * if (!sk_push(ca_list,(char *)c)) goto err;
+         */
+    }
+
+    /*
+     * Prepare linked list from list entries
+     */
+    if (co_list_num > 0) {
+        co_list[0].prev = NULL;
+
+        if (co_list_num > 1) {
+            co_list[0].next = &co_list[1];
+
+            for (i = 1; i < co_list_num - 1; i++) {
+                co_list[i].prev = &co_list[i - 1];
+                co_list[i].next = &co_list[i + 1];
+            }
+
+            co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+        }
+
+        co_list[co_list_num - 1].next = NULL;
+
+        *head_p = &co_list[0];
+        *tail_p = &co_list[co_list_num - 1];
+    }
+}
+
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
+                                       int num_of_group_aliases,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *head)
+{
+    CIPHER_ORDER *ciph_curr;
+    const SSL_CIPHER **ca_curr;
+    int i;
+    uint32_t mask_mkey = ~disabled_mkey;
+    uint32_t mask_auth = ~disabled_auth;
+    uint32_t mask_enc = ~disabled_enc;
+    uint32_t mask_mac = ~disabled_mac;
+
+    /*
+     * First, add the real ciphers as already collected
+     */
+    ciph_curr = head;
+    ca_curr = ca_list;
+    while (ciph_curr != NULL) {
+        *ca_curr = ciph_curr->cipher;
+        ca_curr++;
+        ciph_curr = ciph_curr->next;
+    }
+
+    /*
+     * Now we add the available ones from the cipher_aliases[] table.
+     * They represent either one or more algorithms, some of which
+     * in any affected category must be supported (set in enabled_mask),
+     * or represent a cipher strength value (will be added in any case because algorithms=0).
+     */
+    for (i = 0; i < num_of_group_aliases; i++) {
+        uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+        uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+        uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
+
+        if (algorithm_mkey)
+            if ((algorithm_mkey & mask_mkey) == 0)
+                continue;
+
+        if (algorithm_auth)
+            if ((algorithm_auth & mask_auth) == 0)
+                continue;
+
+        if (algorithm_enc)
+            if ((algorithm_enc & mask_enc) == 0)
+                continue;
+
+        if (algorithm_mac)
+            if ((algorithm_mac & mask_mac) == 0)
+                continue;
+
+        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+        ca_curr++;
+    }
+
+    *ca_curr = NULL;            /* end of list */
+}
+
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+                                  uint32_t alg_auth, uint32_t alg_enc,
+                                  uint32_t alg_mac, int min_tls,
+                                  uint32_t algo_strength, int rule,
+                                  int32_t strength_bits, CIPHER_ORDER **head_p,
+                                  CIPHER_ORDER **tail_p)
+{
+    CIPHER_ORDER *head, *tail, *curr, *next, *last;
+    const SSL_CIPHER *cp;
+    int reverse = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr,
+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+            rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
+            algo_strength, strength_bits);
+#endif
+
+    if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
+        reverse = 1;            /* needed to maintain sorting between currently
+                                 * deleted ciphers */
+
+    head = *head_p;
+    tail = *tail_p;
+
+    if (reverse) {
+        next = tail;
+        last = head;
+    } else {
+        next = head;
+        last = tail;
+    }
+
+    curr = NULL;
+    for (;;) {
+        if (curr == last)
+            break;
+
+        curr = next;
+
+        if (curr == NULL)
+            break;
+
+        next = reverse ? curr->prev : curr->next;
+
+        cp = curr->cipher;
+
+        /*
+         * Selection criteria is either the value of strength_bits
+         * or the algorithms used.
+         */
+        if (strength_bits >= 0) {
+            if (strength_bits != cp->strength_bits)
+                continue;
+        } else {
+#ifdef CIPHER_DEBUG
+            fprintf(stderr,
+                    "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
+                    cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+                    cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
+                    cp->algo_strength);
+#endif
+            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+                continue;
+            if (alg_auth && !(alg_auth & cp->algorithm_auth))
+                continue;
+            if (alg_enc && !(alg_enc & cp->algorithm_enc))
+                continue;
+            if (alg_mac && !(alg_mac & cp->algorithm_mac))
+                continue;
+            if (min_tls && (min_tls != cp->min_tls))
+                continue;
+            if ((algo_strength & SSL_STRONG_MASK)
+                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+                continue;
+            if ((algo_strength & SSL_DEFAULT_MASK)
+                && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
+                continue;
+        }
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "Action = %d\n", rule);
+#endif
+
+        /* add the cipher if it has not been added yet. */
+        if (rule == CIPHER_ADD) {
+            /* reverse == 0 */
+            if (!curr->active) {
+                ll_append_tail(&head, curr, &tail);
+                curr->active = 1;
+            }
+        }
+        /* Move the added cipher to this location */
+        else if (rule == CIPHER_ORD) {
+            /* reverse == 0 */
+            if (curr->active) {
+                ll_append_tail(&head, curr, &tail);
+            }
+        } else if (rule == CIPHER_DEL) {
+            /* reverse == 1 */
+            if (curr->active) {
+                /*
+                 * most recently deleted ciphersuites get best positions for
+                 * any future CIPHER_ADD (note that the CIPHER_DEL loop works
+                 * in reverse to maintain the order)
+                 */
+                ll_append_head(&head, curr, &tail);
+                curr->active = 0;
+            }
+        } else if (rule == CIPHER_BUMP) {
+            if (curr->active)
+                ll_append_head(&head, curr, &tail);
+        } else if (rule == CIPHER_KILL) {
+            /* reverse == 0 */
+            if (head == curr)
+                head = curr->next;
+            else
+                curr->prev->next = curr->next;
+            if (tail == curr)
+                tail = curr->prev;
+            curr->active = 0;
+            if (curr->next != NULL)
+                curr->next->prev = curr->prev;
+            if (curr->prev != NULL)
+                curr->prev->next = curr->next;
+            curr->next = NULL;
+            curr->prev = NULL;
+        }
+    }
+
+    *head_p = head;
+    *tail_p = tail;
+}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
+                                    CIPHER_ORDER **tail_p)
+{
+    int32_t max_strength_bits;
+    int i, *number_uses;
+    CIPHER_ORDER *curr;
+
+    /*
+     * This routine sorts the ciphers with descending strength. The sorting
+     * must keep the pre-sorted sequence, so we apply the normal sorting
+     * routine as '+' movement to the end of the list.
+     */
+    max_strength_bits = 0;
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
+            max_strength_bits = curr->cipher->strength_bits;
+        curr = curr->next;
+    }
+
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
+    if (number_uses == NULL) {
+        SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    /*
+     * Now find the strength_bits values actually used
+     */
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active)
+            number_uses[curr->cipher->strength_bits]++;
+        curr = curr->next;
+    }
+    /*
+     * Go through the list of used strength_bits values in descending
+     * order.
+     */
+    for (i = max_strength_bits; i >= 0; i--)
+        if (number_uses[i] > 0)
+            ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
+                                  tail_p);
+
+    OPENSSL_free(number_uses);
+    return (1);
+}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+                                      CIPHER_ORDER **head_p,
+                                      CIPHER_ORDER **tail_p,
+                                      const SSL_CIPHER **ca_list, CERT *c)
+{
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+    int min_tls;
+    const char *l, *buf;
+    int j, multi, found, rule, retval, ok, buflen;
+    uint32_t cipher_id = 0;
+    char ch;
+
+    retval = 1;
+    l = rule_str;
+    for (;;) {
+        ch = *l;
+
+        if (ch == '\0')
+            break;              /* done */
+        if (ch == '-') {
+            rule = CIPHER_DEL;
+            l++;
+        } else if (ch == '+') {
+            rule = CIPHER_ORD;
+            l++;
+        } else if (ch == '!') {
+            rule = CIPHER_KILL;
+            l++;
+        } else if (ch == '@') {
+            rule = CIPHER_SPECIAL;
+            l++;
+        } else {
+            rule = CIPHER_ADD;
+        }
+
+        if (ITEM_SEP(ch)) {
+            l++;
+            continue;
+        }
+
+        alg_mkey = 0;
+        alg_auth = 0;
+        alg_enc = 0;
+        alg_mac = 0;
+        min_tls = 0;
+        algo_strength = 0;
+
+        for (;;) {
+            ch = *l;
+            buf = l;
+            buflen = 0;
+#ifndef CHARSET_EBCDIC
+            while (((ch >= 'A') && (ch <= 'Z')) ||
+                   ((ch >= '0') && (ch <= '9')) ||
+                   ((ch >= 'a') && (ch <= 'z')) ||
+                   (ch == '-') || (ch == '.') || (ch == '='))
+#else
+            while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+                   || (ch == '='))
+#endif
+            {
+                ch = *(++l);
+                buflen++;
+            }
+
+            if (buflen == 0) {
+                /*
+                 * We hit something we cannot deal with,
+                 * it is no command or separator nor
+                 * alphanumeric, so we call this an error.
+                 */
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+                retval = found = 0;
+                l++;
+                break;
+            }
+
+            if (rule == CIPHER_SPECIAL) {
+                found = 0;      /* unused -- avoid compiler warning */
+                break;          /* special treatment */
+            }
+
+            /* check for multi-part specification */
+            if (ch == '+') {
+                multi = 1;
+                l++;
+            } else
+                multi = 0;
+
+            /*
+             * Now search for the cipher alias in the ca_list. Be careful
+             * with the strncmp, because the "buflen" limitation
+             * will make the rule "ADH:SOME" and the cipher
+             * "ADH-MY-CIPHER" look like a match for buflen=3.
+             * So additionally check whether the cipher name found
+             * has the correct length. We can save a strlen() call:
+             * just checking for the '\0' at the right place is
+             * sufficient, we have to strncmp() anyway. (We cannot
+             * use strcmp(), because buf is not '\0' terminated.)
+             */
+            j = found = 0;
+            cipher_id = 0;
+            while (ca_list[j]) {
+                if (strncmp(buf, ca_list[j]->name, buflen) == 0
+                    && (ca_list[j]->name[buflen] == '\0')) {
+                    found = 1;
+                    break;
+                } else
+                    j++;
+            }
+
+            if (!found)
+                break;          /* ignore this entry */
+
+            if (ca_list[j]->algorithm_mkey) {
+                if (alg_mkey) {
+                    alg_mkey &= ca_list[j]->algorithm_mkey;
+                    if (!alg_mkey) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_mkey = ca_list[j]->algorithm_mkey;
+            }
+
+            if (ca_list[j]->algorithm_auth) {
+                if (alg_auth) {
+                    alg_auth &= ca_list[j]->algorithm_auth;
+                    if (!alg_auth) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_auth = ca_list[j]->algorithm_auth;
+            }
+
+            if (ca_list[j]->algorithm_enc) {
+                if (alg_enc) {
+                    alg_enc &= ca_list[j]->algorithm_enc;
+                    if (!alg_enc) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_enc = ca_list[j]->algorithm_enc;
+            }
+
+            if (ca_list[j]->algorithm_mac) {
+                if (alg_mac) {
+                    alg_mac &= ca_list[j]->algorithm_mac;
+                    if (!alg_mac) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_mac = ca_list[j]->algorithm_mac;
+            }
+
+            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+                if (algo_strength & SSL_STRONG_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+                        ~SSL_STRONG_MASK;
+                    if (!(algo_strength & SSL_STRONG_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+            }
+
+            if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
+                if (algo_strength & SSL_DEFAULT_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
+                        ~SSL_DEFAULT_MASK;
+                    if (!(algo_strength & SSL_DEFAULT_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    algo_strength |=
+                        ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+            }
+
+            if (ca_list[j]->valid) {
+                /*
+                 * explicit ciphersuite found; its protocol version does not
+                 * become part of the search pattern!
+                 */
+
+                cipher_id = ca_list[j]->id;
+            } else {
+                /*
+                 * not an explicit ciphersuite; only in this case, the
+                 * protocol version is considered part of the search pattern
+                 */
+
+                if (ca_list[j]->min_tls) {
+                    if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
+                        found = 0;
+                        break;
+                    } else {
+                        min_tls = ca_list[j]->min_tls;
+                    }
+                }
+            }
+
+            if (!multi)
+                break;
+        }
+
+        /*
+         * Ok, we have the rule, now apply it
+         */
+        if (rule == CIPHER_SPECIAL) { /* special command */
+            ok = 0;
+            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
+                ok = ssl_cipher_strength_sort(head_p, tail_p);
+            else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+                int level = buf[9] - '0';
+                if (level < 0 || level > 5) {
+                    SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                           SSL_R_INVALID_COMMAND);
+                } else {
+                    c->sec_level = level;
+                    ok = 1;
+                }
+            } else
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+            if (ok == 0)
+                retval = 0;
+            /*
+             * We do not support any "multi" options
+             * together with "@", so throw away the
+             * rest of the command, if any left, until
+             * end or ':' is found.
+             */
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        } else if (found) {
+            ssl_cipher_apply_rule(cipher_id,
+                                  alg_mkey, alg_auth, alg_enc, alg_mac,
+                                  min_tls, algo_strength, rule, -1, head_p,
+                                  tail_p);
+        } else {
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        }
+        if (*l == '\0')
+            break;              /* done */
+    }
+
+    return (retval);
+}
+
+#ifndef OPENSSL_NO_EC
+static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
+                                    const char **prule_str)
+{
+    unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
+        suiteb_comb2 = 1;
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
+
+    if (suiteb_flags) {
+        c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
+        c->cert_flags |= suiteb_flags;
+    } else
+        suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+
+    if (!suiteb_flags)
+        return 1;
+    /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
+
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
+        SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+               SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
+        return 0;
+    }
+# ifndef OPENSSL_NO_EC
+    switch (suiteb_flags) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        if (suiteb_comb2)
+            *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        else
+            *prule_str =
+                "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
+        break;
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    }
+    return 1;
+# else
+    SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+    return 0;
+# endif
+}
+#endif
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
+                                             **cipher_list, STACK_OF(SSL_CIPHER)
+                                             **cipher_list_by_id,
+                                             const char *rule_str, CERT *c)
+{
+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
+    STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+    const char *rule_p;
+    CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+    const SSL_CIPHER **ca_list = NULL;
+
+    /*
+     * Return with error if nothing to do.
+     */
+    if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+        return NULL;
+#ifndef OPENSSL_NO_EC
+    if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+        return NULL;
+#endif
+
+    /*
+     * To reduce the work to do we only want to process the compiled
+     * in algorithms, so we first get the mask of disabled ciphers.
+     */
+
+    disabled_mkey = disabled_mkey_mask;
+    disabled_auth = disabled_auth_mask;
+    disabled_enc = disabled_enc_mask;
+    disabled_mac = disabled_mac_mask;
+
+    /*
+     * Now we have to collect the available ciphers from the compiled
+     * in ciphers. We cannot get more than the number compiled in, so
+     * it is used for allocation.
+     */
+    num_of_ciphers = ssl_method->num_ciphers();
+
+    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+    if (co_list == NULL) {
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return (NULL);          /* Failure */
+    }
+
+    ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, co_list, &head, &tail);
+
+    /* Now arrange all ciphers by preference. */
+
+    /*
+     * Everything else being equal, prefer ephemeral ECDH over other key
+     * exchange mechanisms.
+     * For consistency, prefer ECDSA over RSA (though this only matters if the
+     * server has both certificates, and is using the DEFAULT, or a client
+     * preference).
+     */
+    ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                          &tail);
+
+    /* Within each strength group, we prefer GCM over CHACHA... */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+
+    /*
+     * ...and generally, our preferred cipher is AES.
+     * Note that AEADs will be bumped to take preference after sorting by
+     * strength.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+
+    /* Temporarily enable everything else for sorting */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+
+    /* Low priority for MD5 */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Move anonymous ciphers to the end.  Usually, these will remain
+     * disabled. (For applications that allow them, they aren't too bad, but
+     * we prefer authenticated ciphers.)
+     */
+    ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /* RC4 is sort-of broken -- move the the end */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Now sort by symmetric encryption strength.  The above ordering remains
+     * in force within each class
+     */
+    if (!ssl_cipher_strength_sort(&head, &tail)) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /*
+     * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
+     * TODO(openssl-team): is there an easier way to accomplish all this?
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+
+    /*
+     * Irrespective of strength, enforce the following order:
+     * (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
+     * Within each group, ciphers remain sorted by strength and previous
+     * preference, i.e.,
+     * 1) ECDHE > DHE
+     * 2) GCM > CHACHA
+     * 3) AES > rest
+     * 4) TLS 1.2 > legacy
+     *
+     * Because we now bump ciphers to the top of the list, we proceed in
+     * reverse order of preference.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+
+    /* Now disable everything (maintaining the ordering!) */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+
+    /*
+     * We also need cipher aliases for selecting based on the rule_str.
+     * There might be two types of entries in the rule_str: 1) names
+     * of ciphers themselves 2) aliases for groups of ciphers.
+     * For 1) we need the available ciphers and for 2) the cipher
+     * groups of cipher_aliases added together in one list (otherwise
+     * we would be happy with just the cipher_aliases table).
+     */
+    num_of_group_aliases = OSSL_NELEM(cipher_aliases);
+    num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+    ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+    if (ca_list == NULL) {
+        OPENSSL_free(co_list);
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return (NULL);          /* Failure */
+    }
+    ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, head);
+
+    /*
+     * If the rule_string begins with DEFAULT, apply the default rule
+     * before using the (possibly available) additional rules.
+     */
+    ok = 1;
+    rule_p = rule_str;
+    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                                        &head, &tail, ca_list, c);
+        rule_p += 7;
+        if (*rule_p == ':')
+            rule_p++;
+    }
+
+    if (ok && (strlen(rule_p) > 0))
+        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
+
+    OPENSSL_free(ca_list);      /* Not needed anymore */
+
+    if (!ok) {                  /* Rule processing failure */
+        OPENSSL_free(co_list);
+        return (NULL);
+    }
+
+    /*
+     * Allocate new "cipherstack" for the result, return with error
+     * if we cannot get one.
+     */
+    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+        OPENSSL_free(co_list);
+        return (NULL);
+    }
+
+    /*
+     * The cipher selection for the list is done. The ciphers are added
+     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+     */
+    for (curr = head; curr != NULL; curr = curr->next) {
+        if (curr->active
+            && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) {
+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+                OPENSSL_free(co_list);
+                sk_SSL_CIPHER_free(cipherstack);
+                return NULL;
+            }
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "<%s>\n", curr->cipher->name);
+#endif
+        }
+    }
+    OPENSSL_free(co_list);      /* Not needed any longer */
+
+    tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+    if (tmp_cipher_list == NULL) {
+        sk_SSL_CIPHER_free(cipherstack);
+        return NULL;
+    }
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = cipherstack;
+    if (*cipher_list_by_id != NULL)
+        sk_SSL_CIPHER_free(*cipher_list_by_id);
+    *cipher_list_by_id = tmp_cipher_list;
+    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
+
+    sk_SSL_CIPHER_sort(*cipher_list_by_id);
+    return (cipherstack);
+}
+
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+{
+    const char *ver;
+    const char *kx, *au, *enc, *mac;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
+    static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+
+    if (buf == NULL) {
+        len = 128;
+        buf = OPENSSL_malloc(len);
+        if (buf == NULL)
+            return NULL;
+    } else if (len < 128)
+        return NULL;
+
+    alg_mkey = cipher->algorithm_mkey;
+    alg_auth = cipher->algorithm_auth;
+    alg_enc = cipher->algorithm_enc;
+    alg_mac = cipher->algorithm_mac;
+
+    ver = ssl_protocol_to_string(cipher->min_tls);
+
+    switch (alg_mkey) {
+    case SSL_kRSA:
+        kx = "RSA";
+        break;
+    case SSL_kDHE:
+        kx = "DH";
+        break;
+    case SSL_kECDHE:
+        kx = "ECDH";
+        break;
+    case SSL_kPSK:
+        kx = "PSK";
+        break;
+    case SSL_kRSAPSK:
+        kx = "RSAPSK";
+        break;
+    case SSL_kECDHEPSK:
+        kx = "ECDHEPSK";
+        break;
+    case SSL_kDHEPSK:
+        kx = "DHEPSK";
+        break;
+    case SSL_kSRP:
+        kx = "SRP";
+        break;
+    case SSL_kGOST:
+        kx = "GOST";
+        break;
+    default:
+        kx = "unknown";
+    }
+
+    switch (alg_auth) {
+    case SSL_aRSA:
+        au = "RSA";
+        break;
+    case SSL_aDSS:
+        au = "DSS";
+        break;
+    case SSL_aNULL:
+        au = "None";
+        break;
+    case SSL_aECDSA:
+        au = "ECDSA";
+        break;
+    case SSL_aPSK:
+        au = "PSK";
+        break;
+    case SSL_aSRP:
+        au = "SRP";
+        break;
+    case SSL_aGOST01:
+        au = "GOST01";
+        break;
+        /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
+    case (SSL_aGOST12 | SSL_aGOST01):
+        au = "GOST12";
+        break;
+    default:
+        au = "unknown";
+        break;
+    }
+
+    switch (alg_enc) {
+    case SSL_DES:
+        enc = "DES(56)";
+        break;
+    case SSL_3DES:
+        enc = "3DES(168)";
+        break;
+    case SSL_RC4:
+        enc = "RC4(128)";
+        break;
+    case SSL_RC2:
+        enc = "RC2(128)";
+        break;
+    case SSL_IDEA:
+        enc = "IDEA(128)";
+        break;
+    case SSL_eNULL:
+        enc = "None";
+        break;
+    case SSL_AES128:
+        enc = "AES(128)";
+        break;
+    case SSL_AES256:
+        enc = "AES(256)";
+        break;
+    case SSL_AES128GCM:
+        enc = "AESGCM(128)";
+        break;
+    case SSL_AES256GCM:
+        enc = "AESGCM(256)";
+        break;
+    case SSL_AES128CCM:
+        enc = "AESCCM(128)";
+        break;
+    case SSL_AES256CCM:
+        enc = "AESCCM(256)";
+        break;
+    case SSL_AES128CCM8:
+        enc = "AESCCM8(128)";
+        break;
+    case SSL_AES256CCM8:
+        enc = "AESCCM8(256)";
+        break;
+    case SSL_CAMELLIA128:
+        enc = "Camellia(128)";
+        break;
+    case SSL_CAMELLIA256:
+        enc = "Camellia(256)";
+        break;
+    case SSL_SEED:
+        enc = "SEED(128)";
+        break;
+    case SSL_eGOST2814789CNT:
+    case SSL_eGOST2814789CNT12:
+        enc = "GOST89(256)";
+        break;
+    case SSL_CHACHA20POLY1305:
+        enc = "CHACHA20/POLY1305(256)";
+        break;
+    default:
+        enc = "unknown";
+        break;
+    }
+
+    switch (alg_mac) {
+    case SSL_MD5:
+        mac = "MD5";
+        break;
+    case SSL_SHA1:
+        mac = "SHA1";
+        break;
+    case SSL_SHA256:
+        mac = "SHA256";
+        break;
+    case SSL_SHA384:
+        mac = "SHA384";
+        break;
+    case SSL_AEAD:
+        mac = "AEAD";
+        break;
+    case SSL_GOST89MAC:
+    case SSL_GOST89MAC12:
+        mac = "GOST89";
+        break;
+    case SSL_GOST94:
+        mac = "GOST94";
+        break;
+    case SSL_GOST12_256:
+    case SSL_GOST12_512:
+        mac = "GOST2012";
+        break;
+    default:
+        mac = "unknown";
+        break;
+    }
+
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
+
+    return (buf);
+}
+
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+{
+    if (c == NULL)
+        return "(NONE)";
+
+    /*
+     * Backwards-compatibility crutch.  In almost all contexts we report TLS
+     * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+     */
+    if (c->min_tls == TLS1_VERSION)
+        return "TLSv1.0";
+    return ssl_protocol_to_string(c->min_tls);
+}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return (c->name);
+    return ("(NONE)");
+}
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+{
+    int ret = 0;
+
+    if (c != NULL) {
+        if (alg_bits != NULL)
+            *alg_bits = (int)c->alg_bits;
+        ret = (int)c->strength_bits;
+    }
+    return ret;
+}
+
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
+{
+    return c->id;
+}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+{
+    SSL_COMP *ctmp;
+    int i, nn;
+
+    if ((n == 0) || (sk == NULL))
+        return (NULL);
+    nn = sk_SSL_COMP_num(sk);
+    for (i = 0; i < nn; i++) {
+        ctmp = sk_SSL_COMP_value(sk, i);
+        if (ctmp->id == n)
+            return (ctmp);
+    }
+    return (NULL);
+}
+
+#ifdef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    return NULL;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    return meths;
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    return 1;
+}
+
+#else
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    load_builtin_compressions();
+    return (ssl_comp_methods);
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = meths;
+    return old_meths;
+}
+
+static void cmeth_free(SSL_COMP *cm)
+{
+    OPENSSL_free(cm);
+}
+
+void ssl_comp_free_compression_methods_int(void)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = NULL;
+    sk_SSL_COMP_pop_free(old_meths, cmeth_free);
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    SSL_COMP *comp;
+
+    if (cm == NULL || COMP_get_type(cm) == NID_undef)
+        return 1;
+
+    /*-
+     * According to draft-ietf-tls-compression-04.txt, the
+     * compression number ranges should be the following:
+     *
+     *   0 to  63:  methods defined by the IETF
+     *  64 to 192:  external party methods assigned by IANA
+     * 193 to 255:  reserved for private use
+     */
+    if (id < 193 || id > 255) {
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+        return 1;
+    }
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    comp = OPENSSL_malloc(sizeof(*comp));
+    if (comp == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return (1);
+    }
+
+    comp->id = id;
+    comp->method = cm;
+    load_builtin_compressions();
+    if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_DUPLICATE_COMPRESSION_ID);
+        return (1);
+    }
+    if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return (1);
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return (0);
+}
+#endif
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp ? COMP_get_name(comp) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const char *SSL_COMP_get0_name(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->name;
+#else
+    return NULL;
+#endif
+}
+
+int SSL_COMP_get_id(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->id;
+#else
+    return -1;
+#endif
+}
+
+/* For a cipher return the index corresponding to the certificate type */
+int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
+{
+    uint32_t alg_a;
+
+    alg_a = c->algorithm_auth;
+
+    if (alg_a & SSL_aECDSA)
+        return SSL_PKEY_ECC;
+    else if (alg_a & SSL_aDSS)
+        return SSL_PKEY_DSA_SIGN;
+    else if (alg_a & SSL_aRSA)
+        return SSL_PKEY_RSA_ENC;
+    else if (alg_a & SSL_aGOST12)
+        return SSL_PKEY_GOST_EC;
+    else if (alg_a & SSL_aGOST01)
+        return SSL_PKEY_GOST01;
+
+    return -1;
+}
+
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+{
+    const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
+    if (c == NULL || c->valid == 0)
+        return NULL;
+    return c;
+}
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
+{
+    return ssl->method->get_cipher_by_char(ptr);
+}
+
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
+{
+    int i;
+    if (c == NULL)
+        return NID_undef;
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_cipher[i].nid;
+}
+
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_mac[i].nid;
+}
+
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_kx[i].nid;
+}
+
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_auth[i].nid;
+}
+
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+    return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
+}
diff --git a/openssl-1.1.0h/ssl/ssl_conf.c b/openssl-1.1.0h/ssl/ssl_conf.c
new file mode 100644
index 0000000..7f89488
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_conf.c
@@ -0,0 +1,893 @@
+/*
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/conf.h>
+#include <openssl/objects.h>
+#include <openssl/dh.h>
+
+/*
+ * structure holding name tables. This is used for permitted elements in lists
+ * such as TLSv1.
+ */
+
+typedef struct {
+    const char *name;
+    int namelen;
+    unsigned int name_flags;
+    unsigned long option_value;
+} ssl_flag_tbl;
+
+/* Switch table: use for single command line switches like no_tls2 */
+typedef struct {
+    unsigned long option_value;
+    unsigned int name_flags;
+} ssl_switch_tbl;
+
+/* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
+#define SSL_TFLAG_INV   0x1
+/* Mask for type of flag referred to */
+#define SSL_TFLAG_TYPE_MASK 0xf00
+/* Flag is for options */
+#define SSL_TFLAG_OPTION    0x000
+/* Flag is for cert_flags */
+#define SSL_TFLAG_CERT      0x100
+/* Flag is for verify mode */
+#define SSL_TFLAG_VFY       0x200
+/* Option can only be used for clients */
+#define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
+/* Option can only be used for servers */
+#define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER
+#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER)
+
+#define SSL_FLAG_TBL(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_TBL_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CERT(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}
+
+#define SSL_FLAG_VFY_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_VFY_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
+
+/*
+ * Opaque structure containing SSL configuration context.
+ */
+
+struct ssl_conf_ctx_st {
+    /*
+     * Various flags indicating (among other things) which options we will
+     * recognise.
+     */
+    unsigned int flags;
+    /* Prefix and length of commands */
+    char *prefix;
+    size_t prefixlen;
+    /* SSL_CTX or SSL structure to perform operations on */
+    SSL_CTX *ctx;
+    SSL *ssl;
+    /* Pointer to SSL or SSL_CTX options field or NULL if none */
+    uint32_t *poptions;
+    /* Certificate filenames for each type */
+    char *cert_filename[SSL_PKEY_NUM];
+    /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
+    uint32_t *pcert_flags;
+    /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
+    uint32_t *pvfy_flags;
+    /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
+    int *min_version;
+    /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
+    int *max_version;
+    /* Current flag table being worked on */
+    const ssl_flag_tbl *tbl;
+    /* Size of table */
+    size_t ntbl;
+    /* Client CA names */
+    STACK_OF(X509_NAME) *canames;
+};
+
+static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
+                           unsigned long option_value, int onoff)
+{
+    uint32_t *pflags;
+    if (cctx->poptions == NULL)
+        return;
+    if (name_flags & SSL_TFLAG_INV)
+        onoff ^= 1;
+    switch (name_flags & SSL_TFLAG_TYPE_MASK) {
+
+    case SSL_TFLAG_CERT:
+        pflags = cctx->pcert_flags;
+        break;
+
+    case SSL_TFLAG_VFY:
+        pflags = cctx->pvfy_flags;
+        break;
+
+    case SSL_TFLAG_OPTION:
+        pflags = cctx->poptions;
+        break;
+
+    default:
+        return;
+
+    }
+    if (onoff)
+        *pflags |= option_value;
+    else
+        *pflags &= ~option_value;
+}
+
+static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
+                            const char *name, int namelen, int onoff)
+{
+    /* If name not relevant for context skip */
+    if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH))
+        return 0;
+    if (namelen == -1) {
+        if (strcmp(tbl->name, name))
+            return 0;
+    } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
+        return 0;
+    ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
+    return 1;
+}
+
+static int ssl_set_option_list(const char *elem, int len, void *usr)
+{
+    SSL_CONF_CTX *cctx = usr;
+    size_t i;
+    const ssl_flag_tbl *tbl;
+    int onoff = 1;
+    /*
+     * len == -1 indicates not being called in list context, just for single
+     * command line switches, so don't allow +, -.
+     */
+    if (elem == NULL)
+        return 0;
+    if (len != -1) {
+        if (*elem == '+') {
+            elem++;
+            len--;
+            onoff = 1;
+        } else if (*elem == '-') {
+            elem++;
+            len--;
+            onoff = 0;
+        }
+    }
+    for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {
+        if (ssl_match_option(cctx, tbl, elem, len, onoff))
+            return 1;
+    }
+    return 0;
+}
+
+/* Set supported signature algorithms */
+static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+/* Set supported client signature algorithms */
+static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_client_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_curves_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+#ifndef OPENSSL_NO_EC
+/* ECDH temporary parameters */
+static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    EC_KEY *ecdh;
+    int nid;
+
+    /* Ignore values supported by 1.0.2 for the automatic selection */
+    if ((cctx->flags & SSL_CONF_FLAG_FILE) &&
+        strcasecmp(value, "+automatic") == 0)
+        return 1;
+    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+        strcmp(value, "auto") == 0)
+        return 1;
+
+    nid = EC_curve_nist2nid(value);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(value);
+    if (nid == 0)
+        return 0;
+    ecdh = EC_KEY_new_by_curve_name(nid);
+    if (!ecdh)
+        return 0;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+    else if (cctx->ssl)
+        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
+    EC_KEY_free(ecdh);
+
+    return rv > 0;
+}
+#endif
+static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_cipher_list(cctx->ssl, value);
+    return rv > 0;
+}
+
+static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_protocol_list[] = {
+        SSL_FLAG_TBL_INV("ALL", SSL_OP_NO_SSL_MASK),
+        SSL_FLAG_TBL_INV("SSLv2", SSL_OP_NO_SSLv2),
+        SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
+        SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
+        SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
+        SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
+        SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
+    };
+    cctx->tbl = ssl_protocol_list;
+    cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+    struct protocol_versions {
+        const char *name;
+        int version;
+    };
+    static const struct protocol_versions versions[] = {
+        {"None", 0},
+        {"SSLv3", SSL3_VERSION},
+        {"TLSv1", TLS1_VERSION},
+        {"TLSv1.1", TLS1_1_VERSION},
+        {"TLSv1.2", TLS1_2_VERSION},
+        {"DTLSv1", DTLS1_VERSION},
+        {"DTLSv1.2", DTLS1_2_VERSION}
+    };
+    size_t i;
+    size_t n = OSSL_NELEM(versions);
+
+    for (i = 0; i < n; i++)
+        if (strcmp(versions[i].name, value) == 0)
+            return versions[i].version;
+    return -1;
+}
+
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+    int method_version;
+    int new_version;
+
+    if (cctx->ctx != NULL)
+        method_version = cctx->ctx->method->version;
+    else if (cctx->ssl != NULL)
+        method_version = cctx->ssl->ctx->method->version;
+    else
+        return 0;
+    if ((new_version = protocol_from_string(value)) < 0)
+        return 0;
+    return ssl_set_version_bound(method_version, new_version, bound);
+}
+
+/*
+ * cmd_MinProtocol - Set min protocol version
+ * @cctx: config structure to save settings in
+ * @value: The min protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->min_version);
+}
+
+/*
+ * cmd_MaxProtocol - Set max protocol version
+ * @cctx: config structure to save settings in
+ * @value: The max protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->max_version);
+}
+
+static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_option_list[] = {
+        SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
+        SSL_FLAG_TBL_INV("EmptyFragments",
+                         SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
+        SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
+        SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
+        SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
+        SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
+                         SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+        SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
+        SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
+        SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
+                     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
+        SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_option_list;
+    cctx->ntbl = OSSL_NELEM(ssl_option_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_vfy_list[] = {
+        SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Require",
+                         SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+        SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE)
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_vfy_list;
+    cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    CERT *c = NULL;
+    if (cctx->ctx) {
+        rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
+        c = cctx->ctx->cert;
+    }
+    if (cctx->ssl) {
+        rv = SSL_use_certificate_chain_file(cctx->ssl, value);
+        c = cctx->ssl->cert;
+    }
+    if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
+        OPENSSL_free(*pfilename);
+        *pfilename = OPENSSL_strdup(value);
+        if (!*pfilename)
+            rv = 0;
+    }
+
+    return rv > 0;
+}
+
+static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+        return -2;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM);
+    if (cctx->ssl)
+        rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);
+    return rv > 0;
+}
+
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int do_store(SSL_CONF_CTX *cctx,
+                    const char *CAfile, const char *CApath, int verify_store)
+{
+    CERT *cert;
+    X509_STORE **st;
+    if (cctx->ctx)
+        cert = cctx->ctx->cert;
+    else if (cctx->ssl)
+        cert = cctx->ssl->cert;
+    else
+        return 1;
+    st = verify_store ? &cert->verify_store : &cert->chain_store;
+    if (*st == NULL) {
+        *st = X509_STORE_new();
+        if (*st == NULL)
+            return 0;
+    }
+    return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+
+#ifndef OPENSSL_NO_DH
+static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    DH *dh = NULL;
+    BIO *in = NULL;
+    if (cctx->ctx || cctx->ssl) {
+        in = BIO_new(BIO_s_file());
+        if (in == NULL)
+            goto end;
+        if (BIO_read_filename(in, value) <= 0)
+            goto end;
+        dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+        if (dh == NULL)
+            goto end;
+    } else
+        return 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_dh(cctx->ctx, dh);
+    if (cctx->ssl)
+        rv = SSL_set_tmp_dh(cctx->ssl, dh);
+ end:
+    DH_free(dh);
+    BIO_free(in);
+    return rv > 0;
+}
+#endif
+typedef struct {
+    int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
+    const char *str_file;
+    const char *str_cmdline;
+    unsigned short flags;
+    unsigned short value_type;
+} ssl_conf_cmd_tbl;
+
+/* Table of supported parameters */
+
+#define SSL_CONF_CMD(name, cmdopt, flags, type) \
+        {cmd_##name, #name, cmdopt, flags, type}
+
+#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
+        SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
+
+#define SSL_CONF_CMD_SWITCH(name, flags) \
+        {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
+
+/* See apps/apps.h if you change this table. */
+static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
+    SSL_CONF_CMD_SWITCH("no_ssl3", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("bugs", 0),
+    SSL_CONF_CMD_SWITCH("no_comp", 0),
+    SSL_CONF_CMD_SWITCH("comp", 0),
+    SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_ticket", 0),
+    SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("strict", 0),
+    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
+    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
+    SSL_CONF_CMD_STRING(Curves, "curves", 0),
+#ifndef OPENSSL_NO_EC
+    SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
+#endif
+    SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+    SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+    SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
+    SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
+    SSL_CONF_CMD_STRING(Options, NULL, 0),
+    SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ClientCAFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ClientCAPath, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+#ifndef OPENSSL_NO_DH
+    SSL_CONF_CMD(DHParameters, "dhparam",
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE)
+#endif
+};
+
+/* Supported switches: must match order of switches in ssl_conf_cmds */
+static const ssl_switch_tbl ssl_cmd_switches[] = {
+    {SSL_OP_NO_SSLv3, 0},       /* no_ssl3 */
+    {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
+    {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
+    {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_ALL, 0},            /* bugs */
+    {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+    {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
+    {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
+    {SSL_OP_NO_TICKET, 0},      /* no_ticket */
+    {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+    /* legacy_renegotiation */
+    {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+    /* legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, 0},
+    /* no_renegotiation */
+    {SSL_OP_NO_RENEGOTIATION, 0},
+    /* no_resumption_on_reneg */
+    {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
+    /* no_legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
+    {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
+};
+
+static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
+{
+    if (!pcmd || !*pcmd)
+        return 0;
+    /* If a prefix is set, check and skip */
+    if (cctx->prefix) {
+        if (strlen(*pcmd) <= cctx->prefixlen)
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_CMDLINE &&
+            strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_FILE &&
+            strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        *pcmd += cctx->prefixlen;
+    } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+        if (**pcmd != '-' || !(*pcmd)[1])
+            return 0;
+        *pcmd += 1;
+    }
+    return 1;
+}
+
+/* Determine if a command is allowed according to cctx flags */
+static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
+{
+    unsigned int tfl = t->flags;
+    unsigned int cfl = cctx->flags;
+    if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CERTIFICATE)
+        && !(cfl & SSL_CONF_FLAG_CERTIFICATE))
+        return 0;
+    return 1;
+}
+
+static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
+                                                   const char *cmd)
+{
+    const ssl_conf_cmd_tbl *t;
+    size_t i;
+    if (cmd == NULL)
+        return NULL;
+
+    /* Look for matching parameter name in table */
+    for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {
+        if (ssl_conf_cmd_allowed(cctx, t)) {
+            if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+                if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)
+                    return t;
+            }
+            if (cctx->flags & SSL_CONF_FLAG_FILE) {
+                if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
+                    return t;
+            }
+        }
+    }
+    return NULL;
+}
+
+static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
+{
+    /* Find index of command in table */
+    size_t idx = cmd - ssl_conf_cmds;
+    const ssl_switch_tbl *scmd;
+    /* Sanity check index */
+    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+        return 0;
+    /* Obtain switches entry with same index */
+    scmd = ssl_cmd_switches + idx;
+    ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
+    return 1;
+}
+
+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
+{
+    const ssl_conf_cmd_tbl *runcmd;
+    if (cmd == NULL) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+        return 0;
+    }
+
+    if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
+        return -2;
+
+    runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+
+    if (runcmd) {
+        int rv;
+        if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
+            return ctrl_switch_option(cctx, runcmd);
+        }
+        if (value == NULL)
+            return -3;
+        rv = runcmd->cmd(cctx, value);
+        if (rv > 0)
+            return 2;
+        if (rv == -2)
+            return -2;
+        if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+            SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
+            ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
+        }
+        return 0;
+    }
+
+    if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
+        ERR_add_error_data(2, "cmd=", cmd);
+    }
+
+    return -2;
+}
+
+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv)
+{
+    int rv;
+    const char *arg = NULL, *argn;
+    if (pargc && *pargc == 0)
+        return 0;
+    if (!pargc || *pargc > 0)
+        arg = **pargv;
+    if (arg == NULL)
+        return 0;
+    if (!pargc || *pargc > 1)
+        argn = (*pargv)[1];
+    else
+        argn = NULL;
+    cctx->flags &= ~SSL_CONF_FLAG_FILE;
+    cctx->flags |= SSL_CONF_FLAG_CMDLINE;
+    rv = SSL_CONF_cmd(cctx, arg, argn);
+    if (rv > 0) {
+        /* Success: update pargc, pargv */
+        (*pargv) += rv;
+        if (pargc)
+            (*pargc) -= rv;
+        return rv;
+    }
+    /* Unknown switch: indicate no arguments processed */
+    if (rv == -2)
+        return 0;
+    /* Some error occurred processing command, return fatal error */
+    if (rv == 0)
+        return -1;
+    return rv;
+}
+
+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
+{
+    if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) {
+        const ssl_conf_cmd_tbl *runcmd;
+        runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+        if (runcmd)
+            return runcmd->value_type;
+    }
+    return SSL_CONF_TYPE_UNKNOWN;
+}
+
+SSL_CONF_CTX *SSL_CONF_CTX_new(void)
+{
+    SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    return ret;
+}
+
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
+{
+    /* See if any certificates are missing private keys */
+    size_t i;
+    CERT *c = NULL;
+    if (cctx->ctx)
+        c = cctx->ctx->cert;
+    else if (cctx->ssl)
+        c = cctx->ssl->cert;
+    if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const char *p = cctx->cert_filename[i];
+            /*
+             * If missing private key try to load one from certificate file
+             */
+            if (p && !c->pkeys[i].privatekey) {
+                if (!cmd_PrivateKey(cctx, p))
+                    return 0;
+            }
+        }
+    }
+    if (cctx->canames) {
+        if (cctx->ssl)
+            SSL_set_client_CA_list(cctx->ssl, cctx->canames);
+        else if (cctx->ctx)
+            SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames);
+        else
+            sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        cctx->canames = NULL;
+    }
+    return 1;
+}
+
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
+{
+    if (cctx) {
+        size_t i;
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+            OPENSSL_free(cctx->cert_filename[i]);
+        OPENSSL_free(cctx->prefix);
+        sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        OPENSSL_free(cctx);
+    }
+}
+
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags |= flags;
+    return cctx->flags;
+}
+
+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags &= ~flags;
+    return cctx->flags;
+}
+
+int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre)
+{
+    char *tmp = NULL;
+    if (pre) {
+        tmp = OPENSSL_strdup(pre);
+        if (tmp == NULL)
+            return 0;
+    }
+    OPENSSL_free(cctx->prefix);
+    cctx->prefix = tmp;
+    if (tmp)
+        cctx->prefixlen = strlen(tmp);
+    else
+        cctx->prefixlen = 0;
+    return 1;
+}
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
+{
+    cctx->ssl = ssl;
+    cctx->ctx = NULL;
+    if (ssl) {
+        cctx->poptions = &ssl->options;
+        cctx->min_version = &ssl->min_proto_version;
+        cctx->max_version = &ssl->max_proto_version;
+        cctx->pcert_flags = &ssl->cert->cert_flags;
+        cctx->pvfy_flags = &ssl->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
+
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
+{
+    cctx->ctx = ctx;
+    cctx->ssl = NULL;
+    if (ctx) {
+        cctx->poptions = &ctx->options;
+        cctx->min_version = &ctx->min_proto_version;
+        cctx->max_version = &ctx->max_proto_version;
+        cctx->pcert_flags = &ctx->cert->cert_flags;
+        cctx->pvfy_flags = &ctx->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
diff --git a/openssl-1.1.0h/ssl/ssl_err.c b/openssl-1.1.0h/ssl/ssl_err.c
new file mode 100644
index 0000000..580861e
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_err.c
@@ -0,0 +1,689 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
+
+static ERR_STRING_DATA SSL_str_functs[] = {
+    {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "check_suiteb_cipher_list"},
+    {ERR_FUNC(SSL_F_CT_MOVE_SCTS), "ct_move_scts"},
+    {ERR_FUNC(SSL_F_CT_STRICT), "ct_strict"},
+    {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
+    {ERR_FUNC(SSL_F_DANE_CTX_ENABLE), "dane_ctx_enable"},
+    {ERR_FUNC(SSL_F_DANE_MTYPE_SET), "dane_mtype_set"},
+    {ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"},
+    {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
+    {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
+    {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"},
+    {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"},
+    {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
+    {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "dtls1_preprocess_fragment"},
+    {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
+     "dtls1_process_buffered_records"},
+    {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "dtls1_process_record"},
+    {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
+    {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
+    {ERR_FUNC(SSL_F_DTLS1_RETRANSMIT_MESSAGE), "dtls1_retransmit_message"},
+    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
+     "dtls1_write_app_data_bytes"},
+    {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
+    {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
+     "dtls_construct_change_cipher_spec"},
+    {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST),
+     "dtls_construct_hello_verify_request"},
+    {ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
+     "dtls_get_reassembled_message"},
+    {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
+    {ERR_FUNC(SSL_F_DTLS_WAIT_FOR_DRY), "dtls_wait_for_dry"},
+    {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
+    {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
+     "ossl_statem_client_read_transition"},
+    {ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION),
+     "ossl_statem_server_read_transition"},
+    {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
+    {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "ssl3_change_cipher_state"},
+    {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
+     "ssl3_check_cert_and_algorithm"},
+    {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
+    {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
+    {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
+     "ssl3_digest_cached_records"},
+    {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
+     "ssl3_do_change_cipher_spec"},
+    {ERR_FUNC(SSL_F_SSL3_FINAL_FINISH_MAC), "ssl3_final_finish_mac"},
+    {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "ssl3_generate_key_block"},
+    {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
+     "ssl3_generate_master_secret"},
+    {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "ssl3_get_record"},
+    {ERR_FUNC(SSL_F_SSL3_INIT_FINISHED_MAC), "ssl3_init_finished_mac"},
+    {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"},
+    {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},
+    {ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "ssl3_setup_read_buffer"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"},
+    {ERR_FUNC(SSL_F_SSL3_TAKE_MAC), "ssl3_take_mac"},
+    {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"},
+    {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CERT_CHAIN), "ssl_add_cert_chain"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "ssl_add_cert_to_buf"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
+     "ssl_add_clienthello_renegotiate_ext"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
+     "ssl_add_clienthello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
+     "ssl_add_clienthello_use_srtp_ext"},
+    {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
+     "SSL_add_dir_cert_subjects_to_stack"},
+    {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),
+     "SSL_add_file_cert_subjects_to_stack"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
+     "ssl_add_serverhello_renegotiate_ext"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
+     "ssl_add_serverhello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
+     "ssl_add_serverhello_use_srtp_ext"},
+    {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
+    {ERR_FUNC(SSL_F_SSL_BUILD_CERT_CHAIN), "ssl_build_cert_chain"},
+    {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},
+    {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
+    {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
+    {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),
+     "ssl_check_serverhello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
+     "ssl_check_srvr_ecc_cert_and_alg"},
+    {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
+     "ssl_cipher_process_rulestr"},
+    {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"},
+    {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
+    {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
+     "SSL_COMP_add_compression_method"},
+    {ERR_FUNC(SSL_F_SSL_CONF_CMD), "SSL_CONF_cmd"},
+    {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
+    {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
+    {ERR_FUNC(SSL_F_SSL_CTX_ENABLE_CT), "SSL_CTX_enable_ct"},
+    {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "ssl_ctx_make_profiles"},
+    {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_ALPN_PROTOS), "SSL_CTX_set_alpn_protos"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
+     "SSL_CTX_set_client_cert_engine"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK),
+     "SSL_CTX_set_ct_validation_callback"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
+     "SSL_CTX_set_session_id_context"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
+     "SSL_CTX_use_certificate_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
+     "SSL_CTX_use_certificate_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),
+     "SSL_CTX_use_PrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),
+     "SSL_CTX_use_PrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),
+     "SSL_CTX_use_psk_identity_hint"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),
+     "SSL_CTX_use_RSAPrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),
+     "SSL_CTX_use_RSAPrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE),
+     "SSL_CTX_use_serverinfo_file"},
+    {ERR_FUNC(SSL_F_SSL_DANE_DUP), "ssl_dane_dup"},
+    {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"},
+    {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"},
+    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
+    {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"},
+    {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"},
+    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},
+    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"},
+    {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "ssl_get_server_cert_index"},
+    {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"},
+    {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"},
+    {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+    {ERR_FUNC(SSL_F_SSL_MODULE_INIT), "ssl_module_init"},
+    {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),
+     "ssl_parse_clienthello_renegotiate_ext"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),
+     "ssl_parse_clienthello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),
+     "ssl_parse_clienthello_use_srtp_ext"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),
+     "ssl_parse_serverhello_renegotiate_ext"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),
+     "ssl_parse_serverhello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
+     "ssl_parse_serverhello_use_srtp_ext"},
+    {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
+    {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+    {ERR_FUNC(SSL_F_SSL_RENEGOTIATE), "SSL_renegotiate"},
+    {ERR_FUNC(SSL_F_SSL_RENEGOTIATE_ABBREVIATED),
+     "SSL_renegotiate_abbreviated"},
+    {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
+     "ssl_scan_clienthello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT),
+     "ssl_scan_serverhello_tlsext"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID), "SSL_SESSION_set1_id"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
+     "SSL_SESSION_set1_id_context"},
+    {ERR_FUNC(SSL_F_SSL_SET_ALPN_PROTOS), "SSL_set_alpn_protos"},
+    {ERR_FUNC(SSL_F_SSL_SET_CERT), "ssl_set_cert"},
+    {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK),
+     "SSL_set_ct_validation_callback"},
+    {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
+    {ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"},
+    {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
+     "SSL_set_session_id_context"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
+     "SSL_set_session_ticket_ext"},
+    {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
+    {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
+    {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
+    {ERR_FUNC(SSL_F_SSL_START_ASYNC_JOB), "ssl_start_async_job"},
+    {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"},
+    {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
+     "ssl_undefined_void_function"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
+     "SSL_use_RSAPrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
+     "SSL_use_RSAPrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"},
+    {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
+    {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
+    {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"},
+    {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
+    {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
+    {ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS),
+     "tls1_check_duplicate_extensions"},
+    {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"},
+    {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
+     "tls1_export_keying_material"},
+    {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "tls1_get_curvelist"},
+    {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"},
+    {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
+    {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
+    {ERR_FUNC(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK),
+     "tls_client_key_exchange_post_work"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
+     "tls_construct_certificate_request"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE),
+     "tls_construct_cke_psk_preamble"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
+     "tls_construct_client_certificate"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO),
+     "tls_construct_client_hello"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
+     "tls_construct_client_key_exchange"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
+     "tls_construct_client_verify"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
+     "tls_construct_hello_request"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+     "tls_construct_new_session_ticket"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
+     "tls_construct_server_certificate"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO),
+     "tls_construct_server_hello"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
+     "tls_construct_server_key_exchange"},
+    {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
+    {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_HEADER), "tls_get_message_header"},
+    {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO),
+     "tls_post_process_client_hello"},
+    {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE),
+     "tls_post_process_client_key_exchange"},
+    {ERR_FUNC(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE),
+     "tls_prepare_client_certificate"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST),
+     "tls_process_certificate_request"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_STATUS), "tls_process_cert_status"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_VERIFY), "tls_process_cert_verify"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC),
+     "tls_process_change_cipher_spec"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_DHE), "tls_process_cke_dhe"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_ECDHE), "tls_process_cke_ecdhe"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_GOST), "tls_process_cke_gost"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE),
+     "tls_process_cke_psk_preamble"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_RSA), "tls_process_cke_rsa"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_SRP), "tls_process_cke_srp"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE),
+     "tls_process_client_certificate"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE),
+     "tls_process_client_key_exchange"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_FINISHED), "tls_process_finished"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_KEY_EXCHANGE), "tls_process_key_exchange"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET),
+     "tls_process_new_session_ticket"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_NEXT_PROTO), "tls_process_next_proto"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE),
+     "tls_process_server_certificate"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE),
+     "tls_process_ske_psk_preamble"},
+    {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_SRP), "tls_process_ske_srp"},
+    {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE),
+     "use_certificate_chain_file"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"},
+    {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+     "attempt to reuse session in different context"},
+    {ERR_REASON(SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
+     "at least TLS 1.0 needed in FIPS mode"},
+    {ERR_REASON(SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
+     "at least (D)TLS 1.2 needed in Suite B mode"},
+    {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
+    {ERR_REASON(SSL_R_BAD_DATA), "bad data"},
+    {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+     "bad data returned by callback"},
+    {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+    {ERR_REASON(SSL_R_BAD_DH_VALUE), "bad dh value"},
+    {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+    {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+    {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
+    {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
+    {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+    {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
+    {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+    {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+     "bad protocol version number"},
+    {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+    {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
+    {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
+    {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
+    {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
+     "bad srtp protection profile list"},
+    {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+    {ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
+    {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+    {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
+    {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+     "block cipher pad is wrong"},
+    {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
+    {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
+    {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
+    {ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
+    {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+    {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
+     "certificate verify failed"},
+    {ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
+    {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
+    {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
+    {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+     "cipher or hash unavailable"},
+    {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+    {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+     "compressed length too long"},
+    {ERR_REASON(SSL_R_COMPRESSION_DISABLED), "compression disabled"},
+    {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
+    {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+     "compression id not within private range"},
+    {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
+     "compression library error"},
+    {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
+    {ERR_REASON(SSL_R_CONTEXT_NOT_DANE_ENABLED), "context not dane enabled"},
+    {ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
+     "cookie gen callback failure"},
+    {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+    {ERR_REASON(SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED),
+     "custom ext handler already installed"},
+    {ERR_REASON(SSL_R_DANE_ALREADY_ENABLED), "dane already enabled"},
+    {ERR_REASON(SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
+     "dane cannot override mtype full"},
+    {ERR_REASON(SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE),
+     "dane tlsa bad certificate"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE),
+     "dane tlsa bad certificate usage"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_DATA_LENGTH),
+     "dane tlsa bad data length"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
+     "dane tlsa bad digest length"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
+     "dane tlsa bad matching type"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), "dane tlsa bad public key"},
+    {ERR_REASON(SSL_R_DANE_TLSA_BAD_SELECTOR), "dane tlsa bad selector"},
+    {ERR_REASON(SSL_R_DANE_TLSA_NULL_DATA), "dane tlsa null data"},
+    {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+     "data between ccs and finished"},
+    {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"},
+    {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"},
+    {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+     "decryption failed or bad record mac"},
+    {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+    {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+     "dh public value length is wrong"},
+    {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
+    {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
+    {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
+    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
+    {ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
+     "ecdh required for suiteb mode"},
+    {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
+    {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
+     "empty srtp protection profile list"},
+    {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+     "encrypted length too long"},
+    {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+     "error in received cipher list"},
+    {ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
+     "error setting tlsa base domain"},
+    {ERR_REASON(SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+     "exceeds max fragment size"},
+    {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
+    {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
+    {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
+    {ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"},
+    {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
+    {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
+    {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
+    {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"},
+    {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
+    {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
+    {ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
+    {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
+    {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
+     "invalid compression algorithm"},
+    {ERR_REASON(SSL_R_INVALID_CONFIGURATION_NAME),
+     "invalid configuration name"},
+    {ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
+     "invalid ct validation type"},
+    {ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
+    {ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"},
+    {ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"},
+    {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"},
+    {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
+    {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
+     "invalid ticket keys length"},
+    {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
+    {ERR_REASON(SSL_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
+    {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
+    {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
+    {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
+    {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
+     "missing ecdsa signing cert"},
+    {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
+    {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+     "missing rsa encrypting cert"},
+    {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
+    {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
+    {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+    {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+    {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
+    {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
+    {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+    {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
+    {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
+    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
+     "Peer haven't sent GOST certificate, required for selected ciphersuite"},
+    {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"},
+    {ERR_REASON(SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"},
+    {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
+    {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
+    {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+    {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
+    {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+    {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
+     "no shared signature algorithms"},
+    {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
+    {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK),
+     "no verify cookie callback"},
+    {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+    {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
+    {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+     "old session cipher not returned"},
+    {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
+     "old session compression algorithm not returned"},
+    {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
+    {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
+    {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
+    {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+     "peer did not return a certificate"},
+    {ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
+    {ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
+    {ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"},
+    {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
+    {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
+    {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
+    {ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
+    {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+    {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
+    {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
+    {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
+    {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
+    {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
+     "renegotiation encoding err"},
+    {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
+    {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
+    {ERR_REASON(SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING),
+     "required compression algorithm missing"},
+    {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+     "scsv received when renegotiating"},
+    {ERR_REASON(SSL_R_SCT_VERIFICATION_FAILED), "sct verification failed"},
+    {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+    {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+     "session id context uninitialized"},
+    {ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"},
+    {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
+     "signature algorithms error"},
+    {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+     "signature for non signing certificate"},
+    {ERR_REASON(SSL_R_SRP_A_CALC), "error with the srp params"},
+    {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
+     "srtp could not allocate profiles"},
+    {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
+     "srtp protection profile list too long"},
+    {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
+     "srtp unknown protection profile"},
+    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+     "ssl3 ext invalid servername"},
+    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+     "ssl3 ext invalid servername type"},
+    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+     "sslv3 alert bad certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+     "sslv3 alert bad record mac"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+     "sslv3 alert certificate expired"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+     "sslv3 alert certificate revoked"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+     "sslv3 alert certificate unknown"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+     "sslv3 alert decompression failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+     "sslv3 alert handshake failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+     "sslv3 alert illegal parameter"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+     "sslv3 alert no certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+     "sslv3 alert unexpected message"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+     "sslv3 alert unsupported certificate"},
+    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY),
+     "ssl command section empty"},
+    {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
+     "ssl command section not found"},
+    {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+     "ssl ctx has no default ssl version"},
+    {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"},
+    {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+     "ssl library has no ciphers"},
+    {ERR_REASON(SSL_R_SSL_NEGATIVE_LENGTH), "ssl negative length"},
+    {ERR_REASON(SSL_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_REASON(SSL_R_SSL_SECTION_NOT_FOUND), "ssl section not found"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+     "ssl session id callback failed"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+     "ssl session id context too long"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG),
+     "ssl session id too long"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+     "ssl session id has bad length"},
+    {ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
+     "ssl session version mismatch"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+     "tlsv1 alert access denied"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+     "tlsv1 alert decryption failed"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+     "tlsv1 alert decrypt error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+     "tlsv1 alert export restriction"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+     "tlsv1 alert inappropriate fallback"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+     "tlsv1 alert insufficient security"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+     "tlsv1 alert internal error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+     "tlsv1 alert no renegotiation"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+     "tlsv1 alert protocol version"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+     "tlsv1 alert record overflow"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
+     "tlsv1 alert user cancelled"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+     "tlsv1 bad certificate hash value"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+     "tlsv1 bad certificate status response"},
+    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+     "tlsv1 certificate unobtainable"},
+    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
+    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+     "tlsv1 unsupported extension"},
+    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
+     "peer does not accept heartbeats"},
+    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
+     "heartbeat request already pending"},
+    {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
+     "tls illegal exporter label"},
+    {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+     "tls invalid ecpointformat list"},
+    {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+     "unable to find ecdh parameters"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+     "unable to find public key parameters"},
+    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+     "unable to load ssl3 md5 routines"},
+    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+     "unable to load ssl3 sha1 routines"},
+    {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+    {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+    {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"},
+    {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+    {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
+    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
+    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
+    {ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
+    {ERR_REASON(SSL_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+     "unknown key exchange type"},
+    {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+    {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+    {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
+    {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
+    {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+     "unsafe legacy renegotiation disabled"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+     "unsupported compression algorithm"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+     "unsupported elliptic curve"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
+    {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
+    {ERR_REASON(SSL_R_VERSION_TOO_HIGH), "version too high"},
+    {ERR_REASON(SSL_R_VERSION_TOO_LOW), "version too low"},
+    {ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"},
+    {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
+    {ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
+    {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+    {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"},
+    {ERR_REASON(SSL_R_X509_LIB), "x509 lib"},
+    {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+     "x509 verification setup problems"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SSL_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, SSL_str_functs);
+        ERR_load_strings(0, SSL_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/openssl-1.1.0h/ssl/ssl_init.c b/openssl-1.1.0h/ssl/ssl_init.c
new file mode 100644
index 0000000..3e62d48
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_init.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#include "internal/err.h"
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <assert.h>
+#include "ssl_locl.h"
+#include "internal/thread_once.h"
+
+static int stopped;
+
+static void ssl_library_stop(void);
+
+static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "Adding SSL ciphers and digests\n");
+#endif
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_cbc());
+    /*
+     * Not actually used for SSL/TLS but this makes PKCS#12 work if an
+     * application only calls SSL_library_init().
+     */
+    EVP_add_cipher(EVP_rc2_40_cbc());
+#endif
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_128_gcm());
+    EVP_add_cipher(EVP_aes_256_gcm());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    EVP_add_cipher(EVP_chacha20_poly1305());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_cbc());
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_COMP_get_compression_methods()\n");
+# endif
+    /*
+     * This will initialise the built-in compression algorithms. The value
+     * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
+     */
+    SSL_COMP_get_compression_methods();
+#endif
+    /* initialize cipher/digest methods table */
+    ssl_load_ciphers();
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_add_ssl_module()\n");
+#endif
+    SSL_add_ssl_module();
+    /*
+     * We ignore an error return here. Not much we can do - but not that bad
+     * either. We can still safely continue.
+     */
+    OPENSSL_atexit(ssl_library_stop);
+    ssl_base_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_strings_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
+            "ERR_load_SSL_strings()\n");
+# endif
+    ERR_load_SSL_strings();
+#endif
+    ssl_strings_inited = 1;
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+static void ssl_library_stop(void)
+{
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    if (ssl_base_inited) {
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "ssl_comp_free_compression_methods_int()\n");
+# endif
+        ssl_comp_free_compression_methods_int();
+#endif
+    }
+
+    if (ssl_strings_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "err_free_strings_int()\n");
+#endif
+        /*
+         * If both crypto and ssl error strings are inited we will end up
+         * calling err_free_strings_int() twice - but that's ok. The second
+         * time will be a no-op. It's easier to do that than to try and track
+         * between the two libraries whether they have both been inited.
+         */
+        err_free_strings_int();
+    }
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
+{
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
+
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+        return 0;
+
+    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/ssl/ssl_lib.c b/openssl-1.1.0h/ssl/ssl_lib.c
new file mode 100644
index 0000000..8a190d2
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_lib.c
@@ -0,0 +1,4476 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/ct.h>
+
+const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, unsigned int s,
+                                    int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+                                    int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+                                    unsigned char *s, int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+    (void)r;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_5(SSL *ssl, const char *r, int s,
+                                    unsigned char *t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+    (void)r;
+    return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+                                    const char *t, size_t u,
+                                    const unsigned char *v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+    ssl_undefined_function_1,
+    ssl_undefined_function_2,
+    ssl_undefined_function,
+    ssl_undefined_function_3,
+    ssl_undefined_function_4,
+    ssl_undefined_function_5,
+    0,                          /* finish_mac_length */
+    NULL,                       /* client_finished_label */
+    0,                          /* client_finished_label_len */
+    NULL,                       /* server_finished_label */
+    0,                          /* server_finished_label_len */
+    ssl_undefined_function_6,
+    ssl_undefined_function_7,
+};
+
+struct ssl_async_args {
+    SSL *s;
+    void *buf;
+    int num;
+    enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
+    union {
+        int (*func_read) (SSL *, void *, int);
+        int (*func_write) (SSL *, const void *, int);
+        int (*func_other) (SSL *);
+    } f;
+};
+
+static const struct {
+    uint8_t mtype;
+    uint8_t ord;
+    int nid;
+} dane_mds[] = {
+    {
+        DANETLS_MATCHING_FULL, 0, NID_undef
+    },
+    {
+        DANETLS_MATCHING_2256, 1, NID_sha256
+    },
+    {
+        DANETLS_MATCHING_2512, 2, NID_sha512
+    },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+    const EVP_MD **mdevp;
+    uint8_t *mdord;
+    uint8_t mdmax = DANETLS_MATCHING_LAST;
+    int n = ((int)mdmax) + 1;   /* int to handle PrivMatch(255) */
+    size_t i;
+
+    if (dctx->mdevp != NULL)
+        return 1;
+
+    mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+    mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+    if (mdord == NULL || mdevp == NULL) {
+        OPENSSL_free(mdord);
+        OPENSSL_free(mdevp);
+        SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Install default entries */
+    for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+        const EVP_MD *md;
+
+        if (dane_mds[i].nid == NID_undef ||
+            (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+            continue;
+        mdevp[dane_mds[i].mtype] = md;
+        mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+    }
+
+    dctx->mdevp = mdevp;
+    dctx->mdord = mdord;
+    dctx->mdmax = mdmax;
+
+    return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+    OPENSSL_free(dctx->mdevp);
+    dctx->mdevp = NULL;
+
+    OPENSSL_free(dctx->mdord);
+    dctx->mdord = NULL;
+    dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+    if (t == NULL)
+        return;
+    OPENSSL_free(t->data);
+    EVP_PKEY_free(t->spki);
+    OPENSSL_free(t);
+}
+
+static void dane_final(SSL_DANE *dane)
+{
+    sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+    dane->trecs = NULL;
+
+    sk_X509_pop_free(dane->certs, X509_free);
+    dane->certs = NULL;
+
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+    int num;
+    int i;
+
+    if (!DANETLS_ENABLED(&from->dane))
+        return 1;
+
+    dane_final(&to->dane);
+    to->dane.flags = from->dane.flags;
+    to->dane.dctx = &to->ctx->dane;
+    to->dane.trecs = sk_danetls_record_new_null();
+
+    if (to->dane.trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    num = sk_danetls_record_num(from->dane.trecs);
+    for (i = 0; i < num; ++i) {
+        danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+
+        if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+                              t->data, t->dlen) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int dane_mtype_set(struct dane_ctx_st *dctx,
+                          const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+    int i;
+
+    if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+        SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+        return 0;
+    }
+
+    if (mtype > dctx->mdmax) {
+        const EVP_MD **mdevp;
+        uint8_t *mdord;
+        int n = ((int)mtype) + 1;
+
+        mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+        if (mdevp == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdevp = mdevp;
+
+        mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+        if (mdord == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdord = mdord;
+
+        /* Zero-fill any gaps */
+        for (i = dctx->mdmax + 1; i < mtype; ++i) {
+            mdevp[i] = NULL;
+            mdord[i] = 0;
+        }
+
+        dctx->mdmax = mtype;
+    }
+
+    dctx->mdevp[mtype] = md;
+    /* Coerce ordinal of disabled matching types to 0 */
+    dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+    return 1;
+}
+
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
+{
+    if (mtype > dane->dctx->mdmax)
+        return NULL;
+    return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(SSL_DANE *dane,
+                         uint8_t usage,
+                         uint8_t selector,
+                         uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    danetls_record *t;
+    const EVP_MD *md = NULL;
+    int ilen = (int)dlen;
+    int i;
+    int num;
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+        return -1;
+    }
+
+    if (ilen < 0 || dlen != (size_t)ilen) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+        return 0;
+    }
+
+    if (usage > DANETLS_USAGE_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+        return 0;
+    }
+
+    if (selector > DANETLS_SELECTOR_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+        return 0;
+    }
+
+    if (mtype != DANETLS_MATCHING_FULL) {
+        md = tlsa_md_get(dane, mtype);
+        if (md == NULL) {
+            SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+            return 0;
+        }
+    }
+
+    if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+        return 0;
+    }
+    if (!data) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+        return 0;
+    }
+
+    if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    t->usage = usage;
+    t->selector = selector;
+    t->mtype = mtype;
+    t->data = OPENSSL_malloc(ilen);
+    if (t->data == NULL) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    memcpy(t->data, data, ilen);
+    t->dlen = ilen;
+
+    /* Validate and cache full certificate or public key */
+    if (mtype == DANETLS_MATCHING_FULL) {
+        const unsigned char *p = data;
+        X509 *cert = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        switch (selector) {
+        case DANETLS_SELECTOR_CERT:
+            if (!d2i_X509(&cert, &p, dlen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+            if (X509_get0_pubkey(cert) == NULL) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+
+            if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+                X509_free(cert);
+                break;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+             * records that contain full certificates of trust-anchors that are
+             * not present in the wire chain.  For usage PKIX-TA(0), we augment
+             * the chain with untrusted Full(0) certificates from DNS, in case
+             * they are missing from the chain.
+             */
+            if ((dane->certs == NULL &&
+                 (dane->certs = sk_X509_new_null()) == NULL) ||
+                !sk_X509_push(dane->certs, cert)) {
+                SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+                X509_free(cert);
+                tlsa_free(t);
+                return -1;
+            }
+            break;
+
+        case DANETLS_SELECTOR_SPKI:
+            if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+                return 0;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+             * records that contain full bare keys of trust-anchors that are
+             * not present in the wire chain.
+             */
+            if (usage == DANETLS_USAGE_DANE_TA)
+                t->spki = pkey;
+            else
+                EVP_PKEY_free(pkey);
+            break;
+        }
+    }
+
+    /*-
+     * Find the right insertion point for the new record.
+     *
+     * See crypto/x509/x509_vfy.c.  We sort DANE-EE(3) records first, so that
+     * they can be processed first, as they require no chain building, and no
+     * expiration or hostname checks.  Because DANE-EE(3) is numerically
+     * largest, this is accomplished via descending sort by "usage".
+     *
+     * We also sort in descending order by matching ordinal to simplify
+     * the implementation of digest agility in the verification code.
+     *
+     * The choice of order for the selector is not significant, so we
+     * use the same descending order for consistency.
+     */
+    num = sk_danetls_record_num(dane->trecs);
+    for (i = 0; i < num; ++i) {
+        danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+
+        if (rec->usage > usage)
+            continue;
+        if (rec->usage < usage)
+            break;
+        if (rec->selector > selector)
+            continue;
+        if (rec->selector < selector)
+            break;
+        if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+            continue;
+        break;
+    }
+
+    if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dane->umask |= DANETLS_USAGE_BIT(usage);
+
+    return 1;
+}
+
+/*
+ * Return 0 if there is only one version configured and it was disabled
+ * at configure time.  Return 1 otherwise.
+ */
+static int ssl_check_allowed_versions(int min_version, int max_version)
+{
+    int minisdtls = 0, maxisdtls = 0;
+
+    /* Figure out if we're doing DTLS versions or TLS versions */
+    if (min_version == DTLS1_BAD_VER
+        || min_version >> 8 == DTLS1_VERSION_MAJOR)
+        minisdtls = 1;
+    if (max_version == DTLS1_BAD_VER
+        || max_version >> 8 == DTLS1_VERSION_MAJOR)
+        maxisdtls = 1;
+    /* A wildcard version of 0 could be DTLS or TLS. */
+    if ((minisdtls && !maxisdtls && max_version != 0)
+        || (maxisdtls && !minisdtls && min_version != 0)) {
+        /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
+        return 0;
+    }
+
+    if (minisdtls || maxisdtls) {
+        /* Do DTLS version checks. */
+        if (min_version == 0)
+            /* Ignore DTLS1_BAD_VER */
+            min_version = DTLS1_VERSION;
+        if (max_version == 0)
+            max_version = DTLS1_2_VERSION;
+#ifdef OPENSSL_NO_DTLS1_2
+        if (max_version == DTLS1_2_VERSION)
+            max_version = DTLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_DTLS1
+        if (min_version == DTLS1_VERSION)
+            min_version = DTLS1_2_VERSION;
+#endif
+	/* Done massaging versions; do the check. */
+	if (0
+#ifdef OPENSSL_NO_DTLS1
+            || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
+                && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
+#endif
+#ifdef OPENSSL_NO_DTLS1_2
+            || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
+                && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
+#endif
+            )
+            return 0;
+    } else {
+        /* Regular TLS version checks. */
+	if (min_version == 0)
+	    min_version = SSL3_VERSION;
+	if (max_version == 0)
+	    max_version = TLS1_2_VERSION;
+#ifdef OPENSSL_NO_TLS1_2
+	if (max_version == TLS1_2_VERSION)
+	    max_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+	if (max_version == TLS1_1_VERSION)
+	    max_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+	if (max_version == TLS1_VERSION)
+	    max_version = SSL3_VERSION;
+#endif
+#ifdef OPENSSL_NO_SSL3
+	if (min_version == SSL3_VERSION)
+	    min_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+	if (min_version == TLS1_VERSION)
+	    min_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+	if (min_version == TLS1_1_VERSION)
+	    min_version = TLS1_2_VERSION;
+#endif
+	/* Done massaging versions; do the check. */
+	if (0
+#ifdef OPENSSL_NO_SSL3
+            || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1
+            || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+            || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+            || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
+#endif
+            )
+            return 0;
+    }
+    return 1;
+}
+
+static void clear_ciphers(SSL *s)
+{
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int SSL_clear(SSL *s)
+{
+    if (s->method == NULL) {
+        SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+        return (0);
+    }
+
+    if (ssl_clear_bad_session(s)) {
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+    }
+
+    s->error = 0;
+    s->hit = 0;
+    s->shutdown = 0;
+
+    if (s->renegotiate) {
+        SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ossl_statem_clear(s);
+
+    s->version = s->method->version;
+    s->client_version = s->version;
+    s->rwstate = SSL_NOTHING;
+
+    BUF_MEM_free(s->init_buf);
+    s->init_buf = NULL;
+    clear_ciphers(s);
+    s->first_packet = 0;
+
+    /* Reset DANE verification result state */
+    s->dane.mdpth = -1;
+    s->dane.pdpth = -1;
+    X509_free(s->dane.mcert);
+    s->dane.mcert = NULL;
+    s->dane.mtlsa = NULL;
+
+    /* Clear the verification result peername */
+    X509_VERIFY_PARAM_move_peername(s->param, NULL);
+
+    /*
+     * Check to see if we were changed into a different method, if so, revert
+     * back if we are not doing session-id reuse.
+     */
+    if (!ossl_statem_get_in_handshake(s) && (s->session == NULL)
+        && (s->method != s->ctx->method)) {
+        s->method->ssl_free(s);
+        s->method = s->ctx->method;
+        if (!s->method->ssl_new(s))
+            return (0);
+    } else
+        s->method->ssl_clear(s);
+
+    RECORD_LAYER_clear(&s->rlayer);
+
+    return (1);
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    ctx->method = meth;
+
+    sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
+                                &(ctx->cipher_list_by_id),
+                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return (0);
+    }
+    return (1);
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+    SSL *s;
+
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+        return (NULL);
+    }
+    if (ctx->method == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+        return (NULL);
+    }
+
+    s = OPENSSL_zalloc(sizeof(*s));
+    if (s == NULL)
+        goto err;
+
+    s->lock = CRYPTO_THREAD_lock_new();
+    if (s->lock == NULL) {
+        SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(s);
+        return NULL;
+    }
+
+    RECORD_LAYER_init(&s->rlayer, s);
+
+    s->options = ctx->options;
+    s->dane.flags = ctx->dane.flags;
+    s->min_proto_version = ctx->min_proto_version;
+    s->max_proto_version = ctx->max_proto_version;
+    s->mode = ctx->mode;
+    s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
+
+    /*
+     * Earlier library versions used to copy the pointer to the CERT, not
+     * its contents; only when setting new parameters for the per-SSL
+     * copy, ssl_cert_new would be called (and the direct reference to
+     * the per-SSL_CTX settings would be lost, but those still were
+     * indirectly accessed for various purposes, and for that reason they
+     * used to be known as s->ctx->default_cert). Now we don't look at the
+     * SSL_CTX's CERT after having duplicated it once.
+     */
+    s->cert = ssl_cert_dup(ctx->cert);
+    if (s->cert == NULL)
+        goto err;
+
+    RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
+    s->msg_callback = ctx->msg_callback;
+    s->msg_callback_arg = ctx->msg_callback_arg;
+    s->verify_mode = ctx->verify_mode;
+    s->not_resumable_session_cb = ctx->not_resumable_session_cb;
+    s->sid_ctx_length = ctx->sid_ctx_length;
+    OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx));
+    memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+    s->verify_callback = ctx->default_verify_callback;
+    s->generate_session_id = ctx->generate_session_id;
+
+    s->param = X509_VERIFY_PARAM_new();
+    if (s->param == NULL)
+        goto err;
+    X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+    s->quiet_shutdown = ctx->quiet_shutdown;
+    s->max_send_fragment = ctx->max_send_fragment;
+    s->split_send_fragment = ctx->split_send_fragment;
+    s->max_pipelines = ctx->max_pipelines;
+    if (s->max_pipelines > 1)
+        RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+    if (ctx->default_read_buf_len > 0)
+        SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
+
+    SSL_CTX_up_ref(ctx);
+    s->ctx = ctx;
+    s->tlsext_debug_cb = 0;
+    s->tlsext_debug_arg = NULL;
+    s->tlsext_ticket_expected = 0;
+    s->tlsext_status_type = ctx->tlsext_status_type;
+    s->tlsext_status_expected = 0;
+    s->tlsext_ocsp_ids = NULL;
+    s->tlsext_ocsp_exts = NULL;
+    s->tlsext_ocsp_resp = NULL;
+    s->tlsext_ocsp_resplen = -1;
+    SSL_CTX_up_ref(ctx);
+    s->session_ctx = ctx;
+#ifndef OPENSSL_NO_EC
+    if (ctx->tlsext_ecpointformatlist) {
+        s->tlsext_ecpointformatlist =
+            OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
+                           ctx->tlsext_ecpointformatlist_length);
+        if (!s->tlsext_ecpointformatlist)
+            goto err;
+        s->tlsext_ecpointformatlist_length =
+            ctx->tlsext_ecpointformatlist_length;
+    }
+    if (ctx->tlsext_ellipticcurvelist) {
+        s->tlsext_ellipticcurvelist =
+            OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
+                           ctx->tlsext_ellipticcurvelist_length);
+        if (!s->tlsext_ellipticcurvelist)
+            goto err;
+        s->tlsext_ellipticcurvelist_length =
+            ctx->tlsext_ellipticcurvelist_length;
+    }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->next_proto_negotiated = NULL;
+#endif
+
+    if (s->ctx->alpn_client_proto_list) {
+        s->alpn_client_proto_list =
+            OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
+        if (s->alpn_client_proto_list == NULL)
+            goto err;
+        memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
+               s->ctx->alpn_client_proto_list_len);
+        s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
+    }
+
+    s->verified_chain = NULL;
+    s->verify_result = X509_V_OK;
+
+    s->default_passwd_callback = ctx->default_passwd_callback;
+    s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+
+    s->method = ctx->method;
+
+    if (!s->method->ssl_new(s))
+        goto err;
+
+    s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+    if (!SSL_clear(s))
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    s->psk_client_callback = ctx->psk_client_callback;
+    s->psk_server_callback = ctx->psk_server_callback;
+#endif
+
+    s->job = NULL;
+
+#ifndef OPENSSL_NO_CT
+    if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
+                                        ctx->ct_validation_callback_arg))
+        goto err;
+#endif
+
+    return s;
+ err:
+    SSL_free(s);
+    SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int SSL_is_dtls(const SSL *s)
+{
+    return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
+int SSL_up_ref(SSL *s)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL", s);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ctx->sid_ctx_length = sid_ctx_len;
+    memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ssl->sid_ctx_length = sid_ctx_len;
+    memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    ctx->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ssl->lock);
+    ssl->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len)
+{
+    /*
+     * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+     * we can "construct" a session to give us the desired check - i.e. to
+     * find if there's a session in the hash table that would conflict with
+     * any new session built out of this id/id_len and the ssl_version in use
+     * by this SSL.
+     */
+    SSL_SESSION r, *p;
+
+    if (id_len > sizeof(r.session_id))
+        return 0;
+
+    r.ssl_version = ssl->version;
+    r.session_id_length = id_len;
+    memcpy(r.session_id, id, id_len);
+
+    CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+    p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+    CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
+    return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+    X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+    return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+    return dane_ctx_enable(&ctx->dane);
+}
+
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (s->ctx->dane.mdmax == 0) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+        return 0;
+    }
+    if (dane->trecs != NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+        return 0;
+    }
+
+    /*
+     * Default SNI name.  This rejects empty names, while set1_host below
+     * accepts them and disables host name checks.  To avoid side-effects with
+     * invalid input, set the SNI name first.
+     */
+    if (s->tlsext_hostname == NULL) {
+        if (!SSL_set_tlsext_host_name(s, basedomain)) {
+            SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+            return -1;
+        }
+    }
+
+    /* Primary RFC6125 reference identifier */
+    if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+        return -1;
+    }
+
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+    dane->dctx = &s->ctx->dane;
+    dane->trecs = sk_danetls_record_new_null();
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    return 1;
+}
+
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (mcert)
+            *mcert = dane->mcert;
+        if (mspki)
+            *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+    }
+    return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (usage)
+            *usage = dane->mtlsa->usage;
+        if (selector)
+            *selector = dane->mtlsa->selector;
+        if (mtype)
+            *mtype = dane->mtlsa->mtype;
+        if (data)
+            *data = dane->mtlsa->data;
+        if (dlen)
+            *dlen = dane->mtlsa->dlen;
+    }
+    return dane->mdpth;
+}
+
+SSL_DANE *SSL_get0_dane(SSL *s)
+{
+    return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
+                           uint8_t ord)
+{
+    return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+}
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+}
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+{
+    return ctx->param;
+}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+    return ssl->param;
+}
+
+void SSL_certs_clear(SSL *s)
+{
+    ssl_cert_clear_certs(s->cert);
+}
+
+void SSL_free(SSL *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+
+    CRYPTO_atomic_add(&s->references, -1, &i, s->lock);
+    REF_PRINT_COUNT("SSL", s);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(s->param);
+    dane_final(&s->dane);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+    ssl_free_wbio_buffer(s);
+
+    BIO_free_all(s->wbio);
+    BIO_free_all(s->rbio);
+
+    BUF_MEM_free(s->init_buf);
+
+    /* add extra stuff */
+    sk_SSL_CIPHER_free(s->cipher_list);
+    sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+    /* Make the next call work :-) */
+    if (s->session != NULL) {
+        ssl_clear_bad_session(s);
+        SSL_SESSION_free(s->session);
+    }
+
+    clear_ciphers(s);
+
+    ssl_cert_free(s->cert);
+    /* Free up if allocated */
+
+    OPENSSL_free(s->tlsext_hostname);
+    SSL_CTX_free(s->session_ctx);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(s->tlsext_ecpointformatlist);
+    OPENSSL_free(s->tlsext_ellipticcurvelist);
+#endif                          /* OPENSSL_NO_EC */
+    sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+#ifndef OPENSSL_NO_OCSP
+    sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+#endif
+#ifndef OPENSSL_NO_CT
+    SCT_LIST_free(s->scts);
+    OPENSSL_free(s->tlsext_scts);
+#endif
+    OPENSSL_free(s->tlsext_ocsp_resp);
+    OPENSSL_free(s->alpn_client_proto_list);
+
+    sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+
+    sk_X509_pop_free(s->verified_chain, X509_free);
+
+    if (s->method != NULL)
+        s->method->ssl_free(s);
+
+    RECORD_LAYER_release(&s->rlayer);
+
+    SSL_CTX_free(s->ctx);
+
+    ASYNC_WAIT_CTX_free(s->waitctx);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->next_proto_negotiated);
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
+    CRYPTO_THREAD_lock_free(s->lock);
+
+    OPENSSL_free(s);
+}
+
+void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+    BIO_free_all(s->rbio);
+    s->rbio = rbio;
+}
+
+void SSL_set0_wbio(SSL *s, BIO *wbio)
+{
+    /*
+     * If the output buffering BIO is still in place, remove it
+     */
+    if (s->bbio != NULL)
+        s->wbio = BIO_pop(s->wbio);
+
+    BIO_free_all(s->wbio);
+    s->wbio = wbio;
+
+    /* Re-attach |bbio| to the new |wbio|. */
+    if (s->bbio != NULL)
+        s->wbio = BIO_push(s->bbio, s->wbio);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+    /*
+     * For historical reasons, this function has many different cases in
+     * ownership handling.
+     */
+
+    /* If nothing has changed, do nothing */
+    if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
+        return;
+
+    /*
+     * If the two arguments are equal then one fewer reference is granted by the
+     * caller than we want to take
+     */
+    if (rbio != NULL && rbio == wbio)
+        BIO_up_ref(rbio);
+
+    /*
+     * If only the wbio is changed only adopt one reference.
+     */
+    if (rbio == SSL_get_rbio(s)) {
+        SSL_set0_wbio(s, wbio);
+        return;
+    }
+    /*
+     * There is an asymmetry here for historical reasons. If only the rbio is
+     * changed AND the rbio and wbio were originally different, then we only
+     * adopt one reference.
+     */
+    if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
+        SSL_set0_rbio(s, rbio);
+        return;
+    }
+
+    /* Otherwise, adopt both references. */
+    SSL_set0_rbio(s, rbio);
+    SSL_set0_wbio(s, wbio);
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+    return s->rbio;
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+    if (s->bbio != NULL) {
+        /*
+         * If |bbio| is active, the true caller-configured BIO is its
+         * |next_bio|.
+         */
+        return BIO_next(s->bbio);
+    }
+    return s->wbio;
+}
+
+int SSL_get_fd(const SSL *s)
+{
+    return SSL_get_rfd(s);
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_rbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return (ret);
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_wbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    bio = BIO_new(BIO_s_socket());
+
+    if (bio == NULL) {
+        SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+        goto err;
+    }
+    BIO_set_fd(bio, fd, BIO_NOCLOSE);
+    SSL_set_bio(s, bio, bio);
+    ret = 1;
+ err:
+    return (ret);
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+    BIO *rbio = SSL_get_rbio(s);
+
+    if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
+        || (int)BIO_get_fd(rbio, NULL) != fd) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_wbio(s, bio);
+    } else {
+        BIO_up_ref(rbio);
+        SSL_set0_wbio(s, rbio);
+    }
+    return 1;
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+    BIO *wbio = SSL_get_wbio(s);
+
+    if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
+        || ((int)BIO_get_fd(wbio, NULL) != fd)) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_rbio(s, bio);
+    } else {
+        BIO_up_ref(wbio);
+        SSL_set0_rbio(s, wbio);
+    }
+
+    return 1;
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.finish_md, count);
+    }
+    return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.peer_finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.peer_finish_md, count);
+    }
+    return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+    return (s->verify_mode);
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+    return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+    return (s->verify_callback);
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+    return (ctx->verify_mode);
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+    return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+    return (ctx->default_verify_callback);
+}
+
+void SSL_set_verify(SSL *s, int mode,
+                    int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+    s->verify_mode = mode;
+    if (callback != NULL)
+        s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+    RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+    return RECORD_LAYER_get_read_ahead(&s->rlayer);
+}
+
+int SSL_pending(const SSL *s)
+{
+    /*
+     * SSL_pending cannot work properly if read-ahead is enabled
+     * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+     * impossible to fix since SSL_pending cannot report errors that may be
+     * observed while scanning the new data. (Note that SSL_pending() is
+     * often used as a boolean value, so we'd better not return -1.)
+     */
+    return (s->method->ssl_pending(s));
+}
+
+int SSL_has_pending(const SSL *s)
+{
+    /*
+     * Similar to SSL_pending() but returns a 1 to indicate that we have
+     * unprocessed data available or 0 otherwise (as opposed to the number of
+     * bytes available). Unlike SSL_pending() this will take into account
+     * read_ahead data. A 1 return simply indicates that we have unprocessed
+     * data. That data may not result in any application data, or we may fail
+     * to parse the records for some reason.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+        return 1;
+
+    return RECORD_LAYER_read_pending(&s->rlayer);
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+    X509 *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer;
+
+    if (r == NULL)
+        return (r);
+
+    X509_up_ref(r);
+
+    return (r);
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+    STACK_OF(X509) *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer_chain;
+
+    /*
+     * If we are a client, cert_chain includes the peer's own certificate; if
+     * we are a server, it does not.
+     */
+
+    return (r);
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled
+ */
+int SSL_copy_session_id(SSL *t, const SSL *f)
+{
+    int i;
+    /* Do we need to to SSL locking? */
+    if (!SSL_set_session(t, SSL_get_session(f))) {
+        return 0;
+    }
+
+    /*
+     * what if we are setup for one protocol version but want to talk another
+     */
+    if (t->method != f->method) {
+        t->method->ssl_free(t);
+        t->method = f->method;
+        if (t->method->ssl_new(t) == 0)
+            return 0;
+    }
+
+    CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock);
+    ssl_cert_free(t->cert);
+    t->cert = f->cert;
+    if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return (0);
+    }
+    if (ctx->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return (0);
+    }
+    return (X509_check_private_key
+            (ctx->cert->key->x509, ctx->cert->key->privatekey));
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+    if (ssl == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (ssl->cert->key->x509 == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return (0);
+    }
+    if (ssl->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return (0);
+    }
+    return (X509_check_private_key(ssl->cert->key->x509,
+                                   ssl->cert->key->privatekey));
+}
+
+int SSL_waiting_for_async(SSL *s)
+{
+    if (s->job)
+        return 1;
+
+    return 0;
+}
+
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
+}
+
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
+                                          numdelfds);
+}
+
+int SSL_accept(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+int SSL_connect(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_connect_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+    return (s->method->get_timeout());
+}
+
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+                               int (*func) (void *))
+{
+    int ret;
+    if (s->waitctx == NULL) {
+        s->waitctx = ASYNC_WAIT_CTX_new();
+        if (s->waitctx == NULL)
+            return -1;
+    }
+    switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+                            sizeof(struct ssl_async_args))) {
+    case ASYNC_ERR:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+        return -1;
+    case ASYNC_PAUSE:
+        s->rwstate = SSL_ASYNC_PAUSED;
+        return -1;
+    case ASYNC_NO_JOBS:
+        s->rwstate = SSL_ASYNC_NO_JOBS;
+        return -1;
+    case ASYNC_FINISH:
+        s->job = NULL;
+        return ret;
+    default:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+        /* Shouldn't happen */
+        return -1;
+    }
+}
+
+static int ssl_io_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+    void *buf;
+    int num;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+    buf = args->buf;
+    num = args->num;
+    switch (args->type) {
+    case READFUNC:
+        return args->f.func_read(s, buf, num);
+    case WRITEFUNC:
+        return args->f.func_write(s, buf, num);
+    case OTHERFUNC:
+        return args->f.func_other(s);
+    }
+    return -1;
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_read;
+
+        return ssl_start_async_job(s, &args, ssl_io_intern);
+    } else {
+        return s->method->ssl_read(s, buf, num);
+    }
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        return (0);
+    }
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_peek;
+
+        return ssl_start_async_job(s, &args, ssl_io_intern);
+    } else {
+        return s->method->ssl_peek(s, buf, num);
+    }
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
+        return (-1);
+    }
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = (void *)buf;
+        args.num = num;
+        args.type = WRITEFUNC;
+        args.f.func_write = s->method->ssl_write;
+
+        return ssl_start_async_job(s, &args, ssl_io_intern);
+    } else {
+        return s->method->ssl_write(s, buf, num);
+    }
+}
+
+int SSL_shutdown(SSL *s)
+{
+    /*
+     * Note that this function behaves differently from what one might
+     * expect.  Return values are 0 for no success (yet), 1 for success; but
+     * calling it once is usually not enough, even if blocking I/O is used
+     * (see ssl3_shutdown).
+     */
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (!SSL_in_init(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+            args.type = OTHERFUNC;
+            args.f.func_other = s->method->ssl_shutdown;
+
+            return ssl_start_async_job(s, &args, ssl_io_intern);
+        } else {
+            return s->method->ssl_shutdown(s);
+        }
+    } else {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
+        return -1;
+    }
+}
+
+int SSL_renegotiate(SSL *s)
+{
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    if (s->renegotiate == 0)
+        s->renegotiate = 1;
+
+    s->new_session = 1;
+
+    return (s->method->ssl_renegotiate(s));
+}
+
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    if (s->renegotiate == 0)
+        s->renegotiate = 1;
+
+    s->new_session = 0;
+
+    return (s->method->ssl_renegotiate(s));
+}
+
+int SSL_renegotiate_pending(SSL *s)
+{
+    /*
+     * becomes true when negotiation is requested; false again once a
+     * handshake has finished
+     */
+    return (s->renegotiate != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    long l;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return (RECORD_LAYER_get_read_ahead(&s->rlayer));
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+        RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
+        return (l);
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        s->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_MODE:
+        return (s->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (s->mode &= ~larg);
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (s->max_cert_list);
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        l = s->max_cert_list;
+        s->max_cert_list = larg;
+        return (l);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        s->max_send_fragment = larg;
+        if (s->max_send_fragment < s->split_send_fragment)
+            s->split_send_fragment = s->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((unsigned int)larg > s->max_send_fragment || larg == 0)
+            return 0;
+        s->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        s->max_pipelines = larg;
+        if (larg > 1)
+            RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+        return 1;
+    case SSL_CTRL_GET_RI_SUPPORT:
+        if (s->s3)
+            return s->s3->send_connection_binding;
+        else
+            return 0;
+    case SSL_CTRL_CERT_FLAGS:
+        return (s->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (s->cert->cert_flags &= ~larg);
+
+    case SSL_CTRL_GET_RAW_CIPHERLIST:
+        if (parg) {
+            if (s->s3->tmp.ciphers_raw == NULL)
+                return 0;
+            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
+            return (int)s->s3->tmp.ciphers_rawlen;
+        } else {
+            return TLS_CIPHER_LEN;
+        }
+    case SSL_CTRL_GET_EXTMS_SUPPORT:
+        if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
+            return -1;
+        if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+            return 1;
+        else
+            return 0;
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, s->max_proto_version)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return s->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(s->min_proto_version, larg)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return s->max_proto_version;
+    default:
+        return (s->method->ssl_ctrl(s, cmd, larg, parg));
+    }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        s->msg_callback = (void (*)
+                           (int write_p, int version, int content_type,
+                            const void *buf, size_t len, SSL *ssl,
+                            void *arg))(fp);
+        return 1;
+
+    default:
+        return (s->method->ssl_callback_ctrl(s, cmd, fp));
+    }
+}
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+    return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    long l;
+    /* For some cases with ctx == NULL perform syntax checks */
+    if (ctx == NULL) {
+        switch (cmd) {
+#ifndef OPENSSL_NO_EC
+        case SSL_CTRL_SET_CURVES_LIST:
+            return tls1_set_curves_list(NULL, NULL, parg);
+#endif
+        case SSL_CTRL_SET_SIGALGS_LIST:
+        case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+            return tls1_set_sigalgs_list(NULL, parg, 0);
+        default:
+            return 0;
+        }
+    }
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return (ctx->read_ahead);
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = ctx->read_ahead;
+        ctx->read_ahead = larg;
+        return (l);
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        ctx->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (ctx->max_cert_list);
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        l = ctx->max_cert_list;
+        ctx->max_cert_list = larg;
+        return (l);
+
+    case SSL_CTRL_SET_SESS_CACHE_SIZE:
+        l = ctx->session_cache_size;
+        ctx->session_cache_size = larg;
+        return (l);
+    case SSL_CTRL_GET_SESS_CACHE_SIZE:
+        return (ctx->session_cache_size);
+    case SSL_CTRL_SET_SESS_CACHE_MODE:
+        l = ctx->session_cache_mode;
+        ctx->session_cache_mode = larg;
+        return (l);
+    case SSL_CTRL_GET_SESS_CACHE_MODE:
+        return (ctx->session_cache_mode);
+
+    case SSL_CTRL_SESS_NUMBER:
+        return (lh_SSL_SESSION_num_items(ctx->sessions));
+    case SSL_CTRL_SESS_CONNECT:
+        return (ctx->stats.sess_connect);
+    case SSL_CTRL_SESS_CONNECT_GOOD:
+        return (ctx->stats.sess_connect_good);
+    case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+        return (ctx->stats.sess_connect_renegotiate);
+    case SSL_CTRL_SESS_ACCEPT:
+        return (ctx->stats.sess_accept);
+    case SSL_CTRL_SESS_ACCEPT_GOOD:
+        return (ctx->stats.sess_accept_good);
+    case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+        return (ctx->stats.sess_accept_renegotiate);
+    case SSL_CTRL_SESS_HIT:
+        return (ctx->stats.sess_hit);
+    case SSL_CTRL_SESS_CB_HIT:
+        return (ctx->stats.sess_cb_hit);
+    case SSL_CTRL_SESS_MISSES:
+        return (ctx->stats.sess_miss);
+    case SSL_CTRL_SESS_TIMEOUTS:
+        return (ctx->stats.sess_timeout);
+    case SSL_CTRL_SESS_CACHE_FULL:
+        return (ctx->stats.sess_cache_full);
+    case SSL_CTRL_MODE:
+        return (ctx->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (ctx->mode &= ~larg);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        ctx->max_send_fragment = larg;
+        if (ctx->max_send_fragment < ctx->split_send_fragment)
+            ctx->split_send_fragment = ctx->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
+            return 0;
+        ctx->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        ctx->max_pipelines = larg;
+        return 1;
+    case SSL_CTRL_CERT_FLAGS:
+        return (ctx->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (ctx->cert->cert_flags &= ~larg);
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, ctx->max_proto_version)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return ctx->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(ctx->min_proto_version, larg)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return ctx->max_proto_version;
+    default:
+        return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
+    }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        ctx->msg_callback = (void (*)
+                             (int write_p, int version, int content_type,
+                              const void *buf, size_t len, SSL *ssl,
+                              void *arg))(fp);
+        return 1;
+
+    default:
+        return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
+    }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+    if (a->id > b->id)
+        return 1;
+    if (a->id < b->id)
+        return -1;
+    return 0;
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                          const SSL_CIPHER *const *bp)
+{
+    if ((*ap)->id > (*bp)->id)
+        return 1;
+    if ((*ap)->id < (*bp)->id)
+        return -1;
+    return 0;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list != NULL) {
+            return (s->cipher_list);
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+            return (s->ctx->cipher_list);
+        }
+    }
+    return (NULL);
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+    if ((s == NULL) || (s->session == NULL) || !s->server)
+        return NULL;
+    return s->session->ciphers;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+{
+    STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+    int i;
+    ciphers = SSL_get_ciphers(s);
+    if (!ciphers)
+        return NULL;
+    ssl_set_client_disabled(s);
+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+        if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
+            if (!sk)
+                sk = sk_SSL_CIPHER_new_null();
+            if (!sk)
+                return NULL;
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                sk_SSL_CIPHER_free(sk);
+                return NULL;
+            }
+        }
+    }
+    return sk;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list_by_id != NULL) {
+            return (s->cipher_list_by_id);
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+            return (s->ctx->cipher_list_by_id);
+        }
+    }
+    return (NULL);
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+
+    if (s == NULL)
+        return (NULL);
+    sk = SSL_get_ciphers(s);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+        return (NULL);
+    c = sk_SSL_CIPHER_value(sk, n);
+    if (c == NULL)
+        return (NULL);
+    return (c->name);
+}
+
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+    if (ctx != NULL)
+        return ctx->cipher_list;
+    return NULL;
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
+                                &ctx->cipher_list_by_id, str, ctx->cert);
+    /*
+     * ssl_create_cipher_list may return an empty stack if it was unable to
+     * find a cipher matching the given rule string (for example if the rule
+     * string specifies a cipher which has been disabled). This is not an
+     * error as far as ssl_create_cipher_list is concerned, and hence
+     * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+     */
+    if (sk == NULL)
+        return 0;
+    else if (sk_SSL_CIPHER_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
+                                &s->cipher_list_by_id, str, s->cert);
+    /* see comment in SSL_CTX_set_cipher_list */
+    if (sk == NULL)
+        return 0;
+    else if (sk_SSL_CIPHER_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
+{
+    char *p;
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    int i;
+
+    if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
+        return (NULL);
+
+    p = buf;
+    sk = s->session->ciphers;
+
+    if (sk_SSL_CIPHER_num(sk) == 0)
+        return NULL;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        int n;
+
+        c = sk_SSL_CIPHER_value(sk, i);
+        n = strlen(c->name);
+        if (n + 1 > len) {
+            if (p != buf)
+                --p;
+            *p = '\0';
+            return buf;
+        }
+        memcpy(p, c->name, n + 1);
+        p += n;
+        *(p++) = ':';
+        len -= n + 1;
+    }
+    p[-1] = '\0';
+    return (buf);
+}
+
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+    if (type != TLSEXT_NAMETYPE_host_name)
+        return NULL;
+
+    return s->session && !s->tlsext_hostname ?
+        s->session->tlsext_hostname : s->tlsext_hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+    if (s->session
+        && (!s->tlsext_hostname ? s->session->
+            tlsext_hostname : s->tlsext_hostname))
+        return TLSEXT_NAMETYPE_host_name;
+    return -1;
+}
+
+/*
+ * SSL_select_next_proto implements the standard protocol selection. It is
+ * expected that this function is called from the callback set by
+ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
+ * vector of 8-bit, length prefixed byte strings. The length byte itself is
+ * not included in the length. A byte string of length 0 is invalid. No byte
+ * string may be truncated. The current, but experimental algorithm for
+ * selecting the protocol is: 1) If the server doesn't support NPN then this
+ * is indicated to the callback. In this case, the client application has to
+ * abort the connection or have a default application level protocol. 2) If
+ * the server supports NPN, but advertises an empty list then the client
+ * selects the first protocol in its list, but indicates via the API that this
+ * fallback case was enacted. 3) Otherwise, the client finds the first
+ * protocol in the server's list that it supports and selects this protocol.
+ * This is because it's assumed that the server has better information about
+ * which protocol a client should use. 4) If the client doesn't support any
+ * of the server's advertised protocols, then this is treated the same as
+ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
+ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
+ */
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client, unsigned int client_len)
+{
+    unsigned int i, j;
+    const unsigned char *result;
+    int status = OPENSSL_NPN_UNSUPPORTED;
+
+    /*
+     * For each protocol in server preference order, see if we support it.
+     */
+    for (i = 0; i < server_len;) {
+        for (j = 0; j < client_len;) {
+            if (server[i] == client[j] &&
+                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+                /* We found a match */
+                result = &server[i];
+                status = OPENSSL_NPN_NEGOTIATED;
+                goto found;
+            }
+            j += client[j];
+            j++;
+        }
+        i += server[i];
+        i++;
+    }
+
+    /* There's no overlap between our protocols and the server's list. */
+    result = client;
+    status = OPENSSL_NPN_NO_OVERLAP;
+
+ found:
+    *out = (unsigned char *)result + 1;
+    *outlen = result[0];
+    return status;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * SSL_get0_next_proto_negotiated sets *data and *len to point to the
+ * client's requested protocol for this connection and returns 0. If the
+ * client didn't request any protocol, then *data is set to NULL. Note that
+ * the client can request any protocol it chooses. The value returned from
+ * this function need not be a member of the list of supported protocols
+ * provided by the callback.
+ */
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len)
+{
+    *data = s->next_proto_negotiated;
+    if (!*data) {
+        *len = 0;
+    } else {
+        *len = s->next_proto_negotiated_len;
+    }
+}
+
+/*
+ * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
+ * a TLS server needs a list of supported protocols for Next Protocol
+ * Negotiation. The returned list must be in wire format.  The list is
+ * returned by setting |out| to point to it and |outlen| to its length. This
+ * memory will not be modified, but one should assume that the SSL* keeps a
+ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
+ * wishes to advertise. Otherwise, no such extension will be included in the
+ * ServerHello.
+ */
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                           int (*cb) (SSL *ssl,
+                                                      const unsigned char
+                                                      **out,
+                                                      unsigned int *outlen,
+                                                      void *arg), void *arg)
+{
+    ctx->next_protos_advertised_cb = cb;
+    ctx->next_protos_advertised_cb_arg = arg;
+}
+
+/*
+ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
+ * client needs to select a protocol from the server's provided list. |out|
+ * must be set to point to the selected protocol (which may be within |in|).
+ * The length of the protocol name must be written into |outlen|. The
+ * server's advertised protocols are provided in |in| and |inlen|. The
+ * callback can assume that |in| is syntactically valid. The client must
+ * select a protocol. It is fatal to the connection if this callback returns
+ * a value other than SSL_TLSEXT_ERR_OK.
+ */
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                                      int (*cb) (SSL *s, unsigned char **out,
+                                                 unsigned char *outlen,
+                                                 const unsigned char *in,
+                                                 unsigned int inlen,
+                                                 void *arg), void *arg)
+{
+    ctx->next_proto_select_cb = cb;
+    ctx->next_proto_select_cb_arg = arg;
+}
+#endif
+
+/*
+ * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                            unsigned int protos_len)
+{
+    OPENSSL_free(ctx->alpn_client_proto_list);
+    ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
+    if (ctx->alpn_client_proto_list == NULL) {
+        SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    ctx->alpn_client_proto_list_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                        unsigned int protos_len)
+{
+    OPENSSL_free(ssl->alpn_client_proto_list);
+    ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
+    if (ssl->alpn_client_proto_list == NULL) {
+        SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    ssl->alpn_client_proto_list_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
+ * called during ClientHello processing in order to select an ALPN protocol
+ * from the client's list of offered protocols.
+ */
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg), void *arg)
+{
+    ctx->alpn_select_cb = cb;
+    ctx->alpn_select_cb_arg = arg;
+}
+
+/*
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
+ * (not including the leading length-prefix byte). If the server didn't
+ * respond with a negotiated protocol then |*len| will be zero.
+ */
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len)
+{
+    *data = NULL;
+    if (ssl->s3)
+        *data = ssl->s3->alpn_selected;
+    if (*data == NULL)
+        *len = 0;
+    else
+        *len = ssl->s3->alpn_selected_len;
+}
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *context, size_t contextlen,
+                               int use_context)
+{
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+        return -1;
+
+    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+                                                       llen, context,
+                                                       contextlen, use_context);
+}
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+{
+    const unsigned char *session_id = a->session_id;
+    unsigned long l;
+    unsigned char tmp_storage[4];
+
+    if (a->session_id_length < sizeof(tmp_storage)) {
+        memset(tmp_storage, 0, sizeof(tmp_storage));
+        memcpy(tmp_storage, a->session_id, a->session_id_length);
+        session_id = tmp_storage;
+    }
+
+    l = (unsigned long)
+        ((unsigned long)session_id[0]) |
+        ((unsigned long)session_id[1] << 8L) |
+        ((unsigned long)session_id[2] << 16L) |
+        ((unsigned long)session_id[3] << 24L);
+    return (l);
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+    if (a->ssl_version != b->ssl_version)
+        return (1);
+    if (a->session_id_length != b->session_id_length)
+        return (1);
+    return (memcmp(a->session_id, b->session_id, a->session_id_length));
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+    SSL_CTX *ret = NULL;
+
+    if (meth == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+        return (NULL);
+    }
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
+        return NULL;
+    }
+
+    if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+        goto err;
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->method = meth;
+    ret->min_proto_version = 0;
+    ret->max_proto_version = 0;
+    ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+    ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+    /* We take the system default. */
+    ret->session_timeout = meth->get_timeout();
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+    ret->verify_mode = SSL_VERIFY_NONE;
+    if ((ret->cert = ssl_cert_new()) == NULL)
+        goto err;
+
+    ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
+    if (ret->sessions == NULL)
+        goto err;
+    ret->cert_store = X509_STORE_new();
+    if (ret->cert_store == NULL)
+        goto err;
+#ifndef OPENSSL_NO_CT
+    ret->ctlog_store = CTLOG_STORE_new();
+    if (ret->ctlog_store == NULL)
+        goto err;
+#endif
+    if (!ssl_create_cipher_list(ret->method,
+                                &ret->cipher_list, &ret->cipher_list_by_id,
+                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
+        || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+        goto err2;
+    }
+
+    ret->param = X509_VERIFY_PARAM_new();
+    if (ret->param == NULL)
+        goto err;
+
+    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+        goto err2;
+    }
+    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+        goto err2;
+    }
+
+    if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+        goto err;
+
+    /* No compression for DTLS */
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+        ret->comp_methods = SSL_COMP_get_compression_methods();
+
+    ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+    ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* Setup RFC5077 ticket keys */
+    if ((RAND_bytes(ret->tlsext_tick_key_name,
+                    sizeof(ret->tlsext_tick_key_name)) <= 0)
+        || (RAND_bytes(ret->tlsext_tick_hmac_key,
+                       sizeof(ret->tlsext_tick_hmac_key)) <= 0)
+        || (RAND_bytes(ret->tlsext_tick_aes_key,
+                       sizeof(ret->tlsext_tick_aes_key)) <= 0))
+        ret->options |= SSL_OP_NO_TICKET;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_CTX_SRP_CTX_init(ret))
+        goto err;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#  define eng_strx(x)     #x
+#  define eng_str(x)      eng_strx(x)
+    /* Use specific client engine automatically... ignore errors */
+    {
+        ENGINE *eng;
+        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        if (!eng) {
+            ERR_clear_error();
+            ENGINE_load_builtin_engines();
+            eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        }
+        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+            ERR_clear_error();
+    }
+# endif
+#endif
+    /*
+     * Default is to connect to non-RI servers. When RI is more widely
+     * deployed might change this.
+     */
+    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+    /*
+     * Disable compression by default to prevent CRIME. Applications can
+     * re-enable compression by configuring
+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
+     * or by using the SSL_CONF library.
+     */
+    ret->options |= SSL_OP_NO_COMPRESSION;
+
+    ret->tlsext_status_type = -1;
+
+    return ret;
+ err:
+    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+    SSL_CTX_free(ret);
+    return NULL;
+}
+
+int SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_CTX", ctx);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+
+    CRYPTO_atomic_add(&a->references, -1, &i, a->lock);
+    REF_PRINT_COUNT("SSL_CTX", a);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(a->param);
+    dane_ctx_final(&a->dane);
+
+    /*
+     * Free internal session cache. However: the remove_cb() may reference
+     * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+     * after the sessions were flushed.
+     * As the ex_data handling routines might also touch the session cache,
+     * the most secure solution seems to be: empty (flush) the cache, then
+     * free ex_data, then finally free the cache.
+     * (See ticket [openssl.org #212].)
+     */
+    if (a->sessions != NULL)
+        SSL_CTX_flush_sessions(a, 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+    lh_SSL_SESSION_free(a->sessions);
+    X509_STORE_free(a->cert_store);
+#ifndef OPENSSL_NO_CT
+    CTLOG_STORE_free(a->ctlog_store);
+#endif
+    sk_SSL_CIPHER_free(a->cipher_list);
+    sk_SSL_CIPHER_free(a->cipher_list_by_id);
+    ssl_cert_free(a->cert);
+    sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
+    sk_X509_pop_free(a->extra_certs, X509_free);
+    a->comp_methods = NULL;
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+#ifndef OPENSSL_NO_SRP
+    SSL_CTX_SRP_CTX_free(a);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(a->tlsext_ecpointformatlist);
+    OPENSSL_free(a->tlsext_ellipticcurvelist);
+#endif
+    OPENSSL_free(a->alpn_client_proto_list);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+    ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+    ctx->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback;
+}
+
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback_userdata;
+}
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
+{
+    s->default_passwd_callback = cb;
+}
+
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
+{
+    s->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
+{
+    return s->default_passwd_callback;
+}
+
+void *SSL_get_default_passwd_cb_userdata(SSL *s)
+{
+    return s->default_passwd_callback_userdata;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg)
+{
+    ctx->app_verify_callback = cb;
+    ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                        int (*cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_mode = mode;
+    ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(c->cert, cb, arg);
+}
+
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(s->cert, cb, arg);
+}
+
+void ssl_set_masks(SSL *s)
+{
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)
+    CERT_PKEY *cpk;
+#endif
+    CERT *c = s->cert;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+    unsigned long mask_k, mask_a;
+#ifndef OPENSSL_NO_EC
+    int have_ecc_cert, ecdsa_ok;
+    X509 *x = NULL;
+#endif
+    if (c == NULL)
+        return;
+
+#ifndef OPENSSL_NO_DH
+    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+#else
+    dh_tmp = 0;
+#endif
+
+    rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
+    rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
+    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
+#ifndef OPENSSL_NO_EC
+    have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
+#endif
+    mask_k = 0;
+    mask_a = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
+            dh_tmp, rsa_enc, rsa_sign, dsa_sign);
+#endif
+
+#ifndef OPENSSL_NO_GOST
+    cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    cpk = &(c->pkeys[SSL_PKEY_GOST12_256]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    cpk = &(c->pkeys[SSL_PKEY_GOST01]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST01;
+    }
+#endif
+
+    if (rsa_enc)
+        mask_k |= SSL_kRSA;
+
+    if (dh_tmp)
+        mask_k |= SSL_kDHE;
+
+    if (rsa_enc || rsa_sign) {
+        mask_a |= SSL_aRSA;
+    }
+
+    if (dsa_sign) {
+        mask_a |= SSL_aDSS;
+    }
+
+    mask_a |= SSL_aNULL;
+
+    /*
+     * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+     * depending on the key usage extension.
+     */
+#ifndef OPENSSL_NO_EC
+    if (have_ecc_cert) {
+        uint32_t ex_kusage;
+        cpk = &c->pkeys[SSL_PKEY_ECC];
+        x = cpk->x509;
+        ex_kusage = X509_get_key_usage(x);
+        ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
+        if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
+            ecdsa_ok = 0;
+        if (ecdsa_ok)
+            mask_a |= SSL_aECDSA;
+    }
+#endif
+
+#ifndef OPENSSL_NO_EC
+    mask_k |= SSL_kECDHE;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    mask_k |= SSL_kPSK;
+    mask_a |= SSL_aPSK;
+    if (mask_k & SSL_kRSA)
+        mask_k |= SSL_kRSAPSK;
+    if (mask_k & SSL_kDHE)
+        mask_k |= SSL_kDHEPSK;
+    if (mask_k & SSL_kECDHE)
+        mask_k |= SSL_kECDHEPSK;
+#endif
+
+    s->s3->tmp.mask_k = mask_k;
+    s->s3->tmp.mask_a = mask_a;
+}
+
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
+{
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
+        /* key usage, if present, must allow signing */
+        if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
+            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                   SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+            return 0;
+        }
+    }
+    return 1;                   /* all checks are ok */
+}
+
+#endif
+
+static int ssl_get_server_cert_index(const SSL *s)
+{
+    int idx;
+    idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
+    if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
+        idx = SSL_PKEY_RSA_SIGN;
+    if (idx == SSL_PKEY_GOST_EC) {
+        if (s->cert->pkeys[SSL_PKEY_GOST12_512].x509)
+            idx = SSL_PKEY_GOST12_512;
+        else if (s->cert->pkeys[SSL_PKEY_GOST12_256].x509)
+            idx = SSL_PKEY_GOST12_256;
+        else if (s->cert->pkeys[SSL_PKEY_GOST01].x509)
+            idx = SSL_PKEY_GOST01;
+        else
+            idx = -1;
+    }
+    if (idx == -1)
+        SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
+    return idx;
+}
+
+CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
+{
+    CERT *c;
+    int i;
+
+    c = s->cert;
+    if (!s->s3 || !s->s3->tmp.new_cipher)
+        return NULL;
+    ssl_set_masks(s);
+
+    i = ssl_get_server_cert_index(s);
+
+    /* This may or may not be an error. */
+    if (i < 0)
+        return NULL;
+
+    /* May be NULL. */
+    return &c->pkeys[i];
+}
+
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
+                            const EVP_MD **pmd)
+{
+    unsigned long alg_a;
+    CERT *c;
+    int idx = -1;
+
+    alg_a = cipher->algorithm_auth;
+    c = s->cert;
+
+    if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+        idx = SSL_PKEY_DSA_SIGN;
+    else if (alg_a & SSL_aRSA) {
+        if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+            idx = SSL_PKEY_RSA_SIGN;
+        else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+            idx = SSL_PKEY_RSA_ENC;
+    } else if ((alg_a & SSL_aECDSA) &&
+               (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+        idx = SSL_PKEY_ECC;
+    if (idx == -1) {
+        SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
+        return (NULL);
+    }
+    if (pmd)
+        *pmd = s->s3->tmp.md[idx];
+    return c->pkeys[idx].privatekey;
+}
+
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+                                   size_t *serverinfo_length)
+{
+    CERT *c = NULL;
+    int i = 0;
+    *serverinfo_length = 0;
+
+    c = s->cert;
+    i = ssl_get_server_cert_index(s);
+
+    if (i == -1)
+        return 0;
+    if (c->pkeys[i].serverinfo == NULL)
+        return 0;
+
+    *serverinfo = c->pkeys[i].serverinfo;
+    *serverinfo_length = c->pkeys[i].serverinfo_length;
+    return 1;
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+    int i;
+
+    /*
+     * If the session_id_length is 0, we are not supposed to cache it, and it
+     * would be rather hard to do anyway :-)
+     */
+    if (s->session->session_id_length == 0)
+        return;
+
+    /*
+     * If sid_ctx_length is 0 there is no specific application context
+     * associated with this session, so when we try to resume it and
+     * SSL_VERIFY_PEER is requested, we have no indication that this is
+     * actually a session for the proper application context, and the
+     * *handshake* will fail, not just the resumption attempt.
+     * Do not cache these sessions that are not resumable.
+     */
+    if (s->session->sid_ctx_length == 0
+            && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+        return;
+
+    i = s->session_ctx->session_cache_mode;
+    if ((i & mode) && (!s->hit)
+        && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+            || SSL_CTX_add_session(s->session_ctx, s->session))
+        && (s->session_ctx->new_session_cb != NULL)) {
+        SSL_SESSION_up_ref(s->session);
+        if (!s->session_ctx->new_session_cb(s, s->session))
+            SSL_SESSION_free(s->session);
+    }
+
+    /* auto flush every 255 connections */
+    if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+        if ((((mode & SSL_SESS_CACHE_CLIENT)
+              ? s->session_ctx->stats.sess_connect_good
+              : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+            SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
+        }
+    }
+}
+
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+{
+    return ctx->method;
+}
+
+const SSL_METHOD *SSL_get_ssl_method(SSL *s)
+{
+    return (s->method);
+}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
+{
+    int ret = 1;
+
+    if (s->method != meth) {
+        const SSL_METHOD *sm = s->method;
+        int (*hf) (SSL *) = s->handshake_func;
+
+        if (sm->version == meth->version)
+            s->method = meth;
+        else {
+            sm->ssl_free(s);
+            s->method = meth;
+            ret = s->method->ssl_new(s);
+        }
+
+        if (hf == sm->ssl_connect)
+            s->handshake_func = meth->ssl_connect;
+        else if (hf == sm->ssl_accept)
+            s->handshake_func = meth->ssl_accept;
+    }
+    return (ret);
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+    int reason;
+    unsigned long l;
+    BIO *bio;
+
+    if (i > 0)
+        return (SSL_ERROR_NONE);
+
+    /*
+     * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+     * where we do encode the error
+     */
+    if ((l = ERR_peek_error()) != 0) {
+        if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+            return (SSL_ERROR_SYSCALL);
+        else
+            return (SSL_ERROR_SSL);
+    }
+
+    if (i < 0) {
+        if (SSL_want_read(s)) {
+            bio = SSL_get_rbio(s);
+            if (BIO_should_read(bio))
+                return (SSL_ERROR_WANT_READ);
+            else if (BIO_should_write(bio))
+                /*
+                 * This one doesn't make too much sense ... We never try to write
+                 * to the rbio, and an application program where rbio and wbio
+                 * are separate couldn't even know what it should wait for.
+                 * However if we ever set s->rwstate incorrectly (so that we have
+                 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+                 * wbio *are* the same, this test works around that bug; so it
+                 * might be safer to keep it.
+                 */
+                return (SSL_ERROR_WANT_WRITE);
+            else if (BIO_should_io_special(bio)) {
+                reason = BIO_get_retry_reason(bio);
+                if (reason == BIO_RR_CONNECT)
+                    return (SSL_ERROR_WANT_CONNECT);
+                else if (reason == BIO_RR_ACCEPT)
+                    return (SSL_ERROR_WANT_ACCEPT);
+                else
+                    return (SSL_ERROR_SYSCALL); /* unknown */
+            }
+        }
+
+        if (SSL_want_write(s)) {
+            /*
+             * Access wbio directly - in order to use the buffered bio if
+             * present
+             */
+            bio = s->wbio;
+            if (BIO_should_write(bio))
+                return (SSL_ERROR_WANT_WRITE);
+            else if (BIO_should_read(bio))
+                /*
+                 * See above (SSL_want_read(s) with BIO_should_write(bio))
+                 */
+                return (SSL_ERROR_WANT_READ);
+            else if (BIO_should_io_special(bio)) {
+                reason = BIO_get_retry_reason(bio);
+                if (reason == BIO_RR_CONNECT)
+                    return (SSL_ERROR_WANT_CONNECT);
+                else if (reason == BIO_RR_ACCEPT)
+                    return (SSL_ERROR_WANT_ACCEPT);
+                else
+                    return (SSL_ERROR_SYSCALL);
+            }
+        }
+        if (SSL_want_x509_lookup(s)) {
+            return (SSL_ERROR_WANT_X509_LOOKUP);
+        }
+        if (SSL_want_async(s)) {
+            return SSL_ERROR_WANT_ASYNC;
+        }
+        if (SSL_want_async_job(s)) {
+            return SSL_ERROR_WANT_ASYNC_JOB;
+        }
+    }
+
+    if (i == 0) {
+        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+            (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+            return (SSL_ERROR_ZERO_RETURN);
+    }
+    return (SSL_ERROR_SYSCALL);
+}
+
+static int ssl_do_handshake_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+
+    return s->handshake_func(s);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+    int ret = 1;
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+        return -1;
+    }
+
+    s->method->ssl_renegotiate_check(s);
+
+    if (SSL_in_init(s) || SSL_in_before(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            args.s = s;
+
+            ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+        } else {
+            ret = s->handshake_func(s);
+        }
+    }
+    return ret;
+}
+
+void SSL_set_accept_state(SSL *s)
+{
+    s->server = 1;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_accept;
+    clear_ciphers(s);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+    s->server = 0;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_connect;
+    clear_ciphers(s);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (0);
+}
+
+int ssl_undefined_void_function(void)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (0);
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+    return (0);
+}
+
+const SSL_METHOD *ssl_bad_method(int ver)
+{
+    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (NULL);
+}
+
+const char *ssl_protocol_to_string(int version)
+{
+    if (version == TLS1_2_VERSION)
+        return "TLSv1.2";
+    else if (version == TLS1_1_VERSION)
+        return "TLSv1.1";
+    else if (version == TLS1_VERSION)
+        return "TLSv1";
+    else if (version == SSL3_VERSION)
+        return "SSLv3";
+    else if (version == DTLS1_BAD_VER)
+        return "DTLSv0.9";
+    else if (version == DTLS1_VERSION)
+        return "DTLSv1";
+    else if (version == DTLS1_2_VERSION)
+        return "DTLSv1.2";
+    else
+        return ("unknown");
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+    return ssl_protocol_to_string(s->version);
+}
+
+SSL *SSL_dup(SSL *s)
+{
+    STACK_OF(X509_NAME) *sk;
+    X509_NAME *xn;
+    SSL *ret;
+    int i;
+
+    /* If we're not quiescent, just up_ref! */
+    if (!SSL_in_init(s) || !SSL_in_before(s)) {
+        CRYPTO_atomic_add(&s->references, 1, &i, s->lock);
+        return s;
+    }
+
+    /*
+     * Otherwise, copy configuration state, and session if set.
+     */
+    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+        return (NULL);
+
+    if (s->session != NULL) {
+        /*
+         * Arranges to share the same session via up_ref.  This "copies"
+         * session-id, SSL_METHOD, sid_ctx, and 'cert'
+         */
+        if (!SSL_copy_session_id(ret, s))
+            goto err;
+    } else {
+        /*
+         * No session has been established yet, so we have to expect that
+         * s->cert or ret->cert will be changed later -- they should not both
+         * point to the same object, and thus we can't use
+         * SSL_copy_session_id.
+         */
+        if (!SSL_set_ssl_method(ret, s->method))
+            goto err;
+
+        if (s->cert != NULL) {
+            ssl_cert_free(ret->cert);
+            ret->cert = ssl_cert_dup(s->cert);
+            if (ret->cert == NULL)
+                goto err;
+        }
+
+        if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
+            goto err;
+    }
+
+    if (!ssl_dane_dup(ret, s))
+        goto err;
+    ret->version = s->version;
+    ret->options = s->options;
+    ret->mode = s->mode;
+    SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+    SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+    ret->msg_callback = s->msg_callback;
+    ret->msg_callback_arg = s->msg_callback_arg;
+    SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+    SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+    ret->generate_session_id = s->generate_session_id;
+
+    SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+    /* copy app data, a little dangerous perhaps */
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+        goto err;
+
+    /* setup rbio, and wbio */
+    if (s->rbio != NULL) {
+        if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
+            goto err;
+    }
+    if (s->wbio != NULL) {
+        if (s->wbio != s->rbio) {
+            if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
+                goto err;
+        } else {
+            BIO_up_ref(ret->rbio);
+            ret->wbio = ret->rbio;
+        }
+    }
+
+    ret->server = s->server;
+    if (s->handshake_func) {
+        if (s->server)
+            SSL_set_accept_state(ret);
+        else
+            SSL_set_connect_state(ret);
+    }
+    ret->shutdown = s->shutdown;
+    ret->hit = s->hit;
+
+    ret->default_passwd_callback = s->default_passwd_callback;
+    ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
+
+    X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+    /* dup the cipher_list and cipher_list_by_id stacks */
+    if (s->cipher_list != NULL) {
+        if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+            goto err;
+    }
+    if (s->cipher_list_by_id != NULL)
+        if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+            == NULL)
+            goto err;
+
+    /* Dup the client_CA list */
+    if (s->client_CA != NULL) {
+        if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
+            goto err;
+        ret->client_CA = sk;
+        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+            xn = sk_X509_NAME_value(sk, i);
+            if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
+                X509_NAME_free(xn);
+                goto err;
+            }
+        }
+    }
+    return ret;
+
+ err:
+    SSL_free(ret);
+    return NULL;
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+    if (s->enc_read_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_read_ctx);
+        s->enc_read_ctx = NULL;
+    }
+    if (s->enc_write_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    COMP_CTX_free(s->expand);
+    s->expand = NULL;
+    COMP_CTX_free(s->compress);
+    s->compress = NULL;
+#endif
+}
+
+X509 *SSL_get_certificate(const SSL *s)
+{
+    if (s->cert != NULL)
+        return (s->cert->key->x509);
+    else
+        return (NULL);
+}
+
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
+{
+    if (s->cert != NULL)
+        return (s->cert->key->privatekey);
+    else
+        return (NULL);
+}
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->x509;
+    else
+        return NULL;
+}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->privatekey;
+    else
+        return NULL;
+}
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+    if ((s->session != NULL) && (s->session->cipher != NULL))
+        return (s->session->cipher);
+    return (NULL);
+}
+
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+int ssl_init_wbio_buffer(SSL *s)
+{
+    BIO *bbio;
+
+    if (s->bbio != NULL) {
+        /* Already buffered. */
+        return 1;
+    }
+
+    bbio = BIO_new(BIO_f_buffer());
+    if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
+        BIO_free(bbio);
+        SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+        return 0;
+    }
+    s->bbio = bbio;
+    s->wbio = BIO_push(bbio, s->wbio);
+
+    return 1;
+}
+
+void ssl_free_wbio_buffer(SSL *s)
+{
+    /* callers ensure s is never null */
+    if (s->bbio == NULL)
+        return;
+
+    s->wbio = BIO_pop(s->wbio);
+    assert(s->wbio != NULL);
+    BIO_free(s->bbio);
+    s->bbio = NULL;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+    ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+    return (ctx->quiet_shutdown);
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+    s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+    return (s->quiet_shutdown);
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+    s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+    return s->shutdown;
+}
+
+int SSL_version(const SSL *s)
+{
+    return s->version;
+}
+
+int SSL_client_version(const SSL *s)
+{
+    return s->client_version;
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+    return ssl->ctx;
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+    CERT *new_cert;
+    if (ssl->ctx == ctx)
+        return ssl->ctx;
+    if (ctx == NULL)
+        ctx = ssl->session_ctx;
+    new_cert = ssl_cert_dup(ctx->cert);
+    if (new_cert == NULL) {
+        return NULL;
+    }
+
+    if (!custom_exts_copy_flags(&new_cert->srv_ext, &ssl->cert->srv_ext)) {
+        ssl_cert_free(new_cert);
+        return NULL;
+    }
+
+    ssl_cert_free(ssl->cert);
+    ssl->cert = new_cert;
+
+    /*
+     * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+     * so setter APIs must prevent invalid lengths from entering the system.
+     */
+    OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+
+    /*
+     * If the session ID context matches that of the parent SSL_CTX,
+     * inherit it from the new SSL_CTX as well. If however the context does
+     * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+     * leave it unchanged.
+     */
+    if ((ssl->ctx != NULL) &&
+        (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+        (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
+        ssl->sid_ctx_length = ctx->sid_ctx_length;
+        memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+    }
+
+    SSL_CTX_up_ref(ctx);
+    SSL_CTX_free(ssl->ctx);     /* decrement reference count */
+    ssl->ctx = ctx;
+
+    return ssl->ctx;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return (X509_STORE_set_default_paths(ctx->cert_store));
+}
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath)
+{
+    return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
+}
+
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val))
+{
+    ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+                                               int /* type */ ,
+                                               int /* val */ ) {
+    return ssl->info_callback;
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+    ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return (ssl->verify_result);
+}
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->client_random);
+    if (outlen > sizeof(ssl->s3->client_random))
+        outlen = sizeof(ssl->s3->client_random);
+    memcpy(out, ssl->s3->client_random, outlen);
+    return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->server_random);
+    if (outlen > sizeof(ssl->s3->server_random))
+        outlen = sizeof(ssl->s3->server_random);
+    memcpy(out, ssl->s3->server_random, outlen);
+    return outlen;
+}
+
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen)
+{
+    if (session->master_key_length < 0) {
+        /* Should never happen */
+        return 0;
+    }
+    if (outlen == 0)
+        return session->master_key_length;
+    if (outlen > (size_t)session->master_key_length)
+        outlen = session->master_key_length;
+    memcpy(out, session->master_key, outlen);
+    return outlen;
+}
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int ssl_ok(SSL *s)
+{
+    return (1);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+    return (ctx->cert_store);
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    X509_STORE_free(ctx->cert_store);
+    ctx->cert_store = store;
+}
+
+int SSL_want(const SSL *s)
+{
+    return (s->rwstate);
+}
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+                                                  int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+{
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(ctx->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (ctx->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        ctx->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+{
+    if (s == NULL)
+        return 0;
+
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(s->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (s->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        s->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+const char *SSL_get_psk_identity_hint(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return (s->session->psk_identity_hint);
+}
+
+const char *SSL_get_psk_identity(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return (s->session->psk_identity);
+}
+
+void SSL_set_psk_client_callback(SSL *s,
+                                 unsigned int (*cb) (SSL *ssl,
+                                                     const char *hint,
+                                                     char *identity,
+                                                     unsigned int
+                                                     max_identity_len,
+                                                     unsigned char *psk,
+                                                     unsigned int max_psk_len))
+{
+    s->psk_client_callback = cb;
+}
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+                                     unsigned int (*cb) (SSL *ssl,
+                                                         const char *hint,
+                                                         char *identity,
+                                                         unsigned int
+                                                         max_identity_len,
+                                                         unsigned char *psk,
+                                                         unsigned int
+                                                         max_psk_len))
+{
+    ctx->psk_client_callback = cb;
+}
+
+void SSL_set_psk_server_callback(SSL *s,
+                                 unsigned int (*cb) (SSL *ssl,
+                                                     const char *identity,
+                                                     unsigned char *psk,
+                                                     unsigned int max_psk_len))
+{
+    s->psk_server_callback = cb;
+}
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+                                     unsigned int (*cb) (SSL *ssl,
+                                                         const char *identity,
+                                                         unsigned char *psk,
+                                                         unsigned int
+                                                         max_psk_len))
+{
+    ctx->psk_server_callback = cb;
+}
+#endif
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                          (void (*)(void))cb);
+}
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                      (void (*)(void))cb);
+}
+
+/*
+ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
+{
+    ssl_clear_hash_ctx(hash);
+    *hash = EVP_MD_CTX_new();
+    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+        EVP_MD_CTX_free(*hash);
+        *hash = NULL;
+        return NULL;
+    }
+    return *hash;
+}
+
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
+{
+
+    if (*hash)
+        EVP_MD_CTX_free(*hash);
+    *hash = NULL;
+}
+
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
+{
+    EVP_MD_CTX *ctx = NULL;
+    EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+    int ret = EVP_MD_CTX_size(hdgst);
+    if (ret < 0 || ret > outlen) {
+        ret = 0;
+        goto err;
+    }
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ret = 0;
+        goto err;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+        || EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
+        ret = 0;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int SSL_session_reused(SSL *s)
+{
+    return s->hit;
+}
+
+int SSL_is_server(const SSL *s)
+{
+    return s->server;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_set_debug(SSL *s, int debug)
+{
+    /* Old function was do-nothing anyway... */
+    (void)s;
+    (void)debug;
+}
+#endif
+
+void SSL_set_security_level(SSL *s, int level)
+{
+    s->cert->sec_level = level;
+}
+
+int SSL_get_security_level(const SSL *s)
+{
+    return s->cert->sec_level;
+}
+
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex))
+{
+    s->cert->sec_cb = cb;
+}
+
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex) {
+    return s->cert->sec_cb;
+}
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+{
+    s->cert->sec_ex = ex;
+}
+
+void *SSL_get0_security_ex_data(const SSL *s)
+{
+    return s->cert->sec_ex;
+}
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+{
+    ctx->cert->sec_level = level;
+}
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_level;
+}
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex))
+{
+    ctx->cert->sec_cb = cb;
+}
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex) {
+    return ctx->cert->sec_cb;
+}
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+{
+    ctx->cert->sec_ex = ex;
+}
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_ex;
+}
+
+/*
+ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
+ * can return unsigned long, instead of the generic long return value from the
+ * control interface.
+ */
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+{
+    return ctx->options;
+}
+
+unsigned long SSL_get_options(const SSL *s)
+{
+    return s->options;
+}
+
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options |= op;
+}
+
+unsigned long SSL_set_options(SSL *s, unsigned long op)
+{
+    return s->options |= op;
+}
+
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options &= ~op;
+}
+
+unsigned long SSL_clear_options(SSL *s, unsigned long op)
+{
+    return s->options &= ~op;
+}
+
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+    return s->verified_chain;
+}
+
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Moves SCTs from the |src| stack to the |dst| stack.
+ * The source of each SCT will be set to |origin|.
+ * If |dst| points to a NULL pointer, a new stack will be created and owned by
+ * the caller.
+ * Returns the number of SCTs moved, or a negative integer if an error occurs.
+ */
+static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
+                        sct_source_t origin)
+{
+    int scts_moved = 0;
+    SCT *sct = NULL;
+
+    if (*dst == NULL) {
+        *dst = sk_SCT_new_null();
+        if (*dst == NULL) {
+            SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    while ((sct = sk_SCT_pop(src)) != NULL) {
+        if (SCT_set_source(sct, origin) != 1)
+            goto err;
+
+        if (sk_SCT_push(*dst, sct) <= 0)
+            goto err;
+        scts_moved += 1;
+    }
+
+    return scts_moved;
+ err:
+    if (sct != NULL)
+        sk_SCT_push(src, sct);  /* Put the SCT back */
+    return -1;
+}
+
+/*
+ * Look for data collected during ServerHello and parse if found.
+ * Returns the number of SCTs extracted.
+ */
+static int ct_extract_tls_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+
+    if (s->tlsext_scts != NULL) {
+        const unsigned char *p = s->tlsext_scts;
+        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len);
+
+        scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Checks for an OCSP response and then attempts to extract any SCTs found if it
+ * contains an SCT X509 extension. They will be stored in |s->scts|.
+ * Returns:
+ * - The number of SCTs extracted, assuming an OCSP response exists.
+ * - 0 if no OCSP response exists or it contains no SCTs.
+ * - A negative integer if an error occurs.
+ */
+static int ct_extract_ocsp_response_scts(SSL *s)
+{
+# ifndef OPENSSL_NO_OCSP
+    int scts_extracted = 0;
+    const unsigned char *p;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    STACK_OF(SCT) *scts = NULL;
+    int i;
+
+    if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0)
+        goto err;
+
+    p = s->tlsext_ocsp_resp;
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen);
+    if (rsp == NULL)
+        goto err;
+
+    br = OCSP_response_get1_basic(rsp);
+    if (br == NULL)
+        goto err;
+
+    for (i = 0; i < OCSP_resp_count(br); ++i) {
+        OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
+
+        if (single == NULL)
+            continue;
+
+        scts =
+            OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
+        if (scts_extracted < 0)
+            goto err;
+    }
+ err:
+    SCT_LIST_free(scts);
+    OCSP_BASICRESP_free(br);
+    OCSP_RESPONSE_free(rsp);
+    return scts_extracted;
+# else
+    /* Behave as if no OCSP response exists */
+    return 0;
+# endif
+}
+
+/*
+ * Attempts to extract SCTs from the peer certificate.
+ * Return the number of SCTs extracted, or a negative integer if an error
+ * occurs.
+ */
+static int ct_extract_x509v3_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+
+    if (cert != NULL) {
+        STACK_OF(SCT) *scts =
+            X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
+
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Attempts to find all received SCTs by checking TLS extensions, the OCSP
+ * response (if it exists) and X509v3 extensions in the certificate.
+ * Returns NULL if an error occurs.
+ */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
+{
+    if (!s->scts_parsed) {
+        if (ct_extract_tls_extension_scts(s) < 0 ||
+            ct_extract_ocsp_response_scts(s) < 0 ||
+            ct_extract_x509v3_extension_scts(s) < 0)
+            goto err;
+
+        s->scts_parsed = 1;
+    }
+    return s->scts;
+ err:
+    return NULL;
+}
+
+static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
+                         const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    return 1;
+}
+
+static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
+                     const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    int count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < count; ++i) {
+        SCT *sct = sk_SCT_value(scts, i);
+        int status = SCT_get_validation_status(sct);
+
+        if (status == SCT_VALIDATION_STATUS_VALID)
+            return 1;
+    }
+    SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
+    return 0;
+}
+
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look
+     * for this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    if (callback != NULL) {
+        /*
+         * If we are validating CT, then we MUST accept SCTs served via OCSP
+         */
+        if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
+            return 0;
+    }
+
+    s->ct_validation_callback = callback;
+    s->ct_validation_callback_arg = arg;
+
+    return 1;
+}
+
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback, void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look for
+     * this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    ctx->ct_validation_callback = callback;
+    ctx->ct_validation_callback_arg = arg;
+    return 1;
+}
+
+int SSL_ct_is_enabled(const SSL *s)
+{
+    return s->ct_validation_callback != NULL;
+}
+
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
+{
+    return ctx->ct_validation_callback != NULL;
+}
+
+int ssl_validate_ct(SSL *s)
+{
+    int ret = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+    X509 *issuer;
+    SSL_DANE *dane = &s->dane;
+    CT_POLICY_EVAL_CTX *ctx = NULL;
+    const STACK_OF(SCT) *scts;
+
+    /*
+     * If no callback is set, the peer is anonymous, or its chain is invalid,
+     * skip SCT validation - just return success.  Applications that continue
+     * handshakes without certificates, with unverified chains, or pinned leaf
+     * certificates are outside the scope of the WebPKI and CT.
+     *
+     * The above exclusions notwithstanding the vast majority of peers will
+     * have rather ordinary certificate chains validated by typical
+     * applications that perform certificate verification and therefore will
+     * process SCTs when enabled.
+     */
+    if (s->ct_validation_callback == NULL || cert == NULL ||
+        s->verify_result != X509_V_OK ||
+        s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
+        return 1;
+
+    /*
+     * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
+     * trust-anchors.  See https://tools.ietf.org/html/rfc7671#section-4.2
+     */
+    if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
+        switch (dane->mtlsa->usage) {
+        case DANETLS_USAGE_DANE_TA:
+        case DANETLS_USAGE_DANE_EE:
+            return 1;
+        }
+    }
+
+    ctx = CT_POLICY_EVAL_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    issuer = sk_X509_value(s->verified_chain, 1);
+    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
+
+    scts = SSL_get0_peer_scts(s);
+
+    /*
+     * This function returns success (> 0) only when all the SCTs are valid, 0
+     * when some are invalid, and < 0 on various internal errors (out of
+     * memory, etc.).  Having some, or even all, invalid SCTs is not sufficient
+     * reason to abort the handshake, that decision is up to the callback.
+     * Therefore, we error out only in the unexpected case that the return
+     * value is negative.
+     *
+     * XXX: One might well argue that the return value of this function is an
+     * unfortunate design choice.  Its job is only to determine the validation
+     * status of each of the provided SCTs.  So long as it correctly separates
+     * the wheat from the chaff it should return success.  Failure in this case
+     * ought to correspond to an inability to carry out its duties.
+     */
+    if (SCT_LIST_validate(scts, ctx) < 0) {
+        SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED);
+        goto end;
+    }
+
+    ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
+    if (ret < 0)
+        ret = 0;                /* This function returns 0 on failure */
+
+ end:
+    CT_POLICY_EVAL_CTX_free(ctx);
+    /*
+     * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+     * failure return code here.  Also the application may wish the complete
+     * the handshake, and then disconnect cleanly at a higher layer, after
+     * checking the verification status of the completed connection.
+     *
+     * We therefore force a certificate verification failure which will be
+     * visible via SSL_get_verify_result() and cached as part of any resumed
+     * session.
+     *
+     * Note: the permissive callback is for information gathering only, always
+     * returns success, and does not affect verification status.  Only the
+     * strict callback or a custom application-specified callback can trigger
+     * connection failure or record a verification error.
+     */
+    if (ret <= 0)
+        s->verify_result = X509_V_ERR_NO_VALID_SCTS;
+    return ret;
+}
+
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
+    }
+}
+
+int SSL_enable_ct(SSL *s, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_set_ct_validation_callback(s, ct_strict, NULL);
+    }
+}
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
+{
+    return CTLOG_STORE_load_default_file(ctx->ctlog_store);
+}
+
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    return CTLOG_STORE_load_file(ctx->ctlog_store, path);
+}
+
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
+{
+    CTLOG_STORE_free(ctx->ctlog_store);
+    ctx->ctlog_store = logs;
+}
+
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
+{
+    return ctx->ctlog_store;
+}
+
+#endif
diff --git a/openssl-1.1.0h/ssl/ssl_locl.h b/openssl-1.1.0h/ssl/ssl_locl.h
new file mode 100644
index 0000000..d86bd7e
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_locl.h
@@ -0,0 +1,2133 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+# define HEADER_SSL_LOCL_H
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include "e_os.h"
+# if defined(__unix) || defined(__unix__)
+#  include <sys/time.h>         /* struct timeval for DTLS */
+# endif
+
+# include <openssl/buffer.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/async.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include "record/record.h"
+# include "statem/statem.h"
+# include "packet_locl.h"
+# include "internal/dane.h"
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# undef PKCS1_CHECK
+
+# define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+
+# define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+
+# define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                             (((unsigned int)((c)[1]))    )),(c)+=2)
+# define s2n(s,c)        (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
+                           (c)[1]=(unsigned char)(((s)    )&0xff)),(c)+=2)
+
+# define n2l3(c,l)       ((l =(((unsigned long)((c)[0]))<<16)| \
+                              (((unsigned long)((c)[1]))<< 8)| \
+                              (((unsigned long)((c)[2]))    )),(c)+=3)
+
+# define l2n3(l,c)       (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
+                           (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
+                           (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
+
+/*
+ * DTLS version numbers are strange because they're inverted. Except for
+ * DTLS1_BAD_VER, which should be considered "lower" than the rest.
+ */
+# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
+# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
+# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
+
+/* LOCAL STUFF */
+
+# define SSL_DECRYPT     0
+# define SSL_ENCRYPT     1
+
+# define TWO_BYTE_BIT    0x80
+# define SEC_ESC_BIT     0x40
+# define TWO_BYTE_MASK   0x7fff
+# define THREE_BYTE_MASK 0x3fff
+
+# define INC32(a)        ((a)=((a)+1)&0xffffffffL)
+# define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
+# define MAX_MAC_SIZE    20     /* up from 16 for SSLv3 */
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+
+/* Bits for algorithm_mkey (key exchange algorithm) */
+/* RSA key exchange */
+# define SSL_kRSA                0x00000001U
+/* tmp DH key no DH cert */
+# define SSL_kDHE                0x00000002U
+/* synonym */
+# define SSL_kEDH                SSL_kDHE
+/* ephemeral ECDH */
+# define SSL_kECDHE              0x00000004U
+/* synonym */
+# define SSL_kEECDH              SSL_kECDHE
+/* PSK */
+# define SSL_kPSK                0x00000008U
+/* GOST key exchange */
+# define SSL_kGOST               0x00000010U
+/* SRP */
+# define SSL_kSRP                0x00000020U
+
+# define SSL_kRSAPSK             0x00000040U
+# define SSL_kECDHEPSK           0x00000080U
+# define SSL_kDHEPSK             0x00000100U
+
+/* all PSK */
+
+# define SSL_PSK     (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
+/* Bits for algorithm_auth (server authentication) */
+/* RSA auth */
+# define SSL_aRSA                0x00000001U
+/* DSS auth */
+# define SSL_aDSS                0x00000002U
+/* no auth (i.e. use ADH or AECDH) */
+# define SSL_aNULL               0x00000004U
+/* ECDSA auth*/
+# define SSL_aECDSA              0x00000008U
+/* PSK auth */
+# define SSL_aPSK                0x00000010U
+/* GOST R 34.10-2001 signature auth */
+# define SSL_aGOST01             0x00000020U
+/* SRP auth */
+# define SSL_aSRP                0x00000040U
+/* GOST R 34.10-2012 signature auth */
+# define SSL_aGOST12             0x00000080U
+
+/* Bits for algorithm_enc (symmetric encryption) */
+# define SSL_DES                 0x00000001U
+# define SSL_3DES                0x00000002U
+# define SSL_RC4                 0x00000004U
+# define SSL_RC2                 0x00000008U
+# define SSL_IDEA                0x00000010U
+# define SSL_eNULL               0x00000020U
+# define SSL_AES128              0x00000040U
+# define SSL_AES256              0x00000080U
+# define SSL_CAMELLIA128         0x00000100U
+# define SSL_CAMELLIA256         0x00000200U
+# define SSL_eGOST2814789CNT     0x00000400U
+# define SSL_SEED                0x00000800U
+# define SSL_AES128GCM           0x00001000U
+# define SSL_AES256GCM           0x00002000U
+# define SSL_AES128CCM           0x00004000U
+# define SSL_AES256CCM           0x00008000U
+# define SSL_AES128CCM8          0x00010000U
+# define SSL_AES256CCM8          0x00020000U
+# define SSL_eGOST2814789CNT12   0x00040000U
+# define SSL_CHACHA20POLY1305    0x00080000U
+
+# define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
+# define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
+
+/* Bits for algorithm_mac (symmetric authentication) */
+
+# define SSL_MD5                 0x00000001U
+# define SSL_SHA1                0x00000002U
+# define SSL_GOST94      0x00000004U
+# define SSL_GOST89MAC   0x00000008U
+# define SSL_SHA256              0x00000010U
+# define SSL_SHA384              0x00000020U
+/* Not a real MAC, just an indication it is part of cipher */
+# define SSL_AEAD                0x00000040U
+# define SSL_GOST12_256          0x00000080U
+# define SSL_GOST89MAC12         0x00000100U
+# define SSL_GOST12_512          0x00000200U
+
+/*
+ * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
+ * sure to update this constant too
+ */
+
+# define SSL_MD_MD5_IDX  0
+# define SSL_MD_SHA1_IDX 1
+# define SSL_MD_GOST94_IDX 2
+# define SSL_MD_GOST89MAC_IDX 3
+# define SSL_MD_SHA256_IDX 4
+# define SSL_MD_SHA384_IDX 5
+# define SSL_MD_GOST12_256_IDX  6
+# define SSL_MD_GOST89MAC12_IDX 7
+# define SSL_MD_GOST12_512_IDX  8
+# define SSL_MD_MD5_SHA1_IDX 9
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
+
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+/* Bits 0-7 are handshake MAC */
+# define SSL_HANDSHAKE_MAC_MASK  0xFF
+# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX
+# define SSL_HANDSHAKE_MAC_SHA256   SSL_MD_SHA256_IDX
+# define SSL_HANDSHAKE_MAC_SHA384   SSL_MD_SHA384_IDX
+# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
+# define SSL_HANDSHAKE_MAC_DEFAULT  SSL_HANDSHAKE_MAC_MD5_SHA1
+
+/* Bits 8-15 bits are PRF */
+# define TLS1_PRF_DGST_SHIFT 8
+# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF            (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+
+/*
+ * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
+ * goes into algorithm2)
+ */
+# define TLS1_STREAM_MAC 0x10000
+
+# define SSL_STRONG_MASK         0x0000001FU
+# define SSL_DEFAULT_MASK        0X00000020U
+
+# define SSL_STRONG_NONE         0x00000001U
+# define SSL_LOW                 0x00000002U
+# define SSL_MEDIUM              0x00000004U
+# define SSL_HIGH                0x00000008U
+# define SSL_FIPS                0x00000010U
+# define SSL_NOT_DEFAULT         0x00000020U
+
+/* we have used 0000003f - 26 bits left to go */
+
+/* Check if an SSL structure is using DTLS */
+# define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+/* See if we need explicit IV */
+# define SSL_USE_EXPLICIT_IV(s)  \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/*
+ * See if we use signature algorithms extension and signature algorithm
+ * before signatures.
+ */
+# define SSL_USE_SIGALGS(s)      \
+                        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_USE_TLS1_2_CIPHERS(s)       \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/*
+ * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)        \
+    ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
+     (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s)        \
+    SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
+
+# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA_ENC        0
+# define SSL_PKEY_RSA_SIGN       1
+# define SSL_PKEY_DSA_SIGN       2
+# define SSL_PKEY_ECC            3
+# define SSL_PKEY_GOST01         4
+# define SSL_PKEY_GOST12_256     5
+# define SSL_PKEY_GOST12_512     6
+# define SSL_PKEY_NUM            7
+/*
+ * Pseudo-constant. GOST cipher suites can use different certs for 1
+ * SSL_CIPHER. So let's see which one we have in fact.
+ */
+# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
+
+/*-
+ * SSL_kRSA <- RSA_ENC
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+# define TLS_CIPHER_LEN 2
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+    uint32_t valid;
+    const char *name;           /* text name */
+    uint32_t id;                /* id, 4 bytes, first is version */
+    /*
+     * changed in 1.0.0: these four used to be portions of a single value
+     * 'algorithms'
+     */
+    uint32_t algorithm_mkey;    /* key exchange algorithm */
+    uint32_t algorithm_auth;    /* server authentication */
+    uint32_t algorithm_enc;     /* symmetric encryption */
+    uint32_t algorithm_mac;     /* symmetric authentication */
+    int min_tls;                /* minimum SSL/TLS protocol version */
+    int max_tls;                /* maximum SSL/TLS protocol version */
+    int min_dtls;               /* minimum DTLS protocol version */
+    int max_dtls;               /* maximum DTLS protocol version */
+    uint32_t algo_strength;     /* strength and export flags */
+    uint32_t algorithm2;        /* Extra flags */
+    int32_t strength_bits;      /* Number of bits really used */
+    uint32_t alg_bits;          /* Number of bits for algorithm */
+};
+
+/* Used to hold SSL/TLS functions */
+struct ssl_method_st {
+    int version;
+    unsigned flags;
+    unsigned long mask;
+    int (*ssl_new) (SSL *s);
+    void (*ssl_clear) (SSL *s);
+    void (*ssl_free) (SSL *s);
+    int (*ssl_accept) (SSL *s);
+    int (*ssl_connect) (SSL *s);
+    int (*ssl_read) (SSL *s, void *buf, int len);
+    int (*ssl_peek) (SSL *s, void *buf, int len);
+    int (*ssl_write) (SSL *s, const void *buf, int len);
+    int (*ssl_shutdown) (SSL *s);
+    int (*ssl_renegotiate) (SSL *s);
+    int (*ssl_renegotiate_check) (SSL *s);
+    int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, int len, int peek);
+    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
+    int (*ssl_dispatch_alert) (SSL *s);
+    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
+    int (*ssl_pending) (const SSL *s);
+    int (*num_ciphers) (void);
+    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+    long (*get_timeout) (void);
+    const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+    int (*ssl_version) (void);
+    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
+ *      Master_key              OCTET STRING,   -- the master key
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
+ *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      flags [ 13 ] EXPLICIT INTEGER -- optional flags
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+    int ssl_version;            /* what ssl version session info is being kept
+                                 * in here? */
+    int master_key_length;
+    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+    /* session_id - valid? */
+    unsigned int session_id_length;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    /*
+     * this is used to determine whether the session is being reused in the
+     * appropriate context. It is up to the application to set this, via
+     * SSL_new
+     */
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    char *psk_identity;
+# endif
+    /*
+     * Used to indicate that session resumption is not allowed. Applications
+     * can also set this bit for a new session via not_resumable_session_cb
+     * to disable session caching and tickets.
+     */
+    int not_resumable;
+    /* This is the cert and type for the other end. */
+    X509 *peer;
+    int peer_type;
+    /* Certificate chain peer sent */
+    STACK_OF(X509) *peer_chain;
+    /*
+     * when app_verify_callback accepts a session where the peer's
+     * certificate is not ok, we must remember the error for session reuse:
+     */
+    long verify_result;         /* only for servers */
+    int references;
+    long timeout;
+    long time;
+    unsigned int compress_meth; /* Need to lookup the method */
+    const SSL_CIPHER *cipher;
+    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used to
+                                 * load the 'cipher' structure */
+    STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+    CRYPTO_EX_DATA ex_data;     /* application specific data */
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
+    char *tlsext_hostname;
+# ifndef OPENSSL_NO_EC
+    size_t tlsext_ecpointformatlist_length;
+    unsigned char *tlsext_ecpointformatlist; /* peer's list */
+    size_t tlsext_ellipticcurvelist_length;
+    unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+# endif                         /* OPENSSL_NO_EC */
+    /* RFC4507 info */
+    unsigned char *tlsext_tick; /* Session ticket */
+    size_t tlsext_ticklen;      /* Session ticket length */
+    unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in
+                                              * seconds */
+# ifndef OPENSSL_NO_SRP
+    char *srp_username;
+# endif
+    uint32_t flags;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS             0x1
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+    /* param for all the callbacks */
+    void *SRP_cb_arg;
+    /* set client Hello login callback */
+    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+    /* set SRP N/g param callback for verification */
+    int (*SRP_verify_param_callback) (SSL *, void *);
+    /* set SRP client passwd callback */
+    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+    char *login;
+    BIGNUM *N, *g, *s, *B, *A;
+    BIGNUM *a, *b, *v;
+    char *info;
+    int strength;
+    unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+    COMP_METHOD *method;
+};
+
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
+
+# define TLSEXT_KEYNAME_LENGTH 16
+
+struct ssl_ctx_st {
+    const SSL_METHOD *method;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    /* same as above but sorted for lookup */
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    struct x509_store_st /* X509_STORE */ *cert_store;
+    LHASH_OF(SSL_SESSION) *sessions;
+    /*
+     * Most session-ids that will be cached, default is
+     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+     */
+    unsigned long session_cache_size;
+    struct ssl_session_st *session_cache_head;
+    struct ssl_session_st *session_cache_tail;
+    /*
+     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+     * means only SSL_accept will cache SSL_SESSIONS.
+     */
+    uint32_t session_cache_mode;
+    /*
+     * If timeout is not 0, it is the default timeout value set when
+     * SSL_new() is called.  This has been put in to make life easier to set
+     * things up
+     */
+    long session_timeout;
+    /*
+     * If this callback is not null, it will be called each time a session id
+     * is added to the cache.  If this function returns 1, it means that the
+     * callback will do a SSL_SESSION_free() when it has finished using it.
+     * Otherwise, on 0, it means the callback has finished with it. If
+     * remove_session_cb is not null, it will be called when a session-id is
+     * removed from the cache.  After the call, OpenSSL will
+     * SSL_SESSION_free() it.
+     */
+    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+                                    const unsigned char *data, int len,
+                                    int *copy);
+    struct {
+        int sess_connect;       /* SSL new conn - started */
+        int sess_connect_renegotiate; /* SSL reneg - requested */
+        int sess_connect_good;  /* SSL new conne/reneg - finished */
+        int sess_accept;        /* SSL new accept - started */
+        int sess_accept_renegotiate; /* SSL reneg - requested */
+        int sess_accept_good;   /* SSL accept/reneg - finished */
+        int sess_miss;          /* session lookup misses */
+        int sess_timeout;       /* reuse attempt on timeouted session */
+        int sess_cache_full;    /* session removed due to full cache */
+        int sess_hit;           /* session reuse actually done */
+        int sess_cb_hit;        /* session-id that was not in the cache was
+                                 * passed back via the callback.  This
+                                 * indicates that the application is supplying
+                                 * session-id's from other processes - spooky
+                                 * :-) */
+    } stats;
+
+    int references;
+
+    /* if defined, these override the X509_verify_cert() calls */
+    int (*app_verify_callback) (X509_STORE_CTX *, void *);
+    void *app_verify_arg;
+    /*
+     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+     * ('app_verify_callback' was called with just one argument)
+     */
+
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+
+    /* get client cert callback */
+    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                 unsigned int cookie_len);
+
+    CRYPTO_EX_DATA ex_data;
+
+    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
+    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+    /* Default values used when no per-SSL value is defined follow */
+
+    /* used if SSL's info_callback is NULL */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /* what we put in client cert requests */
+    STACK_OF(X509_NAME) *client_CA;
+
+    /*
+     * Default values to use in SSL structures follow (these are copied by
+     * SSL_new)
+     */
+
+    uint32_t options;
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    long max_cert_list;
+
+    struct cert_st /* CERT */ *cert;
+    int read_ahead;
+
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+
+    uint32_t verify_mode;
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* called 'verify_callback' in the SSL */
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+
+    X509_VERIFY_PARAM *param;
+
+    int quiet_shutdown;
+
+# ifndef OPENSSL_NO_CT
+    CTLOG_STORE *ctlog_store;   /* CT Log Store */
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    void *ct_validation_callback_arg;
+# endif
+
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    unsigned int split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    unsigned int max_send_fragment;
+
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    unsigned int max_pipelines;
+
+    /* The default read buffer length to use (0 means not set) */
+    size_t default_read_buf_len;
+
+# ifndef OPENSSL_NO_ENGINE
+    /*
+     * Engine to pass requests for client certs to
+     */
+    ENGINE *client_cert_engine;
+# endif
+
+    /* TLS extensions servername callback */
+    int (*tlsext_servername_callback) (SSL *, int *, void *);
+    void *tlsext_servername_arg;
+    /* RFC 4507 session ticket keys */
+    unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH];
+    unsigned char tlsext_tick_hmac_key[32];
+    unsigned char tlsext_tick_aes_key[32];
+    /* Callback to support customisation of ticket key setting */
+    int (*tlsext_ticket_key_cb) (SSL *ssl,
+                                 unsigned char *name, unsigned char *iv,
+                                 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+    /* certificate status request info */
+    /* Callback for status request */
+    int (*tlsext_status_cb) (SSL *ssl, void *arg);
+    void *tlsext_status_arg;
+
+# ifndef OPENSSL_NO_PSK
+    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+                                         char *identity,
+                                         unsigned int max_identity_len,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+# endif
+
+# ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+# endif
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /* Next protocol negotiation information */
+
+    /*
+     * For a server, this contains a callback function by which the set of
+     * advertised protocols can be provided.
+     */
+    int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
+                                      unsigned int *len, void *arg);
+    void *next_protos_advertised_cb_arg;
+    /*
+     * For a client, this contains a callback function that selects the next
+     * protocol from the list provided by the server.
+     */
+    int (*next_proto_select_cb) (SSL *s, unsigned char **out,
+                                 unsigned char *outlen,
+                                 const unsigned char *in,
+                                 unsigned int inlen, void *arg);
+    void *next_proto_select_cb_arg;
+# endif
+
+    /*
+     * ALPN information (we are in the process of transitioning from NPN to
+     * ALPN.)
+     */
+
+        /*-
+         * For a server, this contains a callback function that allows the
+         * server to select the protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *        name (without the length prefix).
+         *   outlen: on successful return, this contains the length of |*out|.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of |in|.
+         */
+    int (*alpn_select_cb) (SSL *s,
+                           const unsigned char **out,
+                           unsigned char *outlen,
+                           const unsigned char *in,
+                           unsigned int inlen, void *arg);
+    void *alpn_select_cb_arg;
+
+    /*
+     * For a client, this contains the list of supported protocols in wire
+     * format.
+     */
+    unsigned char *alpn_client_proto_list;
+    unsigned alpn_client_proto_list_len;
+
+    /* Shared DANE context */
+    struct dane_ctx_st dane;
+
+    /* SRTP profiles we are willing to do from RFC 5764 */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+# ifndef OPENSSL_NO_EC
+    /* EC extension values inherited by SSL structure */
+    size_t tlsext_ecpointformatlist_length;
+    unsigned char *tlsext_ecpointformatlist;
+    size_t tlsext_ellipticcurvelist_length;
+    unsigned char *tlsext_ellipticcurvelist;
+# endif                         /* OPENSSL_NO_EC */
+
+    /* ext status type used for CSR extension (OCSP Stapling) */
+    int tlsext_status_type;
+
+    CRYPTO_RWLOCK *lock;
+};
+
+struct ssl_st {
+    /*
+     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+     * DTLS1_VERSION)
+     */
+    int version;
+    /* SSLv3 */
+    const SSL_METHOD *method;
+    /*
+     * There are 2 BIO's even though they are normally both the same.  This
+     * is so data can be read and written to different handlers
+     */
+    /* used by SSL_read */
+    BIO *rbio;
+    /* used by SSL_write */
+    BIO *wbio;
+    /* used during session-id reuse to concatenate messages */
+    BIO *bbio;
+    /*
+     * This holds a variable that indicates what we were doing when a 0 or -1
+     * is returned.  This is needed for non-blocking IO so we know what
+     * request needs re-doing when in SSL_accept or SSL_connect
+     */
+    int rwstate;
+    int (*handshake_func) (SSL *);
+    /*
+     * Imagine that here's a boolean member "init" that is switched as soon
+     * as SSL_set_{accept/connect}_state is called for the first time, so
+     * that "state" and "handshake_func" are properly initialized.  But as
+     * handshake_func is == 0 until then, we use this test instead of an
+     * "init" member.
+     */
+    /* are we the server side? */
+    int server;
+    /*
+     * Generate a new session or reuse an old one.
+     * NB: For servers, the 'new' session may actually be a previously
+     * cached session or even the previous session unless
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+     */
+    int new_session;
+    /* don't send shutdown packets */
+    int quiet_shutdown;
+    /* we have shut things down, 0x01 sent, 0x02 for received */
+    int shutdown;
+    /* where we are */
+    OSSL_STATEM statem;
+    BUF_MEM *init_buf;          /* buffer used during init */
+    void *init_msg;             /* pointer to handshake message body, set by
+                                 * ssl3_get_message() */
+    int init_num;               /* amount read/written */
+    int init_off;               /* amount read/written */
+    struct ssl3_state_st *s3;   /* SSLv3 variables */
+    struct dtls1_state_st *d1;  /* DTLSv1 variables */
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+    int hit;                    /* reusing a previous session */
+    X509_VERIFY_PARAM *param;
+    /* Per connection DANE state */
+    SSL_DANE dane;
+    /* crypto */
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /*
+     * These are the ones being used, the ones in SSL_SESSION are the ones to
+     * be 'copied' into these ones
+     */
+    uint32_t mac_flags;
+    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+    EVP_MD_CTX *read_hash;      /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    COMP_CTX *expand;           /* uncompress */
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    /* session info */
+    /* client cert? */
+    /* This is used to hold the server certificate used */
+    struct cert_st /* CERT */ *cert;
+    /*
+     * the session_id_context is used to ensure sessions are only reused in
+     * the appropriate context
+     */
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* This can also be in the session once a session is established */
+    SSL_SESSION *session;
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+    /* Used in SSL3 */
+    /*
+     * 0 don't care about verify failure.
+     * 1 fail if verify fails
+     */
+    uint32_t verify_mode;
+    /* fail if callback returns 0 */
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+    /* optional informational callback */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+    /* error bytes to be written */
+    int error;
+    /* actual code */
+    int error_code;
+# ifndef OPENSSL_NO_PSK
+    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+                                         char *identity,
+                                         unsigned int max_identity_len,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+# endif
+    SSL_CTX *ctx;
+    /* Verified chain of peer */
+    STACK_OF(X509) *verified_chain;
+    long verify_result;
+    /* extra application data */
+    CRYPTO_EX_DATA ex_data;
+    /* for server side, keep the list of CA_dn we can use */
+    STACK_OF(X509_NAME) *client_CA;
+    int references;
+    /* protocol behaviour */
+    uint32_t options;
+    /* API behaviour */
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    long max_cert_list;
+    int first_packet;
+    /* what was passed, used for SSLv3/TLS rollback check */
+    int client_version;
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    unsigned int split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    unsigned int max_send_fragment;
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    unsigned int max_pipelines;
+    /* TLS extension debug callback */
+    void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
+                             const unsigned char *data, int len, void *arg);
+    void *tlsext_debug_arg;
+    char *tlsext_hostname;
+    /*-
+     * no further mod of servername
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+    int servername_done;
+    /* certificate status request info */
+    /* Status type or -1 if no status type */
+    int tlsext_status_type;
+# ifndef OPENSSL_NO_CT
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    /* User-supplied argument tha tis passed to the ct_validation_callback */
+    void *ct_validation_callback_arg;
+    /*
+     * Consolidated stack of SCTs from all sources.
+     * Lazily populated by CT_get_peer_scts(SSL*)
+     */
+    STACK_OF(SCT) *scts;
+    /* Raw extension data, if seen */
+    unsigned char *tlsext_scts;
+    /* Length of raw extension data, if seen */
+    uint16_t tlsext_scts_len;
+    /* Have we attempted to find/parse SCTs yet? */
+    int scts_parsed;
+# endif
+    /* Expect OCSP CertificateStatus message */
+    int tlsext_status_expected;
+    /* OCSP status request only */
+    STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+    X509_EXTENSIONS *tlsext_ocsp_exts;
+    /* OCSP response received or to be sent */
+    unsigned char *tlsext_ocsp_resp;
+    int tlsext_ocsp_resplen;
+    /* RFC4507 session ticket expected to be received or sent */
+    int tlsext_ticket_expected;
+# ifndef OPENSSL_NO_EC
+    size_t tlsext_ecpointformatlist_length;
+    /* our list */
+    unsigned char *tlsext_ecpointformatlist;
+    size_t tlsext_ellipticcurvelist_length;
+    /* our list */
+    unsigned char *tlsext_ellipticcurvelist;
+# endif                         /* OPENSSL_NO_EC */
+    /* TLS Session Ticket extension override */
+    TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
+    /* TLS Session Ticket extension callback */
+    tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
+    void *tls_session_ticket_ext_cb_arg;
+    /* TLS pre-shared secret session resumption */
+    tls_session_secret_cb_fn tls_session_secret_cb;
+    void *tls_session_secret_cb_arg;
+    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Next protocol negotiation. For the client, this is the protocol that
+     * we sent in NextProtocol and is set when handling ServerHello
+     * extensions. For a server, this is the client's selected_protocol from
+     * NextProtocol and is set when handling the NextProtocol message, before
+     * the Finished message.
+     */
+    unsigned char *next_proto_negotiated;
+    unsigned char next_proto_negotiated_len;
+# endif
+    /* What we'll do */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /* What's been chosen */
+    SRTP_PROTECTION_PROFILE *srtp_profile;
+        /*-
+         * Is use of the Heartbeat extension negotiated?
+         *  0: disabled
+         *  1: enabled
+         *  2: enabled, but not allowed to send Requests
+         */
+    unsigned int tlsext_heartbeat;
+    /* Indicates if a HeartbeatRequest is in flight */
+    unsigned int tlsext_hb_pending;
+    /* HeartbeatRequest sequence number */
+    unsigned int tlsext_hb_seq;
+    /*
+     * For a client, this contains the list of supported protocols in wire
+     * format.
+     */
+    unsigned char *alpn_client_proto_list;
+    unsigned alpn_client_proto_list_len;
+
+    /* Set to one if we have negotiated ETM */
+    int tlsext_use_etm;
+
+    /*-
+     * 1 if we are renegotiating.
+     * 2 if we are a server and are inside a handshake
+     * (i.e. not just sending a HelloRequest)
+     */
+    int renegotiate;
+# ifndef OPENSSL_NO_SRP
+    /* ctx for SRP authentication */
+    SRP_CTX srp_ctx;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+    RECORD_LAYER rlayer;
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+    /* Async Job info */
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    CRYPTO_RWLOCK *lock;
+};
+
+typedef struct ssl3_state_st {
+    long flags;
+    int read_mac_secret_size;
+    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+    int write_mac_secret_size;
+    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_random[SSL3_RANDOM_SIZE];
+    unsigned char client_random[SSL3_RANDOM_SIZE];
+    /* flags for countermeasure against known-IV weakness */
+    int need_empty_fragments;
+    int empty_fragment_done;
+    /* used during startup, digest all incoming/outgoing packets */
+    BIO *handshake_buffer;
+    /*
+     * When handshake digest is determined, buffer is hashed and
+     * freed and MD_CTX for the required digest is stored here.
+     */
+    EVP_MD_CTX *handshake_dgst;
+    /*
+     * Set whenever an expected ChangeCipherSpec message is processed.
+     * Unset when the peer's Finished message is received.
+     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+     */
+    int change_cipher_spec;
+    int warn_alert;
+    int fatal_alert;
+    /*
+     * we allow one fatal and one warning alert to be outstanding, send close
+     * alert via the warning alert
+     */
+    int alert_dispatch;
+    unsigned char send_alert[2];
+    /*
+     * This flag is set when we should renegotiate ASAP, basically when there
+     * is no more data in the read or write buffers
+     */
+    int renegotiate;
+    int total_renegotiations;
+    int num_renegotiations;
+    int in_read_app_data;
+    struct {
+        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+        int finish_md_len;
+        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+        int peer_finish_md_len;
+        unsigned long message_size;
+        int message_type;
+        /* used to hold the new cipher we are going to use */
+        const SSL_CIPHER *new_cipher;
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        EVP_PKEY *pkey;         /* holds short lived DH/ECDH key */
+# endif
+        /* used for certificate requests */
+        int cert_req;
+        int ctype_num;
+        char ctype[SSL3_CT_NUMBER];
+        STACK_OF(X509_NAME) *ca_names;
+        int key_block_length;
+        unsigned char *key_block;
+        const EVP_CIPHER *new_sym_enc;
+        const EVP_MD *new_hash;
+        int new_mac_pkey_type;
+        int new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+        const SSL_COMP *new_compression;
+# else
+        char *new_compression;
+# endif
+        int cert_request;
+        /* Raw values of the cipher list from a client */
+        unsigned char *ciphers_raw;
+        size_t ciphers_rawlen;
+        /* Temporary storage for premaster secret */
+        unsigned char *pms;
+        size_t pmslen;
+# ifndef OPENSSL_NO_PSK
+        /* Temporary storage for PSK key */
+        unsigned char *psk;
+        size_t psklen;
+# endif
+        /*
+         * signature algorithms peer reports: e.g. supported signature
+         * algorithms extension for server or as part of a certificate
+         * request for client.
+         */
+        unsigned char *peer_sigalgs;
+        /* Size of above array */
+        size_t peer_sigalgslen;
+        /* Digest peer uses for signing */
+        const EVP_MD *peer_md;
+        /* Array of digests used for signing */
+        const EVP_MD *md[SSL_PKEY_NUM];
+        /*
+         * Set if corresponding CERT_PKEY can be used with current
+         * SSL session: e.g. appropriate curve, signature algorithms etc.
+         * If zero it can't be used at all.
+         */
+        uint32_t valid_flags[SSL_PKEY_NUM];
+        /*
+         * For servers the following masks are for the key and auth algorithms
+         * that are supported by the certs below. For clients they are masks of
+         * *disabled* algorithms based on the current session.
+         */
+        uint32_t mask_k;
+        uint32_t mask_a;
+        /*
+         * The following are used by the client to see if a cipher is allowed or
+         * not.  It contains the minimum and maximum version the client's using
+         * based on what it knows so far.
+         */
+        int min_ver;
+        int max_ver;
+    } tmp;
+
+    /* Connection binding to prevent renegotiation attacks */
+    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+    unsigned char previous_client_finished_len;
+    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+    unsigned char previous_server_finished_len;
+    int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Set if we saw the Next Protocol Negotiation extension from our peer.
+     */
+    int next_proto_neg_seen;
+# endif
+
+    /*
+     * ALPN information (we are in the process of transitioning from NPN to
+     * ALPN.)
+     */
+
+    /*
+     * In a server these point to the selected ALPN protocol after the
+     * ClientHello has been processed. In a client these contain the protocol
+     * that the server selected once the ServerHello has been processed.
+     */
+    unsigned char *alpn_selected;
+    size_t alpn_selected_len;
+    /* used by the server to know what options were proposed */
+    unsigned char *alpn_proposed;
+    size_t alpn_proposed_len;
+    /* used by the client to know if it actually sent alpn */
+    int alpn_sent;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * This is set to true if we believe that this is a version of Safari
+     * running on OS X 10.6 or newer. We wish to know this because Safari on
+     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+     */
+    char is_probably_safari;
+# endif                         /* !OPENSSL_NO_EC */
+
+    /* For clients: peer temporary key */
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY *peer_tmp;
+# endif
+
+} SSL3_STATE;
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+#  define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD                   48
+
+/*
+ * Flag used in message reuse to indicate the buffer contains the record
+ * header as well as the the handshake message header.
+ */
+# define DTLS1_SKIP_RECORD_HEADER                 2
+
+struct dtls1_retransmit_state {
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    SSL_SESSION *session;
+    unsigned short epoch;
+};
+
+struct hm_header_st {
+    unsigned char type;
+    unsigned long msg_len;
+    unsigned short seq;
+    unsigned long frag_off;
+    unsigned long frag_len;
+    unsigned int is_ccs;
+    struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct dtls1_timeout_st {
+    /* Number of read timeouts so far */
+    unsigned int read_timeouts;
+    /* Number of write timeouts so far */
+    unsigned int write_timeouts;
+    /* Number of alerts received so far */
+    unsigned int num_alerts;
+};
+
+typedef struct hm_fragment_st {
+    struct hm_header_st msg_header;
+    unsigned char *fragment;
+    unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
+    void *data;
+    pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue *pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+int pqueue_size(pqueue *pq);
+
+typedef struct dtls1_state_st {
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    unsigned int cookie_len;
+    unsigned int cookie_verified;
+    /* handshake message numbers */
+    unsigned short handshake_write_seq;
+    unsigned short next_handshake_write_seq;
+    unsigned short handshake_read_seq;
+    /* Buffered handshake messages */
+    pqueue *buffered_messages;
+    /* Buffered (sent) handshake records */
+    pqueue *sent_messages;
+    unsigned int link_mtu;      /* max on-the-wire DTLS packet size */
+    unsigned int mtu;           /* max DTLS packet size */
+    struct hm_header_st w_msg_hdr;
+    struct hm_header_st r_msg_hdr;
+    struct dtls1_timeout_st timeout;
+    /*
+     * Indicates when the last handshake msg or heartbeat sent will timeout
+     */
+    struct timeval next_timeout;
+    /* Timeout duration */
+    unsigned short timeout_duration;
+    unsigned int retransmitting;
+# ifndef OPENSSL_NO_SCTP
+    int shutdown_received;
+# endif
+} DTLS1_STATE;
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+#  define EXPLICIT_PRIME_CURVE_TYPE  1
+#  define EXPLICIT_CHAR2_CURVE_TYPE  2
+#  define NAMED_CURVE_TYPE           3
+# endif                         /* OPENSSL_NO_EC */
+
+typedef struct cert_pkey_st {
+    X509 *x509;
+    EVP_PKEY *privatekey;
+    /* Chain for this certificate */
+    STACK_OF(X509) *chain;
+    /*-
+     * serverinfo data for this certificate.  The data is in TLS Extension
+     * wire format, specifically it's a series of records like:
+     *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+     *   uint16_t length;
+     *   uint8_t data[length];
+     */
+    unsigned char *serverinfo;
+    size_t serverinfo_length;
+} CERT_PKEY;
+/* Retrieve Suite B flags */
+# define tls1_suiteb(s)  (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
+/* Uses to check strict mode: suite B modes are always strict */
+# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
+        (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+
+typedef struct {
+    unsigned short ext_type;
+    /*
+     * Per-connection flags relating to this extension type: not used if
+     * part of an SSL_CTX structure.
+     */
+    uint32_t ext_flags;
+    custom_ext_add_cb add_cb;
+    custom_ext_free_cb free_cb;
+    void *add_arg;
+    custom_ext_parse_cb parse_cb;
+    void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/*
+ * Indicates an extension has been received. Used to check for unsolicited or
+ * duplicate extensions.
+ */
+# define SSL_EXT_FLAG_RECEIVED   0x1
+/*
+ * Indicates an extension has been sent: used to enable sending of
+ * corresponding ServerHello extension.
+ */
+# define SSL_EXT_FLAG_SENT       0x2
+
+typedef struct {
+    custom_ext_method *meths;
+    size_t meths_count;
+} custom_ext_methods;
+
+typedef struct cert_st {
+    /* Current active set */
+    /*
+     * ALWAYS points to an element of the pkeys array
+     * Probably it would make more sense to store
+     * an index, not a pointer.
+     */
+    CERT_PKEY *key;
+# ifndef OPENSSL_NO_DH
+    EVP_PKEY *dh_tmp;
+    DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+    int dh_tmp_auto;
+# endif
+    /* Flags related to certificates */
+    uint32_t cert_flags;
+    CERT_PKEY pkeys[SSL_PKEY_NUM];
+    /*
+     * Certificate types (received or sent) in certificate request message.
+     * On receive this is only set if number of certificate types exceeds
+     * SSL3_CT_NUMBER.
+     */
+    unsigned char *ctypes;
+    size_t ctype_num;
+    /*
+     * supported signature algorithms. When set on a client this is sent in
+     * the client hello as the supported signature algorithms extension. For
+     * servers it represents the signature algorithms we are willing to use.
+     */
+    unsigned char *conf_sigalgs;
+    /* Size of above array */
+    size_t conf_sigalgslen;
+    /*
+     * Client authentication signature algorithms, if not set then uses
+     * conf_sigalgs. On servers these will be the signature algorithms sent
+     * to the client in a cerificate request for TLS 1.2. On a client this
+     * represents the signature algortithms we are willing to use for client
+     * authentication.
+     */
+    unsigned char *client_sigalgs;
+    /* Size of above array */
+    size_t client_sigalgslen;
+    /*
+     * Signature algorithms shared by client and server: cached because these
+     * are used most often.
+     */
+    TLS_SIGALGS *shared_sigalgs;
+    size_t shared_sigalgslen;
+    /*
+     * Certificate setup callback: if set is called whenever a certificate
+     * may be required (client or server). the callback can then examine any
+     * appropriate parameters and setup any certificates required. This
+     * allows advanced applications to select certificates on the fly: for
+     * example based on supported signature algorithms or curves.
+     */
+    int (*cert_cb) (SSL *ssl, void *arg);
+    void *cert_cb_arg;
+    /*
+     * Optional X509_STORE for chain building or certificate validation If
+     * NULL the parent SSL_CTX store is used instead.
+     */
+    X509_STORE *chain_store;
+    X509_STORE *verify_store;
+    /* Custom extension methods for server and client */
+    custom_ext_methods cli_ext;
+    custom_ext_methods srv_ext;
+    /* Security callback */
+    int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+    /* Security level */
+    int sec_level;
+    void *sec_ex;
+# ifndef OPENSSL_NO_PSK
+    /* If not NULL psk identity hint to use for servers */
+    char *psk_identity_hint;
+# endif
+    int references;             /* >1 only if SSL_copy_session_id is used */
+    CRYPTO_RWLOCK *lock;
+} CERT;
+
+/* Structure containing decoded values of signature algorithms extension */
+struct tls_sigalgs_st {
+    /* NID of hash algorithm */
+    int hash_nid;
+    /* NID of signature algorithm */
+    int sign_nid;
+    /* Combined hash and signature NID */
+    int signandhash_nid;
+    /* Raw values used in extension */
+    unsigned char rsign;
+    unsigned char rhash;
+};
+
+# define FP_ICC  (int (*)(const void *,const void *))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+    int (*enc) (SSL *, SSL3_RECORD *, unsigned int, int);
+    int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
+    int (*setup_key_block) (SSL *);
+    int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+                                   int);
+    int (*change_cipher_state) (SSL *, int);
+    int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
+    int finish_mac_length;
+    const char *client_finished_label;
+    int client_finished_label_len;
+    const char *server_finished_label;
+    int server_finished_label_len;
+    int (*alert_value) (int);
+    int (*export_keying_material) (SSL *, unsigned char *, size_t,
+                                   const char *, size_t,
+                                   const unsigned char *, size_t,
+                                   int use_context);
+    /* Various flags indicating protocol version requirements */
+    uint32_t enc_flags;
+    /* Handshake header length */
+    unsigned int hhlen;
+    /* Set the handshake header */
+    int (*set_handshake_header) (SSL *s, int type, unsigned long len);
+    /* Write out handshake message */
+    int (*do_write) (SSL *s);
+} SSL3_ENC_METHOD;
+
+# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen
+# define ssl_handshake_start(s) \
+        (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)
+# define ssl_set_handshake_header(s, htype, len) \
+        s->method->ssl3_enc->set_handshake_header(s, htype, len)
+# define ssl_do_write(s)  s->method->ssl3_enc->do_write(s)
+
+/* Values for enc_flags */
+
+/* Uses explicit IV for CBC mode */
+# define SSL_ENC_FLAG_EXPLICIT_IV        0x1
+/* Uses signature algorithms extension */
+# define SSL_ENC_FLAG_SIGALGS            0x2
+/* Uses SHA256 default PRF */
+# define SSL_ENC_FLAG_SHA256_PRF         0x4
+/* Is DTLS */
+# define SSL_ENC_FLAG_DTLS               0x8
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_ENC_FLAG_TLS1_2_CIPHERS     0x10
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+    int comp_id;                /* The identifier byte for this compression
+                                 * type */
+    char *name;                 /* Text name used for the compression type */
+    COMP_METHOD *method;        /* The method :-) */
+} SSL3_COMP;
+# endif
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+
+__owur const SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *sslv3_method(void);
+__owur const SSL_METHOD *sslv3_server_method(void);
+__owur const SSL_METHOD *sslv3_client_method(void);
+__owur const SSL_METHOD *tlsv1_method(void);
+__owur const SSL_METHOD *tlsv1_server_method(void);
+__owur const SSL_METHOD *tlsv1_client_method(void);
+__owur const SSL_METHOD *tlsv1_1_method(void);
+__owur const SSL_METHOD *tlsv1_1_server_method(void);
+__owur const SSL_METHOD *tlsv1_1_client_method(void);
+__owur const SSL_METHOD *tlsv1_2_method(void);
+__owur const SSL_METHOD *tlsv1_2_server_method(void);
+__owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *dtlsv1_method(void);
+__owur const SSL_METHOD *dtlsv1_server_method(void);
+__owur const SSL_METHOD *dtlsv1_client_method(void);
+__owur const SSL_METHOD *dtls_bad_ver_client_method(void);
+__owur const SSL_METHOD *dtlsv1_2_method(void);
+__owur const SSL_METHOD *dtlsv1_2_server_method(void);
+__owur const SSL_METHOD *dtlsv1_2_client_method(void);
+
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+
+/*
+ * Flags for SSL methods
+ */
+# define SSL_METHOD_NO_FIPS      (1U<<0)
+# define SSL_METHOD_NO_SUITEB    (1U<<1)
+
+# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
+                                 s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                tls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                SSL3_VERSION, \
+                SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
+                SSL_OP_NO_SSLv3, \
+                ssl3_new, \
+                ssl3_clear, \
+                ssl3_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                ssl3_default_timeout, \
+                &SSLv3_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
+                                        s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                dtls1_new, \
+                dtls1_clear, \
+                dtls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                dtls1_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                dtls1_read_bytes, \
+                dtls1_write_app_data_bytes, \
+                dtls1_dispatch_alert, \
+                dtls1_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                dtls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+struct openssl_ssl_test_functions {
+    int (*p_ssl_init_wbio_buffer) (SSL *s);
+    int (*p_ssl3_setup_buffers) (SSL *s);
+# ifndef OPENSSL_NO_HEARTBEATS
+    int (*p_dtls1_process_heartbeat) (SSL *s,
+                                      unsigned char *p, unsigned int length);
+# endif
+};
+
+const char *ssl_protocol_to_string(int version);
+
+# ifndef OPENSSL_UNIT_TEST
+
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
+void ssl_cert_clear_certs(CERT *c);
+void ssl_cert_free(CERT *c);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur int ssl_get_prev_session(SSL *s, const PACKET *ext,
+                                const PACKET *session_id);
+__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                                 const SSL_CIPHER *const *bp);
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+                                                    STACK_OF(SSL_CIPHER) **pref,
+                                                    STACK_OF(SSL_CIPHER)
+                                                    **sorted,
+                                                    const char *rule_str,
+                                                    CERT *c);
+void ssl_update_cache(SSL *s, int mode);
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                              const EVP_MD **md, int *mac_pkey_type,
+                              int *mac_secret_size, SSL_COMP **comp,
+                              int use_etm);
+__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
+                                                const unsigned char *ptr);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
+
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
+                                   int ref);
+
+__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
+                            void *other);
+
+int ssl_undefined_function(SSL *s);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s);
+__owur int ssl_get_server_cert_serverinfo(SSL *s,
+                                          const unsigned char **serverinfo,
+                                          size_t *serverinfo_length);
+__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c,
+                                   const EVP_MD **pmd);
+__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey);
+void ssl_set_masks(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_verify_alarm_type(long type);
+void ssl_sort_cipher_list(void);
+void ssl_load_ciphers(void);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
+                                 int len);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                                      int free_pms);
+__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
+__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey);
+__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+int ssl3_init_finished_mac(SSL *s);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+__owur int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, int len);
+__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl);
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+                                 unsigned char *p);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+void ssl3_free_digest_list(SSL *s);
+__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
+__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+                                            STACK_OF(SSL_CIPHER) *clnt,
+                                            STACK_OF(SSL_CIPHER) *srvr);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
+__owur int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+__owur int ssl3_read(SSL *s, void *buf, int len);
+__owur int ssl3_peek(SSL *s, void *buf, int len);
+__owur int ssl3_write(SSL *s, const void *buf, int len);
+__owur int ssl3_shutdown(SSL *s);
+void ssl3_clear(SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur int ssl_version_supported(const SSL *s, int version);
+
+__owur int ssl_set_client_hello_version(SSL *s);
+__owur int ssl_check_version_downgrade(SSL *s);
+__owur int ssl_set_version_bound(int method_version, int version, int *bound);
+__owur int ssl_choose_server_version(SSL *s);
+__owur int ssl_choose_client_version(SSL *s, int version);
+int ssl_get_client_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt,
+                              unsigned long len,
+                              unsigned long frag_off, unsigned long frag_len);
+
+__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf,
+                                      int len);
+
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+                              struct hm_header_st *msg_hdr);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
+void dtls1_double_timeout(SSL *s);
+__owur unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
+                                                  unsigned char *cookie,
+                                                  unsigned char cookie_len);
+__owur int dtls1_send_newsession_ticket(SSL *s);
+__owur unsigned int dtls1_min_mtu(SSL *s);
+void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
+
+__owur int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+
+__owur int dtls1_new(SSL *s);
+void dtls1_free(SSL *s);
+void dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur int dtls1_shutdown(SSL *s);
+
+__owur int dtls1_dispatch_alert(SSL *s);
+
+__owur int ssl_init_wbio_buffer(SSL *s);
+void ssl_free_wbio_buffer(SSL *s);
+
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur int tls1_final_finish_mac(SSL *s,
+                                 const char *str, int slen, unsigned char *p);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, int len);
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *p, size_t plen,
+                                       int use_context);
+__owur int tls1_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+__owur int ssl_ok(SSL *s);
+
+#  ifndef OPENSSL_NO_EC
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+#  endif
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+#  ifndef OPENSSL_NO_EC
+/* Flags values from tls1_ec_curve_id2nid() */
+/* Mask for curve type */
+# define TLS_CURVE_TYPE          0x3
+# define TLS_CURVE_PRIME         0x0
+# define TLS_CURVE_CHAR2         0x1
+# define TLS_CURVE_CUSTOM        0x2
+__owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags);
+__owur int tls1_ec_nid2curve_id(int nid);
+__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
+__owur int tls1_shared_curve(SSL *s, int nmatch);
+__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+                           int *curves, size_t ncurves);
+__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
+                                const char *str);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
+#  endif                        /* OPENSSL_NO_EC */
+
+__owur int tls1_shared_list(SSL *s,
+                            const unsigned char *l1, size_t l1len,
+                            const unsigned char *l2, size_t l2len, int nmatch);
+__owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+                                                 unsigned char *limit, int *al);
+__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+                                                 unsigned char *limit, int *al);
+__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
+void ssl_set_default_md(SSL *s);
+__owur int tls1_set_server_sigalgs(SSL *s);
+__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
+__owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
+__owur int ssl_prepare_clienthello_tlsext(SSL *s);
+__owur int ssl_prepare_serverhello_tlsext(SSL *s);
+
+#  ifndef OPENSSL_NO_HEARTBEATS
+__owur int dtls1_heartbeat(SSL *s);
+__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p,
+                                   unsigned int length);
+#  endif
+
+__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
+                                              const PACKET *session_id,
+                                              SSL_SESSION **ret);
+
+__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
+                                const EVP_MD *md);
+__owur int tls12_get_sigid(const EVP_PKEY *pk);
+__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
+
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+                            int client);
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx);
+void tls1_set_cert_validity(SSL *s);
+
+#  ifndef OPENSSL_NO_CT
+__owur int ssl_validate_ct(SSL *s);
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+__owur DH *ssl_get_auto_dh(SSL *s);
+#  endif
+
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
+                                   int vfy);
+
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
+                                               int *len, int maxlen);
+__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
+__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
+                                               int *len, int maxlen);
+__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
+__owur long ssl_get_algorithm2(SSL *s);
+__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
+                                 const unsigned char *psig, size_t psiglen);
+__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
+__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
+                                   const unsigned char *sig, EVP_PKEY *pkey);
+void ssl_set_client_disabled(SSL *s);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
+
+__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                            int maxlen);
+__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
+__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                            int maxlen);
+__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
+
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
+__owur const EVP_MD *ssl_md(int idx);
+__owur const EVP_MD *ssl_handshake_md(SSL *s);
+__owur const EVP_MD *ssl_prf_md(SSL *s);
+
+/* s3_cbc.c */
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                                  unsigned char *md_out,
+                                  size_t *md_out_size,
+                                  const unsigned char header[13],
+                                  const unsigned char *data,
+                                  size_t data_plus_mac_size,
+                                  size_t data_plus_mac_plus_padding_size,
+                                  const unsigned char *mac_secret,
+                                  unsigned mac_secret_length, char is_sslv3);
+
+__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+                                 EVP_MD_CTX *mac_ctx, const unsigned char *data,
+                                 size_t data_len, size_t orig_len);
+
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
+__owur int srp_verify_server_param(SSL *s, int *al);
+
+/* t1_ext.c */
+
+void custom_ext_init(custom_ext_methods *meths);
+
+__owur int custom_ext_parse(SSL *s, int server,
+                            unsigned int ext_type,
+                            const unsigned char *ext_data, size_t ext_size,
+                            int *al);
+__owur int custom_ext_add(SSL *s, int server, unsigned char **pret,
+                          unsigned char *limit, int *al);
+
+__owur int custom_exts_copy(custom_ext_methods *dst,
+                            const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+                                  const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
+void ssl_comp_free_compression_methods_int(void);
+
+# else
+
+#  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+#  define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
+
+# endif
+#endif
diff --git a/openssl-1.1.0h/ssl/ssl_mcnf.c b/openssl-1.1.0h/ssl/ssl_mcnf.c
new file mode 100644
index 0000000..c2d9dba
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_mcnf.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+#include "ssl_locl.h"
+
+/* SSL library configuration module. */
+
+struct ssl_conf_name {
+    /* Name of this set of commands */
+    char *name;
+    /* List of commands */
+    struct ssl_conf_cmd *cmds;
+    /* Number of commands */
+    size_t cmd_count;
+};
+
+struct ssl_conf_cmd {
+    /* Command */
+    char *cmd;
+    /* Argument */
+    char *arg;
+};
+
+static struct ssl_conf_name *ssl_names;
+static size_t ssl_names_count;
+
+static void ssl_module_free(CONF_IMODULE *md)
+{
+    size_t i, j;
+    if (ssl_names == NULL)
+        return;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name *tname = ssl_names + i;
+        OPENSSL_free(tname->name);
+        for (j = 0; j < tname->cmd_count; j++) {
+            OPENSSL_free(tname->cmds[j].cmd);
+            OPENSSL_free(tname->cmds[j].arg);
+        }
+        OPENSSL_free(tname->cmds);
+    }
+    OPENSSL_free(ssl_names);
+    ssl_names = NULL;
+    ssl_names_count = 0;
+}
+
+static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    size_t i, j, cnt;
+    int rv = 0;
+    const char *ssl_conf_section;
+    STACK_OF(CONF_VALUE) *cmd_lists;
+    ssl_conf_section = CONF_imodule_get_value(md);
+    cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
+    if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
+        if (cmd_lists == NULL)
+            SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_NOT_FOUND);
+        else
+            SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_EMPTY);
+        ERR_add_error_data(2, "section=", ssl_conf_section);
+        goto err;
+    }
+    cnt = sk_CONF_VALUE_num(cmd_lists);
+    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    ssl_names_count = cnt;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name *ssl_name = ssl_names + i;
+        CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, i);
+        STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
+        if (sk_CONF_VALUE_num(cmds) <= 0) {
+            if (cmds == NULL)
+                SSLerr(SSL_F_SSL_MODULE_INIT,
+                       SSL_R_SSL_COMMAND_SECTION_NOT_FOUND);
+            else
+                SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_EMPTY);
+            ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
+            goto err;
+        }
+        ssl_name->name = BUF_strdup(sect->name);
+        if (ssl_name->name == NULL)
+            goto err;
+        cnt = sk_CONF_VALUE_num(cmds);
+        ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd));
+        if (ssl_name->cmds == NULL)
+            goto err;
+        ssl_name->cmd_count = cnt;
+        for (j = 0; j < cnt; j++) {
+            const char *name;
+            CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, j);
+            struct ssl_conf_cmd *cmd = ssl_name->cmds + j;
+            /* Skip any initial dot in name */
+            name = strchr(cmd_conf->name, '.');
+            if (name != NULL)
+                name++;
+            else
+                name = cmd_conf->name;
+            cmd->cmd = BUF_strdup(name);
+            cmd->arg = BUF_strdup(cmd_conf->value);
+            if (cmd->cmd == NULL || cmd->arg == NULL)
+                goto err;
+        }
+
+    }
+    rv = 1;
+ err:
+    if (rv == 0)
+        ssl_module_free(md);
+    return rv;
+}
+
+void SSL_add_ssl_module(void)
+{
+    CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
+}
+
+static const struct ssl_conf_name *ssl_name_find(const char *name)
+{
+    size_t i;
+    const struct ssl_conf_name *nm;
+    if (name == NULL)
+        return NULL;
+    for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
+        if (strcmp(nm->name, name) == 0)
+            return nm;
+    }
+    return NULL;
+}
+
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
+{
+    SSL_CONF_CTX *cctx = NULL;
+    size_t i;
+    int rv = 0;
+    unsigned int flags;
+    const SSL_METHOD *meth;
+    const struct ssl_conf_name *nm;
+    struct ssl_conf_cmd *cmd;
+    if (s == NULL && ctx == NULL) {
+        SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    nm = ssl_name_find(name);
+    if (nm == NULL) {
+        SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+        ERR_add_error_data(2, "name=", name);
+        goto err;
+    }
+    cctx = SSL_CONF_CTX_new();
+    if (cctx == NULL)
+        goto err;
+    flags = SSL_CONF_FLAG_FILE;
+    flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+    if (s != NULL) {
+        meth = s->method;
+        SSL_CONF_CTX_set_ssl(cctx, s);
+    } else {
+        meth = ctx->method;
+        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    }
+    if (meth->ssl_accept != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_SERVER;
+    if (meth->ssl_connect != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_CLIENT;
+    SSL_CONF_CTX_set_flags(cctx, flags);
+    for (i = 0, cmd = nm->cmds; i < nm->cmd_count; i++, cmd++) {
+        rv = SSL_CONF_cmd(cctx, cmd->cmd, cmd->arg);
+        if (rv <= 0) {
+            if (rv == -2)
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
+            else
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
+            ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd,
+                               ", arg=", cmd->arg);
+            goto err;
+        }
+    }
+    rv = SSL_CONF_CTX_finish(cctx);
+ err:
+    SSL_CONF_CTX_free(cctx);
+    return rv <= 0 ? 0 : 1;
+}
+
+int SSL_config(SSL *s, const char *name)
+{
+    return ssl_do_config(s, NULL, name);
+}
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name)
+{
+    return ssl_do_config(NULL, ctx, name);
+}
diff --git a/openssl-1.1.0h/ssl/ssl_rsa.c b/openssl-1.1.0h/ssl/ssl_rsa.c
new file mode 100644
index 0000000..a94fb13
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_rsa.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+int SSL_use_certificate(SSL *ssl, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+        return 0;
+    }
+
+    return (ssl_set_cert(ssl->cert, x));
+}
+
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
+                              ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+    X509_free(x);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+    EVP_PKEY *pkey;
+    int ret;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return (0);
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+{
+    int i;
+    i = ssl_cert_type(NULL, pkey);
+    if (i < 0) {
+        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return (0);
+    }
+
+    if (c->pkeys[i].x509 != NULL) {
+        EVP_PKEY *pktmp;
+        pktmp = X509_get0_pubkey(c->pkeys[i].x509);
+        if (pktmp == NULL) {
+            SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+        ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+        /*
+         * Don't check the public/private key, this is mostly for smart
+         * cards.
+         */
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
+        else
+#endif
+        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
+            X509_free(c->pkeys[i].x509);
+            c->pkeys[i].x509 = NULL;
+            return 0;
+        }
+    }
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(pkey);
+    c->pkeys[i].privatekey = pkey;
+    c->key = &(c->pkeys[i]);
+    return (1);
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ssl->default_passwd_callback,
+                                         ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+    return (ret);
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+    int ret;
+
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    return (ret);
+}
+
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ssl->default_passwd_callback,
+                                       ssl->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
+                            long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+        return 0;
+    }
+    return (ssl_set_cert(ctx->cert, x));
+}
+
+static int ssl_set_cert(CERT *c, X509 *x)
+{
+    EVP_PKEY *pkey;
+    int i;
+
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
+        return (0);
+    }
+
+    i = ssl_cert_type(x, pkey);
+    if (i < 0) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return 0;
+    }
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
+    if (c->pkeys[i].privatekey != NULL) {
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
+        ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+        /*
+         * Don't check the public/private key, this is mostly for smart
+         * cards.
+         */
+        if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
+            && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
+            RSA_METHOD_FLAG_NO_CHECK) ;
+        else
+#endif                          /* OPENSSL_NO_RSA */
+        if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
+            /*
+             * don't fail for a cert/key mismatch, just free current private
+             * key (when switching to a different cert & key, first this
+             * function should be used, then ssl_set_pkey
+             */
+            EVP_PKEY_free(c->pkeys[i].privatekey);
+            c->pkeys[i].privatekey = NULL;
+            /* clear error queue */
+            ERR_clear_error();
+        }
+    }
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x);
+    c->pkeys[i].x509 = x;
+    c->key = &(c->pkeys[i]);
+
+    return 1;
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+                              ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+    X509_free(x);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+    int ret;
+    EVP_PKEY *pkey;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return (0);
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ctx->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ctx->default_passwd_callback,
+                                         ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                   long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+    return (ret);
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    return (ssl_set_pkey(ctx->cert, pkey));
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ctx->default_passwd_callback,
+                                       ctx->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+                                const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return (0);
+    }
+
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+
+/*
+ * Read a file that contains our certificate in "PEM" format, possibly
+ * followed by a sequence of CA certificates that should be sent to the peer
+ * in the Certificate message.
+ */
+static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
+{
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+    pem_password_cb *passwd_callback;
+    void *passwd_callback_userdata;
+
+    ERR_clear_error();          /* clear error stack for
+                                 * SSL_CTX_use_certificate() */
+
+    if (ctx != NULL) {
+        passwd_callback = ctx->default_passwd_callback;
+        passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+    } else {
+        passwd_callback = ssl->default_passwd_callback;
+        passwd_callback_userdata = ssl->default_passwd_callback_userdata;
+    }
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
+                              passwd_callback_userdata);
+    if (x == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+        goto end;
+    }
+
+    if (ctx)
+        ret = SSL_CTX_use_certificate(ctx, x);
+    else
+        ret = SSL_use_certificate(ssl, x);
+
+    if (ERR_peek_error() != 0)
+        ret = 0;                /* Key/certificate mismatch doesn't imply
+                                 * ret==0 ... */
+    if (ret) {
+        /*
+         * If we could set up our certificate, now proceed to the CA
+         * certificates.
+         */
+        X509 *ca;
+        int r;
+        unsigned long err;
+
+        if (ctx)
+            r = SSL_CTX_clear_chain_certs(ctx);
+        else
+            r = SSL_clear_chain_certs(ssl);
+
+        if (r == 0) {
+            ret = 0;
+            goto end;
+        }
+
+        while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
+                                       passwd_callback_userdata))
+               != NULL) {
+            if (ctx)
+                r = SSL_CTX_add0_chain_cert(ctx, ca);
+            else
+                r = SSL_add0_chain_cert(ssl, ca);
+            /*
+             * Note that we must not free ca if it was successfully added to
+             * the chain (while we must free the main certificate, since its
+             * reference count is increased by SSL_CTX_use_certificate).
+             */
+            if (!r) {
+                X509_free(ca);
+                ret = 0;
+                goto end;
+            }
+        }
+        /* When the while loop ends, it's usually just EOF. */
+        err = ERR_peek_last_error();
+        if (ERR_GET_LIB(err) == ERR_LIB_PEM
+            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+            ERR_clear_error();
+        else
+            ret = 0;            /* some real error */
+    }
+
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return (ret);
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+    return use_certificate_chain_file(ctx, NULL, file);
+}
+
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+    return use_certificate_chain_file(NULL, ssl, file);
+}
+
+static int serverinfo_find_extension(const unsigned char *serverinfo,
+                                     size_t serverinfo_length,
+                                     unsigned int extension_type,
+                                     const unsigned char **extension_data,
+                                     size_t *extension_length)
+{
+    *extension_data = NULL;
+    *extension_length = 0;
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return -1;
+    for (;;) {
+        unsigned int type = 0;
+        size_t len = 0;
+
+        /* end of serverinfo */
+        if (serverinfo_length == 0)
+            return 0;           /* Extension not found */
+
+        /* read 2-byte type field */
+        if (serverinfo_length < 2)
+            return -1;          /* Error */
+        type = (serverinfo[0] << 8) + serverinfo[1];
+        serverinfo += 2;
+        serverinfo_length -= 2;
+
+        /* read 2-byte len field */
+        if (serverinfo_length < 2)
+            return -1;          /* Error */
+        len = (serverinfo[0] << 8) + serverinfo[1];
+        serverinfo += 2;
+        serverinfo_length -= 2;
+
+        if (len > serverinfo_length)
+            return -1;          /* Error */
+
+        if (type == extension_type) {
+            *extension_data = serverinfo;
+            *extension_length = len;
+            return 1;           /* Success */
+        }
+
+        serverinfo += len;
+        serverinfo_length -= len;
+    }
+    /* Unreachable */
+}
+
+static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al, void *arg)
+{
+
+    if (inlen != 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    return 1;
+}
+
+static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *arg)
+{
+    const unsigned char *serverinfo = NULL;
+    size_t serverinfo_length = 0;
+
+    /* Is there serverinfo data for the chosen server cert? */
+    if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
+                                        &serverinfo_length)) != 0) {
+        /* Find the relevant extension from the serverinfo */
+        int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
+                                               ext_type, out, outlen);
+        if (retval == -1) {
+            *al = SSL_AD_DECODE_ERROR;
+            return -1;          /* Error */
+        }
+        if (retval == 0)
+            return 0;           /* No extension found, don't send extension */
+        return 1;               /* Send extension */
+    }
+    return 0;                   /* No serverinfo data found, don't send
+                                 * extension */
+}
+
+/*
+ * With a NULL context, this function just checks that the serverinfo data
+ * parses correctly.  With a non-NULL context, it registers callbacks for
+ * the included extensions.
+ */
+static int serverinfo_process_buffer(const unsigned char *serverinfo,
+                                     size_t serverinfo_length, SSL_CTX *ctx)
+{
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return 0;
+    for (;;) {
+        unsigned int ext_type = 0;
+        size_t len = 0;
+
+        /* end of serverinfo */
+        if (serverinfo_length == 0)
+            return 1;
+
+        /* read 2-byte type field */
+        if (serverinfo_length < 2)
+            return 0;
+        /* FIXME: check for types we understand explicitly? */
+
+        /* Register callbacks for extensions */
+        ext_type = (serverinfo[0] << 8) + serverinfo[1];
+        if (ctx) {
+            int have_ext_cbs = 0;
+            size_t i;
+            custom_ext_methods *exts = &ctx->cert->srv_ext;
+            custom_ext_method *meth = exts->meths;
+
+            for (i = 0; i < exts->meths_count; i++, meth++) {
+                if (ext_type == meth->ext_type) {
+                    have_ext_cbs = 1;
+                    break;
+                }
+            }
+
+            if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
+                                                                serverinfo_srv_add_cb,
+                                                                NULL, NULL,
+                                                                serverinfo_srv_parse_cb,
+                                                                NULL))
+                return 0;
+        }
+
+        serverinfo += 2;
+        serverinfo_length -= 2;
+
+        /* read 2-byte len field */
+        if (serverinfo_length < 2)
+            return 0;
+        len = (serverinfo[0] << 8) + serverinfo[1];
+        serverinfo += 2;
+        serverinfo_length -= 2;
+
+        if (len > serverinfo_length)
+            return 0;
+
+        serverinfo += len;
+        serverinfo_length -= len;
+    }
+}
+
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length)
+{
+    unsigned char *new_serverinfo;
+
+    if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    if (ctx->cert->key == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+                                     serverinfo_length);
+    if (new_serverinfo == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->cert->key->serverinfo = new_serverinfo;
+    memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
+    ctx->cert->key->serverinfo_length = serverinfo_length;
+
+    /*
+     * Now that the serverinfo is validated and stored, go ahead and
+     * register callbacks.
+     */
+    if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+{
+    unsigned char *serverinfo = NULL;
+    unsigned char *tmp;
+    size_t serverinfo_length = 0;
+    unsigned char *extension = 0;
+    long extension_length = 0;
+    char *name = NULL;
+    char *header = NULL;
+    char namePrefix[] = "SERVERINFO FOR ";
+    int ret = 0;
+    BIO *bin = NULL;
+    size_t num_extensions = 0;
+
+    if (ctx == NULL || file == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
+        goto end;
+    }
+
+    bin = BIO_new(BIO_s_file());
+    if (bin == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+    if (BIO_read_filename(bin, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    for (num_extensions = 0;; num_extensions++) {
+        if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
+            == 0) {
+            /*
+             * There must be at least one extension in this file
+             */
+            if (num_extensions == 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_NO_PEM_EXTENSIONS);
+                goto end;
+            } else              /* End of file, we're done */
+                break;
+        }
+        /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
+        if (strlen(name) < strlen(namePrefix)) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
+            goto end;
+        }
+        if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                   SSL_R_PEM_NAME_BAD_PREFIX);
+            goto end;
+        }
+        /*
+         * Check that the decoded PEM data is plausible (valid length field)
+         */
+        if (extension_length < 4
+            || (extension[2] << 8) + extension[3] != extension_length - 4) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+            goto end;
+        }
+        /* Append the decoded extension to the serverinfo buffer */
+        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
+        if (tmp == NULL) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
+            goto end;
+        }
+        serverinfo = tmp;
+        memcpy(serverinfo + serverinfo_length, extension, extension_length);
+        serverinfo_length += extension_length;
+
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(extension);
+        extension = NULL;
+    }
+
+    ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length);
+ end:
+    /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(extension);
+    OPENSSL_free(serverinfo);
+    BIO_free(bin);
+    return ret;
+}
diff --git a/openssl-1.1.0h/ssl/ssl_sess.c b/openssl-1.1.0h/ssl/ssl_sess.c
new file mode 100644
index 0000000..0dea8b5
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_sess.c
@@ -0,0 +1,1179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include "ssl_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+    return (ssl->session);
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+    SSL_SESSION *sess;
+    /*
+     * Need to lock this all up rather than just use CRYPTO_add so that
+     * somebody doesn't free ssl->session between when we check it's non-null
+     * and when we up the reference count.
+     */
+    CRYPTO_THREAD_read_lock(ssl->lock);
+    sess = ssl->session;
+    if (sess)
+        SSL_SESSION_up_ref(sess);
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return sess;
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+    SSL_SESSION *ss;
+
+    ss = OPENSSL_zalloc(sizeof(*ss));
+    if (ss == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
+    ss->references = 1;
+    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
+    ss->time = (unsigned long)time(NULL);
+    ss->lock = CRYPTO_THREAD_lock_new();
+    if (ss->lock == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+        CRYPTO_THREAD_lock_free(ss->lock);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+    return ss;
+}
+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+    SSL_SESSION *dest;
+
+    dest = OPENSSL_malloc(sizeof(*src));
+    if (dest == NULL) {
+        goto err;
+    }
+    memcpy(dest, src, sizeof(*dest));
+
+    /*
+     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+     * the case of an error whilst halfway through constructing dest
+     */
+#ifndef OPENSSL_NO_PSK
+    dest->psk_identity_hint = NULL;
+    dest->psk_identity = NULL;
+#endif
+    dest->ciphers = NULL;
+    dest->tlsext_hostname = NULL;
+#ifndef OPENSSL_NO_EC
+    dest->tlsext_ecpointformatlist = NULL;
+    dest->tlsext_ellipticcurvelist = NULL;
+#endif
+    dest->tlsext_tick = NULL;
+#ifndef OPENSSL_NO_SRP
+    dest->srp_username = NULL;
+#endif
+    dest->peer_chain = NULL;
+    dest->peer = NULL;
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+    /* We deliberately don't copy the prev and next pointers */
+    dest->prev = NULL;
+    dest->next = NULL;
+
+    dest->references = 1;
+
+    dest->lock = CRYPTO_THREAD_lock_new();
+    if (dest->lock == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+        goto err;
+
+    if (src->peer != NULL) {
+        if (!X509_up_ref(src->peer))
+            goto err;
+        dest->peer = src->peer;
+    }
+
+    if (src->peer_chain != NULL) {
+        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+        if (dest->peer_chain == NULL)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (src->psk_identity_hint) {
+        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
+        if (dest->psk_identity_hint == NULL) {
+            goto err;
+        }
+    }
+    if (src->psk_identity) {
+        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
+        if (dest->psk_identity == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if (src->ciphers != NULL) {
+        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+        if (dest->ciphers == NULL)
+            goto err;
+    }
+
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+                            &dest->ex_data, &src->ex_data)) {
+        goto err;
+    }
+
+    if (src->tlsext_hostname) {
+        dest->tlsext_hostname = OPENSSL_strdup(src->tlsext_hostname);
+        if (dest->tlsext_hostname == NULL) {
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC
+    if (src->tlsext_ecpointformatlist) {
+        dest->tlsext_ecpointformatlist =
+            OPENSSL_memdup(src->tlsext_ecpointformatlist,
+                           src->tlsext_ecpointformatlist_length);
+        if (dest->tlsext_ecpointformatlist == NULL)
+            goto err;
+    }
+    if (src->tlsext_ellipticcurvelist) {
+        dest->tlsext_ellipticcurvelist =
+            OPENSSL_memdup(src->tlsext_ellipticcurvelist,
+                           src->tlsext_ellipticcurvelist_length);
+        if (dest->tlsext_ellipticcurvelist == NULL)
+            goto err;
+    }
+#endif
+
+    if (ticket != 0 && src->tlsext_tick != NULL) {
+        dest->tlsext_tick =
+            OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
+        if (dest->tlsext_tick == NULL)
+            goto err;
+    } else {
+        dest->tlsext_tick_lifetime_hint = 0;
+        dest->tlsext_ticklen = 0;
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (src->srp_username) {
+        dest->srp_username = OPENSSL_strdup(src->srp_username);
+        if (dest->srp_username == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    return dest;
+ err:
+    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+    SSL_SESSION_free(dest);
+    return NULL;
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+{
+    if (len)
+        *len = s->session_id_length;
+    return s->session_id;
+}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                unsigned int *len)
+{
+    if (len != NULL)
+        *len = s->sid_ctx_length;
+    return s->sid_ctx;
+}
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+{
+    return s->compress_meth;
+}
+
+/*
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
+ * the ID with random junk repeatedly until we have no conflict is going to
+ * complete in one iteration pretty much "most" of the time (btw:
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
+ * a conflict - well that's a reasonable point to call it quits. Either the
+ * RAND code is broken or someone is trying to open roughly very close to
+ * 2^256 SSL sessions to our server. How you might store that many sessions
+ * is perhaps a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+                                   unsigned int *id_len)
+{
+    unsigned int retry = 0;
+    do
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+    if (retry < MAX_SESS_ID_ATTEMPTS)
+        return 1;
+    /* else - woops a session_id match */
+    /*
+     * XXX We should also check the external cache -- but the probability of
+     * a collision is negligible, and we could not prevent the concurrent
+     * creation of sessions with identical IDs since we currently don't have
+     * means to atomically check whether a session ID already exists and make
+     * a reservation for it if it does not (this problem applies to the
+     * internal cache as well).
+     */
+    return 0;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+    /* This gets used by clients and servers. */
+
+    unsigned int tmp;
+    SSL_SESSION *ss = NULL;
+    GEN_SESSION_CB cb = def_generate_session_id;
+
+    if ((ss = SSL_SESSION_new()) == NULL)
+        return (0);
+
+    /* If the context has a default timeout, use it */
+    if (s->session_ctx->session_timeout == 0)
+        ss->timeout = SSL_get_default_timeout(s);
+    else
+        ss->timeout = s->session_ctx->session_timeout;
+
+    SSL_SESSION_free(s->session);
+    s->session = NULL;
+
+    if (session) {
+        if (s->version == SSL3_VERSION) {
+            ss->ssl_version = SSL3_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_VERSION) {
+            ss->ssl_version = TLS1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_1_VERSION) {
+            ss->ssl_version = TLS1_1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_2_VERSION) {
+            ss->ssl_version = TLS1_2_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == DTLS1_BAD_VER) {
+            ss->ssl_version = DTLS1_BAD_VER;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == DTLS1_VERSION) {
+            ss->ssl_version = DTLS1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == DTLS1_2_VERSION) {
+            ss->ssl_version = DTLS1_2_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else {
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+
+        /*-
+         * If RFC5077 ticket, use empty session ID (as server).
+         * Note that:
+         * (a) ssl_get_prev_session() does lookahead into the
+         *     ClientHello extensions to find the session ticket.
+         *     When ssl_get_prev_session() fails, statem_srvr.c calls
+         *     ssl_get_new_session() in tls_process_client_hello().
+         *     At that point, it has not yet parsed the extensions,
+         *     however, because of the lookahead, it already knows
+         *     whether a ticket is expected or not.
+         *
+         * (b) statem_clnt.c calls ssl_get_new_session() before parsing
+         *     ServerHello extensions, and before recording the session
+         *     ID received from the server, so this block is a noop.
+         */
+        if (s->tlsext_ticket_expected) {
+            ss->session_id_length = 0;
+            goto sess_id_done;
+        }
+
+        /* Choose which callback will set the session ID */
+        CRYPTO_THREAD_read_lock(s->lock);
+        CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+        if (s->generate_session_id)
+            cb = s->generate_session_id;
+        else if (s->session_ctx->generate_session_id)
+            cb = s->session_ctx->generate_session_id;
+        CRYPTO_THREAD_unlock(s->session_ctx->lock);
+        CRYPTO_THREAD_unlock(s->lock);
+        /* Choose a session ID */
+        memset(ss->session_id, 0, ss->session_id_length);
+        tmp = ss->session_id_length;
+        if (!cb(s, ss->session_id, &tmp)) {
+            /* The callback failed */
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                   SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+        /*
+         * Don't allow the callback to set the session length to zero. nor
+         * set it higher than it was.
+         */
+        if (tmp == 0 || tmp > ss->session_id_length) {
+            /* The callback set an illegal length */
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                   SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+        ss->session_id_length = tmp;
+        /* Finally, check for a conflict */
+        if (SSL_has_matching_session_id(s, ss->session_id,
+                                        ss->session_id_length)) {
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+
+ sess_id_done:
+        if (s->tlsext_hostname) {
+            ss->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname);
+            if (ss->tlsext_hostname == NULL) {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+            }
+        }
+    } else {
+        ss->session_id_length = 0;
+    }
+
+    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
+        SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(ss);
+        return 0;
+    }
+    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+    ss->sid_ctx_length = s->sid_ctx_length;
+    s->session = ss;
+    ss->ssl_version = s->version;
+    ss->verify_result = X509_V_OK;
+
+    /* If client supports extended master secret set it in session */
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+        ss->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return (1);
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   ext: ClientHello extensions (including length prefix)
+ *   session_id: ClientHello session ID.
+ *
+ * Returns:
+ *   -1: error
+ *    0: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
+{
+    /* This is used only by servers. */
+
+    SSL_SESSION *ret = NULL;
+    int fatal = 0;
+    int try_session_cache = 1;
+    int r;
+
+    if (PACKET_remaining(session_id) == 0)
+        try_session_cache = 0;
+
+    /* sets s->tlsext_ticket_expected and extended master secret flag */
+    r = tls_check_serverhello_tlsext_early(s, ext, session_id, &ret);
+    switch (r) {
+    case -1:                   /* Error during processing */
+        fatal = 1;
+        goto err;
+    case 0:                    /* No ticket found */
+    case 1:                    /* Zero length ticket found */
+        break;                  /* Ok to carry on processing session id. */
+    case 2:                    /* Ticket found but not decrypted. */
+    case 3:                    /* Ticket decrypted, *ret has been set. */
+        try_session_cache = 0;
+        break;
+    default:
+        abort();
+    }
+
+    if (try_session_cache &&
+        ret == NULL &&
+        !(s->session_ctx->session_cache_mode &
+          SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
+        SSL_SESSION data;
+        size_t local_len;
+        data.ssl_version = s->version;
+        memset(data.session_id, 0, sizeof(data.session_id));
+        if (!PACKET_copy_all(session_id, data.session_id,
+                             sizeof(data.session_id), &local_len)) {
+            goto err;
+        }
+        data.session_id_length = local_len;
+        CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
+        if (ret != NULL) {
+            /* don't allow other threads to steal it: */
+            SSL_SESSION_up_ref(ret);
+        }
+        CRYPTO_THREAD_unlock(s->session_ctx->lock);
+        if (ret == NULL)
+            s->session_ctx->stats.sess_miss++;
+    }
+
+    if (try_session_cache &&
+        ret == NULL && s->session_ctx->get_session_cb != NULL) {
+        int copy = 1;
+        ret = s->session_ctx->get_session_cb(s, PACKET_data(session_id),
+                                             PACKET_remaining(session_id),
+                                             &copy);
+
+        if (ret != NULL) {
+            s->session_ctx->stats.sess_cb_hit++;
+
+            /*
+             * Increment reference count now if the session callback asks us
+             * to do so (note that if the session structures returned by the
+             * callback are shared between threads, it must handle the
+             * reference count itself [i.e. copy == 0], or things won't be
+             * thread-safe).
+             */
+            if (copy)
+                SSL_SESSION_up_ref(ret);
+
+            /*
+             * Add the externally cached session to the internal cache as
+             * well if and only if we are supposed to.
+             */
+            if (!
+                (s->session_ctx->session_cache_mode &
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
+                /*
+                 * Either return value of SSL_CTX_add_session should not
+                 * interrupt the session resumption process. The return
+                 * value is intentionally ignored.
+                 */
+                SSL_CTX_add_session(s->session_ctx, ret);
+            }
+        }
+    }
+
+    if (ret == NULL)
+        goto err;
+
+    /* Now ret is non-NULL and we own one of its reference counts. */
+
+    if (ret->sid_ctx_length != s->sid_ctx_length
+        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+        /*
+         * We have the session requested by the client, but we don't want to
+         * use it in this context.
+         */
+        goto err;               /* treat like cache miss */
+    }
+
+    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+        /*
+         * We can't be sure if this session is being used out of context,
+         * which is especially important for SSL_VERIFY_PEER. The application
+         * should have used SSL[_CTX]_set_session_id_context. For this error
+         * case, we generate an error instead of treating the event like a
+         * cache miss (otherwise it would be easy for applications to
+         * effectively disable the session cache by accident without anyone
+         * noticing).
+         */
+
+        SSLerr(SSL_F_SSL_GET_PREV_SESSION,
+               SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+        fatal = 1;
+        goto err;
+    }
+
+    if (ret->cipher == NULL) {
+        unsigned char buf[5], *p;
+        unsigned long l;
+
+        p = buf;
+        l = ret->cipher_id;
+        l2n(l, p);
+        if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
+            ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
+        else
+            ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
+        if (ret->cipher == NULL)
+            goto err;
+    }
+
+    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+        s->session_ctx->stats.sess_timeout++;
+        if (try_session_cache) {
+            /* session was from the cache, so remove it */
+            SSL_CTX_remove_session(s->session_ctx, ret);
+        }
+        goto err;
+    }
+
+    /* Check extended master secret extension consistency */
+    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
+        /* If old session includes extms, but new does not: abort handshake */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
+            SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_INCONSISTENT_EXTMS);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            fatal = 1;
+            goto err;
+        }
+    } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        /* If new session includes extms, but old does not: do not resume */
+        goto err;
+    }
+
+    s->session_ctx->stats.sess_hit++;
+
+    SSL_SESSION_free(s->session);
+    s->session = ret;
+    s->verify_result = s->session->verify_result;
+    return 1;
+
+ err:
+    if (ret != NULL) {
+        SSL_SESSION_free(ret);
+
+        if (!try_session_cache) {
+            /*
+             * The session was from a ticket, so we should issue a ticket for
+             * the new session
+             */
+            s->tlsext_ticket_expected = 1;
+        }
+    }
+    if (fatal)
+        return -1;
+    else
+        return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    int ret = 0;
+    SSL_SESSION *s;
+
+    /*
+     * add just 1 reference count for the SSL_CTX's session cache even though
+     * it has two ways of access: each session is in a doubly linked list and
+     * an lhash
+     */
+    SSL_SESSION_up_ref(c);
+    /*
+     * if session c is in already in cache, we take back the increment later
+     */
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    s = lh_SSL_SESSION_insert(ctx->sessions, c);
+
+    /*
+     * s != NULL iff we already had a session with the given PID. In this
+     * case, s == c should hold (then we did not really modify
+     * ctx->sessions), or we're in trouble.
+     */
+    if (s != NULL && s != c) {
+        /* We *are* in trouble ... */
+        SSL_SESSION_list_remove(ctx, s);
+        SSL_SESSION_free(s);
+        /*
+         * ... so pretend the other session did not exist in cache (we cannot
+         * handle two SSL_SESSION structures with identical session ID in the
+         * same cache, which could happen e.g. when two threads concurrently
+         * obtain the same session from an external cache)
+         */
+        s = NULL;
+    } else if (s == NULL &&
+               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+        /*
+         * ... so take back the extra reference and also don't add
+         * the session to the SSL_SESSION_list at this time
+         */
+        s = c;
+    }
+
+    /* Put at the head of the queue unless it is already in the cache */
+    if (s == NULL)
+        SSL_SESSION_list_add(ctx, c);
+
+    if (s != NULL) {
+        /*
+         * existing cache entry -- decrement previously incremented reference
+         * count because it already takes into account the cache
+         */
+
+        SSL_SESSION_free(s);    /* s == c */
+        ret = 0;
+    } else {
+        /*
+         * new cache entry -- remove old ones if cache has become too large
+         */
+
+        ret = 1;
+
+        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+            while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
+                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+                    break;
+                else
+                    ctx->stats.sess_cache_full++;
+            }
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return ret;
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+    SSL_SESSION *r;
+    int ret = 0;
+
+    if ((c != NULL) && (c->session_id_length != 0)) {
+        if (lck)
+            CRYPTO_THREAD_write_lock(ctx->lock);
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
+            ret = 1;
+            r = lh_SSL_SESSION_delete(ctx->sessions, c);
+            SSL_SESSION_list_remove(ctx, c);
+        }
+        c->not_resumable = 1;
+
+        if (lck)
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        if (ret)
+            SSL_SESSION_free(r);
+
+        if (ctx->remove_session_cb != NULL)
+            ctx->remove_session_cb(ctx, c);
+    } else
+        ret = 0;
+    return (ret);
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+    int i;
+
+    if (ss == NULL)
+        return;
+
+    CRYPTO_atomic_add(&ss->references, -1, &i, ss->lock);
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
+    X509_free(ss->peer);
+    sk_X509_pop_free(ss->peer_chain, X509_free);
+    sk_SSL_CIPHER_free(ss->ciphers);
+    OPENSSL_free(ss->tlsext_hostname);
+    OPENSSL_free(ss->tlsext_tick);
+#ifndef OPENSSL_NO_EC
+    ss->tlsext_ecpointformatlist_length = 0;
+    OPENSSL_free(ss->tlsext_ecpointformatlist);
+    ss->tlsext_ellipticcurvelist_length = 0;
+    OPENSSL_free(ss->tlsext_ellipticcurvelist);
+#endif                          /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(ss->psk_identity_hint);
+    OPENSSL_free(ss->psk_identity);
+#endif
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(ss->srp_username);
+#endif
+    CRYPTO_THREAD_lock_free(ss->lock);
+    OPENSSL_clear_free(ss, sizeof(*ss));
+}
+
+int SSL_SESSION_up_ref(SSL_SESSION *ss)
+{
+    int i;
+
+    if (CRYPTO_atomic_add(&ss->references, 1, &i, ss->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+    ssl_clear_bad_session(s);
+    if (s->ctx->method != s->method) {
+        if (!SSL_set_ssl_method(s, s->ctx->method))
+            return 0;
+    }
+
+    if (session != NULL) {
+        SSL_SESSION_up_ref(session);
+        s->verify_result = session->verify_result;
+    }
+    SSL_SESSION_free(s->session);
+    s->session = session;
+
+    return 1;
+}
+
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len)
+{
+    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+      SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+             SSL_R_SSL_SESSION_ID_TOO_LONG);
+      return 0;
+    }
+    s->session_id_length = sid_len;
+    if (sid != s->session_id)
+        memcpy(s->session_id, sid, sid_len);
+    return 1;
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return (0);
+    s->timeout = t;
+    return (1);
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->timeout);
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->time);
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return (0);
+    s->time = t;
+    return (t);
+}
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+    return s->ssl_version;
+}
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+    return s->cipher;
+}
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+{
+    return s->tlsext_hostname;
+}
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->tlsext_ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->tlsext_tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len)
+{
+    *len = s->tlsext_ticklen;
+    if (tick != NULL)
+        *tick = s->tlsext_tick;
+}
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+{
+    return s->peer;
+}
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    s->sid_ctx_length = sid_ctx_len;
+    if (sid_ctx != s->sid_ctx)
+        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+    long l;
+    if (s == NULL)
+        return (0);
+    l = s->session_timeout;
+    s->session_timeout = t;
+    return (l);
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->session_timeout);
+}
+
+int SSL_set_session_secret_cb(SSL *s,
+                              int (*tls_session_secret_cb) (SSL *s,
+                                                            void *secret,
+                                                            int *secret_len,
+                                                            STACK_OF(SSL_CIPHER)
+                                                            *peer_ciphers,
+                                                            const SSL_CIPHER
+                                                            **cipher,
+                                                            void *arg),
+                              void *arg)
+{
+    if (s == NULL)
+        return (0);
+    s->tls_session_secret_cb = tls_session_secret_cb;
+    s->tls_session_secret_cb_arg = arg;
+    return (1);
+}
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg)
+{
+    if (s == NULL)
+        return (0);
+    s->tls_session_ticket_ext_cb = cb;
+    s->tls_session_ticket_ext_cb_arg = arg;
+    return (1);
+}
+
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+{
+    if (s->version >= TLS1_VERSION) {
+        OPENSSL_free(s->tlsext_session_ticket);
+        s->tlsext_session_ticket = NULL;
+        s->tlsext_session_ticket =
+            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+        if (s->tlsext_session_ticket == NULL) {
+            SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        if (ext_data) {
+            s->tlsext_session_ticket->length = ext_len;
+            s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
+            memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
+        } else {
+            s->tlsext_session_ticket->length = 0;
+            s->tlsext_session_ticket->data = NULL;
+        }
+
+        return 1;
+    }
+
+    return 0;
+}
+
+typedef struct timeout_param_st {
+    SSL_CTX *ctx;
+    long time;
+    LHASH_OF(SSL_SESSION) *cache;
+} TIMEOUT_PARAM;
+
+static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+    if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+        /*
+         * The reason we don't call SSL_CTX_remove_session() is to save on
+         * locking overhead
+         */
+        (void)lh_SSL_SESSION_delete(p->cache, s);
+        SSL_SESSION_list_remove(p->ctx, s);
+        s->not_resumable = 1;
+        if (p->ctx->remove_session_cb != NULL)
+            p->ctx->remove_session_cb(p->ctx, s);
+        SSL_SESSION_free(s);
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM);
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+    unsigned long i;
+    TIMEOUT_PARAM tp;
+
+    tp.ctx = s;
+    tp.cache = s->sessions;
+    if (tp.cache == NULL)
+        return;
+    tp.time = t;
+    CRYPTO_THREAD_write_lock(s->lock);
+    i = lh_SSL_SESSION_get_down_load(s->sessions);
+    lh_SSL_SESSION_set_down_load(s->sessions, 0);
+    lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
+    lh_SSL_SESSION_set_down_load(s->sessions, i);
+    CRYPTO_THREAD_unlock(s->lock);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+    if ((s->session != NULL) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+        !(SSL_in_init(s) || SSL_in_before(s))) {
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+        return (1);
+    } else
+        return (0);
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next == NULL) || (s->prev == NULL))
+        return;
+
+    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+        /* last element in list */
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* only one element in list */
+            ctx->session_cache_head = NULL;
+            ctx->session_cache_tail = NULL;
+        } else {
+            ctx->session_cache_tail = s->prev;
+            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+        }
+    } else {
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* first element in list */
+            ctx->session_cache_head = s->next;
+            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        } else {
+            /* middle of list */
+            s->next->prev = s->prev;
+            s->prev->next = s->next;
+        }
+    }
+    s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next != NULL) && (s->prev != NULL))
+        SSL_SESSION_list_remove(ctx, s);
+
+    if (ctx->session_cache_head == NULL) {
+        ctx->session_cache_head = s;
+        ctx->session_cache_tail = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+    } else {
+        s->next = ctx->session_cache_head;
+        s->next->prev = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        ctx->session_cache_head = s;
+    }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
+{
+    ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+    return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+    ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+                                                  SSL_SESSION *sess) {
+    return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
+                                                 const unsigned char *data,
+                                                 int len, int *copy))
+{
+    ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+                                                       const unsigned char
+                                                       *data, int len,
+                                                       int *copy) {
+    return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val))
+{
+    ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val) {
+    return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl, X509 **x509,
+                                           EVP_PKEY **pkey))
+{
+    ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey) {
+    return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+    if (!ENGINE_init(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+    if (!ENGINE_get_ssl_client_cert_function(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+               SSL_R_NO_CLIENT_CERT_METHOD);
+        ENGINE_finish(e);
+        return 0;
+    }
+    ctx->client_cert_engine = e;
+    return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*cb) (SSL *ssl,
+                                               unsigned char *cookie,
+                                               unsigned int *cookie_len))
+{
+    ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*cb) (SSL *ssl,
+                                             const unsigned char *cookie,
+                                             unsigned int cookie_len))
+{
+    ctx->app_verify_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/openssl-1.1.0h/ssl/ssl_stat.c b/openssl-1.1.0h/ssl/ssl_stat.c
new file mode 100644
index 0000000..ad7a019
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_stat.c
@@ -0,0 +1,362 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+
+const char *SSL_state_string_long(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "error";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_CR_CERT_STATUS:
+        return "SSLv3/TLS read certificate status";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SR_NEXT_PROTO:
+        return "SSLv3/TLS read next proto";
+    case TLS_ST_SW_CERT_STATUS:
+        return "SSLv3/TLS write certificate status";
+    case TLS_ST_BEFORE:
+        return "before SSL initialization";
+    case TLS_ST_OK:
+        return "SSL negotiation finished successfully";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "SSLv3/TLS write client hello";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "SSLv3/TLS read server hello";
+    case TLS_ST_CR_CERT:
+        return "SSLv3/TLS read server certificate";
+    case TLS_ST_CR_KEY_EXCH:
+        return "SSLv3/TLS read server key exchange";
+    case TLS_ST_CR_CERT_REQ:
+        return "SSLv3/TLS read server certificate request";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "SSLv3/TLS read server session ticket";
+    case TLS_ST_CR_SRVR_DONE:
+        return "SSLv3/TLS read server done";
+    case TLS_ST_CW_CERT:
+        return "SSLv3/TLS write client certificate";
+    case TLS_ST_CW_KEY_EXCH:
+        return "SSLv3/TLS write client key exchange";
+    case TLS_ST_CW_CERT_VRFY:
+        return "SSLv3/TLS write certificate verify";
+    case TLS_ST_CW_CHANGE:
+    case TLS_ST_SW_CHANGE:
+        return "SSLv3/TLS write change cipher spec";
+    case TLS_ST_CW_FINISHED:
+    case TLS_ST_SW_FINISHED:
+        return "SSLv3/TLS write finished";
+    case TLS_ST_CR_CHANGE:
+    case TLS_ST_SR_CHANGE:
+        return "SSLv3/TLS read change cipher spec";
+    case TLS_ST_CR_FINISHED:
+    case TLS_ST_SR_FINISHED:
+        return "SSLv3/TLS read finished";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "SSLv3/TLS read client hello";
+    case TLS_ST_SW_HELLO_REQ:
+        return "SSLv3/TLS write hello request";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "SSLv3/TLS write server hello";
+    case TLS_ST_SW_CERT:
+        return "SSLv3/TLS write certificate";
+    case TLS_ST_SW_KEY_EXCH:
+        return "SSLv3/TLS write key exchange";
+    case TLS_ST_SW_CERT_REQ:
+        return "SSLv3/TLS write certificate request";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "SSLv3/TLS write session ticket";
+    case TLS_ST_SW_SRVR_DONE:
+        return "SSLv3/TLS write server done";
+    case TLS_ST_SR_CERT:
+        return "SSLv3/TLS read client certificate";
+    case TLS_ST_SR_KEY_EXCH:
+        return "SSLv3/TLS read client key exchange";
+    case TLS_ST_SR_CERT_VRFY:
+        return "SSLv3/TLS read certificate verify";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DTLS1 read hello verify request";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DTLS1 write hello verify request";
+    default:
+        return "unknown state";
+    }
+}
+
+const char *SSL_state_string(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "SSLERR";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_SR_NEXT_PROTO:
+        return "TRNP";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "TWST";
+    case TLS_ST_SW_CERT_STATUS:
+        return "TWCS";
+    case TLS_ST_CR_CERT_STATUS:
+        return "TRCS";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "TRST";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "TWNP";
+    case TLS_ST_BEFORE:
+        return "PINIT ";
+    case TLS_ST_OK:
+        return "SSLOK ";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "TWCH";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "TRSH";
+    case TLS_ST_CR_CERT:
+        return "TRSC";
+    case TLS_ST_CR_KEY_EXCH:
+        return "TRSKE";
+    case TLS_ST_CR_CERT_REQ:
+        return "TRCR";
+    case TLS_ST_CR_SRVR_DONE:
+        return "TRSD";
+    case TLS_ST_CW_CERT:
+        return "TWCC";
+    case TLS_ST_CW_KEY_EXCH:
+        return "TWCKE";
+    case TLS_ST_CW_CERT_VRFY:
+        return "TWCV";
+    case TLS_ST_SW_CHANGE:
+    case TLS_ST_CW_CHANGE:
+        return "TWCCS";
+    case TLS_ST_SW_FINISHED:
+    case TLS_ST_CW_FINISHED:
+        return "TWFIN";
+    case TLS_ST_SR_CHANGE:
+    case TLS_ST_CR_CHANGE:
+        return "TRCCS";
+    case TLS_ST_SR_FINISHED:
+    case TLS_ST_CR_FINISHED:
+        return "TRFIN";
+    case TLS_ST_SW_HELLO_REQ:
+        return "TWHR";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "TRCH";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "TWSH";
+    case TLS_ST_SW_CERT:
+        return "TWSC";
+    case TLS_ST_SW_KEY_EXCH:
+        return "TWSKE";
+    case TLS_ST_SW_CERT_REQ:
+        return "TWCR";
+    case TLS_ST_SW_SRVR_DONE:
+        return "TWSD";
+    case TLS_ST_SR_CERT:
+        return "TRCC";
+    case TLS_ST_SR_KEY_EXCH:
+        return "TRCKE";
+    case TLS_ST_SR_CERT_VRFY:
+        return "TRCV";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DRCHV";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DWCHV";
+    default:
+        return "UNKWN ";
+    }
+}
+
+const char *SSL_alert_type_string_long(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "warning";
+    case SSL3_AL_FATAL:
+        return "fatal";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_alert_type_string(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "W";
+    case SSL3_AL_FATAL:
+        return "F";
+    default:
+        return "U";
+    }
+}
+
+const char *SSL_alert_desc_string(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "CN";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "UM";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "BM";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "DF";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "HF";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "NC";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "BC";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "UC";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "CR";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "CE";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "CU";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "IP";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "DC";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "RO";
+    case TLS1_AD_UNKNOWN_CA:
+        return "CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "AD";
+    case TLS1_AD_DECODE_ERROR:
+        return "DE";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "CY";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "ER";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "PV";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "IS";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "IE";
+    case TLS1_AD_USER_CANCELLED:
+        return "US";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "NR";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "UE";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "CO";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "UN";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "BR";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "BH";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "UP";
+    default:
+        return "UK";
+    }
+}
+
+const char *SSL_alert_desc_string_long(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "close notify";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "unexpected_message";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "bad record mac";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "decompression failure";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "handshake failure";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "no certificate";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "bad certificate";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "unsupported certificate";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "certificate revoked";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "certificate expired";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "certificate unknown";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "illegal parameter";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "decryption failed";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "record overflow";
+    case TLS1_AD_UNKNOWN_CA:
+        return "unknown CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "access denied";
+    case TLS1_AD_DECODE_ERROR:
+        return "decode error";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "decrypt error";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "export restriction";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "protocol version";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "insufficient security";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "internal error";
+    case TLS1_AD_USER_CANCELLED:
+        return "user canceled";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "no renegotiation";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "unsupported extension";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "certificate unobtainable";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "unrecognized name";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "bad certificate status response";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "bad certificate hash value";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "unknown PSK identity";
+    case TLS1_AD_NO_APPLICATION_PROTOCOL:
+        return "no application protocol";
+    default:
+        return "unknown";
+    }
+}
diff --git a/openssl-1.1.0h/ssl/ssl_txt.c b/openssl-1.1.0h/ssl/ssl_txt.c
new file mode 100644
index 0000000..dbbf9d9
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_txt.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/buffer.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = SSL_SESSION_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
+{
+    unsigned int i;
+    const char *s;
+
+    if (x == NULL)
+        goto err;
+    if (BIO_puts(bp, "SSL-Session:\n") <= 0)
+        goto err;
+    s = ssl_protocol_to_string(x->ssl_version);
+    if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
+        goto err;
+
+    if (x->cipher == NULL) {
+        if (((x->cipher_id) & 0xff000000) == 0x02000000) {
+            if (BIO_printf
+                (bp, "    Cipher    : %06lX\n", x->cipher_id & 0xffffff) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf
+                (bp, "    Cipher    : %04lX\n", x->cipher_id & 0xffff) <= 0)
+                goto err;
+        }
+    } else {
+        if (BIO_printf
+            (bp, "    Cipher    : %s\n",
+             ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "    Session-ID: ") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
+        goto err;
+    for (i = 0; i < x->sid_ctx_length; i++) {
+        if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
+        goto err;
+    for (i = 0; i < (unsigned int)x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
+        goto err;
+    if (BIO_puts(bp, "\n    PSK identity hint: ") <= 0)
+        goto err;
+    if (BIO_printf
+        (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
+        goto err;
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (BIO_puts(bp, "\n    SRP username: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
+        goto err;
+#endif
+    if (x->tlsext_tick_lifetime_hint) {
+        if (BIO_printf(bp,
+                       "\n    TLS session ticket lifetime hint: %ld (seconds)",
+                       x->tlsext_tick_lifetime_hint) <= 0)
+            goto err;
+    }
+    if (x->tlsext_tick) {
+        if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
+            goto err;
+        if (BIO_dump_indent
+            (bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
+            <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (x->compress_meth != 0) {
+        SSL_COMP *comp = NULL;
+
+        if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
+            goto err;
+        if (comp == NULL) {
+            if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
+                           comp->name) <= 0)
+                goto err;
+        }
+    }
+#endif
+    if (x->time != 0L) {
+        if (BIO_printf(bp, "\n    Start Time: %ld", x->time) <= 0)
+            goto err;
+    }
+    if (x->timeout != 0L) {
+        if (BIO_printf(bp, "\n    Timeout   : %ld (sec)", x->timeout) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "    Verify return code: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                   X509_verify_cert_error_string(x->verify_result)) <= 0)
+        goto err;
+
+    if (BIO_printf(bp, "    Extended master secret: %s\n",
+                   x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+        goto err;
+
+    return (1);
+ err:
+    return (0);
+}
+
+/*
+ * print session id and master key in NSS keylog format (RSA
+ * Session-ID:<session id> Master-Key:<master key>)
+ */
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
+{
+    unsigned int i;
+
+    if (x == NULL)
+        goto err;
+    if (x->session_id_length == 0 || x->master_key_length == 0)
+        goto err;
+
+    /*
+     * the RSA prefix is required by the format's definition although there's
+     * nothing RSA-specific in the output, therefore, we don't have to check if
+     * the cipher suite is based on RSA
+     */
+    if (BIO_puts(bp, "RSA ") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "Session-ID:") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, " Master-Key:") <= 0)
+        goto err;
+    for (i = 0; i < (unsigned int)x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    return (1);
+ err:
+    return (0);
+}
diff --git a/openssl-1.1.0h/ssl/ssl_utst.c b/openssl-1.1.0h/ssl/ssl_utst.c
new file mode 100644
index 0000000..09e76d1
--- /dev/null
+++ b/openssl-1.1.0h/ssl/ssl_utst.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_UNIT_TEST
+
+static const struct openssl_ssl_test_functions ssl_test_functions = {
+    ssl_init_wbio_buffer,
+    ssl3_setup_buffers,
+# ifndef OPENSSL_NO_HEARTBEATS
+#  undef dtls1_process_heartbeat
+    dtls1_process_heartbeat
+# endif
+};
+
+const struct openssl_ssl_test_functions *SSL_test_functions(void)
+{
+    return &ssl_test_functions;
+}
+
+#endif
diff --git a/openssl-1.1.0h/ssl/statem/README b/openssl-1.1.0h/ssl/statem/README
new file mode 100644
index 0000000..145c69d
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/README
@@ -0,0 +1,63 @@
+State Machine Design
+====================
+
+This file provides some guidance on the thinking behind the design of the
+state machine code to aid future maintenance.
+
+The state machine code replaces an older state machine present in OpenSSL
+versions 1.0.2 and below. The new state machine has the following objectives:
+    - Remove duplication of state code between client and server
+    - Remove duplication of state code between TLS and DTLS
+    - Simplify transitions and bring the logic together in a single location
+      so that it is easier to validate
+    - Remove duplication of code between each of the message handling functions
+    - Receive a message first and then work out whether that is a valid
+      transition - not the other way around (the other way causes lots of issues
+      where we are expecting one type of message next but actually get something
+      else)
+    - Separate message flow state from handshake state (in order to better
+      understand each)
+      - message flow state = when to flush buffers; handling restarts in the
+        event of NBIO events; handling the common flow of steps for reading a
+        message and the common flow of steps for writing a message etc
+      - handshake state = what handshake message are we working on now
+    - Control complexity: only the state machine can change state: keep all
+      the state changes local to the state machine component
+
+The message flow state machine is divided into a reading sub-state machine and a
+writing sub-state machine. See the source comments in statem.c for a more
+detailed description of the various states and transitions possible.
+
+Conceptually the state machine component is designed as follows:
+
+                        libssl
+                           |
+---------------------------|-----statem.h--------------------------------------
+                           |
+                    _______V____________________
+                   |                            |
+                   |    statem.c                |
+                   |                            |
+                   |    Core state machine code |
+                   |____________________________|
+        statem_locl.h     ^          ^
+                 _________|          |_______
+                |                            |
+   _____________|____________   _____________|____________
+  |                          | |                          |
+  | statem_clnt.c            | | statem_srvr.c            |
+  |                          | |                          |
+  | TLS/DTLS client specific | | TLS/DTLS server specific |
+  | state machine code       | | state machine code       |
+  |__________________________| |__________________________|
+               |        |_______________|__       |
+               |        ________________|  |      |
+               |       |                   |      |
+   ____________V_______V________   ________V______V_______________
+  |                             | |                               |
+  | statem_both.c               | | statem_dtls.c                 |
+  |                             | |                               |
+  | Non core functions common   | | Non core functions common to  |
+  | to both servers and clients | | both DTLS servers and clients |
+  |_____________________________| |_______________________________|
+
diff --git a/openssl-1.1.0h/ssl/statem/statem.c b/openssl-1.1.0h/ssl/statem/statem.c
new file mode 100644
index 0000000..b91ec0a
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem.c
@@ -0,0 +1,860 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rand.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+
+/*
+ * This file implements the SSL/TLS/DTLS state machines.
+ *
+ * There are two primary state machines:
+ *
+ * 1) Message flow state machine
+ * 2) Handshake state machine
+ *
+ * The Message flow state machine controls the reading and sending of messages
+ * including handling of non-blocking IO events, flushing of the underlying
+ * write BIO, handling unexpected messages, etc. It is itself broken into two
+ * separate sub-state machines which control reading and writing respectively.
+ *
+ * The Handshake state machine keeps track of the current SSL/TLS handshake
+ * state. Transitions of the handshake state are the result of events that
+ * occur within the Message flow state machine.
+ *
+ * Overall it looks like this:
+ *
+ * ---------------------------------------------            -------------------
+ * |                                           |            |                 |
+ * | Message flow state machine                |            |                 |
+ * |                                           |            |                 |
+ * | -------------------- -------------------- | Transition | Handshake state |
+ * | | MSG_FLOW_READING | | MSG_FLOW_WRITING | | Event      | machine         |
+ * | | sub-state        | | sub-state        | |----------->|                 |
+ * | | machine for      | | machine for      | |            |                 |
+ * | | reading messages | | writing messages | |            |                 |
+ * | -------------------- -------------------- |            |                 |
+ * |                                           |            |                 |
+ * ---------------------------------------------            -------------------
+ *
+ */
+
+/* Sub state machine return values */
+typedef enum {
+    /* Something bad happened or NBIO */
+    SUB_STATE_ERROR,
+    /* Sub state finished go to the next sub state */
+    SUB_STATE_FINISHED,
+    /* Sub state finished and handshake was completed */
+    SUB_STATE_END_HANDSHAKE
+} SUB_STATE_RETURN;
+
+static int state_machine(SSL *s, int server);
+static void init_read_state_machine(SSL *s);
+static SUB_STATE_RETURN read_state_machine(SSL *s);
+static void init_write_state_machine(SSL *s);
+static SUB_STATE_RETURN write_state_machine(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
+{
+    return ssl->statem.hand_state;
+}
+
+int SSL_in_init(SSL *s)
+{
+    return s->statem.in_init;
+}
+
+int SSL_is_init_finished(SSL *s)
+{
+    return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
+}
+
+int SSL_in_before(SSL *s)
+{
+    /*
+     * Historically being "in before" meant before anything had happened. In the
+     * current code though we remain in the "before" state for a while after we
+     * have started the handshake process (e.g. as a server waiting for the
+     * first message to arrive). There "in before" is taken to mean "in before"
+     * and not started any handshake process yet.
+     */
+    return (s->statem.hand_state == TLS_ST_BEFORE)
+        && (s->statem.state == MSG_FLOW_UNINITED);
+}
+
+/*
+ * Clear the state machine state and reset back to MSG_FLOW_UNINITED
+ */
+void ossl_statem_clear(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.hand_state = TLS_ST_BEFORE;
+    s->statem.in_init = 1;
+    s->statem.no_cert_verify = 0;
+}
+
+/*
+ * Set the state machine up ready for a renegotiation handshake
+ */
+void ossl_statem_set_renegotiate(SSL *s)
+{
+    s->statem.state = MSG_FLOW_RENEGOTIATE;
+    s->statem.in_init = 1;
+}
+
+/*
+ * Put the state machine into an error state. This is a permanent error for
+ * the current connection.
+ */
+void ossl_statem_set_error(SSL *s)
+{
+    s->statem.state = MSG_FLOW_ERROR;
+}
+
+/*
+ * Discover whether the current connection is in the error state.
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int ossl_statem_in_error(const SSL *s)
+{
+    if (s->statem.state == MSG_FLOW_ERROR)
+        return 1;
+
+    return 0;
+}
+
+void ossl_statem_set_in_init(SSL *s, int init)
+{
+    s->statem.in_init = init;
+}
+
+int ossl_statem_get_in_handshake(SSL *s)
+{
+    return s->statem.in_handshake;
+}
+
+void ossl_statem_set_in_handshake(SSL *s, int inhand)
+{
+    if (inhand)
+        s->statem.in_handshake++;
+    else
+        s->statem.in_handshake--;
+}
+
+void ossl_statem_set_hello_verify_done(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.in_init = 1;
+    /*
+     * This will get reset (briefly) back to TLS_ST_BEFORE when we enter
+     * state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
+     * calls to SSL_in_before() will return false. Also calls to
+     * SSL_state_string() and SSL_state_string_long() will return something
+     * sensible.
+     */
+    s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
+}
+
+int ossl_statem_connect(SSL *s)
+{
+    return state_machine(s, 0);
+}
+
+int ossl_statem_accept(SSL *s)
+{
+    return state_machine(s, 1);
+}
+
+typedef void (*info_cb) (const SSL *, int, int);
+
+static info_cb get_callback(SSL *s)
+{
+    if (s->info_callback != NULL)
+        return s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        return s->ctx->info_callback;
+
+    return NULL;
+}
+
+/*
+ * The main message flow state machine. We start in the MSG_FLOW_UNINITED or
+ * MSG_FLOW_RENEGOTIATE state and finish in MSG_FLOW_FINISHED. Valid states and
+ * transitions are as follows:
+ *
+ * MSG_FLOW_UNINITED     MSG_FLOW_RENEGOTIATE
+ *        |                       |
+ *        +-----------------------+
+ *        v
+ * MSG_FLOW_WRITING <---> MSG_FLOW_READING
+ *        |
+ *        V
+ * MSG_FLOW_FINISHED
+ *        |
+ *        V
+ *    [SUCCESS]
+ *
+ * We may exit at any point due to an error or NBIO event. If an NBIO event
+ * occurs then we restart at the point we left off when we are recalled.
+ * MSG_FLOW_WRITING and MSG_FLOW_READING have sub-state machines associated with them.
+ *
+ * In addition to the above there is also the MSG_FLOW_ERROR state. We can move
+ * into that state at any point in the event that an irrecoverable error occurs.
+ *
+ * Valid return values are:
+ *   1: Success
+ * <=0: NBIO or error
+ */
+static int state_machine(SSL *s, int server)
+{
+    BUF_MEM *buf = NULL;
+    unsigned long Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    OSSL_STATEM *st = &s->statem;
+    int ret = -1;
+    int ssret;
+
+    if (st->state == MSG_FLOW_ERROR) {
+        /* Shouldn't have been called if we're already in the error state */
+        return -1;
+    }
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    cb = get_callback(s);
+
+    st->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s)) {
+        if (!SSL_clear(s))
+            return -1;
+    }
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to enter handshake mode and prevent stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    /*
+     * If we're awaiting a HeartbeatResponse, pretend we already got and
+     * don't await it anymore, because Heartbeats don't make sense during
+     * handshakes anyway.
+     */
+    if (s->tlsext_hb_pending) {
+        if (SSL_IS_DTLS(s))
+            dtls1_stop_timer(s);
+        s->tlsext_hb_pending = 0;
+        s->tlsext_hb_seq++;
+    }
+#endif
+
+    /* Initialise state machine */
+
+    if (st->state == MSG_FLOW_RENEGOTIATE) {
+        s->renegotiate = 1;
+        if (!server)
+            s->ctx->stats.sess_connect_renegotiate++;
+    }
+
+    if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) {
+        if (st->state == MSG_FLOW_UNINITED) {
+            st->hand_state = TLS_ST_BEFORE;
+        }
+
+        s->server = server;
+        if (cb != NULL)
+            cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+        if (SSL_IS_DTLS(s)) {
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
+                SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        } else {
+            if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
+                SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        }
+
+        if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
+            SSLerr(SSL_F_STATE_MACHINE, SSL_R_VERSION_TOO_LOW);
+            goto end;
+        }
+
+        if (s->init_buf == NULL) {
+            if ((buf = BUF_MEM_new()) == NULL) {
+                goto end;
+            }
+            if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                goto end;
+            }
+            s->init_buf = buf;
+            buf = NULL;
+        }
+
+        if (!ssl3_setup_buffers(s)) {
+            goto end;
+        }
+        s->init_num = 0;
+
+        /*
+         * Should have been reset by tls_process_finished, too.
+         */
+        s->s3->change_cipher_spec = 0;
+
+        /*
+         * Ok, we now need to push on a buffering BIO ...but not with
+         * SCTP
+         */
+#ifndef OPENSSL_NO_SCTP
+        if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+            if (!ssl_init_wbio_buffer(s)) {
+                goto end;
+            }
+
+        if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
+            if (!ssl3_init_finished_mac(s)) {
+                ossl_statem_set_error(s);
+                goto end;
+            }
+        }
+
+        if (server) {
+            if (st->state != MSG_FLOW_RENEGOTIATE) {
+                s->ctx->stats.sess_accept++;
+            } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+                /*
+                 * Shouldn't happen? The record layer should have prevented this
+                 */
+                SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                ossl_statem_set_error(s);
+                goto end;
+            } else if (!s->s3->send_connection_binding &&
+                       !(s->options &
+                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+                /*
+                 * Server attempting to renegotiate with client that doesn't
+                 * support secure renegotiation.
+                 */
+                SSLerr(SSL_F_STATE_MACHINE,
+                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                ossl_statem_set_error(s);
+                goto end;
+            } else {
+                /*
+                 * st->state == MSG_FLOW_RENEGOTIATE, we will just send a
+                 * HelloRequest
+                 */
+                s->ctx->stats.sess_accept_renegotiate++;
+            }
+
+            s->s3->tmp.cert_request = 0;
+        } else {
+            s->ctx->stats.sess_connect++;
+
+            /* mark client_random uninitialized */
+            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+            s->hit = 0;
+
+            s->s3->tmp.cert_req = 0;
+
+            if (SSL_IS_DTLS(s)) {
+                st->use_timer = 1;
+            }
+        }
+
+        st->state = MSG_FLOW_WRITING;
+        init_write_state_machine(s);
+        st->read_state_first_init = 1;
+    }
+
+    while (st->state != MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_READING) {
+            ssret = read_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_WRITING;
+                init_write_state_machine(s);
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else if (st->state == MSG_FLOW_WRITING) {
+            ssret = write_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_READING;
+                init_read_state_machine(s);
+            } else if (ssret == SUB_STATE_END_HANDSHAKE) {
+                st->state = MSG_FLOW_FINISHED;
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else {
+            /* Error */
+            ossl_statem_set_error(s);
+            goto end;
+        }
+    }
+
+    st->state = MSG_FLOW_UNINITED;
+    ret = 1;
+
+ end:
+    st->in_handshake--;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to leave handshake mode and allow stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    BUF_MEM_free(buf);
+    if (cb != NULL) {
+        if (server)
+            cb(s, SSL_CB_ACCEPT_EXIT, ret);
+        else
+            cb(s, SSL_CB_CONNECT_EXIT, ret);
+    }
+    return ret;
+}
+
+/*
+ * Initialise the MSG_FLOW_READING sub-state machine
+ */
+static void init_read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->read_state = READ_STATE_HEADER;
+}
+
+static int grow_init_buf(SSL *s, size_t size) {
+
+    size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
+
+    if (!BUF_MEM_grow_clean(s->init_buf, (int)size))
+        return 0;
+
+    if (size < msg_offset)
+        return 0;
+
+    s->init_msg = s->init_buf->data + msg_offset;
+
+    return 1;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_READING. The valid sub-states and transitions are:
+ *
+ * READ_STATE_HEADER <--+<-------------+
+ *        |             |              |
+ *        v             |              |
+ * READ_STATE_BODY -----+-->READ_STATE_POST_PROCESS
+ *        |                            |
+ *        +----------------------------+
+ *        v
+ * [SUB_STATE_FINISHED]
+ *
+ * READ_STATE_HEADER has the responsibility for reading in the message header
+ * and transitioning the state of the handshake state machine.
+ *
+ * READ_STATE_BODY reads in the rest of the message and then subsequently
+ * processes it.
+ *
+ * READ_STATE_POST_PROCESS is an optional step that may occur if some post
+ * processing activity performed on the message may block.
+ *
+ * Any of the above states could result in an NBIO event occurring in which case
+ * control returns to the calling application. When this function is recalled we
+ * will resume in the same state where we left off.
+ */
+static SUB_STATE_RETURN read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret, mt;
+    unsigned long len = 0;
+    int (*transition) (SSL *s, int mt);
+    PACKET pkt;
+    MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
+    WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
+    unsigned long (*max_message_size) (SSL *s);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_read_transition;
+        process_message = ossl_statem_server_process_message;
+        max_message_size = ossl_statem_server_max_message_size;
+        post_process_message = ossl_statem_server_post_process_message;
+    } else {
+        transition = ossl_statem_client_read_transition;
+        process_message = ossl_statem_client_process_message;
+        max_message_size = ossl_statem_client_max_message_size;
+        post_process_message = ossl_statem_client_post_process_message;
+    }
+
+    if (st->read_state_first_init) {
+        s->first_packet = 1;
+        st->read_state_first_init = 0;
+    }
+
+    while (1) {
+        switch (st->read_state) {
+        case READ_STATE_HEADER:
+            /* Get the state the peer wants to move to */
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * In DTLS we get the whole message in one go - header and body
+                 */
+                ret = dtls_get_message(s, &mt, &len);
+            } else {
+                ret = tls_get_message_header(s, &mt);
+            }
+
+            if (ret == 0) {
+                /* Could be non-blocking IO */
+                return SUB_STATE_ERROR;
+            }
+
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            /*
+             * Validate that we are allowed to move to the new state and move
+             * to that state if so
+             */
+            if (!transition(s, mt)) {
+                ossl_statem_set_error(s);
+                return SUB_STATE_ERROR;
+            }
+
+            if (s->s3->tmp.message_size > max_message_size(s)) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+                SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SUB_STATE_ERROR;
+            }
+
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !grow_init_buf(s, s->s3->tmp.message_size
+                                         + SSL3_HM_HEADER_LENGTH)) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
+            st->read_state = READ_STATE_BODY;
+            /* Fall through */
+
+        case READ_STATE_BODY:
+            if (!SSL_IS_DTLS(s)) {
+                /* We already got this above for DTLS */
+                ret = tls_get_message_body(s, &len);
+                if (ret == 0) {
+                    /* Could be non-blocking IO */
+                    return SUB_STATE_ERROR;
+                }
+            }
+
+            s->first_packet = 0;
+            if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            ret = process_message(s, &pkt);
+
+            /* Discard the packet data */
+            s->init_num = 0;
+
+            switch (ret) {
+            case MSG_PROCESS_ERROR:
+                return SUB_STATE_ERROR;
+
+            case MSG_PROCESS_FINISHED_READING:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+
+            case MSG_PROCESS_CONTINUE_PROCESSING:
+                st->read_state = READ_STATE_POST_PROCESS;
+                st->read_state_work = WORK_MORE_A;
+                break;
+
+            default:
+                st->read_state = READ_STATE_HEADER;
+                break;
+            }
+            break;
+
+        case READ_STATE_POST_PROCESS:
+            st->read_state_work = post_process_message(s, st->read_state_work);
+            switch (st->read_state_work) {
+            default:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->read_state = READ_STATE_HEADER;
+                break;
+
+            case WORK_FINISHED_STOP:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+            }
+            break;
+
+        default:
+            /* Shouldn't happen */
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
+            ossl_statem_set_error(s);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Send a previously constructed message to the peer.
+ */
+static int statem_do_write(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->hand_state == TLS_ST_CW_CHANGE
+        || st->hand_state == TLS_ST_SW_CHANGE) {
+        if (SSL_IS_DTLS(s))
+            return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+        else
+            return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+    } else {
+        return ssl_do_write(s);
+    }
+}
+
+/*
+ * Initialise the MSG_FLOW_WRITING sub-state machine
+ */
+static void init_write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->write_state = WRITE_STATE_TRANSITION;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_WRITING. The valid sub-states and transitions are:
+ *
+ * +-> WRITE_STATE_TRANSITION ------> [SUB_STATE_FINISHED]
+ * |             |
+ * |             v
+ * |      WRITE_STATE_PRE_WORK -----> [SUB_STATE_END_HANDSHAKE]
+ * |             |
+ * |             v
+ * |       WRITE_STATE_SEND
+ * |             |
+ * |             v
+ * |     WRITE_STATE_POST_WORK
+ * |             |
+ * +-------------+
+ *
+ * WRITE_STATE_TRANSITION transitions the state of the handshake state machine
+
+ * WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
+ * sending of the message. This could result in an NBIO event occurring in
+ * which case control returns to the calling application. When this function
+ * is recalled we will resume in the same state where we left off.
+ *
+ * WRITE_STATE_SEND sends the message and performs any work to be done after
+ * sending.
+ *
+ * WRITE_STATE_POST_WORK performs any work necessary after the sending of the
+ * message has been completed. As for WRITE_STATE_PRE_WORK this could also
+ * result in an NBIO event.
+ */
+static SUB_STATE_RETURN write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret;
+    WRITE_TRAN(*transition) (SSL *s);
+    WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
+    WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
+    int (*construct_message) (SSL *s);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_write_transition;
+        pre_work = ossl_statem_server_pre_work;
+        post_work = ossl_statem_server_post_work;
+        construct_message = ossl_statem_server_construct_message;
+    } else {
+        transition = ossl_statem_client_write_transition;
+        pre_work = ossl_statem_client_pre_work;
+        post_work = ossl_statem_client_post_work;
+        construct_message = ossl_statem_client_construct_message;
+    }
+
+    while (1) {
+        switch (st->write_state) {
+        case WRITE_STATE_TRANSITION:
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            switch (transition(s)) {
+            case WRITE_TRAN_CONTINUE:
+                st->write_state = WRITE_STATE_PRE_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+
+            case WRITE_TRAN_FINISHED:
+                return SUB_STATE_FINISHED;
+                break;
+
+            default:
+                return SUB_STATE_ERROR;
+            }
+            break;
+
+        case WRITE_STATE_PRE_WORK:
+            switch (st->write_state_work = pre_work(s, st->write_state_work)) {
+            default:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_SEND;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            if (construct_message(s) == 0)
+                return SUB_STATE_ERROR;
+
+            /* Fall through */
+
+        case WRITE_STATE_SEND:
+            if (SSL_IS_DTLS(s) && st->use_timer) {
+                dtls1_start_timer(s);
+            }
+            ret = statem_do_write(s);
+            if (ret <= 0) {
+                return SUB_STATE_ERROR;
+            }
+            st->write_state = WRITE_STATE_POST_WORK;
+            st->write_state_work = WORK_MORE_A;
+            /* Fall through */
+
+        case WRITE_STATE_POST_WORK:
+            switch (st->write_state_work = post_work(s, st->write_state_work)) {
+            default:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_TRANSITION;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            break;
+
+        default:
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Flush the write BIO
+ */
+int statem_flush(SSL *s)
+{
+    s->rwstate = SSL_WRITING;
+    if (BIO_flush(s->wbio) <= 0) {
+        return 0;
+    }
+    s->rwstate = SSL_NOTHING;
+
+    return 1;
+}
+
+/*
+ * Called by the record layer to determine whether application data is
+ * allowed to be sent in the current handshake state or not.
+ *
+ * Return values are:
+ *   1: Yes (application data allowed)
+ *   0: No (application data not allowed)
+ */
+int ossl_statem_app_data_allowed(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE)
+        return 0;
+
+    if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0))
+        return 0;
+
+    if (s->server) {
+        /*
+         * If we're a server and we haven't got as far as writing our
+         * ServerHello yet then we allow app data
+         */
+        if (st->hand_state == TLS_ST_BEFORE
+            || st->hand_state == TLS_ST_SR_CLNT_HELLO)
+            return 1;
+    } else {
+        /*
+         * If we're a client and we haven't read the ServerHello yet then we
+         * allow app data
+         */
+        if (st->hand_state == TLS_ST_CW_CLNT_HELLO)
+            return 1;
+    }
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/ssl/statem/statem.h b/openssl-1.1.0h/ssl/statem/statem.h
new file mode 100644
index 0000000..c669ee9
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These enums should be considered PRIVATE to the state machine. No         *
+ * non-state machine code should need to use these                           *
+ *                                                                           *
+ *****************************************************************************/
+/*
+ * Valid return codes used for functions performing work prior to or after
+ * sending or receiving a message
+ */
+typedef enum {
+    /* Something went wrong */
+    WORK_ERROR,
+    /* We're done working and there shouldn't be anything else to do after */
+    WORK_FINISHED_STOP,
+    /* We're done working move onto the next thing */
+    WORK_FINISHED_CONTINUE,
+    /* We're working on phase A */
+    WORK_MORE_A,
+    /* We're working on phase B */
+    WORK_MORE_B
+} WORK_STATE;
+
+/* Write transition return codes */
+typedef enum {
+    /* Something went wrong */
+    WRITE_TRAN_ERROR,
+    /* A transition was successfully completed and we should continue */
+    WRITE_TRAN_CONTINUE,
+    /* There is no more write work to be done */
+    WRITE_TRAN_FINISHED
+} WRITE_TRAN;
+
+/* Message flow states */
+typedef enum {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are about to renegotiate */
+    MSG_FLOW_RENEGOTIATE,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+} MSG_FLOW_STATE;
+
+/* Read states */
+typedef enum {
+    READ_STATE_HEADER,
+    READ_STATE_BODY,
+    READ_STATE_POST_PROCESS
+} READ_STATE;
+
+/* Write states */
+typedef enum {
+    WRITE_STATE_TRANSITION,
+    WRITE_STATE_PRE_WORK,
+    WRITE_STATE_SEND,
+    WRITE_STATE_POST_WORK
+} WRITE_STATE;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * state machine. No non-state machine code should be accessing the members  *
+ * of this structure.                                                        *
+ *                                                                           *
+ *****************************************************************************/
+
+struct ossl_statem_st {
+    MSG_FLOW_STATE state;
+    WRITE_STATE write_state;
+    WORK_STATE write_state_work;
+    READ_STATE read_state;
+    WORK_STATE read_state_work;
+    OSSL_HANDSHAKE_STATE hand_state;
+    int in_init;
+    int read_state_first_init;
+    /* true when we are actually in SSL_accept() or SSL_connect() */
+    int in_handshake;
+    /* Should we skip the CertificateVerify message? */
+    unsigned int no_cert_verify;
+    int use_timer;
+};
+typedef struct ossl_statem_st OSSL_STATEM;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * state machine. Any libssl code may call these functions/macros            *
+ *                                                                           *
+ *****************************************************************************/
+
+__owur int ossl_statem_accept(SSL *s);
+__owur int ossl_statem_connect(SSL *s);
+void ossl_statem_clear(SSL *s);
+void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_set_error(SSL *s);
+int ossl_statem_in_error(const SSL *s);
+void ossl_statem_set_in_init(SSL *s, int init);
+int ossl_statem_get_in_handshake(SSL *s);
+void ossl_statem_set_in_handshake(SSL *s, int inhand);
+void ossl_statem_set_hello_verify_done(SSL *s);
+__owur int ossl_statem_app_data_allowed(SSL *s);
diff --git a/openssl-1.1.0h/ssl/statem/statem_clnt.c b/openssl-1.1.0h/ssl/statem/statem_clnt.c
new file mode 100644
index 0000000..6fa3f1d
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem_clnt.c
@@ -0,0 +1,2946 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+static ossl_inline int cert_req_allowed(SSL *s);
+static int key_exchange_expected(SSL *s);
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
+static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                                    unsigned char *p);
+
+/*
+ * Is a CertificateRequest message allowed at the moment or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static ossl_inline int cert_req_allowed(SSL *s)
+{
+    /* TLS does not like anon-DH with client cert */
+    if ((s->version > SSL3_VERSION
+         && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
+        || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Should we expect the ServerKeyExchange message or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static int key_exchange_expected(SSL *s)
+{
+    long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * Can't skip server key exchange if this is an ephemeral
+     * ciphersuite or for SRP
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
+                 | SSL_kSRP)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ *  Return values are:
+ *  1: Success (transition allowed)
+ *  0: Error (transition not allowed)
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ske_expected;
+
+    switch (st->hand_state) {
+    case TLS_ST_CW_CLNT_HELLO:
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (s->hit) {
+            if (s->tlsext_ticket_expected) {
+                if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                    st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                    return 1;
+                }
+            } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            } else if (s->version >= TLS1_VERSION
+                       && s->tls_session_secret_cb != NULL
+                       && s->session->tlsext_tick != NULL
+                       && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * Normally, we can tell if the server is resuming the session
+                 * from the session ID. EAP-FAST (RFC 4851), however, relies on
+                 * the next server message after the ServerHello to determine if
+                 * the server is resuming.
+                 */
+                s->hit = 1;
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            } else if (!(s->s3->tmp.new_cipher->algorithm_auth
+                         & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                if (mt == SSL3_MT_CERTIFICATE) {
+                    st->hand_state = TLS_ST_CR_CERT;
+                    return 1;
+                }
+            } else {
+                ske_expected = key_exchange_expected(s);
+                /* SKE is optional for some PSK ciphersuites */
+                if (ske_expected
+                    || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                        && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+                    if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                        st->hand_state = TLS_ST_CR_KEY_EXCH;
+                        return 1;
+                    }
+                } else if (mt == SSL3_MT_CERTIFICATE_REQUEST
+                           && cert_req_allowed(s)) {
+                    st->hand_state = TLS_ST_CR_CERT_REQ;
+                    return 1;
+                } else if (mt == SSL3_MT_SERVER_DONE) {
+                    st->hand_state = TLS_ST_CR_SRVR_DONE;
+                    return 1;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        /*
+         * The CertificateStatus message is optional even if
+         * |tlsext_status_expected| is set
+         */
+        if (s->tlsext_status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+            st->hand_state = TLS_ST_CR_CERT_STATUS;
+            return 1;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_STATUS:
+        ske_expected = key_exchange_expected(s);
+        /* SKE is optional for some PSK ciphersuites */
+        if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                             && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+            if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                st->hand_state = TLS_ST_CR_KEY_EXCH;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_KEY_EXCH:
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+            if (cert_req_allowed(s)) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_SERVER_DONE) {
+            st->hand_state = TLS_ST_CR_SRVR_DONE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+        if (s->tlsext_ticket_expected) {
+            if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                return 1;
+            }
+        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CHANGE:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    default:
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+    SSLerr(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * client_write_transition() works out what handshake state to move to next
+ * when the client is writing messages to be sent to the server.
+ */
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_OK:
+        /* Renegotiation - fall through */
+    case TLS_ST_BEFORE:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        /*
+         * No transition at the end of writing because we don't know what
+         * we will be sent
+         */
+        return WRITE_TRAN_FINISHED;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_SRVR_DONE:
+        if (s->s3->tmp.cert_req)
+            st->hand_state = TLS_ST_CW_CERT;
+        else
+            st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_KEY_EXCH:
+        /*
+         * For TLS, cert_req is set to 2, so a cert chain of nothing is
+         * sent, but no verify packet is sent
+         */
+        /*
+         * XXX: For now, we do not support client authentication in ECDH
+         * cipher suites with ECDH (rather than ECDSA) certificates. We
+         * need to skip the certificate verify message when client's
+         * ECDH public key is sent inside the client certificate.
+         */
+        if (s->s3->tmp.cert_req == 1) {
+            st->hand_state = TLS_ST_CW_CERT_VRFY;
+        } else {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CHANGE:
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+        st->hand_state = TLS_ST_CW_FINISHED;
+#else
+        if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen)
+            st->hand_state = TLS_ST_CW_NEXT_PROTO;
+        else
+            st->hand_state = TLS_ST_CW_FINISHED;
+#endif
+        return WRITE_TRAN_CONTINUE;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+#endif
+
+    case TLS_ST_CW_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            ossl_statem_set_in_init(s, 0);
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            return WRITE_TRAN_FINISHED;
+        }
+
+    case TLS_ST_CR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_OK;
+            ossl_statem_set_in_init(s, 0);
+            return WRITE_TRAN_CONTINUE;
+        }
+
+    default:
+        /* Shouldn't happen */
+        return WRITE_TRAN_ERROR;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the client to the server.
+ */
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_CW_CLNT_HELLO:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            /* every DTLS ClientHello resets Finished MAC */
+            if (!ssl3_init_finished_mac(s)) {
+                ossl_statem_set_error(s);
+                return WORK_ERROR;
+            }
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s)) {
+            if (s->hit) {
+                /*
+                 * We're into the last flight so we don't retransmit these
+                 * messages unless we need to.
+                 */
+                st->use_timer = 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                return dtls_wait_for_dry(s);
+#endif
+        }
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_OK:
+        return tls_finish_handshake(s, wst);
+
+    default:
+        /* No pre work to be done */
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * client to the server.
+ */
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    case TLS_ST_CW_CLNT_HELLO:
+        if (wst == WORK_MORE_A && statem_flush(s) != 1)
+            return WORK_MORE_A;
+
+        if (SSL_IS_DTLS(s)) {
+            /* Treat the next message as the first packet */
+            s->first_packet = 1;
+        }
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        if (tls_client_key_exchange_post_work(s) == 0)
+            return WORK_ERROR;
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            s->session->compress_meth = 0;
+        else
+            s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+        if (!s->method->ssl3_enc->setup_key_block(s))
+            return WORK_ERROR;
+
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                      SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+            return WORK_ERROR;
+
+        if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_SCTP
+            if (s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+#ifndef OPENSSL_NO_SCTP
+        if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (statem_flush(s) != 1)
+            return WORK_MORE_B;
+        break;
+
+    default:
+        /* No post work to be done */
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Construct a message to be sent from the client to the server.
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_client_construct_message(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_CW_CLNT_HELLO:
+        return tls_construct_client_hello(s);
+
+    case TLS_ST_CW_CERT:
+        return tls_construct_client_certificate(s);
+
+    case TLS_ST_CW_KEY_EXCH:
+        return tls_construct_client_key_exchange(s);
+
+    case TLS_ST_CW_CERT_VRFY:
+        return tls_construct_client_verify(s);
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            return dtls_construct_change_cipher_spec(s);
+        else
+            return tls_construct_change_cipher_spec(s);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        return tls_construct_next_proto(s);
+#endif
+    case TLS_ST_CW_FINISHED:
+        return tls_construct_finished(s,
+                                      s->method->
+                                      ssl3_enc->client_finished_label,
+                                      s->method->
+                                      ssl3_enc->client_finished_label_len);
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return 0;
+}
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+unsigned long ossl_statem_client_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_CR_SRVR_HELLO:
+        return SERVER_HELLO_MAX_LENGTH;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return HELLO_VERIFY_REQUEST_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_CR_CERT_STATUS:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_KEY_EXCH:
+        return SERVER_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT_REQ:
+        /*
+         * Set to s->max_cert_list for compatibility with previous releases. In
+         * practice these messages can get quite long if servers are configured
+         * to provide a long list of acceptable CAs
+         */
+        return s->max_cert_list;
+
+    case TLS_ST_CR_SRVR_DONE:
+        return SERVER_HELLO_DONE_MAX_LENGTH;
+
+    case TLS_ST_CR_CHANGE:
+        if (s->version == DTLS1_BAD_VER)
+            return 3;
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return 0;
+}
+
+/*
+ * Process a message that the client has been received from the server.
+ */
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_CR_SRVR_HELLO:
+        return tls_process_server_hello(s, pkt);
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return dtls_process_hello_verify(s, pkt);
+
+    case TLS_ST_CR_CERT:
+        return tls_process_server_certificate(s, pkt);
+
+    case TLS_ST_CR_CERT_STATUS:
+        return tls_process_cert_status(s, pkt);
+
+    case TLS_ST_CR_KEY_EXCH:
+        return tls_process_key_exchange(s, pkt);
+
+    case TLS_ST_CR_CERT_REQ:
+        return tls_process_certificate_request(s, pkt);
+
+    case TLS_ST_CR_SRVR_DONE:
+        return tls_process_server_done(s, pkt);
+
+    case TLS_ST_CR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return tls_process_new_session_ticket(s, pkt);
+
+    case TLS_ST_CR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return MSG_PROCESS_ERROR;
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the server
+ */
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_CR_CERT_REQ:
+        return tls_prepare_client_certificate(s, wst);
+
+    default:
+        break;
+    }
+
+    /* Shouldn't happen */
+    return WORK_ERROR;
+}
+
+int tls_construct_client_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i;
+    int protverr;
+    unsigned long l;
+    int al = 0;
+#ifndef OPENSSL_NO_COMP
+    int j;
+    SSL_COMP *comp;
+#endif
+    SSL_SESSION *sess = s->session;
+
+    buf = (unsigned char *)s->init_buf->data;
+
+    /* Work out what SSL/TLS/DTLS version to use */
+    protverr = ssl_set_client_hello_version(s);
+    if (protverr != 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, protverr);
+        goto err;
+    }
+
+    if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) ||
+        /*
+         * In the case of EAP-FAST, we can have a pre-shared
+         * "ticket" without a session ID.
+         */
+        (!sess->session_id_length && !sess->tlsext_tick) ||
+        (sess->not_resumable)) {
+        if (!ssl_get_new_session(s, 0))
+            goto err;
+    }
+    /* else use the pre-loaded session */
+
+    p = s->s3->client_random;
+
+    /*
+     * for DTLS if client_random is initialized, reuse it, we are
+     * required to use same upon reply to HelloVerify
+     */
+    if (SSL_IS_DTLS(s)) {
+        size_t idx;
+        i = 1;
+        for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {
+            if (p[idx]) {
+                i = 0;
+                break;
+            }
+        }
+    } else
+        i = 1;
+
+    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
+        goto err;
+
+    /* Do the message type and length last */
+    d = p = ssl_handshake_start(s);
+
+    /*-
+     * version indicates the negotiated version: for example from
+     * an SSLv2/v3 compatible client hello). The client_version
+     * field is the maximum version we permit and it is also
+     * used in RSA encrypted premaster secrets. Some servers can
+     * choke if we initially report a higher version then
+     * renegotiate to a lower one in the premaster secret. This
+     * didn't happen with TLS 1.0 as most servers supported it
+     * but it can with TLS 1.1 or later if the server only supports
+     * 1.0.
+     *
+     * Possible scenario with previous logic:
+     *      1. Client hello indicates TLS 1.2
+     *      2. Server hello says TLS 1.0
+     *      3. RSA encrypted premaster secret uses 1.2.
+     *      4. Handshake proceeds using TLS 1.0.
+     *      5. Server sends hello request to renegotiate.
+     *      6. Client hello indicates TLS v1.0 as we now
+     *         know that is maximum server supports.
+     *      7. Server chokes on RSA encrypted premaster secret
+     *         containing version 1.0.
+     *
+     * For interoperability it should be OK to always use the
+     * maximum version we support in client hello and then rely
+     * on the checking of version to ensure the servers isn't
+     * being inconsistent: for example initially negotiating with
+     * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+     * client_version in client hello and not resetting it to
+     * the negotiated version.
+     */
+    *(p++) = s->client_version >> 8;
+    *(p++) = s->client_version & 0xff;
+
+    /* Random stuff */
+    memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+    p += SSL3_RANDOM_SIZE;
+
+    /* Session ID */
+    if (s->new_session)
+        i = 0;
+    else
+        i = s->session->session_id_length;
+    *(p++) = i;
+    if (i != 0) {
+        if (i > (int)sizeof(s->session->session_id)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        memcpy(p, s->session->session_id, i);
+        p += i;
+    }
+
+    /* cookie stuff for DTLS */
+    if (SSL_IS_DTLS(s)) {
+        if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        *(p++) = s->d1->cookie_len;
+        memcpy(p, s->d1->cookie, s->d1->cookie_len);
+        p += s->d1->cookie_len;
+    }
+
+    /* Ciphers supported */
+    i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
+    if (i == 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+        goto err;
+    }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+    /*
+     * Some servers hang if client hello > 256 bytes as hack workaround
+     * chop number of supported ciphers to keep it well below this if we
+     * use TLS v1.2
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION
+        && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+        i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
+    s2n(i, p);
+    p += i;
+
+    /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+    *(p++) = 1;
+#else
+
+    if (!ssl_allow_compression(s) || !s->ctx->comp_methods)
+        j = 0;
+    else
+        j = sk_SSL_COMP_num(s->ctx->comp_methods);
+    *(p++) = 1 + j;
+    for (i = 0; i < j; i++) {
+        comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+        *(p++) = comp->id;
+    }
+#endif
+    *(p++) = 0;                 /* Add the NULL method */
+
+    /* TLS extensions */
+    if (ssl_prepare_clienthello_tlsext(s) <= 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+        goto err;
+    }
+    if ((p =
+         ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
+                                    &al)) == NULL) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    l = p - d;
+    if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    return 1;
+ err:
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+{
+    int al;
+    unsigned int cookie_len;
+    PACKET cookiepkt;
+
+    if (!PACKET_forward(pkt, 2)
+        || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    cookie_len = PACKET_remaining(&cookiepkt);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    s->d1->cookie_len = cookie_len;
+
+    return MSG_PROCESS_FINISHED_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    PACKET session_id;
+    size_t session_id_len;
+    const unsigned char *cipherchars;
+    int i, al = SSL_AD_INTERNAL_ERROR;
+    unsigned int compression;
+    unsigned int sversion;
+    int protverr;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+
+    if (!PACKET_get_net_2(pkt, &sversion)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    protverr = ssl_choose_client_version(s, sversion);
+    if (protverr != 0) {
+        al = SSL_AD_PROTOCOL_VERSION;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, protverr);
+        goto f_err;
+    }
+
+    /* load the server hello data */
+    /* load the server random */
+    if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    s->hit = 0;
+
+    /* Get the session-id. */
+    if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    session_id_len = PACKET_remaining(&session_id);
+    if (session_id_len > sizeof(s->session->session_id)
+        || session_id_len > SSL3_SESSION_ID_SIZE) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        goto f_err;
+    }
+
+    if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+
+    /*
+     * Check if we can resume the session based on external pre-shared secret.
+     * EAP-FAST (RFC 4851) supports two types of session resumption.
+     * Resumption based on server-side state works with session IDs.
+     * Resumption based on pre-shared Protected Access Credentials (PACs)
+     * works by overriding the SessionTicket extension at the application
+     * layer, and does not send a session ID. (We do not know whether EAP-FAST
+     * servers would honour the session ID.) Therefore, the session ID alone
+     * is not a reliable indicator of session resumption, so we first check if
+     * we can resume, and later peek at the next handshake message to see if the
+     * server wants to resume.
+     */
+    if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
+        s->session->tlsext_tick) {
+        const SSL_CIPHER *pref_cipher = NULL;
+        s->session->master_key_length = sizeof(s->session->master_key);
+        if (s->tls_session_secret_cb(s, s->session->master_key,
+                                     &s->session->master_key_length,
+                                     NULL, &pref_cipher,
+                                     s->tls_session_secret_cb_arg)) {
+            s->session->cipher = pref_cipher ?
+                pref_cipher : ssl_get_cipher_by_char(s, cipherchars);
+        } else {
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+
+    if (session_id_len != 0 && session_id_len == s->session->session_id_length
+        && memcmp(PACKET_data(&session_id), s->session->session_id,
+                  session_id_len) == 0) {
+        if (s->sid_ctx_length != s->session->sid_ctx_length
+            || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+            /* actually a client application bug */
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+                   SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+            goto f_err;
+        }
+        s->hit = 1;
+    } else {
+        /*
+         * If we were trying for session-id reuse but the server
+         * didn't echo the ID, make a new SSL_SESSION.
+         * In the case of EAP-FAST and PAC, we do not send a session ID,
+         * so the PAC-based session secret is always preserved. It'll be
+         * overwritten if the server refuses resumption.
+         */
+        if (s->session->session_id_length > 0) {
+            s->ctx->stats.sess_miss++;
+            if (!ssl_get_new_session(s, 0)) {
+                goto f_err;
+            }
+        }
+
+        s->session->ssl_version = s->version;
+        s->session->session_id_length = session_id_len;
+        /* session_id_len could be 0 */
+        if (session_id_len > 0)
+            memcpy(s->session->session_id, PACKET_data(&session_id),
+                   session_id_len);
+    }
+
+    /* Session version and negotiated protocol version should match */
+    if (s->version != s->session->ssl_version) {
+        al = SSL_AD_PROTOCOL_VERSION;
+
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+               SSL_R_SSL_SESSION_VERSION_MISMATCH);
+        goto f_err;
+    }
+
+    c = ssl_get_cipher_by_char(s, cipherchars);
+    if (c == NULL) {
+        /* unknown cipher */
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
+        goto f_err;
+    }
+    /*
+     * Now that we know the version, update the check to see if it's an allowed
+     * version.
+     */
+    s->s3->tmp.min_ver = s->version;
+    s->s3->tmp.max_ver = s->version;
+    /*
+     * If it is a disabled cipher we either didn't send it in client hello,
+     * or it's not allowed for the selected protocol. So we return an error.
+     */
+    if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+        goto f_err;
+    }
+
+    sk = ssl_get_ciphers_by_id(s);
+    i = sk_SSL_CIPHER_find(sk, c);
+    if (i < 0) {
+        /* we did not say we would use this cipher */
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+        goto f_err;
+    }
+
+    /*
+     * Depending on the session caching (internal/external), the cipher
+     * and/or cipher_id values may not be set. Make sure that cipher_id is
+     * set and use it for comparison.
+     */
+    if (s->session->cipher)
+        s->session->cipher_id = s->session->cipher->id;
+    if (s->hit && (s->session->cipher_id != c->id)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+               SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+        goto f_err;
+    }
+    s->s3->tmp.new_cipher = c;
+    /* lets get the compression algorithm */
+    /* COMPRESSION */
+    if (!PACKET_get_1(pkt, &compression)) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+#ifdef OPENSSL_NO_COMP
+    if (compression != 0) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto f_err;
+    }
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
+        goto f_err;
+    }
+#else
+    if (s->hit && compression != s->session->compress_meth) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+               SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+        goto f_err;
+    }
+    if (compression == 0)
+        comp = NULL;
+    else if (!ssl_allow_compression(s)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
+        goto f_err;
+    } else {
+        comp = ssl3_comp_find(s->ctx->comp_methods, compression);
+    }
+
+    if (compression != 0 && comp == NULL) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO,
+               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto f_err;
+    } else {
+        s->s3->tmp.new_compression = comp;
+    }
+#endif
+
+    /* TLS extensions */
+    if (!ssl_parse_serverhello_tlsext(s, pkt)) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        /* wrong packet length */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && s->hit) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if
+         * no SCTP used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey),
+                                       labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0)
+            goto err;
+
+        BIO_ctrl(SSL_get_wbio(s),
+                 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    return MSG_PROCESS_CONTINUE_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+{
+    int al, i, ret = MSG_PROCESS_ERROR, exp_idx;
+    unsigned long cert_list_len, cert_len;
+    X509 *x = NULL;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!PACKET_get_net_3(pkt, &cert_list_len)
+        || PACKET_remaining(pkt) != cert_list_len) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_net_3(pkt, &cert_len)
+            || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
+        if (x == NULL) {
+            al = SSL_AD_BAD_CERTIFICATE;
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto f_err;
+        }
+        if (certbytes != (certstart + cert_len)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        if (!sk_X509_push(sk, x)) {
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+    /*
+     * The documented interface is that SSL_VERIFY_PEER should be set in order
+     * for client side verification of the server certificate to take place.
+     * However, historically the code has only checked that *any* flag is set
+     * to cause server verification to take place. Use of the other flags makes
+     * no sense in client mode. An attempt to clean up the semantics was
+     * reverted because at least one application *only* set
+     * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+     * server verification to take place, after the clean up it silently did
+     * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+     * sent to them because they are void functions. Therefore, we now use the
+     * (less clean) historic behaviour of performing validation if any flag is
+     * set. The *documented* interface remains the same.
+     */
+    if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
+        al = ssl_verify_alarm_type(s->verify_result);
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+               SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto f_err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+    if (i > 1) {
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i);
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        goto f_err;
+    }
+
+    s->session->peer_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does include the peer's certificate,
+     * which we don't include in statem_srvr.c
+     */
+    x = sk_X509_value(sk, 0);
+    sk = NULL;
+
+    pkey = X509_get0_pubkey(x);
+
+    if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
+        x = NULL;
+        al = SSL3_AL_FATAL;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+               SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+        goto f_err;
+    }
+
+    i = ssl_cert_type(x, pkey);
+    if (i < 0) {
+        x = NULL;
+        al = SSL3_AL_FATAL;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto f_err;
+    }
+
+    exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
+    if (exp_idx >= 0 && i != exp_idx
+        && (exp_idx != SSL_PKEY_GOST_EC ||
+            (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
+             && i != SSL_PKEY_GOST01))) {
+        x = NULL;
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+               SSL_R_WRONG_CERTIFICATE_TYPE);
+        goto f_err;
+    }
+    s->session->peer_type = i;
+
+    X509_free(s->session->peer);
+    X509_up_ref(x);
+    s->session->peer = x;
+    s->session->verify_result = s->verify_result;
+
+    x = NULL;
+    ret = MSG_PROCESS_CONTINUE_READING;
+    goto done;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    ossl_statem_set_error(s);
+ done:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_PSK
+    PACKET psk_identity_hint;
+
+    /* PSK ciphersuites are preceded by an identity hint */
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Store PSK identity hint for later use, hint is used in
+     * tls_construct_client_key_exchange.  Assume that the maximum length of
+     * a PSK identity hint can be as long as the maximum length of a PSK
+     * identity.
+     */
+    if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    if (PACKET_remaining(&psk_identity_hint) == 0) {
+        OPENSSL_free(s->session->psk_identity_hint);
+        s->session->psk_identity_hint = NULL;
+    } else if (!PACKET_strndup(&psk_identity_hint,
+                               &s->session->psk_identity_hint)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
+{
+#ifndef OPENSSL_NO_SRP
+    PACKET prime, generator, salt, server_pub;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_1(pkt, &salt)
+        || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if ((s->srp_ctx.N =
+         BN_bin2bn(PACKET_data(&prime),
+                   PACKET_remaining(&prime), NULL)) == NULL
+        || (s->srp_ctx.g =
+            BN_bin2bn(PACKET_data(&generator),
+                      PACKET_remaining(&generator), NULL)) == NULL
+        || (s->srp_ctx.s =
+            BN_bin2bn(PACKET_data(&salt),
+                      PACKET_remaining(&salt), NULL)) == NULL
+        || (s->srp_ctx.B =
+            BN_bin2bn(PACKET_data(&server_pub),
+                      PACKET_remaining(&server_pub), NULL)) == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB);
+        return 0;
+    }
+
+    if (!srp_verify_server_param(s, al)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
+        return 0;
+    }
+
+    /* We must check if there is a certificate */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+
+    return 1;
+#else
+    SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
+{
+#ifndef OPENSSL_NO_DH
+    PACKET prime, generator, pub_key;
+    EVP_PKEY *peer_tmp = NULL;
+
+    DH *dh = NULL;
+    BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
+
+    int check_bits = 0;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    peer_tmp = EVP_PKEY_new();
+    dh = DH_new();
+
+    if (peer_tmp == NULL || dh == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
+    g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL);
+    bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
+                          NULL);
+    if (p == NULL || g == NULL || bnpub_key == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* test non-zero pubkey */
+    if (BN_is_zero(bnpub_key)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_pqg(dh, p, NULL, g)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
+        goto err;
+    }
+    p = g = NULL;
+
+    if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_key(dh, bnpub_key, NULL)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
+        goto err;
+    }
+    bnpub_key = NULL;
+
+    if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_DH_KEY_TOO_SMALL);
+        goto err;
+    }
+
+    if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    s->s3->peer_tmp = peer_tmp;
+
+    /*
+     * FIXME: This makes assumptions about which ciphersuites come with
+     * public keys. We should have a less ad-hoc way of doing this
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous DH, so no certificate or pkey. */
+
+    return 1;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(bnpub_key);
+    DH_free(dh);
+    EVP_PKEY_free(peer_tmp);
+
+    return 0;
+#else
+    SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
+{
+#ifndef OPENSSL_NO_EC
+    PACKET encoded_pt;
+    const unsigned char *ecparams;
+    int curve_nid;
+    unsigned int curve_flags;
+    EVP_PKEY_CTX *pctx = NULL;
+
+    /*
+     * Extract elliptic curve parameters and the server's ephemeral ECDH
+     * public key. For now we only support named (not generic) curves and
+     * ECParameters in this case is just three bytes.
+     */
+    if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_TOO_SHORT);
+        return 0;
+    }
+    /*
+     * Check curve is one of our preferences, if not server has sent an
+     * invalid curve. ECParameters is 3 bytes.
+     */
+    if (!tls1_check_curve(s, ecparams, 3)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_WRONG_CURVE);
+        return 0;
+    }
+
+    curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
+
+    if (curve_nid == 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
+               SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+        return 0;
+    }
+
+    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        EVP_PKEY *key = EVP_PKEY_new();
+
+        if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
+            EVP_PKEY_free(key);
+            return 0;
+        }
+        s->s3->peer_tmp = key;
+    } else {
+        /* Set up EVP_PKEY with named curve as parameters */
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+        if (pctx == NULL
+            || EVP_PKEY_paramgen_init(pctx) <= 0
+            || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
+            || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+        EVP_PKEY_CTX_free(pctx);
+        pctx = NULL;
+    }
+
+    if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                                        PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT);
+        return 0;
+    }
+
+    /*
+     * The ECC/TLS specification does not mention the use of DSA to sign
+     * ECParameters in the server key exchange message. We do support RSA
+     * and ECDSA.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous ECDH, so no certificate or pkey. */
+
+    return 1;
+#else
+    SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+{
+    int al = -1;
+    long alg_k;
+    EVP_PKEY *pkey = NULL;
+    PACKET save_param_start, signature;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    save_param_start = *pkt;
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+#endif
+
+    if (alg_k & SSL_PSK) {
+        if (!tls_process_ske_psk_preamble(s, pkt, &al))
+            goto err;
+    }
+
+    /* Nothing else to do for plain PSK or RSAPSK */
+    if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_ske_srp(s, pkt, &pkey, &al))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_ske_dhe(s, pkt, &pkey, &al))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al))
+            goto err;
+    } else if (alg_k) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto err;
+    }
+
+    /* if it was signed, check the signature */
+    if (pkey != NULL) {
+        PACKET params;
+        int maxsig;
+        const EVP_MD *md = NULL;
+        EVP_MD_CTX *md_ctx;
+
+        /*
+         * |pkt| now points to the beginning of the signature, so the difference
+         * equals the length of the parameters.
+         */
+        if (!PACKET_get_sub_packet(&save_param_start, &params,
+                                   PACKET_remaining(&save_param_start) -
+                                   PACKET_remaining(pkt))) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            const unsigned char *sigalgs;
+            int rv;
+            if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+                goto err;
+            }
+            rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
+            if (rv == -1) {
+                al = SSL_AD_INTERNAL_ERROR;
+                goto err;
+            } else if (rv == 0) {
+                al = SSL_AD_DECODE_ERROR;
+                goto err;
+            }
+#ifdef SSL_DEBUG
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+        } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+            md = EVP_md5_sha1();
+        } else {
+            md = EVP_sha1();
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &signature)
+            || PACKET_remaining(pkt) != 0) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        maxsig = EVP_PKEY_size(pkey);
+        if (maxsig < 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * Check signature length
+         */
+        if (PACKET_remaining(&signature) > (size_t)maxsig) {
+            /* wrong packet length */
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                   SSL_R_WRONG_SIGNATURE_LENGTH);
+            goto err;
+        }
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
+            || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
+                                PACKET_remaining(&params)) <= 0) {
+            EVP_MD_CTX_free(md_ctx);
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
+                            PACKET_remaining(&signature), pkey) <= 0) {
+            /* bad signature */
+            EVP_MD_CTX_free(md_ctx);
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+        EVP_MD_CTX_free(md_ctx);
+    } else {
+        /* aNULL, aSRP or PSK do not need public keys */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+            && !(alg_k & SSL_PSK)) {
+            /* Might be wrong key type, check it */
+            if (ssl3_check_cert_and_algorithm(s)) {
+                /* Otherwise this shouldn't happen */
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            } else {
+                al = SSL_AD_DECODE_ERROR;
+            }
+            goto err;
+        }
+        /* still data left over */
+        if (PACKET_remaining(pkt) != 0) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
+            goto err;
+        }
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    if (al != -1)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
+{
+    int ret = MSG_PROCESS_ERROR;
+    unsigned int list_len, ctype_num, i, name_len;
+    X509_NAME *xn = NULL;
+    const unsigned char *data;
+    const unsigned char *namestart, *namebytes;
+    STACK_OF(X509_NAME) *ca_sk = NULL;
+
+    if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* get the certificate types */
+    if (!PACKET_get_1(pkt, &ctype_num)
+        || !PACKET_get_bytes(pkt, &data, ctype_num)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    OPENSSL_free(s->cert->ctypes);
+    s->cert->ctypes = NULL;
+    if (ctype_num > SSL3_CT_NUMBER) {
+        /* If we exceed static buffer copy all to cert structure */
+        s->cert->ctypes = OPENSSL_malloc(ctype_num);
+        if (s->cert->ctypes == NULL) {
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        memcpy(s->cert->ctypes, data, ctype_num);
+        s->cert->ctype_num = (size_t)ctype_num;
+        ctype_num = SSL3_CT_NUMBER;
+    }
+    for (i = 0; i < ctype_num; i++)
+        s->s3->tmp.ctype[i] = data[i];
+
+    if (SSL_USE_SIGALGS(s)) {
+        if (!PACKET_get_net_2(pkt, &list_len)
+            || !PACKET_get_bytes(pkt, &data, list_len)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /* Clear certificate digests and validity flags */
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            s->s3->tmp.md[i] = NULL;
+            s->s3->tmp.valid_flags[i] = 0;
+        }
+        if ((list_len & 1) || !tls1_save_sigalgs(s, data, list_len)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+            goto err;
+        }
+        if (!tls1_process_sigalgs(s)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else {
+        ssl_set_default_md(s);
+    }
+
+    /* get the CA RDNs */
+    if (!PACKET_get_net_2(pkt, &list_len)
+        || PACKET_remaining(pkt) != list_len) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_net_2(pkt, &name_len)
+            || !PACKET_get_bytes(pkt, &namebytes, name_len)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        namestart = namebytes;
+
+        if ((xn = d2i_X509_NAME(NULL, (const unsigned char **)&namebytes,
+                                name_len)) == NULL) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        if (namebytes != (namestart + name_len)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                   SSL_R_CA_DN_LENGTH_MISMATCH);
+            goto err;
+        }
+        if (!sk_X509_NAME_push(ca_sk, xn)) {
+            SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        xn = NULL;
+    }
+
+    /* we should setup a certificate to return.... */
+    s->s3->tmp.cert_req = 1;
+    s->s3->tmp.ctype_num = ctype_num;
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    s->s3->tmp.ca_names = ca_sk;
+    ca_sk = NULL;
+
+    ret = MSG_PROCESS_CONTINUE_PROCESSING;
+    goto done;
+ err:
+    ossl_statem_set_error(s);
+ done:
+    X509_NAME_free(xn);
+    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    return ret;
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return (X509_NAME_cmp(*a, *b));
+}
+
+MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+{
+    int al;
+    unsigned int ticklen;
+    unsigned long ticket_lifetime_hint;
+
+    if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
+        || !PACKET_get_net_2(pkt, &ticklen)
+        || PACKET_remaining(pkt) != ticklen) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    /* Server is allowed to change its mind and send an empty ticket. */
+    if (ticklen == 0)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    if (s->session->session_id_length > 0) {
+        int i = s->session_ctx->session_cache_mode;
+        SSL_SESSION *new_sess;
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if (i & SSL_SESS_CACHE_CLIENT) {
+            /*
+             * Remove the old session from the cache. We carry on if this fails
+             */
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        }
+
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    OPENSSL_free(s->session->tlsext_tick);
+    s->session->tlsext_ticklen = 0;
+
+    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+    if (s->session->tlsext_tick == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PACKET_copy_bytes(pkt, s->session->tlsext_tick, ticklen)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->tlsext_ticklen = ticklen;
+    /*
+     * There are two ways to detect a resumed ticket session. One is to set
+     * an appropriate session ID and then the server must return a match in
+     * ServerHello. This allows the normal client session ID matching to work
+     * and we know much earlier that the ticket has been accepted. The
+     * other way is to set zero length session ID when the ticket is
+     * presented and rely on the handshake to determine session resumption.
+     * We choose the former approach because this fits in with assumptions
+     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+     * SHA256 is disabled) hash of the ticket.
+     */
+    if (!EVP_Digest(s->session->tlsext_tick, ticklen,
+                    s->session->session_id, &s->session->session_id_length,
+                    EVP_sha256(), NULL)) {
+        SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
+        goto err;
+    }
+    return MSG_PROCESS_CONTINUE_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
+{
+    int al;
+    unsigned long resplen;
+    unsigned int type;
+
+    if (!PACKET_get_1(pkt, &type)
+        || type != TLSEXT_STATUSTYPE_ocsp) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
+        goto f_err;
+    }
+    if (!PACKET_get_net_3(pkt, &resplen)
+        || PACKET_remaining(pkt) != resplen) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
+    if (s->tlsext_ocsp_resp == NULL) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
+    if (!PACKET_copy_bytes(pkt, s->tlsext_ocsp_resp, resplen)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    s->tlsext_ocsp_resplen = resplen;
+    return MSG_PROCESS_CONTINUE_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
+        ossl_statem_set_error(s);
+        return MSG_PROCESS_ERROR;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (SRP_Calc_A_param(s) <= 0) {
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_SRP_A_CALC);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            ossl_statem_set_error(s);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#endif
+
+    /*
+     * at this point we check that we have the required stuff from
+     * the server
+     */
+    if (!ssl3_check_cert_and_algorithm(s)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+        ossl_statem_set_error(s);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * Call the ocsp status callback if needed. The |tlsext_ocsp_resp| and
+     * |tlsext_ocsp_resplen| values will be set if we actually received a status
+     * message, or NULL and -1 otherwise
+     */
+    if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) {
+        int ret;
+        ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+        if (ret == 0) {
+            ssl3_send_alert(s, SSL3_AL_FATAL,
+                            SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE,
+                   SSL_R_INVALID_STATUS_RESPONSE);
+            return MSG_PROCESS_ERROR;
+        }
+        if (ret < 0) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, ERR_R_MALLOC_FAILURE);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#ifndef OPENSSL_NO_CT
+    if (s->ct_validation_callback != NULL) {
+        /* Note we validate the SCTs whether or not we abort on error */
+        if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#endif
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
+                                          size_t *pskhdrlen, int *al)
+{
+#ifndef OPENSSL_NO_PSK
+    int ret = 0;
+    /*
+     * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+     * \0-terminated identity. The last byte is for us for simulating
+     * strnlen.
+     */
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+    size_t identitylen = 0;
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    unsigned char *tmppsk = NULL;
+    char *tmpidentity = NULL;
+    size_t psklen = 0;
+
+    if (s->psk_client_callback == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB);
+        *al = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+
+    memset(identity, 0, sizeof(identity));
+
+    psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+                                    identity, sizeof(identity) - 1,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        goto err;
+    } else if (psklen == 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+               SSL_R_PSK_IDENTITY_NOT_FOUND);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        goto err;
+    }
+
+    identitylen = strlen(identity);
+    if (identitylen > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        goto err;
+    }
+
+    tmppsk = OPENSSL_memdup(psk, psklen);
+    tmpidentity = OPENSSL_strdup(identity);
+    if (tmppsk == NULL || tmpidentity == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+        *al = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = tmppsk;
+    s->s3->tmp.psklen = psklen;
+    tmppsk = NULL;
+    OPENSSL_free(s->session->psk_identity);
+    s->session->psk_identity = tmpidentity;
+    tmpidentity = NULL;
+    s2n(identitylen, *p);
+    memcpy(*p, identity, identitylen);
+    *pskhdrlen = 2 + identitylen;
+    *p += identitylen;
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(psk, psklen);
+    OPENSSL_cleanse(identity, sizeof(identity));
+    OPENSSL_clear_free(tmppsk, psklen);
+    OPENSSL_clear_free(tmpidentity, identitylen);
+
+    return ret;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t enclen;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if (s->session->peer == NULL) {
+        /*
+         * We should always have a server certificate with SSL_kRSA.
+         */
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pkey = X509_get0_pubkey(s->session->peer);
+    if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE);
+        *al = SSL_AD_INTERNAL_ERROR;
+        return 0;
+    }
+
+    pms[0] = s->client_version >> 8;
+    pms[1] = s->client_version & 0xff;
+    if (RAND_bytes(pms + 2, pmslen - 2) <= 0) {
+        goto err;
+    }
+
+    q = *p;
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION)
+        *p += 2;
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+        || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT);
+        goto err;
+    }
+    *len = enclen;
+    EVP_PKEY_CTX_free(pctx);
+    pctx = NULL;
+# ifdef PKCS1_CHECK
+    if (s->options & SSL_OP_PKCS1_CHECK_1)
+        (*p)[1]++;
+    if (s->options & SSL_OP_PKCS1_CHECK_2)
+        tmp_buf[0] = 0x70;
+# endif
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION) {
+        s2n(*len, q);
+        *len += 2;
+    }
+
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+
+    return 0;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
+{
+#ifndef OPENSSL_NO_DH
+    DH *dh_clnt = NULL;
+    const BIGNUM *pub_key;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    dh_clnt = EVP_PKEY_get0_DH(ckey);
+
+    if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(ckey);
+        return 0;
+    }
+
+    /* send off the data */
+    DH_get0_key(dh_clnt, &pub_key, NULL);
+    *len = BN_num_bytes(pub_key);
+    s2n(*len, *p);
+    BN_bn2bin(pub_key, *p);
+    *len += 2;
+    EVP_PKEY_free(ckey);
+
+    return 1;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
+{
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    int encoded_pt_len = 0;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey) == 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    /* Generate encoding of client key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
+
+    if (encoded_pt_len == 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    EVP_PKEY_free(ckey);
+    ckey = NULL;
+
+    *len = encoded_pt_len;
+
+    /* length of encoded point */
+    **p = *len;
+    *p += 1;
+    /* copy the point */
+    memcpy(*p, encodedPoint, *len);
+    /* increment len to account for length field */
+    *len += 1;
+
+    OPENSSL_free(encodedPoint);
+
+    return 1;
+ err:
+    EVP_PKEY_free(ckey);
+    return 0;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
+{
+#ifndef OPENSSL_NO_GOST
+    /* GOST key exchange message creation */
+    EVP_PKEY_CTX *pkey_ctx = NULL;
+    X509 *peer_cert;
+    size_t msglen;
+    unsigned int md_len;
+    unsigned char shared_ukm[32], tmp[256];
+    EVP_MD_CTX *ukm_hash = NULL;
+    int dgst_nid = NID_id_GostR3411_94;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
+        dgst_nid = NID_id_GostR3411_2012_256;
+
+    /*
+     * Get server certificate PKEY and create ctx from it
+     */
+    peer_cert = s->session->peer;
+    if (!peer_cert) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST,
+               SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+        return 0;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+    if (pkey_ctx == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * If we have send a certificate, and certificate key
+     * parameters match those of server certificate, use
+     * certificate key for key exchange
+     */
+
+    /* Otherwise, generate ephemeral key pair */
+    pmslen = 32;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+        /* Generate session key */
+        || RAND_bytes(pms, pmslen) <= 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    };
+    /*
+     * Compute shared IV and store it in algorithm-specific context
+     * data
+     */
+    ukm_hash = EVP_MD_CTX_new();
+    if (ukm_hash == NULL
+        || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    EVP_MD_CTX_free(ukm_hash);
+    ukm_hash = NULL;
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+    /* Make GOST keytransport blob message */
+    /*
+     * Encapsulate it into sequence
+     */
+    *((*p)++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
+    msglen = 255;
+    if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+    if (msglen >= 0x80) {
+        *((*p)++) = 0x81;
+        *((*p)++) = msglen & 0xff;
+        *len = msglen + 3;
+    } else {
+        *((*p)++) = msglen & 0xff;
+        *len = msglen + 2;
+    }
+    memcpy(*p, tmp, msglen);
+
+    EVP_PKEY_CTX_free(pkey_ctx);
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_MD_CTX_free(ukm_hash);
+    return 0;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
+{
+#ifndef OPENSSL_NO_SRP
+    if (s->srp_ctx.A != NULL) {
+        /* send off the data */
+        *len = BN_num_bytes(s->srp_ctx.A);
+        s2n(*len, *p);
+        BN_bn2bin(s->srp_ctx.A, *p);
+        *len += 2;
+    } else {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
+    *al = SSL_AD_INTERNAL_ERROR;
+    return 0;
+#endif
+}
+
+int tls_construct_client_key_exchange(SSL *s)
+{
+    unsigned char *p;
+    int len;
+    size_t pskhdrlen = 0;
+    unsigned long alg_k;
+    int al = -1;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    p = ssl_handshake_start(s);
+
+    if ((alg_k & SSL_PSK)
+        && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
+        goto err;
+
+    if (alg_k & SSL_kPSK) {
+        len = 0;
+    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_construct_cke_rsa(s, &p, &len, &al))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_construct_cke_dhe(s, &p, &len, &al))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
+            goto err;
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_construct_cke_gost(s, &p, &len, &al))
+            goto err;
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_construct_cke_srp(s, &p, &len, &al))
+            goto err;
+    } else {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    len += pskhdrlen;
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, len)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    return 1;
+ err:
+    if (al != -1)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    s->s3->tmp.pms = NULL;
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+int tls_client_key_exchange_post_work(SSL *s)
+{
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
+#ifndef OPENSSL_NO_SRP
+    /* Check for SRP */
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (!srp_generate_client_master_secret(s)) {
+            SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        return 1;
+    }
+#endif
+
+    if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+        SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+        SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
+        goto err;
+    }
+    pms = NULL;
+    pmslen = 0;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s)) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+         * used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0)
+            goto err;
+
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    s->s3->tmp.pms = NULL;
+    return 0;
+}
+
+int tls_construct_client_verify(SSL *s)
+{
+    unsigned char *p;
+    EVP_PKEY *pkey;
+    const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
+    EVP_MD_CTX *mctx;
+    unsigned u = 0;
+    unsigned long n = 0;
+    long hdatalen = 0;
+    void *hdata;
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = ssl_handshake_start(s);
+    pkey = s->cert->key->privatekey;
+
+    hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+    if (hdatalen <= 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if (SSL_USE_SIGALGS(s)) {
+        if (!tls12_get_sigandhash(p, pkey, md)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        p += 2;
+        n = 2;
+    }
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
+#endif
+    if (!EVP_SignInit_ex(mctx, md, NULL)
+        || !EVP_SignUpdate(mctx, hdata, hdatalen)
+        || (s->version == SSL3_VERSION
+            && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                s->session->master_key_length,
+                                s->session->master_key))
+        || !EVP_SignFinal(mctx, p + 2, &u, pkey)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = EVP_PKEY_id(pkey);
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512)
+            BUF_reverse(p + 2, NULL, u);
+    }
+#endif
+
+    s2n(u, p);
+    n += u + 2;
+    /* Digest cached records and discard handshake buffer */
+    if (!ssl3_digest_cached_records(s, 0))
+        goto err;
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_free(mctx);
+    return 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return 0;
+}
+
+/*
+ * Check a certificate can be used for client authentication. Currently check
+ * cert exists, if we have a suitable digest for TLS 1.2 if static DH client
+ * certificates can be used and optionally checks suitability for Suite B.
+ */
+static int ssl3_check_client_certificate(SSL *s)
+{
+    if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
+        return 0;
+    /* If no suitable signature algorithm can't use certificate */
+    if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])
+        return 0;
+    /*
+     * If strict mode check suitability of chain before using it. This also
+     * adjusts suite B digest if necessary.
+     */
+    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
+        !tls1_check_chain(s, NULL, NULL, NULL, -2))
+        return 0;
+    return 1;
+}
+
+WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+
+    if (wst == WORK_MORE_A) {
+        /* Let cert callback update client certificates if required */
+        if (s->cert->cert_cb) {
+            i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+            if (i < 0) {
+                s->rwstate = SSL_X509_LOOKUP;
+                return WORK_MORE_A;
+            }
+            if (i == 0) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                ossl_statem_set_error(s);
+                return 0;
+            }
+            s->rwstate = SSL_NOTHING;
+        }
+        if (ssl3_check_client_certificate(s))
+            return WORK_FINISHED_CONTINUE;
+
+        /* Fall through to WORK_MORE_B */
+        wst = WORK_MORE_B;
+    }
+
+    /* We need to get a client cert */
+    if (wst == WORK_MORE_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_B;
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+        if (i && !ssl3_check_client_certificate(s))
+            i = 0;
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return WORK_FINISHED_CONTINUE;
+            } else {
+                s->s3->tmp.cert_req = 2;
+                if (!ssl3_digest_cached_records(s, 0)) {
+                    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                    ossl_statem_set_error(s);
+                    return 0;
+                }
+            }
+        }
+
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    /* Shouldn't ever get here */
+    return WORK_ERROR;
+}
+
+int tls_construct_client_certificate(SSL *s)
+{
+    if (!ssl3_output_cert_chain(s,
+                                (s->s3->tmp.cert_req ==
+                                 2) ? NULL : s->cert->key)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    return 1;
+}
+
+#define has_bits(i,m)   (((i)&(m)) == (m))
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+    int i;
+#ifndef OPENSSL_NO_EC
+    int idx;
+#endif
+    long alg_k, alg_a;
+    EVP_PKEY *pkey = NULL;
+    int al = SSL_AD_HANDSHAKE_FAILURE;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /* we don't have a certificate */
+    if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
+        return (1);
+
+    /* This is the passed certificate */
+
+#ifndef OPENSSL_NO_EC
+    idx = s->session->peer_type;
+    if (idx == SSL_PKEY_ECC) {
+        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
+            /* check failed */
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+            goto f_err;
+        } else {
+            return 1;
+        }
+    } else if (alg_a & SSL_aECDSA) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_ECDSA_SIGNING_CERT);
+        goto f_err;
+    }
+#endif
+    pkey = X509_get0_pubkey(s->session->peer);
+    i = X509_certificate_type(s->session->peer, pkey);
+
+    /* Check that we have a certificate if we require one */
+    if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_RSA_SIGNING_CERT);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_DSA
+    else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_DSA_SIGNING_CERT);
+        goto f_err;
+    }
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) &&
+        !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+        goto f_err;
+    }
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    }
+#endif
+
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return (0);
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_construct_next_proto(SSL *s)
+{
+    unsigned int len, padding_len;
+    unsigned char *d;
+
+    len = s->next_proto_negotiated_len;
+    padding_len = 32 - ((len + 2) % 32);
+    d = (unsigned char *)s->init_buf->data;
+    d[4] = len;
+    memcpy(d + 5, s->next_proto_negotiated, len);
+    d[5 + len] = padding_len;
+    memset(d + 6 + len, 0, padding_len);
+    *(d++) = SSL3_MT_NEXT_PROTO;
+    l2n3(2 + len + padding_len, d);
+    s->init_num = 4 + 2 + len + padding_len;
+    s->init_off = 0;
+
+    return 1;
+}
+#endif
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+    int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+    if (s->ctx->client_cert_engine) {
+        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                        SSL_get_client_CA_list(s),
+                                        px509, ppkey, NULL, NULL, NULL);
+        if (i != 0)
+            return i;
+    }
+#endif
+    if (s->ctx->client_cert_cb)
+        i = s->ctx->client_cert_cb(s, px509, ppkey);
+    return i;
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
+{
+    int i, j = 0;
+    const SSL_CIPHER *c;
+    unsigned char *q;
+    int empty_reneg_info_scsv = !s->renegotiate;
+    /* Set disabled masks for this session */
+    ssl_set_client_disabled(s);
+
+    if (sk == NULL)
+        return (0);
+    q = p;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        /* Skip disabled ciphers */
+        if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+            continue;
+        j = s->method->put_cipher_by_char(c, p);
+        p += j;
+    }
+    /*
+     * If p == q, no ciphers; caller indicates an error. Otherwise, add
+     * applicable SCSVs.
+     */
+    if (p != q) {
+        if (empty_reneg_info_scsv) {
+            static SSL_CIPHER scsv = {
+                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            j = s->method->put_cipher_by_char(&scsv, p);
+            p += j;
+        }
+        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+            static SSL_CIPHER scsv = {
+                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            j = s->method->put_cipher_by_char(&scsv, p);
+            p += j;
+        }
+    }
+
+    return (p - q);
+}
diff --git a/openssl-1.1.0h/ssl/statem/statem_dtls.c b/openssl-1.1.0h/ssl/statem/statem_dtls.c
new file mode 100644
index 0000000..6b80620
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem_dtls.c
@@ -0,0 +1,1220 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+                        if ((end) - (start) <= 8) { \
+                                long ii; \
+                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+                        } else { \
+                                long ii; \
+                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+                        } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+                        long ii; \
+                        OPENSSL_assert((msg_len) > 0); \
+                        is_complete = 1; \
+                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+static unsigned char bitmask_start_values[] =
+    { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
+static unsigned char bitmask_end_values[] =
+    { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
+
+static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+                                     unsigned long frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                                         unsigned long len,
+                                         unsigned short seq_num,
+                                         unsigned long frag_off,
+                                         unsigned long frag_len);
+static int dtls_get_reassembled_message(SSL *s, long *len);
+
+static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
+                                          int reassembly)
+{
+    hm_fragment *frag = NULL;
+    unsigned char *buf = NULL;
+    unsigned char *bitmask = NULL;
+
+    frag = OPENSSL_malloc(sizeof(*frag));
+    if (frag == NULL)
+        return NULL;
+
+    if (frag_len) {
+        buf = OPENSSL_malloc(frag_len);
+        if (buf == NULL) {
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    /* zero length fragment gets zero frag->fragment */
+    frag->fragment = buf;
+
+    /* Initialize reassembly bitmask if necessary */
+    if (reassembly) {
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
+        if (bitmask == NULL) {
+            OPENSSL_free(buf);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    frag->reassembly = bitmask;
+
+    return frag;
+}
+
+void dtls1_hm_fragment_free(hm_fragment *frag)
+{
+    if (!frag)
+        return;
+    if (frag->msg_header.is_ccs) {
+        EVP_CIPHER_CTX_free(frag->msg_header.
+                            saved_retransmit_state.enc_write_ctx);
+        EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash);
+    }
+    OPENSSL_free(frag->fragment);
+    OPENSSL_free(frag->reassembly);
+    OPENSSL_free(frag);
+}
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int dtls1_do_write(SSL *s, int type)
+{
+    int ret;
+    unsigned int curr_mtu;
+    int retry = 1;
+    unsigned int len, frag_off, mac_size, blocksize, used_len;
+
+    if (!dtls1_query_mtu(s))
+        return -1;
+
+    if (s->d1->mtu < dtls1_min_mtu(s))
+        /* should have something reasonable now */
+        return -1;
+
+    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
+        OPENSSL_assert(s->init_num ==
+                       (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+
+    if (s->write_hash) {
+        if (s->enc_write_ctx
+            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+                EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
+            mac_size = 0;
+        else
+            mac_size = EVP_MD_CTX_size(s->write_hash);
+    } else
+        mac_size = 0;
+
+    if (s->enc_write_ctx &&
+        (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
+        blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
+    else
+        blocksize = 0;
+
+    frag_off = 0;
+    s->rwstate = SSL_NOTHING;
+
+    /* s->init_num shouldn't ever be < 0...but just in case */
+    while (s->init_num > 0) {
+        if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) {
+            /* We must be writing a fragment other than the first one */
+
+            if (frag_off > 0) {
+                /* This is the first attempt at writing out this fragment */
+
+                if (s->init_off <= DTLS1_HM_HEADER_LENGTH) {
+                    /*
+                     * Each fragment that was already sent must at least have
+                     * contained the message header plus one other byte.
+                     * Therefore |init_off| must have progressed by at least
+                     * |DTLS1_HM_HEADER_LENGTH + 1| bytes. If not something went
+                     * wrong.
+                     */
+                    return -1;
+                }
+
+                /*
+                 * Adjust |init_off| and |init_num| to allow room for a new
+                 * message header for this fragment.
+                 */
+                s->init_off -= DTLS1_HM_HEADER_LENGTH;
+                s->init_num += DTLS1_HM_HEADER_LENGTH;
+            } else {
+                /*
+                 * We must have been called again after a retry so use the
+                 * fragment offset from our last attempt. We do not need
+                 * to adjust |init_off| and |init_num| as above, because
+                 * that should already have been done before the retry.
+                 */
+                frag_off = s->d1->w_msg_hdr.frag_off;
+            }
+        }
+
+        used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
+            + mac_size + blocksize;
+        if (s->d1->mtu > used_len)
+            curr_mtu = s->d1->mtu - used_len;
+        else
+            curr_mtu = 0;
+
+        if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
+            /*
+             * grr.. we could get an error if MTU picked was wrong
+             */
+            ret = BIO_flush(s->wbio);
+            if (ret <= 0) {
+                s->rwstate = SSL_WRITING;
+                return ret;
+            }
+            used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+            if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
+                curr_mtu = s->d1->mtu - used_len;
+            } else {
+                /* Shouldn't happen */
+                return -1;
+            }
+        }
+
+        /*
+         * We just checked that s->init_num > 0 so this cast should be safe
+         */
+        if (((unsigned int)s->init_num) > curr_mtu)
+            len = curr_mtu;
+        else
+            len = s->init_num;
+
+        if (len > s->max_send_fragment)
+            len = s->max_send_fragment;
+
+        /*
+         * XDTLS: this function is too long.  split out the CCS part
+         */
+        if (type == SSL3_RT_HANDSHAKE) {
+            if (len < DTLS1_HM_HEADER_LENGTH) {
+                /*
+                 * len is so small that we really can't do anything sensible
+                 * so fail
+                 */
+                return -1;
+            }
+            dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
+
+            dtls1_write_message_header(s,
+                                       (unsigned char *)&s->init_buf->
+                                       data[s->init_off]);
+        }
+
+        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len);
+        if (ret < 0) {
+            /*
+             * might need to update MTU here, but we don't know which
+             * previous packet caused the failure -- so can't really
+             * retransmit anything.  continue as if everything is fine and
+             * wait for an alert to handle the retransmit
+             */
+            if (retry && BIO_ctrl(SSL_get_wbio(s),
+                                  BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+                if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+                    if (!dtls1_query_mtu(s))
+                        return -1;
+                    /* Have one more go */
+                    retry = 0;
+                } else
+                    return -1;
+            } else {
+                return (-1);
+            }
+        } else {
+
+            /*
+             * bad if this assert fails, only part of the handshake message
+             * got sent.  but why would this happen?
+             */
+            OPENSSL_assert(len == (unsigned int)ret);
+
+            if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
+                /*
+                 * should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway
+                 */
+                unsigned char *p =
+                    (unsigned char *)&s->init_buf->data[s->init_off];
+                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+                int xlen;
+
+                if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+                    /*
+                     * reconstruct message header is if it is being sent in
+                     * single fragment
+                     */
+                    *p++ = msg_hdr->type;
+                    l2n3(msg_hdr->msg_len, p);
+                    s2n(msg_hdr->seq, p);
+                    l2n3(0, p);
+                    l2n3(msg_hdr->msg_len, p);
+                    p -= DTLS1_HM_HEADER_LENGTH;
+                    xlen = ret;
+                } else {
+                    p += DTLS1_HM_HEADER_LENGTH;
+                    xlen = ret - DTLS1_HM_HEADER_LENGTH;
+                }
+
+                if (!ssl3_finish_mac(s, p, xlen))
+                    return -1;
+            }
+
+            if (ret == s->init_num) {
+                if (s->msg_callback)
+                    s->msg_callback(1, s->version, type, s->init_buf->data,
+                                    (size_t)(s->init_off + s->init_num), s,
+                                    s->msg_callback_arg);
+
+                s->init_off = 0; /* done writing this message */
+                s->init_num = 0;
+
+                return (1);
+            }
+            s->init_off += ret;
+            s->init_num -= ret;
+            ret -= DTLS1_HM_HEADER_LENGTH;
+            frag_off += ret;
+
+            /*
+             * We save the fragment offset for the next fragment so we have it
+             * available in case of an IO retry. We don't know the length of the
+             * next fragment yet so just set that to 0 for now. It will be
+             * updated again later.
+             */
+            dtls1_fix_message_header(s, frag_off, 0);
+        }
+    }
+    return (0);
+}
+
+int dtls_get_message(SSL *s, int *mt, unsigned long *len)
+{
+    struct hm_header_st *msg_hdr;
+    unsigned char *p;
+    unsigned long msg_len;
+    int ok;
+    long tmplen;
+
+    msg_hdr = &s->d1->r_msg_hdr;
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+ again:
+    ok = dtls_get_reassembled_message(s, &tmplen);
+    if (tmplen == DTLS1_HM_BAD_FRAGMENT || tmplen == DTLS1_HM_FRAGMENT_RETRY) {
+        /* bad fragment received */
+        goto again;
+    } else if (tmplen <= 0 && !ok) {
+        return 0;
+    }
+
+    *mt = s->s3->tmp.message_type;
+
+    p = (unsigned char *)s->init_buf->data;
+
+    if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        if (s->msg_callback) {
+            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+                            p, 1, s, s->msg_callback_arg);
+        }
+        /*
+         * This isn't a real handshake message so skip the processing below.
+         */
+        *len = (unsigned long)tmplen;
+        return 1;
+    }
+
+    msg_len = msg_hdr->msg_len;
+
+    /* reconstruct message header */
+    *(p++) = msg_hdr->type;
+    l2n3(msg_len, p);
+    s2n(msg_hdr->seq, p);
+    l2n3(0, p);
+    l2n3(msg_len, p);
+    if (s->version != DTLS1_BAD_VER) {
+        p -= DTLS1_HM_HEADER_LENGTH;
+        msg_len += DTLS1_HM_HEADER_LENGTH;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl3_finish_mac(s, p, msg_len))
+        return 0;
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                        p, msg_len, s, s->msg_callback_arg);
+
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+    s->d1->handshake_read_seq++;
+
+    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+    *len = s->init_num;
+
+    return 1;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+{
+    unsigned long max_len =
+        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < (unsigned long)s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
+}
+
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
+{
+    size_t frag_off, frag_len, msg_len;
+
+    msg_len = msg_hdr->msg_len;
+    frag_off = msg_hdr->frag_off;
+    frag_len = msg_hdr->frag_len;
+
+    /* sanity checking */
+    if ((frag_off + frag_len) > msg_len
+            || msg_len > dtls1_max_handshake_message_len(s)) {
+        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return SSL_AD_ILLEGAL_PARAMETER;
+    }
+
+    if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
+        /*
+         * msg_len is limited to 2^24, but is effectively checked against
+         * dtls_max_handshake_message_len(s) above
+         */
+        if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+            SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
+            return SSL_AD_INTERNAL_ERROR;
+        }
+
+        s->s3->tmp.message_size = msg_len;
+        s->d1->r_msg_hdr.msg_len = msg_len;
+        s->s3->tmp.message_type = msg_hdr->type;
+        s->d1->r_msg_hdr.type = msg_hdr->type;
+        s->d1->r_msg_hdr.seq = msg_hdr->seq;
+    } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
+        /*
+         * They must be playing with us! BTW, failure to enforce upper limit
+         * would open possibility for buffer overrun.
+         */
+        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return SSL_AD_ILLEGAL_PARAMETER;
+    }
+
+    return 0;                   /* no error */
+}
+
+static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok)
+{
+    /*-
+     * (0) check whether the desired fragment is available
+     * if so:
+     * (1) copy over the fragment to s->init_buf->data[]
+     * (2) update s->init_num
+     */
+    pitem *item;
+    hm_fragment *frag;
+    int al;
+
+    *ok = 0;
+
+    do {
+        item = pqueue_peek(s->d1->buffered_messages);
+        if (item == NULL)
+            return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if (frag->msg_header.seq < s->d1->handshake_read_seq) {
+            /* This is a stale message that has been buffered so clear it */
+            pqueue_pop(s->d1->buffered_messages);
+            dtls1_hm_fragment_free(frag);
+            pitem_free(item);
+            item = NULL;
+            frag = NULL;
+        }
+    } while (item == NULL);
+
+    /* Don't return if reassembly still in progress */
+    if (frag->reassembly != NULL)
+        return 0;
+
+    if (s->d1->handshake_read_seq == frag->msg_header.seq) {
+        unsigned long frag_len = frag->msg_header.frag_len;
+        pqueue_pop(s->d1->buffered_messages);
+
+        al = dtls1_preprocess_fragment(s, &frag->msg_header);
+
+        if (al == 0) {          /* no alert */
+            unsigned char *p =
+                (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+            memcpy(&p[frag->msg_header.frag_off], frag->fragment,
+                   frag->msg_header.frag_len);
+        }
+
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+
+        if (al == 0) {
+            *ok = 1;
+            return frag_len;
+        }
+
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        s->init_num = 0;
+        *ok = 0;
+        return -1;
+    } else
+        return 0;
+}
+
+static int
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
+{
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    int i = -1, is_complete;
+    unsigned char seq64be[8];
+    unsigned long frag_len = msg_hdr->frag_len;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
+        msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+        goto err;
+
+    if (frag_len == 0)
+        return DTLS1_HM_FRAGMENT_RETRY;
+
+    /* Try to find item in queue */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    if (item == NULL) {
+        frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+        if (frag == NULL)
+            goto err;
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+        frag->msg_header.frag_len = frag->msg_header.msg_len;
+        frag->msg_header.frag_off = 0;
+    } else {
+        frag = (hm_fragment *)item->data;
+        if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+            item = NULL;
+            frag = NULL;
+            goto err;
+        }
+    }
+
+    /*
+     * If message is already reassembled, this must be a retransmit and can
+     * be dropped. In this case item != NULL and so frag does not need to be
+     * freed.
+     */
+    if (frag->reassembly == NULL) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0);
+            if (i <= 0)
+                goto err;
+            frag_len -= i;
+        }
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* read the body of the fragment (header has already been read */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                  frag->fragment + msg_hdr->frag_off,
+                                  frag_len, 0);
+    if ((unsigned long)i != frag_len)
+        i = -1;
+    if (i <= 0)
+        goto err;
+
+    RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+                        (long)(msg_hdr->frag_off + frag_len));
+
+    RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+                               is_complete);
+
+    if (is_complete) {
+        OPENSSL_free(frag->reassembly);
+        frag->reassembly = NULL;
+    }
+
+    if (item == NULL) {
+        item = pitem_new(seq64be, frag);
+        if (item == NULL) {
+            i = -1;
+            goto err;
+        }
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it and control would never have reached this
+         * branch.
+         */
+        OPENSSL_assert(item != NULL);
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    *ok = 0;
+    return i;
+}
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
+                                 int *ok)
+{
+    int i = -1;
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    unsigned char seq64be[8];
+    unsigned long frag_len = msg_hdr->frag_len;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
+        goto err;
+
+    /* Try to find item in queue, to prevent duplicate entries */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    /*
+     * If we already have an entry and this one is a fragment, don't discard
+     * it and rather try to reassemble it.
+     */
+    if (item != NULL && frag_len != msg_hdr->msg_len)
+        item = NULL;
+
+    /*
+     * Discard the message if sequence number was already there, is too far
+     * in the future, already in the queue or if we received a FINISHED
+     * before the SERVER_HELLO, which then must be a stale retransmit.
+     */
+    if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+        msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0);
+            if (i <= 0)
+                goto err;
+            frag_len -= i;
+        }
+    } else {
+        if (frag_len != msg_hdr->msg_len)
+            return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+        if (frag_len > dtls1_max_handshake_message_len(s))
+            goto err;
+
+        frag = dtls1_hm_fragment_new(frag_len, 0);
+        if (frag == NULL)
+            goto err;
+
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+        if (frag_len) {
+            /*
+             * read the body of the fragment (header has already been read
+             */
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          frag->fragment, frag_len, 0);
+            if ((unsigned long)i != frag_len)
+                i = -1;
+            if (i <= 0)
+                goto err;
+        }
+
+        item = pitem_new(seq64be, frag);
+        if (item == NULL)
+            goto err;
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it. Then, either |frag_len| !=
+         * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
+         * have been processed with |dtls1_reassemble_fragment|, above, or
+         * the record will have been discarded.
+         */
+        OPENSSL_assert(item != NULL);
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    *ok = 0;
+    return i;
+}
+
+static int dtls_get_reassembled_message(SSL *s, long *len)
+{
+    unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+    unsigned long mlen, frag_off, frag_len;
+    int i, al, recvd_type;
+    struct hm_header_st msg_hdr;
+    int ok;
+
+ redo:
+    /* see if we have the required fragment already */
+    if ((frag_len = dtls1_retrieve_buffered_fragment(s, &ok)) || ok) {
+        if (ok)
+            s->init_num = frag_len;
+        *len = frag_len;
+        return ok;
+    }
+
+    /* read handshake message header */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
+                                  DTLS1_HM_HEADER_LENGTH, 0);
+    if (i <= 0) {               /* nbio, or an error */
+        s->rwstate = SSL_READING;
+        *len = i;
+        return 0;
+    }
+    if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        if (wire[0] != SSL3_MT_CCS) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                   SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+
+        memcpy(s->init_buf->data, wire, i);
+        s->init_num = i - 1;
+        s->init_msg = s->init_buf->data + 1;
+        s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+        s->s3->tmp.message_size = i - 1;
+        *len = i - 1;
+        return 1;
+    }
+
+    /* Handshake fails if message header is incomplete */
+    if (i != DTLS1_HM_HEADER_LENGTH) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    /* parse the message fragment header */
+    dtls1_get_message_header(wire, &msg_hdr);
+
+    mlen = msg_hdr.msg_len;
+    frag_off = msg_hdr.frag_off;
+    frag_len = msg_hdr.frag_len;
+
+    /*
+     * We must have at least frag_len bytes left in the record to be read.
+     * Fragments must not span records.
+     */
+    if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) {
+        al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * if this is a future (or stale) message it gets buffered
+     * (or dropped)--no further processing at this time
+     * While listening, we accept seq 1 (ClientHello with cookie)
+     * although we're still expecting seq 0 (ClientHello)
+     */
+    if (msg_hdr.seq != s->d1->handshake_read_seq) {
+        *len = dtls1_process_out_of_seq_message(s, &msg_hdr, &ok);
+        return ok;
+    }
+
+    if (frag_len && frag_len < mlen) {
+        *len = dtls1_reassemble_fragment(s, &msg_hdr, &ok);
+        return ok;
+    }
+
+    if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
+        wire[0] == SSL3_MT_HELLO_REQUEST) {
+        /*
+         * The server may always send 'Hello Request' messages -- we are
+         * doing a handshake anyway now, so ignore them if their format is
+         * correct. Does not count for 'Finished' MAC.
+         */
+        if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                wire, DTLS1_HM_HEADER_LENGTH, s,
+                                s->msg_callback_arg);
+
+            s->init_num = 0;
+            goto redo;
+        } else {                /* Incorrectly formatted Hello request */
+
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                   SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+    }
+
+    if ((al = dtls1_preprocess_fragment(s, &msg_hdr)))
+        goto f_err;
+
+    if (frag_len > 0) {
+        unsigned char *p =
+            (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[frag_off], frag_len, 0);
+
+        /*
+         * This shouldn't ever fail due to NBIO because we already checked
+         * that we have enough data in the record
+         */
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = i;
+            return 0;
+        }
+    } else
+        i = 0;
+
+    /*
+     * XDTLS: an incorrectly formatted fragment should cause the handshake
+     * to fail
+     */
+    if (i != (int)frag_len) {
+        al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER);
+        goto f_err;
+    }
+
+    /*
+     * Note that s->init_num is *not* used as current offset in
+     * s->init_buf->data, but as a counter summing up fragments' lengths: as
+     * soon as they sum up to handshake packet length, we assume we have got
+     * all the fragments.
+     */
+    *len = s->init_num = frag_len;
+    return 1;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    s->init_num = 0;
+    *len = -1;
+    return 0;
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->rlayer.read_sequence            zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int dtls_construct_change_cipher_spec(SSL *s)
+{
+    unsigned char *p;
+
+    p = (unsigned char *)s->init_buf->data;
+    *p++ = SSL3_MT_CCS;
+    s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+    s->init_num = DTLS1_CCS_HEADER_LENGTH;
+
+    if (s->version == DTLS1_BAD_VER) {
+        s->d1->next_handshake_write_seq++;
+        s2n(s->d1->handshake_write_seq, p);
+        s->init_num += 2;
+    }
+
+    s->init_off = 0;
+
+    dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                                 s->d1->handshake_write_seq, 0, 0);
+
+    /* buffer the message to handle re-xmits */
+    if (!dtls1_buffer_message(s, 1)) {
+        SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer (except possibly an alert).
+ */
+WORK_STATE dtls_wait_for_dry(SSL *s)
+{
+    int ret;
+    long len;
+
+    /* read app data until dry event */
+    ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+    if (ret < 0)
+        return WORK_ERROR;
+
+    if (ret == 0) {
+        /*
+         * We're not expecting any more messages from the peer at this point -
+         * but we could get an alert. If an alert is waiting then we will never
+         * return successfully. Therefore we attempt to read a message. This
+         * should never succeed but will process any waiting alerts.
+         */
+        if (dtls_get_reassembled_message(s, &len)) {
+            /* The call succeeded! This should never happen */
+            SSLerr(SSL_F_DTLS_WAIT_FOR_DRY, SSL_R_UNEXPECTED_MESSAGE);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+
+        s->s3->in_read_app_data = 2;
+        s->rwstate = SSL_READING;
+        BIO_clear_retry_flags(SSL_get_rbio(s));
+        BIO_set_retry_read(SSL_get_rbio(s));
+        return WORK_MORE_A;
+    }
+    return WORK_FINISHED_CONTINUE;
+}
+#endif
+
+int dtls1_read_failed(SSL *s, int code)
+{
+    if (code > 0) {
+        SSLerr(SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
+        return 1;
+    }
+
+    if (!dtls1_is_timer_expired(s)) {
+        /*
+         * not a timeout, none of our business, let higher layers handle
+         * this.  in fact it's probably an error
+         */
+        return code;
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s) && !s->tlsext_hb_pending)
+#else
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s))
+#endif
+    {
+        BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+        return code;
+    }
+
+    return dtls1_handle_timeout(s);
+}
+
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+{
+    /*
+     * The index of the retransmission queue actually is the message sequence
+     * number, since the queue only contains messages of a single handshake.
+     * However, the ChangeCipherSpec has no message sequence number and so
+     * using only the sequence will result in the CCS and Finished having the
+     * same index. To prevent this, the sequence number is multiplied by 2.
+     * In case of a CCS 1 is subtracted. This does not only differ CSS and
+     * Finished, it also maintains the order of the index (important for
+     * priority queues) and fits in the unsigned short variable.
+     */
+    return seq * 2 - is_ccs;
+}
+
+int dtls1_retransmit_buffered_messages(SSL *s)
+{
+    pqueue *sent = s->d1->sent_messages;
+    piterator iter;
+    pitem *item;
+    hm_fragment *frag;
+    int found = 0;
+
+    iter = pqueue_iterator(sent);
+
+    for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+        frag = (hm_fragment *)item->data;
+        if (dtls1_retransmit_message(s, (unsigned short)
+                                     dtls1_get_queue_priority
+                                     (frag->msg_header.seq,
+                                      frag->msg_header.is_ccs), &found) <= 0)
+            return -1;
+    }
+
+    return 1;
+}
+
+int dtls1_buffer_message(SSL *s, int is_ccs)
+{
+    pitem *item;
+    hm_fragment *frag;
+    unsigned char seq64be[8];
+
+    /*
+     * this function is called immediately after a message has been
+     * serialized
+     */
+    OPENSSL_assert(s->init_off == 0);
+
+    frag = dtls1_hm_fragment_new(s->init_num, 0);
+    if (frag == NULL)
+        return 0;
+
+    memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+    if (is_ccs) {
+        /* For DTLS1_BAD_VER the header length is non-standard */
+        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+                       ((s->version ==
+                         DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
+                       == (unsigned int)s->init_num);
+    } else {
+        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+                       DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+    }
+
+    frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+    frag->msg_header.type = s->d1->w_msg_hdr.type;
+    frag->msg_header.frag_off = 0;
+    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.is_ccs = is_ccs;
+
+    /* save current state */
+    frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+    frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+    frag->msg_header.saved_retransmit_state.compress = s->compress;
+    frag->msg_header.saved_retransmit_state.session = s->session;
+    frag->msg_header.saved_retransmit_state.epoch =
+        DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs) >> 8);
+    seq64be[7] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs));
+
+    item = pitem_new(seq64be, frag);
+    if (item == NULL) {
+        dtls1_hm_fragment_free(frag);
+        return 0;
+    }
+
+    pqueue_insert(s->d1->sent_messages, item);
+    return 1;
+}
+
+int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
+{
+    int ret;
+    /* XDTLS: for now assuming that read/writes are blocking */
+    pitem *item;
+    hm_fragment *frag;
+    unsigned long header_length;
+    unsigned char seq64be[8];
+    struct dtls1_retransmit_state saved_state;
+
+    /*-
+      OPENSSL_assert(s->init_num == 0);
+      OPENSSL_assert(s->init_off == 0);
+     */
+
+    /* XDTLS:  the requested message ought to be found, otherwise error */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(seq >> 8);
+    seq64be[7] = (unsigned char)seq;
+
+    item = pqueue_find(s->d1->sent_messages, seq64be);
+    if (item == NULL) {
+        SSLerr(SSL_F_DTLS1_RETRANSMIT_MESSAGE, ERR_R_INTERNAL_ERROR);
+        *found = 0;
+        return 0;
+    }
+
+    *found = 1;
+    frag = (hm_fragment *)item->data;
+
+    if (frag->msg_header.is_ccs)
+        header_length = DTLS1_CCS_HEADER_LENGTH;
+    else
+        header_length = DTLS1_HM_HEADER_LENGTH;
+
+    memcpy(s->init_buf->data, frag->fragment,
+           frag->msg_header.msg_len + header_length);
+    s->init_num = frag->msg_header.msg_len + header_length;
+
+    dtls1_set_message_header_int(s, frag->msg_header.type,
+                                 frag->msg_header.msg_len,
+                                 frag->msg_header.seq, 0,
+                                 frag->msg_header.frag_len);
+
+    /* save current state */
+    saved_state.enc_write_ctx = s->enc_write_ctx;
+    saved_state.write_hash = s->write_hash;
+    saved_state.compress = s->compress;
+    saved_state.session = s->session;
+    saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    s->d1->retransmitting = 1;
+
+    /* restore state in which the message was originally sent */
+    s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+    s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+    s->compress = frag->msg_header.saved_retransmit_state.compress;
+    s->session = frag->msg_header.saved_retransmit_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
+                                        frag->msg_header.
+                                        saved_retransmit_state.epoch);
+
+    ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
+                         SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+
+    /* restore current state */
+    s->enc_write_ctx = saved_state.enc_write_ctx;
+    s->write_hash = saved_state.write_hash;
+    s->compress = saved_state.compress;
+    s->session = saved_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, saved_state.epoch);
+
+    s->d1->retransmitting = 0;
+
+    (void)BIO_flush(s->wbio);
+    return ret;
+}
+
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt, unsigned long len,
+                              unsigned long frag_off, unsigned long frag_len)
+{
+    if (frag_off == 0) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        s->d1->next_handshake_write_seq++;
+    }
+
+    dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+                                 frag_off, frag_len);
+}
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                             unsigned long len, unsigned short seq_num,
+                             unsigned long frag_off, unsigned long frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->type = mt;
+    msg_hdr->msg_len = len;
+    msg_hdr->seq = seq_num;
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static void
+dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    *p++ = msg_hdr->type;
+    l2n3(msg_hdr->msg_len, p);
+
+    s2n(msg_hdr->seq, p);
+    l2n3(msg_hdr->frag_off, p);
+    l2n3(msg_hdr->frag_len, p);
+
+    return p;
+}
+
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+    msg_hdr->type = *(data++);
+    n2l3(data, msg_hdr->msg_len);
+
+    n2s(data, msg_hdr->seq);
+    n2l3(data, msg_hdr->frag_off);
+    n2l3(data, msg_hdr->frag_len);
+}
diff --git a/openssl-1.1.0h/ssl/statem/statem_lib.c b/openssl-1.1.0h/ssl/statem/statem_lib.c
new file mode 100644
index 0000000..36d410b
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem_lib.c
@@ -0,0 +1,1083 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+    int ret;
+
+    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                           s->init_num);
+    if (ret < 0)
+        return (-1);
+    if (type == SSL3_RT_HANDSHAKE)
+        /*
+         * should not be done for 'Hello Request's, but in that case we'll
+         * ignore the result anyway
+         */
+        if (!ssl3_finish_mac(s,
+                             (unsigned char *)&s->init_buf->data[s->init_off],
+                             ret))
+            return -1;
+
+    if (ret == s->init_num) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
+        return (1);
+    }
+    s->init_off += ret;
+    s->init_num -= ret;
+    return (0);
+}
+
+int tls_construct_finished(SSL *s, const char *sender, int slen)
+{
+    unsigned char *p;
+    int i;
+    unsigned long l;
+
+    p = ssl_handshake_start(s);
+
+    i = s->method->ssl3_enc->final_finish_mac(s,
+                                              sender, slen,
+                                              s->s3->tmp.finish_md);
+    if (i <= 0)
+        return 0;
+    s->s3->tmp.finish_md_len = i;
+    memcpy(p, s->s3->tmp.finish_md, i);
+    l = i;
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!s->server) {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
+        s->s3->previous_client_finished_len = i;
+    } else {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
+        s->s3->previous_server_finished_len = i;
+    }
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * to far.
+ */
+int ssl3_take_mac(SSL *s)
+{
+    const char *sender;
+    int slen;
+
+    if (!s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    s->s3->tmp.peer_finish_md_len =
+        s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                                              s->s3->tmp.peer_finish_md);
+
+    if (s->s3->tmp.peer_finish_md_len == 0) {
+        SSLerr(SSL_F_SSL3_TAKE_MAC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+{
+    int al;
+    long remain;
+
+    remain = PACKET_remaining(pkt);
+    /*
+     * 'Change Cipher Spec' is just a single byte, which should already have
+     * been consumed by ssl_get_message() so there should be no bytes left,
+     * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
+     */
+    if (SSL_IS_DTLS(s)) {
+        if ((s->version == DTLS1_BAD_VER
+             && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+            || (s->version != DTLS1_BAD_VER
+                && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                   SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+    } else {
+        if (remain != 0) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                   SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+    }
+
+    /* Check we have a cipher to change to */
+    if (s->s3->tmp.new_cipher == NULL) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+        goto f_err;
+    }
+
+    s->s3->change_cipher_spec = 1;
+    if (!ssl3_do_change_cipher_spec(s)) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+        if (s->version == DTLS1_BAD_VER)
+            s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * Remember that a CCS has been received, so that an old key of
+         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+         * SCTP is used
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+{
+    int al, i;
+
+    /* If this occurs, we have missed a message */
+    if (!s->s3->change_cipher_spec) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+        goto f_err;
+    }
+    s->s3->change_cipher_spec = 0;
+
+    i = s->s3->tmp.peer_finish_md_len;
+
+    if ((unsigned long)i != PACKET_remaining(pkt)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
+        goto f_err;
+    }
+
+    if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, i) != 0) {
+        al = SSL_AD_DECRYPT_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
+        goto f_err;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (s->server) {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
+        s->s3->previous_client_finished_len = i;
+    } else {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
+        s->s3->previous_server_finished_len = i;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+int tls_construct_change_cipher_spec(SSL *s)
+{
+    unsigned char *p;
+
+    p = (unsigned char *)s->init_buf->data;
+    *p = SSL3_MT_CCS;
+    s->init_num = 1;
+    s->init_off = 0;
+
+    return 1;
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
+{
+    unsigned char *p;
+    unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
+
+    if (!ssl_add_cert_chain(s, cpk, &l))
+        return 0;
+
+    l -= 3 + SSL_HM_HEADER_LENGTH(s);
+    p = ssl_handshake_start(s);
+    l2n3(l, p);
+    l += 3;
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
+        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return l + SSL_HM_HEADER_LENGTH(s);
+}
+
+WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst)
+{
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    /* clean a few things up */
+    ssl3_cleanup_key_block(s);
+
+    if (!SSL_IS_DTLS(s)) {
+        /*
+         * We don't do this in DTLS because we may still need the init_buf
+         * in case there are any unexpected retransmits
+         */
+        BUF_MEM_free(s->init_buf);
+        s->init_buf = NULL;
+    }
+
+    ssl_free_wbio_buffer(s);
+
+    s->init_num = 0;
+
+    if (!s->server || s->renegotiate == 2) {
+        /* skipped if we just sent a HelloRequest */
+        s->renegotiate = 0;
+        s->new_session = 0;
+
+        if (s->server) {
+            ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+            s->ctx->stats.sess_accept_good++;
+            s->handshake_func = ossl_statem_accept;
+        } else {
+            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            if (s->hit)
+                s->ctx->stats.sess_hit++;
+
+            s->handshake_func = ossl_statem_connect;
+            s->ctx->stats.sess_connect_good++;
+        }
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL)
+            cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+        if (SSL_IS_DTLS(s)) {
+            /* done with handshaking */
+            s->d1->handshake_read_seq = 0;
+            s->d1->handshake_write_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+        }
+    }
+
+    return WORK_FINISHED_STOP;
+}
+
+int tls_get_message_header(SSL *s, int *mt)
+{
+    /* s->init_num < SSL3_HM_HEADER_LENGTH */
+    int skip_message, i, recvd_type, al;
+    unsigned char *p;
+    unsigned long l;
+
+    p = (unsigned char *)s->init_buf->data;
+
+    do {
+        while (s->init_num < SSL3_HM_HEADER_LENGTH) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
+                                          &p[s->init_num],
+                                          SSL3_HM_HEADER_LENGTH - s->init_num,
+                                          0);
+            if (i <= 0) {
+                s->rwstate = SSL_READING;
+                return 0;
+            }
+            if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * A ChangeCipherSpec must be a single byte and may not occur
+                 * in the middle of a handshake message.
+                 */
+                if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
+                    al = SSL_AD_UNEXPECTED_MESSAGE;
+                    SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
+                           SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                    goto f_err;
+                }
+                s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+                s->init_num = i - 1;
+                s->init_msg = s->init_buf->data;
+                s->s3->tmp.message_size = i;
+                return 1;
+            } else if (recvd_type != SSL3_RT_HANDSHAKE) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
+                goto f_err;
+            }
+            s->init_num += i;
+        }
+
+        skip_message = 0;
+        if (!s->server)
+            if (p[0] == SSL3_MT_HELLO_REQUEST)
+                /*
+                 * The server may always send 'Hello Request' messages --
+                 * we are doing a handshake anyway now, so ignore them if
+                 * their format is correct. Does not count for 'Finished'
+                 * MAC.
+                 */
+                if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+                    s->init_num = 0;
+                    skip_message = 1;
+
+                    if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                        p, SSL3_HM_HEADER_LENGTH, s,
+                                        s->msg_callback_arg);
+                }
+    } while (skip_message);
+    /* s->init_num == SSL3_HM_HEADER_LENGTH */
+
+    *mt = *p;
+    s->s3->tmp.message_type = *(p++);
+
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        /*
+         * Only happens with SSLv3+ in an SSLv2 backward compatible
+         * ClientHello
+         *
+         * Total message size is the remaining record bytes to read
+         * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+         */
+        l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+            + SSL3_HM_HEADER_LENGTH;
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data;
+        s->init_num = SSL3_HM_HEADER_LENGTH;
+    } else {
+        n2l3(p, l);
+        /* BUF_MEM_grow takes an 'int' parameter */
+        if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+            goto f_err;
+        }
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = 0;
+    }
+
+    return 1;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return 0;
+}
+
+int tls_get_message_body(SSL *s, unsigned long *len)
+{
+    long n;
+    unsigned char *p;
+    int i;
+
+    if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        /* We've already read everything in */
+        *len = (unsigned long)s->init_num;
+        return 1;
+    }
+
+    p = s->init_msg;
+    n = s->s3->tmp.message_size - s->init_num;
+    while (n > 0) {
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[s->init_num], n, 0);
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+        s->init_num += i;
+        n -= i;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        *len = 0;
+        return 0;
+    }
+
+    /* Feed this message into MAC computation. */
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num)) {
+            SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            *len = 0;
+            return 0;
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+                            (size_t)s->init_num, s, s->msg_callback_arg);
+    } else {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num + SSL3_HM_HEADER_LENGTH)) {
+            SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            *len = 0;
+            return 0;
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+                            (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+    }
+
+    /*
+     * init_num should never be negative...should probably be declared
+     * unsigned
+     */
+    if (s->init_num < 0) {
+        SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR);
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+        *len = 0;
+        return 0;
+    }
+    *len = (unsigned long)s->init_num;
+    return 1;
+}
+
+int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
+{
+    if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
+        return -1;
+
+    switch (EVP_PKEY_id(pk)) {
+    default:
+        return -1;
+    case EVP_PKEY_RSA:
+        return SSL_PKEY_RSA_ENC;
+    case EVP_PKEY_DSA:
+        return SSL_PKEY_DSA_SIGN;
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        return SSL_PKEY_ECC;
+#endif
+#ifndef OPENSSL_NO_GOST
+    case NID_id_GostR3410_2001:
+        return SSL_PKEY_GOST01;
+    case NID_id_GostR3410_2012_256:
+        return SSL_PKEY_GOST12_256;
+    case NID_id_GostR3410_2012_512:
+        return SSL_PKEY_GOST12_512;
+#endif
+    }
+}
+
+int ssl_verify_alarm_type(long type)
+{
+    int al;
+
+    switch (type) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        al = SSL_AD_UNKNOWN_CA;
+        break;
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+    case X509_V_ERR_CERT_UNTRUSTED:
+    case X509_V_ERR_CERT_REJECTED:
+    case X509_V_ERR_HOSTNAME_MISMATCH:
+    case X509_V_ERR_EMAIL_MISMATCH:
+    case X509_V_ERR_IP_ADDRESS_MISMATCH:
+    case X509_V_ERR_DANE_NO_MATCH:
+    case X509_V_ERR_EE_KEY_TOO_SMALL:
+    case X509_V_ERR_CA_KEY_TOO_SMALL:
+    case X509_V_ERR_CA_MD_TOO_WEAK:
+        al = SSL_AD_BAD_CERTIFICATE;
+        break;
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        al = SSL_AD_DECRYPT_ERROR;
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        al = SSL_AD_CERTIFICATE_EXPIRED;
+        break;
+    case X509_V_ERR_CERT_REVOKED:
+        al = SSL_AD_CERTIFICATE_REVOKED;
+        break;
+    case X509_V_ERR_UNSPECIFIED:
+    case X509_V_ERR_OUT_OF_MEM:
+    case X509_V_ERR_INVALID_CALL:
+    case X509_V_ERR_STORE_LOOKUP:
+        al = SSL_AD_INTERNAL_ERROR;
+        break;
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+    case X509_V_ERR_INVALID_CA:
+        al = SSL_AD_UNKNOWN_CA;
+        break;
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        break;
+    case X509_V_ERR_INVALID_PURPOSE:
+        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+        break;
+    default:
+        al = SSL_AD_CERTIFICATE_UNKNOWN;
+        break;
+    }
+    return (al);
+}
+
+int ssl_allow_compression(SSL *s)
+{
+    if (s->options & SSL_OP_NO_COMPRESSION)
+        return 0;
+    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+}
+
+static int version_cmp(const SSL *s, int a, int b)
+{
+    int dtls = SSL_IS_DTLS(s);
+
+    if (a == b)
+        return 0;
+    if (!dtls)
+        return a < b ? -1 : 1;
+    return DTLS_VERSION_LT(a, b) ? -1 : 1;
+}
+
+typedef struct {
+    int version;
+    const SSL_METHOD *(*cmeth) (void);
+    const SSL_METHOD *(*smeth) (void);
+} version_info;
+
+#if TLS_MAX_VERSION != TLS1_2_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_2_VERSION.
+#endif
+
+static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_2
+    {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
+#else
+    {TLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
+#else
+    {TLS1_1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
+#else
+    {TLS1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
+#else
+    {SSL3_VERSION, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
+#endif
+
+static const version_info dtls_version_table[] = {
+#ifndef OPENSSL_NO_DTLS1_2
+    {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
+#else
+    {DTLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+    {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
+#else
+    {DTLS1_VERSION, NULL, NULL},
+    {DTLS1_BAD_VER, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+/*
+ * ssl_method_error - Check whether an SSL_METHOD is enabled.
+ *
+ * @s: The SSL handle for the candidate method
+ * @method: the intended method.
+ *
+ * Returns 0 on success, or an SSL error reason on failure.
+ */
+static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
+{
+    int version = method->version;
+
+    if ((s->min_proto_version != 0 &&
+         version_cmp(s, version, s->min_proto_version) < 0) ||
+        ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0)
+        return SSL_R_VERSION_TOO_LOW;
+
+    if (s->max_proto_version != 0 &&
+        version_cmp(s, version, s->max_proto_version) > 0)
+        return SSL_R_VERSION_TOO_HIGH;
+
+    if ((s->options & method->mask) != 0)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s))
+        return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE;
+    else if ((method->flags & SSL_METHOD_NO_FIPS) != 0 && FIPS_mode())
+        return SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE;
+
+    return 0;
+}
+
+/*
+ * ssl_version_supported - Check that the specified `version` is supported by
+ * `SSL *` instance
+ *
+ * @s: The SSL handle for the candidate method
+ * @version: Protocol version to test against
+ *
+ * Returns 1 when supported, otherwise 0
+ */
+int ssl_version_supported(const SSL *s, int version)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    switch (s->method->version) {
+    default:
+        /* Version should match method version for non-ANY method */
+        return version_cmp(s, version, s->version) == 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table;
+         vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
+         ++vent) {
+        if (vent->cmeth != NULL &&
+            version_cmp(s, version, vent->version) == 0 &&
+            ssl_method_error(s, vent->cmeth()) == 0) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * ssl_check_version_downgrade - In response to RFC7507 SCSV version
+ * fallback indication from a client check whether we're using the highest
+ * supported protocol version.
+ *
+ * @s server SSL handle.
+ *
+ * Returns 1 when using the highest enabled version, 0 otherwise.
+ */
+int ssl_check_version_downgrade(SSL *s)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    /*
+     * Check that the current protocol is the highest enabled version
+     * (according to s->ctx->method, as version negotiation may have changed
+     * s->method).
+     */
+    if (s->version == s->ctx->method->version)
+        return 1;
+
+    /*
+     * Apparently we're using a version-flexible SSL_METHOD (not at its
+     * highest protocol version).
+     */
+    if (s->ctx->method->version == TLS_method()->version)
+        table = tls_version_table;
+    else if (s->ctx->method->version == DTLS_method()->version)
+        table = dtls_version_table;
+    else {
+        /* Unexpected state; fail closed. */
+        return 0;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
+            return s->version == vent->version;
+    }
+    return 0;
+}
+
+/*
+ * ssl_set_version_bound - set an upper or lower bound on the supported (D)TLS
+ * protocols, provided the initial (D)TLS method is version-flexible.  This
+ * function sanity-checks the proposed value and makes sure the method is
+ * version-flexible, then sets the limit if all is well.
+ *
+ * @method_version: The version of the current SSL_METHOD.
+ * @version: the intended limit.
+ * @bound: pointer to limit to be updated.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int ssl_set_version_bound(int method_version, int version, int *bound)
+{
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
+    /*-
+     * Restrict TLS methods to TLS protocol versions.
+     * Restrict DTLS methods to DTLS protocol versions.
+     * Note, DTLS version numbers are decreasing, use comparison macros.
+     *
+     * Note that for both lower-bounds we use explicit versions, not
+     * (D)TLS_MIN_VERSION.  This is because we don't want to break user
+     * configurations.  If the MIN (supported) version ever rises, the user's
+     * "floor" remains valid even if no longer available.  We don't expect the
+     * MAX ceiling to ever get lower, so making that variable makes sense.
+     */
+    switch (method_version) {
+    default:
+        /*
+         * XXX For fixed version methods, should we always fail and not set any
+         * bounds, always succeed and not set any bounds, or set the bounds and
+         * arrange to fail later if they are not met?  At present fixed-version
+         * methods are not subject to controls that disable individual protocol
+         * versions.
+         */
+        return 0;
+
+    case TLS_ANY_VERSION:
+        if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
+            return 0;
+        break;
+
+    case DTLS_ANY_VERSION:
+        if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
+            DTLS_VERSION_LT(version, DTLS1_BAD_VER))
+            return 0;
+        break;
+    }
+
+    *bound = version;
+    return 1;
+}
+
+/*
+ * ssl_choose_server_version - Choose server (D)TLS version.  Called when the
+ * client HELLO is received to select the final server protocol version and
+ * the version specific method.
+ *
+ * @s: server SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_choose_server_version(SSL *s)
+{
+    /*-
+     * With version-flexible methods we have an initial state with:
+     *
+     *   s->method->version == (D)TLS_ANY_VERSION,
+     *   s->version == (D)TLS_MAX_VERSION.
+     *
+     * So we detect version-flexible methods via the method version, not the
+     * handle version.
+     */
+    int server_version = s->method->version;
+    int client_version = s->client_version;
+    const version_info *vent;
+    const version_info *table;
+    int disabled = 0;
+
+    switch (server_version) {
+    default:
+        if (version_cmp(s, client_version, s->version) < 0)
+            return SSL_R_WRONG_SSL_VERSION;
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        const SSL_METHOD *method;
+
+        if (vent->smeth == NULL ||
+            version_cmp(s, client_version, vent->version) < 0)
+            continue;
+        method = vent->smeth();
+        if (ssl_method_error(s, method) == 0) {
+            s->version = vent->version;
+            s->method = method;
+            return 0;
+        }
+        disabled = 1;
+    }
+    return disabled ? SSL_R_UNSUPPORTED_PROTOCOL : SSL_R_VERSION_TOO_LOW;
+}
+
+/*
+ * ssl_choose_client_version - Choose client (D)TLS version.  Called when the
+ * server HELLO is received to select the final client protocol version and
+ * the version specific method.
+ *
+ * @s: client SSL handle.
+ * @version: The proposed version from the server's HELLO.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_choose_client_version(SSL *s, int version)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    switch (s->method->version) {
+    default:
+        if (version != s->version)
+            return SSL_R_WRONG_SSL_VERSION;
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max, FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        const SSL_METHOD *method;
+        int err;
+
+        if (version != vent->version)
+            continue;
+        if (vent->cmeth == NULL)
+            break;
+        method = vent->cmeth();
+        err = ssl_method_error(s, method);
+        if (err != 0)
+            return err;
+        s->method = method;
+        s->version = version;
+        return 0;
+    }
+
+    return SSL_R_UNSUPPORTED_PROTOCOL;
+}
+
+/*
+ * ssl_get_client_min_max_version - get minimum and maximum client version
+ * @s: The SSL connection
+ * @min_version: The minimum supported version
+ * @max_version: The maximum supported version
+ *
+ * Work out what version we should be using for the initial ClientHello if the
+ * version is initially (D)TLS_ANY_VERSION.  We apply any explicit SSL_OP_NO_xxx
+ * options, the MinProtocol and MaxProtocol configuration commands, any Suite B
+ * or FIPS_mode() constraints and any floor imposed by the security level here,
+ * so we don't advertise the wrong protocol version to only reject the outcome later.
+ *
+ * Computing the right floor matters.  If, e.g., TLS 1.0 and 1.2 are enabled,
+ * TLS 1.1 is disabled, but the security level, Suite-B  and/or MinProtocol
+ * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.  On failure
+ * min_version and max_version will also be set to 0.
+ */
+int ssl_get_client_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version)
+{
+    int version;
+    int hole;
+    const SSL_METHOD *single = NULL;
+    const SSL_METHOD *method;
+    const version_info *table;
+    const version_info *vent;
+
+    switch (s->method->version) {
+    default:
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        *min_version = *max_version = s->version;
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    /*
+     * SSL_OP_NO_X disables all protocols above X *if* there are some protocols
+     * below X enabled. This is required in order to maintain the "version
+     * capability" vector contiguous. Any versions with a NULL client method
+     * (protocol version client is disabled at compile-time) is also a "hole".
+     *
+     * Our initial state is hole == 1, version == 0.  That is, versions above
+     * the first version in the method table are disabled (a "hole" above
+     * the valid protocol entries) and we don't have a selected version yet.
+     *
+     * Whenever "hole == 1", and we hit an enabled method, its version becomes
+     * the selected version, and the method becomes a candidate "single"
+     * method.  We're no longer in a hole, so "hole" becomes 0.
+     *
+     * If "hole == 0" and we hit an enabled method, then "single" is cleared,
+     * as we support a contiguous range of at least two methods.  If we hit
+     * a disabled method, then hole becomes true again, but nothing else
+     * changes yet, because all the remaining methods may be disabled too.
+     * If we again hit an enabled method after the new hole, it becomes
+     * selected, as we start from scratch.
+     */
+    *min_version = version = 0;
+    hole = 1;
+    for (vent = table; vent->version != 0; ++vent) {
+        /*
+         * A table entry with a NULL client method is still a hole in the
+         * "version capability" vector.
+         */
+        if (vent->cmeth == NULL) {
+            hole = 1;
+            continue;
+        }
+        method = vent->cmeth();
+        if (ssl_method_error(s, method) != 0) {
+            hole = 1;
+        } else if (!hole) {
+            single = NULL;
+            *min_version = method->version;
+        } else {
+            version = (single = method)->version;
+            *min_version = version;
+            hole = 0;
+        }
+    }
+
+    *max_version = version;
+
+    /* Fail if everything is disabled */
+    if (version == 0)
+        return SSL_R_NO_PROTOCOLS_AVAILABLE;
+
+    return 0;
+}
+
+/*
+ * ssl_set_client_hello_version - Work out what version we should be using for
+ * the initial ClientHello.
+ *
+ * @s: client SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_set_client_hello_version(SSL *s)
+{
+    int ver_min, ver_max, ret;
+
+    ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max);
+
+    if (ret != 0)
+        return ret;
+
+    s->client_version = s->version = ver_max;
+    return 0;
+}
diff --git a/openssl-1.1.0h/ssl/statem/statem_locl.h b/openssl-1.1.0h/ssl/statem/statem_locl.h
new file mode 100644
index 0000000..5dbc62b
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem_locl.h
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following definitions are PRIVATE to the state machine. They should   *
+ * NOT be used outside of the state machine.                                 *
+ *                                                                           *
+ *****************************************************************************/
+
+/* Max message length definitions */
+
+/* The spec allows for a longer length than this, but we limit it */
+#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
+#define SERVER_HELLO_MAX_LENGTH         20000
+#define SERVER_KEY_EXCH_MAX_LENGTH      102400
+#define SERVER_HELLO_DONE_MAX_LENGTH    0
+#define CCS_MAX_LENGTH                  1
+/* Max should actually be 36 but we are generous */
+#define FINISHED_MAX_LENGTH             64
+
+/* Message processing return codes */
+typedef enum {
+    /* Something bad happened */
+    MSG_PROCESS_ERROR,
+    /* We've finished reading - swap to writing */
+    MSG_PROCESS_FINISHED_READING,
+    /*
+     * We've completed the main processing of this message but there is some
+     * post processing to be done.
+     */
+    MSG_PROCESS_CONTINUE_PROCESSING,
+    /* We've finished this message - read the next message */
+    MSG_PROCESS_CONTINUE_READING
+} MSG_PROCESS_RETURN;
+
+/* Flush the write BIO */
+int statem_flush(SSL *s);
+int ssl3_take_mac(SSL *s);
+
+/*
+ * TLS/DTLS client state machine functions
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_client_construct_message(SSL *s);
+unsigned long ossl_statem_client_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
+
+/*
+ * TLS/DTLS server state machine functions
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_server_construct_message(SSL *s);
+unsigned long ossl_statem_server_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
+
+/* Functions for getting new message data */
+__owur int tls_get_message_header(SSL *s, int *mt);
+__owur int tls_get_message_body(SSL *s, unsigned long *len);
+__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
+
+/* Message construction and processing functions */
+__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
+__owur int tls_construct_change_cipher_spec(SSL *s);
+__owur int dtls_construct_change_cipher_spec(SSL *s);
+
+__owur int tls_construct_finished(SSL *s, const char *sender, int slen);
+__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst);
+__owur WORK_STATE dtls_wait_for_dry(SSL *s);
+
+/* some client-only functions */
+__owur int tls_construct_client_hello(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
+__owur int tls_construct_client_verify(SSL *s);
+__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
+__owur int tls_construct_client_certificate(SSL *s);
+__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+__owur int tls_construct_client_key_exchange(SSL *s);
+__owur int tls_client_key_exchange_post_work(SSL *s);
+__owur int tls_construct_cert_status(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
+__owur int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur int tls_construct_next_proto(SSL *s);
+#endif
+__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
+
+/* some server-only functions */
+__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
+__owur int tls_construct_server_hello(SSL *s);
+__owur int tls_construct_hello_request(SSL *s);
+__owur int dtls_construct_hello_verify_request(SSL *s);
+__owur int tls_construct_server_certificate(SSL *s);
+__owur int tls_construct_server_key_exchange(SSL *s);
+__owur int tls_construct_certificate_request(SSL *s);
+__owur int tls_construct_server_done(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
+__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
+#endif
+__owur int tls_construct_new_session_ticket(SSL *s);
diff --git a/openssl-1.1.0h/ssl/statem/statem_srvr.c b/openssl-1.1.0h/ssl/statem/statem_srvr.c
new file mode 100644
index 0000000..c7cd9eb
--- /dev/null
+++ b/openssl-1.1.0h/ssl/statem/statem_srvr.c
@@ -0,0 +1,3341 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "../ssl_locl.h"
+#include "statem_locl.h"
+#include "internal/constant_time_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/md5.h>
+
+static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
+                                                      PACKET *cipher_suites,
+                                                      STACK_OF(SSL_CIPHER)
+                                                      **skp, int sslv2format,
+                                                      int *al);
+
+/*
+ * server_read_transition() encapsulates the logic for the allowed handshake
+ * state transitions when the server is reading messages from the client. The
+ * message type that the client has sent is provided in |mt|. The current state
+ * is in |s->statem.hand_state|.
+ *
+ *  Valid return values are:
+ *  1: Success (transition allowed)
+ *  0: Error (transition not allowed)
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_BEFORE:
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (mt == SSL3_MT_CLIENT_HELLO) {
+            st->hand_state = TLS_ST_SR_CLNT_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        /*
+         * If we get a CKE message after a ServerDone then either
+         * 1) We didn't request a Certificate
+         * OR
+         * 2) If we did request one then
+         *      a) We allow no Certificate to be returned
+         *      AND
+         *      b) We are running SSL3 (in TLS1.0+ the client must return a 0
+         *         list if we requested a certificate)
+         */
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            if (s->s3->tmp.cert_request) {
+                if (s->version == SSL3_VERSION) {
+                    if ((s->verify_mode & SSL_VERIFY_PEER)
+                        && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+                        /*
+                         * This isn't an unexpected message as such - we're just
+                         * not going to accept it because we require a client
+                         * cert.
+                         */
+                        ssl3_send_alert(s, SSL3_AL_FATAL,
+                                        SSL3_AD_HANDSHAKE_FAILURE);
+                        SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+                               SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        return 0;
+                    }
+                    st->hand_state = TLS_ST_SR_KEY_EXCH;
+                    return 1;
+                }
+            } else {
+                st->hand_state = TLS_ST_SR_KEY_EXCH;
+                return 1;
+            }
+        } else if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            st->hand_state = TLS_ST_SR_KEY_EXCH;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_KEY_EXCH:
+        /*
+         * We should only process a CertificateVerify message if we have
+         * received a Certificate from the client. If so then |s->session->peer|
+         * will be non NULL. In some instances a CertificateVerify message is
+         * not required even if the peer has sent a Certificate (e.g. such as in
+         * the case of static DH). In that case |st->no_cert_verify| should be
+         * set.
+         */
+        if (s->session->peer == NULL || st->no_cert_verify) {
+            if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent. Also for GOST ciphersuites when the client uses
+                 * its key from the certificate for key exchange.
+                 */
+                st->hand_state = TLS_ST_SR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_CHANGE:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        if (s->s3->next_proto_neg_seen) {
+            if (mt == SSL3_MT_NEXT_PROTO) {
+                st->hand_state = TLS_ST_SR_NEXT_PROTO;
+                return 1;
+            }
+        } else {
+#endif
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        }
+#endif
+        break;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+#endif
+
+    case TLS_ST_SW_FINISHED:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+
+    default:
+        break;
+    }
+
+    /* No valid transition found */
+    ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+    SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * Should we send a ServerKeyExchange message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+static int send_server_key_exchange(SSL *s)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * only send a ServerKeyExchange if DH or fortezza but we have a
+     * sign only certificate PSK: may send PSK identity hints For
+     * ECC ciphersuites, we send a serverKeyExchange message only if
+     * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+     * the server certificate contains the server's public key for
+     * key exchange.
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE)
+        /*
+         * PSK: send ServerKeyExchange if PSK identity hint if
+         * provided
+         */
+#ifndef OPENSSL_NO_PSK
+        /* Only send SKE if we have identity hint for plain PSK */
+        || ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
+            && s->cert->psk_identity_hint)
+        /* For other PSK always send SKE */
+        || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
+#endif
+#ifndef OPENSSL_NO_SRP
+        /* SRP: send ServerKeyExchange */
+        || (alg_k & SSL_kSRP)
+#endif
+        ) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Should we send a CertificateRequest message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+static int send_certificate_request(SSL *s)
+{
+    if (
+           /* don't request cert unless asked for it: */
+           s->verify_mode & SSL_VERIFY_PEER
+           /*
+            * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+            * during re-negotiation:
+            */
+           && (s->s3->tmp.finish_md_len == 0 ||
+               !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
+           /*
+            * never request cert in anonymous ciphersuites (see
+            * section "Certificate request" in SSL 3 drafts and in
+            * RFC 2246):
+            */
+           && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+               /*
+                * ... except when the application insists on
+                * verification (against the specs, but statem_clnt.c accepts
+                * this for SSL 3)
+                */
+               || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+           /* don't request certificate for SRP auth */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+           /*
+            * With normal PSK Certificates and Certificate Requests
+            * are omitted
+            */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * server_write_transition() works out what handshake state to move to next
+ * when the server is writing messages to be sent to the client.
+ */
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_BEFORE:
+        /* Just go straight to trying to read from the client */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_OK:
+        /* We must be trying to renegotiate */
+        st->hand_state = TLS_ST_SW_HELLO_REQ;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_HELLO_REQ:
+        st->hand_state = TLS_ST_OK;
+        ossl_statem_set_in_init(s, 0);
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+            && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
+            st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+        else
+            st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (s->hit) {
+            if (s->tlsext_ticket_expected)
+                st->hand_state = TLS_ST_SW_SESSION_TICKET;
+            else
+                st->hand_state = TLS_ST_SW_CHANGE;
+        } else {
+            /* Check if it is anon DH or anon ECDH, */
+            /* normal PSK or SRP */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth &
+                  (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                st->hand_state = TLS_ST_SW_CERT;
+            } else if (send_server_key_exchange(s)) {
+                st->hand_state = TLS_ST_SW_KEY_EXCH;
+            } else if (send_certificate_request(s)) {
+                st->hand_state = TLS_ST_SW_CERT_REQ;
+            } else {
+                st->hand_state = TLS_ST_SW_SRVR_DONE;
+            }
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        if (s->tlsext_status_expected) {
+            st->hand_state = TLS_ST_SW_CERT_STATUS;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_STATUS:
+        if (send_server_key_exchange(s)) {
+            st->hand_state = TLS_ST_SW_KEY_EXCH;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_EXCH:
+        if (send_certificate_request(s)) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_REQ:
+        st->hand_state = TLS_ST_SW_SRVR_DONE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_DONE:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            ossl_statem_set_in_init(s, 0);
+            return WRITE_TRAN_CONTINUE;
+        } else if (s->tlsext_ticket_expected) {
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        } else {
+            st->hand_state = TLS_ST_SW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        st->hand_state = TLS_ST_SW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        if (s->hit) {
+            return WRITE_TRAN_FINISHED;
+        }
+        st->hand_state = TLS_ST_OK;
+        ossl_statem_set_in_init(s, 0);
+        return WRITE_TRAN_CONTINUE;
+
+    default:
+        /* Shouldn't happen */
+        return WRITE_TRAN_ERROR;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the server to the client.
+ */
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_SW_HELLO_REQ:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s))
+            dtls1_clear_sent_buffer(s);
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            dtls1_clear_sent_buffer(s);
+            /* We don't buffer this message so don't use the timer */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * Messages we write from now on should be buffered and
+             * retransmitted if necessary, so we need to use the timer now
+             */
+            st->use_timer = 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s)))
+            return dtls_wait_for_dry(s);
+#endif
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer
+             */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_CHANGE:
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer. This might have
+             * already been set to 0 if we sent a NewSessionTicket message,
+             * but we'll set it again here in case we didn't.
+             */
+            st->use_timer = 0;
+        }
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_OK:
+        return tls_finish_handshake(s, wst);
+
+    default:
+        /* No pre work to be done */
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * server to the client.
+ */
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    case TLS_ST_SW_HELLO_REQ:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!ssl3_init_finished_mac(s)) {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        /* HelloVerifyRequest resets Finished MAC */
+        if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+        /*
+         * The next message should be another ClientHello which we need to
+         * treat like it was the first packet
+         */
+        s->first_packet = 1;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no
+             * SCTP used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           sizeof(labelbuffer), NULL, 0,
+                                           0) <= 0) {
+                ossl_statem_set_error(s);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+#endif
+        break;
+
+    case TLS_ST_SW_CHANGE:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && !s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                      SSL3_CHANGE_CIPHER_SERVER_WRITE))
+        {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s))
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        break;
+
+    default:
+        /* No post work to be done */
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Construct a message to be sent from the server to the client.
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_server_construct_message(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return dtls_construct_hello_verify_request(s);
+
+    case TLS_ST_SW_HELLO_REQ:
+        return tls_construct_hello_request(s);
+
+    case TLS_ST_SW_SRVR_HELLO:
+        return tls_construct_server_hello(s);
+
+    case TLS_ST_SW_CERT:
+        return tls_construct_server_certificate(s);
+
+    case TLS_ST_SW_KEY_EXCH:
+        return tls_construct_server_key_exchange(s);
+
+    case TLS_ST_SW_CERT_REQ:
+        return tls_construct_certificate_request(s);
+
+    case TLS_ST_SW_SRVR_DONE:
+        return tls_construct_server_done(s);
+
+    case TLS_ST_SW_SESSION_TICKET:
+        return tls_construct_new_session_ticket(s);
+
+    case TLS_ST_SW_CERT_STATUS:
+        return tls_construct_cert_status(s);
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            return dtls_construct_change_cipher_spec(s);
+        else
+            return tls_construct_change_cipher_spec(s);
+
+    case TLS_ST_SW_FINISHED:
+        return tls_construct_finished(s,
+                                      s->method->
+                                      ssl3_enc->server_finished_label,
+                                      s->method->
+                                      ssl3_enc->server_finished_label_len);
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return 0;
+}
+
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ *  2 + # client_version
+ *  32 + # only valid length for random
+ *  1 + # length of session_id
+ *  32 + # maximum size for session_id
+ *  2 + # length of cipher suites
+ *  2^16-2 + # maximum length of cipher suites array
+ *  1 + # length of compression_methods
+ *  2^8-1 + # maximum length of compression methods
+ *  2 + # length of extensions
+ *  2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH         131396
+
+#define CLIENT_KEY_EXCH_MAX_LENGTH      2048
+#define NEXT_PROTO_MAX_LENGTH           514
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+unsigned long ossl_statem_server_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_SR_CLNT_HELLO:
+        return CLIENT_HELLO_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_SR_KEY_EXCH:
+        return CLIENT_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return NEXT_PROTO_MAX_LENGTH;
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_SR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return 0;
+}
+
+/*
+ * Process a message that the server has received from the client.
+ */
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_process_client_hello(s, pkt);
+
+    case TLS_ST_SR_CERT:
+        return tls_process_client_certificate(s, pkt);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_process_client_key_exchange(s, pkt);
+
+    case TLS_ST_SR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return tls_process_next_proto(s, pkt);
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_SR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    default:
+        /* Shouldn't happen */
+        break;
+    }
+
+    return MSG_PROCESS_ERROR;
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the client
+ */
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_post_process_client_hello(s, wst);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_post_process_client_key_exchange(s, wst);
+
+    default:
+        break;
+    }
+
+    /* Shouldn't happen */
+    return WORK_ERROR;
+}
+
+#ifndef OPENSSL_NO_SRP
+static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
+{
+    int ret = SSL_ERROR_NONE;
+
+    *al = SSL_AD_UNRECOGNIZED_NAME;
+
+    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+        if (s->srp_ctx.login == NULL) {
+            /*
+             * RFC 5054 says SHOULD reject, we do so if There is no srp
+             * login name
+             */
+            ret = SSL3_AL_FATAL;
+            *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+        } else {
+            ret = SSL_srp_server_param_with_username(s, al);
+        }
+    }
+    return ret;
+}
+#endif
+
+int tls_construct_hello_request(SSL *s)
+{
+    if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    return 1;
+}
+
+unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
+                                           unsigned char *cookie,
+                                           unsigned char cookie_len)
+{
+    unsigned int msg_len;
+    unsigned char *p;
+
+    p = buf;
+    /* Always use DTLS 1.0 version: see RFC 6347 */
+    *(p++) = DTLS1_VERSION >> 8;
+    *(p++) = DTLS1_VERSION & 0xFF;
+
+    *(p++) = (unsigned char)cookie_len;
+    memcpy(p, cookie, cookie_len);
+    p += cookie_len;
+    msg_len = p - buf;
+
+    return msg_len;
+}
+
+int dtls_construct_hello_verify_request(SSL *s)
+{
+    unsigned int len;
+    unsigned char *buf;
+
+    buf = (unsigned char *)s->init_buf->data;
+
+    if (s->ctx->app_gen_cookie_cb == NULL ||
+        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                  &(s->d1->cookie_len)) == 0 ||
+        s->d1->cookie_len > 255) {
+        SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+               SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
+                                        s->d1->cookie, s->d1->cookie_len);
+
+    dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, len);
+    len += DTLS1_HM_HEADER_LENGTH;
+
+    /* number of bytes to write */
+    s->init_num = len;
+    s->init_off = 0;
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+{
+    int i, al = SSL_AD_INTERNAL_ERROR;
+    unsigned int j, complen = 0;
+    unsigned long id;
+    const SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+#endif
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    int protverr;
+    /* |cookie| will only be initialized for DTLS. */
+    PACKET session_id, cipher_suites, compression, extensions, cookie;
+    int is_v2_record;
+    static const unsigned char null_compression = 0;
+
+    is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+
+    PACKET_null_init(&cookie);
+    /* First lets get s->client_version set correctly */
+    if (is_v2_record) {
+        unsigned int version;
+        unsigned int mt;
+        /*-
+         * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+         * header is sent directly on the wire, not wrapped as a TLS
+         * record. Our record layer just processes the message length and passes
+         * the rest right through. Its format is:
+         * Byte  Content
+         * 0-1   msg_length - decoded by the record layer
+         * 2     msg_type - s->init_msg points here
+         * 3-4   version
+         * 5-6   cipher_spec_length
+         * 7-8   session_id_length
+         * 9-10  challenge_length
+         * ...   ...
+         */
+
+        if (!PACKET_get_1(pkt, &mt)
+            || mt != SSL2_MT_CLIENT_HELLO) {
+            /*
+             * Should never happen. We should have tested this in the record
+             * layer in order to have determined that this is a SSLv2 record
+             * in the first place
+             */
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (!PACKET_get_net_2(pkt, &version)) {
+            /* No protocol version supplied! */
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        }
+        if (version == 0x0002) {
+            /* This is real SSLv2. We don't support it. */
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        } else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
+            /* SSLv3/TLS */
+            s->client_version = version;
+        } else {
+            /* No idea what protocol this is */
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        }
+    } else {
+        /*
+         * use version from inside client hello, not from record header (may
+         * differ: see RFC 2246, Appendix E, second paragraph)
+         */
+        if (!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+    }
+
+    /*
+     * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+     * versions are potentially compatible. Version negotiation comes later.
+     */
+    if (!SSL_IS_DTLS(s)) {
+        protverr = ssl_choose_server_version(s);
+    } else if (s->method->version != DTLS_ANY_VERSION &&
+               DTLS_VERSION_LT(s->client_version, s->version)) {
+        protverr = SSL_R_VERSION_TOO_LOW;
+    } else {
+        protverr = 0;
+    }
+
+    if (protverr) {
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);
+        if ((!s->enc_write_ctx && !s->write_hash)) {
+            /*
+             * similar to ssl3_get_record, send alert using remote version
+             * number
+             */
+            s->version = s->client_version;
+        }
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+
+    /* Parse the message and load client random. */
+    if (is_v2_record) {
+        /*
+         * Handle an SSLv2 backwards compatible ClientHello
+         * Note, this is only for SSLv3+ using the backward compatible format.
+         * Real SSLv2 is not supported, and is rejected above.
+         */
+        unsigned int cipher_len, session_id_len, challenge_len;
+        PACKET challenge;
+
+        if (!PACKET_get_net_2(pkt, &cipher_len)
+            || !PACKET_get_net_2(pkt, &session_id_len)
+            || !PACKET_get_net_2(pkt, &challenge_len)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_RECORD_LENGTH_MISMATCH);
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+
+        if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len)
+            || !PACKET_get_sub_packet(pkt, &session_id, session_id_len)
+            || !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
+            /* No extensions. */
+            || PACKET_remaining(pkt) != 0) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_RECORD_LENGTH_MISMATCH);
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+
+        /* Load the client random and compression list. */
+        challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE :
+            challenge_len;
+        memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
+        if (!PACKET_copy_bytes(&challenge,
+                               s->s3->client_random + SSL3_RANDOM_SIZE -
+                               challenge_len, challenge_len)
+            /* Advertise only null compression. */
+            || !PACKET_buf_init(&compression, &null_compression, 1)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+
+        PACKET_null_init(&extensions);
+    } else {
+        /* Regular ClientHello. */
+        if (!PACKET_copy_bytes(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(pkt, &session_id)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+                goto f_err;
+            }
+            /*
+             * If we require cookies and this ClientHello doesn't contain one,
+             * just return since we do not want to allocate any memory yet.
+             * So check cookie length...
+             */
+            if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+                if (PACKET_remaining(&cookie) == 0)
+                    return 1;
+            }
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites)
+            || !PACKET_get_length_prefixed_1(pkt, &compression)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        /* Could be empty. */
+        extensions = *pkt;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        /* Empty cookie was already handled above by returning early. */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+            if (s->ctx->app_verify_cookie_cb != NULL) {
+                if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
+                                                 PACKET_remaining(&cookie)) ==
+                    0) {
+                    al = SSL_AD_HANDSHAKE_FAILURE;
+                    SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                           SSL_R_COOKIE_MISMATCH);
+                    goto f_err;
+                    /* else cookie verification succeeded */
+                }
+                /* default verification */
+            } else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                goto f_err;
+            }
+            s->d1->cookie_verified = 1;
+        }
+        if (s->method->version == DTLS_ANY_VERSION) {
+            protverr = ssl_choose_server_version(s);
+            if (protverr != 0) {
+                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);
+                s->version = s->client_version;
+                al = SSL_AD_PROTOCOL_VERSION;
+                goto f_err;
+            }
+        }
+    }
+
+    s->hit = 0;
+
+    /*
+     * We don't allow resumption in a backwards compatible ClientHello.
+     * TODO(openssl-team): in TLS1.1+, session_id MUST be empty.
+     *
+     * Versions before 0.9.7 always allow clients to resume sessions in
+     * renegotiation. 0.9.7 and later allow this by default, but optionally
+     * ignore resumption requests with flag
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+     * than a change to default behavior so that applications relying on
+     * this for security won't even compile against older library versions).
+     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+     * request renegotiation but not a new session (s->new_session remains
+     * unset): for servers, this essentially just means that the
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
+     * ignored.
+     */
+    if (is_v2_record ||
+        (s->new_session &&
+         (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+        if (!ssl_get_new_session(s, 1))
+            goto err;
+    } else {
+        i = ssl_get_prev_session(s, &extensions, &session_id);
+        /*
+         * Only resume if the session's version matches the negotiated
+         * version.
+         * RFC 5246 does not provide much useful advice on resumption
+         * with a different protocol version. It doesn't forbid it but
+         * the sanity of such behaviour would be questionable.
+         * In practice, clients do not accept a version mismatch and
+         * will abort the handshake with an error.
+         */
+        if (i == 1 && s->version == s->session->ssl_version) {
+            /* previous session */
+            s->hit = 1;
+        } else if (i == -1) {
+            goto err;
+        } else {
+            /* i == 0 */
+            if (!ssl_get_new_session(s, 1))
+                goto err;
+        }
+    }
+
+    if (ssl_bytes_to_cipher_list(s, &cipher_suites, &(ciphers),
+                                 is_v2_record, &al) == NULL) {
+        goto f_err;
+    }
+
+    /* If it is a hit, check that the cipher is in the list */
+    if (s->hit) {
+        j = 0;
+        id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
+#endif
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "client [%2d of %2d]:%s\n",
+                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+            if (c->id == id) {
+                j = 1;
+                break;
+            }
+        }
+        if (j == 0) {
+            /*
+             * we need to have the cipher in the cipher list if we are asked
+             * to reuse it
+             */
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_REQUIRED_CIPHER_MISSING);
+            goto f_err;
+        }
+    }
+
+    complen = PACKET_remaining(&compression);
+    for (j = 0; j < complen; j++) {
+        if (PACKET_data(&compression)[j] == 0)
+            break;
+    }
+
+    if (j >= complen) {
+        /* no compress */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
+        goto f_err;
+    }
+
+    /* TLS extensions */
+    if (s->version >= SSL3_VERSION) {
+        if (!ssl_parse_clienthello_tlsext(s, &extensions)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
+            goto err;
+        }
+    }
+
+    /*
+     * Check if we want to use external pre-shared secret for this handshake
+     * for not reused session only. We need to generate server_random before
+     * calling tls_session_secret_cb in order to allow SessionTicket
+     * processing to use it in key derivation.
+     */
+    {
+        unsigned char *pos;
+        pos = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
+            goto f_err;
+        }
+    }
+
+    if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
+        const SSL_CIPHER *pref_cipher = NULL;
+
+        s->session->master_key_length = sizeof(s->session->master_key);
+        if (s->tls_session_secret_cb(s, s->session->master_key,
+                                     &s->session->master_key_length, ciphers,
+                                     &pref_cipher,
+                                     s->tls_session_secret_cb_arg)) {
+            s->hit = 1;
+            s->session->ciphers = ciphers;
+            s->session->verify_result = X509_V_OK;
+
+            ciphers = NULL;
+
+            /* check if some cipher was preferred by call back */
+            pref_cipher =
+                pref_cipher ? pref_cipher : ssl3_choose_cipher(s,
+                                                               s->
+                                                               session->ciphers,
+                                                               SSL_get_ciphers
+                                                               (s));
+            if (pref_cipher == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
+                goto f_err;
+            }
+
+            s->session->cipher = pref_cipher;
+            sk_SSL_CIPHER_free(s->cipher_list);
+            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+            sk_SSL_CIPHER_free(s->cipher_list_by_id);
+            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+        }
+    }
+
+    /*
+     * Worst case, we will use the NULL compression, but if we have other
+     * options, we will now look for them.  We have complen-1 compression
+     * algorithms from the client, starting at q.
+     */
+    s->s3->tmp.new_compression = NULL;
+#ifndef OPENSSL_NO_COMP
+    /* This only happens if we have a cache hit */
+    if (s->session->compress_meth != 0) {
+        int m, comp_id = s->session->compress_meth;
+        unsigned int k;
+        /* Perform sanity checks on resumed compression algorithm */
+        /* Can't disable compression */
+        if (!ssl_allow_compression(s)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_INCONSISTENT_COMPRESSION);
+            goto f_err;
+        }
+        /* Look for resumed compression method */
+        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            if (comp_id == comp->id) {
+                s->s3->tmp.new_compression = comp;
+                break;
+            }
+        }
+        if (s->s3->tmp.new_compression == NULL) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto f_err;
+        }
+        /* Look for resumed method in compression list */
+        for (k = 0; k < complen; k++) {
+            if (PACKET_data(&compression)[k] == comp_id)
+                break;
+        }
+        if (k >= complen) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                   SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
+            goto f_err;
+        }
+    } else if (s->hit)
+        comp = NULL;
+    else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+        /* See if we have a match */
+        int m, nn, v, done = 0;
+        unsigned int o;
+
+        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (m = 0; m < nn; m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            v = comp->id;
+            for (o = 0; o < complen; o++) {
+                if (v == PACKET_data(&compression)[o]) {
+                    done = 1;
+                    break;
+                }
+            }
+            if (done)
+                break;
+        }
+        if (done)
+            s->s3->tmp.new_compression = comp;
+        else
+            comp = NULL;
+    }
+#else
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
+        goto f_err;
+    }
+#endif
+
+    /*
+     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+     */
+
+    if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+        sk_SSL_CIPHER_free(s->session->ciphers);
+        s->session->ciphers = ciphers;
+        if (ciphers == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto f_err;
+        }
+        ciphers = NULL;
+        if (!tls1_set_server_sigalgs(s)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+            goto err;
+        }
+    }
+
+    sk_SSL_CIPHER_free(ciphers);
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    ossl_statem_set_error(s);
+
+    sk_SSL_CIPHER_free(ciphers);
+    return MSG_PROCESS_ERROR;
+
+}
+
+WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
+{
+    int al = SSL_AD_HANDSHAKE_FAILURE;
+    const SSL_CIPHER *cipher;
+
+    if (wst == WORK_MORE_A) {
+        if (!s->hit) {
+            /* Let cert callback update server certificates if required */
+            if (s->cert->cert_cb) {
+                int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+                if (rv == 0) {
+                    al = SSL_AD_INTERNAL_ERROR;
+                    SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                           SSL_R_CERT_CB_ERROR);
+                    goto f_err;
+                }
+                if (rv < 0) {
+                    s->rwstate = SSL_X509_LOOKUP;
+                    return WORK_MORE_A;
+                }
+                s->rwstate = SSL_NOTHING;
+            }
+            cipher =
+                ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+
+            if (cipher == NULL) {
+                SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                       SSL_R_NO_SHARED_CIPHER);
+                goto f_err;
+            }
+            s->s3->tmp.new_cipher = cipher;
+            /* check whether we should disable session resumption */
+            if (s->not_resumable_session_cb != NULL)
+                s->session->not_resumable = s->not_resumable_session_cb(s,
+                                                                        ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
+            if (s->session->not_resumable)
+                /* do not send a session ticket */
+                s->tlsext_ticket_expected = 0;
+        } else {
+            /* Session-id reuse */
+            s->s3->tmp.new_cipher = s->session->cipher;
+        }
+
+        if (!(s->verify_mode & SSL_VERIFY_PEER)) {
+            if (!ssl3_digest_cached_records(s, 0)) {
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
+        }
+
+        /*-
+         * we now have the following setup.
+         * client_random
+         * cipher_list          - our preferred list of ciphers
+         * ciphers              - the clients preferred list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - session reuse flag
+         * s->s3->tmp.new_cipher- the new cipher to use.
+         */
+
+        /* Handles TLS extensions that we couldn't check earlier */
+        if (s->version >= SSL3_VERSION) {
+            if (!ssl_check_clienthello_tlsext_late(s, &al)) {
+                SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                       SSL_R_CLIENTHELLO_TLSEXT);
+                goto f_err;
+            }
+        }
+
+        wst = WORK_MORE_B;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (wst == WORK_MORE_B) {
+        int ret;
+        if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) {
+            /*
+             * callback indicates further work to be done
+             */
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_B;
+        }
+        if (ret != SSL_ERROR_NONE) {
+            /*
+             * This is not really an error but the only means to for
+             * a client to detect whether srp is supported.
+             */
+            if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
+                SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                       SSL_R_CLIENTHELLO_TLSEXT);
+            else
+                SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                       SSL_R_PSK_IDENTITY_NOT_FOUND);
+            goto f_err;
+        }
+    }
+#endif
+    s->renegotiate = 2;
+
+    return WORK_FINISHED_STOP;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+    return WORK_ERROR;
+}
+
+int tls_construct_server_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i, sl;
+    int al = 0;
+    unsigned long l;
+
+    buf = (unsigned char *)s->init_buf->data;
+
+    /* Do the message type and length last */
+    d = p = ssl_handshake_start(s);
+
+    *(p++) = s->version >> 8;
+    *(p++) = s->version & 0xff;
+
+    /*
+     * Random stuff. Filling of the server_random takes place in
+     * tls_process_client_hello()
+     */
+    memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+    p += SSL3_RANDOM_SIZE;
+
+    /*-
+     * There are several cases for the session ID to send
+     * back in the server hello:
+     * - For session reuse from the session cache,
+     *   we send back the old session ID.
+     * - If stateless session reuse (using a session ticket)
+     *   is successful, we send back the client's "session ID"
+     *   (which doesn't actually identify the session).
+     * - If it is a new session, we send back the new
+     *   session ID.
+     * - However, if we want the new session to be single-use,
+     *   we send back a 0-length session ID.
+     * s->hit is non-zero in either case of session reuse,
+     * so the following won't overwrite an ID that we're supposed
+     * to send back.
+     */
+    if (s->session->not_resumable ||
+        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+         && !s->hit))
+        s->session->session_id_length = 0;
+
+    sl = s->session->session_id_length;
+    if (sl > (int)sizeof(s->session->session_id)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+    *(p++) = sl;
+    memcpy(p, s->session->session_id, sl);
+    p += sl;
+
+    /* put the cipher */
+    i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+    p += i;
+
+    /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+    *(p++) = 0;
+#else
+    if (s->s3->tmp.new_compression == NULL)
+        *(p++) = 0;
+    else
+        *(p++) = s->s3->tmp.new_compression->id;
+#endif
+
+    if (ssl_prepare_serverhello_tlsext(s) <= 0) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+    if ((p =
+         ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
+                                    &al)) == NULL) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    /* do the header */
+    l = (p - d);
+    if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_server_done(SSL *s)
+{
+    if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    if (!s->s3->tmp.cert_request) {
+        if (!ssl3_digest_cached_records(s, 0)) {
+            ossl_statem_set_error(s);
+        }
+    }
+
+    return 1;
+}
+
+int tls_construct_server_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *pkdh = NULL;
+    int j;
+#endif
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    int encodedlen = 0;
+    int curve_id = 0;
+#endif
+    EVP_PKEY *pkey;
+    const EVP_MD *md = NULL;
+    unsigned char *p, *d;
+    int al, i;
+    unsigned long type;
+    int n;
+    const BIGNUM *r[4];
+    int nr[4], kn;
+    BUF_MEM *buf;
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+
+    if (md_ctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+
+    type = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    buf = s->init_buf;
+
+    r[0] = r[1] = r[2] = r[3] = NULL;
+    n = 0;
+#ifndef OPENSSL_NO_PSK
+    if (type & SSL_PSK) {
+        /*
+         * reserve size for record length and PSK identity hint
+         */
+        n += 2;
+        if (s->cert->psk_identity_hint)
+            n += strlen(s->cert->psk_identity_hint);
+    }
+    /* Plain PSK or RSAPSK nothing to do */
+    if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_DH
+    if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+        CERT *cert = s->cert;
+
+        EVP_PKEY *pkdhp = NULL;
+        DH *dh;
+
+        if (s->cert->dh_tmp_auto) {
+            DH *dhp = ssl_get_auto_dh(s);
+            pkdh = EVP_PKEY_new();
+            if (pkdh == NULL || dhp == NULL) {
+                DH_free(dhp);
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto f_err;
+            }
+            EVP_PKEY_assign_DH(pkdh, dhp);
+            pkdhp = pkdh;
+        } else {
+            pkdhp = cert->dh_tmp;
+        }
+        if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+            DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+            pkdh = ssl_dh_to_pkey(dhp);
+            if (pkdh == NULL) {
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto f_err;
+            }
+            pkdhp = pkdh;
+        }
+        if (pkdhp == NULL) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   SSL_R_MISSING_TMP_DH_KEY);
+            goto f_err;
+        }
+        if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                          EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   SSL_R_DH_KEY_TOO_SMALL);
+            goto f_err;
+        }
+        if (s->s3->tmp.pkey != NULL) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
+
+        if (s->s3->tmp.pkey == NULL) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
+            goto err;
+        }
+
+        dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+
+        EVP_PKEY_free(pkdh);
+        pkdh = NULL;
+
+        DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+        DH_get0_key(dh, &r[2], NULL);
+    } else
+#endif
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        int nid;
+
+        if (s->s3->tmp.pkey != NULL) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get NID of appropriate shared curve */
+        nid = tls1_shared_curve(s, -2);
+        curve_id = tls1_ec_nid2curve_id(nid);
+        if (curve_id == 0) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+            goto err;
+        }
+        s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id);
+        /* Generate a new key for this curve */
+        if (s->s3->tmp.pkey == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
+            goto f_err;
+        }
+
+        /* Encode the public key. */
+        encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+                                                    &encodedPoint);
+        if (encodedlen == 0) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /*
+         * We only support named (not generic) curves in ECDH ephemeral key
+         * exchanges. In this situation, we need four additional bytes to
+         * encode the entire ServerECDHParams structure.
+         */
+        n += 4 + encodedlen;
+
+        /*
+         * We'll generate the serverKeyExchange message explicitly so we
+         * can set these to NULLs
+         */
+        r[0] = NULL;
+        r[1] = NULL;
+        r[2] = NULL;
+        r[3] = NULL;
+    } else
+#endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+    if (type & SSL_kSRP) {
+        if ((s->srp_ctx.N == NULL) ||
+            (s->srp_ctx.g == NULL) ||
+            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   SSL_R_MISSING_SRP_PARAM);
+            goto err;
+        }
+        r[0] = s->srp_ctx.N;
+        r[1] = s->srp_ctx.g;
+        r[2] = s->srp_ctx.s;
+        r[3] = s->srp_ctx.B;
+    } else
+#endif
+    {
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+               SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+        goto f_err;
+    }
+    for (i = 0; i < 4 && r[i] != NULL; i++) {
+        nr[i] = BN_num_bytes(r[i]);
+#ifndef OPENSSL_NO_SRP
+        if ((i == 2) && (type & SSL_kSRP))
+            n += 1 + nr[i];
+        else
+#endif
+#ifndef OPENSSL_NO_DH
+        /*-
+         * for interoperability with some versions of the Microsoft TLS
+         * stack, we need to zero pad the DHE pub key to the same length
+         * as the prime, so use the length of the prime here
+         */
+        if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK)))
+            n += 2 + nr[0];
+        else
+#endif
+            n += 2 + nr[i];
+    }
+
+    if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
+        if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
+            == NULL) {
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+        kn = EVP_PKEY_size(pkey);
+        /* Allow space for signature algorithm */
+        if (SSL_USE_SIGALGS(s))
+            kn += 2;
+        /* Allow space for signature length */
+        kn += 2;
+    } else {
+        pkey = NULL;
+        kn = 0;
+    }
+
+    if (!BUF_MEM_grow_clean(buf, n + SSL_HM_HEADER_LENGTH(s) + kn)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
+        goto err;
+    }
+    d = p = ssl_handshake_start(s);
+
+#ifndef OPENSSL_NO_PSK
+    if (type & SSL_PSK) {
+        /* copy PSK identity hint */
+        if (s->cert->psk_identity_hint) {
+            size_t len = strlen(s->cert->psk_identity_hint);
+            if (len > PSK_MAX_IDENTITY_LEN) {
+                /*
+                 * Should not happen - we already checked this when we set
+                 * the identity hint
+                 */
+                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            s2n(len, p);
+            memcpy(p, s->cert->psk_identity_hint, len);
+            p += len;
+        } else {
+            s2n(0, p);
+        }
+    }
+#endif
+
+    for (i = 0; i < 4 && r[i] != NULL; i++) {
+#ifndef OPENSSL_NO_SRP
+        if ((i == 2) && (type & SSL_kSRP)) {
+            *p = nr[i];
+            p++;
+        } else
+#endif
+#ifndef OPENSSL_NO_DH
+        /*-
+         * for interoperability with some versions of the Microsoft TLS
+         * stack, we need to zero pad the DHE pub key to the same length
+         * as the prime
+         */
+        if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
+            s2n(nr[0], p);
+            for (j = 0; j < (nr[0] - nr[2]); ++j) {
+                *p = 0;
+                ++p;
+            }
+        } else
+#endif
+            s2n(nr[i], p);
+        BN_bn2bin(r[i], p);
+        p += nr[i];
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        /*
+         * XXX: For now, we only support named (not generic) curves. In
+         * this situation, the serverKeyExchange message has: [1 byte
+         * CurveType], [2 byte CurveName] [1 byte length of encoded
+         * point], followed by the actual encoded point itself
+         */
+        *p = NAMED_CURVE_TYPE;
+        p += 1;
+        *p = 0;
+        p += 1;
+        *p = curve_id;
+        p += 1;
+        *p = encodedlen;
+        p += 1;
+        memcpy(p, encodedPoint, encodedlen);
+        OPENSSL_free(encodedPoint);
+        encodedPoint = NULL;
+        p += encodedlen;
+    }
+#endif
+
+    /* not anonymous */
+    if (pkey != NULL) {
+        /*
+         * n is the length of the params, they start at &(d[4]) and p
+         * points to the space at the end.
+         */
+        if (md) {
+            /* send signature algorithm */
+            if (SSL_USE_SIGALGS(s)) {
+                if (!tls12_get_sigandhash(p, pkey, md)) {
+                    /* Should never happen */
+                    al = SSL_AD_INTERNAL_ERROR;
+                    SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    goto f_err;
+                }
+                p += 2;
+            }
+#ifdef SSL_DEBUG
+            fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
+#endif
+            if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
+                || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
+                                  SSL3_RANDOM_SIZE) <= 0
+                || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
+                                  SSL3_RANDOM_SIZE) <= 0
+                || EVP_SignUpdate(md_ctx, d, n) <= 0
+                || EVP_SignFinal(md_ctx, &(p[2]),
+                                 (unsigned int *)&i, pkey) <= 0) {
+                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
+            s2n(i, p);
+            n += i + 2;
+            if (SSL_USE_SIGALGS(s))
+                n += 2;
+        } else {
+            /* Is this error check actually needed? */
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   SSL_R_UNKNOWN_PKEY_TYPE);
+            goto f_err;
+        }
+    }
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) {
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    return 1;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(pkdh);
+#endif
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(encodedPoint);
+#endif
+    EVP_MD_CTX_free(md_ctx);
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+int tls_construct_certificate_request(SSL *s)
+{
+    unsigned char *p, *d;
+    int i, j, nl, off, n;
+    STACK_OF(X509_NAME) *sk = NULL;
+    X509_NAME *name;
+    BUF_MEM *buf;
+
+    buf = s->init_buf;
+
+    d = p = ssl_handshake_start(s);
+
+    /* get the list of acceptable cert types */
+    p++;
+    n = ssl3_get_req_cert_type(s, p);
+    d[0] = n;
+    p += n;
+    n++;
+
+    if (SSL_USE_SIGALGS(s)) {
+        const unsigned char *psigs;
+        unsigned char *etmp = p;
+        nl = tls12_get_psigalgs(s, 1, &psigs);
+        /* Skip over length for now */
+        p += 2;
+        nl = tls12_copy_sigalgs(s, p, psigs, nl);
+        /* Now fill in length */
+        s2n(nl, etmp);
+        p += nl;
+        n += nl + 2;
+    }
+
+    off = n;
+    p += 2;
+    n += 2;
+
+    sk = SSL_get_client_CA_list(s);
+    nl = 0;
+    if (sk != NULL) {
+        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+            name = sk_X509_NAME_value(sk, i);
+            j = i2d_X509_NAME(name, NULL);
+            if (!BUF_MEM_grow_clean(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
+                SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
+                goto err;
+            }
+            p = ssl_handshake_start(s) + n;
+            s2n(j, p);
+            i2d_X509_NAME(name, &p);
+            n += 2 + j;
+            nl += 2 + j;
+        }
+    }
+    /* else no CA names */
+    p = ssl_handshake_start(s) + off;
+    s2n(nl, p);
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    s->s3->tmp.cert_request = 1;
+
+    return 1;
+ err:
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_PSK
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    size_t psklen;
+    PACKET psk_identity;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (s->psk_server_callback == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_SERVER_CB);
+        return 0;
+    }
+
+    if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    psklen = s->psk_server_callback(s, s->session->psk_identity,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    } else if (psklen == 0) {
+        /*
+         * PSK related to the given identity not found
+         */
+        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+               SSL_R_PSK_IDENTITY_NOT_FOUND);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+    OPENSSL_cleanse(psk, psklen);
+
+    if (s->s3->tmp.psk == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.psklen = psklen;
+
+    return 1;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+    int decrypt_len;
+    unsigned char decrypt_good, version_good;
+    size_t j, padding_len;
+    PACKET enc_premaster;
+    RSA *rsa = NULL;
+    unsigned char *rsa_decrypt = NULL;
+    int ret = 0;
+
+    rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+    if (rsa == NULL) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_MISSING_RSA_CERTIFICATE);
+        return 0;
+    }
+
+    /* SSLv3 and pre-standard DTLS omit the length bytes. */
+    if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+        enc_premaster = *pkt;
+    } else {
+        if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+            || PACKET_remaining(pkt) != 0) {
+            *al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+    }
+
+    /*
+     * We want to be sure that the plaintext buffer size makes it safe to
+     * iterate over the entire size of a premaster secret
+     * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+     * their ciphertext cannot accommodate a premaster secret anyway.
+     */
+    if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+    if (rsa_decrypt == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We must not leak whether a decryption failure occurs because of
+     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+     * section 7.4.7.1). The code follows that advice of the TLS RFC and
+     * generates a random premaster secret for the case that the decrypt
+     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+     */
+
+    if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0)
+        goto err;
+
+    /*
+     * Decrypt with no padding. PKCS#1 padding will be removed as part of
+     * the timing-sensitive code below.
+     */
+    decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
+                                      PACKET_data(&enc_premaster),
+                                      rsa_decrypt, rsa, RSA_NO_PADDING);
+    if (decrypt_len < 0)
+        goto err;
+
+    /* Check the padding. See RFC 3447, section 7.2.2. */
+
+    /*
+     * The smallest padded premaster is 11 bytes of overhead. Small keys
+     * are publicly invalid, so this may return immediately. This ensures
+     * PS is at least 8 bytes.
+     */
+    if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+        *al = SSL_AD_DECRYPT_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+    decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
+        constant_time_eq_int_8(rsa_decrypt[1], 2);
+    for (j = 2; j < padding_len - 1; j++) {
+        decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
+    }
+    decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+    /*
+     * If the version in the decrypted pre-master secret is correct then
+     * version_good will be 0xff, otherwise it'll be zero. The
+     * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+     * (http://eprint.iacr.org/2003/052/) exploits the version number
+     * check as a "bad version oracle". Thus version checks are done in
+     * constant time and are treated like any other decryption error.
+     */
+    version_good =
+        constant_time_eq_8(rsa_decrypt[padding_len],
+                           (unsigned)(s->client_version >> 8));
+    version_good &=
+        constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                           (unsigned)(s->client_version & 0xff));
+
+    /*
+     * The premaster secret must contain the same version number as the
+     * ClientHello to detect version rollback attacks (strangely, the
+     * protocol does not offer such protection for DH ciphersuites).
+     * However, buggy clients exist that send the negotiated protocol
+     * version instead if the server does not support the requested
+     * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+     * clients.
+     */
+    if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+        unsigned char workaround_good;
+        workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
+                                             (unsigned)(s->version >> 8));
+        workaround_good &=
+            constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                               (unsigned)(s->version & 0xff));
+        version_good |= workaround_good;
+    }
+
+    /*
+     * Both decryption and version must be good for decrypt_good to
+     * remain non-zero (0xff).
+     */
+    decrypt_good &= version_good;
+
+    /*
+     * Now copy rand_premaster_secret over from p using
+     * decrypt_good_mask. If decryption failed, then p does not
+     * contain valid plaintext, however, a check above guarantees
+     * it is still sufficiently large to read from.
+     */
+    for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+        rsa_decrypt[padding_len + j] =
+            constant_time_select_8(decrypt_good,
+                                   rsa_decrypt[padding_len + j],
+                                   rand_premaster_secret[j]);
+    }
+
+    if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
+                                    sizeof(rand_premaster_secret), 0)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(rsa_decrypt);
+    return ret;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *skey = NULL;
+    DH *cdh;
+    unsigned int i;
+    BIGNUM *pub_key;
+    const unsigned char *data;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
+               SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+        goto err;
+    }
+    skey = s->s3->tmp.pkey;
+    if (skey == NULL) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) == 0L) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, i)) {
+        /* We already checked we have enough data */
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    ckey = EVP_PKEY_new();
+    if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB);
+        goto err;
+    }
+    cdh = EVP_PKEY_get0_DH(ckey);
+    pub_key = BN_bin2bn(data, i, NULL);
+
+    if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        if (pub_key != NULL)
+            BN_free(pub_key);
+        goto err;
+    }
+
+    if (ssl_derive(s, skey, ckey) == 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *skey = s->s3->tmp.pkey;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (PACKET_remaining(pkt) == 0L) {
+        /* We don't support ECDH client auth */
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_MISSING_TMP_ECDH_KEY);
+        goto err;
+    } else {
+        unsigned int i;
+        const unsigned char *data;
+
+        /*
+         * Get client's public key from encoded point in the
+         * ClientKeyExchange message.
+         */
+
+        /* Get encoded point length */
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
+            *al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        ckey = EVP_PKEY_new();
+        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+            *al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (ssl_derive(s, skey, ckey) == 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+
+    return ret;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned int i;
+    const unsigned char *data;
+
+    if (!PACKET_get_net_2(pkt, &i)
+        || !PACKET_get_bytes(pkt, &data, i)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH);
+        return 0;
+    }
+    if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB);
+        return 0;
+    }
+    if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
+        return 0;
+    }
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!srp_generate_server_master_secret(s)) {
+        SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
+{
+#ifndef OPENSSL_NO_GOST
+    EVP_PKEY_CTX *pkey_ctx;
+    EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+    unsigned char premaster_secret[32];
+    const unsigned char *start;
+    size_t outlen = 32, inlen;
+    unsigned long alg_a;
+    int Ttag, Tclass;
+    long Tlen;
+    long sess_key_len;
+    const unsigned char *data;
+    int ret = 0;
+
+    /* Get our certificate private key */
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if (alg_a & SSL_aGOST12) {
+        /*
+         * New GOST ciphersuites have SSL_aGOST01 bit too
+         */
+        pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+        }
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+        }
+    } else if (alg_a & SSL_aGOST01) {
+        pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (pkey_ctx == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    /*
+     * If client certificate is present and is of the same type, maybe
+     * use it for key exchange.  Don't mind errors from
+     * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+     * client certificate for authorization only.
+     */
+    client_pub_pkey = X509_get0_pubkey(s->session->peer);
+    if (client_pub_pkey) {
+        if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+            ERR_clear_error();
+    }
+    /* Decrypt session key */
+    sess_key_len = PACKET_remaining(pkt);
+    if (!PACKET_get_bytes(pkt, &data, sess_key_len)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag,
+                        &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
+        || Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    start = data;
+    inlen = Tlen;
+    if (EVP_PKEY_decrypt
+        (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    /* Generate master secret */
+    if (!ssl_generate_master_secret(s, premaster_secret,
+                                    sizeof(premaster_secret), 0)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    /* Check if pubkey from client certificate was used */
+    if (EVP_PKEY_CTX_ctrl
+        (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+        s->statem.no_cert_verify = 1;
+
+    ret = 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    return ret;
+#else
+    /* Should never happen */
+    *al = SSL_AD_INTERNAL_ERROR;
+    SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+{
+    int al = -1;
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /* For PSK parse and retrieve identity, obtain PSK key */
+    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al))
+        goto err;
+
+    if (alg_k & SSL_kPSK) {
+        /* Identity extracted earlier: should be nothing left */
+        if (PACKET_remaining(pkt) != 0) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                   SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        /* PSK handled by ssl_generate_master_secret */
+        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_process_cke_rsa(s, pkt, &al))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_cke_dhe(s, pkt, &al))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_cke_ecdhe(s, pkt, &al))
+            goto err;
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_cke_srp(s, pkt, &al))
+            goto err;
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_process_cke_gost(s, pkt, &al))
+            goto err;
+    } else {
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+               SSL_R_UNKNOWN_CIPHER_TYPE);
+        goto err;
+    }
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+ err:
+    if (al != -1)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+#endif
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
+WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
+{
+#ifndef OPENSSL_NO_SCTP
+    if (wst == WORK_MORE_A) {
+        if (SSL_IS_DTLS(s)) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           sizeof(labelbuffer), NULL, 0,
+                                           0) <= 0) {
+                ossl_statem_set_error(s);
+                return WORK_ERROR;;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+    }
+#endif
+
+    if (s->statem.no_cert_verify || !s->session->peer) {
+        /*
+         * No certificate verify or no peer certificate so we no longer need
+         * the handshake_buffer
+         */
+        if (!ssl3_digest_cached_records(s, 0)) {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+        return WORK_FINISHED_CONTINUE;
+    } else {
+        if (!s->s3->handshake_buffer) {
+            SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                   ERR_R_INTERNAL_ERROR);
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+        /*
+         * For sigalgs freeze the handshake buffer. If we support
+         * extms we've done this already so this is a no-op
+         */
+        if (!ssl3_digest_cached_records(s, 1)) {
+            ossl_statem_set_error(s);
+            return WORK_ERROR;
+        }
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const unsigned char *sig, *data;
+#ifndef OPENSSL_NO_GOST
+    unsigned char *gost_data = NULL;
+#endif
+    int al, ret = MSG_PROCESS_ERROR;
+    int type = 0, j;
+    unsigned int len;
+    X509 *peer;
+    const EVP_MD *md = NULL;
+    long hdatalen = 0;
+    void *hdata;
+
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+
+    if (mctx == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+
+    peer = s->session->peer;
+    pkey = X509_get0_pubkey(peer);
+    if (pkey == NULL) {
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+
+    type = X509_certificate_type(peer, pkey);
+
+    if (!(type & EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY,
+               SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        goto f_err;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        int rv;
+
+        if (!PACKET_get_bytes(pkt, &sig, 2)) {
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+        rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
+        if (rv == -1) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        } else if (rv == 0) {
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+    } else {
+        /* Use default digest for this key type */
+        int idx = ssl_cert_type(NULL, pkey);
+        if (idx >= 0)
+            md = s->s3->tmp.md[idx];
+        if (md == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+
+    /* Check for broken implementations of GOST ciphersuites */
+    /*
+     * If key is GOST and len is exactly 64 or 128, it is signature without
+     * length field (CryptoPro implementations at least till TLS 1.2)
+     */
+#ifndef OPENSSL_NO_GOST
+    if (!SSL_USE_SIGALGS(s)
+        && ((PACKET_remaining(pkt) == 64
+             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+            || (PACKET_remaining(pkt) == 128
+                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+        len = PACKET_remaining(pkt);
+    } else
+#endif
+    if (!PACKET_get_net_2(pkt, &len)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+
+    j = EVP_PKEY_size(pkey);
+    if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
+        || (PACKET_remaining(pkt) == 0)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, len)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+
+    hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+    if (hdatalen <= 0) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md));
+#endif
+    if (!EVP_VerifyInit_ex(mctx, md, NULL)
+        || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = EVP_PKEY_id(pkey);
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512) {
+            if ((gost_data = OPENSSL_malloc(len)) == NULL) {
+                SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
+            BUF_reverse(gost_data, data, len);
+            data = gost_data;
+        }
+    }
+#endif
+
+    if (s->version == SSL3_VERSION
+        && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                            s->session->master_key_length,
+                            s->session->master_key)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+
+    if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) {
+        al = SSL_AD_DECRYPT_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
+        goto f_err;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+    if (0) {
+ f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        ossl_statem_set_error(s);
+    }
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(mctx);
+#ifndef OPENSSL_NO_GOST
+    OPENSSL_free(gost_data);
+#endif
+    return ret;
+}
+
+MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+{
+    int i, al = SSL_AD_INTERNAL_ERROR, ret = MSG_PROCESS_ERROR;
+    X509 *x = NULL;
+    unsigned long l, llen;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    PACKET spkt;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
+
+    if (!PACKET_get_net_3(pkt, &llen)
+        || !PACKET_get_sub_packet(pkt, &spkt, llen)
+        || PACKET_remaining(pkt) != 0) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    while (PACKET_remaining(&spkt) > 0) {
+        if (!PACKET_get_net_3(&spkt, &l)
+            || !PACKET_get_bytes(&spkt, &certbytes, l)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
+        if (x == NULL) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto f_err;
+        }
+        if (certbytes != (certstart + l)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        if (!sk_X509_push(sk, x)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+        x = NULL;
+    }
+
+    if (sk_X509_num(sk) <= 0) {
+        /* TLS does not mind 0 certs returned */
+        if (s->version == SSL3_VERSION) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_NO_CERTIFICATES_RETURNED);
+            goto f_err;
+        }
+        /* Fail for TLS only if we required a certificate */
+        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            goto f_err;
+        }
+        /* No client certificate so digest cached records */
+        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
+            goto f_err;
+        }
+    } else {
+        EVP_PKEY *pkey;
+        i = ssl_verify_cert_chain(s, sk);
+        if (i <= 0) {
+            al = ssl_verify_alarm_type(s->verify_result);
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_CERTIFICATE_VERIFY_FAILED);
+            goto f_err;
+        }
+        if (i > 1) {
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            goto f_err;
+        }
+        pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
+        if (pkey == NULL) {
+            al = SSL3_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                   SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+            goto f_err;
+        }
+    }
+
+    X509_free(s->session->peer);
+    s->session->peer = sk_X509_shift(sk);
+    s->session->verify_result = s->verify_result;
+
+    sk_X509_pop_free(s->session->peer_chain, X509_free);
+    s->session->peer_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does *not* include the peer's own
+     * certificate, while we do include it in statem_clnt.c
+     */
+    sk = NULL;
+    ret = MSG_PROCESS_CONTINUE_READING;
+    goto done;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_set_error(s);
+ done:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+int tls_construct_server_certificate(SSL *s)
+{
+    CERT_PKEY *cpk;
+
+    cpk = ssl_get_server_send_pkey(s);
+    if (cpk == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    if (!ssl3_output_cert_chain(s, cpk)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_new_session_ticket(SSL *s)
+{
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    HMAC_CTX *hctx = NULL;
+    unsigned char *p, *macstart;
+    const unsigned char *const_p;
+    int len, slen_full, slen;
+    SSL_SESSION *sess;
+    unsigned int hlen;
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+    int iv_len;
+
+    /* get session encoding length */
+    slen_full = i2d_SSL_SESSION(s->session, NULL);
+    /*
+     * Some length values are 16 bits, so forget it if session is too
+     * long
+     */
+    if (slen_full == 0 || slen_full > 0xFF00) {
+        ossl_statem_set_error(s);
+        return 0;
+    }
+    senc = OPENSSL_malloc(slen_full);
+    if (senc == NULL) {
+        ossl_statem_set_error(s);
+        return 0;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = senc;
+    if (!i2d_SSL_SESSION(s->session, &p))
+        goto err;
+
+    /*
+     * create a fresh copy (not shared with other threads) to clean up
+     */
+    const_p = senc;
+    sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+    if (sess == NULL)
+        goto err;
+    sess->session_id_length = 0; /* ID is irrelevant for the ticket */
+
+    slen = i2d_SSL_SESSION(sess, NULL);
+    if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    p = senc;
+    if (!i2d_SSL_SESSION(sess, &p)) {
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    SSL_SESSION_free(sess);
+
+    /*-
+     * Grow buffer if need be: the length calculation is as
+     * follows handshake_header_length +
+     * 4 (ticket lifetime hint) + 2 (ticket length) +
+     * sizeof(keyname) + max_iv_len (iv length) +
+     * max_enc_block_size (max encrypted session * length) +
+     * max_md_size (HMAC) + session_length.
+     */
+    if (!BUF_MEM_grow(s->init_buf,
+                      SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) +
+                      EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+                      EVP_MAX_MD_SIZE + slen))
+        goto err;
+
+    p = ssl_handshake_start(s);
+    /*
+     * Initialize HMAC and cipher contexts. If callback present it does
+     * all the work otherwise use generated values from parent ctx.
+     */
+    if (tctx->tlsext_ticket_key_cb) {
+        /* if 0 is returned, write an empty ticket */
+        int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx,
+                                             hctx, 1);
+
+        if (ret == 0) {
+            l2n(0, p);          /* timeout */
+            s2n(0, p);          /* length */
+            if (!ssl_set_handshake_header
+                (s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
+                goto err;
+            OPENSSL_free(senc);
+            EVP_CIPHER_CTX_free(ctx);
+            HMAC_CTX_free(hctx);
+            return 1;
+        }
+        if (ret < 0)
+            goto err;
+        iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+    } else {
+        const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+        iv_len = EVP_CIPHER_iv_length(cipher);
+        if (RAND_bytes(iv, iv_len) <= 0)
+            goto err;
+        if (!EVP_EncryptInit_ex(ctx, cipher, NULL,
+                                tctx->tlsext_tick_aes_key, iv))
+            goto err;
+        if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
+                          sizeof(tctx->tlsext_tick_hmac_key),
+                          EVP_sha256(), NULL))
+            goto err;
+        memcpy(key_name, tctx->tlsext_tick_key_name,
+               sizeof(tctx->tlsext_tick_key_name));
+    }
+
+    /*
+     * Ticket lifetime hint (advisory only): We leave this unspecified
+     * for resumed session (for simplicity), and guess that tickets for
+     * new sessions will live as long as their sessions.
+     */
+    l2n(s->hit ? 0 : s->session->timeout, p);
+
+    /* Skip ticket length for now */
+    p += 2;
+    /* Output key name */
+    macstart = p;
+    memcpy(p, key_name, sizeof(key_name));
+    p += sizeof(key_name);
+    /* output IV */
+    memcpy(p, iv, iv_len);
+    p += iv_len;
+    /* Encrypt session data */
+    if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
+        goto err;
+    p += len;
+    if (!EVP_EncryptFinal(ctx, p, &len))
+        goto err;
+    p += len;
+
+    if (!HMAC_Update(hctx, macstart, p - macstart))
+        goto err;
+    if (!HMAC_Final(hctx, p, &hlen))
+        goto err;
+
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    ctx = NULL;
+    hctx = NULL;
+
+    p += hlen;
+    /* Now write out lengths: p points to end of data written */
+    /* Total length */
+    len = p - ssl_handshake_start(s);
+    /* Skip ticket lifetime hint */
+    p = ssl_handshake_start(s) + 4;
+    s2n(len - 6, p);
+    if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+        goto err;
+    OPENSSL_free(senc);
+
+    return 1;
+ err:
+    OPENSSL_free(senc);
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+int tls_construct_cert_status(SSL *s)
+{
+    unsigned char *p;
+    size_t msglen;
+
+    /*-
+     * Grow buffer if need be: the length calculation is as
+     * follows handshake_header_length +
+     * 1 (ocsp response type) + 3 (ocsp response length)
+     * + (ocsp response)
+     */
+    msglen = 4 + s->tlsext_ocsp_resplen;
+    if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen))
+        goto err;
+
+    p = ssl_handshake_start(s);
+
+    /* status type */
+    *(p++) = s->tlsext_status_type;
+    /* length of OCSP response */
+    l2n3(s->tlsext_ocsp_resplen, p);
+    /* actual response */
+    memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen))
+        goto err;
+
+    return 1;
+
+ err:
+    ossl_statem_set_error(s);
+    return 0;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * tls_process_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
+{
+    PACKET next_proto, padding;
+    size_t next_proto_len;
+
+    /*-
+     * The payload looks like:
+     *   uint8 proto_len;
+     *   uint8 proto[proto_len];
+     *   uint8 padding_len;
+     *   uint8 padding[padding_len];
+     */
+    if (!PACKET_get_length_prefixed_1(pkt, &next_proto)
+        || !PACKET_get_length_prefixed_1(pkt, &padding)
+        || PACKET_remaining(pkt) > 0) {
+        SSLerr(SSL_F_TLS_PROCESS_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) {
+        s->next_proto_negotiated_len = 0;
+        goto err;
+    }
+
+    s->next_proto_negotiated_len = (unsigned char)next_proto_len;
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    ossl_statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+#endif
+
+#define SSLV2_CIPHER_LEN    3
+
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
+                                               PACKET *cipher_suites,
+                                               STACK_OF(SSL_CIPHER) **skp,
+                                               int sslv2format, int *al)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+    int n;
+    /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
+    unsigned char cipher[SSLV2_CIPHER_LEN];
+
+    s->s3->send_connection_binding = 0;
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return NULL;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+               SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        *al = SSL_AD_DECODE_ERROR;
+        return NULL;
+    }
+
+    sk = sk_SSL_CIPHER_new_null();
+    if (sk == NULL) {
+        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        *al = SSL_AD_INTERNAL_ERROR;
+        return NULL;
+    }
+
+    if (sslv2format) {
+        size_t numciphers = PACKET_remaining(cipher_suites) / n;
+        PACKET sslv2ciphers = *cipher_suites;
+        unsigned int leadbyte;
+        unsigned char *raw;
+
+        /*
+         * We store the raw ciphers list in SSLv3+ format so we need to do some
+         * preprocessing to convert the list first. If there are any SSLv2 only
+         * ciphersuites with a non-zero leading byte then we are going to
+         * slightly over allocate because we won't store those. But that isn't a
+         * problem.
+         */
+        raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
+        s->s3->tmp.ciphers_raw = raw;
+        if (raw == NULL) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            goto err;
+        }
+        for (s->s3->tmp.ciphers_rawlen = 0;
+             PACKET_remaining(&sslv2ciphers) > 0;
+             raw += TLS_CIPHER_LEN) {
+            if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
+                    || (leadbyte == 0
+                        && !PACKET_copy_bytes(&sslv2ciphers, raw,
+                                              TLS_CIPHER_LEN))
+                    || (leadbyte != 0
+                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
+                *al = SSL_AD_INTERNAL_ERROR;
+                OPENSSL_free(s->s3->tmp.ciphers_raw);
+                s->s3->tmp.ciphers_raw = NULL;
+                s->s3->tmp.ciphers_rawlen = 0;
+                goto err;
+            }
+            if (leadbyte == 0)
+                s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
+        }
+    } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
+                           &s->s3->tmp.ciphers_rawlen)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+
+    while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
+        /*
+         * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+         * first byte set to zero, while true SSLv2 ciphers have a non-zero
+         * first byte. We don't support any true SSLv2 ciphers, so skip them.
+         */
+        if (sslv2format && cipher[0] != '\0')
+            continue;
+
+        /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
+        if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+            (cipher[n - 1] == (SSL3_CK_SCSV & 0xff))) {
+            /* SCSV fatal if renegotiating */
+            if (s->renegotiate) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+                       SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                *al = SSL_AD_HANDSHAKE_FAILURE;
+                goto err;
+            }
+            s->s3->send_connection_binding = 1;
+            continue;
+        }
+
+        /* Check for TLS_FALLBACK_SCSV */
+        if ((cipher[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
+            (cipher[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
+            /*
+             * The SCSV indicates that the client previously tried a higher
+             * version. Fail if the current version is an unexpected
+             * downgrade.
+             */
+            if (!ssl_check_version_downgrade(s)) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+                       SSL_R_INAPPROPRIATE_FALLBACK);
+                *al = SSL_AD_INAPPROPRIATE_FALLBACK;
+                goto err;
+            }
+            continue;
+        }
+
+        /* For SSLv2-compat, ignore leading 0-byte. */
+        c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher);
+        if (c != NULL) {
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                *al = SSL_AD_INTERNAL_ERROR;
+                goto err;
+            }
+        }
+    }
+    if (PACKET_remaining(cipher_suites) > 0) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    *skp = sk;
+    return sk;
+ err:
+    sk_SSL_CIPHER_free(sk);
+    return NULL;
+}
diff --git a/openssl-1.1.0h/ssl/t1_enc.c b/openssl-1.1.0h/ssl/t1_enc.c
new file mode 100644
index 0000000..235c5e4
--- /dev/null
+++ b/openssl-1.1.0h/ssl/t1_enc.c
@@ -0,0 +1,668 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/rand.h>
+
+/* seed1 through seed5 are concatenated */
+static int tls1_PRF(SSL *s,
+                    const void *seed1, int seed1_len,
+                    const void *seed2, int seed2_len,
+                    const void *seed3, int seed3_len,
+                    const void *seed4, int seed4_len,
+                    const void *seed5, int seed5_len,
+                    const unsigned char *sec, int slen,
+                    unsigned char *out, int olen)
+{
+    const EVP_MD *md = ssl_prf_md(s);
+    EVP_PKEY_CTX *pctx = NULL;
+
+    int ret = 0;
+    size_t outlen = olen;
+
+    if (md == NULL) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
+        || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, slen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, seed4_len) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, seed5_len) <= 0)
+        goto err;
+
+    if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+        goto err;
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return ret;
+}
+
+static int tls1_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+    int ret;
+    ret = tls1_PRF(s,
+                   TLS_MD_KEY_EXPANSION_CONST,
+                   TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
+                   SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
+                   NULL, 0, NULL, 0, s->session->master_key,
+                   s->session->master_key_length, km, num);
+
+    return ret;
+}
+
+int tls1_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
+    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    const SSL_COMP *comp;
+#endif
+    const EVP_MD *m;
+    int mac_type;
+    int *mac_secret_size;
+    EVP_MD_CTX *mac_ctx;
+    EVP_PKEY *mac_key;
+    int n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    mac_type = s->s3->tmp.new_mac_pkey_type;
+#ifndef OPENSSL_NO_COMP
+    comp = s->s3->tmp.new_compression;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->tlsext_use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+
+        if (s->enc_read_ctx != NULL)
+            reuse_dd = 1;
+        else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
+            goto err;
+        else
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        dd = s->enc_read_ctx;
+        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
+        if (mac_ctx == NULL)
+            goto err;
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp->method);
+            if (s->expand == NULL) {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+        mac_secret_size = &(s->s3->read_mac_secret_size);
+    } else {
+        if (s->tlsext_use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+            reuse_dd = 1;
+        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+            goto err;
+        dd = s->enc_write_ctx;
+        if (SSL_IS_DTLS(s)) {
+            mac_ctx = EVP_MD_CTX_new();
+            if (mac_ctx == NULL)
+                goto err;
+            s->write_hash = mac_ctx;
+        } else {
+            mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
+            if (mac_ctx == NULL)
+                goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp->method);
+            if (s->compress == NULL) {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+        mac_secret_size = &(s->s3->write_mac_secret_size);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
+
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+    /* If GCM/CCM mode only part of IV comes from PRF */
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+        k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+        k = EVP_CCM_TLS_FIXED_IV_LEN;
+    else
+        k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
+                                       mac_secret, *mac_secret_size);
+        if (mac_key == NULL
+            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            EVP_PKEY_free(mac_key);
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+        EVP_PKEY_free(mac_key);
+    }
+#ifdef SSL_DEBUG
+    printf("which = %04X\nmac key=", which);
+    {
+        int z;
+        for (z = 0; z < i; z++)
+            printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+        int taglen;
+        if (s->s3->tmp.
+            new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = 8;
+        else
+            taglen = 16;
+        if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
+            || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    } else {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    }
+    /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                *mac_secret_size, mac_secret)) {
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
+
+#ifdef SSL_DEBUG
+    printf("which = %04X\nkey=", which);
+    {
+        int z;
+        for (z = 0; z < EVP_CIPHER_key_length(c); z++)
+            printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\niv=");
+    {
+        int z;
+        for (z = 0; z < k; z++)
+            printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    OPENSSL_cleanse(tmp1, sizeof(tmp1));
+    OPENSSL_cleanse(tmp2, sizeof(tmp1));
+    OPENSSL_cleanse(iv1, sizeof(iv1));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
+    return (1);
+ err:
+    SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ err2:
+    OPENSSL_cleanse(tmp1, sizeof(tmp1));
+    OPENSSL_cleanse(tmp2, sizeof(tmp1));
+    OPENSSL_cleanse(iv1, sizeof(iv1));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
+    return (0);
+}
+
+int tls1_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int num;
+    SSL_COMP *comp;
+    int mac_type = NID_undef, mac_secret_size = 0;
+    int ret = 0;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return (1);
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
+                            &comp, s->tlsext_use_etm)) {
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return (0);
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+    s->s3->tmp.new_mac_pkey_type = mac_type;
+    s->s3->tmp.new_mac_secret_size = mac_secret_size;
+    num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+#ifdef SSL_DEBUG
+    printf("client random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->client_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("server random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->server_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("master key\n");
+    {
+        int z;
+        for (z = 0; z < s->session->master_key_length; z++)
+            printf("%02X%c", s->session->master_key[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+    if (!tls1_generate_key_block(s, p, num))
+        goto err;
+#ifdef SSL_DEBUG
+    printf("\nkey block\n");
+    {
+        int z;
+        for (z = 0; z < num; z++)
+            printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        && s->method->version <= TLS1_VERSION) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    ret = 1;
+ err:
+    return (ret);
+}
+
+int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
+{
+    int hashlen;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+
+    if (!ssl3_digest_cached_records(s, 0))
+        return 0;
+
+    hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
+
+    if (hashlen == 0)
+        return 0;
+
+    if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, TLS1_FINISH_MAC_LENGTH))
+        return 0;
+    OPENSSL_cleanse(hash, hashlen);
+    return TLS1_FINISH_MAC_LENGTH;
+}
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                int len)
+{
+    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+        unsigned char hash[EVP_MAX_MD_SIZE * 2];
+        int hashlen;
+        /*
+         * Digest cached records keeping record buffer (if present): this wont
+         * affect client auth because we're freezing the buffer at the same
+         * point (after client key exchange and before certificate verify)
+         */
+        if (!ssl3_digest_cached_records(s, 1))
+            return -1;
+        hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
+#ifdef SSL_DEBUG
+        fprintf(stderr, "Handshake hashes:\n");
+        BIO_dump_fp(stderr, (char *)hash, hashlen);
+#endif
+        tls1_PRF(s,
+                 TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+                 TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
+                 hash, hashlen,
+                 NULL, 0,
+                 NULL, 0,
+                 NULL, 0, p, len, s->session->master_key,
+                 SSL3_MASTER_SECRET_SIZE);
+        OPENSSL_cleanse(hash, hashlen);
+    } else {
+        tls1_PRF(s,
+                 TLS_MD_MASTER_SECRET_CONST,
+                 TLS_MD_MASTER_SECRET_CONST_SIZE,
+                 s->s3->client_random, SSL3_RANDOM_SIZE,
+                 NULL, 0,
+                 s->s3->server_random, SSL3_RANDOM_SIZE,
+                 NULL, 0, p, len, s->session->master_key,
+                 SSL3_MASTER_SECRET_SIZE);
+    }
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Premaster Secret:\n");
+    BIO_dump_fp(stderr, (char *)p, len);
+    fprintf(stderr, "Client Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Server Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Master Secret:\n");
+    BIO_dump_fp(stderr, (char *)s->session->master_key,
+                SSL3_MASTER_SECRET_SIZE);
+#endif
+
+    return (SSL3_MASTER_SECRET_SIZE);
+}
+
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context)
+{
+    unsigned char *val = NULL;
+    size_t vallen = 0, currentvalpos;
+    int rv;
+
+    /*
+     * construct PRF arguments we construct the PRF argument ourself rather
+     * than passing separate values into the TLS PRF to ensure that the
+     * concatenation of values does not create a prohibited label.
+     */
+    vallen = llen + SSL3_RANDOM_SIZE * 2;
+    if (use_context) {
+        vallen += 2 + contextlen;
+    }
+
+    val = OPENSSL_malloc(vallen);
+    if (val == NULL)
+        goto err2;
+    currentvalpos = 0;
+    memcpy(val + currentvalpos, (unsigned char *)label, llen);
+    currentvalpos += llen;
+    memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+    memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+
+    if (use_context) {
+        val[currentvalpos] = (contextlen >> 8) & 0xff;
+        currentvalpos++;
+        val[currentvalpos] = contextlen & 0xff;
+        currentvalpos++;
+        if ((contextlen > 0) || (context != NULL)) {
+            memcpy(val + currentvalpos, context, contextlen);
+        }
+    }
+
+    /*
+     * disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited
+     * label len) = 15, so size of val > max(prohibited label len) = 15 and
+     * the comparisons won't have buffer overflow
+     */
+    if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
+               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
+               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
+               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+               TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
+               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+        goto err1;
+
+    rv = tls1_PRF(s,
+                  val, vallen,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, olen);
+
+    goto ret;
+ err1:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+    rv = 0;
+    goto ret;
+ err2:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
+    rv = 0;
+ ret:
+    OPENSSL_clear_free(val, vallen);
+    return (rv);
+}
+
+int tls1_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return (SSL3_AD_CLOSE_NOTIFY);
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return (SSL3_AD_UNEXPECTED_MESSAGE);
+    case SSL_AD_BAD_RECORD_MAC:
+        return (SSL3_AD_BAD_RECORD_MAC);
+    case SSL_AD_DECRYPTION_FAILED:
+        return (TLS1_AD_DECRYPTION_FAILED);
+    case SSL_AD_RECORD_OVERFLOW:
+        return (TLS1_AD_RECORD_OVERFLOW);
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return (SSL3_AD_DECOMPRESSION_FAILURE);
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_NO_CERTIFICATE:
+        return (-1);
+    case SSL_AD_BAD_CERTIFICATE:
+        return (SSL3_AD_BAD_CERTIFICATE);
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return (SSL3_AD_CERTIFICATE_REVOKED);
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return (SSL3_AD_CERTIFICATE_EXPIRED);
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return (SSL3_AD_CERTIFICATE_UNKNOWN);
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return (SSL3_AD_ILLEGAL_PARAMETER);
+    case SSL_AD_UNKNOWN_CA:
+        return (TLS1_AD_UNKNOWN_CA);
+    case SSL_AD_ACCESS_DENIED:
+        return (TLS1_AD_ACCESS_DENIED);
+    case SSL_AD_DECODE_ERROR:
+        return (TLS1_AD_DECODE_ERROR);
+    case SSL_AD_DECRYPT_ERROR:
+        return (TLS1_AD_DECRYPT_ERROR);
+    case SSL_AD_EXPORT_RESTRICTION:
+        return (TLS1_AD_EXPORT_RESTRICTION);
+    case SSL_AD_PROTOCOL_VERSION:
+        return (TLS1_AD_PROTOCOL_VERSION);
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return (TLS1_AD_INSUFFICIENT_SECURITY);
+    case SSL_AD_INTERNAL_ERROR:
+        return (TLS1_AD_INTERNAL_ERROR);
+    case SSL_AD_USER_CANCELLED:
+        return (TLS1_AD_USER_CANCELLED);
+    case SSL_AD_NO_RENEGOTIATION:
+        return (TLS1_AD_NO_RENEGOTIATION);
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return (TLS1_AD_UNSUPPORTED_EXTENSION);
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return (TLS1_AD_UNRECOGNIZED_NAME);
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return (TLS1_AD_NO_APPLICATION_PROTOCOL);
+    default:
+        return (-1);
+    }
+}
diff --git a/openssl-1.1.0h/ssl/t1_ext.c b/openssl-1.1.0h/ssl/t1_ext.c
new file mode 100644
index 0000000..a996a20
--- /dev/null
+++ b/openssl-1.1.0h/ssl/t1_ext.c
@@ -0,0 +1,283 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Custom extension utility functions */
+
+#include <openssl/ct.h>
+#include "ssl_locl.h"
+
+/* Find a custom extension from the list. */
+static custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                          unsigned int ext_type)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+    for (i = 0; i < exts->meths_count; i++, meth++) {
+        if (ext_type == meth->ext_type)
+            return meth;
+    }
+    return NULL;
+}
+
+/*
+ * Initialise custom extensions flags to indicate neither sent nor received.
+ */
+void custom_ext_init(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+    for (i = 0; i < exts->meths_count; i++, meth++)
+        meth->ext_flags = 0;
+}
+
+/* Pass received custom extension data to the application for parsing. */
+int custom_ext_parse(SSL *s, int server,
+                     unsigned int ext_type,
+                     const unsigned char *ext_data, size_t ext_size, int *al)
+{
+    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
+    custom_ext_method *meth;
+    meth = custom_ext_find(exts, ext_type);
+    /* If not found return success */
+    if (!meth)
+        return 1;
+    if (!server) {
+        /*
+         * If it's ServerHello we can't have any extensions not sent in
+         * ClientHello.
+         */
+        if (!(meth->ext_flags & SSL_EXT_FLAG_SENT)) {
+            *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+            return 0;
+        }
+    }
+    /* If already present it's a duplicate */
+    if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED) {
+        *al = TLS1_AD_DECODE_ERROR;
+        return 0;
+    }
+    meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
+    /* If no parse function set return success */
+    if (!meth->parse_cb)
+        return 1;
+
+    return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
+}
+
+/*
+ * Request custom extension data from the application and add to the return
+ * buffer.
+ */
+int custom_ext_add(SSL *s, int server,
+                   unsigned char **pret, unsigned char *limit, int *al)
+{
+    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
+    custom_ext_method *meth;
+    unsigned char *ret = *pret;
+    size_t i;
+
+    for (i = 0; i < exts->meths_count; i++) {
+        const unsigned char *out = NULL;
+        size_t outlen = 0;
+        meth = exts->meths + i;
+
+        if (server) {
+            /*
+             * For ServerHello only send extensions present in ClientHello.
+             */
+            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
+                continue;
+            /* If callback absent for server skip it */
+            if (!meth->add_cb)
+                continue;
+        }
+        if (meth->add_cb) {
+            int cb_retval = 0;
+            cb_retval = meth->add_cb(s, meth->ext_type,
+                                     &out, &outlen, al, meth->add_arg);
+            if (cb_retval < 0)
+                return 0;       /* error */
+            if (cb_retval == 0)
+                continue;       /* skip this extension */
+        }
+        if (4 > limit - ret || outlen > (size_t)(limit - ret - 4))
+            return 0;
+        s2n(meth->ext_type, ret);
+        s2n(outlen, ret);
+        if (outlen) {
+            memcpy(ret, out, outlen);
+            ret += outlen;
+        }
+        /*
+         * We can't send duplicates: code logic should prevent this.
+         */
+        OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
+        /*
+         * Indicate extension has been sent: this is both a sanity check to
+         * ensure we don't send duplicate extensions and indicates that it is
+         * not an error if the extension is present in ServerHello.
+         */
+        meth->ext_flags |= SSL_EXT_FLAG_SENT;
+        if (meth->free_cb)
+            meth->free_cb(s, meth->ext_type, out, meth->add_arg);
+    }
+    *pret = ret;
+    return 1;
+}
+
+/* Copy the flags from src to dst for any extensions that exist in both */
+int custom_exts_copy_flags(custom_ext_methods *dst,
+                           const custom_ext_methods *src)
+{
+    size_t i;
+    custom_ext_method *methsrc = src->meths;
+
+    for (i = 0; i < src->meths_count; i++, methsrc++) {
+        custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type);
+
+        if (methdst == NULL)
+            continue;
+
+        methdst->ext_flags = methsrc->ext_flags;
+    }
+
+    return 1;
+}
+
+/* Copy table of custom extensions */
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
+{
+    if (src->meths_count) {
+        dst->meths =
+            OPENSSL_memdup(src->meths,
+                           sizeof(custom_ext_method) * src->meths_count);
+        if (dst->meths == NULL)
+            return 0;
+        dst->meths_count = src->meths_count;
+    }
+    return 1;
+}
+
+void custom_exts_free(custom_ext_methods *exts)
+{
+    OPENSSL_free(exts->meths);
+}
+
+/* Set callbacks for a custom extension. */
+static int custom_ext_meth_add(custom_ext_methods *exts,
+                               unsigned int ext_type,
+                               custom_ext_add_cb add_cb,
+                               custom_ext_free_cb free_cb,
+                               void *add_arg,
+                               custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    custom_ext_method *meth, *tmp;
+    /*
+     * Check application error: if add_cb is not set free_cb will never be
+     * called.
+     */
+    if (!add_cb && free_cb)
+        return 0;
+    /*
+     * Don't add if extension supported internally, but make exception
+     * for extension types that previously were not supported, but now are.
+     */
+    if (SSL_extension_supported(ext_type) &&
+        ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
+        return 0;
+    /* Extension type must fit in 16 bits */
+    if (ext_type > 0xffff)
+        return 0;
+    /* Search for duplicate */
+    if (custom_ext_find(exts, ext_type))
+        return 0;
+    tmp = OPENSSL_realloc(exts->meths,
+                          (exts->meths_count + 1) * sizeof(custom_ext_method));
+
+    if (tmp == NULL)
+        return 0;
+
+    exts->meths = tmp;
+    meth = exts->meths + exts->meths_count;
+    memset(meth, 0, sizeof(*meth));
+    meth->parse_cb = parse_cb;
+    meth->add_cb = add_cb;
+    meth->free_cb = free_cb;
+    meth->ext_type = ext_type;
+    meth->add_arg = add_arg;
+    meth->parse_arg = parse_arg;
+    exts->meths_count++;
+    return 1;
+}
+
+/* Return true if a client custom extension exists, false otherwise */
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
+{
+    return custom_ext_find(&ctx->cert->cli_ext, ext_type) != NULL;
+}
+
+/* Application level functions to add custom extension callbacks */
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+#ifndef OPENSSL_NO_CT
+    /*
+     * We don't want applications registering callbacks for SCT extensions
+     * whilst simultaneously using the built-in SCT validation features, as
+     * these two things may not play well together.
+     */
+    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp &&
+        SSL_CTX_ct_is_enabled(ctx))
+        return 0;
+#endif
+    return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, add_cb,
+                               free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
+                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_extension_supported(unsigned int ext_type)
+{
+    switch (ext_type) {
+        /* Internally supported extensions. */
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+    case TLSEXT_TYPE_ec_point_formats:
+    case TLSEXT_TYPE_elliptic_curves:
+    case TLSEXT_TYPE_heartbeat:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLSEXT_TYPE_next_proto_neg:
+#endif
+    case TLSEXT_TYPE_padding:
+    case TLSEXT_TYPE_renegotiate:
+    case TLSEXT_TYPE_server_name:
+    case TLSEXT_TYPE_session_ticket:
+    case TLSEXT_TYPE_signature_algorithms:
+    case TLSEXT_TYPE_srp:
+    case TLSEXT_TYPE_status_request:
+    case TLSEXT_TYPE_signed_certificate_timestamp:
+    case TLSEXT_TYPE_use_srtp:
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+    case TLSEXT_TYPE_encrypt_then_mac:
+#endif
+        return 1;
+    default:
+        return 0;
+    }
+}
diff --git a/openssl-1.1.0h/ssl/t1_lib.c b/openssl-1.1.0h/ssl/t1_lib.c
new file mode 100644
index 0000000..7a5721a
--- /dev/null
+++ b/openssl-1.1.0h/ssl/t1_lib.c
@@ -0,0 +1,4228 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "ssl_locl.h"
+#include <openssl/ct.h>
+
+
+#define CHECKLEN(curr, val, limit) \
+    (((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))
+
+static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
+                              const unsigned char *sess_id, int sesslen,
+                              SSL_SESSION **psess);
+static int ssl_check_clienthello_tlsext_early(SSL *s);
+static int ssl_check_serverhello_tlsext(SSL *s);
+
+SSL3_ENC_METHOD const TLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    0,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
+        | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    ssl3_handshake_write
+};
+
+long tls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int tls1_new(SSL *s)
+{
+    if (!ssl3_new(s))
+        return (0);
+    s->method->ssl_clear(s);
+    return (1);
+}
+
+void tls1_free(SSL *s)
+{
+    OPENSSL_free(s->tlsext_session_ticket);
+    ssl3_free(s);
+}
+
+void tls1_clear(SSL *s)
+{
+    ssl3_clear(s);
+    if (s->method->version == TLS_ANY_VERSION)
+        s->version = TLS_MAX_VERSION;
+    else
+        s->version = s->method->version;
+}
+
+#ifndef OPENSSL_NO_EC
+
+typedef struct {
+    int nid;                    /* Curve NID */
+    int secbits;                /* Bits of security (from SP800-57) */
+    unsigned int flags;         /* Flags: currently just field type */
+} tls_curve_info;
+
+/*
+ * Table of curve information.
+ * Do not delete entries or reorder this array! It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+static const tls_curve_info nid_list[] = {
+    {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
+    {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
+    {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
+    {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
+    {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
+    {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
+    {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
+    {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
+    {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
+    {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
+    {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
+    {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
+    {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
+    {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
+    {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
+    {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
+    {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
+    {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+    {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+    {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+    {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
+    {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+    {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+    {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+    {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
+    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+    {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+};
+
+static const unsigned char ecformats_default[] = {
+    TLSEXT_ECPOINTFORMAT_uncompressed,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
+};
+
+/* The default curves */
+static const unsigned char eccurves_default[] = {
+    0, 29,                      /* X25519 (29) */
+    0, 23,                      /* secp256r1 (23) */
+    0, 25,                      /* secp521r1 (25) */
+    0, 24,                      /* secp384r1 (24) */
+};
+
+static const unsigned char suiteb_curves[] = {
+    0, TLSEXT_curve_P_256,
+    0, TLSEXT_curve_P_384
+};
+
+int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags)
+{
+    const tls_curve_info *cinfo;
+    /* ECC curves from RFC 4492 and RFC 7027 */
+    if ((curve_id < 1) || ((unsigned int)curve_id > OSSL_NELEM(nid_list)))
+        return 0;
+    cinfo = nid_list + curve_id - 1;
+    if (pflags)
+        *pflags = cinfo->flags;
+    return cinfo->nid;
+}
+
+int tls1_ec_nid2curve_id(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+        if (nid_list[i].nid == nid)
+            return i + 1;
+    }
+    return 0;
+}
+
+/*
+ * Get curves list, if "sess" is set return client curves otherwise
+ * preferred list.
+ * Sets |num_curves| to the number of curves in the list, i.e.,
+ * the length of |pcurves| is 2 * num_curves.
+ * Returns 1 on success and 0 if the client curves list has invalid format.
+ * The latter indicates an internal error: we should not be accepting such
+ * lists in the first place.
+ * TODO(emilia): we should really be storing the curves list in explicitly
+ * parsed form instead. (However, this would affect binary compatibility
+ * so cannot happen in the 1.0.x series.)
+ */
+static int tls1_get_curvelist(SSL *s, int sess,
+                              const unsigned char **pcurves, size_t *num_curves)
+{
+    size_t pcurveslen = 0;
+
+    if (sess) {
+        *pcurves = s->session->tlsext_ellipticcurvelist;
+        pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+    } else {
+        /* For Suite B mode only include P-256, P-384 */
+        switch (tls1_suiteb(s)) {
+        case SSL_CERT_FLAG_SUITEB_128_LOS:
+            *pcurves = suiteb_curves;
+            pcurveslen = sizeof(suiteb_curves);
+            break;
+
+        case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+            *pcurves = suiteb_curves;
+            pcurveslen = 2;
+            break;
+
+        case SSL_CERT_FLAG_SUITEB_192_LOS:
+            *pcurves = suiteb_curves + 2;
+            pcurveslen = 2;
+            break;
+        default:
+            *pcurves = s->tlsext_ellipticcurvelist;
+            pcurveslen = s->tlsext_ellipticcurvelist_length;
+        }
+        if (!*pcurves) {
+            *pcurves = eccurves_default;
+            pcurveslen = sizeof(eccurves_default);
+        }
+    }
+
+    /* We do not allow odd length arrays to enter the system. */
+    if (pcurveslen & 1) {
+        SSLerr(SSL_F_TLS1_GET_CURVELIST, ERR_R_INTERNAL_ERROR);
+        *num_curves = 0;
+        return 0;
+    }
+    *num_curves = pcurveslen / 2;
+    return 1;
+}
+
+/* See if curve is allowed by security callback */
+static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
+{
+    const tls_curve_info *cinfo;
+    if (curve[0])
+        return 1;
+    if ((curve[1] < 1) || ((size_t)curve[1] > OSSL_NELEM(nid_list)))
+        return 0;
+    cinfo = &nid_list[curve[1] - 1];
+# ifdef OPENSSL_NO_EC2M
+    if (cinfo->flags & TLS_CURVE_CHAR2)
+        return 0;
+# endif
+    return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve);
+}
+
+/* Check a curve is one of our preferences */
+int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+{
+    const unsigned char *curves;
+    size_t num_curves, i;
+    unsigned int suiteb_flags = tls1_suiteb(s);
+    if (len != 3 || p[0] != NAMED_CURVE_TYPE)
+        return 0;
+    /* Check curve matches Suite B preferences */
+    if (suiteb_flags) {
+        unsigned long cid = s->s3->tmp.new_cipher->id;
+        if (p[1])
+            return 0;
+        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
+            if (p[2] != TLSEXT_curve_P_256)
+                return 0;
+        } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) {
+            if (p[2] != TLSEXT_curve_P_384)
+                return 0;
+        } else                  /* Should never happen */
+            return 0;
+    }
+    if (!tls1_get_curvelist(s, 0, &curves, &num_curves))
+        return 0;
+    for (i = 0; i < num_curves; i++, curves += 2) {
+        if (p[1] == curves[0] && p[2] == curves[1])
+            return tls_curve_allowed(s, p + 1, SSL_SECOP_CURVE_CHECK);
+    }
+    return 0;
+}
+
+/*-
+ * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef
+ * if there is no match.
+ * For nmatch == -1, return number of matches
+ * For nmatch == -2, return the NID of the curve to use for
+ * an EC tmp key, or NID_undef if there is no match.
+ */
+int tls1_shared_curve(SSL *s, int nmatch)
+{
+    const unsigned char *pref, *supp;
+    size_t num_pref, num_supp, i, j;
+    int k;
+
+    /* Can't do anything on client side */
+    if (s->server == 0)
+        return -1;
+    if (nmatch == -2) {
+        if (tls1_suiteb(s)) {
+            /*
+             * For Suite B ciphersuite determines curve: we already know
+             * these are acceptable due to previous checks.
+             */
+            unsigned long cid = s->s3->tmp.new_cipher->id;
+
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                return NID_X9_62_prime256v1; /* P-256 */
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                return NID_secp384r1; /* P-384 */
+            /* Should never happen */
+            return NID_undef;
+        }
+        /* If not Suite B just return first preference shared curve */
+        nmatch = 0;
+    }
+    /*
+     * Avoid truncation. tls1_get_curvelist takes an int
+     * but s->options is a long...
+     */
+    if (!tls1_get_curvelist(s,
+            (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0,
+            &supp, &num_supp))
+        /* In practice, NID_undef == 0 but let's be precise. */
+        return nmatch == -1 ? 0 : NID_undef;
+    if (!tls1_get_curvelist(s,
+            (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0,
+            &pref, &num_pref))
+        return nmatch == -1 ? 0 : NID_undef;
+
+    for (k = 0, i = 0; i < num_pref; i++, pref += 2) {
+        const unsigned char *tsupp = supp;
+
+        for (j = 0; j < num_supp; j++, tsupp += 2) {
+            if (pref[0] == tsupp[0] && pref[1] == tsupp[1]) {
+                if (!tls_curve_allowed(s, pref, SSL_SECOP_CURVE_SHARED))
+                    continue;
+                if (nmatch == k) {
+                    int id = (pref[0] << 8) | pref[1];
+
+                    return tls1_ec_curve_id2nid(id, NULL);
+                }
+                k++;
+            }
+        }
+    }
+    if (nmatch == -1)
+        return k;
+    /* Out of range (nmatch > k). */
+    return NID_undef;
+}
+
+int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+                    int *curves, size_t ncurves)
+{
+    unsigned char *clist, *p;
+    size_t i;
+    /*
+     * Bitmap of curves included to detect duplicates: only works while curve
+     * ids < 32
+     */
+    unsigned long dup_list = 0;
+    clist = OPENSSL_malloc(ncurves * 2);
+    if (clist == NULL)
+        return 0;
+    for (i = 0, p = clist; i < ncurves; i++) {
+        unsigned long idmask;
+        int id;
+        id = tls1_ec_nid2curve_id(curves[i]);
+        idmask = 1L << id;
+        if (!id || (dup_list & idmask)) {
+            OPENSSL_free(clist);
+            return 0;
+        }
+        dup_list |= idmask;
+        s2n(id, p);
+    }
+    OPENSSL_free(*pext);
+    *pext = clist;
+    *pextlen = ncurves * 2;
+    return 1;
+}
+
+# define MAX_CURVELIST   28
+
+typedef struct {
+    size_t nidcnt;
+    int nid_arr[MAX_CURVELIST];
+} nid_cb_st;
+
+static int nid_cb(const char *elem, int len, void *arg)
+{
+    nid_cb_st *narg = arg;
+    size_t i;
+    int nid;
+    char etmp[20];
+    if (elem == NULL)
+        return 0;
+    if (narg->nidcnt == MAX_CURVELIST)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    nid = EC_curve_nist2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(etmp);
+    if (nid == NID_undef)
+        return 0;
+    for (i = 0; i < narg->nidcnt; i++)
+        if (narg->nid_arr[i] == nid)
+            return 0;
+    narg->nid_arr[narg->nidcnt++] = nid;
+    return 1;
+}
+
+/* Set curves based on a colon separate list */
+int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
+{
+    nid_cb_st ncb;
+    ncb.nidcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
+        return 0;
+    if (pext == NULL)
+        return 1;
+    return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+}
+
+/* For an EC key set TLS id and required compression based on parameters */
+static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
+                          EC_KEY *ec)
+{
+    int id;
+    const EC_GROUP *grp;
+    if (!ec)
+        return 0;
+    /* Determine if it is a prime field */
+    grp = EC_KEY_get0_group(ec);
+    if (!grp)
+        return 0;
+    /* Determine curve ID */
+    id = EC_GROUP_get_curve_name(grp);
+    id = tls1_ec_nid2curve_id(id);
+    /* If no id return error: we don't support arbitrary explicit curves */
+    if (id == 0)
+        return 0;
+    curve_id[0] = 0;
+    curve_id[1] = (unsigned char)id;
+    if (comp_id) {
+        if (EC_KEY_get0_public_key(ec) == NULL)
+            return 0;
+        if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+            *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+        } else {
+            if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
+                *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+            else
+                *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        }
+    }
+    return 1;
+}
+
+/* Check an EC key is compatible with extensions */
+static int tls1_check_ec_key(SSL *s,
+                             unsigned char *curve_id, unsigned char *comp_id)
+{
+    const unsigned char *pformats, *pcurves;
+    size_t num_formats, num_curves, i;
+    int j;
+    /*
+     * If point formats extension present check it, otherwise everything is
+     * supported (see RFC4492).
+     */
+    if (comp_id && s->session->tlsext_ecpointformatlist) {
+        pformats = s->session->tlsext_ecpointformatlist;
+        num_formats = s->session->tlsext_ecpointformatlist_length;
+        for (i = 0; i < num_formats; i++, pformats++) {
+            if (*comp_id == *pformats)
+                break;
+        }
+        if (i == num_formats)
+            return 0;
+    }
+    if (!curve_id)
+        return 1;
+    /* Check curve is consistent with client and server preferences */
+    for (j = 0; j <= 1; j++) {
+        if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
+            return 0;
+        if (j == 1 && num_curves == 0) {
+            /*
+             * If we've not received any curves then skip this check.
+             * RFC 4492 does not require the supported elliptic curves extension
+             * so if it is not sent we can just choose any curve.
+             * It is invalid to send an empty list in the elliptic curves
+             * extension, so num_curves == 0 always means no extension.
+             */
+            break;
+        }
+        for (i = 0; i < num_curves; i++, pcurves += 2) {
+            if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1])
+                break;
+        }
+        if (i == num_curves)
+            return 0;
+        /* For clients can only check sent curve list */
+        if (!s->server)
+            break;
+    }
+    return 1;
+}
+
+static void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                                size_t *num_formats)
+{
+    /*
+     * If we have a custom point format list use it otherwise use default
+     */
+    if (s->tlsext_ecpointformatlist) {
+        *pformats = s->tlsext_ecpointformatlist;
+        *num_formats = s->tlsext_ecpointformatlist_length;
+    } else {
+        *pformats = ecformats_default;
+        /* For Suite B we don't support char2 fields */
+        if (tls1_suiteb(s))
+            *num_formats = sizeof(ecformats_default) - 1;
+        else
+            *num_formats = sizeof(ecformats_default);
+    }
+}
+
+/*
+ * Check cert parameters compatible with extensions: currently just checks EC
+ * certificates have compatible curves and compression.
+ */
+static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+{
+    unsigned char comp_id, curve_id[2];
+    EVP_PKEY *pkey;
+    int rv;
+    pkey = X509_get0_pubkey(x);
+    if (!pkey)
+        return 0;
+    /* If not EC nothing to do */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    rv = tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey));
+    if (!rv)
+        return 0;
+    /*
+     * Can't check curve_id for client certs as we don't have a supported
+     * curves extension.
+     */
+    rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id);
+    if (!rv)
+        return 0;
+    /*
+     * Special case for suite B. We *MUST* sign using SHA256+P-256 or
+     * SHA384+P-384, adjust digest if necessary.
+     */
+    if (set_ee_md && tls1_suiteb(s)) {
+        int check_md;
+        size_t i;
+        CERT *c = s->cert;
+        if (curve_id[0])
+            return 0;
+        /* Check to see we have necessary signing algorithm */
+        if (curve_id[1] == TLSEXT_curve_P_256)
+            check_md = NID_ecdsa_with_SHA256;
+        else if (curve_id[1] == TLSEXT_curve_P_384)
+            check_md = NID_ecdsa_with_SHA384;
+        else
+            return 0;           /* Should never happen */
+        for (i = 0; i < c->shared_sigalgslen; i++)
+            if (check_md == c->shared_sigalgs[i].signandhash_nid)
+                break;
+        if (i == c->shared_sigalgslen)
+            return 0;
+        if (set_ee_md == 2) {
+            if (check_md == NID_ecdsa_with_SHA256)
+                s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256();
+            else
+                s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384();
+        }
+    }
+    return rv;
+}
+
+# ifndef OPENSSL_NO_EC
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
+int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
+{
+    /*
+     * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
+     * curves permitted.
+     */
+    if (tls1_suiteb(s)) {
+        unsigned char curve_id[2];
+        /* Curve to check determined by ciphersuite */
+        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+            curve_id[1] = TLSEXT_curve_P_256;
+        else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+            curve_id[1] = TLSEXT_curve_P_384;
+        else
+            return 0;
+        curve_id[0] = 0;
+        /* Check this curve is acceptable */
+        if (!tls1_check_ec_key(s, curve_id, NULL))
+            return 0;
+        return 1;
+    }
+    /* Need a shared curve */
+    if (tls1_shared_curve(s, 0))
+        return 1;
+    return 0;
+}
+# endif                         /* OPENSSL_NO_EC */
+
+#else
+
+static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+{
+    return 1;
+}
+
+#endif                          /* OPENSSL_NO_EC */
+
+/*
+ * List of supported signature algorithms and hashes. Should make this
+ * customisable at some point, for now include everything we support.
+ */
+
+#ifdef OPENSSL_NO_RSA
+# define tlsext_sigalg_rsa(md)  /* */
+#else
+# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
+#endif
+
+#ifdef OPENSSL_NO_DSA
+# define tlsext_sigalg_dsa(md)  /* */
+#else
+# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
+#endif
+
+#ifdef OPENSSL_NO_EC
+# define tlsext_sigalg_ecdsa(md)/* */
+#else
+# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
+#endif
+
+#define tlsext_sigalg(md) \
+                tlsext_sigalg_rsa(md) \
+                tlsext_sigalg_dsa(md) \
+                tlsext_sigalg_ecdsa(md)
+
+static const unsigned char tls12_sigalgs[] = {
+    tlsext_sigalg(TLSEXT_hash_sha512)
+        tlsext_sigalg(TLSEXT_hash_sha384)
+        tlsext_sigalg(TLSEXT_hash_sha256)
+        tlsext_sigalg(TLSEXT_hash_sha224)
+        tlsext_sigalg(TLSEXT_hash_sha1)
+#ifndef OPENSSL_NO_GOST
+        TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
+    TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
+    TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
+#endif
+};
+
+#ifndef OPENSSL_NO_EC
+static const unsigned char suiteb_sigalgs[] = {
+    tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
+        tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
+};
+#endif
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
+{
+    /*
+     * If Suite B mode use Suite B sigalgs only, ignore any other
+     * preferences.
+     */
+#ifndef OPENSSL_NO_EC
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *psigs = suiteb_sigalgs;
+        return sizeof(suiteb_sigalgs);
+
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *psigs = suiteb_sigalgs;
+        return 2;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *psigs = suiteb_sigalgs + 2;
+        return 2;
+    }
+#endif
+    /* If server use client authentication sigalgs if not NULL */
+    if (s->server == sent && s->cert->client_sigalgs) {
+        *psigs = s->cert->client_sigalgs;
+        return s->cert->client_sigalgslen;
+    } else if (s->cert->conf_sigalgs) {
+        *psigs = s->cert->conf_sigalgs;
+        return s->cert->conf_sigalgslen;
+    } else {
+        *psigs = tls12_sigalgs;
+        return sizeof(tls12_sigalgs);
+    }
+}
+
+/*
+ * Check signature algorithm is consistent with sent supported signature
+ * algorithms and if so return relevant digest.
+ */
+int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
+                            const unsigned char *sig, EVP_PKEY *pkey)
+{
+    const unsigned char *sent_sigs;
+    size_t sent_sigslen, i;
+    int sigalg = tls12_get_sigid(pkey);
+    /* Should never happen */
+    if (sigalg == -1)
+        return -1;
+    /* Check key type is consistent with signature */
+    if (sigalg != (int)sig[1]) {
+        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+#ifndef OPENSSL_NO_EC
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+        unsigned char curve_id[2], comp_id;
+        /* Check compression and curve matches extensions */
+        if (!tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey)))
+            return 0;
+        if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id)) {
+            SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
+            return 0;
+        }
+        /* If Suite B only P-384+SHA384 or P-256+SHA-256 allowed */
+        if (tls1_suiteb(s)) {
+            if (curve_id[0])
+                return 0;
+            if (curve_id[1] == TLSEXT_curve_P_256) {
+                if (sig[0] != TLSEXT_hash_sha256) {
+                    SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,
+                           SSL_R_ILLEGAL_SUITEB_DIGEST);
+                    return 0;
+                }
+            } else if (curve_id[1] == TLSEXT_curve_P_384) {
+                if (sig[0] != TLSEXT_hash_sha384) {
+                    SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,
+                           SSL_R_ILLEGAL_SUITEB_DIGEST);
+                    return 0;
+                }
+            } else
+                return 0;
+        }
+    } else if (tls1_suiteb(s))
+        return 0;
+#endif
+
+    /* Check signature matches a type we sent */
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+    for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
+        if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
+            break;
+    }
+    /* Allow fallback to SHA1 if not strict mode */
+    if (i == sent_sigslen
+        && (sig[0] != TLSEXT_hash_sha1
+            || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
+        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    *pmd = tls12_get_hash(sig[0]);
+    if (*pmd == NULL) {
+        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_UNKNOWN_DIGEST);
+        return 0;
+    }
+    /* Make sure security callback allows algorithm */
+    if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
+                      EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd), (void *)sig)) {
+        SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    /*
+     * Store the digest used so applications can retrieve it if they wish.
+     */
+    s->s3->tmp.peer_md = *pmd;
+    return 1;
+}
+
+/*
+ * Set a mask of disabled algorithms: an algorithm is disabled if it isn't
+ * supported, doesn't appear in supported signature algorithms, isn't supported
+ * by the enabled protocol versions or by the security level.
+ *
+ * This function should only be used for checking which ciphers are supported
+ * by the client.
+ *
+ * Call ssl_cipher_disabled() to check that it's enabled or not.
+ */
+void ssl_set_client_disabled(SSL *s)
+{
+    s->s3->tmp.mask_a = 0;
+    s->s3->tmp.mask_k = 0;
+    ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
+    ssl_get_client_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver);
+#ifndef OPENSSL_NO_PSK
+    /* with PSK there must be client callback set */
+    if (!s->psk_client_callback) {
+        s->s3->tmp.mask_a |= SSL_aPSK;
+        s->s3->tmp.mask_k |= SSL_PSK;
+    }
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
+        s->s3->tmp.mask_a |= SSL_aSRP;
+        s->s3->tmp.mask_k |= SSL_kSRP;
+    }
+#endif
+}
+
+/*
+ * ssl_cipher_disabled - check that a cipher is disabled or not
+ * @s: SSL connection that you want to use the cipher on
+ * @c: cipher to check
+ * @op: Security check that you want to do
+ * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3
+ *
+ * Returns 1 when it's disabled, 0 when enabled.
+ */
+int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+{
+    if (c->algorithm_mkey & s->s3->tmp.mask_k
+        || c->algorithm_auth & s->s3->tmp.mask_a)
+        return 1;
+    if (s->s3->tmp.max_ver == 0)
+        return 1;
+    if (!SSL_IS_DTLS(s)) {
+        int min_tls = c->min_tls;
+
+        /*
+         * For historical reasons we will allow ECHDE to be selected by a server
+         * in SSLv3 if we are a client
+         */
+        if (min_tls == TLS1_VERSION && ecdhe
+                && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0)
+            min_tls = SSL3_VERSION;
+
+        if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver))
+            return 1;
+    }
+    if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
+                           || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
+        return 1;
+
+    return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
+}
+
+static int tls_use_ticket(SSL *s)
+{
+    if (s->options & SSL_OP_NO_TICKET)
+        return 0;
+    return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
+}
+
+static int compare_uint(const void *p1, const void *p2)
+{
+    unsigned int u1 = *((const unsigned int *)p1);
+    unsigned int u2 = *((const unsigned int *)p2);
+    if (u1 < u2)
+        return -1;
+    else if (u1 > u2)
+        return 1;
+    else
+        return 0;
+}
+
+/*
+ * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
+ * more than one extension of the same type in a ClientHello or ServerHello.
+ * This function does an initial scan over the extensions block to filter those
+ * out. It returns 1 if all extensions are unique, and 0 if the extensions
+ * contain duplicates, could not be successfully parsed, or an internal error
+ * occurred.
+ */
+static int tls1_check_duplicate_extensions(const PACKET *packet)
+{
+    PACKET extensions = *packet;
+    size_t num_extensions = 0, i = 0;
+    unsigned int *extension_types = NULL;
+    int ret = 0;
+
+    /* First pass: count the extensions. */
+    while (PACKET_remaining(&extensions) > 0) {
+        unsigned int type;
+        PACKET extension;
+        if (!PACKET_get_net_2(&extensions, &type) ||
+            !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+            goto done;
+        }
+        num_extensions++;
+    }
+
+    if (num_extensions <= 1)
+        return 1;
+
+    extension_types = OPENSSL_malloc(sizeof(unsigned int) * num_extensions);
+    if (extension_types == NULL) {
+        SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /* Second pass: gather the extension types. */
+    extensions = *packet;
+    for (i = 0; i < num_extensions; i++) {
+        PACKET extension;
+        if (!PACKET_get_net_2(&extensions, &extension_types[i]) ||
+            !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+            /* This should not happen. */
+            SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+    }
+
+    if (PACKET_remaining(&extensions) != 0) {
+        SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    /* Sort the extensions and make sure there are no duplicates. */
+    qsort(extension_types, num_extensions, sizeof(unsigned int), compare_uint);
+    for (i = 1; i < num_extensions; i++) {
+        if (extension_types[i - 1] == extension_types[i])
+            goto done;
+    }
+    ret = 1;
+ done:
+    OPENSSL_free(extension_types);
+    return ret;
+}
+
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit, int *al)
+{
+    int extdatalen = 0;
+    unsigned char *orig = buf;
+    unsigned char *ret = buf;
+#ifndef OPENSSL_NO_EC
+    /* See if we support any ECC ciphersuites */
+    int using_ecc = 0;
+    if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) {
+        int i;
+        unsigned long alg_k, alg_a;
+        STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
+
+        for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+
+            alg_k = c->algorithm_mkey;
+            alg_a = c->algorithm_auth;
+            if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
+                || (alg_a & SSL_aECDSA)) {
+                using_ecc = 1;
+                break;
+            }
+        }
+    }
+#endif
+
+    ret += 2;
+
+    if (ret >= limit)
+        return NULL;            /* this really never occurs, but ... */
+
+    /* Add RI if renegotiating */
+    if (s->renegotiate) {
+        int el;
+
+        if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        if (CHECKLEN(ret, 4 + el, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_renegotiate, ret);
+        s2n(el, ret);
+
+        if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        ret += el;
+    }
+    /* Only add RI for SSLv3 */
+    if (s->client_version == SSL3_VERSION)
+        goto done;
+
+    if (s->tlsext_hostname != NULL) {
+        /* Add TLS extension servername to the Client Hello message */
+        size_t size_str;
+
+        /*-
+         * check for enough space.
+         * 4 for the servername type and extension length
+         * 2 for servernamelist length
+         * 1 for the hostname type
+         * 2 for hostname length
+         * + hostname length
+         */
+        size_str = strlen(s->tlsext_hostname);
+        if (CHECKLEN(ret, 9 + size_str, limit))
+            return NULL;
+
+        /* extension type and length */
+        s2n(TLSEXT_TYPE_server_name, ret);
+        s2n(size_str + 5, ret);
+
+        /* length of servername list */
+        s2n(size_str + 3, ret);
+
+        /* hostname type, length and hostname */
+        *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name;
+        s2n(size_str, ret);
+        memcpy(ret, s->tlsext_hostname, size_str);
+        ret += size_str;
+    }
+#ifndef OPENSSL_NO_SRP
+    /* Add SRP username if there is one */
+    if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
+                                     * Client Hello message */
+
+        size_t login_len = strlen(s->srp_ctx.login);
+        if (login_len > 255 || login_len == 0) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        /*-
+         * check for enough space.
+         * 4 for the srp type type and extension length
+         * 1 for the srp user identity
+         * + srp user identity length
+         */
+        if (CHECKLEN(ret, 5 + login_len, limit))
+            return NULL;
+
+        /* fill in the extension */
+        s2n(TLSEXT_TYPE_srp, ret);
+        s2n(login_len + 1, ret);
+        (*ret++) = (unsigned char)login_len;
+        memcpy(ret, s->srp_ctx.login, login_len);
+        ret += login_len;
+    }
+#endif
+
+#ifndef OPENSSL_NO_EC
+    if (using_ecc) {
+        /*
+         * Add TLS extension ECPointFormats to the ClientHello message
+         */
+        const unsigned char *pcurves, *pformats;
+        size_t num_curves, num_formats, curves_list_len;
+        size_t i;
+        unsigned char *etmp;
+
+        tls1_get_formatlist(s, &pformats, &num_formats);
+
+        if (num_formats > 255) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        /*-
+         * check for enough space.
+         * 4 bytes for the ec point formats type and extension length
+         * 1 byte for the length of the formats
+         * + formats length
+         */
+        if (CHECKLEN(ret, 5 + num_formats, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_ec_point_formats, ret);
+        /* The point format list has 1-byte length. */
+        s2n(num_formats + 1, ret);
+        *(ret++) = (unsigned char)num_formats;
+        memcpy(ret, pformats, num_formats);
+        ret += num_formats;
+
+        /*
+         * Add TLS extension EllipticCurves to the ClientHello message
+         */
+        pcurves = s->tlsext_ellipticcurvelist;
+        if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves))
+            return NULL;
+
+        if (num_curves > 65532 / 2) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        /*-
+         * check for enough space.
+         * 4 bytes for the ec curves type and extension length
+         * 2 bytes for the curve list length
+         * + curve list length
+         */
+        if (CHECKLEN(ret, 6 + (num_curves * 2), limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_elliptic_curves, ret);
+        etmp = ret + 4;
+        /* Copy curve ID if supported */
+        for (i = 0; i < num_curves; i++, pcurves += 2) {
+            if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) {
+                *etmp++ = pcurves[0];
+                *etmp++ = pcurves[1];
+            }
+        }
+
+        curves_list_len = etmp - ret - 4;
+
+        s2n(curves_list_len + 2, ret);
+        s2n(curves_list_len, ret);
+        ret += curves_list_len;
+    }
+#endif                          /* OPENSSL_NO_EC */
+
+    if (tls_use_ticket(s)) {
+        size_t ticklen;
+        if (!s->new_session && s->session && s->session->tlsext_tick)
+            ticklen = s->session->tlsext_ticklen;
+        else if (s->session && s->tlsext_session_ticket &&
+                 s->tlsext_session_ticket->data) {
+            ticklen = s->tlsext_session_ticket->length;
+            s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+            if (s->session->tlsext_tick == NULL)
+                return NULL;
+            memcpy(s->session->tlsext_tick,
+                   s->tlsext_session_ticket->data, ticklen);
+            s->session->tlsext_ticklen = ticklen;
+        } else
+            ticklen = 0;
+        if (ticklen == 0 && s->tlsext_session_ticket &&
+            s->tlsext_session_ticket->data == NULL)
+            goto skip_ext;
+        /*
+         * Check for enough room 2 for extension type, 2 for len rest for
+         * ticket
+         */
+        if (CHECKLEN(ret, 4 + ticklen, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_session_ticket, ret);
+        s2n(ticklen, ret);
+        if (ticklen > 0) {
+            memcpy(ret, s->session->tlsext_tick, ticklen);
+            ret += ticklen;
+        }
+    }
+ skip_ext:
+
+#ifndef OPENSSL_NO_OCSP
+    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
+        int i;
+        size_t extlen, idlen;
+        int lentmp;
+        OCSP_RESPID *id;
+
+        idlen = 0;
+        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+            lentmp = i2d_OCSP_RESPID(id, NULL);
+            if (lentmp <= 0)
+                return NULL;
+            idlen += (size_t)lentmp + 2;
+        }
+
+        if (s->tlsext_ocsp_exts) {
+            lentmp = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+            if (lentmp < 0)
+                return NULL;
+            extlen = (size_t)lentmp;
+        } else
+            extlen = 0;
+
+        if (extlen + idlen > 0xFFF0)
+            return NULL;
+        /*
+         * 2 bytes for status request type
+         * 2 bytes for status request len
+         * 1 byte for OCSP request type
+         * 2 bytes for length of ids
+         * 2 bytes for length of extensions
+         * + length of ids
+         * + length of extensions
+         */
+        if (CHECKLEN(ret, 9 + idlen + extlen, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_status_request, ret);
+        s2n(extlen + idlen + 5, ret);
+        *(ret++) = TLSEXT_STATUSTYPE_ocsp;
+        s2n(idlen, ret);
+        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+            /* save position of id len */
+            unsigned char *q = ret;
+            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+            /* skip over id len */
+            ret += 2;
+            lentmp = i2d_OCSP_RESPID(id, &ret);
+            /* write id len */
+            s2n(lentmp, q);
+        }
+        s2n(extlen, ret);
+        if (extlen > 0)
+            i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+    }
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+    if (SSL_IS_DTLS(s)) {
+        /* Add Heartbeat extension */
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the heartbeat ext type and extension length
+         * 1 byte for the mode
+         */
+        if (CHECKLEN(ret, 5, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_heartbeat, ret);
+        s2n(1, ret);
+        /*-
+         * Set mode:
+         * 1: peer may send requests
+         * 2: peer not allowed to send requests
+         */
+        if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS)
+            *(ret++) = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
+        else
+            *(ret++) = SSL_DTLSEXT_HB_ENABLED;
+    }
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
+        /*
+         * The client advertises an empty extension to indicate its support
+         * for Next Protocol Negotiation
+         */
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the NPN ext type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_next_proto_neg, ret);
+        s2n(0, ret);
+    }
+#endif
+
+    /*
+     * finish_md_len is non-zero during a renegotiation, so
+     * this avoids sending ALPN during the renegotiation
+     * (see longer comment below)
+     */
+    if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the ALPN type and extension length
+         * 2 bytes for the ALPN protocol list length
+         * + ALPN protocol list length
+         */
+        if (CHECKLEN(ret, 6 + s->alpn_client_proto_list_len, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
+        s2n(2 + s->alpn_client_proto_list_len, ret);
+        s2n(s->alpn_client_proto_list_len, ret);
+        memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len);
+        ret += s->alpn_client_proto_list_len;
+        s->s3->alpn_sent = 1;
+    }
+#ifndef OPENSSL_NO_SRTP
+    if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
+        int el;
+
+        /* Returns 0 on success!! */
+        if (ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the SRTP type and extension length
+         * + SRTP profiles length
+         */
+        if (CHECKLEN(ret, 4 + el, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_use_srtp, ret);
+        s2n(el, ret);
+
+        if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        ret += el;
+    }
+#endif
+    custom_ext_init(&s->cert->cli_ext);
+    /* Add custom TLS Extensions to ClientHello */
+    if (!custom_ext_add(s, 0, &ret, limit, al))
+        return NULL;
+    /*
+     * In 1.1.0 before 1.1.0c we negotiated EtM with DTLS, then just
+     * silently failed to actually do it. It is fixed in 1.1.1 but to
+     * ease the transition especially from 1.1.0b to 1.1.0c, we just
+     * disable it in 1.1.0.
+     * Also skip if SSL_OP_NO_ENCRYPT_THEN_MAC is set.
+     */
+    if (!SSL_IS_DTLS(s) && !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the ETM type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
+        s2n(0, ret);
+    }
+
+#ifndef OPENSSL_NO_CT
+    if (s->ct_validation_callback != NULL) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the SCT type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
+        s2n(0, ret);
+    }
+#endif
+
+    /*-
+     * check for enough space.
+     * 4 bytes for the EMS type and extension length
+     */
+    if (CHECKLEN(ret, 4, limit))
+        return NULL;
+    s2n(TLSEXT_TYPE_extended_master_secret, ret);
+    s2n(0, ret);
+
+    /*
+     * WebSphere application server can not handle having the
+     * last extension be 0-length (e.g. EMS, EtM), so keep those
+     * before SigAlgs
+     */
+    if (SSL_CLIENT_USE_SIGALGS(s)) {
+        size_t salglen;
+        const unsigned char *salg;
+        unsigned char *etmp;
+        salglen = tls12_get_psigalgs(s, 1, &salg);
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the sigalgs type and extension length
+         * 2 bytes for the sigalg list length
+         * + sigalg list length
+         */
+        if (CHECKLEN(ret, salglen + 6, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_signature_algorithms, ret);
+        etmp = ret;
+        /* Skip over lengths for now */
+        ret += 4;
+        salglen = tls12_copy_sigalgs(s, ret, salg, salglen);
+        /* Fill in lengths */
+        s2n(salglen + 2, etmp);
+        s2n(salglen, etmp);
+        ret += salglen;
+    }
+
+    /*
+     * Add padding to workaround bugs in F5 terminators. See
+     * https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this
+     * code works out the length of all existing extensions it MUST always
+     * appear last. WebSphere 7.x/8.x is intolerant of empty extensions
+     * being last, so minimum length of 1.
+     */
+    if (s->options & SSL_OP_TLSEXT_PADDING) {
+        int hlen = ret - (unsigned char *)s->init_buf->data;
+
+        if (hlen > 0xff && hlen < 0x200) {
+            hlen = 0x200 - hlen;
+            if (hlen >= 4)
+                hlen -= 4;
+            else
+                hlen = 1;
+
+            /*-
+             * check for enough space. Strictly speaking we know we've already
+             * got enough space because to get here the message size is < 0x200,
+             * but we know that we've allocated far more than that in the buffer
+             * - but for consistency and robustness we're going to check anyway.
+             *
+             * 4 bytes for the padding type and extension length
+             * + padding length
+             */
+            if (CHECKLEN(ret, 4 + hlen, limit))
+                return NULL;
+            s2n(TLSEXT_TYPE_padding, ret);
+            s2n(hlen, ret);
+            memset(ret, 0, hlen);
+            ret += hlen;
+        }
+    }
+
+ done:
+
+    if ((extdatalen = ret - orig - 2) == 0)
+        return orig;
+
+    s2n(extdatalen, orig);
+    return ret;
+}
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit, int *al)
+{
+    int extdatalen = 0;
+    unsigned char *orig = buf;
+    unsigned char *ret = buf;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    int next_proto_neg_seen;
+#endif
+#ifndef OPENSSL_NO_EC
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
+    using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
+#endif
+
+    ret += 2;
+    if (ret >= limit)
+        return NULL;            /* this really never occurs, but ... */
+
+    if (s->s3->send_connection_binding) {
+        int el;
+
+        /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */
+        if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the reneg type and extension length
+         * + reneg data length
+         */
+        if (CHECKLEN(ret, 4 + el, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_renegotiate, ret);
+        s2n(el, ret);
+
+        if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        ret += el;
+    }
+
+    /* Only add RI for SSLv3 */
+    if (s->version == SSL3_VERSION)
+        goto done;
+
+    if (!s->hit && s->servername_done == 1
+        && s->session->tlsext_hostname != NULL) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the server name type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_server_name, ret);
+        s2n(0, ret);
+    }
+#ifndef OPENSSL_NO_EC
+    if (using_ecc) {
+        const unsigned char *plist;
+        size_t plistlen;
+        /*
+         * Add TLS extension ECPointFormats to the ServerHello message
+         */
+
+        tls1_get_formatlist(s, &plist, &plistlen);
+
+        if (plistlen > 255) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the ec points format type and extension length
+         * 1 byte for the points format list length
+         * + length of points format list
+         */
+        if (CHECKLEN(ret, 5 + plistlen, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_ec_point_formats, ret);
+        s2n(plistlen + 1, ret);
+        *(ret++) = (unsigned char)plistlen;
+        memcpy(ret, plist, plistlen);
+        ret += plistlen;
+
+    }
+    /*
+     * Currently the server should not respond with a SupportedCurves
+     * extension
+     */
+#endif                          /* OPENSSL_NO_EC */
+
+    if (s->tlsext_ticket_expected && tls_use_ticket(s)) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the Ticket type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_session_ticket, ret);
+        s2n(0, ret);
+    } else {
+        /*
+         * if we don't add the above TLSEXT, we can't add a session ticket
+         * later
+         */
+        s->tlsext_ticket_expected = 0;
+    }
+
+    if (s->tlsext_status_expected) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the Status request type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_status_request, ret);
+        s2n(0, ret);
+    }
+#ifndef OPENSSL_NO_SRTP
+    if (SSL_IS_DTLS(s) && s->srtp_profile) {
+        int el;
+
+        /* Returns 0 on success!! */
+        if (ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        /*-
+         * check for enough space.
+         * 4 bytes for the SRTP profiles type and extension length
+         * + length of the SRTP profiles list
+         */
+        if (CHECKLEN(ret, 4 + el, limit))
+            return NULL;
+
+        s2n(TLSEXT_TYPE_use_srtp, ret);
+        s2n(el, ret);
+
+        if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        ret += el;
+    }
+#endif
+
+    if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80
+         || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81)
+        && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
+        const unsigned char cryptopro_ext[36] = {
+            0xfd, 0xe8,         /* 65000 */
+            0x00, 0x20,         /* 32 bytes length */
+            0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
+            0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
+            0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
+            0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
+        };
+
+        /* check for enough space. */
+        if (CHECKLEN(ret, sizeof(cryptopro_ext), limit))
+            return NULL;
+        memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
+        ret += sizeof(cryptopro_ext);
+
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    /* Add Heartbeat extension if we've received one */
+    if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the Heartbeat type and extension length
+         * 1 byte for the mode
+         */
+        if (CHECKLEN(ret, 5, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_heartbeat, ret);
+        s2n(1, ret);
+        /*-
+         * Set mode:
+         * 1: peer may send requests
+         * 2: peer not allowed to send requests
+         */
+        if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS)
+            *(ret++) = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
+        else
+            *(ret++) = SSL_DTLSEXT_HB_ENABLED;
+
+    }
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    next_proto_neg_seen = s->s3->next_proto_neg_seen;
+    s->s3->next_proto_neg_seen = 0;
+    if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
+        const unsigned char *npa;
+        unsigned int npalen;
+        int r;
+
+        r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
+                                              s->
+                                              ctx->next_protos_advertised_cb_arg);
+        if (r == SSL_TLSEXT_ERR_OK) {
+            /*-
+             * check for enough space.
+             * 4 bytes for the NPN type and extension length
+             * + length of protocols list
+             */
+            if (CHECKLEN(ret, 4 + npalen, limit))
+                return NULL;
+            s2n(TLSEXT_TYPE_next_proto_neg, ret);
+            s2n(npalen, ret);
+            memcpy(ret, npa, npalen);
+            ret += npalen;
+            s->s3->next_proto_neg_seen = 1;
+        }
+    }
+#endif
+    if (!custom_ext_add(s, 1, &ret, limit, al))
+        return NULL;
+    if (s->tlsext_use_etm) {
+        /*
+         * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
+         * for other cases too.
+         */
+        if (SSL_IS_DTLS(s) || s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+            || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
+            || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
+            || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12)
+            s->tlsext_use_etm = 0;
+        else {
+            /*-
+             * check for enough space.
+             * 4 bytes for the ETM type and extension length
+             */
+            if (CHECKLEN(ret, 4, limit))
+                return NULL;
+            s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
+            s2n(0, ret);
+        }
+    }
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        /*-
+         * check for enough space.
+         * 4 bytes for the EMS type and extension length
+         */
+        if (CHECKLEN(ret, 4, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_extended_master_secret, ret);
+        s2n(0, ret);
+    }
+
+    if (s->s3->alpn_selected != NULL) {
+        const unsigned char *selected = s->s3->alpn_selected;
+        size_t len = s->s3->alpn_selected_len;
+
+        /*-
+         * check for enough space.
+         * 4 bytes for the ALPN type and extension length
+         * 2 bytes for ALPN data length
+         * 1 byte for selected protocol length
+         * + length of the selected protocol
+         */
+        if (CHECKLEN(ret, 7 + len, limit))
+            return NULL;
+        s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
+        s2n(3 + len, ret);
+        s2n(1 + len, ret);
+        *ret++ = len;
+        memcpy(ret, selected, len);
+        ret += len;
+    }
+
+ done:
+
+    if ((extdatalen = ret - orig - 2) == 0)
+        return orig;
+
+    s2n(extdatalen, orig);
+    return ret;
+}
+
+/*
+ * Save the ALPN extension in a ClientHello.
+ * pkt: the contents of the ALPN extension, not including type and length.
+ * al: a pointer to the  alert value to send in the event of a failure.
+ * returns: 1 on success, 0 on error.
+ */
+static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
+{
+    PACKET protocol_list, save_protocol_list, protocol;
+
+    *al = SSL_AD_DECODE_ERROR;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &protocol_list)
+        || PACKET_remaining(&protocol_list) < 2) {
+        return 0;
+    }
+
+    save_protocol_list = protocol_list;
+    do {
+        /* Protocol names can't be empty. */
+        if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol)
+            || PACKET_remaining(&protocol) == 0) {
+            return 0;
+        }
+    } while (PACKET_remaining(&protocol_list) != 0);
+
+    if (!PACKET_memdup(&save_protocol_list,
+                       &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
+        *al = TLS1_AD_INTERNAL_ERROR;
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Process the ALPN extension in a ClientHello.
+ * al: a pointer to the alert value to send in the event of a failure.
+ * returns 1 on success, 0 on error.
+ */
+static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
+{
+    const unsigned char *selected = NULL;
+    unsigned char selected_len = 0;
+
+    if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
+                                       s->s3->alpn_proposed,
+                                       s->s3->alpn_proposed_len,
+                                       s->ctx->alpn_select_cb_arg);
+
+        if (r == SSL_TLSEXT_ERR_OK) {
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+            if (s->s3->alpn_selected == NULL) {
+                *al = SSL_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            /* ALPN takes precedence over NPN. */
+            s->s3->next_proto_neg_seen = 0;
+#endif
+        } else if (r == SSL_TLSEXT_ERR_NOACK) {
+            /* Behave as if no callback was present. */
+            return 1;
+        } else {
+            *al = SSL_AD_NO_APPLICATION_PROTOCOL;
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |pkt|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const PACKET *pkt)
+{
+    unsigned int type;
+    PACKET sni, tmppkt;
+    size_t ext_len;
+
+    static const unsigned char kSafariExtensionsBlock[] = {
+        0x00, 0x0a,             /* elliptic_curves extension */
+        0x00, 0x08,             /* 8 bytes */
+        0x00, 0x06,             /* 6 bytes of curve ids */
+        0x00, 0x17,             /* P-256 */
+        0x00, 0x18,             /* P-384 */
+        0x00, 0x19,             /* P-521 */
+
+        0x00, 0x0b,             /* ec_point_formats */
+        0x00, 0x02,             /* 2 bytes */
+        0x01,                   /* 1 point format */
+        0x00,                   /* uncompressed */
+        /* The following is only present in TLS 1.2 */
+        0x00, 0x0d,             /* signature_algorithms */
+        0x00, 0x0c,             /* 12 bytes */
+        0x00, 0x0a,             /* 10 bytes */
+        0x05, 0x01,             /* SHA-384/RSA */
+        0x04, 0x01,             /* SHA-256/RSA */
+        0x02, 0x01,             /* SHA-1/RSA */
+        0x04, 0x03,             /* SHA-256/ECDSA */
+        0x02, 0x03,             /* SHA-1/ECDSA */
+    };
+
+    /* Length of the common prefix (first two extensions). */
+    static const size_t kSafariCommonExtensionsLength = 18;
+
+    tmppkt = *pkt;
+
+    if (!PACKET_forward(&tmppkt, 2)
+        || !PACKET_get_net_2(&tmppkt, &type)
+        || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {
+        return;
+    }
+
+    if (type != TLSEXT_TYPE_server_name)
+        return;
+
+    ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
+        sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
+
+    s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
+                                             ext_len);
+}
+#endif                          /* !OPENSSL_NO_EC */
+
+/*
+ * Parse ClientHello extensions and stash extension info in various parts of
+ * the SSL object. Verify that there are no duplicate extensions.
+ *
+ * Behaviour upon resumption is extension-specific. If the extension has no
+ * effect during resumption, it is parsed (to verify its format) but otherwise
+ * ignored.
+ *
+ * Consumes the entire packet in |pkt|. Returns 1 on success and 0 on failure.
+ * Upon failure, sets |al| to the appropriate alert.
+ */
+static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
+{
+    unsigned int type;
+    int renegotiate_seen = 0;
+    PACKET extensions;
+
+    *al = SSL_AD_DECODE_ERROR;
+    s->servername_done = 0;
+    s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->s3->next_proto_neg_seen = 0;
+#endif
+
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = NULL;
+    s->s3->alpn_selected_len = 0;
+    OPENSSL_free(s->s3->alpn_proposed);
+    s->s3->alpn_proposed = NULL;
+    s->s3->alpn_proposed_len = 0;
+#ifndef OPENSSL_NO_HEARTBEATS
+    s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
+                             SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
+#endif
+
+#ifndef OPENSSL_NO_EC
+    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+        ssl_check_for_safari(s, pkt);
+#endif                          /* !OPENSSL_NO_EC */
+
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = NULL;
+    s->tlsext_use_etm = 0;
+
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(s->srp_ctx.login);
+    s->srp_ctx.login = NULL;
+#endif
+
+    s->srtp_profile = NULL;
+
+    if (PACKET_remaining(pkt) == 0)
+        goto ri_check;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &extensions))
+        return 0;
+
+    if (!tls1_check_duplicate_extensions(&extensions))
+        return 0;
+
+    /*
+     * We parse all extensions to ensure the ClientHello is well-formed but,
+     * unless an extension specifies otherwise, we ignore extensions upon
+     * resumption.
+     */
+    while (PACKET_get_net_2(&extensions, &type)) {
+        PACKET extension;
+        if (!PACKET_get_length_prefixed_2(&extensions, &extension))
+            return 0;
+
+        if (s->tlsext_debug_cb)
+            s->tlsext_debug_cb(s, 0, type, PACKET_data(&extension),
+                               PACKET_remaining(&extension),
+                               s->tlsext_debug_arg);
+
+        if (type == TLSEXT_TYPE_renegotiate) {
+            if (!ssl_parse_clienthello_renegotiate_ext(s, &extension, al))
+                return 0;
+            renegotiate_seen = 1;
+        } else if (s->version == SSL3_VERSION) {
+        }
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ *   in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ *   to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ *   it is identical to a previously used for the same session.
+ *   Applications can control the behaviour.  They can at any time
+ *   set a 'desirable' servername for a new SSL object. This can be the
+ *   case for example with HTTPS when a Host: header field is received and
+ *   a renegotiation is requested. In this case, a possible servername
+ *   presented in the new client hello is only acknowledged if it matches
+ *   the value of the Host: field.
+ * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ *   if they provide for changing an explicit servername context for the
+ *   session, i.e. when the session has been established with a servername
+ *   extension.
+ * - On session reconnect, the servername extension may be absent.
+ *
+ */
+
+        else if (type == TLSEXT_TYPE_server_name) {
+            unsigned int servname_type;
+            PACKET sni, hostname;
+
+            if (!PACKET_as_length_prefixed_2(&extension, &sni)
+                /* ServerNameList must be at least 1 byte long. */
+                || PACKET_remaining(&sni) == 0) {
+                return 0;
+            }
+
+            /*
+             * Although the server_name extension was intended to be
+             * extensible to new name types, RFC 4366 defined the
+             * syntax inextensibility and OpenSSL 1.0.x parses it as
+             * such.
+             * RFC 6066 corrected the mistake but adding new name types
+             * is nevertheless no longer feasible, so act as if no other
+             * SNI types can exist, to simplify parsing.
+             *
+             * Also note that the RFC permits only one SNI value per type,
+             * i.e., we can only have a single hostname.
+             */
+            if (!PACKET_get_1(&sni, &servname_type)
+                || servname_type != TLSEXT_NAMETYPE_host_name
+                || !PACKET_as_length_prefixed_2(&sni, &hostname)) {
+                return 0;
+            }
+
+            if (!s->hit) {
+                if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
+                    *al = TLS1_AD_UNRECOGNIZED_NAME;
+                    return 0;
+                }
+
+                if (PACKET_contains_zero_byte(&hostname)) {
+                    *al = TLS1_AD_UNRECOGNIZED_NAME;
+                    return 0;
+                }
+
+                if (!PACKET_strndup(&hostname, &s->session->tlsext_hostname)) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+
+                s->servername_done = 1;
+            } else {
+                /*
+                 * TODO(openssl-team): if the SNI doesn't match, we MUST
+                 * fall back to a full handshake.
+                 */
+                s->servername_done = s->session->tlsext_hostname
+                    && PACKET_equal(&hostname, s->session->tlsext_hostname,
+                                    strlen(s->session->tlsext_hostname));
+            }
+        }
+#ifndef OPENSSL_NO_SRP
+        else if (type == TLSEXT_TYPE_srp) {
+            PACKET srp_I;
+
+            if (!PACKET_as_length_prefixed_1(&extension, &srp_I))
+                return 0;
+
+            if (PACKET_contains_zero_byte(&srp_I))
+                return 0;
+
+            /*
+             * TODO(openssl-team): currently, we re-authenticate the user
+             * upon resumption. Instead, we MUST ignore the login.
+             */
+            if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        }
+#endif
+
+#ifndef OPENSSL_NO_EC
+        else if (type == TLSEXT_TYPE_ec_point_formats) {
+            PACKET ec_point_format_list;
+
+            if (!PACKET_as_length_prefixed_1(&extension, &ec_point_format_list)
+                || PACKET_remaining(&ec_point_format_list) == 0) {
+                return 0;
+            }
+
+            if (!s->hit) {
+                if (!PACKET_memdup(&ec_point_format_list,
+                                   &s->session->tlsext_ecpointformatlist,
+                                   &s->
+                                   session->tlsext_ecpointformatlist_length)) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+            }
+        } else if (type == TLSEXT_TYPE_elliptic_curves) {
+            PACKET elliptic_curve_list;
+
+            /* Each NamedCurve is 2 bytes and we must have at least 1. */
+            if (!PACKET_as_length_prefixed_2(&extension, &elliptic_curve_list)
+                || PACKET_remaining(&elliptic_curve_list) == 0
+                || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) {
+                return 0;
+            }
+
+            if (!s->hit) {
+                if (!PACKET_memdup(&elliptic_curve_list,
+                                   &s->session->tlsext_ellipticcurvelist,
+                                   &s->
+                                   session->tlsext_ellipticcurvelist_length)) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+            }
+        }
+#endif                          /* OPENSSL_NO_EC */
+        else if (type == TLSEXT_TYPE_session_ticket) {
+            if (s->tls_session_ticket_ext_cb &&
+                !s->tls_session_ticket_ext_cb(s, PACKET_data(&extension),
+                                              PACKET_remaining(&extension),
+                                              s->tls_session_ticket_ext_cb_arg))
+            {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        } else if (type == TLSEXT_TYPE_signature_algorithms) {
+            PACKET supported_sig_algs;
+
+            if (!PACKET_as_length_prefixed_2(&extension, &supported_sig_algs)
+                || (PACKET_remaining(&supported_sig_algs) % 2) != 0
+                || PACKET_remaining(&supported_sig_algs) == 0) {
+                return 0;
+            }
+
+            if (!s->hit) {
+                if (!tls1_save_sigalgs(s, PACKET_data(&supported_sig_algs),
+                                       PACKET_remaining(&supported_sig_algs))) {
+                    return 0;
+                }
+            }
+        } else if (type == TLSEXT_TYPE_status_request) {
+            if (!PACKET_get_1(&extension,
+                              (unsigned int *)&s->tlsext_status_type)) {
+                return 0;
+            }
+#ifndef OPENSSL_NO_OCSP
+            if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
+                const unsigned char *ext_data;
+                PACKET responder_id_list, exts;
+                if (!PACKET_get_length_prefixed_2
+                    (&extension, &responder_id_list))
+                    return 0;
+
+                /*
+                 * We remove any OCSP_RESPIDs from a previous handshake
+                 * to prevent unbounded memory growth - CVE-2016-6304
+                 */
+                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
+                                        OCSP_RESPID_free);
+                if (PACKET_remaining(&responder_id_list) > 0) {
+                    s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
+                    if (s->tlsext_ocsp_ids == NULL) {
+                        *al = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                    }
+                } else {
+                    s->tlsext_ocsp_ids = NULL;
+                }
+
+                while (PACKET_remaining(&responder_id_list) > 0) {
+                    OCSP_RESPID *id;
+                    PACKET responder_id;
+                    const unsigned char *id_data;
+
+                    if (!PACKET_get_length_prefixed_2(&responder_id_list,
+                                                      &responder_id)
+                        || PACKET_remaining(&responder_id) == 0) {
+                        return 0;
+                    }
+
+                    id_data = PACKET_data(&responder_id);
+                    id = d2i_OCSP_RESPID(NULL, &id_data,
+                                         PACKET_remaining(&responder_id));
+                    if (id == NULL)
+                        return 0;
+
+                    if (id_data != PACKET_end(&responder_id)) {
+                        OCSP_RESPID_free(id);
+                        return 0;
+                    }
+
+                    if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
+                        OCSP_RESPID_free(id);
+                        *al = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                    }
+                }
+
+                /* Read in request_extensions */
+                if (!PACKET_as_length_prefixed_2(&extension, &exts))
+                    return 0;
+
+                if (PACKET_remaining(&exts) > 0) {
+                    ext_data = PACKET_data(&exts);
+                    sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                               X509_EXTENSION_free);
+                    s->tlsext_ocsp_exts =
+                        d2i_X509_EXTENSIONS(NULL, &ext_data,
+                                            PACKET_remaining(&exts));
+                    if (s->tlsext_ocsp_exts == NULL
+                        || ext_data != PACKET_end(&exts)) {
+                        return 0;
+                    }
+                }
+            } else
+#endif
+            {
+                /*
+                 * We don't know what to do with any other type so ignore it.
+                 */
+                s->tlsext_status_type = -1;
+            }
+        }
+#ifndef OPENSSL_NO_HEARTBEATS
+        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) {
+            unsigned int hbtype;
+
+            if (!PACKET_get_1(&extension, &hbtype)
+                || PACKET_remaining(&extension)) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+            switch (hbtype) {
+            case 0x01:         /* Client allows us to send HB requests */
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
+                break;
+            case 0x02:         /* Client doesn't accept HB requests */
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
+                break;
+            default:
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        else if (type == TLSEXT_TYPE_next_proto_neg &&
+                 s->s3->tmp.finish_md_len == 0) {
+            /*-
+             * We shouldn't accept this extension on a
+             * renegotiation.
+             *
+             * s->new_session will be set on renegotiation, but we
+             * probably shouldn't rely that it couldn't be set on
+             * the initial renegotiation too in certain cases (when
+             * there's some other reason to disallow resuming an
+             * earlier session -- the current code won't be doing
+             * anything like that, but this might change).
+             *
+             * A valid sign that there's been a previous handshake
+             * in this connection is if s->s3->tmp.finish_md_len >
+             * 0.  (We are talking about a check that will happen
+             * in the Hello protocol round, well before a new
+             * Finished message could have been computed.)
+             */
+            s->s3->next_proto_neg_seen = 1;
+        }
+#endif
+
+        else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
+                 s->s3->tmp.finish_md_len == 0) {
+            if (!tls1_alpn_handle_client_hello(s, &extension, al))
+                return 0;
+        }
+
+        /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
+        else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
+                 && type == TLSEXT_TYPE_use_srtp) {
+            if (ssl_parse_clienthello_use_srtp_ext(s, &extension, al))
+                return 0;
+        }
+#endif
+        else if (type == TLSEXT_TYPE_encrypt_then_mac &&
+                 !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
+            s->tlsext_use_etm = 1;
+        /*
+         * Note: extended master secret extension handled in
+         * tls_check_serverhello_tlsext_early()
+         */
+
+        /*
+         * If this ClientHello extension was unhandled and this is a
+         * nonresumed connection, check whether the extension is a custom
+         * TLS Extension (has a custom_srv_ext_record), and if so call the
+         * callback and record the extension number so that an appropriate
+         * ServerHello may be later returned.
+         */
+        else if (!s->hit) {
+            if (custom_ext_parse(s, 1, type, PACKET_data(&extension),
+                                 PACKET_remaining(&extension), al) <= 0)
+                return 0;
+        }
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        /*
+         * tls1_check_duplicate_extensions should ensure this never happens.
+         */
+        *al = SSL_AD_INTERNAL_ERROR;
+        return 0;
+    }
+
+ ri_check:
+
+    /* Need RI if renegotiating */
+
+    if (!renegotiate_seen && s->renegotiate &&
+        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT,
+               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+    /*
+     * This function currently has no state to clean up, so it returns directly.
+     * If parsing fails at any point, the function returns early.
+     * The SSL object may be left with partial data from extensions, but it must
+     * then no longer be used, and clearing it up will free the leftovers.
+     */
+    return 1;
+}
+
+int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt)
+{
+    int al = -1;
+    custom_ext_init(&s->cert->srv_ext);
+    if (ssl_scan_clienthello_tlsext(s, pkt, &al) <= 0) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return 0;
+    }
+    if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_CLIENTHELLO_TLSEXT);
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+ * elements of zero length are allowed and the set of elements must exactly
+ * fill the length of the block.
+ */
+static char ssl_next_proto_validate(PACKET *pkt)
+{
+    PACKET tmp_protocol;
+
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
+            || PACKET_remaining(&tmp_protocol) == 0)
+            return 0;
+    }
+
+    return 1;
+}
+#endif
+
+static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
+{
+    unsigned int length, type, size;
+    int tlsext_servername = 0;
+    int renegotiate_seen = 0;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->s3->next_proto_neg_seen = 0;
+#endif
+    s->tlsext_ticket_expected = 0;
+
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = NULL;
+#ifndef OPENSSL_NO_HEARTBEATS
+    s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
+                             SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
+#endif
+
+    s->tlsext_use_etm = 0;
+
+    s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+
+    if (!PACKET_get_net_2(pkt, &length))
+        goto ri_check;
+
+    if (PACKET_remaining(pkt) != length) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    if (!tls1_check_duplicate_extensions(pkt)) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) {
+        const unsigned char *data;
+        PACKET spkt;
+
+        if (!PACKET_get_sub_packet(pkt, &spkt, size)
+            || !PACKET_peek_bytes(&spkt, &data, size))
+            goto ri_check;
+
+        if (s->tlsext_debug_cb)
+            s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg);
+
+        if (type == TLSEXT_TYPE_renegotiate) {
+            if (!ssl_parse_serverhello_renegotiate_ext(s, &spkt, al))
+                return 0;
+            renegotiate_seen = 1;
+        } else if (s->version == SSL3_VERSION) {
+        } else if (type == TLSEXT_TYPE_server_name) {
+            if (s->tlsext_hostname == NULL || size > 0) {
+                *al = TLS1_AD_UNRECOGNIZED_NAME;
+                return 0;
+            }
+            tlsext_servername = 1;
+        }
+#ifndef OPENSSL_NO_EC
+        else if (type == TLSEXT_TYPE_ec_point_formats) {
+            unsigned int ecpointformatlist_length;
+            if (!PACKET_get_1(&spkt, &ecpointformatlist_length)
+                || ecpointformatlist_length != size - 1) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            if (!s->hit) {
+                s->session->tlsext_ecpointformatlist_length = 0;
+                OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                if ((s->session->tlsext_ecpointformatlist =
+                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+                s->session->tlsext_ecpointformatlist_length =
+                    ecpointformatlist_length;
+                if (!PACKET_copy_bytes(&spkt,
+                                       s->session->tlsext_ecpointformatlist,
+                                       ecpointformatlist_length)) {
+                    *al = TLS1_AD_DECODE_ERROR;
+                    return 0;
+                }
+
+            }
+        }
+#endif                          /* OPENSSL_NO_EC */
+
+        else if (type == TLSEXT_TYPE_session_ticket) {
+            if (s->tls_session_ticket_ext_cb &&
+                !s->tls_session_ticket_ext_cb(s, data, size,
+                                              s->tls_session_ticket_ext_cb_arg))
+            {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            if (!tls_use_ticket(s) || (size > 0)) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            s->tlsext_ticket_expected = 1;
+        } else if (type == TLSEXT_TYPE_status_request) {
+            /*
+             * MUST be empty and only sent if we've requested a status
+             * request message.
+             */
+            if ((s->tlsext_status_type == -1) || (size > 0)) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            /* Set flag to expect CertificateStatus message */
+            s->tlsext_status_expected = 1;
+        }
+#ifndef OPENSSL_NO_CT
+        /*
+         * Only take it if we asked for it - i.e if there is no CT validation
+         * callback set, then a custom extension MAY be processing it, so we
+         * need to let control continue to flow to that.
+         */
+        else if (type == TLSEXT_TYPE_signed_certificate_timestamp &&
+                 s->ct_validation_callback != NULL) {
+            /* Simply copy it off for later processing */
+            if (s->tlsext_scts != NULL) {
+                OPENSSL_free(s->tlsext_scts);
+                s->tlsext_scts = NULL;
+            }
+            s->tlsext_scts_len = size;
+            if (size > 0) {
+                s->tlsext_scts = OPENSSL_malloc(size);
+                if (s->tlsext_scts == NULL) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+                memcpy(s->tlsext_scts, data, size);
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        else if (type == TLSEXT_TYPE_next_proto_neg &&
+                 s->s3->tmp.finish_md_len == 0) {
+            unsigned char *selected;
+            unsigned char selected_len;
+            /* We must have requested it. */
+            if (s->ctx->next_proto_select_cb == NULL) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            /* The data must be valid */
+            if (!ssl_next_proto_validate(&spkt)) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data,
+                                             size,
+                                             s->
+                                             ctx->next_proto_select_cb_arg) !=
+                SSL_TLSEXT_ERR_OK) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            /*
+             * Could be non-NULL if server has sent multiple NPN extensions in
+             * a single Serverhello
+             */
+            OPENSSL_free(s->next_proto_negotiated);
+            s->next_proto_negotiated = OPENSSL_malloc(selected_len);
+            if (s->next_proto_negotiated == NULL) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            memcpy(s->next_proto_negotiated, selected, selected_len);
+            s->next_proto_negotiated_len = selected_len;
+            s->s3->next_proto_neg_seen = 1;
+        }
+#endif
+
+        else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) {
+            unsigned len;
+            /* We must have requested it. */
+            if (!s->s3->alpn_sent) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            /*-
+             * The extension data consists of:
+             *   uint16 list_length
+             *   uint8 proto_length;
+             *   uint8 proto[proto_length];
+             */
+            if (!PACKET_get_net_2(&spkt, &len)
+                || PACKET_remaining(&spkt) != len || !PACKET_get_1(&spkt, &len)
+                || PACKET_remaining(&spkt) != len) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_malloc(len);
+            if (s->s3->alpn_selected == NULL) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            if (!PACKET_copy_bytes(&spkt, s->s3->alpn_selected, len)) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            s->s3->alpn_selected_len = len;
+        }
+#ifndef OPENSSL_NO_HEARTBEATS
+        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) {
+            unsigned int hbtype;
+            if (!PACKET_get_1(&spkt, &hbtype)) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+            switch (hbtype) {
+            case 0x01:         /* Server allows us to send HB requests */
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
+                break;
+            case 0x02:         /* Server doesn't accept HB requests */
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
+                s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
+                break;
+            default:
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_SRTP
+        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
+            if (ssl_parse_serverhello_use_srtp_ext(s, &spkt, al))
+                return 0;
+        }
+#endif
+        else if (type == TLSEXT_TYPE_encrypt_then_mac) {
+            /* Ignore if inappropriate ciphersuite */
+            if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) &&
+                s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+                && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
+                s->tlsext_use_etm = 1;
+        } else if (type == TLSEXT_TYPE_extended_master_secret) {
+            s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+            if (!s->hit)
+                s->session->flags |= SSL_SESS_FLAG_EXTMS;
+        }
+        /*
+         * If this extension type was not otherwise handled, but matches a
+         * custom_cli_ext_record, then send it to the c callback
+         */
+        else if (custom_ext_parse(s, 0, type, data, size, al) <= 0)
+            return 0;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    if (!s->hit && tlsext_servername == 1) {
+        if (s->tlsext_hostname) {
+            if (s->session->tlsext_hostname == NULL) {
+                s->session->tlsext_hostname =
+                    OPENSSL_strdup(s->tlsext_hostname);
+                if (!s->session->tlsext_hostname) {
+                    *al = SSL_AD_UNRECOGNIZED_NAME;
+                    return 0;
+                }
+            } else {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+        }
+    }
+
+ ri_check:
+
+    /*
+     * Determine if we need to see RI. Strictly speaking if we want to avoid
+     * an attack we should *always* see RI even on initial server hello
+     * because the client doesn't see any renegotiation during an attack.
+     * However this would mean we could not connect to any server which
+     * doesn't support RI so for the immediate future tolerate RI absence
+     */
+    if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+        && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT,
+               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+    if (s->hit) {
+        /*
+         * Check extended master secret extension is consistent with
+         * original session.
+         */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
+            !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
+            *al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int ssl_prepare_clienthello_tlsext(SSL *s)
+{
+    s->s3->alpn_sent = 0;
+    return 1;
+}
+
+int ssl_prepare_serverhello_tlsext(SSL *s)
+{
+    return 1;
+}
+
+static int ssl_check_clienthello_tlsext_early(SSL *s)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+#ifndef OPENSSL_NO_EC
+    /*
+     * The handling of the ECPointFormats extension is done elsewhere, namely
+     * in ssl3_choose_cipher in s3_lib.c.
+     */
+    /*
+     * The handling of the EllipticCurves extension is done elsewhere, namely
+     * in ssl3_choose_cipher in s3_lib.c.
+     */
+#endif
+
+    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+        ret =
+            s->ctx->tlsext_servername_callback(s, &al,
+                                               s->ctx->tlsext_servername_arg);
+    else if (s->session_ctx != NULL
+             && s->session_ctx->tlsext_servername_callback != 0)
+        ret =
+            s->session_ctx->tlsext_servername_callback(s, &al,
+                                                       s->
+                                                       session_ctx->tlsext_servername_arg);
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        ssl3_send_alert(s, SSL3_AL_WARNING, al);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        /* fall thru */
+    default:
+        return 1;
+    }
+}
+
+/* Initialise digests to default values */
+void ssl_set_default_md(SSL *s)
+{
+    const EVP_MD **pmd = s->s3->tmp.md;
+#ifndef OPENSSL_NO_DSA
+    pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (SSL_USE_SIGALGS(s))
+        pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);
+    else
+        pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX);
+    pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
+#endif
+#ifndef OPENSSL_NO_EC
+    pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX);
+#endif
+#ifndef OPENSSL_NO_GOST
+    pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX);
+    pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX);
+    pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX);
+#endif
+}
+
+int tls1_set_server_sigalgs(SSL *s)
+{
+    int al;
+    size_t i;
+
+    /* Clear any shared signature algorithms */
+    OPENSSL_free(s->cert->shared_sigalgs);
+    s->cert->shared_sigalgs = NULL;
+    s->cert->shared_sigalgslen = 0;
+    /* Clear certificate digests and validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        s->s3->tmp.md[i] = NULL;
+        s->s3->tmp.valid_flags[i] = 0;
+    }
+
+    /* If sigalgs received process it. */
+    if (s->s3->tmp.peer_sigalgs) {
+        if (!tls1_process_sigalgs(s)) {
+            SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto err;
+        }
+        /* Fatal error is no shared signature algorithms */
+        if (!s->cert->shared_sigalgs) {
+            SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
+                   SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            goto err;
+        }
+    } else {
+        ssl_set_default_md(s);
+    }
+    return 1;
+ err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return 0;
+}
+
+/*
+ * Upon success, returns 1.
+ * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
+ */
+int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
+{
+    s->tlsext_status_expected = 0;
+
+    /*
+     * If status request then ask callback what to do. Note: this must be
+     * called after servername callbacks in case the certificate has changed,
+     * and must be called after the cipher has been chosen because this may
+     * influence which certificate is sent
+     */
+    if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
+        int ret;
+        CERT_PKEY *certpkey;
+        certpkey = ssl_get_server_send_pkey(s);
+        /* If no certificate can't return certificate status */
+        if (certpkey != NULL) {
+            /*
+             * Set current certificate to one we will use so SSL_get_certificate
+             * et al can pick it up.
+             */
+            s->cert->key = certpkey;
+            ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+            switch (ret) {
+                /* We don't want to send a status request response */
+            case SSL_TLSEXT_ERR_NOACK:
+                s->tlsext_status_expected = 0;
+                break;
+                /* status request response should be sent */
+            case SSL_TLSEXT_ERR_OK:
+                if (s->tlsext_ocsp_resp)
+                    s->tlsext_status_expected = 1;
+                break;
+                /* something bad happened */
+            case SSL_TLSEXT_ERR_ALERT_FATAL:
+            default:
+                *al = SSL_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        }
+    }
+
+    if (!tls1_alpn_handle_client_hello_late(s, al)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl_check_serverhello_tlsext(SSL *s)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+#ifndef OPENSSL_NO_EC
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, then if server returns an EC point formats lists extension it
+     * must contain uncompressed.
+     */
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if ((s->tlsext_ecpointformatlist != NULL)
+        && (s->tlsext_ecpointformatlist_length > 0)
+        && (s->session->tlsext_ecpointformatlist != NULL)
+        && (s->session->tlsext_ecpointformatlist_length > 0)
+        && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+        /* we are using an ECC cipher */
+        size_t i;
+        unsigned char *list;
+        int found_uncompressed = 0;
+        list = s->session->tlsext_ecpointformatlist;
+        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
+            if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
+                found_uncompressed = 1;
+                break;
+            }
+        }
+        if (!found_uncompressed) {
+            SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,
+                   SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+            return -1;
+        }
+    }
+    ret = SSL_TLSEXT_ERR_OK;
+#endif                          /* OPENSSL_NO_EC */
+
+    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+        ret =
+            s->ctx->tlsext_servername_callback(s, &al,
+                                               s->ctx->tlsext_servername_arg);
+    else if (s->session_ctx != NULL
+             && s->session_ctx->tlsext_servername_callback != 0)
+        ret =
+            s->session_ctx->tlsext_servername_callback(s, &al,
+                                                       s->
+                                                       session_ctx->tlsext_servername_arg);
+
+    /*
+     * Ensure we get sensible values passed to tlsext_status_cb in the event
+     * that we don't receive a status message
+     */
+    OPENSSL_free(s->tlsext_ocsp_resp);
+    s->tlsext_ocsp_resp = NULL;
+    s->tlsext_ocsp_resplen = -1;
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        ssl3_send_alert(s, SSL3_AL_WARNING, al);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        /* fall thru */
+    default:
+        return 1;
+    }
+}
+
+int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt)
+{
+    int al = -1;
+    if (s->version < SSL3_VERSION)
+        return 1;
+    if (ssl_scan_serverhello_tlsext(s, pkt, &al) <= 0) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return 0;
+    }
+
+    if (ssl_check_serverhello_tlsext(s) <= 0) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_SERVERHELLO_TLSEXT);
+        return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Since the server cache lookup is done early on in the processing of the
+ * ClientHello and other operations depend on the result some extensions
+ * need to be handled at the same time.
+ *
+ * Two extensions are currently handled, session ticket and extended master
+ * secret.
+ *
+ *   session_id: ClientHello session ID.
+ *   ext: ClientHello extensions (including length prefix)
+ *   ret: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
+ * ciphersuite, in which case we have no use for session tickets and one will
+ * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
+ *
+ * Returns:
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    0: no ticket was found (or was ignored, based on settings).
+ *    1: a zero length extension was found, indicating that the client supports
+ *       session tickets but doesn't currently have one to offer.
+ *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
+ *       couldn't be decrypted because of a non-fatal error.
+ *    3: a ticket was successfully decrypted and *ret was set.
+ *
+ * Side effects:
+ *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->tlsext_ticket_expected is set to 0.
+ *
+ *   For extended master secret flag is set if the extension is present.
+ *
+ */
+int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
+                                       const PACKET *session_id,
+                                       SSL_SESSION **ret)
+{
+    unsigned int i;
+    PACKET local_ext = *ext;
+    int retv = -1;
+
+    int have_ticket = 0;
+    int use_ticket = tls_use_ticket(s);
+
+    *ret = NULL;
+    s->tlsext_ticket_expected = 0;
+    s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+
+    /*
+     * If tickets disabled behave as if no ticket present to permit stateful
+     * resumption.
+     */
+    if ((s->version <= SSL3_VERSION))
+        return 0;
+
+    if (!PACKET_get_net_2(&local_ext, &i)) {
+        retv = 0;
+        goto end;
+    }
+    while (PACKET_remaining(&local_ext) >= 4) {
+        unsigned int type, size;
+
+        if (!PACKET_get_net_2(&local_ext, &type)
+            || !PACKET_get_net_2(&local_ext, &size)) {
+            /* Shouldn't ever happen */
+            retv = -1;
+            goto end;
+        }
+        if (PACKET_remaining(&local_ext) < size) {
+            retv = 0;
+            goto end;
+        }
+        if (type == TLSEXT_TYPE_session_ticket && use_ticket) {
+            int r;
+            const unsigned char *etick;
+
+            /* Duplicate extension */
+            if (have_ticket != 0) {
+                retv = -1;
+                goto end;
+            }
+            have_ticket = 1;
+
+            if (size == 0) {
+                /*
+                 * The client will accept a ticket but doesn't currently have
+                 * one.
+                 */
+                s->tlsext_ticket_expected = 1;
+                retv = 1;
+                continue;
+            }
+            if (s->tls_session_secret_cb) {
+                /*
+                 * Indicate that the ticket couldn't be decrypted rather than
+                 * generating the session from ticket now, trigger
+                 * abbreviated handshake based on external mechanism to
+                 * calculate the master secret later.
+                 */
+                retv = 2;
+                continue;
+            }
+            if (!PACKET_get_bytes(&local_ext, &etick, size)) {
+                /* Shouldn't ever happen */
+                retv = -1;
+                goto end;
+            }
+            r = tls_decrypt_ticket(s, etick, size, PACKET_data(session_id),
+                                   PACKET_remaining(session_id), ret);
+            switch (r) {
+            case 2:            /* ticket couldn't be decrypted */
+                s->tlsext_ticket_expected = 1;
+                retv = 2;
+                break;
+            case 3:            /* ticket was decrypted */
+                retv = r;
+                break;
+            case 4:            /* ticket decrypted but need to renew */
+                s->tlsext_ticket_expected = 1;
+                retv = 3;
+                break;
+            default:           /* fatal error */
+                retv = -1;
+                break;
+            }
+            continue;
+        } else {
+            if (type == TLSEXT_TYPE_extended_master_secret)
+                s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+            if (!PACKET_forward(&local_ext, size)) {
+                retv = -1;
+                goto end;
+            }
+        }
+    }
+    if (have_ticket == 0)
+        retv = 0;
+ end:
+    return retv;
+}
+
+/*-
+ * tls_decrypt_ticket attempts to decrypt a session ticket.
+ *
+ *   etick: points to the body of the session ticket extension.
+ *   eticklen: the length of the session tickets extension.
+ *   sess_id: points at the session ID.
+ *   sesslen: the length of the session ID.
+ *   psess: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * Returns:
+ *   -2: fatal error, malloc failure.
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    2: the ticket couldn't be decrypted.
+ *    3: a ticket was successfully decrypted and *psess was set.
+ *    4: same as 3, but the ticket needs to be renewed.
+ */
+static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                              int eticklen, const unsigned char *sess_id,
+                              int sesslen, SSL_SESSION **psess)
+{
+    SSL_SESSION *sess;
+    unsigned char *sdec;
+    const unsigned char *p;
+    int slen, mlen, renew_ticket = 0, ret = -1;
+    unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+    HMAC_CTX *hctx = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    SSL_CTX *tctx = s->session_ctx;
+
+    /* Need at least keyname + iv */
+    if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
+        ret = 2;
+        goto err;
+    }
+
+    /* Initialize session ticket encryption and HMAC contexts */
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL)
+        return -2;
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) {
+        ret = -2;
+        goto err;
+    }
+    if (tctx->tlsext_ticket_key_cb) {
+        unsigned char *nctick = (unsigned char *)etick;
+        int rv = tctx->tlsext_ticket_key_cb(s, nctick,
+                                            nctick + TLSEXT_KEYNAME_LENGTH,
+                                            ctx, hctx, 0);
+        if (rv < 0)
+            goto err;
+        if (rv == 0) {
+            ret = 2;
+            goto err;
+        }
+        if (rv == 2)
+            renew_ticket = 1;
+    } else {
+        /* Check key name matches */
+        if (memcmp(etick, tctx->tlsext_tick_key_name,
+                   TLSEXT_KEYNAME_LENGTH) != 0) {
+            ret = 2;
+            goto err;
+        }
+        if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
+                         sizeof(tctx->tlsext_tick_hmac_key),
+                         EVP_sha256(), NULL) <= 0
+            || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+                                  tctx->tlsext_tick_aes_key,
+                                  etick + TLSEXT_KEYNAME_LENGTH) <= 0) {
+            goto err;
+        }
+    }
+    /*
+     * Attempt to process session ticket, first conduct sanity and integrity
+     * checks on ticket.
+     */
+    mlen = HMAC_size(hctx);
+    if (mlen < 0) {
+        goto err;
+    }
+    /* Sanity check ticket length: must exceed keyname + IV + HMAC */
+    if (eticklen <=
+        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+        ret = 2;
+        goto err;
+    }
+    eticklen -= mlen;
+    /* Check HMAC of encrypted ticket */
+    if (HMAC_Update(hctx, etick, eticklen) <= 0
+        || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
+        goto err;
+    }
+    HMAC_CTX_free(hctx);
+    if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+        EVP_CIPHER_CTX_free(ctx);
+        return 2;
+    }
+    /* Attempt to decrypt session data */
+    /* Move p after IV to start of encrypted ticket, update length */
+    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    sdec = OPENSSL_malloc(eticklen);
+    if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        OPENSSL_free(sdec);
+        return -1;
+    }
+    if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        OPENSSL_free(sdec);
+        return 2;
+    }
+    slen += mlen;
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+    p = sdec;
+
+    sess = d2i_SSL_SESSION(NULL, &p, slen);
+    slen -= p - sdec;
+    OPENSSL_free(sdec);
+    if (sess) {
+        /* Some additional consistency checks */
+        if (slen != 0 || sess->session_id_length != 0) {
+            SSL_SESSION_free(sess);
+            return 2;
+        }
+        /*
+         * The session ID, if non-empty, is used by some clients to detect
+         * that the ticket has been accepted. So we copy it to the session
+         * structure. If it is empty set length to zero as required by
+         * standard.
+         */
+        if (sesslen)
+            memcpy(sess->session_id, sess_id, sesslen);
+        sess->session_id_length = sesslen;
+        *psess = sess;
+        if (renew_ticket)
+            return 4;
+        else
+            return 3;
+    }
+    ERR_clear_error();
+    /*
+     * For session parse failure, indicate that we need to send a new ticket.
+     */
+    return 2;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    return ret;
+}
+
+/* Tables to translate from NIDs to TLS v1.2 ids */
+
+typedef struct {
+    int nid;
+    int id;
+} tls12_lookup;
+
+static const tls12_lookup tls12_md[] = {
+    {NID_md5, TLSEXT_hash_md5},
+    {NID_sha1, TLSEXT_hash_sha1},
+    {NID_sha224, TLSEXT_hash_sha224},
+    {NID_sha256, TLSEXT_hash_sha256},
+    {NID_sha384, TLSEXT_hash_sha384},
+    {NID_sha512, TLSEXT_hash_sha512},
+    {NID_id_GostR3411_94, TLSEXT_hash_gostr3411},
+    {NID_id_GostR3411_2012_256, TLSEXT_hash_gostr34112012_256},
+    {NID_id_GostR3411_2012_512, TLSEXT_hash_gostr34112012_512},
+};
+
+static const tls12_lookup tls12_sig[] = {
+    {EVP_PKEY_RSA, TLSEXT_signature_rsa},
+    {EVP_PKEY_DSA, TLSEXT_signature_dsa},
+    {EVP_PKEY_EC, TLSEXT_signature_ecdsa},
+    {NID_id_GostR3410_2001, TLSEXT_signature_gostr34102001},
+    {NID_id_GostR3410_2012_256, TLSEXT_signature_gostr34102012_256},
+    {NID_id_GostR3410_2012_512, TLSEXT_signature_gostr34102012_512}
+};
+
+static int tls12_find_id(int nid, const tls12_lookup *table, size_t tlen)
+{
+    size_t i;
+    for (i = 0; i < tlen; i++) {
+        if (table[i].nid == nid)
+            return table[i].id;
+    }
+    return -1;
+}
+
+static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen)
+{
+    size_t i;
+    for (i = 0; i < tlen; i++) {
+        if ((table[i].id) == id)
+            return table[i].nid;
+    }
+    return NID_undef;
+}
+
+int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
+{
+    int sig_id, md_id;
+    if (!md)
+        return 0;
+    md_id = tls12_find_id(EVP_MD_type(md), tls12_md, OSSL_NELEM(tls12_md));
+    if (md_id == -1)
+        return 0;
+    sig_id = tls12_get_sigid(pk);
+    if (sig_id == -1)
+        return 0;
+    p[0] = (unsigned char)md_id;
+    p[1] = (unsigned char)sig_id;
+    return 1;
+}
+
+int tls12_get_sigid(const EVP_PKEY *pk)
+{
+    return tls12_find_id(EVP_PKEY_id(pk), tls12_sig, OSSL_NELEM(tls12_sig));
+}
+
+typedef struct {
+    int nid;
+    int secbits;
+    int md_idx;
+    unsigned char tlsext_hash;
+} tls12_hash_info;
+
+static const tls12_hash_info tls12_md_info[] = {
+    {NID_md5, 64, SSL_MD_MD5_IDX, TLSEXT_hash_md5},
+    {NID_sha1, 80, SSL_MD_SHA1_IDX, TLSEXT_hash_sha1},
+    {NID_sha224, 112, SSL_MD_SHA224_IDX, TLSEXT_hash_sha224},
+    {NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256},
+    {NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384},
+    {NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512},
+    {NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
+    {NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX,
+     TLSEXT_hash_gostr34112012_256},
+    {NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX,
+     TLSEXT_hash_gostr34112012_512},
+};
+
+static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
+{
+    unsigned int i;
+    if (hash_alg == 0)
+        return NULL;
+
+    for (i = 0; i < OSSL_NELEM(tls12_md_info); i++) {
+        if (tls12_md_info[i].tlsext_hash == hash_alg)
+            return tls12_md_info + i;
+    }
+
+    return NULL;
+}
+
+const EVP_MD *tls12_get_hash(unsigned char hash_alg)
+{
+    const tls12_hash_info *inf;
+    if (hash_alg == TLSEXT_hash_md5 && FIPS_mode())
+        return NULL;
+    inf = tls12_get_hash_info(hash_alg);
+    if (!inf)
+        return NULL;
+    return ssl_md(inf->md_idx);
+}
+
+static int tls12_get_pkey_idx(unsigned char sig_alg)
+{
+    switch (sig_alg) {
+#ifndef OPENSSL_NO_RSA
+    case TLSEXT_signature_rsa:
+        return SSL_PKEY_RSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_DSA
+    case TLSEXT_signature_dsa:
+        return SSL_PKEY_DSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_EC
+    case TLSEXT_signature_ecdsa:
+        return SSL_PKEY_ECC;
+#endif
+#ifndef OPENSSL_NO_GOST
+    case TLSEXT_signature_gostr34102001:
+        return SSL_PKEY_GOST01;
+
+    case TLSEXT_signature_gostr34102012_256:
+        return SSL_PKEY_GOST12_256;
+
+    case TLSEXT_signature_gostr34102012_512:
+        return SSL_PKEY_GOST12_512;
+#endif
+    }
+    return -1;
+}
+
+/* Convert TLS 1.2 signature algorithm extension values into NIDs */
+static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
+                               int *psignhash_nid, const unsigned char *data)
+{
+    int sign_nid = NID_undef, hash_nid = NID_undef;
+    if (!phash_nid && !psign_nid && !psignhash_nid)
+        return;
+    if (phash_nid || psignhash_nid) {
+        hash_nid = tls12_find_nid(data[0], tls12_md, OSSL_NELEM(tls12_md));
+        if (phash_nid)
+            *phash_nid = hash_nid;
+    }
+    if (psign_nid || psignhash_nid) {
+        sign_nid = tls12_find_nid(data[1], tls12_sig, OSSL_NELEM(tls12_sig));
+        if (psign_nid)
+            *psign_nid = sign_nid;
+    }
+    if (psignhash_nid) {
+        if (sign_nid == NID_undef || hash_nid == NID_undef
+            || OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid) <= 0)
+            *psignhash_nid = NID_undef;
+    }
+}
+
+/* Check to see if a signature algorithm is allowed */
+static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
+{
+    /* See if we have an entry in the hash table and it is enabled */
+    const tls12_hash_info *hinf = tls12_get_hash_info(ptmp[0]);
+    if (hinf == NULL || ssl_md(hinf->md_idx) == NULL)
+        return 0;
+    /* See if public key algorithm allowed */
+    if (tls12_get_pkey_idx(ptmp[1]) == -1)
+        return 0;
+    /* Finally see if security callback allows it */
+    return ssl_security(s, op, hinf->secbits, hinf->nid, (void *)ptmp);
+}
+
+/*
+ * Get a mask of disabled public key algorithms based on supported signature
+ * algorithms. For example if no signature algorithm supports RSA then RSA is
+ * disabled.
+ */
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
+{
+    const unsigned char *sigalgs;
+    size_t i, sigalgslen;
+    int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
+    /*
+     * Now go through all signature algorithms seeing if we support any for
+     * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
+     * down calls to security callback only check if we have to.
+     */
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
+    for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
+        switch (sigalgs[1]) {
+#ifndef OPENSSL_NO_RSA
+        case TLSEXT_signature_rsa:
+            if (!have_rsa && tls12_sigalg_allowed(s, op, sigalgs))
+                have_rsa = 1;
+            break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case TLSEXT_signature_dsa:
+            if (!have_dsa && tls12_sigalg_allowed(s, op, sigalgs))
+                have_dsa = 1;
+            break;
+#endif
+#ifndef OPENSSL_NO_EC
+        case TLSEXT_signature_ecdsa:
+            if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
+                have_ecdsa = 1;
+            break;
+#endif
+        }
+    }
+    if (!have_rsa)
+        *pmask_a |= SSL_aRSA;
+    if (!have_dsa)
+        *pmask_a |= SSL_aDSS;
+    if (!have_ecdsa)
+        *pmask_a |= SSL_aECDSA;
+}
+
+size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
+                          const unsigned char *psig, size_t psiglen)
+{
+    unsigned char *tmpout = out;
+    size_t i;
+    for (i = 0; i < psiglen; i += 2, psig += 2) {
+        if (tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, psig)) {
+            *tmpout++ = psig[0];
+            *tmpout++ = psig[1];
+        }
+    }
+    return tmpout - out;
+}
+
+/* Given preference and allowed sigalgs set shared sigalgs */
+static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig,
+                                const unsigned char *pref, size_t preflen,
+                                const unsigned char *allow, size_t allowlen)
+{
+    const unsigned char *ptmp, *atmp;
+    size_t i, j, nmatch = 0;
+    for (i = 0, ptmp = pref; i < preflen; i += 2, ptmp += 2) {
+        /* Skip disabled hashes or signature algorithms */
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, ptmp))
+            continue;
+        for (j = 0, atmp = allow; j < allowlen; j += 2, atmp += 2) {
+            if (ptmp[0] == atmp[0] && ptmp[1] == atmp[1]) {
+                nmatch++;
+                if (shsig) {
+                    shsig->rhash = ptmp[0];
+                    shsig->rsign = ptmp[1];
+                    tls1_lookup_sigalg(&shsig->hash_nid,
+                                       &shsig->sign_nid,
+                                       &shsig->signandhash_nid, ptmp);
+                    shsig++;
+                }
+                break;
+            }
+        }
+    }
+    return nmatch;
+}
+
+/* Set shared signature algorithms for SSL structures */
+static int tls1_set_shared_sigalgs(SSL *s)
+{
+    const unsigned char *pref, *allow, *conf;
+    size_t preflen, allowlen, conflen;
+    size_t nmatch;
+    TLS_SIGALGS *salgs = NULL;
+    CERT *c = s->cert;
+    unsigned int is_suiteb = tls1_suiteb(s);
+
+    OPENSSL_free(c->shared_sigalgs);
+    c->shared_sigalgs = NULL;
+    c->shared_sigalgslen = 0;
+    /* If client use client signature algorithms if not NULL */
+    if (!s->server && c->client_sigalgs && !is_suiteb) {
+        conf = c->client_sigalgs;
+        conflen = c->client_sigalgslen;
+    } else if (c->conf_sigalgs && !is_suiteb) {
+        conf = c->conf_sigalgs;
+        conflen = c->conf_sigalgslen;
+    } else
+        conflen = tls12_get_psigalgs(s, 0, &conf);
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
+        pref = conf;
+        preflen = conflen;
+        allow = s->s3->tmp.peer_sigalgs;
+        allowlen = s->s3->tmp.peer_sigalgslen;
+    } else {
+        allow = conf;
+        allowlen = conflen;
+        pref = s->s3->tmp.peer_sigalgs;
+        preflen = s->s3->tmp.peer_sigalgslen;
+    }
+    nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
+    if (nmatch) {
+        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+        if (salgs == NULL)
+            return 0;
+        nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+    } else {
+        salgs = NULL;
+    }
+    c->shared_sigalgs = salgs;
+    c->shared_sigalgslen = nmatch;
+    return 1;
+}
+
+/* Set preferred digest for each key type */
+
+int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize)
+{
+    CERT *c = s->cert;
+    /* Extension ignored for inappropriate versions */
+    if (!SSL_USE_SIGALGS(s))
+        return 1;
+    /* Should never happen */
+    if (!c)
+        return 0;
+
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = OPENSSL_malloc(dsize);
+    if (s->s3->tmp.peer_sigalgs == NULL)
+        return 0;
+    s->s3->tmp.peer_sigalgslen = dsize;
+    memcpy(s->s3->tmp.peer_sigalgs, data, dsize);
+    return 1;
+}
+
+int tls1_process_sigalgs(SSL *s)
+{
+    int idx;
+    size_t i;
+    const EVP_MD *md;
+    const EVP_MD **pmd = s->s3->tmp.md;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    CERT *c = s->cert;
+    TLS_SIGALGS *sigptr;
+    if (!tls1_set_shared_sigalgs(s))
+        return 0;
+
+    for (i = 0, sigptr = c->shared_sigalgs;
+         i < c->shared_sigalgslen; i++, sigptr++) {
+        idx = tls12_get_pkey_idx(sigptr->rsign);
+        if (idx > 0 && pmd[idx] == NULL) {
+            md = tls12_get_hash(sigptr->rhash);
+            pmd[idx] = md;
+            pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN;
+            if (idx == SSL_PKEY_RSA_SIGN) {
+                pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN;
+                pmd[SSL_PKEY_RSA_ENC] = md;
+            }
+        }
+
+    }
+    /*
+     * In strict mode leave unset digests as NULL to indicate we can't use
+     * the certificate for signing.
+     */
+    if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
+        /*
+         * Set any remaining keys to default values. NOTE: if alg is not
+         * supported it stays as NULL.
+         */
+#ifndef OPENSSL_NO_DSA
+        if (pmd[SSL_PKEY_DSA_SIGN] == NULL)
+            pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_RSA
+        if (pmd[SSL_PKEY_RSA_SIGN] == NULL) {
+            pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
+            pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
+        }
+#endif
+#ifndef OPENSSL_NO_EC
+        if (pmd[SSL_PKEY_ECC] == NULL)
+            pmd[SSL_PKEY_ECC] = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_GOST
+        if (pmd[SSL_PKEY_GOST01] == NULL)
+            pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
+        if (pmd[SSL_PKEY_GOST12_256] == NULL)
+            pmd[SSL_PKEY_GOST12_256] =
+                EVP_get_digestbynid(NID_id_GostR3411_2012_256);
+        if (pmd[SSL_PKEY_GOST12_512] == NULL)
+            pmd[SSL_PKEY_GOST12_512] =
+                EVP_get_digestbynid(NID_id_GostR3411_2012_512);
+#endif
+    }
+    return 1;
+}
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignhash,
+                    unsigned char *rsig, unsigned char *rhash)
+{
+    const unsigned char *psig = s->s3->tmp.peer_sigalgs;
+    if (psig == NULL)
+        return 0;
+    if (idx >= 0) {
+        idx <<= 1;
+        if (idx >= (int)s->s3->tmp.peer_sigalgslen)
+            return 0;
+        psig += idx;
+        if (rhash)
+            *rhash = psig[0];
+        if (rsig)
+            *rsig = psig[1];
+        tls1_lookup_sigalg(phash, psign, psignhash, psig);
+    }
+    return s->s3->tmp.peer_sigalgslen / 2;
+}
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignhash,
+                           unsigned char *rsig, unsigned char *rhash)
+{
+    TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs;
+    if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen)
+        return 0;
+    shsigalgs += idx;
+    if (phash)
+        *phash = shsigalgs->hash_nid;
+    if (psign)
+        *psign = shsigalgs->sign_nid;
+    if (psignhash)
+        *psignhash = shsigalgs->signandhash_nid;
+    if (rsig)
+        *rsig = shsigalgs->rsign;
+    if (rhash)
+        *rhash = shsigalgs->rhash;
+    return s->cert->shared_sigalgslen;
+}
+
+#define MAX_SIGALGLEN   (TLSEXT_hash_num * TLSEXT_signature_num * 2)
+
+typedef struct {
+    size_t sigalgcnt;
+    int sigalgs[MAX_SIGALGLEN];
+} sig_cb_st;
+
+static void get_sigorhash(int *psig, int *phash, const char *str)
+{
+    if (strcmp(str, "RSA") == 0) {
+        *psig = EVP_PKEY_RSA;
+    } else if (strcmp(str, "DSA") == 0) {
+        *psig = EVP_PKEY_DSA;
+    } else if (strcmp(str, "ECDSA") == 0) {
+        *psig = EVP_PKEY_EC;
+    } else {
+        *phash = OBJ_sn2nid(str);
+        if (*phash == NID_undef)
+            *phash = OBJ_ln2nid(str);
+    }
+}
+
+static int sig_cb(const char *elem, int len, void *arg)
+{
+    sig_cb_st *sarg = arg;
+    size_t i;
+    char etmp[20], *p;
+    int sig_alg = NID_undef, hash_alg = NID_undef;
+    if (elem == NULL)
+        return 0;
+    if (sarg->sigalgcnt == MAX_SIGALGLEN)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    p = strchr(etmp, '+');
+    if (!p)
+        return 0;
+    *p = 0;
+    p++;
+    if (!*p)
+        return 0;
+
+    get_sigorhash(&sig_alg, &hash_alg, etmp);
+    get_sigorhash(&sig_alg, &hash_alg, p);
+
+    if (sig_alg == NID_undef || hash_alg == NID_undef)
+        return 0;
+
+    for (i = 0; i < sarg->sigalgcnt; i += 2) {
+        if (sarg->sigalgs[i] == sig_alg && sarg->sigalgs[i + 1] == hash_alg)
+            return 0;
+    }
+    sarg->sigalgs[sarg->sigalgcnt++] = hash_alg;
+    sarg->sigalgs[sarg->sigalgcnt++] = sig_alg;
+    return 1;
+}
+
+/*
+ * Set supported signature algorithms based on a colon separated list of the
+ * form sig+hash e.g. RSA+SHA512:DSA+SHA512
+ */
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
+{
+    sig_cb_st sig;
+    sig.sigalgcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+        return 0;
+    if (c == NULL)
+        return 1;
+    return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
+}
+
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
+{
+    unsigned char *sigalgs, *sptr;
+    int rhash, rsign;
+    size_t i;
+    if (salglen & 1)
+        return 0;
+    sigalgs = OPENSSL_malloc(salglen);
+    if (sigalgs == NULL)
+        return 0;
+    for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
+        rhash = tls12_find_id(*psig_nids++, tls12_md, OSSL_NELEM(tls12_md));
+        rsign = tls12_find_id(*psig_nids++, tls12_sig, OSSL_NELEM(tls12_sig));
+
+        if (rhash == -1 || rsign == -1)
+            goto err;
+        *sptr++ = rhash;
+        *sptr++ = rsign;
+    }
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen;
+    }
+
+    return 1;
+
+ err:
+    OPENSSL_free(sigalgs);
+    return 0;
+}
+
+static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid)
+{
+    int sig_nid;
+    size_t i;
+    if (default_nid == -1)
+        return 1;
+    sig_nid = X509_get_signature_nid(x);
+    if (default_nid)
+        return sig_nid == default_nid ? 1 : 0;
+    for (i = 0; i < c->shared_sigalgslen; i++)
+        if (sig_nid == c->shared_sigalgs[i].signandhash_nid)
+            return 1;
+    return 0;
+}
+
+/* Check to see if a certificate issuer name matches list of CA names */
+static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
+{
+    X509_NAME *nm;
+    int i;
+    nm = X509_get_issuer_name(x);
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (!X509_NAME_cmp(nm, sk_X509_NAME_value(names, i)))
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check certificate chain is consistent with TLS extensions and is usable by
+ * server. This servers two purposes: it allows users to check chains before
+ * passing them to the server and it allows the server to check chains before
+ * attempting to use them.
+ */
+
+/* Flags which need to be set for a certificate when strict mode not set */
+
+#define CERT_PKEY_VALID_FLAGS \
+        (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
+/* Strict mode flags */
+#define CERT_PKEY_STRICT_FLAGS \
+         (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
+         | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
+
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx)
+{
+    int i;
+    int rv = 0;
+    int check_flags = 0, strict_mode;
+    CERT_PKEY *cpk = NULL;
+    CERT *c = s->cert;
+    uint32_t *pvalid;
+    unsigned int suiteb_flags = tls1_suiteb(s);
+    /* idx == -1 means checking server chains */
+    if (idx != -1) {
+        /* idx == -2 means checking client certificate chains */
+        if (idx == -2) {
+            cpk = c->key;
+            idx = cpk - c->pkeys;
+        } else
+            cpk = c->pkeys + idx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+        x = cpk->x509;
+        pk = cpk->privatekey;
+        chain = cpk->chain;
+        strict_mode = c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT;
+        /* If no cert or key, forget it */
+        if (!x || !pk)
+            goto end;
+    } else {
+        if (!x || !pk)
+            return 0;
+        idx = ssl_cert_type(x, pk);
+        if (idx == -1)
+            return 0;
+        pvalid = s->s3->tmp.valid_flags + idx;
+
+        if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
+            check_flags = CERT_PKEY_STRICT_FLAGS;
+        else
+            check_flags = CERT_PKEY_VALID_FLAGS;
+        strict_mode = 1;
+    }
+
+    if (suiteb_flags) {
+        int ok;
+        if (check_flags)
+            check_flags |= CERT_PKEY_SUITEB;
+        ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
+        if (ok == X509_V_OK)
+            rv |= CERT_PKEY_SUITEB;
+        else if (!check_flags)
+            goto end;
+    }
+
+    /*
+     * Check all signature algorithms are consistent with signature
+     * algorithms extension if TLS 1.2 or later and strict mode.
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
+        int default_nid;
+        unsigned char rsign = 0;
+        if (s->s3->tmp.peer_sigalgs)
+            default_nid = 0;
+        /* If no sigalgs extension use defaults from RFC5246 */
+        else {
+            switch (idx) {
+            case SSL_PKEY_RSA_ENC:
+            case SSL_PKEY_RSA_SIGN:
+                rsign = TLSEXT_signature_rsa;
+                default_nid = NID_sha1WithRSAEncryption;
+                break;
+
+            case SSL_PKEY_DSA_SIGN:
+                rsign = TLSEXT_signature_dsa;
+                default_nid = NID_dsaWithSHA1;
+                break;
+
+            case SSL_PKEY_ECC:
+                rsign = TLSEXT_signature_ecdsa;
+                default_nid = NID_ecdsa_with_SHA1;
+                break;
+
+            case SSL_PKEY_GOST01:
+                rsign = TLSEXT_signature_gostr34102001;
+                default_nid = NID_id_GostR3411_94_with_GostR3410_2001;
+                break;
+
+            case SSL_PKEY_GOST12_256:
+                rsign = TLSEXT_signature_gostr34102012_256;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_256;
+                break;
+
+            case SSL_PKEY_GOST12_512:
+                rsign = TLSEXT_signature_gostr34102012_512;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_512;
+                break;
+
+            default:
+                default_nid = -1;
+                break;
+            }
+        }
+        /*
+         * If peer sent no signature algorithms extension and we have set
+         * preferred signature algorithms check we support sha1.
+         */
+        if (default_nid > 0 && c->conf_sigalgs) {
+            size_t j;
+            const unsigned char *p = c->conf_sigalgs;
+            for (j = 0; j < c->conf_sigalgslen; j += 2, p += 2) {
+                if (p[0] == TLSEXT_hash_sha1 && p[1] == rsign)
+                    break;
+            }
+            if (j == c->conf_sigalgslen) {
+                if (check_flags)
+                    goto skip_sigs;
+                else
+                    goto end;
+            }
+        }
+        /* Check signature algorithm of each cert in chain */
+        if (!tls1_check_sig_alg(c, x, default_nid)) {
+            if (!check_flags)
+                goto end;
+        } else
+            rv |= CERT_PKEY_EE_SIGNATURE;
+        rv |= CERT_PKEY_CA_SIGNATURE;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            if (!tls1_check_sig_alg(c, sk_X509_value(chain, i), default_nid)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_SIGNATURE;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    /* Else not TLS 1.2, so mark EE and CA signing algorithms OK */
+    else if (check_flags)
+        rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE;
+ skip_sigs:
+    /* Check cert parameters are consistent */
+    if (tls1_check_cert_param(s, x, check_flags ? 1 : 2))
+        rv |= CERT_PKEY_EE_PARAM;
+    else if (!check_flags)
+        goto end;
+    if (!s->server)
+        rv |= CERT_PKEY_CA_PARAM;
+    /* In strict mode check rest of chain too */
+    else if (strict_mode) {
+        rv |= CERT_PKEY_CA_PARAM;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            X509 *ca = sk_X509_value(chain, i);
+            if (!tls1_check_cert_param(s, ca, 0)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_PARAM;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    if (!s->server && strict_mode) {
+        STACK_OF(X509_NAME) *ca_dn;
+        int check_type = 0;
+        switch (EVP_PKEY_id(pk)) {
+        case EVP_PKEY_RSA:
+            check_type = TLS_CT_RSA_SIGN;
+            break;
+        case EVP_PKEY_DSA:
+            check_type = TLS_CT_DSS_SIGN;
+            break;
+        case EVP_PKEY_EC:
+            check_type = TLS_CT_ECDSA_SIGN;
+            break;
+        }
+        if (check_type) {
+            const unsigned char *ctypes;
+            int ctypelen;
+            if (c->ctypes) {
+                ctypes = c->ctypes;
+                ctypelen = (int)c->ctype_num;
+            } else {
+                ctypes = (unsigned char *)s->s3->tmp.ctype;
+                ctypelen = s->s3->tmp.ctype_num;
+            }
+            for (i = 0; i < ctypelen; i++) {
+                if (ctypes[i] == check_type) {
+                    rv |= CERT_PKEY_CERT_TYPE;
+                    break;
+                }
+            }
+            if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)
+                goto end;
+        } else
+            rv |= CERT_PKEY_CERT_TYPE;
+
+        ca_dn = s->s3->tmp.ca_names;
+
+        if (!sk_X509_NAME_num(ca_dn))
+            rv |= CERT_PKEY_ISSUER_NAME;
+
+        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+            if (ssl_check_ca_name(ca_dn, x))
+                rv |= CERT_PKEY_ISSUER_NAME;
+        }
+        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+            for (i = 0; i < sk_X509_num(chain); i++) {
+                X509 *xtmp = sk_X509_value(chain, i);
+                if (ssl_check_ca_name(ca_dn, xtmp)) {
+                    rv |= CERT_PKEY_ISSUER_NAME;
+                    break;
+                }
+            }
+        }
+        if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
+            goto end;
+    } else
+        rv |= CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE;
+
+    if (!check_flags || (rv & check_flags) == check_flags)
+        rv |= CERT_PKEY_VALID;
+
+ end:
+
+    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+        if (*pvalid & CERT_PKEY_EXPLICIT_SIGN)
+            rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+        else if (s->s3->tmp.md[idx] != NULL)
+            rv |= CERT_PKEY_SIGN;
+    } else
+        rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
+
+    /*
+     * When checking a CERT_PKEY structure all flags are irrelevant if the
+     * chain is invalid.
+     */
+    if (!check_flags) {
+        if (rv & CERT_PKEY_VALID)
+            *pvalid = rv;
+        else {
+            /* Preserve explicit sign flag, clear rest */
+            *pvalid &= CERT_PKEY_EXPLICIT_SIGN;
+            return 0;
+        }
+    }
+    return rv;
+}
+
+/* Set validity of certificates in an SSL structure */
+void tls1_set_cert_validity(SSL *s)
+{
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
+}
+
+/* User level utility function to check a chain is suitable */
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
+{
+    return tls1_check_chain(s, x, pk, chain, -1);
+}
+
+#ifndef OPENSSL_NO_DH
+DH *ssl_get_auto_dh(SSL *s)
+{
+    int dh_secbits = 80;
+    if (s->cert->dh_tmp_auto == 2)
+        return DH_get_1024_160();
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+        if (s->s3->tmp.new_cipher->strength_bits == 256)
+            dh_secbits = 128;
+        else
+            dh_secbits = 80;
+    } else {
+        CERT_PKEY *cpk = ssl_get_server_send_pkey(s);
+        dh_secbits = EVP_PKEY_security_bits(cpk->privatekey);
+    }
+
+    if (dh_secbits >= 128) {
+        DH *dhp = DH_new();
+        BIGNUM *p, *g;
+        if (dhp == NULL)
+            return NULL;
+        g = BN_new();
+        if (g != NULL)
+            BN_set_word(g, 2);
+        if (dh_secbits >= 192)
+            p = BN_get_rfc3526_prime_8192(NULL);
+        else
+            p = BN_get_rfc3526_prime_3072(NULL);
+        if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+            DH_free(dhp);
+            BN_free(p);
+            BN_free(g);
+            return NULL;
+        }
+        return dhp;
+    }
+    if (dh_secbits >= 112)
+        return DH_get_2048_224();
+    return DH_get_1024_160();
+}
+#endif
+
+static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    int secbits = -1;
+    EVP_PKEY *pkey = X509_get0_pubkey(x);
+    if (pkey) {
+        /*
+         * If no parameters this will return -1 and fail using the default
+         * security callback for any non-zero security level. This will
+         * reject keys which omit parameters but this only affects DSA and
+         * omission of parameters is never (?) done in practice.
+         */
+        secbits = EVP_PKEY_security_bits(pkey);
+    }
+    if (s)
+        return ssl_security(s, op, secbits, 0, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, 0, x);
+}
+
+static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    /* Lookup signature algorithm digest */
+    int secbits = -1, md_nid = NID_undef, sig_nid;
+    /* Don't check signature if self signed */
+    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+        return 1;
+    sig_nid = X509_get_signature_nid(x);
+    if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) {
+        const EVP_MD *md;
+        if (md_nid && (md = EVP_get_digestbynid(md_nid)))
+            secbits = EVP_MD_size(md) * 4;
+    }
+    if (s)
+        return ssl_security(s, op, secbits, md_nid, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, md_nid, x);
+}
+
+int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
+{
+    if (vfy)
+        vfy = SSL_SECOP_PEER;
+    if (is_ee) {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_EE_KEY | vfy))
+            return SSL_R_EE_KEY_TOO_SMALL;
+    } else {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_CA_KEY | vfy))
+            return SSL_R_CA_KEY_TOO_SMALL;
+    }
+    if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD | vfy))
+        return SSL_R_CA_MD_TOO_WEAK;
+    return 1;
+}
+
+/*
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
+ * one to the peer. Return values: 1 if ok otherwise error code to use
+ */
+
+int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
+{
+    int rv, start_idx, i;
+    if (x == NULL) {
+        x = sk_X509_value(sk, 0);
+        start_idx = 1;
+    } else
+        start_idx = 0;
+
+    rv = ssl_security_cert(s, NULL, x, vfy, 1);
+    if (rv != 1)
+        return rv;
+
+    for (i = start_idx; i < sk_X509_num(sk); i++) {
+        x = sk_X509_value(sk, i);
+        rv = ssl_security_cert(s, NULL, x, vfy, 0);
+        if (rv != 1)
+            return rv;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/ssl/t1_reneg.c b/openssl-1.1.0h/ssl/t1_reneg.c
new file mode 100644
index 0000000..01dc403
--- /dev/null
+++ b/openssl-1.1.0h/ssl/t1_reneg.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/* Add the client's renegotiation binding */
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen)
+{
+    if (p) {
+        if ((s->s3->previous_client_finished_len + 1) > maxlen) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
+                   SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+            return 0;
+        }
+
+        /* Length byte */
+        *p = s->s3->previous_client_finished_len;
+        p++;
+
+        memcpy(p, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len);
+    }
+
+    *len = s->s3->previous_client_finished_len + 1;
+
+    return 1;
+}
+
+/*
+ * Parse the client's renegotiation binding and abort if it's not right
+ */
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
+{
+    unsigned int ilen;
+    const unsigned char *d;
+
+    /* Parse the length byte */
+    if (!PACKET_get_1(pkt, &ilen)
+        || !PACKET_get_bytes(pkt, &d, ilen)) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != s->s3->previous_client_finished_len) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_MISMATCH);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+    }
+
+    if (memcmp(d, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len)) {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_MISMATCH);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+    }
+
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/* Add the server's renegotiation binding */
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen)
+{
+    if (p) {
+        if ((s->s3->previous_client_finished_len +
+             s->s3->previous_server_finished_len + 1) > maxlen) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
+                   SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+            return 0;
+        }
+
+        /* Length byte */
+        *p = s->s3->previous_client_finished_len +
+            s->s3->previous_server_finished_len;
+        p++;
+
+        memcpy(p, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len);
+        p += s->s3->previous_client_finished_len;
+
+        memcpy(p, s->s3->previous_server_finished,
+               s->s3->previous_server_finished_len);
+    }
+
+    *len = s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len + 1;
+
+    return 1;
+}
+
+/*
+ * Parse the server's renegotiation binding and abort if it's not right
+ */
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
+{
+    unsigned int expected_len = s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len;
+    unsigned int ilen;
+    const unsigned char *data;
+
+    /* Check for logic errors */
+    OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+    OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+
+    /* Parse the length byte */
+    if (!PACKET_get_1(pkt, &ilen)) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
+    /* Consistency check */
+    if (PACKET_remaining(pkt) != ilen) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != expected_len) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_MISMATCH);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
+        || memcmp(data, s->s3->previous_client_finished,
+                  s->s3->previous_client_finished_len) != 0) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_MISMATCH);
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
+        || memcmp(data, s->s3->previous_server_finished,
+                  s->s3->previous_server_finished_len) != 0) {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+               SSL_R_RENEGOTIATION_MISMATCH);
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/ssl/t1_trce.c b/openssl-1.1.0h/ssl/t1_trce.c
new file mode 100644
index 0000000..76bdf79
--- /dev/null
+++ b/openssl-1.1.0h/ssl/t1_trce.c
@@ -0,0 +1,1322 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SSL_TRACE
+
+/* Packet trace support for OpenSSL */
+
+typedef struct {
+    int num;
+    const char *name;
+} ssl_trace_tbl;
+
+# define ssl_trace_str(val, tbl) \
+        do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
+
+# define ssl_trace_list(bio, indent, msg, msglen, value, table) \
+        do_ssl_trace_list(bio, indent, msg, msglen, value, \
+         table, OSSL_NELEM(table))
+
+static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl)
+{
+    size_t i;
+    for (i = 0; i < ntbl; i++, tbl++) {
+        if (tbl->num == val)
+            return tbl->name;
+    }
+    return "UNKNOWN";
+}
+
+static int do_ssl_trace_list(BIO *bio, int indent,
+                             const unsigned char *msg, size_t msglen,
+                             size_t vlen, ssl_trace_tbl *tbl, size_t ntbl)
+{
+    int val;
+    if (msglen % vlen)
+        return 0;
+    while (msglen) {
+        val = msg[0];
+        if (vlen == 2)
+            val = (val << 8) | msg[1];
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val);
+        msg += vlen;
+        msglen -= vlen;
+    }
+    return 1;
+}
+
+/* Version number */
+
+static ssl_trace_tbl ssl_version_tbl[] = {
+    {SSL3_VERSION, "SSL 3.0"},
+    {TLS1_VERSION, "TLS 1.0"},
+    {TLS1_1_VERSION, "TLS 1.1"},
+    {TLS1_2_VERSION, "TLS 1.2"},
+    {DTLS1_VERSION, "DTLS 1.0"},
+    {DTLS1_2_VERSION, "DTLS 1.2"},
+    {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
+};
+
+static ssl_trace_tbl ssl_content_tbl[] = {
+    {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"},
+    {SSL3_RT_ALERT, "Alert"},
+    {SSL3_RT_HANDSHAKE, "Handshake"},
+    {SSL3_RT_APPLICATION_DATA, "ApplicationData"},
+    {DTLS1_RT_HEARTBEAT, "HeartBeat"}
+};
+
+/* Handshake types */
+static ssl_trace_tbl ssl_handshake_tbl[] = {
+    {SSL3_MT_HELLO_REQUEST, "HelloRequest"},
+    {SSL3_MT_CLIENT_HELLO, "ClientHello"},
+    {SSL3_MT_SERVER_HELLO, "ServerHello"},
+    {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"},
+    {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"},
+    {SSL3_MT_CERTIFICATE, "Certificate"},
+    {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"},
+    {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"},
+    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_SERVER_DONE, "ServerHelloDone"},
+    {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
+    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
+    {SSL3_MT_FINISHED, "Finished"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}
+};
+
+/* Cipher suites */
+static ssl_trace_tbl ssl_ciphers_tbl[] = {
+    {0x0000, "SSL_NULL_WITH_NULL_NULL"},
+    {0x0001, "SSL_RSA_WITH_NULL_MD5"},
+    {0x0002, "SSL_RSA_WITH_NULL_SHA"},
+    {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},
+    {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},
+    {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},
+    {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},
+    {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},
+    {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},
+    {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},
+    {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},
+    {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},
+    {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
+    {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+    {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+    {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+    {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+    {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+    {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+    {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+    {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+    {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+    {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+    {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+    {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+    {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+    {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+    {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+    {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+    {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+    {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+    {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+    {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+    {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+    {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+    {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+    {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+    {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+    {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+    {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+    {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+    {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+    {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+    {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+    {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+    {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+    {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+    {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+    {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+    {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+    {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+    {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+    {0x5600, "TLS_FALLBACK_SCSV"},
+    {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+    {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+    {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+    {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+    {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+    {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+    {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+    {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+    {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+    {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+    {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+    {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+    {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+    {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+    {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+    {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+    {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+    {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+    {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+    {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+    {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+    {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+    {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+    {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+    {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+    {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+    {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+    {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+    {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+    {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+    {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+    {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+    {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+    {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+    {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+    {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+    {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+    {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+    {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+    {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+};
+
+/* Compression methods */
+static ssl_trace_tbl ssl_comp_tbl[] = {
+    {0x0000, "No Compression"},
+    {0x0001, "Zlib Compression"}
+};
+
+/* Extensions */
+static ssl_trace_tbl ssl_exts_tbl[] = {
+    {TLSEXT_TYPE_server_name, "server_name"},
+    {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"},
+    {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"},
+    {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"},
+    {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"},
+    {TLSEXT_TYPE_status_request, "status_request"},
+    {TLSEXT_TYPE_user_mapping, "user_mapping"},
+    {TLSEXT_TYPE_client_authz, "client_authz"},
+    {TLSEXT_TYPE_server_authz, "server_authz"},
+    {TLSEXT_TYPE_cert_type, "cert_type"},
+    {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"},
+    {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
+    {TLSEXT_TYPE_srp, "srp"},
+    {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
+    {TLSEXT_TYPE_use_srtp, "use_srtp"},
+    {TLSEXT_TYPE_heartbeat, "heartbeat"},
+    {TLSEXT_TYPE_session_ticket, "session_ticket"},
+    {TLSEXT_TYPE_renegotiate, "renegotiate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
+# endif
+    {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
+    {TLSEXT_TYPE_padding, "padding"},
+    {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
+    {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}
+};
+
+static ssl_trace_tbl ssl_curve_tbl[] = {
+    {1, "sect163k1 (K-163)"},
+    {2, "sect163r1"},
+    {3, "sect163r2 (B-163)"},
+    {4, "sect193r1"},
+    {5, "sect193r2"},
+    {6, "sect233k1 (K-233)"},
+    {7, "sect233r1 (B-233)"},
+    {8, "sect239k1"},
+    {9, "sect283k1 (K-283)"},
+    {10, "sect283r1 (B-283)"},
+    {11, "sect409k1 (K-409)"},
+    {12, "sect409r1 (B-409)"},
+    {13, "sect571k1 (K-571)"},
+    {14, "sect571r1 (B-571)"},
+    {15, "secp160k1"},
+    {16, "secp160r1"},
+    {17, "secp160r2"},
+    {18, "secp192k1"},
+    {19, "secp192r1 (P-192)"},
+    {20, "secp224k1"},
+    {21, "secp224r1 (P-224)"},
+    {22, "secp256k1"},
+    {23, "secp256r1 (P-256)"},
+    {24, "secp384r1 (P-384)"},
+    {25, "secp521r1 (P-521)"},
+    {26, "brainpoolP256r1"},
+    {27, "brainpoolP384r1"},
+    {28, "brainpoolP512r1"},
+    {29, "ecdh_x25519"},
+    {0xFF01, "arbitrary_explicit_prime_curves"},
+    {0xFF02, "arbitrary_explicit_char2_curves"}
+};
+
+static ssl_trace_tbl ssl_point_tbl[] = {
+    {0, "uncompressed"},
+    {1, "ansiX962_compressed_prime"},
+    {2, "ansiX962_compressed_char2"}
+};
+
+static ssl_trace_tbl ssl_md_tbl[] = {
+    {TLSEXT_hash_none, "none"},
+    {TLSEXT_hash_md5, "md5"},
+    {TLSEXT_hash_sha1, "sha1"},
+    {TLSEXT_hash_sha224, "sha224"},
+    {TLSEXT_hash_sha256, "sha256"},
+    {TLSEXT_hash_sha384, "sha384"},
+    {TLSEXT_hash_sha512, "sha512"},
+    {TLSEXT_hash_gostr3411, "md_gost94"},
+    {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
+    {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
+};
+
+static ssl_trace_tbl ssl_sig_tbl[] = {
+    {TLSEXT_signature_anonymous, "anonymous"},
+    {TLSEXT_signature_rsa, "rsa"},
+    {TLSEXT_signature_dsa, "dsa"},
+    {TLSEXT_signature_ecdsa, "ecdsa"},
+    {TLSEXT_signature_gostr34102001, "gost2001"},
+    {TLSEXT_signature_gostr34102012_256, "gost2012_256"},
+    {TLSEXT_signature_gostr34102012_512, "gost2012_512"}
+};
+
+static ssl_trace_tbl ssl_hb_tbl[] = {
+    {1, "peer_allowed_to_send"},
+    {2, "peer_not_allowed_to_send"}
+};
+
+static ssl_trace_tbl ssl_hb_type_tbl[] = {
+    {1, "heartbeat_request"},
+    {2, "heartbeat_response"}
+};
+
+static ssl_trace_tbl ssl_ctype_tbl[] = {
+    {1, "rsa_sign"},
+    {2, "dss_sign"},
+    {3, "rsa_fixed_dh"},
+    {4, "dss_fixed_dh"},
+    {5, "rsa_ephemeral_dh"},
+    {6, "dss_ephemeral_dh"},
+    {20, "fortezza_dms"},
+    {64, "ecdsa_sign"},
+    {65, "rsa_fixed_ecdh"},
+    {66, "ecdsa_fixed_ecdh"}
+};
+
+static void ssl_print_hex(BIO *bio, int indent, const char *name,
+                          const unsigned char *msg, size_t msglen)
+{
+    size_t i;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s (len=%d): ", name, (int)msglen);
+    for (i = 0; i < msglen; i++)
+        BIO_printf(bio, "%02X", msg[i]);
+    BIO_puts(bio, "\n");
+}
+
+static int ssl_print_hexbuf(BIO *bio, int indent,
+                            const char *name, size_t nlen,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t blen;
+    const unsigned char *p = *pmsg;
+    if (*pmsglen < nlen)
+        return 0;
+    blen = p[0];
+    if (nlen > 1)
+        blen = (blen << 8) | p[1];
+    if (*pmsglen < nlen + blen)
+        return 0;
+    p += nlen;
+    ssl_print_hex(bio, indent, name, p, blen);
+    *pmsg += blen + nlen;
+    *pmsglen -= blen + nlen;
+    return 1;
+}
+
+static int ssl_print_version(BIO *bio, int indent, const char *name,
+                             const unsigned char **pmsg, size_t *pmsglen)
+{
+    int vers;
+    if (*pmsglen < 2)
+        return 0;
+    vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s=0x%x (%s)\n",
+               name, vers, ssl_trace_str(vers, ssl_version_tbl));
+    *pmsg += 2;
+    *pmsglen -= 2;
+    return 1;
+}
+
+static int ssl_print_random(BIO *bio, int indent,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    unsigned int tm;
+    const unsigned char *p = *pmsg;
+    if (*pmsglen < 32)
+        return 0;
+    tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+    p += 4;
+    BIO_indent(bio, indent, 80);
+    BIO_puts(bio, "Random:\n");
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm);
+    ssl_print_hex(bio, indent + 2, "random_bytes", p, 28);
+    *pmsg += 32;
+    *pmsglen -= 32;
+    return 1;
+}
+
+static int ssl_print_signature(BIO *bio, int indent, SSL *s,
+                               const unsigned char **pmsg, size_t *pmsglen)
+{
+    if (*pmsglen < 2)
+        return 0;
+    if (SSL_USE_SIGALGS(s)) {
+        const unsigned char *p = *pmsg;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "Signature Algorithm %s+%s (%d+%d)\n",
+                   ssl_trace_str(p[0], ssl_md_tbl),
+                   ssl_trace_str(p[1], ssl_sig_tbl), p[0], p[1]);
+        *pmsg += 2;
+        *pmsglen -= 2;
+    }
+    return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen);
+}
+
+static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
+                               const unsigned char *ext, size_t extlen)
+{
+    size_t xlen;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
+               ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen);
+    switch (extype) {
+    case TLSEXT_TYPE_ec_point_formats:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
+
+    case TLSEXT_TYPE_elliptic_curves:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl);
+
+    case TLSEXT_TYPE_signature_algorithms:
+
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        if (xlen & 1)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            BIO_printf(bio, "%s+%s (%d+%d)\n",
+                       ssl_trace_str(ext[0], ssl_md_tbl),
+                       ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]);
+            xlen -= 2;
+            ext += 2;
+        }
+        break;
+
+    case TLSEXT_TYPE_renegotiate:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (xlen + 1 != extlen)
+            return 0;
+        ext++;
+        if (xlen) {
+            if (server) {
+                if (xlen & 1)
+                    return 0;
+                xlen >>= 1;
+            }
+            ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
+            if (server) {
+                ext += xlen;
+                ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
+            }
+        } else {
+            BIO_indent(bio, indent + 4, 80);
+            BIO_puts(bio, "<EMPTY>\n");
+        }
+        break;
+
+    case TLSEXT_TYPE_heartbeat:
+        if (extlen != 1)
+            return 0;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "HeartbeatMode: %s\n",
+                   ssl_trace_str(ext[0], ssl_hb_tbl));
+        break;
+
+    case TLSEXT_TYPE_session_ticket:
+        if (extlen != 0)
+            ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
+        break;
+
+    default:
+        BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
+    }
+    return 1;
+}
+
+static int ssl_print_extensions(BIO *bio, int indent, int server,
+                                const unsigned char *msg, size_t msglen)
+{
+    size_t extslen;
+    BIO_indent(bio, indent, 80);
+    if (msglen == 0) {
+        BIO_puts(bio, "No Extensions\n");
+        return 1;
+    }
+    extslen = (msg[0] << 8) | msg[1];
+    if (extslen != msglen - 2)
+        return 0;
+    msg += 2;
+    msglen = extslen;
+    BIO_printf(bio, "extensions, length = %d\n", (int)msglen);
+    while (msglen > 0) {
+        int extype;
+        size_t extlen;
+        if (msglen < 4)
+            return 0;
+        extype = (msg[0] << 8) | msg[1];
+        extlen = (msg[2] << 8) | msg[3];
+        if (msglen < extlen + 4)
+            return 0;
+        msg += 4;
+        if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen))
+            return 0;
+        msg += extlen;
+        msglen -= extlen + 4;
+    }
+    return 1;
+}
+
+static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t len;
+    unsigned int cs;
+    if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (SSL_IS_DTLS(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+            return 0;
+    }
+    if (msglen < 2)
+        return 0;
+    len = (msg[0] << 8) | msg[1];
+    msg += 2;
+    msglen -= 2;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len);
+    if (msglen < len || len & 1)
+        return 0;
+    while (len > 0) {
+        cs = (msg[0] << 8) | msg[1];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "{0x%02X, 0x%02X} %s\n",
+                   msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+        msg += 2;
+        msglen -= 2;
+        len -= 2;
+    }
+    if (msglen < 1)
+        return 0;
+    len = msg[0];
+    msg++;
+    msglen--;
+    if (msglen < len)
+        return 0;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "compression_methods (len=%d)\n", (int)len);
+    while (len > 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "%s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+        len--;
+    }
+    if (!ssl_print_extensions(bio, indent, 0, msg, msglen))
+        return 0;
+    return 1;
+}
+
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+                                       const unsigned char *msg, size_t msglen)
+{
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_print_server_hello(BIO *bio, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    unsigned int cs;
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (msglen < 2)
+        return 0;
+    cs = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n",
+               msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+    msg += 2;
+    msglen -= 2;
+    if (msglen < 1)
+        return 0;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "compression_method: %s (0x%02X)\n",
+               ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+    msg++;
+    msglen--;
+    if (!ssl_print_extensions(bio, indent, 1, msg, msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_get_keyex(const char **pname, SSL *ssl)
+{
+    unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+    if (alg_k & SSL_kRSA) {
+        *pname = "rsa";
+        return SSL_kRSA;
+    }
+    if (alg_k & SSL_kDHE) {
+        *pname = "DHE";
+        return SSL_kDHE;
+    }
+    if (alg_k & SSL_kECDHE) {
+        *pname = "ECDHE";
+        return SSL_kECDHE;
+    }
+    if (alg_k & SSL_kPSK) {
+        *pname = "PSK";
+        return SSL_kPSK;
+    }
+    if (alg_k & SSL_kRSAPSK) {
+        *pname = "RSAPSK";
+        return SSL_kRSAPSK;
+    }
+    if (alg_k & SSL_kDHEPSK) {
+        *pname = "DHEPSK";
+        return SSL_kDHEPSK;
+    }
+    if (alg_k & SSL_kECDHEPSK) {
+        *pname = "ECDHEPSK";
+        return SSL_kECDHEPSK;
+    }
+    if (alg_k & SSL_kSRP) {
+        *pname = "SRP";
+        return SSL_kSRP;
+    }
+    if (alg_k & SSL_kGOST) {
+        *pname = "GOST";
+        return SSL_kGOST;
+    }
+    *pname = "UNKNOWN";
+    return 0;
+}
+
+static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id;
+    id = ssl_get_keyex(&algname, ssl);
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+
+    case SSL_kRSA:
+    case SSL_kRSAPSK:
+        if (TLS1_get_version(ssl) == SSL3_VERSION) {
+            ssl_print_hex(bio, indent + 2,
+                          "EncyptedPreMasterSecret", msg, msglen);
+        } else {
+            if (!ssl_print_hexbuf(bio, indent + 2,
+                                  "EncyptedPreMasterSecret", 2, &msg, &msglen))
+                return 0;
+        }
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
+            return 0;
+        break;
+
+    }
+
+    return !msglen;
+}
+
+static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id;
+    id = ssl_get_keyex(&algname, ssl);
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity_hint", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+    case SSL_kRSA:
+
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
+                              &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen))
+            return 0;
+        break;
+
+# ifndef OPENSSL_NO_EC
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent + 2, 80);
+        if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE)
+            BIO_puts(bio, "explicit_prime\n");
+        else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE)
+            BIO_puts(bio, "explicit_char2\n");
+        else if (msg[0] == NAMED_CURVE_TYPE) {
+            int curve;
+            if (msglen < 3)
+                return 0;
+            curve = (msg[1] << 8) | msg[2];
+            BIO_printf(bio, "named_curve: %s (%d)\n",
+                       ssl_trace_str(curve, ssl_curve_tbl), curve);
+            msg += 3;
+            msglen -= 3;
+            if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
+                return 0;
+        } else {
+            BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]);
+            return 0;
+        }
+        break;
+# endif
+
+    case SSL_kPSK:
+    case SSL_kRSAPSK:
+        break;
+    }
+    if (!(id & SSL_PSK))
+        ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+    return !msglen;
+}
+
+static int ssl_print_certificate(BIO *bio, int indent,
+                                 const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t msglen = *pmsglen;
+    size_t clen;
+    X509 *x;
+    const unsigned char *p = *pmsg, *q;
+    if (msglen < 3)
+        return 0;
+    clen = (p[0] << 16) | (p[1] << 8) | p[2];
+    if (msglen < clen + 3)
+        return 0;
+    q = p + 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen);
+    x = d2i_X509(NULL, &q, clen);
+    if (!x)
+        BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
+    else {
+        BIO_puts(bio, "\n------details-----\n");
+        X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
+        PEM_write_bio_X509(bio, x);
+        /* Print certificate stuff */
+        BIO_puts(bio, "------------------\n");
+        X509_free(x);
+    }
+    if (q != p + 3 + clen) {
+        BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n");
+    }
+    *pmsg += clen + 3;
+    *pmsglen -= clen + 3;
+    return 1;
+}
+
+static int ssl_print_certificates(BIO *bio, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t clen;
+    if (msglen < 3)
+        return 0;
+    clen = (msg[0] << 16) | (msg[1] << 8) | msg[2];
+    if (msglen != clen + 3)
+        return 0;
+    msg += 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "certificate_list, length=%d\n", (int)clen);
+    while (clen > 0) {
+        if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
+            return 0;
+    }
+    return 1;
+}
+
+static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t xlen;
+    if (msglen < 1)
+        return 0;
+    xlen = msg[0];
+    if (msglen < xlen + 1)
+        return 0;
+    msg++;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
+    if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
+        return 0;
+    msg += xlen;
+    msglen -= xlen + 1;
+    if (!SSL_USE_SIGALGS(s))
+        goto skip_sig;
+    if (msglen < 2)
+        return 0;
+    xlen = (msg[0] << 8) | msg[1];
+    if (msglen < xlen + 2 || (xlen & 1))
+        return 0;
+    msg += 2;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
+    while (xlen > 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "%s+%s (%d+%d)\n",
+                   ssl_trace_str(msg[0], ssl_md_tbl),
+                   ssl_trace_str(msg[1], ssl_sig_tbl), msg[0], msg[1]);
+        xlen -= 2;
+        msg += 2;
+    }
+    msg += xlen;
+    msglen -= xlen + 2;
+
+ skip_sig:
+    xlen = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    if (msglen < xlen + 2)
+        return 0;
+    msg += 2;
+    msglen -= 2;
+    BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen);
+    while (xlen > 0) {
+        size_t dlen;
+        X509_NAME *nm;
+        const unsigned char *p;
+        if (xlen < 2)
+            return 0;
+        dlen = (msg[0] << 8) | msg[1];
+        if (xlen < dlen + 2)
+            return 0;
+        msg += 2;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen);
+        p = msg;
+        nm = d2i_X509_NAME(NULL, &p, dlen);
+        if (!nm) {
+            BIO_puts(bio, "<UNPARSEABLE DN>\n");
+        } else {
+            X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
+            BIO_puts(bio, "\n");
+            X509_NAME_free(nm);
+        }
+        xlen -= dlen + 2;
+        msg += dlen;
+    }
+    return 1;
+}
+
+static int ssl_print_ticket(BIO *bio, int indent,
+                            const unsigned char *msg, size_t msglen)
+{
+    unsigned int tick_life;
+    if (msglen == 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "No Ticket\n");
+        return 1;
+    }
+    if (msglen < 4)
+        return 0;
+    tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    msglen -= 4;
+    msg += 4;
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
+    if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
+        return 0;
+    if (msglen)
+        return 0;
+    return 1;
+}
+
+static int ssl_print_handshake(BIO *bio, SSL *ssl,
+                               const unsigned char *msg, size_t msglen,
+                               int indent)
+{
+    size_t hlen;
+    unsigned char htype;
+    if (msglen < 4)
+        return 0;
+    htype = msg[0];
+    hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s, Length=%d\n",
+               ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen);
+    msg += 4;
+    msglen -= 4;
+    if (SSL_IS_DTLS(ssl)) {
+        if (msglen < 8)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+                   "fragment_length=%d\n",
+                   (msg[0] << 8) | msg[1],
+                   (msg[2] << 16) | (msg[3] << 8) | msg[4],
+                   (msg[5] << 16) | (msg[6] << 8) | msg[7]);
+        msg += 8;
+        msglen -= 8;
+    }
+    if (msglen < hlen)
+        return 0;
+    switch (htype) {
+    case SSL3_MT_CLIENT_HELLO:
+        if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case DTLS1_MT_HELLO_VERIFY_REQUEST:
+        if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_HELLO:
+        if (!ssl_print_server_hello(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_KEY_EXCHANGE:
+        if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CLIENT_KEY_EXCHANGE:
+        if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE:
+        if (!ssl_print_certificates(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_VERIFY:
+        if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_REQUEST:
+        if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_FINISHED:
+        ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen);
+        break;
+
+    case SSL3_MT_SERVER_DONE:
+        if (msglen != 0)
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+        break;
+
+    case SSL3_MT_NEWSESSION_TICKET:
+        if (!ssl_print_ticket(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    default:
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "Unsupported, hex dump follows:\n");
+        BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
+    }
+    return 1;
+}
+
+static int ssl_print_heartbeat(BIO *bio, int indent,
+                               const unsigned char *msg, size_t msglen)
+{
+    if (msglen < 3)
+        return 0;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "HeartBeatMessageType: %s\n",
+               ssl_trace_str(msg[0], ssl_hb_type_tbl));
+    msg++;
+    msglen--;
+    if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen))
+        return 0;
+    ssl_print_hex(bio, indent, "padding", msg, msglen);
+    return 1;
+}
+
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+    return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
+}
+
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t msglen, SSL *ssl, void *arg)
+{
+    const unsigned char *msg = buf;
+    BIO *bio = arg;
+
+    switch (content_type) {
+    case SSL3_RT_HEADER:
+        {
+            int hvers = msg[1] << 8 | msg[2];
+            BIO_puts(bio, write_p ? "Sent" : "Received");
+            BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
+                       ssl_trace_str(hvers, ssl_version_tbl), hvers);
+            if (SSL_IS_DTLS(ssl)) {
+                BIO_printf(bio,
+                           "  epoch=%d, sequence_number=%04x%04x%04x\n",
+                           (msg[3] << 8 | msg[4]),
+                           (msg[5] << 8 | msg[6]),
+                           (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10]));
+            }
+
+            BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
+                       ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
+                       msg[msglen - 2] << 8 | msg[msglen - 1]);
+        }
+        break;
+    case SSL3_RT_HANDSHAKE:
+        if (!ssl_print_handshake(bio, ssl, msg, msglen, 4))
+            BIO_printf(bio, "Message length parse error!\n");
+        break;
+
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+        if (msglen == 1 && msg[0] == 1)
+            BIO_puts(bio, "    change_cipher_spec (1)\n");
+        else
+            ssl_print_hex(bio, 4, "unknown value", msg, msglen);
+        break;
+
+    case SSL3_RT_ALERT:
+        if (msglen != 2) {
+            BIO_puts(bio, "    Illegal Alert Length\n");
+        } else {
+            BIO_printf(bio, "    Level=%s(%d), description=%s(%d)\n",
+                       SSL_alert_type_string_long(msg[0] << 8),
+                       msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
+        }
+        break;
+
+    case DTLS1_RT_HEARTBEAT:
+        ssl_print_heartbeat(bio, 4, msg, msglen);
+        break;
+
+    }
+
+    BIO_puts(bio, "\n");
+}
+
+#endif
diff --git a/openssl-1.1.0h/ssl/tls_srp.c b/openssl-1.1.0h/ssl/tls_srp.c
new file mode 100644
index 0000000..bfdbdf5
--- /dev/null
+++ b/openssl-1.1.0h/ssl/tls_srp.c
@@ -0,0 +1,430 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+
+int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+    OPENSSL_free(ctx->srp_ctx.login);
+    OPENSSL_free(ctx->srp_ctx.info);
+    BN_free(ctx->srp_ctx.N);
+    BN_free(ctx->srp_ctx.g);
+    BN_free(ctx->srp_ctx.s);
+    BN_free(ctx->srp_ctx.B);
+    BN_free(ctx->srp_ctx.A);
+    BN_free(ctx->srp_ctx.a);
+    BN_free(ctx->srp_ctx.b);
+    BN_free(ctx->srp_ctx.v);
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+    return (1);
+}
+
+int SSL_SRP_CTX_free(struct ssl_st *s)
+{
+    if (s == NULL)
+        return 0;
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    s->srp_ctx.strength = SRP_MINIMAL_N;
+    return (1);
+}
+
+int SSL_SRP_CTX_init(struct ssl_st *s)
+{
+    SSL_CTX *ctx;
+
+    if ((s == NULL) || ((ctx = s->ctx) == NULL))
+        return 0;
+
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+
+    s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
+    /* set client Hello login callback */
+    s->srp_ctx.TLS_ext_srp_username_callback =
+        ctx->srp_ctx.TLS_ext_srp_username_callback;
+    /* set SRP N/g param callback for verification */
+    s->srp_ctx.SRP_verify_param_callback =
+        ctx->srp_ctx.SRP_verify_param_callback;
+    /* set SRP client passwd callback */
+    s->srp_ctx.SRP_give_srp_client_pwd_callback =
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
+
+    s->srp_ctx.strength = ctx->srp_ctx.strength;
+
+    if (((ctx->srp_ctx.N != NULL) &&
+         ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
+        ((ctx->srp_ctx.g != NULL) &&
+         ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
+        ((ctx->srp_ctx.s != NULL) &&
+         ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
+        ((ctx->srp_ctx.B != NULL) &&
+         ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
+        ((ctx->srp_ctx.A != NULL) &&
+         ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
+        ((ctx->srp_ctx.a != NULL) &&
+         ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
+        ((ctx->srp_ctx.v != NULL) &&
+         ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
+        ((ctx->srp_ctx.b != NULL) &&
+         ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
+        goto err;
+    }
+    if ((ctx->srp_ctx.login != NULL) &&
+        ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((ctx->srp_ctx.info != NULL) &&
+        ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
+
+    return (1);
+ err:
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    return (0);
+}
+
+int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+
+    return (1);
+}
+
+/* server side */
+int SSL_srp_server_param_with_username(SSL *s, int *ad)
+{
+    unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
+    int al;
+
+    *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
+    if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
+        ((al =
+          s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
+                                                   s->srp_ctx.SRP_cb_arg)) !=
+         SSL_ERROR_NONE))
+        return al;
+
+    *ad = SSL_AD_INTERNAL_ERROR;
+    if ((s->srp_ctx.N == NULL) ||
+        (s->srp_ctx.g == NULL) ||
+        (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
+        return SSL3_AL_FATAL;
+
+    if (RAND_bytes(b, sizeof(b)) <= 0)
+        return SSL3_AL_FATAL;
+    s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
+    OPENSSL_cleanse(b, sizeof(b));
+
+    /* Calculate:  B = (kv + g^b) % N  */
+
+    return ((s->srp_ctx.B =
+             SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
+                        s->srp_ctx.v)) !=
+            NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
+}
+
+/*
+ * If the server just has the raw password, make up a verifier entry on the
+ * fly
+ */
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp)
+{
+    SRP_gN *GN = SRP_get_default_gN(grp);
+    if (GN == NULL)
+        return -1;
+    s->srp_ctx.N = BN_dup(GN->N);
+    s->srp_ctx.g = BN_dup(GN->g);
+    BN_clear_free(s->srp_ctx.v);
+    s->srp_ctx.v = NULL;
+    BN_clear_free(s->srp_ctx.s);
+    s->srp_ctx.s = NULL;
+    if (!SRP_create_verifier_BN
+        (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g))
+        return -1;
+
+    return 1;
+}
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info)
+{
+    if (N != NULL) {
+        if (s->srp_ctx.N != NULL) {
+            if (!BN_copy(s->srp_ctx.N, N)) {
+                BN_free(s->srp_ctx.N);
+                s->srp_ctx.N = NULL;
+            }
+        } else
+            s->srp_ctx.N = BN_dup(N);
+    }
+    if (g != NULL) {
+        if (s->srp_ctx.g != NULL) {
+            if (!BN_copy(s->srp_ctx.g, g)) {
+                BN_free(s->srp_ctx.g);
+                s->srp_ctx.g = NULL;
+            }
+        } else
+            s->srp_ctx.g = BN_dup(g);
+    }
+    if (sa != NULL) {
+        if (s->srp_ctx.s != NULL) {
+            if (!BN_copy(s->srp_ctx.s, sa)) {
+                BN_free(s->srp_ctx.s);
+                s->srp_ctx.s = NULL;
+            }
+        } else
+            s->srp_ctx.s = BN_dup(sa);
+    }
+    if (v != NULL) {
+        if (s->srp_ctx.v != NULL) {
+            if (!BN_copy(s->srp_ctx.v, v)) {
+                BN_free(s->srp_ctx.v);
+                s->srp_ctx.v = NULL;
+            }
+        } else
+            s->srp_ctx.v = BN_dup(v);
+    }
+    if (info != NULL) {
+        if (s->srp_ctx.info)
+            OPENSSL_free(s->srp_ctx.info);
+        if ((s->srp_ctx.info = BUF_strdup(info)) == NULL)
+            return -1;
+    }
+
+    if (!(s->srp_ctx.N) ||
+        !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
+        return -1;
+
+    return 1;
+}
+
+int srp_generate_server_master_secret(SSL *s)
+{
+    BIGNUM *K = NULL, *u = NULL;
+    int ret = -1, tmp_len = 0;
+    unsigned char *tmp = NULL;
+
+    if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
+        goto err;
+    if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
+        goto err;
+    if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
+                                 s->srp_ctx.N)) == NULL)
+        goto err;
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
+        goto err;
+    BN_bn2bin(K, tmp);
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(u);
+    return ret;
+}
+
+/* client side */
+int srp_generate_client_master_secret(SSL *s)
+{
+    BIGNUM *x = NULL, *u = NULL, *K = NULL;
+    int ret = -1, tmp_len = 0;
+    char *passwd = NULL;
+    unsigned char *tmp = NULL;
+
+    /*
+     * Checks if b % n == 0
+     */
+    if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0)
+        goto err;
+    if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
+        goto err;
+    if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL)
+        goto err;
+    if (!
+        (passwd =
+         s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg)))
+        goto err;
+    if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL)
+        goto err;
+    if ((K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x,
+                                 s->srp_ctx.a, u)) == NULL)
+        goto err;
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
+        goto err;
+    BN_bn2bin(K, tmp);
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(x);
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
+    BN_clear_free(u);
+    return ret;
+}
+
+int srp_verify_server_param(SSL *s, int *al)
+{
+    SRP_CTX *srp = &s->srp_ctx;
+    /*
+     * Sanity check parameters: we can quickly check B % N == 0 by checking B
+     * != 0 since B < N
+     */
+    if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
+        || BN_is_zero(srp->B)) {
+        *al = SSL3_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
+    if (BN_num_bits(srp->N) < srp->strength) {
+        *al = TLS1_AD_INSUFFICIENT_SECURITY;
+        return 0;
+    }
+
+    if (srp->SRP_verify_param_callback) {
+        if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
+            *al = TLS1_AD_INSUFFICIENT_SECURITY;
+            return 0;
+        }
+    } else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
+        *al = TLS1_AD_INSUFFICIENT_SECURITY;
+        return 0;
+    }
+
+    return 1;
+}
+
+int SRP_Calc_A_param(SSL *s)
+{
+    unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+
+    if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
+        return 0;
+    s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
+    OPENSSL_cleanse(rnd, sizeof(rnd));
+
+    if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
+        return 0;
+
+    return 1;
+}
+
+BIGNUM *SSL_get_srp_g(SSL *s)
+{
+    if (s->srp_ctx.g != NULL)
+        return s->srp_ctx.g;
+    return s->ctx->srp_ctx.g;
+}
+
+BIGNUM *SSL_get_srp_N(SSL *s)
+{
+    if (s->srp_ctx.N != NULL)
+        return s->srp_ctx.N;
+    return s->ctx->srp_ctx.N;
+}
+
+char *SSL_get_srp_username(SSL *s)
+{
+    if (s->srp_ctx.login != NULL)
+        return s->srp_ctx.login;
+    return s->ctx->srp_ctx.login;
+}
+
+char *SSL_get_srp_userinfo(SSL *s)
+{
+    if (s->srp_ctx.info != NULL)
+        return s->srp_ctx.info;
+    return s->ctx->srp_ctx.info;
+}
+
+# define tls1_ctx_ctrl ssl3_ctx_ctrl
+# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
+
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
+}
+
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
+}
+
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
+                         NULL);
+}
+
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
+}
+
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
+                                  (void (*)(void))cb);
+}
+
+#endif
diff --git a/openssl-1.1.0h/test/CAss.cnf b/openssl-1.1.0h/test/CAss.cnf
new file mode 100644
index 0000000..b20a242
--- /dev/null
+++ b/openssl-1.1.0h/test/CAss.cnf
@@ -0,0 +1,76 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= sha1
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName		= Organization Name (eg, company)
+organizationName_value		= Dodgy Brothers
+
+commonName			= Common Name (eg, YOUR name)
+commonName_value		= Dodgy CA
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several certificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= v3_ca			# The extensions to add to the cert
+
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+policy		= policy_anything
+
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true,pathlen:1
+keyUsage = cRLSign, keyCertSign
+issuerAltName=issuer:copy
diff --git a/openssl-1.1.0h/test/CAssdh.cnf b/openssl-1.1.0h/test/CAssdh.cnf
new file mode 100644
index 0000000..4e0a908
--- /dev/null
+++ b/openssl-1.1.0h/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CU
+countryName_value             = CU
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = La Junta de la Revolucion
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Junta
+
diff --git a/openssl-1.1.0h/test/CAssdsa.cnf b/openssl-1.1.0h/test/CAssdsa.cnf
new file mode 100644
index 0000000..a6b4d18
--- /dev/null
+++ b/openssl-1.1.0h/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/openssl-1.1.0h/test/CAssrsa.cnf b/openssl-1.1.0h/test/CAssrsa.cnf
new file mode 100644
index 0000000..eb24a6d
--- /dev/null
+++ b/openssl-1.1.0h/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
+
diff --git a/openssl-1.1.0h/test/CAtsa.cnf b/openssl-1.1.0h/test/CAtsa.cnf
new file mode 100644
index 0000000..ab2f84a
--- /dev/null
+++ b/openssl-1.1.0h/test/CAtsa.cnf
@@ -0,0 +1,163 @@
+
+#
+# This config is used by the Time Stamp Authority tests.
+#
+
+RANDFILE		= ./.rnd
+
+# Extra OBJECT IDENTIFIER info:
+oid_section		= new_oids
+
+TSDNSECT		= ts_cert_dn
+INDEX			= 1
+
+[ new_oids ]
+
+# Policies used by the TSA tests.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+#----------------------------------------------------------------------
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+[ CA_default ]
+
+dir		= ./demoCA
+certs		= $dir/certs		# Where the issued certs are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+default_days	= 365			# how long to certify for
+default_md	= sha256			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= supplied
+stateOrProvinceName	= supplied
+organizationName	= supplied
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+#----------------------------------------------------------------------
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+distinguished_name	= $ENV::TSDNSECT
+encrypt_rsa_key		= no
+prompt 			= no
+# attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+string_mask = nombstr
+
+[ ts_ca_dn ]
+countryName			= HU
+stateOrProvinceName		= Budapest
+localityName			= Budapest
+organizationName		= Gov-CA Ltd.
+commonName			= ca1
+
+[ ts_cert_dn ]
+countryName			= HU
+stateOrProvinceName		= Budapest
+localityName			= Buda
+organizationName		= Hun-TSA Ltd.
+commonName			= tsa$ENV::INDEX
+
+[ tsa_cert ]
+
+# TSA server cert is not a CA cert.
+basicConstraints=CA:FALSE
+
+# The following key usage flags are needed for TSA server certificates.
+keyUsage = nonRepudiation, digitalSignature
+extendedKeyUsage = critical,timeStamping
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ non_tsa_cert ]
+
+# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
+basicConstraints=CA:FALSE
+
+# The following key usage flags are needed for TSA server certificates.
+keyUsage = nonRepudiation, digitalSignature
+# timeStamping is not supported by this certificate
+# extendedKeyUsage = critical,timeStamping
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature
+
+[ v3_ca ]
+
+# Extensions for a typical CA
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = cRLSign, keyCertSign
+
+#----------------------------------------------------------------------
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= .			# TSA root directory
+serial		= $dir/tsa_serial	# The current serial number (mandatory)
+signer_cert	= $dir/tsa_cert1.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/tsaca.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/tsa_key1.pem	# The TSA private key (optional)
+signer_digest  = sha256             # Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= yes	# Must the ESS cert id chain be included?
+				# (optional, default: no)
+
+[ tsa_config2 ]
+
+# This configuration uses a certificate which doesn't have timeStamping usage.
+# These are used by the TSA reply generation only.
+dir		= .			# TSA root directory
+serial		= $dir/tsa_serial	# The current serial number (mandatory)
+signer_cert	= $dir/tsa_cert2.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/demoCA/cacert.pem# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/tsa_key2.pem	# The TSA private key (optional)
+signer_digest  = sha256             # Signing digest to use. (Optional)
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
diff --git a/openssl-1.1.0h/test/P1ss.cnf b/openssl-1.1.0h/test/P1ss.cnf
new file mode 100644
index 0000000..e6118dc
--- /dev/null
+++ b/openssl-1.1.0h/test/P1ss.cnf
@@ -0,0 +1,37 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= sha256
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+0.commonName			= Common Name (eg, YOUR name)
+0.commonName_value		= Brother 1
+
+1.commonName			= Common Name (eg, YOUR name)
+1.commonName_value		= Brother 2
+
+2.commonName			= Common Name (eg, YOUR name)
+2.commonName_value		= Proxy 1
+
+[ v3_proxy ]
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/openssl-1.1.0h/test/P2ss.cnf b/openssl-1.1.0h/test/P2ss.cnf
new file mode 100644
index 0000000..d530e31
--- /dev/null
+++ b/openssl-1.1.0h/test/P2ss.cnf
@@ -0,0 +1,45 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= sha256
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+0.commonName			= Common Name (eg, YOUR name)
+0.commonName_value		= Brother 1
+
+1.commonName			= Common Name (eg, YOUR name)
+1.commonName_value		= Brother 2
+
+2.commonName			= Common Name (eg, YOUR name)
+2.commonName_value		= Proxy 1
+
+3.commonName			= Common Name (eg, YOUR name)
+3.commonName_value		= Proxy 2
+
+[ v3_proxy ]
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+proxyCertInfo=critical,@proxy_ext
+
+[ proxy_ext ]
+language=id-ppl-anyLanguage
+pathlen=0
+policy=text:BC
diff --git a/openssl-1.1.0h/test/README b/openssl-1.1.0h/test/README
new file mode 100644
index 0000000..ef39d38
--- /dev/null
+++ b/openssl-1.1.0h/test/README
@@ -0,0 +1,109 @@
+How to add recipes
+==================
+
+For any test that you want to perform, you write a script located in
+test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
+{name} is a unique name of your choice.
+
+Please note that if a test involves a new testing executable, you will need to
+do some additions in test/Makefile.  More on this later.
+
+
+Naming conventions
+=================
+
+A test executable is named test/{name}test.c
+
+A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
+digit number and {name} is a unique name of your choice.
+
+The number {nn} is (somewhat loosely) grouped as follows:
+
+00-04  sanity, internal and essential API tests
+05-09  individual symmetric cipher algorithms
+10-14  math (bignum)
+15-19  individual asymmetric cipher algorithms
+20-24  openssl commands (some otherwise not tested)
+25-29  certificate forms, generation and verification
+30-35  engine and evp
+60-79  APIs
+   70  PACKET layer
+80-89  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
+90-99  misc
+
+
+A recipe that just runs a test executable
+=========================================
+
+A script that just runs a program looks like this:
+
+    #! /usr/bin/perl
+    
+    use OpenSSL::Test::Simple;
+    
+    simple_test("test_{name}", "{name}test", "{name}");
+
+{name} is the unique name you have chosen for your test.
+
+The second argument to `simple_test' is the test executable, and `simple_test'
+expects it to be located in test/
+
+For documentation on OpenSSL::Test::Simple, do
+`perldoc test/testlib/OpenSSL/Test/Simple.pm'.
+
+
+A recipe that runs a more complex test
+======================================
+
+For more complex tests, you will need to read up on Test::More and
+OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
+documentation.  For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'.
+
+A script to start from could be this:
+
+    #! /usr/bin/perl
+    
+    use strict;
+    use warnings;
+    use OpenSSL::Test;
+    
+    setup("test_{name}");
+    
+    plan tests => 2;                # The number of tests being performed
+    
+    ok(test1, "test1");
+    ok(test2, "test1");
+    
+    sub test1
+    {
+        # test feature 1
+    }
+    
+    sub test2
+    {
+        # test feature 2
+    }
+    
+
+Changes to test/Makefile
+========================
+
+Whenever a new test involves a new test executable you need to do the
+following (at all times, replace {NAME} and {name} with the name of your
+test):
+
+* among the variables for test executables at the beginning, add a line like
+  this:
+
+    {NAME}TEST= {name}test
+
+* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE:
+
+* add `$({NAME}TEST).o' to the assignment of OBJ:
+
+* add `$({NAME}TEST).c' to the assignment of SRC:
+
+* add the following lines for building the executable:
+
+    $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO)
+           @target=$({NAME}TEST); $(BUILD_CMD)
diff --git a/openssl-1.1.0h/test/README.ssltest.md b/openssl-1.1.0h/test/README.ssltest.md
new file mode 100644
index 0000000..c1edda5
--- /dev/null
+++ b/openssl-1.1.0h/test/README.ssltest.md
@@ -0,0 +1,274 @@
+# SSL tests
+
+SSL testcases are configured in the `ssl-tests` directory.
+
+Each `ssl_*.conf.in` file contains a number of test configurations. These files
+are used to generate testcases in the OpenSSL CONF format.
+
+The precise test output can be dependent on the library configuration. The test
+harness generates the output files on the fly.
+
+However, for verification, we also include checked-in configuration outputs
+corresponding to the default configuration. These testcases live in
+`test/ssl-tests/*.conf` files.
+
+For more details, see `ssl-tests/01-simple.conf.in` for an example.
+
+## Configuring the test
+
+First, give your test a name. The names do not have to be unique.
+
+An example test input looks like this:
+
+```
+    {
+        name => "test-default",
+        server => { "CipherString" => "DEFAULT" },
+        client => { "CipherString" => "DEFAULT" },
+        test   => { "ExpectedResult" => "Success" },
+    }
+```
+
+The test section supports the following options
+
+### Test mode
+
+* Method - the method to test. One of DTLS or TLS.
+
+* HandshakeMode - which handshake flavour to test:
+  - Simple - plain handshake (default)
+  - Resume - test resumption
+  - RenegotiateServer - test server initiated renegotiation
+  - RenegotiateClient - test client initiated renegotiation
+
+When HandshakeMode is Resume or Renegotiate, the original handshake is expected
+to succeed. All configured test expectations are verified against the second
+handshake.
+
+* ApplicationData - amount of application data bytes to send (integer, defaults
+  to 256 bytes). Applies to both client and server. Application data is sent in
+  64kB chunks (but limited by MaxFragmentSize and available parallelization, see
+  below).
+
+* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in
+  tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to
+  both client and server. Lowering the fragment size will split handshake and
+  application data up between more `SSL_write` calls, thus allowing to exercise
+  different code paths. In particular, if the buffer size (64kB) is at least
+  four times as large as the maximum fragment, interleaved multi-buffer crypto
+  implementations may be used on some platforms.
+
+### Test expectations
+
+* ExpectedResult - expected handshake outcome. One of
+  - Success - handshake success
+  - ServerFail - serverside handshake failure
+  - ClientFail - clientside handshake failure
+  - InternalError - some other error
+
+* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
+  `ssl_test_ctx.c` for known values. Note: the expected alert is currently
+  matched against the _last_ received alert (i.e., a fatal alert or a
+  `close_notify`). Warning alert expectations are not yet supported. (A warning
+  alert will not be correctly matched, if followed by a `close_notify` or
+  another alert.)
+
+* ExpectedProtocol - expected negotiated protocol. One of
+  SSLv3, TLSv1, TLSv1.1, TLSv1.2.
+
+* SessionTicketExpected - whether or not a session ticket is expected
+  - Ignore - do not check for a session ticket (default)
+  - Yes - a session ticket is expected
+  - No - a session ticket is not expected
+
+* ResumptionExpected - whether or not resumption is expected (Resume mode only)
+  - Yes - resumed handshake
+  - No - full handshake (default)
+
+* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
+
+* ExpectedTmpKeyType - the expected algorithm or curve of server temp key
+
+## Configuring the client and server
+
+The client and server configurations can be any valid `SSL_CTX`
+configurations. For details, see the manpages for `SSL_CONF_cmd`.
+
+Give your configurations as a dictionary of CONF commands, e.g.
+
+```
+server => {
+    "CipherString" => "DEFAULT",
+    "MinProtocol" => "TLSv1",
+}
+```
+
+The following sections may optionally be defined:
+
+* server2 - this section configures a secondary context that is selected via the
+  ServerName test option. This context is used whenever a ServerNameCallback is
+  specified. If the server2 section is not present, then the configuration
+  matches server.
+* resume_server - this section configures the client to resume its session
+  against a different server. This context is used whenever HandshakeMode is
+  Resume. If the resume_server section is not present, then the configuration
+  matches server.
+* resume_client - this section configures the client to resume its session with
+  a different configuration. In practice this may occur when, for example,
+  upgraded clients reuse sessions persisted on disk.  This context is used
+  whenever HandshakeMode is Resume. If the resume_client section is not present,
+  then the configuration matches client.
+
+### Configuring callbacks and additional options
+
+Additional handshake settings can be configured in the `extra` section of each
+client and server:
+
+```
+client => {
+    "CipherString" => "DEFAULT",
+    extra => {
+        "ServerName" => "server2",
+    }
+}
+```
+
+#### Supported client-side options
+
+* ClientVerifyCallback - the client's custom certificate verify callback.
+  Used to test callback behaviour. One of
+  - None - no custom callback (default)
+  - AcceptAll - accepts all certificates.
+  - RejectAll - rejects all certificates.
+
+* ServerName - the server the client should attempt to connect to. One of
+  - None - do not use SNI (default)
+  - server1 - the initial context
+  - server2 - the secondary context
+  - invalid - an unknown context
+
+* CTValidation - Certificate Transparency validation strategy. One of
+  - None - no validation (default)
+  - Permissive - SSL_CT_VALIDATION_PERMISSIVE
+  - Strict - SSL_CT_VALIDATION_STRICT
+
+#### Supported server-side options
+
+* ServerNameCallback - the SNI switching callback to use
+  - None - no callback (default)
+  - IgnoreMismatch - continue the handshake on SNI mismatch
+  - RejectMismatch - abort the handshake on SNI mismatch
+
+* BrokenSessionTicket - a special test case where the session ticket callback
+  does not initialize crypto.
+  - No (default)
+  - Yes
+
+#### Mutually supported options
+
+* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
+  protocols can be specified as a comma-separated list, and a callback with the
+  recommended behaviour will be installed automatically.
+
+### Default server and client configurations
+
+The default server certificate and CA files are added to the configurations
+automatically. Server certificate verification is requested by default.
+
+You can override these options by redefining them:
+
+```
+client => {
+    "VerifyCAFile" => "/path/to/custom/file"
+}
+```
+
+or by deleting them
+
+```
+client => {
+    "VerifyCAFile" => undef
+}
+```
+
+## Adding a test to the test harness
+
+1. Add a new test configuration to `test/ssl-tests`, following the examples of
+   existing `*.conf.in` files (for example, `01-simple.conf.in`).
+
+2. Generate the generated `*.conf` test input file. You can do so by running
+   `generate_ssl_tests.pl`:
+
+```
+$ ./config
+$ cd test
+$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \
+  > ssl-tests/my.conf
+```
+
+where `my.conf.in` is your test input file.
+
+For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
+
+```
+$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+```
+
+Alternatively (hackish but simple), you can comment out
+
+```
+unlink glob $tmp_file;
+```
+
+in `test/recipes/80-test_ssl_new.t` and run
+
+```
+$ make TESTS=test_ssl_new test
+```
+
+This will save the generated output in a `*.tmp` file in the build directory.
+
+3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If
+   the test suite has any skip conditions, update those too (see
+   `test/recipes/80-test_ssl_new.t` for details).
+
+## Running the tests with the test harness
+
+```
+HARNESS_VERBOSE=yes make TESTS=test_ssl_new test
+```
+
+## Running a test manually
+
+These steps are only needed during development. End users should run `make test`
+or follow the instructions above to run the SSL test suite.
+
+To run an SSL test manually from the command line, the `TEST_CERTS_DIR`
+environment variable to point to the location of the certs. E.g., from the root
+OpenSSL directory, do
+
+```
+$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
+  test/ssl-tests/01-simple.conf
+```
+
+or for shared builds
+
+```
+$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
+  util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf
+```
+
+Note that the test expectations sometimes depend on the Configure settings. For
+example, the negotiated protocol depends on the set of available (enabled)
+protocols: a build with `enable-ssl3` has different test expectations than a
+build with `no-ssl3`.
+
+The Perl test harness automatically generates expected outputs, so users who
+just run `make test` do not need any extra steps.
+
+However, when running a test manually, keep in mind that the repository version
+of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
+the default Configure options. To run `ssl_test` manually from the command line
+in a build with a different configuration, you may need to generate the right
+`*.conf` file from the `*.conf.in` input first.
diff --git a/openssl-1.1.0h/test/Sssdsa.cnf b/openssl-1.1.0h/test/Sssdsa.cnf
new file mode 100644
index 0000000..8e170a2
--- /dev/null
+++ b/openssl-1.1.0h/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
+
diff --git a/openssl-1.1.0h/test/Sssrsa.cnf b/openssl-1.1.0h/test/Sssrsa.cnf
new file mode 100644
index 0000000..8c79a03
--- /dev/null
+++ b/openssl-1.1.0h/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/openssl-1.1.0h/test/Uss.cnf b/openssl-1.1.0h/test/Uss.cnf
new file mode 100644
index 0000000..f655e74
--- /dev/null
+++ b/openssl-1.1.0h/test/Uss.cnf
@@ -0,0 +1,41 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+CN2 = Brother 2
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		    = sha256
+prompt              = no
+
+[ req_distinguished_name ]
+countryName         = AU
+organizationName    = Dodgy Brothers
+0.commonName        = Brother 1
+1.commonName		= $ENV::CN2
+
+[ v3_ee ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ee_dsa ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature
+
+[ v3_ee_ec ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature, keyAgreement
+
diff --git a/openssl-1.1.0h/test/aborttest.c b/openssl-1.1.0h/test/aborttest.c
new file mode 100644
index 0000000..ba5055e
--- /dev/null
+++ b/openssl-1.1.0h/test/aborttest.c
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+int main(int argc, char **argv)
+{
+    OPENSSL_die("Voluntary abort", __FILE__, __LINE__);
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/afalgtest.c b/openssl-1.1.0h/test/afalgtest.c
new file mode 100644
index 0000000..e6e02f0
--- /dev/null
+++ b/openssl-1.1.0h/test/afalgtest.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_AFALGENG
+# include <linux/version.h>
+# define K_MAJ   4
+# define K_MIN1  1
+# define K_MIN2  0
+# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)
+/*
+ * If we get here then it looks like there is a mismatch between the linux
+ * headers and the actual kernel version, so we have tried to compile with
+ * afalg support, but then skipped it in e_afalg.c. As far as this test is
+ * concerned we behave as if we had been configured without support
+ */
+#  define OPENSSL_NO_AFALGENG
+# endif
+#endif
+
+#ifndef OPENSSL_NO_AFALGENG
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+/* Use a buffer size which is not aligned to block size */
+#define BUFFER_SIZE     (8 * 1024) - 13
+
+static int test_afalg_aes_128_cbc(ENGINE *e)
+{
+    EVP_CIPHER_CTX *ctx;
+    const EVP_CIPHER *cipher = EVP_aes_128_cbc();
+    unsigned char key[] = "\x5F\x4D\xCC\x3B\x5A\xA7\x65\xD6\
+                           \x1D\x83\x27\xDE\xB8\x82\xCF\x99";
+    unsigned char iv[] = "\x2B\x95\x99\x0A\x91\x51\x37\x4A\
+                          \xBD\x8F\xF8\xC5\xA7\xA0\xFE\x08";
+
+    unsigned char in[BUFFER_SIZE];
+    unsigned char ebuf[BUFFER_SIZE + 32];
+    unsigned char dbuf[BUFFER_SIZE + 32];
+    int encl, encf, decl, decf;
+    unsigned int status = 0;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) {
+        fprintf(stderr, "%s() failed to allocate ctx\n", __func__);
+        return 0;
+    }
+    RAND_bytes(in, BUFFER_SIZE);
+
+    if (       !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1)
+            || !EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE)
+            || !EVP_CipherFinal_ex(ctx, ebuf+encl, &encf)) {
+        fprintf(stderr, "%s() failed encryption\n", __func__);
+        goto end;
+    }
+    encl += encf;
+
+    if (       !EVP_CIPHER_CTX_reset(ctx)
+            || !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0)
+            || !EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl)
+            || !EVP_CipherFinal_ex(ctx, dbuf+decl, &decf)) {
+        fprintf(stderr, "%s() failed decryption\n", __func__);
+        goto end;
+    }
+    decl += decf;
+
+    if (       decl != BUFFER_SIZE
+            || memcmp(dbuf, in, BUFFER_SIZE)) {
+        fprintf(stderr, "%s() failed Dec(Enc(P)) != P\n", __func__);
+        goto end;
+    }
+
+    status = 1;
+
+ end:
+    EVP_CIPHER_CTX_free(ctx);
+    return status;
+}
+
+int main(int argc, char **argv)
+{
+    ENGINE *e;
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ENGINE_load_builtin_engines();
+
+# ifndef OPENSSL_NO_STATIC_ENGINE
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL);
+# endif
+
+    e = ENGINE_by_id("afalg");
+    if (e == NULL) {
+        /*
+         * A failure to load is probably a platform environment problem so we
+         * don't treat this as an OpenSSL test failure, i.e. we return 0
+         */
+        fprintf(stderr,
+                "AFALG Test: Failed to load AFALG Engine - skipping test\n");
+        return 0;
+    }
+
+    if (test_afalg_aes_128_cbc(e) == 0) {
+        ENGINE_free(e);
+        return 1;
+    }
+
+    ENGINE_free(e);
+    printf("PASS\n");
+    return 0;
+}
+
+#else  /* OPENSSL_NO_AFALGENG */
+
+int main(int argc, char **argv)
+{
+    fprintf(stderr, "AFALG not supported - skipping AFALG tests\n");
+    printf("PASS\n");
+    return 0;
+}
+
+#endif
diff --git a/openssl-1.1.0h/test/asynciotest.c b/openssl-1.1.0h/test/asynciotest.c
new file mode 100644
index 0000000..7e51efb
--- /dev/null
+++ b/openssl-1.1.0h/test/asynciotest.c
@@ -0,0 +1,382 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <string.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#include "../ssl/packet_locl.h"
+
+#include "ssltestlib.h"
+
+/* Should we fragment records or not? 0 = no, !0 = yes*/
+static int fragment = 0;
+
+static int async_new(BIO *bi);
+static int async_free(BIO *a);
+static int async_read(BIO *b, char *out, int outl);
+static int async_write(BIO *b, const char *in, int inl);
+static long async_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int async_gets(BIO *bp, char *buf, int size);
+static int async_puts(BIO *bp, const char *str);
+
+/* Choose a sufficiently large type likely to be unused for this custom BIO */
+# define BIO_TYPE_ASYNC_FILTER  (0x80 | BIO_TYPE_FILTER)
+
+static BIO_METHOD *methods_async = NULL;
+
+struct async_ctrs {
+    unsigned int rctr;
+    unsigned int wctr;
+};
+
+static const BIO_METHOD *bio_f_async_filter()
+{
+    if (methods_async == NULL) {
+        methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter");
+        if (   methods_async == NULL
+            || !BIO_meth_set_write(methods_async, async_write)
+            || !BIO_meth_set_read(methods_async, async_read)
+            || !BIO_meth_set_puts(methods_async, async_puts)
+            || !BIO_meth_set_gets(methods_async, async_gets)
+            || !BIO_meth_set_ctrl(methods_async, async_ctrl)
+            || !BIO_meth_set_create(methods_async, async_new)
+            || !BIO_meth_set_destroy(methods_async, async_free))
+            return NULL;
+    }
+    return methods_async;
+}
+
+static int async_new(BIO *bio)
+{
+    struct async_ctrs *ctrs;
+
+    ctrs = OPENSSL_zalloc(sizeof(struct async_ctrs));
+    if (ctrs == NULL)
+        return 0;
+
+    BIO_set_data(bio, ctrs);
+    BIO_set_init(bio, 1);
+    return 1;
+}
+
+static int async_free(BIO *bio)
+{
+    struct async_ctrs *ctrs;
+
+    if (bio == NULL)
+        return 0;
+    ctrs = BIO_get_data(bio);
+    OPENSSL_free(ctrs);
+    BIO_set_data(bio, NULL);
+    BIO_set_init(bio, 0);
+
+    return 1;
+}
+
+static int async_read(BIO *bio, char *out, int outl)
+{
+    struct async_ctrs *ctrs;
+    int ret = -1;
+    BIO *next = BIO_next(bio);
+
+    if (outl <= 0)
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    ctrs = BIO_get_data(bio);
+
+    BIO_clear_retry_flags(bio);
+
+    if (ctrs->rctr > 0) {
+        ret = BIO_read(next, out, 1);
+        if (ret <= 0 && BIO_should_read(next))
+            BIO_set_retry_read(bio);
+        ctrs->rctr = 0;
+    } else {
+        ctrs->rctr++;
+        BIO_set_retry_read(bio);
+    }
+
+    return ret;
+}
+
+#define MIN_RECORD_LEN  6
+
+#define CONTENTTYPEPOS  0
+#define VERSIONHIPOS    1
+#define VERSIONLOPOS    2
+#define DATAPOS         5
+
+static int async_write(BIO *bio, const char *in, int inl)
+{
+    struct async_ctrs *ctrs;
+    int ret = -1;
+    size_t written = 0;
+    BIO *next = BIO_next(bio);
+
+    if (inl <= 0)
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    ctrs = BIO_get_data(bio);
+
+    BIO_clear_retry_flags(bio);
+
+    if (ctrs->wctr > 0) {
+        ctrs->wctr = 0;
+        if (fragment) {
+            PACKET pkt;
+
+            if (!PACKET_buf_init(&pkt, (const unsigned char *)in, inl))
+                abort();
+
+            while (PACKET_remaining(&pkt) > 0) {
+                PACKET payload;
+                unsigned int contenttype, versionhi, versionlo, data;
+
+                if (   !PACKET_get_1(&pkt, &contenttype)
+                    || !PACKET_get_1(&pkt, &versionhi)
+                    || !PACKET_get_1(&pkt, &versionlo)
+                    || !PACKET_get_length_prefixed_2(&pkt, &payload))
+                    abort();
+
+                /* Pretend we wrote out the record header */
+                written += SSL3_RT_HEADER_LENGTH;
+
+                while (PACKET_get_1(&payload, &data)) {
+                    /* Create a new one byte long record for each byte in the
+                     * record in the input buffer
+                     */
+                    char smallrec[MIN_RECORD_LEN] = {
+                        0, /* Content type */
+                        0, /* Version hi */
+                        0, /* Version lo */
+                        0, /* Length hi */
+                        1, /* Length lo */
+                        0  /* Data */
+                    };
+
+                    smallrec[CONTENTTYPEPOS] = contenttype;
+                    smallrec[VERSIONHIPOS] = versionhi;
+                    smallrec[VERSIONLOPOS] = versionlo;
+                    smallrec[DATAPOS] = data;
+                    ret = BIO_write(next, smallrec, MIN_RECORD_LEN);
+                    if (ret <= 0)
+                        abort();
+                    written++;
+                }
+                /*
+                 * We can't fragment anything after the CCS, otherwise we
+                 * get a bad record MAC
+                 */
+                if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC) {
+                    fragment = 0;
+                    break;
+                }
+            }
+        }
+        /* Write any data we have left after fragmenting */
+        ret = 0;
+        if ((int)written < inl) {
+            ret = BIO_write(next, in + written , inl - written);
+        }
+
+        if (ret <= 0 && BIO_should_write(next))
+            BIO_set_retry_write(bio);
+        else
+            ret += written;
+    } else {
+        ctrs->wctr++;
+        BIO_set_retry_write(bio);
+    }
+
+    return ret;
+}
+
+static long async_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(bio);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static int async_gets(BIO *bio, char *buf, int size)
+{
+    /* We don't support this - not needed anyway */
+    return -1;
+}
+
+static int async_puts(BIO *bio, const char *str)
+{
+    return async_write(bio, str, strlen(str));
+}
+
+#define MAX_ATTEMPTS    100
+
+int main(int argc, char *argv[])
+{
+    SSL_CTX *serverctx = NULL, *clientctx = NULL;
+    SSL *serverssl = NULL, *clientssl = NULL;
+    BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL;
+    int test, err = 1, ret;
+    size_t i, j;
+    const char testdata[] = "Test data";
+    char buf[sizeof(testdata)];
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        goto end;
+    }
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION,
+                             &serverctx, &clientctx, argv[1], argv[2])) {
+        printf("Failed to create SSL_CTX pair\n");
+        goto end;
+    }
+
+    /*
+     * We do 2 test runs. The first time around we just do a normal handshake
+     * with lots of async io going on. The second time around we also break up
+     * all records so that the content is only one byte length (up until the
+     * CCS)
+     */
+    for (test = 1; test < 3; test++) {
+        if (test == 2)
+            fragment = 1;
+
+
+        s_to_c_fbio = BIO_new(bio_f_async_filter());
+        c_to_s_fbio = BIO_new(bio_f_async_filter());
+        if (s_to_c_fbio == NULL || c_to_s_fbio == NULL) {
+            printf("Failed to create filter BIOs\n");
+            BIO_free(s_to_c_fbio);
+            BIO_free(c_to_s_fbio);
+            goto end;
+        }
+
+        /* BIOs get freed on error */
+        if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
+                                s_to_c_fbio, c_to_s_fbio)) {
+            printf("Test %d failed: Create SSL objects failed\n", test);
+            goto end;
+        }
+
+        if (!create_ssl_connection(serverssl, clientssl)) {
+            printf("Test %d failed: Create SSL connection failed\n", test);
+            goto end;
+        }
+
+        /*
+         * Send and receive some test data. Do the whole thing twice to ensure
+         * we hit at least one async event in both reading and writing
+         */
+        for (j = 0; j < 2; j++) {
+            int len;
+
+            /*
+             * Write some test data. It should never take more than 2 attempts
+             * (the first one might be a retryable fail).
+             */
+            for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
+                i++) {
+                ret = SSL_write(clientssl, testdata + len,
+                    sizeof(testdata) - len);
+                if (ret > 0) {
+                    len += ret;
+                } else {
+                    int ssl_error = SSL_get_error(clientssl, ret);
+
+                    if (ssl_error == SSL_ERROR_SYSCALL ||
+                        ssl_error == SSL_ERROR_SSL) {
+                        printf("Test %d failed: Failed to write app data\n", test);
+                        err = -1;
+                        goto end;
+                    }
+                }
+            }
+            if (len != sizeof(testdata)) {
+                err = -1;
+                printf("Test %d failed: Failed to write all app data\n", test);
+                goto end;
+            }
+            /*
+             * Now read the test data. It may take more attempts here because
+             * it could fail once for each byte read, including all overhead
+             * bytes from the record header/padding etc.
+             */
+            for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
+                i < MAX_ATTEMPTS; i++)
+            {
+                ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
+                if (ret > 0) {
+                    len += ret;
+                } else {
+                    int ssl_error = SSL_get_error(serverssl, ret);
+
+                    if (ssl_error == SSL_ERROR_SYSCALL ||
+                        ssl_error == SSL_ERROR_SSL) {
+                        printf("Test %d failed: Failed to read app data\n", test);
+                        err = -1;
+                        goto end;
+                    }
+                }
+            }
+            if (len != sizeof(testdata)
+                    || memcmp(buf, testdata, sizeof(testdata)) != 0) {
+                err = -1;
+                printf("Test %d failed: Unexpected app data received\n", test);
+                goto end;
+            }
+        }
+
+        /* Also frees the BIOs */
+        SSL_free(clientssl);
+        SSL_free(serverssl);
+        clientssl = serverssl = NULL;
+    }
+
+    printf("Test success\n");
+
+    err = 0;
+ end:
+    if (err)
+        ERR_print_errors_fp(stderr);
+
+    SSL_free(clientssl);
+    SSL_free(serverssl);
+    SSL_CTX_free(clientctx);
+    SSL_CTX_free(serverctx);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    CRYPTO_mem_leaks_fp(stderr);
+# endif
+
+    return err;
+}
diff --git a/openssl-1.1.0h/test/asynctest.c b/openssl-1.1.0h/test/asynctest.c
new file mode 100644
index 0000000..eef3c32
--- /dev/null
+++ b/openssl-1.1.0h/test/asynctest.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef _WIN32
+# include <windows.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/async.h>
+#include <openssl/crypto.h>
+
+static int ctr = 0;
+static ASYNC_JOB *currjob = NULL;
+
+static int only_pause(void *args)
+{
+    ASYNC_pause_job();
+
+    return 1;
+}
+
+static int add_two(void *args)
+{
+    ctr++;
+    ASYNC_pause_job();
+    ctr++;
+
+    return 2;
+}
+
+static int save_current(void *args)
+{
+    currjob = ASYNC_get_current_job();
+    ASYNC_pause_job();
+
+    return 1;
+}
+
+#define MAGIC_WAIT_FD   ((OSSL_ASYNC_FD)99)
+static int waitfd(void *args)
+{
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    job = ASYNC_get_current_job();
+    if (job == NULL)
+        return 0;
+    waitctx = ASYNC_get_wait_ctx(job);
+    if (waitctx == NULL)
+        return 0;
+
+    /* First case: no fd added or removed */
+    ASYNC_pause_job();
+
+    /* Second case: one fd added */
+    if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
+        return 0;
+    ASYNC_pause_job();
+
+    /* Third case: all fd removed */
+    if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx))
+        return 0;
+    ASYNC_pause_job();
+
+    /* Last case: fd added and immediately removed */
+    if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
+        return 0;
+    if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx))
+        return 0;
+
+    return 1;
+}
+
+static int blockpause(void *args)
+{
+    ASYNC_block_pause();
+    ASYNC_pause_job();
+    ASYNC_unblock_pause();
+    ASYNC_pause_job();
+
+    return 1;
+}
+
+static int test_ASYNC_init_thread()
+{
+    ASYNC_JOB *job1 = NULL, *job2 = NULL, *job3 = NULL;
+    int funcret1, funcret2, funcret3;
+    ASYNC_WAIT_CTX *waitctx = NULL;
+
+    if (       !ASYNC_init_thread(2, 0)
+            || (waitctx = ASYNC_WAIT_CTX_new()) == NULL
+            || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0)
+                != ASYNC_PAUSE
+            || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0)
+                != ASYNC_PAUSE
+            || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
+                != ASYNC_NO_JOBS
+            || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0)
+                != ASYNC_FINISH
+            || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
+                != ASYNC_PAUSE
+            || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0)
+                != ASYNC_FINISH
+            || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
+                != ASYNC_FINISH
+            || funcret1 != 1
+            || funcret2 != 1
+            || funcret3 != 1) {
+        fprintf(stderr, "test_ASYNC_init_thread() failed\n");
+        ASYNC_WAIT_CTX_free(waitctx);
+        ASYNC_cleanup_thread();
+        return 0;
+    }
+
+    ASYNC_WAIT_CTX_free(waitctx);
+    ASYNC_cleanup_thread();
+    return 1;
+}
+
+static int test_ASYNC_start_job()
+{
+    ASYNC_JOB *job = NULL;
+    int funcret;
+    ASYNC_WAIT_CTX *waitctx = NULL;
+
+    ctr = 0;
+
+    if (       !ASYNC_init_thread(1, 0)
+            || (waitctx = ASYNC_WAIT_CTX_new()) == NULL
+            || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0)
+               != ASYNC_PAUSE
+            || ctr != 1
+            || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0)
+               != ASYNC_FINISH
+            || ctr != 2
+            || funcret != 2) {
+        fprintf(stderr, "test_ASYNC_start_job() failed\n");
+        ASYNC_WAIT_CTX_free(waitctx);
+        ASYNC_cleanup_thread();
+        return 0;
+    }
+
+    ASYNC_WAIT_CTX_free(waitctx);
+    ASYNC_cleanup_thread();
+    return 1;
+}
+
+static int test_ASYNC_get_current_job()
+{
+    ASYNC_JOB *job = NULL;
+    int funcret;
+    ASYNC_WAIT_CTX *waitctx = NULL;
+
+    currjob = NULL;
+
+    if (       !ASYNC_init_thread(1, 0)
+            || (waitctx = ASYNC_WAIT_CTX_new()) == NULL
+            || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0)
+                != ASYNC_PAUSE
+            || currjob != job
+            || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0)
+                != ASYNC_FINISH
+            || funcret != 1) {
+        fprintf(stderr, "test_ASYNC_get_current_job() failed\n");
+        ASYNC_WAIT_CTX_free(waitctx);
+        ASYNC_cleanup_thread();
+        return 0;
+    }
+
+    ASYNC_WAIT_CTX_free(waitctx);
+    ASYNC_cleanup_thread();
+    return 1;
+}
+
+static int test_ASYNC_WAIT_CTX_get_all_fds()
+{
+    ASYNC_JOB *job = NULL;
+    int funcret;
+    ASYNC_WAIT_CTX *waitctx = NULL;
+    OSSL_ASYNC_FD fd = OSSL_BAD_ASYNC_FD, delfd = OSSL_BAD_ASYNC_FD;
+    size_t numfds, numdelfds;
+
+    if (       !ASYNC_init_thread(1, 0)
+            || (waitctx = ASYNC_WAIT_CTX_new()) == NULL
+               /* On first run we're not expecting any wait fds */
+            || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
+                != ASYNC_PAUSE
+            || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
+            || numfds != 0
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
+                                               &numdelfds)
+            || numfds != 0
+            || numdelfds != 0
+               /* On second run we're expecting one added fd */
+            || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
+                != ASYNC_PAUSE
+            || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
+            || numfds != 1
+            || !ASYNC_WAIT_CTX_get_all_fds(waitctx, &fd, &numfds)
+            || fd != MAGIC_WAIT_FD
+            || (fd = OSSL_BAD_ASYNC_FD, 0) /* Assign to something else */
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
+                                               &numdelfds)
+            || numfds != 1
+            || numdelfds != 0
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, &fd, &numfds, NULL,
+                                               &numdelfds)
+            || fd != MAGIC_WAIT_FD
+               /* On third run we expect one deleted fd */
+            || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
+                != ASYNC_PAUSE
+            || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
+            || numfds != 0
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
+                                               &numdelfds)
+            || numfds != 0
+            || numdelfds != 1
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, &delfd,
+                                               &numdelfds)
+            || delfd != MAGIC_WAIT_FD
+            /* On last run we are not expecting any wait fd */
+            || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
+                != ASYNC_FINISH
+            || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
+            || numfds != 0
+            || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
+                                               &numdelfds)
+            || numfds != 0
+            || numdelfds != 0
+            || funcret != 1) {
+        fprintf(stderr, "test_ASYNC_get_wait_fd() failed\n");
+        ASYNC_WAIT_CTX_free(waitctx);
+        ASYNC_cleanup_thread();
+        return 0;
+    }
+
+    ASYNC_WAIT_CTX_free(waitctx);
+    ASYNC_cleanup_thread();
+    return 1;
+}
+
+static int test_ASYNC_block_pause()
+{
+    ASYNC_JOB *job = NULL;
+    int funcret;
+    ASYNC_WAIT_CTX *waitctx = NULL;
+
+    if (       !ASYNC_init_thread(1, 0)
+            || (waitctx = ASYNC_WAIT_CTX_new()) == NULL
+            || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0)
+                != ASYNC_PAUSE
+            || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0)
+                != ASYNC_FINISH
+            || funcret != 1) {
+        fprintf(stderr, "test_ASYNC_block_pause() failed\n");
+        ASYNC_WAIT_CTX_free(waitctx);
+        ASYNC_cleanup_thread();
+        return 0;
+    }
+
+    ASYNC_WAIT_CTX_free(waitctx);
+    ASYNC_cleanup_thread();
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    if (!ASYNC_is_capable()) {
+        fprintf(stderr,
+                "OpenSSL build is not ASYNC capable - skipping async tests\n");
+    } else {
+        CRYPTO_set_mem_debug(1);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+        if (       !test_ASYNC_init_thread()
+                || !test_ASYNC_start_job()
+                || !test_ASYNC_get_current_job()
+                || !test_ASYNC_WAIT_CTX_get_all_fds()
+                || !test_ASYNC_block_pause()) {
+            return 1;
+        }
+    }
+    printf("PASS\n");
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/bad_dtls_test.c b/openssl-1.1.0h/test/bad_dtls_test.c
new file mode 100644
index 0000000..2e33010
--- /dev/null
+++ b/openssl-1.1.0h/test/bad_dtls_test.c
@@ -0,0 +1,624 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Unit test for Cisco DTLS1_BAD_VER session resume, as used by
+ * AnyConnect VPN protocol.
+ *
+ * This is designed to exercise the code paths in
+ * http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/dtls.c
+ * which have frequently been affected by regressions in DTLS1_BAD_VER
+ * support.
+ *
+ * Note that unlike other SSL tests, we don't test against our own SSL
+ * server method. Firstly because we don't have one; we *only* support
+ * DTLS1_BAD_VER as a client. And secondly because even if that were
+ * fixed up it's the wrong thing to test against - because if changes
+ * are made in generic DTLS code which don't take DTLS1_BAD_VER into
+ * account, there's plenty of scope for making those changes such that
+ * they break *both* the client and the server in the same way.
+ *
+ * So we handle the server side manually. In a session resume there isn't
+ * much to be done anyway.
+ */
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/kdf.h>
+
+#include "../ssl/packet_locl.h"
+#include "../e_os.h" /* for OSSL_NELEM() */
+
+/* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */
+#define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
+
+static unsigned char client_random[SSL3_RANDOM_SIZE];
+static unsigned char server_random[SSL3_RANDOM_SIZE];
+
+/* These are all generated locally, sized purely according to our own whim */
+static unsigned char session_id[32];
+static unsigned char master_secret[48];
+static unsigned char cookie[20];
+
+/* We've hard-coded the cipher suite; we know it's 104 bytes */
+static unsigned char key_block[104];
+#define mac_key (key_block + 20)
+#define dec_key (key_block + 40)
+#define enc_key (key_block + 56)
+
+static EVP_MD_CTX *handshake_md;
+
+static int do_PRF(const void *seed1, int seed1_len,
+                  const void *seed2, int seed2_len,
+                  const void *seed3, int seed3_len,
+                  unsigned char *out, int olen)
+{
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    size_t outlen = olen;
+
+    /* No error handling. If it all screws up, the test will fail anyway */
+    EVP_PKEY_derive_init(pctx);
+    EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1());
+    EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, master_secret, sizeof(master_secret));
+    EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len);
+    EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len);
+    EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len);
+    EVP_PKEY_derive(pctx, out, &outlen);
+    EVP_PKEY_CTX_free(pctx);
+    return 1;
+}
+
+static SSL_SESSION *client_session(void)
+{
+    static unsigned char session_asn1[] = {
+        0x30, 0x5F,              /* SEQUENCE, length 0x5F */
+        0x02, 0x01, 0x01,        /* INTEGER, SSL_SESSION_ASN1_VERSION */
+        0x02, 0x02, 0x01, 0x00,  /* INTEGER, DTLS1_BAD_VER */
+        0x04, 0x02, 0x00, 0x2F,  /* OCTET_STRING, AES128-SHA */
+        0x04, 0x20,              /* OCTET_STRING, session id */
+#define SS_SESSID_OFS 15 /* Session ID goes here */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x04, 0x30,              /* OCTET_STRING, master secret */
+#define SS_SECRET_OFS 49 /* Master secret goes here */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    };
+    const unsigned char *p = session_asn1;
+
+    /* Copy the randomly-generated fields into the above ASN1 */
+    memcpy(session_asn1 + SS_SESSID_OFS, session_id, sizeof(session_id));
+    memcpy(session_asn1 + SS_SECRET_OFS, master_secret, sizeof(master_secret));
+
+    return d2i_SSL_SESSION(NULL, &p, sizeof(session_asn1));
+}
+
+/* Returns 1 for initial ClientHello, 2 for ClientHello with cookie */
+static int validate_client_hello(BIO *wbio)
+{
+    PACKET pkt, pkt2;
+    long len;
+    unsigned char *data;
+    int cookie_found = 0;
+    unsigned int u;
+
+    len = BIO_get_mem_data(wbio, (char **)&data);
+    if (!PACKET_buf_init(&pkt, data, len))
+        return 0;
+
+    /* Check record header type */
+    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE)
+        return 0;
+    /* Version */
+    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
+        return 0;
+    /* Skip the rest of the record header */
+    if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3))
+        return 0;
+
+    /* Check it's a ClientHello */
+    if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CLIENT_HELLO)
+        return 0;
+    /* Skip the rest of the handshake message header */
+    if (!PACKET_forward(&pkt, DTLS1_HM_HEADER_LENGTH - 1))
+        return 0;
+
+    /* Check client version */
+    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
+        return 0;
+
+    /* Store random */
+    if (!PACKET_copy_bytes(&pkt, client_random, SSL3_RANDOM_SIZE))
+        return 0;
+
+    /* Check session id length and content */
+    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) ||
+        !PACKET_equal(&pkt2, session_id, sizeof(session_id)))
+        return 0;
+
+    /* Check cookie */
+    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+        return 0;
+    if (PACKET_remaining(&pkt2)) {
+        if (!PACKET_equal(&pkt2, cookie, sizeof(cookie)))
+            return 0;
+        cookie_found = 1;
+    }
+
+    /* Skip ciphers */
+    if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u))
+        return 0;
+
+    /* Skip compression */
+    if (!PACKET_get_1(&pkt, &u) || !PACKET_forward(&pkt, u))
+        return 0;
+
+    /* Skip extensions */
+    if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u))
+        return 0;
+
+    /* Now we are at the end */
+    if (PACKET_remaining(&pkt))
+        return 0;
+
+    /* Update handshake MAC for second ClientHello (with cookie) */
+    if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET,
+                                          len - MAC_OFFSET))
+            printf("EVP_DigestUpdate() failed\n");
+
+    (void)BIO_reset(wbio);
+
+    return 1 + cookie_found;
+}
+
+static int send_hello_verify(BIO *rbio)
+{
+    static unsigned char hello_verify[] = {
+        0x16, /* Handshake */
+        0x01, 0x00, /* DTLS1_BAD_VER */
+        0x00, 0x00, /* Epoch 0 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Seq# 0 */
+        0x00, 0x23, /* Length */
+        0x03, /* Hello Verify */
+        0x00, 0x00, 0x17, /* Length */
+        0x00, 0x00, /* Seq# 0 */
+        0x00, 0x00, 0x00, /* Fragment offset */
+        0x00, 0x00, 0x17, /* Fragment length */
+        0x01, 0x00, /* DTLS1_BAD_VER */
+        0x14, /* Cookie length */
+#define HV_COOKIE_OFS 28 /* Cookie goes here */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00,
+    };
+
+    memcpy(hello_verify + HV_COOKIE_OFS, cookie, sizeof(cookie));
+
+    BIO_write(rbio, hello_verify, sizeof(hello_verify));
+
+    return 1;
+}
+
+static int send_server_hello(BIO *rbio)
+{
+    static unsigned char server_hello[] = {
+        0x16, /* Handshake */
+        0x01, 0x00, /* DTLS1_BAD_VER */
+        0x00, 0x00, /* Epoch 0 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* Seq# 1 */
+        0x00, 0x52, /* Length */
+        0x02, /* Server Hello */
+        0x00, 0x00, 0x46, /* Length */
+        0x00, 0x01, /* Seq# */
+        0x00, 0x00, 0x00, /* Fragment offset */
+        0x00, 0x00, 0x46, /* Fragment length */
+        0x01, 0x00, /* DTLS1_BAD_VER */
+#define SH_RANDOM_OFS 27 /* Server random goes here */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x20, /* Session ID length */
+#define SH_SESSID_OFS 60 /* Session ID goes here */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x2f, /* Cipher suite AES128-SHA */
+        0x00, /* Compression null */
+    };
+    static unsigned char change_cipher_spec[] = {
+        0x14, /* Change Cipher Spec */
+        0x01, 0x00, /* DTLS1_BAD_VER */
+        0x00, 0x00, /* Epoch 0 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x02, /* Seq# 2 */
+        0x00, 0x03, /* Length */
+        0x01, 0x00, 0x02, /* Message */
+    };
+
+    memcpy(server_hello + SH_RANDOM_OFS, server_random, sizeof(server_random));
+    memcpy(server_hello + SH_SESSID_OFS, session_id, sizeof(session_id));
+
+    if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET,
+                          sizeof(server_hello) - MAC_OFFSET))
+        printf("EVP_DigestUpdate() failed\n");
+
+    BIO_write(rbio, server_hello, sizeof(server_hello));
+    BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec));
+
+    return 1;
+}
+
+/* Create header, HMAC, pad, encrypt and send a record */
+static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
+                       const void *msg, size_t len)
+{
+    /* Note that the order of the record header fields on the wire,
+     * and in the HMAC, is different. So we just keep them in separate
+     * variables and handle them individually. */
+    static unsigned char epoch[2] = { 0x00, 0x01 };
+    static unsigned char seq[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    static unsigned char ver[2] = { 0x01, 0x00 }; /* DTLS1_BAD_VER */
+    unsigned char lenbytes[2];
+    HMAC_CTX *ctx;
+    EVP_CIPHER_CTX *enc_ctx;
+    unsigned char iv[16];
+    unsigned char pad;
+    unsigned char *enc;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+    seq[0] = (seqnr >> 40) & 0xff;
+    seq[1] = (seqnr >> 32) & 0xff;
+#endif
+    seq[2] = (seqnr >> 24) & 0xff;
+    seq[3] = (seqnr >> 16) & 0xff;
+    seq[4] = (seqnr >> 8) & 0xff;
+    seq[5] = seqnr & 0xff;
+
+    pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16);
+    enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad);
+    if (enc == NULL)
+        return 0;
+
+    /* Copy record to encryption buffer */
+    memcpy(enc, msg, len);
+
+    /* Append HMAC to data */
+    ctx = HMAC_CTX_new();
+    HMAC_Init_ex(ctx, mac_key, 20, EVP_sha1(), NULL);
+    HMAC_Update(ctx, epoch, 2);
+    HMAC_Update(ctx, seq, 6);
+    HMAC_Update(ctx, &type, 1);
+    HMAC_Update(ctx, ver, 2); /* Version */
+    lenbytes[0] = len >> 8;
+    lenbytes[1] = len & 0xff;
+    HMAC_Update(ctx, lenbytes, 2); /* Length */
+    HMAC_Update(ctx, enc, len); /* Finally the data itself */
+    HMAC_Final(ctx, enc + len, NULL);
+    HMAC_CTX_free(ctx);
+
+    /* Append padding bytes */
+    len += SHA_DIGEST_LENGTH;
+    do {
+        enc[len++] = pad;
+    } while (len % 16);
+
+    /* Generate IV, and encrypt */
+    RAND_bytes(iv, sizeof(iv));
+    enc_ctx = EVP_CIPHER_CTX_new();
+    EVP_CipherInit_ex(enc_ctx, EVP_aes_128_cbc(), NULL, enc_key, iv, 1);
+    EVP_Cipher(enc_ctx, enc, enc, len);
+    EVP_CIPHER_CTX_free(enc_ctx);
+
+    /* Finally write header (from fragmented variables), IV and encrypted record */
+    BIO_write(rbio, &type, 1);
+    BIO_write(rbio, ver, 2);
+    BIO_write(rbio, epoch, 2);
+    BIO_write(rbio, seq, 6);
+    lenbytes[0] = (len + sizeof(iv)) >> 8;
+    lenbytes[1] = (len + sizeof(iv)) & 0xff;
+    BIO_write(rbio, lenbytes, 2);
+
+    BIO_write(rbio, iv, sizeof(iv));
+    BIO_write(rbio, enc, len);
+
+    OPENSSL_free(enc);
+    return 1;
+}
+
+static int send_finished(SSL *s, BIO *rbio)
+{
+    static unsigned char finished_msg[DTLS1_HM_HEADER_LENGTH +
+                                      TLS1_FINISH_MAC_LENGTH] = {
+        0x14, /* Finished */
+        0x00, 0x00, 0x0c, /* Length */
+        0x00, 0x03, /* Seq# 3 */
+        0x00, 0x00, 0x00, /* Fragment offset */
+        0x00, 0x00, 0x0c, /* Fragment length */
+        /* Finished MAC (12 bytes) */
+    };
+    unsigned char handshake_hash[EVP_MAX_MD_SIZE];
+
+    /* Derive key material */
+    do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
+           server_random, SSL3_RANDOM_SIZE,
+           client_random, SSL3_RANDOM_SIZE,
+           key_block, sizeof(key_block));
+
+    /* Generate Finished MAC */
+    if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL))
+        printf("EVP_DigestFinal_ex() failed\n");
+
+    do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+           handshake_hash, EVP_MD_CTX_size(handshake_md),
+           NULL, 0,
+           finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH);
+
+    return send_record(rbio, SSL3_RT_HANDSHAKE, 0,
+                       finished_msg, sizeof(finished_msg));
+}
+
+static int validate_ccs(BIO *wbio)
+{
+    PACKET pkt;
+    long len;
+    unsigned char *data;
+    unsigned int u;
+
+    len = BIO_get_mem_data(wbio, (char **)&data);
+    if (!PACKET_buf_init(&pkt, data, len))
+        return 0;
+
+    /* Check record header type */
+    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_CHANGE_CIPHER_SPEC)
+        return 0;
+    /* Version */
+    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
+        return 0;
+    /* Skip the rest of the record header */
+    if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3))
+        return 0;
+
+    /* Check ChangeCipherSpec message */
+    if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CCS)
+        return 0;
+    /* A DTLS1_BAD_VER ChangeCipherSpec also contains the
+     * handshake sequence number (which is 2 here) */
+    if (!PACKET_get_net_2(&pkt, &u) || u != 0x0002)
+        return 0;
+
+    /* Now check the Finished packet */
+    if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE)
+        return 0;
+    if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER)
+        return 0;
+
+    /* Check epoch is now 1 */
+    if (!PACKET_get_net_2(&pkt, &u) || u != 0x0001)
+        return 0;
+
+    /* That'll do for now. If OpenSSL accepted *our* Finished packet
+     * then it's evidently remembered that DTLS1_BAD_VER doesn't
+     * include the handshake header in the MAC. There's not a lot of
+     * point in implementing decryption here, just to check that it
+     * continues to get it right for one more packet. */
+
+    return 1;
+}
+
+#define NODROP(x) { x##UL, 0 }
+#define DROP(x)   { x##UL, 1 }
+
+static struct {
+    unsigned long seq;
+    int drop;
+} tests[] = {
+    NODROP(1), NODROP(3), NODROP(2),
+    NODROP(0x1234), NODROP(0x1230), NODROP(0x1235),
+    NODROP(0xffff), NODROP(0x10001), NODROP(0xfffe), NODROP(0x10000),
+    DROP(0x10001), DROP(0xff), NODROP(0x100000), NODROP(0x800000), NODROP(0x7fffe1),
+    NODROP(0xffffff), NODROP(0x1000000), NODROP(0xfffffe), DROP(0xffffff), NODROP(0x1000010),
+    NODROP(0xfffffd), NODROP(0x1000011), DROP(0x12), NODROP(0x1000012),
+    NODROP(0x1ffffff), NODROP(0x2000000), DROP(0x1ff00fe), NODROP(0x2000001),
+    NODROP(0x20fffff), NODROP(0x2105500), DROP(0x20ffffe), NODROP(0x21054ff),
+    NODROP(0x211ffff), DROP(0x2110000), NODROP(0x2120000)
+    /* The last test should be NODROP, because a DROP wouldn't get tested. */
+};
+
+int main(int argc, char *argv[])
+{
+    SSL_SESSION *sess;
+    SSL_CTX *ctx;
+    SSL *con;
+    BIO *rbio;
+    BIO *wbio;
+    BIO *err;
+    time_t now = 0;
+    int testresult = 0;
+    int ret;
+    int i;
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_bytes(session_id, sizeof(session_id));
+    RAND_bytes(master_secret, sizeof(master_secret));
+    RAND_bytes(cookie, sizeof(cookie));
+    RAND_bytes(server_random + 4, sizeof(server_random) - 4);
+
+    now = time(NULL);
+    memcpy(server_random, &now, sizeof(now));
+
+    sess = client_session();
+    if (sess == NULL) {
+        printf("Failed to generate SSL_SESSION\n");
+        goto end;
+    }
+
+    handshake_md = EVP_MD_CTX_new();
+    if (handshake_md == NULL ||
+        !EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), NULL)) {
+        printf("Failed to initialise handshake_md\n");
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(DTLS_client_method());
+    if (ctx == NULL) {
+        printf("Failed to allocate SSL_CTX\n");
+        goto end_md;
+    }
+    if (!SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) {
+        printf("SSL_CTX_set_min_proto_version() failed\n");
+        goto end_ctx;
+    }
+    if (!SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) {
+        printf("SSL_CTX_set_max_proto_version() failed\n");
+        goto end_ctx;
+    }
+
+    if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) {
+        printf("SSL_CTX_set_cipher_list() failed\n");
+        goto end_ctx;
+    }
+
+    con = SSL_new(ctx);
+    if (!SSL_set_session(con, sess)) {
+        printf("SSL_set_session() failed\n");
+        goto end_con;
+    }
+    SSL_SESSION_free(sess);
+
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+
+    BIO_set_nbio(rbio, 1);
+    BIO_set_nbio(wbio, 1);
+
+    SSL_set_bio(con, rbio, wbio);
+    SSL_set_connect_state(con);
+
+    /* Send initial ClientHello */
+    ret = SSL_do_handshake(con);
+    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
+        printf("Unexpected handshake result at initial call!\n");
+        goto end_con;
+    }
+
+    if (validate_client_hello(wbio) != 1) {
+        printf("Initial ClientHello failed validation\n");
+        goto end_con;
+    }
+    if (send_hello_verify(rbio) != 1) {
+        printf("Failed to send HelloVerify\n");
+        goto end_con;
+    }
+    ret = SSL_do_handshake(con);
+    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
+        printf("Unexpected handshake result after HelloVerify!\n");
+        goto end_con;
+    }
+    if (validate_client_hello(wbio) != 2) {
+        printf("Second ClientHello failed validation\n");
+        goto end_con;
+    }
+    if (send_server_hello(rbio) != 1) {
+        printf("Failed to send ServerHello\n");
+        goto end_con;
+    }
+    ret = SSL_do_handshake(con);
+    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
+        printf("Unexpected handshake result after ServerHello!\n");
+        goto end_con;
+    }
+    if (send_finished(con, rbio) != 1) {
+        printf("Failed to send Finished\n");
+        goto end_con;
+    }
+    ret = SSL_do_handshake(con);
+    if (ret < 1) {
+        printf("Handshake not successful after Finished!\n");
+        goto end_con;
+    }
+    if (validate_ccs(wbio) != 1) {
+        printf("Failed to validate client CCS/Finished\n");
+        goto end_con;
+    }
+
+    /* While we're here and crafting packets by hand, we might as well do a
+       bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS
+       specific but useful anyway for the general case. It's been broken
+       before, and in fact was broken even for a basic 0, 2, 1 test case
+       when this test was first added.... */
+    for (i = 0; i < (int)OSSL_NELEM(tests); i++) {
+        unsigned long recv_buf[2];
+
+        if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq,
+                        &tests[i].seq, sizeof(unsigned long)) != 1) {
+            printf("Failed to send data seq #0x%lx (%d)\n",
+                   tests[i].seq, i);
+            goto end_con;
+        }
+
+        if (tests[i].drop)
+            continue;
+
+        ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long));
+        if (ret != sizeof(unsigned long)) {
+            printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n",
+                   tests[i].seq, i);
+            goto end_con;
+        }
+        if (recv_buf[0] != tests[i].seq) {
+            printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n",
+                   recv_buf[0], tests[i].seq, i);
+            goto end_con;
+        }
+    }
+    if (tests[i-1].drop) {
+        printf("Error: last test cannot be DROP()\n");
+        goto end_con;
+    }
+    testresult=1;
+
+ end_con:
+    SSL_free(con);
+ end_ctx:
+    SSL_CTX_free(ctx);
+ end_md:
+    EVP_MD_CTX_free(handshake_md);
+ end:
+    ERR_print_errors_fp(stderr);
+
+    if (!testresult) {
+        printf("Cisco BadDTLS test: FAILED\n");
+    }
+
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 0;
+#endif
+    BIO_free(err);
+
+    return testresult?0:1;
+}
diff --git a/openssl-1.1.0h/test/bftest.c b/openssl-1.1.0h/test/bftest.c
new file mode 100644
index 0000000..a513660
--- /dev/null
+++ b/openssl-1.1.0h/test/bftest.c
@@ -0,0 +1,484 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return (0);
+}
+#else
+# include <openssl/blowfish.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+static char bf_key[2][30] = {
+    "abcdefghijklmnopqrstuvwxyz",
+    "Who is John Galt?"
+};
+
+/* big endian */
+static BF_LONG bf_plain[2][2] = {
+    {0x424c4f57L, 0x46495348L},
+    {0xfedcba98L, 0x76543210L}
+};
+
+static BF_LONG bf_cipher[2][2] = {
+    {0x324ed0feL, 0xf413a203L},
+    {0xcc91732bL, 0x8022f684L}
+};
+
+/************/
+
+/* Lets use the DES test vectors :-) */
+# define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+    {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
+    {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
+    {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
+    {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
+    {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
+    {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
+    {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
+    {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
+    {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
+    {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
+    {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
+    {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
+    {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
+    {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
+    {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
+    {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
+    {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
+    {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
+    {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
+};
+
+static unsigned char plain_data[NUM_TESTS][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
+    {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
+    {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
+    {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
+    {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
+    {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
+    {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
+    {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
+    {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
+    {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
+    {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
+    {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
+    {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
+    {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
+    {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
+    {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
+    {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
+    {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
+    {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+};
+
+static unsigned char cipher_data[NUM_TESTS][8] = {
+    {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
+    {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A},
+    {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2},
+    {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D},
+    {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96},
+    {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7},
+    {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
+    {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D},
+    {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B},
+    {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0},
+    {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4},
+    {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB},
+    {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A},
+    {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18},
+    {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98},
+    {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5},
+    {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79},
+    {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3},
+    {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69},
+    {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B},
+    {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E},
+    {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD},
+    {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19},
+    {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3},
+    {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5},
+    {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78},
+    {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01},
+    {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2},
+    {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE},
+    {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D},
+    {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4},
+    {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC},
+    {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A},
+    {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A},
+};
+
+static unsigned char cbc_key[16] = {
+    0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87
+};
+static unsigned char cbc_iv[8] =
+    { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+static char cbc_data[40] = "7654321 Now is the time for ";
+static unsigned char cbc_ok[32] = {
+    0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6,
+    0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93,
+    0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9,
+    0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC
+};
+
+static unsigned char cfb64_ok[] = {
+    0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
+    0xF2, 0x6E, 0xCF, 0x6D, 0x2E, 0xB9, 0xE7, 0x6E,
+    0x3D, 0xA3, 0xDE, 0x04, 0xD1, 0x51, 0x72, 0x00,
+    0x51, 0x9D, 0x57, 0xA6, 0xC3
+};
+
+static unsigned char ofb64_ok[] = {
+    0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
+    0x62, 0xB3, 0x43, 0xCC, 0x5B, 0x65, 0x58, 0x73,
+    0x10, 0xDD, 0x90, 0x8D, 0x0C, 0x24, 0x1B, 0x22,
+    0x63, 0xC2, 0xCF, 0x80, 0xDA
+};
+
+# define KEY_TEST_NUM    25
+static unsigned char key_test[KEY_TEST_NUM] = {
+    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
+    0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88
+};
+
+static unsigned char key_data[8] =
+    { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
+
+static unsigned char key_out[KEY_TEST_NUM][8] = {
+    {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E},
+    {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6},
+    {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3},
+    {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05},
+    {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E},
+    {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D},
+    {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D},
+    {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82},
+    {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77},
+    {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0},
+    {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6},
+    {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2},
+    {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4},
+    {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68},
+    {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F},
+    {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C},
+    {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B},
+    {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B},
+    {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8},
+    {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F},
+    {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F},
+    {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F},
+    {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD},
+    {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80},
+};
+
+static int test(void);
+static int print_test_data(void);
+int main(int argc, char *argv[])
+{
+    int ret;
+
+    if (argc > 1)
+        ret = print_test_data();
+    else
+        ret = test();
+
+    EXIT(ret);
+}
+
+static int print_test_data(void)
+{
+    unsigned int i, j;
+
+    printf("ecb test data\n");
+    printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+    for (i = 0; i < NUM_TESTS; i++) {
+        for (j = 0; j < 8; j++)
+            printf("%02X", ecb_data[i][j]);
+        printf("\t");
+        for (j = 0; j < 8; j++)
+            printf("%02X", plain_data[i][j]);
+        printf("\t");
+        for (j = 0; j < 8; j++)
+            printf("%02X", cipher_data[i][j]);
+        printf("\n");
+    }
+
+    printf("set_key test data\n");
+    printf("data[8]= ");
+    for (j = 0; j < 8; j++)
+        printf("%02X", key_data[j]);
+    printf("\n");
+    for (i = 0; i < KEY_TEST_NUM - 1; i++) {
+        printf("c=");
+        for (j = 0; j < 8; j++)
+            printf("%02X", key_out[i][j]);
+        printf(" k[%2u]=", i + 1);
+        for (j = 0; j < i + 1; j++)
+            printf("%02X", key_test[j]);
+        printf("\n");
+    }
+
+    printf("\nchaining mode test data\n");
+    printf("key[16]   = ");
+    for (j = 0; j < 16; j++)
+        printf("%02X", cbc_key[j]);
+    printf("\niv[8]     = ");
+    for (j = 0; j < 8; j++)
+        printf("%02X", cbc_iv[j]);
+    printf("\ndata[%d]  = '%s'", (int)strlen(cbc_data) + 1, cbc_data);
+    printf("\ndata[%d]  = ", (int)strlen(cbc_data) + 1);
+    for (j = 0; j < strlen(cbc_data) + 1; j++)
+        printf("%02X", cbc_data[j]);
+    printf("\n");
+    printf("cbc cipher text\n");
+    printf("cipher[%d]= ", 32);
+    for (j = 0; j < 32; j++)
+        printf("%02X", cbc_ok[j]);
+    printf("\n");
+
+    printf("cfb64 cipher text\n");
+    printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
+    for (j = 0; j < strlen(cbc_data) + 1; j++)
+        printf("%02X", cfb64_ok[j]);
+    printf("\n");
+
+    printf("ofb64 cipher text\n");
+    printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
+    for (j = 0; j < strlen(cbc_data) + 1; j++)
+        printf("%02X", ofb64_ok[j]);
+    printf("\n");
+    return (0);
+}
+
+static int test(void)
+{
+    unsigned char cbc_in[40], cbc_out[40], iv[8];
+    int i, n, err = 0;
+    BF_KEY key;
+    BF_LONG data[2];
+    unsigned char out[8];
+    BF_LONG len;
+
+# ifdef CHARSET_EBCDIC
+    ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+# endif
+
+    printf("testing blowfish in raw ecb mode\n");
+    for (n = 0; n < 2; n++) {
+# ifdef CHARSET_EBCDIC
+        ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+# endif
+        BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]);
+
+        data[0] = bf_plain[n][0];
+        data[1] = bf_plain[n][1];
+        BF_encrypt(data, &key);
+        if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) {
+            printf("BF_encrypt error encrypting\n");
+            printf("got     :");
+            for (i = 0; i < 2; i++)
+                printf("%08lX ", (unsigned long)data[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 2; i++)
+                printf("%08lX ", (unsigned long)bf_cipher[n][i]);
+            err = 1;
+            printf("\n");
+        }
+
+        BF_decrypt(&(data[0]), &key);
+        if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) {
+            printf("BF_encrypt error decrypting\n");
+            printf("got     :");
+            for (i = 0; i < 2; i++)
+                printf("%08lX ", (unsigned long)data[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 2; i++)
+                printf("%08lX ", (unsigned long)bf_plain[n][i]);
+            printf("\n");
+            err = 1;
+        }
+    }
+
+    printf("testing blowfish in ecb mode\n");
+
+    for (n = 0; n < NUM_TESTS; n++) {
+        BF_set_key(&key, 8, ecb_data[n]);
+
+        BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT);
+        if (memcmp(&(cipher_data[n][0]), out, 8) != 0) {
+            printf("BF_ecb_encrypt blowfish error encrypting\n");
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", cipher_data[n][i]);
+            err = 1;
+            printf("\n");
+        }
+
+        BF_ecb_encrypt(out, out, &key, BF_DECRYPT);
+        if (memcmp(&(plain_data[n][0]), out, 8) != 0) {
+            printf("BF_ecb_encrypt error decrypting\n");
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", plain_data[n][i]);
+            printf("\n");
+            err = 1;
+        }
+    }
+
+    printf("testing blowfish set_key\n");
+    for (n = 1; n < KEY_TEST_NUM; n++) {
+        BF_set_key(&key, n, key_test);
+        BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT);
+        /* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
+        if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) {
+            printf("blowfish setkey error\n");
+            err = 1;
+        }
+    }
+
+    printf("testing blowfish in cbc mode\n");
+    len = strlen(cbc_data) + 1;
+
+    BF_set_key(&key, 16, cbc_key);
+    memset(cbc_in, 0, sizeof(cbc_in));
+    memset(cbc_out, 0, sizeof(cbc_out));
+    memcpy(iv, cbc_iv, sizeof(iv));
+    BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
+                   &key, iv, BF_ENCRYPT);
+    if (memcmp(cbc_out, cbc_ok, 32) != 0) {
+        err = 1;
+        printf("BF_cbc_encrypt encrypt error\n");
+        for (i = 0; i < 32; i++)
+            printf("0x%02X,", cbc_out[i]);
+    }
+    memcpy(iv, cbc_iv, 8);
+    BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) {
+        printf("BF_cbc_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    printf("testing blowfish in cfb64 mode\n");
+
+    BF_set_key(&key, 16, cbc_key);
+    memset(cbc_in, 0, 40);
+    memset(cbc_out, 0, 40);
+    memcpy(iv, cbc_iv, 8);
+    n = 0;
+    BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13,
+                     &key, iv, &n, BF_ENCRYPT);
+    BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
+                     len - 13, &key, iv, &n, BF_ENCRYPT);
+    if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) {
+        err = 1;
+        printf("BF_cfb64_encrypt encrypt error\n");
+        for (i = 0; i < (int)len; i++)
+            printf("0x%02X,", cbc_out[i]);
+    }
+    n = 0;
+    memcpy(iv, cbc_iv, 8);
+    BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT);
+    BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17,
+                     &key, iv, &n, BF_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
+        printf("BF_cfb64_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    printf("testing blowfish in ofb64\n");
+
+    BF_set_key(&key, 16, cbc_key);
+    memset(cbc_in, 0, 40);
+    memset(cbc_out, 0, 40);
+    memcpy(iv, cbc_iv, 8);
+    n = 0;
+    BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv,
+                     &n);
+    BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
+                     len - 13, &key, iv, &n);
+    if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) {
+        err = 1;
+        printf("BF_ofb64_encrypt encrypt error\n");
+        for (i = 0; i < (int)len; i++)
+            printf("0x%02X,", cbc_out[i]);
+    }
+    n = 0;
+    memcpy(iv, cbc_iv, 8);
+    BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n);
+    BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n);
+    if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
+        printf("BF_ofb64_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    return (err);
+}
+#endif
diff --git a/openssl-1.1.0h/test/bio_enc_test.c b/openssl-1.1.0h/test/bio_enc_test.c
new file mode 100644
index 0000000..fad1a19
--- /dev/null
+++ b/openssl-1.1.0h/test/bio_enc_test.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+int main()
+{
+    BIO *b;
+    static const unsigned char key[16] = { 0 };
+    static unsigned char inp[1024] = { 0 };
+    unsigned char out[1024], ref[1024];
+    int i, lref, len;
+
+    /* Fill buffer with non-zero data so that over steps can be detected */
+    if (RAND_bytes(inp, sizeof(inp)) <= 0)
+        return -1;
+
+    /*
+     * Exercise CBC cipher
+     */
+
+    /* reference output for single-chunk operation */
+    b = BIO_new(BIO_f_cipher());
+    if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+        return -1;
+    BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+    lref = BIO_read(b, ref, sizeof(ref));
+    BIO_free_all(b);
+
+    /* perform split operations and compare to reference */
+    for (i = 1; i < lref; i++) {
+        b = BIO_new(BIO_f_cipher());
+        if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+             return -1;
+        BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+        memset(out, 0, sizeof(out));
+        out[i] = ~ref[i];
+        len = BIO_read(b, out, i);
+        /* check for overstep */
+        if (out[i] != (unsigned char)~ref[i]) {
+            fprintf(stderr, "CBC output overstep@%d\n", i);
+            return 1;
+        }
+        len += BIO_read(b, out + len, sizeof(out) - len);
+        BIO_free_all(b);
+
+        if (len != lref || memcmp(out, ref, len)) {
+            fprintf(stderr, "CBC output mismatch@%d\n", i);
+            return 2;
+        }
+    }
+
+    /* perform small-chunk operations and compare to reference */
+    for (i = 1; i < lref / 2; i++) {
+        int delta;
+
+        b = BIO_new(BIO_f_cipher());
+        if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0))
+             return -1;
+        BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+        memset(out, 0, sizeof(out));
+        for (len = 0; (delta = BIO_read(b, out + len, i)); ) {
+            len += delta;
+        }
+        BIO_free_all(b);
+
+        if (len != lref || memcmp(out, ref, len)) {
+            fprintf(stderr, "CBC output mismatch@%d\n", i);
+            return 3;
+        }
+    }
+
+    /*
+     * Exercise CTR cipher
+     */
+
+    /* reference output for single-chunk operation */
+    b = BIO_new(BIO_f_cipher());
+    if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
+         return -1;
+    BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+    lref = BIO_read(b, ref, sizeof(ref));
+    BIO_free_all(b);
+
+    /* perform split operations and compare to reference */
+    for (i = 1; i < lref; i++) {
+        b = BIO_new(BIO_f_cipher());
+        if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
+             return -1;
+        BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+        memset(out, 0, sizeof(out));
+        out[i] = ~ref[i];
+        len = BIO_read(b, out, i);
+        /* check for overstep */
+        if (out[i] != (unsigned char)~ref[i]) {
+            fprintf(stderr, "CTR output overstep@%d\n", i);
+            return 4;
+        }
+        len += BIO_read(b, out + len, sizeof(out) - len);
+        BIO_free_all(b);
+
+        if (len != lref || memcmp(out, ref, len)) {
+            fprintf(stderr, "CTR output mismatch@%d\n", i);
+            return 5;
+        }
+    }
+
+    /* perform small-chunk operations and compare to reference */
+    for (i = 1; i < lref / 2; i++) {
+        int delta;
+
+        b = BIO_new(BIO_f_cipher());
+        if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0))
+             return -1;
+        BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp)));
+        memset(out, 0, sizeof(out));
+        for (len = 0; (delta = BIO_read(b, out + len, i)); ) {
+            len += delta;
+        }
+        BIO_free_all(b);
+
+        if (len != lref || memcmp(out, ref, len)) {
+            fprintf(stderr, "CTR output mismatch@%d\n", i);
+            return 6;
+        }
+    }
+
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/bioprinttest.c b/openssl-1.1.0h/test/bioprinttest.c
new file mode 100644
index 0000000..b2d2622
--- /dev/null
+++ b/openssl-1.1.0h/test/bioprinttest.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+
+static int justprint = 0;
+
+static char *fpexpected[][5] = {
+    /*   0 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
+    /*   1 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
+    /*   2 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
+    /*   3 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+    /*   4 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+    /*   5 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
+    /*   6 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
+    /*   7 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
+    /*   8 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
+    /*   9 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+    /*  10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
+    /*  11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
+    /*  12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
+    /*  13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
+    /*  14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
+    /*  15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
+    /*  16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
+    /*  17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
+    /*  18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
+    /*  19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
+    /*  20 */ { "  0.0000e+00", "      0.0000", "           0", "  0.0000E+00", "           0" },
+    /*  21 */ { "  6.7000e-01", "      0.6700", "        0.67", "  6.7000E-01", "        0.67" },
+    /*  22 */ { "  6.6667e-01", "      0.6667", "      0.6667", "  6.6667E-01", "      0.6667" },
+    /*  23 */ { "  6.6667e-04", "      0.0007", "   0.0006667", "  6.6667E-04", "   0.0006667" },
+    /*  24 */ { "  6.6667e-05", "      0.0001", "   6.667e-05", "  6.6667E-05", "   6.667E-05" },
+    /*  25 */ { "  6.6667e+00", "      6.6667", "       6.667", "  6.6667E+00", "       6.667" },
+    /*  26 */ { "  6.6667e+01", "     66.6667", "       66.67", "  6.6667E+01", "       66.67" },
+    /*  27 */ { "  6.6667e+02", "    666.6667", "       666.7", "  6.6667E+02", "       666.7" },
+    /*  28 */ { "  6.6667e+03", "   6666.6667", "        6667", "  6.6667E+03", "        6667" },
+    /*  29 */ { "  6.6667e+04", "  66666.6667", "   6.667e+04", "  6.6667E+04", "   6.667E+04" },
+    /*  30 */ { " 0.00000e+00", "     0.00000", "           0", " 0.00000E+00", "           0" },
+    /*  31 */ { " 6.70000e-01", "     0.67000", "        0.67", " 6.70000E-01", "        0.67" },
+    /*  32 */ { " 6.66667e-01", "     0.66667", "     0.66667", " 6.66667E-01", "     0.66667" },
+    /*  33 */ { " 6.66667e-04", "     0.00067", "  0.00066667", " 6.66667E-04", "  0.00066667" },
+    /*  34 */ { " 6.66667e-05", "     0.00007", "  6.6667e-05", " 6.66667E-05", "  6.6667E-05" },
+    /*  35 */ { " 6.66667e+00", "     6.66667", "      6.6667", " 6.66667E+00", "      6.6667" },
+    /*  36 */ { " 6.66667e+01", "    66.66667", "      66.667", " 6.66667E+01", "      66.667" },
+    /*  37 */ { " 6.66667e+02", "   666.66667", "      666.67", " 6.66667E+02", "      666.67" },
+    /*  38 */ { " 6.66667e+03", "  6666.66667", "      6666.7", " 6.66667E+03", "      6666.7" },
+    /*  39 */ { " 6.66667e+04", " 66666.66667", "       66667", " 6.66667E+04", "       66667" },
+    /*  40 */ { "0e+00", "0", "0", "0E+00", "0" },
+    /*  41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+    /*  42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+    /*  43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
+    /*  44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
+    /*  45 */ { "7e+00", "7", "7", "7E+00", "7" },
+    /*  46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
+    /*  47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
+    /*  48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
+    /*  49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
+    /*  50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
+    /*  51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
+    /*  52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
+    /*  53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
+    /*  54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
+    /*  55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
+    /*  56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
+    /*  57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
+    /*  58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
+    /*  59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
+    /*  60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
+    /*  61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
+    /*  62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
+    /*  63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+    /*  64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+    /*  65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
+    /*  66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
+    /*  67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
+    /*  68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
+    /*  69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+};
+
+static void dofptest(int test, double val, char *width, int prec, int *fail)
+{
+    char format[80], result[80];
+    int i;
+
+    for (i = 0; i < 5; i++) {
+        char *fspec = NULL;
+        switch (i) {
+        case 0:
+            fspec = "e";
+            break;
+        case 1:
+            fspec = "f";
+            break;
+        case 2:
+            fspec = "g";
+            break;
+        case 3:
+            fspec = "E";
+            break;
+        case 4:
+            fspec = "G";
+            break;
+        }
+
+        if (prec >= 0)
+            BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec,
+                         fspec);
+        else
+            BIO_snprintf(format, sizeof(format), "%%%s%s", width, fspec);
+        BIO_snprintf(result, sizeof(result), format, val);
+
+        if (justprint) {
+            if (i == 0) {
+                printf("    /* %3d */ { \"%s\"", test, result);
+            } else {
+                printf(", \"%s\"", result);
+            }
+        } else {
+            if (strcmp(fpexpected[test][i], result) != 0) {
+                printf("Test %d(%d) failed. Expected \"%s\". Got \"%s\". "
+                       "Format \"%s\"\n", test, i, fpexpected[test][i], result,
+                       format);
+                *fail = 1;
+            }
+        }
+    }
+    if (justprint) {
+        printf(" },\n");
+    }
+}
+
+int main(int argc, char **argv)
+{
+    int test = 0;
+    int i;
+    int fail = 0;
+    int prec = -1;
+    char *width = "";
+    const double frac = 2.0/3.0;
+    char buf[80];
+
+    if (argc == 2 && strcmp(argv[1], "-expected") == 0) {
+        justprint = 1;
+    }
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    /* Tests for floating point format specifiers */
+    for (i = 0; i < 7; i++) {
+        switch (i) {
+        case 0:
+            prec = 4;
+            width = "";
+            break;
+        case 1:
+            prec = 5;
+            width = "";
+            break;
+        case 2:
+            prec = 4;
+            width = "12";
+            break;
+        case 3:
+            prec = 5;
+            width = "12";
+            break;
+        case 4:
+            prec = 0;
+            width = "";
+            break;
+        case 5:
+            prec = -1;
+            width = "";
+            break;
+        case 6:
+            prec = 4;
+            width = "08";
+            break;
+        }
+
+        dofptest(test++, 0.0, width, prec, &fail);
+        dofptest(test++, 0.67, width, prec, &fail);
+        dofptest(test++, frac, width, prec, &fail);
+        dofptest(test++, frac / 1000, width, prec, &fail);
+        dofptest(test++, frac / 10000, width, prec, &fail);
+        dofptest(test++, 6.0 + frac, width, prec, &fail);
+        dofptest(test++, 66.0 + frac, width, prec, &fail);
+        dofptest(test++, 666.0 + frac, width, prec, &fail);
+        dofptest(test++, 6666.0 + frac, width, prec, &fail);
+        dofptest(test++, 66666.0 + frac, width, prec, &fail);
+    }
+
+    /* Test excessively big number. Should fail */
+    if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
+        printf("Test %d failed. Unexpected success return from "
+               "BIO_snprintf()\n", test);
+        fail = 1;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+# endif
+
+    if (!justprint) {
+        if (fail) {
+            printf("FAIL\n");
+            return 1;
+        }
+        printf ("PASS\n");
+    }
+    return 0;
+}
+
+
diff --git a/openssl-1.1.0h/test/bntest.c b/openssl-1.1.0h/test/bntest.c
new file mode 100644
index 0000000..686eab8
--- /dev/null
+++ b/openssl-1.1.0h/test/bntest.c
@@ -0,0 +1,2094 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+/*
+ * In bn_lcl.h, bn_expand() is defined as a static ossl_inline function.
+ * This is fine in itself, it will end up as an unused static function in
+ * the worst case.  However, it referenses bn_expand2(), which is a private
+ * function in libcrypto and therefore unavailable on some systems.  This
+ * may result in a linker error because of unresolved symbols.
+ *
+ * To avoid this, we define a dummy variant of bn_expand2() here, and to
+ * avoid possible clashes with libcrypto, we rename it first, using a macro.
+ */
+#define bn_expand2 dummy_bn_expand2
+BIGNUM *bn_expand2(BIGNUM *b, int words);
+BIGNUM *bn_expand2(BIGNUM *b, int words) { return NULL; }
+
+#include "../crypto/bn/bn_lcl.h"
+
+static const int num0 = 100;           /* number of tests */
+static const int num1 = 50;            /* additional tests for some functions */
+static const int num2 = 5;             /* number of tests for slow functions */
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp, BN_CTX *ctx);
+int test_div(BIO *bp, BN_CTX *ctx);
+int test_div_word(BIO *bp);
+int test_div_recp(BIO *bp, BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp, BN_CTX *ctx);
+int test_mont(BIO *bp, BN_CTX *ctx);
+int test_mod(BIO *bp, BN_CTX *ctx);
+int test_mod_mul(BIO *bp, BN_CTX *ctx);
+int test_mod_exp(BIO *bp, BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
+int test_exp(BIO *bp, BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
+int test_kron(BIO *bp, BN_CTX *ctx);
+int test_sqrt(BIO *bp, BN_CTX *ctx);
+int test_small_prime(BIO *bp, BN_CTX *ctx);
+int test_bn2dec(BIO *bp);
+int rand_neg(void);
+static int results = 0;
+
+static unsigned char lst[] =
+    "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+    "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+static void message(BIO *out, char *m)
+{
+    fprintf(stderr, "test %s\n", m);
+    BIO_puts(out, "print \"test ");
+    BIO_puts(out, m);
+    BIO_puts(out, "\\n\"\n");
+}
+
+int main(int argc, char *argv[])
+{
+    BN_CTX *ctx;
+    BIO *out;
+    char *outfile = NULL;
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    results = 0;
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
+
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-results") == 0)
+            results = 1;
+        else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                break;
+            outfile = *(++argv);
+        }
+        argc--;
+        argv++;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        EXIT(1);
+
+    out = BIO_new(BIO_s_file());
+    if (out == NULL)
+        EXIT(1);
+    if (outfile == NULL) {
+        BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+    } else {
+        if (!BIO_write_filename(out, outfile)) {
+            perror(outfile);
+            EXIT(1);
+        }
+    }
+#ifdef OPENSSL_SYS_VMS
+    {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        out = BIO_push(tmpbio, out);
+    }
+#endif
+
+    if (!results)
+        BIO_puts(out, "obase=16\nibase=16\n");
+
+    message(out, "BN_add");
+    if (!test_add(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_sub");
+    if (!test_sub(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_lshift1");
+    if (!test_lshift1(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_lshift (fixed)");
+    if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_lshift");
+    if (!test_lshift(out, ctx, NULL))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_rshift1");
+    if (!test_rshift1(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_rshift");
+    if (!test_rshift(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_sqr");
+    if (!test_sqr(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mul");
+    if (!test_mul(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_div");
+    if (!test_div(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_div_word");
+    if (!test_div_word(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_div_recp");
+    if (!test_div_recp(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mod");
+    if (!test_mod(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mod_mul");
+    if (!test_mod_mul(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mont");
+    if (!test_mont(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mod_exp");
+    if (!test_mod_exp(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mod_exp_mont_consttime");
+    if (!test_mod_exp_mont_consttime(out, ctx))
+        goto err;
+    if (!test_mod_exp_mont5(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_exp");
+    if (!test_exp(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_kronecker");
+    if (!test_kron(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_mod_sqrt");
+    if (!test_sqrt(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "Small prime generation");
+    if (!test_small_prime(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_bn2dec");
+    if (!test_bn2dec(out))
+        goto err;
+    (void)BIO_flush(out);
+
+#ifndef OPENSSL_NO_EC2M
+    message(out, "BN_GF2m_add");
+    if (!test_gf2m_add(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod");
+    if (!test_gf2m_mod(out))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_mul");
+    if (!test_gf2m_mod_mul(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_sqr");
+    if (!test_gf2m_mod_sqr(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_inv");
+    if (!test_gf2m_mod_inv(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_div");
+    if (!test_gf2m_mod_div(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_exp");
+    if (!test_gf2m_mod_exp(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_sqrt");
+    if (!test_gf2m_mod_sqrt(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+
+    message(out, "BN_GF2m_mod_solve_quad");
+    if (!test_gf2m_mod_solve_quad(out, ctx))
+        goto err;
+    (void)BIO_flush(out);
+#endif
+    BN_CTX_free(ctx);
+    BIO_free(out);
+
+    ERR_print_errors_fp(stderr);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        EXIT(1);
+#endif
+    EXIT(0);
+ err:
+    BIO_puts(out, "1\n");       /* make sure the Perl script fed by bc
+                                 * notices the failure, see test_bn in
+                                 * test/Makefile.ssl */
+    (void)BIO_flush(out);
+    BN_CTX_free(ctx);
+    BIO_free(out);
+
+    ERR_print_errors_fp(stderr);
+    EXIT(1);
+}
+
+int test_add(BIO *bp)
+{
+    BIGNUM *a, *b, *c;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+
+    BN_bntest_rand(a, 512, 0, 0);
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(b, 450 + i, 0, 0);
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_add(c, a, b);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " + ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        a->neg = !a->neg;
+        b->neg = !b->neg;
+        BN_add(c, c, b);
+        BN_add(c, c, a);
+        if (!BN_is_zero(c)) {
+            fprintf(stderr, "Add test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    return (1);
+}
+
+int test_sub(BIO *bp)
+{
+    BIGNUM *a, *b, *c;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+
+    for (i = 0; i < num0 + num1; i++) {
+        if (i < num1) {
+            BN_bntest_rand(a, 512, 0, 0);
+            BN_copy(b, a);
+            if (BN_set_bit(a, i) == 0)
+                return (0);
+            BN_add_word(b, i);
+        } else {
+            BN_bntest_rand(b, 400 + i - num1, 0, 0);
+            a->neg = rand_neg();
+            b->neg = rand_neg();
+        }
+        BN_sub(c, a, b);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " - ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_add(c, c, b);
+        BN_sub(c, c, a);
+        if (!BN_is_zero(c)) {
+            fprintf(stderr, "Subtract test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    return (1);
+}
+
+int test_div(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_one(a);
+    BN_zero(b);
+
+    if (BN_div(d, c, a, b, ctx)) {
+        fprintf(stderr, "Division by zero succeeded!\n");
+        return 0;
+    }
+
+    for (i = 0; i < num0 + num1; i++) {
+        if (i < num1) {
+            BN_bntest_rand(a, 400, 0, 0);
+            BN_copy(b, a);
+            BN_lshift(a, a, i);
+            BN_add_word(a, i);
+        } else
+            BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0);
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_div(d, c, a, b, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " / ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, d);
+            BIO_puts(bp, "\n");
+
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " % ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_mul(e, d, b, ctx);
+        BN_add(d, e, c);
+        BN_sub(d, d, a);
+        if (!BN_is_zero(d)) {
+            fprintf(stderr, "Division test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+static void print_word(BIO *bp, BN_ULONG w)
+{
+    int i = sizeof(w) * 8;
+    char *fmt = NULL;
+    unsigned char byte;
+
+    do {
+        i -= 8;
+        byte = (unsigned char)(w >> i);
+        if (fmt == NULL)
+            fmt = byte ? "%X" : NULL;
+        else
+            fmt = "%02X";
+
+        if (fmt != NULL)
+            BIO_printf(bp, fmt, byte);
+    } while (i);
+
+    /* If we haven't printed anything, at least print a zero! */
+    if (fmt == NULL)
+        BIO_printf(bp, "0");
+}
+
+int test_div_word(BIO *bp)
+{
+    BIGNUM *a, *b;
+    BN_ULONG r, rmod, s;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+
+    for (i = 0; i < num0; i++) {
+        do {
+            BN_bntest_rand(a, 512, -1, 0);
+            BN_bntest_rand(b, BN_BITS2, -1, 0);
+        } while (BN_is_zero(b));
+
+        s = b->d[0];
+        BN_copy(b, a);
+        rmod = BN_mod_word(b, s);
+        r = BN_div_word(b, s);
+
+        if (rmod != r) {
+            fprintf(stderr, "Mod (word) test failed!\n");
+            return 0;
+        }
+
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " / ");
+                print_word(bp, s);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, b);
+            BIO_puts(bp, "\n");
+
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " % ");
+                print_word(bp, s);
+                BIO_puts(bp, " - ");
+            }
+            print_word(bp, r);
+            BIO_puts(bp, "\n");
+        }
+        BN_mul_word(b, s);
+        BN_add_word(b, r);
+        BN_sub(b, a, b);
+        if (!BN_is_zero(b)) {
+            fprintf(stderr, "Division (word) test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    return (1);
+}
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    BN_RECP_CTX *recp;
+    int i;
+
+    recp = BN_RECP_CTX_new();
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    for (i = 0; i < num0 + num1; i++) {
+        if (i < num1) {
+            BN_bntest_rand(a, 400, 0, 0);
+            BN_copy(b, a);
+            BN_lshift(a, a, i);
+            BN_add_word(a, i);
+        } else
+            BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0);
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_RECP_CTX_set(recp, b, ctx);
+        BN_div_recp(d, c, a, recp, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " / ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, d);
+            BIO_puts(bp, "\n");
+
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " % ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_mul(e, d, b, ctx);
+        BN_add(d, e, c);
+        BN_sub(d, d, a);
+        if (!BN_is_zero(d)) {
+            fprintf(stderr, "Reciprocal division test failed!\n");
+            fprintf(stderr, "a=");
+            BN_print_fp(stderr, a);
+            fprintf(stderr, "\nb=");
+            BN_print_fp(stderr, b);
+            fprintf(stderr, "\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_RECP_CTX_free(recp);
+    return (1);
+}
+
+int test_mul(BIO *bp)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+    BN_CTX *ctx;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        EXIT(1);
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    for (i = 0; i < num0 + num1; i++) {
+        if (i <= num1) {
+            BN_bntest_rand(a, 100, 0, 0);
+            BN_bntest_rand(b, 100, 0, 0);
+        } else
+            BN_bntest_rand(b, i - num1, 0, 0);
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_mul(c, a, b, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " * ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_div(d, e, c, a, ctx);
+        BN_sub(d, d, b);
+        if (!BN_is_zero(d) || !BN_is_zero(e)) {
+            fprintf(stderr, "Multiplication test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_CTX_free(ctx);
+    return (1);
+}
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *c, *d, *e;
+    int i, ret = 0;
+
+    a = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    if (a == NULL || c == NULL || d == NULL || e == NULL) {
+        goto err;
+    }
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 40 + i * 10, 0, 0);
+        a->neg = rand_neg();
+        BN_sqr(c, a, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " * ");
+                BN_print(bp, a);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_div(d, e, c, a, ctx);
+        BN_sub(d, d, a);
+        if (!BN_is_zero(d) || !BN_is_zero(e)) {
+            fprintf(stderr, "Square test failed!\n");
+            goto err;
+        }
+    }
+
+    /* Regression test for a BN_sqr overflow bug. */
+    BN_hex2bn(&a,
+              "80000000000000008000000000000001"
+              "FFFFFFFFFFFFFFFE0000000000000000");
+    BN_sqr(c, a, ctx);
+    if (bp != NULL) {
+        if (!results) {
+            BN_print(bp, a);
+            BIO_puts(bp, " * ");
+            BN_print(bp, a);
+            BIO_puts(bp, " - ");
+        }
+        BN_print(bp, c);
+        BIO_puts(bp, "\n");
+    }
+    BN_mul(d, a, a, ctx);
+    if (BN_cmp(c, d)) {
+        fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+                "different results!\n");
+        goto err;
+    }
+
+    /* Regression test for a BN_sqr overflow bug. */
+    BN_hex2bn(&a,
+              "80000000000000000000000080000001"
+              "FFFFFFFE000000000000000000000000");
+    BN_sqr(c, a, ctx);
+    if (bp != NULL) {
+        if (!results) {
+            BN_print(bp, a);
+            BIO_puts(bp, " * ");
+            BN_print(bp, a);
+            BIO_puts(bp, " - ");
+        }
+        BN_print(bp, c);
+        BIO_puts(bp, "\n");
+    }
+    BN_mul(d, a, a, ctx);
+    if (BN_cmp(c, d)) {
+        fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+                "different results!\n");
+        goto err;
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return ret;
+}
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *A, *B;
+    BIGNUM *n;
+    int i;
+    BN_MONT_CTX *mont;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    A = BN_new();
+    B = BN_new();
+    n = BN_new();
+
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        return 0;
+
+    BN_zero(n);
+    if (BN_MONT_CTX_set(mont, n, ctx)) {
+        fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
+        return 0;
+    }
+
+    BN_set_word(n, 16);
+    if (BN_MONT_CTX_set(mont, n, ctx)) {
+        fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
+        return 0;
+    }
+
+    BN_bntest_rand(a, 100, 0, 0);
+    BN_bntest_rand(b, 100, 0, 0);
+    for (i = 0; i < num2; i++) {
+        int bits = (200 * (i + 1)) / num2;
+
+        if (bits == 0)
+            continue;
+        BN_bntest_rand(n, bits, 0, 1);
+        BN_MONT_CTX_set(mont, n, ctx);
+
+        BN_nnmod(a, a, n, ctx);
+        BN_nnmod(b, b, n, ctx);
+
+        BN_to_montgomery(A, a, mont, ctx);
+        BN_to_montgomery(B, b, mont, ctx);
+
+        BN_mod_mul_montgomery(c, A, B, mont, ctx);
+        BN_from_montgomery(A, c, mont, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " * ");
+                BN_print(bp, b);
+                BIO_puts(bp, " % ");
+                BN_print(bp, &mont->N);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, A);
+            BIO_puts(bp, "\n");
+        }
+        BN_mod_mul(d, a, b, n, ctx);
+        BN_sub(d, d, A);
+        if (!BN_is_zero(d)) {
+            fprintf(stderr, "Montgomery multiplication test failed!\n");
+            return 0;
+        }
+    }
+
+    /* Regression test for carry bug in mulx4x_mont */
+    BN_hex2bn(&a,
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878");
+    BN_hex2bn(&b,
+        "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
+        "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
+        "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
+        "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
+    BN_hex2bn(&n,
+        "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
+        "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
+        "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
+        "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
+    BN_MONT_CTX_set(mont, n, ctx);
+    BN_mod_mul_montgomery(c, a, b, mont, ctx);
+    BN_mod_mul_montgomery(d, b, a, mont, ctx);
+    if (BN_cmp(c, d)) {
+        fprintf(stderr, "Montgomery multiplication test failed:"
+                        " a*b != b*a.\n");
+        return 0;
+    }
+
+    BN_MONT_CTX_free(mont);
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(A);
+    BN_free(B);
+    BN_free(n);
+    return (1);
+}
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_bntest_rand(a, 1024, 0, 0);
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(b, 450 + i * 10, 0, 0);
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_mod(c, a, b, ctx);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " % ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, c);
+            BIO_puts(bp, "\n");
+        }
+        BN_div(d, e, a, b, ctx);
+        BN_sub(e, e, c);
+        if (!BN_is_zero(e)) {
+            fprintf(stderr, "Modulo test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i, j;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_one(a);
+    BN_one(b);
+    BN_zero(c);
+    if (BN_mod_mul(e, a, b, c, ctx)) {
+        fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
+        return 0;
+    }
+
+    for (j = 0; j < 3; j++) {
+        BN_bntest_rand(c, 1024, 0, 0);
+        for (i = 0; i < num0; i++) {
+            BN_bntest_rand(a, 475 + i * 10, 0, 0);
+            BN_bntest_rand(b, 425 + i * 11, 0, 0);
+            a->neg = rand_neg();
+            b->neg = rand_neg();
+            if (!BN_mod_mul(e, a, b, c, ctx)) {
+                unsigned long l;
+
+                while ((l = ERR_get_error()))
+                    fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
+                EXIT(1);
+            }
+            if (bp != NULL) {
+                if (!results) {
+                    BN_print(bp, a);
+                    BIO_puts(bp, " * ");
+                    BN_print(bp, b);
+                    BIO_puts(bp, " % ");
+                    BN_print(bp, c);
+                    if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
+                        /*
+                         * If (a*b) % c is negative, c must be added in order
+                         * to obtain the normalized remainder (new with
+                         * OpenSSL 0.9.7, previous versions of BN_mod_mul
+                         * could generate negative results)
+                         */
+                        BIO_puts(bp, " + ");
+                        BN_print(bp, c);
+                    }
+                    BIO_puts(bp, " - ");
+                }
+                BN_print(bp, e);
+                BIO_puts(bp, "\n");
+            }
+            BN_mul(d, a, b, ctx);
+            BN_sub(d, d, e);
+            BN_div(a, b, d, c, ctx);
+            if (!BN_is_zero(b)) {
+                fprintf(stderr, "Modulo multiply test failed!\n");
+                ERR_print_errors_fp(stderr);
+                return 0;
+            }
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_one(a);
+    BN_one(b);
+    BN_zero(c);
+    if (BN_mod_exp(d, a, b, c, ctx)) {
+        fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
+        return 0;
+    }
+
+    BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
+    for (i = 0; i < num2; i++) {
+        BN_bntest_rand(a, 20 + i * 5, 0, 0);
+        BN_bntest_rand(b, 2 + i, 0, 0);
+
+        if (!BN_mod_exp(d, a, b, c, ctx))
+            return (0);
+
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " ^ ");
+                BN_print(bp, b);
+                BIO_puts(bp, " % ");
+                BN_print(bp, c);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, d);
+            BIO_puts(bp, "\n");
+        }
+        BN_exp(e, a, b, ctx);
+        BN_sub(e, e, d);
+        BN_div(a, b, e, c, ctx);
+        if (!BN_is_zero(b)) {
+            fprintf(stderr, "Modulo exponentiation test failed!\n");
+            return 0;
+        }
+    }
+
+    /* Regression test for carry propagation bug in sqr8x_reduction */
+    BN_hex2bn(&a, "050505050505");
+    BN_hex2bn(&b, "02");
+    BN_hex2bn(&c,
+        "4141414141414141414141274141414141414141414141414141414141414141"
+        "4141414141414141414141414141414141414141414141414141414141414141"
+        "4141414141414141414141800000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000000000000"
+        "0000000000000000000000000000000000000000000000000000000001");
+    BN_mod_exp(d, a, b, c, ctx);
+    BN_mul(e, a, a, ctx);
+    if (BN_cmp(d, e)) {
+        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
+        return 0;
+    }
+
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_one(a);
+    BN_one(b);
+    BN_zero(c);
+    if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+        fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
+                "succeeded\n");
+        return 0;
+    }
+
+    BN_set_word(c, 16);
+    if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+        fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
+                "succeeded\n");
+        return 0;
+    }
+
+    BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
+    for (i = 0; i < num2; i++) {
+        BN_bntest_rand(a, 20 + i * 5, 0, 0);
+        BN_bntest_rand(b, 2 + i, 0, 0);
+
+        if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
+            return (00);
+
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " ^ ");
+                BN_print(bp, b);
+                BIO_puts(bp, " % ");
+                BN_print(bp, c);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, d);
+            BIO_puts(bp, "\n");
+        }
+        BN_exp(e, a, b, ctx);
+        BN_sub(e, e, d);
+        BN_div(a, b, e, c, ctx);
+        if (!BN_is_zero(b)) {
+            fprintf(stderr, "Modulo exponentiation test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+/*
+ * Test constant-time modular exponentiation with 1024-bit inputs, which on
+ * x86_64 cause a different code branch to be taken.
+ */
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *p, *m, *d, *e;
+    BN_MONT_CTX *mont;
+
+    a = BN_new();
+    p = BN_new();
+    m = BN_new();
+    d = BN_new();
+    e = BN_new();
+    mont = BN_MONT_CTX_new();
+
+    BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */
+    /* Zero exponent */
+    BN_bntest_rand(a, 1024, 0, 0);
+    BN_zero(p);
+    if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
+        return 0;
+    if (!BN_is_one(d)) {
+        fprintf(stderr, "Modular exponentiation test failed!\n");
+        return 0;
+    }
+    /* Zero input */
+    BN_bntest_rand(p, 1024, 0, 0);
+    BN_zero(a);
+    if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
+        return 0;
+    if (!BN_is_zero(d)) {
+        fprintf(stderr, "Modular exponentiation test failed!\n");
+        return 0;
+    }
+    /*
+     * Craft an input whose Montgomery representation is 1, i.e., shorter
+     * than the modulus m, in order to test the const time precomputation
+     * scattering/gathering.
+     */
+    BN_one(a);
+    BN_MONT_CTX_set(mont, m, ctx);
+    if (!BN_from_montgomery(e, a, mont, ctx))
+        return 0;
+    if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
+        return 0;
+    if (!BN_mod_exp_simple(a, e, p, m, ctx))
+        return 0;
+    if (BN_cmp(a, d) != 0) {
+        fprintf(stderr, "Modular exponentiation test failed!\n");
+        return 0;
+    }
+    /* Finally, some regular test vectors. */
+    BN_bntest_rand(e, 1024, 0, 0);
+    if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
+        return 0;
+    if (!BN_mod_exp_simple(a, e, p, m, ctx))
+        return 0;
+    if (BN_cmp(a, d) != 0) {
+        fprintf(stderr, "Modular exponentiation test failed!\n");
+        return 0;
+    }
+    BN_MONT_CTX_free(mont);
+    BN_free(a);
+    BN_free(p);
+    BN_free(m);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *d, *e, *one;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    d = BN_new();
+    e = BN_new();
+    one = BN_new();
+    BN_one(one);
+
+    for (i = 0; i < num2; i++) {
+        BN_bntest_rand(a, 20 + i * 5, 0, 0);
+        BN_bntest_rand(b, 2 + i, 0, 0);
+
+        if (BN_exp(d, a, b, ctx) <= 0)
+            return (0);
+
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " ^ ");
+                BN_print(bp, b);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, d);
+            BIO_puts(bp, "\n");
+        }
+        BN_one(e);
+        for (; !BN_is_zero(b); BN_sub(b, b, one))
+            BN_mul(e, e, a, ctx);
+        BN_sub(e, e, d);
+        if (!BN_is_zero(e)) {
+            fprintf(stderr, "Exponentiation test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(d);
+    BN_free(e);
+    BN_free(one);
+    return (1);
+}
+
+#ifndef OPENSSL_NO_EC2M
+int test_gf2m_add(BIO *bp)
+{
+    BIGNUM *a, *b, *c;
+    int i, ret = 0;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+
+    for (i = 0; i < num0; i++) {
+        BN_rand(a, 512, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
+        BN_copy(b, BN_value_one());
+        a->neg = rand_neg();
+        b->neg = rand_neg();
+        BN_GF2m_add(c, a, b);
+        /* Test that two added values have the correct parity. */
+        if ((BN_is_odd(a) && BN_is_odd(c))
+            || (!BN_is_odd(a) && !BN_is_odd(c))) {
+            fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
+            goto err;
+        }
+        BN_GF2m_add(c, c, c);
+        /* Test that c + c = 0. */
+        if (!BN_is_zero(c)) {
+            fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
+            goto err;
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    return ret;
+}
+
+int test_gf2m_mod(BIO *bp)
+{
+    BIGNUM *a, *b[2], *c, *d, *e;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 1024, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod(c, a, b[j]);
+            BN_GF2m_add(d, a, c);
+            BN_GF2m_mod(e, d, b[j]);
+            /* Test that a + (a mod p) mod p == 0. */
+            if (!BN_is_zero(e)) {
+                fprintf(stderr, "GF(2^m) modulo test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return ret;
+}
+
+int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    f = BN_new();
+    g = BN_new();
+    h = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 1024, 0, 0);
+        BN_bntest_rand(c, 1024, 0, 0);
+        BN_bntest_rand(d, 1024, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+            BN_GF2m_add(f, a, d);
+            BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+            BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+            BN_GF2m_add(f, e, g);
+            BN_GF2m_add(f, f, h);
+            /* Test that (a+d)*c = a*c + d*c. */
+            if (!BN_is_zero(f)) {
+                fprintf(stderr,
+                        "GF(2^m) modular multiplication test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_free(f);
+    BN_free(g);
+    BN_free(h);
+    return ret;
+}
+
+int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 1024, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod_sqr(c, a, b[j], ctx);
+            BN_copy(d, a);
+            BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+            BN_GF2m_add(d, c, d);
+            /* Test that a*a = a^2. */
+            if (!BN_is_zero(d)) {
+                fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    return ret;
+}
+
+int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 512, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod_inv(c, a, b[j], ctx);
+            BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+            /* Test that ((1/a)*a) = 1. */
+            if (!BN_is_one(d)) {
+                fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    return ret;
+}
+
+int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d, *e, *f;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    f = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 512, 0, 0);
+        BN_bntest_rand(c, 512, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod_div(d, a, c, b[j], ctx);
+            BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+            BN_GF2m_mod_div(f, a, e, b[j], ctx);
+            /* Test that ((a/c)*c)/a = 1. */
+            if (!BN_is_one(f)) {
+                fprintf(stderr, "GF(2^m) modular division test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_free(f);
+    return ret;
+}
+
+int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d, *e, *f;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    f = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 512, 0, 0);
+        BN_bntest_rand(c, 512, 0, 0);
+        BN_bntest_rand(d, 512, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+            BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+            BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+            BN_add(f, c, d);
+            BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+            BN_GF2m_add(f, e, f);
+            /* Test that a^(c+d)=a^c*a^d. */
+            if (!BN_is_zero(f)) {
+                fprintf(stderr,
+                        "GF(2^m) modular exponentiation test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_free(f);
+    return ret;
+}
+
+int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d, *e, *f;
+    int i, j, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    f = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 512, 0, 0);
+        for (j = 0; j < 2; j++) {
+            BN_GF2m_mod(c, a, b[j]);
+            BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+            BN_GF2m_mod_sqr(e, d, b[j], ctx);
+            BN_GF2m_add(f, c, e);
+            /* Test that d^2 = a, where d = sqrt(a). */
+            if (!BN_is_zero(f)) {
+                fprintf(stderr, "GF(2^m) modular square root test failed!\n");
+                goto err;
+            }
+        }
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    BN_free(f);
+    return ret;
+}
+
+int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b[2], *c, *d, *e;
+    int i, j, s = 0, t, ret = 0;
+    int p0[] = { 163, 7, 6, 3, 0, -1 };
+    int p1[] = { 193, 15, 0, -1 };
+
+    a = BN_new();
+    b[0] = BN_new();
+    b[1] = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+
+    BN_GF2m_arr2poly(p0, b[0]);
+    BN_GF2m_arr2poly(p1, b[1]);
+
+    for (i = 0; i < num0; i++) {
+        BN_bntest_rand(a, 512, 0, 0);
+        for (j = 0; j < 2; j++) {
+            t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+            if (t) {
+                s++;
+                BN_GF2m_mod_sqr(d, c, b[j], ctx);
+                BN_GF2m_add(d, c, d);
+                BN_GF2m_mod(e, a, b[j]);
+                BN_GF2m_add(e, e, d);
+                /*
+                 * Test that solution of quadratic c satisfies c^2 + c = a.
+                 */
+                if (!BN_is_zero(e)) {
+                    fprintf(stderr,
+                            "GF(2^m) modular solve quadratic test failed!\n");
+                    goto err;
+                }
+
+            }
+        }
+    }
+    if (s == 0) {
+        fprintf(stderr,
+                "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n",
+                num0);
+        fprintf(stderr,
+                "this is very unlikely and probably indicates an error.\n");
+        goto err;
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b[0]);
+    BN_free(b[1]);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return ret;
+}
+#endif
+static int genprime_cb(int p, int n, BN_GENCB *arg)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    putc(c, stderr);
+    fflush(stderr);
+    return 1;
+}
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+{
+    BN_GENCB cb;
+    BIGNUM *a, *b, *r, *t;
+    int i;
+    int legendre, kronecker;
+    int ret = 0;
+
+    a = BN_new();
+    b = BN_new();
+    r = BN_new();
+    t = BN_new();
+    if (a == NULL || b == NULL || r == NULL || t == NULL)
+        goto err;
+
+    BN_GENCB_set(&cb, genprime_cb, NULL);
+
+    /*
+     * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
+     * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
+     * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
+     * generate a random prime b and compare these values for a number of
+     * random a's.  (That is, we run the Solovay-Strassen primality test to
+     * confirm that b is prime, except that we don't want to test whether b
+     * is prime but whether BN_kronecker works.)
+     */
+
+    if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
+        goto err;
+    b->neg = rand_neg();
+    putc('\n', stderr);
+
+    for (i = 0; i < num0; i++) {
+        if (!BN_bntest_rand(a, 512, 0, 0))
+            goto err;
+        a->neg = rand_neg();
+
+        /* t := (|b|-1)/2  (note that b is odd) */
+        if (!BN_copy(t, b))
+            goto err;
+        t->neg = 0;
+        if (!BN_sub_word(t, 1))
+            goto err;
+        if (!BN_rshift1(t, t))
+            goto err;
+        /* r := a^t mod b */
+        b->neg = 0;
+
+        if (!BN_mod_exp_recp(r, a, t, b, ctx))
+            goto err;
+        b->neg = 1;
+
+        if (BN_is_word(r, 1))
+            legendre = 1;
+        else if (BN_is_zero(r))
+            legendre = 0;
+        else {
+            if (!BN_add_word(r, 1))
+                goto err;
+            if (0 != BN_ucmp(r, b)) {
+                fprintf(stderr, "Legendre symbol computation failed\n");
+                goto err;
+            }
+            legendre = -1;
+        }
+
+        kronecker = BN_kronecker(a, b, ctx);
+        if (kronecker < -1)
+            goto err;
+        /* we actually need BN_kronecker(a, |b|) */
+        if (a->neg && b->neg)
+            kronecker = -kronecker;
+
+        if (legendre != kronecker) {
+            fprintf(stderr, "legendre != kronecker; a = ");
+            BN_print_fp(stderr, a);
+            fprintf(stderr, ", b = ");
+            BN_print_fp(stderr, b);
+            fprintf(stderr, "\n");
+            goto err;
+        }
+
+        putc('.', stderr);
+        fflush(stderr);
+    }
+
+    putc('\n', stderr);
+    fflush(stderr);
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(b);
+    BN_free(r);
+    BN_free(t);
+    return ret;
+}
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+{
+    BN_GENCB cb;
+    BIGNUM *a, *p, *r;
+    int i, j;
+    int ret = 0;
+
+    a = BN_new();
+    p = BN_new();
+    r = BN_new();
+    if (a == NULL || p == NULL || r == NULL)
+        goto err;
+
+    BN_GENCB_set(&cb, genprime_cb, NULL);
+
+    for (i = 0; i < 16; i++) {
+        if (i < 8) {
+            unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+
+            if (!BN_set_word(p, primes[i]))
+                goto err;
+        } else {
+            if (!BN_set_word(a, 32))
+                goto err;
+            if (!BN_set_word(r, 2 * i + 1))
+                goto err;
+
+            if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
+                goto err;
+            putc('\n', stderr);
+        }
+        p->neg = rand_neg();
+
+        for (j = 0; j < num2; j++) {
+            /*
+             * construct 'a' such that it is a square modulo p, but in
+             * general not a proper square and not reduced modulo p
+             */
+            if (!BN_bntest_rand(r, 256, 0, 3))
+                goto err;
+            if (!BN_nnmod(r, r, p, ctx))
+                goto err;
+            if (!BN_mod_sqr(r, r, p, ctx))
+                goto err;
+            if (!BN_bntest_rand(a, 256, 0, 3))
+                goto err;
+            if (!BN_nnmod(a, a, p, ctx))
+                goto err;
+            if (!BN_mod_sqr(a, a, p, ctx))
+                goto err;
+            if (!BN_mul(a, a, r, ctx))
+                goto err;
+            if (rand_neg())
+                if (!BN_sub(a, a, p))
+                    goto err;
+
+            if (!BN_mod_sqrt(r, a, p, ctx))
+                goto err;
+            if (!BN_mod_sqr(r, r, p, ctx))
+                goto err;
+
+            if (!BN_nnmod(a, a, p, ctx))
+                goto err;
+
+            if (BN_cmp(a, r) != 0) {
+                fprintf(stderr, "BN_mod_sqrt failed: a = ");
+                BN_print_fp(stderr, a);
+                fprintf(stderr, ", r = ");
+                BN_print_fp(stderr, r);
+                fprintf(stderr, ", p = ");
+                BN_print_fp(stderr, p);
+                fprintf(stderr, "\n");
+                goto err;
+            }
+
+            putc('.', stderr);
+            fflush(stderr);
+        }
+
+        putc('\n', stderr);
+        fflush(stderr);
+    }
+    ret = 1;
+ err:
+    BN_free(a);
+    BN_free(p);
+    BN_free(r);
+    return ret;
+}
+
+int test_small_prime(BIO *bp, BN_CTX *ctx)
+{
+    static const int bits = 10;
+    int ret = 0;
+    BIGNUM *r;
+
+    r = BN_new();
+    if (!BN_generate_prime_ex(r, bits, 0, NULL, NULL, NULL))
+        goto err;
+    if (BN_num_bits(r) != bits) {
+        BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits,
+                   BN_num_bits(r));
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_clear_free(r);
+    return ret;
+}
+
+int test_bn2dec(BIO *bp)
+{
+    static const char *bn2dec_tests[] = {
+        "0",
+        "1",
+        "-1",
+        "100",
+        "-100",
+        "123456789012345678901234567890",
+        "-123456789012345678901234567890",
+        "123456789012345678901234567890123456789012345678901234567890",
+        "-123456789012345678901234567890123456789012345678901234567890",
+    };
+    int ret = 0;
+    size_t i;
+    BIGNUM *bn = NULL;
+    char *dec = NULL;
+
+    for (i = 0; i < OSSL_NELEM(bn2dec_tests); i++) {
+        if (!BN_dec2bn(&bn, bn2dec_tests[i]))
+            goto err;
+
+        dec = BN_bn2dec(bn);
+        if (dec == NULL) {
+            fprintf(stderr, "BN_bn2dec failed on %s.\n", bn2dec_tests[i]);
+            goto err;
+        }
+
+        if (strcmp(dec, bn2dec_tests[i]) != 0) {
+            fprintf(stderr, "BN_bn2dec gave %s, wanted %s.\n", dec,
+                    bn2dec_tests[i]);
+            goto err;
+        }
+
+        OPENSSL_free(dec);
+        dec = NULL;
+    }
+
+    ret = 1;
+
+err:
+    BN_free(bn);
+    OPENSSL_free(dec);
+    return ret;
+}
+
+int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
+{
+    BIGNUM *a, *b, *c, *d;
+    int i;
+
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    BN_one(c);
+
+    if (a_)
+        a = a_;
+    else {
+        a = BN_new();
+        BN_bntest_rand(a, 200, 0, 0);
+        a->neg = rand_neg();
+    }
+    for (i = 0; i < num0; i++) {
+        BN_lshift(b, a, i + 1);
+        BN_add(c, c, c);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " * ");
+                BN_print(bp, c);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, b);
+            BIO_puts(bp, "\n");
+        }
+        BN_mul(d, a, c, ctx);
+        BN_sub(d, d, b);
+        if (!BN_is_zero(d)) {
+            fprintf(stderr, "Left shift test failed!\n");
+            fprintf(stderr, "a=");
+            BN_print_fp(stderr, a);
+            fprintf(stderr, "\nb=");
+            BN_print_fp(stderr, b);
+            fprintf(stderr, "\nc=");
+            BN_print_fp(stderr, c);
+            fprintf(stderr, "\nd=");
+            BN_print_fp(stderr, d);
+            fprintf(stderr, "\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    return (1);
+}
+
+int test_lshift1(BIO *bp)
+{
+    BIGNUM *a, *b, *c;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+
+    BN_bntest_rand(a, 200, 0, 0);
+    a->neg = rand_neg();
+    for (i = 0; i < num0; i++) {
+        BN_lshift1(b, a);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " * 2");
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, b);
+            BIO_puts(bp, "\n");
+        }
+        BN_add(c, a, a);
+        BN_sub(a, b, c);
+        if (!BN_is_zero(a)) {
+            fprintf(stderr, "Left shift one test failed!\n");
+            return 0;
+        }
+
+        BN_copy(a, b);
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    return (1);
+}
+
+int test_rshift(BIO *bp, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *c, *d, *e;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+    d = BN_new();
+    e = BN_new();
+    BN_one(c);
+
+    BN_bntest_rand(a, 200, 0, 0);
+    a->neg = rand_neg();
+    for (i = 0; i < num0; i++) {
+        BN_rshift(b, a, i + 1);
+        BN_add(c, c, c);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " / ");
+                BN_print(bp, c);
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, b);
+            BIO_puts(bp, "\n");
+        }
+        BN_div(d, e, a, c, ctx);
+        BN_sub(d, d, b);
+        if (!BN_is_zero(d)) {
+            fprintf(stderr, "Right shift test failed!\n");
+            return 0;
+        }
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_free(d);
+    BN_free(e);
+    return (1);
+}
+
+int test_rshift1(BIO *bp)
+{
+    BIGNUM *a, *b, *c;
+    int i;
+
+    a = BN_new();
+    b = BN_new();
+    c = BN_new();
+
+    BN_bntest_rand(a, 200, 0, 0);
+    a->neg = rand_neg();
+    for (i = 0; i < num0; i++) {
+        BN_rshift1(b, a);
+        if (bp != NULL) {
+            if (!results) {
+                BN_print(bp, a);
+                BIO_puts(bp, " / 2");
+                BIO_puts(bp, " - ");
+            }
+            BN_print(bp, b);
+            BIO_puts(bp, "\n");
+        }
+        BN_sub(c, a, b);
+        BN_sub(c, c, b);
+        if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
+            fprintf(stderr, "Right shift one test failed!\n");
+            return 0;
+        }
+        BN_copy(a, b);
+    }
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    return (1);
+}
+
+int rand_neg(void)
+{
+    static unsigned int neg = 0;
+    static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
+
+    return (sign[(neg++) % 8]);
+}
diff --git a/openssl-1.1.0h/test/build.info b/openssl-1.1.0h/test/build.info
new file mode 100644
index 0000000..c262248
--- /dev/null
+++ b/openssl-1.1.0h/test/build.info
@@ -0,0 +1,326 @@
+IF[{- !$disabled{tests} -}]
+  PROGRAMS_NO_INST=\
+          aborttest \
+          sanitytest exdatatest bntest \
+          ectest ecdsatest gmdifftest pbelutest ideatest \
+          md2test md4test md5test \
+          hmactest wp_test \
+          rc2test rc4test rc5test \
+          destest sha1test sha256t sha512t \
+          mdc2test rmdtest \
+          randtest dhtest enginetest casttest \
+          bftest ssltest_old dsatest exptest rsa_test \
+          evp_test evp_extra_test igetest v3nametest v3ext \
+          crltest danetest heartbeat_test p5_crpt2_test bad_dtls_test \
+          constant_time_test verify_extra_test clienthellotest \
+          packettest asynctest secmemtest srptest memleaktest \
+          dtlsv1listentest ct_test threadstest afalgtest d2i_test \
+          ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
+          bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
+          ocspapitest fatalerrtest
+
+  SOURCE[aborttest]=aborttest.c
+  INCLUDE[aborttest]=../include
+  DEPEND[aborttest]=../libcrypto
+
+  SOURCE[sanitytest]=sanitytest.c
+  INCLUDE[sanitytest]=../include
+  DEPEND[sanitytest]=../libcrypto
+
+  SOURCE[exdatatest]=exdatatest.c
+  INCLUDE[exdatatest]=../include
+  DEPEND[exdatatest]=../libcrypto
+
+  SOURCE[bntest]=bntest.c
+  INCLUDE[bntest]=.. ../crypto/include ../include
+  DEPEND[bntest]=../libcrypto
+
+  SOURCE[ectest]=ectest.c
+  INCLUDE[ectest]=../include
+  DEPEND[ectest]=../libcrypto
+
+  SOURCE[ecdsatest]=ecdsatest.c
+  INCLUDE[ecdsatest]=../include
+  DEPEND[ecdsatest]=../libcrypto
+
+  SOURCE[gmdifftest]=gmdifftest.c
+  INCLUDE[gmdifftest]=../include
+  DEPEND[gmdifftest]=../libcrypto
+
+  SOURCE[pbelutest]=pbelutest.c
+  INCLUDE[pbelutest]=../include
+  DEPEND[pbelutest]=../libcrypto
+
+  SOURCE[ideatest]=ideatest.c
+  INCLUDE[ideatest]=../include
+  DEPEND[ideatest]=../libcrypto
+
+  SOURCE[md2test]=md2test.c
+  INCLUDE[md2test]=../include
+  DEPEND[md2test]=../libcrypto
+
+  SOURCE[md4test]=md4test.c
+  INCLUDE[md4test]=../include
+  DEPEND[md4test]=../libcrypto
+
+  SOURCE[md5test]=md5test.c
+  INCLUDE[md5test]=../include
+  DEPEND[md5test]=../libcrypto
+
+  SOURCE[hmactest]=hmactest.c
+  INCLUDE[hmactest]=../include
+  DEPEND[hmactest]=../libcrypto
+
+  SOURCE[wp_test]=wp_test.c
+  INCLUDE[wp_test]=../include
+  DEPEND[wp_test]=../libcrypto
+
+  SOURCE[rc2test]=rc2test.c
+  INCLUDE[rc2test]=../include
+  DEPEND[rc2test]=../libcrypto
+
+  SOURCE[rc4test]=rc4test.c
+  INCLUDE[rc4test]=../include
+  DEPEND[rc4test]=../libcrypto
+
+  SOURCE[rc5test]=rc5test.c
+  INCLUDE[rc5test]=../include
+  DEPEND[rc5test]=../libcrypto
+
+  SOURCE[destest]=destest.c
+  INCLUDE[destest]=../include
+  DEPEND[destest]=../libcrypto
+
+  SOURCE[sha1test]=sha1test.c
+  INCLUDE[sha1test]=../include
+  DEPEND[sha1test]=../libcrypto
+
+  SOURCE[sha256t]=sha256t.c
+  INCLUDE[sha256t]=../include
+  DEPEND[sha256t]=../libcrypto
+
+  SOURCE[sha512t]=sha512t.c
+  INCLUDE[sha512t]=../include
+  DEPEND[sha512t]=../libcrypto
+
+  SOURCE[mdc2test]=mdc2test.c
+  INCLUDE[mdc2test]=../include
+  DEPEND[mdc2test]=../libcrypto
+
+  SOURCE[rmdtest]=rmdtest.c
+  INCLUDE[rmdtest]=../include
+  DEPEND[rmdtest]=../libcrypto
+
+  SOURCE[randtest]=randtest.c
+  INCLUDE[randtest]=../include
+  DEPEND[randtest]=../libcrypto
+
+  SOURCE[dhtest]=dhtest.c
+  INCLUDE[dhtest]=../include
+  DEPEND[dhtest]=../libcrypto
+
+  SOURCE[enginetest]=enginetest.c
+  INCLUDE[enginetest]=../include
+  DEPEND[enginetest]=../libcrypto
+
+  SOURCE[casttest]=casttest.c
+  INCLUDE[casttest]=../include
+  DEPEND[casttest]=../libcrypto
+
+  SOURCE[bftest]=bftest.c
+  INCLUDE[bftest]=../include
+  DEPEND[bftest]=../libcrypto
+
+  SOURCE[ssltest_old]=ssltest_old.c
+  INCLUDE[ssltest_old]=.. ../include
+  DEPEND[ssltest_old]=../libcrypto ../libssl
+
+  SOURCE[dsatest]=dsatest.c
+  INCLUDE[dsatest]=../include
+  DEPEND[dsatest]=../libcrypto
+
+  SOURCE[exptest]=exptest.c
+  INCLUDE[exptest]=../include
+  DEPEND[exptest]=../libcrypto
+
+  SOURCE[rsa_test]=rsa_test.c
+  INCLUDE[rsa_test]=.. ../include
+  DEPEND[rsa_test]=../libcrypto
+
+  SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c testutil.c
+  INCLUDE[fatalerrtest]=../include ..
+  DEPEND[fatalerrtest]=../libcrypto ../libssl
+
+  SOURCE[evp_test]=evp_test.c
+  INCLUDE[evp_test]=../include
+  DEPEND[evp_test]=../libcrypto
+
+  SOURCE[evp_extra_test]=evp_extra_test.c
+  INCLUDE[evp_extra_test]=../include
+  DEPEND[evp_extra_test]=../libcrypto
+
+  SOURCE[igetest]=igetest.c
+  INCLUDE[igetest]=.. ../include
+  DEPEND[igetest]=../libcrypto
+
+  SOURCE[v3nametest]=v3nametest.c
+  INCLUDE[v3nametest]=../include
+  DEPEND[v3nametest]=../libcrypto
+
+  SOURCE[crltest]=crltest.c testutil.c
+  INCLUDE[crltest]=../include
+  DEPEND[crltest]=../libcrypto
+
+  SOURCE[v3ext]=v3ext.c
+  INCLUDE[v3ext]=../include
+  DEPEND[v3ext]=../libcrypto
+
+  SOURCE[danetest]=danetest.c
+  INCLUDE[danetest]=../include
+  DEPEND[danetest]=../libcrypto ../libssl
+
+  SOURCE[heartbeat_test]=heartbeat_test.c testutil.c
+  INCLUDE[heartbeat_test]=.. ../include
+  DEPEND[heartbeat_test]=../libcrypto ../libssl
+
+  SOURCE[p5_crpt2_test]=p5_crpt2_test.c
+  INCLUDE[p5_crpt2_test]=../include
+  DEPEND[p5_crpt2_test]=../libcrypto
+
+  SOURCE[constant_time_test]=constant_time_test.c
+  INCLUDE[constant_time_test]=.. ../include
+  DEPEND[constant_time_test]=../libcrypto
+
+  SOURCE[verify_extra_test]=verify_extra_test.c
+  INCLUDE[verify_extra_test]=../include
+  DEPEND[verify_extra_test]=../libcrypto
+
+  SOURCE[clienthellotest]=clienthellotest.c
+  INCLUDE[clienthellotest]=../include
+  DEPEND[clienthellotest]=../libcrypto ../libssl
+
+  SOURCE[bad_dtls_test]=bad_dtls_test.c
+  INCLUDE[bad_dtls_test]=../include
+  DEPEND[bad_dtls_test]=../libcrypto ../libssl
+
+  SOURCE[packettest]=packettest.c
+  INCLUDE[packettest]=../include
+  DEPEND[packettest]=../libcrypto
+
+  SOURCE[asynctest]=asynctest.c
+  INCLUDE[asynctest]=.. ../include
+  DEPEND[asynctest]=../libcrypto
+
+  SOURCE[secmemtest]=secmemtest.c
+  INCLUDE[secmemtest]=../include
+  DEPEND[secmemtest]=../libcrypto
+
+  SOURCE[srptest]=srptest.c
+  INCLUDE[srptest]=../include
+  DEPEND[srptest]=../libcrypto
+
+  SOURCE[memleaktest]=memleaktest.c
+  INCLUDE[memleaktest]=../include
+  DEPEND[memleaktest]=../libcrypto
+
+  SOURCE[dtlsv1listentest]=dtlsv1listentest.c
+  INCLUDE[dtlsv1listentest]=.. ../include
+  DEPEND[dtlsv1listentest]=../libssl
+
+  SOURCE[ct_test]=ct_test.c testutil.c
+  INCLUDE[ct_test]=../crypto/include ../include
+  DEPEND[ct_test]=../libcrypto
+
+  SOURCE[threadstest]=threadstest.c
+  INCLUDE[threadstest]=.. ../include
+  DEPEND[threadstest]=../libcrypto
+
+  SOURCE[afalgtest]=afalgtest.c
+  INCLUDE[afalgtest]=.. ../include
+  DEPEND[afalgtest]=../libcrypto
+
+  SOURCE[d2i_test]=d2i_test.c testutil.c
+  INCLUDE[d2i_test]=.. ../include
+  DEPEND[d2i_test]=../libcrypto
+
+  SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c testutil.c
+  INCLUDE[ssl_test_ctx_test]=.. ../include
+  DEPEND[ssl_test_ctx_test]=../libcrypto
+
+  SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c testutil.c handshake_helper.c
+  INCLUDE[ssl_test]=.. ../include
+  DEPEND[ssl_test]=../libcrypto ../libssl
+
+  SOURCE[cipherlist_test]=cipherlist_test.c testutil.c
+  INCLUDE[cipherlist_test]=.. ../include
+  DEPEND[cipherlist_test]=../libcrypto ../libssl
+
+  INCLUDE[testutil.o]=..
+  INCLUDE[ssl_test_ctx.o]=../include
+  INCLUDE[handshake_helper.o]=../include
+  INCLUDE[ssltestlib.o]=.. ../include
+
+  SOURCE[x509aux]=x509aux.c
+  INCLUDE[x509aux]=../include
+  DEPEND[x509aux]=../libcrypto
+
+  SOURCE[asynciotest]=asynciotest.c ssltestlib.c
+  INCLUDE[asynciotest]=../include
+  DEPEND[asynciotest]=../libcrypto ../libssl
+
+  SOURCE[bioprinttest]=bioprinttest.c
+  INCLUDE[bioprinttest]=../include
+  DEPEND[bioprinttest]=../libcrypto
+
+  SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c
+  INCLUDE[sslapitest]=../include ..
+  DEPEND[sslapitest]=../libcrypto ../libssl
+
+  SOURCE[ocspapitest]=ocspapitest.c testutil.c
+  INCLUDE[ocspapitest]=../include ..
+  DEPEND[ocspapitest]=../libcrypto
+
+  SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c
+  INCLUDE[dtlstest]=../include .
+  DEPEND[dtlstest]=../libcrypto ../libssl
+
+  SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c
+  INCLUDE[sslcorrupttest]=../include .
+  DEPEND[sslcorrupttest]=../libcrypto ../libssl
+
+  SOURCE[bio_enc_test]=bio_enc_test.c
+  INCLUDE[bio_enc_test]=../include
+  DEPEND[bio_enc_test]=../libcrypto
+
+  IF[{- !$disabled{shared} -}]
+    PROGRAMS_NO_INST=shlibloadtest
+    SOURCE[shlibloadtest]=shlibloadtest.c
+    INCLUDE[shlibloadtest]=../include
+  ENDIF
+ENDIF
+
+{-
+   use File::Spec::Functions;
+   use File::Basename;
+   use OpenSSL::Glob;
+
+   my @nogo_headers = ( "asn1_mac.h",
+                        "__decc_include_prologue.h",
+                        "__decc_include_epilogue.h" );
+   my @headerfiles = glob catfile($sourcedir,
+                                  updir(), "include", "openssl", "*.h");
+
+   foreach my $headerfile (@headerfiles) {
+       my $name = basename($headerfile, ".h");
+       next if $disabled{$name};
+       next if grep { $_ eq lc("$name.h") } @nogo_headers;
+       $OUT .= <<"_____";
+
+  PROGRAMS_NO_INST=buildtest_$name
+  GENERATE[buildtest_$name.c]=generate_buildtest.pl $name
+  SOURCE[buildtest_$name]=buildtest_$name.c
+  INCLUDE[buildtest_$name]=../include
+  DEPEND[buildtest_$name]=../libssl ../libcrypto
+_____
+   }
+-}
diff --git a/openssl-1.1.0h/test/casttest.c b/openssl-1.1.0h/test/casttest.c
new file mode 100644
index 0000000..c2a0ab5
--- /dev/null
+++ b/openssl-1.1.0h/test/casttest.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return (0);
+}
+#else
+# include <openssl/cast.h>
+
+# define FULL_TEST
+
+static unsigned char k[16] = {
+    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char in[8] =
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
+
+static int k_len[3] = { 16, 10, 5 };
+
+static unsigned char c[3][8] = {
+    {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2},
+    {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B},
+    {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E},
+};
+
+static unsigned char out[80];
+
+static unsigned char in_a[16] = {
+    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char in_b[16] = {
+    0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+    0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char c_a[16] = {
+    0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6,
+    0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92
+};
+
+static unsigned char c_b[16] = {
+    0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71,
+    0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E
+};
+
+int main(int argc, char *argv[])
+{
+# ifdef FULL_TEST
+    long l;
+    CAST_KEY key_b;
+# endif
+    int i, z, err = 0;
+    CAST_KEY key;
+
+    for (z = 0; z < 3; z++) {
+        CAST_set_key(&key, k_len[z], k);
+
+        CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT);
+        if (memcmp(out, &(c[z][0]), 8) != 0) {
+            printf("ecb cast error encrypting for keysize %d\n",
+                   k_len[z] * 8);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", c[z][i]);
+            err = 20;
+            printf("\n");
+        }
+
+        CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT);
+        if (memcmp(out, in, 8) != 0) {
+            printf("ecb cast error decrypting for keysize %d\n",
+                   k_len[z] * 8);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", in[i]);
+            printf("\n");
+            err = 3;
+        }
+    }
+    if (err == 0)
+        printf("ecb cast5 ok\n");
+
+# ifdef FULL_TEST
+    {
+        unsigned char out_a[16], out_b[16];
+        static char *hex = "0123456789ABCDEF";
+
+        printf("This test will take some time....");
+        fflush(stdout);
+        memcpy(out_a, in_a, sizeof(in_a));
+        memcpy(out_b, in_b, sizeof(in_b));
+        i = 1;
+
+        for (l = 0; l < 1000000L; l++) {
+            CAST_set_key(&key_b, 16, out_b);
+            CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT);
+            CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT);
+            CAST_set_key(&key, 16, out_a);
+            CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT);
+            CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT);
+            if ((l & 0xffff) == 0xffff) {
+                printf("%c", hex[i & 0x0f]);
+                fflush(stdout);
+                i++;
+            }
+        }
+
+        if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) ||
+            (memcmp(out_b, c_b, sizeof(c_b)) != 0)) {
+            printf("\n");
+            printf("Error\n");
+
+            printf("A out =");
+            for (i = 0; i < 16; i++)
+                printf("%02X ", out_a[i]);
+            printf("\nactual=");
+            for (i = 0; i < 16; i++)
+                printf("%02X ", c_a[i]);
+            printf("\n");
+
+            printf("B out =");
+            for (i = 0; i < 16; i++)
+                printf("%02X ", out_b[i]);
+            printf("\nactual=");
+            for (i = 0; i < 16; i++)
+                printf("%02X ", c_b[i]);
+            printf("\n");
+        } else
+            printf(" ok\n");
+    }
+# endif
+
+    EXIT(err);
+}
+#endif
diff --git a/openssl-1.1.0h/test/certs/alt1-cert.pem b/openssl-1.1.0h/test/certs/alt1-cert.pem
new file mode 100644
index 0000000..b94d0ea
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt1-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh
+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
+Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k
+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa
+3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY
+Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK
+gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp
+xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA
+YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH
+xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw
+HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV
+HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y
+Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py
+8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni
+ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2
+Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ
+Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT
+P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L
+vRlTFVjv65nn
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/alt1-key.pem b/openssl-1.1.0h/test/certs/alt1-key.pem
new file mode 100644
index 0000000..b5d4d32
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40
+2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa
+2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5
+ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A
+qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF
+wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta
+h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j
+IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF
+geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM
+szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu
+w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c
+55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4
+AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8
+hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf
+FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg
+s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/
+0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ
+iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6
+65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr
+cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+
+AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr
+g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo
+dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd
+LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV
+g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3
+sXJAoFllBNfAK3aanFOR1Q==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/alt2-cert.pem b/openssl-1.1.0h/test/certs/alt2-cert.pem
new file mode 100644
index 0000000..0e0f140
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt2-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVjCCAj6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCUxIzAh
+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAw+bG1zr36IgcElBxX1vFcfq1NhdwjzUWlYt88oVr
+Zbn2cKzOZWTA2ft8slJf5b5AgWWuJ1Ph1EdX9evBvUE3qVUPDpJQ7UNBMvScqL8J
+pCjWBcRK9WWguV6MTqF8dJnadup7qfN0i6IWquA4yDEcJDQR4j0BjoAEsQgkASYi
+maYN5W7PW5swj7AR4K0W5Cwy+KF4+UXKkHPCmYUlbBa6lXZRp3uwU/gXT0fmLz3W
+O8eT1PdoPnbRVFIKPhZrHcNAORti4xr4Cn8IEhTaqxIQnCjSCjhksoOuoojhW0qR
+s9t1lTDxyBX5Uz6smanEyCQ6TQFOdMj4m8ULNYTSZbGYcwIDAQABo4GcMIGZMB0G
+A1UdDgQWBBT4YmD7D7JsE8BJzNs/5cIpbtZxhjAfBgNVHSMEGDAWgBS6A5+dBiSk
+V+Zz+vU6Cfm6hcyp+jAJBgNVHRMEAjAAMEwGA1UdEQRFMEOCEHd3dy5hbnl0aGlu
+Zy5vcmeCDWFueS5vdGhlci5jb22BDW90aGVyQGJhZC5vcmeBEWFueUBzb21ldGhp
+bmcuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBaH8qg41pSXo2ViEsZWVyUmB7QwVVW
+bWeR191XTQPfPNEDFmUzzeBllMUedF4HyD36v7Flpo/LdPdXQnZQ/eyKalztFHgm
+uePN5DNdS5xn9aqiKNF5pkO9WDhhYuwLRM50JeiyvKk2NvNx9oDFUQ7G6jEJu/r9
+rd+8PCUa0SK1dDPJ9dpGrfsAYwk8kST5/JfyDMrocsijOu3v1uGTttMQ0h0A6w6g
+EW8p77dVS/a2S3wJo9EiFHhnrAN493cwSXgBZUhKoKOri2u6XKV2D3g8N6bp22Ut
+S5wx0pC8o3wW5upPsDAnEUt9kJJgVkS0FfCEHhHZ8iQyuwX15Yft2Qsj
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/alt2-key.pem b/openssl-1.1.0h/test/certs/alt2-key.pem
new file mode 100644
index 0000000..4c12800
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt2-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5sbXOvfoiBwS
+UHFfW8Vx+rU2F3CPNRaVi3zyhWtlufZwrM5lZMDZ+3yyUl/lvkCBZa4nU+HUR1f1
+68G9QTepVQ8OklDtQ0Ey9JyovwmkKNYFxEr1ZaC5XoxOoXx0mdp26nup83SLohaq
+4DjIMRwkNBHiPQGOgASxCCQBJiKZpg3lbs9bmzCPsBHgrRbkLDL4oXj5RcqQc8KZ
+hSVsFrqVdlGne7BT+BdPR+YvPdY7x5PU92g+dtFUUgo+Fmsdw0A5G2LjGvgKfwgS
+FNqrEhCcKNIKOGSyg66iiOFbSpGz23WVMPHIFflTPqyZqcTIJDpNAU50yPibxQs1
+hNJlsZhzAgMBAAECggEAfuMureALDTmD/TTPijV1+TKrRyL9jDSVsT1NLATRIG3I
+OwkjErek1kw3Y4VJihSl0Wpb2CtT3dxsE+Slc4EXnX1zqDuLYXKre2bHReGfTA4L
+Omb/Kl2uMgMUnCWq6BdzUozklpsTRRIy3nEnNjvg/24em0xqgrNW1pfwQjJCPQQX
+5ZLma+msDjT0BW2V7cnVh76A8qjDVRvJzKGRseVZEh+8Uke+SIKKLi1qICcK6MmX
+1TpGs/Yy+GaXk7HajmKEYEEDSRdS9sqFnvqkf1TsbHrZQqKdtWuXtIvss1ap7y1c
+PL5Y1z0/zf5WXV9nV3Yjd7F1tTN6S4sY7exOgNenmQKBgQDtkElQSwPHI3GCddfp
+Eo79w0K0N+PkkQTXkP/3566xTCg78xGU1HW0aw8jabVsSpHC2uD0dBJbkQ0iBa24
+VOwwGUUy8ZME14M0ToCDm2vXTR8oOw05DBcM4RwQQdGVxdnwScUJnDzefJEUyx57
+3HO4QWu+h4nBqp5CTk+Y5gu4ZQKBgQDTGsgtIcdQevWay4nXKp+kcUYJy2zmCnBO
+RFryyvdSSr3Tf7eeEZTicBiBp20fzppHc8/hdWnaF8+jlRx/hYY0M6hO2DEvXg78
+BbkqxwGV3dOZXEVusy8CPCQuRfQNY8XhQ195VyFdfsRKZ1dKD7C1Gky7dXgA26Ms
+KdWarvuD9wKBgQCi/h0fBujnp6zIqtvhoQcUmvTYO4STnOAqmuTUjVQxdyQfxazp
+ZUAA8ndnf66nRx5tB8nSTxUNWB8fma/QSgvnEF+HDXImn0r5B2drZKaACPz4mFOB
+MYdbIdQkX1RSI3ZdQ+/5oQWuTN8p2hbnOqD26YPoLIxaoRqGOb6pFCU0dQKBgDUm
++CHM8HdGDlLkTpd7ZuirkJvkuU2OcUpzkYayLeVtZjA7ZwsImDkPSkxS0HoCtfup
+oDy/KGC+QAyK/brp7ql0HDuF2ZR4lUNFWaL4qmCGksF5Zw4BVaO1atKv0EwSw/78
+zKwrkP4ObfPh4yuFmdNvhMRqRkXJB2OWQO8Kgc9vAoGBALXo6IGSM6TtHoNrnEwi
+LozF+eV6ZmYb1miBEBVOyCDl0BVx+6n3iNt17v2EmWLcFYS4ZE+AF9EuRfxuDv+V
+ZSK8sQKka0YgQmLPIoBXksZGwTUYBaO1ojFKuVzrE0ATnbVzuu5wHLZeyK2soCQF
+slY5WVhO5Oo2YTGB7Wxzs4Ut
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/alt3-cert.pem b/openssl-1.1.0h/test/certs/alt3-cert.pem
new file mode 100644
index 0000000..877734f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt3-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowVDEj
+MCEGA1UECgwaR29vZCBOQyBUZXN0IENlcnRpZmljYXRlIDMxGDAWBgNVBAMMD3d3
+dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANF68Ty4b18vK4fqVqJMIbwj/mLnF+WA6lvrzEE2
+79mtKLn6jHAjXWJCJ8U+ib23dRf7K3F3qJcQF3sEZpY3VgbmBMZe6mQ1A4Kfza3k
+Wm+D2vNy8BTh8esu3P9TsD89679qUaZ2/85RykFmnV8NdJnAgFEQ+NZuBeQck2Ya
+cZiYyjNCfWEnSsvmO66M99VXzzD9kkpEUXpe2GbLfzE1iP+79sFGGFHYAvmTmhKY
+DFIEJqKY56bnYBlFtQFTWGqjDe8irV8vFJ+VoXR73DXq/J/k9UvwytwDtsJMeRsj
+O61UpbBDV+QipZeGC6cXtRzxPDsxz0BAXQeWQl7F4xavc78CAwEAAaOBjTCBijAd
+BgNVHQ4EFgQU0K7Prr9eRi5yL/vKPFPpfIBCRUwwHwYDVR0jBBgwFoAU8FOJh91W
+GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADA9BgNVHREENjA0gg93d3cub2suZ29v
+ZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
+9w0BAQsFAAOCAQEAfJyYbBQfCHNwPeKi1/OYZA5CLOzktiiR8Uh/1YQLb80jNtcn
+f4zZOHURqd4mLDrKNnQ7MVqlj+CC3oN4c/L58yQqLm1fbTKXgH6t6OGgg2IL3Aet
+XWbHOg0arknwyOKY5jjVkzbZthZ9EaS0QTlN8eULHV3nwImlfc5IFDetzIvPJkz9
+82fYuUO5jeCB4vjKBX5Ha7rvg/6rnNX71vA3++JrFc0PRFoJvnQ6GQTtBSZE4dFK
+TOH5jE60bjDUL48jl267HLF5RklGuQRgZ3XfIU8JqDtEQuWJTWHc3NPEl2GOJO86
+QDfXLy4+TUfWsoAEuoVeOvR5zitzy3Wqcm3Idw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/alt3-key.pem b/openssl-1.1.0h/test/certs/alt3-key.pem
new file mode 100644
index 0000000..cc41860
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/alt3-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRevE8uG9fLyuH
+6laiTCG8I/5i5xflgOpb68xBNu/ZrSi5+oxwI11iQifFPom9t3UX+ytxd6iXEBd7
+BGaWN1YG5gTGXupkNQOCn82t5Fpvg9rzcvAU4fHrLtz/U7A/Peu/alGmdv/OUcpB
+Zp1fDXSZwIBREPjWbgXkHJNmGnGYmMozQn1hJ0rL5juujPfVV88w/ZJKRFF6Xthm
+y38xNYj/u/bBRhhR2AL5k5oSmAxSBCaimOem52AZRbUBU1hqow3vIq1fLxSflaF0
+e9w16vyf5PVL8MrcA7bCTHkbIzutVKWwQ1fkIqWXhgunF7Uc8Tw7Mc9AQF0HlkJe
+xeMWr3O/AgMBAAECggEBAJFEuNZq8JEJnR58G+gg86QNMfRUXfYCGIP2WYdAGcTS
+mFOgtJNvcusZBYt7evndp44h2FavrHJV7nKY8qtpZHcUPGt0lwc23GBRgcj9etmq
+jsQVCPjyV1nI/ejymF7DCiGMEWNnUq45ehEwoCGyqxGUtWeCZY4Obndqea1s2SoA
+SIwrP74kSP+cjcOb+KEg5jF5aT0Mzo9ipQuuoxLzjXJhtQuyDYOulq4g/jalMewk
+GLgRgbzrEDK8/DMVu35rNJ+CHWHowo+1G4lLY4DhajPMXMqb0dgR1JlFF5qyBoTN
+CJXq4mpuf4ApEd61MTCm0FoqSm/AprSAIISCqapytQECgYEA/ND+C9ZnOOtTxgqI
+nuq2r1yGFlNnbovcfiU3vrceUvmN+ne1tBtXSTNB4H95AUuoBeVAeYApBKxc0c9K
+5Pnwp5NdPbana2cfuorzJrIHM09RP/obDP8VTnNJeO7wd+00Cx5ZnV5g8UcicebH
+hbjfsc/lkd8G8YCIx+DBigzjIO8CgYEA1B4/JjCOuzM7Ag3y+XIIl3Ud4n15uog1
+5tDD1y3xWzZbL7fh0APf4mT8cTTU0ms4i9Rnpraw8ds9EfhMDXxJBs+LO6Ivw5RY
+RxWoAB1YTPU+T8EuTzZzIp/jrWTgsvLkjNq25W/lbZLO1n8ofFMgAAbWsN0J40ZN
+70Sib/JAOjECgYBSiJvXG3h5QYIIzhmJ39Ah8Y+orDPBCBHEcLwBG+Dfb67lDL2Z
+/a8CK6Se+J51SNCilBP3VlqNtwNaT1UA6YOiAV7YLc/8JR9bk88LW+Uz3/oDa8/2
+7zNyd/qNa1u/mwV5d8ADuvLk8bcR/ig2xILqlpc4htnKb463ye0E924SqwKBgHKL
+OtKmmgzg51Z+rdyiBZ20MsUhuOBPubvAtGC4gIMe4TLte1VXIkkg+2kufFZ8a/am
+ZqqSMQ8JsvrHOFp36P9yh99V/7D/pIQOX8BgGFTGgjWTPiysXJQv/0SdGvHHVD/z
+w5w2RpBbHLKbzAMG6FrbVof/dN10E5XHXGhTSvehAoGAHA6WgpPFp7iJBoC13NrZ
+q3DKluiytegvljyDW5hOlRGqdWp7551EGYLnWtc4bSHboIf89Iz4mW/hyYr7frzE
+A3Ksob4NIUCGMFJGSyTuK7eyhAxlVZbzqepZ+YftfTvW3iVXkxXx6kEgdzwPrNMx
+DXwfc6G23PX5tUayTZqKC+g=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc3-cert.pem b/openssl-1.1.0h/test/certs/bad-pc3-cert.pem
new file mode 100644
index 0000000..f8e76ff
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc3-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDZaGA8y
+MTE2MDYxOTE5NTQ0NlowKzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
+BAMMB3Byb3h5IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfkPXh
+tGaOG5MRdMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6
+WCKThzpB+hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZd
+MnsIrS/WGmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRc
+G9ZSeuuGiVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6G
+MSnEBK6F55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs
++Fl7D7a9DbgPbY2HAgMBAAGjgZYwgZMwHQYDVR0OBBYEFH18o4bnybHle31aYNRi
+QZSGJ96XMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7pbh224iVD3Jx8oR2kGzAZMRcw
+FQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNVHRMEAjAAMCQGCCsGAQUFBwEO
+AQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJKoZIhvcNAQELBQADggEBAGKD
+jTgyuFlwNRgrw0g4IZMmbEWcgW4r1v2yMRyAXhZuVyc8lkUZoe14eM4kqwJ5ayti
+peN+ETpRk6AS4eaCEBnn4tE/S8TD4KRovio1EWy5TvjPE6M9jPonF5IfNKgGuR3o
+7gN0KKJpzf9jj5JEJPV/d5AKw9fMdSZseea7bZ6JV8kKCW+9WCSMFnwR7POPWSQa
+ZNJy1PN6GlvHykdK4QwZT3jHaQMVY/uIC1BXrN3sC3l79jnL5tTeK8JLvZAqjfy5
++5pNH71k8zqVR2z0fC4oiv8TNsDn2g07wCCcQmzg8JHsP5p/hyUg51RqrQJhAbaf
+eUmD8lyBBdfcia2UqJM=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc3-key.pem b/openssl-1.1.0h/test/certs/bad-pc3-key.pem
new file mode 100644
index 0000000..8ddee57
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc3-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDfkPXhtGaOG5MR
+dMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6WCKThzpB
++hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZdMnsIrS/W
+GmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRcG9ZSeuuG
+iVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6GMSnEBK6F
+55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs+Fl7D7a9
+DbgPbY2HAgMBAAECggEASAMzkG5BkojDSJ4qyJbG9vAV/awtV0fvJHhIJpt3XFT2
++LS4YVkj4MSAEw8WoidsYzOPT3DQQmEOnO3pM8sNbX71PMWMeuUAQr4WY4rm6YpP
+DZfbr/D8AhHacmbxX6bYqd+sj7yQ8OyIOhjpS7EfTl6ojO5PWX8lqT6pvHHyE/Ol
+1ZH2MG4GaX10IfrF7bw88XozmFfsw6eVX6t3cBK3PNapxj+RNEwcYBAgtXBNVVAJ
+mSMkgSZ8/kTggRr3ntKvXCiOrm8Iud6Bwqp+aXB8+etT9p6gWDs0J4MCfkWvva+1
+WuZDgryiVnIdqwalrLMg2IfwJhjtlqZjj0R1Oe2isQKBgQD/JSlg+/ZYAmm/BzzV
+C3mII94Vw0lvX6qpeKMXvcwVcWRSwJMnMPMxnxebyEZopn0t25CRu0+N+sHNUZKg
+JVw5wL9nA7815JGTfVV9znN8leSYdhvWh6amrKT+Ku+1vXTBONFAR85eilzYUtff
+jKGVDhBuZ7a5YIT6+DOLoPbMdQKBgQDgULasEUxNTeVSq6qzM/1tvSR4Z9W2JIFr
+nDxC/RyPq5LN+3Pg5JiA3FFION6C2Rb+rb2RBlpSxuO4Jv+gPWnqZfuXZiTusiDd
+dnyFsAoGPnb2SIm3OAO2N3w/7ttmRCsWnm0mkFLkd4XJG/mtDcHrit1SZTEWima2
+wKf2RJEiiwKBgQCH5+aTp4K/vIFRZOyNWvBgiSJ6GyzZq26/mOfe9JVp8p2KytNX
+c+aGzwSHUXXXtp9FNwhZ6BlnOmPTFxlwPpZSmQ4bNE68yUSV+JP6UGcJvNooL/mC
+G320mI/GZ16KQyGW7snfYKBXkYIFJJOim0lSmUw9Uvds5THQcTcbsCDmJQKBgQDE
+F2sJUnncXkspkO5BiCJ0a1NVepgFiTYmJ0c63F+6bKeCL94l7FAw3eikdSp3QmXq
+r2E3RVFyaXGqi1UN9IIBqbNdr6p7i/ZVA35ps/Gfcb23IMRbCbmc8jZJAXqElPUB
+6e7LNoFwPdgTbcQ+9vbd/N/rZpCZ/tU5z4NFMr2ZbwKBgQCPN9KsqsRRK2v+j0wt
+ArKrWHK5w1Cj5rRbedOn8659edTB5tqrFtZh4YJB842oe4s2XYXtk+Kq9HBRh4Em
+CkO/JSH7lgVXT1zsf0ZYojaZWLhVTNHa3PO6R0FtyC0h7MtHV9aquPNCeiQDkwbT
+RBV8wc0Stpj+QEShPIS9gEQVNA==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc4-cert.pem b/openssl-1.1.0h/test/certs/bad-pc4-cert.pem
new file mode 100644
index 0000000..5e47992
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc4-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTBaGA8y
+MTE2MDYxOTE5NTQ1MFowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC2xxl2G3u38wzrx5uWgKiZ557ZIbLQECZgwmMbGzdrNqbD
+veVgTEdkIxRk0py1QUqqukhTk9OpkUrYiSUpkAMkc3yRtpCp2KZeuN6OwyeAm8Jf
+KUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0
+ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUDY6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLz
+zfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRX
+iJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9nWuOk1N3XAgMBAAGjgZYwgZMwHQYDVR0O
+BBYEFLFSiWVtSRQ48ziWfxHBtmC/PwPiMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ
+KoZIhvcNAQELBQADggEBAEg+p78n5eTkl7D6OPecC47nqFp7pNQtWTksTxMgBtz4
+LeZR0nBX1kZdA0arVd7RAeqjR5wCwGIbdc3hFu/xeoPeTUBFv/7tiTWsCFBmfoSK
+Tu/NeYrfIc3Qd6KhW9iwUxN7GFAZZFhJ3xVpaDhjpMDlgp9UZ24vN+eY0KRhuHQv
+hGJcyWs5M0dYGVyTSS5VueJSWlXD98KT49LzdyAfaveQoIMFaSH3rmR4BXvUMjEw
+ByFwvFeG0lrtvcx3RhvlJQYixUPME6TcNOAWJARJ0qiO1PCufFDlOSjq8GjtxGbc
+JjMc3GfdaieMM8afXWQPflfLw/Jb1rPOKpikva05ZMI=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc4-key.pem b/openssl-1.1.0h/test/certs/bad-pc4-key.pem
new file mode 100644
index 0000000..49406bc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc4-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2xxl2G3u38wzr
+x5uWgKiZ557ZIbLQECZgwmMbGzdrNqbDveVgTEdkIxRk0py1QUqqukhTk9OpkUrY
+iSUpkAMkc3yRtpCp2KZeuN6OwyeAm8JfKUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv
+3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUD
+Y6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLzzfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad
+2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRXiJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9n
+WuOk1N3XAgMBAAECggEAQbq33VFk3HH7Y48U1LrP5wj0hwEnXMtyAbnmCglvlI7C
+ygGwS0EjK0+yNc/HqycfwuXavLOcmo41bEllo9y2RJWDZqNQwsO2kLnKz2w++HEL
+JU2g8kvBYaSxlcZwxxfgL8saprM9polfjCel99CLYSIkASVyIO9/lIGDlQE7kDHb
+B+YdDzucQtyi3LXsdcfW8so2DsZla2Qa9305ZAZPEOFXFjsvKR41WdI5r1uwsrYU
+voMcH9k3aefOd62+e1KodO5w9TxSYTw2bLrGhjB1UzEzRGIgOY7L+VSmYzTn+ARY
+loXqK4sA9yvr7z+ZXHeA1y0XuMRzkG7qf5Z0pc29AQKBgQDd4piLIt0Rygzud4WQ
+5UBwwLd1u1A3jdU5EACvG4GBlJiQQPU0hHcTGoFbnTNy+y7QSBl/3viRH5WPx8Cx
+O1nJ2Qc7mlAmoKq3Gs4gso6utPP2x9Rs/bIPkL/LhAdi9BBnp6H/5dyrvtv8O1OQ
+S1rXpYTjmYj9X7BSU1PsDUiyWQKBgQDS4TwxXycJYClGufq9mrNuAoMfReXaiwv3
+b7wfRfOn1cL0hjLjLAhxn8eau+/7ZKS8ScXqHszrz0yXPfxTtWJ/DvhuobWOOWJd
+RmHN+OAxCLvcZD1hy6bzXqYuuX2WrARUKWZRg7RXxlOwnkcR8/7OrmnsnEiCh8wg
+9h/GGd4rrwKBgQCXV4BOnrgE8zjAyrtKqmO6xGgeIGZFjjNaWYTt6yf5V358HiJh
+8Nw7JoAHGgFGsvcqT5M8+bu3WMCtskTHXkEPAT4CtG1o+3uVqu3ftYrGtVwV/hTx
+RlVWcpevW92h6/DokplXrtRGPMdVkq2bpRpQLnCmwUmD8OmWLYn3XtQv+QKBgCA6
+jBh/kle8epJ0mf2gRwvpFmERLa/Y0FtgmD+vUS21XbZBTEWr1R6IbNkZH/QrzYF5
+ROYjDu57IBl9P7MLZaJFh3JhBH5YBtB6kTgJcToNO6jTKQ5pMXrAXGWHs8nzQDYc
+naaXmlhP1zqG9hWoVKkBvu6KdAp+9pOTCggcq/fBAoGBALHpj0QFvEzROBpLiNtW
+zrU7jcl4TwAbTh26cjb3Nj/2J+JH3lmLilxT6ltKUvtXFMmAT20at46RMGqY8z7R
+Z1OgtiraQtSG7BeSMRLJ2aCM8+JotvYMjRauiC00jXZCsusyJ1mLqgWlHu+YORVE
+9fO6/M0yLLz4mk5z2gdrP9MA
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc6-cert.pem b/openssl-1.1.0h/test/certs/bad-pc6-cert.pem
new file mode 100644
index 0000000..d529091
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc6-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MjAxODAwMjRaGA8y
+MTE2MDYyMTE4MDAyNFowOzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxIDAOBgNV
+BAMMB3Byb3h5IDEwDgYDVQQDDAdwcm94eSA2MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA5hE+Hzx8w4tAPaYsbdY9ZJSzpzpa8ZBsZxhiJr9ayIU4C71m
+uV7EMZtUGyAbl1pXzBcvNQq/lUnXL4hpl612h9Pg7H+oaNM1ZVDnRFyIWvaq/oVu
+msi//4z5QetkM2zRa9T3BtSWNJF+9BnDsdDxi2qLW5xY9xN3tFr234ueri9HNK4O
+V0vJX67wgmVgGmIX6EQlgX5RF+PdU4SYjqxZZe2v0+ND334svlDAdQfKYf4pYqMB
+Vs5hi4PYiuU2QDhLOms0m4Fs54mRjRQ/m/I4L/j2R4051xLO1ya5UrZWepkvd4Uk
+rW7lC5JyFvG3Mp/QChrGZF0cb9iHi81iUNULAwIDAQABo4GWMIGTMB0GA1UdDgQW
+BBQwWHApUcXg5oqkZdg2JpLWKfsUVjBBBgNVHSMEOjA4gBTTom+GhtAFXG2+6W4d
+tuIlQ9ycfKEdpBswGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGWCAQIwCQYDVR0T
+BAIwADAkBggrBgEFBQcBDgEB/wQVMBMCAQAwDgYIKwYBBQUHFQAEAkFCMA0GCSqG
+SIb3DQEBCwUAA4IBAQBe/pghhwiZk++TtmV/eTLbQ/tMOxlb1Q5MhX+nF42eI52G
+Hwsg3dBHgy2RSgTE6fzMUt8cyEplG4nqCpR7qm2ZGcHmn/IEO7exZmWTvurun4tF
+56L2W0oe5hLLJV9W4akVTH6LpRZOR/CgMcew6tvzmuAADcP0KidFSxkd/Y7plhSy
+hptq50Qey2yyA1UVTCQ8k7OSvL2lyD6F3EasejmK0FuHekgewB54cTMCBBw/7aZc
+08rvhIi9X/yQKFD1o5kvbTi5//zcCx0RbMVZRFcrFUD+PNwt7QLpFrMs4u08aok4
+/QzS0G+801JZa1zoUMnnNPNGlfybvANVbovUCc2h
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/bad-pc6-key.pem b/openssl-1.1.0h/test/certs/bad-pc6-key.pem
new file mode 100644
index 0000000..ef7541c
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad-pc6-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmET4fPHzDi0A9
+pixt1j1klLOnOlrxkGxnGGImv1rIhTgLvWa5XsQxm1QbIBuXWlfMFy81Cr+VSdcv
+iGmXrXaH0+Dsf6ho0zVlUOdEXIha9qr+hW6ayL//jPlB62QzbNFr1PcG1JY0kX70
+GcOx0PGLaotbnFj3E3e0Wvbfi56uL0c0rg5XS8lfrvCCZWAaYhfoRCWBflEX491T
+hJiOrFll7a/T40Pffiy+UMB1B8ph/iliowFWzmGLg9iK5TZAOEs6azSbgWzniZGN
+FD+b8jgv+PZHjTnXEs7XJrlStlZ6mS93hSStbuULknIW8bcyn9AKGsZkXRxv2IeL
+zWJQ1QsDAgMBAAECggEAV8MsF25TiaSNFPdW629WbA/tmFVCa/PT5l/+0Rkd4HAx
+OQk/LmdgICxIoTBWVh44b7pIX8uB2ckZNSCsZxfcp2PD4XOxIouvSr7Z+dHykgCW
+qhDsaE88LpfwXZ0V1CgmmyPaN9jQk60M6MELTcGO4sf58TBrH5VljH9GvW/dUEQv
+f85PsN8VMWdZYx5AU97oLxNlZgRgZa72rtRfW3xi+Nnf/TbyqQ7pJAHdGju7kR7C
+Mv7Kp+us/FzPXJxHdumh8BSAbqn2Fr1hgUyH7v/7n7oSLpBATLOQ49K0X4OnEN3m
++GYzj9rpnza9QAX3too3EP0tDYZaJUUZiQqdtFIzgQKBgQD6KISBQq7LjRGNOr+R
+ayA27HlrZ0O0STyOkxOCx8GqdHQjLS/REGnLAJy6ggm3Col4ACXkD8zNLenFCCsA
+CVq6iEQcGiT5bZyJa7cwLEGdoj8Aqd6OM30TgJ1u9ZJSWukys0BhhQ7huBmxdpm3
+ykIGQ5DxhnecXJdYylzdunktmwKBgQDrcJ5fyYFSheQjW2TkNTRSDccToGVPIECd
+/a/FvhzqhwLWt1d0Hpub9M37AwpN3V8IM7PHcDqgpzrD3q+vLW726h68ETAqZX4H
+FDHLPiENkoBZoj6yjS5fmAkVa7jhGQBFSIQ1s6eYkAHCRwSbF2jfNK1no8fERwkp
+XjEf6yWiuQKBgFPfQ9Xm2p4qlQjp+pKx/SINFQSaocuPhnsy+qatfNQ+qTWmD9Mj
+kqTadrHdqY4yPTb7rbiSR5M/YpKKE4i2mjHSQCu/5EewpXw5njjLjdBhNohta833
+m2bvh1lNgpqUGn3CNcK8junFBPBIGG/To2FgQ/eGoxHMxX2ik5JP1BMjAoGBAJ+K
+ryeFqua66D+1XQbvrsazo2V/WWdnGaJ2GDhNfdbHKntJvi9n1la2ayZfhwoAqrcq
+IfdR68iVydKVAkQY64rSV4VluFficqZlXuC09zz1O5iBwy7HUNdidTVYy+1tPau1
+WjHxze4qF6cI7OwTzvMCBUenymUNJf4sX+mbNOOxAoGAHYK/AbJtXFKcYx8uj0MA
+YnkWWjTKMJ2TQIu94CaSf1oR4M6fuskgPfuRjW/CyBFQ3zh9+F4l7lG2Ywv16rBb
+/1B7W5euucM8JYxSGAicqKX7iYV6Ikz0l21Slw6fy+e1U4gIDfZPgx56iV7yVoGc
+IywUjiA/G1N3M5WBVqBl3K8=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/bad.key b/openssl-1.1.0h/test/certs/bad.key
new file mode 100644
index 0000000..4708495
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi
+HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL
+fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ
+n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh
+7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6
+y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R
+452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO
++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/
+rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9
+ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr
+5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF
+XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr
+YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC
+PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw
+MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ
+AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR
+Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf
+pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP
+kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH
++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur
+WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi
+njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR
+R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR
+8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP
+RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/bad.pem b/openssl-1.1.0h/test/certs/bad.pem
new file mode 100644
index 0000000..8769231
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/bad.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN
+MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
+ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi
+YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8
+nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp
+bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh
+twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB
+cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb
+Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm
+ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4
+9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht
+OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H
+pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR
+VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ
+ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ
+O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt1-cert.pem b/openssl-1.1.0h/test/certs/badalt1-cert.pem
new file mode 100644
index 0000000..99f1e26
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt1-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCiqb6LYFYj1uPeIVuzuDL1bfV8+xlrws67I+9yVDiH
+slYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYfLhF3LQUvXyON0LkjkZseXVFLNokD
+BXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByCIVUOpiXBbq5FtsuLhquHK0yAsY1g
+JYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn69+s3nGx9QheboiDVTWqynxDQn2W5
+ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdnsAJ/pN2Yc3ri53OPodTkmrRha31N4
+8TA7st35XepAk4vZnSq7cml+85xs8Az/OZDSHH1EV5sDAgMBAAGjgZMwgZAwHQYD
+VR0OBBYEFOI3TVHkhEPOWw3mh25Ri85AMqJmMB8GA1UdIwQYMBaAFAjRm/nm1WRw
+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwQwYDVR0RBDwwOoIMd3d3Lmdvb2Qub3Jn
+ggxhbnkuZ29vZC5jb22BDm90aGVyQGdvb2Qub3JngQxhbnlAZ29vZC5jb20wDQYJ
+KoZIhvcNAQELBQADggEBAGpxmDDbqtgDry35nKv2pTDMHW9Yqv80ZQmy61kQiatN
+vJzxdb+admW+CNXHHqsAeRr6ai2aQkn2bJrMkGuosNrkVOg43Qw7k45nIK4jUgUc
+dcH7vVp+8isjSYXo2fIxulhE8N8fhhMVAQrhQywkdJW98fDlq+lHqUAEHJ7vNtlb
+4LssY78+hq1ftjYiItAybc8peU3iDjUl+TTk0ZLTX6E9XE0xRYV9berAyTIUDSIE
+GpzEtsBqZlTdkvZOfsTs4s4tpkOoZQ1aHniCk8fQ+/nI3CS9EHuWqt/s573rCRl4
+HfiXnUmwyOm6IKzBLsbgxlByfI7fAS1Nm/hLhgtglfk=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt1-key.pem b/openssl-1.1.0h/test/certs/badalt1-key.pem
new file mode 100644
index 0000000..8d70885
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC8n4gY4wOae4Sg
+pyqOZf4bg5JDa/NvzZV/g6PawamFQJIAjf41ylZ5Cjdi9+2H9CuFZ4e3im9L6Hu4
+2ihsTeLmxtIabr2w0bFxTW5ZQ/NogfyNGgdcSqUrQLF8nSqE2NJ88sNVyrMQPLMk
+LllqvVFhXEBntFfZSXKIz2sA6LIeC/t8UReznRfAKF5lJoBjjDXJLOYmgz44rxqq
+L7m84ABJYD119LXRc8N5XfEvC7ff61ZrBOrmxtwZY8FJWODsS/CC+RBN8nnt8rh8
+ICyfh/2gA4x6Mwt6dVMax2dw4u/esgbokjQ16wvFGjWKzufdSPa3Tk7hrhvRC38h
+8jAqpxtZAgMBAAECggEADW9fhkZFL2+01qyRf2sMWnFYray2vjPqfhamSSKaLH+Y
+5qk2fiZXWm+72jTGmnRt1Sa2qAAYRVPd3CDN2EkD7GQk+vUAVePZu7REM99/KuZ3
+UqWT+KLoeNg2zCV1rdizxWqVNzsk3fc021Lh05SAg2rKu5hA2Z09pzj+6iWo6jLY
+0pFml3LgNjYy7VQ1V8978vtaVhVYklOiAT4dfNirt42F1NBGgaRCLhOlROOJYPz1
+LCjSlKzF2T6e/4hNvxQXGt2yJ1fq9dIj9h2XaGBbyPhiy7gUvMNC46LB66kOkPwL
+4rX7OGAEgr/vHpZvPiCVALK7dm92Z87+yem92UrDwQKBgQDzj+HvgfxDsezpZUHh
+rFEobTx98XOtCDDn9uS1dODGB+DaRROzybqfcf1D3ayWoS0ucajoOsv+/brq5FsA
+f7aNMbSTZNIIqjOyioWAz/4Jqupcr3RFczaVG+mX+OPHq1WnvCWfD/yNI8MSy+FO
+b7LdO7idN12M9HNurZGmO0Jv9QKBgQDGQW0efsO55DN/Ve6QdLeqSjVvXhmDKv9i
+6bBu8zQQWD5hFqirDl8144VY1SqTua3N+QfX0DX0QAxqkVeG9O2sNERumElWaBm+
+MnOKW/IklXIK7shmjtAzarRD0cX/8di0Wwv0qZfL6iU8tkmh89kNyUE6tHbmpeUj
+fVeO0G3TVQKBgCWAkw5Y2mnl/I+XasR/zuNFppnR0rji2PzulBqoi2+SiPmyxyzY
+s+aXG6MWf9uVp6pOD+7qFr0FfoFqdeSmxYoKDD7huEFjS6CDGblSzU/ZxEpPLbz/
+13iwGpCu3wvAgujX3IcYZA+rYP8E64UzR7wu1OdIPhxVC20QRqvs1fb9AoGAPCgy
+IiS44zkZXzQF9ZNU/7kQycA14ZU0dSEPxjrJu4PrOa6Uc4Mi5Mkq9y+Hgde/o1ZD
+SPsGxByDJ/r+IhdD3xLlCOHwruVbmljYsk0ABpXKSwL1kBkZl+By3nlSqT0LUn6l
+/BFR3DAqKGfvo9LIM+SzhEqqIYaJJuGrpcwc5xkCgYBu0Q1goQd3me/U1KCIRYN1
+u0f8H1uav2zGp9818PvLny6tMa83Kfam/zT8zGIOBEty530jPFWDnky+CLAm6qYL
+ANLPHiCErO+3n15C80porioSFnUL7QY/5uRfTwDjcgCjGQgDiL1RhwZJurmFgwM3
+RBPODQ6vGkTdrJOJr2AWCA==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt10-cert.pem b/openssl-1.1.0h/test/certs/badalt10-cert.pem
new file mode 100644
index 0000000..9db1768
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt10-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowVDEj
+MCEGA1UECgwaQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTAxGDAWBgNVBAMMD3d3
+dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAM273Y+gNkheA8Ifd/zsmibA0KmeuEKGZsLvv4Vl
+HXABoOtYli7wkfyZPexHgUUdNe6Tu9de7nYDCx/iWoSdrcKl+/5BBiFcLY72Buqk
+DF2vmC+un8z4ykHa+dqJ2KaL7j8uLsiSPCOk9+tM+bvCYv4o1wPBsoDmPg50yvXp
+RVR7487cN29h4BnZC1BMXuwUzEexpYCy7i2GQTI4DrQ+oN1OsIUbHS9qQxrfx+vG
+TYpeZOkR2Mb6OtPEHCGpCsxNCDzhPAmlH6jaxT2kCkhuAWkqkhHLTuga3kmXuH2r
+OBOpq9TRhC2kPipcuOcIdnhexovcODVJ0X0prkS3P10K3fcCAwEAAaOBnjCBmzAd
+BgNVHQ4EFgQUmGUQRhEili5u8F+d8jSgSLailgUwHwYDVR0jBBgwFoAU8FOJh91W
+GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADBOBgNVHREERzBFgg93d3cub2suZ29v
+ZC5jb22CD2JhZC5vay5nb29kLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2Qu
+Y29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ4RTnIR7Tgv4rq1Qx7pbx3Hlw
+Y68L0Nt/8GaFZK0pOrKHuY6HUcUOSabtchcm/CYF1ZowKT5KGWmR8X1WzgHe9Aay
+4njzcnTu66hc1osZdH2lF1+lkNA+HLvzNNcBu0XwqzCs2f/yp4uznuHZKvX45y4L
+x5TUh570LVUnnoosdTmzicZdXcw0nzikbueNAFSrZFLPt+lH/t1P7d+gNj6hAOYi
+6Ac+JEjSAPXZOzbNrf56SC77cvkkFrYONjXgrJfNpZHMCNj1M3bqileTYIV5Leyh
+PgoXCRyteMyNjwTih90SZPq4dLPx3Mf/WNG2/hXIkC1AvFXpp/u0iuwlw7AO
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt10-key.pem b/openssl-1.1.0h/test/certs/badalt10-key.pem
new file mode 100644
index 0000000..e62c0e1
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt10-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNu92PoDZIXgPC
+H3f87JomwNCpnrhChmbC77+FZR1wAaDrWJYu8JH8mT3sR4FFHTXuk7vXXu52Awsf
+4lqEna3Cpfv+QQYhXC2O9gbqpAxdr5gvrp/M+MpB2vnaidimi+4/Li7IkjwjpPfr
+TPm7wmL+KNcDwbKA5j4OdMr16UVUe+PO3DdvYeAZ2QtQTF7sFMxHsaWAsu4thkEy
+OA60PqDdTrCFGx0vakMa38frxk2KXmTpEdjG+jrTxBwhqQrMTQg84TwJpR+o2sU9
+pApIbgFpKpIRy07oGt5Jl7h9qzgTqavU0YQtpD4qXLjnCHZ4XsaL3Dg1SdF9Ka5E
+tz9dCt33AgMBAAECggEBAJzXPb+C2h8tXRwetXCiR5qHoAvPrpU4tRqjf5SIU3rS
+IwWIEWZTjFfP039Pu+Mes8Df63HzM0PQaiiyfWNgedlMhOF+XNgN18WHFhrHWY4K
+kbC4Jacze63c7GGIeRvuzYBpCs1pfmOGHmLJ2hEjzigIpnJ8tkLCREjtDNWQMoSG
+V5LznbgZ9S/2KjyvTW5ff6m4GQH3BShPPkFDICgQTulwdZT/Y8SDKx5+qX2RAtjY
+RguaaNSKQnOHroF+FPNPMUsK5gLZLWIdIECTi6YHaba1BThKzeKFKtQ0lWI5ebxg
+R4kzEPFJmEHbNplxUHSkY4ZIsWK9m09Sn72IrmVY6fECgYEA9e4+w2x/YLtnfwYT
+tVj+kR5MRTn6t+gOR7o6lsWGvkFqwSi0syfN8D6u3KeoYORUUY7ISCFJgIag5Y5V
+Hp8T23O4rRcWuoAmolxNyvYiUYsVdflDbAZFKMSvrAv3XlRRf0vJYXym32k8KAhx
+1qo1zTl7THWM/skv/SF+VMItnO0CgYEA1ihKz8LbtPcbsOaivJX7cXVf1AuRty6F
+lKX8QIGg0ppq/EFkZDWg7+OCVneO53bFVDDqKoiM4Dq9+aA6Dgx4fjFof8rUaCet
+H/isEkjcvEmG2a71PU/moamDuZDu8yRodUl4zyjqthQgc2n6ryV/ZIU8vNZmjpIr
+EhITW8/mbfMCgYEA7UMjpDA5l55VlDPNscihGGpNlQABxYmItWSSf8EjZMwB7UaT
+RsChKyWeV90cUhYWzvRcf1I18lxwP+eYcUlxw+eaBMvgrp9SJpO8rZHWvCrd0opf
+pIlMEa/n96k3xva8BX6dU4MKD0IculajVUGzVEIflT1XgLuio6i7k5Qeo2UCgYA3
+I8SvXbKIE5/Tmm6IM+27tsbnp9rq2VWXgm1Chp3L2+pz7LpWeuBnI6LpdHsc6Z3B
+IZ8JOINdMIK9hR2thFR52WrYjHbIIn8W3kYfpxb+e8f2wG9wS+RL94NtAf4kKFmk
+6TfrztMv8lqwnLbo5bS5QvzyehmJ1+SzEGhfmVXxNQKBgQCULij+SMWsFC/gPJHh
+BCnx12Dx9t5+qE4vrjtNumCCnj9i0nRPludbWapRfHyfe0WlhpnnHo2OTFcl3qna
+wBln8Km2CWNsX/QeosZBPr5KAakfD+l8LieK350t7yE1LEboYCZkBNCG2gJXIyTs
+o5DsYNoxX/IWq2EbB6qQ3Cys6w==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt2-cert.pem b/openssl-1.1.0h/test/certs/badalt2-cert.pem
new file mode 100644
index 0000000..890c551
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt2-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCy5dZH9k2pwH5jw7iWD1TwOIqtmkNBOGDDk9jKvovm
+VUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E7/0yqjIesNPVvqzn2wzuii4VsfDn
+qN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQHSOHNgzm108XfpubuqleEy+ykHhX
+bgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHWQDWKE8TiQiGzb0sXWdkXvPt+zGw2
++C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAkekUzu/dauhHY4aGRoX/EsDTN8K4F
+YtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7CNiSo6WMzAgMBAAGjgZEwgY4wHQYD
+VR0OBBYEFPIaUwk0/m0BQNvG30Cm6oNqQFIXMB8GA1UdIwQYMBaAFLoDn50GJKRX
+5nP69ToJ+bqFzKn6MAkGA1UdEwQCMAAwQQYDVR0RBDowOIIMd3d3Lmdvb2Qub3Jn
+ggthbnkuYmFkLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29tMA0GCSqG
+SIb3DQEBCwUAA4IBAQBjicKVS7UDgLCb15ucoKfnrVGvKUs7XSKfF/xae+c/2xWP
++jCCqbilW0QhVuAYyK6GgVO9cG3PKhCH/Us2Az0oCzwLXibRHcDSRfrjJJ9uiofc
+f71p9AzAtRMlSwl3UhSLS8xbHLRbniNXi928+1iMoKb8Ua2ZVHzF3s/T3J26EEkR
+D2DtWq+y7ETlTPS/GklldW1x6qzWRgi4IriApX2taccJtFhaZH/Ih0XtnEWkmtOL
+dwsadu9bjbLtUsFBeW/bcRBqZoI/7xbSxVwHVXF2MZwHkdFuq/3eJE9RXVGpy86+
+JXOcEouXyLAVjj9XCWLW8ilVTkYE6EmUvKSF4aON
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt2-key.pem b/openssl-1.1.0h/test/certs/badalt2-key.pem
new file mode 100644
index 0000000..895900d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt2-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCy5dZH9k2pwH5j
+w7iWD1TwOIqtmkNBOGDDk9jKvovmVUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E
+7/0yqjIesNPVvqzn2wzuii4VsfDnqN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQ
+HSOHNgzm108XfpubuqleEy+ykHhXbgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHW
+QDWKE8TiQiGzb0sXWdkXvPt+zGw2+C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAk
+ekUzu/dauhHY4aGRoX/EsDTN8K4FYtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7C
+NiSo6WMzAgMBAAECggEAe5D7MBt1S0H1Ss1+as/OOFqllwGNYLgjRhOR04BHu2G9
+Idjp0tcQJRBD9aMxEMOQKLkjFLtQ7aYJD8vAFMWv9rjmqKWaYk9QIFd7O2r73dcq
+jTTt0l9gjZLAhMzELO6680M/Nd/MeFf2UV1/E76GrM+dBrphmvAUWjFgabMWHDR0
+vFmZW46MGyDLAmihSYXXtwamYxf4UHYC9QxW2KNu1l+llalrRqzT0tQde93W+lM7
+fZBXgjdLayqdPpYhKd6QkEfVYrgtkuZern+DlIhfQcBwVqj+2gVfO87hFVEb5V2+
+Rt4v6xpL2Um+MvojE1NO353WPDBFMYOmoMjSBL+CoQKBgQDXzk0ke/+ZZoOIWLfd
+z57s9HyoTbiUHNELIhCNjJmpEVMlUn6TSRu8r8s4EciOb9yj4j5dr0p5tdsmP0eL
+KJZyTvNlEsq93azCuzG82Z+963iqq/1msncjvcbnIll8kGwpr38sLAN/qjc11/o1
+gLbWuiztGyTPuFtM/Hy/UvkV4wKBgQDUN78TSEGzuKDtyuZNMCnvSJdXm2p3XMaz
+d52ooRtZ0REH/MGMFW5u1xJxnDflcgnzXRVq8xaw3TMo/3Fx+Op6PGq8zVEwGDBQ
+0WQqBVB/b4Rw21Kf9fMVMtXvOxIsQcdz2583s6Lojr63H4P11fF60EEVmEW2cXs7
+MviuHdt+cQKBgQCpgS0ufwbgYpjlu2mQG8fkrpRLTeCw1YGMkREXXVxEY4s/QXCS
+F1Zl+l5QiAdTeaGAR/BcfZatyp17iTCUqSiiWEjtFrmQMFHGEmqavwStlAqPY9AB
+niPeOu3EFkLbiESs6V+mPlvxJq1+6UlqRNNYDZvEERH05gUwjxEc5fsnqQKBgQCo
+Q2cqJ8GIeVyIDreZ/hVR15G/8cdxysr1o2MLQGpKRb0mQx9HLfr4wWirUfzz3P7M
+ykJgIUwdgdW9rQRLJNztfJf5CSZVZuhwPAYaV0pjMI2nWg7iLAXICh2caI7ZLnKx
+hzJv3OvPTtcipUdhFXg5M4RXVfv4U3QtFRYeIChX0QKBgQDDQ7mGmWkuR++svxXG
+A5ITe+7RBRO8kVhXEGYQbIiuk4fM2ZXWnw/MwMVX3cZRfL2DPVmRa5Xcgs9OLwQD
+hoGqX9LBAkyB1p+ZBqNJaHa86awXR01gWNPW7/GJTp4Q7V4KkGvjIbWVWH/7TpMe
+d6YkymUz7h0qMN/M5nsB5Xg4jg==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt3-cert.pem b/openssl-1.1.0h/test/certs/badalt3-cert.pem
new file mode 100644
index 0000000..cd44b22
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt3-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzAxMTMzNjIzWhgPMjExNjA3MDIxMzM2MjNaMEIxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
+DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
+yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
+YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
+esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
+ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
+sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
+I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
+IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
+EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
+b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAZSDs
+XlhVEqGRU5Y/n6EIznEBdDSMSxjrZ62Nf4rWzrQGYT+R9CjUQra9/6wXyjvlTZZO
+w+BP3y0n2vH1TrCP22fA3n4Tw8WoJfq4Sb3x/eSgTlUYAiZvHv6vfugC7y36c7xh
+3dCgKWCDxaAplRsMkXIQXgfCNp360Z+OMMeNpcpVnxnp3LfMKCpsDWUKuWvN1AJE
+mi1VCWQuQIC3vmiZbZc/YKF1kAgUHxCnqHcLtU3GAZUuCVyNrdWXk8IjzjzX+ZpN
+qr/RUVVZ4IYDUUiGLHW2AvpVv9mt+SBspsCDXyiAf5O6xdek+tiTYLmU9uUOmtJ3
+ndvhdtnodLRvtBeJUg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt3-key.pem b/openssl-1.1.0h/test/certs/badalt3-key.pem
new file mode 100644
index 0000000..398b52f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt3-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiqb6LYFYj1uPe
+IVuzuDL1bfV8+xlrws67I+9yVDiHslYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYf
+LhF3LQUvXyON0LkjkZseXVFLNokDBXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByC
+IVUOpiXBbq5FtsuLhquHK0yAsY1gJYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn6
+9+s3nGx9QheboiDVTWqynxDQn2W5ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdns
+AJ/pN2Yc3ri53OPodTkmrRha31N48TA7st35XepAk4vZnSq7cml+85xs8Az/OZDS
+HH1EV5sDAgMBAAECggEAUIndN2NGo04l2vkHT4/XY1/DWdN1/b4h39TmHOSIbN+m
+9YzBG5JcbKjLgXqEpA/uMqqAa9sv9ZbEDkIgEbLvy0m+79u1n1/bvwgTVTs2UZGn
+oeyyBuB2bp6pF2y/duzHctPdEJvh+w8vYlsgozUuonyruwbL91SBn1aX9Wx0BHMk
+rReJHuLxnGGgUVJzmNqKaGKBpuBaLhpytcIuwkNErDHUfzyxDcpu8IPo70jCafrE
+hlrbs9o8vKcnWF3XZ2LVPdrF0MQeXfvOPc0txiAOU4DQ91gsoZsVsYJCXY4Qw+4S
+ajpxidF6nQDtRtB/aTq+OCMzCVGog6V8Mg7VbA8u4QKBgQDQSHDEBgvPfoA/6Sxp
+uzFV7T0Vgl58oV35EqPFl81cBUSwTElx8ueP4kK00964j47Qe/N5TQOzvH+rxlGQ
+cBgQzG3W83c9HmfHjdx6lSQIruRW/HwqOsJtPcxP3XyxSO73+hqwf3hsOWRq74Lq
+MHcgvWZ1iy/A0smVQu2sDLDk8QKBgQDH7b+FbKSngDZU+9uEYKkPpmhh0qGXVgSX
+1W1BKYxIKd2y6aDOCxZJDTJGNBMpVdOTm1VNrL2J+cF73XOJWaG7KnSbxl/tkrS4
+9hwJ+Ut2VOumFWHEUqp+nxLxwJdCtA2f/YTNqJPLj3GiGJB+xp+dZr4ARn/+P5/N
+DC5G6S3vMwKBgQCreWg1ShEBI9FsTIi/B1kHuAgZJDqr+qIGQ/1G2MI+Jyw0xKmW
+wXc48vseKmvroGzgYZvCWtBYcjDd96kA8/gsJFGtrMWXMOgZ10YUOaLv7ySYJMgI
+cFXPYBhMDDnzLutmhqbgdiFrYBi3HTa3nW0GLEglL5EB+8fwNai8g7pC0QKBgG6A
+su3NGcjW7bDVMASf5HGY+XKwF85spcdCGMv+aeHs+fOMe+vGZv/jglkZKUocfP/F
+yEVRZ8WePNn4kYZl+yVXFvKOl7DY+HiO1vqQRqxVzZWTleEMC95GkBL87t3YZPt8
+BW4iceX+F8GPMDZSFCDMi9HdJZtikTGlPOLGuTPPAoGAAjVUGfbNqnpQv6aDpyWX
+Szd2uA9TzBCkh1hf7x4+E/Wr0leTGgXVez9uNarfpnVfgHTDv+OYK+Qnrq+UEHQr
+9xRAgXLEZWXPbkUakB1o7ZW52MxR6C1zZgitTZYVzeX0EMeWc+1Ujjwe7Qu3L6RN
+kEI6l4ZQL9buxDhqXH1UFbw=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt4-cert.pem b/openssl-1.1.0h/test/certs/badalt4-cert.pem
new file mode 100644
index 0000000..3c041cf
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt4-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMEIxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
+DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
+yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
+YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
+esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
+ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
+sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
+I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
+IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
+EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
+b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAiF/+
+jEoLAFll7JZN9PioyP0i7EEYCCVc7omFaKnIV0A9ZfV/TlHBZH/IQKdUXbSPF6eF
+4UwOQbkc2gwYEliNsU+rw5PANBEwPhCGKBIClWhReIzQqY8oTRxKOpq3cHd6hsab
+P3NYRUtinFdoOGlUHQQcql3zYwD/guOvA/zG8sR58ed9Fd0gt3OnSEvUSiR4e9bg
+gbqgSYgagIDcZn4kEJWVHQGj7lA4ot60X3VYk6vWSB/RmWqbmsGxzoNayGWaCw7l
+CuipVdk9yi4eROoQAxWvVBDz+7Q9CF7j1PkDMYB+QwiXwNfGplOMAWv6nQUNJPs5
+dIn/eeha7QWrqG/45A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt4-key.pem b/openssl-1.1.0h/test/certs/badalt4-key.pem
new file mode 100644
index 0000000..aad778d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt4-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD7yQbYxTDmAxcJ
+zHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gScYYqC96IrJRwt
+g+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXyesNTqmUvUS6u
+XMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37eucymsZucA6pZwG
+iJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrqsjJunJA9U+5y
+++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6TI3GC4vN3U9Lv
+ZrWTj26DAgMBAAECggEAB5KFLTHJBbHkGHxY15xnEM1Y4zsJdE80QGTgOf3ua0Ws
+mDLeA6+EkqmT7xRYlyJbzyQz2Tp/WxLTpR7JmupMcwyUPykCuSRs0zoJDHzGO/dP
+TSOISCBUoacp1+Z+7Zc5EtDUXQjL4D9tyvqpUHKrFZkzp7TaOX6foYxg4TGluZxo
+RDp6qlAOzZJiAcmavgqPpvfgbkNs4cfdh9yu7FDX2Orqa0pQNsPDWp2VyOkDEPiR
+7LTK0OxQiHLdBbLvjiW34eElyJl2tJhCb08JcRrfbYpeS43j0rOcyDJQZX6tkpxK
+BJwgWVwqwuKBlZyGT2inASNeqON1tAGWhz59cWXcyQKBgQD++LSllDv7fOZTRKgC
+e+MGbkCKrPgjUr9NJgcrQhQ+kxE69E3p4iUtj/YTwIc23qxjuZ+jyG1wOFIULRYz
+KjBbuyEugfmcgWtFWeJokl71IHBk1QUT4xlSSMvccs8pTseBCdVWIkPRIc4qeGRB
+3RCPrJmmcvsJ7gnYPFfmKL1tRQKBgQD8zQflPYNLPgGPNaCbFiy0aCNYzvd+4ETz
+3TsKbmITXnq3W2Mf80RctzasFkTxM4Kma2fXbDNt4Z26s2x12FuEg7oaKtGKZBy9
+anmg4u4Cr1lk9BSSqlQeKsqQOp0mI3hyBW6v9CDhgCbMbKT6DgskwZpQjHLPf8UK
+DCfJ2Mq1JwKBgFuy8rVCNLhj2SpFXO9XwvSDHm9BehSqI+cJMDbckw9WMTI0vvjI
+vno+dk/wRDD1sKZFEicDZGihuNNMy9km6TF0gaCKWk1xNjVA+G6HheM/AW0iN6tJ
+V8gCKl9kYyEGFjZQZQuPUziZod4gYl5VtSkW+EOmwqZ1l9DPEwXRzR7JAoGAAu2A
+9Oe0eI+cRwNQ+9rS47f9CM9E0IRaaBSc1W8X1a+Xbj4xtLIFjalVicKsQ7rb/X9q
+8XTAV7pwMDRZwjeiP7Oi2SC70oV8S7lK9VELfp53Q5MMFfLBDKRkOi1jmoh4oaFs
+eb8zDkmEqYNsmbTF7kQLvHkT71FEf+xKHa1UE6sCgYEA+9bRKxPgngVA1qAhwrDM
+jjODdUhrlJZDZ7oAVs/CelAO6sSXZ7Yqyujs2YonuQ9aUiLLA/b3b26XEqW/iMzG
+onhxrQXGlsvqK+V5u+x8yBpBUj9KBw8RXBtdhPEl5iRIeQ17xKRi+9WilOuhwdKJ
+dlpiKXP638lF4t5jvaCy28o=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt5-cert.pem b/openssl-1.1.0h/test/certs/badalt5-cert.pem
new file mode 100644
index 0000000..bd67898
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt5-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAjmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCzgx886aURB161wWGRp4rr45Di4KhS/wUUSaHTQo5n
+9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45D05MJVvWsz7M42lA8GLJfKIX90aN
+PMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiAYuoGoT0gjOEqtoxyEu/buXgNMTdt
+lZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206Umsna7uje5tBI3CwYy0OD/XVwnSEx
+OgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//INa6g5ArJy6TCy3IsmE0hCwteaHKB
+jcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3GjdSVbdZ6hNAgMBAAGjgZgwgZUwHQYD
+VR0OBBYEFHecitO/eIltLUNkgT19Gn4TVkc2MB8GA1UdIwQYMBaAFAjRm/nm1WRw
+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn
+ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEfwAA
+AjANBgkqhkiG9w0BAQsFAAOCAQEAOBZXBSNNAAAaII+l4mMoeXCpvofbaHuNlJur
+G+1uu5ra6VF5Juc5/uBa9zVQa2npe0kKOtx8xcI6QMQW+usphaUEh8t7AgR3efyK
+bsSKPnGxXtCSaYZIEiwFyAFTx1idzZixEfHUHTO+LQUwNTskDGCWK46V1P1wL478
+jXikGqc76DSmOXTc93asCMxCBIbHN7LLJIRhbUpiL2JrBPydzERPVoqiEZ9SWG4p
+DB4T0hHq5FUUnR1Wg7yQoClhyButeB4A2eGwLjhpSeLeXo+w6ENlcm9Lp5rOhbOo
+xqwgz6kUtU6smxWv0HruLT8Pq9hIKuPz6DWG/vIpiSLwz4B25A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt5-key.pem b/openssl-1.1.0h/test/certs/badalt5-key.pem
new file mode 100644
index 0000000..89cdf25
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt5-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzgx886aURB161
+wWGRp4rr45Di4KhS/wUUSaHTQo5n9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45
+D05MJVvWsz7M42lA8GLJfKIX90aNPMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiA
+YuoGoT0gjOEqtoxyEu/buXgNMTdtlZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206U
+msna7uje5tBI3CwYy0OD/XVwnSExOgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//I
+Na6g5ArJy6TCy3IsmE0hCwteaHKBjcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3Gjd
+SVbdZ6hNAgMBAAECggEAcNWYiwcptFx3kbNuCsnPLpqp9ZHU++ZEYQ4vY8VQEdTT
+00n4Ep+ttpWe43HxwYJOktKb5Yf5p2j6Sa9vPbm10mx0qwC+pgzza0al9H5/oEN2
++zxqw6Z2u5d3XmxIiUsGdly6xbeRBZrLq1eBVo1/CLjEx75a5VE151zbMx+egYge
+xETVRushMINQwkMbVUQp6MLX+M5eqEP8c2xyzPVEtxtxpu4yxZWbDuFezModhdvj
+ncV0QTBvlvB5Eg+4CeZiOvgu8ulnNUJsYGvMGCK8b9FwJhpM1CVtmw070CnRL0hx
+6Xrhgw26oAUmxWkvzzXsgwxAZFJMpM5Rg3rwrNDzWQKBgQDnR9FIh24gOK6g9dOx
+i/LVKFZ1V1/HVXTXiBjPHwecNkBXLLlgE46fxSHd1mt1yoHnyp3qOXbCIsqnk0S9
+KyMN0y7YG0P6QHxdrnhhr2zsZaVBEoLXmBn7vp6M50xt/Je4qvOGwkPTrU2Uftil
+qMIexti5oO/tOksmWw0Bm0R0WwKBgQDGsthSr9y1zpACJnu9rdMkwqZoxn8n7CPN
+y2L66WSpCopBKighfvn9ymOkV07TdcY9PEo/Yb5G3jT23trY2GOd6EYTSa0S8yDt
+lslXTzZJGAK+RiMf5zHBwIS800XSBqXCjL+yJ3w0sQd9uRcQr8XjIJLZfbT10sRg
+1jQBMK1WdwKBgQDJdsXXaCGF79ouW/ULs9zT0U9+552HBenB1cvGoEEA0kE5rrvL
+9T1H73CQzTbOZJjEULs+TNAmTCg70Q0Pu4PNhyhHF3kfhQzQjipO7YD0a5aIGJfh
+NZ1srZ9vHgx1wpJnSoLX4GE1AsGRmO0fYOG37X7cNFTLUPwlbSrnO1lmAQKBgHdR
+kJve5X/7wfi4mVgnGQMbLIkAof0cTcfYGeEo5HyqSqmlIiIzOPYRYlKe50QOlnPR
+T5jOHlA6Qb35x5uuHewGPoZ4mMknXR+vi8q1U5kDJSqTvaX71KJP9KXbjTL5MPMq
+SDc4hNqzcBcsXdB0bTXeKrEWTuPLpIeuOd55F64zAoGBAMooy318nDZ0c2Qek3/N
++SN+cG5tLH7HjbI9C4XBYVbxXHIvg/nSzFRxBbC2ZFetJ27xvweM1J/Clk7d1Lvq
+PM7fcVgcc+ccHNM7KX77k0/J+FJF1uNsj9Rgg2TFveLKbtHfmaZd31k1HIYhSS5E
+a0BZeU4ZpKQJxpf8YbXbPi2Z
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt6-cert.pem b/openssl-1.1.0h/test/certs/badalt6-cert.pem
new file mode 100644
index 0000000..fbe040b
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt6-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg
+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
+Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
+ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv
+BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
+9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
+7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
+6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
+jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
+1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ
+MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD
+VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v
+cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a
+YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb
+JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB
+2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb
+WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk
+zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By
+GH32QmEN5o5jZQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt6-key.pem b/openssl-1.1.0h/test/certs/badalt6-key.pem
new file mode 100644
index 0000000..203a4c7
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt6-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv
+BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
+9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
+7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
+6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
+jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
+1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3
+UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq
+2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH
+/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp
+rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+
+b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc
+kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9
+x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1
+HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU
+fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec
+hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2
+eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD
+DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE
+48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh
+F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9
+p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb
+iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75
+4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z
+ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo
+R1UfsJugW9Yetsqd9WB6q3ln
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt7-cert.pem b/openssl-1.1.0h/test/certs/badalt7-cert.pem
new file mode 100644
index 0000000..b515ba4
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt7-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw
+OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
+AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
+ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
+eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg
+QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9
+GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh
+1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi
+Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf
+UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ
+2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw
+CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv
+bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB
+CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY
+gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az
+uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O
+WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE
+phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex
+IL5WuKFm0XSGKTX8SzyMGErMGeriveL2
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt7-key.pem b/openssl-1.1.0h/test/certs/badalt7-key.pem
new file mode 100644
index 0000000..50557e8
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt7-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP
+Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk
+l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7
+dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv
+OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb
+uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3
+3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB
+We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF
+jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA
+mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul
+mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk
+yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH
+NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM
+oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3
+LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET
+GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2
+uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS
+CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF
+M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+
+J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4
+Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3
+t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x
+s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt
+mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8
+M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA
+cZtQWiEyaf026DdR8YBYn6tf
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt8-cert.pem b/openssl-1.1.0h/test/certs/badalt8-cert.pem
new file mode 100644
index 0000000..2056060
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt8-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowUDEi
+MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgODEVMBMGA1UEAwwMd3d3
+Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAp5T7voqwIiauadaESOe4RMhRVU9tHp5JZlz1yJ7ZYF81
+PJJ9XfERTCJQow3BNRbVeXEyI4mvMMcuFwd5cKqy/gP5yfEV01QbpqACKhIK90Nj
+9fM2QOiYE81FmvQzP6j7QFYt0E6J4kupvj0D8Z2Nri0kXDGe5+hbgLPkZvnh0vvJ
+Ck7AEQ2iqO4Npe4uHoDx3GXNo2Jb6BKNf+nMsJPLo7sqUuZA0/mFDVPNRvKfiq6b
+ObFUdbY/qPVPHk9VBWZuO9etk35G2yTSQ9KiGRNgcoWQAozAyLRx0yECHZEbrZ5J
+JFuPXO/r7saqNuV7L8UpR0Z0SpyXKs7suLGBpYnO/wIDAQABo4GbMIGYMB0GA1Ud
+DgQWBBRkrc1ZEOlR+93o/6EPrgFeM37AsjAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
+IFVvC/wUFdejsjAJBgNVHRMEAjAAMEsGA1UdEQREMEKCD3d3dy5vay5nb29kLmNv
+bYIMd3d3Lmdvb2QubmV0gQ1nb29kQGdvb2Qub3JngQxhbnlAZ29vZC5jb22HBMCo
+AAEwDQYJKoZIhvcNAQELBQADggEBAJ/gHSUGV0LahCqlFzhi4iP5JTleZlhsqOQd
+S2I6KV24gC+Hz4NHv4XhYv9mqZbivNSpf6+TV+77wcncfmkeAGqYMVXVt8DlJ7co
+NiKJZu3e2InmhLm5b6cYRidPhPEM7qYpxIhjpia1v7U83nNWvwEITmC0H0Qp3Cuf
+dv1EjAyGZsER05jBsy0qqH/64+djqd92zKNKCEaWXkTlC1XE+/PbEb94X8YbQaUn
+/wpvioqQ5rv+Bk2Jss23DDh0zOdWrCbKPc9BfsWCfLZYfOAyn5iH1vNdCVd85ggJ
+YyHBQ4JiF/uqkHZ7iQJ1QinJIJruAsC0BV0S3mdGgGQAmTT3m84=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt8-key.pem b/openssl-1.1.0h/test/certs/badalt8-key.pem
new file mode 100644
index 0000000..1b5cfbc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt8-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnlPu+irAiJq5p
+1oRI57hEyFFVT20enklmXPXIntlgXzU8kn1d8RFMIlCjDcE1FtV5cTIjia8wxy4X
+B3lwqrL+A/nJ8RXTVBumoAIqEgr3Q2P18zZA6JgTzUWa9DM/qPtAVi3QToniS6m+
+PQPxnY2uLSRcMZ7n6FuAs+Rm+eHS+8kKTsARDaKo7g2l7i4egPHcZc2jYlvoEo1/
+6cywk8ujuypS5kDT+YUNU81G8p+Krps5sVR1tj+o9U8eT1UFZm47162TfkbbJNJD
+0qIZE2ByhZACjMDItHHTIQIdkRutnkkkW49c7+vuxqo25XsvxSlHRnRKnJcqzuy4
+sYGlic7/AgMBAAECggEAEnrYZAOxNqLjWuKABfYfmN4qMeknVFgKKhKYO/5gZEM7
+gKl6z7A0wxuJnuF2a99PvSuhZs/ZFNzyFTIKz0TTpjVUB1Phn0NIJVDBzFffA7NX
+w5iFZBUCKDTbtyG0wRFmW4rlVHJEvEKxvjvGQo+oPwvVVaFXL6Ws6X1s83oc0AIs
+U3NKt8Q69o5pMHUo4Cv8Lgv41J2dfmxqf81FPLPl8NO+E5zV8OKT1AEisYh98P8R
+l7E6qWdPVv8hbqmtpXx2rDvUdooaNZPBczjbb/b6zdqxkR3Weu6xBFKTIJAsb7hi
+QI/DNxRTKnlDt8QFZi37KwkXAtSIQb7rjZ2OVOGfgQKBgQDQs5+u1ufRxi65Vw/8
+lkVjuB0L5+2Z58HlNrB8+iXqh9eovph17Y23ADaCUGEgEUyK3SfA2SFaj0C9nGtf
+SgqI2btQQm53sYq/MDNxKf9f0hJ0K0EK0LVyyl4fmGTSexrz+sEYPmp27/RhFSAR
+f+uccT0lI/V1V8NKkSKAK30zvwKBgQDNj7FK/+ER7e1+gE5CWKEimOPys3hd91Il
+2hNWOzllPtOj5C9qayG18XNYZm0+YqQtYZLhV5REMxY2sNtpfMxtqkjUrZnuaqy0
+thhQQP8BRS7eoyOgZ4lAvizsroAqvM9Hqxu7EMspBVLvKDoyGf+L4QsvWB6A7K9q
+4EjDrx00wQKBgCxh1paG6zuoKq2Nfz/W8SC4uaybgOLW71wAWl3pkICkrM8c4S1K
+/HUrXWwvDciVBTMOvvJ6+mXYywrHpenYxA7ARt5Vkkpv/jKUXIw3QzCsavI7dJSJ
+N90Wfhe3/9DnDx9NdxzhwSBT/SNcK7qs+n0Fc9xfHkb7B/Pmk3CwTurfAoGAKlf7
+MXPcLRFR5skPVeNj7fiInCoUFWco6NsvOIginpR+jDgo/EbtPslp9T/EKSGwqBh9
+ZSXhSNstLD7qM6Sdh8mYDxdjqhUXVnJcN8vru5tAuGPqptQtFcUXA/o+NI+IMz8w
+Cyy+bMjH+LPUqRVp6qqE30/LmMsop19kHcsovQECgYEArGQs1WwBCkKCyjAbUOXF
+m7pTgqrVEA/+ACrB2/4lCNgBwRvo2/b23pceEIekfcfzlJnsy0i73Jbh6OV5yk1N
+Glq+druyWBpK6Ao9emVeLWBJVinSB7WMZ2XPPKEUHVQkYSN0rMuBisEa07lai01E
+RxbCxTFtyUMpmWzDwgiwPbM=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/badalt9-cert.pem b/openssl-1.1.0h/test/certs/badalt9-cert.pem
new file mode 100644
index 0000000..f3d7820
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt9-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowUDEi
+MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgOTEVMBMGA1UEAwwMd3d3
+Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9Y+SgizcSJ9TIHvJf0k3cnBDWx8xJKurrmpiuvQMl1YY
+lzmI4Qxojr5CRDSvCZh50xtF4CDMXW1MnTtYelFhfSmQ09M6lyfjMF+hrYTFkDMX
+Rz8WhtN6/YP80xuy7NuhsA00/hUJKqsAKT8ggwlf++0e+L0ELiu9dmB46zaxWzr4
+z+DigvrA+O7xrpiD/NscLNK02uIURKPKqlPL5LxUenC9ROFGNAIYJoWzsjxoVD0D
+X4bf0COBRzGlLFUHN4FY8LBwGhTcQ+hvsYn0JbT913daX46BuEkrT2V2plCsFDXz
+TOtKAHEBm/U4slrp1F3CPsXeqdqnB+3Ktaj+UQ5ZRwIDAQABo4GaMIGXMB0GA1Ud
+DgQWBBSauJ1kxBbvxrSyMER4Eh+hEnOo/TAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
+IFVvC/wUFdejsjAJBgNVHRMEAjAAMEoGA1UdEQRDMEGCDHd3dy5nb29kLmNvbYIO
+b3RoZXIuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA
+ATANBgkqhkiG9w0BAQsFAAOCAQEAGrRJCrSxYLrkJ2MUyaMmJTrhfijIw9ZdYRLx
+lkCeW+i6qIV58JQKZeRQVVRJSUEV9OGWn6/46xZZdZWpJIab0EtoNHlMQoB1xni/
+1D8+gyOdiWy4jgg83arMMulre37T256vOGtNOu7PpDQCoPWCJkb9xuMt3RJrK8N/
+tFYB8TvWATtY/LGzk9Tmm+C7hNxsWx0l+ewxlqdHvpc7xwXuf8u7Ise0JkCDi8NY
+z6BxnUyWJ83G20npGnAWXJoaXNDcY0H75dGni3WcRPTAayboEr4xjR9Xqiu3bzlZ
+eVdPGwLwbgkvj7NDCQDphHl0HseTUToHGJrVj8dbR4lV10gogA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/badalt9-key.pem b/openssl-1.1.0h/test/certs/badalt9-key.pem
new file mode 100644
index 0000000..873bae8
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/badalt9-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1j5KCLNxIn1Mg
+e8l/STdycENbHzEkq6uuamK69AyXVhiXOYjhDGiOvkJENK8JmHnTG0XgIMxdbUyd
+O1h6UWF9KZDT0zqXJ+MwX6GthMWQMxdHPxaG03r9g/zTG7Ls26GwDTT+FQkqqwAp
+PyCDCV/77R74vQQuK712YHjrNrFbOvjP4OKC+sD47vGumIP82xws0rTa4hREo8qq
+U8vkvFR6cL1E4UY0AhgmhbOyPGhUPQNfht/QI4FHMaUsVQc3gVjwsHAaFNxD6G+x
+ifQltP3Xd1pfjoG4SStPZXamUKwUNfNM60oAcQGb9TiyWunUXcI+xd6p2qcH7cq1
+qP5RDllHAgMBAAECggEBAJYazkcOnxUxd0HrCU/qdJ9aqoG//m1ZFxgF5hY76ppz
+wZJnVBmlWSCwgpdo0Pp/nzCBgmQwCFyv3F5ckYgryPkWeHZTr4QImOLQAmesOowb
+/wXJNb7y9UKU9O4jB2usEhko6ZTLTRAs+Ws9MGWJTIgV+ZG5ER4cFLOQ4zl89Es7
+/Z9dQFs4c9SqLfyEY3kbXqSQ2uwbUPvZxk22gEmT1OPJGCLAV/fVIaHlGMwacvDV
+W2xqNd+uhkqm2ym5u/ROKOCg0jNDkbyHvfTaqCuM1um92nV5kE+JdPiZvAF9XYsf
+BDWCaYZW7b97drptp3LOCCptjNAqXc0PH8inVvqbjnkCgYEA/jK6BnXM4lzlLUPt
+Bzec+poqyS6uUjP81Ug5CRP5kr+H9GkpBT3iUIU73S+F6Tg6YpobiSP4vpp5kB1p
+iZxApte404EtVtOd1M08fx1rQVnyc8RjDENvYQk5hefOg3DrJ28iQzN/c+m8tHfb
+OjBp90PFDGSsVvvQjJlwtB5oj+0CgYEA900sE2hBGpm5jXgER7CaahcDnHp9qSlB
+lsQYDTDu751V11iRyUVUqZ8IzmgOu53vXbuCpfuQO0H2aFhbe16fCk223eLPJHWh
+cGl3FUeLi+uwShMiRWAikMSQ/fUxoOfeal+N+VgiGYZtT7u2s1mpm83/mw3J/gaT
+CQI19A67H4MCgYBX7xZZC8EvgTEqYngJahycuF4asFJPT3qkEVLhqA5KzITscMBm
+9sxmTGC0GC97yR6xY1wpKc9vqCJrTzFmEC5xSOjACcy0X4oWxlSqKHQk7Eep8oLN
+CDrsV3OVteXDpHlEb/ZrRtJNN8s2psuoqnzNs5zjt6PCh2PSb3YEaQyE1QKBgQCp
+6VfzLZotkJkwXdly+B/f7FgK1w4nf7UUxT5RMeG4uD0WbEAeLYhx0lbWmiAlP+oK
+WJ73M9RxIm0OXEbeiLB0/9g4s3Dm9/snpQ6wjCuQwyqoemT9jYOyO5vzINgsWaMz
+Ktv9CVTEfNv2AF8S8vPZnLuV6O9znUjA08gGG2jtyQKBgBisaBV0L3zTllp/KxiN
+rFf3u42XibhfTuiyaJtUDQftkvfW727nE4nTZ9Q7uVXuK4xdmihfA0htsMbHX7Jc
+1R6SzJ8x8T/2HXsiHLubqbANWfOYxYxlvmfZ7/Bv1GhBIq4d7A8a/Eyz34j9w/xs
+C34TbBAlm79KVANPHT+CJoR1
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ca+anyEKU.pem b/openssl-1.1.0h/test/certs/ca+anyEKU.pem
new file mode 100644
index 0000000..36ed837
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca+anyEKU.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wCDAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca+clientAuth.pem b/openssl-1.1.0h/test/certs/ca+clientAuth.pem
new file mode 100644
index 0000000..bb94007
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca+clientAuth.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDDAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca+serverAuth.pem b/openssl-1.1.0h/test/certs/ca+serverAuth.pem
new file mode 100644
index 0000000..a07c777
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca+serverAuth.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDDAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-anyEKU.pem b/openssl-1.1.0h/test/certs/ca-anyEKU.pem
new file mode 100644
index 0000000..241d7b4
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-anyEKU.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wCKAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert-768.pem b/openssl-1.1.0h/test/certs/ca-cert-768.pem
new file mode 100644
index 0000000..0c8ff29
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert-768.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRDCCASygAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD
+DAJDQTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQC3wNLc1A9gAjz1H94ozPrLOhE2
+R8c6RQjkUIALCOuw8xbZV+AEDSqP11Bw8MVzvmpksR9s1idJhLOugwMNTHfTXJjV
+DWoQh9ofR51J5sOph4yDhQBXRmiuvqMDj+a81UkCAwEAAaNQME4wHQYDVR0OBBYE
+FKrzei/LKJop6yShiJupKskW0ZQcMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslT
+nE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFr4hjVtLuZz
+gxLILAOREEtanckfnapUrhTLukog9Q8uzqMUE+YDEhkcP4YAVjcab6HaXrbcxXsn
+zn+v+GPszD9G3doGbUjuwEEAHz+k/9sjsn8QAGw/XslYhd5dktaRRCqaTNiWT+Ks
+xKntAsgXcgWNIpvGikzTB/W7IrjIV8/S1JjLABtoY88tFUX81Ohr3bFFsRc9EHVS
+MtGnEwfoBOSlCUjaTWBNHHi1HstK9sG2SNT/nhN1HATk/aiCiQRKr/bm6ezPC2If
+6mRidaNiQN8+vzvtn86BqtRJOEi8jj5CBax6IqwfE+lDZIwT7H9C9Cu8Yp4mTM0x
+wwzRDnFVisM=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert-768i.pem b/openssl-1.1.0h/test/certs/ca-cert-768i.pem
new file mode 100644
index 0000000..acc432f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert-768i.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICSjCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFFjzE/eu8wvKwzb2aODw52C+0gLVMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADYQCZM1sSpIyjyuGirBYvezFryUq5EyZiME3HIHJ7AbmquPtE
+LcoE8lwxEYXl7OTbLZHxIKkt6+WX2TL/0yshJLq/42nh5DZwyug7fIITmkzmzidF
+rbnl7fIop7OJX/kELbY=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem b/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem
new file mode 100644
index 0000000..7c2b53f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBACTmLO0KOkXFNjj6hXozC9GzQYMXdCfNmgMuetk8xdVm
+TqkF/qIGK2FBWn91IH0/9ydZbL83EKjPjqjwqzXqExJ0Un+fy7XbYMKtjGJ21egJ
+x97jzKey5phEwRD/4fJ+PCml9eE/SNzBV0xKSDq4qQYvSJ3GF6KCATVlr0bDzQJZ
+yTY3FeNoy+K7Mb0rHtsGru60C/Ft1dl9uiJ+yKXMiCxPcDjYb+95mA9QJ1kXfR8J
+JVfeKhEEK+QIVpz/37aQ4jx/zbGblFsruALK22aLnpgrfUzrsYQ8W8T/DV2dV1ra
+4wHz/QtlE4isInOaK2+pvXwyGar+1/s3+VxXEiPlZ7IwCDAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert-md5.pem b/openssl-1.1.0h/test/certs/ca-cert-md5.pem
new file mode 100644
index 0000000..be564dd
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert-md5.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBACTmLO0KOkXFNjj6hXozC9GzQYMXdCfNmgMuetk8xdVm
+TqkF/qIGK2FBWn91IH0/9ydZbL83EKjPjqjwqzXqExJ0Un+fy7XbYMKtjGJ21egJ
+x97jzKey5phEwRD/4fJ+PCml9eE/SNzBV0xKSDq4qQYvSJ3GF6KCATVlr0bDzQJZ
+yTY3FeNoy+K7Mb0rHtsGru60C/Ft1dl9uiJ+yKXMiCxPcDjYb+95mA9QJ1kXfR8J
+JVfeKhEEK+QIVpz/37aQ4jx/zbGblFsruALK22aLnpgrfUzrsYQ8W8T/DV2dV1ra
+4wHz/QtlE4isInOaK2+pvXwyGar+1/s3+VxXEiPlZ7I=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert.pem b/openssl-1.1.0h/test/certs/ca-cert.pem
new file mode 100644
index 0000000..f6bc233
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-cert2.pem b/openssl-1.1.0h/test/certs/ca-cert2.pem
new file mode 100644
index 0000000..561ffb2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-cert2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOsBxQ3RD9TDABcU
+Uddp+r5s2pLcA/IUN8MnH2PoemxgfJUKfWm+t0VR2mFqyiSeym1V1TkDnuhzui1Y
+ftOuiN1qVs0s6xBcU0+S9vWzYIu5SFTkOgB5APYamCLfbDw3xFTQvRs55UfR+yof
+T/sN6Enq6AhptqnJ/eYVX9EuLTDwV55Kptb4gv9JQs6v01aEHzJ9KGlK2zKpS9Am
+E67xNkwPeXwbzDdqXgr2a+aSrZjtHUfOsV5gZwH8XPAY0kFmrwhHIJsYZInsZhFo
+nil/9pMB8gHFU2EHq3LXbs4GUouQoIf+m3OmgeHCI+t7nAfQgU94FJzq+r6p4WxQ
+KI7cotkCAwEAAaNQME4wHQYDVR0OBBYEFAFonW/5R1NkYk6W28NxJdMyTlCtMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAJIyn7fl5QppxeRmCLhj18Ic+Nft5LMCvaOkv9HNctL+
+f1Qe2RgtdrMbHpYykXYrOI4KDt4LhLLInGjXNgV+lp8tSi/ok26wNIpwjf68bfP+
+nWNHi2Lt0Eeo9Wpq2VqdsHct98VvBXyuLysbThEJVbrLRsgvBWxdEzbf5RnwdWd5
+ZTDQyHgP1/gabl+AyvDFne101IyEA3i90NBhQ8NmSNn4ShTTrerbZSiWhy4eQEzo
+PeWfUVERV28/0D4XIt/fFuF3M/0RbEgKq2wlDMCT8+W/hWmcZsdyt4xSyiGyjh9Y
+ldYmdyOrlfOGVzkZ63GTOAC68SNVCXJg3cOmfEczkRw=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-clientAuth.pem b/openssl-1.1.0h/test/certs/ca-clientAuth.pem
new file mode 100644
index 0000000..838c70e
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-clientAuth.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDKAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-expired.pem b/openssl-1.1.0h/test/certs/ca-expired.pem
new file mode 100644
index 0000000..5be60fa
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-expired.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMB4XDTE2MDExNTA4MTk0OVoXDTE2MDExNDA4MTk0OVowDTELMAkGA1UEAwwC
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWnaQ9AEscX8bL3Y/S
+MbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIjs59Z
+OdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/1pfa
+xULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9JWFu
+SDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQHGRo
+e69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSxfQiz
+TbFHAgMBAAGjUDBOMB0GA1UdDgQWBBS0ETPx1+Je91OeICIQT4YGvx/JXjAfBgNV
+HSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQAW1MwF8Rfcgj6zHutqzzt7RQB5GT1b/vJNzgUyGTRK9kch
+HOw7rM9WpfP1cMEjhLwGJEZkHPb0DA8rZ4uFERuoZky04/vTum0GgLXmlnSTaAk5
+ImJyJn9aFR+sbD6QyfkSmQk9yS48AHom62IfA9yVwQStq3HvI038oVEb2IO5TE+L
+CTX8dVFl4ZgYMVWTLYGzvECCvM42enR9QT0yp+9k8dZ9DcGzknZouoDd1BC2u05V
+TJIviKNZMA/UEsON5QL02h25r1YRNlegeC4zl1DbJXXhJfDiacMZD7AA6NWMdwlk
+7jDeEHIItT7V/x0NWllSqSPPZIsuyuuwFNmLZHfw
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-key-768.pem b/openssl-1.1.0h/test/certs/ca-key-768.pem
new file mode 100644
index 0000000..7aea5ed
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-key-768.pem
@@ -0,0 +1,13 @@
+-----BEGIN PRIVATE KEY-----
+MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEAt8DS3NQPYAI89R/e
+KMz6yzoRNkfHOkUI5FCACwjrsPMW2VfgBA0qj9dQcPDFc75qZLEfbNYnSYSzroMD
+DUx301yY1Q1qEIfaH0edSebDqYeMg4UAV0Zorr6jA4/mvNVJAgMBAAECYQCJAsu3
+QJ9eNQ0CsQpTXdO6aMegs5CHkCX7J1Lx52rl+7uTv4QXQUH1EtS2AbEYhmdGzMFN
+ZlBrg1vDsW/yn02NZzvT6xT/kvzFhQVw1i8B0YyB8wPao3f2ZxPkAfeoAAECMQDa
+6VkNYlHgPOlTtwU1WYUirFczpipQsuk/lIf7B3+rVRUHoAE4nbeIRJgkKZaJEAEC
+MQDW4pYsyN79HEqFpOFlfsrERw3y4hLRXGeHxbfJFdAe7SUfNj28ZI2EPFE0DJhX
+RUkCMA39M2+jhM/rlI2A+Jg8LEHW+YuXZsTZagZiG35zMDlmqn1eQDW5/mx61a4Z
+6kDAAQIwIlbZWtTK1bX0rsC3iEmny4/zSbIZAb37iXXuNcM3nAmXmhJH8Vg8STp+
+W4v7uE6JAjEAwiB9wCVwG4UhvKNQ4Wd2mfJiKZQNF4rL4ID0g+Wk6kX67c7u2hfH
+sSaluw9nM91s
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ca-key.pem b/openssl-1.1.0h/test/certs/ca-key.pem
new file mode 100644
index 0000000..d84dcd2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCWnaQ9AEscX8bL
+3Y/SMbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIj
+s59ZOdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/
+1pfaxULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9
+JWFuSDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQ
+HGRoe69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSx
+fQizTbFHAgMBAAECggEABdXHpiFbx5aiUgWca81HGGSX0UlNcK/I3QHipJf8SN4T
+D7dt/Be+BrUsibbxPoZJY5Mb+iZGgDaK1N1BoChQO9YMBCUvOGs3gYLvlhat2Csw
+1Etp1mcfhoR4yS7Qg5BWGpvf4IILgPEYeZKrwWsBAxLcJ2xKjGYjT1ADr6I5F3u+
+FYN+bvlXxr07GccfS+UHt04oT0dHwxQzFaJj+yqKWGo2IFtPqtr6Sgoh9a+yFYIi
+8a9MigTTt+IyJ55OuC/FHRf1PofprftADFts78k43qxWtrxSrQVdlNXp1lpZOtuR
+7gvB/r3a2byDYxCxYVu98tQuOfW909TdDgPmEJjcAQKBgQDHcTYi+zcGKooN3tfK
+Oc6hnFXAYTNpYp074NfIYB8i10CwbvWta1FDoi3iRqlQFwg+pu12UefZsj21F+aF
+v2eGP33kQ6yiXJQ3j7jam7dY+tZ6xb0dthm+X/INuHp/HbSb1qKFmSO2rmMDQg+e
+Crqts9+t5Xk04ewTgpySLZjvRwKBgQDBU85Ls3s8osre5EmVBRd5qBt6ILnjtdoa
+UxrrrWopRx2q3HsI41VhKFx0PGs6ia0c6+9GFR6wX/Qevj85DADbzHDA5XEZq98q
+8yH4lme2Uj2gOlWqyhDeC/g4S+MsbNoIaUOZbMGg/phyAe20HvtvD7MUhZ/2rkta
+U5UjFpouAQKBgQC/+vU+tQ0hTV94vJKBoiWKIX/V4HrprbhmxCdSRVyTYBpv+09X
+8J7X+MwsLRKb+p/AF1UreOox/sYxhOEsy7MuYf2f9Zi+7VjrJtis7gmOiF5e7er+
+J6UeQSMyG+smY4TQIcptyZy8I59Bqpx36CIMRMJClUqYIgTqPubSOzwkzwKBgENB
+9LNBbc5alFmW8kJ10wTwBx8l44Xk7kvaPbNgUV6q7xdSPTuKW1nBwOhvXJ6w5xj4
+u/WVw2d4+mT3qucd1e6h4Vg6em6D7M/0Zg0lxk8XrXjg0ozoX5XgdCqhvBboh7IF
+bQ8jVvm7mS2QnjHb1X196L9q/YvEd1KlYW0jn+ABAoGBAKwArjjmr3zRhJurujA5
+x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L
+/453f0uUObRwFepuv9HzuvPgkTRGpcLFiIHCThiKdyBgPKoq39qjbAyWQcfmW8+S
+2k24wuH7oUtLlvf05p4cqfEx
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ca-key2.pem b/openssl-1.1.0h/test/certs/ca-key2.pem
new file mode 100644
index 0000000..6ddf16f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-key2.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDrAcUN0Q/UwwAX
+FFHXafq+bNqS3APyFDfDJx9j6HpsYHyVCn1pvrdFUdphasoknsptVdU5A57oc7ot
+WH7TrojdalbNLOsQXFNPkvb1s2CLuUhU5DoAeQD2Gpgi32w8N8RU0L0bOeVH0fsq
+H0/7DehJ6ugIabapyf3mFV/RLi0w8FeeSqbW+IL/SULOr9NWhB8yfShpStsyqUvQ
+JhOu8TZMD3l8G8w3al4K9mvmkq2Y7R1HzrFeYGcB/FzwGNJBZq8IRyCbGGSJ7GYR
+aJ4pf/aTAfIBxVNhB6ty127OBlKLkKCH/ptzpoHhwiPre5wH0IFPeBSc6vq+qeFs
+UCiO3KLZAgMBAAECggEAWrrGLz1llUjrwf1QU5BRBC/WexiCVXXEyY1TKylYCnt9
+3bS9EpRVAWhGnZGzFUxQ7sFSnr5tHWWAnX0rCeK6aHFjrbcH0bszVudwfQ+R2J/h
+8xRh6EjPPDSsQ9pqWR1WqUAloltJz96bz3ljUZPe+Jq+lnDp2sdnROs/oOzo+Zkz
+ZkesMwX+aR9prRhnT60A0UeQXZyDJFrWMCVnaeO3JUI5RvjZ3xdEgi5jj4AiNUvH
+x1k/CApynTvJN4LTFncc6qfnyNH/BU0521WKOcTVCI7tWioRIhiX369xR9qqgRfL
+woifc3UjW1f66eMRTsIeh+smcoG4WkHvmpknVDG74QKBgQD7lOtCRMZr9gKIEWNy
+pwm1sMS91zuJnaVLEHjIc6Glc9TqDlZOGp5KcAgXA8Tm7TblQXJ+QlGjX6RBdRD6
+XTHbQcyCJ/5rUU+2a6BBga++moBp2ugLSjc/YSTpzVTRC9+Lw1dZ5czrn3exozQj
+1/jxdOUVToOomwhpGHoXxVqv3QKBgQDvIlUbvHxrwE8EmBWYjhYZeOTREmzhWNCo
+6p7zibZPvKyfZxzXSonJ+T1k/pxNlkMg3SuhZozOCdhQtQupauRlrQ4Hzw3Vc6gr
+Dv5Qew/UwxB02zWjG2PhAfDV1KQgZAwC1g1TCWwqQcV52g5p0kdUgKaPte1P336l
+YvwmTduNLQKBgQDutNsQEr+OWmsGfjE07Sb6XRIf6qOULJ9UfPmNgKGkoiYoOphL
+HViJ2ojihXIDhppqplGjWPurHylz7kbAt0KB/om0CYyOeSVAOhhhb1K4cFJdnhZD
++BQ5r8vdhzTt8O0X6K3uH2vzOWjRhMAJLngHalmegNPNW+R8C3x1J42nhQKBgF9s
+q9mtlVjKHL4Qkk2WJWt0uppTZ+9kqZ8+QL+eLIoVGC1j0DZ5IBLgyocKswSi+Zab
+q1V0vqtZcmCCXmz0or+QFxE2pqaOyISmLwWeleqpDGAVOYok2+5l/9zURcpHIiPf
+luGT2P3j0RGW2jmQF7a4v76JMnG1FayZm1UNrJbhAoGAGM8s9YbDW2+DaTbbSQbg
+IBmT+8MLjVczRUmv5Yi8y4z/aEGjsM7032LjFRiR1PUTeAnkKLnII5rdbEo96UDb
+OMv8SAH3G4lhfS+lq2TSy+XjlAAIOkiI9xW6Xo/KakIOepDzORzY74ayrxqjiyQv
+uchNPF6GhCMnLZC9AxZs4Fg=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ca-name2.pem b/openssl-1.1.0h/test/certs/ca-name2.pem
new file mode 100644
index 0000000..b8bbc80
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-name2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjAOMQwwCgYDVQQD
+DANDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWnaQ9AEscX8bL
+3Y/SMbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIj
+s59ZOdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/
+1pfaxULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9
+JWFuSDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQ
+HGRoe69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSx
+fQizTbFHAgMBAAGjUDBOMB0GA1UdDgQWBBS0ETPx1+Je91OeICIQT4YGvx/JXjAf
+BgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCnVQGsqB3UipgBdwnxQMQJxaeo6MUdBs0gc3rFg2e9
+EFoDE92/hX+Ze7YRji6GRDzmRDd/i5gLgn6tMtJZzPPV6pzFsDZ0mB1pHJrObB+q
+nZVjRFpGFcIm1epXjYRssCQepu92DR7ReSsLqFDSmBROAKfYvt3hdN34W8rp5Gnb
+2kxm5F+dJrtDIs0C/3hItBkBmZ69KHqSWq5lmBY7K1cpKU6enZFgJEZ+w3pqAPBI
+jrbxER2qdr4g80hzT9g+YPIlI+PfkGf5jmClugpsJ7ptXEdW1LsdEyZgd2VUZymw
+rcIp4tupJNvgLC18ZcYcyQ6jMPZOfhfGpNlqZ37jI7Yu
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-nonbc.pem b/openssl-1.1.0h/test/certs/ca-nonbc.pem
new file mode 100644
index 0000000..013775b
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-nonbc.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMzMDAwMDE1N1oYDzIxMTYwMzMxMDAwMTU3WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNPME0wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAPo7bKKFLbwT3x7dw+OPZMDxwyG1pk5x+5SD7iv45mOzS
+5lZ2ByaOH+jnjTfG6beNmTCbfq6RcHqTvD6LXYex5z9KliIL9Fpwh507uGDXmKDN
+lM0zmbYhXiWGRwP5NkbB/EppbiSk42l5/ky4gmCH/a9kQfiBW+Gwe3aBwRX6v+5p
+BLwH12YrM46DdEL4RHd2H/9rjSaX4X3aaZd9kZsf/yaOU65iQX15cNDfxkKncYQK
+K+xjT2S/NLcwslkPzQLCWeWZVBV4Vd+TEjjZA1tFpu5e1oNlJYvGbqjIuUurpoxv
+IhsVUfWJEf7KjpFy+kgPyijNYRUBFrMspdb6x771RQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-nonca.pem b/openssl-1.1.0h/test/certs/ca-nonca.pem
new file mode 100644
index 0000000..cdb2cd1
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-nonca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB
+AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs
+X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT
+3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw
+AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF
+wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT
+X4st+BN48+n9wHuDQJ97sBs=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-root2.pem b/openssl-1.1.0h/test/certs/ca-root2.pem
new file mode 100644
index 0000000..28d9854
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-root2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFJzOZkIwqxwIJl9zGW3fD6euWFIeMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAEqhb/i7hTJ9l/UdLm9fgm4QYmNb1OMWyCU84y5QI/Rj
+uHueaHLy6zEWHTavz9m4VcQpu8hblxFG+4CWWr92QjSYwTsyi578k7Ju5jNzvZQ5
+RnVAL+eeaTVa/7mazmqYzOHgyE4IpljX1MOd0QDpUjRGuNLoWfKXeXn7ul44r3ry
+1hDMwmc3SS3XMzJ9Wl6k5SjKObbkMc8e0WjhhAwGjw3lODa5nj2xGf6W/Ikr/XTp
+pnVjYsm+jxHoj+qmMgmXa1h11wdFCPUl15V1qq4R4rcS5zR8YxKUGZRo1R839geW
+w4G8ytKRsapdFi165mOXZUumyHpJ8i43SEvYlcJux0I=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ca-serverAuth.pem b/openssl-1.1.0h/test/certs/ca-serverAuth.pem
new file mode 100644
index 0000000..f10155d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ca-serverAuth.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDKAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca+anyEKU.pem b/openssl-1.1.0h/test/certs/cca+anyEKU.pem
new file mode 100644
index 0000000..46ee9fa
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwCDAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca+clientAuth.pem b/openssl-1.1.0h/test/certs/cca+clientAuth.pem
new file mode 100644
index 0000000..0b857ee
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwDDAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca+serverAuth.pem b/openssl-1.1.0h/test/certs/cca+serverAuth.pem
new file mode 100644
index 0000000..38a0bdb
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwDDAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca-anyEKU.pem b/openssl-1.1.0h/test/certs/cca-anyEKU.pem
new file mode 100644
index 0000000..cb3e708
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca-anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwCKAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca-cert.pem b/openssl-1.1.0h/test/certs/cca-cert.pem
new file mode 100644
index 0000000..6bccc4c
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXg=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca-clientAuth.pem b/openssl-1.1.0h/test/certs/cca-clientAuth.pem
new file mode 100644
index 0000000..0b857ee
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca-clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwDDAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/cca-serverAuth.pem b/openssl-1.1.0h/test/certs/cca-serverAuth.pem
new file mode 100644
index 0000000..46cbce0
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/cca-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w
+P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB
+Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw
+gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M
+dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe
+O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab
+ap/RSXgwDKAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot+anyEKU.pem b/openssl-1.1.0h/test/certs/croot+anyEKU.pem
new file mode 100644
index 0000000..88ce120
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAIMAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot+clientAuth.pem b/openssl-1.1.0h/test/certs/croot+clientAuth.pem
new file mode 100644
index 0000000..aa45a06
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAMMAoGCCsGAQUFBwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot+serverAuth.pem b/openssl-1.1.0h/test/certs/croot+serverAuth.pem
new file mode 100644
index 0000000..3564769
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAMMAoGCCsGAQUFBwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot-anyEKU.pem b/openssl-1.1.0h/test/certs/croot-anyEKU.pem
new file mode 100644
index 0000000..50fffbf
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot-anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAIoAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot-cert.pem b/openssl-1.1.0h/test/certs/croot-cert.pem
new file mode 100644
index 0000000..f3459f4
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0Plw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot-clientAuth.pem b/openssl-1.1.0h/test/certs/croot-clientAuth.pem
new file mode 100644
index 0000000..7845641
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot-clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAMoAoGCCsGAQUFBwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/croot-serverAuth.pem b/openssl-1.1.0h/test/certs/croot-serverAuth.pem
new file mode 100644
index 0000000..7e4ffa7
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/croot-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa
+bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc
+6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3
+32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7
+XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr
+tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k
+4PR8O0S5WC0PlzAMoAoGCCsGAQUFBwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee+clientAuth.pem b/openssl-1.1.0h/test/certs/ee+clientAuth.pem
new file mode 100644
index 0000000..850a868
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee+clientAuth.pem
@@ -0,0 +1,20 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
+sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
+pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
+A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
+VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
+n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdxMAwwCgYIKwYBBQUH
+AwI=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee+serverAuth.pem b/openssl-1.1.0h/test/certs/ee+serverAuth.pem
new file mode 100644
index 0000000..61d03ac
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee+serverAuth.pem
@@ -0,0 +1,20 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4
+QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL
+xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz
+UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y
+cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX
+O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRxMAwwCgYIKwYBBQUH
+AwE=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-cert-768.pem b/openssl-1.1.0h/test/certs/ee-cert-768.pem
new file mode 100644
index 0000000..794f93c
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-cert-768.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICeDCCAWCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAwCvrPAynx+7VtpFz
+4cWZW3/n3/nMwK4fxkWSB0kbVUhQaYiaQGWEfB4JpRz5rPt8NW5m2aVGT7mMjScu
+8YyFa3IDdpBeQL1n8VQUH3FLySgQHC1bkkzwyzQM8JirCdl/AgMBAAGjfTB7MB0G
+A1UdDgQWBBSRBasp1P/UDCesreviw4Lwz8tFBDAfBgNVHSMEGDAWgBS0ETPx1+Je
+91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkG
+A1UdEQQSMBCCDnNlcnZlci5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQB5xled
+do7U++n86KmJDGnXd4XMpr1QbTFVSO7fhSiObeGm961re/TI7AhuLlsZYP601YhZ
+pRe9B7tiEuzu3iCD4kKB0yxgUCSsF0u1KbHSUNe2H5bBJC21c2eLZh6U54y014nL
+gFSDOsA8M1301+Hlh5AS+4iTR0Ra02RaZb3L5HCR2wtkJubh3rSj8eBzb6fx+Lhw
+JoeRg34lhycGC4bBVwkRT8bo73Nrs71JUP2A6/PjdsIfF2rtVMEuIq8AMQ5wInZ+
+2mIxJ4MwCClwLCq3VxI1bzdf1TYsPNxYTUS1POb2VgNofG0mBTHNUYUO20aF0ct8
+PCQqIqxUIegfS3f5
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-cert-768i.pem b/openssl-1.1.0h/test/certs/ee-cert-768i.pem
new file mode 100644
index 0000000..d6532fb
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-cert-768i.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBSq83ovyyiaKeskoYibqSrJFtGUHDAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA2EASAwDwXsYGnhQDyWixI9eKZwXAA9E4rEIdmKNvVjU
+jWkMh1oC0FZl4TTHU+sAaXmv2QItZOcG2QEHoTIZDPYiy+7eZC7pPQY25dkxeSZ9
+TIlMnfePzYTc3BnfxZj82Mny
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-cert-md5.pem b/openssl-1.1.0h/test/certs/ee-cert-md5.pem
new file mode 100644
index 0000000..8c26422
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-cert-md5.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBBAUAA4IBAQBqCPfIEZOVUiq2exiRFoxVOvq668Y55lJZ9+4j
+E5Ncq9mdbuD7GIxJSKByf899yBJUG32ZIbmwnSHfBkPolc/LjQhUDxJtSBE8vFaA
+8AZ1rsOcaWapPQ94gYIgncBS15t7RjTX1l04fY0NPqVsWmTji+ummA5e7iCj6l6t
+CqRGhMeSZWa1mc+Plurmz7oWEqkUK5cfTrlDnXeQNOI8EK8lc636elqqdnw0amO4
+yKJlaXRlm/I1nQdUQ0G5Bk2Tp/QGoJCtJ25XsoIbnCs0tIbpQllTdLsRQmOussAP
+NvdwbKtAAolgMAxH9pl1Mc6OIo2e8405EWs1jvGEMgE0IFAY
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-cert.pem b/openssl-1.1.0h/test/certs/ee-cert.pem
new file mode 100644
index 0000000..05d2318
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4
+QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL
+xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz
+UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y
+cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX
+O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRx
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-cert2.pem b/openssl-1.1.0h/test/certs/ee-cert2.pem
new file mode 100644
index 0000000..b6ad976
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-cert2.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBQBaJ1v+UdTZGJOltvDcSXTMk5QrTAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQC8XKL6Bh01xQv+3BTk4Kqu95/TEecZdBPsxU4r
+mCT829HsTw54Od7ID64Kzxi52RtJKPDnd3GB1tDAChEYI+U0g3582JiZCXPwxkC0
+y2YEhsXgatfOj0h5eT47FdmH7YeY4S6PxNo7Ek3ma5523M6dqcbP71fLvFptu5DZ
+dP9+I9hxeojAeumKONzVK4ADWthqgMgVKqjV34lqNNcWDEXgOUjJwT1HXnlwnCMk
+PtdnDSvzHEQFt25RZwkiOjimC97FZAPmsyYmLHc4q6s81ms5M4S9dackCA6TDRvv
+sOzivaeM07/94iKBINFpoHpJmD9Z5zE+vH2weMVjhSQnFsGc
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-client-chain.pem b/openssl-1.1.0h/test/certs/ee-client-chain.pem
new file mode 100644
index 0000000..27652fa
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-client-chain.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
+sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
+pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
+A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
+VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
+n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-client.pem b/openssl-1.1.0h/test/certs/ee-client.pem
new file mode 100644
index 0000000..a6105b2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-client.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
+sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
+pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
+A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
+VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
+n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-clientAuth.pem b/openssl-1.1.0h/test/certs/ee-clientAuth.pem
new file mode 100644
index 0000000..e6b88a7
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-clientAuth.pem
@@ -0,0 +1,20 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
+sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
+pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
+A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
+VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
+n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdxMAygCgYIKwYBBQUH
+AwI=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-expired.pem b/openssl-1.1.0h/test/certs/ee-expired.pem
new file mode 100644
index 0000000..bc49002
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-expired.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHjCCAgagAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAe
+Fw0xNjAxMTUwODE5NDlaFw0xNjAxMTQwODE5NDlaMBkxFzAVBgNVBAMMDnNlcnZl
+ci5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGF
+rt7bLA/Vc/vit6gbenVgK9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UX
+H/8NxkP+MTT4KNh16aO7iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/
+Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOz
+lmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqe
+S0dopynHP0riIie075Bj1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iE
+D2H+eTQfSokftwIDAQABo30wezAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfh
+c6IwHwYDVR0jBBgwFoAUtBEz8dfiXvdTniAiEE+GBr8fyV4wCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAN
+BgkqhkiG9w0BAQsFAAOCAQEAaxdo2UEbO7GovfQ18HNQ8hTwZGTyv8h4nZuUcgkf
+6L63FLoeyakcNtg1jgpsXmIEuCvWGNrUZJiNt7IiWW8fqmEgVMsYNtldUrQfIhUC
+I91SQveIy16Yoebx+1o8JPGIwoN19mqRWXC48gnF6Tmb5XuPVA5niidVryJR2U1m
+xciwaDZMNFvEogWopMajZrRTt/hjZYXdFuBVrJPwoP0uc/qYO9e8r5rKdthE3A9B
+sRezBb1FRe1ssFshgHcCwXl8AWRlaDFOW3TJvzJgvW3hjEm9z9booKD5dNuUeWWN
+CgM8Igp1gjCLXo0a/ZhCwiyE+7uGsLkDjHoGclcGwW17YA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-key-768.pem b/openssl-1.1.0h/test/certs/ee-key-768.pem
new file mode 100644
index 0000000..0d44f85
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-key-768.pem
@@ -0,0 +1,13 @@
+-----BEGIN PRIVATE KEY-----
+MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEAwCvrPAynx+7VtpFz
+4cWZW3/n3/nMwK4fxkWSB0kbVUhQaYiaQGWEfB4JpRz5rPt8NW5m2aVGT7mMjScu
+8YyFa3IDdpBeQL1n8VQUH3FLySgQHC1bkkzwyzQM8JirCdl/AgMBAAECYQCzO0MW
+qqcBrhvdPyPZerZhxJW7K/xv6PbxsYlVCjZYAC4ff6x+SzCZolpUiQXE9Hdyhlyk
+alcqn2vT5TagWk64YUmIMP7BCT2Ps/IW0nQl07k27c2BNq3IzdRnBz5SbQECMQDg
+9UxISqFOG6sLdZIKA88Q+M2HE/MdzwiJby/bSUXhn5aluZqjR60nGPqAb2S/r98C
+MQDasGzUTXqEYOPsAL4irzKMMiMdqbj6dNHsmo1GIYKx8PuN193i/cNd5XDv78Gm
+imECMQC10IvewbKtVl9f2540ye9JYE18pvsPVI0pxtt++DGqsTkoqGH7JasktmN/
++ogLBTECMBf9/xKTpXtcfeTod/OqMOt8nKmmcyrXIijJE/K7vnDzNUXshuVeXc6x
+W2CXdzFkQQIweyLLA6etAJGsmCRwIgnfp1ubmVdfPou68byHSnzAf4/GxBriSd5b
+EQcYwjE7SDI7
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ee-key.pem b/openssl-1.1.0h/test/certs/ee-key.pem
new file mode 100644
index 0000000..9bc2a84
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCo/4lYYYWu3tss
+D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G
+Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2
+oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb
+FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in
+Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55
+NB9KiR+3AgMBAAECggEAFvp/40uHUMquhGQ2wsl5/zzVV6ZECFGhIaoVdwiq7Npl
+cERPGSxdt7mXg+AliGQO2JXIf4iDx273oYC3PFuWbn9YMQd5RUuAZ/oD+hB25QB8
+vmGJTeqDUgZ0+4qs0fsM5upPUqFrHnfEwoarS9oMh0HEQi9yWzHy7E/E9Rk0dm8Q
+qAwfKKqqwBe0RIp6GOwRJ2AO4NLvPh1oddVX15zvVeDP5pmHScZKtGXf9sIKfJJo
+JN7N5UaviOKEGpQtxKVNOjn1wYusvzrvz3U3TmvyXTGkPCdSxK/6bz0LN+Lwyfzw
+RpSoNUe/cREZJkXDIIaqvmzlQVk1aKDdAx4+8ltyWQKBgQDahgSMZAAeGuQwtI+S
+jor9dNWcxEr5Uf/iw5gWmp5E59CSyc35Zj5rdf4M12X7jPRqAbFcM6FgERtbKyYd
+lg+PGgcKMYXKXJWimA6xU06+wwRl1iI/j718FCLeov6Lt17VHr8sjO3GiZ/WtHz1
+H6mqV8i9vcClmA6IyS+EQvtkBQKBgQDF+y0JwcbEzS3YqTHy4DGQtcCOkcLi+WM5
+APch7pev4I9MTgZdRnC6ZjnYKXQU9nzALZrH1PoHnFRZbsXbCFsmTdh/6g1L0b7B
+/zfZhB+9LiB7NBpfHiUydj1JQfkw/EvnLbs7r5EYGbpkMhpzmmzE9Yv0d+xj1CPd
+6kz/6CRdiwKBgBE1ZpxLr7qvMXModPn8obNuBPhweNsDexw3fP2itX4Fp2Y34DGY
+vKenxhbqy4wwwHqsoXP6WOYA0t+uGTVRQO5rBUznM3sJKXuBb/7E6bmaD/mZEF9j
+CXABAfH4cgU8roon/rQacQsmgWDeG80N7kWM3jEbBVXFELfy5/wJblSlAoGAUZax
+eNPiljf4LNGNRAogYwKD2D05k1AzE8rSDanF2TUx2MBO3yGoUyjNrcdnjzwFLS2e
+G7wpTfmeyTxdTWakKaTrE8vgrt5BPrFu0rUgX1YjDKLsO0axDZqspwQJLabLoPm3
+r2Eq6kOwDJqZTArXyFNo2daSFJHYNhvYn52LXwECgYB9CRrPMe0sWdbVPm55bXGM
+Ern05LQuaLaDZjsbsaH9Q5YPk99Sq7jklyQ3ZuHodSLAArHGu/96uu66xtMrRYcj
+c89fqFeqc/BwnkodvWJ3K80UNulnjfOcPVAPHaAr9GE9rJcjICNpu2+wJ2wi4JAF
+rLxFTZXBDbnGZ9QtcGcJSw==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ee-name2.pem b/openssl-1.1.0h/test/certs/ee-name2.pem
new file mode 100644
index 0000000..234704e
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-name2.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDDANDQTIw
+IBcNMTYwMTE1MDgxOTQ5WhgPMjExNjAxMTYwODE5NDlaMBkxFzAVBgNVBAMMDnNl
+cnZlci5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+J
+WGGFrt7bLA/Vc/vit6gbenVgK9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7
+k+UXH/8NxkP+MTT4KNh16aO7iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZd
+ZQ8/Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTG
+NVOzlmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98x
+uXqeS0dopynHP0riIie075Bj1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+L
+Z4iED2H+eTQfSokftwIDAQABo30wezAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeY
+Ipfhc6IwHwYDVR0jBBgwFoAUtBEz8dfiXvdTniAiEE+GBr8fyV4wCQYDVR0TBAIw
+ADATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBs
+ZTANBgkqhkiG9w0BAQsFAAOCAQEAS963QA7e4VCU5bdx4fBV9j5I6KhlEZnLOj5h
+MYH1gr3/+V2cdbjctMvsZHB9NLfha7PcDyYHhPDjFuSwu834r31opR4LaSJKlGiW
+l+K6mhGk1ofLIQLJedFFdBCuUAHMsTN7yWY6398y72XglJ+KtQh9wUd9g6H6QMzN
+OWlZZmVQjVllFOj3y5v1YsJ9JlUFDDzdJVB9KgiyAIj6hcz7pJX42nFtsQvTHBUT
+r6J+ViasAnOGjBSVsE5MQw9dYVgSbVd3ftUZkDkLQ5ShTZ5N2ndIMY2xzw7lifrX
+O34gCkt55vyZNkOzZgCfMglkloYm7ww7pofZVfjmkmm3k/HGFw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ee-serverAuth.pem b/openssl-1.1.0h/test/certs/ee-serverAuth.pem
new file mode 100644
index 0000000..fd6ab28
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ee-serverAuth.pem
@@ -0,0 +1,20 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy
+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
+MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4
+QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL
+xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz
+UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y
+cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX
+O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRxMAygCgYIKwYBBQUH
+AwE=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem
new file mode 100644
index 0000000..e3e66d5
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
+WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
+EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
+AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
+PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
+flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
+X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
+pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
+b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
+9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
+83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
+n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
+1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1.pem
new file mode 100644
index 0000000..d1e8512
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs1.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
+c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
+BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
+EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
+FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
+Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
+VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
+DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
+BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
+vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
+KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
+SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
+oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
+5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1.sct b/openssl-1.1.0h/test/certs/embeddedSCTs1.sct
new file mode 100644
index 0000000..59362dc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs1.sct
@@ -0,0 +1,12 @@
+Signed Certificate Timestamp:
+    Version   : v1 (0x0)
+    Log ID    : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
+                79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
+    Timestamp : Apr  5 17:04:16.275 2013 GMT
+    Extensions: none
+    Signature : ecdsa-with-SHA256
+                30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
+                D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
+                E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
+                F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
+                05:51:9D:89:ED:BF:08
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem
new file mode 100644
index 0000000..1fa449d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
+c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
+jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
+KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
+svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
+tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
+A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
+MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
+OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
+f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
+OwqULg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3.pem b/openssl-1.1.0h/test/certs/embeddedSCTs3.pem
new file mode 100644
index 0000000..bce8918
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs3.pem
@@ -0,0 +1,44 @@
+-----BEGIN CERTIFICATE-----
+MIIHvzCCBqegAwIBAgIRANSYNM/GMmLagfa+3OOk63swDQYJKoZIhvcNAQELBQAw
+gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD
+VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl
+ciBDQTAeFw0xNTEyMDEwMDAwMDBaFw0xODAyMjUyMzU5NTlaMIIBMzEQMA4GA1UE
+BRMHMzgzMDEzODETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC
+EwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNV
+BAYTAlVTMQ4wDAYDVQQREwUwNzAxMzELMAkGA1UECBMCTkoxEDAOBgNVBAcTB0Ns
+aWZ0b24xEjAQBgNVBAkTCVN1aXRlIDEwMDEXMBUGA1UECRMOMTI1NSBCcm9hZCBT
+dC4xGjAYBgNVBAoTEUNvbW9kbyBHcm91cCBJbmMuMRYwFAYDVQQLEw1DT01PRE8g
+RVYgU1NMMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDEXMBUGA1UEAxMOd3d3
+LmNvbW9kby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5S2RD
+XGjch2spb10rLVCA4TgeB/TiNLHPczeKMJzIY9qKUGQfcYCTwfWe2E1xBer/i0OX
+IUca+/Br3HTK2qkNoc/nuFkJJ3ej17A9Kv1EYhsN+2gHobKEy+sMTJyGmFVo98nu
+V9mmiEWM7Bi0Y6YRVYCOey4K2yUwSK1MOgc10RzbwDsk+P2mvTzvPi8QZzd4I36/
+xlFFhk39VKY94PorJCzF/6qifmNnIjxMkrmSKJKKQaZu8vgbshqlj3+TkeCtIjdR
+77OcZuROMFdnKsp8JKAq9bzXmDkwlDmUzxAzgYmAvqCwQvNWtJrm0SeiEkNsoK5F
+xadrfw6OO7BCGXiNAgMBAAGjggNqMIIDZjAfBgNVHSMEGDAWgBQ52v/KKBSKqHQT
+CLnkDqnS+n6daTAdBgNVHQ4EFgQURD5zMOsLG6ennQ/aeZZNGofpnSEwDgYDVR0P
+AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsG
+AQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEwRgYDVR0gBD8wPTA7BgwrBgEE
+AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGH
+BggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2Eu
+Y29tL0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
+dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCUGA1UdEQQe
+MByCDnd3dy5jb21vZG8uY29tggpjb21vZG8uY29tMIIBfQYKKwYBBAHWeQIEAgSC
+AW0EggFpAWcAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVFd
+vZuJAAAEAwBGMEQCIFgtCr54QYrnialeZiHFahZ53zOFitPzHXGvdTD7zE5FAiBB
+nIm4gBmHRmwcOpULvvSYddTKSZf9JS7jeLU2MCAmTQB2AFYUBpov18Ls0/XhvUSy
+PsdGdrm8mRFcwO+UmFXWidDdAAABUV29mSgAAAQDAEcwRQIgeWjpcDhaY/OmsZcO
+ftDFcRt2BssJY0ge4SDzp+8qTnQCIQCOt7vthV2FG1RePMXs8hOcCdEKAcJZX3wx
+GaGd4RfHHwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUV29
+m5wAAAQDAEcwRQIgKwZCD9lxvSFCpfnFVYPSneWhjbY9pnOJQjKckQ87anQCIQCG
+7hD5EOZ7F2XZLTdTSjvwrgPkIXY376+0RC4r9VzGkTANBgkqhkiG9w0BAQsFAAOC
+AQEAHVZgKwtIKcxJg6k5THIICJ63vZyaPJN21HVYPAN/heDUcbYzOqP0F+v+ahj5
+yNiRhSji/xxcOf5bWT158dHQoMtC1Ld1dI3lttVAvDTgXOApbmc8N0Xpjvapag3r
+b0IYW5SJio0qn1VxgeSsf0UCBTyw0N8lgbaIr3FHw2SP2rUS8PUixFRK52MYnyEp
+6Imz730Adl0RgUvp7mzRcWVDK4i6sPRqV6my68XsyaBcQr2qKALQK0Js+mE/0850
+47USqZ1XjbUke47OPxdlF85uUtIUSGquHTWnxrqy7FLMPIu9HL8XGo3vVlTYCCsb
+d6V/RWexyzZiHDGA1ToA0Y16Aw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3.sct b/openssl-1.1.0h/test/certs/embeddedSCTs3.sct
new file mode 100644
index 0000000..ad1ccf0
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs3.sct
@@ -0,0 +1,36 @@
+Signed Certificate Timestamp:
+    Version   : v1 (0x0)
+    Log ID    : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
+                71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
+    Timestamp : Dec  1 13:31:25.961 2015 GMT
+    Extensions: none
+    Signature : ecdsa-with-SHA256
+                30:44:02:20:58:2D:0A:BE:78:41:8A:E7:89:A9:5E:66:
+                21:C5:6A:16:79:DF:33:85:8A:D3:F3:1D:71:AF:75:30:
+                FB:CC:4E:45:02:20:41:9C:89:B8:80:19:87:46:6C:1C:
+                3A:95:0B:BE:F4:98:75:D4:CA:49:97:FD:25:2E:E3:78:
+                B5:36:30:20:26:4D
+Signed Certificate Timestamp:
+    Version   : v1 (0x0)
+    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
+                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
+    Timestamp : Dec  1 13:31:25.352 2015 GMT
+    Extensions: none
+    Signature : ecdsa-with-SHA256
+                30:45:02:20:79:68:E9:70:38:5A:63:F3:A6:B1:97:0E:
+                7E:D0:C5:71:1B:76:06:CB:09:63:48:1E:E1:20:F3:A7:
+                EF:2A:4E:74:02:21:00:8E:B7:BB:ED:85:5D:85:1B:54:
+                5E:3C:C5:EC:F2:13:9C:09:D1:0A:01:C2:59:5F:7C:31:
+                19:A1:9D:E1:17:C7:1F
+Signed Certificate Timestamp:
+    Version   : v1 (0x0)
+    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
+                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
+    Timestamp : Dec  1 13:31:25.980 2015 GMT
+    Extensions: none
+    Signature : ecdsa-with-SHA256
+                30:45:02:20:2B:06:42:0F:D9:71:BD:21:42:A5:F9:C5:
+                55:83:D2:9D:E5:A1:8D:B6:3D:A6:73:89:42:32:9C:91:
+                0F:3B:6A:74:02:21:00:86:EE:10:F9:10:E6:7B:17:65:
+                D9:2D:37:53:4A:3B:F0:AE:03:E4:21:76:37:EF:AF:B4:
+                44:2E:2B:F5:5C:C6:91
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem b/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem
new file mode 100644
index 0000000..f4bc312
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB
+hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
+BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy
+MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg
+VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf
+CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj
+vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA
+xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6
+WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg
+iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j
+BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI
+ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G
+A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j
+b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr
+BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t
+L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
+cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R
+AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk
+jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk
+1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i
+teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o
+fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA
+KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e
+ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9
+XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA
+tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2
+jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn
+pLwltum95OmYdBbxN4SBB7SC
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/interCA.key b/openssl-1.1.0h/test/certs/interCA.key
new file mode 100644
index 0000000..c32fe26
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/interCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q
+xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl
+oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ
+vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj
+m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ
+T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC
+cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww
+CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V
+PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676
+X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO
+674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ
+Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW
+EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L
+/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w
+Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay
+ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm
+R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af
+N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F
+kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr
+fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc
+YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu
+DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U
+fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT
++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe
+nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/interCA.pem b/openssl-1.1.0h/test/certs/interCA.pem
new file mode 100644
index 0000000..35568ab
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/interCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa
+Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT
+B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO
+nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6
+iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo
+D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm
+H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+
+2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6
+hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5
+j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239
+MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ
+4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9
+Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U
+7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/
+e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU
+wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/leaf.key b/openssl-1.1.0h/test/certs/leaf.key
new file mode 100644
index 0000000..a1b1721
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/leaf.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1
+sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs
+0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR
+yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2
+QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F
+auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT
+uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX
+aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4
+m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn
+q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd
+vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5
+BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE
+L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd
+v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86
+Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D
+lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG
+UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz
+1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu
+z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt
+nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ
+C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF
+RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O
+IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ
+IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh
+t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/leaf.pem b/openssl-1.1.0h/test/certs/leaf.pem
new file mode 100644
index 0000000..bb94d12
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/leaf.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx
+OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD
+VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/
+BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI
+wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB
+ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY
+jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt
+LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK
+fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG
+IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN
+BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT
+6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD
+2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw
+QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV
+mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw
+y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/many-constraints.pem b/openssl-1.1.0h/test/certs/many-constraints.pem
new file mode 100644
index 0000000..13b8ab2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/many-constraints.pem
@@ -0,0 +1,292 @@
+-----BEGIN CERTIFICATE-----
+MII2MzCCNRugAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDTELMAkGA1UEAxMCQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6C9qEGRIBQXV8Lj29vVu+
+U+tyXzSSinWIumK5ijPhCm3DLnv4RayxkFwemtnkGRZ/o94ZnsXkBfU/IlsYdkuq
+8wK9WI/ql3gwWjH+KARIhIQcSLGiJcLN6kGuG2nlRBKMcPgPiEq2B0yBXFf4tG3C
+Bbeae7+8G7uvOmv8NLyKj32neWpnUCTL5o2VwyPoxjLxT5gUR69v9XSVFj2irCZb
+sEedeKSb++LqyMhLfnRTzNv+ZHNh4izZHrktR25MvnT5QyBq32hx7AjZ2/xo70Om
+H7w10a2DwsVjJNMdxTEmgyvU9M6CeYRPX1Ykfg+sXCTtkTVAlBDUviIqY95CKy25
+AgMBAAGjgjOaMIIzljAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUH
+AwEwDwYDVR0TAQH/BAUwAwEB/zCCM1wGA1UdHgSCM1MwgjNPoIIZqDAJggd0MC50
+ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0My50ZXN0MAmCB3Q0LnRlc3Qw
+CYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRlc3QwCYIHdDgudGVzdDAJggd0
+OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0MAqCCHQxMi50ZXN0MAqCCHQx
+My50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0MAqCCHQxNi50ZXN0MAqCCHQx
+Ny50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0MAqCCHQyMC50ZXN0MAqCCHQy
+MS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0MAqCCHQyNC50ZXN0MAqCCHQy
+NS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0MAqCCHQyOC50ZXN0MAqCCHQy
+OS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0MAqCCHQzMi50ZXN0MAqCCHQz
+My50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0MAqCCHQzNi50ZXN0MAqCCHQz
+Ny50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0MAqCCHQ0MC50ZXN0MAqCCHQ0
+MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0MAqCCHQ0NC50ZXN0MAqCCHQ0
+NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0MAqCCHQ0OC50ZXN0MAqCCHQ0
+OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0MAqCCHQ1Mi50ZXN0MAqCCHQ1
+My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0MAqCCHQ1Ni50ZXN0MAqCCHQ1
+Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0MAqCCHQ2MC50ZXN0MAqCCHQ2
+MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0MAqCCHQ2NC50ZXN0MAqCCHQ2
+NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0MAqCCHQ2OC50ZXN0MAqCCHQ2
+OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0MAqCCHQ3Mi50ZXN0MAqCCHQ3
+My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0MAqCCHQ3Ni50ZXN0MAqCCHQ3
+Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0MAqCCHQ4MC50ZXN0MAqCCHQ4
+MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0MAqCCHQ4NC50ZXN0MAqCCHQ4
+NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0MAqCCHQ4OC50ZXN0MAqCCHQ4
+OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0MAqCCHQ5Mi50ZXN0MAqCCHQ5
+My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0MAqCCHQ5Ni50ZXN0MAqCCHQ5
+Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0MAuCCXQxMDAudGVzdDALggl0
+MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMudGVzdDALggl0MTA0LnRlc3Qw
+C4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0MTA3LnRlc3QwC4IJdDEwOC50
+ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3QwC4IJdDExMS50ZXN0MAuCCXQx
+MTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50ZXN0MAuCCXQxMTUudGVzdDAL
+ggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQxMTgudGVzdDALggl0MTE5LnRl
+c3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDALggl0MTIyLnRlc3QwC4IJdDEy
+My50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRlc3QwC4IJdDEyNi50ZXN0MAuC
+CXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEyOS50ZXN0MAuCCXQxMzAudGVz
+dDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuCCXQxMzMudGVzdDALggl0MTM0
+LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVzdDALggl0MTM3LnRlc3QwC4IJ
+dDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQwLnRlc3QwC4IJdDE0MS50ZXN0
+MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJdDE0NC50ZXN0MAuCCXQxNDUu
+dGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0MAuCCXQxNDgudGVzdDALggl0
+MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEudGVzdDALggl0MTUyLnRlc3Qw
+C4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0MTU1LnRlc3QwC4IJdDE1Ni50
+ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3QwC4IJdDE1OS50ZXN0MAuCCXQx
+NjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50ZXN0MAuCCXQxNjMudGVzdDAL
+ggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQxNjYudGVzdDALggl0MTY3LnRl
+c3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDALggl0MTcwLnRlc3QwC4IJdDE3
+MS50ZXN0MAuCCXQxNzIudGVzdDALggl0MTczLnRlc3QwC4IJdDE3NC50ZXN0MAuC
+CXQxNzUudGVzdDALggl0MTc2LnRlc3QwC4IJdDE3Ny50ZXN0MAuCCXQxNzgudGVz
+dDALggl0MTc5LnRlc3QwC4IJdDE4MC50ZXN0MAuCCXQxODEudGVzdDALggl0MTgy
+LnRlc3QwC4IJdDE4My50ZXN0MAuCCXQxODQudGVzdDALggl0MTg1LnRlc3QwC4IJ
+dDE4Ni50ZXN0MAuCCXQxODcudGVzdDALggl0MTg4LnRlc3QwC4IJdDE4OS50ZXN0
+MAuCCXQxOTAudGVzdDALggl0MTkxLnRlc3QwC4IJdDE5Mi50ZXN0MAuCCXQxOTMu
+dGVzdDALggl0MTk0LnRlc3QwC4IJdDE5NS50ZXN0MAuCCXQxOTYudGVzdDALggl0
+MTk3LnRlc3QwC4IJdDE5OC50ZXN0MAuCCXQxOTkudGVzdDALggl0MjAwLnRlc3Qw
+C4IJdDIwMS50ZXN0MAuCCXQyMDIudGVzdDALggl0MjAzLnRlc3QwC4IJdDIwNC50
+ZXN0MAuCCXQyMDUudGVzdDALggl0MjA2LnRlc3QwC4IJdDIwNy50ZXN0MAuCCXQy
+MDgudGVzdDALggl0MjA5LnRlc3QwC4IJdDIxMC50ZXN0MAuCCXQyMTEudGVzdDAL
+ggl0MjEyLnRlc3QwC4IJdDIxMy50ZXN0MAuCCXQyMTQudGVzdDALggl0MjE1LnRl
+c3QwC4IJdDIxNi50ZXN0MAuCCXQyMTcudGVzdDALggl0MjE4LnRlc3QwC4IJdDIx
+OS50ZXN0MAuCCXQyMjAudGVzdDALggl0MjIxLnRlc3QwC4IJdDIyMi50ZXN0MAuC
+CXQyMjMudGVzdDALggl0MjI0LnRlc3QwC4IJdDIyNS50ZXN0MAuCCXQyMjYudGVz
+dDALggl0MjI3LnRlc3QwC4IJdDIyOC50ZXN0MAuCCXQyMjkudGVzdDALggl0MjMw
+LnRlc3QwC4IJdDIzMS50ZXN0MAuCCXQyMzIudGVzdDALggl0MjMzLnRlc3QwC4IJ
+dDIzNC50ZXN0MAuCCXQyMzUudGVzdDALggl0MjM2LnRlc3QwC4IJdDIzNy50ZXN0
+MAuCCXQyMzgudGVzdDALggl0MjM5LnRlc3QwC4IJdDI0MC50ZXN0MAuCCXQyNDEu
+dGVzdDALggl0MjQyLnRlc3QwC4IJdDI0My50ZXN0MAuCCXQyNDQudGVzdDALggl0
+MjQ1LnRlc3QwC4IJdDI0Ni50ZXN0MAuCCXQyNDcudGVzdDALggl0MjQ4LnRlc3Qw
+C4IJdDI0OS50ZXN0MAuCCXQyNTAudGVzdDALggl0MjUxLnRlc3QwC4IJdDI1Mi50
+ZXN0MAuCCXQyNTMudGVzdDALggl0MjU0LnRlc3QwC4IJdDI1NS50ZXN0MAuCCXQy
+NTYudGVzdDALggl0MjU3LnRlc3QwC4IJdDI1OC50ZXN0MAuCCXQyNTkudGVzdDAL
+ggl0MjYwLnRlc3QwC4IJdDI2MS50ZXN0MAuCCXQyNjIudGVzdDALggl0MjYzLnRl
+c3QwC4IJdDI2NC50ZXN0MAuCCXQyNjUudGVzdDALggl0MjY2LnRlc3QwC4IJdDI2
+Ny50ZXN0MAuCCXQyNjgudGVzdDALggl0MjY5LnRlc3QwC4IJdDI3MC50ZXN0MAuC
+CXQyNzEudGVzdDALggl0MjcyLnRlc3QwC4IJdDI3My50ZXN0MAuCCXQyNzQudGVz
+dDALggl0Mjc1LnRlc3QwC4IJdDI3Ni50ZXN0MAuCCXQyNzcudGVzdDALggl0Mjc4
+LnRlc3QwC4IJdDI3OS50ZXN0MAuCCXQyODAudGVzdDALggl0MjgxLnRlc3QwC4IJ
+dDI4Mi50ZXN0MAuCCXQyODMudGVzdDALggl0Mjg0LnRlc3QwC4IJdDI4NS50ZXN0
+MAuCCXQyODYudGVzdDALggl0Mjg3LnRlc3QwC4IJdDI4OC50ZXN0MAuCCXQyODku
+dGVzdDALggl0MjkwLnRlc3QwC4IJdDI5MS50ZXN0MAuCCXQyOTIudGVzdDALggl0
+MjkzLnRlc3QwC4IJdDI5NC50ZXN0MAuCCXQyOTUudGVzdDALggl0Mjk2LnRlc3Qw
+C4IJdDI5Ny50ZXN0MAuCCXQyOTgudGVzdDALggl0Mjk5LnRlc3QwC4IJdDMwMC50
+ZXN0MAuCCXQzMDEudGVzdDALggl0MzAyLnRlc3QwC4IJdDMwMy50ZXN0MAuCCXQz
+MDQudGVzdDALggl0MzA1LnRlc3QwC4IJdDMwNi50ZXN0MAuCCXQzMDcudGVzdDAL
+ggl0MzA4LnRlc3QwC4IJdDMwOS50ZXN0MAuCCXQzMTAudGVzdDALggl0MzExLnRl
+c3QwC4IJdDMxMi50ZXN0MAuCCXQzMTMudGVzdDALggl0MzE0LnRlc3QwC4IJdDMx
+NS50ZXN0MAuCCXQzMTYudGVzdDALggl0MzE3LnRlc3QwC4IJdDMxOC50ZXN0MAuC
+CXQzMTkudGVzdDALggl0MzIwLnRlc3QwC4IJdDMyMS50ZXN0MAuCCXQzMjIudGVz
+dDALggl0MzIzLnRlc3QwC4IJdDMyNC50ZXN0MAuCCXQzMjUudGVzdDALggl0MzI2
+LnRlc3QwC4IJdDMyNy50ZXN0MAuCCXQzMjgudGVzdDALggl0MzI5LnRlc3QwC4IJ
+dDMzMC50ZXN0MAuCCXQzMzEudGVzdDALggl0MzMyLnRlc3QwC4IJdDMzMy50ZXN0
+MAuCCXQzMzQudGVzdDALggl0MzM1LnRlc3QwC4IJdDMzNi50ZXN0MAuCCXQzMzcu
+dGVzdDALggl0MzM4LnRlc3QwC4IJdDMzOS50ZXN0MAuCCXQzNDAudGVzdDALggl0
+MzQxLnRlc3QwC4IJdDM0Mi50ZXN0MAuCCXQzNDMudGVzdDALggl0MzQ0LnRlc3Qw
+C4IJdDM0NS50ZXN0MAuCCXQzNDYudGVzdDALggl0MzQ3LnRlc3QwC4IJdDM0OC50
+ZXN0MAuCCXQzNDkudGVzdDALggl0MzUwLnRlc3QwC4IJdDM1MS50ZXN0MAuCCXQz
+NTIudGVzdDALggl0MzUzLnRlc3QwC4IJdDM1NC50ZXN0MAuCCXQzNTUudGVzdDAL
+ggl0MzU2LnRlc3QwC4IJdDM1Ny50ZXN0MAuCCXQzNTgudGVzdDALggl0MzU5LnRl
+c3QwC4IJdDM2MC50ZXN0MAuCCXQzNjEudGVzdDALggl0MzYyLnRlc3QwC4IJdDM2
+My50ZXN0MAuCCXQzNjQudGVzdDALggl0MzY1LnRlc3QwC4IJdDM2Ni50ZXN0MAuC
+CXQzNjcudGVzdDALggl0MzY4LnRlc3QwC4IJdDM2OS50ZXN0MAuCCXQzNzAudGVz
+dDALggl0MzcxLnRlc3QwC4IJdDM3Mi50ZXN0MAuCCXQzNzMudGVzdDALggl0Mzc0
+LnRlc3QwC4IJdDM3NS50ZXN0MAuCCXQzNzYudGVzdDALggl0Mzc3LnRlc3QwC4IJ
+dDM3OC50ZXN0MAuCCXQzNzkudGVzdDALggl0MzgwLnRlc3QwC4IJdDM4MS50ZXN0
+MAuCCXQzODIudGVzdDALggl0MzgzLnRlc3QwC4IJdDM4NC50ZXN0MAuCCXQzODUu
+dGVzdDALggl0Mzg2LnRlc3QwC4IJdDM4Ny50ZXN0MAuCCXQzODgudGVzdDALggl0
+Mzg5LnRlc3QwC4IJdDM5MC50ZXN0MAuCCXQzOTEudGVzdDALggl0MzkyLnRlc3Qw
+C4IJdDM5My50ZXN0MAuCCXQzOTQudGVzdDALggl0Mzk1LnRlc3QwC4IJdDM5Ni50
+ZXN0MAuCCXQzOTcudGVzdDALggl0Mzk4LnRlc3QwC4IJdDM5OS50ZXN0MAuCCXQ0
+MDAudGVzdDALggl0NDAxLnRlc3QwC4IJdDQwMi50ZXN0MAuCCXQ0MDMudGVzdDAL
+ggl0NDA0LnRlc3QwC4IJdDQwNS50ZXN0MAuCCXQ0MDYudGVzdDALggl0NDA3LnRl
+c3QwC4IJdDQwOC50ZXN0MAuCCXQ0MDkudGVzdDALggl0NDEwLnRlc3QwC4IJdDQx
+MS50ZXN0MAuCCXQ0MTIudGVzdDALggl0NDEzLnRlc3QwC4IJdDQxNC50ZXN0MAuC
+CXQ0MTUudGVzdDALggl0NDE2LnRlc3QwC4IJdDQxNy50ZXN0MAuCCXQ0MTgudGVz
+dDALggl0NDE5LnRlc3QwC4IJdDQyMC50ZXN0MAuCCXQ0MjEudGVzdDALggl0NDIy
+LnRlc3QwC4IJdDQyMy50ZXN0MAuCCXQ0MjQudGVzdDALggl0NDI1LnRlc3QwC4IJ
+dDQyNi50ZXN0MAuCCXQ0MjcudGVzdDALggl0NDI4LnRlc3QwC4IJdDQyOS50ZXN0
+MAuCCXQ0MzAudGVzdDALggl0NDMxLnRlc3QwC4IJdDQzMi50ZXN0MAuCCXQ0MzMu
+dGVzdDALggl0NDM0LnRlc3QwC4IJdDQzNS50ZXN0MAuCCXQ0MzYudGVzdDALggl0
+NDM3LnRlc3QwC4IJdDQzOC50ZXN0MAuCCXQ0MzkudGVzdDALggl0NDQwLnRlc3Qw
+C4IJdDQ0MS50ZXN0MAuCCXQ0NDIudGVzdDALggl0NDQzLnRlc3QwC4IJdDQ0NC50
+ZXN0MAuCCXQ0NDUudGVzdDALggl0NDQ2LnRlc3QwC4IJdDQ0Ny50ZXN0MAuCCXQ0
+NDgudGVzdDALggl0NDQ5LnRlc3QwC4IJdDQ1MC50ZXN0MAuCCXQ0NTEudGVzdDAL
+ggl0NDUyLnRlc3QwC4IJdDQ1My50ZXN0MAuCCXQ0NTQudGVzdDALggl0NDU1LnRl
+c3QwC4IJdDQ1Ni50ZXN0MAuCCXQ0NTcudGVzdDALggl0NDU4LnRlc3QwC4IJdDQ1
+OS50ZXN0MAuCCXQ0NjAudGVzdDALggl0NDYxLnRlc3QwC4IJdDQ2Mi50ZXN0MAuC
+CXQ0NjMudGVzdDALggl0NDY0LnRlc3QwC4IJdDQ2NS50ZXN0MAuCCXQ0NjYudGVz
+dDALggl0NDY3LnRlc3QwC4IJdDQ2OC50ZXN0MAuCCXQ0NjkudGVzdDALggl0NDcw
+LnRlc3QwC4IJdDQ3MS50ZXN0MAuCCXQ0NzIudGVzdDALggl0NDczLnRlc3QwC4IJ
+dDQ3NC50ZXN0MAuCCXQ0NzUudGVzdDALggl0NDc2LnRlc3QwC4IJdDQ3Ny50ZXN0
+MAuCCXQ0NzgudGVzdDALggl0NDc5LnRlc3QwC4IJdDQ4MC50ZXN0MAuCCXQ0ODEu
+dGVzdDALggl0NDgyLnRlc3QwC4IJdDQ4My50ZXN0MAuCCXQ0ODQudGVzdDALggl0
+NDg1LnRlc3QwC4IJdDQ4Ni50ZXN0MAuCCXQ0ODcudGVzdDALggl0NDg4LnRlc3Qw
+C4IJdDQ4OS50ZXN0MAuCCXQ0OTAudGVzdDALggl0NDkxLnRlc3QwC4IJdDQ5Mi50
+ZXN0MAuCCXQ0OTMudGVzdDALggl0NDk0LnRlc3QwC4IJdDQ5NS50ZXN0MAuCCXQ0
+OTYudGVzdDALggl0NDk3LnRlc3QwC4IJdDQ5OC50ZXN0MAuCCXQ0OTkudGVzdDAL
+ggl0NTAwLnRlc3QwC4IJdDUwMS50ZXN0MAuCCXQ1MDIudGVzdDALggl0NTAzLnRl
+c3QwC4IJdDUwNC50ZXN0MAuCCXQ1MDUudGVzdDALggl0NTA2LnRlc3QwC4IJdDUw
+Ny50ZXN0MAuCCXQ1MDgudGVzdDALggl0NTA5LnRlc3QwC4IJdDUxMC50ZXN0MAuC
+CXQ1MTEudGVzdDALggl0NTEyLnRlc3QwB4IFLnRlc3ShghmfMAmCB3gwLnRlc3Qw
+CYIHeDEudGVzdDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4
+NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRl
+c3QwCoIIeDEwLnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRl
+c3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRl
+c3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRl
+c3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRl
+c3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRl
+c3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRl
+c3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRl
+c3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRl
+c3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRl
+c3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRl
+c3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRl
+c3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRl
+c3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRl
+c3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRl
+c3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRl
+c3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRl
+c3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRl
+c3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRl
+c3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRl
+c3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRl
+c3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRl
+c3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRl
+c3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEu
+dGVzdDALggl4MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4
+MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3Qw
+C4IJeDEwOS50ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50
+ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgx
+MTYudGVzdDALggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDAL
+ggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRl
+c3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEy
+Ny50ZXN0MAuCCXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuC
+CXgxMzEudGVzdDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVz
+dDALggl4MTM1LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4
+LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJ
+eDE0Mi50ZXN0MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0
+MAuCCXgxNDYudGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDku
+dGVzdDALggl4MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4
+MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3Qw
+C4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50
+ZXN0MAuCCXgxNjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgx
+NjQudGVzdDALggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDAL
+ggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0MAuCCXgxNzAudGVzdDALggl4MTcxLnRl
+c3QwC4IJeDE3Mi50ZXN0MAuCCXgxNzMudGVzdDALggl4MTc0LnRlc3QwC4IJeDE3
+NS50ZXN0MAuCCXgxNzYudGVzdDALggl4MTc3LnRlc3QwC4IJeDE3OC50ZXN0MAuC
+CXgxNzkudGVzdDALggl4MTgwLnRlc3QwC4IJeDE4MS50ZXN0MAuCCXgxODIudGVz
+dDALggl4MTgzLnRlc3QwC4IJeDE4NC50ZXN0MAuCCXgxODUudGVzdDALggl4MTg2
+LnRlc3QwC4IJeDE4Ny50ZXN0MAuCCXgxODgudGVzdDALggl4MTg5LnRlc3QwC4IJ
+eDE5MC50ZXN0MAuCCXgxOTEudGVzdDALggl4MTkyLnRlc3QwC4IJeDE5My50ZXN0
+MAuCCXgxOTQudGVzdDALggl4MTk1LnRlc3QwC4IJeDE5Ni50ZXN0MAuCCXgxOTcu
+dGVzdDALggl4MTk4LnRlc3QwC4IJeDE5OS50ZXN0MAuCCXgyMDAudGVzdDALggl4
+MjAxLnRlc3QwC4IJeDIwMi50ZXN0MAuCCXgyMDMudGVzdDALggl4MjA0LnRlc3Qw
+C4IJeDIwNS50ZXN0MAuCCXgyMDYudGVzdDALggl4MjA3LnRlc3QwC4IJeDIwOC50
+ZXN0MAuCCXgyMDkudGVzdDALggl4MjEwLnRlc3QwC4IJeDIxMS50ZXN0MAuCCXgy
+MTIudGVzdDALggl4MjEzLnRlc3QwC4IJeDIxNC50ZXN0MAuCCXgyMTUudGVzdDAL
+ggl4MjE2LnRlc3QwC4IJeDIxNy50ZXN0MAuCCXgyMTgudGVzdDALggl4MjE5LnRl
+c3QwC4IJeDIyMC50ZXN0MAuCCXgyMjEudGVzdDALggl4MjIyLnRlc3QwC4IJeDIy
+My50ZXN0MAuCCXgyMjQudGVzdDALggl4MjI1LnRlc3QwC4IJeDIyNi50ZXN0MAuC
+CXgyMjcudGVzdDALggl4MjI4LnRlc3QwC4IJeDIyOS50ZXN0MAuCCXgyMzAudGVz
+dDALggl4MjMxLnRlc3QwC4IJeDIzMi50ZXN0MAuCCXgyMzMudGVzdDALggl4MjM0
+LnRlc3QwC4IJeDIzNS50ZXN0MAuCCXgyMzYudGVzdDALggl4MjM3LnRlc3QwC4IJ
+eDIzOC50ZXN0MAuCCXgyMzkudGVzdDALggl4MjQwLnRlc3QwC4IJeDI0MS50ZXN0
+MAuCCXgyNDIudGVzdDALggl4MjQzLnRlc3QwC4IJeDI0NC50ZXN0MAuCCXgyNDUu
+dGVzdDALggl4MjQ2LnRlc3QwC4IJeDI0Ny50ZXN0MAuCCXgyNDgudGVzdDALggl4
+MjQ5LnRlc3QwC4IJeDI1MC50ZXN0MAuCCXgyNTEudGVzdDALggl4MjUyLnRlc3Qw
+C4IJeDI1My50ZXN0MAuCCXgyNTQudGVzdDALggl4MjU1LnRlc3QwC4IJeDI1Ni50
+ZXN0MAuCCXgyNTcudGVzdDALggl4MjU4LnRlc3QwC4IJeDI1OS50ZXN0MAuCCXgy
+NjAudGVzdDALggl4MjYxLnRlc3QwC4IJeDI2Mi50ZXN0MAuCCXgyNjMudGVzdDAL
+ggl4MjY0LnRlc3QwC4IJeDI2NS50ZXN0MAuCCXgyNjYudGVzdDALggl4MjY3LnRl
+c3QwC4IJeDI2OC50ZXN0MAuCCXgyNjkudGVzdDALggl4MjcwLnRlc3QwC4IJeDI3
+MS50ZXN0MAuCCXgyNzIudGVzdDALggl4MjczLnRlc3QwC4IJeDI3NC50ZXN0MAuC
+CXgyNzUudGVzdDALggl4Mjc2LnRlc3QwC4IJeDI3Ny50ZXN0MAuCCXgyNzgudGVz
+dDALggl4Mjc5LnRlc3QwC4IJeDI4MC50ZXN0MAuCCXgyODEudGVzdDALggl4Mjgy
+LnRlc3QwC4IJeDI4My50ZXN0MAuCCXgyODQudGVzdDALggl4Mjg1LnRlc3QwC4IJ
+eDI4Ni50ZXN0MAuCCXgyODcudGVzdDALggl4Mjg4LnRlc3QwC4IJeDI4OS50ZXN0
+MAuCCXgyOTAudGVzdDALggl4MjkxLnRlc3QwC4IJeDI5Mi50ZXN0MAuCCXgyOTMu
+dGVzdDALggl4Mjk0LnRlc3QwC4IJeDI5NS50ZXN0MAuCCXgyOTYudGVzdDALggl4
+Mjk3LnRlc3QwC4IJeDI5OC50ZXN0MAuCCXgyOTkudGVzdDALggl4MzAwLnRlc3Qw
+C4IJeDMwMS50ZXN0MAuCCXgzMDIudGVzdDALggl4MzAzLnRlc3QwC4IJeDMwNC50
+ZXN0MAuCCXgzMDUudGVzdDALggl4MzA2LnRlc3QwC4IJeDMwNy50ZXN0MAuCCXgz
+MDgudGVzdDALggl4MzA5LnRlc3QwC4IJeDMxMC50ZXN0MAuCCXgzMTEudGVzdDAL
+ggl4MzEyLnRlc3QwC4IJeDMxMy50ZXN0MAuCCXgzMTQudGVzdDALggl4MzE1LnRl
+c3QwC4IJeDMxNi50ZXN0MAuCCXgzMTcudGVzdDALggl4MzE4LnRlc3QwC4IJeDMx
+OS50ZXN0MAuCCXgzMjAudGVzdDALggl4MzIxLnRlc3QwC4IJeDMyMi50ZXN0MAuC
+CXgzMjMudGVzdDALggl4MzI0LnRlc3QwC4IJeDMyNS50ZXN0MAuCCXgzMjYudGVz
+dDALggl4MzI3LnRlc3QwC4IJeDMyOC50ZXN0MAuCCXgzMjkudGVzdDALggl4MzMw
+LnRlc3QwC4IJeDMzMS50ZXN0MAuCCXgzMzIudGVzdDALggl4MzMzLnRlc3QwC4IJ
+eDMzNC50ZXN0MAuCCXgzMzUudGVzdDALggl4MzM2LnRlc3QwC4IJeDMzNy50ZXN0
+MAuCCXgzMzgudGVzdDALggl4MzM5LnRlc3QwC4IJeDM0MC50ZXN0MAuCCXgzNDEu
+dGVzdDALggl4MzQyLnRlc3QwC4IJeDM0My50ZXN0MAuCCXgzNDQudGVzdDALggl4
+MzQ1LnRlc3QwC4IJeDM0Ni50ZXN0MAuCCXgzNDcudGVzdDALggl4MzQ4LnRlc3Qw
+C4IJeDM0OS50ZXN0MAuCCXgzNTAudGVzdDALggl4MzUxLnRlc3QwC4IJeDM1Mi50
+ZXN0MAuCCXgzNTMudGVzdDALggl4MzU0LnRlc3QwC4IJeDM1NS50ZXN0MAuCCXgz
+NTYudGVzdDALggl4MzU3LnRlc3QwC4IJeDM1OC50ZXN0MAuCCXgzNTkudGVzdDAL
+ggl4MzYwLnRlc3QwC4IJeDM2MS50ZXN0MAuCCXgzNjIudGVzdDALggl4MzYzLnRl
+c3QwC4IJeDM2NC50ZXN0MAuCCXgzNjUudGVzdDALggl4MzY2LnRlc3QwC4IJeDM2
+Ny50ZXN0MAuCCXgzNjgudGVzdDALggl4MzY5LnRlc3QwC4IJeDM3MC50ZXN0MAuC
+CXgzNzEudGVzdDALggl4MzcyLnRlc3QwC4IJeDM3My50ZXN0MAuCCXgzNzQudGVz
+dDALggl4Mzc1LnRlc3QwC4IJeDM3Ni50ZXN0MAuCCXgzNzcudGVzdDALggl4Mzc4
+LnRlc3QwC4IJeDM3OS50ZXN0MAuCCXgzODAudGVzdDALggl4MzgxLnRlc3QwC4IJ
+eDM4Mi50ZXN0MAuCCXgzODMudGVzdDALggl4Mzg0LnRlc3QwC4IJeDM4NS50ZXN0
+MAuCCXgzODYudGVzdDALggl4Mzg3LnRlc3QwC4IJeDM4OC50ZXN0MAuCCXgzODku
+dGVzdDALggl4MzkwLnRlc3QwC4IJeDM5MS50ZXN0MAuCCXgzOTIudGVzdDALggl4
+MzkzLnRlc3QwC4IJeDM5NC50ZXN0MAuCCXgzOTUudGVzdDALggl4Mzk2LnRlc3Qw
+C4IJeDM5Ny50ZXN0MAuCCXgzOTgudGVzdDALggl4Mzk5LnRlc3QwC4IJeDQwMC50
+ZXN0MAuCCXg0MDEudGVzdDALggl4NDAyLnRlc3QwC4IJeDQwMy50ZXN0MAuCCXg0
+MDQudGVzdDALggl4NDA1LnRlc3QwC4IJeDQwNi50ZXN0MAuCCXg0MDcudGVzdDAL
+ggl4NDA4LnRlc3QwC4IJeDQwOS50ZXN0MAuCCXg0MTAudGVzdDALggl4NDExLnRl
+c3QwC4IJeDQxMi50ZXN0MAuCCXg0MTMudGVzdDALggl4NDE0LnRlc3QwC4IJeDQx
+NS50ZXN0MAuCCXg0MTYudGVzdDALggl4NDE3LnRlc3QwC4IJeDQxOC50ZXN0MAuC
+CXg0MTkudGVzdDALggl4NDIwLnRlc3QwC4IJeDQyMS50ZXN0MAuCCXg0MjIudGVz
+dDALggl4NDIzLnRlc3QwC4IJeDQyNC50ZXN0MAuCCXg0MjUudGVzdDALggl4NDI2
+LnRlc3QwC4IJeDQyNy50ZXN0MAuCCXg0MjgudGVzdDALggl4NDI5LnRlc3QwC4IJ
+eDQzMC50ZXN0MAuCCXg0MzEudGVzdDALggl4NDMyLnRlc3QwC4IJeDQzMy50ZXN0
+MAuCCXg0MzQudGVzdDALggl4NDM1LnRlc3QwC4IJeDQzNi50ZXN0MAuCCXg0Mzcu
+dGVzdDALggl4NDM4LnRlc3QwC4IJeDQzOS50ZXN0MAuCCXg0NDAudGVzdDALggl4
+NDQxLnRlc3QwC4IJeDQ0Mi50ZXN0MAuCCXg0NDMudGVzdDALggl4NDQ0LnRlc3Qw
+C4IJeDQ0NS50ZXN0MAuCCXg0NDYudGVzdDALggl4NDQ3LnRlc3QwC4IJeDQ0OC50
+ZXN0MAuCCXg0NDkudGVzdDALggl4NDUwLnRlc3QwC4IJeDQ1MS50ZXN0MAuCCXg0
+NTIudGVzdDALggl4NDUzLnRlc3QwC4IJeDQ1NC50ZXN0MAuCCXg0NTUudGVzdDAL
+ggl4NDU2LnRlc3QwC4IJeDQ1Ny50ZXN0MAuCCXg0NTgudGVzdDALggl4NDU5LnRl
+c3QwC4IJeDQ2MC50ZXN0MAuCCXg0NjEudGVzdDALggl4NDYyLnRlc3QwC4IJeDQ2
+My50ZXN0MAuCCXg0NjQudGVzdDALggl4NDY1LnRlc3QwC4IJeDQ2Ni50ZXN0MAuC
+CXg0NjcudGVzdDALggl4NDY4LnRlc3QwC4IJeDQ2OS50ZXN0MAuCCXg0NzAudGVz
+dDALggl4NDcxLnRlc3QwC4IJeDQ3Mi50ZXN0MAuCCXg0NzMudGVzdDALggl4NDc0
+LnRlc3QwC4IJeDQ3NS50ZXN0MAuCCXg0NzYudGVzdDALggl4NDc3LnRlc3QwC4IJ
+eDQ3OC50ZXN0MAuCCXg0NzkudGVzdDALggl4NDgwLnRlc3QwC4IJeDQ4MS50ZXN0
+MAuCCXg0ODIudGVzdDALggl4NDgzLnRlc3QwC4IJeDQ4NC50ZXN0MAuCCXg0ODUu
+dGVzdDALggl4NDg2LnRlc3QwC4IJeDQ4Ny50ZXN0MAuCCXg0ODgudGVzdDALggl4
+NDg5LnRlc3QwC4IJeDQ5MC50ZXN0MAuCCXg0OTEudGVzdDALggl4NDkyLnRlc3Qw
+C4IJeDQ5My50ZXN0MAuCCXg0OTQudGVzdDALggl4NDk1LnRlc3QwC4IJeDQ5Ni50
+ZXN0MAuCCXg0OTcudGVzdDALggl4NDk4LnRlc3QwC4IJeDQ5OS50ZXN0MAuCCXg1
+MDAudGVzdDALggl4NTAxLnRlc3QwC4IJeDUwMi50ZXN0MAuCCXg1MDMudGVzdDAL
+ggl4NTA0LnRlc3QwC4IJeDUwNS50ZXN0MAuCCXg1MDYudGVzdDALggl4NTA3LnRl
+c3QwC4IJeDUwOC50ZXN0MAuCCXg1MDkudGVzdDALggl4NTEwLnRlc3QwC4IJeDUx
+MS50ZXN0MAuCCXg1MTIudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAL2zj4W3+BzBa
+UA0pBD3K5mXq5H94uVT3YFiS1Yrrv1aGJjnb9iabNjdPNRFq7eBm1OajFTv8UtE/
+WJR0JDvBTs7yvpOgTy+JY9RY8NP72gdOOvpZ3DbJ0bbSUFqBVQlM8771Mz9RVQX9
+i9oCqVkakKI/9guAU2XHx9ztTB6N3mULB3QkeFmlyrqeeVK/2lFErArRxyKQXjxb
+cfD76JGADWpp6p1/QUGYmPNYGxHMtWzAhzX1zs/OdGwVVX7g6xxfFdOw0z2PVSPL
+otKS5E3GWvqe43Edz3D6AI7jp6ibtH32HX/D4lLLd9nSiQURvJJ0nrMYZI+7p1DE
+6BsnsA2jNg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/many-names1.pem b/openssl-1.1.0h/test/certs/many-names1.pem
new file mode 100644
index 0000000..cf6a0df
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/many-names1.pem
@@ -0,0 +1,409 @@
+-----BEGIN CERTIFICATE-----
+MIJMMTCCSxmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0
+MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
+MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
+c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
+dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
+N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK
+M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o
+BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0
+vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+
+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F
+MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaOCFeUwghXh
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SCB3QxLnRlc3SCB3QyLnRlc3SC
+B3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2LnRlc3SCB3Q3LnRlc3SCB3Q4
+LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEudGVzdIIIdDEyLnRlc3SCCHQx
+My50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQxNi50ZXN0ggh0MTcudGVzdIII
+dDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIIIdDIxLnRlc3SCCHQyMi50ZXN0
+ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0ggh0MjYudGVzdIIIdDI3LnRl
+c3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRlc3SCCHQzMS50ZXN0ggh0MzIu
+dGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUudGVzdIIIdDM2LnRlc3SCCHQz
+Ny50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0MC50ZXN0ggh0NDEudGVzdIII
+dDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIIIdDQ1LnRlc3SCCHQ0Ni50ZXN0
+ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0ggh0NTAudGVzdIIIdDUxLnRl
+c3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRlc3SCCHQ1NS50ZXN0ggh0NTYu
+dGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTkudGVzdIIIdDYwLnRlc3SCCHQ2
+MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2NC50ZXN0ggh0NjUudGVzdIII
+dDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIIIdDY5LnRlc3SCCHQ3MC50ZXN0
+ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0ggh0NzQudGVzdIIIdDc1LnRl
+c3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRlc3SCCHQ3OS50ZXN0ggh0ODAu
+dGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMudGVzdIIIdDg0LnRlc3SCCHQ4
+NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4OC50ZXN0ggh0ODkudGVzdIII
+dDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIIIdDkzLnRlc3SCCHQ5NC50ZXN0
+ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0ggh0OTgudGVzdIIIdDk5LnRl
+c3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAyLnRlc3SCCXQxMDMudGVzdIIJ
+dDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVzdIIJdDEwNy50ZXN0ggl0MTA4
+LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0MTExLnRlc3SCCXQxMTIudGVz
+dIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUudGVzdIIJdDExNi50ZXN0ggl0
+MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0ggl0MTIwLnRlc3SCCXQxMjEu
+dGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQxMjQudGVzdIIJdDEyNS50ZXN0
+ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50ZXN0ggl0MTI5LnRlc3SCCXQx
+MzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SCCXQxMzMudGVzdIIJdDEzNC50
+ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEzNy50ZXN0ggl0MTM4LnRlc3SC
+CXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRlc3SCCXQxNDIudGVzdIIJdDE0
+My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJdDE0Ni50ZXN0ggl0MTQ3LnRl
+c3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUwLnRlc3SCCXQxNTEudGVzdIIJ
+dDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVzdIIJdDE1NS50ZXN0ggl0MTU2
+LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0MTU5LnRlc3SCCXQxNjAudGVz
+dIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMudGVzdIIJdDE2NC50ZXN0ggl0
+MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0ggl0MTY4LnRlc3SCCXQxNjku
+dGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQxNzIudGVzdIIJdDE3My50ZXN0
+ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50ZXN0ggl0MTc3LnRlc3SCCXQx
+NzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SCCXQxODEudGVzdIIJdDE4Mi50
+ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4NS50ZXN0ggl0MTg2LnRlc3SC
+CXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRlc3SCCXQxOTAudGVzdIIJdDE5
+MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJdDE5NC50ZXN0ggl0MTk1LnRl
+c3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4LnRlc3SCCXQxOTkudGVzdIIJ
+dDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVzdIIJdDIwMy50ZXN0ggl0MjA0
+LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0MjA3LnRlc3SCCXQyMDgudGVz
+dIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEudGVzdIIJdDIxMi50ZXN0ggl0
+MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0ggl0MjE2LnRlc3SCCXQyMTcu
+dGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQyMjAudGVzdIIJdDIyMS50ZXN0
+ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50ZXN0ggl0MjI1LnRlc3SCCXQy
+MjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SCCXQyMjkudGVzdIIJdDIzMC50
+ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIzMy50ZXN0ggl0MjM0LnRlc3SC
+CXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRlc3SCCXQyMzgudGVzdIIJdDIz
+OS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJdDI0Mi50ZXN0ggl0MjQzLnRl
+c3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2LnRlc3SCCXQyNDcudGVzdIIJ
+dDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVzdIIJdDI1MS50ZXN0ggl0MjUy
+LnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0MjU1LnRlc3SCCXQyNTYudGVz
+dIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTkudGVzdIIJdDI2MC50ZXN0ggl0
+MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0ggl0MjY0LnRlc3SCCXQyNjUu
+dGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQyNjgudGVzdIIJdDI2OS50ZXN0
+ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50ZXN0ggl0MjczLnRlc3SCCXQy
+NzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SCCXQyNzcudGVzdIIJdDI3OC50
+ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4MS50ZXN0ggl0MjgyLnRlc3SC
+CXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRlc3SCCXQyODYudGVzdIIJdDI4
+Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJdDI5MC50ZXN0ggl0MjkxLnRl
+c3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0LnRlc3SCCXQyOTUudGVzdIIJ
+dDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVzdIIJdDI5OS50ZXN0ggl0MzAw
+LnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0MzAzLnRlc3SCCXQzMDQudGVz
+dIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcudGVzdIIJdDMwOC50ZXN0ggl0
+MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0ggl0MzEyLnRlc3SCCXQzMTMu
+dGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQzMTYudGVzdIIJdDMxNy50ZXN0
+ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50ZXN0ggl0MzIxLnRlc3SCCXQz
+MjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SCCXQzMjUudGVzdIIJdDMyNi50
+ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMyOS50ZXN0ggl0MzMwLnRlc3SC
+CXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRlc3SCCXQzMzQudGVzdIIJdDMz
+NS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJdDMzOC50ZXN0ggl0MzM5LnRl
+c3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQyLnRlc3SCCXQzNDMudGVzdIIJ
+dDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVzdIIJdDM0Ny50ZXN0ggl0MzQ4
+LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0MzUxLnRlc3SCCXQzNTIudGVz
+dIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUudGVzdIIJdDM1Ni50ZXN0ggl0
+MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0ggl0MzYwLnRlc3SCCXQzNjEu
+dGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQzNjQudGVzdIIJdDM2NS50ZXN0
+ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50ZXN0ggl0MzY5LnRlc3SCCXQz
+NzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SCCXQzNzMudGVzdIIJdDM3NC50
+ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3Ny50ZXN0ggl0Mzc4LnRlc3SC
+CXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRlc3SCCXQzODIudGVzdIIJdDM4
+My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJdDM4Ni50ZXN0ggl0Mzg3LnRl
+c3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0MzkwLnRlc3SCCXQzOTEudGVzdIIJ
+dDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVzdIIJdDM5NS50ZXN0ggl0Mzk2
+LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0Mzk5LnRlc3SCCXQ0MDAudGVz
+dIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMudGVzdIIJdDQwNC50ZXN0ggl0
+NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0ggl0NDA4LnRlc3SCCXQ0MDku
+dGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0MTIudGVzdIIJdDQxMy50ZXN0
+ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50ZXN0ggl0NDE3LnRlc3SCCXQ0
+MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SCCXQ0MjEudGVzdIIJdDQyMi50
+ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQyNS50ZXN0ggl0NDI2LnRlc3SC
+CXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRlc3SCCXQ0MzAudGVzdIIJdDQz
+MS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJdDQzNC50ZXN0ggl0NDM1LnRl
+c3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4LnRlc3SCCXQ0MzkudGVzdIIJ
+dDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVzdIIJdDQ0My50ZXN0ggl0NDQ0
+LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0NDQ3LnRlc3SCCXQ0NDgudGVz
+dIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEudGVzdIIJdDQ1Mi50ZXN0ggl0
+NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0ggl0NDU2LnRlc3SCCXQ0NTcu
+dGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0NjAudGVzdIIJdDQ2MS50ZXN0
+ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50ZXN0ggl0NDY1LnRlc3SCCXQ0
+NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SCCXQ0NjkudGVzdIIJdDQ3MC50
+ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3My50ZXN0ggl0NDc0LnRlc3SC
+CXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRlc3SCCXQ0NzgudGVzdIIJdDQ3
+OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJdDQ4Mi50ZXN0ggl0NDgzLnRl
+c3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2LnRlc3SCCXQ0ODcudGVzdIIJ
+dDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVzdIIJdDQ5MS50ZXN0ggl0NDky
+LnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0NDk1LnRlc3SCCXQ0OTYudGVz
+dIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTkudGVzdIIJdDUwMC50ZXN0ggl0
+NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0ggl0NTA0LnRlc3SCCXQ1MDUu
+dGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1MDgudGVzdIIJdDUwOS50ZXN0
+ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50ZXN0MA0GCSqGSIb3DQEBCwUA
+A4IBAQCp6JcB0NWRQJSgjsI0ycv1gpuoo2k/NjPlkYCcsLwmTPRVdpBHi9MJNS2i
+MKPk7Wek2y9wJw6QPq9fMi/XSmEqRcFC8uBZ9evyTwmVbzzRsEN3qGHCrVdOnVLa
+D7x7NjoTLApVNelYTxMPEennTd9+we8cl0T2TqosTnbxyvP+pnwtpazjDAFKlt8e
+JpLRlRtWR/aScZ+P8CGj4b3prp12NJIAPG9W2ZqiHNLNMhTQG4Bz+O5+zMnIbC+e
+Ahc4co+A/7qzselNZL1pcFFyRtTeLAcREuZVTTRa/EXmlLqzMe+UEEinEtdktnPL
+KO0ED3qPXggpBbFaa4/PVubBS4QU
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/many-names2.pem b/openssl-1.1.0h/test/certs/many-names2.pem
new file mode 100644
index 0000000..842ac60
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/many-names2.pem
@@ -0,0 +1,251 @@
+-----BEGIN CERTIFICATE-----
+MIIunDCCLYSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu
+dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu
+Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i
+Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc
+V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW
+PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb
+/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj
+3kIrLbkCAwEAAaOCK/4wgiv6MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
+BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIrwwYDVR0RBIIrujCCK7aCB3QwLnRlc3SC
+B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2
+LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu
+dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx
+Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII
+dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0
+ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl
+c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu
+dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0
+MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII
+dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0
+ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl
+c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku
+dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2
+NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII
+dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0
+ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl
+c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu
+dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4
+OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII
+dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0
+ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy
+LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz
+dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0
+MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu
+dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0
+ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx
+MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50
+ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC
+CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz
+Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl
+c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ
+dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw
+LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz
+dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0
+MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu
+dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0
+ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx
+NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50
+ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC
+CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4
+NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl
+c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ
+dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4
+LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz
+dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0
+MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu
+dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0
+ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy
+MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50
+ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC
+CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz
+My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl
+c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ
+dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2
+LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz
+dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0
+MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku
+dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0
+ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy
+NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50
+ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC
+CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4
+MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl
+c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ
+dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0
+LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz
+dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0
+MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu
+dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0
+ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz
+MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50
+ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC
+CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy
+OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl
+c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ
+dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy
+LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz
+dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0
+MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu
+dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0
+ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz
+NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50
+ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC
+CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3
+Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl
+c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ
+dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw
+LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz
+dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0
+Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu
+dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0
+ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0
+MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50
+ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC
+CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy
+NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl
+c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ
+dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4
+LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz
+dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0
+NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu
+dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0
+ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0
+NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50
+ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC
+CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3
+My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl
+c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ
+dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2
+LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz
+dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0
+NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku
+dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0
+ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1
+MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50
+ZXN0ggl0NTEzLnRlc3SCCXQ1MTQudGVzdIIJdDUxNS50ZXN0ggl0NTE2LnRlc3SC
+CXQ1MTcudGVzdIIJdDUxOC50ZXN0ggl0NTE5LnRlc3SCCXQ1MjAudGVzdIIJdDUy
+MS50ZXN0ggl0NTIyLnRlc3SCCXQ1MjMudGVzdIIJdDUyNC50ZXN0ggl0NTI1LnRl
+c3SCCXQ1MjYudGVzdIIJdDUyNy50ZXN0ggl0NTI4LnRlc3SCCXQ1MjkudGVzdIIJ
+dDUzMC50ZXN0ggl0NTMxLnRlc3SCCXQ1MzIudGVzdIIJdDUzMy50ZXN0ggl0NTM0
+LnRlc3SCCXQ1MzUudGVzdIIJdDUzNi50ZXN0ggl0NTM3LnRlc3SCCXQ1MzgudGVz
+dIIJdDUzOS50ZXN0ggl0NTQwLnRlc3SCCXQ1NDEudGVzdIIJdDU0Mi50ZXN0ggl0
+NTQzLnRlc3SCCXQ1NDQudGVzdIIJdDU0NS50ZXN0ggl0NTQ2LnRlc3SCCXQ1NDcu
+dGVzdIIJdDU0OC50ZXN0ggl0NTQ5LnRlc3SCCXQ1NTAudGVzdIIJdDU1MS50ZXN0
+ggl0NTUyLnRlc3SCCXQ1NTMudGVzdIIJdDU1NC50ZXN0ggl0NTU1LnRlc3SCCXQ1
+NTYudGVzdIIJdDU1Ny50ZXN0ggl0NTU4LnRlc3SCCXQ1NTkudGVzdIIJdDU2MC50
+ZXN0ggl0NTYxLnRlc3SCCXQ1NjIudGVzdIIJdDU2My50ZXN0ggl0NTY0LnRlc3SC
+CXQ1NjUudGVzdIIJdDU2Ni50ZXN0ggl0NTY3LnRlc3SCCXQ1NjgudGVzdIIJdDU2
+OS50ZXN0ggl0NTcwLnRlc3SCCXQ1NzEudGVzdIIJdDU3Mi50ZXN0ggl0NTczLnRl
+c3SCCXQ1NzQudGVzdIIJdDU3NS50ZXN0ggl0NTc2LnRlc3SCCXQ1NzcudGVzdIIJ
+dDU3OC50ZXN0ggl0NTc5LnRlc3SCCXQ1ODAudGVzdIIJdDU4MS50ZXN0ggl0NTgy
+LnRlc3SCCXQ1ODMudGVzdIIJdDU4NC50ZXN0ggl0NTg1LnRlc3SCCXQ1ODYudGVz
+dIIJdDU4Ny50ZXN0ggl0NTg4LnRlc3SCCXQ1ODkudGVzdIIJdDU5MC50ZXN0ggl0
+NTkxLnRlc3SCCXQ1OTIudGVzdIIJdDU5My50ZXN0ggl0NTk0LnRlc3SCCXQ1OTUu
+dGVzdIIJdDU5Ni50ZXN0ggl0NTk3LnRlc3SCCXQ1OTgudGVzdIIJdDU5OS50ZXN0
+ggl0NjAwLnRlc3SCCXQ2MDEudGVzdIIJdDYwMi50ZXN0ggl0NjAzLnRlc3SCCXQ2
+MDQudGVzdIIJdDYwNS50ZXN0ggl0NjA2LnRlc3SCCXQ2MDcudGVzdIIJdDYwOC50
+ZXN0ggl0NjA5LnRlc3SCCXQ2MTAudGVzdIIJdDYxMS50ZXN0ggl0NjEyLnRlc3SC
+CXQ2MTMudGVzdIIJdDYxNC50ZXN0ggl0NjE1LnRlc3SCCXQ2MTYudGVzdIIJdDYx
+Ny50ZXN0ggl0NjE4LnRlc3SCCXQ2MTkudGVzdIIJdDYyMC50ZXN0ggl0NjIxLnRl
+c3SCCXQ2MjIudGVzdIIJdDYyMy50ZXN0ggl0NjI0LnRlc3SCCXQ2MjUudGVzdIIJ
+dDYyNi50ZXN0ggl0NjI3LnRlc3SCCXQ2MjgudGVzdIIJdDYyOS50ZXN0ggl0NjMw
+LnRlc3SCCXQ2MzEudGVzdIIJdDYzMi50ZXN0ggl0NjMzLnRlc3SCCXQ2MzQudGVz
+dIIJdDYzNS50ZXN0ggl0NjM2LnRlc3SCCXQ2MzcudGVzdIIJdDYzOC50ZXN0ggl0
+NjM5LnRlc3SCCXQ2NDAudGVzdIIJdDY0MS50ZXN0ggl0NjQyLnRlc3SCCXQ2NDMu
+dGVzdIIJdDY0NC50ZXN0ggl0NjQ1LnRlc3SCCXQ2NDYudGVzdIIJdDY0Ny50ZXN0
+ggl0NjQ4LnRlc3SCCXQ2NDkudGVzdIIJdDY1MC50ZXN0ggl0NjUxLnRlc3SCCXQ2
+NTIudGVzdIIJdDY1My50ZXN0ggl0NjU0LnRlc3SCCXQ2NTUudGVzdIIJdDY1Ni50
+ZXN0ggl0NjU3LnRlc3SCCXQ2NTgudGVzdIIJdDY1OS50ZXN0ggl0NjYwLnRlc3SC
+CXQ2NjEudGVzdIIJdDY2Mi50ZXN0ggl0NjYzLnRlc3SCCXQ2NjQudGVzdIIJdDY2
+NS50ZXN0ggl0NjY2LnRlc3SCCXQ2NjcudGVzdIIJdDY2OC50ZXN0ggl0NjY5LnRl
+c3SCCXQ2NzAudGVzdIIJdDY3MS50ZXN0ggl0NjcyLnRlc3SCCXQ2NzMudGVzdIIJ
+dDY3NC50ZXN0ggl0Njc1LnRlc3SCCXQ2NzYudGVzdIIJdDY3Ny50ZXN0ggl0Njc4
+LnRlc3SCCXQ2NzkudGVzdIIJdDY4MC50ZXN0ggl0NjgxLnRlc3SCCXQ2ODIudGVz
+dIIJdDY4My50ZXN0ggl0Njg0LnRlc3SCCXQ2ODUudGVzdIIJdDY4Ni50ZXN0ggl0
+Njg3LnRlc3SCCXQ2ODgudGVzdIIJdDY4OS50ZXN0ggl0NjkwLnRlc3SCCXQ2OTEu
+dGVzdIIJdDY5Mi50ZXN0ggl0NjkzLnRlc3SCCXQ2OTQudGVzdIIJdDY5NS50ZXN0
+ggl0Njk2LnRlc3SCCXQ2OTcudGVzdIIJdDY5OC50ZXN0ggl0Njk5LnRlc3SCCXQ3
+MDAudGVzdIIJdDcwMS50ZXN0ggl0NzAyLnRlc3SCCXQ3MDMudGVzdIIJdDcwNC50
+ZXN0ggl0NzA1LnRlc3SCCXQ3MDYudGVzdIIJdDcwNy50ZXN0ggl0NzA4LnRlc3SC
+CXQ3MDkudGVzdIIJdDcxMC50ZXN0ggl0NzExLnRlc3SCCXQ3MTIudGVzdIIJdDcx
+My50ZXN0ggl0NzE0LnRlc3SCCXQ3MTUudGVzdIIJdDcxNi50ZXN0ggl0NzE3LnRl
+c3SCCXQ3MTgudGVzdIIJdDcxOS50ZXN0ggl0NzIwLnRlc3SCCXQ3MjEudGVzdIIJ
+dDcyMi50ZXN0ggl0NzIzLnRlc3SCCXQ3MjQudGVzdIIJdDcyNS50ZXN0ggl0NzI2
+LnRlc3SCCXQ3MjcudGVzdIIJdDcyOC50ZXN0ggl0NzI5LnRlc3SCCXQ3MzAudGVz
+dIIJdDczMS50ZXN0ggl0NzMyLnRlc3SCCXQ3MzMudGVzdIIJdDczNC50ZXN0ggl0
+NzM1LnRlc3SCCXQ3MzYudGVzdIIJdDczNy50ZXN0ggl0NzM4LnRlc3SCCXQ3Mzku
+dGVzdIIJdDc0MC50ZXN0ggl0NzQxLnRlc3SCCXQ3NDIudGVzdIIJdDc0My50ZXN0
+ggl0NzQ0LnRlc3SCCXQ3NDUudGVzdIIJdDc0Ni50ZXN0ggl0NzQ3LnRlc3SCCXQ3
+NDgudGVzdIIJdDc0OS50ZXN0ggl0NzUwLnRlc3SCCXQ3NTEudGVzdIIJdDc1Mi50
+ZXN0ggl0NzUzLnRlc3SCCXQ3NTQudGVzdIIJdDc1NS50ZXN0ggl0NzU2LnRlc3SC
+CXQ3NTcudGVzdIIJdDc1OC50ZXN0ggl0NzU5LnRlc3SCCXQ3NjAudGVzdIIJdDc2
+MS50ZXN0ggl0NzYyLnRlc3SCCXQ3NjMudGVzdIIJdDc2NC50ZXN0ggl0NzY1LnRl
+c3SCCXQ3NjYudGVzdIIJdDc2Ny50ZXN0ggl0NzY4LnRlc3SCCXQ3NjkudGVzdIIJ
+dDc3MC50ZXN0ggl0NzcxLnRlc3SCCXQ3NzIudGVzdIIJdDc3My50ZXN0ggl0Nzc0
+LnRlc3SCCXQ3NzUudGVzdIIJdDc3Ni50ZXN0ggl0Nzc3LnRlc3SCCXQ3NzgudGVz
+dIIJdDc3OS50ZXN0ggl0NzgwLnRlc3SCCXQ3ODEudGVzdIIJdDc4Mi50ZXN0ggl0
+NzgzLnRlc3SCCXQ3ODQudGVzdIIJdDc4NS50ZXN0ggl0Nzg2LnRlc3SCCXQ3ODcu
+dGVzdIIJdDc4OC50ZXN0ggl0Nzg5LnRlc3SCCXQ3OTAudGVzdIIJdDc5MS50ZXN0
+ggl0NzkyLnRlc3SCCXQ3OTMudGVzdIIJdDc5NC50ZXN0ggl0Nzk1LnRlc3SCCXQ3
+OTYudGVzdIIJdDc5Ny50ZXN0ggl0Nzk4LnRlc3SCCXQ3OTkudGVzdIIJdDgwMC50
+ZXN0ggl0ODAxLnRlc3SCCXQ4MDIudGVzdIIJdDgwMy50ZXN0ggl0ODA0LnRlc3SC
+CXQ4MDUudGVzdIIJdDgwNi50ZXN0ggl0ODA3LnRlc3SCCXQ4MDgudGVzdIIJdDgw
+OS50ZXN0ggl0ODEwLnRlc3SCCXQ4MTEudGVzdIIJdDgxMi50ZXN0ggl0ODEzLnRl
+c3SCCXQ4MTQudGVzdIIJdDgxNS50ZXN0ggl0ODE2LnRlc3SCCXQ4MTcudGVzdIIJ
+dDgxOC50ZXN0ggl0ODE5LnRlc3SCCXQ4MjAudGVzdIIJdDgyMS50ZXN0ggl0ODIy
+LnRlc3SCCXQ4MjMudGVzdIIJdDgyNC50ZXN0ggl0ODI1LnRlc3SCCXQ4MjYudGVz
+dIIJdDgyNy50ZXN0ggl0ODI4LnRlc3SCCXQ4MjkudGVzdIIJdDgzMC50ZXN0ggl0
+ODMxLnRlc3SCCXQ4MzIudGVzdIIJdDgzMy50ZXN0ggl0ODM0LnRlc3SCCXQ4MzUu
+dGVzdIIJdDgzNi50ZXN0ggl0ODM3LnRlc3SCCXQ4MzgudGVzdIIJdDgzOS50ZXN0
+ggl0ODQwLnRlc3SCCXQ4NDEudGVzdIIJdDg0Mi50ZXN0ggl0ODQzLnRlc3SCCXQ4
+NDQudGVzdIIJdDg0NS50ZXN0ggl0ODQ2LnRlc3SCCXQ4NDcudGVzdIIJdDg0OC50
+ZXN0ggl0ODQ5LnRlc3SCCXQ4NTAudGVzdIIJdDg1MS50ZXN0ggl0ODUyLnRlc3SC
+CXQ4NTMudGVzdIIJdDg1NC50ZXN0ggl0ODU1LnRlc3SCCXQ4NTYudGVzdIIJdDg1
+Ny50ZXN0ggl0ODU4LnRlc3SCCXQ4NTkudGVzdIIJdDg2MC50ZXN0ggl0ODYxLnRl
+c3SCCXQ4NjIudGVzdIIJdDg2My50ZXN0ggl0ODY0LnRlc3SCCXQ4NjUudGVzdIIJ
+dDg2Ni50ZXN0ggl0ODY3LnRlc3SCCXQ4NjgudGVzdIIJdDg2OS50ZXN0ggl0ODcw
+LnRlc3SCCXQ4NzEudGVzdIIJdDg3Mi50ZXN0ggl0ODczLnRlc3SCCXQ4NzQudGVz
+dIIJdDg3NS50ZXN0ggl0ODc2LnRlc3SCCXQ4NzcudGVzdIIJdDg3OC50ZXN0ggl0
+ODc5LnRlc3SCCXQ4ODAudGVzdIIJdDg4MS50ZXN0ggl0ODgyLnRlc3SCCXQ4ODMu
+dGVzdIIJdDg4NC50ZXN0ggl0ODg1LnRlc3SCCXQ4ODYudGVzdIIJdDg4Ny50ZXN0
+ggl0ODg4LnRlc3SCCXQ4ODkudGVzdIIJdDg5MC50ZXN0ggl0ODkxLnRlc3SCCXQ4
+OTIudGVzdIIJdDg5My50ZXN0ggl0ODk0LnRlc3SCCXQ4OTUudGVzdIIJdDg5Ni50
+ZXN0ggl0ODk3LnRlc3SCCXQ4OTgudGVzdIIJdDg5OS50ZXN0ggl0OTAwLnRlc3SC
+CXQ5MDEudGVzdIIJdDkwMi50ZXN0ggl0OTAzLnRlc3SCCXQ5MDQudGVzdIIJdDkw
+NS50ZXN0ggl0OTA2LnRlc3SCCXQ5MDcudGVzdIIJdDkwOC50ZXN0ggl0OTA5LnRl
+c3SCCXQ5MTAudGVzdIIJdDkxMS50ZXN0ggl0OTEyLnRlc3SCCXQ5MTMudGVzdIIJ
+dDkxNC50ZXN0ggl0OTE1LnRlc3SCCXQ5MTYudGVzdIIJdDkxNy50ZXN0ggl0OTE4
+LnRlc3SCCXQ5MTkudGVzdIIJdDkyMC50ZXN0ggl0OTIxLnRlc3SCCXQ5MjIudGVz
+dIIJdDkyMy50ZXN0ggl0OTI0LnRlc3SCCXQ5MjUudGVzdIIJdDkyNi50ZXN0ggl0
+OTI3LnRlc3SCCXQ5MjgudGVzdIIJdDkyOS50ZXN0ggl0OTMwLnRlc3SCCXQ5MzEu
+dGVzdIIJdDkzMi50ZXN0ggl0OTMzLnRlc3SCCXQ5MzQudGVzdIIJdDkzNS50ZXN0
+ggl0OTM2LnRlc3SCCXQ5MzcudGVzdIIJdDkzOC50ZXN0ggl0OTM5LnRlc3SCCXQ5
+NDAudGVzdIIJdDk0MS50ZXN0ggl0OTQyLnRlc3SCCXQ5NDMudGVzdIIJdDk0NC50
+ZXN0ggl0OTQ1LnRlc3SCCXQ5NDYudGVzdIIJdDk0Ny50ZXN0ggl0OTQ4LnRlc3SC
+CXQ5NDkudGVzdIIJdDk1MC50ZXN0ggl0OTUxLnRlc3SCCXQ5NTIudGVzdIIJdDk1
+My50ZXN0ggl0OTU0LnRlc3SCCXQ5NTUudGVzdIIJdDk1Ni50ZXN0ggl0OTU3LnRl
+c3SCCXQ5NTgudGVzdIIJdDk1OS50ZXN0ggl0OTYwLnRlc3SCCXQ5NjEudGVzdIIJ
+dDk2Mi50ZXN0ggl0OTYzLnRlc3SCCXQ5NjQudGVzdIIJdDk2NS50ZXN0ggl0OTY2
+LnRlc3SCCXQ5NjcudGVzdIIJdDk2OC50ZXN0ggl0OTY5LnRlc3SCCXQ5NzAudGVz
+dIIJdDk3MS50ZXN0ggl0OTcyLnRlc3SCCXQ5NzMudGVzdIIJdDk3NC50ZXN0ggl0
+OTc1LnRlc3SCCXQ5NzYudGVzdIIJdDk3Ny50ZXN0ggl0OTc4LnRlc3SCCXQ5Nzku
+dGVzdIIJdDk4MC50ZXN0ggl0OTgxLnRlc3SCCXQ5ODIudGVzdIIJdDk4My50ZXN0
+ggl0OTg0LnRlc3SCCXQ5ODUudGVzdIIJdDk4Ni50ZXN0ggl0OTg3LnRlc3SCCXQ5
+ODgudGVzdIIJdDk4OS50ZXN0ggl0OTkwLnRlc3SCCXQ5OTEudGVzdIIJdDk5Mi50
+ZXN0ggl0OTkzLnRlc3SCCXQ5OTQudGVzdIIJdDk5NS50ZXN0ggl0OTk2LnRlc3SC
+CXQ5OTcudGVzdIIJdDk5OC50ZXN0ggl0OTk5LnRlc3SCCnQxMDAwLnRlc3SCCnQx
+MDAxLnRlc3SCCnQxMDAyLnRlc3SCCnQxMDAzLnRlc3SCCnQxMDA0LnRlc3SCCnQx
+MDA1LnRlc3SCCnQxMDA2LnRlc3SCCnQxMDA3LnRlc3SCCnQxMDA4LnRlc3SCCnQx
+MDA5LnRlc3SCCnQxMDEwLnRlc3SCCnQxMDExLnRlc3SCCnQxMDEyLnRlc3SCCnQx
+MDEzLnRlc3SCCnQxMDE0LnRlc3SCCnQxMDE1LnRlc3SCCnQxMDE2LnRlc3SCCnQx
+MDE3LnRlc3SCCnQxMDE4LnRlc3SCCnQxMDE5LnRlc3SCCnQxMDIwLnRlc3SCCnQx
+MDIxLnRlc3SCCnQxMDIyLnRlc3SCCnQxMDIzLnRlc3SCCnQxMDI0LnRlc3QwDQYJ
+KoZIhvcNAQELBQADggEBAGfZxjrjcjFw5FnJMzq7SIad+JpmvMar7VnzXj84hjoV
+FuUqiclqjg1KRD7aIh5M1VEQv+AAk8UP6jMrvLJpoi5OD8ljivNA8zycj1N/LhNq
+8MjZauCTS+tuXIoh5hOE/TQqY6cUxY4LRBLIFIcbH0FGF22amCtowMVbRoaUpPvr
+GR5OXPAS3yRiEWrp703c21o3hw9QckB82z7Lxnt3oOFPg62EFPXiqE07Wkw/1xH4
+J9yy45XW5A77kfel22hVs873QVHI+GkKoTPe/q6eQVgesR2vpDRytKDP9K4tK4KS
+6hqVxj6a8Eqund0izSV+UXkskc9iN6EPXvVTELo3hD8=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/many-names3.pem b/openssl-1.1.0h/test/certs/many-names3.pem
new file mode 100644
index 0000000..dbfa042
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/many-names3.pem
@@ -0,0 +1,571 @@
+-----BEGIN CERTIFICATE-----
+MIJqmDCCaYCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgmfXMRAwDgYDVQQDEwd0
+MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
+MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
+c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
+dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
+N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDUxM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTE0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ1MTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxNkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NTE3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDUxOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUy
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1MjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUyNUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTI2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDUyOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTI5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1MzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzMUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTMyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTM1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDUzN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTM4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ1MzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NTQxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDU0M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1NDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTUwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDU1MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTUzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1NTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTU2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTU5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDU2MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTYyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ1NjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU2NEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NTY1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDU2N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTY4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTcxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1NzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3M0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTc0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NzVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDU3NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTc3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1NzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTgwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTgzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDU4NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTg2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ1ODdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NTg5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDU5MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTkyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTk1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1OTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTk4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDYwMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjAxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ2MDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NjA0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NjA3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDYwOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjEwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ2MTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYxMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NjEzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDYxNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYx
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ2MjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyMUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NjIyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDYyNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjI1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ2MjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyN0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NjI4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NjMxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDYzM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjM0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ2MzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzNkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NjM3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzhAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDYzOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ2NDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NjQ2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDY0OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQ5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ2NTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NjUyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NjU1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDY1N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjU4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ2NTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NjYxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDY2M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ2NjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NjcwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDY3MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjczQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ2NzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0Njc2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Njc5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDY4MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjgyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ2ODNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY4NEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Njg1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDY4N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njg4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjkxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ2OTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5M0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0Njk0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2OTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDY5NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njk3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ2OThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NzAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NzAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDcwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzA2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ3MDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NzA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDcxMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzEyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcx
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ3MTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcxN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NzE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDcyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzIxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ3MjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NzI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NzI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDcyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzMwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ3MzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDczMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NzMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDczNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcz
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ3NDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NzQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDc0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzQ1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ3NDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NzQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NzUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDc1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzU0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ3NTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NzU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDc1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ3NjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NzY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDc2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzY5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ3NzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NzcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Nzc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDc3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzc4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ3NzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NzgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDc4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ3ODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NzkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDc5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzkzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ3OTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0Nzk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Nzk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDgwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODAyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ4MDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgwNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0ODA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDgwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODA4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgx
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ4MTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0ODE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDgxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODE3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ4MThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0ODIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+ODIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDgyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODI2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ4MjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0ODI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDgzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODMyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgz
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ4MzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgzN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0ODM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDg0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODQxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ4NDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0ODQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+ODQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDg0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODUwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ4NTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0ODUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDg1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ4NjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0ODYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDg2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODY1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ4NjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0ODY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+ODcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDg3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODc0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ4NzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0ODc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzhAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDg3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ4ODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0ODg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDg4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODg5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ4OTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0ODkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+ODk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDg5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODk4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ4OTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0OTAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDkwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkw
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ5MDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0OTEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDkxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTEzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ5MTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0OTE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+OTE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDkyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTIyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ5MjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkyNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0OTI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDkyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTI4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkz
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ5MzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0OTM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MzVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDkzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTM3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ5MzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0OTQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+OTQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDk0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTQ2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ5NDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0OTQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDk1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTUyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ5NTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0OTU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDk2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTYxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ5NjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0OTY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+OTY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDk2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTcwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ5NzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0OTczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDk3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ5ODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0OTgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDk4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTg1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ5ODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0OTg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+OTkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDk5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTk0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ5OTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0OTk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDk5OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMEB0
+ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0
+MTAwMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwM0B0ZXN0MRkwFwYJKoZIhvcN
+AQkBFgp0MTAwNEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwNUB0ZXN0MRkwFwYJ
+KoZIhvcNAQkBFgp0MTAwNkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwN0B0ZXN0
+MRkwFwYJKoZIhvcNAQkBFgp0MTAwOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAw
+OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMEB0ZXN0MRkwFwYJKoZIhvcNAQkB
+Fgp0MTAxMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMkB0ZXN0MRkwFwYJKoZI
+hvcNAQkBFgp0MTAxM0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNEB0ZXN0MRkw
+FwYJKoZIhvcNAQkBFgp0MTAxNUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNkB0
+ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxN0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0
+MTAxOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxOUB0ZXN0MRkwFwYJKoZIhvcN
+AQkBFgp0MTAyMEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyMUB0ZXN0MRkwFwYJ
+KoZIhvcNAQkBFgp0MTAyMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyM0B0ZXN0
+MRkwFwYJKoZIhvcNAQkBFgp0MTAyNEB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57
++EWssZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEix
+oiXCzepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lq
+Z1Aky+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRz
+YeIs2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTO
+gnmET19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABozUwMzAOBgNVHQ8BAf8E
+BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
+9w0BAQsFAAOCAQEAtMIpnGzOBkJXEBmCsRVbTrg9QgYRlGPG48+cXT2QbIutAmbj
+miF+OYg/bRsQtuqcKjnJYog+x6UCU3d34jaMEfEXfHSwF7xPQrqJm45MXhG3so4E
++el5GMAS+SKFQK3w8NPoGhGwn82sz4XV6HMG+ANUxMlCrOcx2jh5UW+7ITjdRwJd
+ReJ/JaMpneJdwGFSU9Vn+t7PFb51/pOYqO/PuEANzphovjMVcFZ6mtAQwYDkQZBJ
+Vy1/7bPoNmbKD0GAS6HpS+xaJ/DnjjD6Kal2T7GMyvRMogj5BeZ/uEkXCEhvoaBT
+os1gaqqnGpZ6JSEDctzjgpCtEPR40yiz1wv1CA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/mkcert.sh b/openssl-1.1.0h/test/certs/mkcert.sh
new file mode 100755
index 0000000..ee31bf0
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/mkcert.sh
@@ -0,0 +1,254 @@
+#! /bin/bash
+#
+# Copyright (c) 2016 Viktor Dukhovni <openssl-users@dukhovni.org>.
+# All rights reserved.
+#
+# Contributed to the OpenSSL project under the terms of the OpenSSL license
+# included with the version of the OpenSSL software that includes this module.
+
+# 100 years should be enough for now
+#
+if [ -z "$DAYS" ]; then
+    DAYS=36525
+fi
+
+if [ -z "$OPENSSL_SIGALG" ]; then
+    OPENSSL_SIGALG=sha256
+fi
+
+if [ -z "$REQMASK" ]; then
+    REQMASK=utf8only
+fi
+
+stderr_onerror() {
+    (
+        err=$("$@" >&3 2>&1) || {
+            printf "%s\n" "$err" >&2
+            exit 1
+        }
+    ) 3>&1
+}
+
+key() {
+    local key=$1; shift
+
+    local alg=rsa
+    if [ -n "$OPENSSL_KEYALG" ]; then
+        alg=$OPENSSL_KEYALG
+    fi
+
+    local bits=2048
+    if [ -n "$OPENSSL_KEYBITS" ]; then
+        bits=$OPENSSL_KEYBITS
+    fi
+
+    if [ ! -f "${key}.pem" ]; then
+        args=(-algorithm "$alg")
+        case $alg in
+        rsa) args=("${args[@]}" -pkeyopt rsa_keygen_bits:$bits );;
+        ec)  args=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits")
+               args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);;
+        *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
+        esac
+        stderr_onerror \
+            openssl genpkey "${args[@]}" -out "${key}.pem"
+    fi
+}
+
+# Usage: $0 req keyname dn1 dn2 ...
+req() {
+    local key=$1; shift
+
+    key "$key"
+    local errs
+
+    stderr_onerror \
+        openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
+            -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \
+              "$REQMASK" "prompt = no" "distinguished_name = dn"
+                      for dn in "$@"; do echo "$dn"; done)
+}
+
+req_nocn() {
+    local key=$1; shift
+
+    key "$key"
+    stderr_onerror \
+        openssl req -new -"${OPENSSL_SIGALG}" -subj / -key "${key}.pem" \
+            -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \
+		      "distinguished_name = dn")
+}
+
+cert() {
+    local cert=$1; shift
+    local exts=$1; shift
+
+    stderr_onerror \
+        openssl x509 -req -"${OPENSSL_SIGALG}" -out "${cert}.pem" \
+            -extfile <(printf "%s\n" "$exts") "$@"
+}
+
+genroot() {
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+    local skid="subjectKeyIdentifier = hash"
+    local akid="authorityKeyIdentifier = keyid"
+
+    exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
+    for eku in "$@"
+    do
+        exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
+    done
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+       cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days "${DAYS}"
+}
+
+genca() {
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local cacert=$1; shift
+    local skid="subjectKeyIdentifier = hash"
+    local akid="authorityKeyIdentifier = keyid"
+
+    exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
+    for eku in "$@"
+    do
+        exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
+    done
+    if [ -n "$NC" ]; then
+        exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
+    fi
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+        cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
+	    -set_serial 2 -days "${DAYS}"
+}
+
+gen_nonbc_ca() {
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local cacert=$1; shift
+    local skid="subjectKeyIdentifier = hash"
+    local akid="authorityKeyIdentifier = keyid"
+
+    exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid")
+    exts=$(printf "%s\nkeyUsage = %s\n" "$exts" "keyCertSign, cRLSign")
+    for eku in "$@"
+    do
+        exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
+    done
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+        cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
+	    -set_serial 2 -days "${DAYS}"
+}
+
+# Usage: $0 genpc keyname certname eekeyname eecertname pcext1 pcext2 ...
+#
+# Note: takes csr on stdin, so must be used with $0 req like this:
+#
+# $0 req keyname dn | $0 genpc keyname certname eekeyname eecertname pcext ...
+genpc() {
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local ca=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n" \
+	    "subjectKeyIdentifier = hash" \
+	    "authorityKeyIdentifier = keyid, issuer:always" \
+	    "basicConstraints = CA:false" \
+	    "proxyCertInfo = critical, @pcexts";
+           echo "[pcexts]";
+           for x in "$@"; do echo $x; done)
+    cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+	 -set_serial 2 -days "${DAYS}"
+}
+
+# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ...
+#
+# Note: takes csr on stdin, so must be used with $0 req like this:
+#
+# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ...
+geneealt() {
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local ca=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n" \
+	    "subjectKeyIdentifier = hash" \
+	    "authorityKeyIdentifier = keyid" \
+	    "basicConstraints = CA:false" \
+	    "subjectAltName = @alts";
+           echo "[alts]";
+           for x in "$@"; do echo $x; done)
+    cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+	 -set_serial 2 -days "${DAYS}"
+}
+
+genee() {
+    local OPTIND=1
+    local purpose=serverAuth
+
+    while getopts p: o
+    do
+        case $o in
+        p) purpose="$OPTARG";;
+        *) echo "Usage: $0 genee [-p EKU] cn keyname certname cakeyname cacertname" >&2
+           return 1;;
+        esac
+    done
+
+    shift $((OPTIND - 1))
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+    local cakey=$1; shift
+    local ca=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+	    "subjectKeyIdentifier = hash" \
+	    "authorityKeyIdentifier = keyid, issuer" \
+	    "basicConstraints = CA:false" \
+	    "extendedKeyUsage = $purpose" \
+	    "subjectAltName = @alts" "DNS=${cn}")
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+	cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+	    -set_serial 2 -days "${DAYS}" "$@"
+}
+
+genss() {
+    local cn=$1; shift
+    local key=$1; shift
+    local cert=$1; shift
+
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+	    "subjectKeyIdentifier   = hash" \
+	    "authorityKeyIdentifier = keyid, issuer" \
+	    "basicConstraints = CA:false" \
+	    "extendedKeyUsage = serverAuth" \
+	    "subjectAltName = @alts" "DNS=${cn}")
+    csr=$(req "$key" "CN = $cn") || return 1
+    echo "$csr" |
+        cert "$cert" "$exts" -signkey "${key}.pem" \
+            -set_serial 1 -days "${DAYS}" "$@"
+}
+
+gennocn() {
+    local key=$1; shift
+    local cert=$1; shift
+
+    csr=$(req_nocn "$key") || return 1
+    echo "$csr" |
+	cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@"
+}
+
+"$@"
diff --git a/openssl-1.1.0h/test/certs/nca+anyEKU.pem b/openssl-1.1.0h/test/certs/nca+anyEKU.pem
new file mode 100644
index 0000000..b97a455
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/nca+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB
+AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs
+X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT
+3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw
+AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF
+wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT
+X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/nca+serverAuth.pem b/openssl-1.1.0h/test/certs/nca+serverAuth.pem
new file mode 100644
index 0000000..b97a455
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/nca+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB
+AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs
+X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT
+3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw
+AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF
+wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT
+X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ncca-cert.pem b/openssl-1.1.0h/test/certs/ncca-cert.pem
new file mode 100644
index 0000000..a79bba6
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDcwMTExMzQwMloYDzIxMTYwNzAyMTEzNDAyWjAVMRMwEQYDVQQD
+DApUZXN0IE5DIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuWS
+Ozk+X7+BorU9o4nDc9jhk+Qajzav6yRFpJFlnxL5I4Az3wQiHFwyDWkR58FKYFLx
+adAahUYRIJioBwUhKEiMyJcT/Lr+lxioQog268nCUosqr5r3iaAQkXj9j49HXIdo
+qD+hbMH/82IqYP7vpJl8yvjRCZQ69KJZOQN4F4rHtUxJYLLmmbeIF02uNNib5hiH
+m3sdn1ic2Cxk1h1mHQqa5fPfKz2NSANKRYVQcOYiFSwroNFbgKo7++N59NGgYY0a
+n5uz+MZh/10+PsRF7WFsxt0TdExv++mN1fFRkBB4fD7fFp+52Qef27lv37X2JT5U
+C2gpXXUWQC8jJIijPwIDAQABo4HUMIHRMB0GA1UdDgQWBBRh7exLM2xCRHrP9Slp
+oxYhlykaqDAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMB
+Af8EBTADAQH/MH4GA1UdHgR3MHWgOzAOggx3d3cuZ29vZC5vcmcwC4IJLmdvb2Qu
+Y29tMA+BDWdvb2RAZ29vZC5vcmcwC4EJQGdvb2QuY29toTYwDYILd3d3LmJhZC5v
+cmcwCoIILmJhZC5jb20wDYELYmFkQGJhZC5vcmcwCoEIQGJhZC5jb20wDQYJKoZI
+hvcNAQELBQADggEBAEFkGH/0mh93mMCWZ1QZOhlK48arnco0wjC5sYcVX5X/PoO1
+2DmHFiyHmHablH4d8uWUt9A63Akt0ogIPL4R0I3nOkUU38A1geXruSJDlDVsH75/
+MT7RVRTqJriVwqX6YlAVj2i0De20BLgyZiN3WaR+nngVC7JjdY+n1qskGByEWrin
+pwDVdFtWBTPDq1Nh9sm3FewrfOws7KQvjf0Pj88PIrNEDZm9SR512eH7EFPMvHJv
+7usU33GL34VRZAYtspQ5EwZbspHXe1FFwdhZLr71gChGeNpDfpqVDQQxhDNor7uQ
+z8L+Xuh7FvhjFgCp1Mnd6VN1q2Pwt5sG8Z3i29Q=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ncca-key.pem b/openssl-1.1.0h/test/certs/ncca-key.pem
new file mode 100644
index 0000000..d085541
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa5ZI7OT5fv4Gi
+tT2jicNz2OGT5BqPNq/rJEWkkWWfEvkjgDPfBCIcXDINaRHnwUpgUvFp0BqFRhEg
+mKgHBSEoSIzIlxP8uv6XGKhCiDbrycJSiyqvmveJoBCReP2Pj0dch2ioP6Fswf/z
+Yipg/u+kmXzK+NEJlDr0olk5A3gXise1TElgsuaZt4gXTa402JvmGIebex2fWJzY
+LGTWHWYdCprl898rPY1IA0pFhVBw5iIVLCug0VuAqjv743n00aBhjRqfm7P4xmH/
+XT4+xEXtYWzG3RN0TG/76Y3V8VGQEHh8Pt8Wn7nZB5/buW/ftfYlPlQLaClddRZA
+LyMkiKM/AgMBAAECggEAfZqBDKMrkArDvUPIes9gfZU1vm3ul4kZ98wO6Ra519dT
+zVTNOx+n5WVhdPxpd4uGmztG5a3Jg57AjrUbM64WKAtElffkTkD352AoOOMp3eNa
+PwL4lzNLXP890CjTO9FMZZyr4hrO9FkQCrTkdojjnI6V4iUHpQPdFrh7Lz8/553v
+sfbXW0o6jRtnN8jslLs7LQY+n0QQeLuvwrJGJRdQSfubtjTOYzlE/WZJmitJMi2X
+0qnoVK5B91bo3NcdFxstSgv36RL5Txsas8PfXWrFzPxqgjPjlpw1xMrF5bT3rK72
+oPB+/HunqIJc0OHHs2mi38Jea0yBCaJHzniAp2INcQKBgQDLjP5STKvu+SSZGpBp
+T3m+i6hbmo1HzYZBSi9jJiyGB8G50G5rbGJ0c/BgjfkhfRhmJ5Ym4NVVgxQgrMHe
+pFP5L4yDtspFwbRWuuYHoWFupUbqnZfksDHB5xQHFbJPFKBQOKBgM4crDG6PTnYO
+2M+fNlY7IL/QTlJxUHYH07CPGQKBgQDCzytixBLPB/mmIZNhwyK8pyecu6tCEpBi
+QiG/gcaLejXMwGieTiZQ/5sCG+oQWywFXqbPsgQ/gAlXsZ0yZ5GW7TTtsOGksnmt
+W1+bxQQ3Pv99wpg/G71SLdK0em5lAodCT6gccqjbKRj23sRnmL+M2GeEGI5hsNyC
+OFmyYisIFwKBgHLNk8cRLUu8QzMC834h8BVTKWJ4+cQMm/MJB08Rgb0adN37O7vk
+xmbN2T5r9J45suAy5ZIJ7uiq5FhFd5a98gqyEbtcBhtv0+mywfh9wbkpCKVcuwWl
+hnrJfNc+GnJVvNFiDroTdeIGwfiblSRsjjVK7TmuD+FJu1/jtJ5Xe9ZJAoGASHwP
+N5ufJ/ter6r0jL6vsSQ8//twOJBxuq3CouAlwQYC+KFrC+QmK6M/yOQcDmPuGD1k
+sgkZvYrlbwS+ad/Rcyfltr9G5iImVhOWmn4PGINPSzrZrTmkEuzL5q1bYCg1rb23
+3oXnQEylZk3zJFzYgQ6QTb1ZVQ4arjVLYq1WN5cCgYEAxRBqa8ZfwlS5D6bBNgn3
+DDCwz2kZNXG5U3wIw905NNrpUC55W33qcKe9UzoRZEOzuUjq3EL2maMrJULldLGy
+g+elvsZhz7cfmestY2cnbxExqwrTrLWfA8s9Hyl7i9tkfRze5WfhNGc3kwm1qrVG
+5zFZgtb/mTLnvQVIYCX9ks4=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ncca1-cert.pem b/openssl-1.1.0h/test/certs/ncca1-cert.pem
new file mode 100644
index 0000000..1f7f52e
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca1-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
+DAxUZXN0IE5DIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
+XjL5JEImsGFW5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rF
+mChzN9/+LA40/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9
+bhxlOk7ADw4e3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgB
+VZfkoxqesnjD1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiO
+XawU1QnkrNPxCSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTq
+fedLPvNw1WPryAumidqTAgMBAAGjgbIwga8wHQYDVR0OBBYEFAjRm/nm1WRwoPFr
+Gp7tUtrd9VBDMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
+EwEB/wQFMAMBAf8wXAYDVR0eBFUwU6BRMA6CDHd3dy5nb29kLm9yZzAKgghnb29k
+LmNvbTAPgQ1nb29kQGdvb2Qub3JnMAqBCGdvb2QuY29tMAqHCH8AAAH/////MAqH
+CMCoAAD//wAAMA0GCSqGSIb3DQEBCwUAA4IBAQDRpRo9txGcsPsfBInz2ctvl37p
+a7DcrFTSLltADj+7/80OwYBtdmxiU9OfuETxdq5XbkghlmBGrDswtGHhcoDnSugm
+2n3Ov0YOQHYgStGYEsmXahjZ49Xlh8gzt9NBfzJIm6blBpJo845Z0cbzd1LdCgt/
+ck83nGnLvhIEZ3nFrT2K9vWQ3UkrFMfR3gCZpu/2X3+5UgK9IpGU+crDcGUcpdoz
+YaJka2w7rjw0mvQX8JtVBRt4xGRRAXXL2YA421nIzX7tKLHngYp6V9zu7QE2G5zS
+RewAXU3TERFQi4bF+N9mmwj8z9CYClRH56uFboGGBEGSulsbF5C4DB0p7dbl
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ncca1-key.pem b/openssl-1.1.0h/test/certs/ncca1-key.pem
new file mode 100644
index 0000000..eef6b14
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCXjL5JEImsGFW
+5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rFmChzN9/+LA40
+/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9bhxlOk7ADw4e
+3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgBVZfkoxqesnjD
+1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiOXawU1QnkrNPx
+CSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTqfedLPvNw1WPr
+yAumidqTAgMBAAECggEAcIZCclQYa/eO0tW72ZppdrsEDQWZyK8yn33Y14TZIZnh
+Go9egumcRC/I2gtW/dx8NtqpCFMfvTFaJDnfkdm2KQmba04d9tsk+BgbqPkzD4X+
+UPinBI2OVma2Z+eXfQZ9/7lgfQYtkyjkHuAaLxe59fOxqUK7iIgkrpa+xDc5bvkR
+v3e/ipJ1lrLn7aaQUR87wIkG9hs5UpRHiTd8PgaVavX8SdeXsOChv89owIKya2d3
+HCZiFVPwHrn7FVmDD41sllC78r+qvsyRs1j9aU5hGk8XlslxrYehphCCUHTUWRfM
+Mc6iSzuJyHFj1faOSs64eab5FLWp612S709vcfhSqQKBgQD7ycj2VhoPII6sko+k
+iUS0hzX7qC17cP4RmqGKbyffNW0L5B5+XmqBrw13duSv7O388F9P0+ctxbLgg6ML
+2r0PxkNTNISJim+vWbwMAFevJ9mzsOMRaPZKqx1MghWJzjR2LdPD5x9nHrYi7uUC
+NJe6R6pjtPCSU4yMLgu0IOEm7wKBgQDFnocCLCNiHwaJZ0v1wgSpQmYcE6MOKp+1
+SqOAsWwRtEgMQFoAEC3gGotm0BYF0fwSbM8XFFWqO2NITSV7b8/RkADocvvHWfQN
+d/ETJy3iL1UZgr012jwa91VuhL4XbqON+CAZSgwmVnOhTaXg1imuorHrwR6f1JzT
+F9EQhiqmnQKBgCmsYS2cXJ3KVrLrYwjpi0yR4HZxhG2c6wBA5qHB+ghwkEbaj818
+lQY30fPG4tzXSyCFLFFLEkU6JnwQbYkFwCr/Np9r3s/g8NFF+eDGobykzNx3121H
+QRRks+m40hXH4lj5Bsay1zi7FYw8m/y8daxoNiRgizy8xVNiP5+lnX5TAoGAQ4bJ
+50ohxROI7kanxBBJ+3Q+4/Up0FtsO0yH1h/KJ7qMq/MJTeA5bMxlOfp8q/x2v+0C
+ToaaRxMH99q0phsszhUA2mz/77yjEj8b10mZ+iHmWFM+SDqMM0K0pJEjS2p45LgW
+b83HnQoJdOLNfahwkcXyOfbBeifydoc63wSZalkCgYEA2gNC+Fvtzv/Zm6yj6M2j
+RdU2Ncbi3fAKCiOhTcsXSWi0H7IYi/r8Su48946X7GTLgZIFM4HlGbQaStX5MUbJ
+BjtOyYaUGjzH/7KKiuyuoLVuWWi4llV+Xigc+WSqO5X/DUmjXA9ldbB5/vcDiHk0
+QZ/pla7vZ4cbNPFd2cFHk84=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ncca2-cert.pem b/openssl-1.1.0h/test/certs/ncca2-cert.pem
new file mode 100644
index 0000000..2b649a2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca2-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
+DAxUZXN0IE5DIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
+Dg3FeyXgtP6MAYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM
+2LATVNS9UHybb/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTl
+OeUAj7Wd+a2paAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqw
+PJd8X8nMtM320ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUn
+CuYevJJwkfiHeg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExV
+mlM6af1eIjgLhKGAd9cZAgMBAAGjgaEwgZ4wHQYDVR0OBBYEFLoDn50GJKRX5nP6
+9ToJ+bqFzKn6MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
+EwEB/wQFMAMBAf8wSwYDVR0eBEQwQqFAMA2CC3d3dy5iYWQub3JnMAmCB2JhZC5j
+b20wDYELYmFkQGJhZC5vcmcwCYEHYmFkLmNvbTAKhwgKAAAA/wAAADANBgkqhkiG
+9w0BAQsFAAOCAQEAlqqhiquvukmLApryy5ztoy3bGtF6S6k/MGAZAf1ndxpdhHNX
+vQmjSrFL2IPENwTrPd5T1Muf5C+ZfX/NOf6QWoF3kbD/98K1vfEa6C+3fgsflUQu
+1Tu20ItN2C7VkMawOhItxBXU9nLcIULUJye0dRC+xvh1ECHiLBh45y/fG0bdZGpd
+/NajC+1FwBGI2k62mbW8KGpNDKeJWwcDe4SsMs70Y3JybCj5PNO63JF6db9yZGF3
+2esHfYJ1NQTA9oRsOztlf+PQADQx/HoCJ/BhJSuOcBL/r9uN+YQUtBzG8BKGODE3
+aOrnkbDctDI3zZXUADTidBVxO5HzizGlRGodSQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ncca2-key.pem b/openssl-1.1.0h/test/certs/ncca2-key.pem
new file mode 100644
index 0000000..03eae6d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca2-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8Dg3FeyXgtP6M
+AYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM2LATVNS9UHyb
+b/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTlOeUAj7Wd+a2p
+aAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqwPJd8X8nMtM32
+0ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUnCuYevJJwkfiH
+eg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExVmlM6af1eIjgL
+hKGAd9cZAgMBAAECggEAT1t+5D87lL/MSzi5ljuCOS9u4a6qJK9ZJJzFfv5jjH0D
+yWGYHsuHprMukHj+ei1yls06QG4j+F/mtZFljY2eJMVdrI3bA+ZJRevK3RoEDm0+
+UKSDyc6scIOz2gu9Gv6NYM41nS8H7UpXxo1peGuWaQANK6XR0PO9fDni0Y7+a1vc
+mTbiI5m2mKcYRgLmDBXzTGANszBdgGK9UxHL+Jx+j04ZdcMSg3b/OE1RAZr9zS86
+2CiZgcEVdddXjQ0HufkeG7gozyX7Y4JulLuqLZiROyHiIv+8kXLyLi7MUBFuizKP
+GdmJxGhYfbYVLU5KXsLjf/oakYroatxabonn4HnpoQKBgQD3zhL2dEuyhPwxpGHu
+53hpZmNSbLj7pT441t4WwraoV8SyOb195yeX77IVT1FSctmYi2txXdfe1MAseKcf
+8P7XuWchEnro5dE7sTcZ4M3uLMDsEFPkWyRz3Y+CIg6IjMz0JsByyVVa8f4Kjw9G
+99ceZPd+M16YNwYgj/1GB9HOBwKBgQDCRiIlWz8BPnY6xltQPSC4AXffD4V5pzOo
+/b82y6+aeCvzwZGcXz9ac3fbRkiOKdPa0b+mYm/ZTpO0XIMALkpsQRN5Jnt5UeaP
+J3n7IAS13Gy2gDXuRrllXbbRZI4VPiI7gADzYYpu68sBnJwH2FC0w2l96Gj6woCI
+POoClgfp3wKBgQCMLqWHig5wdM59/rHwBj2V0ngJXrvej4H9gX+tfIT8AnqhIAzU
+Nnmtd8lUSMSGUbZKl0Q2o5HE2rHD9pUEer6PprBygxPIwIl2rS+wkf2s6OBSKoJq
+wiyC5ymRwlZaZNxkma9wv/hrNE40Bu3rhbTJ2vAvEjxG+4mZzhrHDRFg7QKBgGCK
+6b0WsyCzIZ3jpM0jE3ddg2xeEj56ULnSH4vjfMiOn4jq0Kmcy6bvasiVDMlZD+bW
+BR9yG5Mp8UzYDGGyn1lcnYi/Du0jPig1vfCF4NFfUMcAv8xBaTBuecNk7RaxYeGf
+otlPx7OHicKrSP69CJ5L3cisDj9PGQCbBM90L0qRAoGAcXUoDdI+EYBBqxIOXvvl
+ZuSOyNPZHwcPw+918uSpuh1xSn/qGD6EdlsBRIxBGk1ztQDNfhOmpFiPSeCmFzhS
++IEy2NMVWRoJTaVwN2UzpKfyDRIzs6DWTs8fJARNDWO+lp04skToFRPdY5L6RJhP
+dl0yHofPTNUz2lLmMOhTOw4=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/ncca3-cert.pem b/openssl-1.1.0h/test/certs/ncca3-cert.pem
new file mode 100644
index 0000000..207c7a7
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca3-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQzCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMBkxFzAV
+BgNVBAMMDlRlc3QgTkMgc3ViIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAu6gOQAcNel3NCbWCctR4Y4BqRNPbo6W3HpFyY+204kGimdNZvE2zkpfs
+HR6PB7AHUvq+44+NN/l1J//JkT/9rFVoGDbb/L354US/iBJ3zjBSqeeXvofSmsvf
+6+x6g9W7bFLETJ0mH+vjPQ2f3dS4O4Lc7W3HsldR/WUkesQb3+FsxBph6/84vylM
+oSsScd/2HFD7lrt+Fk1DGqkMI10tl6PozREAxSJgSFLUtr2P15a7wyi4m5LBM4+L
+YKMr/vuj7wFtH2BEwh2iRbJ2wYxxjKV42Hg+6l5XlahVr2rTpK6aP9R8spg+Og/P
+A+d2shD3+q6OkglEyq9rRGa2mRZrwwIDAQABo4GVMIGSMB0GA1UdDgQWBBTwU4mH
+3VYZwBnmIFVvC/wUFdejsjAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQ
+QzAPBgNVHRMBAf8EBTADAQH/MD8GA1UdHgQ4MDagHzAOggx3d3cuZ29vZC5uZXQw
+DYILb2suZ29vZC5jb22hEzARgg9iYWQub2suZ29vZC5jb20wDQYJKoZIhvcNAQEL
+BQADggEBAMIXGpXdI4jpDzPkqJIoDtAC4KQlC8fm8nW/fEgfHiOZgGHsCkjcvpFU
+4yQ/ito9qlV4d4SoWLQijc5eJmTvWQKvHfZNCM9nKWQCY/QDMMePT2UO8RLHjkI3
+V2ARfrFv9NEQ8gd7u0dvsGivacE0vlIS480saVVnda54gOHh5RVe1/mr3EUqnQJr
+RTothfmTcCH104SUBUB92gD9Cgh3NpvRS/sZI1pv3diUyw1QF9qszWfk1NPDan4g
+hX6VBeHQ4n6PbZLhdbUawE1tVyoN7Q7siz/ybNH0Uj68k87q+HOIx99Qtihw6xoj
+UhL2ht4Pmyhy3ACeEI2BTZESEzG/WBI=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/ncca3-key.pem b/openssl-1.1.0h/test/certs/ncca3-key.pem
new file mode 100644
index 0000000..3277dd2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/ncca3-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7qA5ABw16Xc0J
+tYJy1HhjgGpE09ujpbcekXJj7bTiQaKZ01m8TbOSl+wdHo8HsAdS+r7jj403+XUn
+/8mRP/2sVWgYNtv8vfnhRL+IEnfOMFKp55e+h9Kay9/r7HqD1btsUsRMnSYf6+M9
+DZ/d1Lg7gtztbceyV1H9ZSR6xBvf4WzEGmHr/zi/KUyhKxJx3/YcUPuWu34WTUMa
+qQwjXS2Xo+jNEQDFImBIUtS2vY/XlrvDKLibksEzj4tgoyv++6PvAW0fYETCHaJF
+snbBjHGMpXjYeD7qXleVqFWvatOkrpo/1HyymD46D88D53ayEPf6ro6SCUTKr2tE
+ZraZFmvDAgMBAAECggEALp/Lopbd/2gs2FuzpIoruzUdsiodKSS0QbELhc56obiD
+CMsdQY7grex3Kqj8CoHu3+wS34E8Kgsd06lW0HLguR+jNFj1AW/GFPU6zTkhcSZK
+c5Jp/lnKttEuunRP4E+LOJe70/k7jrTSCcpHzRrcB1U1RPyAoEvXwCiQDryI3G+9
+jDw1vUvQTlb3u/0j798N8a13ahi2cepauOrxS/Si0fHt9LxOnaRfVJWyQ5hmyh0j
+MFpAzpqGtI6hlq0HO0Kzu+zFIl9POcrMyAjPdfhIR7zC+pHsyOGXsRpRU0HKHQfC
+ukImc9wZ9xy2/lQVwWJnjksaZfM6qVG5IOkpIUskIQKBgQDtnhkkGo4BlGA/yCY+
+2Vt6dZOBEtJlqBVzL4Us0B5PLqE4L09r5pTil7pep8itM5u5Bn1zio839Q0iUDxc
+omfViJA/y/eJb0trLZXKen8QUcVkBvB4VL4vVPjULcKCpWPNcop2toJDJdDZuSvR
+DQUYvkd22MlBCg3YCVcDGPXisQKBgQDKLIB2sSwTph6XjBPnsC3br11ymSog5RAq
+zXpnBczre1CT7dLixbJP6ISbVJwlDrvFum33r3hEOUDE5BZo2aVyQoZ6tPTmIfkG
+C14xsnvyuGYBTWemd7dyt2rXbvZaq0a3U1IHxt/KQlj99DrSASyfKH0Hk44EZ3dS
+wsi7Vq4KswKBgAr7dKQDii6ugehQwtvCxgSZ7JBZo1nJc/xX5OrWT6BPQmpLXXta
+M+VpJ9b6ID9JFFhv4Vp2u/nVHJ9KYA/T/cKTxj78mVtDxpOUjsjF8pt5fAsMew7E
+s+mSHtIHr2bEaCF1usqT0t9xnv6BHXJTDLpBCSKIEH0uDse+XsQo4ixxAoGAVjgm
+TPf/8R0+HKkrb/pNhEvEUXQKaF7nxyk8EyWBH8fGNGAPOJDRG4zwyIGL2a3v3EJG
+VYPqiUXVXmJbQDnZeeHvEfOMIXzJg49ji1Qv0fJb5iBJnM+fV3frQ5bZzw8OKG6L
+JC/nDo2/AAag8yB3FCUjNRDzVuN9Grlg+6vaq0sCgYEAnpSh/EA1lxKpHFs8dh8l
+qtoKzBZzBFODMp8avJVYUYI3oVjm4CUXKbMdSNgQiFjfWKe6I0vzFxhIBOEI+5JR
+N29VMjeFxgXkD4qmz6qjCZr9tmJiiu3tMJfW13D94U5RKi5OFAzlPxtBLe+sx6nq
+NXMk2XIx1ndW+uWUjtU0EQc=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/nroot+anyEKU.pem b/openssl-1.1.0h/test/certs/nroot+anyEKU.pem
new file mode 100644
index 0000000..395b844
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/nroot+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3
+DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS
+fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh
+836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/
+6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi
+KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq
+m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVzMAgwBgYEVR0lAA==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/nroot+serverAuth.pem b/openssl-1.1.0h/test/certs/nroot+serverAuth.pem
new file mode 100644
index 0000000..7b84f26
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/nroot+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3
+DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS
+fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh
+836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/
+6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi
+KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq
+m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVzMAwwCgYIKwYBBQUHAwE=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/pathlen.pem b/openssl-1.1.0h/test/certs/pathlen.pem
new file mode 100644
index 0000000..c0ef75e
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pathlen.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/pc1-cert.pem b/openssl-1.1.0h/test/certs/pc1-cert.pem
new file mode 100644
index 0000000..e0a373a
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc1-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTAgFw0xNjA2MTgxOTU0MzZaGA8yMTE2MDYxOTE5NTQzNlowKzEX
+MBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNVBAMMB3Byb3h5IDEwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeF5hc7UW6KtJ/26YrZTeG5Pu7FrPd
+9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+bxngsRX94+puCbdp
+DCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88yfI+0Y2qmGWpvl3Pc
+ijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE363iLanJL4Ph781u
+/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0HsezGdcodiZqzs39
+mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQVHgyF2ONAgMBAAGj
+gYowgYcwHQYDVR0OBBYEFNOib4aG0AVcbb7pbh224iVD3Jx8MDUGA1UdIwQuMCyA
+FOeb4iqtimw6y3ZR5Y4HmCKX4XOioRGkDzANMQswCQYDVQQDDAJDQYIBAjAJBgNV
+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ
+KoZIhvcNAQELBQADggEBAGCPfyKX74TwnX7sakAKq+IY5qbFnUAupiACsoqNyf2C
+J6/wsAHz51SA69UcOmQsLCtBzvr11Mh9tFG6uqAquMifP6Cx3274sHCglb5BYFQX
+eOwSc30FyaqUZzCWKHRjuzdBUUplS2NVl778xLEbWySLkpHehp7Hpj6mBT9lLNyw
+6L2ZXJcBmxCSB6+aKJ0v4h3wrTNkbYh1Pz9sQqKMgnK+dC5xNmQWWzaVnAPERmbT
+/11HRF2cGE6OKVmPrksI2NVOe0S0BmL2UwIeO1mIoQikJlOlCsa6QHS7KNQKGtrV
+0Z/z5ahapEq7+wlyrw+lsZf+rBKFzwbowl1K2YJva9Q=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/pc1-key.pem b/openssl-1.1.0h/test/certs/pc1-key.pem
new file mode 100644
index 0000000..d879dbc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCeF5hc7UW6KtJ/
+26YrZTeG5Pu7FrPd9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+
+bxngsRX94+puCbdpDCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88y
+fI+0Y2qmGWpvl3PcijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE
+363iLanJL4Ph781u/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0
+HsezGdcodiZqzs39mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQ
+VHgyF2ONAgMBAAECggEBAJtfoTUjVPYlBAD5RRU9QxdmkSlMpLYucsnw7x7WWPi+
+ncL4Cv+VXoNY8klAIUO3F3+puGP3PWP7xS8uTgaQxIZkq5A+KG4rqsJbhgyyistC
+ENTazuEi+/rLi+GELl42SoK9KluXQXlkjaSW2z10v+pC7GKEPTCw/blzZgAvkLKZ
+ykQgEEyKf/kNR4+exiJqdBi8gp0cB1+WwBYqYitNKahhf9sFjcLWhj8umYN/+Hb4
+6hH+8JMaHm0G3DvBUIGTkuUQVZB+BkOG7DRivgwNCFlUqvA100JGhoVnBoqj2pan
+eD7TtJfIW7UMoXFr0qCMMGvUXnhJb2v01oxpQTfBLEECgYEA0Ys2RjxUAQmh8j90
+jRV2dI/zL5t1NXxfSTn7JmLp2r2SEWfxiXwCs2bly6J8Xr07bY8DeM6+NfmQ7en1
+pdwxorIROhXRI2X6ZIdIfLwRw+l2TrQVzqgSnUI8GnU3gy57m1QLrcRW9Gxv7r1j
+DjlRMtf828C7oUd+2h0rXY6DeMUCgYEAwSQ20OJy9qDvT569cOMADgvZRKjU0ZLd
+2ER40WakK+6gyvSkUYpdSK5722xMo5CAFmE35xn5r/JX4QnIK3DGnJcm0e68GtyE
+qh5YGXqTlnvgl/+YxBjgrvL97OWKtvof/ZjGqF48sNB4trMz9+80M5oBsr7ZjoPQ
+1B1mFTi9nCkCgYBojLgQxSr4tZCq6MRDXHEU6XnhyAPsItj8FUTdOz8JF8rYim82
+NLy4PF/tgW3iazJKkK+fyC+ZiKKqQjCBh+LwFT6JJ7eInOoY3HLrYX7PrB2OWUYE
+LVHUSuboIJIJDtk3f/Cvy6XDIJOcn7vbrfd4kdGk5332k1CUjTdE38VzLQKBgQCl
+TbRoxVd1xDnuIEOtSWuzmeqDvCghkpyyy6/IMRwTybHu4sF8VHsQiN3S5/cUCsnF
+3cE112J/d2BFZ9TdcTFbtnZwOO7f4prc6wmmDOYiZrXMAeOi+lPbCHfR+IfnoV4d
+81MbqUQyZMrcO7Yf3qgD/iyz6mpTcngaA2tqgFywOQKBgFigb4O1tKsK16HwflMm
+6EQB/3TmdhIsoNEq6M6tOuV3uypze+97olwJMjsgIMxpIqnff55WLBmDjmoMZSoS
+6juHCqmKWKwTZPHPdWNVUgMOGVHFjcCgQjuqWYWupl6un/CefXPleImZ/wrXee5w
+f2DAK68puLIhIySfEIjrYh4P
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/pc2-cert.pem b/openssl-1.1.0h/test/certs/pc2-cert.pem
new file mode 100644
index 0000000..2913b98
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc2-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDFaGA8y
+MTE2MDYxOTE5NTQ0MVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDgpvzv40QOQxRy6qhowyMfSRwn8TSUX/tt9U92ij/HDurM
+aT+89lLd6oOCohmXomg4t18Fik3yUyoKOi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSB
+s1i9aNVnwVd9QZA/Y1lHtEUETIr94neET6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh
++XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo
+2CWC2l6uwlakxkMQkCQQICywMKsmyMVPWFbalUezRDl7S/J9ybZYK61aq8mrBYzn
+tCaD3HwtjKmkAZ3tKcDfPidqwVtUAioBSzB6ztc/AgMBAAGjgZYwgZMwHQYDVR0O
+BBYEFPg3PONgEnnZVF3tRrg4aY4hBGVhMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJ
+KoZIhvcNAQELBQADggEBAJvmPj0eIOQEZSFrvbMEz5dp0udK+TIMKBmgPfCVrSPu
+g5wArKY5CqFzrrvXb8FWHuAuP9KsXaqU+oqaTrRlGDs0sl6LWkvamz9FLDbYS2+d
+9cGMdlEmWxPJg9Nkc557ng4b54xncyw+YQ/1vqkTtBX7w5Y4lFTOaZW3uq3iL1NU
+v1TO5fCNksndgw7tdilbps2BLeNcEJ7DZyS7ESPPe7NX78RCKsDLSj7C9bMlKvUc
+swUADTDhNTValfr2RQswlEPIt5qURe2vsvacQ701cPPwT+fgQj1N/XLFsBGTmnOP
+KpT6Adh+uk8xTHv2BUg+XDRAFOhoLMu1hnloiH14FgY=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/pc2-key.pem b/openssl-1.1.0h/test/certs/pc2-key.pem
new file mode 100644
index 0000000..77ab6ff
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc2-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDgpvzv40QOQxRy
+6qhowyMfSRwn8TSUX/tt9U92ij/HDurMaT+89lLd6oOCohmXomg4t18Fik3yUyoK
+Oi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSBs1i9aNVnwVd9QZA/Y1lHtEUETIr94neE
+T6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh+XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr
+2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo2CWC2l6uwlakxkMQkCQQICywMKsmyMVP
+WFbalUezRDl7S/J9ybZYK61aq8mrBYzntCaD3HwtjKmkAZ3tKcDfPidqwVtUAioB
+SzB6ztc/AgMBAAECggEBAKMvCWpjZksJ1O/Inn5CyN9v5uDop+3jbqqn14ne0IcS
+weGrzh2/u9/w+ohIoVhxI02XfZFzrj0Ixe/Z5LwndjtGkzJxFt952k1FBMefU5up
+Ft/j2+DyJpoQajHVDyfMTcz1GHEP/KKA/5n/ld4wZ39E8pFaP/PzdCgjdxPUo0II
+OWvNehyLqiOQseYsnWTYFGgBFX5Dr8/cZH8duaNTkGzr+/4O3KmF04lTYS2SPkQ8
+8ospMX9a9N4+gDXF6KWlIJUEk4Xelv/BT7jygEz0K0bIcRGdmgFe57Rh9qTHxZrl
+YkHh3lHC5XD5sWuOjoEu54jJdL/u1zfaK/jpQXKMjtECgYEA+eCIg1vBPKl53s38
+Ch/nRuwmtu8qJlcN6aYBAdUn/Z95Qy5gKmL0hW7qJ5+kgwLJZEdLQ+xIHBdnWjdP
+7VJ7k6NEsy/EQ2NOYBzxysvnyYSAwY1Wb4StPO9ejqb02LrY6gBNfePE/wpR1EqK
+Suyzocf0x02blO8dQ3JaGn/IKlkCgYEA5ig4jtcKUzP2vRQ8tWaaJvLxP2fEzEgb
+J+r1zLrdMqZvWwjhbdIbQRnhwjpelVKpxGFiOP91bf9+6qiX8q3TOar3tDu2o2Nu
+yFNvExoqxfaD+IHfDo3KjTwohysbBXdZzqeOwL2N7HcQz5E11e0JDgTPLXtWk2UN
+qeYUNHeXq1cCgYAmKXWP4j6D3jo/nePlQ/QVb9GF1MbyLg9w5Kp4ti4yXN2vNfD3
+6D8B9euK+6WrYIyTZRQInphwud5N9+6cByHabW/7kcr+o7b/lMwUtcmDjFoBtW1D
+ANdYXBJr5PG1++tO6ZbsKBIZBWFz86JlSPsyNRCcM60UNOSaPWenbmaKmQKBgQC8
+qEt0CqDUAsxFwMjiiO/i7VEDADQ4nwJjfh1ta97VHcg5ftYKByd//Y8ofl/5VoEC
+EDFLN1syhzOpdfjXW9TAeHwCqM/UrjSo0HtD1Tcqfh8/HHWSoHdfvegapCLKIELl
+OkOxia9EHXUSL51JdbruWtLYHTmiKDtDAO2e9EjGkQKBgHOEZ0u07bCyz+EZHTQb
+sWt1U2LztJ/cNSNqgVc4NTTna0KisjXBTbtIQeArI42GHXNBazE+KbApnHQy8f7M
+DJIl2/70CRTfosDdSE6DnQk672BhJ4fr6Ln/VyvcATlcv34UYiGsDY3LCf0UTdjd
+GsR6pGtD+3qErri9pbdxDvRC
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/pc5-cert.pem b/openssl-1.1.0h/test/certs/pc5-cert.pem
new file mode 100644
index 0000000..8663bdf
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc5-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTVaGA8y
+MTE2MDYxOTE5NTQ1NVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCvDPn1fctKUE8+aHf036mHkIEsWn0iNFl2K/qAOMqjqOvs
+lj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7GXju4cP6wQKKHGOurJhYczcfqwAfi+21K
+Bn4gmM3i4GESuIC6GuXWqw24oMZYBi5H3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVW
+iKAutNCbmV76NoRJm0sRzrFwyX1pomHCm9odwJQ0nNvyetMulY9tX9xYn01FLfiz
+JS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQygUy6yIiz2hR2yq5M1oeRYOEONwt9mY/e
+ZVoIbquW28PEDQE6KtK/EYUdWn8482XQdRcdKmSlAgMBAAGjgZIwgY8wHQYDVR0O
+BBYEFEfQwyLv6WIDOf9VQ/ElxxcFKkX5MEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
+HRMEAjAAMCAGCCsGAQUFBwEOAQH/BBEwDwIBADAKBggrBgEFBQcVADANBgkqhkiG
+9w0BAQsFAAOCAQEAl93p1Pcw3hBbTTnm9oa9cOUvPBkUwLJmSJ1Il3HQQuLz5H+H
+OiF3ePaa7wmGmMTwHEYtOvIhGO5c6zilVRint03BaXRizZcqdjDiHUgVcr11pzX5
+F4ihFOF91c6DmUorRrtkjglLb/gAMdUE0eT/wukiMjJWgcw+O2EVxGjpAgRVNw/v
+byYx4TPmvnnigqfMY9lVFKJy0g5Ovw6Nb2ff8ndSEZsCDB8XdNg2u07zYu1dM/vF
+wpjsA/omrfXP3opH1ustvMQm9BPkySLRzNbIYHHRJX3Hkhn+EYzMmxv3cH0EEtn6
+taj7Gfsp7TfLpfSgP/Y88EsKhQAWsdFt2tT3FQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/pc5-key.pem b/openssl-1.1.0h/test/certs/pc5-key.pem
new file mode 100644
index 0000000..1ad0805
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/pc5-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvDPn1fctKUE8+
+aHf036mHkIEsWn0iNFl2K/qAOMqjqOvslj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7G
+Xju4cP6wQKKHGOurJhYczcfqwAfi+21KBn4gmM3i4GESuIC6GuXWqw24oMZYBi5H
+3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVWiKAutNCbmV76NoRJm0sRzrFwyX1pomHC
+m9odwJQ0nNvyetMulY9tX9xYn01FLfizJS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQy
+gUy6yIiz2hR2yq5M1oeRYOEONwt9mY/eZVoIbquW28PEDQE6KtK/EYUdWn8482XQ
+dRcdKmSlAgMBAAECggEBAKqEmXjp8P2S/Z5tZWzD8wB7Y1kxTHPlSsAyVvJQYBTM
+mAT+107nxTu5uyr7FWRiXxxTK/y1f/SZG6FgagxhBbfrPmcbf3ZYw3GLgxLJvOT+
+xpc1e+eE8gnvSKBT2hFv4jQarGMNOijE3JBmg7PHGbcYDivcOnYQFV4T6+dqe0zA
+q2bLi/lko81Plunp7ev3i2ATjNxcYoannaTCq0HFxMLoOgrAoLqJqt8nkqXIY91z
+phx1x13HrHyikhuDBDb15TdJo68rbHngDolHFC7rHW65+vp0emJDtdEkBnQLDa5W
+a3ZeVe/xY0aaMPlcw//ZB8KMUD69VdCuiGXjrrHISAECgYEA2uIh82TIp+xG2Tk/
+2uZS1dOCCEEkkBqqgKwH2m2fctTHGMnKJaxSTCNKPEIpxaTt6EMp3jlviOmdrPtd
+pUS1OqkA99bzT8ZBEd8fg33XGCN5W7wvfo5077onwwJ+ocd//KJqQ2M6MioEp5im
+6Z8cDDdGA6NI3kJ+G3+CwczRTXECgYEAzLwKVkfd7TNJZQ7Z0n2x+O8hPJAaut2/
+qFIeItSBFo+ErQL8NnJPLMxBkWfVmnc4vFKc2bxgjz8S+cJCEucTrOAS7+ikP6KU
+Mo2NjbzA4omceuy3t+3eGJdYE44nBL/V+ZVAt6F0TQ7rayMAurcLJurHMiFYQEfs
+qAlsaYCiAHUCgYAmv7Wm8waaw7dfKUVmqTOs6v6wG2gvoqjgkpPpVVLO72A3wTFq
+LfF7zRuNQ2FFvgboAUveLWjTYhgp0W4onds/gT/MoF7+lmhak5dunc6AVXdciBoY
+W3vUHK6BVWW5minMPax2NZDN5KZiTSHvZd1/RCG+7x8tSbQthgtN58Z94QKBgHbH
+aZ/hFgo1xRESaqFKN2TbJ4dBe6CKYlU/Pyip7TKvlSPjJXxZGUI+RpQbj7uMC6iG
+rWVNex/gUhwA7eCVm76iSZpSeGhK5Hvn0AY5ShakC9rtVzEomb/enkTKJi0FNxkT
+1HY0/4pta3u+1P9+jsPHVkXpPpAcqlpbDUCwVky5AoGAJgwr1pxM7RDQon8Mpjxm
+XTJ36Vl+6dq/5yPBcKylQ49e5XrugS2trV1aSZKsiVuLGK9N8ND2N8OazxfpXbee
+q6b8GAqWWz4ewe30FKo0ipL1SfsJUTv8lPKIGo8oNk4vsUvv/bLJHpr6+g2d8lCw
+A0i6wzzrXUiXlynYm+VCKhs=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/root+anyEKU.pem b/openssl-1.1.0h/test/certs/root+anyEKU.pem
new file mode 100644
index 0000000..97e0732
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root+anyEKU.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAIMAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root+clientAuth.pem b/openssl-1.1.0h/test/certs/root+clientAuth.pem
new file mode 100644
index 0000000..8004e63
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMMAoGCCsGAQUF
+BwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root+serverAuth.pem b/openssl-1.1.0h/test/certs/root+serverAuth.pem
new file mode 100644
index 0000000..966676d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMMAoGCCsGAQUF
+BwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-anyEKU.pem b/openssl-1.1.0h/test/certs/root-anyEKU.pem
new file mode 100644
index 0000000..712b1f5
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-anyEKU.pem
@@ -0,0 +1,18 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAIoAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-cert-768.pem b/openssl-1.1.0h/test/certs/root-cert-768.pem
new file mode 100644
index 0000000..4392ef0
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-cert-768.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpzCCATGgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjASMRAwDgYDVQQD
+DAdSb290IENBMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALntqSk2YVnhNalAikA2
+tuSOvHUKVSJlqjKmzlUPI+gQFyBWxtyQdwepI87tl8EW1in2IiOeN49W+OtVOlBi
+Mxwqi/BcBltTbbSrlRpoSKOH6V7zIXvfsqjwWsDi37V1xQIDAQABo1AwTjAdBgNV
+HQ4EFgQUWPMT967zC8rDNvZo4PDnYL7SAtUwHwYDVR0jBBgwFoAUWPMT967zC8rD
+NvZo4PDnYL7SAtUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANhAFDU7FyF
+Ma6EG0OBS4IYws2US9t3IQwlI5noQwm9R3Nk/3AIUrdPG8ydRyV1N4GuRhRpprh0
+sEbX3ZO9/E54DbPYfS5kqfZZtohUNy+Wmx8XY9OSv4SWUrrMSIRFXS63MA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-cert-md5.pem b/openssl-1.1.0h/test/certs/root-cert-md5.pem
new file mode 100644
index 0000000..b6ed10c
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-cert-md5.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQQFAAOCAQEAwSTZo97psLqiNmgvCC/Z51F3S9bFKPjGK4dc
+Kqh8pMJsb8DnfGlPnsYXq/0oPcBThTRGZDqTeZa0ms8G+g4GS21TPF7lmvVJUJhz
+GRLJxX7TYB8xriSJ15DwZgGmEGPfzmoIq27nwrO4TRAi0TCLdw01XZwiq2V7anl+
+jrIpJPDuaT3oBqnGTMZ5IoaQq2TX8PS/ZW6icJiRmXLMp/HUycKpDUshiuARR5Mi
+UOzX8IHwn76Zj6z1R8xW9j1WcEycFYevTMaRuS6hnYagiSaAytIQU8hgMR4AWodM
+NFYv5t9rguJnimGUGMMBIYXnPNE2kaoq9qCVgjuC14gWU0kq6Q==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-cert.pem b/openssl-1.1.0h/test/certs/root-cert.pem
new file mode 100644
index 0000000..21ffa4d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-cert2.pem b/openssl-1.1.0h/test/certs/root-cert2.pem
new file mode 100644
index 0000000..e47e91e
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-cert2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5
+wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+
+R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp
+/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU
+/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6
+7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv
+akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y
+Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv
+NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+
+qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM
+o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+
+zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y
+9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1w==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-clientAuth.pem b/openssl-1.1.0h/test/certs/root-clientAuth.pem
new file mode 100644
index 0000000..8d82866
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMoAoGCCsGAQUF
+BwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-key-768.pem b/openssl-1.1.0h/test/certs/root-key-768.pem
new file mode 100644
index 0000000..4ecdcd3
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-key-768.pem
@@ -0,0 +1,13 @@
+-----BEGIN PRIVATE KEY-----
+MIIB5AIBADANBgkqhkiG9w0BAQEFAASCAc4wggHKAgEAAmEAue2pKTZhWeE1qUCK
+QDa25I68dQpVImWqMqbOVQ8j6BAXIFbG3JB3B6kjzu2XwRbWKfYiI543j1b461U6
+UGIzHCqL8FwGW1NttKuVGmhIo4fpXvMhe9+yqPBawOLftXXFAgMBAAECYH1FP4Bg
+/16Lepg6v+tb8gY0lY1WFN5EGVRfRw3QUaT9kldboEjjnQ8wSswVEPYr56IHZ8mH
+Or8LtJVrB3fjriq5vNOt7lRscuV7IcVtOyVWu5+MoJmO67Q2vRJXLWTdAQIxANtp
+AiqObXo8vyT+EDcOEW104PfKNVh/4fhyrDwAk/yTcxkv4dcnuTykeLPvkXq4cQIx
+ANjvQa+9LubMy3N1uXIbWWsiEBi4BdNK+xuppJ2puckaiQU42Mfmw/Nj4LMEJLfc
+lQIwCYcv3uU8f9hvfI3D6oAj5Zrzwg737hXvnDhunlRwGMHWd7uKlStWcfm6fCXl
+LW0hAjEAneK0egVEp3IR+PyLdcL194UZFgSJKNj/nYiAaMdokjcf1o8jJ4qKvw/I
+MEIpvy9pAjAzaFHKRugCN01V2dgXYYGL8+zkcwG4ehDXH1XEs4v8r3WtHBPPKED6
+AemfAQJLvh8=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/root-key.pem b/openssl-1.1.0h/test/certs/root-key.pem
new file mode 100644
index 0000000..0e0ee11
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDh5gD1BrygRjh5
+Dz8ecRkTbQLfK5t2a/yssCHt1pEIQjulYzXsUlugokrF1gCUA5daPblnKNJ94yFc
+pO3GPI2OhNGdVMM92XSilnZncfnGGlB3s/147lvg44yJI8KaIuw+1DeeB83AK1UR
+Fzo0QhxpDToYsO0VlF7G/Z6HxhznlBqSwF8FwXND5QPeCZHJJM7Yjot+LuAxSNGG
+KmpVJnroCzZOl7HgpMnaXGlLA4AIVoOjH7IquMFM/sWxTdTAAartvs4lve5prfYH
+zW4roYlU9WjrmAntyWBmyzNiSgOwaNYOq1/BNVV+/UbuuuvctqKj7YV/d9+1aCJD
+fmYkI6/FAgMBAAECggEBAJWfUmL441cFK8KDZrszDfjf61cF+yKkw+ddghuWUtm1
+hOw2mjC9HBN5ay0+YYOoHUeYOoUpdMIM/rvuQc9brCcJsg0TZ34/2hEWt7Yst9OO
++l1OykSfHBwIm7z6Aps1JmU3Ct+RK6ZtDRsU12hloYuzRxezmFUCwQPsWGR1xA9d
+usQHGbhM6F0WXFiTUulwf5x/06egO4IcDQL/qi5B79Byou+YnEQXcvWlF+6shPb6
+dvQbHuNRWd7QJRU/nJ/yhUDQ8Kx8e1WB2QJemBbf3jzkrGxHxWojcr6avJOQuNk4
+DCo+ksUcpiJqKLF26dGyLTypqL3s1L6FXbQ2kvlGqMECgYEA+Bpv+uJAZk7N83+N
+9DSsDmzQ1I1pp9tnwHvHko3gaWBr2O0bC7kl2CyLlUZ8Fi1SuiZPkWBXbffZbLxb
+H7t8ppvsvnVC4+BWkdmQR9du6mtl16GojZxPE1GL0Gqqw8CyJGSATBm9UJs/roq1
+hQxnvWrbGZp2+PGJTndlb+UpIXMCgYEA6Raj0bHa4Lzb2CLxf5eo6p4iBNacD3as
+CokJmDETIAwXFpjnHLDEuq8W26OACCv6vZtHefhtO0ULqJC1pRLF5/3lxhp219pp
+5Q1bSIysOKUJtZyqNwvhvROoiFgTDRyfu48eKsAx18pzRJ/ZFHsHqNbNUVWjF2Nf
+1yNC6PErO+cCgYEAufImhyPXHFZnqN2qqKJpaY5InWU3EKUyB2M92isXTCMF8VkT
+ch/bqz8HhmODUKO7YuSfsddA75xYilRI/2lnLP+j2cLM1Tkn6LvklNNzv6GqfIge
+abQC1/nADf5D6d6cJQZl2aNY7fbNLaWsEgGQJrjVaUUJcd6lB/gYQFrCDt0CgYAb
+61RQB8e556VFrFnU+KuI/swAXFxxFbvhvyxhCG/MBOa3FDWKoDnQSqyoPltVnz73
+eyQCnhknYkvVMxAu56LA+Q6OvhjCHi1U/FaUyBTQ7CPPlyZkVY4CgdpMCpCtn2Ia
+qzfn0wGlYWCRNbxg0aPHO4N4XJOed47BTD31fP26vQKBgDWXNz5he9pLYYDiF4F3
+jdjbG/QCmO41VBdfd81pFajJKm4TaskuMLTaWa51KHcoW+ddQQLy72qtXH53X4SL
+lO/RacV9hRoSX5Nq7ivSO8sM1fnU55kBre+V/ZgKkG4Xe669P1Hd4TpmmpoYDhgO
+Jq+6oI4L87uoIoyqvltRK3hM
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/root-key2.pem b/openssl-1.1.0h/test/certs/root-key2.pem
new file mode 100644
index 0000000..990b20d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-key2.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIHp0kAPnBtK1B
+/gcTQSGV20NKE1VD+OEO7qzYprfQV0/iaXX5zY/Ls4NRKNIJ6BdoEg5cID5HTNoE
+Andl6pfHdSsT0+JdodEZlyg+1fiYr0g4eEh3HA9Rrpx5I4mfhwdj6nRwUun/ludQ
+SungipsvVsx3i/x8XEnRkMYlqF8uK6udhTJqVo0Icr6Erb5Fp5GA+Wxd+JT+/CGG
+MWF2GLFs+byX5L7bE3JJXUkADOtS8QN01nSIG+5VxLaaWFIpOG3ll6D7QLruRhir
+Ez0JVkLBxX9pJQibCN4Ww0wmyX+cXIRpy7q9fPSuO8vA/NMB5VhnLn3YbC9qRY62
+IN1qntYlAgMBAAECggEAJgHieHcS+F43VcRIVbjWBx8orYX0eL9pByv/efpYCOK8
+UlUTSglnmRmUBDMLiUQiReq//XFGQsZu1boeMSYYA5LWRqLEaGIWU5To2N5Mo7sO
+rWLy6GRU6H+QSlWcisbbeXeK+9ZTiO6BKjfAKZxJkvkaRk44+umQP5QOfhJ3WU4t
+0wkwYOfm8uOEg48yZTgjUVzhIORHAq5RHH/5goLrNwO2bIqOHOqzSrXGQJJ+oDaL
+JykccyVAElUGd5JaSpm5z0a43C4A5q770ppiByGxJv1L3ID1hkik1ZpWfMtwPH1Y
+FIAINqlhVoeAEwOCpL9axZ5OCGQrgWLNV4LfJyG4NQKBgQDyHGDyp+ZpMJRxCtDt
+8QWtthuoOfwmXOR81ZJGD3GA8rEGcG1zH4F+B4Z76/Kwb/uabH9FPURS+kcDpsuM
+9Avx88JTg6YFhtpQQCcmhY7awgc+B4ve95ziz6DOMhCD8Yb36UjM7B1jY+zVLIYt
+yQhZOKQEzPFqfPMrzEDsabT+GwKBgQDTmY35/l13zYi21xmCL+309KzjbZEyX0NF
+SE2JjIdwcWvKSMPFlWv7l1ssIg1fF0Hu7mEbLB74eUU0fe4D0LPeoEX3ihjYej4N
+M/EdKv7+WhCr11lnWwWTM+aeeFAmwdD95Gdvv0hTnG/GqxiOt19HhGhMHJueAKDL
+Tmci9hPAvwKBgQCkjbM62fEZp4IMvtw4DKveYDq2AQsnC9XkHsh3Q8HScaDuDnXl
+XBGIFhdKnJhrYQEx+PIbnkOU3jRr/+6zE6AWx6VZW834TaqOBrxVS0tH1b5UY46m
+ccc4xQO3gYGGHB+u2ei4Fvb2eZEbZlKgRdWdxoh8FssypFAmgYHS7Rmt5wKBgEYu
+symM1aGL2WGTnJFSpmFN2h4g1DzZ3e0X2yfZJX8FD5RraAub0NIE1Kehr7+vbh36
+kNi7XJZbWrnbXtuDGHWpwSsmcbEzcmtcpAdhoGvqoYbtiWi/huzZFQ/Qpf0E4fWk
+ES6+ShX5WBWT4DRN29tTrmg4QOE6IhrsqUauScTvAoGAKxEzsSHPgZm5rGOfVPcI
+cFeSJFCsaPfVk97T9aNievhMMChKBV8vT3Unlk0RObcsMweo6OMmfnRxrHhgfVz8
+elpLOlzEHfELlR8HELvxCeWWzuPgNCAPcG3BmjRnm8g5xmmkfQuRKlkQTcGbHotI
+wIPT+bHg3fjx7CemHl+rZeo=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/root-name2.pem b/openssl-1.1.0h/test/certs/root-name2.pem
new file mode 100644
index 0000000..ac3a4bb
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-name2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtSb290
+IENlcnQgMjAgFw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowFjEUMBIG
+A1UEAwwLUm9vdCBDZXJ0IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDh5gD1BrygRjh5Dz8ecRkTbQLfK5t2a/yssCHt1pEIQjulYzXsUlugokrF1gCU
+A5daPblnKNJ94yFcpO3GPI2OhNGdVMM92XSilnZncfnGGlB3s/147lvg44yJI8Ka
+Iuw+1DeeB83AK1URFzo0QhxpDToYsO0VlF7G/Z6HxhznlBqSwF8FwXND5QPeCZHJ
+JM7Yjot+LuAxSNGGKmpVJnroCzZOl7HgpMnaXGlLA4AIVoOjH7IquMFM/sWxTdTA
+Aartvs4lve5prfYHzW4roYlU9WjrmAntyWBmyzNiSgOwaNYOq1/BNVV+/Ubuuuvc
+tqKj7YV/d9+1aCJDfmYkI6/FAgMBAAGjUDBOMB0GA1UdDgQWBBSO9SWvHptrhD18
+gJrJU5xNcvejUjAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAXH466iCDUusG2NbpU/tMZVWB2
+8wVwawbXn2LNYCdWPAgOHR+87OekNAh/vXBoPu9up9Up40/l/4+29zl5s9tKpF7X
+SI8QeM2HC9LLGsbFNEJoX4kcz6Q8WxrhtEeBTu1api4CB4POGkj5VlKFCwa3bjPH
+brDwCODq1Gkggf4NR0piiqFKUEKTteMoeC3dod+FzBh6eDssGcVsNxhB0FiMk4GG
+3Fc1NR56gL+Qz3QFZf2tdpMcBXECc1nP7fNq6CwSRwcgDgte/qqYr3gkeBo3M3Bz
+7JE19lq7kjfiTq6zyswacaqlvN9bJAxNkbshW7kvIqw+27y5XErpestuoxSt
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-nonca.pem b/openssl-1.1.0h/test/certs/root-nonca.pem
new file mode 100644
index 0000000..5c86abe
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-nonca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT
+BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3
+DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS
+fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh
+836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/
+6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi
+KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq
+m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVz
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-noserver.pem b/openssl-1.1.0h/test/certs/root-noserver.pem
new file mode 100644
index 0000000..0c7fb8d
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-noserver.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjkwNVoYDzIxMTYwMTE1MjIyOTA1WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5oV1s3N
+us7SINg7omu5AxueEgK97mh5PU3hgZpliSFaESmL2qLGeP609oXs/68XDXVW4utU
+LCOjLh0np+5Xy3i3GRDXgBZ72QDe23WqqQqqaBlQVVm1WxG+amRtZJEWdSIsiFBt
+k+8dBElHh2WQDhDOWqHGHQarQgJPxGB97MRhMSlbTwK1T5KAWOlqi5mJW5L6vNrQ
+7Tra/YceH70fU0fJYOXhBxM92NwD1bbVd9GPYFSqrdrVj19bvo63XsxZduex5QHr
+RkWqT5w5mgAHaEgCqWrS/64q9TR9UEwrB8kiZZg3k9/im+zBwEULTZu0r8oMEkpj
+bTlXLmt8EMBqxwIDAQABo1AwTjAdBgNVHQ4EFgQUcH8uroNoWZgEIyrN6z4XzSTd
+AUkwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAuiLq2lhcOJHrwUP0txbHk2vy6rmGTPxqmcCo
+CUQFZ3KrvUQM+rtRqqQ0+LzU4wSTFogBz9KSMfT03gPegY3b/7L2TOaMmUFRzTdd
+c9PNT0lP8V3pNQrxp0IjKir791QkGe2Ux45iMKf/SXpeTWASp4zeMiD6/LXFzzaK
+BfNS5IrIWRDev41lFasDzudK5/kmVaMvDOFyW51KkKkqb64VS4UA81JIEzClvz+3
+Vp3k1AXup5+XnTvhqu2nRhrLpJR5w8OXQpcn6qjKlVc2BXtb3xwci1/ibHlZy3CZ
+n70e2NYihU5yYKccReP+fjLgVFsuhsDs/0hRML1u9bLp9nUbYDAMoAoGCCsGAQUF
+BwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root-serverAuth.pem b/openssl-1.1.0h/test/certs/root-serverAuth.pem
new file mode 100644
index 0000000..37b49f6
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw
+bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2
+UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY
+mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg
+Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO
+bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMoAoGCCsGAQUF
+BwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root2+clientAuth.pem b/openssl-1.1.0h/test/certs/root2+clientAuth.pem
new file mode 100644
index 0000000..41355b0
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root2+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5
+wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+
+R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp
+/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU
+/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6
+7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv
+akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y
+Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv
+NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+
+qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM
+o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+
+zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y
+9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMMAoGCCsGAQUF
+BwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root2+serverAuth.pem b/openssl-1.1.0h/test/certs/root2+serverAuth.pem
new file mode 100644
index 0000000..52053f1
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root2+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5
+wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+
+R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp
+/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU
+/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6
+7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv
+akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y
+Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv
+NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+
+qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM
+o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+
+zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y
+9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMMAoGCCsGAQUF
+BwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/root2-serverAuth.pem b/openssl-1.1.0h/test/certs/root2-serverAuth.pem
new file mode 100644
index 0000000..dae848a
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/root2-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5
+wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+
+R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp
+/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU
+/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6
+7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv
+akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y
+Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv
+NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+
+qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM
+o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+
+zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y
+9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMoAoGCCsGAQUF
+BwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/rootCA.key b/openssl-1.1.0h/test/certs/rootCA.key
new file mode 100644
index 0000000..527f3ad
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/rootCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/
+m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD
+Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7
+w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM
+uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV
+ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE
+qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL
+GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH
+g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM
+VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj
+/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH
+bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+
+LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz
+YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6
+Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ
+iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1
+uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude
+8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP
+Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh
+Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5
+VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ
+f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH
+mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T
+xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g
+AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/rootCA.pem b/openssl-1.1.0h/test/certs/rootCA.pem
new file mode 100644
index 0000000..ef73d00
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/rootCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa
+Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf
++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i
+xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO
+rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU
+34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL
+r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2
+QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf
+ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w
+DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0
+mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ
+WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI
+qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0
+GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT
+JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/rootcert.pem b/openssl-1.1.0h/test/certs/rootcert.pem
new file mode 100644
index 0000000..2b90ddb
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/rootcert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjkwNVoYDzIxMTYwMTE1MjIyOTA1WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5oV1s3N
+us7SINg7omu5AxueEgK97mh5PU3hgZpliSFaESmL2qLGeP609oXs/68XDXVW4utU
+LCOjLh0np+5Xy3i3GRDXgBZ72QDe23WqqQqqaBlQVVm1WxG+amRtZJEWdSIsiFBt
+k+8dBElHh2WQDhDOWqHGHQarQgJPxGB97MRhMSlbTwK1T5KAWOlqi5mJW5L6vNrQ
+7Tra/YceH70fU0fJYOXhBxM92NwD1bbVd9GPYFSqrdrVj19bvo63XsxZduex5QHr
+RkWqT5w5mgAHaEgCqWrS/64q9TR9UEwrB8kiZZg3k9/im+zBwEULTZu0r8oMEkpj
+bTlXLmt8EMBqxwIDAQABo1AwTjAdBgNVHQ4EFgQUcH8uroNoWZgEIyrN6z4XzSTd
+AUkwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAuiLq2lhcOJHrwUP0txbHk2vy6rmGTPxqmcCo
+CUQFZ3KrvUQM+rtRqqQ0+LzU4wSTFogBz9KSMfT03gPegY3b/7L2TOaMmUFRzTdd
+c9PNT0lP8V3pNQrxp0IjKir791QkGe2Ux45iMKf/SXpeTWASp4zeMiD6/LXFzzaK
+BfNS5IrIWRDev41lFasDzudK5/kmVaMvDOFyW51KkKkqb64VS4UA81JIEzClvz+3
+Vp3k1AXup5+XnTvhqu2nRhrLpJR5w8OXQpcn6qjKlVc2BXtb3xwci1/ibHlZy3CZ
+n70e2NYihU5yYKccReP+fjLgVFsuhsDs/0hRML1u9bLp9nUbYA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/rootkey.pem b/openssl-1.1.0h/test/certs/rootkey.pem
new file mode 100644
index 0000000..d85c96f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/rootkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/mhXWzc26ztIg
+2Duia7kDG54SAr3uaHk9TeGBmmWJIVoRKYvaosZ4/rT2hez/rxcNdVbi61QsI6Mu
+HSen7lfLeLcZENeAFnvZAN7bdaqpCqpoGVBVWbVbEb5qZG1kkRZ1IiyIUG2T7x0E
+SUeHZZAOEM5aocYdBqtCAk/EYH3sxGExKVtPArVPkoBY6WqLmYlbkvq82tDtOtr9
+hx4fvR9TR8lg5eEHEz3Y3APVttV30Y9gVKqt2tWPX1u+jrdezFl257HlAetGRapP
+nDmaAAdoSAKpatL/rir1NH1QTCsHySJlmDeT3+Kb7MHARQtNm7SvygwSSmNtOVcu
+a3wQwGrHAgMBAAECggEBAL4rWle8JuCuHGNbGz1nO9d41tg7fnYdnZAaN6OiMfr8
+bl+wY84aV3GKJOS2InfYOcIy340UU5QHvxOq/kwwRVV/uAOZ8rqAFmZY9djOnhdv
+rZjq3xAHnPgJ0XvZt7XkR2z1AUw+v7Pf1WYGsYcSZ/t99MKB5Je0odA/aRqZRwLy
+YflbsnAJtxdJ6fsiVCSJcU76V8sxfiCimw6ppLMEp3zCjveQ5Lv0eVoL2zNYeh+l
+GiSwqTqaR+WJekkDiXRd9KYI19drf7OkTII1DtOd6bgvKX3zv2lNiere4J4k7cAP
+rW6fBFgtSq2oklTpWUlXRH7XQAgDtDvldXdlKaj96dkCgYEA8KPSu5ywg8pjCofE
+nLtJTfVyD2g9tgNLj9dI3kuSniZU51kOtk5rZZwL0S8piGczL908aV9DIWdXWsND
+5hlXquKUTSjxPYEzZvaN+tvf9e0AcY/D/UaK0mKPjEbh7vg6pS77aZZz2EL2inOs
+dam8famOOC9RUkxH5JWa3UV4UhsCgYEAy9T0wPQctjuvDkZQTqKEKsHrmrgY2PXT
+Re8DDGI8hxjYb8l+NoFQ7eiwTHir/DULupxQoBBUQtS+idQzUu02tzLMnGcjHNwh
+Tu+vZ4xlVnXxfgIRjDKkfQjiAC5SLzoNO9Jn8g4eS/1mEPXhQ0TXIsFonZDypp/n
+RMp21DkvdMUCgYAIMgwjR5rbYjEtUqJnlBlTBmD0FWDEqigQpgxdRcWgjT2nA2l0
+3AbcVwwv+6M2eg1MPASqsgvfP13CQZQ2afaKY10Zo6NTrOrLPupm+MYP4hp5w6Ox
+JI3lzGWHKYLYWKvmpEr7tZwMaXtsC7R77WP2A6hMUZA7dU2dg1ra3lrSsQKBgQDA
+sPIsUtmtwOBtqzUSEXrGfQqA+larDEGNVDVaiKfVwzwg+aeyWS+rqRS5Rj64L2GG
+KW3i020EvN/fplZap9vY9lIN7UZ5avSmDdqRFl1ajiccy1HRarKrbTFRoHibItMN
+4YvYfVZQ2h2aHQe2Myb6OULv6e4qbPIRyyDo4aKmTQKBgQCadq2JfICFIP9Q1aQn
+93oD7Z4WcYs+KsLYO+/uJxWMrn0/gv90cGrSfstJqDOHnRq4WKUcgK9ErxaE4LkW
+sD0mBhRM3SMxnRJZRO+6roRdehtjHkvzKu75KjcsuwefoMs2sFa4CLQ1YU2vO3Tx
+dgzpnKS2bH/i5yLwhelRfddZ6Q==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/roots.pem b/openssl-1.1.0h/test/certs/roots.pem
new file mode 100644
index 0000000..0bc6912
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/roots.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa
+Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT
+B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO
+nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6
+iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo
+D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm
+H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+
+2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6
+hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5
+j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239
+MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ
+4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9
+Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U
+7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/
+e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU
+wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy
+MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04
+wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG
+64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G
+Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2
+90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh
+6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+
+HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S
+9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2
+QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR
+wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6
+C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF
+sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca+anyEKU.pem b/openssl-1.1.0h/test/certs/sca+anyEKU.pem
new file mode 100644
index 0000000..459a4dc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wCDAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca+clientAuth.pem b/openssl-1.1.0h/test/certs/sca+clientAuth.pem
new file mode 100644
index 0000000..3807805
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wDDAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca+serverAuth.pem b/openssl-1.1.0h/test/certs/sca+serverAuth.pem
new file mode 100644
index 0000000..952d288
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wDDAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca-anyEKU.pem b/openssl-1.1.0h/test/certs/sca-anyEKU.pem
new file mode 100644
index 0000000..a43c021
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca-anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wCKAGBgRVHSUA
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca-cert.pem b/openssl-1.1.0h/test/certs/sca-cert.pem
new file mode 100644
index 0000000..6b800b6
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca-clientAuth.pem b/openssl-1.1.0h/test/certs/sca-clientAuth.pem
new file mode 100644
index 0000000..62a98ff
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca-clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wDKAKBggrBgEFBQcDAg==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sca-serverAuth.pem b/openssl-1.1.0h/test/certs/sca-serverAuth.pem
new file mode 100644
index 0000000..0620874
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sca-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R
+rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G
+knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I
+rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl
+ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7
+SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj
+LGCBSw0wDKAKBggrBgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/server-trusted.pem b/openssl-1.1.0h/test/certs/server-trusted.pem
new file mode 100644
index 0000000..7508cff
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/server-trusted.pem
@@ -0,0 +1,20 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvkwDDAKBggr
+BgEFBQcDAQ==
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/servercert.pem b/openssl-1.1.0h/test/certs/servercert.pem
new file mode 100644
index 0000000..cc17d3f
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/servercert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/serverkey.pem b/openssl-1.1.0h/test/certs/serverkey.pem
new file mode 100644
index 0000000..0d7e404
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/serverkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq
+jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH
+EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd
+igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp
+4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/
+WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p
+8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq
+gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD
+nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u
+OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4
+nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU
+otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4
+XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA
+trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V
++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G
+PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd
+vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs
+7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT
+SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5
+lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/
+yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww
+poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY
+rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx
+Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL
+Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws
+KQypwAFz0tbHxaNag/bSAN0J
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/setup.sh b/openssl-1.1.0h/test/certs/setup.sh
new file mode 100755
index 0000000..7e1086a
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/setup.sh
@@ -0,0 +1,346 @@
+#! /bin/sh
+
+# Primary root: root-cert
+# root cert variants: CA:false, key2, DN2
+# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU
+#
+./mkcert.sh genroot "Root CA" root-key root-cert
+./mkcert.sh genss "Root CA" root-key root-nonca
+./mkcert.sh genroot "Root CA" root-key2 root-cert2
+./mkcert.sh genroot "Root Cert 2" root-key root-name2
+#
+openssl x509 -in root-cert.pem -trustout \
+    -addtrust serverAuth -out root+serverAuth.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addreject serverAuth -out root-serverAuth.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addtrust clientAuth -out root+clientAuth.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addreject clientAuth -out root-clientAuth.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out root-anyEKU.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out root+anyEKU.pem
+openssl x509 -in root-cert2.pem -trustout \
+    -addtrust serverAuth -out root2+serverAuth.pem
+openssl x509 -in root-cert2.pem -trustout \
+    -addreject serverAuth -out root2-serverAuth.pem
+openssl x509 -in root-cert2.pem -trustout \
+    -addtrust clientAuth -out root2+clientAuth.pem
+openssl x509 -in root-nonca.pem -trustout \
+    -addtrust serverAuth -out nroot+serverAuth.pem
+openssl x509 -in root-nonca.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out nroot+anyEKU.pem
+
+# Root CA security level variants:
+# MD5 self-signature
+OPENSSL_SIGALG=md5 \
+./mkcert.sh genroot "Root CA" root-key root-cert-md5
+# 768-bit key
+OPENSSL_KEYBITS=768 \
+./mkcert.sh genroot "Root CA" root-key-768 root-cert-768
+
+# primary client-EKU root: croot-cert
+# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU
+#
+./mkcert.sh genroot "Root CA" root-key croot-cert clientAuth
+#
+openssl x509 -in croot-cert.pem -trustout \
+    -addtrust serverAuth -out croot+serverAuth.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addreject serverAuth -out croot-serverAuth.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addtrust clientAuth -out croot+clientAuth.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addreject clientAuth -out croot-clientAuth.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out croot-anyEKU.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out croot+anyEKU.pem
+
+# primary server-EKU root: sroot-cert
+# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU
+#
+./mkcert.sh genroot "Root CA" root-key sroot-cert serverAuth
+#
+openssl x509 -in sroot-cert.pem -trustout \
+    -addtrust serverAuth -out sroot+serverAuth.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addreject serverAuth -out sroot-serverAuth.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addtrust clientAuth -out sroot+clientAuth.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addreject clientAuth -out sroot-clientAuth.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out sroot-anyEKU.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out sroot+anyEKU.pem
+
+# Primary intermediate ca: ca-cert
+# ca variants: CA:false, key2, DN2, issuer2, expired
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU
+#
+./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert
+./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert
+./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert
+./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
+./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
+./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
+DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert
+#
+openssl x509 -in ca-cert.pem -trustout \
+    -addtrust serverAuth -out ca+serverAuth.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addreject serverAuth -out ca-serverAuth.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addtrust clientAuth -out ca+clientAuth.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addreject clientAuth -out ca-clientAuth.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out ca-anyEKU.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem
+openssl x509 -in ca-nonca.pem -trustout \
+    -addtrust serverAuth -out nca+serverAuth.pem
+openssl x509 -in ca-nonca.pem -trustout \
+    -addtrust serverAuth -out nca+anyEKU.pem
+
+# Intermediate CA security variants:
+# MD5 issuer signature,
+OPENSSL_SIGALG=md5 \
+./mkcert.sh genca "CA" ca-key ca-cert-md5 root-key root-cert
+openssl x509 -in ca-cert-md5.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out ca-cert-md5-any.pem
+# Issuer has 768-bit key
+./mkcert.sh genca "CA" ca-key ca-cert-768i root-key-768 root-cert-768
+# CA has 768-bit key
+OPENSSL_KEYBITS=768 \
+./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert
+
+# client intermediate ca: cca-cert
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
+#
+./mkcert.sh genca "CA" ca-key cca-cert root-key root-cert clientAuth
+#
+openssl x509 -in cca-cert.pem -trustout \
+    -addtrust serverAuth -out cca+serverAuth.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addreject serverAuth -out cca-serverAuth.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addtrust clientAuth -out cca+clientAuth.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addtrust clientAuth -out cca-clientAuth.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out cca-anyEKU.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out cca+anyEKU.pem
+
+# server intermediate ca: sca-cert
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU
+#
+./mkcert.sh genca "CA" ca-key sca-cert root-key root-cert serverAuth
+#
+openssl x509 -in sca-cert.pem -trustout \
+    -addtrust serverAuth -out sca+serverAuth.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addreject serverAuth -out sca-serverAuth.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addtrust clientAuth -out sca+clientAuth.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addreject clientAuth -out sca-clientAuth.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out sca-anyEKU.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem
+
+# Primary leaf cert: ee-cert
+# ee variants: expired, issuer-key2, issuer-name2
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
+# purpose variants: client
+#
+./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert
+./mkcert.sh genee server.example ee-key ee-expired ca-key ca-cert -days -1
+./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
+./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
+./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
+#
+openssl x509 -in ee-cert.pem -trustout \
+    -addtrust serverAuth -out ee+serverAuth.pem
+openssl x509 -in ee-cert.pem -trustout \
+    -addreject serverAuth -out ee-serverAuth.pem
+openssl x509 -in ee-client.pem -trustout \
+    -addtrust clientAuth -out ee+clientAuth.pem
+openssl x509 -in ee-client.pem -trustout \
+    -addreject clientAuth -out ee-clientAuth.pem
+
+# Leaf cert security level variants
+# MD5 issuer signature
+OPENSSL_SIGALG=md5 \
+./mkcert.sh genee server.example ee-key ee-cert-md5 ca-key ca-cert
+# 768-bit issuer key
+./mkcert.sh genee server.example ee-key ee-cert-768i ca-key-768 ca-cert-768
+# 768-bit leaf key
+OPENSSL_KEYBITS=768 \
+./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
+
+# Proxy certificates, off of ee-client
+# Start with some good ones
+./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \
+    ./mkcert.sh genpc pc1-key pc1-cert ee-key ee-client \
+                "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB"
+./mkcert.sh req pc2-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 2" | \
+    ./mkcert.sh genpc pc2-key pc2-cert pc1-key pc1-cert \
+                "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
+# And now a couple of bad ones
+# pc3: incorrect CN
+./mkcert.sh req bad-pc3-key "0.CN = server.example" "1.CN = proxy 3" | \
+    ./mkcert.sh genpc bad-pc3-key bad-pc3-cert pc1-key pc1-cert \
+                "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
+# pc4: incorrect pathlen
+./mkcert.sh req bad-pc4-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 4" | \
+    ./mkcert.sh genpc bad-pc4-key bad-pc4-cert pc1-key pc1-cert \
+                "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB"
+# pc5: no policy
+./mkcert.sh req pc5-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 5" | \
+    ./mkcert.sh genpc pc5-key pc5-cert pc1-key pc1-cert \
+                "language = id-ppl-anyLanguage" "pathlen = 0"
+# pc6: incorrect CN (made into a component of a multivalue RDN)
+./mkcert.sh req bad-pc6-key "0.CN = server.example" "1.CN = proxy 1" "2.+CN = proxy 6" | \
+    ./mkcert.sh genpc bad-pc6-key bad-pc6-cert pc1-key pc1-cert \
+                "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
+
+# Name constraints test certificates.
+
+# NC CA1 only permits the host www.good.org and *.good.com email address
+# good@good.org and *@good.com and IP addresses 127.0.0.1 and
+# 192.168.0.0/16
+
+NC="permitted;DNS:www.good.org, permitted;DNS:good.com,"
+NC="$NC permitted;email:good@good.org, permitted;email:good.com,"
+NC="$NC permitted;IP:127.0.0.1/255.255.255.255, permitted;IP:192.168.0.0/255.255.0.0"
+
+NC=$NC ./mkcert.sh genca "Test NC CA 1" ncca1-key ncca1-cert root-key root-cert
+
+# NC CA2 allows anything apart from hosts www.bad.org and *.bad.com
+# and email addresses bad@bad.org and *@bad.com
+
+NC="excluded;DNS:www.bad.org, excluded;DNS:bad.com,"
+NC="$NC excluded;email:bad@bad.org, excluded;email:bad.com, "
+NC="$NC excluded;IP:10.0.0.0/255.0.0.0"
+
+NC=$NC ./mkcert.sh genca "Test NC CA 2" ncca2-key ncca2-cert root-key root-cert
+
+# Name constraints subordinate CA. Adds www.good.net (which should be
+# disallowed because parent CA doesn't permit it) adds ok.good.com
+# (which should be allowed because parent allows *.good.com
+# and now excludes bad.ok.good.com (allowed in permitted subtrees
+# but explicitly excluded).
+
+NC="permitted;DNS:www.good.net, permitted;DNS:ok.good.com, "
+NC="$NC excluded;DNS:bad.ok.good.com"
+NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
+        ncca1-key ncca1-cert
+
+# all subjectAltNames allowed by CA1.
+
+./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \
+    "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
+    ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# no subjectAltNames excluded by CA2.
+
+./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \
+    ./mkcert.sh geneealt alt2-key alt2-cert ncca2-key ncca2-cert \
+    "DNS.1 = www.anything.org" "DNS.2 = any.other.com" \
+    "email.1 = other@bad.org" "email.2 = any@something.com"
+
+# hostname other.good.org which is not allowed by CA1.
+
+./mkcert.sh req badalt1-key "O = Bad NC Test Certificate 1" | \
+    ./mkcert.sh geneealt badalt1-key badalt1-cert ncca1-key ncca1-cert \
+    "DNS.1 = other.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com"
+
+# any.bad.com is excluded by CA2.
+
+./mkcert.sh req badalt2-key 'O = Bad NC Test Certificate 2' | \
+    ./mkcert.sh geneealt badalt2-key badalt2-cert ncca2-key ncca2-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.bad.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com"
+
+# other@good.org not permitted by CA1
+
+./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \
+    ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = other@good.org" "email.2 = any@good.com"
+
+# all subject alt names OK but subject email address not allowed by CA1.
+
+./mkcert.sh req badalt4-key 'O = Bad NC Test Certificate 4' \
+    "emailAddress = any@other.com" | \
+    ./mkcert.sh geneealt badalt4-key badalt4-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com"
+
+# IP address not allowed by CA1
+./mkcert.sh req badalt5-key "O = Bad NC Test Certificate 5" | \
+    ./mkcert.sh geneealt badalt5-key badalt5-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.2"
+
+# all subject alt names OK but subject CN not allowed by CA1.
+./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \
+    "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
+    ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING
+REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
+    "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
+    ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \
+    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# all subjectAltNames allowed by chain
+
+./mkcert.sh req alt3-key "O = Good NC Test Certificate 3" \
+    "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
+    ./mkcert.sh geneealt alt3-key alt3-cert ncca3-key ncca3-cert \
+    "DNS.1 = www.ok.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# www.good.net allowed by parent CA but not parent of parent
+
+./mkcert.sh req badalt8-key "O = Bad NC Test Certificate 8" \
+    "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
+    ./mkcert.sh geneealt badalt8-key badalt8-cert ncca3-key ncca3-cert \
+    "DNS.1 = www.ok.good.com" "DNS.2 = www.good.net" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# other.good.com not allowed by parent CA but allowed by parent of parent
+
+./mkcert.sh req badalt9-key "O = Bad NC Test Certificate 9" \
+    "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
+    ./mkcert.sh geneealt badalt9-key badalt9-cert ncca3-key ncca3-cert \
+    "DNS.1 = www.good.com" "DNS.2 = other.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# www.bad.net excluded by parent CA.
+
+./mkcert.sh req badalt10-key "O = Bad NC Test Certificate 10" \
+    "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
+    ./mkcert.sh geneealt badalt10-key badalt10-cert ncca3-key ncca3-cert \
+    "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
+    "email.1 = good@good.org" "email.2 = any@good.com" \
+    "IP = 127.0.0.1" "IP = 192.168.0.1"
diff --git a/openssl-1.1.0h/test/certs/some-names1.pem b/openssl-1.1.0h/test/certs/some-names1.pem
new file mode 100644
index 0000000..21eed83
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/some-names1.pem
@@ -0,0 +1,211 @@
+-----BEGIN CERTIFICATE-----
+MIInDDCCJfSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowghmkMRAwDgYDVQQDEwd0
+MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
+MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
+c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
+dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
+N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57+EWs
+sZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEixoiXC
+zepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lqZ1Ak
+y+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRzYeIs
+2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTOgnmE
+T19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABo4IK2jCCCtYwDgYDVR0PAQH/
+BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggqfBgNV
+HREEggqWMIIKkoIHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH
+dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku
+dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx
+NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII
+dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0
+ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl
+c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu
+dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz
+OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII
+dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0
+ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl
+c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu
+dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2
+Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII
+dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0
+ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl
+c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu
+dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4
+Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII
+dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0
+ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50
+ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC
+CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw
+OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl
+c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ
+dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy
+LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz
+dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0
+MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu
+dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0
+ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx
+NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50
+ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC
+CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1
+Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl
+c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ
+dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw
+LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz
+dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0
+MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu
+dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0
+ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx
+OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50
+ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC
+CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw
+NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl
+c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ
+dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4
+LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz
+dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0
+MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu
+dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0
+ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy
+NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50
+ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC
+CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1
+My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEA
+JIFn5ymMVnj0DOFldXQzAjaosat0Z1dAca0BFO/4bf+IfvpaLvZCiSucInV0ejgR
+dP3UsoiXV8qXBax1nr5t4k+yOGYbhgj3imHFtKhFaqJ45AqEJOmzCHWIN0LkN+YL
+ME6JBJr86EB+diLPBS7iljmtvN7avvmJ8AbGFI6eB5BwSjewavWpv55u52zMWti7
+Ca2WpKffH74zhnGqkbMzEiiRa1L1+H/uQBJ0BEeAZbr+pSkJZJvzY/eH8a7fLHra
+LfBqD4epDm6RI6gSNeJ+G7qSfpVSk7l9bsVh7rUTSSCKBxhcImudqBuLfswoa0Ub
+ZoA33vstMRAur0m/blHQHA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/some-names2.pem b/openssl-1.1.0h/test/certs/some-names2.pem
new file mode 100644
index 0000000..328e3d1
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/some-names2.pem
@@ -0,0 +1,133 @@
+-----BEGIN CERTIFICATE-----
+MIIYgzCCF2ugAwIBAgIBBjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu
+dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu
+Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i
+Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc
+V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW
+PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb
+/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj
+3kIrLbkCAwEAAaOCFeUwghXhMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
+BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SC
+B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2
+LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu
+dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx
+Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII
+dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0
+ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl
+c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu
+dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0
+MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII
+dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0
+ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl
+c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku
+dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2
+NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII
+dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0
+ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl
+c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu
+dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4
+OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII
+dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0
+ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy
+LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz
+dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0
+MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu
+dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0
+ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx
+MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50
+ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC
+CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz
+Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl
+c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ
+dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw
+LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz
+dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0
+MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu
+dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0
+ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx
+NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50
+ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC
+CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4
+NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl
+c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ
+dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4
+LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz
+dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0
+MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu
+dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0
+ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy
+MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50
+ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC
+CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz
+My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl
+c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ
+dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2
+LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz
+dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0
+MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku
+dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0
+ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy
+NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50
+ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC
+CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4
+MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl
+c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ
+dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0
+LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz
+dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0
+MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu
+dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0
+ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz
+MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50
+ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC
+CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy
+OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl
+c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ
+dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy
+LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz
+dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0
+MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu
+dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0
+ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz
+NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50
+ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC
+CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3
+Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl
+c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ
+dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw
+LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz
+dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0
+Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu
+dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0
+ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0
+MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50
+ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC
+CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy
+NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl
+c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ
+dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4
+LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz
+dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0
+NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu
+dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0
+ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0
+NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50
+ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC
+CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3
+My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl
+c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ
+dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2
+LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz
+dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0
+NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku
+dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0
+ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1
+MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50
+ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBjxDfYTobCREWVHPrt1T9iT2t0gieS7hVw
+lQaezO1n+m0MerQ92DHhMXBROBiMXIWyvTa341xClpYAwPqqAIUEdS0L5r4Jq/Ep
+4uglb+eZXMvTAm89KH3L8xTugc8UtHMqbfyo92v96wgFXBrcDDXIkGdPkLyz2s2J
+QjpNVG/La/EYTQdHPgv6Rg0g+t6RNN1JJ0p1wQ5ItDc8d/bfWdlG/EViWVRsiSBh
+7YRbkGWdnHnorCe0yIg0jKCk3UhgXaYY66/alpmE/QVXSaLgNvdmJ5m9mixY0ZaB
+0niy+KzIgBczvDcxVdL5/fsxGvA4nI8Gi7Z+EJDKXeED+FwcTDJD
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/some-names3.pem b/openssl-1.1.0h/test/certs/some-names3.pem
new file mode 100644
index 0000000..a6d3ee7
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/some-names3.pem
@@ -0,0 +1,293 @@
+-----BEGIN CERTIFICATE-----
+MII2fzCCNWegAwIBAgIBBzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg
+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0
+MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0
+OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0
+MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl
+c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA
+dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1
+N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI
+dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB
+Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B
+CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3
+DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI
+hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq
+hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG
+CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw
+FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx
+FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz
+dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0
+ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw
+QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0
+ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW
+CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ
+ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN
+AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG
+9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG
+SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ
+KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV
+BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX
+MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw
+MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy
+NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1
+MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3
+NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ
+ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG
+9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ
+KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY
+MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl
+c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5
+OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW
+CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN
+AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG
+SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW
+BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0
+MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA
+dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0
+NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK
+M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o
+BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0
+vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+
+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F
+MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaM1MDMwDgYD
+VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw
+DQYJKoZIhvcNAQELBQADggEBAH6ad2kFE0qGDe3ErMdwTGjbBz3T12dDvAUVhGHQ
+uZShOdPsXMHD2mUqFgLE0iJFeXB7jOSAKtzmKHNmxZ4W0UZ7eMPPogkgIbG3d3yR
+8zBO21CUyOQWChywpKcAou9ji3Kq6pb4+mqq0a5TGIYyGJKSUTv09KI+iHgwteCX
+DHzzhuTs8AhodmNO5K/F9YFWJWvQ1NrwyUmOFEw8/UcljyKxFrP2VEov0fWeiTRB
+Ps6VaFBW7SEEi8fAM9W5kfsl+iWRvwFcFdXGQt1HbeywCu58DLI4uceHCFb+3MMO
+Xv7wJ5UhQODuzwuq7CuZvlxR2tiFoPP+s5fPH0L8MBP5z6w=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot+anyEKU.pem b/openssl-1.1.0h/test/certs/sroot+anyEKU.pem
new file mode 100644
index 0000000..9beefa9
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot+anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAIMAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot+clientAuth.pem b/openssl-1.1.0h/test/certs/sroot+clientAuth.pem
new file mode 100644
index 0000000..939e3e8
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot+clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAMMAoGCCsGAQUFBwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot+serverAuth.pem b/openssl-1.1.0h/test/certs/sroot+serverAuth.pem
new file mode 100644
index 0000000..447d2e3
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot+serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAMMAoGCCsGAQUFBwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot-anyEKU.pem b/openssl-1.1.0h/test/certs/sroot-anyEKU.pem
new file mode 100644
index 0000000..7f1766a
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot-anyEKU.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAIoAYGBFUdJQA=
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot-cert.pem b/openssl-1.1.0h/test/certs/sroot-cert.pem
new file mode 100644
index 0000000..55508d9
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot-clientAuth.pem b/openssl-1.1.0h/test/certs/sroot-clientAuth.pem
new file mode 100644
index 0000000..e91f1d2
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot-clientAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAMoAoGCCsGAQUFBwMC
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/sroot-serverAuth.pem b/openssl-1.1.0h/test/certs/sroot-serverAuth.pem
new file mode 100644
index 0000000..2fd78cc
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/sroot-serverAuth.pem
@@ -0,0 +1,19 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3
+o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB
+/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR
+lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a
+mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr
+c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW
+foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w
+TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG
+E3ODKNXOOP3jsDAMoAoGCCsGAQUFBwMB
+-----END TRUSTED CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/subinterCA-ss.pem b/openssl-1.1.0h/test/certs/subinterCA-ss.pem
new file mode 100644
index 0000000..a436b4b
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/subinterCA-ss.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy
+MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04
+wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG
+64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G
+Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2
+90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh
+6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+
+HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S
+9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2
+QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR
+wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6
+C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF
+sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/subinterCA.key b/openssl-1.1.0h/test/certs/subinterCA.key
new file mode 100644
index 0000000..c867af9
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/subinterCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb
+2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n
+JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C
+pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy
+wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF
+HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg
+nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO
+ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd
+SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5
+P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH
+VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX
+lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh
+ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z
+uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g
+5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im
+S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4
+hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS
+zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc
+cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7
+M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1
+sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW
+aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s
+5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu
+ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S
+zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/certs/subinterCA.pem b/openssl-1.1.0h/test/certs/subinterCA.pem
new file mode 100644
index 0000000..2cdf480
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/subinterCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz
+WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD
+EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj
+vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz
+2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW
+VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90
+OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL
+857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ
+Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp
+Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ
+YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8
+8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ
+pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E
+mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq
+YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U
+gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/untrusted.pem b/openssl-1.1.0h/test/certs/untrusted.pem
new file mode 100644
index 0000000..d93d312
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/untrusted.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz
+WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD
+EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj
+vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz
+2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW
+VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90
+OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL
+857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ
+Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp
+Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ
+YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8
+8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ
+pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E
+mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq
+YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U
+gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx
+OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD
+VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/
+BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI
+wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB
+ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY
+jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt
+LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK
+fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG
+IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN
+BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT
+6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD
+2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw
+QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV
+mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw
+y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/wrongcert.pem b/openssl-1.1.0h/test/certs/wrongcert.pem
new file mode 100644
index 0000000..b8b3cfd
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/wrongcert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1Xcm9u
+ZyBSb290IENBMCAXDTE2MDExNDIyMjkwMVoYDzIxMTYwMTE1MjIyOTAxWjAYMRYw
+FAYDVQQDDA1Xcm9uZyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1qOM0wmfvpzDnuZbMaZd5VtYPVYFoYMhlSmUQWCH/I17zxzzWi2SCRvc
+JXx+mZcK1l7KXYabewH1fxHzBGJYI/huxqEF3G7e0cqa60XAhyEKfop0VrKMpqDh
+sNRxqC3PWaQQzijlD2XEY5h3u97qn/m4mAMO1RvKUtv0l0Go9G3VZVp0HSPxW2VM
+0xDyOhlPSYzQ0solQgvb3Nir6dyxzOFz4kCJiVwOQQ4YFvRps72NcBV7q6OWpXHE
+URIGlVlc7p/8ysGNMgj/G3mtPjVtb+AKFDESO+l9ZGi5JU1LJJf23A2BVUgP4eL1
+huZGrTsVNdIYMds1yHyoDfHABLI+TQIDAQABo1AwTjAdBgNVHQ4EFgQU0sgStYvh
+Wvrkc0aam05HE5YMZFgwHwYDVR0jBBgwFoAU0sgStYvhWvrkc0aam05HE5YMZFgw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAT4DDpFvHBIzhKR1/LJx6
+1gsXYCAp1fre5luek/kGTRrInWg6OLZ7B2wLtGcfNlfpRCvLHCh1ORgctNaYwBgE
+xOGWHTsbFDfq15cOcATXgDqRch8dLv/5XKm8rXDwmi6mUfbwUDF5qko4f3hpBWvA
+EBRJSqPvaRxfiJs3SXGnCbiIcYEz0nAwgqfJl7QFXnD22Fu0FGczwzW/7kh0EeIW
+tMsyrIvMR+s6AYzwYrRnUjXBNHjRxuiy5KmyvTMoFm5R6PsD2YfUN1xFkdRy48vb
+8fVYApmiXoNWMBgVSija261L81OY4yZZw3BK8nAGrko5VmXjbfYIScpiMlZkXLHN
+Ww==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/certs/wrongkey.pem b/openssl-1.1.0h/test/certs/wrongkey.pem
new file mode 100644
index 0000000..72ab17b
--- /dev/null
+++ b/openssl-1.1.0h/test/certs/wrongkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDWo4zTCZ++nMOe
+5lsxpl3lW1g9VgWhgyGVKZRBYIf8jXvPHPNaLZIJG9wlfH6ZlwrWXspdhpt7AfV/
+EfMEYlgj+G7GoQXcbt7RyprrRcCHIQp+inRWsoymoOGw1HGoLc9ZpBDOKOUPZcRj
+mHe73uqf+biYAw7VG8pS2/SXQaj0bdVlWnQdI/FbZUzTEPI6GU9JjNDSyiVCC9vc
+2Kvp3LHM4XPiQImJXA5BDhgW9GmzvY1wFXuro5alccRREgaVWVzun/zKwY0yCP8b
+ea0+NW1v4AoUMRI76X1kaLklTUskl/bcDYFVSA/h4vWG5katOxU10hgx2zXIfKgN
+8cAEsj5NAgMBAAECggEBAJBlHKMI0W/RVIT8oZMIQhi/V+CDk2wxpJENlNBamYFc
+yVLvPgOHrrv0Aykw1JaNF1xaDrfWi5i4G6jtsVhctMEWK6fywdemur3WGFx442nE
+36N7j4KXwamDh/GHKiMjFmBO0INw3ZB7PSBnfP1lnOAchoO1YvAZLwaJNMXhBUHR
+uoGrL2nv2F6EDe1whuNd6ifNPT8aX+8kOP0ooe6+rEvoe8Q6N+ktMLcl/b6y7nqt
+Tkl1CzuCnC/KJwY6LRRl6NUttw1c78IauqeNRuLYuaUKMXRjWkKTzPY7sHAdQbey
+szC6Rowso6i26n7a0yJFnML8NDZPJAsJqj7NA1rfn4ECgYEA8K51eqVe9C0uNdcG
+jxbzZZggPXM2SjGLwSz7DazN67kGkLY54B4BO1s428ZfpgsI364Cyg7vocDegAr2
+t9/+N+i/fF7c9yKICxefNcO/Q1i4hozTimQHEWpCDKgystBrWl+CopRrq/QMndGh
+oFfeLzIwQ3m69lFgTBwyTRCDsi0CgYEA5EzEI3uGVfP639x06/7h2kLeBYUlvIaA
+84O4t7oAvsIRHBsTvi5OKR2YB9ONkDLmdSEZaGg7KUgzPDBoJ2PDmGP6jEiW//bD
+9ftXb6UPUuHMyQu92wzJW6qrNSZu13NqkQ0XTBYBYlYGTvESljJhbWTDLpUd7dlV
+i4xxAkxJ8KECgYAD4MvDziZZiODVvUE9zQDfAjSCyPh2+ZVm53KkJcSrp6+TZVxJ
+YDJk4nNoFyozYroh4Ivq9ZKm6JStO3/+Nn3CKN3tAxpMYSIQC7FlDGJok2VlxZ8i
++7mhbjTiP1ORzgnsyt0wAXQ6sRQC9v3Dt6a82/IrJCr/DRCgKVQmKb31gQKBgQC5
+IctYHr5UC1KgoGysR3es/9Z9UXjFhakiT+nGC265QjSPvyFmcrRtQRNdHV/J1Izv
+5NRuxz9afbMWlwaPEqa1eDXf9qmEjf5hBd3kqkxf4L2pNv1Rme/bhu3pXu45ht2f
+HKeMyrd6n9njwDhbViWNiU2CA+hOTZTCYjPuMiEvoQKBgQCY4styVO7gKdNc3j9c
+iPAjnMjBBqLzEJdS4de2BFdKM4xhX4OWbNsO+GcMlq4k1Tt6dMKdcLmjnHWsdsqp
+UFGEMMZDd/ez6kOAGInYajr7rmRjxAolZwK7mc1OQcDiNgjb5Qs0E5zM4TEg5r56
+sU+ewyfUH6y1dTTJhjIldEfUtw==
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/cipherlist_test.c b/openssl-1.1.0h/test/cipherlist_test.c
new file mode 100644
index 0000000..d6556e0
--- /dev/null
+++ b/openssl-1.1.0h/test/cipherlist_test.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/err.h>
+#include <openssl/e_os2.h>
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h>
+
+#include "e_os.h"
+#include "testutil.h"
+
+typedef struct cipherlist_test_fixture {
+    const char *test_case_name;
+    SSL_CTX *server;
+    SSL_CTX *client;
+} CIPHERLIST_TEST_FIXTURE;
+
+
+static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name)
+{
+    CIPHERLIST_TEST_FIXTURE fixture;
+    fixture.test_case_name = test_case_name;
+    fixture.server = SSL_CTX_new(TLS_server_method());
+    fixture.client = SSL_CTX_new(TLS_client_method());
+    OPENSSL_assert(fixture.client != NULL && fixture.server != NULL);
+    return fixture;
+}
+
+/*
+ * All ciphers in the DEFAULT cipherlist meet the default security level.
+ * However, default supported ciphers exclude SRP and PSK ciphersuites
+ * for which no callbacks have been set up.
+ *
+ * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
+ * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
+ * are currently broken and should be considered mission impossible in libssl.
+ */
+static const uint32_t default_ciphers_in_order[] = {
+#ifndef OPENSSL_NO_TLS1_2
+# ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+# endif
+# ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+# endif
+
+# if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305
+#  ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+    TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+#  endif
+#  ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+#  endif
+# endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
+
+# ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+# endif
+# ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+# endif
+# ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+    TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+# endif
+# ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+# endif
+# ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+    TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+# endif
+# ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+# endif
+#endif  /* !OPENSSL_NO_TLS1_2 */
+
+#ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+#endif
+#ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+#endif
+#ifndef OPENSSL_NO_EC
+    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+#endif
+#ifndef OPENSSL_NO_DH
+    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2
+    TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+    TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+    TLS1_CK_RSA_WITH_AES_256_SHA256,
+    TLS1_CK_RSA_WITH_AES_128_SHA256,
+#endif
+
+    TLS1_CK_RSA_WITH_AES_256_SHA,
+    TLS1_CK_RSA_WITH_AES_128_SHA,
+};
+
+static int test_default_cipherlist(SSL_CTX *ctx)
+{
+    STACK_OF(SSL_CIPHER) *ciphers;
+    SSL *ssl;
+    int i, ret = 0, num_expected_ciphers, num_ciphers;
+    uint32_t expected_cipher_id, cipher_id;
+
+    ssl = SSL_new(ctx);
+    OPENSSL_assert(ssl != NULL);
+
+    ciphers = SSL_get1_supported_ciphers(ssl);
+    OPENSSL_assert(ciphers != NULL);
+    num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
+    num_ciphers = sk_SSL_CIPHER_num(ciphers);
+    if (num_ciphers != num_expected_ciphers) {
+        fprintf(stderr, "Expected %d supported ciphers, got %d.\n",
+                num_expected_ciphers, num_ciphers);
+        goto err;
+    }
+
+    for (i = 0; i < num_ciphers; i++) {
+        expected_cipher_id = default_ciphers_in_order[i];
+        cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
+        if (cipher_id != expected_cipher_id) {
+            fprintf(stderr, "Wrong cipher at position %d: expected %x, "
+                    "got %x\n", i, expected_cipher_id, cipher_id);
+            goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    sk_SSL_CIPHER_free(ciphers);
+    SSL_free(ssl);
+    return ret;
+}
+
+static int execute_test(CIPHERLIST_TEST_FIXTURE fixture)
+{
+    return test_default_cipherlist(fixture.server)
+        && test_default_cipherlist(fixture.client);
+}
+
+static void tear_down(CIPHERLIST_TEST_FIXTURE fixture)
+{
+    SSL_CTX_free(fixture.server);
+    SSL_CTX_free(fixture.client);
+    ERR_print_errors_fp(stderr);
+}
+
+#define SETUP_CIPHERLIST_TEST_FIXTURE() \
+    SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
+
+#define EXECUTE_CIPHERLIST_TEST() \
+    EXECUTE_TEST(execute_test, tear_down)
+
+static int test_default_cipherlist_implicit()
+{
+    SETUP_CIPHERLIST_TEST_FIXTURE();
+    EXECUTE_CIPHERLIST_TEST();
+}
+
+static int test_default_cipherlist_explicit()
+{
+    SETUP_CIPHERLIST_TEST_FIXTURE();
+    OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT"));
+    OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT"));
+    EXECUTE_CIPHERLIST_TEST();
+}
+
+int main(int argc, char **argv)
+{
+    int result = 0;
+
+    ADD_TEST(test_default_cipherlist_implicit);
+    ADD_TEST(test_default_cipherlist_explicit);
+
+    result = run_tests(argv[0]);
+
+    return result;
+}
diff --git a/openssl-1.1.0h/test/clienthellotest.c b/openssl-1.1.0h/test/clienthellotest.c
new file mode 100644
index 0000000..38a7637
--- /dev/null
+++ b/openssl-1.1.0h/test/clienthellotest.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "../ssl/packet_locl.h"
+
+#define CLIENT_VERSION_LEN      2
+
+
+#define TOTAL_NUM_TESTS                         1
+
+/*
+ * Test that explicitly setting ticket data results in it appearing in the
+ * ClientHello for a negotiated SSL/TLS version
+ */
+#define TEST_SET_SESSION_TICK_DATA_VER_NEG      0
+
+int main(int argc, char *argv[])
+{
+    SSL_CTX *ctx = NULL;
+    SSL *con = NULL;
+    BIO *rbio;
+    BIO *wbio;
+    BIO *err;
+    long len;
+    unsigned char *data;
+    PACKET pkt, pkt2, pkt3;
+    char *dummytick = "Hello World!";
+    unsigned int type;
+    int testresult = 0;
+    int currtest = 0;
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    /*
+     * For each test set up an SSL_CTX and SSL and see what ClientHello gets
+     * produced when we try to connect
+     */
+    for (; currtest < TOTAL_NUM_TESTS; currtest++) {
+        testresult = 0;
+        ctx = SSL_CTX_new(TLS_method());
+        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
+            goto end;
+        con = SSL_new(ctx);
+
+        rbio = BIO_new(BIO_s_mem());
+        wbio = BIO_new(BIO_s_mem());
+        SSL_set_bio(con, rbio, wbio);
+        SSL_set_connect_state(con);
+
+        if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+            if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
+                goto end;
+        }
+
+        if (SSL_connect(con) > 0) {
+            /* This shouldn't succeed because we don't have a server! */
+            goto end;
+        }
+
+        len = BIO_get_mem_data(wbio, (char **)&data);
+        if (!PACKET_buf_init(&pkt, data, len))
+            goto end;
+
+        /* Skip the record header */
+        if (!PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH))
+            goto end;
+
+        /* Skip the handshake message header */
+        if (!PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
+            goto end;
+
+        /* Skip client version and random */
+        if (!PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE))
+            goto end;
+
+        /* Skip session id */
+        if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+            goto end;
+
+        /* Skip ciphers */
+        if (!PACKET_get_length_prefixed_2(&pkt, &pkt2))
+            goto end;
+
+        /* Skip compression */
+        if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+            goto end;
+
+        /* Extensions len */
+        if (!PACKET_as_length_prefixed_2(&pkt, &pkt2))
+            goto end;
+
+        /* Loop through all extensions */
+        while (PACKET_remaining(&pkt2)) {
+
+            if (!PACKET_get_net_2(&pkt2, &type) ||
+                !PACKET_get_length_prefixed_2(&pkt2, &pkt3))
+                goto end;
+
+            if (type == TLSEXT_TYPE_session_ticket) {
+                if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+                    if (PACKET_equal(&pkt3, dummytick, strlen(dummytick))) {
+                        /* Ticket data is as we expected */
+                        testresult = 1;
+                    } else {
+                        printf("Received session ticket is not as expected\n");
+                    }
+                    break;
+                }
+            }
+
+        }
+
+ end:
+        SSL_free(con);
+        SSL_CTX_free(ctx);
+        if (!testresult) {
+            printf("ClientHello test: FAILED (Test %d)\n", currtest);
+            break;
+        }
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 0;
+#endif
+    BIO_free(err);
+
+    return testresult?0:1;
+}
diff --git a/openssl-1.1.0h/test/cms-examples.pl b/openssl-1.1.0h/test/cms-examples.pl
new file mode 100644
index 0000000..ec1c5fa
--- /dev/null
+++ b/openssl-1.1.0h/test/cms-examples.pl
@@ -0,0 +1,365 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl script to run tests against S/MIME examples in RFC4134
+# Assumes RFC is in current directory and called "rfc4134.txt"
+
+use MIME::Base64;
+
+my $badttest = 0;
+my $verbose  = 1;
+
+my $cmscmd;
+my $exdir  = "./";
+my $exfile = "./rfc4134.txt";
+
+if (-f "../apps/openssl")
+	{
+	$cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
+	}
+elsif (-f "..\\out32dll\\openssl.exe")
+	{
+	$cmscmd = "..\\out32dll\\openssl.exe cms";
+	}
+elsif (-f "..\\out32\\openssl.exe")
+	{
+	$cmscmd = "..\\out32\\openssl.exe cms";
+	}
+
+my @test_list = (
+    [ "3.1.bin"  => "dataout" ],
+    [ "3.2.bin"  => "encode, dataout" ],
+    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
+    [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
+    [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.5.bin"  => "verifyder, cont, rsa" ],
+    [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
+    [ "4.8.eml"  => "verifymime, dss" ],
+    [ "4.9.eml"  => "verifymime, dss" ],
+    [ "4.10.bin" => "encode, verifyder, cont, dss" ],
+    [ "4.11.bin" => "encode, certsout" ],
+    [ "5.1.bin"  => "encode, envelopeder, cont" ],
+    [ "5.2.bin"  => "encode, envelopeder, cont" ],
+    [ "5.3.eml"  => "envelopemime, cont" ],
+    [ "6.0.bin"  => "encode, digest, cont" ],
+    [ "7.1.bin"  => "encode, encrypted, cont" ],
+    [ "7.2.bin"  => "encode, encrypted, cont" ]
+);
+
+# Extract examples from RFC4134 text.
+# Base64 decode all examples, certificates and
+# private keys are converted to PEM format.
+
+my ( $filename, $data );
+
+my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
+
+$data = "";
+
+open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
+
+while (<IN>) {
+    next unless (/^\|/);
+    s/^\|//;
+    next if (/^\*/);
+    if (/^>(.*)$/) {
+        $filename = $1;
+        next;
+    }
+    if (/^</) {
+        $filename = "$exdir/$filename";
+        if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
+            $data = decode_base64($data);
+            open OUT, ">$filename";
+            binmode OUT;
+            print OUT $data;
+            close OUT;
+            push @cleanup, $filename;
+        }
+        elsif ( $filename =~ /\.cer$/ ) {
+            write_pem( $filename, "CERTIFICATE", $data );
+        }
+        elsif ( $filename =~ /\.pri$/ ) {
+            write_pem( $filename, "PRIVATE KEY", $data );
+        }
+        $data     = "";
+        $filename = "";
+    }
+    else {
+        $data .= $_;
+    }
+
+}
+
+my $secretkey =
+  "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
+
+foreach (@test_list) {
+    my ( $file, $tlist ) = @$_;
+    print "Example file $file:\n";
+    if ( $tlist =~ /encode/ ) {
+        run_reencode_test( $exdir, $file );
+    }
+    if ( $tlist =~ /certsout/ ) {
+        run_certsout_test( $exdir, $file );
+    }
+    if ( $tlist =~ /dataout/ ) {
+        run_dataout_test( $exdir, $file );
+    }
+    if ( $tlist =~ /verify/ ) {
+        run_verify_test( $exdir, $tlist, $file );
+    }
+    if ( $tlist =~ /digest/ ) {
+        run_digest_test( $exdir, $tlist, $file );
+    }
+    if ( $tlist =~ /encrypted/ ) {
+        run_encrypted_test( $exdir, $tlist, $file, $secretkey );
+    }
+    if ( $tlist =~ /envelope/ ) {
+        run_envelope_test( $exdir, $tlist, $file );
+    }
+
+}
+
+foreach (@cleanup) {
+    unlink $_;
+}
+
+if ($badtest) {
+    print "\n$badtest TESTS FAILED!!\n";
+}
+else {
+    print "\n***All tests successful***\n";
+}
+
+sub write_pem {
+    my ( $filename, $str, $data ) = @_;
+
+    $filename =~ s/\.[^.]*$/.pem/;
+
+    push @cleanup, $filename;
+
+    open OUT, ">$filename";
+
+    print OUT "-----BEGIN $str-----\n";
+    print OUT $data;
+    print OUT "-----END $str-----\n";
+
+    close OUT;
+}
+
+sub run_reencode_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+
+    system( "$cmscmd -cmsout -inform DER -outform DER"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tReencode command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
+        print "\tReencode FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tReencode passed\n" if $verbose;
+    }
+}
+
+sub run_certsout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.der";
+    unlink "tmp.pem";
+
+    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
+          . " -in $cmsdir/$tfile -out tmp.der" );
+
+    if ($?) {
+        print "\tCertificate output command FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tCertificate output passed\n" if $verbose;
+    }
+}
+
+sub run_dataout_test {
+    my ( $cmsdir, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    system(
+        "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
+
+    if ($?) {
+        print "\tDataout command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
+        print "\tDataout compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDataout passed\n" if $verbose;
+    }
+}
+
+sub run_verify_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    $form   = "DER"                     if $tlist =~ /verifyder/;
+    $form   = "SMIME"                   if $tlist =~ /verifymime/;
+    $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
+    $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
+
+    $cmd =
+        "$cmscmd -verify -inform $form"
+      . " -CAfile $cafile"
+      . " -in $cmsdir/$tfile -out tmp.txt";
+
+    $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tVerify command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tVerify content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tVerify passed\n" if $verbose;
+    }
+}
+
+sub run_envelope_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    $form = "DER"   if $tlist =~ /envelopeder/;
+    $form = "SMIME" if $tlist =~ /envelopemime/;
+
+    $cmd =
+        "$cmscmd -decrypt -inform $form"
+      . " -recip $cmsdir/BobRSASignByCarl.pem"
+      . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
+      . " -in $cmsdir/$tfile -out tmp.txt";
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tDecrypt command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tDecrypt content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDecrypt passed\n" if $verbose;
+    }
+}
+
+sub run_digest_test {
+    my ( $cmsdir, $tlist, $tfile ) = @_;
+    unlink "tmp.txt";
+
+    my $cmd =
+      "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
+
+    system("$cmd 2>cms.err 1>cms.out");
+
+    if ($?) {
+        print "\tDigest verify command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tDigest verify content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tDigest verify passed\n" if $verbose;
+    }
+}
+
+sub run_encrypted_test {
+    my ( $cmsdir, $tlist, $tfile, $key ) = @_;
+    unlink "tmp.txt";
+
+    system( "$cmscmd -EncryptedData_decrypt -inform DER"
+          . " -secretkey $key"
+          . " -in $cmsdir/$tfile -out tmp.txt" );
+
+    if ($?) {
+        print "\tEncrypted Data command FAILED!!\n";
+        $badtest++;
+    }
+    elsif ( $tlist =~ /cont/
+        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
+    {
+        print "\tEncrypted Data content compare FAILED!!\n";
+        $badtest++;
+    }
+    else {
+        print "\tEncryptedData verify passed\n" if $verbose;
+    }
+}
+
+sub cmp_files {
+    my ( $f1, $f2 ) = @_;
+    my ( $fp1, $fp2 );
+
+    my ( $rd1, $rd2 );
+
+    if ( !open( $fp1, "<$f1" ) ) {
+        print STDERR "Can't Open file $f1\n";
+        return 0;
+    }
+
+    if ( !open( $fp2, "<$f2" ) ) {
+        print STDERR "Can't Open file $f2\n";
+        return 0;
+    }
+
+    binmode $fp1;
+    binmode $fp2;
+
+    my $ret = 0;
+
+    for ( ; ; ) {
+        $n1 = sysread $fp1, $rd1, 4096;
+        $n2 = sysread $fp2, $rd2, 4096;
+        last if ( $n1 != $n2 );
+        last if ( $rd1 ne $rd2 );
+
+        if ( $n1 == 0 ) {
+            $ret = 1;
+            last;
+        }
+
+    }
+
+    close $fp1;
+    close $fp2;
+
+    return $ret;
+
+}
+
diff --git a/openssl-1.1.0h/test/constant_time_test.c b/openssl-1.1.0h/test/constant_time_test.c
new file mode 100644
index 0000000..3ee6a81
--- /dev/null
+++ b/openssl-1.1.0h/test/constant_time_test.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time_locl.h"
+#include "e_os.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
+static const unsigned int CONSTTIME_FALSE = 0;
+static const unsigned char CONSTTIME_TRUE_8 = 0xff;
+static const unsigned char CONSTTIME_FALSE_8 = 0;
+
+static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b),
+                          const char *op_name, unsigned int a, unsigned int b,
+                          int is_true)
+{
+    unsigned c = op(a, b);
+    if (is_true && c != CONSTTIME_TRUE) {
+        fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+                "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
+        return 1;
+    } else if (!is_true && c != CONSTTIME_FALSE) {
+        fprintf(stderr, "Test failed for  %s(%du, %du): expected %du "
+                "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_binary_op_8(unsigned
+                            char (*op) (unsigned int a, unsigned int b),
+                            const char *op_name, unsigned int a,
+                            unsigned int b, int is_true)
+{
+    unsigned char c = op(a, b);
+    if (is_true && c != CONSTTIME_TRUE_8) {
+        fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+                "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
+        return 1;
+    } else if (!is_true && c != CONSTTIME_FALSE_8) {
+        fprintf(stderr, "Test failed for  %s(%du, %du): expected %u "
+                "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_is_zero(unsigned int a)
+{
+    unsigned int c = constant_time_is_zero(a);
+    if (a == 0 && c != CONSTTIME_TRUE) {
+        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+                "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
+        return 1;
+    } else if (a != 0 && c != CONSTTIME_FALSE) {
+        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+                "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_is_zero_8(unsigned int a)
+{
+    unsigned char c = constant_time_is_zero_8(a);
+    if (a == 0 && c != CONSTTIME_TRUE_8) {
+        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+                "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
+        return 1;
+    } else if (a != 0 && c != CONSTTIME_FALSE) {
+        fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+                "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_select(unsigned int a, unsigned int b)
+{
+    unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
+    if (selected != a) {
+        fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+                "%du): expected %du(first value), got %du\n",
+                CONSTTIME_TRUE, a, b, a, selected);
+        return 1;
+    }
+    selected = constant_time_select(CONSTTIME_FALSE, a, b);
+    if (selected != b) {
+        fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+                "%du): expected %du(second value), got %du\n",
+                CONSTTIME_FALSE, a, b, b, selected);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_select_8(unsigned char a, unsigned char b)
+{
+    unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
+    if (selected != a) {
+        fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+                "%u): expected %u(first value), got %u\n",
+                CONSTTIME_TRUE, a, b, a, selected);
+        return 1;
+    }
+    selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
+    if (selected != b) {
+        fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+                "%u): expected %u(second value), got %u\n",
+                CONSTTIME_FALSE, a, b, b, selected);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_select_int(int a, int b)
+{
+    int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
+    if (selected != a) {
+        fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+                "%d): expected %d(first value), got %d\n",
+                CONSTTIME_TRUE, a, b, a, selected);
+        return 1;
+    }
+    selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
+    if (selected != b) {
+        fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+                "%d): expected %d(second value), got %d\n",
+                CONSTTIME_FALSE, a, b, b, selected);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_eq_int(int a, int b)
+{
+    unsigned int equal = constant_time_eq_int(a, b);
+    if (a == b && equal != CONSTTIME_TRUE) {
+        fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+                "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal);
+        return 1;
+    } else if (a != b && equal != CONSTTIME_FALSE) {
+        fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+                "expected %du(FALSE), got %du\n",
+                a, b, CONSTTIME_FALSE, equal);
+        return 1;
+    }
+    return 0;
+}
+
+static int test_eq_int_8(int a, int b)
+{
+    unsigned char equal = constant_time_eq_int_8(a, b);
+    if (a == b && equal != CONSTTIME_TRUE_8) {
+        fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+                "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal);
+        return 1;
+    } else if (a != b && equal != CONSTTIME_FALSE_8) {
+        fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+                "expected %u(FALSE), got %u\n",
+                a, b, CONSTTIME_FALSE_8, equal);
+        return 1;
+    }
+    return 0;
+}
+
+static unsigned int test_values[] =
+    { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1,
+    UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1,
+    UINT_MAX
+};
+
+static unsigned char test_values_8[] =
+    { 0, 1, 2, 20, 32, 127, 128, 129, 255 };
+
+static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345,
+    32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1,
+    INT_MIN + 1
+};
+
+int main(int argc, char *argv[])
+{
+    unsigned int a, b, i, j;
+    int c, d;
+    unsigned char e, f;
+    int num_failed = 0, num_all = 0;
+    fprintf(stdout, "Testing constant time operations...\n");
+
+    for (i = 0; i < OSSL_NELEM(test_values); ++i) {
+        a = test_values[i];
+        num_failed += test_is_zero(a);
+        num_failed += test_is_zero_8(a);
+        num_all += 2;
+        for (j = 0; j < OSSL_NELEM(test_values); ++j) {
+            b = test_values[j];
+            num_failed += test_binary_op(&constant_time_lt,
+                                         "constant_time_lt", a, b, a < b);
+            num_failed += test_binary_op_8(&constant_time_lt_8,
+                                           "constant_time_lt_8", a, b, a < b);
+            num_failed += test_binary_op(&constant_time_lt,
+                                         "constant_time_lt_8", b, a, b < a);
+            num_failed += test_binary_op_8(&constant_time_lt_8,
+                                           "constant_time_lt_8", b, a, b < a);
+            num_failed += test_binary_op(&constant_time_ge,
+                                         "constant_time_ge", a, b, a >= b);
+            num_failed += test_binary_op_8(&constant_time_ge_8,
+                                           "constant_time_ge_8", a, b,
+                                           a >= b);
+            num_failed +=
+                test_binary_op(&constant_time_ge, "constant_time_ge", b, a,
+                               b >= a);
+            num_failed +=
+                test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b,
+                                 a, b >= a);
+            num_failed +=
+                test_binary_op(&constant_time_eq, "constant_time_eq", a, b,
+                               a == b);
+            num_failed +=
+                test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a,
+                                 b, a == b);
+            num_failed +=
+                test_binary_op(&constant_time_eq, "constant_time_eq", b, a,
+                               b == a);
+            num_failed +=
+                test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b,
+                                 a, b == a);
+            num_failed += test_select(a, b);
+            num_all += 13;
+        }
+    }
+
+    for (i = 0; i < OSSL_NELEM(signed_test_values); ++i) {
+        c = signed_test_values[i];
+        for (j = 0; j < OSSL_NELEM(signed_test_values); ++j) {
+            d = signed_test_values[j];
+            num_failed += test_select_int(c, d);
+            num_failed += test_eq_int(c, d);
+            num_failed += test_eq_int_8(c, d);
+            num_all += 3;
+        }
+    }
+
+    for (i = 0; i < sizeof(test_values_8); ++i) {
+        e = test_values_8[i];
+        for (j = 0; j < sizeof(test_values_8); ++j) {
+            f = test_values_8[j];
+            num_failed += test_select_8(e, f);
+            num_all += 1;
+        }
+    }
+
+    if (!num_failed) {
+        fprintf(stdout, "success (ran %d tests)\n", num_all);
+        return EXIT_SUCCESS;
+    } else {
+        fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
+        return EXIT_FAILURE;
+    }
+}
diff --git a/openssl-1.1.0h/test/crltest.c b/openssl-1.1.0h/test/crltest.c
new file mode 100644
index 0000000..74db944
--- /dev/null
+++ b/openssl-1.1.0h/test/crltest.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "../e_os.h"
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+
+#include "testutil.h"
+
+#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
+
+static const char *kCRLTestRoot[] = {
+    "-----BEGIN CERTIFICATE-----\n",
+    "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
+    "BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW\n",
+    "aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0\n",
+    "MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n",
+    "A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq\n",
+    "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B\n",
+    "S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+\n",
+    "5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp\n",
+    "uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n\n",
+    "8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL\n",
+    "P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw\n",
+    "TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3\n",
+    "N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n",
+    "AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz\n",
+    "EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN\n",
+    "XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B\n",
+    "3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5\n",
+    "24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw\n",
+    "amd8GKMZQvP0ufGnUn7D7uartA==\n",
+    "-----END CERTIFICATE-----\n",
+    NULL
+};
+
+static const char *kCRLTestLeaf[] = {
+    "-----BEGIN CERTIFICATE-----\n",
+    "MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx\n",
+    "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ\n",
+    "BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa\n",
+    "MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC\n",
+    "b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA\n",
+    "A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9\n",
+    "8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP\n",
+    "ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx\n",
+    "e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX\n",
+    "+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu\n",
+    "OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC\n",
+    "MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl\n",
+    "MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3\n",
+    "lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw\n",
+    "XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ\n",
+    "ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh\n",
+    "lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql\n",
+    "ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC\n",
+    "5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG\n",
+    "tjJMFw==\n",
+    "-----END CERTIFICATE-----\n",
+    NULL
+};
+
+static const char *kBasicCRL[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV\n",
+    "HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN\n",
+    "ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo\n",
+    "eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os\n",
+    "dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv\n",
+    "diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho\n",
+    "/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+static const char *kRevokedCRL[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX\n",
+    "DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB\n",
+    "AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d\n",
+    "sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH\n",
+    "NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5\n",
+    "OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp\n",
+    "Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO\n",
+    "xzfKY2TzxLiOmctG0hXFkH5J\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+static const char *kBadIssuerCRL[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN\n",
+    "Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC\n",
+    "AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF\n",
+    "AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP\n",
+    "t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB\n",
+    "cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL\n",
+    "TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q\n",
+    "L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g\n",
+    "Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+/*
+ * This is kBasicCRL but with a critical issuing distribution point
+ * extension.
+ */
+static const char *kKnownCriticalCRL[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n",
+    "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n",
+    "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n",
+    "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n",
+    "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n",
+    "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n",
+    "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n",
+    "o/1TpfOMSGhMyMoyPrk=\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+/*
+ * kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
+ */
+static const char *kUnknownCriticalCRL[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV\n",
+    "HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA\n",
+    "GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib\n",
+    "Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC\n",
+    "yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ\n",
+    "+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC\n",
+    "nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB\n",
+    "kwzzU2rL3G65CrZ7H0SZsQ==\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+/*
+ * kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
+ * point extension followed by an unknown critical extension
+ */
+static const char *kUnknownCriticalCRL2[] = {
+    "-----BEGIN X509 CRL-----\n",
+    "MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
+    "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
+    "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n",
+    "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n",
+    "DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n",
+    "BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n",
+    "E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n",
+    "rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n",
+    "2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n",
+    "GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n",
+    "-----END X509 CRL-----\n",
+    NULL
+};
+
+
+/*
+ * Glue an array of strings together.  Return a BIO and put the string
+ * into |*out| so we can free it.
+ */
+static BIO *glue(const char **pem, char **out)
+{
+    char *dest;
+    int i;
+    size_t s = 0;
+
+    /* Glue the strings together. */
+    for (i = 0; pem[i] != NULL; ++i)
+        s += strlen(pem[i]);
+    dest = *out = OPENSSL_malloc(s + 1);
+    if (dest == NULL)
+        return NULL;
+    for (i = 0; pem[i] != NULL; ++i)
+        dest += strlen(strcpy(dest, pem[i]));
+    return BIO_new_mem_buf(*out, s);
+}
+
+/*
+ * Create a CRL from an array of strings.
+ */
+static X509_CRL *CRL_from_strings(const char **pem)
+{
+    char *p;
+    BIO *b = glue(pem, &p);
+    X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL);
+
+    OPENSSL_free(p);
+    BIO_free(b);
+    return crl;
+}
+
+/*
+ * Create an X509 from an array of strings.
+ */
+static X509 *X509_from_strings(const char **pem)
+{
+    char *p;
+    BIO *b = glue(pem, &p);
+    X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL);
+
+    OPENSSL_free(p);
+    BIO_free(b);
+    return x;
+}
+
+/*
+ * Verify |leaf| certificate (chained up to |root|).  |crls| if
+ * not NULL, is a list of CRLs to include in the verification. It is
+ * also free'd before returning, which is kinda yucky but convenient.
+ * Returns a value from X509_V_ERR_xxx or X509_V_OK.
+ */
+static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
+                  unsigned long flags)
+{
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+    X509_STORE *store = X509_STORE_new();
+    X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+    STACK_OF(X509) *roots = sk_X509_new_null();
+    int status = X509_V_ERR_UNSPECIFIED;
+
+    if (ctx == NULL || store == NULL || param == NULL || roots == NULL)
+        goto err;
+
+    /* Create a stack; upref the cert because we free it below. */
+    X509_up_ref(root);
+    if (!sk_X509_push(roots, root))
+        goto err;
+
+    if (!X509_STORE_CTX_init(ctx, store, leaf, NULL))
+        goto err;
+    X509_STORE_CTX_set0_trusted_stack(ctx, roots);
+    X509_STORE_CTX_set0_crls(ctx, crls);
+    X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
+    if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) {
+        fprintf(stderr, "set_time/get_time mismatch.\n");
+        goto err;
+    }
+    X509_VERIFY_PARAM_set_depth(param, 16);
+    if (flags)
+        X509_VERIFY_PARAM_set_flags(param, flags);
+    X509_STORE_CTX_set0_param(ctx, param);
+
+    ERR_clear_error();
+    status = X509_verify_cert(ctx) == 1 ? X509_V_OK
+                                        : X509_STORE_CTX_get_error(ctx);
+err:
+    sk_X509_pop_free(roots, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return status;
+}
+
+/*
+ * Create a stack of CRL's.  Upref each one because we call pop_free on
+ * the stack and need to keep the CRL's around until the test exits.
+ * Yes this crashes on malloc failure; it forces us to debug.
+ */
+static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2)
+{
+    STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
+
+    sk_X509_CRL_push(sk, x1);
+    X509_CRL_up_ref(x1);
+    if (x2 != NULL) {
+        sk_X509_CRL_push(sk, x2);
+        X509_CRL_up_ref(x2);
+    }
+    return sk;
+}
+
+static int test_crl()
+{
+    X509 *root = X509_from_strings(kCRLTestRoot);
+    X509 *leaf = X509_from_strings(kCRLTestLeaf);
+    X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);
+    X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);
+    X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
+    X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
+    X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL);
+    X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2);
+    int status = 0;
+
+    if (root == NULL || leaf == NULL || basic_crl == NULL
+            || revoked_crl == NULL || bad_issuer_crl == NULL
+            || known_critical_crl == NULL || unknown_critical_crl == NULL
+            || unknown_critical_crl2 == NULL) {
+        fprintf(stderr, "Failed to parse certificates and CRLs.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(basic_crl, NULL),
+               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
+        fprintf(stderr, "Cert with CRL didn't verify.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl),
+               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) {
+        fprintf(stderr, "Revoked CRL wasn't checked.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, NULL,
+               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
+        fprintf(stderr, "CRLs were not required.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL),
+               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
+        fprintf(stderr, "Bad CRL issuer was unnoticed.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL),
+               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
+        fprintf(stderr, "CRL with known critical extension was rejected.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL),
+               X509_V_FLAG_CRL_CHECK) !=
+            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
+        fprintf(stderr, "CRL with unknown critical extension was accepted.\n");
+        goto err;
+    }
+
+    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL),
+               X509_V_FLAG_CRL_CHECK) !=
+            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
+        fprintf(stderr, "CRL with unknown critical extension (2) was accepted.\n");
+        goto err;
+    }
+
+    status = 1;
+
+err:
+    X509_free(root);
+    X509_free(leaf);
+    X509_CRL_free(basic_crl);
+    X509_CRL_free(revoked_crl);
+    X509_CRL_free(bad_issuer_crl);
+    X509_CRL_free(known_critical_crl);
+    X509_CRL_free(unknown_critical_crl);
+    X509_CRL_free(unknown_critical_crl2);
+    return status;
+}
+
+int main()
+{
+    ADD_TEST(test_crl);
+    return run_tests("crltest");
+}
diff --git a/openssl-1.1.0h/test/ct/log_list.conf b/openssl-1.1.0h/test/ct/log_list.conf
new file mode 100644
index 0000000..4b68e53
--- /dev/null
+++ b/openssl-1.1.0h/test/ct/log_list.conf
@@ -0,0 +1,38 @@
+enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
+
+[test]
+description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==
+
+[pilot]
+description = Google Pilot Log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==
+
+[aviator]
+description = Google Aviator log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==
+
+[rocketeer]
+description = Google Rocketeer log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==
+
+[digicert]
+description = DigiCert Log Server
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==
+
+[certly]
+description = Certly.IO log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==
+
+[izempe]
+description = Izempe log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==
+
+[symantec]
+description = Symantec log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==
+
+[venafi]
+description = Venafi log
+key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB
+
diff --git a/openssl-1.1.0h/test/ct/tls1.sct b/openssl-1.1.0h/test/ct/tls1.sct
new file mode 100644
index 0000000..59362dc
--- /dev/null
+++ b/openssl-1.1.0h/test/ct/tls1.sct
@@ -0,0 +1,12 @@
+Signed Certificate Timestamp:
+    Version   : v1 (0x0)
+    Log ID    : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
+                79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
+    Timestamp : Apr  5 17:04:16.275 2013 GMT
+    Extensions: none
+    Signature : ecdsa-with-SHA256
+                30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
+                D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
+                E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
+                F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
+                05:51:9D:89:ED:BF:08
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/ct_test.c b/openssl-1.1.0h/test/ct_test.c
new file mode 100644
index 0000000..ea90923
--- /dev/null
+++ b/openssl-1.1.0h/test/ct_test.c
@@ -0,0 +1,607 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <ctype.h>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_CT
+
+/* Used when declaring buffers to read text files into */
+#define CT_TEST_MAX_FILE_SIZE 8096
+
+static char *certs_dir = NULL;
+static char *ct_dir = NULL;
+
+typedef struct ct_test_fixture {
+    const char *test_case_name;
+    /* The current time in milliseconds */
+    uint64_t epoch_time_in_ms;
+    /* The CT log store to use during tests */
+    CTLOG_STORE* ctlog_store;
+    /* Set the following to test handling of SCTs in X509 certificates */
+    const char *certs_dir;
+    char *certificate_file;
+    char *issuer_file;
+    /* Expected number of SCTs */
+    int expected_sct_count;
+    /* Expected number of valid SCTS */
+    int expected_valid_sct_count;
+    /* Set the following to test handling of SCTs in TLS format */
+    const unsigned char *tls_sct_list;
+    size_t tls_sct_list_len;
+    STACK_OF(SCT) *sct_list;
+    /*
+     * A file to load the expected SCT text from.
+     * This text will be compared to the actual text output during the test.
+     * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file.
+     */
+    const char *sct_dir;
+    const char *sct_text_file;
+    /* Whether to test the validity of the SCT(s) */
+    int test_validity;
+} CT_TEST_FIXTURE;
+
+static CT_TEST_FIXTURE set_up(const char *const test_case_name)
+{
+    CT_TEST_FIXTURE fixture;
+    int setup_ok = 1;
+
+    memset(&fixture, 0, sizeof(fixture));
+
+    fixture.test_case_name = test_case_name;
+    fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */
+    fixture.ctlog_store = CTLOG_STORE_new();
+
+    if (fixture.ctlog_store == NULL) {
+        setup_ok = 0;
+        fprintf(stderr, "Failed to create a new CT log store\n");
+        goto end;
+    }
+
+    if (CTLOG_STORE_load_default_file(fixture.ctlog_store) != 1) {
+        setup_ok = 0;
+        fprintf(stderr, "Failed to load CT log list\n");
+        goto end;
+    }
+
+end:
+    if (!setup_ok) {
+        CTLOG_STORE_free(fixture.ctlog_store);
+        exit(EXIT_FAILURE);
+    }
+    return fixture;
+}
+
+static void tear_down(CT_TEST_FIXTURE fixture)
+{
+    CTLOG_STORE_free(fixture.ctlog_store);
+    SCT_LIST_free(fixture.sct_list);
+    ERR_print_errors_fp(stderr);
+}
+
+static char *mk_file_path(const char *dir, const char *file)
+{
+    char *full_file = NULL;
+    size_t full_file_l = 0;
+    const char *sep = "";
+#ifndef OPENSSL_SYS_VMS
+    sep = "/";
+#endif
+
+    full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1;
+    full_file = OPENSSL_zalloc(full_file_l);
+    if (full_file != NULL) {
+        OPENSSL_strlcpy(full_file, dir, full_file_l);
+        OPENSSL_strlcat(full_file, sep, full_file_l);
+        OPENSSL_strlcat(full_file, file, full_file_l);
+    }
+
+    return full_file;
+}
+
+static X509 *load_pem_cert(const char *dir, const char *file)
+{
+    X509 *cert = NULL;
+    char *file_path = mk_file_path(dir, file);
+
+    if (file_path != NULL) {
+        BIO *cert_io = BIO_new_file(file_path, "r");
+        OPENSSL_free(file_path);
+
+        if (cert_io != NULL)
+            cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL);
+
+        BIO_free(cert_io);
+    }
+    return cert;
+}
+
+static int read_text_file(const char *dir, const char *file,
+                          char *buffer, int buffer_length)
+{
+    int result = -1;
+    char *file_path = mk_file_path(dir, file);
+
+    if (file_path != NULL) {
+        BIO *file_io = BIO_new_file(file_path, "r");
+        OPENSSL_free(file_path);
+
+        if (file_io != NULL) {
+            result = BIO_read(file_io, buffer, buffer_length);
+            BIO_free(file_io);
+        }
+    }
+
+    return result;
+}
+
+static int compare_sct_list_printout(STACK_OF(SCT) *sct,
+    const char *expected_output)
+{
+    BIO *text_buffer = NULL;
+    char *actual_output = NULL;
+    int result = 1;
+
+    text_buffer = BIO_new(BIO_s_mem());
+    if (text_buffer == NULL) {
+        fprintf(stderr, "Unable to allocate buffer\n");
+        goto end;
+    }
+
+    SCT_LIST_print(sct, text_buffer, 0, "\n", NULL);
+
+    /* Append null terminator because we're about to use the buffer contents
+    * as a string. */
+    if (BIO_write(text_buffer, "\0", 1) != 1) {
+        fprintf(stderr, "Failed to append null terminator to SCT text\n");
+        goto end;
+    }
+
+    BIO_get_mem_data(text_buffer, &actual_output);
+    result = strcmp(actual_output, expected_output);
+
+    if (result != 0) {
+        fprintf(stderr,
+            "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
+            expected_output, actual_output);
+    }
+
+end:
+    BIO_free(text_buffer);
+    return result;
+}
+
+static int compare_extension_printout(X509_EXTENSION *extension,
+                                      const char *expected_output)
+{
+    BIO *text_buffer = NULL;
+    char *actual_output = NULL;
+    int result = 1;
+
+    text_buffer = BIO_new(BIO_s_mem());
+    if (text_buffer == NULL) {
+        fprintf(stderr, "Unable to allocate buffer\n");
+        goto end;
+    }
+
+    if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) {
+        fprintf(stderr, "Failed to print extension\n");
+        goto end;
+    }
+
+    /* Append null terminator because we're about to use the buffer contents
+     * as a string. */
+    if (BIO_write(text_buffer, "\0", 1) != 1) {
+        fprintf(stderr,
+                "Failed to append null terminator to extension text\n");
+        goto end;
+    }
+
+    BIO_get_mem_data(text_buffer, &actual_output);
+    result = strcmp(actual_output, expected_output);
+
+    if (result != 0) {
+        fprintf(stderr,
+                "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n",
+                expected_output, actual_output);
+    }
+
+end:
+    BIO_free(text_buffer);
+    return result;
+}
+
+static int assert_validity(CT_TEST_FIXTURE fixture,
+                           STACK_OF(SCT) *scts,
+                           CT_POLICY_EVAL_CTX *policy_ctx) {
+    int invalid_sct_count = 0;
+    int valid_sct_count = 0;
+    int i;
+
+    if (SCT_LIST_validate(scts, policy_ctx) < 0) {
+        fprintf(stderr, "Error verifying SCTs\n");
+        return 0;
+    }
+
+    for (i = 0; i < sk_SCT_num(scts); ++i) {
+        SCT *sct_i = sk_SCT_value(scts, i);
+        switch (SCT_get_validation_status(sct_i)) {
+        case SCT_VALIDATION_STATUS_VALID:
+            ++valid_sct_count;
+            break;
+        case SCT_VALIDATION_STATUS_INVALID:
+            ++invalid_sct_count;
+            break;
+        default:
+            /* Ignore other validation statuses. */
+            break;
+        }
+    }
+
+    if (valid_sct_count != fixture.expected_valid_sct_count) {
+        int unverified_sct_count = sk_SCT_num(scts) -
+                invalid_sct_count - valid_sct_count;
+
+        fprintf(stderr,
+                "%d SCTs failed verification\n"
+                "%d SCTs passed verification (%d expected)\n"
+                "%d SCTs were unverified\n",
+                invalid_sct_count,
+                valid_sct_count,
+                fixture.expected_valid_sct_count,
+                unverified_sct_count);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int execute_cert_test(CT_TEST_FIXTURE fixture)
+{
+    int success = 0;
+    X509 *cert = NULL, *issuer = NULL;
+    STACK_OF(SCT) *scts = NULL;
+    SCT *sct = NULL;
+    char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
+    int sct_text_len = 0;
+    unsigned char *tls_sct_list = NULL;
+    size_t tls_sct_list_len = 0;
+    CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
+
+    if (fixture.sct_text_file != NULL) {
+        sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file,
+                                      expected_sct_text,
+                                      CT_TEST_MAX_FILE_SIZE - 1);
+
+        if (sct_text_len < 0) {
+            fprintf(stderr, "Test data file not found: %s\n",
+                fixture.sct_text_file);
+            goto end;
+        }
+
+        expected_sct_text[sct_text_len] = '\0';
+    }
+
+    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(
+            ct_policy_ctx, fixture.ctlog_store);
+
+    CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture.epoch_time_in_ms);
+
+    if (fixture.certificate_file != NULL) {
+        int sct_extension_index;
+        X509_EXTENSION *sct_extension = NULL;
+        cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file);
+
+        if (cert == NULL) {
+            fprintf(stderr, "Unable to load certificate: %s\n",
+                fixture.certificate_file);
+            goto end;
+        }
+
+        CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert);
+
+        if (fixture.issuer_file != NULL) {
+            issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
+
+            if (issuer == NULL) {
+                fprintf(stderr, "Unable to load issuer certificate: %s\n",
+                        fixture.issuer_file);
+                goto end;
+            }
+
+            CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer);
+        }
+
+        sct_extension_index =
+                X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1);
+        sct_extension = X509_get_ext(cert, sct_extension_index);
+        if (fixture.expected_sct_count > 0) {
+            if (sct_extension == NULL) {
+                fprintf(stderr, "SCT extension not found in: %s\n",
+                    fixture.certificate_file);
+                goto end;
+            }
+
+            if (fixture.sct_text_file
+                && compare_extension_printout(sct_extension,
+                                              expected_sct_text)) {
+                    goto end;
+            }
+
+            if (fixture.test_validity) {
+                int i;
+
+                scts = X509V3_EXT_d2i(sct_extension);
+                for (i = 0; i < sk_SCT_num(scts); ++i) {
+                    SCT *sct_i = sk_SCT_value(scts, i);
+
+                    if (!SCT_set_source(sct_i, SCT_SOURCE_X509V3_EXTENSION)) {
+                        fprintf(stderr,
+                                "Error setting SCT source to X509v3 extension\n");
+                        goto end;
+                    }
+                }
+
+                if (!assert_validity(fixture, scts, ct_policy_ctx))
+                    goto end;
+            }
+        } else if (sct_extension != NULL) {
+            fprintf(stderr,
+                    "Expected no SCTs, but found SCT extension in: %s\n",
+                    fixture.certificate_file);
+            goto end;
+        }
+    }
+
+    if (fixture.tls_sct_list != NULL) {
+        const unsigned char *p = fixture.tls_sct_list;
+        if (o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len) == NULL) {
+            fprintf(stderr, "Failed to decode SCTs from TLS format\n");
+            goto end;
+        }
+
+        if (fixture.test_validity && cert != NULL) {
+            if (!assert_validity(fixture, scts, ct_policy_ctx))
+                goto end;
+        }
+
+        if (fixture.sct_text_file
+            && compare_sct_list_printout(scts, expected_sct_text)) {
+                goto end;
+        }
+
+        tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list);
+        if (tls_sct_list_len != fixture.tls_sct_list_len ||
+            memcmp(fixture.tls_sct_list, tls_sct_list, tls_sct_list_len) != 0) {
+            fprintf(stderr,
+                    "Failed to encode SCTs into TLS format correctly\n");
+            goto end;
+        }
+    }
+    success = 1;
+
+end:
+    X509_free(cert);
+    X509_free(issuer);
+    SCT_LIST_free(scts);
+    SCT_free(sct);
+    CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
+    OPENSSL_free(tls_sct_list);
+    return success;
+}
+
+#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up)
+#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down)
+
+static int test_no_scts_in_certificate()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "leaf.pem";
+    fixture.issuer_file = "subinterCA.pem";
+    fixture.expected_sct_count = 0;
+    EXECUTE_CT_TEST();
+}
+
+static int test_one_sct_in_certificate()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "embeddedSCTs1.pem";
+    fixture.issuer_file = "embeddedSCTs1_issuer.pem";
+    fixture.expected_sct_count = 1;
+    fixture.sct_dir = certs_dir;
+    fixture.sct_text_file = "embeddedSCTs1.sct";
+    EXECUTE_CT_TEST();
+}
+
+static int test_multiple_scts_in_certificate()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "embeddedSCTs3.pem";
+    fixture.issuer_file = "embeddedSCTs3_issuer.pem";
+    fixture.expected_sct_count = 3;
+    fixture.sct_dir = certs_dir;
+    fixture.sct_text_file = "embeddedSCTs3.sct";
+    EXECUTE_CT_TEST();
+}
+
+static int test_verify_one_sct()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "embeddedSCTs1.pem";
+    fixture.issuer_file = "embeddedSCTs1_issuer.pem";
+    fixture.expected_sct_count = fixture.expected_valid_sct_count = 1;
+    fixture.test_validity = 1;
+    EXECUTE_CT_TEST();
+}
+
+static int test_verify_multiple_scts()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "embeddedSCTs3.pem";
+    fixture.issuer_file = "embeddedSCTs3_issuer.pem";
+    fixture.expected_sct_count = fixture.expected_valid_sct_count = 3;
+    fixture.test_validity = 1;
+    EXECUTE_CT_TEST();
+}
+
+static int test_verify_fails_for_future_sct()
+{
+    SETUP_CT_TEST_FIXTURE();
+    fixture.epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */
+    fixture.certs_dir = certs_dir;
+    fixture.certificate_file = "embeddedSCTs1.pem";
+    fixture.issuer_file = "embeddedSCTs1_issuer.pem";
+    fixture.expected_sct_count = 1;
+    fixture.expected_valid_sct_count = 0;
+    fixture.test_validity = 1;
+    EXECUTE_CT_TEST();
+}
+
+static int test_decode_tls_sct()
+{
+    const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */
+        "\x00\x76"
+        "\x00" /* version */
+        /* log ID */
+        "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
+        "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64"
+        "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */
+        "\x00\x00" /* extensions length */
+        "" /* extensions */
+        "\x04\x03" /* hash and signature algorithms */
+        "\x00\x47" /* signature length */
+        /* signature */
+        "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6"
+        "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2"
+        "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB"
+        "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89"
+        "\xED\xBF\x08";
+
+    SETUP_CT_TEST_FIXTURE();
+    fixture.tls_sct_list = tls_sct_list;
+    fixture.tls_sct_list_len = 0x7a;
+    fixture.sct_dir = ct_dir;
+    fixture.sct_text_file = "tls1.sct";
+    EXECUTE_CT_TEST();
+}
+
+static int test_encode_tls_sct()
+{
+    const char log_id[] = "3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4LvT9012Q=";
+    const uint64_t timestamp = 1;
+    const char extensions[] = "";
+    const char signature[] = "BAMARzBAMiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUwKI+j5"
+            "eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8I";
+    SCT *sct = NULL;
+
+    SETUP_CT_TEST_FIXTURE();
+
+    fixture.sct_list = sk_SCT_new_null();
+    sct = SCT_new_from_base64(SCT_VERSION_V1, log_id,
+                              CT_LOG_ENTRY_TYPE_X509, timestamp,
+                              extensions, signature);
+
+    if (sct == NULL) {
+        tear_down(fixture);
+        fprintf(stderr, "Failed to create SCT from base64-encoded test data\n");
+        return 0;
+    }
+
+    sk_SCT_push(fixture.sct_list, sct);
+    fixture.sct_dir = ct_dir;
+    fixture.sct_text_file = "tls1.sct";
+    EXECUTE_CT_TEST();
+}
+
+/*
+ * Tests that the CT_POLICY_EVAL_CTX default time is approximately now.
+ * Allow +-10 minutes, as it may compensate for clock skew.
+ */
+static int test_default_ct_policy_eval_ctx_time_is_now()
+{
+    int success = 0;
+    CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
+    const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) /
+            1000;
+    const time_t time_tolerance = 600;  /* 10 minutes */
+
+    if (fabs(difftime(time(NULL), default_time)) > time_tolerance) {
+        fprintf(stderr,
+                "Default CT_POLICY_EVAL_CTX time is not approximately now.\n");
+        goto end;
+    }
+
+    success = 1;
+end:
+    CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
+    return success;
+}
+
+int main(int argc, char *argv[])
+{
+    int result = 0;
+    char *tmp_env = NULL;
+
+    tmp_env = getenv("OPENSSL_DEBUG_MEMORY");
+    if (tmp_env != NULL && strcmp(tmp_env, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    tmp_env = getenv("CT_DIR");
+    ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct");
+    tmp_env = getenv("CERTS_DIR");
+    certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs");
+
+    ADD_TEST(test_no_scts_in_certificate);
+    ADD_TEST(test_one_sct_in_certificate);
+    ADD_TEST(test_multiple_scts_in_certificate);
+    ADD_TEST(test_verify_one_sct);
+    ADD_TEST(test_verify_multiple_scts);
+    ADD_TEST(test_verify_fails_for_future_sct);
+    ADD_TEST(test_decode_tls_sct);
+    ADD_TEST(test_encode_tls_sct);
+    ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now);
+
+    result = run_tests(argv[0]);
+    ERR_print_errors_fp(stderr);
+
+    OPENSSL_free(ct_dir);
+    OPENSSL_free(certs_dir);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        result = 1;
+#endif
+
+    return result;
+}
+
+#else /* OPENSSL_NO_CT */
+
+int main(int argc, char* argv[])
+{
+    return EXIT_SUCCESS;
+}
+
+#endif /* OPENSSL_NO_CT */
diff --git a/openssl-1.1.0h/test/d2i-tests/bad-cms.der b/openssl-1.1.0h/test/d2i-tests/bad-cms.der
new file mode 100644
index 0000000..19cd3cc
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad-cms.der
@@ -0,0 +1 @@
+0	*†H†÷

 	0
10

\ No newline at end of file
diff --git a/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der b/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der
new file mode 100644
index 0000000..46f6092
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der
diff --git a/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der b/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der
new file mode 100644
index 0000000..a4b6bb9
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der
@@ -0,0 +1 @@
+ÿÿ
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/d2i-tests/bad_bio.der b/openssl-1.1.0h/test/d2i-tests/bad_bio.der
new file mode 100644
index 0000000..8681f05
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad_bio.der
diff --git a/openssl-1.1.0h/test/d2i-tests/bad_cert.der b/openssl-1.1.0h/test/d2i-tests/bad_cert.der
new file mode 100644
index 0000000..f75efad
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad_cert.der
diff --git a/openssl-1.1.0h/test/d2i-tests/bad_generalname.der b/openssl-1.1.0h/test/d2i-tests/bad_generalname.der
new file mode 100644
index 0000000..af45855
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/bad_generalname.der
@@ -0,0 +1 @@
+¥€0;¶!;)''ï÷!l¿(,:µ¿(*;©:§«½:“*�*;i)*w*ë)ã;U:'):ñ;l*!'Ò£
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/d2i-tests/high_tag.der b/openssl-1.1.0h/test/d2i-tests/high_tag.der
new file mode 100644
index 0000000..5c523ec
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/high_tag.der
diff --git a/openssl-1.1.0h/test/d2i-tests/int0.der b/openssl-1.1.0h/test/d2i-tests/int0.der
new file mode 100644
index 0000000..bbfb76b
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/int0.der
diff --git a/openssl-1.1.0h/test/d2i-tests/int1.der b/openssl-1.1.0h/test/d2i-tests/int1.der
new file mode 100644
index 0000000..26dd6b1
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/int1.der
@@ -0,0 +1 @@
+


\ No newline at end of file
diff --git a/openssl-1.1.0h/test/d2i-tests/intminus1.der b/openssl-1.1.0h/test/d2i-tests/intminus1.der
new file mode 100644
index 0000000..e7c1cea
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i-tests/intminus1.der
@@ -0,0 +1 @@
+
ÿ
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/d2i_test.c b/openssl-1.1.0h/test/d2i_test.c
new file mode 100644
index 0000000..5274270
--- /dev/null
+++ b/openssl-1.1.0h/test/d2i_test.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Regression tests for ASN.1 parsing bugs. */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "testutil.h"
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
+#include "e_os.h"
+
+static const ASN1_ITEM *item_type;
+static const char *test_file;
+
+typedef enum {
+    ASN1_UNKNOWN,
+    ASN1_OK,
+    ASN1_BIO,
+    ASN1_DECODE,
+    ASN1_ENCODE,
+    ASN1_COMPARE
+} expected_error_t;
+
+typedef struct {
+    const char *str;
+    expected_error_t code;
+} error_enum;
+
+static expected_error_t expected_error = ASN1_UNKNOWN;
+
+typedef struct d2i_test_fixture {
+    const char *test_case_name;
+} D2I_TEST_FIXTURE;
+
+static D2I_TEST_FIXTURE set_up(const char *const test_case_name)
+{
+    D2I_TEST_FIXTURE fixture;
+    fixture.test_case_name = test_case_name;
+    return fixture;
+}
+
+static int execute_test(D2I_TEST_FIXTURE fixture)
+{
+    BIO *bio = NULL;
+    ASN1_VALUE *value = NULL;
+    int ret = 0;
+    unsigned char buf[2048];
+    const unsigned char *buf_ptr = buf;
+    unsigned char *der = NULL;
+    int derlen;
+    int len;
+
+    if ((bio = BIO_new_file(test_file, "r")) == NULL)
+        return 0;
+
+    if (expected_error == ASN1_BIO) {
+        value = ASN1_item_d2i_bio(item_type, bio, NULL);
+        if (value == NULL)
+            ret = 1;
+        goto err;
+    }
+
+    /*
+     * Unless we are testing it we don't use ASN1_item_d2i_bio because it
+     * performs sanity checks on the input and can reject it before the
+     * decoder is called.
+     */
+    len = BIO_read(bio, buf, sizeof(buf));
+    if (len < 0)
+        goto err;
+
+    value = ASN1_item_d2i(NULL, &buf_ptr, len, item_type);
+    if (value == NULL) {
+        if (expected_error == ASN1_DECODE)
+            ret = 1;
+        goto err;
+    }
+
+    derlen = ASN1_item_i2d(value, &der, item_type);
+
+    if (der == NULL || derlen < 0) {
+        if (expected_error == ASN1_ENCODE)
+            ret = 1;
+        goto err;
+    }
+
+    if (derlen != len || memcmp(der, buf, derlen) != 0) {
+        if (expected_error == ASN1_COMPARE)
+            ret = 1;
+        goto err;
+    }
+
+    if (expected_error == ASN1_OK)
+        ret = 1;
+
+ err:
+    /* Don't indicate success for memory allocation errors */
+    if (ret == 1 && ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
+        ret = 0;
+    BIO_free(bio);
+    OPENSSL_free(der);
+    ASN1_item_free(value, item_type);
+    return ret;
+}
+
+static void tear_down(D2I_TEST_FIXTURE fixture)
+{
+    ERR_print_errors_fp(stderr);
+}
+
+#define SETUP_D2I_TEST_FIXTURE() \
+    SETUP_TEST_FIXTURE(D2I_TEST_FIXTURE, set_up)
+
+#define EXECUTE_D2I_TEST() \
+    EXECUTE_TEST(execute_test, tear_down)
+
+static int test_bad_asn1()
+{
+    SETUP_D2I_TEST_FIXTURE();
+    EXECUTE_D2I_TEST();
+}
+
+/*
+ * Usage: d2i_test <type> <file>, e.g.
+ * d2i_test generalname bad_generalname.der
+ */
+int main(int argc, char **argv)
+{
+    int result = 0;
+    const char *test_type_name;
+    const char *expected_error_string;
+    const char *p = getenv("OPENSSL_DEBUG_MEMORY");
+
+    size_t i;
+    static ASN1_ITEM_EXP *items[] = {
+        ASN1_ITEM_ref(ASN1_ANY),
+        ASN1_ITEM_ref(X509),
+        ASN1_ITEM_ref(GENERAL_NAME),
+        ASN1_ITEM_ref(ASN1_INTEGER),
+#ifndef OPENSSL_NO_CMS
+        ASN1_ITEM_ref(CMS_ContentInfo)
+#endif
+    };
+
+    static error_enum expected_errors[] = {
+        {"OK", ASN1_OK},
+        {"BIO", ASN1_BIO},
+        {"decode", ASN1_DECODE},
+        {"encode", ASN1_ENCODE},
+        {"compare", ASN1_COMPARE}
+    };
+
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (argc != 4) {
+        fprintf(stderr,
+                "Usage: d2i_test item_name expected_error file.der\n");
+        return 1;
+    }
+
+    test_type_name = argv[1];
+    expected_error_string = argv[2];
+    test_file = argv[3];
+
+    for (i = 0; i < OSSL_NELEM(items); i++) {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
+        if (strcmp(test_type_name, it->sname) == 0) {
+            item_type = it;
+            break;
+        }
+    }
+    if (item_type == NULL) {
+        fprintf(stderr, "Unknown type %s\n", test_type_name);
+        fprintf(stderr, "Supported types:\n");
+        for (i = 0; i < OSSL_NELEM(items); i++) {
+            const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
+            fprintf(stderr, "\t%s\n", it->sname);
+        }
+        return 1;
+    }
+
+    for (i = 0; i < OSSL_NELEM(expected_errors); i++) {
+        if (strcmp(expected_errors[i].str, expected_error_string) == 0) {
+            expected_error = expected_errors[i].code;
+            break;
+        }
+    }
+
+    if (expected_error == ASN1_UNKNOWN) {
+        fprintf(stderr, "Unknown expected error %s\n", expected_error_string);
+        return 1;
+    }
+
+    ADD_TEST(test_bad_asn1);
+
+    result = run_tests(argv[0]);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        result = 1;
+#endif
+
+    return result;
+}
diff --git a/openssl-1.1.0h/test/danetest.c b/openssl-1.1.0h/test/danetest.c
new file mode 100644
index 0000000..7fa6a2f
--- /dev/null
+++ b/openssl-1.1.0h/test/danetest.c
@@ -0,0 +1,504 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#include "../e_os.h"
+
+#define _UC(c) ((unsigned char)(c))
+
+static const char *progname;
+
+/*
+ * Forward declaration, of function that uses internal interfaces, from headers
+ * included at the end of this module.
+ */
+static void store_ctx_dane_init(X509_STORE_CTX *, SSL *);
+
+static int saved_errno;
+
+static void save_errno(void)
+{
+    saved_errno = errno;
+}
+
+static int restore_errno(void)
+{
+    int ret = errno;
+    errno = saved_errno;
+    return ret;
+}
+
+static void test_usage(void)
+{
+    fprintf(stderr, "usage: %s: danetest basedomain CAfile tlsafile\n", progname);
+}
+
+static void print_errors(void)
+{
+    unsigned long err;
+    char buffer[1024];
+    const char *file;
+    const char *data;
+    int line;
+    int flags;
+
+    while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(err, buffer, sizeof(buffer));
+        if (flags & ERR_TXT_STRING)
+            fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data);
+        else
+            fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line);
+    }
+}
+
+static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
+{
+    int ret = -1;
+    X509_STORE_CTX *store_ctx;
+    SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
+    X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+    int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+    X509 *cert = sk_X509_value(chain, 0);
+
+    if ((store_ctx = X509_STORE_CTX_new()) == NULL)
+        return -1;
+
+    if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
+        goto end;
+    if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))
+        goto end;
+
+    X509_STORE_CTX_set_default(store_ctx,
+            SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+    X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
+            SSL_get0_param(ssl));
+    store_ctx_dane_init(store_ctx, ssl);
+
+    if (SSL_get_verify_callback(ssl))
+        X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
+
+    ret = X509_verify_cert(store_ctx);
+
+    SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
+    X509_STORE_CTX_cleanup(store_ctx);
+end:
+    X509_STORE_CTX_free(store_ctx);
+
+    return (ret);
+}
+
+static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
+{
+    int count;
+    char *name = 0;
+    char *header = 0;
+    unsigned char *data = 0;
+    long len;
+    char *errtype = 0;                /* if error: cert or pkey? */
+    STACK_OF(X509) *chain;
+    typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
+
+    if ((chain = sk_X509_new_null()) == 0) {
+        perror("malloc");
+        exit(1);
+    }
+
+    for (count = 0;
+         count < nelem && errtype == 0
+         && PEM_read_bio(fp, &name, &header, &data, &len);
+         ++count) {
+        const unsigned char *p = data;
+
+        if (strcmp(name, PEM_STRING_X509) == 0
+            || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+            || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+            d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
+                d2i_X509_AUX : d2i_X509;
+            X509 *cert = d(0, &p, len);
+
+            if (cert == 0 || (p - data) != len)
+                errtype = "certificate";
+            else if (sk_X509_push(chain, cert) == 0) {
+                perror("malloc");
+                goto err;
+            }
+        } else {
+            fprintf(stderr, "unexpected chain file object: %s\n", name);
+            goto err;
+        }
+
+        /*
+         * If any of these were null, PEM_read() would have failed.
+         */
+        OPENSSL_free(name);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
+    }
+
+    if (errtype) {
+        fprintf(stderr, "error reading: malformed %s\n", errtype);
+        goto err;
+    }
+
+    if (count == nelem) {
+        ERR_clear_error();
+        return chain;
+    }
+
+err:
+    /* Some other PEM read error */
+    sk_X509_pop_free(chain, X509_free);
+    print_errors();
+    return NULL;
+}
+
+static char *read_to_eol(BIO *f)
+{
+    static char buf[1024];
+    int n;
+
+    if (!BIO_gets(f, buf, sizeof(buf)))
+        return NULL;
+
+    n = strlen(buf);
+
+    if (buf[n-1] != '\n') {
+        if (n+1 == sizeof(buf)) {
+            fprintf(stderr, "%s: warning: input too long\n", progname);
+        } else {
+            fprintf(stderr, "%s: warning: EOF before newline\n", progname);
+        }
+        return NULL;
+    }
+
+    /* Trim trailing whitespace */
+    while (n > 0 && isspace(_UC(buf[n-1])))
+        buf[--n] = '\0';
+
+    return buf;
+}
+
+/*
+ * Hex decoder that tolerates optional whitespace
+ */
+static ossl_ssize_t hexdecode(const char *in, void *result)
+{
+    unsigned char **out = (unsigned char **)result;
+    unsigned char *ret = OPENSSL_malloc(strlen(in)/2);
+    unsigned char *cp = ret;
+    uint8_t byte;
+    int nibble = 0;
+
+    if (ret == NULL)
+        return -1;
+
+    for (byte = 0; *in; ++in) {
+        int x;
+
+        if (isspace(_UC(*in)))
+            continue;
+        x = OPENSSL_hexchar2int(*in);
+        if (x < 0) {
+            OPENSSL_free(ret);
+            return 0;
+        }
+        byte |= (char)x;
+        if ((nibble ^= 1) == 0) {
+            *cp++ = byte;
+            byte = 0;
+        } else {
+            byte <<= 4;
+        }
+    }
+    if (nibble != 0) {
+        OPENSSL_free(ret);
+        return 0;
+    }
+
+    return cp - (*out = ret);
+}
+
+static ossl_ssize_t checked_uint8(const char *in, void *out)
+{
+    uint8_t *result = (uint8_t *)out;
+    const char *cp = in;
+    char *endp;
+    long v;
+    int e;
+
+    save_errno();
+    v = strtol(cp, &endp, 10);
+    e = restore_errno();
+
+    if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
+        endp == cp || !isspace(_UC(*endp)) ||
+        v != (*(uint8_t *)result = (uint8_t) v)) {
+        return -1;
+    }
+    for (cp = endp; isspace(_UC(*cp)); ++cp)
+        continue;
+    return cp - in;
+}
+
+struct tlsa_field {
+    void *var;
+    const char *name;
+    ossl_ssize_t (*parser)(const char *, void *);
+};
+
+static int tlsa_import_rr(SSL *ssl, const char *rrdata)
+{
+    static uint8_t usage;
+    static uint8_t selector;
+    static uint8_t mtype;
+    static unsigned char *data = NULL;
+    static struct tlsa_field tlsa_fields[] = {
+        { &usage, "usage", checked_uint8 },
+        { &selector, "selector", checked_uint8 },
+        { &mtype, "mtype", checked_uint8 },
+        { &data, "data", hexdecode },
+        { NULL, }
+    };
+    int ret;
+    struct tlsa_field *f;
+    const char *cp = rrdata;
+    ossl_ssize_t len = 0;
+
+    for (f = tlsa_fields; f->var; ++f) {
+        if ((len = f->parser(cp += len, f->var)) <= 0) {
+            fprintf(stderr, "%s: warning: bad TLSA %s field in: %s\n",
+                    progname, f->name, rrdata);
+            return 0;
+        }
+    }
+    ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+    OPENSSL_free(data);
+
+    if (ret == 0) {
+        print_errors();
+        fprintf(stderr, "%s: warning: unusable TLSA rrdata: %s\n",
+                progname, rrdata);
+        return 0;
+    }
+    if (ret < 0) {
+        fprintf(stderr, "%s: warning: error loading TLSA rrdata: %s\n",
+                progname, rrdata);
+        return 0;
+    }
+    return ret;
+}
+
+static int allws(const char *cp)
+{
+    while (*cp)
+        if (!isspace(_UC(*cp++)))
+            return 0;
+    return 1;
+}
+
+static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
+                         BIO *f, const char *path)
+{
+    char *line;
+    int testno = 0;
+    int ret = 1;
+    SSL *ssl;
+
+    while (ret > 0 && (line = read_to_eol(f)) != NULL) {
+        STACK_OF(X509) *chain;
+        int ntlsa;
+        int ncert;
+        int noncheck;
+        int want;
+        int want_depth;
+        int off;
+        int i;
+        int ok;
+        int err;
+        int mdpth;
+
+        if (*line == '\0' || *line == '#')
+            continue;
+
+        ++testno;
+        if (sscanf(line, "%d %d %d %d %d%n",
+                   &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5
+            || !allws(line + off)) {
+            fprintf(stderr, "Expected tlsa count, cert count and result"
+                    " at test %d of %s\n", testno, path);
+            return 0;
+        }
+
+        if ((ssl = SSL_new(ctx)) == NULL)
+            return -1;
+        SSL_set_connect_state(ssl);
+        if (SSL_dane_enable(ssl, base_name) <= 0) {
+            SSL_free(ssl);
+            return -1;
+        }
+        if (noncheck)
+            SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+        for (i = 0; i < ntlsa; ++i) {
+            if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) {
+                SSL_free(ssl);
+                return 0;
+            }
+        }
+
+        /* Don't report old news */
+        ERR_clear_error();
+        chain = load_chain(f, ncert);
+        if (chain == NULL) {
+            SSL_free(ssl);
+            return -1;
+        }
+
+        ok = verify_chain(ssl, chain);
+        sk_X509_pop_free(chain, X509_free);
+        err = SSL_get_verify_result(ssl);
+        /*
+         * Peek under the hood, normally TLSA match data is hidden when
+         * verification fails, we can obtain any suppressed data by setting the
+         * verification result to X509_V_OK before looking.
+         */
+        SSL_set_verify_result(ssl, X509_V_OK);
+        mdpth = SSL_get0_dane_authority(ssl, NULL, NULL);
+        /* Not needed any more, but lead by example and put the error back. */
+        SSL_set_verify_result(ssl, err);
+        SSL_free(ssl);
+
+        if (ok < 0) {
+            ret = 0;
+            fprintf(stderr, "verify_chain internal error in %s test %d\n",
+                    path, testno);
+            print_errors();
+            continue;
+        }
+        if (err != want || (want == 0 && !ok)) {
+            ret = 0;
+            if (err != want) {
+                if (want == X509_V_OK)
+                    fprintf(stderr, "Verification failure in %s test %d: %d: %s\n",
+                            path, testno, err, X509_verify_cert_error_string(err));
+                else
+                    fprintf(stderr, "Unexpected error in %s test %d: %d: wanted %d\n",
+                            path, testno, err, want);
+            } else {
+                fprintf(stderr, "Verification failure in %s test %d: ok=0\n",
+                        path, testno);
+            }
+            print_errors();
+            continue;
+        }
+        if (mdpth != want_depth) {
+            ret = 0;
+            fprintf(stderr, "Wrong match depth, in %s test %d: wanted %d, got: %d\n",
+                    path, testno, want_depth, mdpth);
+        }
+        fprintf(stderr, "%s: test %d successful\n", path, testno);
+    }
+    ERR_clear_error();
+
+    return ret;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *f;
+    BIO *bio_err;
+    SSL_CTX *ctx = NULL;
+    const char *basedomain;
+    const char *CAfile;
+    const char *tlsafile;
+    const char *p;
+    int ret = 1;
+
+    progname = argv[0];
+    if (argc != 4) {
+        test_usage();
+        EXIT(ret);
+    }
+    basedomain = argv[1];
+    CAfile = argv[2];
+    tlsafile = argv[3];
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    f = BIO_new_file(tlsafile, "r");
+    if (f == NULL) {
+        fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n",
+                progname, tlsafile, strerror(errno));
+        EXIT(ret);
+    }
+
+    ctx = SSL_CTX_new(TLS_client_method());
+    if (SSL_CTX_dane_enable(ctx) <= 0) {
+        print_errors();
+        goto end;
+    }
+    if (!SSL_CTX_load_verify_locations(ctx, CAfile, NULL)) {
+        print_errors();
+        goto end;
+    }
+    if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1)) <= 0) {
+        print_errors();
+        goto end;
+    }
+    if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2)) <= 0) {
+        print_errors();
+        goto end;
+    }
+
+    if (test_tlsafile(ctx, basedomain, f, tlsafile) <= 0) {
+        print_errors();
+        goto end;
+    }
+
+    ret = 0;
+
+end:
+
+    BIO_free(f);
+    SSL_CTX_free(ctx);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
+
+#include <internal/dane.h>
+
+static void store_ctx_dane_init(X509_STORE_CTX *store_ctx, SSL *ssl)
+{
+    X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
+}
diff --git a/openssl-1.1.0h/test/danetest.in b/openssl-1.1.0h/test/danetest.in
new file mode 100644
index 0000000..0cedf10
--- /dev/null
+++ b/openssl-1.1.0h/test/danetest.in
@@ -0,0 +1,1878 @@
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# Blank and comment lines ignored.
+#
+# The first line in each block takes the form:
+#
+#       <TLSA-count> <cert-count> <nonamechecks> <desired-verify-result> <desired-match-depth>
+#
+# It is followed by <TLSA-count> lines of the form:
+#
+#       <usage> <selector> <mtype> <hex-data>
+#
+# and finally, by <cert-count> certificates.
+
+# Test chain matching TLSA records
+# --
+# subject= CN = example.com
+# 3 0 0 308201943082013BA003020102020102300A06082A8648CE3D04030230143112301006035504030C094973737565722043413020170D3135313231333233323335325A180F33303135303431353233323335325A30163114301206035504030C0B6578616D706C652E636F6D3059301306072A8648CE3D020106082A8648CE3D03010703420004664995F47BDE35E7B4DE48B258E9E8A07ADEBBDB863B3D06F481A1946C83DA9F56CFF4D9389B855D2F364B1585B0C734FCFA263026964FF5A4308B3FC879BDB8A37A3078301D0603551D0E041604145B20CA417D9088C7A4C017CB6C0C1C739BB07D8A301F0603551D230418301680147AB75A3CD295CA5DF7C5150916E18FF5CC376A1530090603551D130402300030130603551D25040C300A06082B0601050507030130160603551D11040F300D820B6578616D706C652E636F6D300A06082A8648CE3D0403020347003044021F21C9032A5C8A93872D3F4AEF321A9574DD956D43BD93C369944C72D6902858022100C8B3290D7AF37E571A84D704DBAD339D2987D41852DC5936F212947063911181
+# 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+# 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
+# 3 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004664995F47BDE35E7B4DE48B258E9E8A07ADEBBDB863B3D06F481A1946C83DA9F56CFF4D9389B855D2F364B1585B0C734FCFA263026964FF5A4308B3FC879BDB8
+# 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+# 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+# -- 
+# subject= CN = Issuer CA
+# 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
+# 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+# 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
+# 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
+# 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+# 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+# --
+# subject= CN = Root CA
+# 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
+# 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+# 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
+# 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
+# 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
+# 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+
+# Renumber:
+# << 'EOF' perl -pe 'BEGIN {$t = 0; $/="\n\n"} if (s/\A\s*# \d+\s*?\n//sm) {printf "# %d\n", ++$t}'
+
+## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests
+
+# 1
+1 1 1 0 0
+3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 2
+1 1 1 0 0
+3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 3
+1 1 1 0 0
+3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 4
+1 1 1 0 0
+3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 5
+1 1 1 65 -1
+3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 6
+1 1 1 65 -1
+3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 7
+1 1 1 65 -1
+3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 8
+1 1 1 65 -1
+3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+## -- DANE-?? chain tests --
+
+# 9
+1 3 0 0 0
+3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 10
+1 3 0 0 0
+3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 11
+1 3 0 0 0
+3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 12
+1 3 0 0 0
+3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 13
+1 3 0 0 1
+2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 14
+1 3 0 0 1
+2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 15
+1 3 0 0 1
+2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 16
+1 3 0 0 1
+2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 17
+1 3 0 0 2
+2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 18
+1 3 0 0 2
+2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 19
+1 3 0 0 2
+2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 20
+1 3 0 0 2
+2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+## -- PKIX-?? chain tests --
+
+# 21
+1 2 0 0 0
+1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 22
+1 2 0 0 0
+1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 23
+1 3 0 0 0
+1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 24
+1 3 0 0 0
+1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 25
+1 2 0 0 1
+0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 26
+1 2 0 0 1
+0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 27
+1 3 0 0 1
+0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 28
+1 3 0 0 1
+0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 29
+1 2 0 0 2
+0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 30
+1 2 0 0 2
+0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 31
+1 3 0 0 2
+0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 32
+1 3 0 0 2
+0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+## -- PKIX-?? chain failures --
+
+# 33
+# Missing intermediate CA
+1 1 0 20 0
+1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+
+# 34
+# Missing PKIX intermediate, provided via DNS
+2 1 0 0 0
+1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
+0 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+
+# 35
+# Wrong leaf digest
+1 3 0 65 -1
+1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 36
+# Wrong intermediate digest
+1 2 0 65 -1
+0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 37
+# Wrong root digest
+1 2 0 65 -1
+0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+## -- Mixed usage cases
+
+# 38
+# DANE-EE(3) beats DANE-TA(2)
+1 3 0 0 0
+3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
+2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 39
+# DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
+1 3 0 0 1
+2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
+2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 40
+# DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
+1 3 0 0 2
+2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 41
+# DANE-TA(2) depth 2 beats PKIX-EE depth 0
+1 3 0 0 2
+2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
+0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
+
+# 42
+# DANE-TA(2) Full(0) root "from DNS":
+1 2 0 0 2
+2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 43
+# DANE-TA(2) Full(0) intermediate "from DNS":
+1 1 0 0 1
+2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+
+# 44
+# DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
+1 1 0 0 0
+2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+
+# 45
+# DANE-TA(2) SPKI(1) Full(0) root "from DNS":
+1 2 0 0 1
+2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 46
+# Mismatched name "example.org", should still succeed given a
+# DANE-EE(3) match.
+1 3 1 0 0
+3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
+subject= CN = example.org
+issuer= CN = CA2
+notBefore=Feb  6 22:39:47 2016 GMT
+notAfter=Feb  7 22:39:47 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
+MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
+bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
+ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
+z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
+FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
+AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
+PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
+-----END CERTIFICATE-----
+subject= CN = CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:39:13 2016 GMT
+notAfter=Feb  7 22:39:13 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
+Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
+CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
+ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
+RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
+7sfr/jV+rRlZY2iaRv160BWYd82L7g==
+-----END CERTIFICATE-----
+subject= CN = Root CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:38:48 2016 GMT
+notAfter=Feb  7 22:38:48 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
+Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
+sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
+42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
+FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
+fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+-----END CERTIFICATE-----
+
+# 47
+# Mismatched name "example.org", should fail despite a DANE-TA(2)
+# match for the intermediate CA.
+1 3 0 62 1
+2 1 1 946af0956378efaba7ee1bbedc17af110ea8de19c079a98e77398724a3708a1f
+subject= CN = example.org
+issuer= CN = CA2
+notBefore=Feb  6 22:39:47 2016 GMT
+notAfter=Feb  7 22:39:47 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
+MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
+bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
+ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
+z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
+FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
+AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
+PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
+-----END CERTIFICATE-----
+subject= CN = CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:39:13 2016 GMT
+notAfter=Feb  7 22:39:13 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
+Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
+CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
+ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
+RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
+7sfr/jV+rRlZY2iaRv160BWYd82L7g==
+-----END CERTIFICATE-----
+subject= CN = Root CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:38:48 2016 GMT
+notAfter=Feb  7 22:38:48 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
+Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
+sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
+42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
+FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
+fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+-----END CERTIFICATE-----
+
+# 48
+# Mismatched name "example.org", should fail despite a DANE-TA(2)
+# match for the root CA.
+1 3 0 62 2
+2 1 1 34474f2fbc39da44dfbd11215bdafadf9507406c04de1f65dbd2a1bc4f2165cc
+subject= CN = example.org
+issuer= CN = CA2
+notBefore=Feb  6 22:39:47 2016 GMT
+notAfter=Feb  7 22:39:47 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
+MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
+bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
+ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
+z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
+FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
+AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
+PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
+-----END CERTIFICATE-----
+subject= CN = CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:39:13 2016 GMT
+notAfter=Feb  7 22:39:13 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
+Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
+CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
+ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
+RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
+7sfr/jV+rRlZY2iaRv160BWYd82L7g==
+-----END CERTIFICATE-----
+subject= CN = Root CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:38:48 2016 GMT
+notAfter=Feb  7 22:38:48 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
+Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
+sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
+42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
+FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
+fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+-----END CERTIFICATE-----
+
+# 49
+# Mismatched name "example.org", should fail when name checks
+# are not disabled for DANE-EE(3).
+1 3 0 62 0
+3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
+subject= CN = example.org
+issuer= CN = CA2
+notBefore=Feb  6 22:39:47 2016 GMT
+notAfter=Feb  7 22:39:47 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
+MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
+bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
+ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
+z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
+FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
+AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
+PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
+-----END CERTIFICATE-----
+subject= CN = CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:39:13 2016 GMT
+notAfter=Feb  7 22:39:13 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
+Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
+CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
+ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
+RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
+7sfr/jV+rRlZY2iaRv160BWYd82L7g==
+-----END CERTIFICATE-----
+subject= CN = Root CA2
+issuer= CN = Root CA2
+notBefore=Feb  6 22:38:48 2016 GMT
+notAfter=Feb  7 22:38:48 2116 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
+MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
+Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
+sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
+42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
+FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
+fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/danetest.pem b/openssl-1.1.0h/test/danetest.pem
new file mode 100644
index 0000000..68d4f44
--- /dev/null
+++ b/openssl-1.1.0h/test/danetest.pem
@@ -0,0 +1,14 @@
+subject= /CN=Root CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:13:08 2015 GMT
+notAfter=Apr 15 23:13:08 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS
+b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9
+1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3
+bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA
+FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID
+RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
+vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/destest.c b/openssl-1.1.0h/test/destest.c
new file mode 100644
index 0000000..84d753d
--- /dev/null
+++ b/openssl-1.1.0h/test/destest.c
@@ -0,0 +1,804 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINDOWS)
+# ifndef OPENSSL_SYS_MSDOS
+#  define OPENSSL_SYS_MSDOS
+# endif
+#endif
+
+#ifndef OPENSSL_SYS_MSDOS
+# if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
+#  include OPENSSL_UNISTD
+# endif
+#else
+# include <io.h>
+#endif
+#include <string.h>
+
+#ifdef OPENSSL_NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return (0);
+}
+#else
+# include <openssl/des.h>
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+# define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+    {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
+    {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
+    {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
+    {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
+    {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
+    {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
+    {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
+    {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
+    {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
+    {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
+    {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
+    {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
+    {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
+    {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
+    {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
+    {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
+    {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
+    {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
+    {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
+};
+
+static unsigned char plain_data[NUM_TESTS][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
+    {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
+    {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
+    {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
+    {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
+    {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
+    {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
+    {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
+    {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
+    {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
+    {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
+    {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
+    {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
+    {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
+    {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
+    {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
+    {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
+    {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
+    {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+};
+
+static unsigned char cipher_data[NUM_TESTS][8] = {
+    {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
+    {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
+    {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
+    {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
+    {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
+    {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
+    {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
+    {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
+    {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
+    {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
+    {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
+    {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
+    {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
+    {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
+    {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
+    {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
+    {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
+    {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
+    {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
+    {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
+    {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
+    {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
+    {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
+    {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
+    {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
+    {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
+    {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
+    {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
+    {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
+    {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
+    {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
+    {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
+    {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
+    {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
+};
+
+static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
+    {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
+    {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
+    {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
+    {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
+    {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
+    {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
+    {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
+    {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
+    {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
+    {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
+    {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
+    {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
+    {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
+    {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
+    {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
+    {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
+    {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
+    {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
+    {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
+    {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
+    {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
+    {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
+    {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
+    {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
+    {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
+    {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
+    {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
+    {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
+    {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
+    {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
+    {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
+    {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
+    {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
+};
+
+static unsigned char cbc_key[8] =
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char cbc2_key[8] =
+    { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
+static unsigned char cbc3_key[8] =
+    { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+static unsigned char cbc_iv[8] =
+    { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+/*
+ * Changed the following text constant to binary so it will work on ebcdic
+ * machines :-)
+ */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40] = {
+    0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
+    0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+    0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
+    0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+static unsigned char cbc_ok[32] = {
+    0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
+    0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
+    0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
+    0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
+};
+
+# ifdef SCREW_THE_PARITY
+#  error "SCREW_THE_PARITY is not meant to be defined."
+#  error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8] =
+    { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
+static unsigned char xcbc_ok[32] = {
+    0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
+    0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
+    0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
+    0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
+};
+# else
+static unsigned char xcbc_ok[32] = {
+    0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
+    0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
+    0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
+    0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
+};
+# endif
+
+static unsigned char cbc3_ok[32] = {
+    0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
+    0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
+    0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
+    0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
+};
+
+static unsigned char pcbc_ok[32] = {
+    0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
+    0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
+    0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
+    0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
+};
+
+static unsigned char cfb_key[8] =
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char cfb_iv[8] =
+    { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+static unsigned char plain[24] = {
+    0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+    0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+    0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+    0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static unsigned char cfb_cipher8[24] = {
+    0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
+    0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
+};
+
+static unsigned char cfb_cipher16[24] = {
+    0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
+    0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
+};
+
+static unsigned char cfb_cipher32[24] = {
+    0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
+    0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
+};
+
+static unsigned char cfb_cipher48[24] = {
+    0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
+    0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
+};
+
+static unsigned char cfb_cipher64[24] = {
+    0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
+    0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
+};
+
+static unsigned char ofb_key[8] =
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char ofb_iv[8] =
+    { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
+static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
+static unsigned char ofb_cipher[24] = {
+    0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
+    0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
+    0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
+};
+static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
+static unsigned char cbc_cksum_data[8] =
+    { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+{
+    int j, err = 0;
+    unsigned int i;
+    DES_cblock in, out, outin, iv3;
+    DES_key_schedule ks, ks2, ks3;
+    unsigned char cbc_in[40];
+    unsigned char cbc_out[40];
+    DES_LONG cs;
+    unsigned char cret[8];
+    DES_LONG lqret[4];
+    int num;
+    char *str;
+
+    printf("Doing ecb\n");
+    for (i = 0; i < NUM_TESTS; i++) {
+        DES_set_key_unchecked(&key_data[i], &ks);
+        memcpy(in, plain_data[i], 8);
+        memset(out, 0, 8);
+        memset(outin, 0, 8);
+        DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
+        DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
+
+        if (memcmp(out, cipher_data[i], 8) != 0) {
+            printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                   i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]),
+                   pt(out));
+            err = 1;
+        }
+        if (memcmp(in, outin, 8) != 0) {
+            printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                   i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin));
+            err = 1;
+        }
+    }
+
+# ifndef LIBDES_LIT
+    printf("Doing ede ecb\n");
+    for (i = 0; i < (NUM_TESTS - 2); i++) {
+        DES_set_key_unchecked(&key_data[i], &ks);
+        DES_set_key_unchecked(&key_data[i + 1], &ks2);
+        DES_set_key_unchecked(&key_data[i + 2], &ks3);
+        memcpy(in, plain_data[i], 8);
+        memset(out, 0, 8);
+        memset(outin, 0, 8);
+        DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT);
+        DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT);
+
+        if (memcmp(out, cipher_ecb2[i], 8) != 0) {
+            printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                   i + 1, pt(key_data[i]), pt(in), pt(cipher_ecb2[i]),
+                   pt(out));
+            err = 1;
+        }
+        if (memcmp(in, outin, 8) != 0) {
+            printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                   i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin));
+            err = 1;
+        }
+    }
+# endif
+
+    printf("Doing cbc\n");
+    if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    memset(cbc_out, 0, 40);
+    memset(cbc_in, 0, 40);
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+    DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
+                     &iv3, DES_ENCRYPT);
+    if (memcmp(cbc_out, cbc_ok, 32) != 0) {
+        printf("cbc_encrypt encrypt error\n");
+        err = 1;
+    }
+
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+    DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
+                     &iv3, DES_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) {
+        printf("cbc_encrypt decrypt error\n");
+        err = 1;
+    }
+# ifndef LIBDES_LIT
+    printf("Doing desx cbc\n");
+    if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    memset(cbc_out, 0, 40);
+    memset(cbc_in, 0, 40);
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+    DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
+                     &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT);
+    if (memcmp(cbc_out, xcbc_ok, 32) != 0) {
+        printf("des_xcbc_encrypt encrypt error\n");
+        err = 1;
+    }
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+    DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
+                     &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+        printf("des_xcbc_encrypt decrypt error\n");
+        err = 1;
+    }
+# endif
+
+    printf("Doing ede cbc\n");
+    if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    memset(cbc_out, 0, 40);
+    memset(cbc_in, 0, 40);
+    i = strlen((char *)cbc_data) + 1;
+    /* i=((i+7)/8)*8; */
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+
+    DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
+                         DES_ENCRYPT);
+    DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2,
+                         &ks3, &iv3, DES_ENCRYPT);
+    if (memcmp
+        (cbc_out, cbc3_ok,
+         (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) {
+        unsigned int n;
+
+        printf("des_ede3_cbc_encrypt encrypt error\n");
+        for (n = 0; n < i; ++n)
+            printf(" %02x", cbc_out[n]);
+        printf("\n");
+        for (n = 0; n < i; ++n)
+            printf(" %02x", cbc3_ok[n]);
+        printf("\n");
+        err = 1;
+    }
+
+    memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+    DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+        unsigned int n;
+
+        printf("DES_ede3_cbc_encrypt decrypt error\n");
+        for (n = 0; n < i; ++n)
+            printf(" %02x", cbc_data[n]);
+        printf("\n");
+        for (n = 0; n < i; ++n)
+            printf(" %02x", cbc_in[n]);
+        printf("\n");
+        err = 1;
+    }
+# ifndef LIBDES_LIT
+    printf("Doing pcbc\n");
+    if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+        printf("Key error %d\n", j);
+        err = 1;
+    }
+    memset(cbc_out, 0, 40);
+    memset(cbc_in, 0, 40);
+    DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
+                     &cbc_iv, DES_ENCRYPT);
+    if (memcmp(cbc_out, pcbc_ok, 32) != 0) {
+        printf("pcbc_encrypt encrypt error\n");
+        err = 1;
+    }
+    DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
+                     &cbc_iv, DES_DECRYPT);
+    if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+        printf("pcbc_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    printf("Doing ");
+    printf("cfb8 ");
+    err += cfb_test(8, cfb_cipher8);
+    printf("cfb16 ");
+    err += cfb_test(16, cfb_cipher16);
+    printf("cfb32 ");
+    err += cfb_test(32, cfb_cipher32);
+    printf("cfb48 ");
+    err += cfb_test(48, cfb_cipher48);
+    printf("cfb64 ");
+    err += cfb_test(64, cfb_cipher64);
+
+    printf("cfb64() ");
+    err += cfb64_test(cfb_cipher64);
+
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    for (i = 0; i < sizeof(plain); i++)
+        DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]),
+                        8, 1, &ks, &cfb_tmp, DES_ENCRYPT);
+    if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) {
+        printf("cfb_encrypt small encrypt error\n");
+        err = 1;
+    }
+
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    for (i = 0; i < sizeof(plain); i++)
+        DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]),
+                        8, 1, &ks, &cfb_tmp, DES_DECRYPT);
+    if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+        printf("cfb_encrypt small decrypt error\n");
+        err = 1;
+    }
+
+    printf("ede_cfb64() ");
+    err += ede_cfb64_test(cfb_cipher64);
+
+    printf("done\n");
+
+    printf("Doing ofb\n");
+    DES_set_key_checked(&ofb_key, &ks);
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
+    if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+        printf("ofb_encrypt encrypt error\n");
+        printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+               ofb_buf1[8 + 0], ofb_buf1[8 + 1], ofb_buf1[8 + 2],
+               ofb_buf1[8 + 3], ofb_buf1[8 + 4], ofb_buf1[8 + 5],
+               ofb_buf1[8 + 6], ofb_buf1[8 + 7]);
+        printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8 + 0],
+               ofb_cipher[8 + 1], ofb_cipher[8 + 2], ofb_cipher[8 + 3],
+               ofb_buf1[8 + 4], ofb_cipher[8 + 5], ofb_cipher[8 + 6],
+               ofb_cipher[8 + 7]);
+        err = 1;
+    }
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
+                    &ofb_tmp);
+    if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+        printf("ofb_encrypt decrypt error\n");
+        printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+               ofb_buf2[8 + 0], ofb_buf2[8 + 1], ofb_buf2[8 + 2],
+               ofb_buf2[8 + 3], ofb_buf2[8 + 4], ofb_buf2[8 + 5],
+               ofb_buf2[8 + 6], ofb_buf2[8 + 7]);
+        printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8 + 0],
+               plain[8 + 1], plain[8 + 2], plain[8 + 3], plain[8 + 4],
+               plain[8 + 5], plain[8 + 6], plain[8 + 7]);
+        err = 1;
+    }
+
+    printf("Doing ofb64\n");
+    DES_set_key_checked(&ofb_key, &ks);
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    memset(ofb_buf1, 0, sizeof(ofb_buf1));
+    memset(ofb_buf2, 0, sizeof(ofb_buf1));
+    num = 0;
+    for (i = 0; i < sizeof(plain); i++) {
+        DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num);
+    }
+    if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+        printf("ofb64_encrypt encrypt error\n");
+        err = 1;
+    }
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    num = 0;
+    DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
+                      &num);
+    if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+        printf("ofb64_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    printf("Doing ede_ofb64\n");
+    DES_set_key_checked(&ofb_key, &ks);
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    memset(ofb_buf1, 0, sizeof(ofb_buf1));
+    memset(ofb_buf2, 0, sizeof(ofb_buf1));
+    num = 0;
+    for (i = 0; i < sizeof(plain); i++) {
+        DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks,
+                               &ks, &ofb_tmp, &num);
+    }
+    if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+        printf("ede_ofb64_encrypt encrypt error\n");
+        err = 1;
+    }
+    memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+    num = 0;
+    DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
+                           &ofb_tmp, &num);
+    if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+        printf("ede_ofb64_encrypt decrypt error\n");
+        err = 1;
+    }
+
+    printf("Doing cbc_cksum\n");
+    DES_set_key_checked(&cbc_key, &ks);
+    cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
+                       &cbc_iv);
+    if (cs != cbc_cksum_ret) {
+        printf("bad return value (%08lX), should be %08lX\n",
+               (unsigned long)cs, (unsigned long)cbc_cksum_ret);
+        err = 1;
+    }
+    if (memcmp(cret, cbc_cksum_data, 8) != 0) {
+        printf("bad cbc_cksum block returned\n");
+        err = 1;
+    }
+
+    printf("Doing quad_cksum\n");
+    cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
+                        (long)strlen((char *)cbc_data), 2,
+                        (DES_cblock *)cbc_iv);
+    if (cs != 0x70d7a63aL) {
+        printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+               (unsigned long)cs);
+        err = 1;
+    }
+    if (lqret[0] != 0x327eba8dL) {
+        printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+               (unsigned long)lqret[0], 0x327eba8dUL);
+        err = 1;
+    }
+    if (lqret[1] != 0x201a49ccL) {
+        printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+               (unsigned long)lqret[1], 0x201a49ccUL);
+        err = 1;
+    }
+    if (lqret[2] != 0x70d7a63aL) {
+        printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+               (unsigned long)lqret[2], 0x70d7a63aUL);
+        err = 1;
+    }
+    if (lqret[3] != 0x501c2c26L) {
+        printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+               (unsigned long)lqret[3], 0x501c2c26UL);
+        err = 1;
+    }
+# endif
+
+    printf("input word alignment test");
+    for (i = 0; i < 4; i++) {
+        printf(" %d", i);
+        DES_ncbc_encrypt(&(cbc_out[i]), cbc_in,
+                         strlen((char *)cbc_data) + 1, &ks,
+                         &cbc_iv, DES_ENCRYPT);
+    }
+    printf("\noutput word alignment test");
+    for (i = 0; i < 4; i++) {
+        printf(" %d", i);
+        DES_ncbc_encrypt(cbc_out, &(cbc_in[i]),
+                         strlen((char *)cbc_data) + 1, &ks,
+                         &cbc_iv, DES_ENCRYPT);
+    }
+    printf("\n");
+    printf("fast crypt test ");
+    str = DES_crypt("testing", "ef");
+    if (strcmp("efGnQx2725bI2", str) != 0) {
+        printf("fast crypt error, %s should be efGnQx2725bI2\n", str);
+        err = 1;
+    }
+    str = DES_crypt("bca76;23", "yA");
+    if (strcmp("yA1Rp/1hZXIJk", str) != 0) {
+        printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str);
+        err = 1;
+    }
+    str = DES_crypt("testing", "y\202");
+    if (str != NULL) {
+        printf("salt error only usascii are accepted\n");
+        err = 1;
+    }
+    str = DES_crypt("testing", "\0A");
+    if (str != NULL) {
+        printf("salt error cannot contain null terminator\n");
+        err = 1;
+    }
+    str = DES_crypt("testing", "A");
+    if (str != NULL) {
+        printf("salt error must be at least 2\n");
+        err = 1;
+    }
+    printf("\n");
+    return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+    static char bufs[10][20];
+    static int bnum = 0;
+    char *ret;
+    int i;
+    static char *f = "0123456789ABCDEF";
+
+    ret = &(bufs[bnum++][0]);
+    bnum %= 10;
+    for (i = 0; i < 8; i++) {
+        ret[i * 2] = f[(p[i] >> 4) & 0xf];
+        ret[i * 2 + 1] = f[p[i] & 0xf];
+    }
+    ret[16] = '\0';
+    return (ret);
+}
+
+# ifndef LIBDES_LIT
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+{
+    DES_key_schedule ks;
+    int i, err = 0;
+
+    DES_set_key_checked(&cfb_key, &ks);
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
+                    DES_ENCRYPT);
+    if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+        err = 1;
+        printf("cfb_encrypt encrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf1[i])));
+    }
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
+                    DES_DECRYPT);
+    if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+        err = 1;
+        printf("cfb_encrypt decrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf1[i])));
+    }
+    return (err);
+}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+{
+    DES_key_schedule ks;
+    int err = 0, i, n;
+
+    DES_set_key_checked(&cfb_key, &ks);
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    n = 0;
+    DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
+    DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks,
+                      &cfb_tmp, &n, DES_ENCRYPT);
+    if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+        err = 1;
+        printf("cfb_encrypt encrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf1[i])));
+    }
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    n = 0;
+    DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
+    DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+                      sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
+    if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+        err = 1;
+        printf("cfb_encrypt decrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf2[i])));
+    }
+    return (err);
+}
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+{
+    DES_key_schedule ks;
+    int err = 0, i, n;
+
+    DES_set_key_checked(&cfb_key, &ks);
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    n = 0;
+    DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
+                           DES_ENCRYPT);
+    DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+                           sizeof(plain) - 12, &ks, &ks, &ks,
+                           &cfb_tmp, &n, DES_ENCRYPT);
+    if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+        err = 1;
+        printf("ede_cfb_encrypt encrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf1[i])));
+    }
+    memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+    n = 0;
+    DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
+                           &cfb_tmp, &n, DES_DECRYPT);
+    DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+                           sizeof(plain) - 17, &ks, &ks, &ks,
+                           &cfb_tmp, &n, DES_DECRYPT);
+    if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+        err = 1;
+        printf("ede_cfb_encrypt decrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf2[i])));
+    }
+    return (err);
+}
+
+# endif
+#endif
diff --git a/openssl-1.1.0h/test/dhtest.c b/openssl-1.1.0h/test/dhtest.c
new file mode 100644
index 0000000..ecf2d9d
--- /dev/null
+++ b/openssl-1.1.0h/test/dhtest.c
@@ -0,0 +1,626 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return (0);
+}
+#else
+# include <openssl/dh.h>
+
+static int cb(int p, int n, BN_GENCB *arg);
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+static int run_rfc5114_tests(void);
+
+int main(int argc, char *argv[])
+{
+    BN_GENCB *_cb = NULL;
+    DH *a = NULL;
+    DH *b = NULL;
+    DH *c = NULL;
+    const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL, *priv_key = NULL;
+    const BIGNUM *bpub_key = NULL;
+    BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL;
+    char buf[12] = {0};
+    unsigned char *abuf = NULL;
+    unsigned char *bbuf = NULL;
+    unsigned char *cbuf = NULL;
+    int i, alen, blen, clen, aout, bout, cout;
+    int ret = 1;
+    BIO *out = NULL;
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+    out = BIO_new(BIO_s_file());
+    if (out == NULL)
+        EXIT(1);
+    BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    _cb = BN_GENCB_new();
+    if (_cb == NULL)
+        goto err;
+    BN_GENCB_set(_cb, &cb, out);
+    if (((a = DH_new()) == NULL)
+        || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb)))
+        goto err;
+
+    if (!DH_check(a, &i))
+        goto err;
+    if (i & DH_CHECK_P_NOT_PRIME)
+        BIO_puts(out, "p value is not prime\n");
+    if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+        BIO_puts(out, "p value is not a safe prime\n");
+    if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+        BIO_puts(out, "unable to check the generator value\n");
+    if (i & DH_NOT_SUITABLE_GENERATOR)
+        BIO_puts(out, "the g value is not a generator\n");
+
+    DH_get0_pqg(a, &ap, NULL, &ag);
+    BIO_puts(out, "\np    =");
+    BN_print(out, ap);
+    BIO_puts(out, "\ng    =");
+    BN_print(out, ag);
+    BIO_puts(out, "\n");
+
+    b = DH_new();
+    if (b == NULL)
+        goto err;
+
+    bp = BN_dup(ap);
+    bg = BN_dup(ag);
+    if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg))
+        goto err;
+    bp = bg = NULL;
+
+    if (!DH_generate_key(a))
+        goto err;
+    DH_get0_key(a, &apub_key, &priv_key);
+    BIO_puts(out, "pri 1=");
+    BN_print(out, priv_key);
+    BIO_puts(out, "\npub 1=");
+    BN_print(out, apub_key);
+    BIO_puts(out, "\n");
+
+    if (!DH_generate_key(b))
+        goto err;
+    DH_get0_key(b, &bpub_key, &priv_key);
+    BIO_puts(out, "pri 2=");
+    BN_print(out, priv_key);
+    BIO_puts(out, "\npub 2=");
+    BN_print(out, bpub_key);
+    BIO_puts(out, "\n");
+
+    /* Also test with a private-key-only copy of |b|. */
+    if ((c = DHparams_dup(b)) == NULL
+            || (cpriv_key = BN_dup(priv_key)) == NULL
+            || !DH_set0_key(c, NULL, cpriv_key))
+        goto err;
+    cpriv_key = NULL;
+
+    alen = DH_size(a);
+    abuf = OPENSSL_malloc(alen);
+    if (abuf == NULL)
+        goto err;
+
+    aout = DH_compute_key(abuf, bpub_key, a);
+
+    BIO_puts(out, "key1 =");
+    for (i = 0; i < aout; i++) {
+        sprintf(buf, "%02X", abuf[i]);
+        BIO_puts(out, buf);
+    }
+    BIO_puts(out, "\n");
+
+    blen = DH_size(b);
+    bbuf = OPENSSL_malloc(blen);
+    if (bbuf == NULL)
+        goto err;
+
+    bout = DH_compute_key(bbuf, apub_key, b);
+
+    BIO_puts(out, "key2 =");
+    for (i = 0; i < bout; i++) {
+        sprintf(buf, "%02X", bbuf[i]);
+        BIO_puts(out, buf);
+    }
+    BIO_puts(out, "\n");
+
+    clen = DH_size(c);
+    cbuf = OPENSSL_malloc(clen);
+    if (cbuf == NULL)
+        goto err;
+
+    cout = DH_compute_key(cbuf, apub_key, c);
+
+    BIO_puts(out, "key3 =");
+    for (i = 0; i < cout; i++) {
+        sprintf(buf, "%02X", cbuf[i]);
+        BIO_puts(out, buf);
+    }
+    BIO_puts(out, "\n");
+
+    if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)
+        || (cout != aout) || (memcmp(abuf, cbuf, aout) != 0)) {
+        fprintf(stderr, "Error in DH routines\n");
+        ret = 1;
+    } else
+        ret = 0;
+    if (!run_rfc5114_tests())
+        ret = 1;
+ err:
+    (void)BIO_flush(out);
+    ERR_print_errors_fp(stderr);
+
+    OPENSSL_free(abuf);
+    OPENSSL_free(bbuf);
+    OPENSSL_free(cbuf);
+    DH_free(b);
+    DH_free(a);
+    DH_free(c);
+    BN_free(bp);
+    BN_free(bg);
+    BN_free(cpriv_key);
+    BN_GENCB_free(_cb);
+    BIO_free(out);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        ret = 1;
+#endif
+
+    EXIT(ret);
+}
+
+static int cb(int p, int n, BN_GENCB *arg)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(arg), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(arg));
+    return 1;
+}
+
+/* Test data from RFC 5114 */
+
+static const unsigned char dhtest_1024_160_xA[] = {
+    0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
+    0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
+};
+
+static const unsigned char dhtest_1024_160_yA[] = {
+    0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
+    0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
+    0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
+    0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
+    0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
+    0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
+    0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
+    0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
+    0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
+    0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
+    0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
+};
+
+static const unsigned char dhtest_1024_160_xB[] = {
+    0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
+    0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
+};
+
+static const unsigned char dhtest_1024_160_yB[] = {
+    0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
+    0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
+    0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
+    0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
+    0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
+    0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
+    0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
+    0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
+    0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
+    0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
+    0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
+};
+
+static const unsigned char dhtest_1024_160_Z[] = {
+    0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
+    0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
+    0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
+    0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
+    0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
+    0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
+    0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
+    0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
+    0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
+    0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
+    0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
+};
+
+static const unsigned char dhtest_2048_224_xA[] = {
+    0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
+    0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
+    0x83, 0x29, 0x4B, 0x0C
+};
+
+static const unsigned char dhtest_2048_224_yA[] = {
+    0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
+    0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
+    0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
+    0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
+    0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
+    0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
+    0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
+    0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
+    0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
+    0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
+    0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
+    0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
+    0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
+    0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
+    0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
+    0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
+    0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
+    0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
+    0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
+    0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
+    0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
+    0x71, 0x64, 0x8D, 0x6F
+};
+
+static const unsigned char dhtest_2048_224_xB[] = {
+    0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
+    0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
+    0x35, 0x3B, 0x75, 0x90
+};
+
+static const unsigned char dhtest_2048_224_yB[] = {
+    0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
+    0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
+    0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
+    0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
+    0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
+    0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
+    0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
+    0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
+    0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
+    0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
+    0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
+    0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
+    0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
+    0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
+    0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
+    0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
+    0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
+    0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
+    0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
+    0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
+    0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
+    0x02, 0x14, 0x2B, 0x6C
+};
+
+static const unsigned char dhtest_2048_224_Z[] = {
+    0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
+    0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
+    0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
+    0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
+    0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
+    0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
+    0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
+    0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
+    0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
+    0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
+    0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
+    0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
+    0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
+    0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
+    0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
+    0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
+    0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
+    0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
+    0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
+    0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
+    0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
+    0xF9, 0xF6, 0x38, 0x69
+};
+
+static const unsigned char dhtest_2048_256_xA[] = {
+    0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
+    0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
+    0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
+};
+
+static const unsigned char dhtest_2048_256_yA[] = {
+    0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
+    0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
+    0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
+    0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
+    0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
+    0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
+    0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
+    0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
+    0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
+    0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
+    0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
+    0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
+    0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
+    0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
+    0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
+    0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
+    0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
+    0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
+    0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
+    0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
+    0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
+    0x7C, 0xA6, 0x7E, 0x29
+};
+
+static const unsigned char dhtest_2048_256_xB[] = {
+    0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
+    0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
+    0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
+};
+
+static const unsigned char dhtest_2048_256_yB[] = {
+    0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
+    0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
+    0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
+    0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
+    0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
+    0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
+    0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
+    0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
+    0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
+    0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
+    0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
+    0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
+    0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
+    0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
+    0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
+    0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
+    0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
+    0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
+    0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
+    0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
+    0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
+    0x75, 0x7E, 0x19, 0x13
+};
+
+static const unsigned char dhtest_2048_256_Z[] = {
+    0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
+    0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
+    0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
+    0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
+    0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
+    0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
+    0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
+    0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
+    0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
+    0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
+    0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
+    0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
+    0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
+    0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
+    0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
+    0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
+    0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
+    0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
+    0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
+    0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
+    0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
+    0xC2, 0x6C, 0x5D, 0x7C
+};
+
+static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
+    0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
+    0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
+    0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
+    0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
+    0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
+    0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
+    0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
+    0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
+    0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
+    0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
+    0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
+    0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
+    0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
+    0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
+    0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
+    0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
+    0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
+    0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
+    0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
+    0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
+    0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
+    0x93, 0x74, 0x89, 0x59
+};
+
+typedef struct {
+    DH *(*get_param) (void);
+    const unsigned char *xA;
+    size_t xA_len;
+    const unsigned char *yA;
+    size_t yA_len;
+    const unsigned char *xB;
+    size_t xB_len;
+    const unsigned char *yB;
+    size_t yB_len;
+    const unsigned char *Z;
+    size_t Z_len;
+} rfc5114_td;
+
+# define make_rfc5114_td(pre) { \
+        DH_get_##pre, \
+        dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
+        dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
+        dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
+        dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
+        dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
+        }
+
+static const rfc5114_td rfctd[] = {
+        make_rfc5114_td(1024_160),
+        make_rfc5114_td(2048_224),
+        make_rfc5114_td(2048_256)
+};
+
+static int run_rfc5114_tests(void)
+{
+    int i;
+    DH *dhA = NULL;
+    DH *dhB = NULL;
+    unsigned char *Z1 = NULL;
+    unsigned char *Z2 = NULL;
+    const rfc5114_td *td = NULL;
+    BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
+    const BIGNUM *pub_key_tmp;
+
+    for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
+        td = rfctd + i;
+        /* Set up DH structures setting key components */
+        dhA = td->get_param();
+        dhB = td->get_param();
+        if ((dhA == NULL) || (dhB == NULL))
+            goto bad_err;
+
+        priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
+        pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
+        if (priv_key == NULL || pub_key == NULL
+                || !DH_set0_key(dhA, pub_key, priv_key))
+            goto bad_err;
+
+        priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
+        pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
+
+        if (priv_key == NULL || pub_key == NULL
+                || !DH_set0_key(dhB, pub_key, priv_key))
+            goto bad_err;
+        priv_key = pub_key = NULL;
+
+        if ((td->Z_len != (size_t)DH_size(dhA))
+            || (td->Z_len != (size_t)DH_size(dhB)))
+            goto err;
+
+        Z1 = OPENSSL_malloc(DH_size(dhA));
+        Z2 = OPENSSL_malloc(DH_size(dhB));
+        if ((Z1 == NULL) || (Z2 == NULL))
+            goto bad_err;
+        /*
+         * Work out shared secrets using both sides and compare with expected
+         * values.
+         */
+        DH_get0_key(dhB, &pub_key_tmp, NULL);
+        if (DH_compute_key(Z1, pub_key_tmp, dhA) == -1)
+            goto bad_err;
+
+        DH_get0_key(dhA, &pub_key_tmp, NULL);
+        if (DH_compute_key(Z2, pub_key_tmp, dhB) == -1)
+            goto bad_err;
+
+        if (memcmp(Z1, td->Z, td->Z_len))
+            goto err;
+        if (memcmp(Z2, td->Z, td->Z_len))
+            goto err;
+
+        printf("RFC5114 parameter test %d OK\n", i + 1);
+
+        DH_free(dhA);
+        DH_free(dhB);
+        OPENSSL_free(Z1);
+        OPENSSL_free(Z2);
+        dhA = NULL;
+        dhB = NULL;
+        Z1 = NULL;
+        Z2 = NULL;
+    }
+
+    /* Now i == OSSL_NELEM(rfctd) */
+    /* RFC5114 uses unsafe primes, so now test an invalid y value */
+    dhA = DH_get_2048_224();
+    if (dhA == NULL)
+        goto bad_err;
+    Z1 = OPENSSL_malloc(DH_size(dhA));
+    if (Z1 == NULL)
+        goto bad_err;
+
+    bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
+                     sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
+    if (bady == NULL)
+        goto bad_err;
+
+    if (!DH_generate_key(dhA))
+        goto bad_err;
+
+    if (DH_compute_key(Z1, bady, dhA) != -1) {
+        /*
+         * DH_compute_key should fail with -1. If we get here we unexpectedly
+         * allowed an invalid y value
+         */
+        goto err;
+    }
+    /* We'll have a stale error on the queue from the above test so clear it */
+    ERR_clear_error();
+
+    printf("RFC5114 parameter test %d OK\n", i + 1);
+
+    BN_free(bady);
+    DH_free(dhA);
+    OPENSSL_free(Z1);
+
+    return 1;
+ bad_err:
+    BN_free(bady);
+    DH_free(dhA);
+    DH_free(dhB);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    OPENSSL_free(Z1);
+    OPENSSL_free(Z2);
+
+    fprintf(stderr, "Initialisation error RFC5114 set %d\n", i + 1);
+    ERR_print_errors_fp(stderr);
+    return 0;
+ err:
+    BN_free(bady);
+    DH_free(dhA);
+    DH_free(dhB);
+    OPENSSL_free(Z1);
+    OPENSSL_free(Z2);
+
+    fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
+    return 0;
+}
+
+#endif
diff --git a/openssl-1.1.0h/test/dsatest.c b/openssl-1.1.0h/test/dsatest.c
new file mode 100644
index 0000000..3a62eb6
--- /dev/null
+++ b/openssl-1.1.0h/test/dsatest.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return (0);
+}
+#else
+# include <openssl/dsa.h>
+
+static int dsa_cb(int p, int n, BN_GENCB *arg);
+
+/*
+ * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
+ * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
+ */
+static unsigned char seed[20] = {
+    0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
+    0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
+};
+
+static unsigned char out_p[] = {
+    0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
+    0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
+    0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
+    0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
+    0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
+    0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
+    0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
+    0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
+};
+
+static unsigned char out_q[] = {
+    0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
+    0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
+    0xda, 0xce, 0x91, 0x5f,
+};
+
+static unsigned char out_g[] = {
+    0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
+    0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
+    0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
+    0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
+    0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
+    0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
+    0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
+    0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
+};
+
+static const unsigned char str1[] = "12345678901234567890";
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+static BIO *bio_err = NULL;
+
+int main(int argc, char **argv)
+{
+    BN_GENCB *cb;
+    DSA *dsa = NULL;
+    int counter, ret = 0, i, j;
+    unsigned char buf[256];
+    unsigned long h;
+    unsigned char sig[256];
+    unsigned int siglen;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+    BIO_printf(bio_err, "test generation of DSA parameters\n");
+
+    cb = BN_GENCB_new();
+    if (!cb)
+        goto end;
+
+    BN_GENCB_set(cb, dsa_cb, bio_err);
+    if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
+                                                                   seed, 20,
+                                                                   &counter,
+                                                                   &h, cb))
+        goto end;
+
+    BIO_printf(bio_err, "seed\n");
+    for (i = 0; i < 20; i += 4) {
+        BIO_printf(bio_err, "%02X%02X%02X%02X ",
+                   seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
+    }
+    BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
+
+    DSA_print(bio_err, dsa, 0);
+    if (counter != 105) {
+        BIO_printf(bio_err, "counter should be 105\n");
+        goto end;
+    }
+    if (h != 2) {
+        BIO_printf(bio_err, "h should be 2\n");
+        goto end;
+    }
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    i = BN_bn2bin(q, buf);
+    j = sizeof(out_q);
+    if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
+        BIO_printf(bio_err, "q value is wrong\n");
+        goto end;
+    }
+
+    i = BN_bn2bin(p, buf);
+    j = sizeof(out_p);
+    if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
+        BIO_printf(bio_err, "p value is wrong\n");
+        goto end;
+    }
+
+    i = BN_bn2bin(g, buf);
+    j = sizeof(out_g);
+    if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
+        BIO_printf(bio_err, "g value is wrong\n");
+        goto end;
+    }
+
+    DSA_generate_key(dsa);
+    DSA_sign(0, str1, 20, sig, &siglen, dsa);
+    if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+        ret = 1;
+
+ end:
+    if (!ret)
+        ERR_print_errors(bio_err);
+    DSA_free(dsa);
+    BN_GENCB_free(cb);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 0;
+#endif
+    BIO_free(bio_err);
+    bio_err = NULL;
+    EXIT(!ret);
+}
+
+static int dsa_cb(int p, int n, BN_GENCB *arg)
+{
+    char c = '*';
+    static int ok = 0, num = 0;
+
+    if (p == 0) {
+        c = '.';
+        num++;
+    };
+    if (p == 1)
+        c = '+';
+    if (p == 2) {
+        c = '*';
+        ok++;
+    }
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(arg), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(arg));
+
+    if (!ok && (p == 0) && (num > 1)) {
+        BIO_printf(BN_GENCB_get_arg(arg), "error in dsatest\n");
+        return 0;
+    }
+    return 1;
+}
+#endif
diff --git a/openssl-1.1.0h/test/dtlstest.c b/openssl-1.1.0h/test/dtlstest.c
new file mode 100644
index 0000000..8200fac
--- /dev/null
+++ b/openssl-1.1.0h/test/dtlstest.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "ssltestlib.h"
+#include "testutil.h"
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+#define NUM_TESTS   2
+
+
+#define DUMMY_CERT_STATUS_LEN  12
+
+static unsigned char certstatus[] = {
+    SSL3_RT_HANDSHAKE, /* Content type */
+    0xfe, 0xfd, /* Record version */
+    0, 1, /* Epoch */
+    0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
+    0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
+    SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
+    0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
+    0, 5, /* Message sequence */
+    0, 0, 0, /* Fragment offset */
+    0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
+    0x80, 0x80, 0x80, 0x80, 0x80,
+    0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
+};
+
+#define RECORD_SEQUENCE 10
+
+static int test_dtls_unprocessed(int testidx)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *serverssl1 = NULL, *clientssl1 = NULL;
+    BIO *c_to_s_fbio, *c_to_s_mempacket;
+    int testresult = 0;
+
+    printf("Starting Test %d\n", testidx);
+
+    if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(),
+                             DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+    if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) {
+        printf("Failed setting cipher list\n");
+    }
+
+    c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
+    if (c_to_s_fbio == NULL) {
+        printf("Failed to create filter BIO\n");
+        goto end;
+    }
+
+    /* BIO is freed by create_ssl_connection on error */
+    if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
+                               c_to_s_fbio)) {
+        printf("Unable to create SSL objects\n");
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    if (testidx == 1)
+        certstatus[RECORD_SEQUENCE] = 0xff;
+
+    /*
+     * Inject a dummy record from the next epoch. In test 0, this should never
+     * get used because the message sequence number is too big. In test 1 we set
+     * the record sequence number to be way off in the future. This should not
+     * have an impact on the record replay protection because the record should
+     * be dropped before it is marked as arrived
+     */
+    c_to_s_mempacket = SSL_get_wbio(clientssl1);
+    c_to_s_mempacket = BIO_next(c_to_s_mempacket);
+    mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
+                          sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
+
+    if (!create_ssl_connection(serverssl1, clientssl1)) {
+        printf("Unable to create SSL connection\n");
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    testresult = 1;
+ end:
+    SSL_free(serverssl1);
+    SSL_free(clientssl1);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *err = NULL;
+    int testresult = 1;
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        return 1;
+    }
+
+    cert = argv[1];
+    privkey = argv[2];
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
+
+    testresult = run_tests(argv[0]);
+
+    bio_f_tls_dump_filter_free();
+    bio_s_mempacket_test_free();
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 1;
+#endif
+    BIO_free(err);
+
+    if (!testresult)
+        printf("PASS\n");
+
+    return testresult;
+}
diff --git a/openssl-1.1.0h/test/dtlsv1listentest.c b/openssl-1.1.0h/test/dtlsv1listentest.c
new file mode 100644
index 0000000..91d78e1
--- /dev/null
+++ b/openssl-1.1.0h/test/dtlsv1listentest.c
@@ -0,0 +1,426 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+#endif
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+/* Just a ClientHello without a cookie */
+static const unsigned char clienthello_nocookie[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x3A, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x2E, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x2E, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x00, /* Cookie len */
+    0x00, 0x04, /* Ciphersuites len */
+    0x00, 0x2f, /* AES128-SHA */
+    0x00, 0xff, /* Empty reneg info SCSV */
+    0x01, /* Compression methods len */
+    0x00, /* Null compression */
+    0x00, 0x00 /* Extensions len */
+};
+
+/* First fragment of a ClientHello without a cookie */
+static const unsigned char clienthello_nocookie_frag[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x30, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x2E, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x24, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x00 /* Cookie len */
+};
+
+/* First fragment of a ClientHello which is too short */
+static const unsigned char clienthello_nocookie_short[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x2F, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x2E, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x23, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00 /* Session id len */
+};
+
+/* Second fragment of a ClientHello */
+static const unsigned char clienthello_2ndfrag[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x38, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x2E, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x02, /* Fragment offset */
+    0x00, 0x00, 0x2C, /* Fragment length */
+    /* Version skipped - sent in first fragment */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x00, /* Cookie len */
+    0x00, 0x04, /* Ciphersuites len */
+    0x00, 0x2f, /* AES128-SHA */
+    0x00, 0xff, /* Empty reneg info SCSV */
+    0x01, /* Compression methods len */
+    0x00, /* Null compression */
+    0x00, 0x00 /* Extensions len */
+};
+
+/* A ClientHello with a good cookie */
+static const unsigned char clienthello_cookie[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x4E, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x42, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x42, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x14, /* Cookie len */
+    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
+    0x00, 0x04, /* Ciphersuites len */
+    0x00, 0x2f, /* AES128-SHA */
+    0x00, 0xff, /* Empty reneg info SCSV */
+    0x01, /* Compression methods len */
+    0x00, /* Null compression */
+    0x00, 0x00 /* Extensions len */
+};
+
+/* A fragmented ClientHello with a good cookie */
+static const unsigned char clienthello_cookie_frag[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x44, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x42, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x38, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x14, /* Cookie len */
+    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
+};
+
+
+/* A ClientHello with a bad cookie */
+static const unsigned char clienthello_badcookie[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x4E, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x42, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x42, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x14, /* Cookie len */
+    0x01, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
+    0x00, 0x04, /* Ciphersuites len */
+    0x00, 0x2f, /* AES128-SHA */
+    0x00, 0xff, /* Empty reneg info SCSV */
+    0x01, /* Compression methods len */
+    0x00, /* Null compression */
+    0x00, 0x00 /* Extensions len */
+};
+
+/* A fragmented ClientHello with the fragment boundary mid cookie */
+static const unsigned char clienthello_cookie_short[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x43, /* Record Length */
+    0x01, /* ClientHello */
+    0x00, 0x00, 0x42, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x37, /* Fragment length */
+    0xFE, 0xFD, /* DTLSv1.2 */
+    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
+    0x00, /* Session id len */
+    0x14, /* Cookie len */
+    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12 /* Cookie */
+};
+
+/* Bad record - too short */
+static const unsigned char record_short[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */
+};
+
+static const unsigned char verify[] = {
+    0x16, /* Handshake */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x00, 0x00, /* Epoch */
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
+    0x00, 0x23, /* Record Length */
+    0x03, /* HelloVerifyRequest */
+    0x00, 0x00, 0x17, /* Message length */
+    0x00, 0x00, /* Message sequence */
+    0x00, 0x00, 0x00, /* Fragment offset */
+    0x00, 0x00, 0x17, /* Fragment length */
+    0xFE, 0xFF, /* DTLSv1.0 */
+    0x14, /* Cookie len */
+    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
+};
+
+static struct {
+    const unsigned char *in;
+    unsigned int inlen;
+    /*
+     * GOOD == positive return value from DTLSv1_listen, no output yet
+     * VERIFY == 0 return value, HelloVerifyRequest sent
+     * DROP == 0 return value, no output
+     */
+    enum {GOOD, VERIFY, DROP} outtype;
+} testpackets[9] = {
+    {
+        clienthello_nocookie,
+        sizeof(clienthello_nocookie),
+        VERIFY
+    },
+    {
+        clienthello_nocookie_frag,
+        sizeof(clienthello_nocookie_frag),
+        VERIFY
+    },
+    {
+        clienthello_nocookie_short,
+        sizeof(clienthello_nocookie_short),
+        DROP
+    },
+    {
+        clienthello_2ndfrag,
+        sizeof(clienthello_2ndfrag),
+        DROP
+    },
+    {
+        clienthello_cookie,
+        sizeof(clienthello_cookie),
+        GOOD
+    },
+    {
+        clienthello_cookie_frag,
+        sizeof(clienthello_cookie_frag),
+        GOOD
+    },
+    {
+        clienthello_badcookie,
+        sizeof(clienthello_badcookie),
+        VERIFY
+    },
+    {
+        clienthello_cookie_short,
+        sizeof(clienthello_cookie_short),
+        DROP
+    },
+    {
+        record_short,
+        sizeof(record_short),
+        DROP
+    }
+};
+
+# define COOKIE_LEN  20
+
+static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
+{
+    unsigned int i;
+
+    for (i = 0; i < COOKIE_LEN; i++, cookie++) {
+        *cookie = i;
+    }
+    *cookie_len = COOKIE_LEN;
+
+    return 1;
+}
+
+static int cookie_verify(SSL *ssl, const unsigned char *cookie,
+                         unsigned int cookie_len)
+{
+    unsigned int i;
+
+    if (cookie_len != COOKIE_LEN)
+        return 0;
+
+    for (i = 0; i < COOKIE_LEN; i++, cookie++) {
+        if (*cookie != i)
+            return 0;
+    }
+
+    return 1;
+}
+#endif
+
+int main(void)
+{
+#ifndef OPENSSL_NO_SOCK
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    BIO *outbio = NULL;
+    BIO *inbio = NULL;
+    BIO_ADDR *peer = BIO_ADDR_new();
+    char *data;
+    long datalen;
+    int ret, success = 0;
+    long i;
+
+    ctx = SSL_CTX_new(DTLS_server_method());
+    if (ctx == NULL || peer == NULL)
+        goto err;
+
+    SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen);
+    SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify);
+
+    /* Create an SSL object for the connection */
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+
+    outbio = BIO_new(BIO_s_mem());
+    if (outbio == NULL)
+        goto err;
+    SSL_set0_wbio(ssl, outbio);
+
+    success = 1;
+    for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {
+        inbio = BIO_new_mem_buf((char *)testpackets[i].in,
+                                testpackets[i].inlen);
+        if (inbio == NULL) {
+            success = 0;
+            goto err;
+        }
+        /* Set Non-blocking IO behaviour */
+        BIO_set_mem_eof_return(inbio, -1);
+
+        SSL_set0_rbio(ssl, inbio);
+
+        /* Process the incoming packet */
+        ret = DTLSv1_listen(ssl, peer);
+        if (ret < 0) {
+            success = 0;
+            goto err;
+        }
+
+        datalen = BIO_get_mem_data(outbio, &data);
+
+        if (testpackets[i].outtype == VERIFY) {
+            if (ret == 0) {
+                if (datalen != sizeof(verify)
+                        || (memcmp(data, verify, sizeof(verify)) != 0)) {
+                    printf("Test %ld failure: incorrect HelloVerifyRequest\n", i);
+                    success = 0;
+                } else {
+                    printf("Test %ld success\n", i);
+                }
+            } else {
+                printf ("Test %ld failure: should not have succeeded\n", i);
+                success = 0;
+            }
+        } else if (datalen == 0) {
+            if ((ret == 0 && testpackets[i].outtype == DROP)
+                    || (ret == 1 && testpackets[i].outtype == GOOD)) {
+                printf("Test %ld success\n", i);
+            } else {
+                printf("Test %ld failure: wrong return value\n", i);
+                success = 0;
+            }
+        } else {
+            printf("Test %ld failure: Unexpected data output\n", i);
+            success = 0;
+        }
+        (void)BIO_reset(outbio);
+        inbio = NULL;
+        /* Frees up inbio */
+        SSL_set0_rbio(ssl, NULL);
+    }
+
+ err:
+    if (!success)
+        ERR_print_errors_fp(stderr);
+    /* Also frees up outbio */
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+    BIO_free(inbio);
+    OPENSSL_free(peer);
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    CRYPTO_mem_leaks_fp(stderr);
+# endif
+    return success ? 0 : 1;
+#else
+    printf("DTLSv1_listen() is not supported by this build - skipping\n");
+    return 0;
+#endif
+}
diff --git a/openssl-1.1.0h/test/ecdsatest.c b/openssl-1.1.0h/test/ecdsatest.c
new file mode 100644
index 0000000..ce73778
--- /dev/null
+++ b/openssl-1.1.0h/test/ecdsatest.c
@@ -0,0 +1,519 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char *argv[])
+{
+    puts("Elliptic curves are disabled.");
+    return 0;
+}
+#else
+
+# include <openssl/crypto.h>
+# include <openssl/bio.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/ec.h>
+# ifndef OPENSSL_NO_ENGINE
+#  include <openssl/engine.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/rand.h>
+
+static const char rnd_seed[] = "string to make the random number generator "
+    "think it has entropy";
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *old_rand;
+
+int change_rand(void)
+{
+    /* save old rand method */
+    if ((old_rand = RAND_get_rand_method()) == NULL)
+        return 0;
+
+    fake_rand.seed = old_rand->seed;
+    fake_rand.cleanup = old_rand->cleanup;
+    fake_rand.add = old_rand->add;
+    fake_rand.status = old_rand->status;
+    /* use own random function */
+    fake_rand.bytes = fbytes;
+    fake_rand.pseudorand = old_rand->bytes;
+    /* set new RAND_METHOD */
+    if (!RAND_set_rand_method(&fake_rand))
+        return 0;
+    return 1;
+}
+
+int restore_rand(void)
+{
+    if (!RAND_set_rand_method(old_rand))
+        return 0;
+    else
+        return 1;
+}
+
+static int fbytes_counter = 0, use_fake = 0;
+static const char *numbers[8] = {
+    "651056770906015076056810763456358567190100156695615665659",
+    "6140507067065001063065065565667405560006161556565665656654",
+    "8763001015071075675010661307616710783570106710677817767166"
+        "71676178726717",
+    "7000000175690566466555057817571571075705015757757057795755"
+        "55657156756655",
+    "1275552191113212300012030439187146164646146646466749494799",
+    "1542725565216523985789236956265265265235675811949404040041",
+    "1456427555219115346513212300075341203043918714616464614664"
+        "64667494947990",
+    "1712787255652165239672857892369562652652652356758119494040"
+        "40041670216363"
+};
+
+int fbytes(unsigned char *buf, int num)
+{
+    int ret;
+    BIGNUM *tmp = NULL;
+
+    if (use_fake == 0)
+        return old_rand->bytes(buf, num);
+
+    use_fake = 0;
+
+    if (fbytes_counter >= 8)
+        return 0;
+    tmp = BN_new();
+    if (!tmp)
+        return 0;
+    if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) {
+        BN_free(tmp);
+        return 0;
+    }
+    fbytes_counter++;
+    if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+        ret = 0;
+    else
+        ret = 1;
+    BN_free(tmp);
+    return ret;
+}
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+{
+    int ret = 0;
+    const char message[] = "abc";
+    unsigned char digest[20];
+    unsigned int dgst_len = 0;
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    EC_KEY *key = NULL;
+    ECDSA_SIG *signature = NULL;
+    BIGNUM *r = NULL, *s = NULL;
+    BIGNUM *kinv = NULL, *rp = NULL;
+    const BIGNUM *sig_r, *sig_s;
+
+    if (md_ctx == NULL)
+        goto x962_int_err;
+
+    /* get the message digest */
+    if (!EVP_DigestInit(md_ctx, EVP_sha1())
+        || !EVP_DigestUpdate(md_ctx, (const void *)message, 3)
+        || !EVP_DigestFinal(md_ctx, digest, &dgst_len))
+        goto x962_int_err;
+
+    BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+    /* create the key */
+    if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+        goto x962_int_err;
+    use_fake = 1;
+    if (!EC_KEY_generate_key(key))
+        goto x962_int_err;
+    BIO_printf(out, ".");
+    (void)BIO_flush(out);
+    /* create the signature */
+    use_fake = 1;
+    /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
+    if (!ECDSA_sign_setup(key, NULL, &kinv, &rp))
+        goto x962_int_err;
+    signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key);
+    if (signature == NULL)
+        goto x962_int_err;
+    BIO_printf(out, ".");
+    (void)BIO_flush(out);
+    /* compare the created signature with the expected signature */
+    if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+        goto x962_int_err;
+    if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
+        goto x962_int_err;
+    ECDSA_SIG_get0(signature, &sig_r, &sig_s);
+    if (BN_cmp(sig_r, r) || BN_cmp(sig_s, s))
+        goto x962_int_err;
+    BIO_printf(out, ".");
+    (void)BIO_flush(out);
+    /* verify the signature */
+    if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+        goto x962_int_err;
+    BIO_printf(out, ".");
+    (void)BIO_flush(out);
+
+    BIO_printf(out, " ok\n");
+    ret = 1;
+ x962_int_err:
+    if (!ret)
+        BIO_printf(out, " failed\n");
+    EC_KEY_free(key);
+    ECDSA_SIG_free(signature);
+    BN_free(r);
+    BN_free(s);
+    EVP_MD_CTX_free(md_ctx);
+    BN_clear_free(kinv);
+    BN_clear_free(rp);
+    return ret;
+}
+
+int x9_62_tests(BIO *out)
+{
+    int ret = 0;
+
+    BIO_printf(out, "some tests from X9.62:\n");
+
+    /* set own rand method */
+    if (!change_rand())
+        goto x962_err;
+
+    if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+                             "3342403536405981729393488334694600415596881826869351677613",
+                             "5735822328888155254683894997897571951568553642892029982342"))
+        goto x962_err;
+    if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+                             "3086361431751678114926225473006680188549593787585317781474"
+                             "62058306432176",
+                             "3238135532097973577080787768312505059318910517550078427819"
+                             "78505179448783"))
+        goto x962_err;
+# ifndef OPENSSL_NO_EC2M
+    if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+                             "87194383164871543355722284926904419997237591535066528048",
+                             "308992691965804947361541664549085895292153777025772063598"))
+        goto x962_err;
+    if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+                             "2159633321041961198501834003903461262881815148684178964245"
+                             "5876922391552",
+                             "1970303740007316867383349976549972270528498040721988191026"
+                             "49413465737174"))
+        goto x962_err;
+# endif
+    ret = 1;
+ x962_err:
+    if (!restore_rand())
+        ret = 0;
+    return ret;
+}
+
+int test_builtin(BIO *out)
+{
+    EC_builtin_curve *curves = NULL;
+    size_t crv_len = 0, n = 0;
+    EC_KEY *eckey = NULL, *wrong_eckey = NULL;
+    EC_GROUP *group;
+    ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
+    unsigned char digest[20], wrong_digest[20];
+    unsigned char *signature = NULL;
+    const unsigned char *sig_ptr;
+    unsigned char *sig_ptr2;
+    unsigned char *raw_buf = NULL;
+    const BIGNUM *sig_r, *sig_s;
+    BIGNUM *modified_r = NULL, *modified_s = NULL;
+    BIGNUM *unmodified_r = NULL, *unmodified_s = NULL;
+    unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+    int nid, ret = 0;
+
+    /* fill digest values with some random data */
+    if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) {
+        BIO_printf(out, "ERROR: unable to get random data\n");
+        goto builtin_err;
+    }
+
+    /*
+     * create and verify a ecdsa signature with every available curve (with )
+     */
+    BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+               "with some internal curves:\n");
+
+    /* get a list of all internal curves */
+    crv_len = EC_get_builtin_curves(NULL, 0);
+    curves = OPENSSL_malloc(sizeof(*curves) * crv_len);
+    if (curves == NULL) {
+        BIO_printf(out, "malloc error\n");
+        goto builtin_err;
+    }
+
+    if (!EC_get_builtin_curves(curves, crv_len)) {
+        BIO_printf(out, "unable to get internal curves\n");
+        goto builtin_err;
+    }
+
+    /* now create and verify a signature for every curve */
+    for (n = 0; n < crv_len; n++) {
+        unsigned char dirt, offset;
+
+        nid = curves[n].nid;
+        if (nid == NID_ipsec4 || nid == NID_X25519)
+            continue;
+        /* create new ecdsa key (== EC_KEY) */
+        if ((eckey = EC_KEY_new()) == NULL)
+            goto builtin_err;
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL)
+            goto builtin_err;
+        if (EC_KEY_set_group(eckey, group) == 0)
+            goto builtin_err;
+        EC_GROUP_free(group);
+        degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+        if (degree < 160) {
+            /* drop the curve */
+            EC_KEY_free(eckey);
+            eckey = NULL;
+            continue;
+        }
+        BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+        /* create key */
+        if (!EC_KEY_generate_key(eckey)) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        /* create second key */
+        if ((wrong_eckey = EC_KEY_new()) == NULL)
+            goto builtin_err;
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL)
+            goto builtin_err;
+        if (EC_KEY_set_group(wrong_eckey, group) == 0)
+            goto builtin_err;
+        EC_GROUP_free(group);
+        if (!EC_KEY_generate_key(wrong_eckey)) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* check key */
+        if (!EC_KEY_check_key(eckey)) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* create signature */
+        sig_len = ECDSA_size(eckey);
+        if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+            goto builtin_err;
+        if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* verify signature */
+        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* verify signature with the wrong key */
+        if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* wrong digest */
+        if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* wrong length */
+        if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+
+        /*
+         * Modify a single byte of the signature: to ensure we don't garble
+         * the ASN1 structure, we read the raw signature and modify a byte in
+         * one of the bignums directly.
+         */
+        sig_ptr = signature;
+        if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+
+        ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s);
+
+        /* Store the two BIGNUMs in raw_buf. */
+        r_len = BN_num_bytes(sig_r);
+        s_len = BN_num_bytes(sig_s);
+        bn_len = (degree + 7) / 8;
+        if ((r_len > bn_len) || (s_len > bn_len)) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        buf_len = 2 * bn_len;
+        if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL)
+            goto builtin_err;
+        BN_bn2bin(sig_r, raw_buf + bn_len - r_len);
+        BN_bn2bin(sig_s, raw_buf + buf_len - s_len);
+
+        /* Modify a single byte in the buffer. */
+        offset = raw_buf[10] % buf_len;
+        dirt = raw_buf[11] ? raw_buf[11] : 1;
+        raw_buf[offset] ^= dirt;
+        /* Now read the BIGNUMs back in from raw_buf. */
+        modified_sig = ECDSA_SIG_new();
+        if (modified_sig == NULL)
+            goto builtin_err;
+        if (((modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL)
+            || ((modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL)
+            || !ECDSA_SIG_set0(modified_sig, modified_r, modified_s)) {
+            BN_free(modified_r);
+            BN_free(modified_s);
+            goto builtin_err;
+        }
+        sig_ptr2 = signature;
+        sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
+        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        /*
+         * Sanity check: undo the modification and verify signature.
+         */
+        raw_buf[offset] ^= dirt;
+        if (((unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL)
+            || ((unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL)
+            || !ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s)) {
+            BN_free(unmodified_r);
+            BN_free(unmodified_s);
+            goto builtin_err;
+        }
+
+        sig_ptr2 = signature;
+        sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
+        if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
+            BIO_printf(out, " failed\n");
+            goto builtin_err;
+        }
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+
+        BIO_printf(out, " ok\n");
+        /* cleanup */
+        /* clean bogus errors */
+        ERR_clear_error();
+        OPENSSL_free(signature);
+        signature = NULL;
+        EC_KEY_free(eckey);
+        eckey = NULL;
+        EC_KEY_free(wrong_eckey);
+        wrong_eckey = NULL;
+        ECDSA_SIG_free(ecdsa_sig);
+        ecdsa_sig = NULL;
+        ECDSA_SIG_free(modified_sig);
+        modified_sig = NULL;
+        OPENSSL_free(raw_buf);
+        raw_buf = NULL;
+    }
+
+    ret = 1;
+ builtin_err:
+    EC_KEY_free(eckey);
+    EC_KEY_free(wrong_eckey);
+    ECDSA_SIG_free(ecdsa_sig);
+    ECDSA_SIG_free(modified_sig);
+    OPENSSL_free(signature);
+    OPENSSL_free(raw_buf);
+    OPENSSL_free(curves);
+
+    return ret;
+}
+
+int main(void)
+{
+    int ret = 1;
+    BIO *out;
+    char *p;
+
+    out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+
+    /* initialize the prng */
+    RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+    /* the tests */
+    if (!x9_62_tests(out))
+        goto err;
+    if (!test_builtin(out))
+        goto err;
+
+    ret = 0;
+ err:
+    if (ret)
+        BIO_printf(out, "\nECDSA test failed\n");
+    else
+        BIO_printf(out, "\nECDSA test passed\n");
+    if (ret)
+        ERR_print_errors(out);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(out) <= 0)
+        ret = 1;
+#endif
+    BIO_free(out);
+    return ret;
+}
+#endif
diff --git a/openssl-1.1.0h/test/ectest.c b/openssl-1.1.0h/test/ectest.c
new file mode 100644
index 0000000..d7b1432
--- /dev/null
+++ b/openssl-1.1.0h/test/ectest.c
@@ -0,0 +1,1776 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+# include "e_os.h"
+#else
+# include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char *argv[])
+{
+    puts("Elliptic curves are disabled.");
+    return 0;
+}
+#else
+
+# include <openssl/ec.h>
+# ifndef OPENSSL_NO_ENGINE
+#  include <openssl/engine.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/obj_mac.h>
+# include <openssl/objects.h>
+# include <openssl/rand.h>
+# include <openssl/bn.h>
+# include <openssl/opensslconf.h>
+
+# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+#  pragma warning(disable:4959)
+# endif
+
+# define ABORT do { \
+        fflush(stdout); \
+        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+        ERR_print_errors_fp(stderr); \
+        EXIT(1); \
+} while (0)
+
+# define TIMING_BASE_PT 0
+# define TIMING_RAND_PT 1
+# define TIMING_SIMUL 2
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+{
+    BIGNUM *n1, *n2, *order;
+    EC_POINT *P = EC_POINT_new(group);
+    EC_POINT *Q = EC_POINT_new(group);
+    EC_POINT *R = EC_POINT_new(group);
+    EC_POINT *S = EC_POINT_new(group);
+    BN_CTX *ctx = BN_CTX_new();
+    int i;
+
+    n1 = BN_new();
+    n2 = BN_new();
+    order = BN_new();
+    fprintf(stdout, "verify group order ...");
+    fflush(stdout);
+    if (!EC_GROUP_get_order(group, order, ctx))
+        ABORT;
+    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    fprintf(stdout, ".");
+    fflush(stdout);
+    if (!EC_GROUP_precompute_mult(group, ctx))
+        ABORT;
+    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    fprintf(stdout, " ok\n");
+    fprintf(stdout, "long/negative scalar tests ");
+    for (i = 1; i <= 2; i++) {
+        const BIGNUM *scalars[6];
+        const EC_POINT *points[6];
+
+        fprintf(stdout, i == 1 ?
+                "allowing precomputation ... " :
+                "without precomputation ... ");
+        if (!BN_set_word(n1, i))
+            ABORT;
+        /*
+         * If i == 1, P will be the predefined generator for which
+         * EC_GROUP_precompute_mult has set up precomputation.
+         */
+        if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
+            ABORT;
+
+        if (!BN_one(n1))
+            ABORT;
+        /* n1 = 1 - order */
+        if (!BN_sub(n1, n1, order))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = 1 + order */
+        if (!BN_add(n2, order, BN_value_one()))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
+        if (!BN_mul(n2, n1, n2, ctx))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = order^2 - 1 */
+        BN_set_negative(n2, 0);
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        /* Add P to verify the result. */
+        if (!EC_POINT_add(group, Q, Q, P, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+
+        /* Exercise EC_POINTs_mul, including corner cases. */
+        if (EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        scalars[0] = scalars[1] = BN_value_one();
+        points[0]  = points[1]  = P;
+
+        if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_dbl(group, S, points[0], ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, R, S, ctx))
+            ABORT;
+
+        scalars[0] = n1;
+        points[0] = Q;          /* => infinity */
+        scalars[1] = n2;
+        points[1] = P;          /* => -P */
+        scalars[2] = n1;
+        points[2] = Q;          /* => infinity */
+        scalars[3] = n2;
+        points[3] = Q;          /* => infinity */
+        scalars[4] = n1;
+        points[4] = P;          /* => P */
+        scalars[5] = n2;
+        points[5] = Q;          /* => infinity */
+        if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+    }
+    fprintf(stdout, "ok\n");
+
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(R);
+    EC_POINT_free(S);
+    BN_free(n1);
+    BN_free(n2);
+    BN_free(order);
+    BN_CTX_free(ctx);
+}
+
+static void prime_field_tests(void)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *p, *a, *b;
+    EC_GROUP *group;
+    EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
+        NULL, *P_384 = NULL, *P_521 = NULL;
+    EC_POINT *P, *Q, *R;
+    BIGNUM *x, *y, *z, *yplusone;
+    unsigned char buf[100];
+    size_t i, len;
+    int k;
+
+    ctx = BN_CTX_new();
+    if (!ctx)
+        ABORT;
+
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    if (!p || !a || !b)
+        ABORT;
+
+    if (!BN_hex2bn(&p, "17"))
+        ABORT;
+    if (!BN_hex2bn(&a, "1"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1"))
+        ABORT;
+
+    group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
+                                                 * EC_GROUP_new_curve_GFp so
+                                                 * that the library gets to
+                                                 * choose the EC_METHOD */
+    if (!group)
+        ABORT;
+
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    {
+        EC_GROUP *tmp;
+        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+        if (!tmp)
+            ABORT;
+        if (!EC_GROUP_copy(tmp, group))
+            ABORT;
+        EC_GROUP_free(group);
+        group = tmp;
+    }
+
+    if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    fprintf(stdout,
+            "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+    BN_print_fp(stdout, p);
+    fprintf(stdout, ")\n     a = 0x");
+    BN_print_fp(stdout, a);
+    fprintf(stdout, "\n     b = 0x");
+    BN_print_fp(stdout, b);
+    fprintf(stdout, "\n");
+
+    P = EC_POINT_new(group);
+    Q = EC_POINT_new(group);
+    R = EC_POINT_new(group);
+    if (!P || !Q || !R)
+        ABORT;
+
+    if (!EC_POINT_set_to_infinity(group, P))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    buf[0] = 0;
+    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+        ABORT;
+
+    if (!EC_POINT_add(group, P, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    x = BN_new();
+    y = BN_new();
+    z = BN_new();
+    yplusone = BN_new();
+    if (x == NULL || y == NULL || z == NULL || yplusone == NULL)
+        ABORT;
+
+    if (!BN_hex2bn(&x, "D"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
+            ABORT;
+        fprintf(stderr, "Point is not on curve: x = 0x");
+        BN_print_fp(stderr, x);
+        fprintf(stderr, ", y = 0x");
+        BN_print_fp(stderr, y);
+        fprintf(stderr, "\n");
+        ABORT;
+    }
+
+    fprintf(stdout, "A cyclic subgroup:\n");
+    k = 100;
+    do {
+        if (k-- == 0)
+            ABORT;
+
+        if (EC_POINT_is_at_infinity(group, P))
+            fprintf(stdout, "     point at infinity\n");
+        else {
+            if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+                ABORT;
+
+            fprintf(stdout, "     x = 0x");
+            BN_print_fp(stdout, x);
+            fprintf(stdout, ", y = 0x");
+            BN_print_fp(stdout, y);
+            fprintf(stdout, "\n");
+        }
+
+        if (!EC_POINT_copy(R, P))
+            ABORT;
+        if (!EC_POINT_add(group, P, P, Q, ctx))
+            ABORT;
+
+    }
+    while (!EC_POINT_is_at_infinity(group, P));
+
+    if (!EC_POINT_add(group, P, Q, R, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+                           sizeof(buf), ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+                           sizeof(buf), ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
+                           ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
+        ABORT;
+    fprintf(stdout,
+            "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, ", Y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, ", Z = 0x");
+    BN_print_fp(stdout, z);
+    fprintf(stdout, "\n");
+
+    if (!EC_POINT_invert(group, P, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, R, ctx))
+        ABORT;
+
+    /*
+     * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
+     * 2000) -- not a NIST curve, but commonly used
+     */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
+        ABORT;
+    if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
+        ABORT;
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 160)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_160, group))
+        ABORT;
+
+    /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 192)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_192, group))
+        ABORT;
+
+    /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn
+        (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn
+        (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
+        ABORT;
+    if (!BN_hex2bn
+        (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn
+        (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn
+        (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn
+        (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 224)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_224, group))
+        ABORT;
+
+    /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn
+        (&p,
+         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn
+        (&a,
+         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn
+        (&b,
+         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn
+        (&x,
+         "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+                   "84F3B9CAC2FC632551"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn
+        (&z,
+         "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 256)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_256, group))
+        ABORT;
+
+    /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+                   "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+                   "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+                   "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 384)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_384, group))
+        ABORT;
+
+    /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+                   "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+                   "DF883D2C34F1EF451FD46B503F00"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+                   "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+                   "3C1856A429BF97E7E31C2E5BD66"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+                   "C9B8899C47AEBB6FB71E91386409"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+                   "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+                   "7086A272C24088BE94769FD16650"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 521)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL)
+        ABORT;
+    if (!EC_GROUP_copy(P_521, group))
+        ABORT;
+
+    /* more tests using the last curve */
+
+    /* Restore the point that got mangled in the (x, y + 1) test. */
+    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+
+    if (!EC_POINT_copy(Q, P))
+        ABORT;
+    if (EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    if (!EC_POINT_dbl(group, P, P, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!EC_POINT_invert(group, Q, ctx))
+        ABORT;                  /* P = -2Q */
+
+    if (!EC_POINT_add(group, R, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_add(group, R, R, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, R))
+        ABORT;                  /* R = P + 2Q */
+
+    {
+        const EC_POINT *points[4];
+        const BIGNUM *scalars[4];
+        BIGNUM *scalar3;
+
+        if (EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+        points[0] = Q;
+        points[1] = Q;
+        points[2] = Q;
+        points[3] = Q;
+
+        if (!EC_GROUP_get_order(group, z, ctx))
+            ABORT;
+        if (!BN_add(y, z, BN_value_one()))
+            ABORT;
+        if (BN_is_odd(y))
+            ABORT;
+        if (!BN_rshift1(y, y))
+            ABORT;
+        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
+        scalars[1] = y;
+
+        fprintf(stdout, "combined multiplication ...");
+        fflush(stdout);
+
+        /* z is still the group order */
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, R, Q, ctx))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+            ABORT;
+        if (!BN_add(z, z, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = y;
+        scalars[1] = z;         /* z = -(order + y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+            ABORT;
+        if (!BN_add(z, x, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = x;
+        scalars[1] = y;
+        scalars[2] = z;         /* z = -(x+y) */
+
+        scalar3 = BN_new();
+        if (!scalar3)
+            ABORT;
+        BN_zero(scalar3);
+        scalars[3] = scalar3;
+
+        if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, " ok\n\n");
+
+        BN_free(scalar3);
+    }
+
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_GROUP_free(group);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(R);
+    BN_free(x);
+    BN_free(y);
+    BN_free(z);
+    BN_free(yplusone);
+
+    EC_GROUP_free(P_160);
+    EC_GROUP_free(P_192);
+    EC_GROUP_free(P_224);
+    EC_GROUP_free(P_256);
+    EC_GROUP_free(P_384);
+    EC_GROUP_free(P_521);
+
+}
+
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!BN_hex2bn(&y, _y)) ABORT; \
+        if (!BN_add(yplusone, y, BN_value_one())) ABORT;        \
+        /* \
+         * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
+         * and therefore setting the coordinates should fail. \
+         */ \
+        if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
+        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n"); \
+        /* G_y value taken from the standard: */ \
+        if (!BN_hex2bn(&z, _y)) ABORT; \
+        if (0 != BN_cmp(y, z)) ABORT;
+# else
+#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!BN_hex2bn(&y, _y)) ABORT; \
+        if (!BN_add(yplusone, y, BN_value_one())) ABORT;        \
+        /* \
+         * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
+         * and therefore setting the coordinates should fail. \
+         */ \
+        if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n");
+# endif
+
+# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&p, _p)) ABORT; \
+        if (!BN_hex2bn(&a, _a)) ABORT; \
+        if (!BN_hex2bn(&b, _b)) ABORT; \
+        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+        CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        fprintf(stdout, "verify degree ..."); \
+        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+        fprintf(stdout, " ok\n"); \
+        group_order_tests(group); \
+        if ((_variable = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; \
+        if (!EC_GROUP_copy(_variable, group)) ABORT; \
+
+# ifndef OPENSSL_NO_EC2M
+
+static void char2_field_tests(void)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *p, *a, *b;
+    EC_GROUP *group;
+    EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 =
+        NULL, *C2_K571 = NULL;
+    EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
+        NULL, *C2_B571 = NULL;
+    EC_POINT *P, *Q, *R;
+    BIGNUM *x, *y, *z, *cof, *yplusone;
+    unsigned char buf[100];
+    size_t i, len;
+    int k;
+
+    ctx = BN_CTX_new();
+    if (!ctx)
+        ABORT;
+
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    if (p == NULL || a == NULL || b == NULL)
+        ABORT;
+
+    if (!BN_hex2bn(&p, "13"))
+        ABORT;
+    if (!BN_hex2bn(&a, "3"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1"))
+        ABORT;
+
+    group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
+                                                    * EC_GROUP_new_curve_GF2m
+                                                    * so that the library gets
+                                                    * to choose the EC_METHOD */
+    if (!group)
+        ABORT;
+    if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
+        ABORT;
+
+    {
+        EC_GROUP *tmp;
+        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+        if (!tmp)
+            ABORT;
+        if (!EC_GROUP_copy(tmp, group))
+            ABORT;
+        EC_GROUP_free(group);
+        group = tmp;
+    }
+
+    if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
+        ABORT;
+
+    fprintf(stdout,
+            "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
+    BN_print_fp(stdout, p);
+    fprintf(stdout, ")\n     a = 0x");
+    BN_print_fp(stdout, a);
+    fprintf(stdout, "\n     b = 0x");
+    BN_print_fp(stdout, b);
+    fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+    P = EC_POINT_new(group);
+    Q = EC_POINT_new(group);
+    R = EC_POINT_new(group);
+    if (!P || !Q || !R)
+        ABORT;
+
+    if (!EC_POINT_set_to_infinity(group, P))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    buf[0] = 0;
+    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+        ABORT;
+
+    if (!EC_POINT_add(group, P, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    x = BN_new();
+    y = BN_new();
+    z = BN_new();
+    cof = BN_new();
+    yplusone = BN_new();
+    if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL)
+        ABORT;
+
+    if (!BN_hex2bn(&x, "6"))
+        ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
+        ABORT;
+#  else
+    if (!BN_hex2bn(&y, "8"))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
+        ABORT;
+#  endif
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
+            ABORT;
+#  endif
+        fprintf(stderr, "Point is not on curve: x = 0x");
+        BN_print_fp(stderr, x);
+        fprintf(stderr, ", y = 0x");
+        BN_print_fp(stderr, y);
+        fprintf(stderr, "\n");
+        ABORT;
+    }
+
+    fprintf(stdout, "A cyclic subgroup:\n");
+    k = 100;
+    do {
+        if (k-- == 0)
+            ABORT;
+
+        if (EC_POINT_is_at_infinity(group, P))
+            fprintf(stdout, "     point at infinity\n");
+        else {
+            if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
+                ABORT;
+
+            fprintf(stdout, "     x = 0x");
+            BN_print_fp(stdout, x);
+            fprintf(stdout, ", y = 0x");
+            BN_print_fp(stdout, y);
+            fprintf(stdout, "\n");
+        }
+
+        if (!EC_POINT_copy(R, P))
+            ABORT;
+        if (!EC_POINT_add(group, P, P, Q, ctx))
+            ABORT;
+    }
+    while (!EC_POINT_is_at_infinity(group, P));
+
+    if (!EC_POINT_add(group, P, Q, R, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+                           sizeof(buf), ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+#  endif
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+                           sizeof(buf), ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
+                           ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+#  endif
+
+    fprintf(stdout, "\n");
+
+    if (!EC_POINT_invert(group, P, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, R, ctx))
+        ABORT;
+
+    /* Curve K-163 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-163",
+         "0800000000000000000000000000000000000000C9",
+         "1",
+         "1",
+         "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+         "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+         1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163);
+
+    /* Curve B-163 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-163",
+         "0800000000000000000000000000000000000000C9",
+         "1",
+         "020A601907B8C953CA1481EB10512F78744A3205FD",
+         "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+         "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+         1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163);
+
+    /* Curve K-233 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-233",
+         "020000000000000000000000000000000000000004000000000000000001",
+         "0",
+         "1",
+         "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+         "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+         0,
+         "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+         "4", 233, C2_K233);
+
+    /* Curve B-233 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-233",
+         "020000000000000000000000000000000000000004000000000000000001",
+         "000000000000000000000000000000000000000000000000000000000001",
+         "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+         "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+         "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+         1,
+         "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+         "2", 233, C2_B233);
+
+    /* Curve K-283 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-283",
+         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+         "0",
+         "1",
+         "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+         "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+         0,
+         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+         "4", 283, C2_K283);
+
+    /* Curve B-283 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-283",
+         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+         "000000000000000000000000000000000000000000000000000000000000000000000001",
+         "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+         "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+         "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+         1,
+         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+         "2", 283, C2_B283);
+
+    /* Curve K-409 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-409",
+         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+         "0",
+         "1",
+         "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+         "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+         1,
+         "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+         "4", 409, C2_K409);
+
+    /* Curve B-409 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-409",
+         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+         "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+         "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+         "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+         1,
+         "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+         "2", 409, C2_B409);
+
+    /* Curve K-571 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-571",
+         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+         "0",
+         "1",
+         "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+         "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+         0,
+         "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+         "4", 571, C2_K571);
+
+    /* Curve B-571 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-571",
+         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+         "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+         "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+         "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+         1,
+         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+         "2", 571, C2_B571);
+
+    /* more tests using the last curve */
+
+    if (!EC_POINT_copy(Q, P))
+        ABORT;
+    if (EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    if (!EC_POINT_dbl(group, P, P, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!EC_POINT_invert(group, Q, ctx))
+        ABORT;                  /* P = -2Q */
+
+    if (!EC_POINT_add(group, R, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_add(group, R, R, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, R))
+        ABORT;                  /* R = P + 2Q */
+
+    {
+        const EC_POINT *points[3];
+        const BIGNUM *scalars[3];
+
+        if (EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+        points[0] = Q;
+        points[1] = Q;
+        points[2] = Q;
+
+        if (!BN_add(y, z, BN_value_one()))
+            ABORT;
+        if (BN_is_odd(y))
+            ABORT;
+        if (!BN_rshift1(y, y))
+            ABORT;
+        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
+        scalars[1] = y;
+
+        fprintf(stdout, "combined multiplication ...");
+        fflush(stdout);
+
+        /* z is still the group order */
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, R, Q, ctx))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+            ABORT;
+        if (!BN_add(z, z, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = y;
+        scalars[1] = z;         /* z = -(order + y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+            ABORT;
+        if (!BN_add(z, x, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = x;
+        scalars[1] = y;
+        scalars[2] = z;         /* z = -(x+y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, " ok\n\n");
+    }
+
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_GROUP_free(group);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(R);
+    BN_free(x);
+    BN_free(y);
+    BN_free(z);
+    BN_free(cof);
+    BN_free(yplusone);
+
+    EC_GROUP_free(C2_K163);
+    EC_GROUP_free(C2_B163);
+    EC_GROUP_free(C2_K233);
+    EC_GROUP_free(C2_B233);
+    EC_GROUP_free(C2_K283);
+    EC_GROUP_free(C2_B283);
+    EC_GROUP_free(C2_K409);
+    EC_GROUP_free(C2_B409);
+    EC_GROUP_free(C2_K571);
+    EC_GROUP_free(C2_B571);
+
+}
+# endif
+
+static void internal_curve_test(void)
+{
+    EC_builtin_curve *curves = NULL;
+    size_t crv_len = 0, n = 0;
+    int ok = 1;
+
+    crv_len = EC_get_builtin_curves(NULL, 0);
+    curves = OPENSSL_malloc(sizeof(*curves) * crv_len);
+    if (curves == NULL)
+        return;
+
+    if (!EC_get_builtin_curves(curves, crv_len)) {
+        OPENSSL_free(curves);
+        return;
+    }
+
+    fprintf(stdout, "testing internal curves: ");
+
+    for (n = 0; n < crv_len; n++) {
+        EC_GROUP *group = NULL;
+        int nid = curves[n].nid;
+        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
+            ok = 0;
+            fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+                    " curve %s\n", OBJ_nid2sn(nid));
+            /* try next curve */
+            continue;
+        }
+        if (!EC_GROUP_check(group, NULL)) {
+            ok = 0;
+            fprintf(stdout, "\nEC_GROUP_check() failed with"
+                    " curve %s\n", OBJ_nid2sn(nid));
+            EC_GROUP_free(group);
+            /* try the next curve */
+            continue;
+        }
+        fprintf(stdout, ".");
+        fflush(stdout);
+        EC_GROUP_free(group);
+    }
+    if (ok)
+        fprintf(stdout, " ok\n\n");
+    else {
+        fprintf(stdout, " failed\n\n");
+        ABORT;
+    }
+
+    /* Test all built-in curves and let the library choose the EC_METHOD */
+    for (n = 0; n < crv_len; n++) {
+        EC_GROUP *group = NULL;
+        int nid = curves[n].nid;
+        /*
+         * Skip for X25519 because low level operations such as EC_POINT_mul()
+         * are not supported for this curve
+         */
+        if (nid == NID_X25519)
+            continue;
+        fprintf(stdout, "%s:\n", OBJ_nid2sn(nid));
+        fflush(stdout);
+        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
+            ABORT;
+        }
+        group_order_tests(group);
+        EC_GROUP_free(group);
+    }
+
+    OPENSSL_free(curves);
+    return;
+}
+
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/*
+ * nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3.
+ */
+struct nistp_test_params {
+    const EC_METHOD *(*meth) ();
+    int degree;
+    /*
+     * Qx, Qy and D are taken from
+     * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+     * Otherwise, values are standard curve parameters from FIPS 180-3
+     */
+    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+};
+
+static const struct nistp_test_params nistp_tests_params[] = {
+    {
+     /* P-224 */
+     EC_GFp_nistp224_method,
+     224,
+     /* p */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+     /* a */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+     /* b */
+     "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+     /* Qx */
+     "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
+     /* Qy */
+     "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
+     /* Gx */
+     "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+     /* Gy */
+     "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+     /* order */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+     /* d */
+     "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
+     },
+    {
+     /* P-256 */
+     EC_GFp_nistp256_method,
+     256,
+     /* p */
+     "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+     /* a */
+     "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+     /* b */
+     "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+     /* Qx */
+     "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
+     /* Qy */
+     "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
+     /* Gx */
+     "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+     /* Gy */
+     "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+     /* order */
+     "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+     /* d */
+     "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
+     },
+    {
+     /* P-521 */
+     EC_GFp_nistp521_method,
+     521,
+     /* p */
+     "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+     /* a */
+     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+     /* b */
+     "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+     /* Qx */
+     "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
+     /* Qy */
+     "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
+     /* Gx */
+     "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+     /* Gy */
+     "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+     /* order */
+     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+     /* d */
+     "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
+     },
+};
+
+static void nistp_single_test(const struct nistp_test_params *test)
+{
+    BN_CTX *ctx;
+    BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone;
+    EC_GROUP *NISTP;
+    EC_POINT *G, *P, *Q, *Q_CHECK;
+
+    fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
+            test->degree);
+    ctx = BN_CTX_new();
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    x = BN_new();
+    y = BN_new();
+    m = BN_new();
+    n = BN_new();
+    order = BN_new();
+    yplusone = BN_new();
+
+    NISTP = EC_GROUP_new(test->meth());
+    if (!NISTP)
+        ABORT;
+    if (!BN_hex2bn(&p, test->p))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, test->a))
+        ABORT;
+    if (!BN_hex2bn(&b, test->b))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
+        ABORT;
+    G = EC_POINT_new(NISTP);
+    P = EC_POINT_new(NISTP);
+    Q = EC_POINT_new(NISTP);
+    Q_CHECK = EC_POINT_new(NISTP);
+    if (!BN_hex2bn(&x, test->Qx))
+        ABORT;
+    if (!BN_hex2bn(&y, test->Qy))
+        ABORT;
+    if (!BN_add(yplusone, y, BN_value_one()))
+        ABORT;
+    /*
+     * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+     * and therefore setting the coordinates should fail.
+     */
+    if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
+        ABORT;
+    if (!BN_hex2bn(&x, test->Gx))
+        ABORT;
+    if (!BN_hex2bn(&y, test->Gy))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
+        ABORT;
+    if (!BN_hex2bn(&order, test->order))
+        ABORT;
+    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
+        ABORT;
+
+    fprintf(stdout, "verify degree ... ");
+    if (EC_GROUP_get_degree(NISTP) != test->degree)
+        ABORT;
+    fprintf(stdout, "ok\n");
+
+    fprintf(stdout, "NIST test vectors ... ");
+    if (!BN_hex2bn(&n, test->d))
+        ABORT;
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /* set generator to P = 2*G, where G is the standard generator */
+    if (!EC_POINT_dbl(NISTP, P, G, ctx))
+        ABORT;
+    if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
+        ABORT;
+    /* set the scalar to m=n/2, where n is the NIST test scalar */
+    if (!BN_rshift(m, n, 1))
+        ABORT;
+
+    /* test the non-standard generator */
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /*
+     * We have not performed precomputation so have_precompute mult should be
+     * false
+     */
+    if (EC_GROUP_have_precompute_mult(NISTP))
+        ABORT;
+
+    /* now repeat all tests with precomputation */
+    if (!EC_GROUP_precompute_mult(NISTP, ctx))
+        ABORT;
+    if (!EC_GROUP_have_precompute_mult(NISTP))
+        ABORT;
+
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /* reset generator */
+    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
+        ABORT;
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    fprintf(stdout, "ok\n");
+    group_order_tests(NISTP);
+    EC_GROUP_free(NISTP);
+    EC_POINT_free(G);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(Q_CHECK);
+    BN_free(n);
+    BN_free(m);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(x);
+    BN_free(y);
+    BN_free(order);
+    BN_free(yplusone);
+    BN_CTX_free(ctx);
+}
+
+static void nistp_tests()
+{
+    unsigned i;
+
+    for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) {
+        nistp_single_test(&nistp_tests_params[i]);
+    }
+}
+# endif
+
+static void parameter_test(void)
+{
+    EC_GROUP *group, *group2;
+    ECPARAMETERS *ecparameters;
+
+    fprintf(stderr, "\ntesting ecparameters conversion ...");
+
+    group = EC_GROUP_new_by_curve_name(NID_secp112r1);
+    if (!group)
+        ABORT;
+
+    ecparameters = EC_GROUP_get_ecparameters(group, NULL);
+    if (!ecparameters)
+        ABORT;
+    group2 = EC_GROUP_new_from_ecparameters(ecparameters);
+    if (!group2)
+        ABORT;
+    if (EC_GROUP_cmp(group, group2, NULL))
+        ABORT;
+
+    fprintf(stderr, " ok\n");
+
+    EC_GROUP_free(group);
+    EC_GROUP_free(group2);
+    ECPARAMETERS_free(ecparameters);
+}
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+    char *p;
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
+
+    prime_field_tests();
+    puts("");
+# ifndef OPENSSL_NO_EC2M
+    char2_field_tests();
+# endif
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    nistp_tests();
+# endif
+    /* test the internal curves */
+    internal_curve_test();
+
+    parameter_test();
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+#endif
+
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/test/enginetest.c b/openssl-1.1.0h/test/enginetest.c
new file mode 100644
index 0000000..0a8c185
--- /dev/null
+++ b/openssl-1.1.0h/test/enginetest.c
@@ -0,0 +1,408 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+    printf("No ENGINE support\n");
+    return (0);
+}
+#else
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/engine.h>
+# include <openssl/err.h>
+# include <openssl/rsa.h>
+# include <openssl/bn.h>
+
+static void display_engine_list(void)
+{
+    ENGINE *h;
+    int loop;
+
+    h = ENGINE_get_first();
+    loop = 0;
+    printf("listing available engine types\n");
+    while (h) {
+        printf("engine %i, id = \"%s\", name = \"%s\"\n",
+               loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+        h = ENGINE_get_next(h);
+    }
+    printf("end of list\n");
+    /*
+     * ENGINE_get_first() increases the struct_ref counter, so we must call
+     * ENGINE_free() to decrease it again
+     */
+    ENGINE_free(h);
+}
+
+/* Test EVP_PKEY method */
+static EVP_PKEY_METHOD *test_rsa = NULL;
+
+static int called_encrypt = 0;
+
+/* Test function to check operation has been redirected */
+static int test_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                        size_t *siglen, const unsigned char *tbs, size_t tbslen)
+{
+    called_encrypt = 1;
+    return 1;
+}
+
+static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **pnids, int nid)
+{
+    static const int rnid = EVP_PKEY_RSA;
+    if (pmeth == NULL) {
+        *pnids = &rnid;
+        return 1;
+    }
+
+    if (nid == EVP_PKEY_RSA) {
+        *pmeth = test_rsa;
+        return 1;
+    }
+
+    *pmeth = NULL;
+    return 0;
+}
+
+/* Return a test EVP_PKEY value */
+
+static EVP_PKEY *get_test_pkey(void)
+{
+    static unsigned char n[] =
+        "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+        "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+        "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+        "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+        "\xF5";
+    static unsigned char e[] = "\x11";
+
+    RSA *rsa = RSA_new();
+    EVP_PKEY *pk = EVP_PKEY_new();
+
+    if (rsa == NULL || pk == NULL || !EVP_PKEY_assign_RSA(pk, rsa)) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pk);
+        return NULL;
+    }
+
+    if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n)-1, NULL),
+                      BN_bin2bn(e, sizeof(e)-1, NULL), NULL)) {
+        EVP_PKEY_free(pk);
+        return NULL;
+    }
+
+    return pk;
+}
+
+static int test_redirect(void)
+{
+    const unsigned char pt[] = "Hello World\n";
+    unsigned char *tmp = NULL;
+    size_t len;
+    EVP_PKEY_CTX *ctx = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    int to_return = 0;
+
+    printf("\nRedirection test\n");
+
+    if ((pkey = get_test_pkey()) == NULL) {
+        printf("Get test key failed\n");
+        goto err;
+    }
+
+    len = EVP_PKEY_size(pkey);
+    if ((tmp = OPENSSL_malloc(len)) == NULL) {
+        printf("Buffer alloc failed\n");
+        goto err;
+    }
+
+    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
+        printf("Key context allocation failure\n");
+        goto err;
+    }
+    printf("EVP_PKEY_encrypt test: no redirection\n");
+    /* Encrypt some data: should succeed but not be redirected */
+    if (EVP_PKEY_encrypt_init(ctx) <= 0
+            || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0
+            || called_encrypt) {
+        printf("Test encryption failure\n");
+        goto err;
+    }
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Create a test ENGINE */
+    if ((e = ENGINE_new()) == NULL
+            || !ENGINE_set_id(e, "Test redirect engine")
+            || !ENGINE_set_name(e, "Test redirect engine")) {
+        printf("Redirection engine setup failure\n");
+        goto err;
+    }
+
+    /*
+     * Try to create a context for this engine and test key.
+     * Try setting test key engine. Both should fail because the
+     * engine has no public key methods.
+     */
+    if (EVP_PKEY_CTX_new(pkey, e) != NULL
+            || EVP_PKEY_set1_engine(pkey, e) > 0) {
+        printf("Unexpected redirection success\n");
+        goto err;
+    }
+
+    /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */
+    if ((test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL) {
+        printf("Test RSA algorithm setup failure\n");
+        goto err;
+    }
+    ENGINE_set_pkey_meths(e, test_pkey_meths);
+
+    /* Getting a context for test ENGINE should now succeed */
+    if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) {
+        printf("Redirected context allocation failed\n");
+        goto err;
+    }
+    /* Encrypt should fail because operation is not supported */
+    if (EVP_PKEY_encrypt_init(ctx) > 0) {
+        printf("Encryption redirect unexpected success\n");
+        goto err;
+    }
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Add test encrypt operation to method */
+    EVP_PKEY_meth_set_encrypt(test_rsa, 0, test_encrypt);
+
+    printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()\n");
+    if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) {
+        printf("Redirected context allocation failed\n");
+        goto err;
+    }
+    /* Encrypt some data: should succeed and be redirected */
+    if (EVP_PKEY_encrypt_init(ctx) <= 0
+            || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0
+            || !called_encrypt) {
+        printf("Redirected key context encryption failed\n");
+        goto err;
+    }
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+    called_encrypt = 0;
+
+    printf("EVP_PKEY_encrypt test: check default operation not redirected\n");
+
+    /* Create context with default engine: should not be redirected */
+    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL
+            || EVP_PKEY_encrypt_init(ctx) <= 0
+            || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0
+            || called_encrypt) {
+        printf("Unredirected key context encryption failed\n");
+        goto err;
+    }
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Set engine explicitly for test key */
+    if (!EVP_PKEY_set1_engine(pkey, e)) {
+        printf("Key engine set failed\n");
+        goto err;
+    }
+
+    printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()\n");
+
+    /* Create context with default engine: should be redirected now */
+    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL
+            || EVP_PKEY_encrypt_init(ctx) <= 0
+            || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0
+            || !called_encrypt) {
+        printf("Key redirection failure\n");
+        goto err;
+    }
+
+    to_return = 1;
+
+ err:
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    ENGINE_free(e);
+    OPENSSL_free(tmp);
+    return to_return;
+}
+
+int main(int argc, char *argv[])
+{
+    ENGINE *block[512];
+    char buf[256];
+    const char *id, *name, *p;
+    ENGINE *ptr;
+    int loop;
+    int to_return = 1;
+    ENGINE *new_h1 = NULL;
+    ENGINE *new_h2 = NULL;
+    ENGINE *new_h3 = NULL;
+    ENGINE *new_h4 = NULL;
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+
+    memset(block, 0, sizeof(block));
+    if (((new_h1 = ENGINE_new()) == NULL) ||
+        !ENGINE_set_id(new_h1, "test_id0") ||
+        !ENGINE_set_name(new_h1, "First test item") ||
+        ((new_h2 = ENGINE_new()) == NULL) ||
+        !ENGINE_set_id(new_h2, "test_id1") ||
+        !ENGINE_set_name(new_h2, "Second test item") ||
+        ((new_h3 = ENGINE_new()) == NULL) ||
+        !ENGINE_set_id(new_h3, "test_id2") ||
+        !ENGINE_set_name(new_h3, "Third test item") ||
+        ((new_h4 = ENGINE_new()) == NULL) ||
+        !ENGINE_set_id(new_h4, "test_id3") ||
+        !ENGINE_set_name(new_h4, "Fourth test item")) {
+        printf("Couldn't set up test ENGINE structures\n");
+        goto end;
+    }
+    printf("\nenginetest beginning\n\n");
+    display_engine_list();
+    if (!ENGINE_add(new_h1)) {
+        printf("Add failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    ptr = ENGINE_get_first();
+    if (!ENGINE_remove(ptr)) {
+        printf("Remove failed!\n");
+        goto end;
+    }
+    ENGINE_free(ptr);
+    display_engine_list();
+    if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
+        printf("Add failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    if (!ENGINE_remove(new_h2)) {
+        printf("Remove failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    if (!ENGINE_add(new_h4)) {
+        printf("Add failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    if (ENGINE_add(new_h3)) {
+        printf("Add *should* have failed but didn't!\n");
+        goto end;
+    } else
+        printf("Add that should fail did.\n");
+    ERR_clear_error();
+    if (ENGINE_remove(new_h2)) {
+        printf("Remove *should* have failed but didn't!\n");
+        goto end;
+    } else
+        printf("Remove that should fail did.\n");
+    ERR_clear_error();
+    if (!ENGINE_remove(new_h3)) {
+        printf("Remove failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    if (!ENGINE_remove(new_h4)) {
+        printf("Remove failed!\n");
+        goto end;
+    }
+    display_engine_list();
+    /*
+     * Depending on whether there's any hardware support compiled in, this
+     * remove may be destined to fail.
+     */
+    ptr = ENGINE_get_first();
+    if (ptr)
+        if (!ENGINE_remove(ptr))
+            printf("Remove failed!i - probably no hardware "
+                   "support present.\n");
+    ENGINE_free(ptr);
+    display_engine_list();
+    if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
+        printf("Couldn't add and remove to an empty list!\n");
+        goto end;
+    } else
+        printf("Successfully added and removed to an empty list!\n");
+    printf("About to beef up the engine-type list\n");
+    for (loop = 0; loop < 512; loop++) {
+        sprintf(buf, "id%i", loop);
+        id = OPENSSL_strdup(buf);
+        sprintf(buf, "Fake engine type %i", loop);
+        name = OPENSSL_strdup(buf);
+        if (((block[loop] = ENGINE_new()) == NULL) ||
+            !ENGINE_set_id(block[loop], id) ||
+            !ENGINE_set_name(block[loop], name)) {
+            printf("Couldn't create block of ENGINE structures.\n"
+                   "I'll probably also core-dump now, damn.\n");
+            goto end;
+        }
+    }
+    for (loop = 0; loop < 512; loop++) {
+        if (!ENGINE_add(block[loop])) {
+            printf("\nAdding stopped at %i, (%s,%s)\n",
+                   loop, ENGINE_get_id(block[loop]),
+                   ENGINE_get_name(block[loop]));
+            goto cleanup_loop;
+        } else
+            printf(".");
+        fflush(stdout);
+    }
+ cleanup_loop:
+    printf("\nAbout to empty the engine-type list\n");
+    while ((ptr = ENGINE_get_first()) != NULL) {
+        if (!ENGINE_remove(ptr)) {
+            printf("\nRemove failed!\n");
+            goto end;
+        }
+        ENGINE_free(ptr);
+        printf(".");
+        fflush(stdout);
+    }
+    for (loop = 0; loop < 512; loop++) {
+        OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+        OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+    }
+    if (!test_redirect())
+        goto end;
+    printf("\nTests completed happily\n");
+    to_return = 0;
+ end:
+    if (to_return)
+        ERR_print_errors_fp(stderr);
+    ENGINE_free(new_h1);
+    ENGINE_free(new_h2);
+    ENGINE_free(new_h3);
+    ENGINE_free(new_h4);
+    for (loop = 0; loop < 512; loop++)
+        ENGINE_free(block[loop]);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        to_return = 1;
+#endif
+    return to_return;
+}
+#endif
diff --git a/openssl-1.1.0h/test/evp_extra_test.c b/openssl-1.1.0h/test/evp_extra_test.c
new file mode 100644
index 0000000..9217f3a
--- /dev/null
+++ b/openssl-1.1.0h/test/evp_extra_test.c
@@ -0,0 +1,409 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+
+/*
+ * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
+ * should never use this key anywhere but in an example.
+ */
+static const unsigned char kExampleRSAKeyDER[] = {
+    0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
+    0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
+    0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
+    0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
+    0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
+    0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
+    0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
+    0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
+    0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
+    0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
+    0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
+    0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
+    0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
+    0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
+    0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
+    0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
+    0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
+    0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
+    0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
+    0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
+    0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
+    0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
+    0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
+    0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
+    0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
+    0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
+    0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
+    0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
+    0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
+    0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
+    0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
+    0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
+    0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
+    0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
+    0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
+    0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
+    0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
+    0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
+    0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
+    0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
+    0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
+    0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
+    0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
+    0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
+    0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
+    0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
+    0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
+    0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
+    0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
+    0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
+    0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
+};
+
+static const unsigned char kMsg[] = { 1, 2, 3, 4 };
+
+static const unsigned char kSignature[] = {
+    0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
+    0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
+    0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
+    0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
+    0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
+    0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
+    0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
+    0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
+    0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
+    0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
+    0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
+};
+
+/*
+ * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
+ * PrivateKeyInfo.
+ */
+static const unsigned char kExampleRSAKeyPKCS8[] = {
+    0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
+    0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
+    0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
+    0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
+    0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
+    0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
+    0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
+    0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
+    0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
+    0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
+    0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
+    0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
+    0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
+    0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
+    0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
+    0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
+    0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
+    0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
+    0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
+    0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
+    0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
+    0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
+    0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
+    0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
+    0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
+    0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
+    0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
+    0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
+    0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
+    0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
+    0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
+    0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
+    0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
+    0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
+    0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
+    0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
+    0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
+    0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
+    0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
+    0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
+    0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
+    0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
+    0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
+    0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
+    0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
+    0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
+    0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
+    0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
+    0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
+};
+
+#ifndef OPENSSL_NO_EC
+/*
+ * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
+ * structure.
+ */
+static const unsigned char kExampleECKeyDER[] = {
+    0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
+    0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
+    0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
+    0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
+    0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
+    0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
+    0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
+    0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
+    0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
+    0xc1,
+};
+
+/*
+ * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
+ * structure. The private key is equal to the order and will fail to import
+ */
+static const unsigned char kExampleBadECKeyDER[] = {
+    0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
+    0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
+    0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
+    0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
+    0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
+    0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+};
+#endif
+
+static EVP_PKEY *load_example_rsa_key(void)
+{
+    EVP_PKEY *ret = NULL;
+    const unsigned char *derp = kExampleRSAKeyDER;
+    EVP_PKEY *pkey = NULL;
+    RSA *rsa = NULL;
+
+    if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) {
+        return NULL;
+    }
+
+    pkey = EVP_PKEY_new();
+    if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) {
+        goto out;
+    }
+
+    ret = pkey;
+    pkey = NULL;
+
+ out:
+    EVP_PKEY_free(pkey);
+    RSA_free(rsa);
+
+    return ret;
+}
+
+static int test_EVP_DigestSignInit(void)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *sig = NULL;
+    size_t sig_len = 0;
+    EVP_MD_CTX *md_ctx, *md_ctx_verify;
+
+    md_ctx = EVP_MD_CTX_new();
+    md_ctx_verify = EVP_MD_CTX_new();
+    if (md_ctx == NULL || md_ctx_verify == NULL)
+        goto out;
+
+    pkey = load_example_rsa_key();
+    if (pkey == NULL ||
+        !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
+        !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {
+        goto out;
+    }
+    /* Determine the size of the signature. */
+    if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {
+        goto out;
+    }
+    /* Sanity check for testing. */
+    if (sig_len != (size_t)EVP_PKEY_size(pkey)) {
+        fprintf(stderr, "sig_len mismatch\n");
+        goto out;
+    }
+
+    sig = OPENSSL_malloc(sig_len);
+    if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {
+        goto out;
+    }
+
+    /* Ensure that the signature round-trips. */
+    if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)
+        || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))
+        || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) {
+        goto out;
+    }
+
+    ret = 1;
+
+ out:
+    if (!ret) {
+        ERR_print_errors_fp(stderr);
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    EVP_MD_CTX_free(md_ctx_verify);
+    EVP_PKEY_free(pkey);
+    OPENSSL_free(sig);
+
+    return ret;
+}
+
+static int test_EVP_DigestVerifyInit(void)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    EVP_MD_CTX *md_ctx;
+
+    md_ctx = EVP_MD_CTX_new();
+
+    pkey = load_example_rsa_key();
+    if (pkey == NULL ||
+        !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
+        !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) ||
+        !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) {
+        goto out;
+    }
+    ret = 1;
+
+ out:
+    if (!ret) {
+        ERR_print_errors_fp(stderr);
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    EVP_PKEY_free(pkey);
+
+    return ret;
+}
+
+static int test_d2i_AutoPrivateKey(const unsigned char *input,
+                                   size_t input_len, int expected_id)
+{
+    int ret = 0;
+    const unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+
+    p = input;
+    pkey = d2i_AutoPrivateKey(NULL, &p, input_len);
+    if (pkey == NULL || p != input + input_len) {
+        fprintf(stderr, "d2i_AutoPrivateKey failed\n");
+        goto done;
+    }
+
+    if (EVP_PKEY_id(pkey) != expected_id) {
+        fprintf(stderr, "Did not decode expected type\n");
+        goto done;
+    }
+
+    ret = 1;
+
+ done:
+    if (!ret) {
+        ERR_print_errors_fp(stderr);
+    }
+
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC
+/* Tests loading a bad key in PKCS8 format */
+static int test_EVP_PKCS82PKEY(void)
+{
+    int ret = 0;
+    const unsigned char *derp = kExampleBadECKeyDER;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER));
+
+    if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) {
+        fprintf(stderr, "Failed to parse key\n");
+        goto done;
+    }
+
+    pkey = EVP_PKCS82PKEY(p8inf);
+    if (pkey) {
+        fprintf(stderr, "Imported invalid EC key\n");
+        goto done;
+    }
+
+    ret = 1;
+
+ done:
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    EVP_PKEY_free(pkey);
+
+    return ret;
+}
+#endif
+
+int main(void)
+{
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+
+    if (!test_EVP_DigestSignInit()) {
+        fprintf(stderr, "EVP_DigestSignInit failed\n");
+        return 1;
+    }
+
+    if (!test_EVP_DigestVerifyInit()) {
+        fprintf(stderr, "EVP_DigestVerifyInit failed\n");
+        return 1;
+    }
+
+    if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER),
+                                 EVP_PKEY_RSA)) {
+        fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n");
+        return 1;
+    }
+
+    if (!test_d2i_AutoPrivateKey
+        (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) {
+        fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n");
+        return 1;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER),
+                                 EVP_PKEY_EC)) {
+        fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n");
+        return 1;
+    }
+
+    if (!test_EVP_PKCS82PKEY()) {
+        fprintf(stderr, "test_EVP_PKCS82PKEY failed\n");
+        return 1;
+    }
+#endif
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+#endif
+
+    printf("PASS\n");
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/evp_test.c b/openssl-1.1.0h/test/evp_test.c
new file mode 100644
index 0000000..fb2ca27
--- /dev/null
+++ b/openssl-1.1.0h/test/evp_test.c
@@ -0,0 +1,2172 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs12.h>
+#include <openssl/kdf.h>
+#include "internal/numbers.h"
+
+/* Remove spaces from beginning and end of a string */
+
+static void remove_space(char **pval)
+{
+    unsigned char *p = (unsigned char *)*pval;
+
+    while (isspace(*p))
+        p++;
+
+    *pval = (char *)p;
+
+    p = p + strlen(*pval) - 1;
+
+    /* Remove trailing space */
+    while (isspace(*p))
+        *p-- = 0;
+}
+
+/*
+ * Given a line of the form:
+ *      name = value # comment
+ * extract name and value. NB: modifies passed buffer.
+ */
+
+static int parse_line(char **pkw, char **pval, char *linebuf)
+{
+    char *p;
+
+    p = linebuf + strlen(linebuf) - 1;
+
+    if (*p != '\n') {
+        fprintf(stderr, "FATAL: missing EOL\n");
+        exit(1);
+    }
+
+    /* Look for # */
+
+    p = strchr(linebuf, '#');
+
+    if (p)
+        *p = '\0';
+
+    /* Look for = sign */
+    p = strchr(linebuf, '=');
+
+    /* If no '=' exit */
+    if (!p)
+        return 0;
+
+    *p++ = '\0';
+
+    *pkw = linebuf;
+    *pval = p;
+
+    /* Remove spaces from keyword and value */
+    remove_space(pkw);
+    remove_space(pval);
+
+    return 1;
+}
+
+/*
+ * Unescape some escape sequences in string literals.
+ * Return the result in a newly allocated buffer.
+ * Currently only supports '\n'.
+ * If the input length is 0, returns a valid 1-byte buffer, but sets
+ * the length to 0.
+ */
+static unsigned char* unescape(const char *input, size_t input_len,
+                               size_t *out_len)
+{
+    unsigned char *ret, *p;
+    size_t i;
+    if (input_len == 0) {
+        *out_len = 0;
+        return OPENSSL_zalloc(1);
+    }
+
+    /* Escaping is non-expanding; over-allocate original size for simplicity. */
+    ret = p = OPENSSL_malloc(input_len);
+    if (ret == NULL)
+        return NULL;
+
+    for (i = 0; i < input_len; i++) {
+        if (input[i] == '\\') {
+            if (i == input_len - 1 || input[i+1] != 'n')
+                goto err;
+            *p++ = '\n';
+            i++;
+        } else {
+            *p++ = input[i];
+        }
+    }
+
+    *out_len = p - ret;
+    return ret;
+
+ err:
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+/* For a hex string "value" convert to a binary allocated buffer */
+static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
+{
+    long len;
+
+    *buflen = 0;
+
+    /* Check for empty value */
+    if (!*value) {
+        /*
+         * Don't return NULL for zero length buffer.
+         * This is needed for some tests with empty keys: HMAC_Init_ex() expects
+         * a non-NULL key buffer even if the key length is 0, in order to detect
+         * key reset.
+         */
+        *buf = OPENSSL_malloc(1);
+        if (!*buf)
+            return 0;
+        **buf = 0;
+        *buflen = 0;
+        return 1;
+    }
+
+    /* Check for NULL literal */
+    if (strcmp(value, "NULL") == 0) {
+        *buf = NULL;
+        *buflen = 0;
+        return 1;
+    }
+
+    /* Check for string literal */
+    if (value[0] == '"') {
+        size_t vlen;
+        value++;
+        vlen = strlen(value);
+        if (value[vlen - 1] != '"')
+            return 0;
+        vlen--;
+        *buf = unescape(value, vlen, buflen);
+        if (*buf == NULL)
+            return 0;
+        return 1;
+    }
+
+    /* Otherwise assume as hex literal and convert it to binary buffer */
+    *buf = OPENSSL_hexstr2buf(value, &len);
+    if (!*buf) {
+        fprintf(stderr, "Value=%s\n", value);
+        ERR_print_errors_fp(stderr);
+        return -1;
+    }
+    /* Size of input buffer means we'll never overflow */
+    *buflen = len;
+    return 1;
+}
+#ifndef OPENSSL_NO_SCRYPT
+/* Currently only used by scrypt tests */
+/* Parse unsigned decimal 64 bit integer value */
+static int test_uint64(const char *value, uint64_t *pr)
+{
+    const char *p = value;
+    if (!*p) {
+        fprintf(stderr, "Invalid empty integer value\n");
+        return -1;
+    }
+    *pr = 0;
+    while (*p) {
+        if (*pr > UINT64_MAX/10) {
+            fprintf(stderr, "Integer string overflow value=%s\n", value);
+            return -1;
+        }
+        *pr *= 10;
+        if (*p < '0' || *p > '9') {
+            fprintf(stderr, "Invalid integer string value=%s\n", value);
+            return -1;
+        }
+        *pr += *p - '0';
+        p++;
+    }
+    return 1;
+}
+#endif
+
+/* Structure holding test information */
+struct evp_test {
+    /* file being read */
+    BIO *in;
+    /* temp memory BIO for reading in keys */
+    BIO *key;
+    /* List of public and private keys */
+    struct key_list *private;
+    struct key_list *public;
+    /* method for this test */
+    const struct evp_test_method *meth;
+    /* current line being processed */
+    unsigned int line;
+    /* start line of current test */
+    unsigned int start_line;
+    /* Error string for test */
+    const char *err, *aux_err;
+    /* Expected error value of test */
+    char *expected_err;
+    /* Expected error function string */
+    char *func;
+    /* Expected error reason string */
+    char *reason;
+    /* Number of tests */
+    int ntests;
+    /* Error count */
+    int errors;
+    /* Number of tests skipped */
+    int nskip;
+    /* If output mismatch expected and got value */
+    unsigned char *out_received;
+    size_t out_received_len;
+    unsigned char *out_expected;
+    size_t out_expected_len;
+    /* test specific data */
+    void *data;
+    /* Current test should be skipped */
+    int skip;
+};
+
+struct key_list {
+    char *name;
+    EVP_PKEY *key;
+    struct key_list *next;
+};
+
+/* Test method structure */
+struct evp_test_method {
+    /* Name of test as it appears in file */
+    const char *name;
+    /* Initialise test for "alg" */
+    int (*init) (struct evp_test * t, const char *alg);
+    /* Clean up method */
+    void (*cleanup) (struct evp_test * t);
+    /* Test specific name value pair processing */
+    int (*parse) (struct evp_test * t, const char *name, const char *value);
+    /* Run the test itself */
+    int (*run_test) (struct evp_test * t);
+};
+
+static const struct evp_test_method digest_test_method, cipher_test_method;
+static const struct evp_test_method mac_test_method;
+static const struct evp_test_method psign_test_method, pverify_test_method;
+static const struct evp_test_method pdecrypt_test_method;
+static const struct evp_test_method pverify_recover_test_method;
+static const struct evp_test_method pderive_test_method;
+static const struct evp_test_method pbe_test_method;
+static const struct evp_test_method encode_test_method;
+static const struct evp_test_method kdf_test_method;
+static const struct evp_test_method keypair_test_method;
+
+static const struct evp_test_method *evp_test_list[] = {
+    &digest_test_method,
+    &cipher_test_method,
+    &mac_test_method,
+    &psign_test_method,
+    &pverify_test_method,
+    &pdecrypt_test_method,
+    &pverify_recover_test_method,
+    &pderive_test_method,
+    &pbe_test_method,
+    &encode_test_method,
+    &kdf_test_method,
+    &keypair_test_method,
+    NULL
+};
+
+static const struct evp_test_method *evp_find_test(const char *name)
+{
+    const struct evp_test_method **tt;
+
+    for (tt = evp_test_list; *tt; tt++) {
+        if (strcmp(name, (*tt)->name) == 0)
+            return *tt;
+    }
+    return NULL;
+}
+
+static void hex_print(const char *name, const unsigned char *buf, size_t len)
+{
+    size_t i;
+    fprintf(stderr, "%s ", name);
+    for (i = 0; i < len; i++)
+        fprintf(stderr, "%02X", buf[i]);
+    fputs("\n", stderr);
+}
+
+static void free_expected(struct evp_test *t)
+{
+    OPENSSL_free(t->expected_err);
+    t->expected_err = NULL;
+    OPENSSL_free(t->func);
+    t->func = NULL;
+    OPENSSL_free(t->reason);
+    t->reason = NULL;
+    OPENSSL_free(t->out_expected);
+    OPENSSL_free(t->out_received);
+    t->out_expected = NULL;
+    t->out_received = NULL;
+    t->out_expected_len = 0;
+    t->out_received_len = 0;
+    /* Literals. */
+    t->err = NULL;
+}
+
+static void print_expected(struct evp_test *t)
+{
+    if (t->out_expected == NULL && t->out_received == NULL)
+        return;
+    hex_print("Expected:", t->out_expected, t->out_expected_len);
+    hex_print("Got:     ", t->out_received, t->out_received_len);
+    free_expected(t);
+}
+
+static int check_test_error(struct evp_test *t)
+{
+    unsigned long err;
+    const char *func;
+    const char *reason;
+    if (!t->err && !t->expected_err)
+        return 1;
+    if (t->err && !t->expected_err) {
+        if (t->aux_err != NULL) {
+            fprintf(stderr, "Test line %d(%s): unexpected error %s\n",
+                    t->start_line, t->aux_err, t->err);
+        } else {
+            fprintf(stderr, "Test line %d: unexpected error %s\n",
+                    t->start_line, t->err);
+        }
+        print_expected(t);
+        return 0;
+    }
+    if (!t->err && t->expected_err) {
+        fprintf(stderr, "Test line %d: succeeded expecting %s\n",
+                t->start_line, t->expected_err);
+        return 0;
+    }
+
+    if (strcmp(t->err, t->expected_err) != 0) {
+        fprintf(stderr, "Test line %d: expecting %s got %s\n",
+                t->start_line, t->expected_err, t->err);
+        return 0;
+    }
+
+    if (t->func == NULL && t->reason == NULL)
+        return 1;
+
+    if (t->func == NULL || t->reason == NULL) {
+        fprintf(stderr, "Test line %d: missing function or reason code\n",
+                t->start_line);
+        return 0;
+    }
+
+    err = ERR_peek_error();
+    if (err == 0) {
+        fprintf(stderr, "Test line %d, expected error \"%s:%s\" not set\n",
+                t->start_line, t->func, t->reason);
+        return 0;
+    }
+
+    func = ERR_func_error_string(err);
+    reason = ERR_reason_error_string(err);
+
+    if (func == NULL && reason == NULL) {
+        fprintf(stderr, "Test line %d: expected error \"%s:%s\", no strings available.  Skipping...\n",
+                t->start_line, t->func, t->reason);
+        return 1;
+    }
+
+    if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0)
+        return 1;
+
+    fprintf(stderr, "Test line %d: expected error \"%s:%s\", got \"%s:%s\"\n",
+            t->start_line, t->func, t->reason, func, reason);
+
+    return 0;
+}
+
+/* Setup a new test, run any existing test */
+
+static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth)
+{
+    /* If we already have a test set up run it */
+    if (t->meth) {
+        t->ntests++;
+        if (t->skip) {
+            t->nskip++;
+        } else {
+            /* run the test */
+            if (t->err == NULL && t->meth->run_test(t) != 1) {
+                fprintf(stderr, "%s test error line %d\n",
+                        t->meth->name, t->start_line);
+                return 0;
+            }
+            if (!check_test_error(t)) {
+                if (t->err)
+                    ERR_print_errors_fp(stderr);
+                t->errors++;
+            }
+        }
+        /* clean it up */
+        ERR_clear_error();
+        if (t->data != NULL) {
+            t->meth->cleanup(t);
+            OPENSSL_free(t->data);
+            t->data = NULL;
+        }
+        OPENSSL_free(t->expected_err);
+        t->expected_err = NULL;
+        free_expected(t);
+    }
+    t->meth = tmeth;
+    return 1;
+}
+
+static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst)
+{
+    for (; lst; lst = lst->next) {
+        if (strcmp(lst->name, name) == 0) {
+            if (ppk)
+                *ppk = lst->key;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+static void free_key_list(struct key_list *lst)
+{
+    while (lst != NULL) {
+        struct key_list *ltmp;
+        EVP_PKEY_free(lst->key);
+        OPENSSL_free(lst->name);
+        ltmp = lst->next;
+        OPENSSL_free(lst);
+        lst = ltmp;
+    }
+}
+
+static int check_unsupported()
+{
+    long err = ERR_peek_error();
+    if (ERR_GET_LIB(err) == ERR_LIB_EVP
+        && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
+        ERR_clear_error();
+        return 1;
+    }
+#ifndef OPENSSL_NO_EC
+    /*
+     * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
+     * hint to an unsupported algorithm/curve (e.g. if binary EC support is
+     * disabled).
+     */
+    if (ERR_GET_LIB(err) == ERR_LIB_EC
+        && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
+        ERR_clear_error();
+        return 1;
+    }
+#endif /* OPENSSL_NO_EC */
+    return 0;
+}
+
+
+static int read_key(struct evp_test *t)
+{
+    char tmpbuf[80];
+    if (t->key == NULL)
+        t->key = BIO_new(BIO_s_mem());
+    else if (BIO_reset(t->key) <= 0)
+        return 0;
+    if (t->key == NULL) {
+        fprintf(stderr, "Error allocating key memory BIO\n");
+        return 0;
+    }
+    /* Read to PEM end line and place content in memory BIO */
+    while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) {
+        t->line++;
+        if (BIO_puts(t->key, tmpbuf) <= 0) {
+            fprintf(stderr, "Error writing to key memory BIO\n");
+            return 0;
+        }
+        if (strncmp(tmpbuf, "-----END", 8) == 0)
+            return 1;
+    }
+    fprintf(stderr, "Can't find key end\n");
+    return 0;
+}
+
+static int process_test(struct evp_test *t, char *buf, int verbose)
+{
+    char *keyword = NULL, *value = NULL;
+    int rv = 0, add_key = 0;
+    struct key_list **lst = NULL, *key = NULL;
+    EVP_PKEY *pk = NULL;
+    const struct evp_test_method *tmeth = NULL;
+    if (verbose)
+        fputs(buf, stdout);
+    if (!parse_line(&keyword, &value, buf))
+        return 1;
+    if (strcmp(keyword, "PrivateKey") == 0) {
+        if (!read_key(t))
+            return 0;
+        pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL);
+        if (pk == NULL && !check_unsupported()) {
+            fprintf(stderr, "Error reading private key %s\n", value);
+            ERR_print_errors_fp(stderr);
+            return 0;
+        }
+        lst = &t->private;
+        add_key = 1;
+    }
+    if (strcmp(keyword, "PublicKey") == 0) {
+        if (!read_key(t))
+            return 0;
+        pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL);
+        if (pk == NULL && !check_unsupported()) {
+            fprintf(stderr, "Error reading public key %s\n", value);
+            ERR_print_errors_fp(stderr);
+            return 0;
+        }
+        lst = &t->public;
+        add_key = 1;
+    }
+    /* If we have a key add to list */
+    if (add_key) {
+        if (find_key(NULL, value, *lst)) {
+            fprintf(stderr, "Duplicate key %s\n", value);
+            return 0;
+        }
+        key = OPENSSL_malloc(sizeof(*key));
+        if (!key)
+            return 0;
+        key->name = OPENSSL_strdup(value);
+        key->key = pk;
+        key->next = *lst;
+        *lst = key;
+        return 1;
+    }
+
+    /* See if keyword corresponds to a test start */
+    tmeth = evp_find_test(keyword);
+    if (tmeth) {
+        if (!setup_test(t, tmeth))
+            return 0;
+        t->start_line = t->line;
+        t->skip = 0;
+        if (!tmeth->init(t, value)) {
+            fprintf(stderr, "Unknown %s: %s\n", keyword, value);
+            return 0;
+        }
+        return 1;
+    } else if (t->skip) {
+        return 1;
+    } else if (strcmp(keyword, "Result") == 0) {
+        if (t->expected_err) {
+            fprintf(stderr, "Line %d: multiple result lines\n", t->line);
+            return 0;
+        }
+        t->expected_err = OPENSSL_strdup(value);
+        if (t->expected_err == NULL)
+            return 0;
+    } else if (strcmp(keyword, "Function") == 0) {
+        if (t->func != NULL) {
+            fprintf(stderr, "Line %d: multiple function lines\n", t->line);
+            return 0;
+        }
+        t->func = OPENSSL_strdup(value);
+        if (t->func == NULL)
+            return 0;
+    } else if (strcmp(keyword, "Reason") == 0) {
+        if (t->reason != NULL) {
+            fprintf(stderr, "Line %d: multiple reason lines\n", t->line);
+            return 0;
+        }
+        t->reason = OPENSSL_strdup(value);
+        if (t->reason == NULL)
+            return 0;
+    } else {
+        /* Must be test specific line: try to parse it */
+        if (t->meth)
+            rv = t->meth->parse(t, keyword, value);
+
+        if (rv == 0)
+            fprintf(stderr, "line %d: unexpected keyword %s\n",
+                    t->line, keyword);
+
+        if (rv < 0)
+            fprintf(stderr, "line %d: error processing keyword %s\n",
+                    t->line, keyword);
+        if (rv <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int check_var_length_output(struct evp_test *t,
+                                   const unsigned char *expected,
+                                   size_t expected_len,
+                                   const unsigned char *received,
+                                   size_t received_len)
+{
+    if (expected_len == received_len &&
+        memcmp(expected, received, expected_len) == 0) {
+        return 0;
+    }
+
+    /* The result printing code expects a non-NULL buffer. */
+    t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1);
+    t->out_expected_len = expected_len;
+    t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1);
+    t->out_received_len = received_len;
+    if (t->out_expected == NULL || t->out_received == NULL) {
+        fprintf(stderr, "Memory allocation error!\n");
+        exit(1);
+    }
+    return 1;
+}
+
+static int check_output(struct evp_test *t,
+                        const unsigned char *expected,
+                        const unsigned char *received,
+                        size_t len)
+{
+    return check_var_length_output(t, expected, len, received, len);
+}
+
+int main(int argc, char **argv)
+{
+    BIO *in = NULL;
+    char buf[10240];
+    struct evp_test t;
+
+    if (argc != 2) {
+        fprintf(stderr, "usage: evp_test testfile.txt\n");
+        return 1;
+    }
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    memset(&t, 0, sizeof(t));
+    t.start_line = -1;
+    in = BIO_new_file(argv[1], "rb");
+    if (in == NULL) {
+        fprintf(stderr, "Can't open %s for reading\n", argv[1]);
+        return 1;
+    }
+    t.in = in;
+    t.err = NULL;
+    while (BIO_gets(in, buf, sizeof(buf))) {
+        t.line++;
+        if (!process_test(&t, buf, 0))
+            exit(1);
+    }
+    /* Run any final test we have */
+    if (!setup_test(&t, NULL))
+        exit(1);
+    fprintf(stderr, "%d tests completed with %d errors, %d skipped\n",
+            t.ntests, t.errors, t.nskip);
+    free_key_list(t.public);
+    free_key_list(t.private);
+    BIO_free(t.key);
+    BIO_free(in);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+#endif
+    if (t.errors)
+        return 1;
+    return 0;
+}
+
+static void test_free(void *d)
+{
+    OPENSSL_free(d);
+}
+
+/* Message digest tests */
+
+struct digest_data {
+    /* Digest this test is for */
+    const EVP_MD *digest;
+    /* Input to digest */
+    unsigned char *input;
+    size_t input_len;
+    /* Repeat count for input */
+    size_t nrpt;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+};
+
+static int digest_test_init(struct evp_test *t, const char *alg)
+{
+    const EVP_MD *digest;
+    struct digest_data *mdat;
+    digest = EVP_get_digestbyname(alg);
+    if (!digest) {
+        /* If alg has an OID assume disabled algorithm */
+        if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
+            t->skip = 1;
+            return 1;
+        }
+        return 0;
+    }
+    mdat = OPENSSL_malloc(sizeof(*mdat));
+    mdat->digest = digest;
+    mdat->input = NULL;
+    mdat->output = NULL;
+    mdat->nrpt = 1;
+    t->data = mdat;
+    return 1;
+}
+
+static void digest_test_cleanup(struct evp_test *t)
+{
+    struct digest_data *mdat = t->data;
+    test_free(mdat->input);
+    test_free(mdat->output);
+}
+
+static int digest_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct digest_data *mdata = t->data;
+    if (strcmp(keyword, "Input") == 0)
+        return test_bin(value, &mdata->input, &mdata->input_len);
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &mdata->output, &mdata->output_len);
+    if (strcmp(keyword, "Count") == 0) {
+        long nrpt = atoi(value);
+        if (nrpt <= 0)
+            return 0;
+        mdata->nrpt = (size_t)nrpt;
+        return 1;
+    }
+    return 0;
+}
+
+static int digest_test_run(struct evp_test *t)
+{
+    struct digest_data *mdata = t->data;
+    size_t i;
+    const char *err = "INTERNAL_ERROR";
+    EVP_MD_CTX *mctx;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int md_len;
+    mctx = EVP_MD_CTX_new();
+    if (!mctx)
+        goto err;
+    err = "DIGESTINIT_ERROR";
+    if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL))
+        goto err;
+    err = "DIGESTUPDATE_ERROR";
+    for (i = 0; i < mdata->nrpt; i++) {
+        if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len))
+            goto err;
+    }
+    err = "DIGESTFINAL_ERROR";
+    if (!EVP_DigestFinal(mctx, md, &md_len))
+        goto err;
+    err = "DIGEST_LENGTH_MISMATCH";
+    if (md_len != mdata->output_len)
+        goto err;
+    err = "DIGEST_MISMATCH";
+    if (check_output(t, mdata->output, md, md_len))
+        goto err;
+    err = NULL;
+ err:
+    EVP_MD_CTX_free(mctx);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method digest_test_method = {
+    "Digest",
+    digest_test_init,
+    digest_test_cleanup,
+    digest_test_parse,
+    digest_test_run
+};
+
+/* Cipher tests */
+struct cipher_data {
+    const EVP_CIPHER *cipher;
+    int enc;
+    /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
+    int aead;
+    unsigned char *key;
+    size_t key_len;
+    unsigned char *iv;
+    size_t iv_len;
+    unsigned char *plaintext;
+    size_t plaintext_len;
+    unsigned char *ciphertext;
+    size_t ciphertext_len;
+    /* GCM, CCM only */
+    unsigned char *aad;
+    size_t aad_len;
+    unsigned char *tag;
+    size_t tag_len;
+};
+
+static int cipher_test_init(struct evp_test *t, const char *alg)
+{
+    const EVP_CIPHER *cipher;
+    struct cipher_data *cdat = t->data;
+    cipher = EVP_get_cipherbyname(alg);
+    if (!cipher) {
+        /* If alg has an OID assume disabled algorithm */
+        if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
+            t->skip = 1;
+            return 1;
+        }
+        return 0;
+    }
+    cdat = OPENSSL_malloc(sizeof(*cdat));
+    cdat->cipher = cipher;
+    cdat->enc = -1;
+    cdat->key = NULL;
+    cdat->iv = NULL;
+    cdat->ciphertext = NULL;
+    cdat->plaintext = NULL;
+    cdat->aad = NULL;
+    cdat->tag = NULL;
+    t->data = cdat;
+    if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
+        || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
+        || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
+        cdat->aead = EVP_CIPHER_mode(cipher);
+    else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+        cdat->aead = -1;
+    else
+        cdat->aead = 0;
+
+    return 1;
+}
+
+static void cipher_test_cleanup(struct evp_test *t)
+{
+    struct cipher_data *cdat = t->data;
+    test_free(cdat->key);
+    test_free(cdat->iv);
+    test_free(cdat->ciphertext);
+    test_free(cdat->plaintext);
+    test_free(cdat->aad);
+    test_free(cdat->tag);
+}
+
+static int cipher_test_parse(struct evp_test *t, const char *keyword,
+                             const char *value)
+{
+    struct cipher_data *cdat = t->data;
+    if (strcmp(keyword, "Key") == 0)
+        return test_bin(value, &cdat->key, &cdat->key_len);
+    if (strcmp(keyword, "IV") == 0)
+        return test_bin(value, &cdat->iv, &cdat->iv_len);
+    if (strcmp(keyword, "Plaintext") == 0)
+        return test_bin(value, &cdat->plaintext, &cdat->plaintext_len);
+    if (strcmp(keyword, "Ciphertext") == 0)
+        return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
+    if (cdat->aead) {
+        if (strcmp(keyword, "AAD") == 0)
+            return test_bin(value, &cdat->aad, &cdat->aad_len);
+        if (strcmp(keyword, "Tag") == 0)
+            return test_bin(value, &cdat->tag, &cdat->tag_len);
+    }
+
+    if (strcmp(keyword, "Operation") == 0) {
+        if (strcmp(value, "ENCRYPT") == 0)
+            cdat->enc = 1;
+        else if (strcmp(value, "DECRYPT") == 0)
+            cdat->enc = 0;
+        else
+            return 0;
+        return 1;
+    }
+    return 0;
+}
+
+static int cipher_test_enc(struct evp_test *t, int enc,
+                           size_t out_misalign, size_t inp_misalign, int frag)
+{
+    struct cipher_data *cdat = t->data;
+    unsigned char *in, *out, *tmp = NULL;
+    size_t in_len, out_len, donelen = 0;
+    int tmplen, chunklen, tmpflen;
+    EVP_CIPHER_CTX *ctx = NULL;
+    const char *err;
+    err = "INTERNAL_ERROR";
+    ctx = EVP_CIPHER_CTX_new();
+    if (!ctx)
+        goto err;
+    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+    if (enc) {
+        in = cdat->plaintext;
+        in_len = cdat->plaintext_len;
+        out = cdat->ciphertext;
+        out_len = cdat->ciphertext_len;
+    } else {
+        in = cdat->ciphertext;
+        in_len = cdat->ciphertext_len;
+        out = cdat->plaintext;
+        out_len = cdat->plaintext_len;
+    }
+    if (inp_misalign == (size_t)-1) {
+        /*
+         * Exercise in-place encryption
+         */
+        tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
+        if (!tmp)
+            goto err;
+        in = memcpy(tmp + out_misalign, in, in_len);
+    } else {
+        inp_misalign += 16 - ((out_misalign + in_len) & 15);
+        /*
+         * 'tmp' will store both output and copy of input. We make the copy
+         * of input to specifically aligned part of 'tmp'. So we just
+         * figured out how much padding would ensure the required alignment,
+         * now we allocate extended buffer and finally copy the input just
+         * past inp_misalign in expression below. Output will be written
+         * past out_misalign...
+         */
+        tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
+                             inp_misalign + in_len);
+        if (!tmp)
+            goto err;
+        in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
+                    inp_misalign, in, in_len);
+    }
+    err = "CIPHERINIT_ERROR";
+    if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc))
+        goto err;
+    err = "INVALID_IV_LENGTH";
+    if (cdat->iv) {
+        if (cdat->aead) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
+                                     cdat->iv_len, 0))
+                goto err;
+        } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
+            goto err;
+    }
+    if (cdat->aead) {
+        unsigned char *tag;
+        /*
+         * If encrypting or OCB just set tag length initially, otherwise
+         * set tag length and value.
+         */
+        if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
+            err = "TAG_LENGTH_SET_ERROR";
+            tag = NULL;
+        } else {
+            err = "TAG_SET_ERROR";
+            tag = cdat->tag;
+        }
+        if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                     cdat->tag_len, tag))
+                goto err;
+        }
+    }
+
+    err = "INVALID_KEY_LENGTH";
+    if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len))
+        goto err;
+    err = "KEY_SET_ERROR";
+    if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1))
+        goto err;
+
+    if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                 cdat->tag_len, cdat->tag)) {
+            err = "TAG_SET_ERROR";
+            goto err;
+        }
+    }
+
+    if (cdat->aead == EVP_CIPH_CCM_MODE) {
+        if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
+            err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
+            goto err;
+        }
+    }
+    if (cdat->aad) {
+        err = "AAD_SET_ERROR";
+        if (!frag) {
+            if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad,
+                                  cdat->aad_len))
+                goto err;
+        } else {
+            /*
+             * Supply the AAD in chunks less than the block size where possible
+             */
+            if (cdat->aad_len > 0) {
+                if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1))
+                    goto err;
+                donelen++;
+            }
+            if (cdat->aad_len > 2) {
+                if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen,
+                                      cdat->aad_len - 2))
+                    goto err;
+                donelen += cdat->aad_len - 2;
+            }
+            if (cdat->aad_len > 1
+                    && !EVP_CipherUpdate(ctx, NULL, &chunklen,
+                                         cdat->aad + donelen, 1))
+                goto err;
+        }
+    }
+    EVP_CIPHER_CTX_set_padding(ctx, 0);
+    err = "CIPHERUPDATE_ERROR";
+    tmplen = 0;
+    if (!frag) {
+        /* We supply the data all in one go */
+        if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
+            goto err;
+    } else {
+        /* Supply the data in chunks less than the block size where possible */
+        if (in_len > 0) {
+            if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
+                goto err;
+            tmplen += chunklen;
+            in++;
+            in_len--;
+        }
+        if (in_len > 1) {
+            if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
+                                  in, in_len - 1))
+                goto err;
+            tmplen += chunklen;
+            in += in_len - 1;
+            in_len = 1;
+        }
+        if (in_len > 0 ) {
+            if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
+                                  in, 1))
+                goto err;
+            tmplen += chunklen;
+        }
+    }
+    if (cdat->aead == EVP_CIPH_CCM_MODE)
+        tmpflen = 0;
+    else {
+        err = "CIPHERFINAL_ERROR";
+        if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen))
+            goto err;
+    }
+    err = "LENGTH_MISMATCH";
+    if (out_len != (size_t)(tmplen + tmpflen))
+        goto err;
+    err = "VALUE_MISMATCH";
+    if (check_output(t, out, tmp + out_misalign, out_len))
+        goto err;
+    if (enc && cdat->aead) {
+        unsigned char rtag[16];
+        if (cdat->tag_len > sizeof(rtag)) {
+            err = "TAG_LENGTH_INTERNAL_ERROR";
+            goto err;
+        }
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
+                                 cdat->tag_len, rtag)) {
+            err = "TAG_RETRIEVE_ERROR";
+            goto err;
+        }
+        if (check_output(t, cdat->tag, rtag, cdat->tag_len)) {
+            err = "TAG_VALUE_MISMATCH";
+            goto err;
+        }
+    }
+    err = NULL;
+ err:
+    OPENSSL_free(tmp);
+    EVP_CIPHER_CTX_free(ctx);
+    t->err = err;
+    return err ? 0 : 1;
+}
+
+static int cipher_test_run(struct evp_test *t)
+{
+    struct cipher_data *cdat = t->data;
+    int rv, frag = 0;
+    size_t out_misalign, inp_misalign;
+
+    if (!cdat->key) {
+        t->err = "NO_KEY";
+        return 0;
+    }
+    if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
+        /* IV is optional and usually omitted in wrap mode */
+        if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
+            t->err = "NO_IV";
+            return 0;
+        }
+    }
+    if (cdat->aead && !cdat->tag) {
+        t->err = "NO_TAG";
+        return 0;
+    }
+    for (out_misalign = 0; out_misalign <= 1;) {
+        static char aux_err[64];
+        t->aux_err = aux_err;
+        for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
+            if (inp_misalign == (size_t)-1) {
+                /* kludge: inp_misalign == -1 means "exercise in-place" */
+                BIO_snprintf(aux_err, sizeof(aux_err),
+                             "%s in-place, %sfragmented",
+                             out_misalign ? "misaligned" : "aligned",
+                             frag ? "" : "not ");
+            } else {
+                BIO_snprintf(aux_err, sizeof(aux_err),
+                             "%s output and %s input, %sfragmented",
+                             out_misalign ? "misaligned" : "aligned",
+                             inp_misalign ? "misaligned" : "aligned",
+                             frag ? "" : "not ");
+            }
+            if (cdat->enc) {
+                rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
+                /* Not fatal errors: return */
+                if (rv != 1) {
+                    if (rv < 0)
+                        return 0;
+                    return 1;
+                }
+            }
+            if (cdat->enc != 1) {
+                rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
+                /* Not fatal errors: return */
+                if (rv != 1) {
+                    if (rv < 0)
+                        return 0;
+                    return 1;
+                }
+            }
+        }
+
+        if (out_misalign == 1 && frag == 0) {
+            /*
+             * XTS, CCM and Wrap modes have special requirements about input
+             * lengths so we don't fragment for those
+             */
+            if (cdat->aead == EVP_CIPH_CCM_MODE
+                    || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
+                     || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
+                break;
+            out_misalign = 0;
+            frag++;
+        } else {
+            out_misalign++;
+        }
+    }
+    t->aux_err = NULL;
+
+    return 1;
+}
+
+static const struct evp_test_method cipher_test_method = {
+    "Cipher",
+    cipher_test_init,
+    cipher_test_cleanup,
+    cipher_test_parse,
+    cipher_test_run
+};
+
+struct mac_data {
+    /* MAC type */
+    int type;
+    /* Algorithm string for this MAC */
+    char *alg;
+    /* MAC key */
+    unsigned char *key;
+    size_t key_len;
+    /* Input to MAC */
+    unsigned char *input;
+    size_t input_len;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+};
+
+static int mac_test_init(struct evp_test *t, const char *alg)
+{
+    int type;
+    struct mac_data *mdat;
+    if (strcmp(alg, "HMAC") == 0) {
+        type = EVP_PKEY_HMAC;
+    } else if (strcmp(alg, "CMAC") == 0) {
+#ifndef OPENSSL_NO_CMAC
+        type = EVP_PKEY_CMAC;
+#else
+        t->skip = 1;
+        return 1;
+#endif
+    } else
+        return 0;
+
+    mdat = OPENSSL_malloc(sizeof(*mdat));
+    mdat->type = type;
+    mdat->alg = NULL;
+    mdat->key = NULL;
+    mdat->input = NULL;
+    mdat->output = NULL;
+    t->data = mdat;
+    return 1;
+}
+
+static void mac_test_cleanup(struct evp_test *t)
+{
+    struct mac_data *mdat = t->data;
+    test_free(mdat->alg);
+    test_free(mdat->key);
+    test_free(mdat->input);
+    test_free(mdat->output);
+}
+
+static int mac_test_parse(struct evp_test *t,
+                          const char *keyword, const char *value)
+{
+    struct mac_data *mdata = t->data;
+    if (strcmp(keyword, "Key") == 0)
+        return test_bin(value, &mdata->key, &mdata->key_len);
+    if (strcmp(keyword, "Algorithm") == 0) {
+        mdata->alg = OPENSSL_strdup(value);
+        if (!mdata->alg)
+            return 0;
+        return 1;
+    }
+    if (strcmp(keyword, "Input") == 0)
+        return test_bin(value, &mdata->input, &mdata->input_len);
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &mdata->output, &mdata->output_len);
+    return 0;
+}
+
+static int mac_test_run(struct evp_test *t)
+{
+    struct mac_data *mdata = t->data;
+    const char *err = "INTERNAL_ERROR";
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
+    EVP_PKEY *key = NULL;
+    const EVP_MD *md = NULL;
+    unsigned char *mac = NULL;
+    size_t mac_len;
+
+#ifdef OPENSSL_NO_DES
+    if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) {
+        /* Skip DES */
+        err = NULL;
+        goto err;
+    }
+#endif
+
+    err = "MAC_PKEY_CTX_ERROR";
+    genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
+    if (!genctx)
+        goto err;
+
+    err = "MAC_KEYGEN_INIT_ERROR";
+    if (EVP_PKEY_keygen_init(genctx) <= 0)
+        goto err;
+    if (mdata->type == EVP_PKEY_CMAC) {
+        err = "MAC_ALGORITHM_SET_ERROR";
+        if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0)
+            goto err;
+    }
+
+    err = "MAC_KEY_SET_ERROR";
+    if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0)
+        goto err;
+
+    err = "MAC_KEY_GENERATE_ERROR";
+    if (EVP_PKEY_keygen(genctx, &key) <= 0)
+        goto err;
+    if (mdata->type == EVP_PKEY_HMAC) {
+        err = "MAC_ALGORITHM_SET_ERROR";
+        md = EVP_get_digestbyname(mdata->alg);
+        if (!md)
+            goto err;
+    }
+    mctx = EVP_MD_CTX_new();
+    if (!mctx)
+        goto err;
+    err = "DIGESTSIGNINIT_ERROR";
+    if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key))
+        goto err;
+
+    err = "DIGESTSIGNUPDATE_ERROR";
+    if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len))
+        goto err;
+    err = "DIGESTSIGNFINAL_LENGTH_ERROR";
+    if (!EVP_DigestSignFinal(mctx, NULL, &mac_len))
+        goto err;
+    mac = OPENSSL_malloc(mac_len);
+    if (!mac) {
+        fprintf(stderr, "Error allocating mac buffer!\n");
+        exit(1);
+    }
+    if (!EVP_DigestSignFinal(mctx, mac, &mac_len))
+        goto err;
+    err = "MAC_LENGTH_MISMATCH";
+    if (mac_len != mdata->output_len)
+        goto err;
+    err = "MAC_MISMATCH";
+    if (check_output(t, mdata->output, mac, mac_len))
+        goto err;
+    err = NULL;
+ err:
+    EVP_MD_CTX_free(mctx);
+    OPENSSL_free(mac);
+    EVP_PKEY_CTX_free(genctx);
+    EVP_PKEY_free(key);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method mac_test_method = {
+    "MAC",
+    mac_test_init,
+    mac_test_cleanup,
+    mac_test_parse,
+    mac_test_run
+};
+
+/*
+ * Public key operations. These are all very similar and can share
+ * a lot of common code.
+ */
+
+struct pkey_data {
+    /* Context for this operation */
+    EVP_PKEY_CTX *ctx;
+    /* Key operation to perform */
+    int (*keyop) (EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+    /* Input to MAC */
+    unsigned char *input;
+    size_t input_len;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+};
+
+/*
+ * Perform public key operation setup: lookup key, allocated ctx and call
+ * the appropriate initialisation function
+ */
+static int pkey_test_init(struct evp_test *t, const char *name,
+                          int use_public,
+                          int (*keyopinit) (EVP_PKEY_CTX *ctx),
+                          int (*keyop) (EVP_PKEY_CTX *ctx,
+                                        unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs,
+                                        size_t tbslen)
+    )
+{
+    struct pkey_data *kdata;
+    EVP_PKEY *pkey = NULL;
+    int rv = 0;
+    if (use_public)
+        rv = find_key(&pkey, name, t->public);
+    if (!rv)
+        rv = find_key(&pkey, name, t->private);
+    if (!rv || pkey == NULL) {
+        t->skip = 1;
+        return 1;
+    }
+
+    kdata = OPENSSL_malloc(sizeof(*kdata));
+    if (!kdata) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+    kdata->ctx = NULL;
+    kdata->input = NULL;
+    kdata->output = NULL;
+    kdata->keyop = keyop;
+    t->data = kdata;
+    kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!kdata->ctx)
+        return 0;
+    if (keyopinit(kdata->ctx) <= 0)
+        t->err = "KEYOP_INIT_ERROR";
+    return 1;
+}
+
+static void pkey_test_cleanup(struct evp_test *t)
+{
+    struct pkey_data *kdata = t->data;
+
+    OPENSSL_free(kdata->input);
+    OPENSSL_free(kdata->output);
+    EVP_PKEY_CTX_free(kdata->ctx);
+}
+
+static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx,
+                          const char *value)
+{
+    int rv;
+    char *p, *tmpval;
+
+    tmpval = OPENSSL_strdup(value);
+    if (tmpval == NULL)
+        return 0;
+    p = strchr(tmpval, ':');
+    if (p != NULL)
+        *p++ = 0;
+    rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+    if (rv == -2) {
+        t->err = "PKEY_CTRL_INVALID";
+        rv = 1;
+    } else if (p != NULL && rv <= 0) {
+        /* If p has an OID and lookup fails assume disabled algorithm */
+        int nid = OBJ_sn2nid(p);
+        if (nid == NID_undef)
+             nid = OBJ_ln2nid(p);
+        if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL &&
+            EVP_get_cipherbynid(nid) == NULL) {
+            t->skip = 1;
+            rv = 1;
+        } else {
+            t->err = "PKEY_CTRL_ERROR";
+            rv = 1;
+        }
+    }
+    OPENSSL_free(tmpval);
+    return rv > 0;
+}
+
+static int pkey_test_parse(struct evp_test *t,
+                           const char *keyword, const char *value)
+{
+    struct pkey_data *kdata = t->data;
+    if (strcmp(keyword, "Input") == 0)
+        return test_bin(value, &kdata->input, &kdata->input_len);
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &kdata->output, &kdata->output_len);
+    if (strcmp(keyword, "Ctrl") == 0)
+        return pkey_test_ctrl(t, kdata->ctx, value);
+    return 0;
+}
+
+static int pkey_test_run(struct evp_test *t)
+{
+    struct pkey_data *kdata = t->data;
+    unsigned char *out = NULL;
+    size_t out_len;
+    const char *err = "KEYOP_LENGTH_ERROR";
+    if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,
+                     kdata->input_len) <= 0)
+        goto err;
+    out = OPENSSL_malloc(out_len);
+    if (!out) {
+        fprintf(stderr, "Error allocating output buffer!\n");
+        exit(1);
+    }
+    err = "KEYOP_ERROR";
+    if (kdata->keyop
+        (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0)
+        goto err;
+    err = "KEYOP_LENGTH_MISMATCH";
+    if (out_len != kdata->output_len)
+        goto err;
+    err = "KEYOP_MISMATCH";
+    if (check_output(t, kdata->output, out, out_len))
+        goto err;
+    err = NULL;
+ err:
+    OPENSSL_free(out);
+    t->err = err;
+    return 1;
+}
+
+static int sign_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
+}
+
+static const struct evp_test_method psign_test_method = {
+    "Sign",
+    sign_test_init,
+    pkey_test_cleanup,
+    pkey_test_parse,
+    pkey_test_run
+};
+
+static int verify_recover_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
+                          EVP_PKEY_verify_recover);
+}
+
+static const struct evp_test_method pverify_recover_test_method = {
+    "VerifyRecover",
+    verify_recover_test_init,
+    pkey_test_cleanup,
+    pkey_test_parse,
+    pkey_test_run
+};
+
+static int decrypt_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
+                          EVP_PKEY_decrypt);
+}
+
+static const struct evp_test_method pdecrypt_test_method = {
+    "Decrypt",
+    decrypt_test_init,
+    pkey_test_cleanup,
+    pkey_test_parse,
+    pkey_test_run
+};
+
+static int verify_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
+}
+
+static int verify_test_run(struct evp_test *t)
+{
+    struct pkey_data *kdata = t->data;
+    if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
+                        kdata->input, kdata->input_len) <= 0)
+        t->err = "VERIFY_ERROR";
+    return 1;
+}
+
+static const struct evp_test_method pverify_test_method = {
+    "Verify",
+    verify_test_init,
+    pkey_test_cleanup,
+    pkey_test_parse,
+    verify_test_run
+};
+
+
+static int pderive_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
+}
+
+static int pderive_test_parse(struct evp_test *t,
+                              const char *keyword, const char *value)
+{
+    struct pkey_data *kdata = t->data;
+
+    if (strcmp(keyword, "PeerKey") == 0) {
+        EVP_PKEY *peer;
+        if (find_key(&peer, value, t->public) == 0)
+            return 0;
+        if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
+            return 0;
+        return 1;
+    }
+    if (strcmp(keyword, "SharedSecret") == 0)
+        return test_bin(value, &kdata->output, &kdata->output_len);
+    if (strcmp(keyword, "Ctrl") == 0)
+        return pkey_test_ctrl(t, kdata->ctx, value);
+    return 0;
+}
+
+static int pderive_test_run(struct evp_test *t)
+{
+    struct pkey_data *kdata = t->data;
+    unsigned char *out = NULL;
+    size_t out_len;
+    const char *err = "INTERNAL_ERROR";
+
+    out_len = kdata->output_len;
+    out = OPENSSL_malloc(out_len);
+    if (!out) {
+        fprintf(stderr, "Error allocating output buffer!\n");
+        exit(1);
+    }
+    err = "DERIVE_ERROR";
+    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
+        goto err;
+    err = "SHARED_SECRET_LENGTH_MISMATCH";
+    if (out_len != kdata->output_len)
+        goto err;
+    err = "SHARED_SECRET_MISMATCH";
+    if (check_output(t, kdata->output, out, out_len))
+        goto err;
+    err = NULL;
+ err:
+    OPENSSL_free(out);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method pderive_test_method = {
+    "Derive",
+    pderive_test_init,
+    pkey_test_cleanup,
+    pderive_test_parse,
+    pderive_test_run
+};
+
+/* PBE tests */
+
+#define PBE_TYPE_SCRYPT 1
+#define PBE_TYPE_PBKDF2 2
+#define PBE_TYPE_PKCS12 3
+
+struct pbe_data {
+
+    int pbe_type;
+
+    /* scrypt parameters */
+    uint64_t N, r, p, maxmem;
+
+    /* PKCS#12 parameters */
+    int id, iter;
+    const EVP_MD *md;
+
+    /* password */
+    unsigned char *pass;
+    size_t pass_len;
+
+    /* salt */
+    unsigned char *salt;
+    size_t salt_len;
+
+    /* Expected output */
+    unsigned char *key;
+    size_t key_len;
+};
+
+#ifndef OPENSSL_NO_SCRYPT
+static int scrypt_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct pbe_data *pdata = t->data;
+
+    if (strcmp(keyword, "N") == 0)
+        return test_uint64(value, &pdata->N);
+    if (strcmp(keyword, "p") == 0)
+        return test_uint64(value, &pdata->p);
+    if (strcmp(keyword, "r") == 0)
+        return test_uint64(value, &pdata->r);
+    if (strcmp(keyword, "maxmem") == 0)
+        return test_uint64(value, &pdata->maxmem);
+    return 0;
+}
+#endif
+
+static int pbkdf2_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct pbe_data *pdata = t->data;
+
+    if (strcmp(keyword, "iter") == 0) {
+        pdata->iter = atoi(value);
+        if (pdata->iter <= 0)
+            return 0;
+        return 1;
+    }
+    if (strcmp(keyword, "MD") == 0) {
+        pdata->md = EVP_get_digestbyname(value);
+        if (pdata->md == NULL)
+            return 0;
+        return 1;
+    }
+    return 0;
+}
+
+static int pkcs12_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct pbe_data *pdata = t->data;
+
+    if (strcmp(keyword, "id") == 0) {
+        pdata->id = atoi(value);
+        if (pdata->id <= 0)
+            return 0;
+        return 1;
+    }
+    return pbkdf2_test_parse(t, keyword, value);
+}
+
+static int pbe_test_init(struct evp_test *t, const char *alg)
+{
+    struct pbe_data *pdat;
+    int pbe_type = 0;
+
+    if (strcmp(alg, "scrypt") == 0) {
+#ifndef OPENSSL_NO_SCRYPT
+        pbe_type = PBE_TYPE_SCRYPT;
+#else
+        t->skip = 1;
+        return 1;
+#endif
+    } else if (strcmp(alg, "pbkdf2") == 0) {
+        pbe_type = PBE_TYPE_PBKDF2;
+    } else if (strcmp(alg, "pkcs12") == 0) {
+        pbe_type = PBE_TYPE_PKCS12;
+    } else {
+        fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
+    }
+    pdat = OPENSSL_malloc(sizeof(*pdat));
+    pdat->pbe_type = pbe_type;
+    pdat->pass = NULL;
+    pdat->salt = NULL;
+    pdat->N = 0;
+    pdat->r = 0;
+    pdat->p = 0;
+    pdat->maxmem = 0;
+    pdat->id = 0;
+    pdat->iter = 0;
+    pdat->md = NULL;
+    t->data = pdat;
+    return 1;
+}
+
+static void pbe_test_cleanup(struct evp_test *t)
+{
+    struct pbe_data *pdat = t->data;
+    test_free(pdat->pass);
+    test_free(pdat->salt);
+    test_free(pdat->key);
+}
+
+static int pbe_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct pbe_data *pdata = t->data;
+
+    if (strcmp(keyword, "Password") == 0)
+        return test_bin(value, &pdata->pass, &pdata->pass_len);
+    if (strcmp(keyword, "Salt") == 0)
+        return test_bin(value, &pdata->salt, &pdata->salt_len);
+    if (strcmp(keyword, "Key") == 0)
+        return test_bin(value, &pdata->key, &pdata->key_len);
+    if (pdata->pbe_type == PBE_TYPE_PBKDF2)
+        return pbkdf2_test_parse(t, keyword, value);
+    else if (pdata->pbe_type == PBE_TYPE_PKCS12)
+        return pkcs12_test_parse(t, keyword, value);
+#ifndef OPENSSL_NO_SCRYPT
+    else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
+        return scrypt_test_parse(t, keyword, value);
+#endif
+    return 0;
+}
+
+static int pbe_test_run(struct evp_test *t)
+{
+    struct pbe_data *pdata = t->data;
+    const char *err = "INTERNAL_ERROR";
+    unsigned char *key;
+
+    key = OPENSSL_malloc(pdata->key_len);
+    if (!key)
+        goto err;
+    if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
+        err = "PBKDF2_ERROR";
+        if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
+                              pdata->salt, pdata->salt_len,
+                              pdata->iter, pdata->md,
+                              pdata->key_len, key) == 0)
+            goto err;
+#ifndef OPENSSL_NO_SCRYPT
+    } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
+        err = "SCRYPT_ERROR";
+        if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
+                           pdata->salt, pdata->salt_len,
+                           pdata->N, pdata->r, pdata->p, pdata->maxmem,
+                           key, pdata->key_len) == 0)
+            goto err;
+#endif
+    } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
+        err = "PKCS12_ERROR";
+        if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
+                               pdata->salt, pdata->salt_len,
+                               pdata->id, pdata->iter, pdata->key_len,
+                               key, pdata->md) == 0)
+            goto err;
+    }
+    err = "KEY_MISMATCH";
+    if (check_output(t, pdata->key, key, pdata->key_len))
+        goto err;
+    err = NULL;
+    err:
+    OPENSSL_free(key);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method pbe_test_method = {
+    "PBE",
+    pbe_test_init,
+    pbe_test_cleanup,
+    pbe_test_parse,
+    pbe_test_run
+};
+
+/* Base64 tests */
+
+typedef enum {
+    BASE64_CANONICAL_ENCODING = 0,
+    BASE64_VALID_ENCODING = 1,
+    BASE64_INVALID_ENCODING = 2
+} base64_encoding_type;
+
+struct encode_data {
+    /* Input to encoding */
+    unsigned char *input;
+    size_t input_len;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+    base64_encoding_type encoding;
+};
+
+static int encode_test_init(struct evp_test *t, const char *encoding)
+{
+    struct encode_data *edata = OPENSSL_zalloc(sizeof(*edata));
+
+    if (strcmp(encoding, "canonical") == 0) {
+        edata->encoding = BASE64_CANONICAL_ENCODING;
+    } else if (strcmp(encoding, "valid") == 0) {
+        edata->encoding = BASE64_VALID_ENCODING;
+    } else if (strcmp(encoding, "invalid") == 0) {
+        edata->encoding = BASE64_INVALID_ENCODING;
+        t->expected_err = OPENSSL_strdup("DECODE_ERROR");
+        if (t->expected_err == NULL)
+            return 0;
+    } else {
+        fprintf(stderr, "Bad encoding: %s. Should be one of "
+                "{canonical, valid, invalid}\n", encoding);
+        return 0;
+    }
+    t->data = edata;
+    return 1;
+}
+
+static void encode_test_cleanup(struct evp_test *t)
+{
+    struct encode_data *edata = t->data;
+    test_free(edata->input);
+    test_free(edata->output);
+    memset(edata, 0, sizeof(*edata));
+}
+
+static int encode_test_parse(struct evp_test *t,
+                             const char *keyword, const char *value)
+{
+    struct encode_data *edata = t->data;
+    if (strcmp(keyword, "Input") == 0)
+        return test_bin(value, &edata->input, &edata->input_len);
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &edata->output, &edata->output_len);
+    return 0;
+}
+
+static int encode_test_run(struct evp_test *t)
+{
+    struct encode_data *edata = t->data;
+    unsigned char *encode_out = NULL, *decode_out = NULL;
+    int output_len, chunk_len;
+    const char *err = "INTERNAL_ERROR";
+    EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new();
+
+    if (decode_ctx == NULL)
+        goto err;
+
+    if (edata->encoding == BASE64_CANONICAL_ENCODING) {
+        EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new();
+        if (encode_ctx == NULL)
+            goto err;
+        encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len));
+        if (encode_out == NULL)
+            goto err;
+
+        EVP_EncodeInit(encode_ctx);
+        EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
+                         edata->input, edata->input_len);
+        output_len = chunk_len;
+
+        EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
+        output_len += chunk_len;
+
+        EVP_ENCODE_CTX_free(encode_ctx);
+
+        if (check_var_length_output(t, edata->output, edata->output_len,
+                                    encode_out, output_len)) {
+            err = "BAD_ENCODING";
+            goto err;
+        }
+    }
+
+    decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len));
+    if (decode_out == NULL)
+        goto err;
+
+    EVP_DecodeInit(decode_ctx);
+    if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
+                         edata->output_len) < 0) {
+        err = "DECODE_ERROR";
+        goto err;
+    }
+    output_len = chunk_len;
+
+    if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
+        err = "DECODE_ERROR";
+        goto err;
+    }
+    output_len += chunk_len;
+
+    if (edata->encoding != BASE64_INVALID_ENCODING &&
+        check_var_length_output(t, edata->input, edata->input_len,
+                                decode_out, output_len)) {
+        err = "BAD_DECODING";
+        goto err;
+    }
+
+    err = NULL;
+ err:
+    t->err = err;
+    OPENSSL_free(encode_out);
+    OPENSSL_free(decode_out);
+    EVP_ENCODE_CTX_free(decode_ctx);
+    return 1;
+}
+
+static const struct evp_test_method encode_test_method = {
+    "Encoding",
+    encode_test_init,
+    encode_test_cleanup,
+    encode_test_parse,
+    encode_test_run,
+};
+
+/* KDF operations */
+
+struct kdf_data {
+    /* Context for this operation */
+    EVP_PKEY_CTX *ctx;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+};
+
+/*
+ * Perform public key operation setup: lookup key, allocated ctx and call
+ * the appropriate initialisation function
+ */
+static int kdf_test_init(struct evp_test *t, const char *name)
+{
+    struct kdf_data *kdata;
+
+    kdata = OPENSSL_malloc(sizeof(*kdata));
+    if (kdata == NULL)
+        return 0;
+    kdata->ctx = NULL;
+    kdata->output = NULL;
+    t->data = kdata;
+    kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
+    if (kdata->ctx == NULL)
+        return 0;
+    if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
+        return 0;
+    return 1;
+}
+
+static void kdf_test_cleanup(struct evp_test *t)
+{
+    struct kdf_data *kdata = t->data;
+    OPENSSL_free(kdata->output);
+    EVP_PKEY_CTX_free(kdata->ctx);
+}
+
+static int kdf_test_parse(struct evp_test *t,
+                          const char *keyword, const char *value)
+{
+    struct kdf_data *kdata = t->data;
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &kdata->output, &kdata->output_len);
+    if (strncmp(keyword, "Ctrl", 4) == 0)
+        return pkey_test_ctrl(t, kdata->ctx, value);
+    return 0;
+}
+
+static int kdf_test_run(struct evp_test *t)
+{
+    struct kdf_data *kdata = t->data;
+    unsigned char *out = NULL;
+    size_t out_len = kdata->output_len;
+    const char *err = "INTERNAL_ERROR";
+    out = OPENSSL_malloc(out_len);
+    if (!out) {
+        fprintf(stderr, "Error allocating output buffer!\n");
+        exit(1);
+    }
+    err = "KDF_DERIVE_ERROR";
+    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
+        goto err;
+    err = "KDF_LENGTH_MISMATCH";
+    if (out_len != kdata->output_len)
+        goto err;
+    err = "KDF_MISMATCH";
+    if (check_output(t, kdata->output, out, out_len))
+        goto err;
+    err = NULL;
+ err:
+    OPENSSL_free(out);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method kdf_test_method = {
+    "KDF",
+    kdf_test_init,
+    kdf_test_cleanup,
+    kdf_test_parse,
+    kdf_test_run
+};
+
+struct keypair_test_data {
+    EVP_PKEY *privk;
+    EVP_PKEY *pubk;
+};
+
+static int keypair_test_init(struct evp_test *t, const char *pair)
+{
+    int rv = 0;
+    EVP_PKEY *pk = NULL, *pubk = NULL;
+    char *pub, *priv = NULL;
+    const char *err = "INTERNAL_ERROR";
+    struct keypair_test_data *data;
+
+    priv = OPENSSL_strdup(pair);
+    if (priv == NULL)
+        return 0;
+    pub = strchr(priv, ':');
+    if ( pub == NULL ) {
+        fprintf(stderr, "Wrong syntax \"%s\"\n", pair);
+        goto end;
+    }
+    *pub++ = 0; /* split priv and pub strings */
+
+    if (find_key(&pk, priv, t->private) == 0) {
+        fprintf(stderr, "Cannot find private key: %s\n", priv);
+        err = "MISSING_PRIVATE_KEY";
+        goto end;
+    }
+    if (find_key(&pubk, pub, t->public) == 0) {
+        fprintf(stderr, "Cannot find public key: %s\n", pub);
+        err = "MISSING_PUBLIC_KEY";
+        goto end;
+    }
+
+    if (pk == NULL && pubk == NULL) {
+        /* Both keys are listed but unsupported: skip this test */
+        t->skip = 1;
+        rv = 1;
+        goto end;
+    }
+
+    data = OPENSSL_malloc(sizeof(*data));
+    if (data == NULL )
+        goto end;
+
+    data->privk = pk;
+    data->pubk = pubk;
+    t->data = data;
+
+    rv = 1;
+    err = NULL;
+
+end:
+    if (priv)
+        OPENSSL_free(priv);
+    t->err = err;
+    return rv;
+}
+
+static void keypair_test_cleanup(struct evp_test *t)
+{
+    struct keypair_test_data *data = t->data;
+    t->data = NULL;
+    if (data)
+        test_free(data);
+    return;
+}
+
+/* For test that do not accept any custom keyword:
+ *      return 0 if called
+ */
+static int void_test_parse(struct evp_test *t, const char *keyword, const char *value)
+{
+    return 0;
+}
+
+static int keypair_test_run(struct evp_test *t)
+{
+    int rv = 0;
+    const struct keypair_test_data *pair = t->data;
+    const char *err = "INTERNAL_ERROR";
+
+    if (pair == NULL)
+        goto end;
+
+    if (pair->privk == NULL || pair->pubk == NULL) {
+        /* this can only happen if only one of the keys is not set
+         * which means that one of them was unsupported while the
+         * other isn't: hence a key type mismatch.
+         */
+        err = "KEYPAIR_TYPE_MISMATCH";
+        rv = 1;
+        goto end;
+    }
+
+    if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) {
+        if ( 0 == rv ) {
+            err = "KEYPAIR_MISMATCH";
+        } else if ( -1 == rv ) {
+            err = "KEYPAIR_TYPE_MISMATCH";
+        } else if ( -2 == rv ) {
+            err = "UNSUPPORTED_KEY_COMPARISON";
+        } else {
+            fprintf(stderr, "Unexpected error in key comparison\n");
+            rv = 0;
+            goto end;
+        }
+        rv = 1;
+        goto end;
+    }
+
+    rv = 1;
+    err = NULL;
+
+end:
+    t->err = err;
+    return rv;
+}
+
+static const struct evp_test_method keypair_test_method = {
+    "PrivPubKeyPair",
+    keypair_test_init,
+    keypair_test_cleanup,
+    void_test_parse,
+    keypair_test_run
+};
+
diff --git a/openssl-1.1.0h/test/evptests.txt b/openssl-1.1.0h/test/evptests.txt
new file mode 100644
index 0000000..fd8d98d
--- /dev/null
+++ b/openssl-1.1.0h/test/evptests.txt
@@ -0,0 +1,19244 @@
+#
+# Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt)
+#digest:::input:output
+
+# BLAKE2 tests, using same inputs as MD5
+# There are no official BLAKE2 test vectors we can use since they all use a key
+# Which is currently unsupported by OpenSSL.  They were generated using the
+# reference implementation.  RFC7693 also mentions the 616263 / "abc" values.
+Digest = BLAKE2s256
+Input = 
+Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9
+
+Digest = BLAKE2s256
+Input = 61
+Output = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90
+
+Digest = BLAKE2s256
+Input = 616263
+Output = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982
+
+Digest = BLAKE2s256
+Input = 6d65737361676520646967657374
+Output = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c
+
+Digest = BLAKE2s256
+Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
+Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12
+
+Digest = BLAKE2s256
+Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
+Output = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b
+
+Digest = BLAKE2s256
+Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
+Output = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66
+
+Digest = BLAKE2s256
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = 1FA877DE67259D19863A2A34BCC6962A2B25FCBF5CBECD7EDE8F1FA36688A796
+
+Digest = BLAKE2s256
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
+Output = C80ABEEBB669AD5DEEB5F5EC8EA6B7A05DDF7D31EC4C0A2EE20B0B98CAEC6746
+
+Digest = BLAKE2b512
+Input = 
+Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce
+
+Digest = BLAKE2b512
+Input = 61
+Output = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c
+
+Digest = BLAKE2b512
+Input = 616263
+Output = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923
+
+Digest = BLAKE2b512
+Input = 6d65737361676520646967657374
+Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a
+
+Digest = BLAKE2b512
+Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
+Output = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c
+
+Digest = BLAKE2b512
+Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
+Output = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50
+
+Digest = BLAKE2b512
+Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
+Output = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282
+
+Digest = BLAKE2b512
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = 2319E3789C47E2DAA5FE807F61BEC2A1A6537FA03F19FF32E87EECBFD64B7E0E8CCFF439AC333B040F19B0C4DDD11A61E24AC1FE0F10A039806C5DCC0DA3D115
+
+Digest = BLAKE2b512
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
+Output = DF0A9D0C212843A6A934E3902B2DD30D17FBA5F969D2030B12A546D8A6A45E80CF5635F071F0452E9C919275DA99BED51EB1173C1AF0518726B75B0EC3BAE2B5
+
+# SHA(1) tests (from shatest.c)
+Digest = SHA1
+Input = 616263
+Output = a9993e364706816aba3e25717850c26c9cd0d89d
+
+
+# MD5 tests (from md5test.c)
+Digest = MD5
+Input =
+Output = d41d8cd98f00b204e9800998ecf8427e
+
+Digest = MD5
+Input = 61
+Output = 0cc175b9c0f1b6a831c399e269772661
+
+Digest = MD5
+Input = 616263
+Output = 900150983cd24fb0d6963f7d28e17f72
+
+Digest = MD5
+Input = 6d65737361676520646967657374
+Output = f96b697d7cb7938d525a2f31aaf161d0
+
+Digest = MD5
+Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a
+Output = c3fcd3d76192e4007dfb496cca67e13b
+
+Digest = MD5
+Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
+Output = d174ab98d277d9f5a5611c2c9f419d9f
+
+Digest = MD5
+Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
+Output = 57edf4a22be3c955ac49da2e2107b67a
+
+# MD4 tests from md4test.c
+Digest = MD4
+Input = ""
+Output = 31d6cfe0d16ae931b73c59d7e0c089c0
+
+Digest = MD4
+Input = "a"
+Output = bde52cb31de33e46245e05fbdbd6fb24
+
+Digest = MD4
+Input = "abc"
+Output = a448017aaf21d8525fc10ae87aa6729d
+
+Digest = MD4
+Input = "message digest"
+Output = d9130a8164549fe818874806e1c7014b
+
+Digest = MD4
+Input = "abcdefghijklmnopqrstuvwxyz"
+Output = d79e1c308aa5bbcdeea8ed63df412da9
+
+Digest = MD4
+Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+Output = 043f8582f241db351ce627e153e7f0e4
+
+Digest = MD4
+Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+Output = e33b4ddc9c38f2199c3e7b164fcc0536
+
+# RIPEMD160 tests from rmdtest.c
+Digest = RIPEMD160
+Input = ""
+Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31
+
+Digest = RIPEMD160
+Input = "a"
+Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+
+Digest = RIPEMD160
+Input = "abc"
+Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+
+Digest = RIPEMD160
+Input = "message digest"
+Output = 5d0689ef49d2fae572b881b123a85ffa21595f36
+
+Digest = RIPEMD160
+Input = "abcdefghijklmnopqrstuvwxyz"
+Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+
+Digest = RIPEMD160
+Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b
+
+Digest = RIPEMD160
+Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+Output = b0e20b6e3116640286ed3a87a5713079b21f5189
+
+Digest = RIPEMD160
+Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb
+
+# whirlpool tests from wp_test.c
+Digest = whirlpool
+Input = ""
+Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3
+
+Digest = whirlpool
+Input = "a"
+Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A
+
+Digest = whirlpool
+Input = "abc"
+Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5
+
+Digest = whirlpool
+Input = "message digest"
+Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E
+
+Digest = whirlpool
+Input = "abcdefghijklmnopqrstuvwxyz"
+Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B
+
+Digest = whirlpool
+Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467
+
+Digest = whirlpool
+Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B
+
+Digest = whirlpool
+Input = "abcdbcdecdefdefgefghfghighijhijk"
+Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD
+
+Digest = whirlpool
+Input = "aaaaaaaaaa"
+Count = 100000
+Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01
+
+# DES EDE3 CFB1
+# echo -n "Hello World" |
+#  apps/openssl enc -des-ede3-cfb1 \
+#   -K 000102030405060708090A0B0C0D0E0F1011121314151617 -iv 0001020304050607 |
+#  xxd -ps -u
+
+Cipher = DES-EDE3-CFB1
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+IV = 0001020304050607
+Plaintext = "Hello World"
+Ciphertext = 3CF55D656E9C0664513358
+
+Cipher = DES-EDE3-CFB1
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+IV = 0001020304050607
+Operation = DECRYPT
+Plaintext = "Hello World"
+Ciphertext = 3CF55D656E9C0664513358
+
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+
+Cipher = AES-128-ECB
+Key = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A
+
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+
+Cipher = AES-192-ECB
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191
+
+
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+
+Cipher = AES-256-ECB
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 8EA2B7CA516745BFEAFC49904B496089
+
+
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+Cipher = AES-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97
+
+Cipher = AES-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = F5D3D58503B9699DE785895A96FDBAAF
+
+Cipher = AES-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 43B1CD7F598ECE23881B00E3ED030688
+
+Cipher = AES-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 7B0C785E27E8AD3F8223207104725DD4
+
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt
+Cipher = AES-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = BD334F1D6E45F25FF712A214571FA5CC
+
+Cipher = AES-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF
+
+Cipher = AES-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = EF7AFD2270E2E60ADCE0BA2FACE6444E
+
+Cipher = AES-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E
+
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt
+Cipher = AES-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8
+
+Cipher = AES-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 591CCB10D410ED26DC5BA74A31362870
+
+Cipher = AES-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = B6ED21B99CA6F4F9F153E7B1BEAFED1D
+
+Cipher = AES-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7
+
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt
+Cipher = AES-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 7649ABAC8119B246CEE98E9B12E9197D
+
+Cipher = AES-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 7649ABAC8119B246CEE98E9B12E9197D
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 5086CB9B507219EE95DB113A917678B2
+
+Cipher = AES-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 5086CB9B507219EE95DB113A917678B2
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 73BED6B8E3C1743B7116E69E22229516
+
+Cipher = AES-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 73BED6B8E3C1743B7116E69E22229516
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7
+
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt
+Cipher = AES-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 4F021DB243BC633D7178183A9FA071E8
+
+Cipher = AES-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 4F021DB243BC633D7178183A9FA071E8
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = B4D9ADA9AD7DEDF4E5E738763F69145A
+
+Cipher = AES-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = B4D9ADA9AD7DEDF4E5E738763F69145A
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 571B242012FB7AE07FA9BAAC3DF102E0
+
+Cipher = AES-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 571B242012FB7AE07FA9BAAC3DF102E0
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 08B0E27988598881D920A9E64F5615CD
+
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt
+Cipher = AES-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = F58C4C04D6E5F1BA779EABFB5F7BFBD6
+
+Cipher = AES-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = F58C4C04D6E5F1BA779EABFB5F7BFBD6
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 9CFC4E967EDB808D679F777BC6702C7D
+
+Cipher = AES-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 9CFC4E967EDB808D679F777BC6702C7D
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 39F23369A9D9BACFA530E26304231461
+
+Cipher = AES-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 39F23369A9D9BACFA530E26304231461
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B
+
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 3B3FD92EB72DAD20333449F8E83CFB4A
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 26751F67A3CBB140B1808CF187A4F4DF
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6
+
+# CFB128-AES128.Decrypt
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 3B3FD92EB72DAD20333449F8E83CFB4A
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF
+
+Cipher = AES-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 26751F67A3CBB140B1808CF187A4F4DF
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6
+
+# CFB128-AES192.Encrypt
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = CDC80D6FDDF18CAB34C25909C99A4174
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 67CE7F7F81173621961A2B70171D3D7A
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 67CE7F7F81173621961A2B70171D3D7A
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF
+
+# CFB128-AES192.Decrypt
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = CDC80D6FDDF18CAB34C25909C99A4174
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 67CE7F7F81173621961A2B70171D3D7A
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 67CE7F7F81173621961A2B70171D3D7A
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9
+
+Cipher = AES-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF
+
+# CFB128-AES256.Encrypt
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = DC7E84BFDA79164B7ECD8486985D3860
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 39FFED143B28B1C832113C6331E5407B
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 39FFED143B28B1C832113C6331E5407B
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = DF10132415E54B92A13ED0A8267AE2F9
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = DF10132415E54B92A13ED0A8267AE2F9
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 75A385741AB9CEF82031623D55B1E471
+
+# CFB128-AES256.Decrypt
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = DC7E84BFDA79164B7ECD8486985D3860
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 39FFED143B28B1C832113C6331E5407B
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 39FFED143B28B1C832113C6331E5407B
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = DF10132415E54B92A13ED0A8267AE2F9
+
+Cipher = AES-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = DF10132415E54B92A13ED0A8267AE2F9
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 75A385741AB9CEF82031623D55B1E471
+
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 50FE67CC996D32B6DA0937E99BAFEC60
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 7789508D16918F03F53C52DAC54ED825
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = D9A4DADA0892239F6B8B3D7680E15674
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 9740051E9C5FECF64344F7A82260EDCC
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A78819583F0308E7A6BF36B1386ABF23
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 304C6528F659C77866A510D9C1D6AE5E
+
+# OFB-AES128.Decrypt
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 50FE67CC996D32B6DA0937E99BAFEC60
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 7789508D16918F03F53C52DAC54ED825
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = D9A4DADA0892239F6B8B3D7680E15674
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 9740051E9C5FECF64344F7A82260EDCC
+
+Cipher = AES-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A78819583F0308E7A6BF36B1386ABF23
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 304C6528F659C77866A510D9C1D6AE5E
+
+# OFB-AES192.Encrypt
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = A609B38DF3B1133DDDFF2718BA09565E
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = FCC28B8D4C63837C09E81700C1100401
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 52EF01DA52602FE0975F78AC84BF8A50
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = BD5286AC63AABD7EB067AC54B553F71D
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A
+
+# OFB-AES192.Decrypt
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = A609B38DF3B1133DDDFF2718BA09565E
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = FCC28B8D4C63837C09E81700C1100401
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 52EF01DA52602FE0975F78AC84BF8A50
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2
+
+Cipher = AES-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = BD5286AC63AABD7EB067AC54B553F71D
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A
+
+# OFB-AES256.Encrypt
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E1C656305ED1A7A6563805746FE03EDC
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 41635BE625B48AFC1666DD42A09D96E7
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 0126141D67F37BE8538F5A8BE740E484
+
+# OFB-AES256.Decrypt
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E1C656305ED1A7A6563805746FE03EDC
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408
+
+Cipher = AES-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 41635BE625B48AFC1666DD42A09D96E7
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 0126141D67F37BE8538F5A8BE740E484
+
+
+# AES Counter test vectors from RFC3686
+Cipher = aes-128-ctr
+Key = AE6852F8121067CC4BF7A5765577F39E
+IV = 00000030000000000000000000000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = E4095D4FB7A7B3792D6175A3261311B8
+
+Cipher = aes-128-ctr
+Key = 7E24067817FAE0D743D6CE1F32539163
+IV = 006CB6DBC0543B59DA48D90B00000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28
+
+Cipher = aes-128-ctr
+Key = 7691BE035E5020A8AC6E618529F9A0DC
+IV = 00E0017B27777F3F4A1786F000000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F
+
+
+Cipher = aes-192-ctr
+Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515
+IV = 0000004836733C147D6D93CB00000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = 4B55384FE259C9C84E7935A003CBE928
+
+Cipher = aes-192-ctr
+Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A
+IV = 0096B03B020C6EADC2CB500D00000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = 453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00
+
+Cipher = aes-192-ctr
+Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE
+IV = 0007BDFD5CBD60278DCC091200000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = 96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935
+
+
+Cipher = aes-256-ctr
+Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104
+IV = 00000060DB5672C97AA8F0B200000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0
+
+Cipher = aes-256-ctr
+Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884
+IV = 00FAAC24C1585EF15A43D87500000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C
+
+Cipher = aes-256-ctr
+Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D
+IV = 001CC5B751A51D70A1C1114800000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8
+
+
+# Self-generated vector to trigger false carry on big-endian platforms
+Cipher = aes-128-ctr
+Key = 7E24067817FAE0D743D6CE1F32539163
+IV = 00000000000000007FFFFFFFFFFFFFFF
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = A2D459477E6432BD74184B1B5370D2243CDC202BC43583B2A55D288CDBBD1E03
+
+# DES ECB tests (from destest)
+
+Cipher = DES-ECB
+Key = 0000000000000000
+Plaintext = 0000000000000000
+Ciphertext = 8CA64DE9C1B123A7
+
+Cipher = DES-ECB
+Key = FFFFFFFFFFFFFFFF
+Plaintext = FFFFFFFFFFFFFFFF
+Ciphertext = 7359B2163E4EDC58
+
+Cipher = DES-ECB
+Key = 3000000000000000
+Plaintext = 1000000000000001
+Ciphertext = 958E6E627A05557B
+
+Cipher = DES-ECB
+Key = 1111111111111111
+Plaintext = 1111111111111111
+Ciphertext = F40379AB9E0EC533
+
+Cipher = DES-ECB
+Key = 0123456789ABCDEF
+Plaintext = 1111111111111111
+Ciphertext = 17668DFC7292532D
+
+Cipher = DES-ECB
+Key = 1111111111111111
+Plaintext = 0123456789ABCDEF
+Ciphertext = 8A5AE1F81AB8F2DD
+
+Cipher = DES-ECB
+Key = FEDCBA9876543210
+Plaintext = 0123456789ABCDEF
+Ciphertext = ED39D950FA74BCC4
+
+
+# DESX-CBC tests (from destest)
+Cipher = DESX-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+
+
+# DES EDE3 CBC tests (from destest)
+Cipher = DES-EDE3-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+
+# RC4 tests (from rc4test)
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 0123456789abcdef
+Ciphertext = 75b7878099e0c596
+
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 0000000000000000
+Ciphertext = 7494c2e7104b0879
+
+Cipher = RC4
+Key = 00000000000000000000000000000000
+Plaintext = 0000000000000000
+Ciphertext = de188941a3375d3a
+
+Cipher = RC4
+Key = ef012345ef012345ef012345ef012345
+Plaintext = 0000000000000000000000000000000000000000
+Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678
+Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+
+Cipher = RC4
+Key = ef012345ef012345ef012345ef012345
+Plaintext = 00000000000000000000
+Ciphertext = d6a141a7ec3c38dfbd61
+
+
+
+# Camellia tests from RFC3713
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
+Cipher = CAMELLIA-128-ECB
+Key = 0123456789abcdeffedcba9876543210
+Plaintext = 0123456789abcdeffedcba9876543210
+Ciphertext = 67673138549669730857065648eabe43
+
+Cipher = CAMELLIA-192-ECB
+Key = 0123456789abcdeffedcba98765432100011223344556677
+Plaintext = 0123456789abcdeffedcba9876543210
+Ciphertext = b4993401b3e996f84ee5cee7d79b09b9
+
+Cipher = CAMELLIA-256-ECB
+Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff
+Plaintext = 0123456789abcdeffedcba9876543210
+Ciphertext = 9acc237dff16d76c20ef7c919e3a7509
+
+
+# ECB-CAMELLIA128.Encrypt
+Cipher = CAMELLIA-128-ECB
+Key = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 77CF412067AF8270613529149919546F
+
+Cipher = CAMELLIA-192-ECB
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68
+
+Cipher = CAMELLIA-256-ECB
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Operation = ENCRYPT
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2
+
+
+# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
+Cipher = CAMELLIA-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 432FC5DCD628115B7C388D770B270C96
+
+Cipher = CAMELLIA-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B
+
+Cipher = CAMELLIA-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636
+
+Cipher = CAMELLIA-128-ECB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A
+
+
+# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
+Cipher = CAMELLIA-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CCCC6C4E138B45848514D48D0D3439D3
+
+Cipher = CAMELLIA-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A
+
+Cipher = CAMELLIA-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = B40ED2B60EB54D09D030CF511FEEF366
+
+Cipher = CAMELLIA-192-ECB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 909DBD95799096748CB27357E73E1D26
+
+
+# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
+Cipher = CAMELLIA-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = BEFD219B112FA00098919CD101C9CCFA
+
+Cipher = CAMELLIA-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA
+
+Cipher = CAMELLIA-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = A623D711DC5F25A51BB8A80D56397D28
+
+Cipher = CAMELLIA-256-ECB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B
+
+
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
+Cipher = CAMELLIA-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB
+
+Cipher = CAMELLIA-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 1607CF494B36BBF00DAEB0B503C831AB
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = A2F2CF671629EF7840C5A5DFB5074887
+
+Cipher = CAMELLIA-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A2F2CF671629EF7840C5A5DFB5074887
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 0F06165008CF8B8B5A63586362543E54
+
+Cipher = CAMELLIA-128-CBC
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 36A84CDAFD5F9A85ADA0F0A993D6D577
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980
+
+
+# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
+Cipher = CAMELLIA-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93
+
+Cipher = CAMELLIA-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 2A4830AB5AC4A1A2405955FD2195CF93
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5
+
+Cipher = CAMELLIA-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 5D5A869BD14CE54264F892A6DD2EC3D5
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 37D359C3349836D884E310ADDF68C449
+
+Cipher = CAMELLIA-192-CBC
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 37D359C3349836D884E310ADDF68C449
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08
+
+
+# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
+Cipher = CAMELLIA-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA
+
+Cipher = CAMELLIA-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E6CFA35FC02B134A4D2C0B6737AC3EDA
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50
+
+Cipher = CAMELLIA-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 36CBEB73BD504B4070B1B7DE2B21EB50
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = E31A6055297D96CA3330CDF1B1860A83
+
+Cipher = CAMELLIA-256-CBC
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E31A6055297D96CA3330CDF1B1860A83
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F
+
+
+# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-CAMELLIA128.Encrypt
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 14F7646187817EB586599146B82BD719
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 14F7646187817EB586599146B82BD719
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = A53D28BB82DF741103EA4F921A44880B
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A53D28BB82DF741103EA4F921A44880B
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 9C2157A664626D1DEF9EA420FDE69B96
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 742A25F0542340C7BAEF24CA8482BB09
+
+
+# CFB128-CAMELLIA128.Decrypt
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 14F7646187817EB586599146B82BD719
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 14F7646187817EB586599146B82BD719
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = A53D28BB82DF741103EA4F921A44880B
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A53D28BB82DF741103EA4F921A44880B
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96
+
+Cipher = CAMELLIA-128-CFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 9C2157A664626D1DEF9EA420FDE69B96
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 742A25F0542340C7BAEF24CA8482BB09
+
+
+# CFB128-CAMELLIA192.Encrypt
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = C832BB9780677DAA82D9B6860DCD565E
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = C832BB9780677DAA82D9B6860DCD565E
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 86F8491627906D780C7A6D46EA331F98
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 86F8491627906D780C7A6D46EA331F98
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 69511CCE594CF710CB98BB63D7221F01
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 69511CCE594CF710CB98BB63D7221F01
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = D5B5378A3ABED55803F25565D8907B84
+
+
+# CFB128-CAMELLIA192.Decrypt
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = C832BB9780677DAA82D9B6860DCD565E
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = C832BB9780677DAA82D9B6860DCD565E
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 86F8491627906D780C7A6D46EA331F98
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 86F8491627906D780C7A6D46EA331F98
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 69511CCE594CF710CB98BB63D7221F01
+
+Cipher = CAMELLIA-192-CFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 69511CCE594CF710CB98BB63D7221F01
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = D5B5378A3ABED55803F25565D8907B84
+
+
+# CFB128-CAMELLIA256.Encrypt
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 555FC3F34BDD2D54C62D9E3BF338C1C4
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA
+
+
+# CFB128-CAMELLIA256.Decrypt
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4
+
+Cipher = CAMELLIA-256-CFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 555FC3F34BDD2D54C62D9E3BF338C1C4
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA
+
+
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-CAMELLIA128.Encrypt
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 14F7646187817EB586599146B82BD719
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 50FE67CC996D32B6DA0937E99BAFEC60
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 25623DB569CA51E01482649977E28D84
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = D9A4DADA0892239F6B8B3D7680E15674
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = C776634A60729DC657D12B9FCA801E98
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A78819583F0308E7A6BF36B1386ABF23
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = D776379BE0E50825E681DA1A4C980E8E
+
+
+# OFB-CAMELLIA128.Decrypt
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = 14F7646187817EB586599146B82BD719
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = 50FE67CC996D32B6DA0937E99BAFEC60
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 25623DB569CA51E01482649977E28D84
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = D9A4DADA0892239F6B8B3D7680E15674
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = C776634A60729DC657D12B9FCA801E98
+
+Cipher = CAMELLIA-128-OFB
+Key = 2B7E151628AED2A6ABF7158809CF4F3C
+IV = A78819583F0308E7A6BF36B1386ABF23
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = D776379BE0E50825E681DA1A4C980E8E
+
+
+# OFB-CAMELLIA192.Encrypt
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = C832BB9780677DAA82D9B6860DCD565E
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = A609B38DF3B1133DDDFF2718BA09565E
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 52EF01DA52602FE0975F78AC84BF8A50
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = BDD62DBBB9700846C53B507F544696F0
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = BD5286AC63AABD7EB067AC54B553F71D
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = E28014E046B802F385C4C2E13EAD4A72
+
+
+# OFB-CAMELLIA192.Decrypt
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = C832BB9780677DAA82D9B6860DCD565E
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = A609B38DF3B1133DDDFF2718BA09565E
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = 52EF01DA52602FE0975F78AC84BF8A50
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = BDD62DBBB9700846C53B507F544696F0
+
+Cipher = CAMELLIA-192-OFB
+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
+IV = BD5286AC63AABD7EB067AC54B553F71D
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = E28014E046B802F385C4C2E13EAD4A72
+
+
+# OFB-CAMELLIA256.Encrypt
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
+Operation = ENCRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 127AD97E8E3994E4820027D7BA109368
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E1C656305ED1A7A6563805746FE03EDC
+Operation = ENCRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 41635BE625B48AFC1666DD42A09D96E7
+Operation = ENCRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20
+
+
+# OFB-CAMELLIA256.Decrypt
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 6BC1BEE22E409F96E93D7E117393172A
+Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
+Operation = DECRYPT
+Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
+Ciphertext = 127AD97E8E3994E4820027D7BA109368
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = E1C656305ED1A7A6563805746FE03EDC
+Operation = DECRYPT
+Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
+Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E
+
+Cipher = CAMELLIA-256-OFB
+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
+IV = 41635BE625B48AFC1666DD42A09D96E7
+Operation = DECRYPT
+Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
+Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20
+
+
+# Camellia test vectors from RFC5528
+Cipher = CAMELLIA-128-CTR
+Key = AE6852F8121067CC4BF7A5765577F39E
+IV = 00000030000000000000000000000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = D09DC29A8214619A20877C76DB1F0B3F
+
+Cipher = CAMELLIA-128-CTR
+Key = 7E24067817FAE0D743D6CE1F32539163
+IV = 006CB6DBC0543B59DA48D90B00000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048
+
+Cipher = CAMELLIA-128-CTR
+Key = 7691BE035E5020A8AC6E618529F9A0DC
+IV = 00E0017B27777F3F4A1786F000000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696
+
+Cipher = CAMELLIA-192-CTR
+Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515
+IV = 0000004836733C147D6D93CB00000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696
+
+Cipher = CAMELLIA-192-CTR
+Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A
+IV = 0096B03B020C6EADC2CB500D00000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED
+
+Cipher = CAMELLIA-192-CTR
+Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE
+IV = 0007BDFD5CBD60278DCC091200000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57
+
+Cipher = CAMELLIA-256-CTR
+Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104
+IV = 00000060DB5672C97AA8F0B200000001
+Operation = ENCRYPT
+Plaintext = 53696E676C6520626C6F636B206D7367
+Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11
+
+Cipher = CAMELLIA-256-CTR
+Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884
+IV = 00FAAC24C1585EF15A43D87500000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108
+
+Cipher = CAMELLIA-256-CTR
+Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D
+IV = 001CC5B751A51D70A1C1114800000001
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
+Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D
+
+# SEED test vectors from RFC4269
+Cipher = SEED-ECB
+Key = 00000000000000000000000000000000
+Operation = DECRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB
+
+Cipher = SEED-ECB
+Key = 000102030405060708090A0B0C0D0E0F
+Operation = DECRYPT
+Plaintext = 00000000000000000000000000000000
+Ciphertext = C11F22F20140505084483597E4370F43
+
+Cipher = SEED-ECB
+Key = 4706480851E61BE85D74BFB3FD956185
+Operation = DECRYPT
+Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D
+Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A
+
+Cipher = SEED-ECB
+Key = 28DBC3BC49FFD87DCFA509B11D422BE7
+Operation = DECRYPT
+Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7
+Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122
+
+Cipher = SEED-ECB
+Key = 00000000000000000000000000000000
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB
+
+Cipher = SEED-ECB
+Key = 000102030405060708090A0B0C0D0E0F
+Operation = ENCRYPT
+Plaintext = 00000000000000000000000000000000
+Ciphertext = C11F22F20140505084483597E4370F43
+
+Cipher = SEED-ECB
+Key = 4706480851E61BE85D74BFB3FD956185
+Operation = ENCRYPT
+Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D
+Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A
+
+Cipher = SEED-ECB
+Key = 28DBC3BC49FFD87DCFA509B11D422BE7
+Operation = ENCRYPT
+Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7
+Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122
+
+
+# AES CCM 256 bit key
+Cipher = aes-256-ccm
+Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e
+IV = 5b8e40746f6b98e00f1d13ff41
+AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0
+Tag = 2024931d73bca480c24a24ece6b6c2bf
+Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a
+Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726
+
+Cipher = aes-256-ccm
+Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e
+IV = 5b8e40746f6b98e00f1d13ff41
+AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0
+Tag = 2024931d73bca480c24a24ece6b6c2be
+Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a
+Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726
+Operation = DECRYPT
+Result = CIPHERUPDATE_ERROR
+
+# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = 58e2fccefa7e3061367f1d57a4e7455a
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = ab6e47d42cec13bdf53a67b21257bddf
+Plaintext = 00000000000000000000000000000000
+Ciphertext = 0388dace60b6a392f328c2b971b2fe78
+
+Cipher = aes-128-gcm
+Key = feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbaddecaf888
+AAD =
+Tag = 4d5c2af327cd64a62cf35abd2ba6fab4
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985
+
+Cipher = aes-128-gcm
+Key = feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbaddecaf888
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 5bc94fbc3221a5db94fae95ae7121a47
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091
+
+Cipher = aes-128-gcm
+Key = feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbad
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 3612d2e79e3b0785561be14aaca2fccb
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598
+
+Cipher = aes-128-gcm
+Key = feffe9928665731c6d6a8f9467308308
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 619cc5aefffe0bfa462af43c1699d050
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5
+
+Cipher = aes-128-gcm
+Key = feffe9928665731c6d6a8f9467308308
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 619cc5aefffe0bfa462af43c1699d051
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+Cipher = aes-192-gcm
+Key = 000000000000000000000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = cd33b28ac773f74ba00ed1f312572435
+Plaintext =
+Ciphertext =
+
+Cipher = aes-192-gcm
+Key = 000000000000000000000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = 2ff58d80033927ab8ef4d4587514f0fb
+Plaintext = 00000000000000000000000000000000
+Ciphertext = 98e7247c07f0fe411c267e4384b0f600
+
+Cipher = aes-192-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c
+IV = cafebabefacedbaddecaf888
+AAD =
+Tag = 9924a7c8587336bfb118024db8674a14
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256
+
+Cipher = aes-192-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c
+IV = cafebabefacedbaddecaf888
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 2519498e80f1478f37ba55bd6d27618c
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710
+
+Cipher = aes-192-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c
+IV = cafebabefacedbad
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 65dcc57fcf623a24094fcca40d3533f8
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7
+
+Cipher = aes-192-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = dcf566ff291c25bbb8568fc3d376a6d9
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b
+
+Cipher = aes-192-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = dcf566ff291c25bbb8568fc3d376a6d8
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+Cipher = aes-256-gcm
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = 530f8afbc74536b9a963b4f1c4cb738b
+Plaintext =
+Ciphertext =
+
+Cipher = aes-256-gcm
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = d0d1c8a799996bf0265b98b5d48ab919
+Plaintext = 00000000000000000000000000000000
+Ciphertext = cea7403d4d606b6e074ec5d3baf39d18
+
+Cipher = aes-256-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbaddecaf888
+AAD =
+Tag = b094dac5d93471bdec1a502270e3cc6c
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
+
+Cipher = aes-256-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbaddecaf888
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 76fc6ece0f4e1768cddf8853bb2d551b
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662
+
+Cipher = aes-256-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+IV = cafebabefacedbad
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 3a337dbf46a792c45e454913fe2ea8f2
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f
+
+Cipher = aes-256-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f
+
+Cipher = aes-256-gcm
+Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19b
+Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+# local add-ons, primarily streaming ghash tests
+# 128 bytes aad
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
+Tag = 5fea793a2d6f974d37e68e0cb8ff9492
+Plaintext =
+Ciphertext =
+
+# 48 bytes plaintext
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = 9dd0a376b08e40eb00c35f29f9ea61a4
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0
+
+# 80 bytes plaintext
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = 98885a3a22bd4742fe7b72172193b163
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291
+
+# 128 bytes plaintext
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = 000000000000000000000000
+AAD =
+Tag = cac45f60e31efd3b5a43b98a22ce1aa1
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40
+
+# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+AAD =
+Tag = 566f8ef683078bfdeeffa869d751a017
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606
+
+# 240 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+AAD =
+Tag = fd0c7011ff07f0071324bdfb2d0f3a29
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b6
+
+# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
+Cipher = aes-128-gcm
+Key = 00000000000000000000000000000000
+IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+AAD =
+Tag = 8b307f6b33286d0ab026a9ed3fe1e85f
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c
+
+# 80 bytes plaintext, submitted by Intel
+Cipher = aes-128-gcm
+Key = 843ffcf5d2b72694d19ed01d01249412
+IV = dbcca32ebf9b804617c3aa9e
+AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f
+Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
+Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5
+
+#AES OCB Test vectors
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 197B9C3C441D3C83EAFB2BEF633B9182
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 16DC76A46D47E1EAD537209E8A96D14E
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 98B91552C8C009185044E30A6EB2FE21
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 971EFFCAE19AD4716F88E87B871FBEED
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 776C9924D6723A1FC4524532AC3E5BEB
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 7DDB8E6CEA6814866212509619B19CC6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 13CC8B747807121A4CBB3E4BD6B456AF
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 282026DA3068BC9FA118681D559F10F6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = B2A040DD3BD5164372D76D7BB6824240
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = E1E072633BADE51A60E85951D9C42A1B
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 659C623211DEEA0DE30D2C381879F4C8
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 7AEB7A69A1687DD082CA27B0D9A37096
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 060C8467F4ABAB5E8B3C2067A2E115DC
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+#AES OCB Non standard test vectors - generated from reference implementation
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1b6c44f34e3abb3cbf8976e7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B0C0D0E
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1ad62009901f40cba7cd7156f94a7324
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = C203F98CE28F7DAD3F31C021
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 8346D7D47C5D893ED472F5AB
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 5822A9A70FDF55D29D2984A6
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 81772B6741ABB4ECA9D2DEB2
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 3E52A01D068DE85456DB03B7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 3E52A01D068DE85456DB03B6
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
+Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+# AES XTS test vectors from IEEE Std 1619-2007
+Cipher = aes-128-xts
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
+
+Cipher = aes-128-xts
+Key = 1111111111111111111111111111111122222222222222222222222222222222
+IV = 33333333330000000000000000000000
+Plaintext = 4444444444444444444444444444444444444444444444444444444444444444
+Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0
+
+Cipher = aes-128-xts
+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222
+IV = 33333333330000000000000000000000
+Plaintext = 4444444444444444444444444444444444444444444444444444444444444444
+Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 01000000000000000000000000000000
+Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568
+Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 02000000000000000000000000000000
+Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd
+Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = fd000000000000000000000000000000
+Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888
+Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = fe000000000000000000000000000000
+Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637
+Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = ff000000000000000000000000000000
+Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a
+Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd
+
+
+Cipher = aes-256-xts
+Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592
+IV = ff000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151
+
+Cipher = aes-256-xts
+Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592
+IV = ffff0000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803
+
+Cipher = aes-256-xts
+Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592
+IV = ffffff00000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826
+
+Cipher = aes-256-xts
+Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592
+IV = ffffffff000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220
+
+Cipher = aes-256-xts
+Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592
+IV = ffffffffff0000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9
+
+
+Cipher = aes-128-xts
+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0
+IV = 9a785634120000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f10
+Ciphertext = 6c1625db4671522d3d7599601de7ca09ed
+
+Cipher = aes-128-xts
+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0
+IV = 9a785634120000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f1011
+Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf
+
+Cipher = aes-128-xts
+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0
+IV = 9a785634120000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112
+Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d
+
+Cipher = aes-128-xts
+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0
+IV = 9a785634120000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f10111213
+Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac
+
+Cipher = aes-128-xts
+Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf
+IV = 21436587a90000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3
+
+# Exercise different lengths covering even ciphertext stealing cases
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5B079C6307EA0914559C6D2FB6384F8AADF94
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce84
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CEF4F253466EF4953ADC8FE2F5BC1FF57593FD
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad0265
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE842973C68248EDDFE26FB9B096659C8A5D6BB7
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD0265C4DD16E65A24575A709F174593F19FF85EA9
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE519215FA160C664D4B07D757A034AB3B35A10C
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f91
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D82C6CBC24F9357BD1FB882AA4B2CC2E7FA750
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f434
+
+Cipher = aes-128-xts
+Key = 2718281828459045235360287471352631415926535897932384626433832795
+IV = 00000000000000000000000000000000
+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1
+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF
+
+# AES wrap tests from RFC3394
+Cipher = id-aes128-wrap
+Key = 000102030405060708090A0B0C0D0E0F
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5
+
+Cipher = id-aes192-wrap
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D
+
+Cipher = id-aes256-wrap
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF
+Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7
+
+Cipher = id-aes192-wrap
+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
+Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
+Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
+
+Cipher = id-aes256-wrap
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
+Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
+
+Cipher = id-aes256-wrap
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+
+# Same as previous example but with invalid unwrap key: should be rejected
+# without returning any plaintext
+Cipher = id-aes256-wrap
+Operation = DECRYPT
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+Result = CIPHERUPDATE_ERROR
+
+# AES wrap tests from RFC5649
+Cipher = id-aes192-wrap-pad
+Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8
+Plaintext = c37b7e6492584340bed12207808941155068f738
+Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
+
+Cipher = id-aes192-wrap-pad
+Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8
+Plaintext = 466f7250617369
+Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f
+
+# HMAC tests from RFC2104
+MAC = HMAC
+Algorithm = MD5
+Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Input = "Hi There"
+Output = 9294727a3638bb1c13f48ef8158bfc9d
+
+MAC = HMAC
+Algorithm = MD5
+Key = "Jefe"
+Input = "what do ya want for nothing?"
+Output = 750c783e6ab0b503eaa86e310a5db738
+
+MAC = HMAC
+Algorithm = MD5
+Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
+Output = 56be34521d144c88dbb8c733f0e8b3f6
+
+# HMAC tests from NIST test data
+
+MAC = HMAC
+Algorithm = SHA1
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29
+
+MAC = HMAC
+Algorithm = SHA1
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F10111213
+Output = 4C99FF0CB1B31BD33F8431DBAF4D17FCD356A807
+
+MAC = HMAC
+Algorithm = SHA1
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = 2D51B2F7750E410584662E38F133435F4C4FD42A
+
+MAC = HMAC
+Algorithm = SHA224
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B
+
+MAC = HMAC
+Algorithm = SHA224
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B
+Output = E3D249A8CFB67EF8B7A169E9A0A599714A2CECBA65999A51BEB8FBBE
+
+MAC = HMAC
+Algorithm = SHA224
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = 91C52509E5AF8531601AE6230099D90BEF88AAEFB961F4080ABC014D
+
+MAC = HMAC
+Algorithm = SHA256
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = 8BB9A1DB9806F20DF7F77B82138C7914D174D59E13DC4D0169C9057B133E1D62
+
+MAC = HMAC
+Algorithm = SHA256
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Output = A28CF43130EE696A98F14A37678B56BCFCBDD9E5CF69717FECF5480F0EBDF790
+
+MAC = HMAC
+Algorithm = SHA256
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = BDCCB6C72DDEADB500AE768386CB38CC41C63DBB0878DDB9C7A38A431B78378D
+
+MAC = HMAC
+Algorithm = SHA384
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = 63C5DAA5E651847CA897C95814AB830BEDEDC7D25E83EEF9195CD45857A37F448947858F5AF50CC2B1B730DDF29671A9
+
+MAC = HMAC
+Algorithm = SHA384
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
+Output = 6EB242BDBB582CA17BEBFA481B1E23211464D2B7F8C20B9FF2201637B93646AF5AE9AC316E98DB45D9CAE773675EEED0
+
+MAC = HMAC
+Algorithm = SHA384
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Output = 5B664436DF69B0CA22551231A3F0A3D5B4F97991713CFA84BFF4D0792EFF96C27DCCBBB6F79B65D548B40E8564CEF594
+
+MAC = HMAC
+Algorithm = SHA512
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = FC25E240658CA785B7A811A8D3F7B4CA48CFA26A8A366BF2CD1F836B05FCB024BD36853081811D6CEA4216EBAD79DA1CFCB95EA4586B8A0CE356596A55FB1347
+
+MAC = HMAC
+Algorithm = SHA512
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = FD44C18BDA0BB0A6CE0E82B031BF2818F6539BD56EC00BDC10A8A2D730B3634DE2545D639B0F2CF710D0692C72A1896F1F211C2B922D1A96C392E07E7EA9FEDC
+
+MAC = HMAC
+Algorithm = SHA512
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3
+
+# CMAC tests from FIPS module
+
+MAC = CMAC
+Algorithm = AES-128-CBC
+Key = 77A77FAF290C1FA30C683DF16BA7A77B
+Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13
+Output = FBFEA41BF9740CB501F1292C21CEBB40
+
+MAC = CMAC
+Algorithm = AES-192-CBC
+Key = 7B32391369AA4CA97558095BE3C3EC862BD057CEF1E32D62
+Input =
+Output = E4D9340B03E67DEFD4969CC1ED3735E6
+
+MAC = CMAC
+Algorithm = AES-256-CBC
+Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
+Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
+Output = F62C46329B41085625669BAF51DEA66A
+
+MAC = CMAC
+Algorithm = DES-EDE3-CBC
+Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23
+Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
+Output = 8F49A1B7D6AA2258
+
+# Public key algorithm tests
+
+# Private keys used for PKEY operations.
+
+# RSA 2048 bit key.
+
+PrivateKey = RSA-2048
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV
+n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW
+B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP
+6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr
+LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7
+yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt
+A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X
+ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS
+IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W
+glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo
+qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC
+XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe
+hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv
+6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK
+hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY
+eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A
+RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg
+T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR
+2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK
+HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ
+qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg
+esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq
+IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7
+aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu
+SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH
+fMkTd7GabVourqIZdgvu1Q==
+-----END PRIVATE KEY-----
+
+# Corresponding public key
+
+PublicKey = RSA-2048-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQCB6nsq4eoG1Z98c9n/
+uUoJYVwuS6fGNs7wjdNTPsMYVSWwFcdpuZp31nJb+cNTKptuX2Yn1fuFFgdo092p
+y9NZdFEXF9w9MJ0vxH7kH5fjKtt/ndhkocR2emZuzXG8Gqz151F/SzhZT+qbBeQt
+WtqZEgCAE+RTFqTZu47QhriNKHWLrK+SLUaoaLSF0jnJuusOK2RZJxD0Ky0eoKS0
+gCwL7Ksyj4posAc721Rv7qmAnShJkSs5DBUyvH4px2WPgXX65G80My/4e8qz5AZJ
+uYV3hp2g6nGDU/ByJ1SIaRNkh2DRIr5nbg/Eg90g/8Mb2pajGWbJqi51rQPeR+HE
+TwIDAQAB
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = RSA-2048:RSA-2048-PUBLIC
+
+
+# EC P-256 key
+
+PrivateKey=P-256
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
++RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
++JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
+-----END PRIVATE KEY-----
+
+# EC public key for above
+
+PublicKey=P-256-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
+x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = P-256:P-256-PUBLIC
+
+
+# Additional EC key for ECDH
+PrivateKey=P-256-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/URzu1TDNwUFWZ3i
+dLISAZpEY0vfJ2pLB7f+Xnjyl2OhRANCAAQgBuXhSgeKpz+4piXlYSVLvy0NT+wK
+uZWUI3LqUUCV07wg+RLLMY8yNK9kjqcgZDs/cB+bet64nQq+dNnvtpxG
+-----END PRIVATE KEY-----
+
+PublicKey=P-256-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s
+CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = P-256-Peer:P-256-Peer-PUBLIC
+
+
+# DSA key
+PrivateKey=DSA-1024
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk4
+19R5ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJ
+f/WDYPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psF
+YFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ez
+Qci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CH
+woS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt
+6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUbyv6pqH+UQurernJn/7sUm2U2i0=
+-----END PRIVATE KEY-----
+
+PublicKey=DSA-1024-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5
+ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD
+YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD
+YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9
+XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0
+mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa
+3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAVXFwJ5wTuF0rQ6AWfTitm3/zUeRW
+SeKFo+Rg0GrBI+Wg2Tj+Yn6V8Xs+Xyjim1wsd2P6/BlJzCEr4nHjP9JcBICqM3vI
+9zCaT/vYsLD7/T7rF9AF/jV+LnkGJCzLbDYF04IkhtLNHOQob+Uc8PWB78e/1Lc4
+SzJw2oHciIOt+UU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC
+
+
+# RSA tests
+
+Sign = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+
+Verify = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+
+VerifyRecover = RSA-2048
+Ctrl = digest:SHA1
+Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+Output = "0123456789ABCDEF1234"
+
+# Leading zero in the signature
+Verify = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:SHA1
+Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+Result = KEYOP_ERROR
+
+# Digest too long
+Sign = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF12345"
+Output = 00
+Result = KEYOP_ERROR
+
+# Digest too short
+Sign = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF12345"
+Output = 00
+Result = KEYOP_ERROR
+
+# Mismatched digest
+Verify = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1233"
+Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+Result = VERIFY_ERROR
+
+# Corrupted signature
+Verify = RSA-2048
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1233"
+Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ae
+Result = VERIFY_ERROR
+
+# parameter is not NULL
+Verify = RSA-2048
+Ctrl = digest:sha1
+Input = "0123456789ABCDEF1234"
+Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e75b4f6b37f67edd9c60c800f9ab941c0c157d7d880ca9de40c951d60fd293ae220d4bc510b1572d6e85a1bbbd8605b52e05f1c64fafdae59a1c2fbed214b7844d0134619de62851d5a0522e32e556e5950f3f97b8150e3f0dffee612c924201c27cd9bc8b423a71533380c276d3d59fcba35a2e80a1a192ec266a6c2255012cd86a349fe90a542b355fa3355b04da6cdf1df77f0e7bd44a90e880e1760266d233e465226f5db1c68857847d82072861ee266ddfc2e596845b77e1803274a579835ab5e4975d81d20b7df9cec7795489e4a2bdb8c1cf6a6b359945ac92c
+Result = VERIFY_ERROR
+
+# embedded digest too long
+Verify = RSA-2048
+Ctrl = digest:sha1
+Input = "0123456789ABCDEF1234"
+Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:sha1
+Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+Result = KEYOP_ERROR
+
+# embedded digest too short
+Verify = RSA-2048
+Ctrl = digest:sha1
+Input = "0123456789ABCDEF1234"
+Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:sha1
+Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+Result = KEYOP_ERROR
+
+# Garbage after DigestInfo
+Verify = RSA-2048
+Ctrl = digest:sha1
+Input = "0123456789ABCDEF1234"
+Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:sha1
+Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
+Result = KEYOP_ERROR
+
+# invalid tag for parameter
+Verify = RSA-2048
+Ctrl = digest:sha1
+Input = "0123456789ABCDEF1234"
+Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:sha1
+Input = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9
+Result = KEYOP_ERROR
+
+# MD5/SHA-1 combination
+Verify = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = "0123456789ABCDEF0123456789ABCDEF0123"
+Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
+
+VerifyRecover = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
+Output = "0123456789ABCDEF0123456789ABCDEF0123"
+
+# MD5/SHA-1 combination, digest mismatch
+Verify = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = "000000000000000000000000000000000000"
+Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
+Result = VERIFY_ERROR
+
+# MD5/SHA-1 combination, wrong signature digest length
+Verify = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = "0123456789ABCDEF0123456789ABCDEF0123"
+Output = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4
+Result = KEYOP_ERROR
+
+# MD5/SHA-1 combination, wrong input digest length
+Verify = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = "0123456789ABCDEF0123456789ABCDEF012"
+Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
+Result = VERIFY_ERROR
+
+# MD5/SHA-1 combination, wrong input and signature digest length
+Verify = RSA-2048
+Ctrl = digest:MD5-SHA1
+Input = "0123456789ABCDEF0123456789ABCDEF012"
+Output = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4
+Result = VERIFY_ERROR
+
+# DigestInfo-wrapped MDC-2 signature
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0123456789ABCDEF"
+Output = 3a46e5e80635d3b5586187b44b08fd02ca0bd36a637a8afeb46a1c1eb18d05b3196e00edf85378109015bcd3d0cfcefc2919c5b8e3ac42884b360188b1395ed34df7d2749f36b91c320d290311d78b36f390481eff42ace0275385c05176d022e4b625cf0ed85082d4b25da9e8a86011f6ac1cb8d8b812cc2bbd6c240caa8445aa74f8e971c935dbf3447df0411eb9e5cdee0851d1e0fea7041916c77efc09dc54e8dd4b7ba8f8d85ef43d4f12abde99886f4ebd5f021fc1b476cc23dc6a94fbbe77c954eee496fb6b4b5c534daa4e819143ce8de511a8bcb65759750c17edaca6fb31ac271c1ca3a27705f780ae86c67009e76fcba9067dde3556ff59c44111
+
+VerifyRecover = RSA-2048
+Ctrl = digest:MDC2
+Input = 3a46e5e80635d3b5586187b44b08fd02ca0bd36a637a8afeb46a1c1eb18d05b3196e00edf85378109015bcd3d0cfcefc2919c5b8e3ac42884b360188b1395ed34df7d2749f36b91c320d290311d78b36f390481eff42ace0275385c05176d022e4b625cf0ed85082d4b25da9e8a86011f6ac1cb8d8b812cc2bbd6c240caa8445aa74f8e971c935dbf3447df0411eb9e5cdee0851d1e0fea7041916c77efc09dc54e8dd4b7ba8f8d85ef43d4f12abde99886f4ebd5f021fc1b476cc23dc6a94fbbe77c954eee496fb6b4b5c534daa4e819143ce8de511a8bcb65759750c17edaca6fb31ac271c1ca3a27705f780ae86c67009e76fcba9067dde3556ff59c44111
+Output = "0123456789ABCDEF"
+
+# Legacy OCTET STRING MDC-2 signature
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0123456789ABCDEF"
+Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e
+
+VerifyRecover = RSA-2048
+Ctrl = digest:MDC2
+Input = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e
+Output = "0123456789ABCDEF"
+
+# Legacy OCTET STRING MDC-2 signature, digest mismatch
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0000000000000000"
+Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e
+Result = VERIFY_ERROR
+
+# Legacy OCTET STRING MDC-2 signature, wrong input digest length
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0123456789ABCDE"
+Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e
+Result = VERIFY_ERROR
+
+# Legacy OCTET STRING MDC-2 signature, wrong signature digest length
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0123456789ABCDEF"
+Output = 08da512483ece70be57f28a75271612800ae30ffbadc62609bc88b80d497a1fc13c300fdfcab6dc80cf55373c10adcc249ae80479b87fa3e391a2cd4a74babd1c22a4976812d544dcd6729b161bbc48fd067cf635b05f9edaddaeb6f67f2117d6b54a23c5e6f08a246abfe0356a67d7f3929306515e6d9962f8ce205120ecdcd2d4e3783cd0b4a1f0196a1b13924d0d3649233312695c3c336ae04e0b1efddabcc878b57622db60f6f747a1124c38426dacf1425c92d304c2bb1052f987c1dd73e4cc4b20d23396d4f05f52f98cf5065c3fb7dc319425f1f6f1878b87f57afbd24fbff98909494581aadd04d80a639b85ce8684ea58409d8dbbbaacf256bb5c4
+Result = VERIFY_ERROR
+
+VerifyRecover = RSA-2048
+Ctrl = digest:MDC2
+Input = 08da512483ece70be57f28a75271612800ae30ffbadc62609bc88b80d497a1fc13c300fdfcab6dc80cf55373c10adcc249ae80479b87fa3e391a2cd4a74babd1c22a4976812d544dcd6729b161bbc48fd067cf635b05f9edaddaeb6f67f2117d6b54a23c5e6f08a246abfe0356a67d7f3929306515e6d9962f8ce205120ecdcd2d4e3783cd0b4a1f0196a1b13924d0d3649233312695c3c336ae04e0b1efddabcc878b57622db60f6f747a1124c38426dacf1425c92d304c2bb1052f987c1dd73e4cc4b20d23396d4f05f52f98cf5065c3fb7dc319425f1f6f1878b87f57afbd24fbff98909494581aadd04d80a639b85ce8684ea58409d8dbbbaacf256bb5c4
+Result = KEYOP_ERROR
+
+# Legacy OCTET STRING MDC-2 signature, wrong input and signature digest length
+Verify = RSA-2048
+Ctrl = digest:MDC2
+Input = "0123456789ABCDE"
+Output = 08da512483ece70be57f28a75271612800ae30ffbadc62609bc88b80d497a1fc13c300fdfcab6dc80cf55373c10adcc249ae80479b87fa3e391a2cd4a74babd1c22a4976812d544dcd6729b161bbc48fd067cf635b05f9edaddaeb6f67f2117d6b54a23c5e6f08a246abfe0356a67d7f3929306515e6d9962f8ce205120ecdcd2d4e3783cd0b4a1f0196a1b13924d0d3649233312695c3c336ae04e0b1efddabcc878b57622db60f6f747a1124c38426dacf1425c92d304c2bb1052f987c1dd73e4cc4b20d23396d4f05f52f98cf5065c3fb7dc319425f1f6f1878b87f57afbd24fbff98909494581aadd04d80a639b85ce8684ea58409d8dbbbaacf256bb5c4
+Result = VERIFY_ERROR
+
+# Verify using public key
+
+Verify = RSA-2048-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+
+# RSA decrypt
+
+Decrypt = RSA-2048
+Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+Output = "Hello World"
+
+# Corrupted ciphertext
+Decrypt = RSA-2048
+Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
+Output = "Hello World"
+Result = KEYOP_ERROR
+
+# OAEP padding
+Decrypt = RSA-2048
+Ctrl = rsa_padding_mode:oaep
+Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AF
+Output = "Hello World"
+
+# OAEP padding, corrupted ciphertext
+Decrypt = RSA-2048
+Ctrl = rsa_padding_mode:oaep
+Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AC
+Output = "Hello World"
+Result = KEYOP_ERROR
+
+# Illegal RSA key derivation
+Derive = RSA-2048
+Result = KEYOP_INIT_ERROR
+Function = EVP_PKEY_derive_init
+Reason = operation not supported for this keytype
+
+# Invalid ctrl
+Sign = RSA-2048
+Ctrl = rsa_mgf1_md:sha1
+Result = PKEY_CTRL_INVALID
+Function = pkey_rsa_ctrl
+Reason = invalid mgf1 md
+
+# EC tests
+
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+
+# Digest too long
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF12345"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+Result = VERIFY_ERROR
+
+# Digest too short
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF123"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+Result = VERIFY_ERROR
+
+# Digest invalid
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1235"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+Result = VERIFY_ERROR
+
+# Invalid signature
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
+Result = VERIFY_ERROR
+
+# Garbage after signature
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
+Result = VERIFY_ERROR
+
+# BER signature
+Verify = P-256
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
+Result = VERIFY_ERROR
+
+Verify = P-256-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+
+# DSA tests
+Verify = DSA-1024
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
+# Modified signature
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d88
+Result = VERIFY_ERROR
+
+# Digest too short
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF123"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+Result = VERIFY_ERROR
+
+# Digest too long
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF12345"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+Result = VERIFY_ERROR
+
+# Garbage after signature
+Verify = DSA-1024-PUBLIC
+Input = "0123456789ABCDEF1234"
+Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700
+Result = VERIFY_ERROR
+
+# Invalid tag
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+Result = VERIFY_ERROR
+
+# BER signature
+Verify = DSA-1024-PUBLIC
+Ctrl = digest:SHA1
+Input = "0123456789ABCDEF1234"
+Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000
+Result = VERIFY_ERROR
+
+# RSA PSS padding tests.
+
+# Zero salt length makes output deterministic
+Sign = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Verify of above signature
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+# Digest too short
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDE"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Digest too long
+Verify = RSA-2048-PUBLIC
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF0"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong salt length
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:2
+Ctrl = digest:sha256
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# Wrong MGF1 digest
+Verify = RSA-2048
+Ctrl = rsa_padding_mode:pss
+Ctrl = rsa_pss_saltlen:0
+Ctrl = digest:sha256
+Ctrl = rsa_mgf1_md:sha1
+Input="0123456789ABCDEF0123456789ABCDEF"
+Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+Result = VERIFY_ERROR
+
+# scrypt tests from draft-josefsson-scrypt-kdf-03
+PBE = scrypt
+Password = ""
+Salt = ""
+N = 16
+r = 1
+p = 1
+Key = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906
+
+PBE = scrypt
+Password = "password"
+Salt = "NaCl"
+N = 1024
+r = 8
+p = 16
+Key = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
+
+PBE = scrypt
+Password = "pleaseletmein"
+Salt = "SodiumChloride"
+N = 16384
+r = 8
+p = 1
+Key = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
+
+# NB: this test requires more than 1GB of memory to run so it will hit the
+# scrypt memory limit and return an error. To run this test without error
+# uncomment out the "maxmem" line and comment out the "Result"
+# line
+PBE = scrypt
+Password = "pleaseletmein"
+Salt = "SodiumChloride"
+N = 1048576
+r = 8
+p = 1
+Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4
+#maxmem = 10000000000
+Result = SCRYPT_ERROR
+
+# PKCS#12 tests
+
+PBE = pkcs12
+id = 1
+iter = 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 0A58CF64530D823F
+Key = 8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3
+
+PBE = pkcs12
+id = 2
+iter = 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 0A58CF64530D823F
+Key = 79993DFE048D3B76
+
+PBE = pkcs12
+id = 3
+iter 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 3D83C0E4546AC140
+Key = 8D967D88F6CAA9D714800AB3D48051D63F73A312
+
+PBE = pkcs12
+id = 1
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 1682C0FC5B3F7EC5
+Key = 483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F
+
+PBE = pkcs12
+id = 2
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 1682C0FC5B3F7EC5
+Key = 9D461D1B00355C50
+
+PBE = pkcs12
+id = 3
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 263216FCC2FAB31C
+Key = 5EC4C7A80DF652294C3925B6489A7AB857C83476
+
+# PBKDF2 tests from p5_crpt2_test.c
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha1
+Key = 0c60c80f961f0e71f3a9b524af6012062fe037a6
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha256
+Key = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha512
+Key = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha1
+Key = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha256
+Key = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha512
+Key = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha1
+Key = 4b007901b765489abead49d926f721d065a429c1
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha256
+Key = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha512
+Key = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha1
+Key = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha256
+Key = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha512
+Key = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha1
+Key = 56fa6aa75548099dcc37d7f03425e0c3
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha256
+Key = 89b69d0516f829893c696226650a8687
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha512
+Key = 9d9e9c4cd21fe4be24d5b8244c759665
+
+# PBKDF2 tests for empty and NULL inputs
+PBE = pbkdf2
+Password = ""
+Salt = "salt"
+iter = 1
+MD = sha1
+Key = a33dddc30478185515311f8752895d36ea4363a2
+
+PBE = pbkdf2
+Password = ""
+Salt = "salt"
+iter = 1
+MD = sha256
+Key = f135c27993baf98773c5cdb40a5706ce6a345cde
+
+PBE = pbkdf2
+Password = ""
+Salt = "salt"
+iter = 1
+MD = sha512
+Key = 00ef42cdbfc98d29db20976608e455567fdddf14
+
+PBE = pbkdf2
+Password = NULL
+Salt = "salt"
+iter = 1
+MD = sha1
+Key = a33dddc30478185515311f8752895d36ea4363a2
+
+PBE = pbkdf2
+Password = NULL
+Salt = "salt"
+iter = 1
+MD = sha256
+Key = f135c27993baf98773c5cdb40a5706ce6a345cde
+
+PBE = pbkdf2
+Password = NULL
+Salt = "salt"
+iter = 1
+MD = sha512
+Key = 00ef42cdbfc98d29db20976608e455567fdddf14
+
+# Base64 tests
+
+Encoding = canonical
+Input = ""
+Output = ""
+
+Encoding = canonical
+Input = "h"
+Output = "aA==\n"
+
+Encoding = canonical
+Input = "hello"
+Output = "aGVsbG8=\n"
+
+Encoding = canonical
+Input = "hello world!"
+Output = "aGVsbG8gd29ybGQh\n"
+
+Encoding = canonical
+Input = 00010203040506070809a0b0c0d0e0f000
+Output = "AAECAwQFBgcICaCwwNDg8AA=\n"
+
+# Missing padding
+Encoding = invalid
+Output = "aGVsbG8"
+
+Encoding = invalid
+Output = "aGVsbG8\n"
+
+# Tolerate missing newline
+Encoding = valid
+Input = "hello"
+Output = "aGVsbG8="
+
+# Don't tolerate extra trailing '='
+Encoding = invalid
+Input = "hello"
+Output = "aGVsbG8==\n"
+
+Encoding = invalid
+Output = "aGVsbG8===\n"
+
+# Don't tolerate data after '='
+Encoding = invalid
+Output = "aGV=sbG8=\n"
+
+# Newlines are ignored
+Encoding = valid
+Input = "hello"
+Output = "aGV\nsbG8=\n"
+
+Encoding = canonical
+Input = "hello"
+Output = 614756736247383d0a
+
+# Invalid characters
+Encoding = invalid
+Output = 614756736247383d0a00
+
+Encoding = invalid
+Output = 61475600736247383d0a
+
+Encoding = invalid
+Output = 61475601736247383d0a
+
+Encoding = invalid
+Output = 61475680736247383d0a
+
+Encoding = invalid
+Output = e14756736247383d0a
+
+Encoding = canonical
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE9wZW5TU0wK\n"
+
+Encoding = valid
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE9wZW5TU0wK"
+
+# Truncate 1-3 chars
+Encoding = invalid
+Output = "T3BlblNTTE9wZW5TU0w"
+
+Encoding = invalid
+Output = "T3BlblNTTE9wZW5TU0"
+
+Encoding = invalid
+Output = "T3BlblNTTE9wZW5TU"
+
+Encoding = invalid
+Output = "T3BlblNTTE9wZW5TU0wK===="
+
+Encoding = invalid
+Output = "T3BlblNTTE9wZW5TU0wK============================================\n"
+
+Encoding = invalid
+Output = "YQ==YQ==YQ==\n"
+
+Encoding = invalid
+Output = "A"
+
+Encoding = invalid
+Output = "A\n"
+
+Encoding = invalid
+Output = "A="
+
+Encoding = invalid
+Output = "A==\n"
+
+Encoding = invalid
+Output = "A===\n"
+
+Encoding = invalid
+Output = "A====\n"
+
+Encoding = valid
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE9wZW5TU0wK\n\n"
+
+Encoding = valid
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE\n9wZW5TU0wK"
+
+# CVE 2015-0292
+Encoding = invalid
+Output = "ZW5jb2RlIG1lCg==================================================================\n"
+
+Encoding = canonical
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n"
+
+Encoding = valid
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA\n==\n"
+
+Encoding = valid
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n=\n"
+
+Encoding = invalid
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA====\n"
+
+# Multiline output without padding
+Encoding = canonical
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4\n"
+
+# Multiline output with padding
+Encoding = canonical
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4eHh4eA==\n"
+
+# Multiline output with line break in the middle of a b64 block is accepted
+Encoding = valid
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh\n4eHh4eHh4eHh4eHh4eHh4eA==\n"
+
+# Long lines are accepted
+Encoding = valid
+Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n"
+
+# Multiline input with data after '='.
+Encoding = invalid
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\neHh4eHh4eHh4eHh4eHh4eHh4\n"
+
+Encoding = invalid
+Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neA==eHh4eHh4eHh4eHh4eHh4\n"
+
+# B64_EOF ('-') terminates input and trailing bytes are ignored
+Encoding = valid
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE9wZW5TU0wK\n-abcd"
+
+Encoding = valid
+Input = "OpenSSLOpenSSL\n"
+Output = "T3BlblNTTE9wZW5TU0wK-abcd"
+
+Cipher = chacha20
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586
+
+Cipher = chacha20
+Key = 0000000000000000000000000000000000000000000000000000000000000001
+IV = 00000000000000000000000000000000
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae546963
+
+Cipher = chacha20
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000001
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df137821031e85a050278a7084527214f73efc7fa5b5277062eb7a0433e445f41e31afab757
+
+Cipher = chacha20
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000100000000000000
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c9
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c730
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444a
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF1798
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1D
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075E4B65E3E4C78F81DA9B751C5EFE024152301C48E63245B556C4C67AFF857E5EA15A908D83A1D9704F8E55E7352B20B694BF9970298E6B5AAD33EA2155D105D4E
+
+Cipher = chacha20
+Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+IV = 00000000000000000001020304050607
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075E4B65E3E4C78F81DA9B751C5EFE024152301C48E63245B556C4C67AFF857E5EA15A908D83A1D9704F8E55E7352B20B694BF9970298E6B5AAD33EA2155D105D4E637D1E87C40A8E5F4E8C5A16A4B8F3DC27B31721D77A65FD1ED6F86BE25FB95DB29B1988493770A7C60E451FF97DD241A236851FC425691979FE30226559AD95
+
+# RFC7539
+Cipher = chacha20-poly1305
+Key = 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
+IV = 070000004041424344454647
+AAD = 50515253c0c1c2c3c4c5c6c7
+Tag = 1ae10b594f09e26a7e902ecbd0600691
+Plaintext = 4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e
+Ciphertext = d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116
+
+Cipher = chacha20-poly1305
+Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0
+IV = 000000000102030405060708
+AAD = f33388860000000000004e91
+Tag = eead9d67890cbb22392336fea1851f38
+Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d
+Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b
+
+Cipher = chacha20-poly1305
+Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0
+IV = 000000000102030405060708
+AAD = f33388860000000000004e91
+Tag = eead9d67890cbb22392336fea1851f39
+Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d
+Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+# TLS1 PRF tests, from NIST test vectors
+
+KDF=TLS1-PRF
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
+Ctrl.label = seed:master secret
+Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
+Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
+Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
+
+KDF=TLS1-PRF
+Ctrl.md = md:MD5-SHA1
+Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
+Ctrl.label = seed:key expansion
+Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
+Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
+Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
+
+KDF=TLS1-PRF
+Ctrl.md = md:SHA256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+
+KDF=TLS1-PRF
+Ctrl.md = md:SHA256
+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+Ctrl.label = seed:key expansion
+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
+Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
+
+# Missing digest.
+KDF=TLS1-PRF
+Ctrl.Secret = hexsecret:01
+Ctrl.Seed = hexseed:02
+Output = 03
+Result = KDF_DERIVE_ERROR
+
+# Missing secret.
+KDF=TLS1-PRF
+Ctrl.md = md:MD5-SHA1
+Ctrl.Seed = hexseed:02
+Output = 03
+Result = KDF_DERIVE_ERROR
+
+# HKDF tests, from RFC5869 test vectors
+
+KDF = HKDF
+Ctrl.md = md:SHA256
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
+
+KDF = HKDF
+Ctrl.md = md:SHA256
+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
+
+KDF = HKDF
+Ctrl.md = md:SHA256
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = salt:
+Ctrl.info = info:
+Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = salt:
+Ctrl.info = info:
+Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
+Ctrl.salt = salt:
+Ctrl.info = info:
+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
+
+KDF = HKDF
+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
+Ctrl.salt = salt:
+Ctrl.info = info:
+Output = 00
+Result = KDF_DERIVE_ERROR
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.salt = salt:
+Ctrl.info = info:
+Output = 00
+Result = KDF_DERIVE_ERROR
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
+Ctrl.info = info:
+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
+
+KDF = HKDF
+Ctrl.md = md:SHA1
+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
+Ctrl.salt = salt:
+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
+
+# ECDH tests
+
+Derive=P-256
+PeerKey=P-256-Peer-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
+
+Derive=P-256-Peer
+PeerKey=P-256-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
+
+# X25519 test vectors from RFC7748 6.1
+PrivateKey=Alice-25519
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
+-----END PRIVATE KEY-----
+PublicKey=Alice-25519-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VuAyEAhSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = Alice-25519:Alice-25519-PUBLIC
+
+PrivateKey=Bob-25519
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIF2rCH5iSopLeeF/i4OADuZvO7EpJhi2/Rwviyf/iODr
+-----END PRIVATE KEY-----
+PublicKey=Bob-25519-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC
+
+Derive=Alice-25519
+PeerKey=Bob-25519-PUBLIC
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
+
+Derive=Bob-25519
+PeerKey=Alice-25519-PUBLIC
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
+
+# Illegal sign/verify operations with X25519 key
+
+Sign=Alice-25519
+Result = KEYOP_INIT_ERROR
+Function = EVP_PKEY_sign_init
+Reason = operation not supported for this keytype
+
+Verify=Alice-25519
+Result = KEYOP_INIT_ERROR
+Function = EVP_PKEY_verify_init
+Reason = operation not supported for this keytype
+
+## ECDH Tests: test with randomly generated keys for all the listed curves
+
+
+# TEST CURVE secp112r1
+
+PrivateKey=ALICE_secp112r1
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEAAYENzA1AgEBBA6sqKp39AWLClus2ha5rqEg
+Ax4ABJ4NTgOR1xQAr3M6eM46WqXW2zA6FnsUMKFFwcw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp112r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEng1OA5HXFACvczp4zjpapdbbMDoWexQw
+oUXBzA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp112r1:ALICE_secp112r1_PUB
+
+
+PrivateKey=BOB_secp112r1
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEAAYENzA1AgEBBA5pIbX+hEq49mFPjUl4/6Eg
+Ax4ABBsPNZHm1pcdw104ibwIycCe+r5voeRfQUZRZ3c=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp112r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEGw81kebWlx3DXTiJvAjJwJ76vm+h5F9B
+RlFndw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp112r1:BOB_secp112r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp112r1
+PeerKey=BOB_secp112r1_PUB
+SharedSecret=a6cefb5aa7a352afe818749eb401
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp112r1
+PeerKey=ALICE_secp112r1_PUB
+SharedSecret=a6cefb5aa7a352afe818749eb401
+
+# TEST CURVE secp112r2
+
+PrivateKey=ALICE_secp112r2
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEAAcENzA1AgEBBA4gzzblKfE6ZwoUW0FQmaEg
+Ax4ABJJ4L7Vo50NZ5VGZ4nNkxFNcjJQwDIQb1/9IkLE=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp112r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEkngvtWjnQ1nlUZnic2TEU1yMlDAMhBvX
+/0iQsQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp112r2:ALICE_secp112r2_PUB
+
+
+PrivateKey=BOB_secp112r2
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEAAcENzA1AgEBBA4D9oGGj+O8vjZz3OZNaqEg
+Ax4ABNZOv5gUzvVbgAHpTgu3hUhTQtB8LamTEIfaRWE=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp112r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAE1k6/mBTO9VuAAelOC7eFSFNC0HwtqZMQ
+h9pFYQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp112r2:BOB_secp112r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp112r2
+PeerKey=BOB_secp112r2_PUB
+SharedSecret=6bed2c55e233e9214d5898c4c12a
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp112r2
+PeerKey=ALICE_secp112r2_PUB
+SharedSecret=6bed2c55e233e9214d5898c4c12a
+
+# TEST CURVE secp128r1
+
+PrivateKey=ALICE_secp128r1
+-----BEGIN PRIVATE KEY-----
+MFQCAQAwEAYHKoZIzj0CAQYFK4EEABwEPTA7AgEBBBCP1c+lxfRT+MZWZ8uGCYYl
+oSQDIgAEH2n0icp87inv7kUYrEFjpZuHJ4DqArhHS+Zfp2XXO1A=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp128r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEH2n0icp87inv7kUYrEFjpZuHJ4DqArhH
+S+Zfp2XXO1A=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp128r1:ALICE_secp128r1_PUB
+
+
+PrivateKey=BOB_secp128r1
+-----BEGIN PRIVATE KEY-----
+MFQCAQAwEAYHKoZIzj0CAQYFK4EEABwEPTA7AgEBBBCGbEd3Hhwr76XbQekhIrDT
+oSQDIgAENKjS0HNx/gEKYQNNab9v8zlW/D4zSjv3Ny3Ep0GVYms=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp128r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAENKjS0HNx/gEKYQNNab9v8zlW/D4zSjv3
+Ny3Ep0GVYms=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp128r1:BOB_secp128r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp128r1
+PeerKey=BOB_secp128r1_PUB
+SharedSecret=91ded46ac404afdbd708fdcc1cac6842
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp128r1
+PeerKey=ALICE_secp128r1_PUB
+SharedSecret=91ded46ac404afdbd708fdcc1cac6842
+
+# TEST CURVE secp128r2
+
+PrivateKey=ALICE_secp128r2
+-----BEGIN PRIVATE KEY-----
+MFQCAQAwEAYHKoZIzj0CAQYFK4EEAB0EPTA7AgEBBBAgRKSjPsZ76LDGIA2it5SC
+oSQDIgAEBVdjcUpR+b6LRPm6R8fAD/6kBxV0Kl3939Wn0+nUpf8=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp128r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEBVdjcUpR+b6LRPm6R8fAD/6kBxV0Kl39
+39Wn0+nUpf8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp128r2:ALICE_secp128r2_PUB
+
+
+PrivateKey=BOB_secp128r2
+-----BEGIN PRIVATE KEY-----
+MFQCAQAwEAYHKoZIzj0CAQYFK4EEAB0EPTA7AgEBBBACp00jw5D7obvDmJp7wDuA
+oSQDIgAEBO3BbVrc5SvhvN+fmWShu2tWIFQap5ys5RHMCLLl098=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp128r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEBO3BbVrc5SvhvN+fmWShu2tWIFQap5ys
+5RHMCLLl098=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp128r2:BOB_secp128r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp128r2
+PeerKey=BOB_secp128r2_PUB
+SharedSecret=dc32faa978008a694672076b756a1e4b
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp128r2
+PeerKey=ALICE_secp128r2_PUB
+SharedSecret=dc32faa978008a694672076b756a1e4b
+
+# TEST CURVE secp160k1
+
+PrivateKey=ALICE_secp160k1
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAAkESjBIAgEBBBUAudN3YOXN0uu0CL2TGZdP
+YeNU/72hLAMqAAR3Du0dK28tSyWxYSz/Es2Wqr4C+bNfJ1uiK4J3BFS5Udc48nsx
+xfjj
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp160k1_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEdw7tHStvLUslsWEs/xLNlqq+AvmzXydb
+oiuCdwRUuVHXOPJ7McX44w==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp160k1:ALICE_secp160k1_PUB
+
+
+PrivateKey=BOB_secp160k1
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAAkESjBIAgEBBBUA5fNiCFVGPM1aHuwXUvuh
+xoY2yU+hLAMqAAQHlM6otmapt0/0sc+5bcPoYT6cfyARv4VUOOo6I2eBGXLIm812
+1ric
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp160k1_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEB5TOqLZmqbdP9LHPuW3D6GE+nH8gEb+F
+VDjqOiNngRlyyJvNdta4nA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp160k1:BOB_secp160k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp160k1
+PeerKey=BOB_secp160k1_PUB
+SharedSecret=5457d367346cc3e82031784f95ebcd856de0c735
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp160k1
+PeerKey=ALICE_secp160k1_PUB
+SharedSecret=5457d367346cc3e82031784f95ebcd856de0c735
+
+# TEST CURVE secp160r1
+
+PrivateKey=ALICE_secp160r1
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAAgESjBIAgEBBBUA0KDtaiFUWd8NG0lO9TLu
+zjLWXJehLAMqAASHQN1DGBXtdyF3+BjfIfbWg403dUqXbIXzZoctDyOPTQaGVblm
+SwXC
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp160r1_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEh0DdQxgV7Xchd/gY3yH21oONN3VKl2yF
+82aHLQ8jj00GhlW5ZksFwg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp160r1:ALICE_secp160r1_PUB
+
+
+PrivateKey=BOB_secp160r1
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAAgESjBIAgEBBBUAsBIwvx6ZABinhsi+bGai
+CvetiuWhLAMqAAQJ2+RhpGedkUYXUiPZ/plHXFBy6R3XzMUGIKiXFGSBpwF8hGRN
+qUDy
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp160r1_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAECdvkYaRnnZFGF1Ij2f6ZR1xQcukd18zF
+BiColxRkgacBfIRkTalA8g==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp160r1:BOB_secp160r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp160r1
+PeerKey=BOB_secp160r1_PUB
+SharedSecret=87856536b6a295ea94d3e483d69c6212d5c7afcf
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp160r1
+PeerKey=ALICE_secp160r1_PUB
+SharedSecret=87856536b6a295ea94d3e483d69c6212d5c7afcf
+
+# TEST CURVE secp160r2
+
+PrivateKey=ALICE_secp160r2
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAB4ESjBIAgEBBBUAhmLOAJGNuSoZUCN4f0On
+LZ6rRSShLAMqAAQPSNvhJQohMEfijXq+Jlq7a9lzosQfPvuIyOg6shyzUVS43R+7
+Lgr5
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp160r2_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAED0jb4SUKITBH4o16viZau2vZc6LEHz77
+iMjoOrIcs1FUuN0fuy4K+Q==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp160r2:ALICE_secp160r2_PUB
+
+
+PrivateKey=BOB_secp160r2
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFK4EEAB4ESjBIAgEBBBUA10mjzR2Dy0CLmm/MTAHT
+b5CBenOhLAMqAARqzYAcSijzAo2vzmMuK8ta8sl/bguuCpRwFD93ACP64TzgI3re
+FhsX
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp160r2_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEas2AHEoo8wKNr85jLivLWvLJf24LrgqU
+cBQ/dwAj+uE84CN63hYbFw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp160r2:BOB_secp160r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp160r2
+PeerKey=BOB_secp160r2_PUB
+SharedSecret=5481e282c47cbd37c84873847c4fc2f31fc15a1a
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp160r2
+PeerKey=ALICE_secp160r2_PUB
+SharedSecret=5481e282c47cbd37c84873847c4fc2f31fc15a1a
+
+# TEST CURVE secp192k1
+
+PrivateKey=ALICE_secp192k1
+-----BEGIN PRIVATE KEY-----
+MGwCAQAwEAYHKoZIzj0CAQYFK4EEAB8EVTBTAgEBBBizF3KeHMsaV/KOR/otCmdL
+QT2qGNq3HhWhNAMyAATP+L9SGl3K6wmevkLwJnkMNHp0I5RfXulSfHuHZPp4CGrh
+i6eKNQLkpZ2OQaPIExA=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp192k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEz/i/UhpdyusJnr5C8CZ5DDR6dCOUX17p
+Unx7h2T6eAhq4YunijUC5KWdjkGjyBMQ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp192k1:ALICE_secp192k1_PUB
+
+
+PrivateKey=BOB_secp192k1
+-----BEGIN PRIVATE KEY-----
+MGwCAQAwEAYHKoZIzj0CAQYFK4EEAB8EVTBTAgEBBBh8BXPVGQKYCw0v7DY3wZVa
+cyhyUjIbUymhNAMyAATgI7hw2LSj6uN3yL5nvHOOkMiPtalKr+BGsFac39RYmp64
+mr+w66bDIWN3VllO6LY=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp192k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE4CO4cNi0o+rjd8i+Z7xzjpDIj7WpSq/g
+RrBWnN/UWJqeuJq/sOumwyFjd1ZZTui2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp192k1:BOB_secp192k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp192k1
+PeerKey=BOB_secp192k1_PUB
+SharedSecret=6a4daca0412284172e8fcaafa0d9df76257d899752bf0f23
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp192k1
+PeerKey=ALICE_secp192k1_PUB
+SharedSecret=6a4daca0412284172e8fcaafa0d9df76257d899752bf0f23
+
+# TEST CURVE secp224k1
+
+PrivateKey=ALICE_secp224k1
+-----BEGIN PRIVATE KEY-----
+MHkCAQAwEAYHKoZIzj0CAQYFK4EEACAEYjBgAgEBBB0AhXKGJFqOI4P1PLFR3M6M
+kepT/2Dtd27I1Awzx6E8AzoABPVN/1b6VHbq7U6pWaOrUeqJ5vSgWL49u/uuD48D
+4FRf7oFdixN9VWIrxr0PRByeEYmlHw4MOEQK
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp224k1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE9U3/VvpUdurtTqlZo6tR6onm9KBYvj27
++64PjwPgVF/ugV2LE31VYivGvQ9EHJ4RiaUfDgw4RAo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp224k1:ALICE_secp224k1_PUB
+
+
+PrivateKey=BOB_secp224k1
+-----BEGIN PRIVATE KEY-----
+MHkCAQAwEAYHKoZIzj0CAQYFK4EEACAEYjBgAgEBBB0AOjEXYoz8YcWokSf4U5gX
+HbjDfILPdPejlE0T/KE8AzoABGXAQ+AntX7On4cKwP+f4KzZGaJZwjBq3jCjymsr
+9A3c8VCoRXXBg+VPoKg7fDkMIgI8qPmrC95Q
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp224k1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEZcBD4Ce1fs6fhwrA/5/grNkZolnCMGre
+MKPKayv0DdzxUKhFdcGD5U+gqDt8OQwiAjyo+asL3lA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp224k1:BOB_secp224k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp224k1
+PeerKey=BOB_secp224k1_PUB
+SharedSecret=80b65e65fe29c779213dd31189d371ff57b0b2bf08c6458ed142399a
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp224k1
+PeerKey=ALICE_secp224k1_PUB
+SharedSecret=80b65e65fe29c779213dd31189d371ff57b0b2bf08c6458ed142399a
+
+# TEST CURVE secp224r1
+
+PrivateKey=ALICE_secp224r1
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxLKkXFJXYqGUlTsmgjlesi
+kwqejrekrkSTbehyoTwDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D2HtdCa4h
+fbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D
+2HtdCa4hfbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp224r1:ALICE_secp224r1_PUB
+
+
+PrivateKey=BOB_secp224r1
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzOHGGUR3fZYg3GSaUN6pxo
+NQtAlOzM3UclEhMzoTwDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMFUM6VV9DB
+4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMF
+UM6VV9DB4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp224r1:BOB_secp224r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp224r1
+PeerKey=BOB_secp224r1_PUB
+SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp224r1
+PeerKey=ALICE_secp224r1_PUB
+SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
+
+# TEST CURVE secp256k1
+
+PrivateKey=ALICE_secp256k1
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgHCRzy0IcEx6CeA6ogNNK
+SOfuTlHy4fE/LNxkANUS4k+hRANCAASDBmwKklX4OcbZSJJX9mxm1Wr7TPTLpbyp
+xKcKRm0XKNxVlrZU8WQCl66GtX2DDyX+0+XiC3hbaRWcYtg7P6WO
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp256k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEgwZsCpJV+DnG2UiSV/ZsZtVq+0z0y6W8
+qcSnCkZtFyjcVZa2VPFkApeuhrV9gw8l/tPl4gt4W2kVnGLYOz+ljg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp256k1:ALICE_secp256k1_PUB
+
+
+PrivateKey=BOB_secp256k1
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgChCkFvWtOcrXLmXVGqkR
+0gdntyytjGzEKue5t+IL2lihRANCAAQFQoIckey+Vyh3QwJWUUfKXNbbjWe94yZE
+AWGvI2BfqtWqigZF5VSb5aIXtTPRmwiN0cp30cd77YE5Z+e5bJHU
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp256k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEBUKCHJHsvlcod0MCVlFHylzW241nveMm
+RAFhryNgX6rVqooGReVUm+WiF7Uz0ZsIjdHKd9HHe+2BOWfnuWyR1A==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp256k1:BOB_secp256k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp256k1
+PeerKey=BOB_secp256k1_PUB
+SharedSecret=af43b52790082fd87afb1d14b883c12d12bb9e554080d1f8e527920676e31f3e
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp256k1
+PeerKey=ALICE_secp256k1_PUB
+SharedSecret=af43b52790082fd87afb1d14b883c12d12bb9e554080d1f8e527920676e31f3e
+
+# TEST CURVE secp384r1
+
+PrivateKey=ALICE_secp384r1
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxE7Q4m1dsK7M3Otxo
+cgY/ejX9JOKKdAtSnRiU4bnK3eFmALkMN7XIveQnWLB1PEKhZANiAAQaUsvUFr/u
+ISpAmYqYZIme4VassCtb0tNGU97s3qt4ozcogZ4z+fIzXZ4YXqfGoEa57+uQDgqr
++jNOTji7Gxopt6AqZ9EvwuVaCuunUi0pcx6cc8IuUfrwMwSFovV/7sM=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGlLL1Ba/7iEqQJmKmGSJnuFWrLArW9LT
+RlPe7N6reKM3KIGeM/nyM12eGF6nxqBGue/rkA4Kq/ozTk44uxsaKbegKmfRL8Ll
+Wgrrp1ItKXMenHPCLlH68DMEhaL1f+7D
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp384r1:ALICE_secp384r1_PUB
+
+
+PrivateKey=BOB_secp384r1
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBRiGXRsb5sUq0b3/dg
+Z+pA9kbrSivBMCUCXVwxno1d/30hI/Yy0Z5PWwbBgwTFprWhZANiAASp1FeUOBJF
+mzQCNbGiOz8He0kF+KIf24UGYVO5MC7u5rV9hpoYsbcgmwxALskPN18os2ygK1Pn
+f/h+WALIsG2RknSTbiyvBYkoIhJV9cflvEDpMeaWSLF7qJ5YjEIf9PM=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqdRXlDgSRZs0AjWxojs/B3tJBfiiH9uF
+BmFTuTAu7ua1fYaaGLG3IJsMQC7JDzdfKLNsoCtT53/4flgCyLBtkZJ0k24srwWJ
+KCISVfXH5bxA6THmlkixe6ieWIxCH/Tz
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp384r1:BOB_secp384r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp384r1
+PeerKey=BOB_secp384r1_PUB
+SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp384r1
+PeerKey=ALICE_secp384r1_PUB
+SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
+
+# TEST CURVE secp521r1
+
+PrivateKey=ALICE_secp521r1
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAFBIz3FLAuX8VCWzM
+wu1f/tm8pf1QqnsdLqaIWCQAJa2W5ldpJTYfkj1gGxM44AD3qHnkXISvNLwwuxI1
+hr2+pOGhgYkDgYYABACWlOOFYk/p3AS2LxEQWBuMm6uIjo3XArjh1QrsLcUc5hhi
+82CIz6kKwKjCnYRDHq4iv1x63rVEzGGhQOM1g+cRVwHSpfbBpaxK7bMLkVFOOavv
+OdcdyRHaHsvxw2pREmdS/GwtfgT8odQrG06KMIwVeL+H08fGJSbPX0Zock0DOPCp
+aw==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlpTjhWJP6dwEti8REFgbjJuriI6N
+1wK44dUK7C3FHOYYYvNgiM+pCsCowp2EQx6uIr9cet61RMxhoUDjNYPnEVcB0qX2
+waWsSu2zC5FRTjmr7znXHckR2h7L8cNqURJnUvxsLX4E/KHUKxtOijCMFXi/h9PH
+xiUmz19GaHJNAzjwqWs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp521r1:ALICE_secp521r1_PUB
+
+
+PrivateKey=BOB_secp521r1
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9C/sMWveRlHPr9P5
+cc3U+1L2/zB0VtHewKSQRWZ67SmS4+m7uXTqUVSLRHiQEgQid0cg77gSxXPlmV+z
+y0f3zd+hgYkDgYYABAE18N3SwDGtea3IOqUdh3j0JtnMeP41i/agEBlxK8/iEBXc
+Q61mkIrQIKcabRhoylEugXHiyNnqNQOD4DUa0bTKzAHtJ4UqqbEVno6byRmcUQwb
+mvG89eS8GLEmk5X/O2atHU4yIGTuTRQWn/BTJUCS+OgJz4FZdadscc5Z640EZqSD
+iw==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBNfDd0sAxrXmtyDqlHYd49CbZzHj+
+NYv2oBAZcSvP4hAV3EOtZpCK0CCnGm0YaMpRLoFx4sjZ6jUDg+A1GtG0yswB7SeF
+KqmxFZ6Om8kZnFEMG5rxvPXkvBixJpOV/ztmrR1OMiBk7k0UFp/wUyVAkvjoCc+B
+WXWnbHHOWeuNBGakg4s=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp521r1:BOB_secp521r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_secp521r1
+PeerKey=BOB_secp521r1_PUB
+SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
+
+# ECDH Bob with Alice peer
+Derive=BOB_secp521r1
+PeerKey=ALICE_secp521r1_PUB
+SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
+
+# TEST CURVE prime192v1
+
+PrivateKey=ALICE_prime192v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfXvSFNqD2UzFVN1L
+bQrPlzop7dxQq/ehNAMyAATibpGuYzCjkT1tWLYEogpKz74WqhvbQtZPkCYQCin1
+cmZuNW+BZ0jyVEpGlpnZPMg=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4m6RrmMwo5E9bVi2BKIKSs++Fqob
+20LWT5AmEAop9XJmbjVvgWdI8lRKRpaZ2TzI
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime192v1:ALICE_prime192v1_PUB
+
+
+PrivateKey=BOB_prime192v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhewaqXNZlYyqnmuEEE
+Y/oUXe3/jpzhmyGhNAMyAASkpwNJEP/1FuuWKCDDUm26iyqrs+zKwayZnaF77YC6
+qCtgia7yNcSl9tlWHh3gQgw=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEpKcDSRD/9Rbrliggw1Jtuosqq7Ps
+ysGsmZ2he+2AuqgrYImu8jXEpfbZVh4d4EIM
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime192v1:BOB_prime192v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime192v1
+PeerKey=BOB_prime192v1_PUB
+SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime192v1
+PeerKey=ALICE_prime192v1_PUB
+SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
+
+# TEST CURVE prime192v2
+
+PrivateKey=ALICE_prime192v2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEVTBTAgEBBBgtIuKqpRc7rEYuGx1a
+dDxcvso0NAZw+fWhNAMyAATMSHwJPq761VawpRbKLB3uuDSng4WeFPjhvubL6g8V
+8UqFaKRED5PUIQ0lYStVCao=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime192v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEzEh8CT6u+tVWsKUWyiwd7rg0p4OF
+nhT44b7my+oPFfFKhWikRA+T1CENJWErVQmq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime192v2:ALICE_prime192v2_PUB
+
+
+PrivateKey=BOB_prime192v2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEVTBTAgEBBBggTjqWC1/iHrvKR9/u
+1gxpL2tWJkkAMYuhNAMyAASa4nG+wLPTHxfkqiTII5PBLAKXmXUf5dMtpmApcjrj
+XjnwJIJEQr80MK9+g1raqN8=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime192v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEmuJxvsCz0x8X5KokyCOTwSwCl5l1
+H+XTLaZgKXI641458CSCREK/NDCvfoNa2qjf
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime192v2:BOB_prime192v2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime192v2
+PeerKey=BOB_prime192v2_PUB
+SharedSecret=9b37033a48af7fe1825c062625f8b57d4b3ac48c12bec69c
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime192v2
+PeerKey=ALICE_prime192v2_PUB
+SharedSecret=9b37033a48af7fe1825c062625f8b57d4b3ac48c12bec69c
+
+# TEST CURVE prime192v3
+
+PrivateKey=ALICE_prime192v3
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEVTBTAgEBBBg0iDdcgise1/v2k6js
+UkgKwXPqx/uJJTehNAMyAAQ6/i0pSNHk824XO6Mv0irQfSv2yzGQy+DwWo/klZco
+kPDcXKEdU8ZmnAABH7j6UV8=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime192v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEOv4tKUjR5PNuFzujL9Iq0H0r9ssx
+kMvg8FqP5JWXKJDw3FyhHVPGZpwAAR+4+lFf
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime192v3:ALICE_prime192v3_PUB
+
+
+PrivateKey=BOB_prime192v3
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEVTBTAgEBBBieW1huqwVU3ev7qgpT
+LFjYEMRPONOAcaKhNAMyAASXaTjBIQX686BZJAidX+hFuvDyxbN1vBQvp40OVl0L
+CG4hoZ+5McLtPATL+osKvX8=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime192v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEl2k4wSEF+vOgWSQInV/oRbrw8sWz
+dbwUL6eNDlZdCwhuIaGfuTHC7TwEy/qLCr1/
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime192v3:BOB_prime192v3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime192v3
+PeerKey=BOB_prime192v3_PUB
+SharedSecret=7133f1d99b0e03ed9c4d78d3be40598cf419cd588283ac29
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime192v3
+PeerKey=ALICE_prime192v3_PUB
+SharedSecret=7133f1d99b0e03ed9c4d78d3be40598cf419cd588283ac29
+
+# TEST CURVE prime239v1
+
+PrivateKey=ALICE_prime239v1
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEEBGcwZQIBAQQeRmiZXaqr3u11hiGK
+1cH75U/rKc1+8YMqxcXhACRkoUADPgAEfIJpVggCXUROHgX4h5h66/0Pgr/aMtMq
+ExHQP7zxWYzf3cYAP4V/t9OCT582WjMLnCmdlFnYUPD50dyU
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime239v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEfIJpVggCXUROHgX4h5h66/0Pgr/a
+MtMqExHQP7zxWYzf3cYAP4V/t9OCT582WjMLnCmdlFnYUPD50dyU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime239v1:ALICE_prime239v1_PUB
+
+
+PrivateKey=BOB_prime239v1
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEEBGcwZQIBAQQeAbGRRoBgqHVUBFot
+5m9Ytm8RU+ISkA33VgQrHGM/oUADPgAEdRgPsL/Mi3ucJcYibvFJQxDDyLqgUH3i
+Mk266RAHFqoioiGT72TOidBhi+VrUn6NOIyna8foww2M45vR
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime239v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEdRgPsL/Mi3ucJcYibvFJQxDDyLqg
+UH3iMk266RAHFqoioiGT72TOidBhi+VrUn6NOIyna8foww2M45vR
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime239v1:BOB_prime239v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime239v1
+PeerKey=BOB_prime239v1_PUB
+SharedSecret=2ef92070f7a5fa14c8a67a8aa3080b4c4a597eafaa81d3f698599ac0be1e
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime239v1
+PeerKey=ALICE_prime239v1_PUB
+SharedSecret=2ef92070f7a5fa14c8a67a8aa3080b4c4a597eafaa81d3f698599ac0be1e
+
+# TEST CURVE prime239v2
+
+PrivateKey=ALICE_prime239v2
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEFBGcwZQIBAQQeemq6S5puHF94ZW/W
+6BMRim+HFFM0zxVZQpWG+bf2oUADPgAELukUodCQsmwzGVR3lLEGKQ6quGd6kDXN
+DjjcMrDabBtWKDuuUrgjBGsI7NRbCQ0a5NWTo+EnWe0LXbYN
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime239v2_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELukUodCQsmwzGVR3lLEGKQ6quGd6
+kDXNDjjcMrDabBtWKDuuUrgjBGsI7NRbCQ0a5NWTo+EnWe0LXbYN
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime239v2:ALICE_prime239v2_PUB
+
+
+PrivateKey=BOB_prime239v2
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEFBGcwZQIBAQQeAEaCw7ulF8GZcmbj
+aDmcrw8Gex+hX0rNvwzoC7+6oUADPgAEKh0EmYUpj6XbuEGxMBaPmECT8L++ihUW
+ms4xau0RUYij4HgS1gjSMDfyvvCBUy10RIkw+goxVdUhfW2u
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime239v2_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEKh0EmYUpj6XbuEGxMBaPmECT8L++
+ihUWms4xau0RUYij4HgS1gjSMDfyvvCBUy10RIkw+goxVdUhfW2u
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime239v2:BOB_prime239v2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime239v2
+PeerKey=BOB_prime239v2_PUB
+SharedSecret=5bdab282dc371ee88ade318a6aad2b329ec3ea957e0df18b7a691c1bf703
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime239v2
+PeerKey=ALICE_prime239v2_PUB
+SharedSecret=5bdab282dc371ee88ade318a6aad2b329ec3ea957e0df18b7a691c1bf703
+
+# TEST CURVE prime239v3
+
+PrivateKey=ALICE_prime239v3
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEGBGcwZQIBAQQeGlwSPAYfmiP9r2nA
+SD52VqKyZpEnU+Jmynlf2DI7oUADPgAEFlIB4Yl+5J2u4JLYv8z+itwf+XnOL/BD
+qNK3uRoYPKHYdYWJkgXxkQ1QDZwNppAQRcxSgTKnJ6V8crbp
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime239v3_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEFlIB4Yl+5J2u4JLYv8z+itwf+XnO
+L/BDqNK3uRoYPKHYdYWJkgXxkQ1QDZwNppAQRcxSgTKnJ6V8crbp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime239v3:ALICE_prime239v3_PUB
+
+
+PrivateKey=BOB_prime239v3
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwEGBGcwZQIBAQQeU1KIfJBGvItr8//g
+kW1zoPkveo9lvXBlnUV5/5rDoUADPgAEepc03AEEgOnI+ivpjGV4ypvn8sRQaVAb
+3QAeIEYDQLUBFOdb3kF2MvlnLKV3OCdB3GQgNfZtEHbdn0bq
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime239v3_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEepc03AEEgOnI+ivpjGV4ypvn8sRQ
+aVAb3QAeIEYDQLUBFOdb3kF2MvlnLKV3OCdB3GQgNfZtEHbdn0bq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime239v3:BOB_prime239v3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime239v3
+PeerKey=BOB_prime239v3_PUB
+SharedSecret=78e80ae760061178bd005e9e3634333971468bc6d3f82baee238c5ed32f9
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime239v3
+PeerKey=ALICE_prime239v3_PUB
+SharedSecret=78e80ae760061178bd005e9e3634333971468bc6d3f82baee238c5ed32f9
+
+# TEST CURVE prime256v1
+
+PrivateKey=ALICE_prime256v1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglUPDk8gQ8lMj38V7
+0jPBZDfQUx5pNOVSKOMTqlh04POhRANCAARq87w+K0q9b1mzJGh309kjNvYTS02m
+YkHKxAewiZwmt/5w+5uywz/+0130SdAWbXtECjaHUK94YEHzp0G/PCl5
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEavO8PitKvW9ZsyRod9PZIzb2E0tN
+pmJBysQHsImcJrf+cPubssM//tNd9EnQFm17RAo2h1CveGBB86dBvzwpeQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime256v1:ALICE_prime256v1_PUB
+
+
+PrivateKey=BOB_prime256v1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNsLfn/sRZfm9ZcM7
+xURiUHT7+w8Jgk9SbwTVDjpLYYmhRANCAASRmyKNgUbADGxkIOAVh9T7IXv2ZDT6
+I5YMW6wOs27VMOAD0AiNLrv7sW1TdqxkUtF17/GFpLvFOuZcbdX4p3i/
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZsijYFGwAxsZCDgFYfU+yF79mQ0
++iOWDFusDrNu1TDgA9AIjS67+7FtU3asZFLRde/xhaS7xTrmXG3V+Kd4vw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime256v1:BOB_prime256v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_prime256v1
+PeerKey=BOB_prime256v1_PUB
+SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
+
+# ECDH Bob with Alice peer
+Derive=BOB_prime256v1
+PeerKey=ALICE_prime256v1_PUB
+SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
+
+# TEST CURVE sect113r1
+
+PrivateKey=ALICE_sect113r1
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEAAQEOjA4AgEBBA8AcrP9u8BlWb4knkGVZmSh
+IgMgAAQBviTf62+1V4etJb2D9LkBadAFmdmRS+rVI3spTYs=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect113r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAb4k3+tvtVeHrSW9g/S5AWnQBZnZkUvq
+1SN7KU2L
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect113r1:ALICE_sect113r1_PUB
+
+
+PrivateKey=BOB_sect113r1
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEAAQEOjA4AgEBBA8AmhEq3A9KdbKQUz1F/Myh
+IgMgAAQAuSRBNxXjIjezwrGF8VkBxWR69g0UJaBIIArpdNo=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect113r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEALkkQTcV4yI3s8KxhfFZAcVkevYNFCWg
+SCAK6XTa
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect113r1:BOB_sect113r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect113r1
+PeerKey=BOB_sect113r1_PUB
+SharedSecret=015405437add26b8841c62a9016c85
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect113r1
+PeerKey=ALICE_sect113r1_PUB
+SharedSecret=015405437add26b8841c62a9016c85
+
+# TEST CURVE sect113r2
+
+PrivateKey=ALICE_sect113r2
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEAAUEOjA4AgEBBA8ABqFZ6Z7BKKjvrzXh99Wh
+IgMgAAQBTQTHA9uSxcZ8kvsSVUUBcLQ4m45U10VwVCQ+oGQ=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect113r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAU0ExwPbksXGfJL7ElVFAXC0OJuOVNdF
+cFQkPqBk
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect113r2:ALICE_sect113r2_PUB
+
+
+PrivateKey=BOB_sect113r2
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEAAUEOjA4AgEBBA8ABPHhZ0kCp0TocQJIuiuh
+IgMgAAQBSi7u+Ur776iGyg0Ij6UAN70IzPVZxGK5zPxp6wo=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect113r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUou7vlK+++ohsoNCI+lADe9CMz1WcRi
+ucz8aesK
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect113r2:BOB_sect113r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect113r2
+PeerKey=BOB_sect113r2_PUB
+SharedSecret=014231c5e9e28d451aa44a755407e1
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect113r2
+PeerKey=ALICE_sect113r2_PUB
+SharedSecret=014231c5e9e28d451aa44a755407e1
+
+# TEST CURVE sect131r1
+
+PrivateKey=ALICE_sect131r1
+-----BEGIN PRIVATE KEY-----
+MFcCAQAwEAYHKoZIzj0CAQYFK4EEABYEQDA+AgEBBBEAUCFDwJLLThLHiDlw/Qcn
+8aEmAyQABAAU+ywF9iPv6LDldKOLhLgXBRI7EpZnbXPXhUmkQWPhHAQ=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect131r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEABT7LAX2I+/osOV0o4uEuBcFEjsSlmdt
+c9eFSaRBY+EcBA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect131r1:ALICE_sect131r1_PUB
+
+
+PrivateKey=BOB_sect131r1
+-----BEGIN PRIVATE KEY-----
+MFcCAQAwEAYHKoZIzj0CAQYFK4EEABYEQDA+AgEBBBEDxxMzxjxJmYfSZvWJKq+V
+vKEmAyQABAFHQ2a+h+Yn5N4Lt0IoJcVVBrf9xkZNS0xxblh+0wndq9s=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect131r1_PUB
+-----BEGIN PUBLIC KEY-----
+MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAUdDZr6H5ifk3gu3QiglxVUGt/3GRk1L
+THFuWH7TCd2r2w==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect131r1:BOB_sect131r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect131r1
+PeerKey=BOB_sect131r1_PUB
+SharedSecret=009e4acc8c1ba3a129a9ad83a733d7d702
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect131r1
+PeerKey=ALICE_sect131r1_PUB
+SharedSecret=009e4acc8c1ba3a129a9ad83a733d7d702
+
+# TEST CURVE sect131r2
+
+PrivateKey=ALICE_sect131r2
+-----BEGIN PRIVATE KEY-----
+MFcCAQAwEAYHKoZIzj0CAQYFK4EEABcEQDA+AgEBBBEDHPPtQCKJB8g01rMkT8Sk
+9aEmAyQABAcWl2Z/1kIc4mWCbRH4+c/2B47RC31JyifKvkxkHt05x3g=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect131r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEBxaXZn/WQhziZYJtEfj5z/YHjtELfUnK
+J8q+TGQe3TnHeA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect131r2:ALICE_sect131r2_PUB
+
+
+PrivateKey=BOB_sect131r2
+-----BEGIN PRIVATE KEY-----
+MFcCAQAwEAYHKoZIzj0CAQYFK4EEABcEQDA+AgEBBBEDR9ez/YtS29S7/R5+rUiX
+VKEmAyQABALZHNBITDoigpOwTzczlaN9AsRk5JzMUJXYkvBEqj+YILQ=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect131r2_PUB
+-----BEGIN PUBLIC KEY-----
+MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAtkc0EhMOiKCk7BPNzOVo30CxGTknMxQ
+ldiS8ESqP5ggtA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect131r2:BOB_sect131r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect131r2
+PeerKey=BOB_sect131r2_PUB
+SharedSecret=03cbec3a3050c7f13d4801ad692d61c417
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect131r2
+PeerKey=ALICE_sect131r2_PUB
+SharedSecret=03cbec3a3050c7f13d4801ad692d61c417
+
+# TEST CURVE sect163k1
+
+PrivateKey=ALICE_sect163k1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBxkeGOXE86PAijpk8trN/
+f3kl4UmhLgMsAAQD1hrDCJ2MSFKZ6Q11cTllX/l5HY0Hg5XZCxMFC84AaczwPtNJ
+YNCxfCk=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9YawwidjEhSmekNdXE5ZV/5eR2NB4OV
+2QsTBQvOAGnM8D7TSWDQsXwp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163k1:ALICE_sect163k1_PUB
+
+
+PrivateKey=BOB_sect163k1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCUJ5kItSfXidHXsgokcS7
+nzPFbOShLgMsAAQGrYNJ1qgdb3A9ISOmTujfS+WYFKwBXXrJEluAkeNh3jXnDq8X
++XBB0k8=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBq2DSdaoHW9wPSEjpk7o30vlmBSsAV16
+yRJbgJHjYd415w6vF/lwQdJP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163k1:BOB_sect163k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect163k1
+PeerKey=BOB_sect163k1_PUB
+SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect163k1
+PeerKey=ALICE_sect163k1_PUB
+SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
+
+# TEST CURVE sect163r1
+
+PrivateKey=ALICE_sect163r1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUBl9zmlPmFF5v9h1IIENAx
+1b8tj0+hLgMsAAQE3j8Jn58CCtEDwvOZ5DwgYGBYvIECz1zN8UwPfTFSdXjTWQcr
+9gWxNMA=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBN4/CZ+fAgrRA8LzmeQ8IGBgWLyBAs9c
+zfFMD30xUnV401kHK/YFsTTA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163r1:ALICE_sect163r1_PUB
+
+
+PrivateKey=BOB_sect163r1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUA/nzN5yCavvZlXyDGEihW
+rwG360+hLgMsAAQDt6XZHfzXABSTnGhzfoPtfdLZgaoGhBdeWz+318vNmC6AMJP+
+PntHzsA=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA7el2R381wAUk5xoc36D7X3S2YGqBoQX
+Xls/t9fLzZgugDCT/j57R87A
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163r1:BOB_sect163r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect163r1
+PeerKey=BOB_sect163r1_PUB
+SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect163r1
+PeerKey=ALICE_sect163r1_PUB
+SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+
+# TEST CURVE sect163r2
+
+PrivateKey=ALICE_sect163r2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDjH2G7BkPTBM4VtljaQr8
+sXVLNOqhLgMsAAQHHqWxJWR2KrHCPp/PSjZIdK88ET0A323/UOTxhYHwsLpR7rp3
+ahq1lQ8=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBx6lsSVkdiqxwj6fz0o2SHSvPBE9AN9t
+/1Dk8YWB8LC6Ue66d2oatZUP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163r2:ALICE_sect163r2_PUB
+
+
+PrivateKey=BOB_sect163r2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBXOM9Tm6sKXUlRLlW0HgC
+NTDxW2ihLgMsAAQGxa8xRcC+TIcDgGtehDVEV1PoBokBwtILj16NPYC0aBZI8/nF
+F4jhgmc=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBsWvMUXAvkyHA4BrXoQ1RFdT6AaJAcLS
+C49ejT2AtGgWSPP5xReI4YJn
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163r2:BOB_sect163r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect163r2
+PeerKey=BOB_sect163r2_PUB
+SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect163r2
+PeerKey=ALICE_sect163r2_PUB
+SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
+
+# TEST CURVE sect193r1
+
+PrivateKey=ALICE_sect193r1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAEQlofBlvj8zDK5o4CCfA
+aOQOmlAyTimBoTYDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUnNwBn5T26m15R
+M4MLnYGdklcAM8oMOML999w=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect193r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUn
+NwBn5T26m15RM4MLnYGdklcAM8oMOML999w=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect193r1:ALICE_sect193r1_PUB
+
+
+PrivateKey=BOB_sect193r1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAnxvYLKZaw4Rj24WTRBfg
+iar5vp3R3pCJoTYDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUpYQE/jBjzUHIC
+qMNZTHy9gT2R9yc0GBZ/Dic=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect193r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUp
+YQE/jBjzUHICqMNZTHy9gT2R9yc0GBZ/Dic=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect193r1:BOB_sect193r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect193r1
+PeerKey=BOB_sect193r1_PUB
+SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect193r1
+PeerKey=ALICE_sect193r1_PUB
+SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+
+# TEST CURVE sect193r2
+
+PrivateKey=ALICE_sect193r2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAj54XQW+b3bnX9duvqaa+
+lPTNcvOlxRAvoTYDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWkwQFc4m1ISx4o
+mtNyCVI7FXV5zNnaGWVACT4=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect193r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWk
+wQFc4m1ISx4omtNyCVI7FXV5zNnaGWVACT4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect193r2:ALICE_sect193r2_PUB
+
+
+PrivateKey=BOB_sect193r2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAvMiVR0abk6pHoeOIBESL
+fB9B4gsZJjLsoTYDNAAEADtKDcwL660+Mm11Vl254GI3TnD+fragdwF+wY5qlMu5
+VtrUDMHuAP0q3eGQUsrzNo0=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect193r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEADtKDcwL660+Mm11Vl254GI3TnD+frag
+dwF+wY5qlMu5VtrUDMHuAP0q3eGQUsrzNo0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect193r2:BOB_sect193r2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect193r2
+PeerKey=BOB_sect193r2_PUB
+SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect193r2
+PeerKey=ALICE_sect193r2_PUB
+SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+
+# TEST CURVE sect233k1
+
+PrivateKey=ALICE_sect233k1
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1aR7qaKm1vmZWK2bGsJ1rX
+mH6BpTkW4t1L4zSf/KFAAz4ABADcDiv+bTvPVViqYLNz06VO5wodry+sGi6fnJIr
+QQCTfZ9d5whiIsbY5Thlcm7I0A/cIGoShA/6LumOVA==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANwOK/5tO89VWKpgs3PTpU7nCh2vL6wa
+Lp+ckitBAJN9n13nCGIixtjlOGVybsjQD9wgahKED/ou6Y5U
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect233k1:ALICE_sect233k1_PUB
+
+
+PrivateKey=BOB_sect233k1
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0oa5BrzYxm6mn51Xyphn6X
+OUjKc9oMDHCowAyHTaFAAz4ABAGKiFuFJVQeymHYRVnt2LNF2MSaTMcL9JGSPn2z
+OwBis5MS4kgEFakWQl7KpGiy3vS89wmpblvHLJ/+IQ==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYqIW4UlVB7KYdhFWe3Ys0XYxJpMxwv0
+kZI+fbM7AGKzkxLiSAQVqRZCXsqkaLLe9Lz3CaluW8csn/4h
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect233k1
+PeerKey=BOB_sect233k1_PUB
+SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect233k1
+PeerKey=ALICE_sect233k1_PUB
+SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
+
+# TEST CURVE sect233r1
+
+PrivateKey=ALICE_sect233r1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AEN6fePR2gizyXzU6kIgU
+Gijp5+IQAXoNBfKnVeChQAM+AAQB0kEwu2fwQWo1v1j7XQ8uJT3iMwRC8w+cxgxx
+GQ4B/FyjrhIUpEDWaMqfV23McZ6WdbIUe3MZ7K5pG38=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdJBMLtn8EFqNb9Y+10PLiU94jMEQvMP
+nMYMcRkOAfxco64SFKRA1mjKn1dtzHGelnWyFHtzGeyuaRt/
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect233r1:ALICE_sect233r1_PUB
+
+
+PrivateKey=BOB_sect233r1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AXHWOeS6fG0XCH3FnHDuS
+IcELUeDG+AYNNeLVZd6hQAM+AAQAYRRYH017uxcaMPF3GOsL4bvodW1yZLEtL3pm
+CkcAfqJI/4niCr8uHKh0gBa2JBjBWMV1u8Mpf60uvok=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGEUWB9Ne7sXGjDxdxjrC+G76HVtcmSx
+LS96ZgpHAH6iSP+J4gq/LhyodIAWtiQYwVjFdbvDKX+tLr6J
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect233r1
+PeerKey=BOB_sect233r1_PUB
+SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect233r1
+PeerKey=ALICE_sect233r1_PUB
+SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
+
+# TEST CURVE sect239k1
+
+PrivateKey=ALICE_sect239k1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4MhpuQTtDeLBboZgiW11d/
+KBlgUL4YvTjZ8zg4HR2hQAM+AAQafRD6X3L/7c/FN69KuA04a4bhxHZezmz1G15m
+tltwl8zlWsR5+GNToxV0OBLbStAQbXxqBa2Gg83B0oc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect239k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEGn0Q+l9y/+3PxTevSrgNOGuG4cR2Xs5s
+9RteZrZbcJfM5VrEefhjU6MVdDgS20rQEG18agWthoPNwdKH
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect239k1:ALICE_sect239k1_PUB
+
+
+PrivateKey=BOB_sect239k1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4FBG477KvylisppUFwbDl/
+SRGnX5FFmfw/xWIiEMehQAM+AAQFii094UX6F5m8Dk0eI/DhF3+IDUu7h81hTdyZ
+xxET0IokxFkTUf/re9WPA7LxPOCuiIPZUNVCRxRWSuU=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect239k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEBYotPeFF+heZvA5NHiPw4Rd/iA1Lu4fN
+YU3cmccRE9CKJMRZE1H/63vVjwOy8TzgroiD2VDVQkcUVkrl
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect239k1:BOB_sect239k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect239k1
+PeerKey=BOB_sect239k1_PUB
+SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect239k1
+PeerKey=ALICE_sect239k1_PUB
+SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+
+# TEST CURVE sect283k1
+
+PrivateKey=ALICE_sect283k1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGhnsmZ2UDKV3QKmq3k+
+33LQ6n5aCYvKXcMgiZlBS/RrVgIRoUwDSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnW
+uC6oWVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4r
+mGO7
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnWuC6o
+WVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4rmGO7
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect283k1:ALICE_sect283k1_PUB
+
+
+PrivateKey=BOB_sect283k1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAAJXIwfWjYbiM5jEcNw8
+8/1kbEnhVjWGivO7zDPts7AuKSMkoUwDSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6V
+D5v8KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzj
+CN/m
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6VD5v8
+KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzjCN/m
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect283k1
+PeerKey=BOB_sect283k1_PUB
+SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect283k1
+PeerKey=ALICE_sect283k1_PUB
+SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
+
+# TEST CURVE sect283r1
+
+PrivateKey=ALICE_sect283r1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAi4Jrhu19kt7H8jw1FO7
+VzCxh6p0pI0ogl3q9ev5NFkufZkZoUwDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqU
+S40TU2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE
+7jsD
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqUS40T
+U2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE7jsD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect283r1:ALICE_sect283r1_PUB
+
+
+PrivateKey=BOB_sect283r1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACD04gJaVfVxK/Dpbxjq
+rzZWc6B76a23MK/IQD1jMlGPQzzxoUwDSgAEA13mIYMvik12DBp8JkdETMB1ewOw
+22C/xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lass
+Iq5I
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA13mIYMvik12DBp8JkdETMB1ewOw22C/
+xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lassIq5I
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect283r1
+PeerKey=BOB_sect283r1_PUB
+SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect283r1
+PeerKey=ALICE_sect283r1_PUB
+SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
+
+# TEST CURVE sect409k1
+
+PrivateKey=ALICE_sect409k1
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg1vV7wiPe1ovX+ukz
+VfwPZoqvyj/vdif04Opi9PcjV5mPBEZgSFBg8hbutNxZJdVLrxShbANqAAQACe1I
+J5ilSk1pPLvbcjEZIE6abC9LZ9WmHuNJxM9LAW1OuLvJGi72AsGYUOGpX0WGmK6C
+AYaqZb2Qeedq/yUIljDHYi66J+26owYl7lOMpRzZ9U2QDJrZ7TYuxeMUui6re0B+
+JuZdYw==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect409k1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAntSCeYpUpNaTy723IxGSBOmmwvS2fV
+ph7jScTPSwFtTri7yRou9gLBmFDhqV9FhpiuggGGqmW9kHnnav8lCJYwx2Iuuift
+uqMGJe5TjKUc2fVNkAya2e02LsXjFLouq3tAfibmXWM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect409k1:ALICE_sect409k1_PUB
+
+
+PrivateKey=BOB_sect409k1
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIYBGZZcZz4qCdhAV9
+vqpfe8vV+vJEhjawR52JUV1rumWEBPAx0o6E+gaxHBr5hzVGkIKhbANqAAQAAQKK
+s60CTUUkltsT+lIBukjz850pkGGLltJ4eaZn4k9AtN/lFTCq6Vgqe2sDrjA3b45q
+AdWjf1vRaP0wawJ13SjApJmyXg5hQks6d0Zqz2OHYhGEGiM159VtTlStK067dVe1
+fGVDeg==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect409k1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAECirOtAk1FJJbbE/pSAbpI8/OdKZBh
+i5bSeHmmZ+JPQLTf5RUwqulYKntrA64wN2+OagHVo39b0Wj9MGsCdd0owKSZsl4O
+YUJLOndGas9jh2IRhBojNefVbU5UrStOu3VXtXxlQ3o=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect409k1
+PeerKey=BOB_sect409k1_PUB
+SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect409k1
+PeerKey=ALICE_sect409k1_PUB
+SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
+
+# TEST CURVE sect409r1
+
+PrivateKey=ALICE_sect409r1
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAYTMsTpey51D2ULnd
+pN+AAWnJLy9pTerziakhjii8OyWKpUVfpDFNneCCd2oQTDcPX5vdoWwDagAEAYfk
+3ZejxpVYCG7dYHTVhhcqILEyTYoQa4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGU
+owHXXzgDXoJeR79wgb7ySAlXJXgQ8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvI
+eIozlf4=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect409r1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYfk3ZejxpVYCG7dYHTVhhcqILEyTYoQ
+a4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGUowHXXzgDXoJeR79wgb7ySAlXJXgQ
+8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvIeIozlf4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect409r1:ALICE_sect409r1_PUB
+
+
+PrivateKey=BOB_sect409r1
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsCs1nRgwW97TdKIH
+PRcsqmK1e8TIZ00e6rqLb3nD4sIe+Gw/fGhSUER9akQ7lAluEUnfoWwDagAEAfM2
+fvBEic+7jV4oC+v8GfsunD9Zp9rzNgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDl
+LwBm/W6TlzGuh1FnzXYKVnhnXpzSlRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMf
+WsgK+KA=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect409r1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfM2fvBEic+7jV4oC+v8GfsunD9Zp9rz
+NgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDlLwBm/W6TlzGuh1FnzXYKVnhnXpzS
+lRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMfWsgK+KA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect409r1
+PeerKey=BOB_sect409r1_PUB
+SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect409r1
+PeerKey=ALICE_sect409r1_PUB
+SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
+
+# TEST CURVE sect571k1
+
+PrivateKey=ALICE_sect571k1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARO8hI8j6TZ556/d
+RcdGYvdblnALD2XZCKu2c3C5yQIeA8Tidi+f8n6cCnb5FtJNTYKqP8tRfHlwAZtW
+/giXi/4yF5K2twS3oYGVA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0LQd9wP1+k
+v0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFRPU0Cct0S
+qVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJPCnaKR/Oo
+AtaUpCWLSTHDF1gK4/kmlwEx+8o=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect571k1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0L
+Qd9wP1+kv0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFR
+PU0Cct0SqVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJP
+CnaKR/OoAtaUpCWLSTHDF1gK4/kmlwEx+8o=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect571k1:ALICE_sect571k1_PUB
+
+
+PrivateKey=BOB_sect571k1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVZT4tnX9dMWS6Vd
+YCoYRl9o/j/Hz7KGqF4Ujk9n9b4+mXbJ37tobpjnpNqKlJfI04w80JPp+NxpoBR3
+8p1bcc9iL4Smh48YoYGVA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLURYRDHmopO
+IijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN1tsCrqET
+31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxOaqcYzbXC
+Q/Aiij13H06qKhuFM4iiB/0D164=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect571k1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLUR
+YRDHmopOIijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN
+1tsCrqET31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxO
+aqcYzbXCQ/Aiij13H06qKhuFM4iiB/0D164=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect571k1
+PeerKey=BOB_sect571k1_PUB
+SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect571k1
+PeerKey=ALICE_sect571k1_PUB
+SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
+
+# TEST CURVE sect571r1
+
+PrivateKey=ALICE_sect571r1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArsi//Zp9veeURYV
+zGYHn4MlNIxNt6U6vtmTPS/NaoiaavxbOimpHgxYPCjpoPYhM33Z2VBh7pl2aoRW
+3GBepLFLoF8oiQaLoYGVA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4f/AwTHmo
+US1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wzd8YF32SF
+HMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz6J6dYAUe
+vE+F3N29p/tRBGNzMFIqoDdW+NA=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect571r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4
+f/AwTHmoUS1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wz
+d8YF32SFHMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz
+6J6dYAUevE+F3N29p/tRBGNzMFIqoDdW+NA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect571r1:ALICE_sect571r1_PUB
+
+
+PrivateKey=BOB_sect571r1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYj65N5XJTQusn+h
+Z9xj/dgZ4qR1GDC1Ij7jYuow+TvGrG2wz/WT76/lLNtlCLfDW2kODDUmDAJeK/e+
+VMO7suJTXGnrGFHioYGVA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2SYmMKve74
+trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8QI70H8aHv
+LgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNdnNATBqom
+6WDWc7RTFZ4sijL5ywVhovwJ1gA=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect571r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2S
+YmMKve74trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8Q
+I70H8aHvLgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNd
+nNATBqom6WDWc7RTFZ4sijL5ywVhovwJ1gA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_sect571r1
+PeerKey=BOB_sect571r1_PUB
+SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
+
+# ECDH Bob with Alice peer
+Derive=BOB_sect571r1
+PeerKey=ALICE_sect571r1_PUB
+SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
+
+# TEST CURVE c2pnb163v1
+
+PrivateKey=ALICE_c2pnb163v1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEETDBKAgEBBBUDTVBXDIdMMg5JIb6y
+ZHLpkONauzuhLgMsAAQC/TaMi2YGY4SmYVCrIVVommDnOyMHJZ1VZ4+fT+hE/qRp
+WHMMW5gOZO4=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb163v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAv02jItmBmOEpmFQqyFVaJpg5zsj
+ByWdVWePn0/oRP6kaVhzDFuYDmTu
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb163v1:ALICE_c2pnb163v1_PUB
+
+
+PrivateKey=BOB_c2pnb163v1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEETDBKAgEBBBUC3uEAfGc3+a0FOrFh
+ftdUBtZ5BPOhLgMsAAQGojKkhnOduUQY6XT0GwQbDe1YM1wFkj3vZGkhO5OzsqG1
+QqQLkFeMwKo=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb163v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBqIypIZznblEGOl09BsEGw3tWDNc
+BZI972RpITuTs7KhtUKkC5BXjMCq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb163v1:BOB_c2pnb163v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb163v1
+PeerKey=BOB_c2pnb163v1_PUB
+SharedSecret=05939a47cb503656e684f433001e45776c7620e13b
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb163v1
+PeerKey=ALICE_c2pnb163v1_PUB
+SharedSecret=05939a47cb503656e684f433001e45776c7620e13b
+
+# TEST CURVE c2pnb163v2
+
+PrivateKey=ALICE_c2pnb163v2
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIETDBKAgEBBBUC3m3meJNbhDwwFH3C
+//L2EyOQNruhLgMsAAQBaATOiPV6c8icBYWczLXM6k+t8U4FIN57iiC8RsmIS3+V
+yM/rN3UBZaw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb163v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAWgEzoj1enPInAWFnMy1zOpPrfFO
+BSDee4ogvEbJiEt/lcjP6zd1AWWs
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb163v2:ALICE_c2pnb163v2_PUB
+
+
+PrivateKey=BOB_c2pnb163v2
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIETDBKAgEBBBUBvd/DvKharywckSaW
+aAniKByXBwihLgMsAAQH0+FWe4mb13QrEZCPwfIS+gChEXoGhyBVubt6+SSgS5nS
+eDGgjW/36Qw=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb163v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEB9PhVnuJm9d0KxGQj8HyEvoAoRF6
+BocgVbm7evkkoEuZ0ngxoI1v9+kM
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb163v2:BOB_c2pnb163v2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb163v2
+PeerKey=BOB_c2pnb163v2_PUB
+SharedSecret=0779fb5f6ac7892f2f342b785d71244e0b03ca562d
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb163v2
+PeerKey=ALICE_c2pnb163v2_PUB
+SharedSecret=0779fb5f6ac7892f2f342b785d71244e0b03ca562d
+
+# TEST CURVE c2pnb163v3
+
+PrivateKey=ALICE_c2pnb163v3
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMETDBKAgEBBBUCtJ0ZQMD5T6Ym/jZx
+Fzb9tQkLOhuhLgMsAAQE26YD7hG+CY02+nBDFKIBnMvHWUQGfkiIfG9yxV+LptOM
+CdU4y9RhM+w=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb163v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBNumA+4RvgmNNvpwQxSiAZzLx1lE
+Bn5IiHxvcsVfi6bTjAnVOMvUYTPs
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb163v3:ALICE_c2pnb163v3_PUB
+
+
+PrivateKey=BOB_c2pnb163v3
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMETDBKAgEBBBUB9MnYR9NXM8OoCraO
+orQz1LXIZJChLgMsAAQH15R/xAGyrtmg+hrdAaGn9rVEfWQA7yUCn4vKR2eIy/qN
+YfbeHTIaTBY=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb163v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEB9eUf8QBsq7ZoPoa3QGhp/a1RH1k
+AO8lAp+LykdniMv6jWH23h0yGkwW
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb163v3:BOB_c2pnb163v3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb163v3
+PeerKey=BOB_c2pnb163v3_PUB
+SharedSecret=02bf68863a8798e72cdc9cd3b9ce731f12654bfa81
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb163v3
+PeerKey=ALICE_c2pnb163v3_PUB
+SharedSecret=02bf68863a8798e72cdc9cd3b9ce731f12654bfa81
+
+# TEST CURVE c2pnb176v1
+
+PrivateKey=ALICE_c2pnb176v1
+-----BEGIN PRIVATE KEY-----
+MGgCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQETjBMAgEBBBUAxXEz1PjthqsI664l
+N5LRLN8C2uyhMAMuAARD1qVJHbL5A7BhEKeHSuDeT6XeZ3ODFn9ef67qdF+tS7p3
+zgXGKt4pKMoYcg==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb176v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEQ9alSR2y+QOwYRCnh0rg3k+l3mdz
+gxZ/Xn+u6nRfrUu6d84FxireKSjKGHI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb176v1:ALICE_c2pnb176v1_PUB
+
+
+PrivateKey=BOB_c2pnb176v1
+-----BEGIN PRIVATE KEY-----
+MGgCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQETjBMAgEBBBUAJvHHFW0v+/cjaLd7
+Xgt6FtSga5+hMAMuAASUs7rUAlv1qhppI82ikLvZ8Y0DApC356nhs7SyQYdLtHRM
++qUHBB3IzrLKdQ==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb176v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAElLO61AJb9aoaaSPNopC72fGNAwKQ
+t+ep4bO0skGHS7R0TPqlBwQdyM6yynU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb176v1:BOB_c2pnb176v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb176v1
+PeerKey=BOB_c2pnb176v1_PUB
+SharedSecret=b204734417542df762e09013d6ba958940837a2aa25a
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb176v1
+PeerKey=ALICE_c2pnb176v1_PUB
+SharedSecret=b204734417542df762e09013d6ba958940837a2aa25a
+
+# TEST CURVE c2tnb191v1
+
+PrivateKey=ALICE_c2tnb191v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEVTBTAgEBBBgYgpO+wgirUtuqHF00
+2o02Vc7xQjKgSzChNAMyAAQ2ae+5tDQ2CDaV5XPdC+RtLgcHS5lTOclTClr/WSpP
+TlMt2TGh/KRrD859oXg6KYY=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb191v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAENmnvubQ0Ngg2leVz3QvkbS4HB0uZ
+UznJUwpa/1kqT05TLdkxofykaw/OfaF4OimG
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb191v1:ALICE_c2tnb191v1_PUB
+
+
+PrivateKey=BOB_c2tnb191v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEVTBTAgEBBBguzm5uFNRy/lX3OKuJ
+j8i/vH/+viMd48yhNAMyAARka5rhdTmtbqQVRMWZQjUqsHUMX43siRt5f2WQSZfg
++IQ2l/8veayyX9erUSt3gK4=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb191v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEZGua4XU5rW6kFUTFmUI1KrB1DF+N
+7IkbeX9lkEmX4PiENpf/L3mssl/Xq1Erd4Cu
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb191v1:BOB_c2tnb191v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb191v1
+PeerKey=BOB_c2tnb191v1_PUB
+SharedSecret=7a30d30acd3b067f38bb3be9e8cdef739483df26455e36e1
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb191v1
+PeerKey=ALICE_c2tnb191v1_PUB
+SharedSecret=7a30d30acd3b067f38bb3be9e8cdef739483df26455e36e1
+
+# TEST CURVE c2tnb191v2
+
+PrivateKey=ALICE_c2tnb191v2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEVTBTAgEBBBgOlslgJ0XSK3vKC5Ls
+QmYxZfr8OEKXRQ2hNAMyAAQAHivLhSwW2SJZtUPhuV1p9fQSfz7w9SJY8dJOpVf8
+9DevPUlJMPcaSGyjX+3nJZc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb191v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAB4ry4UsFtkiWbVD4bldafX0En8+
+8PUiWPHSTqVX/PQ3rz1JSTD3Gkhso1/t5yWX
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb191v2:ALICE_c2tnb191v2_PUB
+
+
+PrivateKey=BOB_c2tnb191v2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEVTBTAgEBBBgK9QaS2SDU6yz7uXqO
++/+C+baTTVMAGVGhNAMyAAQiR0t9plm77ezfXvJzDNdlyYC0pWX+QmJ8EavgEElk
+ky/M+YXb5ufkFzFXIEfU9pM=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb191v2_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEIkdLfaZZu+3s317ycwzXZcmAtKVl
+/kJifBGr4BBJZJMvzPmF2+bn5BcxVyBH1PaT
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb191v2:BOB_c2tnb191v2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb191v2
+PeerKey=BOB_c2tnb191v2_PUB
+SharedSecret=5ec2b6ccd193620dbad302c4ad8f8909a40698bf454d7534
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb191v2
+PeerKey=ALICE_c2tnb191v2_PUB
+SharedSecret=5ec2b6ccd193620dbad302c4ad8f8909a40698bf454d7534
+
+# TEST CURVE c2tnb191v3
+
+PrivateKey=ALICE_c2tnb191v3
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEVTBTAgEBBBgSaBOQyq6XX3hZVVgV
+FlRrxTuvgtv33C6hNAMyAARL+Fup8jOnixQYPx8pU/b066PHrhTXfiNerFEYA/5O
+XCKCEkdRCpuDJnyqpmaC2vw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb191v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAES/hbqfIzp4sUGD8fKVP29Oujx64U
+134jXqxRGAP+TlwighJHUQqbgyZ8qqZmgtr8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb191v3:ALICE_c2tnb191v3_PUB
+
+
+PrivateKey=BOB_c2tnb191v3
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEVTBTAgEBBBgEE8Ls7pc1/q3/0ruR
+gMrWGhGIr4VLt4uhNAMyAAQHAZsjkAXanwGbXR3SKkoKli6rSfSiu0lU2XHDiZdt
+LaPN+Eihz4KeG2YM/p3m1do=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb191v3_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEBwGbI5AF2p8Bm10d0ipKCpYuq0n0
+ortJVNlxw4mXbS2jzfhIoc+CnhtmDP6d5tXa
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb191v3:BOB_c2tnb191v3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb191v3
+PeerKey=BOB_c2tnb191v3_PUB
+SharedSecret=39093dc8a2e6724a6206ed41bb99490d527d80c902c41891
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb191v3
+PeerKey=ALICE_c2tnb191v3_PUB
+SharedSecret=39093dc8a2e6724a6206ed41bb99490d527d80c902c41891
+
+# TEST CURVE c2pnb208w1
+
+PrivateKey=ALICE_c2pnb208w1
+-----BEGIN PRIVATE KEY-----
+MHQCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEWjBYAgEBBBkAbfnNboX6Dk+NLoBO
+6qBB2aE1srmTgS96oTgDNgAEFLHciAu4excYB0mty8rF442ULXZfqL90IkgP5G2z
+wzY1mAlEBFMg83izeRaCJ/vRihZDJw==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb208w1_PUB
+-----BEGIN PUBLIC KEY-----
+ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEFLHciAu4excYB0mty8rF442ULXZf
+qL90IkgP5G2zwzY1mAlEBFMg83izeRaCJ/vRihZDJw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb208w1:ALICE_c2pnb208w1_PUB
+
+
+PrivateKey=BOB_c2pnb208w1
+-----BEGIN PRIVATE KEY-----
+MHQCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEWjBYAgEBBBkAwjGFJOPkZqQPZ+mI
+Ae3G12zpUia40tRjoTgDNgAEDxaP6u0phDLfM4RsZhgIfZy8CurR4/IPtqMGxbfz
+pPKPMZXV12F6MrWrorSFDZ8KFd58Ww==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb208w1_PUB
+-----BEGIN PUBLIC KEY-----
+ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEDxaP6u0phDLfM4RsZhgIfZy8CurR
+4/IPtqMGxbfzpPKPMZXV12F6MrWrorSFDZ8KFd58Ww==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb208w1:BOB_c2pnb208w1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb208w1
+PeerKey=BOB_c2pnb208w1_PUB
+SharedSecret=59bf3c91bd168d4d4d900d9ce155933045e0fd16dcf0511bb5af
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb208w1
+PeerKey=ALICE_c2pnb208w1_PUB
+SharedSecret=59bf3c91bd168d4d4d900d9ce155933045e0fd16dcf0511bb5af
+
+# TEST CURVE c2tnb239v1
+
+PrivateKey=ALICE_c2tnb239v1
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwALBGcwZQIBAQQeE4CCwXEKsP3CfLC/
+DLSSF9lfyOaNSuQXmq9rzLqwoUADPgAEM6oQIsXJs+ANKQpF3DzBdG4FdS5DS+qp
+c5fVTsZiI4FAWCXUvzzPTRAex3wwvF/4JrYK6cKVh8i1EOrN
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb239v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEM6oQIsXJs+ANKQpF3DzBdG4FdS5D
+S+qpc5fVTsZiI4FAWCXUvzzPTRAex3wwvF/4JrYK6cKVh8i1EOrN
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb239v1:ALICE_c2tnb239v1_PUB
+
+
+PrivateKey=BOB_c2tnb239v1
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwALBGcwZQIBAQQeAGDYCGAXqD03x510
+h35JSzlgReW6W/T8lYPEA42doUADPgAECk6Uyh8ULkOVOxZSNZYGwtko/oy7ZLDP
+F8dbsEZTeYIBpQ6hWqZ/4Nz3RyzfoukyfCb3b8OMtpq+Qgio
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb239v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAECk6Uyh8ULkOVOxZSNZYGwtko/oy7
+ZLDPF8dbsEZTeYIBpQ6hWqZ/4Nz3RyzfoukyfCb3b8OMtpq+Qgio
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb239v1:BOB_c2tnb239v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb239v1
+PeerKey=BOB_c2tnb239v1_PUB
+SharedSecret=78c42256900725df9a47bb042cef7dad9f639b32e3010738a144e7472d1a
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb239v1
+PeerKey=ALICE_c2tnb239v1_PUB
+SharedSecret=78c42256900725df9a47bb042cef7dad9f639b32e3010738a144e7472d1a
+
+# TEST CURVE c2tnb239v2
+
+PrivateKey=ALICE_c2tnb239v2
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwAMBGcwZQIBAQQeE8kBjHLjFeC+Z2gZ
+q0snwR3UgEgWMW0xilhJNjW2oUADPgAEQ+ubIYhh82VohwKSVz70PkHsjmYWDvDU
+/SBRk8AiP71CM9D7XEKK5tnU94MtK2Kscx5nWZFc+oIh1+sY
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb239v2_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEQ+ubIYhh82VohwKSVz70PkHsjmYW
+DvDU/SBRk8AiP71CM9D7XEKK5tnU94MtK2Kscx5nWZFc+oIh1+sY
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb239v2:ALICE_c2tnb239v2_PUB
+
+
+PrivateKey=BOB_c2tnb239v2
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwAMBGcwZQIBAQQeE7bhzKZZUm780c0e
+3EBWY1GxD90Mzu7zrQMi7bAzoUADPgAEYgV7bokY6iLMzZTG10c6NDaW11plAm0T
+NKVVwzPqe3ylhsQmmm02LHKX0gN4E1dUS0uClBbMGNq2mhln
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb239v2_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEYgV7bokY6iLMzZTG10c6NDaW11pl
+Am0TNKVVwzPqe3ylhsQmmm02LHKX0gN4E1dUS0uClBbMGNq2mhln
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb239v2:BOB_c2tnb239v2_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb239v2
+PeerKey=BOB_c2tnb239v2_PUB
+SharedSecret=4ba2ecfa8ec7a375594d1673886cccf96d7763c55611b3c9008a35160192
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb239v2
+PeerKey=ALICE_c2tnb239v2_PUB
+SharedSecret=4ba2ecfa8ec7a375594d1673886cccf96d7763c55611b3c9008a35160192
+
+# TEST CURVE c2tnb239v3
+
+PrivateKey=ALICE_c2tnb239v3
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwANBGcwZQIBAQQeCxiC5lbHYL1QYbb2
+izZiSoLPnWCZIds811J1N7KtoUADPgAEdHMz+tsuO7VcO9IFgsSWTweLoB1ah5WI
+g6cWrtcUfmO7EGfPwNni4Bf8No7rGGMwbisW0v6Jv2pkTSM8
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb239v3_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEdHMz+tsuO7VcO9IFgsSWTweLoB1a
+h5WIg6cWrtcUfmO7EGfPwNni4Bf8No7rGGMwbisW0v6Jv2pkTSM8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb239v3:ALICE_c2tnb239v3_PUB
+
+
+PrivateKey=BOB_c2tnb239v3
+-----BEGIN PRIVATE KEY-----
+MIGBAgEAMBMGByqGSM49AgEGCCqGSM49AwANBGcwZQIBAQQeBBPxdeU3MohZc5Jx
+7WadLuPSeXeOg75rXC1ElexsoUADPgAEaHwiwQmoqbPij8+l6hLHVQz0AZLBT5uX
+hAh8fhTABKqI7qYShICAAX0tvu3EvQ8BQLP14grxUsSoEqAF
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb239v3_PUB
+-----BEGIN PUBLIC KEY-----
+MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEaHwiwQmoqbPij8+l6hLHVQz0AZLB
+T5uXhAh8fhTABKqI7qYShICAAX0tvu3EvQ8BQLP14grxUsSoEqAF
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb239v3:BOB_c2tnb239v3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb239v3
+PeerKey=BOB_c2tnb239v3_PUB
+SharedSecret=47ad60e5480375fccd9246c93ab04da8e5da83e1dbf5f177f10a47cb54a0
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb239v3
+PeerKey=ALICE_c2tnb239v3_PUB
+SharedSecret=47ad60e5480375fccd9246c93ab04da8e5da83e1dbf5f177f10a47cb54a0
+
+# TEST CURVE c2pnb272w1
+
+PrivateKey=ALICE_c2pnb272w1
+-----BEGIN PRIVATE KEY-----
+MIGMAgEAMBMGByqGSM49AgEGCCqGSM49AwAQBHIwcAIBAQQhAKMtKddENVGjzTU4
+w+hW0SgDOtIElcs52wb40S08j6gMoUgDRgAEfGvSzQo+00VXIDXV7iiGXpI16kzs
+6C8rkchA5sVBBY56nSCp0n4FpIXRzafiFQklJD9OrJzA6PXc7tp2n2XhIwvuOmI=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb272w1_PUB
+-----BEGIN PUBLIC KEY-----
+MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEfGvSzQo+00VXIDXV7iiGXpI16kzs
+6C8rkchA5sVBBY56nSCp0n4FpIXRzafiFQklJD9OrJzA6PXc7tp2n2XhIwvuOmI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb272w1:ALICE_c2pnb272w1_PUB
+
+
+PrivateKey=BOB_c2pnb272w1
+-----BEGIN PRIVATE KEY-----
+MIGMAgEAMBMGByqGSM49AgEGCCqGSM49AwAQBHIwcAIBAQQhAFAKPByX1wlYUpU4
+mECDAxg+VM5aFo4JPlqEzR0b9hI6oUgDRgAEL8+863IU4uxbEY8jVBjhsrG4W6AF
+MF6t+aGvoiKHtEMLQa6U158TRapDWp4eRurm6Idvv7hepCPqOMEGySDUwMECiQM=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb272w1_PUB
+-----BEGIN PUBLIC KEY-----
+MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEL8+863IU4uxbEY8jVBjhsrG4W6AF
+MF6t+aGvoiKHtEMLQa6U158TRapDWp4eRurm6Idvv7hepCPqOMEGySDUwMECiQM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb272w1:BOB_c2pnb272w1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb272w1
+PeerKey=BOB_c2pnb272w1_PUB
+SharedSecret=3ae063b2bed6ba8aa28ff35e9bd2673f22ee8087860c86b89429a5b52538216632a3
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb272w1
+PeerKey=ALICE_c2pnb272w1_PUB
+SharedSecret=3ae063b2bed6ba8aa28ff35e9bd2673f22ee8087860c86b89429a5b52538216632a3
+
+# TEST CURVE c2pnb304w1
+
+PrivateKey=ALICE_c2pnb304w1
+-----BEGIN PRIVATE KEY-----
+MIGYAgEAMBMGByqGSM49AgEGCCqGSM49AwARBH4wfAIBAQQlAOKzfcV2XOvVsSUh
+oVz3SHGzSCf0q9i+ilz5ZfBxc+5ssjK7jKFQA04ABDc4zQNFaZukj9iz3iXTYdza
+tCOYZvrfOjrbgzl/8PoFxt5q6yJTu35Vu9XVp5pTCtjpDEpywBj0xb07RRuVDEk8
+TthFP5vGeTIWLD4=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb304w1_PUB
+-----BEGIN PUBLIC KEY-----
+MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAENzjNA0Vpm6SP2LPeJdNh3Nq0I5hm
++t86OtuDOX/w+gXG3mrrIlO7flW71dWnmlMK2OkMSnLAGPTFvTtFG5UMSTxO2EU/
+m8Z5MhYsPg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb304w1:ALICE_c2pnb304w1_PUB
+
+
+PrivateKey=BOB_c2pnb304w1
+-----BEGIN PRIVATE KEY-----
+MIGYAgEAMBMGByqGSM49AgEGCCqGSM49AwARBH4wfAIBAQQlAPP4hz6sa+KdTJ4h
+fBeCUiJBfshcZoapkZMFrhI1vdcRY7MeAaFQA04ABMHRUzLiUY7O4nEBdmex31U4
+l6TO/dD+5MV/tVNizVsWjkTvi2fs772lZ9MeNp6QnGMZ5n5subHsa0QOJL1LpmXX
+K0UIWGbW0nQb52g=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb304w1_PUB
+-----BEGIN PUBLIC KEY-----
+MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEwdFTMuJRjs7icQF2Z7HfVTiXpM79
+0P7kxX+1U2LNWxaORO+LZ+zvvaVn0x42npCcYxnmfmy5sexrRA4kvUumZdcrRQhY
+ZtbSdBvnaA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb304w1:BOB_c2pnb304w1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb304w1
+PeerKey=BOB_c2pnb304w1_PUB
+SharedSecret=6df88b20de9f095c7632234291ea4658a9265cd2293424e11ed56705b09a069f09dc4e055eb7
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb304w1
+PeerKey=ALICE_c2pnb304w1_PUB
+SharedSecret=6df88b20de9f095c7632234291ea4658a9265cd2293424e11ed56705b09a069f09dc4e055eb7
+
+# TEST CURVE c2tnb359v1
+
+PrivateKey=ALICE_c2tnb359v1
+-----BEGIN PRIVATE KEY-----
+MIGwAgEAMBMGByqGSM49AgEGCCqGSM49AwASBIGVMIGSAgEBBC0BeMU97SvjsIvQ
+1v+Ztf56OCL8JXHxRJDQZ5gWEa4c2b3FZXFVC4CwEPd7cB+hXgNcAAQOBgLp0TzS
+4Hf/VYbJCFuj3OlRC5JMzFV7ox41ubhl5Ij+gHIodu1bQ6cqd0YAb2/30PxwX++N
+NpFvq8u8435zhPYXsut6txOPNU5ZzCeagy2xsKacXSZc7D0=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb359v1_PUB
+-----BEGIN PUBLIC KEY-----
+MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDgYC6dE80uB3/1WGyQhbo9zpUQuS
+TMxVe6MeNbm4ZeSI/oByKHbtW0OnKndGAG9v99D8cF/vjTaRb6vLvON+c4T2F7Lr
+ercTjzVOWcwnmoMtsbCmnF0mXOw9
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb359v1:ALICE_c2tnb359v1_PUB
+
+
+PrivateKey=BOB_c2tnb359v1
+-----BEGIN PRIVATE KEY-----
+MIGwAgEAMBMGByqGSM49AgEGCCqGSM49AwASBIGVMIGSAgEBBC0BRZ3IIh3mrLIX
+KBbh6Vj7TXNY5bzRuD5/ayHPlHQkJcd8K66dOqu7hgaN91GhXgNcAAQ7njbTQ2xY
+YZtkKswYr8E6P/R3Dg/XEZgQQ72B4qXnqbK/SgYsZAntFg7CRztcTkHjKAgdSz6f
+TRIc4///gwXN3Oi6D8PeswhzPJi/uLmCAHMm3GT6SUO3aTY=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb359v1_PUB
+-----BEGIN PUBLIC KEY-----
+MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEO54200NsWGGbZCrMGK/BOj/0dw4P
+1xGYEEO9geKl56myv0oGLGQJ7RYOwkc7XE5B4ygIHUs+n00SHOP//4MFzdzoug/D
+3rMIczyYv7i5ggBzJtxk+klDt2k2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb359v1:BOB_c2tnb359v1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb359v1
+PeerKey=BOB_c2tnb359v1_PUB
+SharedSecret=1d3f3396492d130caea54233c79833e90a072fe883071bb08cec671ce0319f0bc39c68dda0199952152a5c3563
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb359v1
+PeerKey=ALICE_c2tnb359v1_PUB
+SharedSecret=1d3f3396492d130caea54233c79833e90a072fe883071bb08cec671ce0319f0bc39c68dda0199952152a5c3563
+
+# TEST CURVE c2pnb368w1
+
+PrivateKey=ALICE_c2pnb368w1
+-----BEGIN PRIVATE KEY-----
+MIGyAgEAMBMGByqGSM49AgEGCCqGSM49AwATBIGXMIGUAgEBBC0AFagbth/4/M2s
+b1G4FpxbFEVLIulioS34v0hrClpZ38/Z+PHmIhOfEFminyehYANeAAQAU42w7mII
+jkyAdnCC4qoEPdH42fh3oVyCtnaRtKUmdhUdXm0IgSM4T4SYEOsx+aQZLGIjnhHJ
+CabcaKPQ0sai3dirUr2YsNXNDJiU93T7buUr+DnRPGsfBy/nEg==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2pnb368w1_PUB
+-----BEGIN PUBLIC KEY-----
+MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEAFONsO5iCI5MgHZwguKqBD3R+Nn4
+d6FcgrZ2kbSlJnYVHV5tCIEjOE+EmBDrMfmkGSxiI54RyQmm3Gij0NLGot3Yq1K9
+mLDVzQyYlPd0+27lK/g50TxrHwcv5xI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2pnb368w1:ALICE_c2pnb368w1_PUB
+
+
+PrivateKey=BOB_c2pnb368w1
+-----BEGIN PRIVATE KEY-----
+MIGyAgEAMBMGByqGSM49AgEGCCqGSM49AwATBIGXMIGUAgEBBC0AA/woMzOFy8k2
+zBqBkubhkOIwc7sx0u+JadM9f7V45L4P8nK7bjJasOqrHRahYANeAATKE6jcstac
+H8yWzg/qBgvGoGan2PVwTN/U+68K4WxHO7+oPHviUh1OVF7ZxYjsVSdyno83iHE3
+3sq2Ej6j26f+uVs/fuWk19t8NpAQ6+sVETZszuMDm5adqtVZRQ==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2pnb368w1_PUB
+-----BEGIN PUBLIC KEY-----
+MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEyhOo3LLWnB/Mls4P6gYLxqBmp9j1
+cEzf1PuvCuFsRzu/qDx74lIdTlRe2cWI7FUncp6PN4hxN97KthI+o9un/rlbP37l
+pNfbfDaQEOvrFRE2bM7jA5uWnarVWUU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2pnb368w1:BOB_c2pnb368w1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2pnb368w1
+PeerKey=BOB_c2pnb368w1_PUB
+SharedSecret=d191710b156d1b1d14242843a7f0abf28060bbb9e655655b53852a8b0f250ef1eee37d59364d9791c8e1bc526cbb
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2pnb368w1
+PeerKey=ALICE_c2pnb368w1_PUB
+SharedSecret=d191710b156d1b1d14242843a7f0abf28060bbb9e655655b53852a8b0f250ef1eee37d59364d9791c8e1bc526cbb
+
+# TEST CURVE c2tnb431r1
+
+PrivateKey=ALICE_c2tnb431r1
+-----BEGIN PRIVATE KEY-----
+MIHKAgEAMBMGByqGSM49AgEGCCqGSM49AwAUBIGvMIGsAgEBBDUC18JhUt+NCIZ/
+q6kdjNZ7zX72UqpW4K6Uc2bAWu2PXK1aL573LNzu4oUlHfbvuE1BUrxNpaFwA24A
+BDrG8SG4lckR1rrvLRpXYf7Wspmh/fbql+Zpulyl896XtwQK2BkLVRkZ5ixTG4PU
+yb64OiffdSnvIaM++cb7LgJLBBgT3d5le8V1gtxWFFm0NggUyF6glmUqHQL0LuhX
+WS468O6w05KS0AL6vQ==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_c2tnb431r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABDrG8SG4lckR1rrvLRpXYf7Wspmh
+/fbql+Zpulyl896XtwQK2BkLVRkZ5ixTG4PUyb64OiffdSnvIaM++cb7LgJLBBgT
+3d5le8V1gtxWFFm0NggUyF6glmUqHQL0LuhXWS468O6w05KS0AL6vQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_c2tnb431r1:ALICE_c2tnb431r1_PUB
+
+
+PrivateKey=BOB_c2tnb431r1
+-----BEGIN PRIVATE KEY-----
+MIHKAgEAMBMGByqGSM49AgEGCCqGSM49AwAUBIGvMIGsAgEBBDUApanyPgvpfrAu
+1jNAKGpctH71v0+P/kFF9JxdFYarpWEwBBd4tz6CxoYKmvDZ9ukOOqBbX6FwA24A
+BGh3JXuYmh6dGGEmbRhoR2T5pVD/5Mq2ZKKzfzY2NOoKiIs6rVzv2SW7S6BScYlR
+qRWiXCeZVFvT0crDY/5uodkHbcRw6B/Yo/iMN8wLI257Tjm9/C5G+JPCLopCcLIL
+gTwAJM2ZhtPnc08LyQ==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_c2tnb431r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABGh3JXuYmh6dGGEmbRhoR2T5pVD/
+5Mq2ZKKzfzY2NOoKiIs6rVzv2SW7S6BScYlRqRWiXCeZVFvT0crDY/5uodkHbcRw
+6B/Yo/iMN8wLI257Tjm9/C5G+JPCLopCcLILgTwAJM2ZhtPnc08LyQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_c2tnb431r1:BOB_c2tnb431r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_c2tnb431r1
+PeerKey=BOB_c2tnb431r1_PUB
+SharedSecret=4c4d7d387843ff5152f22f101b0609238819357fae2ccc9097b818e383ef6809cb46671fb514009d4d1d3d0119fba265107302e95748
+
+# ECDH Bob with Alice peer
+Derive=BOB_c2tnb431r1
+PeerKey=ALICE_c2tnb431r1_PUB
+SharedSecret=4c4d7d387843ff5152f22f101b0609238819357fae2ccc9097b818e383ef6809cb46671fb514009d4d1d3d0119fba265107302e95748
+
+# TEST CURVE wap-wsg-idm-ecid-wtls1
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls1
+-----BEGIN PRIVATE KEY-----
+MFACAQAwEAYHKoZIzj0CAQYFZysBBAEEOTA3AgEBBA5Xu91qBwxTDmhD/30Kf6Ei
+AyAABAFQSZ0G+afa1x4KwUzBjQEWFNdZoF6UNYGkCRINyg==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls1_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAVBJnQb5p9rXHgrBTMGNARYU11mgXpQ1
+gaQJEg3K
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls1:ALICE_wap-wsg-idm-ecid-wtls1_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls1
+-----BEGIN PRIVATE KEY-----
+MFACAQAwEAYHKoZIzj0CAQYFZysBBAEEOTA3AgEBBA5aU6CQ474Z1fH3xAtn/6Ei
+AyAABAFpb4GTc+5vf5nkt4zLxwGZQ6qSbYlH8pUbpvwcqA==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls1_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAWlvgZNz7m9/meS3jMvHAZlDqpJtiUfy
+lRum/Byo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls1:BOB_wap-wsg-idm-ecid-wtls1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls1
+PeerKey=BOB_wap-wsg-idm-ecid-wtls1_PUB
+SharedSecret=0000fc6e280987e8b9bf6e3c7fa003
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls1
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls1_PUB
+SharedSecret=0000fc6e280987e8b9bf6e3c7fa003
+
+# TEST CURVE wap-wsg-idm-ecid-wtls3
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls3
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFZysBBAMETDBKAgEBBBUBN2FFgQiz4KPJ9GEsrj5B
+m908ifuhLgMsAAQBV21Tx3v8+1wFKq7PiloR1CxzmlUDvnyXrs4mNmc5Ns38mzPe
+NueQNo0=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls3_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAVdtU8d7/PtcBSquz4paEdQsc5pVA758
+l67OJjZnOTbN/Jsz3jbnkDaN
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls3:ALICE_wap-wsg-idm-ecid-wtls3_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls3
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFZysBBAMETDBKAgEBBBUA/0Ust7IoJ526zn2wiWBu
+rR5NeSWhLgMsAAQB7d+/zMMti4djhlVnaGqaqonbmo4Cv+iKT1cF3nzXV/KXHSJI
+p9iZeas=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls3_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAe3fv8zDLYuHY4ZVZ2hqmqqJ25qOAr/o
+ik9XBd5811fylx0iSKfYmXmr
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls3:BOB_wap-wsg-idm-ecid-wtls3_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls3
+PeerKey=BOB_wap-wsg-idm-ecid-wtls3_PUB
+SharedSecret=00cf1d850f396436be68f1e5502935853ed054511f
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls3
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls3_PUB
+SharedSecret=00cf1d850f396436be68f1e5502935853ed054511f
+
+# TEST CURVE wap-wsg-idm-ecid-wtls4
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls4
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFZysBBAQEOjA4AgEBBA8AsuEGufSNSrDPu3Y1Namh
+IgMgAAQAcvPRbArskeBs6W2oOesAHMQo8Lk/FHcYKUfMOKY=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls4_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAHLz0WwK7JHgbOltqDnrABzEKPC5PxR3
+GClHzDim
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls4:ALICE_wap-wsg-idm-ecid-wtls4_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls4
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFZysBBAQEOjA4AgEBBA8AFJwmUkKbWdmzvqv+AbWh
+IgMgAAQBriOJSyRL4ro55CbCwekBluEKwIfP64OfJCEfWTU=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls4_PUB
+-----BEGIN PUBLIC KEY-----
+MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAa4jiUskS+K6OeQmwsHpAZbhCsCHz+uD
+nyQhH1k1
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls4:BOB_wap-wsg-idm-ecid-wtls4_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls4
+PeerKey=BOB_wap-wsg-idm-ecid-wtls4_PUB
+SharedSecret=01076232302ca32b5f3daf075e5213
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls4
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls4_PUB
+SharedSecret=01076232302ca32b5f3daf075e5213
+
+# TEST CURVE wap-wsg-idm-ecid-wtls5
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls5
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFZysBBAUETDBKAgEBBBUCmngbaO2S//Ta0ZUhn/nb
+ZydTKD+hLgMsAAQA1792id3hLIu2z0KECkBCUbTSP9UFLu2FTJkLa8qP4ZIrBt5F
+XKJo2Dw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls5_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEANe/dond4SyLts9ChApAQlG00j/VBS7t
+hUyZC2vKj+GSKwbeRVyiaNg8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls5:ALICE_wap-wsg-idm-ecid-wtls5_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls5
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFZysBBAUETDBKAgEBBBUBraa4aeYxHd9HJ0vLIoCw
+auGKd9yhLgMsAAQHzc2FgfJGasNlMcJNDDrNQElhA1cHD4izqEedmC3ueMu72/Sp
+VF2Ppig=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls5_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEB83NhYHyRmrDZTHCTQw6zUBJYQNXBw+I
+s6hHnZgt7njLu9v0qVRdj6Yo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls5:BOB_wap-wsg-idm-ecid-wtls5_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls5
+PeerKey=BOB_wap-wsg-idm-ecid-wtls5_PUB
+SharedSecret=066091c591278f5b949106052b2546aacc20917c20
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls5
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls5_PUB
+SharedSecret=066091c591278f5b949106052b2546aacc20917c20
+
+# TEST CURVE wap-wsg-idm-ecid-wtls6
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls6
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFZysBBAYENzA1AgEBBA5LJwRNrPNMwGyoBP95a6Eg
+Ax4ABMZxFi711Wl5r7tb1XJ9fJ3H1W1MKvVrYvfmNFo=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls6_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAExnEWLvXVaXmvu1vVcn18ncfVbUwq9Wti
+9+Y0Wg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls6:ALICE_wap-wsg-idm-ecid-wtls6_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls6
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFZysBBAYENzA1AgEBBA63i1z4Kl8BEE1I3CYU9KEg
+Ax4ABG3Ft5F8wvnGimUAmGQrfqAlVJKdzhNSa3v47Kc=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls6_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEbcW3kXzC+caKZQCYZCt+oCVUkp3OE1Jr
+e/jspw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls6:BOB_wap-wsg-idm-ecid-wtls6_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls6
+PeerKey=BOB_wap-wsg-idm-ecid-wtls6_PUB
+SharedSecret=8d184455748c56115ba2183070b0
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls6
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls6_PUB
+SharedSecret=8d184455748c56115ba2183070b0
+
+# TEST CURVE wap-wsg-idm-ecid-wtls7
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls7
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFZysBBAcESjBIAgEBBBUAueoisiN+luJEy0wdiI7j
+cALlTqChLAMqAAQ/FWsGxD8vuvEFWXfWReOqvBzqWrF9mdMeTeOE1y9r9POOIUVJ
+PNtL
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls7_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEPxVrBsQ/L7rxBVl31kXjqrwc6lqxfZnT
+Hk3jhNcva/TzjiFFSTzbSw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls7:ALICE_wap-wsg-idm-ecid-wtls7_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls7
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFZysBBAcESjBIAgEBBBUAr42vKjbUXFak2mVzFYpu
+yhN/cDyhLAMqAASJZpuFg+n8vscuq+pqfFFPYemnfLdhdAB4JodfR3J5Bzu67hEm
+bIKQ
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls7_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEiWabhYPp/L7HLqvqanxRT2Hpp3y3YXQA
+eCaHX0dyeQc7uu4RJmyCkA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls7:BOB_wap-wsg-idm-ecid-wtls7_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls7
+PeerKey=BOB_wap-wsg-idm-ecid-wtls7_PUB
+SharedSecret=990eda6a0406caef965018b97c94d0faa200f6e4
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls7
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls7_PUB
+SharedSecret=990eda6a0406caef965018b97c94d0faa200f6e4
+
+# TEST CURVE wap-wsg-idm-ecid-wtls8
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls8
+-----BEGIN PRIVATE KEY-----
+ME8CAQAwEAYHKoZIzj0CAQYFZysBBAgEODA2AgEBBA8A1m62ffl6niuM46XOUyih
+IAMeAAT4mqYAoe7NEtKfEMQs2ofInhZRZCFrFU5cjEWi
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls8_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAE+JqmAKHuzRLSnxDELNqHyJ4WUWQhaxVO
+XIxFog==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls8:ALICE_wap-wsg-idm-ecid-wtls8_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls8
+-----BEGIN PRIVATE KEY-----
+ME8CAQAwEAYHKoZIzj0CAQYFZysBBAgEODA2AgEBBA8AegTrLoMRyPl4U4xOdg6h
+IAMeAATQKkyQ3jL2Eku6C+vSQazbjjSkzNe67Occqj2P
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls8_PUB
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAE0CpMkN4y9hJLugvr0kGs2440pMzXuuzn
+HKo9jw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls8:BOB_wap-wsg-idm-ecid-wtls8_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls8
+PeerKey=BOB_wap-wsg-idm-ecid-wtls8_PUB
+SharedSecret=7524c547bd6b26644ce70571cb06
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls8
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls8_PUB
+SharedSecret=7524c547bd6b26644ce70571cb06
+
+# TEST CURVE wap-wsg-idm-ecid-wtls9
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls9
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFZysBBAkESjBIAgEBBBUAE0376NvzsIXi6XadrVn4
+06obTRChLAMqAARbC1yw9f1uBOVlMf5ZFQewTgyc81Aqh2TFMSRfujCIhdvGTYgR
+tu6F
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls9_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWwtcsPX9bgTlZTH+WRUHsE4MnPNQKodk
+xTEkX7owiIXbxk2IEbbuhQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls9:ALICE_wap-wsg-idm-ecid-wtls9_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls9
+-----BEGIN PRIVATE KEY-----
+MGECAQAwEAYHKoZIzj0CAQYFZysBBAkESjBIAgEBBBUAd2kfMclaJU2bg8ayTrjZ
+oolI82yhLAMqAAQ0NeW9TKhQeFrrTyMR9Gb55+BneCQSByAShM8Dn3V1FFYz7n0y
+bvBX
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls9_PUB
+-----BEGIN PUBLIC KEY-----
+MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAENDXlvUyoUHha608jEfRm+efgZ3gkEgcg
+EoTPA591dRRWM+59Mm7wVw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls9:BOB_wap-wsg-idm-ecid-wtls9_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls9
+PeerKey=BOB_wap-wsg-idm-ecid-wtls9_PUB
+SharedSecret=5ca1d9eed44def2c390fd5bbb16ca2c3a09eb7b1
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls9
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls9_PUB
+SharedSecret=5ca1d9eed44def2c390fd5bbb16ca2c3a09eb7b1
+
+# TEST CURVE wap-wsg-idm-ecid-wtls10
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls10
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFZysBBAoEZjBkAgEBBB01TDgjIGd+gXPZ4esQnWzz
+/y1vzJniUBM5XNyPq6FAAz4ABAHVs5gYpbJzqyO8Lk3nkTwhu4BuXb4wtrgGcY2L
+TwGxkC4Zq4aqLowsexGjVa0IjGKdWz5/TfwLwGpN4A==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls10_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAdWzmBilsnOrI7wuTeeRPCG7gG5dvjC2
+uAZxjYtPAbGQLhmrhqoujCx7EaNVrQiMYp1bPn9N/AvAak3g
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls10:ALICE_wap-wsg-idm-ecid-wtls10_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls10
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFZysBBAoEZjBkAgEBBB0mTqwYwByRuu4zcU1QLKcG
+m8wewuaoKqVSpp8xQaFAAz4ABAEF4xTrWAIF1EacNMqTG3kwxwartAKFFqyOle+w
+BwDi6gra7cFVedD1p5RwD4gZU4QzgCLSwa7xZbBzgg==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls10_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAQXjFOtYAgXURpw0ypMbeTDHBqu0AoUW
+rI6V77AHAOLqCtrtwVV50PWnlHAPiBlThDOAItLBrvFlsHOC
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls10:BOB_wap-wsg-idm-ecid-wtls10_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls10
+PeerKey=BOB_wap-wsg-idm-ecid-wtls10_PUB
+SharedSecret=0199de137bc263e25b543994d6315b5a3f1e38e7e1f60662cb5cbaab5f98
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls10
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls10_PUB
+SharedSecret=0199de137bc263e25b543994d6315b5a3f1e38e7e1f60662cb5cbaab5f98
+
+# TEST CURVE wap-wsg-idm-ecid-wtls11
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls11
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFZysBBAsEZzBlAgEBBB4Au6lrzC3RIk3jXmtbeOAp
+LZPR0NUrr6dTf1lSCGqhQAM+AAQBl73V2TEZ8BO4QC+YiBlJ0GmW8WLc3RtS3iIr
+/oUAaDQQAGVJFD3GghjBPfI9KVBcZ2P8tUXUv5ifrWc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls11_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAZe91dkxGfATuEAvmIgZSdBplvFi3N0b
+Ut4iK/6FAGg0EABlSRQ9xoIYwT3yPSlQXGdj/LVF1L+Yn61n
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls11:ALICE_wap-wsg-idm-ecid-wtls11_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls11
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFZysBBAsEZzBlAgEBBB4AGJuGtQI1FvHfp2AsdKb3
+NVWawjpZQuyM1aelws2hQAM+AAQAdTW3xU6Ijf/Y835Z2hS4fOn6Xmp3O6iblXHr
+nKoBORuxHVRfXkfdL5TqfFpuDghzCyAS6ZMSWhjGV5o=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls11_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAHU1t8VOiI3/2PN+WdoUuHzp+l5qdzuo
+m5Vx65yqATkbsR1UX15H3S+U6nxabg4IcwsgEumTEloYxlea
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls11:BOB_wap-wsg-idm-ecid-wtls11_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls11
+PeerKey=BOB_wap-wsg-idm-ecid-wtls11_PUB
+SharedSecret=01ee4b517d8a64be5ee32e10152c7bbcb8cde73a3da8e9643bce173011f7
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls11
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls11_PUB
+SharedSecret=01ee4b517d8a64be5ee32e10152c7bbcb8cde73a3da8e9643bce173011f7
+
+# TEST CURVE wap-wsg-idm-ecid-wtls12
+
+PrivateKey=ALICE_wap-wsg-idm-ecid-wtls12
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFZysBBAwEYTBfAgEBBByAnUvQZhZr1lgTRixSMIx0
+KHuV4t8cbXCW415soTwDOgAE3G8wIl9SJ0mAmuIMWbJpFjf9wO8gKNu6nApye39Y
+hpXeYRL/nm7G6HmiiA5O1iudWC3hDbBH0cc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_wap-wsg-idm-ecid-wtls12_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE3G8wIl9SJ0mAmuIMWbJpFjf9wO8gKNu6
+nApye39YhpXeYRL/nm7G6HmiiA5O1iudWC3hDbBH0cc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_wap-wsg-idm-ecid-wtls12:ALICE_wap-wsg-idm-ecid-wtls12_PUB
+
+
+PrivateKey=BOB_wap-wsg-idm-ecid-wtls12
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFZysBBAwEYTBfAgEBBBzZ7nt4CrPrk2m5iR64vpkj
+95JHOmzWf4VhRZqdoTwDOgAEukz40I4gWpUmXCM+PLmWGd0IO0XIPQa9KXzXvhbL
+dJH0yFkJ+ClSboOC26gtMTICiPhEgYjeKEQ=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_wap-wsg-idm-ecid-wtls12_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEukz40I4gWpUmXCM+PLmWGd0IO0XIPQa9
+KXzXvhbLdJH0yFkJ+ClSboOC26gtMTICiPhEgYjeKEQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_wap-wsg-idm-ecid-wtls12:BOB_wap-wsg-idm-ecid-wtls12_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_wap-wsg-idm-ecid-wtls12
+PeerKey=BOB_wap-wsg-idm-ecid-wtls12_PUB
+SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36
+
+# ECDH Bob with Alice peer
+Derive=BOB_wap-wsg-idm-ecid-wtls12
+PeerKey=ALICE_wap-wsg-idm-ecid-wtls12_PUB
+SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36
+
+# TEST CURVE brainpoolP160r1
+
+PrivateKey=ALICE_brainpoolP160r1
+-----BEGIN PRIVATE KEY-----
+MGQCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEBBEkwRwIBAQQUZTQYt6IOsZUUgr36
+WYGKTj10erShLAMqAAQkMf73t3Cov2cdezPSUt9Wn0ydhpk9+2HwZ13YufUyfcvP
+ijdJ/zFO
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP160r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQEBAyoABCQx/ve3cKi/Zx17M9JS31afTJ2G
+mT37YfBnXdi59TJ9y8+KN0n/MU4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP160r1:ALICE_brainpoolP160r1_PUB
+
+
+PrivateKey=BOB_brainpoolP160r1
+-----BEGIN PRIVATE KEY-----
+MGQCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEBBEkwRwIBAQQUb/ulIRG4yoOOihWD
+AV4l78I2GLWhLAMqAARPjEMetPWS4FlgFCHvVfK1nTK/TLsYScHregeZAZqn8gaF
+vgq4bE8v
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP160r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQEBAyoABE+MQx609ZLgWWAUIe9V8rWdMr9M
+uxhJwet6B5kBmqfyBoW+CrhsTy8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP160r1:BOB_brainpoolP160r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP160r1
+PeerKey=BOB_brainpoolP160r1_PUB
+SharedSecret=e4fe5ae99a60d17b597f5705a719cea6709c63b9
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP160r1
+PeerKey=ALICE_brainpoolP160r1_PUB
+SharedSecret=e4fe5ae99a60d17b597f5705a719cea6709c63b9
+
+# TEST CURVE brainpoolP160t1
+
+PrivateKey=ALICE_brainpoolP160t1
+-----BEGIN PRIVATE KEY-----
+MGQCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQECBEkwRwIBAQQUWWAyUnMvmQyeKeHE
+bIjyrW0JzVqhLAMqAAQ/h1VSPKvn2cTPmfMq0FZ3mxypjCIWtCMav7GH9Fby+kCr
+WKA0lFVw
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP160t1_PUB
+-----BEGIN PUBLIC KEY-----
+MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQECAyoABD+HVVI8q+fZxM+Z8yrQVnebHKmM
+Iha0Ixq/sYf0VvL6QKtYoDSUVXA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP160t1:ALICE_brainpoolP160t1_PUB
+
+
+PrivateKey=BOB_brainpoolP160t1
+-----BEGIN PRIVATE KEY-----
+MGQCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQECBEkwRwIBAQQUDFpUx8SZ718X0cwv
++oQaTXSK0zyhLAMqAAQIgDYhuy9cj04IFE0LforgJPt9rgcjuO81V6WR+E3LNETJ
+rYsy1X9k
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP160t1_PUB
+-----BEGIN PUBLIC KEY-----
+MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQECAyoABAiANiG7L1yPTggUTQt+iuAk+32u
+ByO47zVXpZH4Tcs0RMmtizLVf2Q=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP160t1:BOB_brainpoolP160t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP160t1
+PeerKey=BOB_brainpoolP160t1_PUB
+SharedSecret=199a218458b71a4e13f05a599fc17bc76f30ea2f
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP160t1
+PeerKey=ALICE_brainpoolP160t1_PUB
+SharedSecret=199a218458b71a4e13f05a599fc17bc76f30ea2f
+
+# TEST CURVE brainpoolP192r1
+
+PrivateKey=ALICE_brainpoolP192r1
+-----BEGIN PRIVATE KEY-----
+MHACAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEDBFUwUwIBAQQYGiIpZVR71C31b9AE
+lLiEiEyzdhRsvTbkoTQDMgAEHAovVZJfm52KWqJr9IKz7w7Ta+7HUN5Bjy+qR87k
+Oo3nP+439TLOs4iDhIvzP8j1
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP192r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEDAzIABBwKL1WSX5udilqia/SCs+8O02vu
+x1DeQY8vqkfO5DqN5z/uN/UyzrOIg4SL8z/I9Q==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP192r1:ALICE_brainpoolP192r1_PUB
+
+
+PrivateKey=BOB_brainpoolP192r1
+-----BEGIN PRIVATE KEY-----
+MHACAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEDBFUwUwIBAQQYkut8HljwyzxOArKA
+azilboA8yY6oy4svoTQDMgAEv/3NhrdVEA+PMFCm+muXhrC0wxX5UHvCUd/OAyda
+c2Jl7XVw2gS4hfXkTeT7MQMu
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP192r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEDAzIABL/9zYa3VRAPjzBQpvprl4awtMMV
++VB7wlHfzgMnWnNiZe11cNoEuIX15E3k+zEDLg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP192r1:BOB_brainpoolP192r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP192r1
+PeerKey=BOB_brainpoolP192r1_PUB
+SharedSecret=7ce122b49afdfd1adde6cdfaa13dc7180d6d4e70322c8773
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP192r1
+PeerKey=ALICE_brainpoolP192r1_PUB
+SharedSecret=7ce122b49afdfd1adde6cdfaa13dc7180d6d4e70322c8773
+
+# TEST CURVE brainpoolP192t1
+
+PrivateKey=ALICE_brainpoolP192t1
+-----BEGIN PRIVATE KEY-----
+MHACAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEEBFUwUwIBAQQYCV1NuYw7DwOawqgY
+kALfFpEzFE2rjXqYoTQDMgAEmBmJ220/ZJVdxfSgHFTz3FOC2PHql2ItbG0LXs/v
+7n/qkWGWz9B7R2FBqFaLBk0L
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP192t1_PUB
+-----BEGIN PUBLIC KEY-----
+MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEEAzIABJgZidttP2SVXcX0oBxU89xTgtjx
+6pdiLWxtC17P7+5/6pFhls/Qe0dhQahWiwZNCw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP192t1:ALICE_brainpoolP192t1_PUB
+
+
+PrivateKey=BOB_brainpoolP192t1
+-----BEGIN PRIVATE KEY-----
+MHACAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEEBFUwUwIBAQQYmZP2vmYpfJvSnqEl
+4K0Yj0iMCr4ds9bboTQDMgAEcSuLSED2s4SIuEdomZbdDMSmNrpnezJRv/W+bCQp
+4bcnQAb20tp47ISw/yXoQSA0
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP192t1_PUB
+-----BEGIN PUBLIC KEY-----
+MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEEAzIABHEri0hA9rOEiLhHaJmW3QzEpja6
+Z3syUb/1vmwkKeG3J0AG9tLaeOyEsP8l6EEgNA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP192t1:BOB_brainpoolP192t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP192t1
+PeerKey=BOB_brainpoolP192t1_PUB
+SharedSecret=1a5444c2600d9d21d6a450d158fd25272ade262ab519790b
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP192t1
+PeerKey=ALICE_brainpoolP192t1_PUB
+SharedSecret=1a5444c2600d9d21d6a450d158fd25272ade262ab519790b
+
+# TEST CURVE brainpoolP224r1
+
+PrivateKey=ALICE_brainpoolP224r1
+-----BEGIN PRIVATE KEY-----
+MHwCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEFBGEwXwIBAQQch91FmOz9tJ9Wfdyw
+krOM6UXinTuYBxjUWtU0HKE8AzoABIq0T5AJJzdDl9wbYqyxExMfTbNDt6W/ound
+ZTS6qXYvMegJ+nBcXeCi+FBI0pu6lHv8tF1ZjWLS
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP224r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEFAzoABIq0T5AJJzdDl9wbYqyxExMfTbND
+t6W/oundZTS6qXYvMegJ+nBcXeCi+FBI0pu6lHv8tF1ZjWLS
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP224r1:ALICE_brainpoolP224r1_PUB
+
+
+PrivateKey=BOB_brainpoolP224r1
+-----BEGIN PRIVATE KEY-----
+MHwCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEFBGEwXwIBAQQcvabkJWnrR4LuGUxf
+LO8DqDBcL4eix/a0qRWxm6E8AzoABM6qgBI9bmZwyYE0QFBJf5NpXe2phgcObKrG
+4URjdsORl4UJwlq7eLwINJLP9dPl0Qlb0Fv/gNVo
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP224r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEFAzoABM6qgBI9bmZwyYE0QFBJf5NpXe2p
+hgcObKrG4URjdsORl4UJwlq7eLwINJLP9dPl0Qlb0Fv/gNVo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP224r1:BOB_brainpoolP224r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP224r1
+PeerKey=BOB_brainpoolP224r1_PUB
+SharedSecret=419e446a66968fcc372126cff4d637505c848c3a9b82503f2d441215
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP224r1
+PeerKey=ALICE_brainpoolP224r1_PUB
+SharedSecret=419e446a66968fcc372126cff4d637505c848c3a9b82503f2d441215
+
+# TEST CURVE brainpoolP224t1
+
+PrivateKey=ALICE_brainpoolP224t1
+-----BEGIN PRIVATE KEY-----
+MHwCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEGBGEwXwIBAQQcSwWCcqYuiNyxR0gY
+VCMBQ17ykfaxEgMMyByZoqE8AzoABJiVhwIZAqy+OKj8RewjsdXPPCODfm+4RGV8
+2bYLW8SqiDeEDB+RvJirYwz/a5Ri+EL5Xk9QVkQF
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP224t1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEGAzoABJiVhwIZAqy+OKj8RewjsdXPPCOD
+fm+4RGV82bYLW8SqiDeEDB+RvJirYwz/a5Ri+EL5Xk9QVkQF
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP224t1:ALICE_brainpoolP224t1_PUB
+
+
+PrivateKey=BOB_brainpoolP224t1
+-----BEGIN PRIVATE KEY-----
+MHwCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEGBGEwXwIBAQQcLK5R+idvzqC1a28G
+e9m6Eh5up82atVSTRWeXwKE8AzoABBg6ar3lkYSv0AcOM542SbPhAqxny/anS+Do
+ELViM0rofxlcvkywZiBY0T40xUvXBILDsY/0he22
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP224t1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEGAzoABBg6ar3lkYSv0AcOM542SbPhAqxn
+y/anS+DoELViM0rofxlcvkywZiBY0T40xUvXBILDsY/0he22
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP224t1:BOB_brainpoolP224t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP224t1
+PeerKey=BOB_brainpoolP224t1_PUB
+SharedSecret=8f83465fb6353912a51c2809ea30b19b73b3e391c0422650e0f20b58
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP224t1
+PeerKey=ALICE_brainpoolP224t1_PUB
+SharedSecret=8f83465fb6353912a51c2809ea30b19b73b3e391c0422650e0f20b58
+
+# TEST CURVE brainpoolP256r1
+
+PrivateKey=ALICE_brainpoolP256r1
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIBMmEFKb8UQb4oCu
+k226EiMpk/omRsx/rrRNuh9WGB/zoUQDQgAEeIYdJpIpkxneKbL9qP/vSJ2/d7cH
+Cs2ZXggcRif7KKN55Ioit7Q1sVEeGzEDFbxpRWK6A+Kgu8sFkE+LHr5BGQ==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP256r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABHiGHSaSKZMZ3imy/aj/70idv3e3
+BwrNmV4IHEYn+yijeeSKIre0NbFRHhsxAxW8aUViugPioLvLBZBPix6+QRk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP256r1:ALICE_brainpoolP256r1_PUB
+
+
+PrivateKey=BOB_brainpoolP256r1
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIKXsf2pxFfTQiwbW
+2SKwZq50UOGhJYJZYO/xY33RHuQaoUQDQgAEC/FCNhyxZ4VcHY8zBehFbg3M54AU
+w6ixJ69gI2+xoyAXBn5d+pf8tAG0D0TUqtxRtwBgPWkt6pY4YYBQMY+NOA==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP256r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABAvxQjYcsWeFXB2PMwXoRW4NzOeA
+FMOosSevYCNvsaMgFwZ+XfqX/LQBtA9E1KrcUbcAYD1pLeqWOGGAUDGPjTg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP256r1:BOB_brainpoolP256r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP256r1
+PeerKey=BOB_brainpoolP256r1_PUB
+SharedSecret=78ed4b7bb4ed808813f8c27132fe04f5d805365549b754994d83b002416b6ba0
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP256r1
+PeerKey=ALICE_brainpoolP256r1_PUB
+SharedSecret=78ed4b7bb4ed808813f8c27132fe04f5d805365549b754994d83b002416b6ba0
+
+# TEST CURVE brainpoolP256t1
+
+PrivateKey=ALICE_brainpoolP256t1
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCARtMGsCAQEEIC4yFvVLhvRyF9wu
+yYJbncxLagsMCD+Sxt2vAJiKFpKdoUQDQgAEiGxl8E0yj3gE4iOyFDVe0tUYS9fN
+cNzkxEx2CiZwm09jbSNQF2pKAoCmLZQa8VBz+UZqdeXZy9Sc8UpJU3Fghg==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP256t1_PUB
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEIA0IABIhsZfBNMo94BOIjshQ1XtLVGEvX
+zXDc5MRMdgomcJtPY20jUBdqSgKApi2UGvFQc/lGanXl2cvUnPFKSVNxYIY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP256t1:ALICE_brainpoolP256t1_PUB
+
+
+PrivateKey=BOB_brainpoolP256t1
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCARtMGsCAQEEIIfXus/y+3RdwUZ0
+0db3boxPCzzRcI3CgIC8ggdGDPqPoUQDQgAEdlZ2yOiBsmREPaw8TsrGNmTLL6q1
+lVz8+OQ780Xxfo9VIFeR0Qbk8CgqX0lWt5hbEbbzEbF6I2nZCJndQ9VIoA==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP256t1_PUB
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEIA0IABHZWdsjogbJkRD2sPE7KxjZkyy+q
+tZVc/PjkO/NF8X6PVSBXkdEG5PAoKl9JVreYWxG28xGxeiNp2QiZ3UPVSKA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP256t1:BOB_brainpoolP256t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP256t1
+PeerKey=BOB_brainpoolP256t1_PUB
+SharedSecret=287a8f19e6f06476b222805eb11907c536fa6ea02b8877ea6d5323f9fabccdd8
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP256t1
+PeerKey=ALICE_brainpoolP256t1_PUB
+SharedSecret=287a8f19e6f06476b222805eb11907c536fa6ea02b8877ea6d5323f9fabccdd8
+
+# TEST CURVE brainpoolP320r1
+
+PrivateKey=ALICE_brainpoolP320r1
+-----BEGIN PRIVATE KEY-----
+MIGiAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCQSBhjCBgwIBAQQoRBvhspL4HZA6
+YcfouziNWFuE1e1RcN69xlsJ8OGZEMobV29pntQlSaFUA1IABFDmVKAu6UDU1doe
+67Fzp3WeLAKNcaLjX13W0X704bqNvSU7q747RCCbd46miRYsiqYejnsX0A/A5bOi
+I1LJixCGcAgm1pnGajKeok/ecsl+
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP320r1_PUB
+-----BEGIN PUBLIC KEY-----
+MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEJA1IABFDmVKAu6UDU1doe67Fzp3WeLAKN
+caLjX13W0X704bqNvSU7q747RCCbd46miRYsiqYejnsX0A/A5bOiI1LJixCGcAgm
+1pnGajKeok/ecsl+
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP320r1:ALICE_brainpoolP320r1_PUB
+
+
+PrivateKey=BOB_brainpoolP320r1
+-----BEGIN PRIVATE KEY-----
+MIGiAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCQSBhjCBgwIBAQQoi9ghqMQp8Zdx
+xVXuOMC66tVIvTQ9EX6taWLDy82eBRAt7MItb5LaMqFUA1IABHFexsmyGSMPdLCm
+a5vzaFlbk/gAkq6yfpE+BMokI+7GXx4dJz9+sKOi8h++T4SnocW03M7I5zOQVfK+
+82Kkq/vXCzEdkVRUPU4HVls7nil0
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP320r1_PUB
+-----BEGIN PUBLIC KEY-----
+MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEJA1IABHFexsmyGSMPdLCma5vzaFlbk/gA
+kq6yfpE+BMokI+7GXx4dJz9+sKOi8h++T4SnocW03M7I5zOQVfK+82Kkq/vXCzEd
+kVRUPU4HVls7nil0
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP320r1:BOB_brainpoolP320r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP320r1
+PeerKey=BOB_brainpoolP320r1_PUB
+SharedSecret=13a56c63c2dafe3e053534d5bf32c7eb4a0733bf356510725d378c5cbcf6974240719e3e53b352bb
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP320r1
+PeerKey=ALICE_brainpoolP320r1_PUB
+SharedSecret=13a56c63c2dafe3e053534d5bf32c7eb4a0733bf356510725d378c5cbcf6974240719e3e53b352bb
+
+# TEST CURVE brainpoolP320t1
+
+PrivateKey=ALICE_brainpoolP320t1
+-----BEGIN PRIVATE KEY-----
+MIGiAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCgSBhjCBgwIBAQQoxl+OeILawo65
+M4YbtLSARXYJsFJi4F8cUF6vfo1swRoCL6sAnV0QSaFUA1IABFN48RBqcd0PyU7N
+TRjaJsUaYXBlectX7JwhB/X/bbuNUK1YW9tZJZSZ/bBUfVfEgUhC+0qrvomc3xhy
+YBJIQeGWODwC1rHjO2H7GGvx1HmF
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP320t1_PUB
+-----BEGIN PUBLIC KEY-----
+MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEKA1IABFN48RBqcd0PyU7NTRjaJsUaYXBl
+ectX7JwhB/X/bbuNUK1YW9tZJZSZ/bBUfVfEgUhC+0qrvomc3xhyYBJIQeGWODwC
+1rHjO2H7GGvx1HmF
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP320t1:ALICE_brainpoolP320t1_PUB
+
+
+PrivateKey=BOB_brainpoolP320t1
+-----BEGIN PRIVATE KEY-----
+MIGiAgEAMBQGByqGSM49AgEGCSskAwMCCAEBCgSBhjCBgwIBAQQoMlTiH2CM3XGa
+VXPOQ5tdm+GJmnP03gbNK4POt5yQpnW8HoaHc+SS56FUA1IABLXO5ngGf17dU+ae
+QetDyXqlTTxtTrav1/NGb+i9BQUAsbIMQkdY0zWWbhksoMn56F2DBTSFwBlb1hBt
+p9fNIGUbgKqOlvtBpQHIoKXYEq3l
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP320t1_PUB
+-----BEGIN PUBLIC KEY-----
+MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEKA1IABLXO5ngGf17dU+aeQetDyXqlTTxt
+Trav1/NGb+i9BQUAsbIMQkdY0zWWbhksoMn56F2DBTSFwBlb1hBtp9fNIGUbgKqO
+lvtBpQHIoKXYEq3l
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP320t1:BOB_brainpoolP320t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP320t1
+PeerKey=BOB_brainpoolP320t1_PUB
+SharedSecret=170d1f5fc4248700be75499eac813fac642df1311ab005e10796cc2ef43b82f8d788eb232d580243
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP320t1
+PeerKey=ALICE_brainpoolP320t1_PUB
+SharedSecret=170d1f5fc4248700be75499eac813fac642df1311ab005e10796cc2ef43b82f8d788eb232d580243
+
+# TEST CURVE brainpoolP384r1
+
+PrivateKey=ALICE_brainpoolP384r1
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBCwSBnjCBmwIBAQQweTbLDp3fPbIL
+8w7I+aQzU8edVXXiFtt8Ulx7HSuAvHu/uaeedCKA+sXKXe33/aoDoWQDYgAEgQEp
+8Mrclp7hd1kkTnaXCEzAyhlMUtBIXQGI8ALS3FaMoL4mjIlhAU+vNdIcI9NGBx7Q
+FRUzFIy3IAyF+VPq8fM7Yyjk0x4P8UB1N+d2odKvKFqFBQBQmd6S5h+0ijis
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABIEBKfDK3Jae4XdZJE52lwhMwMoZ
+TFLQSF0BiPAC0txWjKC+JoyJYQFPrzXSHCPTRgce0BUVMxSMtyAMhflT6vHzO2Mo
+5NMeD/FAdTfndqHSryhahQUAUJnekuYftIo4rA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP384r1:ALICE_brainpoolP384r1_PUB
+
+
+PrivateKey=BOB_brainpoolP384r1
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBCwSBnjCBmwIBAQQwF6ERsBKPIs2v
+YHNnkyb15eHfTIQ58qsFlF90qztOdGzhytiWZXPvOh4khzujFfdZoWQDYgAEDxy4
+ddTAt+nTw0F16nhHhmmNbns3bX3rKEcY+686v58dAvx4VWOC7vHsiwek9ZYbZSkm
+Ky6H78ndkBrmU3BBR7hFGyU7CWSDFoH5Oybk0+JzkNa0qAm8+MpAIcFqb+IY
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABA8cuHXUwLfp08NBdep4R4ZpjW57
+N2196yhHGPuvOr+fHQL8eFVjgu7x7IsHpPWWG2UpJisuh+/J3ZAa5lNwQUe4RRsl
+OwlkgxaB+Tsm5NPic5DWtKgJvPjKQCHBam/iGA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP384r1:BOB_brainpoolP384r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP384r1
+PeerKey=BOB_brainpoolP384r1_PUB
+SharedSecret=0b3ad57e83759760d94904d9ea266b538120c6db2b5046217aa1ecd924828b949d335c8ce8a5b36bac7556bf6058c40a
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP384r1
+PeerKey=ALICE_brainpoolP384r1_PUB
+SharedSecret=0b3ad57e83759760d94904d9ea266b538120c6db2b5046217aa1ecd924828b949d335c8ce8a5b36bac7556bf6058c40a
+
+# TEST CURVE brainpoolP384t1
+
+PrivateKey=ALICE_brainpoolP384t1
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwYb/xX9O8mxEu
+tbOQwQ/pB862keq/eWxj8GW41m2OroEtOJZL1SsK/8ZwAL3BdNoyoWQDYgAENpcX
+DPQYBhU8zi4G6mQtjdgVmpdn4Iuwb0/VVmopmFAL0ISDB0qk9Hn2Lt9rmE8Nathq
+kKKlVHd/Y5FRqf06PZj8jaYHAxvz5E1J8ykrbT7rUpbj9Df2t+eop9YBbSxc
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP384t1_PUB
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQEMA2IABDaXFwz0GAYVPM4uBupkLY3YFZqX
+Z+CLsG9P1VZqKZhQC9CEgwdKpPR59i7fa5hPDWrYapCipVR3f2ORUan9Oj2Y/I2m
+BwMb8+RNSfMpK20+61KW4/Q39rfnqKfWAW0sXA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP384t1:ALICE_brainpoolP384t1_PUB
+
+
+PrivateKey=BOB_brainpoolP384t1
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwbFHOFMHlMXRY
+d29dF6HzKMh09dw7OAyxEeROTqOjFsI+whaqtL4GWH5P0UgFPDAHoWQDYgAER24u
+XKoWWnFFusbCPtDzz7n9zDIWzFqMeP6YE3MOseyfRFcKIVz/omWBVwpUbd3ca6Or
+d/Mh8hThIV4tZbPUwlyzzEW2NMJtd2t5JKdja0aT7fbp7NS9IJzNIRDl7r8z
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP384t1_PUB
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQEMA2IABEduLlyqFlpxRbrGwj7Q88+5/cwy
+FsxajHj+mBNzDrHsn0RXCiFc/6JlgVcKVG3d3Gujq3fzIfIU4SFeLWWz1MJcs8xF
+tjTCbXdreSSnY2tGk+326ezUvSCczSEQ5e6/Mw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP384t1:BOB_brainpoolP384t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP384t1
+PeerKey=BOB_brainpoolP384t1_PUB
+SharedSecret=0fde85a61157cdd898196f291802ebd57bb2e39d98c4e6ad9bb3e2e0375e1df9bf7dadb8df7db1fea32818ef2c88babc
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP384t1
+PeerKey=ALICE_brainpoolP384t1_PUB
+SharedSecret=0fde85a61157cdd898196f291802ebd57bb2e39d98c4e6ad9bb3e2e0375e1df9bf7dadb8df7db1fea32818ef2c88babc
+
+# TEST CURVE brainpoolP512r1
+
+PrivateKey=ALICE_brainpoolP512r1
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDQSB0DCBzQIBAQRAjMVK5PA5xYk8
+5gNs28Yo0erQSkgmildL7WwMVeT66algoISleFKT+fQkDRlfSKPXCZjK0NnKX5K9
+rkMm8w9ywKGBhQOBggAEHlj4gsnR2wN53k/hSIcAtbgHwbld5uS1/gR8RtoyaEDi
+t4Ti59/I9kRkZFEHJemhpTP2xY03j3M5rHP7vzk1NVKgYHJQ9MvMtPd6G+Fj5D0Y
+N1nnyqP3IJ8PyXmOdXBMoMHu+H50QbYZpcUFOqJhKp1T0+58xTXJdP8axl1IjtI=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP512r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAEHlj4gsnR2wN53k/hSIcAtbgH
+wbld5uS1/gR8RtoyaEDit4Ti59/I9kRkZFEHJemhpTP2xY03j3M5rHP7vzk1NVKg
+YHJQ9MvMtPd6G+Fj5D0YN1nnyqP3IJ8PyXmOdXBMoMHu+H50QbYZpcUFOqJhKp1T
+0+58xTXJdP8axl1IjtI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP512r1:ALICE_brainpoolP512r1_PUB
+
+
+PrivateKey=BOB_brainpoolP512r1
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDQSB0DCBzQIBAQRAZA10+k4+Esme
+vjkT9LdSX07amRwXrT7CBnEskZpHkZEoYVQa6FuE7Fai0kjL86lUCC4xoTjFbH3t
+LLrD0v7vwqGBhQOBggAEo3NAMIGp0rJxReih4nbEiTegA4pSEk84CUHHBLGuLsek
+Vo1vmj1LTnu4dVuILLf+MSZh9jjNmsWuEGSHIaZx6hniFHGdaRQ3GFODGvkE6z2d
+2kwv3Fmsq9+gu4By2OhSCfP+hpFhobXAYwWXzgaBFH+TqlF31Dyr2fuPnkL7tK4=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP512r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAEo3NAMIGp0rJxReih4nbEiTeg
+A4pSEk84CUHHBLGuLsekVo1vmj1LTnu4dVuILLf+MSZh9jjNmsWuEGSHIaZx6hni
+FHGdaRQ3GFODGvkE6z2d2kwv3Fmsq9+gu4By2OhSCfP+hpFhobXAYwWXzgaBFH+T
+qlF31Dyr2fuPnkL7tK4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP512r1:BOB_brainpoolP512r1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP512r1
+PeerKey=BOB_brainpoolP512r1_PUB
+SharedSecret=80751feb09215a9da32f9f8c97133f53f0286a89969bd00d7f365da7f7736f45e634a35012d71b22f09bd89760ab0d2b0d426133cd9a379da9739d0f5f2e0360
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP512r1
+PeerKey=ALICE_brainpoolP512r1_PUB
+SharedSecret=80751feb09215a9da32f9f8c97133f53f0286a89969bd00d7f365da7f7736f45e634a35012d71b22f09bd89760ab0d2b0d426133cd9a379da9739d0f5f2e0360
+
+# TEST CURVE brainpoolP512t1
+
+PrivateKey=ALICE_brainpoolP512t1
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDgSB0DCBzQIBAQRAm8Dt1nWguxK5
+iqhf6mig/Y7ctmMgbRCWSJMMd3lw5/iM4mtP9achhaEWGImIWV6Fbryi6Jv3nitC
+BUxpqREpcqGBhQOBggAEH/z+dOHhLfxI0GLpmUjYaSlC2H380nBhe6P4GSrnpya/
+Yew0IRyDfo0p99vwgOaLh8wJIH3Joy4NMtHthg8IAFmoctAoWkQ21E0HjPjwqZbx
+mvBD0S9opVycFR8XUSaK0EHyHO7hfuVsdyYzIIjpKViP7uOOtrggsTepWzBQt9I=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_brainpoolP512t1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOBggAEH/z+dOHhLfxI0GLpmUjYaSlC
+2H380nBhe6P4GSrnpya/Yew0IRyDfo0p99vwgOaLh8wJIH3Joy4NMtHthg8IAFmo
+ctAoWkQ21E0HjPjwqZbxmvBD0S9opVycFR8XUSaK0EHyHO7hfuVsdyYzIIjpKViP
+7uOOtrggsTepWzBQt9I=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_brainpoolP512t1:ALICE_brainpoolP512t1_PUB
+
+
+PrivateKey=BOB_brainpoolP512t1
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDgSB0DCBzQIBAQRAFStrWBwOtTlY
+/pBeT2ncjTHcNzKm+ocTiIvr0RUEuX8ITd+L5x9H+ZLk44T85/8yqTPlk6cZSHby
+TG5UkPGVvaGBhQOBggAEE6EYYwpBA3NBflj/HYwxzbaxuALefTsTr5O0bLqh4J6S
+xkAwsQnlkU8PCnzEuvdBNxSwW7276VGfwDO7kFKEdZq3cnT+P41yi/XBVK7xgaL1
+R2U+vCxWsje6JLixWEdJkJ+6TqPKICdriNge1zbjvfhb01zP58E/Xsgh5/deJco=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_brainpoolP512t1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOBggAEE6EYYwpBA3NBflj/HYwxzbax
+uALefTsTr5O0bLqh4J6SxkAwsQnlkU8PCnzEuvdBNxSwW7276VGfwDO7kFKEdZq3
+cnT+P41yi/XBVK7xgaL1R2U+vCxWsje6JLixWEdJkJ+6TqPKICdriNge1zbjvfhb
+01zP58E/Xsgh5/deJco=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_brainpoolP512t1:BOB_brainpoolP512t1_PUB
+
+
+# ECDH Alice with Bob peer
+Derive=ALICE_brainpoolP512t1
+PeerKey=BOB_brainpoolP512t1_PUB
+SharedSecret=0afecb44d108c9bf2bc159fcc613a1429e3906d5d201d579adc2167058e972ef85fc13d837f3566a2ff3a881e47bfe36b722baf4a9f865097fe11e171189a944
+
+# ECDH Bob with Alice peer
+Derive=BOB_brainpoolP512t1
+PeerKey=ALICE_brainpoolP512t1_PUB
+SharedSecret=0afecb44d108c9bf2bc159fcc613a1429e3906d5d201d579adc2167058e972ef85fc13d837f3566a2ff3a881e47bfe36b722baf4a9f865097fe11e171189a944
+
+
+## ECDH Tests: KATs from RFC 5114, RFC 5903 and RFC 7027
+
+
+# Keys and shared secrets from RFC 5114
+PrivateKey=PRIME192V1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgyP6MWnY6cZZP1lHa8
+FCAAq1vg4knENCahNAMyAATNRkiez9bBBeez0yVm4rEi4kmrqt2HBhJoiHtId99R
+3U3D1v0R8KJvj9OEQxeRbpo=
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME192V1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzUZIns/WwQXns9MlZuKxIuJJq6rd
+hwYSaIh7SHffUd1Nw9b9EfCib4/ThEMXkW6a
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME192V1_RFC5114:PRIME192V1_RFC5114-PUBLIC
+
+
+PrivateKey=PRIME192V1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhjH5W7SmdjLJxHbu6a
+tpWrJAoEmTB/z2KhNAMyAARRmhIWgOAEVGa6Id8u7kf1lztQBXfvE9X/YTq01kzu
+OiCHW9sQ+VP2swygcsYKpX8=
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME192V1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZoSFoDgBFRmuiHfLu5H9Zc7UAV3
+7xPV/2E6tNZM7jogh1vbEPlT9rMMoHLGCqV/
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME192V1_RFC5114-Peer:PRIME192V1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=PRIME192V1_RFC5114
+PeerKey=PRIME192V1_RFC5114-Peer-PUBLIC
+SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
+
+Derive=PRIME192V1_RFC5114-Peer
+PeerKey=PRIME192V1_RFC5114-PUBLIC
+SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
+
+PrivateKey=SECP224R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy1WOtsKI2nB7u0+PuuKrnp
+y2LjvFx1c+IuJtN/oTwDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDgpR8+608r
+XuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP224R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDg
+pR8+608rXuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP224R1_RFC5114:SECP224R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP224R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBysOxrdPZdw5vanCO6fO44K
+s7SA6fJ/hciLXm0YoTwDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBtzUKiB9SR
+vpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP224R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBt
+zUKiB9SRvpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP224R1_RFC5114-Peer:SECP224R1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=SECP224R1_RFC5114
+PeerKey=SECP224R1_RFC5114-Peer-PUBLIC
+SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
+
+Derive=SECP224R1_RFC5114-Peer
+PeerKey=SECP224R1_RFC5114-PUBLIC
+SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
+
+PrivateKey=PRIME256V1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggUJkFF8vVvLpao4z
+ehKEmT+vQypavOWehntykdUHo6+hRANCAAQq9QLzvolS8sm1qNQWDQnpcWW+ULxC
+rkpejTtLqDrrFesPr0yphsTThoGg+YctedVnlb1L/25t48D1AV7OXv2F
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKvUC876JUvLJtajUFg0J6XFlvlC8
+Qq5KXo07S6g66xXrD69MqYbE04aBoPmHLXnVZ5W9S/9ubePA9QFezl79hQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5114:PRIME256V1_RFC5114-PUBLIC
+
+
+PrivateKey=PRIME256V1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLOF4jsGX4JbblaIA
+zAqyahnOa8ytViuO7htZN2HPf0GhRANCAASxIN5Ko2SSeVNG6N5sLIZGrgaq6ief
+p3WzqwcV9s5RsJ8bfuziDXte2OxoX6Pwcdg3JwJwkqhBE4XDTd5XCLK2
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsSDeSqNkknlTRujebCyGRq4Gquon
+n6d1s6sHFfbOUbCfG37s4g17XtjsaF+j8HHYNycCcJKoQROFw03eVwiytg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5114-Peer:PRIME256V1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=PRIME256V1_RFC5114
+PeerKey=PRIME256V1_RFC5114-Peer-PUBLIC
+SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
+
+Derive=PRIME256V1_RFC5114-Peer
+PeerKey=PRIME256V1_RFC5114-PUBLIC
+SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
+
+PrivateKey=SECP384R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDSczXqcWZK8kTdFOn9
+EmBxXf2KeWVXHEjXCe56eWKhVtcGqQy8td8phvBf6tuTdvGhZANiAAR5MUjxeHY0
+1dpMbZB0QX0F4FerYvggVNEO5rBAPWJ5VH5qjqnR/XdCfQFv4nqLjGbGxBKUMx0j
+5vSA9PtM1AUEyUc5LpT0w/BrjzmLsp5CNo96aFkj3jtnus7SFKGh0Sg=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeTFI8Xh2NNXaTG2QdEF9BeBXq2L4IFTR
+DuawQD1ieVR+ao6p0f13Qn0Bb+J6i4xmxsQSlDMdI+b0gPT7TNQFBMlHOS6U9MPw
+a485i7KeQjaPemhZI947Z7rO0hShodEo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5114:SECP384R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP384R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS0Xkf20tw+JwPANRW
+wvcCO2ElJiw2p98fgCMRIczj05vlLgDBlKQTLEpsdovNlNKhZANiAARc1Cq5xBtT
+R/dLjU77cIs9WzbbZZFTWbRKvBdke2uZmXidcqhIZa4vIj8StaGrwSDhcUWP6qk5
+qqOov6xGtAS9j21bNIwPpNgM7KFjVsqTMkC96HI0Fajs4DWw7fNnVd4=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXNQqucQbU0f3S41O+3CLPVs222WRU1m0
+SrwXZHtrmZl4nXKoSGWuLyI/ErWhq8Eg4XFFj+qpOaqjqL+sRrQEvY9tWzSMD6TY
+DOyhY1bKkzJAvehyNBWo7OA1sO3zZ1Xe
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5114-Peer:SECP384R1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=SECP384R1_RFC5114
+PeerKey=SECP384R1_RFC5114-Peer-PUBLIC
+SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
+
+Derive=SECP384R1_RFC5114-Peer
+PeerKey=SECP384R1_RFC5114-PUBLIC
+SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
+
+PrivateKey=SECP521R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBE/gtqCVzXj2XJ2aD
+srdCd7rSczXqcWZK8kMMxPM0WblmnueLP/ubhoMBXTRNy/72+5r0xsRwviVFFs08
+Gh+0c2KhgYkDgYYABAHrs03XVyGr+K3J2+0XiJy7l2XZCnxg8s7wB7sPKybhSIH9
+RELmidYcst0EbuMOP/0g+aRbvfZBPVg6Lb9Zkk/TXAD2tjLRlMA4jiLYQ35VjFUq
+4ZWt/RU/ktdJCDUbL4xO2pTtsJFtG1PAILXuyu0aX8OKIz5IMFh7su40ibO0KlqG
+pA==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB67NN11chq/itydvtF4icu5dl2Qp8
+YPLO8Ae7Dysm4UiB/URC5onWHLLdBG7jDj/9IPmkW732QT1YOi2/WZJP01wA9rYy
+0ZTAOI4i2EN+VYxVKuGVrf0VP5LXSQg1Gy+MTtqU7bCRbRtTwCC17srtGl/DiiM+
+SDBYe7LuNImztCpahqQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5114:SECP521R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP521R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAzuNIDYZFoX0knyd2
+0ouuYWlS0Xkf20tw98M3hzKqGyKShEi80dwkltQ1sBBIBm6+T3KQPDYbGp3BGT3C
+ydCJG5ahgYkDgYYABAEOv6/G6F4I0kv//MGkUR2w5jS+6xtt7IxZOa5EdmIBr2IA
+QwupfIrGoOnwizPOfp/utbpO5eDYFRDCQpW4oI0CNQCkpuwwDfniV7A3K156v+8J
+NDZxmneIfrsLGM+Ambn0IStuMKFBnBjgKdNoY8ydRI9Nuk0qDmBxG+VykV+9T+8m
+lQ==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDr+vxuheCNJL//zBpFEdsOY0vusb
+beyMWTmuRHZiAa9iAEMLqXyKxqDp8Iszzn6f7rW6TuXg2BUQwkKVuKCNAjUApKbs
+MA354lewNyteer/vCTQ2cZp3iH67CxjPgJm59CErbjChQZwY4CnTaGPMnUSPTbpN
+Kg5gcRvlcpFfvU/vJpU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5114-Peer:SECP521R1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=SECP521R1_RFC5114
+PeerKey=SECP521R1_RFC5114-Peer-PUBLIC
+SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
+
+Derive=SECP521R1_RFC5114-Peer
+PeerKey=SECP521R1_RFC5114-PUBLIC
+SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
+
+# Keys and shared secrets from RFC 5903
+PrivateKey=PRIME256V1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI8B9RDZrD9wopLa
+ojFt5UTpqriv6EBJxiqcV4YtFDOhRANCAATa0LZTlCIc+bBR4f7KV4fQmN/mN/yQ
+ue+UXQw3clgRgFJxoEYc24JS1h8cRW+j5Zqx9FszrM9fWDieBXe4mQuz
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2tC2U5QiHPmwUeH+yleH0Jjf5jf8
+kLnvlF0MN3JYEYBScaBGHNuCUtYfHEVvo+WasfRbM6zPX1g4ngV3uJkLsw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5903:PRIME256V1_RFC5903-PUBLIC
+
+
+PrivateKey=PRIME256V1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxu+cXXiuASoBEWSs
+s5fOIIhoXY8Gv5vgsoOrRkdr7lOhRANCAATRLftSicjU+BIItwJwOYw0IpaXCgvM
+t0xzb8dVRJS/Y1b788o2bMI+gVeFTBPFjWqsI/BGraMPg1PnTzMDmHKr
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0S37UonI1PgSCLcCcDmMNCKWlwoL
+zLdMc2/HVUSUv2NW+/PKNmzCPoFXhUwTxY1qrCPwRq2jD4NT508zA5hyqw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5903-Peer:PRIME256V1_RFC5903-Peer-PUBLIC
+
+
+
+Derive=PRIME256V1_RFC5903
+PeerKey=PRIME256V1_RFC5903-Peer-PUBLIC
+SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
+
+Derive=PRIME256V1_RFC5903-Peer
+PeerKey=PRIME256V1_RFC5903-PUBLIC
+SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
+
+PrivateKey=SECP384R1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAJnzxwNNSixpmITXOj
+daZ/diTvfGs8DxYGR7Z0FNzmVeNbU4BB5knuP674lng6sZShZANiAARmeELX0YCs
+LN5vdPN1UfVXVcdkXCDvc+MWNP5ytMVe5t46yAistL20yIcyrulfQaqUgu0fwO65
+yvxJhGJcz8I/ZQMhSeDhRK2gJBgVNaDzjuufz/PCyUfa5ptMY0VzqBw=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZnhC19GArCzeb3TzdVH1V1XHZFwg73Pj
+FjT+crTFXubeOsgIrLS9tMiHMq7pX0GqlILtH8Duucr8SYRiXM/CP2UDIUng4USt
+oCQYFTWg847rn8/zwslH2uabTGNFc6gc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5903:SECP384R1_RFC5903-PUBLIC
+
+
+PrivateKey=SECP384R1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBBywd5tL24XUeEZyX7
+7DyUMPq0bMjcUGCFXMm9oKopQuAwgxKRa47Slg5L1Vp0SPyhZANiAATlWNvvU+7N
+49P8z8GuoIqJqYdHXRL9lQ2Dz6QXMrxQnQ0axDoDNt75b9pB0HdKNXHc++x6rPMZ
+ZHIWnoOEMDZ/Zu6+PG5wxBbdXwxodZ3R//g/pAFCIJ3/XqrZbbnmOGw=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5Vjb71PuzePT/M/BrqCKiamHR10S/ZUN
+g8+kFzK8UJ0NGsQ6Azbe+W/aQdB3SjVx3PvseqzzGWRyFp6DhDA2f2buvjxucMQW
+3V8MaHWd0f/4P6QBQiCd/16q2W255jhs
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5903-Peer:SECP384R1_RFC5903-Peer-PUBLIC
+
+
+
+Derive=SECP384R1_RFC5903
+PeerKey=SECP384R1_RFC5903-Peer-PUBLIC
+SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
+
+Derive=SECP384R1_RFC5903-Peer
+PeerKey=SECP384R1_RFC5903-PUBLIC
+SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
+
+PrivateKey=SECP521R1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAN63pMZqJ9Nq9s+9B
+GqzMpRI8YayrV7U5Pc5HYIFyoJWqhaMP4cKVLGdx2Te6l3f1lXsmObqwckYvaMJ6
+VzgtSlKhgYkDgYYABAAVQX6E2/KMCtPCeHEzSdx98VPIl6GJG9mLq0NXyey+4eO/
+QuALjjgK6uV8LRB1ZJQYhZQq9af0YBcjxBldF2ztPgF8riC2ZB0u62lXhtjJRhRi
+OdCZ4Y4dWlFMc518tKEK2KeIAVrEBdd5ncdee31bbPImGmp/FQdDi/Ab62yjkm+V
+gg==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFUF+hNvyjArTwnhxM0ncffFTyJeh
+iRvZi6tDV8nsvuHjv0LgC444CurlfC0QdWSUGIWUKvWn9GAXI8QZXRds7T4BfK4g
+tmQdLutpV4bYyUYUYjnQmeGOHVpRTHOdfLShCtiniAFaxAXXeZ3HXnt9W2zyJhpq
+fxUHQ4vwG+tso5JvlYI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5903:SECP521R1_RFC5903-PUBLIC
+
+
+PrivateKey=SECP521R1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRbqZqEevQ3k/3Q6H
+LnzfoWvjD9x4D5e8zD8Hg4AgHpxnfWALNDdXo72/KjFj5ML4acynRYqkpO/8MR9c
+sVFoXrmhgYkDgYYABADQs5daxLeZ9b6hbV4T6a+XHV6bmEyfOXKLXlc5c1ohm5fD
+VkNq3G6VuwNS9r5kpsKRLU7y0EM87SthcWQAEtlGDwFcaCJjg5VuO9Bm55e2I8J8
+4OrC9VGhDCxyTZhSB3uHIgtlNsXECKHSrruOhtZ4rknLVwkfRzIpZXmrRPzRfw/F
+ag==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0LOXWsS3mfW+oW1eE+mvlx1em5hM
+nzlyi15XOXNaIZuXw1ZDatxulbsDUva+ZKbCkS1O8tBDPO0rYXFkABLZRg8BXGgi
+Y4OVbjvQZueXtiPCfODqwvVRoQwsck2YUgd7hyILZTbFxAih0q67jobWeK5Jy1cJ
+H0cyKWV5q0T80X8PxWo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5903-Peer:SECP521R1_RFC5903-Peer-PUBLIC
+
+
+
+Derive=SECP521R1_RFC5903
+PeerKey=SECP521R1_RFC5903-Peer-PUBLIC
+SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
+
+Derive=SECP521R1_RFC5903-Peer
+PeerKey=SECP521R1_RFC5903-PUBLIC
+SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
+
+# Keys and shared secrets from RFC 7027
+PrivateKey=BRAINPOOLP256R1_RFC7027
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIIHbHuEAFQ/y6jON
+cIJxvjgwDLVCQdeZUPd7BjA5gE8doUQDQgAERBBukT+SvAKhcF2ZU6hBTbleGqpJ
+6B2ehfkpqOMQC+WKtIRvEcrMtzzknL3RIPWpAKaf0ywnIiP3ie8Q6wib3A==
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP256R1_RFC7027-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABEQQbpE/krwCoXBdmVOoQU25Xhqq
+SegdnoX5KajjEAvlirSEbxHKzLc85Jy90SD1qQCmn9MsJyIj94nvEOsIm9w=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP256R1_RFC7027:BRAINPOOLP256R1_RFC7027-PUBLIC
+
+
+PrivateKey=BRAINPOOLP256R1_RFC7027-Peer
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIFXkC8QeN+PirSXD
+xmVFEf+oR0qRoAMgh1k4UtPn12vToUQDQgAEjS1ojGz5PhFgrQTMRCkRfcLEGCXh
+6fygrd005vGzn3uZDFdSCBK+USZB5HA0gyEGvH0+jdDkx/ETbXAGVHzsag==
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP256R1_RFC7027-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABI0taIxs+T4RYK0EzEQpEX3CxBgl
+4en8oK3dNObxs597mQxXUggSvlEmQeRwNIMhBrx9Po3Q5MfxE21wBlR87Go=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP256R1_RFC7027-Peer:BRAINPOOLP256R1_RFC7027-Peer-PUBLIC
+
+
+
+Derive=BRAINPOOLP256R1_RFC7027
+PeerKey=BRAINPOOLP256R1_RFC7027-Peer-PUBLIC
+SharedSecret=89AFC39D41D3B327814B80940B042590F96556EC91E6AE7939BCE31F3A18BF2B
+
+Derive=BRAINPOOLP256R1_RFC7027-Peer
+PeerKey=BRAINPOOLP256R1_RFC7027-PUBLIC
+SharedSecret=89AFC39D41D3B327814B80940B042590F96556EC91E6AE7939BCE31F3A18BF2B
+
+PrivateKey=BRAINPOOLP384R1_RFC7027
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBCwSBnjCBmwIBAQQwHiD14EiliG8f
+FXx06RveK5jItS1Y5QA9VwU/xLC9ZdbxXrXR7hYQ34cHlRQ2J9BCoWQDYgAEaLZl
+3ZHBlYAGUM3TY8Yl9OdC6BNGZ7dnsbR2eTWI+IWraYyFLUpud6JS1jgPyvBoVbyR
+o5yewB3uNgF7fWc6kxI20vH1yDlC0Enj+iBgdJPg0Dj/L9MMKrZ9Fchff6pZ
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP384R1_RFC7027-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABGi2Zd2RwZWABlDN02PGJfTnQugT
+Rme3Z7G0dnk1iPiFq2mMhS1KbneiUtY4D8rwaFW8kaOcnsAd7jYBe31nOpMSNtLx
+9cg5QtBJ4/ogYHST4NA4/y/TDCq2fRXIX3+qWQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP384R1_RFC7027:BRAINPOOLP384R1_RFC7027-PUBLIC
+
+
+PrivateKey=BRAINPOOLP384R1_RFC7027-Peer
+-----BEGIN PRIVATE KEY-----
+MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBCwSBnjCBmwIBAQQwAyZAvGADxZJg
+9yUMPbWM5kf5jhJgrM5KzaPdhp904B+LpeAyQwnbapgxSXq6yWZwoWQDYgAETUQy
+byaaWXpbWLulZdpVVu1/2aip63bCX0bbadGdyM5q0Y5ASxVziyCG3zfnHR60YtaS
+E23lbL6Tv1+jGI71i8ijoOxsHhUaIQOKQukYUym1snWQPRkvjU4fMv6cx4xI
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP384R1_RFC7027-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABE1EMm8mmll6W1i7pWXaVVbtf9mo
+qet2wl9G22nRncjOatGOQEsVc4sght835x0etGLWkhNt5Wy+k79foxiO9YvIo6Ds
+bB4VGiEDikLpGFMptbJ1kD0ZL41OHzL+nMeMSA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP384R1_RFC7027-Peer:BRAINPOOLP384R1_RFC7027-Peer-PUBLIC
+
+
+
+Derive=BRAINPOOLP384R1_RFC7027
+PeerKey=BRAINPOOLP384R1_RFC7027-Peer-PUBLIC
+SharedSecret=0BD9D3A7EA0B3D519D09D8E48D0785FB744A6B355E6304BC51C229FBBCE239BBADF6403715C35D4FB2A5444F575D4F42
+
+Derive=BRAINPOOLP384R1_RFC7027-Peer
+PeerKey=BRAINPOOLP384R1_RFC7027-PUBLIC
+SharedSecret=0BD9D3A7EA0B3D519D09D8E48D0785FB744A6B355E6304BC51C229FBBCE239BBADF6403715C35D4FB2A5444F575D4F42
+
+PrivateKey=BRAINPOOLP512R1_RFC7027
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDQSB0DCBzQIBAQRAFjAv8Nu7Wo1z
+PatxQcG0WsvIcVk5Z39qVoUKOL2HvVmwnoAnlgn/Mz651MBhIx+yb5LusEmCpfHR
+dkytV2ZUIqGBhQOBggAECkIFF+QGqsCs3OkPzXFIdxjTuVPv1/vsX38n4oxhSZmT
+l+keAp4GRX2y0+ZAZos5LCp+c3p/C/BENtEWQP0J/XLmiC6NsoqtNiN80l1YDbI3
+g5YcjcUt+i7BOK1HKg/O84h89itiOyqH3lxYgwHqPl/CabNztgck9egqatFH/ec=
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP512R1_RFC7027-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAECkIFF+QGqsCs3OkPzXFIdxjT
+uVPv1/vsX38n4oxhSZmTl+keAp4GRX2y0+ZAZos5LCp+c3p/C/BENtEWQP0J/XLm
+iC6NsoqtNiN80l1YDbI3g5YcjcUt+i7BOK1HKg/O84h89itiOyqH3lxYgwHqPl/C
+abNztgck9egqatFH/ec=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP512R1_RFC7027:BRAINPOOLP512R1_RFC7027-PUBLIC
+
+
+PrivateKey=BRAINPOOLP512R1_RFC7027-Peer
+-----BEGIN PRIVATE KEY-----
+MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDQSB0DCBzQIBAQRAIw4Y4bzIijYv
+pU5Oo5AgCSkvf4AzYk/UcbXYrOSdEs+rvBmWPauOLx66AL/7KeTXLRPyIkVi9AXL
+gFA2ZrJUKaGBhQOBggAEnUX2beXWfi5ttuk6Wc4LtIEGCX/3iggd54HNsx/OjMuq
+6o3UMgxBGfHpzUN6Lqs3MfqWaKsmjYcd7aVaVHMZny/cMTCVvN1fs6kWNvB6lZyO
+hrVjah6TDoOWBJy0gZYdNlzBFFOgbHGYNUdbEstS/Dw4O8414n7xlFErcYdihfo=
+-----END PRIVATE KEY-----
+
+PublicKey=BRAINPOOLP512R1_RFC7027-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAEnUX2beXWfi5ttuk6Wc4LtIEG
+CX/3iggd54HNsx/OjMuq6o3UMgxBGfHpzUN6Lqs3MfqWaKsmjYcd7aVaVHMZny/c
+MTCVvN1fs6kWNvB6lZyOhrVjah6TDoOWBJy0gZYdNlzBFFOgbHGYNUdbEstS/Dw4
+O8414n7xlFErcYdihfo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BRAINPOOLP512R1_RFC7027-Peer:BRAINPOOLP512R1_RFC7027-Peer-PUBLIC
+
+
+
+Derive=BRAINPOOLP512R1_RFC7027
+PeerKey=BRAINPOOLP512R1_RFC7027-Peer-PUBLIC
+SharedSecret=A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F
+
+Derive=BRAINPOOLP512R1_RFC7027-Peer
+PeerKey=BRAINPOOLP512R1_RFC7027-PUBLIC
+SharedSecret=A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F
+
+
+########################################################################
+#                                                                      #
+#                NIST SP800-56A co-factor ECDH KATs                    #
+#                                                                      #
+#                                                                      #
+# http://csrc.nist.gov/groups/STM/cavp/component-testing.html#ECCCDH   #
+#                                                                      #
+# sha256sum(KAS_ECC_CDH_PrimitiveTest.txt) =                           #
+#     456068d3f8aad8ac62a03d19ed3173f00ad51f42b51aeab4753c20f30c01cf23 #
+#                                                                      #
+########################################################################
+
+
+PrivateKey=KAS-ECC-CDH_P-192_C0
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfT/qNnt000CFHKQn
+DcskwnH0Rb7Z1SehNAMyAASxUFNAH1coVjfsMkwc0hOeOmfeNzkjSzfyacFYY3SC
+qtZEzWkt0dPvLIp8SeOJ9/Y=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEsVBTQB9XKFY37DJMHNITnjpn3jc5
+I0s38mnBWGN0gqrWRM1pLdHT7yyKfEnjiff2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C0:KAS-ECC-CDH_P-192_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEQupt2Zad0qYf6hqsf46Y7cyJbG5V
+hXzA375dfGH6yIsRgRveMo6KDRK/AanSBLUj
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C0
+PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=803d8ab2e5b6e6fca715737c3a82f7ce3c783124f6d51cd0
+
+PrivateKey=KAS-ECC-CDH_P-192_C1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhW6FM0nZb+TEQkSNrL
+fPkrt6ldz1dKm9WhNAMyAATADUNXFv/qU/2MFieSQUw3ZlGH5YJxZTmrcRxiqnGl
+oY6KPEj4ncb6UvrAEI5SqKA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEwA1DVxb/6lP9jBYnkkFMN2ZRh+WC
+cWU5q3EcYqpxpaGOijxI+J3G+lL6wBCOUqig
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C1:KAS-ECC-CDH_P-192_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE3rVxL6AnrI0vIsRVzLc6keF7ZRK1
+4DDnfiaQoCzJsocIQxop+1S4ex8MFOARrCEl
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C1
+PeerKey=KAS-ECC-CDH_P-192_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=c208847568b98835d7312cef1f97f7aa298283152313c29d
+
+PrivateKey=KAS-ECC-CDH_P-192_C2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjG72H+EugL9W8tP30L
+t1c5RRmQbVVQCUmhNAMyAAThhLwYJILzQDyHh7g4Qkd0Z/zQEdsPbGT50cFBQvQN
+6GOduX1Rpj0szhAHzPdzzcs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4YS8GCSC80A8h4e4OEJHdGf80BHb
+D2xk+dHBQUL0Dehjnbl9UaY9LM4QB8z3c83L
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C2:KAS-ECC-CDH_P-192_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAETtqo78Wg9A+ENmPsWBXndi3dwAjm
+Y8IPCp+Nxno+YO9tZLUiGF0D3x/Arf1CR4J5
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C2
+PeerKey=KAS-ECC-CDH_P-192_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=87229107047a3b611920d6e3b2c0c89bea4f49412260b8dd
+
+PrivateKey=KAS-ECC-CDH_P-192_C3
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjmdHucI7pwRPOP9+Ys
+NeQDiSD1oBY9PNqhNAMyAAQrg42+c3NfN6OaeNMZV4PSaZHob/TZLRpg00SUInRI
+n5iQOy5/k/jRl/ya5goO1To=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEK4ONvnNzXzejmnjTGVeD0mmR6G/0
+2S0aYNNElCJ0SJ+YkDsuf5P40Zf8muYKDtU6
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C3:KAS-ECC-CDH_P-192_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEiIfCdu3u0+noZrRtWNiVxz+9gLY+
+OC6IBMUJe6ZkXhYgbPtw9wUmVZR91EoX8fnV
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C3
+PeerKey=KAS-ECC-CDH_P-192_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=eec0bed8fc55e1feddc82158fd6dc0d48a4d796aaf47d46c
+
+PrivateKey=KAS-ECC-CDH_P-192_C4
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBi+q+3QFUoa/PyF1SGB
+wQ9etHrcUfZVBH2hNAMyAAQfZc9uiXjhwbwQu2Gn2zEd4xAIjIz5dov31DgWjn9C
+qxSxavU6ei9kb/QLU9dMvMc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEH2XPbol44cG8ELthp9sxHeMQCIyM
++XaL99Q4Fo5/QqsUsWr1OnovZG/0C1PXTLzH
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C4:KAS-ECC-CDH_P-192_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEDQRfMCVK3B/O+opbHzG/TnOd0yfN
+GNWUVCwxTkFCfAgnigjOjXMF87W4Scctiv9z
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C4
+PeerKey=KAS-ECC-CDH_P-192_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=716e743b1b37a2cd8479f0a3d5a74c10ba2599be18d7e2f4
+
+PrivateKey=KAS-ECC-CDH_P-192_C5
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjPcDVCJmZzIdbiuvQJ
+meL9dMeg95P6hpmhNAMyAARfSET/zOYQBdJPc325hnXpL3tlQ662EGxUJPWYE5IV
+04m2sSuG1YAUhX8t2ttUD1E=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEX0hE/8zmEAXST3N9uYZ16S97ZUOu
+thBsVCT1mBOSFdOJtrErhtWAFIV/LdrbVA9R
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C5:KAS-ECC-CDH_P-192_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE+zXKINLpZmXFG5jo9us9eRE1CNi8
+zUUWNo7sDVv7hHch32qv8OXUjERPdL+c2KWn
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C5
+PeerKey=KAS-ECC-CDH_P-192_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=f67053b934459985a315cb017bf0302891798d45d0e19508
+
+PrivateKey=KAS-ECC-CDH_P-192_C6
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBj+lCUVI3//3XtOtcZJ
+Ce7khWoHbN8SuuKhNAMyAATmNp33myB7i4Z598hpz8JkhZ0atVqkAegfmccfgBow
+tS902m5ebbti7kxdoQkMwCA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE5jad95sge4uGeffIac/CZIWdGrVa
+pAHoH5nHH4AaMLUvdNpuXm27Yu5MXaEJDMAg
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C6:KAS-ECC-CDH_P-192_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEgkdSlgwTB+XxOoPaIceZjKi1sAuV
+SfbQvFLZHiNDY7wy7gtnePJc2MGEdRD0NIuU
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C6
+PeerKey=KAS-ECC-CDH_P-192_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=75822971193edd472bf30151a782619c55ad0b279c9303dd
+
+PrivateKey=KAS-ECC-CDH_P-192_C7
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgz/tEEkq+lvqAzPArx
+LKyUDE0iJFW80P6hNAMyAATvCyivxBY31zf0LkyKrOrchLouC4ScoYxXeXlC5VIX
+O7oX9zJ44Cn0IzUGi9dw3fI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE7wsor8QWN9c39C5Miqzq3IS6LguE
+nKGMV3l5QuVSFzu6F/cyeOAp9CM1BovXcN3y
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C7:KAS-ECC-CDH_P-192_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEELtXAgKRFBmB+DO0dJ5WEQNLMI6E
+AR0h4crNa3vRftjdtQtq7gZUw18tDt3Bz/z2
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C7
+PeerKey=KAS-ECC-CDH_P-192_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=67cba2cbb69ee78bf1abafb0e6fbe33fa2094c128d59652d
+
+PrivateKey=KAS-ECC-CDH_P-192_C8
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjzVXxdcLTHlUlgwzVo
+d2rb6OQ2GaviaxOhNAMyAATXARLF8PCEQ4ZJSsGtmdziIUE0F26/ua/TwYegOFEK
+sx1Fnit68aOA3XV2rwYmdUg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE1wESxfDwhEOGSUrBrZnc4iFBNBdu
+v7mv08GHoDhRCrMdRZ4revGjgN11dq8GJnVI
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C8:KAS-ECC-CDH_P-192_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZL85Bhad1jqG8VuDk9Oiy3OMjSN
+Dc7RIJiZgb6q8ABtiKlueXGi+jozukYEf8e6
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C8
+PeerKey=KAS-ECC-CDH_P-192_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=cf99a2770a386ca0137d1eca0a226e484297ac3c513f3631
+
+PrivateKey=KAS-ECC-CDH_P-192_C9
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhYbPuhxugXZu1Sgo8X
+exvhTrvFuDNIwxGhNAMyAARYs8Y+Vr7J1pa/mojfKHNzg5H3Y2iqK0lXdnc7Jh+v
+e6L9xP5DuSwLHHov0FSkNlA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEWLPGPla+ydaWv5qI3yhzc4OR92No
+qitJV3Z3OyYfr3ui/cT+Q7ksCxx6L9BUpDZQ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C9:KAS-ECC-CDH_P-192_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJtAZ2+J56tAe7RQ6kWAa2ibi9CIl
+scYrbKZT8IJy4DhvyUIfvVgAk9euYwG8qUR2
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C9
+PeerKey=KAS-ECC-CDH_P-192_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=576331e2b4fb38a112810e1529834de8307fb0a0d2756877
+
+PrivateKey=KAS-ECC-CDH_P-192_C10
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjK2BAGA6T2W+CNj8ih
+t+iExf9l3rPJbZmhNAMyAAS3/MD1LHpBHtvtOeEL8Ctq4PJmFMazJaJHSDsm62d3
+beK5OrcRnVRHVzc549Vecvs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEt/zA9Sx6QR7b7TnhC/ArauDyZhTG
+syWiR0g7Jutnd23iuTq3EZ1UR1c3OePVXnL7
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C10:KAS-ECC-CDH_P-192_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEU5vED+IKD7JniItkewPqr27CDAKh
+4fjIaQleW7e01EwyeKfua+yjl8RSRtqaNMi+
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C10
+PeerKey=KAS-ECC-CDH_P-192_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=902f4501916a0dd945554c3a37b3d780d375a6da713197c4
+
+PrivateKey=KAS-ECC-CDH_P-192_C11
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBge3YecxceWGcrmxzpp
+G9WgOVwO87NW/NKhNAMyAARs5q2ywwgI9ZAEjDPf+tRSTr96X9ObdHtJZr0vPQBW
+m01MBAn716LbdS9tCbyowl8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEbOatssMICPWQBIwz3/rUUk6/el/T
+m3R7SWa9Lz0AVptNTAQJ+9ei23UvbQm8qMJf
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C11:KAS-ECC-CDH_P-192_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXTQ925Yxj7R5TRD2xXP5n+5dDVe5
+liUPmfvfnZfdiK1BAjXaw25bks4oJLjlh6gs
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C11
+PeerKey=KAS-ECC-CDH_P-192_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=46e4de335054d429863218ae33636fc9b89c628b64b506c7
+
+PrivateKey=KAS-ECC-CDH_P-192_C12
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhGDkUic/4YJ2Ahh607
+6+5ly4RCO7T0dTehNAMyAATRvTo++r9HZ/5jgL3w2/SdUtTPDLuJQEzBUMK0yLOq
+Nfdl+Efk9/j9hwTSQaGB7pk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE0b06Pvq/R2f+Y4C98Nv0nVLUzwy7
+iUBMwVDCtMizqjX3ZfhH5Pf4/YcE0kGhge6Z
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C12:KAS-ECC-CDH_P-192_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEjT25vc4Tf/v7iROIw332wMvJCqXl
+N2IgE10wtctmDu+HZP/HRPFcG11twGukQW03
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C12
+PeerKey=KAS-ECC-CDH_P-192_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1bfe9e5a20ac7a38d8f605b425bb9030be31ef97c101c76c
+
+PrivateKey=KAS-ECC-CDH_P-192_C13
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBi5cDZQCEVvh1jsxaOz
+PPOuao1WgQelIWehNAMyAATBuGEMjGP41KvaCTuaEaVmBEv2XG+qiZmlvEs8oJU4
+Lpc4rulf6UebF4ebOtUpVVk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEwbhhDIxj+NSr2gk7mhGlZgRL9lxv
+qomZpbxLPKCVOC6XOK7pX+lHmxeHmzrVKVVZ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C13:KAS-ECC-CDH_P-192_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEngppSVGcf1vmjAQzxf3xMGSqE/sp
+SD3D4ci6Y+H0cdsjGF9Q2chx7eohJVs6Y7S3
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C13
+PeerKey=KAS-ECC-CDH_P-192_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0e8c493a4adc445dc9288a3b9b272599224054592d7265b3
+
+PrivateKey=KAS-ECC-CDH_P-192_C14
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhZwVuKJGTkHf5Dccf3
+2t9HCuQlVE+BE72hNAMyAAQf53b3NWe2rAsNZ2QWTebFvnUbqNH/RV5MFgvzivsr
+cfaEJhZkEVzodFU+iwWUMtI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEH+d29zVntqwLDWdkFk3mxb51G6jR
+/0VeTBYL84r7K3H2hCYWZBFc6HRVPosFlDLS
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C14:KAS-ECC-CDH_P-192_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEvgiCOJAumTmz0FTu64SS2vS9zwmi
+q3fxWNZ0mjqSPcgEQPJmH9NbZRYX5lKUtGN1
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C14
+PeerKey=KAS-ECC-CDH_P-192_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0f1991086b455ded6a1c4146f7bf59fe9b495de566ebc6bf
+
+PrivateKey=KAS-ECC-CDH_P-192_C15
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBim6biFxmuVnR/CcI1Z
+G20yKOSeuY9ybWGhNAMyAARjK7dlHb9J3endEl0T+yNOBmF3I77tPRv0rVIJY4SI
+OXxfRPmU3XR5gH559Ih9LnE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEYyu3ZR2/Sd3p3RJdE/sjTgZhdyO+
+7T0b9K1SCWOEiDl8X0T5lN10eYB+efSIfS5x
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C15:KAS-ECC-CDH_P-192_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEv1rgUCXhvmF+Zm2HpBaDY4c9V2Gz
+drUD4ebjizcra+4P9bNQLYNzXjssJoJeTw/M
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C15
+PeerKey=KAS-ECC-CDH_P-192_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=b30f2127c34df35aaa91dbf0bbe15798e799a03ed11698c1
+
+PrivateKey=KAS-ECC-CDH_P-192_C16
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBi9t1QJb/v72LDzywRs
+y3yhScTnGSBno+6hNAMyAATZwJjUIddB9vqrEW8+RzHSjFVY4Z/hEqE41NxIzNsd
+PtjTH9BnhKT4emiuwcvVsI8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE2cCY1CHXQfb6qxFvPkcx0oxVWOGf
+4RKhONTcSMzbHT7Y0x/QZ4Sk+HporsHL1bCP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C16:KAS-ECC-CDH_P-192_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEbMT+7YTHqw0JAF1mDtNN5pValGHE
+E40RMSJfM4ZO1I2gb6RakTtGz0JVd0LjUIXm
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C16
+PeerKey=KAS-ECC-CDH_P-192_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=64a5c246599d3e8177a2402a1110eb81e6c456ab4edb5127
+
+PrivateKey=KAS-ECC-CDH_P-192_C17
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjVvPJTTa/D2Zlkx71j
+q3vRWZn+Vt2WnEKhNAMyAAT9odXSjW/g55Cdaouvp4JNtVcquS/+feYTSil8HZyL
+urJJq6zZUe0R5amfkueZFXI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE/aHV0o1v4OeQnWqLr6eCTbVXKrkv
+/n3mE0opfB2ci7qySaus2VHtEeWpn5LnmRVy
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C17:KAS-ECC-CDH_P-192_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAENhVzFb7nr+3e1YxOi6FNNCHEAeUR
+NbzJN8KXynA/d8UrsGLYzpcduECXugx1OkGP
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C17
+PeerKey=KAS-ECC-CDH_P-192_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=017b8ca53c82fab163da2ab783966a39e061b32c8cfa334d
+
+PrivateKey=KAS-ECC-CDH_P-192_C18
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhD1LnfEFO+W0JoEEwC
+JE07+VlLAQtGqLKhNAMyAATDAgtwkUY9eI8fHXb3z+7ILs2zt9mcNFyadxDVF5WR
+2PPfCqEiMBdorn237uLX9YM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEwwILcJFGPXiPHx1298/uyC7Ns7fZ
+nDRcmncQ1ReVkdjz3wqhIjAXaK59t+7i1/WD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C18:KAS-ECC-CDH_P-192_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEmEZNR/Alb4KS4CfoySWC6nfPkFH1
+zo5dRJVS73V4vpYjb+XtnQZDwLtsWpE0sBCN
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C18
+PeerKey=KAS-ECC-CDH_P-192_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=340ef3db3dbebdd91c62c3d4e1a3da2c7c52a3338b865259
+
+PrivateKey=KAS-ECC-CDH_P-192_C19
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiUysLCynFHRkAWcNlO
+2/P2d4Z7WgO+562hNAMyAASxhVSi50PvCqLwQJh8TEUQBOCW3z2A3a5uPixhj4lu
+NrpiAHdoS3CgX/t5v15sdkA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEsYVUoudD7wqi8ECYfExFEATglt89
+gN2ubj4sYY+Jbja6YgB3aEtwoF/7eb9ebHZA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C19:KAS-ECC-CDH_P-192_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEVj62bDNM9vEjvwTHgDtIoxECFCN+
+mDv1DzURBIGRme8HyaYFHSB1jzr3kCfqZqU/
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C19
+PeerKey=KAS-ECC-CDH_P-192_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=2162144921df5103d0e6a650fb13fd246f4738d0896ce92f
+
+PrivateKey=KAS-ECC-CDH_P-192_C20
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgqOp4zyMwxB6n5Jlw7
+3qEgZXDob5KscBShNAMyAASnuji+G8Zp3SPM/O4GRbHw24z5Qt6vrra4LbedgM0O
+N/KNQWOtw4ne6Px3l7XJgxs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEp7o4vhvGad0jzPzuBkWx8NuM+ULe
+r662uC23nYDNDjfyjUFjrcOJ3uj8d5e1yYMb
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C20:KAS-ECC-CDH_P-192_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEhoKMSskrVQdhiux4c6HU/GVDxb4z
+zzB4siynJDdUXhDW1PBSQi64mLc3pLhUPuVQ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C20
+PeerKey=KAS-ECC-CDH_P-192_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=4c69e7feed4b11159adfc16a6047a92572ea44e0740b23af
+
+PrivateKey=KAS-ECC-CDH_P-192_C21
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhKa3ipismPqOmajs4I
+7AJREl+Fxv0OKJuhNAMyAATnadu81c4tg1FLdo09LVqgvNj2avFfVQAvxtCwOeDy
+j3T77/6eiD1N1yKW5OlcrnE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE52nbvNXOLYNRS3aNPS1aoLzY9mrx
+X1UAL8bQsDng8o90++/+nog9TdciluTpXK5x
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C21:KAS-ECC-CDH_P-192_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEZwChAkN3galYHaK8Jc7Vq/QZ2pHT
+yAPfcTlsnPCLzZGFTj5uQtjGV84PJ6t3qdxL
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C21
+PeerKey=KAS-ECC-CDH_P-192_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=46072acefd67bff50de355ca7a31fa6be59f26e467587259
+
+PrivateKey=KAS-ECC-CDH_P-192_C22
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjFpkkdeIRNZhfvM75r
+i9VNoiFFCIXVlQ+hNAMyAATbGyT3RmvBVOnX0sPKUtz+C/yVY8X9tvMcdPu/W9mZ
+IfGpp0T44c93C9anancrMAM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE2xsk90ZrwVTp19LDylLc/gv8lWPF
+/bbzHHT7v1vZmSHxqadE+OHPdwvWp2p3KzAD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C22:KAS-ECC-CDH_P-192_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEqC81TPl77l0i3GwHnykC6tRNlqj2
+FPF4plSpqooaCALyzg7ooPTr6W3uGzdGSx/y
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C22
+PeerKey=KAS-ECC-CDH_P-192_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ec5580eabca9f3389d2b427ddf6e49e26d629afd03fa766e
+
+PrivateKey=KAS-ECC-CDH_P-192_C23
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgronA8XiP2RjxbiNw3
+KS+r0zmbXh+2fAWhNAMyAAR1QxSJBs75s3pxp8CDY83Tu6UBQtZSQaqLOmlz3o3C
+ceJ8Hq0eli/arjcQxyTarDg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEdUMUiQbO+bN6cafAg2PN07ulAULW
+UkGqizppc96NwnHifB6tHpYv2q43EMck2qw4
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C23:KAS-ECC-CDH_P-192_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEPOwhsoZooSos944ajlXQ7+BlFS//
+w0cYEClVe+uk/xmSvSHCPLSCX22ucOMxj9HK
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C23
+PeerKey=KAS-ECC-CDH_P-192_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=7f3929dd3cbf7673bc30d859d90b880307475f800660ea32
+
+PrivateKey=KAS-ECC-CDH_P-192_C24
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiDYRjGJI+ILpFHl292
+SCbBoodVphApd9WhNAMyAAT800WpdscgyqqX3maXImglYV4Sh6nv9n5Y6kLtvur8
+qf9Ez9fymr0svedibXnkIsk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-192_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE/NNFqXbHIMqql95mlyJoJWFeEoep
+7/Z+WOpC7b7q/Kn/RM/X8pq9LL3nYm155CLJ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-192_C24:KAS-ECC-CDH_P-192_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-192_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEcIJkRxW4tzH4IotRGOcnDTTRgfNh
+oiH8RkZJ1siMqJYUSIocx7hEK7Qvn7MCCj12
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-192_C24
+PeerKey=KAS-ECC-CDH_P-192_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c
+
+PrivateKey=KAS-ECC-CDH_P-224_C0
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByDRqYPxvKTyloNKvaLpx0d
+04nl5Ag3lC3z5Dy9oTwDOgAEjeLiat9yxYLWVo72OMT9WbGNoXG99QHx2SngSEpo
+ocKw+yKTDRIFVcHs5Q6pjeqEB/cb4276wN4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEjeLiat9yxYLWVo72OMT9WbGNoXG99QHx
+2SngSEpoocKw+yKTDRIFVcHs5Q6pjeqEB/cb4276wN4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C0:KAS-ECC-CDH_P-224_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAErzPNBim8fpljIKP0A2j3TehwT6N7j6tp
+q6rigIggksy7p5MPQZqKT5uxaXi7w4OHKZklWaby4tc=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C0
+PeerKey=KAS-ECC-CDH_P-224_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=7d96f9a3bd3c05cf5cc37feb8b9d5209d5c2597464dec3e9983743e8
+
+PrivateKey=KAS-ECC-CDH_P-224_C1
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwEPLIW9Lcs33Yp1jcgpUru
+DJnrMtdEd9rAwvc9oTwDOgAEL5D1yOrJx97Nu5e2wvcVq3JeT+QP5tdG779OG2aJ
+c1FFT5J6MJsmnFptMTOL5MGaWs/DLPZW9Fw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEL5D1yOrJx97Nu5e2wvcVq3JeT+QP5tdG
+779OG2aJc1FFT5J6MJsmnFptMTOL5MGaWs/DLPZW9Fw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C1:KAS-ECC-CDH_P-224_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEE7/NT46UQjk8q4+0a58FZsImsis3B2l2
+8GF6Ru6yQnUpsojGPC+JY8Hkc98vymyqkNUuL421bdQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C1
+PeerKey=KAS-ECC-CDH_P-224_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ee93ce06b89ff72009e858c68eb708e7bc79ee0300f73bed69bbca09
+
+PrivateKey=KAS-ECC-CDH_P-224_C2
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxa0N1turtPPC6l/jLlYbLK
+VQgUht8sfBXJYisIoTwDOgAEAFvKRdeT5/6ZqENwTtg4MVqxSl9id1B+m8N1MUPp
+1CHhSGrliTv9I8IQ5cFA18axraWdhCyamN4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEAFvKRdeT5/6ZqENwTtg4MVqxSl9id1B+
+m8N1MUPp1CHhSGrliTv9I8IQ5cFA18axraWdhCyamN4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C2:KAS-ECC-CDH_P-224_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdW3YBrnZw02JlpHstFt3GvRo7ABEhqD9
+0oNBHk0Cwsphe7LF2WE/Jd1yQT0in9KQFROqKVBO7vs=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C2
+PeerKey=KAS-ECC-CDH_P-224_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=3fcc01e34d4449da2a974b23fc36f9566754259d39149790cfa1ebd3
+
+PrivateKey=KAS-ECC-CDH_P-224_C3
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwKpv9Vpdgg78tOfRC4Reo8
+n5vF3/hhBtuFMY4ioTwDOgAEL5Z1QTHgloGYqnj76MIB3F81gceS3khzQNMkSGHo
+pc15YVIDttielJb54jb+O2vocx50PWFVGcY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEL5Z1QTHgloGYqnj76MIB3F81gceS3khz
+QNMkSGHopc15YVIDttielJb54jb+O2vocx50PWFVGcY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C3:KAS-ECC-CDH_P-224_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAED1N78cESLFVlbSXoqoQX4LRLFSauBSMU
+T5khxPebJtMOSRp3NpbMLHm08FlrxbnuuvOU0WL7hoQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C3
+PeerKey=KAS-ECC-CDH_P-224_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=49129628b23afcef48139a3f6f59ff5e9811aa746aa4ff33c24bb940
+
+PrivateKey=KAS-ECC-CDH_P-224_C4
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzv5ubiWv+vVMmNACq7xjKN
+oVlAWht1LjLcI5UKoTwDOgAENV6WKSC94ENpX2v/tLNVxj2m9d5mXtRvLsgX4nSO
+CVNo9i4dNk7dRhcZeTtAStvarLyt2Iki/zc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAENV6WKSC94ENpX2v/tLNVxj2m9d5mXtRv
+LsgX4nSOCVNo9i4dNk7dRhcZeTtAStvarLyt2Iki/zc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C4:KAS-ECC-CDH_P-224_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEKzYx0rBhebMXShAPf1cTHu6olHvgeGw9
+xksiOYPeKa49rTGtwCNsbefxRWHKLqCDxScMeKLmy8A=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C4
+PeerKey=KAS-ECC-CDH_P-224_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=fcdc69a40501d308a6839653a8f04309ec00233949522902ffa5eac6
+
+PrivateKey=KAS-ECC-CDH_P-224_C5
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxhyykyUkAB5enu7W332ciT
+XuMyICnt16qKy/1RoTwDOgAE1Q5K2r/Zidfbx89AUlRsx8RHqXYwQ2mXrUuVNlvq
+UDRzxervlVLULECx8vfKKSczslW5u+GxIzc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE1Q5K2r/Zidfbx89AUlRsx8RHqXYwQ2mX
+rUuVNlvqUDRzxervlVLULECx8vfKKSczslW5u+GxIzc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C5:KAS-ECC-CDH_P-224_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAERRFAPeKQWfaaR1xaal9sq+1dnwFENqjL
+cKAjOH0tG2KqBG35NA+cN6CHoGsyz38IoiP5koEqgos=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C5
+PeerKey=KAS-ECC-CDH_P-224_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=827e9025cb62e0e837c596063f3b9b5a0f7afd8d8783200086d61ec1
+
+PrivateKey=KAS-ECC-CDH_P-224_C6
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByMes40cXH5Le+Y2EVHX8gu
+HRSW2oHuWPUFuYX6oTwDOgAEsajcrImsonmTILRR3xx/9Nl1Z6u2gUHA2V/CqjUk
+lQkCsVEL3Jh9hgr8J62HHOrqZpNavTwKmag=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEsajcrImsonmTILRR3xx/9Nl1Z6u2gUHA
+2V/CqjUklQkCsVEL3Jh9hgr8J62HHOrqZpNavTwKmag=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C6:KAS-ECC-CDH_P-224_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEMUoLJt0xwkiEXXzBe2HK1GCCWb7YWljR
+8f/TeGbks1A1LhGe7K2jgpB/Nhn9dI6nOuSJnf1JYwI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C6
+PeerKey=KAS-ECC-CDH_P-224_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=335ba51228d94acbed851ca7821c801d5cb1c7975d7aa90a7159f8fa
+
+PrivateKey=KAS-ECC-CDH_P-224_C7
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBw4L+ubm6EPGJ2Z5xqJzf5E
+y1VM7BOiEoQJd/tooTwDOgAEq7bx43c/+PxzrqKgsQeAnOcK3O/tbkH8XLQwRalj
+iXrpBsEKBV7q25f/3W90jT5WIeX/8wTki6c=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEq7bx43c/+PxzrqKgsQeAnOcK3O/tbkH8
+XLQwRaljiXrpBsEKBV7q25f/3W90jT5WIeX/8wTki6c=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C7:KAS-ECC-CDH_P-224_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEq+aEO+7C/Z5ftkcw0L5NFlQ4zpIu113Y
+C0YD5Wr+hnOpbEupkArYWZXmMeQ2xsyIosK0e3xIhrg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C7
+PeerKey=KAS-ECC-CDH_P-224_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=8c2e627594206b34f7356d3426eb3d79f518ef843fbe94014cceace3
+
+PrivateKey=KAS-ECC-CDH_P-224_C8
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzg1iA1EB70h8SFxg+0UA7r
+5qMuxk2+l9vgIyxGoTwDOgAEiFN3NemyPj4OB28TWoLTP5v/tGXzq86DIqYqYrTI
+wSNnMZeHXAvRTtCXYG0zD7orkgDvZaRHZNM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEiFN3NemyPj4OB28TWoLTP5v/tGXzq86D
+IqYqYrTIwSNnMZeHXAvRTtCXYG0zD7orkgDvZaRHZNM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C8:KAS-ECC-CDH_P-224_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEE8+dbSyaroJ0wn1Eav0MiI/91SrimaNZ
+hNT1J9y+51tRV1H47irjVeiv1d4hxiqTmmUHtTjLxK8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C8
+PeerKey=KAS-ECC-CDH_P-224_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=632abb662728dbc994508873d5c527ca5ef923c0d31fa6c47ef4c825
+
+PrivateKey=KAS-ECC-CDH_P-224_C9
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy5at5bc7pyqotuTXTXv5xY
+6WL/eOtUIofHtEuioTwDOgAEN2gpJqVPcKTBdI9U1Q1bABOKBV+STyxl5bC75Flq
+/vzdZA0pY1AVuJvd3R+MJyNobTMuegbKh5k=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEN2gpJqVPcKTBdI9U1Q1bABOKBV+STyxl
+5bC75Flq/vzdZA0pY1AVuJvd3R+MJyNobTMuegbKh5k=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C9:KAS-ECC-CDH_P-224_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAElltjfA37wM+VQDVobXD37DCSnmZOUh26
+oigGWYKlj/YbyQAZu8u1h104Y9sLwqH6NLCtTeGoP5k=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C9
+PeerKey=KAS-ECC-CDH_P-224_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=34641141aab05ef58bd376d609345901fb8f63477c6be9097f037f1f
+
+PrivateKey=KAS-ECC-CDH_P-224_C10
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBykDX4SBJxx5lIsf/I4QiQG
+HDpFcFizEFV2VbhUoTwDOgAEOZgBJDv+DC2psKU8jKV/Lu6HqqlKjk1eAp9CyqpJ
+5tS0fO56XEq3HVpn2oTgubQlzj5w2mjIiec=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEOZgBJDv+DC2psKU8jKV/Lu6HqqlKjk1e
+Ap9CyqpJ5tS0fO56XEq3HVpn2oTgubQlzj5w2mjIiec=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C10:KAS-ECC-CDH_P-224_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEc8xkU3LKLnFjfNqUPYFI8zgqtt0PLhpJ
+2pThNN9cNVwj5uIy68O+4qsYc+4Ng+M4L45v5hP2NDw=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C10
+PeerKey=KAS-ECC-CDH_P-224_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=4f74ac8507501a32bfc5a78d8271c200e835966e187e8d00011a8c75
+
+PrivateKey=KAS-ECC-CDH_P-224_C11
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBytJRm8ck1ITgKmnwUUm7BH
+cUvw9ZhvrC4iLNlGoTwDOgAE35weDvFeU7n2JuK+HL6JNjnAbz4EOe6V19Sx43pS
+pzhq3aJD79+JQQhchOMSOcq5K4AXM2dIll4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE35weDvFeU7n2JuK+HL6JNjnAbz4EOe6V
+19Sx43pSpzhq3aJD79+JQQhchOMSOcq5K4AXM2dIll4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C11:KAS-ECC-CDH_P-224_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEVGV4IWJQNU5EniFUbdEc0cUXQjZzmsrZ
+zg9FEtKiL81m0avtx2dmgyfFy5xZkEMnYjnPPIUWryQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C11
+PeerKey=KAS-ECC-CDH_P-224_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ad09c9ae4d2324ea81bb555b200d3c003e22a6870ee03b52df49e4de
+
+PrivateKey=KAS-ECC-CDH_P-224_C12
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBw9MSqbnY7QkUCQC7rB4JVS
+fryePGSTvPNmbjopoTwDOgAEtKAZjciBDohEJbdQkosMlgwx96mWY0ALAaF534Er
+YBv8BzgkLG+G+DDyes1jLKYYoLUoDJ1Xafc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEtKAZjciBDohEJbdQkosMlgwx96mWY0AL
+AaF534ErYBv8BzgkLG+G+DDyes1jLKYYoLUoDJ1Xafc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C12:KAS-ECC-CDH_P-224_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEHUax3DooEjy1E0bme67FZASGhnj699Do
+sq+iKg7J5l7JfiGDc+f8EVwidNW4KaYNk/ceAdWBNsM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C12
+PeerKey=KAS-ECC-CDH_P-224_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ef029c28c68064b8abd2965a38c404fb5e944ace57e8638daba9d3cd
+
+PrivateKey=KAS-ECC-CDH_P-224_C13
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByM4IItwkwVOZV1WsNQc371
+BmQcfXUrT5MAxhLtoTwDOgAEAN/H7BN2kM1tEv2y/QuMUxRYIQh2nCtyL/s5WF7v
+PaS6RYEnNGu2QCOGi923VYouz8gTZF9M6f4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEAN/H7BN2kM1tEv2y/QuMUxRYIQh2nCty
+L/s5WF7vPaS6RYEnNGu2QCOGi923VYouz8gTZF9M6f4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C13:KAS-ECC-CDH_P-224_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEJm0DjMek/iH2yXYxjoJ7grtbj3RDpVKY
+E2UG4N8SPZinogu985Q98uNWNCL4wM901TqqvdfJc7o=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C13
+PeerKey=KAS-ECC-CDH_P-224_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=f83c16661dfcbad021cc3b5a5af51d9a18db4653866b3ff90787ce3e
+
+PrivateKey=KAS-ECC-CDH_P-224_C14
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwP+bSFMlq3fynnvDef7XS/
+rIWUgtoN7nUowZ2yoTwDOgAEfmA+aXbbg8NgEVCPppXRtRUkni5UtI/Lz7kCRwF5
+pgDOhq38qbG5MfpRc9YY2gnoQYA9GbAmQoY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEfmA+aXbbg8NgEVCPppXRtRUkni5UtI/L
+z7kCRwF5pgDOhq38qbG5MfpRc9YY2gnoQYA9GbAmQoY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C14:KAS-ECC-CDH_P-224_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE6woJ96HCNqYfWVgJ7FZw79kuRZjV5hPg
+ks39ylB4euLy8VuIvBD3tfCu4UGDc/FhU669H7pUKI0=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C14
+PeerKey=KAS-ECC-CDH_P-224_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=f51258c63f232e55a66aa25ebd597b2018d1052c02eeb63866758005
+
+PrivateKey=KAS-ECC-CDH_P-224_C15
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBwZz1/2MGRn8ouf4GdaQ8BY
+JVLIwS5Zznw48pKxoTwDOgAE/CDpBuYJwRLPwuD+pjA4gsXblOh+AiNzqywIKq7N
+8dqnF4K8Wia7vY1+inZJDiarwX3/x3S9c0E=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE/CDpBuYJwRLPwuD+pjA4gsXblOh+AiNz
+qywIKq7N8dqnF4K8Wia7vY1+inZJDiarwX3/x3S9c0E=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C15:KAS-ECC-CDH_P-224_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEay9rGKWH9WL/xhvZsARzIihphqePH9E5
+uE98JHCWkI5GFSZr5ZpTzWVVFQVv+SNwpicaXTgj1wQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C15
+PeerKey=KAS-ECC-CDH_P-224_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=7fdc969a186ff18429f2a276dac43beea21182d82ce2e5a0876552b1
+
+PrivateKey=KAS-ECC-CDH_P-224_C16
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByQoVNo41MsCx5R5V0TlEfC
+yJvBYHGdaXKR6nwUoTwDOgAExoN9UG6XbafbOtEmfDWd/y6m+wt/f453AkxZ6Wfr
+SR0vyKUwxGUl0qiy18HfX7oa50CkZJxoPuY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExoN9UG6XbafbOtEmfDWd/y6m+wt/f453
+AkxZ6WfrSR0vyKUwxGUl0qiy18HfX7oa50CkZJxoPuY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C16:KAS-ECC-CDH_P-224_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEMoEBuoJqzXX/nzTVV0zg28kvcJutjXoz
+xHlAwd858eqISIxV1VOBYIeLnO0YqIfqJh3XEtFAJP8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C16
+PeerKey=KAS-ECC-CDH_P-224_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=3d60ab6db2b3ffe2d29ccff46d056e54230cf34982e241556ed2920c
+
+PrivateKey=KAS-ECC-CDH_P-224_C17
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByOCDjgXhchSRBn4cq8LoBR
+spDiYW7sQntxIYl9oTwDOgAE6RUPdwB1YmAZ4Y+VRztx5oKAQXkdPwjT+u6qK0df
+cHNequUjCKO3Y9yI7+GKtZDrr6A19uCLABw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE6RUPdwB1YmAZ4Y+VRztx5oKAQXkdPwjT
++u6qK0dfcHNequUjCKO3Y9yI7+GKtZDrr6A19uCLABw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C17:KAS-ECC-CDH_P-224_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEAIHjQnCHHi672UGD9he0rhXwQW3WNP5u
+k0zzwDoenzinuQtzF9Jrn2MRBjq1iyaM9Imy5QOG1dY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C17
+PeerKey=KAS-ECC-CDH_P-224_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=9116d72786f4db5df7a8b43078c6ab9160d423513d35ea5e2559306d
+
+PrivateKey=KAS-ECC-CDH_P-224_C18
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBw4EG6T8Wo4Gtsdcs7j2mau
+RirUu/6p7N810IFOoTwDOgAEe+bEyReCmrZX3XnoY31679L4Hw3nZU2VfpdljUMN
+ItnoQ4MQ9h4NQ/Jfo+NFhfQyuq0n2zAhvw0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEe+bEyReCmrZX3XnoY31679L4Hw3nZU2V
+fpdljUMNItnoQ4MQ9h4NQ/Jfo+NFhfQyuq0n2zAhvw0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C18:KAS-ECC-CDH_P-224_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEJiNjL98L2FaAWmmqGG1BM+9ZBOH2Valy
+1mzOByzvlyjdBvuLUBUPUptpUHbUUHmDkSWFyJvQaC4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C18
+PeerKey=KAS-ECC-CDH_P-224_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=207c53dcefac789aaa0276d9200b3a940ce5f2296f4cb2e81a185d3d
+
+PrivateKey=KAS-ECC-CDH_P-224_C19
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzl0XGEMc9Q9svRvIAZ+hZ2
+LfoSyYnlmZl3+06ioTwDOgAELqSWbn+S7X9cxh/eeSBF9jtzHW59DeJXfy2OzhxK
+ex7eb4ORYikt9CS+eOgXb7b5QqPAI5FwDzE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAELqSWbn+S7X9cxh/eeSBF9jtzHW59DeJX
+fy2OzhxKex7eb4ORYikt9CS+eOgXb7b5QqPAI5FwDzE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C19:KAS-ECC-CDH_P-224_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEjuTR3MMd7kv2/iHKilh3IdkQrPsSLBbC
+p3qBUk6/Mj//BOtHcGmgrGizRfaxrhNO/DGUDlE8uZ8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C19
+PeerKey=KAS-ECC-CDH_P-224_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=10e467da34f48ad7072005bccd6da1b2ba3f71eafa1c393842f91d74
+
+PrivateKey=KAS-ECC-CDH_P-224_C20
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBw9Y1aRtiqaknxjOVHJNpyI
+Yr0hGdMJcMJkRyfWoTwDOgAEQ4u7mAUXr7IL4dZ046wrMc7wepsj+49uOODWwAvl
+8cR9WNIbbtKEI7MvWpR1DaR+3O8z6nmUKv0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEQ4u7mAUXr7IL4dZ046wrMc7wepsj+49u
+OODWwAvl8cR9WNIbbtKEI7MvWpR1DaR+3O8z6nmUKv0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C20:KAS-ECC-CDH_P-224_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEl9y+bSgzWIKm0ZPMVKEGPdB3XcMoVlMA
+u5nmkdrRHdXs6M/Z+XyaUm5KFQbmNVlp7oeCb8OLzSQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C20
+PeerKey=KAS-ECC-CDH_P-224_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=82fd2f9c60c4f999ac00bbe64bfc11da8ff8cda2e499fced65230bb1
+
+PrivateKey=KAS-ECC-CDH_P-224_C21
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBys88hbvcN58C9eo25/D1MJ
+Wp5wRqKGhahlm/eYoTwDOgAE/3URIVxx15a9ZG6EdL5EFrkWhM4NJp729CIBO7e/
+Xnm1qTk7uepCwL2y08LcgG4acwaqWOT9vqU=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE/3URIVxx15a9ZG6EdL5EFrkWhM4NJp72
+9CIBO7e/Xnm1qTk7uepCwL2y08LcgG4acwaqWOT9vqU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C21:KAS-ECC-CDH_P-224_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEzpEm3VOXLeod4dEe/vkA3jS2YYWcRkjF
+wOU09+ETtvLBZZ0H8nFuZKg8GLvONE3SEh/oUWjq4IU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C21
+PeerKey=KAS-ECC-CDH_P-224_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=530f7e7fc932613b29c981f261cb036cba3f1df3864e0e1cba2685a2
+
+PrivateKey=KAS-ECC-CDH_P-224_C22
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzP/WLLAKDjFj+/LDl/rclh
+ghD4a09UpnUocwXwoTwDOgAEBL9NlI9EMNGLTtbJbbr5gfoRpAPtFoh/BnVJgXwT
+JqnO9R951OeDA9YGS0WfYSWErC/fWT19XYQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEBL9NlI9EMNGLTtbJbbr5gfoRpAPtFoh/
+BnVJgXwTJqnO9R951OeDA9YGS0WfYSWErC/fWT19XYQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C22:KAS-ECC-CDH_P-224_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEhEGZZ9bPrUHnWgK22mBal5SaGDqXwwbE
+tG5mpVzJsllxixvIsUT95jOolGFv/VmjptXY6ULHy7c=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C22
+PeerKey=KAS-ECC-CDH_P-224_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=49f6fd0139248ef4df2db05d1319bd5b1489e249827a45a8a5f12427
+
+PrivateKey=KAS-ECC-CDH_P-224_C23
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBByF+QPkOUPRPGiTLnEOgN5S
+y8C48aFBjqTaB5KZoTwDOgAElwpKfgHUGISXzrRpVesbhC2QhYGam5JchFKdPd+i
+UmSA+DPqDtvSBOTjZf7zRyiI/n2WkcPrwJ8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAElwpKfgHUGISXzrRpVesbhC2QhYGam5Jc
+hFKdPd+iUmSA+DPqDtvSBOTjZf7zRyiI/n2WkcPrwJ8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C23:KAS-ECC-CDH_P-224_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEfJysNXaAY8KCf2Cn9ROI8qj0t/jNc2vW
+vDN0dynua4ScYCXVd9vMVfvRcBj07bwu8QWwBNYle80=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C23
+PeerKey=KAS-ECC-CDH_P-224_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=8f7e34e597ae8093b98270a74a8dfcdbed457f42f43df487c5487161
+
+PrivateKey=KAS-ECC-CDH_P-224_C24
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzM5kiRo9ASn+4NSpbPvnrE
+cLhelnUpBXz6MaHZoTwDOgAEprKWMtuU2iEl3Bz4DgNwJoeyrMESICL6IXR2WmFy
+Pt1z4Q2u1zd1J48ZWLpW8fydCF68K2TIT+U=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-224_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEprKWMtuU2iEl3Bz4DgNwJoeyrMESICL6
+IXR2WmFyPt1z4Q2u1zd1J48ZWLpW8fydCF68K2TIT+U=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-224_C24:KAS-ECC-CDH_P-224_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-224_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAECFp2Qq2OWbGj6HJqdUevvs/9rB2rflcj
+DGqd9PkcNtiB/puAR6NTBxNVShr0wlxajmVNzc9ony4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-224_C24
+PeerKey=KAS-ECC-CDH_P-224_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=71954e2261e8510be1a060733671d2e9d0a2d012eb4e09556d697d2a
+
+PrivateKey=KAS-ECC-CDH_P-256_C0
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfX3F9x6yndr4DWIU
+Yy7q4D2QWK8fttIu2AuttivBpTShRANCAATq0hhZARnoh2spFG/4nKYXcMTtu/l9
+OM44XtKB2KayMCivYSgf014vpwAlI6zIWkKcsG7mZIMlOJ9Z7fzhQFFB
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6tIYWQEZ6IdrKRRv+JymF3DE7bv5
+fTjOOF7SgdimsjAor2EoH9NeL6cAJSOsyFpCnLBu5mSDJTifWe384UBRQQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C0:KAS-ECC-CDH_P-256_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcAxI939WWExcxjLKZWQNuRtrrM46
+Tfa0LOfMg4gz0ofbceUJ4/2bBg3bILpcUdzFlI1G+/ZA3+BEF4LKuF+krA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C0
+PeerKey=KAS-ECC-CDH_P-256_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b
+
+PrivateKey=KAS-ECC-CDH_P-256_C1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOPZdbc5HZ2BE1Yzl
+E5WC1Wj2S7FgmNF526sHdB3VyvWhRANCAAQRny8EeQJ4KrDJ4npUr/Xrm5ZIKcqZ
+wGsC3bqVsKP20I9StyZmTKw2b8mKx6ASsmgsvZYuWstURnHUG5RFcE0d
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEZ8vBHkCeCqwyeJ6VK/165uWSCnK
+mcBrAt26lbCj9tCPUrcmZkysNm/JisegErJoLL2WLlrLVEZx1BuURXBNHQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C1:KAS-ECC-CDH_P-256_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgJ8EKJxkNIwBUV6wPVznrBqMuUmP
+XKpQGX5Y1DqGp66ynYToERl/Jeuo9RlAkstv9EDibUQhARNyRh9XknHNow==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C1
+PeerKey=KAS-ECC-CDH_P-256_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67
+
+PrivateKey=KAS-ECC-CDH_P-256_C2
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGsz68bl3Erhab1Sx
+SJhaG9xMm+wL0ljK1LPWA/SfMsihRANCAATZ8recFyhFv9tWC7sBRHyl7MBHCglR
+O2EmkCxrT40QUfgV717DISjTSHg0dkZ4cC5k4WT/cxUYXiOv9frNlte8
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2fK3nBcoRb/bVgu7AUR8pezARwoJ
+UTthJpAsa0+NEFH4Fe9ewyEo00h4NHZGeHAuZOFk/3MVGF4jr/X6zZbXvA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C2:KAS-ECC-CDH_P-256_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEojOcEtSgPDNUbeUzJotK1mfev0WL
+Rk13RDY2RA7n/sPvSKOrJuICILzaLBhRB2g52uiOrpYoaaSXv3PLZvr1Ng==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C2
+PeerKey=KAS-ECC-CDH_P-256_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec
+
+PrivateKey=KAS-ECC-CDH_P-256_C3
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIHxDp5v+4D229LlE
+9T0vt2zEnvHJxNNNUbbGXE22ky2hRANCAAQkJ3wz9FBGLcs9SAHVe5ztBRiPFsKO
+2ocyWASM0WB+DcR4l1PisfY7Mv8BTsQs1qafrIHf5tDW/Urzcq4nxG+I
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJCd8M/RQRi3LPUgB1Xuc7QUYjxbC
+jtqHMlgEjNFgfg3EeJdT4rH2OzL/AU7ELNamn6yB3+bQ1v1K83KuJ8RviA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C3:KAS-ECC-CDH_P-256_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3zmJufpVSVcZs89G3M0otRU/eAgZ
+HdUY7/DDz/K3Be1CIpT/RgA0Kdc5ozIGyHUlUsi6VKJw3vwG4iHg/q9qxA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C3
+PeerKey=KAS-ECC-CDH_P-256_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024
+
+PrivateKey=KAS-ECC-CDH_P-256_C4
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWRN+OBUjULGVyXGN
+OWc9UZg4BVrZCN1HVxUv2CVcCb+hRANCAASoxf3Oi2LFraWY8UGts7Js8lTCgLKF
+emPSrXg6cxFfa4BuGq/sSvgKDXhrPeRTdbUXp+W1H/ssNWU3yebvIn1K
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqMX9zotixa2lmPFBrbOybPJUwoCy
+hXpj0q14OnMRX2uAbhqv7Er4Cg14az3kU3W1F6fltR/7LDVlN8nm7yJ9Sg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C4:KAS-ECC-CDH_P-256_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQRktKBPnlWHmodb1PIvBpDOhmcg1
+4UGwWnSpew+uuSIa+YzEXpin4EGwHPNfRit1YigTUcjr8/+gLjOgcioTKA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C4
+PeerKey=KAS-ECC-CDH_P-256_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62
+
+PrivateKey=KAS-ECC-CDH_P-256_C5
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg9fjgF0YQpmEneXm1
+jOXJD+5smzuzRqkKcZYlXkCxMu+hRANCAAR7hh3NKESlqDY/a4741JNkD1WHkhcY
+nYAyaq2UgN/BScRnW0XuswZAX2wzw4vGnrK97Jt1rVr0cGqrhFQ7nMY6
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEe4YdzShEpag2P2uO+NSTZA9Vh5IX
+GJ2AMmqtlIDfwUnEZ1tF7rMGQF9sM8OLxp6yveybda1a9HBqq4RUO5zGOg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C5:KAS-ECC-CDH_P-256_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM+ggkqDx+zj1ZJ1YZ/uii1AxcrcD
+VXS/jltxAKMFJ5Lyz2tgHgoFlF4zVVC/ZI14L0YYbHcsDyDTzQ1rjKFLLw==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C5
+PeerKey=KAS-ECC-CDH_P-256_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3
+
+PrivateKey=KAS-ECC-CDH_P-256_C6
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgO1ia99sDRZwjBotk
+9j8o08PGvCW1v3asBfNUgoiLUZChRANCAASfs44tWOobr3Yi6WcgEByuPN5LpsHp
++ibZsd4ImRAoY9VWG5AEBu31CALdfXPok5X4rtcvug4dG2H+HSIwImDw
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEn7OOLVjqG692IulnIBAcrjzeS6bB
+6fom2bHeCJkQKGPVVhuQBAbt9QgC3X1z6JOV+K7XL7oOHRth/h0iMCJg8A==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C6:KAS-ECC-CDH_P-256_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEap4MP5FuTjFckRR75XFobZBGTov5
+gdNKkLY1O8pu66dA+b6tOcLyvMJgL3W4pz7Hvf/Lzq0VnQF0xsTTxTV/BQ==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C6
+PeerKey=KAS-ECC-CDH_P-256_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d
+
+PrivateKey=KAS-ECC-CDH_P-256_C7
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2L+SmiDqdDayRhtU
+GhHIDmHYJsCkydMisx3VTn9YucihRANCAAQg8HYx5KZRKomtSHxOnWMDnlecsNel
+VsueZhzVnB5/pG3pGEaz7uil7AnCqx9B4hvYNiDM3Rvc46t+puAt0nT1
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIPB2MeSmUSqJrUh8Tp1jA55XnLDX
+pVbLnmYc1Zwef6Rt6RhGs+7opewJwqsfQeIb2DYgzN0b3OOrfqbgLdJ09Q==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C7:KAS-ECC-CDH_P-256_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqcCsreVcKnPq0ahvsKlxMiPIJHV5
+HNDiELBGQSziJLv23gr6IOk+B4RnwFPSQZA+2tc0xrQDunWMK1/wTJ1CKQ==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C7
+PeerKey=KAS-ECC-CDH_P-256_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489
+
+PrivateKey=KAS-ECC-CDH_P-256_C8
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgD5iDug7zLudd7Q2L
+2jmlFGop8fJQezvUWNvqCyuwW02hRANCAASrthtCO+XWwm4hxgWDLJFC3B3+Wl//
+KHJnN5Nub79RbXM9JRPvWL6rICCQWG+skb8P7jHoCrM0c6sjotieWPrW
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEq7YbQjvl1sJuIcYFgyyRQtwd/lpf
+/yhyZzeTbm+/UW1zPSUT71i+qyAgkFhvrJG/D+4x6AqzNHOrI6LYnlj61g==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C8:KAS-ECC-CDH_P-256_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElOlPFqmCVf/yuawMlZiqw1SHsyMt
+MjG9k7fbffNvnrnYBJpDV5z6kLgJOpRBbL77+TOG8Vs/bhkLbjRV/t/mmg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C8
+PeerKey=KAS-ECC-CDH_P-256_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4
+
+PrivateKey=KAS-ECC-CDH_P-256_C9
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgK+7bBLBcaYj2pnUA
+u4E/ryyuDVgMklO2M55KMze7bAihRANCAAQ9Y+Qpy1+olakkcSm/TkjonzXXsR3o
+FY7+s+EGoqhzlQyunkd+9B58jBBkN5u3tVTdy8rnn5gUKB8eUPBAPGHz
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPWPkKctfqJWpJHEpv05I6J8117Ed
+6BWO/rPhBqKoc5UMrp5HfvQefIwQZDebt7VU3cvK55+YFCgfHlDwQDxh8w==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C9:KAS-ECC-CDH_P-256_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4Jm/Kk1VdGC1VEQwu/baEQBNEny1
+1n9kqwfJT831J0/ZxQ2+cNcU7bXiIfTgIGEO62JwUX5ojKZPsOmMfvjBxQ==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C9
+PeerKey=KAS-ECC-CDH_P-256_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b
+
+PrivateKey=KAS-ECC-CDH_P-256_C10
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgd8Fdz0RhDkFpa6t1
+iUPv8UCTM+TVoRu+csj2w5Xp+EihRANCAAStXRPD21CN3NOEV+WZFDSiUb7UnPXd
+y1nN7nOGXxOMn2LOwecFiKpP38e5oJ2qZ4CBwE4SCLnWYriiIUv46Boh
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErV0Tw9tQjdzThFflmRQ0olG+1Jz1
+3ctZze5zhl8TjJ9izsHnBYiqT9/HuaCdqmeAgcBOEgi51mK4oiFL+OgaIQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C10:KAS-ECC-CDH_P-256_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE91pf5WvaNPPBOWKWYm7wEtwH5IJY
+OHeKZFyCSM/wFlgzu98bF3LYBZ31aLBh8/ESLyio2BkWfJe+RI49w/sMPA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C10
+PeerKey=KAS-ECC-CDH_P-256_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3
+
+PrivateKey=KAS-ECC-CDH_P-256_C11
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQqg7mFAR0SMD2xqA
+DyYQ90qnHN8Zxn1Uzmye2VHpCT6hRANCAASrSMqmHqNfE/jtB/+moT6NsiTf7Prh
+p9+LG7brrwy5fRJ0Uwyiw4WjIYvd+8vwtAJMm63VJDv/g06/8kqGGNzL
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEq0jKph6jXxP47Qf/pqE+jbIk3+z6
+4affixu2668MuX0SdFMMosOFoyGL3fvL8LQCTJut1SQ7/4NOv/JKhhjcyw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C11:KAS-ECC-CDH_P-256_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELbRUDVAjB1YVir9h2YNXErZIbHQx
+IYPM78rvJ5e3Z01i9X8xTj80ldxOCZAS9eC6cXcPlmCh6tpUEEzf3nckPg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C11
+PeerKey=KAS-ECC-CDH_P-256_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a
+
+PrivateKey=KAS-ECC-CDH_P-256_C12
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgzu01UHtck+rVmJEZ
+ubo0LP445uY4um7qNDpVR13igAuhRANCAASajNm9cucXUt+RRA93xUdQmoTfmBFO
+feTybNs5I0piXdB8/ITI4UT6soOfUYm7HXyIYx1Xm7xYAS7ZojJ9pS9i
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmozZvXLnF1LfkUQPd8VHUJqE35gR
+Tn3k8mzbOSNKYl3QfPyEyOFE+rKDn1GJux18iGMdV5u8WAEu2aIyfaUvYg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C12:KAS-ECC-CDH_P-256_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzZT8lJfomQdQMJ6ahTT9EUsKblTa
+icR5YQGJcEHRTsvD3vS1/gT67goRkyIp//VjY3v97g55xt7q9En4VAHFxA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C12
+PeerKey=KAS-ECC-CDH_P-256_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307
+
+PrivateKey=KAS-ECC-CDH_P-256_C13
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQ+Dp2Vr03DZIPN0Z
+aNK37rhhH8znfzpOfQWa5D5QlgShRANCAAT5ic+O6VaoLn69mIHNv7L9lGGJsI21
+NVm8jP3UgHHrFF7/KPGhimFrBLfTN4aGefbdhPmns9e2+K8nbBlhGlQd
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+YnPjulWqC5+vZiBzb+y/ZRhibCN
+tTVZvIz91IBx6xRe/yjxoYphawS30zeGhnn23YT5p7PXtvivJ2wZYRpUHQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C13:KAS-ECC-CDH_P-256_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFbnkZ69NKQxBdALgQEJv5M8ja65y
+uqOS7Yl4DfzNtHHN9OkXD7kEMCuP2TqCC6jMftTv06by1rBbgLL/Ku5Odw==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C13
+PeerKey=KAS-ECC-CDH_P-256_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96
+
+PrivateKey=KAS-ECC-CDH_P-256_C14
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsvNgDfM2jvigu4Wr
+IvQfwOX0/dVL6BZ6XDzUsI2wSQOhRANCAARpxidiWzakKcOYtFw4Z3yzXYvrHPeK
+Vx5A6Z/k6sHNToFpARKwqI8g9xNrKNfUfl+8Kto8jt2HWJvBnslZBje9
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEacYnYls2pCnDmLRcOGd8s12L6xz3
+ilceQOmf5OrBzU6BaQESsKiPIPcTayjX1H5fvCraPI7dh1ibwZ7JWQY3vQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C14:KAS-ECC-CDH_P-256_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEScUDumxPpgUYLhhrXoERPwdbwR3P
+1RyTL7IelR7uL6GK9wb/CSLYez8MXk4x2LJZrrJgqSaWQ+1SChO7JdpZJA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C14
+PeerKey=KAS-ECC-CDH_P-256_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf
+
+PrivateKey=KAS-ECC-CDH_P-256_C15
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQAJTQwf4tiqb9n/2
+Qd3GD+9ZOxfDNBI56VvbPleb/cihRANCAARf6WRnExWhiqaKKm490f3n4juM5xgU
+cc+sQ8meGugCYtWCe+KC5iyE3lMbljiEuoMttdayw6JW8OYE/n5rin9y
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX+lkZxMVoYqmiipuPdH95+I7jOcY
+FHHPrEPJnhroAmLVgnviguYshN5TG5Y4hLqDLbXWssOiVvDmBP5+a4p/cg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C15:KAS-ECC-CDH_P-256_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGbON45/dL3D3CRYxpPddGZN0C6lC
+kWLCpFMSQBY2spwJrtcjKyjgYJQXQbaCi836K8ScyETzdzYRUE+Co5Clrg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C15
+PeerKey=KAS-ECC-CDH_P-256_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343
+
+PrivateKey=KAS-ECC-CDH_P-256_C16
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTfoS3vxgMZAhtoGz
+/4ShClEZWMhQk57UVjWTS6SXkUehRANCAATJsrhJbxRAvUotHlJ1L9Nyg1s2SIXh
+VKfaxJKV8oHsfPvmuSaopN4mzMg7gCsSEkAHVL4l2fPurwCLCYcK52Mh
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEybK4SW8UQL1KLR5SdS/TcoNbNkiF
+4VSn2sSSlfKB7Hz75rkmqKTeJszIO4ArEhJAB1S+Jdnz7q8AiwmHCudjIQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C16:KAS-ECC-CDH_P-256_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELJHGHzOt/pMRyUL9v/a6RwIP7/QW
+t7tjzsE/r5sJmVRsqzGwZBnlIh/KAU+4TshwYiobErq1rkNoKqfqc+oI0A==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C16
+PeerKey=KAS-ECC-CDH_P-256_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78
+
+PrivateKey=KAS-ECC-CDH_P-256_C17
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEzH22HSk7TvEosbp
+x0Mx0wOXljFL7uO3FS/NulVWME6hRANCAARZ4eEBUhBGrZzx0ILp0ux90iUwzOBk
+mR8eVcW89fy1kUgvT2cxdsj9qgu25ZsVo+R0VOOgQpfThjyTONmK3R83
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWeHhAVIQRq2c8dCC6dLsfdIlMMzg
+ZJkfHlXFvPX8tZFIL09nMXbI/aoLtuWbFaPkdFTjoEKX04Y8kzjZit0fNw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C17:KAS-ECC-CDH_P-256_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEooou31gCVmj3JKr4OlCVa3rBz7v/
+ebCMO/h9/Sgo12ffp7//1MdmuGq+r1yZtuUMuczJ2dALf/x4BLBJG2e8Aw==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C17
+PeerKey=KAS-ECC-CDH_P-256_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f
+
+PrivateKey=KAS-ECC-CDH_P-256_C18
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3V6fcK50AHPKAgTf
+YHY/tgNsRXCb9Ke7TmcUEvrWXaOhRANCAAQwudsuLpd7zcmMuH3XNsvY54VSEhkl
+zxbhkzZXwvsjFGpFAogAuBKRvOXC4f7X3tZQYg675gUMbzp/DftGc6tc
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMLnbLi6Xe83JjLh91zbL2OeFUhIZ
+Jc8W4ZM2V8L7IxRqRQKIALgSkbzlwuH+197WUGIOu+YFDG86fw37RnOrXA==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C18:KAS-ECC-CDH_P-256_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEou+FeggfnW6yBqgcTPeKgCvfWYrj
+gMiIbs2F/cHtdkRWPEwgQZ8HvBfQU5+t4YVeNIOVFbiSwPXSZWH5f6BNGg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C18
+PeerKey=KAS-ECC-CDH_P-256_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c
+
+PrivateKey=KAS-ECC-CDH_P-256_C19
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWuAmz8Bg1VYAcX5V
+uKEuEW0dDfNK+DGXkFdgfC2cL3ahRANCAARGyevRpKPIwLbVcrXc+6EkZ2AyCKnL
+XSrPu3M8QM9jkUbJE6J9BEGF04tGes4BHgTU2bu7jLmuJfqSqvFaWV6G
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERsnr0aSjyMC21XK13PuhJGdgMgip
+y10qz7tzPEDPY5FGyROifQRBhdOLRnrOAR4E1Nm7u4y5riX6kqrxWllehg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C19:KAS-ECC-CDH_P-256_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzNii2GvJLy4BvOTWkiz3/hYmrtBE
+aF6V4u69RkUF8B/p3dWDqWNaZnd31bio8xsPeeuhLHUCNBC1S4Vn3dwPOA==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C19
+PeerKey=KAS-ECC-CDH_P-256_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3
+
+PrivateKey=KAS-ECC-CDH_P-256_C20
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtgGsQl1dv54XNcXi
+1b23nKmLPVvkos/W8ic/FQ4GTZ2hRANCAAR8npUIQdJsjd6JlDmLj11HWgIrxj3n
+dz/PjVUuAfG6CsxCuYhcmzvuD42MV9Oo9jVQFsAZxAYvoiz/LyCbXMLh
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfJ6VCEHSbI3eiZQ5i49dR1oCK8Y9
+53c/z41VLgHxugrMQrmIXJs77g+NjFfTqPY1UBbAGcQGL6Is/y8gm1zC4Q==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C20:KAS-ECC-CDH_P-256_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwYj/yJR/cwH7e1PjZ0YJfCE0v5zJ
+gbp0tOnENh9ZXk6/fS8gVuckIe85PwwPKw4AEw48rEq7zAAoYWjoXsVQUQ==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C20
+PeerKey=KAS-ECC-CDH_P-256_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660
+
+PrivateKey=KAS-ECC-CDH_P-256_C21
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/vsd2hhFMStfzmuB
+sr4gWvLzonT1ohL2bA2fwz165TWhRANCAAQ4tU24VQDLIMYQVu3T2ItqncJngKBH
+8hOm4bkA92WW62OH5OV4FXHk64rmKZGjO13DMwHFvH4SXVN5SjkWDY/Q
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOLVNuFUAyyDGEFbt09iLap3CZ4Cg
+R/ITpuG5APdllutjh+TleBVx5OuK5imRoztdwzMBxbx+El1TeUo5Fg2P0A==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C21:KAS-ECC-CDH_P-256_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMX4QIP9T/M7xi/R7t/Lddwf7e3p1
+eOBPNbO+7SIqDrYJQgzloZ13xv4e5YfmpJ+6+PKA6N8DPXVAMwLlon2yrg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C21
+PeerKey=KAS-ECC-CDH_P-256_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0
+
+PrivateKey=KAS-ECC-CDH_P-256_C22
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgM0rgxGk9I5Nafo4E
+PrveIeFop8uj+lB8m+QddoHgSc6hRANCAAQ/K/FYmr8wR78+VKyalTeb/5X49VQF
+9k7KNqfuvo/8p1ISqU5mxa6aiZGHL2anJyPYDsWy6SV0XEVvU3GUOzoG
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPyvxWJq/MEe/PlSsmpU3m/+V+PVU
+BfZOyjan7r6P/KdSEqlOZsWumomRhy9mpycj2A7FsukldFxFb1NxlDs6Bg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C22:KAS-ECC-CDH_P-256_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERfsCss6518ednC+pPpx5Z8L6TfV4
+n5ZAskJkseUk/LFcbo7PH30wI4k7exyh5NF4ly7iojB1fdxWT/439cWjIQ==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C22
+PeerKey=KAS-ECC-CDH_P-256_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c
+
+PrivateKey=KAS-ECC-CDH_P-256_C23
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLEveQCFPzDv8R9TP
+Q0timsvpFX+P0CglQDMd55Qs8J2hRANCAAQpwIB/EMvEL7RcmYnaUGge6tcW2qe5
+6R/TLgYvXrksoP8dbRlV1zdrLaJP4RY6JxZZE2NBvC6xGV/HBtxi5/NN
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKcCAfxDLxC+0XJmJ2lBoHurXFtqn
+uekf0y4GL165LKD/HW0ZVdc3ay2iT+EWOicWWRNjQbwusRlfxwbcYufzTQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C23:KAS-ECC-CDH_P-256_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoZ73v/mK2ngYQvv8UaR6/zm1k1oc
+fZYlyNMj1RHJLebpwYTfdclV4C4C5AD/5F948znhr+bQVvsyRfRwDOYG7w==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C23
+PeerKey=KAS-ECC-CDH_P-256_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b
+
+PrivateKey=KAS-ECC-CDH_P-256_C24
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghaJo+dd3L5kMNrQr
+CjMa3JK1lB3guGLV2Jo0fL+PqrChRANCAASc9LmFgcoXeUU8yBb/KLQQCvVs8b8u
+W8MS2DtrGyHTM3pVBPysUjGg0S1lghgoSGginIRKBKNFDWxzgavggL87
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-256_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnPS5hYHKF3lFPMgW/yi0EAr1bPG/
+LlvDEtg7axsh0zN6VQT8rFIxoNEtZYIYKEhoIpyESgSjRQ1sc4Gr4IC/Ow==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-256_C24:KAS-ECC-CDH_P-256_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-256_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENWxaREwEmlL+4K3rfl2CrlqoMDC/
+/zG7+M4gls8WHEtX0SjeiypXoJTRoAHlchc/luiGauNSvynN2vkvyFsvkg==
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-256_C24
+PeerKey=KAS-ECC-CDH_P-256_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857
+
+PrivateKey=KAS-ECC-CDH_P-384_C0
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA8wxIqaPDZUCetOMBn
+kWug64w4iU0i4bFWGLaBimYXdK1GOyBdqIz2matNQ8nPmKGhZANiAASYA4B/L20v
+2WbN0CkL1BDAGQNS++x/9iR94TAt+G8l00/kqXvvYM/1SDVcAV27Pl+6Jspp7C9b
+XZ2tIMydpxE4Op2+NOo/paKvdbRlAmKa1U3Yt9c6irsGo6O+R9ZQzJk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmAOAfy9tL9lmzdApC9QQwBkDUvvsf/Yk
+feEwLfhvJdNP5Kl772DP9Ug1XAFduz5fuibKaewvW12drSDMnacRODqdvjTqP6Wi
+r3W0ZQJimtVN2LfXOoq7BqOjvkfWUMyZ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C0:KAS-ECC-CDH_P-384_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEp8drlww7X+iwXSg4rgSrR2l7nq9S52RZ
+Lv2if+dRMnJzRGa0AAka2/LWjFjgxQBmrGjxny4cuHmu1DqZabkaCDnEw4pJdJtm
+Hv7fJDRRkV7QkFoysGCZK0aMZHZvyEN6
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C0
+PeerKey=KAS-ECC-CDH_P-384_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=5f9d29dc5e31a163060356213669c8ce132e22f57c9a04f40ba7fcead493b457e5621e766c40a2e3d4d6a04b25e533f1
+
+PrivateKey=KAS-ECC-CDH_P-384_C1
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCShgwhveBhZfjpAMaH
++O8KBdFPKQs/B9izqMxkBDZuXVEZzW0D+xLcWOifE9+c14OhZANiAATqQBj1owfD
+eRgL9qYv0s7O6+631N8GOmb7g4qjUkNBl5H34snUgDyTGaoOsDxBa2Zog1qRSE8F
+7wKChN9kNvuI/+urzdaasBM+ZzWhvPs3ID0Q00CoMop7aHcMp1h4oaY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE6kAY9aMHw3kYC/amL9LOzuvut9TfBjpm
++4OKo1JDQZeR9+LJ1IA8kxmqDrA8QWtmaINakUhPBe8CgoTfZDb7iP/rq83WmrAT
+Pmc1obz7NyA9ENNAqDKKe2h3DKdYeKGm
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C1:KAS-ECC-CDH_P-384_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMPQ/zytrAN5T9iTxVDCQaBg5cX1Tx8lV
+0dae+vA0m3NjrLRHJAEBy7OvZkHOS4jgJeRsDFTwFip378wntup5IAKuK6gnFCmc
+hghXpoFTq2LlJewFMNgbWqFYl5gehYdX
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C1
+PeerKey=KAS-ECC-CDH_P-384_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=a23742a2c267d7425fda94b93f93bbcc24791ac51cd8fd501a238d40812f4cbfc59aac9520d758cf789c76300c69d2ff
+
+PrivateKey=KAS-ECC-CDH_P-384_C2
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASz2oiOnI1JUODDz8Y
+Uw1cs38miAoLKUSCyKjvivrQmqeLfcLyeJp4xmr10cxVOFOhZANiAAT8/OoIXoz3
+TQ3O0WILqEI2lPkDohm7+QGwtZ1qyBuq0xaiQroyvehcskgRm4Uvq2aXLjxox6tA
+LFg28qFu1FGjMSCndQpgOfP/FTiO5iK3Bl9xIr9tUa77wps3sDQEWBs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/PzqCF6M900NztFiC6hCNpT5A6IZu/kB
+sLWdasgbqtMWokK6Mr3oXLJIEZuFL6tmly48aMerQCxYNvKhbtRRozEgp3UKYDnz
+/xU4juYitwZfcSK/bVGu+8KbN7A0BFgb
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C2:KAS-ECC-CDH_P-384_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGu+/osbIyFWhohZ3RVC3miTNo3YHux98
+yQZlDuSzgW1o9qnHXabkJCzr+2ZS9lGAQZ0otyPrrbdlj867mtm3repnTx2j3Gtj
+l7VdoPYaPt2stKzbFEQcshSwSghEwC+j
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C2
+PeerKey=KAS-ECC-CDH_P-384_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=3d2e640f350805eed1ff43b40a72b2abed0a518bcebe8f2d15b111b6773223da3c3489121db173d414b5bd5ad7153435
+
+PrivateKey=KAS-ECC-CDH_P-384_C3
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCN1IBjo6BYwzS1zHpM
+4H0C5e5tjx88UaFgCWLLq0YmkK482XT7OeQLDoQ9qg/TLeGhZANiAATjjJhGJIEj
+w0IYYepNMmaae1w8CDdq0oEEOZSUyE/176OJStssbL6MPJE+8u7FvTyfqEAkoQKH
+lt+EAh97bJ0C8PS9GmEqA8v3WgvupD/viuhLSMYBcqrfCcGtAW0L884=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE44yYRiSBI8NCGGHqTTJmmntcPAg3atKB
+BDmUlMhP9e+jiUrbLGy+jDyRPvLuxb08n6hAJKECh5bfhAIfe2ydAvD0vRphKgPL
+91oL7qQ/74roS0jGAXKq3wnBrQFtC/PO
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C3:KAS-ECC-CDH_P-384_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEi8CJMm7FW5z1mzTw63VNk1lsopD8s0RM
+g9TeOlYHA37Dl2g/jO8H6rL+NX6uNsRJ2dFs6KyFs/HpRWhSGq5TTmcTnjEOxyaT
+Umqi6Se1syLJWhoDPCKctncMlXzTFI3X
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C3
+PeerKey=KAS-ECC-CDH_P-384_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=6a42cfc392aba0bfd3d17b7ccf062b91fc09bbf3417612d02a90bdde62ae40c54bb2e56e167d6b70db670097eb8db854
+
+PrivateKey=KAS-ECC-CDH_P-384_C4
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCE7ObMNCkwm9WyPpWX
+k+0rER7Fy0O2wYCF/K6p76BoXZimJi7g0zDuJQvIpn0Ocz+hZANiAAQyIgY6KZez
+Au5g7hlhEI/0x6zxwO8dX7DRZLhLznHEMXBcua6ppF9dc4BmVaBYvuPmH6nn++fN
+Q6v5lZaj06A56Z+p3JOwvdnK2Blm0X7q9VcGivp8eEZrtbIgMtEQD6Y=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMiIGOimXswLuYO4ZYRCP9Mes8cDvHV+w
+0WS4S85xxDFwXLmuqaRfXXOAZlWgWL7j5h+p5/vnzUOr+ZWWo9OgOemfqdyTsL3Z
+ytgZZtF+6vVXBor6fHhGa7WyIDLREA+m
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C4:KAS-ECC-CDH_P-384_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE65UuLZrAwgxsxI+yJcKtFU9TyHULAD/T
+tO2O0dwN76xhvN3gKivP7nBn1100LtKw8YKCBbrs6C0bJn0Nf/L5yeFbaact9HBY
+qX84kQBdH7OIWPVgPehA5ZHfpPbn1Inh
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C4
+PeerKey=KAS-ECC-CDH_P-384_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ce7ba454d4412729a32bb833a2d1fd2ae612d4667c3a900e069214818613447df8c611de66da200db7c375cf913e4405
+
+PrivateKey=KAS-ECC-CDH_P-384_C5
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBo/OISHcOh43sQ8d3j
+Cfni4Y+sR80XcJUUUcNITNt3yxNtAOcxJgWXzChZYBwBoluhZANiAASGi+DmlIQY
+MOQk2RPY59hrhO4QIdgrDs9SPwn+iadsDJXEny37z4KcHjlwnVXvuzuRlesYNnW0
+D9kvUfN3EzF+SptPcVyKsi4Hc7G8cdOiGfBbgRYHRljuhrUuNvOJcRY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhovg5pSEGDDkJNkT2OfYa4TuECHYKw7P
+Uj8J/omnbAyVxJ8t+8+CnB45cJ1V77s7kZXrGDZ1tA/ZL1HzdxMxfkqbT3FcirIu
+B3OxvHHTohnwW4EWB0ZY7oa1LjbziXEW
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C5:KAS-ECC-CDH_P-384_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERB0CniROtxaNZH1N9Q219OSXSrP9rwIq
+/wWLNpXQuMgUzIjaYoXcbfGsVcVTiFAD6AJawjpB1LHqKqRsUMbkeZRrWbbXZJfN
+kkmXfgv+SmJiYi8T1Co8Q9Zr27MEA8NF
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C5
+PeerKey=KAS-ECC-CDH_P-384_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ba69f0acdf3e1ca95caaac4ecaf475bbe51b54777efce01ca381f45370e486fe87f9f419b150c61e329a286d1aa265ec
+
+PrivateKey=KAS-ECC-CDH_P-384_C6
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxdkxUiX56rm3p53Uf
+LzfehJKR+I8PkQkxVbhY0cwyo6h5gPcGuGzIP5J739vq4L2hZANiAATDcSIv6qZ3
+DG8+o+DayXQN70/PghN4t/kf+TfCHgRw9w86MdXGspEhlfEJJpQrSK4EfWtNdlEj
+Vj+BEWvGZbe4zGIHgw2AX9hNp8uAWmW6p8Ev1ZLRtbXj5l2WcqnvdmI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw3EiL+qmdwxvPqPg2sl0De9Pz4ITeLf5
+H/k3wh4EcPcPOjHVxrKRIZXxCSaUK0iuBH1rTXZRI1Y/gRFrxmW3uMxiB4MNgF/Y
+TafLgFpluqfBL9WS0bW14+ZdlnKp73Zi
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C6:KAS-ECC-CDH_P-384_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPU5r8IpzQErMwWKYc0aOQmnoLZDYMuWK
+1yFCY5taBWrY01xmxg6BSfrAx5e863wvmwMI3H8ObSn4wnesvGWiHlrbg9EeaHO8
+Cgf9oJl/SCUEYC9Z4QvFy0drg9Ck915x
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C6
+PeerKey=KAS-ECC-CDH_P-384_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1a6688ee1d6e59865d8e3ada37781d36bb0c2717eef92e61964d3927cb765c2965ea80f7f63e58c322ba0397faeaf62b
+
+PrivateKey=KAS-ECC-CDH_P-384_C7
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDw96lucNmP1aMK1kBs
+9W61typRDp8ZL1Dh+EUk2/PSQ59yh7s29aqRKnneqrSt6oKhZANiAASZyMQcsate
+CFSjRuSwilN8FwamFVM4fI2UlDqxUZbUDbqlW4IQp3pdAJFfLE6mnqtVMQZb3PF7
++zy1WgLkGlfH9pTDg60on5APvWVsIjOpPJLpM+eib1TLtW8K2HXFG7A=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmcjEHLGrXghUo0bksIpTfBcGphVTOHyN
+lJQ6sVGW1A26pVuCEKd6XQCRXyxOpp6rVTEGW9zxe/s8tVoC5BpXx/aUw4OtKJ+Q
+D71lbCIzqTyS6TPnom9Uy7VvCth1xRuw
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C7:KAS-ECC-CDH_P-384_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9fa+8dEQ2gO+ABfqx2DMNLJNCS9zbyN7
+xwVLOGUxKoE7y2LSl/sQpPer9UcI/i09Bv3419wDL04QAQvxnL9hWTISUv9BX7kZ
+INQ48k5n5gwusEYyBGefo1avRM6pyev1
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C7
+PeerKey=KAS-ECC-CDH_P-384_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=d06a568bf2336b90cbac325161be7695eacb2295f599500d787f072612aca313ee5d874f807ddef6c1f023fe2b6e7cd0
+
+PrivateKey=KAS-ECC-CDH_P-384_C8
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCe+4fdxh1DxIK6ZuGx
+Q672ePvQ0b68IACUH6vmd/5bcGv3j8420QCxfMeH6tdLvKKhZANiAARMNO/ujwyV
+Vl0gZdG7rCot0lrpZDIOtrzO3F86m0KogaGvyhu2uIBYT6J7AcGTzZLY+wHb980K
+OGjCa5UfOTw8VsKFjO6QH3eT/10nGSXROkH45SQJ9OuhmQ8zrLC6xmk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETDTv7o8MlVZdIGXRu6wqLdJa6WQyDra8
+ztxfOptCqIGhr8obtriAWE+iewHBk82S2PsB2/fNCjhowmuVHzk8PFbChYzukB93
+k/9dJxkl0TpB+OUkCfTroZkPM6ywusZp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C8:KAS-ECC-CDH_P-384_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEfN7Hfgc36jfGe4m3E3/jiBgBD0RkQ47k
+0dNaDEiMrT/eLzfQCIXTbTt5W5+T0jpnKMQu6NYCfFbPl5ukwin9sB0jSUT4rEM2
+UBEsPPDwKEToiKNWnf73goqKiEWJqgVe
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C8
+PeerKey=KAS-ECC-CDH_P-384_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=bb3b1eda9c6560d82ff5bee403339f1e80342338a991344853b56b24f109a4d94b92f654f0425edd4c205903d7586104
+
+PrivateKey=KAS-ECC-CDH_P-384_C9
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDXh6V/3iLsZWoKUlzz
+xzizDXOvYedD6pCJPsste2Iq3S+U7iXCFxRnr7CT8/hNABihZANiAAQXFUaSO4ey
+y7rWZPAc6TK/CdamEYFoZ4RGv6nwk4YIy0ZnqY9OyKwUYihcJQj3SGL6QctNtorn
+Hx+KPok53FLC3sYag8mDvrKgK68p7EkngIiILtDPVsdLXBc7VSzPY88=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFxVGkjuHssu61mTwHOkyvwnWphGBaGeE
+Rr+p8JOGCMtGZ6mPTsisFGIoXCUI90hi+kHLTbaK5x8fij6JOdxSwt7GGoPJg76y
+oCuvKexJJ4CIiC7Qz1bHS1wXO1Usz2PP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C9:KAS-ECC-CDH_P-384_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEju6joxnI35n7wpy1XyQ6cg2VUJUV7lzF
+h6XFriL7vQCeYm2z6RHe8LmaT3rjBLG6c4d9yU25rd3A2aSyTol2wi1zyEQ3Dh7o
+V/jRsSmjvV9j9AyvO9BTPjil9XdwdP+e
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C9
+PeerKey=KAS-ECC-CDH_P-384_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1e97b60add7cb35c7403dd884c0a75795b7683fff8b49f9d8672a8206bfdcf0a106b8768f983258c74167422e44e4d14
+
+PrivateKey=KAS-ECC-CDH_P-384_C10
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCD1w97Fk2fTCJ8dnBG
+sg6zTfx3j1OH4y6DSx5trsIO24ylu0GSCT9UO2jmrrfOeIuhZANiAARXzXcPO7y+
+DHjHcOqwsWm8ReE5+GN4/64cKxaWZyfC8utyRXK48+sijRMNtP+GLGN+xciBO2hV
+WNg+kk8UvHGfbreuDLssR0Inxb2ohjek8mxkgXkpr5mVktpveHSQMy8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEV813Dzu8vgx4x3DqsLFpvEXhOfhjeP+u
+HCsWlmcnwvLrckVyuPPrIo0TDbT/hixjfsXIgTtoVVjYPpJPFLxxn263rgy7LEdC
+J8W9qIY3pPJsZIF5Ka+ZlZLab3h0kDMv
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C10:KAS-ECC-CDH_P-384_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEpyH2otRSdBGDSxPU06M8Kb64OrdoJGXG
+y69mJKym6ljDDrDyndhCiGaVQA1yVPIPFLpuJjVRCa01EpNm1eOmQK55hQWn+lWp
+aja12tM94AR09mcPUiIU3XlSFAqwp+to
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C10
+PeerKey=KAS-ECC-CDH_P-384_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1023478840e54775bfc69293a3cf97f5bc914726455c66538eb5623e218feef7df4befa23e09d77145ad577db32b41f9
+
+PrivateKey=KAS-ECC-CDH_P-384_C11
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCPVY4FgYuI7Tg9X8qW
+LlNBPbGg5GN+2hlPdhlEy+oRSrnV2hdafVeIJVCw5DLzlamhZANiAASaL1f0hnzn
+U9crDZUZXfb5bB+uk09gLv17alRYL1Vs+lOdiQBcou2sCK2bct0fYLrZuU7oLanM
+YB80YESZi6OHruVkBNxuzIqytZBEMxnQsrYXb50OrC1EZ47VYWB9Cak=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmi9X9IZ851PXKw2VGV32+WwfrpNPYC79
+e2pUWC9VbPpTnYkAXKLtrAitm3LdH2C62blO6C2pzGAfNGBEmYujh67lZATcbsyK
+srWQRDMZ0LK2F2+dDqwtRGeO1WFgfQmp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C11:KAS-ECC-CDH_P-384_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2IKoUFwtXLm4hR/Gdmd7sAh2ga1T+s66
+Fzgoa0WCdWHn2je4gCdsZWz8OLMq3oR+NLMUvcE0V1ZUVzz/r0BEXaLmqvmH9+kT
+zUwwkVIwWJhKJdjyHagyYZJFbGoPpfYM
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C11
+PeerKey=KAS-ECC-CDH_P-384_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=6ad6b9dc8a6cf0d3691c501cbb967867f6e4bbb764b60dbff8fcff3ed42dbba39d63cf325b4b4078858495ddee75f954
+
+PrivateKey=KAS-ECC-CDH_P-384_C12
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAPXe4K/6e78jnV3/Mp
+h+u3z4T8zu1kPh08YtCzNSrsI7blrH+kEFyMsmEmrS0YksuhZANiAAQjNGvfvJ18
+fHNuAr32B2cf9ggv3SczSovHXzsjaB6+YU0Fl91hT65YZ3yDWp8LJzuCujYpDS+U
+20FHnrRatOr2eSiiMVE41Z7sybUoXf3dZxT3dVchbqRMxvwRnYJD768=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIzRr37ydfHxzbgK99gdnH/YIL90nM0qL
+x187I2gevmFNBZfdYU+uWGd8g1qfCyc7gro2KQ0vlNtBR560WrTq9nkoojFRONWe
+7Mm1KF393WcU93VXIW6kTMb8EZ2CQ++v
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C12:KAS-ECC-CDH_P-384_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgVyddz2/X7ahuGeZlmJH9ABqI8kuaMVe
+nqqZixfYgy3U2E2SfYMdT2jaxnxkiCGf55JplIsmEUhFYP1JD+7Ih8tV75mktSSI
+D6dJnWoHKDquKvoz/quX3spAvGBsTYdk
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C12
+PeerKey=KAS-ECC-CDH_P-384_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=cc9e063566d46b357b3fcae21827377331e5e290a36e60cd7c39102b828ae0b918dc5a02216b07fe6f1958d834e42437
+
+PrivateKey=KAS-ECC-CDH_P-384_C13
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDADe2M7W4uoV8D8hWVo
+aCMuL+v1lXhxg5G4HahUGgC/5TwwrgQVGEfydJn416utjPShZANiAASIeKyKlH99
+XLK0eq0k+7ghDYYSZYU5mihx+Eqpxf3jB0rlQMa/gidcqCLQ/rhivHRjL1zS+QDC
+cRwy+JMHKOtkfTHt2NZQ+WVOfTPl7RtHVInQjaow2MvLpr/Dtg2bWjc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEiHisipR/fVyytHqtJPu4IQ2GEmWFOZoo
+cfhKqcX94wdK5UDGv4InXKgi0P64Yrx0Yy9c0vkAwnEcMviTByjrZH0x7djWUPll
+Tn0z5e0bR1SJ0I2qMNjLy6a/w7YNm1o3
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C13:KAS-ECC-CDH_P-384_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEHA7tp6K+AAxb3NoEeK7U23M9Kp40EiQ3
+kSOthHAw8p47Fo+hjomjwPuips4cKPw77Iwcg8EYxNvqlCcYafLYaOtl6LROIebx
+Sw9NmzjAaNrvonEUJVuaQdCEzEoa2FRW
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C13
+PeerKey=KAS-ECC-CDH_P-384_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=deff7f03bd09865baf945e73edff6d5122c03fb561db87dec8662e09bed4340b28a9efe118337bb7d3d4f7f568635ff9
+
+PrivateKey=KAS-ECC-CDH_P-384_C14
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDj0HEGvtzAlufZFjD/
+0wlN8seFnbjX7bsuN7SsR/QppjfQamfS+6M4OHZO8gNGSZGhZANiAATnShorhfHL
++Nu98FDPGv+KywL9ovtlkfnTz+TnnQrpOKnBSD57dfjbJFBdZQZc2xgXc+5ZGCL3
+q6qFahpgvApSA1SNvRy1AlRm7/hIG9B2FOqgShbD23aQWRPpcqW2tZ0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE50oaK4Xxy/jbvfBQzxr/issC/aL7ZZH5
+08/k550K6TipwUg+e3X42yRQXWUGXNsYF3PuWRgi96uqhWoaYLwKUgNUjb0ctQJU
+Zu/4SBvQdhTqoEoWw9t2kFkT6XKltrWd
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C14:KAS-ECC-CDH_P-384_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEyVwYXiVr+ZfzCzEVSK5/doo43uQ+7u9D
+CD8wd75w4r85rB1NrzYMUUyMa+YjRD0aPmOmY+r3XYp2WrK5o1UT15M/peJkIKUk
+RVDsbDtvAzuW2yrKPWrGqrBSzpKVla6l
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C14
+PeerKey=KAS-ECC-CDH_P-384_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=c8b1038f735ad3bb3e4637c3e47eab487637911a6b7950a4e461948329d3923b969e5db663675623611a457fcda35a71
+
+PrivateKey=KAS-ECC-CDH_P-384_C15
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDz+bDGWkmlBmMsikWx
+D2a1MW+e6wb64hjy2mIzP5mQURexQcdg6JdO/ErxBXBjV5GhZANiAASkrXeqfYbl
+NhEYprkhcQyCByEhBxL0w0eYX97liqTv+h4ovoChexILE5+WMA+JtJsd3yLgfgPx
+Vg2PRaSACUVg26n65/lTETDBtX67lZgkllJPMdN5d5M5b6gj8ivbQyg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEpK13qn2G5TYRGKa5IXEMggchIQcS9MNH
+mF/e5Yqk7/oeKL6AoXsSCxOfljAPibSbHd8i4H4D8VYNj0WkgAlFYNup+uf5UxEw
+wbV+u5WYJJZSTzHTeXeTOW+oI/Ir20Mo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C15:KAS-ECC-CDH_P-384_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENJcjin5q0WbfLawDmqTayNF6qSXnx2Me
+s7VuOqocVF/NVNLlmFgHkQ+yArH8GR0qpJ5cSH3MeqQKjyNMl5RGBA2RdOOtNX1A
+TXdlGDGVrtP5E2QbkMgaMG6/DYkThhMW
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C15
+PeerKey=KAS-ECC-CDH_P-384_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=d337eaa32b9f716b8747b005b97a553c59dab0c51df41a2d49039cdae705aa75c7b9e7bc0b6a0e8c578c902bc4fff23e
+
+PrivateKey=KAS-ECC-CDH_P-384_C16
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBZ/Of6194ousAjBpDJ
+VxDHIOUo+aTlTTpqjNX8XF8hY3AxzhxbTj05ZH2Ny5t5RmShZANiAAScQ7+XHt8J
+QCh27nQglTgfeLG9OqObUTKvddv+fpi9eL3hD+LpA8K2N54d7uF1obCmxY7OpaR3
+uwG9VDsznxzEnxNxos2k1G605T4lBZeUI1GplmWhIv/qm94GNsN12vI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEnEO/lx7fCUAodu50IJU4H3ixvTqjm1Ey
+r3Xb/n6YvXi94Q/i6QPCtjeeHe7hdaGwpsWOzqWkd7sBvVQ7M58cxJ8TcaLNpNRu
+tOU+JQWXlCNRqZZloSL/6pveBjbDddry
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C16:KAS-ECC-CDH_P-384_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkKNHN9RbGqZfdOC9Blm8EY+OS3dLdhlE
+/6ZXPG309B3sDRG2l6vZNNOQhx1LRTJAm1kHGbszB8FJp4F741XWhIk6MHdktRLu
+/+B8tpnttab/v41gMubHnV6T6UISwqpO
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C16
+PeerKey=KAS-ECC-CDH_P-384_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=32d292b695a4488e42a7b7922e1ae537d76a3d21a0b2e36875f60e9f6d3e8779c2afb3a413b9dd79ae18e70b47d337c1
+
+PrivateKey=KAS-ECC-CDH_P-384_C17
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA+Sfv5UKQkxdgCKNxL
+w16fbGwMHQRECZjaCmCah3V12+Q31qXO2qLd0qGhf9ESre2hZANiAARalJWUIosa
+PW9ZnrPbDQYHD7xVHGV7WCNLoWTOP+QV+l8+uCPAjcKbjDQSGcd7az0rqtRHyMKQ
+z+0l7dkDHEHQt2khRXMn9C2zESK4HzN7vwsQOeyDDOkGGjdhlTx15Kg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEWpSVlCKLGj1vWZ6z2w0GBw+8VRxle1gj
+S6Fkzj/kFfpfPrgjwI3Cm4w0EhnHe2s9K6rUR8jCkM/tJe3ZAxxB0LdpIUVzJ/Qt
+sxEiuB8ze78LEDnsgwzpBho3YZU8deSo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C17:KAS-ECC-CDH_P-384_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3aVGrPyPkD0R4uOSBmljbUSyBorrZv8H
+qiZvADDhU1sO0CA8uKRgrJkPE5T68i8dFbuyWXkTA1+q30E0dvTHD3J5dppAyYb0
+cMQntO5JYqvfgXO7rYGHR3KSX9MvCxWf
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C17
+PeerKey=KAS-ECC-CDH_P-384_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=1220e7e6cad7b25df98e5bbdcc6c0b65ca6c2a50c5ff6c41dca71e475646fd489615979ca92fb4389aeadefde79a24f1
+
+PrivateKey=KAS-ECC-CDH_P-384_C18
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBQzMH3B26S9GOOhfLb
+mOC0g+biIEySvdRApt7qBON6B8bnJ5HBkK1OTobgHvuoQmmhZANiAAR1bAffDOMs
+g52sn7RzPJwotwETpnanBXw40iPyKjqQlajVZGU69SjgTH4YJL5KZRIXws5pYsvS
+ouBmKXs51X3Zu0aA8BkdOQ9wtORhQZspcs5orUYSf92mw5GVd06obfM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdWwH3wzjLIOdrJ+0czycKLcBE6Z2pwV8
+ONIj8io6kJWo1WRlOvUo4Ex+GCS+SmUSF8LOaWLL0qLgZil7OdV92btGgPAZHTkP
+cLTkYUGbKXLOaK1GEn/dpsORlXdOqG3z
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C18:KAS-ECC-CDH_P-384_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeIviM2xS9EVNY+6USx5Jv7YZoINxBI5t
+qS5YTq5wveHxccTfN4vR88CrAwSKI3gCRnPr2NtgTq9BcRdIurKWiiPKRHbOFE5y
+gkfwivdSkpFXtYMPHiYGdGa9+otlFFoz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C18
+PeerKey=KAS-ECC-CDH_P-384_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=793bb9cd22a93cf468faf804a38d12b78cb12189ec679ddd2e9aa21fa9a5a0b049ab16a23574fe04c1c3c02343b91beb
+
+PrivateKey=KAS-ECC-CDH_P-384_C19
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAG8TK3H3TYe/mYV+Hk
+NQpZTl/jVTO4iFUs7MvA2JI8kC42FB12keKGMbi8m6/l4GShZANiAAQqPMa4/1ze
+km5+OhiaG9ApybWGNRr4g49PIBy49LcO87DaBtNSyA/Ca6+PQreERZ6/mYWWAXba
+bSPHRSopVP/LvLJCSbQwGaKgI+Cz2r1GHxmtPndcNk8/Ea1J8wmUANM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEKjzGuP9c3pJufjoYmhvQKcm1hjUa+IOP
+TyAcuPS3DvOw2gbTUsgPwmuvj0K3hEWev5mFlgF22m0jx0UqKVT/y7yyQkm0MBmi
+oCPgs9q9Rh8ZrT53XDZPPxGtSfMJlADT
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C19:KAS-ECC-CDH_P-384_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE0Ju4IuuZ44BglUdHyCuzJ4z5a782/s40
+APTIc4OKQME16zuruSk70QAb8+ze578m1BbbbhuHu7dCd4ijtsenqywWWx42b5YI
+31EgN1hPITpkjUfxasMm4Zquly9j/XbJ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C19
+PeerKey=KAS-ECC-CDH_P-384_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=012d191cf7404a523678c6fc075de8285b243720a903047708bb33e501e0dbee5bcc40d7c3ef6c6da39ea24d830da1e8
+
+PrivateKey=KAS-ECC-CDH_P-384_C20
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASBI67QzHsGaHiPxos
+dztmTM/pCii/uEb8Evgd/0S3RDx3ZHFkvx6eZ/0sB6Z2YkGhZANiAAS8GINrx6n9
+9UtTUvN9dSirj6jsVEqMYYBRHL/dSczjd8OeNMAxtSQNyZgFA+0vJiyAhsvjOBkQ
+gPC3oWx6/Ex7Ayb5rGb1hVLvS7nSTeNCntXTJ37Vj89I8rX2Eya+xsY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvBiDa8ep/fVLU1LzfXUoq4+o7FRKjGGA
+URy/3UnM43fDnjTAMbUkDcmYBQPtLyYsgIbL4zgZEIDwt6FsevxMewMm+axm9YVS
+70u50k3jQp7V0yd+1Y/PSPK19hMmvsbG
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C20:KAS-ECC-CDH_P-384_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEE3QSYu3lhh2tcQY9/SBLkeodO3xjHfaO
+uUmWlSfXmh3FkpXvfSvKZ0PozXewTRtYC6rq3H4Z10qKBEUaE18b4bAv4pn53AC/
+3yAeg9mVxpULzBy4nW97ML9UZWuaTaWG
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C20
+PeerKey=KAS-ECC-CDH_P-384_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=ad0fd3ddffe8884b9263f3c15fe1f07f2a5a22ffdc7e967085eea45f0cd959f20f18f522763e28bcc925e496a52dda98
+
+PrivateKey=KAS-ECC-CDH_P-384_C21
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA01hppnKV2Fp/NwMx+
+ROThIh2w/mPRaFDIEEAp99SESXFLmIQyjK4YmXh1SrRgtIahZANiAASGf4EQTM1r
+Fjp5ArZw70BgQssMzn3Nxj0d/JGyxA4833WVg0v57Ot5hJ8WNvyEYvydS96Oh17E
+lpfSWNHVlGX4QxxvVTHhxZ6fnr488WSo2c4QoS8ZeSg6lZutJE3YOGM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhn+BEEzNaxY6eQK2cO9AYELLDM59zcY9
+HfyRssQOPN91lYNL+ezreYSfFjb8hGL8nUvejodexJaX0ljR1ZRl+EMcb1Ux4cWe
+n56+PPFkqNnOEKEvGXkoOpWbrSRN2Dhj
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C21:KAS-ECC-CDH_P-384_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEniLLwYZX9RaoZLN7eDNItm8aqWJs1jH0
++hvTKtiM8R21IFfGYIYNOdEfvwJPq9REaw1Tx5aBwoEW33HpzudP1WyLfwSznxGY
+zHIoTpi+lWLjWSb7T0ip++yv5ykwnotv
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C21
+PeerKey=KAS-ECC-CDH_P-384_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=dc4ca392dc15e20185f2c6a8ea5ec31dfc96f56153a47394b3072b13d0015f5d4ae13beb3bed54d65848f9b8383e6c95
+
+PrivateKey=KAS-ECC-CDH_P-384_C22
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDcYPqHNtcCE1/xaquZ
+K7iOrDl/WXJFbHLsRHN00NjOYRU4Mb/IatWm61tgv7lqhiyhZANiAAS2m+7ehdD4
+Kf7BuJPMucPgUv9pLhO5dFN7xbD5/q97IuhPAyMWKbJIZr20uM+QiRRm+F4r/Kui
+hDKFsOFOvAfvfa//i0JEFv7mR7WYl7YZ8g7tlaYy5qQga/faQpwExWA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtpvu3oXQ+Cn+wbiTzLnD4FL/aS4TuXRT
+e8Ww+f6veyLoTwMjFimySGa9tLjPkIkUZvheK/yrooQyhbDhTrwH732v/4tCRBb+
+5ke1mJe2GfIO7ZWmMuakIGv32kKcBMVg
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C22:KAS-ECC-CDH_P-384_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAELbXaX5QOqohPTbXsITmwRp845Ob7vMUt
+8VwPfPf8sYCMdJdktr6F0v3FsW9YrV3AIuiwLc8z4bWgg4SVRfhK1eQ/d8txVG27
+rA0RvbLuIC6dOHLo0CjAiZB0bF4d3pmJ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C22
+PeerKey=KAS-ECC-CDH_P-384_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=d765b208112d2b9ed5ad10c4046e2e3b0dbf57c469329519e239ac28b25c7d852bf757d5de0ee271cadd021d86cfd347
+
+PrivateKey=KAS-ECC-CDH_P-384_C23
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBvpqHHBHMJh6pjSwUW
+qCarqMbWQR06TIl3LXpiYQJWouLyifXDRAsOwecPozniUc6hZANiAART3h/BMo6N
+4UrsqymtikDWsTdo+G99KYQz0g/seR+G+Lxz81gJiyVqKYu0iN4le/SsKJRP0n8X
+uClGwExmxB8AU9NpLyddpVzYc5qVvYzTry+W5N6Vnqg0TYlFN1kFhYs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU94fwTKOjeFK7KsprYpA1rE3aPhvfSmE
+M9IP7Hkfhvi8c/NYCYslaimLtIjeJXv0rCiUT9J/F7gpRsBMZsQfAFPTaS8nXaVc
+2HOalb2M068vluTelZ6oNE2JRTdZBYWL
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C23:KAS-ECC-CDH_P-384_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMpZHuqNUIk60QUgpxTaMgteJOzmATgjL
+shgPRZvvxLNHo4mnDJGiO9nTDIO+UpXTzI9hkj+tKqjlBdbPoSa5+r1a+dzikLdW
+YO8G0cqnNoHQYInDO8QkazqjDbzSQ1sS
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C23
+PeerKey=KAS-ECC-CDH_P-384_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=d3778850aeb58804fbe9dfe6f38b9fa8e20c2ca4e0dec335aafceca0333e3f2490b53c0c1a14a831ba37c4b9d74be0f2
+
+PrivateKey=KAS-ECC-CDH_P-384_C24
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB0rYOGwcssoPzesx4I
+abs/SMA2r+LvEQyjAryLkQ9iHJ/MVM7DK7iex8qoTHuOVKihZANiAAQno+g8+51R
+IucxKdgBYVhX2nzAiczMnFSrMDKhngoKn2dzRuN/CKCz7Y2m5d1pEGONYORKpeD9
+MMkYRWeWrzfw5BlXkBZF5cWWxtmJ9YWbA6C9fR9Od5Nv/zx00gTlOI4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-384_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ6PoPPudUSLnMSnYAWFYV9p8wInMzJxU
+qzAyoZ4KCp9nc0bjfwigs+2NpuXdaRBjjWDkSqXg/TDJGEVnlq838OQZV5AWReXF
+lsbZifWFmwOgvX0fTneTb/88dNIE5TiO
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-384_C24:KAS-ECC-CDH_P-384_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-384_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEKdijbSIgCnW3rqG7R838sbf9Zt6WcEFD
+RyirXVM6Bg33MhMGAP5vdYUqhx+yk4454ZtT21KDld6JekUQiWdxXrjLVcP8vyM3
+k3LAhzoFjVdUSxAuzOcissyrsaYDd0/V
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-384_C24
+PeerKey=KAS-ECC-CDH_P-384_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=81e1e71575bb4505498de097350186430a6242fa6c57b85a5f984a23371123d2d1424eefbf804258392bc723e4ef1e35
+
+PrivateKey=KAS-ECC-CDH_P-521_C0
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBfuzAerSzKQaPumXl
+ah+IkKqTXlcTSuD/zOgCc1FR9OrGVk9u6ZdMXmiHof7+5XQ64iQb/rldXOMd3Lb5
+7bTW/EehgYkDgYYABABgL50M+eUmsp4iOBwgPEiohsKwZzAzNmMU8f+8uiQLpC9O
+84p2F0Y1+R5rTtNCdesByEZ9BcqAMVvxp7vZRfVQpQG3yF8m9dSy1zVc9rAhF2WZ
+Q3YrbR21q08dvETOeylG62x940KWKJP9OH0bc9eoZy0fI2lhFwt+s1eZU+5c3IjN
+LQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAYC+dDPnlJrKeIjgcIDxIqIbCsGcw
+MzZjFPH/vLokC6QvTvOKdhdGNfkea07TQnXrAchGfQXKgDFb8ae72UX1UKUBt8hf
+JvXUstc1XPawIRdlmUN2K20dtatPHbxEznspRutsfeNCliiT/Th9G3PXqGctHyNp
+YRcLfrNXmVPuXNyIzS0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C0:KAS-ECC-CDH_P-521_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaFpI6Gx58PCHX3vBjSXrX8jAsH5d
+pPQ3DzqUkDQIVDNLHhuH+jlUZMYGJhJKTnDQ94VgHTfAmHDr8XZmaHeiBG0BulLF
+b8h3bZ6PXbTwzCdjbQt0G74FQAaXlC6AtzmISoO96Z4PZxaTnmMryJhvoY3M1EOj
+SLbD5SJJeVWk88MC9nY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C0
+PeerKey=KAS-ECC-CDH_P-521_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005fc70477c3e63bc3954bd0df3ea0d1f41ee21746ed95fc5e1fdf90930d5e136672d72cc770742d1711c3c3a4c334a0ad9759436a4d3c5bf6e74b9578fac148c831
+
+PrivateKey=KAS-ECC-CDH_P-521_C1
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAgW8ZwfsQ75TUodgc
+FW7D0d4Itmdh8D8G7ku53Ou7/h6qHtSaapkIONjtMYwU10zIcvldBdB61Q9iHOti
+DNkFz7ihgYkDgYYABADUVhXtXTf95plhCmLNQ7p2vt2Phe0xAF/gDWRQ+70QEpGr
+2W1JRai1e8c7P+n0ZxEFMJ7JtoedBVHZMNrIukXSVQFCUzKETlkrRAwAJ5cq0VJk
+McBnMt8ZzUaiQhctTdZ8LIyZ38IuSZSaVs+Qxkc2Nc6C8lszaC+xm8M72RDtjOOn
++g==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1FYV7V03/eaZYQpizUO6dr7dj4Xt
+MQBf4A1kUPu9EBKRq9ltSUWotXvHOz/p9GcRBTCeybaHnQVR2TDayLpF0lUBQlMy
+hE5ZK0QMACeXKtFSZDHAZzLfGc1GokIXLU3WfCyMmd/CLkmUmlbPkMZHNjXOgvJb
+M2gvsZvDO9kQ7Yzjp/o=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C1:KAS-ECC-CDH_P-521_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB3yd8FSEINJvDTVOe4M8Gsk9dNQBn
+e0RFRTzMIUCUU6r7inKgvp6+VNEicKpRs6t/MWql50qVHF5T90zZX8Ka7noBPVLz
+Op88FDhNFYf6ir567XS8M3Sa2cVwtHF3ZCLH1FBdmwqWs7+sBB5MammQrn9wDltK
+ZkAikRLer6DNi7DQibA=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C1
+PeerKey=KAS-ECC-CDH_P-521_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=000b3920ac830ade812c8f96805da2236e002acbbf13596a9ab254d44d0e91b6255ebf1229f366fb5a05c5884ef46032c26d42189273ca4efa4c3db6bd12a6853759
+
+PrivateKey=KAS-ECC-CDH_P-521_C2
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBLy4MbZ6dEXzrlyO8
+7QLrPU7r9f7q+O4BE8zYBXsT3dQW4LdCgMLQuo7SkcRDvBsUHK+K+zpx+X9XwiXA
+Ph5NQrChgYkDgYYABABxf8s9SkDRA4ce3gRNyAPbUIqqSudLcLn7jY39hL/s+tF4
+cYeWmMKS0v1eF7T5NDY2xTGk+saKNak2ZVRrmoeGeQDz2WqGNwNpk6tdJEUA//nS
+dyESgm9kNmA9PrI0pE1cTlxXcjRnnE+d9yXuW5EY8j2KWNDMAQltr3Do3+wBKL3C
+6A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAcX/LPUpA0QOHHt4ETcgD21CKqkrn
+S3C5+42N/YS/7PrReHGHlpjCktL9Xhe0+TQ2NsUxpPrGijWpNmVUa5qHhnkA89lq
+hjcDaZOrXSRFAP/50nchEoJvZDZgPT6yNKRNXE5cV3I0Z5xPnfcl7luRGPI9iljQ
+zAEJba9w6N/sASi9wug=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C2:KAS-ECC-CDH_P-521_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAktsxQlZNJ6XwAG+BmQj7obhQOKW8
+JQmQakl9qsZ/167g/C2rpOQzTurvDgAZIEtHHNiAJPghFdgUnMDPT3zhpNUBa60G
+I/UXsVjZiBhB0lce+61j+Fy+LlgZYMXWcGAaZ2AnJnWlSJliF+SrK4684x1x/KY/
+zDwI6Rwdjt2Rz2/oRfg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C2
+PeerKey=KAS-ECC-CDH_P-521_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=006b380a6e95679277cfee4e8353bf96ef2a1ebdd060749f2f046fe571053740bbcc9a0b55790bc9ab56c3208aa05ddf746a10a3ad694daae00d980d944aabc6a08f
+
+PrivateKey=KAS-ECC-CDH_P-521_C3
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA5UinnYsF+SO5gl0R
+tlbyIujLmLD4neHTFxhNxaaY98cRYe59wRzTH09PiuOpgeGj54veu5fXwgS5JhtO
++S4JGOChgYkDgYYABAAM6AAhftJD3RCnmtc99Xiqij+RlK9SjNEJS7/uJ6O1SBrV
+hiyIdsDD+RKUwKs6qAbZAgy6ou1yt/7NxaCaba1vMgFUPJq0WxJGkjKRjiHVo1H5
+pLnL+e+yr8xAL6mzFlC+wtZBoFxEDTUzHAiT0R+xMVEzWYizAzQTAac9xfYdV05n
+2Q==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQADOgAIX7SQ90Qp5rXPfV4qoo/kZSv
+UozRCUu/7iejtUga1YYsiHbAw/kSlMCrOqgG2QIMuqLtcrf+zcWgmm2tbzIBVDya
+tFsSRpIykY4h1aNR+aS5y/nvsq/MQC+psxZQvsLWQaBcRA01MxwIk9EfsTFRM1mI
+swM0EwGnPcX2HVdOZ9k=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C3:KAS-ECC-CDH_P-521_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA/dQNnp2XQCfLO65oIWLqwTKK1hvE
+NTxFv1r+dr9gfSiUyMziNpXZIPJGT9pHc9RpO+SzdzWEaRvbAym39MhswpkANM6s
+aj/vHD4cSUv+jYcrGDgyIZp+FNpBTU40dFc2cewZsDO+gxuRVDWQWSW0SUfFkpWZ
+RbTrfJUcO5yM9SUwuiM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C3
+PeerKey=KAS-ECC-CDH_P-521_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00fbbcd0b8d05331fef6086f22a6cce4d35724ab7a2f49dd8458d0bfd57a0b8b70f246c17c4468c076874b0dff7a0336823b19e98bf1cec05e4beffb0591f97713c6
+
+PrivateKey=KAS-ECC-CDH_P-521_C4
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIByKrpS7ELjKT3vld7
+T7MrsjgQMsSULCT8LXU+fMXke0gzidnzuVbSDukAGx7vnyNUX3LFYCFABGg56WMx
+PD3syGShgYkDgYYABAEGoU4u6P+XCqirDHm5ejO7opWOBwt1uUc2t3u+P3dzJPpS
+hydxqoimOp6EkMM3jfTcdgzRTWK+cAd53RpDd5Q2VgAjZs45QeCyhLGqgSFdDTuX
+ePziPIzR5O1voKv2IVbJHUs+tVmZw0cb7SdenmDlqp1pDTEL+xXJxbvW9enrOWgr
+dA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBBqFOLuj/lwqoqwx5uXozu6KVjgcL
+dblHNrd7vj93cyT6UocncaqIpjqehJDDN4303HYM0U1ivnAHed0aQ3eUNlYAI2bO
+OUHgsoSxqoEhXQ07l3j84jyM0eTtb6Cr9iFWyR1LPrVZmcNHG+0nXp5g5aqdaQ0x
+C/sVycW71vXp6zloK3Q=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C4:KAS-ECC-CDH_P-521_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmNmd7ggWVQ6E2/ztfogTf93PWBpy
+WkVQIRFf5J+Nw88jPNnqDm8DnceRnalzzc6sogXaOeC9mMgGJTbEfyWPRLUAzSJc
+h5c3G+DEKX0rRXdAEAx3QUHY8hTCO2GqK2zUgGubcHIqpJZftiL0K3OR4n5ewhxW
+ecWwa1kSc3KZfUIa3B4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C4
+PeerKey=KAS-ECC-CDH_P-521_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0145cfa38f25943516c96a5fd4bfebb2f645d10520117aa51971eff442808a23b4e23c187e639ff928c3725fbd1c0c2ad0d4aeb207bc1a6fb6cb6d467888dc044b3c
+
+PrivateKey=KAS-ECC-CDH_P-521_C5
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAmwrxN8lpbHW35t97
+cxVrstRfSC5aQhcyT0eLEM63avCXJM+Gr6MW5/iZGNMdVIJKXDMQekg8FcFblu3G
+YTQLHA6hgYkDgYYABAB0jNu4ddNfS8y2Kr4g6C0y5MFNwv61uH2i0MyxHJttS3c3
+tsRvDftNiW4tuS/PU827ripATAur1WStet6sYnPvowGYSsq42PFzMj3gu2AnSyKI
+cWCTc7sioXKH6d7HSVhzq8CaiRW1TIRVyOAvZU9gLiOiu9ep67dPMAm9ZezGUIFM
+wA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAdIzbuHXTX0vMtiq+IOgtMuTBTcL+
+tbh9otDMsRybbUt3N7bEbw37TYluLbkvz1PNu64qQEwLq9VkrXrerGJz76MBmErK
+uNjxczI94LtgJ0siiHFgk3O7IqFyh+nex0lYc6vAmokVtUyEVcjgL2VPYC4jorvX
+qeu3TzAJvWXsxlCBTMA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C5:KAS-ECC-CDH_P-521_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAeuEVrarwQWkatrf7jJIfmdjtMtKD
+1nCE6Aua2cQMVs2YOJ+wqEnZ7PcmjCl7b5NAYRn0DjK1dz7SWiipqFxKdYgBoo4A
+Tjfurv4fTbtx8YeGlhQa86EKlpHE7ZNIchRkO3YfpLD77rJHz20/unpgaXU2rQP0
+m4Cp0csHlnNlSXfF+pQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C5
+PeerKey=KAS-ECC-CDH_P-521_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005c5721e96c273319fd60ecc46b5962f698e974b429f28fe6962f4ac656be2eb8674c4aafc037eab48ece612953b1e8d861016b6ad0c79805784c67f73ada96f351
+
+PrivateKey=KAS-ECC-CDH_P-521_C6
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB5I+qzubeyD/83pRM
+9r30zkuucnR4iOuv7kVbHpFYSXHvtJEnl2pS9BQpUvfCB+wCZfK3GM8+rZbqT2LH
+UuT3rNOhgYkDgYYABAEOsbTZFyvMI/TyDMlWD8VJKMPzTqYcADkdx2bHbtn6YIRJ
+N30eT63RI2AlQXMwtLkQhnBKzj5OZITGBuKpQ0eMhgFJQThkBpgl7h0IKNqfSpdx
+MAXpvRrbw7OMW5RpAHIalg/patLBs6RP496RVhNtRMsXy8JBVym7eC4Wv+Leswae
+Qw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDrG02RcrzCP08gzJVg/FSSjD806m
+HAA5Hcdmx27Z+mCESTd9Hk+t0SNgJUFzMLS5EIZwSs4+TmSExgbiqUNHjIYBSUE4
+ZAaYJe4dCCjan0qXcTAF6b0a28OzjFuUaQByGpYP6WrSwbOkT+PekVYTbUTLF8vC
+QVcpu3guFr/i3rMGnkM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C6:KAS-ECC-CDH_P-521_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBJYgRXm9/e9z99X8DsWm0eXWLqv2v
+Vp0EE1mHss5hZMAqV2hetSdrXa5ildP+kGIPOLVTXG0iYMFz5h64iMqSAgMBVCwW
+nPl8JZb+Ld2EiiIuNnxffmJn68G82atdz0kVjxpI5K8pqJe35qggkcLbh02Oer8P
+WAZGkTRBVPOW267RiLY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C6
+PeerKey=KAS-ECC-CDH_P-521_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01736d9717429b4f412e903febe2f9e0fffd81355d6ce2c06ff3f66a3be15ceec6e65e308347593f00d7f33591da4043c30763d72749f72cdceebe825e4b34ecd570
+
+PrivateKey=KAS-ECC-CDH_P-521_C7
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAwpqiI+qNZLSh7aJ/
+OdO8mOoBSN2Ywcvllfj9K/veEZyeAXpQ9dH8EhwIwc7zG3WIWVVus+DgQtjdaqrF
+egXKYeOhgYkDgYYABAAVEchI72DVQZqY0QIE2w/lgiQSQ3AGG8+k6SSdUGGMVr83
+IkcbJZ84Jju3soDSPK8qHuhzf5NxzbJzLNyVg2mTDAHUYWga5tjEm0xfTWAWFD+x
+vXSRVz4+0ObEi4LoIWRPh/gvDl8I/Rbx+Y+hdYYgCrAu2MYns1w/J2F+xf2S9FYg
+Pw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFRHISO9g1UGamNECBNsP5YIkEkNw
+BhvPpOkknVBhjFa/NyJHGyWfOCY7t7KA0jyvKh7oc3+Tcc2ycyzclYNpkwwB1GFo
+GubYxJtMX01gFhQ/sb10kVc+PtDmxIuC6CFkT4f4Lw5fCP0W8fmPoXWGIAqwLtjG
+J7NcPydhfsX9kvRWID8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C7:KAS-ECC-CDH_P-521_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBaUkdVb0JBJ/fTCpTpmBID+5MA6BT
+hnXRzQm1u6eNrEhUPvEYoRc7P7+LIOOc4Oa4kKFjxQ+WRbPSHRy7O2Cm//QAg0lL
+Lrp2kQ/tM8dhgEUVAR+rUOOzd6vYqKBF2IbSI40sJorBtuyIvXG3unjiwzwVLkv3
+2l1WXkrL7PXpLHrWYrs=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C7
+PeerKey=KAS-ECC-CDH_P-521_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=018f2ae9476c771726a77780208dedfefa205488996b18fecc50bfd4c132753f5766b2cd744afa9918606de2e016effc63622e9029e76dc6e3f0c69f7aeced565c2c
+
+PrivateKey=KAS-ECC-CDH_P-521_C8
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAKGkr4r9cS0iTmEb7
+PVvOdGVLsmRuFfg4niNwihr631YVEeoNmVfQtTRTgZ1g+6j2Whj3sp3wIbG7Ac0W
+MpOsw8yhgYkDgYYABAHP3BDHmfXHnLaTCmX7o1F0jgdWeZPl5BDvTKzEzYoleEmR
+60Z05BBQ+TDHGQrIErkkX0inlztlja9AiCL+W4X2aAGA2d38mvd7nEpvAqg02xXl
+NeCzhFsszjA4gwG1HOy+MnYwfvQ5tcnmpy3C2U2Hm8OVBS27SleH0G77KAIQ+4vg
+Nw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBz9wQx5n1x5y2kwpl+6NRdI4HVnmT
+5eQQ70ysxM2KJXhJketGdOQQUPkwxxkKyBK5JF9Ip5c7ZY2vQIgi/luF9mgBgNnd
+/Jr3e5xKbwKoNNsV5TXgs4RbLM4wOIMBtRzsvjJ2MH70ObXJ5qctwtlNh5vDlQUt
+u0pXh9Bu+ygCEPuL4Dc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C8:KAS-ECC-CDH_P-521_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAhBX1u9Du44fWwJ0O+KyvKcZttF1r
+oQGGCuRdPGDh4OP3JHpGJqYP3UBJZcNWbHn2RJ6FbOC/lGGfl9qNokvSz7YA/dfF
+nFjDYbxQp6XQ029yOxfE8q0rA8JNQtxQ90qMRloK/EaD8Q+rhGUt/p6SjCYmtUVk
+U+FXP/YL4VB0Z9Qx+7I=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C8
+PeerKey=KAS-ECC-CDH_P-521_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0105a346988b92ed8c7a25ce4d79d21bc86cfcc7f99c6cd19dbb4a39f48ab943b79e4f0647348da0b80bd864b85c6b8d92536d6aa544dc7537a00c858f8b66319e25
+
+PrivateKey=KAS-ECC-CDH_P-521_C9
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBGU0e5hP1Nmy8RLUE
+0hoM9nFeIJzTWPLdXz5xzA1n0OlkFoxCoITr2nRvmGOoa6z/yBnx7fG4xyfM+zBH
+JApXxDWhgYkDgYYABAFr0VyKWNNm9/Ky8pjMh7dIXp7nDRHRJEi4N3wKgsdib2ev
+9/l756NUa/QX7u3fdak8EwGRyEEIBC6i/KF/0/gNFAFWBQLQS3T84XQ6q0d6nR6s
+k+UiaYH9uXp0eM5M5Wb/ckOTEoT62FCwwryuDd0tl3kBYMGi53w+1slezES4niY3
+/A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBa9FciljTZvfysvKYzIe3SF6e5w0R
+0SRIuDd8CoLHYm9nr/f5e+ejVGv0F+7t33WpPBMBkchBCAQuovyhf9P4DRQBVgUC
+0Et0/OF0OqtHep0erJPlImmB/bl6dHjOTOVm/3JDkxKE+thQsMK8rg3dLZd5AWDB
+oud8PtbJXsxEuJ4mN/w=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C9:KAS-ECC-CDH_P-521_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxyHuqAWly6KfNLpXWHdb4M9hYObA
+hyP1qxe/lqH/K9lCeWGk80sH/AsUyksr9oRd69WoafEk6/p6py/lZQULfxgAtuie
+sOHc8YEjb3xUj9GowWsli1LBqb/T/o8ihBsmdjJl8HTEzPLWNK6XtwGVb2ehEAbF
+LZcZfZL1hfV0i8JnLus=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C9
+PeerKey=KAS-ECC-CDH_P-521_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=004531b3d2c6cd12f21604c8610e6723dbf4daf80b5a459d6ba5814397d1c1f7a21d7c114be964e27376aaebe3a7bc3d6af7a7f8c7befb611afe487ff032921f750f
+
+PrivateKey=KAS-ECC-CDH_P-521_C10
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB/ZDj5BbpiqPytq+n
+8782jkUa2cpb1UtbFK7i7Wcj3eUYH1CFtoFpsJ++xyE3LM9rKEcT+aY1a41WCo/3
+jKNzfIihgYkDgYYABAHr6hsQ0+O5cbfvtp/IeN4Rx/Ry5OTThMMbjWKI2AcVF6yt
+6bOXlsevUWO89xrtp3dTPzgsbPCk2bu5OMhfRLeANwFrDj4ZwplrLL0f9kcw58qQ
+7coZhPmylRMzU15XSLqjSpn2H/TV+BIHng8B6HeJ8079rYCYAV7nSk+EbdGQ0W3G
+4Q==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB6+obENPjuXG377afyHjeEcf0cuTk
+04TDG41iiNgHFResremzl5bHr1FjvPca7ad3Uz84LGzwpNm7uTjIX0S3gDcBaw4+
+GcKZayy9H/ZHMOfKkO3KGYT5spUTM1NeV0i6o0qZ9h/01fgSB54PAeh3ifNO/a2A
+mAFe50pPhG3RkNFtxuE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C10:KAS-ECC-CDH_P-521_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBw1gj5ECpNjq5jZ/Hp7wMBTLceXen
+kWVZm/GpzGTAD7OHtCzKNlKG6EMDYL+tNkO8MTVO2lDck2wyns22CQXED8sA2ef0
+M1MeRN9PbVFCAcuquwa63WeD4BERcm2BVTHSM8XNtyKJP/uyAnJZ1ZTed0OICXOB
+IMb3g5NPkmw/tptAxAk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C10
+PeerKey=KAS-ECC-CDH_P-521_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0100c8935969077bae0ba89ef0df8161d975ec5870ac811ae7e65ca5394efba4f0633d41bf79ea5e5b9496bbd7aae000b0594baa82ef8f244e6984ae87ae1ed124b7
+
+PrivateKey=KAS-ECC-CDH_P-521_C11
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAkBLs/a3IXO1jCv6l
+NM3I6dGri+XzdT3PXysJtA7aZvxoWFSbw25vjfVZmM+poHA67PbEJ5nCRQEQZPUw
+wJ25g2mhgYkDgYYABAAjTjK+CpBxMdLRKKZHfgys64bwJHl0Xg/iRcszLeYxwHiH
+EWBILu71hOJ033+kEs6j4ekfcey6h4HZIF1IOGNBrQHPhkVbCbHABc/7qNdiiaN1
+lijIdL7qRi9R8wvVgeOAMTQwfe27dxszNO4Vvi4kLNecNAfS9Yk1RWxpQd2bbRVa
+Rg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAI04yvgqQcTHS0SimR34MrOuG8CR5
+dF4P4kXLMy3mMcB4hxFgSC7u9YTidN9/pBLOo+HpH3HsuoeB2SBdSDhjQa0Bz4ZF
+WwmxwAXP+6jXYomjdZYoyHS+6kYvUfML1YHjgDE0MH3tu3cbMzTuFb4uJCzXnDQH
+0vWJNUVsaUHdm20VWkY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C11:KAS-ECC-CDH_P-521_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQACTBX+4YvKtLoLlgbrrMyTnsylG8r
+qEWpvu7YfWmV9UkY7GYZuZMZVdWonU10rfEEa7NiGS8u9r0+PS0E3R+HBUoAqj+y
+RIM19pTjzaSuDMcbGy8qIG+oAtcmLxmYPERnT+FTJ6yqwfpAQkw5WmVWy4FnMSUn
++uWGXs/8FLvcF9p4zc8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C11
+PeerKey=KAS-ECC-CDH_P-521_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=017f36af19303841d13a389d95ec0b801c7f9a679a823146c75c17bc44256e9ad422a4f8b31f14647b2c7d317b933f7c2946c4b8abd1d56d620fab1b5ff1a3adc71f
+
+PrivateKey=KAS-ECC-CDH_P-521_C12
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBtf+Ef47/ILiM+tQs
+BuWMN0Ly+PH9/WS1ObpIwlkmkmvV4zK0VknAsYT3clXp1Y/or6Gm2Wjiyx1GN3dx
+IMdlwSihgYkDgYYABAHePckmO8jElp3GhL4O7FS+/ZqfPboZTYZYp4k0G/DXjYTa
+ZzUifK+vCTUZUWkRl1c8jDYKEeUoVxK4u99ayRuXfACBLeWM0JXsLlqbJH6z7UHY
+vvaurOGUp6BbZapdKJ+8mxdw7IS7a+DCxkzDfB1Up/XXE3eprb4g8m9vK1RKgh6o
+MQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB3j3JJjvIxJadxoS+DuxUvv2anz26
+GU2GWKeJNBvw142E2mc1Inyvrwk1GVFpEZdXPIw2ChHlKFcSuLvfWskbl3wAgS3l
+jNCV7C5amyR+s+1B2L72rqzhlKegW2WqXSifvJsXcOyEu2vgwsZMw3wdVKf11xN3
+qa2+IPJvbytUSoIeqDE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C12:KAS-ECC-CDH_P-521_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAgxku0LHLMfdYF3lJN/Zq2Rz3RVLN
+UQztuf1kExBCKvXQnyIcrSSe6BTRbdeshN7Z6s3Cg0D8/JwMBqvjCi/CjNgAIhLt
+hoyboPsskeLDm6k5lqPk6/RfKFLQkoxIkw6HXMe0KNDn8/TVA+XWDGjLSbE8JIDN
+SGvtkgDK3a3f5P+ONWI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C12
+PeerKey=KAS-ECC-CDH_P-521_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00062f9fc29ae1a68b2ee0dcf956cbd38c88ae5f645eaa546b00ebe87a7260bf724be20d34b9d02076655c933d056b21e304c24ddb1dedf1dd76de611fc4a2340336
+
+PrivateKey=KAS-ECC-CDH_P-521_C13
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBGmNH1OgByRkjSINU
+zFM+fjX934H/D7f1a7Bybgwp7l3NxfOUulTPVyaQSKq24FWJXI2iS4sGOadCMUOQ
+zAQZDtahgYkDgYYABAD+MCZ/M7pc3vwly7PJMg2tnMsdfTdmRGIMpPre5WJqPO3i
+WtJUYk3vcnpwSPcUX3YWKqmAQvmxI7IHb46M9Zs/3wARRdxmMZU7bilF6UMB1suw
+mP5LBPfumwlBHfEE3ILX157EagHtDy0+fbbraAaUvesQfBB4rsbKvZ6+49NC/n5U
+3w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA/jAmfzO6XN78JcuzyTINrZzLHX03
+ZkRiDKT63uViajzt4lrSVGJN73J6cEj3FF92FiqpgEL5sSOyB2+OjPWbP98AEUXc
+ZjGVO24pRelDAdbLsJj+SwT37psJQR3xBNyC19eexGoB7Q8tPn2262gGlL3rEHwQ
+eK7Gyr2evuPTQv5+VN8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C13:KAS-ECC-CDH_P-521_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBqJtjapPl0rpsIpK/IwM6hPBqOsEi
+DqcegGr74JeoBMxn6bqlFM+2wSyRlL4wISv3quf99tN2whLwVU5lZGP/q34Bgu/K
+9w/EEtM2YC4BTaRyVqC2BvKt3M6AU7+Beshla7TkLxTIy/Kmj0iKs13N9kBWJx3u
+H2BqRAukvU5aEbi45U8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C13
+PeerKey=KAS-ECC-CDH_P-521_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0128ab09bfec5406799e610f772ba17e892249fa8e0e7b18a04b9197034b250b48294f1867fb9641518f92766066a07a8b917b0e76879e1011e51ccbd9f540c54d4f
+
+PrivateKey=KAS-ECC-CDH_P-521_C14
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAIrbSoi1x36qBHS2f
+nzH77Sfy4fPSOVON3z5MyMOaMwJm2yW3vAqXBPF73n81kr9fHy1LVgE6rMPY0bwC
+8A0xRsyhgYkDgYYABAC6OM+/n9JRij9h1DVJ56am0osr5X/9Pg+s62NrNO0X4ESp
+8kna6PwTLpN+LZNJzS7Xe7EEnOtpKi7FsXrWFQKmTAAeyR0wWFc/psBWSgKhoBAW
+DDE7x8c1ENyYPlRhaCtb4A285+LGgq1z8pyoIs3BEfaPq+M6ezhKZINCw8258FC8
+2w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAujjPv5/SUYo/YdQ1SeemptKLK+V/
+/T4PrOtjazTtF+BEqfJJ2uj8Ey6Tfi2TSc0u13uxBJzraSouxbF61hUCpkwAHskd
+MFhXP6bAVkoCoaAQFgwxO8fHNRDcmD5UYWgrW+ANvOfixoKtc/KcqCLNwRH2j6vj
+Ons4SmSDQsPNufBQvNs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C14:KAS-ECC-CDH_P-521_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBcgCz8Wpoy67Sv3i6jN37bP+sJiu6
+APvCX53HKgfOWTcpBImfNkxEyyZMCXtkfUQSvuPlGYktU02RKfiij3UA/ucAurqN
+ZypPSjtj3ki5b1bhjfXWj31w1RCYM/Q3cNZzLgazmtYNk+W0Pbh4nx7Aq6RyhqOe
+pYQjWs6nV9vxPVO1g2Q=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C14
+PeerKey=KAS-ECC-CDH_P-521_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0101e462e9d9159968f6440e956f11dcf2227ae4aea81667122b6af9239a291eb5d6cf5a4087f358525fcacfa46bb2db01a75af1ba519b2d31da33eda87a9d565748
+
+PrivateKey=KAS-ECC-CDH_P-521_C15
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAW6z/8mis9lU8PFg7
+Rk6jah014rJXpdSes0GdWglQh8L7TRXPW/WvgW0PP/dYZJDM093BqYs5zmN0nGKI
+zg29rH2hgYkDgYYABAA25IjadYFHKp2OYoxY1q1ycxG35qP2rjOoVE80sJKAJJAg
+vnGWkW+v2Q4uxUtmtUaNI2G5m1b6ANesN6u4xvFmUwEe25+4rbakP09fX9wUIcn+
+BPyLpGybZjNOOvknyL77QwcQTymazsTjD4Etk0XJcg0Zhp2//9TKPn0nE+tfw/Qm
+FQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQANuSI2nWBRyqdjmKMWNatcnMRt+aj
+9q4zqFRPNLCSgCSQIL5xlpFvr9kOLsVLZrVGjSNhuZtW+gDXrDeruMbxZlMBHtuf
+uK22pD9PX1/cFCHJ/gT8i6Rsm2YzTjr5J8i++0MHEE8pms7E4w+BLZNFyXINGYad
+v//Uyj59JxPrX8P0JhU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C15:KAS-ECC-CDH_P-521_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQATv1dvS+Xnjgxzpj4I1XWyhSldXhC
+h1iCmQq4Wrm3NS3WubL06poelcOIDWXR82AvnKZT3DRvrIWGWNdWJvTU+wgAYc8V
+29qn8xWJyYQANz2ihFBtcMifB07SYqnigUB5a3I2wu75kBYIXnFVL/SIxytzOf77
+eRXDhFnLIKuFrsTkUFI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C15
+PeerKey=KAS-ECC-CDH_P-521_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0141d6a4b719ab67eaf04a92c0a41e2dda78f4354fb90bdc35202cc7699b9b04d49616f82255debf7bbec045ae58f982a66905fcfae69d689785e38c868eb4a27e7b
+
+PrivateKey=KAS-ECC-CDH_P-521_C16
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAjiyTxUI4diI6Y3yt
+NnyFidppotD8aGEvMZI65QIZ3yRS58ySYVtn8XtX/9L1KxkVS7QNdxUzZCD94uif
+7iRPWdyhgYkDgYYABAD6OzURjWxCJXD3JKJvkLKDOxkjkXTOoIHFMTP2TbYNaUDq
+EmEpnATB9Fh82wxMOWFkecG7DBRnmaEYAy3PmPiZwABp8EAikAYVH6MrUfZ5yIFv
+fBdQa0A4Cdx3zViirsQw2U0TtskW3pnzVapF/PvGhT1obHG+SWoGfSS/rqSBj8Uf
+dQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA+js1EY1sQiVw9ySib5CygzsZI5F0
+zqCBxTEz9k22DWlA6hJhKZwEwfRYfNsMTDlhZHnBuwwUZ5mhGAMtz5j4mcAAafBA
+IpAGFR+jK1H2eciBb3wXUGtAOAncd81Yoq7EMNlNE7bJFt6Z81WqRfz7xoU9aGxx
+vklqBn0kv66kgY/FH3U=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C16:KAS-ECC-CDH_P-521_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBKYkd4M88+C6MLPG/kLspb+AKsIyk
+W7eJLg4ielBP3QXSOBpESLaK3/nEFTyH6st4Mw2L1SUV+fmgtY6F9Ea7ThAAnt1n
+lpbT0dDvMn8gA4MlP2QTaD2eT8yHuzXxEsLxEAmNFeVwHXzu5BYpH/X+2F5of3Jz
+iLmv4mpPb+7VYLIY5rs=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C16
+PeerKey=KAS-ECC-CDH_P-521_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00345e26e0abb1aac12b75f3a9cf41efe1c336396dffa4a067a4c2cfeb878c68b2b045faa4e5b4e6fa4678f5b603c351903b14bf9a6a70c439257199a640890b61d1
+
+PrivateKey=KAS-ECC-CDH_P-521_C17
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIABNSdOdQNgRG/FtKM
+WTZVQyaxlzU+67z0dUU5O8jTqvmPFPW+cHS/s45syXuYl1QHTa3bMEX05M50Vmn9
+s+wNX6ihgYkDgYYABAEuwibQUM4Hx5s99NDwiR+fet9GLoyY28GioU9eU6P1rYlE
+M1h8xCmovp6h2E+jOxgDaQ2uBNpyGNMAJhV/yZXPUgBIN9+/NCb1e1x5MmkTCrua
+OPYYUyIRkxFU207rmu3ojlcpD4QuoPLqml90xiA6OSD+TjBfYRj2drFU4ddbnLXr
+iA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLsIm0FDOB8ebPfTQ8Ikfn3rfRi6M
+mNvBoqFPXlOj9a2JRDNYfMQpqL6eodhPozsYA2kNrgTachjTACYVf8mVz1IASDff
+vzQm9XtceTJpEwq7mjj2GFMiEZMRVNtO65rt6I5XKQ+ELqDy6ppfdMYgOjkg/k4w
+X2EY9naxVOHXW5y164g=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C17:KAS-ECC-CDH_P-521_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBo8ICQOWfW3o+F8J10jFLoXQSEK1Y
+txA2+Mg8wfaw9Anf3ZET6Utn7DnDKRQmwj/8xEcFRnDSkI/4/mfcIwYDTFwB0oJb
+/Tr4seEyBXgME3/pOPhP3kAYjmHqAs6tgbrf20JcKffX+wMk3rrcELu5PeaPYsNQ
+aSaCg/UmWGXbV6efe/c=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C17
+PeerKey=KAS-ECC-CDH_P-521_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=006fe9de6fb8e672e7fd150fdc5e617fabb0d43906354ccfd224757c7276f7a1010091b17ed072074f8d10a5ec971eb35a5cb7076603b7bc38d432cbc059f80f9488
+
+PrivateKey=KAS-ECC-CDH_P-521_C18
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBGl0cx5zSv3PqEG8O
+YKWs4iCBO1Pie3OYZDNKB8AzZ+/aekYZ+m7vOpdGSSKDs8RFYQoCOpzEm/RZEUA4
+T8pci7WhgYkDgYYABADrB8czLu230wNgWdNffSKI1Dd9X0IzetOWQHn7EgzNTIvT
+hLWFYhBVIXAjrNmpT8s7llv7OUZ154it5Bod5z5iDABJGoNd4ubn3rfgkPShHyxG
+DAsfPV6U7o11EBTccgeE/TtUUAyG667xhCnwno6HbV0VOJaKAw13Fd3pnw2PBuKd
+WQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA6wfHMy7tt9MDYFnTX30iiNQ3fV9C
+M3rTlkB5+xIMzUyL04S1hWIQVSFwI6zZqU/LO5Zb+zlGdeeIreQaHec+YgwASRqD
+XeLm59634JD0oR8sRgwLHz1elO6NdRAU3HIHhP07VFAMhuuu8YQp8J6Oh21dFTiW
+igMNdxXd6Z8NjwbinVk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C18:KAS-ECC-CDH_P-521_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAfi0Tjygy40Wuj/ZZV+QOXscWPwFr
+320koiQ9qmMdh4pKFng5kMciOCEw+eUfDBvW/1rJZ4Dki2j13slfQuYUS7UAsN5c
+iWeR9SiGsPCZE+JueN0LaXmPxN9tlePKcI7Ly8zhwYlfVWG7q6rjcunmfm4aO+YO
+GbRwzfZz7B/Dk9NCbiA=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C18
+PeerKey=KAS-ECC-CDH_P-521_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01e4e759ecedce1013baf73e6fcc0b92451d03bdd50489b78871c333114990c9ba6a9b2fc7b1a2d9a1794c1b60d9279af6f146f0bbfb0683140403bfa4ccdb524a29
+
+PrivateKey=KAS-ECC-CDH_P-521_C19
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBDJCMrxvnTGFrYl/I
+wfUURGpq7IO1k3FB1q+7Cox2Zqd0b6H3pmZKISPozfbNi/g2xW08Dr3MmA5DoYb5
+OPOniuehgYkDgYYABAAxiQ9Mer7D9yM2IoXXfSY2+HaBfbO7yIsB53NZe5af9vAT
+6kcMhUq0p3OQBOuMvqabgt3zasrdQGhxeY7LKsOqfwDYtCmuMlAma5ZDwMdlpg3B
+AVW8JTHPhicpb0l4tmQKnmAOGdADfVhQP6gHmVRqgU10eKVQqpDl6+sFJSf6rq5d
+CA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAMYkPTHq+w/cjNiKF130mNvh2gX2z
+u8iLAedzWXuWn/bwE+pHDIVKtKdzkATrjL6mm4Ld82rK3UBocXmOyyrDqn8A2LQp
+rjJQJmuWQ8DHZaYNwQFVvCUxz4YnKW9JeLZkCp5gDhnQA31YUD+oB5lUaoFNdHil
+UKqQ5evrBSUn+q6uXQg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C19:KAS-ECC-CDH_P-521_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAEYw2AiIJsa+OutGhK1ZvxIdEV24R
+mf6A3hzfhRzfA+W5CRqPfgeeg7f4JyWbaR0MIu4p1r33Pse7/XRvLNl6NX0A2l/0
+kEVIo0Li57pqH07l+EBBGpbPY+b+Yi8iwT5hTgqEfBGhqz8dEsyFDDLglWFMqPfi
+chR3tIbp/0A3KXfD9lw=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C19
+PeerKey=KAS-ECC-CDH_P-521_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0163c9191d651039a5fe985a0eea1eba018a40ab1937fcd2b61220820ee8f2302e9799f6edfc3f5174f369d672d377ea8954a8d0c8b851e81a56fda95212a6578f0e
+
+PrivateKey=KAS-ECC-CDH_P-521_C20
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBs31rcojeZxNgQl0+
+WsHMshgVB52Nc0Mem3Sm8OeuAEo1dXWxGtZmQs6Ld1WT66nZi/Jcde8LTTogmLvG
+QfWaK3ehgYkDgYYABAAYml7jTefjWu/q7vkiDBgHG0wppMO9nZVEWL0+gqejTaNM
+/1V5uBAcBlsfL1J89FgVAeKO9WcYc+ZSZ3M9ADUgrwHrS8UKe01Fmdfj+nc9256y
+UsmzQihy5US991x79g9RZt3BHrCPp8MIItq67jc6tGjrLZIuSE4qUn//LruAS32a
+Nw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGJpe403n41rv6u75IgwYBxtMKaTD
+vZ2VRFi9PoKno02jTP9VebgQHAZbHy9SfPRYFQHijvVnGHPmUmdzPQA1IK8B60vF
+CntNRZnX4/p3PdueslLJs0IocuVEvfdce/YPUWbdwR6wj6fDCCLauu43OrRo6y2S
+LkhOKlJ//y67gEt9mjc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C20:KAS-ECC-CDH_P-521_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBeA7f8cocA8++WT7cbASbyyhgKUqS
+w1VInZr7LnAgda3hyVOJWkViMKDN6QXeSj84Vz2/zM1nrW5+k/C1WB6Sal0ApUgZ
+YskWKWLn8OveyTaTXQ6qgT6CJtQNf2EZv9lAYCOAyGch5h2xgw9R4TnyEAALzsDY
+7dOeVNc6mhKflc1fqXk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C20
+PeerKey=KAS-ECC-CDH_P-521_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=015d613e267a36342e0d125cdad643d80d97ed0600afb9e6b9545c9e64a98cc6da7c5aaa3a8da0bdd9dd3b97e9788218a80abafc106ef065c8f1c4e1119ef58d298b
+
+PrivateKey=KAS-ECC-CDH_P-521_C21
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA8mYax2L2DF//I75d
+lpzNTsb5jk5yYY0Svc25tBAhYjM3iMC65Z+RzfwXLHoWge5E2WqyE1puXzQV67zV
+UWWxr7ChgYkDgYYABACo4lppAtaHtHh83JTDZKx87MXElUg+02PcCqle4r1znExN
+RrFwBscosHY1DX1+VMaCL1L0cWKiUQmqq6aQyraW7AFo0vCP4Z5Nye56GVsDyff+
+Znb59SC2JwVXUE5yykOUosaRhiXhWsDFG4+VzVYBI2U/uOjubblh4sTGLMVOkuKi
+qQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAqOJaaQLWh7R4fNyUw2SsfOzFxJVI
+PtNj3AqpXuK9c5xMTUaxcAbHKLB2NQ19flTGgi9S9HFiolEJqqumkMq2luwBaNLw
+j+GeTcnuehlbA8n3/mZ2+fUgticFV1BOcspDlKLGkYYl4VrAxRuPlc1WASNlP7jo
+7m25YeLExizFTpLioqk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C21:KAS-ECC-CDH_P-521_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBbaz/oYPlMDCDozT3Zd5yTsXslAIC
+bUeXiEqYKKDTIajPrHSrc3/iCn1r78/HO2o1wcewHTc+MavBktSKQkGjWAMBHlMn
+ysItMF5xVuVZF24Zvufk8vWehvGp0LZgO2p98Qab3mOH/rcVh7j/zlsmbhuuht4p
+N4o05cdLZyTE1ApxmSM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C21
+PeerKey=KAS-ECC-CDH_P-521_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=014d6082a3b5ced1ab8ca265a8106f302146c4acb8c30bb14a4c991e3c82a9731288bdb91e0e85bda313912d06384fc44f2153fb13506fa9cf43c9aab5750988c943
+
+PrivateKey=KAS-ECC-CDH_P-521_C22
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9DDKEmHwloGpKC6e
+lwqSNCJ7HV5Y1VjDzG7/RNG99T3hatXuKxi5LWL8eVhhFrDvwV95NA+36vXObEQ0
+Hc+N3iehgYkDgYYABABsHZteyofeH7hxoKMvgHxyWtzN6bOWdFOnE0fWCPDAMM0J
+4zjN7L9KAgFbyKbo0+JZX+dz/8L8TkpV0LGizAAyOwEUGyEJ5/SYHJUqqBiiufb1
+xB/szbenpFubS2cpN3cbAIyuX5NN/j/tENODqx84dpySzojZvlQUgX7LBzoxqzaM
+yw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAbB2bXsqH3h+4caCjL4B8clrczemz
+lnRTpxNH1gjwwDDNCeM4zey/SgIBW8im6NPiWV/nc//C/E5KVdCxoswAMjsBFBsh
+Cef0mByVKqgYorn29cQf7M23p6Rbm0tnKTd3GwCMrl+TTf4/7RDTg6sfOHacks6I
+2b5UFIF+ywc6Mas2jMs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C22:KAS-ECC-CDH_P-521_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAoJFCHTcD47NB6fHn1Y+M9729F5jQ
+AZZ7gB0c7CfmBcWAsjh8HLRk9VznrIAzQQKrA8+4bYivdsn0EpwBvt07v8QAjJxX
+eo5vxEaBXp1AuqZgJfFdrihfGetmjuYK6cmOfs2/Kypo4ikoBZ9n2xiABxYdPs85
+fgiD8MTrfq94J6YiBcw=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C22
+PeerKey=KAS-ECC-CDH_P-521_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0020c00747cb8d492fd497e0fec54644bf027d418ab686381f109712a99cabe328b9743d2225836f9ad66e5d7fed1de247e0da92f60d5b31f9e47672e57f710598f4
+
+PrivateKey=KAS-ECC-CDH_P-521_C23
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAXcM67aA8LrIzAU7k
+aN/3U7cvc7AJkQQ+o1OCiuadTND63tp7sni1NdfFdAb/Lm5HOlpP+Y6Q+Q1trdJR
+AOjYVmahgYkDgYYABADIJbowc3POyN0kmO74LiH9mGIWjb/rg1k5gMqfgodTM4mf
+6U8Tfa8cQYnrUCk3w6Nn6nlR7YsPM3f83ykiAh1GpQFriiVA1eZUk4iLwzcknmfA
+pod08+jYHjtFdKASUWXwvVi4r53nSzWDJTn5XDzZ8bdZQIVgqmhRrjrHVVNHsNOx
+Ow==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAyCW6MHNzzsjdJJju+C4h/ZhiFo2/
+64NZOYDKn4KHUzOJn+lPE32vHEGJ61ApN8OjZ+p5Ue2LDzN3/N8pIgIdRqUBa4ol
+QNXmVJOIi8M3JJ5nwKaHdPPo2B47RXSgElFl8L1YuK+d50s1gyU5+Vw82fG3WUCF
+YKpoUa46x1VTR7DTsTs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C23:KAS-ECC-CDH_P-521_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQATziBZoF3EonODLg6Ximhqwb8kfeG
+mUsjcI/wigig9nW4Ca6Z6fmWfrGknxlgV9aeUNbe203S2agcAr3Mj39RhGAAnvsk
+TIuRCH3h7tdmUA8OgVMHUtRpJW73n2uWXYoiMqDC28To4dCSFLqzhIW+bjV8QgDQ
+c7UvBOShb8b1JHGHrss=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C23
+PeerKey=KAS-ECC-CDH_P-521_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00c2bfafcd7fbd3e2fd1c750fdea61e70bd4787a7e68468c574ee99ebc47eedef064e8944a73bcb7913dbab5d93dca660d216c553622362794f7a2acc71022bdb16f
+
+PrivateKey=KAS-ECC-CDH_P-521_C24
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA3xSx8UMqew+wU5Zf
+2GQ6/uJrJFHstqilOmVdX74W5MZM6GRyJesR5/3LI2J0cd/8XCUjvSromVfLo6V6
+I5M+WnihgYkDgYYABABOhYO7uy7Nk/BxTDMt/1qzvGOW5i88VgIpZkMpuqUTjDux
+w2Qoq9TiPRf8t6LPzCJLLnNMiUH28SFyLXtrlBVFdgHPCHTyBLA2PwIIZGcvrb+H
+yIEesUd1iyVLdLFPrnQhWfD2caAYISu/JbhRnhJtTK13jP/1DSiP05zrDKxjWxde
+wA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_P-521_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAToWDu7suzZPwcUwzLf9as7xjluYv
+PFYCKWZDKbqlE4w7scNkKKvU4j0X/Leiz8wiSy5zTIlB9vEhci17a5QVRXYBzwh0
+8gSwNj8CCGRnL62/h8iBHrFHdYslS3SxT650IVnw9nGgGCErvyW4UZ4SbUytd4z/
+9Q0oj9Oc6wysY1sXXsA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_P-521_C24:KAS-ECC-CDH_P-521_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_P-521_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBoyCZsCwL2FNx9gsN0giQ5sevBIyB
+eYkP2jCLNZ27wreoMruMZSbEr5mn6j8LPLlq4et2hBMnlcR4rW+WLkpvRG0Bdic1
+eznp12MqE3Cz6Twa+1yFG5EOtOrQydOH32fN6FAD4OQnVS8c0JBZqtAmLiNczl+6
+jO3E/cFGPadtzUttGkY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_P-521_C24
+PeerKey=KAS-ECC-CDH_P-521_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a3697062f42da237aa7f07e0af3fd00eb1800d9c41
+
+PrivateKey=KAS-ECC-CDH_K-163_C0
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
+SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
+Z7icPpo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
+53YiHHK4SzR844PzgGe4nD6a
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C0:KAS-ECC-CDH_K-163_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
+JRuNoCHLrCgfEj969PrFs9u4
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C0
+PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc
+
+PrivateKey=KAS-ECC-CDH_K-163_C1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDrvRHVNDKl9QrTpeqkhVi
+Y8DgePahLgMsAAQBsBCMeGv000DwUFvfx9RbUUYRrZQCLJw51fuUVriiIhzqTwWP
+ao0s2Eo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAbAQjHhr9NNA8FBb38fUW1FGEa2UAiyc
+OdX7lFa4oiIc6k8Fj2qNLNhK
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C1:KAS-ECC-CDH_K-163_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAWmXRAkv4rX+fsv2mHt66goG/SywA13k
+Qd+UCNkfDgId+PBSa4BjAxSV
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C1
+PeerKey=KAS-ECC-CDH_K-163_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05f9ac3a3dd88429600958386c55bef4b1aa5f0c24
+
+PrivateKey=KAS-ECC-CDH_K-163_C2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDEXI0Lm03zB4GKkSUw5y6
+SPmtmoyhLgMsAAQDon7K7Ctm/qwgQPaJASi9AFjTGSQBQAfjIJttcSew85Pl5YsV
+kLn0C+I=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA6J+yuwrZv6sIED2iQEovQBY0xkkAUAH
+4yCbbXEnsPOT5eWLFZC59Avi
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C2:KAS-ECC-CDH_K-163_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEApZdsVkXH1y356G8xhYRrqyoxSybBocd
+Hpwf6EUmgHaplYA6bUnNB1VU
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C2
+PeerKey=KAS-ECC-CDH_K-163_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=022e0290eda5d348894129f7455d1c766d32d5c2c2
+
+PrivateKey=KAS-ECC-CDH_K-163_C3
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDKlEc3NS/xWfOrIwk7QTo
+iU33jd+hLgMsAAQGl42sqkfY87yQtB7H9Piseaht3QcH+LDvQnB2A3a8LV+u2D2n
+hyYx0J8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBpeNrKpH2PO8kLQex/T4rHmobd0HB/iw
+70JwdgN2vC1frtg9p4cmMdCf
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C3:KAS-ECC-CDH_K-163_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBVtowMLCRv4PLNVIS1iBTGUhPqVBBTnB
+HSWSovY5O26GxU35Cblf4NWo
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C3
+PeerKey=KAS-ECC-CDH_K-163_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=037f659f430009fcdae4e9f6e6316b0f5dbb268212
+
+PrivateKey=KAS-ECC-CDH_K-163_C4
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCxvZP5gnrjutbU/q2MIiY
+5j/y4/ahLgMsAAQFSeGoLsKEv3fVKGJ+Utgy4jbJKtMBmIOqm0WLNb1UTWiCgSFQ
+wUl9MdQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBUnhqC7ChL931ShiflLYMuI2ySrTAZiD
+qptFizW9VE1ogoEhUMFJfTHU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C4:KAS-ECC-CDH_K-163_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBrjvWmLTtjalp2v+se+P9Niz2eL8BnWn
+VyZnGDmNivZtKXF5hHji830o
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C4
+PeerKey=KAS-ECC-CDH_K-163_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00503bbb9b62f50ae7a8dfd74a1741826f09290651
+
+PrivateKey=KAS-ECC-CDH_K-163_C5
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCalaGdRPd2MqU15I7qh9/
+sA2qOPqhLgMsAAQGwopA3E5VA9LEuKsLa3BG6OJawJ8BIZEWVKWDYAXYA22XZYX/
+HYMeWHs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBsKKQNxOVQPSxLirC2twRujiWsCfASGR
+FlSlg2AF2ANtl2WF/x2DHlh7
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C5:KAS-ECC-CDH_K-163_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBWxKNYassDCZ1Sss1KxZJpz1G4cwAkJl
+YcvZ2hsjpgA94OX3xKBlpcK4
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C5
+PeerKey=KAS-ECC-CDH_K-163_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=012cf17799fdefa2940b18d56e80d44414c5b13884
+
+PrivateKey=KAS-ECC-CDH_K-163_C6
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDhoEQecgCHC159N6VLLLl
+mcQuGe2hLgMsAAQGCqQqYuIe6jfjYrTT3oN/DEnTrBMGmyDW/RbROxiD3wVimsfR
+uCOGs0Q=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBgqkKmLiHuo342K0096DfwxJ06wTBpsg
+1v0W0TsYg98FYprH0bgjhrNE
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C6:KAS-ECC-CDH_K-163_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEB0HGmk7bOGyU+BnRtd3QKB5P8pdlANMv
+lyq6yRvoWnCeugf10WIVrmAt
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C6
+PeerKey=KAS-ECC-CDH_K-163_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=062a2f926ab435ac14e05d44c27b46b6820b713aee
+
+PrivateKey=KAS-ECC-CDH_K-163_C7
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUA5G6cllJoZH8gSEdMexpU
+3/5yjx+hLgMsAAQHqYTq1EAxDO8uEziXL/Ld22XKw9IDM8GpNCf+asUCdgt3eImK
+i7akCtk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEB6mE6tRAMQzvLhM4ly/y3dtlysPSAzPB
+qTQn/mrFAnYLd3iJiou2pArZ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C7:KAS-ECC-CDH_K-163_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAe9HeV+w44BAWrXoje/DztmpJRSmAL5h
+gdf8A8qL/fEYac6ijPoOX19k
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C7
+PeerKey=KAS-ECC-CDH_K-163_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0399b9294e895486bdefbaad7a729353ce09586357
+
+PrivateKey=KAS-ECC-CDH_K-163_C8
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCczSXFAWwRhw+3mfyujNn
+NEUag3ihLgMsAAQHZ8Me6TA7GyzTBZ+BUH7zBOvTECwCUeDUMNw/Y/Oje6seepV2
+Us9n4iw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEB2fDHukwOxss0wWfgVB+8wTr0xAsAlHg
+1DDcP2Pzo3urHnqVdlLPZ+Is
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C8:KAS-ECC-CDH_K-163_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA3TX+bqM2opo3nJ50/+GdAMv1HwCA+3p
+lcOk6Kb+Ic0eTNTKOBLA1pKl
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C8
+PeerKey=KAS-ECC-CDH_K-163_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=022325a9a769a902c2e64c80a1d35429ced42ae0a4
+
+PrivateKey=KAS-ECC-CDH_K-163_C9
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBm7SAc5ARI1xtXG501qe7
+TyD2G3qhLgMsAAQAk1SQdXBNedrncjF91lJE+nclaesCqKKCHdOdfnZTynHPwant
+hXgBo5s=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAJNUkHVwTXna53IxfdZSRPp3JWnrAqii
+gh3TnX52U8pxz8Gp7YV4AaOb
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C9:KAS-ECC-CDH_K-163_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBld99U4Rx+diAvlPVk5hN7I85uRBBok2
+YAqtyyX9QCTtPoRbK7+AcoDm
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C9
+PeerKey=KAS-ECC-CDH_K-163_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=051392d5377016358405030b48744003db66440a2d
+
+PrivateKey=KAS-ECC-CDH_K-163_C10
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUA9O21i8w9bp0xcilCCnMy
+gezP8c+hLgMsAAQCcYNgm3WTsYRTZcCB1F/2bJq143AGm5gSNv6TCUe2t383QoKh
+jkvpk8s=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAnGDYJt1k7GEU2XAgdRf9myateNwBpuY
+Ejb+kwlHtrd/N0KCoY5L6ZPL
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C10:KAS-ECC-CDH_K-163_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAmHRU0XOtJIimo10WX59/RmutoSKARSh
+Is4oyhViD3tAofJrQjTJVr3B
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C10
+PeerKey=KAS-ECC-CDH_K-163_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=045dac076e79de2fc631315465d3ef6245f26647e5
+
+PrivateKey=KAS-ECC-CDH_K-163_C11
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBuZBJGhL97iMaoqEW4ePB
+yR0P1HihLgMsAAQD2oadCcTkVFrBaJ/HIxYBJjLQq9kCyCD0AxDl/9L4v0Ofuoeb
+su9iGyo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9qGnQnE5FRawWifxyMWASYy0KvZAsgg
+9AMQ5f/S+L9Dn7qHm7LvYhsq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C11:KAS-ECC-CDH_K-163_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBw44D0k3CgAnlUpOqIC8GSmyjFMpBG/j
+tFSvlCCoEfHhX3dNpa4aQLRZ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C11
+PeerKey=KAS-ECC-CDH_K-163_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=014f7a46847ed6a7ff605b0e52c616e4ad3f0d5029
+
+PrivateKey=KAS-ECC-CDH_K-163_C12
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUA6Cm5lC/ZZIf2ASkI/gT2
+2OqvGWahLgMsAAQFqyB0wE31cWAWdzX3/C2PYp00/xgBLp2m0Fuz4qy+W6SvtKDd
+ctsH1qw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBasgdMBN9XFgFnc19/wtj2KdNP8YAS6d
+ptBbs+Ksvlukr7Sg3XLbB9as
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C12:KAS-ECC-CDH_K-163_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBuYK93QZuf4PxcecoaIqEBFAJAW2BpvK
+NABbV4zXp6aSm9P2zimUO17Z
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C12
+PeerKey=KAS-ECC-CDH_K-163_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00eacabc34555956995623e60482e5c118e34e2094
+
+PrivateKey=KAS-ECC-CDH_K-163_C13
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBV86PC2zpLkJuyZ8iOtgn
+Y+S9P/OhLgMsAAQF05icykrnMt6TZyslySYIYbTA3OMENqMx6tJPKAe1UmD53D3m
+aM+/67c=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBdOYnMpK5zLek2crJckmCGG0wNzjBDaj
+MerSTygHtVJg+dw95mjPv+u3
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C13:KAS-ECC-CDH_K-163_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBPdQ4nUA4Q8KF2uD8UvCbWvXHr10A55Q
+CQZ8DuLI9Vt+hNp6OR8Ir3UE
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C13
+PeerKey=KAS-ECC-CDH_K-163_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0414a622645107f115576f51cdf39d1393a2d7851f
+
+PrivateKey=KAS-ECC-CDH_K-163_C14
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDeYhfRfLXB74cEdhsQbra
+STsqVgOhLgMsAAQFrjHLKbMdJPX5TDDpwC8H84v/CsgE2Njjm/h/BYVD3ImQqRIU
+2kFsxVg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBa4xyymzHST1+Uww6cAvB/OL/wrIBNjY
+45v4fwWFQ9yJkKkSFNpBbMVY
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C14:KAS-ECC-CDH_K-163_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAqufW6lBAtIacGdh6sAJIZDxza0EBK3d
+d+GZwTLRisVBsRd0jSMZ23/l
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C14
+PeerKey=KAS-ECC-CDH_K-163_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=056be002daff11c4066e10acd046a85e170fa4c122
+
+PrivateKey=KAS-ECC-CDH_K-163_C15
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAuoxYZNs+/XaLk3b8K2wf
+hfRvavKhLgMsAAQGL2IhSYI/JVtPhpBmZvOjVWrwgOoCdMoywQ+a3WGgJtIK061W
+sX+wakY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBi9iIUmCPyVbT4aQZmbzo1Vq8IDqAnTK
+MsEPmt1hoCbSCtOtVrF/sGpG
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C15:KAS-ECC-CDH_K-163_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBD0l0t6Sk7hNNRozyxpS9ZMKTIt2A9JZ
+2CNunI1kN/QebVRhHFIjj+LV
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C15
+PeerKey=KAS-ECC-CDH_K-163_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=021fef8e473daeda8ef6bf07814d7b9b613e3076a3
+
+PrivateKey=KAS-ECC-CDH_K-163_C16
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUD5QgEhNNzCyJIzMSCYNS9
+GFdgWtGhLgMsAAQFiupuQLjLJeZiKnvk/wG3nJLecqUEP2d2tt7/PSm0xwOJnXBc
+f+z1JcQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBYrqbkC4yyXmYip75P8Bt5yS3nKlBD9n
+drbe/z0ptMcDiZ1wXH/s9SXE
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C16:KAS-ECC-CDH_K-163_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAFYOGkIYZRGL6hbNrWtnq6OE7zh7BYsh
+PsKrOUL49q1gqVaVW1iQZrhW
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C16
+PeerKey=KAS-ECC-CDH_K-163_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03a287fd1cca68db47a3c74c12627fc3728568dd66
+
+PrivateKey=KAS-ECC-CDH_K-163_C17
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAXQUroavqckl4yu8YeSRW
+ctWu+JGhLgMsAAQDa4Snczep3lwd1648iZOBOC8P/6QFbUrDn+iB/bjmDUVZZYqq
+3kVmPuU=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA2uEp3M3qd5cHdeuPImTgTgvD/+kBW1K
+w5/ogf245g1FWWWKqt5FZj7l
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C17:KAS-ECC-CDH_K-163_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA45IXekuQfHKymwOudgRpayom/NFAzGh
+Z3xGpo6WSBGpzF5OU+px4jEp
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C17
+PeerKey=KAS-ECC-CDH_K-163_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=029558b41b8b92387bc22c868f51bb7acb6e4ee2e3
+
+PrivateKey=KAS-ECC-CDH_K-163_C18
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDkYAYep7dzzjcJk8FWwfS
+C5+ai8ShLgMsAAQEspLR+gnfxeajrZn9Av63TUgONPIG4YiACaCgSRwL5qv6yUPT
+d/C0hjs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBLKS0foJ38Xmo62Z/QL+t01IDjTyBuGI
+gAmgoEkcC+ar+slD03fwtIY7
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C18:KAS-ECC-CDH_K-163_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBkJZ5QBHbdo+l+JeSR1GbCt5WL1JA8Ll
+MoE5NkGlGNHc7/q+6LKb3hQC
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C18
+PeerKey=KAS-ECC-CDH_K-163_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0530020c8f6362312bfbe5c1c605b40dc2e032e81c
+
+PrivateKey=KAS-ECC-CDH_K-163_C19
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBbTeGKxlXY8agHV45uUWa
+MlB8KyGhLgMsAAQDNEDkYMR18gWKdn7EZsoYvOQfgw4Dcq7jI9Bj+omsv/v1UCSu
+JOSSnxk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAzRA5GDEdfIFinZ+xGbKGLzkH4MOA3Ku
+4yPQY/qJrL/79VAkriTkkp8Z
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C19:KAS-ECC-CDH_K-163_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA3FCdpl7RHji2LWa9fLmPiK8TDHkBnPy
+jZYqv+3uYuq0fDtFeaHlFoM2
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C19
+PeerKey=KAS-ECC-CDH_K-163_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0521673006a1d9608911d54536e122d809e919d804
+
+PrivateKey=KAS-ECC-CDH_K-163_C20
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAbGWHlLA5yCCosDMAj6is
+dVa8rsOhLgMsAAQEy/soZpHkFQgaF4Xsawqs2x0jHR0F3WrP6R1oqOwjaGR4wO6M
+iSd67xQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBMv7KGaR5BUIGheF7GsKrNsdIx0dBd1q
+z+kdaKjsI2hkeMDujIkneu8U
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C20:KAS-ECC-CDH_K-163_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAnXsFfJ90tpuRN/mI1Ry1b06JQL4BY/Q
+ImKyfBhd3iayx31aT01Q3Jko
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C20
+PeerKey=KAS-ECC-CDH_K-163_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0460579beca16cccce314ff3040de4785336fc358c
+
+PrivateKey=KAS-ECC-CDH_K-163_C21
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBacjaIsNahVSVBHoQS+AL
+FXW2UquhLgMsAAQEXv7ZyL0qTkKViPNE9J0eY+ZovQECXRr4WsIdWYItffjw5L66
+3ztdRAE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBF7+2ci9Kk5ClYjzRPSdHmPmaL0BAl0a
++FrCHVmCLX348OS+ut87XUQB
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C21:KAS-ECC-CDH_K-163_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAjOvNhAwOSJvQW3SLhomtz+Qk9OKBzQl
+ihdcl3aKn3K4JLmakfXPjj2W
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C21
+PeerKey=KAS-ECC-CDH_K-163_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05ba66964483fe473ccbd00c37ad3ba40cc5969f62
+
+PrivateKey=KAS-ECC-CDH_K-163_C22
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAAy/HkIZGMmMMSaKemtD7
+bRDytYyhLgMsAAQHec+z4XyQKiWE7TOCqL7YJi25hCQASvJzh1+KKrmpSsDR5KIz
+kLK7UFw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEB3nPs+F8kColhO0zgqi+2CYtuYQkAEry
+c4dfiiq5qUrA0eSiM5Cyu1Bc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C22:KAS-ECC-CDH_K-163_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBtAyFSJA8ovn90349tKkUMEimlqVB6ra
+x3zERImF0XlGNrwdWC89EBoz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C22
+PeerKey=KAS-ECC-CDH_K-163_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0277c4a76e1613b2ede699a675c1645a786075009e
+
+PrivateKey=KAS-ECC-CDH_K-163_C23
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDwd5btA5wkz7X24TOLLRo
+y7opmzqhLgMsAAQF/+DxYBi9S97l9zv9rQTXE/Ihb1AEI2HIgfAIHLBUTvqww7NP
+Weqt7sQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBf/g8WAYvUve5fc7/a0E1xPyIW9QBCNh
+yIHwCBywVE76sMOzT1nqre7E
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C23:KAS-ECC-CDH_K-163_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAfhYHsYd8UCSJ6q3oBXyxx0p43FsAcH1
+HMQYW2iiYOMbSwDAOkQD9lwl
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C23
+PeerKey=KAS-ECC-CDH_K-163_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03c6481dac387af39e8c09a553068ac496eea03691
+
+PrivateKey=KAS-ECC-CDH_K-163_C24
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUDiBJ1uki+oL7MAhGQNGf1
+0KrjIaqhLgMsAAQHduQP5xSZhTN+8bbJuDDLNgh1KqYFjm7LsnsLLTzQ46e6U43j
+V2/VufY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-163_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEB3bkD+cUmYUzfvG2ybgwyzYIdSqmBY5u
+y7J7Cy080OOnulON41dv1bn2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-163_C24:KAS-ECC-CDH_K-163_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-163_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAroi+9qqqAbIVw8UrUyIKmEMy42EBtRD
+jlKMqIewW9JWTfk775v2YNp4
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-163_C24
+PeerKey=KAS-ECC-CDH_K-163_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07b5d096d06d41c3ad6458cc93417e6facc99bc7b8
+
+PrivateKey=KAS-ECC-CDH_K-233_C0
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0TWluMPOBH+8XfJid9O/g6
+wz3a21z0oFDKgr5I8KFAAz4ABAGlPlwTiz2DkF1WOqHbASdGM8mGtS94IlqS4z55
+UgDsq9Pi4mcpqWVgTlYO1EmKIrMcOWQuHPmbHd4+xw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAaU+XBOLPYOQXVY6odsBJ0YzyYa1L3gi
+WpLjPnlSAOyr0+LiZympZWBOVg7USYoisxw5ZC4c+Zsd3j7H
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C0:KAS-ECC-CDH_K-233_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAfQONLPtShstQMBW+3XyrVQ8iXz9gvVC
+z3RqDyAvAMEwoavpK8TJd8gAd3mWzMULkN+ZGi6B3VFcGIWZ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C0
+PeerKey=KAS-ECC-CDH_K-233_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00a822b141ca1f5ad32899e68c54d1fec3df8100df485ebf1c5868a9ac89
+
+PrivateKey=KAS-ECC-CDH_K-233_C1
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1Rvm+81IeMVUObC8u+Xqjo
+S8nbiecKjo6/NHgtqKFAAz4ABAHFoeXT7lFuPt5yP6LVzTRWsRYyYwPF7kknOlYE
+xABWjQ/nEwKVVBv6JlB0FHVG6XM3NroAdVnXFtjglA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAcWh5dPuUW4+3nI/otXNNFaxFjJjA8Xu
+SSc6VgTEAFaND+cTApVUG/omUHQUdUbpczc2ugB1WdcW2OCU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C1:KAS-ECC-CDH_K-233_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAMhkwqRiqTY6SsPYGCEbygNpRy0YYoii
+dWdDO9pFAGidTQAG66BU3Gn8wHhngPtfdNOYkhNQTi9uZmmA
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C1
+PeerKey=KAS-ECC-CDH_K-233_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01662682bec2dfae05e38587c8e6a4d18aef4cb3416989c47c11bbe2810f
+
+PrivateKey=KAS-ECC-CDH_K-233_C2
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0uzKWV5V5shcWveMWVQP23
+SQA/9Ow2HDi0jn2mvKFAAz4ABABaSPrEdsMcrQxo5k5l5oeuRBj7XTtLsqu5kN0N
+5AAtmt1wZibyhZ7OEQ3y3eifrz6KrEM+JZXiPCdAgg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAFpI+sR2wxytDGjmTmXmh65EGPtdO0uy
+q7mQ3Q3kAC2a3XBmJvKFns4RDfLd6J+vPoqsQz4lleI8J0CC
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C2:KAS-ECC-CDH_K-233_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAXgtgvzSEcAkfIfmV+/MXS/2sF65NTMK
+U5A/s7+jAMzoMKUV1pCrmBSVea00gThIWeVl0H+mH1Dr1mmi
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C2
+PeerKey=KAS-ECC-CDH_K-233_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00215d511cb95e0e073ee999908a7a844afd75c9acb7a9d724f7fd322b01
+
+PrivateKey=KAS-ECC-CDH_K-233_C3
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1qfAOJLfGE1Wzcy51emhZI
+OmyTiK4hKqkmyP37XqFAAz4ABAFKr4gOgdtpq6K0A7vafzYeMzm0g84mmfML9Sge
+rQG3FVm9fZOE5Re4fxE4ppb7zrNRDYxBwhWNSqPlsg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAUqviA6B22mrorQDu9p/Nh4zObSDziaZ
+8wv1KB6tAbcVWb19k4TlF7h/ETimlvvOs1ENjEHCFY1Ko+Wy
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C3:KAS-ECC-CDH_K-233_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAI2ADTdnq/VzFpV1TuiCm4WP9OtgSkSK
+1mSQtJwZAbwPAzlkmtTXt8/z/KnpZaOGJej0W8lgKjPAeYoz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C3
+PeerKey=KAS-ECC-CDH_K-233_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01394e02c70104f2a5308b2d101b02c70ef2d13540602b8e8f82dc6d569f
+
+PrivateKey=KAS-ECC-CDH_K-233_C4
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0uL/h5G8ZMAPOw8dXVz7nd
+s7GTgUWZ99vd7e/Po6FAAz4ABAGARcyeZfbideMipiwY7+LQDPk5lf61NWEnOj8T
+BgFk4Ac8DUs+EuIvg3vT/sQh47sJ4MDdmXQigw9kAw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYBFzJ5l9uJ14yKmLBjv4tAM+TmV/rU1
+YSc6PxMGAWTgBzwNSz4S4i+De9P+xCHjuwngwN2ZdCKDD2QD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C4:KAS-ECC-CDH_K-233_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAUo+EhrdelJn9crSBLP0khUIR4ayP42U
+2f2gLg8ZADlP6hddrZs01SVDRlTQyGY3kmysOjKSouSlFLX1
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C4
+PeerKey=KAS-ECC-CDH_K-233_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=008556a4c3a8906ddbcb946099ca5dbe7bdb6cd8f37fbb50c96fcefed32d
+
+PrivateKey=KAS-ECC-CDH_K-233_C5
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1mly5xVmdG8vdsh3k3dAVO
+onXip+J6t8LQXF8kEqFAAz4ABAAgIm3XPjGOT8jUndQ+WeJgGT0bskjL5MBrTWuD
+iQDtEqTziWlqsxyT6j7E2Orxi+CX/JFS4sQrc/9FKA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEACAibdc+MY5PyNSd1D5Z4mAZPRuySMvk
+wGtNa4OJAO0SpPOJaWqzHJPqPsTY6vGL4Jf8kVLixCtz/0Uo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C5:KAS-ECC-CDH_K-233_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAIlmeIj4QlxaYjE0Yi8eqdmvNt+XcsQQ
+1uMfK024AIRDD6RxZNHA65cEKkTL70ALu1RfrqTvSbpeO+9C
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C5
+PeerKey=KAS-ECC-CDH_K-233_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=004ea6e0e34ec7c9bbad47f0f6f8ec0608e736d91e0e56cf3e5cffe8c370
+
+PrivateKey=KAS-ECC-CDH_K-233_C6
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0eU7qha8AmK1MppxGw6xiK
+G8p+9LXIUGEiXUHUqaFAAz4ABAB9bXhfoyMXTrnN5bcFQo5AGSRINbyUcC8oDCX/
+5QGaoO9DMHTEhNFOYRNy8D74kS8agkbOsekMgX2z2w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAH1teF+jIxdOuc3ltwVCjkAZJEg1vJRw
+LygMJf/lAZqg70MwdMSE0U5hE3LwPviRLxqCRs6x6QyBfbPb
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C6:KAS-ECC-CDH_K-233_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAWTaCZIl6zxkH8g8dyBKOW6rlJWxKiL2
+jnpLg5nVAM2Y8nBMdJTm0gN150UoyPVvhn6d12MpgULqAXJL
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C6
+PeerKey=KAS-ECC-CDH_K-233_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0160d0b9b92a4acd089738fd489ae39734551e888fd05a020ce26498270a
+
+PrivateKey=KAS-ECC-CDH_K-233_C7
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1CqAMqEdFld1XEnkdwM7DT
+Qdov6ZOkV3tBpAzuGqFAAz4ABAH2YpaX2mINWX/B9RyDN0IT836VL8EX7mWp52au
++wArNt7ceHrJUdKHnXJBTaLnV1ps18QuD6ILMtRh9w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAfZilpfaYg1Zf8H1HIM3QhPzfpUvwRfu
+ZannZq77ACs23tx4eslR0oedckFNoudXWmzXxC4Pogsy1GH3
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C7:KAS-ECC-CDH_K-233_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEADOosIo8M8NDAyztHA9egm+TLe6HnsFg
+eir11GKYAGxPJ6SbUaifbQlgFguluP7AjdLNS8kJpJCuvk97
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C7
+PeerKey=KAS-ECC-CDH_K-233_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0038381b342efaa70bb79adb76ceb775de5f45f863559ecaee1ddbbd0313
+
+PrivateKey=KAS-ECC-CDH_K-233_C8
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1D5XcJeBlfkXFS8Fe6H7AV
+bYlNMui7VMf2L3NApqFAAz4ABAFIfR/avM19idolaFsEKYCrFwruPBHzEYDjt8UK
+SgF+OD3WWh7IpAkAf3UDXlsWEzXZx3Vu2XBJD70XGg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAUh9H9q8zX2J2iVoWwQpgKsXCu48EfMR
+gOO3xQpKAX44PdZaHsikCQB/dQNeWxYTNdnHdW7ZcEkPvRca
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C8:KAS-ECC-CDH_K-233_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAM/hX4YaoBU0hfOKwDPfnI2BKv3hZ7iR
+i7lKCNljAb6/Bn+FEm0RSTIWIWQgGxN0vxhAqhHV4lBjnQYI
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C8
+PeerKey=KAS-ECC-CDH_K-233_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0122169f1dff445ec663270375dfe914016c38ce6c2d40d0b8098abc60ac
+
+PrivateKey=KAS-ECC-CDH_K-233_C9
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1MZ8YQPmISRgCg2ekj3CF6
+Ai9Xxv6yGccDM0/zOaFAAz4ABAAjUv6TQeYsYJ/BU44CcEBecAHXR7h1AOZEoRLF
+2QBB87FbcUpvfvZH4jZl6lMO/L4ZsHQENs2oEug5OQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEACNS/pNB5ixgn8FTjgJwQF5wAddHuHUA
+5kShEsXZAEHzsVtxSm9+9kfiNmXqUw78vhmwdAQ2zagS6Dk5
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C9:KAS-ECC-CDH_K-233_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAHY+KGvlB0C3+L14+nC8rIgN89c3HrM/
+2iRTs+0jAFe+bF99mQt1Q5hoM5rjJ68EoEmzi5IzK5y4yyfZ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C9
+PeerKey=KAS-ECC-CDH_K-233_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0054d47c9d0a9fee258122326be25daf35f0ba0b8449e16b4623a8c0fd7e
+
+PrivateKey=KAS-ECC-CDH_K-233_C10
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0Z5U2ocples9zczFBBjsNR
+QAiJ+udaC6Tc/yXx+aFAAz4ABAFeZ+rr5Sujf1tzoZnZUIEs7BAS/UEFgURLvyPg
+yAAiBV74Id8zBC+4MW3a12SF29JZDi9UmKkU5PCtOQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAV5n6uvlK6N/W3OhmdlQgSzsEBL9QQWB
+REu/I+DIACIFXvgh3zMEL7gxbdrXZIXb0lkOL1SYqRTk8K05
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C10:KAS-ECC-CDH_K-233_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALyKca1METTe8Cbkcj4xAiP7LFhZvHWU
+BUyJTaVSAMNlBWNQVTUDPHpsRI1zv6CPuDcCNMf9usGzTaoi
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C10
+PeerKey=KAS-ECC-CDH_K-233_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0071aed39f5c44a7ff72db3e0f8284da39dfb2d894f278d2006f9d2686e3
+
+PrivateKey=KAS-ECC-CDH_K-233_C11
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0Tpf/JoPcGnBxmFIaZYS5c
++rfiv3syVfGBoCJxkqFAAz4ABAGN5NxPak3lw2OOu6JNxwZJg7FZ9VsTnHaAocuQ
+0QE1Uy2BSK8+In1KiWDnaMVl9ywawKHJp70YXPmU0A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAY3k3E9qTeXDY467ok3HBkmDsVn1WxOc
+doChy5DRATVTLYFIrz4ifUqJYOdoxWX3LBrAocmnvRhc+ZTQ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C11:KAS-ECC-CDH_K-233_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAWzBrhP7NIJSSTAhzWFG1THwtyKEKkTH
+l5aJ8f84AYwJY/8Oo3BIyfb0dkTyp8jFA4Y8J88h7m4KMiTq
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C11
+PeerKey=KAS-ECC-CDH_K-233_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01ca68ead4eddc8847a3a661cc6628e076bdd4b45047ece72245d094dd3b
+
+PrivateKey=KAS-ECC-CDH_K-233_C12
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0vXSp+CHekyZBzcyOG6NWX
+NKI91/Dff81U2UHnYKFAAz4ABAFHmAlGgMvTL7HuncqmuHOaVWMFI1kz+ycVfTGe
+VwHIVfDUU8H/tfZosyqLPjCeDoEBvDm22+feIUAV4w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAUeYCUaAy9Mvse6dyqa4c5pVYwUjWTP7
+JxV9MZ5XAchV8NRTwf+19mizKos+MJ4OgQG8Obbb594hQBXj
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C12:KAS-ECC-CDH_K-233_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAOSeGCrF2TK+iwX+NA6Mty3zVkfezWea
+jFm12Pv6AYG5WpZavRbsJDDCbdBxmE6FSpZ/8RTueDG9MUsq
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C12
+PeerKey=KAS-ECC-CDH_K-233_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=017a893b2e090780ff8daaf3588f9dfc0ac4dfe1f1e263697a9d1f398ab3
+
+PrivateKey=KAS-ECC-CDH_K-233_C13
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1lKhH2wxF/Eyb6aHdAXOxz
+McTxRql/dKsMRN4Bt6FAAz4ABAAs1tTB0sxeNCBerblPTP01u1adpyLE2bGbjVzC
+3gDqMATlsJMN9/i9oxTIvBFFRj62ACLNLc9sDIJOUA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEACzW1MHSzF40IF6tuU9M/TW7Vp2nIsTZ
+sZuNXMLeAOowBOWwkw33+L2jFMi8EUVGPrYAIs0tz2wMgk5Q
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C13:KAS-ECC-CDH_K-233_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAVmLL9tb8aOVH7nsAW7LTSj2bC6dE1ln
+hlk1hdcZAe9lyvFXldFKC+icrHxoAyO8WYA7qHTLKWhnLLip
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C13
+PeerKey=KAS-ECC-CDH_K-233_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0041fa5fdf495b885699249b7746334b76c59e1c917bfc1ae371b96941f4
+
+PrivateKey=KAS-ECC-CDH_K-233_C14
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0q1fccY4SvYmibNcJMTd+z
+Ws+BBssMGVAsLKGEr6FAAz4ABAD+G1JAinEoQb1i8O5RMH8mMx1AK8w6WrBAXRxe
+gAEKcxp9ampPW0Cy6qgQwZAtsnso0pe8BfNxTKyvwA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAP4bUkCKcShBvWLw7lEwfyYzHUArzDpa
+sEBdHF6AAQpzGn1qak9bQLLqqBDBkC2yeyjSl7wF83FMrK/A
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C14:KAS-ECC-CDH_K-233_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAbbP87f6IV43hgXJP4b1zThF9F+96L4H
+newpvIhiAWYiLvpdup6FjCRdu12maCOatbpyhhj7hakN3HYK
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C14
+PeerKey=KAS-ECC-CDH_K-233_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=015f5adba59d1ee01696cecce4b63e78e68508303ee496ff5abcea25ad3b
+
+PrivateKey=KAS-ECC-CDH_K-233_C15
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1vActUeBy9ptiN61mEOuCD
+axr2g+/HVlC+hPIIp6FAAz4ABABNAKjwgg2pCX/lDo5979rClgfdTLHdiB1OYfHn
+iwCKSo6cgRtEQ2eVJ1KrjCpRmO+yj77b8/vXAahXqQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAE0AqPCCDakJf+UOjn3v2sKWB91Msd2I
+HU5h8eeLAIpKjpyBG0RDZ5UnUquMKlGY77KPvtvz+9cBqFep
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C15:KAS-ECC-CDH_K-233_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAM9AKuvD5CR6mrQ9qXVRdqgQ4BH5/Zd9
+4b4v1TT7AbrEX6QtYFrTR5x8Q+ckkQcWc3lTzIUErxTzMdNP
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C15
+PeerKey=KAS-ECC-CDH_K-233_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=003d5c29b3753e89ce5064575393392b377ca657a0b73872c82165fc43ae
+
+PrivateKey=KAS-ECC-CDH_K-233_C16
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1dwboYOfXR/qhas2FMVanF
+/mAIU8caYZg8fcgt4qFAAz4ABAC2y2/6Ti6rz3uYfrtSAWWo7Joipvn/sQDzgXKg
++wDTmBThhSR25W6JzozdZDcoQMAVcKhpQKziS7nPag==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALbLb/pOLqvPe5h+u1IBZajsmiKm+f+x
+APOBcqD7ANOYFOGFJHblbonOjN1kNyhAwBVwqGlArOJLuc9q
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C16:KAS-ECC-CDH_K-233_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAPOMzM8I5b3/O7NffnW9ztaNN5Hc94Q8
+qI/wkhNtAV7XaXpLjJnQFHgo9shh/8nPsPM9zp0UsHMeHaJi
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C16
+PeerKey=KAS-ECC-CDH_K-233_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007c01f906caa590898a09f46b6f5383658e7fee656aca0f111f22939960
+
+PrivateKey=KAS-ECC-CDH_K-233_C17
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0kHh31WHAx3drhlokcKIIc
+x4ea01gyrnGPbnkuZqFAAz4ABAHBcs7it2UD602Qs53azoJbI8Mjdcto6uzXNISQ
+owDCRu+cbi+trHfHPundWt7oKLeRhBc5W1mXvhoCeA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAcFyzuK3ZQPrTZCzndrOglsjwyN1y2jq
+7Nc0hJCjAMJG75xuL62sd8c+6d1a3ugot5GEFzlbWZe+GgJ4
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C17:KAS-ECC-CDH_K-233_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAeMoVx35M6z9TJbzxL3nHpF1y81iruzX
+Y4R0Sg8/AZ/0iq4MJS7ajTQLJcTdoBovIaqjXTm68DZpahEB
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C17
+PeerKey=KAS-ECC-CDH_K-233_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=019eece7d3fafc9274d361c6fafd9efd9ee485cbacb3baaf6834feb4df6a
+
+PrivateKey=KAS-ECC-CDH_K-233_C18
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0ESsVakTqMf37X/FZ59S9H
+y7lzAyW+IbeZN3nRh6FAAz4ABACXlIYQF7Pevv8wLkJTJ/4mnXh1O3O8G/s6d/cW
+3AACWBpJwSafXsho3G1/XC2OdJYy1Hq22eaNutmF8A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAJeUhhAXs96+/zAuQlMn/iadeHU7c7wb
++zp39xbcAAJYGknBJp9eyGjcbX9cLY50ljLUerbZ5o262YXw
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C18:KAS-ECC-CDH_K-233_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAPSqf5NAqdpGxPBnKHU6Stxa9TpNy0Z/
+cLSHPaeFAH8yHivE4pporCPHfO3Tu83gv3uSon/6dklpiJgd
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C18
+PeerKey=KAS-ECC-CDH_K-233_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01e4b7e89fb1b51179b8792f5cd581c3917e11246d3846f6344ee82eed66
+
+PrivateKey=KAS-ECC-CDH_K-233_C19
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0rwTZ3hTEInaXC+rPK7sJW
+xUsLNfwsZfe47mFhw6FAAz4ABAH7JYox0Wa++c1mTNe2bNjBhucCXHfwuucxWH6e
+9gBg39TkdekoBdGTXQOC3BdnBnkVzADtOyT2U4LSGg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAfslijHRZr75zWZM17Zs2MGG5wJcd/C6
+5zFYfp72AGDf1OR16SgF0ZNdA4LcF2cGeRXMAO07JPZTgtIa
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C19:KAS-ECC-CDH_K-233_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAGjZ5V56EFt7tEsh1mm7DvZXqRQ3rYS/
+bVhTJwyYABQ8i+21TbB9+PZwg8WaCqfNig76QvQv1i5ELgti
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C19
+PeerKey=KAS-ECC-CDH_K-233_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0145710c3ab0780ec233424d4e28b38d29f886965bbcac49fa300e1ed886
+
+PrivateKey=KAS-ECC-CDH_K-233_C20
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0NVllUcUNdlf7DffYi8Y7n
+2rskN5yCu/cUxavF46FAAz4ABAGlKUCkUqr0ILN7XzLCwzcwaJSogv7qet2twBkn
+7gB3G59ioqb6iSUDIlJ1SQOIuL/C33ffPoBr7bp9iA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAaUpQKRSqvQgs3tfMsLDNzBolKiC/up6
+3a3AGSfuAHcbn2KipvqJJQMiUnVJA4i4v8Lfd98+gGvtun2I
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C20:KAS-ECC-CDH_K-233_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAJnrkc2phiAQPDIF1kieaK1+V9ClHcUC
+1uMFiPQYAD+/gpkp7dKOkG9Y+Hq+1tbRd/Q28N2UDdol6vGI
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C20
+PeerKey=KAS-ECC-CDH_K-233_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=006941a2a531083563dd886b06c0860770a4724bb04a4ebb2afb1ba2636b
+
+PrivateKey=KAS-ECC-CDH_K-233_C21
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0ZyKsrMvLuk78v9rxEN4tg
+hyva62ula1FMjziLp6FAAz4ABACDUw+j3zFah0CsUvTTlLgMSl8hC6ugttwiBeEk
+kwA3udAu1D6dQdDbuEA7kCG00sG9Ng7lPDHCe0kgBQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAINTD6PfMVqHQKxS9NOUuAxKXyELq6C2
+3CIF4SSTADe50C7UPp1B0Nu4QDuQIbTSwb02DuU8McJ7SSAF
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C21:KAS-ECC-CDH_K-233_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANzKoitDOR3AUll6470HxuXwIfOemHdW
+9lSBce6UASjv1JrzprMtwWeXqXjwrUqw22arq9atVnL0+BLJ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C21
+PeerKey=KAS-ECC-CDH_K-233_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=001d754ee5351d4582974734072abac23376e24348370934e7b864db0f52
+
+PrivateKey=KAS-ECC-CDH_K-233_C22
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1QMWAQTYigwPY5VufDu6cC
+lj+fG1P8EZpZLu6k9aFAAz4ABAFGPHjkmKvzQDPsPh2XPcElCeLSNPuRQDcV5C9h
+9wCt56u5igMIiGaWNTqtM8Bbq1zzwNTpacv0xM7skw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAUY8eOSYq/NAM+w+HZc9wSUJ4tI0+5FA
+NxXkL2H3AK3nq7mKAwiIZpY1Oq0zwFurXPPA1Olpy/TEzuyT
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C22:KAS-ECC-CDH_K-233_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAXCRezOze46v8kYeX5648Hl7E6q9kVpg
+cGzU8yy2AHZR4HQsDYPUtoVS6ber7DZEupdVz/5tTlaUOmub
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C22
+PeerKey=KAS-ECC-CDH_K-233_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=011346b83791e4bea7f6ba6b1265e5050895d84027c106f77353418f75d7
+
+PrivateKey=KAS-ECC-CDH_K-233_C23
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1FR+r5vhzlrxOG4xEEbsgy
+YLhKLKkQVfYGaLlG4KFAAz4ABAFQSTjBZ2gK+4ttWFjPqhkcQBlvxOUAxmLFNG7M
+kAE30bqUIija5oxFCxoDOiyBCplZcfAcJAieSm/cxQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAVBJOMFnaAr7i21YWM+qGRxAGW/E5QDG
+YsU0bsyQATfRupQiKNrmjEULGgM6LIEKmVlx8BwkCJ5Kb9zF
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C23:KAS-ECC-CDH_K-233_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANjtMYOCuFwlJaAsIsZ/W/NmM12Udn61
+y0VzlmTFAX2P3nu8Vo/cgCo+NFXzzzVgLfcGhMis3aFloCZW
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C23
+PeerKey=KAS-ECC-CDH_K-233_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00b4938ed1ed012a9a53892ed9949397cdc4e4a612d54dcf80cdb039f47b
+
+PrivateKey=KAS-ECC-CDH_K-233_C24
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1C++VUhi81lRhKRVEMpT35
+fEUXVYS10t4EJyM1jqFAAz4ABAExuNYbnPsFNsWIIU5FiI6+SDke7stNf7W+jv9K
+zwFl2klVegqp1F3TeNX4mScsxpdoInaukdLAtnXEaQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-233_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEATG41huc+wU2xYghTkWIjr5IOR7uy01/
+tb6O/0rPAWXaSVV6CqnUXdN41fiZJyzGl2gidq6R0sC2dcRp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-233_C24:KAS-ECC-CDH_K-233_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-233_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAX+H8T9t/uYIG7XMpTL+JownHSdWsxvf
+ZDKXz2lbAPOnRpVeEt0LcZGe2/I7IyLKsyjdCb34e8r9zSiE
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-233_C24
+PeerKey=KAS-ECC-CDH_K-233_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01b3d2578bde3066a253db5322c85cf9487ce77b67ece955e281b0d7d0e7
+
+PrivateKey=KAS-ECC-CDH_K-283_C0
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAV/eSbgCVCpSxwsjoLF4
+Tl+HgLVoU/ml+MOlJm6HJ9zpfUoXoUwDSgAEBhHtwEXb5D7MTvazJM1R9w/j1934
+d+xot5iQnDxFYXVqow5fAIM7JVEXBK8Jti2ffLrFmBTnW7ucc19VU4SR2/pgweAR
+Xv5C
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBhHtwEXb5D7MTvazJM1R9w/j1934d+xo
+t5iQnDxFYXVqow5fAIM7JVEXBK8Jti2ffLrFmBTnW7ucc19VU4SR2/pgweARXv5C
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C0:KAS-ECC-CDH_K-283_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA/B1wkw1qdyZUr5v0yt2Hc5j9HIKIkCO
+OhS70JfgErVpTCKgBnWCW0AgLpW+fatagmFH4EuMUaCbADRXfB8x+MFqcMjhyFuJ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C0
+PeerKey=KAS-ECC-CDH_K-283_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0745552817b5d729310b7dbebae687648714a9ae695dad20ca1ab6111c3d054670f21132
+
+PrivateKey=KAS-ECC-CDH_K-283_C1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkATuRH2LzqohDVGNFR+5i
+KAfV0QYCAzCuK5eYwMTNDq2xC6lIoUwDSgAEB40uzU2QIzK2s8e9S6fSAPw0xF7a
+MJmLYCXtR7H0+OaPMoYkBNXlNkfd3y/MyIFtrIvHDCmAdiLMlVOacqo6myMModJe
+57UW
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB40uzU2QIzK2s8e9S6fSAPw0xF7aMJmL
+YCXtR7H0+OaPMoYkBNXlNkfd3y/MyIFtrIvHDCmAdiLMlVOacqo6myMModJe57UW
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C1:KAS-ECC-CDH_K-283_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB5m0MOkjIP/qvy1syHOZ4wwKqEQg/466
+Iwm5lIe3Qtci6LelAhc2KAH9bS0oblzfN1zQrlabcAAFMS436ONbFZLvubXq9Hs6
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C1
+PeerKey=KAS-ECC-CDH_K-283_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02eb0c1ceb6179232e91cff91fc8a30553c6ed7e0a71deb1bda0a10735a84593dd903636
+
+PrivateKey=KAS-ECC-CDH_K-283_C2
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAXdjK2nn7do88AcwdQQ0
+PMIWIyb2IBfL3fNgqHbck7gfBMWOoUwDSgAEA4FatkgOStJKZignXvLuDOfVhpkj
+nbziMziEK8WMQsypTSQSAt6DPMZkyskNMPvqxgPvu86SdtTxarHEbn4RyBqaqeJc
+gpaa
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA4FatkgOStJKZignXvLuDOfVhpkjnbzi
+MziEK8WMQsypTSQSAt6DPMZkyskNMPvqxgPvu86SdtTxarHEbn4RyBqaqeJcgpaa
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C2:KAS-ECC-CDH_K-283_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAM5Hp0PUi4b+/WtcAvKpeydiov5X4L34
+XB1qKd6IYsTJntU6AyLllgafkWVoyiSM7Vfv6QU0r0qfkKT0D3l+RSlnAxcmv0HX
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C2
+PeerKey=KAS-ECC-CDH_K-283_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04a9dd2cf5076814e5329c518c4f27b429dbe01d46682d476e7e78880de368b064236ba9
+
+PrivateKey=KAS-ECC-CDH_K-283_C3
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkADv+mhyYU4bluisxVTpV
+FR543cOPB0MrXEKhzS2ieP0LaOBHoUwDSgAEAdnDM32pXsblpL/xzJJ4OYm2bJIw
+EHhw1KV4aZM4446y2S7/AM2q19DrD0Rap2Ol37jzj1U1V3fOJPdTta09PLqxJfSR
+aY1W
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAdnDM32pXsblpL/xzJJ4OYm2bJIwEHhw
+1KV4aZM4446y2S7/AM2q19DrD0Rap2Ol37jzj1U1V3fOJPdTta09PLqxJfSRaY1W
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C3:KAS-ECC-CDH_K-283_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEByiXWDm0LGIDanr/+t3vwwJLclhAe+1W
+XK6pOb4z0WrJREXHB3EmMHkLBa4E2NfZ8jZdrprSTExhs+sgwKeYfmpMSw9ZjDcf
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C3
+PeerKey=KAS-ECC-CDH_K-283_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=044e2cd2bc164d21cf4b9833c0aa62ed059282e62b82f4500aeb422d17e1f6e7e8bbd500
+
+PrivateKey=KAS-ECC-CDH_K-283_C4
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkANla9SpwjmktAmd7IQMv
+eurWAD8STnIBPzfAbgu8IONTKzzqoUwDSgAEBuSH+R5zvdNE+4vI9MH0ducn+yZx
+6dbI+9d18aqiTK8umjb1BmPhz/gJl1e7n/G4eJAoOqSc/w97Ev4YTtKkKDddJ5bN
+gd6R
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBuSH+R5zvdNE+4vI9MH0ducn+yZx6dbI
++9d18aqiTK8umjb1BmPhz/gJl1e7n/G4eJAoOqSc/w97Ev4YTtKkKDddJ5bNgd6R
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C4:KAS-ECC-CDH_K-283_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBVZy1zmYRRCJ4rfHEEtCJH3d0TLUCtCH
+tYjWo4XaZPWi9Gg4ArTLFYH54rN463pPZPWn1DILLKPTR0cm9nDDiDu42kfz10W+
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C4
+PeerKey=KAS-ECC-CDH_K-283_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04d4f04d2fcf1bcd8150eaded90e467d3d38f753b6fb54eed8f9d29cd3dcc7be2c83de11
+
+PrivateKey=KAS-ECC-CDH_K-283_C5
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAMcz2QlAMsx67WxUqM7X
+U+rypIiCKFo7TH5gIfJr7OByKECtoUwDSgAEAmiWsDnXBo2YoyZxDrt6l4vUdmEV
+RkWuMM2D1gU1Bn4FFRzLANg6Jjvb2Mir8DEL+/yDkXqGsNjEvgsVWre54scFYFYo
+u83Z
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAmiWsDnXBo2YoyZxDrt6l4vUdmEVRkWu
+MM2D1gU1Bn4FFRzLANg6Jjvb2Mir8DEL+/yDkXqGsNjEvgsVWre54scFYFYou83Z
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C5:KAS-ECC-CDH_K-283_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAswopMt20UfZjfpnfcoU4XcTR7loHGXN
+tUDyLJB2E/3MsMjaB9QGX5kMj8N9EA7OOPv1dM5ETcNzVeBwK4DR6xvdZwmX6PJx
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C5
+PeerKey=KAS-ECC-CDH_K-283_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01c343540541604f68ddbd63c483760d824ded5c18be7e56e6d36a9ac6d25772afb0a90a
+
+PrivateKey=KAS-ECC-CDH_K-283_C6
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkANs511Ngctw0SM19IWDl
+DIEfZINY6w2x1UKOgap6aGt4Za39oUwDSgAEA6chkGrRPcFcMR/U5VLzvIe32Szu
+7bsMMWqVJ4W6Ron8C6JwApUU84c7vDueIXBh96YmH9xiaGhfllbx1e6kcswttajB
+Yubp
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA6chkGrRPcFcMR/U5VLzvIe32Szu7bsM
+MWqVJ4W6Ron8C6JwApUU84c7vDueIXBh96YmH9xiaGhfllbx1e6kcswttajBYubp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C6:KAS-ECC-CDH_K-283_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBjiA61OMcnXsuk21PZtowof7N3i+9RSX
+TR5+MamuNlohgUFfBK+fLPklQuH/j/KPjnyOgJWE4kOkkClJp2WihJhsdQsbBsia
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C6
+PeerKey=KAS-ECC-CDH_K-283_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05e38079815477b8a79096ce339c4a255f8b213be74715ea61ef7dd0c0b5f161d9de7521
+
+PrivateKey=KAS-ECC-CDH_K-283_C7
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGZJv9ZB2r8bnUmdT7BL
+6wmUddCqFdXvaEi3NNLUEwCLYEMIoUwDSgAEAI9ldtYq/8cYNtGa27w9UEIQ8S77
+YcQgV4JFFSkMUC8uCbbYACFkO+h65uVJsNX7tVjBMD0UsczXdwPsdPlgLzXKjXpR
+Obzn
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAI9ldtYq/8cYNtGa27w9UEIQ8S77YcQg
+V4JFFSkMUC8uCbbYACFkO+h65uVJsNX7tVjBMD0UsczXdwPsdPlgLzXKjXpRObzn
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C7:KAS-ECC-CDH_K-283_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBb/SiVouZjZtt6g3iMcrzkj3m1yVJKCK
+4nPHjOs5rpdVnVrDBKKwpV+AFVoaMw/ebLbZft2wqdy2bEmzkpBKvos4H5EJDbsh
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C7
+PeerKey=KAS-ECC-CDH_K-283_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0531ccf51d1096982f7c2ec513a92bf51c7ac5069cb15c5e2a053ceae7e5550908a19101
+
+PrivateKey=KAS-ECC-CDH_K-283_C8
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAIGGCmU9bZREbXdmFk/5
+LGxcFUXHNTBLOtTVF4yLFNAYHpRxoUwDSgAEBraIFbuDaR0WdJxL4WEl4qbW2ulC
+UnObp78NsNUBmOov5D3fA54NkwGKRhJWIPb/rKWgZoNDxXAlpgwxqdblEZHKsziZ
+O0a1
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBraIFbuDaR0WdJxL4WEl4qbW2ulCUnOb
+p78NsNUBmOov5D3fA54NkwGKRhJWIPb/rKWgZoNDxXAlpgwxqdblEZHKsziZO0a1
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C8:KAS-ECC-CDH_K-283_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBjVH91cL1pWXM8A9LmxMiJcfMUrc8ovI
+UdxS7U6MGk6gb4cCASLTdzsJNOkA+6fr/hrV7VvsD7Gp3c9O62HL7QQAdDE8CzFw
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C8
+PeerKey=KAS-ECC-CDH_K-283_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06ffe79d2b7664ee2d8303ffe0ceca8c49a581fcdb49c4af6a060ff204eea74f4cf39cef
+
+PrivateKey=KAS-ECC-CDH_K-283_C9
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkACJD6JGb16l87w6c3mPH
+bU4QcVApT8+N12dkUco7+lxe25ZMoUwDSgAEA+Q54+vfp6I6nesJ3hQZBcZTxPIC
+7fLPXwn674i6MRNwHknwBx0HG4btD0aPxgGd4j/kuiyztQAyvjXpLS5a9A3nBqtS
+ToKr
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA+Q54+vfp6I6nesJ3hQZBcZTxPIC7fLP
+Xwn674i6MRNwHknwBx0HG4btD0aPxgGd4j/kuiyztQAyvjXpLS5a9A3nBqtSToKr
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C9:KAS-ECC-CDH_K-283_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAJBH99dzl9tw45/p5Lqdl6mVp+4Gbs9T
+gXnpN6yGys2sUQlQAHzYdRZ/BqL7moGeLL2s78Fsrg7vLLsLLUm+rhCdt1PJUGFw
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C9
+PeerKey=KAS-ECC-CDH_K-283_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0311c430db78b6203e27b52988e1e9dae890c655dac4acefa7ee9612bec32e3e5f52be55
+
+PrivateKey=KAS-ECC-CDH_K-283_C10
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAFEqQoQeEif8n+1RwiaH
+MWhBNvIlz79FZImH4kU6cYb2p+3voUwDSgAEAi925atxT994Vx6EwrbqOhfxKZm+
+SDvGfhuEPSCb3+wDR6Q+Au7B/A6F8zDFPa17/0hi2K//iqFPlHVulbjwH9fuuPxU
+UneH
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAi925atxT994Vx6EwrbqOhfxKZm+SDvG
+fhuEPSCb3+wDR6Q+Au7B/A6F8zDFPa17/0hi2K//iqFPlHVulbjwH9fuuPxUUneH
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C10:KAS-ECC-CDH_K-283_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBL3sGTAMiv3u2GSZ0nA5It9Xsv/sN+Rc
+A6XikJ3jwzO9BqXhAapPQIRPJBPx/L3tADsdFcnx33VI3iorv3G1FmV62NjHfPct
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C10
+PeerKey=KAS-ECC-CDH_K-283_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0701d92ed8687138014b4379f1c34677e1744f6ae8c89958a5962f14408d587b95472db3
+
+PrivateKey=KAS-ECC-CDH_K-283_C11
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkACqK9JfRo9rAcyo5Pe33
+U5Sj9RnOB/rtP3fcDmafOhscbdrboUwDSgAEBXHwyH+IiI7Ac4lhg0AhdlzE9cjb
+Kx+eqbj+mEf4lkNJ/cRPBO98gESmCWlHRsyq/of8f58aeNAPg1T12n7i9dpyNawa
+1LV8
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBXHwyH+IiI7Ac4lhg0AhdlzE9cjbKx+e
+qbj+mEf4lkNJ/cRPBO98gESmCWlHRsyq/of8f58aeNAPg1T12n7i9dpyNawa1LV8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C11:KAS-ECC-CDH_K-283_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBhH1OvS0iJkOelLlxzhWoedCebsPNtOr
+GYmyzNmTkbbGs6E9BU6pWiNPZYlxlbyXsD+m0kbqWrX0HaIsCO2BeqfASt83KYKz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C11
+PeerKey=KAS-ECC-CDH_K-283_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04f2301ed85a5c91c31a7fd125854904340a55e34976a20743bd33d95e476450f301ee62
+
+PrivateKey=KAS-ECC-CDH_K-283_C12
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAd6fukqyTQbnSuWtNq4Z
+XCNgxyjrOMUO9TMynnDFrhn0ibbVoUwDSgAEBI1h4Lm4BkvMqM5A1PnmiyNoQTdy
+akTqdcjy+IUPAzP76YXmBfyro41R4hEra5805necEMDFWcPs0VYCKWbPkqjH9lAg
+p569
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBI1h4Lm4BkvMqM5A1PnmiyNoQTdyakTq
+dcjy+IUPAzP76YXmBfyro41R4hEra5805necEMDFWcPs0VYCKWbPkqjH9lAgp569
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C12:KAS-ECC-CDH_K-283_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAScG7AoOdkJdirTg1VkwpEFuTdChr22X
+mHJSmI2grJYnV3y+BCFehxUSnMdjAXkXAdxf4avNZytqoZukx+Uy7nqRPupg28nQ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C12
+PeerKey=KAS-ECC-CDH_K-283_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0643900f337ed362815f181e0628ed5184dad3e66a1f030e947f116696312d835f7f6e7b
+
+PrivateKey=KAS-ECC-CDH_K-283_C13
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAV06Ii1XCcsznZPNKWUG
+ZPOb8yAcXR6G067495W5/d9H2MSooUwDSgAEAeK4jeN3KwnGPQNuDbukNSRph0l7
+YoPauMzxACSG3gcwJ3tDA84YK38M6iGgah1N6HIsv8WbnZ15vHYLnRfYVnFWGuqt
+1UlB
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAeK4jeN3KwnGPQNuDbukNSRph0l7YoPa
+uMzxACSG3gcwJ3tDA84YK38M6iGgah1N6HIsv8WbnZ15vHYLnRfYVnFWGuqt1UlB
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C13:KAS-ECC-CDH_K-283_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBbsgvqT9hdAWJonFUAVAAUCbbHEtNWpS
+95PXiqLYJhpDxbbeAxvlyvyKrvGbhhUDQTp7c7YLN7AYBJPYLpQm9Htlhzk9CN4I
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C13
+PeerKey=KAS-ECC-CDH_K-283_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=063b1a3db331f91abd0af837db9d5f040620d1ddd7fccf8b58e0df43698351ea1942548e
+
+PrivateKey=KAS-ECC-CDH_K-283_C14
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAJjFcGZnku/aZfyeeQmT
+EVjf1Ed76TMy5JPWmGa2YCxJUd5voUwDSgAEBNxndP5Gqw7Sdo03nnVko3xrsd0b
+/FVXJ62Uwg9HMsq/KiyCBsbPD0IfkfyiK0hxIWqfH+OHjweRTpaulKx3C2di+dzg
+j/ot
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBNxndP5Gqw7Sdo03nnVko3xrsd0b/FVX
+J62Uwg9HMsq/KiyCBsbPD0IfkfyiK0hxIWqfH+OHjweRTpaulKx3C2di+dzgj/ot
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C14:KAS-ECC-CDH_K-283_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAQo8okNbE1/+oIeSt/GbTuGBIHwpvhzh
+/erNtppmn5zd6RgaAkkIJ0semMbRl+0ng8PJU8Gzs0+kOosvV0JYTjf+pAcmm0O/
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C14
+PeerKey=KAS-ECC-CDH_K-283_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0516da1d64bc4b25ce4763e6438257d62fb1ffdeae16d68701d63b603ad53e8587927669
+
+PrivateKey=KAS-ECC-CDH_K-283_C15
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAPS220qHzdMAKcw76J5A
+ubywFNAQqRolLFbLKGcfNUqATLTYoUwDSgAEBm3fBIMf0ccrxItwkGHBrqqtGcna
+PYwVBvp3XU9aVBLu4ChtA6odExRv8ZJ5K3SlxkrTFQ+uNE+oMOD0RzPYZ/TgrgU1
+JsYr
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBm3fBIMf0ccrxItwkGHBrqqtGcnaPYwV
+Bvp3XU9aVBLu4ChtA6odExRv8ZJ5K3SlxkrTFQ+uNE+oMOD0RzPYZ/TgrgU1JsYr
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C15:KAS-ECC-CDH_K-283_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBToN1hNeQ6EU5QAK7EC6JwmzphNzDxzC
+AGtEaTXiN7/Mw5TYA7Zs5s8BUH1GLu7/9iEb1MVgcBFsaQdGj3x2/gEUC/DV+3t5
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C15
+PeerKey=KAS-ECC-CDH_K-283_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=049c68c333b96705eee4a3def0d568b0d4faf24df2fc2f1bf40da0af0946240c38e97f74
+
+PrivateKey=KAS-ECC-CDH_K-283_C16
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAauCxaYq5H7LzPZmzDMj
+s1EoxS0XvhG68721YAbl1Wi6rYu8oUwDSgAEAKBK16WDZmpAQ3+WiwLKx5RnRbTK
+lJAhxUQ963AYP4jhd4/gArtZHDLw2zQwNC8ON8RUScKTxU9rffb3l8CZLCgphYto
+Dyvc
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAKBK16WDZmpAQ3+WiwLKx5RnRbTKlJAh
+xUQ963AYP4jhd4/gArtZHDLw2zQwNC8ON8RUScKTxU9rffb3l8CZLCgphYtoDyvc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C16:KAS-ECC-CDH_K-283_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBtSm8+h7bYxJy+UXqXXSq4xjORNVltaz
+DMZcyAwShFCPSXibApY7NW8kNOwkm8tlie3k3jbOzTRQ5vXkd7/NwpraSu8PRaxT
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C16
+PeerKey=KAS-ECC-CDH_K-283_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04dd44c1a30edac2e39a5bc9902625880a18516385c90a9cc6b94c4f111e0260863ccab2
+
+PrivateKey=KAS-ECC-CDH_K-283_C17
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkABJUrxeRzHVpTOWQu1GK
+dwp1BEYXGjDt1sA4KhfmiAoa6luBoUwDSgAEArdmyZOzmNJCanoKSenQAQedD8Mh
+lxgcVurBgF5Ph8nfBV3qA257vTvpE51NQ6hlXvfVGgYtmUfRpIAQ7x6hDu3rJ/DR
+/+dl
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEArdmyZOzmNJCanoKSenQAQedD8Mhlxgc
+VurBgF5Ph8nfBV3qA257vTvpE51NQ6hlXvfVGgYtmUfRpIAQ7x6hDu3rJ/DR/+dl
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C17:KAS-ECC-CDH_K-283_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB2RS4Z16ELiFEj1QP10EM+Fj3xNP/7hV
+j4rCbPswYp+M+wk+BrOiSypLB3dw05a78VSvQe7jUDVzpt6a/g9tGLAvyXYcoWQ9
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C17
+PeerKey=KAS-ECC-CDH_K-283_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0049c165339e9aeb2b516684b442921f1fef3091cf781e03fb3f56e93af1f3d6e500c81f
+
+PrivateKey=KAS-ECC-CDH_K-283_C18
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkASAXuaBZn78TzuEIUKj4
+vQbMwAvSmsZ3nxvZM0ayLJgyfg+noUwDSgAEBCHGLcq1S6gA6vrCMvxzDOcPbVzF
+P/U9NxJpzwRtrq9FGzPnA9Y19VIz2jxJCpWcbmOpT82+Rx+/yhnSxaP9ErBNs4DD
+yJXM
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBCHGLcq1S6gA6vrCMvxzDOcPbVzFP/U9
+NxJpzwRtrq9FGzPnA9Y19VIz2jxJCpWcbmOpT82+Rx+/yhnSxaP9ErBNs4DDyJXM
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C18:KAS-ECC-CDH_K-283_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAY4Lt1FtLELp3ZbKr/XyC/3fPoYj/JR9
+TXBJFTZ5C4dBzdNyAywP/72i+oY8udFcNlRQINW7JNkw2vL+pFVffCTWrvuywB2S
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C18
+PeerKey=KAS-ECC-CDH_K-283_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0645d7f4c5479baff5bc0cba654a3dcfda56c0e9d19f50f9d8d8c6357c09a140effbf223
+
+PrivateKey=KAS-ECC-CDH_K-283_C19
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAE8ZfIVDLLQqF3ckmuQR
+70uyZXukutNa5ThjWhUcjWpWT5zKoUwDSgAEBAyIkk1aJKhT+uQIrqWzvIJ9cxX7
+tY5uofamVnfdTE0wS9dfBUuChpraRDP3II+FcPJPBstkBG6KwIasV9Nwf8iCxjUn
+M9/2
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBAyIkk1aJKhT+uQIrqWzvIJ9cxX7tY5u
+ofamVnfdTE0wS9dfBUuChpraRDP3II+FcPJPBstkBG6KwIasV9Nwf8iCxjUnM9/2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C19:KAS-ECC-CDH_K-283_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAkq7FV5JEkKC6jLltURiGum1E6oEdto7
+3bdSYNX1+i57iYmHAb37CgeaVbz84cqLzjAZy8rmFkADOEFm67sLtzNTlWWtxEbz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C19
+PeerKey=KAS-ECC-CDH_K-283_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=028017c2a0240fd746ee72a0bcae1e53e05b7af254298094c381e735523854ea5fdd4f5c
+
+PrivateKey=KAS-ECC-CDH_K-283_C20
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAU6JNIPR2LdiHPSL0kvI
+oblbtAoIwWwyh0plK1miJSE5Qo2soUwDSgAEAVdOF84mMRxAq/MkP0iJournSoNB
+qng4VRBW9DlbjwK9wye+AIbln5hTSPP415U4ALHXXhQVISScQ/4GFpE9tdHUvVQA
+q85V
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAVdOF84mMRxAq/MkP0iJournSoNBqng4
+VRBW9DlbjwK9wye+AIbln5hTSPP415U4ALHXXhQVISScQ/4GFpE9tdHUvVQAq85V
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C20:KAS-ECC-CDH_K-283_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB1J1EryTSTjMUkDOcO9lIi24XBPJYcHz
+H5FCBQZ9ZLGkyFMUAqq9uB/+0sABrLtNC3vlOTBOMuQx4C34sZKtdO0bSwYGv8kL
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C20
+PeerKey=KAS-ECC-CDH_K-283_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02603c00998deba52db12814b1f77b2120cbc1dca59009c0d6ea40dcbcabca32c50380d8
+
+PrivateKey=KAS-ECC-CDH_K-283_C21
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAetvbJGogKVGIYXGpwDo
+Y3uPRH0J0bJRRg/lfxv0Yu/d3a7AoUwDSgAEAxswJhBDiDdM+3x7TvZCEaR+ILlW
+Gju8pTUWBAt72ig3MJRUAk+K6yOjXhwiIllnx5EYaMhO/dhz27zLx2Pq1n5yojJK
+pMby
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAxswJhBDiDdM+3x7TvZCEaR+ILlWGju8
+pTUWBAt72ig3MJRUAk+K6yOjXhwiIllnx5EYaMhO/dhz27zLx2Pq1n5yojJKpMby
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C21:KAS-ECC-CDH_K-283_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB+wp2i8wTOuo1eJJ62BUpOT1lTTuWdJc
+HcDhLMOPdouD2v/uARLH1KN/7IQicaCoItN2N+btVRkHEwAa7+EbBvfh004A/N7L
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C21
+PeerKey=KAS-ECC-CDH_K-283_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=026a719bff31da4b4ebaed7bd043064f9c3930b5774c4a99809332c808aacba4b9e3733a
+
+PrivateKey=KAS-ECC-CDH_K-283_C22
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAUe+TjhmfjKmphq5gM7Z
+LkJpWSWxE8aUp5YK7eouHVcaQtPeoUwDSgAEBvWZ8MFJRXoy8aL/q9Tf+RYlk4KR
+K2QCtQzfXCNf3Rt5Dl6vBMzx2KS/63f/MpDmWsYB7luX/BsYaaLrnwt2J36AZsCG
+d2xA
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBvWZ8MFJRXoy8aL/q9Tf+RYlk4KRK2QC
+tQzfXCNf3Rt5Dl6vBMzx2KS/63f/MpDmWsYB7luX/BsYaaLrnwt2J36AZsCGd2xA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C22:KAS-ECC-CDH_K-283_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBh71k4nt+PgnOmYqQZVBHpRIuxt3+wgA
+vlJetaagOxlmVxmpApaG+Ed/tcdp77CCyz8aDHnbVcsmTiESwOd557VY9wBFgWoQ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C22
+PeerKey=KAS-ECC-CDH_K-283_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=048c48c993040619536f45482c494a39b32e75fe69e478ba06e376228b79eb83d3ff9168
+
+PrivateKey=KAS-ECC-CDH_K-283_C23
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAeGQC+Ya235VVZ2ZoLfZ
+NURW9RUeL9e4PABbELFgBOvodsBooUwDSgAEBC7Mmf9ItT9mGbSEr4+lmyNKmByc
+PpEHu9HNqszoGIXQbgKpAYPaDX/ufz5w4Rfw6KSnQsrRCu/NxKq5uzFFgjdoavtP
+rPOp
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBC7Mmf9ItT9mGbSEr4+lmyNKmBycPpEH
+u9HNqszoGIXQbgKpAYPaDX/ufz5w4Rfw6KSnQsrRCu/NxKq5uzFFgjdoavtPrPOp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C23:KAS-ECC-CDH_K-283_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEB51XYO5u+XhRi7zlNrAxxlWorPVgRJe6
+Q94L62h3pUfD7dRYBCGzBR3TY5bSD/zXzzT8oCJRbdS/+sc/yZWunqgUzg5AJ/fG
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C23
+PeerKey=KAS-ECC-CDH_K-283_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05d85b16bb2a0d32c73d1402838bdfa512d744fa88c74d3d90cf714c2480e03363d5c6ec
+
+PrivateKey=KAS-ECC-CDH_K-283_C24
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAHfkGrLQnDTFiKvHbUMS
+YC5x9gAZAnuYbg3tNyU1wrapM6UzoUwDSgAEApIzI/FwB0Ii06aih62v09H+EnFd
+V7kbH/R2orT8w4XeJh7MBMxJjWfGJnzHxMLUClbNwqbnFe3YsqlhTusz0Lb9Fiy7
+hacU
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-283_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEApIzI/FwB0Ii06aih62v09H+EnFdV7kb
+H/R2orT8w4XeJh7MBMxJjWfGJnzHxMLUClbNwqbnFe3YsqlhTusz0Lb9Fiy7hacU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-283_C24:KAS-ECC-CDH_K-283_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-283_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAkeE09PV6AIf/tiicJqfVNU5XZj6RCpl
+WgXdlCYrYDWW+L/xA+jjngjM5V4b7S3+DS+MFBsGQB26A37LOEdEkwyBeNFGQWMk
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-283_C24
+PeerKey=KAS-ECC-CDH_K-283_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=066abb838b5f12b6fc15ceb745600686bc2d5773e53469c2ee920cfba5459a1cab20d153
+
+PrivateKey=KAS-ECC-CDH_K-409_C0
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIS3EePGCCLnD6aCi1
+q/sORIiIs1sMi7CfgGYW3B7PIt2GI32TfBv95it1rmVZU/xrL36hbANqAAQAaKP4
+sS4C0Q4vUglVJrxASLj2rDqEUxdyhweJk48a7/gT4F5QnqlYfSt+SqFDRLrD7Ebw
+ANHOtAx9XzKX4pVfDz6xQis+a7v79+tRi5wXro1A/rhKrzb15b2WB1srTb5TisAR
+lirHBQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAGij+LEuAtEOL1IJVSa8QEi49qw6hFMX
+cocHiZOPGu/4E+BeUJ6pWH0rfkqhQ0S6w+xG8ADRzrQMfV8yl+KVXw8+sUIrPmu7
++/frUYucF66NQP64Sq829eW9lgdbK02+U4rAEZYqxwU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C0:KAS-ECC-CDH_K-409_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAXf3NvYRYyDK+7W03sIC1AUIGC/gERib
+geHzmY9UCGB6RrsVCsR7yqr95HuKe3L0eLwi0gHfTvSzfgEk5Vtn81ht4kqIpsXZ
+iFQAfUsMS0zNaNUfr6dji75VXWC3Te8hfGpjxbQGj7c=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C0
+PeerKey=KAS-ECC-CDH_K-409_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0176bc5c4036ce5125493a58dd265f04d190f028366f7799f70aedf29ac67b5b37c37238593377a47944f5b639f43856dbd560ec
+
+PrivateKey=KAS-ECC-CDH_K-409_C1
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNlGIu3eW5FH0RyehoG
+dEQN0z0litL9x7mPr2SxHn6M5ejCHnmfH/L9KdTJSqFYliBopZ+hbANqAAQAMsV2
+hFLzwfO8VIeTea1CCJEmd0Kzf7CW7nuMIc7tAEHpRwzsO+3LeZ6QvbsxGSCD/wNE
+APnGEikn+4JCRtHcHOD95xpoSagtQQZdodhSVqmxl5v38oY2b8izJIk+vjTlnARg
+BzmUFA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEADLFdoRS88HzvFSHk3mtQgiRJndCs3+w
+lu57jCHO7QBB6UcM7Dvty3mekL27MRkgg/8DRAD5xhIpJ/uCQkbR3Bzg/ecaaEmo
+LUEGXaHYUlapsZeb9/KGNm/IsySJPr405ZwEYAc5lBQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C1:KAS-ECC-CDH_K-409_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAQxMaKnxpioyZVa22XennNnER2wFsa3U
+os/TBoJJo8OSOCJCjTUsXXTl1krM7tvapu++TACGaulA3TG15uPyCztNh6agLHgX
+PICqUQpu3/hSxinmBk3118YA/Zjljo6MZiu0uWyLqQU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C1
+PeerKey=KAS-ECC-CDH_K-409_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00575d9e7f70a4a1c5c807b6b5d6b7330bdd764db2aa60f3bfe497e6bfe90f038fb4f6acf7ac06efc3d157c3dc907b2ae093c6a2
+
+PrivateKey=KAS-ECC-CDH_K-409_C2
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNssXw/whq0jlw3F8eR
+EY1HYeLFGYa/FHlCVU3FoYv5u2xnvbupCKHouo53kPWaOXE09oOhbANqAAQAK4kE
+GK/FeXyXRqRMoFk2euBmO88FgVaGDGE+4F4R2j8veZxwpo/nL9XawkadqhgQcCne
+ATVpBLGXv54GV/Q0nSUruzdcZiBvwNgxJZm9vv7oYI7JSNzkhoB7qlNe0GrayceX
+Y0cRqw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEACuJBBivxXl8l0akTKBZNnrgZjvPBYFW
+hgxhPuBeEdo/L3mccKaP5y/V2sJGnaoYEHAp3gE1aQSxl7+eBlf0NJ0lK7s3XGYg
+b8DYMSWZvb7+6GCOyUjc5IaAe6pTXtBq2snHl2NHEas=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C2:KAS-ECC-CDH_K-409_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAeTVgNXprYFnHGzWYtVWm6/k11qk9Emu
+1WvYAGGVIMnzLE4jDE2RscQR+QhtUpG6E3AUogAMj/tCOS/zl7vUZ5cvPtJR1aB5
+ll2gsdKjzBbDHSVdzpiGk3styUHqsNi+i7zRWqbtltY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C2
+PeerKey=KAS-ECC-CDH_K-409_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00ce87aa5e7700384df59d3f1075d282c1aa511391c42ef609b8de1264eca8f7737df91565c73ee884ea882d47c56d979141f0f2
+
+PrivateKey=KAS-ECC-CDH_K-409_C3
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMR1DvAjanOXe/JS075
+DZMk3ggDR/9N+GZF0yVgOi3/0o7K8HdexTyvWlVOr4toSH34hlShbANqAAQBJXtq
+vUcNKUtZ3a7azVRdz0OAiviQ9XYoiAM0L8Yes5b1YK90NC4Qu5TSJMJNjlkA5bly
+AdzK2X7O9Dh6HPUSsW3VvHq2FfvFCHrBnV/Cdi9hW0kE6jk0O7sYXbZKGff3Ds8N
+VXsV6A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEASV7ar1HDSlLWd2u2s1UXc9DgIr4kPV2
+KIgDNC/GHrOW9WCvdDQuELuU0iTCTY5ZAOW5cgHcytl+zvQ4ehz1ErFt1bx6thX7
+xQh6wZ1fwnYvYVtJBOo5NDu7GF22Shn39w7PDVV7Feg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C3:KAS-ECC-CDH_K-409_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEALfRk1TK3MlHCCZ67Ysj5ITjKgOBSwJq
+gA9boB6SBMQwUuTUfG/NkjKWVODpAVsBL3k0SgF5lcFXlsWuk+CiB6JwcAT7saSa
+DUf9QE8S1XhJ2Dl81NLG0rS5D4ZEA9Ss0Woyt/9Id7Q=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C3
+PeerKey=KAS-ECC-CDH_K-409_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00691dd6b5177702d6a0b1f8b07f3b018478680de7ee079272ff75659335c96afcea7650caa01f996aa37946b78e14a83e579fb4
+
+PrivateKey=KAS-ECC-CDH_K-409_C4
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMNayWWVtUmd33ttSRq
+GS8MBccnCjtOZKnWyHfNBtKWKhrITsLYl2X5Z/YETy36VpAxB/OhbANqAAQBk6+h
+O9Hggc7l3xKG/kSik7fRsQwpCl8q574tAnNgCaJtg6qqkBeoyL9g76Ffzq0Hdn1I
+AdAv1mp4BsTIRF+mFSVP8yu5wdhaOQT5OcEGHiUNPrZBMTCipVcJlHlTEOltw6/z
+uCGK0w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAZOvoTvR4IHO5d8Shv5EopO30bEMKQpf
+Kue+LQJzYAmibYOqqpAXqMi/YO+hX86tB3Z9SAHQL9ZqeAbEyERfphUlT/MrucHY
+WjkE+TnBBh4lDT62QTEwoqVXCZR5UxDpbcOv87ghitM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C4:KAS-ECC-CDH_K-409_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAPKhHM06U8leqY8xRPt31KaE+aH0I+uB
+46i/viK2gPIYcPWMrraUbGs7hzaZz/0xQGP0CAD98m7t5sunJIJAcgkGzgdsxDIt
+GLx2g9IkC6aEds55AieAsvpU4PfHZSi3f6Yx/lq7W5U=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C4
+PeerKey=KAS-ECC-CDH_K-409_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0136f5c04cf9a56db24ad99bd286feb800aea38d44f819be1c2a9dba15c635c4e122893570233a4c5754a41499eafa39a35aa57e
+
+PrivateKey=KAS-ECC-CDH_K-409_C5
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNL9zUbGVh10B9jBsoS
+fbihpfWXcZwNEOHWj11IVb8HYFeQaR/NDYtdsTfT/CZ53nWgZ4GhbANqAAQB04Zk
+WqpI4v0JUOaprOnf9iyPXpTNukW9c8a+a/e3Y6LJqAeEYxLaOrghwEmsCGH4Izfw
+ACpkNu+KEmGuzDjIIdp3Sjkf3Md1DJQ32d/mTIIzUIE5mfD9Twfx1tmAdAmGErxS
+BEJJ1A==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAdOGZFqqSOL9CVDmqazp3/Ysj16UzbpF
+vXPGvmv3t2OiyagHhGMS2jq4IcBJrAhh+CM38AAqZDbvihJhrsw4yCHad0o5H9zH
+dQyUN9nf5kyCM1CBOZnw/U8H8dbZgHQJhhK8UgRCSdQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C5:KAS-ECC-CDH_K-409_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEARdEn76mstX06OTTmnIoQkzwb0Vr8645
+vB+yqZ5Bg7cW4ZT8UHRlZk0AnVvO46QmupMsEAEUbTK3DwnmX89p65rmYWLRC9BD
+ad6OgYf6nD0bXdom8QtGnNSSXKN+CZRBV1fmiV5YgUU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C5
+PeerKey=KAS-ECC-CDH_K-409_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=004f684f9d559d16485f0023bf012006265ed81f06fbc1441334a559e5500a3f77603565013694023e0d8f44fd12dcf69eb8d654
+
+PrivateKey=KAS-ECC-CDH_K-409_C6
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNp2mWQEDRcaQD97LMd
++bq+2+QlM5gpCzQBL7E0vFkUdXLmKmD1yszth7D40f98BJ3+lpKhbANqAAQAOGhw
+GffCGd3ZVnsg9eoeilBFHdQL9bZfey4TPebzbko/j6L5d+/pIPhF0XbIpXAjzFXC
+AUk5f7xCus+FxZ4EU13x1ScVdh7qmX1P+HIEhmzcPUpUwkJa0hSnoN1ZL0qZGrdo
+yPQEvg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEADhocBn3whnd2VZ7IPXqHopQRR3UC/W2
+X3suEz3m825KP4+i+Xfv6SD4RdF2yKVwI8xVwgFJOX+8QrrPhcWeBFNd8dUnFXYe
+6pl9T/hyBIZs3D1KVMJCWtIUp6DdWS9KmRq3aMj0BL4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C6:KAS-ECC-CDH_K-409_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEARmYDxEUne5eLC0AVh08JqQqWkTodHZd
+3aTYGOpwTtu6I6vtXgi+ktZV155VxbxUeHtN1AE2az3aPph5xEgd3DZ+UcHAVBlF
+lkY21QIWh8KFxH1A55/38LtWqTrFYL6Ny5cPWLI7EKc=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C6
+PeerKey=KAS-ECC-CDH_K-409_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00137894f637460a63576824536944cddb42dfe63169c84040a0345ad7516ec4f1ad00bb4de20ea6ea43824b9b0f74dfa6881cfc
+
+PrivateKey=KAS-ECC-CDH_K-409_C7
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMG39qzyhsqKCHO/bWH
+K7lfAjFhrk4tVJ0PsfOCVjQTWESRZX2xAcMjUUgyw2P2NqnmnoOhbANqAAQAPpqb
+XyggZuIzhw3LAMSu0tc6Mx951JyNXC2TkIsO9ecrdIgU0biEBkLXW3qaVTAbHnyC
+AQhfV2keBK+sbohOL9vY34AvTUNbzmESMasydHYerV4uajRKU/M8D6FW4xMgYvcr
+zaP8DA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAD6am18oIGbiM4cNywDErtLXOjMfedSc
+jVwtk5CLDvXnK3SIFNG4hAZC11t6mlUwGx58ggEIX1dpHgSvrG6ITi/b2N+AL01D
+W85hEjGrMnR2Hq1eLmo0SlPzPA+hVuMTIGL3K82j/Aw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C7:KAS-ECC-CDH_K-409_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAfo5tdM3XUMkeslQAGHr/3oMFbjF3+nH
+UXhDhsmBhg3m4blYTaD0IRlBfzIzgpCRCpolngAr3s1QK6ZKbyHQj6QlA4nUJwMk
+RW6UQWV0lccq12D7NIMl+Jt6VASiwhwqoHcRvPXzBBI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C7
+PeerKey=KAS-ECC-CDH_K-409_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00f03b0b43a351311689eb1d3fc457013f294a7d02ad850c72e4ff9b64ce68a47beb49bc5bcbdc828534f8c8a5e13de5fe522eb0
+
+PrivateKey=KAS-ECC-CDH_K-409_C8
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMpsvyzCFlql1xbTNHn
+UmfFQk4Ad0EU7CBRpXGymXZhifrSTpL5bj1SdzbqSANnvb3QUw6hbANqAAQBTHVz
+mb4gHgiv2LSmcefTttf4hESYq1kuG/aTFTR86C29eF1FkiZg1NDSf6KwrGLnB/zs
+AJjwdz0+/pwpCpkuygWHXTRj8HNrLf70r/2f8A+WreUzmZF96gdMeY/FNXOPDFaJ
+okR/hg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAUx1c5m+IB4Ir9i0pnHn07bX+IREmKtZ
+Lhv2kxU0fOgtvXhdRZImYNTQ0n+isKxi5wf87ACY8Hc9Pv6cKQqZLsoFh100Y/Bz
+ay3+9K/9n/APlq3lM5mRfeoHTHmPxTVzjwxWiaJEf4Y=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C8:KAS-ECC-CDH_K-409_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbJV1bt10llwMB3p4OOVmhIgXVEfjmTw
+QqAclQ20cbHW1YR/dWae6wvxh/FVnbOyKu7AlgF+WQz6hVNJE2GYwt3YpSEIgkc8
+ndWRwC4gLKBAS7yfY5HXOuAR2smWUVXSZQE5/i5U7Gc=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C8
+PeerKey=KAS-ECC-CDH_K-409_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=018f55b81f15f862aed042f37433050ac61718c9939d432b2a20e12d647f99753b8dd5127cf8963247fe7e1d5ade1442229bc646
+
+PrivateKey=KAS-ECC-CDH_K-409_C9
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMbmAFcAgLqFkF5caNz
+BCUIOb1qbl2DSX9/k/D3Ryoh/OS+W+d26QlZ28QaDoXtIlg36NWhbANqAAQB/sCf
+lFcWFOfNjpWOvNei/NjCSNQIzbo1ljBUXDE4OSJ3TTsk4gWR2LQelU4WZU/oXLrK
+ADHg6x3RzkZ6i3jRDSW53pLP3Cdzgx5uKKFS0CripaUQmUzAEEYiVEQepBEhwGd/
+tBeL2g==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAf7An5RXFhTnzY6VjrzXovzYwkjUCM26
+NZYwVFwxODkid007JOIFkdi0HpVOFmVP6Fy6ygAx4Osd0c5Geot40Q0lud6Sz9wn
+c4MebiihUtAq4qWlEJlMwBBGIlREHqQRIcBnf7QXi9o=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C9:KAS-ECC-CDH_K-409_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAOz3Bk9Sj62uOAyzgphIEQR6DX3ZqN6O
+dvgXiqYAaed6lIrPp00sd6doUWWamBlwVNqNRAC5jhNJf3dgcnEcQsGNv8jrjIUj
+/2M6+Yih8kLtPDxWXRjPIk+HUfKULjYLoW4PWDCVKRk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C9
+PeerKey=KAS-ECC-CDH_K-409_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=002b560d1949297dc7e1bbe8ce49a595762924afcf0271e9c493c18ad5cbfcea5f3900c7b793ae5dd44f48884b0bc3b52c66e05a
+
+PrivateKey=KAS-ECC-CDH_K-409_C10
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNHO87LE3cR5eiXY6QP
+d9vi6owlCdIJBk45z5Ba+qkBCF+OeVybgBfJpdChuWgSwSSj/7+hbANqAAQByOmt
+xIFuZgb//14afUinhUw1qvBV0xgz8Mq96LvE0kWOPNPIKkr4B0X1lbO6Evi1wM6Q
+APxD8ZO1WJruYphXNeNig3TdRahqYbqveMIfpueHhW6muLiDFlQFcYJYZc5rhXit
+1fqmnw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAcjprcSBbmYG//9eGn1Ip4VMNarwVdMY
+M/DKvei7xNJFjjzTyCpK+AdF9ZWzuhL4tcDOkAD8Q/GTtVia7mKYVzXjYoN03UWo
+amG6r3jCH6bnh4Vupri4gxZUBXGCWGXOa4V4rdX6pp8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C10:KAS-ECC-CDH_K-409_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAE4Fw02sRObhsIzfrmNXwg23pUTcJT3/
+HCPU26hxuWeBtqYWONc4Zdr+CpRDw+wyiFfSPgEibEJ3eLsiRiTNIVST16TzKk8U
+GXkjZAlQXYz1jYHf08eT5ZVDp4AxTzzY7hdmTcLkY54=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C10
+PeerKey=KAS-ECC-CDH_K-409_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=000b43cb539bb4bb42f195ffdbcdeb482b69301c0155a840cd381f55c465a8e57ec51d6555871537b56bf84a1544cae2b2b8eb38
+
+PrivateKey=KAS-ECC-CDH_K-409_C11
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg3d1nE0pBg3i6oN38
+kRHAou1JKyiVad0AYb8SJtI1vapSA9Pvor0BQdKs4nw66Oba8R+hbANqAAQBZ9V3
+sqQ8wafYimvog8KNv0jD4fvyGtg+en49dT+wttP4DNE3b9mL4mD0lHV83AYyVtWy
+AV7XADt9K9XgNZMDZgrdCQBJA5z33zlpieoYxwL3BMRc9v3nrQctMSU9HVKV6cXR
+1cYsOw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAWfVd7KkPMGn2Ipr6IPCjb9Iw+H78hrY
+Pnp+PXU/sLbT+AzRN2/Zi+Jg9JR1fNwGMlbVsgFe1wA7fSvV4DWTA2YK3QkASQOc
+9985aYnqGMcC9wTEXPb9560HLTElPR1SlenF0dXGLDs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C11:KAS-ECC-CDH_K-409_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAW9pYP0jV9L3C193i+XgqnFVa50vTM6x
+T3gS2oWKuHKBi0YQ1BqPZiALQ0NCIifZ/d9xLgCq9ZKnJedzg4iJa5vp94wcPWly
+ufmQNNAswPl3ap9sL5t9UB91vhhZmwiMTFiBxmFG5bk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C11
+PeerKey=KAS-ECC-CDH_K-409_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0113dd2cf8732ceb8a893e149f13d52026e5d829322d0f1233a624fd6b74d56e7e6374d70942a25152ce5073831660333fb3e070
+
+PrivateKey=KAS-ECC-CDH_K-409_C12
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNgelplMhd7UvI0knF9
+0Keyr5jgSIT3cHXkYEQQxQRKCEYezzfE76PtwstmfIS4ZBWTa3ChbANqAAQAClZ3
+rGwA0mRgVNvr/FNtsKmzUaJAinPgg61i0YL7h8uAMixTlVPs28ITzoTGbd+NwdI0
+ATJ6CjdpJA/aRflLsHNhx0qoyNEZQUp7VmbiWjq2iBl1OWMlp39UGhuiaAEqgsUR
+DSpJ4g==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAApWd6xsANJkYFTb6/xTbbCps1GiQIpz
+4IOtYtGC+4fLgDIsU5VT7NvCE86Exm3fjcHSNAEyego3aSQP2kX5S7BzYcdKqMjR
+GUFKe1Zm4lo6togZdTljJad/VBobomgBKoLFEQ0qSeI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C12:KAS-ECC-CDH_K-409_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAPVJxH3I6S/s04tXUIlYgORJ8eMavgux
+6syEKY+DYQjlowjMuVeNy9S+YXd1LrIx548BHACTZj7D/LVNZ2iXv8ldteVK1u6h
+7HtGykvz0lNYOfEByz5tXxG2o2v0A2PDHJ+IE3hiZ08=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C12
+PeerKey=KAS-ECC-CDH_K-409_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00c8e62ac25c11e86b98642e4ec7adde9d9436f9337369fb065abc9ea784f90b8b8bebae35da92185486191dd9f49370b1148ce6
+
+PrivateKey=KAS-ECC-CDH_K-409_C13
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDM02ppFNxHwSgseobmv
+cB4Nw6Vc3VheQ+Ps9B6TTsr4gP8WFNzlzJkqaa3fxAja4bCbjQWhbANqAAQB97/0
+NVR6iVFtAX0b2sTNo2BBoNPf0DJYVisuKPQM1k9q4rcEV3c/lnXP/EDAIeRwKwjW
+ABPFmnLwyD9buQoL/ueYlS+5HuMpyYxLWRT0Ra58hIN2cFK19SmXRiFUXdzWN39e
+OH1XPA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAfe/9DVUeolRbQF9G9rEzaNgQaDT39Ay
+WFYrLij0DNZPauK3BFd3P5Z1z/xAwCHkcCsI1gATxZpy8Mg/W7kKC/7nmJUvuR7j
+KcmMS1kU9EWufISDdnBStfUpl0YhVF3c1jd/Xjh9Vzw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C13:KAS-ECC-CDH_K-409_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAEEeXUyW413ptUHaX6xpEzZGLIgtjozk
+1utxIUF+cJUMTZUC9kVl1abPpzXJDu+Dx7hh4gCWuQTjfKHC21mlRhVifhwzVhYP
+4XUoSq3DsvoGugswqqB8hOZOSGUuX+swNZUGbg+EaPc=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C13
+PeerKey=KAS-ECC-CDH_K-409_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=012505746f1a40ef75f950595211ce04f87f1daffffdf8c12600a9e2994c8c1d8b19c0e0559adf9a94762cb983569de6d0d8baca
+
+PrivateKey=KAS-ECC-CDH_K-409_C14
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMxQa+7qLTZ8MvoKX82
+WHMZZzlGXj4gqJr5/fiwHRlaoQUuYXa1+thWE2trMg7r/AjBzQGhbANqAAQBgF/8
+V26KRfBil7IzXQOryK39Fa03522A07QYDV9y78kPPysDas2Bf0D9SQZKol6jg8gu
+AfItprUKxWKJQ/BbFBSTyswPArzfO//bQ1gjQ7aGFXYaGAvX0asd3BX1N0qPZl0T
+tLkScg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAYBf/FduikXwYpeyM10Dq8it/RWtN+dt
+gNO0GA1fcu/JDz8rA2rNgX9A/UkGSqJeo4PILgHyLaa1CsViiUPwWxQUk8rMDwK8
+3zv/20NYI0O2hhV2GhgL19GrHdwV9TdKj2ZdE7S5EnI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C14:KAS-ECC-CDH_K-409_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAA+oJD8ACjOYgIofiP/Fo0KWj+5ceyap
+4f+ibvqIXnThxWICfZXbCMwVvSWj/BGrTcE8ogD+1ofHGX/xrrmA5yo6fDGBQgUs
+I4mwhm2zuH5cgCXnm7T0+Zb6Y1KrnLIBcu941v/KkG8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C14
+PeerKey=KAS-ECC-CDH_K-409_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=019a71ab576546e2351aa92b6075e8229813e6a2cb3647147b192b4597f1217223e7197d846c0d65ea0d4aa4c503bd000ba312ba
+
+PrivateKey=KAS-ECC-CDH_K-409_C15
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNOUXeWysnXx1MW615o
+lj/mMkeB+rmG6UAgDnEd2/mILZmmIKl2NS4klnSM+2Hcy/bWWcyhbANqAAQAVqRS
++x1VgHnD6RvyL4aITKiXiIBv59bWykC1SFB5133EPkZqcSWXksZf9qtyBAZsDmeo
+AfKbcj2ffU3mzML5cIB5xdMK5dlg5ip8T23Ji/yVtPUx8ZfDlIZwVDJZQgPCUUcV
+bf1bXA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAFakUvsdVYB5w+kb8i+GiEyol4iAb+fW
+1spAtUhQedd9xD5GanEll5LGX/arcgQGbA5nqAHym3I9n31N5szC+XCAecXTCuXZ
+YOYqfE9tyYv8lbT1MfGXw5SGcFQyWUIDwlFHFW39W1w=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C15:KAS-ECC-CDH_K-409_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAL59WAQyY6svQiUtQbWC2GLCskPOGFdg
+gb1u3S9j8BZPNlyuZyaNIn85RGd+HBRq+GS4rgGkvLxkFthll6FIyk1hDuZWoAAm
+zmBHvZ+9QNiVMBlqRpOuWV1plWUDudKrSqvnyVihTGk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C15
+PeerKey=KAS-ECC-CDH_K-409_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=014f4b7ea93c9dd846d2228c2b6a8dfe616057232b7af845a570cb6cacf9feef2d8ef4fafb285b38e63cce0a09b4d82dbe43a390
+
+PrivateKey=KAS-ECC-CDH_K-409_C16
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMcgLZNUegCVpnnvixL
+mDz6S36RsRLi7KX50Mt+PU+Fr/ezOpIeqhJMtwAuq2KXPWXha8mhbANqAAQB/Q5O
+r7JsCMn450fUmR9GjHa0hkFm43ZCtYPbKFpLxMM5eZF9kSmpHLCnXBrufNT7q3PO
+AEaO+rz0SPzOgh896B6ZTXmn2Z6piayB+hNfesiLFUx2eQnGgffkjACy5mu664+G
+iPRGcg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAf0OTq+ybAjJ+OdH1JkfRox2tIZBZuN2
+QrWD2yhaS8TDOXmRfZEpqRywp1wa7nzU+6tzzgBGjvq89Ej8zoIfPegemU15p9me
+qYmsgfoTX3rIixVMdnkJxoH35IwAsuZruuuPhoj0RnI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C16:KAS-ECC-CDH_K-409_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAR/qWNnjbPjtTvO0L3fM6pO/VCrJIUHc
+LAlAYZhfPfeG0ZKle+4HJVCzAlg/D5QoMBsbdgGz3MG4o1RSZEJzhjKeuB/pkmVA
+QGlHgcDYsnweSUQrmbq5Pvlmb+oU1IQ+5LxbBFrFDBE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C16
+PeerKey=KAS-ECC-CDH_K-409_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=001fe2ed30ad4143c5eeb0b7622e6aa49e4e4d51c1ddc467b3fc54215dae931be0b6b6443e716895acb6570cdc21fcbdae46e5d6
+
+PrivateKey=KAS-ECC-CDH_K-409_C17
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNDyWwyz2SLA2ESQhrb
+qpJc1UF1q6055Wgb/J60sbZJrsHIduwexGEPGzsGUUpI5up6SiWhbANqAAQA3hge
+gbnnd21HRpSi0STQuHbZVI8g7jOGMElF2RMfkEV9m5ON8JiwNb7ar4DtbZeUBPxw
+AYGjUW2+qdqX1uzs2xD5bVRGnSc6s2bomkD9ztzxvag31cFL0QwLaiqcikeBASXH
+ZN017w==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAN4YHoG553dtR0aUotEk0Lh22VSPIO4z
+hjBJRdkTH5BFfZuTjfCYsDW+2q+A7W2XlAT8cAGBo1Ftvqnal9bs7NsQ+W1URp0n
+OrNm6JpA/c7c8b2oN9XBS9EMC2oqnIpHgQElx2TdNe8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C17:KAS-ECC-CDH_K-409_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAMqAk0C9EzVLYHHQc+Zbmw0rrILiKr/K
+x+cK/Z0iSFLw4hKXbl7II+uJUOArx1ns9W95qAAxKB6JdkAaq1j6jq+GNv6wExcL
+yrV4G+CijScznpRw4WbH9oXy6pFDMQ3KGzq44cjmBZI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C17
+PeerKey=KAS-ECC-CDH_K-409_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01610efb48fd22261921f7484ed6382fceb6bdf28f3bc2340a175b7971b93ed5ff357ed55e5307bbf42e40a5b3fabdaed0ce19a2
+
+PrivateKey=KAS-ECC-CDH_K-409_C18
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDM2NoVLjuAlS7LQ6+3H
+ILZrIBKaIfGk/jkRjP3U0Tfb5eVw6+LEin+awhz/PlrfR0NGl9uhbANqAAQB78DN
+GobOdUTyX0TmOgkTwR/WsIvAmtjNgvOvfjKnp+ys1W4lUmWJMTh51Kf9Q4LUEU5K
+AFo073QDWZwvg/PoMplSSJPyQY/5XWwv3Ao9uXDmL93PTNoYKqeLVP2MLoGPse4t
+0ndnYw==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAe/AzRqGznVE8l9E5joJE8Ef1rCLwJrY
+zYLzr34yp6fsrNVuJVJliTE4edSn/UOC1BFOSgBaNO90A1mcL4Pz6DKZUkiT8kGP
++V1sL9wKPblw5i/dz0zaGCqni1T9jC6Bj7HuLdJ3Z2M=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C18:KAS-ECC-CDH_K-409_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAHR5WwqcoHBJH7VKO8JJmB3vvsA35AQP
+dmVkKLFTi5eFA/gfgK2e+XxeEnulHsBAWEuaIAA+zifz2u/nvf/fpyeyr5WvhZGv
+lGzd/jfoVkO40XnKi5UpEG+cXzqVqIGSJfnX1Kcw/SI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C18
+PeerKey=KAS-ECC-CDH_K-409_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=008d990982aac8d5371b867de21e09064fef30e73321337dc24f19ad5ddb6c4ad217136b7c61e360a73fa7571d526c8f514a06d4
+
+PrivateKey=KAS-ECC-CDH_K-409_C19
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNJmKBioyFwuzWJVNLC
+SW2ohiAIJ/oTVmg2ribjjVGSbKPSAlife/on6iLTmZc9tvn96fShbANqAAQA9xWQ
+sEKQtfPNm6DjlKO+WhUU9F5TSX9s3tv4OXKOAogTXXaeSyiTLIdYI/4lbokZl8R2
+AJ0WunJqWp4JEDvJSgnYB5rI7fI0EMhGn3n1XzNVz7OtcDYk7G117OrjiB2iCQPH
+HeH1rA==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAPcVkLBCkLXzzZug45SjvloVFPReU0l/
+bN7b+DlyjgKIE112nksokyyHWCP+JW6JGZfEdgCdFrpyalqeCRA7yUoJ2AeayO3y
+NBDIRp959V8zVc+zrXA2JOxtdezq44gdogkDxx3h9aw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C19:KAS-ECC-CDH_K-409_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAR62TtQknhGVstEwejWlFNZtKbpvkET5
+wCtLLTyz49TAzcVInN37liJsnOPjb7j/Lu8gjACZiAsNDUPFxXmtd92uaPLJF/Sw
+YuqNd3uc30Zcu1kQfnCZJxToy/rHYpbV7emcSNOKiXM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C19
+PeerKey=KAS-ECC-CDH_K-409_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0155dc98729c8c1bc65eb8a3ec09135f46bfa313bf56aa3169e312db8991abda338f8ac7a75bce42884068efb7e6e625939d2b88
+
+PrivateKey=KAS-ECC-CDH_K-409_C20
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNaP4Bf48Mmb+s+C7fa
+Z2G7EXYYvFevNXtT8Znm5MvBKBl1MhQD6m3mGOwy6GuMoeENfEOhbANqAAQBrkYO
+EkhQTTPWftdQ8dYY5Tco1V45DfwY2UtW27PTwL3JbJLKHsqfRPuKWM823PzAWIy+
+APcBH8Mh72JY3Pwf3CwKTlTIbsk5vJzspsKRdQwf9UCzSkGHk4QqLFyrYGHbvptb
+4/phFQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAa5GDhJIUE0z1n7XUPHWGOU3KNVeOQ38
+GNlLVtuz08C9yWySyh7Kn0T7iljPNtz8wFiMvgD3AR/DIe9iWNz8H9wsCk5UyG7J
+Obyc7KbCkXUMH/VAs0pBh5OEKixcq2Bh276bW+P6YRU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C20:KAS-ECC-CDH_K-409_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAKFelqd26tuPigthNgM1y1AX19lxFkiT
+QemVFX8a3xeOVii60+gwvuVEMxGRZIhttcNGVABVHKVgXkrgU0U0oKs0PQOaO6eh
+zOgyxNZeJrrnq45fnHSz1CGlKOVZd4qye1mq4akW1Os=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C20
+PeerKey=KAS-ECC-CDH_K-409_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0109e85c684d027a625ec5e6df952e2f20a14ed5b092d1b1b38435251303844d230fffc53d84b923555e1e1cbebe20b5d68c3bc6
+
+PrivateKey=KAS-ECC-CDH_K-409_C21
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNVkB6bZYa38zcmYOvP
+6QJJkAyQLXxjKo0X+uIdP94wNzJbV3XqxaF0oe4rP/K8XOadjMGhbANqAAQAupUi
+M1Mbamx63m8zjST8ZXd7XTBSl+ZtMssbxQbFvKIofTrNM/4ZZT1siKBuyjcSzpyq
+AHFr6xTwIjNjDzRgPjCb9uJXLwt5HfpMWCr2o3q83WTo14WpXd/1m7xvvht/xzVy
+Xvzwug==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEALqVIjNTG2pset5vM40k/GV3e10wUpfm
+bTLLG8UGxbyiKH06zTP+GWU9bIigbso3Es6cqgBxa+sU8CIzYw80YD4wm/biVy8L
+eR36TFgq9qN6vN1k6NeFqV3f9Zu8b74bf8c1cl788Lo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C21:KAS-ECC-CDH_K-409_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAWQn5yvFfSapEKZyLqwsePuoq//MvBGp
++Dd7/iE+2a1kveKuhof4/x39sptdzs0CJpgowgCtT5q8IdoNMfGWWc07DBhVgUNq
+wIsVwLSKesOe7QPg7pfhZM+qWrx3RBLL//lKnqKpY2o=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C21
+PeerKey=KAS-ECC-CDH_K-409_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01ae814e02c4684c21dd7e58a65ec51ec68c37e59e299ce65608186c0acce08e41c8320b1941a611fe66b1921b558d7f402d0eb0
+
+PrivateKey=KAS-ECC-CDH_K-409_C22
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMESuQ70kfnWvp72Nwo
+51vbnd2Z31ZmjIMUVNwo8+mkTs/Ue6hCCihvHvNy/SmzZd+bgvGhbANqAAQAICaU
+83jXCWXUKCitXzcTe/i2POwsDRWOW6lMqx+OYeWjAJhro0mzrfPvwF5lZwr4jNPW
+ALrw2krtuXL4iiFd+/9k5CkPrcJdo/DYPzXmW8QXfTAl1x2O65xBRw88cZ4A7x+3
+VS5qiQ==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEACAmlPN41wll1CgorV83E3v4tjzsLA0V
+jlupTKsfjmHlowCYa6NJs63z78BeZWcK+IzT1gC68NpK7bly+IohXfv/ZOQpD63C
+XaPw2D815lvEF30wJdcdjuucQUcPPHGeAO8ft1Uuaok=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C22:KAS-ECC-CDH_K-409_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAS6J3M35dYUazPApTPS94SWckHptOs72
+nxk5tVjE0hFSLk6qxhPjrISRyT3rbTRKn4esvgGlJgjq0J0tsSOg3Hgqsg3beT1b
+twrJXFjmIUa+tiu2aP1X+SA45Fhc3h+R7oxSUmr+sbU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C22
+PeerKey=KAS-ECC-CDH_K-409_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0140e7db3f6415d884822ccc7316a329dfed177b76c0117abd722feca889bee4e14e65d26c6cc935c0e94205f05fc1a7abfb0348
+
+PrivateKey=KAS-ECC-CDH_K-409_C23
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNW1zcwdTracP2AHHSc
+Lx8aYe9b1uy3lqnhXv6bvmFY9mlUJ4c1D01kO9pvPoxkI7gXtTChbANqAAQAJaBr
+caCuJS8vkFIhmD6/ziGtlhIaXA3MXvDQ/sMB7HfvS5FYGP7c2n8/1zPH+eUpB5y2
+AAJokNUwO2Gcf4H2D7grJrC5jY8kxFyrQaRO6zo6MSlE6Im0A14ENgswUEPjDQy5
+BBqJ3g==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEACWga3GgriUvL5BSIZg+v84hrZYSGlwN
+zF7w0P7DAex370uRWBj+3Np/P9czx/nlKQectgACaJDVMDthnH+B9g+4KyawuY2P
+JMRcq0GkTus6OjEpROiJtANeBDYLMFBD4w0MuQQaid4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C23:KAS-ECC-CDH_K-409_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAKupOuHRVSiAsx9QP8S+n5HRAkfxTIFg
+Ff+yutKauBgOe1CicUTgHCHmPD2vzSUTCLrHaADkq2blFL0Cq+rhxxI3iKaSWE3b
+SpCaIX+zXeZliCM9re9wNv+dnyTro3cuL6MDe7rmPP4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C23
+PeerKey=KAS-ECC-CDH_K-409_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=002ec4deac3e83d60ad39969f2f93b49f31875831ecd51ea5c37ca48de081c0c8cc660edc53a222f3043447f9cb752763be7494a
+
+PrivateKey=KAS-ECC-CDH_K-409_C24
+-----BEGIN PRIVATE KEY-----
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDNisCbUlyBmDPak9Wm+
+mN+hCMjroII0rpqH88iLbGWTS5loFTIqFvmqvtEzF793Jb6lgI6hbANqAAQAD1KS
+U5TLUrwzDgY5DAwKLhDtl5cUn7zIjYD7yuwXPiSgXa75hAHV5H87dlvtu4JGMShW
+AT2ZwXEIBdX8fbclmsnhNLQR0A1z+wdi49IRzcVr9/cUUS0EpjDIcyVR7nNCh0ds
+9RHoNg==
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-409_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAA9SklOUy1K8Mw4GOQwMCi4Q7ZeXFJ+8
+yI2A+8rsFz4koF2u+YQB1eR/O3Zb7buCRjEoVgE9mcFxCAXV/H23JZrJ4TS0EdAN
+c/sHYuPSEc3Fa/f3FFEtBKYwyHMlUe5zQodHbPUR6DY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-409_C24:KAS-ECC-CDH_K-409_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-409_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAKpOuJhEPM4+0sBy2Fh3WsIhwk4z7Kbz
+FXlmNUS7M6SgaKhtE/FntlMExffyX4lfZbL0KACDze0wIRtm8a3xcxi23lDXckwF
+hJleBotyRwOuCO1xoyszSYensx1sJjcVKRcyfTeszTM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-409_C24
+PeerKey=KAS-ECC-CDH_K-409_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01c9cc05d19f96c4d233039cfbc43ab68d657bb507f46a353091fe98fc0f422a8e7593c195d326977a2be6bbd2cb44eb1fe81650
+
+PrivateKey=KAS-ECC-CDH_K-571_C0
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAXPNFjHhjs4Btzs1
+cv+qdJXEvIH0B4rlDWnLHjOKzxNGkRcRKSEWbd8tKfOp+OEMZ+iMmpkgOoNFZb52
+rFkSZDZzmmr6ApzFoYGVA4GSAAQD+/u8+6YJFX9oojEm2AX3x177Gb77WV46l14I
+/0a9NMi4e5ZFwOhuoK2RVGXVyFbGm7m3IrDRe/l62VxGAt6hfGtRIFTLItgHHBbf
+ceG3G0vT2ZOIJ9OVkJO52x/4a+1zlEpC3LZ8wzEC4owdDpgEpkUGVvS/M61y7Pe7
+g70oLN5LwV1OSAZKqK0vApefXz8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQD+/u8+6YJFX9oojEm2AX3x177Gb77
+WV46l14I/0a9NMi4e5ZFwOhuoK2RVGXVyFbGm7m3IrDRe/l62VxGAt6hfGtRIFTL
+ItgHHBbfceG3G0vT2ZOIJ9OVkJO52x/4a+1zlEpC3LZ8wzEC4owdDpgEpkUGVvS/
+M61y7Pe7g70oLN5LwV1OSAZKqK0vApefXz8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C0:KAS-ECC-CDH_K-571_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDEGpcHZI6CZDqjGAIw2w2a1PlYiuY
+RkBEdB+8eEAoTbi79gKGbDDMv1+bflnMHZv8xblw+mJNqbFfbLM29d2n5rmSTV3O
+RUMAXFx7vVp4msTGKD3rDQ03xIUrqlfWvCsKxjN/6wlwTETRs4W3DMOU+iNdg+bn
+EReH5X0JAsDLEyoZCm5i85hRHAwsTNUNRXA=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C0
+PeerKey=KAS-ECC-CDH_K-571_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=003198a6b5d6cce847e24348a6a6ceff7a89ed3794d7acedc4e858c80ad04a74dbc02c7038e05ab26b2a299ec92ee0d2c7e66a81872a5157fbc5d4d37ad598d6ddee995ed28a2d74
+
+PrivateKey=KAS-ECC-CDH_K-571_C1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAJN+2zqilWPSJIWR
+yftEiYUJX5E6dFgxVZPPzofmj7DxpSW3MQoQEXbjTUXBAEU4lU4gRFQ4F8qw1WPf
+bLDV6GF7u6FQ51XhoYGVA4GSAAQCNjzFYksG3xlWvvpZfUx1fMKxABo+FUTSRAgp
+D2lId0VbqS5WCIRi8P+svTk8+DW1a3BGoV1Lck3Gw1c8sVbA3ymKqLElXLgECfdz
+uY1e3Cc02DWVMoG4KsDhXZAtiHp8a6dWKaN2cbEB0Y3f3EGT2YsYVRQUxJFzAEUw
+95dtJ8Jzpz3buJj8tfrenAu3iD8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQCNjzFYksG3xlWvvpZfUx1fMKxABo+
+FUTSRAgpD2lId0VbqS5WCIRi8P+svTk8+DW1a3BGoV1Lck3Gw1c8sVbA3ymKqLEl
+XLgECfdzuY1e3Cc02DWVMoG4KsDhXZAtiHp8a6dWKaN2cbEB0Y3f3EGT2YsYVRQU
+xJFzAEUw95dtJ8Jzpz3buJj8tfrenAu3iD8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C1:KAS-ECC-CDH_K-571_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQCESI8S3KbIGvgH4CFqZfh3eXNsnwE
+iSWic2m8ymo+L7/GVjfx7OsTO+dJZ5oXsc5Ygh9GvRhEqJzwBCyAQ8sQXgGj/JSN
+JmMCsewubiwjdbRksKUCxQU7WzSL0IF4xyxgMQXQRoGWpGldwmfW4QnxsSdEU7bv
+8U3fN4OWnoglZI3rwhav/5JY9kTXfs2ZEc8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C1
+PeerKey=KAS-ECC-CDH_K-571_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00577147459262e5ad42f222827f20ed574b2118924205bcdbd339ce20cfb085d072fd70f4ca1f5768fafaeb5710f7ccbea4fc2ae5377b0cff20a889a2201739139bf788a9bf2d7d
+
+PrivateKey=KAS-ECC-CDH_K-571_C2
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIADQJmwdz8CHuDT3R
+hccEtRWKlDKNqgl2j61YBN8dovwGcZDPECjDAje/KkjaE6uuNaJcPmOH05k/m1aD
+Bbi/CBj/Un3YIF30oYGVA4GSAAQGdNzE91XET9q9wHhIgQe7ZKRgupMsfhhUhMzS
+f6hwAxEH6ZVSBLBjC5tNNgjZqpMdfHZswuRYeOttjNlr33EbL+i0e40jPtUF2Wvm
+t+K6dMgDKvGcovKznS/U6MibFWtrJcLqT3H3SgLKfaKkY6zXYF1TUP0WqckFJTTn
+6B1kjkBgorAcRZwmDLZWfaH8UxQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGdNzE91XET9q9wHhIgQe7ZKRgupMs
+fhhUhMzSf6hwAxEH6ZVSBLBjC5tNNgjZqpMdfHZswuRYeOttjNlr33EbL+i0e40j
+PtUF2Wvmt+K6dMgDKvGcovKznS/U6MibFWtrJcLqT3H3SgLKfaKkY6zXYF1TUP0W
+qckFJTTn6B1kjkBgorAcRZwmDLZWfaH8UxQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C2:KAS-ECC-CDH_K-571_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQATUi+WZ67HtYCRy16h/TNIID0TsKI
+Vf7MOpzd4lVReHq9J8wdp+d4F+lMnAKJwAWg4247z7DTgejMloS2990FF38W9j+H
+IcoGLPca8KL441xNf5MSvTSoRqOA9j8NxylMGIdxAzV+INHw7v8xKpk96yoez8gK
+6galtx5Pi5zvrrzTJiaRkGT4ivQW2G4+evM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C2
+PeerKey=KAS-ECC-CDH_K-571_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=014662b261d0bc2168642bfa4f80c4b3fe8176f604ad3703f443ec7aaa3dcf3c5465b869a8fcea60b8f55ce7118806c5d28a04848bd961db0061209b59bc02979acce9324d7c0c31
+
+PrivateKey=KAS-ECC-CDH_K-571_C3
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIABVHQ433b8teKuaS
+WEW7+wO0++glVhbsf72XtI8RJpIhn08SdebSRT1bzzusQQbwFhuBGfSH2ItfjI4I
+s6oXuD/gEQLXY5LToYGVA4GSAAQEJ+LcEe5SI72cPZQYx5EUaC+R3aBufYjDOafl
+bg37Y2tuY/3oo4EUbstwXKIC0rc99AhFF2PFFmBmqX/05PMvC0zJQjRLCy0HYMij
+iOLuon72g4x9RQUuOMvuIJbL6J93R3QTQHZljfkMYsfcDj/emV16mQkJkwCatsU1
+Z329s3bxg+tQktLLaog3tr6jXc0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQEJ+LcEe5SI72cPZQYx5EUaC+R3aBu
+fYjDOaflbg37Y2tuY/3oo4EUbstwXKIC0rc99AhFF2PFFmBmqX/05PMvC0zJQjRL
+Cy0HYMijiOLuon72g4x9RQUuOMvuIJbL6J93R3QTQHZljfkMYsfcDj/emV16mQkJ
+kwCatsU1Z329s3bxg+tQktLLaog3tr6jXc0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C3:KAS-ECC-CDH_K-571_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGvyUuYsmWkXGpcXZx2g9wMulSCkl+
+yDH03HdqyH4BlK+ZVGxB0IBI6gbakjXPE2nD6lPmuMu3p/1CljVFSNRO30Y/d600
+GwIClNX35zbc2JkBmOTg8LOYuKxqh3ZK9gFZYjSi4WLJxmfkfrPZh++66wO142ma
+OO+VPHT7KP19ik7Fo2MZzMRKGaqIIB3ay/g=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C3
+PeerKey=KAS-ECC-CDH_K-571_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=051ec4db0622b7b1c798366453c70f959376ea3942aed2e931ff62a4019eb12ba5ff119214c8bfd8bdb66e62b562400f2d3d48a84b1b3baad3667f735ad4d0f183bdb91aaedcf1f1
+
+PrivateKey=KAS-ECC-CDH_K-571_C4
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAMe0JSypsZLF/qqa
+IQ/YTi5IMgJx8Q9n6p6zCw3oCG1Z2uBCWf0SsIbYkOItRdJ9fIRV3Petp5bjXjox
+ODQsxza8PtN4HEEZoYGVA4GSAAQDJWI4OOixjYG2gGBzQlTrArjrsiZFVvyYUMNt
+MDVEmqdk81Hbr3u8qbmtsR8nzIihrG+3GqEO+NDQk5Kwyn6qelzBQHjMGLsAmPx2
+VtneOlGSPbopDsvkE++NlR8k6SSMtVIwn5cSf7lCns9t0Htt6JTharYOM7TucwJM
+y+hm3l4X8bR43HcnobtCNxggsS0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDJWI4OOixjYG2gGBzQlTrArjrsiZF
+VvyYUMNtMDVEmqdk81Hbr3u8qbmtsR8nzIihrG+3GqEO+NDQk5Kwyn6qelzBQHjM
+GLsAmPx2VtneOlGSPbopDsvkE++NlR8k6SSMtVIwn5cSf7lCns9t0Htt6JTharYO
+M7TucwJMy+hm3l4X8bR43HcnobtCNxggsS0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C4:KAS-ECC-CDH_K-571_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQFcB5jsBwWxOsZk4JluhNMrHMWJ44v
+HrQKBHdUSL3tl+ejfQH+2KTgtD/026IaR3WczUW/lnHdIu7GW0r/i424nf4+SQwK
+ydYC3Ze2QVruKwHP6zzSoDV4q/7Zyoe+mibYmVlah7y9lydI+moL5OtVfmnG0o4r
+uhWA3HTidR18zZGMRrS+aHWk5MKQ2VnCPBI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C4
+PeerKey=KAS-ECC-CDH_K-571_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05b355eb5c47d8027b6c5301d2463b99c636db207792e2975ab1a53c1cbb131280288432a79a3b47271d6a2bd777298baf8a675f66be9dc72c3588d299df8b52e7840322b43c2071
+
+PrivateKey=KAS-ECC-CDH_K-571_C5
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAGbMUZgNOFG0iMLB
+gUlsg1BfuVex7EqE3x4QXjDQAry5eLbQvcO3ZE7T37wzymv+Q2LNjMVBdAsN6M8u
+3M5FkuNPoRrCbskioYGVA4GSAAQHcfop5ZMNbf0206nnFZZ1/SPQteH9muZFSsqe
+gSfx5+P1MitcFrCVVzsyZtCPDcMwQ/+z17COTgUu0/A0mjKQJepv8+FmhUcCL5lP
+mXRpLbtuWMx65fkGUu4jHgo5YVadxkbRFFIqN3dBDBs1LWaAefgAELtUDkwoQIZl
+gQ/mH9YOcNMMaI6rj94ENk3uXJs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHcfop5ZMNbf0206nnFZZ1/SPQteH9
+muZFSsqegSfx5+P1MitcFrCVVzsyZtCPDcMwQ/+z17COTgUu0/A0mjKQJepv8+Fm
+hUcCL5lPmXRpLbtuWMx65fkGUu4jHgo5YVadxkbRFFIqN3dBDBs1LWaAefgAELtU
+DkwoQIZlgQ/mH9YOcNMMaI6rj94ENk3uXJs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C5:KAS-ECC-CDH_K-571_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDL6GBb9IxfBa1sZol1G+l5FqxXuny
+sdEnTCoGAjmU2zCfrVb2CzzlfzLfx9BFqEt9gFIyvjTH51lRTDCiUge6gAIVsgYP
+BMIEFGlZPVdIByuayP3gIwlSibzfZasb/AhW+D6a4GyJcwO9FvXkWCPWX+yDEP1D
+MrZc/0enma9PfIY44tf4WUjEPxBTTJgMy2I=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C5
+PeerKey=KAS-ECC-CDH_K-571_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=052bd78bf1326c6d91840a351d4874d36b147139882356c595b8607f9998773092a99adf70adeed19e122d4d2fec16285f000161145135d96355cba039a96335e7716724c249f88b
+
+PrivateKey=KAS-ECC-CDH_K-571_C6
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAZkNFfosyQ54PUMi
+AXhLq1a20p0fJmWnbNAT65b2MA7Y92K3ilWWrH6MHnYWfxB8IEQ7GscyEB6fCsoS
+VRpTbRUt8rPbDyDeoYGVA4GSAAQHbD1y8OcV8kkbydmSeKjvPDkLOpbpmXs35be9
+il8Hr2j44O44krY/8RKnOoSfDoSngtT7Qm618vFa2szp5UdqbazPOn+popEFQKdj
+gjWZ4MhgJ7rMjLsw46JGcnb8T35f1O04XfxviD/te8pp3yGgZotV69KS2o/WNWo+
+xc0cdiwBRzqgZwBMrO2tVk/gaRA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHbD1y8OcV8kkbydmSeKjvPDkLOpbp
+mXs35be9il8Hr2j44O44krY/8RKnOoSfDoSngtT7Qm618vFa2szp5UdqbazPOn+p
+opEFQKdjgjWZ4MhgJ7rMjLsw46JGcnb8T35f1O04XfxviD/te8pp3yGgZotV69KS
+2o/WNWo+xc0cdiwBRzqgZwBMrO2tVk/gaRA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C6:KAS-ECC-CDH_K-571_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQD5j3UyYwVE2HJkCt2OuMvLW3nWVP6
+PWg4wdYT1Ej8pzvzAtMCEqltMrlUnhfFzzlcVlGR9qItrE2nweGp2brobr+3LILq
+GZoEFgmrnBLBXlEnAF6+/2/R9ztpEu0HCvh/X/wh35A93h1xVYLdL2mQQCAARc26
+ns11isTQhNTI14IZ9vrZTTQa132szau1Sis=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C6
+PeerKey=KAS-ECC-CDH_K-571_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0226c28e5a6bc735935f9df2c1b02d096d4dee41ffb95a67905aab8de1b2d8c66e2bb471293091438d3f05df7e48003e58a958b72f839f7f2e2c54287fa3cadcd41a2542ae4ec03a
+
+PrivateKey=KAS-ECC-CDH_K-571_C7
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIACsJN+cx9Z3d3w6U
++6krsabOuBnnZZvPbt1LSvScLvJcW2A5JW+Sg2PhhASxZT05mAVMLCWj+DoMVUih
+OePmoYB1Z0bNNO4poYGVA4GSAAQCcMTADeJwkBDHzwR6DOabh/QdykjTW3H7pLJY
+iG1zrkLe+4ZTlRwb0+tM4OYXWpRsZ6+md1NHXFH9UlsP2fWiba/KMZ+qXhUGaAu9
+woFQX10/vil0SpmeB/9hJXaZP2+L4xE9se5s8jeZhnu8gKFAN2qbYydFH5i/j9Hb
+RvnZzAXohwTVcS1FZ+HfQNOeme8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQCcMTADeJwkBDHzwR6DOabh/QdykjT
+W3H7pLJYiG1zrkLe+4ZTlRwb0+tM4OYXWpRsZ6+md1NHXFH9UlsP2fWiba/KMZ+q
+XhUGaAu9woFQX10/vil0SpmeB/9hJXaZP2+L4xE9se5s8jeZhnu8gKFAN2qbYydF
+H5i/j9HbRvnZzAXohwTVcS1FZ+HfQNOeme8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C7:KAS-ECC-CDH_K-571_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQG+Rp84Rupvy3h/gcPnchDu3F8MG2c
+Y7UHjSoRMj8gycDXt3Q9MR3azc9d0A9JixmWcseK4l5oZNYr3BaTXW+42tIILTZ2
+6/MEWTxbrRLD1lXGYRx8qXEfnjKij+5Us7gkOWKjxV1B8sGF5MWLeimY6XgCG5W3
+JGNdrMvX/DDSByB5e8KRNixVsCSssr3PPVk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C7
+PeerKey=KAS-ECC-CDH_K-571_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=051a3deb052d3e99bb6ab6c6b284db2c998e9bee543e02e57f1b13fe9fafbfe53a89658c58eb947dbd178aea2f6cb28e305c9867bd65bb26f71793f90c984ca11113e1a8dbc8f7d1
+
+PrivateKey=KAS-ECC-CDH_K-571_C8
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAc1Bz/diQCqDTn4K
+uQj8VJQPaXtQAipN/tjPCxPX4O5SP78z7paTiV+RjZThWwhGVdYbIpTKUcQSP+Xg
+ho6dDRysITjwV3oXoYGVA4GSAAQGEHl7vG2RMRgK5Uq2bmeAhJJYNpdBRw4HbPBe
+B4W7TnkAuQjTjY2rO5QnuVKt0g77dYz/gK62QcTd4e7aVQnzhtVlhVlgnO8GjSUV
+9CWg4wN1RzQvG2/5MXY/UFLlNupPeDd7XJQUWcjCIBSCr8882nOQ6eXTGUUYZMoD
+aDVBqyzXep2I/XphDKhF7lzT1Jg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGEHl7vG2RMRgK5Uq2bmeAhJJYNpdB
+Rw4HbPBeB4W7TnkAuQjTjY2rO5QnuVKt0g77dYz/gK62QcTd4e7aVQnzhtVlhVlg
+nO8GjSUV9CWg4wN1RzQvG2/5MXY/UFLlNupPeDd7XJQUWcjCIBSCr8882nOQ6eXT
+GUUYZMoDaDVBqyzXep2I/XphDKhF7lzT1Jg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C8:KAS-ECC-CDH_K-571_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQFqyp/EKyJ+YxAlYCrwRrZDJM2Dmqy
+gpILWdMWyp8rI661CHbLG8vo7prmtVM/3NEa1PhtiRjWY4nah8mL8dYyO9CUfYCZ
+CDsGieGUcnZ5HcuVJxg+MqCAcrfgPcrRdf48/Xvu/ISNzvSDOAxgBUEThccCfJpS
+tgpuU3qHU4DSW8R8e/I2TdaKZvIdD1eGakI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C8
+PeerKey=KAS-ECC-CDH_K-571_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00697c751ddbca7034fb4d3fc1b2618daf78cdae464e8332d1215020c8f896f4864c7a6f2c61a363f730f58fd3bdb4f78a90b40aeb83b4fbc1d8d37cf6a27a6f722c68a82979fa16
+
+PrivateKey=KAS-ECC-CDH_K-571_C9
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAZ3/DXKosELE6S8d
+rnQHv0oQbNpWTbdQjlp2sDEwyR1eXLzy9XjC6d7kOEn5Edd3PUwmfigsJ3tzH4im
+7w7t3VIPV+dD6/lloYGVA4GSAAQFu2Cl/o47Fzz4QT6vQToyhqWnqjePIURsYQV2
+lgEnRtAtEKgx94XJyWVh/8atT57N9JN//9jmmECOZg/olvftRK9rO0LqhJ8Dfjo1
+5Iqma9hRxZ+FHUof8zTg5YnawwmGrNBtbrjOI28qlojyeKFNz+BmC1+g6X7Pzrv1
+tA09P1FQpVRay6YjnABBmsctwsw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQFu2Cl/o47Fzz4QT6vQToyhqWnqjeP
+IURsYQV2lgEnRtAtEKgx94XJyWVh/8atT57N9JN//9jmmECOZg/olvftRK9rO0Lq
+hJ8Dfjo15Iqma9hRxZ+FHUof8zTg5YnawwmGrNBtbrjOI28qlojyeKFNz+BmC1+g
+6X7Pzrv1tA09P1FQpVRay6YjnABBmsctwsw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C9:KAS-ECC-CDH_K-571_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQANAkcOsb8UpnfGPFi6veiB/wVQ6pJ
+jnJy4VqSdy9XdyIpBpRW4hnJwocr1TeDsPsTRfXoRnTENEEpoxQUa3Aw/HUZeiDF
+iKoEnjo/XuZYdeFAEImXBji4B9+XVopZlcj+L1Akc7g/WMVWxfIU7W8D747OAUAa
+ITS8BB9mki/MTjk44MbTAutCIAZ4qXE58pE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C9
+PeerKey=KAS-ECC-CDH_K-571_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0322517da30e010aeaa2ec9bad2745d8e67f906294ecd6b1d16808be3837f79070d0e1bbbd617f4b8b031d3b51ea2acc59de408a130138c78571f8800fa907caf550d23323d1c818
+
+PrivateKey=KAS-ECC-CDH_K-571_C10
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAeFBbUKZJsq+pUe7
+J3ZxClL3EwOTCBAgMSs5Yhletu0XxtQ2vEaltHp6qs+PgRf+o8r6FmZcwYRbDslP
+r2h1ebHBFroYPoJfoYGVA4GSAAQGVmClhoihZYipwWuCcgQKMK/jFQYwZ2Aj/hZW
+ht+9pk/IWZXdwYycWwKb/71N/6j2KYnGOaaGI+yngAnLCI7hy0LEhVt50wIEksOG
+fxN78nh6erBWjTB5uNmh4LC6XSnQx7phbQuydyXaLKa8Z78IT6tSWZ7UKw70h0NC
+PLxvQTVpLDCa4mMMxKU5C+k/J0s=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGVmClhoihZYipwWuCcgQKMK/jFQYw
+Z2Aj/hZWht+9pk/IWZXdwYycWwKb/71N/6j2KYnGOaaGI+yngAnLCI7hy0LEhVt5
+0wIEksOGfxN78nh6erBWjTB5uNmh4LC6XSnQx7phbQuydyXaLKa8Z78IT6tSWZ7U
+Kw70h0NCPLxvQTVpLDCa4mMMxKU5C+k/J0s=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C10:KAS-ECC-CDH_K-571_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQFe3xlvFHoe9rTfCtNrmf7AIznH9MH
+LkG3fFYtfEF0iHKiC++FF7pL6JY33emOK6GzsB9jlAcT4oI9jatopcx4Vh3hQIXk
+z4cAundDClVgCJ36xPaLTzSTejhN1ge8u1+rVnen+uCe0Hz63jmeh86f3ZOXxoGq
+M3jOO8grAH9t5PfLltrfVaTIc0o385pcLyU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C10
+PeerKey=KAS-ECC-CDH_K-571_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=000911ec1cf82a22c849b401dfe56453a06f4af32644ea8b63135b68a979236d05968eeadca7f0cd339d295cc58967a7f38cfad6e947a71295733e42ca3c1ba9b4ff6195607bb530
+
+PrivateKey=KAS-ECC-CDH_K-571_C11
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAZY2Pu8aDlvpfY92
+Af5A/0AQ9JSfAWkIqQbtXNrxIh06WTs6Rna+r9H6FLwPfFM7FwhvIH+cSEz8L7w9
+sr5BI6jobztJEczjoYGVA4GSAAQBsS44kU7gB1qIjW1hzcdXDFEdkKnjoOJzjDqZ
+gauauppsYUYLrQeaKEKaUgfSyAGvL9zto2ZEChFoZ2Xpunf3prxVAS1MlRAHDt5Y
+d2Zf1jatz9ByINdF7XrAqbAgIVn0UMn2wbg3GSpp7mrZVTJ+uc0yagWItZcj206P
+0lixHbiIpT6xTyvghRJogykFmJI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQBsS44kU7gB1qIjW1hzcdXDFEdkKnj
+oOJzjDqZgauauppsYUYLrQeaKEKaUgfSyAGvL9zto2ZEChFoZ2Xpunf3prxVAS1M
+lRAHDt5Yd2Zf1jatz9ByINdF7XrAqbAgIVn0UMn2wbg3GSpp7mrZVTJ+uc0yagWI
+tZcj206P0lixHbiIpT6xTyvghRJogykFmJI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C11:KAS-ECC-CDH_K-571_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQG+nR37exfHnQogfjXsq9WN1ET6ZK3
+l/04frW1PDPGunI2QXssfm40YmfxuMbXhX1uCPmmDobeI9pLNoQk+wA/lrTIn10k
+SnQHPh/t9i6MgSg2IrU+ss2ye2TDwd142gyQ3Ww8d2rRRjAuQ6ulQTebyPO93C4Z
+/xXZZmTOLQnrb7WxOEioKzG0UtjoTaO4Uxg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C11
+PeerKey=KAS-ECC-CDH_K-571_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0724c979affb3ab8d307529759bae5fa67319d441851e5817fef014350e3014e068428c9dac395c5e7b9e5b8877457b3e4625ef49ede4ae3626755eefc3fb3cf09c23e8a5a9f8c25
+
+PrivateKey=KAS-ECC-CDH_K-571_C12
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAKGaDt9Qg0f0QCzs
+vOEn3GQQsZZ9P4nms7oItIqtCM1speXRIozcxBocOA8q6QUtc9t1UOejwdhXBWyY
+lH9bLHHDPE7rwSEMoYGVA4GSAAQGKfcFWDCHCOaSmxrQ/jEoqK9/llkbR8uOosNF
+QSCm05PtmJ0TIxxmGWajeLln76ZNPAk46cC4sWyZ1zSb3Vni1EgE+P7h+0cGpeUP
+1QJNiVPjIkKCMlDpmMpgK1JZlAUSlzWodOgzs71z16ncU63qCSuo0kIH9epWV6KZ
+GbiKbWP9CpQ7Vt3kyEeEgbV3I+Q=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGKfcFWDCHCOaSmxrQ/jEoqK9/llkb
+R8uOosNFQSCm05PtmJ0TIxxmGWajeLln76ZNPAk46cC4sWyZ1zSb3Vni1EgE+P7h
++0cGpeUP1QJNiVPjIkKCMlDpmMpgK1JZlAUSlzWodOgzs71z16ncU63qCSuo0kIH
+9epWV6KZGbiKbWP9CpQ7Vt3kyEeEgbV3I+Q=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C12:KAS-ECC-CDH_K-571_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQBi7bL/L+67UaFZLNo8LCrw/vKR9zB
+nyyEa/ooc3DhuRL2tw4IUZ9XfwysMlt5/Wa2sjqh4q4mK80ueossLZjZ7XelTHKV
++Y0Fvpu9kXcrtCJmq6nIk+VmcM+2bK++RAHKLLV2W0aVBISFl8f0RumYFHRnhxWK
+g+v443loVzY6jgT4dCoJ1+yhY4bWD9fIWN8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C12
+PeerKey=KAS-ECC-CDH_K-571_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005a526588a3a2ce08b20925e83987eb0a1e68f997102df7f9af83823ac8e06abbd29c04cb1f974ba9c9ac49b48b5af37679a39b532d359cdec3d41b3f80a1ee12c80276256b738d
+
+PrivateKey=KAS-ECC-CDH_K-571_C13
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAEysP8wAc0RCzdgO
+r4JEEsIOqe6wPUO5mdSd5hhzYCAgorPEeWX29FO5G3osHZPhOolURTPjWhIs/IYS
+yGkLabt6VXh1+WCyoYGVA4GSAAQD4hHDtJhpJ8Q4jRaAy0dw3ubHgmZyRYLGbMxQ
+xssoI5R01SH6zHIGr2uynM7XM+27wNILkmTOY9lDcYjj0xwOC8Pp+diEKeQDenxZ
+ASqC1ZzB4vD9T9dR5XN6y3fyoHmeCvOJlqteEQkKY5bMSA5vKqvY+tRGEWkeWCIR
+X9SdKgAMm0nR9JZOJNQ/u4H6h58=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQD4hHDtJhpJ8Q4jRaAy0dw3ubHgmZy
+RYLGbMxQxssoI5R01SH6zHIGr2uynM7XM+27wNILkmTOY9lDcYjj0xwOC8Pp+diE
+KeQDenxZASqC1ZzB4vD9T9dR5XN6y3fyoHmeCvOJlqteEQkKY5bMSA5vKqvY+tRG
+EWkeWCIRX9SdKgAMm0nR9JZOJNQ/u4H6h58=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C13:KAS-ECC-CDH_K-571_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDIYS2hj4stbxxuv9ba1ehBZSDHMEa
+nl7t7EgE4gFuPdBkz/0Soe6g9pMpEd7TRazlwf8lC5ZI2TuVM4ba6bVijDxiUnuJ
+BRkH94PgNBqHHmJW2jSeu1OfiHZ9fawVEePD5NQ7D9MdXdLC8PF26sVEqHH0K5g/
+j7pN9nq2ojm335lyJjBLcxZdli9OHS0Y3p8=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C13
+PeerKey=KAS-ECC-CDH_K-571_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=049db68dc9fb4cfbad8247ca4fe7c573c0640abead8f319194d665ecaf4f04b61f84f5df0d8a6386f6df04ca1a685a7394567eba5deb9f739b1e623ed6507021593f0e22e2dfc3f6
+
+PrivateKey=KAS-ECC-CDH_K-571_C14
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIANUUFE1FSLz8vPVw
+Cffo7hBLFUVvSRgmvf2bpn6HH9vY/ISQ7LyyaQkfx1KeXlVxOoHeIMDtAeyzFZrm
+FCS9vFZTcyWH0elPoYGVA4GSAAQD7l+He3N9rkC6+R4MxYHf6NKR+MRR1b/AtpDf
+cCWHXZVp1SAhs7aJDgGiupWJnikoqQLNXcgUPAfqJnSanJQGi1w0xZawlD4Fjhul
+FqgYyumzcIYofgiAg+K0If7wtZuoFqsDE3XQnXr31XhmdEaHvju0HOInbTo4+Xu7
+n7WfJKkvAIWwTuXtGsDvpnE5T3M=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQD7l+He3N9rkC6+R4MxYHf6NKR+MRR
+1b/AtpDfcCWHXZVp1SAhs7aJDgGiupWJnikoqQLNXcgUPAfqJnSanJQGi1w0xZaw
+lD4FjhulFqgYyumzcIYofgiAg+K0If7wtZuoFqsDE3XQnXr31XhmdEaHvju0HOIn
+bTo4+Xu7n7WfJKkvAIWwTuXtGsDvpnE5T3M=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C14:KAS-ECC-CDH_K-571_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHHhZ+WeKnCev0vj2D+53GntdJ46uK
+VOICw1+NRd6qK9qGwq+hsKBHVNGImPzdmxhfHYui4YCkesKRu0qtj5l/c7FCO81+
+m5IFcRkIW8fLICPSP4gQFCD59Qjw25T4377dXL6IzsgKnccI32zM34FddbFGKA18
+0uuXzxp91VC+Ujgk+TKnd2efLun2bUJY3aY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C14
+PeerKey=KAS-ECC-CDH_K-571_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0343c45daab4f91e02ef9bd6e1cd157b00ab0ab0a3e0d9734918a1d896cdf7cc1212bf74d7bb9bf96bd4abf42df325756c407217f44a5950c2b66af820692742ed7ebe14e48d2d88
+
+PrivateKey=KAS-ECC-CDH_K-571_C15
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAMzG3KWphVg84AgS
+w9B4IvY0HHnXjBay565Lv1v/rBrNneq2eBk/j4mw4qrlLjAxFETdESU/ltYts6v7
+F+Qj8N3w6ZEIEVTDoYGVA4GSAAQDgmIVNDz9Stlo1XK6st7iJ5+ejv+g/4Cw313S
+6oIrUCJ05QfIfSQp3Yu9um64q0M7HuHK06l8fSRBlP2aQ/Ph/zMUTi24CGQHD0UI
+rjkc4kFUs4hzrwCC2ViVrJL9GqMhupO+70BKY/exr6H+7Jl4hVI6ZoitqU3UXrMs
+p/G7h+Y8Tel0kxlsO1PPg9IY3Dc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDgmIVNDz9Stlo1XK6st7iJ5+ejv+g
+/4Cw313S6oIrUCJ05QfIfSQp3Yu9um64q0M7HuHK06l8fSRBlP2aQ/Ph/zMUTi24
+CGQHD0UIrjkc4kFUs4hzrwCC2ViVrJL9GqMhupO+70BKY/exr6H+7Jl4hVI6Zoit
+qU3UXrMsp/G7h+Y8Tel0kxlsO1PPg9IY3Dc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C15:KAS-ECC-CDH_K-571_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHTxp7XPsO7vHhXmNRLHMYja++iOjp
+xCBzsrZSufAoIU8L7HkULYiJQWq/eoPin0eee8PKZX7woQwuo63jEXwNNp2swjOd
+HBIA6JkqVAdnUwKfLA6djBZua6hIlqR4X//1mMSCPlRh/wBUkLt/tth4rDT0J/2d
+tIy98S65gm1o/SzxcdTWHD8nXUSUfU30x1I=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C15
+PeerKey=KAS-ECC-CDH_K-571_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04a565cb3e15236a7f6c413afeb419c082427b10a6d07ff87e81740716433c06b3254414381e4ff9860340dd6201ab6621d162cd12047a5515ab1d65f20c97eb3d7132642f8ad58a
+
+PrivateKey=KAS-ECC-CDH_K-571_C16
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAYhiE2WL0X59wzTd
+gAOSakR8NKGX7l1tC7xG6F7Bz6aAKFjRw2cnbKVyuieqel0eIWkCQWtIr25Cd5Re
+Rl19hA3/FDhUPKpGoYGVA4GSAAQEf2zEIQfEDBaNxnmoZPlptT91YlcRO3UCeW76
+VM3M5wS5NE7kv5ZHUtaJECYr0mq2s0cIRASygwbKNCXymJTOb9QpPFlzUi8GDP21
+RnZ1p4mSO+lzxmRdvibQCjnU6BJVIXKRo4gs+o+R9KqCFNNSTJXvaiTkezudDvVf
+ZwdWrkpNnGXwdfQXCy0YqvvKAmU=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQEf2zEIQfEDBaNxnmoZPlptT91YlcR
+O3UCeW76VM3M5wS5NE7kv5ZHUtaJECYr0mq2s0cIRASygwbKNCXymJTOb9QpPFlz
+Ui8GDP21RnZ1p4mSO+lzxmRdvibQCjnU6BJVIXKRo4gs+o+R9KqCFNNSTJXvaiTk
+ezudDvVfZwdWrkpNnGXwdfQXCy0YqvvKAmU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C16:KAS-ECC-CDH_K-571_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAS1Szzv1BX16qykrk5drPvOIMuhky
+ovUFSbzTFjABetIUdd8VT/N74TymGkxgM2sz0P/HYqqenp/G5v0XJQteQCK1UUHS
+P78Fb3yNZcVo3pW9FmT/9xQp7HOJh2l/IX3lrfNtFKgLb+WF5GheA8gYOKvt/cBa
+HgFAevSrmJ/B0Sc7qKGCxGGFbV7/5wXX3+U=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C16
+PeerKey=KAS-ECC-CDH_K-571_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=047265831f1f589b5f30806e2fb80aa7844cbf32b6993384beaac7d992b327b97dfd0bb89ca09e711507e846ed4ad003e7115fa8843b23d38f320e43b5eb506bde48fbd7af4983b9
+
+PrivateKey=KAS-ECC-CDH_K-571_C17
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAEwN03FeiIjcIiIG
+nn9hGAFoUUAwPha4tENDPV4YpLGAPVaAQWrr2nrn6USRVL40an3LNsHbInRGc/s7
+JF5YRAeH7T3sbT21oYGVA4GSAAQC+yQessKKGwZ1tXYP5WY++mA+sFkIQvRVlz8F
+c+FIpH5j+X6N+aVwsGVdWvxCAZ/pX+RP2wKmgnHYLfWAAQ+R3/DLPZvaiZIDP5Op
+3DnYdAO2qU3AYy3sZ1eELQqvitjEHrtjcFi/wRwZo6mr3fIEIB70+W/pYpIzpQcK
+CHlNFEcAkeMM3Ydqr2VAdicjMjQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQC+yQessKKGwZ1tXYP5WY++mA+sFkI
+QvRVlz8Fc+FIpH5j+X6N+aVwsGVdWvxCAZ/pX+RP2wKmgnHYLfWAAQ+R3/DLPZva
+iZIDP5Op3DnYdAO2qU3AYy3sZ1eELQqvitjEHrtjcFi/wRwZo6mr3fIEIB70+W/p
+YpIzpQcKCHlNFEcAkeMM3Ydqr2VAdicjMjQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C17:KAS-ECC-CDH_K-571_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQH7HG+oIEZCpxM3/gJ7Stlp3gAzRs7
+7/0eQATRJqw1LSQjXHl6WlZ9rvc5PSdmOBMup/D2HlUNwlHTQfZhAvlsKr9+43wP
+ye0A78KshwWy+cnAapEKMExCsa1TEBrrDRRjGdwkgVx8wZg7HK2R1fnG1e7xZ3of
+LSvddaH7TFeWpMVpZKo+Q/PaJsc37dnLCRA=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C17
+PeerKey=KAS-ECC-CDH_K-571_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=059b62c25c96955b8fb4deddcf90ebe6845ee71ea357739273d6d67f21a0c47d154add9d5d4d2b657fe1988ad614b0b4902faa92fe999abd754ad33cd6b92fe2f6a68a6f2c1eeb27
+
+PrivateKey=KAS-ECC-CDH_K-571_C18
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAH1UGU/CJsw59kDT
+0XublbcLUfmK1coZkVZhCNg543fiG6SMv0QVMLM0HdxhsKWBQaqmZTAkH6UpUF1w
+gEslYMW+SBMQuZYtoYGVA4GSAAQC7V86LvpKsPnbX87XsTAN5NRXqa0IJ0V+XhxL
+wV69GDd13ktzwfgg3UAzNmEA5ItBZNBOn7bPGkvbVRIqhgBfvQvSzdvJX6cDJ/5l
+TvaFY8yIiKzKhRY8KxVPtwsPSitYw2OIoMJfgKTIh5d9RgANxNhulc/Y+QZcAOso
+ZTyPtHe7tcY91HuDyl4Phx6e7T0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQC7V86LvpKsPnbX87XsTAN5NRXqa0I
+J0V+XhxLwV69GDd13ktzwfgg3UAzNmEA5ItBZNBOn7bPGkvbVRIqhgBfvQvSzdvJ
+X6cDJ/5lTvaFY8yIiKzKhRY8KxVPtwsPSitYw2OIoMJfgKTIh5d9RgANxNhulc/Y
++QZcAOsoZTyPtHe7tcY91HuDyl4Phx6e7T0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C18:KAS-ECC-CDH_K-571_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQGcIaGtPWtL+xFeq1axKPcSGekd+tU
+/A1JNRG1Vh6hUd1Mr11DEZg1ALSMgEOvCeP0BC1aB+vwUKToAdru8zF74JOVUCBF
+KykFJchoJYO1X37OxZuSCEb3XRHQIen/sgAYY59quTAiRywZLTmOFQzcYwoR/PlC
+5dI4zWwUsw9Eok0vhD7F0TXdx6vaVgR6vCE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C18
+PeerKey=KAS-ECC-CDH_K-571_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02777c72853b76b29f69d3aa27a1659789a025af0633d833b22b57bf328d231ebd128bf96a4c8a7ffd2ee7a51e5ebb7a8e5bca20e4ad49671a2123dfbc0d6c40594e04765186de06
+
+PrivateKey=KAS-ECC-CDH_K-571_C19
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAQdAuVgoUkIEXNU1
+jX/5Iyt9fUE69+IFwoX4hJLvJ6L7hQ4FZ+wkxIDHWtMvcDQgJchiZ9vk/4CixQnl
+uaRRMOmefHzIzG7OoYGVA4GSAAQD8/WFyv1GpmO2z4uDI++RWdUZXTEY8+3zhzLK
+D/c7LQZdnmmuHjl4ss5txhUA97i79vanC0e7ZMxP0ZW7pqyTK3C+r+F0FIoAsVZv
+5hnyzACroF4kpszLyRM4su71U9oNR31sjArExlbhNNvPMf+xXGfVib0pGPEXSQnl
+QoxxyQ44xOEbViNqv6HeaoV5600=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQD8/WFyv1GpmO2z4uDI++RWdUZXTEY
+8+3zhzLKD/c7LQZdnmmuHjl4ss5txhUA97i79vanC0e7ZMxP0ZW7pqyTK3C+r+F0
+FIoAsVZv5hnyzACroF4kpszLyRM4su71U9oNR31sjArExlbhNNvPMf+xXGfVib0p
+GPEXSQnlQoxxyQ44xOEbViNqv6HeaoV5600=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C19:KAS-ECC-CDH_K-571_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHznZ0QD38YoldceKrWHznNfJ58S99
+8xYTNb5D/CkI6nNvb1i5MteTr/ZvMyc11NOPBcsDzydcoOANofVzgeCL/rUBeHc0
+InIH1mSfPZHnv1+N5hG9lxgYEG3y43k1u0ZM2edGlinGrn5/KyJAJ2yw7tt6JtDH
+03f0AJod1Ip5PMmT+w1KBNsdutRJMwS8XA4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C19
+PeerKey=KAS-ECC-CDH_K-571_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02c2ec1632e83416182a9a438f7360b88061bab84f5bded3dd8a0c87baf44507df94fdcf99353b107e61cfcfc8af071b3aa8cec7b34a542bf2ab8ea0bd9db67d66b428c9a6c14458
+
+PrivateKey=KAS-ECC-CDH_K-571_C20
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAMheXS3tW8O2tVP+
+CgIxG3K8XNyOlt8XnOV1EcJqyehz/B92zd6afY5Sp+m+XHdTYgMx6Jd6mJArSK6Y
+mc6KamY2YRJ2riODoYGVA4GSAAQCiapSCf57Gte5xeDmMLpeApKeobHxFNMKBkgB
+K/Ap4GZFPy0o4dUDZl3Qgz8Lo35Fg7Q03ZlWEAoa5uVPltk0fYBnQdOnbjEDOv6H
+sp7e9Ef/WgLmP2SQW19TrIVs/XdVrVQoEuzdVo6K4fnTL+oPAgGNz9DhbWpqJ5e3
+49yFW/22sNCyUl4UNnjVOb+MBnI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQCiapSCf57Gte5xeDmMLpeApKeobHx
+FNMKBkgBK/Ap4GZFPy0o4dUDZl3Qgz8Lo35Fg7Q03ZlWEAoa5uVPltk0fYBnQdOn
+bjEDOv6Hsp7e9Ef/WgLmP2SQW19TrIVs/XdVrVQoEuzdVo6K4fnTL+oPAgGNz9Dh
+bWpqJ5e349yFW/22sNCyUl4UNnjVOb+MBnI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C20:KAS-ECC-CDH_K-571_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQEg61zguNIr8fycdUNjTm4FLfW3AxW
+KmulVlaARb0tYgkGqxEG+RN/9yWJLoQ2qM17iIkqMvGasmnirTDX8OwA46BS+7xG
+YwcEHMSw8ZXcc8So4QYF8qOCkjq9I4HyTkq71AHgh8UNGPbasBol236J3/9oxmNJ
+T7TQh6gWuFRE2IK+wqwl5C/eeOvMp5pv3fA=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C20
+PeerKey=KAS-ECC-CDH_K-571_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07e1d202a54d34020939f7aed56931f21b206761e4fc79b9a7b320f81077be322ae7809446b5b3ea701618ecdb0a1796ab80407a281bdbcb4d580131b61f8743bfef7a4d9c5941f1
+
+PrivateKey=KAS-ECC-CDH_K-571_C21
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAFOkjP2o7iMs6jVJ
+knsi83XWCWVgAl4hMWHUPu0C0HNl2e3nyT1FfqUeojaeh0Y+3b8loGux8ID7R2MH
+SoKD3T1p8d6GUpXjoYGVA4GSAAQEeQ+dtgC5oKV+A9J0o9I6VaoNhrLW+gf6/jyd
+TDOTdx3eiccKZHCjG60QXCHUhEzXv8O1lzj51sUoxBTVJPiODIYuThev9FQF3BLb
+BOJInbikbN7/n42dLgDQJPZWx4HrTS2xZ2JLOnCt2qoVjKAGAdTK0GWRe+vnZpEv
+q6mYf8xfyKeN0hZDqmUOakp+IGE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQEeQ+dtgC5oKV+A9J0o9I6VaoNhrLW
++gf6/jydTDOTdx3eiccKZHCjG60QXCHUhEzXv8O1lzj51sUoxBTVJPiODIYuThev
+9FQF3BLbBOJInbikbN7/n42dLgDQJPZWx4HrTS2xZ2JLOnCt2qoVjKAGAdTK0GWR
+e+vnZpEvq6mYf8xfyKeN0hZDqmUOakp+IGE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C21:KAS-ECC-CDH_K-571_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHpejrSWhJehG5DGDhPV88YcaGhXOm
+ttt8IIqFbVTnT0No4oEAueC/SfwxBOFG+9p4RiOjbZ8B8j6636sE1/SP9mUGxpi+
+3REBPblo/HzTOMuOMEKhcfowb5q29shl3cW6X+mUow2PwfoScZHwjk4UuaoIalL7
+yqRtIhB/1t9TEItT/gu5a8l0wDqMZSj5eS0=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C21
+PeerKey=KAS-ECC-CDH_K-571_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07f49ee5d822b17e3f1ec9946fad8d0a0a6b327242afe675806b3e6b7541745e21cd1b70df926af057a9f8deae4cb9a1edc782014426152e8aa4cf6a4080dad4678dc8ff0d9e1af9
+
+PrivateKey=KAS-ECC-CDH_K-571_C22
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVpeWUb+LJyubUEs
+YYwb0HckQysvHe2xMn2Kmc6DDmsDD0AlwUtOPRkS6pp4KQoc/H0BiaMMYUAQyHMU
+ahgvY5GTopEu3NBKoYGVA4GSAAQDFAiH6HA5eXhp9dnbUNkbpp0L/cWmd8cAYQVi
+9oDZUaXgUXyy+WY2fUjkI7BG205ovBxLMYPcgL7hJuiQFJlM34PEMSo+XqcHuNcG
+liyxkvDtFMTacQ0bGwc/2MpJepQ3mnRUycPUzm5f0uY4aFKnfFQ1q7I1NtzIOYbO
+3UUSdS8pXKUA8FX0YnY8KftnjKo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDFAiH6HA5eXhp9dnbUNkbpp0L/cWm
+d8cAYQVi9oDZUaXgUXyy+WY2fUjkI7BG205ovBxLMYPcgL7hJuiQFJlM34PEMSo+
+XqcHuNcGliyxkvDtFMTacQ0bGwc/2MpJepQ3mnRUycPUzm5f0uY4aFKnfFQ1q7I1
+NtzIOYbO3UUSdS8pXKUA8FX0YnY8KftnjKo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C22:KAS-ECC-CDH_K-571_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQBPKr4zi4jIc8lbytkqomt1paMKYYk
+oivTjvlN6zpw6kTOh6lI6la/DulAcTT4yXsXsfVFYf93R+P2tlb4DWB3jQW4xMu7
+zzwAR6Lco+tnVLCp/Rawgfykl7Kd0uyeanWW0GsFnCqxiQD8xYcVJHJ245DfHbqy
+a6gSNaTcZzgjf879OBK3q0NskmxQxgDm6Qc=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C22
+PeerKey=KAS-ECC-CDH_K-571_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=058cd5608dd9d64d4d822baeca123358a4d7e56d3777ecdf569a149c2f85ed35479eaeaababd0b026dc3b56aedafedfc8491040413f85b669d8512a3ef7bc8fe8706b5c7585370aa
+
+PrivateKey=KAS-ECC-CDH_K-571_C23
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAL1Y4ZwF336ZvZYg
+cOC0x1dgQoWER+AjtBuyl0Womkh03+MloV040vuehw9BndFfSqrGXbvFrCxUD1fN
+sORbyGYhcm2SLRSqoYGVA4GSAAQB5LKid93Xjy8RnAW2rh6noqdElh4IlA9lae6I
+CMU7x6EhOAZO1cjCIu7yd05wwovOOmwF86ZU4SEAarYryUOB0Byg0bCCNNYH7tjN
+eoo1SbDZ74eGh579ycD0zpCzmRozy7sdNwTbk1ExOLGaUOysiA5XjeIQRvA6IABI
+GAiEvELPmq/ljMHq9TbW0l8VQdg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQB5LKid93Xjy8RnAW2rh6noqdElh4I
+lA9lae6ICMU7x6EhOAZO1cjCIu7yd05wwovOOmwF86ZU4SEAarYryUOB0Byg0bCC
+NNYH7tjNeoo1SbDZ74eGh579ycD0zpCzmRozy7sdNwTbk1ExOLGaUOysiA5XjeIQ
+RvA6IABIGAiEvELPmq/ljMHq9TbW0l8VQdg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C23:KAS-ECC-CDH_K-571_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHQ7PJZag+6fa9uZAaHcwfeBllRKiL
+nPgRf4ntFXTlxdgE/EUREsJXh34SsKZsaTxmVcErukU12Z1iQF9Knc68BW2LfLut
+oSAD76WKo6jGok9DxVgf7AQUQq6VUnXbwdRtEBVgWdJje5qCmUsCSiR9KmZyS6kN
+Anh7FosfofS2dJZFQGxDj40xbWcPHg2LAwE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C23
+PeerKey=KAS-ECC-CDH_K-571_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03bf7a59bbdd688682c45664d20c19cb2d24fcca6772120cbeed1cde762d449ebf22855627eb6b2be6e7f7c0f0034d02686f2a4488549f8cb198e02b46972bcb88914bea66dd6400
+
+PrivateKey=KAS-ECC-CDH_K-571_C24
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARRjBw/LSii+Tipn
+wpx/pIpMWFowdAXQahoGeOkJ3W6vuJhmLN2LzAGd6xTl2S0XK6HEOO8PZNgBB8fo
+5oAp9OCqgUoQmco4oYGVA4GSAAQAk5OY5GOIbw27SKdPVzoSFQAGaOELV5idwwCy
++ajAjNQ9bLt/Rux3wcKUsj+GKZAn0rk/1usYIQqCML9G45IfGCySYMMIR6sD1I7G
+M7naFlDqdiZWs+MfJq7Afnymqvwe18tGbqrzmT4EZwSMlnux6bSuBzojDB4vdOLm
+GGZs9WoG8rZew5Vbb/uwapCM9hY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_K-571_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAk5OY5GOIbw27SKdPVzoSFQAGaOEL
+V5idwwCy+ajAjNQ9bLt/Rux3wcKUsj+GKZAn0rk/1usYIQqCML9G45IfGCySYMMI
+R6sD1I7GM7naFlDqdiZWs+MfJq7Afnymqvwe18tGbqrzmT4EZwSMlnux6bSuBzoj
+DB4vdOLmGGZs9WoG8rZew5Vbb/uwapCM9hY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_K-571_C24:KAS-ECC-CDH_K-571_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_K-571_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQHIvHnoGB3UNri1ixdPUcPAGwyVFWO
+qqKU7u28qNML9Ku5Vd62LkF5kl9sut87+HdvFdyuNVat33lxBad7f29xIGyg5uqR
+4YgDXRCMoNYgyrlrfL9hfRtawG43eSYpiGVk/RR8WOVeQjNE/08fukrw/jQVKzhL
+doXKrRXTvCcOQ0Iq2HTnHkCKcabIqQ0q2Xg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_K-571_C24
+PeerKey=KAS-ECC-CDH_K-571_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06d410e9ba6b8b87b00d0f676de8ba27f6afe7e308c2e992f318fc14cba0a447316ad86e8e6c1d3345d8e4035735232c2c597e760b8800a89a521567b09408f9c7be279c137c963f
+
+PrivateKey=KAS-ECC-CDH_B-163_C0
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUD7a4XPej6DPBBLWp73IH9
+vQYXrfihLgMsAAQDVGZwHQsAMNCYtu0jQ9NVwkyQcnEA2LwC80HSYYYN+2Xwy38L
+SI2Clsw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEA1RmcB0LADDQmLbtI0PTVcJMkHJxANi8
+AvNB0mGGDftl8Mt/C0iNgpbM
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C0:KAS-ECC-CDH_B-163_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEA6ZHujLaxx7GeAsGOKcM0k/DvUyOAuae
+lhVBhEpKozdpp7znEPZkClYM
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C0
+PeerKey=KAS-ECC-CDH_B-163_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0100fb42d177ffe6c31378e2e04e0da7376ffe8765
+
+PrivateKey=KAS-ECC-CDH_B-163_C1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBeNzIIWQl1L9xyPKSXdGv
+htwEomihLgMsAAQBHklDDN0G8udluPLMBnzUJOLnVIUAg68VsizX39Hf9zlr8/MD
+j1BSSZE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAR5JQwzdBvLnZbjyzAZ81CTi51SFAIOv
+FbIs19/R3/c5a/PzA49QUkmR
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C1:KAS-ECC-CDH_B-163_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEASgomJNkhtwuPNFYXzLVVEJk4ZHkBenp
+i7dJm/iV93+PyDAdbhx6n2GR
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C1
+PeerKey=KAS-ECC-CDH_B-163_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0681c9e59eb7eba769f5b6f2b06ddf1efd12997995
+
+PrivateKey=KAS-ECC-CDH_B-163_C2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUD6h555SoHCJjWo8TnSOla
+yHENd/ahLgMsAAQBN4YLo0WK8Twir4Il9WHgEzHNh6gHcgNW4V3HP5/uehwCH+yp
+fNQSBOM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEATeGC6NFivE8Iq+CJfVh4BMxzYeoB3ID
+VuFdxz+f7nocAh/sqXzUEgTj
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C2:KAS-ECC-CDH_B-163_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBYdPzIxITAFBcxAty3DGJO5hCNMdAElp
+P07ccUsNC6pb/F2LxqwECJ3k
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C2
+PeerKey=KAS-ECC-CDH_B-163_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01e0749a21fc508f76dade85435bbbe12c448bd8c4
+
+PrivateKey=KAS-ECC-CDH_B-163_C3
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBrVypq8i83MSCmVrRqXfk
+cnFQuzahLgMsAAQCWueDEbD882lWajGfiYSVRq6uwwUGQOsP31IEgK++ufJnT+sd
+bfSC1/U=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAlrngxGw/PNpVmoxn4mElUaursMFBkDr
+D99SBICvvrnyZ0/rHW30gtf1
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C3:KAS-ECC-CDH_B-163_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEADdI15jxQCaPHnGLOyOqKswDM8B0AMQq
+knq1eWlhIwlVdayUmwen0dS8
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C3
+PeerKey=KAS-ECC-CDH_B-163_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0320398f7acf791e0d602d7b94742cce58e9fddbac
+
+PrivateKey=KAS-ECC-CDH_B-163_C4
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUC0oqKodifo+Xllv/RgIJU
+7heg0PqhLgMsAAQG5sUklKtjyJyXiFVvcWZ387SAQqAE6YJYucVvAtPttMpbCu6q
+naqm/g8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBubFJJSrY8icl4hVb3Fmd/O0gEKgBOmC
+WLnFbwLT7bTKWwruqp2qpv4P
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C4:KAS-ECC-CDH_B-163_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEA4DbPfKxwBVKjoyzBK7NWB018xXNBxU0
+7C6LNX2eBp1/H6mL1E7YsGgm
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C4
+PeerKey=KAS-ECC-CDH_B-163_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03e4de43de85223d818e5be6549c29cdfa1afe1782
+
+PrivateKey=KAS-ECC-CDH_B-163_C5
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUC4XD39NwVL+Rwb5nZviKe
+ExfYK72hLgMsAAQHkA2sJR3oqUTPChvy6y7+7hRnbpsAkeffZ/d2InKdWbfjS5Rx
+J+f6Ll0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB5ANrCUd6KlEzwob8usu/u4UZ26bAJHn
+32f3diJynVm340uUcSfn+i5d
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C5:KAS-ECC-CDH_B-163_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEATbg0FtPOYuCfhmARhSLL0FXP8B8BzmT
+TOwQVyhS4fYZIi4vXsTg+lqm
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C5
+PeerKey=KAS-ECC-CDH_B-163_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=037b178aab014d5abab305e37deed7f4798cdb862c
+
+PrivateKey=KAS-ECC-CDH_B-163_C6
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUCkj0sgCzsQt7yYz3r3KdZ
+1ZdE0+ihLgMsAAQCzctPke19F3aNuAvis6yeCVax2XEDJDP0VabNJT6RWC0vb1px
+JlXaHWk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAs3LT5HtfRd2jbgL4rOsnglWsdlxAyQz
+9FWmzSU+kVgtL29acSZV2h1p
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C6:KAS-ECC-CDH_B-163_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB2w65KeBZzYn0Om8thX2JqFgpV3aBYwO
+yPJknC3c2cJLZDQzsU2QfFkD
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C6
+PeerKey=KAS-ECC-CDH_B-163_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00958b2aaa6061222dd248a6b9700fb6839dacdc99
+
+PrivateKey=KAS-ECC-CDH_B-163_C7
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUCWxe9bkIH2fsaOvAv1dsm
+r4NIrrChLgMsAAQG9vWx87GPRdtPs3d+aED7WlthqRQHN84UrrJOBZFYWnQXuJJW
+dJ9GHeY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBvb1sfOxj0XbT7N3fmhA+1pbYakUBzfO
+FK6yTgWRWFp0F7iSVnSfRh3m
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C7:KAS-ECC-CDH_B-163_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEANZfBRbBs+7ZIg5Zs9BJ3RFTF5rFAgv+
+EHqJpzYM0uIXU01t8pjMS8RY
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C7
+PeerKey=KAS-ECC-CDH_B-163_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0393387e1dab35748f20d506a0e2b4dc0ee6c3ff39
+
+PrivateKey=KAS-ECC-CDH_B-163_C8
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUAE36BMq0oiSPmSBHpIpj1
+wNzJVwWhLgMsAAQG8s3R1jDdcx7Xf5Acew5zVRXibU4BBi8vcVxNKvl7sb6LbPou
+PuMUJT4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBvLN0dYw3XMe13+QHHsOc1UV4m1OAQYv
+L3FcTSr5e7G+i2z6Lj7jFCU+
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C8:KAS-ECC-CDH_B-163_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBA2QPOKzD3CmoDhJsOF1j++Ih70xBKvY
+vbfBMnyZszgg2+GK4RT7Q1lJ
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C8
+PeerKey=KAS-ECC-CDH_B-163_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0212358d3f8bce69b662447333b3edbbc9b2f7e805
+
+PrivateKey=KAS-ECC-CDH_B-163_C9
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBxIxQt9Ps3zuQG60O78Pj
+gm486p+hLgMsAAQBkXVXMRfdhR5u6/2fseWohOv+/uUDrfN+Te1SVz+lfIyyv8ps
+ZcNnRGI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAZF1VzEX3YUebuv9n7HlqITr/v7lA63z
+fk3tUlc/pXyMsr/KbGXDZ0Ri
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C9:KAS-ECC-CDH_B-163_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAi7SRkPwzsaMjkrRqixDadiqA/WUBczK
+YrbdHTFt7b0PHVML7W5VazrY
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C9
+PeerKey=KAS-ECC-CDH_B-163_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=023472fa59846f7be07cf060cdd69a9fbb27d4fe44
+
+PrivateKey=KAS-ECC-CDH_B-163_C10
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBFi2e06ZgRV6MAV0eRdFR
+V0mj3NKhLgMsAAQEKD6w5QhdGYs3j8lfb7TDGYtNPHgBB6EWjy9HuWPks6kCTgw1
+el69+Sw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBCg+sOUIXRmLN4/JX2+0wxmLTTx4AQeh
+Fo8vR7lj5LOpAk4MNXpevfks
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C10:KAS-ECC-CDH_B-163_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB5P0sxFy7uZvJ2nrMF0DtcP3z/+LAfPs
+7Gu9qb3opNoU2z5f+TS5g1sX
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C10
+PeerKey=KAS-ECC-CDH_B-163_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0173a056c4c9ef6707cd23928999c4680f42b71f7c
+
+PrivateKey=KAS-ECC-CDH_B-163_C11
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBmh0W9KVy88G1HqKs5pKA
+5xN7j4yhLgMsAAQFzt6Wpw9xTNaJY/LWyiNiaak48xEGza3VS29zPICTR4fijCzP
+WLEie8A=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBc7elqcPcUzWiWPy1sojYmmpOPMRBs2t
+1UtvczyAk0eH4owsz1ixInvA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C11:KAS-ECC-CDH_B-163_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAup6UINGAvES9t0ObSXwZPnQXv8mAb8/
+adFKzIMzUzqIwuiCSGOkeuAn
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C11
+PeerKey=KAS-ECC-CDH_B-163_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03d34f411a297d7c990fa4a83b5f54759607f9d33f
+
+PrivateKey=KAS-ECC-CDH_B-163_C12
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUC79RADa08+tjRY3+pKQxL
+dYowFbahLgMsAAQFExMbS8ty72irBD7oT8jLA7bY8YcBILfVdyu7F+yxyegMNvgI
+/VSpOq4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBRMTG0vLcu9oqwQ+6E/IywO22PGHASC3
+1XcruxfsscnoDDb4CP1UqTqu
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C12:KAS-ECC-CDH_B-163_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBt0TBTSeiqCAIAc6DeWvxdwbamLTA0l+
+t79Aie8CzQpd0Phr2HmKRMVs
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C12
+PeerKey=KAS-ECC-CDH_B-163_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06120aed8d4c1e506710e2cfb98ca2022e642ca89f
+
+PrivateKey=KAS-ECC-CDH_B-163_C13
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBKw1kl3z8E7SDRe9wctGj
+iQ6vuVuhLgMsAAQBuTY89Ic1Z2h42AzhSBuFiGg/dEQHaPpzJ81yUsj2lu1JR4aJ
+Fa2h+10=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAbk2PPSHNWdoeNgM4UgbhYhoP3REB2j6
+cyfNclLI9pbtSUeGiRWtoftd
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C13:KAS-ECC-CDH_B-163_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBaDjQRGOaYJ9an+CgvvwuUQA8IJABCO5
+k9Q2f79PZQTZ4JpkEjo7U9Eo
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C13
+PeerKey=KAS-ECC-CDH_B-163_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=021a58087968c5df57afd7c343a4cfa2ee8e7073f1
+
+PrivateKey=KAS-ECC-CDH_B-163_C14
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDOslTgD0ERrPNpOvQcbTr
+AnwRv9ihLgMsAAQFxEbpiWykTMpzPp9OW2Sv3cBTchEGutGyUiaS+XCzi+aTXcfR
+wJ3NIG8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBcRG6YlspEzKcz6fTltkr93AU3IRBrrR
+slImkvlws4vmk13H0cCdzSBv
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C14:KAS-ECC-CDH_B-163_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEABqSPWGRY0MGEkweJnMJsH26Mt7LBaNR
+f1Qmo0Eacn7dwpo+wilVg2jR
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C14
+PeerKey=KAS-ECC-CDH_B-163_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03da9c0879219e48c3df56174898fab9ee5b0a6bcd
+
+PrivateKey=KAS-ECC-CDH_B-163_C15
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBvXkUWuf0LGsl0cOJZewI
+/SdTOnqhLgMsAAQA6dj8OgJpJcit1Qj5IPouX/UoJogFt79jElmsfTaTbBMP8gbY
+ILE73oE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAOnY/DoCaSXIrdUI+SD6Ll/1KCaIBbe/
+YxJZrH02k2wTD/IG2CCxO96B
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C15:KAS-ECC-CDH_B-163_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAvqLrw1hKK3ZuQKqGByB4kKYRR4uArk9
+H2kTkU/+FVnHwRTGMbtrKWF+
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C15
+PeerKey=KAS-ECC-CDH_B-163_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05b33fe3874d32aed99919265cc0074902e538fe54
+
+PrivateKey=KAS-ECC-CDH_B-163_C16
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDMMofWtd9embYdCMygCDJ
+HsefN2ShLgMsAAQFujfTaZfE8qvmA9/gQiMnOOgrCzoHPIzZUARJcqAFxvGvjkMG
+4MzvuUY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBbo302mXxPKr5gPf4EIjJzjoKws6BzyM
+2VAESXKgBcbxr45DBuDM77lG
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C16:KAS-ECC-CDH_B-163_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEA1Pi2kWrfEkwKAw+20upABLVbfYvAmkx
+4wuX/173uswN5NlJBwhSLjsr
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C16
+PeerKey=KAS-ECC-CDH_B-163_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=053dbce9826af4d290036feb46875e975b7848a9c4
+
+PrivateKey=KAS-ECC-CDH_B-163_C17
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUC0jFAB01u3dW8CZsX3hKv
+ud3y7L6hLgMsAAQG4GzHww9e1+aGw6daHUQld3BgHLIDDcQUxK+zkO1GevRxqpvS
+t18y39g=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBuBsx8MPXtfmhsOnWh1EJXdwYByyAw3E
+FMSvs5DtRnr0caqb0rdfMt/Y
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C17:KAS-ECC-CDH_B-163_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEByFnCITaqM1idjjskPNEjvsPJIm6BPhK
+mDvsayiJyCEb8jEUm1vrzHXg
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C17
+PeerKey=KAS-ECC-CDH_B-163_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00d49b971cab937f40908913fe259849679ca076d9
+
+PrivateKey=KAS-ECC-CDH_B-163_C18
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUCRJwbn/CeepoDsX9f9GER
+X18/Gn+hLgMsAAQHP53d3EZQkz3szJVG05KjXbvGanYE3nVY3eZJ9yMis54xyOKc
+5vWZSF4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBz+d3dxGUJM97MyVRtOSo127xmp2BN51
+WN3mSfcjIrOeMcjinOb1mUhe
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C18:KAS-ECC-CDH_B-163_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAdYxnsLcXAjwJhrtAjFBjW3D0M2nA45k
+lT982scdBS5VhVdGtD1EGBuR
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C18
+PeerKey=KAS-ECC-CDH_B-163_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0483ad0b7f8a716273f624b8979c19126705266e4b
+
+PrivateKey=KAS-ECC-CDH_B-163_C19
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUA0IuV2aTOck7EYszhJwH9
+jD1T/c2hLgMsAAQAJqdw2G4cibp6hq72Sbp+qG/H1bIB2xAg4Pdk31SlPCPJOM7J
+jZp3rR0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEACancNhuHIm6eoau9km6fqhvx9WyAdsQ
+IOD3ZN9UpTwjyTjOyY2ad60d
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C19:KAS-ECC-CDH_B-163_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBPFnkHv0uY6Gltgdp9LBBW76DcFMBsua
+tlFDgyuc79XZzmnsTbLt0Geq
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C19
+PeerKey=KAS-ECC-CDH_B-163_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00f69dcb547119fc9b8c454335aab184c3ada5f1c6
+
+PrivateKey=KAS-ECC-CDH_B-163_C20
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDgI7+atUNJQ2HGS4WSZzj
+JZQo87ihLgMsAAQAE6AuJfySeHWvpVe9Zz9lhwRZ5nEEA4265cXlQIRwiiS8P9By
+52nBI3c=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEABOgLiX8knh1r6VXvWc/ZYcEWeZxBAON
+uuXF5UCEcIokvD/QcudpwSN3
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C20:KAS-ECC-CDH_B-163_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB5ttFMdDJxQC0TI2AyFf6zxosURVBOOQ
+VoalOMJaAr6pL0IYQCG16iWT
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C20
+PeerKey=KAS-ECC-CDH_B-163_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01bc5ee5261b2bba55b10cbaa6cc3c97b98d00ffea
+
+PrivateKey=KAS-ECC-CDH_B-163_C21
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUCrSMqekHmzCSVU42HsCPN
+7HtuHyOhLgMsAAQFSeMHgNk/eW/c9pGQVXXYXGZFO9sCFiqIW+oxNEVD9dBhkTad
+7G5w6Wc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBUnjB4DZP3lv3PaRkFV12FxmRTvbAhYq
+iFvqMTRFQ/XQYZE2nexucOln
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C21:KAS-ECC-CDH_B-163_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB3L0LScqBX3g/5Jsn5RgXGZ10hUmBgLn
+5TJV3pv1jAV+77ebzkMbXDgI
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C21
+PeerKey=KAS-ECC-CDH_B-163_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=008574d838d3de87965fc1b4343fe4f078588c4ea1
+
+PrivateKey=KAS-ECC-CDH_B-163_C22
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUA3Jmxnz2IR4dRkOlYiyu9
+gw29OpWhLgMsAAQA9l2YTXHcwYvxcqvk05k84PfPMkwAG0nmos8Rc6raw69sCelm
+8xFBq9k=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAPZdmE1x3MGL8XKr5NOZPOD3zzJMABtJ
+5qLPEXOq2sOvbAnpZvMRQavZ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C22:KAS-ECC-CDH_B-163_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBQskKUYJcXOanW1WcLxtdZ5WVnaLBJK8
+LT9jjUl45MpYylpO8ZxezOqN
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C22
+PeerKey=KAS-ECC-CDH_B-163_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04579b477a92ed961cfdb2014407e88e7716452a4b
+
+PrivateKey=KAS-ECC-CDH_B-163_C23
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDVquFsE0IUbj2a0p5ZSbT
+8+OIKEShLgMsAAQHdqLhr5MtdFGQcL+pQeqpPp/16XoFq+ntRiRf0BRiUNKlY8Ru
+v3rNI0I=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEB3ai4a+TLXRRkHC/qUHqqT6f9el6Bavp
+7UYkX9AUYlDSpWPEbr96zSNC
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C23:KAS-ECC-CDH_B-163_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAX1SEW8MlVh/G3sGx26Y2ZyC3PIMAk6i
+K92ZC9eeY+c1shKCrhtepmZI
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C23
+PeerKey=KAS-ECC-CDH_B-163_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=035a8c10e64403c52ef8d17c5f4dead0df81fb1f21
+
+PrivateKey=KAS-ECC-CDH_B-163_C24
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUAentUdVDHWKnefwbi845V
+9enkTOahLgMsAAQEWVLAtRfmhcqwlHAyf51LISdRsEkESkKabvsEvOoCQKtYBd50
+CqYfmU4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-163_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBFlSwLUX5oXKsJRwMn+dSyEnUbBJBEpC
+mm77BLzqAkCrWAXedAqmH5lO
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-163_C24:KAS-ECC-CDH_B-163_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-163_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEA6fqELodaqVFcAtAtzeVGp5zbfoMBPk1
+L7KsJETpKHVONlX9YuOkJWTo
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-163_C24
+PeerKey=KAS-ECC-CDH_B-163_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=000142615e3607ac148c4de8f334be849235d01cdb
+
+PrivateKey=KAS-ECC-CDH_B-233_C0
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4APD7kdKwNC8HfVn48NfX3
+ZsUzKy1nMP8OTY51rtuhQAM+AAQAYeiptRf9BaAm7DdmFiKf2GOaH6dt7+U5gCL5
+2cgAcGtcsIc4qUVS/uWEsTcv6tSveQQJCfz29QCEu/o=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGHoqbUX/QWgJuw3ZhYin9hjmh+nbe/l
+OYAi+dnIAHBrXLCHOKlFUv7lhLE3L+rUr3kECQn89vUAhLv6
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C0:KAS-ECC-CDH_B-233_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAEdWut3vw9wzerJ7VFLrEK/9njH1tVwz
+DpDw9oaiASp59lIyMIohyYwBVVzK/H3OFcj+0wJadgy9bCMn
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C0
+PeerKey=KAS-ECC-CDH_B-233_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00e9f3d8c4f1bec0f920e763ea1bb7415899f01734609e7547dc425ec946
+
+PrivateKey=KAS-ECC-CDH_B-233_C1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AqkGloBpOZqZ5l7C+FvVr
+FgsFYa0H868pZDhkYdChQAM+AAQALZFAJEZVcGjED8B13uk5FrDxqTkuR+VrdHEl
+rh8BOrCRXkrPd5UWgm+h3BiFoGq8XQgJySJAzPnD2KQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAC2RQCRGVXBoxA/Add7pORaw8ak5Lkfl
+a3RxJa4fATqwkV5Kz3eVFoJvodwYhaBqvF0ICckiQMz5w9ik
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C1:KAS-ECC-CDH_B-233_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEARhqAo+aGNuSf2MlPCA+smqjq6DUCxo6
+vGTkeiKtAMvYuV+J5CESi8c6Q8XMJU44ZwlquJ14iy7TuQqW
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C1
+PeerKey=KAS-ECC-CDH_B-233_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00f1fbecfadb158d62eb1109c085124fad67a8795b58815eb396c95db4b9
+
+PrivateKey=KAS-ECC-CDH_B-233_C2
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4Axmd8KAaLRi40hizmydit
+jBs8fv6Ay6tB2kGSeOShQAM+AAQAQssxHc/ySCos7OaWwetkxprCqlmSCaXBh2Oj
+FQoBsDKfNsE10ALwi+Pj/6naGMXWpww2D0+HHxK/P5U=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAELLMR3P8kgqLOzmlsHrZMaawqpZkgml
+wYdjoxUKAbAynzbBNdAC8Ivj4/+p2hjF1qcMNg9Phx8Svz+V
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C2:KAS-ECC-CDH_B-233_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJO/hWIWAiOOmNCcmIKNUaSUYDYsI8UU
+HT0bI1KWAISXFSGHqLOylYodCi7s/0SSJRgHy/0D1fJoW8o3
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C2
+PeerKey=KAS-ECC-CDH_B-233_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=019ea831c51d88a7cf754495a1c474082ed481c8eb83190a77defb09d479
+
+PrivateKey=KAS-ECC-CDH_B-233_C3
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AnGECSz3/IZs38b5nAYBK
+3yR0FESN0PDcUSk6yROhQAM+AAQAEkEg2ECYUOceM8ni2cQOoyvtEdd4BHhumwdo
+kqsAba4bpIFylv9jBzusnOBl1DMboaXImcwcB0Bdrj4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEABJBINhAmFDnHjPJ4tnEDqMr7RHXeAR4
+bpsHaJKrAG2uG6SBcpb/Ywc7rJzgZdQzG6GlyJnMHAdAXa4+
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C3:KAS-ECC-CDH_B-233_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAEVJZIaSr5XYjk4dSRTYyXaaraxaD3V4
+MmXz65ZXAbCUtIAvOXZj0OaC+r8clMTiFOSDJ7le78uSt3H9
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C3
+PeerKey=KAS-ECC-CDH_B-233_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00088425fb04c2ce408f08d81385a322703a077bf00ba0791e4e79b80419
+
+PrivateKey=KAS-ECC-CDH_B-233_C4
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AbmnQZNvZp5T2jmmaDpQb
+3aalOhzso7PbgpJbb4uhQAM+AAQAxX1h/LH+6Q1djJfL8YjI74JZsK4lh+zx/4zS
+4voAuK2GxoBaSrRFE9u6L1CYuenB4Ftnn1KTeuzisYI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAMV9Yfyx/ukNXYyXy/GIyO+CWbCuJYfs
+8f+M0uL6ALithsaAWkq0RRPbui9QmLnpweBbZ59Sk3rs4rGC
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C4:KAS-ECC-CDH_B-233_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAHPFz0oB0J47QbXnd4xrm6Utr4j8QE+O
+L9CdtAJ+AHA5Htqnbw45cDlMrAM4BhBYhYw8c9XLUS5TJjBP
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C4
+PeerKey=KAS-ECC-CDH_B-233_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=019b5efb23bc18a4f18c22fe2fd5cdbd02372cabde5e5c9f4b4f9a49438f
+
+PrivateKey=KAS-ECC-CDH_B-233_C5
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AWuXeMMfDFxgTot0+PqLF
+zqoEc8OUV+mSkHHhpCChQAM+AAQBfPn8oF1KVeS2j+56O9Q/BHMD8qJm2Bu14ex+
+JVgAOwr0PeBQAzl94dSyeCetL81nXL9hpEWh7EClabY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAXz5/KBdSlXkto/uejvUPwRzA/KiZtgb
+teHsfiVYADsK9D3gUAM5feHUsngnrS/NZ1y/YaRFoexApWm2
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C5:KAS-ECC-CDH_B-233_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEASOmsIGnYehsBC4ZFK9H8JOyZVVD5WRY
+S2BkJTmpAFGO48GuVGQE3x7M1pqmhWQx0ciIHPBXjP9OuMEb
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C5
+PeerKey=KAS-ECC-CDH_B-233_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01f36d9519c3d47f030eeac3338db583b96fefa551a4b56cc5567f2d9d7a
+
+PrivateKey=KAS-ECC-CDH_B-233_C6
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AxoeWlVtotfiCfjisB4Kx
+rCxFUsrvDGCVhGfNhcGhQAM+AAQANHifvGDxCGA0yPLOhv1KozUZTJFGiQNX3EdW
+meQB0395Yyf3HsMVEEaEY9CykFSIpKYCZ4cN/uVnwlA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEADR4n7xg8QhgNMjyzob9SqM1GUyRRokD
+V9xHVpnkAdN/eWMn9x7DFRBGhGPQspBUiKSmAmeHDf7lZ8JQ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C6:KAS-ECC-CDH_B-233_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAUH7vys2HCyM5e2r+iKqR1VYHlsaZmAD
+YqDue8V0Aa6jysID+MeAR1omCbKXDMhvlupAEcNI2oJiszSq
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C6
+PeerKey=KAS-ECC-CDH_B-233_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00e54b1c916ff3ba1aa0b2b99f0ebde4f1a4cc6a10d959bb2f7f4c777b84
+
+PrivateKey=KAS-ECC-CDH_B-233_C7
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AdCRcyX3UUJNWieo/ynsL
+MMHWfObovhfLEZJXXK+hQAM+AAQB4cVwrMZTxwb9d0AZSlVN5/N5mhK4INapQRl/
+dh0B4iJejQ1ByAj26tevMg+yX+0pqZCYoPDhHNhp5Tw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAeHFcKzGU8cG/XdAGUpVTefzeZoSuCDW
+qUEZf3YdAeIiXo0NQcgI9urXrzIPsl/tKamQmKDw4RzYaeU8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C7:KAS-ECC-CDH_B-233_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJag0/Nuj3U3kQdM6ml7JHFifgyeeilK
+ApqdO5QpALdnF0opILYvHwL6eQl4RdUdk+DIEEQQgxot1Vw8
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C7
+PeerKey=KAS-ECC-CDH_B-233_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00bc0dcf7585753cc79aa412d2740b4b2d1c644fc9755cb0550286bcf68e
+
+PrivateKey=KAS-ECC-CDH_B-233_C8
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4Al77tS3OKYgXMnqBGtEi1
+IxKLkxAaAtlkQ16xeAahQAM+AAQBg1jalAeacAoQsgojJdM9gOletPxKmBAcMSY1
+k5wADE9ELQBxx70dIXzyNf0DHewwnoXqIBTmi1D8K6A=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAYNY2pQHmnAKELIKIyXTPYDpXrT8SpgQ
+HDEmNZOcAAxPRC0Acce9HSF88jX9Ax3sMJ6F6iAU5otQ/Cug
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C8:KAS-ECC-CDH_B-233_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAWa+JCazv45tBaJNfR8sDjKeQSDPyOb/
+UkhvCVWGAHNx4ogUX8JaWpy18qOGA08vMoxuqiTIsJboqx8M
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C8
+PeerKey=KAS-ECC-CDH_B-233_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01b7ef3148be331115321b1c2a68832fdfb991b26224a60dddce3e060d27
+
+PrivateKey=KAS-ECC-CDH_B-233_C9
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AdZxV2lXh/bW6f4uJOrqu
+WSW5sIGEo9VUlXrPPsChQAM+AAQAKvJfgQ4YqBtp2iVKZbimx6uA3cJ8hWIuI0it
+0TIBKLdT5LIajDrPhaq5Kpqmp7M/LLadcCS6+OiwcUI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEACryX4EOGKgbadolSmW4psergN3CfIVi
+LiNIrdEyASi3U+SyGow6z4WquSqapqezPyy2nXAkuvjosHFC
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C9:KAS-ECC-CDH_B-233_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAYHzuwsJdxMnfF87Rs7wKqnL4pq5XHbp
+tgofelHlAC4vtnLXK/ePfP7cQNNybGtPtYVBfHR2tlXjK707
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C9
+PeerKey=KAS-ECC-CDH_B-233_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0041249865c913b287a253150b207e2682efd96057cb0709e9bbb48c0fc9
+
+PrivateKey=KAS-ECC-CDH_B-233_C10
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A7mOdifDkM8B14u9XzCQ1
+gelbJh+Kk7jvb16/gBWhQAM+AAQABmOPa82FBDOV0B12f/d+nWd/N+9ADy4W/uht
+uvIAbBJJYmbeux2DQ7loTifF9xKcFwJKjmcEZypfPWM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAZjj2vNhQQzldAddn/3fp1nfzfvQA8u
+Fv7obbryAGwSSWJm3rsdg0O5aE4nxfcSnBcCSo5nBGcqXz1j
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C10:KAS-ECC-CDH_B-233_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGWqQRXlnmBFqvme4b7KH6uSO73JGSBu
+CTFiC6mWASjQC3dYmaWKWbyyq3nWCeLc2pjmUju2cWhVT4Tm
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C10
+PeerKey=KAS-ECC-CDH_B-233_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01cf480fbc2be2c2c4448c88890972c7ff9cbe08a75e26c3809596b8b5c0
+
+PrivateKey=KAS-ECC-CDH_B-233_C11
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AkpsJtnspqk/xXWd5oXMw
+ZQSfrrLCJwEsSfJ37VGhQAM+AAQAygQD2V2F8MsK5NKurhjhh7ecIB7WjBStJO0A
+OSIAz2sKUCspDQru6CBmGsz26ll2h8Rcf5Onc9JfYqY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAMoEA9ldhfDLCuTSrq4Y4Ye3nCAe1owU
+rSTtADkiAM9rClArKQ0K7uggZhrM9upZdofEXH+Tp3PSX2Km
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C11:KAS-ECC-CDH_B-233_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEATV25wDzY2f7dBhC8jGInzaCKqspM8JF
+7tV7naytAXkQ6QcaPkLn8hs2Pw5ofSiYEKTsKcNuzhSFTh3R
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C11
+PeerKey=KAS-ECC-CDH_B-233_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01ce8abf3c8ccfa30e5f35ddb75f5e106aab1e67086156a1ededa1717b77
+
+PrivateKey=KAS-ECC-CDH_B-233_C12
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A4nrwTv4thv/tbs33GPwL
+jgSe0iLnYAw84xzk6XqhQAM+AAQBRewNtf5iuSVHeSASJoryG6koqP2Y0KHe49j7
+JVkBCgMc6laxg+kwkwCKtwXMkJnltlxctEBzJLlv7pA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAUXsDbX+YrklR3kgEiaK8hupKKj9mNCh
+3uPY+yVZAQoDHOpWsYPpMJMAircFzJCZ5bZcXLRAcyS5b+6Q
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C12:KAS-ECC-CDH_B-233_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAOn7pxpkq7F3+kNsuXOcn2jAFVrciXE5
+wb89+ZpTAZrxExvkfeCIcINdoUlG/tcwNBefgJKY0BSbFt02
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C12
+PeerKey=KAS-ECC-CDH_B-233_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0025df759a20312361b9f6767efe8e8d69979e34639469a91fed9fce04f8
+
+PrivateKey=KAS-ECC-CDH_B-233_C13
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AGnJte5koaR6wFJyo8O3u
+R70Mc0ETq2ADJB7hk96hQAM+AAQAdCa/qIeP5ZsWqbjGORCh4vvGsHuplboEwxQC
+ES4AlE6WFmdssvx/oPnhuHo1h0gkPoD7YiZChGRaak0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAHQmv6iHj+WbFqm4xjkQoeL7xrB7qZW6
+BMMUAhEuAJROlhZnbLL8f6D54bh6NYdIJD6A+2ImQoRkWmpN
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C13:KAS-ECC-CDH_B-233_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAR+ZSkFswZkLjGF2ej1o++pzr3tItlXk
+dHD8zHkfAV3piINdaBLwvdcAeolZceGgb00izhMDyfVe/mR8
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C13
+PeerKey=KAS-ECC-CDH_B-233_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00437ab4a53756ff678a1f580c0fd1f33b23021d62060808453b4aabe627
+
+PrivateKey=KAS-ECC-CDH_B-233_C14
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A9FnHZyFpwSWeThmTM5ZM
+H/+851rTDd4SZPXLhtGhQAM+AAQBtEqBiV0hBfoWpuCVJsCa5/bL284hCHD04z24
+tvQAseByxiomQpdfBsaHxkZ9opXvk/BNHFSUpiRoPIA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAbRKgYldIQX6FqbglSbAmuf2y9vOIQhw
+9OM9uLb0ALHgcsYqJkKXXwbGh8ZGfaKV75PwTRxUlKYkaDyA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C14:KAS-ECC-CDH_B-233_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQUTYgruDQR4hyQ46Zsj6kkAFT+TZusX
+1hvfNaoZARNt+8hAG72g1nXKBqDP9r3UZ8CsmpeCkzAHKOfc
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C14
+PeerKey=KAS-ECC-CDH_B-233_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01ebd55823c57d1fc7b36cf1ed2051ead64db6d114014d3407186f50d957
+
+PrivateKey=KAS-ECC-CDH_B-233_C15
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AZWpHuHcrCLHZB8gj+2xF
+xl+fGPi0Pzph5sdGEeGhQAM+AAQBU8262S640g2gwceq1G0IM2y8l26Nb4OUfk9N
+ZhYByXe5el4SBcpmVF3zpSa24yXgh8DgcIOf5+we54g=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAVPNutkuuNINoMHHqtRtCDNsvJdujW+D
+lH5PTWYWAcl3uXpeEgXKZlRd86UmtuMl4IfA4HCDn+fsHueI
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C15:KAS-ECC-CDH_B-233_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEADXf/skRftcWdieiSj693Umj9F2RrRhA
+HT1Emy/vAZMXVM5c9Vehwazt/l6aewuR+BZD2oWGpoZYhfBC
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C15
+PeerKey=KAS-ECC-CDH_B-233_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=006d07f6e08b11a060ccec43b07ca7d9eaf6c3ece06f4785519284bf6f0a
+
+PrivateKey=KAS-ECC-CDH_B-233_C16
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A8U9exO+vhuQ/7OZfF/+R
+sajWG+NBbu64hPTi0U6hQAM+AAQB2fjAHpwg9hUOx2IKdeOelvkke+zhN7A2W+xU
+JUwAYAg3O54IeAUpTa2uAIlGZ/259rik0WKV5bnSGm0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdn4wB6cIPYVDsdiCnXjnpb5JHvs4Tew
+NlvsVCVMAGAINzueCHgFKU2trgCJRmf9ufa4pNFileW50hpt
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C16:KAS-ECC-CDH_B-233_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAEhFzmYbHq40wWmfG/443IfvKLiwp3cf
+82bcIdhjAQlrGVSwbqpwc+2TmAGqKXTaHWDWbpfDHfD2h2+v
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C16
+PeerKey=KAS-ECC-CDH_B-233_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00aea594f092b4052f7564b2e5651bcf43ef7e336a064d6bfb1a89cf5e51
+
+PrivateKey=KAS-ECC-CDH_B-233_C17
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AH6XL2IoUb2zPX3nfvHCG
+j9m7TIEVl2yWJw/3vF6hQAM+AAQBTSdvQoHLUKJrKeyB/O2W0OkJmUsihUM4VSVt
+WNsArEeSr2Kg3E/U7sOE+/P7uCyDR0hrwesTOLx/OrA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAU0nb0KBy1CiaynsgfztltDpCZlLIoVD
+OFUlbVjbAKxHkq9ioNxP1O7DhPvz+7gsg0dIa8HrEzi8fzqw
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C17:KAS-ECC-CDH_B-233_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAUc0GSFlyW+9t5TKseLR7xEeGiCnIF2w
+GqgDoDKiAezfw5QLfQYYzWMVRBdR9mPfdNNWSS75NLS6KyrR
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C17
+PeerKey=KAS-ECC-CDH_B-233_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0099d6d076e14ccfee15ed7e7ef384bfee12deba8c9ae8f6cca3486a1494
+
+PrivateKey=KAS-ECC-CDH_B-233_C18
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A9YaE6hSmj++4zCayZ6E0
+GcYtcmG60U5TaKmBmhihQAM+AAQAmmWoU5QHD+DloQgWTrKJzD137QhI/VfzhOYs
+qiAA5/VvLCe+T66yDidMJgTG3C2IWXAwrSFk+tA8uQQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJplqFOUBw/g5aEIFk6yicw9d+0ISP1X
+84TmLKogAOf1bywnvk+usg4nTCYExtwtiFlwMK0hZPrQPLkE
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C18:KAS-ECC-CDH_B-233_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAH4fMlHioKpt4fjfhrhe2dEdpetxNq3U
+XqfSXIZ8ANligeB1benapV0u9lc7sv4t0Jtx2RGRpaBDuuDz
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C18
+PeerKey=KAS-ECC-CDH_B-233_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01b1e977c43afd203132c085b95db0e2046a4b6ac2c046ee9ad665050578
+
+PrivateKey=KAS-ECC-CDH_B-233_C19
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4A7vskeJsytDbOOWIsEUw5
+ps0eWOyUQ8iHDl7i+AGhQAM+AAQBP7HKntcJuzhvugLMeGL9bGThCHvl9h6nM5Rs
+FjQBy0CX5EpzBwDev+gUP7+byjo9bEaYWifNUEOyylo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAT+xyp7XCbs4b7oCzHhi/Wxk4Qh75fYe
+pzOUbBY0ActAl+RKcwcA3r/oFD+/m8o6PWxGmFonzVBDsspa
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C19:KAS-ECC-CDH_B-233_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAL4e51DycSsqyyDEXpc1fFDbO+iVsz+D
+DHG8n089AV/sgQzbF5/NHOjk3BokmeQN6KSkmpQg8A5WEQz0
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C19
+PeerKey=KAS-ECC-CDH_B-233_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=000e4cb704355cba1b40cee3da102cb048519a91b4c789b3757cfdd933aa
+
+PrivateKey=KAS-ECC-CDH_B-233_C20
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AF1JNUGYWvSBcs5eLx146
+NHYjPkm23CBvlxFpdVehQAM+AAQBUKFzJ4Ree8edjs4Skw3Ct3ZUyqEIK1ewz44F
+sawAFRx2gi2N9e/9jGlDOVtqjVOEMdQuhG6f+N5+ruY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAVChcyeEXnvHnY7OEpMNwrd2VMqhCCtX
+sM+OBbGsABUcdoItjfXv/YxpQzlbao1ThDHULoRun/jefq7m
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C20:KAS-ECC-CDH_B-233_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAVwuLOC8cizqTLx8M1LL4NKLWwAuRNk3
+BYldeRr8AU9haYOtCOdFMVxHZ7CuIab9imKcJYznrvpMF6jg
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C20
+PeerKey=KAS-ECC-CDH_B-233_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00d8c13bc5e819c6101daef3f6fb5be6bccecf233c4b7fc65054e8e8d3bc
+
+PrivateKey=KAS-ECC-CDH_B-233_C21
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AprBdMKcD8ReagPioZLNM
+oVxFPoKAihCV5DXpusuhQAM+AAQAk7MlIlH9nW2cgdeM8fE0zdVU1jwqHi8a+hTi
+1OQAiusKirP/Xk+wI/fhkX8BCIkK8Rq8p9oCf62sw7Q=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJOzJSJR/Z1tnIHXjPHxNM3VVNY8Kh4v
+GvoU4tTkAIrrCoqz/15PsCP34ZF/AQiJCvEavKfaAn+trMO0
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C21:KAS-ECC-CDH_B-233_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEALr6m7qScl7vDEoK/L1CY+VfUVVkW1xY
+qWvD6ellANGz0ONdYX4J4HjFcaX0HqIt/REtZ6lNjfu6Zump
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C21
+PeerKey=KAS-ECC-CDH_B-233_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0129af50fa085133771753f297a313bba0d2f5882e7634b7ef5adce760ff
+
+PrivateKey=KAS-ECC-CDH_B-233_C22
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AFo0JgJ659qzzETTrXrGv
+lm4hK5tr5oz9IkAUJemhQAM+AAQBcQoF8CtVBXKVFrGsc9RfPPCPHFE00vc9ElcC
+Q8kBhhGxDatQdYPyvhD9Qpb1N9SvCVdvlpefHq3+KRw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAXEKBfArVQVylRaxrHPUXzzwjxxRNNL3
+PRJXAkPJAYYRsQ2rUHWD8r4Q/UKW9TfUrwlXb5aXnx6t/ikc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C22:KAS-ECC-CDH_B-233_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAHmL9at2G7as/tDO8c1xs+9G8lBDI8r8
+QIFZLdb2AWJ3rrPhysASGwfZN4o6DLxlZ7SEI5KeNtyFXp0a
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C22
+PeerKey=KAS-ECC-CDH_B-233_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0077c4ea1095fadc4cb4190a3fd530c7d15325e5d79b8e8a2b708e2344cf
+
+PrivateKey=KAS-ECC-CDH_B-233_C23
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AOCT3HsMlW70DZC14LMZ5
+Th5Uqo+l8qMx7hP3hFChQAM+AAQBpONajDJxfyqqPu7xd4SOWA4P7WyAloaPasxO
+HAkBNydgToHTqdk9JD/nni24pEIzSo6hhSufg8rhvD4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAaTjWowycX8qqj7u8XeEjlgOD+1sgJaG
+j2rMThwJATcnYE6B06nZPSQ/554tuKRCM0qOoYUrn4PK4bw+
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C23:KAS-ECC-CDH_B-233_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAV9yPamjjC2lBiwX0Lg3Ui98aceT95wX
++2ll1EoDATKxd2CsLiu5+BPtd5DFzTqg04q2Ti4nLd9KTCwa
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C23
+PeerKey=KAS-ECC-CDH_B-233_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00d9eb3c79cf442595dad03ed4a38daf358b97d5dfc01cb61ff200a47958
+
+PrivateKey=KAS-ECC-CDH_B-233_C24
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AkK3Asgfa44FiLPkuBLzn
+R5GA7G4XcWYvXDF5vZmhQAM+AAQBBq2/m7/bMINZin9tsukdLnwXT3BfwhZjG30F
+7fIBkNhMpvRpX9vKQNJqdJmKBcPXYdvwiYG2RcDqI54=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-233_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQatv5u/2zCDWYp/bbLpHS58F09wX8IW
+Yxt9Be3yAZDYTKb0aV/bykDSanSZigXD12Hb8ImBtkXA6iOe
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-233_C24:KAS-ECC-CDH_B-233_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-233_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAFG3C7i44jQbhoIdVLl0tpa9pEOst+pl
+ll0n0qxwAMd4Tu+InEccnSaz4N4krStL+Lu6b+GPUaQSGIBY
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-233_C24
+PeerKey=KAS-ECC-CDH_B-233_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0124c19cffc0b9549bfa378a548e8ce11ee7fca28d2d898de49ae1f2ff61
+
+PrivateKey=KAS-ECC-CDH_B-283_C0
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAvQ0VYQiRqLMjsBo6dbG
+5BYPa6Tjtdgx2Twdqo/T1almDHuxoUwDSgAEBWHklVYwGBaYBNTI4kNbSv2F2jdt
+kUtp05JG+OBhE6oy5kLSB4Gn9Z3n9C9fnWw0gfM/xd6zV8bs9MdY43DSQ13j2O5z
+dwP0
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBWHklVYwGBaYBNTI4kNbSv2F2jdtkUtp
+05JG+OBhE6oy5kLSB4Gn9Z3n9C9fnWw0gfM/xd6zV8bs9MdY43DSQ13j2O5zdwP0
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C0:KAS-ECC-CDH_B-283_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAlBOGheBnTnwEKSmmgVoKZQCtY+USjhM
+fRpiyck+pNH/MA4TAmUTL3tMZLdLkXntDy4hH0Mo1iVAUCL1VBcNqTK4D998GqsS
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C0
+PeerKey=KAS-ECC-CDH_B-283_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=065194e26090e74047ee75f13f9769d20e1b52189650011e283daa090732cc53755dc366
+
+PrivateKey=KAS-ECC-CDH_B-283_C1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkArlB5pLgqYTF/6iDyfn4
+JWpDqx/RrZeCpC5CmpTpEOSCuRwjoUwDSgAEB7kK8Ra3N9kAjkwY9q1TnSnuF5AA
+ih2vLoVvpnLspKr8lspjBqr3jQ8gZXt3uXzKMOq3m2eaOqqQsQkH+XnN6YjOcYSR
+AQwq
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEB7kK8Ra3N9kAjkwY9q1TnSnuF5AAih2v
+LoVvpnLspKr8lspjBqr3jQ8gZXt3uXzKMOq3m2eaOqqQsQkH+XnN6YjOcYSRAQwq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C1:KAS-ECC-CDH_B-283_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAWI6lnXoxANm4mEx5Hsa8GyLM6z16S9U
+ZEgW3LhEOCyUTMIfAp0oD01MDF/XD34kCVlQEovqPK48pG9qX3C3Of4amQJogE44
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C1
+PeerKey=KAS-ECC-CDH_B-283_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=075c535cc70de19c92d7314afa2f33200903431f6990ad40ac31dadaf4e492a799b75b05
+
+PrivateKey=KAS-ECC-CDH_B-283_C2
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAofeFyulDzJ7/H1ajAFW
+0lofC59x04mFLy47WHQGy3TvO9BBoUwDSgAEAKA0kHZfyQwjVTwOK3nfojK1GnPy
+FVTl6xjaTJlNkl+O0rvvAwT/1BxbCrKnC4IYjo8VeNarfTzjzjT6RdzDIgfxY+kc
+XWgU
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAKA0kHZfyQwjVTwOK3nfojK1GnPyFVTl
+6xjaTJlNkl+O0rvvAwT/1BxbCrKnC4IYjo8VeNarfTzjzjT6RdzDIgfxY+kcXWgU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C2:KAS-ECC-CDH_B-283_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEB7g2lyhDL3Uo0+7IpniOac0uuIFixHUS
+dC7g8CfMtBV6KKIjBZhut/EJqh+FVuuivciOSRO2Xv+5ROrmOWNsun4B3DcYvLNh
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C2
+PeerKey=KAS-ECC-CDH_B-283_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02956f63d48a49a330e2068955cc2886dbfd5bf72a81b10ed83f2d758dd315eca172927d
+
+PrivateKey=KAS-ECC-CDH_B-283_C3
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAVO7uKPOShuZlg9WGGq1
+Agf1iPMMlL7vKECEI7pE/IdfrzjYoUwDSgAEBPLCRUiZYjrxO2WCCroUVzhAf3cY
+arr6UtJLNb/fWAj/6uB2ARH0SEYK0kMKrseI3ikVSEdaHlg22sUg2OSTyfYBJ15w
+6inS
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBPLCRUiZYjrxO2WCCroUVzhAf3cYarr6
+UtJLNb/fWAj/6uB2ARH0SEYK0kMKrseI3ikVSEdaHlg22sUg2OSTyfYBJ15w6inS
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C3:KAS-ECC-CDH_B-283_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBzsJKipNfJoXu4jnW0Cp5OQ7mYE89haC
+1JuSkFwt1gZ5Cu05BWatRSotjvCjJ86OKFYUb+yvCeRDHMwEJWoHf2BwHORHa22s
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C3
+PeerKey=KAS-ECC-CDH_B-283_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=068a3f6938c44b797524377508585842c6a7f1af5ffe9131dd3ff786ae56e1739345d3d7
+
+PrivateKey=KAS-ECC-CDH_B-283_C4
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAyrA3LmqOXJAH59YhF7X
+Zdo2t9b3c1V3m/skOYJ/81VqdXgcoUwDSgAEBxWchrnGrbIWDCjYYRj4RWSpDBSe
+3igylGNnekyHcp+JfC+YAIp4Fn4WkGJZkrDvwuDvb21h6Bg3yOzf2rUdFTQON+fY
+0FEg
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBxWchrnGrbIWDCjYYRj4RWSpDBSe3igy
+lGNnekyHcp+JfC+YAIp4Fn4WkGJZkrDvwuDvb21h6Bg3yOzf2rUdFTQON+fY0FEg
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C4:KAS-ECC-CDH_B-283_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBFXoe8Iwzn/FhjEt0gfFKeR+PHTMDOXQ
+c/v0sclX+Mu9kRO8Ah/79i+yUx2znvLQvc4NnBQckunNymJ8qjm1k/xKAhDo7kgf
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C4
+PeerKey=KAS-ECC-CDH_B-283_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=019b48d5eeaeb05b58801ae8f345ad9bacb91daac885e506949b849ebc67bcbfa308aab7
+
+PrivateKey=KAS-ECC-CDH_B-283_C5
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAmib8hR10y/nGnNV79mn
+eHyqlUXr64U+UYTOQhUkKQUfQMvEoUwDSgAEANflvPrFePzXKBgGRRdtfgiLaNMw
+ognxi5aGYv7RY0KzkhogBvdQs7XpjgCZtpWWWqHRZHXRB0+SMRJ+1wPiaW1LVq/e
+u86q
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEANflvPrFePzXKBgGRRdtfgiLaNMwognx
+i5aGYv7RY0KzkhogBvdQs7XpjgCZtpWWWqHRZHXRB0+SMRJ+1wPiaW1LVq/eu86q
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C5:KAS-ECC-CDH_B-283_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBlLMyJIfQ5r0KiMBI2tYQ6QvH9mez+G0
+E0w94BTNx2A1NHzAAzQdgHSfGl7J96xiUjhP79OLbyu83Bj+vobBYPXnjAA/Bm4G
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C5
+PeerKey=KAS-ECC-CDH_B-283_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=061b3bef1766460f6296ed47d39ebf5a710d202d2b7e7cac0f0d3b235405eece99aa30d7
+
+PrivateKey=KAS-ECC-CDH_B-283_C6
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAQUgQpiN3fRw0KLjb/9b
+k+xp9NJAqON8BkzE1ZlGe6J688nxoUwDSgAEAMfJ/3fgGLiAG934hnAlVrEmptmh
+gxofYPNYcuUkwTTVU+SkADXXZ7WLSZ2ftUViw4MEEa9Z5wiKSjMz1dx/5bD38eHF
+46wr
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAMfJ/3fgGLiAG934hnAlVrEmptmhgxof
+YPNYcuUkwTTVU+SkADXXZ7WLSZ2ftUViw4MEEa9Z5wiKSjMz1dx/5bD38eHF46wr
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C6:KAS-ECC-CDH_B-283_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBiMxuTOvtDhPo6TSJFUa6BILxV/H6nPy
+vnSeIXr8ThunnnYPAr9RxE+DYcMFTK1kD5JEb+OCCwY89LsiyhfAonT9RvUFBPvs
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C6
+PeerKey=KAS-ECC-CDH_B-283_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=055d579458860a3dd92ac6570847632f04460755c22a4c432cf4dde9611d2ce1608ca185
+
+PrivateKey=KAS-ECC-CDH_B-283_C7
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkA7ua1fpVLTjRp3y1U8Yx
+4tCUDbawTwvXAR6nNb5Q0EXampwdoUwDSgAEBocHGAXCWn0LFzn3z2gbLylcT52J
+NzUdIdHUP2NOmlcQW/EnBjO6IYcuN5xQ5Eg3KxwOZehdB+3XEtfcBvppopn2A33s
+5mDc
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBocHGAXCWn0LFzn3z2gbLylcT52JNzUd
+IdHUP2NOmlcQW/EnBjO6IYcuN5xQ5Eg3KxwOZehdB+3XEtfcBvppopn2A33s5mDc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C7:KAS-ECC-CDH_B-283_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAh6C1q9tMhGYF2/4mGwrx4agCBMmzIXw
+JrcbMqwGwLrmtMuiAelzP6nSmWEmlCDbJO3A1a4oXXjJrhSzixAZ8TZS8ZAnfcR/
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C7
+PeerKey=KAS-ECC-CDH_B-283_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=054fa7c6c84fb89e5892d9194540860ea31ae2b6e37a86971344230ea512a3f6c0569216
+
+PrivateKey=KAS-ECC-CDH_B-283_C8
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkATOqRF3IDX1aCX0doR1R
+DmVxp4O0+yNUAnF9aLqP0UVOazGfoUwDSgAEAtJuRqbtn88dL4nGPYDgFy3ttPWu
+3f8JKDaqyFmQlIhVV+rZB9ZxOXRwHBYK7eyPlOZEa/fTx5DL/4cCzHhAp4GOW2Ji
+cfcj
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAtJuRqbtn88dL4nGPYDgFy3ttPWu3f8J
+KDaqyFmQlIhVV+rZB9ZxOXRwHBYK7eyPlOZEa/fTx5DL/4cCzHhAp4GOW2Jicfcj
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C8:KAS-ECC-CDH_B-283_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBF1i0B217xc9DP8xWpKpoQXRrXhP+bCO
+ch81gOBiZf9TihlLBrdkwf92mFSWuURRt1bE8w/fxjjYmQMSu+zL+9c+jFqFWtt1
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C8
+PeerKey=KAS-ECC-CDH_B-283_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0353ff03afda3772984aadc4000e1275656607154b06c3a59c664945fa6fde1c255ffa86
+
+PrivateKey=KAS-ECC-CDH_B-283_C9
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAEZh8QeptXAEXduwc4q2
+mxwXqazBHaXax/2GSz38NqJSgtaqoUwDSgAEBhurvv7lIRxJF1Bs5fn549HlKyUG
+84ygluG2U8qftp9GEFcCABS/0u8ii1oD4mIwweiXrQgacEATzuVRZspG3jlfxS9d
+ISA6
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBhurvv7lIRxJF1Bs5fn549HlKyUG84yg
+luG2U8qftp9GEFcCABS/0u8ii1oD4mIwweiXrQgacEATzuVRZspG3jlfxS9dISA6
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C9:KAS-ECC-CDH_B-283_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBKVhtRhK3tnHvZho8wQ7Xi3lGQj5wD1e
+awijCIvMUO4yA+JjBYFbV5/13sb6yXe6cIizM79MAjHaAhh07gDXH+JdP01QpXrD
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C9
+PeerKey=KAS-ECC-CDH_B-283_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=050795ba093d2e02398c358951f20c9e3b4f60628a96a4d0c46cb8fc0005e5331b38a09a
+
+PrivateKey=KAS-ECC-CDH_B-283_C10
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkADa9IfhKudtvS93JRjXx
+n4CssoE9pTmeB3eDLC/r3HGGKr4zoUwDSgAEBo7jJFdU1R33eABGrzmstAfEmYxi
+C/+U+zdPr0tJgAbuoM+IA2akSfCez7rsxJ2IAwf1ckbBHFvqAK9CcYZ3qN7xXlkm
+2hgi
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBo7jJFdU1R33eABGrzmstAfEmYxiC/+U
++zdPr0tJgAbuoM+IA2akSfCez7rsxJ2IAwf1ckbBHFvqAK9CcYZ3qN7xXlkm2hgi
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C10:KAS-ECC-CDH_B-283_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAdfXU2zYOD4cCxuKrgK6qf0sTmiyGAjB
+dU0LFRNhFX+BJFkwBzA02kFnl9qVo4Nu7yex+icfWaQ0hI6YC60v3VP/0eNm/2kX
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C10
+PeerKey=KAS-ECC-CDH_B-283_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02ab08d63cdb4be2502558e67eab27570f2d029e7f981d153b973080585d01e42f7187d9
+
+PrivateKey=KAS-ECC-CDH_B-283_C11
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAWWXrm5J550GkDSXKmNS
+Wjw+LSwlO54d0/N4FoEs9UrWXFRqoUwDSgAEBQ6gc1ItvlFAj4Xwpghr1Mjv5XL4
+Cq2t1+cOu0tyi/2/1PG8B9pSABfHrSkWonGbhViVj3fHEtNSz/nArZn7yYoOBl63
+rH/r
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBQ6gc1ItvlFAj4Xwpghr1Mjv5XL4Cq2t
+1+cOu0tyi/2/1PG8B9pSABfHrSkWonGbhViVj3fHEtNSz/nArZn7yYoOBl63rH/r
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C11:KAS-ECC-CDH_B-283_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAgQvWj/l49MzW7e8253L2HFu0Y1/wv9C
+l7wf63zKMQAi4iE9B767bA4EbVr9v6h+qYyn9V6c27BV0MxUm0RY1pmL27NFF3OI
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C11
+PeerKey=KAS-ECC-CDH_B-283_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0599757e3ffeb484b32d3b47828b6823d46786d35477082ceacf3a5a11552394fe58f53b
+
+PrivateKey=KAS-ECC-CDH_B-283_C12
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAV6oVnx7grSD+jZejmgc
+CmNfVjocgUcLTf5E8ZT6ket4QhgeoUwDSgAEB6/isitU/olcJCwgwFSYn6gE5ZGX
+DdqKfOEJ1r0xttqo8vx0BgczvVpOqbXqcJCs/ukYEGt/JScvP3yzbto4us0hN1YQ
+zeko
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEB6/isitU/olcJCwgwFSYn6gE5ZGXDdqK
+fOEJ1r0xttqo8vx0BgczvVpOqbXqcJCs/ukYEGt/JScvP3yzbto4us0hN1YQzeko
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C12:KAS-ECC-CDH_B-283_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBnr994j49IMcPH12BNB6W9xZ2kLZMnMf
+r16vB1MoCWaraTeQABs50dhytl4xJRwfWE5P4+111TrZDoNv6QyNuU/nfO8LynIE
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C12
+PeerKey=KAS-ECC-CDH_B-283_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005e331af55e96153d8a7b906a4a19016a26381977b49f80b9d70db099053c6a3b8e80d5
+
+PrivateKey=KAS-ECC-CDH_B-283_C13
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACkR2TjZUIrsy5h34SfR
+sUYaza7QNfIOD3RMd08ccnA7XEtJoUwDSgAEA4a/3+YDc74RS0F8Tc60QyI/3mfA
+/vKe0PhntaFfXqDMtNzKAvrDjshJTPdXYjPsgoLeOEtn8MqASAhCAQOdGUyL2k9u
+Cv8+
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA4a/3+YDc74RS0F8Tc60QyI/3mfA/vKe
+0PhntaFfXqDMtNzKAvrDjshJTPdXYjPsgoLeOEtn8MqASAhCAQOdGUyL2k9uCv8+
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C13:KAS-ECC-CDH_B-283_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAYhmpPovfCU05WOikd6HGoswUqZ09dvC
+O53qDozv2garwyyPBY3Ezxv5hdG1ZpcIR8umuKT0DH5ipYCLByC7uM3ztFMeOAvn
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C13
+PeerKey=KAS-ECC-CDH_B-283_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07e132ea71a16c7cc261b9d6ff6fc52cc490da616b07d92f9e591fc1e630d3442572338f
+
+PrivateKey=KAS-ECC-CDH_B-283_C14
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAWYvVUhWwCCKMbGVFI+C
+jgtckqTqTAMySL6/lXtYa0Ce1ZhQoUwDSgAEBwVSZMPeOmItJv561wC96gRdSzzn
+GPTmrkTPN2w6lqJlCzIhAPRcwROGaK3IFQ03wHK7QkVmDBh4VoPHsXqh+4WRumza
+I2V6
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBwVSZMPeOmItJv561wC96gRdSzznGPTm
+rkTPN2w6lqJlCzIhAPRcwROGaK3IFQ03wHK7QkVmDBh4VoPHsXqh+4WRumzaI2V6
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C14:KAS-ECC-CDH_B-283_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAVx177wVgiRcvE0I6WFq5efS49351LA
+QsDGUmO0dpgeXzFXBEvKaT6dOxp/pq1C2382saZXEtCe87txXiZAoYL0NmIGhsCk
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C14
+PeerKey=KAS-ECC-CDH_B-283_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=010f26817098ce1bbd6743784d6fb65e60699c14933a2c8d854027aa58b58db9e66a53a7
+
+PrivateKey=KAS-ECC-CDH_B-283_C15
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkASwBAKmWPuF9es9N344C
+2K5187mRFPU2avtKAK3po8DuOaiHoUwDSgAEB3lPoZxrENOZ4PUtNvSDx4UYSOYr
+rPlbWvUeygmtRF7hnvNNBhQNLuFs0KbLGWBQmnzMZkvpdkSpWuFvShc9moZwFfCD
+fwVg
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEB3lPoZxrENOZ4PUtNvSDx4UYSOYrrPlb
+WvUeygmtRF7hnvNNBhQNLuFs0KbLGWBQmnzMZkvpdkSpWuFvShc9moZwFfCDfwVg
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C15:KAS-ECC-CDH_B-283_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAW60u7PDhuD0L7A3vuR4xMDb++Vcxo4z
+/bApueXnJK/0/Yv2AlFDL4RWikSXHoarcV04eeYU4Qclc174+2ZS0HnHkI8RvR8B
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C15
+PeerKey=KAS-ECC-CDH_B-283_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00bdd8ccd1b40c5bc2efc1c105999350fefaf784710914ff639582f1277678699491140c
+
+PrivateKey=KAS-ECC-CDH_B-283_C16
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkA0XCdrBezp58hoEfjIr0
+iyLbQdQGYnUAlhG4gNfSzvMpxQ6CoUwDSgAEAHr//PoxwRCqs7s5RTCkHEFq9Wa/
+uo8Vn5hEN+eZ3dqvjN/SBl+zxoRGp0BourfjargOmEcH45pKFD9aRtZGNC+fEvJq
+Mikb
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHr//PoxwRCqs7s5RTCkHEFq9Wa/uo8V
+n5hEN+eZ3dqvjN/SBl+zxoRGp0BourfjargOmEcH45pKFD9aRtZGNC+fEvJqMikb
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C16:KAS-ECC-CDH_B-283_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAkF8ZWlNhQx8hm9+EWOaX4cYypqrs5L6
+hhDi1dfdozdaYH+bBRM5ONyZFE0W6nUlw/5OMuMg7QdbllJ+E7KpnJ8nrenvnty2
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C16
+PeerKey=KAS-ECC-CDH_B-283_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=014a83e747c90aec6101c0a752d92eef7475b00051ecad3d7c2e50cf4eba1ef3c80b8c94
+
+PrivateKey=KAS-ECC-CDH_B-283_C17
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkA6/Vr/o0a1JZaX2SF5Uq
+/NA93+wEYxvZlcEKwlg7DKjSRh9doUwDSgAEBrTCw2FbJmVD3hiciWz/d7VVfHgs
+IVlhrHMkGF/JqBCY8uvqBH/vGWBzmuCu45o//bguiQ1CNvwi2tOV1JC8Ol7qWOjN
+A+27
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBrTCw2FbJmVD3hiciWz/d7VVfHgsIVlh
+rHMkGF/JqBCY8uvqBH/vGWBzmuCu45o//bguiQ1CNvwi2tOV1JC8Ol7qWOjNA+27
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C17:KAS-ECC-CDH_B-283_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAMXWFJ+HF0ujf0wcb2f2kFq7MZ9Sa3qh
+vh3SBd+TCrHJG7H4AMLiHhIGzUu1tiKr6Xyj8lLLxo0FSnf466utWT+xhjMGkov3
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C17
+PeerKey=KAS-ECC-CDH_B-283_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00afd29e352779a39021536ea50c24fa264c599f8f8fe8f2ccf0615a6547a064d7c1a150
+
+PrivateKey=KAS-ECC-CDH_B-283_C18
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkA9V3H4SFw7i+YqVvOTZR
+PjtjGlYalCYT35UUD0cyFN9hfExOoUwDSgAEBZBsxFKbIgIo77sFRb9V7APIb4fi
+9OOjy/QE4HtzpbGl9SjNAWWI5IDEhWzS7pqvHjAoEvvAsz9SfCm3fOD0h46gidAl
+pEDA
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBZBsxFKbIgIo77sFRb9V7APIb4fi9OOj
+y/QE4HtzpbGl9SjNAWWI5IDEhWzS7pqvHjAoEvvAsz9SfCm3fOD0h46gidAlpEDA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C18:KAS-ECC-CDH_B-283_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAXMETlvmOZfXkl5DG78ATPDwuoWqKVo0
+Ho9YV6EgvonXdlPpBzfMBJaQ+XCCSnsMICJDloLJ2C9PI+SOXwf+qWJnyjvU1zCl
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C18
+PeerKey=KAS-ECC-CDH_B-283_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0477990f17d65589289c28e54a56a83bc05ef4ea6863c5ebe840925c9fbef64ccd6e69a4
+
+PrivateKey=KAS-ECC-CDH_B-283_C19
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAOLAxgL7EyOZ7p8xAINl
+6iLMEmD3n+OuYQibim+kVZyska7IoUwDSgAEBubjGMDEwLZh39PnIgkOzTL9yco9
+Fo2ccXTB1Arbss5nLZJSBAvcHbx7Fj98lVH0faqClKwtxP4NRyxOLyz+/JXVI/9Z
+4OiA
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBubjGMDEwLZh39PnIgkOzTL9yco9Fo2c
+cXTB1Arbss5nLZJSBAvcHbx7Fj98lVH0faqClKwtxP4NRyxOLyz+/JXVI/9Z4OiA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C19:KAS-ECC-CDH_B-283_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBoWH5p3t30tVrFHyoX3Yv9b5TnIQAyFC
+Fb+ySySCgedaPGWUBE7unHArxMHiEMfMIUUkWSVorA+f1n1uoCtNw++0LPuyJj2s
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C19
+PeerKey=KAS-ECC-CDH_B-283_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=067a661346fe052ca27f3f03e75bbdfc8fe6d0d85c62c8f79525252aa241ae9de97d56c3
+
+PrivateKey=KAS-ECC-CDH_B-283_C20
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAy1XP964Wk2iKXiWYxQU
+UY1LoH3E3XL3MXKIkNC0TTbyMJwOoUwDSgAEBvb/6gqHvZ7rU5xIo/y/OIFZhiJZ
+x/eEDmSAn77bAag4EsDGB8eVuPKEf8OfpWwt4ebLv0lFCHyy47kZ3HdrTMHIPksc
+ebi6
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBvb/6gqHvZ7rU5xIo/y/OIFZhiJZx/eE
+DmSAn77bAag4EsDGB8eVuPKEf8OfpWwt4ebLv0lFCHyy47kZ3HdrTMHIPkscebi6
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C20:KAS-ECC-CDH_B-283_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA/EibYAsV1+HGiE7gVD3gYu9YlZjtz5y
+CnN/BxiWCG2gsUzZB9HLDOGcmKY6r3sxTx9XIOMohwUzhKwPXrabbEcajj09Fudv
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C20
+PeerKey=KAS-ECC-CDH_B-283_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06476b0620eef165941a4507e6d798d6f150ab29333c0552281b629170d3291b2f9b3f41
+
+PrivateKey=KAS-ECC-CDH_B-283_C21
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAKaqy13T6DWBT0UtggfR
+WlM2OPcOlPh8Bhlu/4g41I7tLiZ0oUwDSgAEAt0Ak6jUGYMfNLrGxgpXDFHQjmmb
+GByWS2Z9DRftcqSRGazZAakZdr5dXgN/IjUNZ6t7+rUbvE+mAm00fSj7RAe8zEDd
+EKAO
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAt0Ak6jUGYMfNLrGxgpXDFHQjmmbGByW
+S2Z9DRftcqSRGazZAakZdr5dXgN/IjUNZ6t7+rUbvE+mAm00fSj7RAe8zEDdEKAO
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C21:KAS-ECC-CDH_B-283_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAqkR5+bS/HcNHqvH33AbsRkISmhZANIt
+UtWY/h0o/IkbMbSHAbjcZxPKRT6RsuxOTR+DSwjuvH6IhsOkWOcJJSQsSyK/CyBT
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C21
+PeerKey=KAS-ECC-CDH_B-283_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0746719f2ad08f8a8d6d6fbf15723f336285ce75d3a2fcbd5a0c54c577517a22bc264161
+
+PrivateKey=KAS-ECC-CDH_B-283_C22
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkABEvsqtWRDdlZ2oeQbPL
+kesaZ5DpZO6QDPySlWNrpMb6h6rSoUwDSgAEA/UH2ZzCSY4sf1T7PJwDLzglSOLj
+Fo+hQBJaUmBIVo87s+WhBScN9378fWxV+SWbyCJzyba982duE8NgGxswIrli3hEp
+yzsU
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA/UH2ZzCSY4sf1T7PJwDLzglSOLjFo+h
+QBJaUmBIVo87s+WhBScN9378fWxV+SWbyCJzyba982duE8NgGxswIrli3hEpyzsU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C22:KAS-ECC-CDH_B-283_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEB1QapR1zAuK7VXwn7BXX+cOuO3bsL4bL
+lejerX+ga1eDl/HxAX6iL2tUdPD18PTq1UFyBkBRU40+IypTDfyl8qDcZ3Rsi7Ha
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C22
+PeerKey=KAS-ECC-CDH_B-283_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03cda4b5f44b5d3dc248310f994419fbcbd665115d1876046652251ad4aeeb1dcf184288
+
+PrivateKey=KAS-ECC-CDH_B-283_C23
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkA+TxxPMOKo1v1Vn3/ogg
+6IaUneh8AdjrZMe0DxVIy2F6kmAzoUwDSgAEBeP8VuwWKIXBKR5K6cGcjrK7VZ63
+7NWBdUm1ouo6ZtlRiAqmBMAE8q5NtPdItDe8EV4G6iAXqHeYKY3WAEYW/P/cx+wt
+/W25
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBeP8VuwWKIXBKR5K6cGcjrK7VZ637NWB
+dUm1ouo6ZtlRiAqmBMAE8q5NtPdItDe8EV4G6iAXqHeYKY3WAEYW/P/cx+wt/W25
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C23:KAS-ECC-CDH_B-283_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAh+xTlLNQkOlIPYwIpsd1pYcSb2W9D+p
+yuN63YTaeuctwweOAN1ji/kFP61qpP8tMwuKSiC/4wIPQLlpIwLQsKPC2HeFbsRq
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C23
+PeerKey=KAS-ECC-CDH_B-283_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=015c892f95768a96ab5a4f9523b7fd466e101f63b88ad8f1fecb3027cd70aa00735dcc90
+
+PrivateKey=KAS-ECC-CDH_B-283_C24
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAK5+s9QDVPn4/tGPIWLe
+44FWyuBTW1U3DaNjjwFmiuz5cIvmoUwDSgAEBh6IWONo2ckX8SnZMt3EzKUh/0Gf
+HXQjDoqlsbPpzmf0HEtMArDX+9xjajvDS73SqJKRtWew+yrzI4OGi9QNS6TKyYgM
+JUC4
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-283_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBh6IWONo2ckX8SnZMt3EzKUh/0GfHXQj
+DoqlsbPpzmf0HEtMArDX+9xjajvDS73SqJKRtWew+yrzI4OGi9QNS6TKyYgMJUC4
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-283_C24:KAS-ECC-CDH_B-283_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-283_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEANCO04VqvvfUpiJDyS1uZwzrOvMjV/25
+05wZF1oQ0curNs54BdufrX/Ir+eci5zkjmL/oNRrgFqeWCHidhwlwO26krEgsGPy
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-283_C24
+PeerKey=KAS-ECC-CDH_B-283_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01adf5a96358e18d69fd383b4dc7b20dd646b68a5c9f1417bcf426240ca22b8f32bdf1a4
+
+PrivateKey=KAS-ECC-CDH_B-409_C0
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQArOkhA//iYqwXrUKk
+bUNm9MtMWA7/OrHd5r3f27c3SBHVKx+pkyC0r11OkgjBTrjvqJFsoWwDagAEAE68
+TUrPm0BNq8OvPoy+qLiLMpmdPst/NnsS6zpigLhAA44iaBY3p9FkNuAU9pYWq/cu
+RQCeJBCVQcgCQhfpqyyWP6njc2QAlabCWibu+sWOQ0LAyFRIsnCVkqEkAv4raKeT
+xVjOjNY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAE68TUrPm0BNq8OvPoy+qLiLMpmdPst/
+NnsS6zpigLhAA44iaBY3p9FkNuAU9pYWq/cuRQCeJBCVQcgCQhfpqyyWP6njc2QA
+labCWibu+sWOQ0LAyFRIsnCVkqEkAv4raKeTxVjOjNY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C0:KAS-ECC-CDH_B-409_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAUaYmlApe+Nz3WZcRUVaKuTCIdpc1CQA
+e9l/no6Eb5Z0Dz+ljDyUEpZxzdTX6mUKKq3p1wG0K//ahDlGoUrWCA+VuPxrfhc1
+KNCO02/mQKr4WqAPte3VkFo4s8eWG3cit3uNy0S7JfU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C0
+PeerKey=KAS-ECC-CDH_B-409_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01d48a586be9285fa38dd3e70b0330b0ffebd327ceefef88fdc1521ef2fd61cbc9124e03b0c926e70fa56acb3edb54c3c48fab2b
+
+PrivateKey=KAS-ECC-CDH_B-409_C1
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAP/IvfXwEmYmkPg6j
+9dYXmBWcF4qnktedH/6/+Ntw7h/eBApLXx7TP7P/I8ROfGshsGI7oWwDagAEAdXJ
+Jg5z6jbk3qqkuPRUH2eAZraQdxqG8NrcWA/biVmB5t0C3SZO2fnBdjvVSmBSotPb
+pwEacGgmNl7OKOOLM2ILygFtLZM4UY39aGg3BHbay0HjuUdGV2nr6BtiBzFnNXb3
+dFHQ/hQ=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAdXJJg5z6jbk3qqkuPRUH2eAZraQdxqG
+8NrcWA/biVmB5t0C3SZO2fnBdjvVSmBSotPbpwEacGgmNl7OKOOLM2ILygFtLZM4
+UY39aGg3BHbay0HjuUdGV2nr6BtiBzFnNXb3dFHQ/hQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C1:KAS-ECC-CDH_B-409_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAX6fAbHW5XAjKDMNIyod0/LFksxAn2yu
+8HCEQIN/NZdRDxEZVKpR5WRsz0fv8fB6T4rhywA3FPbqH9FDznUeLYW69UxVI5dh
+CO1IL9auEDdDExynFgJrFqHkliMfmRzcj220R/X5X44=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C1
+PeerKey=KAS-ECC-CDH_B-409_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01856c92b46d671d8a7f6cc468efb60a61093d006c95bb931c1fccc336d4a8490fe17fe163c972bac39fe728f24534a0c34d2d21
+
+PrivateKey=KAS-ECC-CDH_B-409_C2
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAlt4sOSnECF+cwdN3
+jC2/Pbfw9357p7vE5AjH1l4si4iwdV8WC621JOdpfFDmDI2Z5W2koWwDagAEAZxH
+15kUyL2udU7F7B6ByP8ympOOaXHu48lFxOv0ieFLFeYTVhbImMgLewa4r2cGHHaa
+tQAAiAIrT7DnVOxPq4z0/GNiVUJnVfqZtWgFwV6sBDJRVdzL+kFF4WHEDxib26o9
+0+DD1sk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAZxH15kUyL2udU7F7B6ByP8ympOOaXHu
+48lFxOv0ieFLFeYTVhbImMgLewa4r2cGHHaatQAAiAIrT7DnVOxPq4z0/GNiVUJn
+VfqZtWgFwV6sBDJRVdzL+kFF4WHEDxib26o90+DD1sk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C2:KAS-ECC-CDH_B-409_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYPuNVqTzROv8XVqCOWOIZWoJimNQ/bQ
+e7HDgrTlaNAICTkmAAnGr8vtDyMlLgHW0UxtjwGyMJs4GcJFSkitJTrJe848ebUf
+UO1oA88FRkt0paHeIhE+I8AYxc7ZGG3bmBxini6ds+4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C2
+PeerKey=KAS-ECC-CDH_B-409_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01972e225e08b47512e92c0da9a1bdddb1802be402222cac5788b322e101feeb06b66b2fe726c1cd8aec92e02f37d15f4c97e64d
+
+PrivateKey=KAS-ECC-CDH_B-409_C3
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAq9XWHN4xGAMBwmnV
+KvhWuqObifXvRTZ/VRkhDHHXezGNBT7AwvSb9G3gXKvyPH0r19I/oWwDagAEAafv
+PRfDAehmG6ZsHN7oKptE1xaQnjZjtCPcBu9r5PYWzReTIc56Vy2kvKLom3aO3IRZ
+swDfdDhJogvDAmBitCDTlC8Y4tbFMH5uGVXjOwnVlR3FmzGisdWMIz4siW4tnMqo
+7rjo8RM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAafvPRfDAehmG6ZsHN7oKptE1xaQnjZj
+tCPcBu9r5PYWzReTIc56Vy2kvKLom3aO3IRZswDfdDhJogvDAmBitCDTlC8Y4tbF
+MH5uGVXjOwnVlR3FmzGisdWMIz4siW4tnMqo7rjo8RM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C3:KAS-ECC-CDH_B-409_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAOhd6dY+NOXHu6b/mxb0yE2V8R3+khB7
+H77K6Yzm7/PblthpAL/SLNQj284eVya+jll5MwC3FBdx98gW1V7IxTgi0uehkvpU
+oX5bmbLZCWG1Spn+1Tq6S9oaQHStPSP5yREgV5W1RQs=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C3
+PeerKey=KAS-ECC-CDH_B-409_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00b6661a866abbf1843dea8f220e360fe7cd7d9e85c316138fd2532a57d7d2a6bfe6e5518019c603a2d0e338ac6a8690093c2883
+
+PrivateKey=KAS-ECC-CDH_B-409_C4
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQA8yPI7kM8m6FdNwgG
+mDSsxNk3vlAX4dGC7HZGarooLHO14+lv4QYUNkFALHLGJIS6HxLyoWwDagAEALdP
+UlIBGfwIU2zqWEIg3psGJAHmT/Y1kwXC5rDASpX3e69T4jwyau52IRSVwwssFQuS
+dQFUBYji/VaI0bNXY5CMH4I+7sqJQvYhbOBM72btaZHfaiL7dEEbE9BlE6ZbZOYo
+Fe4CBpc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEALdPUlIBGfwIU2zqWEIg3psGJAHmT/Y1
+kwXC5rDASpX3e69T4jwyau52IRSVwwssFQuSdQFUBYji/VaI0bNXY5CMH4I+7sqJ
+QvYhbOBM72btaZHfaiL7dEEbE9BlE6ZbZOYoFe4CBpc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C4:KAS-ECC-CDH_B-409_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAMqHCsvk6zrmXt2V1pROsJDg5VBxK+Ox
+Np5HMgP1Kxg4ZU96Q0K9gwlwT+1pM66dFizNfQF5bMKGvz1TrWNpdzdPg1bkVzC3
+qkOAX7UoAfc74+mzKAiYSq677Xvl455RM1sN/zR4KUg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C4
+PeerKey=KAS-ECC-CDH_B-409_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=010889037c707d90b833d03256ff2e8a5ffce16fb3613486221494a4fee82e74625a93d966c2028d0930115494f9456cec4d2b6d
+
+PrivateKey=KAS-ECC-CDH_B-409_C5
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAEz2iulSzYkTIBC8O
+LaNxjlbb0oSO9Ce92yQXf2JEdbU0AK/csYh56P5rRgmk97vCFSsToWwDagAEAOOi
+9OY8+8HuhEdFqz4eW+VzIEYJrs5eKLj7iriuBomEZ6lae1nAiYpBSr/ycDzLzcCS
+CQENc8Q7YwFwOVEErK1sGlY9MpZjIzKhSB3cLDGDa9Gj7hpzZNf1uClduVo3RbS7
+vrgJW8I=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAOOi9OY8+8HuhEdFqz4eW+VzIEYJrs5e
+KLj7iriuBomEZ6lae1nAiYpBSr/ycDzLzcCSCQENc8Q7YwFwOVEErK1sGlY9MpZj
+IzKhSB3cLDGDa9Gj7hpzZNf1uClduVo3RbS7vrgJW8I=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C5:KAS-ECC-CDH_B-409_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAH62Hf3fw8DQg/4iE5Z5hjgdnjDmhK/f
+K6yPGjYujG1jWN+VkwYAQn38HrFBGP0SObZ7aQFbqH+YEUzsiyy0W7o9zwBrKH4H
+477x2ifOCNqeT0i9JB9ZofnJPIN4hHFXUPQIX5E/T3o=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C5
+PeerKey=KAS-ECC-CDH_B-409_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=010a8aafbb243fc9466bf381eae173c01be95d88a9c131b07ed54d2f117cd3af4019ffb196ebe8290b1269622f9df26763ffa211
+
+PrivateKey=KAS-ECC-CDH_B-409_C6
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQA33VUwBMv1OSiuSF4
+dfmSSlXKsxm3anwXnPAiKTdXmZbPlJILr9RT5S9dL8SAATKfvXjEoWwDagAEAWCF
+HP+UfOcqEYqrTa1M4sPOm8Mwzh0G761/Yw5Fu883CX2UBR2dMQq/+o2W7SKoR8vm
+kwB5o93eY2vGKvQebsDgc/5kYuOK1Lnjo27MgROixjlM7SGr3I7Flp5Y4AnqE9vp
+KalnCco=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAWCFHP+UfOcqEYqrTa1M4sPOm8Mwzh0G
+761/Yw5Fu883CX2UBR2dMQq/+o2W7SKoR8vmkwB5o93eY2vGKvQebsDgc/5kYuOK
+1Lnjo27MgROixjlM7SGr3I7Flp5Y4AnqE9vpKalnCco=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C6:KAS-ECC-CDH_B-409_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAILxSOw00dCLJueeN3LhLWWVmLc7b/8L
+qxhF6aW1BxRJ7ydZ/tY6qAYkuDprLp1zm4P22wEJzqBIpyC6dJ/FIsha9f54N1HD
+n+jQUVug8NPc0Z8Ywi2jkJ8C14c1qhGy/roPjTMMVwM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C6
+PeerKey=KAS-ECC-CDH_B-409_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01e17b8844c4c757553a628d6f4c48f3a337ed2bbb6e4047dbfcfbfd02bb81c6e096f8ccbb7f2e5d10ee9cbcc960e3a99e79bd09
+
+PrivateKey=KAS-ECC-CDH_B-409_C7
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAMnNd1/EY0p+fPKs6
+By24yIbUL6Xee+plA27TyNRKEej5b04abyVIiMqyFDBRkaJt0drRoWwDagAEAC05
+4PifuHUVHuOzVPjqFZ5/um8j+Kdk1J4H70PxjTz4bhuqrgrXnUAAcJpQJS8c42Ax
+NQDORKm3dbA89CsxAklmB5TCXgQisDrZurqiNhBhMlH+DlQEbgT5IQQ23TdgA9GP
+mN/a4Yk=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAC054PifuHUVHuOzVPjqFZ5/um8j+Kdk
+1J4H70PxjTz4bhuqrgrXnUAAcJpQJS8c42AxNQDORKm3dbA89CsxAklmB5TCXgQi
+sDrZurqiNhBhMlH+DlQEbgT5IQQ23TdgA9GPmN/a4Yk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C7:KAS-ECC-CDH_B-409_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAIPKBN+EWOXmzm4TuTfatJhSHYJvuVQS
+NFZ+mV8Gg8gPQ4UW7v8M+JGKX4tSYszco5l0FwBfizwg4/4lWe/g6FoSJ235Iu8P
+Qlf+cDviUp9u/7bymaGiUcAeONQ8pspXbvHgvrbJEh4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C7
+PeerKey=KAS-ECC-CDH_B-409_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01167edf7a3c50e13be126eb2caf6b5f8f761cc8dba413246423b877df74a3aa3f48144b44cd133ad9f2d05ef97a08f7ca511d7f
+
+PrivateKey=KAS-ECC-CDH_B-409_C8
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsE8ztoeZYw1i9EM3
+x3xaa24Pdga1yHJEqk59ppjMj/HTMRtI7nyaaBK6+QVDea62HAwToWwDagAEAcWU
+DC3is3NYJK4plMFQhvqVh1Dk2DEjrwR+mzwmR0bJtdkZ2iFTVdjCiygIo30MxfL2
+oQAKv+bxUQoYLv943YAum6IeZorqVzLHMt38XfkwH1iZ8CuugPgoJgHvPu/kFO8s
+cm/gAlg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAcWUDC3is3NYJK4plMFQhvqVh1Dk2DEj
+rwR+mzwmR0bJtdkZ2iFTVdjCiygIo30MxfL2oQAKv+bxUQoYLv943YAum6IeZorq
+VzLHMt38XfkwH1iZ8CuugPgoJgHvPu/kFO8scm/gAlg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C8:KAS-ECC-CDH_B-409_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEATEVNql0W3R15sL9ckwj2epmgDoTm0fj
+riY7D7fkLjMWJ5u/YiriYlMbLiKD7MGmEnybCQHUjMx4HwvewxMJEARLdpCamr1/
+yxhAfcQvY5EvomZyCAA6stKBAq3PuT3cBTdg5Twtqng=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C8
+PeerKey=KAS-ECC-CDH_B-409_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=015c0d202bfdee2dfbd4be91625171992e6c6b1a1d06cc1b2b66ed64c9d928bd4f062912900d3f89045c7190f513d3b019a634f5
+
+PrivateKey=KAS-ECC-CDH_B-409_C9
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQA1OvDHJpl7jsavZ1u
+ZJV4DFTmM/WiqfYchAjXZ9CRbZHLVM/Nk3U435LPxFk44zt31yTyoWwDagAEAU36
+qnBRjzZ838qJeVoNs3S7e0B6WMqsJLpGgk3OeFAQZ9fgRn0wueH9uwp+rOFfsMII
+zwGdYr4rEqF6ePbJ9+cDZpdl92PGI1/nr3jyUETpnEsbkGU2QLPwrkgaVdR9HrF7
+hsW62hs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAU36qnBRjzZ838qJeVoNs3S7e0B6WMqs
+JLpGgk3OeFAQZ9fgRn0wueH9uwp+rOFfsMIIzwGdYr4rEqF6ePbJ9+cDZpdl92PG
+I1/nr3jyUETpnEsbkGU2QLPwrkgaVdR9HrF7hsW62hs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C9:KAS-ECC-CDH_B-409_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAQwnNTD1T+F0u71cJ3GlWkLmQFDDvyUj
+5ggq9HbrAleHaW7fbkON0Fa1mPUABjPCZP17pQBEPnLak7DHgl9CI8eWgm/RMiNF
+6iWt898aLGlYkIwP2bE+k8wAX07LFVov/3rFT6gYB4U=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C9
+PeerKey=KAS-ECC-CDH_B-409_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007c32383aae80e1111207894c8cc5be66fe538af4a19195742a94a4c3f5c765d9776a56177c485ddb53c038b70478959d374627
+
+PrivateKey=KAS-ECC-CDH_B-409_C10
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAJhdqr5imQzVm8dzB
+kZ6URT6cvzyX4Gm0oXQmRJFn9qEImsFqECpLPkMql4v7RiVdxD0aoWwDagAEAVNf
+yUm0kDAwi8Dal5PVcIh2asjPIujWwnbY8/dlDzATXh9sADAME0Ti8DBuoOJwsJqA
+rwC4/D+mHcIsVVAfKmspRJRtmfe7/vvses9PsgDBAC4yLDkXLsCits4IB/Hj67Hq
+NAA1MUM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAVNfyUm0kDAwi8Dal5PVcIh2asjPIujW
+wnbY8/dlDzATXh9sADAME0Ti8DBuoOJwsJqArwC4/D+mHcIsVVAfKmspRJRtmfe7
+/vvses9PsgDBAC4yLDkXLsCits4IB/Hj67HqNAA1MUM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C10:KAS-ECC-CDH_B-409_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEATvrjTbR5/U9gL7qM+/D4AmN6uqheXfa
+j5qunFdueSDo9tpVogkwzmD9SQtPsBVNSSd9mQEdwdh/NS4SvbQaG3ofHlFmKe0y
+PF1bJj/wNvAj8P9fci0FbCSkEfU7NH0HhthPe+h5EFo=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C10
+PeerKey=KAS-ECC-CDH_B-409_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01166107ab98db1dbe22c5888a70c992af4faf4623ef593802aedfe433809c53ef4ab0b2dc4dc2546488b356ef3265356055d8f5
+
+PrivateKey=KAS-ECC-CDH_B-409_C11
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAvz5zlccqqEwJYOXG
+kCLOOQZ0BFNEc8THgpQk+B8dRLMfIOK5guJRz5/7Mnp9g09Z0ZSKoWwDagAEARy8
+TtkDaifv/In/1V+h4+rQ+5O6z6Cni8r+ORSrGpeGD+wTNMqroHJDWRYD5neRrqS8
+twEBB0xERidjCtClJY4kQ41x8mq5TQW7R9Grl4WMS5LG/xy5vma5hP6OFuRPOT5j
++dZCgcg=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEARy8TtkDaifv/In/1V+h4+rQ+5O6z6Cn
+i8r+ORSrGpeGD+wTNMqroHJDWRYD5neRrqS8twEBB0xERidjCtClJY4kQ41x8mq5
+TQW7R9Grl4WMS5LG/xy5vma5hP6OFuRPOT5j+dZCgcg=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C11:KAS-ECC-CDH_B-409_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAWkMdGSekuHBAE9D/W5GkL5ZWQTFbSrN
+haSa8KF9NDaMh2jQOe3pySrSayYwa1/973v9GQCBJ19+L/BopsG5LdOMA0JW7XMi
+sCdwKZTHT1uBgSTTShkJh/1liJL8meesuYd71v6UaRk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C11
+PeerKey=KAS-ECC-CDH_B-409_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007e7a249094eb52bee0115b8bd5545f81bf0b7d66998fe124c9a3dd3c5715d03b2f973d47c19af5108a2ae005fcca65e61f337d
+
+PrivateKey=KAS-ECC-CDH_B-409_C12
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAltQDsPpgHJp1qn3p
+/p4R1C76k9lt01EC2gXTrIB+RBlOGOeci1vhHF+znIvU4xIyWvryoWwDagAEAAmD
+OUYpTUruzbb3JUykicD/E68txuLKViaDXV3SIkFEDDemNpDNEYZ1gf9htyUtB6+4
+/wBhg/7m9NbvW3I8U8lsXB7N2EZS43nJN4eNdm+DNwUAQSNZwi1HeL34B7PITluD
+NQkQoak=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAmDOUYpTUruzbb3JUykicD/E68txuLK
+ViaDXV3SIkFEDDemNpDNEYZ1gf9htyUtB6+4/wBhg/7m9NbvW3I8U8lsXB7N2EZS
+43nJN4eNdm+DNwUAQSNZwi1HeL34B7PITluDNQkQoak=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C12:KAS-ECC-CDH_B-409_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAFwk9K2b3LFGBoWiLaVNvd0VB+9t5Gna
+QXDOMBR1eaVJRduxvOnwLkcAM7sV/Bpw+DHnmwF8qTK5CgjKLj9VxQzA4T0nnXvJ
+EZxXPD90FBC7fBytEHbDukKu0c5p1WIosIL7beDu+2g=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C12
+PeerKey=KAS-ECC-CDH_B-409_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00b9d8b68642b2729340d8b7c5ed3b3a8913c4a3f6b947473017c0e105bc7edc60daa9b0732772220f93eca4878085f756e3adad
+
+PrivateKey=KAS-ECC-CDH_B-409_C13
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAZxJewwmrXcfqVo+I
+FaKzDPrDNmu08BYNU3OKuZXOdWgfzV5JLzqXJbTPdbpDAaeGBJNCoWwDagAEAfHR
+ruX8WUykoiuButcH2CG+8yU5ZvXXeVYVdIOWFpb0xgR2pCtFK4nB7LNhVHXsnJbc
+hwB1XF71WIm0Fc76DogaPvyb6G82xnYVQjtFLqtM1WEa70GY3bMa7LQ07u7BLt0F
+kTrxn8Q=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfHRruX8WUykoiuButcH2CG+8yU5ZvXX
+eVYVdIOWFpb0xgR2pCtFK4nB7LNhVHXsnJbchwB1XF71WIm0Fc76DogaPvyb6G82
+xnYVQjtFLqtM1WEa70GY3bMa7LQ07u7BLt0FkTrxn8Q=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C13:KAS-ECC-CDH_B-409_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAKq/aquz6Q+VbXAE/8iTxw+OkM3DH8DH
+qI8WMgVB1YRDrzlAXYiNlnZVfN05SyfcVEn5RQEn8m26BsM/j7RdlVz9tc7dqT3Y
+pF20LuC5JkoFTBaoe+2tRcDZoPNbvGqnoSlWIug+vos=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C13
+PeerKey=KAS-ECC-CDH_B-409_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=017d60394c7ee64ba73db91484713370daa821255807349c237e5849411bf0bab3a1b353be3cd07eeddc5c2ffc74336225dae6f7
+
+PrivateKey=KAS-ECC-CDH_B-409_C14
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAayzCOH9pr9Q5eLf2
+a9F2ZiVwgbpNZu5qmoK3yHxKxfDrprwtmByh2p/yArpyy3/pwGzwoWwDagAEAIak
+TW7k6MUNHhDX0dETqWEHUCEGeeDkyrjGImeEKTitXZM8mA7vnUZEeRu/01u6xknS
+EwEdpjISYxYF/qDpP1gmsZKbK9HblQYV/LBetHvZy2nq4DscM9ep5HszWkBJgjj+
+24mZsE0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAIakTW7k6MUNHhDX0dETqWEHUCEGeeDk
+yrjGImeEKTitXZM8mA7vnUZEeRu/01u6xknSEwEdpjISYxYF/qDpP1gmsZKbK9Hb
+lQYV/LBetHvZy2nq4DscM9ep5HszWkBJgjj+24mZsE0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C14:KAS-ECC-CDH_B-409_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAB9P+/IvZ8FZGwp3DlY8Crpm/gFWHF4i
+flIrXd4jx0jKz49KAikN4mtHdn04ilyDbT7/SwAtJz8uhRblCDiPjtIBXsn+Z8Zv
+gyzysmHfrVhWEoBC+0phqRo3s0HeQpbUv2O/Z6NFinQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C14
+PeerKey=KAS-ECC-CDH_B-409_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00b19e052edd44421ee2f5ba845911fed9183d885da85d51dc819ca565ce574f7db257509876377b40c5a08349019563b60e13e9
+
+PrivateKey=KAS-ECC-CDH_B-409_C15
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAPgmPPxleidpx1jZw
+APgEB5rcoydbLnk+jTEsjkAs8NDOUzF0L4dRX03ZzGaCRhlLlXK2oWwDagAEAQr0
+rjNLpAvWU44PCVqlb2GivStfOOlUt2F9kroQYDzcyoNlVNAkLds31eFXawvmnw7s
+5wGzNVIa7DBfMU1/I+0ozAxNI/M6Z4X8bG3pPl+rzicTAvlVf20q53xScg7aWi4V
+Q2RD39I=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAQr0rjNLpAvWU44PCVqlb2GivStfOOlU
+t2F9kroQYDzcyoNlVNAkLds31eFXawvmnw7s5wGzNVIa7DBfMU1/I+0ozAxNI/M6
+Z4X8bG3pPl+rzicTAvlVf20q53xScg7aWi4VQ2RD39I=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C15:KAS-ECC-CDH_B-409_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbCDPrNEBFDj+lFIwlwt8uACBibyQHQi
+IX5Oy4vYp1GnK6suxWQq6Q/SnYxNeenMGRtbpQAjB4kFtqMwCf/qGhl325Q1ea++
+uHGXAFlpaynvkN2EYXdrNDoJyFOlOOTyL9+FT8vztzQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C15
+PeerKey=KAS-ECC-CDH_B-409_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01697512676ae56ff5ab778c411042d217ad24a24ea05bbc253e4395fecc8a07fe77ae0ca4ed977459f1a14d9b83931bccf46107
+
+PrivateKey=KAS-ECC-CDH_B-409_C16
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAfYSTE8ZJna5HKwvd
+t23sRYBvguCYcjMB3zO2u7l/eUvyaHn8M8KXP4bBVRVJZBqBm1cRoWwDagAEAEgS
+rxk3YwuOp9D/cjy7BbeidA/Eyb55LbIE+SlnTDLkfYXkdwuQPTKQptYsJ0yyV7do
+NwCMb2FxF4a/XFTrDBsxJtZBskpmYrZ7JXMCqaYaqM1QOEa8uxsU+lyXRUNotsJ9
+0t4q6As=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAEgSrxk3YwuOp9D/cjy7BbeidA/Eyb55
+LbIE+SlnTDLkfYXkdwuQPTKQptYsJ0yyV7doNwCMb2FxF4a/XFTrDBsxJtZBskpm
+YrZ7JXMCqaYaqM1QOEa8uxsU+lyXRUNotsJ90t4q6As=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C16:KAS-ECC-CDH_B-409_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAXS9Iz+GHHuFPMqPWjg1dISe8s127yK8
+DhWfcTodBzh8QgOxH0wzm2aWdPzx2sGZcDvrBwHix3jMpklj2HMp5XyLyW0PZzcE
+H9CH2vwH3WcOLOclVH4aJhxD+8VOFMNHPr27Mf2oRzo=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C16
+PeerKey=KAS-ECC-CDH_B-409_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=015960ea8b92bd77d52874e3ea82ed1763440189d68728d3974d4c01d6aafdbb5274648f6f3eaa4faf3fc72d09892ab038cb2fb7
+
+PrivateKey=KAS-ECC-CDH_B-409_C17
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAv6WUhWxnwoNrf7Fx
+tnx6Qa5D7zRQiYAkqTE2VPzzHh4fusetUrK8Q1iXWlxhq59OPk6eoWwDagAEAOG1
+MJpEgAqRatik0ZuCpYsA7gSCSAUKbtbDPOG8lwFUfpPXyQQvhJBlS3OizX1z9zPA
+vwGAsgM4dGNR+sz7mjcRpOE4RXVQu/WDFgNMbyFqU3SSY9/+I1m93NyJ7GRGqaSp
+9O+QyG0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAOG1MJpEgAqRatik0ZuCpYsA7gSCSAUK
+btbDPOG8lwFUfpPXyQQvhJBlS3OizX1z9zPAvwGAsgM4dGNR+sz7mjcRpOE4RXVQ
+u/WDFgNMbyFqU3SSY9/+I1m93NyJ7GRGqaSp9O+QyG0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C17:KAS-ECC-CDH_B-409_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAMHctzfSUwNbuR0qSoXzfQAUK+gfySeM
+sjpNHXnSfI08RECyyEK8HiH2kk4U3IMbCr+4RQAMc9VoewSQzMB/ZUEBrN2zbNDC
+7szhZd8nb4O+IR0B0w/1wkPwkAVy7m3wf1Od9qRomws=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C17
+PeerKey=KAS-ECC-CDH_B-409_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01127491ff33a67ffc4757416cd02a081cafb723aff52af35b069b89963e8e3ef5bc19c5a093ccf511e3c3c19be789280e986809
+
+PrivateKey=KAS-ECC-CDH_B-409_C18
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQASgIOBsQA7ySYwRHN
+4VCHzaSKb7LswB2YW1fw05IZIOksQ/OraIEp3AGtKfwx1o6WIjGboWwDagAEAWci
+f2KElZTtY/JH94Cy0R3ZosLHG9a3EpTPi1nOaQv+ANqbwduNHarJv/jADnvfBx/g
+0wE2w+p30JPZc5++aJExixSVl3hZm9Hn1al7/IL/6F/VqaAbgvcuEfrZbS9ctXmP
+We/qFe0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAWcif2KElZTtY/JH94Cy0R3ZosLHG9a3
+EpTPi1nOaQv+ANqbwduNHarJv/jADnvfBx/g0wE2w+p30JPZc5++aJExixSVl3hZ
+m9Hn1al7/IL/6F/VqaAbgvcuEfrZbS9ctXmPWe/qFe0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C18:KAS-ECC-CDH_B-409_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAT2WomfRoqnqg66xsB2KziLiUcgvX1/D
+71mXowEadKEBFd9g6Y0TnN02DnTXb6Ui7rVvSwFrZVq3zQ059Yj77+xU5PRQR2ZM
+izvo5XqxE3cPX+DGIwD0oJ+iiZ5zu8mCMmX1XVz0rhg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C18
+PeerKey=KAS-ECC-CDH_B-409_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01254508553eab09fbc2fafe13fa9b324d9217d7d0ba4cedbe5dc869ad68de4f87774dd17d6428ed242c71956f252969e6bd5837
+
+PrivateKey=KAS-ECC-CDH_B-409_C19
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAwZs5FmX1A1NUf8cs
+ntAZ9TEWkO5B58iVqn75LGD7nzRU36xXUkWmhp8f3sdF1j6lbIkioWwDagAEAFOn
+piqLQES2Cvdu+ltEQpv2X2WYfWoGIWPdVfCNyakbi7m2Jw+KAmEj+Z65NyzL3SfK
+OwCt1G9+pwkvSN2qL+uWyyS/ktJij7bk983fUj5fhAEc+Kq6vWAJoT8ppjtrfuZk
+xm84KfM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAFOnpiqLQES2Cvdu+ltEQpv2X2WYfWoG
+IWPdVfCNyakbi7m2Jw+KAmEj+Z65NyzL3SfKOwCt1G9+pwkvSN2qL+uWyyS/ktJi
+j7bk983fUj5fhAEc+Kq6vWAJoT8ppjtrfuZkxm84KfM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C19:KAS-ECC-CDH_B-409_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAXh7MLOyBOKYaQudcR/+7xZ63FeSBotc
+jUIuyQ+Uwr3ShM2/i+5kL3C9e+LakGue27ws0QBDB4+RIRApChPZAWDw5xWC+jnA
+512BkOuBHUUCIARMxtaA2VapiGDm/IW7htZZkKFgxbg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C19
+PeerKey=KAS-ECC-CDH_B-409_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=004b9accc21d7122835fc21410ed1d83767c47a54ffee5f0c180fc55f3d0e8484af3ad38020294be92f02f0ba7e2b4f4eb1db07f
+
+PrivateKey=KAS-ECC-CDH_B-409_C20
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAbJCYtT0Q8qwChKmZ
+AmWPZn6kyrKGmK8/oHAGobtGNjsQPEqkySwcP+dTkJf6cLik+kbFoWwDagAEANPt
+9lL0P5yakqLk00uoP11+lQwoNGoqaFG/dVRwUBQKTpwcG1AOHSrTZMMGuaRK9QOm
+IQCZsmxkNn8ZA9qV31FWLSUELAGhrdp1u6WL2w2KqzULUuz76YSIwmGd4BzXD14A
+iVO8pUc=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEANPt9lL0P5yakqLk00uoP11+lQwoNGoq
+aFG/dVRwUBQKTpwcG1AOHSrTZMMGuaRK9QOmIQCZsmxkNn8ZA9qV31FWLSUELAGh
+rdp1u6WL2w2KqzULUuz76YSIwmGd4BzXD14AiVO8pUc=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C20:KAS-ECC-CDH_B-409_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAenaCtGhWsPEMfIglU7S5QKve3RsP9V7
+Ls63dIZYAgoJVmSHg1TfCqGB5X5erSyYWtMCPQCcznOlRwg0i0j48/Z0u3ZU9EHy
+g9TopOyPhZLvUjlfJMES1ZQtOuCP/o2Znv3jmYiKfPM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C20
+PeerKey=KAS-ECC-CDH_B-409_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0093e2581c159d74d11f8667ee03399208b5c1a4ee5b20070ce8d97d251ef1236dc81dd688b2f07a730e6b8aeca0c193a28b178f
+
+PrivateKey=KAS-ECC-CDH_B-409_C21
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAp/o4qKuAMNa0l6I7
+3l5QB+OdFNqfgtxWSuPNtK9fz0G8/vetrbWRcebX09PDrGf3vnBzoWwDagAEABO7
+O6kdXSSIr1ctmVzvj/+x/YXRE0IejSwMOql824qTP8DT8F9GRs6EHr3PGphgS/+j
+3wHy4E6hagEtSGTPLKdWSEbec6M/JFeNxNIhNZxPL4bKgjywWWv+R2Dp6ty0rVCK
+saFx7L0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEABO7O6kdXSSIr1ctmVzvj/+x/YXRE0Ie
+jSwMOql824qTP8DT8F9GRs6EHr3PGphgS/+j3wHy4E6hagEtSGTPLKdWSEbec6M/
+JFeNxNIhNZxPL4bKgjywWWv+R2Dp6ty0rVCKsaFx7L0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C21:KAS-ECC-CDH_B-409_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAMSSlPtxKUIiGiUAMkr3vYx+wc0bgJTe
+0brAAQqGlgg/fvrsqlED1nYkmeG+SFfTIAMCgQBWT6ERCzk5Jd+7JLqaazNz9GJO
+y8PhL5cG86sFQpktjbbI2Lsl+gYU1Ib20ayfPZi57f4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C21
+PeerKey=KAS-ECC-CDH_B-409_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=008e2f1c4bad19c46a5134afccf7f4ec14ab591c8b8ea48d9c3d1e7354ab43ba20aa39a65fd92cdc176cf3dedecbf9da49a8d855
+
+PrivateKey=KAS-ECC-CDH_B-409_C22
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAzp+Ce9JMAUw+5Z7e
+90cXjWwDDBlmmtjnGLoTAr70ta0sEjNEj1J1spqJbAsuew2pIGi+oWwDagAEAXbj
+EBLZxgSy0aGSKijYpXTwYMw2OIsoFtL4EX2iDAaZqwoI92+6pHbwqcQkv0yVK0dU
+/QEf7cPo+Ogo4P+/Av2F0pwCAf0PU78mFMEK5RzLWMvEkAw4zEyaUthtifm4wt5O
+In9OIo4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAXbjEBLZxgSy0aGSKijYpXTwYMw2OIso
+FtL4EX2iDAaZqwoI92+6pHbwqcQkv0yVK0dU/QEf7cPo+Ogo4P+/Av2F0pwCAf0P
+U78mFMEK5RzLWMvEkAw4zEyaUthtifm4wt5OIn9OIo4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C22:KAS-ECC-CDH_B-409_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEATSt0sSZFy33ktlKmziV4kW4QHPDJSY6
+hYwen3zzCkTyaNP4NYQR3AqcqrUFwKvAFhML9QAxwjaxQ8oDbIg2Qff5uVf095ij
+FmfEFWA0Ann84JYqIb2LtS+iPbcahPNaV5TvXgdZct0=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C22
+PeerKey=KAS-ECC-CDH_B-409_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0190a1693eebe287ec980236d8762804d23fdb6f222763a0efc364f9280fdd53394c2badcc51ff09557f3b97cae7f70d790bf9df
+
+PrivateKey=KAS-ECC-CDH_B-409_C23
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQA4287mhNBmVsT/nC8
+VF0nnm2xSCySsTzozA2hwQDqL6qAOmSljMfrHP0WdXCDXFIvZZNHoWwDagAEANHK
+gjk7jVC9GJipCb85Mz7KO96YsLDc7Wb4KGMOaebrEot87CPwcmAEcHMmCnZTMd1v
+VwBsU1/5Q6D+dQ/Gw5kEppEroevA9GwbCCPkATx3R16imz8ySBlm8bFlvtumwXoU
+lPttTz0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEANHKgjk7jVC9GJipCb85Mz7KO96YsLDc
+7Wb4KGMOaebrEot87CPwcmAEcHMmCnZTMd1vVwBsU1/5Q6D+dQ/Gw5kEppEroevA
+9GwbCCPkATx3R16imz8ySBlm8bFlvtumwXoUlPttTz0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C23:KAS-ECC-CDH_B-409_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAPDsly3J/f0IzY38unKYtN8tvYDCCyiJ
+5mOsWMw0jL+Pn/0x/7UGGNbDjXKpnVxdLqzAAQC7C0iJPNuRXmXNXXl4BIAgF6KV
+NDZUJGo3/jpg196YfmqaEKrwY9lrEBhGEszSZAfX4D4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C23
+PeerKey=KAS-ECC-CDH_B-409_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=001469dabcf2210aa7de0040b201221eb4d1a4725431fb5a93212a66ddea4187e078f5e3d82606f6cdfc0ffe6b69574d1d0ba643
+
+PrivateKey=KAS-ECC-CDH_B-409_C24
+-----BEGIN PRIVATE KEY-----
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQACKBnFu1vTPco+QGZ
+KPNnx3qQUkkLmouoelnNyoTnfGopmFP1SW/r5lL0ujM1AcT88rovoWwDagAEAKBF
+tea7t5UElfbV1kWit9cgBnJdAiPH/3VTQCLJJgqw0tjTM3iaPcz8OolQLKUAvQwf
+YQHsVW4bFiHsGJNlThmNWSPjEUeKi9L//ygMkJL/wHNyiamXSStunr+TGUdjTvf0
+O0Kc82o=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-409_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAKBFtea7t5UElfbV1kWit9cgBnJdAiPH
+/3VTQCLJJgqw0tjTM3iaPcz8OolQLKUAvQwfYQHsVW4bFiHsGJNlThmNWSPjEUeK
+i9L//ygMkJL/wHNyiamXSStunr+TGUdjTvf0O0Kc82o=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-409_C24:KAS-ECC-CDH_B-409_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-409_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEATeERODe7P867Fq2506BI7qY2LkaUHz8
+oNhQl6rZRMFbT9icjL4sdFHY7GQQRUIbS/aXiwFkR8ITyQNd57zCm91h1u5u1Vec
+Nr7Fa8a0T5KGv56Z+sl/NWcIzQMQ2/Yzj5r417E1kQI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-409_C24
+PeerKey=KAS-ECC-CDH_B-409_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005c701a93d7790322aa7c67440fdd9ee8057a0dae86d1e856ae89e7893da178bd67777f86db2be5c8e31dc50ed8a440aabc342d
+
+PrivateKey=KAS-ECC-CDH_B-571_C0
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIA0TyK+h5mblbIof2
+dDDqj+ZGxi/ji3zmHx+VZZfCe93ZkC4g1ENqvzvr2CQ+wpoASBqKLBn1UOmWQbXx
+Sq+7W9qVOnVZ+GU6oYGVA4GSAAQGr3H87BopBBFv4Uh4Zjdkwex0hw5dLVORnwtj
+WRLbgN1UYNnmmUWP+ElMW/x0+6jTsS9l8BXo3vEN4z8YABkfTLUC0hk4uVEBlYQX
+exicZkH/tni214M9jUuyXe5QGN2k5MDSGQSMAc0Nqer/40bVPPGgezOz291Lw6yr
+5IMvmYHv8mYJkarIUhR5he6jpR4=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C0-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGr3H87BopBBFv4Uh4Zjdkwex0hw5d
+LVORnwtjWRLbgN1UYNnmmUWP+ElMW/x0+6jTsS9l8BXo3vEN4z8YABkfTLUC0hk4
+uVEBlYQXexicZkH/tni214M9jUuyXe5QGN2k5MDSGQSMAc0Nqer/40bVPPGgezOz
+291Lw6yr5IMvmYHv8mYJkarIUhR5he6jpR4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C0:KAS-ECC-CDH_B-571_C0-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C0-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDtj9foRKua18RPHZRRP5MvWAg4m1A
+DBFgmjpjS5oyX0FrDj0yFXNMaKHCyPrR0Lues5OaQa8iQh9oeB5+sGZLnfXOpEje
+qjsAjmzHe83cgW6Ez8H2JoJPok09X9M9gJPL/h/E2IG2O0lBI7x1lnDtyxiHuzud
+WotRa8UDgoFjcJ1NrLWU0nehWpLAZOV3DRs=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C0
+PeerKey=KAS-ECC-CDH_B-571_C0-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06775e1b99a236e02b020bc73666e5751c1210dcb6e9b02a69f4075376e49f7a1476d2209e861abb73f5e3ad189d268e035b1de93d47b3a64de5783c9a09bc223e1cc612f26dcdf1
+
+PrivateKey=KAS-ECC-CDH_B-571_C1
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAvTSt+Y2YObCCUng
+bcZwvoqvglMOC26v4hAR/p0PRAfIVJUVc0UozaKZ6fz3OKl/v0PEu6JnRLMnUxtA
+FD4Vi8hkWQnqiIRWoYGVA4GSAAQG6nEYJ62O1Ym3Ce819qnNRiV5i9iH5f5ZxR8P
+QcMot+zfhHNsQ/tw45hu5eX5huAJ9kEVinXM5rOfU6i/BoKDAZTkAHFI3u8Exrny
+pgmfwDZ/qWCTlMMiGtjG+xEdK9xDBQU4BHiNMur3ZDFAbnaKRIy1yONMgSJe7JAV
+q72SclwAJxLtMZLYB7Nq/qhT9yI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C1-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQG6nEYJ62O1Ym3Ce819qnNRiV5i9iH
+5f5ZxR8PQcMot+zfhHNsQ/tw45hu5eX5huAJ9kEVinXM5rOfU6i/BoKDAZTkAHFI
+3u8ExrnypgmfwDZ/qWCTlMMiGtjG+xEdK9xDBQU4BHiNMur3ZDFAbnaKRIy1yONM
+gSJe7JAVq72SclwAJxLtMZLYB7Nq/qhT9yI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C1:KAS-ECC-CDH_B-571_C1-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C1-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFdcuwWfQjMJ+ZO2wGrHHXvMXR5qGa
+/nKBHLYSpiOMnMwzHmfaDBC4jMKl8e8v9ta3RAZdJC9ZjaLWM11MO+z1w5U5QMYO
+/McGtDNlLjo2oHAYqorT0v8x7Xhc5WAXFu/3cQ/BPG/5/3XH83AdRZ/Y/nDAtK/O
+2ghoFxfbmCHYyFj9OeJ0/zd3L46EhW5wZ0U=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C1
+PeerKey=KAS-ECC-CDH_B-571_C1-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03a80ea8cfecb858f9b77bdb46b6cda26320ee8c561a2fd6b7e0a2b62201fbfe60f577780c75a98a11a69de4c4ee911930d2200b6972bc3123d7f278615ecc65984a59fe352a1cec
+
+PrivateKey=KAS-ECC-CDH_B-571_C2
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAStjE7VoU8+NAnME
+nPftKrjmMuWSVu0EM2aFdkjz8qlnTK62+w/NX7qwu6u84XoPxKeBSEmcOJr1dIY3
+RkFpWw6FLzFS7sckoYGVA4GSAAQECnh2PRcEWd00tcBOx4LmmMvpA6WjSFUcUkjZ
+2s8ZvLmkmOoF6A4tbMHz6lujpDhVuAHIwDVv4+Ke4iS7kfTtDIVng3m3JUIB/0nO
+CmLp7a5qpjqYSORPGFQS0P60a4f5FCS9r/7VFoMh7XbyNfddM2Z/bX1qnIV7tPhU
+QvxA+aIMBK4GNipG7O6hXEXWm+s=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C2-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQECnh2PRcEWd00tcBOx4LmmMvpA6Wj
+SFUcUkjZ2s8ZvLmkmOoF6A4tbMHz6lujpDhVuAHIwDVv4+Ke4iS7kfTtDIVng3m3
+JUIB/0nOCmLp7a5qpjqYSORPGFQS0P60a4f5FCS9r/7VFoMh7XbyNfddM2Z/bX1q
+nIV7tPhUQvxA+aIMBK4GNipG7O6hXEXWm+s=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C2:KAS-ECC-CDH_B-571_C2-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C2-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGSqZoMP9EMkpnroqQeJaJe1B1Zs9S
+3+E+Otux55NmXStxg1h1Tv6AnkSWIYUC/rVgTb+8BKEQfKnsTq3H0QqdbRR0zt9X
+gUUG9j9p+MGLZ/EQUbPTAjahokkIiyvKtc/4MM256z51wehyUuXY5huxpmNI+2ge
+li1lq8VNXeot1yxVRZB0AHT3xmxLjf0wdWE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C2
+PeerKey=KAS-ECC-CDH_B-571_C2-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03edea7e47ded7c2ab1115f4ebcbb42677c7fba6e0cfd811602896251ada1d5a0b461aaf4e000f4d4231b96d8dee7630d9f1b7860e6418dac8c3b07b66af6fd1acdb44b2683b29b4
+
+PrivateKey=KAS-ECC-CDH_B-571_C3
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAhmXtUgcDPbPQ2v+
+Ngw7EZueTdVvPChHr/sgIcusS1fcGPUHXWeK8rpunu+8QTjYGAU/LfMqEOiuXWQJ
+9bLx88q/NvgI/cB8oYGVA4GSAAQFYM+RMowmu6E/ccm13d0FwYWWnYi9Dp00o2B6
+kjsjpbZ1RSFnADri8K3VFB6kvkHrrpHTpqoVw5Pb9YWtbJIUsmnoa08FS/UC4y7C
+QEGKmk+QF+Yy+Kd4l6IjPW8fRbj3qoGPhH3bPOq1paEsdU/OjVewMgoHa1NEHc+f
+Ze8yBOCJGR7xVv92IpSJenL8qTI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C3-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFYM+RMowmu6E/ccm13d0FwYWWnYi9
+Dp00o2B6kjsjpbZ1RSFnADri8K3VFB6kvkHrrpHTpqoVw5Pb9YWtbJIUsmnoa08F
+S/UC4y7CQEGKmk+QF+Yy+Kd4l6IjPW8fRbj3qoGPhH3bPOq1paEsdU/OjVewMgoH
+a1NEHc+fZe8yBOCJGR7xVv92IpSJenL8qTI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C3:KAS-ECC-CDH_B-571_C3-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C3-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFBnGvZcvvkvMF5frLQojMBKTGl4o7
+eK/kBJxqmV/ow8C7YJq+SdFSse7WxxTSVP5u/xWanr0krRaRnvdvRHAFfrfCZaS9
+lugFHQjiHSZNjk28c0CIQqtXzXjTI+fetiWzdBmUuK/+Aa9EYWIttBmv7q0EWEX2
+w9ttmC9FtpK+oRzyXRiso8g77IQMdYKnBi0=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C3
+PeerKey=KAS-ECC-CDH_B-571_C3-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=005b640015330f8416f2bbbf8b5660e01a7abba8b0197a29e52bb535d62f89ad0443e08b6e0d1d15f4eb03c0fe35e3e43bd7739cb692092698a2cd13126cee4432831ec7423b3434
+
+PrivateKey=KAS-ECC-CDH_B-571_C4
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArU5rMdwdYeZ9Dln
+Dq6Fubo0qLTzccyTWiDOjFZlIe7NjE9a/xFq4Nsq1urhozhENMWZN5ghrQXYGtoF
+SCmd/ZjP1tPxVzUkoYGVA4GSAAQG2uU4yCBEOXdBXO9OeZdLp2K2m0NIECAMxv/z
+JqI0TNIb4ZwVNkLfgqPlelUxqL8Zdn4ZldJyj8tmHVjsVh7yOjTYYHlxSQ0FBCQ8
+eSuQMYTqclqUfKiSGMqcj6Hgmn3WjeiOrpD5vSqN9BTdaaiysaLe0sbX9RTIkHmX
+Yk6wvJ6pM6LUdO+Pg7rqMkODTeI=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C4-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQG2uU4yCBEOXdBXO9OeZdLp2K2m0NI
+ECAMxv/zJqI0TNIb4ZwVNkLfgqPlelUxqL8Zdn4ZldJyj8tmHVjsVh7yOjTYYHlx
+SQ0FBCQ8eSuQMYTqclqUfKiSGMqcj6Hgmn3WjeiOrpD5vSqN9BTdaaiysaLe0sbX
+9RTIkHmXYk6wvJ6pM6LUdO+Pg7rqMkODTeI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C4:KAS-ECC-CDH_B-571_C4-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C4-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDmsnpGvWUB03NM42k9SQFdPAeQTpJ
+uSJGuj1t6FXj3t9uf97amrf3+Edudwzpu8OppeuYRUPcw39fEb5uKKHRCQkx9cW1
+o1EHgNMtuxNImb2i6YhIlBh4OHq6ZmX9JCUhYM4xI/aPm1vY8lSji4TsU2Ul/gB6
+hjtvzEifk3oFpf2UbWKCUyign4Ony6J/6l4=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C4
+PeerKey=KAS-ECC-CDH_B-571_C4-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=027af05ecd0332784d64b0b1bdb45c310fd445c5a6d6b34f35f4eaa3fa3e171ab98763d243a1dedf46aa29864620a47d05eeaefd748186bcbcf187c01e7ce36e2a53ded071036b59
+
+PrivateKey=KAS-ECC-CDH_B-571_C5
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAxipbjgngtRHbxvr
+9pehB28i4dLshHR/n8QlBdVUfaqgjYFHIXWWWZWGhc9OpLuhL/+2avCfZpRSHxHA
+m2YmyK5S+/szalKhoYGVA4GSAAQGdw8vzS6bf4vFwpLSg6uthRVQcf4373zoTzTH
+YW2j2+G9zpqwTOp7xLwljF0qt3I509CEVost/3eZiCiNn8a7Nk9RnQ6FWtME9qH0
+5f4A/pol2EWbiIA5iO8r8v71oj8T56fn80Wav8PVwAMDq8xQgPq4GwnVvgMg75kF
+GaBq8TwpVi7pVXFagswNrvLF4Os=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C5-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGdw8vzS6bf4vFwpLSg6uthRVQcf43
+73zoTzTHYW2j2+G9zpqwTOp7xLwljF0qt3I509CEVost/3eZiCiNn8a7Nk9RnQ6F
+WtME9qH05f4A/pol2EWbiIA5iO8r8v71oj8T56fn80Wav8PVwAMDq8xQgPq4GwnV
+vgMg75kFGaBq8TwpVi7pVXFagswNrvLF4Os=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C5:KAS-ECC-CDH_B-571_C5-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C5-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQG9liEkQYKHogUjkve44vGdHE/44TX
+z9v1vZDJ27bhWH5Fnc5uDWm4ss/rUFW+5WpzwTQ2BgGYrUdQ2uglPqg5ouJG1UFF
+l3UFthuPfY1sgWKiJp5yh9RZA0uPqsA2D8+Z+yHaNKMU5nNTGbnQNia5JoNpNF86
+YkrK2yGbIHGI0OlFy8Z8mCBo0yYT/CH4sPQ=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C5
+PeerKey=KAS-ECC-CDH_B-571_C5-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0763c0d659a7c080912005a2afd60ce57e610619b388ef3d5dd3c9386ab12069c6ef3a8e72eb741cba2da5c6f9267f6c09fada6459690ed4e432445d6f0f72dbcb059c87df36f665
+
+PrivateKey=KAS-ECC-CDH_B-571_C6
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAotDGetwVM/2OCgg
+xS+cMy6uZw0fB8/I8UcukmD15Ho4V2gBbNIAZwDKe9xdHVZ9kkYK98KkJd0NeK7u
+PRX7KNcRZ+ZIa4HEoYGVA4GSAAQFsbEUzvE6pd8wbOdBl9aA+bjJ2PZ1OgnbiEZq
+a7BOrx64c4NgItdQT0X66FqOSlQX7dfOOg5eueeSZIhO14NXez/FLYJfC1cBjjIm
+42tLM2eZxGhLulBemE3IgZFm8XzrhA42ElsoOoyGNd3353BAbZhW2Cs3z/H7zF0/
+XPS1XspB7hMfIep7yxnOBfZWQkU=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C6-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFsbEUzvE6pd8wbOdBl9aA+bjJ2PZ1
+OgnbiEZqa7BOrx64c4NgItdQT0X66FqOSlQX7dfOOg5eueeSZIhO14NXez/FLYJf
+C1cBjjIm42tLM2eZxGhLulBemE3IgZFm8XzrhA42ElsoOoyGNd3353BAbZhW2Cs3
+z/H7zF0/XPS1XspB7hMfIep7yxnOBfZWQkU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C6:KAS-ECC-CDH_B-571_C6-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C6-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFpSzr9oEDyrAmbPLGicSPCAVJ//xw
+25gJwqRvkItyib5ZcynznuHkzKOYZk/6m9zwEpP0NZPRiOEkEdV+VZs/ajDpVUhp
+8EkBThNxZfsNUw6GU9fLKoRhjdOvz6PwhWAXkUKq6XJ5DOdGov1EadQVWHRDeMZA
+rnOkibt/gc3KaxuxZ8eUwm1iOKDSVq/DuiE=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C6
+PeerKey=KAS-ECC-CDH_B-571_C6-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0428413f2d2aad4d5288885c2edc8b976321ae1dd4fc6b41275fb88b8c5e7776165effce79025163538a0e83c919220a407ead6cefd616b4b05294488c2ef5d30ab8caa55ccbd1b1
+
+PrivateKey=KAS-ECC-CDH_B-571_C7
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAgEV0X5B4TF4tCoA
+TAHV5O8cdiQQScfTG/DqhdbgcKLiuSCA5h3lRvzL1NmRI2uzYO8/IG7hbYhDoN3I
+A0Y2ZKjM3C2HoQJ3oYGVA4GSAAQGyKw0NkrK4148QXFgMz5IZBho/MoEwNV3vgb1
+irClX9fbd5/nN3edoz0An1e1utSXAurPV1rLryffgzBwzYk6eSR3DJLv86AGG4Ll
+RdQcYv7waLNM2/ATlhFdKhQX+XGUg9JphrbVL49t4Gg3eV9tndfNCVdBEUMYxuim
+IGs97u8BTw5EsNxmhOEA5Kw2FlA=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C7-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGyKw0NkrK4148QXFgMz5IZBho/MoE
+wNV3vgb1irClX9fbd5/nN3edoz0An1e1utSXAurPV1rLryffgzBwzYk6eSR3DJLv
+86AGG4LlRdQcYv7waLNM2/ATlhFdKhQX+XGUg9JphrbVL49t4Gg3eV9tndfNCVdB
+EUMYxuimIGs97u8BTw5EsNxmhOEA5Kw2FlA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C7:KAS-ECC-CDH_B-571_C7-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C7-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCbi8e5k55WOkCVHp9sKHhSGbz0sAS
+fCu5sJ7iMtPZUY7kSuj1u0M6CIBp+jhs1ciQJxG3YqwNo6ejQgRyxH6FD5iN1gpj
+bX0Gd/9RAFLU9GCEn7jvDU81Gc0jjk4caItzbPbjdZVQ0TSh5so8tHnWi03F0Luh
+ruF4vW/hXsGW+x9ifYcHk5T294VOBTIo3uU=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C7
+PeerKey=KAS-ECC-CDH_B-571_C7-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=031bd2a84369e93dfa00581446d52762100d985cc7bb91c4fa8be7472e2e8e9781c52b19a54330442441bacae23f4bdc76486eb475d51f26aafbfb272a5ab5db184a4d3c3006e5d1
+
+PrivateKey=KAS-ECC-CDH_B-571_C8
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAIR7VF70lhVnHwi+
+c6SRRwYxhEkzQBEepNzhPC+SHwe/rP/IRB9MfJ0EefV/OhP0wzxj7UfDpD+y8G0G
+qXgOXAs6wwQQrcSRoYGVA4GSAAQGmU3cWuLFtvRdwytxDxpJORpH86D4wteEZVL+
+SH7wHMoEMRVbtUUzsGeinoNnNzr5XWp/C/mNhptwj0j5XxuIoVMP4iVH6X4E9iiN
+TXBPM6iYAx59AEb78eNKcsivGQ9NMxYzQ8iXugwNivioYjahw7ZVuXncRSLTPWam
+ZbO2UBVw8HYyKvCtK7qqBOoumV0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C8-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGmU3cWuLFtvRdwytxDxpJORpH86D4
+wteEZVL+SH7wHMoEMRVbtUUzsGeinoNnNzr5XWp/C/mNhptwj0j5XxuIoVMP4iVH
+6X4E9iiNTXBPM6iYAx59AEb78eNKcsivGQ9NMxYzQ8iXugwNivioYjahw7ZVuXnc
+RSLTPWamZbO2UBVw8HYyKvCtK7qqBOoumV0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C8:KAS-ECC-CDH_B-571_C8-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C8-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCPuT57CTe4gOs+2WGMTE8etQ5TEfx
+eU0ItZn/wV8OXaspEdl+Aw3ffLS7rfilvOBcNTWPvQz5XT1cf/PNjua1TjedjQEj
+k5sGBr4j58V0bb04QE/WB/t/J47iSdyOJ0DPG7mxwHsc9+ClCkMlZ9GGl5moAxIl
+ENtDeYGiqhJuuarzx74FqA+sFJXhxAyhwQY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C8
+PeerKey=KAS-ECC-CDH_B-571_C8-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04df20154fa49a1d6e04dc2ba6e55a7f2ae575de5e2c6e4091a4d2c36aa93ca9699b890f0ee4df53aa75d0d9babad68605bc027ec67c187a6826aac0f4bc596baae788b376110216
+
+PrivateKey=KAS-ECC-CDH_B-571_C9
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIA0wkWDArQ4V/Eq2L
+2ah1I3ZBoh4hyjz5oJVtPP7e2WpeH1M9gntSj7tYbak+77tm0HeLGbGn+28Xu/nn
+m5rO/N17lgXniY8moYGVA4GSAAQDLTp6QJnwif6pGJIR9zZvLtxKv7MWxcBZSNje
+V/ygI7+2oRsQLqQSC6YhksDfYQvY0vY/xXcn9Ka2QKv40pn6xWxMeviDSeoE5jmf
+HO0madOlUG016ivr/M8M7IS8lzg6rcO0g0f2KWJuYJb4kENeWTNnUEj9zvze3j7W
+FuZWDULp4XxUkuMLwt5GicBZLss=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C9-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDLTp6QJnwif6pGJIR9zZvLtxKv7MW
+xcBZSNjeV/ygI7+2oRsQLqQSC6YhksDfYQvY0vY/xXcn9Ka2QKv40pn6xWxMeviD
+SeoE5jmfHO0madOlUG016ivr/M8M7IS8lzg6rcO0g0f2KWJuYJb4kENeWTNnUEj9
+zvze3j7WFuZWDULp4XxUkuMLwt5GicBZLss=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C9:KAS-ECC-CDH_B-571_C9-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C9-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQA1KCxHBc5vtCU5y16aSODaDbZIVdG
+xyzGgARaNtga314lOU8mmiraHZQ568M7uTHW+llaJSYcJEoeF7BG+xD7VLsxIojP
+Lo0HUgT1DTKrimq7/5gtH+NyuMVBW7W3JrNGqk8IvjL4yigsHvbhUkIzYNl7cooH
+Tms887kScYsWks2YMBl0GiVBgkI0vcjDI/k=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C9
+PeerKey=KAS-ECC-CDH_B-571_C9-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=037a380f525590582658e2dd272a32de67fc0cf5390b37f4d33c1359f075d4461ea38a55027317892a3d1d22f5ea333ad437667d2f3eb8781c39504036ae33e4b0a26b6894722f0b
+
+PrivateKey=KAS-ECC-CDH_B-571_C10
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAS23haA8Jr46bppY
+LlwyqJVwrUMItxPOVHHqGT3sHzLWi0/N+xYA/bHstnaeJqDgV4Etu/DtSVWSZl5r
+jpqXN4owtcZg+63BoYGVA4GSAAQH7ffuDsd/Wmw8nsTtj9PLgUo0LpzGRwtUeB7W
+wUHiEVyG29e6J5k+t+vteji+SI+W/d+pgvNpGqHCppf3cGv/PRrdc5YGYZQHs4JL
+f3smb6Qv5Tatwqx5udHltAjnIXs6md3rmS8xI/8tFod00wCoGKMmkuJlr8b29XjZ
+vTEhEytZeYQfei0GDolIkB1lfBw=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C10-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH7ffuDsd/Wmw8nsTtj9PLgUo0LpzG
+RwtUeB7WwUHiEVyG29e6J5k+t+vteji+SI+W/d+pgvNpGqHCppf3cGv/PRrdc5YG
+YZQHs4JLf3smb6Qv5Tatwqx5udHltAjnIXs6md3rmS8xI/8tFod00wCoGKMmkuJl
+r8b29XjZvTEhEytZeYQfei0GDolIkB1lfBw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C10:KAS-ECC-CDH_B-571_C10-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C10-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDu4QDK3//zieszzVLid3fZGzctWY0
+3w+FIKdzD4q+sF+ZM9ikNS0cd2fMP5uAzv/N0Ms6l7WSg/0KZ03E/SQDM/AgyCtI
+BMUHRJkzasOoBUMHiZAnaCUgJrUm7OVKwo6MyHjxi6+fq0K6TONOSWiqwe5qC7Fc
+mnCYgqU3KvVuoLNoFzhfu/6sS5BgaeU/v7o=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C10
+PeerKey=KAS-ECC-CDH_B-571_C10-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0420de313bddce87d07321e3f0af404d9d13e5369b79506e807178711153c9b1837cd055562eff3aadfc5954a221eeebb1bec1696d3df1cccfb8b61172a50d83cee95f4140ba070b
+
+PrivateKey=KAS-ECC-CDH_B-571_C11
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAgJgana2oT1uKSgL
+wWE+EVAldwskX1Vh1Yg+E14VnMQ3sck1Wy7uKzur7yKf5UWqsrzKFV6JcklfGXS9
+sewOYMTmx5xI8mpGoYGVA4GSAAQG5026TgcC8YbTNNPEniV44e36xWRkXdqMSliB
+WPjXo+9jJDZTwNUHQnc0+0zIet9KNr1avKH5ILm9bjv6UckW1XEIhFlOlIUFuSFH
+ottIo4MMz6KJUaK36OuEMTuZsKmQMceDTGM/hlovmESVJSiuXe4CQoqCTN+34gko
+/8U0IN846tC0JA0GWdWtsf8uLcs=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C11-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQG5026TgcC8YbTNNPEniV44e36xWRk
+XdqMSliBWPjXo+9jJDZTwNUHQnc0+0zIet9KNr1avKH5ILm9bjv6UckW1XEIhFlO
+lIUFuSFHottIo4MMz6KJUaK36OuEMTuZsKmQMceDTGM/hlovmESVJSiuXe4CQoqC
+TN+34gko/8U0IN846tC0JA0GWdWtsf8uLcs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C11:KAS-ECC-CDH_B-571_C11-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C11-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGVWpMyYRmeUqT0DOIU2d296SzNEw9
+xOuWCkpkWPx4ac1ORbLxQMRop9TruoTJSCM3oqitqsiKmmKdoD3SR1JmQrCrcft6
+jHAFS5fZUrGfdChW2s9OUN8MMQO68lP03mWj2crOY/6CkG0sjoozEvtTXgD5tcpp
++H28f6P32H/gJFNmBKr+RkBZPMz+9vrAKKY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C11
+PeerKey=KAS-ECC-CDH_B-571_C11-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0606228f5a05077aeefbefac23c0d5bac7a6062bfc2b02ce8bba6698ea96b456b1f0d32c6e05dbb9be61a83090428eedea18c74f41238edede9e3a12e28722d2f314613c2e84d6db
+
+PrivateKey=KAS-ECC-CDH_B-571_C12
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAEhng0isM7kvLFln
+cQPqQJlGtVk9EF/EmDNRxO3pKcS5O/xpWHZVXjrOQXuCrAW4Mmdqwj4pVaCe5kog
+pfmOYkmfQ7p/f8jhoYGVA4GSAAQDHdSAjSs0G4iB9eUKLczjjfg5AJ+SGFl439mm
+DNruAFzbqCZVZHc21AevuQxnzdsTuisBYY9F6KJ0MX4C93D4Dvh7u8GxEFYFCgZx
+ycDOV6SU5pEfE3bPH8M5OIW6jCb23cu1Nhh2hgo1r8H0Vg8pcMMNs/HIF9vIrysC
+Xa7TqdoS0vrp1xTOrYBEXmoKCBM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C12-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDHdSAjSs0G4iB9eUKLczjjfg5AJ+S
+GFl439mmDNruAFzbqCZVZHc21AevuQxnzdsTuisBYY9F6KJ0MX4C93D4Dvh7u8Gx
+EFYFCgZxycDOV6SU5pEfE3bPH8M5OIW6jCb23cu1Nhh2hgo1r8H0Vg8pcMMNs/HI
+F9vIrysCXa7TqdoS0vrp1xTOrYBEXmoKCBM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C12:KAS-ECC-CDH_B-571_C12-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C12-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBAFGCsCmkhSju9f/QIhrYcIWrrGpy
+cFIDo8Fomru8DhKSel6Ds1Khutl3BhAfRKECLMwNVSLcXRyhQz3gOiuh34ZIdfUi
+vmEBiwKpjws+TM9EqWk5ogg6sfKgTa/Vvc7jz/Q4uwi/8SBDqhksX8804TtcKXQs
+XYZLnKxGvqbpbfKxvkSTrPlQIk1xc3+ZBlg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C12
+PeerKey=KAS-ECC-CDH_B-571_C12-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=052669336019db5eddef5eab2336abeb60bbc7295e4bb663ab43e373fb6d888d7433ec89a487a91d4a59c289a9509ddd1bab33cd02a7bf37aaad78dbedf0b4ae5f2f35d15cb4e628
+
+PrivateKey=KAS-ECC-CDH_B-571_C13
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIABe6ty14j4t4ub/E
+kShjxaSJIv5p6KTPXm6Rdj79VHehzUOd7dCv6lBOOzr2gj6jCJwDdO2a7iSohRbI
+zzr6vplbm5Z187WroYGVA4GSAAQBYcFLvITkLsdneow3cAZezR8PROrIJCpxWmGX
+Hn5P//eP9Xob8blcv8LtlX0RlfnqUICXFcJDnHVD5XNSATVCbUdTW4v8hTMBJTYz
+0CJRRk7cxT7Z6KntkykyDvXurzXWTFm5c1yW4H8aYuwXvO5PBM2ahaPrUEqvN7s4
+jGx9CNkKoLaFVrXAaOy/ClmERg0=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C13-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBYcFLvITkLsdneow3cAZezR8PROrI
+JCpxWmGXHn5P//eP9Xob8blcv8LtlX0RlfnqUICXFcJDnHVD5XNSATVCbUdTW4v8
+hTMBJTYz0CJRRk7cxT7Z6KntkykyDvXurzXWTFm5c1yW4H8aYuwXvO5PBM2ahaPr
+UEqvN7s4jGx9CNkKoLaFVrXAaOy/ClmERg0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C13:KAS-ECC-CDH_B-571_C13-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C13-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH+rTlkyjHAPdGSb2Qp9Uf8olY/nIN
+qqsyjPybACqnBs6zmTTbnM+B3uyVaJzox3a0/GVCqCNYzFHrvG2OUyLLP6bkaV4X
+D8EFrNRc/6Kd2zTuQudBACZ5jjeo0anOn5KU2lGYFktpAQxoxTKBzL/EB9FBCX2h
+N+eEnyKP3BoHqimL4myncfR6xP6ycj1aZmY=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C13
+PeerKey=KAS-ECC-CDH_B-571_C13-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=062de5aa98b440c6cb7a1428f6b5e47452b30454eec4d651982b531121febbd5a3833b180017f7ddb5ce38d7bb1c842de1a8a8fc7fc981e24733b7662813fd010a4e757ca4ea5c28
+
+PrivateKey=KAS-ECC-CDH_B-571_C14
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAqstQwJ7CPir+jWY
+7wFEOZpgtgN7F6OuQT1CLvohZ+nqTxnX7KmNhcZ8H+hfvLwfErr6MKhdvfVCRmiJ
+MV8VMt78XRgVCfAIoYGVA4GSAAQDKMDWf9VS6hDlvfe4fVC/TcujTcpWmuuGnFx9
+x9gyzjD+7TLiWnI3k/l8VX4vl4xeE0nmm3PvmRYAH/sNbNssY0PjRTg4bm4B0VG0
+btAEJjzZpcDUaoQNAyImMfkv+SgOlaNXRs28r9n+1oEcdhS51Qqigo3HonWznT1B
+ijSd0eK3MhH03po0tC/KEbl2Dso=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C14-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDKMDWf9VS6hDlvfe4fVC/TcujTcpW
+muuGnFx9x9gyzjD+7TLiWnI3k/l8VX4vl4xeE0nmm3PvmRYAH/sNbNssY0PjRTg4
+bm4B0VG0btAEJjzZpcDUaoQNAyImMfkv+SgOlaNXRs28r9n+1oEcdhS51Qqigo3H
+onWznT1BijSd0eK3MhH03po0tC/KEbl2Dso=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C14:KAS-ECC-CDH_B-571_C14-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C14-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQHJnYwKtGHMbdiArxRQp6/fsz2Ml9O
+CEwvkuMojtKQSIueNnIOKdqi2xmTp9F86O+djM7GHeikBxduJnTCXVe/8sRlljWL
+NgUDwAItUyKQkeFK8PdFDeyhy124IecVkGCP4Jhtc+iMkV5e6N/ryJVZE9kWT5kv
+VjlKZi7xHIIU6K2oXfGxewuXQUzdZi0Yi10=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C14
+PeerKey=KAS-ECC-CDH_B-571_C14-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07c7eb4892816cc3388ebcdfb412984e05910c112dd15b8e5481719401701aceba22fcf35aab0c3b040096161011f6177097c505395d9d6d8a713f6a5100fb476adbe7b9cdf4b68b
+
+PrivateKey=KAS-ECC-CDH_B-571_C15
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAEnG5MBaGXskr9Jw
+ckP/v9VbAIj9M9h9rk0hBI918rhiVjB1JB0vNv3Q6UBatCqlXL8gldq8Pa7frp3r
+kiIgeD6Fkc/WdgCxoYGVA4GSAAQAH+KaTC3QALvtEpEhuI7btcObNAA/FwrBn6mo
+XF/lh6q4ITYfSWNEDyWstJdYgQVS8Gtxmp60O3IOm3rW751BJI1fM1+ZUVoBSZ25
+WAjHGdJOsFxjPbiwXPlpygv2VkNbH98bCSgpD2pr+ICtuf1TyG7Hbg9izonL60wm
+b2Sodtd4IxoAMMOKoA1mxr1oB4U=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C15-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAH+KaTC3QALvtEpEhuI7btcObNAA/
+FwrBn6moXF/lh6q4ITYfSWNEDyWstJdYgQVS8Gtxmp60O3IOm3rW751BJI1fM1+Z
+UVoBSZ25WAjHGdJOsFxjPbiwXPlpygv2VkNbH98bCSgpD2pr+ICtuf1TyG7Hbg9i
+zonL60wmb2Sodtd4IxoAMMOKoA1mxr1oB4U=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C15:KAS-ECC-CDH_B-571_C15-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C15-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGzXkx/PGTX4HzAUee2a0Mb5oFvs9O
+Vzov9Am6/EQuwZX34/39COWBYdTg/Tf2KpaUIbGc1I/oSKXX90uBN6fHJqnL03os
+87QEtbLNg7J4lXUcNNOsW5YKEz7BiwOcLhKNNEHbT3bot1BkCUYZsSLl+y8cJ5ZV
+mtlTxxHjMNx79V7fKfCVyuRVV7fI1YQ9ib0=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C15
+PeerKey=KAS-ECC-CDH_B-571_C15-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=05c638349000ec30881cd190c067e7f12b6b42d5842a8285a8ff0dc7e9c9eaf483309e48314fdc2ce7f9da6a468e549c8e70a50b68d07aee29708a98172209e5cd2e8c09cb66d982
+
+PrivateKey=KAS-ECC-CDH_B-571_C16
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYazHOSQx/KPJ5MH
+WkrmRayznnH/6UTuYr+CWH8cPL4ojOYCTY0DXxB9mk+u1Xp7Ie4dbnEpoJgATyLM
+1SdAwDSm3ze1PQcyoYGVA4GSAAQGsV8ahZ49gJJGEbIMG5Tf9r0FdP74GTfx5U0U
+jS0x+MIbDqnOAxyUVXBvCFpp/UkkGFWMfemq3CyamW5+0f7aMpx9dgm7ayIDKRBU
+TLE24sKaozVyqmw0caUuvKayKL7nSfqf/ikpakpbaqDG3J8JUhbnsVE9gcugB5Sj
+9Vj3ShtUHHOyMI9PjnQCi1wrzfM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C16-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGsV8ahZ49gJJGEbIMG5Tf9r0FdP74
+GTfx5U0UjS0x+MIbDqnOAxyUVXBvCFpp/UkkGFWMfemq3CyamW5+0f7aMpx9dgm7
+ayIDKRBUTLE24sKaozVyqmw0caUuvKayKL7nSfqf/ikpakpbaqDG3J8JUhbnsVE9
+gcugB5Sj9Vj3ShtUHHOyMI9PjnQCi1wrzfM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C16:KAS-ECC-CDH_B-571_C16-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C16-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCmEtlMHTDaiWa2VbVVWUSwscx+lDy
+AF0ASanZd95cALegVMlgzdcHiWMhSQvkM71e/9RMVk6qLVAhF1BQxb/BY82x6B3x
+M1oBp4bSkJizNPXBxK6GpBvydcxnh9pyBpFlV6T0MxkhQQNFZ+BB1V15SncHx6ry
+iELVyPWQN1pDZWkYqoDlWwKFNHzOj/4fFeg=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C16
+PeerKey=KAS-ECC-CDH_B-571_C16-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007a40a59b6632156a43158565a4eeaf80618e501c5ac5afdab4ce3cb76ac99a0bcd17e9eec549373ace8c96aac78e2af6600483a2c49ec81298a083d5237118de96a953999beb26
+
+PrivateKey=KAS-ECC-CDH_B-571_C17
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIA0H46GGC3k/D9DhX
+JQqSmkGZTTMdoVTAJJ+g0cJqbeDoNfoIqMxSTj2sKGOD+QvS9NLHUULx04EI2cBi
+FDyObtu9oK+Hp2rVoYGVA4GSAAQCxcXrcydAJnJXPDe0kokDQ6tCK1G8ZbYAdm7B
+0HkI/wO8/edpTYMrzeUpRjOd8Kq0B0rgeon4IfWhEw0rc9sMQjrnoCOuLBgEdu09
+vZNtHDaYekNRLI8FYuMWEi0Fp+3U5CSJhMEfbrhSFdWqoCYqlfIGZsnb9FJIrhd9
+Lf/6OmqVBTMpi1w/Shti2h6vzVE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C17-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCxcXrcydAJnJXPDe0kokDQ6tCK1G8
+ZbYAdm7B0HkI/wO8/edpTYMrzeUpRjOd8Kq0B0rgeon4IfWhEw0rc9sMQjrnoCOu
+LBgEdu09vZNtHDaYekNRLI8FYuMWEi0Fp+3U5CSJhMEfbrhSFdWqoCYqlfIGZsnb
+9FJIrhd9Lf/6OmqVBTMpi1w/Shti2h6vzVE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C17:KAS-ECC-CDH_B-571_C17-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C17-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBqGguCezNGGjaICkWpWHuhRPA1zRw
+zTQa7nntk1VqOm58eyAwLsdKDFFwqON9eKm10N45AOsqZjpyR895Q/04HZWzqv0V
+YWcFL+zGj3aV1OQaCAxHZQ0gKHTaFjoXSOVQNzlY4xvQquUgmW0w84RzD0hU9eVO
+aMwklYrcUuKkxAc1ZRTz6nFmBW3Gfk0Rj6g=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C17
+PeerKey=KAS-ECC-CDH_B-571_C17-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=021fd2726973405fc30d2a1f2115907cbd0de90bb6bcb0496452e389b1b10ccf38e2400617040cf0dbb188f345337678b0ad8603dcfe926582d4321f384daec0943e2cd267f48343
+
+PrivateKey=KAS-ECC-CDH_B-571_C18
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAgenOC2KIlcSJuDA
+bCaB0JvKGbXbfnu/wTrCCDid+BaNd2FeMMqGEDk25T3ZrwHN/iT1COxgk5l3XOhM
+hon41flvZS4BTg3ooYGVA4GSAAQEYI3AUSvFXHNM1WKsWCX3yji3k/js6bmBzBxA
+Mt3YA5Fk0MZGtCsv1FO1odOnSuI8MsfVhAB948004zEhuQ+rOtpmIbOsl4UGqp/7
+/WXFCTcIRnB2dKxyPawkpvM6Hgu834skujLPe97I/ckjO3V7wHPWTe30hMb6Ae8o
+6HT7DTT1iw4ysYZFwwvctRbuOEE=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C18-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQEYI3AUSvFXHNM1WKsWCX3yji3k/js
+6bmBzBxAMt3YA5Fk0MZGtCsv1FO1odOnSuI8MsfVhAB948004zEhuQ+rOtpmIbOs
+l4UGqp/7/WXFCTcIRnB2dKxyPawkpvM6Hgu834skujLPe97I/ckjO3V7wHPWTe30
+hMb6Ae8o6HT7DTT1iw4ysYZFwwvctRbuOEE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C18:KAS-ECC-CDH_B-571_C18-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C18-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCza8TmgzaKADWESj/5NcyOzSg/PSM
+lABHn/TIKRy/RvFsQeRAmq7fFLxgpkKy17qs3o4AUd2K4Bv1rS5uZJDHfNQGqZnF
+ZeYHjt0p22o7h6EVBbV8VD/7dGpbQPuD1yBhgPOun8siLFQRp3R2Zgx7MRtkYxCQ
+WImpWg8v3DXTD8YcxVYKKRQjLWKtNjhrkXk=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C18
+PeerKey=KAS-ECC-CDH_B-571_C18-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07a47bdc7d54ecd391672f131b3214d0efc4d40195db1ec993a62fe9da875efff5403bd708fa491a01a94f4bddc7d516baffff9fbdd213ca1a4905f9aa679d65da25c0f1fd2afb0a
+
+PrivateKey=KAS-ECC-CDH_B-571_C19
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAGuo8SzG4OeN+Mxi
+mISKdAAl5yxi0JnpJYSsdvWVrB/HJMsGqFoH8NRED6893qLyZfIBXdBZoWoDopkV
+uHMdYEUSzu8iuEHzoYGVA4GSAAQGNvQ16AYAZmEIc3MAdzqO1v+o6/gwfIH/X0Q1
+PpG60IYzG4/v8/HNuG4GG95fccX7k48RfiImqX0rZrCY6f9SUYLIFucCxqkBwb2K
++uapQQj8LHVdXeP6Kks0cfwqXN9K3aaFKb8YD/KNsVSrQxEkezkuk6M1u+h5Zgi7
+1gE/Q83MhG7CImdCPDz9os6KPZY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C19-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGNvQ16AYAZmEIc3MAdzqO1v+o6/gw
+fIH/X0Q1PpG60IYzG4/v8/HNuG4GG95fccX7k48RfiImqX0rZrCY6f9SUYLIFucC
+xqkBwb2K+uapQQj8LHVdXeP6Kks0cfwqXN9K3aaFKb8YD/KNsVSrQxEkezkuk6M1
+u+h5Zgi71gE/Q83MhG7CImdCPDz9os6KPZY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C19:KAS-ECC-CDH_B-571_C19-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C19-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQABRUS5KDbxTXJe+EP+nQldYOCiDBA
+RmYB1TkbyzWCwRUlKTJJ8kSXzIByFrNMksHgdXgcg5HD9tPRT4ih1Q6p/HX/jVHM
++TMDnaRsrIZqs0dhesWotPFlcDTjuN22a8QnPi4c4BZB7OY2l53oskktxp6IU3w2
+scOtDTUif4Z+Q9+ciRfc6fjB7zujy1youlI=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C19
+PeerKey=KAS-ECC-CDH_B-571_C19-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=07326196a7decc92c81ae5a0779c9a42f53d94cfa4c3a13f19dbb554138e0e864eee6bc93e39214e2f74705a4b172aab510444c93b5b3e62517bbb7279337102db1c61de349d9747
+
+PrivateKey=KAS-ECC-CDH_B-571_C20
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAQcW8ud08n9C3j9s
+lpTY7KIXmCMJHSAvK6FikZOhyYcAaTOY/8gxV/fOSFjnU145kNIZvCSd4WRVjKyA
+fuFZd4oBLaGeUBK/oYGVA4GSAAQBULOt3hYqfwk1Daz0YEGf6GuZ3NlPRCg/uj5D
+0oG5O7VCgoEs5SJlqUg4lo1nqdbs3BtstkzxWUUhxHSepD2OTsBF5kX/I4sHtDMh
+thGLh8Rse1IojfXdHPfaYYPs5WM7TBfK42LYIRkffVeSOSgzmq332F9/Gd6UhnCe
+TS3e9CxVu012o8tQytKgmOrVlSo=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C20-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBULOt3hYqfwk1Daz0YEGf6GuZ3NlP
+RCg/uj5D0oG5O7VCgoEs5SJlqUg4lo1nqdbs3BtstkzxWUUhxHSepD2OTsBF5kX/
+I4sHtDMhthGLh8Rse1IojfXdHPfaYYPs5WM7TBfK42LYIRkffVeSOSgzmq332F9/
+Gd6UhnCeTS3e9CxVu012o8tQytKgmOrVlSo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C20:KAS-ECC-CDH_B-571_C20-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C20-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQATC3lZCQxvMbrgu/UNVVAqLXSOxKw
+330xrWlCW5RUmHdEPujdfAnPu+2G8TZlkx1LKiF1nDPhC0rPxjuh72GsqqGMlOPP
+yTMBdlt6N+uAbUMZbSkx2hoZU3QtPg2nzLZ+Df26XgNJFMzj7mOTv95AZw9AYZYG
+faiyk8aENZPdIhyJv5eWNna9BE6MirjnF60=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C20
+PeerKey=KAS-ECC-CDH_B-571_C20-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=059052d3e1c66efa4b7dd39e74299e886367d8fe49d7cab90e4f051bec10316438fb29b1290dfdaec169decd622a1010cf0a0275008814f4861b4d83ba78515a8768d978be430011
+
+PrivateKey=KAS-ECC-CDH_B-571_C21
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAdAQP8eUivEH5R9N
+LMA5K2aAgFnR8my6Bb5qOB9SLUy4VBN5NKzNHOozYJSOQG0xCMlDdp3HALTJzAzB
+2EurWKNeJ+skBHXwoYGVA4GSAAQBK9qN7T7X6LbTm1hVpY1yW2XjhXwqZ0mW6zk6
+Pj+RWVu/qHJTpW66wrEO1Aavnb/1OyImX761p2nKzitgtF2/l87tKwoE21ACZFSC
+fv4psySuPy1MDco6OpVJFRHFMWRaz1RbRe9qxKUMCdPSHyE8p2uW+xgkLsvgivaH
+Vd5OEHcXNHWCbqq+0mp1w2nNew8=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C21-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK9qN7T7X6LbTm1hVpY1yW2XjhXwq
+Z0mW6zk6Pj+RWVu/qHJTpW66wrEO1Aavnb/1OyImX761p2nKzitgtF2/l87tKwoE
+21ACZFSCfv4psySuPy1MDco6OpVJFRHFMWRaz1RbRe9qxKUMCdPSHyE8p2uW+xgk
+LsvgivaHVd5OEHcXNHWCbqq+0mp1w2nNew8=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C21:KAS-ECC-CDH_B-571_C21-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C21-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQCUDig5yrowW424+O1BO1zQe9wm5/s
+i+kBdzRtdsp7xxM9DsKArPBmAFxcwQtSqmVDNf6CCmYX5WDicJA/8cLMivE5jyTf
+4rADEHTKOTGAGmrLdltukUQXLtgdmZ7Z6DW9NVJrA+8qE/eDdgMrDrgUbCMTI2X8
+4Xany9ykSzWqN5hZ9oisJtxkyBSaQyLQg9E=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C21
+PeerKey=KAS-ECC-CDH_B-571_C21-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=03acfa4b3d1c2a6b62af23bdff6a215a416d4437ce6cc114d17dc4201195987a5d7301da11b913254702d7172e31d64e59b24deaa3270f20445e51dc484f7a2b8c3cbeb0bb9efb28
+
+PrivateKey=KAS-ECC-CDH_B-571_C22
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAy0vVX/ke40oD2gu
+JP2mJ916WOmwCCKjqvbregFPR2wXlBrcXiI4owgNcG8eFqRRt+kpQneZMMVnCkcy
+gcrHi4WNHxzJmwr/oYGVA4GSAAQEDzEw50scjrJl58TmkhQR65cUGCZ+jeqHnC6L
+Vjhk8jphsjQiyaBvoXiooVXj54RXWXWH8+NbefGdDC4YWu9G25WBnL4SexAByR0n
+wq5xE+sDvpjpTTrW3seR+sL+DSyMmLcTcbBYpkn6nD+jzNu6kyOVwnr/og2VrAQb
+yZeOP1MIKaLGTImxvM6sBoVPuQM=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C22-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQEDzEw50scjrJl58TmkhQR65cUGCZ+
+jeqHnC6LVjhk8jphsjQiyaBvoXiooVXj54RXWXWH8+NbefGdDC4YWu9G25WBnL4S
+exAByR0nwq5xE+sDvpjpTTrW3seR+sL+DSyMmLcTcbBYpkn6nD+jzNu6kyOVwnr/
+og2VrAQbyZeOP1MIKaLGTImxvM6sBoVPuQM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C22:KAS-ECC-CDH_B-571_C22-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C22-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBvf/9acLgj7A8hT7y69CI5o0jP9uV
+8LJG3nlV1hUHff0LD/AsZNAd55M1kJa4XgV7G3+fWSYtwnV/GCQ+GC4aC/6dy7An
+1osCGL59lWAp8TnBnS2jRnc7FtevyFirjctg1+SErs7DCcs/6pavOQNjfl2022eL
+tdubCxjYPPnrwbGq8k9DZ+xTNoTOnVZYLUM=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C22
+PeerKey=KAS-ECC-CDH_B-571_C22-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=067a58e5b3287bb9aa83ed9ca2d718cf7165fb574b6a446c3019849cd1584673d561b574bc8f68419437c5e8113e060847cad3b5ddc2f67ad75bc1e3f04554e63a5e4945cfcb65f5
+
+PrivateKey=KAS-ECC-CDH_B-571_C23
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIA+7ikZaovnDrOjEE
+ZAWcwMTELxNIerGgdiwsvjBOvmNQPmxwaKf0vBl/gfZbQpXBSyEPPLI3i2dAH89S
+vsAsE7YbbeFOG35boYGVA4GSAAQBd6zF/p9C9N4tJ6ub9vfg6s4wPCZv+LNGkIKr
+qTZ+ZkQL1rG9i24a7JK2XjWuqPAH8J1M1n7qXWAAc2yru53MyUPrtWVqBYYHFvGJ
+jiqMJzGd56JpjyHV3likuLjdArXkMxENOXf+6OxcCJ0XCvAqStPB+rRLDR4qO+up
+4HGc2L+DZEeNaGxONfdFfSTQIdY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C23-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBd6zF/p9C9N4tJ6ub9vfg6s4wPCZv
++LNGkIKrqTZ+ZkQL1rG9i24a7JK2XjWuqPAH8J1M1n7qXWAAc2yru53MyUPrtWVq
+BYYHFvGJjiqMJzGd56JpjyHV3likuLjdArXkMxENOXf+6OxcCJ0XCvAqStPB+rRL
+DR4qO+up4HGc2L+DZEeNaGxONfdFfSTQIdY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C23:KAS-ECC-CDH_B-571_C23-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C23-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAj8O0FPNBK0A/AcJTvSImFQIl3aqz
+TSAQifSdeeXcwuO2ghb6pm2sRFKcf+O6TSjYFbCII1lVcTu3chODUztdlCIbTtHh
+YrgCsyIB3icrGzK2pqWOoiQRxI9dxc8PlYcuZ1HtYizuzqIqVWl13mADhpriCvOb
+QrqIcXicgujzrTz2AG9DvEx9QQIDLEP495c=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C23
+PeerKey=KAS-ECC-CDH_B-571_C23-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=06b272ca3330c0cdfbe60a1746bc0ddea6257536cdd8e976f2517eb541460a3f0e6ea7fec2b495e0f57712c8cac35e8a7d64d876c29851bbfeb6fe726d57e0be43dc76a584ef9c93
+
+PrivateKey=KAS-ECC-CDH_B-571_C24
+-----BEGIN PRIVATE KEY-----
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAWmi2HWGlEwxc7+a
+InXjCAAD22SMLR4cVuLDfODXzZ+Bjqa3u6ND93TvDzNOpcEu8L51k9BO2UVFjXHh
+cRLrAdkEHSEzsTRzoYGVA4GSAAQFHlIXZCZa9/AbzZw/0CLf2y1KLFizsj0uVQMC
+xCqt1X0d9vwY5GW9mEQkle7SLz/WcAKEyfp4M7UWUUm44akeDgmaClcy1cIBmOfn
+0JTiB1KMWDhl0mKpGPwqOSYelcB9y9BE79OYGJkHivPrlzmCAaRlDw3Mvxn5Isjb
+w4Ob9r4AU/hFMccYQ6nmoQKrWNY=
+-----END PRIVATE KEY-----
+
+PublicKey=KAS-ECC-CDH_B-571_C24-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFHlIXZCZa9/AbzZw/0CLf2y1KLFiz
+sj0uVQMCxCqt1X0d9vwY5GW9mEQkle7SLz/WcAKEyfp4M7UWUUm44akeDgmaClcy
+1cIBmOfn0JTiB1KMWDhl0mKpGPwqOSYelcB9y9BE79OYGJkHivPrlzmCAaRlDw3M
+vxn5Isjbw4Ob9r4AU/hFMccYQ6nmoQKrWNY=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = KAS-ECC-CDH_B-571_C24:KAS-ECC-CDH_B-571_C24-PUBLIC
+
+
+PublicKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQFZagplNfm9T7ra/Z1I+5oD/t3ARhn
+PD4VwyAObI0fJsq68AwdpI5jdDFkl8ul8Z8XQg8mdjP0DlsGNieJv/Ea31ltWxz3
+aO8Bay1Nqsqca+2XayBk71Q1KliuNDZ4NaYhDhV4KRwd6NZ8ILw9b/piDIezCYor
+nzq7jSys1bLuK2g5nqxOj2XOvdZjAP0Em1s=
+-----END PUBLIC KEY-----
+
+
+Derive=KAS-ECC-CDH_B-571_C24
+PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b
+
+
+# Test mismatches
+PrivPubKeyPair = Alice-25519:Bob-25519-PUBLIC
+Result = KEYPAIR_MISMATCH
+
+PrivPubKeyPair = Bob-25519:Alice-25519-PUBLIC
+Result = KEYPAIR_MISMATCH
+
+PrivPubKeyPair = Alice-25519:P-256-PUBLIC
+Result = KEYPAIR_TYPE_MISMATCH
+
+PrivPubKeyPair = RSA-2048:P-256-PUBLIC
+Result = KEYPAIR_TYPE_MISMATCH
+
+PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC
+Result = KEYPAIR_TYPE_MISMATCH
+
+PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC
+Result = KEYPAIR_TYPE_MISMATCH
+
+PrivateKey = RSA-2048-BIS
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCytEHg4qzeBrqu
+1haSf0xOttQeyburRKC4N4KJIbtQbooYS6M7C9mvXdz4vA7PtgXS6L4gDTH2Bpa5
+qvbAYQ7CbmssmkciN/bqxMqecsuN49uMRF2Yy40UYCKv+wv6fGbCsrczDc5kfRu2
+XzKHewAKF9EZYkKLNfLjT+jQAogdfmnShDQPWus7t+9RbuZPrg/iz/urQGfTEarW
+8yFl6jJd88cjASrGCCxTCL2BLuimLrSauF/Na9K1Jmxst+lqXKhf4YYtf5ARgDBn
+oOfZl24ts9twBXD6hjfhVh3wOPJL3+EKOORBclHixQ47Kx9ermb6hQDv0AyRoXyp
+6Jy7gkLxAgMBAAECggEAeDWjXxh7+nqCV5ux4Wf6N7Tqqa9AK6xlhKXqjD6Bl1BU
+WpV+vvhwvXOhcjxmpjimYEKpqjvWEM5L06d6htyDJi1KsN0y3oTQ9wnb1owX+2F8
+TTWr1F2QkFU+4Cw62YuXQH8hlxlBbf1uh9Yv0kzeMOvmf3HGm4h104zsaghZ8aP4
+Tmmeqnc+ty3iQkjDLIXEaHYIZ1AZ7fzc/rc6kbkWGkVAgCP1CDIm3q586OZDQz0E
+hgLhWHgJQ5Z2m9Qw/hROJeesKHtq19GFafIBANDelB/yG8p+dCqPQsg6nm24jAHO
+pT1EipOWwLnsTBsa9BlcCYeBpqNIPV4ST+X4Que59QKBgQDjublne/+/i7dQLpCT
+01fzbkDEIV2s7jVpEz0imzT6HXIeHBpOmS7GHlurN7WLUcbB5QUEgzNxA08x80o1
+oU9b/jUpFBJRudyIKX8aSBVSInOXw1eQNjkqBZdUVN1ADeS/HYRYnPhIB4w31XgJ
+ujc9udPtn2GqWfKXrG5abfXfdwKBgQDI5GJ/8kh4nxtC7SvcJNfbRtC/03f0vJQj
+600vCU8X+wkk1EMtnHU/A/oOhZey/zdc03h3UuwznOER8KWLB8/XidRZnT9NgMGb
+sO7sNPyTfMep+jLcolv1SAThjQxAVxCkvl87GFGvGnBCTtLWMEWpazl8XH+aHgyn
+1NU/VJqa1wKBgD5Nb6YaTKwRA4QSWUe4SJW3Ek0We9R2D3LB6rXvFJ1hNPl74s6i
+JiPZ5mZ/hVGqe+BMUgUcCBThPOeDkkf97AJVGCI29ZQab3VpNPbxxbOE7W8V6Hzx
++M3AXdiapzWBF5YZ8z1zJJJATmJwKrkukzJ2Br86HbRHi5FngYGIF/6dAoGAE/32
+d3krESX0VpK3vK7F9IJ1n8FxvJ9Ptsth4P5yKpbG8C1XiiB54o2Iww00bZHMdqZs
+5KMR8oj4NQrXzqA2ZOLIiSqG9DWODupqvIMBZ8QRMq89hIt7z0sdgTzCLVz8wQhY
+/c6LwntFFLQ3cy1WoWeUTvX9lN7Mr58UobrPr/0CgYEA31WYhr/TH7sBG5tlUvuK
+1KYMRwh1HR3lMnuCzAFOEtIJhSG/GtWyPtlYzYWvYGEukBO5+QSoB9K+jNEm6tNw
+mRsMet399ylSQMkmPIfXldQvDF/9AvXBCR+EttZDr2Dw0Haeu4PGwT3WgqGHDWz5
+vOpxAsEe+k0AI8MnJvlO8uw=
+-----END PRIVATE KEY-----
+
+PublicKey = RSA-2048-BIS-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrRB4OKs3ga6rtYWkn9M
+TrbUHsm7q0SguDeCiSG7UG6KGEujOwvZr13c+LwOz7YF0ui+IA0x9gaWuar2wGEO
+wm5rLJpHIjf26sTKnnLLjePbjERdmMuNFGAir/sL+nxmwrK3Mw3OZH0btl8yh3sA
+ChfRGWJCizXy40/o0AKIHX5p0oQ0D1rrO7fvUW7mT64P4s/7q0Bn0xGq1vMhZeoy
+XfPHIwEqxggsUwi9gS7opi60mrhfzWvStSZsbLfpalyoX+GGLX+QEYAwZ6Dn2Zdu
+LbPbcAVw+oY34VYd8DjyS9/hCjjkQXJR4sUOOysfXq5m+oUA79AMkaF8qeicu4JC
+8QIDAQAB
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = RSA-2048-BIS:RSA-2048-BIS-PUBLIC
+
+PrivPubKeyPair = RSA-2048-BIS:RSA-2048-PUBLIC
+Result = KEYPAIR_MISMATCH
+
+PrivateKey = DSA-1024-BIS
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5ve1UUr42
+1y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WDYPxjMk8BqNJmeZtLuCVL
+KGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/
+qYaE31VmWz0CgYEApNVF8oFK41ezQci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY
++6ECNI1aIDHTd7CHwoS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQP
+axYt6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUFQFshP0hj7i6ClXkSPYoFW6KrIY=
+-----END PRIVATE KEY-----
+
+PublicKey = DSA-1024-BIS-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5
+ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD
+YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD
+YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9
+XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0
+mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa
+3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAdZCPYZ9WvtKW7dFvbEjl0HHBxLNX
+8kV1/FAxsDrQd+c8mWdruNzcmwsZJklJuTK9czKnXgLmkRHR20I4oNrJ/bptV8lV
+iDvJBJlmZ1aGh6yLIHzYBbgbgia3lBrFlO5qUxNmbNeiC+HIqUvlVBmQOLN6+Xjn
+Q4A0wDK8dmF2dFI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = DSA-1024-BIS:DSA-1024-BIS-PUBLIC
+
+PrivPubKeyPair = DSA-1024:DSA-1024-BIS-PUBLIC
+Result = KEYPAIR_MISMATCH
+
+PrivPubKeyPair = DSA-1024-BIS:DSA-1024-PUBLIC
+Result = KEYPAIR_MISMATCH
+
diff --git a/openssl-1.1.0h/test/exdatatest.c b/openssl-1.1.0h/test/exdatatest.c
new file mode 100644
index 0000000..7998622
--- /dev/null
+++ b/openssl-1.1.0h/test/exdatatest.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+
+static long saved_argl;
+static void *saved_argp;
+static int saved_idx;
+static int saved_idx2;
+
+/*
+ * SIMPLE EX_DATA IMPLEMENTATION
+ * Apps explicitly set/get ex_data as needed
+ */
+
+static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+          int idx, long argl, void *argp)
+{
+    OPENSSL_assert(idx == saved_idx);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+    OPENSSL_assert(ptr == NULL);
+}
+
+static int exdup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+          void *from_d, int idx, long argl, void *argp)
+{
+    OPENSSL_assert(idx == saved_idx);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+    OPENSSL_assert(from_d != NULL);
+    return 1;
+}
+
+static void exfree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+            int idx, long argl, void *argp)
+{
+    OPENSSL_assert(idx == saved_idx);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+}
+
+/*
+ * PRE-ALLOCATED EX_DATA IMPLEMENTATION
+ * Extended data structure is allocated in exnew2/freed in exfree2
+ * Data is stored inside extended data structure
+ */
+
+typedef struct myobj_ex_data_st {
+    char *hello;
+    int new;
+    int dup;
+} MYOBJ_EX_DATA;
+
+static void exnew2(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+          int idx, long argl, void *argp)
+{
+    int ret;
+    MYOBJ_EX_DATA *ex_data;
+
+    OPENSSL_assert(idx == saved_idx2);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+    OPENSSL_assert(ptr == NULL);
+
+    ex_data = OPENSSL_zalloc(sizeof(*ex_data));
+    OPENSSL_assert(ex_data != NULL);
+    ret = CRYPTO_set_ex_data(ad, saved_idx2, ex_data);
+    OPENSSL_assert(ret);
+
+    ex_data->new = 1;
+}
+
+static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+          void *from_d, int idx, long argl, void *argp)
+{
+    MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA**)from_d;
+    MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(to, saved_idx2);
+
+    OPENSSL_assert(idx == saved_idx2);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+    OPENSSL_assert(from_d != NULL);
+    OPENSSL_assert(*update_ex_data != NULL);
+    OPENSSL_assert(ex_data != NULL);
+    OPENSSL_assert(ex_data->new);
+
+    /* Copy hello over */
+    ex_data->hello = (*update_ex_data)->hello;
+    /* indicate this is a dup */
+    ex_data->dup = 1;
+    /* Keep my original ex_data */
+    *update_ex_data = ex_data;
+    return 1;
+}
+
+static void exfree2(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+            int idx, long argl, void *argp)
+{
+    MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(ad, saved_idx2);
+    int ret;
+
+    OPENSSL_assert(ex_data != NULL);
+    OPENSSL_free(ex_data);
+    OPENSSL_assert(idx == saved_idx2);
+    OPENSSL_assert(argl == saved_argl);
+    OPENSSL_assert(argp == saved_argp);
+    ret = CRYPTO_set_ex_data(ad, saved_idx2, NULL);
+    OPENSSL_assert(ret);
+}
+
+typedef struct myobj_st {
+    CRYPTO_EX_DATA ex_data;
+    int id;
+    int st;
+} MYOBJ;
+
+static MYOBJ *MYOBJ_new()
+{
+    static int count = 0;
+    MYOBJ *obj = OPENSSL_malloc(sizeof(*obj));
+
+    obj->id = ++count;
+    obj->st = CRYPTO_new_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data);
+    OPENSSL_assert(obj->st != 0);
+    return obj;
+}
+
+static void MYOBJ_sethello(MYOBJ *obj, char *cp)
+{
+    obj->st = CRYPTO_set_ex_data(&obj->ex_data, saved_idx, cp);
+    OPENSSL_assert(obj->st != 0);
+}
+
+static char *MYOBJ_gethello(MYOBJ *obj)
+{
+    return CRYPTO_get_ex_data(&obj->ex_data, saved_idx);
+}
+
+static void MYOBJ_sethello2(MYOBJ *obj, char *cp)
+{
+    MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2);
+    if (ex_data != NULL)
+        ex_data->hello = cp;
+    else
+        obj->st = 0;
+}
+
+static char *MYOBJ_gethello2(MYOBJ *obj)
+{
+    MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2);
+    if (ex_data != NULL)
+        return ex_data->hello;
+
+    obj->st = 0;
+    return NULL;
+}
+
+static void MYOBJ_free(MYOBJ *obj)
+{
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data);
+    OPENSSL_free(obj);
+}
+
+static MYOBJ *MYOBJ_dup(MYOBJ *in)
+{
+    MYOBJ *obj = MYOBJ_new();
+
+    obj->st = CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_APP, &obj->ex_data,
+                                 &in->ex_data);
+    OPENSSL_assert(obj->st != 0);
+    return obj;
+}
+
+int main()
+{
+    MYOBJ *t1, *t2, *t3;
+    MYOBJ_EX_DATA *ex_data;
+    const char *cp;
+    char *p;
+
+    p = OPENSSL_strdup("hello world");
+    saved_argl = 21;
+    saved_argp = OPENSSL_malloc(1);
+    saved_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
+                                        saved_argl, saved_argp,
+                                        exnew, exdup, exfree);
+    saved_idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
+                                         saved_argl, saved_argp,
+                                         exnew2, exdup2, exfree2);
+    t1 = MYOBJ_new();
+    t2 = MYOBJ_new();
+    OPENSSL_assert(t1->st && t2->st);
+    ex_data = CRYPTO_get_ex_data(&t1->ex_data, saved_idx2);
+    OPENSSL_assert(ex_data != NULL);
+    ex_data = CRYPTO_get_ex_data(&t2->ex_data, saved_idx2);
+    OPENSSL_assert(ex_data != NULL);
+    MYOBJ_sethello(t1, p);
+    cp = MYOBJ_gethello(t1);
+    OPENSSL_assert(cp == p);
+    cp = MYOBJ_gethello(t2);
+    OPENSSL_assert(cp == NULL);
+    MYOBJ_sethello2(t1, p);
+    cp = MYOBJ_gethello2(t1);
+    OPENSSL_assert(cp == p);
+    OPENSSL_assert(t1->st);
+    cp = MYOBJ_gethello2(t2);
+    OPENSSL_assert(cp == NULL);
+    OPENSSL_assert(t2->st);
+    t3 = MYOBJ_dup(t1);
+    ex_data = CRYPTO_get_ex_data(&t3->ex_data, saved_idx2);
+    OPENSSL_assert(ex_data != NULL);
+    OPENSSL_assert(ex_data->dup);
+    cp = MYOBJ_gethello(t3);
+    OPENSSL_assert(cp == p);
+    cp = MYOBJ_gethello2(t3);
+    OPENSSL_assert(cp == p);
+    OPENSSL_assert(t3->st);
+    MYOBJ_free(t1);
+    MYOBJ_free(t2);
+    MYOBJ_free(t3);
+    OPENSSL_free(saved_argp);
+    OPENSSL_free(p);
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/exptest.c b/openssl-1.1.0h/test/exptest.c
new file mode 100644
index 0000000..9bc6e75
--- /dev/null
+++ b/openssl-1.1.0h/test/exptest.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS        (BN_BITS2 * 4)
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+/*
+ * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
+ * returns zero and prints debug output otherwise.
+ */
+static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
+                             const BIGNUM *a) {
+    if (!BN_is_zero(r)) {
+        fprintf(stderr, "%s failed:\n", method);
+        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "a = ");
+        BN_print_fp(stderr, a);
+        fprintf(stderr, "\nr = ");
+        BN_print_fp(stderr, r);
+        fprintf(stderr, "\n");
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
+ */
+static int test_exp_mod_zero()
+{
+    BIGNUM *a = NULL, *p = NULL, *m = NULL;
+    BIGNUM *r = NULL;
+    BN_ULONG one_word = 1;
+    BN_CTX *ctx = BN_CTX_new();
+    int ret = 1, failed = 0;
+
+    m = BN_new();
+    if (!m)
+        goto err;
+    BN_one(m);
+
+    a = BN_new();
+    if (!a)
+        goto err;
+    BN_one(a);
+
+    p = BN_new();
+    if (!p)
+        goto err;
+    BN_zero(p);
+
+    r = BN_new();
+    if (!r)
+        goto err;
+
+    if (!BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto err;
+
+    if (!BN_mod_exp(r, a, p, m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp", r, a))
+        failed = 1;
+
+    if (!BN_mod_exp_recp(r, a, p, m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a))
+        failed = 1;
+
+    if (!BN_mod_exp_simple(r, a, p, m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) {
+        goto err;
+    }
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))
+        failed = 1;
+
+    /*
+     * A different codepath exists for single word multiplication
+     * in non-constant-time only.
+     */
+    if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL))
+        goto err;
+
+    if (!BN_is_zero(r)) {
+        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
+        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "r = ");
+        BN_print_fp(stderr, r);
+        fprintf(stderr, "\n");
+        return 0;
+    }
+
+    ret = failed;
+
+ err:
+    BN_free(r);
+    BN_free(a);
+    BN_free(p);
+    BN_free(m);
+    BN_CTX_free(ctx);
+
+    return ret;
+}
+
+int main(int argc, char *argv[])
+{
+    BN_CTX *ctx;
+    BIO *out = NULL;
+    int i, ret;
+    unsigned char c;
+    BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
+
+    /*
+     * Seed or BN_rand may fail, and we don't even check its return
+     * value (which we should)
+     */
+    RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        EXIT(1);
+    r_mont = BN_new();
+    r_mont_const = BN_new();
+    r_recp = BN_new();
+    r_simple = BN_new();
+    a = BN_new();
+    b = BN_new();
+    m = BN_new();
+    if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
+        goto err;
+
+    out = BIO_new(BIO_s_file());
+
+    if (out == NULL)
+        EXIT(1);
+    BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    for (i = 0; i < 200; i++) {
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
+
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
+
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD);
+
+        BN_mod(a, a, m, ctx);
+        BN_mod(b, b, m, ctx);
+
+        ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
+        if (ret <= 0) {
+            printf("BN_mod_exp_mont() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
+        if (ret <= 0) {
+            printf("BN_mod_exp_recp() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
+        if (ret <= 0) {
+            printf("BN_mod_exp_simple() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
+        if (ret <= 0) {
+            printf("BN_mod_exp_mont_consttime() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        if (BN_cmp(r_simple, r_mont) == 0
+            && BN_cmp(r_simple, r_recp) == 0
+            && BN_cmp(r_simple, r_mont_const) == 0) {
+            printf(".");
+            fflush(stdout);
+        } else {
+            if (BN_cmp(r_simple, r_mont) != 0)
+                printf("\nsimple and mont results differ\n");
+            if (BN_cmp(r_simple, r_mont_const) != 0)
+                printf("\nsimple and mont const time results differ\n");
+            if (BN_cmp(r_simple, r_recp) != 0)
+                printf("\nsimple and recp results differ\n");
+
+            printf("a (%3d) = ", BN_num_bits(a));
+            BN_print(out, a);
+            printf("\nb (%3d) = ", BN_num_bits(b));
+            BN_print(out, b);
+            printf("\nm (%3d) = ", BN_num_bits(m));
+            BN_print(out, m);
+            printf("\nsimple   =");
+            BN_print(out, r_simple);
+            printf("\nrecp     =");
+            BN_print(out, r_recp);
+            printf("\nmont     =");
+            BN_print(out, r_mont);
+            printf("\nmont_ct  =");
+            BN_print(out, r_mont_const);
+            printf("\n");
+            EXIT(1);
+        }
+    }
+    BN_free(r_mont);
+    BN_free(r_mont_const);
+    BN_free(r_recp);
+    BN_free(r_simple);
+    BN_free(a);
+    BN_free(b);
+    BN_free(m);
+    BN_CTX_free(ctx);
+
+    if (test_exp_mod_zero() != 0)
+        goto err;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(out) <= 0)
+        goto err;
+#endif
+    BIO_free(out);
+    printf("\n");
+
+    printf("done\n");
+
+    EXIT(0);
+ err:
+    ERR_print_errors(out);
+    EXIT(1);
+}
diff --git a/openssl-1.1.0h/test/fatalerrtest.c b/openssl-1.1.0h/test/fatalerrtest.c
new file mode 100644
index 0000000..d52daa2
--- /dev/null
+++ b/openssl-1.1.0h/test/fatalerrtest.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include "ssltestlib.h"
+#include "testutil.h"
+#include <string.h>
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+static int test_fatalerr(void)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *sssl = NULL, *cssl = NULL;
+    const char *msg = "Dummy";
+    BIO *wbio = NULL;
+    int ret = 0, len;
+    char buf[80];
+    unsigned char dummyrec[] = {
+        0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
+    };
+
+    if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(),
+                             SSL3_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Failed to create SSL_CTX pair\n");
+        goto err;
+    }
+
+    /*
+     * Deliberately set the cipher lists for client and server to be different
+     * to force a handshake failure.
+     */
+    if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA")
+            || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) {
+        printf("Failed to set cipher lists\n");
+        goto err;
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) {
+        printf("Failed to create SSL objectx\n");
+        goto err;
+    }
+
+    wbio = SSL_get_wbio(cssl);
+    if (wbio == NULL) {
+        printf("Unexpected NULL bio received\n");
+        goto err;
+    }
+
+    if (create_ssl_connection(sssl, cssl)) {
+        printf("Unexpected success creating a connection\n");
+        goto err;
+    }
+
+    ERR_clear_error();
+
+    /* Inject a plaintext record from client to server */
+    if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) {
+        printf("Unexpected failure injecting dummy record\n");
+        goto err;
+    }
+
+    /* SSL_read()/SSL_write should fail because of a previous fatal error */
+    if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) {
+        buf[len] = '\0';
+        printf("Unexpected success reading data: %s\n", buf);
+        goto err;
+    }
+    if (SSL_write(sssl, msg, strlen(msg)) > 0) {
+        printf("Unexpected success writing data\n");
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    SSL_free(sssl);
+    SSL_free(cssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return ret;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *err = NULL;
+    int testresult = 1;
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        return 1;
+    }
+
+    cert = argv[1];
+    privkey = argv[2];
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ADD_TEST(test_fatalerr);
+
+    testresult = run_tests(argv[0]);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 1;
+#endif
+    BIO_free(err);
+
+    if (!testresult)
+        printf("PASS\n");
+
+    return testresult;
+}
diff --git a/openssl-1.1.0h/test/generate_buildtest.pl b/openssl-1.1.0h/test/generate_buildtest.pl
new file mode 100644
index 0000000..0a9d879
--- /dev/null
+++ b/openssl-1.1.0h/test/generate_buildtest.pl
@@ -0,0 +1,34 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+# First argument is name;
+my $name = shift @ARGV;
+my $name_uc = uc $name;
+# All other arguments are ignored for now
+
+print <<"_____";
+/*
+ * Generated with test/generate_buildtest.pl, to check that such a simple
+ * program builds.
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_STDIO
+# include <stdio.h>
+#endif
+#ifndef OPENSSL_NO_${name_uc}
+# include <openssl/$name.h>
+#endif
+
+int main()
+{
+    return 0;
+}
+_____
diff --git a/openssl-1.1.0h/test/generate_ssl_tests.pl b/openssl-1.1.0h/test/generate_ssl_tests.pl
new file mode 100644
index 0000000..47a328c
--- /dev/null
+++ b/openssl-1.1.0h/test/generate_ssl_tests.pl
@@ -0,0 +1,141 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+## SSL testcase generator
+
+use strict;
+use warnings;
+
+use File::Basename;
+use File::Spec::Functions;
+
+use OpenSSL::Test qw/srctop_dir srctop_file/;
+use OpenSSL::Test::Utils;
+
+# This block needs to run before 'use lib srctop_dir' directives.
+BEGIN {
+    OpenSSL::Test::setup("no_test_here");
+}
+
+use lib srctop_dir("util", "perl");  # for with_fallback
+use lib srctop_dir("test", "ssl-tests");  # for ssltests_base
+
+use with_fallback qw(Text::Template);
+
+use vars qw/@ISA/;
+push (@ISA, qw/Text::Template/);
+
+use ssltests_base;
+
+sub print_templates {
+    my $source = srctop_file("test", "ssl_test.tmpl");
+    my $template = Text::Template->new(TYPE => 'FILE', SOURCE => $source);
+
+    print "# Generated with generate_ssl_tests.pl\n\n";
+
+    my $num = scalar @ssltests::tests;
+
+    # Add the implicit base configuration.
+    foreach my $test (@ssltests::tests) {
+        $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
+        if (defined $test->{"server2"}) {
+            $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
+        } else {
+            if ($test->{"server"}->{"extra"} &&
+                defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) {
+                # Default is the same as server.
+                $test->{"reuse_server2"} = 1;
+            }
+            # Do not emit an empty/duplicate "server2" section.
+            $test->{"server2"} = { };
+        }
+        if (defined $test->{"resume_server"}) {
+            $test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"resume_server"}}) };
+        } else {
+            if (defined $test->{"test"}->{"HandshakeMode"} &&
+                 $test->{"test"}->{"HandshakeMode"} eq "Resume") {
+                # Default is the same as server.
+                $test->{"reuse_resume_server"} = 1;
+            }
+            # Do not emit an empty/duplicate "resume-server" section.
+            $test->{"resume_server"} = { };
+        }
+        $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
+        if (defined $test->{"resume_client"}) {
+            $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) };
+        } else {
+            if (defined $test->{"test"}->{"HandshakeMode"} &&
+                 $test->{"test"}->{"HandshakeMode"} eq "Resume") {
+                # Default is the same as client.
+                $test->{"reuse_resume_client"} = 1;
+            }
+            # Do not emit an empty/duplicate "resume-client" section.
+            $test->{"resume_client"} = { };
+        }
+    }
+
+    # ssl_test expects to find a
+    #
+    # num_tests = n
+    #
+    # directive in the file. It'll then look for configuration directives
+    # for n tests, that each look like this:
+    #
+    # test-n = test-section
+    #
+    # [test-section]
+    # (SSL modules for client and server configuration go here.)
+    #
+    # [test-n]
+    # (Test configuration goes here.)
+    print "num_tests = $num\n\n";
+
+    # The conf module locations must come before everything else, because
+    # they look like
+    #
+    # test-n = test-section
+    #
+    # and you can't mix and match them with sections.
+    my $idx = 0;
+
+    foreach my $test (@ssltests::tests) {
+        my $testname = "${idx}-" . $test->{'name'};
+        print "test-$idx = $testname\n";
+        $idx++;
+    }
+
+    $idx = 0;
+
+    foreach my $test (@ssltests::tests) {
+        my $testname = "${idx}-" . $test->{'name'};
+        my $text = $template->fill_in(
+            HASH => [{ idx => $idx, testname => $testname } , $test],
+            DELIMITERS => [ "{-", "-}" ]);
+        print "# ===========================================================\n\n";
+        print "$text\n";
+        $idx++;
+    }
+}
+
+# Shamelessly copied from Configure.
+sub read_config {
+    my $fname = shift;
+    open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n";
+    local $/ = undef;
+    my $content = <INPUT>;
+    close(INPUT);
+    eval $content;
+    warn $@ if $@;
+}
+
+my $input_file = shift;
+# Reads the tests into ssltests::tests.
+read_config($input_file);
+print_templates();
+
+1;
diff --git a/openssl-1.1.0h/test/gmdifftest.c b/openssl-1.1.0h/test/gmdifftest.c
new file mode 100644
index 0000000..73c910d
--- /dev/null
+++ b/openssl-1.1.0h/test/gmdifftest.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <stdio.h>
+
+#define SECS_PER_DAY (24 * 60 * 60)
+
+/*
+ * Time checking test code. Check times are identical for a wide range of
+ * offsets. This should be run on a machine with 64 bit time_t or it will
+ * trigger the very errors the routines fix.
+ */
+
+static int check_time(long offset)
+{
+    struct tm tm1, tm2, o1;
+    int off_day, off_sec;
+    long toffset;
+    time_t t1, t2;
+    time(&t1);
+
+    t2 = t1 + offset;
+    OPENSSL_gmtime(&t2, &tm2);
+    OPENSSL_gmtime(&t1, &tm1);
+    o1 = tm1;
+    OPENSSL_gmtime_adj(&tm1, 0, offset);
+    if ((tm1.tm_year != tm2.tm_year) ||
+        (tm1.tm_mon != tm2.tm_mon) ||
+        (tm1.tm_mday != tm2.tm_mday) ||
+        (tm1.tm_hour != tm2.tm_hour) ||
+        (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) {
+        fprintf(stderr, "TIME ERROR!!\n");
+        fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
+                tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
+                tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
+        fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
+                tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
+                tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
+        return 0;
+    }
+    if (!OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1))
+        return 0;
+    toffset = (long)off_day *SECS_PER_DAY + off_sec;
+    if (offset != toffset) {
+        fprintf(stderr, "TIME OFFSET ERROR!!\n");
+        fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n",
+                offset, toffset, off_day, off_sec);
+        return 0;
+    }
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    long offset;
+    int fails;
+
+    if (sizeof(time_t) < 8) {
+        fprintf(stderr, "Skipping; time_t is less than 64-bits\n");
+        return 0;
+    }
+    for (fails = 0, offset = 0; offset < 1000000; offset++) {
+        if (!check_time(offset))
+            fails++;
+        if (!check_time(-offset))
+            fails++;
+        if (!check_time(offset * 1000))
+            fails++;
+        if (!check_time(-offset * 1000))
+            fails++;
+    }
+
+    return fails ? 1 : 0;
+}
diff --git a/openssl-1.1.0h/test/handshake_helper.c b/openssl-1.1.0h/test/handshake_helper.c
new file mode 100644
index 0000000..41a2c00
--- /dev/null
+++ b/openssl-1.1.0h/test/handshake_helper.c
@@ -0,0 +1,1106 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/ssl.h>
+
+#include "handshake_helper.h"
+#include "testutil.h"
+
+HANDSHAKE_RESULT *HANDSHAKE_RESULT_new()
+{
+    HANDSHAKE_RESULT *ret = OPENSSL_zalloc(sizeof(*ret));
+    TEST_check(ret != NULL);
+    return ret;
+}
+
+void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
+{
+    if (result == NULL)
+        return;
+    OPENSSL_free(result->client_npn_negotiated);
+    OPENSSL_free(result->server_npn_negotiated);
+    OPENSSL_free(result->client_alpn_negotiated);
+    OPENSSL_free(result->server_alpn_negotiated);
+    OPENSSL_free(result);
+}
+
+/*
+ * Since there appears to be no way to extract the sent/received alert
+ * from the SSL object directly, we use the info callback and stash
+ * the result in ex_data.
+ */
+typedef struct handshake_ex_data_st {
+    int alert_sent;
+    int num_fatal_alerts_sent;
+    int alert_received;
+    int session_ticket_do_not_call;
+    ssl_servername_t servername;
+} HANDSHAKE_EX_DATA;
+
+typedef struct ctx_data_st {
+    unsigned char *npn_protocols;
+    size_t npn_protocols_len;
+    unsigned char *alpn_protocols;
+    size_t alpn_protocols_len;
+} CTX_DATA;
+
+/* |ctx_data| itself is stack-allocated. */
+static void ctx_data_free_data(CTX_DATA *ctx_data)
+{
+    OPENSSL_free(ctx_data->npn_protocols);
+    ctx_data->npn_protocols = NULL;
+    OPENSSL_free(ctx_data->alpn_protocols);
+    ctx_data->alpn_protocols = NULL;
+}
+
+static int ex_data_idx;
+
+static void info_cb(const SSL *s, int where, int ret)
+{
+    if (where & SSL_CB_ALERT) {
+        HANDSHAKE_EX_DATA *ex_data =
+            (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
+        if (where & SSL_CB_WRITE) {
+            ex_data->alert_sent = ret;
+            if (strcmp(SSL_alert_type_string(ret), "F") == 0
+                || strcmp(SSL_alert_desc_string(ret), "CN") == 0)
+                ex_data->num_fatal_alerts_sent++;
+        } else {
+            ex_data->alert_received = ret;
+        }
+    }
+}
+
+/* Select the appropriate server CTX.
+ * Returns SSL_TLSEXT_ERR_OK if a match was found.
+ * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
+ * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
+ * An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
+ */
+static int select_server_ctx(SSL *s, void *arg, int ignore)
+{
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    HANDSHAKE_EX_DATA *ex_data =
+        (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
+
+    if (servername == NULL) {
+        ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    if (strcmp(servername, "server2") == 0) {
+        SSL_CTX *new_ctx = (SSL_CTX*)arg;
+        SSL_set_SSL_CTX(s, new_ctx);
+        /*
+         * Copy over all the SSL_CTX options - reasonable behavior
+         * allows testing of cases where the options between two
+         * contexts differ/conflict
+         */
+        SSL_clear_options(s, 0xFFFFFFFFL);
+        SSL_set_options(s, SSL_CTX_get_options(new_ctx));
+
+        ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
+        return SSL_TLSEXT_ERR_OK;
+    } else if (strcmp(servername, "server1") == 0) {
+        ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+        return SSL_TLSEXT_ERR_OK;
+    } else if (ignore) {
+        ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+        return SSL_TLSEXT_ERR_NOACK;
+    } else {
+        /* Don't set an explicit alert, to test library defaults. */
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    }
+}
+
+/*
+ * (RFC 6066):
+ *  If the server understood the ClientHello extension but
+ *  does not recognize the server name, the server SHOULD take one of two
+ *  actions: either abort the handshake by sending a fatal-level
+ *  unrecognized_name(112) alert or continue the handshake.
+ *
+ * This behaviour is up to the application to configure; we test both
+ * configurations to ensure the state machine propagates the result
+ * correctly.
+ */
+static int servername_ignore_cb(SSL *s, int *ad, void *arg)
+{
+    return select_server_ctx(s, arg, 1);
+}
+
+static int servername_reject_cb(SSL *s, int *ad, void *arg)
+{
+    return select_server_ctx(s, arg, 0);
+}
+
+static unsigned char dummy_ocsp_resp_good_val = 0xff;
+static unsigned char dummy_ocsp_resp_bad_val = 0xfe;
+
+static int server_ocsp_cb(SSL *s, void *arg)
+{
+    unsigned char *resp;
+
+    resp = OPENSSL_malloc(1);
+    if (resp == NULL)
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    /*
+     * For the purposes of testing we just send back a dummy OCSP response
+     */
+    *resp = *(unsigned char *)arg;
+    if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int client_ocsp_cb(SSL *s, void *arg)
+{
+    const unsigned char *resp;
+    int len;
+
+    len = SSL_get_tlsext_status_ocsp_resp(s, &resp);
+    if (len != 1 || *resp != dummy_ocsp_resp_good_val)
+        return 0;
+
+    return 1;
+}
+
+static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {
+    X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+    return 0;
+}
+
+static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) {
+    return 1;
+}
+
+static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv,
+                                    EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+{
+    return 0;
+}
+
+static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
+                                         unsigned char *iv,
+                                         EVP_CIPHER_CTX *ctx,
+                                         HMAC_CTX *hctx, int enc)
+{
+    HANDSHAKE_EX_DATA *ex_data =
+        (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
+    ex_data->session_ticket_do_not_call = 1;
+    return 0;
+}
+
+/* Parse the comma-separated list into TLS format. */
+static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
+{
+    size_t len, i, prefix;
+
+    len = strlen(protos);
+
+    /* Should never have reuse. */
+    TEST_check(*out == NULL);
+
+    /* Test values are small, so we omit length limit checks. */
+    *out = OPENSSL_malloc(len + 1);
+    TEST_check(*out != NULL);
+    *outlen = len + 1;
+
+    /*
+     * foo => '3', 'f', 'o', 'o'
+     * foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r'
+     */
+    memcpy(*out + 1, protos, len);
+
+    prefix = 0;
+    i = prefix + 1;
+    while (i <= len) {
+        if ((*out)[i] == ',') {
+            TEST_check(i - 1 - prefix > 0);
+            (*out)[prefix] = i - 1 - prefix;
+            prefix = i;
+        }
+        i++;
+    }
+    TEST_check(len - prefix > 0);
+    (*out)[prefix] = len - prefix;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * The client SHOULD select the first protocol advertised by the server that it
+ * also supports.  In the event that the client doesn't support any of server's
+ * protocols, or the server doesn't advertise any, it SHOULD select the first
+ * protocol that it supports.
+ */
+static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    int ret;
+
+    ret = SSL_select_next_proto(out, outlen, in, inlen,
+                                ctx_data->npn_protocols,
+                                ctx_data->npn_protocols_len);
+    /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
+    TEST_check(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP);
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int server_npn_cb(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    *data = ctx_data->npn_protocols;
+    *len = ctx_data->npn_protocols_len;
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif
+
+/*
+ * The server SHOULD select the most highly preferred protocol that it supports
+ * and that is also advertised by the client.  In the event that the server
+ * supports no protocols that the client advertises, then the server SHALL
+ * respond with a fatal "no_application_protocol" alert.
+ */
+static int server_alpn_cb(SSL *s, const unsigned char **out,
+                          unsigned char *outlen, const unsigned char *in,
+                          unsigned int inlen, void *arg)
+{
+    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+    int ret;
+
+    /* SSL_select_next_proto isn't const-correct... */
+    unsigned char *tmp_out;
+
+    /*
+     * The result points either to |in| or to |ctx_data->alpn_protocols|.
+     * The callback is allowed to point to |in| or to a long-lived buffer,
+     * so we can return directly without storing a copy.
+     */
+    ret = SSL_select_next_proto(&tmp_out, outlen,
+                                ctx_data->alpn_protocols,
+                                ctx_data->alpn_protocols_len, in, inlen);
+
+    *out = tmp_out;
+    /* Unlike NPN, we don't tolerate a mismatch. */
+    return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
+        : SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+
+/*
+ * Configure callbacks and other properties that can't be set directly
+ * in the server/client CONF.
+ */
+static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                                    SSL_CTX *client_ctx,
+                                    const SSL_TEST_CTX *test,
+                                    const SSL_TEST_EXTRA_CONF *extra,
+                                    CTX_DATA *server_ctx_data,
+                                    CTX_DATA *server2_ctx_data,
+                                    CTX_DATA *client_ctx_data)
+{
+    unsigned char *ticket_keys;
+    size_t ticket_key_len;
+
+    TEST_check(SSL_CTX_set_max_send_fragment(server_ctx,
+                                             test->max_fragment_size) == 1);
+    if (server2_ctx != NULL) {
+        TEST_check(SSL_CTX_set_max_send_fragment(server2_ctx,
+                                                 test->max_fragment_size) == 1);
+    }
+    TEST_check(SSL_CTX_set_max_send_fragment(client_ctx,
+                                             test->max_fragment_size) == 1);
+
+    switch (extra->client.verify_callback) {
+    case SSL_TEST_VERIFY_ACCEPT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb,
+                                         NULL);
+        break;
+    case SSL_TEST_VERIFY_REJECT_ALL:
+        SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb,
+                                         NULL);
+        break;
+    default:
+        break;
+    }
+
+    /* link the two contexts for SNI purposes */
+    switch (extra->server.servername_callback) {
+    case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
+        SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb);
+        SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
+        break;
+    case SSL_TEST_SERVERNAME_REJECT_MISMATCH:
+        SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb);
+        SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
+        break;
+    default:
+        break;
+    }
+
+    if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) {
+        SSL_CTX_set_tlsext_status_type(client_ctx, TLSEXT_STATUSTYPE_ocsp);
+        SSL_CTX_set_tlsext_status_cb(client_ctx, client_ocsp_cb);
+        SSL_CTX_set_tlsext_status_arg(client_ctx, NULL);
+        SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb);
+        SSL_CTX_set_tlsext_status_arg(server_ctx,
+            ((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE)
+            ? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val));
+    }
+
+    /*
+     * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
+     * session ticket. This ticket_key callback is assigned to the second
+     * session (assigned via SNI), and should never be invoked
+     */
+    if (server2_ctx != NULL)
+        SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx,
+                                         do_not_call_session_ticket_cb);
+
+    if (extra->server.broken_session_ticket) {
+        SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
+    }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (extra->server.npn_protocols != NULL) {
+        parse_protos(extra->server.npn_protocols,
+                     &server_ctx_data->npn_protocols,
+                     &server_ctx_data->npn_protocols_len);
+        SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
+                                              server_ctx_data);
+    }
+    if (extra->server2.npn_protocols != NULL) {
+        parse_protos(extra->server2.npn_protocols,
+                     &server2_ctx_data->npn_protocols,
+                     &server2_ctx_data->npn_protocols_len);
+        TEST_check(server2_ctx != NULL);
+        SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
+                                              server2_ctx_data);
+    }
+    if (extra->client.npn_protocols != NULL) {
+        parse_protos(extra->client.npn_protocols,
+                     &client_ctx_data->npn_protocols,
+                     &client_ctx_data->npn_protocols_len);
+        SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
+                                         client_ctx_data);
+    }
+#endif
+    if (extra->server.alpn_protocols != NULL) {
+        parse_protos(extra->server.alpn_protocols,
+                     &server_ctx_data->alpn_protocols,
+                     &server_ctx_data->alpn_protocols_len);
+        SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
+    }
+    if (extra->server2.alpn_protocols != NULL) {
+        TEST_check(server2_ctx != NULL);
+        parse_protos(extra->server2.alpn_protocols,
+                     &server2_ctx_data->alpn_protocols,
+                     &server2_ctx_data->alpn_protocols_len);
+        SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data);
+    }
+    if (extra->client.alpn_protocols != NULL) {
+        unsigned char *alpn_protos = NULL;
+        size_t alpn_protos_len;
+        parse_protos(extra->client.alpn_protocols,
+                     &alpn_protos, &alpn_protos_len);
+        /* Reversed return value convention... */
+        TEST_check(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
+                                           alpn_protos_len) == 0);
+        OPENSSL_free(alpn_protos);
+    }
+
+    /*
+     * Use fixed session ticket keys so that we can decrypt a ticket created with
+     * one CTX in another CTX. Don't address server2 for the moment.
+     */
+    ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
+    ticket_keys = OPENSSL_zalloc(ticket_key_len);
+    TEST_check(ticket_keys != NULL);
+    TEST_check(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys,
+                                              ticket_key_len) == 1);
+    OPENSSL_free(ticket_keys);
+
+    /* The default log list includes EC keys, so CT can't work without EC. */
+#if !defined(OPENSSL_NO_CT) && !defined(OPENSSL_NO_EC)
+    TEST_check(SSL_CTX_set_default_ctlog_list_file(client_ctx));
+    switch (extra->client.ct_validation) {
+    case SSL_TEST_CT_VALIDATION_PERMISSIVE:
+        TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_PERMISSIVE));
+        break;
+    case SSL_TEST_CT_VALIDATION_STRICT:
+        TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT));
+        break;
+    case SSL_TEST_CT_VALIDATION_NONE:
+        break;
+    }
+#endif
+}
+
+/* Configure per-SSL callbacks and other properties. */
+static void configure_handshake_ssl(SSL *server, SSL *client,
+                                    const SSL_TEST_EXTRA_CONF *extra)
+{
+    if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
+        SSL_set_tlsext_host_name(client,
+                                 ssl_servername_name(extra->client.servername));
+}
+
+/* The status for each connection phase. */
+typedef enum {
+    PEER_SUCCESS,
+    PEER_RETRY,
+    PEER_ERROR
+} peer_status_t;
+
+/* An SSL object and associated read-write buffers. */
+typedef struct peer_st {
+    SSL *ssl;
+    /* Buffer lengths are int to match the SSL read/write API. */
+    unsigned char *write_buf;
+    int write_buf_len;
+    unsigned char *read_buf;
+    int read_buf_len;
+    int bytes_to_write;
+    int bytes_to_read;
+    peer_status_t status;
+} PEER;
+
+static void create_peer(PEER *peer, SSL_CTX *ctx)
+{
+    static const int peer_buffer_size = 64 * 1024;
+
+    peer->ssl = SSL_new(ctx);
+    TEST_check(peer->ssl != NULL);
+    peer->write_buf = OPENSSL_zalloc(peer_buffer_size);
+    TEST_check(peer->write_buf != NULL);
+    peer->read_buf = OPENSSL_zalloc(peer_buffer_size);
+    TEST_check(peer->read_buf != NULL);
+    peer->write_buf_len = peer->read_buf_len = peer_buffer_size;
+}
+
+static void peer_free_data(PEER *peer)
+{
+    SSL_free(peer->ssl);
+    OPENSSL_free(peer->write_buf);
+    OPENSSL_free(peer->read_buf);
+}
+
+/*
+ * Note that we could do the handshake transparently under an SSL_write,
+ * but separating the steps is more helpful for debugging test failures.
+ */
+static void do_handshake_step(PEER *peer)
+{
+    int ret;
+
+    if (peer->status != PEER_RETRY) {
+        peer->status = PEER_ERROR;
+        return;
+    }
+
+    ret = SSL_do_handshake(peer->ssl);
+
+    if (ret == 1) {
+        peer->status = PEER_SUCCESS;
+    } else if (ret == 0) {
+        peer->status = PEER_ERROR;
+    } else {
+        int error = SSL_get_error(peer->ssl, ret);
+        /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
+        if (error != SSL_ERROR_WANT_READ)
+            peer->status = PEER_ERROR;
+    }
+}
+
+/*-
+ * Send/receive some application data. The read-write sequence is
+ * Peer A: (R) W - first read will yield no data
+ * Peer B:  R  W
+ * ...
+ * Peer A:  R  W
+ * Peer B:  R  W
+ * Peer A:  R
+ */
+static void do_app_data_step(PEER *peer)
+{
+    int ret = 1, write_bytes;
+
+    TEST_check(peer->status == PEER_RETRY);
+
+    /* We read everything available... */
+    while (ret > 0 && peer->bytes_to_read) {
+        ret = SSL_read(peer->ssl, peer->read_buf, peer->read_buf_len);
+        if (ret > 0) {
+            TEST_check(ret <= peer->bytes_to_read);
+            peer->bytes_to_read -= ret;
+        } else if (ret == 0) {
+            peer->status = PEER_ERROR;
+            return;
+        } else {
+            int error = SSL_get_error(peer->ssl, ret);
+            if (error != SSL_ERROR_WANT_READ) {
+                peer->status = PEER_ERROR;
+                return;
+            } /* Else continue with write. */
+        }
+    }
+
+    /* ... but we only write one write-buffer-full of data. */
+    write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write :
+        peer->write_buf_len;
+    if (write_bytes) {
+        ret = SSL_write(peer->ssl, peer->write_buf, write_bytes);
+        if (ret > 0) {
+            /* SSL_write will only succeed with a complete write. */
+            TEST_check(ret == write_bytes);
+            peer->bytes_to_write -= ret;
+        } else {
+            /*
+             * We should perhaps check for SSL_ERROR_WANT_READ/WRITE here
+             * but this doesn't yet occur with current app data sizes.
+             */
+            peer->status = PEER_ERROR;
+            return;
+        }
+    }
+
+    /*
+     * We could simply finish when there was nothing to read, and we have
+     * nothing left to write. But keeping track of the expected number of bytes
+     * to read gives us somewhat better guarantees that all data sent is in fact
+     * received.
+     */
+    if (!peer->bytes_to_write && !peer->bytes_to_read) {
+        peer->status = PEER_SUCCESS;
+    }
+}
+
+static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
+{
+    int ret;
+    char buf;
+
+    if (peer->status == PEER_SUCCESS) {
+        /*
+         * We are a client that succeeded this step previously, but the server
+         * wanted to retry. Probably there is a no_renegotiation warning alert
+         * waiting for us. Attempt to continue the handshake.
+         */
+        peer->status = PEER_RETRY;
+        do_handshake_step(peer);
+        return;
+    }
+
+    TEST_check(peer->status == PEER_RETRY);
+    TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
+                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT);
+
+    /* Check if we are the peer that is going to initiate */
+    if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
+                && SSL_is_server(peer->ssl))
+            || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
+                && !SSL_is_server(peer->ssl))) {
+        /*
+         * If we already asked for a renegotiation then fall through to the
+         * SSL_read() below.
+         */
+        if (!SSL_renegotiate_pending(peer->ssl)) {
+            /*
+             * If we are the client we will always attempt to resume the
+             * session. The server may or may not resume dependant on the
+             * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+             */
+            if (SSL_is_server(peer->ssl)) {
+                ret = SSL_renegotiate(peer->ssl);
+            } else {
+                if (test_ctx->extra.client.reneg_ciphers != NULL) {
+                    if (!SSL_set_cipher_list(peer->ssl,
+                                test_ctx->extra.client.reneg_ciphers)) {
+                        peer->status = PEER_ERROR;
+                        return;
+                    }
+                    ret = SSL_renegotiate(peer->ssl);
+                } else {
+                    ret = SSL_renegotiate_abbreviated(peer->ssl);
+                }
+            }
+            if (!ret) {
+                peer->status = PEER_ERROR;
+                return;
+            }
+            do_handshake_step(peer);
+            /*
+             * If status is PEER_RETRY it means we're waiting on the peer to
+             * continue the handshake. As far as setting up the renegotiation is
+             * concerned that is a success. The next step will continue the
+             * handshake to its conclusion.
+             *
+             * If status is PEER_SUCCESS then we are the server and we have
+             * successfully sent the HelloRequest. We need to continue to wait
+             * until the handshake arrives from the client.
+             */
+            if (peer->status == PEER_RETRY)
+                peer->status = PEER_SUCCESS;
+            else if (peer->status == PEER_SUCCESS)
+                peer->status = PEER_RETRY;
+            return;
+        }
+    }
+
+    /*
+     * The SSL object is still expecting app data, even though it's going to
+     * get a handshake message. We try to read, and it should fail - after which
+     * we should be in a handshake
+     */
+    ret = SSL_read(peer->ssl, &buf, sizeof(buf));
+    if (ret >= 0) {
+        /*
+         * We're not actually expecting data - we're expecting a reneg to
+         * start
+         */
+        peer->status = PEER_ERROR;
+        return;
+    } else {
+        int error = SSL_get_error(peer->ssl, ret);
+        if (error != SSL_ERROR_WANT_READ) {
+            peer->status = PEER_ERROR;
+            return;
+        }
+        /* If we're no in init yet then we're not done with setup yet */
+        if (!SSL_in_init(peer->ssl))
+            return;
+    }
+
+    peer->status = PEER_SUCCESS;
+}
+
+
+/*
+ * RFC 5246 says:
+ *
+ * Note that as of TLS 1.1,
+ *     failure to properly close a connection no longer requires that a
+ *     session not be resumed.  This is a change from TLS 1.0 to conform
+ *     with widespread implementation practice.
+ *
+ * However,
+ * (a) OpenSSL requires that a connection be shutdown for all protocol versions.
+ * (b) We test lower versions, too.
+ * So we just implement shutdown. We do a full bidirectional shutdown so that we
+ * can compare sent and received close_notify alerts and get some test coverage
+ * for SSL_shutdown as a bonus.
+ */
+static void do_shutdown_step(PEER *peer)
+{
+    int ret;
+
+    TEST_check(peer->status == PEER_RETRY);
+    ret = SSL_shutdown(peer->ssl);
+
+    if (ret == 1) {
+        peer->status = PEER_SUCCESS;
+    } else if (ret < 0) { /* On 0, we retry. */
+        int error = SSL_get_error(peer->ssl, ret);
+        /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
+        if (error != SSL_ERROR_WANT_READ)
+            peer->status = PEER_ERROR;
+    }
+}
+
+typedef enum {
+    HANDSHAKE,
+    RENEG_APPLICATION_DATA,
+    RENEG_SETUP,
+    RENEG_HANDSHAKE,
+    APPLICATION_DATA,
+    SHUTDOWN,
+    CONNECTION_DONE
+} connect_phase_t;
+
+static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx,
+                                  connect_phase_t phase)
+{
+    switch (phase) {
+    case HANDSHAKE:
+        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
+                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT)
+            return RENEG_APPLICATION_DATA;
+        return APPLICATION_DATA;
+    case RENEG_APPLICATION_DATA:
+        return RENEG_SETUP;
+    case RENEG_SETUP:
+        return RENEG_HANDSHAKE;
+    case RENEG_HANDSHAKE:
+        return APPLICATION_DATA;
+    case APPLICATION_DATA:
+        return SHUTDOWN;
+    case SHUTDOWN:
+        return CONNECTION_DONE;
+    default:
+        TEST_check(0); /* Should never call next_phase when done. */
+    }
+}
+
+static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
+                            connect_phase_t phase)
+{
+    switch (phase) {
+    case HANDSHAKE:
+        do_handshake_step(peer);
+        break;
+    case RENEG_APPLICATION_DATA:
+        do_app_data_step(peer);
+        break;
+    case RENEG_SETUP:
+        do_reneg_setup_step(test_ctx, peer);
+        break;
+    case RENEG_HANDSHAKE:
+        do_handshake_step(peer);
+        break;
+    case APPLICATION_DATA:
+        do_app_data_step(peer);
+        break;
+    case SHUTDOWN:
+        do_shutdown_step(peer);
+        break;
+    default:
+        TEST_check(0);
+    }
+}
+
+typedef enum {
+    /* Both parties succeeded. */
+    HANDSHAKE_SUCCESS,
+    /* Client errored. */
+    CLIENT_ERROR,
+    /* Server errored. */
+    SERVER_ERROR,
+    /* Peers are in inconsistent state. */
+    INTERNAL_ERROR,
+    /* One or both peers not done. */
+    HANDSHAKE_RETRY
+} handshake_status_t;
+
+/*
+ * Determine the handshake outcome.
+ * last_status: the status of the peer to have acted last.
+ * previous_status: the status of the peer that didn't act last.
+ * client_spoke_last: 1 if the client went last.
+ */
+static handshake_status_t handshake_status(peer_status_t last_status,
+                                           peer_status_t previous_status,
+                                           int client_spoke_last)
+{
+    switch (last_status) {
+    case PEER_SUCCESS:
+        switch (previous_status) {
+        case PEER_SUCCESS:
+            /* Both succeeded. */
+            return HANDSHAKE_SUCCESS;
+        case PEER_RETRY:
+            /* Let the first peer finish. */
+            return HANDSHAKE_RETRY;
+        case PEER_ERROR:
+            /*
+             * Second peer succeeded despite the fact that the first peer
+             * already errored. This shouldn't happen.
+             */
+            return INTERNAL_ERROR;
+        }
+        break;
+
+    case PEER_RETRY:
+        return HANDSHAKE_RETRY;
+
+    case PEER_ERROR:
+        switch (previous_status) {
+        case PEER_SUCCESS:
+            /*
+             * First peer succeeded but second peer errored.
+             * TODO(emilia): we should be able to continue here (with some
+             * application data?) to ensure the first peer receives the
+             * alert / close_notify.
+             * (No tests currently exercise this branch.)
+             */
+            return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR;
+        case PEER_RETRY:
+            /* We errored; let the peer finish. */
+            return HANDSHAKE_RETRY;
+        case PEER_ERROR:
+            /* Both peers errored. Return the one that errored first. */
+            return client_spoke_last ? SERVER_ERROR : CLIENT_ERROR;
+        }
+    }
+    /* Control should never reach here. */
+    return INTERNAL_ERROR;
+}
+
+/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
+static char *dup_str(const unsigned char *in, size_t len)
+{
+    char *ret;
+
+    if(len == 0)
+        return NULL;
+
+    /* Assert that the string does not contain NUL-bytes. */
+    TEST_check(OPENSSL_strnlen((const char*)(in), len) == len);
+    ret = OPENSSL_strndup((const char*)(in), len);
+    TEST_check(ret != NULL);
+    return ret;
+}
+
+/*
+ * Note that |extra| points to the correct client/server configuration
+ * within |test_ctx|. When configuring the handshake, general mode settings
+ * are taken from |test_ctx|, and client/server-specific settings should be
+ * taken from |extra|.
+ *
+ * The configuration code should never reach into |test_ctx->extra| or
+ * |test_ctx->resume_extra| directly.
+ *
+ * (We could refactor test mode settings into a substructure. This would result
+ * in cleaner argument passing but would complicate the test configuration
+ * parsing.)
+ */
+static HANDSHAKE_RESULT *do_handshake_internal(
+    SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
+    const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra,
+    SSL_SESSION *session_in, SSL_SESSION **session_out)
+{
+    PEER server, client;
+    BIO *client_to_server, *server_to_client;
+    HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
+    CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
+    HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
+    int client_turn = 1, client_turn_count = 0;
+    connect_phase_t phase = HANDSHAKE;
+    handshake_status_t status = HANDSHAKE_RETRY;
+    const unsigned char* tick = NULL;
+    size_t tick_len = 0;
+    SSL_SESSION* sess = NULL;
+    const unsigned char *proto = NULL;
+    /* API dictates unsigned int rather than size_t. */
+    unsigned int proto_len = 0;
+    EVP_PKEY *tmp_key;
+
+    memset(&server_ctx_data, 0, sizeof(server_ctx_data));
+    memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
+    memset(&client_ctx_data, 0, sizeof(client_ctx_data));
+    memset(&server, 0, sizeof(server));
+    memset(&client, 0, sizeof(client));
+
+    configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra,
+                            &server_ctx_data, &server2_ctx_data, &client_ctx_data);
+
+    /* Setup SSL and buffers; additional configuration happens below. */
+    create_peer(&server, server_ctx);
+    create_peer(&client, client_ctx);
+
+    server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size;
+    client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size;
+
+    configure_handshake_ssl(server.ssl, client.ssl, extra);
+    if (session_in != NULL) {
+        /* In case we're testing resumption without tickets. */
+        TEST_check(SSL_CTX_add_session(server_ctx, session_in));
+        TEST_check(SSL_set_session(client.ssl, session_in));
+    }
+
+    memset(&server_ex_data, 0, sizeof(server_ex_data));
+    memset(&client_ex_data, 0, sizeof(client_ex_data));
+
+    ret->result = SSL_TEST_INTERNAL_ERROR;
+
+    client_to_server = BIO_new(BIO_s_mem());
+    server_to_client = BIO_new(BIO_s_mem());
+
+    TEST_check(client_to_server != NULL);
+    TEST_check(server_to_client != NULL);
+
+    /* Non-blocking bio. */
+    BIO_set_nbio(client_to_server, 1);
+    BIO_set_nbio(server_to_client, 1);
+
+    SSL_set_connect_state(client.ssl);
+    SSL_set_accept_state(server.ssl);
+
+    /* The bios are now owned by the SSL object. */
+    SSL_set_bio(client.ssl, server_to_client, client_to_server);
+    TEST_check(BIO_up_ref(server_to_client) > 0);
+    TEST_check(BIO_up_ref(client_to_server) > 0);
+    SSL_set_bio(server.ssl, client_to_server, server_to_client);
+
+    ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
+    TEST_check(ex_data_idx >= 0);
+
+    TEST_check(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data) == 1);
+    TEST_check(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data) == 1);
+
+    SSL_set_info_callback(server.ssl, &info_cb);
+    SSL_set_info_callback(client.ssl, &info_cb);
+
+    client.status = server.status = PEER_RETRY;
+
+    /*
+     * Half-duplex handshake loop.
+     * Client and server speak to each other synchronously in the same process.
+     * We use non-blocking BIOs, so whenever one peer blocks for read, it
+     * returns PEER_RETRY to indicate that it's the other peer's turn to write.
+     * The handshake succeeds once both peers have succeeded. If one peer
+     * errors out, we also let the other peer retry (and presumably fail).
+     */
+    for(;;) {
+        if (client_turn) {
+            do_connect_step(test_ctx, &client, phase);
+            status = handshake_status(client.status, server.status,
+                                      1 /* client went last */);
+        } else {
+            do_connect_step(test_ctx, &server, phase);
+            status = handshake_status(server.status, client.status,
+                                      0 /* server went last */);
+        }
+
+        switch (status) {
+        case HANDSHAKE_SUCCESS:
+            client_turn_count = 0;
+            phase = next_phase(test_ctx, phase);
+            if (phase == CONNECTION_DONE) {
+                ret->result = SSL_TEST_SUCCESS;
+                goto err;
+            } else {
+                client.status = server.status = PEER_RETRY;
+                /*
+                 * For now, client starts each phase. Since each phase is
+                 * started separately, we can later control this more
+                 * precisely, for example, to test client-initiated and
+                 * server-initiated shutdown.
+                 */
+                client_turn = 1;
+                break;
+            }
+        case CLIENT_ERROR:
+            ret->result = SSL_TEST_CLIENT_FAIL;
+            goto err;
+        case SERVER_ERROR:
+            ret->result = SSL_TEST_SERVER_FAIL;
+            goto err;
+        case INTERNAL_ERROR:
+            ret->result = SSL_TEST_INTERNAL_ERROR;
+            goto err;
+        case HANDSHAKE_RETRY:
+            if (client_turn_count++ >= 2000) {
+                /*
+                 * At this point, there's been so many PEER_RETRY in a row
+                 * that it's likely both sides are stuck waiting for a read.
+                 * It's time to give up.
+                 */
+                ret->result = SSL_TEST_INTERNAL_ERROR;
+                goto err;
+            }
+
+            /* Continue. */
+            client_turn ^= 1;
+            break;
+        }
+    }
+ err:
+    ret->server_alert_sent = server_ex_data.alert_sent;
+    ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent;
+    ret->server_alert_received = client_ex_data.alert_received;
+    ret->client_alert_sent = client_ex_data.alert_sent;
+    ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent;
+    ret->client_alert_received = server_ex_data.alert_received;
+    ret->server_protocol = SSL_version(server.ssl);
+    ret->client_protocol = SSL_version(client.ssl);
+    ret->servername = server_ex_data.servername;
+    if ((sess = SSL_get0_session(client.ssl)) != NULL)
+        SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
+    if (tick == NULL || tick_len == 0)
+        ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
+    else
+        ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
+    ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    SSL_get0_next_proto_negotiated(client.ssl, &proto, &proto_len);
+    ret->client_npn_negotiated = dup_str(proto, proto_len);
+
+    SSL_get0_next_proto_negotiated(server.ssl, &proto, &proto_len);
+    ret->server_npn_negotiated = dup_str(proto, proto_len);
+#endif
+
+    SSL_get0_alpn_selected(client.ssl, &proto, &proto_len);
+    ret->client_alpn_negotiated = dup_str(proto, proto_len);
+
+    SSL_get0_alpn_selected(server.ssl, &proto, &proto_len);
+    ret->server_alpn_negotiated = dup_str(proto, proto_len);
+
+    ret->client_resumed = SSL_session_reused(client.ssl);
+    ret->server_resumed = SSL_session_reused(server.ssl);
+
+    if (session_out != NULL)
+        *session_out = SSL_get1_session(client.ssl);
+
+    if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
+        int nid = EVP_PKEY_id(tmp_key);
+
+#ifndef OPENSSL_NO_EC
+        if (nid == EVP_PKEY_EC) {
+            EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmp_key);
+            nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+        }
+#endif
+        EVP_PKEY_free(tmp_key);
+        ret->tmp_key_type = nid;
+    }
+
+    ctx_data_free_data(&server_ctx_data);
+    ctx_data_free_data(&server2_ctx_data);
+    ctx_data_free_data(&client_ctx_data);
+
+    peer_free_data(&server);
+    peer_free_data(&client);
+    return ret;
+}
+
+HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                               SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
+                               SSL_CTX *resume_client_ctx,
+                               const SSL_TEST_CTX *test_ctx)
+{
+    HANDSHAKE_RESULT *result;
+    SSL_SESSION *session = NULL;
+
+    result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
+                                   test_ctx, &test_ctx->extra,
+                                   NULL, &session);
+    if (test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME)
+        goto end;
+
+    if (result->result != SSL_TEST_SUCCESS) {
+        result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;
+        goto end;
+    }
+
+    HANDSHAKE_RESULT_free(result);
+    /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
+    result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
+                                   test_ctx, &test_ctx->resume_extra,
+                                   session, NULL);
+ end:
+    SSL_SESSION_free(session);
+    return result;
+}
diff --git a/openssl-1.1.0h/test/handshake_helper.h b/openssl-1.1.0h/test/handshake_helper.h
new file mode 100644
index 0000000..4f70592
--- /dev/null
+++ b/openssl-1.1.0h/test/handshake_helper.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HANDSHAKE_HELPER_H
+#define HEADER_HANDSHAKE_HELPER_H
+
+#include "ssl_test_ctx.h"
+
+typedef struct handshake_result {
+    ssl_test_result_t result;
+    /* These alerts are in the 2-byte format returned by the info_callback. */
+    /* (Latest) alert sent by the client; 0 if no alert. */
+    int client_alert_sent;
+    /* Number of fatal or close_notify alerts sent. */
+    int client_num_fatal_alerts_sent;
+    /* (Latest) alert received by the server; 0 if no alert. */
+    int client_alert_received;
+    /* (Latest) alert sent by the server; 0 if no alert. */
+    int server_alert_sent;
+    /* Number of fatal or close_notify alerts sent. */
+    int server_num_fatal_alerts_sent;
+    /* (Latest) alert received by the client; 0 if no alert. */
+    int server_alert_received;
+    /* Negotiated protocol. On success, these should always match. */
+    int server_protocol;
+    int client_protocol;
+    /* Server connection */
+    ssl_servername_t servername;
+    /* Session ticket status */
+    ssl_session_ticket_t session_ticket;
+    /* Was this called on the second context? */
+    int session_ticket_do_not_call;
+    char *client_npn_negotiated;
+    char *server_npn_negotiated;
+    char *client_alpn_negotiated;
+    char *server_alpn_negotiated;
+    /* Was the handshake resumed? */
+    int client_resumed;
+    int server_resumed;
+    /* Temporary key type */
+    int tmp_key_type;
+} HANDSHAKE_RESULT;
+
+HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
+void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result);
+
+/* Do a handshake and report some information about the result. */
+HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
+                               SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
+                               SSL_CTX *resume_client_ctx,
+                               const SSL_TEST_CTX *test_ctx);
+
+#endif  /* HEADER_HANDSHAKE_HELPER_H */
diff --git a/openssl-1.1.0h/test/heartbeat_test.c b/openssl-1.1.0h/test/heartbeat_test.c
new file mode 100644
index 0000000..906736c
--- /dev/null
+++ b/openssl-1.1.0h/test/heartbeat_test.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Unit test for TLS heartbeats.
+ *
+ * Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
+ *
+ * Author:  Mike Bland (mbland@acm.org, http://mike-bland.com/)
+ * Date:    2014-04-12
+ * License: Creative Commons Attribution 4.0 International (CC By 4.0)
+ *          http://creativecommons.org/licenses/by/4.0/deed.en_US
+ *
+ * OUTPUT
+ * ------
+ * The program returns zero on success. It will print a message with a count
+ * of the number of failed tests and return nonzero if any tests fail.
+ *
+ * It will print the contents of the request and response buffers for each
+ * failing test. In a "fixed" version, all the tests should pass and there
+ * should be no output.
+ *
+ * In a "bleeding" version, you'll see:
+ *
+ *   test_dtls1_heartbleed failed:
+ *     expected payload len: 0
+ *     received: 1024
+ *   sent 26 characters
+ *     "HEARTBLEED                "
+ *   received 1024 characters
+ *     "HEARTBLEED                \xde\xad\xbe\xef..."
+ *   ** test_dtls1_heartbleed failed **
+ *
+ * The contents of the returned buffer in the failing test will depend on the
+ * contents of memory on your machine.
+ *
+ * MORE INFORMATION
+ * ----------------
+ * http://mike-bland.com/2014/04/12/heartbleed.html
+ * http://mike-bland.com/tags/heartbleed.html
+ */
+
+#define OPENSSL_UNIT_TEST
+
+#include "../ssl/ssl_locl.h"
+
+#include "testutil.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
+
+/* As per https://tools.ietf.org/html/rfc6520#section-4 */
+# define MIN_PADDING_SIZE        16
+
+/* Maximum number of payload characters to print as test output */
+# define MAX_PRINTABLE_CHARACTERS        1024
+
+typedef struct heartbeat_test_fixture {
+    SSL_CTX *ctx;
+    SSL *s;
+    const char *test_case_name;
+    int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length);
+    unsigned char *payload;
+    int sent_payload_len;
+    int expected_return_value;
+    int return_payload_offset;
+    int expected_payload_len;
+    const char *expected_return_payload;
+} HEARTBEAT_TEST_FIXTURE;
+
+static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name,
+                                     const SSL_METHOD *meth)
+{
+    HEARTBEAT_TEST_FIXTURE fixture;
+    int setup_ok = 1;
+    memset(&fixture, 0, sizeof(fixture));
+    fixture.test_case_name = test_case_name;
+
+    fixture.ctx = SSL_CTX_new(meth);
+    if (!fixture.ctx) {
+        fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
+                test_case_name);
+        setup_ok = 0;
+        goto fail;
+    }
+
+    fixture.s = SSL_new(fixture.ctx);
+    if (!fixture.s) {
+        fprintf(stderr, "Failed to allocate SSL for test: %s\n",
+                test_case_name);
+        setup_ok = 0;
+        goto fail;
+    }
+
+    if (!ssl_init_wbio_buffer(fixture.s)) {
+        fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
+                test_case_name);
+        setup_ok = 0;
+        goto fail;
+    }
+
+    if (!ssl3_setup_buffers(fixture.s)) {
+        fprintf(stderr, "Failed to setup buffers for test: %s\n",
+                test_case_name);
+        setup_ok = 0;
+        goto fail;
+    }
+
+    /*
+     * Clear the memory for the return buffer, since this isn't automatically
+     * zeroed in opt mode and will cause spurious test failures that will
+     * change with each execution.
+     */
+    memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len);
+
+ fail:
+    if (!setup_ok) {
+        ERR_print_errors_fp(stderr);
+        exit(EXIT_FAILURE);
+    }
+    return fixture;
+}
+
+static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name)
+{
+    HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
+                                            DTLS_server_method());
+    fixture.process_heartbeat = dtls1_process_heartbeat;
+
+    /*
+     * As per dtls1_get_record(), skipping the following from the beginning
+     * of the returned heartbeat message: type-1 byte; version-2 bytes;
+     * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte
+     * type encoded by process_heartbeat for a total of 14 bytes, at which
+     * point we can grab the length and the payload we seek.
+     */
+    fixture.return_payload_offset = 14;
+    return fixture;
+}
+
+/* Needed by ssl3_write_bytes() */
+static int dummy_handshake(SSL *s)
+{
+    return 1;
+}
+
+static void tear_down(HEARTBEAT_TEST_FIXTURE fixture)
+{
+    ERR_print_errors_fp(stderr);
+    SSL_free(fixture.s);
+    SSL_CTX_free(fixture.ctx);
+}
+
+static void print_payload(const char *const prefix,
+                          const unsigned char *payload, const int n)
+{
+    const int end = n < MAX_PRINTABLE_CHARACTERS ? n
+        : MAX_PRINTABLE_CHARACTERS;
+    int i = 0;
+
+    printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
+    if (end != n)
+        printf(" (first %d shown)", end);
+    printf("\n  \"");
+
+    for (; i != end; ++i) {
+        const unsigned char c = payload[i];
+        if (isprint(c))
+            fputc(c, stdout);
+        else
+            printf("\\x%02x", c);
+    }
+    printf("\"\n");
+}
+
+static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture)
+{
+    int result = 0;
+    SSL *s = fixture.s;
+    unsigned char *payload = fixture.payload;
+    unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
+    int return_value;
+    unsigned const char *p;
+    int actual_payload_len;
+
+    s->rlayer.rrec.data = payload;
+    s->rlayer.rrec.length = strlen((const char *)payload);
+    *payload++ = TLS1_HB_REQUEST;
+    s2n(fixture.sent_payload_len, payload);
+
+    /*
+     * Make a local copy of the request, since it gets overwritten at some
+     * point
+     */
+    memcpy(sent_buf, payload, sizeof(sent_buf));
+
+    return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data,
+        s->rlayer.rrec.length);
+
+    if (return_value != fixture.expected_return_value) {
+        printf("%s failed: expected return value %d, received %d\n",
+               fixture.test_case_name, fixture.expected_return_value,
+               return_value);
+        result = 1;
+    }
+
+    /*
+     * If there is any byte alignment, it will be stored in wbuf.offset.
+     */
+    p = &(s->rlayer.
+          wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]);
+    actual_payload_len = 0;
+    n2s(p, actual_payload_len);
+
+    if (actual_payload_len != fixture.expected_payload_len) {
+        printf("%s failed:\n  expected payload len: %d\n  received: %d\n",
+               fixture.test_case_name, fixture.expected_payload_len,
+               actual_payload_len);
+        print_payload("sent", sent_buf, strlen((const char *)sent_buf));
+        print_payload("received", p, actual_payload_len);
+        result = 1;
+    } else {
+        char *actual_payload =
+            OPENSSL_strndup((const char *)p, actual_payload_len);
+        if (strcmp(actual_payload, fixture.expected_return_payload) != 0) {
+            printf
+                ("%s failed:\n  expected payload: \"%s\"\n  received: \"%s\"\n",
+                 fixture.test_case_name, fixture.expected_return_payload,
+                 actual_payload);
+            result = 1;
+        }
+        OPENSSL_free(actual_payload);
+    }
+
+    if (result != 0) {
+        printf("** %s failed **\n--------\n", fixture.test_case_name);
+    }
+    return result;
+}
+
+static int honest_payload_size(unsigned char payload_buf[])
+{
+    /* Omit three-byte pad at the beginning for type and payload length */
+    return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE;
+}
+
+# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
+  SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
+
+# define EXECUTE_HEARTBEAT_TEST()\
+  EXECUTE_TEST(execute_heartbeat, tear_down)
+
+static int test_dtls1_not_bleeding()
+{
+    SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+    /* Three-byte pad at the beginning for type and payload length */
+    unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
+        "   Not bleeding, sixteen spaces of padding" "                ";
+    const int payload_buf_len = honest_payload_size(payload_buf);
+
+    fixture.payload = &payload_buf[0];
+    fixture.sent_payload_len = payload_buf_len;
+    fixture.expected_return_value = 0;
+    fixture.expected_payload_len = payload_buf_len;
+    fixture.expected_return_payload =
+        "Not bleeding, sixteen spaces of padding";
+    EXECUTE_HEARTBEAT_TEST();
+}
+
+static int test_dtls1_not_bleeding_empty_payload()
+{
+    int payload_buf_len;
+
+    SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+    /*
+     * Three-byte pad at the beginning for type and payload length, plus a
+     * NUL at the end
+     */
+    unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS];
+    memset(payload_buf, ' ', MIN_PADDING_SIZE + 3);
+    payload_buf[MIN_PADDING_SIZE + 3] = '\0';
+    payload_buf_len = honest_payload_size(payload_buf);
+
+    fixture.payload = &payload_buf[0];
+    fixture.sent_payload_len = payload_buf_len;
+    fixture.expected_return_value = 0;
+    fixture.expected_payload_len = payload_buf_len;
+    fixture.expected_return_payload = "";
+    EXECUTE_HEARTBEAT_TEST();
+}
+
+static int test_dtls1_heartbleed()
+{
+    SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+    /* Three-byte pad at the beginning for type and payload length */
+    unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] =
+        "   HEARTBLEED                ";
+
+    fixture.payload = &payload_buf[0];
+    fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+    fixture.expected_return_value = 0;
+    fixture.expected_payload_len = 0;
+    fixture.expected_return_payload = "";
+    EXECUTE_HEARTBEAT_TEST();
+}
+
+static int test_dtls1_heartbleed_empty_payload()
+{
+    SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+    /*
+     * Excluding the NUL at the end, one byte short of type + payload length
+     * + minimum padding
+     */
+    unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4];
+    memset(payload_buf, ' ', MIN_PADDING_SIZE + 2);
+    payload_buf[MIN_PADDING_SIZE + 2] = '\0';
+
+    fixture.payload = &payload_buf[0];
+    fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+    fixture.expected_return_value = 0;
+    fixture.expected_payload_len = 0;
+    fixture.expected_return_payload = "";
+    EXECUTE_HEARTBEAT_TEST();
+}
+
+static int test_dtls1_heartbleed_excessive_plaintext_length()
+{
+    SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+    /*
+     * Excluding the NUL at the end, one byte in excess of maximum allowed
+     * heartbeat message length
+     */
+    unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
+    memset(payload_buf, ' ', sizeof(payload_buf));
+    payload_buf[sizeof(payload_buf) - 1] = '\0';
+
+    fixture.payload = &payload_buf[0];
+    fixture.sent_payload_len = honest_payload_size(payload_buf);
+    fixture.expected_return_value = 0;
+    fixture.expected_payload_len = 0;
+    fixture.expected_return_payload = "";
+    EXECUTE_HEARTBEAT_TEST();
+}
+
+# undef EXECUTE_HEARTBEAT_TEST
+# undef SETUP_HEARTBEAT_TEST_FIXTURE
+
+int main(int argc, char *argv[])
+{
+    int result = 0;
+
+    ADD_TEST(test_dtls1_not_bleeding);
+    ADD_TEST(test_dtls1_not_bleeding_empty_payload);
+    ADD_TEST(test_dtls1_heartbleed);
+    ADD_TEST(test_dtls1_heartbleed_empty_payload);
+    ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length);
+
+    result = run_tests(argv[0]);
+    ERR_print_errors_fp(stderr);
+    return result;
+}
+
+#else                           /* OPENSSL_NO_HEARTBEATS */
+
+int main(int argc, char *argv[])
+{
+    return EXIT_SUCCESS;
+}
+#endif                          /* OPENSSL_NO_HEARTBEATS */
diff --git a/openssl-1.1.0h/test/hmactest.c b/openssl-1.1.0h/test/hmactest.c
new file mode 100644
index 0000000..a5c6e74
--- /dev/null
+++ b/openssl-1.1.0h/test/hmactest.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+# include <openssl/hmac.h>
+# include <openssl/sha.h>
+# ifndef OPENSSL_NO_MD5
+#  include <openssl/md5.h>
+# endif
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+# ifndef OPENSSL_NO_MD5
+static struct test_st {
+    unsigned char key[16];
+    int key_len;
+    unsigned char data[64];
+    int data_len;
+    unsigned char *digest;
+} test[8] = {
+    {
+        "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
+        (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+    },
+    {
+        {
+            0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+            0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+        }, 16, "Hi There", 8,
+        (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+    },
+    {
+        "Jefe", 4, "what do ya want for nothing?", 28,
+        (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+    },
+    {
+        {
+            0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+        }, 16, {
+            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
+        }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+    },
+    {
+        "", 0, "My test data", 12,
+        (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
+    },
+    {
+        "", 0, "My test data", 12,
+        (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
+    },
+    {
+        "123456", 6, "My test data", 12,
+        (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
+    },
+    {
+        "12345", 5, "My test data again", 18,
+        (unsigned char *)"a12396ceddd2a85f4c656bc1e0aa50c78cffde3e"
+    }
+};
+# endif
+
+static char *pt(unsigned char *md, unsigned int len);
+
+int main(int argc, char *argv[])
+{
+# ifndef OPENSSL_NO_MD5
+    int i;
+    char *p;
+# endif
+    int err = 0;
+    HMAC_CTX *ctx = NULL, *ctx2 = NULL;
+    unsigned char buf[EVP_MAX_MD_SIZE];
+    unsigned int len;
+
+# ifdef OPENSSL_NO_MD5
+    printf("test skipped: MD5 disabled\n");
+# else
+
+#  ifdef CHARSET_EBCDIC
+    ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+    ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+    ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
+    ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#  endif
+
+    for (i = 0; i < 4; i++) {
+        p = pt(HMAC(EVP_md5(),
+                    test[i].key, test[i].key_len,
+                    test[i].data, test[i].data_len, NULL, NULL),
+                    MD5_DIGEST_LENGTH);
+
+        if (strcmp(p, (char *)test[i].digest) != 0) {
+            printf("Error calculating HMAC on %d entry'\n", i);
+            printf("got %s instead of %s\n", p, test[i].digest);
+            err++;
+        } else
+            printf("test %d ok\n", i);
+    }
+# endif                         /* OPENSSL_NO_MD5 */
+
+/* test4 */
+    ctx = HMAC_CTX_new();
+    if (ctx == NULL) {
+        printf("HMAC malloc failure (test 4)\n");
+        err++;
+        goto end;
+    }
+    if (HMAC_CTX_get_md(ctx) != NULL) {
+        printf("Message digest not NULL for HMAC (test 4)\n");
+        err++;
+        goto test5;
+    }
+    if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
+        printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
+        err++;
+        goto test5;
+    }
+    if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
+        printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
+        err++;
+        goto test5;
+    }
+    if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) {
+        printf("Should fail to initialise HMAC with empty key (test 4)\n");
+        err++;
+        goto test5;
+    }
+    if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
+        printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
+        err++;
+        goto test5;
+    }
+    printf("test 4 ok\n");
+test5:
+    /* Test 5 has empty key; test that single-shot accepts a NULL key. */
+    p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
+                NULL, NULL), SHA_DIGEST_LENGTH);
+    if (strcmp(p, (char *)test[4].digest) != 0) {
+        printf("Error calculating HMAC on %d entry'\n", i);
+        printf("got %s instead of %s\n", p, test[4].digest);
+        err++;
+    }
+
+    HMAC_CTX_reset(ctx);
+    if (HMAC_CTX_get_md(ctx) != NULL) {
+        printf("Message digest not NULL for HMAC (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
+        printf("Should fail to initialise HMAC with empty MD (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
+        printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) {
+        printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
+        printf("Failed to initialise HMAC (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) {
+        printf("Error updating HMAC with data (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Final(ctx, buf, &len)) {
+        printf("Error finalising data (test 5)\n");
+        err++;
+        goto test6;
+    }
+    p = pt(buf, len);
+    if (strcmp(p, (char *)test[4].digest) != 0) {
+        printf("Error calculating interim HMAC on test 5\n");
+        printf("got %s instead of %s\n", p, test[4].digest);
+        err++;
+        goto test6;
+    }
+    if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) {
+        printf("Should disallow changing MD without a new key (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
+        printf("Failed to reinitialise HMAC (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (HMAC_CTX_get_md(ctx) != EVP_sha256()) {
+        printf("Unexpected message digest for HMAC (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
+        printf("Error updating HMAC with data (sha256) (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Final(ctx, buf, &len)) {
+        printf("Error finalising data (sha256) (test 5)\n");
+        err++;
+        goto test6;
+    }
+    p = pt(buf, len);
+    if (strcmp(p, (char *)test[5].digest) != 0) {
+        printf("Error calculating 2nd interim HMAC on test 5\n");
+        printf("got %s instead of %s\n", p, test[5].digest);
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) {
+        printf("Failed to reinitialise HMAC with key (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) {
+        printf("Error updating HMAC with data (new key) (test 5)\n");
+        err++;
+        goto test6;
+    }
+    if (!HMAC_Final(ctx, buf, &len)) {
+        printf("Error finalising data (new key) (test 5)\n");
+        err++;
+        goto test6;
+    }
+    p = pt(buf, len);
+    if (strcmp(p, (char *)test[6].digest) != 0) {
+        printf("error calculating HMAC on test 5\n");
+        printf("got %s instead of %s\n", p, test[6].digest);
+        err++;
+    } else {
+        printf("test 5 ok\n");
+    }
+test6:
+    HMAC_CTX_reset(ctx);
+    ctx2 = HMAC_CTX_new();
+    if (ctx2 == NULL) {
+        printf("HMAC malloc failure (test 6)\n");
+        err++;
+        goto end;
+    }
+    if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
+        printf("Failed to initialise HMAC (test 6)\n");
+        err++;
+        goto end;
+    }
+    if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) {
+        printf("Error updating HMAC with data (test 6)\n");
+        err++;
+        goto end;
+    }
+    if (!HMAC_CTX_copy(ctx2, ctx)) {
+        printf("Failed to copy HMAC_CTX (test 6)\n");
+        err++;
+        goto end;
+    }
+    if (!HMAC_Final(ctx2, buf, &len)) {
+        printf("Error finalising data (test 6)\n");
+        err++;
+        goto end;
+    }
+    p = pt(buf, len);
+    if (strcmp(p, (char *)test[7].digest) != 0) {
+        printf("Error calculating HMAC on test 6\n");
+        printf("got %s instead of %s\n", p, test[7].digest);
+        err++;
+    } else {
+        printf("test 6 ok\n");
+    }
+end:
+    HMAC_CTX_free(ctx2);
+    HMAC_CTX_free(ctx);
+    EXIT(err);
+}
+
+# ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md, unsigned int len)
+{
+    unsigned int i;
+    static char buf[80];
+
+    for (i = 0; i < len; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+# endif
diff --git a/openssl-1.1.0h/test/ideatest.c b/openssl-1.1.0h/test/ideatest.c
new file mode 100644
index 0000000..3849670
--- /dev/null
+++ b/openssl-1.1.0h/test/ideatest.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_IDEA
+int main(int argc, char *argv[])
+{
+    printf("No IDEA support\n");
+    return (0);
+}
+#else
+# include <openssl/idea.h>
+
+static const unsigned char k[16] = {
+    0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
+    0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08
+};
+
+static const  unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 };
+static const unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 };
+
+static unsigned char out[80];
+
+static const char text[] = "Hello to all people out there";
+
+static const unsigned char cfb_key[16] = {
+    0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
+    0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
+};
+static const unsigned char cfb_iv[80] =
+    { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+# define CFB_TEST_SIZE 24
+static const unsigned char plain[CFB_TEST_SIZE] = {
+    0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+    0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+    0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+    0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static const unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
+    0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
+    0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
+    0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+    0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+    0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+};
+
+static int cfb64_test(const unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    IDEA_KEY_SCHEDULE key, dkey;
+    unsigned char iv[8];
+
+    IDEA_set_encrypt_key(k, &key);
+    IDEA_ecb_encrypt(in, out, &key);
+    if (memcmp(out, c, 8) != 0) {
+        printf("ecb idea error encrypting\n");
+        printf("got     :");
+        for (i = 0; i < 8; i++)
+            printf("%02X ", out[i]);
+        printf("\n");
+        printf("expected:");
+        for (i = 0; i < 8; i++)
+            printf("%02X ", c[i]);
+        err = 20;
+        printf("\n");
+    }
+
+    IDEA_set_decrypt_key(&key, &dkey);
+    IDEA_ecb_encrypt(c, out, &dkey);
+    if (memcmp(out, in, 8) != 0) {
+        printf("ecb idea error decrypting\n");
+        printf("got     :");
+        for (i = 0; i < 8; i++)
+            printf("%02X ", out[i]);
+        printf("\n");
+        printf("expected:");
+        for (i = 0; i < 8; i++)
+            printf("%02X ", in[i]);
+        printf("\n");
+        err = 3;
+    }
+
+    if (err == 0)
+        printf("ecb idea ok\n");
+
+    memcpy(iv, k, 8);
+    IDEA_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv,
+                     1);
+    memcpy(iv, k, 8);
+    IDEA_cbc_encrypt(out, out, 8, &dkey, iv, 0);
+    IDEA_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv,
+                     0);
+    if (memcmp(text, out, strlen(text) + 1) != 0) {
+        printf("cbc idea bad\n");
+        err = 4;
+    } else
+        printf("cbc idea ok\n");
+
+    printf("cfb64 idea ");
+    if (cfb64_test(cfb_cipher64)) {
+        printf("bad\n");
+        err = 5;
+    } else
+        printf("ok\n");
+
+    EXIT(err);
+}
+
+static int cfb64_test(const unsigned char *cfb_cipher)
+{
+    IDEA_KEY_SCHEDULE eks, dks;
+    int err = 0, i, n;
+
+    IDEA_set_encrypt_key(cfb_key, &eks);
+    IDEA_set_decrypt_key(&eks, &dks);
+    memcpy(cfb_tmp, cfb_iv, 8);
+    n = 0;
+    IDEA_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
+                       cfb_tmp, &n, IDEA_ENCRYPT);
+    IDEA_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+                       (long)CFB_TEST_SIZE - 12, &eks,
+                       cfb_tmp, &n, IDEA_ENCRYPT);
+    if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
+        err = 1;
+        printf("IDEA_cfb64_encrypt encrypt error\n");
+        for (i = 0; i < CFB_TEST_SIZE; i += 8)
+            printf("%s\n", pt(&(cfb_buf1[i])));
+    }
+    memcpy(cfb_tmp, cfb_iv, 8);
+    n = 0;
+    IDEA_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks,
+                       cfb_tmp, &n, IDEA_DECRYPT);
+    IDEA_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]),
+                       (long)CFB_TEST_SIZE - 13, &eks,
+                       cfb_tmp, &n, IDEA_DECRYPT);
+    if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
+        err = 1;
+        printf("IDEA_cfb_encrypt decrypt error\n");
+        for (i = 0; i < 24; i += 8)
+            printf("%s\n", pt(&(cfb_buf2[i])));
+    }
+    return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+    static char bufs[10][20];
+    static int bnum = 0;
+    char *ret;
+    int i;
+    static char *f = "0123456789ABCDEF";
+
+    ret = &(bufs[bnum++][0]);
+    bnum %= 10;
+    for (i = 0; i < 8; i++) {
+        ret[i * 2] = f[(p[i] >> 4) & 0xf];
+        ret[i * 2 + 1] = f[p[i] & 0xf];
+    }
+    ret[16] = '\0';
+    return (ret);
+}
+#endif
diff --git a/openssl-1.1.0h/test/igetest.c b/openssl-1.1.0h/test/igetest.c
new file mode 100644
index 0000000..fe5bbf1
--- /dev/null
+++ b/openssl-1.1.0h/test/igetest.c
@@ -0,0 +1,441 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include "e_os.h"
+
+#define TEST_SIZE       128
+#define BIG_TEST_SIZE 10240
+
+static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
+{
+    int n = 0;
+
+    fprintf(f, "%s", title);
+    for (; n < l; ++n) {
+        if ((n % 16) == 0)
+            fprintf(f, "\n%04x", n);
+        fprintf(f, " %02x", s[n]);
+    }
+    fprintf(f, "\n");
+}
+
+#define MAX_VECTOR_SIZE 64
+
+struct ige_test {
+    const unsigned char key[16];
+    const unsigned char iv[32];
+    const unsigned char in[MAX_VECTOR_SIZE];
+    const unsigned char out[MAX_VECTOR_SIZE];
+    const size_t length;
+    const int encrypt;
+};
+
+static struct ige_test const ige_test_vectors[] = {
+    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
+     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
+     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+     {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
+      0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
+      0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
+      0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
+     32, AES_ENCRYPT},          /* test vector 0 */
+
+    {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+      0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
+     {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+      0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
+      0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
+      0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
+     {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
+      0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
+      0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
+      0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
+     {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
+      0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
+      0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
+      0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
+     32, AES_DECRYPT},          /* test vector 1 */
+};
+
+struct bi_ige_test {
+    const unsigned char key1[32];
+    const unsigned char key2[32];
+    const unsigned char iv[64];
+    const unsigned char in[MAX_VECTOR_SIZE];
+    const unsigned char out[MAX_VECTOR_SIZE];
+    const size_t keysize;
+    const size_t length;
+    const int encrypt;
+};
+
+static struct bi_ige_test const bi_ige_test_vectors[] = {
+    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
+     {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
+     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+      0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+      0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+      0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+      0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
+     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+     {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
+      0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
+      0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
+      0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
+     16, 32, AES_ENCRYPT},      /* test vector 0 */
+    {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
+      0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
+      0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
+      0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
+     {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
+      0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
+      0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
+      0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
+     {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
+      0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
+      0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
+      0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
+      0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
+      0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
+      0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
+      0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
+     {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
+      0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
+      0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
+      0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
+      0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
+      0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
+      0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
+      0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
+     {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
+      0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
+      0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
+      0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
+      0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
+      0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
+      0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
+      0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
+     32, 64, AES_ENCRYPT},      /* test vector 1 */
+
+};
+
+static int run_test_vectors(void)
+{
+    unsigned int n;
+    int errs = 0;
+
+    for (n = 0; n < OSSL_NELEM(ige_test_vectors); ++n) {
+        const struct ige_test *const v = &ige_test_vectors[n];
+        AES_KEY key;
+        unsigned char buf[MAX_VECTOR_SIZE];
+        unsigned char iv[AES_BLOCK_SIZE * 2];
+
+        assert(v->length <= MAX_VECTOR_SIZE);
+
+        if (v->encrypt == AES_ENCRYPT)
+            AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key);
+        else
+            AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key);
+        memcpy(iv, v->iv, sizeof(iv));
+        AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("IGE test vector %d failed\n", n);
+            hexdump(stdout, "key", v->key, sizeof(v->key));
+            hexdump(stdout, "iv", v->iv, sizeof(v->iv));
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+
+        /* try with in == out */
+        memcpy(iv, v->iv, sizeof(iv));
+        memcpy(buf, v->in, v->length);
+        AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("IGE test vector %d failed (with in == out)\n", n);
+            hexdump(stdout, "key", v->key, sizeof(v->key));
+            hexdump(stdout, "iv", v->iv, sizeof(v->iv));
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+    }
+
+    for (n = 0; n < OSSL_NELEM(bi_ige_test_vectors); ++n) {
+        const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
+        AES_KEY key1;
+        AES_KEY key2;
+        unsigned char buf[MAX_VECTOR_SIZE];
+
+        assert(v->length <= MAX_VECTOR_SIZE);
+
+        if (v->encrypt == AES_ENCRYPT) {
+            AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
+            AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
+        } else {
+            AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
+            AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
+        }
+
+        AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
+                           v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("Bidirectional IGE test vector %d failed\n", n);
+            hexdump(stdout, "key 1", v->key1, sizeof(v->key1));
+            hexdump(stdout, "key 2", v->key2, sizeof(v->key2));
+            hexdump(stdout, "iv", v->iv, sizeof(v->iv));
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+    }
+
+    return errs;
+}
+
+int main(int argc, char **argv)
+{
+    unsigned char rkey[16];
+    unsigned char rkey2[16];
+    AES_KEY key;
+    AES_KEY key2;
+    unsigned char plaintext[BIG_TEST_SIZE];
+    unsigned char ciphertext[BIG_TEST_SIZE];
+    unsigned char checktext[BIG_TEST_SIZE];
+    unsigned char iv[AES_BLOCK_SIZE * 4];
+    unsigned char saved_iv[AES_BLOCK_SIZE * 4];
+    int err = 0;
+    unsigned int n;
+    unsigned matches;
+
+    assert(BIG_TEST_SIZE >= TEST_SIZE);
+
+    RAND_bytes(rkey, sizeof(rkey));
+    RAND_bytes(plaintext, sizeof(plaintext));
+    RAND_bytes(iv, sizeof(iv));
+    memcpy(saved_iv, iv, sizeof(saved_iv));
+
+    /* Forward IGE only... */
+
+    /* Straight encrypt/decrypt */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* Now check encrypt chaining works */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+                    AES_ENCRYPT);
+    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+                    &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Chained encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* And check decrypt chaining */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+                    AES_ENCRYPT);
+    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+                    &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
+                    AES_DECRYPT);
+    AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
+                    checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
+                    AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Chained encrypt+chained decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* make sure garble extends forwards only */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey),&key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt halfway through */
+    ++ciphertext[sizeof(ciphertext) / 2];
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    memcpy(iv, saved_iv, sizeof(iv));
+    AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof(checktext); ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) {
+        printf("More than 51%% matches after garbling\n");
+        ++err;
+    }
+
+    if (matches < sizeof(checktext) / 2) {
+        printf("Garble extends backwards!\n");
+        ++err;
+    }
+
+    /* Bi-directional IGE */
+
+    /*
+     * Note that we don't have to recover the IV, because chaining isn't
+     */
+    /* possible with biIGE, so the IV is not updated. */
+
+    RAND_bytes(rkey2, sizeof(rkey2));
+
+    /* Straight encrypt/decrypt */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
+                       AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
+                       AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* make sure garble extends both ways */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt halfway through */
+    ++ciphertext[sizeof(ciphertext) / 2];
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof(checktext); ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof(checktext) / 100) {
+        printf("More than 1%% matches after bidirectional garbling\n");
+        ++err;
+    }
+
+    /* make sure garble extends both ways (2) */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt right at the end */
+    ++ciphertext[sizeof(ciphertext) - 1];
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof(checktext); ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof(checktext) / 100) {
+        printf("More than 1%% matches after bidirectional garbling (2)\n");
+        ++err;
+    }
+
+    /* make sure garble extends both ways (3) */
+    AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt right at the start */
+    ++ciphertext[0];
+    AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof(checktext); ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof(checktext) / 100) {
+        printf("More than 1%% matches after bidirectional garbling (3)\n");
+        ++err;
+    }
+
+    err += run_test_vectors();
+
+    return err;
+}
diff --git a/openssl-1.1.0h/test/md2test.c b/openssl-1.1.0h/test/md2test.c
new file mode 100644
index 0000000..cb667cb
--- /dev/null
+++ b/openssl-1.1.0h/test/md2test.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md2.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+static char *test[] = {
+    "",
+    "a",
+    "abc",
+    "message digest",
+    "abcdefghijklmnopqrstuvwxyz",
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+    NULL,
+};
+
+static char *ret[] = {
+    "8350e5a3e24c153df2275c9f80692773",
+    "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+    "da853b0d3f88d99b30283a69e6ded6bb",
+    "ab4f496bfb2a530b219ff33031fe06b0",
+    "4e8ddff3650292ab5a4108c3aa47940b",
+    "da33def2a42df13975352846c30338cd",
+    "d5976f79d83d3a0dc9806c3c66f3efd8",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    char **P, **R;
+    char *p;
+    unsigned char md[MD2_DIGEST_LENGTH];
+
+    P = test;
+    R = ret;
+    i = 1;
+    while (*P != NULL) {
+        if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
+                        NULL)) {
+            printf("EVP Digest error.\n");
+            EXIT(1);
+        }
+        p = pt(md);
+        if (strcmp(p, *R) != 0) {
+            printf("error calculating MD2 on '%s'\n", *P);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i);
+        i++;
+        R++;
+        P++;
+    }
+    EXIT(err);
+    return err;
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < MD2_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+#endif
diff --git a/openssl-1.1.0h/test/md4test.c b/openssl-1.1.0h/test/md4test.c
new file mode 100644
index 0000000..448f9b7
--- /dev/null
+++ b/openssl-1.1.0h/test/md4test.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md4.h>
+
+static char *test[] = {
+    "",
+    "a",
+    "abc",
+    "message digest",
+    "abcdefghijklmnopqrstuvwxyz",
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+    NULL,
+};
+
+static char *ret[] = {
+    "31d6cfe0d16ae931b73c59d7e0c089c0",
+    "bde52cb31de33e46245e05fbdbd6fb24",
+    "a448017aaf21d8525fc10ae87aa6729d",
+    "d9130a8164549fe818874806e1c7014b",
+    "d79e1c308aa5bbcdeea8ed63df412da9",
+    "043f8582f241db351ce627e153e7f0e4",
+    "e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    char **P, **R;
+    char *p;
+    unsigned char md[MD4_DIGEST_LENGTH];
+
+    P = test;
+    R = ret;
+    i = 1;
+    while (*P != NULL) {
+        if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(),
+            NULL)) {
+            printf("EVP Digest error.\n");
+            EXIT(1);
+        }
+        p = pt(md);
+        if (strcmp(p, (char *)*R) != 0) {
+            printf("error calculating MD4 on '%s'\n", *P);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i);
+        i++;
+        R++;
+        P++;
+    }
+    EXIT(err);
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < MD4_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+#endif
diff --git a/openssl-1.1.0h/test/md5test.c b/openssl-1.1.0h/test/md5test.c
new file mode 100644
index 0000000..ec6c692
--- /dev/null
+++ b/openssl-1.1.0h/test/md5test.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md5.h>
+
+static char *test[] = {
+    "",
+    "a",
+    "abc",
+    "message digest",
+    "abcdefghijklmnopqrstuvwxyz",
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+    NULL,
+};
+
+static char *ret[] = {
+    "d41d8cd98f00b204e9800998ecf8427e",
+    "0cc175b9c0f1b6a831c399e269772661",
+    "900150983cd24fb0d6963f7d28e17f72",
+    "f96b697d7cb7938d525a2f31aaf161d0",
+    "c3fcd3d76192e4007dfb496cca67e13b",
+    "d174ab98d277d9f5a5611c2c9f419d9f",
+    "57edf4a22be3c955ac49da2e2107b67a",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    char **P, **R;
+    char *p;
+    unsigned char md[MD5_DIGEST_LENGTH];
+
+    P = test;
+    R = ret;
+    i = 1;
+    while (*P != NULL) {
+        if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(),
+            NULL)) {
+            printf("EVP Digest error.\n");
+            EXIT(1);
+        }
+        p = pt(md);
+        if (strcmp(p, (char *)*R) != 0) {
+            printf("error calculating MD5 on '%s'\n", *P);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i);
+        i++;
+        R++;
+        P++;
+    }
+
+    EXIT(err);
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < MD5_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+#endif
diff --git a/openssl-1.1.0h/test/mdc2test.c b/openssl-1.1.0h/test/mdc2test.c
new file mode 100644
index 0000000..d56bdcd
--- /dev/null
+++ b/openssl-1.1.0h/test/mdc2test.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+# define OPENSSL_NO_MDC2
+#endif
+
+#ifdef OPENSSL_NO_MDC2
+int main(int argc, char *argv[])
+{
+    printf("No MDC2 support\n");
+    return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/mdc2.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+static unsigned char pad1[16] = {
+    0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA,
+    0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A
+};
+
+static unsigned char pad2[16] = {
+    0x2E, 0x46, 0x79, 0xB5, 0xAD, 0xD9, 0xCA, 0x75,
+    0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2
+};
+
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    unsigned char md[MDC2_DIGEST_LENGTH];
+    int i;
+    EVP_MD_CTX *c;
+    static char text[] = "Now is the time for all ";
+
+# ifdef CHARSET_EBCDIC
+    ebcdic2ascii(text, text, strlen(text));
+# endif
+
+    c = EVP_MD_CTX_new();
+    if (c == NULL
+        || !EVP_DigestInit_ex(c, EVP_mdc2(), NULL)
+        || !EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
+        || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
+        goto err;
+
+    if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
+        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+            printf("%02X", md[i]);
+        printf(" <- generated\n");
+        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+            printf("%02X", pad1[i]);
+        printf(" <- correct\n");
+        goto err;
+    } else {
+        printf("pad1 - ok\n");
+    }
+
+    if (!EVP_DigestInit_ex(c, EVP_mdc2(), NULL))
+        goto err;
+    /* FIXME: use a ctl function? */
+    ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
+    if (!EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
+        || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
+        goto err;
+
+    if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
+        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+            printf("%02X", md[i]);
+        printf(" <- generated\n");
+        for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+            printf("%02X", pad2[i]);
+        printf(" <- correct\n");
+    } else {
+        printf("pad2 - ok\n");
+        ret = 0;
+    }
+
+ err:
+    EVP_MD_CTX_free(c);
+    EXIT(ret);
+}
+#endif
diff --git a/openssl-1.1.0h/test/memleaktest.c b/openssl-1.1.0h/test/memleaktest.c
new file mode 100644
index 0000000..2b23df7
--- /dev/null
+++ b/openssl-1.1.0h/test/memleaktest.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+
+int main(int argc, char **argv)
+{
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    char *p;
+    char *lost;
+    int noleak;
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    lost = OPENSSL_malloc(3);
+    if (lost == NULL) {
+        fprintf(stderr, "OPENSSL_malloc failed\n");
+        return 1;
+    }
+
+    if (argv[1] && strcmp(argv[1], "freeit") == 0) {
+        OPENSSL_free(lost);
+        lost = NULL;
+    }
+
+    noleak = CRYPTO_mem_leaks_fp(stderr);
+    /* If -1 return value something bad happened */
+    if (noleak == -1)
+        return 1;
+    return ((lost != NULL) ^ (noleak == 0));
+#else
+    return 0;
+#endif
+}
diff --git a/openssl-1.1.0h/test/methtest.c b/openssl-1.1.0h/test/methtest.c
new file mode 100644
index 0000000..11aa233
--- /dev/null
+++ b/openssl-1.1.0h/test/methtest.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include "meth.h"
+#include <openssl/err.h>
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+    METHOD_CTX *top, *tmp1, *tmp2;
+
+    top = METH_new(x509_lookup()); /* get a top level context */
+    if (top == NULL)
+        goto err;
+
+    tmp1 = METH_new(x509_by_file());
+    if (top == NULL)
+        goto err;
+    METH_arg(tmp1, METH_TYPE_FILE, "cafile1");
+    METH_arg(tmp1, METH_TYPE_FILE, "cafile2");
+    METH_push(top, METH_X509_CA_BY_SUBJECT, tmp1);
+
+    tmp2 = METH_new(x509_by_dir());
+    METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/.CAcerts");
+    METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/SSLeay/certs");
+    METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs");
+    METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2);
+
+/*- tmp=METH_new(x509_by_issuer_dir);
+    METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+    METH_push(top,METH_X509_BY_ISSUER,tmp);
+
+    tmp=METH_new(x509_by_issuer_primary);
+    METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+    METH_push(top,METH_X509_BY_ISSUER,tmp);
+*/
+
+    METH_init(top);
+    METH_control(tmp1, METH_CONTROL_DUMP, stdout);
+    METH_control(tmp2, METH_CONTROL_DUMP, stdout);
+    EXIT(0);
+ err:
+    ERR_print_errors_fp(stderr);
+    EXIT(1);
+    return (0);
+}
diff --git a/openssl-1.1.0h/test/ocsp-tests/D1.ors b/openssl-1.1.0h/test/ocsp-tests/D1.ors
new file mode 100644
index 0000000..3fa4a11
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
+Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMjMxMDI1MzZaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDIzMDcwMDAwWqARGA8yMDEyMTAzMDA4
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAJU3hXN7NApN50/vlZTG2p8+QQJp4uaod3
+wyBQ0Ux3DoQZQ9RG6/7Mm4qpOLCCSTh/lJjZ0fD+9eB3gcp/JupN1JrU+dgTyv/Y
+9MOctJz7y+VoU9I+qB8knV4sQCwohAVm8GmA9s4p/rHq5Oymci0SuG/QCfkVxOub
+rI1bWjbHLvvXyvF3PoGMORVHG3SA+jJ9VkHWJyi6brHxY+QR/iYxer8lJsBtpyc7
+q2itFgvax/OHwne3lxsck9q0QgKpmEdJu2LuGyWFIhrEwR3b7ASEu1G/nKClv3dR
+vyOXMm1XIwuUhCjAcpNEKiOMorFwnLS1F8LhfqFWTAFG0JbWpAi8oIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
+BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
+qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
+M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
+LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
+UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
+9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
+Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
+tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
+snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
+PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
+5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
+4J2l
diff --git a/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem
new file mode 100644
index 0000000..c5b993c
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGujCCBaKgAwIBAgISESG8vx4IzALnkqQG05AvM+2bMA0GCSqGSIb3DQEBBQUA
+MFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYD
+VQQDEyZHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMjAeFw0x
+MjA4MTQxMjM1MDJaFw0xMzA4MTUxMDMxMjlaMIIBCjEdMBsGA1UEDwwUUHJpdmF0
+ZSBPcmdhbml6YXRpb24xDzANBgNVBAUTBjU3ODYxMTETMBEGCysGAQQBgjc8AgED
+EwJVUzEeMBwGCysGAQQBgjc8AgECEw1OZXcgSGFtcHNoaXJlMQswCQYDVQQGEwJV
+UzEWMBQGA1UECAwNTmV3IEhhbXBzaGlyZTETMBEGA1UEBwwKUG9ydHNtb3V0aDEg
+MB4GA1UECRMXVHdvIEludGVybmF0aW9uYWwgRHJpdmUxDTALBgNVBAsMBC5DT00x
+GzAZBgNVBAoMEkdNTyBHbG9iYWxTaWduIEluYzEbMBkGA1UEAwwSd3d3Lmdsb2Jh
+bHNpZ24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx/nHBP4
+6s5KKMDlfZS4qFDiAWsoPSRn6WO4nrUF/G2S3I/AdJ0IcSDOHb48/3APj5alqbgo
+o4IzdG6KLAbENpHMl0L3pHBq/5tJPTi02SbiYUHfp2fhueMauRo8spfEk6fNRnDn
+QpyMFRkYd7Jz+KMerTO1xAcOH+xp0KkcP0i2jFTEuM3LwR0yTms1rry+RryjDDt5
+7W0DLnNFWhyGd6YymzNkCPeL6weV8uk2uYRKKf2XOAzgIpNo3zU6iakZOzlQB9h9
+qRuIks2AU/cZ89cBkDjHua0ezX5rG3/Url33jAT9cR5zCXHWtj7VzlOjDXXnn16b
+L9/AWsvGMNkYHQIDAQABo4ICxzCCAsMwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF
+MEMwQQYJKwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh
+bHNpZ24uY29tL3JlcG9zaXRvcnkvMIIBKwYDVR0RBIIBIjCCAR6CEnd3dy5nbG9i
+YWxzaWduLmNvbYIVc3RhdHVzLmdsb2JhbHNpZ24uY29tghF0aC5nbG9iYWxzaWdu
+LmNvbYISZGV2Lmdsb2JhbHNpZ24uY29tghNpbmZvLmdsb2JhbHNpZ24uY29tghZh
+cmNoaXZlLmdsb2JhbHNpZ24uY29tghZzdGF0aWMxLmdsb2JhbHNpZ24uY29tghZz
+dGF0aWMyLmdsb2JhbHNpZ24uY29tghNibG9nLmdsb2JhbHNpZ24uY29tghdzc2xj
+aGVjay5nbG9iYWxzaWduLmNvbYIVc3lzdGVtLmdsb2JhbHNpZ24uY29tghhvcGVy
+YXRpb24uZ2xvYmFsc2lnbi5jb22CDmdsb2JhbHNpZ24uY29tMAkGA1UdEwQCMAAw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCG
+Lmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3NleHRlbmR2YWxnMi5jcmww
+gYgGCCsGAQUFBwEBBHwwejBBBggrBgEFBQcwAoY1aHR0cDovL3NlY3VyZS5nbG9i
+YWxzaWduLmNvbS9jYWNlcnQvZ3NleHRlbmR2YWxnMi5jcnQwNQYIKwYBBQUHMAGG
+KWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2V4dGVuZHZhbGcyMB0GA1Ud
+DgQWBBSvMoTDlFB0aVgVrNkkS1QSmYfx1zAfBgNVHSMEGDAWgBSwsEr9HHUo+Bxh
+qhP2+sGQPWsWozANBgkqhkiG9w0BAQUFAAOCAQEAgnohm8IRw1ukfc0GmArK3ZLC
+DLGpsefwWMvNrclqwrgtVrBx4pfe5xGAjqyQ2QI8V8a8a1ytVMCSC1AMWiWxawvW
+fw48fHunqtpTYNDyEe1Q+7tTGZ0SQ3HljYY9toVEjAMDhiM0Szl6ERRO5S7BTCen
+mDpWZF8w3ScRRY2UJc8xwWFiYyGWDNzNL1O8R2Y95QIkHUgQpSD3cjl4YvF/Xx/o
+hBEzl884uNAggIyQRu0ImLEetEtHWB2w0pZG3nTAqjOAAAyH2Q8IHoJtjQzvg6fy
+IQEO1C5GoQ7isiKIjKBXVYOm+gKSQXlzwj1BlU/OW6kEe24IiERhAN9ILA24wA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem
new file mode 100644
index 0000000..b650f38
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
+MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
+RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
+2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
+AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
+VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
+Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
+wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
+wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
+BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
+L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
+c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
+hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
+JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
+gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
+pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
+o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
+LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
+iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
+qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
+TercGL7FG81kwA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/D2.ors b/openssl-1.1.0h/test/ocsp-tests/D2.ors
new file mode 100644
index 0000000..dcbd4d4
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMjMxMDI1MzZaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAEJN4FuPQPnizPIwEj4Q8Ht765gI6QqMNrvj3UykxYeu
+qUajKcqA+V1zaDHTaz+eCQthtmCNKC9T+zVkjGelVsd7Kn2fVKWqp+5wVPI8dVkm
+6Gs/IGZ16HDnQ/siTrY3ILWCRz4Hf6lnHpIErQuQRQyjlGKNcE7RYmjGw4w0bxx8
+vHN/baCMApBL0D0zeBqlpJCMUZqJJ3D1+87HxHYR1MkMZDC9rOPIhlpEP4yL17gx
+ckrPf+w+A/3kC++jVeA3b8Xtr+MaWOFH4xVn6BTxopczZKVl18tSYqgwITlx5/cL
+LpYEdllC0l83E8GRzsOp0SvFxo0NBotgFNZQQujpOzagggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+U=
diff --git a/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem
new file mode 100644
index 0000000..459f98e
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEdzCCA1+gAwIBAgILBAAAAAABL07hRxAwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw
+MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
+QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h
+VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK
+pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5
+61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh
++dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh
+E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb
+jwIDAQABo4IBTTCCAUkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g
+ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv
+c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u
+bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov
+L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMCkGA1UdJQQiMCAGCCsGAQUFBwMB
+BggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30E
+zTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAOg/NJk04MAioxvxc2Ah67/ocKgPO
+Mq5EluFSA5UKUtZnr1uWfN0ZizBbNjprbqAVxoKhyzlmAFeLAqJuhfusVVq4FVAa
+kN4JSOyo9lccGDG9xn3IvevCpzlRbaL/HHjeHCcE4c8klegO5NUfsPn7UMrLbp5i
+JniG9cT1eI/dcq9uLtWe3c48y7jHLVRg1+WcAkuGRPBXUSvNCps8sfU6TB2KxfAw
+PmWHxA5fbkqsiqge5/rkM4AVhFZlJZv7njCIy5EWwQXDqSTsIdLVsPy3I0annff3
+xlMSeDe0E3OPN5deBJv5mYuTPiZCl5/9HrXVy4hINKJmoPqsco/dRy+CdA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem
new file mode 100644
index 0000000..f4ce4ca
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/D3.ors b/openssl-1.1.0h/test/ocsp-tests/D3.ors
new file mode 100644
index 0000000..d66439b
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAyMzEwMzkzMFowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMjMwOTU5MTJaoBEYDzIwMTIxMDI1MTAzOTMwWjAN
+BgkqhkiG9w0BAQUFAAOCAQEAYaaAzW26JQGFRyawj9ROtnSdJ9QPJ6B/wfpJif8e
+QU9lmKx0zIDdTum3Mc5tfxML71W025UW9jzowAfQ5bZbqa4nwZlWX5Py3hKebeYo
+WiND4pvhS4BRkheSkycEok0bj1FJYWYiJVpnTqKAPnOKrlL4qvGC2IOHk2toS/Je
+iLyoUwxrPtqaXt4Caoa3I70HE3H1QqvPIGIY6V4bxV7Km/xv99QOutkbfANGiNsx
+W7EDB3TRNhldzMnjEwG58X5Pe3xwEVqjCiBL+wQ8JALn08bJzFn9E04aYrqCGc8s
+gw1dgaBoZt+0vbQUN71KEocwMj5mzJqottOyqNwo7FZnBaCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem
new file mode 100644
index 0000000..f371ed1
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIDC7PGMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTEyMDUwNjE4NDY0MVoXDTE0MDUwNjE4NDY0MVowWzEL
+MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
+VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeNSAxSFtymeN6rQD69eXIJEnCCP7Z
+24/fdOgxRDSBhfQDUVhdmsuDOvuziOoWGqRxZPcWdMEMRcJ5SrA2aHIstvnaLhUl
+xp2fuaeXx9XMCJ9ZmzHZbH4wqLaU+UlhcSsdkPzapf3N3HaUAW8kT4bHEGzObYVC
+UBxxhpY01EoGRQmnFojzLNF3+0O1npQzXg5MeIWHW/Z+9jE+6odL6IXgg1bvrP4d
+FgoveTcG6BmJu+50RwHaUad7hQuNeS+pNsVzCiDdMF2qoCQXtAGhnEQ9/KHpBD2z
+ISBVIyEbYxdyU/WxnkaOof63Mf/TAgMNzVN9duqEtFyvvMrQY1XkBBwfAgMBAAGj
+ggERMIIBDTAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEF
+BQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEF
+BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMIGE
+BgNVHREEfTB7gg53d3cuY2FjZXJ0Lm9yZ4IRc2VjdXJlLmNhY2VydC5vcmeCEnd3
+d21haWwuY2FjZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IOd3d3LmNhY2VydC5uZXSCCmNh
+Y2VydC5uZXSCDnd3dy5jYWNlcnQuY29tggpjYWNlcnQuY29tMA0GCSqGSIb3DQEB
+BQUAA4ICAQA2+uCGX18kZD8gyfj44TlwV4TXJ5BrT0M9qogg2k5u057i+X2ePy3D
+iE2REyLkU+i5ekH5gvTl74uSJKtpSf/hMyJEByyPyIULhlXCl46z2Z60drYzO4ig
+apCdkm0JthVGvk6/hjdaxgBGhUvSTEP5nLNkDa+uYVHJI58wfX2oh9gqxf8VnMJ8
+/A8Zi6mYCWUlFUobNd/ozyDZ6WVntrLib85sAFhds93nkoUYxgx1N9Xg/I31/jcL
+6bqmpRAZcbPtvEom0RyqPLM+AOgySWiYbg1Nl8nKx25C2AuXk63NN4CVwkXpdFF3                                                                                                               
+q5qk1izPruvJ68jNW0pG7nrMQsiY2BCesfGyEzY8vfrMjeR5MLNv5r+obeYFnC1j                                                                                                               
+uYp6JBt+thW+xPFzHYLjohKPwo/NbMOjIUM9gv/Pq3rVRPgWru4/8yYWhrmEK370                                                                                                               
+rtlYBUSGRUdR8xed1Jvs+4qJ3s9t41mLSXvUfwyPsT7eoloUAfw3RhdwOzXoC2P6                                                                                                               
+ftmniyu/b/HuYH1AWK+HFtFi9CHiMIqOJMhj/LnzL9udrQOpir7bVej/mlb3kSRo                                                                                                               
+2lZymKOvuMymMpJkvBvUU/QEbCxWZAkTyqL2qlcQhHv7W366DOFjxDqpthaTRD69                                                                                                               
+T8i/2AnsBDjYFxa47DisIvR57rLmE+fILjSvd94N/IpGs3lSOS5JeA==                                                                                                                       
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem
new file mode 100644
index 0000000..3ccc18e
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem
@@ -0,0 +1,83 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors
new file mode 100644
index 0000000..66a60a2
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
+lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH
+itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O
+675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA
+r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo
+DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j
+o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
+BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
+m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
+CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
+T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
+sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
+ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
+BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
+DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
+RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
+ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
+0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
+RI4F
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors
new file mode 100644
index 0000000..664c8d2
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMTEwOTE1MzNaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAF/9ByrCS+pCCK4qovqUAH/yoWckmpLFCzKJGHkErJeY
+FlUbAJuu/Gs0IdLmLp+2VbStjsL4vLtDU2Q4e417C1fm8+ixh+kP7qPRd8cxyMBx
+cmD2m1v0CgbrflCZEC71cTrrWpcW+6jg623lI4Ug3A4zlizbT/f9IrxuV9VB9/G5
+6kPI5dYOVZM0ColIxmJsafuxfr6ONQLPHKTlZJK3SyWebs25006OmrSyfBi0j26j
+WU5d6B2NJZBKqvDVMXxZ0q6QOgKxOs8WD+6DaA1d1f7gTOl45XJZWz5KnRePyRxM
+Fp0ak6XYbE1y2vHE2RWp1w4lcVJ0BUQXWxx+g86F5W2gggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+Y=
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors
new file mode 100644
index 0000000..ac2bb25
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEwMTAyMVowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTEwOTUyNDJaoBEYDzIwMTIxMDEzMTAxMDIxWjAN
+BgkqhkiG9w0BAQUFAAOCAQEAWX7faLDXkmIdOv/IKBh7awhPmGUhFPVSrMI4dc9/
+fcPDOYhFwWr9evKT/QdXRGpZY493mfa4Z6eEDxRDTexOloaiaJzVpSeV9hoJUxoS
+8NEWDyi33bDlIJH6zru4kk1LpuSMiSWsvLaeoRhHmW3EPDeadpCa5tYX2yNW5hdP
+iCfphDJ34/hWHHwHP6mLd1wEO1Rw6nymqeDbuLk1FviD/ZWXMGzK8Sv++tmsQ0Tg
+7XrkIPcSrozPKOTCf/1iJVF5KeQVIb0Ju1PvGUKtGaVTX8IZQmer2WQ1D6OOUcsS
+cWA6NSpWmScX/0/uBpXdSDX0AnGUS9SNrPNEolz6rA5OUaCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/paw==
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem
new file mode 100644
index 0000000..b884775
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
+MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
+RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
+2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
+AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
+VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
+Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
+wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
+wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
+BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
+L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
+c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
+hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
+JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
+gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
+pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
+o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
+LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
+iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
+qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
+TercGL7FG81kwQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem
new file mode 100644
index 0000000..22f34cb
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4Q==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem
new file mode 100644
index 0000000..c1752e6
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVE
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem
new file mode 100644
index 0000000..25bb90f
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf7
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem
new file mode 100644
index 0000000..129eb4b
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
+MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
+t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
+HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
+Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
+pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
+R1uUq27UlTMdphVx8fiUylQ5PsI=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem
new file mode 100644
index 0000000..4904a32
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgU=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors
new file mode 100644
index 0000000..d28c9ec
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
+lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxMTU1NDVaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTAwMDAwWqARGA8yMDEyMTAxNzEw
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCaiUf6TuPaSmZR2i3hUwqdEfhjcZkcCXPu
+9diWuDZbaL6ubthfeTwx6OsZ0eM3Q+WPhBNlYQ9Sm8PDUQsQiq3YvuYu+QUisChx
+PN6BUEwFQZAGz+FX2h5+kAmK1M/xZeXMBCXJWJCClagiw5hOJfeV0ue7RUZRVuZv
+am0ZjyIeLsxsIrxghlcaJRosFmYNoM++euu5lvclutv1UQ5yyNxlYy0T/jA9gS07
+WJ/i38+zxnXTuAPOm67p5N1IkEAEg/7OPRIG17Ig1C38NctN74vAOdTU1d/ay05V
+Bz4ZiI9PffkUkPgW2QRQCEjv50i80wYkKH5pIbT/mTk4t53DUK1UoIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
+BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
+m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
+CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
+T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
+sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
+ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
+BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
+DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
+RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
+ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
+0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
+RI4G
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors
new file mode 100644
index 0000000..b6c541d
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBT0zghPr/K8
+jV5hpjGMML9Q+DwzShgPMjAxMjEwMTAxMjA5NTlaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAGZY28eFWl169g7puLnKSeEzi6Ma5/rErOveFRp052ck
+785B83HWkNmW/Bgw7Ws6Y7jBJce6ZQ5TMhwgNP34HuG/mVyn2ZjtCe4KKFBVnZV7
+mHGx93jgKkQvdp4pbNKxZ504eZDp8UOlR9+uwWOWHVObn7o+2N8iWKErSbZ2uX54
+Ajk8Hg/XN5wI4RUtcK3QpZSf3Ren5iit4NInwCpmTOkDz/IVK96BWaEQICq4VlHG
+ziD0H0SlBQCdcSPzZndGoCtIhNyJEL3O2y3Grg4X1XH7VeeyGesuTLEIAEMHJPJD
+TOVNoe5YPRK9Tqb+6jsubw8X/1b72kw3xVgb6MfC0tqgggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXoveHMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQY/h5DSRT24n
+mMtD19lrn8WZzOoIl+Z9qOsrLLjEQeTMDlL7JPZh5pLaHHb6kSWT+O/RcEwpw6Dq
+H9jtAgDOsGoN7gCK7wJbIvn4MdmkXZqVBcVl3uLuII3v1CPnlc/zoz5d9qXcZKb6
+YuzseyzhDPecQ+7l2NVAUOFUj8GXOZi//bIveMsm+/zSLMfriIC84Uym2QY649SC
+aFNbtF/tR6upvLCLe0b2D1g+OBfGqZasi3QI5uX6lT0gHbCnPhRo3uxG2+S4KL3M
+9sndMByrR5K6QuVf7UqA1vt0CfbA2OUXwcH5x3/TsHxtXDj2F/fWnC9QBBSN5n4I
+G8K7ZpYtAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBT0zghP
+r/K8jV5hpjGMML9Q+DwzSjBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAGU9HIQImzhTHkQLyA178dUdnF5E3DdzmNtwVV3cxGrFOLMpciMQLioQ/xp5
+t6j5Mshlp59imFylqowRRxRy4aN5TtMCufNh7yHIxI2Dt4O6qpPM946t5CJkMy+k
+63pXz2xFIxaJDzAmzpWzu70OY0jrh3dZa8NR4AvhtoZ8zFE6suva6ZGK7JIoINaA
+j5uyZ0qU+7vFwV1awdReNV6494z/HRjs1n956mNbalB9mKp9XXyfZlix/nN5mTJd
+NlJqz7QjnCzZRM/Gfamzk8L3/CPS3XmSblFyn6SeZ92Vms4PNqZiEUNa2TMKXQR1
+EMiDRMkyfIIMI80VgRvvzCiOt0c=
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors
new file mode 100644
index 0000000..a8a2f91
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDEzMjE1OVowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTAxMzA1MjBaoBEYDzIwMTIxMDEyMTMyMTU5WjAN
+BgkqhkiG9w0BAQUFAAOCAQEAH1auyXFf1fOdfShSnAFkg5JsRUvajrilUioTkPIn
+IGYV//huaPNZwZGCC2haZIdUuKB6G2OCXeZVskBTXPjt8/6JmoHgsZeI3x5xKXxZ
+vddLC0PgYp0cA3FqjXR2UCpdBF+GK37rnfZsdW2vD9JaEBXxTV4+ICDAg15ZphJW
+lLGmdP3mQqPURIwamcYam8tntARimgEpA0KgfVue2A+izjcxC7qk9BQYG72Fh3hC
+ZFxi5u6xKNUQ2EBF9KXZyP9d2i/bYCZAUeUSRtir+fsOXHlihYRih9npKyAPwpHd
+NqhwK9NhKed8gmkX3cSaK0arBx7ev7avhM4Dqem+BzppjKCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors
new file mode 100644
index 0000000..b230622
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
+Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTAwODU0NDVaMHMwcTBJMAkGBSsOAwIaBQAE
+FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
+IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMDA4NTQ0NVqgERgPMjAxMjEwMTQwODU0
+NDVaMA0GCSqGSIb3DQEBBQUAA4IBAQDHKDxWTbAHRXY7HapfhE99T+OSa/AfRYqX
+H9yIeMRa5VftXMyvBFuvVm/qLRwK6mxhkiVIvF/Pk5yxMjbm7xPO26D+WHOdQML4
++M4OX9BO76FjZRin5x+4b0Xo5SuSU1ulqfvSZnx+nG+hMbt/3Y7ODCEUWCYFoXNp
+U+TXTbv2mwJ9AL8Q/zjL4P8NJHzFJBKjEs+AAVRxTY/5RHHKU9dcm7ux/gsWoDUM
+w677Xxzn6icd8mqn72/HmzPnMrLHKKJFe2escbJn7JlV6qbZ9EWbrr+3OH0IJy5I
+E3LcPIsNZ//QEc6vS6J+j8ljV8Xne6rS1EmiOwV9NgubvYwDCm4R
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors
new file mode 100644
index 0000000..d14efb9
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
+N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAwMDI1NTdaMHMwcTBJMAkGBSsOAwIaBQAE
+FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
+0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDAwMjU1N1qgERgPMjAxMjEwMTQwMDI1
+NTdaMA0GCSqGSIb3DQEBBQUAA4IBAQCJRXcrz4wJe7bqWBHULu/QDXVz74OhSNlu
+swI0J4h+UmzJuW1GpdhTwJcTG3ARVwCLKz3evvpvHSumcsop0G3NolryNLP/oGD0
+Vf6PbLrJ8v+NxUNugPbtWM985Ti/B2a+XjbzYlH2vS3KOTL4X1zWSL07IQFNXc2h
+yHBscKpYgt0mZcFZFxN3NTCNpT6IjJzZzTG9xTYZ3hZdMQQ3DYO+/Hv4J+U1/Ybq
+CjuMWRak/0R/BiBDJdGhbThlvV7bNUxYY7DVaOiLER8ptpmhnzlB/vsTAxZqX48J
+mJdv2bxoTby98Pm/BMydEA9qcFqyP1XvqhzIY35ngoS/1XREyW7t
diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors
new file mode 100644
index 0000000..3ee7158
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors
@@ -0,0 +1,10 @@
+MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
+9/rEJlTvA73gJMtUGhgPMjAxMjEwMDkxNjAxNTNaMHQwcjBKMAkGBSsOAwIaBQAE
+FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
+bJWejX5BTb8DmevkCauAABgPMjAxMjEwMDkxNjAxNTNaoBEYDzIwMTIxMDEzMTYw
+MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAFnJAzuT8P4KKyTI6sdj5HkQ352qEu5CN
+K9M2kU/eg9kPfwLv8z3yArobwgx+/IDRajbVAKrk8UPCGUqkDc0OiU5c0+jpn+nT
+20VVCtWsBSWDfzKqYln/NGrblhv+/iuFZJpyfud5nWguW5nogPC8IAfgt9FMDMl6
+wlQWLSWEkgAJWvhNR3nzgvyMnuDuMIVQgB9/+vAIxA7nlpEEh6KTswyGqE9+u1yC
+kvrz4PwKZQMT6r1eRCLs6NaagOZT84QHhZ6TAA+QHjfK406KL8F9mFgbGKbW+st2
+QHm+giUhrgZMv+1Yaxe34BjDS439LCPjdZ29On8FeZr3F55T+s3VzA==
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1.ors b/openssl-1.1.0h/test/ocsp-tests/ND1.ors
new file mode 100644
index 0000000..7452741
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND1.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
+Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
+FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
+IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
+MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
+8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
+RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
+eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
+mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
+087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem
new file mode 100644
index 0000000..e646162
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGTTCCBTWgAwIBAgIQIuEzIiCgSN8psr+aMcKbBzANBgkqhkiG9w0BAQUFADCB
+jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV
+BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew
+HhcNMTEwMzMxMDAwMDAwWhcNMTMwNjI3MjM1OTU5WjCCAT8xETAPBgNVBAUTCDA0
+MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9y
+Z2FuaXphdGlvbjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UE
+CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJ
+Ew1UcmFmZm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJ
+ExwzcmQgRmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8g
+Q0EgTGltaXRlZDEaMBgGA1UECxMRQ29tb2RvIEVWIFNHQyBTU0wxGjAYBgNVBAMT
+EXNlY3VyZS5jb21vZG8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA168izw0zK6cChTGFuAwNARwTu1Ky/z+dXHkSmB0tQrAk3bq7mnUPtmQ+td8r
+G2hlhQPd+YXQVYEW3RuopydmdB9wMlEGCCfU2ZqohsC9uut+HenCVbYvn4sSB0KJ
+VdOXLPCEnfdk/FmcNWcYv73HmoJXZjT0THNQmnfpo6mMGAOerenMgNuCpq1buZ8c
+fFUeUY18ZGLZKZyRNM6GPgVA37Dm8Ru+9Cf8/rm7NSIoVWH4BDztM3Y1BZvZ0d4G
+49jRA4MXbhsDEMYzaSCDmaRHSFhCtrGkN2S4A1ZxoSoxQVCLcnnInVd+J0X8J6pa
+Efio/aD6UQBQq29HyTsWVe6BewIDAQABo4IB8TCCAe0wHwYDVR0jBBgwFoAUiERR
+/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFKvAXKp4bYRmxU4SlM8k8FbWiXiL
+MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
+BwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMEYGA1UdIAQ/MD0w
+OwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNv
+bW9kby5jb20vQ1BTMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL0NPTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
+bDCBhAYIKwYBBQUHAQEEeDB2ME4GCCsGAQUFBzAChkJodHRwOi8vY3J0LmNvbW9k
+b2NhLmNvbS9DT01PRE9FeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
+cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAzBgNVHREE
+LDAqghFzZWN1cmUuY29tb2RvLmNvbYIVd3d3LnNlY3VyZS5jb21vZG8uY29tMA0G
+CSqGSIb3DQEBBQUAA4IBAQC9SoVG+B40khDWAzlz+G0WDBM3OuqK5n8vY/XxdPS5
+qyv6K05S4VRGR/6PQa1UVzMbnhfLh54OWrpnalRGabpTmKDu8Pa912pzDSzMxg4U
+Rff4/hVLd1n/58q+riLxdtkIigLUjtFfwUrE1H89QODOCb4nw7f9BQaDoug+ovM3
+KO9rxVZ/3TshaxW0mPVM/cMbX+6RrQ7+d1y5fdX/fksCZhOW+P25+FPlaorQEWNa
+s0UZNQ6qVuxB7CPmnLqmLBfAKTbeKcQFxx//0eyyZqCkzIvYUNjeRR0Q7DnxXq4C
+Pj1Y6VcPJDmZOeogte5/vNIdU8Wq55IJJ1G/uKXztwVT
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem
new file mode 100644
index 0000000..20585f1
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem
new file mode 100644
index 0000000..08f04f6
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem
@@ -0,0 +1,58 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE8TCCA9mgAwIBAgIQbyXcFa/fXqMIVgw7ek/H+DANBgkqhkiG9w0BAQUFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD
+VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO
+DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3
+lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5
+8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec
+4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl
+RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB
+cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl
+i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j
+cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI
+KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0
+LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0
+cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG
+AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA
+A4IBAQAHYJOZqs7Q00fQNzPeP2S35S6jJQzVMx0Njav2fkZ7WQaS44LE5/X289kF
+z0k0LTdf9CXH8PtrI3fx8UDXTLtJRTHdAChntylMdagfeTHJNjcPyjVPjPF+3vxG
+q79om3AjMC63xVx7ivsYE3lLkkKM3CyrbCK3KFOzGkrOG/soDrc6pNoN90AyT99v
+uwFQ/IfTdtn8+7aEA8rJNhj33Wzbu7qBHKat/ij5z7micV0ZBepKRtxzQe+JlEKx
+Q4hvNRevHmCDrHqMEHufyfaDbZ76iO4+3e6esL/garnQnweyCROa9aTlyFt5p0c1
+M2jlVZ6qW8swC53HD79oRIGXi1FK
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem
new file mode 100644
index 0000000..3260db3
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2.ors b/openssl-1.1.0h/test/ocsp-tests/ND2.ors
new file mode 100644
index 0000000..24c1cb2
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND2.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
+N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
+FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
+0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
+MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
+sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
+PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
+oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
+vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem
new file mode 100644
index 0000000..3260db3
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem
new file mode 100644
index 0000000..dc99810
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
+MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
+t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
+HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
+Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
+pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
+R1uUq27UlTMdphVx8fiUylQ5PsE=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3.ors b/openssl-1.1.0h/test/ocsp-tests/ND3.ors
new file mode 100644
index 0000000..2008418
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND3.ors
@@ -0,0 +1,10 @@
+MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
+9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
+FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
+bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
+NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
+P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
+FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
+YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
+K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem
new file mode 100644
index 0000000..c6a76d6
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCBMWgAwIBAgIRAKcNbJWejX5BTb8DmevkCaswDQYJKoZIhvcNAQEFBQAw
+bzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B
+ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3Qg
+RXh0ZXJuYWwgQ0EgUm9vdDAeFw0xMDA1MDQwMDAwMDBaFw0xNTA1MDQyMzU5NTla
+MIIBCjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFm
+Zm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQg
+Rmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8gQ0EgTGlt
+aXRlZDEaMBgGA1UECxMRQ29tb2RvIFByZW1pdW1TU0wxLDAqBgNVBAMTI2FkZHRy
+dXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAz5MM/mco91yFJNtF3t9c0x/bGds+zGAqJlHBXCR43og+
+3vgsBkCcn5M3PAqmL6XxilpsrEfS6RqtNcLfxwDyl7rr3qpJSM537Km1ZGOTHs0C
+i0JA4YBZFOxBwPO2nHQGD+t9kJx3auFdBLnjJc5Q3jFUmnyJ8D2h3P9BrHgOoIbO
+KYOUc/3zcqE6NttdbiuUMzlad8guhnXlWPCh2NJtNtMLDQxG7DWWDEm/Kt+CdKAR
+jko6kEp7nqBKyujjJoGD2nEtEnuuqiB9n6sgSXR1NGtecJrW8IqIS7hkcsxhGTI9
+jnY73+NiMV3nglejkNseTUdcEi6L94EdifXuVLgEAwIDAQABo4IB1TCCAdEwHwYD
+VR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFDXpt6NocCrd
+7XZ2MLUa116TIesKMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEB
+AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ
+UzB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU
+cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u
+bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAk
+BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMFcGA1UdEQRQME6C
+I2FkZHRydXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tgid3d3cuYWRkdHJ1
+c3RleHRlcm5hbGNhcm9vdC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEFBQADggEB
+AF2TF6xg8ZoBICoiQvjD2Z0SKcJRw1Dhj3HpGzV9F+Y0e/MxCXhYA+340JZxnC2P
+VA968QKFrNwDWiS9Klc+cs4k3HIeiZp3uHw1ezElqXXNa+S1CrSS03FqWeeugSrB
+xpuXCWDJSfD4DJq835hlEuXgxmAjsbuRUjaq1lxwSWnNoBkfMCCAgVlHtFljTlqq
+nwfBZcnj73+yiERgTvhN4gEL59ZzjFliKEUuXHZoe8klhn73cnY+XoRV0e7wU+Xj
+PzLoAhjGkS35hfDQTHdCwNBaN3iI2Q+HBjhfffAYFdK+Jo3kSXq12s7CJD7utAho
+xxRhA0l1ziJgrEubLi6ItNg=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem
new file mode 100644
index 0000000..20585f1
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors
new file mode 100644
index 0000000..c8ce8d8
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
+Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSxsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr
+XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq
+NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO
+/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S
+xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4
+Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
+BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
+qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
+M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
+LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
+UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
+9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
+Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
+tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
+snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
+PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
+5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
+4J2l
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors
new file mode 100644
index 0000000..1d562fa
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRhe2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3
+KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW
+woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6
+wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z
+v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc
+rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+U=
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors
new file mode 100644
index 0000000..cbac8e8
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MDYzNlowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBe1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTExMzU4MTBaoBEYDzIwMTIxMDEzMTQwNjM2WjAN
+BgkqhkiG9w0BAQUFAAOCAQEAjcryO6FUK5+TcPBxJKixVt9q07Xy3qv1e/VFuJ0f
+tnYDcu83Q5yCta49PXaA13nFDFZ445wCDivDBLolS6JKSh+JrLpAxSBzak7Ps8wz
+DPNAtexZz9/hPPzHnGOMlRtew07jk+NX5ZgCxDZGmBHIHOGyab2WoqmpRTll0oP4
+b/DzI3mzrur5lm2NAT3ZJ8bVaWsAJBVTfUye3S4GRWlfGSRVAMk0QHnCkYP42okc
+psIKbvdIoS2gxo6kBTMevxciPV2lPIiSrIWH0IGm7AqGM5+Vz7IdbD6fOQd1I3uw
+O+1NugMYfScB6jCvSW2uESeRZ+qW/HMXQbU1eiH+x88UIKCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors
new file mode 100644
index 0000000..a16476f
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
+Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
+FEi2DTgjjfhFbk7lhD6jlBEYApefBBSJRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
+IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
+MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
+8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
+RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
+eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
+mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
+087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors
new file mode 100644
index 0000000..5aff2ab
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
+N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
+FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQMWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
+0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
+MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
+sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
+PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
+oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
+vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors
new file mode 100644
index 0000000..4f8a6ea
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors
@@ -0,0 +1,10 @@
+MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
+9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
+FHyxZlScq9tE7mImFq30ZXv3etWUBBSuvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
+bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
+NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
+P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
+FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
+YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
+K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors
new file mode 100644
index 0000000..ed627ba
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
+Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE
+FKFyDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr
+XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq
+NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO
+/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S
+xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4
+Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
+BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
+qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
+M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
+LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
+UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
+9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
+Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
+tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
+snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
+PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
+5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
+4J2l
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors
new file mode 100644
index 0000000..b89fcf8
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE
+FLhXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3
+KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW
+woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6
+wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z
+v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc
+rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+U=
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors
new file mode 100644
index 0000000..c3d7c94
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MzkxOFowZjBkMDwwCQYF
+Kw4DAhoFAAQUjKTJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTExNDIzMjVaoBEYDzIwMTIxMDEzMTQzOTE4WjAN
+BgkqhkiG9w0BAQUFAAOCAQEAgdrf+v+BwEhG0ghTLMVmuxWprJr/9VFtpKpxQrTo
+egSoW+5JOPCUAStfw3R3u7QM8sJf9bnPorgoCoY1hPKcWNLhvf1Ng3QlVkNa6NcO
+EonbuI4KE9Rhoflpf//pD/3AFKzU+ecRs04KtYezKrUvC1RayGabd7bgtIpdFss4
+ZCZ22riqjFtqD3+2//AHg7VaqiJMKlRt05CMmGe+HKn5PEN9HaeI52nsTf+L1Jeh
+ItnaDPfV76vFHHXyUhR3iIgnqQDCig0q3yj7BQqH50+K+myiMAY+p8cuVqebno1i
+BzXxxpZl/fw1KnTFdEa7p2jtmXw3KZiHAWAddwg1F1tHTaCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors
new file mode 100644
index 0000000..af47552
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
+Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
+FEm2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
+IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
+MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
+8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
+RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
+eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
+mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
+087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors
new file mode 100644
index 0000000..99417f7
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
+N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
+FO2+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
+0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
+MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
+sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
+PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
+oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
+vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors
new file mode 100644
index 0000000..73dc42d
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors
@@ -0,0 +1,10 @@
+MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
+9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
+FH2xZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
+bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
+NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
+P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
+FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
+YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
+K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors
new file mode 100644
index 0000000..d7566cf
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
+lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH
+itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O
+675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA
+r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo
+DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j
+o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
+BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAx0kb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
+m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
+CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
+T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
+sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
+ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
+BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
+DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
+RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
+ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
+0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
+RI4G
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors
new file mode 100644
index 0000000..757db75
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMTAxNDU0NDhaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBACkGyoGefA2WuktIerofBoPgeyT8Mry57DxF7IEvX8dI
+Adk+MZRo5suYIE2AJty8bohYYiIxS7sZ5nsUM+iyu5cIdmsIwt/YifYsSdHc6DKz
+l3Yh4bS27QX05/Vuok3HmEMsRBmensKATMfvGP+TOwhuFeHWAK8KHSCmUbGZFP3A
+WKtrhRh/qC4qetMt07z/OKZcqHUYegEpO3xqRJ4MdqRJpV1urjdL/852US0mWAOL
+/EPoexWiHiKJmsNy7HAEKFQ+daqdZYM1BTGbS2aj3go/BVqf0xEhRLT0fsdof4Is
+1Cy2ZHGbaVEyOQpXsxUEAqEdJcFRcLFGhdgnUjcQ9lqgggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+U=
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors
new file mode 100644
index 0000000..c33179c
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDE1MTkzOVowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTAxNDU2MTdaoBEYDzIwMTIxMDEyMTUxOTM5WjAN
+BgkqhkiG9w0BAQUFAAOCAQEAH1Bs3glJoAvCHhgVtN4F/avlKA1St74v7yuD1DIu
+cBf/4YRJdxZATXMI8I0TPjSl8L+rRAiUTVd8sPhWQ9XD9WaYKkTEjuQSPp851/81
+zDihz9Kj5Rzo5PYpFsbSps/ALMQSRkrtuX4DCm9fbK7xC+adpbhQDnWW/GXM1+Ob
+lv3pHDQXLh2GQbRsaJBgLeSUxIIE7RWJv1N+Ugi5zF8rja5qnJ9DnkilEqMeXQp8
+SThaI+TOe+KHK+7wTp5QkFNIE5l/uKgvSNIOwLe9HDevlSl1wYF6e+mAz3uoQyJa
+Ucx8FIoV6CIr+wUd+P8CmNXiQ7M59I8gm3FCDiEvWDQGEaCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCdxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem
new file mode 100644
index 0000000..93fb70d
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
+MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
+RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoUbMUpq4pbR/WNnN
+2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
+AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
+VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
+Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
+wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
+wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
+BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
+L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
+c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
+hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
+JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
+gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
+pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
+o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
+LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
+iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
+qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
+TercGL7FG81kwA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem
new file mode 100644
index 0000000..61db7ae
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem
new file mode 100644
index 0000000..f03432b
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAzyLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem
new file mode 100644
index 0000000..f0d9811
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAM1KljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem
new file mode 100644
index 0000000..14d35cf
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
+MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UCLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
+t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
+HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
+Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
+pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
+R1uUq27UlTMdphVx8fiUylQ5PsE=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem
new file mode 100644
index 0000000..ba7fb8d
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors
new file mode 100644
index 0000000..6589782
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors
@@ -0,0 +1,32 @@
+MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRg2uQDFpGg
+Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMTI1MjJaMHUwczBLMAkGBSsOAwIaBQAE
+FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
+vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
+MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAHQBPHdHWNzaFs5bfBvQcvxBWsDnsCFXNs
+a1fECiWDFNt6Nz4MCBY4rC7n0nhQfvg4m1woNcTAZVO8lacYomwUU/5/XpeFM6yc
+NeFcVbfVXA48GWPANitNQCwyRL5hGfIqNy1I9T1BHlBqYusmJKy65r2iqpmld/hD
+7S1dsCd4fXhjBQQORPmBqhKvWEU08Dh5aoaDAuaZoxRH8B1q+mUs0ODOIu34L84y
+JcxTKccd/HCwI8oxwLoBtyXSHb+dCzc7zSjFvQhbT5dOCvJNNe/fk6+EhMtQ6ybC
+D7p9EShCvU5jAdw54bZWk5wIQSvsWk9axUmYFFLYI3hAaoybpFVroIID+DCCA/Qw
+ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
+WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
+BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
+MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
+ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
+BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
+qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
+M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
+LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
+UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
+9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
+AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
+HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
+dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
+Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
+tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
+snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
+PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
+5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
+4J2l
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors
new file mode 100644
index 0000000..4e11e4b
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors
@@ -0,0 +1,32 @@
+MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTrlwecTarB
+yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMTI1MjVaMG4wbDBEMAkGBSsOAwIaBQAE
+FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
+AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
+BgkqhkiG9w0BAQUDggEBAHThkPoy6eA7qX9y5C5b1ElRSwdjzsd15OJSqP2yjQbS
+Ol1K8DWtX0UhTfRH+CrIPoWL40g2HjXtIVeMD6s3hakYimZUenIJ/IRRSVWp+EXU
+MewgTVPz/wJN/9dJIkSbOI/BmpIGlaaBaLwcb39nJjZMq0sXj8jRI5i0isotOAFz
+Zc0R20viBEH099KuGktB2fKKEpVbbWPljTxKzkIBs9SXZBIqd/X2MWzQWcLKzhL0
+oynkvqxTFqNVjjZKcKSXPS/XEUufLrv/E3xQZYAfTJr778kFkyA8JzrXiH6W5DX6
+UbqsnO5DaPZvMDfvlQWETkoS1j+Qgu2mIWzdiw7sPrOgggQQMIIEDDCCBAgwggLw
+oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
+MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
+GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
+NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
+di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
+bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
+MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
+oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
+866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
+ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
+MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
+yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
+TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
+AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
+BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
+DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
+ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
+8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
+uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
+4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
+YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
+fBIRKjnK621vAWvc7UR+0hqnZ+U=
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors
new file mode 100644
index 0000000..61e2d09
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors
@@ -0,0 +1,38 @@
+MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
+BAYTAlVTMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
+Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
+A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEzMjE0MVowZjBkMDwwCQYF
+Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
+ORjRAgMLs8aAABgPMjAxMjEwMTExMjQyMTZaoBEYDzIwMTIxMDEzMTMyMTQxWjAN
+BgkqhkiG9w0BAQUFAAOCAQEAEWd9kKEfaurOXDV98OVtU27TmK4L4MeGEPdkg1i+
+fbPMe1mouWlVm23W6yaM7mM2NMXLW+hTNzqfyMPM7rByXNaFAAniCPTXNO3eJRIA
+Zf0F10OSdBQ/ln4igHQCVZCnXR30/aP5/PMb4u3/LTuC9aW6K7mLXcuCvJztGnXO
+v3r64q/qTGG/b4eS65exykV9riSFuGp1rzLAy5fSYTBWTOBQ679PFjQnL60GkrZA
+Egtxw2ozEDwo+X0WamEouxN8mjX/VQlMdEbykUFDuPD3vZydZ04BV9f18RJZOU9j
+gCwMzd9gb4jUL4ykdWiLmO+YPDWFyNSYEIfnGgk1VvPHuaCCBL4wggS6MIIEtjCC
+Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
+HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
+dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
+cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
+BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
+QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
+VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
+2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
+3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
+uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
+mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
+VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
+VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
+MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
+r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
+VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
+6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
+STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
+ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
+g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
+5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
+HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
+VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
+wG/pag==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors
new file mode 100644
index 0000000..b6fadc5
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSJRFH/UCpp
+Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
+FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
+IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
+MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
+8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
+RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
+eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
+mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
+087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors
new file mode 100644
index 0000000..251f0df
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors
@@ -0,0 +1,10 @@
+MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQMWOWLxkwV
+N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
+FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
+0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
+MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
+sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
+PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
+oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
+vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors
new file mode 100644
index 0000000..19641f5
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors
@@ -0,0 +1,10 @@
+MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSuvZh6NLQm
+9/rEJlTvA73gJMtUGhgPMjAxMjEwMTAxMzA3NDZaMHQwcjBKMAkGBSsOAwIaBQAE
+FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
+bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTAxMzA3NDZaoBEYDzIwMTIxMDE0MTMw
+NzQ2WjANBgkqhkiG9w0BAQUFAAOCAQEAA70+GYJoFuUBwIN9KHMqmOOtnmoLBBlm
+HL2Su70ZEqSmL4zTt3iHY3m2YaNYSPphgDlQ4lY8zGAkCSrZ3ulpJun3RRy+gD29
+0ks155tChMbYNZrFm46vKWabBjh2p+623daymlcbgizi5Z+P4oJL68VrOqh+DArE
+MpHH16BTGaF+bAjzTRSbS90xUReqwnnEpRBrmcQVo4uKpSkbyrx7iMLqsJ2vGpgh
+xqj1kNPT9g3+gegmdU9QpFV0l9ZV8X/f0uz5nT4I0NL81d/KDHGx2rd+bftLODeL
+ZAWAzFbr5B5EMqPGoh/SQXpcuVOqMHjh8fi8PBXBcitlIFzdDKXDvA==
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem
new file mode 100644
index 0000000..3f1c053
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
+MTAwMDAwWjBZMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
+RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
+2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
+AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
+VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
+Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
+wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
+wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
+BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
+L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
+c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
+hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
+JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
+gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
+pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
+o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
+LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
+iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
+qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
+TercGL7FG81kwA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem
new file mode 100644
index 0000000..af1b8b0
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCVVMxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem
new file mode 100644
index 0000000..764797a
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdUZXN0
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Rlc3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem
new file mode 100644
index 0000000..06b6908
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
+MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
+7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
+HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
+hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
+b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
+BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
+5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
+fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
+MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
+bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
+MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
+cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
+Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
+P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
+TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
+hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
+tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
+9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem
new file mode 100644
index 0000000..1b46fcf
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
+MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
+t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
+HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
+Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
+pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
+R1uUq27UlTMdphVx8fiUylQ5PsE=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem
new file mode 100644
index 0000000..4d1f454
--- /dev/null
+++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCVVMx
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/ocspapitest.c b/openssl-1.1.0h/test/ocspapitest.c
new file mode 100644
index 0000000..42befe7
--- /dev/null
+++ b/openssl-1.1.0h/test/ocspapitest.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+
+#include "testutil.h"
+
+static const char *certstr;
+static const char *privkeystr;
+
+#ifndef OPENSSL_NO_OCSP
+static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
+{
+    BIO *certbio, *keybio;
+    X509 *cert = NULL;
+    EVP_PKEY *key = NULL;
+
+    if ((certbio = BIO_new_file(certstr, "r")) == NULL)
+        return 0;
+    cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+    BIO_free(certbio);
+    if ((keybio = BIO_new_file(privkeystr, "r")) == NULL)
+        goto end;
+    key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+    BIO_free(keybio);
+    if (cert == NULL || key == NULL)
+        goto end;
+    *cert_out = cert;
+    *key_out = key;
+    return 1;
+ end:
+    X509_free(cert);
+    EVP_PKEY_free(key);
+    return 0;
+}
+
+static OCSP_BASICRESP *make_dummy_resp(void)
+{
+    const unsigned char namestr[] = "openssl.example.com";
+    unsigned char keybytes[128] = {7};
+    OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
+    OCSP_BASICRESP *bs_out = NULL;
+    OCSP_CERTID *cid = NULL;
+    ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
+    ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
+    X509_NAME *name = X509_NAME_new();
+    ASN1_BIT_STRING *key = ASN1_BIT_STRING_new();
+    ASN1_INTEGER *serial = ASN1_INTEGER_new();
+
+    if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
+                                   namestr, -1, -1, 1)
+        || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))
+        || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))
+        goto err;
+    cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
+    if (bs == NULL
+        || thisupd == NULL
+        || nextupd == NULL
+        || cid == NULL
+        || !OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd))
+        goto err;
+    bs_out = bs;
+    bs = NULL;
+ err:
+    ASN1_TIME_free(thisupd);
+    ASN1_TIME_free(nextupd);
+    ASN1_BIT_STRING_free(key);
+    ASN1_INTEGER_free(serial);
+    OCSP_CERTID_free(cid);
+    OCSP_BASICRESP_free(bs);
+    X509_NAME_free(name);
+    return bs_out;
+}
+
+static int test_resp_signer(void)
+{
+    OCSP_BASICRESP *bs = NULL;
+    X509 *signer = NULL, *tmp;
+    EVP_PKEY *key = NULL;
+    STACK_OF(X509) *extra_certs = NULL;
+    int ret = 0;
+
+    /*
+     * Test a response with no certs at all; get the signer from the
+     * extra certs given to OCSP_resp_get0_signer().
+     */
+    bs = make_dummy_resp();
+    extra_certs = sk_X509_new_null();
+    if (bs == NULL
+        || extra_certs == NULL
+        || !get_cert_and_key(&signer, &key)
+        || !sk_X509_push(extra_certs, signer)
+        || !OCSP_basic_sign(bs, signer, key, EVP_sha1(),
+                                      NULL, OCSP_NOCERTS))
+        goto err;
+    if (!OCSP_resp_get0_signer(bs, &tmp, extra_certs)
+        || X509_cmp(tmp, signer) != 0)
+        goto err;
+    OCSP_BASICRESP_free(bs);
+
+    /* Do it again but include the signer cert */
+    bs = make_dummy_resp();
+    tmp = NULL;
+    if (bs == NULL
+        || !OCSP_basic_sign(bs, signer, key, EVP_sha1(),
+                            NULL, 0))
+        goto err;
+    if (!OCSP_resp_get0_signer(bs, &tmp, NULL)
+        || X509_cmp(tmp, signer) != 0)
+        goto err;
+    ret = 1;
+ err:
+    OCSP_BASICRESP_free(bs);
+    sk_X509_free(extra_certs);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    return ret;
+}
+#endif
+
+int main(int argc, char *argv[])
+{
+    int testresult = 1;
+    BIO *err = NULL;
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        return 1;
+    }
+    if ((certstr = argv[1]) == NULL
+        || (privkeystr = argv[2]) == NULL)
+        return 1;
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifndef OPENSSL_NO_OCSP
+    ADD_TEST(test_resp_signer);
+#endif
+    testresult = run_tests(argv[0]);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 1;
+#endif
+    BIO_free(err);
+
+    if (!testresult)
+        printf("PASS\n");
+
+    return testresult;
+}
diff --git a/openssl-1.1.0h/test/p5_crpt2_test.c b/openssl-1.1.0h/test/p5_crpt2_test.c
new file mode 100644
index 0000000..4a40c26
--- /dev/null
+++ b/openssl-1.1.0h/test/p5_crpt2_test.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+typedef struct {
+    const char *pass;
+    int passlen;
+    const char *salt;
+    int saltlen;
+    int iter;
+} testdata;
+
+static testdata test_cases[] = {
+    {"password", 8, "salt", 4, 1},
+    {"password", 8, "salt", 4, 2},
+    {"password", 8, "salt", 4, 4096},
+    {"passwordPASSWORDpassword", 24,
+     "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096},
+    {"pass\0word", 9, "sa\0lt", 5, 4096},
+    {NULL},
+};
+
+static const char *sha1_results[] = {
+    "0c60c80f961f0e71f3a9b524af6012062fe037a6",
+    "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957",
+    "4b007901b765489abead49d926f721d065a429c1",
+    "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038",
+    "56fa6aa75548099dcc37d7f03425e0c3",
+};
+
+static const char *sha256_results[] = {
+    "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b",
+    "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43",
+    "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a",
+    "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c63551"
+        "8c7dac47e9",
+    "89b69d0516f829893c696226650a8687",
+};
+
+static const char *sha512_results[] = {
+    "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d47"
+        "0a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce",
+    "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab"
+        "2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e",
+    "d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30"
+        "602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5",
+    "8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59"
+        "f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8",
+    "9d9e9c4cd21fe4be24d5b8244c759665",
+};
+
+static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
+{
+    int i;
+    fprintf(f, "%s", title);
+    for (i = 0; i < l; i++) {
+        fprintf(f, "%02x", s[i]);
+    }
+    fprintf(f, "\n");
+}
+
+static void convert(unsigned char *dst, const unsigned char *src, int len)
+{
+    int i;
+    for (i = 0; i < len; i++, dst++, src += 2) {
+        unsigned int n;
+        sscanf((char *)src, "%2x", &n);
+        *dst = (unsigned char)n;
+    }
+    *dst = 0;
+}
+
+static void
+test_p5_pbkdf2(int i, char *digestname, testdata *test, const char *hex)
+{
+    const EVP_MD *digest;
+    unsigned char *out;
+    unsigned char *expected;
+    int keylen, r;
+
+    digest = EVP_get_digestbyname(digestname);
+    if (digest == NULL) {
+        fprintf(stderr, "unknown digest %s\n", digestname);
+        EXIT(5);
+    }
+
+    if ((strlen(hex) % 2) != 0) {
+        fprintf(stderr, "odd hex digest %s %i\n", digestname, i);
+        EXIT(5);
+    }
+    keylen = strlen(hex) / 2;
+    expected = OPENSSL_malloc(keylen + 1);
+    out = OPENSSL_malloc(keylen + 1);
+    if ((expected == NULL) || (out == NULL)) {
+        fprintf(stderr, "malloc() failed\n");
+        EXIT(5);
+    }
+    convert(expected, (const unsigned char *)hex, keylen);
+
+    r = PKCS5_PBKDF2_HMAC(test->pass, test->passlen,
+                          (const unsigned char *)test->salt, test->saltlen,
+                          test->iter, digest, keylen, out);
+
+    if (r == 0) {
+        fprintf(stderr, "PKCS5_PBKDF2_HMAC(%s) failure test %i\n",
+                digestname, i);
+        EXIT(3);
+    }
+    if (memcmp(expected, out, keylen) != 0) {
+        fprintf(stderr, "Wrong result for PKCS5_PBKDF2_HMAC(%s) test %i\n",
+                digestname, i);
+        hexdump(stderr, "expected: ", expected, keylen);
+        hexdump(stderr, "result:   ", out, keylen);
+        EXIT(2);
+    }
+    OPENSSL_free(expected);
+    OPENSSL_free(out);
+}
+
+int main(int argc, char **argv)
+{
+    int i;
+    testdata *test = test_cases;
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+
+    printf("PKCS5_PBKDF2_HMAC() tests ");
+    for (i = 0; test->pass != NULL; i++, test++) {
+        test_p5_pbkdf2(i, "sha1", test, sha1_results[i]);
+        test_p5_pbkdf2(i, "sha256", test, sha256_results[i]);
+        test_p5_pbkdf2(i, "sha512", test, sha512_results[i]);
+        printf(".");
+    }
+    printf(" done\n");
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+# endif
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/packettest.c b/openssl-1.1.0h/test/packettest.c
new file mode 100644
index 0000000..58fc752
--- /dev/null
+++ b/openssl-1.1.0h/test/packettest.c
@@ -0,0 +1,537 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl/packet_locl.h"
+
+#define BUF_LEN 255
+
+static int test_PACKET_remaining(unsigned char buf[BUF_LEN])
+{
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            ||  PACKET_remaining(&pkt) != BUF_LEN
+            || !PACKET_forward(&pkt, BUF_LEN - 1)
+            ||  PACKET_remaining(&pkt) != 1
+            || !PACKET_forward(&pkt, 1)
+            ||  PACKET_remaining(&pkt) != 0) {
+        fprintf(stderr, "test_PACKET_remaining() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_end(unsigned char buf[BUF_LEN])
+{
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            ||  PACKET_remaining(&pkt) != BUF_LEN
+            ||  PACKET_end(&pkt) != buf + BUF_LEN
+            || !PACKET_forward(&pkt, BUF_LEN - 1)
+            || PACKET_end(&pkt) != buf + BUF_LEN
+            || !PACKET_forward(&pkt, 1)
+            || PACKET_end(&pkt) != buf + BUF_LEN) {
+        fprintf(stderr, "test_PACKET_end() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_1(unsigned char buf[BUF_LEN])
+{
+    unsigned int i;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_1(&pkt, &i)
+            ||  i != 0x02
+            || !PACKET_forward(&pkt, BUF_LEN - 2)
+            || !PACKET_get_1(&pkt, &i)
+            ||  i != 0xfe
+            ||  PACKET_get_1(&pkt, &i)) {
+        fprintf(stderr, "test_PACKET_get_1() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_4(unsigned char buf[BUF_LEN])
+{
+    unsigned long i;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_4(&pkt, &i)
+            ||  i != 0x08060402UL
+            || !PACKET_forward(&pkt, BUF_LEN - 8)
+            || !PACKET_get_4(&pkt, &i)
+            ||  i != 0xfefcfaf8UL
+            ||  PACKET_get_4(&pkt, &i)) {
+        fprintf(stderr, "test_PACKET_get_4() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_net_2(unsigned char buf[BUF_LEN])
+{
+    unsigned int i;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_net_2(&pkt, &i)
+            ||  i != 0x0204
+            || !PACKET_forward(&pkt, BUF_LEN - 4)
+            || !PACKET_get_net_2(&pkt, &i)
+            ||  i != 0xfcfe
+            ||  PACKET_get_net_2(&pkt, &i)) {
+        fprintf(stderr, "test_PACKET_get_net_2() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_net_3(unsigned char buf[BUF_LEN])
+{
+    unsigned long i;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_net_3(&pkt, &i)
+            ||  i != 0x020406UL
+            || !PACKET_forward(&pkt, BUF_LEN - 6)
+            || !PACKET_get_net_3(&pkt, &i)
+            ||  i != 0xfafcfeUL
+            ||  PACKET_get_net_3(&pkt, &i)) {
+        fprintf(stderr, "test_PACKET_get_net_3() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_net_4(unsigned char buf[BUF_LEN])
+{
+    unsigned long i;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_net_4(&pkt, &i)
+            ||  i != 0x02040608UL
+            || !PACKET_forward(&pkt, BUF_LEN - 8)
+            || !PACKET_get_net_4(&pkt, &i)
+            ||  i != 0xf8fafcfeUL
+            ||  PACKET_get_net_4(&pkt, &i)) {
+        fprintf(stderr, "test_PACKET_get_net_4() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_sub_packet(unsigned char buf[BUF_LEN])
+{
+    PACKET pkt, subpkt;
+    unsigned long i;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_sub_packet(&pkt, &subpkt, 4)
+            || !PACKET_get_net_4(&subpkt, &i)
+            ||  i != 0x02040608UL
+            ||  PACKET_remaining(&subpkt)
+            || !PACKET_forward(&pkt, BUF_LEN - 8)
+            || !PACKET_get_sub_packet(&pkt, &subpkt, 4)
+            || !PACKET_get_net_4(&subpkt, &i)
+            ||  i != 0xf8fafcfeUL
+            ||  PACKET_remaining(&subpkt)
+            ||  PACKET_get_sub_packet(&pkt, &subpkt, 4)) {
+        fprintf(stderr, "test_PACKET_get_sub_packet() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_bytes(unsigned char buf[BUF_LEN])
+{
+    const unsigned char *bytes;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_get_bytes(&pkt, &bytes, 4)
+            ||  bytes[0] != 2 || bytes[1] != 4
+            ||  bytes[2] != 6 || bytes[3] != 8
+            ||  PACKET_remaining(&pkt) != BUF_LEN -4
+            || !PACKET_forward(&pkt, BUF_LEN - 8)
+            || !PACKET_get_bytes(&pkt, &bytes, 4)
+            ||  bytes[0] != 0xf8 || bytes[1] != 0xfa
+            ||  bytes[2] != 0xfc || bytes[3] != 0xfe
+            ||  PACKET_remaining(&pkt)) {
+        fprintf(stderr, "test_PACKET_get_bytes() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_copy_bytes(unsigned char buf[BUF_LEN])
+{
+    unsigned char bytes[4];
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_copy_bytes(&pkt, bytes, 4)
+            ||  bytes[0] != 2 || bytes[1] != 4
+            ||  bytes[2] != 6 || bytes[3] != 8
+            ||  PACKET_remaining(&pkt) != BUF_LEN - 4
+            || !PACKET_forward(&pkt, BUF_LEN - 8)
+            || !PACKET_copy_bytes(&pkt, bytes, 4)
+            ||  bytes[0] != 0xf8 || bytes[1] != 0xfa
+            ||  bytes[2] != 0xfc || bytes[3] != 0xfe
+            ||  PACKET_remaining(&pkt)) {
+        fprintf(stderr, "test_PACKET_copy_bytes() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_copy_all(unsigned char buf[BUF_LEN])
+{
+    unsigned char tmp[BUF_LEN];
+    PACKET pkt;
+    size_t len;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+               || !PACKET_copy_all(&pkt, tmp, BUF_LEN, &len)
+               || len != BUF_LEN
+               || memcmp(buf, tmp, BUF_LEN) != 0
+               || PACKET_remaining(&pkt) != BUF_LEN
+               || PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len)) {
+        fprintf(stderr, "test_PACKET_copy_bytes() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_memdup(unsigned char buf[BUF_LEN])
+{
+    unsigned char *data = NULL;
+    size_t len;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_memdup(&pkt, &data, &len)
+            ||  len != BUF_LEN
+            ||  memcmp(data, PACKET_data(&pkt), len)
+            || !PACKET_forward(&pkt, 10)
+            || !PACKET_memdup(&pkt, &data, &len)
+            ||  len != BUF_LEN - 10
+            ||  memcmp(data, PACKET_data(&pkt), len)) {
+        fprintf(stderr, "test_PACKET_memdup() failed\n");
+        OPENSSL_free(data);
+        return 0;
+    }
+
+    OPENSSL_free(data);
+    return 1;
+}
+
+static int test_PACKET_strndup()
+{
+    char buf[10], buf2[10];
+    char *data = NULL;
+    PACKET pkt;
+
+    memset(buf, 'x', 10);
+    memset(buf2, 'y', 10);
+    buf2[5] = '\0';
+
+    if (       !PACKET_buf_init(&pkt, (unsigned char*)buf, 10)
+            || !PACKET_strndup(&pkt, &data)
+            ||  strlen(data) != 10
+            ||  strncmp(data, buf, 10)
+            || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)
+            || !PACKET_strndup(&pkt, &data)
+            ||  strlen(data) != 5
+            ||  strcmp(data, buf2)) {
+        fprintf(stderr, "test_PACKET_strndup failed\n");
+        OPENSSL_free(data);
+        return 0;
+    }
+
+    OPENSSL_free(data);
+    return 1;
+}
+
+static int test_PACKET_contains_zero_byte()
+{
+    char buf[10], buf2[10];
+    PACKET pkt;
+
+    memset(buf, 'x', 10);
+    memset(buf2, 'y', 10);
+    buf2[5] = '\0';
+
+    if (       !PACKET_buf_init(&pkt, (unsigned char*)buf, 10)
+            ||  PACKET_contains_zero_byte(&pkt)
+            || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)
+            || !PACKET_contains_zero_byte(&pkt)) {
+        fprintf(stderr, "test_PACKET_contains_zero_byte failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_forward(unsigned char buf[BUF_LEN])
+{
+    const unsigned char *byte;
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_forward(&pkt, 1)
+            || !PACKET_get_bytes(&pkt, &byte, 1)
+            ||  byte[0] != 4
+            || !PACKET_forward(&pkt, BUF_LEN - 3)
+            || !PACKET_get_bytes(&pkt, &byte, 1)
+            ||  byte[0] != 0xfe) {
+        fprintf(stderr, "test_PACKET_forward() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_buf_init()
+{
+    unsigned char buf[BUF_LEN];
+    PACKET pkt;
+
+    /* Also tests PACKET_remaining() */
+    if (       !PACKET_buf_init(&pkt, buf, 4)
+            ||  PACKET_remaining(&pkt) != 4
+            || !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            ||  PACKET_remaining(&pkt) != BUF_LEN
+            ||  PACKET_buf_init(&pkt, buf, -1)) {
+        fprintf(stderr, "test_PACKET_buf_init() failed\n");
+        return 0;
+        }
+
+    return 1;
+}
+
+static int test_PACKET_null_init()
+{
+    PACKET pkt;
+
+    PACKET_null_init(&pkt);
+    if (       PACKET_remaining(&pkt) != 0
+            || PACKET_forward(&pkt, 1)) {
+        fprintf(stderr, "test_PACKET_null_init() failed\n");
+        return 0;
+        }
+
+    return 1;
+}
+
+static int test_PACKET_equal(unsigned char buf[BUF_LEN])
+{
+    PACKET pkt;
+
+    if (       !PACKET_buf_init(&pkt, buf, 4)
+            || !PACKET_equal(&pkt, buf, 4)
+            ||  PACKET_equal(&pkt, buf + 1, 4)
+            || !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_equal(&pkt, buf, BUF_LEN)
+            ||  PACKET_equal(&pkt, buf, BUF_LEN - 1)
+            ||  PACKET_equal(&pkt, buf, BUF_LEN + 1)
+            ||  PACKET_equal(&pkt, buf, 0)) {
+        fprintf(stderr, "test_PACKET_equal() failed\n");
+        return 0;
+        }
+
+    return 1;
+}
+
+static int test_PACKET_get_length_prefixed_1()
+{
+    unsigned char buf[BUF_LEN];
+    const size_t len = 16;
+    unsigned int i;
+    PACKET pkt, short_pkt, subpkt;
+
+    buf[0] = len;
+    for (i = 1; i < BUF_LEN; i++) {
+        buf[i] = (i * 2) & 0xff;
+    }
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_buf_init(&short_pkt, buf, len)
+            || !PACKET_get_length_prefixed_1(&pkt, &subpkt)
+            ||  PACKET_remaining(&subpkt) != len
+            || !PACKET_get_net_2(&subpkt, &i)
+            ||  i != 0x0204
+            ||  PACKET_get_length_prefixed_1(&short_pkt, &subpkt)
+            ||  PACKET_remaining(&short_pkt) != len) {
+        fprintf(stderr, "test_PACKET_get_length_prefixed_1() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_length_prefixed_2()
+{
+    unsigned char buf[1024];
+    const size_t len = 516;  /* 0x0204 */
+    unsigned int i;
+    PACKET pkt, short_pkt, subpkt;
+
+    for (i = 1; i <= 1024; i++) {
+        buf[i-1] = (i * 2) & 0xff;
+    }
+
+    if (       !PACKET_buf_init(&pkt, buf, 1024)
+            || !PACKET_buf_init(&short_pkt, buf, len)
+            || !PACKET_get_length_prefixed_2(&pkt, &subpkt)
+            ||  PACKET_remaining(&subpkt) != len
+            || !PACKET_get_net_2(&subpkt, &i)
+            ||  i != 0x0608
+            ||  PACKET_get_length_prefixed_2(&short_pkt, &subpkt)
+            ||  PACKET_remaining(&short_pkt) != len) {
+        fprintf(stderr, "test_PACKET_get_length_prefixed_2() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_get_length_prefixed_3()
+{
+    unsigned char buf[1024];
+    const size_t len = 516;  /* 0x000204 */
+    unsigned int i;
+    PACKET pkt, short_pkt, subpkt;
+
+    for (i = 0; i < 1024; i++) {
+        buf[i] = (i * 2) & 0xff;
+    }
+
+    if (       !PACKET_buf_init(&pkt, buf, 1024)
+            || !PACKET_buf_init(&short_pkt, buf, len)
+            || !PACKET_get_length_prefixed_3(&pkt, &subpkt)
+            ||  PACKET_remaining(&subpkt) != len
+            || !PACKET_get_net_2(&subpkt, &i)
+            ||  i != 0x0608
+            ||  PACKET_get_length_prefixed_3(&short_pkt, &subpkt)
+            ||  PACKET_remaining(&short_pkt) != len) {
+        fprintf(stderr, "test_PACKET_get_length_prefixed_3() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_as_length_prefixed_1()
+{
+    unsigned char buf[BUF_LEN];
+    const size_t len = 16;
+    unsigned int i;
+    PACKET pkt, exact_pkt, subpkt;
+
+    buf[0] = len;
+    for (i = 1; i < BUF_LEN; i++) {
+        buf[i] = (i * 2) & 0xff;
+    }
+
+    if (       !PACKET_buf_init(&pkt, buf, BUF_LEN)
+            || !PACKET_buf_init(&exact_pkt, buf, len + 1)
+            ||  PACKET_as_length_prefixed_1(&pkt, &subpkt)
+            ||  PACKET_remaining(&pkt) != BUF_LEN
+            || !PACKET_as_length_prefixed_1(&exact_pkt, &subpkt)
+            ||  PACKET_remaining(&exact_pkt) != 0
+            ||  PACKET_remaining(&subpkt) != len) {
+        fprintf(stderr, "test_PACKET_as_length_prefixed_1() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int test_PACKET_as_length_prefixed_2()
+{
+    unsigned char buf[1024];
+    const size_t len = 516;  /* 0x0204 */
+    unsigned int i;
+    PACKET pkt, exact_pkt, subpkt;
+
+    for (i = 1; i <= 1024; i++) {
+        buf[i-1] = (i * 2) & 0xff;
+    }
+
+    if (       !PACKET_buf_init(&pkt, buf, 1024)
+            || !PACKET_buf_init(&exact_pkt, buf, len + 2)
+            ||  PACKET_as_length_prefixed_2(&pkt, &subpkt)
+            ||  PACKET_remaining(&pkt) != 1024
+            || !PACKET_as_length_prefixed_2(&exact_pkt, &subpkt)
+            ||  PACKET_remaining(&exact_pkt) != 0
+            ||  PACKET_remaining(&subpkt) != len) {
+        fprintf(stderr, "test_PACKET_as_length_prefixed_2() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    unsigned char buf[BUF_LEN];
+    unsigned int i;
+
+    for (i=1; i<=BUF_LEN; i++) {
+        buf[i-1] = (i * 2) & 0xff;
+    }
+    i = 0;
+
+    if (       !test_PACKET_buf_init()
+            || !test_PACKET_null_init()
+            || !test_PACKET_remaining(buf)
+            || !test_PACKET_end(buf)
+            || !test_PACKET_equal(buf)
+            || !test_PACKET_get_1(buf)
+            || !test_PACKET_get_4(buf)
+            || !test_PACKET_get_net_2(buf)
+            || !test_PACKET_get_net_3(buf)
+            || !test_PACKET_get_net_4(buf)
+            || !test_PACKET_get_sub_packet(buf)
+            || !test_PACKET_get_bytes(buf)
+            || !test_PACKET_copy_bytes(buf)
+            || !test_PACKET_copy_all(buf)
+            || !test_PACKET_memdup(buf)
+            || !test_PACKET_strndup()
+            || !test_PACKET_contains_zero_byte()
+            || !test_PACKET_forward(buf)
+            || !test_PACKET_get_length_prefixed_1()
+            || !test_PACKET_get_length_prefixed_2()
+            || !test_PACKET_get_length_prefixed_3()
+            || !test_PACKET_as_length_prefixed_1()
+            || !test_PACKET_as_length_prefixed_2()) {
+        return 1;
+    }
+    printf("PASS\n");
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/pbelutest.c b/openssl-1.1.0h/test/pbelutest.c
new file mode 100644
index 0000000..e226d43
--- /dev/null
+++ b/openssl-1.1.0h/test/pbelutest.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include <stdio.h>
+#include <string.h>
+
+/*
+ * Password based encryption (PBE) table ordering test.
+ * Attempt to look up all supported algorithms.
+ */
+
+int main(int argc, char **argv)
+{
+    size_t i;
+    int rv = 0;
+    int pbe_type, pbe_nid;
+    int last_type = -1, last_nid = -1;
+    for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) {
+        if (EVP_PBE_find(pbe_type, pbe_nid, NULL, NULL, 0) == 0) {
+            rv = 1;
+            break;
+        }
+    }
+    if (rv == 0)
+        return 0;
+    /* Error: print out whole table */
+    for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) {
+        if (pbe_type > last_type)
+            rv = 0;
+        else if (pbe_type < last_type || pbe_nid < last_nid)
+            rv = 1;
+        else
+            rv = 0;
+        fprintf(stderr, "PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid,
+                OBJ_nid2sn(pbe_nid), rv ? "ERROR" : "OK");
+        last_type = pbe_type;
+        last_nid = pbe_nid;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/test/pkcs7-1.pem b/openssl-1.1.0h/test/pkcs7-1.pem
new file mode 100644
index 0000000..c47b27a
--- /dev/null
+++ b/openssl-1.1.0h/test/pkcs7-1.pem
@@ -0,0 +1,15 @@
+-----BEGIN PKCS7-----
+MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
+SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
+AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
+eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
+MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
+bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
+ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
+FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
+9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
+BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
+bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
+BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
+j7Kie1x339mxW/w9VZNTUDQQweHh
+-----END PKCS7-----
diff --git a/openssl-1.1.0h/test/pkcs7.pem b/openssl-1.1.0h/test/pkcs7.pem
new file mode 100644
index 0000000..d55c60b
--- /dev/null
+++ b/openssl-1.1.0h/test/pkcs7.pem
@@ -0,0 +1,54 @@
+     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
+     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
+     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
+     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
+     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
+     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
+     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
+     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
+     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
+     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
+     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
+     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
+     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
+     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
+     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
+     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
+     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
+     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
+     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
+     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
+     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
+     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
+     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
+     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
+     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
+     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
+     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
+     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
+     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
+     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
+     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
+     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
+     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
+     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
+     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
+     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
+     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
+     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
+     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
+     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
+     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
+     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
+     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
+     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
+     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
+     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
+     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
+     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
+     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
+     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
+     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
+     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/openssl-1.1.0h/test/pkits-test.pl b/openssl-1.1.0h/test/pkits-test.pl
new file mode 100644
index 0000000..ae7279c
--- /dev/null
+++ b/openssl-1.1.0h/test/pkits-test.pl
@@ -0,0 +1,905 @@
+#! /usr/bin/env perl
+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl utility to run PKITS tests for RFC3280 compliance. 
+
+my $ossl_path;
+
+if ( -f "../apps/openssl" ) {
+    $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+}
+elsif ( -f "..\\out32dll\\openssl.exe" ) {
+    $ossl_path = "..\\out32dll\\openssl.exe";
+}
+elsif ( -f "..\\out32\\openssl.exe" ) {
+    $ossl_path = "..\\out32\\openssl.exe";
+}
+else {
+    die "Can't find OpenSSL executable";
+}
+
+my $pkitsdir = "pkits/smime";
+my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
+
+die "Can't find PKITS test data" if !-d $pkitsdir;
+
+my $nist1 = "2.16.840.1.101.3.2.1.48.1";
+my $nist2 = "2.16.840.1.101.3.2.1.48.2";
+my $nist3 = "2.16.840.1.101.3.2.1.48.3";
+my $nist4 = "2.16.840.1.101.3.2.1.48.4";
+my $nist5 = "2.16.840.1.101.3.2.1.48.5";
+my $nist6 = "2.16.840.1.101.3.2.1.48.6";
+
+my $apolicy = "X509v3 Any Policy";
+
+# This table contains the chapter headings of the accompanying PKITS
+# document. They provide useful informational output and their names
+# can be converted into the filename to test.
+
+my @testlists = (
+    [ "4.1", "Signature Verification" ],
+    [ "4.1.1", "Valid Signatures Test1",                        0 ],
+    [ "4.1.2", "Invalid CA Signature Test2",                    7 ],
+    [ "4.1.3", "Invalid EE Signature Test3",                    7 ],
+    [ "4.1.4", "Valid DSA Signatures Test4",                    0 ],
+    [ "4.1.5", "Valid DSA Parameter Inheritance Test5",         0 ],
+    [ "4.1.6", "Invalid DSA Signature Test6",                   7 ],
+    [ "4.2",   "Validity Periods" ],
+    [ "4.2.1", "Invalid CA notBefore Date Test1",               9 ],
+    [ "4.2.2", "Invalid EE notBefore Date Test2",               9 ],
+    [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3",        0 ],
+    [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4",    0 ],
+    [ "4.2.5", "Invalid CA notAfter Date Test5",                10 ],
+    [ "4.2.6", "Invalid EE notAfter Date Test6",                10 ],
+    [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",    10 ],
+    [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8",     0 ],
+    [ "4.3",   "Verifying Name Chaining" ],
+    [ "4.3.1", "Invalid Name Chaining EE Test1",                20 ],
+    [ "4.3.2", "Invalid Name Chaining Order Test2",             20 ],
+    [ "4.3.3", "Valid Name Chaining Whitespace Test3",          0 ],
+    [ "4.3.4", "Valid Name Chaining Whitespace Test4",          0 ],
+    [ "4.3.5", "Valid Name Chaining Capitalization Test5",      0 ],
+    [ "4.3.6", "Valid Name Chaining UIDs Test6",                0 ],
+    [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
+    [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  0 ],
+    [ "4.3.9", "Valid UTF8String Encoded Names Test9",          0 ],
+    [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
+    [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11",           0 ],
+    [ "4.4",    "Basic Certificate Revocation Tests" ],
+    [ "4.4.1",  "Missing CRL Test1",                                        3 ],
+    [ "4.4.2", "Invalid Revoked CA Test2",          23 ],
+    [ "4.4.3", "Invalid Revoked EE Test3",          23 ],
+    [ "4.4.4", "Invalid Bad CRL Signature Test4",   8 ],
+    [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
+    [ "4.4.6", "Invalid Wrong CRL Test6",           3 ],
+    [ "4.4.7", "Valid Two CRLs Test7",              0 ],
+
+    # The test document suggests these should return certificate revoked...
+    # Subsquent discussion has concluded they should not due to unhandle
+    # critical CRL extensions.
+    [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
+    [ "4.4.9", "Invalid Unknown CRL Extension Test9",       36 ],
+
+    [ "4.4.10", "Invalid Unknown CRL Extension Test10",             36 ],
+    [ "4.4.11", "Invalid Old CRL nextUpdate Test11",                12 ],
+    [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",            12 ],
+    [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13",      0 ],
+    [ "4.4.14", "Valid Negative Serial Number Test14",              0 ],
+    [ "4.4.15", "Invalid Negative Serial Number Test15",            23 ],
+    [ "4.4.16", "Valid Long Serial Number Test16",                  0 ],
+    [ "4.4.17", "Valid Long Serial Number Test17",                  0 ],
+    [ "4.4.18", "Invalid Long Serial Number Test18",                23 ],
+    [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   0 ],
+    [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
+
+    # CRL path is revoked so get a CRL path validation error
+    [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21",      54 ],
+    [ "4.5",    "Verifying Paths with Self-Issued Certificates" ],
+    [ "4.5.1",  "Valid Basic Self-Issued Old With New Test1",            0 ],
+    [ "4.5.2",  "Invalid Basic Self-Issued Old With New Test2",          23 ],
+    [ "4.5.3",  "Valid Basic Self-Issued New With Old Test3",            0 ],
+    [ "4.5.4",  "Valid Basic Self-Issued New With Old Test4",            0 ],
+    [ "4.5.5",  "Invalid Basic Self-Issued New With Old Test5",          23 ],
+    [ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6",         0 ],
+    [ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",       23 ],
+    [ "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",       20 ],
+    [ "4.6",    "Verifying Basic Constraints" ],
+    [ "4.6.1",  "Invalid Missing basicConstraints Test1",                24 ],
+    [ "4.6.2",  "Invalid cA False Test2",                                24 ],
+    [ "4.6.3",  "Invalid cA False Test3",                                24 ],
+    [ "4.6.4",  "Valid basicConstraints Not Critical Test4",             0 ],
+    [ "4.6.5",  "Invalid pathLenConstraint Test5",                       25 ],
+    [ "4.6.6",  "Invalid pathLenConstraint Test6",                       25 ],
+    [ "4.6.7",  "Valid pathLenConstraint Test7",                         0 ],
+    [ "4.6.8",  "Valid pathLenConstraint Test8",                         0 ],
+    [ "4.6.9",  "Invalid pathLenConstraint Test9",                       25 ],
+    [ "4.6.10", "Invalid pathLenConstraint Test10",                      25 ],
+    [ "4.6.11", "Invalid pathLenConstraint Test11",                      25 ],
+    [ "4.6.12", "Invalid pathLenConstraint Test12",                      25 ],
+    [ "4.6.13", "Valid pathLenConstraint Test13",                        0 ],
+    [ "4.6.14", "Valid pathLenConstraint Test14",                        0 ],
+    [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15",            0 ],
+    [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",          25 ],
+    [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17",            0 ],
+    [ "4.7",    "Key Usage" ],
+    [ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",     20 ],
+    [ "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
+    [ "4.7.3",  "Valid keyUsage Not Critical Test3",                     0 ],
+    [ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",         35 ],
+    [ "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",     35 ],
+
+    # Certificate policy tests need special handling. They can have several
+    # sub tests and we need to check the outputs are correct.
+
+    [ "4.8", "Certificate Policies" ],
+    [
+        "4.8.1.1",
+        "All Certificates Same Policy Test1",
+        "-policy anyPolicy -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.1.2",
+        "All Certificates Same Policy Test1",
+        "-policy $nist1 -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.1.3",
+        "All Certificates Same Policy Test1",
+        "-policy $nist2 -explicit_policy",
+        "True", $nist1, "<empty>", 43
+    ],
+    [
+        "4.8.1.4",
+        "All Certificates Same Policy Test1",
+        "-policy $nist1 -policy $nist2 -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.2.1",
+        "All Certificates No Policies Test2",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.8.2.2",
+        "All Certificates No Policies Test2",
+        "-policy anyPolicy -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.3.1",
+        "Different Policies Test3",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.8.3.2",
+        "Different Policies Test3",
+        "-policy anyPolicy -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.3.3",
+        "Different Policies Test3",
+        "-policy $nist1 -policy $nist2 -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+
+    [
+        "4.8.4",
+        "Different Policies Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.5",
+        "Different Policies Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.6.1",
+        "Overlapping Policies Test6",
+        "-policy anyPolicy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.6.2",
+        "Overlapping Policies Test6",
+        "-policy $nist1",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.6.3",
+        "Overlapping Policies Test6",
+        "-policy $nist2",
+        "True", $nist1, "<empty>", 43
+    ],
+    [
+        "4.8.7",
+        "Different Policies Test7",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.8",
+        "Different Policies Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.9",
+        "Different Policies Test9",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.10.1",
+        "All Certificates Same Policies Test10",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+    [
+        "4.8.10.2",
+        "All Certificates Same Policies Test10",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.8.10.3",
+        "All Certificates Same Policies Test10",
+        "-policy anyPolicy",
+        "True", "$nist1:$nist2", "$nist1:$nist2", 0
+    ],
+    [
+        "4.8.11.1",
+        "All Certificates AnyPolicy Test11",
+        "-policy anyPolicy",
+        "True", "$apolicy", "$apolicy", 0
+    ],
+    [
+        "4.8.11.2",
+        "All Certificates AnyPolicy Test11",
+        "-policy $nist1",
+        "True", "$apolicy", "$nist1", 0
+    ],
+    [
+        "4.8.12",
+        "Different Policies Test12",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.13.1",
+        "All Certificates Same Policies Test13",
+        "-policy $nist1",
+        "True", "$nist1:$nist2:$nist3", "$nist1", 0
+    ],
+    [
+        "4.8.13.2",
+        "All Certificates Same Policies Test13",
+        "-policy $nist2",
+        "True", "$nist1:$nist2:$nist3", "$nist2", 0
+    ],
+    [
+        "4.8.13.3",
+        "All Certificates Same Policies Test13",
+        "-policy $nist3",
+        "True", "$nist1:$nist2:$nist3", "$nist3", 0
+    ],
+    [
+        "4.8.14.1",       "AnyPolicy Test14",
+        "-policy $nist1", "True",
+        "$nist1",         "$nist1",
+        0
+    ],
+    [
+        "4.8.14.2",       "AnyPolicy Test14",
+        "-policy $nist2", "True",
+        "$nist1",         "<empty>",
+        43
+    ],
+    [
+        "4.8.15",
+        "User Notice Qualifier Test15",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.16",
+        "User Notice Qualifier Test16",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.17",
+        "User Notice Qualifier Test17",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.18.1",
+        "User Notice Qualifier Test18",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+    [
+        "4.8.18.2",
+        "User Notice Qualifier Test18",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.8.19",
+        "User Notice Qualifier Test19",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.20",
+        "CPS Pointer Qualifier Test20",
+        "-policy anyPolicy -explicit_policy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [ "4.9", "Require Explicit Policy" ],
+    [
+        "4.9.1",
+        "Valid RequireExplicitPolicy Test1",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.2",
+        "Valid RequireExplicitPolicy Test2",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.3",
+        "Invalid RequireExplicitPolicy Test3",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.4",
+        "Valid RequireExplicitPolicy Test4",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.9.5",
+        "Invalid RequireExplicitPolicy Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.6",
+        "Valid Self-Issued requireExplicitPolicy Test6",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.7",
+        "Invalid Self-Issued requireExplicitPolicy Test7",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.8",
+        "Invalid Self-Issued requireExplicitPolicy Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.10", "Policy Mappings" ],
+    [
+        "4.10.1.1",
+        "Valid Policy Mapping Test1",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.1.2",
+        "Valid Policy Mapping Test1",
+        "-policy $nist2",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [
+        "4.10.1.3",
+        "Valid Policy Mapping Test1",
+        "-policy anyPolicy -inhibit_map",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.2.1",
+        "Invalid Policy Mapping Test2",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.2.2",
+        "Invalid Policy Mapping Test2",
+        "-policy anyPolicy -inhibit_map",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.3.1",
+        "Valid Policy Mapping Test3",
+        "-policy $nist1",
+        "True", "$nist2", "<empty>", 43
+    ],
+    [
+        "4.10.3.2",
+        "Valid Policy Mapping Test3",
+        "-policy $nist2",
+        "True", "$nist2", "$nist2", 0
+    ],
+    [
+        "4.10.4",
+        "Invalid Policy Mapping Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.5.1",
+        "Valid Policy Mapping Test5",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.5.2",
+        "Valid Policy Mapping Test5",
+        "-policy $nist6",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [
+        "4.10.6.1",
+        "Valid Policy Mapping Test6",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.6.2",
+        "Valid Policy Mapping Test6",
+        "-policy $nist6",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
+    [ "4.10.8", "Invalid Mapping To anyPolicy Test8",   42 ],
+    [
+        "4.10.9",
+        "Valid Policy Mapping Test9",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.10",
+        "Invalid Policy Mapping Test10",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.11",
+        "Valid Policy Mapping Test11",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.12.1",
+        "Valid Policy Mapping Test12",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.12.2",
+        "Valid Policy Mapping Test12",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.10.13",
+        "Valid Policy Mapping Test13",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.14",
+        "Valid Policy Mapping Test14",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [ "4.11", "Inhibit Policy Mapping" ],
+    [
+        "4.11.1",
+        "Invalid inhibitPolicyMapping Test1",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.2",
+        "Valid inhibitPolicyMapping Test2",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.11.3",
+        "Invalid inhibitPolicyMapping Test3",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.4",
+        "Valid inhibitPolicyMapping Test4",
+        "-policy anyPolicy",
+        "True", "$nist2", "$nist2", 0
+    ],
+    [
+        "4.11.5",
+        "Invalid inhibitPolicyMapping Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.6",
+        "Invalid inhibitPolicyMapping Test6",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.7",
+        "Valid Self-Issued inhibitPolicyMapping Test7",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.11.8",
+        "Invalid Self-Issued inhibitPolicyMapping Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.9",
+        "Invalid Self-Issued inhibitPolicyMapping Test9",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.10",
+        "Invalid Self-Issued inhibitPolicyMapping Test10",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.11",
+        "Invalid Self-Issued inhibitPolicyMapping Test11",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.12", "Inhibit Any Policy" ],
+    [
+        "4.12.1",
+        "Invalid inhibitAnyPolicy Test1",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.2",
+        "Valid inhibitAnyPolicy Test2",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.12.3.1",
+        "inhibitAnyPolicy Test3",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.12.3.2",
+        "inhibitAnyPolicy Test3",
+        "-policy anyPolicy -inhibit_any",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.4",
+        "Invalid inhibitAnyPolicy Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.5",
+        "Invalid inhibitAnyPolicy Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.6",
+        "Invalid inhibitAnyPolicy Test6",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.12.7",  "Valid Self-Issued inhibitAnyPolicy Test7",      0 ],
+    [ "4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 ],
+    [ "4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      0 ],
+    [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 ],
+    [ "4.13",    "Name Constraints" ],
+    [ "4.13.1",  "Valid DN nameConstraints Test1",                0 ],
+    [ "4.13.2",  "Invalid DN nameConstraints Test2",              47 ],
+    [ "4.13.3",  "Invalid DN nameConstraints Test3",              47 ],
+    [ "4.13.4",  "Valid DN nameConstraints Test4",                0 ],
+    [ "4.13.5",  "Valid DN nameConstraints Test5",                0 ],
+    [ "4.13.6",  "Valid DN nameConstraints Test6",                0 ],
+    [ "4.13.7",  "Invalid DN nameConstraints Test7",              48 ],
+    [ "4.13.8",  "Invalid DN nameConstraints Test8",              48 ],
+    [ "4.13.9",  "Invalid DN nameConstraints Test9",              48 ],
+    [ "4.13.10", "Invalid DN nameConstraints Test10",             48 ],
+    [ "4.13.11", "Valid DN nameConstraints Test11",               0 ],
+    [ "4.13.12", "Invalid DN nameConstraints Test12",             47 ],
+    [ "4.13.13", "Invalid DN nameConstraints Test13",             47 ],
+    [ "4.13.14", "Valid DN nameConstraints Test14",               0 ],
+    [ "4.13.15", "Invalid DN nameConstraints Test15",             48 ],
+    [ "4.13.16", "Invalid DN nameConstraints Test16",             48 ],
+    [ "4.13.17", "Invalid DN nameConstraints Test17",             48 ],
+    [ "4.13.18", "Valid DN nameConstraints Test18",               0 ],
+    [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19",   0 ],
+    [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
+    [ "4.13.21", "Valid RFC822 nameConstraints Test21",           0 ],
+    [ "4.13.22", "Invalid RFC822 nameConstraints Test22",         47 ],
+    [ "4.13.23", "Valid RFC822 nameConstraints Test23",           0 ],
+    [ "4.13.24", "Invalid RFC822 nameConstraints Test24",         47 ],
+    [ "4.13.25", "Valid RFC822 nameConstraints Test25",           0 ],
+    [ "4.13.26", "Invalid RFC822 nameConstraints Test26",         48 ],
+    [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27",    0 ],
+    [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",  47 ],
+    [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",  47 ],
+    [ "4.13.30", "Valid DNS nameConstraints Test30",              0 ],
+    [ "4.13.31", "Invalid DNS nameConstraints Test31",            47 ],
+    [ "4.13.32", "Valid DNS nameConstraints Test32",              0 ],
+    [ "4.13.33", "Invalid DNS nameConstraints Test33",            48 ],
+    [ "4.13.34", "Valid URI nameConstraints Test34",              0 ],
+    [ "4.13.35", "Invalid URI nameConstraints Test35",            47 ],
+    [ "4.13.36", "Valid URI nameConstraints Test36",              0 ],
+    [ "4.13.37", "Invalid URI nameConstraints Test37",            48 ],
+    [ "4.13.38", "Invalid DNS nameConstraints Test38",            47 ],
+    [ "4.14",    "Distribution Points" ],
+    [ "4.14.1",  "Valid distributionPoint Test1",                 0 ],
+    [ "4.14.2",  "Invalid distributionPoint Test2",               23 ],
+    [ "4.14.3",  "Invalid distributionPoint Test3",               44 ],
+    [ "4.14.4",  "Valid distributionPoint Test4",                 0 ],
+    [ "4.14.5",  "Valid distributionPoint Test5",                 0 ],
+    [ "4.14.6",  "Invalid distributionPoint Test6",               23 ],
+    [ "4.14.7",  "Valid distributionPoint Test7",                 0 ],
+    [ "4.14.8",  "Invalid distributionPoint Test8",               44 ],
+    [ "4.14.9",  "Invalid distributionPoint Test9",               44 ],
+    [ "4.14.10", "Valid No issuingDistributionPoint Test10",      0 ],
+    [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",      44 ],
+    [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12",        44 ],
+    [ "4.14.13", "Valid onlyContainsCACerts CRL Test13",          0 ],
+    [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14",     44 ],
+    [ "4.14.15", "Invalid onlySomeReasons Test15",                23 ],
+    [ "4.14.16", "Invalid onlySomeReasons Test16",                23 ],
+    [ "4.14.17", "Invalid onlySomeReasons Test17",                3 ],
+    [ "4.14.18", "Valid onlySomeReasons Test18",                  0 ],
+    [ "4.14.19", "Valid onlySomeReasons Test19",                  0 ],
+    [ "4.14.20", "Invalid onlySomeReasons Test20",                23 ],
+    [ "4.14.21", "Invalid onlySomeReasons Test21",                23 ],
+    [ "4.14.22", "Valid IDP with indirectCRL Test22",             0 ],
+    [ "4.14.23", "Invalid IDP with indirectCRL Test23",           23 ],
+    [ "4.14.24", "Valid IDP with indirectCRL Test24",             0 ],
+    [ "4.14.25", "Valid IDP with indirectCRL Test25",             0 ],
+    [ "4.14.26", "Invalid IDP with indirectCRL Test26",           44 ],
+    [ "4.14.27", "Invalid cRLIssuer Test27",                      3 ],
+    [ "4.14.28", "Valid cRLIssuer Test28",                        0 ],
+    [ "4.14.29", "Valid cRLIssuer Test29",                        0 ],
+
+    # Although this test is valid it has a circular dependency. As a result
+    # an attempt is made to reursively checks a CRL path and rejected due to
+    # a CRL path validation error. PKITS notes suggest this test does not
+    # need to be run due to this issue.
+    [ "4.14.30", "Valid cRLIssuer Test30",                                 54 ],
+    [ "4.14.31", "Invalid cRLIssuer Test31",                               23 ],
+    [ "4.14.32", "Invalid cRLIssuer Test32",                               23 ],
+    [ "4.14.33", "Valid cRLIssuer Test33",                                 0 ],
+    [ "4.14.34", "Invalid cRLIssuer Test34",                               23 ],
+    [ "4.14.35", "Invalid cRLIssuer Test35",                               44 ],
+    [ "4.15",    "Delta-CRLs" ],
+    [ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",                3 ],
+    [ "4.15.2",  "Valid delta-CRL Test2",                                  0 ],
+    [ "4.15.3",  "Invalid delta-CRL Test3",                                23 ],
+    [ "4.15.4",  "Invalid delta-CRL Test4",                                23 ],
+    [ "4.15.5",  "Valid delta-CRL Test5",                                  0 ],
+    [ "4.15.6",  "Invalid delta-CRL Test6",                                23 ],
+    [ "4.15.7",  "Valid delta-CRL Test7",                                  0 ],
+    [ "4.15.8",  "Valid delta-CRL Test8",                                  0 ],
+    [ "4.15.9",  "Invalid delta-CRL Test9",                                23 ],
+    [ "4.15.10", "Invalid delta-CRL Test10",                               12 ],
+    [ "4.16",    "Private Certificate Extensions" ],
+    [ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
+    [ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",   34 ],
+);
+
+
+my $verbose = 1;
+
+my $numtest = 0;
+my $numfail = 0;
+
+my $ossl = "ossl/apps/openssl";
+
+my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
+$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
+
+# Check for expiry of trust anchor
+system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
+if ($? == 256)
+	{
+	print STDERR "WARNING: using older expired data\n";
+	$ossl_cmd .= "-attime 1291940972 ";
+	}
+
+$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
+
+system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
+
+die "Can't create trust anchor file" if $?;
+
+print "Running PKITS tests:\n" if $verbose;
+
+foreach (@testlists) {
+    my $argnum = @$_;
+    if ( $argnum == 2 ) {
+        my ( $tnum, $title ) = @$_;
+        print "$tnum $title\n" if $verbose;
+    }
+    elsif ( $argnum == 3 ) {
+        my ( $tnum, $title, $exp_ret ) = @$_;
+        my $filename = $title;
+        $exp_ret += 32 if $exp_ret;
+        $filename =~ tr/ -//d;
+        $filename = "Signed${filename}.eml";
+        if ( !-f "$pkitsdir/$filename" ) {
+            print "\"$filename\" not found\n";
+        }
+        else {
+            my $ret;
+            my $test_fail = 0;
+            my $errmsg    = "";
+            my $cmd       = $ossl_cmd;
+            $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
+            my $cmdout = `$cmd`;
+            $ret = $? >> 8;
+            if ( $? & 0xff ) {
+                $errmsg .= "Abnormal OpenSSL termination\n";
+                $test_fail = 1;
+            }
+            if ( $exp_ret != $ret ) {
+                $errmsg .= "Return code:$ret, ";
+                $errmsg .= "expected $exp_ret\n";
+                $test_fail = 1;
+            }
+            if ($test_fail) {
+                print "$tnum $title : Failed!\n";
+                print "Filename: $pkitsdir/$filename\n";
+                print $errmsg;
+                print "Command output:\n$cmdout\n";
+                $numfail++;
+            }
+            $numtest++;
+        }
+    }
+    elsif ( $argnum == 7 ) {
+        my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
+          = @$_;
+        my $filename = $title;
+        $exp_ret += 32 if $exp_ret;
+        $filename =~ tr/ -//d;
+        $filename = "Signed${filename}.eml";
+        if ( !-f "$pkitsdir/$filename" ) {
+            print "\"$filename\" not found\n";
+        }
+        else {
+            my $ret;
+            my $cmdout    = "";
+            my $errmsg    = "";
+            my $epol      = "";
+            my $aset      = "";
+            my $uset      = "";
+            my $pol       = -1;
+            my $test_fail = 0;
+            my $cmd       = $ossl_cmd;
+            $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
+            @oparr = `$cmd`;
+            $ret   = $? >> 8;
+
+            if ( $? & 0xff ) {
+                $errmsg .= "Abnormal OpenSSL termination\n";
+                $test_fail = 1;
+            }
+            foreach (@oparr) {
+                my $test_failed = 0;
+                $cmdout .= $_;
+                if (/^Require explicit Policy: (.*)$/) {
+                    $epol = $1;
+                }
+                if (/^Authority Policies/) {
+                    if (/empty/) {
+                        $aset = "<empty>";
+                    }
+                    else {
+                        $pol = 1;
+                    }
+                }
+                $test_fail = 1 if (/leak/i);
+                if (/^User Policies/) {
+                    if (/empty/) {
+                        $uset = "<empty>";
+                    }
+                    else {
+                        $pol = 2;
+                    }
+                }
+                if (/\s+Policy: (.*)$/) {
+                    if ( $pol == 1 ) {
+                        $aset .= ":" if $aset ne "";
+                        $aset .= $1;
+                    }
+                    elsif ( $pol == 2 ) {
+                        $uset .= ":" if $uset ne "";
+                        $uset .= $1;
+                    }
+                }
+            }
+
+            if ( $epol ne $exp_epol ) {
+                $errmsg .= "Explicit policy:$epol, ";
+                $errmsg .= "expected $exp_epol\n";
+                $test_fail = 1;
+            }
+            if ( $aset ne $exp_aset ) {
+                $errmsg .= "Authority policy set :$aset, ";
+                $errmsg .= "expected $exp_aset\n";
+                $test_fail = 1;
+            }
+            if ( $uset ne $exp_uset ) {
+                $errmsg .= "User policy set :$uset, ";
+                $errmsg .= "expected $exp_uset\n";
+                $test_fail = 1;
+            }
+
+            if ( $exp_ret != $ret ) {
+                print "Return code:$ret, expected $exp_ret\n";
+                $test_fail = 1;
+            }
+
+            if ($test_fail) {
+                print "$tnum $title : Failed!\n";
+                print "Filename: $pkitsdir/$filename\n";
+                print "Command output:\n$cmdout\n";
+                $numfail++;
+            }
+            $numtest++;
+        }
+    }
+}
+
+if ($numfail) {
+    print "$numfail tests failed out of $numtest\n";
+}
+else {
+    print "All Tests Successful.\n";
+}
+
+unlink "pkitsta.pem";
+
diff --git a/openssl-1.1.0h/test/r160test.c b/openssl-1.1.0h/test/r160test.c
new file mode 100644
index 0000000..06033eb
--- /dev/null
+++ b/openssl-1.1.0h/test/r160test.c
@@ -0,0 +1,9 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
diff --git a/openssl-1.1.0h/test/randtest.c b/openssl-1.1.0h/test/randtest.c
new file mode 100644
index 0000000..9f7a037
--- /dev/null
+++ b/openssl-1.1.0h/test/randtest.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+
+#include "../e_os.h"
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+int main(int argc, char **argv)
+{
+    unsigned char buf[2500];
+    int i, j, k, s, sign, nsign, err = 0;
+    unsigned long n1;
+    unsigned long n2[16];
+    unsigned long runs[2][34];
+    /*
+     * double d;
+     */
+    long d;
+
+    i = RAND_bytes(buf, 2500);
+    if (i <= 0) {
+        printf("init failed, the rand method is not properly installed\n");
+        err++;
+        goto err;
+    }
+
+    n1 = 0;
+    for (i = 0; i < 16; i++)
+        n2[i] = 0;
+    for (i = 0; i < 34; i++)
+        runs[0][i] = runs[1][i] = 0;
+
+    /* test 1 and 2 */
+    sign = 0;
+    nsign = 0;
+    for (i = 0; i < 2500; i++) {
+        j = buf[i];
+
+        n2[j & 0x0f]++;
+        n2[(j >> 4) & 0x0f]++;
+
+        for (k = 0; k < 8; k++) {
+            s = (j & 0x01);
+            if (s == sign)
+                nsign++;
+            else {
+                if (nsign > 34)
+                    nsign = 34;
+                if (nsign != 0) {
+                    runs[sign][nsign - 1]++;
+                    if (nsign > 6)
+                        runs[sign][5]++;
+                }
+                sign = s;
+                nsign = 1;
+            }
+
+            if (s)
+                n1++;
+            j >>= 1;
+        }
+    }
+    if (nsign > 34)
+        nsign = 34;
+    if (nsign != 0)
+        runs[sign][nsign - 1]++;
+
+    /* test 1 */
+    if (!((9654 < n1) && (n1 < 10346))) {
+        printf("test 1 failed, X=%lu\n", n1);
+        err++;
+    }
+    printf("test 1 done\n");
+
+    /* test 2 */
+    d = 0;
+    for (i = 0; i < 16; i++)
+        d += n2[i] * n2[i];
+    d = (d * 8) / 25 - 500000;
+    if (!((103 < d) && (d < 5740))) {
+        printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L);
+        err++;
+    }
+    printf("test 2 done\n");
+
+    /* test 3 */
+    for (i = 0; i < 2; i++) {
+        if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 1, runs[i][0]);
+            err++;
+        }
+        if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 2, runs[i][1]);
+            err++;
+        }
+        if (!((502 < runs[i][2]) && (runs[i][2] < 748))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 3, runs[i][2]);
+            err++;
+        }
+        if (!((223 < runs[i][3]) && (runs[i][3] < 402))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 4, runs[i][3]);
+            err++;
+        }
+        if (!((90 < runs[i][4]) && (runs[i][4] < 223))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 5, runs[i][4]);
+            err++;
+        }
+        if (!((90 < runs[i][5]) && (runs[i][5] < 223))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 6, runs[i][5]);
+            err++;
+        }
+    }
+    printf("test 3 done\n");
+
+    /* test 4 */
+    if (runs[0][33] != 0) {
+        printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]);
+        err++;
+    }
+    if (runs[1][33] != 0) {
+        printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]);
+        err++;
+    }
+    printf("test 4 done\n");
+ err:
+    err = ((err) ? 1 : 0);
+    EXIT(err);
+}
diff --git a/openssl-1.1.0h/test/rc2test.c b/openssl-1.1.0h/test/rc2test.c
new file mode 100644
index 0000000..2d0a01d
--- /dev/null
+++ b/openssl-1.1.0h/test/rc2test.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return (0);
+}
+#else
+# include <openssl/rc2.h>
+
+static unsigned char RC2key[4][16] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+     0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F},
+};
+
+static unsigned char RC2plain[4][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+};
+
+static unsigned char RC2cipher[4][8] = {
+    {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7},
+    {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74},
+    {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E},
+    {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31},
+};
+
+int main(int argc, char *argv[])
+{
+    int i, n, err = 0;
+    RC2_KEY key;
+    unsigned char buf[8], buf2[8];
+
+    for (n = 0; n < 4; n++) {
+        RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ );
+
+        RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT);
+        if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) {
+            printf("ecb rc2 error encrypting\n");
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", RC2cipher[n][i]);
+            err = 20;
+            printf("\n");
+        }
+
+        RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT);
+        if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) {
+            printf("ecb RC2 error decrypting\n");
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", RC2plain[n][i]);
+            printf("\n");
+            err = 3;
+        }
+    }
+
+    if (err == 0)
+        printf("ecb RC2 ok\n");
+
+    EXIT(err);
+}
+
+#endif
diff --git a/openssl-1.1.0h/test/rc4test.c b/openssl-1.1.0h/test/rc4test.c
new file mode 100644
index 0000000..7a77b82
--- /dev/null
+++ b/openssl-1.1.0h/test/rc4test.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return (0);
+}
+#else
+# include <openssl/rc4.h>
+# include <openssl/sha.h>
+
+static unsigned char keys[7][30] = {
+    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+    {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {4, 0xef, 0x01, 0x23, 0x45},
+    {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+    {4, 0xef, 0x01, 0x23, 0x45},
+};
+
+static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 };
+
+static unsigned char data[7][30] = {
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff},
+    {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+     0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+     0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+     0x12, 0x34, 0x56, 0x78, 0xff},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+    {0},
+};
+
+static unsigned char output[7][30] = {
+    {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00},
+    {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00},
+    {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00},
+    {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
+     0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba,
+     0x36, 0xb6, 0x78, 0x58, 0x00},
+    {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89,
+     0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c,
+     0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87,
+     0x40, 0x01, 0x1e, 0xcf, 0x00},
+    {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00},
+    {0},
+};
+
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    int j;
+    unsigned char *p;
+    RC4_KEY key;
+    unsigned char obuf[512];
+
+    for (i = 0; i < 6; i++) {
+        RC4_set_key(&key, keys[i][0], &(keys[i][1]));
+        memset(obuf, 0, sizeof(obuf));
+        RC4(&key, data_len[i], &(data[i][0]), obuf);
+        if (memcmp(obuf, output[i], data_len[i] + 1) != 0) {
+            printf("error calculating RC4\n");
+            printf("output:");
+            for (j = 0; j < data_len[i] + 1; j++)
+                printf(" %02x", obuf[j]);
+            printf("\n");
+            printf("expect:");
+            p = &(output[i][0]);
+            for (j = 0; j < data_len[i] + 1; j++)
+                printf(" %02x", *(p++));
+            printf("\n");
+            err++;
+        } else
+            printf("test %d ok\n", i);
+    }
+    printf("test end processing ");
+    for (i = 0; i < data_len[3]; i++) {
+        RC4_set_key(&key, keys[3][0], &(keys[3][1]));
+        memset(obuf, 0, sizeof(obuf));
+        RC4(&key, i, &(data[3][0]), obuf);
+        if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) {
+            printf("error in RC4 length processing\n");
+            printf("output:");
+            for (j = 0; j < i + 1; j++)
+                printf(" %02x", obuf[j]);
+            printf("\n");
+            printf("expect:");
+            p = &(output[3][0]);
+            for (j = 0; j < i; j++)
+                printf(" %02x", *(p++));
+            printf(" 00\n");
+            err++;
+        } else {
+            printf(".");
+            fflush(stdout);
+        }
+    }
+    printf("done\n");
+    printf("test multi-call ");
+    for (i = 0; i < data_len[3]; i++) {
+        RC4_set_key(&key, keys[3][0], &(keys[3][1]));
+        memset(obuf, 0, sizeof(obuf));
+        RC4(&key, i, &(data[3][0]), obuf);
+        RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i]));
+        if (memcmp(obuf, output[3], data_len[3] + 1) != 0) {
+            printf("error in RC4 multi-call processing\n");
+            printf("output:");
+            for (j = 0; j < data_len[3] + 1; j++)
+                printf(" %02x", obuf[j]);
+            printf("\n");
+            printf("expect:");
+            p = &(output[3][0]);
+            for (j = 0; j < data_len[3] + 1; j++)
+                printf(" %02x", *(p++));
+            err++;
+        } else {
+            printf(".");
+            fflush(stdout);
+        }
+    }
+    printf("done\n");
+    printf("bulk test ");
+    {
+        unsigned char buf[513];
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        static unsigned char expected[] = {
+            0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f,
+            0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5
+        };
+
+        RC4_set_key(&key, keys[0][0], &(keys[3][1]));
+        memset(buf, 0, sizeof(buf));
+        SHA1_Init(&c);
+        for (i = 0; i < 2571; i++) {
+            RC4(&key, sizeof(buf), buf, buf);
+            SHA1_Update(&c, buf, sizeof(buf));
+        }
+        SHA1_Final(md, &c);
+
+        if (memcmp(md, expected, sizeof(md))) {
+            printf("error in RC4 bulk test\n");
+            printf("output:");
+            for (j = 0; j < (int)sizeof(md); j++)
+                printf(" %02x", md[j]);
+            printf("\n");
+            printf("expect:");
+            for (j = 0; j < (int)sizeof(md); j++)
+                printf(" %02x", expected[j]);
+            printf("\n");
+            err++;
+        } else
+            printf("ok\n");
+    }
+    EXIT(err);
+}
+#endif
diff --git a/openssl-1.1.0h/test/rc5test.c b/openssl-1.1.0h/test/rc5test.c
new file mode 100644
index 0000000..6567bcb
--- /dev/null
+++ b/openssl-1.1.0h/test/rc5test.c
@@ -0,0 +1,276 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC5 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC5
+int main(int argc, char *argv[])
+{
+    printf("No RC5 support\n");
+    return (0);
+}
+#else
+# include <openssl/rc5.h>
+
+static unsigned char RC5key[5][16] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51,
+     0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91},
+    {0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f,
+     0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87},
+    {0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f,
+     0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf},
+    {0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15,
+     0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25},
+};
+
+static unsigned char RC5plain[5][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D},
+    {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52},
+    {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92},
+    {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC},
+};
+
+static unsigned char RC5cipher[5][8] = {
+    {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D},
+    {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52},
+    {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92},
+    {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC},
+    {0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24},
+};
+
+# define RC5_CBC_NUM 27
+static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8] = {
+    {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e},
+    {0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e},
+    {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f},
+    {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f},
+    {0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6},
+    {0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78},
+    {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88},
+    {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88},
+    {0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff},
+    {0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8},
+    {0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4},
+    {0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36},
+    {0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02},
+    {0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34},
+    {0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4},
+    {0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c},
+    {0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3},
+    {0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7},
+    {0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad},
+    {0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63},
+    {0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60},
+    {0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8},
+    {0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f},
+    {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78},
+    {0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95},
+    {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11},
+    {0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17},
+};
+
+static unsigned char rc5_cbc_key[RC5_CBC_NUM][17] = {
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x11},
+    {1, 0x00},
+    {4, 0x00, 0x00, 0x00, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {1, 0x00},
+    {4, 0x01, 0x02, 0x03, 0x04},
+    {4, 0x01, 0x02, 0x03, 0x04},
+    {4, 0x01, 0x02, 0x03, 0x04},
+    {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+     0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+     0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+     0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+    {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+    {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+    {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+    {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+};
+
+static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01},
+};
+
+static int rc5_cbc_rounds[RC5_CBC_NUM] = {
+    0, 0, 0, 0, 0, 1, 2, 2,
+    8, 8, 12, 16, 8, 12, 16, 12,
+    8, 12, 16, 8, 12, 16, 12, 8,
+    8, 8, 8,
+};
+
+static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = {
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78},
+    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+    {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11},
+};
+
+int main(int argc, char *argv[])
+{
+    int i, n, err = 0;
+    RC5_32_KEY key;
+    unsigned char buf[8], buf2[8], ivb[8];
+
+    for (n = 0; n < 5; n++) {
+        RC5_32_set_key(&key, 16, &(RC5key[n][0]), 12);
+
+        RC5_32_ecb_encrypt(&(RC5plain[n][0]), buf, &key, RC5_ENCRYPT);
+        if (memcmp(&(RC5cipher[n][0]), buf, 8) != 0) {
+            printf("ecb RC5 error encrypting (%d)\n", n + 1);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", RC5cipher[n][i]);
+            err = 20;
+            printf("\n");
+        }
+
+        RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT);
+        if (memcmp(&(RC5plain[n][0]), buf2, 8) != 0) {
+            printf("ecb RC5 error decrypting (%d)\n", n + 1);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf2[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", RC5plain[n][i]);
+            printf("\n");
+            err = 3;
+        }
+    }
+    if (err == 0)
+        printf("ecb RC5 ok\n");
+
+    for (n = 0; n < RC5_CBC_NUM; n++) {
+        i = rc5_cbc_rounds[n];
+        if (i < 8)
+            continue;
+
+        RC5_32_set_key(&key, rc5_cbc_key[n][0], &(rc5_cbc_key[n][1]), i);
+
+        memcpy(ivb, &(rc5_cbc_iv[n][0]), 8);
+        RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]), buf, 8,
+                           &key, &(ivb[0]), RC5_ENCRYPT);
+
+        if (memcmp(&(rc5_cbc_cipher[n][0]), buf, 8) != 0) {
+            printf("cbc RC5 error encrypting (%d)\n", n + 1);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", rc5_cbc_cipher[n][i]);
+            err = 30;
+            printf("\n");
+        }
+
+        memcpy(ivb, &(rc5_cbc_iv[n][0]), 8);
+        RC5_32_cbc_encrypt(buf, buf2, 8, &key, &(ivb[0]), RC5_DECRYPT);
+        if (memcmp(&(rc5_cbc_plain[n][0]), buf2, 8) != 0) {
+            printf("cbc RC5 error decrypting (%d)\n", n + 1);
+            printf("got     :");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", buf2[i]);
+            printf("\n");
+            printf("expected:");
+            for (i = 0; i < 8; i++)
+                printf("%02X ", rc5_cbc_plain[n][i]);
+            printf("\n");
+            err = 3;
+        }
+    }
+    if (err == 0)
+        printf("cbc RC5 ok\n");
+
+    EXIT(err);
+    return (err);
+}
+
+#endif
diff --git a/openssl-1.1.0h/test/recipes/01-test_abort.t b/openssl-1.1.0h/test/recipes/01-test_abort.t
new file mode 100644
index 0000000..2f121e2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/01-test_abort.t
@@ -0,0 +1,16 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+
+setup("test_abort");
+
+plan tests => 1;
+
+is(run(test(["aborttest"])), 0, "Testing that abort is caught correctly");
diff --git a/openssl-1.1.0h/test/recipes/01-test_sanity.t b/openssl-1.1.0h/test/recipes/01-test_sanity.t
new file mode 100644
index 0000000..f01466d
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/01-test_sanity.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_sanity", "sanitytest");
diff --git a/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t b/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t
new file mode 100644
index 0000000..7f2a2d7
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t
@@ -0,0 +1,116 @@
+#! /usr/bin/env perl
+# -*- mode: Perl -*-
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use File::Spec::Functions qw(devnull);
+use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_dir bldtop_file);
+use OpenSSL::Test::Utils;
+
+setup("test_symbol_presence");
+
+plan skip_all => "Only useful when building shared libraries"
+    if disabled("shared");
+
+my @libnames = ("crypto", "ssl");
+my $testcount = scalar @libnames;
+
+plan tests => $testcount * 2;
+
+note
+    "NOTE: developer test!  It's possible that it won't run on your\n",
+    "platform, and that's perfectly fine.  This is mainly for developers\n",
+    "on Unix to check that our shared libraries are consistent with the\n",
+    "ordinals (util/*.num in the source tree), something that should be\n",
+    "good enough a check for the other platforms as well.\n";
+
+foreach my $libname (@libnames) {
+ SKIP:
+    {
+        my $shlibpath = bldtop_file("lib" . $libname . ".so");
+        *OSTDERR = *STDERR;
+        *OSTDOUT = *STDOUT;
+        open STDERR, ">", devnull();
+        open STDOUT, ">", devnull();
+        my @nm_lines = map { s|\R$||; $_ } `nm -Pg $shlibpath 2> /dev/null`;
+        close STDERR;
+        close STDOUT;
+        *STDERR = *OSTDERR;
+        *STDOUT = *OSTDOUT;
+        skip "Can't run 'nm -Pg $shlibpath' => $?...  ignoring", 2
+            unless $? == 0;
+
+        my $bldtop = bldtop_dir();
+        my @def_lines;
+        indir $bldtop => sub {
+            my $mkdefpath = srctop_file("util", "mkdef.pl");
+            @def_lines = map { s|\R$||; $_ } `$^X $mkdefpath $libname linux 2> /dev/null`;
+            ok($? == 0, "running 'cd $bldtop; $^X $mkdefpath $libname linux' => $?");
+        }, create => 0, cleanup => 0;
+
+        note "Number of lines in \@nm_lines before massaging: ", scalar @nm_lines;
+        note "Number of lines in \@def_lines before massaging: ", scalar @def_lines;
+
+        # Massage the nm output to only contain defined symbols
+        @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines);
+
+        # Massage the mkdef.pl output to only contain global symbols
+        # The output we got is in Unix .map format, which has a global
+        # and a local section.  We're only interested in the global
+        # section.
+        my $in_global = 0;
+        @def_lines =
+            sort
+            map { s|;||; s|\s+||g; $_ }
+            grep { $in_global = 1 if m|global:|;
+                   $in_global = 0 if m|local:|;
+                   $in_global = 0 if m|\}|;
+                   $in_global && m|;|; } @def_lines;
+
+        note "Number of lines in \@nm_lines after massaging: ", scalar @nm_lines;
+        note "Number of lines in \@def_lines after massaging: ", scalar @def_lines;
+
+        # Maintain lists of symbols that are missing in the shared library,
+        # or that are extra.
+        my @missing = ();
+        my @extra = ();
+
+        while (scalar @nm_lines || scalar @def_lines) {
+            my $nm_first = $nm_lines[0];
+            my $def_first = $def_lines[0];
+
+            if (!defined($nm_first)) {
+                push @missing, shift @def_lines;
+            } elsif (!defined($def_first)) {
+                push @extra, shift @nm_lines;
+            } elsif ($nm_first gt $def_first) {
+                push @missing, shift @def_lines;
+            } elsif ($nm_first lt $def_first) {
+                push @extra, shift @nm_lines;
+            } else {
+                shift @def_lines;
+                shift @nm_lines;
+            }
+        }
+
+        if (scalar @missing) {
+            note "The following symbols are missing in lib$libname.so:";
+            foreach (@missing) {
+                note "  $_";
+            }
+        }
+        if (scalar @extra) {
+            note "The following symbols are extra in lib$libname.so:";
+            foreach (@extra) {
+                note "  $_";
+            }
+        }
+        ok(scalar @missing == 0,
+           "check that there are no missing symbols in lib$libname.so");
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/02-test_ordinals.t b/openssl-1.1.0h/test/recipes/02-test_ordinals.t
new file mode 100644
index 0000000..473d05b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/02-test_ordinals.t
@@ -0,0 +1,58 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_ordinals");
+
+plan tests => 2;
+
+ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num");
+ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num");
+
+sub testordinals
+{
+    my $filename = shift;
+    my $cnt = 0;
+    my $ret = 1;
+    my $qualifier = "";
+    my $newqual;
+    my $lastfunc = "";
+
+    open(my $fh, '<', $filename);
+    while (my $line = <$fh>) {
+        my @tokens = split(/(?:\s+|\s*:\s*)/, $line);
+        #Check the line looks sane
+        if ($#tokens < 5 || $#tokens > 6) {
+            print STDERR "Invalid line:\n$line\n";
+            $ret = 0;
+            last;
+        }
+        if ($tokens[3] eq "NOEXIST") {
+            #Ignore this line
+            next;
+        }
+        #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS
+        $newqual = $tokens[4];
+        $newqual =~ s/!//g;
+        if ($cnt > $tokens[1]
+                || ($cnt == $tokens[1] && ($qualifier ne $newqual
+                                           || $qualifier eq ""))) {
+            print STDERR "Invalid ordinal detected: ".$tokens[1]."\n";
+            $ret = 0;
+            last;
+        }
+        $cnt = $tokens[1];
+        $qualifier = $newqual;
+        $lastfunc = $tokens[0];
+    }
+    close($fh);
+
+    return $ret;
+}
diff --git a/openssl-1.1.0h/test/recipes/03-test_exdata.t b/openssl-1.1.0h/test/recipes/03-test_exdata.t
new file mode 100644
index 0000000..da66f95
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/03-test_exdata.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_exdata", "exdatatest");
diff --git a/openssl-1.1.0h/test/recipes/03-test_ui.t b/openssl-1.1.0h/test/recipes/03-test_ui.t
new file mode 100644
index 0000000..b1065d1
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/03-test_ui.t
@@ -0,0 +1,30 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+use OpenSSL::Test;
+
+setup("test_ui");
+
+plan tests => 1;
+
+note <<"EOF";
+The best way to test the UI interface is currently by using an openssl
+command that uses password_callback.  The only one that does this is
+'genrsa'.
+Since password_callback uses a UI method derived from UI_OpenSSL(), it
+ensures that one gets tested well enough as well.
+EOF
+
+my $outfile = "rsa_$$.pem";
+ok(run(app(["openssl", "genrsa", "-passout", "pass:password", "-aes128",
+            "-out", $outfile])),
+   "Checking that genrsa with a password works properly");
+
+unlink $outfile;
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem.t b/openssl-1.1.0h/test/recipes/04-test_pem.t
new file mode 100644
index 0000000..48f62ff
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem.t
@@ -0,0 +1,106 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ======================================================================
+
+
+use strict;
+use warnings;
+
+use File::Compare qw/compare_text/;
+use File::Basename;
+use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_pem_reading");
+
+my $testsrc = srctop_file("test", "recipes", basename($0));
+
+my $cmd = "openssl";
+
+# map input PEM file to 1 if it should be accepted; 0 when should be rejected
+my %cert_expected = (
+    "cert-1023line.pem" => 1,
+    "cert-1024line.pem" => 1,
+    "cert-1025line.pem" => 1,
+    "cert-255line.pem" => 1,
+    "cert-256line.pem" => 1,
+    "cert-257line.pem" => 1,
+    "cert-blankline.pem" => 0,
+    "cert-comment.pem" => 0,
+    "cert-earlypad.pem" => 0,
+    "cert-extrapad.pem" => 0,
+    "cert-infixwhitespace.pem" => 1,
+    "cert-junk.pem" => 0,
+    "cert-leadingwhitespace.pem" => 1,
+    "cert-longline.pem" => 1,
+    "cert-misalignedpad.pem" => 0,
+    "cert-onecolumn.pem" => 1,
+    "cert-oneline.pem" => 1,
+    "cert-shortandlongline.pem" => 1,
+    "cert-shortline.pem" => 1,
+    "cert-threecolumn.pem" => 1,
+    "cert-trailingwhitespace.pem" => 1,
+    "cert.pem" => 1
+);
+my %dsa_expected = (
+    "dsa-1023line.pem" => 0,
+    "dsa-1024line.pem" => 0,
+    "dsa-1025line.pem" => 0,
+    "dsa-255line.pem" => 0,
+    "dsa-256line.pem" => 0,
+    "dsa-257line.pem" => 0,
+    "dsa-blankline.pem" => 0,
+    "dsa-comment.pem" => 0,
+    "dsa-corruptedheader.pem" => 0,
+    "dsa-corruptiv.pem" => 0,
+    "dsa-earlypad.pem" => 0,
+    "dsa-extrapad.pem" => 0,
+    "dsa-infixwhitespace.pem" => 0,
+    "dsa-junk.pem" => 0,
+    "dsa-leadingwhitespace.pem" => 0,
+    "dsa-longline.pem" => 0,
+    "dsa-misalignedpad.pem" => 0,
+    "dsa-onecolumn.pem" => 0,
+    "dsa-oneline.pem" => 0,
+    "dsa-onelineheader.pem" => 0,
+    "dsa-shortandlongline.pem" => 0,
+    "dsa-shortline.pem" => 0,
+    "dsa-threecolumn.pem" => 0,
+    "dsa-trailingwhitespace.pem" => 1,
+    "dsa.pem" => 1
+);
+
+plan tests =>  scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 1;
+
+foreach my $input (keys %cert_expected) {
+    my @common = ($cmd, "x509", "-text", "-noout", "-inform", "PEM", "-in");
+    my @data = run(app([@common, data_file($input)], stderr => undef), capture => 1);
+    my @match = grep /The Great State of Long-Winded Certificate Field Names Whereby to Increase the Output Size/, @data;
+    is((scalar @match > 0 ? 1 : 0), $cert_expected{$input});
+}
+SKIP: {
+    skip "DSA support disabled, skipping...", (scalar keys %dsa_expected) unless !disabled("dsa");
+    foreach my $input (keys %dsa_expected) {
+        my @common = ($cmd, "pkey", "-inform", "PEM", "-passin", "file:" . data_file("wellknown"), "-noout", "-text", "-in");
+        my @data;
+        {
+            local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
+            @data = run(app([@common, data_file($input)], stderr => undef), capture => 1);
+        }
+        my @match = grep /68:42:02:16:63:54:16:eb:06:5c:ab:06:72:3b:78:/, @data;
+        is((scalar @match > 0 ? 1 : 0), $dsa_expected{$input});
+    }
+}
+SKIP: {
+    skip "RSA support disabled, skipping...", 1 unless !disabled("rsa");
+    my @common = ($cmd, "pkey", "-inform", "PEM", "-noout", "-text", "-in");
+    my @data = run(app([@common, data_file("beermug.pem")], stderr => undef), capture => 1);
+    my @match = grep /00:a0:3a:21:14:5d:cd:b6:d5:a0:3e:49:23:c1:3a:/, @data;
+    ok(scalar @match > 0 ? 1 : 0);
+}
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES b/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES
new file mode 100644
index 0000000..baafd15
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES
@@ -0,0 +1,3 @@
+The cert-*.pem and dsa-*.pem files are generated as manipulation of the
+ASCII text of cert.pem and dsa.pem, respectively -- they should decode to the
+same data.
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem
new file mode 100644
index 0000000..98b04b7
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC+qeXl4ZUfQZFmcGAPwdt7Mza4NQ6mJHehc4V/hVYc6eepvL/5
+uyyflzuhVy5ufctdi92FlXcIct5nNPdqK0PPdWH5Uzw0t/OjI5y/SJh8ur20krqw
+j/N1IOs63AcGLIVSkwx89iQbxj+2tV+YxFpGunUYyR/bJJWczuDMA/CujQIDAQAB
+AoGBAKA6IRRdzbbVoD5JI8E6NZtEP7DwDZ57uPk6Hq86u1JTEzcmguJ4dJitPBRr
+Mn7yQgwcNQ5EvCKifdqXvXBAaZuiiPFuCS/gfUw04jVHXWvG8ZvBQC3dutUYnFW7
+hdun8QU/Z6a1BethvESi1J1vgY2+XC4cBIvbutTc9HhMhbQ1AkEA8YTKGsVEYoKE
+d7sSx4qjeN4bgzeVgIwRt01wJ1EJN62LhwO+pYSXvTt14aHxiascejJqUhtuWvzR
+nuwydqiDpwJBAMoYgUoWdgW4O/C5ZXjiSia54jzrt7upxSq88njTRo/MCQfuJVbc
+3GUD+15V0zNhx9D7lcI+1uxhfcD7jWbJEqsCQBrE/SG6e7nvfX9H3O0BEN10wNfq
+cUeuPshybNvuv3bMZYqxf5AZAjiXPpmjuYHo1V8191Lid3jeTN2wkGdWhkECQQCI
+Rj3oV3z+Hl1M1bc27GBT/MQxkEE0qiXpy780+kJ6dHsifdNv3z4+X5EA656e5zB2
+Gy/A697BRnwlxXpz9OJBAkAUe7Ap0yU8aO6g5g+gsH+18bF0MftWh81VLOo09rRp
+SOHxNGGJLE5As5XkCGUZVIass1r8Q4N22Wip0QzeSWDi
+-
+-          .   *   ..  . *  *
+-        *  * @()Ooc()*   o  .
+-            (Q@*0CG*O()  ___
+-           |\_________/|/ _ \
+-           |  |  |  |  | / | |
+-           |  |  |  |  | | | |
+-           |  |  |  |  | | | |
+-           |  |  |  |  | | | |
+-           |  |  |  |  | | | |
+-           |  |  |  |  | \_| |
+-           |  |  |  |  |\___/
+-           |\_|__|__|_/|
+-            \_________/
+-
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem
new file mode 100644
index 0000000..7ad3103
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfS
+phwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejv
+N5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7Nk
+ZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQY
+JKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9
+JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem
+3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPH
+X30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV
+ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I
+AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem
new file mode 100644
index 0000000..fd501c2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem
new file mode 100644
index 0000000..2369229
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5
+v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZh
+SC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJK
+oZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9Jy
+wlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3a
+YRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX3
+0YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZr
+vUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA
+8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem
new file mode 100644
index 0000000..d7fd1f1
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcml
+waHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdml
+kZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhc
+NMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSB
+HcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1
+lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBww
+WVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQ
+gU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2l
+zMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWF
+yeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSq
+GSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2ME
+gj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF5
+60WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfS
+phwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejv
+N5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7Nk
+ZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQY
+JKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9
+JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem
+3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPH
+X30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV
+ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I
+AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem
new file mode 100644
index 0000000..225bdb6
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem
new file mode 100644
index 0000000..414b036
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwa
+HJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZ
+W50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNM
+TcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHc
+mVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lc
+yBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWV
+G9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU
+29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzM
+T0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFye
+SBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGS
+Ib3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj
+/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560
+WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSph
+wmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5
+v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZh
+SC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJK
+oZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9Jy
+wlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3a
+YRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX3
+0YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZr
+vUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA
+8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem
new file mode 100644
index 0000000..3f25288
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem
new file mode 100644
index 0000000..a1a493e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+-MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem
new file mode 100644
index 0000000..adb445e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+====ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem
new file mode 100644
index 0000000..0b89aa2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=====
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem
new file mode 100644
index 0000000..f7e912a
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4R     q/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182C   CXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem
new file mode 100644
index 0000000..5377e26
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+!"#$%&()
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem
new file mode 100644
index 0000000..6de4d48
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+        MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+        WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+        ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+        A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+        b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+        aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+        ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+        MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+        cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+        cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+        VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+        U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+        MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+        eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+        SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+        j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+        0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+        hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+        5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+        hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+        KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+        ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+        aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+        30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+        rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+        A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem
new file mode 100644
index 0000000..7304481
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA
+8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem
new file mode 100644
index 0000000..caca6e5
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem
new file mode 100644
index 0000000..77eebbf
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem
@@ -0,0 +1,1646 @@
+-----BEGIN CERTIFICATE-----
+M
+I
+I
+E
+z
+D
+C
+C
+A
+7
+Q
+C
+C
+Q
+C
+g
+x
+k
+R
+o
+x
++
+Y
+l
+j
+j
+A
+N
+B
+g
+k
+q
+h
+k
+i
+G
+9
+w
+0
+B
+A
+Q
+s
+F
+A
+D
+C
+C
+A
+S
+Y
+x
+Y
+z
+B
+h
+B
+g
+N
+V
+B
+A
+g
+M
+W
+l
+R
+o
+Z
+S
+B
+H
+c
+m
+V
+h
+d
+C
+B
+T
+d
+G
+F
+0
+Z
+S
+B
+v
+Z
+i
+B
+M
+b
+2
+5
+n
+L
+V
+d
+p
+b
+m
+R
+l
+Z
+C
+B
+D
+Z
+X
+J
+0
+a
+W
+Z
+p
+Y
+2
+F
+0
+Z
+S
+B
+G
+a
+W
+V
+s
+Z
+C
+B
+O
+Y
+W
+1
+l
+c
+y
+B
+X
+a
+G
+V
+y
+Z
+W
+J
+5
+I
+H
+R
+v
+I
+E
+l
+u
+Y
+3
+J
+l
+Y
+X
+N
+l
+I
+H
+R
+o
+Z
+S
+B
+P
+d
+X
+R
+w
+d
+X
+Q
+g
+U
+2
+l
+6
+Z
+T
+E
+f
+M
+B
+0
+G
+A
+1
+U
+E
+B
+w
+w
+W
+V
+G
+9
+v
+b
+W
+F
+u
+e
+W
+N
+o
+Y
+X
+J
+h
+Y
+3
+R
+l
+c
+n
+N
+2
+a
+W
+x
+s
+Z
+T
+F
+I
+M
+E
+Y
+G
+A
+1
+U
+E
+C
+g
+w
+/
+V
+G
+h
+l
+I
+E
+J
+l
+b
+m
+V
+2
+b
+2
+x
+l
+b
+n
+Q
+g
+U
+2
+9
+j
+a
+W
+V
+0
+e
+S
+B
+v
+Z
+i
+B
+M
+b
+3
+F
+1
+Y
+W
+N
+p
+b
+3
+V
+z
+I
+G
+F
+u
+Z
+C
+B
+Q
+b
+G
+V
+v
+b
+m
+F
+z
+d
+G
+l
+j
+I
+F
+B
+l
+c
+m
+l
+w
+a
+H
+J
+h
+c
+2
+l
+z
+M
+T
+0
+w
+O
+w
+Y
+D
+V
+Q
+Q
+L
+D
+D
+R
+F
+b
+m
+R
+v
+c
+n
+N
+l
+b
+W
+V
+u
+d
+C
+B
+v
+Z
+i
+B
+W
+b
+3
+V
+j
+a
+H
+N
+h
+Z
+m
+U
+n
+Z
+C
+B
+F
+d
+m
+l
+k
+Z
+W
+5
+0
+a
+W
+F
+y
+e
+S
+B
+D
+Z
+X
+J
+0
+a
+W
+Z
+p
+Y
+2
+F
+0
+a
+W
+9
+u
+M
+R
+U
+w
+E
+w
+Y
+D
+V
+Q
+Q
+D
+D
+A
+x
+j
+Z
+X
+J
+0
+L
+m
+V
+4
+Y
+W
+1
+w
+b
+G
+U
+w
+H
+h
+c
+N
+M
+T
+c
+w
+M
+j
+I
+z
+M
+j
+A
+y
+N
+T
+M
+2
+W
+h
+c
+N
+M
+T
+c
+w
+M
+z
+I
+1
+M
+j
+A
+y
+N
+T
+M
+2
+W
+j
+C
+C
+A
+S
+Y
+x
+Y
+z
+B
+h
+B
+g
+N
+V
+B
+A
+g
+M
+W
+l
+R
+o
+Z
+S
+B
+H
+c
+m
+V
+h
+d
+C
+B
+T
+d
+G
+F
+0
+Z
+S
+B
+v
+Z
+i
+B
+M
+b
+2
+5
+n
+L
+V
+d
+p
+b
+m
+R
+l
+Z
+C
+B
+D
+Z
+X
+J
+0
+a
+W
+Z
+p
+Y
+2
+F
+0
+Z
+S
+B
+G
+a
+W
+V
+s
+Z
+C
+B
+O
+Y
+W
+1
+l
+c
+y
+B
+X
+a
+G
+V
+y
+Z
+W
+J
+5
+I
+H
+R
+v
+I
+E
+l
+u
+Y
+3
+J
+l
+Y
+X
+N
+l
+I
+H
+R
+o
+Z
+S
+B
+P
+d
+X
+R
+w
+d
+X
+Q
+g
+U
+2
+l
+6
+Z
+T
+E
+f
+M
+B
+0
+G
+A
+1
+U
+E
+B
+w
+w
+W
+V
+G
+9
+v
+b
+W
+F
+u
+e
+W
+N
+o
+Y
+X
+J
+h
+Y
+3
+R
+l
+c
+n
+N
+2
+a
+W
+x
+s
+Z
+T
+F
+I
+M
+E
+Y
+G
+A
+1
+U
+E
+C
+g
+w
+/
+V
+G
+h
+l
+I
+E
+J
+l
+b
+m
+V
+2
+b
+2
+x
+l
+b
+n
+Q
+g
+U
+2
+9
+j
+a
+W
+V
+0
+e
+S
+B
+v
+Z
+i
+B
+M
+b
+3
+F
+1
+Y
+W
+N
+p
+b
+3
+V
+z
+I
+G
+F
+u
+Z
+C
+B
+Q
+b
+G
+V
+v
+b
+m
+F
+z
+d
+G
+l
+j
+I
+F
+B
+l
+c
+m
+l
+w
+a
+H
+J
+h
+c
+2
+l
+z
+M
+T
+0
+w
+O
+w
+Y
+D
+V
+Q
+Q
+L
+D
+D
+R
+F
+b
+m
+R
+v
+c
+n
+N
+l
+b
+W
+V
+u
+d
+C
+B
+v
+Z
+i
+B
+W
+b
+3
+V
+j
+a
+H
+N
+h
+Z
+m
+U
+n
+Z
+C
+B
+F
+d
+m
+l
+k
+Z
+W
+5
+0
+a
+W
+F
+y
+e
+S
+B
+D
+Z
+X
+J
+0
+a
+W
+Z
+p
+Y
+2
+F
+0
+a
+W
+9
+u
+M
+R
+U
+w
+E
+w
+Y
+D
+V
+Q
+Q
+D
+D
+A
+x
+j
+Z
+X
+J
+0
+L
+m
+V
+4
+Y
+W
+1
+w
+b
+G
+U
+w
+g
+g
+E
+i
+M
+A
+0
+G
+C
+S
+q
+G
+S
+I
+b
+3
+D
+Q
+E
+B
+A
+Q
+U
+A
+A
+4
+I
+B
+D
+w
+A
+w
+g
+g
+E
+K
+A
+o
+I
+B
+A
+Q
+C
+7
+M
+O
+I
+r
+q
+H
++
+Z
+I
+J
+i
+Z
+d
+r
+o
+K
+M
+r
+e
+l
+K
+M
+S
+v
+v
+R
+K
+g
+2
+M
+E
+g
+j
+/
+s
+x
+9
+T
+a
+H
+H
+q
+r
+K
+y
+s
+4
+A
+i
+L
+4
+R
+q
+/
+y
+b
+Q
+E
+i
+g
+F
+C
+6
+G
+8
+m
+p
+Z
+W
+b
+B
+r
+U
++
+v
+N
+2
+S
+L
+r
+1
+Z
+s
+P
+f
+t
+C
+H
+I
+Y
+1
+2
+L
+F
+5
+6
+0
+W
+L
+Y
+T
+Y
+N
+q
+D
+g
+F
+5
+B
+d
+C
+Z
+C
+r
+j
+J
+2
+h
+h
+N
++
+X
+w
+M
+L
+2
+t
+g
+Y
+d
+W
+i
+o
+V
+/
+E
+e
+y
+8
+S
+J
+S
+q
+U
+s
+k
+f
+0
+3
+M
+p
+c
+w
+n
+L
+b
+V
+f
+S
+p
+h
+w
+m
+o
+w
+q
+N
+f
+i
+E
+F
+F
+q
+P
+B
+C
+f
+7
+E
+8
+I
+V
+a
+r
+G
+W
+c
+t
+b
+M
+p
+v
+l
+M
+b
+A
+M
+5
+o
+w
+h
+M
+e
+v
+/
+C
+c
+m
+q
+q
+t
+8
+1
+N
+F
+k
+b
+1
+W
+V
+e
+j
+v
+N
+5
+v
+/
+J
+K
+v
+2
+4
+3
+/
+X
+e
+d
+f
+4
+I
+7
+Z
+J
+v
+7
+z
+K
+e
+s
+w
+o
+P
+9
+p
+i
+F
+z
+W
+H
+X
+C
+d
+9
+S
+I
+V
+z
+W
+q
+F
+7
+7
+u
+/
+c
+r
+H
+u
+f
+I
+h
+o
+E
+a
+7
+N
+k
+Z
+h
+S
+C
+2
+a
+o
+s
+Q
+F
+6
+1
+9
+i
+K
+n
+f
+k
+0
+n
+q
+W
+a
+L
+D
+J
+1
+8
+2
+C
+C
+X
+k
+H
+E
+R
+o
+Q
+C
+7
+q
+9
+X
+2
+I
+G
+L
+D
+L
+o
+A
+0
+X
+A
+g
+M
+B
+A
+A
+E
+w
+D
+Q
+Y
+J
+K
+o
+Z
+I
+h
+v
+c
+N
+A
+Q
+E
+L
+B
+Q
+A
+D
+g
+g
+E
+B
+A
+K
+b
+t
+L
+x
++
+Y
+l
+C
+G
+R
+C
+B
+m
+Y
+n
+3
+d
+f
+Y
+F
++
+B
+I
+v
+K
+/
+b
+/
+e
+0
+D
+K
+N
+h
+D
+K
+h
+b
+4
+s
+9
+J
+y
+w
+l
+J
+4
+q
+n
+A
+B
+4
+8
+t
+g
+P
+x
+0
+q
++
+Z
+B
++
+E
+d
+M
+Y
+R
+q
+C
+w
+y
+v
+X
+J
+x
+E
+d
+Z
+7
+P
+s
+C
+d
+U
+e
+U
+6
+x
+I
+2
+y
+b
+k
+h
+S
+d
+U
+U
+f
+Q
+b
+Y
+e
+m
+3
+a
+Y
+R
+G
++
+y
+u
+k
+G
+z
+a
+z
+y
+S
+Q
+J
+s
+8
+l
+G
+q
+x
+B
+l
+R
+M
+F
+l
+/
+F
+G
+C
+g
++
+o
+S
+Q
+/
+I
+3
+2
+e
+G
+f
+8
+m
+i
+c
+D
+s
+k
+j
+2
+z
+k
+A
+J
+t
+C
+k
+U
+P
+H
+X
+3
+0
+Y
+r
+W
+M
+f
+O
+w
+W
+1
+r
+2
+x
+Y
+r
+2
+m
+B
+N
+X
+b
+N
+W
+X
+J
+h
+W
+/
+s
+I
+g
+5
+u
+8
+a
+a
+9
+f
+c
+A
+L
+e
+u
+Q
+c
+M
+X
+k
+b
+s
+b
+V
+o
+P
+m
+C
+5
+a
+L
+d
+i
+V
+Z
+r
+v
+U
+F
+o
+J
+8
+D
+P
+g
+0
+a
+Y
+Y
+w
+j
+6
+4
+R
+w
+U
+0
+B
+5
+H
+W
+/
+7
+j
+K
+h
+Q
+2
+5
+F
+g
+K
+V
+A
+z
+L
+G
+r
+g
+Y
+x
+1
+D
+i
+v
+k
+M
+7
+U
+Q
+G
+d
+W
+Y
+n
+U
+8
+I
+A
+A
+8
+S
+8
+9
+g
+R
+j
+G
+k
+2
+h
+n
+k
+e
+a
+g
+W
+a
+s
+3
+d
+x
+q
+T
+T
+p
+g
+J
+D
+h
+p
+r
+g
+W
+z
+y
+K
+a
+9
+h
+I
+I
+=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem
new file mode 100644
index 0000000..70121fb
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem
new file mode 100644
index 0000000..1681e24
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV
+ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem
new file mode 100644
index 0000000..3c5d2e5
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV
+ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I
+AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem
new file mode 100644
index 0000000..eb5503c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem
@@ -0,0 +1,550 @@
+-----BEGIN CERTIFICATE-----
+MII
+EzD
+CCA
+7QC
+CQC
+gxk
+Rox
++Yl
+jjA
+NBg
+kqh
+kiG
+9w0
+BAQ
+sFA
+DCC
+ASY
+xYz
+BhB
+gNV
+BAg
+MWl
+RoZ
+SBH
+cmV
+hdC
+BTd
+GF0
+ZSB
+vZi
+BMb
+25n
+LVd
+pbm
+RlZ
+CBD
+ZXJ
+0aW
+ZpY
+2F0
+ZSB
+GaW
+VsZ
+CBO
+YW1
+lcy
+BXa
+GVy
+ZWJ
+5IH
+RvI
+Elu
+Y3J
+lYX
+NlI
+HRo
+ZSB
+PdX
+Rwd
+XQg
+U2l
+6ZT
+EfM
+B0G
+A1U
+EBw
+wWV
+G9v
+bWF
+ueW
+NoY
+XJh
+Y3R
+lcn
+N2a
+Wxs
+ZTF
+IME
+YGA
+1UE
+Cgw
+/VG
+hlI
+EJl
+bmV
+2b2
+xlb
+nQg
+U29
+jaW
+V0e
+SBv
+ZiB
+Mb3
+F1Y
+WNp
+b3V
+zIG
+FuZ
+CBQ
+bGV
+vbm
+Fzd
+Glj
+IFB
+lcm
+lwa
+HJh
+c2l
+zMT
+0wO
+wYD
+VQQ
+LDD
+RFb
+mRv
+cnN
+lbW
+Vud
+CBv
+ZiB
+Wb3
+Vja
+HNh
+ZmU
+nZC
+BFd
+mlk
+ZW5
+0aW
+Fye
+SBD
+ZXJ
+0aW
+ZpY
+2F0
+aW9
+uMR
+UwE
+wYD
+VQQ
+DDA
+xjZ
+XJ0
+LmV
+4YW
+1wb
+GUw
+Hhc
+NMT
+cwM
+jIz
+MjA
+yNT
+M2W
+hcN
+MTc
+wMz
+I1M
+jAy
+NTM
+2Wj
+CCA
+SYx
+YzB
+hBg
+NVB
+AgM
+WlR
+oZS
+BHc
+mVh
+dCB
+TdG
+F0Z
+SBv
+ZiB
+Mb2
+5nL
+Vdp
+bmR
+lZC
+BDZ
+XJ0
+aWZ
+pY2
+F0Z
+SBG
+aWV
+sZC
+BOY
+W1l
+cyB
+XaG
+VyZ
+WJ5
+IHR
+vIE
+luY
+3Jl
+YXN
+lIH
+RoZ
+SBP
+dXR
+wdX
+QgU
+2l6
+ZTE
+fMB
+0GA
+1UE
+Bww
+WVG
+9vb
+WFu
+eWN
+oYX
+JhY
+3Rl
+cnN
+2aW
+xsZ
+TFI
+MEY
+GA1
+UEC
+gw/
+VGh
+lIE
+Jlb
+mV2
+b2x
+lbn
+QgU
+29j
+aWV
+0eS
+BvZ
+iBM
+b3F
+1YW
+Npb
+3Vz
+IGF
+uZC
+BQb
+GVv
+bmF
+zdG
+ljI
+FBl
+cml
+waH
+Jhc
+2lz
+MT0
+wOw
+YDV
+QQL
+DDR
+Fbm
+Rvc
+nNl
+bWV
+udC
+BvZ
+iBW
+b3V
+jaH
+NhZ
+mUn
+ZCB
+Fdm
+lkZ
+W50
+aWF
+yeS
+BDZ
+XJ0
+aWZ
+pY2
+F0a
+W9u
+MRU
+wEw
+YDV
+QQD
+DAx
+jZX
+J0L
+mV4
+YW1
+wbG
+Uwg
+gEi
+MA0
+GCS
+qGS
+Ib3
+DQE
+BAQ
+UAA
+4IB
+DwA
+wgg
+EKA
+oIB
+AQC
+7MO
+Irq
+H+Z
+IJi
+Zdr
+oKM
+rel
+KMS
+vvR
+Kg2
+MEg
+j/s
+x9T
+aHH
+qrK
+ys4
+AiL
+4Rq
+/yb
+QEi
+gFC
+6G8
+mpZ
+WbB
+rU+
+vN2
+SLr
+1Zs
+Pft
+CHI
+Y12
+LF5
+60W
+LYT
+YNq
+DgF
+5Bd
+CZC
+rjJ
+2hh
+N+X
+wML
+2tg
+YdW
+ioV
+/Ee
+y8S
+JSq
+Usk
+f03
+Mpc
+wnL
+bVf
+Sph
+wmo
+wqN
+fiE
+FFq
+PBC
+f7E
+8IV
+arG
+Wct
+bMp
+vlM
+bAM
+5ow
+hMe
+v/C
+cmq
+qt8
+1NF
+kb1
+WVe
+jvN
+5v/
+JKv
+243
+/Xe
+df4
+I7Z
+Jv7
+zKe
+swo
+P9p
+iFz
+WHX
+Cd9
+SIV
+zWq
+F77
+u/c
+rHu
+fIh
+oEa
+7Nk
+ZhS
+C2a
+osQ
+F61
+9iK
+nfk
+0nq
+WaL
+DJ1
+82C
+CXk
+HER
+oQC
+7q9
+X2I
+GLD
+LoA
+0XA
+gMB
+AAE
+wDQ
+YJK
+oZI
+hvc
+NAQ
+ELB
+QAD
+ggE
+BAK
+btL
+x+Y
+lCG
+RCB
+mYn
+3df
+YF+
+BIv
+K/b
+/e0
+DKN
+hDK
+hb4
+s9J
+ywl
+J4q
+nAB
+48t
+gPx
+0q+
+ZB+
+EdM
+YRq
+Cwy
+vXJ
+xEd
+Z7P
+sCd
+UeU
+6xI
+2yb
+khS
+dUU
+fQb
+Yem
+3aY
+RG+
+yuk
+Gza
+zyS
+QJs
+8lG
+qxB
+lRM
+Fl/
+FGC
+g+o
+SQ/
+I32
+eGf
+8mi
+cDs
+kj2
+zkA
+JtC
+kUP
+HX3
+0Yr
+WMf
+OwW
+1r2
+xYr
+2mB
+NXb
+NWX
+JhW
+/sI
+g5u
+8aa
+9fc
+ALe
+uQc
+MXk
+bsb
+VoP
+mC5
+aLd
+iVZ
+rvU
+FoJ
+8DP
+g0a
+YYw
+j64
+RwU
+0B5
+HW/
+7jK
+hQ2
+5Fg
+KVA
+zLG
+rgY
+x1D
+ivk
+M7U
+QGd
+WYn
+U8I
+AA8
+S89
+gRj
+Gk2
+hnk
+eag
+Was
+3dx
+qTT
+pgJ
+Dhp
+rgW
+zyK
+a9h
+II=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem
new file mode 100644
index 0000000..ab0dfe8
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM        
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs        
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G        
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2        
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw        
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk        
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN        
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH        
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l        
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW        
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg        
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz        
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy        
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG        
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg        
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56        
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp        
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN        
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ        
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ        
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J        
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3        
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX        
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ        
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA                
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=        
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem
new file mode 100644
index 0000000..99ddf07
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
+WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
+ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
+A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2
+b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw
+aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk
+ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN
+MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
+cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
+cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
+VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
+U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
+MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
+eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg
+j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56
+0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp
+hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN
+5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ
+hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J
+ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3
+aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX
+30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ
+rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA
+A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem
new file mode 100644
index 0000000..02a966d
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDbTCCAlUCAQAwggEmMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9u
+Zy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNy
+ZWFzZSB0aGUgT3V0cHV0IFNpemUxHzAdBgNVBAcMFlRvb21hbnljaGFyYWN0ZXJz
+dmlsbGUxSDBGBgNVBAoMP1RoZSBCZW5ldm9sZW50IFNvY2lldHkgb2YgTG9xdWFj
+aW91cyBhbmQgUGxlb25hc3RpYyBQZXJpcGhyYXNpczE9MDsGA1UECww0RW5kb3Jz
+ZW1lbnQgb2YgVm91Y2hzYWZlJ2QgRXZpZGVudGlhcnkgQ2VydGlmaWNhdGlvbjEV
+MBMGA1UEAwwMY2VydC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuzDiK6h/mSCYmXa6CjK3pSjEr70SoNjBII/7MfU2hx6qysrOAIi+Eav8
+m0BIoBQuhvJqWVmwa1Przdki69WbD37QhyGNdixeetFi2E2Dag4BeQXQmQq4ydoY
+Tfl8DC9rYGHVoqFfxHsvEiUqlLJH9NzKXMJy21X0qYcJqMKjX4hBRajwQn+xPCFW
+qxlnLWzKb5TGwDOaMITHr/wnJqqrfNTRZG9VlXo7zeb/ySr9uN/13nX+CO2Sb+8y
+nrMKD/aYhc1h1wnfUiFc1qhe+7v3Kx7nyIaBGuzZGYUgtmqLEBetfYip35NJ6lmi
+wydfNggl5BxEaEAu6vV9iBiwy6ANFwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
+ADgIOZ6OL8SDAGcDTkHuE7d9xOIeiidMU2JU1Dxxk7iZh6JAHxjdgwwUew0nDdPR
+74u84uGzecotX9MByAhmCflhwN+aTQcntxY1R44uAmeE0WJLrCYWQIKHh27YI/2y
+9mMHX9srTtL+Ggrs7s1WLzcFitDpUWB4B+9a+KGJ0fbWPpjNcxDwwjSEiKwzHhpv
+3PdTU2eC5/uvu1BoU4ms//JftvbWlTwHqf4J4P/FZeeOwoTay5d0K5qWDs9hEexP
+m9wRUnCc8L7xPElYvIC9mpgMFvwJ3xMOpE1qAh7WSeAlTX6wE0WvxgCwhgEExISQ
+vRMcwsXoc5VthqU/E8fc9ls=
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem
new file mode 100644
index 0000000..0e5c01a
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB
+Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws
+6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem
new file mode 100644
index 0000000..185a029
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem
@@ -0,0 +1,8 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem
new file mode 100644
index 0000000..fa449c9
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem
@@ -0,0 +1,8 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo
+15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem
new file mode 100644
index 0000000..36a5b12
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem
@@ -0,0 +1,21 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCER
+n9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBY
+Xzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70m
+DoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90
+mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB
+Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws
+6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem
new file mode 100644
index 0000000..6ba6c39
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem
new file mode 100644
index 0000000..a73d700
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo
+15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem
new file mode 100644
index 0000000..6f46e27
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem
new file mode 100644
index 0000000..bb96ec4
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+-vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem
new file mode 100644
index 0000000..7ed4261
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCARPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem
new file mode 100644
index 0000000..233e201
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E464B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem
new file mode 100644
index 0000000..9f14e3b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+====gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem
new file mode 100644
index 0000000..1823973
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+====
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem
new file mode 100644
index 0000000..5755265
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bqu     wukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxz   WfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem
new file mode 100644
index 0000000..0836c45
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+!"#$%&()
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem
new file mode 100644
index 0000000..8bbf261
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+      EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+        gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+        wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+        3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+        pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+        SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+        UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+        Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+        vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+        2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+        Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+        q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+        4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+        9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+        zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+                oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+        OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+        o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem
new file mode 100644
index 0000000..75973ef
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo
+15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem
new file mode 100644
index 0000000..ad8c366
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+=
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem
new file mode 100644
index 0000000..61b8ed5
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem
@@ -0,0 +1,1157 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+E
+B
+D
+W
+X
+0
+Q
+f
+a
+r
+l
++
+Q
+N
+s
+H
+g
+C
+U
+u
+d
+L
+y
+b
+6
+D
+k
+C
+4
+z
+y
+a
+D
+U
+/
+v
+U
+q
+W
+y
+H
+X
+0
+m
++
+8
+W
+2
+b
+b
+m
+T
+5
+T
+e
+x
+l
+L
+3
+h
+s
+M
+5
+U
+g
+z
+7
+K
+s
+G
+q
+y
+j
+e
+O
+u
+K
+9
+Q
+T
+5
+L
+O
+M
+4
+V
+y
+K
+6
+B
+g
+m
+h
+q
+p
+Q
+a
+J
+1
+M
+g
+C
+W
+A
+/
+g
+b
+B
+P
+T
+g
+B
+p
+2
+j
+f
+p
+3
+o
+S
+0
+W
+C
+5
+D
+6
+G
+M
+w
+c
+s
+d
+q
+o
+e
+I
+p
+D
+/
+w
+c
+e
+3
+k
+0
+H
+2
+G
+f
+u
+6
++
+r
+I
+N
+B
+m
+b
+I
+T
+t
+n
+4
+D
+T
+f
+3
+P
+k
+O
+c
+D
+I
+w
+d
+D
+c
+e
+N
+2
+q
+k
+Z
+a
+n
+l
+o
+F
+V
+r
+i
+S
+3
+k
+A
+B
+U
+I
+h
+1
+e
+h
+Y
+I
+X
+Q
+i
+b
+L
+R
+F
+Y
+5
+r
+X
+d
+Q
+n
+h
+Y
+2
+C
+Z
+N
+r
+Q
+F
+I
+M
+w
+l
+6
+4
+h
+K
+5
+P
+5
+h
+Q
+b
+c
+y
+J
+K
+G
+D
+H
+A
+Y
+z
+X
+V
+7
+o
+u
+p
+d
+X
+y
+5
+F
+9
+o
+y
+E
+d
+6
+e
+A
+5
+i
+x
++
+n
+1
+j
+K
+F
+R
+B
+7
+P
+m
+A
+p
+Z
+m
+u
+i
+Q
+j
+z
+f
+E
+x
+V
+K
+m
+B
+P
+G
+x
+R
+z
+O
+G
+T
+0
+q
+R
+5
+v
+L
+y
+l
+Q
+h
+e
+i
+S
+C
+7
+7
+n
+k
+e
+r
+a
+w
+U
+y
+j
+A
+2
+Q
+l
+I
+a
+/
+S
+m
+N
+z
+X
+E
+Y
+k
+N
+3
+g
+o
+D
+z
+H
+S
+F
+K
+B
+a
+u
+B
+0
+o
+5
+q
+F
+c
+1
+b
+1
+x
+7
+d
+X
+P
+C
+F
+L
+0
+a
+t
+G
+5
+U
+x
+o
+R
+r
+/
+E
+p
+7
+t
+i
+a
+b
+4
+D
+Z
+m
+Y
+E
+n
+O
+G
+k
+L
+2
+d
+V
+N
+8
+j
+A
+0
+4
+F
++
+H
+Q
+G
+B
+e
+P
+6
+n
+D
+O
+S
+K
+h
+X
+R
+j
+b
+U
+O
+D
+U
+p
+D
+p
+D
+v
+j
++
+F
+J
+f
+7
+7
+R
+v
+0
+p
+4
+8
+l
+9
+i
+p
+8
+i
+/
+b
+q
+u
+w
+u
+k
+X
+l
+M
+e
+d
+3
+O
+4
+d
+6
+r
+n
+E
+w
+k
+g
+g
+d
+y
+S
+S
+5
+i
+t
+i
+S
+h
+w
+a
+V
+L
+P
+f
++
+i
+c
+I
+/
+Y
+d
+4
+v
+c
+P
+X
+D
+P
+U
+H
+T
+k
+j
+1
+X
+m
+o
+Z
+4
+f
+1
+m
+U
+F
+1
+7
+O
+t
+C
+o
+h
+s
+J
+T
+7
+O
+4
+o
+M
+B
+B
+M
+B
+w
+q
+C
+k
+C
+7
+e
+n
+r
+L
+a
+A
+L
+i
+9
+j
+i
+K
+y
+m
+4
+7
+g
+2
+b
+Z
+H
+0
+5
+x
+J
+P
+p
+W
+X
+S
+/
+k
+S
+E
+k
+w
+t
+/
+j
+I
++
+a
++
+o
+4
+C
+u
+D
+P
+l
+y
+3
+X
+h
+I
+c
+Y
+R
+t
+s
+a
+W
+B
+J
+W
+i
+a
+m
+1
+O
+T
+7
+s
+G
+Q
++
+z
+k
+j
+T
+G
+A
+a
+6
+N
+f
+w
+b
+R
+8
+S
+c
+Q
+C
+8
+M
+z
+D
+f
+V
+n
+k
+J
+3
+V
+n
+X
+j
+T
+3
+4
+5
+b
+z
++
+F
+7
+H
+T
+A
+v
+e
+Q
+8
+a
+7
+K
+G
+x
+N
+n
+t
+P
+h
+E
+0
+K
+V
+j
+p
+l
+3
+6
+9
+K
+q
+2
+T
+M
+L
+y
+e
+x
+Q
+A
+R
+J
+a
+p
+a
+b
+B
+f
+/
+S
+T
+9
+z
+W
+P
+7
+w
+x
+z
+W
+f
+r
+E
+b
+X
+3
+O
+E
+Z
+C
+u
+R
+D
+V
+k
+w
+W
+f
+1
+8
+B
+H
+/
+E
+h
+6
+L
+q
+n
+q
+g
+5
+Q
+M
+4
+G
+u
+X
+7
+0
+8
+N
+i
+F
+p
+i
+w
+Q
+t
+9
+p
+/
+D
+A
+u
+Q
+d
+h
+B
+r
+P
+6
+7
+B
+x
+L
+6
+4
+C
+b
+I
+7
+C
+g
+W
+4
+L
+v
+3
+z
+3
+q
+n
+K
+f
+F
+V
+9
+z
+Y
+5
+/
+m
+x
+C
+E
+R
+n
+9
+m
+P
+O
+i
+g
+2
+r
+8
+W
+v
+v
+X
+t
+7
+c
+h
+6
+n
+h
+z
+B
+P
+f
+C
+w
+q
+0
+B
+o
+P
+q
+L
+K
+U
+F
+g
+D
+p
+e
+X
+s
+N
+d
+J
+9
+s
+W
+5
+I
+V
+3
+y
+i
+/
+3
+B
+h
+9
+8
+Z
+B
+Y
+X
+z
+j
+8
+g
+/
+7
+X
+M
+o
+6
+v
+9
+9
+8
+f
+c
+t
++
+E
+i
+H
+P
+s
+c
+u
+q
+e
+Y
+U
+a
+o
+J
+Z
+6
++
+Z
+j
+7
+W
+4
+5
+n
+G
+A
+9
+D
+G
+s
+n
+E
+m
+Z
+0
+W
+u
+x
+2
+t
+T
+j
+7
+0
+m
+D
+o
+H
+/
+/
+2
+1
+T
+i
+R
+A
+x
+6
+y
+p
+P
+P
++
+I
+q
+2
+Y
+D
+z
+q
+h
+7
+V
+X
+c
+/
+g
+s
+s
+O
+n
+/
+v
+U
+1
+A
+j
+1
+9
+g
+z
+L
++
+M
+R
+n
+1
+Z
+5
+5
+S
+M
+r
+A
+7
+n
+O
+9
+0
+m
+O
+g
+O
+y
+E
+P
++
+u
+G
+r
+X
+y
+a
+h
+f
+Z
+G
+P
+b
+m
+p
+g
+I
+x
++
+M
+T
+b
+t
+f
+v
+R
+t
+Z
+B
+s
+G
+3
+E
+c
+X
+y
+W
+9
+N
+n
+H
+J
+f
+k
+4
+O
+8
+x
+N
+3
+h
+Y
+P
+W
+X
+a
+B
+I
+o
+1
+5
+q
+B
+3
+j
+Y
+b
+x
+1
+o
+k
+t
+b
+c
+Q
+P
+o
+0
+h
+z
+a
+N
+v
++
+P
+J
+5
+w
+t
+T
+4
+7
+J
+L
+N
+c
+b
+M
+e
+M
+S
+n
+w
+K
+M
+8
+M
+B
+4
+C
+X
+l
+M
+4
+3
+R
+U
+t
+K
+w
+s
+6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem
new file mode 100644
index 0000000..176f1e8
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5Ugz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem
new file mode 100644
index 0000000..d07095b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem
@@ -0,0 +1,22 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem
new file mode 100644
index 0000000..b9a8333
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mO
+gOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem
new file mode 100644
index 0000000..6da1ab7
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem
@@ -0,0 +1,24 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB
+Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws
+6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem
new file mode 100644
index 0000000..e6fcc53
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem
@@ -0,0 +1,389 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBD
+WX0
+Qfa
+rl+
+QNs
+HgC
+Uud
+Lyb
+6Dk
+C4z
+yaD
+U/v
+UqW
+yHX
+0m+
+8W2
+bbm
+T5T
+exl
+L3h
+sM5
+Ugz
+7Ks
+Gqy
+jeO
+uK9
+QT5
+LOM
+4Vy
+K6B
+gmh
+qpQ
+aJ1
+MgC
+WA/
+gbB
+PTg
+Bp2
+jfp
+3oS
+0WC
+5D6
+GMw
+csd
+qoe
+IpD
+/wc
+e3k
+0H2
+Gfu
+6+r
+INB
+mbI
+Ttn
+4DT
+f3P
+kOc
+DIw
+dDc
+eN2
+qkZ
+anl
+oFV
+riS
+3kA
+BUI
+h1e
+hYI
+XQi
+bLR
+FY5
+rXd
+Qnh
+Y2C
+ZNr
+QFI
+Mwl
+64h
+K5P
+5hQ
+bcy
+JKG
+DHA
+YzX
+V7o
+upd
+Xy5
+F9o
+yEd
+6eA
+5ix
++n1
+jKF
+RB7
+PmA
+pZm
+uiQ
+jzf
+ExV
+KmB
+PGx
+RzO
+GT0
+qR5
+vLy
+lQh
+eiS
+C77
+nke
+raw
+Uyj
+A2Q
+lIa
+/Sm
+NzX
+EYk
+N3g
+oDz
+HSF
+KBa
+uB0
+o5q
+Fc1
+b1x
+7dX
+PCF
+L0a
+tG5
+Uxo
+Rr/
+Ep7
+tia
+b4D
+ZmY
+EnO
+GkL
+2dV
+N8j
+A04
+F+H
+QGB
+eP6
+nDO
+SKh
+XRj
+bUO
+DUp
+DpD
+vj+
+FJf
+77R
+v0p
+48l
+9ip
+8i/
+bqu
+wuk
+XlM
+ed3
+O4d
+6rn
+Ewk
+ggd
+ySS
+5it
+iSh
+waV
+LPf
++ic
+I/Y
+d4v
+cPX
+DPU
+HTk
+j1X
+moZ
+4f1
+mUF
+17O
+tCo
+hsJ
+T7O
+4oM
+BBM
+Bwq
+CkC
+7en
+rLa
+ALi
+9ji
+Kym
+47g
+2bZ
+H05
+xJP
+pWX
+S/k
+SEk
+wt/
+jI+
+a+o
+4Cu
+DPl
+y3X
+hIc
+YRt
+saW
+BJW
+iam
+1OT
+7sG
+Q+z
+kjT
+GAa
+6Nf
+wbR
+8Sc
+QC8
+MzD
+fVn
+kJ3
+VnX
+jT3
+45b
+z+F
+7HT
+Ave
+Q8a
+7KG
+xNn
+tPh
+E0K
+Vjp
+l36
+9Kq
+2TM
+Lye
+xQA
+RJa
+pab
+Bf/
+ST9
+zWP
+7wx
+zWf
+rEb
+X3O
+EZC
+uRD
+Vkw
+Wf1
+8BH
+/Eh
+6Lq
+nqg
+5QM
+4Gu
+X70
+8Ni
+Fpi
+wQt
+9p/
+DAu
+Qdh
+BrP
+67B
+xL6
+4Cb
+I7C
+gW4
+Lv3
+z3q
+nKf
+FV9
+zY5
+/mx
+CER
+n9m
+POi
+g2r
+8Wv
+vXt
+7ch
+6nh
+zBP
+fCw
+q0B
+oPq
+LKU
+FgD
+peX
+sNd
+J9s
+W5I
+V3y
+i/3
+Bh9
+8ZB
+YXz
+j8g
+/7X
+Mo6
+v99
+8fc
+t+E
+iHP
+scu
+qeY
+Uao
+JZ6
++Zj
+7W4
+5nG
+A9D
+Gsn
+EmZ
+0Wu
+x2t
+Tj7
+0mD
+oH/
+/21
+TiR
+Ax6
+ypP
+P+I
+q2Y
+Dzq
+h7V
+Xc/
+gss
+On/
+vU1
+Aj1
+9gz
+L+M
+Rn1
+Z55
+SMr
+A7n
+O90
+mOg
+OyE
+P+u
+GrX
+yah
+fZG
+Pbm
+pgI
+x+M
+Tbt
+fvR
+tZB
+sG3
+EcX
+yW9
+NnH
+Jfk
+4O8
+xN3
+hYP
+WXa
+BIo
+15q
+B3j
+Ybx
+1ok
+tbc
+QPo
+0hz
+aNv
++PJ
+5wt
+T47
+JLN
+cbM
+eMS
+nwK
+M8M
+B4C
+XlM
+43R
+UtK
+ws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem
new file mode 100644
index 0000000..0b5de58
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U        
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM        
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS        
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou        
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei        
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5        
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F        
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4        
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g        
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG        
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K        
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM        
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn        
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX                
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD        
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m        
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI        
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6        
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem
new file mode 100644
index 0000000..78ebd1b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem
@@ -0,0 +1,23 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6
+
+EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U
+gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM
+wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS
+3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou
+pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei
+SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5
+UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F
+Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4
+vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g
+2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG
+Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K
+q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM
+4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn
+9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX
+zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD
+oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m
+OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI
+o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem
new file mode 100644
index 0000000..60563cb
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem
@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIICLAKCAQEArjV9Th2W4p8AlmBabk0HjaV8vPmt15/V6e6mM1Hee3LSdapxd/Fj
++7bsWroNcqIaHGS45YkJbclvC3/Szp/vh1q2Zy/v7utZ9V7/qCiEnls3CRGAfAhc
+1eFIS9Jo+z+fK2tsDUgbGoDC6xEbN3nWjItyPmelBQ5Bip41ULTSQCdr/eBka1s4
+QpS1Sdrvbng3zTCJw0VQe5yM5xyYcHFdeV/v6JSFUz7voyzOGqt91l4UzVFUiZ13
+5Pgi8DUQdQVxUU+MTFwNLCy+bDTuEoKHAxkGEqiq9A08ScxwWtgy7jJQhXDoGP10
+gFMyV+5Qya7rrrYiMhZrjFna7h0z30yiPQIhAK0tbhew8+vHuO6VePIX9TMBZ7ze
+k//uQOh/8ZNtS4cTAoIBAGZv2mOljtJM1UUtdl1fzUq0GkI1hjpvqfonq94DITYK
+BynJL21JqPfG9JLXc8HYdg5hpwtulrjIyzg1EiB5pQgoNVy8UhavUroPw7FjEicL
+dKRHQ9YwuJwuQBTNmX/ojjewqT9U6WYiYUz4SQNXFDIdNz3ikviOoGpmY/Cwbgcr
+Pb/QhGqqHzB3ZeX89exVznPbvqeNOp967U+vooBMMJ4oSWVA8ANFVpmikxucRt69
+qKtfkD+3P9RvjVow4dRjOmp8jyT82RQoCeSEThdDVrjUS6IpRdMT8MJ2mwGggG6T
+Y16HJCAq/7ufqJlsp5oAuX3aZsnAcnIiDxrMI9m3Xxs=
+-----END DSA PARAMETERS-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem
new file mode 100644
index 0000000..8de7e65
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7MOIrqH+ZIJiZ
+droKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN
+2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8S
+JSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev
+/Ccmqqt81NFkb1WVejvN5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzW
+qF77u/crHufIhoEa7NkZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2I
+GLDLoA0XAgMBAAECggEAcEBMIGoWuji1ybFMtrjbL4tXBxuWhCX3ChPNSpQFctmN
+Cba7+c4GTIqaHG9cHcJ8dCgCZjpGdNYKXZKMQmgBaDVfzujr76WDsprFb3hsCbkE
+YRJ/mIa5cTH7ySaGoLf+5/lDJxcmWqiT/YmUEz8lr0yHfUCNp8HPyalUvYKafbos
+5BiXs8lr4XQ/vxL0CtVQx+5T8pmgU6CmP1jjgBqV4Y9RPewSmPNhxKAqm82JYMND
+9evNHNpZmDpwTMygwwL0oJ0DV0nq0uqzuk1ORcp7YIph7IFGcdi4n7Y4Y2U6B8Ok
+ITY684qpcXgy+qO1A8AwDEJ34wiIWb8Mi8S84KdTIQKBgQDhHmCdpWKzwLETlHQR
+V9wT3ulySmxG0t8kSgNOFRVUZNXQ0ij2v8rOJ7R0QzJ+kCqvdxJ5QHNlUFKkOFMA
+SnSy098iEz5skwRhHof7ZNa3U6oRRSauUcZcThWL+z14nhTIC1m99KpACV6fl3jj
+MVEYYpG6n7jZ0wKUGMStxT1q9QKBgQDU3pOgNLnFasMIujvXI3ARSK6xIpkBTq89
+n6pmn9XeMWs/H6wQRO5wpUXbg+/3/d4tnezrDG9Lg5aPV8ca/zJ7IP8iNyLnhiUY
+c9O6hKAW1fxddt9megzBDvsBgRzhytnv3OSpM+idgtsJ7Tvkevmt4K5j6gitpJpb
+1A1erknoWwKBgCM5zKZ+bZ5xBYRp02uvUtmtJNxkduLyNkaIalH6jJbjHG4LpKtP
+wZ1Wqy8SIMGbL4K7YCGnCyeMVRIrWhmOjQo6iwza9AarTqEf1OlqkwqmxdLj/jSC
+yUZCVa7MxoasPdY7qHRH56gTj0HrwtfSLL1jFyibu6IiGaIw6f3DAmRNAoGAL2sx
+iYOVSnPg5GXQBLnBMih1ucHSQadMhDa4F8pNMwThNhuREcK5NuCqMh8u6phj0NeY
+Ojf35uN2O5I7KTll/mW4T9/mZ5rLUqoipS78FnoukId1dneDtdHnektPqsCsUbFs
+QoDstYG713dAW0JFskUVs+4jZsL/G6ueGtRKZHcCgYEA27sBEJtHGLAgEUGSlwSA
+acmaIlKpF3EMImgWhlzRN3JC7+z8HJAhoHTxQUdnWfJt2Xl4Z+WmXvv+E7U9ofH7
+kH8fbLcaxwvylPm4hAMlhtL3EqnRDSL4hfZHBrqqf3C0Kv+C8naNxzeCNG6iHxcp
+3c7vY4BXTz0dGBGHml6qu5Y=
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown b/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown
new file mode 100644
index 0000000..632e28f
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown
@@ -0,0 +1 @@
+wellknown
diff --git a/openssl-1.1.0h/test/recipes/05-test_bf.t b/openssl-1.1.0h/test/recipes/05-test_bf.t
new file mode 100644
index 0000000..64c9609
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_bf.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_bf", "bftest", "bf");
diff --git a/openssl-1.1.0h/test/recipes/05-test_cast.t b/openssl-1.1.0h/test/recipes/05-test_cast.t
new file mode 100644
index 0000000..46c61da
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_cast.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_cast", "casttest", "cast");
diff --git a/openssl-1.1.0h/test/recipes/05-test_des.t b/openssl-1.1.0h/test/recipes/05-test_des.t
new file mode 100644
index 0000000..2e6a32b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_des.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_des", "destest", "des");
diff --git a/openssl-1.1.0h/test/recipes/05-test_hmac.t b/openssl-1.1.0h/test/recipes/05-test_hmac.t
new file mode 100644
index 0000000..2059bcc
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_hmac.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_hmac", "hmactest");
diff --git a/openssl-1.1.0h/test/recipes/05-test_idea.t b/openssl-1.1.0h/test/recipes/05-test_idea.t
new file mode 100644
index 0000000..ca2b767
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_idea.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_idea", "ideatest", "idea");
diff --git a/openssl-1.1.0h/test/recipes/05-test_md2.t b/openssl-1.1.0h/test/recipes/05-test_md2.t
new file mode 100644
index 0000000..8781af0
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_md2.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_md2", "md2test", "md2");
diff --git a/openssl-1.1.0h/test/recipes/05-test_md4.t b/openssl-1.1.0h/test/recipes/05-test_md4.t
new file mode 100644
index 0000000..59a815b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_md4.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_md4", "md4test", "md4");
diff --git a/openssl-1.1.0h/test/recipes/05-test_md5.t b/openssl-1.1.0h/test/recipes/05-test_md5.t
new file mode 100644
index 0000000..3af4d55
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_md5.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_md5", "md5test", "md5");
diff --git a/openssl-1.1.0h/test/recipes/05-test_mdc2.t b/openssl-1.1.0h/test/recipes/05-test_mdc2.t
new file mode 100644
index 0000000..181c90f
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_mdc2.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_mdc2", "mdc2test", "mdc2");
diff --git a/openssl-1.1.0h/test/recipes/05-test_rand.t b/openssl-1.1.0h/test/recipes/05-test_rand.t
new file mode 100644
index 0000000..3b175fa
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_rand.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_rand", "randtest", "rand");
diff --git a/openssl-1.1.0h/test/recipes/05-test_rc2.t b/openssl-1.1.0h/test/recipes/05-test_rc2.t
new file mode 100644
index 0000000..77d9382
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_rc2.t
@@ -0,0 +1,11 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_rc2", "rc2test", "rc2");
diff --git a/openssl-1.1.0h/test/recipes/05-test_rc4.t b/openssl-1.1.0h/test/recipes/05-test_rc4.t
new file mode 100644
index 0000000..a26c9b8
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_rc4.t
@@ -0,0 +1,11 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_rc4", "rc4test", "rc4");
diff --git a/openssl-1.1.0h/test/recipes/05-test_rc5.t b/openssl-1.1.0h/test/recipes/05-test_rc5.t
new file mode 100644
index 0000000..fda0cd2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_rc5.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_rc5", "rc5test", "rc5");
diff --git a/openssl-1.1.0h/test/recipes/05-test_rmd.t b/openssl-1.1.0h/test/recipes/05-test_rmd.t
new file mode 100644
index 0000000..b1112e1
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_rmd.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_rmd", "rmdtest", "rmd");
diff --git a/openssl-1.1.0h/test/recipes/05-test_sha1.t b/openssl-1.1.0h/test/recipes/05-test_sha1.t
new file mode 100644
index 0000000..21bb74e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_sha1.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_sha1", "sha1test", "sha");
diff --git a/openssl-1.1.0h/test/recipes/05-test_sha256.t b/openssl-1.1.0h/test/recipes/05-test_sha256.t
new file mode 100644
index 0000000..071a45c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_sha256.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_sha256", "sha256t", "sha");
diff --git a/openssl-1.1.0h/test/recipes/05-test_sha512.t b/openssl-1.1.0h/test/recipes/05-test_sha512.t
new file mode 100644
index 0000000..4ce585c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_sha512.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_sha512", "sha512t", "sha");
diff --git a/openssl-1.1.0h/test/recipes/05-test_wp.t b/openssl-1.1.0h/test/recipes/05-test_wp.t
new file mode 100644
index 0000000..a042898
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/05-test_wp.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_wp", "wp_test", "whirlpool");
diff --git a/openssl-1.1.0h/test/recipes/10-test_bn.t b/openssl-1.1.0h/test/recipes/10-test_bn.t
new file mode 100644
index 0000000..13f278e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/10-test_bn.t
@@ -0,0 +1,84 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use Math::BigInt;
+
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_bn");
+
+plan tests => 3;
+
+require_ok(srctop_file("test","recipes","bc.pl"));
+
+my $testresults = "tmp.bntest";
+my $init = ok(run(test(["bntest"], stdout => $testresults)), 'initialize');
+
+ SKIP: {
+     skip "Initializing failed, skipping", 1 if !$init;
+
+     subtest 'Checking the bn results' => sub {
+	 my @lines = ();
+	 if (open DATA, $testresults) {
+	     @lines = <DATA>;
+	     close DATA;
+	 }
+	 map { s/\R//; } @lines;	# chomp(@lines);
+
+	 plan tests => scalar grep(/^print /, @lines);
+
+	 my $l = "";
+
+	 while (scalar @lines) {
+	     $l = shift @lines;
+
+	     last if $l =~ /^print /;
+	 }
+
+	 while (1) {
+	     $l =~ s/^print "//;
+	     $l =~ s/\\n"//;
+	     my $t = $l;
+	     my @operations = ();
+
+	     $l = undef;
+	     while (scalar @lines) {
+		 $l = shift @lines;
+
+		 last if $l =~ /^print /;
+		 push @operations, $l;
+		 $l = undef;
+	     }
+
+	     ok(check_operations(@operations), "verify $t");
+
+	     last unless $l;
+	 }
+     };
+ }
+
+unlink $testresults;
+
+sub check_operations {
+    my $failcount = 0;
+
+    foreach my $line (@_) {
+	my $result = calc(split /\s+/, $line);
+
+	if ($result ne "0" && $result ne "0x0") {
+	    $failcount++;
+	    print STDERR "Failed! $line => $result\n";
+	}
+    }
+
+    return $failcount == 0;
+}
diff --git a/openssl-1.1.0h/test/recipes/10-test_exp.t b/openssl-1.1.0h/test/recipes/10-test_exp.t
new file mode 100644
index 0000000..7e999c4
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/10-test_exp.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_exp", "exptest");
diff --git a/openssl-1.1.0h/test/recipes/15-test_dh.t b/openssl-1.1.0h/test/recipes/15-test_dh.t
new file mode 100644
index 0000000..60cb54c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_dh.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_dh", "dhtest", "dh");
diff --git a/openssl-1.1.0h/test/recipes/15-test_dsa.t b/openssl-1.1.0h/test/recipes/15-test_dsa.t
new file mode 100644
index 0000000..2fd236e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_dsa.t
@@ -0,0 +1,40 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_dsa");
+
+plan tests => 6;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+ok(run(test(["dsatest"])), "running dsatest");
+ok(run(test(["dsatest", "-app2_1"])), "running dsatest -app2_1");
+
+ SKIP: {
+     skip "Skipping dsa conversion test", 3
+	 if disabled("dsa");
+
+     subtest 'dsa conversions -- private key' => sub {
+	 tconversion("dsa", srctop_file("test","testdsa.pem"));
+     };
+     subtest 'dsa conversions -- private key PKCS#8' => sub {
+	 tconversion("dsa", srctop_file("test","testdsa.pem"), "pkey");
+     };
+     subtest 'dsa conversions -- public key' => sub {
+	 tconversion("msb", srctop_file("test","testdsapub.pem"), "dsa",
+		         "-pubin", "-pubout");
+     };
+}
diff --git a/openssl-1.1.0h/test/recipes/15-test_ec.t b/openssl-1.1.0h/test/recipes/15-test_ec.t
new file mode 100644
index 0000000..a1c704a
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_ec.t
@@ -0,0 +1,38 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_ec");
+
+plan tests => 5;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+ok(run(test(["ectest"])), "running ectest");
+
+ SKIP: {
+     skip "Skipping ec conversion test", 3
+	 if disabled("ec");
+
+     subtest 'ec conversions -- private key' => sub {
+	 tconversion("ec", srctop_file("test","testec-p256.pem"));
+     };
+     subtest 'ec conversions -- private key PKCS#8' => sub {
+	 tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey");
+     };
+     subtest 'ec conversions -- public key' => sub {
+	 tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout");
+     };
+}
diff --git a/openssl-1.1.0h/test/recipes/15-test_ecdsa.t b/openssl-1.1.0h/test/recipes/15-test_ecdsa.t
new file mode 100644
index 0000000..82a8559
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_ecdsa.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_ecdsa", "ecdsatest", "ec");
diff --git a/openssl-1.1.0h/test/recipes/15-test_genrsa.t b/openssl-1.1.0h/test/recipes/15-test_genrsa.t
new file mode 100644
index 0000000..cc74e30
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_genrsa.t
@@ -0,0 +1,26 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_genrsa");
+
+plan tests => 5;
+
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
+unlink 'genrsatest.pem';
diff --git a/openssl-1.1.0h/test/recipes/15-test_rsa.t b/openssl-1.1.0h/test/recipes/15-test_rsa.t
new file mode 100644
index 0000000..5988821
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_rsa.t
@@ -0,0 +1,47 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_rsa");
+
+plan tests => 6;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+ok(run(test(["rsa_test"])), "running rsatest");
+
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check");
+
+ SKIP: {
+     skip "Skipping rsa conversion test", 3
+	 if disabled("rsa");
+
+     subtest 'rsa conversions -- private key' => sub {
+	 tconversion("rsa", srctop_file("test","testrsa.pem"));
+     };
+     subtest 'rsa conversions -- private key PKCS#8' => sub {
+	 tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey");
+     };
+}
+
+ SKIP: {
+     skip "Skipping msblob conversion test", 1
+	 if disabled("rsa") || disabled("dsa");
+
+     subtest 'rsa conversions -- public key' => sub {
+	 tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa",
+		     "-pubin", "-pubout");
+     };
+}
diff --git a/openssl-1.1.0h/test/recipes/15-test_rsapss.t b/openssl-1.1.0h/test/recipes/15-test_rsapss.t
new file mode 100644
index 0000000..34accaa
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/15-test_rsapss.t
@@ -0,0 +1,49 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_rsapss");
+
+plan tests => 5;
+
+#using test/testrsa.pem which happens to be a 512 bit RSA
+ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+            '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -sign");
+
+with({ exit_checker => sub { return shift == 1; } },
+     sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+                       '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -sign, expect to fail gracefully");
+           ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
+                       '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -sign, expect to fail gracefully");
+           ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
+                       '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+                       '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+                       srctop_file('test', 'testrsa.pem')])),
+              "openssl dgst -prverify, expect to fail gracefully");
+         });
+
+ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
+            '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2',
+            '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
+            srctop_file('test', 'testrsa.pem')])),
+   "openssl dgst -prverify");
+unlink 'testrsapss.sig';
diff --git a/openssl-1.1.0h/test/recipes/20-test_enc.t b/openssl-1.1.0h/test/recipes/20-test_enc.t
new file mode 100644
index 0000000..88a5890
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/20-test_enc.t
@@ -0,0 +1,69 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec::Functions qw/catfile/;
+use File::Copy;
+use File::Compare qw/compare_text/;
+use File::Basename;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_enc");
+
+# We do it this way, because setup() may have moved us around,
+# so the directory portion of $0 might not be correct any more.
+# However, the name hasn't changed.
+my $testsrc = srctop_file("test","recipes",basename($0));
+
+my $test = catfile(".", "p");
+
+my $cmd = "openssl";
+
+my @ciphers =
+    map { s/^\s+//; s/\s+$//; split /\s+/ }
+    run(app([$cmd, "list", "-cipher-commands"]), capture => 1);
+
+plan tests => 1 + (scalar @ciphers)*2;
+
+my $init = ok(copy($testsrc,$test));
+
+if (!$init) {
+    diag("Trying to copy $testsrc to $test : $!");
+}
+
+ SKIP: {
+     skip "Not initialized, skipping...", 11 unless $init;
+
+     foreach my $c (@ciphers) {
+	 my %variant = ("$c" => [],
+			"$c base64" => [ "-a" ]);
+
+	 foreach my $t (sort keys %variant) {
+	     my $cipherfile = "$test.$c.cipher";
+	     my $clearfile = "$test.$c.clear";
+	     my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" );
+	     my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" );
+	     if ($c eq "cat") {
+		 $cipherfile = "$test.cipher";
+		 $clearfile = "$test.clear";
+		 @e = ( "enc", @{$variant{$t}}, "-e" );
+		 @d = ( "enc", @{$variant{$t}}, "-d" );
+	     }
+
+	     ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
+		&& run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
+		&& compare_text($test,$clearfile) == 0, $t);
+	     unlink $cipherfile, $clearfile;
+	 }
+     }
+}
+
+unlink $test;
diff --git a/openssl-1.1.0h/test/recipes/20-test_passwd.t b/openssl-1.1.0h/test/recipes/20-test_passwd.t
new file mode 100644
index 0000000..cf9c2cc
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/20-test_passwd.t
@@ -0,0 +1,39 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup("test_passwd");
+
+plan tests => disabled("des") ? 4 : 6;
+
+ok(compare1stline([qw{openssl passwd password}], '^.{13}\R$'),
+   'crypt password with random salt') if !disabled("des");
+ok(compare1stline([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
+   'BSD style MD5 password with random salt');
+ok(compare1stline([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
+   'Apache style MD5 password with random salt');
+ok(compare1stline([qw{openssl passwd -salt xx password}], '^xxj31ZMTZzkVA\R$'),
+   'crypt password with salt xx') if !disabled("des");
+ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '^\$1\$xxxxxxxx\$UYCIxa628\.9qXjpQCjM4a\.\R$'),
+   'BSD style MD5 password with salt xxxxxxxx');
+ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '^\$apr1\$xxxxxxxx\$dxHfLAsjHkDRmG83UXe8K0\R$'),
+   'Apache style MD5 password with salt xxxxxxxx');
+
+
+sub compare1stline {
+    my ($cmdarray, $regexp) = @_;
+    my @lines = run(app($cmdarray), capture => 1);
+
+    return $lines[0] =~ m|$regexp|;
+}
diff --git a/openssl-1.1.0h/test/recipes/25-test_crl.t b/openssl-1.1.0h/test/recipes/25-test_crl.t
new file mode 100644
index 0000000..e8ce5f8
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_crl.t
@@ -0,0 +1,43 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_crl");
+
+plan tests => 5;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+subtest 'crl conversions' => sub {
+    tconversion("crl", srctop_file("test","testcrl.pem"));
+};
+
+ok(run(test(['crltest'])));
+
+ok(compare1stline([qw{openssl crl -noout -fingerprint -in},
+                   srctop_file('test', 'testcrl.pem')],
+                  'SHA1 Fingerprint=BA:F4:1B:AD:7A:9B:2F:09:16:BC:60:A7:0E:CE:79:2E:36:00:E7:B2'));
+ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in},
+                   srctop_file('test', 'testcrl.pem')],
+                  'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B'));
+
+sub compare1stline {
+    my ($cmdarray, $str) = @_;
+    my @lines = run(app($cmdarray), capture => 1);
+
+    return 1 if $lines[0] =~ m|^\Q${str}\E\R$|;
+    note "Got      ", $lines[0];
+    note "Expected ", $str;
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/recipes/25-test_d2i.t b/openssl-1.1.0h/test/recipes/25-test_d2i.t
new file mode 100644
index 0000000..688c8ed
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_d2i.t
@@ -0,0 +1,93 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_d2i");
+
+plan tests => 14;
+
+ok(run(test(["d2i_test", "X509", "decode",
+             srctop_file('test','d2i-tests','bad_cert.der')])),
+   "Running d2i_test bad_cert.der");
+
+ok(run(test(["d2i_test", "GENERAL_NAME", "decode",
+             srctop_file('test','d2i-tests','bad_generalname.der')])),
+   "Running d2i_test bad_generalname.der");
+
+ok(run(test(["d2i_test", "ASN1_ANY", "BIO",
+             srctop_file('test','d2i-tests','bad_bio.der')])),
+   "Running d2i_test bad_bio.der");
+# This test checks CVE-2016-2108. The data consists of an tag 258 and
+# two zero content octets. This is parsed as an ASN1_ANY type. If the
+# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content
+# octets will be reject as invalid padding and this test will fail.
+# If the type is correctly interpreted it will by treated as an ASN1_STRING
+# type and the content octets copied verbatim.
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+             srctop_file('test','d2i-tests','high_tag.der')])),
+   "Running d2i_test high_tag.der");
+
+# Above test data but interpreted as ASN.1 INTEGER: this will be rejected
+# because the tag is invalid.
+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
+             srctop_file('test','d2i-tests','high_tag.der')])),
+   "Running d2i_test high_tag.der INTEGER");
+
+# Parse valid 0, 1 and -1 ASN.1 INTEGER as INTEGER or ANY.
+
+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
+             srctop_file('test','d2i-tests','int0.der')])),
+   "Running d2i_test int0.der INTEGER");
+
+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
+             srctop_file('test','d2i-tests','int1.der')])),
+   "Running d2i_test int1.der INTEGER");
+
+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
+             srctop_file('test','d2i-tests','intminus1.der')])),
+   "Running d2i_test intminus1.der INTEGER");
+
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+             srctop_file('test','d2i-tests','int0.der')])),
+   "Running d2i_test int0.der ANY");
+
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+             srctop_file('test','d2i-tests','int1.der')])),
+   "Running d2i_test int1.der ANY");
+
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+             srctop_file('test','d2i-tests','intminus1.der')])),
+   "Running d2i_test intminus1.der ANY");
+
+# Integers with illegal additional padding.
+
+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
+             srctop_file('test','d2i-tests','bad-int-pad0.der')])),
+   "Running d2i_test bad-int-pad0.der INTEGER");
+
+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
+             srctop_file('test','d2i-tests','bad-int-padminus1.der')])),
+   "Running d2i_test bad-int-padminus1.der INTEGER");
+
+SKIP: {
+  skip "No CMS support in this configuration", 1 if disabled("cms");
+
+  # Invalid CMS structure with decode error in CHOICE value.
+  # Test for CVE-2016-7053
+
+  ok(run(test(["d2i_test", "CMS_ContentInfo", "decode",
+               srctop_file('test','d2i-tests','bad-cms.der')])),
+     "Running d2i_test bad-cms.der CMS ContentInfo");
+}
diff --git a/openssl-1.1.0h/test/recipes/25-test_pkcs7.t b/openssl-1.1.0h/test/recipes/25-test_pkcs7.t
new file mode 100644
index 0000000..724326b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_pkcs7.t
@@ -0,0 +1,27 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_pkcs7");
+
+plan tests => 3;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+subtest 'pkcs7 conversions -- pkcs7' => sub {
+    tconversion("p7", srctop_file("test", "testp7.pem"), "pkcs7");
+};
+subtest 'pkcs7 conversions -- pkcs7d' => sub {
+    tconversion("p7d", srctop_file("test", "pkcs7-1.pem"), "pkcs7");
+};
diff --git a/openssl-1.1.0h/test/recipes/25-test_req.t b/openssl-1.1.0h/test/recipes/25-test_req.t
new file mode 100644
index 0000000..bcc1025
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_req.t
@@ -0,0 +1,76 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_req");
+
+plan tests => 4;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+open RND, ">>", ".rnd";
+print RND "string to make the random number generator think it has entropy";
+close RND;
+subtest "generating certificate requests" => sub {
+    my @req_new;
+    if (disabled("rsa")) {
+	@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
+    } else {
+	@req_new = ("-new");
+	note("There should be a 2 sequences of .'s and some +'s.");
+	note("There should not be more that at most 80 per line");
+    }
+
+    plan tests => 2;
+
+    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+		@req_new, "-out", "testreq.pem"])),
+       "Generating request");
+
+    ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+		"-verify", "-in", "testreq.pem", "-noout"])),
+       "Verifying signature on request");
+};
+
+my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
+
+run_conversion('req conversions',
+	       "testreq.pem");
+run_conversion('req conversions -- testreq2',
+	       srctop_file("test", "testreq2.pem"));
+
+unlink "testkey.pem", "testreq.pem";
+
+sub run_conversion {
+    my $title = shift;
+    my $reqfile = shift;
+
+    subtest $title => sub {
+	run(app(["openssl", @openssl_args,
+		 "-in", $reqfile, "-inform", "p",
+		 "-noout", "-text"],
+		stderr => "req-check.err", stdout => undef));
+	open DATA, "req-check.err";
+      SKIP: {
+	  plan skip_all => "skipping req conversion test for $reqfile"
+	      if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
+
+	  tconversion("req", $reqfile, @openssl_args);
+	}
+	close DATA;
+	unlink "req-check.err";
+
+	done_testing();
+    };
+}
diff --git a/openssl-1.1.0h/test/recipes/25-test_sid.t b/openssl-1.1.0h/test/recipes/25-test_sid.t
new file mode 100644
index 0000000..b13cb5c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_sid.t
@@ -0,0 +1,24 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_sid");
+
+plan tests => 2;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+subtest 'sid conversions' => sub {
+    tconversion("sid", srctop_file("test","testsid.pem"), "sess_id");
+};
diff --git a/openssl-1.1.0h/test/recipes/25-test_verify.t b/openssl-1.1.0h/test/recipes/25-test_verify.t
new file mode 100644
index 0000000..11bd430
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_verify.t
@@ -0,0 +1,380 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec::Functions qw/canonpath/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_verify");
+
+sub verify {
+    my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
+    my @args = qw(openssl verify -auth_level 1 -purpose);
+    my @path = qw(test certs);
+    push(@args, "$purpose", @opts);
+    for (@$trusted) {
+        push(@args, "-trusted", srctop_file(@path, "$_.pem"))
+    }
+    for (@$untrusted) {
+        push(@args, "-untrusted", srctop_file(@path, "$_.pem"))
+    }
+    push(@args, srctop_file(@path, "$cert.pem"));
+    run(app([@args]));
+}
+
+plan tests => 127;
+
+# Canonical success
+ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
+   "accept compat trust");
+
+# Root CA variants
+ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
+   "fail trusted non-ca root");
+ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
+   "fail server trust non-ca root");
+ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]),
+   "fail wildcard trust non-ca root");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]),
+   "fail wrong root key");
+ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
+   "fail wrong root DN");
+
+# Explicit trust/purpose combinations
+#
+ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]),
+   "accept server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]),
+   "fail client purpose");
+ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]),
+   "accept server trust");
+ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]),
+   "accept server trust with server purpose");
+ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]),
+   "accept server trust with client purpose");
+# Wildcard trust
+ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust");
+ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust with server purpose");
+ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust with client purpose");
+# Inapplicable mistrust
+ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]),
+   "accept client mistrust");
+ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]),
+   "accept client mistrust with server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]),
+   "fail client mistrust with client purpose");
+# Inapplicable trust
+ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]),
+   "fail client trust");
+ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]),
+   "fail client trust with server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]),
+   "fail client trust with client purpose");
+# Server mistrust
+ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]),
+   "fail rejected EKU");
+ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]),
+   "fail server mistrust with server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]),
+   "fail server mistrust with client purpose");
+# Wildcard mistrust
+ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust");
+ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust with server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust with client purpose");
+
+# Check that trusted-first is on by setting up paths to different roots
+# depending on whether the intermediate is the trusted or untrusted one.
+#
+ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)],
+          [qw(ca-cert)]),
+   "accept trusted-first path");
+ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)],
+          [qw(ca-cert)]),
+   "accept trusted-first path with server trust");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)],
+           [qw(ca-cert)]),
+   "fail trusted-first path with server mistrust");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)],
+           [qw(ca-cert)]),
+   "fail trusted-first path with client trust");
+
+# CA variants
+ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]),
+   "fail non-CA untrusted intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]),
+   "fail non-CA untrusted intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []),
+   "fail non-CA trust-store intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []),
+   "fail non-CA trust-store intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []),
+   "fail non-CA server trust intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []),
+   "fail non-CA wildcard trust intermediate");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]),
+   "fail wrong intermediate CA key");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]),
+   "fail wrong intermediate CA DN");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]),
+   "fail wrong intermediate CA issuer");
+ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
+   "fail untrusted partial chain");
+ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
+   "accept trusted partial chain");
+ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
+   "accept partial chain with server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
+   "fail partial chain with client purpose");
+ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"),
+   "accept server trust partial chain");
+ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"),
+   "accept server trust client purpose partial chain");
+ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"),
+   "accept client mistrust partial chain");
+ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"),
+   "accept wildcard trust partial chain");
+ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"),
+   "fail untrusted partial issuer with ignored server trust");
+ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"),
+   "fail server mistrust partial chain");
+ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"),
+   "fail client trust partial chain");
+ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"),
+   "fail wildcard mistrust partial chain");
+
+# We now test auxiliary trust even for intermediate trusted certs without
+# -partial_chain.  Note that "-trusted_first" is now always on and cannot
+# be disabled.
+ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]),
+   "accept server trust");
+ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust");
+ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]),
+   "accept server purpose");
+ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)],
+          [qw(ca-cert)]),
+   "accept server trust and purpose");
+ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust and server purpose");
+ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)],
+          [qw(ca-cert)]),
+   "accept client mistrust and server purpose");
+ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)],
+          [qw(ca-cert)]),
+   "accept server trust and client purpose");
+ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]),
+   "accept wildcard trust and client purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]),
+   "fail client purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)],
+           [qw(ca-cert)]),
+   "fail server mistrust");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)],
+           [qw(ca-cert)]),
+   "fail client trust");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)],
+           [qw(ca-cert)]),
+   "fail client trust and server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)],
+           [qw(ca-cert)]),
+   "fail client trust and client purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)],
+           [qw(ca-cert)]),
+   "fail server mistrust and client purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)],
+           [qw(ca-cert)]),
+   "fail client mistrust and client purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)],
+           [qw(ca-cert)]),
+   "fail server mistrust and server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust and server purpose");
+ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]),
+   "fail wildcard mistrust and client purpose");
+
+# EE variants
+ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
+   "accept client chain");
+ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+   "fail server leaf purpose");
+ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
+   "fail client leaf purpose");
+ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+   "fail wrong intermediate CA key");
+ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+   "fail wrong intermediate CA DN");
+ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+   "fail expired leaf");
+ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"),
+   "accept last-resort direct leaf match");
+ok(verify("ee-client", "sslclient", [qw(ee-client)], [], "-partial_chain"),
+   "accept last-resort direct leaf match");
+ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
+   "fail last-resort direct leaf non-match");
+ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
+   "accept direct match with server trust");
+ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
+   "fail direct match with server mistrust");
+ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
+   "accept direct match with client trust");
+ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
+   "reject direct match with client mistrust");
+
+# Proxy certificates
+ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
+   "fail to accept proxy cert without -allow_proxy_certs");
+ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
+          "-allow_proxy_certs"),
+   "accept proxy cert 1");
+ok(verify("pc2-cert", "sslclient", [qw(root-cert)],
+          [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
+   "accept proxy cert 2");
+ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)],
+           [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
+   "fail proxy cert with incorrect subject");
+ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)],
+           [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
+   "fail proxy cert with incorrect pathlen");
+ok(verify("pc5-cert", "sslclient", [qw(root-cert)],
+          [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
+   "accept proxy cert missing proxy policy");
+ok(!verify("pc6-cert", "sslclient", [qw(root-cert)],
+           [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"),
+   "failed proxy cert where last CN was added as a multivalue RDN component");
+
+# Security level tests
+ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
+          "-auth_level", "2"),
+   "accept RSA 2048 chain at auth level 2");
+ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
+           "-auth_level", "3"),
+   "reject RSA 2048 root at auth level 3");
+ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"],
+          "-auth_level", "0"),
+   "accept RSA 768 root at auth level 0");
+ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]),
+   "reject RSA 768 root at auth level 1");
+ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"],
+          "-auth_level", "0"),
+   "accept RSA 768 intermediate at auth level 0");
+ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]),
+   "reject RSA 768 intermediate at auth level 1");
+ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"],
+          "-auth_level", "0"),
+   "accept RSA 768 leaf at auth level 0");
+ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]),
+   "reject RSA 768 leaf at auth level 1");
+#
+ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"],
+          "-auth_level", "2"),
+   "accept md5 self-signed TA at auth level 2");
+ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [],
+          "-auth_level", "2"),
+   "accept md5 intermediate TA at auth level 2");
+ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"],
+          "-auth_level", "0"),
+   "accept md5 intermediate at auth level 0");
+ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]),
+   "reject md5 intermediate at auth level 1");
+ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"],
+          "-auth_level", "0"),
+   "accept md5 leaf at auth level 0");
+ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
+   "reject md5 leaf at auth level 1");
+
+# Depth tests, note the depth limit bounds the number of CA certificates
+# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
+# chain, depth = 1 is sufficient, but depth == 0 is not.
+#
+ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
+          "-verify_depth", "2"),
+   "accept chain with verify_depth 2");
+ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
+          "-verify_depth", "1"),
+   "accept chain with verify_depth 1");
+ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"],
+           "-verify_depth", "0"),
+   "accept chain with verify_depth 0");
+ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [],
+          "-verify_depth", "0"),
+   "accept md5 intermediate TA with verify_depth 0");
+
+# Name Constraints tests.
+
+ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints everything permitted");
+
+ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
+   "Name Constraints nothing excluded");
+
+ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+   "Name Constraints nested test all permitted");
+
+ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints hostname not permitted");
+
+ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
+   "Name Constraints hostname excluded");
+
+ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints email address not permitted");
+
+ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints subject email address not permitted");
+
+ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints IP address not permitted");
+
+ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints CN hostname not permitted");
+
+ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+   "Name Constraints CN BMPSTRING hostname not permitted");
+
+ok(!verify("badalt8-cert", "sslserver", ["root-cert"],
+           ["ncca1-cert", "ncca3-cert"], ),
+   "Name constaints nested DNS name not permitted 1");
+
+ok(!verify("badalt9-cert", "sslserver", ["root-cert"],
+           ["ncca1-cert", "ncca3-cert"], ),
+   "Name constaints nested DNS name not permitted 2");
+
+ok(!verify("badalt10-cert", "sslserver", ["root-cert"],
+           ["ncca1-cert", "ncca3-cert"], ),
+   "Name constaints nested DNS name excluded");
+
+ok(!verify("many-names1", "sslserver", ["many-constraints"],
+           ["many-constraints"], ),
+   "Too many names and constraints to check (1)");
+ok(!verify("many-names2", "sslserver", ["many-constraints"],
+           ["many-constraints"], ),
+   "Too many names and constraints to check (2)");
+ok(!verify("many-names3", "sslserver", ["many-constraints"],
+           ["many-constraints"], ),
+   "Too many names and constraints to check (3)");
+
+ok(verify("some-names1", "sslserver", ["many-constraints"],
+          ["many-constraints"], ),
+   "Not too many names and constraints to check (1)");
+ok(verify("some-names2", "sslserver", ["many-constraints"],
+          ["many-constraints"], ),
+   "Not too many names and constraints to check (2)");
+ok(verify("some-names2", "sslserver", ["many-constraints"],
+          ["many-constraints"], ),
+   "Not too many names and constraints to check (3)");
diff --git a/openssl-1.1.0h/test/recipes/25-test_x509.t b/openssl-1.1.0h/test/recipes/25-test_x509.t
new file mode 100644
index 0000000..98a8d32
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/25-test_x509.t
@@ -0,0 +1,34 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_x509");
+
+plan tests => 5;
+
+require_ok(srctop_file('test','recipes','tconversion.pl'));
+
+subtest 'x509 -- x.509 v1 certificate' => sub {
+    tconversion("x509", srctop_file("test","testx509.pem"));
+};
+subtest 'x509 -- first x.509 v3 certificate' => sub {
+    tconversion("x509", srctop_file("test","v3-cert1.pem"));
+};
+subtest 'x509 -- second x.509 v3 certificate' => sub {
+    tconversion("x509", srctop_file("test","v3-cert2.pem"));
+};
+
+subtest 'x509 -- pathlen' => sub {
+    ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")])));
+}
diff --git a/openssl-1.1.0h/test/recipes/30-test_afalg.t b/openssl-1.1.0h/test/recipes/30-test_afalg.t
new file mode 100644
index 0000000..c8cb67b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/30-test_afalg.t
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
+use OpenSSL::Test::Utils;
+
+my $test_name = "test_afalg";
+setup($test_name);
+
+plan skip_all => "$test_name not supported for this build"
+    if disabled("afalgeng");
+
+plan tests => 1;
+
+$ENV{OPENSSL_ENGINES} = bldtop_dir("engines/afalg");
+
+ok(run(test(["afalgtest"])), "running afalgtest");
diff --git a/openssl-1.1.0h/test/recipes/30-test_engine.t b/openssl-1.1.0h/test/recipes/30-test_engine.t
new file mode 100644
index 0000000..03c96cd
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/30-test_engine.t
@@ -0,0 +1,18 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+
+setup("test_engine");
+
+plan tests => 1;
+ok(run(test(["enginetest"])), "running enginetest");
diff --git a/openssl-1.1.0h/test/recipes/30-test_evp.t b/openssl-1.1.0h/test/recipes/30-test_evp.t
new file mode 100644
index 0000000..c277fcd
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/30-test_evp.t
@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_evp");
+
+plan tests => 1;
+ok(run(test(["evp_test", srctop_file("test", "evptests.txt")])),
+   "running evp_test evptests.txt");
diff --git a/openssl-1.1.0h/test/recipes/30-test_evp_extra.t b/openssl-1.1.0h/test/recipes/30-test_evp_extra.t
new file mode 100644
index 0000000..9a656b0
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/30-test_evp_extra.t
@@ -0,0 +1,18 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+
+setup("test_evp_extra");
+
+plan tests => 1;
+ok(run(test(["evp_extra_test"])), "running evp_extra_test");
diff --git a/openssl-1.1.0h/test/recipes/30-test_pbelu.t b/openssl-1.1.0h/test/recipes/30-test_pbelu.t
new file mode 100644
index 0000000..38b2d48
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/30-test_pbelu.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_pbelu", "pbelutest");
diff --git a/openssl-1.1.0h/test/recipes/40-test_rehash.t b/openssl-1.1.0h/test/recipes/40-test_rehash.t
new file mode 100644
index 0000000..191897e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/40-test_rehash.t
@@ -0,0 +1,98 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec::Functions;
+use File::Copy;
+use File::Basename;
+use OpenSSL::Glob;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_rehash");
+
+#If "openssl rehash -help" fails it's most likely because we're on a platform
+#that doesn't support the rehash command (e.g. Windows)
+plan skip_all => "test_rehash is not available on this platform"
+    unless run(app(["openssl", "rehash", "-help"]));
+
+plan tests => 4;
+
+indir "rehash.$$" => sub {
+    prepare();
+    ok(run(app(["openssl", "rehash", curdir()])),
+       'Testing normal rehash operations');
+}, create => 1, cleanup => 1;
+
+indir "rehash.$$" => sub {
+    prepare(sub { chmod 400, $_ foreach (@_); });
+    ok(run(app(["openssl", "rehash", curdir()])),
+       'Testing rehash operations on readonly files');
+}, create => 1, cleanup => 1;
+
+indir "rehash.$$" => sub {
+    ok(run(app(["openssl", "rehash", curdir()])),
+       'Testing rehash operations on empty directory');
+}, create => 1, cleanup => 1;
+
+indir "rehash.$$" => sub {
+    prepare();
+    chmod 0500, curdir();
+  SKIP: {
+      if (open(FOO, ">unwritable.txt")) {
+          close FOO;
+          skip "It's pointless to run the next test as root", 1;
+      }
+      isnt(run(app(["openssl", "rehash", curdir()])), 1,
+           'Testing rehash operations on readonly directory');
+    }
+    chmod 0700, curdir();       # make it writable again, so cleanup works
+}, create => 1, cleanup => 1;
+
+sub prepare {
+    my @pemsourcefiles = sort glob(srctop_file('test', "*.pem"));
+    my @destfiles = ();
+
+    die "There are no source files\n" if scalar @pemsourcefiles == 0;
+
+    my $cnt = 0;
+    foreach (@pemsourcefiles) {
+        my $basename = basename($_, ".pem");
+        my $writing = 0;
+
+        open PEM, $_ or die "Can't read $_: $!\n";
+        while (my $line = <PEM>) {
+            if ($line =~ m{^-----BEGIN (?:CERTIFICATE|X509 CRL)-----}) {
+                die "New start in a PEM blob?\n" if $writing;
+                $cnt++;
+                my $destfile =
+                    catfile(curdir(),
+                            $basename . sprintf("-%02d", $cnt) . ".pem");
+                push @destfiles, $destfile;
+                open OUT, '>', $destfile
+                    or die "Can't write $destfile\n";
+                $writing = 1;
+            }
+            print OUT $line if $writing;
+            if ($line =~ m|^-----END |) {
+                close OUT if $writing;
+                $writing = 0;
+            }
+        }
+        die "No end marker in $basename\n" if $writing;
+    }
+    die "No test PEM files produced\n" if $cnt == 0;
+
+    foreach (@_) {
+        die "Internal error, argument is not CODE"
+            unless (ref($_) eq 'CODE');
+        $_->(@destfiles);
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/60-test_x509_store.t b/openssl-1.1.0h/test/recipes/60-test_x509_store.t
new file mode 100644
index 0000000..041aa09
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/60-test_x509_store.t
@@ -0,0 +1,53 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Copy;
+use File::Spec::Functions qw/:DEFAULT canonpath/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_x509_store");
+
+#If "openssl rehash -help" fails it's most likely because we're on a platform
+#that doesn't support the rehash command (e.g. Windows)
+plan skip_all => "test_rehash is not available on this platform"
+    unless run(app(["openssl", "rehash", "-help"]));
+
+# We use 'openssl verify' for these tests, as it contains everything
+# we need to conduct these tests.  The tests here are a subset of the
+# ones found in 25-test_verify.t
+
+sub verify {
+    my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
+    my @args = qw(openssl verify -auth_level 1 -purpose);
+    my @path = qw(test certs);
+    push(@args, "$purpose", @opts);
+    push(@args, "-CApath", $trustedpath);
+    for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
+    push(@args, srctop_file(@path, "$cert.pem"));
+    run(app([@args]));
+}
+
+plan tests => 3;
+
+indir "60-test_x509_store" => sub {
+    for (("root-cert")) {
+        copy(srctop_file("test", "certs", "$_.pem"), curdir());
+    }
+    ok(run(app([qw(openssl rehash), curdir()])), "Rehashing");
+
+    # Canonical success
+    ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"),
+       "verify ee-cert");
+
+    # Failure because root cert not present in CApath
+    ok(!verify("ca-root2", "any", curdir(), [], "-show_chain"));
+}, create => 1, cleanup => 1;
diff --git a/openssl-1.1.0h/test/recipes/70-test_asyncio.t b/openssl-1.1.0h/test/recipes/70-test_asyncio.t
new file mode 100644
index 0000000..3c15c3d
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_asyncio.t
@@ -0,0 +1,21 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_asyncio");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["asynciotest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running asynciotest");
diff --git a/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t b/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t
new file mode 100644
index 0000000..a20db77
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t
@@ -0,0 +1,20 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup("test_bad_dtls");
+
+plan skip_all => "DTLSv1 is not supported by this OpenSSL build"
+    if disabled("dtls1");
+
+plan tests => 1;
+
+ok(run(test(["bad_dtls_test"])), "running bad_dtls_test");
diff --git a/openssl-1.1.0h/test/recipes/70-test_clienthello.t b/openssl-1.1.0h/test/recipes/70-test_clienthello.t
new file mode 100644
index 0000000..ef0868f
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_clienthello.t
@@ -0,0 +1,20 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup("test_clienthello");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["clienthellotest"])), "running clienthellotest");
diff --git a/openssl-1.1.0h/test/recipes/70-test_packet.t b/openssl-1.1.0h/test/recipes/70-test_packet.t
new file mode 100644
index 0000000..9bc6515
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_packet.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_packet", "packettest");
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t b/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t
new file mode 100644
index 0000000..6d296db
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t
@@ -0,0 +1,110 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslcbcpadding";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLSv1.2 enabled"
+    if disabled("tls1_2");
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&add_maximal_padding_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+# TODO: We could test all 256 values, but then the log file gets too large for
+# CI. See https://github.com/openssl/openssl/issues/1440.
+my @test_offsets = (0, 128, 254, 255);
+
+# Test that maximally-padded records are accepted.
+my $bad_padding_offset = -1;
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 1 + scalar(@test_offsets);
+ok(TLSProxy::Message->success(), "Maximally-padded record test");
+
+# Test that invalid padding is rejected.
+foreach my $offset (@test_offsets) {
+    $proxy->clear();
+    $bad_padding_offset = $offset;
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset");
+}
+
+sub add_maximal_padding_filter
+{
+    my $proxy = shift;
+
+    if ($proxy->flight == 0) {
+        # Disable Encrypt-then-MAC.
+        foreach my $message (@{$proxy->message_list}) {
+            if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) {
+                next;
+            }
+
+            $message->delete_extension(TLSProxy::Message::EXT_ENCRYPT_THEN_MAC);
+            $message->process_extensions();
+            $message->repack();
+        }
+    }
+
+    if ($proxy->flight == 3) {
+        # Insert a maximally-padded record. Assume a block size of 16 (AES) and
+        # a MAC length of 20 (SHA-1).
+        my $block_size = 16;
+        my $mac_len = 20;
+
+        # Size the plaintext so that 256 is a valid padding.
+        my $plaintext_len = $block_size - ($mac_len % $block_size);
+        my $plaintext = "A" x $plaintext_len;
+
+        my $data = "B" x $block_size; # Explicit IV.
+        $data .= $plaintext;
+        $data .= TLSProxy::Proxy::fill_known_data($mac_len); # MAC.
+
+        # Add padding.
+        for (my $i = 0; $i < 256; $i++) {
+            if ($i == $bad_padding_offset) {
+                $data .= "\xfe";
+            } else {
+                $data .= "\xff";
+            }
+        }
+
+        my $record = TLSProxy::Record->new(
+            $proxy->flight,
+            TLSProxy::Record::RT_APPLICATION_DATA,
+            TLSProxy::Record::VERS_TLS_1_2,
+            length($data),
+            0,
+            length($data),
+            $plaintext_len,
+            $data,
+            $plaintext,
+        );
+
+        # Send the record immediately after the server Finished.
+        push @{$proxy->record_list}, $record;
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t b/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t
new file mode 100644
index 0000000..104ee9c
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t
@@ -0,0 +1,66 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslcertstatus";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs the ocsp feature enabled"
+    if disabled("ocsp");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&certstatus_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: Sending a status_request extension in both ClientHello and
+#ServerHello but then omitting the CertificateStatus message is valid
+$proxy->clientflags("-status");
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 1;
+ok(TLSProxy::Message->success, "Missing CertificateStatus message");
+
+sub certstatus_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ServerHello
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+            #Add the status_request to the ServerHello even though we are not
+            #going to send a CertificateStatus message
+            $message->set_extension(TLSProxy::Message::EXT_STATUS_REQUEST,
+                                    "");
+
+            $message->repack();
+        }
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslextension.t b/openssl-1.1.0h/test/recipes/70-test_sslextension.t
new file mode 100644
index 0000000..8d6ccc6
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslextension.t
@@ -0,0 +1,112 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslextension";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&extension_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+# Test 1: Sending a zero length extension block should pass
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 3;
+ok(TLSProxy::Message->success, "Zero extension length test");
+
+sub extension_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+            # Remove all extensions and set the extension len to zero
+            $message->extension_data({});
+            $message->extensions_len(0);
+            # Extensions have been removed so make sure we don't try to use them
+            $message->process_extensions();
+
+            $message->repack();
+        }
+    }
+}
+
+# Test 2-3: Sending a duplicate extension should fail.
+sub inject_duplicate_extension
+{
+  my ($proxy, $message_type) = @_;
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == $message_type) {
+          my %extensions = %{$message->extension_data};
+            # Add a duplicate (unknown) extension.
+            $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
+            $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
+            $message->repack();
+        }
+    }
+}
+
+sub inject_duplicate_extension_clienthello
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO);
+}
+
+sub inject_duplicate_extension_serverhello
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ServerHello
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO);
+}
+
+$proxy->clear();
+$proxy->filter(\&inject_duplicate_extension_clienthello);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Duplicate ClientHello extension");
+
+$proxy->clear();
+$proxy->filter(\&inject_duplicate_extension_serverhello);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension");
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslmessages.t b/openssl-1.1.0h/test/recipes/70-test_sslmessages.t
new file mode 100644
index 0000000..b4631ea
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslmessages.t
@@ -0,0 +1,147 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use File::Temp qw(tempfile);
+use TLSProxy::Proxy;
+my $test_name = "test_tls13messages";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+
+use constant {
+    DEFAULT_HANDSHAKE => 1,
+    OCSP_HANDSHAKE => 2,
+    RESUME_HANDSHAKE => 4,
+    CLIENT_AUTH_HANDSHAKE => 8,
+    RENEG_HANDSHAKE => 16,
+
+    ALL_HANDSHAKES => 31
+};
+
+my @handmessages = (
+    [TLSProxy::Message::MT_CLIENT_HELLO, ALL_HANDSHAKES],
+    [TLSProxy::Message::MT_SERVER_HELLO, ALL_HANDSHAKES],
+    [TLSProxy::Message::MT_CERTIFICATE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE],
+    [TLSProxy::Message::MT_CERTIFICATE_STATUS, OCSP_HANDSHAKE],
+    #ServerKeyExchange handshakes not currently supported by TLSProxy
+    [TLSProxy::Message::MT_CERTIFICATE_REQUEST, CLIENT_AUTH_HANDSHAKE],
+    [TLSProxy::Message::MT_SERVER_HELLO_DONE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE],
+    [TLSProxy::Message::MT_CERTIFICATE, CLIENT_AUTH_HANDSHAKE],
+    [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE],
+    [TLSProxy::Message::MT_CERTIFICATE_VERIFY, CLIENT_AUTH_HANDSHAKE],
+    [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES],
+    [TLSProxy::Message::MT_NEW_SESSION_TICKET, ALL_HANDSHAKES & ~RESUME_HANDSHAKE],
+    [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES],
+    [TLSProxy::Message::MT_CLIENT_HELLO, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_SERVER_HELLO, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_CERTIFICATE, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_SERVER_HELLO_DONE, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_NEW_SESSION_TICKET, RENEG_HANDSHAKE],
+    [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE],
+    [0, 0]
+);
+
+my $proxy = TLSProxy::Proxy->new(
+    undef,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+sub checkmessages($$);
+
+#Test 1: Check we get all the right messages for a default handshake
+(undef, my $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 5;
+checkmessages(DEFAULT_HANDSHAKE, "Default handshake test");
+
+#Test 2: Resumption handshake
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->clientstart();
+checkmessages(RESUME_HANDSHAKE, "Resumption handshake test");
+unlink $session;
+
+#Test 3: A client auth handshake
+$proxy->clear();
+$proxy->clientflags("-cert ".srctop_file("apps", "server.pem"));
+$proxy->serverflags("-Verify 5");
+$proxy->start();
+checkmessages(CLIENT_AUTH_HANDSHAKE, "Client auth handshake test");
+
+#Test 4: A handshake with a renegotiation
+$proxy->clear();
+$proxy->reneg(1);
+$proxy->start();
+checkmessages(RENEG_HANDSHAKE, "Renegotiation handshake test");
+
+#Test 5: A handshake with a renegotiation and client auth
+$proxy->clear();
+$proxy->clientflags("-cert ".srctop_file("apps", "server.pem"));
+$proxy->serverflags("-Verify 5");
+$proxy->reneg(1);
+$proxy->start();
+checkmessages(RENEG_HANDSHAKE | CLIENT_AUTH_HANDSHAKE,
+              "Renogitation and client auth handshake test");
+
+sub checkmessages($$)
+{
+    my ($handtype, $testname) = @_;
+
+    subtest $testname => sub {
+        my $loop = 0;
+        my $numtests;
+
+        #First count the number of tests
+        for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
+            $numtests++ if (($handmessages[$loop][1] & $handtype) != 0);
+        }
+
+        plan tests => $numtests;
+
+        my $nextmess = 0;
+        my $message = undef;
+        for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
+            next if (($handmessages[$loop][1] & $handtype) == 0);
+            if (scalar @{$proxy->message_list} > $nextmess) {
+                $message = ${$proxy->message_list}[$nextmess];
+                $nextmess++;
+            } else {
+                $message = undef;
+            }
+            if (!defined $message) {
+                fail("Message type check. Got nothing, expected "
+                     .$handmessages[$loop][0]);
+            } else {
+                ok($message->mt == $handmessages[$loop][0],
+                   "Message type check. Got ".$message->mt
+                   .", expected ".$handmessages[$loop][0]);
+            }
+        }
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslrecords.t b/openssl-1.1.0h/test/recipes/70-test_sslrecords.t
new file mode 100644
index 0000000..ef3f509
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslrecords.t
@@ -0,0 +1,381 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslrecords";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLSv1.2 enabled"
+    if disabled("tls1_2");
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&add_empty_recs_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: Injecting out of context empty records should fail
+my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
+my $inject_recs_num = 1;
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+my $num_tests = 10;
+if (!disabled("tls1_1")) {
+    $num_tests++;
+}
+plan tests => $num_tests;
+ok(TLSProxy::Message->fail(), "Out of context empty records test");
+
+#Test 2: Injecting in context empty records should succeed
+$proxy->clear();
+$content_type = TLSProxy::Record::RT_HANDSHAKE;
+$proxy->start();
+ok(TLSProxy::Message->success(), "In context empty records test");
+
+#Test 3: Injecting too many in context empty records should fail
+$proxy->clear();
+#We allow 32 consecutive in context empty records
+$inject_recs_num = 33;
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Too many in context empty records test");
+
+#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no
+#        alerts to be sent from either side because *we* injected the fatal
+#        alert, i.e. this will look like a disorderly close
+$proxy->clear();
+$proxy->filter(\&add_frag_alert_filter);
+$proxy->start();
+ok(!TLSProxy::Message->end(), "Fragmented alert records test");
+
+#Run some SSLv2 ClientHello tests
+
+use constant {
+    TLSV1_2_IN_SSLV2 => 0,
+    SSLV2_IN_SSLV2 => 1,
+    FRAGMENTED_IN_TLSV1_2 => 2,
+    FRAGMENTED_IN_SSLV2 => 3,
+    ALERT_BEFORE_SSLV2 => 4
+};
+#Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello
+my $sslv2testtype = TLSV1_2_IN_SSLV2;
+$proxy->clear();
+$proxy->filter(\&add_sslv2_filter);
+$proxy->start();
+ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
+
+#Test 6: Inject an SSLv2 style record format for an SSLv2 ClientHello. We don't
+#        support this so it should fail. We actually treat it as an unknown
+#        protocol so we don't even send an alert in this case.
+$sslv2testtype = SSLV2_IN_SSLV2;
+$proxy->clear();
+$proxy->start();
+ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
+
+#Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test
+#        at all, but it gives us confidence that Test 8 fails for the right
+#        reasons
+$sslv2testtype = FRAGMENTED_IN_TLSV1_2;
+$proxy->clear();
+$proxy->start();
+ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
+
+#Test 8: Fragment a TLSv1.2 ClientHello across a TLS1.2 record; an SSLv2
+#        record; and another TLS1.2 record. This isn't allowed so should fail
+$sslv2testtype = FRAGMENTED_IN_SSLV2;
+$proxy->clear();
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
+
+#Test 9: Send a TLS warning alert before an SSLv2 ClientHello. This should
+#        fail because an SSLv2 ClientHello must be the first record.
+$sslv2testtype = ALERT_BEFORE_SSLV2;
+$proxy->clear();
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
+
+#Unrecognised record type tests
+
+#Test 10: Sending an unrecognised record type in TLS1.2 should fail
+$proxy->clear();
+$proxy->filter(\&add_unknown_record_type);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2");
+
+#Test 11: Sending an unrecognised record type in TLS1.1 should fail
+if (!disabled("tls1_1")) {
+    $proxy->clear();
+    $proxy->clientflags("-tls1_1");
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1");
+}
+
+sub add_empty_recs_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    for (my $i = 0; $i < $inject_recs_num; $i++) {
+        my $record = TLSProxy::Record->new(
+            0,
+            $content_type,
+            TLSProxy::Record::VERS_TLS_1_2,
+            0,
+            0,
+            0,
+            0,
+            "",
+            ""
+        );
+
+        push @{$proxy->record_list}, $record;
+    }
+}
+
+sub add_frag_alert_filter
+{
+    my $proxy = shift;
+    my $byte;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    # Add a zero length fragment first
+    #my $record = TLSProxy::Record->new(
+    #    0,
+    #    TLSProxy::Record::RT_ALERT,
+    #    TLSProxy::Record::VERS_TLS_1_2,
+    #    0,
+    #    0,
+    #    0,
+    #    "",
+    #    ""
+    #);
+    #push @{$proxy->record_list}, $record;
+
+    # Now add the alert level (Fatal) as a separate record
+    $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
+    my $record = TLSProxy::Record->new(
+        0,
+        TLSProxy::Record::RT_ALERT,
+        TLSProxy::Record::VERS_TLS_1_2,
+        1,
+        0,
+        1,
+        1,
+        $byte,
+        $byte
+    );
+    push @{$proxy->record_list}, $record;
+
+    # And finally the description (Unexpected message) in a third record
+    $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE);
+    $record = TLSProxy::Record->new(
+        0,
+        TLSProxy::Record::RT_ALERT,
+        TLSProxy::Record::VERS_TLS_1_2,
+        1,
+        0,
+        1,
+        1,
+        $byte,
+        $byte
+    );
+    push @{$proxy->record_list}, $record;
+}
+
+sub add_sslv2_filter
+{
+    my $proxy = shift;
+    my $clienthello;
+    my $record;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    # Ditch the real ClientHello - we're going to replace it with our own
+    shift @{$proxy->record_list};
+
+    if ($sslv2testtype == ALERT_BEFORE_SSLV2) {
+        my $alert = pack('CC', TLSProxy::Message::AL_LEVEL_FATAL,
+                               TLSProxy::Message::AL_DESC_NO_RENEGOTIATION);
+        my $alertlen = length $alert;
+        $record = TLSProxy::Record->new(
+            0,
+            TLSProxy::Record::RT_ALERT,
+            TLSProxy::Record::VERS_TLS_1_2,
+            $alertlen,
+            0,
+            $alertlen,
+            $alertlen,
+            $alert,
+            $alert
+        );
+
+        push @{$proxy->record_list}, $record;
+    }
+
+    if ($sslv2testtype == ALERT_BEFORE_SSLV2
+            || $sslv2testtype == TLSV1_2_IN_SSLV2
+            || $sslv2testtype == SSLV2_IN_SSLV2) {
+        # This is an SSLv2 format ClientHello
+        $clienthello =
+            pack "C44",
+            0x01, # ClientHello
+            0x03, 0x03, #TLSv1.2
+            0x00, 0x03, # Ciphersuites len
+            0x00, 0x00, # Session id len
+            0x00, 0x20, # Challenge len
+            0x00, 0x00, 0x2f, #AES128-SHA
+            0x01, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+            0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+            0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6; # Challenge
+
+        if ($sslv2testtype == SSLV2_IN_SSLV2) {
+            # Set the version to "real" SSLv2
+            vec($clienthello, 1, 8) = 0x00;
+            vec($clienthello, 2, 8) = 0x02;
+        }
+
+        my $chlen = length $clienthello;
+
+        $record = TLSProxy::Record->new(
+            0,
+            TLSProxy::Record::RT_HANDSHAKE,
+            TLSProxy::Record::VERS_TLS_1_2,
+            $chlen,
+            1, #SSLv2
+            $chlen,
+            $chlen,
+            $clienthello,
+            $clienthello
+        );
+
+        push @{$proxy->record_list}, $record;
+    } else {
+        # For this test we're using a real TLS ClientHello
+        $clienthello =
+            pack "C49",
+            0x01, # ClientHello
+            0x00, 0x00, 0x2D, # Message length
+            0x03, 0x03, # TLSv1.2
+            0x01, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
+            0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
+            0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, # Random
+            0x00, # Session id len
+            0x00, 0x04, # Ciphersuites len
+            0x00, 0x2f, # AES128-SHA
+            0x00, 0xff, # Empty reneg info SCSV
+            0x01, # Compression methods len
+            0x00, # Null compression
+            0x00, 0x00; # Extensions len
+
+        # Split this into 3: A TLS record; a SSLv2 record and a TLS record.
+        # We deliberately split the second record prior to the Challenge/Random
+        # and set the first byte of the random to 1. This makes the second SSLv2
+        # record look like an SSLv2 ClientHello
+        my $frag1 = substr $clienthello, 0, 6;
+        my $frag2 = substr $clienthello, 6, 32;
+        my $frag3 = substr $clienthello, 38;
+
+        my $fraglen = length $frag1;
+        $record = TLSProxy::Record->new(
+            0,
+            TLSProxy::Record::RT_HANDSHAKE,
+            TLSProxy::Record::VERS_TLS_1_2,
+            $fraglen,
+            0,
+            $fraglen,
+            $fraglen,
+            $frag1,
+            $frag1
+        );
+        push @{$proxy->record_list}, $record;
+
+        $fraglen = length $frag2;
+        my $recvers;
+        if ($sslv2testtype == FRAGMENTED_IN_SSLV2) {
+            $recvers = 1;
+        } else {
+            $recvers = 0;
+        }
+        $record = TLSProxy::Record->new(
+            0,
+            TLSProxy::Record::RT_HANDSHAKE,
+            TLSProxy::Record::VERS_TLS_1_2,
+            $fraglen,
+            $recvers,
+            $fraglen,
+            $fraglen,
+            $frag2,
+            $frag2
+        );
+        push @{$proxy->record_list}, $record;
+
+        $fraglen = length $frag3;
+        $record = TLSProxy::Record->new(
+            0,
+            TLSProxy::Record::RT_HANDSHAKE,
+            TLSProxy::Record::VERS_TLS_1_2,
+            $fraglen,
+            0,
+            $fraglen,
+            $fraglen,
+            $frag3,
+            $frag3
+        );
+        push @{$proxy->record_list}, $record;
+    }
+
+}
+
+sub add_unknown_record_type
+{
+    my $proxy = shift;
+
+    # We'll change a record after the initial version neg has taken place
+    if ($proxy->flight != 2) {
+        return;
+    }
+
+    my $lastrec = ${$proxy->record_list}[-1];
+    my $record = TLSProxy::Record->new(
+        2,
+        TLSProxy::Record::RT_UNKNOWN,
+        $lastrec->version(),
+        1,
+        0,
+        1,
+        1,
+        "X",
+        "X"
+    );
+
+    unshift @{$proxy->record_list}, $record;
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t b/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t
new file mode 100644
index 0000000..4a8636e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t
@@ -0,0 +1,268 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+use File::Temp qw(tempfile);
+
+my $test_name = "test_sslsessiontick";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+
+sub checkmessages($$$$$$);
+sub clearclient();
+sub clearall();
+
+my $chellotickext = 0;
+my $shellotickext = 0;
+my $fullhand = 0;
+my $ticketseen = 0;
+
+my $proxy = TLSProxy::Proxy->new(
+    undef,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: By default with no existing session we should get a session ticket
+#Expected result: ClientHello extension seen; ServerHello extension seen
+#                 NewSessionTicket message seen; Full handshake
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 10;
+checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
+
+#Test 2: If the server does not accept tickets we should get a normal handshake
+#with no session tickets
+#Expected result: ClientHello extension seen; ServerHello extension not seen
+#                 NewSessionTicket message not seen; Full handshake
+clearall();
+$proxy->serverflags("-no_ticket");
+$proxy->start();
+checkmessages(2, "No server support session ticket test", 1, 0, 0, 1);
+
+#Test 3: If the client does not accept tickets we should get a normal handshake
+#with no session tickets
+#Expected result: ClientHello extension not seen; ServerHello extension not seen
+#                 NewSessionTicket message not seen; Full handshake
+clearall();
+$proxy->clientflags("-no_ticket");
+$proxy->start();
+checkmessages(3, "No client support session ticket test", 0, 0, 0, 1);
+
+#Test 4: Test session resumption with session ticket
+#Expected result: ClientHello extension seen; ServerHello extension not seen
+#                 NewSessionTicket message not seen; Abbreviated handshake
+clearall();
+(undef, my $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->clientstart();
+checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
+unlink $session;
+
+#Test 5: Test session resumption with ticket capable client without a ticket
+#Expected result: ClientHello extension seen; ServerHello extension seen
+#                 NewSessionTicket message seen; Abbreviated handshake
+clearall();
+(undef, $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session." -no_ticket");
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->clientstart();
+checkmessages(5, "Session resumption with ticket capable client without a "
+                 ."ticket", 1, 1, 1, 0);
+unlink $session;
+
+#Test 6: Client accepts empty ticket.
+#Expected result: ClientHello extension seen; ServerHello extension seen;
+#                 NewSessionTicket message seen; Full handshake.
+clearall();
+$proxy->filter(\&ticket_filter);
+$proxy->start();
+checkmessages(6, "Empty ticket test",  1, 1, 1, 1);
+
+#Test 7-8: Client keeps existing ticket on empty ticket.
+clearall();
+(undef, $session) = tempfile();
+$proxy->serverconnects(3);
+$proxy->filter(undef);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session." -sess_out ".$session);
+$proxy->filter(\&inject_empty_ticket_filter);
+$proxy->clientstart();
+#Expected result: ClientHello extension seen; ServerHello extension seen;
+#                 NewSessionTicket message seen; Abbreviated handshake.
+checkmessages(7, "Empty ticket resumption test",  1, 1, 1, 0);
+clearclient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->filter(undef);
+$proxy->clientstart();
+#Expected result: ClientHello extension seen; ServerHello extension not seen;
+#                 NewSessionTicket message not seen; Abbreviated handshake.
+checkmessages(8, "Empty ticket resumption test",  1, 0, 0, 0);
+unlink $session;
+
+#Test 9: Bad server sends the ServerHello extension but does not send a
+#NewSessionTicket
+#Expected result: Connection failure
+clearall();
+$proxy->serverflags("-no_ticket");
+$proxy->filter(\&inject_ticket_extension_filter);
+$proxy->start();
+ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test");
+
+#Test10: Bad server does not send the ServerHello extension but does send a
+#NewSessionTicket
+#Expected result: Connection failure
+clearall();
+$proxy->serverflags("-no_ticket");
+$proxy->filter(\&inject_empty_ticket_filter);
+$proxy->start();
+ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test");
+
+sub ticket_filter
+{
+    my $proxy = shift;
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
+            $message->ticket("");
+            $message->repack();
+        }
+    }
+}
+
+sub inject_empty_ticket_filter {
+    my $proxy = shift;
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
+            # Only inject the message first time we're called.
+            return;
+        }
+    }
+
+    my @new_message_list = ();
+    foreach my $message (@{$proxy->message_list}) {
+        push @new_message_list, $message;
+        if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+            $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, "");
+            $message->repack();
+            # Tack NewSessionTicket onto the ServerHello record.
+            # This only works if the ServerHello is exactly one record.
+            my $record = ${$message->records}[0];
+
+            my $offset = $message->startoffset + $message->encoded_length;
+            my $newsessionticket = TLSProxy::NewSessionTicket->new(
+                1, "", [$record], $offset, []);
+            $newsessionticket->repack();
+            push @new_message_list, $newsessionticket;
+        }
+    }
+    $proxy->message_list([@new_message_list]);
+}
+
+sub inject_ticket_extension_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ServerHello
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+            #Add the session ticket extension to the ServerHello even though
+            #we are not going to send a NewSessionTicket message
+            $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, "");
+
+            $message->repack();
+        }
+    }
+}
+
+sub checkmessages($$$$$$)
+{
+    my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_;
+
+    subtest $testname => sub {
+
+	foreach my $message (@{$proxy->message_list}) {
+	    if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO
+                || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+		#Get the extensions data
+		my %extensions = %{$message->extension_data};
+		if (defined
+                    $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) {
+		    if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+			$chellotickext = 1;
+		    } else {
+			$shellotickext = 1;
+		    }
+		}
+	    } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
+		#Must be doing a full handshake
+		$fullhand = 1;
+	    } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) {
+		$ticketseen = 1;
+	    }
+	}
+
+	plan tests => 5;
+
+	ok(TLSProxy::Message->success, "Handshake");
+	ok(($testch && $chellotickext) || (!$testch && !$chellotickext),
+	   "ClientHello extension Session Ticket check");
+	ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext),
+	   "ServerHello extension Session Ticket check");
+	ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen),
+	   "Session Ticket message presence check");
+	ok(($testhand && $fullhand) || (!$testhand && !$fullhand),
+	   "Session Ticket full handshake check");
+    }
+}
+
+
+sub clearclient()
+{
+    $chellotickext = 0;
+    $shellotickext = 0;
+    $fullhand = 0;
+    $ticketseen = 0;
+    $proxy->clearClient();
+}
+
+sub clearall()
+{
+    clearclient();
+    $proxy->clear();
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t b/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t
new file mode 100644
index 0000000..af87739
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t
@@ -0,0 +1,65 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslskewith0p";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "dh is not supported by this OpenSSL build"
+    if disabled("dh");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&ske_0_p_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#We must use an anon DHE cipher for this test
+$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0');
+$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0');
+
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 1;
+ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p");
+
+sub ske_0_p_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the SKE - always in flight 1
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) {
+            #Set p to a value of 0
+            $message->p(pack('C', 0));
+
+            $message->repack();
+        }
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_sslvertol.t b/openssl-1.1.0h/test/recipes/70-test_sslvertol.t
new file mode 100644
index 0000000..59c2cdd
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_sslvertol.t
@@ -0,0 +1,67 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+my $test_name = "test_sslextension";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+my $proxy = TLSProxy::Proxy->new(
+    \&vers_tolerance_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: Asking for TLS1.3 should pass
+my $client_version = TLSProxy::Record::VERS_TLS_1_3;
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 2;
+ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3");
+
+#Test 2: Testing something below SSLv3 should fail
+$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1;
+$proxy->clear();
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0");
+
+sub vers_tolerance_filter
+{
+    my $proxy = shift;
+
+    # We're only interested in the initial ClientHello
+    if ($proxy->flight != 0) {
+        return;
+    }
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+            #Set the client version
+            #Anything above the max supported version (TLS1.2) should succeed
+            #Anything below SSLv3 should fail
+            $message->client_version($client_version);
+            $message->repack();
+        }
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_tlsextms.t b/openssl-1.1.0h/test/recipes/70-test_tlsextms.t
new file mode 100644
index 0000000..d39acf4
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_tlsextms.t
@@ -0,0 +1,238 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+use File::Temp qw(tempfile);
+
+my $test_name = "test_tlsextms";
+setup($test_name);
+
+plan skip_all => "TLSProxy isn't usable on $^O"
+    if $^O =~ /^(VMS)$/;
+
+plan skip_all => "$test_name needs the dynamic engine feature enabled"
+    if disabled("engine") || disabled("dynamic-engine");
+
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
+plan skip_all => "$test_name needs TLS enabled"
+    if alldisabled(available_protocols("tls"));
+
+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
+
+sub checkmessages($$$$$);
+sub setrmextms($$);
+sub clearall();
+
+my $crmextms = 0;
+my $srmextms = 0;
+my $cextms = 0;
+my $sextms = 0;
+my $fullhand = 0;
+
+my $proxy = TLSProxy::Proxy->new(
+    \&extms_filter,
+    cmdstr(app(["openssl"]), display => 1),
+    srctop_file("apps", "server.pem"),
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+);
+
+#Test 1: By default server and client should send extended master secret
+# extension.
+#Expected result: ClientHello extension seen; ServerHello extension seen
+#                 Full handshake
+
+setrmextms(0, 0);
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 9;
+checkmessages(1, "Default extended master secret test", 1, 1, 1);
+
+#Test 2: If client omits extended master secret extension, server should too.
+#Expected result: ClientHello extension not seen; ServerHello extension not seen
+#                 Full handshake
+
+clearall();
+setrmextms(1, 0);
+$proxy->start();
+checkmessages(2, "No client extension extended master secret test", 0, 0, 1);
+
+# Test 3: same as 1 but with session tickets disabled.
+# Expected result: same as test 1.
+
+clearall();
+$proxy->clientflags("-no_ticket");
+setrmextms(0, 0);
+$proxy->start();
+checkmessages(3, "No ticket extended master secret test", 1, 1, 1);
+
+# Test 4: same as 2 but with session tickets disabled.
+# Expected result: same as test 2.
+
+clearall();
+$proxy->clientflags("-no_ticket");
+setrmextms(1, 0);
+$proxy->start();
+checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1);
+
+#Test 5: Session resumption extended master secret test
+#
+#Expected result: ClientHello extension seen; ServerHello extension seen
+#                 Abbreviated handshake
+
+clearall();
+setrmextms(0, 0);
+(undef, my $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->clientstart();
+checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
+unlink $session;
+
+#Test 6: Session resumption extended master secret test original session
+# omits extension. Server must not resume session.
+#Expected result: ClientHello extension seen; ServerHello extension seen
+#                 Full handshake
+
+clearall();
+setrmextms(1, 0);
+(undef, $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+setrmextms(0, 0);
+$proxy->clientstart();
+checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
+unlink $session;
+
+#Test 7: Session resumption extended master secret test resumed session
+# omits client extension. Server must abort connection.
+#Expected result: aborted connection.
+
+clearall();
+setrmextms(0, 0);
+(undef, $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+setrmextms(1, 0);
+$proxy->clientstart();
+ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
+unlink $session;
+
+#Test 8: Session resumption extended master secret test resumed session
+# omits server extension. Client must abort connection.
+#Expected result: aborted connection.
+
+clearall();
+setrmextms(0, 0);
+(undef, $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+setrmextms(0, 1);
+$proxy->clientstart();
+ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
+unlink $session;
+
+#Test 9: Session resumption extended master secret test initial session
+# omits server extension. Client must abort connection.
+#Expected result: aborted connection.
+
+clearall();
+setrmextms(0, 1);
+(undef, $session) = tempfile();
+$proxy->serverconnects(2);
+$proxy->clientflags("-sess_out ".$session);
+$proxy->start();
+$proxy->clearClient();
+$proxy->clientflags("-sess_in ".$session);
+setrmextms(0, 0);
+$proxy->clientstart();
+ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
+unlink $session;
+
+sub extms_filter
+{
+    my $proxy = shift;
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($crmextms && $message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+            $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET);
+            $message->repack();
+        }
+        if ($srmextms && $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+            $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET);
+            $message->repack();
+        }
+    }
+}
+
+sub checkmessages($$$$$)
+{
+    my ($testno, $testname, $testcextms, $testsextms, $testhand) = @_;
+
+    subtest $testname => sub {
+
+    foreach my $message (@{$proxy->message_list}) {
+        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO
+            || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
+        #Get the extensions data
+        my %extensions = %{$message->extension_data};
+        if (defined
+            $extensions{TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET}) {
+            if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+                $cextms = 1;
+            } else {
+                $sextms = 1;
+            }
+        }
+        } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) {
+            #Must be doing a full handshake
+            $fullhand = 1;
+        }
+    }
+
+    plan tests => 4;
+
+    ok(TLSProxy::Message->success, "Handshake");
+
+    ok($testcextms == $cextms,
+       "ClientHello extension extended master secret check");
+    ok($testsextms == $sextms,
+       "ServerHello extension extended master secret check");
+    ok($testhand == $fullhand,
+       "Extended master secret full handshake check");
+
+    }
+}
+
+sub setrmextms($$)
+{
+    ($crmextms, $srmextms) = @_;
+}
+
+sub clearall()
+{
+    $cextms = 0;
+    $sextms = 0;
+    $fullhand = 0;
+    $proxy->clear();
+}
diff --git a/openssl-1.1.0h/test/recipes/70-test_verify_extra.t b/openssl-1.1.0h/test/recipes/70-test_verify_extra.t
new file mode 100644
index 0000000..79a33cd
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/70-test_verify_extra.t
@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_verify_extra");
+
+plan tests => 1;
+
+ok(run(test(["verify_extra_test",
+             srctop_file("test", "certs", "roots.pem"),
+             srctop_file("test", "certs", "untrusted.pem"),
+             srctop_file("test", "certs", "bad.pem")])));
diff --git a/openssl-1.1.0h/test/recipes/80-test_ca.t b/openssl-1.1.0h/test/recipes/80-test_ca.t
new file mode 100644
index 0000000..28a090e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ca.t
@@ -0,0 +1,59 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use File::Path 2.00 qw/rmtree/;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+
+setup("test_ca");
+
+$ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
+my $std_openssl_cnf =
+    srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf");
+
+rmtree("demoCA", { safe => 0 });
+
+plan tests => 4;
+ SKIP: {
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
+     skip "failed creating CA structure", 3
+	 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
+		'creating CA structure');
+
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
+     skip "failed creating new certificate request", 2
+	 if !ok(run(perlapp(["CA.pl","-newreq"])),
+		'creating certificate request');
+
+     $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
+     skip "failed to sign certificate request", 1
+	 if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
+		'signing certificate request');
+
+     ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
+        'verifying new certificate');
+}
+
+
+rmtree("demoCA", { safe => 0 });
+unlink "newcert.pem", "newreq.pem", "newkey.pem";
+
+
+sub yes {
+    my $cntr = 10;
+    open(PIPE, "|-", join(" ",@_));
+    local $SIG{PIPE} = "IGNORE";
+    1 while $cntr-- > 0 && print PIPE "y\n";
+    close PIPE;
+    return 0;
+}
+
diff --git a/openssl-1.1.0h/test/recipes/80-test_cipherlist.t b/openssl-1.1.0h/test/recipes/80-test_cipherlist.t
new file mode 100644
index 0000000..98d537e
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_cipherlist.t
@@ -0,0 +1,26 @@
+#! /usr/bin/perl
+#
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(alldisabled available_protocols);
+
+setup("test_cipherlist");
+
+my $no_anytls = alldisabled(available_protocols("tls"));
+
+# If we have no protocols, then we also have no supported ciphers.
+plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
+    if $no_anytls;
+
+simple_test("test_cipherlist", "cipherlist_test", "cipherlist");
diff --git a/openssl-1.1.0h/test/recipes/80-test_cms.t b/openssl-1.1.0h/test/recipes/80-test_cms.t
new file mode 100644
index 0000000..f038bea
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_cms.t
@@ -0,0 +1,511 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use File::Spec::Functions qw/catfile/;
+use File::Compare qw/compare_text/;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_cms");
+
+plan skip_all => "CMS is not supported by this OpenSSL build"
+    if disabled("cms");
+
+my $smdir    = srctop_dir("test", "smime-certs");
+my $smcont   = srctop_file("test", "smcont.txt");
+my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+    = disabled qw/des dh dsa ec ec2m rc2 zlib/;
+
+plan tests => 4;
+
+my @smime_pkcs7_tests = (
+
+    [ "signed content DER format, RSA key",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+	"-certfile", catfile($smdir, "smroot.pem"),
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed detached content DER format, RSA key",
+      [ "-sign", "-in", $smcont, "-outform", "DER",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
+	"-content", $smcont ]
+    ],
+
+    [ "signed content test streaming BER format, RSA",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+	"-stream",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content DER format, DSA key",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed detached content DER format, DSA key",
+      [ "-sign", "-in", $smcont, "-outform", "DER",
+	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
+	"-content", $smcont ]
+    ],
+
+    [ "signed detached content DER format, add RSA signer (with DSA existing)",
+      [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
+      [ "-verify", "-in", "test2.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
+	"-content", $smcont ]
+    ],
+
+    [ "signed content test streaming BER format, DSA key",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+	"-stream",
+	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content S/MIME format, RSA key SHA1",
+      [ "-sign", "-in", $smcont, "-md", "sha1",
+	"-certfile", catfile($smdir, "smroot.pem"),
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
+      [ "-sign", "-in", $smcont, "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
+      [ "-sign", "-in", $smcont,
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	catfile($smdir, "smrsa1.pem"),
+	catfile($smdir, "smrsa2.pem"),
+	catfile($smdir, "smrsa3.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	catfile($smdir, "smrsa1.pem"),
+	catfile($smdir, "smrsa2.pem"),
+	catfile($smdir, "smrsa3.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	catfile($smdir, "smrsa1.pem"),
+	catfile($smdir, "smrsa2.pem"),
+	catfile($smdir, "smrsa3.pem") ],
+      [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+      [ "-encrypt", "-in", $smcont,
+	"-aes256", "-stream", "-out", "test.cms",
+	catfile($smdir, "smrsa1.pem"),
+	catfile($smdir, "smrsa2.pem"),
+	catfile($smdir, "smrsa3.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+);
+
+my @smime_cms_tests = (
+
+    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
+      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "DER",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
+      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"),
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-signer", catfile($smdir, "smdsa1.pem"),
+	"-signer", catfile($smdir, "smdsa2.pem"),
+	"-stream", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "PEM",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content MIME format, RSA key, signed receipt request",
+      [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
+	"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
+	"-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed receipt MIME format, RSA key",
+      [ "-sign_receipt", "-in", "test.cms",
+	"-signer", catfile($smdir, "smrsa2.pem"),
+	"-out", "test2.cms" ],
+      [ "-verify_receipt", "test2.cms", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem") ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms", "-keyid",
+	catfile($smdir, "smrsa1.pem"),
+	catfile($smdir, "smrsa2.pem"),
+	catfile($smdir, "smrsa3.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming PEM format, KEK",
+      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
+	"-stream", "-out", "test.cms",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F",
+	"-secretkeyid", "C0FEE0" ],
+      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F",
+	"-secretkeyid", "C0FEE0" ]
+    ],
+
+    [ "enveloped content test streaming PEM format, KEK, key only",
+      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
+	"-stream", "-out", "test.cms",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F",
+	"-secretkeyid", "C0FEE0" ],
+      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F" ]
+    ],
+
+    [ "data content test streaming PEM format",
+      [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-stream", "-out", "test.cms" ],
+      [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
+    ],
+
+    [ "encrypted content test streaming PEM format, 128 bit RC2 key",
+      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+	"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
+	"-stream", "-out", "test.cms" ],
+      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
+    ],
+
+    [ "encrypted content test streaming PEM format, 40 bit RC2 key",
+      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+	"-rc2", "-secretkey", "0001020304",
+	"-stream", "-out", "test.cms" ],
+      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
+	"-secretkey", "0001020304", "-out", "smtst.txt" ]
+    ],
+
+    [ "encrypted content test streaming PEM format, triple DES key",
+      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+	"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+	"-stream", "-out", "test.cms" ],
+      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+	"-out", "smtst.txt" ]
+    ],
+
+    [ "encrypted content test streaming PEM format, 128 bit AES key",
+      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+	"-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
+	"-stream", "-out", "test.cms" ],
+      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
+	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
+    ],
+
+);
+
+my @smime_cms_comp_tests = (
+
+    [ "compressed content test streaming PEM format",
+      [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-stream", "-out", "test.cms" ],
+      [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
+    ]
+
+);
+
+my @smime_cms_param_tests = (
+    [ "signed content test streaming PEM format, RSA keys, PSS signature",
+      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
+	"-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "PEM",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
+      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
+	"-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "PEM",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
+      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
+	"-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms", "-inform", "PEM",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
+	"-keyopt", "rsa_oaep_md:sha256" ],
+      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, ECDH",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smec1.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	catfile($smdir, "smec1.pem"),
+	catfile($smdir, "smec3.pem") ],
+      [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
+      [ "-encrypt", "-keyid", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smec1.pem") ],
+      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
+      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smec2.pem"), "-aes128",
+	"-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
+      [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
+    [ "enveloped content test streaming S/MIME format, X9.42 DH",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
+      [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ]
+    );
+
+subtest "CMS => PKCS#7 compatibility tests\n" => sub {
+    plan tests => scalar @smime_pkcs7_tests;
+
+    foreach (@smime_pkcs7_tests) {
+      SKIP: {
+	  my $skip_reason = check_availability($$_[0]);
+	  skip $skip_reason, 1 if $skip_reason;
+
+	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
+	     && run(app(["openssl", "smime", @{$$_[2]}]))
+	     && compare_text($smcont, "smtst.txt") == 0,
+	     $$_[0]);
+	}
+    }
+};
+subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
+    plan tests => scalar @smime_pkcs7_tests;
+
+    foreach (@smime_pkcs7_tests) {
+      SKIP: {
+	  my $skip_reason = check_availability($$_[0]);
+	  skip $skip_reason, 1 if $skip_reason;
+
+	  ok(run(app(["openssl", "smime", @{$$_[1]}]))
+	     && run(app(["openssl", "cms", @{$$_[2]}]))
+	     && compare_text($smcont, "smtst.txt") == 0,
+	     $$_[0]);
+	}
+    }
+};
+
+subtest "CMS <=> CMS consistency tests\n" => sub {
+    plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
+
+    foreach (@smime_pkcs7_tests) {
+      SKIP: {
+	  my $skip_reason = check_availability($$_[0]);
+	  skip $skip_reason, 1 if $skip_reason;
+
+	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
+	     && run(app(["openssl", "cms", @{$$_[2]}]))
+	     && compare_text($smcont, "smtst.txt") == 0,
+	     $$_[0]);
+	}
+    }
+    foreach (@smime_cms_tests) {
+      SKIP: {
+	  my $skip_reason = check_availability($$_[0]);
+	  skip $skip_reason, 1 if $skip_reason;
+
+	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
+	     && run(app(["openssl", "cms", @{$$_[2]}]))
+	     && compare_text($smcont, "smtst.txt") == 0,
+	     $$_[0]);
+	}
+    }
+};
+
+subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
+    plan tests =>
+	(scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
+
+    foreach (@smime_cms_param_tests) {
+      SKIP: {
+	  my $skip_reason = check_availability($$_[0]);
+	  skip $skip_reason, 1 if $skip_reason;
+
+	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
+	     && run(app(["openssl", "cms", @{$$_[2]}]))
+	     && compare_text($smcont, "smtst.txt") == 0,
+	     $$_[0]);
+	}
+    }
+
+  SKIP: {
+      skip("Zlib not supported: compression tests skipped",
+	   scalar @smime_cms_comp_tests)
+	  if $no_zlib;
+
+      foreach (@smime_cms_comp_tests) {
+	SKIP: {
+	    my $skip_reason = check_availability($$_[0]);
+	    skip $skip_reason, 1 if $skip_reason;
+
+	    ok(run(app(["openssl", "cms", @{$$_[1]}]))
+	       && run(app(["openssl", "cms", @{$$_[2]}]))
+	       && compare_text($smcont, "smtst.txt") == 0,
+	       $$_[0]);
+	  }
+      }
+    }
+};
+
+unlink "test.cms";
+unlink "test2.cms";
+unlink "smtst.txt";
+
+sub check_availability {
+    my $tnam = shift;
+
+    return "$tnam: skipped, EC disabled\n"
+        if ($no_ec && $tnam =~ /ECDH/);
+    return "$tnam: skipped, ECDH disabled\n"
+        if ($no_ec && $tnam =~ /ECDH/);
+    return "$tnam: skipped, EC2M disabled\n"
+        if ($no_ec2m && $tnam =~ /K-283/);
+    return "$tnam: skipped, DH disabled\n"
+        if ($no_dh && $tnam =~ /X9\.42/);
+    return "$tnam: skipped, RC2 disabled\n"
+        if ($no_rc2 && $tnam =~ /RC2/);
+    return "$tnam: skipped, DES disabled\n"
+        if ($no_des && $tnam =~ /DES/);
+    return "$tnam: skipped, DSA disabled\n"
+        if ($no_dsa && $tnam =~ / DSA/);
+
+    return "";
+}
diff --git a/openssl-1.1.0h/test/recipes/80-test_ct.t b/openssl-1.1.0h/test/recipes/80-test_ct.t
new file mode 100644
index 0000000..9c717b2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ct.t
@@ -0,0 +1,17 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
+use OpenSSL::Test::Simple;
+
+setup("test_ct");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CT_DIR} = srctop_dir("test", "ct");
+$ENV{CERTS_DIR} = srctop_dir("test", "certs");
+simple_test("test_ct", "ct_test", "ct", "ec");
diff --git a/openssl-1.1.0h/test/recipes/80-test_dane.t b/openssl-1.1.0h/test/recipes/80-test_dane.t
new file mode 100644
index 0000000..527e663
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_dane.t
@@ -0,0 +1,24 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_dane");
+
+plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build"
+    if disabled("ec");
+
+plan tests => 1;                # The number of tests being performed
+
+ok(run(test(["danetest", "example.com",
+             srctop_file("test", "danetest.pem"),
+             srctop_file("test", "danetest.in")])), "dane tests");
diff --git a/openssl-1.1.0h/test/recipes/80-test_dtls.t b/openssl-1.1.0h/test/recipes/80-test_dtls.t
new file mode 100644
index 0000000..f4a2dc0
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_dtls.t
@@ -0,0 +1,20 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_dtls");
+
+plan skip_all => "No DTLS protocols are supported by this OpenSSL build"
+    if alldisabled(available_protocols("dtls"));
+
+plan tests => 1;
+
+ok(run(test(["dtlstest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running dtlstest");
diff --git a/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t b/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t
new file mode 100644
index 0000000..dd1bb35
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_dtlsv1listen", "dtlsv1listentest", "dh");
diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp.t b/openssl-1.1.0h/test/recipes/80-test_ocsp.t
new file mode 100644
index 0000000..e9ed7b4
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ocsp.t
@@ -0,0 +1,219 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use File::Spec::Functions qw/devnull catfile/;
+use File::Copy;
+use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir data_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_ocsp");
+
+plan skip_all => "OCSP is not supported by this OpenSSL build"
+    if disabled("ocsp");
+
+my $ocspdir=srctop_dir("test", "ocsp-tests");
+# 17 December 2012 so we don't get certificate expiry errors.
+my @check_time=("-attime", "1355875200");
+
+sub test_ocsp {
+    my $title = shift;
+    my $inputfile = shift;
+    my $CAfile = shift;
+    my $untrusted = shift;
+    if ($untrusted eq "") {
+        $untrusted = $CAfile;
+    }
+    my $expected_exit = shift;
+
+    run(app(["openssl", "base64", "-d",
+             "-in", catfile($ocspdir,$inputfile),
+             "-out", "ocsp-resp-fff.dat"]));
+    with({ exit_checker => sub { return shift == $expected_exit; } },
+         sub { ok(run(app(["openssl", "ocsp", "-respin", "ocsp-resp-fff.dat",
+                           "-partial_chain", @check_time,
+                           "-CAfile", catfile($ocspdir, $CAfile),
+                           "-verify_other", catfile($ocspdir, $untrusted),
+                           "-no-CApath"])),
+                  $title); });
+    unlink "ocsp-resp-fff.dat";
+}
+
+plan tests => 11;
+
+subtest "=== VALID OCSP RESPONSES ===" => sub {
+    plan tests => 7;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "ND2.ors", "ND2_Issuer_Root.pem", "", 0);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "ND3.ors", "ND3_Issuer_Root.pem", "", 0);
+    test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
+	      "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "D1.ors", "D1_Issuer_ICA.pem", "", 0);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "D2.ors", "D2_Issuer_Root.pem", "", 0);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "D3.ors", "D3_Issuer_Root.pem", "", 0);
+};
+
+subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
+    plan tests => 3;
+
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
+    plan tests => 3;
+
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
+    plan tests => 6;
+
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
+};
+
+subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
+    plan tests => 6;
+
+    # Expect success, because we're explicitly trusting the issuer certificate.
+    test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
+	      "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
+    test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
+	      "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
+    test_ocsp("NON-DELEGATED; Root CA -> EE",
+	      "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
+    test_ocsp("DELEGATED; Intermediate CA -> EE",
+	      "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
+    test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+	      "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
+    test_ocsp("DELEGATED; Root CA -> EE",
+	      "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
+};
+
+subtest "=== OCSP API TESTS===" => sub {
+    plan tests => 1;
+
+    ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])),
+                 "running ocspapitest");
+}
diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem
new file mode 100644
index 0000000..f70e792
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwSzEQMA4GA1UECgwHT3Bl
+blNTTDETMBEGA1UECwwKVGVzdCBTdWl0ZTEiMCAGA1UEAwwZVGVzdCBPQ1NQIHJl
+c3BvbnNlIHNpZ25lcjAeFw0xNzEwMjMxNDA4MDlaFw0yNjAxMDkxNDA4MDlaMEsx
+EDAOBgNVBAoMB09wZW5TU0wxEzARBgNVBAsMClRlc3QgU3VpdGUxIjAgBgNVBAMM
+GVRlc3QgT0NTUCByZXNwb25zZSBzaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC81prq23FY2YDuwiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7b
+EEgWnQOJmz4zTuU+Bw2duHZ1X2WUR/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd0
+5VEq6WzWVWAX6ki/CZIJUihzj3AAn/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2
+zXf5BdE9XkayM3jq6Ewc/VZ05EA/LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvM
+dbNOyJCx9NNeryZMv2wRzEaYp6jYao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW
+9KAK3UEptoxux8JHH9R8X5bTVE7HADHhG5s7AgMBAAGjGjAYMAkGA1UdEwQCMAAw
+CwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPkojVPBFNT9DGpLq9Y/Hl
+XhcA+vSdt83EFzPD/nxIMp/QYSnZ9w2SWL21AH4C+HWd4JuKX5Zlsd6qYobYZLcT
+TyVfw0OMwwPUI6Mxbz395EAnVLmtddN2RDsEYvThSMMoSfhtUwyANpA0Q6M8RcGt
+LwnaC69iXhBh1xcTVVg97yEJ22yIrwQ1GhX4F1PRJIAQ/QmQhnoTGlhl2VAQ3LIk
+lNFxkWbx0rqPIcor27QDNa2DPqioyvHMlkjC1h5EPhL9Ynu011r4Dn9A34+vFxeu
+Q+emRwl/JjCNZX4l/AripU/Cy/+J2YGKilKzRcB1QMMVSl0VaeLSCwkNDQtdlwWO
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem
new file mode 100644
index 0000000..cd211dc
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC81prq23FY2YDu
+wiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7bEEgWnQOJmz4zTuU+Bw2duHZ1X2WU
+R/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd05VEq6WzWVWAX6ki/CZIJUihzj3AA
+n/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2zXf5BdE9XkayM3jq6Ewc/VZ05EA/
+LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvMdbNOyJCx9NNeryZMv2wRzEaYp6jY
+ao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW9KAK3UEptoxux8JHH9R8X5bTVE7H
+ADHhG5s7AgMBAAECggEBAJLp946eeVmhpiCa5XGWPwlbzwlY1BrNCRGADbC9ZRVu
+ew1jMiWGTj9hmr31DHhIeis+u4YoW+jG9jVdoU5pJc3Fs0URbdsVc0FtVcsPyFbk
+gGsCQQ4t1m8nOaiqtV8Fw+D0piwgQh5dysqBp374z4i6Lt47CHqFs/m2qIWnXp3E
+YF3xX2Zz9rIgejERRxrUnp5998NqxSYHPF7Ts4VQ/+UezUqEpA2jBs6cJ2tWVNR9
+uf+3Fklpo7Uau+xG5xkiRYxx4mSIg6EREz5+XMPkSOcXi6tyinoKsafxTNQDil0q
+pdurVlHNgZb2QdJjHugVmbalydHIQ5c0CU1RO5CP97kCgYEA7RqrRooniil0iAKR
+6scFct0juVBW1Uw05Ejt97RtwQRf/m9SU5mSs0PfFx/l3PeNDSWnpmwunL1igYQb
++tVqDQQ9xR4owyl6/qDJSP2bS84jb+3MCR4UE/b2YR2rCDBllXeyQsDT7KMoW8lX
+gliWmYd6HYddRDOKNM/tzccFG1cCgYEAy+M6yv0ublrpTj4o8DcOi6JJrQbPSAWx
+R7zKDXSvSq5lLjfXmqX4s/jgZWgQ+kYoYZrIOqIygcZ2U6tBMCP2LAhbf86I6r27
+loMyQg7lhC5GCztpGes4/JmUvnvjTUIFspB6ReaXlBFAstzzJirgI1wmoO6+GiG/
+OUDmvCjFdL0CgYALQGa8VDYIImt7QNP31jX1+3SEiMF2IcWox6UzSgajUDfV9SZs
+/S6u/xuJF2RrFfxFkXHhPeUAXyRbjQ9e2d3MfFUKE6JPkJpblvm2UwKZmFCqMRir
+nhfJ0sBiX2wMWW+YpjN5Y3krE5sIsAdNEjMjWgB7gj70y5VVaECasUUWxQKBgQDB
+aauqSIc1VLSh7sGzLudzet5db2pPLmdAYE1kel6Xf9yn/X1gTTYitGNaj2Abq1Y/
+US/Ev30eMwCo2nqaimLK3pq+IVUtKhO78nVIyQzdWXBE03Uei0+iAKdkE+5Kqejx
+vbDggqEka0Fu678VY/MAWDikzhY0f/MBAxpfQGYgGQKBgC0tR1ymvCLkk6J5e4/G
+OD1D9m2JJjcK4eWUS4rAiEH61sI5CKQRU2pQ3f3cIGekDZZt3XzHLYwc9W2UnN2J
+glMmKXp0qqt2HoE/XKLrIc1dEDXsZxFnMZ6nmWKsl4AHxM/gyXqfDo/AUXyEGcVu
+8TbVs3nlISUy7vwjpaW1KOs1
+-----END PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/recipes/80-test_pkcs12.t b/openssl-1.1.0h/test/recipes/80-test_pkcs12.t
new file mode 100644
index 0000000..430df67
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_pkcs12.t
@@ -0,0 +1,68 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+use Encode;
+
+setup("test_pkcs12");
+
+plan skip_all => "The PKCS12 command line utility is not supported by this OpenSSL build"
+    if disabled("des");
+
+my $pass = "σ�νθημα γνώ�ισμα";
+
+my $savedcp;
+if (eval { require Win32::API; 1; }) {
+    # Trouble is that Win32 perl uses CreateProcessA, which
+    # makes it problematic to pass non-ASCII arguments, from perl[!]
+    # that is. This is because CreateProcessA is just a wrapper for
+    # CreateProcessW and will call MultiByteToWideChar and use
+    # system default locale. Since we attempt Greek pass-phrase
+    # conversion can be done only with Greek locale.
+
+    Win32::API->Import("kernel32","UINT GetSystemDefaultLCID()");
+    if (GetSystemDefaultLCID() != 0x408) {
+        plan skip_all => "Non-Greek system locale";
+    } else {
+        # Ensure correct code page so that VERBOSE output is right.
+        Win32::API->Import("kernel32","UINT GetConsoleOutputCP()");
+        Win32::API->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)");
+        $savedcp = GetConsoleOutputCP();
+        SetConsoleOutputCP(1253);
+        $pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass));
+    }
+} elsif ($^O eq "MSWin32") {
+    plan skip_all => "Win32::API unavailable";
+} else {
+    # Running MinGW tests transparently under Wine apparently requires
+    # UTF-8 locale...
+
+    foreach(`locale -a`) {
+        s/\R$//;
+        if ($_ =~ m/^C\.UTF\-?8/i) {
+            $ENV{LC_ALL} = $_;
+            last;
+        }
+    }
+}
+$ENV{OPENSSL_WIN32_UTF8}=1;
+
+plan tests => 1;
+
+# just see that we can read shibboleth.pfx protected with $pass
+ok(run(app(["openssl", "pkcs12", "-noout",
+            "-password", "pass:$pass",
+            "-in", srctop_file("test", "shibboleth.pfx")])),
+   "test_pkcs12");
+
+SetConsoleOutputCP($savedcp) if (defined($savedcp));
diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_new.t b/openssl-1.1.0h/test/recipes/80-test_ssl_new.t
new file mode 100644
index 0000000..287defe
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ssl_new.t
@@ -0,0 +1,133 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Basename;
+use File::Compare qw/compare_text/;
+use OpenSSL::Glob;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
+
+setup("test_ssl_new");
+
+$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+
+my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+map { s/;.*// } @conf_srcs if $^O eq "VMS";
+my @conf_files = map { basename($_, ".in") } @conf_srcs;
+map { s/\^// } @conf_files if $^O eq "VMS";
+
+# We hard-code the number of tests to double-check that the globbing above
+# finds all files as expected.
+plan tests => 19;  # = scalar @conf_srcs
+
+# Some test results depend on the configuration of enabled protocols. We only
+# verify generated sources in the default configuration.
+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
+                      !disabled("tls1_1") && !disabled("tls1_2"));
+
+my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
+
+my $no_tls = alldisabled(available_protocols("tls"));
+my $no_dtls = alldisabled(available_protocols("dtls"));
+my $no_npn = disabled("nextprotoneg");
+my $no_ct = disabled("ct");
+my $no_ec = disabled("ec");
+my $no_ec2m = disabled("ec2m");
+my $no_ocsp = disabled("ocsp");
+
+# Add your test here if the test conf.in generates test cases and/or
+# expectations dynamically based on the OpenSSL compile-time config.
+my %conf_dependent_tests = (
+  "02-protocol-version.conf" => !$is_default_tls,
+  "04-client_auth.conf" => !$is_default_tls,
+  "07-dtls-protocol-version.conf" => !$is_default_dtls,
+  "10-resumption.conf" => !$is_default_tls,
+  "11-dtls_resumption.conf" => !$is_default_dtls,
+  "17-renegotiate.conf" => disabled("tls1_2"),
+  "18-dtls-renegotiate.conf" => disabled("dtls1_2"),
+);
+
+# Add your test here if it should be skipped for some compile-time
+# configurations. Default is $no_tls but some tests have different skip
+# conditions.
+my %skip = (
+  "07-dtls-protocol-version.conf" => $no_dtls,
+  "08-npn.conf" => $no_tls || $no_npn,
+  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
+  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
+  "12-ct.conf" => $no_tls || $no_ct || $no_ec,
+  # We could run some of these tests without TLS 1.2 if we had a per-test
+  # disable instruction but that's a bizarre configuration not worth
+  # special-casing for.
+  # We should review this once we have TLS 1.3.
+  "13-fragmentation.conf" => disabled("tls1_2"),
+  "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
+  "15-certstatus.conf" => $no_tls || $no_ocsp,
+  "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
+  "18-dtls-renegotiate.conf" => $no_dtls,
+  "19-mac-then-encrypt.conf" => disabled("tls1_2"),
+);
+
+foreach my $conf (@conf_files) {
+    subtest "Test configuration $conf" => sub {
+        test_conf($conf,
+                  $conf_dependent_tests{$conf} || $^O eq "VMS" ?  0 : 1,
+                  defined($skip{$conf}) ? $skip{$conf} : $no_tls);
+    }
+}
+
+sub test_conf {
+    plan tests => 3;
+
+    my ($conf, $check_source, $skip) = @_;
+
+    my $conf_file = srctop_file("test", "ssl-tests", $conf);
+    my $tmp_file = "${conf}.$$.tmp";
+    my $run_test = 1;
+
+  SKIP: {
+      # "Test" 1. Generate the source.
+      my $input_file = $conf_file . ".in";
+
+      skip 'failure', 2 unless
+        ok(run(perltest(["generate_ssl_tests.pl", $input_file],
+                        interpreter_args => [ "-I", srctop_dir("util", "perl")],
+                        stdout => $tmp_file)),
+           "Getting output from generate_ssl_tests.pl.");
+
+    SKIP: {
+        # Test 2. Compare against existing output in test/ssl_tests.conf.
+        skip "Skipping generated source test for $conf", 1
+          if !$check_source;
+
+        $run_test = is(cmp_text($tmp_file, $conf_file), 0,
+                       "Comparing generated sources.");
+      }
+
+      # Test 3. Run the test.
+      skip "No tests available; skipping tests", 1 if $skip;
+      skip "Stale sources; skipping tests", 1 if !$run_test;
+
+      ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
+    }
+
+    unlink glob $tmp_file;
+}
+
+sub cmp_text {
+    return compare_text(@_, sub {
+        $_[0] =~ s/\R//g;
+        $_[1] =~ s/\R//g;
+        return $_[0] ne $_[1];
+    });
+}
diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_old.t b/openssl-1.1.0h/test/recipes/80-test_ssl_old.t
new file mode 100644
index 0000000..6468bd6
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ssl_old.t
@@ -0,0 +1,629 @@
+#! /usr/bin/env perl
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use File::Basename;
+use File::Copy;
+use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
+use OpenSSL::Test::Utils;
+
+setup("test_ssl");
+
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+
+my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
+    $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
+    $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
+    anydisabled qw/rsa dsa dh ec srp psk
+                   ssl3 tls1 tls1_1 tls1_2
+                   dtls dtls1 dtls1_2 ct/;
+my $no_anytls = alldisabled(available_protocols("tls"));
+my $no_anydtls = alldisabled(available_protocols("dtls"));
+
+plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build"
+    if $no_anytls && $no_anydtls;
+
+my $digest = "-sha1";
+my @reqcmd = ("openssl", "req");
+my @x509cmd = ("openssl", "x509", $digest);
+my @verifycmd = ("openssl", "verify");
+my @gendsacmd = ("openssl", "gendsa");
+my $dummycnf = srctop_file("apps", "openssl.cnf");
+
+my $CAkey = "keyCA.ss";
+my $CAcert="certCA.ss";
+my $CAserial="certCA.srl";
+my $CAreq="reqCA.ss";
+my $CAconf=srctop_file("test","CAss.cnf");
+my $CAreq2="req2CA.ss";	# temp
+
+my $Uconf=srctop_file("test","Uss.cnf");
+my $Ukey="keyU.ss";
+my $Ureq="reqU.ss";
+my $Ucert="certU.ss";
+
+my $Dkey="keyD.ss";
+my $Dreq="reqD.ss";
+my $Dcert="certD.ss";
+
+my $Ekey="keyE.ss";
+my $Ereq="reqE.ss";
+my $Ecert="certE.ss";
+
+my $P1conf=srctop_file("test","P1ss.cnf");
+my $P1key="keyP1.ss";
+my $P1req="reqP1.ss";
+my $P1cert="certP1.ss";
+my $P1intermediate="tmp_intP1.ss";
+
+my $P2conf=srctop_file("test","P2ss.cnf");
+my $P2key="keyP2.ss";
+my $P2req="reqP2.ss";
+my $P2cert="certP2.ss";
+my $P2intermediate="tmp_intP2.ss";
+
+my $server_sess="server.ss";
+my $client_sess="client.ss";
+
+# ssltest_old.c is deprecated in favour of the new framework in ssl_test.c
+# If you're adding tests here, you probably want to convert them to the
+# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
+plan tests =>
+    1				# For testss
+    +6  			# For the first testssl
+    ;
+
+subtest 'test_ss' => sub {
+    if (testss()) {
+	open OUT, ">", "intP1.ss";
+	copy($CAcert, \*OUT); copy($Ucert, \*OUT);
+	close OUT;
+
+	open OUT, ">", "intP2.ss";
+	copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT);
+	close OUT;
+    }
+};
+
+note('test_ssl -- key U');
+testssl("keyU.ss", $Ucert, $CAcert);
+
+# -----------
+# subtest functions
+sub testss {
+    open RND, ">>", ".rnd";
+    print RND "string to make the random number generator think it has entropy";
+    close RND;
+
+    my @req_dsa = ("-newkey",
+                   "dsa:".srctop_file("apps", "dsa1024.pem"));
+    my $dsaparams = srctop_file("apps", "dsa1024.pem");
+    my @req_new;
+    if ($no_rsa) {
+	@req_new = @req_dsa;
+    } else {
+	@req_new = ("-new");
+    }
+
+    plan tests => 17;
+
+  SKIP: {
+      skip 'failure', 16 unless
+	  ok(run(app([@reqcmd, "-config", $CAconf,
+		      "-out", $CAreq, "-keyout", $CAkey,
+		      @req_new])),
+	     'make cert request');
+
+      skip 'failure', 15 unless
+	  ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30",
+		      "-req", "-out", $CAcert, "-signkey", $CAkey,
+		      "-extfile", $CAconf, "-extensions", "v3_ca"],
+		     stdout => "err.ss")),
+	     'convert request into self-signed cert');
+
+      skip 'failure', 14 unless
+	  ok(run(app([@x509cmd, "-in", $CAcert,
+		      "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2],
+		     stdout => "err.ss")),
+	     'convert cert into a cert request');
+
+      skip 'failure', 13 unless
+	  ok(run(app([@reqcmd, "-config", $dummycnf,
+		      "-verify", "-in", $CAreq, "-noout"])),
+	     'verify request 1');
+
+
+      skip 'failure', 12 unless
+	  ok(run(app([@reqcmd, "-config", $dummycnf,
+		      "-verify", "-in", $CAreq2, "-noout"])),
+	     'verify request 2');
+
+      skip 'failure', 11 unless
+	  ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])),
+	     'verify signature');
+
+      skip 'failure', 10 unless
+	  ok(run(app([@reqcmd, "-config", $Uconf,
+		      "-out", $Ureq, "-keyout", $Ukey, @req_new],
+		     stdout => "err.ss")),
+	     'make a user cert request');
+
+      skip 'failure', 9 unless
+	  ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30",
+		      "-req", "-out", $Ucert,
+		      "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial,
+		      "-extfile", $Uconf, "-extensions", "v3_ee"],
+		     stdout => "err.ss"))
+	     && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])),
+	     'sign user cert request');
+
+      skip 'failure', 8 unless
+	  ok(run(app([@x509cmd,
+		      "-subject", "-issuer", "-startdate", "-enddate",
+		      "-noout", "-in", $Ucert])),
+	     'Certificate details');
+
+      skip 'failure', 7 unless
+          subtest 'DSA certificate creation' => sub {
+              plan skip_all => "skipping DSA certificate creation"
+                  if $no_dsa;
+
+              plan tests => 5;
+
+            SKIP: {
+                $ENV{CN2} = "DSA Certificate";
+                skip 'failure', 4 unless
+                    ok(run(app([@gendsacmd, "-out", $Dkey,
+                                $dsaparams],
+                               stdout => "err.ss")),
+                       "make a DSA key");
+                skip 'failure', 3 unless
+                    ok(run(app([@reqcmd, "-new", "-config", $Uconf,
+                                "-out", $Dreq, "-key", $Dkey],
+                               stdout => "err.ss")),
+                       "make a DSA user cert request");
+                skip 'failure', 2 unless
+                    ok(run(app([@x509cmd, "-CAcreateserial",
+                                "-in", $Dreq,
+                                "-days", "30",
+                                "-req",
+                                "-out", $Dcert,
+                                "-CA", $CAcert, "-CAkey", $CAkey,
+                                "-CAserial", $CAserial,
+                                "-extfile", $Uconf,
+                                "-extensions", "v3_ee_dsa"],
+                               stdout => "err.ss")),
+                       "sign DSA user cert request");
+                skip 'failure', 1 unless
+                    ok(run(app([@verifycmd, "-CAfile", $CAcert, $Dcert])),
+                       "verify DSA user cert");
+                skip 'failure', 0 unless
+                    ok(run(app([@x509cmd,
+                                "-subject", "-issuer",
+                                "-startdate", "-enddate", "-noout",
+                                "-in", $Dcert])),
+                       "DSA Certificate details");
+              }
+      };
+
+      skip 'failure', 6 unless
+          subtest 'ECDSA/ECDH certificate creation' => sub {
+              plan skip_all => "skipping ECDSA/ECDH certificate creation"
+                  if $no_ec;
+
+              plan tests => 5;
+
+            SKIP: {
+                $ENV{CN2} = "ECDSA Certificate";
+                skip 'failure', 4 unless
+                    ok(run(app(["openssl", "ecparam", "-name", "P-256",
+                                "-out", "ecp.ss"])),
+                       "make EC parameters");
+                skip 'failure', 3 unless
+                    ok(run(app([@reqcmd, "-config", $Uconf,
+                                "-out", $Ereq, "-keyout", $Ekey,
+                                "-newkey", "ec:ecp.ss"],
+                               stdout => "err.ss")),
+                       "make a ECDSA/ECDH user cert request");
+                skip 'failure', 2 unless
+                    ok(run(app([@x509cmd, "-CAcreateserial",
+                                "-in", $Ereq,
+                                "-days", "30",
+                                "-req",
+                                "-out", $Ecert,
+                                "-CA", $CAcert, "-CAkey", $CAkey,
+                                "-CAserial", $CAserial,
+                                "-extfile", $Uconf,
+                                "-extensions", "v3_ee_ec"],
+                               stdout => "err.ss")),
+                       "sign ECDSA/ECDH user cert request");
+                skip 'failure', 1 unless
+                    ok(run(app([@verifycmd, "-CAfile", $CAcert, $Ecert])),
+                       "verify ECDSA/ECDH user cert");
+                skip 'failure', 0 unless
+                    ok(run(app([@x509cmd,
+                                "-subject", "-issuer",
+                                "-startdate", "-enddate", "-noout",
+                                "-in", $Ecert])),
+                       "ECDSA Certificate details");
+              }
+      };
+
+      skip 'failure', 5 unless
+	  ok(run(app([@reqcmd, "-config", $P1conf,
+		      "-out", $P1req, "-keyout", $P1key, @req_new],
+		     stdout => "err.ss")),
+	     'make a proxy cert request');
+
+
+      skip 'failure', 4 unless
+	  ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30",
+		      "-req", "-out", $P1cert,
+		      "-CA", $Ucert, "-CAkey", $Ukey,
+		      "-extfile", $P1conf, "-extensions", "v3_proxy"],
+		     stdout => "err.ss")),
+	     'sign proxy with user cert');
+
+      copy($Ucert, $P1intermediate);
+      run(app([@verifycmd, "-CAfile", $CAcert,
+	       "-untrusted", $P1intermediate, $P1cert]));
+      ok(run(app([@x509cmd,
+		  "-subject", "-issuer", "-startdate", "-enddate",
+		  "-noout", "-in", $P1cert])),
+	 'Certificate details');
+
+      skip 'failure', 2 unless
+	  ok(run(app([@reqcmd, "-config", $P2conf,
+		      "-out", $P2req, "-keyout", $P2key,
+		      @req_new],
+		     stdout => "err.ss")),
+	     'make another proxy cert request');
+
+
+      skip 'failure', 1 unless
+	  ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30",
+		      "-req", "-out", $P2cert,
+		      "-CA", $P1cert, "-CAkey", $P1key,
+		      "-extfile", $P2conf, "-extensions", "v3_proxy"],
+		     stdout => "err.ss")),
+	     'sign second proxy cert request with the first proxy cert');
+
+
+      open OUT, ">", $P2intermediate;
+      copy($Ucert, \*OUT); copy($P1cert, \*OUT);
+      close OUT;
+      run(app([@verifycmd, "-CAfile", $CAcert,
+	       "-untrusted", $P2intermediate, $P2cert]));
+      ok(run(app([@x509cmd,
+		  "-subject", "-issuer", "-startdate", "-enddate",
+		  "-noout", "-in", $P2cert])),
+	 'Certificate details');
+    }
+}
+
+sub testssl {
+    my ($key, $cert, $CAtmp) = @_;
+    my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
+
+    my @ssltest = ("ssltest_old",
+		   "-s_key", $key, "-s_cert", $cert,
+		   "-c_key", $key, "-c_cert", $cert);
+
+    my $serverinfo = srctop_file("test","serverinfo.pem");
+
+    my $dsa_cert = 0;
+    if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert,
+					"-text", "-noout"]), capture => 1)) {
+	$dsa_cert = 1;
+    }
+
+
+    # plan tests => 11;
+
+    subtest 'standard SSL tests' => sub {
+	######################################################################
+      plan tests => 21;
+
+      SKIP: {
+	  skip "SSLv3 is not supported by this OpenSSL build", 4
+	      if disabled("ssl3");
+
+	  ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
+	     'test sslv3 via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
+	     'test sslv3 with server authentication via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
+	     'test sslv3 with client authentication via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
+	     'test sslv3 with both server and client authentication via BIO pair');
+	}
+
+      SKIP: {
+	  skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1
+	      if $no_anytls;
+
+	  ok(run(test([@ssltest, "-bio_pair"])),
+	     'test sslv2/sslv3 via BIO pair');
+	}
+
+      SKIP: {
+	  skip "DTLSv1 is not supported by this OpenSSL build", 4
+	      if disabled("dtls1");
+
+	  ok(run(test([@ssltest, "-dtls1"])),
+	     'test dtlsv1');
+	  ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])),
+	   'test dtlsv1 with server authentication');
+	  ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])),
+	     'test dtlsv1 with client authentication');
+	  ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])),
+	     'test dtlsv1 with both server and client authentication');
+	}
+
+      SKIP: {
+	  skip "DTLSv1.2 is not supported by this OpenSSL build", 4
+	      if disabled("dtls1_2");
+
+	  ok(run(test([@ssltest, "-dtls12"])),
+	     'test dtlsv1.2');
+	  ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])),
+	     'test dtlsv1.2 with server authentication');
+	  ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])),
+	     'test dtlsv1.2 with client authentication');
+	  ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])),
+	     'test dtlsv1.2 with both server and client authentication');
+	}
+
+      SKIP: {
+	  skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8
+	      if $no_anytls;
+
+	SKIP: {
+	    skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert;
+
+	    ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
+	       'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
+	  }
+
+	  ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
+	     'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
+	     'test sslv2/sslv3 with server authentication');
+	  ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
+	     'test sslv2/sslv3 with client authentication via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
+	     'test sslv2/sslv3 with both client and server authentication via BIO pair');
+	  ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
+	     'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
+
+        SKIP: {
+            skip "No IPv4 available on this machine", 1
+                unless !disabled("sock") && have_IPv4();
+            ok(run(test([@ssltest, "-ipv4"])),
+               'test TLS via IPv4');
+          }
+
+        SKIP: {
+            skip "No IPv6 available on this machine", 1
+                unless !disabled("sock") && have_IPv6();
+            ok(run(test([@ssltest, "-ipv6"])),
+               'test TLS via IPv6');
+          }
+        }
+    };
+
+    subtest "Testing ciphersuites" => sub {
+
+        my @exkeys = ();
+        my $ciphers = "-PSK:-SRP";
+
+        if ($no_dh) {
+            note "skipping DHE tests\n";
+            $ciphers .= ":-kDHE";
+        }
+        if ($no_dsa) {
+            note "skipping DSA tests\n";
+            $ciphers .= ":-aDSA";
+        } else {
+            push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
+        }
+
+        if ($no_ec) {
+            note "skipping EC tests\n";
+            $ciphers .= ":!aECDSA:!kECDH";
+        } else {
+            push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
+        }
+
+	my @protocols = ();
+	# We only use the flags that ssltest_old understands
+	push @protocols, "-tls1_2" unless $no_tls1_2;
+	push @protocols, "-tls1" unless $no_tls1;
+	push @protocols, "-ssl3" unless $no_ssl3;
+	my $protocolciphersuitecount = 0;
+	my %ciphersuites = ();
+	foreach my $protocol (@protocols) {
+	    $ciphersuites{$protocol} =
+		[ map { s|\R||; split(/:/, $_) }
+		  run(app(["openssl", "ciphers", "-s", $protocol,
+			   "ALL:$ciphers"]), capture => 1) ];
+	    $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+	}
+
+        plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build"
+            if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
+
+        # The count of protocols is because in addition to the ciphersuits
+        # we got above, we're running a weak DH test for each protocol
+	plan tests => $protocolciphersuitecount + scalar(keys %ciphersuites);
+
+	foreach my $protocol (sort keys %ciphersuites) {
+	    note "Testing ciphersuites for $protocol";
+	    # ssltest_old doesn't know -tls1_2, but that's fine, since that's
+	    # the default choice if TLSv1.2 enabled
+	    my $flag = $protocol eq "-tls1_2" ? "" : $protocol;
+	    foreach my $cipher (@{$ciphersuites{$protocol}}) {
+                if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
+                    note "*****SKIPPING $protocol $cipher";
+                    ok(1);
+                } else {
+                    ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
+                                 $flag || ()])),
+                       "Testing $cipher");
+               }
+	    }
+            is(run(test([@ssltest,
+                         "-s_cipher", "EDH",
+                         "-c_cipher", 'EDH:@SECLEVEL=1',
+                         "-dhe512",
+                         $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0,
+               "testing connection with weak DH, expecting failure");
+	}
+    };
+
+    subtest 'RSA/(EC)DHE/PSK tests' => sub {
+	######################################################################
+
+	plan tests => 5;
+
+      SKIP: {
+	  skip "TLSv1.0 is not supported by this OpenSSL build", 5
+	      if $no_tls1;
+
+	SKIP: {
+	    skip "skipping anonymous DH tests", 1
+	      if ($no_dh);
+
+	    ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])),
+	       'test tlsv1 with 1024bit anonymous DH, multiple handshakes');
+	  }
+
+	SKIP: {
+	    skip "skipping RSA tests", 2
+		if $no_rsa;
+
+	    ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])),
+	       'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes');
+
+	    skip "skipping RSA+DHE tests", 1
+		if $no_dh;
+
+	    ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])),
+	       'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes');
+	  }
+
+	SKIP: {
+	    skip "skipping PSK tests", 2
+	        if ($no_psk);
+
+	    ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
+	       'test tls1 with PSK');
+
+	    ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
+	       'test tls1 with PSK via BIO pair');
+	  }
+	}
+
+    };
+
+    subtest 'Custom Extension tests' => sub {
+	######################################################################
+
+	plan tests => 1;
+
+      SKIP: {
+	  skip "TLSv1.0 is not supported by this OpenSSL build", 1
+	      if $no_tls1;
+
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])),
+	     'test tls1 with custom extensions');
+	}
+    };
+
+    subtest 'Serverinfo tests' => sub {
+	######################################################################
+
+	plan tests => 5;
+
+      SKIP: {
+	  skip "TLSv1.0 is not supported by this OpenSSL build", 5
+	      if $no_tls1;
+
+	  note('echo test tls1 with serverinfo');
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo])));
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"])));
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"])));
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"])));
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"])));
+	}
+    };
+
+    subtest 'SRP tests' => sub {
+
+	plan tests => 4;
+
+      SKIP: {
+	  skip "skipping SRP tests", 4
+	      if $no_srp || alldisabled(grep !/^ssl3/, available_protocols("tls"));
+
+	  ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
+	     'test tls1 with SRP');
+
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
+	     'test tls1 with SRP via BIO pair');
+
+	  ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
+	     'test tls1 with SRP auth');
+
+	  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
+	     'test tls1 with SRP auth via BIO pair');
+	}
+    };
+}
+
+unlink $CAkey;
+unlink $CAcert;
+unlink $CAserial;
+unlink $CAreq;
+unlink $CAreq2;
+
+unlink $Ukey;
+unlink $Ureq;
+unlink $Ucert;
+unlink basename($Ucert, '.ss').'.srl';
+
+unlink $Dkey;
+unlink $Dreq;
+unlink $Dcert;
+
+unlink $Ekey;
+unlink $Ereq;
+unlink $Ecert;
+
+unlink $P1key;
+unlink $P1req;
+unlink $P1cert;
+unlink basename($P1cert, '.ss').'.srl';
+unlink $P1intermediate;
+unlink "intP1.ss";
+
+unlink $P2key;
+unlink $P2req;
+unlink $P2cert;
+unlink $P2intermediate;
+unlink "intP2.ss";
+
+unlink "ecp.ss";
+unlink "err.ss";
+
+unlink $server_sess;
+unlink $client_sess;
diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t b/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t
new file mode 100644
index 0000000..c593491
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t
@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_ssl_test_ctx");
+
+plan tests => 1;
+ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])),
+   "running ssl_test_ctx_test ssl_test_ctx_test.conf");
diff --git a/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t b/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t
new file mode 100644
index 0000000..53f8a82
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t
@@ -0,0 +1,20 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_sslcorrupt");
+
+plan skip_all => "No TLS protocols are supported by this OpenSSL build"
+    if alldisabled(available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["sslcorrupttest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running sslcorrupttest");
diff --git a/openssl-1.1.0h/test/recipes/80-test_tsa.t b/openssl-1.1.0h/test/recipes/80-test_tsa.t
new file mode 100644
index 0000000..3ba14d4
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_tsa.t
@@ -0,0 +1,207 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use POSIX;
+use File::Spec::Functions qw/splitdir curdir catfile/;
+use File::Compare;
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_tsa");
+
+plan skip_all => "TS is not supported by this OpenSSL build"
+    if disabled("ts");
+
+# All these are modified inside indir further down. They need to exist
+# here, however, to be available in all subroutines.
+my $openssl_conf;
+my $testtsa;
+my $CAtsa;
+my @RUN;
+
+sub create_tsa_cert {
+    my $INDEX = shift;
+    my $EXT = shift;
+    my $r = 1;
+    $ENV{TSDNSECT} = "ts_cert_dn";
+
+    ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
+                "-out", "tsa_req${INDEX}.pem",
+                "-keyout", "tsa_key${INDEX}.pem"])));
+    note "using extension $EXT";
+    ok(run(app(["openssl", "x509", "-req",
+                "-in", "tsa_req${INDEX}.pem",
+                "-out", "tsa_cert${INDEX}.pem",
+                "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
+                "-CAcreateserial",
+                "-extfile", $openssl_conf, "-extensions", $EXT])));
+}
+
+sub create_time_stamp_response {
+    my $queryfile = shift;
+    my $outputfile = shift;
+    my $datafile = shift;
+
+    ok(run(app([@RUN, "-reply", "-section", "$datafile",
+                "-queryfile", "$queryfile", "-out", "$outputfile"])));
+}
+
+sub verify_time_stamp_response {
+    my $queryfile = shift;
+    my $inputfile = shift;
+    my $datafile = shift;
+
+    ok(run(app([@RUN, "-verify", "-queryfile", "$queryfile",
+                "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                "-untrusted", "tsa_cert1.pem"])));
+    ok(run(app([@RUN, "-verify", "-data", "$datafile",
+                "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                "-untrusted", "tsa_cert1.pem"])));
+}
+
+sub verify_time_stamp_response_fail {
+    my $queryfile = shift;
+    my $inputfile = shift;
+
+    ok(!run(app([@RUN, "-verify", "-queryfile", "$queryfile",
+                 "-in", "$inputfile", "-CAfile", "tsaca.pem",
+                 "-untrusted", "tsa_cert1.pem"])));
+}
+
+# main functions
+
+plan tests => 20;
+
+note "setting up TSA test directory";
+indir "tsa" => sub
+{
+    $openssl_conf = srctop_file("test", "CAtsa.cnf");
+    $testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
+    $CAtsa = srctop_file("test", "CAtsa.cnf");
+    @RUN = ("openssl", "ts", "-config", $openssl_conf);
+
+    # ../apps/CA.pl needs these
+    $ENV{OPENSSL_CONFIG} = "-config $openssl_conf";
+    $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
+
+ SKIP: {
+     $ENV{TSDNSECT} = "ts_ca_dn";
+     skip "failed", 19
+         unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
+                            "-new", "-x509", "-nodes",
+                            "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+                   'creating a new CA for the TSA tests');
+
+     skip "failed", 18
+         unless subtest 'creating tsa_cert1.pem TSA server cert' => sub {
+             create_tsa_cert("1", "tsa_cert")
+     };
+
+     skip "failed", 17
+         unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub {
+             create_tsa_cert("2", "non_tsa_cert")
+     };
+
+     skip "failed", 16
+         unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+                            "-tspolicy", "tsa_policy1", "-cert",
+                            "-out", "req1.tsq"])),
+                   'creating req1.req time stamp request for file testtsa');
+
+     ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])),
+        'printing req1.req');
+
+     subtest 'generating valid response for req1.req' => sub {
+         create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1")
+     };
+
+     ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])),
+        'printing response');
+
+     subtest 'verifying valid response' => sub {
+         verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa)
+     };
+
+     skip "failed", 11
+         unless subtest 'verifying valid token' => sub {
+             ok(run(app([@RUN, "-reply", "-in", "resp1.tsr",
+                         "-out", "resp1.tsr.token", "-token_out"])));
+             ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq",
+                         "-in", "resp1.tsr.token", "-token_in",
+                         "-CAfile", "tsaca.pem",
+                         "-untrusted", "tsa_cert1.pem"])));
+             ok(run(app([@RUN, "-verify", "-data", $testtsa,
+                         "-in", "resp1.tsr.token", "-token_in",
+                         "-CAfile", "tsaca.pem",
+                         "-untrusted", "tsa_cert1.pem"])));
+     };
+
+     skip "failed", 10
+         unless ok(run(app([@RUN, "-query", "-data", $testtsa,
+                            "-tspolicy", "tsa_policy2", "-no_nonce",
+                            "-out", "req2.tsq"])),
+                   'creating req2.req time stamp request for file testtsa');
+
+     ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])),
+        'printing req2.req');
+
+     skip "failed", 8
+         unless subtest 'generating valid response for req2.req' => sub {
+             create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1")
+     };
+
+     skip "failed", 7
+         unless subtest 'checking -token_in and -token_out options with -reply' => sub {
+             my $RESPONSE2="resp2.tsr.copy.tsr";
+             my $TOKEN_DER="resp2.tsr.token.der";
+
+             ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+                         "-out", "$TOKEN_DER", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+                         "-token_in", "-out", "$RESPONSE2"])));
+             is(compare($RESPONSE2, "resp2.tsr"), 0);
+             ok(run(app([@RUN, "-reply", "-in", "resp2.tsr",
+                         "-text", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER",
+                         "-token_in", "-text", "-token_out"])));
+             ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq",
+                         "-text", "-token_out"])));
+     };
+
+     ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])),
+        'printing response');
+
+     subtest 'verifying valid response' => sub {
+         verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa)
+     };
+
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req1.tsq", "resp2.tsr")
+     };
+
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req2.tsq", "resp1.tsr")
+     };
+
+     skip "failure", 2
+         unless ok(run(app([@RUN, "-query", "-data", $CAtsa,
+                            "-no_nonce", "-out", "req3.tsq"])),
+                   "creating req3.req time stamp request for file CAtsa.cnf");
+
+     ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])),
+        'printing req3.req');
+
+     subtest 'verifying response against wrong request, it should fail' => sub {
+         verify_time_stamp_response_fail("req3.tsq", "resp1.tsr")
+     };
+    }
+}, create => 1, cleanup => 1
diff --git a/openssl-1.1.0h/test/recipes/80-test_x509aux.t b/openssl-1.1.0h/test/recipes/80-test_x509aux.t
new file mode 100644
index 0000000..65ba5fc
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/80-test_x509aux.t
@@ -0,0 +1,27 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_x509aux");
+
+plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build"
+    if disabled("ec");
+
+plan tests => 1;                # The number of tests being performed
+
+ok(run(test(["x509aux", 
+                srctop_file("test", "certs", "roots.pem"),
+                srctop_file("test", "certs", "root+anyEKU.pem"),
+                srctop_file("test", "certs", "root-anyEKU.pem"),
+                srctop_file("test", "certs", "root-cert.pem")]
+        )), "x509aux tests");
diff --git a/openssl-1.1.0h/test/recipes/90-test_async.t b/openssl-1.1.0h/test/recipes/90-test_async.t
new file mode 100644
index 0000000..e0f1870
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_async.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_async", "asynctest", "async");
diff --git a/openssl-1.1.0h/test/recipes/90-test_bio_enc.t b/openssl-1.1.0h/test/recipes/90-test_bio_enc.t
new file mode 100644
index 0000000..aa7e42a
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_bio_enc.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_bio_enc", "bio_enc_test", "bio_enc");
diff --git a/openssl-1.1.0h/test/recipes/90-test_bioprint.t b/openssl-1.1.0h/test/recipes/90-test_bioprint.t
new file mode 100644
index 0000000..b86e828
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_bioprint.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_bioprint", "bioprinttest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_constant_time.t b/openssl-1.1.0h/test/recipes/90-test_constant_time.t
new file mode 100644
index 0000000..6fa73bf
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_constant_time.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_constant_time", "constant_time_test");
diff --git a/openssl-1.1.0h/test/recipes/90-test_fatalerr.t b/openssl-1.1.0h/test/recipes/90-test_fatalerr.t
new file mode 100644
index 0000000..361bc1f
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_fatalerr.t
@@ -0,0 +1,21 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_fatalerr");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["fatalerrtest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running fatalerrtest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_fuzz.t b/openssl-1.1.0h/test/recipes/90-test_fuzz.t
new file mode 100644
index 0000000..d152925
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_fuzz.t
@@ -0,0 +1,40 @@
+#!/usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_fuzz");
+
+my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'conf', 'crl', 'server', 'x509');
+if (!disabled("cms")) {
+    push @fuzzers, 'cms';
+}
+if (!disabled("ct")) {
+    push @fuzzers, 'ct';
+}
+plan tests => scalar @fuzzers;
+
+foreach my $f (@fuzzers) {
+    subtest "Fuzzing $f" => sub {
+        my @files = glob(srctop_file('fuzz', 'corpora', $f, '*'));
+        push @files, glob(srctop_file('fuzz', 'corpora', "$f-*", '*'));
+
+        plan skip_all => "No corpora for $f-test" unless @files;
+
+        plan tests => scalar @files;
+
+        foreach (@files) {
+            ok(run(fuzz(["$f-test", $_])));
+        }
+    }
+}
diff --git a/openssl-1.1.0h/test/recipes/90-test_gmdiff.t b/openssl-1.1.0h/test/recipes/90-test_gmdiff.t
new file mode 100644
index 0000000..f2cce41
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_gmdiff.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_gmdiff", "gmdifftest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_heartbeat.t b/openssl-1.1.0h/test/recipes/90-test_heartbeat.t
new file mode 100644
index 0000000..90d6a67
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_heartbeat.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_heartbeat", "heartbeat_test", "heartbeats");
diff --git a/openssl-1.1.0h/test/recipes/90-test_ige.t b/openssl-1.1.0h/test/recipes/90-test_ige.t
new file mode 100644
index 0000000..2ab4bd2
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_ige.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_ige", "igetest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_memleak.t b/openssl-1.1.0h/test/recipes/90-test_memleak.t
new file mode 100644
index 0000000..52357c7
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_memleak.t
@@ -0,0 +1,15 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+
+setup("test_memleak");
+plan tests => 2;
+ok(run(test(["memleaktest"])), "running leak test");
+ok(run(test(["memleaktest", "freeit"])), "running no leak test");
diff --git a/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t b/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t
new file mode 100644
index 0000000..710dc8b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_p5_crpt2", "p5_crpt2_test");
diff --git a/openssl-1.1.0h/test/recipes/90-test_secmem.t b/openssl-1.1.0h/test/recipes/90-test_secmem.t
new file mode 100644
index 0000000..d197c48
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_secmem.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_secmem", "secmemtest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_shlibload.t b/openssl-1.1.0h/test/recipes/90-test_shlibload.t
new file mode 100644
index 0000000..aa8d98d
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_shlibload.t
@@ -0,0 +1,38 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
+use OpenSSL::Test::Utils;
+
+#Load configdata.pm
+
+BEGIN {
+    setup("test_shlibload");
+}
+use lib bldtop_dir('.');
+use configdata;
+
+plan skip_all => "Test only supported in a shared build" if disabled("shared");
+
+plan tests => 3;
+
+my $libcrypto_idx = $unified_info{rename}->{libcrypto} // "libcrypto";
+my $libssl_idx = $unified_info{rename}->{libssl} // "libssl";
+my $libcrypto =
+    $unified_info{sharednames}->{$libcrypto_idx}.$target{shared_extension_simple};
+my $libssl =
+    $unified_info{sharednames}->{$libssl_idx}.$target{shared_extension_simple};
+
+ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])),
+   "running shlibloadtest -crypto_first");
+ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])),
+   "running shlibloadtest -ssl_first");
+ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])),
+   "running shlibloadtest -just_crypto");
+
diff --git a/openssl-1.1.0h/test/recipes/90-test_srp.t b/openssl-1.1.0h/test/recipes/90-test_srp.t
new file mode 100644
index 0000000..7026c35
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_srp.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_srp", "srptest", "srp");
diff --git a/openssl-1.1.0h/test/recipes/90-test_sslapi.t b/openssl-1.1.0h/test/recipes/90-test_sslapi.t
new file mode 100644
index 0000000..efaae3b
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_sslapi.t
@@ -0,0 +1,21 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_sslapi");
+
+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+    if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+
+plan tests => 1;
+
+ok(run(test(["sslapitest", srctop_file("apps", "server.pem"),
+             srctop_file("apps", "server.pem")])), "running sslapitest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_threads.t b/openssl-1.1.0h/test/recipes/90-test_threads.t
new file mode 100644
index 0000000..56d5338
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_threads.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_threads", "threadstest");
diff --git a/openssl-1.1.0h/test/recipes/90-test_v3name.t b/openssl-1.1.0h/test/recipes/90-test_v3name.t
new file mode 100644
index 0000000..2e144e5
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/90-test_v3name.t
@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_v3name", "v3nametest");
diff --git a/openssl-1.1.0h/test/recipes/bc.pl b/openssl-1.1.0h/test/recipes/bc.pl
new file mode 100644
index 0000000..dbb5842
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/bc.pl
@@ -0,0 +1,113 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use Math::BigInt;
+
+sub calc {
+    @_ = __adder(@_);
+    if (scalar @_ != 1) { return "NaN"; }
+    return shift;
+}
+
+sub __canonhex {
+    my ($sign, $hex) = (shift =~ /^([+\-]?)(.*)$/);
+    $hex = "0x".$hex if $hex !~ /^0x/;
+    return $sign.$hex;
+}
+
+sub __adder {
+    @_ = __multiplier(@_);
+    while (scalar @_ > 1 && $_[1] =~ /^[\+\-]$/) {
+	my $operand1 = Math::BigInt->from_hex(__canonhex(shift));
+	my $operator = shift;
+	@_ = __multiplier(@_);
+	my $operand2 = Math::BigInt->from_hex(__canonhex(shift));
+	if ($operator eq "+") {
+	    $operand1->badd($operand2);
+	} elsif ($operator eq "-") {
+	    $operand1->bsub($operand2);
+	} else {
+	    die "SOMETHING WENT AWFULLY WRONG";
+	}
+	unshift @_, $operand1->as_hex();
+    }
+    return @_;
+}
+
+sub __multiplier {
+    @_ = __power(@_);
+    while (scalar @_ > 1 && $_[1] =~ /^[\*\/%]$/) {
+	my $operand1 = Math::BigInt->from_hex(__canonhex(shift));
+	my $operator = shift;
+	@_ = __power(@_);
+	my $operand2 = Math::BigInt->from_hex(__canonhex(shift));
+	if ($operator eq "*") {
+	    $operand1->bmul($operand2);
+	} elsif ($operator eq "/") {
+	    # Math::BigInt->bdiv() is documented to do floored division,
+	    # i.e. 1 / -4 = -1, while bc and OpenSSL BN_div do truncated
+	    # division, i.e. 1 / -4 = 0.  We need to make the operation
+	    # work like OpenSSL's BN_div to be able to verify.
+	    my $neg = ($operand1->is_neg()
+		       ? !$operand2->is_neg() : $operand2->is_neg());
+	    $operand1->babs();
+	    $operand2->babs();
+	    $operand1->bdiv($operand2);
+	    if ($neg) { $operand1->bneg(); }
+	} elsif ($operator eq "%") {
+	    # Here's a bit of a quirk...
+	    # With OpenSSL's BN, as well as bc, the result of -10 % 3 is -1
+	    # while Math::BigInt, the result is 2.
+	    # The latter is mathematically more correct, but...
+	    my $o1isneg = $operand1->is_neg();
+	    $operand1->babs();
+	    # Math::BigInt does something different with a negative modulus,
+	    # while OpenSSL's BN and bc treat it like a positive number...
+	    $operand2->babs();
+	    $operand1->bmod($operand2);
+	    if ($o1isneg) { $operand1->bneg(); }
+	} else {
+	    die "SOMETHING WENT AWFULLY WRONG";
+	}
+	unshift @_, $operand1->as_hex();
+    }
+    return @_;
+}
+
+sub __power {
+    @_ = __paren(@_);
+    while (scalar @_ > 1 && $_[1] eq "^") {
+	my $operand1 = Math::BigInt->from_hex(__canonhex(shift));
+	shift;
+	@_ = __paren(@_);
+	my $operand2 = Math::BigInt->from_hex(__canonhex(shift));
+	$operand1->bpow($operand2);
+	unshift @_, $operand1->as_hex();
+    }
+    return @_;
+}
+
+# returns array ( $result, @remaining )
+sub __paren {
+    if (scalar @_ > 0 && $_[0] eq "(") {
+	shift;
+	my @result = __adder(@_);
+	if (scalar @_ == 0 || $_[0] ne ")") {
+	    return ("NaN");
+	}
+	shift;
+	return @result;
+    }
+    return @_;
+}
+
+1;
diff --git a/openssl-1.1.0h/test/recipes/tconversion.pl b/openssl-1.1.0h/test/recipes/tconversion.pl
new file mode 100644
index 0000000..1cf68dc
--- /dev/null
+++ b/openssl-1.1.0h/test/recipes/tconversion.pl
@@ -0,0 +1,105 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Compare qw/compare_text/;
+use File::Copy;
+use OpenSSL::Test qw/:DEFAULT/;
+
+my %conversionforms = (
+    # Default conversion forms.  Other series may be added with
+    # specific test types as key.
+    "*"		=> [ "d", "p" ],
+    "msb"	=> [ "d", "p", "msblob" ],
+    );
+sub tconversion {
+    my $testtype = shift;
+    my $t = shift;
+    my @conversionforms = 
+	defined($conversionforms{$testtype}) ?
+	@{$conversionforms{$testtype}} :
+	@{$conversionforms{"*"}};
+    my @openssl_args = @_;
+    if (!@openssl_args) { @openssl_args = ($testtype); }
+
+    my $n = scalar @conversionforms;
+    my $totaltests =
+	1			# for initializing
+	+ $n			# initial conversions from p to all forms (A)
+	+ $n*$n			# conversion from result of A to all forms (B)
+	+ 1			# comparing original test file to p form of A
+	+ $n*($n-1);		# comparing first conversion to each form in A with B
+    $totaltests-- if ($testtype eq "p7d"); # no comparison of original test file
+    plan tests => $totaltests;
+
+    my @cmd = ("openssl", @openssl_args);
+
+    my $init;
+    if (scalar @openssl_args > 0 && $openssl_args[0] eq "pkey") {
+	$init = ok(run(app([@cmd, "-in", $t, "-out", "$testtype-fff.p"])),
+		   'initializing');
+    } else {
+	$init = ok(copy($t, "$testtype-fff.p"), 'initializing');
+    }
+    if (!$init) {
+	diag("Trying to copy $t to $testtype-fff.p : $!");
+    }
+
+  SKIP: {
+      skip "Not initialized, skipping...", 22 unless $init;
+
+      foreach my $to (@conversionforms) {
+	  ok(run(app([@cmd,
+		      "-in", "$testtype-fff.p",
+		      "-inform", "p",
+		      "-out", "$testtype-f.$to",
+		      "-outform", $to])),
+	     "p -> $to");
+      }
+
+      foreach my $to (@conversionforms) {
+	  foreach my $from (@conversionforms) {
+	      ok(run(app([@cmd,
+			  "-in", "$testtype-f.$from",
+			  "-inform", $from,
+			  "-out", "$testtype-ff.$from$to",
+			  "-outform", $to])),
+		 "$from -> $to");
+	  }
+      }
+
+      if ($testtype ne "p7d") {
+	  is(cmp_text("$testtype-fff.p", "$testtype-f.p"), 0,
+	     'comparing orig to p');
+      }
+
+      foreach my $to (@conversionforms) {
+	  next if $to eq "d";
+	  foreach my $from (@conversionforms) {
+	      is(cmp_text("$testtype-f.$to", "$testtype-ff.$from$to"), 0,
+		 "comparing $to to $from$to");
+	  }
+      }
+    }
+    unlink glob "$testtype-f.*";
+    unlink glob "$testtype-ff.*";
+    unlink glob "$testtype-fff.*";
+}
+
+sub cmp_text {
+    return compare_text(@_, sub {
+        $_[0] =~ s/\R//g;
+        $_[1] =~ s/\R//g;
+        return $_[0] ne $_[1];
+    });
+}
+
+1;
diff --git a/openssl-1.1.0h/test/rmdtest.c b/openssl-1.1.0h/test/rmdtest.c
new file mode 100644
index 0000000..b6deaaa
--- /dev/null
+++ b/openssl-1.1.0h/test/rmdtest.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RMD160
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return (0);
+}
+#else
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+static char test[][100] = {
+    { "" },
+    { "a" },
+    { "abc" },
+    { "message digest" },
+    { "abcdefghijklmnopqrstuvwxyz" },
+    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
+    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
+};
+
+static char *ret[] = {
+    "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+    "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+    "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+    "5d0689ef49d2fae572b881b123a85ffa21595f36",
+    "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+    "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+    "b0e20b6e3116640286ed3a87a5713079b21f5189",
+    "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    unsigned int i;
+    int err = 0;
+    char **R;
+    char *p;
+    unsigned char md[RIPEMD160_DIGEST_LENGTH];
+
+    R = ret;
+    for (i = 0; i < OSSL_NELEM(test); i++) {
+# ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[i], test[i], strlen(test[i]));
+# endif
+        if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(),
+                        NULL)) {
+            printf("EVP Digest error.\n");
+            EXIT(1);
+        }
+        p = pt(md);
+        if (strcmp(p, (char *)*R) != 0) {
+            printf("error calculating RIPEMD160 on '%s'\n", test[i]);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i + 1);
+        R++;
+    }
+    EXIT(err);
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+#endif
diff --git a/openssl-1.1.0h/test/rsa_test.c b/openssl-1.1.0h/test/rsa_test.c
new file mode 100644
index 0000000..01e8374
--- /dev/null
+++ b/openssl-1.1.0h/test/rsa_test.c
@@ -0,0 +1,344 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return (0);
+}
+#else
+# include <openssl/rsa.h>
+
+# define SetKey \
+    RSA_set0_key(key,                                           \
+                 BN_bin2bn(n, sizeof(n)-1, NULL),               \
+                 BN_bin2bn(e, sizeof(e)-1, NULL),               \
+                 BN_bin2bn(d, sizeof(d)-1, NULL));              \
+    RSA_set0_factors(key,                                       \
+                     BN_bin2bn(p, sizeof(p)-1, NULL),           \
+                     BN_bin2bn(q, sizeof(q)-1, NULL));          \
+    RSA_set0_crt_params(key,                                    \
+                        BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL),  \
+                        BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL),  \
+                        BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
+    memcpy(c, ctext_ex, sizeof(ctext_ex) - 1);                  \
+    return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+{
+    static unsigned char n[] =
+        "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+        "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+        "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+        "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+        "\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+        "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+        "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+        "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+        "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+        "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+        "\x0D";
+
+    static unsigned char q[] =
+        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+        "\x89";
+
+    static unsigned char dmp1[] =
+        "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+        "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+        "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+        "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+        "\x51";
+
+    static unsigned char iqmp[] =
+        "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+        "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+        "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+        "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+        "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+        "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+}
+
+static int key2(RSA *key, unsigned char *c)
+{
+    static unsigned char n[] =
+        "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+        "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+        "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+        "\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+        "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+        "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+        "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+        "\xE5\xEB";
+
+    static unsigned char p[] =
+        "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+        "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+
+    static unsigned char dmp1[] =
+        "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+        "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+        "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+        "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+        "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+        "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+        "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+        "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+        "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+        "\x62\x51";
+
+    SetKey;
+}
+
+static int key3(RSA *key, unsigned char *c)
+{
+    static unsigned char n[] =
+        "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+        "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+        "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+        "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+        "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+        "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+        "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+        "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+        "\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+        "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+        "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+        "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+        "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+        "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+        "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+        "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+        "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+        "\xC1";
+
+    static unsigned char p[] =
+        "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+        "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+        "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+        "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+        "\x99";
+
+    static unsigned char q[] =
+        "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+        "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+        "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+        "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+        "\x03";
+
+    static unsigned char dmp1[] =
+        "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+        "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+        "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+        "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+        "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+        "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+        "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+        "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+
+    static unsigned char iqmp[] =
+        "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+        "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+        "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+        "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+        "\xF7";
+
+    static unsigned char ctext_ex[] =
+        "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+        "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+        "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+        "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+        "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+        "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+        "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+        "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+}
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+        if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+            return (1);
+    return (0);
+}
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+    int err = 0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+    int n;
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */
+
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 3; v++) {
+        key = RSA_new();
+        switch (v) {
+        case 0:
+            clen = key1(key, ctext_ex);
+            break;
+        case 1:
+            clen = key2(key, ctext_ex);
+            break;
+        case 2:
+            clen = key3(key, ctext_ex);
+            break;
+        }
+
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_PADDING);
+        if (num != clen) {
+            printf("PKCS#1 v1.5 encryption failed!\n");
+            err = 1;
+            goto oaep;
+        }
+
+        num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+            printf("PKCS#1 v1.5 decryption failed!\n");
+            err = 1;
+        } else
+            printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+ oaep:
+        ERR_clear_error();
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_OAEP_PADDING);
+        if (num == -1 && pad_unknown()) {
+            printf("No OAEP support\n");
+            goto next;
+        }
+        if (num != clen) {
+            printf("OAEP encryption failed!\n");
+            err = 1;
+            goto next;
+        }
+
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+            printf("OAEP decryption (encrypted data) failed!\n");
+            err = 1;
+        } else if (memcmp(ctext, ctext_ex, num) == 0)
+            printf("OAEP test vector %d passed!\n", v);
+
+        /*
+         * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try
+         * decrypting ctext_ex
+         */
+
+        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+            printf("OAEP decryption (test vector data) failed!\n");
+            err = 1;
+        } else
+            printf("OAEP encryption/decryption ok\n");
+
+        /* Try decrypting corrupted ciphertexts. */
+        for (n = 0; n < clen; ++n) {
+            ctext[n] ^= 1;
+            num = RSA_private_decrypt(clen, ctext, ptext, key,
+                                          RSA_PKCS1_OAEP_PADDING);
+            if (num > 0) {
+                printf("Corrupt data decrypted!\n");
+                err = 1;
+                break;
+            }
+            ctext[n] ^= 1;
+        }
+
+        /* Test truncated ciphertexts, as well as negative length. */
+        for (n = -1; n < clen; ++n) {
+            num = RSA_private_decrypt(n, ctext, ptext, key,
+                                      RSA_PKCS1_OAEP_PADDING);
+            if (num > 0) {
+                printf("Truncated data decrypted!\n");
+                err = 1;
+                break;
+            }
+        }
+
+ next:
+        RSA_free(key);
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        err = 1;
+#endif
+
+    return err;
+}
+#endif
diff --git a/openssl-1.1.0h/test/run_tests.pl b/openssl-1.1.0h/test/run_tests.pl
new file mode 100644
index 0000000..77dffb3
--- /dev/null
+++ b/openssl-1.1.0h/test/run_tests.pl
@@ -0,0 +1,113 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+# Recognise VERBOSE and V which is common on other projects.
+BEGIN {
+    $ENV{HARNESS_VERBOSE} = "yes" if $ENV{VERBOSE} || $ENV{V};
+}
+
+use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/;
+use File::Basename;
+use FindBin;
+use lib "$FindBin::Bin/../util/perl";
+use OpenSSL::Glob;
+use Module::Load::Conditional qw(can_load);
+
+my $TAP_Harness = can_load(modules => { 'TAP::Harness' => undef }) 
+    ? 'TAP::Harness' : 'OpenSSL::TAP::Harness';
+
+my $srctop = $ENV{SRCTOP} || $ENV{TOP};
+my $bldtop = $ENV{BLDTOP} || $ENV{TOP};
+my $recipesdir = catdir($srctop, "test", "recipes");
+my $libdir = rel2abs(catdir($srctop, "util", "perl"));
+
+my %tapargs =
+    ( verbosity => $ENV{VERBOSE} || $ENV{V} || $ENV{HARNESS_VERBOSE} ? 1 : 0,
+      lib       => [ $libdir ],
+      switches  => '-w',
+      merge     => 1
+    );
+
+my @tests = ( "alltests" );
+if (@ARGV) {
+    @tests = @ARGV;
+}
+my $list_mode = scalar(grep /^list$/, @tests) != 0;
+if (grep /^(alltests|list)$/, @tests) {
+    @tests = grep {
+	basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
+    } glob(catfile($recipesdir,"*.t"));
+} else {
+    my @t = ();
+    foreach (@tests) {
+	push @t, grep {
+	    basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
+	} glob(catfile($recipesdir,"*-$_.t"));
+    }
+    @tests = @t;
+}
+
+if ($list_mode) {
+    @tests = map { $_ = basename($_); $_ =~ s/^[0-9][0-9]-//; $_ =~ s/\.t$//;
+                   $_ } @tests;
+    print join("\n", @tests), "\n";
+} else {
+    @tests = map { abs2rel($_, rel2abs(curdir())); } @tests;
+
+    my $harness = $TAP_Harness->new(\%tapargs);
+    my $ret = $harness->runtests(sort @tests);
+
+    # $ret->has_errors may be any number, not just 0 or 1.  On VMS, numbers
+    # from 2 and on are used as is as VMS statuses, which has severity encoded
+    # in the lower 3 bits.  0 and 1, on the other hand, generate SUCCESS and
+    # FAILURE, so for currect reporting on all platforms, we make sure the only
+    # exit codes are 0 and 1.  Double-bang is the trick to do so.
+    exit !!$ret->has_errors if (ref($ret) eq "TAP::Parser::Aggregator");
+
+    # If this isn't a TAP::Parser::Aggregator, it's the pre-TAP test harness,
+    # which simply dies at the end if any test failed, so we don't need to
+    # bother with any exit code in that case.
+}
+
+
+# Fake TAP::Harness in case it's not loaded
+use Test::Harness;
+package OpenSSL::TAP::Harness;
+
+sub new {
+    my $class = shift;
+    my %args = %{ shift() };
+
+    return bless { %args }, $class;
+}
+
+sub runtests {
+    my $self = shift;
+
+    my @switches = ();
+    if ($self->{switches}) {
+	push @switches, $self->{switches};
+    }
+    if ($self->{lib}) {
+	foreach (@{$self->{lib}}) {
+	    my $l = $_;
+
+	    # It seems that $switches is getting interpreted with 'eval' or
+	    # something like that, and that we need to take care of backslashes
+	    # or they will disappear along the way.
+	    $l =~ s|\\|\\\\|g if $^O eq "MSWin32";
+	    push @switches, "-I$l";
+	}
+    }
+
+    $Test::Harness::switches = join(' ', @switches);
+    Test::Harness::runtests(@_);
+}
diff --git a/openssl-1.1.0h/test/sanitytest.c b/openssl-1.1.0h/test/sanitytest.c
new file mode 100644
index 0000000..f1228f1
--- /dev/null
+++ b/openssl-1.1.0h/test/sanitytest.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <internal/numbers.h>
+
+
+#define TEST(e) \
+    do { \
+        if (!(e)) { \
+            fprintf(stderr, "Failed " #e "\n"); \
+            failures++; \
+        } \
+    } while (0)
+
+
+enum smallchoices { sa, sb, sc };
+enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml };
+enum largechoices {
+    a01, b01, c01, d01, e01, f01, g01, h01, i01, j01,
+    a02, b02, c02, d02, e02, f02, g02, h02, i02, j02,
+    a03, b03, c03, d03, e03, f03, g03, h03, i03, j03,
+    a04, b04, c04, d04, e04, f04, g04, h04, i04, j04,
+    a05, b05, c05, d05, e05, f05, g05, h05, i05, j05,
+    a06, b06, c06, d06, e06, f06, g06, h06, i06, j06,
+    a07, b07, c07, d07, e07, f07, g07, h07, i07, j07,
+    a08, b08, c08, d08, e08, f08, g08, h08, i08, j08,
+    a09, b09, c09, d09, e09, f09, g09, h09, i09, j09,
+    a10, b10, c10, d10, e10, f10, g10, h10, i10, j10,
+    xxx };
+
+int main()
+{
+    char *p;
+    char bytes[sizeof(p)];
+    int failures = 0;
+
+    /* Is NULL equivalent to all-bytes-zero? */
+    p = NULL;
+    memset(bytes, 0, sizeof(bytes));
+    TEST(memcmp(&p, bytes, sizeof(bytes)) == 0);
+
+    /* Enum size */
+    TEST(sizeof(enum smallchoices) == sizeof(int));
+    TEST(sizeof(enum medchoices) == sizeof(int));
+    TEST(sizeof(enum largechoices) == sizeof(int));
+    /* Basic two's complement checks. */
+    TEST(~(-1) == 0);
+    TEST(~(-1L) == 0L);
+
+    /* Check that values with sign bit 1 and value bits 0 are valid */
+    TEST(-(INT_MIN + 1) == INT_MAX);
+    TEST(-(LONG_MIN + 1) == LONG_MAX);
+
+    /* Check that unsigned-to-signed conversions preserve bit patterns */
+    TEST((int)((unsigned int)INT_MAX + 1) == INT_MIN);
+    TEST((long)((unsigned long)LONG_MAX + 1) == LONG_MIN);
+
+    return failures;
+}
diff --git a/openssl-1.1.0h/test/secmemtest.c b/openssl-1.1.0h/test/secmemtest.c
new file mode 100644
index 0000000..9405f34
--- /dev/null
+++ b/openssl-1.1.0h/test/secmemtest.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+
+#define perror_line()    perror_line1(__LINE__)
+#define perror_line1(l)  perror_line2(l)
+#define perror_line2(l)  perror("failed " #l)
+
+int main(int argc, char **argv)
+{
+#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
+    char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
+
+    s = OPENSSL_secure_malloc(20);
+    /* s = non-secure 20 */
+    if (s == NULL) {
+        perror_line();
+        return 1;
+    }
+    if (CRYPTO_secure_allocated(s)) {
+        perror_line();
+        return 1;
+    }
+    r = OPENSSL_secure_malloc(20);
+    /* r = non-secure 20, s = non-secure 20 */
+    if (r == NULL) {
+        perror_line();
+        return 1;
+    }
+    if (!CRYPTO_secure_malloc_init(4096, 32)) {
+        perror_line();
+        return 1;
+    }
+    if (CRYPTO_secure_allocated(r)) {
+        perror_line();
+        return 1;
+    }
+    p = OPENSSL_secure_malloc(20);
+    /* r = non-secure 20, p = secure 20, s = non-secure 20 */
+    if (!CRYPTO_secure_allocated(p)) {
+        perror_line();
+        return 1;
+    }
+    /* 20 secure -> 32-byte minimum allocaton unit */
+    if (CRYPTO_secure_used() != 32) {
+        perror_line();
+        return 1;
+    }
+    q = OPENSSL_malloc(20);
+    /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */
+    if (CRYPTO_secure_allocated(q)) {
+        perror_line();
+        return 1;
+    }
+    OPENSSL_secure_clear_free(s, 20);
+    s = OPENSSL_secure_malloc(20);
+    /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
+    if (!CRYPTO_secure_allocated(s)) {
+        perror_line();
+        return 1;
+    }
+    /* 2 * 20 secure -> 64 bytes allocated */
+    if (CRYPTO_secure_used() != 64) {
+        perror_line();
+        return 1;
+    }
+    OPENSSL_secure_clear_free(p, 20);
+    /* 20 secure -> 32 bytes allocated */
+    if (CRYPTO_secure_used() != 32) {
+        perror_line();
+        return 1;
+    }
+    OPENSSL_free(q);
+    /* should not complete, as secure memory is still allocated */
+    if (CRYPTO_secure_malloc_done()) {
+        perror_line();
+        return 1;
+    }
+    if (!CRYPTO_secure_malloc_initialized()) {
+        perror_line();
+        return 1;
+    }
+    OPENSSL_secure_free(s);
+    /* secure memory should now be 0, so done should complete */
+    if (CRYPTO_secure_used() != 0) {
+        perror_line();
+        return 1;
+    }
+    if (!CRYPTO_secure_malloc_done()) {
+        perror_line();
+        return 1;
+    }
+    if (CRYPTO_secure_malloc_initialized()) {
+        perror_line();
+        return 1;
+    }
+
+    fprintf(stderr, "Possible infinite loop: allocate more than available\n");
+    if (!CRYPTO_secure_malloc_init(32768, 16)) {
+        perror_line();
+        return 1;
+    }
+    if (OPENSSL_secure_malloc((size_t)-1) != NULL) {
+        perror_line();
+        return 1;
+    }
+    if (!CRYPTO_secure_malloc_done()) {
+        perror_line();
+        return 1;
+    }
+
+    /*
+     * If init fails, then initialized should be false, if not, this
+     * could cause an infinite loop secure_malloc, but we don't test it
+     */
+    if (!CRYPTO_secure_malloc_init(16, 16) &&
+        CRYPTO_secure_malloc_initialized()) {
+        CRYPTO_secure_malloc_done();
+        perror_line();
+        return 1;
+    }
+
+    /*-
+     * There was also a possible infinite loop when the number of
+     * elements was 1<<31, as |int i| was set to that, which is a
+     * negative number. However, it requires minimum input values:
+     *
+     * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4);
+     *
+     * Which really only works on 64-bit systems, since it took 16 GB
+     * secure memory arena to trigger the problem. It naturally takes
+     * corresponding amount of available virtual and physical memory
+     * for test to be feasible/representative. Since we can't assume
+     * that every system is equipped with that much memory, the test
+     * remains disabled. If the reader of this comment really wants
+     * to make sure that infinite loop is fixed, they can enable the
+     * code below.
+     */
+# if 0
+    /*-
+     * On Linux and BSD this test has a chance to complete in minimal
+     * time and with minimum side effects, because mlock is likely to
+     * fail because of RLIMIT_MEMLOCK, which is customarily [much]
+     * smaller than 16GB. In other words Linux and BSD users can be
+     * limited by virtual space alone...
+     */
+    if (sizeof(size_t) > 4) {
+        fprintf(stderr, "Possible infinite loop: 1<<31 limit\n");
+        if (CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) == 0) {
+            perror_line();
+        } else if (!CRYPTO_secure_malloc_done()) {
+            perror_line();
+            return 1;
+        }
+    }
+# endif
+
+    /* this can complete - it was not really secure */
+    OPENSSL_secure_free(r);
+#else
+    /* Should fail. */
+    if (CRYPTO_secure_malloc_init(4096, 32)) {
+        perror_line();
+        return 1;
+    }
+#endif
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/serverinfo.pem b/openssl-1.1.0h/test/serverinfo.pem
new file mode 100644
index 0000000..cd3020e
--- /dev/null
+++ b/openssl-1.1.0h/test/serverinfo.pem
@@ -0,0 +1,16 @@
+-----BEGIN SERVERINFO FOR CT-----
+ABIAZMevsj4TC5rgwjZNciLGwh15YXoIK9t5aypGJIG4QzyMowmwwDdqxudkUcGa
+DvuqlYL7psO5j4/BIHTe677CAZBBH3Ho2NOM5q1zub4AbfUMlKeufuQgeQ2Tj1oe
+LJLRzrwDnPs=
+-----END SERVERINFO FOR CT-----
+
+-----BEGIN SERVERINFO FOR TACK-----
+8wABTwFMh1Dz+3W6zULWJKjav5TNaFEXL1h98YtCXeyZnORYg4mbKpxH5CMbjpgx
+To3amSqUPF4Ntjc/i9+poutxebYkbgAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJ
+HgfGaefI9kKbXSDmP9ntg8dLvDzuyYw14ktM2850Q9WvBiltpekilZxVuT2bFtfs
+cmS++SAK9YOM8RrKhL1TLmrktoBEJZ6z5GTukYdQ8/t1us1C1iSo2r+UzWhRFy9Y
+ffGLQl3smZzkWIOJmyqcR+QjG46YMU6N2pkqlDxeDbY3P4vfqaLrcXm2JG4AAAGN
+xXQJPbdniI9rEydVXb1Cu1yT/t7FBEx6hLxuoypXjCI1wCGpXsd8zEnloR0Ank5h
+VO/874E/BZlItzSPpcmDKl5Def6BrAJTErQlE9npo52S05YWORxJw1+VYBdqQ09A
+x3wA
+-----END SERVERINFO FOR TACK-----
diff --git a/openssl-1.1.0h/test/sha1test.c b/openssl-1.1.0h/test/sha1test.c
new file mode 100644
index 0000000..80ab122
--- /dev/null
+++ b/openssl-1.1.0h/test/sha1test.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+static char test[][80] = {
+    { "abc" },
+    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }
+};
+
+static char *ret[] = {
+    "a9993e364706816aba3e25717850c26c9cd0d89d",
+    "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+};
+
+static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    unsigned int i;
+    int err = 0;
+    char **R;
+    static unsigned char buf[1000];
+    char *p, *r;
+    EVP_MD_CTX *c;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    c = EVP_MD_CTX_new();
+    R = ret;
+    for (i = 0; i < OSSL_NELEM(test); i++) {
+# ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[i], test[i], strlen(test[i]));
+# endif
+        if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(),
+            NULL)) {
+            printf("EVP_Digest() error\n");
+            err++;
+            goto err;
+        }
+        p = pt(md);
+        if (strcmp(p, (char *)*R) != 0) {
+            printf("error calculating SHA1 on '%s'\n", test[i]);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i + 1);
+        R++;
+    }
+
+    memset(buf, 'a', 1000);
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, 1000);
+#endif                         /* CHARSET_EBCDIC */
+    if (!EVP_DigestInit_ex(c, EVP_sha1(), NULL)) {
+        printf("EVP_DigestInit_ex() error\n");
+        err++;
+        goto err;
+    }
+    for (i = 0; i < 1000; i++) {
+        if (!EVP_DigestUpdate(c, buf, 1000)) {
+            printf("EVP_DigestUpdate() error\n");
+            err++;
+            goto err;
+        }
+    }
+    if (!EVP_DigestFinal_ex(c, md, NULL)) {
+            printf("EVP_DigestFinal() error\n");
+            err++;
+            goto err;
+    }
+    p = pt(md);
+
+    r = bigret;
+    if (strcmp(p, r) != 0) {
+        printf("error calculating SHA1 on 'a' * 1000\n");
+        printf("got %s instead of %s\n", p, r);
+        err++;
+    } else
+        printf("test 3 ok\n");
+ err:
+    EVP_MD_CTX_free(c);
+    EXIT(err);
+    return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
diff --git a/openssl-1.1.0h/test/sha256t.c b/openssl-1.1.0h/test/sha256t.c
new file mode 100644
index 0000000..90262d9
--- /dev/null
+++ b/openssl-1.1.0h/test/sha256t.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+static const unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+    0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
+    0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+    0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+    0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+};
+
+static const unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+    0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
+    0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+    0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+    0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
+};
+
+static const unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+    0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92,
+    0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
+    0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e,
+    0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0
+};
+
+static const unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
+    0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22,
+    0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
+    0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
+    0xe3, 0x6c, 0x9d, 0xa7
+};
+
+static const unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
+    0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc,
+    0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
+    0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
+    0x52, 0x52, 0x25, 0x25
+};
+
+static const unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
+    0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8,
+    0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b,
+    0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee,
+    0x4e, 0xe7, 0xad, 0x67
+};
+
+int main(int argc, char **argv)
+{
+    unsigned char md[SHA256_DIGEST_LENGTH];
+    int i;
+    EVP_MD_CTX *evp;
+
+    fprintf(stdout, "Testing SHA-256 ");
+
+    if (!EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL))
+        goto err;
+    if (memcmp(md, app_b1, sizeof(app_b1))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+                    "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
+                     NULL, EVP_sha256(), NULL))
+        goto err;
+    if (memcmp(md, app_b2, sizeof(app_b2))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    evp = EVP_MD_CTX_new();
+    if (evp == NULL) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
+        return 1;
+    }
+    if (!EVP_DigestInit_ex(evp, EVP_sha256(), NULL))
+        goto err;
+    for (i = 0; i < 1000000; i += 288) {
+        if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+                              (1000000 - i) < 288 ? 1000000 - i : 288))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(evp, md, NULL))
+            goto err;
+
+    if (memcmp(md, app_b3, sizeof(app_b3))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    fprintf(stdout, " passed.\n");
+    fflush(stdout);
+
+    fprintf(stdout, "Testing SHA-224 ");
+
+    if (!EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL))
+        goto err;
+    if (memcmp(md, addenum_1, sizeof(addenum_1))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+                    "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
+                    NULL, EVP_sha224(), NULL))
+        goto err;
+    if (memcmp(md, addenum_2, sizeof(addenum_2))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    EVP_MD_CTX_reset(evp);
+    if (!EVP_DigestInit_ex(evp, EVP_sha224(), NULL))
+        goto err;
+    for (i = 0; i < 1000000; i += 64) {
+        if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+                              (1000000 - i) < 64 ? 1000000 - i : 64))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(evp, md, NULL))
+            goto err;
+    EVP_MD_CTX_free(evp);
+
+    if (memcmp(md, addenum_3, sizeof(addenum_3))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    fprintf(stdout, " passed.\n");
+    fflush(stdout);
+
+    return 0;
+
+ err:
+    fprintf(stderr, "Fatal EVP error!\n");
+    return 1;
+}
diff --git a/openssl-1.1.0h/test/sha512t.c b/openssl-1.1.0h/test/sha512t.c
new file mode 100644
index 0000000..18cdf39
--- /dev/null
+++ b/openssl-1.1.0h/test/sha512t.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+
+static const unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+    0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
+    0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+    0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
+    0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+    0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
+    0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+    0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
+    0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
+};
+
+static const unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+    0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
+    0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
+    0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
+    0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
+    0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
+    0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
+    0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
+    0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09
+};
+
+static const unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+    0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64,
+    0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
+    0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28,
+    0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
+    0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a,
+    0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
+    0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
+    0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b
+};
+
+static const unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+    0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
+    0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+    0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
+    0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+    0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
+    0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
+};
+
+static const unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+    0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
+    0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
+    0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
+    0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
+    0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
+    0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39
+};
+
+static const unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+    0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
+    0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
+    0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
+    0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
+    0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
+    0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85
+};
+
+int main(int argc, char **argv)
+{
+    unsigned char md[SHA512_DIGEST_LENGTH];
+    int i;
+    EVP_MD_CTX *evp;
+
+    fprintf(stdout, "Testing SHA-512 ");
+
+    if (!EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL))
+        goto err;
+    if (memcmp(md, app_c1, sizeof(app_c1))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+                    "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+                    "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+                    "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL))
+        goto err;
+    if (memcmp(md, app_c2, sizeof(app_c2))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    evp = EVP_MD_CTX_new();
+    if (evp == NULL) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
+        return 1;
+    }
+    if (!EVP_DigestInit_ex(evp, EVP_sha512(), NULL))
+        goto err;
+    for (i = 0; i < 1000000; i += 288) {
+        if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+                              (1000000 - i) < 288 ? 1000000 - i : 288))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(evp, md, NULL))
+            goto err;
+    EVP_MD_CTX_reset(evp);
+
+    if (memcmp(md, app_c3, sizeof(app_c3))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    fprintf(stdout, " passed.\n");
+    fflush(stdout);
+
+    fprintf(stdout, "Testing SHA-384 ");
+
+    if (!EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL))
+        goto err;
+    if (memcmp(md, app_d1, sizeof(app_d1))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+                    "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+                    "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+                    "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL))
+        goto err;
+    if (memcmp(md, app_d2, sizeof(app_d2))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    if (!EVP_DigestInit_ex(evp, EVP_sha384(), NULL))
+        goto err;
+    for (i = 0; i < 1000000; i += 64) {
+        if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                              "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+                              (1000000 - i) < 64 ? 1000000 - i : 64))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(evp, md, NULL))
+        goto err;
+    EVP_MD_CTX_free(evp);
+
+    if (memcmp(md, app_d3, sizeof(app_d3))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    fprintf(stdout, " passed.\n");
+    fflush(stdout);
+
+    return 0;
+
+ err:
+    fflush(stdout);
+    fprintf(stderr, "\nFatal EVP error!\n");
+    return 1;
+}
diff --git a/openssl-1.1.0h/test/shibboleth.pfx b/openssl-1.1.0h/test/shibboleth.pfx
new file mode 100644
index 0000000..9c5cc54
--- /dev/null
+++ b/openssl-1.1.0h/test/shibboleth.pfx
diff --git a/openssl-1.1.0h/test/shlibloadtest.c b/openssl-1.1.0h/test/shlibloadtest.c
new file mode 100644
index 0000000..25df363
--- /dev/null
+++ b/openssl-1.1.0h/test/shlibloadtest.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslv.h>
+
+/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */
+#if defined(DSO_DLFCN) || defined(DSO_WIN32)
+
+#define SSL_CTX_NEW "SSL_CTX_new"
+#define SSL_CTX_FREE "SSL_CTX_free"
+#define TLS_METHOD "TLS_method"
+
+#define ERR_GET_ERROR "ERR_get_error"
+#define OPENSSL_VERSION_NUM_FUNC "OpenSSL_version_num"
+
+typedef struct ssl_ctx_st SSL_CTX;
+typedef struct ssl_method_st SSL_METHOD;
+typedef const SSL_METHOD * (*TLS_method_t)(void);
+typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth);
+typedef void (*SSL_CTX_free_t)(SSL_CTX *);
+
+typedef unsigned long (*ERR_get_error_t)(void);
+typedef unsigned long (*OpenSSL_version_num_t)(void);
+
+static TLS_method_t TLS_method;
+static SSL_CTX_new_t SSL_CTX_new;
+static SSL_CTX_free_t SSL_CTX_free;
+
+static ERR_get_error_t ERR_get_error;
+static OpenSSL_version_num_t OpenSSL_version_num;
+
+#ifdef DSO_DLFCN
+
+# include <dlfcn.h>
+
+typedef void * SHLIB;
+typedef void * SHLIB_SYM;
+# define SHLIB_INIT NULL
+
+static int shlib_load(const char *filename, SHLIB *lib)
+{
+    *lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY);
+
+    if (*lib == NULL)
+        return 0;
+
+    return 1;
+}
+
+static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym)
+{
+    *sym = dlsym(lib, symname);
+
+    return *sym != NULL;
+}
+
+static int shlib_close(SHLIB lib)
+{
+    if (dlclose(lib) != 0)
+        return 0;
+
+    return 1;
+}
+
+#elif defined(DSO_WIN32)
+
+# include <windows.h>
+
+typedef HINSTANCE SHLIB;
+typedef void * SHLIB_SYM;
+# define SHLIB_INIT 0
+
+static int shlib_load(const char *filename, SHLIB *lib)
+{
+    *lib = LoadLibraryA(filename);
+    if (*lib == NULL)
+        return 0;
+
+    return 1;
+}
+
+static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym)
+{
+    *sym = (SHLIB_SYM)GetProcAddress(lib, symname);
+
+    return *sym != NULL;
+}
+
+static int shlib_close(SHLIB lib)
+{
+    if (FreeLibrary(lib) == 0)
+        return 0;
+
+    return 1;
+}
+
+#endif
+
+# define CRYPTO_FIRST_OPT    "-crypto_first"
+# define SSL_FIRST_OPT       "-ssl_first"
+# define JUST_CRYPTO_OPT     "-just_crypto"
+
+enum test_types_en {
+    CRYPTO_FIRST,
+    SSL_FIRST,
+    JUST_CRYPTO
+};
+
+int main(int argc, char **argv)
+{
+    SHLIB ssllib = SHLIB_INIT, cryptolib = SHLIB_INIT;
+    SSL_CTX *ctx;
+    union {
+        void (*func) (void);
+        SHLIB_SYM sym;
+    } tls_method_sym, ssl_ctx_new_sym, ssl_ctx_free_sym, err_get_error_sym,
+    openssl_version_num_sym;
+    enum test_types_en test_type;
+    int i;
+
+    if (argc != 4) {
+        printf("Unexpected number of arguments\n");
+        return 1;
+    }
+
+    if (strcmp(argv[1], CRYPTO_FIRST_OPT) == 0) {
+        test_type = CRYPTO_FIRST;
+    } else if (strcmp(argv[1], SSL_FIRST_OPT) == 0) {
+            test_type = SSL_FIRST;
+    } else if (strcmp(argv[1], JUST_CRYPTO_OPT) == 0) {
+            test_type = JUST_CRYPTO;
+    } else {
+        printf("Unrecognised argument\n");
+        return 1;
+    }
+
+    for (i = 0; i < 2; i++) {
+        if ((i == 0 && (test_type == CRYPTO_FIRST
+                       || test_type == JUST_CRYPTO))
+               || (i == 1 && test_type == SSL_FIRST)) {
+            if (!shlib_load(argv[2], &cryptolib)) {
+                printf("Unable to load libcrypto\n");
+                return 1;
+            }
+        }
+        if ((i == 0 && test_type == SSL_FIRST)
+                || (i == 1 && test_type == CRYPTO_FIRST)) {
+            if (!shlib_load(argv[3], &ssllib)) {
+                printf("Unable to load libssl\n");
+                return 1;
+            }
+        }
+    }
+
+    if (test_type != JUST_CRYPTO) {
+        if (!shlib_sym(ssllib, TLS_METHOD, &tls_method_sym.sym)
+                || !shlib_sym(ssllib, SSL_CTX_NEW, &ssl_ctx_new_sym.sym)
+                || !shlib_sym(ssllib, SSL_CTX_FREE, &ssl_ctx_free_sym.sym)) {
+            printf("Unable to load ssl symbols\n");
+            return 1;
+        }
+
+        TLS_method = (TLS_method_t)tls_method_sym.func;
+        SSL_CTX_new = (SSL_CTX_new_t)ssl_ctx_new_sym.func;
+        SSL_CTX_free = (SSL_CTX_free_t)ssl_ctx_free_sym.func;
+
+        ctx = SSL_CTX_new(TLS_method());
+        if (ctx == NULL) {
+            printf("Unable to create SSL_CTX\n");
+            return 1;
+        }
+        SSL_CTX_free(ctx);
+    }
+
+    if (!shlib_sym(cryptolib, ERR_GET_ERROR, &err_get_error_sym.sym)
+            || !shlib_sym(cryptolib, OPENSSL_VERSION_NUM_FUNC,
+                          &openssl_version_num_sym.sym)) {
+        printf("Unable to load crypto symbols\n");
+        return 1;
+    }
+
+    ERR_get_error = (ERR_get_error_t)err_get_error_sym.func;
+    OpenSSL_version_num = (OpenSSL_version_num_t)openssl_version_num_sym.func;
+
+    if (ERR_get_error() != 0) {
+        printf("Unexpected error in error queue\n");
+        return 1;
+    }
+
+    /*
+     * The bits that COMPATIBILITY_MASK lets through MUST be the same in
+     * the library and in the application.
+     * The bits that are masked away MUST be a larger or equal number in
+     * the library compared to the application.
+     */
+# define COMPATIBILITY_MASK 0xfff00000L
+    if ((OpenSSL_version_num() & COMPATIBILITY_MASK)
+        != (OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK)) {
+        printf("Unexpected library version loaded\n");
+        return 1;
+    }
+
+    if ((OpenSSL_version_num() & ~COMPATIBILITY_MASK)
+        < (OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK)) {
+        printf("Unexpected library version loaded\n");
+        return 1;
+    }
+
+    for (i = 0; i < 2; i++) {
+        if ((i == 0 && test_type == CRYPTO_FIRST)
+                || (i == 1 && test_type == SSL_FIRST)) {
+            if (!shlib_close(ssllib)) {
+                printf("Unable to close libssl\n");
+                return 1;
+            }
+        }
+        if ((i == 0 && (test_type == SSL_FIRST
+                       || test_type == JUST_CRYPTO))
+                || (i == 1 && test_type == CRYPTO_FIRST)) {
+            if (!shlib_close(cryptolib)) {
+                printf("Unable to close libcrypto\n");
+                return 1;
+            }
+        }
+    }
+
+    printf("Success\n");
+    return 0;
+}
+#else
+int main(void)
+{
+    printf("Test not implemented on this platform\n");
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/test/smcont.txt b/openssl-1.1.0h/test/smcont.txt
new file mode 100644
index 0000000..9b09746
--- /dev/null
+++ b/openssl-1.1.0h/test/smcont.txt
@@ -0,0 +1 @@
+Somewhat longer test content for OpenSSL CMS utility to handle, and a bit longer...
\ No newline at end of file
diff --git a/openssl-1.1.0h/test/smime-certs/ca.cnf b/openssl-1.1.0h/test/smime-certs/ca.cnf
new file mode 100644
index 0000000..835b2c6
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/ca.cnf
@@ -0,0 +1,66 @@
+#
+# OpenSSL example configuration file for automated certificate creation.
+#
+
+# This definition stops the following lines choking if HOME or CN
+# is undefined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+CN			= "Not Defined"
+default_ca		= ca
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+# Don't prompt for fields: use those in section directly
+prompt			= no
+distinguished_name	= req_distinguished_name
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= UK
+
+organizationName		= OpenSSL Group
+# Take CN from environment so it can come from a script.
+commonName			= $ENV::CN
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ dh_cert ]
+
+# These extensions are added when 'ca' signs a request for an end entity
+# DH certificate
+
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, keyAgreement
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints = critical,CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
diff --git a/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh b/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh
new file mode 100644
index 0000000..c98e164
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+# Utility to recreate S/MIME certificates
+
+OPENSSL=../../apps/openssl
+OPENSSL_CONF=./ca.cnf
+export OPENSSL_CONF
+
+# Root CA: create certificate directly
+CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \
+	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
+
+# EE RSA certificates: create request first
+CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smrsa1.pem -out req.pem -newkey rsa:2048
+# Sign request: end entity extensions
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
+
+CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smrsa2.pem -out req.pem -newkey rsa:2048
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
+
+CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smrsa3.pem -out req.pem -newkey rsa:2048
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
+
+# Create DSA parameters
+
+$OPENSSL dsaparam -out dsap.pem 2048
+
+CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
+CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
+CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
+
+# Create EC parameters
+
+$OPENSSL ecparam -out ecp.pem -name P-256
+$OPENSSL ecparam -out ecp2.pem -name K-283
+
+CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
+CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
+CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smec3.pem -out req.pem -newkey ec:ecp.pem
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
+# Create X9.42 DH parameters.
+$OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \
+	-out dhp.pem
+# Generate X9.42 DH key.
+$OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
+$OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
+# Generate dummy request.
+CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \
+	-keyout smtmp.pem -out req.pem -newkey rsa:2048
+# Sign request but force public key to DH
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+	-force_pubkey dhpub.pem \
+	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
+# Remove temp files.
+rm -f req.pem ecp.pem ecp2.pem dsap.pem dhp.pem dhpub.pem smtmp.pem smroot.srl
diff --git a/openssl-1.1.0h/test/smime-certs/smdh.pem b/openssl-1.1.0h/test/smime-certs/smdh.pem
new file mode 100644
index 0000000..f831b07
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smdh.pem
@@ -0,0 +1,33 @@
+-----BEGIN PRIVATE KEY-----
+MIIBSgIBADCCASsGByqGSM4+AgEwggEeAoGBANQMSgwEcnEZ31kZxa9Ef8qOK/AJ
+9dMlsXMWVYnf/QevGdN/0Aei/j9a8QHG+CvvTm0DOEKhN9QUtABKsYZag865CA7B
+mSdHjQuFqILtzA25sDJ+3+jk9vbss+56ETRll/wasJVLGbmmHNkBMvc1fC1d/sGF
+cEn4zJnQvvFaeMgDAoGAaQD9ZvL8FYsJuNxN6qp5VfnfRqYvyi2PWSqtRKPGGC+V
+thYg49PRjwPOcXzvOsdEOQ7iH9jTiSvnUdwSSEwYTZkSBuQXAgOMJAWOpoXyaRvh
+atziBDoBnWS+/kX5RBhxvS0+em9yfRqAQleuGG+R1mEDihyJc8dWQQPT+O1l4oUC
+FQCJlKsQZ0VBrWPGcUCNa54ZW6TH9QQWAhRR2NMZrQSfWthXDO8Lj5WZ34zQrA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID/zCCAuegAwIBAgIJANv1TSKgememMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA4MDIxNDQ5MjlaFw0yMzA2MTExNDQ5MjlaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBFRSBESCAjMTCCAbYwggErBgcqhkjOPgIBMIIBHgKBgQDUDEoM
+BHJxGd9ZGcWvRH/KjivwCfXTJbFzFlWJ3/0HrxnTf9AHov4/WvEBxvgr705tAzhC
+oTfUFLQASrGGWoPOuQgOwZknR40LhaiC7cwNubAyft/o5Pb27LPuehE0ZZf8GrCV
+Sxm5phzZATL3NXwtXf7BhXBJ+MyZ0L7xWnjIAwKBgGkA/Wby/BWLCbjcTeqqeVX5
+30amL8otj1kqrUSjxhgvlbYWIOPT0Y8DznF87zrHRDkO4h/Y04kr51HcEkhMGE2Z
+EgbkFwIDjCQFjqaF8mkb4Wrc4gQ6AZ1kvv5F+UQYcb0tPnpvcn0agEJXrhhvkdZh
+A4ociXPHVkED0/jtZeKFAhUAiZSrEGdFQa1jxnFAjWueGVukx/UDgYQAAoGAL1ve
+cgI2awBeJH8ULBhSQpdL224VUDxFPiXzt8Vu5VLnxPv0pfA5En+8VByTuV7u6RSw
+3/78NuTyr/sTyN8YlB1AuXHdTJynA1ICte1xgD4j2ijlq+dv8goOAFt9xkvXx7LD
+umJ/cCignXETcNGfMi8+0s0bpMZyoHRdce8DQ26jYDBeMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQLWk1ffSXH8p3Bqrdjgi/6jzLnwDAf
+BgNVHSMEGDAWgBTffl6IBSQzCN0igQKXzJq3sTMnMDANBgkqhkiG9w0BAQUFAAOC
+AQEAWvJj79MW1/Wq3RIANgAhonsI1jufYqxTH+1M0RU0ZXHulgem77Le2Ls1bizi
+0SbvfpTiiFGkbKonKtO2wvfqwwuptSg3omMI5IjAGxYbyv2KBzIpp1O1LTDk9RbD
+48JMMF01gByi2+NLUQ1MYF+5RqyoRqcyp5x2+Om1GeIM4Q/GRuI4p4dybWy8iC+d
+LeXQfR7HXfh+tAum+WzjfLJwbnWbHmPhTbKB01U4lBp6+r8BGHAtNdPjEHqap4/z
+vVZVXti9ThZ20EhM+VFU3y2wyapeQjhQvw/A2YRES0Ik7BSj3hHfWH/CTbLVQnhu
+Uj6tw18ExOYxqoEGixNLPA5qsQ==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smdsa1.pem b/openssl-1.1.0h/test/smime-certs/smdsa1.pem
new file mode 100644
index 0000000..b424f67
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smdsa1.pem
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x
+EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV
+86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE
+DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp
+O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit
+1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO
+xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx
+d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3
+MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z
+Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt
+17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf
+0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smdsa2.pem b/openssl-1.1.0h/test/smime-certs/smdsa2.pem
new file mode 100644
index 0000000..648447f
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smdsa2.pem
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E
+h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt
+tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa
+LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn
+3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0
+KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k
+qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp
+VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb
+uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV
+6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD
+2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96
+GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smdsa3.pem b/openssl-1.1.0h/test/smime-certs/smdsa3.pem
new file mode 100644
index 0000000..77acc5e
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smdsa3.pem
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9
+msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf
+zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7
+cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp
+N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS
+2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE
+FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask
+pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK
+YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM
+khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i
+Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv
+4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smdsap.pem b/openssl-1.1.0h/test/smime-certs/smdsap.pem
new file mode 100644
index 0000000..249706c
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smdsap.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
+Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
+gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
+qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
+Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
+GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
+Qw5z
+-----END DSA PARAMETERS-----
diff --git a/openssl-1.1.0h/test/smime-certs/smec1.pem b/openssl-1.1.0h/test/smime-certs/smec1.pem
new file mode 100644
index 0000000..75a8626
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smec1.pem
@@ -0,0 +1,22 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS
+DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV
+3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I
+iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi
+ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
+MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK
+Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy
+WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt
+7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV
+FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y
+S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1
+DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7
+qtcHJA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smec2.pem b/openssl-1.1.0h/test/smime-certs/smec2.pem
new file mode 100644
index 0000000..457297a
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smec2.pem
@@ -0,0 +1,23 @@
+-----BEGIN PRIVATE KEY-----
+MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl
+brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7
+uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8
+6bQ=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+
+huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj
+JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E
+BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA
+FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez
+ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK
+xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0
+uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P
+rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq
+IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0
+4ZdCllHZkhop
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smec3.pem b/openssl-1.1.0h/test/smime-certs/smec3.pem
new file mode 100644
index 0000000..90eac86
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smec3.pem
@@ -0,0 +1,22 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQga03Rl+2K38wgwVyJ
+zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo
+xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy
+4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW
+aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
+MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy
+KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA
+HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm
+diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj
+OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM
+UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI
+OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8
+Ci1l4Q==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smroot.pem b/openssl-1.1.0h/test/smime-certs/smroot.pem
new file mode 100644
index 0000000..d1a253f
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smroot.pem
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq
+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL
+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc
+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI
+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV
+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q
+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c
+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R
+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu
+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4
+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF
+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp
+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx
+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw
+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z
+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw
+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu
+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T
+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP
+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq
+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr
+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK
+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53
+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI
+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
+KfvPCYimQwBjVrEnSntLPR0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT
+JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+
+LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E
+J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/
+MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe
+untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb
+i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB
+AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb
+Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl
+zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt
+9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C
+7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt
+Emsny2ah6fU2z7PztrUy/A80
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smrsa1.pem b/openssl-1.1.0h/test/smime-certs/smrsa1.pem
new file mode 100644
index 0000000..d0d0b9e
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smrsa1.pem
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC
+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID
+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU
+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D
+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs
+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH
+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp
+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i
+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL
+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35
+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak
+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT
+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze
+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG
+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da
+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk
+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+
+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q
+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or
+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8
+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR
+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG
+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu
+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn
+zQpuMJliRlrq/5JkIbH6SA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK
+2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt
++W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF
+Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe
+bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM
+kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o
+E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK
+WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp
+lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT
+GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu
+9Hjq6s316fk4Ne0EUF3PbA==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smrsa2.pem b/openssl-1.1.0h/test/smime-certs/smrsa2.pem
new file mode 100644
index 0000000..2f17cb2
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smrsa2.pem
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2
+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq
+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD
+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5
+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3
+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB
+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1
+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI
+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW
+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz
+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK
+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK
+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa
+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI
+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN
+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX
+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8
+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm
+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t
+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb
+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS
+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0
+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e
+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR
+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
+yrLyf+8hjm6H6zkjqiOkHAl+
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF
+AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp
+cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS
+0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1
+NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0
+EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47
+Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv
+/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c
+XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv
+6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i
+NzYzLAPBkHCMY0Is3KKIBw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/smime-certs/smrsa3.pem b/openssl-1.1.0h/test/smime-certs/smrsa3.pem
new file mode 100644
index 0000000..14c27f6
--- /dev/null
+++ b/openssl-1.1.0h/test/smime-certs/smrsa3.pem
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji
+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3
+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX
+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H
+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l
+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6
+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP
+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf
+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR
+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+
+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se
+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9
+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn
+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+
+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm
+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX
+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E
+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7
+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc
+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK
+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk
+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL
+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw
+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh
+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
+RvOAi5wVkYylDxV4238MAZIq
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC
+FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF
+STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW
+m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha
+v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p
+1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp
+sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa
+VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr
+O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7
+tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY
+CscFo2Z2pYROGtZDmYqhRw==
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/srptest.c b/openssl-1.1.0h/test/srptest.c
new file mode 100644
index 0000000..73b3881
--- /dev/null
+++ b/openssl-1.1.0h/test/srptest.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SRP
+
+# include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+    printf("No SRP support\n");
+    return (0);
+}
+
+#else
+
+# include <openssl/srp.h>
+# include <openssl/rand.h>
+# include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+{
+    fputs(name, stdout);
+    fputs(" = ", stdout);
+    BN_print_fp(stdout, bn);
+    putc('\n', stdout);
+}
+
+# define RANDOM_SIZE 32         /* use 256 bits on each side */
+
+static int run_srp(const char *username, const char *client_pass,
+                   const char *server_pass)
+{
+    int ret = -1;
+    BIGNUM *s = NULL;
+    BIGNUM *v = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *u = NULL;
+    BIGNUM *x = NULL;
+    BIGNUM *Apub = NULL;
+    BIGNUM *Bpub = NULL;
+    BIGNUM *Kclient = NULL;
+    BIGNUM *Kserver = NULL;
+    unsigned char rand_tmp[RANDOM_SIZE];
+    /* use builtin 1024-bit params */
+    const SRP_gN *GN = SRP_get_default_gN("1024");
+
+    if (GN == NULL) {
+        fprintf(stderr, "Failed to get SRP parameters\n");
+        return -1;
+    }
+    /* Set up server's password entry */
+    if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) {
+        fprintf(stderr, "Failed to create SRP verifier\n");
+        return -1;
+    }
+
+    showbn("N", GN->N);
+    showbn("g", GN->g);
+    showbn("Salt", s);
+    showbn("Verifier", v);
+
+    /* Server random */
+    RAND_bytes(rand_tmp, sizeof(rand_tmp));
+    b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
+    /* TODO - check b != 0 */
+    showbn("b", b);
+
+    /* Server's first message */
+    Bpub = SRP_Calc_B(b, GN->N, GN->g, v);
+    showbn("B", Bpub);
+
+    if (!SRP_Verify_B_mod_N(Bpub, GN->N)) {
+        fprintf(stderr, "Invalid B\n");
+        return -1;
+    }
+
+    /* Client random */
+    RAND_bytes(rand_tmp, sizeof(rand_tmp));
+    a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
+    /* TODO - check a != 0 */
+    showbn("a", a);
+
+    /* Client's response */
+    Apub = SRP_Calc_A(a, GN->N, GN->g);
+    showbn("A", Apub);
+
+    if (!SRP_Verify_A_mod_N(Apub, GN->N)) {
+        fprintf(stderr, "Invalid A\n");
+        return -1;
+    }
+
+    /* Both sides calculate u */
+    u = SRP_Calc_u(Apub, Bpub, GN->N);
+
+    /* Client's key */
+    x = SRP_Calc_x(s, username, client_pass);
+    Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u);
+    showbn("Client's key", Kclient);
+
+    /* Server's key */
+    Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N);
+    showbn("Server's key", Kserver);
+
+    if (BN_cmp(Kclient, Kserver) == 0) {
+        ret = 0;
+    } else {
+        fprintf(stderr, "Keys mismatch\n");
+        ret = 1;
+    }
+
+    BN_clear_free(Kclient);
+    BN_clear_free(Kserver);
+    BN_clear_free(x);
+    BN_free(u);
+    BN_free(Apub);
+    BN_clear_free(a);
+    BN_free(Bpub);
+    BN_clear_free(b);
+    BN_free(s);
+    BN_clear_free(v);
+
+    return ret;
+}
+
+static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn)
+{
+    BIGNUM *tmp = NULL;
+    int rv;
+    if (BN_hex2bn(&tmp, hexbn) == 0)
+        return 0;
+    rv = BN_cmp(bn, tmp);
+    if (rv == 0) {
+        printf("%s = ", name);
+        BN_print_fp(stdout, bn);
+        printf("\n");
+        BN_free(tmp);
+        return 1;
+    }
+    printf("Unexpected %s value\n", name);
+    printf("Expecting: ");
+    BN_print_fp(stdout, tmp);
+    printf("\nReceived: ");
+    BN_print_fp(stdout, bn);
+    printf("\n");
+    BN_free(tmp);
+    return 0;
+}
+
+/* SRP test vectors from RFC5054 */
+static int run_srp_kat(void)
+{
+    int ret = 0;
+    BIGNUM *s = NULL;
+    BIGNUM *v = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *u = NULL;
+    BIGNUM *x = NULL;
+    BIGNUM *Apub = NULL;
+    BIGNUM *Bpub = NULL;
+    BIGNUM *Kclient = NULL;
+    BIGNUM *Kserver = NULL;
+    /* use builtin 1024-bit params */
+    const SRP_gN *GN = SRP_get_default_gN("1024");
+
+    if (GN == NULL) {
+        fprintf(stderr, "Failed to get SRP parameters\n");
+        goto err;
+    }
+    BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE");
+    /* Set up server's password entry */
+    if (!SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N,
+                                GN->g)) {
+        fprintf(stderr, "Failed to create SRP verifier\n");
+        goto err;
+    }
+
+    if (!check_bn("v", v,
+                 "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812"
+                 "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5"
+                 "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5"
+                 "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78"
+                 "E955A5E29E7AB245DB2BE315E2099AFB"))
+        goto err;
+
+    /* Server random */
+    BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1"
+                  "05284D20");
+
+    /* Server's first message */
+    Bpub = SRP_Calc_B(b, GN->N, GN->g, v);
+
+    if (!SRP_Verify_B_mod_N(Bpub, GN->N)) {
+        fprintf(stderr, "Invalid B\n");
+        goto err;
+    }
+
+    if (!check_bn("B", Bpub,
+                  "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011"
+                  "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99"
+                  "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA"
+                  "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE"
+                  "EB4012B7D7665238A8E3FB004B117B58"))
+        goto err;
+
+    /* Client random */
+    BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD"
+                  "DA2D4393");
+
+    /* Client's response */
+    Apub = SRP_Calc_A(a, GN->N, GN->g);
+
+    if (!SRP_Verify_A_mod_N(Apub, GN->N)) {
+        fprintf(stderr, "Invalid A\n");
+        return -1;
+    }
+
+    if (!check_bn("A", Apub,
+                  "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4"
+                  "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC"
+                  "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44"
+                  "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA"
+                  "B349EF5D76988A3672FAC47B0769447B"))
+        goto err;
+
+    /* Both sides calculate u */
+    u = SRP_Calc_u(Apub, Bpub, GN->N);
+
+    if (!check_bn("u", u, "CE38B9593487DA98554ED47D70A7AE5F462EF019"))
+        goto err;
+
+    /* Client's key */
+    x = SRP_Calc_x(s, "alice", "password123");
+    Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u);
+    if (!check_bn("Client's key", Kclient,
+                  "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D"
+                  "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C"
+                  "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F"
+                  "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D"
+                  "C346D7E474B29EDE8A469FFECA686E5A"))
+        goto err;
+    /* Server's key */
+    Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N);
+    if (!check_bn("Server's key", Kserver,
+                  "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D"
+                  "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C"
+                  "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F"
+                  "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D"
+                  "C346D7E474B29EDE8A469FFECA686E5A"))
+        goto err;
+
+    ret = 1;
+
+    err:
+    BN_clear_free(Kclient);
+    BN_clear_free(Kserver);
+    BN_clear_free(x);
+    BN_free(u);
+    BN_free(Apub);
+    BN_clear_free(a);
+    BN_free(Bpub);
+    BN_clear_free(b);
+    BN_free(s);
+    BN_clear_free(v);
+
+    return ret;
+}
+
+int main(int argc, char **argv)
+{
+    BIO *bio_err;
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+
+    /* "Negative" test, expect a mismatch */
+    if (run_srp("alice", "password1", "password2") == 0) {
+        fprintf(stderr, "Mismatched SRP run failed\n");
+        return 1;
+    }
+
+    /* "Positive" test, should pass */
+    if (run_srp("alice", "password", "password") != 0) {
+        fprintf(stderr, "Plain SRP run failed\n");
+        return 1;
+    }
+
+    /* KAT from RFC5054: should pass */
+    if (run_srp_kat() != 1) {
+        fprintf(stderr, "SRP KAT failed\n");
+        return 1;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        return 1;
+#endif
+    BIO_free(bio_err);
+
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf b/openssl-1.1.0h/test/ssl-tests/01-simple.conf
new file mode 100644
index 0000000..5f4dd84
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf
@@ -0,0 +1,78 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 3
+
+test-0 = 0-default
+test-1 = 1-Server signature algorithms bug
+test-2 = 2-verify-cert
+# ===========================================================
+
+[0-default]
+ssl_conf = 0-default-ssl
+
+[0-default-ssl]
+server = 0-default-server
+client = 0-default-client
+
+[0-default-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-default-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-Server signature algorithms bug]
+ssl_conf = 1-Server signature algorithms bug-ssl
+
+[1-Server signature algorithms bug-ssl]
+server = 1-Server signature algorithms bug-server
+client = 1-Server signature algorithms bug-client
+
+[1-Server signature algorithms bug-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-Server signature algorithms bug-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-verify-cert]
+ssl_conf = 2-verify-cert-ssl
+
+[2-verify-cert-ssl]
+server = 2-verify-cert-server
+client = 2-verify-cert-client
+
+[2-verify-cert-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-cert-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-2]
+ExpectedClientAlert = UnknownCA
+ExpectedResult = ClientFail
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in
new file mode 100644
index 0000000..086d66d
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in
@@ -0,0 +1,42 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "default",
+        server => { },
+        client => { },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    {
+        name => "Server signature algorithms bug",
+        # Should have no effect as we aren't doing client auth
+        server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },
+        client => { "SignatureAlgorithms" => "RSA+SHA256" },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    {
+        name => "verify-cert",
+        server => { },
+        client => {
+            # Don't set up the client root file.
+            "VerifyCAFile" => undef,
+        },
+        test   => {
+          "ExpectedResult" => "ClientFail",
+          "ExpectedClientAlert" => "UnknownCA",
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf
new file mode 100644
index 0000000..cb89dbc
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf
@@ -0,0 +1,9975 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 361
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+test-64 = 64-version-negotiation
+test-65 = 65-version-negotiation
+test-66 = 66-version-negotiation
+test-67 = 67-version-negotiation
+test-68 = 68-version-negotiation
+test-69 = 69-version-negotiation
+test-70 = 70-version-negotiation
+test-71 = 71-version-negotiation
+test-72 = 72-version-negotiation
+test-73 = 73-version-negotiation
+test-74 = 74-version-negotiation
+test-75 = 75-version-negotiation
+test-76 = 76-version-negotiation
+test-77 = 77-version-negotiation
+test-78 = 78-version-negotiation
+test-79 = 79-version-negotiation
+test-80 = 80-version-negotiation
+test-81 = 81-version-negotiation
+test-82 = 82-version-negotiation
+test-83 = 83-version-negotiation
+test-84 = 84-version-negotiation
+test-85 = 85-version-negotiation
+test-86 = 86-version-negotiation
+test-87 = 87-version-negotiation
+test-88 = 88-version-negotiation
+test-89 = 89-version-negotiation
+test-90 = 90-version-negotiation
+test-91 = 91-version-negotiation
+test-92 = 92-version-negotiation
+test-93 = 93-version-negotiation
+test-94 = 94-version-negotiation
+test-95 = 95-version-negotiation
+test-96 = 96-version-negotiation
+test-97 = 97-version-negotiation
+test-98 = 98-version-negotiation
+test-99 = 99-version-negotiation
+test-100 = 100-version-negotiation
+test-101 = 101-version-negotiation
+test-102 = 102-version-negotiation
+test-103 = 103-version-negotiation
+test-104 = 104-version-negotiation
+test-105 = 105-version-negotiation
+test-106 = 106-version-negotiation
+test-107 = 107-version-negotiation
+test-108 = 108-version-negotiation
+test-109 = 109-version-negotiation
+test-110 = 110-version-negotiation
+test-111 = 111-version-negotiation
+test-112 = 112-version-negotiation
+test-113 = 113-version-negotiation
+test-114 = 114-version-negotiation
+test-115 = 115-version-negotiation
+test-116 = 116-version-negotiation
+test-117 = 117-version-negotiation
+test-118 = 118-version-negotiation
+test-119 = 119-version-negotiation
+test-120 = 120-version-negotiation
+test-121 = 121-version-negotiation
+test-122 = 122-version-negotiation
+test-123 = 123-version-negotiation
+test-124 = 124-version-negotiation
+test-125 = 125-version-negotiation
+test-126 = 126-version-negotiation
+test-127 = 127-version-negotiation
+test-128 = 128-version-negotiation
+test-129 = 129-version-negotiation
+test-130 = 130-version-negotiation
+test-131 = 131-version-negotiation
+test-132 = 132-version-negotiation
+test-133 = 133-version-negotiation
+test-134 = 134-version-negotiation
+test-135 = 135-version-negotiation
+test-136 = 136-version-negotiation
+test-137 = 137-version-negotiation
+test-138 = 138-version-negotiation
+test-139 = 139-version-negotiation
+test-140 = 140-version-negotiation
+test-141 = 141-version-negotiation
+test-142 = 142-version-negotiation
+test-143 = 143-version-negotiation
+test-144 = 144-version-negotiation
+test-145 = 145-version-negotiation
+test-146 = 146-version-negotiation
+test-147 = 147-version-negotiation
+test-148 = 148-version-negotiation
+test-149 = 149-version-negotiation
+test-150 = 150-version-negotiation
+test-151 = 151-version-negotiation
+test-152 = 152-version-negotiation
+test-153 = 153-version-negotiation
+test-154 = 154-version-negotiation
+test-155 = 155-version-negotiation
+test-156 = 156-version-negotiation
+test-157 = 157-version-negotiation
+test-158 = 158-version-negotiation
+test-159 = 159-version-negotiation
+test-160 = 160-version-negotiation
+test-161 = 161-version-negotiation
+test-162 = 162-version-negotiation
+test-163 = 163-version-negotiation
+test-164 = 164-version-negotiation
+test-165 = 165-version-negotiation
+test-166 = 166-version-negotiation
+test-167 = 167-version-negotiation
+test-168 = 168-version-negotiation
+test-169 = 169-version-negotiation
+test-170 = 170-version-negotiation
+test-171 = 171-version-negotiation
+test-172 = 172-version-negotiation
+test-173 = 173-version-negotiation
+test-174 = 174-version-negotiation
+test-175 = 175-version-negotiation
+test-176 = 176-version-negotiation
+test-177 = 177-version-negotiation
+test-178 = 178-version-negotiation
+test-179 = 179-version-negotiation
+test-180 = 180-version-negotiation
+test-181 = 181-version-negotiation
+test-182 = 182-version-negotiation
+test-183 = 183-version-negotiation
+test-184 = 184-version-negotiation
+test-185 = 185-version-negotiation
+test-186 = 186-version-negotiation
+test-187 = 187-version-negotiation
+test-188 = 188-version-negotiation
+test-189 = 189-version-negotiation
+test-190 = 190-version-negotiation
+test-191 = 191-version-negotiation
+test-192 = 192-version-negotiation
+test-193 = 193-version-negotiation
+test-194 = 194-version-negotiation
+test-195 = 195-version-negotiation
+test-196 = 196-version-negotiation
+test-197 = 197-version-negotiation
+test-198 = 198-version-negotiation
+test-199 = 199-version-negotiation
+test-200 = 200-version-negotiation
+test-201 = 201-version-negotiation
+test-202 = 202-version-negotiation
+test-203 = 203-version-negotiation
+test-204 = 204-version-negotiation
+test-205 = 205-version-negotiation
+test-206 = 206-version-negotiation
+test-207 = 207-version-negotiation
+test-208 = 208-version-negotiation
+test-209 = 209-version-negotiation
+test-210 = 210-version-negotiation
+test-211 = 211-version-negotiation
+test-212 = 212-version-negotiation
+test-213 = 213-version-negotiation
+test-214 = 214-version-negotiation
+test-215 = 215-version-negotiation
+test-216 = 216-version-negotiation
+test-217 = 217-version-negotiation
+test-218 = 218-version-negotiation
+test-219 = 219-version-negotiation
+test-220 = 220-version-negotiation
+test-221 = 221-version-negotiation
+test-222 = 222-version-negotiation
+test-223 = 223-version-negotiation
+test-224 = 224-version-negotiation
+test-225 = 225-version-negotiation
+test-226 = 226-version-negotiation
+test-227 = 227-version-negotiation
+test-228 = 228-version-negotiation
+test-229 = 229-version-negotiation
+test-230 = 230-version-negotiation
+test-231 = 231-version-negotiation
+test-232 = 232-version-negotiation
+test-233 = 233-version-negotiation
+test-234 = 234-version-negotiation
+test-235 = 235-version-negotiation
+test-236 = 236-version-negotiation
+test-237 = 237-version-negotiation
+test-238 = 238-version-negotiation
+test-239 = 239-version-negotiation
+test-240 = 240-version-negotiation
+test-241 = 241-version-negotiation
+test-242 = 242-version-negotiation
+test-243 = 243-version-negotiation
+test-244 = 244-version-negotiation
+test-245 = 245-version-negotiation
+test-246 = 246-version-negotiation
+test-247 = 247-version-negotiation
+test-248 = 248-version-negotiation
+test-249 = 249-version-negotiation
+test-250 = 250-version-negotiation
+test-251 = 251-version-negotiation
+test-252 = 252-version-negotiation
+test-253 = 253-version-negotiation
+test-254 = 254-version-negotiation
+test-255 = 255-version-negotiation
+test-256 = 256-version-negotiation
+test-257 = 257-version-negotiation
+test-258 = 258-version-negotiation
+test-259 = 259-version-negotiation
+test-260 = 260-version-negotiation
+test-261 = 261-version-negotiation
+test-262 = 262-version-negotiation
+test-263 = 263-version-negotiation
+test-264 = 264-version-negotiation
+test-265 = 265-version-negotiation
+test-266 = 266-version-negotiation
+test-267 = 267-version-negotiation
+test-268 = 268-version-negotiation
+test-269 = 269-version-negotiation
+test-270 = 270-version-negotiation
+test-271 = 271-version-negotiation
+test-272 = 272-version-negotiation
+test-273 = 273-version-negotiation
+test-274 = 274-version-negotiation
+test-275 = 275-version-negotiation
+test-276 = 276-version-negotiation
+test-277 = 277-version-negotiation
+test-278 = 278-version-negotiation
+test-279 = 279-version-negotiation
+test-280 = 280-version-negotiation
+test-281 = 281-version-negotiation
+test-282 = 282-version-negotiation
+test-283 = 283-version-negotiation
+test-284 = 284-version-negotiation
+test-285 = 285-version-negotiation
+test-286 = 286-version-negotiation
+test-287 = 287-version-negotiation
+test-288 = 288-version-negotiation
+test-289 = 289-version-negotiation
+test-290 = 290-version-negotiation
+test-291 = 291-version-negotiation
+test-292 = 292-version-negotiation
+test-293 = 293-version-negotiation
+test-294 = 294-version-negotiation
+test-295 = 295-version-negotiation
+test-296 = 296-version-negotiation
+test-297 = 297-version-negotiation
+test-298 = 298-version-negotiation
+test-299 = 299-version-negotiation
+test-300 = 300-version-negotiation
+test-301 = 301-version-negotiation
+test-302 = 302-version-negotiation
+test-303 = 303-version-negotiation
+test-304 = 304-version-negotiation
+test-305 = 305-version-negotiation
+test-306 = 306-version-negotiation
+test-307 = 307-version-negotiation
+test-308 = 308-version-negotiation
+test-309 = 309-version-negotiation
+test-310 = 310-version-negotiation
+test-311 = 311-version-negotiation
+test-312 = 312-version-negotiation
+test-313 = 313-version-negotiation
+test-314 = 314-version-negotiation
+test-315 = 315-version-negotiation
+test-316 = 316-version-negotiation
+test-317 = 317-version-negotiation
+test-318 = 318-version-negotiation
+test-319 = 319-version-negotiation
+test-320 = 320-version-negotiation
+test-321 = 321-version-negotiation
+test-322 = 322-version-negotiation
+test-323 = 323-version-negotiation
+test-324 = 324-version-negotiation
+test-325 = 325-version-negotiation
+test-326 = 326-version-negotiation
+test-327 = 327-version-negotiation
+test-328 = 328-version-negotiation
+test-329 = 329-version-negotiation
+test-330 = 330-version-negotiation
+test-331 = 331-version-negotiation
+test-332 = 332-version-negotiation
+test-333 = 333-version-negotiation
+test-334 = 334-version-negotiation
+test-335 = 335-version-negotiation
+test-336 = 336-version-negotiation
+test-337 = 337-version-negotiation
+test-338 = 338-version-negotiation
+test-339 = 339-version-negotiation
+test-340 = 340-version-negotiation
+test-341 = 341-version-negotiation
+test-342 = 342-version-negotiation
+test-343 = 343-version-negotiation
+test-344 = 344-version-negotiation
+test-345 = 345-version-negotiation
+test-346 = 346-version-negotiation
+test-347 = 347-version-negotiation
+test-348 = 348-version-negotiation
+test-349 = 349-version-negotiation
+test-350 = 350-version-negotiation
+test-351 = 351-version-negotiation
+test-352 = 352-version-negotiation
+test-353 = 353-version-negotiation
+test-354 = 354-version-negotiation
+test-355 = 355-version-negotiation
+test-356 = 356-version-negotiation
+test-357 = 357-version-negotiation
+test-358 = 358-version-negotiation
+test-359 = 359-version-negotiation
+test-360 = 360-version-negotiation
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[64-version-negotiation]
+ssl_conf = 64-version-negotiation-ssl
+
+[64-version-negotiation-ssl]
+server = 64-version-negotiation-server
+client = 64-version-negotiation-client
+
+[64-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[64-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-64]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[65-version-negotiation]
+ssl_conf = 65-version-negotiation-ssl
+
+[65-version-negotiation-ssl]
+server = 65-version-negotiation-server
+client = 65-version-negotiation-client
+
+[65-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[65-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-65]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[66-version-negotiation]
+ssl_conf = 66-version-negotiation-ssl
+
+[66-version-negotiation-ssl]
+server = 66-version-negotiation-server
+client = 66-version-negotiation-client
+
+[66-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[66-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-66]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[67-version-negotiation]
+ssl_conf = 67-version-negotiation-ssl
+
+[67-version-negotiation-ssl]
+server = 67-version-negotiation-server
+client = 67-version-negotiation-client
+
+[67-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[67-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-67]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[68-version-negotiation]
+ssl_conf = 68-version-negotiation-ssl
+
+[68-version-negotiation-ssl]
+server = 68-version-negotiation-server
+client = 68-version-negotiation-client
+
+[68-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[68-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-68]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[69-version-negotiation]
+ssl_conf = 69-version-negotiation-ssl
+
+[69-version-negotiation-ssl]
+server = 69-version-negotiation-server
+client = 69-version-negotiation-client
+
+[69-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[69-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-69]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[70-version-negotiation]
+ssl_conf = 70-version-negotiation-ssl
+
+[70-version-negotiation-ssl]
+server = 70-version-negotiation-server
+client = 70-version-negotiation-client
+
+[70-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[70-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-70]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[71-version-negotiation]
+ssl_conf = 71-version-negotiation-ssl
+
+[71-version-negotiation-ssl]
+server = 71-version-negotiation-server
+client = 71-version-negotiation-client
+
+[71-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[71-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-71]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[72-version-negotiation]
+ssl_conf = 72-version-negotiation-ssl
+
+[72-version-negotiation-ssl]
+server = 72-version-negotiation-server
+client = 72-version-negotiation-client
+
+[72-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[72-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-72]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[73-version-negotiation]
+ssl_conf = 73-version-negotiation-ssl
+
+[73-version-negotiation-ssl]
+server = 73-version-negotiation-server
+client = 73-version-negotiation-client
+
+[73-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[73-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-73]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[74-version-negotiation]
+ssl_conf = 74-version-negotiation-ssl
+
+[74-version-negotiation-ssl]
+server = 74-version-negotiation-server
+client = 74-version-negotiation-client
+
+[74-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[74-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-74]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[75-version-negotiation]
+ssl_conf = 75-version-negotiation-ssl
+
+[75-version-negotiation-ssl]
+server = 75-version-negotiation-server
+client = 75-version-negotiation-client
+
+[75-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[75-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-75]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[76-version-negotiation]
+ssl_conf = 76-version-negotiation-ssl
+
+[76-version-negotiation-ssl]
+server = 76-version-negotiation-server
+client = 76-version-negotiation-client
+
+[76-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[76-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-76]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[77-version-negotiation]
+ssl_conf = 77-version-negotiation-ssl
+
+[77-version-negotiation-ssl]
+server = 77-version-negotiation-server
+client = 77-version-negotiation-client
+
+[77-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[77-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-77]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[78-version-negotiation]
+ssl_conf = 78-version-negotiation-ssl
+
+[78-version-negotiation-ssl]
+server = 78-version-negotiation-server
+client = 78-version-negotiation-client
+
+[78-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[78-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-78]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[79-version-negotiation]
+ssl_conf = 79-version-negotiation-ssl
+
+[79-version-negotiation-ssl]
+server = 79-version-negotiation-server
+client = 79-version-negotiation-client
+
+[79-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[79-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-79]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[80-version-negotiation]
+ssl_conf = 80-version-negotiation-ssl
+
+[80-version-negotiation-ssl]
+server = 80-version-negotiation-server
+client = 80-version-negotiation-client
+
+[80-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[80-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-80]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[81-version-negotiation]
+ssl_conf = 81-version-negotiation-ssl
+
+[81-version-negotiation-ssl]
+server = 81-version-negotiation-server
+client = 81-version-negotiation-client
+
+[81-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[81-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-81]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[82-version-negotiation]
+ssl_conf = 82-version-negotiation-ssl
+
+[82-version-negotiation-ssl]
+server = 82-version-negotiation-server
+client = 82-version-negotiation-client
+
+[82-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[82-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-82]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[83-version-negotiation]
+ssl_conf = 83-version-negotiation-ssl
+
+[83-version-negotiation-ssl]
+server = 83-version-negotiation-server
+client = 83-version-negotiation-client
+
+[83-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[83-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-83]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[84-version-negotiation]
+ssl_conf = 84-version-negotiation-ssl
+
+[84-version-negotiation-ssl]
+server = 84-version-negotiation-server
+client = 84-version-negotiation-client
+
+[84-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[84-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-84]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[85-version-negotiation]
+ssl_conf = 85-version-negotiation-ssl
+
+[85-version-negotiation-ssl]
+server = 85-version-negotiation-server
+client = 85-version-negotiation-client
+
+[85-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[85-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-85]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[86-version-negotiation]
+ssl_conf = 86-version-negotiation-ssl
+
+[86-version-negotiation-ssl]
+server = 86-version-negotiation-server
+client = 86-version-negotiation-client
+
+[86-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[86-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-86]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[87-version-negotiation]
+ssl_conf = 87-version-negotiation-ssl
+
+[87-version-negotiation-ssl]
+server = 87-version-negotiation-server
+client = 87-version-negotiation-client
+
+[87-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[87-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-87]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[88-version-negotiation]
+ssl_conf = 88-version-negotiation-ssl
+
+[88-version-negotiation-ssl]
+server = 88-version-negotiation-server
+client = 88-version-negotiation-client
+
+[88-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[88-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-88]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[89-version-negotiation]
+ssl_conf = 89-version-negotiation-ssl
+
+[89-version-negotiation-ssl]
+server = 89-version-negotiation-server
+client = 89-version-negotiation-client
+
+[89-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[89-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-89]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[90-version-negotiation]
+ssl_conf = 90-version-negotiation-ssl
+
+[90-version-negotiation-ssl]
+server = 90-version-negotiation-server
+client = 90-version-negotiation-client
+
+[90-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[90-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-90]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[91-version-negotiation]
+ssl_conf = 91-version-negotiation-ssl
+
+[91-version-negotiation-ssl]
+server = 91-version-negotiation-server
+client = 91-version-negotiation-client
+
+[91-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[91-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-91]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[92-version-negotiation]
+ssl_conf = 92-version-negotiation-ssl
+
+[92-version-negotiation-ssl]
+server = 92-version-negotiation-server
+client = 92-version-negotiation-client
+
+[92-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[92-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-92]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[93-version-negotiation]
+ssl_conf = 93-version-negotiation-ssl
+
+[93-version-negotiation-ssl]
+server = 93-version-negotiation-server
+client = 93-version-negotiation-client
+
+[93-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[93-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-93]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[94-version-negotiation]
+ssl_conf = 94-version-negotiation-ssl
+
+[94-version-negotiation-ssl]
+server = 94-version-negotiation-server
+client = 94-version-negotiation-client
+
+[94-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[94-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-94]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[95-version-negotiation]
+ssl_conf = 95-version-negotiation-ssl
+
+[95-version-negotiation-ssl]
+server = 95-version-negotiation-server
+client = 95-version-negotiation-client
+
+[95-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[95-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-95]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[96-version-negotiation]
+ssl_conf = 96-version-negotiation-ssl
+
+[96-version-negotiation-ssl]
+server = 96-version-negotiation-server
+client = 96-version-negotiation-client
+
+[96-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[96-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-96]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[97-version-negotiation]
+ssl_conf = 97-version-negotiation-ssl
+
+[97-version-negotiation-ssl]
+server = 97-version-negotiation-server
+client = 97-version-negotiation-client
+
+[97-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[97-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-97]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[98-version-negotiation]
+ssl_conf = 98-version-negotiation-ssl
+
+[98-version-negotiation-ssl]
+server = 98-version-negotiation-server
+client = 98-version-negotiation-client
+
+[98-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[98-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-98]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[99-version-negotiation]
+ssl_conf = 99-version-negotiation-ssl
+
+[99-version-negotiation-ssl]
+server = 99-version-negotiation-server
+client = 99-version-negotiation-client
+
+[99-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[99-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-99]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[100-version-negotiation]
+ssl_conf = 100-version-negotiation-ssl
+
+[100-version-negotiation-ssl]
+server = 100-version-negotiation-server
+client = 100-version-negotiation-client
+
+[100-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[100-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-100]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[101-version-negotiation]
+ssl_conf = 101-version-negotiation-ssl
+
+[101-version-negotiation-ssl]
+server = 101-version-negotiation-server
+client = 101-version-negotiation-client
+
+[101-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[101-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-101]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[102-version-negotiation]
+ssl_conf = 102-version-negotiation-ssl
+
+[102-version-negotiation-ssl]
+server = 102-version-negotiation-server
+client = 102-version-negotiation-client
+
+[102-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[102-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-102]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[103-version-negotiation]
+ssl_conf = 103-version-negotiation-ssl
+
+[103-version-negotiation-ssl]
+server = 103-version-negotiation-server
+client = 103-version-negotiation-client
+
+[103-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[103-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-103]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[104-version-negotiation]
+ssl_conf = 104-version-negotiation-ssl
+
+[104-version-negotiation-ssl]
+server = 104-version-negotiation-server
+client = 104-version-negotiation-client
+
+[104-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[104-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-104]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[105-version-negotiation]
+ssl_conf = 105-version-negotiation-ssl
+
+[105-version-negotiation-ssl]
+server = 105-version-negotiation-server
+client = 105-version-negotiation-client
+
+[105-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[105-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-105]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[106-version-negotiation]
+ssl_conf = 106-version-negotiation-ssl
+
+[106-version-negotiation-ssl]
+server = 106-version-negotiation-server
+client = 106-version-negotiation-client
+
+[106-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[106-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-106]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[107-version-negotiation]
+ssl_conf = 107-version-negotiation-ssl
+
+[107-version-negotiation-ssl]
+server = 107-version-negotiation-server
+client = 107-version-negotiation-client
+
+[107-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[107-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-107]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[108-version-negotiation]
+ssl_conf = 108-version-negotiation-ssl
+
+[108-version-negotiation-ssl]
+server = 108-version-negotiation-server
+client = 108-version-negotiation-client
+
+[108-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[108-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-108]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[109-version-negotiation]
+ssl_conf = 109-version-negotiation-ssl
+
+[109-version-negotiation-ssl]
+server = 109-version-negotiation-server
+client = 109-version-negotiation-client
+
+[109-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[109-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-109]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[110-version-negotiation]
+ssl_conf = 110-version-negotiation-ssl
+
+[110-version-negotiation-ssl]
+server = 110-version-negotiation-server
+client = 110-version-negotiation-client
+
+[110-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[110-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-110]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[111-version-negotiation]
+ssl_conf = 111-version-negotiation-ssl
+
+[111-version-negotiation-ssl]
+server = 111-version-negotiation-server
+client = 111-version-negotiation-client
+
+[111-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[111-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-111]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[112-version-negotiation]
+ssl_conf = 112-version-negotiation-ssl
+
+[112-version-negotiation-ssl]
+server = 112-version-negotiation-server
+client = 112-version-negotiation-client
+
+[112-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[112-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-112]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[113-version-negotiation]
+ssl_conf = 113-version-negotiation-ssl
+
+[113-version-negotiation-ssl]
+server = 113-version-negotiation-server
+client = 113-version-negotiation-client
+
+[113-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[113-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-113]
+ExpectedResult = InternalError
+
+
+# ===========================================================
+
+[114-version-negotiation]
+ssl_conf = 114-version-negotiation-ssl
+
+[114-version-negotiation-ssl]
+server = 114-version-negotiation-server
+client = 114-version-negotiation-client
+
+[114-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[114-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-114]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[115-version-negotiation]
+ssl_conf = 115-version-negotiation-ssl
+
+[115-version-negotiation-ssl]
+server = 115-version-negotiation-server
+client = 115-version-negotiation-client
+
+[115-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[115-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-115]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[116-version-negotiation]
+ssl_conf = 116-version-negotiation-ssl
+
+[116-version-negotiation-ssl]
+server = 116-version-negotiation-server
+client = 116-version-negotiation-client
+
+[116-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[116-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-116]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[117-version-negotiation]
+ssl_conf = 117-version-negotiation-ssl
+
+[117-version-negotiation-ssl]
+server = 117-version-negotiation-server
+client = 117-version-negotiation-client
+
+[117-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[117-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-117]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[118-version-negotiation]
+ssl_conf = 118-version-negotiation-ssl
+
+[118-version-negotiation-ssl]
+server = 118-version-negotiation-server
+client = 118-version-negotiation-client
+
+[118-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[118-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-118]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[119-version-negotiation]
+ssl_conf = 119-version-negotiation-ssl
+
+[119-version-negotiation-ssl]
+server = 119-version-negotiation-server
+client = 119-version-negotiation-client
+
+[119-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[119-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-119]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[120-version-negotiation]
+ssl_conf = 120-version-negotiation-ssl
+
+[120-version-negotiation-ssl]
+server = 120-version-negotiation-server
+client = 120-version-negotiation-client
+
+[120-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[120-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-120]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[121-version-negotiation]
+ssl_conf = 121-version-negotiation-ssl
+
+[121-version-negotiation-ssl]
+server = 121-version-negotiation-server
+client = 121-version-negotiation-client
+
+[121-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[121-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-121]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[122-version-negotiation]
+ssl_conf = 122-version-negotiation-ssl
+
+[122-version-negotiation-ssl]
+server = 122-version-negotiation-server
+client = 122-version-negotiation-client
+
+[122-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[122-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-122]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[123-version-negotiation]
+ssl_conf = 123-version-negotiation-ssl
+
+[123-version-negotiation-ssl]
+server = 123-version-negotiation-server
+client = 123-version-negotiation-client
+
+[123-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[123-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-123]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[124-version-negotiation]
+ssl_conf = 124-version-negotiation-ssl
+
+[124-version-negotiation-ssl]
+server = 124-version-negotiation-server
+client = 124-version-negotiation-client
+
+[124-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[124-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-124]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[125-version-negotiation]
+ssl_conf = 125-version-negotiation-ssl
+
+[125-version-negotiation-ssl]
+server = 125-version-negotiation-server
+client = 125-version-negotiation-client
+
+[125-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[125-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-125]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[126-version-negotiation]
+ssl_conf = 126-version-negotiation-ssl
+
+[126-version-negotiation-ssl]
+server = 126-version-negotiation-server
+client = 126-version-negotiation-client
+
+[126-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[126-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-126]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[127-version-negotiation]
+ssl_conf = 127-version-negotiation-ssl
+
+[127-version-negotiation-ssl]
+server = 127-version-negotiation-server
+client = 127-version-negotiation-client
+
+[127-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[127-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-127]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[128-version-negotiation]
+ssl_conf = 128-version-negotiation-ssl
+
+[128-version-negotiation-ssl]
+server = 128-version-negotiation-server
+client = 128-version-negotiation-client
+
+[128-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[128-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-128]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[129-version-negotiation]
+ssl_conf = 129-version-negotiation-ssl
+
+[129-version-negotiation-ssl]
+server = 129-version-negotiation-server
+client = 129-version-negotiation-client
+
+[129-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[129-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-129]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[130-version-negotiation]
+ssl_conf = 130-version-negotiation-ssl
+
+[130-version-negotiation-ssl]
+server = 130-version-negotiation-server
+client = 130-version-negotiation-client
+
+[130-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[130-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-130]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[131-version-negotiation]
+ssl_conf = 131-version-negotiation-ssl
+
+[131-version-negotiation-ssl]
+server = 131-version-negotiation-server
+client = 131-version-negotiation-client
+
+[131-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[131-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-131]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[132-version-negotiation]
+ssl_conf = 132-version-negotiation-ssl
+
+[132-version-negotiation-ssl]
+server = 132-version-negotiation-server
+client = 132-version-negotiation-client
+
+[132-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[132-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-132]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[133-version-negotiation]
+ssl_conf = 133-version-negotiation-ssl
+
+[133-version-negotiation-ssl]
+server = 133-version-negotiation-server
+client = 133-version-negotiation-client
+
+[133-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[133-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-133]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[134-version-negotiation]
+ssl_conf = 134-version-negotiation-ssl
+
+[134-version-negotiation-ssl]
+server = 134-version-negotiation-server
+client = 134-version-negotiation-client
+
+[134-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[134-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-134]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[135-version-negotiation]
+ssl_conf = 135-version-negotiation-ssl
+
+[135-version-negotiation-ssl]
+server = 135-version-negotiation-server
+client = 135-version-negotiation-client
+
+[135-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[135-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-135]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[136-version-negotiation]
+ssl_conf = 136-version-negotiation-ssl
+
+[136-version-negotiation-ssl]
+server = 136-version-negotiation-server
+client = 136-version-negotiation-client
+
+[136-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[136-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-136]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[137-version-negotiation]
+ssl_conf = 137-version-negotiation-ssl
+
+[137-version-negotiation-ssl]
+server = 137-version-negotiation-server
+client = 137-version-negotiation-client
+
+[137-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[137-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-137]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[138-version-negotiation]
+ssl_conf = 138-version-negotiation-ssl
+
+[138-version-negotiation-ssl]
+server = 138-version-negotiation-server
+client = 138-version-negotiation-client
+
+[138-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[138-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-138]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[139-version-negotiation]
+ssl_conf = 139-version-negotiation-ssl
+
+[139-version-negotiation-ssl]
+server = 139-version-negotiation-server
+client = 139-version-negotiation-client
+
+[139-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[139-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-139]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[140-version-negotiation]
+ssl_conf = 140-version-negotiation-ssl
+
+[140-version-negotiation-ssl]
+server = 140-version-negotiation-server
+client = 140-version-negotiation-client
+
+[140-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[140-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-140]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[141-version-negotiation]
+ssl_conf = 141-version-negotiation-ssl
+
+[141-version-negotiation-ssl]
+server = 141-version-negotiation-server
+client = 141-version-negotiation-client
+
+[141-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[141-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-141]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[142-version-negotiation]
+ssl_conf = 142-version-negotiation-ssl
+
+[142-version-negotiation-ssl]
+server = 142-version-negotiation-server
+client = 142-version-negotiation-client
+
+[142-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[142-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-142]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[143-version-negotiation]
+ssl_conf = 143-version-negotiation-ssl
+
+[143-version-negotiation-ssl]
+server = 143-version-negotiation-server
+client = 143-version-negotiation-client
+
+[143-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[143-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-143]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[144-version-negotiation]
+ssl_conf = 144-version-negotiation-ssl
+
+[144-version-negotiation-ssl]
+server = 144-version-negotiation-server
+client = 144-version-negotiation-client
+
+[144-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[144-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-144]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[145-version-negotiation]
+ssl_conf = 145-version-negotiation-ssl
+
+[145-version-negotiation-ssl]
+server = 145-version-negotiation-server
+client = 145-version-negotiation-client
+
+[145-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[145-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-145]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[146-version-negotiation]
+ssl_conf = 146-version-negotiation-ssl
+
+[146-version-negotiation-ssl]
+server = 146-version-negotiation-server
+client = 146-version-negotiation-client
+
+[146-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[146-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-146]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[147-version-negotiation]
+ssl_conf = 147-version-negotiation-ssl
+
+[147-version-negotiation-ssl]
+server = 147-version-negotiation-server
+client = 147-version-negotiation-client
+
+[147-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[147-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-147]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[148-version-negotiation]
+ssl_conf = 148-version-negotiation-ssl
+
+[148-version-negotiation-ssl]
+server = 148-version-negotiation-server
+client = 148-version-negotiation-client
+
+[148-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[148-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-148]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[149-version-negotiation]
+ssl_conf = 149-version-negotiation-ssl
+
+[149-version-negotiation-ssl]
+server = 149-version-negotiation-server
+client = 149-version-negotiation-client
+
+[149-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[149-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-149]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[150-version-negotiation]
+ssl_conf = 150-version-negotiation-ssl
+
+[150-version-negotiation-ssl]
+server = 150-version-negotiation-server
+client = 150-version-negotiation-client
+
+[150-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[150-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-150]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[151-version-negotiation]
+ssl_conf = 151-version-negotiation-ssl
+
+[151-version-negotiation-ssl]
+server = 151-version-negotiation-server
+client = 151-version-negotiation-client
+
+[151-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[151-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-151]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[152-version-negotiation]
+ssl_conf = 152-version-negotiation-ssl
+
+[152-version-negotiation-ssl]
+server = 152-version-negotiation-server
+client = 152-version-negotiation-client
+
+[152-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[152-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-152]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[153-version-negotiation]
+ssl_conf = 153-version-negotiation-ssl
+
+[153-version-negotiation-ssl]
+server = 153-version-negotiation-server
+client = 153-version-negotiation-client
+
+[153-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[153-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-153]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[154-version-negotiation]
+ssl_conf = 154-version-negotiation-ssl
+
+[154-version-negotiation-ssl]
+server = 154-version-negotiation-server
+client = 154-version-negotiation-client
+
+[154-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[154-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-154]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[155-version-negotiation]
+ssl_conf = 155-version-negotiation-ssl
+
+[155-version-negotiation-ssl]
+server = 155-version-negotiation-server
+client = 155-version-negotiation-client
+
+[155-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[155-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-155]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[156-version-negotiation]
+ssl_conf = 156-version-negotiation-ssl
+
+[156-version-negotiation-ssl]
+server = 156-version-negotiation-server
+client = 156-version-negotiation-client
+
+[156-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[156-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-156]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[157-version-negotiation]
+ssl_conf = 157-version-negotiation-ssl
+
+[157-version-negotiation-ssl]
+server = 157-version-negotiation-server
+client = 157-version-negotiation-client
+
+[157-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[157-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-157]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[158-version-negotiation]
+ssl_conf = 158-version-negotiation-ssl
+
+[158-version-negotiation-ssl]
+server = 158-version-negotiation-server
+client = 158-version-negotiation-client
+
+[158-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[158-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-158]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[159-version-negotiation]
+ssl_conf = 159-version-negotiation-ssl
+
+[159-version-negotiation-ssl]
+server = 159-version-negotiation-server
+client = 159-version-negotiation-client
+
+[159-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[159-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-159]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[160-version-negotiation]
+ssl_conf = 160-version-negotiation-ssl
+
+[160-version-negotiation-ssl]
+server = 160-version-negotiation-server
+client = 160-version-negotiation-client
+
+[160-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[160-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-160]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[161-version-negotiation]
+ssl_conf = 161-version-negotiation-ssl
+
+[161-version-negotiation-ssl]
+server = 161-version-negotiation-server
+client = 161-version-negotiation-client
+
+[161-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[161-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-161]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[162-version-negotiation]
+ssl_conf = 162-version-negotiation-ssl
+
+[162-version-negotiation-ssl]
+server = 162-version-negotiation-server
+client = 162-version-negotiation-client
+
+[162-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[162-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-162]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[163-version-negotiation]
+ssl_conf = 163-version-negotiation-ssl
+
+[163-version-negotiation-ssl]
+server = 163-version-negotiation-server
+client = 163-version-negotiation-client
+
+[163-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[163-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-163]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[164-version-negotiation]
+ssl_conf = 164-version-negotiation-ssl
+
+[164-version-negotiation-ssl]
+server = 164-version-negotiation-server
+client = 164-version-negotiation-client
+
+[164-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[164-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-164]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[165-version-negotiation]
+ssl_conf = 165-version-negotiation-ssl
+
+[165-version-negotiation-ssl]
+server = 165-version-negotiation-server
+client = 165-version-negotiation-client
+
+[165-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[165-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-165]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[166-version-negotiation]
+ssl_conf = 166-version-negotiation-ssl
+
+[166-version-negotiation-ssl]
+server = 166-version-negotiation-server
+client = 166-version-negotiation-client
+
+[166-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[166-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-166]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[167-version-negotiation]
+ssl_conf = 167-version-negotiation-ssl
+
+[167-version-negotiation-ssl]
+server = 167-version-negotiation-server
+client = 167-version-negotiation-client
+
+[167-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[167-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-167]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[168-version-negotiation]
+ssl_conf = 168-version-negotiation-ssl
+
+[168-version-negotiation-ssl]
+server = 168-version-negotiation-server
+client = 168-version-negotiation-client
+
+[168-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[168-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-168]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[169-version-negotiation]
+ssl_conf = 169-version-negotiation-ssl
+
+[169-version-negotiation-ssl]
+server = 169-version-negotiation-server
+client = 169-version-negotiation-client
+
+[169-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[169-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-169]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[170-version-negotiation]
+ssl_conf = 170-version-negotiation-ssl
+
+[170-version-negotiation-ssl]
+server = 170-version-negotiation-server
+client = 170-version-negotiation-client
+
+[170-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[170-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-170]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[171-version-negotiation]
+ssl_conf = 171-version-negotiation-ssl
+
+[171-version-negotiation-ssl]
+server = 171-version-negotiation-server
+client = 171-version-negotiation-client
+
+[171-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[171-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-171]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[172-version-negotiation]
+ssl_conf = 172-version-negotiation-ssl
+
+[172-version-negotiation-ssl]
+server = 172-version-negotiation-server
+client = 172-version-negotiation-client
+
+[172-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[172-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-172]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[173-version-negotiation]
+ssl_conf = 173-version-negotiation-ssl
+
+[173-version-negotiation-ssl]
+server = 173-version-negotiation-server
+client = 173-version-negotiation-client
+
+[173-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[173-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-173]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[174-version-negotiation]
+ssl_conf = 174-version-negotiation-ssl
+
+[174-version-negotiation-ssl]
+server = 174-version-negotiation-server
+client = 174-version-negotiation-client
+
+[174-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[174-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-174]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[175-version-negotiation]
+ssl_conf = 175-version-negotiation-ssl
+
+[175-version-negotiation-ssl]
+server = 175-version-negotiation-server
+client = 175-version-negotiation-client
+
+[175-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[175-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-175]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[176-version-negotiation]
+ssl_conf = 176-version-negotiation-ssl
+
+[176-version-negotiation-ssl]
+server = 176-version-negotiation-server
+client = 176-version-negotiation-client
+
+[176-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[176-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-176]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[177-version-negotiation]
+ssl_conf = 177-version-negotiation-ssl
+
+[177-version-negotiation-ssl]
+server = 177-version-negotiation-server
+client = 177-version-negotiation-client
+
+[177-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[177-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-177]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[178-version-negotiation]
+ssl_conf = 178-version-negotiation-ssl
+
+[178-version-negotiation-ssl]
+server = 178-version-negotiation-server
+client = 178-version-negotiation-client
+
+[178-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[178-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-178]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[179-version-negotiation]
+ssl_conf = 179-version-negotiation-ssl
+
+[179-version-negotiation-ssl]
+server = 179-version-negotiation-server
+client = 179-version-negotiation-client
+
+[179-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[179-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-179]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[180-version-negotiation]
+ssl_conf = 180-version-negotiation-ssl
+
+[180-version-negotiation-ssl]
+server = 180-version-negotiation-server
+client = 180-version-negotiation-client
+
+[180-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[180-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-180]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[181-version-negotiation]
+ssl_conf = 181-version-negotiation-ssl
+
+[181-version-negotiation-ssl]
+server = 181-version-negotiation-server
+client = 181-version-negotiation-client
+
+[181-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[181-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-181]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[182-version-negotiation]
+ssl_conf = 182-version-negotiation-ssl
+
+[182-version-negotiation-ssl]
+server = 182-version-negotiation-server
+client = 182-version-negotiation-client
+
+[182-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[182-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-182]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[183-version-negotiation]
+ssl_conf = 183-version-negotiation-ssl
+
+[183-version-negotiation-ssl]
+server = 183-version-negotiation-server
+client = 183-version-negotiation-client
+
+[183-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[183-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-183]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[184-version-negotiation]
+ssl_conf = 184-version-negotiation-ssl
+
+[184-version-negotiation-ssl]
+server = 184-version-negotiation-server
+client = 184-version-negotiation-client
+
+[184-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[184-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-184]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[185-version-negotiation]
+ssl_conf = 185-version-negotiation-ssl
+
+[185-version-negotiation-ssl]
+server = 185-version-negotiation-server
+client = 185-version-negotiation-client
+
+[185-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[185-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-185]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[186-version-negotiation]
+ssl_conf = 186-version-negotiation-ssl
+
+[186-version-negotiation-ssl]
+server = 186-version-negotiation-server
+client = 186-version-negotiation-client
+
+[186-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[186-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-186]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[187-version-negotiation]
+ssl_conf = 187-version-negotiation-ssl
+
+[187-version-negotiation-ssl]
+server = 187-version-negotiation-server
+client = 187-version-negotiation-client
+
+[187-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[187-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-187]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[188-version-negotiation]
+ssl_conf = 188-version-negotiation-ssl
+
+[188-version-negotiation-ssl]
+server = 188-version-negotiation-server
+client = 188-version-negotiation-client
+
+[188-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[188-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-188]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[189-version-negotiation]
+ssl_conf = 189-version-negotiation-ssl
+
+[189-version-negotiation-ssl]
+server = 189-version-negotiation-server
+client = 189-version-negotiation-client
+
+[189-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[189-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-189]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[190-version-negotiation]
+ssl_conf = 190-version-negotiation-ssl
+
+[190-version-negotiation-ssl]
+server = 190-version-negotiation-server
+client = 190-version-negotiation-client
+
+[190-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[190-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-190]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[191-version-negotiation]
+ssl_conf = 191-version-negotiation-ssl
+
+[191-version-negotiation-ssl]
+server = 191-version-negotiation-server
+client = 191-version-negotiation-client
+
+[191-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[191-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-191]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[192-version-negotiation]
+ssl_conf = 192-version-negotiation-ssl
+
+[192-version-negotiation-ssl]
+server = 192-version-negotiation-server
+client = 192-version-negotiation-client
+
+[192-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[192-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-192]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[193-version-negotiation]
+ssl_conf = 193-version-negotiation-ssl
+
+[193-version-negotiation-ssl]
+server = 193-version-negotiation-server
+client = 193-version-negotiation-client
+
+[193-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[193-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-193]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[194-version-negotiation]
+ssl_conf = 194-version-negotiation-ssl
+
+[194-version-negotiation-ssl]
+server = 194-version-negotiation-server
+client = 194-version-negotiation-client
+
+[194-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[194-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-194]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[195-version-negotiation]
+ssl_conf = 195-version-negotiation-ssl
+
+[195-version-negotiation-ssl]
+server = 195-version-negotiation-server
+client = 195-version-negotiation-client
+
+[195-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[195-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-195]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[196-version-negotiation]
+ssl_conf = 196-version-negotiation-ssl
+
+[196-version-negotiation-ssl]
+server = 196-version-negotiation-server
+client = 196-version-negotiation-client
+
+[196-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[196-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-196]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[197-version-negotiation]
+ssl_conf = 197-version-negotiation-ssl
+
+[197-version-negotiation-ssl]
+server = 197-version-negotiation-server
+client = 197-version-negotiation-client
+
+[197-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[197-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-197]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[198-version-negotiation]
+ssl_conf = 198-version-negotiation-ssl
+
+[198-version-negotiation-ssl]
+server = 198-version-negotiation-server
+client = 198-version-negotiation-client
+
+[198-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[198-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-198]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[199-version-negotiation]
+ssl_conf = 199-version-negotiation-ssl
+
+[199-version-negotiation-ssl]
+server = 199-version-negotiation-server
+client = 199-version-negotiation-client
+
+[199-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[199-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-199]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[200-version-negotiation]
+ssl_conf = 200-version-negotiation-ssl
+
+[200-version-negotiation-ssl]
+server = 200-version-negotiation-server
+client = 200-version-negotiation-client
+
+[200-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[200-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-200]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[201-version-negotiation]
+ssl_conf = 201-version-negotiation-ssl
+
+[201-version-negotiation-ssl]
+server = 201-version-negotiation-server
+client = 201-version-negotiation-client
+
+[201-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[201-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-201]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[202-version-negotiation]
+ssl_conf = 202-version-negotiation-ssl
+
+[202-version-negotiation-ssl]
+server = 202-version-negotiation-server
+client = 202-version-negotiation-client
+
+[202-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[202-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-202]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[203-version-negotiation]
+ssl_conf = 203-version-negotiation-ssl
+
+[203-version-negotiation-ssl]
+server = 203-version-negotiation-server
+client = 203-version-negotiation-client
+
+[203-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[203-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-203]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[204-version-negotiation]
+ssl_conf = 204-version-negotiation-ssl
+
+[204-version-negotiation-ssl]
+server = 204-version-negotiation-server
+client = 204-version-negotiation-client
+
+[204-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[204-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-204]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[205-version-negotiation]
+ssl_conf = 205-version-negotiation-ssl
+
+[205-version-negotiation-ssl]
+server = 205-version-negotiation-server
+client = 205-version-negotiation-client
+
+[205-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[205-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-205]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[206-version-negotiation]
+ssl_conf = 206-version-negotiation-ssl
+
+[206-version-negotiation-ssl]
+server = 206-version-negotiation-server
+client = 206-version-negotiation-client
+
+[206-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[206-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-206]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[207-version-negotiation]
+ssl_conf = 207-version-negotiation-ssl
+
+[207-version-negotiation-ssl]
+server = 207-version-negotiation-server
+client = 207-version-negotiation-client
+
+[207-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[207-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-207]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[208-version-negotiation]
+ssl_conf = 208-version-negotiation-ssl
+
+[208-version-negotiation-ssl]
+server = 208-version-negotiation-server
+client = 208-version-negotiation-client
+
+[208-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[208-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-208]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[209-version-negotiation]
+ssl_conf = 209-version-negotiation-ssl
+
+[209-version-negotiation-ssl]
+server = 209-version-negotiation-server
+client = 209-version-negotiation-client
+
+[209-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[209-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-209]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[210-version-negotiation]
+ssl_conf = 210-version-negotiation-ssl
+
+[210-version-negotiation-ssl]
+server = 210-version-negotiation-server
+client = 210-version-negotiation-client
+
+[210-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[210-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-210]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[211-version-negotiation]
+ssl_conf = 211-version-negotiation-ssl
+
+[211-version-negotiation-ssl]
+server = 211-version-negotiation-server
+client = 211-version-negotiation-client
+
+[211-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[211-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-211]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[212-version-negotiation]
+ssl_conf = 212-version-negotiation-ssl
+
+[212-version-negotiation-ssl]
+server = 212-version-negotiation-server
+client = 212-version-negotiation-client
+
+[212-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[212-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-212]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[213-version-negotiation]
+ssl_conf = 213-version-negotiation-ssl
+
+[213-version-negotiation-ssl]
+server = 213-version-negotiation-server
+client = 213-version-negotiation-client
+
+[213-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[213-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-213]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[214-version-negotiation]
+ssl_conf = 214-version-negotiation-ssl
+
+[214-version-negotiation-ssl]
+server = 214-version-negotiation-server
+client = 214-version-negotiation-client
+
+[214-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[214-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-214]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[215-version-negotiation]
+ssl_conf = 215-version-negotiation-ssl
+
+[215-version-negotiation-ssl]
+server = 215-version-negotiation-server
+client = 215-version-negotiation-client
+
+[215-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[215-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-215]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[216-version-negotiation]
+ssl_conf = 216-version-negotiation-ssl
+
+[216-version-negotiation-ssl]
+server = 216-version-negotiation-server
+client = 216-version-negotiation-client
+
+[216-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[216-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-216]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[217-version-negotiation]
+ssl_conf = 217-version-negotiation-ssl
+
+[217-version-negotiation-ssl]
+server = 217-version-negotiation-server
+client = 217-version-negotiation-client
+
+[217-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[217-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-217]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[218-version-negotiation]
+ssl_conf = 218-version-negotiation-ssl
+
+[218-version-negotiation-ssl]
+server = 218-version-negotiation-server
+client = 218-version-negotiation-client
+
+[218-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[218-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-218]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[219-version-negotiation]
+ssl_conf = 219-version-negotiation-ssl
+
+[219-version-negotiation-ssl]
+server = 219-version-negotiation-server
+client = 219-version-negotiation-client
+
+[219-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[219-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-219]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[220-version-negotiation]
+ssl_conf = 220-version-negotiation-ssl
+
+[220-version-negotiation-ssl]
+server = 220-version-negotiation-server
+client = 220-version-negotiation-client
+
+[220-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[220-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-220]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[221-version-negotiation]
+ssl_conf = 221-version-negotiation-ssl
+
+[221-version-negotiation-ssl]
+server = 221-version-negotiation-server
+client = 221-version-negotiation-client
+
+[221-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[221-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-221]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[222-version-negotiation]
+ssl_conf = 222-version-negotiation-ssl
+
+[222-version-negotiation-ssl]
+server = 222-version-negotiation-server
+client = 222-version-negotiation-client
+
+[222-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[222-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-222]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[223-version-negotiation]
+ssl_conf = 223-version-negotiation-ssl
+
+[223-version-negotiation-ssl]
+server = 223-version-negotiation-server
+client = 223-version-negotiation-client
+
+[223-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[223-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-223]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[224-version-negotiation]
+ssl_conf = 224-version-negotiation-ssl
+
+[224-version-negotiation-ssl]
+server = 224-version-negotiation-server
+client = 224-version-negotiation-client
+
+[224-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[224-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-224]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[225-version-negotiation]
+ssl_conf = 225-version-negotiation-ssl
+
+[225-version-negotiation-ssl]
+server = 225-version-negotiation-server
+client = 225-version-negotiation-client
+
+[225-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[225-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-225]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[226-version-negotiation]
+ssl_conf = 226-version-negotiation-ssl
+
+[226-version-negotiation-ssl]
+server = 226-version-negotiation-server
+client = 226-version-negotiation-client
+
+[226-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[226-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-226]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[227-version-negotiation]
+ssl_conf = 227-version-negotiation-ssl
+
+[227-version-negotiation-ssl]
+server = 227-version-negotiation-server
+client = 227-version-negotiation-client
+
+[227-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[227-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-227]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[228-version-negotiation]
+ssl_conf = 228-version-negotiation-ssl
+
+[228-version-negotiation-ssl]
+server = 228-version-negotiation-server
+client = 228-version-negotiation-client
+
+[228-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[228-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-228]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[229-version-negotiation]
+ssl_conf = 229-version-negotiation-ssl
+
+[229-version-negotiation-ssl]
+server = 229-version-negotiation-server
+client = 229-version-negotiation-client
+
+[229-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[229-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-229]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[230-version-negotiation]
+ssl_conf = 230-version-negotiation-ssl
+
+[230-version-negotiation-ssl]
+server = 230-version-negotiation-server
+client = 230-version-negotiation-client
+
+[230-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[230-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-230]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[231-version-negotiation]
+ssl_conf = 231-version-negotiation-ssl
+
+[231-version-negotiation-ssl]
+server = 231-version-negotiation-server
+client = 231-version-negotiation-client
+
+[231-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[231-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-231]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[232-version-negotiation]
+ssl_conf = 232-version-negotiation-ssl
+
+[232-version-negotiation-ssl]
+server = 232-version-negotiation-server
+client = 232-version-negotiation-client
+
+[232-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[232-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-232]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[233-version-negotiation]
+ssl_conf = 233-version-negotiation-ssl
+
+[233-version-negotiation-ssl]
+server = 233-version-negotiation-server
+client = 233-version-negotiation-client
+
+[233-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[233-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-233]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[234-version-negotiation]
+ssl_conf = 234-version-negotiation-ssl
+
+[234-version-negotiation-ssl]
+server = 234-version-negotiation-server
+client = 234-version-negotiation-client
+
+[234-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[234-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-234]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[235-version-negotiation]
+ssl_conf = 235-version-negotiation-ssl
+
+[235-version-negotiation-ssl]
+server = 235-version-negotiation-server
+client = 235-version-negotiation-client
+
+[235-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[235-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-235]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[236-version-negotiation]
+ssl_conf = 236-version-negotiation-ssl
+
+[236-version-negotiation-ssl]
+server = 236-version-negotiation-server
+client = 236-version-negotiation-client
+
+[236-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[236-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-236]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[237-version-negotiation]
+ssl_conf = 237-version-negotiation-ssl
+
+[237-version-negotiation-ssl]
+server = 237-version-negotiation-server
+client = 237-version-negotiation-client
+
+[237-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[237-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-237]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[238-version-negotiation]
+ssl_conf = 238-version-negotiation-ssl
+
+[238-version-negotiation-ssl]
+server = 238-version-negotiation-server
+client = 238-version-negotiation-client
+
+[238-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[238-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-238]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[239-version-negotiation]
+ssl_conf = 239-version-negotiation-ssl
+
+[239-version-negotiation-ssl]
+server = 239-version-negotiation-server
+client = 239-version-negotiation-client
+
+[239-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[239-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-239]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[240-version-negotiation]
+ssl_conf = 240-version-negotiation-ssl
+
+[240-version-negotiation-ssl]
+server = 240-version-negotiation-server
+client = 240-version-negotiation-client
+
+[240-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[240-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-240]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[241-version-negotiation]
+ssl_conf = 241-version-negotiation-ssl
+
+[241-version-negotiation-ssl]
+server = 241-version-negotiation-server
+client = 241-version-negotiation-client
+
+[241-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[241-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-241]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[242-version-negotiation]
+ssl_conf = 242-version-negotiation-ssl
+
+[242-version-negotiation-ssl]
+server = 242-version-negotiation-server
+client = 242-version-negotiation-client
+
+[242-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[242-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-242]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[243-version-negotiation]
+ssl_conf = 243-version-negotiation-ssl
+
+[243-version-negotiation-ssl]
+server = 243-version-negotiation-server
+client = 243-version-negotiation-client
+
+[243-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[243-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-243]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[244-version-negotiation]
+ssl_conf = 244-version-negotiation-ssl
+
+[244-version-negotiation-ssl]
+server = 244-version-negotiation-server
+client = 244-version-negotiation-client
+
+[244-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[244-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-244]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[245-version-negotiation]
+ssl_conf = 245-version-negotiation-ssl
+
+[245-version-negotiation-ssl]
+server = 245-version-negotiation-server
+client = 245-version-negotiation-client
+
+[245-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[245-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-245]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[246-version-negotiation]
+ssl_conf = 246-version-negotiation-ssl
+
+[246-version-negotiation-ssl]
+server = 246-version-negotiation-server
+client = 246-version-negotiation-client
+
+[246-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[246-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-246]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[247-version-negotiation]
+ssl_conf = 247-version-negotiation-ssl
+
+[247-version-negotiation-ssl]
+server = 247-version-negotiation-server
+client = 247-version-negotiation-client
+
+[247-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[247-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-247]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[248-version-negotiation]
+ssl_conf = 248-version-negotiation-ssl
+
+[248-version-negotiation-ssl]
+server = 248-version-negotiation-server
+client = 248-version-negotiation-client
+
+[248-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[248-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-248]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[249-version-negotiation]
+ssl_conf = 249-version-negotiation-ssl
+
+[249-version-negotiation-ssl]
+server = 249-version-negotiation-server
+client = 249-version-negotiation-client
+
+[249-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[249-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-249]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[250-version-negotiation]
+ssl_conf = 250-version-negotiation-ssl
+
+[250-version-negotiation-ssl]
+server = 250-version-negotiation-server
+client = 250-version-negotiation-client
+
+[250-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[250-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-250]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[251-version-negotiation]
+ssl_conf = 251-version-negotiation-ssl
+
+[251-version-negotiation-ssl]
+server = 251-version-negotiation-server
+client = 251-version-negotiation-client
+
+[251-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[251-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-251]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[252-version-negotiation]
+ssl_conf = 252-version-negotiation-ssl
+
+[252-version-negotiation-ssl]
+server = 252-version-negotiation-server
+client = 252-version-negotiation-client
+
+[252-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[252-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-252]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[253-version-negotiation]
+ssl_conf = 253-version-negotiation-ssl
+
+[253-version-negotiation-ssl]
+server = 253-version-negotiation-server
+client = 253-version-negotiation-client
+
+[253-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[253-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-253]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[254-version-negotiation]
+ssl_conf = 254-version-negotiation-ssl
+
+[254-version-negotiation-ssl]
+server = 254-version-negotiation-server
+client = 254-version-negotiation-client
+
+[254-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[254-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-254]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[255-version-negotiation]
+ssl_conf = 255-version-negotiation-ssl
+
+[255-version-negotiation-ssl]
+server = 255-version-negotiation-server
+client = 255-version-negotiation-client
+
+[255-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[255-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-255]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[256-version-negotiation]
+ssl_conf = 256-version-negotiation-ssl
+
+[256-version-negotiation-ssl]
+server = 256-version-negotiation-server
+client = 256-version-negotiation-client
+
+[256-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[256-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-256]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[257-version-negotiation]
+ssl_conf = 257-version-negotiation-ssl
+
+[257-version-negotiation-ssl]
+server = 257-version-negotiation-server
+client = 257-version-negotiation-client
+
+[257-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[257-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-257]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[258-version-negotiation]
+ssl_conf = 258-version-negotiation-ssl
+
+[258-version-negotiation-ssl]
+server = 258-version-negotiation-server
+client = 258-version-negotiation-client
+
+[258-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[258-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-258]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[259-version-negotiation]
+ssl_conf = 259-version-negotiation-ssl
+
+[259-version-negotiation-ssl]
+server = 259-version-negotiation-server
+client = 259-version-negotiation-client
+
+[259-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[259-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-259]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[260-version-negotiation]
+ssl_conf = 260-version-negotiation-ssl
+
+[260-version-negotiation-ssl]
+server = 260-version-negotiation-server
+client = 260-version-negotiation-client
+
+[260-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[260-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-260]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[261-version-negotiation]
+ssl_conf = 261-version-negotiation-ssl
+
+[261-version-negotiation-ssl]
+server = 261-version-negotiation-server
+client = 261-version-negotiation-client
+
+[261-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[261-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-261]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[262-version-negotiation]
+ssl_conf = 262-version-negotiation-ssl
+
+[262-version-negotiation-ssl]
+server = 262-version-negotiation-server
+client = 262-version-negotiation-client
+
+[262-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[262-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-262]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[263-version-negotiation]
+ssl_conf = 263-version-negotiation-ssl
+
+[263-version-negotiation-ssl]
+server = 263-version-negotiation-server
+client = 263-version-negotiation-client
+
+[263-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[263-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-263]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[264-version-negotiation]
+ssl_conf = 264-version-negotiation-ssl
+
+[264-version-negotiation-ssl]
+server = 264-version-negotiation-server
+client = 264-version-negotiation-client
+
+[264-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[264-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-264]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[265-version-negotiation]
+ssl_conf = 265-version-negotiation-ssl
+
+[265-version-negotiation-ssl]
+server = 265-version-negotiation-server
+client = 265-version-negotiation-client
+
+[265-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[265-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-265]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[266-version-negotiation]
+ssl_conf = 266-version-negotiation-ssl
+
+[266-version-negotiation-ssl]
+server = 266-version-negotiation-server
+client = 266-version-negotiation-client
+
+[266-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[266-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-266]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[267-version-negotiation]
+ssl_conf = 267-version-negotiation-ssl
+
+[267-version-negotiation-ssl]
+server = 267-version-negotiation-server
+client = 267-version-negotiation-client
+
+[267-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[267-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-267]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[268-version-negotiation]
+ssl_conf = 268-version-negotiation-ssl
+
+[268-version-negotiation-ssl]
+server = 268-version-negotiation-server
+client = 268-version-negotiation-client
+
+[268-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[268-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-268]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[269-version-negotiation]
+ssl_conf = 269-version-negotiation-ssl
+
+[269-version-negotiation-ssl]
+server = 269-version-negotiation-server
+client = 269-version-negotiation-client
+
+[269-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[269-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-269]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[270-version-negotiation]
+ssl_conf = 270-version-negotiation-ssl
+
+[270-version-negotiation-ssl]
+server = 270-version-negotiation-server
+client = 270-version-negotiation-client
+
+[270-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[270-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-270]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[271-version-negotiation]
+ssl_conf = 271-version-negotiation-ssl
+
+[271-version-negotiation-ssl]
+server = 271-version-negotiation-server
+client = 271-version-negotiation-client
+
+[271-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[271-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-271]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[272-version-negotiation]
+ssl_conf = 272-version-negotiation-ssl
+
+[272-version-negotiation-ssl]
+server = 272-version-negotiation-server
+client = 272-version-negotiation-client
+
+[272-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[272-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-272]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[273-version-negotiation]
+ssl_conf = 273-version-negotiation-ssl
+
+[273-version-negotiation-ssl]
+server = 273-version-negotiation-server
+client = 273-version-negotiation-client
+
+[273-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[273-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-273]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[274-version-negotiation]
+ssl_conf = 274-version-negotiation-ssl
+
+[274-version-negotiation-ssl]
+server = 274-version-negotiation-server
+client = 274-version-negotiation-client
+
+[274-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[274-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-274]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[275-version-negotiation]
+ssl_conf = 275-version-negotiation-ssl
+
+[275-version-negotiation-ssl]
+server = 275-version-negotiation-server
+client = 275-version-negotiation-client
+
+[275-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[275-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-275]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[276-version-negotiation]
+ssl_conf = 276-version-negotiation-ssl
+
+[276-version-negotiation-ssl]
+server = 276-version-negotiation-server
+client = 276-version-negotiation-client
+
+[276-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[276-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-276]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[277-version-negotiation]
+ssl_conf = 277-version-negotiation-ssl
+
+[277-version-negotiation-ssl]
+server = 277-version-negotiation-server
+client = 277-version-negotiation-client
+
+[277-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[277-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-277]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[278-version-negotiation]
+ssl_conf = 278-version-negotiation-ssl
+
+[278-version-negotiation-ssl]
+server = 278-version-negotiation-server
+client = 278-version-negotiation-client
+
+[278-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[278-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-278]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[279-version-negotiation]
+ssl_conf = 279-version-negotiation-ssl
+
+[279-version-negotiation-ssl]
+server = 279-version-negotiation-server
+client = 279-version-negotiation-client
+
+[279-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[279-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-279]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[280-version-negotiation]
+ssl_conf = 280-version-negotiation-ssl
+
+[280-version-negotiation-ssl]
+server = 280-version-negotiation-server
+client = 280-version-negotiation-client
+
+[280-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[280-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-280]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[281-version-negotiation]
+ssl_conf = 281-version-negotiation-ssl
+
+[281-version-negotiation-ssl]
+server = 281-version-negotiation-server
+client = 281-version-negotiation-client
+
+[281-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[281-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-281]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[282-version-negotiation]
+ssl_conf = 282-version-negotiation-ssl
+
+[282-version-negotiation-ssl]
+server = 282-version-negotiation-server
+client = 282-version-negotiation-client
+
+[282-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[282-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-282]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[283-version-negotiation]
+ssl_conf = 283-version-negotiation-ssl
+
+[283-version-negotiation-ssl]
+server = 283-version-negotiation-server
+client = 283-version-negotiation-client
+
+[283-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[283-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-283]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[284-version-negotiation]
+ssl_conf = 284-version-negotiation-ssl
+
+[284-version-negotiation-ssl]
+server = 284-version-negotiation-server
+client = 284-version-negotiation-client
+
+[284-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[284-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-284]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[285-version-negotiation]
+ssl_conf = 285-version-negotiation-ssl
+
+[285-version-negotiation-ssl]
+server = 285-version-negotiation-server
+client = 285-version-negotiation-client
+
+[285-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[285-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-285]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[286-version-negotiation]
+ssl_conf = 286-version-negotiation-ssl
+
+[286-version-negotiation-ssl]
+server = 286-version-negotiation-server
+client = 286-version-negotiation-client
+
+[286-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[286-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-286]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[287-version-negotiation]
+ssl_conf = 287-version-negotiation-ssl
+
+[287-version-negotiation-ssl]
+server = 287-version-negotiation-server
+client = 287-version-negotiation-client
+
+[287-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[287-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-287]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[288-version-negotiation]
+ssl_conf = 288-version-negotiation-ssl
+
+[288-version-negotiation-ssl]
+server = 288-version-negotiation-server
+client = 288-version-negotiation-client
+
+[288-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[288-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-288]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[289-version-negotiation]
+ssl_conf = 289-version-negotiation-ssl
+
+[289-version-negotiation-ssl]
+server = 289-version-negotiation-server
+client = 289-version-negotiation-client
+
+[289-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[289-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-289]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[290-version-negotiation]
+ssl_conf = 290-version-negotiation-ssl
+
+[290-version-negotiation-ssl]
+server = 290-version-negotiation-server
+client = 290-version-negotiation-client
+
+[290-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[290-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-290]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[291-version-negotiation]
+ssl_conf = 291-version-negotiation-ssl
+
+[291-version-negotiation-ssl]
+server = 291-version-negotiation-server
+client = 291-version-negotiation-client
+
+[291-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[291-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-291]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[292-version-negotiation]
+ssl_conf = 292-version-negotiation-ssl
+
+[292-version-negotiation-ssl]
+server = 292-version-negotiation-server
+client = 292-version-negotiation-client
+
+[292-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[292-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-292]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[293-version-negotiation]
+ssl_conf = 293-version-negotiation-ssl
+
+[293-version-negotiation-ssl]
+server = 293-version-negotiation-server
+client = 293-version-negotiation-client
+
+[293-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[293-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-293]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[294-version-negotiation]
+ssl_conf = 294-version-negotiation-ssl
+
+[294-version-negotiation-ssl]
+server = 294-version-negotiation-server
+client = 294-version-negotiation-client
+
+[294-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[294-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-294]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[295-version-negotiation]
+ssl_conf = 295-version-negotiation-ssl
+
+[295-version-negotiation-ssl]
+server = 295-version-negotiation-server
+client = 295-version-negotiation-client
+
+[295-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[295-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-295]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[296-version-negotiation]
+ssl_conf = 296-version-negotiation-ssl
+
+[296-version-negotiation-ssl]
+server = 296-version-negotiation-server
+client = 296-version-negotiation-client
+
+[296-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[296-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-296]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[297-version-negotiation]
+ssl_conf = 297-version-negotiation-ssl
+
+[297-version-negotiation-ssl]
+server = 297-version-negotiation-server
+client = 297-version-negotiation-client
+
+[297-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[297-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-297]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[298-version-negotiation]
+ssl_conf = 298-version-negotiation-ssl
+
+[298-version-negotiation-ssl]
+server = 298-version-negotiation-server
+client = 298-version-negotiation-client
+
+[298-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[298-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-298]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[299-version-negotiation]
+ssl_conf = 299-version-negotiation-ssl
+
+[299-version-negotiation-ssl]
+server = 299-version-negotiation-server
+client = 299-version-negotiation-client
+
+[299-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[299-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-299]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[300-version-negotiation]
+ssl_conf = 300-version-negotiation-ssl
+
+[300-version-negotiation-ssl]
+server = 300-version-negotiation-server
+client = 300-version-negotiation-client
+
+[300-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[300-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-300]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[301-version-negotiation]
+ssl_conf = 301-version-negotiation-ssl
+
+[301-version-negotiation-ssl]
+server = 301-version-negotiation-server
+client = 301-version-negotiation-client
+
+[301-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[301-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-301]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[302-version-negotiation]
+ssl_conf = 302-version-negotiation-ssl
+
+[302-version-negotiation-ssl]
+server = 302-version-negotiation-server
+client = 302-version-negotiation-client
+
+[302-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[302-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-302]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[303-version-negotiation]
+ssl_conf = 303-version-negotiation-ssl
+
+[303-version-negotiation-ssl]
+server = 303-version-negotiation-server
+client = 303-version-negotiation-client
+
+[303-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[303-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-303]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[304-version-negotiation]
+ssl_conf = 304-version-negotiation-ssl
+
+[304-version-negotiation-ssl]
+server = 304-version-negotiation-server
+client = 304-version-negotiation-client
+
+[304-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[304-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-304]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[305-version-negotiation]
+ssl_conf = 305-version-negotiation-ssl
+
+[305-version-negotiation-ssl]
+server = 305-version-negotiation-server
+client = 305-version-negotiation-client
+
+[305-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[305-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-305]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[306-version-negotiation]
+ssl_conf = 306-version-negotiation-ssl
+
+[306-version-negotiation-ssl]
+server = 306-version-negotiation-server
+client = 306-version-negotiation-client
+
+[306-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[306-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-306]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[307-version-negotiation]
+ssl_conf = 307-version-negotiation-ssl
+
+[307-version-negotiation-ssl]
+server = 307-version-negotiation-server
+client = 307-version-negotiation-client
+
+[307-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[307-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-307]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[308-version-negotiation]
+ssl_conf = 308-version-negotiation-ssl
+
+[308-version-negotiation-ssl]
+server = 308-version-negotiation-server
+client = 308-version-negotiation-client
+
+[308-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[308-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-308]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[309-version-negotiation]
+ssl_conf = 309-version-negotiation-ssl
+
+[309-version-negotiation-ssl]
+server = 309-version-negotiation-server
+client = 309-version-negotiation-client
+
+[309-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[309-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-309]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[310-version-negotiation]
+ssl_conf = 310-version-negotiation-ssl
+
+[310-version-negotiation-ssl]
+server = 310-version-negotiation-server
+client = 310-version-negotiation-client
+
+[310-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[310-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-310]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[311-version-negotiation]
+ssl_conf = 311-version-negotiation-ssl
+
+[311-version-negotiation-ssl]
+server = 311-version-negotiation-server
+client = 311-version-negotiation-client
+
+[311-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[311-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-311]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[312-version-negotiation]
+ssl_conf = 312-version-negotiation-ssl
+
+[312-version-negotiation-ssl]
+server = 312-version-negotiation-server
+client = 312-version-negotiation-client
+
+[312-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[312-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-312]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[313-version-negotiation]
+ssl_conf = 313-version-negotiation-ssl
+
+[313-version-negotiation-ssl]
+server = 313-version-negotiation-server
+client = 313-version-negotiation-client
+
+[313-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[313-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-313]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[314-version-negotiation]
+ssl_conf = 314-version-negotiation-ssl
+
+[314-version-negotiation-ssl]
+server = 314-version-negotiation-server
+client = 314-version-negotiation-client
+
+[314-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[314-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-314]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[315-version-negotiation]
+ssl_conf = 315-version-negotiation-ssl
+
+[315-version-negotiation-ssl]
+server = 315-version-negotiation-server
+client = 315-version-negotiation-client
+
+[315-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[315-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-315]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[316-version-negotiation]
+ssl_conf = 316-version-negotiation-ssl
+
+[316-version-negotiation-ssl]
+server = 316-version-negotiation-server
+client = 316-version-negotiation-client
+
+[316-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[316-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-316]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[317-version-negotiation]
+ssl_conf = 317-version-negotiation-ssl
+
+[317-version-negotiation-ssl]
+server = 317-version-negotiation-server
+client = 317-version-negotiation-client
+
+[317-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[317-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-317]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[318-version-negotiation]
+ssl_conf = 318-version-negotiation-ssl
+
+[318-version-negotiation-ssl]
+server = 318-version-negotiation-server
+client = 318-version-negotiation-client
+
+[318-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[318-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-318]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[319-version-negotiation]
+ssl_conf = 319-version-negotiation-ssl
+
+[319-version-negotiation-ssl]
+server = 319-version-negotiation-server
+client = 319-version-negotiation-client
+
+[319-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[319-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-319]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[320-version-negotiation]
+ssl_conf = 320-version-negotiation-ssl
+
+[320-version-negotiation-ssl]
+server = 320-version-negotiation-server
+client = 320-version-negotiation-client
+
+[320-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[320-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-320]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[321-version-negotiation]
+ssl_conf = 321-version-negotiation-ssl
+
+[321-version-negotiation-ssl]
+server = 321-version-negotiation-server
+client = 321-version-negotiation-client
+
+[321-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[321-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-321]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[322-version-negotiation]
+ssl_conf = 322-version-negotiation-ssl
+
+[322-version-negotiation-ssl]
+server = 322-version-negotiation-server
+client = 322-version-negotiation-client
+
+[322-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[322-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-322]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[323-version-negotiation]
+ssl_conf = 323-version-negotiation-ssl
+
+[323-version-negotiation-ssl]
+server = 323-version-negotiation-server
+client = 323-version-negotiation-client
+
+[323-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[323-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-323]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[324-version-negotiation]
+ssl_conf = 324-version-negotiation-ssl
+
+[324-version-negotiation-ssl]
+server = 324-version-negotiation-server
+client = 324-version-negotiation-client
+
+[324-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[324-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-324]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[325-version-negotiation]
+ssl_conf = 325-version-negotiation-ssl
+
+[325-version-negotiation-ssl]
+server = 325-version-negotiation-server
+client = 325-version-negotiation-client
+
+[325-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[325-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-325]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[326-version-negotiation]
+ssl_conf = 326-version-negotiation-ssl
+
+[326-version-negotiation-ssl]
+server = 326-version-negotiation-server
+client = 326-version-negotiation-client
+
+[326-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[326-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-326]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[327-version-negotiation]
+ssl_conf = 327-version-negotiation-ssl
+
+[327-version-negotiation-ssl]
+server = 327-version-negotiation-server
+client = 327-version-negotiation-client
+
+[327-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[327-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-327]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[328-version-negotiation]
+ssl_conf = 328-version-negotiation-ssl
+
+[328-version-negotiation-ssl]
+server = 328-version-negotiation-server
+client = 328-version-negotiation-client
+
+[328-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[328-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-328]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[329-version-negotiation]
+ssl_conf = 329-version-negotiation-ssl
+
+[329-version-negotiation-ssl]
+server = 329-version-negotiation-server
+client = 329-version-negotiation-client
+
+[329-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[329-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-329]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[330-version-negotiation]
+ssl_conf = 330-version-negotiation-ssl
+
+[330-version-negotiation-ssl]
+server = 330-version-negotiation-server
+client = 330-version-negotiation-client
+
+[330-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[330-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-330]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[331-version-negotiation]
+ssl_conf = 331-version-negotiation-ssl
+
+[331-version-negotiation-ssl]
+server = 331-version-negotiation-server
+client = 331-version-negotiation-client
+
+[331-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[331-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-331]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[332-version-negotiation]
+ssl_conf = 332-version-negotiation-ssl
+
+[332-version-negotiation-ssl]
+server = 332-version-negotiation-server
+client = 332-version-negotiation-client
+
+[332-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[332-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-332]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[333-version-negotiation]
+ssl_conf = 333-version-negotiation-ssl
+
+[333-version-negotiation-ssl]
+server = 333-version-negotiation-server
+client = 333-version-negotiation-client
+
+[333-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[333-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-333]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[334-version-negotiation]
+ssl_conf = 334-version-negotiation-ssl
+
+[334-version-negotiation-ssl]
+server = 334-version-negotiation-server
+client = 334-version-negotiation-client
+
+[334-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[334-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-334]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[335-version-negotiation]
+ssl_conf = 335-version-negotiation-ssl
+
+[335-version-negotiation-ssl]
+server = 335-version-negotiation-server
+client = 335-version-negotiation-client
+
+[335-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[335-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-335]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[336-version-negotiation]
+ssl_conf = 336-version-negotiation-ssl
+
+[336-version-negotiation-ssl]
+server = 336-version-negotiation-server
+client = 336-version-negotiation-client
+
+[336-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[336-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-336]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[337-version-negotiation]
+ssl_conf = 337-version-negotiation-ssl
+
+[337-version-negotiation-ssl]
+server = 337-version-negotiation-server
+client = 337-version-negotiation-client
+
+[337-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[337-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-337]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[338-version-negotiation]
+ssl_conf = 338-version-negotiation-ssl
+
+[338-version-negotiation-ssl]
+server = 338-version-negotiation-server
+client = 338-version-negotiation-client
+
+[338-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[338-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-338]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[339-version-negotiation]
+ssl_conf = 339-version-negotiation-ssl
+
+[339-version-negotiation-ssl]
+server = 339-version-negotiation-server
+client = 339-version-negotiation-client
+
+[339-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[339-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-339]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[340-version-negotiation]
+ssl_conf = 340-version-negotiation-ssl
+
+[340-version-negotiation-ssl]
+server = 340-version-negotiation-server
+client = 340-version-negotiation-client
+
+[340-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[340-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-340]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[341-version-negotiation]
+ssl_conf = 341-version-negotiation-ssl
+
+[341-version-negotiation-ssl]
+server = 341-version-negotiation-server
+client = 341-version-negotiation-client
+
+[341-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[341-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-341]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[342-version-negotiation]
+ssl_conf = 342-version-negotiation-ssl
+
+[342-version-negotiation-ssl]
+server = 342-version-negotiation-server
+client = 342-version-negotiation-client
+
+[342-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[342-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-342]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[343-version-negotiation]
+ssl_conf = 343-version-negotiation-ssl
+
+[343-version-negotiation-ssl]
+server = 343-version-negotiation-server
+client = 343-version-negotiation-client
+
+[343-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[343-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-343]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[344-version-negotiation]
+ssl_conf = 344-version-negotiation-ssl
+
+[344-version-negotiation-ssl]
+server = 344-version-negotiation-server
+client = 344-version-negotiation-client
+
+[344-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[344-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-344]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[345-version-negotiation]
+ssl_conf = 345-version-negotiation-ssl
+
+[345-version-negotiation-ssl]
+server = 345-version-negotiation-server
+client = 345-version-negotiation-client
+
+[345-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[345-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-345]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[346-version-negotiation]
+ssl_conf = 346-version-negotiation-ssl
+
+[346-version-negotiation-ssl]
+server = 346-version-negotiation-server
+client = 346-version-negotiation-client
+
+[346-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[346-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-346]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[347-version-negotiation]
+ssl_conf = 347-version-negotiation-ssl
+
+[347-version-negotiation-ssl]
+server = 347-version-negotiation-server
+client = 347-version-negotiation-client
+
+[347-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[347-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-347]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[348-version-negotiation]
+ssl_conf = 348-version-negotiation-ssl
+
+[348-version-negotiation-ssl]
+server = 348-version-negotiation-server
+client = 348-version-negotiation-client
+
+[348-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[348-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-348]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[349-version-negotiation]
+ssl_conf = 349-version-negotiation-ssl
+
+[349-version-negotiation-ssl]
+server = 349-version-negotiation-server
+client = 349-version-negotiation-client
+
+[349-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[349-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-349]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[350-version-negotiation]
+ssl_conf = 350-version-negotiation-ssl
+
+[350-version-negotiation-ssl]
+server = 350-version-negotiation-server
+client = 350-version-negotiation-client
+
+[350-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[350-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-350]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[351-version-negotiation]
+ssl_conf = 351-version-negotiation-ssl
+
+[351-version-negotiation-ssl]
+server = 351-version-negotiation-server
+client = 351-version-negotiation-client
+
+[351-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[351-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-351]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[352-version-negotiation]
+ssl_conf = 352-version-negotiation-ssl
+
+[352-version-negotiation-ssl]
+server = 352-version-negotiation-server
+client = 352-version-negotiation-client
+
+[352-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[352-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-352]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[353-version-negotiation]
+ssl_conf = 353-version-negotiation-ssl
+
+[353-version-negotiation-ssl]
+server = 353-version-negotiation-server
+client = 353-version-negotiation-client
+
+[353-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[353-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-353]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[354-version-negotiation]
+ssl_conf = 354-version-negotiation-ssl
+
+[354-version-negotiation-ssl]
+server = 354-version-negotiation-server
+client = 354-version-negotiation-client
+
+[354-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[354-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-354]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[355-version-negotiation]
+ssl_conf = 355-version-negotiation-ssl
+
+[355-version-negotiation-ssl]
+server = 355-version-negotiation-server
+client = 355-version-negotiation-client
+
+[355-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[355-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-355]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[356-version-negotiation]
+ssl_conf = 356-version-negotiation-ssl
+
+[356-version-negotiation-ssl]
+server = 356-version-negotiation-server
+client = 356-version-negotiation-client
+
+[356-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[356-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-356]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[357-version-negotiation]
+ssl_conf = 357-version-negotiation-ssl
+
+[357-version-negotiation-ssl]
+server = 357-version-negotiation-server
+client = 357-version-negotiation-client
+
+[357-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[357-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-357]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[358-version-negotiation]
+ssl_conf = 358-version-negotiation-ssl
+
+[358-version-negotiation-ssl]
+server = 358-version-negotiation-server
+client = 358-version-negotiation-client
+
+[358-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[358-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-358]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[359-version-negotiation]
+ssl_conf = 359-version-negotiation-ssl
+
+[359-version-negotiation-ssl]
+server = 359-version-negotiation-server
+client = 359-version-negotiation-client
+
+[359-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[359-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-359]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[360-version-negotiation]
+ssl_conf = 360-version-negotiation-ssl
+
+[360-version-negotiation-ssl]
+server = 360-version-negotiation-server
+client = 360-version-negotiation-client
+
+[360-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[360-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-360]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in
new file mode 100644
index 0000000..26d64b5
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test TLS version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use protocol_version;
+
+our @tests = generate_version_tests("TLS");
diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf
new file mode 100644
index 0000000..8dca715
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf
@@ -0,0 +1,238 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-verify-success
+test-1 = 1-verify-custom-reject
+test-2 = 2-verify-custom-allow
+test-3 = 3-noverify-success
+test-4 = 4-noverify-ignore-custom-reject
+test-5 = 5-noverify-accept-custom-allow
+test-6 = 6-verify-fail-no-root
+test-7 = 7-verify-custom-success-no-root
+test-8 = 8-verify-custom-fail-no-root
+# ===========================================================
+
+[0-verify-success]
+ssl_conf = 0-verify-success-ssl
+
+[0-verify-success-ssl]
+server = 0-verify-success-server
+client = 0-verify-success-client
+
+[0-verify-success-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-verify-success-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-verify-custom-reject]
+ssl_conf = 1-verify-custom-reject-ssl
+
+[1-verify-custom-reject-ssl]
+server = 1-verify-custom-reject-server
+client = 1-verify-custom-reject-client
+
+[1-verify-custom-reject-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-verify-custom-reject-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 1-verify-custom-reject-client-extra
+
+[1-verify-custom-reject-client-extra]
+VerifyCallback = RejectAll
+
+
+# ===========================================================
+
+[2-verify-custom-allow]
+ssl_conf = 2-verify-custom-allow-ssl
+
+[2-verify-custom-allow-ssl]
+server = 2-verify-custom-allow-server
+client = 2-verify-custom-allow-client
+
+[2-verify-custom-allow-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-custom-allow-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+client = 2-verify-custom-allow-client-extra
+
+[2-verify-custom-allow-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[3-noverify-success]
+ssl_conf = 3-noverify-success-ssl
+
+[3-noverify-success-ssl]
+server = 3-noverify-success-server
+client = 3-noverify-success-client
+
+[3-noverify-success-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-noverify-success-client]
+CipherString = DEFAULT
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-noverify-ignore-custom-reject]
+ssl_conf = 4-noverify-ignore-custom-reject-ssl
+
+[4-noverify-ignore-custom-reject-ssl]
+server = 4-noverify-ignore-custom-reject-server
+client = 4-noverify-ignore-custom-reject-client
+
+[4-noverify-ignore-custom-reject-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-noverify-ignore-custom-reject-client]
+CipherString = DEFAULT
+
+[test-4]
+ExpectedResult = Success
+client = 4-noverify-ignore-custom-reject-client-extra
+
+[4-noverify-ignore-custom-reject-client-extra]
+VerifyCallback = RejectAll
+
+
+# ===========================================================
+
+[5-noverify-accept-custom-allow]
+ssl_conf = 5-noverify-accept-custom-allow-ssl
+
+[5-noverify-accept-custom-allow-ssl]
+server = 5-noverify-accept-custom-allow-server
+client = 5-noverify-accept-custom-allow-client
+
+[5-noverify-accept-custom-allow-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-noverify-accept-custom-allow-client]
+CipherString = DEFAULT
+
+[test-5]
+ExpectedResult = Success
+client = 5-noverify-accept-custom-allow-client-extra
+
+[5-noverify-accept-custom-allow-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[6-verify-fail-no-root]
+ssl_conf = 6-verify-fail-no-root-ssl
+
+[6-verify-fail-no-root-ssl]
+server = 6-verify-fail-no-root-server
+client = 6-verify-fail-no-root-client
+
+[6-verify-fail-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-verify-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-6]
+ExpectedClientAlert = UnknownCA
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[7-verify-custom-success-no-root]
+ssl_conf = 7-verify-custom-success-no-root-ssl
+
+[7-verify-custom-success-no-root-ssl]
+server = 7-verify-custom-success-no-root-server
+client = 7-verify-custom-success-no-root-client
+
+[7-verify-custom-success-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-verify-custom-success-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+client = 7-verify-custom-success-no-root-client-extra
+
+[7-verify-custom-success-no-root-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[8-verify-custom-fail-no-root]
+ssl_conf = 8-verify-custom-fail-no-root-ssl
+
+[8-verify-custom-fail-no-root-ssl]
+server = 8-verify-custom-fail-no-root-server
+client = 8-verify-custom-fail-no-root-client
+
+[8-verify-custom-fail-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-verify-custom-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-8]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 8-verify-custom-fail-no-root-client-extra
+
+[8-verify-custom-fail-no-root-client-extra]
+VerifyCallback = RejectAll
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in
new file mode 100644
index 0000000..287ca9b
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in
@@ -0,0 +1,145 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+
+    # Sanity-check that verification indeed succeeds without the
+    # restrictive callback.
+    {
+        name => "verify-success",
+        server => { },
+        client => { },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    {
+        name => "verify-custom-reject",
+        server => { },
+        client => {
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    {
+        name => "verify-custom-allow",
+        server => { },
+        client => {
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Sanity-check that verification indeed succeeds if peer verification
+    # is not requested.
+    {
+        name => "noverify-success",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+        },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    # The callback return has no impact on handshake success in this mode.
+    {
+        name => "noverify-ignore-custom-reject",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    # The callback return has no impact on handshake success in this mode.
+    {
+        name => "noverify-accept-custom-allow",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Sanity-check that verification indeed fails without the
+    # permissive callback.
+    {
+        name => "verify-fail-no-root",
+        server => { },
+        client => {
+            # Don't set up the client root file.
+            "VerifyCAFile" => undef,
+        },
+        test   => {
+          "ExpectedResult" => "ClientFail",
+          "ExpectedClientAlert" => "UnknownCA",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    {
+        name => "verify-custom-success-no-root",
+        server => { },
+        client => {
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success"
+        },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    {
+        name => "verify-custom-fail-no-root",
+        server => { },
+        client => {
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf
new file mode 100644
index 0000000..0e91bed
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf
@@ -0,0 +1,592 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 20
+
+test-0 = 0-server-auth-flex
+test-1 = 1-client-auth-flex-request
+test-2 = 2-client-auth-flex-require-fail
+test-3 = 3-client-auth-flex-require
+test-4 = 4-client-auth-flex-noroot
+test-5 = 5-server-auth-TLSv1
+test-6 = 6-client-auth-TLSv1-request
+test-7 = 7-client-auth-TLSv1-require-fail
+test-8 = 8-client-auth-TLSv1-require
+test-9 = 9-client-auth-TLSv1-noroot
+test-10 = 10-server-auth-TLSv1.1
+test-11 = 11-client-auth-TLSv1.1-request
+test-12 = 12-client-auth-TLSv1.1-require-fail
+test-13 = 13-client-auth-TLSv1.1-require
+test-14 = 14-client-auth-TLSv1.1-noroot
+test-15 = 15-server-auth-TLSv1.2
+test-16 = 16-client-auth-TLSv1.2-request
+test-17 = 17-client-auth-TLSv1.2-require-fail
+test-18 = 18-client-auth-TLSv1.2-require
+test-19 = 19-client-auth-TLSv1.2-noroot
+# ===========================================================
+
+[0-server-auth-flex]
+ssl_conf = 0-server-auth-flex-ssl
+
+[0-server-auth-flex-ssl]
+server = 0-server-auth-flex-server
+client = 0-server-auth-flex-client
+
+[0-server-auth-flex-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-server-auth-flex-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-client-auth-flex-request]
+ssl_conf = 1-client-auth-flex-request-ssl
+
+[1-client-auth-flex-request-ssl]
+server = 1-client-auth-flex-request-server
+client = 1-client-auth-flex-request-client
+
+[1-client-auth-flex-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[1-client-auth-flex-request-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-client-auth-flex-require-fail]
+ssl_conf = 2-client-auth-flex-require-fail-ssl
+
+[2-client-auth-flex-require-fail-ssl]
+server = 2-client-auth-flex-require-fail-server
+client = 2-client-auth-flex-require-fail-client
+
+[2-client-auth-flex-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[2-client-auth-flex-require-fail-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[3-client-auth-flex-require]
+ssl_conf = 3-client-auth-flex-require-ssl
+
+[3-client-auth-flex-require-ssl]
+server = 3-client-auth-flex-require-server
+client = 3-client-auth-flex-require-client
+
+[3-client-auth-flex-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[3-client-auth-flex-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-client-auth-flex-noroot]
+ssl_conf = 4-client-auth-flex-noroot-ssl
+
+[4-client-auth-flex-noroot-ssl]
+server = 4-client-auth-flex-noroot-server
+client = 4-client-auth-flex-noroot-client
+
+[4-client-auth-flex-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[4-client-auth-flex-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[5-server-auth-TLSv1]
+ssl_conf = 5-server-auth-TLSv1-ssl
+
+[5-server-auth-TLSv1-ssl]
+server = 5-server-auth-TLSv1-server
+client = 5-server-auth-TLSv1-client
+
+[5-server-auth-TLSv1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-server-auth-TLSv1-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[6-client-auth-TLSv1-request]
+ssl_conf = 6-client-auth-TLSv1-request-ssl
+
+[6-client-auth-TLSv1-request-ssl]
+server = 6-client-auth-TLSv1-request-server
+client = 6-client-auth-TLSv1-request-client
+
+[6-client-auth-TLSv1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[6-client-auth-TLSv1-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[7-client-auth-TLSv1-require-fail]
+ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
+
+[7-client-auth-TLSv1-require-fail-ssl]
+server = 7-client-auth-TLSv1-require-fail-server
+client = 7-client-auth-TLSv1-require-fail-client
+
+[7-client-auth-TLSv1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[7-client-auth-TLSv1-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[8-client-auth-TLSv1-require]
+ssl_conf = 8-client-auth-TLSv1-require-ssl
+
+[8-client-auth-TLSv1-require-ssl]
+server = 8-client-auth-TLSv1-require-server
+client = 8-client-auth-TLSv1-require-client
+
+[8-client-auth-TLSv1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[8-client-auth-TLSv1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[9-client-auth-TLSv1-noroot]
+ssl_conf = 9-client-auth-TLSv1-noroot-ssl
+
+[9-client-auth-TLSv1-noroot-ssl]
+server = 9-client-auth-TLSv1-noroot-server
+client = 9-client-auth-TLSv1-noroot-client
+
+[9-client-auth-TLSv1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[9-client-auth-TLSv1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[10-server-auth-TLSv1.1]
+ssl_conf = 10-server-auth-TLSv1.1-ssl
+
+[10-server-auth-TLSv1.1-ssl]
+server = 10-server-auth-TLSv1.1-server
+client = 10-server-auth-TLSv1.1-client
+
+[10-server-auth-TLSv1.1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-server-auth-TLSv1.1-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[11-client-auth-TLSv1.1-request]
+ssl_conf = 11-client-auth-TLSv1.1-request-ssl
+
+[11-client-auth-TLSv1.1-request-ssl]
+server = 11-client-auth-TLSv1.1-request-server
+client = 11-client-auth-TLSv1.1-request-client
+
+[11-client-auth-TLSv1.1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[11-client-auth-TLSv1.1-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[12-client-auth-TLSv1.1-require-fail]
+ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
+
+[12-client-auth-TLSv1.1-require-fail-ssl]
+server = 12-client-auth-TLSv1.1-require-fail-server
+client = 12-client-auth-TLSv1.1-require-fail-client
+
+[12-client-auth-TLSv1.1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[12-client-auth-TLSv1.1-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[13-client-auth-TLSv1.1-require]
+ssl_conf = 13-client-auth-TLSv1.1-require-ssl
+
+[13-client-auth-TLSv1.1-require-ssl]
+server = 13-client-auth-TLSv1.1-require-server
+client = 13-client-auth-TLSv1.1-require-client
+
+[13-client-auth-TLSv1.1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[13-client-auth-TLSv1.1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[14-client-auth-TLSv1.1-noroot]
+ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
+
+[14-client-auth-TLSv1.1-noroot-ssl]
+server = 14-client-auth-TLSv1.1-noroot-server
+client = 14-client-auth-TLSv1.1-noroot-client
+
+[14-client-auth-TLSv1.1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[14-client-auth-TLSv1.1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[15-server-auth-TLSv1.2]
+ssl_conf = 15-server-auth-TLSv1.2-ssl
+
+[15-server-auth-TLSv1.2-ssl]
+server = 15-server-auth-TLSv1.2-server
+client = 15-server-auth-TLSv1.2-client
+
+[15-server-auth-TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-server-auth-TLSv1.2-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[16-client-auth-TLSv1.2-request]
+ssl_conf = 16-client-auth-TLSv1.2-request-ssl
+
+[16-client-auth-TLSv1.2-request-ssl]
+server = 16-client-auth-TLSv1.2-request-server
+client = 16-client-auth-TLSv1.2-request-client
+
+[16-client-auth-TLSv1.2-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[16-client-auth-TLSv1.2-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[17-client-auth-TLSv1.2-require-fail]
+ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
+
+[17-client-auth-TLSv1.2-require-fail-ssl]
+server = 17-client-auth-TLSv1.2-require-fail-server
+client = 17-client-auth-TLSv1.2-require-fail-client
+
+[17-client-auth-TLSv1.2-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[17-client-auth-TLSv1.2-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[18-client-auth-TLSv1.2-require]
+ssl_conf = 18-client-auth-TLSv1.2-require-ssl
+
+[18-client-auth-TLSv1.2-require-ssl]
+server = 18-client-auth-TLSv1.2-require-server
+client = 18-client-auth-TLSv1.2-require-client
+
+[18-client-auth-TLSv1.2-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[18-client-auth-TLSv1.2-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[19-client-auth-TLSv1.2-noroot]
+ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
+
+[19-client-auth-TLSv1.2-noroot-ssl]
+server = 19-client-auth-TLSv1.2-noroot-server
+client = 19-client-auth-TLSv1.2-noroot-client
+
+[19-client-auth-TLSv1.2-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[19-client-auth-TLSv1.2-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in
new file mode 100644
index 0000000..8738aaa
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in
@@ -0,0 +1,123 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(anydisabled);
+setup("no_test_here");
+
+# We test version-flexible negotiation (undef) and each protocol version.
+my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+
+my @is_disabled = (0);
+push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+
+our @tests = ();
+
+sub generate_tests() {
+
+    foreach (0..$#protocols) {
+        my $protocol = $protocols[$_];
+        my $protocol_name = $protocol || "flex";
+        my $caalert;
+        if (!$is_disabled[$_]) {
+            if ($protocol_name eq "SSLv3") {
+                $caalert = "BadCertificate";
+            } else {
+                $caalert = "UnknownCA";
+            }
+            # Sanity-check simple handshake.
+            push @tests, {
+                name => "server-auth-${protocol_name}",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
+                },
+                test   => { "ExpectedResult" => "Success" },
+            };
+
+            # Handshake with client cert requested but not required or received.
+            push @tests, {
+                name => "client-auth-${protocol_name}-request",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyMode" => "Request"
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
+                },
+                test   => { "ExpectedResult" => "Success" },
+            };
+
+            # Handshake with client cert required but not present.
+            push @tests, {
+                name => "client-auth-${protocol_name}-require-fail",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyCAFile" => test_pem("root-cert.pem"),
+                    "VerifyMode" => "Require",
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
+                },
+                test   => {
+                    "ExpectedResult" => "ServerFail",
+                    "ExpectedServerAlert" => "HandshakeFailure",
+                },
+            };
+
+            # Successful handshake with client authentication.
+            push @tests, {
+                name => "client-auth-${protocol_name}-require",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyCAFile" => test_pem("root-cert.pem"),
+                    "VerifyMode" => "Request",
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "Certificate" => test_pem("ee-client-chain.pem"),
+                    "PrivateKey"  => test_pem("ee-key.pem"),
+                },
+                test   => { "ExpectedResult" => "Success" },
+            };
+
+            # Handshake with client authentication but without the root certificate.
+            push @tests, {
+                name => "client-auth-${protocol_name}-noroot",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyMode" => "Require",
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "Certificate" => test_pem("ee-client-chain.pem"),
+                    "PrivateKey"  => test_pem("ee-key.pem"),
+                },
+                test   => {
+                    "ExpectedResult" => "ServerFail",
+                    "ExpectedServerAlert" => $caalert,
+                },
+            };
+        }
+    }
+}
+ 
+generate_tests();
diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf b/openssl-1.1.0h/test/ssl-tests/05-sni.conf
new file mode 100644
index 0000000..e1fb3d9
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf
@@ -0,0 +1,203 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-SNI-switch-context
+test-1 = 1-SNI-keep-context
+test-2 = 2-SNI-no-server-support
+test-3 = 3-SNI-no-client-support
+test-4 = 4-SNI-bad-sni-ignore-mismatch
+test-5 = 5-SNI-bad-sni-reject-mismatch
+# ===========================================================
+
+[0-SNI-switch-context]
+ssl_conf = 0-SNI-switch-context-ssl
+
+[0-SNI-switch-context-ssl]
+server = 0-SNI-switch-context-server
+client = 0-SNI-switch-context-client
+server2 = 0-SNI-switch-context-server
+
+[0-SNI-switch-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SNI-switch-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedServerName = server2
+server = 0-SNI-switch-context-server-extra
+server2 = 0-SNI-switch-context-server-extra
+client = 0-SNI-switch-context-client-extra
+
+[0-SNI-switch-context-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[0-SNI-switch-context-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[1-SNI-keep-context]
+ssl_conf = 1-SNI-keep-context-ssl
+
+[1-SNI-keep-context-ssl]
+server = 1-SNI-keep-context-server
+client = 1-SNI-keep-context-client
+server2 = 1-SNI-keep-context-server
+
+[1-SNI-keep-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-SNI-keep-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 1-SNI-keep-context-server-extra
+server2 = 1-SNI-keep-context-server-extra
+client = 1-SNI-keep-context-client-extra
+
+[1-SNI-keep-context-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[1-SNI-keep-context-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[2-SNI-no-server-support]
+ssl_conf = 2-SNI-no-server-support-ssl
+
+[2-SNI-no-server-support-ssl]
+server = 2-SNI-no-server-support-server
+client = 2-SNI-no-server-support-client
+
+[2-SNI-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-SNI-no-server-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+client = 2-SNI-no-server-support-client-extra
+
+[2-SNI-no-server-support-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[3-SNI-no-client-support]
+ssl_conf = 3-SNI-no-client-support-ssl
+
+[3-SNI-no-client-support-ssl]
+server = 3-SNI-no-client-support-server
+client = 3-SNI-no-client-support-client
+server2 = 3-SNI-no-client-support-server
+
+[3-SNI-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-SNI-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 3-SNI-no-client-support-server-extra
+server2 = 3-SNI-no-client-support-server-extra
+
+[3-SNI-no-client-support-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+
+# ===========================================================
+
+[4-SNI-bad-sni-ignore-mismatch]
+ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
+
+[4-SNI-bad-sni-ignore-mismatch-ssl]
+server = 4-SNI-bad-sni-ignore-mismatch-server
+client = 4-SNI-bad-sni-ignore-mismatch-client
+server2 = 4-SNI-bad-sni-ignore-mismatch-server
+
+[4-SNI-bad-sni-ignore-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-SNI-bad-sni-ignore-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 4-SNI-bad-sni-ignore-mismatch-server-extra
+server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
+client = 4-SNI-bad-sni-ignore-mismatch-client-extra
+
+[4-SNI-bad-sni-ignore-mismatch-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[4-SNI-bad-sni-ignore-mismatch-client-extra]
+ServerName = invalid
+
+
+# ===========================================================
+
+[5-SNI-bad-sni-reject-mismatch]
+ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
+
+[5-SNI-bad-sni-reject-mismatch-ssl]
+server = 5-SNI-bad-sni-reject-mismatch-server
+client = 5-SNI-bad-sni-reject-mismatch-client
+server2 = 5-SNI-bad-sni-reject-mismatch-server
+
+[5-SNI-bad-sni-reject-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-SNI-bad-sni-reject-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnrecognizedName
+server = 5-SNI-bad-sni-reject-mismatch-server-extra
+server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
+client = 5-SNI-bad-sni-reject-mismatch-client-extra
+
+[5-SNI-bad-sni-reject-mismatch-server-extra]
+ServerNameCallback = RejectMismatch
+
+[5-SNI-bad-sni-reject-mismatch-client-extra]
+ServerName = invalid
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in
new file mode 100644
index 0000000..76003e7
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in
@@ -0,0 +1,112 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+use strict;
+use warnings;
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "SNI-switch-context",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server2",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server2",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-keep-context",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server1",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-no-server-support",
+        server => { },
+        client => {
+            extra => {
+                "ServerName" => "server1",
+            },
+        },
+        test   => { "ExpectedResult" => "Success" },
+    },
+    {
+        name => "SNI-no-client-support",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => { },
+        test   => {
+            # We expect that the callback is still called
+            # to let the application decide whether they tolerate
+            # missing SNI (as our test callback does).
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-bad-sni-ignore-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-bad-sni-reject-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "RejectMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "UnrecognizedName"
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf
new file mode 100644
index 0000000..9620e01
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf
@@ -0,0 +1,734 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 17
+
+test-0 = 0-sni-session-ticket
+test-1 = 1-sni-session-ticket
+test-2 = 2-sni-session-ticket
+test-3 = 3-sni-session-ticket
+test-4 = 4-sni-session-ticket
+test-5 = 5-sni-session-ticket
+test-6 = 6-sni-session-ticket
+test-7 = 7-sni-session-ticket
+test-8 = 8-sni-session-ticket
+test-9 = 9-sni-session-ticket
+test-10 = 10-sni-session-ticket
+test-11 = 11-sni-session-ticket
+test-12 = 12-sni-session-ticket
+test-13 = 13-sni-session-ticket
+test-14 = 14-sni-session-ticket
+test-15 = 15-sni-session-ticket
+test-16 = 16-sni-session-ticket
+# ===========================================================
+
+[0-sni-session-ticket]
+ssl_conf = 0-sni-session-ticket-ssl
+
+[0-sni-session-ticket-ssl]
+server = 0-sni-session-ticket-server
+client = 0-sni-session-ticket-client
+server2 = 0-sni-session-ticket-server2
+
+[0-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+SessionTicketExpected = No
+server = 0-sni-session-ticket-server-extra
+client = 0-sni-session-ticket-client-extra
+
+[0-sni-session-ticket-server-extra]
+BrokenSessionTicket = Yes
+
+[0-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[1-sni-session-ticket]
+ssl_conf = 1-sni-session-ticket-ssl
+
+[1-sni-session-ticket-ssl]
+server = 1-sni-session-ticket-server
+client = 1-sni-session-ticket-client
+server2 = 1-sni-session-ticket-server2
+
+[1-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = Yes
+server = 1-sni-session-ticket-server-extra
+client = 1-sni-session-ticket-client-extra
+
+[1-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[1-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[2-sni-session-ticket]
+ssl_conf = 2-sni-session-ticket-ssl
+
+[2-sni-session-ticket-ssl]
+server = 2-sni-session-ticket-server
+client = 2-sni-session-ticket-client
+server2 = 2-sni-session-ticket-server2
+
+[2-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = Yes
+server = 2-sni-session-ticket-server-extra
+client = 2-sni-session-ticket-client-extra
+
+[2-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[2-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[3-sni-session-ticket]
+ssl_conf = 3-sni-session-ticket-ssl
+
+[3-sni-session-ticket-ssl]
+server = 3-sni-session-ticket-server
+client = 3-sni-session-ticket-client
+server2 = 3-sni-session-ticket-server2
+
+[3-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = Yes
+server = 3-sni-session-ticket-server-extra
+client = 3-sni-session-ticket-client-extra
+
+[3-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[3-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[4-sni-session-ticket]
+ssl_conf = 4-sni-session-ticket-ssl
+
+[4-sni-session-ticket-ssl]
+server = 4-sni-session-ticket-server
+client = 4-sni-session-ticket-client
+server2 = 4-sni-session-ticket-server2
+
+[4-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 4-sni-session-ticket-server-extra
+client = 4-sni-session-ticket-client-extra
+
+[4-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[4-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[5-sni-session-ticket]
+ssl_conf = 5-sni-session-ticket-ssl
+
+[5-sni-session-ticket-ssl]
+server = 5-sni-session-ticket-server
+client = 5-sni-session-ticket-client
+server2 = 5-sni-session-ticket-server2
+
+[5-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 5-sni-session-ticket-server-extra
+client = 5-sni-session-ticket-client-extra
+
+[5-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[5-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[6-sni-session-ticket]
+ssl_conf = 6-sni-session-ticket-ssl
+
+[6-sni-session-ticket-ssl]
+server = 6-sni-session-ticket-server
+client = 6-sni-session-ticket-client
+server2 = 6-sni-session-ticket-server2
+
+[6-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 6-sni-session-ticket-server-extra
+client = 6-sni-session-ticket-client-extra
+
+[6-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[6-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[7-sni-session-ticket]
+ssl_conf = 7-sni-session-ticket-ssl
+
+[7-sni-session-ticket-ssl]
+server = 7-sni-session-ticket-server
+client = 7-sni-session-ticket-client
+server2 = 7-sni-session-ticket-server2
+
+[7-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 7-sni-session-ticket-server-extra
+client = 7-sni-session-ticket-client-extra
+
+[7-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[7-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[8-sni-session-ticket]
+ssl_conf = 8-sni-session-ticket-ssl
+
+[8-sni-session-ticket-ssl]
+server = 8-sni-session-ticket-server
+client = 8-sni-session-ticket-client
+server2 = 8-sni-session-ticket-server2
+
+[8-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 8-sni-session-ticket-server-extra
+client = 8-sni-session-ticket-client-extra
+
+[8-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[9-sni-session-ticket]
+ssl_conf = 9-sni-session-ticket-ssl
+
+[9-sni-session-ticket-ssl]
+server = 9-sni-session-ticket-server
+client = 9-sni-session-ticket-client
+server2 = 9-sni-session-ticket-server2
+
+[9-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 9-sni-session-ticket-server-extra
+client = 9-sni-session-ticket-client-extra
+
+[9-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[9-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[10-sni-session-ticket]
+ssl_conf = 10-sni-session-ticket-ssl
+
+[10-sni-session-ticket-ssl]
+server = 10-sni-session-ticket-server
+client = 10-sni-session-ticket-client
+server2 = 10-sni-session-ticket-server2
+
+[10-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 10-sni-session-ticket-server-extra
+client = 10-sni-session-ticket-client-extra
+
+[10-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[10-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[11-sni-session-ticket]
+ssl_conf = 11-sni-session-ticket-ssl
+
+[11-sni-session-ticket-ssl]
+server = 11-sni-session-ticket-server
+client = 11-sni-session-ticket-client
+server2 = 11-sni-session-ticket-server2
+
+[11-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 11-sni-session-ticket-server-extra
+client = 11-sni-session-ticket-client-extra
+
+[11-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[11-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[12-sni-session-ticket]
+ssl_conf = 12-sni-session-ticket-ssl
+
+[12-sni-session-ticket-ssl]
+server = 12-sni-session-ticket-server
+client = 12-sni-session-ticket-client
+server2 = 12-sni-session-ticket-server2
+
+[12-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 12-sni-session-ticket-server-extra
+client = 12-sni-session-ticket-client-extra
+
+[12-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[12-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[13-sni-session-ticket]
+ssl_conf = 13-sni-session-ticket-ssl
+
+[13-sni-session-ticket-ssl]
+server = 13-sni-session-ticket-server
+client = 13-sni-session-ticket-client
+server2 = 13-sni-session-ticket-server2
+
+[13-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 13-sni-session-ticket-server-extra
+client = 13-sni-session-ticket-client-extra
+
+[13-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[13-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[14-sni-session-ticket]
+ssl_conf = 14-sni-session-ticket-ssl
+
+[14-sni-session-ticket-ssl]
+server = 14-sni-session-ticket-server
+client = 14-sni-session-ticket-client
+server2 = 14-sni-session-ticket-server2
+
+[14-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 14-sni-session-ticket-server-extra
+client = 14-sni-session-ticket-client-extra
+
+[14-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[14-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[15-sni-session-ticket]
+ssl_conf = 15-sni-session-ticket-ssl
+
+[15-sni-session-ticket-ssl]
+server = 15-sni-session-ticket-server
+client = 15-sni-session-ticket-client
+server2 = 15-sni-session-ticket-server2
+
+[15-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionTicketExpected = No
+server = 15-sni-session-ticket-server-extra
+client = 15-sni-session-ticket-client-extra
+
+[15-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[15-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[16-sni-session-ticket]
+ssl_conf = 16-sni-session-ticket-ssl
+
+[16-sni-session-ticket-ssl]
+server = 16-sni-session-ticket-server
+client = 16-sni-session-ticket-client
+server2 = 16-sni-session-ticket-server2
+
+[16-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-sni-session-ticket-client]
+CipherString = DEFAULT
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionTicketExpected = No
+server = 16-sni-session-ticket-server-extra
+client = 16-sni-session-ticket-client-extra
+
+[16-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[16-sni-session-ticket-client-extra]
+ServerName = server2
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in
new file mode 100644
index 0000000..ea92b62
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in
@@ -0,0 +1,95 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Session ticket
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = ();
+
+sub generate_tests() {
+    foreach my $c ("SessionTicket", "-SessionTicket") {
+	foreach my $s1 ("SessionTicket", "-SessionTicket") {
+	    foreach my $s2 ("SessionTicket", "-SessionTicket") {
+		foreach my $n ("server1", "server2") {
+		    my $result = expected_result($c, $s1, $s2, $n);
+                    push @tests, {
+                        "name" => "sni-session-ticket",
+                        "client" => {
+                            "Options" => $c,
+                            "extra" => {
+                                "ServerName" => $n,
+                            },
+                        },
+                        "server" => {
+                            "Options" => $s1,
+                            "extra" => {
+                                # We don't test mismatch here.
+                                "ServerNameCallback" => "IgnoreMismatch",
+                            },
+                        },
+			"server2" => {
+			    "Options" => $s2,
+			},
+                        "test" => {
+                            "ExpectedServerName" => $n,
+                            "ExpectedResult" => "Success",
+			    "SessionTicketExpected" => $result,
+                        }
+                    };
+                }
+            }
+        }
+    }
+}
+
+# If the client has session tickets disabled, then No support
+# If the server initial_ctx has session tickets disabled, then No support
+# If SNI is in use, then if the "switched-to" context has session tickets disabled,
+#    then No support
+sub expected_result {
+    my ($c, $s1, $s2, $n) = @_;
+
+    return "No" if $c eq "-SessionTicket";
+    return "No" if $s1 eq "-SessionTicket";
+    return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
+
+    return "Yes";
+
+}
+
+# Add a "Broken" case.
+push @tests, {
+    "name" => "sni-session-ticket",
+    "client" => {
+	"Options" => "SessionTicket",
+        "extra" => {
+            "ServerName" => "server1",
+        }
+    },
+    "server" => {
+	"Options" => "SessionTicket",
+        "extra" => {
+              "BrokenSessionTicket" => "Yes",
+        },
+    },
+    "server2" => {
+	"Options" => "SessionTicket",
+    },
+    "test" => {
+	"ExpectedResult" => "Success",
+	"SessionTicketExpected" => "No",
+    }
+};
+
+generate_tests();
diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf
new file mode 100644
index 0000000..3304a3b
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf
@@ -0,0 +1,1820 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 64
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in
new file mode 100644
index 0000000..fb3c44a
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test DTLS version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use protocol_version;
+
+our @tests = generate_version_tests("DTLS");
diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf b/openssl-1.1.0h/test/ssl-tests/08-npn.conf
new file mode 100644
index 0000000..9115ef4
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf
@@ -0,0 +1,794 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 20
+
+test-0 = 0-npn-simple
+test-1 = 1-npn-client-finds-match
+test-2 = 2-npn-client-honours-server-pref
+test-3 = 3-npn-client-first-pref-on-mismatch
+test-4 = 4-npn-no-server-support
+test-5 = 5-npn-no-client-support
+test-6 = 6-npn-with-sni-no-context-switch
+test-7 = 7-npn-with-sni-context-switch
+test-8 = 8-npn-selected-sni-server-supports-npn
+test-9 = 9-npn-selected-sni-server-does-not-support-npn
+test-10 = 10-alpn-preferred-over-npn
+test-11 = 11-sni-npn-preferred-over-alpn
+test-12 = 12-npn-simple-resumption
+test-13 = 13-npn-server-switch-resumption
+test-14 = 14-npn-client-switch-resumption
+test-15 = 15-npn-client-first-pref-on-mismatch-resumption
+test-16 = 16-npn-no-server-support-resumption
+test-17 = 17-npn-no-client-support-resumption
+test-18 = 18-alpn-preferred-over-npn-resumption
+test-19 = 19-npn-used-if-alpn-not-supported-resumption
+# ===========================================================
+
+[0-npn-simple]
+ssl_conf = 0-npn-simple-ssl
+
+[0-npn-simple-ssl]
+server = 0-npn-simple-server
+client = 0-npn-simple-client
+
+[0-npn-simple-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-npn-simple-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedNPNProtocol = foo
+server = 0-npn-simple-server-extra
+client = 0-npn-simple-client-extra
+
+[0-npn-simple-server-extra]
+NPNProtocols = foo
+
+[0-npn-simple-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[1-npn-client-finds-match]
+ssl_conf = 1-npn-client-finds-match-ssl
+
+[1-npn-client-finds-match-ssl]
+server = 1-npn-client-finds-match-server
+client = 1-npn-client-finds-match-client
+
+[1-npn-client-finds-match-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-npn-client-finds-match-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedNPNProtocol = bar
+server = 1-npn-client-finds-match-server-extra
+client = 1-npn-client-finds-match-client-extra
+
+[1-npn-client-finds-match-server-extra]
+NPNProtocols = baz,bar
+
+[1-npn-client-finds-match-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[2-npn-client-honours-server-pref]
+ssl_conf = 2-npn-client-honours-server-pref-ssl
+
+[2-npn-client-honours-server-pref-ssl]
+server = 2-npn-client-honours-server-pref-server
+client = 2-npn-client-honours-server-pref-client
+
+[2-npn-client-honours-server-pref-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-npn-client-honours-server-pref-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedNPNProtocol = bar
+server = 2-npn-client-honours-server-pref-server-extra
+client = 2-npn-client-honours-server-pref-client-extra
+
+[2-npn-client-honours-server-pref-server-extra]
+NPNProtocols = bar,foo
+
+[2-npn-client-honours-server-pref-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[3-npn-client-first-pref-on-mismatch]
+ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl
+
+[3-npn-client-first-pref-on-mismatch-ssl]
+server = 3-npn-client-first-pref-on-mismatch-server
+client = 3-npn-client-first-pref-on-mismatch-client
+
+[3-npn-client-first-pref-on-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-npn-client-first-pref-on-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedNPNProtocol = foo
+server = 3-npn-client-first-pref-on-mismatch-server-extra
+client = 3-npn-client-first-pref-on-mismatch-client-extra
+
+[3-npn-client-first-pref-on-mismatch-server-extra]
+NPNProtocols = baz
+
+[3-npn-client-first-pref-on-mismatch-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[4-npn-no-server-support]
+ssl_conf = 4-npn-no-server-support-ssl
+
+[4-npn-no-server-support-ssl]
+server = 4-npn-no-server-support-server
+client = 4-npn-no-server-support-client
+
+[4-npn-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-npn-no-server-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+client = 4-npn-no-server-support-client-extra
+
+[4-npn-no-server-support-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[5-npn-no-client-support]
+ssl_conf = 5-npn-no-client-support-ssl
+
+[5-npn-no-client-support-ssl]
+server = 5-npn-no-client-support-server
+client = 5-npn-no-client-support-client
+
+[5-npn-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-npn-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+server = 5-npn-no-client-support-server-extra
+
+[5-npn-no-client-support-server-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[6-npn-with-sni-no-context-switch]
+ssl_conf = 6-npn-with-sni-no-context-switch-ssl
+
+[6-npn-with-sni-no-context-switch-ssl]
+server = 6-npn-with-sni-no-context-switch-server
+client = 6-npn-with-sni-no-context-switch-client
+server2 = 6-npn-with-sni-no-context-switch-server2
+
+[6-npn-with-sni-no-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-npn-with-sni-no-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-npn-with-sni-no-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedNPNProtocol = foo
+ExpectedServerName = server1
+server = 6-npn-with-sni-no-context-switch-server-extra
+server2 = 6-npn-with-sni-no-context-switch-server2-extra
+client = 6-npn-with-sni-no-context-switch-client-extra
+
+[6-npn-with-sni-no-context-switch-server-extra]
+NPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[6-npn-with-sni-no-context-switch-server2-extra]
+NPNProtocols = bar
+
+[6-npn-with-sni-no-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server1
+
+
+# ===========================================================
+
+[7-npn-with-sni-context-switch]
+ssl_conf = 7-npn-with-sni-context-switch-ssl
+
+[7-npn-with-sni-context-switch-ssl]
+server = 7-npn-with-sni-context-switch-server
+client = 7-npn-with-sni-context-switch-client
+server2 = 7-npn-with-sni-context-switch-server2
+
+[7-npn-with-sni-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-npn-with-sni-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-npn-with-sni-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 7-npn-with-sni-context-switch-server-extra
+server2 = 7-npn-with-sni-context-switch-server2-extra
+client = 7-npn-with-sni-context-switch-client-extra
+
+[7-npn-with-sni-context-switch-server-extra]
+NPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[7-npn-with-sni-context-switch-server2-extra]
+NPNProtocols = bar
+
+[7-npn-with-sni-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[8-npn-selected-sni-server-supports-npn]
+ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
+
+[8-npn-selected-sni-server-supports-npn-ssl]
+server = 8-npn-selected-sni-server-supports-npn-server
+client = 8-npn-selected-sni-server-supports-npn-client
+server2 = 8-npn-selected-sni-server-supports-npn-server2
+
+[8-npn-selected-sni-server-supports-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-npn-selected-sni-server-supports-npn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-npn-selected-sni-server-supports-npn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 8-npn-selected-sni-server-supports-npn-server-extra
+server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
+client = 8-npn-selected-sni-server-supports-npn-client-extra
+
+[8-npn-selected-sni-server-supports-npn-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-npn-selected-sni-server-supports-npn-server2-extra]
+NPNProtocols = bar
+
+[8-npn-selected-sni-server-supports-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[9-npn-selected-sni-server-does-not-support-npn]
+ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
+
+[9-npn-selected-sni-server-does-not-support-npn-ssl]
+server = 9-npn-selected-sni-server-does-not-support-npn-server
+client = 9-npn-selected-sni-server-does-not-support-npn-client
+server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
+
+[9-npn-selected-sni-server-does-not-support-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-npn-selected-sni-server-does-not-support-npn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-npn-selected-sni-server-does-not-support-npn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedServerName = server2
+server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
+client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
+
+[9-npn-selected-sni-server-does-not-support-npn-server-extra]
+NPNProtocols = bar
+ServerNameCallback = IgnoreMismatch
+
+[9-npn-selected-sni-server-does-not-support-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[10-alpn-preferred-over-npn]
+ssl_conf = 10-alpn-preferred-over-npn-ssl
+
+[10-alpn-preferred-over-npn-ssl]
+server = 10-alpn-preferred-over-npn-server
+client = 10-alpn-preferred-over-npn-client
+
+[10-alpn-preferred-over-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-preferred-over-npn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+server = 10-alpn-preferred-over-npn-server-extra
+client = 10-alpn-preferred-over-npn-client-extra
+
+[10-alpn-preferred-over-npn-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[10-alpn-preferred-over-npn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+
+# ===========================================================
+
+[11-sni-npn-preferred-over-alpn]
+ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
+
+[11-sni-npn-preferred-over-alpn-ssl]
+server = 11-sni-npn-preferred-over-alpn-server
+client = 11-sni-npn-preferred-over-alpn-client
+server2 = 11-sni-npn-preferred-over-alpn-server2
+
+[11-sni-npn-preferred-over-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-npn-preferred-over-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-npn-preferred-over-alpn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 11-sni-npn-preferred-over-alpn-server-extra
+server2 = 11-sni-npn-preferred-over-alpn-server2-extra
+client = 11-sni-npn-preferred-over-alpn-client-extra
+
+[11-sni-npn-preferred-over-alpn-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[11-sni-npn-preferred-over-alpn-server2-extra]
+NPNProtocols = bar
+
+[11-sni-npn-preferred-over-alpn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+ServerName = server2
+
+
+# ===========================================================
+
+[12-npn-simple-resumption]
+ssl_conf = 12-npn-simple-resumption-ssl
+
+[12-npn-simple-resumption-ssl]
+server = 12-npn-simple-resumption-server
+client = 12-npn-simple-resumption-client
+resume-server = 12-npn-simple-resumption-server
+resume-client = 12-npn-simple-resumption-client
+
+[12-npn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-npn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-npn-simple-resumption-server-extra
+resume-server = 12-npn-simple-resumption-server-extra
+client = 12-npn-simple-resumption-client-extra
+resume-client = 12-npn-simple-resumption-client-extra
+
+[12-npn-simple-resumption-server-extra]
+NPNProtocols = foo
+
+[12-npn-simple-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[13-npn-server-switch-resumption]
+ssl_conf = 13-npn-server-switch-resumption-ssl
+
+[13-npn-server-switch-resumption-ssl]
+server = 13-npn-server-switch-resumption-server
+client = 13-npn-server-switch-resumption-client
+resume-server = 13-npn-server-switch-resumption-resume-server
+resume-client = 13-npn-server-switch-resumption-client
+
+[13-npn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 13-npn-server-switch-resumption-server-extra
+resume-server = 13-npn-server-switch-resumption-resume-server-extra
+client = 13-npn-server-switch-resumption-client-extra
+resume-client = 13-npn-server-switch-resumption-client-extra
+
+[13-npn-server-switch-resumption-server-extra]
+NPNProtocols = bar,foo
+
+[13-npn-server-switch-resumption-resume-server-extra]
+NPNProtocols = baz,foo
+
+[13-npn-server-switch-resumption-client-extra]
+NPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[14-npn-client-switch-resumption]
+ssl_conf = 14-npn-client-switch-resumption-ssl
+
+[14-npn-client-switch-resumption-ssl]
+server = 14-npn-client-switch-resumption-server
+client = 14-npn-client-switch-resumption-client
+resume-server = 14-npn-client-switch-resumption-server
+resume-client = 14-npn-client-switch-resumption-resume-client
+
+[14-npn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-npn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-npn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedNPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-npn-client-switch-resumption-server-extra
+resume-server = 14-npn-client-switch-resumption-server-extra
+client = 14-npn-client-switch-resumption-client-extra
+resume-client = 14-npn-client-switch-resumption-resume-client-extra
+
+[14-npn-client-switch-resumption-server-extra]
+NPNProtocols = foo,bar,baz
+
+[14-npn-client-switch-resumption-client-extra]
+NPNProtocols = foo,baz
+
+[14-npn-client-switch-resumption-resume-client-extra]
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[15-npn-client-first-pref-on-mismatch-resumption]
+ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
+
+[15-npn-client-first-pref-on-mismatch-resumption-ssl]
+server = 15-npn-client-first-pref-on-mismatch-resumption-server
+client = 15-npn-client-first-pref-on-mismatch-resumption-client
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
+
+[15-npn-client-first-pref-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
+client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+
+[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
+NPNProtocols = bar
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[16-npn-no-server-support-resumption]
+ssl_conf = 16-npn-no-server-support-resumption-ssl
+
+[16-npn-no-server-support-resumption-ssl]
+server = 16-npn-no-server-support-resumption-server
+client = 16-npn-no-server-support-resumption-client
+resume-server = 16-npn-no-server-support-resumption-resume-server
+resume-client = 16-npn-no-server-support-resumption-client
+
+[16-npn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 16-npn-no-server-support-resumption-server-extra
+client = 16-npn-no-server-support-resumption-client-extra
+resume-client = 16-npn-no-server-support-resumption-client-extra
+
+[16-npn-no-server-support-resumption-server-extra]
+NPNProtocols = foo
+
+[16-npn-no-server-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[17-npn-no-client-support-resumption]
+ssl_conf = 17-npn-no-client-support-resumption-ssl
+
+[17-npn-no-client-support-resumption-ssl]
+server = 17-npn-no-client-support-resumption-server
+client = 17-npn-no-client-support-resumption-client
+resume-server = 17-npn-no-client-support-resumption-server
+resume-client = 17-npn-no-client-support-resumption-resume-client
+
+[17-npn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-npn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[17-npn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 17-npn-no-client-support-resumption-server-extra
+resume-server = 17-npn-no-client-support-resumption-server-extra
+client = 17-npn-no-client-support-resumption-client-extra
+
+[17-npn-no-client-support-resumption-server-extra]
+NPNProtocols = foo
+
+[17-npn-no-client-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[18-alpn-preferred-over-npn-resumption]
+ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
+
+[18-alpn-preferred-over-npn-resumption-ssl]
+server = 18-alpn-preferred-over-npn-resumption-server
+client = 18-alpn-preferred-over-npn-resumption-client
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
+resume-client = 18-alpn-preferred-over-npn-resumption-client
+
+[18-alpn-preferred-over-npn-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 18-alpn-preferred-over-npn-resumption-server-extra
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
+client = 18-alpn-preferred-over-npn-resumption-client-extra
+resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
+
+[18-alpn-preferred-over-npn-resumption-server-extra]
+NPNProtocols = bar
+
+[18-alpn-preferred-over-npn-resumption-resume-server-extra]
+ALPNProtocols = foo
+NPNProtocols = baz
+
+[18-alpn-preferred-over-npn-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[19-npn-used-if-alpn-not-supported-resumption]
+ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
+
+[19-npn-used-if-alpn-not-supported-resumption-ssl]
+server = 19-npn-used-if-alpn-not-supported-resumption-server
+client = 19-npn-used-if-alpn-not-supported-resumption-client
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
+
+[19-npn-used-if-alpn-not-supported-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
+client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+
+[19-npn-used-if-alpn-not-supported-resumption-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[19-npn-used-if-alpn-not-supported-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in
new file mode 100644
index 0000000..bcb632f
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in
@@ -0,0 +1,420 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test NPN negotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "npn-simple",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-client-finds-match",
+        server => {
+            extra => {
+                "NPNProtocols" => "baz,bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-honours-server-pref",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar,foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-first-pref-on-mismatch",
+        server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-no-server-support",
+        server => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-no-client-support",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => { },
+        test => {
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-with-sni-no-context-switch",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server1",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server1",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-with-sni-context-switch",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-selected-sni-server-supports-npn",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-selected-sni-server-does-not-support-npn",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+             "ExpectedServerName" => "server2",
+             "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-preferred-over-npn",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "sni-npn-preferred-over-alpn",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+                "ALPNProtocols" => "foo",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server2",
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",  
+        },
+    },
+    {
+        name => "npn-simple-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-server-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "npn-client-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,baz",
+            },
+        },
+        resume_client => {
+            extra => {
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-first-pref-on-mismatch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-no-server-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-no-client-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        resume_client => { },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-preferred-over-npn-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-used-if-alpn-not-supported-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "baz",
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf
new file mode 100644
index 0000000..e7e6cb9
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf
@@ -0,0 +1,619 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 16
+
+test-0 = 0-alpn-simple
+test-1 = 1-alpn-server-finds-match
+test-2 = 2-alpn-server-honours-server-pref
+test-3 = 3-alpn-alert-on-mismatch
+test-4 = 4-alpn-no-server-support
+test-5 = 5-alpn-no-client-support
+test-6 = 6-alpn-with-sni-no-context-switch
+test-7 = 7-alpn-with-sni-context-switch
+test-8 = 8-alpn-selected-sni-server-supports-alpn
+test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
+test-10 = 10-alpn-simple-resumption
+test-11 = 11-alpn-server-switch-resumption
+test-12 = 12-alpn-client-switch-resumption
+test-13 = 13-alpn-alert-on-mismatch-resumption
+test-14 = 14-alpn-no-server-support-resumption
+test-15 = 15-alpn-no-client-support-resumption
+# ===========================================================
+
+[0-alpn-simple]
+ssl_conf = 0-alpn-simple-ssl
+
+[0-alpn-simple-ssl]
+server = 0-alpn-simple-server
+client = 0-alpn-simple-client
+
+[0-alpn-simple-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-alpn-simple-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedALPNProtocol = foo
+server = 0-alpn-simple-server-extra
+client = 0-alpn-simple-client-extra
+
+[0-alpn-simple-server-extra]
+ALPNProtocols = foo
+
+[0-alpn-simple-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[1-alpn-server-finds-match]
+ssl_conf = 1-alpn-server-finds-match-ssl
+
+[1-alpn-server-finds-match-ssl]
+server = 1-alpn-server-finds-match-server
+client = 1-alpn-server-finds-match-client
+
+[1-alpn-server-finds-match-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-alpn-server-finds-match-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedALPNProtocol = bar
+server = 1-alpn-server-finds-match-server-extra
+client = 1-alpn-server-finds-match-client-extra
+
+[1-alpn-server-finds-match-server-extra]
+ALPNProtocols = baz,bar
+
+[1-alpn-server-finds-match-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[2-alpn-server-honours-server-pref]
+ssl_conf = 2-alpn-server-honours-server-pref-ssl
+
+[2-alpn-server-honours-server-pref-ssl]
+server = 2-alpn-server-honours-server-pref-server
+client = 2-alpn-server-honours-server-pref-client
+
+[2-alpn-server-honours-server-pref-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-alpn-server-honours-server-pref-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedALPNProtocol = bar
+server = 2-alpn-server-honours-server-pref-server-extra
+client = 2-alpn-server-honours-server-pref-client-extra
+
+[2-alpn-server-honours-server-pref-server-extra]
+ALPNProtocols = bar,foo
+
+[2-alpn-server-honours-server-pref-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[3-alpn-alert-on-mismatch]
+ssl_conf = 3-alpn-alert-on-mismatch-ssl
+
+[3-alpn-alert-on-mismatch-ssl]
+server = 3-alpn-alert-on-mismatch-server
+client = 3-alpn-alert-on-mismatch-client
+
+[3-alpn-alert-on-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-alpn-alert-on-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+server = 3-alpn-alert-on-mismatch-server-extra
+client = 3-alpn-alert-on-mismatch-client-extra
+
+[3-alpn-alert-on-mismatch-server-extra]
+ALPNProtocols = baz
+
+[3-alpn-alert-on-mismatch-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[4-alpn-no-server-support]
+ssl_conf = 4-alpn-no-server-support-ssl
+
+[4-alpn-no-server-support-ssl]
+server = 4-alpn-no-server-support-server
+client = 4-alpn-no-server-support-client
+
+[4-alpn-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-alpn-no-server-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+client = 4-alpn-no-server-support-client-extra
+
+[4-alpn-no-server-support-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[5-alpn-no-client-support]
+ssl_conf = 5-alpn-no-client-support-ssl
+
+[5-alpn-no-client-support-ssl]
+server = 5-alpn-no-client-support-server
+client = 5-alpn-no-client-support-client
+
+[5-alpn-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-alpn-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+server = 5-alpn-no-client-support-server-extra
+
+[5-alpn-no-client-support-server-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[6-alpn-with-sni-no-context-switch]
+ssl_conf = 6-alpn-with-sni-no-context-switch-ssl
+
+[6-alpn-with-sni-no-context-switch-ssl]
+server = 6-alpn-with-sni-no-context-switch-server
+client = 6-alpn-with-sni-no-context-switch-client
+server2 = 6-alpn-with-sni-no-context-switch-server2
+
+[6-alpn-with-sni-no-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-alpn-with-sni-no-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-alpn-with-sni-no-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedALPNProtocol = foo
+ExpectedServerName = server1
+server = 6-alpn-with-sni-no-context-switch-server-extra
+server2 = 6-alpn-with-sni-no-context-switch-server2-extra
+client = 6-alpn-with-sni-no-context-switch-client-extra
+
+[6-alpn-with-sni-no-context-switch-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[6-alpn-with-sni-no-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[6-alpn-with-sni-no-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server1
+
+
+# ===========================================================
+
+[7-alpn-with-sni-context-switch]
+ssl_conf = 7-alpn-with-sni-context-switch-ssl
+
+[7-alpn-with-sni-context-switch-ssl]
+server = 7-alpn-with-sni-context-switch-server
+client = 7-alpn-with-sni-context-switch-client
+server2 = 7-alpn-with-sni-context-switch-server2
+
+[7-alpn-with-sni-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-alpn-with-sni-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-alpn-with-sni-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedALPNProtocol = bar
+ExpectedServerName = server2
+server = 7-alpn-with-sni-context-switch-server-extra
+server2 = 7-alpn-with-sni-context-switch-server2-extra
+client = 7-alpn-with-sni-context-switch-client-extra
+
+[7-alpn-with-sni-context-switch-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[7-alpn-with-sni-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[7-alpn-with-sni-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[8-alpn-selected-sni-server-supports-alpn]
+ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl
+
+[8-alpn-selected-sni-server-supports-alpn-ssl]
+server = 8-alpn-selected-sni-server-supports-alpn-server
+client = 8-alpn-selected-sni-server-supports-alpn-client
+server2 = 8-alpn-selected-sni-server-supports-alpn-server2
+
+[8-alpn-selected-sni-server-supports-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-alpn-selected-sni-server-supports-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-alpn-selected-sni-server-supports-alpn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedALPNProtocol = bar
+ExpectedServerName = server2
+server = 8-alpn-selected-sni-server-supports-alpn-server-extra
+server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra
+client = 8-alpn-selected-sni-server-supports-alpn-client-extra
+
+[8-alpn-selected-sni-server-supports-alpn-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-alpn-selected-sni-server-supports-alpn-server2-extra]
+ALPNProtocols = bar
+
+[8-alpn-selected-sni-server-supports-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[9-alpn-selected-sni-server-does-not-support-alpn]
+ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl
+
+[9-alpn-selected-sni-server-does-not-support-alpn-ssl]
+server = 9-alpn-selected-sni-server-does-not-support-alpn-server
+client = 9-alpn-selected-sni-server-does-not-support-alpn-client
+server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-alpn-selected-sni-server-does-not-support-alpn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedServerName = server2
+server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra
+client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server-extra]
+ALPNProtocols = bar
+ServerNameCallback = IgnoreMismatch
+
+[9-alpn-selected-sni-server-does-not-support-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[10-alpn-simple-resumption]
+ssl_conf = 10-alpn-simple-resumption-ssl
+
+[10-alpn-simple-resumption-ssl]
+server = 10-alpn-simple-resumption-server
+client = 10-alpn-simple-resumption-client
+resume-server = 10-alpn-simple-resumption-server
+resume-client = 10-alpn-simple-resumption-client
+
+[10-alpn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 10-alpn-simple-resumption-server-extra
+resume-server = 10-alpn-simple-resumption-server-extra
+client = 10-alpn-simple-resumption-client-extra
+resume-client = 10-alpn-simple-resumption-client-extra
+
+[10-alpn-simple-resumption-server-extra]
+ALPNProtocols = foo
+
+[10-alpn-simple-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[11-alpn-server-switch-resumption]
+ssl_conf = 11-alpn-server-switch-resumption-ssl
+
+[11-alpn-server-switch-resumption-ssl]
+server = 11-alpn-server-switch-resumption-server
+client = 11-alpn-server-switch-resumption-client
+resume-server = 11-alpn-server-switch-resumption-resume-server
+resume-client = 11-alpn-server-switch-resumption-client
+
+[11-alpn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedALPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 11-alpn-server-switch-resumption-server-extra
+resume-server = 11-alpn-server-switch-resumption-resume-server-extra
+client = 11-alpn-server-switch-resumption-client-extra
+resume-client = 11-alpn-server-switch-resumption-client-extra
+
+[11-alpn-server-switch-resumption-server-extra]
+ALPNProtocols = bar,foo
+
+[11-alpn-server-switch-resumption-resume-server-extra]
+ALPNProtocols = baz,foo
+
+[11-alpn-server-switch-resumption-client-extra]
+ALPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[12-alpn-client-switch-resumption]
+ssl_conf = 12-alpn-client-switch-resumption-ssl
+
+[12-alpn-client-switch-resumption-ssl]
+server = 12-alpn-client-switch-resumption-server
+client = 12-alpn-client-switch-resumption-client
+resume-server = 12-alpn-client-switch-resumption-server
+resume-client = 12-alpn-client-switch-resumption-resume-client
+
+[12-alpn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-alpn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-alpn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedALPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-alpn-client-switch-resumption-server-extra
+resume-server = 12-alpn-client-switch-resumption-server-extra
+client = 12-alpn-client-switch-resumption-client-extra
+resume-client = 12-alpn-client-switch-resumption-resume-client-extra
+
+[12-alpn-client-switch-resumption-server-extra]
+ALPNProtocols = foo,bar,baz
+
+[12-alpn-client-switch-resumption-client-extra]
+ALPNProtocols = foo,baz
+
+[12-alpn-client-switch-resumption-resume-client-extra]
+ALPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[13-alpn-alert-on-mismatch-resumption]
+ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl
+
+[13-alpn-alert-on-mismatch-resumption-ssl]
+server = 13-alpn-alert-on-mismatch-resumption-server
+client = 13-alpn-alert-on-mismatch-resumption-client
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server
+resume-client = 13-alpn-alert-on-mismatch-resumption-client
+
+[13-alpn-alert-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+HandshakeMode = Resume
+server = 13-alpn-alert-on-mismatch-resumption-server-extra
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra
+client = 13-alpn-alert-on-mismatch-resumption-client-extra
+resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra
+
+[13-alpn-alert-on-mismatch-resumption-server-extra]
+ALPNProtocols = bar
+
+[13-alpn-alert-on-mismatch-resumption-resume-server-extra]
+ALPNProtocols = baz
+
+[13-alpn-alert-on-mismatch-resumption-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[14-alpn-no-server-support-resumption]
+ssl_conf = 14-alpn-no-server-support-resumption-ssl
+
+[14-alpn-no-server-support-resumption-ssl]
+server = 14-alpn-no-server-support-resumption-server
+client = 14-alpn-no-server-support-resumption-client
+resume-server = 14-alpn-no-server-support-resumption-resume-server
+resume-client = 14-alpn-no-server-support-resumption-client
+
+[14-alpn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-alpn-no-server-support-resumption-server-extra
+client = 14-alpn-no-server-support-resumption-client-extra
+resume-client = 14-alpn-no-server-support-resumption-client-extra
+
+[14-alpn-no-server-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[14-alpn-no-server-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[15-alpn-no-client-support-resumption]
+ssl_conf = 15-alpn-no-client-support-resumption-ssl
+
+[15-alpn-no-client-support-resumption-ssl]
+server = 15-alpn-no-client-support-resumption-server
+client = 15-alpn-no-client-support-resumption-client
+resume-server = 15-alpn-no-client-support-resumption-server
+resume-client = 15-alpn-no-client-support-resumption-resume-client
+
+[15-alpn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-alpn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-alpn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-alpn-no-client-support-resumption-server-extra
+resume-server = 15-alpn-no-client-support-resumption-server-extra
+client = 15-alpn-no-client-support-resumption-client-extra
+
+[15-alpn-no-client-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[15-alpn-no-client-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in
new file mode 100644
index 0000000..37035f1
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in
@@ -0,0 +1,324 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test ALPN negotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "alpn-simple",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-server-finds-match",
+        server => {
+            extra => {
+                "ALPNProtocols" => "baz,bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-server-honours-server-pref",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar,foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-alert-on-mismatch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
+        },
+    },
+    {
+        name => "alpn-no-server-support",
+        server => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-no-client-support",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => { },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-with-sni-no-context-switch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server1",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server1",
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-with-sni-context-switch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-selected-sni-server-supports-alpn",
+        server => {
+            extra => {
+               "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-selected-sni-server-does-not-support-alpn",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar", 
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-simple-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-server-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "alpn-client-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,baz",
+            },
+        },
+        resume_client => {
+            extra => {
+                "ALPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-alert-on-mismatch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
+        },
+    },
+    {
+        name => "alpn-no-server-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-no-client-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_client => { },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf
new file mode 100644
index 0000000..b2deee4
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf
@@ -0,0 +1,1336 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 36
+
+test-0 = 0-resumption
+test-1 = 1-resumption
+test-2 = 2-resumption
+test-3 = 3-resumption
+test-4 = 4-resumption
+test-5 = 5-resumption
+test-6 = 6-resumption
+test-7 = 7-resumption
+test-8 = 8-resumption
+test-9 = 9-resumption
+test-10 = 10-resumption
+test-11 = 11-resumption
+test-12 = 12-resumption
+test-13 = 13-resumption
+test-14 = 14-resumption
+test-15 = 15-resumption
+test-16 = 16-resumption
+test-17 = 17-resumption
+test-18 = 18-resumption
+test-19 = 19-resumption
+test-20 = 20-resumption
+test-21 = 21-resumption
+test-22 = 22-resumption
+test-23 = 23-resumption
+test-24 = 24-resumption
+test-25 = 25-resumption
+test-26 = 26-resumption
+test-27 = 27-resumption
+test-28 = 28-resumption
+test-29 = 29-resumption
+test-30 = 30-resumption
+test-31 = 31-resumption
+test-32 = 32-resumption
+test-33 = 33-resumption
+test-34 = 34-resumption
+test-35 = 35-resumption
+# ===========================================================
+
+[0-resumption]
+ssl_conf = 0-resumption-ssl
+
+[0-resumption-ssl]
+server = 0-resumption-server
+client = 0-resumption-client
+resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-client
+
+[0-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[1-resumption]
+ssl_conf = 1-resumption-ssl
+
+[1-resumption-ssl]
+server = 1-resumption-server
+client = 1-resumption-client
+resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-client
+
+[1-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-resumption]
+ssl_conf = 2-resumption-ssl
+
+[2-resumption-ssl]
+server = 2-resumption-server
+client = 2-resumption-client
+resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-client
+
+[2-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-resumption]
+ssl_conf = 3-resumption-ssl
+
+[3-resumption-ssl]
+server = 3-resumption-server
+client = 3-resumption-client
+resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-client
+
+[3-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-resumption]
+ssl_conf = 4-resumption-ssl
+
+[4-resumption-ssl]
+server = 4-resumption-server
+client = 4-resumption-client
+resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-client
+
+[4-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-resumption]
+ssl_conf = 5-resumption-ssl
+
+[5-resumption-ssl]
+server = 5-resumption-server
+client = 5-resumption-client
+resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-client
+
+[5-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-resumption]
+ssl_conf = 6-resumption-ssl
+
+[6-resumption-ssl]
+server = 6-resumption-server
+client = 6-resumption-client
+resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-client
+
+[6-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[7-resumption]
+ssl_conf = 7-resumption-ssl
+
+[7-resumption-ssl]
+server = 7-resumption-server
+client = 7-resumption-client
+resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-client
+
+[7-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[8-resumption]
+ssl_conf = 8-resumption-ssl
+
+[8-resumption-ssl]
+server = 8-resumption-server
+client = 8-resumption-client
+resume-server = 8-resumption-resume-server
+resume-client = 8-resumption-client
+
+[8-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[9-resumption]
+ssl_conf = 9-resumption-ssl
+
+[9-resumption-ssl]
+server = 9-resumption-server
+client = 9-resumption-client
+resume-server = 9-resumption-resume-server
+resume-client = 9-resumption-client
+
+[9-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[10-resumption]
+ssl_conf = 10-resumption-ssl
+
+[10-resumption-ssl]
+server = 10-resumption-server
+client = 10-resumption-client
+resume-server = 10-resumption-resume-server
+resume-client = 10-resumption-client
+
+[10-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-resumption]
+ssl_conf = 11-resumption-ssl
+
+[11-resumption-ssl]
+server = 11-resumption-server
+client = 11-resumption-client
+resume-server = 11-resumption-resume-server
+resume-client = 11-resumption-client
+
+[11-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-resumption]
+ssl_conf = 12-resumption-ssl
+
+[12-resumption-ssl]
+server = 12-resumption-server
+client = 12-resumption-client
+resume-server = 12-resumption-resume-server
+resume-client = 12-resumption-client
+
+[12-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-resumption]
+ssl_conf = 13-resumption-ssl
+
+[13-resumption-ssl]
+server = 13-resumption-server
+client = 13-resumption-client
+resume-server = 13-resumption-resume-server
+resume-client = 13-resumption-client
+
+[13-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[14-resumption]
+ssl_conf = 14-resumption-ssl
+
+[14-resumption-ssl]
+server = 14-resumption-server
+client = 14-resumption-client
+resume-server = 14-resumption-resume-server
+resume-client = 14-resumption-client
+
+[14-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[15-resumption]
+ssl_conf = 15-resumption-ssl
+
+[15-resumption-ssl]
+server = 15-resumption-server
+client = 15-resumption-client
+resume-server = 15-resumption-resume-server
+resume-client = 15-resumption-client
+
+[15-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[16-resumption]
+ssl_conf = 16-resumption-ssl
+
+[16-resumption-ssl]
+server = 16-resumption-server
+client = 16-resumption-client
+resume-server = 16-resumption-resume-server
+resume-client = 16-resumption-client
+
+[16-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[17-resumption]
+ssl_conf = 17-resumption-ssl
+
+[17-resumption-ssl]
+server = 17-resumption-server
+client = 17-resumption-client
+resume-server = 17-resumption-resume-server
+resume-client = 17-resumption-client
+
+[17-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[18-resumption]
+ssl_conf = 18-resumption-ssl
+
+[18-resumption-ssl]
+server = 18-resumption-server
+client = 18-resumption-client
+resume-server = 18-resumption-server
+resume-client = 18-resumption-resume-client
+
+[18-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[18-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[19-resumption]
+ssl_conf = 19-resumption-ssl
+
+[19-resumption-ssl]
+server = 19-resumption-server
+client = 19-resumption-client
+resume-server = 19-resumption-server
+resume-client = 19-resumption-resume-client
+
+[19-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[19-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[20-resumption]
+ssl_conf = 20-resumption-ssl
+
+[20-resumption-ssl]
+server = 20-resumption-server
+client = 20-resumption-client
+resume-server = 20-resumption-server
+resume-client = 20-resumption-resume-client
+
+[20-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[20-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[21-resumption]
+ssl_conf = 21-resumption-ssl
+
+[21-resumption-ssl]
+server = 21-resumption-server
+client = 21-resumption-client
+resume-server = 21-resumption-server
+resume-client = 21-resumption-resume-client
+
+[21-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[21-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[22-resumption]
+ssl_conf = 22-resumption-ssl
+
+[22-resumption-ssl]
+server = 22-resumption-server
+client = 22-resumption-client
+resume-server = 22-resumption-server
+resume-client = 22-resumption-resume-client
+
+[22-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[22-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[23-resumption]
+ssl_conf = 23-resumption-ssl
+
+[23-resumption-ssl]
+server = 23-resumption-server
+client = 23-resumption-client
+resume-server = 23-resumption-server
+resume-client = 23-resumption-resume-client
+
+[23-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[23-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[24-resumption]
+ssl_conf = 24-resumption-ssl
+
+[24-resumption-ssl]
+server = 24-resumption-server
+client = 24-resumption-client
+resume-server = 24-resumption-server
+resume-client = 24-resumption-resume-client
+
+[24-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[24-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[25-resumption]
+ssl_conf = 25-resumption-ssl
+
+[25-resumption-ssl]
+server = 25-resumption-server
+client = 25-resumption-client
+resume-server = 25-resumption-server
+resume-client = 25-resumption-resume-client
+
+[25-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[25-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[26-resumption]
+ssl_conf = 26-resumption-ssl
+
+[26-resumption-ssl]
+server = 26-resumption-server
+client = 26-resumption-client
+resume-server = 26-resumption-server
+resume-client = 26-resumption-resume-client
+
+[26-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[26-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[27-resumption]
+ssl_conf = 27-resumption-ssl
+
+[27-resumption-ssl]
+server = 27-resumption-server
+client = 27-resumption-client
+resume-server = 27-resumption-server
+resume-client = 27-resumption-resume-client
+
+[27-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[27-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[28-resumption]
+ssl_conf = 28-resumption-ssl
+
+[28-resumption-ssl]
+server = 28-resumption-server
+client = 28-resumption-client
+resume-server = 28-resumption-server
+resume-client = 28-resumption-resume-client
+
+[28-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[28-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[29-resumption]
+ssl_conf = 29-resumption-ssl
+
+[29-resumption-ssl]
+server = 29-resumption-server
+client = 29-resumption-client
+resume-server = 29-resumption-server
+resume-client = 29-resumption-resume-client
+
+[29-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[29-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[30-resumption]
+ssl_conf = 30-resumption-ssl
+
+[30-resumption-ssl]
+server = 30-resumption-server
+client = 30-resumption-client
+resume-server = 30-resumption-server
+resume-client = 30-resumption-resume-client
+
+[30-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[30-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[31-resumption]
+ssl_conf = 31-resumption-ssl
+
+[31-resumption-ssl]
+server = 31-resumption-server
+client = 31-resumption-client
+resume-server = 31-resumption-server
+resume-client = 31-resumption-resume-client
+
+[31-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[31-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[32-resumption]
+ssl_conf = 32-resumption-ssl
+
+[32-resumption-ssl]
+server = 32-resumption-server
+client = 32-resumption-client
+resume-server = 32-resumption-server
+resume-client = 32-resumption-resume-client
+
+[32-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[32-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[33-resumption]
+ssl_conf = 33-resumption-ssl
+
+[33-resumption-ssl]
+server = 33-resumption-server
+client = 33-resumption-client
+resume-server = 33-resumption-server
+resume-client = 33-resumption-resume-client
+
+[33-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[33-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[34-resumption]
+ssl_conf = 34-resumption-ssl
+
+[34-resumption-ssl]
+server = 34-resumption-server
+client = 34-resumption-client
+resume-server = 34-resumption-server
+resume-client = 34-resumption-resume-client
+
+[34-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[34-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[35-resumption]
+ssl_conf = 35-resumption-ssl
+
+[35-resumption-ssl]
+server = 35-resumption-server
+client = 35-resumption-client
+resume-server = 35-resumption-server
+resume-client = 35-resumption-resume-client
+
+[35-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[35-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in
new file mode 100644
index 0000000..989135f
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation upon resumption.
+
+use strict;
+use warnings;
+
+package ssltests;
+
+use protocol_version;
+
+our @tests = generate_resumption_tests("TLS");
diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf
new file mode 100644
index 0000000..ceed959
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf
@@ -0,0 +1,612 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 16
+
+test-0 = 0-resumption
+test-1 = 1-resumption
+test-2 = 2-resumption
+test-3 = 3-resumption
+test-4 = 4-resumption
+test-5 = 5-resumption
+test-6 = 6-resumption
+test-7 = 7-resumption
+test-8 = 8-resumption
+test-9 = 9-resumption
+test-10 = 10-resumption
+test-11 = 11-resumption
+test-12 = 12-resumption
+test-13 = 13-resumption
+test-14 = 14-resumption
+test-15 = 15-resumption
+# ===========================================================
+
+[0-resumption]
+ssl_conf = 0-resumption-ssl
+
+[0-resumption-ssl]
+server = 0-resumption-server
+client = 0-resumption-client
+resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-client
+
+[0-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[1-resumption]
+ssl_conf = 1-resumption-ssl
+
+[1-resumption-ssl]
+server = 1-resumption-server
+client = 1-resumption-client
+resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-client
+
+[1-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-resumption]
+ssl_conf = 2-resumption-ssl
+
+[2-resumption-ssl]
+server = 2-resumption-server
+client = 2-resumption-client
+resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-client
+
+[2-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-resumption]
+ssl_conf = 3-resumption-ssl
+
+[3-resumption-ssl]
+server = 3-resumption-server
+client = 3-resumption-client
+resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-client
+
+[3-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-resumption]
+ssl_conf = 4-resumption-ssl
+
+[4-resumption-ssl]
+server = 4-resumption-server
+client = 4-resumption-client
+resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-client
+
+[4-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-resumption]
+ssl_conf = 5-resumption-ssl
+
+[5-resumption-ssl]
+server = 5-resumption-server
+client = 5-resumption-client
+resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-client
+
+[5-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-resumption]
+ssl_conf = 6-resumption-ssl
+
+[6-resumption-ssl]
+server = 6-resumption-server
+client = 6-resumption-client
+resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-client
+
+[6-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[7-resumption]
+ssl_conf = 7-resumption-ssl
+
+[7-resumption-ssl]
+server = 7-resumption-server
+client = 7-resumption-client
+resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-client
+
+[7-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[8-resumption]
+ssl_conf = 8-resumption-ssl
+
+[8-resumption-ssl]
+server = 8-resumption-server
+client = 8-resumption-client
+resume-server = 8-resumption-server
+resume-client = 8-resumption-resume-client
+
+[8-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[8-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[9-resumption]
+ssl_conf = 9-resumption-ssl
+
+[9-resumption-ssl]
+server = 9-resumption-server
+client = 9-resumption-client
+resume-server = 9-resumption-server
+resume-client = 9-resumption-resume-client
+
+[9-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[9-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[10-resumption]
+ssl_conf = 10-resumption-ssl
+
+[10-resumption-ssl]
+server = 10-resumption-server
+client = 10-resumption-client
+resume-server = 10-resumption-server
+resume-client = 10-resumption-resume-client
+
+[10-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[10-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-resumption]
+ssl_conf = 11-resumption-ssl
+
+[11-resumption-ssl]
+server = 11-resumption-server
+client = 11-resumption-client
+resume-server = 11-resumption-server
+resume-client = 11-resumption-resume-client
+
+[11-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[11-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-resumption]
+ssl_conf = 12-resumption-ssl
+
+[12-resumption-ssl]
+server = 12-resumption-server
+client = 12-resumption-client
+resume-server = 12-resumption-server
+resume-client = 12-resumption-resume-client
+
+[12-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-resumption]
+ssl_conf = 13-resumption-ssl
+
+[13-resumption-ssl]
+server = 13-resumption-server
+client = 13-resumption-client
+resume-server = 13-resumption-server
+resume-client = 13-resumption-resume-client
+
+[13-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[13-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[14-resumption]
+ssl_conf = 14-resumption-ssl
+
+[14-resumption-ssl]
+server = 14-resumption-server
+client = 14-resumption-client
+resume-server = 14-resumption-server
+resume-client = 14-resumption-resume-client
+
+[14-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[15-resumption]
+ssl_conf = 15-resumption-ssl
+
+[15-resumption-ssl]
+server = 15-resumption-server
+client = 15-resumption-client
+resume-server = 15-resumption-server
+resume-client = 15-resumption-resume-client
+
+[15-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in
new file mode 100644
index 0000000..16dec1d
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation upon resumption.
+
+use strict;
+use warnings;
+
+package ssltests;
+
+use protocol_version;
+
+our @tests = generate_resumption_tests("DTLS");
diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf b/openssl-1.1.0h/test/ssl-tests/12-ct.conf
new file mode 100644
index 0000000..2e6e9de
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf
@@ -0,0 +1,191 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-ct-permissive-without-scts
+test-1 = 1-ct-permissive-with-scts
+test-2 = 2-ct-strict-without-scts
+test-3 = 3-ct-strict-with-scts
+test-4 = 4-ct-permissive-resumption
+test-5 = 5-ct-strict-resumption
+# ===========================================================
+
+[0-ct-permissive-without-scts]
+ssl_conf = 0-ct-permissive-without-scts-ssl
+
+[0-ct-permissive-without-scts-ssl]
+server = 0-ct-permissive-without-scts-server
+client = 0-ct-permissive-without-scts-client
+
+[0-ct-permissive-without-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-ct-permissive-without-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+client = 0-ct-permissive-without-scts-client-extra
+
+[0-ct-permissive-without-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[1-ct-permissive-with-scts]
+ssl_conf = 1-ct-permissive-with-scts-ssl
+
+[1-ct-permissive-with-scts-ssl]
+server = 1-ct-permissive-with-scts-server
+client = 1-ct-permissive-with-scts-client
+
+[1-ct-permissive-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[1-ct-permissive-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+client = 1-ct-permissive-with-scts-client-extra
+
+[1-ct-permissive-with-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[2-ct-strict-without-scts]
+ssl_conf = 2-ct-strict-without-scts-ssl
+
+[2-ct-strict-without-scts-ssl]
+server = 2-ct-strict-without-scts-server
+client = 2-ct-strict-without-scts-client
+
+[2-ct-strict-without-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-ct-strict-without-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 2-ct-strict-without-scts-client-extra
+
+[2-ct-strict-without-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[3-ct-strict-with-scts]
+ssl_conf = 3-ct-strict-with-scts-ssl
+
+[3-ct-strict-with-scts-ssl]
+server = 3-ct-strict-with-scts-server
+client = 3-ct-strict-with-scts-client
+
+[3-ct-strict-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[3-ct-strict-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+client = 3-ct-strict-with-scts-client-extra
+
+[3-ct-strict-with-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[4-ct-permissive-resumption]
+ssl_conf = 4-ct-permissive-resumption-ssl
+
+[4-ct-permissive-resumption-ssl]
+server = 4-ct-permissive-resumption-server
+client = 4-ct-permissive-resumption-client
+resume-server = 4-ct-permissive-resumption-server
+resume-client = 4-ct-permissive-resumption-client
+
+[4-ct-permissive-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[4-ct-permissive-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = Resume
+ResumptionExpected = Yes
+client = 4-ct-permissive-resumption-client-extra
+resume-client = 4-ct-permissive-resumption-client-extra
+
+[4-ct-permissive-resumption-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[5-ct-strict-resumption]
+ssl_conf = 5-ct-strict-resumption-ssl
+
+[5-ct-strict-resumption-ssl]
+server = 5-ct-strict-resumption-server
+client = 5-ct-strict-resumption-client
+resume-server = 5-ct-strict-resumption-server
+resume-client = 5-ct-strict-resumption-resume-client
+
+[5-ct-strict-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[5-ct-strict-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[5-ct-strict-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = Resume
+ResumptionExpected = Yes
+client = 5-ct-strict-resumption-client-extra
+resume-client = 5-ct-strict-resumption-resume-client-extra
+
+[5-ct-strict-resumption-client-extra]
+CTValidation = Strict
+
+[5-ct-strict-resumption-resume-client-extra]
+CTValidation = Strict
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in
new file mode 100644
index 0000000..d412dfd
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in
@@ -0,0 +1,119 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test CT support
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "ct-permissive-without-scts",
+        server => { },
+        client => {
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-permissive-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-strict-without-scts",
+        server => { },
+        client => {
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+    {
+        name => "ct-strict-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-permissive-resumption",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-strict-resumption",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        # SCTs are not present during resumption, so the resumption
+        # should succeed.
+        resume_client => {
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success",
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf
new file mode 100644
index 0000000..4c1e9e2
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf
@@ -0,0 +1,397 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 16
+
+test-0 = 0-one-fragment-minus-app-data
+test-1 = 1-one-fragment-app-data
+test-2 = 2-one-fragment-plus-app-data
+test-3 = 3-small-app-data
+test-4 = 4-small-app-data-large-fragment-size
+test-5 = 5-medium-app-data
+test-6 = 6-medium-plus-app-data
+test-7 = 7-large-app-data
+test-8 = 8-large-app-data-large-fragment-size
+test-9 = 9-large-app-data-odd-fragment-size
+test-10 = 10-large-app-data-aes-sha1-multibuffer
+test-11 = 11-large-app-data-aes-sha2-multibuffer
+test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment
+test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment
+test-14 = 14-small-app-data-aes-sha1-multibuffer
+test-15 = 15-small-app-data-aes-sha2-multibuffer
+# ===========================================================
+
+[0-one-fragment-minus-app-data]
+ssl_conf = 0-one-fragment-minus-app-data-ssl
+
+[0-one-fragment-minus-app-data-ssl]
+server = 0-one-fragment-minus-app-data-server
+client = 0-one-fragment-minus-app-data-client
+
+[0-one-fragment-minus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-one-fragment-minus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ApplicationData = 511
+
+
+# ===========================================================
+
+[1-one-fragment-app-data]
+ssl_conf = 1-one-fragment-app-data-ssl
+
+[1-one-fragment-app-data-ssl]
+server = 1-one-fragment-app-data-server
+client = 1-one-fragment-app-data-client
+
+[1-one-fragment-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-one-fragment-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ApplicationData = 512
+
+
+# ===========================================================
+
+[2-one-fragment-plus-app-data]
+ssl_conf = 2-one-fragment-plus-app-data-ssl
+
+[2-one-fragment-plus-app-data-ssl]
+server = 2-one-fragment-plus-app-data-server
+client = 2-one-fragment-plus-app-data-client
+
+[2-one-fragment-plus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-one-fragment-plus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ApplicationData = 513
+
+
+# ===========================================================
+
+[3-small-app-data]
+ssl_conf = 3-small-app-data-ssl
+
+[3-small-app-data-ssl]
+server = 3-small-app-data-server
+client = 3-small-app-data-client
+
+[3-small-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-small-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ApplicationData = 4097
+
+
+# ===========================================================
+
+[4-small-app-data-large-fragment-size]
+ssl_conf = 4-small-app-data-large-fragment-size-ssl
+
+[4-small-app-data-large-fragment-size-ssl]
+server = 4-small-app-data-large-fragment-size-server
+client = 4-small-app-data-large-fragment-size-client
+
+[4-small-app-data-large-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-small-app-data-large-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ApplicationData = 4097
+MaxFragmentSize = 16384
+
+
+# ===========================================================
+
+[5-medium-app-data]
+ssl_conf = 5-medium-app-data-ssl
+
+[5-medium-app-data-ssl]
+server = 5-medium-app-data-server
+client = 5-medium-app-data-client
+
+[5-medium-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-medium-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ApplicationData = 32775
+
+
+# ===========================================================
+
+[6-medium-plus-app-data]
+ssl_conf = 6-medium-plus-app-data-ssl
+
+[6-medium-plus-app-data-ssl]
+server = 6-medium-plus-app-data-server
+client = 6-medium-plus-app-data-client
+
+[6-medium-plus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-medium-plus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ApplicationData = 131069
+
+
+# ===========================================================
+
+[7-large-app-data]
+ssl_conf = 7-large-app-data-ssl
+
+[7-large-app-data-ssl]
+server = 7-large-app-data-server
+client = 7-large-app-data-client
+
+[7-large-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-large-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ApplicationData = 1048576
+
+
+# ===========================================================
+
+[8-large-app-data-large-fragment-size]
+ssl_conf = 8-large-app-data-large-fragment-size-ssl
+
+[8-large-app-data-large-fragment-size-ssl]
+server = 8-large-app-data-large-fragment-size-server
+client = 8-large-app-data-large-fragment-size-client
+
+[8-large-app-data-large-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-large-app-data-large-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ApplicationData = 1048576
+MaxFragmentSize = 16384
+
+
+# ===========================================================
+
+[9-large-app-data-odd-fragment-size]
+ssl_conf = 9-large-app-data-odd-fragment-size-ssl
+
+[9-large-app-data-odd-fragment-size-ssl]
+server = 9-large-app-data-odd-fragment-size-server
+client = 9-large-app-data-odd-fragment-size-client
+
+[9-large-app-data-odd-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-large-app-data-odd-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ApplicationData = 1048576
+MaxFragmentSize = 5115
+
+
+# ===========================================================
+
+[10-large-app-data-aes-sha1-multibuffer]
+ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl
+
+[10-large-app-data-aes-sha1-multibuffer-ssl]
+server = 10-large-app-data-aes-sha1-multibuffer-server
+client = 10-large-app-data-aes-sha1-multibuffer-client
+
+[10-large-app-data-aes-sha1-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-large-app-data-aes-sha1-multibuffer-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ApplicationData = 1048576
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[11-large-app-data-aes-sha2-multibuffer]
+ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl
+
+[11-large-app-data-aes-sha2-multibuffer-ssl]
+server = 11-large-app-data-aes-sha2-multibuffer-server
+client = 11-large-app-data-aes-sha2-multibuffer-client
+
+[11-large-app-data-aes-sha2-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-large-app-data-aes-sha2-multibuffer-client]
+CipherString = AES128-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ApplicationData = 1048576
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment]
+ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl]
+server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server
+client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ApplicationData = 1048579
+MaxFragmentSize = 5115
+
+
+# ===========================================================
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment]
+ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl]
+server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server
+client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]
+CipherString = AES128-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ApplicationData = 1048573
+MaxFragmentSize = 5125
+
+
+# ===========================================================
+
+[14-small-app-data-aes-sha1-multibuffer]
+ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl
+
+[14-small-app-data-aes-sha1-multibuffer-ssl]
+server = 14-small-app-data-aes-sha1-multibuffer-server
+client = 14-small-app-data-aes-sha1-multibuffer-client
+
+[14-small-app-data-aes-sha1-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-small-app-data-aes-sha1-multibuffer-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ApplicationData = 4096
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[15-small-app-data-aes-sha2-multibuffer]
+ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl
+
+[15-small-app-data-aes-sha2-multibuffer-ssl]
+server = 15-small-app-data-aes-sha2-multibuffer-server
+client = 15-small-app-data-aes-sha2-multibuffer-client
+
+[15-small-app-data-aes-sha2-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-small-app-data-aes-sha2-multibuffer-client]
+CipherString = AES128-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ApplicationData = 4096
+MaxFragmentSize = 4096
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in
new file mode 100644
index 0000000..6c2501b
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in
@@ -0,0 +1,181 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test packet fragmentation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    # Default fragment size is 512.
+    {
+        name => "one-fragment-minus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 511,
+        }
+    },
+    {
+        name => "one-fragment-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 512,
+        }
+    },
+    {
+        name => "one-fragment-plus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 513,
+        }
+    },
+    {
+        name => "small-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 4 * 1024 + 1,
+        }
+    },
+    {
+        name => "small-app-data-large-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 4 * 1024 + 1,
+            MaxFragmentSize => 16384,
+        }
+    },
+    {
+        name => "medium-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 32 * 1024 + 7,
+        }
+    },
+    # Exceeds the 64kB write buffer size.
+    {
+        name => "medium-plus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 128 * 1024 - 3,
+        }
+    },
+    {
+        name => "large-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+        }
+    },
+    {
+        name => "large-app-data-large-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 16384,
+        }
+    },
+    {
+        name => "large-app-data-odd-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 5 * 1024 - 5,
+        }
+    },
+    # When the buffer / fragment size ratio is sufficiently large,
+    # multi-buffer code kicks in on some platforms for AES-SHA.  The
+    # exact minimum ratio depends on the platform, and is usually
+    # around 4. Since the the test buffer is 64kB, a 4kB fragment is
+    # easily sufficient.
+    #
+    # (We run this test on all platforms though it's only true multibuffer
+    #  on some of them.)
+    {
+        name => "large-app-data-aes-sha1-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+        },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+    {
+        name => "large-app-data-aes-sha2-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+        },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+        {
+        name => "large-app-data-aes-sha1-multibuffer-odd-fragment",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+        },
+        test => {
+            ApplicationData => 1024 * 1024 + 3,
+            MaxFragmentSize => 5 * 1024 - 5,
+        }
+    },
+    {
+        name => "large-app-data-aes-sha2-multibuffer-odd-fragment",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+        },
+        test => {
+            ApplicationData => 1024 * 1024 - 3,
+            MaxFragmentSize => 5 * 1024 + 5,
+        }
+    },
+    # Test that multibuffer-capable code also handles small data correctly.
+    # Here fragment size == app data size < buffer size,
+    # so no multibuffering should happen.
+    {
+        name => "small-app-data-aes-sha1-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+        },
+        test => {
+            ApplicationData => 4 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+    {
+        name => "small-app-data-aes-sha2-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+        },
+        test => {
+            ApplicationData => 4 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf b/openssl-1.1.0h/test/ssl-tests/14-curves.conf
new file mode 100644
index 0000000..7f7ac4b
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf
@@ -0,0 +1,787 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 29
+
+test-0 = 0-curve-sect163k1
+test-1 = 1-curve-sect163r1
+test-2 = 2-curve-sect163r2
+test-3 = 3-curve-sect193r1
+test-4 = 4-curve-sect193r2
+test-5 = 5-curve-sect233k1
+test-6 = 6-curve-sect233r1
+test-7 = 7-curve-sect239k1
+test-8 = 8-curve-sect283k1
+test-9 = 9-curve-sect283r1
+test-10 = 10-curve-sect409k1
+test-11 = 11-curve-sect409r1
+test-12 = 12-curve-sect571k1
+test-13 = 13-curve-sect571r1
+test-14 = 14-curve-secp160k1
+test-15 = 15-curve-secp160r1
+test-16 = 16-curve-secp160r2
+test-17 = 17-curve-secp192k1
+test-18 = 18-curve-prime192v1
+test-19 = 19-curve-secp224k1
+test-20 = 20-curve-secp224r1
+test-21 = 21-curve-secp256k1
+test-22 = 22-curve-prime256v1
+test-23 = 23-curve-secp384r1
+test-24 = 24-curve-secp521r1
+test-25 = 25-curve-brainpoolP256r1
+test-26 = 26-curve-brainpoolP384r1
+test-27 = 27-curve-brainpoolP512r1
+test-28 = 28-curve-X25519
+# ===========================================================
+
+[0-curve-sect163k1]
+ssl_conf = 0-curve-sect163k1-ssl
+
+[0-curve-sect163k1-ssl]
+server = 0-curve-sect163k1-server
+client = 0-curve-sect163k1-client
+
+[0-curve-sect163k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-curve-sect163k1-client]
+CipherString = ECDHE
+Curves = sect163k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163k1
+
+
+# ===========================================================
+
+[1-curve-sect163r1]
+ssl_conf = 1-curve-sect163r1-ssl
+
+[1-curve-sect163r1-ssl]
+server = 1-curve-sect163r1-server
+client = 1-curve-sect163r1-client
+
+[1-curve-sect163r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-curve-sect163r1-client]
+CipherString = ECDHE
+Curves = sect163r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163r1
+
+
+# ===========================================================
+
+[2-curve-sect163r2]
+ssl_conf = 2-curve-sect163r2-ssl
+
+[2-curve-sect163r2-ssl]
+server = 2-curve-sect163r2-server
+client = 2-curve-sect163r2-client
+
+[2-curve-sect163r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-curve-sect163r2-client]
+CipherString = ECDHE
+Curves = sect163r2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163r2
+
+
+# ===========================================================
+
+[3-curve-sect193r1]
+ssl_conf = 3-curve-sect193r1-ssl
+
+[3-curve-sect193r1-ssl]
+server = 3-curve-sect193r1-server
+client = 3-curve-sect193r1-client
+
+[3-curve-sect193r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-curve-sect193r1-client]
+CipherString = ECDHE
+Curves = sect193r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect193r1
+
+
+# ===========================================================
+
+[4-curve-sect193r2]
+ssl_conf = 4-curve-sect193r2-ssl
+
+[4-curve-sect193r2-ssl]
+server = 4-curve-sect193r2-server
+client = 4-curve-sect193r2-client
+
+[4-curve-sect193r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-curve-sect193r2-client]
+CipherString = ECDHE
+Curves = sect193r2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect193r2
+
+
+# ===========================================================
+
+[5-curve-sect233k1]
+ssl_conf = 5-curve-sect233k1-ssl
+
+[5-curve-sect233k1-ssl]
+server = 5-curve-sect233k1-server
+client = 5-curve-sect233k1-client
+
+[5-curve-sect233k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-curve-sect233k1-client]
+CipherString = ECDHE
+Curves = sect233k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect233k1
+
+
+# ===========================================================
+
+[6-curve-sect233r1]
+ssl_conf = 6-curve-sect233r1-ssl
+
+[6-curve-sect233r1-ssl]
+server = 6-curve-sect233r1-server
+client = 6-curve-sect233r1-client
+
+[6-curve-sect233r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-curve-sect233r1-client]
+CipherString = ECDHE
+Curves = sect233r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect233r1
+
+
+# ===========================================================
+
+[7-curve-sect239k1]
+ssl_conf = 7-curve-sect239k1-ssl
+
+[7-curve-sect239k1-ssl]
+server = 7-curve-sect239k1-server
+client = 7-curve-sect239k1-client
+
+[7-curve-sect239k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect239k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-curve-sect239k1-client]
+CipherString = ECDHE
+Curves = sect239k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect239k1
+
+
+# ===========================================================
+
+[8-curve-sect283k1]
+ssl_conf = 8-curve-sect283k1-ssl
+
+[8-curve-sect283k1-ssl]
+server = 8-curve-sect283k1-server
+client = 8-curve-sect283k1-client
+
+[8-curve-sect283k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-curve-sect283k1-client]
+CipherString = ECDHE
+Curves = sect283k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect283k1
+
+
+# ===========================================================
+
+[9-curve-sect283r1]
+ssl_conf = 9-curve-sect283r1-ssl
+
+[9-curve-sect283r1-ssl]
+server = 9-curve-sect283r1-server
+client = 9-curve-sect283r1-client
+
+[9-curve-sect283r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-curve-sect283r1-client]
+CipherString = ECDHE
+Curves = sect283r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect283r1
+
+
+# ===========================================================
+
+[10-curve-sect409k1]
+ssl_conf = 10-curve-sect409k1-ssl
+
+[10-curve-sect409k1-ssl]
+server = 10-curve-sect409k1-server
+client = 10-curve-sect409k1-client
+
+[10-curve-sect409k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-curve-sect409k1-client]
+CipherString = ECDHE
+Curves = sect409k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect409k1
+
+
+# ===========================================================
+
+[11-curve-sect409r1]
+ssl_conf = 11-curve-sect409r1-ssl
+
+[11-curve-sect409r1-ssl]
+server = 11-curve-sect409r1-server
+client = 11-curve-sect409r1-client
+
+[11-curve-sect409r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-curve-sect409r1-client]
+CipherString = ECDHE
+Curves = sect409r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect409r1
+
+
+# ===========================================================
+
+[12-curve-sect571k1]
+ssl_conf = 12-curve-sect571k1-ssl
+
+[12-curve-sect571k1-ssl]
+server = 12-curve-sect571k1-server
+client = 12-curve-sect571k1-client
+
+[12-curve-sect571k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-curve-sect571k1-client]
+CipherString = ECDHE
+Curves = sect571k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect571k1
+
+
+# ===========================================================
+
+[13-curve-sect571r1]
+ssl_conf = 13-curve-sect571r1-ssl
+
+[13-curve-sect571r1-ssl]
+server = 13-curve-sect571r1-server
+client = 13-curve-sect571r1-client
+
+[13-curve-sect571r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-curve-sect571r1-client]
+CipherString = ECDHE
+Curves = sect571r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect571r1
+
+
+# ===========================================================
+
+[14-curve-secp160k1]
+ssl_conf = 14-curve-secp160k1-ssl
+
+[14-curve-secp160k1-ssl]
+server = 14-curve-secp160k1-server
+client = 14-curve-secp160k1-client
+
+[14-curve-secp160k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-curve-secp160k1-client]
+CipherString = ECDHE
+Curves = secp160k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160k1
+
+
+# ===========================================================
+
+[15-curve-secp160r1]
+ssl_conf = 15-curve-secp160r1-ssl
+
+[15-curve-secp160r1-ssl]
+server = 15-curve-secp160r1-server
+client = 15-curve-secp160r1-client
+
+[15-curve-secp160r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-curve-secp160r1-client]
+CipherString = ECDHE
+Curves = secp160r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160r1
+
+
+# ===========================================================
+
+[16-curve-secp160r2]
+ssl_conf = 16-curve-secp160r2-ssl
+
+[16-curve-secp160r2-ssl]
+server = 16-curve-secp160r2-server
+client = 16-curve-secp160r2-client
+
+[16-curve-secp160r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-curve-secp160r2-client]
+CipherString = ECDHE
+Curves = secp160r2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160r2
+
+
+# ===========================================================
+
+[17-curve-secp192k1]
+ssl_conf = 17-curve-secp192k1-ssl
+
+[17-curve-secp192k1-ssl]
+server = 17-curve-secp192k1-server
+client = 17-curve-secp192k1-client
+
+[17-curve-secp192k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp192k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-curve-secp192k1-client]
+CipherString = ECDHE
+Curves = secp192k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp192k1
+
+
+# ===========================================================
+
+[18-curve-prime192v1]
+ssl_conf = 18-curve-prime192v1-ssl
+
+[18-curve-prime192v1-ssl]
+server = 18-curve-prime192v1-server
+client = 18-curve-prime192v1-client
+
+[18-curve-prime192v1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = prime192v1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-curve-prime192v1-client]
+CipherString = ECDHE
+Curves = prime192v1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+ExpectedTmpKeyType = prime192v1
+
+
+# ===========================================================
+
+[19-curve-secp224k1]
+ssl_conf = 19-curve-secp224k1-ssl
+
+[19-curve-secp224k1-ssl]
+server = 19-curve-secp224k1-server
+client = 19-curve-secp224k1-client
+
+[19-curve-secp224k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-curve-secp224k1-client]
+CipherString = ECDHE
+Curves = secp224k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp224k1
+
+
+# ===========================================================
+
+[20-curve-secp224r1]
+ssl_conf = 20-curve-secp224r1-ssl
+
+[20-curve-secp224r1-ssl]
+server = 20-curve-secp224r1-server
+client = 20-curve-secp224r1-client
+
+[20-curve-secp224r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-curve-secp224r1-client]
+CipherString = ECDHE
+Curves = secp224r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp224r1
+
+
+# ===========================================================
+
+[21-curve-secp256k1]
+ssl_conf = 21-curve-secp256k1-ssl
+
+[21-curve-secp256k1-ssl]
+server = 21-curve-secp256k1-server
+client = 21-curve-secp256k1-client
+
+[21-curve-secp256k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp256k1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-curve-secp256k1-client]
+CipherString = ECDHE
+Curves = secp256k1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp256k1
+
+
+# ===========================================================
+
+[22-curve-prime256v1]
+ssl_conf = 22-curve-prime256v1-ssl
+
+[22-curve-prime256v1-ssl]
+server = 22-curve-prime256v1-server
+client = 22-curve-prime256v1-client
+
+[22-curve-prime256v1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = prime256v1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-curve-prime256v1-client]
+CipherString = ECDHE
+Curves = prime256v1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = Success
+ExpectedTmpKeyType = prime256v1
+
+
+# ===========================================================
+
+[23-curve-secp384r1]
+ssl_conf = 23-curve-secp384r1-ssl
+
+[23-curve-secp384r1-ssl]
+server = 23-curve-secp384r1-server
+client = 23-curve-secp384r1-client
+
+[23-curve-secp384r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp384r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-curve-secp384r1-client]
+CipherString = ECDHE
+Curves = secp384r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp384r1
+
+
+# ===========================================================
+
+[24-curve-secp521r1]
+ssl_conf = 24-curve-secp521r1-ssl
+
+[24-curve-secp521r1-ssl]
+server = 24-curve-secp521r1-server
+client = 24-curve-secp521r1-client
+
+[24-curve-secp521r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp521r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-curve-secp521r1-client]
+CipherString = ECDHE
+Curves = secp521r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp521r1
+
+
+# ===========================================================
+
+[25-curve-brainpoolP256r1]
+ssl_conf = 25-curve-brainpoolP256r1-ssl
+
+[25-curve-brainpoolP256r1-ssl]
+server = 25-curve-brainpoolP256r1-server
+client = 25-curve-brainpoolP256r1-client
+
+[25-curve-brainpoolP256r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP256r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-curve-brainpoolP256r1-client]
+CipherString = ECDHE
+Curves = brainpoolP256r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP256r1
+
+
+# ===========================================================
+
+[26-curve-brainpoolP384r1]
+ssl_conf = 26-curve-brainpoolP384r1-ssl
+
+[26-curve-brainpoolP384r1-ssl]
+server = 26-curve-brainpoolP384r1-server
+client = 26-curve-brainpoolP384r1-client
+
+[26-curve-brainpoolP384r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP384r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-curve-brainpoolP384r1-client]
+CipherString = ECDHE
+Curves = brainpoolP384r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP384r1
+
+
+# ===========================================================
+
+[27-curve-brainpoolP512r1]
+ssl_conf = 27-curve-brainpoolP512r1-ssl
+
+[27-curve-brainpoolP512r1-ssl]
+server = 27-curve-brainpoolP512r1-server
+client = 27-curve-brainpoolP512r1-client
+
+[27-curve-brainpoolP512r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP512r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-curve-brainpoolP512r1-client]
+CipherString = ECDHE
+Curves = brainpoolP512r1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP512r1
+
+
+# ===========================================================
+
+[28-curve-X25519]
+ssl_conf = 28-curve-X25519-ssl
+
+[28-curve-X25519-ssl]
+server = 28-curve-X25519-server
+client = 28-curve-X25519-client
+
+[28-curve-X25519-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = X25519
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-curve-X25519-client]
+CipherString = ECDHE
+Curves = X25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedResult = Success
+ExpectedTmpKeyType = X25519
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in
new file mode 100644
index 0000000..0b7c09c
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in
@@ -0,0 +1,44 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(anydisabled);
+
+my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1",
+              "sect193r2", "sect233k1", "sect233r1", "sect239k1",
+              "sect283k1", "sect283r1", "sect409k1", "sect409r1",
+              "sect571k1", "sect571r1", "secp160k1", "secp160r1",
+              "secp160r2", "secp192k1", "prime192v1", "secp224k1",
+              "secp224r1", "secp256k1", "prime256v1", "secp384r1",
+              "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
+              "brainpoolP512r1", "X25519");
+
+our @tests = ();
+
+sub generate_tests() {
+    foreach (0..$#curves) {
+        my $curve = $curves[$_];
+        push @tests, {
+	    name => "curve-${curve}",
+            server => {
+                "Curves" => $curve
+            },
+            client => {
+		"CipherString" => "ECDHE",
+                "Curves" => $curve
+            },
+            test   => {
+                "ExpectedTmpKeyType" => $curve,
+                "ExpectedResult" => "Success"
+            },
+        };
+    }
+}
+
+generate_tests();
diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf
new file mode 100644
index 0000000..bf6c41c
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf
@@ -0,0 +1,62 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 2
+
+test-0 = 0-certstatus-good
+test-1 = 1-certstatus-bad
+# ===========================================================
+
+[0-certstatus-good]
+ssl_conf = 0-certstatus-good-ssl
+
+[0-certstatus-good-ssl]
+server = 0-certstatus-good-server
+client = 0-certstatus-good-client
+
+[0-certstatus-good-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-certstatus-good-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+Method = TLS
+server = 0-certstatus-good-server-extra
+
+[0-certstatus-good-server-extra]
+CertStatus = GoodResponse
+
+
+# ===========================================================
+
+[1-certstatus-bad]
+ssl_conf = 1-certstatus-bad-ssl
+
+[1-certstatus-bad-ssl]
+server = 1-certstatus-bad-server
+client = 1-certstatus-bad-client
+
+[1-certstatus-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-certstatus-bad-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ClientFail
+Method = TLS
+server = 1-certstatus-bad-server-extra
+
+[1-certstatus-bad-server-extra]
+CertStatus = BadResponse
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in
new file mode 100644
index 0000000..074602d
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in
@@ -0,0 +1,45 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test CertStatus messages
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "certstatus-good",
+        server => {
+            extra => {
+                "CertStatus" => "GoodResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "certstatus-bad",
+        server => {
+            extra => {
+                "CertStatus" => "BadResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf
diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf
new file mode 100644
index 0000000..a561803
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf
@@ -0,0 +1,62 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 2
+
+test-0 = 0-certstatus-good
+test-1 = 1-certstatus-bad
+# ===========================================================
+
+[0-certstatus-good]
+ssl_conf = 0-certstatus-good-ssl
+
+[0-certstatus-good-ssl]
+server = 0-certstatus-good-server
+client = 0-certstatus-good-client
+
+[0-certstatus-good-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-certstatus-good-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+Method = DTLS
+server = 0-certstatus-good-server-extra
+
+[0-certstatus-good-server-extra]
+CertStatus = GoodResponse
+
+
+# ===========================================================
+
+[1-certstatus-bad]
+ssl_conf = 1-certstatus-bad-ssl
+
+[1-certstatus-bad-ssl]
+server = 1-certstatus-bad-server
+client = 1-certstatus-bad-client
+
+[1-certstatus-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-certstatus-bad-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ClientFail
+Method = DTLS
+server = 1-certstatus-bad-server-extra
+
+[1-certstatus-bad-server-extra]
+CertStatus = BadResponse
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in
new file mode 100644
index 0000000..7280029
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in
@@ -0,0 +1,45 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test DTLS CertStatus messages
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "certstatus-good",
+        server => {
+            extra => {
+                "CertStatus" => "GoodResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "certstatus-bad",
+        server => {
+            extra => {
+                "CertStatus" => "BadResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf
new file mode 100644
index 0000000..48f569f
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf
@@ -0,0 +1,428 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 14
+
+test-0 = 0-renegotiate-client-no-resume
+test-1 = 1-renegotiate-client-resume
+test-2 = 2-renegotiate-server-no-resume
+test-3 = 3-renegotiate-server-resume
+test-4 = 4-renegotiate-client-auth-require
+test-5 = 5-renegotiate-client-auth-once
+test-6 = 6-renegotiate-aead-to-non-aead
+test-7 = 7-renegotiate-non-aead-to-aead
+test-8 = 8-renegotiate-non-aead-to-non-aead
+test-9 = 9-renegotiate-aead-to-aead
+test-10 = 10-no-renegotiation-server-by-client
+test-11 = 11-no-renegotiation-server-by-server
+test-12 = 12-no-renegotiation-client-by-server
+test-13 = 13-no-renegotiation-client-by-client
+# ===========================================================
+
+[0-renegotiate-client-no-resume]
+ssl_conf = 0-renegotiate-client-no-resume-ssl
+
+[0-renegotiate-client-no-resume-ssl]
+server = 0-renegotiate-client-no-resume-server
+client = 0-renegotiate-client-no-resume-client
+
+[0-renegotiate-client-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-renegotiate-client-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[1-renegotiate-client-resume]
+ssl_conf = 1-renegotiate-client-resume-ssl
+
+[1-renegotiate-client-resume-ssl]
+server = 1-renegotiate-client-resume-server
+client = 1-renegotiate-client-resume-client
+
+[1-renegotiate-client-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-renegotiate-client-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-renegotiate-server-no-resume]
+ssl_conf = 2-renegotiate-server-no-resume-ssl
+
+[2-renegotiate-server-no-resume-ssl]
+server = 2-renegotiate-server-no-resume-server
+client = 2-renegotiate-server-no-resume-client
+
+[2-renegotiate-server-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-renegotiate-server-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-renegotiate-server-resume]
+ssl_conf = 3-renegotiate-server-resume-ssl
+
+[3-renegotiate-server-resume-ssl]
+server = 3-renegotiate-server-resume-server
+client = 3-renegotiate-server-resume-client
+
+[3-renegotiate-server-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-renegotiate-server-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-require]
+ssl_conf = 4-renegotiate-client-auth-require-ssl
+
+[4-renegotiate-client-auth-require-ssl]
+server = 4-renegotiate-client-auth-require-server
+client = 4-renegotiate-client-auth-require-client
+
+[4-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[4-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-renegotiate-client-auth-once]
+ssl_conf = 5-renegotiate-client-auth-once-ssl
+
+[5-renegotiate-client-auth-once-ssl]
+server = 5-renegotiate-client-auth-once-server
+client = 5-renegotiate-client-auth-once-client
+
+[5-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[5-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-renegotiate-aead-to-non-aead]
+ssl_conf = 6-renegotiate-aead-to-non-aead-ssl
+
+[6-renegotiate-aead-to-non-aead-ssl]
+server = 6-renegotiate-aead-to-non-aead-server
+client = 6-renegotiate-aead-to-non-aead-client
+
+[6-renegotiate-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-renegotiate-aead-to-non-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 6-renegotiate-aead-to-non-aead-client-extra
+
+[6-renegotiate-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES128-SHA
+
+
+# ===========================================================
+
+[7-renegotiate-non-aead-to-aead]
+ssl_conf = 7-renegotiate-non-aead-to-aead-ssl
+
+[7-renegotiate-non-aead-to-aead-ssl]
+server = 7-renegotiate-non-aead-to-aead-server
+client = 7-renegotiate-non-aead-to-aead-client
+
+[7-renegotiate-non-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-renegotiate-non-aead-to-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 7-renegotiate-non-aead-to-aead-client-extra
+
+[7-renegotiate-non-aead-to-aead-client-extra]
+RenegotiateCiphers = AES128-GCM-SHA256
+
+
+# ===========================================================
+
+[8-renegotiate-non-aead-to-non-aead]
+ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl
+
+[8-renegotiate-non-aead-to-non-aead-ssl]
+server = 8-renegotiate-non-aead-to-non-aead-server
+client = 8-renegotiate-non-aead-to-non-aead-client
+
+[8-renegotiate-non-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-renegotiate-non-aead-to-non-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 8-renegotiate-non-aead-to-non-aead-client-extra
+
+[8-renegotiate-non-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES256-SHA
+
+
+# ===========================================================
+
+[9-renegotiate-aead-to-aead]
+ssl_conf = 9-renegotiate-aead-to-aead-ssl
+
+[9-renegotiate-aead-to-aead-ssl]
+server = 9-renegotiate-aead-to-aead-server
+client = 9-renegotiate-aead-to-aead-client
+
+[9-renegotiate-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-renegotiate-aead-to-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 9-renegotiate-aead-to-aead-client-extra
+
+[9-renegotiate-aead-to-aead-client-extra]
+RenegotiateCiphers = AES256-GCM-SHA384
+
+
+# ===========================================================
+
+[10-no-renegotiation-server-by-client]
+ssl_conf = 10-no-renegotiation-server-by-client-ssl
+
+[10-no-renegotiation-server-by-client-ssl]
+server = 10-no-renegotiation-server-by-client-server
+client = 10-no-renegotiation-server-by-client-client
+
+[10-no-renegotiation-server-by-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-no-renegotiation-server-by-client-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = ClientFail
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-no-renegotiation-server-by-server]
+ssl_conf = 11-no-renegotiation-server-by-server-ssl
+
+[11-no-renegotiation-server-by-server-ssl]
+server = 11-no-renegotiation-server-by-server-server
+client = 11-no-renegotiation-server-by-server-client
+
+[11-no-renegotiation-server-by-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-no-renegotiation-server-by-server-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = ServerFail
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-no-renegotiation-client-by-server]
+ssl_conf = 12-no-renegotiation-client-by-server-ssl
+
+[12-no-renegotiation-client-by-server-ssl]
+server = 12-no-renegotiation-client-by-server-server
+client = 12-no-renegotiation-client-by-server-client
+
+[12-no-renegotiation-client-by-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-no-renegotiation-client-by-server-client]
+CipherString = DEFAULT
+Options = NoRenegotiation
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = ServerFail
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-no-renegotiation-client-by-client]
+ssl_conf = 13-no-renegotiation-client-by-client-ssl
+
+[13-no-renegotiation-client-by-client-ssl]
+server = 13-no-renegotiation-client-by-client-server
+client = 13-no-renegotiation-client-by-client-client
+
+[13-no-renegotiation-client-by-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-no-renegotiation-client-by-client-client]
+CipherString = DEFAULT
+Options = NoRenegotiation
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ClientFail
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in
new file mode 100644
index 0000000..bd656d0
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in
@@ -0,0 +1,243 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "renegotiate-client-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-server-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-server-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
+);
+our @tests_tls1_2 = (
+    {
+        name => "renegotiate-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            extra => {
+                "RenegotiateCiphers" => "AES128-SHA"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            extra => {
+                "RenegotiateCiphers" => "AES128-GCM-SHA256"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            extra => {
+                "RenegotiateCiphers" => "AES256-SHA"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            extra => {
+                "RenegotiateCiphers" => "AES256-GCM-SHA384"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "no-renegotiation-server-by-client",
+        server => {
+            "Options" => "NoRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => { },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+    {
+        name => "no-renegotiation-server-by-server",
+        server => {
+            "Options" => "NoRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => { },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail"
+        }
+    },
+    {
+        name => "no-renegotiation-client-by-server",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "Options" => "NoRenegotiation",
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail"
+        }
+    },
+    {
+        name => "no-renegotiation-client-by-client",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "Options" => "NoRenegotiation",
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    }
+);
+
+push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf
new file mode 100644
index 0000000..3d8ebd7
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf
@@ -0,0 +1,276 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-renegotiate-client-no-resume
+test-1 = 1-renegotiate-client-resume
+test-2 = 2-renegotiate-server-resume
+test-3 = 3-renegotiate-client-auth-require
+test-4 = 4-renegotiate-client-auth-once
+test-5 = 5-renegotiate-aead-to-non-aead
+test-6 = 6-renegotiate-non-aead-to-aead
+test-7 = 7-renegotiate-non-aead-to-non-aead
+test-8 = 8-renegotiate-aead-to-aead
+# ===========================================================
+
+[0-renegotiate-client-no-resume]
+ssl_conf = 0-renegotiate-client-no-resume-ssl
+
+[0-renegotiate-client-no-resume-ssl]
+server = 0-renegotiate-client-no-resume-server
+client = 0-renegotiate-client-no-resume-client
+
+[0-renegotiate-client-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-renegotiate-client-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[1-renegotiate-client-resume]
+ssl_conf = 1-renegotiate-client-resume-ssl
+
+[1-renegotiate-client-resume-ssl]
+server = 1-renegotiate-client-resume-server
+client = 1-renegotiate-client-resume-client
+
+[1-renegotiate-client-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-renegotiate-client-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-renegotiate-server-resume]
+ssl_conf = 2-renegotiate-server-resume-ssl
+
+[2-renegotiate-server-resume-ssl]
+server = 2-renegotiate-server-resume-server
+client = 2-renegotiate-server-resume-client
+
+[2-renegotiate-server-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-renegotiate-server-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-renegotiate-client-auth-require]
+ssl_conf = 3-renegotiate-client-auth-require-ssl
+
+[3-renegotiate-client-auth-require-ssl]
+server = 3-renegotiate-client-auth-require-server
+client = 3-renegotiate-client-auth-require-client
+
+[3-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[3-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-once]
+ssl_conf = 4-renegotiate-client-auth-once-ssl
+
+[4-renegotiate-client-auth-once-ssl]
+server = 4-renegotiate-client-auth-once-server
+client = 4-renegotiate-client-auth-once-client
+
+[4-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[4-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-renegotiate-aead-to-non-aead]
+ssl_conf = 5-renegotiate-aead-to-non-aead-ssl
+
+[5-renegotiate-aead-to-non-aead-ssl]
+server = 5-renegotiate-aead-to-non-aead-server
+client = 5-renegotiate-aead-to-non-aead-client
+
+[5-renegotiate-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-renegotiate-aead-to-non-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+client = 5-renegotiate-aead-to-non-aead-client-extra
+
+[5-renegotiate-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES128-SHA
+
+
+# ===========================================================
+
+[6-renegotiate-non-aead-to-aead]
+ssl_conf = 6-renegotiate-non-aead-to-aead-ssl
+
+[6-renegotiate-non-aead-to-aead-ssl]
+server = 6-renegotiate-non-aead-to-aead-server
+client = 6-renegotiate-non-aead-to-aead-client
+
+[6-renegotiate-non-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-renegotiate-non-aead-to-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+client = 6-renegotiate-non-aead-to-aead-client-extra
+
+[6-renegotiate-non-aead-to-aead-client-extra]
+RenegotiateCiphers = AES128-GCM-SHA256
+
+
+# ===========================================================
+
+[7-renegotiate-non-aead-to-non-aead]
+ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl
+
+[7-renegotiate-non-aead-to-non-aead-ssl]
+server = 7-renegotiate-non-aead-to-non-aead-server
+client = 7-renegotiate-non-aead-to-non-aead-client
+
+[7-renegotiate-non-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-renegotiate-non-aead-to-non-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+client = 7-renegotiate-non-aead-to-non-aead-client-extra
+
+[7-renegotiate-non-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES256-SHA
+
+
+# ===========================================================
+
+[8-renegotiate-aead-to-aead]
+ssl_conf = 8-renegotiate-aead-to-aead-ssl
+
+[8-renegotiate-aead-to-aead-ssl]
+server = 8-renegotiate-aead-to-aead-server
+client = 8-renegotiate-aead-to-aead-client
+
+[8-renegotiate-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-renegotiate-aead-to-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+client = 8-renegotiate-aead-to-aead-client-extra
+
+[8-renegotiate-aead-to-aead-client-extra]
+RenegotiateCiphers = AES256-GCM-SHA384
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in
new file mode 100644
index 0000000..7a65a85
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -0,0 +1,174 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "renegotiate-client-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+# Note: Unlike the TLS tests, we will never do resumption with server
+# initiated reneg. This is because an OpenSSL DTLS client will always do a full
+# handshake (i.e. it doesn't supply a session id) when it receives a
+# HelloRequest. This is different to the OpenSSL TLS implementation where an
+# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
+# the session id). This goes all the way to commit 48ae85b6f when abbreviated
+# handshake support was first added. Neither behaviour is wrong, but the
+# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
+# and if so, what to?
+    {
+        name => "renegotiate-server-resume",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
+);
+our @tests_dtls1_2 = (
+    {
+        name => "renegotiate-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            extra => {
+                "RenegotiateCiphers" => "AES128-SHA"
+            }
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            extra => {
+                "RenegotiateCiphers" => "AES128-GCM-SHA256"
+            }
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            extra => {
+                "RenegotiateCiphers" => "AES256-SHA"
+            }
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation"
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            extra => {
+                "RenegotiateCiphers" => "AES256-GCM-SHA384"
+            }
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+);
+
+
+push @tests, @tests_dtls1_2 unless disabled("dtls1_2");
diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf
new file mode 100644
index 0000000..40480ed
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf
@@ -0,0 +1,156 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-disable-encrypt-then-mac-server-sha
+test-1 = 1-disable-encrypt-then-mac-client-sha
+test-2 = 2-disable-encrypt-then-mac-both-sha
+test-3 = 3-disable-encrypt-then-mac-server-sha2
+test-4 = 4-disable-encrypt-then-mac-client-sha2
+test-5 = 5-disable-encrypt-then-mac-both-sha2
+# ===========================================================
+
+[0-disable-encrypt-then-mac-server-sha]
+ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl
+
+[0-disable-encrypt-then-mac-server-sha-ssl]
+server = 0-disable-encrypt-then-mac-server-sha-server
+client = 0-disable-encrypt-then-mac-server-sha-client
+
+[0-disable-encrypt-then-mac-server-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-disable-encrypt-then-mac-server-sha-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-disable-encrypt-then-mac-client-sha]
+ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl
+
+[1-disable-encrypt-then-mac-client-sha-ssl]
+server = 1-disable-encrypt-then-mac-client-sha-server
+client = 1-disable-encrypt-then-mac-client-sha-client
+
+[1-disable-encrypt-then-mac-client-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-disable-encrypt-then-mac-client-sha-client]
+CipherString = AES128-SHA
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-disable-encrypt-then-mac-both-sha]
+ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl
+
+[2-disable-encrypt-then-mac-both-sha-ssl]
+server = 2-disable-encrypt-then-mac-both-sha-server
+client = 2-disable-encrypt-then-mac-both-sha-client
+
+[2-disable-encrypt-then-mac-both-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-disable-encrypt-then-mac-both-sha-client]
+CipherString = AES128-SHA
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-disable-encrypt-then-mac-server-sha2]
+ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl
+
+[3-disable-encrypt-then-mac-server-sha2-ssl]
+server = 3-disable-encrypt-then-mac-server-sha2-server
+client = 3-disable-encrypt-then-mac-server-sha2-client
+
+[3-disable-encrypt-then-mac-server-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-disable-encrypt-then-mac-server-sha2-client]
+CipherString = AES128-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-disable-encrypt-then-mac-client-sha2]
+ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl
+
+[4-disable-encrypt-then-mac-client-sha2-ssl]
+server = 4-disable-encrypt-then-mac-client-sha2-server
+client = 4-disable-encrypt-then-mac-client-sha2-client
+
+[4-disable-encrypt-then-mac-client-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-disable-encrypt-then-mac-client-sha2-client]
+CipherString = AES128-SHA256
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-disable-encrypt-then-mac-both-sha2]
+ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl
+
+[5-disable-encrypt-then-mac-both-sha2-ssl]
+server = 5-disable-encrypt-then-mac-both-sha2-server
+client = 5-disable-encrypt-then-mac-both-sha2-client
+
+[5-disable-encrypt-then-mac-both-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-disable-encrypt-then-mac-both-sha2-client]
+CipherString = AES128-SHA256
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in
new file mode 100644
index 0000000..01afe25
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in
@@ -0,0 +1,89 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "disable-encrypt-then-mac-server-sha",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-client-sha",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-EncryptThenMac",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-both-sha",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-EncryptThenMac",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-server-sha2",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-client-sha2",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-EncryptThenMac",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-both-sha2",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-EncryptThenMac",
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+);
diff --git a/openssl-1.1.0h/test/ssl-tests/protocol_version.pm b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm
new file mode 100644
index 0000000..c711362
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm
@@ -0,0 +1,247 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use List::Util qw/max min/;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
+setup("no_test_here");
+
+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+# undef stands for "no limit".
+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
+
+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+
+my $min_tls_enabled; my $max_tls_enabled;
+
+# Protocol configuration works in cascades, i.e.,
+# $no_tls1_1 disables TLSv1.1 and below.
+#
+# $min_enabled and $max_enabled will be correct if there is at least one
+# protocol enabled.
+foreach my $i (0..$#tls_protocols) {
+    if (!$is_tls_disabled[$i]) {
+        $min_tls_enabled = $i;
+        last;
+    }
+}
+
+foreach my $i (0..$#tls_protocols) {
+    if (!$is_tls_disabled[$i]) {
+        $max_tls_enabled = $i;
+    }
+}
+
+my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
+# undef stands for "no limit".
+my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
+my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
+
+my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
+
+my $min_dtls_enabled; my $max_dtls_enabled;
+
+# $min_enabled and $max_enabled will be correct if there is at least one
+# protocol enabled.
+foreach my $i (0..$#dtls_protocols) {
+    if (!$is_dtls_disabled[$i]) {
+        $min_dtls_enabled = $i;
+        last;
+    }
+}
+
+foreach my $i (0..$#dtls_protocols) {
+    if (!$is_dtls_disabled[$i]) {
+        $max_dtls_enabled = $i;
+    }
+}
+
+sub no_tests {
+    my ($dtls) = @_;
+    return $dtls ? alldisabled("dtls1", "dtls1_2") :
+      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+}
+
+sub generate_version_tests {
+    my ($method) = @_;
+
+    my $dtls = $method eq "DTLS";
+    # Don't write the redundant "Method = TLS" into the configuration.
+    undef $method if !$dtls;
+
+    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
+    my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
+    my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
+    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+    my $max_enabled  = $dtls ? $max_dtls_enabled : $max_tls_enabled;
+
+    if (no_tests($dtls)) {
+        return;
+    }
+
+    my @tests = ();
+
+    foreach my $c_min (0..$#min_protocols) {
+        my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
+        foreach my $c_max ($c_max_min..$#max_protocols) {
+            foreach my $s_min (0..$#min_protocols) {
+                my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
+                foreach my $s_max ($s_max_min..$#max_protocols) {
+                    my ($result, $protocol) =
+                        expected_result($c_min, $c_max, $s_min, $s_max,
+                                        $min_enabled, $max_enabled, \@protocols);
+                    push @tests, {
+                        "name" => "version-negotiation",
+                        "client" => {
+                            "MinProtocol" => $min_protocols[$c_min],
+                            "MaxProtocol" => $max_protocols[$c_max],
+                        },
+                        "server" => {
+                            "MinProtocol" => $min_protocols[$s_min],
+                            "MaxProtocol" => $max_protocols[$s_max],
+                        },
+                        "test" => {
+                            "ExpectedResult" => $result,
+                            "ExpectedProtocol" => $protocol,
+                            "Method" => $method,
+                        }
+                    };
+                }
+            }
+        }
+    }
+    return @tests;
+}
+
+sub generate_resumption_tests {
+    my ($method) = @_;
+
+    my $dtls = $method eq "DTLS";
+    # Don't write the redundant "Method = TLS" into the configuration.
+    undef $method if !$dtls;
+
+    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
+    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+
+    if (no_tests($dtls)) {
+        return;
+    }
+
+    my @server_tests = ();
+    my @client_tests = ();
+
+    # Obtain the first session against a fixed-version server/client.
+    foreach my $original_protocol($min_enabled..$#protocols) {
+        # Upgrade or downgrade the server/client max version support and test
+        # that it upgrades, downgrades or resumes the session as well.
+        foreach my $resume_protocol($min_enabled..$#protocols) {
+            my $resumption_expected;
+            # We should only resume on exact version match.
+            if ($original_protocol eq $resume_protocol) {
+                $resumption_expected = "Yes";
+            } else {
+                $resumption_expected = "No";
+            }
+
+            foreach my $ticket ("SessionTicket", "-SessionTicket") {
+                # Client is flexible, server upgrades/downgrades.
+                push @server_tests, {
+                    "name" => "resumption",
+                    "client" => { },
+                    "server" => {
+                        "MinProtocol" => $protocols[$original_protocol],
+                        "MaxProtocol" => $protocols[$original_protocol],
+                        "Options" => $ticket,
+                    },
+                    "resume_server" => {
+                        "MaxProtocol" => $protocols[$resume_protocol],
+                    },
+                    "test" => {
+                        "ExpectedProtocol" => $protocols[$resume_protocol],
+                        "Method" => $method,
+                        "HandshakeMode" => "Resume",
+                        "ResumptionExpected" => $resumption_expected,
+                    }
+                };
+                # Server is flexible, client upgrades/downgrades.
+                push @client_tests, {
+                    "name" => "resumption",
+                    "client" => {
+                        "MinProtocol" => $protocols[$original_protocol],
+                        "MaxProtocol" => $protocols[$original_protocol],
+                    },
+                    "server" => {
+                        "Options" => $ticket,
+                    },
+                    "resume_client" => {
+                        "MaxProtocol" => $protocols[$resume_protocol],
+                    },
+                    "test" => {
+                        "ExpectedProtocol" => $protocols[$resume_protocol],
+                        "Method" => $method,
+                        "HandshakeMode" => "Resume",
+                        "ResumptionExpected" => $resumption_expected,
+                    }
+                };
+            }
+        }
+    }
+
+    return (@server_tests, @client_tests);
+}
+
+sub expected_result {
+    my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
+        $protocols) = @_;
+
+    # Adjust for "undef" (no limit).
+    $c_min = $c_min == 0 ? 0 : $c_min - 1;
+    $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
+    $s_min = $s_min == 0 ? 0 : $s_min - 1;
+    $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
+
+    # We now have at least one protocol enabled, so $min_enabled and
+    # $max_enabled are well-defined.
+    $c_min = max $c_min, $min_enabled;
+    $s_min = max $s_min, $min_enabled;
+    $c_max = min $c_max, $max_enabled;
+    $s_max = min $s_max, $max_enabled;
+
+    if ($c_min > $c_max) {
+        # Client should fail to even send a hello.
+        # This results in an internal error since the server will be
+        # waiting for input that never arrives.
+        return ("InternalError", undef);
+    } elsif ($s_min > $s_max) {
+        # Server has no protocols, should always fail.
+        return ("ServerFail", undef);
+    } elsif ($s_min > $c_max) {
+        # Server doesn't support the client range.
+        return ("ServerFail", undef);
+    } elsif ($c_min > $s_max) {
+        # Server will try with a version that is lower than the lowest
+        # supported client version.
+        return ("ClientFail", undef);
+    } else {
+        # Server and client ranges overlap.
+        my $max_common = $s_max < $c_max ? $s_max : $c_max;
+        return ("Success", $protocols->[$max_common]);
+    }
+}
+
+1;
diff --git a/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm
new file mode 100644
index 0000000..dc81642
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm
@@ -0,0 +1,30 @@
+# -*- mode: perl; -*-
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+## SSL test configurations
+
+package ssltests;
+
+sub test_pem
+{
+    my ($file) = @_;
+    my $dir_sep = $^O ne "VMS" ? "/" : "";
+    return "\${ENV::TEST_CERTS_DIR}" . $dir_sep . $file,
+}
+
+our %base_server = (
+    "Certificate" => test_pem("servercert.pem"),
+    "PrivateKey"  => test_pem("serverkey.pem"),
+    "CipherString" => "DEFAULT",
+);
+
+our %base_client = (
+    "VerifyCAFile" => test_pem("rootcert.pem"),
+    "VerifyMode" => "Peer",
+    "CipherString" => "DEFAULT",
+);
diff --git a/openssl-1.1.0h/test/ssl_test.c b/openssl-1.1.0h/test/ssl_test.c
new file mode 100644
index 0000000..2cbbddd
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test.c
@@ -0,0 +1,371 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "handshake_helper.h"
+#include "ssl_test_ctx.h"
+#include "testutil.h"
+
+static CONF *conf = NULL;
+
+/* Currently the section names are of the form test-<number>, e.g. test-15. */
+#define MAX_TESTCASE_NAME_LENGTH 100
+
+typedef struct ssl_test_ctx_test_fixture {
+    const char *test_case_name;
+    char test_app[MAX_TESTCASE_NAME_LENGTH];
+} SSL_TEST_FIXTURE;
+
+static SSL_TEST_FIXTURE set_up(const char *const test_case_name)
+{
+    SSL_TEST_FIXTURE fixture;
+    fixture.test_case_name = test_case_name;
+    return fixture;
+}
+
+static const char *print_alert(int alert)
+{
+    return alert ? SSL_alert_desc_string_long(alert) : "no alert";
+}
+
+static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (result->result != test_ctx->expected_result) {
+        fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
+                ssl_test_result_name(test_ctx->expected_result),
+                ssl_test_result_name(result->result));
+        return 0;
+    }
+    return 1;
+}
+
+static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (result->client_alert_sent != result->client_alert_received) {
+        fprintf(stderr, "Client sent alert %s but server received %s\n.",
+                print_alert(result->client_alert_sent),
+                print_alert(result->client_alert_received));
+        /*
+         * We can't bail here because the peer doesn't always get far enough
+         * to process a received alert. Specifically, in protocol version
+         * negotiation tests, we have the following scenario.
+         * Client supports TLS v1.2 only; Server supports TLS v1.1.
+         * Client proposes TLS v1.2; server responds with 1.1;
+         * Client now sends a protocol alert, using TLS v1.2 in the header.
+         * The server, however, rejects the alert because of version mismatch
+         * in the record layer; therefore, the server appears to never
+         * receive the alert.
+         */
+        /* return 0; */
+    }
+
+    if (result->server_alert_sent != result->server_alert_received) {
+        fprintf(stderr, "Server sent alert %s but client received %s\n.",
+                print_alert(result->server_alert_sent),
+                print_alert(result->server_alert_received));
+        /* return 0; */
+    }
+
+    /* Tolerate an alert if one wasn't explicitly specified in the test. */
+    if (test_ctx->expected_client_alert
+        /*
+         * The info callback alert value is computed as
+         * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
+         * where the low byte is the alert code and the high byte is other stuff.
+         */
+        && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
+        fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
+                print_alert(test_ctx->expected_client_alert),
+                print_alert(result->client_alert_sent));
+        return 0;
+    }
+
+    if (test_ctx->expected_server_alert
+        && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
+        fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
+                print_alert(test_ctx->expected_server_alert),
+                print_alert(result->server_alert_sent));
+        return 0;
+    }
+
+    if (result->client_num_fatal_alerts_sent > 1) {
+        fprintf(stderr, "Client sent %d fatal alerts.\n",
+                result->client_num_fatal_alerts_sent);
+        return 0;
+    }
+    if (result->server_num_fatal_alerts_sent > 1) {
+        fprintf(stderr, "Server sent %d alerts.\n",
+                result->server_num_fatal_alerts_sent);
+        return 0;
+    }
+    return 1;
+}
+
+static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (result->client_protocol != result->server_protocol) {
+        fprintf(stderr, "Client has protocol %s but server has %s\n.",
+                ssl_protocol_name(result->client_protocol),
+                ssl_protocol_name(result->server_protocol));
+        return 0;
+    }
+
+    if (test_ctx->expected_protocol) {
+        if (result->client_protocol != test_ctx->expected_protocol) {
+            fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
+                    ssl_protocol_name(test_ctx->expected_protocol),
+                    ssl_protocol_name(result->client_protocol));
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (result->servername != test_ctx->expected_servername) {
+      fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
+              ssl_servername_name(test_ctx->expected_servername),
+              ssl_servername_name(result->servername));
+      return 0;
+    }
+  return 1;
+}
+
+static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
+        return 1;
+    if (result->session_ticket != test_ctx->session_ticket_expected) {
+        fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
+                ssl_session_ticket_name(test_ctx->session_ticket_expected),
+                ssl_session_ticket_name(result->session_ticket));
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    int ret = 1;
+    ret &= strings_equal("NPN Negotiated (client vs server)",
+                         result->client_npn_negotiated,
+                         result->server_npn_negotiated);
+    ret &= strings_equal("ExpectedNPNProtocol",
+                         test_ctx->expected_npn_protocol,
+                         result->client_npn_negotiated);
+    return ret;
+}
+#endif
+
+static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    int ret = 1;
+    ret &= strings_equal("ALPN Negotiated (client vs server)",
+                         result->client_alpn_negotiated,
+                         result->server_alpn_negotiated);
+    ret &= strings_equal("ExpectedALPNProtocol",
+                         test_ctx->expected_alpn_protocol,
+                         result->client_alpn_negotiated);
+    return ret;
+}
+
+static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (result->client_resumed != result->server_resumed) {
+        fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n",
+                result->client_resumed, result->server_resumed);
+        return 0;
+    }
+    if (result->client_resumed != test_ctx->resumption_expected) {
+        fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n",
+                test_ctx->resumption_expected, result->client_resumed);
+        return 0;
+    }
+    return 1;
+}
+
+static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (test_ctx->expected_tmp_key_type == 0
+        || test_ctx->expected_tmp_key_type == result->tmp_key_type)
+        return 1;
+    fprintf(stderr, "Tmp key type mismatch, %s vs %s\n",
+            OBJ_nid2ln(test_ctx->expected_tmp_key_type),
+            OBJ_nid2ln(result->tmp_key_type));
+    return 0;
+}
+
+/*
+ * This could be further simplified by constructing an expected
+ * HANDSHAKE_RESULT, and implementing comparison methods for
+ * its fields.
+ */
+static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    int ret = 1;
+    ret &= check_result(result, test_ctx);
+    ret &= check_alerts(result, test_ctx);
+    if (result->result == SSL_TEST_SUCCESS) {
+        ret &= check_protocol(result, test_ctx);
+        ret &= check_servername(result, test_ctx);
+        ret &= check_session_ticket(result, test_ctx);
+        ret &= (result->session_ticket_do_not_call == 0);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        ret &= check_npn(result, test_ctx);
+#endif
+        ret &= check_alpn(result, test_ctx);
+        ret &= check_resumption(result, test_ctx);
+        ret &= check_tmp_key(result, test_ctx);
+    }
+    return ret;
+}
+
+static int execute_test(SSL_TEST_FIXTURE fixture)
+{
+    int ret = 0;
+    SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
+        *resume_server_ctx = NULL, *resume_client_ctx = NULL;
+    SSL_TEST_CTX *test_ctx = NULL;
+    HANDSHAKE_RESULT *result = NULL;
+
+    test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
+    if (test_ctx == NULL)
+        goto err;
+
+#ifndef OPENSSL_NO_DTLS
+    if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
+        server_ctx = SSL_CTX_new(DTLS_server_method());
+        TEST_check(SSL_CTX_set_max_proto_version(server_ctx, DTLS_MAX_VERSION));
+        if (test_ctx->extra.server.servername_callback !=
+            SSL_TEST_SERVERNAME_CB_NONE) {
+            server2_ctx = SSL_CTX_new(DTLS_server_method());
+            TEST_check(server2_ctx != NULL);
+        }
+        client_ctx = SSL_CTX_new(DTLS_client_method());
+        TEST_check(SSL_CTX_set_max_proto_version(client_ctx, DTLS_MAX_VERSION));
+        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
+            resume_server_ctx = SSL_CTX_new(DTLS_server_method());
+            TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx,
+                                                     DTLS_MAX_VERSION));
+            resume_client_ctx = SSL_CTX_new(DTLS_client_method());
+            TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx,
+                                                     DTLS_MAX_VERSION));
+            TEST_check(resume_server_ctx != NULL);
+            TEST_check(resume_client_ctx != NULL);
+        }
+    }
+#endif
+    if (test_ctx->method == SSL_TEST_METHOD_TLS) {
+        server_ctx = SSL_CTX_new(TLS_server_method());
+        TEST_check(SSL_CTX_set_max_proto_version(server_ctx, TLS_MAX_VERSION));
+        /* SNI on resumption isn't supported/tested yet. */
+        if (test_ctx->extra.server.servername_callback !=
+            SSL_TEST_SERVERNAME_CB_NONE) {
+            server2_ctx = SSL_CTX_new(TLS_server_method());
+            TEST_check(server2_ctx != NULL);
+        }
+        client_ctx = SSL_CTX_new(TLS_client_method());
+        TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION));
+
+        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
+            resume_server_ctx = SSL_CTX_new(TLS_server_method());
+            TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx,
+                                                     TLS_MAX_VERSION));
+            resume_client_ctx = SSL_CTX_new(TLS_client_method());
+            TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx,
+                                                     TLS_MAX_VERSION));
+            TEST_check(resume_server_ctx != NULL);
+            TEST_check(resume_client_ctx != NULL);
+        }
+    }
+
+    TEST_check(server_ctx != NULL);
+    TEST_check(client_ctx != NULL);
+
+    TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
+
+    if (!SSL_CTX_config(server_ctx, "server")
+        || !SSL_CTX_config(client_ctx, "client")) {
+        goto err;
+    }
+
+    if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
+        goto err;
+    if (resume_server_ctx != NULL
+        && !SSL_CTX_config(resume_server_ctx, "resume-server"))
+        goto err;
+    if (resume_client_ctx != NULL
+        && !SSL_CTX_config(resume_client_ctx, "resume-client"))
+        goto err;
+
+    result = do_handshake(server_ctx, server2_ctx, client_ctx,
+                          resume_server_ctx, resume_client_ctx, test_ctx);
+
+    ret = check_test(result, test_ctx);
+
+err:
+    CONF_modules_unload(0);
+    SSL_CTX_free(server_ctx);
+    SSL_CTX_free(server2_ctx);
+    SSL_CTX_free(client_ctx);
+    SSL_CTX_free(resume_server_ctx);
+    SSL_CTX_free(resume_client_ctx);
+    SSL_TEST_CTX_free(test_ctx);
+    if (ret != 1)
+        ERR_print_errors_fp(stderr);
+    HANDSHAKE_RESULT_free(result);
+    return ret;
+}
+
+static void tear_down(SSL_TEST_FIXTURE fixture)
+{
+}
+
+#define SETUP_SSL_TEST_FIXTURE()                        \
+    SETUP_TEST_FIXTURE(SSL_TEST_FIXTURE, set_up)
+#define EXECUTE_SSL_TEST()             \
+    EXECUTE_TEST(execute_test, tear_down)
+
+static int test_handshake(int idx)
+{
+    SETUP_SSL_TEST_FIXTURE();
+    BIO_snprintf(fixture.test_app, sizeof(fixture.test_app),
+                 "test-%d", idx);
+    EXECUTE_SSL_TEST();
+}
+
+int main(int argc, char **argv)
+{
+    int result = 0;
+    long num_tests;
+
+    if (argc != 2)
+        return 1;
+
+    conf = NCONF_new(NULL);
+    TEST_check(conf != NULL);
+
+    /* argv[1] should point to the test conf file */
+    TEST_check(NCONF_load(conf, argv[1], NULL) > 0);
+
+    TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests));
+
+    ADD_ALL_TESTS(test_handshake, (int)(num_tests));
+    result = run_tests(argv[0]);
+
+    return result;
+}
diff --git a/openssl-1.1.0h/test/ssl_test.tmpl b/openssl-1.1.0h/test/ssl_test.tmpl
new file mode 100644
index 0000000..9506837
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test.tmpl
@@ -0,0 +1,126 @@
+[{-$testname-}]
+ssl_conf = {-$testname-}-ssl
+
+[{-$testname-}-ssl]
+server = {-$testname-}-server
+client = {-$testname-}-client{-
+    # The following sections are optional.
+    $OUT = "";
+    if (%server2) {
+        $OUT .= "\nserver2 = $testname-server2";
+    } elsif ($reuse_server2) {
+        $OUT .= "\nserver2 = $testname-server";
+    }
+    if (%resume_server) {
+        $OUT .= "\nresume-server = $testname-resume-server";
+    } elsif ($reuse_resume_server) {
+        $OUT .= "\nresume-server = $testname-server";
+    }
+    if (%resume_client) {
+        $OUT .= "\nresume-client = $testname-resume-client";
+    } elsif ($reuse_resume_client) {
+        $OUT .= "\nresume-client = $testname-client";
+    }
+-}
+
+[{-$testname-}-server]
+{-
+    foreach my $key (sort keys %server) {
+        # Emitted in the test section.
+        next if ($key eq "extra");
+        $OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key};
+    }
+    if (%server2) {
+        $OUT .= "\n[$testname-server2]\n";
+        foreach my $key (sort keys %server2) {
+            next if ($key eq "extra");
+            $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
+        }
+    }
+    if (%resume_server) {
+        $OUT .= "\n[$testname-resume-server]\n";
+        foreach my $key (sort keys %resume_server) {
+            next if ($key eq "extra");
+            $OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key};
+        }
+    }
+-}
+[{-$testname-}-client]
+{-
+    foreach my $key (sort keys %client) {
+        next if ($key eq "extra");
+        $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
+    }
+    if (%resume_client) {
+        $OUT .= "\n[$testname-resume-client]\n";
+        foreach my $key (sort keys %resume_client) {
+	    next if ($key eq "extra");
+            $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key};
+        }
+    }
+-}
+[test-{-$idx-}]
+{-
+    foreach my $key (sort keys %test) {
+        $OUT .= qq{$key} ." = " . qq{$test{$key}\n} if defined $test{$key};
+    }
+
+    # The extra server/client configuration sections.
+    if ($server{"extra"}) {
+       $OUT .= "server = $testname-server-extra\n";
+    }
+    if (%server2 && $server2{"extra"}) {
+       $OUT .= "server2 = $testname-server2-extra\n";
+    } elsif ($reuse_server2 && $server{"extra"}) {
+       $OUT .= "server2 = $testname-server-extra\n";
+    }
+    if (%resume_server && $resume_server{"extra"}) {
+       $OUT .= "resume-server = $testname-resume-server-extra\n";
+    } elsif ($reuse_resume_server && $server{"extra"}) {
+       $OUT .= "resume-server = $testname-server-extra\n";
+    }
+    if ($client{"extra"}) {
+       $OUT .= "client = $testname-client-extra\n";
+    }
+    if (%resume_client && $resume_client{"extra"}) {
+       $OUT .= "resume-client = $testname-resume-client-extra\n";
+    } elsif ($reuse_resume_client && $client{"extra"}) {
+       $OUT .= "resume-client = $testname-client-extra\n";
+    }
+
+    if ($server{"extra"}) {
+        $OUT .= "\n[$testname-server-extra]\n";
+        foreach my $key (sort keys %{$server{"extra"}}) {
+            $OUT .= qq{$key} . " = " . qq{$server{"extra"}{$key}\n}
+	    	 if defined $server{"extra"}{$key};
+        }
+    }
+    if (%server2 && $server2{"extra"}) {
+        $OUT .= "\n[$testname-server2-extra]\n";
+        foreach my $key (sort keys %{$server2{"extra"}}) {
+            $OUT .= qq{$key} . " = " . qq{$server2{"extra"}{$key}\n}
+	    	 if defined $server2{"extra"}{$key};
+        }
+    }
+   if (%resume_server && $resume_server{"extra"}) {
+        $OUT .= "\n[$testname-resume-server-extra]\n";
+        foreach my $key (sort keys %{$resume_server{"extra"}}) {
+            $OUT .= qq{$key} . " = " . qq{$resume_server{"extra"}{$key}\n}
+	    	 if defined $resume_server{"extra"}{$key};
+        }
+    }
+   if ($client{"extra"}) {
+        $OUT .= "\n[$testname-client-extra]\n";
+        foreach my $key (sort keys %{$client{"extra"}}) {
+            $OUT .= qq{$key} . " = " . qq{$client{"extra"}{$key}\n}
+	    	 if defined $client{"extra"}{$key};
+        }
+   }
+   if (%resume_client && $resume_client{"extra"}) {
+        $OUT .= "\n[$testname-resume-client-extra]\n";
+        foreach my $key (sort keys %{$resume_client{"extra"}}) {
+            $OUT .= qq{$key} . " = " . qq{$resume_client{"extra"}{$key}\n}
+	    	 if defined $resume_client{"extra"}{$key};
+        }
+    }
+-}
diff --git a/openssl-1.1.0h/test/ssl_test_ctx.c b/openssl-1.1.0h/test/ssl_test_ctx.c
new file mode 100644
index 0000000..28ee5c7
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test_ctx.c
@@ -0,0 +1,662 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+#include "ssl_test_ctx.h"
+#include "testutil.h"
+
+static const int default_app_data_size = 256;
+/* Default set to be as small as possible to exercise fragmentation. */
+static const int default_max_fragment_size = 512;
+
+static int parse_boolean(const char *value, int *result)
+{
+    if (strcasecmp(value, "Yes") == 0) {
+        *result = 1;
+        return 1;
+    }
+    else if (strcasecmp(value, "No") == 0) {
+        *result = 0;
+        return 1;
+    }
+    return 0;
+}
+
+#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field)        \
+    static int parse_##name##_##field(struct_type *ctx, const char *value) \
+    {                                                                   \
+        return parse_boolean(value, &ctx->field);                       \
+    }
+
+#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field)      \
+    static int parse_##name##_##field(struct_type *ctx, const char *value) \
+    {                                                                   \
+        OPENSSL_free(ctx->field);                                       \
+        ctx->field = OPENSSL_strdup(value);                             \
+        TEST_check(ctx->field != NULL);                                 \
+        return 1;                                                       \
+    }
+
+#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field)        \
+    static int parse_##name##_##field(struct_type *ctx, const char *value) \
+    {                                                                   \
+        ctx->field = atoi(value);                                       \
+        return 1;                                                       \
+    }
+
+/* True enums and other test configuration values that map to an int. */
+typedef struct {
+    const char *name;
+    int value;
+} test_enum;
+
+
+__owur static int parse_enum(const test_enum *enums, size_t num_enums,
+                             int *value, const char *name)
+{
+    size_t i;
+    for (i = 0; i < num_enums; i++) {
+        if (strcmp(enums[i].name, name) == 0) {
+            *value = enums[i].value;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+static const char *enum_name(const test_enum *enums, size_t num_enums,
+                             int value)
+{
+    size_t i;
+    for (i = 0; i < num_enums; i++) {
+        if (enums[i].value == value) {
+            return enums[i].name;
+        }
+    }
+    return "InvalidValue";
+}
+
+
+/* ExpectedResult */
+
+static const test_enum ssl_test_results[] = {
+    {"Success", SSL_TEST_SUCCESS},
+    {"ServerFail", SSL_TEST_SERVER_FAIL},
+    {"ClientFail", SSL_TEST_CLIENT_FAIL},
+    {"InternalError", SSL_TEST_INTERNAL_ERROR},
+};
+
+__owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->expected_result = ret_value;
+    return 1;
+}
+
+const char *ssl_test_result_name(ssl_test_result_t result)
+{
+    return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
+}
+
+/* ExpectedClientAlert / ExpectedServerAlert */
+
+static const test_enum ssl_alerts[] = {
+    {"UnknownCA", SSL_AD_UNKNOWN_CA},
+    {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
+    {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
+    {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
+    {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
+};
+
+__owur static int parse_alert(int *alert, const char *value)
+{
+    return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
+}
+
+__owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    return parse_alert(&test_ctx->expected_client_alert, value);
+}
+
+__owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    return parse_alert(&test_ctx->expected_server_alert, value);
+}
+
+const char *ssl_alert_name(int alert)
+{
+    return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
+}
+
+/* ExpectedProtocol */
+
+static const test_enum ssl_protocols[] = {
+     {"TLSv1.2", TLS1_2_VERSION},
+     {"TLSv1.1", TLS1_1_VERSION},
+     {"TLSv1", TLS1_VERSION},
+     {"SSLv3", SSL3_VERSION},
+     {"DTLSv1", DTLS1_VERSION},
+     {"DTLSv1.2", DTLS1_2_VERSION},
+};
+
+__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
+                      &test_ctx->expected_protocol, value);
+}
+
+const char *ssl_protocol_name(int protocol)
+{
+    return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
+}
+
+/* VerifyCallback */
+
+static const test_enum ssl_verify_callbacks[] = {
+    {"None", SSL_TEST_VERIFY_NONE},
+    {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
+    {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
+};
+
+__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
+                                               const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
+                    &ret_value, value)) {
+        return 0;
+    }
+    client_conf->verify_callback = ret_value;
+    return 1;
+}
+
+const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
+{
+    return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
+                     callback);
+}
+
+/* ServerName */
+
+static const test_enum ssl_servername[] = {
+    {"None", SSL_TEST_SERVERNAME_NONE},
+    {"server1", SSL_TEST_SERVERNAME_SERVER1},
+    {"server2", SSL_TEST_SERVERNAME_SERVER2},
+    {"invalid", SSL_TEST_SERVERNAME_INVALID},
+};
+
+__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
+                                   const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
+                    &ret_value, value)) {
+        return 0;
+    }
+    client_conf->servername = ret_value;
+    return 1;
+}
+
+__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
+                                            const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->expected_servername = ret_value;
+    return 1;
+}
+
+const char *ssl_servername_name(ssl_servername_t server)
+{
+    return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
+                     server);
+}
+
+/* ServerNameCallback */
+
+static const test_enum ssl_servername_callbacks[] = {
+    {"None", SSL_TEST_SERVERNAME_CB_NONE},
+    {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
+    {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
+};
+
+__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
+                                            const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_servername_callbacks,
+                    OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
+        return 0;
+    }
+    server_conf->servername_callback = ret_value;
+    return 1;
+}
+
+const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
+{
+    return enum_name(ssl_servername_callbacks,
+                     OSSL_NELEM(ssl_servername_callbacks), callback);
+}
+
+/* SessionTicketExpected */
+
+static const test_enum ssl_session_ticket[] = {
+    {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
+    {"Yes", SSL_TEST_SESSION_TICKET_YES},
+    {"No", SSL_TEST_SESSION_TICKET_NO},
+};
+
+__owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->session_ticket_expected = ret_value;
+    return 1;
+}
+
+const char *ssl_session_ticket_name(ssl_session_ticket_t server)
+{
+    return enum_name(ssl_session_ticket,
+                     OSSL_NELEM(ssl_session_ticket),
+                     server);
+}
+
+/* Method */
+
+static const test_enum ssl_test_methods[] = {
+    {"TLS", SSL_TEST_METHOD_TLS},
+    {"DTLS", SSL_TEST_METHOD_DTLS},
+};
+
+__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->method = ret_value;
+    return 1;
+}
+
+const char *ssl_test_method_name(ssl_test_method_t method)
+{
+    return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
+}
+
+/* NPN and ALPN options */
+
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
+
+/* Handshake mode */
+
+static const test_enum ssl_handshake_modes[] = {
+    {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
+    {"Resume", SSL_TEST_HANDSHAKE_RESUME},
+    {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
+    {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
+};
+
+__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->handshake_mode = ret_value;
+    return 1;
+}
+
+const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
+{
+    return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
+                     mode);
+}
+
+/* Renegotiation Ciphersuites */
+
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
+
+/* CT Validation */
+
+static const test_enum ssl_ct_validation_modes[] = {
+    {"None", SSL_TEST_CT_VALIDATION_NONE},
+    {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
+    {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
+};
+
+__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
+                                      const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
+                    &ret_value, value)) {
+        return 0;
+    }
+    client_conf->ct_validation = ret_value;
+    return 1;
+}
+
+const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
+{
+    return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
+                     mode);
+}
+
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
+
+/* CertStatus */
+
+static const test_enum ssl_certstatus[] = {
+    {"None", SSL_TEST_CERT_STATUS_NONE},
+    {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
+    {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
+};
+
+__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
+                                            const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
+                    value)) {
+        return 0;
+    }
+    server_conf->cert_status = ret_value;
+    return 1;
+}
+
+const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
+{
+    return enum_name(ssl_certstatus,
+                     OSSL_NELEM(ssl_certstatus), cert_status);
+}
+
+/* ApplicationData */
+
+IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
+
+
+/* MaxFragmentSize */
+
+IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
+
+
+/* ExpectedTmpKeyType */
+
+__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
+                                              const char *value)
+{
+    int nid;
+
+    if (value == NULL)
+        return 0;
+    nid = OBJ_sn2nid(value);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(value);
+#ifndef OPENSSL_NO_EC
+    if (nid == NID_undef)
+        nid = EC_curve_nist2nid(value);
+#endif
+    if (nid == NID_undef)
+        return 0;
+    test_ctx->expected_tmp_key_type = nid;
+    return 1;
+}
+
+/* Known test options and their corresponding parse methods. */
+
+/* Top-level options. */
+typedef struct {
+    const char *name;
+    int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
+} ssl_test_ctx_option;
+
+static const ssl_test_ctx_option ssl_test_ctx_options[] = {
+    { "ExpectedResult", &parse_expected_result },
+    { "ExpectedClientAlert", &parse_client_alert },
+    { "ExpectedServerAlert", &parse_server_alert },
+    { "ExpectedProtocol", &parse_protocol },
+    { "ExpectedServerName", &parse_expected_servername },
+    { "SessionTicketExpected", &parse_session_ticket },
+    { "Method", &parse_test_method },
+    { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
+    { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
+    { "HandshakeMode", &parse_handshake_mode },
+    { "ResumptionExpected", &parse_test_resumption_expected },
+    { "ApplicationData", &parse_test_app_data_size },
+    { "MaxFragmentSize", &parse_test_max_fragment_size },
+    { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
+};
+
+/* Nested client options. */
+typedef struct {
+    const char *name;
+    int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
+} ssl_test_client_option;
+
+static const ssl_test_client_option ssl_test_client_options[] = {
+    { "VerifyCallback", &parse_client_verify_callback },
+    { "ServerName", &parse_servername },
+    { "NPNProtocols", &parse_client_npn_protocols },
+    { "ALPNProtocols", &parse_client_alpn_protocols },
+    { "CTValidation", &parse_ct_validation },
+    { "RenegotiateCiphers", &parse_client_reneg_ciphers},
+};
+
+/* Nested server options. */
+typedef struct {
+    const char *name;
+    int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
+} ssl_test_server_option;
+
+static const ssl_test_server_option ssl_test_server_options[] = {
+    { "ServerNameCallback", &parse_servername_callback },
+    { "NPNProtocols", &parse_server_npn_protocols },
+    { "ALPNProtocols", &parse_server_alpn_protocols },
+    { "BrokenSessionTicket", &parse_server_broken_session_ticket },
+    { "CertStatus", &parse_certstatus },
+};
+
+/*
+ * Since these methods are used to create tests, we use TEST_check liberally
+ * for malloc failures and other internal errors.
+ */
+SSL_TEST_CTX *SSL_TEST_CTX_new()
+{
+    SSL_TEST_CTX *ret;
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    TEST_check(ret != NULL);
+    ret->app_data_size = default_app_data_size;
+    ret->max_fragment_size = default_max_fragment_size;
+    return ret;
+}
+
+static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
+{
+    OPENSSL_free(conf->client.npn_protocols);
+    OPENSSL_free(conf->server.npn_protocols);
+    OPENSSL_free(conf->server2.npn_protocols);
+    OPENSSL_free(conf->client.alpn_protocols);
+    OPENSSL_free(conf->server.alpn_protocols);
+    OPENSSL_free(conf->server2.alpn_protocols);
+    OPENSSL_free(conf->client.reneg_ciphers);
+}
+
+static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
+{
+    ssl_test_extra_conf_free_data(&ctx->extra);
+    ssl_test_extra_conf_free_data(&ctx->resume_extra);
+}
+
+void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
+{
+    ssl_test_ctx_free_extra_data(ctx);
+    OPENSSL_free(ctx->expected_npn_protocol);
+    OPENSSL_free(ctx->expected_alpn_protocol);
+    OPENSSL_free(ctx);
+}
+
+static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
+                                const char *client_section)
+{
+    STACK_OF(CONF_VALUE) *sk_conf;
+    int i;
+    size_t j;
+
+    sk_conf = NCONF_get_section(conf, client_section);
+    TEST_check(sk_conf != NULL);
+
+    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
+        int found = 0;
+        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
+        for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
+            if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
+                if (!ssl_test_client_options[j].parse(client, option->value)) {
+                    fprintf(stderr, "Bad value %s for option %s\n",
+                            option->value, option->name);
+                    return 0;
+                }
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            fprintf(stderr, "Unknown test option: %s\n", option->name);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
+                                const char *server_section)
+{
+    STACK_OF(CONF_VALUE) *sk_conf;
+    int i;
+    size_t j;
+
+    sk_conf = NCONF_get_section(conf, server_section);
+    TEST_check(sk_conf != NULL);
+
+    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
+        int found = 0;
+        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
+        for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
+            if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
+                if (!ssl_test_server_options[j].parse(server, option->value)) {
+                    fprintf(stderr, "Bad value %s for option %s\n",
+                            option->value, option->name);
+                    return 0;
+                }
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            fprintf(stderr, "Unknown test option: %s\n", option->name);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
+{
+    STACK_OF(CONF_VALUE) *sk_conf;
+    SSL_TEST_CTX *ctx;
+    int i;
+    size_t j;
+
+    sk_conf = NCONF_get_section(conf, test_section);
+    TEST_check(sk_conf != NULL);
+
+    ctx = SSL_TEST_CTX_new();
+    TEST_check(ctx != NULL);
+
+    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
+        int found = 0;
+        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
+
+        /* Subsections */
+        if (strcmp(option->name, "client") == 0) {
+            if (!parse_client_options(&ctx->extra.client, conf,
+                                      option->value))
+                goto err;
+        } else if (strcmp(option->name, "server") == 0) {
+            if (!parse_server_options(&ctx->extra.server, conf,
+                                      option->value))
+                goto err;
+        } else if (strcmp(option->name, "server2") == 0) {
+            if (!parse_server_options(&ctx->extra.server2, conf,
+                                      option->value))
+                goto err;
+        } else if (strcmp(option->name, "resume-client") == 0) {
+            if (!parse_client_options(&ctx->resume_extra.client, conf,
+                                      option->value))
+                goto err;
+        } else if (strcmp(option->name, "resume-server") == 0) {
+            if (!parse_server_options(&ctx->resume_extra.server, conf,
+                                      option->value))
+                goto err;
+        } else if (strcmp(option->name, "resume-server2") == 0) {
+            if (!parse_server_options(&ctx->resume_extra.server2, conf,
+                                      option->value))
+                goto err;
+
+        } else {
+            for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
+                if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
+                    if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
+                        fprintf(stderr, "Bad value %s for option %s\n",
+                                option->value, option->name);
+                        goto err;
+                    }
+                    found = 1;
+                    break;
+                }
+            }
+            if (!found) {
+                fprintf(stderr, "Unknown test option: %s\n", option->name);
+                goto err;
+            }
+        }
+    }
+
+    goto done;
+
+ err:
+    SSL_TEST_CTX_free(ctx);
+    ctx = NULL;
+ done:
+    return ctx;
+}
diff --git a/openssl-1.1.0h/test/ssl_test_ctx.h b/openssl-1.1.0h/test/ssl_test_ctx.h
new file mode 100644
index 0000000..28a4566
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test_ctx.h
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_TEST_CTX_H
+#define HEADER_SSL_TEST_CTX_H
+
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+
+typedef enum {
+    SSL_TEST_SUCCESS = 0,  /* Default */
+    SSL_TEST_SERVER_FAIL,
+    SSL_TEST_CLIENT_FAIL,
+    SSL_TEST_INTERNAL_ERROR,
+    /* Couldn't test resumption/renegotiation: original handshake failed. */
+    SSL_TEST_FIRST_HANDSHAKE_FAILED
+} ssl_test_result_t;
+
+typedef enum {
+    SSL_TEST_VERIFY_NONE = 0, /* Default */
+    SSL_TEST_VERIFY_ACCEPT_ALL,
+    SSL_TEST_VERIFY_REJECT_ALL
+} ssl_verify_callback_t;
+
+typedef enum {
+    SSL_TEST_SERVERNAME_NONE = 0, /* Default */
+    SSL_TEST_SERVERNAME_SERVER1,
+    SSL_TEST_SERVERNAME_SERVER2,
+    SSL_TEST_SERVERNAME_INVALID
+} ssl_servername_t;
+
+typedef enum {
+    SSL_TEST_SERVERNAME_CB_NONE = 0,  /* Default */
+    SSL_TEST_SERVERNAME_IGNORE_MISMATCH,
+    SSL_TEST_SERVERNAME_REJECT_MISMATCH
+} ssl_servername_callback_t;
+
+typedef enum {
+    SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
+    SSL_TEST_SESSION_TICKET_YES,
+    SSL_TEST_SESSION_TICKET_NO,
+    SSL_TEST_SESSION_TICKET_BROKEN /* Special test */
+} ssl_session_ticket_t;
+
+typedef enum {
+    SSL_TEST_METHOD_TLS = 0, /* Default */
+    SSL_TEST_METHOD_DTLS
+} ssl_test_method_t;
+
+typedef enum {
+    SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */
+    SSL_TEST_HANDSHAKE_RESUME,
+    SSL_TEST_HANDSHAKE_RENEG_SERVER,
+    SSL_TEST_HANDSHAKE_RENEG_CLIENT
+} ssl_handshake_mode_t;
+
+typedef enum {
+    SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */
+    SSL_TEST_CT_VALIDATION_PERMISSIVE,
+    SSL_TEST_CT_VALIDATION_STRICT
+} ssl_ct_validation_t;
+
+typedef enum {
+    SSL_TEST_CERT_STATUS_NONE = 0, /* Default */
+    SSL_TEST_CERT_STATUS_GOOD_RESPONSE,
+    SSL_TEST_CERT_STATUS_BAD_RESPONSE
+} ssl_cert_status_t;
+/*
+ * Server/client settings that aren't supported by the SSL CONF library,
+ * such as callbacks.
+ */
+typedef struct {
+    /* One of a number of predefined custom callbacks. */
+    ssl_verify_callback_t verify_callback;
+    /* One of a number of predefined server names use by the client */
+    ssl_servername_t servername;
+    /* Supported NPN and ALPN protocols. A comma-separated list. */
+    char *npn_protocols;
+    char *alpn_protocols;
+    ssl_ct_validation_t ct_validation;
+    /* Ciphersuites to set on a renegotiation */
+    char *reneg_ciphers;
+} SSL_TEST_CLIENT_CONF;
+
+typedef struct {
+    /* SNI callback (server-side). */
+    ssl_servername_callback_t servername_callback;
+    /* Supported NPN and ALPN protocols. A comma-separated list. */
+    char *npn_protocols;
+    char *alpn_protocols;
+    /* Whether to set a broken session ticket callback. */
+    int broken_session_ticket;
+    /* Should we send a CertStatus message? */
+    ssl_cert_status_t cert_status;
+} SSL_TEST_SERVER_CONF;
+
+typedef struct {
+    SSL_TEST_CLIENT_CONF client;
+    SSL_TEST_SERVER_CONF server;
+    SSL_TEST_SERVER_CONF server2;
+} SSL_TEST_EXTRA_CONF;
+
+typedef struct {
+    /*
+     * Global test configuration. Does not change between handshakes.
+     */
+    /* Whether the server/client CTX should use DTLS or TLS. */
+    ssl_test_method_t method;
+    /* Whether to test a resumed/renegotiated handshake. */
+    ssl_handshake_mode_t handshake_mode;
+    /*
+     * How much application data to exchange (default is 256 bytes).
+     * Both peers will send |app_data_size| bytes interleaved.
+     */
+    int app_data_size;
+    /* Maximum send fragment size. */
+    int max_fragment_size;
+
+    /*
+     * Extra server/client configurations. Per-handshake.
+     */
+    /* First handshake. */
+    SSL_TEST_EXTRA_CONF extra;
+    /* Resumed handshake. */
+    SSL_TEST_EXTRA_CONF resume_extra;
+
+    /*
+     * Test expectations. These apply to the LAST handshake.
+     */
+    /* Defaults to SUCCESS. */
+    ssl_test_result_t expected_result;
+    /* Alerts. 0 if no expectation. */
+    /* See ssl.h for alert codes. */
+    /* Alert sent by the client / received by the server. */
+    int expected_client_alert;
+    /* Alert sent by the server / received by the client. */
+    int expected_server_alert;
+    /* Negotiated protocol version. 0 if no expectation. */
+    /* See ssl.h for protocol versions. */
+    int expected_protocol;
+    /*
+     * The expected SNI context to use.
+     * We test server-side that the server switched to the expected context.
+     * Set by the callback upon success, so if the callback wasn't called or
+     * terminated with an alert, the servername will match with
+     * SSL_TEST_SERVERNAME_NONE.
+     * Note: in the event that the servername was accepted, the client should
+     * also receive an empty SNI extension back but we have no way of probing
+     * client-side via the API that this was the case.
+     */
+    ssl_servername_t expected_servername;
+    ssl_session_ticket_t session_ticket_expected;
+    /* The expected NPN/ALPN protocol to negotiate. */
+    char *expected_npn_protocol;
+    char *expected_alpn_protocol;
+    /* Whether the second handshake is resumed or a full handshake (boolean). */
+    int resumption_expected;
+    /* Expected temporary key type */
+    int expected_tmp_key_type;
+} SSL_TEST_CTX;
+
+const char *ssl_test_result_name(ssl_test_result_t result);
+const char *ssl_alert_name(int alert);
+const char *ssl_protocol_name(int protocol);
+const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
+const char *ssl_servername_name(ssl_servername_t server);
+const char *ssl_servername_callback_name(ssl_servername_callback_t
+                                         servername_callback);
+const char *ssl_session_ticket_name(ssl_session_ticket_t server);
+const char *ssl_test_method_name(ssl_test_method_t method);
+const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode);
+const char *ssl_ct_validation_name(ssl_ct_validation_t mode);
+const char *ssl_certstatus_name(ssl_cert_status_t cert_status);
+
+/*
+ * Load the test case context from |conf|.
+ * See test/README.ssltest.md for details on the conf file format.
+ */
+SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section);
+
+SSL_TEST_CTX *SSL_TEST_CTX_new(void);
+
+void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx);
+
+#endif  /* HEADER_SSL_TEST_CTX_H */
diff --git a/openssl-1.1.0h/test/ssl_test_ctx_test.c b/openssl-1.1.0h/test/ssl_test_ctx_test.c
new file mode 100644
index 0000000..0f321c6
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test_ctx_test.c
@@ -0,0 +1,338 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Ideally, CONF should offer standard parsing methods and cover them
+ * in tests. But since we have no CONF tests, we use a custom test for now.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+#include "ssl_test_ctx.h"
+#include "testutil.h"
+#include <openssl/e_os2.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+
+static CONF *conf = NULL;
+
+typedef struct ssl_test_ctx_test_fixture {
+    const char *test_case_name;
+    const char *test_section;
+    /* Expected parsed configuration. */
+    SSL_TEST_CTX *expected_ctx;
+} SSL_TEST_CTX_TEST_FIXTURE;
+
+
+static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client,
+                                      SSL_TEST_CLIENT_CONF *client2)
+{
+    if (client->verify_callback != client2->verify_callback) {
+        fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
+                ssl_verify_callback_name(client->verify_callback),
+                ssl_verify_callback_name(client2->verify_callback));
+        return 0;
+    }
+    if (client->servername != client2->servername) {
+        fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
+                ssl_servername_name(client->servername),
+                ssl_servername_name(client2->servername));
+        return 0;
+    }
+    if (!strings_equal("Client NPNProtocols", client->npn_protocols,
+                       client2->npn_protocols))
+        return 0;
+    if (!strings_equal("Client ALPNProtocols", client->alpn_protocols,
+                       client2->alpn_protocols))
+        return 0;
+    if (client->ct_validation != client2->ct_validation) {
+        fprintf(stderr, "CTValidation mismatch: %s vs %s.\n",
+                ssl_ct_validation_name(client->ct_validation),
+                ssl_ct_validation_name(client2->ct_validation));
+        return 0;
+    }
+    return 1;
+}
+
+static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server,
+                                      SSL_TEST_SERVER_CONF *server2)
+{
+    if (server->servername_callback != server2->servername_callback) {
+        fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
+                ssl_servername_callback_name(server->servername_callback),
+                ssl_servername_callback_name(server2->servername_callback));
+        return 0;
+    }
+    if (!strings_equal("Server NPNProtocols", server->npn_protocols,
+                       server2->npn_protocols))
+        return 0;
+    if (!strings_equal("Server ALPNProtocols", server->alpn_protocols,
+                       server2->alpn_protocols))
+        return 0;
+    if (server->broken_session_ticket != server2->broken_session_ticket) {
+        fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n",
+                server->broken_session_ticket, server2->broken_session_ticket);
+        return 0;
+    }
+    if (server->cert_status != server2->cert_status) {
+        fprintf(stderr, "CertStatus mismatch: %s vs %s.\n",
+                ssl_certstatus_name(server->cert_status),
+                ssl_certstatus_name(server2->cert_status));
+        return 0;
+    }
+    return 1;
+}
+
+static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra,
+                                     SSL_TEST_EXTRA_CONF *extra2)
+{
+    return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client)
+        && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server)
+        && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2);
+}
+
+/* Returns 1 if the contexts are equal, 0 otherwise. */
+static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
+{
+    if (ctx->method != ctx2->method) {
+        fprintf(stderr, "Method mismatch: %s vs %s.\n",
+                ssl_test_method_name(ctx->method),
+                ssl_test_method_name(ctx2->method));
+        return 0;
+    }
+    if (ctx->handshake_mode != ctx2->handshake_mode) {
+        fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
+                ssl_handshake_mode_name(ctx->handshake_mode),
+                ssl_handshake_mode_name(ctx2->handshake_mode));
+        return 0;
+    }
+    if (ctx->app_data_size != ctx2->app_data_size) {
+        fprintf(stderr, "ApplicationData mismatch: %d vs %d.\n",
+                ctx->app_data_size, ctx2->app_data_size);
+        return 0;
+    }
+
+    if (ctx->max_fragment_size != ctx2->max_fragment_size) {
+        fprintf(stderr, "MaxFragmentSize mismatch: %d vs %d.\n",
+                ctx->max_fragment_size, ctx2->max_fragment_size);
+        return 0;
+    }
+
+    if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) {
+        fprintf(stderr, "Extra conf mismatch.\n");
+        return 0;
+    }
+    if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) {
+        fprintf(stderr, "Resume extra conf mismatch.\n");
+        return 0;
+    }
+
+    if (ctx->expected_result != ctx2->expected_result) {
+        fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
+                ssl_test_result_name(ctx->expected_result),
+                ssl_test_result_name(ctx2->expected_result));
+        return 0;
+    }
+    if (ctx->expected_client_alert != ctx2->expected_client_alert) {
+        fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
+                ssl_alert_name(ctx->expected_client_alert),
+                ssl_alert_name(ctx2->expected_client_alert));
+        return 0;
+    }
+    if (ctx->expected_server_alert != ctx2->expected_server_alert) {
+        fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n",
+                ssl_alert_name(ctx->expected_server_alert),
+                ssl_alert_name(ctx2->expected_server_alert));
+        return 0;
+    }
+    if (ctx->expected_protocol != ctx2->expected_protocol) {
+        fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
+                ssl_protocol_name(ctx->expected_protocol),
+                ssl_protocol_name(ctx2->expected_protocol));
+        return 0;
+    }
+    if (ctx->expected_servername != ctx2->expected_servername) {
+        fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n",
+                ssl_servername_name(ctx->expected_servername),
+                ssl_servername_name(ctx2->expected_servername));
+        return 0;
+    }
+    if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
+        fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
+                ssl_session_ticket_name(ctx->session_ticket_expected),
+                ssl_session_ticket_name(ctx2->session_ticket_expected));
+        return 0;
+    }
+    if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
+                       ctx2->expected_npn_protocol))
+        return 0;
+    if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
+                       ctx2->expected_alpn_protocol))
+        return 0;
+    if (ctx->resumption_expected != ctx2->resumption_expected) {
+        fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
+                ctx->resumption_expected, ctx2->resumption_expected);
+        return 0;
+    }
+    return 1;
+}
+
+static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name)
+{
+    SSL_TEST_CTX_TEST_FIXTURE fixture;
+    fixture.test_case_name = test_case_name;
+    fixture.expected_ctx = SSL_TEST_CTX_new();
+    TEST_check(fixture.expected_ctx != NULL);
+    return fixture;
+}
+
+static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
+{
+    int success = 0;
+
+    SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);
+
+    if (ctx == NULL) {
+        fprintf(stderr, "Failed to parse good configuration %s.\n",
+                fixture.test_section);
+        goto err;
+    }
+
+    if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx))
+        goto err;
+
+    success = 1;
+ err:
+    SSL_TEST_CTX_free(ctx);
+    return success;
+}
+
+static int execute_failure_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
+{
+    SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);
+
+    if (ctx != NULL) {
+        fprintf(stderr, "Parsing bad configuration %s succeeded.\n",
+                fixture.test_section);
+        SSL_TEST_CTX_free(ctx);
+        return 0;
+    }
+
+    return 1;
+}
+
+static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture)
+{
+    SSL_TEST_CTX_free(fixture.expected_ctx);
+    ERR_print_errors_fp(stderr);
+}
+
+#define SETUP_SSL_TEST_CTX_TEST_FIXTURE()                       \
+    SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up)
+#define EXECUTE_SSL_TEST_CTX_TEST()             \
+    EXECUTE_TEST(execute_test, tear_down)
+#define EXECUTE_SSL_TEST_CTX_FAILURE_TEST()             \
+    EXECUTE_TEST(execute_failure_test, tear_down)
+
+static int test_empty_configuration()
+{
+    SETUP_SSL_TEST_CTX_TEST_FIXTURE();
+    fixture.test_section = "ssltest_default";
+    fixture.expected_ctx->expected_result = SSL_TEST_SUCCESS;
+    EXECUTE_SSL_TEST_CTX_TEST();
+}
+
+static int test_good_configuration()
+{
+    SETUP_SSL_TEST_CTX_TEST_FIXTURE();
+    fixture.test_section = "ssltest_good";
+    fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
+    fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
+    fixture.expected_ctx->app_data_size = 1024;
+    fixture.expected_ctx->max_fragment_size = 2048;
+
+    fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL;
+    fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA;
+    fixture.expected_ctx->expected_server_alert = 0;  /* No alert. */
+    fixture.expected_ctx->expected_protocol = TLS1_1_VERSION;
+    fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
+    fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
+    fixture.expected_ctx->resumption_expected = 1;
+
+    fixture.expected_ctx->extra.client.verify_callback =
+        SSL_TEST_VERIFY_REJECT_ALL;
+    fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
+    fixture.expected_ctx->extra.client.npn_protocols =
+        OPENSSL_strdup("foo,bar");
+    TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL);
+
+    fixture.expected_ctx->extra.server.servername_callback =
+        SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
+    fixture.expected_ctx->extra.server.broken_session_ticket = 1;
+
+    fixture.expected_ctx->resume_extra.server2.alpn_protocols =
+        OPENSSL_strdup("baz");
+    TEST_check(
+        fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL);
+
+    fixture.expected_ctx->resume_extra.client.ct_validation =
+        SSL_TEST_CT_VALIDATION_STRICT;
+
+    EXECUTE_SSL_TEST_CTX_TEST();
+}
+
+static const char *bad_configurations[] = {
+    "ssltest_unknown_option",
+    "ssltest_wrong_section",
+    "ssltest_unknown_expected_result",
+    "ssltest_unknown_alert",
+    "ssltest_unknown_protocol",
+    "ssltest_unknown_verify_callback",
+    "ssltest_unknown_servername",
+    "ssltest_unknown_servername_callback",
+    "ssltest_unknown_session_ticket_expected",
+    "ssltest_unknown_method",
+    "ssltest_unknown_handshake_mode",
+    "ssltest_unknown_resumption_expected",
+    "ssltest_unknown_ct_validation",
+};
+
+static int test_bad_configuration(int idx)
+{
+        SETUP_SSL_TEST_CTX_TEST_FIXTURE();
+        fixture.test_section = bad_configurations[idx];
+        EXECUTE_SSL_TEST_CTX_FAILURE_TEST();
+}
+
+int main(int argc, char **argv)
+{
+    int result = 0;
+
+    if (argc != 2)
+        return 1;
+
+    conf = NCONF_new(NULL);
+    TEST_check(conf != NULL);
+
+    /* argv[1] should point to test/ssl_test_ctx_test.conf */
+    TEST_check(NCONF_load(conf, argv[1], NULL) > 0);
+
+    ADD_TEST(test_empty_configuration);
+    ADD_TEST(test_good_configuration);
+    ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations));
+
+    result = run_tests(argv[0]);
+
+    NCONF_free(conf);
+
+    return result;
+}
diff --git a/openssl-1.1.0h/test/ssl_test_ctx_test.conf b/openssl-1.1.0h/test/ssl_test_ctx_test.conf
new file mode 100644
index 0000000..a062d75
--- /dev/null
+++ b/openssl-1.1.0h/test/ssl_test_ctx_test.conf
@@ -0,0 +1,88 @@
+[ssltest_default]
+
+[ssltest_good]
+client = ssltest_good_client_extra
+server = ssltest_good_server_extra
+resume-server2 = ssltest_good_resume_server2_extra
+resume-client = ssltest_good_resume_client_extra
+
+Method = DTLS
+HandshakeMode = Resume
+ApplicationData = 1024
+MaxFragmentSize = 2048
+
+ExpectedResult = ServerFail
+ExpectedClientAlert = UnknownCA
+ExpectedProtocol = TLSv1.1
+ExpectedServerName = server2
+SessionTicketExpected = Yes
+ResumptionExpected = Yes
+
+[ssltest_good_client_extra]
+VerifyCallback = RejectAll
+ServerName = server2
+NPNProtocols = foo,bar
+
+[ssltest_good_resume_client_extra]
+CTValidation = Strict
+
+[ssltest_good_server_extra]
+ServerNameCallback = IgnoreMismatch
+BrokenSessionTicket = Yes
+
+[ssltest_good_resume_server2_extra]
+ALPNProtocols = baz
+
+[ssltest_unknown_option]
+UnknownOption = Foo
+
+[ssltest_wrong_section]
+server = ssltest_wrong_section_server
+
+[ssltest_wrong_section_server]
+VerifyCallback = RejectAll
+
+[ssltest_unknown_expected_result]
+ExpectedResult = Foo
+
+[ssltest_unknown_alert]
+ExpectedServerAlert = Foo
+
+[ssltest_unknown_protocol]
+Protocol = Foo
+
+[ssltest_unknown_verify_callback]
+client = ssltest_unknown_verify_callback_client
+
+[ssltest_unknown_verify_callback_client]
+VerifyCallback = Foo
+
+[ssltest_unknown_servername]
+client = ssltest_unknown_servername_client
+
+[ssltest_unknown_servername_client]
+ServerName = Foo
+
+[ssltest_unknown_servername_callback]
+server = ssltest_unknown_servername_server
+
+[ssltest_unknown_servername_server]
+ServerNameCallback = Foo
+
+[ssltest_unknown_session_ticket_expected]
+SessionTicketExpected = Foo
+
+[ssltest_unknown_method]
+Method = TLS2
+
+[ssltest_unknown_handshake_mode]
+HandshakeMode = Foo
+
+[ssltest_unknown_resumption_expected]
+ResumptionExpected = Foo
+
+[ssltest_unknown_ct_validation]
+client = ssltest_unknown_ct_validation_client
+
+[ssltest_unknown_ct_validation_client]
+CTCallback = Foo
diff --git a/openssl-1.1.0h/test/sslapitest.c b/openssl-1.1.0h/test/sslapitest.c
new file mode 100644
index 0000000..77e8f2e
--- /dev/null
+++ b/openssl-1.1.0h/test/sslapitest.c
@@ -0,0 +1,1262 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/ocsp.h>
+
+#include "ssltestlib.h"
+#include "testutil.h"
+#include "e_os.h"
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+#ifndef OPENSSL_NO_OCSP
+static const unsigned char orespder[] = "Dummy OCSP Response";
+static int ocsp_server_called = 0;
+static int ocsp_client_called = 0;
+
+static int cdummyarg = 1;
+static X509 *ocspcert = NULL;
+#endif
+
+#define NUM_EXTRA_CERTS 40
+
+static int execute_test_large_message(const SSL_METHOD *smeth,
+                                      const SSL_METHOD *cmeth,
+                                      int min_version, int max_version,
+                                      int read_ahead)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    int i;
+    BIO *certbio = BIO_new_file(cert, "r");
+    X509 *chaincert = NULL;
+    int certlen;
+
+    if (certbio == NULL) {
+        printf("Can't load the certificate file\n");
+        goto end;
+    }
+    chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+    BIO_free(certbio);
+    certbio = NULL;
+    if (chaincert == NULL) {
+        printf("Unable to load certificate for chain\n");
+        goto end;
+    }
+
+    if (!create_ssl_ctx_pair(smeth, cmeth, min_version, max_version, &sctx,
+                             &cctx, cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        goto end;
+    }
+
+    if(read_ahead) {
+        /*
+         * Test that read_ahead works correctly when dealing with large
+         * records
+         */
+        SSL_CTX_set_read_ahead(cctx, 1);
+    }
+
+    /*
+     * We assume the supplied certificate is big enough so that if we add
+     * NUM_EXTRA_CERTS it will make the overall message large enough. The
+     * default buffer size is requested to be 16k, but due to the way BUF_MEM
+     * works, it ends up allocating a little over 21k (16 * 4/3). So, in this test
+     * we need to have a message larger than that.
+     */
+    certlen = i2d_X509(chaincert, NULL);
+    OPENSSL_assert((certlen * NUM_EXTRA_CERTS)
+                   > ((SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3));
+    for (i = 0; i < NUM_EXTRA_CERTS; i++) {
+        if (!X509_up_ref(chaincert)) {
+            printf("Unable to up ref cert\n");
+            goto end;
+        }
+        if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
+            printf("Unable to add extra chain cert %d\n", i);
+            X509_free(chaincert);
+            goto end;
+        }
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    if (!create_ssl_connection(serverssl, clientssl)) {
+        printf("Unable to create SSL connection\n");
+        goto end;
+    }
+
+    /*
+     * Calling SSL_clear() first is not required but this tests that SSL_clear()
+     * doesn't leak (when using enable-crypto-mdebug).
+     */
+    if (!SSL_clear(serverssl)) {
+        printf("Unexpected failure from SSL_clear()\n");
+        goto end;
+    }
+
+    testresult = 1;
+ end:
+    X509_free(chaincert);
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+static int test_large_message_tls(void)
+{
+    return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+                                      TLS1_VERSION, TLS_MAX_VERSION,
+                                      0);
+}
+
+static int test_large_message_tls_read_ahead(void)
+{
+    return execute_test_large_message(TLS_server_method(), TLS_client_method(),
+                                      TLS1_VERSION, TLS_MAX_VERSION,
+                                      1);
+}
+
+#ifndef OPENSSL_NO_DTLS
+static int test_large_message_dtls(void)
+{
+    /*
+     * read_ahead is not relevant to DTLS because DTLS always acts as if
+     * read_ahead is set.
+     */
+    return execute_test_large_message(DTLS_server_method(),
+                                      DTLS_client_method(),
+                                      DTLS1_VERSION, DTLS_MAX_VERSION,
+                                      0);
+}
+#endif
+
+#ifndef OPENSSL_NO_OCSP
+static int ocsp_server_cb(SSL *s, void *arg)
+{
+    int *argi = (int *)arg;
+    unsigned char *orespdercopy = NULL;
+    STACK_OF(OCSP_RESPID) *ids = NULL;
+    OCSP_RESPID *id = NULL;
+
+    if (*argi == 2) {
+        /* In this test we are expecting exactly 1 OCSP_RESPID */
+        SSL_get_tlsext_status_ids(s, &ids);
+        if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
+            return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+        id = sk_OCSP_RESPID_value(ids, 0);
+        if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
+            return SSL_TLSEXT_ERR_ALERT_FATAL;
+    } else if (*argi != 1) {
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    }
+
+
+    orespdercopy = OPENSSL_memdup(orespder, sizeof(orespder));
+    if (orespdercopy == NULL)
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+    SSL_set_tlsext_status_ocsp_resp(s, orespdercopy, sizeof(orespder));
+
+    ocsp_server_called = 1;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int ocsp_client_cb(SSL *s, void *arg)
+{
+    int *argi = (int *)arg;
+    const unsigned char *respderin;
+    size_t len;
+
+    if (*argi != 1 && *argi != 2)
+        return 0;
+
+    len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
+
+    if (memcmp(orespder, respderin, len) != 0)
+        return 0;
+
+    ocsp_client_called = 1;
+
+    return 1;
+}
+
+static int test_tlsext_status_type(void)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    STACK_OF(OCSP_RESPID) *ids = NULL;
+    OCSP_RESPID *id = NULL;
+    BIO *certbio = NULL;
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+    if (SSL_CTX_get_tlsext_status_type(cctx) != -1) {
+        printf("Unexpected initial value for "
+               "SSL_CTX_get_tlsext_status_type()\n");
+        goto end;
+    }
+
+    /* First just do various checks getting and setting tlsext_status_type */
+
+    clientssl = SSL_new(cctx);
+    if (SSL_get_tlsext_status_type(clientssl) != -1) {
+        printf("Unexpected initial value for SSL_get_tlsext_status_type()\n");
+        goto end;
+    }
+
+    if (!SSL_set_tlsext_status_type(clientssl, TLSEXT_STATUSTYPE_ocsp)) {
+        printf("Unexpected fail for SSL_set_tlsext_status_type()\n");
+        goto end;
+    }
+
+    if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) {
+        printf("Unexpected result for SSL_get_tlsext_status_type()\n");
+        goto end;
+    }
+
+    SSL_free(clientssl);
+    clientssl = NULL;
+
+    if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)) {
+        printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n");
+        goto end;
+    }
+
+    if (SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) {
+        printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n");
+        goto end;
+    }
+
+    clientssl = SSL_new(cctx);
+
+    if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) {
+        printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n");
+        goto end;
+    }
+
+    SSL_free(clientssl);
+    clientssl = NULL;
+
+    /*
+     * Now actually do a handshake and check OCSP information is exchanged and
+     * the callbacks get called
+     */
+
+    SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
+    SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
+    SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
+    SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    if (!create_ssl_connection(serverssl, clientssl)) {
+        printf("Unable to create SSL connection\n");
+        goto end;
+    }
+
+    if (!ocsp_client_called || !ocsp_server_called) {
+        printf("OCSP callbacks not called\n");
+        goto end;
+    }
+
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    serverssl = NULL;
+    clientssl = NULL;
+
+    /* Try again but this time force the server side callback to fail */
+    ocsp_client_called = 0;
+    ocsp_server_called = 0;
+    cdummyarg = 0;
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    /* This should fail because the callback will fail */
+    if (create_ssl_connection(serverssl, clientssl)) {
+        printf("Unexpected success creating the connection\n");
+        goto end;
+    }
+
+    if (ocsp_client_called || ocsp_server_called) {
+        printf("OCSP callbacks successfully called unexpectedly\n");
+        goto end;
+    }
+
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    serverssl = NULL;
+    clientssl = NULL;
+
+    /*
+     * This time we'll get the client to send an OCSP_RESPID that it will
+     * accept.
+     */
+    ocsp_client_called = 0;
+    ocsp_server_called = 0;
+    cdummyarg = 2;
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    /*
+     * We'll just use any old cert for this test - it doesn't have to be an OCSP
+     * specific one. We'll use the server cert.
+     */
+    certbio = BIO_new_file(cert, "r");
+    if (certbio == NULL) {
+        printf("Can't load the certificate file\n");
+        goto end;
+    }
+    id = OCSP_RESPID_new();
+    ids = sk_OCSP_RESPID_new_null();
+    ocspcert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+    if (id == NULL || ids == NULL || ocspcert == NULL
+            || !OCSP_RESPID_set_by_key(id, ocspcert)
+            || !sk_OCSP_RESPID_push(ids, id)) {
+        printf("Unable to set OCSP_RESPIDs\n");
+        goto end;
+    }
+    id = NULL;
+    SSL_set_tlsext_status_ids(clientssl, ids);
+    /* Control has been transferred */
+    ids = NULL;
+
+    BIO_free(certbio);
+    certbio = NULL;
+
+    if (!create_ssl_connection(serverssl, clientssl)) {
+        printf("Unable to create SSL connection\n");
+        goto end;
+    }
+
+    if (!ocsp_client_called || !ocsp_server_called) {
+        printf("OCSP callbacks not called\n");
+        goto end;
+    }
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+    sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
+    OCSP_RESPID_free(id);
+    BIO_free(certbio);
+    X509_free(ocspcert);
+    ocspcert = NULL;
+
+    return testresult;
+}
+#endif  /* ndef OPENSSL_NO_OCSP */
+
+typedef struct ssl_session_test_fixture {
+    const char *test_case_name;
+    int use_ext_cache;
+    int use_int_cache;
+} SSL_SESSION_TEST_FIXTURE;
+
+static int new_called = 0, remove_called = 0;
+
+static SSL_SESSION_TEST_FIXTURE
+ssl_session_set_up(const char *const test_case_name)
+{
+    SSL_SESSION_TEST_FIXTURE fixture;
+
+    fixture.test_case_name = test_case_name;
+    fixture.use_ext_cache = 1;
+    fixture.use_int_cache = 1;
+
+    new_called = remove_called = 0;
+
+    return fixture;
+}
+
+static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
+{
+}
+
+static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
+{
+    new_called++;
+
+    return 1;
+}
+
+static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
+{
+    remove_called++;
+}
+
+static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *serverssl1 = NULL, *clientssl1 = NULL;
+    SSL *serverssl2 = NULL, *clientssl2 = NULL;
+#ifndef OPENSSL_NO_TLS1_1
+    SSL *serverssl3 = NULL, *clientssl3 = NULL;
+#endif
+    SSL_SESSION *sess1 = NULL, *sess2 = NULL;
+    int testresult = 0;
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_TLS1_2
+    /* Only allow TLS1.2 so we can force a connection failure later */
+    SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
+#endif
+
+    /* Set up session cache */
+    if (fix.use_ext_cache) {
+        SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
+        SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
+    }
+    if (fix.use_int_cache) {
+        /* Also covers instance where both are set */
+        SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
+    } else {
+        SSL_CTX_set_session_cache_mode(cctx,
+                                       SSL_SESS_CACHE_CLIENT
+                                       | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
+                               NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    if (!create_ssl_connection(serverssl1, clientssl1)) {
+        printf("Unable to create SSL connection\n");
+        goto end;
+    }
+    sess1 = SSL_get1_session(clientssl1);
+    if (sess1 == NULL) {
+        printf("Unexpected NULL session\n");
+        goto end;
+    }
+
+    if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) {
+        /* Should have failed because it should already be in the cache */
+        printf("Unexpected success adding session to cache\n");
+        goto end;
+    }
+
+    if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) {
+        printf("Session not added to cache\n");
+        goto end;
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) {
+        printf("Unable to create second SSL objects\n");
+        goto end;
+    }
+
+    if (!create_ssl_connection(serverssl2, clientssl2)) {
+        printf("Unable to create second SSL connection\n");
+        goto end;
+    }
+
+    sess2 = SSL_get1_session(clientssl2);
+    if (sess2 == NULL) {
+        printf("Unexpected NULL session from clientssl2\n");
+        goto end;
+    }
+
+    if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) {
+        printf("Remove session callback unexpectedly called\n");
+        goto end;
+    }
+
+    /*
+     * This should clear sess2 from the cache because it is a "bad" session. See
+     * SSL_set_session() documentation.
+     */
+    if (!SSL_set_session(clientssl2, sess1)) {
+        printf("Unexpected failure setting session\n");
+        goto end;
+    }
+
+    if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) {
+        printf("Failed to call callback to remove session\n");
+        goto end;
+    }
+
+
+    if (SSL_get_session(clientssl2) != sess1) {
+        printf("Unexpected session found\n");
+        goto end;
+    }
+
+    if (fix.use_int_cache) {
+        if (!SSL_CTX_add_session(cctx, sess2)) {
+            /*
+             * Should have succeeded because it should not already be in the cache
+             */
+            printf("Unexpected failure adding session to cache\n");
+            goto end;
+        }
+
+        if (!SSL_CTX_remove_session(cctx, sess2)) {
+            printf("Unexpected failure removing session from cache\n");
+            goto end;
+        }
+
+        /* This is for the purposes of internal cache testing...ignore the
+         * counter for external cache
+         */
+        if (fix.use_ext_cache)
+            remove_called--;
+    }
+
+    /* This shouldn't be in the cache so should fail */
+    if (SSL_CTX_remove_session(cctx, sess2)) {
+        printf("Unexpected success removing session from cache\n");
+        goto end;
+    }
+
+    if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) {
+        printf("Failed to call callback to remove session #2\n");
+        goto end;
+    }
+
+#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
+    /* Force a connection failure */
+    SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) {
+        printf("Unable to create third SSL objects\n");
+        goto end;
+    }
+
+    if (!SSL_set_session(clientssl3, sess1)) {
+        printf("Unable to set session for third connection\n");
+        goto end;
+    }
+
+    /* This should fail because of the mismatched protocol versions */
+    if (create_ssl_connection(serverssl3, clientssl3)) {
+        printf("Unable to create third SSL connection\n");
+        goto end;
+    }
+
+
+    /* We should have automatically removed the session from the cache */
+    if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
+        printf("Failed to call callback to remove session #2\n");
+        goto end;
+    }
+
+    if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) {
+        /*
+         * Should have succeeded because it should not already be in the cache
+         */
+        printf("Unexpected failure adding session to cache #2\n");
+        goto end;
+    }
+#endif
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl1);
+    SSL_free(clientssl1);
+    SSL_free(serverssl2);
+    SSL_free(clientssl2);
+#ifndef OPENSSL_NO_TLS1_1
+    SSL_free(serverssl3);
+    SSL_free(clientssl3);
+#endif
+    SSL_SESSION_free(sess1);
+    SSL_SESSION_free(sess2);
+    /*
+     * Check if we need to remove any sessions up-refed for the external cache
+     */
+    if (new_called >= 1)
+        SSL_SESSION_free(sess1);
+    if (new_called >= 2)
+        SSL_SESSION_free(sess2);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+static int test_session_with_only_int_cache(void)
+{
+    SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+    fixture.use_ext_cache = 0;
+
+    EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
+static int test_session_with_only_ext_cache(void)
+{
+    SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+    fixture.use_int_cache = 0;
+
+    EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
+static int test_session_with_both_cache(void)
+{
+    SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
+
+    EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
+}
+
+#define USE_NULL    0
+#define USE_BIO_1   1
+#define USE_BIO_2   2
+
+#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
+
+static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
+{
+    switch (type) {
+    case USE_NULL:
+        *res = NULL;
+        break;
+    case USE_BIO_1:
+        *res = bio1;
+        break;
+    case USE_BIO_2:
+        *res = bio2;
+        break;
+    }
+}
+
+static int test_ssl_set_bio(int idx)
+{
+    SSL_CTX *ctx = SSL_CTX_new(TLS_method());
+    BIO *bio1 = NULL;
+    BIO *bio2 = NULL;
+    BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
+    SSL *ssl = NULL;
+    int initrbio, initwbio, newrbio, newwbio;
+    int testresult = 0;
+
+    if (ctx == NULL) {
+        printf("Failed to allocate SSL_CTX\n");
+        goto end;
+    }
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL) {
+        printf("Failed to allocate SSL object\n");
+        goto end;
+    }
+
+    initrbio = idx % 3;
+    idx /= 3;
+    initwbio = idx % 3;
+    idx /= 3;
+    newrbio = idx % 3;
+    idx /= 3;
+    newwbio = idx;
+    OPENSSL_assert(newwbio <= 2);
+
+    if (initrbio == USE_BIO_1 || initwbio == USE_BIO_1 || newrbio == USE_BIO_1
+            || newwbio == USE_BIO_1) {
+        bio1 = BIO_new(BIO_s_mem());
+        if (bio1 == NULL) {
+            printf("Failed to allocate bio1\n");
+            goto end;
+        }
+    }
+
+    if (initrbio == USE_BIO_2 || initwbio == USE_BIO_2 || newrbio == USE_BIO_2
+            || newwbio == USE_BIO_2) {
+        bio2 = BIO_new(BIO_s_mem());
+        if (bio2 == NULL) {
+            printf("Failed to allocate bio2\n");
+            goto end;
+        }
+    }
+
+    setupbio(&irbio, bio1, bio2, initrbio);
+    setupbio(&iwbio, bio1, bio2, initwbio);
+
+    /*
+     * We want to maintain our own refs to these BIO, so do an up ref for each
+     * BIO that will have ownership transferred in the SSL_set_bio() call
+     */
+    if (irbio != NULL)
+        BIO_up_ref(irbio);
+    if (iwbio != NULL && iwbio != irbio)
+        BIO_up_ref(iwbio);
+
+    SSL_set_bio(ssl, irbio, iwbio);
+
+    setupbio(&nrbio, bio1, bio2, newrbio);
+    setupbio(&nwbio, bio1, bio2, newwbio);
+
+    /*
+     * We will (maybe) transfer ownership again so do more up refs.
+     * SSL_set_bio() has some really complicated ownership rules where BIOs have
+     * already been set!
+     */
+    if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio))
+        BIO_up_ref(nrbio);
+    if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
+        BIO_up_ref(nwbio);
+
+    SSL_set_bio(ssl, nrbio, nwbio);
+
+    testresult = 1;
+
+ end:
+    SSL_free(ssl);
+    BIO_free(bio1);
+    BIO_free(bio2);
+    /*
+     * This test is checking that the ref counting for SSL_set_bio is correct.
+     * If we get here and we did too many frees then we will fail in the above
+     * functions. If we haven't done enough then this will only be detected in
+     * a crypto-mdebug build
+     */
+    SSL_CTX_free(ctx);
+
+    return testresult;
+}
+
+typedef struct ssl_bio_test_fixture {
+    const char *test_case_name;
+    int pop_ssl;
+    enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
+} SSL_BIO_TEST_FIXTURE;
+
+static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
+{
+    SSL_BIO_TEST_FIXTURE fixture;
+
+    fixture.test_case_name = test_case_name;
+    fixture.pop_ssl = 0;
+    fixture.change_bio = NO_BIO_CHANGE;
+
+    return fixture;
+}
+
+static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
+{
+}
+
+static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
+{
+    BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
+    SSL_CTX *ctx = SSL_CTX_new(TLS_method());
+    SSL *ssl = NULL;
+    int testresult = 0;
+
+    if (ctx == NULL) {
+        printf("Failed to allocate SSL_CTX\n");
+        return 0;
+    }
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL) {
+        printf("Failed to allocate SSL object\n");
+        goto end;
+    }
+
+    sslbio = BIO_new(BIO_f_ssl());
+    membio1 = BIO_new(BIO_s_mem());
+
+    if (sslbio == NULL || membio1 == NULL) {
+        printf("Malloc failure creating BIOs\n");
+        goto end;
+    }
+
+    BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
+
+    /*
+     * If anything goes wrong here then we could leak memory, so this will
+     * be caught in a crypto-mdebug build
+     */
+    BIO_push(sslbio, membio1);
+
+    /* Verify changing the rbio/wbio directly does not cause leaks */
+    if (fix.change_bio != NO_BIO_CHANGE) {
+        membio2 = BIO_new(BIO_s_mem());
+        if (membio2 == NULL) {
+            printf("Malloc failure creating membio2\n");
+            goto end;
+        }
+        if (fix.change_bio == CHANGE_RBIO)
+            SSL_set0_rbio(ssl, membio2);
+        else
+            SSL_set0_wbio(ssl, membio2);
+    }
+    ssl = NULL;
+
+    if (fix.pop_ssl)
+        BIO_pop(sslbio);
+    else
+        BIO_pop(membio1);
+
+    testresult = 1;
+ end:
+    BIO_free(membio1);
+    BIO_free(sslbio);
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+
+    return testresult;
+}
+
+static int test_ssl_bio_pop_next_bio(void)
+{
+    SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
+
+    EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
+}
+
+static int test_ssl_bio_pop_ssl_bio(void)
+{
+    SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
+
+    fixture.pop_ssl = 1;
+
+    EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
+}
+
+static int test_ssl_bio_change_rbio(void)
+{
+    SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
+
+    fixture.change_bio = CHANGE_RBIO;
+
+    EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
+}
+
+static int test_ssl_bio_change_wbio(void)
+{
+    SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
+
+    fixture.change_bio = CHANGE_WBIO;
+
+    EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
+}
+
+typedef struct {
+    /* The list of sig algs */
+    const int *list;
+    /* The length of the list */
+    size_t listlen;
+    /* A sigalgs list in string format */
+    const char *liststr;
+    /* Whether setting the list should succeed */
+    int valid;
+    /* Whether creating a connection with the list should succeed */
+    int connsuccess;
+} sigalgs_list;
+
+static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
+static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
+static const int invalidlist2[] = {NID_sha256, NID_undef};
+static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
+static const int invalidlist4[] = {NID_sha256};
+static const sigalgs_list testsigalgs[] = {
+    {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+    {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
+    {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+    {NULL, 0, "RSA+SHA256", 1, 1},
+    {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+    {NULL, 0, "ECDSA+SHA512", 1, 0},
+    {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
+    {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
+    {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
+    {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
+    {NULL, 0, "RSA", 0, 0},
+    {NULL, 0, "SHA256", 0, 0},
+    {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
+    {NULL, 0, "Invalid", 0, 0}};
+
+static int test_set_sigalgs(int idx)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    const sigalgs_list *curr;
+    int testctx;
+
+    /* Should never happen */
+    if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
+        return 0;
+
+    testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
+    curr = testctx ? &testsigalgs[idx]
+                   : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+    if (testctx) {
+        int ret;
+        if (curr->list != NULL)
+            ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
+        else
+            ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
+
+        if (!ret) {
+            if (curr->valid)
+                printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
+                       idx);
+            else
+                testresult = 1;
+            goto end;
+        }
+        if (!curr->valid) {
+            printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
+            goto end;
+        }
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    if (!testctx) {
+        int ret;
+
+        if (curr->list != NULL)
+            ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
+        else
+            ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
+        if (!ret) {
+            if (curr->valid)
+                printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
+            else
+                testresult = 1;
+            goto end;
+        }
+        if (!curr->valid) {
+            printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
+            goto end;
+        }
+    }
+
+    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+        printf("Unexpected return value creating SSL connection (%d)\n", idx);
+        goto end;
+    }
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+static int clntaddcb = 0;
+static int clntparsecb = 0;
+static int srvaddcb = 0;
+static int srvparsecb = 0;
+static int snicb = 0;
+
+#define TEST_EXT_TYPE1  0xff00
+
+static int add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
+                  size_t *outlen, int *al, void *add_arg)
+{
+    int *server = (int *)add_arg;
+    unsigned char *data;
+
+    if (SSL_is_server(s))
+        srvaddcb++;
+    else
+        clntaddcb++;
+
+    if (*server != SSL_is_server(s)
+            || (data = OPENSSL_malloc(sizeof(*data))) == NULL)
+        return -1;
+
+    *data = 1;
+    *out = data;
+    *outlen = sizeof(char);
+    return 1;
+}
+
+static void free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
+                    void *add_arg)
+{
+    OPENSSL_free((unsigned char *)out);
+}
+
+static int parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
+                    size_t inlen, int *al, void *parse_arg)
+{
+    int *server = (int *)parse_arg;
+
+    if (SSL_is_server(s))
+        srvparsecb++;
+    else
+        clntparsecb++;
+
+    if (*server != SSL_is_server(s)
+            || inlen != sizeof(char)
+            || *in != 1)
+        return -1;
+
+    return 1;
+}
+
+static int sni_cb(SSL *s, int *al, void *arg)
+{
+    SSL_CTX *ctx = (SSL_CTX *)arg;
+
+    if (SSL_set_SSL_CTX(s, ctx) == NULL) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    }
+    snicb++;
+    return SSL_TLSEXT_ERR_OK;
+}
+
+/*
+ * Custom call back tests.
+ * Test 0: callbacks in TLSv1.2
+ * Test 1: callbacks in TLSv1.2 with SNI
+ */
+static int test_custom_exts(int tst)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    static int server = 1;
+    static int client = 0;
+    SSL_SESSION *sess = NULL;
+
+    /* Reset callback counters */
+    clntaddcb = clntparsecb = srvaddcb = srvparsecb = 0;
+    snicb = 0;
+
+    if (!create_ssl_ctx_pair(TLS_server_method(),  TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        goto end;
+    }
+
+    if (tst == 1
+            && !create_ssl_ctx_pair(TLS_server_method(), NULL,
+                                    TLS1_VERSION, TLS_MAX_VERSION, &sctx2, NULL,
+                                    cert, privkey)) {
+        printf("Unable to create SSL_CTX pair (2)\n");
+        goto end;
+    }
+
+    /* Create a client side custom extension */
+    if (!SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb,
+                                       &client, parse_cb, &client)) {
+        printf("Unable to add client custom extension\n");
+        goto end;
+    }
+
+    /* Should not be able to add duplicates */
+    if (SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb,
+                                      &client, parse_cb, &client)) {
+        printf("Unexpected success adding duplicate extension\n");
+        goto end;
+    }
+
+    /* Create a server side custom extension */
+    if (!SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb,
+                                       &server, parse_cb, &server)) {
+        printf("Unable to add server custom extension\n");
+        goto end;
+    }
+    if (sctx2 != NULL
+            && !SSL_CTX_add_server_custom_ext(sctx2, TEST_EXT_TYPE1,
+                                                        add_cb, free_cb,
+                                                        &server, parse_cb,
+                                                        &server)) {
+        printf("Unable to add server custom extension for SNI\n");
+        goto end;
+    }
+
+    /* Should not be able to add duplicates */
+    if (SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb,
+                                      &server, parse_cb, &server)) {
+        printf("Unexpected success adding duplicate extension (2)\n");
+        goto end;
+    }
+
+    if (tst == 1) {
+        /* Set up SNI */
+        if (!SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)
+                || !SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)) {
+            printf("Cannot set SNI callbacks\n");
+            goto end;
+        }
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)
+            || !create_ssl_connection(serverssl, clientssl)) {
+        printf("Cannot create SSL connection\n");
+        goto end;
+    }
+
+    if (clntaddcb != 1
+            || clntparsecb != 1
+            || srvaddcb != 1
+            || srvparsecb != 1
+            || (tst != 1 && snicb != 0)
+            || (tst == 1 && snicb != 1)) {
+        printf("Incorrect callback counts\n");
+        goto end;
+    }
+
+    sess = SSL_get1_session(clientssl);
+    SSL_shutdown(clientssl);
+    SSL_shutdown(serverssl);
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    serverssl = clientssl = NULL;
+
+    if (tst == 1) {
+        /* We don't bother with the resumption aspects for this test */
+        testresult = 1;
+        goto end;
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)
+            || !SSL_set_session(clientssl, sess)
+            || !create_ssl_connection(serverssl, clientssl)) {
+        printf("Cannot create resumption connection\n");
+        goto end;
+    }
+
+    /*
+     * For a resumed session we expect to add the ClientHello extension but we
+     * should ignore it on the server side.
+     */
+    if (clntaddcb != 2
+            || clntparsecb != 1
+            || srvaddcb != 1
+            || srvparsecb != 1) {
+        printf("Incorrect resumption callback counts\n");
+        goto end;
+    }
+
+    testresult = 1;
+
+end:
+    SSL_SESSION_free(sess);
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx2);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+    return testresult;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *err = NULL;
+    int testresult = 1;
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        return 1;
+    }
+
+    cert = argv[1];
+    privkey = argv[2];
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ADD_TEST(test_large_message_tls);
+    ADD_TEST(test_large_message_tls_read_ahead);
+#ifndef OPENSSL_NO_DTLS
+    ADD_TEST(test_large_message_dtls);
+#endif
+#ifndef OPENSSL_NO_OCSP
+    ADD_TEST(test_tlsext_status_type);
+#endif
+    ADD_TEST(test_session_with_only_int_cache);
+    ADD_TEST(test_session_with_only_ext_cache);
+    ADD_TEST(test_session_with_both_cache);
+    ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
+    ADD_TEST(test_ssl_bio_pop_next_bio);
+    ADD_TEST(test_ssl_bio_pop_ssl_bio);
+    ADD_TEST(test_ssl_bio_change_rbio);
+    ADD_TEST(test_ssl_bio_change_wbio);
+    ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
+    ADD_ALL_TESTS(test_custom_exts, 2);
+
+    testresult = run_tests(argv[0]);
+
+    bio_s_mempacket_test_free();
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 1;
+#endif
+    BIO_free(err);
+
+    if (!testresult)
+        printf("PASS\n");
+
+    return testresult;
+}
diff --git a/openssl-1.1.0h/test/sslcorrupttest.c b/openssl-1.1.0h/test/sslcorrupttest.c
new file mode 100644
index 0000000..d584be3
--- /dev/null
+++ b/openssl-1.1.0h/test/sslcorrupttest.c
@@ -0,0 +1,283 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssltestlib.h"
+#include "testutil.h"
+
+static void copy_flags(BIO *bio)
+{
+    int flags;
+    BIO *next = BIO_next(bio);
+
+    flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
+    BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
+    BIO_set_flags(bio, flags);
+}
+
+static int tls_corrupt_read(BIO *bio, char *out, int outl)
+{
+    int ret;
+    BIO *next = BIO_next(bio);
+
+    ret = BIO_read(next, out, outl);
+    copy_flags(bio);
+
+    return ret;
+}
+
+static int tls_corrupt_write(BIO *bio, const char *in, int inl)
+{
+    int ret;
+    BIO *next = BIO_next(bio);
+    char *copy;
+
+    if (in[0] == SSL3_RT_APPLICATION_DATA) {
+        copy = BUF_memdup(in, inl);
+        TEST_check(copy != NULL);
+        /* corrupt last bit of application data */
+        copy[inl-1] ^= 1;
+        ret = BIO_write(next, copy, inl);
+        OPENSSL_free(copy);
+    } else {
+        ret = BIO_write(next, in, inl);
+    }
+    copy_flags(bio);
+
+    return ret;
+}
+
+static long tls_corrupt_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(bio);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static int tls_corrupt_gets(BIO *bio, char *buf, int size)
+{
+    /* We don't support this - not needed anyway */
+    return -1;
+}
+
+static int tls_corrupt_puts(BIO *bio, const char *str)
+{
+    /* We don't support this - not needed anyway */
+    return -1;
+}
+
+static int tls_corrupt_new(BIO *bio)
+{
+    BIO_set_init(bio, 1);
+
+    return 1;
+}
+
+static int tls_corrupt_free(BIO *bio)
+{
+    BIO_set_init(bio, 0);
+
+    return 1;
+}
+
+#define BIO_TYPE_CUSTOM_FILTER  (0x80 | BIO_TYPE_FILTER)
+
+static BIO_METHOD *method_tls_corrupt = NULL;
+
+/* Note: Not thread safe! */
+static const BIO_METHOD *bio_f_tls_corrupt_filter(void)
+{
+    if (method_tls_corrupt == NULL) {
+        method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER,
+                                          "TLS corrupt filter");
+        if (   method_tls_corrupt == NULL
+            || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write)
+            || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read)
+            || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts)
+            || !BIO_meth_set_gets(method_tls_corrupt, tls_corrupt_gets)
+            || !BIO_meth_set_ctrl(method_tls_corrupt, tls_corrupt_ctrl)
+            || !BIO_meth_set_create(method_tls_corrupt, tls_corrupt_new)
+            || !BIO_meth_set_destroy(method_tls_corrupt, tls_corrupt_free))
+            return NULL;
+    }
+    return method_tls_corrupt;
+}
+
+static void bio_f_tls_corrupt_filter_free(void)
+{
+    BIO_meth_free(method_tls_corrupt);
+}
+
+/*
+ * The test is supposed to be executed with RSA key, customarily
+ * with apps/server.pem used even in other tests. For this reason
+ * |cipher_list| is initialized with RSA ciphers' names. This
+ * naturally means that if test is to be re-purposed for other
+ * type of key, then NID_auth_* filter below would need adjustment.
+ */
+static const char **cipher_list = NULL;
+
+static int setup_cipher_list()
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    static STACK_OF(SSL_CIPHER) *sk_ciphers = NULL;
+    int i, numciphers;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+    TEST_check(ctx != NULL);
+    ssl = SSL_new(ctx);
+    TEST_check(ssl != NULL);
+    sk_ciphers = SSL_get1_supported_ciphers(ssl);
+    TEST_check(sk_ciphers != NULL);
+
+    /*
+     * The |cipher_list| will be filled only with names of RSA ciphers,
+     * so that some of the allocated space will be wasted, but the loss
+     * is deemed acceptable...
+     */
+    cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) *
+                                 sizeof(cipher_list[0]));
+    TEST_check(cipher_list != NULL);
+
+    for (numciphers = 0, i = 0; i < sk_SSL_CIPHER_num(sk_ciphers); i++) {
+        const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(sk_ciphers, i);
+
+        if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_rsa)
+            cipher_list[numciphers++] = SSL_CIPHER_get_name(cipher);
+    }
+    TEST_check(numciphers != 0);
+
+    sk_SSL_CIPHER_free(sk_ciphers);
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+
+    return numciphers;
+}
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+static int test_ssl_corrupt(int testidx)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *server = NULL, *client = NULL;
+    BIO *c_to_s_fbio;
+    int testresult = 0;
+    static unsigned char junk[16000] = { 0 };
+
+    printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+                             TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx,
+                             cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+    if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) {
+        printf("Failed setting cipher list\n");
+        goto end;
+    }
+
+    c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
+    if (c_to_s_fbio == NULL) {
+        printf("Failed to create filter BIO\n");
+        goto end;
+    }
+
+    /* BIO is freed by create_ssl_connection on error */
+    if (!create_ssl_objects(sctx, cctx, &server, &client, NULL,
+                            c_to_s_fbio)) {
+        printf("Unable to create SSL objects\n");
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    if (!create_ssl_connection(server, client)) {
+        printf("Unable to create SSL connection\n");
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    if (SSL_write(client, junk, sizeof(junk)) < 0) {
+        printf("Unable to SSL_write\n");
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    if (SSL_read(server, junk, sizeof(junk)) >= 0) {
+        printf("Read should have failed with \"bad record mac\"\n");
+        goto end;
+    }
+
+    if (ERR_GET_REASON(ERR_peek_error()) !=
+        SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) {
+        ERR_print_errors_fp(stdout);
+        goto end;
+    }
+
+    testresult = 1;
+ end:
+    SSL_free(server);
+    SSL_free(client);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *err = NULL;
+    int testresult = 1;
+
+    if (argc != 3) {
+        printf("Invalid argument count\n");
+        return 1;
+    }
+
+    cert = argv[1];
+    privkey = argv[2];
+
+    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list());
+
+    testresult = run_tests(argv[0]);
+
+    bio_f_tls_corrupt_filter_free();
+
+    OPENSSL_free(cipher_list);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(err) <= 0)
+        testresult = 1;
+#endif
+    BIO_free(err);
+
+    if (!testresult)
+        printf("PASS\n");
+
+    return testresult;
+}
diff --git a/openssl-1.1.0h/test/ssltest_old.c b/openssl-1.1.0h/test/ssltest_old.c
new file mode 100644
index 0000000..e77c692
--- /dev/null
+++ b/openssl-1.1.0h/test/ssltest_old.c
@@ -0,0 +1,3210 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+/* Or gethostname won't be declared properly on Linux and GNU platforms. */
+#ifndef _BSD_SOURCE
+# define _BSD_SOURCE 1
+#endif
+#ifndef _DEFAULT_SOURCE
+# define _DEFAULT_SOURCE 1
+#endif
+
+#include <assert.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_VMS
+/*
+ * Or isascii won't be declared properly on VMS (at least with DECompHP C).
+ */
+# define _XOPEN_SOURCE 500
+#endif
+
+#include <ctype.h>
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CT
+# include <openssl/ct.h>
+#endif
+
+/*
+ * Or gethostname won't be declared properly
+ * on Compaq platforms (at least with DEC C).
+ * Do not try to put it earlier, or IPv6 includes
+ * get screwed...
+ */
+#define _XOPEN_SOURCE_EXTENDED  1
+
+#ifdef OPENSSL_SYS_WINDOWS
+# include <winsock.h>
+#else
+# include OPENSSL_UNISTD
+#endif
+
+static SSL_CTX *s_ctx = NULL;
+static SSL_CTX *s_ctx2 = NULL;
+
+/*
+ * There is really no standard for this, so let's assign something
+ * only for this test
+ */
+#define COMP_ZLIB       1
+
+static int verify_callback(int ok, X509_STORE_CTX *ctx);
+static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK_STRING "Test Callback Argument"
+struct app_verify_arg {
+    char *string;
+    int app_verify;
+};
+
+#ifndef OPENSSL_NO_DH
+static DH *get_dh512(void);
+static DH *get_dh1024(void);
+static DH *get_dh1024dsa(void);
+#endif
+
+static char *psk_key = NULL;    /* by default PSK is not used */
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_client_callback(SSL *ssl, const char *hint,
+                                        char *identity,
+                                        unsigned int max_identity_len,
+                                        unsigned char *psk,
+                                        unsigned int max_psk_len);
+static unsigned int psk_server_callback(SSL *ssl, const char *identity,
+                                        unsigned char *psk,
+                                        unsigned int max_psk_len);
+#endif
+
+#ifndef OPENSSL_NO_SRP
+/* SRP client */
+/* This is a context that we pass to all callbacks */
+typedef struct srp_client_arg_st {
+    char *srppassin;
+    char *srplogin;
+} SRP_CLIENT_ARG;
+
+# define PWD_STRLEN 1024
+
+static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+    SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
+    return OPENSSL_strdup((char *)srp_client_arg->srppassin);
+}
+
+/* SRP server */
+/* This is a context that we pass to SRP server callbacks */
+typedef struct srp_server_arg_st {
+    char *expected_user;
+    char *pass;
+} SRP_SERVER_ARG;
+
+static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+    SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
+
+    if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
+        fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
+        return SSL3_AL_FATAL;
+    }
+    if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        return SSL3_AL_FATAL;
+    }
+    return SSL_ERROR_NONE;
+}
+#endif
+
+static BIO *bio_err = NULL;
+static BIO *bio_stdout = NULL;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* Note that this code assumes that this is only a one element list: */
+static const char NEXT_PROTO_STRING[] = "\x09testproto";
+static int npn_client = 0;
+static int npn_server = 0;
+static int npn_server_reject = 0;
+
+static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         void *arg)
+{
+    /*
+     * This callback only returns the protocol string, rather than a length
+     * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
+     * and remove the first byte to chop off the length prefix.
+     */
+    *out = (unsigned char *)NEXT_PROTO_STRING + 1;
+    *outlen = sizeof(NEXT_PROTO_STRING) - 2;
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int cb_server_npn(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    *data = (const unsigned char *)NEXT_PROTO_STRING;
+    *len = sizeof(NEXT_PROTO_STRING) - 1;
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
+                                 unsigned int *len, void *arg)
+{
+    return SSL_TLSEXT_ERR_NOACK;
+}
+
+static int verify_npn(SSL *client, SSL *server)
+{
+    const unsigned char *client_s;
+    unsigned client_len;
+    const unsigned char *server_s;
+    unsigned server_len;
+
+    SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
+    SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
+
+    if (client_len) {
+        BIO_printf(bio_stdout, "Client NPN: ");
+        BIO_write(bio_stdout, client_s, client_len);
+        BIO_printf(bio_stdout, "\n");
+    }
+
+    if (server_len) {
+        BIO_printf(bio_stdout, "Server NPN: ");
+        BIO_write(bio_stdout, server_s, server_len);
+        BIO_printf(bio_stdout, "\n");
+    }
+
+    /*
+     * If an NPN string was returned, it must be the protocol that we
+     * expected to negotiate.
+     */
+    if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
+                       memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
+        return -1;
+    if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
+                       memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
+        return -1;
+
+    if (!npn_client && client_len)
+        return -1;
+    if (!npn_server && server_len)
+        return -1;
+    if (npn_server_reject && server_len)
+        return -1;
+    if (npn_client && npn_server && (!client_len || !server_len))
+        return -1;
+
+    return 0;
+}
+#endif
+
+static const char *alpn_client;
+static char *alpn_server;
+static char *alpn_server2;
+static const char *alpn_expected;
+static unsigned char *alpn_selected;
+static const char *server_min_proto;
+static const char *server_max_proto;
+static const char *client_min_proto;
+static const char *client_max_proto;
+static const char *should_negotiate;
+static const char *sn_client;
+static const char *sn_server1;
+static const char *sn_server2;
+static int sn_expect = 0;
+static const char *server_sess_out;
+static const char *server_sess_in;
+static const char *client_sess_out;
+static const char *client_sess_in;
+static SSL_SESSION *server_sess;
+static SSL_SESSION *client_sess;
+
+static int servername_cb(SSL *s, int *ad, void *arg)
+{
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (sn_server2 == NULL) {
+        BIO_printf(bio_stdout, "Servername 2 is NULL\n");
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    if (servername) {
+        if (s_ctx2 != NULL && sn_server2 != NULL &&
+            !strcasecmp(servername, sn_server2)) {
+            BIO_printf(bio_stdout, "Switching server context.\n");
+            SSL_set_SSL_CTX(s, s_ctx2);
+        }
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+static int verify_servername(SSL *client, SSL *server)
+{
+    /* just need to see if sn_context is what we expect */
+    SSL_CTX* ctx = SSL_get_SSL_CTX(server);
+    if (sn_expect == 0)
+        return 0;
+    if (sn_expect == 1 && ctx == s_ctx)
+        return 0;
+    if (sn_expect == 2 && ctx == s_ctx2)
+        return 0;
+    BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
+    if (ctx == s_ctx2)
+        BIO_printf(bio_stdout, "Servername: context is 2\n");
+    else if (ctx == s_ctx)
+        BIO_printf(bio_stdout, "Servername: context is 1\n");
+    else
+        BIO_printf(bio_stdout, "Servername: context is unknown\n");
+    return -1;
+}
+
+
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
+ *   outlen: (output) set to the length of the resulting buffer on success.
+ *   in: a NUL terminated string like "abc,def,ghi"
+ *
+ *   returns: a malloced buffer or NULL on failure.
+ */
+static unsigned char *next_protos_parse(size_t *outlen,
+                                        const char *in)
+{
+    size_t len;
+    unsigned char *out;
+    size_t i, start = 0;
+
+    len = strlen(in);
+    if (len >= 65535)
+        return NULL;
+
+    out = OPENSSL_malloc(strlen(in) + 1);
+    if (!out)
+        return NULL;
+
+    for (i = 0; i <= len; ++i) {
+        if (i == len || in[i] == ',') {
+            if (i - start > 255) {
+                OPENSSL_free(out);
+                return NULL;
+            }
+            out[start] = i - start;
+            start = i + 1;
+        } else
+            out[i + 1] = in[i];
+    }
+
+    *outlen = len + 1;
+    return out;
+}
+
+static int cb_server_alpn(SSL *s, const unsigned char **out,
+                          unsigned char *outlen, const unsigned char *in,
+                          unsigned int inlen, void *arg)
+{
+    unsigned char *protos;
+    size_t protos_len;
+    char* alpn_str = arg;
+
+    protos = next_protos_parse(&protos_len, alpn_str);
+    if (protos == NULL) {
+        fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
+                alpn_str);
+        abort();
+    }
+
+    if (SSL_select_next_proto
+        ((unsigned char **)out, outlen, protos, protos_len, in,
+         inlen) != OPENSSL_NPN_NEGOTIATED) {
+        OPENSSL_free(protos);
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    /*
+     * Make a copy of the selected protocol which will be freed in
+     * verify_alpn.
+     */
+    alpn_selected = OPENSSL_malloc(*outlen);
+    memcpy(alpn_selected, *out, *outlen);
+    *out = alpn_selected;
+
+    OPENSSL_free(protos);
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int verify_alpn(SSL *client, SSL *server)
+{
+    const unsigned char *client_proto, *server_proto;
+    unsigned int client_proto_len = 0, server_proto_len = 0;
+    SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
+    SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
+
+    OPENSSL_free(alpn_selected);
+    alpn_selected = NULL;
+
+    if (client_proto_len != server_proto_len) {
+        BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
+        goto err;
+    }
+
+    if (client_proto != NULL &&
+        memcmp(client_proto, server_proto, client_proto_len) != 0) {
+        BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
+        goto err;
+    }
+
+    if (client_proto_len > 0 && alpn_expected == NULL) {
+        BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
+        goto err;
+    }
+
+    if (alpn_expected != NULL &&
+        (client_proto_len != strlen(alpn_expected) ||
+         memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
+        BIO_printf(bio_stdout,
+                   "ALPN selected protocols not equal to expected protocol: %s\n",
+                   alpn_expected);
+        goto err;
+    }
+
+    return 0;
+
+ err:
+    BIO_printf(bio_stdout, "ALPN results: client: '");
+    BIO_write(bio_stdout, client_proto, client_proto_len);
+    BIO_printf(bio_stdout, "', server: '");
+    BIO_write(bio_stdout, server_proto, server_proto_len);
+    BIO_printf(bio_stdout, "'\n");
+    BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
+                   alpn_client);
+    if (SSL_get_SSL_CTX(server) == s_ctx2) {
+        BIO_printf(bio_stdout, "%s'\n",
+                   alpn_server2);
+    } else {
+        BIO_printf(bio_stdout, "%s'\n",
+                   alpn_server);
+    }
+    return -1;
+}
+
+/*
+ * WARNING : below extension types are *NOT* IETF assigned, and could
+ * conflict if these types are reassigned and handled specially by OpenSSL
+ * in the future
+ */
+#define TACK_EXT_TYPE 62208
+#define CUSTOM_EXT_TYPE_0 1000
+#define CUSTOM_EXT_TYPE_1 1001
+#define CUSTOM_EXT_TYPE_2 1002
+#define CUSTOM_EXT_TYPE_3 1003
+
+static const char custom_ext_cli_string[] = "abc";
+static const char custom_ext_srv_string[] = "defg";
+
+/* These set from cmdline */
+static char *serverinfo_file = NULL;
+static int serverinfo_sct = 0;
+static int serverinfo_tack = 0;
+
+/* These set based on extension callbacks */
+static int serverinfo_sct_seen = 0;
+static int serverinfo_tack_seen = 0;
+static int serverinfo_other_seen = 0;
+
+/* This set from cmdline */
+static int custom_ext = 0;
+
+/* This set based on extension callbacks */
+static int custom_ext_error = 0;
+
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *arg)
+{
+    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
+        serverinfo_sct_seen++;
+    else if (ext_type == TACK_EXT_TYPE)
+        serverinfo_tack_seen++;
+    else
+        serverinfo_other_seen++;
+    return 1;
+}
+
+static int verify_serverinfo()
+{
+    if (serverinfo_sct != serverinfo_sct_seen)
+        return -1;
+    if (serverinfo_tack != serverinfo_tack_seen)
+        return -1;
+    if (serverinfo_other_seen)
+        return -1;
+    return 0;
+}
+
+/*-
+ * Four test cases for custom extensions:
+ * 0 - no ClientHello extension or ServerHello response
+ * 1 - ClientHello with "abc", no response
+ * 2 - ClientHello with "abc", empty response
+ * 3 - ClientHello with "abc", "defg" response
+ */
+
+static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_0)
+        custom_ext_error = 1;
+    return 0;                   /* Don't send an extension */
+}
+
+static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    return 1;
+}
+
+static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_1)
+        custom_ext_error = 1;
+    *out = (const unsigned char *)custom_ext_cli_string;
+    *outlen = strlen(custom_ext_cli_string);
+    return 1;                   /* Send "abc" */
+}
+
+static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    return 1;
+}
+
+static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_2)
+        custom_ext_error = 1;
+    *out = (const unsigned char *)custom_ext_cli_string;
+    *outlen = strlen(custom_ext_cli_string);
+    return 1;                   /* Send "abc" */
+}
+
+static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_2)
+        custom_ext_error = 1;
+    if (inlen != 0)
+        custom_ext_error = 1;   /* Should be empty response */
+    return 1;
+}
+
+static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_3)
+        custom_ext_error = 1;
+    *out = (const unsigned char *)custom_ext_cli_string;
+    *outlen = strlen(custom_ext_cli_string);
+    return 1;                   /* Send "abc" */
+}
+
+static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_3)
+        custom_ext_error = 1;
+    if (inlen != strlen(custom_ext_srv_string))
+        custom_ext_error = 1;
+    if (memcmp(custom_ext_srv_string, in, inlen) != 0)
+        custom_ext_error = 1;   /* Check for "defg" */
+    return 1;
+}
+
+/*
+ * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
+ * for this extension
+ */
+static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    custom_ext_error = 1;
+    return 1;
+}
+
+/* 'add' callbacks are only called if the 'parse' callback is called */
+static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    /* Error: should not have been called */
+    custom_ext_error = 1;
+    return 0;                   /* Don't send an extension */
+}
+
+static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_1)
+        custom_ext_error = 1;
+    /* Check for "abc" */
+    if (inlen != strlen(custom_ext_cli_string))
+        custom_ext_error = 1;
+    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
+        custom_ext_error = 1;
+    return 1;
+}
+
+static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    return 0;                   /* Don't send an extension */
+}
+
+static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_2)
+        custom_ext_error = 1;
+    /* Check for "abc" */
+    if (inlen != strlen(custom_ext_cli_string))
+        custom_ext_error = 1;
+    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
+        custom_ext_error = 1;
+    return 1;
+}
+
+static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    *out = NULL;
+    *outlen = 0;
+    return 1;                   /* Send empty extension */
+}
+
+static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     const unsigned char *in,
+                                     size_t inlen, int *al, void *arg)
+{
+    if (ext_type != CUSTOM_EXT_TYPE_3)
+        custom_ext_error = 1;
+    /* Check for "abc" */
+    if (inlen != strlen(custom_ext_cli_string))
+        custom_ext_error = 1;
+    if (memcmp(in, custom_ext_cli_string, inlen) != 0)
+        custom_ext_error = 1;
+    return 1;
+}
+
+static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char **out,
+                                   size_t *outlen, int *al, void *arg)
+{
+    *out = (const unsigned char *)custom_ext_srv_string;
+    *outlen = strlen(custom_ext_srv_string);
+    return 1;                   /* Send "defg" */
+}
+
+static char *cipher = NULL;
+static int verbose = 0;
+static int debug = 0;
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
+                   long bytes, clock_t *s_time, clock_t *c_time);
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
+                 clock_t *c_time);
+int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
+
+static void sv_usage(void)
+{
+    fprintf(stderr, "usage: ssltest [args ...]\n");
+    fprintf(stderr, "\n");
+#ifdef OPENSSL_FIPS
+    fprintf(stderr, "-F             - run test in FIPS mode\n");
+#endif
+    fprintf(stderr, " -server_auth  - check server certificate\n");
+    fprintf(stderr, " -client_auth  - do client authentication\n");
+    fprintf(stderr, " -v            - more output\n");
+    fprintf(stderr, " -d            - debug output\n");
+    fprintf(stderr, " -reuse        - use session-id reuse\n");
+    fprintf(stderr, " -num <val>    - number of connections to perform\n");
+    fprintf(stderr,
+            " -bytes <val>  - number of bytes to swap between client/server\n");
+#ifndef OPENSSL_NO_DH
+    fprintf(stderr,
+            " -dhe512       - use 512 bit key for DHE (to test failure)\n");
+    fprintf(stderr,
+            " -dhe1024      - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
+    fprintf(stderr,
+            " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
+    fprintf(stderr, " -no_dhe       - disable DHE\n");
+#endif
+#ifndef OPENSSL_NO_EC
+    fprintf(stderr, " -no_ecdhe     - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
+#endif
+#ifndef OPENSSL_NO_PSK
+    fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
+#endif
+#ifndef OPENSSL_NO_SRP
+    fprintf(stderr, " -srpuser user - SRP username to use\n");
+    fprintf(stderr, " -srppass arg  - password for 'user'\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
+    fprintf(stderr, " -ssl3         - use SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
+    fprintf(stderr, " -tls1         - use TLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS
+    fprintf(stderr, " -dtls         - use DTLS\n");
+#ifndef OPENSSL_NO_DTLS1
+    fprintf(stderr, " -dtls1        - use DTLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    fprintf(stderr, " -dtls12       - use DTLSv1.2\n");
+#endif
+#endif
+    fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
+    fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
+    fprintf(stderr, " -cert arg     - Server certificate file\n");
+    fprintf(stderr,
+            " -key arg      - Server key file (default: same as -cert)\n");
+    fprintf(stderr, " -c_cert arg   - Client certificate file\n");
+    fprintf(stderr,
+            " -c_key arg    - Client key file (default: same as -c_cert)\n");
+    fprintf(stderr, " -cipher arg   - The cipher list\n");
+    fprintf(stderr, " -bio_pair     - Use BIO pairs\n");
+    fprintf(stderr, " -ipv4         - Use IPv4 connection on localhost\n");
+    fprintf(stderr, " -ipv6         - Use IPv6 connection on localhost\n");
+    fprintf(stderr, " -f            - Test even cases that can't work\n");
+    fprintf(stderr,
+            " -time         - measure processor time used by client and server\n");
+    fprintf(stderr, " -zlib         - use zlib compression\n");
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    fprintf(stderr, " -npn_client - have client side offer NPN\n");
+    fprintf(stderr, " -npn_server - have server side offer NPN\n");
+    fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
+#endif
+    fprintf(stderr, " -serverinfo_file file - have server use this file\n");
+    fprintf(stderr, " -serverinfo_sct  - have client offer and expect SCT\n");
+    fprintf(stderr,
+            " -serverinfo_tack - have client offer and expect TACK\n");
+    fprintf(stderr,
+            " -custom_ext - try various custom extension callbacks\n");
+    fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
+    fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
+    fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
+    fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
+    fprintf(stderr,
+            " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
+    fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
+    fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
+    fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
+    fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
+    fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
+#ifndef OPENSSL_NO_CT
+    fprintf(stderr, " -noct         - no certificate transparency\n");
+    fprintf(stderr, " -requestct    - request certificate transparency\n");
+    fprintf(stderr, " -requirect    - require certificate transparency\n");
+#endif
+    fprintf(stderr, " -sn_client <string>  - have client request this servername\n");
+    fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
+    fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
+    fprintf(stderr, " -sn_expect1          - expected server 1\n");
+    fprintf(stderr, " -sn_expect2          - expected server 2\n");
+    fprintf(stderr, " -server_sess_out <file>    - Save the server session to a file\n");
+    fprintf(stderr, " -server_sess_in <file>     - Read the server session from a file\n");
+    fprintf(stderr, " -client_sess_out <file>    - Save the client session to a file\n");
+    fprintf(stderr, " -client_sess_in <file>     - Read the client session from a file\n");
+    fprintf(stderr, " -should_reuse <number>     - The expected state of reusing the session\n");
+    fprintf(stderr, " -no_ticket    - do not issue TLS session ticket\n");
+}
+
+static void print_key_details(BIO *out, EVP_PKEY *key)
+{
+    int keyid = EVP_PKEY_id(key);
+#ifndef OPENSSL_NO_EC
+    if (keyid == EVP_PKEY_EC) {
+        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+        int nid;
+        const char *cname;
+        nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+        EC_KEY_free(ec);
+        cname = EC_curve_nid2nist(nid);
+        if (!cname)
+            cname = OBJ_nid2sn(nid);
+        BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
+    } else
+#endif
+    {
+        const char *algname;
+        switch (keyid) {
+        case EVP_PKEY_RSA:
+            algname = "RSA";
+            break;
+        case EVP_PKEY_DSA:
+            algname = "DSA";
+            break;
+        case EVP_PKEY_DH:
+            algname = "DH";
+            break;
+        default:
+            algname = OBJ_nid2sn(keyid);
+            break;
+        }
+        BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
+    }
+}
+
+static void print_details(SSL *c_ssl, const char *prefix)
+{
+    const SSL_CIPHER *ciph;
+    int mdnid;
+    X509 *cert;
+    EVP_PKEY *pkey;
+
+    ciph = SSL_get_current_cipher(c_ssl);
+    BIO_printf(bio_stdout, "%s%s, cipher %s %s",
+               prefix,
+               SSL_get_version(c_ssl),
+               SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
+    cert = SSL_get_peer_certificate(c_ssl);
+    if (cert != NULL) {
+        EVP_PKEY* pubkey = X509_get0_pubkey(cert);
+
+        if (pubkey != NULL) {
+            BIO_puts(bio_stdout, ", ");
+            print_key_details(bio_stdout, pubkey);
+        }
+        X509_free(cert);
+    }
+    if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
+        BIO_puts(bio_stdout, ", temp key: ");
+        print_key_details(bio_stdout, pkey);
+        EVP_PKEY_free(pkey);
+    }
+    if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
+        BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
+    BIO_printf(bio_stdout, "\n");
+}
+
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+    struct protocol_versions {
+        const char *name;
+        int version;
+    };
+    static const struct protocol_versions versions[] = {
+        {"ssl3", SSL3_VERSION},
+        {"tls1", TLS1_VERSION},
+        {"tls1.1", TLS1_1_VERSION},
+        {"tls1.2", TLS1_2_VERSION},
+        {"dtls1", DTLS1_VERSION},
+        {"dtls1.2", DTLS1_2_VERSION}};
+    size_t i;
+    size_t n = OSSL_NELEM(versions);
+
+    for (i = 0; i < n; i++)
+        if (strcmp(versions[i].name, value) == 0)
+            return versions[i].version;
+    return -1;
+}
+
+static SSL_SESSION *read_session(const char *filename)
+{
+    SSL_SESSION *sess;
+    BIO *f = BIO_new_file(filename, "r");
+
+    if (f == NULL) {
+        BIO_printf(bio_err, "Can't open session file %s\n", filename);
+        ERR_print_errors(bio_err);
+        return NULL;
+    }
+    sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
+    if (sess == NULL) {
+        BIO_printf(bio_err, "Can't parse session file %s\n", filename);
+        ERR_print_errors(bio_err);
+    }
+    BIO_free(f);
+    return sess;
+}
+
+static int write_session(const char *filename, SSL_SESSION *sess)
+{
+    BIO *f = BIO_new_file(filename, "w");
+
+    if (sess == NULL) {
+        BIO_printf(bio_err, "No session information\n");
+        return 0;
+    }
+    if (f == NULL) {
+        BIO_printf(bio_err, "Can't open session file %s\n", filename);
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    PEM_write_bio_SSL_SESSION(f, sess);
+    BIO_free(f);
+    return 1;
+}
+
+/*
+ * set_protocol_version - Sets protocol version minimum or maximum
+ *
+ * Returns 0 on failure and 1 on success
+ */
+static int set_protocol_version(const char *version, SSL *ssl, int setting)
+{
+    if (version != NULL) {
+        int ver = protocol_from_string(version);
+        if (ver < 0) {
+            BIO_printf(bio_err, "Error parsing: %s\n", version);
+            return 0;
+        }
+        return SSL_ctrl(ssl, setting, ver, NULL);
+    }
+    return 1;
+}
+
+int main(int argc, char *argv[])
+{
+    const char *CApath = NULL, *CAfile = NULL;
+    int badop = 0;
+    enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
+    int force = 0;
+    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
+    int client_auth = 0;
+    int server_auth = 0, i;
+    struct app_verify_arg app_verify_arg =
+        { APP_CALLBACK_STRING, 0 };
+    char *p;
+    SSL_CTX *c_ctx = NULL;
+    const SSL_METHOD *meth = NULL;
+    SSL *c_ssl, *s_ssl;
+    int number = 1, reuse = 0;
+    int should_reuse = -1;
+    int no_ticket = 0;
+    long bytes = 256L;
+#ifndef OPENSSL_NO_DH
+    DH *dh;
+    int dhe512 = 0, dhe1024dsa = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    /* client */
+    SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
+    /* server */
+    SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
+#endif
+    int no_dhe = 0;
+    int no_psk = 0;
+    int print_time = 0;
+    clock_t s_time = 0, c_time = 0;
+#ifndef OPENSSL_NO_COMP
+    int n, comp = 0;
+    COMP_METHOD *cm = NULL;
+    STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#endif
+#ifdef OPENSSL_FIPS
+    int fips_mode = 0;
+#endif
+    int no_protocol;
+    int min_version = 0, max_version = 0;
+#ifndef OPENSSL_NO_CT
+    /*
+     * Disable CT validation by default, because it will interfere with
+     * anything using custom extension handlers to deal with SCT extensions.
+     */
+    int ct_validation = 0;
+#endif
+    SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
+    STACK_OF(OPENSSL_STRING) *conf_args = NULL;
+    char *arg = NULL, *argn = NULL;
+
+    verbose = 0;
+    debug = 0;
+    cipher = 0;
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+    bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    s_cctx = SSL_CONF_CTX_new();
+    s_cctx2 = SSL_CONF_CTX_new();
+    c_cctx = SSL_CONF_CTX_new();
+
+    if (!s_cctx || !c_cctx || !s_cctx2) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CONF_CTX_set_flags(s_cctx,
+                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
+                           SSL_CONF_FLAG_CERTIFICATE |
+                           SSL_CONF_FLAG_REQUIRE_PRIVATE);
+    SSL_CONF_CTX_set_flags(s_cctx2,
+                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
+                           SSL_CONF_FLAG_CERTIFICATE |
+                           SSL_CONF_FLAG_REQUIRE_PRIVATE);
+    if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CONF_CTX_set_flags(c_cctx,
+                           SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
+                           SSL_CONF_FLAG_CERTIFICATE |
+                           SSL_CONF_FLAG_REQUIRE_PRIVATE);
+    if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    argc--;
+    argv++;
+
+    while (argc >= 1) {
+        if (strcmp(*argv, "-F") == 0) {
+#ifdef OPENSSL_FIPS
+            fips_mode = 1;
+#else
+            fprintf(stderr,
+                    "not compiled with FIPS support, so exiting without running.\n");
+            EXIT(0);
+#endif
+        } else if (strcmp(*argv, "-server_auth") == 0)
+            server_auth = 1;
+        else if (strcmp(*argv, "-client_auth") == 0)
+            client_auth = 1;
+        else if (strcmp(*argv, "-v") == 0)
+            verbose = 1;
+        else if (strcmp(*argv, "-d") == 0)
+            debug = 1;
+        else if (strcmp(*argv, "-reuse") == 0)
+            reuse = 1;
+        else if (strcmp(*argv, "-dhe512") == 0) {
+#ifndef OPENSSL_NO_DH
+            dhe512 = 1;
+#else
+            fprintf(stderr,
+                    "ignoring -dhe512, since I'm compiled without DH\n");
+#endif
+        } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
+#ifndef OPENSSL_NO_DH
+            dhe1024dsa = 1;
+#else
+            fprintf(stderr,
+                    "ignoring -dhe1024dsa, since I'm compiled without DH\n");
+#endif
+        } else if (strcmp(*argv, "-no_dhe") == 0)
+            no_dhe = 1;
+        else if (strcmp(*argv, "-no_ecdhe") == 0)
+            /* obsolete */;
+        else if (strcmp(*argv, "-psk") == 0) {
+            if (--argc < 1)
+                goto bad;
+            psk_key = *(++argv);
+#ifndef OPENSSL_NO_PSK
+            if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
+                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                goto bad;
+            }
+#else
+            no_psk = 1;
+#endif
+        }
+#ifndef OPENSSL_NO_SRP
+        else if (strcmp(*argv, "-srpuser") == 0) {
+            if (--argc < 1)
+                goto bad;
+            srp_server_arg.expected_user = srp_client_arg.srplogin =
+                *(++argv);
+            min_version = TLS1_VERSION;
+        } else if (strcmp(*argv, "-srppass") == 0) {
+            if (--argc < 1)
+                goto bad;
+            srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
+            min_version = TLS1_VERSION;
+        }
+#endif
+        else if (strcmp(*argv, "-tls1") == 0) {
+            tls1 = 1;
+        } else if (strcmp(*argv, "-ssl3") == 0) {
+            ssl3 = 1;
+        } else if (strcmp(*argv, "-dtls1") == 0) {
+            dtls1 = 1;
+        } else if (strcmp(*argv, "-dtls12") == 0) {
+            dtls12 = 1;
+        } else if (strcmp(*argv, "-dtls") == 0) {
+            dtls = 1;
+        } else if (strncmp(*argv, "-num", 4) == 0) {
+            if (--argc < 1)
+                goto bad;
+            number = atoi(*(++argv));
+            if (number == 0)
+                number = 1;
+        } else if (strcmp(*argv, "-bytes") == 0) {
+            if (--argc < 1)
+                goto bad;
+            bytes = atol(*(++argv));
+            if (bytes == 0L)
+                bytes = 1L;
+            i = strlen(argv[0]);
+            if (argv[0][i - 1] == 'k')
+                bytes *= 1024L;
+            if (argv[0][i - 1] == 'm')
+                bytes *= 1024L * 1024L;
+        } else if (strcmp(*argv, "-cipher") == 0) {
+            if (--argc < 1)
+                goto bad;
+            cipher = *(++argv);
+        } else if (strcmp(*argv, "-CApath") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CApath = *(++argv);
+        } else if (strcmp(*argv, "-CAfile") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAfile = *(++argv);
+        } else if (strcmp(*argv, "-bio_pair") == 0) {
+            bio_type = BIO_PAIR;
+        }
+#ifndef OPENSSL_NO_SOCK
+        else if (strcmp(*argv, "-ipv4") == 0) {
+            bio_type = BIO_IPV4;
+        } else if (strcmp(*argv, "-ipv6") == 0) {
+            bio_type = BIO_IPV6;
+        }
+#endif
+        else if (strcmp(*argv, "-f") == 0) {
+            force = 1;
+        } else if (strcmp(*argv, "-time") == 0) {
+            print_time = 1;
+        }
+#ifndef OPENSSL_NO_CT
+        else if (strcmp(*argv, "-noct") == 0) {
+            ct_validation = 0;
+        }
+        else if (strcmp(*argv, "-ct") == 0) {
+            ct_validation = 1;
+        }
+#endif
+#ifndef OPENSSL_NO_COMP
+        else if (strcmp(*argv, "-zlib") == 0) {
+            comp = COMP_ZLIB;
+        }
+#endif
+        else if (strcmp(*argv, "-app_verify") == 0) {
+            app_verify_arg.app_verify = 1;
+        }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+          else if (strcmp(*argv, "-npn_client") == 0) {
+            npn_client = 1;
+        } else if (strcmp(*argv, "-npn_server") == 0) {
+            npn_server = 1;
+        } else if (strcmp(*argv, "-npn_server_reject") == 0) {
+            npn_server_reject = 1;
+        }
+#endif
+        else if (strcmp(*argv, "-serverinfo_sct") == 0) {
+            serverinfo_sct = 1;
+        } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
+            serverinfo_tack = 1;
+        } else if (strcmp(*argv, "-serverinfo_file") == 0) {
+            if (--argc < 1)
+                goto bad;
+            serverinfo_file = *(++argv);
+        } else if (strcmp(*argv, "-custom_ext") == 0) {
+            custom_ext = 1;
+        } else if (strcmp(*argv, "-alpn_client") == 0) {
+            if (--argc < 1)
+                goto bad;
+            alpn_client = *(++argv);
+        } else if (strcmp(*argv, "-alpn_server") == 0 ||
+                   strcmp(*argv, "-alpn_server1") == 0) {
+            if (--argc < 1)
+                goto bad;
+            alpn_server = *(++argv);
+        } else if (strcmp(*argv, "-alpn_server2") == 0) {
+            if (--argc < 1)
+                goto bad;
+            alpn_server2 = *(++argv);
+        } else if (strcmp(*argv, "-alpn_expected") == 0) {
+            if (--argc < 1)
+                goto bad;
+            alpn_expected = *(++argv);
+        } else if (strcmp(*argv, "-server_min_proto") == 0) {
+            if (--argc < 1)
+                goto bad;
+            server_min_proto = *(++argv);
+        } else if (strcmp(*argv, "-server_max_proto") == 0) {
+            if (--argc < 1)
+                goto bad;
+            server_max_proto = *(++argv);
+        } else if (strcmp(*argv, "-client_min_proto") == 0) {
+            if (--argc < 1)
+                goto bad;
+            client_min_proto = *(++argv);
+        } else if (strcmp(*argv, "-client_max_proto") == 0) {
+            if (--argc < 1)
+                goto bad;
+            client_max_proto = *(++argv);
+        } else if (strcmp(*argv, "-should_negotiate") == 0) {
+            if (--argc < 1)
+                goto bad;
+            should_negotiate = *(++argv);
+        } else if (strcmp(*argv, "-sn_client") == 0) {
+            if (--argc < 1)
+                goto bad;
+            sn_client = *(++argv);
+        } else if (strcmp(*argv, "-sn_server1") == 0) {
+            if (--argc < 1)
+                goto bad;
+            sn_server1 = *(++argv);
+        } else if (strcmp(*argv, "-sn_server2") == 0) {
+            if (--argc < 1)
+                goto bad;
+            sn_server2 = *(++argv);
+        } else if (strcmp(*argv, "-sn_expect1") == 0) {
+            sn_expect = 1;
+        } else if (strcmp(*argv, "-sn_expect2") == 0) {
+            sn_expect = 2;
+        } else if (strcmp(*argv, "-server_sess_out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            server_sess_out = *(++argv);
+        } else if (strcmp(*argv, "-server_sess_in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            server_sess_in = *(++argv);
+        } else if (strcmp(*argv, "-client_sess_out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            client_sess_out = *(++argv);
+        } else if (strcmp(*argv, "-client_sess_in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            client_sess_in = *(++argv);
+        } else if (strcmp(*argv, "-should_reuse") == 0) {
+            if (--argc < 1)
+                goto bad;
+            should_reuse = !!atoi(*(++argv));
+        } else if (strcmp(*argv, "-no_ticket") == 0) {
+            no_ticket = 1;
+        } else {
+            int rv;
+            arg = argv[0];
+            argn = argv[1];
+            /* Try to process command using SSL_CONF */
+            rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
+            /* If not processed try server */
+            if (rv == 0)
+                rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
+            /* Recognised: store it for later use */
+            if (rv > 0) {
+                if (rv == 1)
+                    argn = NULL;
+                if (!conf_args) {
+                    conf_args = sk_OPENSSL_STRING_new_null();
+                    if (!conf_args)
+                        goto end;
+                }
+                if (!sk_OPENSSL_STRING_push(conf_args, arg))
+                    goto end;
+                if (!sk_OPENSSL_STRING_push(conf_args, argn))
+                    goto end;
+                continue;
+            }
+            if (rv == -3)
+                BIO_printf(bio_err, "Missing argument for %s\n", arg);
+            else if (rv < 0)
+                BIO_printf(bio_err, "Error with command %s\n", arg);
+            else if (rv == 0)
+                BIO_printf(bio_err, "unknown option %s\n", arg);
+            badop = 1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+    if (badop) {
+ bad:
+        sv_usage();
+        goto end;
+    }
+
+    if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
+        fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
+                "be requested.\n");
+        EXIT(1);
+    }
+
+#ifdef OPENSSL_NO_SSL3
+    if (ssl3)
+        no_protocol = 1;
+    else
+#endif
+#ifdef OPENSSL_NO_TLS1
+    if (tls1)
+        no_protocol = 1;
+    else
+#endif
+#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
+    if (dtls1)
+        no_protocol = 1;
+    else
+#endif
+#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
+    if (dtls12)
+        no_protocol = 1;
+    else
+#endif
+        no_protocol = 0;
+
+    /*
+     * Testing was requested for a compiled-out protocol (e.g. SSLv3).
+     * Ideally, we would error out, but the generic test wrapper can't know
+     * when to expect failure. So we do nothing and return success.
+     */
+    if (no_protocol) {
+        fprintf(stderr, "Testing was requested for a disabled protocol. "
+                "Skipping tests.\n");
+        ret = 0;
+        goto end;
+    }
+
+    if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
+        fprintf(stderr, "This case cannot work.  Use -f to perform "
+                "the test anyway (and\n-d to see what happens), "
+                "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
+                "to avoid protocol mismatch.\n");
+        EXIT(1);
+    }
+#ifdef OPENSSL_FIPS
+    if (fips_mode) {
+        if (!FIPS_mode_set(1)) {
+            ERR_print_errors(bio_err);
+            EXIT(1);
+        } else
+            fprintf(stderr, "*** IN FIPS MODE ***\n");
+    }
+#endif
+
+    if (print_time) {
+        if (bio_type != BIO_PAIR) {
+            fprintf(stderr, "Using BIO pair (-bio_pair)\n");
+            bio_type = BIO_PAIR;
+        }
+        if (number < 50 && !force)
+            fprintf(stderr,
+                    "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
+    }
+
+/*      if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
+
+#ifndef OPENSSL_NO_COMP
+    if (comp == COMP_ZLIB)
+        cm = COMP_zlib();
+    if (cm != NULL) {
+        if (COMP_get_type(cm) != NID_undef) {
+            if (SSL_COMP_add_compression_method(comp, cm) != 0) {
+                fprintf(stderr, "Failed to add compression method\n");
+                ERR_print_errors_fp(stderr);
+            }
+        } else {
+            fprintf(stderr,
+                    "Warning: %s compression not supported\n",
+                    comp == COMP_ZLIB ? "zlib" : "unknown");
+            ERR_print_errors_fp(stderr);
+        }
+    }
+    ssl_comp_methods = SSL_COMP_get_compression_methods();
+    n = sk_SSL_COMP_num(ssl_comp_methods);
+    if (n) {
+        int j;
+        printf("Available compression methods:");
+        for (j = 0; j < n; j++) {
+            SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+            printf("  %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
+        }
+        printf("\n");
+    }
+#endif
+
+#ifndef OPENSSL_NO_TLS
+    meth = TLS_method();
+    if (ssl3) {
+        min_version = SSL3_VERSION;
+        max_version = SSL3_VERSION;
+    } else if (tls1) {
+        min_version = TLS1_VERSION;
+        max_version = TLS1_VERSION;
+    } else {
+        min_version = SSL3_VERSION;
+        max_version = TLS_MAX_VERSION;
+    }
+#endif
+#ifndef OPENSSL_NO_DTLS
+    if (dtls || dtls1 || dtls12) {
+        meth = DTLS_method();
+        if (dtls1) {
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+        } else if (dtls12) {
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+        } else {
+            min_version = DTLS_MIN_VERSION;
+            max_version = DTLS_MAX_VERSION;
+        }
+    }
+#endif
+
+    c_ctx = SSL_CTX_new(meth);
+    s_ctx = SSL_CTX_new(meth);
+    s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
+    if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    /*
+     * Since we will use low security ciphersuites and keys for testing set
+     * security level to zero by default. Tests can override this by adding
+     * "@SECLEVEL=n" to the cipher string.
+     */
+    SSL_CTX_set_security_level(c_ctx, 0);
+    SSL_CTX_set_security_level(s_ctx, 0);
+    SSL_CTX_set_security_level(s_ctx2, 0);
+
+    if (no_ticket) {
+        SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
+        SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
+    }
+
+    if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0) {
+        printf("Unable to set client min protocol version (0x%X)\n",
+               min_version);
+        goto end;
+    }
+    if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0) {
+        printf("Unable to set client max protocol version (0x%X)\n",
+               max_version);
+        goto end;
+    }
+    if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0) {
+        printf("Unable to set server min protocol version (0x%X)\n",
+               min_version);
+        goto end;
+    }
+    if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0) {
+        printf("Unable to set server max protocol version (0x%X)\n",
+               max_version);
+        goto end;
+    }
+
+    if (cipher != NULL) {
+        if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
+            || !SSL_CTX_set_cipher_list(s_ctx, cipher)
+            || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+#ifndef OPENSSL_NO_CT
+    if (ct_validation &&
+        !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#endif
+
+    /* Process SSL_CONF arguments */
+    SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
+    SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
+    SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
+
+    for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
+        int rv;
+        arg = sk_OPENSSL_STRING_value(conf_args, i);
+        argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
+        rv = SSL_CONF_cmd(c_cctx, arg, argn);
+        /* If not recognised use server context */
+        if (rv == -2) {
+            rv = SSL_CONF_cmd(s_cctx2, arg, argn);
+            if (rv > 0)
+                rv = SSL_CONF_cmd(s_cctx, arg, argn);
+        }
+        if (rv <= 0) {
+            BIO_printf(bio_err, "Error processing %s %s\n",
+                       arg, argn ? argn : "");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
+        BIO_puts(bio_err, "Error finishing context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#ifndef OPENSSL_NO_DH
+    if (!no_dhe) {
+        if (dhe1024dsa) {
+            dh = get_dh1024dsa();
+        } else if (dhe512)
+            dh = get_dh512();
+        else
+            dh = get_dh1024();
+        SSL_CTX_set_tmp_dh(s_ctx, dh);
+        SSL_CTX_set_tmp_dh(s_ctx2, dh);
+        DH_free(dh);
+    }
+#else
+    (void)no_dhe;
+#endif
+
+    if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
+        (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+        (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
+        (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
+        (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
+        (!SSL_CTX_set_default_verify_paths(c_ctx))) {
+        /* fprintf(stderr,"SSL_load_verify_locations\n"); */
+        ERR_print_errors(bio_err);
+        /* goto end; */
+    }
+
+#ifndef OPENSSL_NO_CT
+    if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
+        !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
+        !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
+        ERR_print_errors(bio_err);
+    }
+#endif
+
+    if (client_auth) {
+        printf("client authentication\n");
+        SSL_CTX_set_verify(s_ctx,
+                           SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                           verify_callback);
+        SSL_CTX_set_verify(s_ctx2,
+                           SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                           verify_callback);
+        SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
+                                         &app_verify_arg);
+        SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
+                                         &app_verify_arg);
+    }
+    if (server_auth) {
+        printf("server authentication\n");
+        SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
+        SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
+                                         &app_verify_arg);
+    }
+
+    {
+        int session_id_context = 0;
+        if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
+                                            sizeof(session_id_context)) ||
+            !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
+                                            sizeof(session_id_context))) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    /* Use PSK only if PSK key is given */
+    if (psk_key != NULL) {
+        /*
+         * no_psk is used to avoid putting psk command to openssl tool
+         */
+        if (no_psk) {
+            /*
+             * if PSK is not compiled in and psk key is given, do nothing and
+             * exit successfully
+             */
+            ret = 0;
+            goto end;
+        }
+#ifndef OPENSSL_NO_PSK
+        SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
+        SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
+        SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
+        if (debug)
+            BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
+        if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
+            !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
+            BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#endif
+    }
+#ifndef OPENSSL_NO_SRP
+    if (srp_client_arg.srplogin) {
+        if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
+            BIO_printf(bio_err, "Unable to set SRP username\n");
+            goto end;
+        }
+        SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
+        SSL_CTX_set_srp_client_pwd_callback(c_ctx,
+                                            ssl_give_srp_client_pwd_cb);
+        /*
+         * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
+         */
+    }
+
+    if (srp_server_arg.expected_user != NULL) {
+        SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
+        SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
+        SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
+        SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
+    }
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (npn_client) {
+        SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
+    }
+    if (npn_server) {
+        if (npn_server_reject) {
+            BIO_printf(bio_err,
+                       "Can't have both -npn_server and -npn_server_reject\n");
+            goto end;
+        }
+        SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
+        SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
+    }
+    if (npn_server_reject) {
+        SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
+                                              NULL);
+        SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
+                                              NULL);
+    }
+#endif
+
+    if (serverinfo_sct) {
+        if (!SSL_CTX_add_client_custom_ext(c_ctx,
+                TLSEXT_TYPE_signed_certificate_timestamp,
+                NULL, NULL, NULL,
+                serverinfo_cli_parse_cb, NULL)) {
+            BIO_printf(bio_err, "Error adding SCT extension\n");
+            goto end;
+        }
+    }
+    if (serverinfo_tack) {
+        if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+                                      NULL, NULL, NULL,
+                                      serverinfo_cli_parse_cb, NULL)) {
+            BIO_printf(bio_err, "Error adding TACK extension\n");
+            goto end;
+        }
+    }
+    if (serverinfo_file)
+        if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
+            !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
+            BIO_printf(bio_err, "missing serverinfo file\n");
+            goto end;
+        }
+
+    if (custom_ext) {
+        if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+                                      custom_ext_0_cli_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_0_cli_parse_cb, NULL)
+            || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+                                      custom_ext_1_cli_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_1_cli_parse_cb, NULL)
+            || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+                                      custom_ext_2_cli_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_2_cli_parse_cb, NULL)
+            || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+                                      custom_ext_3_cli_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_3_cli_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+                                      custom_ext_0_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_0_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
+                                      custom_ext_0_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_0_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+                                      custom_ext_1_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_1_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
+                                      custom_ext_1_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_1_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+                                      custom_ext_2_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_2_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
+                                      custom_ext_2_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_2_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+                                      custom_ext_3_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_3_srv_parse_cb, NULL)
+            || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
+                                      custom_ext_3_srv_add_cb,
+                                      NULL, NULL,
+                                      custom_ext_3_srv_parse_cb, NULL)) {
+            BIO_printf(bio_err, "Error setting custom extensions\n");
+            goto end;
+        }
+    }
+
+    if (alpn_server)
+        SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
+    if (alpn_server2)
+        SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
+
+    if (alpn_client) {
+        size_t alpn_len;
+        unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
+
+        if (alpn == NULL) {
+            BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
+            goto end;
+        }
+        /* Returns 0 on success!! */
+        if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+            BIO_printf(bio_err, "Error setting ALPN\n");
+            OPENSSL_free(alpn);
+            goto end;
+        }
+        OPENSSL_free(alpn);
+    }
+
+    if (server_sess_in != NULL) {
+        server_sess = read_session(server_sess_in);
+        if (server_sess == NULL)
+            goto end;
+    }
+    if (client_sess_in != NULL) {
+        client_sess = read_session(client_sess_in);
+        if (client_sess == NULL)
+            goto end;
+    }
+
+    if (server_sess_out != NULL || server_sess_in != NULL) {
+        char *keys;
+        long size;
+
+        /* Use a fixed key so that we can decrypt the ticket. */
+        size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
+        keys = OPENSSL_zalloc(size);
+        SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
+        OPENSSL_free(keys);
+    }
+
+    if (sn_server1 != NULL || sn_server2 != NULL)
+        SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
+
+    c_ssl = SSL_new(c_ctx);
+    s_ssl = SSL_new(s_ctx);
+
+    if (sn_client)
+        SSL_set_tlsext_host_name(c_ssl, sn_client);
+
+    if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+        goto end;
+    if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+        goto end;
+    if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+        goto end;
+    if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+        goto end;
+
+    if (server_sess) {
+        if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
+            BIO_printf(bio_err, "Can't add server session\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
+    for (i = 0; i < number; i++) {
+        if (!reuse) {
+            if (!SSL_set_session(c_ssl, NULL)) {
+                BIO_printf(bio_err, "Failed to set session\n");
+                goto end;
+            }
+        }
+        if (client_sess_in != NULL) {
+            if (SSL_set_session(c_ssl, client_sess) == 0) {
+                BIO_printf(bio_err, "Can't set client session\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+        switch (bio_type) {
+        case BIO_MEM:
+            ret = doit(s_ssl, c_ssl, bytes);
+            break;
+        case BIO_PAIR:
+            ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
+            break;
+#ifndef OPENSSL_NO_SOCK
+        case BIO_IPV4:
+            ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
+                                 bytes, &s_time, &c_time);
+            break;
+        case BIO_IPV6:
+            ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
+                                 bytes, &s_time, &c_time);
+            break;
+#else
+        case BIO_IPV4:
+        case BIO_IPV6:
+            ret = 1;
+            goto err;
+#endif
+        }
+        if (ret)  break;
+    }
+
+    if (should_negotiate && ret == 0 &&
+        strcmp(should_negotiate, "fail-server") != 0 &&
+        strcmp(should_negotiate, "fail-client") != 0) {
+        int version = protocol_from_string(should_negotiate);
+        if (version < 0) {
+            BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
+            ret = 1;
+            goto err;
+        }
+        if (SSL_version(c_ssl) != version) {
+            BIO_printf(bio_err, "Unexpected version negotiated. "
+                "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
+            ret = 1;
+            goto err;
+        }
+    }
+
+    if (should_reuse != -1) {
+        if (SSL_session_reused(s_ssl) != should_reuse ||
+            SSL_session_reused(c_ssl) != should_reuse) {
+            BIO_printf(bio_err, "Unexpected session reuse state. "
+                "Expected: %d, server: %d, client: %d\n", should_reuse,
+                SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
+            ret = 1;
+            goto err;
+        }
+    }
+
+    if (server_sess_out != NULL) {
+        if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
+            ret = 1;
+            goto err;
+        }
+    }
+    if (client_sess_out != NULL) {
+        if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
+            ret = 1;
+            goto err;
+        }
+    }
+
+    if (!verbose) {
+        print_details(c_ssl, "");
+    }
+    if (print_time) {
+#ifdef CLOCKS_PER_SEC
+        /*
+         * "To determine the time in seconds, the value returned by the clock
+         * function should be divided by the value of the macro
+         * CLOCKS_PER_SEC." -- ISO/IEC 9899
+         */
+        BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
+                   "Approximate total client time: %6.2f s\n",
+                   (double)s_time / CLOCKS_PER_SEC,
+                   (double)c_time / CLOCKS_PER_SEC);
+#else
+        BIO_printf(bio_stdout,
+                   "Approximate total server time: %6.2f units\n"
+                   "Approximate total client time: %6.2f units\n",
+                   (double)s_time, (double)c_time);
+#endif
+    }
+
+ err:
+    SSL_free(s_ssl);
+    SSL_free(c_ssl);
+
+ end:
+    SSL_CTX_free(s_ctx);
+    SSL_CTX_free(s_ctx2);
+    SSL_CTX_free(c_ctx);
+    SSL_CONF_CTX_free(s_cctx);
+    SSL_CONF_CTX_free(s_cctx2);
+    SSL_CONF_CTX_free(c_cctx);
+    sk_OPENSSL_STRING_free(conf_args);
+
+    BIO_free(bio_stdout);
+
+    SSL_SESSION_free(server_sess);
+    SSL_SESSION_free(client_sess);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
+                   clock_t *s_time, clock_t *c_time)
+{
+    long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+    BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+    BIO *acpt = NULL, *server = NULL, *client = NULL;
+    char addr_str[40];
+    int ret = 1;
+    int err_in_client = 0;
+    int err_in_server = 0;
+
+    acpt = BIO_new_accept("0");
+    if (acpt == NULL)
+        goto err;
+    BIO_set_accept_ip_family(acpt, family);
+    BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
+    if (BIO_do_accept(acpt) <= 0)
+        goto err;
+
+    BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
+
+    client = BIO_new_connect(addr_str);
+    BIO_set_conn_ip_family(client, family);
+    if (!client)
+        goto err;
+
+    if (BIO_set_nbio(client, 1) <= 0)
+        goto err;
+    if (BIO_set_nbio(acpt, 1) <= 0)
+        goto err;
+
+    {
+        int st_connect = 0, st_accept = 0;
+
+        while(!st_connect || !st_accept) {
+            if (!st_connect) {
+                if (BIO_do_connect(client) <= 0) {
+                    if (!BIO_should_retry(client))
+                        goto err;
+                } else {
+                    st_connect = 1;
+                }
+            }
+            if (!st_accept) {
+                if (BIO_do_accept(acpt) <= 0) {
+                    if (!BIO_should_retry(acpt))
+                        goto err;
+                } else {
+                    st_accept = 1;
+                }
+            }
+        }
+    }
+    /* We're not interested in accepting further connects */
+    server = BIO_pop(acpt);
+    BIO_free_all(acpt);
+    acpt = NULL;
+
+    s_ssl_bio = BIO_new(BIO_f_ssl());
+    if (!s_ssl_bio)
+        goto err;
+
+    c_ssl_bio = BIO_new(BIO_f_ssl());
+    if (!c_ssl_bio)
+        goto err;
+
+    SSL_set_connect_state(c_ssl);
+    SSL_set_bio(c_ssl, client, client);
+    (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+    SSL_set_accept_state(s_ssl);
+    SSL_set_bio(s_ssl, server, server);
+    (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+    do {
+        /*-
+         * c_ssl_bio:          SSL filter BIO
+         *
+         * client:             I/O for SSL library
+         *
+         *
+         * server:             I/O for SSL library
+         *
+         * s_ssl_bio:          SSL filter BIO
+         */
+
+        /*
+         * We have non-blocking behaviour throughout this test program, but
+         * can be sure that there is *some* progress in each iteration; so we
+         * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
+         * we just try everything in each iteration
+         */
+
+        {
+            /* CLIENT */
+
+            char cbuf[1024 * 8];
+            int i, r;
+            clock_t c_clock = clock();
+
+            memset(cbuf, 0, sizeof(cbuf));
+
+            if (debug)
+                if (SSL_in_init(c_ssl))
+                    printf("client waiting in SSL_connect - %s\n",
+                           SSL_state_string_long(c_ssl));
+
+            if (cw_num > 0) {
+                /* Write to server. */
+
+                if (cw_num > (long)sizeof(cbuf))
+                    i = sizeof(cbuf);
+                else
+                    i = (int)cw_num;
+                r = BIO_write(c_ssl_bio, cbuf, i);
+                if (r < 0) {
+                    if (!BIO_should_retry(c_ssl_bio)) {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        goto err;
+                    }
+                    /*
+                     * BIO_should_retry(...) can just be ignored here. The
+                     * library expects us to call BIO_write with the same
+                     * arguments again, and that's what we will do in the
+                     * next iteration.
+                     */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client wrote %d\n", r);
+                    cw_num -= r;
+                }
+            }
+
+            if (cr_num > 0) {
+                /* Read from server. */
+
+                r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+                if (r < 0) {
+                    if (!BIO_should_retry(c_ssl_bio)) {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        goto err;
+                    }
+                    /*
+                     * Again, "BIO_should_retry" can be ignored.
+                     */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client read %d\n", r);
+                    cr_num -= r;
+                }
+            }
+
+            /*
+             * c_time and s_time increments will typically be very small
+             * (depending on machine speed and clock tick intervals), but
+             * sampling over a large number of connections should result in
+             * fairly accurate figures.  We cannot guarantee a lot, however
+             * -- if each connection lasts for exactly one clock tick, it
+             * will be counted only for the client or only for the server or
+             * even not at all.
+             */
+            *c_time += (clock() - c_clock);
+        }
+
+        {
+            /* SERVER */
+
+            char sbuf[1024 * 8];
+            int i, r;
+            clock_t s_clock = clock();
+
+            memset(sbuf, 0, sizeof(sbuf));
+
+            if (debug)
+                if (SSL_in_init(s_ssl))
+                    printf("server waiting in SSL_accept - %s\n",
+                           SSL_state_string_long(s_ssl));
+
+            if (sw_num > 0) {
+                /* Write to client. */
+
+                if (sw_num > (long)sizeof(sbuf))
+                    i = sizeof(sbuf);
+                else
+                    i = (int)sw_num;
+                r = BIO_write(s_ssl_bio, sbuf, i);
+                if (r < 0) {
+                    if (!BIO_should_retry(s_ssl_bio)) {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        goto err;
+                    }
+                    /* Ignore "BIO_should_retry". */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server wrote %d\n", r);
+                    sw_num -= r;
+                }
+            }
+
+            if (sr_num > 0) {
+                /* Read from client. */
+
+                r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+                if (r < 0) {
+                    if (!BIO_should_retry(s_ssl_bio)) {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        goto err;
+                    }
+                    /* blah, blah */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server read %d\n", r);
+                    sr_num -= r;
+                }
+            }
+
+            *s_time += (clock() - s_clock);
+        }
+    }
+    while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+    if (verbose)
+        print_details(c_ssl, "DONE via TCP connect: ");
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    if (verify_npn(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto end;
+    }
+# endif
+    if (verify_serverinfo() < 0) {
+        fprintf(stderr, "Server info verify error\n");
+        ret = 1;
+        goto err;
+    }
+    if (verify_alpn(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto err;
+    }
+    if (verify_servername(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto err;
+    }
+
+    if (custom_ext_error) {
+        fprintf(stderr, "Custom extension error\n");
+        ret = 1;
+        goto err;
+    }
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ end:
+# endif
+    ret = 0;
+
+ err:
+    ERR_print_errors(bio_err);
+
+    BIO_free_all(acpt);
+    BIO_free(server);
+    BIO_free(client);
+    BIO_free(s_ssl_bio);
+    BIO_free(c_ssl_bio);
+
+    if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+        ret = (err_in_client != 0) ? 0 : 1;
+    else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+        ret = (err_in_server != 0) ? 0 : 1;
+
+    return ret;
+}
+#endif
+
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
+                 clock_t *s_time, clock_t *c_time)
+{
+    long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+    BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+    BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
+    int ret = 1;
+    int err_in_client = 0;
+    int err_in_server = 0;
+
+    size_t bufsiz = 256;        /* small buffer for testing */
+
+    if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
+        goto err;
+    if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
+        goto err;
+
+    s_ssl_bio = BIO_new(BIO_f_ssl());
+    if (!s_ssl_bio)
+        goto err;
+
+    c_ssl_bio = BIO_new(BIO_f_ssl());
+    if (!c_ssl_bio)
+        goto err;
+
+    SSL_set_connect_state(c_ssl);
+    SSL_set_bio(c_ssl, client, client);
+    (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+    SSL_set_accept_state(s_ssl);
+    SSL_set_bio(s_ssl, server, server);
+    (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+    do {
+        /*-
+         * c_ssl_bio:          SSL filter BIO
+         *
+         * client:             pseudo-I/O for SSL library
+         *
+         * client_io:          client's SSL communication; usually to be
+         *                     relayed over some I/O facility, but in this
+         *                     test program, we're the server, too:
+         *
+         * server_io:          server's SSL communication
+         *
+         * server:             pseudo-I/O for SSL library
+         *
+         * s_ssl_bio:          SSL filter BIO
+         *
+         * The client and the server each employ a "BIO pair":
+         * client + client_io, server + server_io.
+         * BIO pairs are symmetric.  A BIO pair behaves similar
+         * to a non-blocking socketpair (but both endpoints must
+         * be handled by the same thread).
+         * [Here we could connect client and server to the ends
+         * of a single BIO pair, but then this code would be less
+         * suitable as an example for BIO pairs in general.]
+         *
+         * Useful functions for querying the state of BIO pair endpoints:
+         *
+         * BIO_ctrl_pending(bio)              number of bytes we can read now
+         * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
+         *                                      other side's read attempt
+         * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
+         *
+         * ..._read_request is never more than ..._write_guarantee;
+         * it depends on the application which one you should use.
+         */
+
+        /*
+         * We have non-blocking behaviour throughout this test program, but
+         * can be sure that there is *some* progress in each iteration; so we
+         * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
+         * we just try everything in each iteration
+         */
+
+        {
+            /* CLIENT */
+
+            char cbuf[1024 * 8];
+            int i, r;
+            clock_t c_clock = clock();
+
+            memset(cbuf, 0, sizeof(cbuf));
+
+            if (debug)
+                if (SSL_in_init(c_ssl))
+                    printf("client waiting in SSL_connect - %s\n",
+                           SSL_state_string_long(c_ssl));
+
+            if (cw_num > 0) {
+                /* Write to server. */
+
+                if (cw_num > (long)sizeof(cbuf))
+                    i = sizeof(cbuf);
+                else
+                    i = (int)cw_num;
+                r = BIO_write(c_ssl_bio, cbuf, i);
+                if (r < 0) {
+                    if (!BIO_should_retry(c_ssl_bio)) {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        goto err;
+                    }
+                    /*
+                     * BIO_should_retry(...) can just be ignored here. The
+                     * library expects us to call BIO_write with the same
+                     * arguments again, and that's what we will do in the
+                     * next iteration.
+                     */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client wrote %d\n", r);
+                    cw_num -= r;
+                }
+            }
+
+            if (cr_num > 0) {
+                /* Read from server. */
+
+                r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+                if (r < 0) {
+                    if (!BIO_should_retry(c_ssl_bio)) {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        goto err;
+                    }
+                    /*
+                     * Again, "BIO_should_retry" can be ignored.
+                     */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client read %d\n", r);
+                    cr_num -= r;
+                }
+            }
+
+            /*
+             * c_time and s_time increments will typically be very small
+             * (depending on machine speed and clock tick intervals), but
+             * sampling over a large number of connections should result in
+             * fairly accurate figures.  We cannot guarantee a lot, however
+             * -- if each connection lasts for exactly one clock tick, it
+             * will be counted only for the client or only for the server or
+             * even not at all.
+             */
+            *c_time += (clock() - c_clock);
+        }
+
+        {
+            /* SERVER */
+
+            char sbuf[1024 * 8];
+            int i, r;
+            clock_t s_clock = clock();
+
+            memset(sbuf, 0, sizeof(sbuf));
+
+            if (debug)
+                if (SSL_in_init(s_ssl))
+                    printf("server waiting in SSL_accept - %s\n",
+                           SSL_state_string_long(s_ssl));
+
+            if (sw_num > 0) {
+                /* Write to client. */
+
+                if (sw_num > (long)sizeof(sbuf))
+                    i = sizeof(sbuf);
+                else
+                    i = (int)sw_num;
+                r = BIO_write(s_ssl_bio, sbuf, i);
+                if (r < 0) {
+                    if (!BIO_should_retry(s_ssl_bio)) {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        goto err;
+                    }
+                    /* Ignore "BIO_should_retry". */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server wrote %d\n", r);
+                    sw_num -= r;
+                }
+            }
+
+            if (sr_num > 0) {
+                /* Read from client. */
+
+                r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+                if (r < 0) {
+                    if (!BIO_should_retry(s_ssl_bio)) {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        goto err;
+                    }
+                    /* blah, blah */
+                } else if (r == 0) {
+                    fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server read %d\n", r);
+                    sr_num -= r;
+                }
+            }
+
+            *s_time += (clock() - s_clock);
+        }
+
+        {
+            /* "I/O" BETWEEN CLIENT AND SERVER. */
+
+            size_t r1, r2;
+            BIO *io1 = server_io, *io2 = client_io;
+            /*
+             * we use the non-copying interface for io1 and the standard
+             * BIO_write/BIO_read interface for io2
+             */
+
+            static int prev_progress = 1;
+            int progress = 0;
+
+            /* io1 to io2 */
+            do {
+                size_t num;
+                int r;
+
+                r1 = BIO_ctrl_pending(io1);
+                r2 = BIO_ctrl_get_write_guarantee(io2);
+
+                num = r1;
+                if (r2 < num)
+                    num = r2;
+                if (num) {
+                    char *dataptr;
+
+                    if (INT_MAX < num) /* yeah, right */
+                        num = INT_MAX;
+
+                    r = BIO_nread(io1, &dataptr, (int)num);
+                    assert(r > 0);
+                    assert(r <= (int)num);
+                    /*
+                     * possibly r < num (non-contiguous data)
+                     */
+                    num = r;
+                    r = BIO_write(io2, dataptr, (int)num);
+                    if (r != (int)num) { /* can't happen */
+                        fprintf(stderr, "ERROR: BIO_write could not write "
+                                "BIO_ctrl_get_write_guarantee() bytes");
+                        goto err;
+                    }
+                    progress = 1;
+
+                    if (debug)
+                        printf((io1 == client_io) ?
+                               "C->S relaying: %d bytes\n" :
+                               "S->C relaying: %d bytes\n", (int)num);
+                }
+            }
+            while (r1 && r2);
+
+            /* io2 to io1 */
+            {
+                size_t num;
+                int r;
+
+                r1 = BIO_ctrl_pending(io2);
+                r2 = BIO_ctrl_get_read_request(io1);
+                /*
+                 * here we could use ..._get_write_guarantee instead of
+                 * ..._get_read_request, but by using the latter we test
+                 * restartability of the SSL implementation more thoroughly
+                 */
+                num = r1;
+                if (r2 < num)
+                    num = r2;
+                if (num) {
+                    char *dataptr;
+
+                    if (INT_MAX < num)
+                        num = INT_MAX;
+
+                    if (num > 1)
+                        --num;  /* test restartability even more thoroughly */
+
+                    r = BIO_nwrite0(io1, &dataptr);
+                    assert(r > 0);
+                    if (r < (int)num)
+                        num = r;
+                    r = BIO_read(io2, dataptr, (int)num);
+                    if (r != (int)num) { /* can't happen */
+                        fprintf(stderr, "ERROR: BIO_read could not read "
+                                "BIO_ctrl_pending() bytes");
+                        goto err;
+                    }
+                    progress = 1;
+                    r = BIO_nwrite(io1, &dataptr, (int)num);
+                    if (r != (int)num) { /* can't happen */
+                        fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
+                                "BIO_nwrite0() bytes");
+                        goto err;
+                    }
+
+                    if (debug)
+                        printf((io2 == client_io) ?
+                               "C->S relaying: %d bytes\n" :
+                               "S->C relaying: %d bytes\n", (int)num);
+                }
+            }                   /* no loop, BIO_ctrl_get_read_request now
+                                 * returns 0 anyway */
+
+            if (!progress && !prev_progress)
+                if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
+                    fprintf(stderr, "ERROR: got stuck\n");
+                    fprintf(stderr, " ERROR.\n");
+                    goto err;
+                }
+            prev_progress = progress;
+        }
+    }
+    while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+    if (verbose)
+        print_details(c_ssl, "DONE via BIO pair: ");
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (verify_npn(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto end;
+    }
+#endif
+    if (verify_serverinfo() < 0) {
+        fprintf(stderr, "Server info verify error\n");
+        ret = 1;
+        goto err;
+    }
+    if (verify_alpn(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto err;
+    }
+    if (verify_servername(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto err;
+    }
+
+    if (custom_ext_error) {
+        fprintf(stderr, "Custom extension error\n");
+        ret = 1;
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ end:
+#endif
+    ret = 0;
+
+ err:
+    ERR_print_errors(bio_err);
+
+    BIO_free(server);
+    BIO_free(server_io);
+    BIO_free(client);
+    BIO_free(client_io);
+    BIO_free(s_ssl_bio);
+    BIO_free(c_ssl_bio);
+
+    if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+        ret = (err_in_client != 0) ? 0 : 1;
+    else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+        ret = (err_in_server != 0) ? 0 : 1;
+
+    return ret;
+}
+
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+
+int doit(SSL *s_ssl, SSL *c_ssl, long count)
+{
+    char *cbuf = NULL, *sbuf = NULL;
+    long bufsiz;
+    long cw_num = count, cr_num = count;
+    long sw_num = count, sr_num = count;
+    int ret = 1;
+    BIO *c_to_s = NULL;
+    BIO *s_to_c = NULL;
+    BIO *c_bio = NULL;
+    BIO *s_bio = NULL;
+    int c_r, c_w, s_r, s_w;
+    int i, j;
+    int done = 0;
+    int c_write, s_write;
+    int do_server = 0, do_client = 0;
+    int max_frag = 5 * 1024;
+    int err_in_client = 0;
+    int err_in_server = 0;
+
+    bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
+
+    if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
+        goto err;
+    if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
+        goto err;
+
+    c_to_s = BIO_new(BIO_s_mem());
+    s_to_c = BIO_new(BIO_s_mem());
+    if ((s_to_c == NULL) || (c_to_s == NULL)) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    c_bio = BIO_new(BIO_f_ssl());
+    s_bio = BIO_new(BIO_f_ssl());
+    if ((c_bio == NULL) || (s_bio == NULL)) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    SSL_set_connect_state(c_ssl);
+    SSL_set_bio(c_ssl, s_to_c, c_to_s);
+    SSL_set_max_send_fragment(c_ssl, max_frag);
+    BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
+
+    /*
+     * We've just given our ref to these BIOs to c_ssl. We need another one to
+     * give to s_ssl
+     */
+    if (!BIO_up_ref(c_to_s)) {
+        /* c_to_s and s_to_c will get freed when we free c_ssl */
+        c_to_s = NULL;
+        s_to_c = NULL;
+        goto err;
+    }
+    if (!BIO_up_ref(s_to_c)) {
+        /* s_to_c will get freed when we free c_ssl */
+        s_to_c = NULL;
+        goto err;
+    }
+
+    SSL_set_accept_state(s_ssl);
+    SSL_set_bio(s_ssl, c_to_s, s_to_c);
+
+    /* We've used up all our refs to these now */
+    c_to_s = NULL;
+    s_to_c = NULL;
+
+    SSL_set_max_send_fragment(s_ssl, max_frag);
+    BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
+
+    c_r = 0;
+    s_r = 1;
+    c_w = 1;
+    s_w = 0;
+    c_write = 1, s_write = 0;
+
+    /* We can always do writes */
+    for (;;) {
+        do_server = 0;
+        do_client = 0;
+
+        i = (int)BIO_pending(s_bio);
+        if ((i && s_r) || s_w)
+            do_server = 1;
+
+        i = (int)BIO_pending(c_bio);
+        if ((i && c_r) || c_w)
+            do_client = 1;
+
+        if (do_server && debug) {
+            if (SSL_in_init(s_ssl))
+                printf("server waiting in SSL_accept - %s\n",
+                       SSL_state_string_long(s_ssl));
+/*-
+            else if (s_write)
+                printf("server:SSL_write()\n");
+            else
+                printf("server:SSL_read()\n"); */
+        }
+
+        if (do_client && debug) {
+            if (SSL_in_init(c_ssl))
+                printf("client waiting in SSL_connect - %s\n",
+                       SSL_state_string_long(c_ssl));
+/*-
+            else if (c_write)
+                printf("client:SSL_write()\n");
+            else
+                printf("client:SSL_read()\n"); */
+        }
+
+        if (!do_client && !do_server) {
+            fprintf(stdout, "ERROR IN STARTUP\n");
+            ERR_print_errors(bio_err);
+            goto err;
+        }
+        if (do_client && !(done & C_DONE)) {
+            if (c_write) {
+                j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
+                i = BIO_write(c_bio, cbuf, j);
+                if (i < 0) {
+                    c_r = 0;
+                    c_w = 0;
+                    if (BIO_should_retry(c_bio)) {
+                        if (BIO_should_read(c_bio))
+                            c_r = 1;
+                        if (BIO_should_write(c_bio))
+                            c_w = 1;
+                    } else {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        ERR_print_errors(bio_err);
+                        goto err;
+                    }
+                } else if (i == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client wrote %d\n", i);
+                    /* ok */
+                    s_r = 1;
+                    c_write = 0;
+                    cw_num -= i;
+                    if (max_frag > 1029)
+                        SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
+                }
+            } else {
+                i = BIO_read(c_bio, cbuf, bufsiz);
+                if (i < 0) {
+                    c_r = 0;
+                    c_w = 0;
+                    if (BIO_should_retry(c_bio)) {
+                        if (BIO_should_read(c_bio))
+                            c_r = 1;
+                        if (BIO_should_write(c_bio))
+                            c_w = 1;
+                    } else {
+                        fprintf(stderr, "ERROR in CLIENT\n");
+                        err_in_client = 1;
+                        ERR_print_errors(bio_err);
+                        goto err;
+                    }
+                } else if (i == 0) {
+                    fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("client read %d\n", i);
+                    cr_num -= i;
+                    if (sw_num > 0) {
+                        s_write = 1;
+                        s_w = 1;
+                    }
+                    if (cr_num <= 0) {
+                        s_write = 1;
+                        s_w = 1;
+                        done = S_DONE | C_DONE;
+                    }
+                }
+            }
+        }
+
+        if (do_server && !(done & S_DONE)) {
+            if (!s_write) {
+                i = BIO_read(s_bio, sbuf, bufsiz);
+                if (i < 0) {
+                    s_r = 0;
+                    s_w = 0;
+                    if (BIO_should_retry(s_bio)) {
+                        if (BIO_should_read(s_bio))
+                            s_r = 1;
+                        if (BIO_should_write(s_bio))
+                            s_w = 1;
+                    } else {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        ERR_print_errors(bio_err);
+                        goto err;
+                    }
+                } else if (i == 0) {
+                    ERR_print_errors(bio_err);
+                    fprintf(stderr,
+                            "SSL SERVER STARTUP FAILED in SSL_read\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server read %d\n", i);
+                    sr_num -= i;
+                    if (cw_num > 0) {
+                        c_write = 1;
+                        c_w = 1;
+                    }
+                    if (sr_num <= 0) {
+                        s_write = 1;
+                        s_w = 1;
+                        c_write = 0;
+                    }
+                }
+            } else {
+                j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
+                i = BIO_write(s_bio, sbuf, j);
+                if (i < 0) {
+                    s_r = 0;
+                    s_w = 0;
+                    if (BIO_should_retry(s_bio)) {
+                        if (BIO_should_read(s_bio))
+                            s_r = 1;
+                        if (BIO_should_write(s_bio))
+                            s_w = 1;
+                    } else {
+                        fprintf(stderr, "ERROR in SERVER\n");
+                        err_in_server = 1;
+                        ERR_print_errors(bio_err);
+                        goto err;
+                    }
+                } else if (i == 0) {
+                    ERR_print_errors(bio_err);
+                    fprintf(stderr,
+                            "SSL SERVER STARTUP FAILED in SSL_write\n");
+                    goto err;
+                } else {
+                    if (debug)
+                        printf("server wrote %d\n", i);
+                    sw_num -= i;
+                    s_write = 0;
+                    c_r = 1;
+                    if (sw_num <= 0)
+                        done |= S_DONE;
+                    if (max_frag > 1029)
+                        SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
+                }
+            }
+        }
+
+        if ((done & S_DONE) && (done & C_DONE))
+            break;
+    }
+
+    if (verbose)
+        print_details(c_ssl, "DONE: ");
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (verify_npn(c_ssl, s_ssl) < 0) {
+        ret = 1;
+        goto err;
+    }
+#endif
+    if (verify_serverinfo() < 0) {
+        fprintf(stderr, "Server info verify error\n");
+        ret = 1;
+        goto err;
+    }
+    if (custom_ext_error) {
+        fprintf(stderr, "Custom extension error\n");
+        ret = 1;
+        goto err;
+    }
+    ret = 0;
+ err:
+    BIO_free(c_to_s);
+    BIO_free(s_to_c);
+    BIO_free_all(c_bio);
+    BIO_free_all(s_bio);
+    OPENSSL_free(cbuf);
+    OPENSSL_free(sbuf);
+
+    if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+        ret = (err_in_client != 0) ? 0 : 1;
+    else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+        ret = (err_in_server != 0) ? 0 : 1;
+
+    return (ret);
+}
+
+static int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    char *s, buf[256];
+
+    s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+                          buf, sizeof(buf));
+    if (s != NULL) {
+        if (ok)
+            printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
+        else {
+            fprintf(stderr, "depth=%d error=%d %s\n",
+                    X509_STORE_CTX_get_error_depth(ctx),
+                    X509_STORE_CTX_get_error(ctx), buf);
+        }
+    }
+
+    if (ok == 0) {
+        int i = X509_STORE_CTX_get_error(ctx);
+
+        switch (i) {
+        default:
+            fprintf(stderr, "Error string: %s\n",
+                    X509_verify_cert_error_string(i));
+            break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+            ok = 1;
+            break;
+        }
+    }
+
+    return (ok);
+}
+
+static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+{
+    int ok = 1;
+    struct app_verify_arg *cb_arg = arg;
+
+    if (cb_arg->app_verify) {
+        char *s = NULL, buf[256];
+        X509 *c = X509_STORE_CTX_get0_cert(ctx);
+
+        printf("In app_verify_callback, allowing cert. ");
+        printf("Arg is: %s\n", cb_arg->string);
+        printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
+                (void *)ctx, (void *)c);
+        if (c)
+            s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
+        if (s != NULL) {
+            printf("cert depth=%d %s\n",
+                    X509_STORE_CTX_get_error_depth(ctx), buf);
+        }
+        return (1);
+    }
+
+    ok = X509_verify_cert(ctx);
+
+    return (ok);
+}
+
+#ifndef OPENSSL_NO_DH
+/*-
+ * These DH parameters have been generated as follows:
+ *    $ openssl dhparam -C -noout 512
+ *    $ openssl dhparam -C -noout 1024
+ *    $ openssl dhparam -C -noout -dsaparam 1024
+ * (The third function has been renamed to avoid name conflicts.)
+ */
+static DH *get_dh512()
+{
+    static unsigned char dh512_p[] = {
+        0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
+        0xC6,
+        0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
+        0xB0,
+        0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
+        0x5F,
+        0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
+        0xB8,
+        0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
+        0x33,
+        0x02, 0xC5, 0xAE, 0x23,
+    };
+    static unsigned char dh512_g[] = {
+        0x02,
+    };
+    DH *dh;
+    BIGNUM *p, *g;
+
+    if ((dh = DH_new()) == NULL)
+        return (NULL);
+    p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+    g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+    if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
+        DH_free(dh);
+        BN_free(p);
+        BN_free(g);
+        return (NULL);
+    }
+    return (dh);
+}
+
+static DH *get_dh1024()
+{
+    static unsigned char dh1024_p[] = {
+        0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
+        0x3A,
+        0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
+        0xA2,
+        0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
+        0xB0,
+        0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
+        0xC2,
+        0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
+        0x8C,
+        0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
+        0xB8,
+        0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
+        0x52,
+        0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
+        0xC1,
+        0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
+        0xB1,
+        0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
+        0xAB,
+        0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
+    };
+    static unsigned char dh1024_g[] = {
+        0x02,
+    };
+    DH *dh;
+    BIGNUM *p, *g;
+
+    if ((dh = DH_new()) == NULL)
+        return (NULL);
+    p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+    g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+    if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
+        DH_free(dh);
+        BN_free(p);
+        BN_free(g);
+        return (NULL);
+    }
+    return (dh);
+}
+
+static DH *get_dh1024dsa()
+{
+    static unsigned char dh1024_p[] = {
+        0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
+        0x00,
+        0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
+        0x19,
+        0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
+        0xD2,
+        0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
+        0x55,
+        0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
+        0xFC,
+        0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
+        0x97,
+        0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
+        0x8D,
+        0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
+        0xBB,
+        0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
+        0xF6,
+        0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
+        0x9E,
+        0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
+    };
+    static unsigned char dh1024_g[] = {
+        0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
+        0x05,
+        0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
+        0xF3,
+        0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
+        0xE9,
+        0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
+        0x3C,
+        0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
+        0x65,
+        0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
+        0x60,
+        0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
+        0xF6,
+        0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
+        0xA7,
+        0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
+        0xA1,
+        0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
+        0x60,
+        0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
+    };
+    DH *dh;
+    BIGNUM *p, *g;
+
+    if ((dh = DH_new()) == NULL)
+        return (NULL);
+    p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+    g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+    if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
+        DH_free(dh);
+        BN_free(p);
+        BN_free(g);
+        return (NULL);
+    }
+    DH_set_length(dh, 160);
+    return (dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+/* convert the PSK key (psk_key) in ascii to binary (psk) */
+static int psk_key2bn(const char *pskkey, unsigned char *psk,
+                      unsigned int max_psk_len)
+{
+    int ret;
+    BIGNUM *bn = NULL;
+
+    ret = BN_hex2bn(&bn, pskkey);
+    if (!ret) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+                   pskkey);
+        BN_free(bn);
+        return 0;
+    }
+    if (BN_num_bytes(bn) > (int)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%d)\n",
+                   max_psk_len, BN_num_bytes(bn));
+        BN_free(bn);
+        return 0;
+    }
+    ret = BN_bn2bin(bn, psk);
+    BN_free(bn);
+    return ret;
+}
+
+static unsigned int psk_client_callback(SSL *ssl, const char *hint,
+                                        char *identity,
+                                        unsigned int max_identity_len,
+                                        unsigned char *psk,
+                                        unsigned int max_psk_len)
+{
+    int ret;
+    unsigned int psk_len = 0;
+
+    ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
+    if (ret < 0)
+        goto out_err;
+    if (debug)
+        fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
+                ret);
+    ret = psk_key2bn(psk_key, psk, max_psk_len);
+    if (ret < 0)
+        goto out_err;
+    psk_len = ret;
+ out_err:
+    return psk_len;
+}
+
+static unsigned int psk_server_callback(SSL *ssl, const char *identity,
+                                        unsigned char *psk,
+                                        unsigned int max_psk_len)
+{
+    unsigned int psk_len = 0;
+
+    if (strcmp(identity, "Client_identity") != 0) {
+        BIO_printf(bio_err, "server: PSK error: client identity not found\n");
+        return 0;
+    }
+    psk_len = psk_key2bn(psk_key, psk, max_psk_len);
+    return psk_len;
+}
+#endif
diff --git a/openssl-1.1.0h/test/ssltestlib.c b/openssl-1.1.0h/test/ssltestlib.c
new file mode 100644
index 0000000..b824f15
--- /dev/null
+++ b/openssl-1.1.0h/test/ssltestlib.c
@@ -0,0 +1,710 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "e_os.h"
+#include "ssltestlib.h"
+
+static int tls_dump_new(BIO *bi);
+static int tls_dump_free(BIO *a);
+static int tls_dump_read(BIO *b, char *out, int outl);
+static int tls_dump_write(BIO *b, const char *in, int inl);
+static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int tls_dump_gets(BIO *bp, char *buf, int size);
+static int tls_dump_puts(BIO *bp, const char *str);
+
+/* Choose a sufficiently large type likely to be unused for this custom BIO */
+# define BIO_TYPE_TLS_DUMP_FILTER  (0x80 | BIO_TYPE_FILTER)
+
+# define BIO_TYPE_MEMPACKET_TEST      0x81
+
+static BIO_METHOD *method_tls_dump = NULL;
+static BIO_METHOD *method_mempacket_test = NULL;
+
+/* Note: Not thread safe! */
+const BIO_METHOD *bio_f_tls_dump_filter(void)
+{
+    if (method_tls_dump == NULL) {
+        method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER,
+                                        "TLS dump filter");
+        if (   method_tls_dump == NULL
+            || !BIO_meth_set_write(method_tls_dump, tls_dump_write)
+            || !BIO_meth_set_read(method_tls_dump, tls_dump_read)
+            || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts)
+            || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets)
+            || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl)
+            || !BIO_meth_set_create(method_tls_dump, tls_dump_new)
+            || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free))
+            return NULL;
+    }
+    return method_tls_dump;
+}
+
+void bio_f_tls_dump_filter_free(void)
+{
+    BIO_meth_free(method_tls_dump);
+}
+
+static int tls_dump_new(BIO *bio)
+{
+    BIO_set_init(bio, 1);
+    return 1;
+}
+
+static int tls_dump_free(BIO *bio)
+{
+    BIO_set_init(bio, 0);
+
+    return 1;
+}
+
+static void copy_flags(BIO *bio)
+{
+    int flags;
+    BIO *next = BIO_next(bio);
+
+    flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
+    BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
+    BIO_set_flags(bio, flags);
+}
+
+#define RECORD_CONTENT_TYPE     0
+#define RECORD_VERSION_HI       1
+#define RECORD_VERSION_LO       2
+#define RECORD_EPOCH_HI         3
+#define RECORD_EPOCH_LO         4
+#define RECORD_SEQUENCE_START   5
+#define RECORD_SEQUENCE_END     10
+#define RECORD_LEN_HI           11
+#define RECORD_LEN_LO           12
+
+#define MSG_TYPE                0
+#define MSG_LEN_HI              1
+#define MSG_LEN_MID             2
+#define MSG_LEN_LO              3
+#define MSG_SEQ_HI              4
+#define MSG_SEQ_LO              5
+#define MSG_FRAG_OFF_HI         6
+#define MSG_FRAG_OFF_MID        7
+#define MSG_FRAG_OFF_LO         8
+#define MSG_FRAG_LEN_HI         9
+#define MSG_FRAG_LEN_MID        10
+#define MSG_FRAG_LEN_LO         11
+
+
+static void dump_data(const char *data, int len)
+{
+    int rem, i, content, reclen, msglen, fragoff, fraglen, epoch;
+    unsigned char *rec;
+
+    printf("---- START OF PACKET ----\n");
+
+    rem = len;
+    rec = (unsigned char *)data;
+
+    while (rem > 0) {
+        if (rem != len)
+            printf("*\n");
+        printf("*---- START OF RECORD ----\n");
+        if (rem < DTLS1_RT_HEADER_LENGTH) {
+            printf("*---- RECORD TRUNCATED ----\n");
+            break;
+        }
+        content = rec[RECORD_CONTENT_TYPE];
+        printf("** Record Content-type: %d\n", content);
+        printf("** Record Version: %02x%02x\n",
+               rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]);
+        epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO];
+        printf("** Record Epoch: %d\n", epoch);
+        printf("** Record Sequence: ");
+        for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++)
+            printf("%02x", rec[i]);
+        reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO];
+        printf("\n** Record Length: %d\n", reclen);
+
+        /* Now look at message */
+        rec += DTLS1_RT_HEADER_LENGTH;
+        rem -= DTLS1_RT_HEADER_LENGTH;
+        if (content == SSL3_RT_HANDSHAKE) {
+            printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n");
+            if (epoch > 0) {
+                printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n");
+            } else if (rem < DTLS1_HM_HEADER_LENGTH
+                    || reclen < DTLS1_HM_HEADER_LENGTH) {
+                printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
+            } else {
+                printf("*** Message Type: %d\n", rec[MSG_TYPE]);
+                msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8)
+                         | rec[MSG_LEN_LO];
+                printf("*** Message Length: %d\n", msglen);
+                printf("*** Message sequence: %d\n",
+                       (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]);
+                fragoff = (rec[MSG_FRAG_OFF_HI] << 16)
+                          | (rec[MSG_FRAG_OFF_MID] << 8)
+                          | rec[MSG_FRAG_OFF_LO];
+                printf("*** Message Fragment offset: %d\n", fragoff);
+                fraglen = (rec[MSG_FRAG_LEN_HI] << 16)
+                          | (rec[MSG_FRAG_LEN_MID] << 8)
+                          | rec[MSG_FRAG_LEN_LO];
+                printf("*** Message Fragment len: %d\n", fraglen);
+                if (fragoff + fraglen > msglen)
+                    printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n");
+                else if(reclen < fraglen)
+                    printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
+                else
+                    printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n");
+            }
+        }
+        if (rem < reclen) {
+            printf("*---- RECORD TRUNCATED ----\n");
+            rem = 0;
+        } else {
+            rec += reclen;
+            rem -= reclen;
+            printf("*---- END OF RECORD ----\n");
+        }
+    }
+    printf("---- END OF PACKET ----\n\n");
+    fflush(stdout);
+}
+
+static int tls_dump_read(BIO *bio, char *out, int outl)
+{
+    int ret;
+    BIO *next = BIO_next(bio);
+
+    ret = BIO_read(next, out, outl);
+    copy_flags(bio);
+
+    if (ret > 0) {
+        dump_data(out, ret);
+    }
+
+    return ret;
+}
+
+static int tls_dump_write(BIO *bio, const char *in, int inl)
+{
+    int ret;
+    BIO *next = BIO_next(bio);
+
+    ret = BIO_write(next, in, inl);
+    copy_flags(bio);
+
+    return ret;
+}
+
+static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(bio);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static int tls_dump_gets(BIO *bio, char *buf, int size)
+{
+    /* We don't support this - not needed anyway */
+    return -1;
+}
+
+static int tls_dump_puts(BIO *bio, const char *str)
+{
+    return tls_dump_write(bio, str, strlen(str));
+}
+
+
+struct mempacket_st {
+    unsigned char *data;
+    int len;
+    unsigned int num;
+    unsigned int type;
+};
+
+static void mempacket_free(MEMPACKET *pkt)
+{
+    if (pkt->data != NULL)
+        OPENSSL_free(pkt->data);
+    OPENSSL_free(pkt);
+}
+
+typedef struct mempacket_test_ctx_st {
+    STACK_OF(MEMPACKET) *pkts;
+    unsigned int epoch;
+    unsigned int currrec;
+    unsigned int currpkt;
+    unsigned int lastpkt;
+    unsigned int noinject;
+} MEMPACKET_TEST_CTX;
+
+static int mempacket_test_new(BIO *bi);
+static int mempacket_test_free(BIO *a);
+static int mempacket_test_read(BIO *b, char *out, int outl);
+static int mempacket_test_write(BIO *b, const char *in, int inl);
+static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int mempacket_test_gets(BIO *bp, char *buf, int size);
+static int mempacket_test_puts(BIO *bp, const char *str);
+
+const BIO_METHOD *bio_s_mempacket_test(void)
+{
+    if (method_mempacket_test == NULL) {
+        method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
+                                             "Mem Packet Test");
+        if (   method_mempacket_test == NULL
+            || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write)
+            || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read)
+            || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts)
+            || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets)
+            || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl)
+            || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new)
+            || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free))
+            return NULL;
+    }
+    return method_mempacket_test;
+}
+
+void bio_s_mempacket_test_free(void)
+{
+    BIO_meth_free(method_mempacket_test);
+}
+
+static int mempacket_test_new(BIO *bio)
+{
+    MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL)
+        return 0;
+    ctx->pkts = sk_MEMPACKET_new_null();
+    if (ctx->pkts == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_init(bio, 1);
+    BIO_set_data(bio, ctx);
+    return 1;
+}
+
+static int mempacket_test_free(BIO *bio)
+{
+    MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
+
+    sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free);
+    OPENSSL_free(ctx);
+    BIO_set_data(bio, NULL);
+    BIO_set_init(bio, 0);
+
+    return 1;
+}
+
+/* Record Header values */
+#define EPOCH_HI        4
+#define EPOCH_LO        5
+#define RECORD_SEQUENCE 10
+#define RECORD_LEN_HI   11
+#define RECORD_LEN_LO   12
+
+#define STANDARD_PACKET                 0
+
+static int mempacket_test_read(BIO *bio, char *out, int outl)
+{
+    MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
+    MEMPACKET *thispkt;
+    unsigned char *rec;
+    int rem;
+    unsigned int seq, offset, len, epoch;
+
+    BIO_clear_retry_flags(bio);
+
+    thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
+    if (thispkt == NULL || thispkt->num != ctx->currpkt) {
+        /* Probably run out of data */
+        BIO_set_retry_read(bio);
+        return -1;
+    }
+    (void)sk_MEMPACKET_shift(ctx->pkts);
+    ctx->currpkt++;
+
+    if (outl > thispkt->len)
+        outl = thispkt->len;
+
+    if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) {
+        /*
+         * Overwrite the record sequence number. We strictly number them in
+         * the order received. Since we are actually a reliable transport
+         * we know that there won't be any re-ordering. We overwrite to deal
+         * with any packets that have been injected
+         */
+        rem = thispkt->len;
+        rec = thispkt->data;
+        while (rem > 0) {
+            if (rem < DTLS1_RT_HEADER_LENGTH) {
+                return -1;
+            }
+            epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];
+            if (epoch != ctx->epoch) {
+                ctx->epoch = epoch;
+                ctx->currrec = 0;
+            }
+            seq = ctx->currrec;
+            offset = 0;
+            do {
+                rec[RECORD_SEQUENCE - offset] = seq & 0xFF;
+                seq >>= 8;
+                offset++;
+            } while (seq > 0);
+            ctx->currrec++;
+
+            len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])
+                  + DTLS1_RT_HEADER_LENGTH;
+
+            rec += len;
+            rem -= len;
+        }
+    }
+
+    memcpy(out, thispkt->data, outl);
+
+    mempacket_free(thispkt);
+
+    return outl;
+}
+
+int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
+                          int type)
+{
+    MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
+    MEMPACKET *thispkt, *looppkt, *nextpkt;
+    int i;
+
+    if (ctx == NULL)
+        return -1;
+
+    /* We only allow injection before we've started writing any data */
+    if (pktnum >= 0) {
+        if (ctx->noinject)
+            return -1;
+    } else {
+        ctx->noinject = 1;
+    }
+
+    thispkt = OPENSSL_malloc(sizeof(MEMPACKET));
+    if (thispkt == NULL)
+        return -1;
+
+    thispkt->data = OPENSSL_malloc(inl);
+    if (thispkt->data == NULL) {
+        mempacket_free(thispkt);
+        return -1;
+    }
+
+    memcpy(thispkt->data, in, inl);
+    thispkt->len = inl;
+    thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt;
+    thispkt->type = type;
+
+    for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) {
+        /* Check if we found the right place to insert this packet */
+        if (looppkt->num > thispkt->num) {
+            if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) {
+                mempacket_free(thispkt);
+                return -1;
+            }
+            /* If we're doing up front injection then we're done */
+            if (pktnum >= 0)
+                return inl;
+            /*
+             * We need to do some accounting on lastpkt. We increment it first,
+             * but it might now equal the value of injected packets, so we need
+             * to skip over those
+             */
+            ctx->lastpkt++;
+            do {
+                i++;
+                nextpkt = sk_MEMPACKET_value(ctx->pkts, i);
+                if (nextpkt != NULL && nextpkt->num == ctx->lastpkt)
+                    ctx->lastpkt++;
+                else
+                    return inl;
+            } while(1);
+        } else if(looppkt->num == thispkt->num) {
+            if (!ctx->noinject) {
+                /* We injected two packets with the same packet number! */
+                return -1;
+            }
+            ctx->lastpkt++;
+            thispkt->num++;
+        }
+    }
+    /*
+     * We didn't find any packets with a packet number equal to or greater than
+     * this one, so we just add it onto the end
+     */
+    if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) {
+        mempacket_free(thispkt);
+        return -1;
+    }
+
+    if (pktnum < 0)
+        ctx->lastpkt++;
+
+    return inl;
+}
+
+static int mempacket_test_write(BIO *bio, const char *in, int inl)
+{
+    return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET);
+}
+
+static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
+    MEMPACKET *thispkt;
+
+    switch (cmd) {
+    case BIO_CTRL_EOF:
+        ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0);
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = BIO_get_shutdown(bio);
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        BIO_set_shutdown(bio, (int)num);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = 0L;
+        break;
+    case BIO_CTRL_PENDING:
+        thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
+        if (thispkt == NULL)
+            ret = 0;
+        else
+            ret = thispkt->len;
+        break;
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_RESET:
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int mempacket_test_gets(BIO *bio, char *buf, int size)
+{
+    /* We don't support this - not needed anyway */
+    return -1;
+}
+
+static int mempacket_test_puts(BIO *bio, const char *str)
+{
+    return mempacket_test_write(bio, str, strlen(str));
+}
+
+int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
+                        int min_proto_version, int max_proto_version,
+                        SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
+                        char *privkeyfile)
+{
+    SSL_CTX *serverctx = NULL;
+    SSL_CTX *clientctx = NULL;
+
+    serverctx = SSL_CTX_new(sm);
+    if (cctx != NULL)
+        clientctx = SSL_CTX_new(cm);
+    if (serverctx == NULL || (cctx != NULL && clientctx == NULL)) {
+        printf("Failed to create SSL_CTX\n");
+        goto err;
+    }
+
+    if (min_proto_version > 0
+        && !SSL_CTX_set_min_proto_version(serverctx, min_proto_version)) {
+        printf("Unable to set server min protocol versions\n");
+        goto err;
+    }
+    if (max_proto_version > 0
+        && !SSL_CTX_set_max_proto_version(serverctx, max_proto_version)) {
+        printf("Unable to set server max protocol versions\n");
+        goto err;
+    }
+
+    if (clientctx != NULL) {
+        if (min_proto_version > 0
+            && !SSL_CTX_set_max_proto_version(clientctx, max_proto_version)) {
+            printf("Unable to set client max protocol versions\n");
+            goto err;
+        }
+        if (max_proto_version > 0
+            && !SSL_CTX_set_min_proto_version(clientctx, min_proto_version)) {
+            printf("Unable to set client min protocol versions\n");
+            goto err;
+        }
+    }
+
+    if (SSL_CTX_use_certificate_file(serverctx, certfile,
+                                     SSL_FILETYPE_PEM) <= 0) {
+        printf("Failed to load server certificate\n");
+        goto err;
+    }
+    if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
+                                    SSL_FILETYPE_PEM) <= 0) {
+        printf("Failed to load server private key\n");
+    }
+    if (SSL_CTX_check_private_key(serverctx) <= 0) {
+        printf("Failed to check private key\n");
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_DH
+    SSL_CTX_set_dh_auto(serverctx, 1);
+#endif
+
+    *sctx = serverctx;
+    if (cctx != NULL)
+        *cctx = clientctx;
+
+    return 1;
+ err:
+    SSL_CTX_free(serverctx);
+    SSL_CTX_free(clientctx);
+    return 0;
+}
+
+#define MAXLOOPS    100000
+
+/*
+ * NOTE: Transfers control of the BIOs - this function will free them on error
+ */
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+                          SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
+{
+    SSL *serverssl, *clientssl;
+    BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
+
+    if (*sssl == NULL)
+        serverssl = SSL_new(serverctx);
+    else
+        serverssl = *sssl;
+    if (*cssl == NULL)
+        clientssl = SSL_new(clientctx);
+    else
+        clientssl = *cssl;
+
+    if (serverssl == NULL || clientssl == NULL) {
+        printf("Failed to create SSL object\n");
+        goto error;
+    }
+
+    if (SSL_is_dtls(clientssl)) {
+        s_to_c_bio = BIO_new(bio_s_mempacket_test());
+        c_to_s_bio = BIO_new(bio_s_mempacket_test());
+    } else {
+        s_to_c_bio = BIO_new(BIO_s_mem());
+        c_to_s_bio = BIO_new(BIO_s_mem());
+    }
+    if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
+        printf("Failed to create mem BIOs\n");
+        goto error;
+    }
+
+    if (s_to_c_fbio != NULL)
+        s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio);
+    if (c_to_s_fbio != NULL)
+        c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio);
+    if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
+        printf("Failed to create chained BIOs\n");
+        goto error;
+    }
+
+    /* Set Non-blocking IO behaviour */
+    BIO_set_mem_eof_return(s_to_c_bio, -1);
+    BIO_set_mem_eof_return(c_to_s_bio, -1);
+
+    /* Up ref these as we are passing them to two SSL objects */
+    BIO_up_ref(s_to_c_bio);
+    BIO_up_ref(c_to_s_bio);
+
+    SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
+    SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
+
+    /* BIOs will now be freed when SSL objects are freed */
+    s_to_c_bio = c_to_s_bio = NULL;
+    s_to_c_fbio = c_to_s_fbio = NULL;
+
+    *sssl = serverssl;
+    *cssl = clientssl;
+
+    return 1;
+
+ error:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    BIO_free(s_to_c_bio);
+    BIO_free(c_to_s_bio);
+    BIO_free(s_to_c_fbio);
+    BIO_free(c_to_s_fbio);
+
+    return 0;
+}
+
+int create_ssl_connection(SSL *serverssl, SSL *clientssl)
+{
+    int retc = -1, rets = -1, err, abortctr = 0;
+    int clienterr = 0, servererr = 0;
+
+    do {
+        err = SSL_ERROR_WANT_WRITE;
+        while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
+            retc = SSL_connect(clientssl);
+            if (retc <= 0)
+                err = SSL_get_error(clientssl, retc);
+        }
+
+        if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
+            printf("SSL_connect() failed %d, %d\n", retc, err);
+            clienterr = 1;
+        }
+
+        err = SSL_ERROR_WANT_WRITE;
+        while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
+            rets = SSL_accept(serverssl);
+            if (rets <= 0)
+                err = SSL_get_error(serverssl, rets);
+        }
+
+        if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
+            printf("SSL_accept() failed %d, %d\n", retc, err);
+            servererr = 1;
+        }
+        if (clienterr && servererr)
+            return 0;
+        if (++abortctr == MAXLOOPS) {
+            printf("No progress made\n");
+            return 0;
+        }
+    } while (retc <=0 || rets <= 0);
+
+    return 1;
+}
diff --git a/openssl-1.1.0h/test/ssltestlib.h b/openssl-1.1.0h/test/ssltestlib.h
new file mode 100644
index 0000000..5e8ea6e
--- /dev/null
+++ b/openssl-1.1.0h/test/ssltestlib.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLTESTLIB_H
+# define HEADER_SSLTESTLIB_H
+
+# include <openssl/ssl.h>
+
+int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
+                        int min_proto_version, int max_proto_version,
+                        SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
+                        char *privkeyfile);
+int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
+                       SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
+int create_ssl_connection(SSL *serverssl, SSL *clientssl);
+
+/* Note: Not thread safe! */
+const BIO_METHOD *bio_f_tls_dump_filter(void);
+void bio_f_tls_dump_filter_free(void);
+
+const BIO_METHOD *bio_s_mempacket_test(void);
+void bio_s_mempacket_test_free(void);
+
+/* Packet types - value 0 is reserved */
+#define INJECT_PACKET                   1
+#define INJECT_PACKET_IGNORE_REC_SEQ    2
+
+int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
+                          int type);
+
+typedef struct mempacket_st MEMPACKET;
+
+DEFINE_STACK_OF(MEMPACKET)
+
+#endif /* HEADER_SSLTESTLIB_H */
diff --git a/openssl-1.1.0h/test/test.cnf b/openssl-1.1.0h/test/test.cnf
new file mode 100644
index 0000000..718b0bf
--- /dev/null
+++ b/openssl-1.1.0h/test/test.cnf
@@ -0,0 +1,88 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= ./.rnd
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/new_certs	# default place for new certs.
+
+certificate	= $dir/CAcert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/CAkey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= testkey.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Queensland
+stateOrProvinceName_value	=
+
+localityName			= Locality Name (eg, city)
+localityName_value		= Brisbane
+
+organizationName		= Organization Name (eg, company)
+organizationName_default	= 
+organizationName_value		= CryptSoft Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	=
+organizationalUnitName_value	= .
+
+commonName			= Common Name (eg, YOUR name)
+commonName_value		= Eric Young
+
+emailAddress			= Email Address
+emailAddress_value		= eay@mincom.oz.au
diff --git a/openssl-1.1.0h/test/testcrl.pem b/openssl-1.1.0h/test/testcrl.pem
new file mode 100644
index 0000000..0989788
--- /dev/null
+++ b/openssl-1.1.0h/test/testcrl.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
+F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
+MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
+MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
+MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
+MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
+MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
+MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
+NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
+NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
+AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
+wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
+JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
+-----END X509 CRL-----
diff --git a/openssl-1.1.0h/test/testdsa.pem b/openssl-1.1.0h/test/testdsa.pem
new file mode 100644
index 0000000..b2ca5ba
--- /dev/null
+++ b/openssl-1.1.0h/test/testdsa.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvQIBAAKBgQD9Ko2Ezy2mKeOV4oJsjy8Ves9Av6bPvr5y6iFTVpGQewjzsAHS
+l3eAxwyrvE0cx8cQ4ODieVRnWibZIEoF2NRUBw3l/6o8wo1BZTnF7wtZpNr6QcCQ
+QNC3CaQZ0lw2rOewGxqZpeXmYurfceRnsZBSpQiw8kW+JTgCbRJtVAYF1wIVAN+X
+sK/vqcIQlD6ZV055LoV4qv0jAoGBAL52x3C4paZkU61ZTiIgUKPXBpanQ4a7nsjd
+iSjzgnto+rveVuFkZQKaD7Wts8SLpojBat7supr+qF1pWVpRwxOXofdO72XdKm5u
+3co7sLnqf/WVCmzX9/unlAsGfDG1R6RqA71MnQJ5q56LwAzqK23ZfGt5v1Wpho36
+FY/JnLZ2AoGBAMyZoH2YF7/wO7CbGD6bGet3q+zxksOp+6gz2+ae23Gajpd3u4Jz
+bOxqjk4vrQaTrMPRRWXWJxC5WwLMalzwke75wi8gGT6+EUxFoLXlSmRQN+h4f+Ab
+OHFQiiW9v3xrgUKPiYWPEz/bhYw5DC73vPfkHXxmV495KiSIx4fvfH1BAhUAv3HU
+l7iXVdDF5BKF2B+Vd8w9+MI=
+-----END DSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/testdsapub.pem b/openssl-1.1.0h/test/testdsapub.pem
new file mode 100644
index 0000000..70e7d5c
--- /dev/null
+++ b/openssl-1.1.0h/test/testdsapub.pem
@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP0qjYTPLaYp45XigmyPLxV6z0C/ps++
+vnLqIVNWkZB7CPOwAdKXd4DHDKu8TRzHxxDg4OJ5VGdaJtkgSgXY1FQHDeX/qjzC
+jUFlOcXvC1mk2vpBwJBA0LcJpBnSXDas57AbGpml5eZi6t9x5GexkFKlCLDyRb4l
+OAJtEm1UBgXXAhUA35ewr++pwhCUPplXTnkuhXiq/SMCgYEAvnbHcLilpmRTrVlO
+IiBQo9cGlqdDhrueyN2JKPOCe2j6u95W4WRlApoPta2zxIumiMFq3uy6mv6oXWlZ
+WlHDE5eh907vZd0qbm7dyjuwuep/9ZUKbNf3+6eUCwZ8MbVHpGoDvUydAnmrnovA
+DOorbdl8a3m/VamGjfoVj8mctnYDgYUAAoGBAMyZoH2YF7/wO7CbGD6bGet3q+zx
+ksOp+6gz2+ae23Gajpd3u4JzbOxqjk4vrQaTrMPRRWXWJxC5WwLMalzwke75wi8g
+GT6+EUxFoLXlSmRQN+h4f+AbOHFQiiW9v3xrgUKPiYWPEz/bhYw5DC73vPfkHXxm
+V495KiSIx4fvfH1B
+-----END PUBLIC KEY-----
diff --git a/openssl-1.1.0h/test/testec-p256.pem b/openssl-1.1.0h/test/testec-p256.pem
new file mode 100644
index 0000000..fb79a4c
--- /dev/null
+++ b/openssl-1.1.0h/test/testec-p256.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDYEX2yQlhJXDIwBEwcfyAn2eICEKJxqsAPGChey1a2toAoGCCqGSM49
+AwEHoUQDQgAEJXwAdITiPFcSUsaRI2nlzTNRn++q6F38XrH8m8sf28DQ+2Oob5SU
+zvgjVS0e70pIqH6bSXDgPc8mKtSs9Zi26Q==
+-----END EC PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/testecpub-p256.pem b/openssl-1.1.0h/test/testecpub-p256.pem
new file mode 100644
index 0000000..60695b8
--- /dev/null
+++ b/openssl-1.1.0h/test/testecpub-p256.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJXwAdITiPFcSUsaRI2nlzTNRn++q
+6F38XrH8m8sf28DQ+2Oob5SUzvgjVS0e70pIqH6bSXDgPc8mKtSs9Zi26Q==
+-----END PUBLIC KEY-----
diff --git a/openssl-1.1.0h/test/testp7.pem b/openssl-1.1.0h/test/testp7.pem
new file mode 100644
index 0000000..e5b7866
--- /dev/null
+++ b/openssl-1.1.0h/test/testp7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
+cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
+DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
+BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
+HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
+ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
+aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
+aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
+VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
+UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
+AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
+BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
+ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
+IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
+bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
+OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
+IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
+ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
+cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
+QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
+MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
+AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
+cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
+AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
+dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
+Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
+TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
+AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
+2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
+47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
+AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
+ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
+BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
+ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
+MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
+sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
+XfZsaiiIgotQHjEA
+-----END PKCS7-----
diff --git a/openssl-1.1.0h/test/testreq2.pem b/openssl-1.1.0h/test/testreq2.pem
new file mode 100644
index 0000000..c3cdcff
--- /dev/null
+++ b/openssl-1.1.0h/test/testreq2.pem
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
+DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
+hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
+gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
+-----END CERTIFICATE REQUEST-----
diff --git a/openssl-1.1.0h/test/testrsa.pem b/openssl-1.1.0h/test/testrsa.pem
new file mode 100644
index 0000000..aad2106
--- /dev/null
+++ b/openssl-1.1.0h/test/testrsa.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
+Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
+rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
+oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
+mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
+rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
+mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl-1.1.0h/test/testrsapub.pem b/openssl-1.1.0h/test/testrsapub.pem
new file mode 100644
index 0000000..bee2b95
--- /dev/null
+++ b/openssl-1.1.0h/test/testrsapub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6diz
+WW3DwaffznyHGAFwUJ/ITv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/openssl-1.1.0h/test/testsid.pem b/openssl-1.1.0h/test/testsid.pem
new file mode 100644
index 0000000..a90fb6e
--- /dev/null
+++ b/openssl-1.1.0h/test/testsid.pem
@@ -0,0 +1,38 @@
+-----BEGIN SSL SESSION PARAMETERS-----
+MIIGpAIBAQICAwMEAsAwBCABkpk0q01VEnPtcNWLtYg1xZJLreP0C1r4wPOakiLu
+8AQwi0opOLa+Omt26PqbLUcmI1H7F/n7qRy6TaL9Lxf2/ZBUDgRG3aSuSejO+gki
+F2U9oQYCBFR6XVaiBAICASyjggVjMIIFXzCCBEegAwIBAgIQNdDRF5hINFi7kAeK
+0fP5FjANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJGUjESMBAGA1UEChMJR0FO
+REkgU0FTMR4wHAYDVQQDExVHYW5kaSBTdGFuZGFyZCBTU0wgQ0EwHhcNMTMxMjMx
+MDAwMDAwWhcNMTQxMjMxMjM1OTU5WjBYMSEwHwYDVQQLExhEb21haW4gQ29udHJv
+bCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNTTDEWMBQGA1UE
+AxMNZGIuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AN/7DlZZKR5SELzF7rdn6LWxuebpVyFu1eXltzxi+Mig9cR0ZZD3hp0JcUresABO
+zE66AuhGtcFus/J/88CGM2r39u3n5ac5O/4Ypp57997YJRV725dL4oX75Vpc4p8j
+EI/LyIFteZN22ziv9zW7qCKKahnq1tuqDkV+84BEARpVdIaaWmn/KqsEgxeNKomy
+OLvn96IVCTAF78rudPmJHfSCl++NFmg0yu7DPyuXf8YJfA6j8/kFueanK2B1y/ww
+8MSbL3iAdgLwVtRJkwRYyKn8p5+ybwzX9L36GWgYs9OXUn8x494T5GjbGQVxUNt7
+qJnRtiUwYVoiOARrv1EI0Cq4ANXVaLDckc5y0a2PY3c4NWVlKGYbdxdQC1n6nH93
+mWDIr6vu7JX3CqDDr8FBlNVVtiBiv0q/eiVb9dzBzOntt3hA6GOJFAuwDDf7g7nq
+Gq8qqcr7EIyVB8ytQ5XMgtLCpmJkLzIdRYfdsQMa7cAbl0THAwwXigcotFA0aYIP
+BQIDAQABo4IBujCCAbYwHwYDVR0jBBgwFoAUtqj/oqgv0KbNS7Fo8+dQEDGneSEw
+HQYDVR0OBBYEFDJGWXznCu/+qyFLCmUI4cmXy1DCMA4GA1UdDwEB/wQEAwIFoDAM
+BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBgBgNV
+HSAEWTBXMEsGCysGAQQBsjEBAgIaMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cu
+Z2FuZGkubmV0L2NvbnRyYWN0cy9mci9zc2wvY3BzL3BkZi8wCAYGZ4EMAQIBMDwG
+A1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuZ2FuZGkubmV0L0dhbmRpU3RhbmRh
+cmRTU0xDQS5jcmwwagYIKwYBBQUHAQEEXjBcMDcGCCsGAQUFBzAChitodHRwOi8v
+Y3J0LmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3J0MCEGCCsGAQUFBzAB
+hhVodHRwOi8vb2NzcC5nYW5kaS5uZXQwKwYDVR0RBCQwIoINZGIuZGViaWFuLm9y
+Z4IRd3d3LmRiLmRlYmlhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBAK+ix7EQNPgU
+qDx46gAPifcm6b2FvXq+gtlB9h6UaDDO7fxDzmoU5V4WtdBM5uvIfOmpeNuCxPaj
+18cUlj9PPjL3eK43UCVu6w5hN3p2/2BPvFjQRhtBcIcEWsMal1DCtS/vCBkQt1lS
+gd4/xiMfK4cQYtwRu47gB0HuM2lecYHA42EC5hqupY/2tHo54AdyU46TxgUQcm0e
+icLtYuTjIYQWdUgM92heDw8caey5GKL2/TmYM2iWy/csFLm4tJAwPMtvy1KWdJQE
+iqYIuI9Lb4/xOyjSwVNLIJmbEzE6Sds9sjxqEcU4CconTVJazvHZtnBRV8GiRYKa
+d/xgQ6J+/Z2kAgQAqQQCAgEsqoHDBIHAPGxCacLRMYb3hbL3lRqQIfH3xoufIwKn
+zOAIyjxH7GPZpI87/e93AF1uw6eyy+aWJM6G/71E8Ln1iQtZjrGkGQCjEcIrUhEk
+Bgg93A28zly2zu2aBwi2yT4bUcyHxE3P3Q4R8xkQxrdWSMfCjCy9HKUViOENKET6
+avKXF7lDT1iG/x8RtTHtFGYX4YcFVhdEqcqnZ7tw5sqkHG2D0gLzO2SETF9KPHCq
+zAHQtw5r4Dgl+a+BGLczh6as4yIH+xH+
+-----END SSL SESSION PARAMETERS-----
diff --git a/openssl-1.1.0h/test/testutil.c b/openssl-1.1.0h/test/testutil.c
new file mode 100644
index 0000000..a16ef0f
--- /dev/null
+++ b/openssl-1.1.0h/test/testutil.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "testutil.h"
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "e_os.h"
+
+/*
+ * Declares the structures needed to register each test case function.
+ */
+typedef struct test_info {
+    const char *test_case_name;
+    int (*test_fn) ();
+    int (*param_test_fn)(int idx);
+    int num;
+} TEST_INFO;
+
+static TEST_INFO all_tests[1024];
+static int num_tests = 0;
+/*
+ * A parameterised tests runs a loop of test cases.
+ * |num_test_cases| counts the total number of test cases
+ * across all tests.
+ */
+static int num_test_cases = 0;
+
+void add_test(const char *test_case_name, int (*test_fn) ())
+{
+    assert(num_tests != OSSL_NELEM(all_tests));
+    all_tests[num_tests].test_case_name = test_case_name;
+    all_tests[num_tests].test_fn = test_fn;
+    all_tests[num_tests].num = -1;
+    ++num_test_cases;
+    ++num_tests;
+}
+
+void add_all_tests(const char *test_case_name, int(*test_fn)(int idx),
+                   int num)
+{
+    assert(num_tests != OSSL_NELEM(all_tests));
+    all_tests[num_tests].test_case_name = test_case_name;
+    all_tests[num_tests].param_test_fn = test_fn;
+    all_tests[num_tests].num = num;
+    ++num_tests;
+    num_test_cases += num;
+}
+
+int run_tests(const char *test_prog_name)
+{
+    int num_failed = 0;
+
+    int i, j;
+
+    printf("%s: %d test case%s\n", test_prog_name, num_test_cases,
+           num_test_cases == 1 ? "" : "s");
+
+    for (i = 0; i != num_tests; ++i) {
+        if (all_tests[i].num == -1) {
+            if (!all_tests[i].test_fn()) {
+                printf("** %s failed **\n--------\n",
+                       all_tests[i].test_case_name);
+                ++num_failed;
+            }
+        } else {
+            for (j = 0; j < all_tests[i].num; j++) {
+                if (!all_tests[i].param_test_fn(j)) {
+                    printf("** %s failed test %d\n--------\n",
+                           all_tests[i].test_case_name, j);
+                    ++num_failed;
+                }
+            }
+        }
+    }
+
+    if (num_failed != 0) {
+        printf("%s: %d test%s failed (out of %d)\n", test_prog_name,
+               num_failed, num_failed != 1 ? "s" : "", num_test_cases);
+        return EXIT_FAILURE;
+    }
+    printf("  All tests passed.\n");
+    return EXIT_SUCCESS;
+}
+
+static const char *print_string_maybe_null(const char *s)
+{
+    return s == NULL ? "(NULL)" : s;
+}
+
+int strings_equal(const char *desc, const char *s1, const char *s2)
+{
+    if (s1 == NULL && s2 == NULL)
+      return 1;
+    if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) {
+        fprintf(stderr, "%s mismatch: %s vs %s\n", desc, print_string_maybe_null(s1),
+                print_string_maybe_null(s2));
+        return 0;
+    }
+    return 1;
+}
diff --git a/openssl-1.1.0h/test/testutil.h b/openssl-1.1.0h/test/testutil.h
new file mode 100644
index 0000000..aaaee27
--- /dev/null
+++ b/openssl-1.1.0h/test/testutil.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TESTUTIL_H
+# define HEADER_TESTUTIL_H
+
+#include <openssl/err.h>
+
+/*-
+ * SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
+ *
+ * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE
+ * object called "fixture". It will also allocate the "result" variable used
+ * by EXECUTE_TEST. set_up() should take a const char* specifying the test
+ * case name and return a TEST_FIXTURE_TYPE by value.
+ *
+ * EXECUTE_TEST will pass fixture to execute_func() by value, call
+ * tear_down(), and return the result of execute_func(). execute_func() should
+ * take a TEST_FIXTURE_TYPE by value and return 1 on success and 0 on
+ * failure.
+ *
+ * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST
+ * variations like so:
+ *
+ * #define SETUP_FOOBAR_TEST_FIXTURE()\
+ *   SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar)
+ *
+ * #define EXECUTE_FOOBAR_TEST()\
+ *   EXECUTE_TEST(execute_foobar, tear_down_foobar)
+ *
+ * Then test case functions can take the form:
+ *
+ * static int test_foobar_feature()
+ *      {
+ *      SETUP_FOOBAR_TEST_FIXTURE();
+ *      [...set individual members of fixture...]
+ *      EXECUTE_FOOBAR_TEST();
+ *      }
+ */
+# define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\
+    TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME); \
+    int result = 0
+
+# define EXECUTE_TEST(execute_func, tear_down)\
+        result = execute_func(fixture);\
+        tear_down(fixture);\
+        return result
+
+/*
+ * TEST_CASE_NAME is defined as the name of the test case function where
+ * possible; otherwise we get by with the file name and line number.
+ */
+# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  if defined(_MSC_VER)
+#   define TEST_CASE_NAME __FUNCTION__
+#  else
+#   define testutil_stringify_helper(s) #s
+#   define testutil_stringify(s) testutil_stringify_helper(s)
+#   define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__)
+#  endif                        /* _MSC_VER */
+# else
+#  define TEST_CASE_NAME __func__
+# endif                         /* __STDC_VERSION__ */
+
+/*
+ * In main(), call ADD_TEST to register each test case function, then call
+ * run_tests() to execute all tests and report the results. The result
+ * returned from run_tests() should be used as the return value for main().
+ */
+# define ADD_TEST(test_function) add_test(#test_function, test_function)
+
+/*
+ * Simple parameterized tests. Adds a test_function(idx) test for each
+ * 0 <= idx < num.
+ */
+# define ADD_ALL_TESTS(test_function, num) \
+  add_all_tests(#test_function, test_function, num)
+
+void add_test(const char *test_case_name, int (*test_fn) ());
+void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num);
+int run_tests(const char *test_prog_name);
+
+/*
+ *  Test assumption verification helpers.
+ */
+
+/*
+ * Returns 1 if |s1| and |s2| are both NULL or equal.
+ * Otherwise, returns 0 and pretty-prints diagnostics using |desc|.
+ */
+int strings_equal(const char *desc, const char *s1, const char *s2);
+#endif                          /* HEADER_TESTUTIL_H */
+
+/*
+ * For "impossible" conditions such as malloc failures or bugs in test code,
+ * where continuing the test would be meaningless. Note that OPENSSL_assert
+ * is fatal, and is never compiled out.
+ */
+#define TEST_check(condition)                   \
+    do {                                        \
+        if (!(condition)) {                     \
+            ERR_print_errors_fp(stderr);        \
+            OPENSSL_assert(!#condition);        \
+        }                                       \
+    } while (0);
diff --git a/openssl-1.1.0h/test/testx509.pem b/openssl-1.1.0h/test/testx509.pem
new file mode 100644
index 0000000..8a85d14
--- /dev/null
+++ b/openssl-1.1.0h/test/testx509.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
+MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
+/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
+Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
+zl9HYIMxATFyqSiD9jsx
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/threadstest.c b/openssl-1.1.0h/test/threadstest.c
new file mode 100644
index 0000000..b2e96fa
--- /dev/null
+++ b/openssl-1.1.0h/test/threadstest.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <stdio.h>
+
+#include <openssl/crypto.h>
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+typedef unsigned int thread_t;
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    f();
+    return 1;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return 1;
+}
+
+#elif defined(OPENSSL_SYS_WINDOWS)
+
+typedef HANDLE thread_t;
+
+static DWORD WINAPI thread_run(LPVOID arg)
+{
+    void (*f)(void);
+
+    *(void **) (&f) = arg;
+
+    f();
+    return 0;
+}
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL);
+    return *t != NULL;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return WaitForSingleObject(thread, INFINITE) == 0;
+}
+
+#else
+
+typedef pthread_t thread_t;
+
+static void *thread_run(void *arg)
+{
+    void (*f)(void);
+
+    *(void **) (&f) = arg;
+
+    f();
+    return NULL;
+}
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    return pthread_create(t, NULL, thread_run, *(void **) &f) == 0;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return pthread_join(thread, NULL) == 0;
+}
+
+#endif
+
+static int test_lock(void)
+{
+    CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new();
+
+    if (!CRYPTO_THREAD_read_lock(lock)) {
+        fprintf(stderr, "CRYPTO_THREAD_read_lock() failed\n");
+        return 0;
+    }
+
+    if (!CRYPTO_THREAD_unlock(lock)) {
+        fprintf(stderr, "CRYPTO_THREAD_unlock() failed\n");
+        return 0;
+    }
+
+    CRYPTO_THREAD_lock_free(lock);
+
+    return 1;
+}
+
+static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT;
+static unsigned once_run_count = 0;
+
+static void once_do_run(void)
+{
+    once_run_count++;
+}
+
+static void once_run_thread_cb(void)
+{
+    CRYPTO_THREAD_run_once(&once_run, once_do_run);
+}
+
+static int test_once(void)
+{
+    thread_t thread;
+    if (!run_thread(&thread, once_run_thread_cb) ||
+        !wait_for_thread(thread))
+    {
+        fprintf(stderr, "run_thread() failed\n");
+        return 0;
+    }
+
+    if (!CRYPTO_THREAD_run_once(&once_run, once_do_run)) {
+        fprintf(stderr, "CRYPTO_THREAD_run_once() failed\n");
+        return 0;
+    }
+
+    if (once_run_count != 1) {
+        fprintf(stderr, "once run %u times\n", once_run_count);
+        return 0;
+    }
+
+    return 1;
+}
+
+static CRYPTO_THREAD_LOCAL thread_local_key;
+static unsigned destructor_run_count = 0;
+static int thread_local_thread_cb_ok = 0;
+
+static void thread_local_destructor(void *arg)
+{
+    unsigned *count;
+
+    if (arg == NULL)
+        return;
+
+    count = arg;
+
+    (*count)++;
+}
+
+static void thread_local_thread_cb(void)
+{
+    void *ptr;
+
+    ptr = CRYPTO_THREAD_get_local(&thread_local_key);
+    if (ptr != NULL) {
+        fprintf(stderr, "ptr not NULL\n");
+        return;
+    }
+
+    if (!CRYPTO_THREAD_set_local(&thread_local_key, &destructor_run_count)) {
+        fprintf(stderr, "CRYPTO_THREAD_set_local() failed\n");
+        return;
+    }
+
+    ptr = CRYPTO_THREAD_get_local(&thread_local_key);
+    if (ptr != &destructor_run_count) {
+        fprintf(stderr, "invalid ptr\n");
+        return;
+    }
+
+    thread_local_thread_cb_ok = 1;
+}
+
+static int test_thread_local(void)
+{
+    thread_t thread;
+    void *ptr = NULL;
+
+    if (!CRYPTO_THREAD_init_local(&thread_local_key, thread_local_destructor)) {
+        fprintf(stderr, "CRYPTO_THREAD_init_local() failed\n");
+        return 0;
+    }
+
+    ptr = CRYPTO_THREAD_get_local(&thread_local_key);
+    if (ptr != NULL) {
+        fprintf(stderr, "ptr not NULL\n");
+        return 0;
+    }
+
+    if (!run_thread(&thread, thread_local_thread_cb) ||
+        !wait_for_thread(thread))
+    {
+        fprintf(stderr, "run_thread() failed\n");
+        return 0;
+    }
+
+    if (thread_local_thread_cb_ok != 1) {
+        fprintf(stderr, "thread-local thread callback failed\n");
+        return 0;
+    }
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+
+    ptr = CRYPTO_THREAD_get_local(&thread_local_key);
+    if (ptr != NULL) {
+        fprintf(stderr, "ptr not NULL\n");
+        return 0;
+    }
+
+# if !defined(OPENSSL_SYS_WINDOWS)
+    if (destructor_run_count != 1) {
+        fprintf(stderr, "thread-local destructor run %u times\n",
+                destructor_run_count);
+        return 0;
+    }
+# endif
+
+#endif
+
+    if (!CRYPTO_THREAD_cleanup_local(&thread_local_key)) {
+        fprintf(stderr, "CRYPTO_THREAD_cleanup_local() failed\n");
+        return 0;
+    }
+
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    if (!test_lock())
+      return 1;
+
+    if (!test_once())
+      return 1;
+
+    if (!test_thread_local())
+      return 1;
+
+    printf("PASS\n");
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/v3-cert1.pem b/openssl-1.1.0h/test/v3-cert1.pem
new file mode 100644
index 0000000..0da253d
--- /dev/null
+++ b/openssl-1.1.0h/test/v3-cert1.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
+NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
+dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
+ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
+ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
+miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
+AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
+MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
+AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
+X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
+WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/v3-cert2.pem b/openssl-1.1.0h/test/v3-cert2.pem
new file mode 100644
index 0000000..de0723f
--- /dev/null
+++ b/openssl-1.1.0h/test/v3-cert2.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
+YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
+ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
+dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
+WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
+BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
+FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
+6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
+G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
+YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
+b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
+F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
+lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
+jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
+-----END CERTIFICATE-----
diff --git a/openssl-1.1.0h/test/v3ext.c b/openssl-1.1.0h/test/v3ext.c
new file mode 100644
index 0000000..1c1f788
--- /dev/null
+++ b/openssl-1.1.0h/test/v3ext.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+int main(int ac, char **av)
+{
+    X509 *x = NULL;
+    BIO *b = NULL;
+    long pathlen;
+    int ret = 1;
+
+    if (ac != 2) {
+        fprintf(stderr, "Usage error\n");
+        goto end;
+    }
+    b = BIO_new_file(av[1], "r");
+    if (b == NULL)
+        goto end;
+    x = PEM_read_bio_X509(b, NULL, NULL, NULL);
+    if (x == NULL)
+        goto end;
+    pathlen = X509_get_pathlen(x);
+    if (pathlen == 6)
+        ret = 0;
+
+end:
+    ERR_print_errors_fp(stderr);
+    BIO_free(b);
+    X509_free(x);
+    return ret;
+}
diff --git a/openssl-1.1.0h/test/v3nametest.c b/openssl-1.1.0h/test/v3nametest.c
new file mode 100644
index 0000000..648c1df
--- /dev/null
+++ b/openssl-1.1.0h/test/v3nametest.c
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "../e_os.h"
+#include <string.h>
+
+static const char *const names[] = {
+    "a", "b", ".", "*", "@",
+    ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
+    "-example.com", "example-.com",
+    "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com",
+    "*@example.com", "test@*.example.com", "example.com", "www.example.com",
+    "test.www.example.com", "*.example.com", "*.www.example.com",
+    "test.*.example.com", "www.*.com",
+    ".www.example.com", "*www.example.com",
+    "example.net", "xn--rger-koa.example.com",
+    "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com",
+    "*.good--example.com", "www.good--example.com",
+    "*.xn--bar.com", "xn--foo.xn--bar.com",
+    "a.example.com", "b.example.com",
+    "postmaster@example.com", "Postmaster@example.com",
+    "postmaster@EXAMPLE.COM",
+    NULL
+};
+
+static const char *const exceptions[] = {
+    "set CN: host: [*.example.com] matches [a.example.com]",
+    "set CN: host: [*.example.com] matches [b.example.com]",
+    "set CN: host: [*.example.com] matches [www.example.com]",
+    "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
+    "set CN: host: [*.www.example.com] matches [test.www.example.com]",
+    "set CN: host: [*.www.example.com] matches [.www.example.com]",
+    "set CN: host: [*www.example.com] matches [www.example.com]",
+    "set CN: host: [test.www.example.com] matches [.www.example.com]",
+    "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
+    "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
+    "set CN: host: [*.good--example.com] matches [www.good--example.com]",
+    "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
+    "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
+    "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]",
+    "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
+    "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]",
+    "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
+    "set dnsName: host: [*.example.com] matches [www.example.com]",
+    "set dnsName: host: [*.example.com] matches [a.example.com]",
+    "set dnsName: host: [*.example.com] matches [b.example.com]",
+    "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
+    "set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
+    "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
+    "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
+    "set dnsName: host: [*.www.example.com] matches [.www.example.com]",
+    "set dnsName: host: [*www.example.com] matches [www.example.com]",
+    "set dnsName: host: [test.www.example.com] matches [.www.example.com]",
+    "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
+    "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
+    "set dnsName: host: [*.good--example.com] matches [www.good--example.com]",
+    "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]",
+    "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]",
+    "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
+    "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
+    NULL
+};
+
+static int is_exception(const char *msg)
+{
+    const char *const *p;
+    for (p = exceptions; *p; ++p)
+        if (strcmp(msg, *p) == 0)
+            return 1;
+    return 0;
+}
+
+static int set_cn(X509 *crt, ...)
+{
+    int ret = 0;
+    X509_NAME *n = NULL;
+    va_list ap;
+    va_start(ap, crt);
+    n = X509_NAME_new();
+    if (n == NULL)
+        goto out;
+    while (1) {
+        int nid;
+        const char *name;
+        nid = va_arg(ap, int);
+        if (nid == 0)
+            break;
+        name = va_arg(ap, const char *);
+        if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC,
+                                        (unsigned char *)name, -1, -1, 1))
+            goto out;
+    }
+    if (!X509_set_subject_name(crt, n))
+        goto out;
+    ret = 1;
+ out:
+    X509_NAME_free(n);
+    va_end(ap);
+    return ret;
+}
+
+/*-
+int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                        int nid, int crit, ASN1_OCTET_STRING *data);
+int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+*/
+
+static int set_altname(X509 *crt, ...)
+{
+    int ret = 0;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    va_list ap;
+    va_start(ap, crt);
+    gens = sk_GENERAL_NAME_new_null();
+    if (gens == NULL)
+        goto out;
+    while (1) {
+        int type;
+        const char *name;
+        type = va_arg(ap, int);
+        if (type == 0)
+            break;
+        name = va_arg(ap, const char *);
+
+        gen = GENERAL_NAME_new();
+        if (gen == NULL)
+            goto out;
+        ia5 = ASN1_IA5STRING_new();
+        if (ia5 == NULL)
+            goto out;
+        if (!ASN1_STRING_set(ia5, name, -1))
+            goto out;
+        switch (type) {
+        case GEN_EMAIL:
+        case GEN_DNS:
+            GENERAL_NAME_set0_value(gen, type, ia5);
+            ia5 = NULL;
+            break;
+        default:
+            abort();
+        }
+        sk_GENERAL_NAME_push(gens, gen);
+        gen = NULL;
+    }
+    if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0))
+        goto out;
+    ret = 1;
+ out:
+    ASN1_IA5STRING_free(ia5);
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    va_end(ap);
+    return ret;
+}
+
+static int set_cn1(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_commonName, name, 0);
+}
+
+static int set_cn_and_email(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_commonName, name,
+                  NID_pkcs9_emailAddress, "dummy@example.com", 0);
+}
+
+static int set_cn2(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_commonName, "dummy value",
+                  NID_commonName, name, 0);
+}
+
+static int set_cn3(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_commonName, name,
+                  NID_commonName, "dummy value", 0);
+}
+
+static int set_email1(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_pkcs9_emailAddress, name, 0);
+}
+
+static int set_email2(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com",
+                  NID_pkcs9_emailAddress, name, 0);
+}
+
+static int set_email3(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_pkcs9_emailAddress, name,
+                  NID_pkcs9_emailAddress, "dummy@example.com", 0);
+}
+
+static int set_email_and_cn(X509 *crt, const char *name)
+{
+    return set_cn(crt, NID_pkcs9_emailAddress, name,
+                  NID_commonName, "www.example.org", 0);
+}
+
+static int set_altname_dns(X509 *crt, const char *name)
+{
+    return set_altname(crt, GEN_DNS, name, 0);
+}
+
+static int set_altname_email(X509 *crt, const char *name)
+{
+    return set_altname(crt, GEN_EMAIL, name, 0);
+}
+
+struct set_name_fn {
+    int (*fn) (X509 *, const char *);
+    const char *name;
+    int host;
+    int email;
+};
+
+static const struct set_name_fn name_fns[] = {
+    {set_cn1, "set CN", 1, 0},
+    {set_cn2, "set CN", 1, 0},
+    {set_cn3, "set CN", 1, 0},
+    {set_cn_and_email, "set CN", 1, 0},
+    {set_email1, "set emailAddress", 0, 1},
+    {set_email2, "set emailAddress", 0, 1},
+    {set_email3, "set emailAddress", 0, 1},
+    {set_email_and_cn, "set emailAddress", 0, 1},
+    {set_altname_dns, "set dnsName", 1, 0},
+    {set_altname_email, "set rfc822Name", 0, 1},
+    {NULL, NULL, 0}
+};
+
+static X509 *make_cert()
+{
+    X509 *ret = NULL;
+    X509 *crt = NULL;
+    X509_NAME *issuer = NULL;
+    crt = X509_new();
+    if (crt == NULL)
+        goto out;
+    if (!X509_set_version(crt, 3))
+        goto out;
+    ret = crt;
+    crt = NULL;
+ out:
+    X509_NAME_free(issuer);
+    return ret;
+}
+
+static int errors;
+
+static void check_message(const struct set_name_fn *fn, const char *op,
+                          const char *nameincert, int match, const char *name)
+{
+    char msg[1024];
+    if (match < 0)
+        return;
+    BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
+                 fn->name, op, nameincert,
+                 match ? "matches" : "does not match", name);
+    if (is_exception(msg))
+        return;
+    puts(msg);
+    ++errors;
+}
+
+static void run_cert(X509 *crt, const char *nameincert,
+                     const struct set_name_fn *fn)
+{
+    const char *const *pname = names;
+    while (*pname) {
+        int samename = strcasecmp(nameincert, *pname) == 0;
+        size_t namelen = strlen(*pname);
+        char *name = malloc(namelen);
+        int match, ret;
+        memcpy(name, *pname, namelen);
+
+        ret = X509_check_host(crt, name, namelen, 0, NULL);
+        match = -1;
+        if (ret < 0) {
+            fprintf(stderr, "internal error in X509_check_host");
+            ++errors;
+        } else if (fn->host) {
+            if (ret == 1 && !samename)
+                match = 1;
+            if (ret == 0 && samename)
+                match = 0;
+        } else if (ret == 1)
+            match = 1;
+        check_message(fn, "host", nameincert, match, *pname);
+
+        ret = X509_check_host(crt, name, namelen,
+                              X509_CHECK_FLAG_NO_WILDCARDS, NULL);
+        match = -1;
+        if (ret < 0) {
+            fprintf(stderr, "internal error in X509_check_host");
+            ++errors;
+        } else if (fn->host) {
+            if (ret == 1 && !samename)
+                match = 1;
+            if (ret == 0 && samename)
+                match = 0;
+        } else if (ret == 1)
+            match = 1;
+        check_message(fn, "host-no-wildcards", nameincert, match, *pname);
+
+        ret = X509_check_email(crt, name, namelen, 0);
+        match = -1;
+        if (fn->email) {
+            if (ret && !samename)
+                match = 1;
+            if (!ret && samename && strchr(nameincert, '@') != NULL)
+                match = 0;
+        } else if (ret)
+            match = 1;
+        check_message(fn, "email", nameincert, match, *pname);
+        ++pname;
+        free(name);
+    }
+}
+
+int main(void)
+{
+    const struct set_name_fn *pfn = name_fns;
+    while (pfn->name) {
+        const char *const *pname = names;
+        while (*pname) {
+            X509 *crt = make_cert();
+            if (crt == NULL) {
+                fprintf(stderr, "make_cert failed\n");
+                return 1;
+            }
+            if (!pfn->fn(crt, *pname)) {
+                fprintf(stderr, "X509 name setting failed\n");
+                return 1;
+            }
+            run_cert(crt, *pname, pfn);
+            X509_free(crt);
+            ++pname;
+        }
+        ++pfn;
+    }
+    return errors > 0 ? 1 : 0;
+}
diff --git a/openssl-1.1.0h/test/verify_extra_test.c b/openssl-1.1.0h/test/verify_extra_test.c
new file mode 100644
index 0000000..cc05bc2
--- /dev/null
+++ b/openssl-1.1.0h/test/verify_extra_test.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+static STACK_OF(X509) *load_certs_from_file(const char *filename)
+{
+    STACK_OF(X509) *certs;
+    BIO *bio;
+    X509 *x;
+
+    bio = BIO_new_file(filename, "r");
+
+    if (bio == NULL) {
+        return NULL;
+    }
+
+    certs = sk_X509_new_null();
+    if (certs == NULL) {
+        BIO_free(bio);
+        return NULL;
+    }
+
+    ERR_set_mark();
+    do {
+        x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+        if (x != NULL && !sk_X509_push(certs, x)) {
+            sk_X509_pop_free(certs, X509_free);
+            BIO_free(bio);
+            return NULL;
+        } else if (x == NULL) {
+            /*
+             * We probably just ran out of certs, so ignore any errors
+             * generated
+             */
+            ERR_pop_to_mark();
+        }
+    } while (x != NULL);
+
+    BIO_free(bio);
+
+    return certs;
+}
+
+/*
+ * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
+ *
+ * Chain is as follows:
+ *
+ * rootCA (self-signed)
+ *   |
+ * interCA
+ *   |
+ * subinterCA       subinterCA (self-signed)
+ *   |                   |
+ * leaf ------------------
+ *   |
+ * bad
+ *
+ * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
+ * leaf and bad have CA=FALSE
+ *
+ * subinterCA and subinterCA (ss) have the same subject name and keys
+ *
+ * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
+ * (roots.pem)
+ * leaf and subinterCA are in the untrusted list (untrusted.pem)
+ * bad is the certificate being verified (bad.pem)
+ *
+ * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
+ * CA=FALSE, and will therefore incorrectly verify bad
+ *
+ */
+static int test_alt_chains_cert_forgery(const char *roots_f,
+                                        const char *untrusted_f,
+                                        const char *bad_f)
+{
+    int ret = 0;
+    int i;
+    X509 *x = NULL;
+    STACK_OF(X509) *untrusted = NULL;
+    BIO *bio = NULL;
+    X509_STORE_CTX *sctx = NULL;
+    X509_STORE *store = NULL;
+    X509_LOOKUP *lookup = NULL;
+
+    store = X509_STORE_new();
+    if (store == NULL)
+        goto err;
+
+    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        goto err;
+    if(!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
+        goto err;
+
+    untrusted = load_certs_from_file(untrusted_f);
+
+    if ((bio = BIO_new_file(bad_f, "r")) == NULL)
+        goto err;
+
+    if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
+        goto err;
+
+    sctx = X509_STORE_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
+        goto err;
+
+    i = X509_verify_cert(sctx);
+
+    if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
+        /* This is the result we were expecting: Test passed */
+        ret = 1;
+    }
+ err:
+    X509_STORE_CTX_free(sctx);
+    X509_free(x);
+    BIO_free(bio);
+    sk_X509_pop_free(untrusted, X509_free);
+    X509_STORE_free(store);
+    if (ret != 1)
+        ERR_print_errors_fp(stderr);
+    return ret;
+}
+
+int main(int argc, char **argv)
+{
+    CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (argc != 4) {
+        fprintf(stderr, "usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
+        return 1;
+    }
+
+    if (!test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])) {
+        fprintf(stderr, "Test alt chains cert forgery failed\n");
+        return 1;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
+#endif
+
+    printf("PASS\n");
+    return 0;
+}
diff --git a/openssl-1.1.0h/test/wp_test.c b/openssl-1.1.0h/test/wp_test.c
new file mode 100644
index 0000000..7b5cc04
--- /dev/null
+++ b/openssl-1.1.0h/test/wp_test.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/whrlpool.h>
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_NO_WHIRLPOOL)
+int main(int argc, char *argv[])
+{
+    printf("No Whirlpool support\n");
+    return (0);
+}
+#else
+
+/* ISO/IEC 10118-3 test vector set */
+static const unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66,
+    0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26,
+    0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8,
+    0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7,
+    0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB,
+    0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57,
+    0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37,
+    0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3
+};
+
+static const unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F,
+    0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7,
+    0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69,
+    0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42,
+    0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6,
+    0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59,
+    0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5,
+    0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A
+};
+
+static const unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB,
+    0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B,
+    0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72,
+    0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C,
+    0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27,
+    0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6,
+    0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82,
+    0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5
+};
+
+static const unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6,
+    0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC,
+    0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C,
+    0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B,
+    0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1,
+    0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6,
+    0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33,
+    0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E
+};
+
+static const unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = {
+    0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9,
+    0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A,
+    0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5,
+    0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B,
+    0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A,
+    0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6,
+    0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D,
+    0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B
+};
+
+static const unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = {
+    0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B,
+    0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90,
+    0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC,
+    0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E,
+    0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F,
+    0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6,
+    0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21,
+    0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67
+};
+
+static const unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D,
+    0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0,
+    0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6,
+    0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29,
+    0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5,
+    0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A,
+    0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B,
+    0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B
+};
+
+static const unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61,
+    0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48,
+    0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62,
+    0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69,
+    0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B,
+    0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56,
+    0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6,
+    0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD
+};
+
+static const unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = {
+    0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5,
+    0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D,
+    0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6,
+    0x2D, 0xEC, 0xA0, 0xF1, 0xCC, 0xEA, 0x4A, 0xF5,
+    0x1F, 0xC1, 0x54, 0x90, 0xED, 0xDC, 0x47, 0xAF,
+    0x32, 0xBB, 0x2B, 0x66, 0xC3, 0x4F, 0xF9, 0xAD,
+    0x8C, 0x60, 0x08, 0xAD, 0x67, 0x7F, 0x77, 0x12,
+    0x69, 0x53, 0xB2, 0x26, 0xE4, 0xED, 0x8B, 0x01
+};
+
+int main(int argc, char *argv[])
+{
+    unsigned char md[WHIRLPOOL_DIGEST_LENGTH];
+    int i;
+    WHIRLPOOL_CTX ctx;
+
+    fprintf(stdout, "Testing Whirlpool ");
+
+    WHIRLPOOL("", 0, md);
+    if (memcmp(md, iso_test_1, sizeof(iso_test_1))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 1 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("a", 1, md);
+    if (memcmp(md, iso_test_2, sizeof(iso_test_2))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 2 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("abc", 3, md);
+    if (memcmp(md, iso_test_3, sizeof(iso_test_3))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 3 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("message digest", 14, md);
+    if (memcmp(md, iso_test_4, sizeof(iso_test_4))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 4 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("abcdefghijklmnopqrstuvwxyz", 26, md);
+    if (memcmp(md, iso_test_5, sizeof(iso_test_5))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 5 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+              "abcdefghijklmnopqrstuvwxyz" "0123456789", 62, md);
+    if (memcmp(md, iso_test_6, sizeof(iso_test_6))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 6 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("1234567890" "1234567890" "1234567890" "1234567890"
+              "1234567890" "1234567890" "1234567890" "1234567890", 80, md);
+    if (memcmp(md, iso_test_7, sizeof(iso_test_7))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 7 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk", 32, md);
+    if (memcmp(md, iso_test_8, sizeof(iso_test_8))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 8 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    WHIRLPOOL_Init(&ctx);
+    for (i = 0; i < 1000000; i += 288)
+        WHIRLPOOL_Update(&ctx, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+                         "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+                         (1000000 - i) < 288 ? 1000000 - i : 288);
+    WHIRLPOOL_Final(md, &ctx);
+    if (memcmp(md, iso_test_9, sizeof(iso_test_9))) {
+        fflush(stdout);
+        fprintf(stderr, "\nTEST 9 of 9 failed.\n");
+        return 1;
+    } else
+        fprintf(stdout, ".");
+    fflush(stdout);
+
+    fprintf(stdout, " passed.\n");
+    fflush(stdout);
+
+    return 0;
+}
+#endif
diff --git a/openssl-1.1.0h/test/x509aux.c b/openssl-1.1.0h/test/x509aux.c
new file mode 100644
index 0000000..2c20d6d
--- /dev/null
+++ b/openssl-1.1.0h/test/x509aux.c
@@ -0,0 +1,231 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+
+#include "../e_os.h"
+
+static const char *progname;
+
+static void test_usage(void)
+{
+    fprintf(stderr, "usage: %s certfile\n", progname);
+}
+
+static void print_errors(void)
+{
+    unsigned long err;
+    char buffer[1024];
+    const char *file;
+    const char *data;
+    int line;
+    int flags;
+
+    while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(err, buffer, sizeof(buffer));
+        if (flags & ERR_TXT_STRING)
+            fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data);
+        else
+            fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line);
+    }
+}
+
+static int test_certs(BIO *fp)
+{
+    int count;
+    char *name = 0;
+    char *header = 0;
+    unsigned char *data = 0;
+    long len;
+    typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
+    typedef int (*i2d_X509_t)(X509 *, unsigned char **);
+    int err = 0;
+
+    for (count = 0;
+         !err && PEM_read_bio(fp, &name, &header, &data, &len);
+	 ++count) {
+        int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0;
+        d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
+        i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
+        X509 *cert = NULL;
+	const unsigned char *p = data;
+        unsigned char *buf = NULL;
+        unsigned char *bufp;
+        long enclen;
+
+	if (!trusted
+            && strcmp(name, PEM_STRING_X509) != 0
+	    && strcmp(name, PEM_STRING_X509_OLD) != 0) {
+	    fprintf(stderr, "unexpected PEM object: %s\n", name);
+            err = 1;
+	    goto next;
+        }
+        cert = d2i(NULL, &p, len);
+
+        if (cert == NULL || (p - data) != len) {
+	    fprintf(stderr, "error parsing input %s\n", name);
+            err = 1;
+            goto next;
+        }
+
+        /* Test traditional 2-pass encoding into caller allocated buffer */
+        enclen = i2d(cert, NULL);
+        if (len != enclen) {
+	    fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+                    enclen, name, len);
+            err = 1;
+            goto next;
+        }
+        if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
+            perror("malloc");
+            err = 1;
+            goto next;
+        }
+        enclen = i2d(cert, &bufp);
+        if (len != enclen) {
+	    fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+                    enclen, name, len);
+            err = 1;
+            goto next;
+        }
+        enclen = (long) (bufp - buf);
+        if (enclen != len) {
+	    fprintf(stderr, "unexpected buffer position after encoding %s\n",
+                    name);
+            err = 1;
+            goto next;
+        }
+        if (memcmp(buf, data, len) != 0) {
+	    fprintf(stderr, "encoded content of %s does not match input\n",
+                    name);
+            err = 1;
+            goto next;
+        }
+        OPENSSL_free(buf);
+        buf = NULL;
+
+        /* Test 1-pass encoding into library allocated buffer */
+        enclen = i2d(cert, &buf);
+        if (len != enclen) {
+	    fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+                    enclen, name, len);
+            err = 1;
+            goto next;
+        }
+        if (memcmp(buf, data, len) != 0) {
+	    fprintf(stderr, "encoded content of %s does not match input\n",
+                    name);
+            err = 1;
+            goto next;
+        }
+
+        if (trusted) {
+            /* Encode just the cert and compare with initial encoding */
+            OPENSSL_free(buf);
+            buf = NULL;
+
+            /* Test 1-pass encoding into library allocated buffer */
+            enclen = i2d(cert, &buf);
+            if (enclen > len) {
+                fprintf(stderr, "encoded length %ld of %s > input length %ld\n",
+                        enclen, name, len);
+                err = 1;
+                goto next;
+            }
+            if (memcmp(buf, data, enclen) != 0) {
+                fprintf(stderr, "encoded cert content does not match input\n");
+                err = 1;
+                goto next;
+            }
+        }
+
+	/*
+	 * If any of these were null, PEM_read() would have failed.
+	 */
+    next:
+        X509_free(cert);
+        OPENSSL_free(buf);
+	OPENSSL_free(name);
+	OPENSSL_free(header);
+	OPENSSL_free(data);
+    }
+
+    if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
+        /* Reached end of PEM file */
+        if (count > 0) {
+            ERR_clear_error();
+            return 1;
+        }
+    }
+
+    /* Some other PEM read error */
+    print_errors();
+    return 0;
+}
+
+int main(int argc, char *argv[])
+{
+    BIO *bio_err;
+    const char *p;
+    int ret = 1;
+
+    progname = argv[0];
+    if (argc < 2) {
+        test_usage();
+        EXIT(ret);
+    }
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    argc--;
+    argv++;
+
+    while (argc >= 1) {
+        BIO *f = BIO_new_file(*argv, "r");
+        int ok;
+
+        if (f == NULL) {
+            fprintf(stderr, "%s: Error opening cert file: '%s': %s\n",
+                    progname, *argv, strerror(errno));
+            EXIT(ret);
+        }
+        ret = !(ok = test_certs(f));
+        BIO_free(f);
+
+        if (!ok) {
+            printf("%s ERROR\n", *argv);
+            ret = 1;
+            break;
+        }
+        printf("%s OK\n", *argv);
+
+        argc--;
+        argv++;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
diff --git a/openssl-1.1.0h/tools/build.info b/openssl-1.1.0h/tools/build.info
new file mode 100644
index 0000000..059e582
--- /dev/null
+++ b/openssl-1.1.0h/tools/build.info
@@ -0,0 +1,7 @@
+{- our $c_rehash_name =
+       $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
+   "" -}
+IF[{- !$disabled{apps} -}]
+  SCRIPTS={- $c_rehash_name -}
+  SOURCE[{- $c_rehash_name -}]=c_rehash.in
+ENDIF
diff --git a/openssl-1.1.0h/tools/c_rehash.in b/openssl-1.1.0h/tools/c_rehash.in
new file mode 100644
index 0000000..e658222
--- /dev/null
+++ b/openssl-1.1.0h/tools/c_rehash.in
@@ -0,0 +1,231 @@
+#!{- $config{hashbangperl} -}
+
+# {- join("\n# ", @autowarntext) -}
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $dir = {- quotify1($config{openssldir}) -};
+my $prefix = {- quotify1($config{prefix}) -};
+
+my $errorcount = 0;
+my $openssl = $ENV{OPENSSL} || "openssl";
+my $pwd;
+my $x509hash = "-subject_hash";
+my $crlhash = "-hash";
+my $verbose = 0;
+my $symlink_exists=eval {symlink("",""); 1};
+my $removelinks = 1;
+
+##  Parse flags.
+while ( $ARGV[0] =~ /^-/ ) {
+    my $flag = shift @ARGV;
+    last if ( $flag eq '--');
+    if ( $flag eq '-old') {
+	    $x509hash = "-subject_hash_old";
+	    $crlhash = "-hash_old";
+    } elsif ( $flag eq '-h' || $flag eq '-help' ) {
+	    help();
+    } elsif ( $flag eq '-n' ) {
+	    $removelinks = 0;
+    } elsif ( $flag eq '-v' ) {
+	    $verbose++;
+    }
+    else {
+	    print STDERR "Usage error; try -h.\n";
+	    exit 1;
+    }
+}
+
+sub help {
+	print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
+	print "   -old use old-style digest\n";
+	print "   -h or -help print this help text\n";
+	print "   -v print files removed and linked\n";
+	exit 0;
+}
+
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+	$pwd=Cwd::getcwd();
+} else {
+	$pwd=`pwd`;
+	chomp($pwd);
+}
+
+# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+if (! -x $openssl) {
+	my $found = 0;
+	foreach (split /$path_delim/, $ENV{PATH}) {
+		if (-x "$_/$openssl") {
+			$found = 1;
+			$openssl = "$_/$openssl";
+			last;
+		}	
+	}
+	if ($found == 0) {
+		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+		exit 0;
+	}
+}
+
+if (@ARGV) {
+	@dirlist = @ARGV;
+} elsif ($ENV{SSL_CERT_DIR}) {
+	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
+} else {
+	$dirlist[0] = "$dir/certs";
+}
+
+if (-d $dirlist[0]) {
+	chdir $dirlist[0];
+	$openssl="$pwd/$openssl" if (!-x $openssl);
+	chdir $pwd;
+}
+
+foreach (@dirlist) {
+	if (-d $_ ) {
+            if ( -w $_) {
+		hash_dir($_);
+            } else {
+                print "Skipping $_, can't write\n";
+                $errorcount++;
+            }
+	}
+}
+exit($errorcount);
+
+sub hash_dir {
+	my %hashlist;
+	print "Doing $_[0]\n";
+	chdir $_[0];
+	opendir(DIR, ".");
+	my @flist = sort readdir(DIR);
+	closedir DIR;
+	if ( $removelinks ) {
+		# Delete any existing symbolic links
+		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+			if (-l $_) {
+				print "unlink $_" if $verbose;
+				unlink $_ || warn "Can't unlink $_, $!\n";
+			}
+		}
+	}
+	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+		# Check to see if certificates and/or CRLs present.
+		my ($cert, $crl) = check_file($fname);
+		if (!$cert && !$crl) {
+			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+			next;
+		}
+		link_hash_cert($fname) if ($cert);
+		link_hash_crl($fname) if ($crl);
+	}
+}
+
+sub check_file {
+	my ($is_cert, $is_crl) = (0,0);
+	my $fname = $_[0];
+	open IN, $fname;
+	while(<IN>) {
+		if (/^-----BEGIN (.*)-----/) {
+			my $hdr = $1;
+			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+				$is_cert = 1;
+				last if ($is_crl);
+			} elsif ($hdr eq "X509 CRL") {
+				$is_crl = 1;
+				last if ($is_cert);
+			}
+		}
+	}
+	close IN;
+	return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "copy $fname -> $hash\n" if $verbose;
+                        if (open($in, "<", $fname)) {
+                            if (open($out,">", $hash)) {
+                                print $out $_ while (<$in>);
+                                close $out;
+                            } else {
+                                warn "can't open $hash for write, $!";
+                            }
+                            close $in;
+                        } else {
+                            warn "can't open $fname for read, $!";
+                        }
+		}
+		$hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.r$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.r$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".r$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "cp $fname -> $hash\n" if $verbose;
+			system ("cp", $fname, $hash);
+                        warn "Can't copy, $!" if ($? >> 8) != 0;
+		}
+		$hashlist{$hash} = $fprint;
+}
diff --git a/openssl-1.1.0h/util/build.info b/openssl-1.1.0h/util/build.info
new file mode 100644
index 0000000..609be51
--- /dev/null
+++ b/openssl-1.1.0h/util/build.info
@@ -0,0 +1,8 @@
+IF[{- $target{build_scheme}->[1] eq "VMS" -}]
+ SCRIPTS_NO_INST=local_shlib.com unlocal_shlib.com
+ SOURCE[local_shlib.com]=local_shlib.com.in
+ SOURCE[unlocal_shlib.com]=unlocal_shlib.com.in
+ELSIF[{- $target{build_scheme}->[1] eq "unix" -}]
+ SCRIPTS_NO_INST=shlib_wrap.sh
+ SOURCE[shlib_wrap.sh]=shlib_wrap.sh.in
+ENDIF
diff --git a/openssl-1.1.0h/util/ck_errf.pl b/openssl-1.1.0h/util/ck_errf.pl
new file mode 100755
index 0000000..7fc5367
--- /dev/null
+++ b/openssl-1.1.0h/util/ck_errf.pl
@@ -0,0 +1,70 @@
+#! /usr/bin/env perl
+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+
+my $err_strict = 0;
+my $bad = 0;
+
+foreach $file (@ARGV)
+	{
+	if ($file eq "-strict")
+		{
+		$err_strict = 1;
+		next;
+		}
+	open(IN,"<$file") || die "unable to open $file\n";
+	$func="";
+	while (<IN>)
+		{
+		if (!/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/)
+			{
+			/^([^()]*(\([^()]*\)[^()]*)*)\(/;
+			$1 =~ /([A-Za-z_0-9]*)$/;
+			$func = $1;
+			$func =~ tr/A-Z/a-z/;
+			}
+		if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/)
+			{
+			$errlib=$1;
+			$n=$2;
+
+			if ($func eq "")
+				{ print "$file:$.:???:$n\n"; $bad = 1; next; }
+
+			if ($n !~ /([^_]+)_F_(.+)$/)
+				{
+		#		print "check -$file:$.:$func:$n\n";
+				next;
+				}
+			$lib=$1;
+			$n=$2;
+
+			if ($lib ne $errlib)
+				{ print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; }
+
+			$n =~ tr/A-Z/a-z/;
+			if (($n ne $func) && ($errlib ne "SYS"))
+				{ print "$file:$.:$func:$n\n"; $bad = 1; next; }
+	#		print "$func:$1\n";
+			}
+		}
+	close(IN);
+        }
+
+if ($bad && $err_strict)
+	{
+	print STDERR "FATAL: error discrepancy\n";
+	exit 1;
+	}
+
diff --git a/openssl-1.1.0h/util/copy.pl b/openssl-1.1.0h/util/copy.pl
new file mode 100644
index 0000000..01964f5
--- /dev/null
+++ b/openssl-1.1.0h/util/copy.pl
@@ -0,0 +1,78 @@
+#! /usr/bin/env perl
+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use Fcntl;
+
+
+# copy.pl
+
+# Perl script 'copy' comment. On Windows the built in "copy" command also
+# copies timestamps: this messes up Makefile dependencies.
+
+my $stripcr = 0;
+
+my $arg;
+
+foreach $arg (@ARGV) {
+	if ($arg eq "-stripcr")
+		{
+		$stripcr = 1;
+		next;
+		}
+	$arg =~ s|\\|/|g;	# compensate for bug/feature in cygwin glob...
+	$arg = qq("$arg") if ($arg =~ /\s/);	# compensate for bug in 5.10...
+	foreach (glob $arg)
+		{
+		push @filelist, $_;
+		}
+}
+
+$fnum = @filelist;
+
+if ($fnum <= 1)
+	{
+	die "Need at least two filenames";
+	}
+
+$dest = pop @filelist;
+	
+if ($fnum > 2 && ! -d $dest)
+	{
+	die "Destination must be a directory";
+	}
+
+foreach (@filelist)
+	{
+	if (-d $dest)
+		{
+		$dfile = $_;
+		$dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+		$dfile = "$dest/$dfile";
+		}
+	else
+		{
+		$dfile = $dest;
+		}
+	sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+	sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+					|| die "Can't Open $dfile";
+	while (sysread IN, $buf, 10240)
+		{
+		if ($stripcr)
+			{
+			$buf =~ tr/\015//d;
+			}
+		syswrite(OUT, $buf, length($buf));
+		}
+	close(IN);
+	close(OUT);
+	print "Copying: $_ to $dfile\n";
+	}
+		
+
diff --git a/openssl-1.1.0h/util/dofile.pl b/openssl-1.1.0h/util/dofile.pl
new file mode 100644
index 0000000..fc72989
--- /dev/null
+++ b/openssl-1.1.0h/util/dofile.pl
@@ -0,0 +1,210 @@
+#! /usr/bin/env perl
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Reads one or more template files and runs it through Text::Template
+#
+# It is assumed that this scripts is called with -Mconfigdata, a module
+# that holds configuration data in %config
+
+use strict;
+use warnings;
+
+use FindBin;
+use Getopt::Std;
+
+# We actually expect to get the following hash tables from configdata:
+#
+#    %config
+#    %target
+#    %withargs
+#    %unified_info
+#
+# We just do a minimal test to see that we got what we expected.
+# $config{target} must exist as an absolute minimum.
+die "You must run this script with -Mconfigdata\n" if !exists($config{target});
+
+# Make a subclass of Text::Template to override append_text_to_result,
+# as recommended here:
+#
+# http://search.cpan.org/~mjd/Text-Template-1.46/lib/Text/Template.pm#Automatic_postprocessing_of_template_hunks
+
+package OpenSSL::Template;
+
+# Because we know that Text::Template isn't a core Perl module, we use
+# a fallback in case it's not installed on the system
+use File::Basename;
+use File::Spec::Functions;
+use lib "$FindBin::Bin/perl";
+use with_fallback qw(Text::Template);
+
+#use parent qw/Text::Template/;
+use vars qw/@ISA/;
+push @ISA, qw/Text::Template/;
+
+# Override constructor
+sub new {
+    my ($class) = shift;
+
+    # Call the constructor of the parent class, Person.
+    my $self = $class->SUPER::new( @_ );
+    # Add few more attributes
+    $self->{_output_off}   = 0;	# Default to output hunks
+    bless $self, $class;
+    return $self;
+}
+
+sub append_text_to_output {
+    my $self = shift;
+
+    if ($self->{_output_off} == 0) {
+	$self->SUPER::append_text_to_output(@_);
+    }
+
+    return;
+}
+
+sub output_reset_on {
+    my $self = shift;
+    $self->{_output_off} = 0;
+}
+
+sub output_on {
+    my $self = shift;
+    if (--$self->{_output_off} < 0) {
+	$self->{_output_off} = 0;
+    }
+}
+
+sub output_off {
+    my $self = shift;
+    $self->{_output_off}++;
+}
+
+# Come back to main
+
+package main;
+
+# Helper functions for the templates #################################
+
+# It might be practical to quotify some strings and have them protected
+# from possible harm.  These functions primarly quote things that might
+# be interpreted wrongly by a perl eval.
+
+# quotify1 STRING
+# This adds quotes (") around the given string, and escapes any $, @, \,
+# " and ' by prepending a \ to them.
+sub quotify1 {
+    my $s = my $orig = shift @_;
+    $s =~ s/([\$\@\\"'])/\\$1/g;
+    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
+}
+
+# quotify_l LIST
+# For each defined element in LIST (i.e. elements that aren't undef), have
+# it quotified with 'quotofy1'
+sub quotify_l {
+    map {
+        if (!defined($_)) {
+            ();
+        } else {
+            quotify1($_);
+        }
+    } @_;
+}
+
+# Error reporter #####################################################
+
+# The error reporter uses %lines to figure out exactly which file the
+# error happened and at what line.  Not that the line number may be
+# the start of a perl snippet rather than the exact line where it
+# happened.  Nothing we can do about that here.
+
+my %lines = ();
+sub broken {
+    my %args = @_;
+    my $filename = "<STDIN>";
+    my $deducelines = 0;
+    foreach (sort keys %lines) {
+        $filename = $lines{$_};
+        last if ($_ > $args{lineno});
+        $deducelines += $_;
+    }
+    print STDERR $args{error}," in $filename, fragment starting at line ",$args{lineno}-$deducelines;
+    undef;
+}
+
+# Check options ######################################################
+
+my %opts = ();
+
+# -o ORIGINATOR
+#		declares ORIGINATOR as the originating script.
+getopt('o', \%opts);
+
+my @autowarntext = ("WARNING: do not edit!",
+		    "Generated"
+		    . (defined($opts{o}) ? " by ".$opts{o} : "")
+		    . (scalar(@ARGV) > 0 ? " from ".join(", ",@ARGV) : ""));
+
+# Template reading ###################################################
+
+# Read in all the templates into $text, while keeping track of each
+# file and its size in lines, to try to help report errors with the
+# correct file name and line number.
+
+my $prev_linecount = 0;
+my $text =
+    @ARGV
+    ? join("", map { my $x = Text::Template::_load_text($_);
+                     if (!defined($x)) {
+                         die $Text::Template::ERROR, "\n";
+                     }
+                     $x = "{- output_reset_on() -}" . $x;
+                     my $linecount = $x =~ tr/\n//;
+                     $prev_linecount = ($linecount += $prev_linecount);
+                     $lines{$linecount} = $_;
+                     $x } @ARGV)
+    : join("", <STDIN>);
+
+# Engage! ############################################################
+
+# Load the full template (combination of files) into Text::Template
+# and fill it up with our data.  Output goes directly to STDOUT
+
+my $template =
+    OpenSSL::Template->new(TYPE => 'STRING',
+                           SOURCE => $text,
+                           PREPEND => qq{use lib "$FindBin::Bin/perl";});
+
+sub output_reset_on {
+    $template->output_reset_on();
+    "";
+}
+sub output_on {
+    $template->output_on();
+    "";
+}
+sub output_off {
+    $template->output_off();
+    "";
+}
+
+$template->fill_in(OUTPUT => \*STDOUT,
+                   HASH => { config => \%config,
+                             target => \%target,
+                             disabled => \%disabled,
+                             withargs => \%withargs,
+                             unified_info => \%unified_info,
+                             autowarntext => \@autowarntext,
+                             quotify1 => \&quotify1,
+                             quotify_l => \&quotify_l,
+                             output_reset_on => \&output_reset_on,
+                             output_on => \&output_on,
+                             output_off => \&output_off },
+                   DELIMITERS => [ "{-", "-}" ],
+                   BROKEN => \&broken);
diff --git a/openssl-1.1.0h/util/find-doc-nits b/openssl-1.1.0h/util/find-doc-nits
new file mode 100755
index 0000000..598854c
--- /dev/null
+++ b/openssl-1.1.0h/util/find-doc-nits
@@ -0,0 +1,549 @@
+#! /usr/bin/env perl
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+require 5.10.0;
+use warnings;
+use strict;
+use Pod::Checker;
+use File::Find;
+use File::Basename;
+use File::Spec::Functions;
+use Getopt::Std;
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
+# Options.
+our($opt_d);
+our($opt_h);
+our($opt_l);
+our($opt_n);
+our($opt_p);
+our($opt_s);
+our($opt_u);
+our($opt_c);
+
+sub help()
+{
+    print <<EOF;
+Find small errors (nits) in documentation.  Options:
+    -d Detailed list of undocumented (implies -u)
+    -l Print bogus links
+    -n Print nits in POD pages
+    -s Also print missing sections in POD pages (implies -n)
+    -p Warn if non-public name documented (implies -n)
+    -u List undocumented functions
+    -h Print this help message
+    -c List undocumented commands and options
+EOF
+    exit;
+}
+
+my $temp = '/tmp/docnits.txt';
+my $OUT;
+my %public;
+
+my %mandatory_sections =
+    ( '*'    => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
+      1      => [ 'SYNOPSIS', 'OPTIONS' ],
+      3      => [ 'SYNOPSIS', 'RETURN VALUES' ],
+      5      => [ ],
+      7      => [ ] );
+
+# Cross-check functions in the NAME and SYNOPSIS section.
+sub name_synopsis()
+{
+    my $id = shift;
+    my $filename = shift;
+    my $contents = shift;
+
+    # Get NAME section and all words in it.
+    return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
+    my $tmp = $1;
+    $tmp =~ tr/\n/ /;
+    print "$id trailing comma before - in NAME\n" if $tmp =~ /, *-/;
+    $tmp =~ s/ -.*//g;
+    $tmp =~ s/  */ /g;
+    print "$id missing comma in NAME\n" if $tmp =~ /[^,] /;
+    $tmp =~ s/,//g;
+
+    my $dirname = dirname($filename);
+    my $simplename = basename($filename);
+    $simplename =~ s/.pod$//;
+    my $foundfilename = 0;
+    my %foundfilenames = ();
+    my %names;
+    foreach my $n ( split ' ', $tmp ) {
+        $names{$n} = 1;
+        $foundfilename++ if $n eq $simplename;
+        $foundfilenames{$n} = 1
+            if -f "$dirname/$n.pod" && $n ne $simplename;
+    }
+    print "$id the following exist as other .pod files:\n",
+        join(" ", sort keys %foundfilenames), "\n"
+        if %foundfilenames;
+    print "$id $simplename (filename) missing from NAME section\n"
+        unless $foundfilename;
+    foreach my $n ( keys %names ) {
+        print "$id $n is not public\n"
+            if $opt_p and !defined $public{$n};
+    }
+
+    # Find all functions in SYNOPSIS
+    return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms;
+    my $syn = $1;
+    foreach my $line ( split /\n+/, $syn ) {
+        my $sym;
+        $line =~ s/STACK_OF\([^)]+\)/int/g;
+        $line =~ s/__declspec\([^)]+\)//;
+        if ( $line =~ /env (\S*)=/ ) {
+            # environment variable env NAME=...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.*\(\*(\S+)\)\(.*/ ) {
+            # a callback function pointer: typedef ... (*NAME)(...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.* (\S+)\(.*/ ) {
+            # a callback function signature: typedef ... NAME(...
+            $sym = $1;
+        } elsif ( $line =~ /typedef.* (\S+);/ ) {
+            # a simple typedef: typedef ... NAME;
+            $sym = $1;
+        } elsif ( $line =~ /enum (\S*) \{/ ) {
+            # an enumeration: enum ... {
+            $sym = $1;
+        } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
+            $sym = $1;
+        } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
+            $sym = $1;
+        }
+        else {
+            next;
+        }
+        print "$id $sym missing from NAME section\n"
+            unless defined $names{$sym};
+        $names{$sym} = 2;
+
+        # Do some sanity checks on the prototype.
+        print "$id prototype missing spaces around commas: $line\n"
+            if ( $line =~ /[a-z0-9],[^ ]/ );
+    }
+
+    foreach my $n ( keys %names ) {
+        next if $names{$n} == 2;
+        print "$id $n missing from SYNOPSIS\n";
+    }
+}
+
+sub check()
+{
+    my $filename = shift;
+    my $dirname = basename(dirname($filename));
+
+    my $contents = '';
+    {
+        local $/ = undef;
+        open POD, $filename or die "Couldn't open $filename, $!";
+        $contents = <POD>;
+        close POD;
+    }
+
+    my $id = "${filename}:1:";
+
+    # Find what section this page is in; assume 3.
+    my $section = 3;
+    $section = 1 if $dirname eq 'apps';
+    $section = $1 if ( $contents =~ /=for comment openssl_manual_section:(\d)/);
+
+    &name_synopsis($id, $filename, $contents)
+        unless $contents =~ /=for comment generic/
+            or $section != 3;
+
+    print "$id doesn't start with =pod\n"
+        if $contents !~ /^=pod/;
+    print "$id doesn't end with =cut\n"
+        if $contents !~ /=cut\n$/;
+    print "$id more than one cut line.\n"
+        if $contents =~ /=cut.*=cut/ms;
+    print "$id missing copyright\n"
+        if $contents !~ /Copyright .* The OpenSSL Project Authors/;
+    print "$id copyright not last\n"
+        if $contents =~ /head1 COPYRIGHT.*=head/ms;
+    print "$id head2 in All uppercase\n"
+        if $contents =~ /head2\s+[A-Z ]+\n/;
+    print "$id extra space after head\n"
+        if $contents =~ /=head\d\s\s+/;
+    print "$id period in NAME section\n"
+        if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
+    print "$id POD markup in NAME section\n"
+        if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
+    print "$id Duplicate $1 in L<>\n"
+        if $contents =~ /L<([^>]*)\|([^>]*)>/ && $1 eq $2;
+    print "$id Bad =over $1\n"
+        if $contents =~ /=over([^ ][^24])/;
+    print "$id Possible version style issue\n"
+        if $contents =~ /OpenSSL version [019]/;
+
+    if ( $contents !~ /=for comment multiple includes/ ) {
+        # Look for multiple consecutive openssl #include lines
+        # (non-consecutive lines are okay; see crypto/MD5.pod).
+        if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) {
+            my $count = 0;
+            foreach my $line ( split /\n+/, $1 ) {
+                if ( $line =~ m@include <openssl/@ ) {
+                    print "$id has multiple includes\n" if ++$count == 2;
+                } else {
+                    $count = 0;
+                }
+            }
+        }
+    }
+
+    open my $OUT, '>', $temp
+        or die "Can't open $temp, $!";
+    podchecker($filename, $OUT);
+    close $OUT;
+    open $OUT, '<', $temp
+        or die "Can't read $temp, $!";
+    while ( <$OUT> ) {
+        next if /\(section\) in.*deprecated/;
+        print;
+    }
+    close $OUT;
+    unlink $temp || warn "Can't remove $temp, $!";
+
+    foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
+        # Skip "return values" if not -s
+        next if $_ eq 'RETURN VALUES' and not $opt_s;
+        print "$id: missing $_ head1 section\n"
+            if $contents !~ /^=head1\s+${_}\s*$/m;
+    }
+}
+
+my %dups;
+
+sub parsenum()
+{
+    my $file = shift;
+    my @apis;
+
+    open my $IN, '<', $file
+        or die "Can't open $file, $!, stopped";
+
+    while ( <$IN> ) {
+        next if /^#/;
+        next if /\bNOEXIST\b/;
+        next if /\bEXPORT_VAR_AS_FUNC\b/;
+        my @fields = split();
+        die "Malformed line $_"
+            if scalar @fields != 2 && scalar @fields != 4;
+        push @apis, $fields[0];
+    }
+
+    close $IN;
+
+    print "# Found ", scalar(@apis), " in $file\n" unless $opt_p;
+    return sort @apis;
+}
+
+sub getdocced()
+{
+    my $dir = shift;
+    my %return;
+
+    foreach my $pod ( glob("$dir/*.pod") ) {
+        my %podinfo = extract_pod_info($pod);
+        foreach my $n ( @{$podinfo{names}} ) {
+            $return{$n} = $pod;
+            print "# Duplicate $n in $pod and $dups{$n}\n"
+                if defined $dups{$n} && $dups{$n} ne $pod;
+            $dups{$n} = $pod;
+        }
+    }
+
+    return %return;
+}
+
+my %docced;
+
+sub checkmacros()
+{
+    my $count = 0;
+
+    print "# Checking macros (approximate)\n";
+    foreach my $f ( glob('include/openssl/*.h') ) {
+        # Skip some internals we don't want to document yet.
+        next if $f eq 'include/openssl/asn1.h';
+        next if $f eq 'include/openssl/asn1t.h';
+        next if $f eq 'include/openssl/err.h';
+        open(IN, $f) || die "Can't open $f, $!";
+        while ( <IN> ) {
+            next unless /^#\s*define\s*(\S+)\(/;
+            my $macro = $1;
+            next if $docced{$macro};
+            next if $macro =~ /i2d_/
+                || $macro =~ /d2i_/
+                || $macro =~ /DEPRECATEDIN/
+                || $macro =~ /IMPLEMENT_/
+                || $macro =~ /DECLARE_/;
+            print "$f:$macro\n" if $opt_d;
+            $count++;
+        }
+        close(IN);
+    }
+    print "# Found $count macros missing (not all should be documented)\n"
+}
+
+sub printem()
+{
+    my $libname = shift;
+    my $numfile = shift;
+    my $count = 0;
+
+    foreach my $func ( &parsenum($numfile) ) {
+        next if $docced{$func};
+
+        # Skip ASN1 utilities
+        next if $func =~ /^ASN1_/;
+
+        print "$libname:$func\n" if $opt_d;
+        $count++;
+    }
+    print "# Found $count missing from $numfile\n\n";
+}
+
+
+# Collection of links in each POD file.
+# filename => [ "foo(1)", "bar(3)", ... ]
+my %link_collection = ();
+# Collection of names in each POD file.
+# "name(s)" => filename
+my %name_collection = ();
+
+sub collectnames {
+    my $filename = shift;
+    $filename =~ m|man(\d)/|;
+    my $section = $1;
+    my $simplename = basename($filename, ".pod");
+    my $id = "${filename}:1:";
+
+    my $contents = '';
+    {
+        local $/ = undef;
+        open POD, $filename or die "Couldn't open $filename, $!";
+        $contents = <POD>;
+        close POD;
+    }
+
+    $contents =~ /=head1 NAME([^=]*)=head1 /ms;
+    my $tmp = $1;
+    unless (defined $tmp) {
+        print "$id weird name section\n";
+        return;
+    }
+    $tmp =~ tr/\n/ /;
+    $tmp =~ s/-.*//g;
+
+    my @names = map { s/\s+//g; $_ } split(/,/, $tmp);
+    unless (grep { $simplename eq $_ } @names) {
+        print "$id missing $simplename\n";
+        push @names, $simplename;
+    }
+    foreach my $name (@names) {
+        next if $name eq "";
+        my $name_sec = "$name($section)";
+        if (! exists $name_collection{$name_sec}) {
+            $name_collection{$name_sec} = $filename;
+        } else { #elsif ($filename ne $name_collection{$name_sec}) {
+            print "$id $name_sec also in $name_collection{$name_sec}\n";
+        }
+    }
+
+    my @foreign_names =
+        map { map { s/\s+//g; $_ } split(/,/, $_) }
+        $contents =~ /=for\s+comment\s+foreign\s+manuals:\s*(.*)\n\n/;
+    foreach (@foreign_names) {
+        $name_collection{$_} = undef; # It still exists!
+    }
+
+    my @links = $contents =~ /L<
+                              # if the link is of the form L<something|name(s)>,
+                              # then remove 'something'.  Note that 'something'
+                              # may contain POD codes as well...
+                              (?:(?:[^\|]|<[^>]*>)*\|)?
+                              # we're only interested in referenses that have
+                              # a one digit section number
+                              ([^\/>\(]+\(\d\))
+                             /gx;
+    $link_collection{$filename} = [ @links ];
+}
+
+sub checklinks {
+    foreach my $filename (sort keys %link_collection) {
+        foreach my $link (@{$link_collection{$filename}}) {
+            print "${filename}:1: reference to non-existing $link\n"
+                unless exists $name_collection{$link};
+        }
+    }
+}
+
+sub publicize() {
+    foreach my $name ( &parsenum('util/libcrypto.num') ) {
+        $public{$name} = 1;
+    }
+    foreach my $name ( &parsenum('util/libssl.num') ) {
+        $public{$name} = 1;
+    }
+    foreach my $name ( &parsenum('util/private.num') ) {
+        $public{$name} = 1;
+    }
+}
+
+my %skips = (
+    'aes128' => 1,
+    'aes192' => 1,
+    'aes256' => 1,
+    'aria128' => 1,
+    'aria192' => 1,
+    'aria256' => 1,
+    'camellia128' => 1,
+    'camellia192' => 1,
+    'camellia256' => 1,
+    'des' => 1,
+    'des3' => 1,
+    'idea' => 1,
+    '[cipher]' => 1,
+    '[digest]' => 1,
+);
+
+sub checkflags() {
+    my $cmd = shift;
+    my %cmdopts;
+    my %docopts;
+    my $ok = 1;
+
+    # Get the list of options in the command.
+    open CFH, "./apps/openssl list --options $cmd|"
+        || die "Can list options for $cmd, $!";
+    while ( <CFH> ) {
+        chop;
+        s/ .$//;
+        $cmdopts{$_} = 1;
+    }
+    close CFH;
+
+    # Get the list of flags from the synopsis
+    open CFH, "<doc/apps/$cmd.pod"
+        || die "Can't open $cmd.pod, $!";
+    while ( <CFH> ) {
+        chop;
+        last if /DESCRIPTION/;
+        next unless /\[B<-([^ >]+)/;
+        $docopts{$1} = 1;
+    }
+    close CFH;
+
+    # See what's in the command not the manpage.
+    my @undocced = ();
+    foreach my $k ( keys %cmdopts ) {
+        push @undocced, $k unless $docopts{$k};
+    }
+    if ( scalar @undocced > 0 ) {
+        $ok = 0;
+        foreach ( @undocced ) {
+            print "doc/apps/$cmd.pod: Missing -$_\n";
+        }
+    }
+
+    # See what's in the command not the manpage.
+    my @unimpl = ();
+    foreach my $k ( keys %docopts ) {
+        push @unimpl, $k unless $cmdopts{$k};
+    }
+    if ( scalar @unimpl > 0 ) {
+        $ok = 0;
+        foreach ( @unimpl ) {
+            next if defined $skips{$_};
+            print "doc/apps/$cmd.pod: Not implemented -$_\n";
+        }
+    }
+
+    return $ok;
+}
+
+getopts('cdlnsphu');
+
+&help() if $opt_h;
+$opt_n = 1 if $opt_s or $opt_p;
+$opt_u = 1 if $opt_d;
+
+die "Need one of -[cdlnspu] flags.\n"
+    unless $opt_c or $opt_l or $opt_n or $opt_u;
+
+if ( $opt_c ) {
+    my $ok = 1;
+    my @commands = ();
+
+    # Get list of commands.
+    open FH, "./apps/openssl list -1 -commands|"
+        || die "Can't list commands, $!";
+    while ( <FH> ) {
+        chop;
+        push @commands, $_;
+    }
+    close FH;
+
+    # See if each has a manpage.
+    foreach ( @commands ) {
+        next if $_ eq 'help' || $_ eq 'exit';
+        if ( ! -f "doc/apps/$_.pod" ) {
+            print "doc/apps/$_.pod does not exist\n";
+            $ok = 0;
+        } else {
+            $ok = 0 if not &checkflags($_);
+        }
+    }
+
+    # See what help is missing.
+    open FH, "./apps/openssl list --missing-help |"
+        || die "Can't list missing help, $!";
+    while ( <FH> ) {
+        chop;
+        my ($cmd, $flag) = split;
+        print "$cmd has no help for -$flag\n";
+        $ok = 0;
+    }
+    close FH;
+
+    exit 1 if not $ok;
+}
+
+if ( $opt_l ) {
+    foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
+        collectnames($_);
+    }
+    checklinks();
+}
+
+if ( $opt_n ) {
+    &publicize() if $opt_p;
+    foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
+        &check($_);
+    }
+}
+
+if ( $opt_u ) {
+    my %temp = &getdocced('doc/crypto');
+    foreach ( keys %temp ) {
+        $docced{$_} = $temp{$_};
+    }
+    &printem('crypto', 'util/libcrypto.num');
+    &printem('ssl', 'util/libssl.num');
+    &checkmacros();
+}
+
+exit;
diff --git a/openssl-1.1.0h/util/find-undoc-api.pl b/openssl-1.1.0h/util/find-undoc-api.pl
new file mode 100755
index 0000000..7b2cb97
--- /dev/null
+++ b/openssl-1.1.0h/util/find-undoc-api.pl
@@ -0,0 +1,82 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use File::Spec::Functions;
+use File::Basename;
+#use File::Copy;
+#use File::Path;
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
+my %dups;
+
+sub parsenum()
+{
+    my $file = shift;
+    my @apis;
+
+    open my $IN, '<', $file
+        or die "Can't open $file, $!, stopped";
+
+    while ( <$IN> ) {
+        next if /\sNOEXIST/;
+        next if /EXPORT_VAR_AS_FUNC/;
+        push @apis, $1 if /([^\s]+).\s/;
+    }
+
+    close $IN;
+
+    print "# Found ", scalar(@apis), " in $file\n";
+    return sort @apis;
+}
+
+sub getdocced()
+{
+    my $dir = shift;
+    my %return;
+
+    foreach my $pod ( glob("$dir/*.pod") ) {
+        next if $pod eq 'doc/crypto/crypto.pod';
+        next if $pod eq 'doc/ssl/ssl.pod';
+        my %podinfo = extract_pod_info($pod);
+        foreach my $n ( @{$podinfo{names}} ) {
+            $return{$n} = $pod;
+            print "# Duplicate $n in $pod and $dups{$n}\n"
+                if defined $dups{$n};
+            $dups{$n} = $pod;
+        }
+    }
+
+    return %return;
+}
+
+sub printem()
+{
+    my $docdir = shift;
+    my $numfile = shift;
+    my %docced = &getdocced($docdir);
+    my $count = 0;
+
+    foreach my $func ( &parsenum($numfile) ) {
+        next if $docced{$func};
+
+        # Skip ASN1 utilities
+        next if $func =~ /^ASN1_/;
+
+        print $func, "\n";
+        $count++;
+    }
+    print "# Found $count missing from $numfile\n\n";
+}
+
+
+&printem('doc/crypto', 'util/libcrypto.num');
+&printem('doc/ssl', 'util/libssl.num');
diff --git a/openssl-1.1.0h/util/find-unused-errs b/openssl-1.1.0h/util/find-unused-errs
new file mode 100755
index 0000000..68cf66b
--- /dev/null
+++ b/openssl-1.1.0h/util/find-unused-errs
@@ -0,0 +1,35 @@
+#! /bin/bash
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Find unused error function-names and reason-codes, and edit them
+# out of the source.  Doesn't handle line-wrapping, might have to do
+# some manual cleanups to fix compile errors.
+
+export X1=/tmp/f.1.$$
+export X2=/tmp/f.2.$$
+
+cd include/openssl || exit 1
+grep '_[RF]_' * | awk '{print $3;}' | sort -u >$X1
+cd ../..
+
+for F in `cat $X1` ; do
+    git grep -l --full-name -F $F >$X2
+    NUM=`wc -l <$X2`
+    test $NUM -gt 2 && continue
+    if grep -q $F crypto/err/openssl.ec ; then
+        echo Possibly unused $F found in openssl.ec
+        continue
+    fi
+    echo $F
+    for FILE in `cat $X2` ; do
+        grep -v -w $F <$FILE >$FILE.new
+        mv $FILE.new $FILE
+    done
+done
+
+rm $X1 $X2
diff --git a/openssl-1.1.0h/util/fipslink.pl b/openssl-1.1.0h/util/fipslink.pl
new file mode 100644
index 0000000..18a9153
--- /dev/null
+++ b/openssl-1.1.0h/util/fipslink.pl
@@ -0,0 +1,115 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+sub check_env
+	{
+	my @ret;
+	foreach (@_)
+		{
+		die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+		push @ret, $ENV{$_};
+		}
+	return @ret;
+	}
+
+
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+	 = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+	 	"FIPSLIB_D", "FIPS_SHA1_EXE");
+
+
+
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+	{
+	$fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+	}
+	else
+	{
+	$fips_premain_dso = "";
+	}
+
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.lib");
+
+
+print "Integrity check OK\n";
+
+if (is_premain_linked(@ARGV)) {
+	print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+	system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+	die "First stage Compile failure" if $? != 0;
+} elsif (!defined($ENV{FIPS_SIG})) {
+	die "no fips_premain.obj linked";
+}
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+
+if (defined($ENV{FIPS_SIG})) {
+	print "$ENV{FIPS_SIG} $fips_target\n";
+	system "$ENV{FIPS_SIG} $fips_target";
+	die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0;
+	exit;
+}
+
+print "$fips_premain_dso $fips_target\n";
+system("$fips_premain_dso $fips_target >$fips_target.sha1");
+die "Get hash failure" if $? != 0;
+open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
+$fips_hash=<$sha1_res>;
+close $sha1_res;
+unlink $fips_target.".sha1";
+$fips_hash =~ s|\R$||;          # Better chomp
+die "Get hash failure" if $? != 0;
+
+
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+
+sub is_premain_linked
+	{
+	return 1 if (grep /fips_premain\.obj/,@_);
+	foreach (@_)
+		{
+		if (/^@(.*)/ && -f $1)
+			{
+			open FD,$1 or die "can't open $1";
+			my $ret = (grep /fips_premain\.obj/,<FD>)?1:0;
+			close FD;
+			return $ret;
+			}
+		}
+	return 0;
+	}
+
+sub check_hash
+	{
+	my ($sha1_exe, $filename) = @_;
+	my ($hashfile, $hashval);
+
+	open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+	$hashfile = <IN>;
+	close IN;
+	$hashval = `$sha1_exe ${fips_libdir}/$filename`;
+	$hashfile =~ s|\R$||;    # Better chomp
+	$hashval =~ s|\R$||;     # Better chomp
+	$hashfile =~ s/^.*=\s+//;
+	$hashval =~ s/^.*=\s+//;
+	die "Invalid hash syntax in file" if (length($hashfile) != 40);
+	die "Invalid hash received for file" if (length($hashval) != 40);
+	die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); 
+	}
+
+
diff --git a/openssl-1.1.0h/util/incore b/openssl-1.1.0h/util/incore
new file mode 100755
index 0000000..26fcf95
--- /dev/null
+++ b/openssl-1.1.0h/util/incore
@@ -0,0 +1,454 @@
+#! /usr/bin/env perl
+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# The script embeds fingerprint into ELF executable object, either
+# application binary or shared library.
+
+######################################################################
+#
+# ELF symbol table parser by <appro@openssl.org>. The table entries
+# are extended with offset within executable file...
+#
+{ package ELF;
+  use FileHandle;
+
+    sub dup  { my %copy=map {$_} @_; return \%copy; }
+
+    sub Load {
+	my $class = shift;
+	my $self  = {};
+	my $FD    = FileHandle->new();	# autoclose
+
+	bless $self,$class;
+
+	sysopen($FD,shift,0) or die "$!";
+	binmode($FD);
+
+	#################################################
+	# read and parse elf_ehdr.e_ident...
+	#
+	read($FD,my $elf,16) or die "$!";
+
+	my %e_ident;
+	@e_ident{magic,class,data,version,osabi,abiver,pad}=
+		unpack("a4C*",$elf);
+
+	$!=42;		# signal fipsld to revert to two-step link
+	die "not ELF file" if ($e_ident{magic} ne chr(0177)."ELF");
+
+	my $elf_bits   = $e_ident{class}*32;	# 32 or 64
+	my $big_endian = $e_ident{data}-1;	# 0 or 1
+
+	if ($elf_bits==64) {
+	    if (!(((1<<31)<<1) && $big_endian==(unpack("L",pack("N",1))==1))) {
+		die "ELF64 is supported only natively";
+	    }
+	}
+
+	#################################################
+	# read and parse remainder of elf_ehdr...
+	#
+	read($FD,my $elfhdr,64) or die "$!";
+
+	my %elf_ehdr;
+	@elf_ehdr{e_type,e_machine,e_version,
+		e_entry,e_phoff,e_shoff,e_flags,e_ehsize,
+		e_phentsize,e_phnum,e_shentsize,e_shnum,e_shstrndx} =
+	$elf_bits==32 ?
+		unpack($big_endian?"nnN5n6":"vvV5v6",$elfhdr)
+	:	unpack("SSLQ3LS6",$elfhdr);
+
+	# put aside e_machine in case one has to treat specific
+	# platforms differently, see EM_ constants in elf.h for
+	# assortment... 
+	$self->{e_machine} = $elf_ehdr{e_machine};
+
+	#################################################
+	# read and parse elf_shdr table...
+	#
+	my ($i,$sz,$symtab_idx,$blob,$strings);
+
+	seek($FD,$elf_ehdr{e_shoff},0) or die "$!";
+	read($FD,$blob,$elf_ehdr{e_shentsize}*$elf_ehdr{e_shnum}) or die "$!";
+
+	my @sections;
+	my $elf_shdr_struct=($elf_bits==32?($big_endian?"N10":"V10"):"L2Q4L2Q2");
+	for ($sz=$elf_ehdr{e_shentsize},$i=0;$i<length($blob);$i+=$sz) {
+	    my %elf_shdr;
+
+	    @elf_shdr{sh_name,sh_type,sh_flags,
+			sh_addr,sh_offset,sh_size,
+			sh_link,sh_info,sh_addalign,sh_entsize} =
+		unpack($elf_shdr_struct,substr($blob,$i,$sz));
+
+	    push(@sections,dup(%elf_shdr));
+
+	    # note SHT_SYMTAB or SHT_DYNSYM for future reference
+	    if ($elf_shdr{sh_type}==2 || $elf_shdr{sh_type}==11) {
+		$symtab_idx = $#sections;
+	    }
+	}
+
+	# read strings table and map section names...
+	seek($FD,@sections[$elf_ehdr{e_shstrndx}]->{sh_offset},0)	or die "$!";
+	read($FD,$strings,@sections[$elf_ehdr{e_shstrndx}]->{sh_size})	or die "$!";
+	for (@sections) {
+	    $_->{sh_name}=(split(chr(0),substr($strings,$_->{sh_name},64)))[0];
+	}
+
+	#################################################
+	# read symbol strings table...
+	#
+	$i=@sections[$symtab_idx]->{sh_link};
+	seek($FD,@sections[$i]->{sh_offset},0)		or die "$!";
+	read($FD,$strings,@sections[$i]->{sh_size})	or die "$!";
+
+	#################################################
+	# read and parse elf_sym table...
+	#
+	seek($FD,@sections[$symtab_idx]->{sh_offset},0)		or die "$!";
+	read($FD,my $blob,@sections[$symtab_idx]->{sh_size})	or die "$!";
+
+	for ($sz=@sections[$symtab_idx]->{sh_entsize},$i=0;$i<length($blob);$i+=$sz) {
+	    my %elf_sym;
+
+	    if ($elf_bits==32) {
+		@elf_sym{st_name,st_value,st_size,st_info,st_other,st_shndx} =
+			unpack($big_endian?"N3CCn":"V3CCv",substr($blob,$i,$sz));
+	    } else {
+		@elf_sym{st_name,st_info,st_other,st_shndx,st_value,st_size} =
+			unpack("LCCSQQ",substr($blob,$i,$sz));
+	    }
+
+	    my $st_type = $elf_sym{st_info}&0xf;
+	    my $st_bind = $elf_sym{st_info}>>4;
+	    my $st_secn = $elf_sym{st_shndx};
+	    my $name;
+	    #                 (STT_OBJECT  || STT_FUNC)
+	    if ($st_bind<3 && ($st_type==1 || $st_type==2)
+	    	&& $st_secn <= $#sections 		# sane st_shndx
+		&& @sections[$st_secn]->{sh_type}	# not SHN_UNDEF
+		&& ($name=(split(chr(0),substr($strings,$elf_sym{st_name},128)))[0])
+		) {
+		# synthesize st_offset, ...
+	    	$elf_sym{st_offset}  = $elf_sym{st_value}
+				- @sections[$st_secn]->{sh_addr}
+				+ @sections[$st_secn]->{sh_offset};
+		$elf_sym{st_name}    = $name;
+		$elf_sym{st_section} = @sections[$st_secn]->{sh_name};
+		# ... and add to lookup table
+		$self->{symbols}{$name} = dup(%elf_sym);
+	    }
+	}
+
+	return $self;
+    }
+
+    sub Lookup {
+	my $self = shift;
+	my $name = shift;
+	return $self->{symbols}{$name};
+    }
+
+    sub Traverse {
+	my $self = shift;
+	my $code = shift;
+
+	if (ref($code) eq 'CODE') {
+	    for (keys(%{$self->{symbols}})) { &$code($self->{symbols}{$_}); }
+	}
+    }
+}
+
+######################################################################
+#
+# SHA1 and HMAC in Perl by <appro@openssl.org>.
+#
+{ package SHA1;
+  use integer;
+
+    {
+    ################################### SHA1 block code generator
+    my @V = ('$A','$B','$C','$D','$E');
+    my $i;
+
+    sub XUpdate {
+      my $ret;
+	$ret="(\$T=\$W[($i-16)%16]^\$W[($i-14)%16]^\$W[($i-8)%16]^\$W[($i-3)%16],\n\t";
+	if ((1<<31)<<1) {
+	    $ret.="    \$W[$i%16]=((\$T<<1)|(\$T>>31))&0xffffffff)\n\t  ";
+	} else {
+	    $ret.="    \$W[$i%16]=(\$T<<1)|((\$T>>31)&1))\n\t  ";
+	}
+    }
+    sub tail {
+      my ($a,$b,$c,$d,$e)=@V;
+      my $ret;
+	if ((1<<31)<<1) {
+	    $ret.="(($a<<5)|($a>>27));\n\t";
+	    $ret.="$b=($b<<30)|($b>>2);	$e&=0xffffffff;	#$b&=0xffffffff;\n\t";
+	} else {
+	    $ret.="(($a<<5)|($a>>27)&0x1f);\n\t";
+	    $ret.="$b=($b<<30)|($b>>2)&0x3fffffff;\n\t";
+	}
+      $ret;
+    }
+    sub BODY_00_15 {
+	my ($a,$b,$c,$d,$e)=@V;
+	"$e+=\$W[$i]+0x5a827999+((($c^$d)&$b)^$d)+".tail();
+    }
+    sub BODY_16_19 {
+	my ($a,$b,$c,$d,$e)=@V;
+	"$e+=".XUpdate()."+0x5a827999+((($c^$d)&$b)^$d)+".tail();
+    }
+    sub BODY_20_39 {
+	my ($a,$b,$c,$d,$e)=@V;
+	"$e+=".XUpdate()."+0x6ed9eba1+($b^$c^$d)+".tail();
+    }
+    sub BODY_40_59 {
+	my ($a,$b,$c,$d,$e)=@V;
+	"$e+=".XUpdate()."+0x8f1bbcdc+(($b&$c)|(($b|$c)&$d))+".tail();
+    }
+    sub BODY_60_79 {
+	my ($a,$b,$c,$d,$e)=@V;
+	"$e+=".XUpdate()."+0xca62c1d6+($b^$c^$d)+".tail();
+    }
+
+    my $sha1_impl =
+    'sub block {
+	my $self = @_[0];
+	my @W    = unpack("N16",@_[1]);
+	my ($A,$B,$C,$D,$E,$T) = @{$self->{H}};
+	';
+
+	$sha1_impl.='
+	$A &= 0xffffffff;
+	$B &= 0xffffffff;
+	' if ((1<<31)<<1);
+
+	for($i=0;$i<16;$i++){ $sha1_impl.=BODY_00_15(); unshift(@V,pop(@V)); }
+	for(;$i<20;$i++)    { $sha1_impl.=BODY_16_19(); unshift(@V,pop(@V)); }
+	for(;$i<40;$i++)    { $sha1_impl.=BODY_20_39(); unshift(@V,pop(@V)); }
+	for(;$i<60;$i++)    { $sha1_impl.=BODY_40_59(); unshift(@V,pop(@V)); }
+	for(;$i<80;$i++)    { $sha1_impl.=BODY_60_79(); unshift(@V,pop(@V)); }
+
+	$sha1_impl.='
+	$self->{H}[0]+=$A;	$self->{H}[1]+=$B;	$self->{H}[2]+=$C;
+	$self->{H}[3]+=$D;	$self->{H}[4]+=$E;	}';
+
+    #print $sha1_impl,"\n";
+    eval($sha1_impl);		# generate code
+    }
+
+    sub Init {
+	my $class = shift;	# multiple instances...
+	my $self  = {};
+
+	bless $self,$class;
+	$self->{H} = [0x67452301,0xefcdab89,0x98badcfe,0x10325476,0xc3d2e1f0];
+	$self->{N} = 0;
+	return $self;
+    }
+
+    sub Update {
+	my $self = shift;
+	my $msg;
+
+	foreach $msg (@_) {
+	    my $len  = length($msg);
+	    my $num  = length($self->{buf});
+	    my $off  = 0;
+
+	    $self->{N} += $len;
+
+	    if (($num+$len)<64)
+	    {	$self->{buf} .= $msg; next;	}
+	    elsif ($num)
+	    {	$self->{buf} .= substr($msg,0,($off=64-$num));
+		$self->block($self->{buf});
+	    }
+
+	    while(($off+64) <= $len)
+	    {	$self->block(substr($msg,$off,64));
+		$off += 64;
+	    }
+
+	    $self->{buf} = substr($msg,$off);
+	}
+	return $self;
+    }
+
+    sub Final {
+	my $self = shift;
+	my $num  = length($self->{buf});
+
+	$self->{buf} .= chr(0x80); $num++;
+	if ($num>56)
+	{   $self->{buf} .= chr(0)x(64-$num);
+	    $self->block($self->{buf});
+	    $self->{buf}=undef;
+	    $num=0;
+	}
+	$self->{buf} .= chr(0)x(56-$num);
+	$self->{buf} .= pack("N2",($self->{N}>>29)&0x7,$self->{N}<<3);
+	$self->block($self->{buf});
+
+	return pack("N*",@{$self->{H}});
+    }
+
+    sub Selftest {
+	my $hash;
+
+	$hash=SHA1->Init()->Update('abc')->Final();
+	die "SHA1 test#1" if (unpack("H*",$hash) ne 'a9993e364706816aba3e25717850c26c9cd0d89d');
+
+	$hash=SHA1->Init()->Update('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq')->Final();
+	die "SHA1 test#2" if (unpack("H*",$hash) ne '84983e441c3bd26ebaae4aa1f95129e5e54670f1');
+
+	#$hash=SHA1->Init()->Update('a'x1000000)->Final();
+	#die "SHA1 test#3" if (unpack("H*",$hash) ne '34aa973cd4c4daa4f61eeb2bdbad27316534016f');
+    }
+}
+
+{ package HMAC;
+
+    sub Init {
+	my $class = shift;
+	my $key   = shift;
+	my $self  = {};
+
+	bless $self,$class;
+
+	if (length($key)>64) {
+	    $key = SHA1->Init()->Update($key)->Final();
+	}
+	$key .= chr(0x00)x(64-length($key));
+
+	my @ikey = map($_^=0x36,unpack("C*",$key));
+	($self->{hash} = SHA1->Init())->Update(pack("C*",@ikey));
+	 $self->{okey} = pack("C*",map($_^=0x36^0x5c,@ikey));
+
+	return $self;
+    }
+
+    sub Update {
+	my $self = shift;
+	$self->{hash}->Update(@_);
+	return $self;
+    }
+
+    sub Final {
+	my $self  = shift;
+	my $ihash = $self->{hash}->Final();
+	return SHA1->Init()->Update($self->{okey},$ihash)->Final();
+    }
+
+    sub Selftest {
+	my $hmac;
+
+	$hmac = HMAC->Init('0123456789:;<=>?@ABC')->Update('Sample #2')->Final();
+	die "HMAC test" if (unpack("H*",$hmac) ne '0922d3405faa3d194f82a45830737d5cc6c75d24');
+    }
+}
+
+######################################################################
+#
+# main()
+#
+my $legacy_mode;
+
+if ($ARGV<0 || ($#ARGV>0 && !($legacy_mode=(@ARGV[0] =~ /^\-(dso|exe)$/)))) {
+	print STDERR "usage: $0 [-dso|-exe] elfbinary\n";
+	exit(1);
+}
+
+$exe = ELF->Load(@ARGV[$#ARGV]);
+
+$FIPS_text_start	= $exe->Lookup("FIPS_text_start")		or die;
+$FIPS_text_end		= $exe->Lookup("FIPS_text_end")			or die;
+$FIPS_rodata_start	= $exe->Lookup("FIPS_rodata_start")		or die;
+$FIPS_rodata_end	= $exe->Lookup("FIPS_rodata_end")		or die;
+$FIPS_signature		= $exe->Lookup("FIPS_signature")		or die;
+
+# new cross-compile support
+$FIPS_text_startX	= $exe->Lookup("FIPS_text_startX");
+$FIPS_text_endX		= $exe->Lookup("FIPS_text_endX");
+
+if (!$legacy_mode) {
+    if (!$FIPS_text_startX || !$FIPS_text_endX) {
+	print STDERR "@ARGV[$#ARGV] is not cross-compiler aware.\n";
+	exit(42);	# signal fipsld to revert to two-step link
+    }
+
+    $FINGERPRINT_ascii_value
+			= $exe->Lookup("FINGERPRINT_ascii_value");
+
+}
+if ($FIPS_text_startX && $FIPS_text_endX) {
+    $FIPS_text_start = $FIPS_text_startX;
+    $FIPS_text_end   = $FIPS_text_endX;
+}
+
+sysopen(FD,@ARGV[$#ARGV],$legacy_mode?0:2) or die "$!";	# 2 is read/write
+binmode(FD);
+
+sub HMAC_Update {
+  my ($hmac,$off,$len) = @_;
+  my $blob;
+
+    seek(FD,$off,0)	or die "$!";
+    read(FD,$blob,$len)	or die "$!";
+    $$hmac->Update($blob);
+}
+
+# fips/fips.c:FIPS_incore_fingerprint's Perl twin
+#
+sub FIPS_incore_fingerprint {
+  my $p1  = $FIPS_text_start->{st_offset};
+  my $p2  = $FIPS_text_end->{st_offset};
+  my $p3  = $FIPS_rodata_start->{st_offset};
+  my $p4  = $FIPS_rodata_end->{st_offset};
+  my $sig = $FIPS_signature->{st_offset};
+  my $ctx = HMAC->Init("etaonrishdlcupfm");
+
+    # detect overlapping regions
+    if ($p1<=$p3 && $p2>=$p3) {
+	$p3 = $p1; $p4 = $p2>$p4?$p2:$p4; $p1 = 0; $p2 = 0;
+    } elsif ($p3<=$p1 && $p4>=$p1) {
+	$p3 = $p3; $p4 = $p2>$p4?$p2:$p4; $p1 = 0; $p2 = 0;
+    }
+
+    if ($p1) {
+	HMAC_Update (\$ctx,$p1,$p2-$p1);
+    }
+
+    if ($sig>=$p3 && $sig<$p4) {
+	# "punch" hole
+	HMAC_Update(\$ctx,$p3,$sig-$p3);
+	$p3 = $sig+20;
+	HMAC_Update(\$ctx,$p3,$p4-$p3);
+    } else {
+	HMAC_Update(\$ctx,$p3,$p4-$p3);
+    }
+
+    return $ctx->Final();
+}
+
+$fingerprint = FIPS_incore_fingerprint();
+
+if ($legacy_mode) {
+    print unpack("H*",$fingerprint);
+} elsif (defined($FINGERPRINT_ascii_value)) {
+    seek(FD,$FINGERPRINT_ascii_value->{st_offset},0)	or die "$!";
+    print FD unpack("H*",$fingerprint)			or die "$!";
+} else {
+    seek(FD,$FIPS_signature->{st_offset},0)		or die "$!";
+    print FD $fingerprint				or die "$!";
+}
+
+close (FD);
diff --git a/openssl-1.1.0h/util/indent.pro b/openssl-1.1.0h/util/indent.pro
new file mode 100644
index 0000000..b5398ab
--- /dev/null
+++ b/openssl-1.1.0h/util/indent.pro
@@ -0,0 +1,672 @@
+-bap
+-bbo
+-br
+-brs
+-c33
+-cd33
+-ce
+-ci4
+-cli0
+-cp33
+-d0
+-di1
+-hnl
+-i4
+-il1
+-ip0
+-l80
+-lp
+-nbad
+-nbc
+-ncdb
+-ncs
+-nfc1
+-nfca
+-npcs
+-nprs
+-npsl
+-nsc
+-ppi1 
+-saf
+-sai
+-saw
+-sob
+-ss
+-ts0
+-T ACCESS_DESCRIPTION
+-T ADDED_OBJ
+-T AES_KEY
+-T APP_INFO
+-T ARGS
+-T ASIdOrRange
+-T ASIdOrRanges
+-T ASIdentifierChoice
+-T ASIdentifiers
+-T ASN1_ADB
+-T ASN1_ADB_TABLE
+-T ASN1_AUX
+-T ASN1_BIT_STRING
+-T ASN1_BMPSTRING
+-T ASN1_BOOLEAN
+-T ASN1_COMPAT_FUNCS
+-T ASN1_CTX
+-T ASN1_ENCODING
+-T ASN1_ENUMERATED
+-T ASN1_EXTERN_FUNCS
+-T ASN1_GENERALIZEDTIME
+-T ASN1_GENERALSTRING
+-T ASN1_IA5STRING
+-T ASN1_INTEGER
+-T ASN1_ITEM
+-T ASN1_ITEM_EXP
+-T ASN1_NULL
+-T ASN1_OBJECT
+-T ASN1_OCTET_STRING
+-T ASN1_PCTX
+-T ASN1_PRIMITIVE_FUNCS
+-T ASN1_PRINTABLESTRING
+-T ASN1_PRINT_ARG
+-T ASN1_SCTX
+-T ASN1_STREAM_ARG
+-T ASN1_STRING
+-T ASN1_STRING_TABLE
+-T ASN1_T61STRING
+-T ASN1_TEMPLATE
+-T ASN1_TIME
+-T ASN1_TLC
+-T ASN1_TYPE
+-T ASN1_UNIVERSALSTRING
+-T ASN1_UTCTIME
+-T ASN1_UTF8STRING
+-T ASN1_VALUE
+-T ASN1_VISIBLESTRING
+-T ASN1_const_CTX
+-T AUTHORITY_INFO_ACCESS
+-T AUTHORITY_KEYID
+-T BASIC_CONSTRAINTS
+-T BF_KEY
+-T BF_LONG
+-T BIGNUM
+-T BIO
+-T BIO_ACCEPT
+-T BIO_ADDR
+-T BIO_ASN1_BUF_CTX
+-T BIO_ASN1_EX_FUNCS
+-T BIO_B64_CTX
+-T BIO_CONNECT
+-T BIO_ENC_CTX
+-T BIO_F_BUFFER_CTX
+-T BIO_LINEBUFFER_CTX
+-T BIO_METHOD
+-T BIO_OK_CTX
+-T BIO_SSL
+-T BIT_STRING_BITNAME
+-T BN_BLINDING
+-T BN_CTX
+-T BN_GENCB
+-T BN_MONT_CTX
+-T BN_POOL
+-T BN_POOL_ITEM
+-T BN_RECP_CTX
+-T BN_STACK
+-T BN_ULONG
+-T BUF_MEM
+-T BY_DIR
+-T BY_DIR_ENTRY
+-T BY_DIR_HASH
+-T Bytef
+-T CAMELLIA_KEY
+-T CAST_KEY
+-T CAST_LONG
+-T CA_DB
+-T CCM128_CONTEXT
+-T CERT
+-T CERTIFICATEPOLICIES
+-T CERT_PKEY
+-T CIPHER_ORDER
+-T CMAC_CTX
+-T CMS_AuthenticatedData
+-T CMS_CertificateChoices
+-T CMS_CompressedData
+-T CMS_ContentInfo
+-T CMS_DigestedData
+-T CMS_EncapsulatedContentInfo
+-T CMS_EncryptedContentInfo
+-T CMS_EncryptedData
+-T CMS_EnvelopedData
+-T CMS_IssuerAndSerialNumber
+-T CMS_KEKIdentifier
+-T CMS_KEKRecipientInfo
+-T CMS_KeyAgreeRecipientIdentifier
+-T CMS_KeyAgreeRecipientInfo
+-T CMS_KeyTransRecipientInfo
+-T CMS_OriginatorIdentifierOrKey
+-T CMS_OriginatorInfo
+-T CMS_OriginatorPublicKey
+-T CMS_OtherCertificateFormat
+-T CMS_OtherKeyAttribute
+-T CMS_OtherRecipientInfo
+-T CMS_OtherRevocationInfoFormat
+-T CMS_PasswordRecipientInfo
+-T CMS_Receipt
+-T CMS_ReceiptRequest
+-T CMS_ReceiptsFrom
+-T CMS_RecipientEncryptedKey
+-T CMS_RecipientIdentifier
+-T CMS_RecipientInfo
+-T CMS_RecipientKeyIdentifier
+-T CMS_RevocationInfoChoice
+-T CMS_SignedData
+-T CMS_SignerIdentifier
+-T CMS_SignerInfo
+-T COMP_CTX
+-T COMP_METHOD
+-T CONF
+-T CONF_IMODULE
+-T CONF_METHOD
+-T CONF_MODULE
+-T CONF_VALUE
+-T CRYPTO_EX_DATA
+-T CRYPTO_EX_DATA_FUNCS
+-T CRYPTO_EX_DATA_IMPL
+-T CRYPTO_EX_dup
+-T CRYPTO_EX_free
+-T CRYPTO_EX_new
+-T CRYPTO_MEM_LEAK_CB
+-T CRYPTO_THREADID
+-T CRYPTO_dynlock_value
+-T DB_ATTR
+-T DES_LONG
+-T DES_cblock
+-T DES_key_schedule
+-T DH
+-T DH_METHOD
+-T DH_PKEY_CTX
+-T DIST_POINT
+-T DIST_POINT_NAME
+-T DRBG_CTX
+-T DSA
+-T DSA_METHOD
+-T DSA_SIG
+-T DSO
+-T DSO_FUNC_TYPE
+-T DSO_MERGER_FUNC
+-T DSO_METHOD
+-T DSO_NAME_CONVERTER_FUNC
+-T DSO_VMS_INTERNAL
+-T DTLS1_BITMAP
+-T DTLS1_RECORD_DATA
+-T DTLS1_STATE
+-T Dl_info
+-T ECDH_DATA
+-T ECDH_METHOD
+-T ECDSA_DATA
+-T ECDSA_METHOD
+-T ECDSA_SIG
+-T ECPARAMETERS
+-T ECPKPARAMETERS
+-T EC_EXTRA_DATA
+-T EC_GROUP
+-T EC_KEY
+-T EC_METHOD
+-T EC_POINT
+-T EC_PRE_COMP
+-T EC_PRIVATEKEY
+-T EC_builtin_curve
+-T EDIPARTYNAME
+-T ENGINE
+-T ENGINE_CIPHERS_PTR
+-T ENGINE_CLEANUP_CB
+-T ENGINE_CLEANUP_ITEM
+-T ENGINE_CMD_DEFN
+-T ENGINE_CTRL_FUNC_PTR
+-T ENGINE_DIGESTS_PTR
+-T ENGINE_GEN_FUNC_PTR
+-T ENGINE_GEN_INT_FUNC_PTR
+-T ENGINE_LOAD_KEY_PTR
+-T ENGINE_PILE
+-T ENGINE_PILE_DOALL
+-T ENGINE_PKEY_ASN1_METHS_PTR
+-T ENGINE_PKEY_METHS_PTR
+-T ENGINE_SSL_CLIENT_CERT_PTR
+-T ENGINE_TABLE
+-T ENUMERATED_NAMES
+-T ERR_STATE
+-T ERR_STRING_DATA
+-T ESS_CERT_ID
+-T ESS_ISSUER_SERIAL
+-T ESS_SIGNING_CERT
+-T EVP_AES_HMAC_SHA1
+-T EVP_AES_HMAC_SHA256
+-T EVP_CIPHER
+-T EVP_CIPHER_CTX
+-T EVP_CIPHER_INFO
+-T EVP_ENCODE_CTX
+-T EVP_MD
+-T EVP_MD_CTX
+-T EVP_PBE_CTL
+-T EVP_PBE_KEYGEN
+-T EVP_PKEY
+-T EVP_PKEY_ASN1_METHOD
+-T EVP_PKEY_CTX
+-T EVP_PKEY_METHOD
+-T EVP_PKEY_gen_cb
+-T EX_CLASS_ITEM
+-T E_GMP_RSA_CTX
+-T E_RSAX_MOD_CTX
+-T FILE
+-T F_DIGITALSIGNATUREVERIFY
+-T F_PUBLICKEYEXTRACT
+-T GCM128_CONTEXT
+-T GENERAL_NAME
+-T GENERAL_NAMES
+-T GENERAL_SUBTREE
+-T GEN_SESSION_CB
+-T HASH_CTX
+-T HEAPENTRY32
+-T HEAPLIST32
+-T HEARTBEAT_TEST_FIXTURE
+-T HMAC_CTX
+-T IDEA_KEY_SCHEDULE
+-T IPAddrBlocks
+-T IPAddressFamily
+-T IPAddressOrRange
+-T IPAddressOrRanges
+-T ISSUING_DIST_POINT
+-T KEY_TABLE_TYPE
+-T LHASH
+-T LHASH_COMP_FN_TYPE
+-T LHASH_DOALL_ARG_FN_TYPE
+-T LHASH_DOALL_FN_TYPE
+-T LHASH_HASH_FN_TYPE
+-T LHASH_NODE
+-T LPDIR_CTX
+-T LPHEAPENTRY32
+-T LPHEAPLIST32
+-T LPMODULEENTRY32
+-T LPMODULEENTRY32W
+-T LPPROCESSENTRY32
+-T LPPROCESSENTRY32W
+-T LPTHREADENTRY32
+-T LP_DIR_CTX
+-T MD2_CTX
+-T MD4_CTX
+-T MD5_CTX
+-T MDC2_CTX
+-T MD_DATA
+-T MEM
+-T MEM_LEAK
+-T MEM_OBJECT_DATA
+-T MIME_HEADER
+-T MIME_PARAM
+-T MODULEENTRY32
+-T MODULEENTRY32W
+-T MS_FAR
+-T NAME_CONSTRAINTS
+-T NAME_FUNCS
+-T NBIO_TEST
+-T NDEF_SUPPORT
+-T NETSCAPE_CERT_SEQUENCE
+-T NETSCAPE_ENCRYPTED_PKEY
+-T NETSCAPE_PKEY
+-T NETSCAPE_SPKAC
+-T NETSCAPE_SPKI
+-T NETSCAPE_X509
+-T NET_API_FUNCTION
+-T NOTICEREF
+-T OBJ_NAME
+-T OCB128_CONTEXT
+-T OCB_BLOCK
+-T OCSP_BASICRESP
+-T OCSP_CERTID
+-T OCSP_CERTSTATUS
+-T OCSP_CRLID
+-T OCSP_ONEREQ
+-T OCSP_REQINFO
+-T OCSP_REQUEST
+-T OCSP_REQ_CTX
+-T OCSP_RESPBYTES
+-T OCSP_RESPDATA
+-T OCSP_RESPID
+-T OCSP_RESPONSE
+-T OCSP_REVOKEDINFO
+-T OCSP_SERVICELOC
+-T OCSP_SIGNATURE
+-T OCSP_SINGLERESP
+-T OCSP_TBLSTR
+-T OPENSSL_BLOCK
+-T OPENSSL_CSTRING
+-T OPENSSL_DIR_CTX
+-T OPENSSL_ITEM
+-T OPENSSL_PSTRING
+-T OPENSSL_STRING
+-T OSSL_ASYNC_FD
+-T OTHERNAME
+-T P256_POINT
+-T P256_POINT_AFFINE
+-T PBE2PARAM
+-T PBEPARAM
+-T PBKDF2PARAM
+-T PCRYPTO_MEM_LEAK_CB
+-T PEM_CTX
+-T PEM_ENCODE_SEAL_CTX
+-T PEM_USER
+-T PHEAPENTRY32
+-T PHEAPLIST32
+-T PKCS12
+-T PKCS12_BAGS
+-T PKCS12_SAFEBAG
+-T PKCS7
+-T PKCS7_DIGEST
+-T PKCS7_ENCRYPT
+-T PKCS7_ENC_CONTENT
+-T PKCS7_ENVELOPE
+-T PKCS7_ISSUER_AND_SERIAL
+-T PKCS7_RECIP_INFO
+-T PKCS7_SIGNED
+-T PKCS7_SIGNER_INFO
+-T PKCS7_SIGN_ENVELOPE
+-T PKCS8_PRIV_KEY_INFO
+-T PKEY_USAGE_PERIOD
+-T PMODULEENTRY32
+-T PMODULEENTRY32W
+-T POLICYINFO
+-T POLICYQUALINFO
+-T POLICY_CONSTRAINTS
+-T POLICY_MAPPING
+-T POLICY_MAPPINGS
+-T PPROCESSENTRY32
+-T PPROCESSENTRY32W
+-T PRECOMP256_ROW
+-T PROCESSENTRY32
+-T PROCESSENTRY32W
+-T PROXY_CERT_INFO_EXTENSION
+-T PROXY_POLICY
+-T PTHREADENTRY32
+-T PW_CB_DATA
+-T RAND_METHOD
+-T RC2_KEY
+-T RC4_KEY
+-T RC5_32_KEY
+-T RIPEMD160_CTX
+-T RSA
+-T RSA_METHOD
+-T RSA_OAEP_PARAMS
+-T RSA_PKEY_CTX
+-T RSA_PSS_PARAMS
+-T SCT
+-T SEED_KEY_SCHEDULE
+-T SESS_CERT
+-T SHA256_CTX
+-T SHA512_CTX
+-T SHA_CTX
+-T SRP_ARG
+-T SRP_CLIENT_ARG
+-T SRP_CTX
+-T SRP_SERVER_ARG
+-T SRP_VBASE
+-T SRP_gN_cache
+-T SRP_user_pwd
+-T SRTP_PROTECTION_PROFILE
+-T SSL
+-T SSL2_STATE
+-T SSL3_BUFFER
+-T SSL3_COMP
+-T SSL3_ENC_METHOD
+-T SSL3_RECORD
+-T SSL3_STATE
+-T SSL_CIPHER
+-T SSL_COMP
+-T SSL_CONF_CTX
+-T SSL_CTX
+-T SSL_DANE
+-T SSL_EXCERT
+-T SSL_METHOD
+-T SSL_SESSION
+-T SSL_SESSION_ASN1
+-T STACK_OF
+-T SXNET
+-T SXNETID
+-T TCHAR
+-T TEST_INFO
+-T THREADENTRY32
+-T TIMEOUT_PARAM
+-T TLS_SESSION_TICKET_EXT
+-T TLS_SIGALGS
+-T TS_ACCURACY
+-T TS_MSG_IMPRINT
+-T TS_REQ
+-T TS_RESP
+-T TS_RESP_CTX
+-T TS_STATUS_INFO
+-T TS_TST_INFO
+-T TS_VERIFY_CTX
+-T TXT_DB
+-T UI
+-T UINT64
+-T UI_METHOD
+-T UI_STRING
+-T USERNOTICE
+-T WCHAR
+-T WHIRLPOOL_CTX
+-T WINAPI
+-T WSAAPI
+-T X509
+-T X509V3_CONF_METHOD
+-T X509V3_CTX
+-T X509V3_EXT_D2I
+-T X509V3_EXT_FREE
+-T X509V3_EXT_I2D
+-T X509V3_EXT_I2R
+-T X509V3_EXT_I2S
+-T X509V3_EXT_METHOD
+-T X509V3_EXT_NEW
+-T X509V3_EXT_R2I
+-T X509V3_EXT_S2I
+-T X509V3_EXT_V2I
+-T X509_ALGOR
+-T X509_ATTRIBUTE
+-T X509_CERT_AUX
+-T X509_CERT_FILE_CTX
+-T X509_CERT_PAIR
+-T X509_CINF
+-T X509_CRL
+-T X509_CRL_INFO
+-T X509_CRL_METHOD
+-T X509_EXTENSION
+-T X509_INFO
+-T X509_LOOKUP
+-T X509_LOOKUP_METHOD
+-T X509_NAME
+-T X509_NAME_ENTRY
+-T X509_OBJECT
+-T X509_OBJECTS
+-T X509_PKEY
+-T X509_POLICY_CACHE
+-T X509_POLICY_DATA
+-T X509_POLICY_LEVEL
+-T X509_POLICY_NODE
+-T X509_POLICY_TREE
+-T X509_PUBKEY
+-T X509_PURPOSE
+-T X509_REQ
+-T X509_REQ_INFO
+-T X509_REVOKED
+-T X509_SIG
+-T X509_STORE
+-T X509_STORE_CTX
+-T X509_TRUST
+-T X509_VAL
+-T X509_VERIFY_PARAM
+-T X509_VERIFY_PARAM_ID
+-T X9_62_CHARACTERISTIC_TWO
+-T X9_62_CURVE
+-T X9_62_FIELDID
+-T X9_62_PENTANOMIAL
+-T XTS128_CONTEXT
+-T ZEN_MD_DATA
+-T _LHASH
+-T _STACK
+-T __int64
+-T _ossl_old_des_cblock
+-T asn1_ps_func
+-T bio_dgram_data
+-T bio_info_cb
+-T BIO_info_cb
+-T BIO_callback_fn
+-T char_io
+-T conf_finish_func
+-T conf_init_func
+-T const_DES_cblock
+-T d2i_of_void
+-T des_cblock
+-T dynamic_data_ctx
+-T dynamic_fns
+-T engine_table_doall_cb
+-T i2d_of_void
+-T int_dhx942_dh
+-T nid_triple
+-T pem_password_cb
+-T pitem
+-T piterator
+-T pqueue_s
+-T session_op
+-T size_t
+-T tag_exp_arg
+-T testdata
+-T time_t
+-T time_t
+-T u32
+-T u64
+-T u8
+-T v3_ext_ctx
+-T v3_ext_method
+-T STACK_OF_ACCESS_DESCRIPTION_
+-T STACK_OF_ASIdOrRange_
+-T STACK_OF_ASN1_ADB_TABLE_
+-T STACK_OF_ASN1_INTEGER_
+-T STACK_OF_ASN1_OBJECT_
+-T STACK_OF_ASN1_STRING_TABLE_
+-T STACK_OF_ASN1_TYPE_
+-T STACK_OF_ASN1_UTF8STRING_
+-T STACK_OF_ASN1_VALUE_
+-T STACK_OF_BIO_
+-T STACK_OF_BY_DIR_ENTRY_
+-T STACK_OF_BY_DIR_HASH_
+-T STACK_OF_CMS_CertificateChoices_
+-T STACK_OF_CMS_RecipientEncryptedKey_
+-T STACK_OF_CMS_RecipientInfo_
+-T STACK_OF_CMS_RevocationInfoChoice_
+-T STACK_OF_CMS_SignerInfo_
+-T STACK_OF_CONF_IMODULE_
+-T STACK_OF_CONF_MODULE_
+-T STACK_OF_CONF_VALUE_
+-T STACK_OF_CRYPTO_EX_DATA_FUNCS_
+-T STACK_OF_CRYPTO_dynlock_
+-T STACK_OF_DIST_POINT_
+-T STACK_OF_ENGINE_
+-T STACK_OF_ENGINE_CLEANUP_ITEM_
+-T STACK_OF_ESS_CERT_ID_
+-T STACK_OF_EVP_PBE_CTL_
+-T STACK_OF_EVP_PKEY_ASN1_METHOD_
+-T STACK_OF_EVP_PKEY_METHOD_
+-T STACK_OF_GENERAL_NAMES_
+-T STACK_OF_GENERAL_NAME_
+-T STACK_OF_GENERAL_SUBTREE_
+-T STACK_OF_IPAddressFamily_
+-T STACK_OF_IPAddressOrRange_
+-T STACK_OF_MEM_OBJECT_DATA_
+-T STACK_OF_MIME_HEADER_
+-T STACK_OF_MIME_PARAM_
+-T STACK_OF_NAME_FUNCS_
+-T STACK_OF_OCSP_CERTID_
+-T STACK_OF_OCSP_ONEREQ_
+-T STACK_OF_OCSP_RESPID_
+-T STACK_OF_OCSP_SINGLERESP_
+-T STACK_OF_OPENSSL_BLOCK_
+-T STACK_OF_OPENSSL_PSTRING_
+-T STACK_OF_OPENSSL_STRING_
+-T STACK_OF_PKCS12_SAFEBAG_
+-T STACK_OF_PKCS7_
+-T STACK_OF_PKCS7_RECIP_INFO_
+-T STACK_OF_PKCS7_SIGNER_INFO_
+-T STACK_OF_POLICYINFO_
+-T STACK_OF_POLICYQUALINFO_
+-T STACK_OF_POLICY_MAPPING_
+-T STACK_OF_Request_
+-T STACK_OF_SCT_
+-T STACK_OF_SRP_gN_
+-T STACK_OF_SRP_gN_cache_
+-T STACK_OF_SRP_user_pwd_
+-T STACK_OF_SRTP_PROTECTION_PROFILE_
+-T STACK_OF_SSL_CIPHER_
+-T STACK_OF_SSL_COMP_
+-T STACK_OF_STRING_
+-T STACK_OF_SXNETID_
+-T STACK_OF_SingleResponse_
+-T STACK_OF_UI_STRING_
+-T STACK_OF_X509V3_EXT_METHOD_
+-T STACK_OF_X509_
+-T STACK_OF_X509_ALGOR_
+-T STACK_OF_X509_ATTRIBUTE_
+-T STACK_OF_X509_CRL_
+-T STACK_OF_X509_EXTENSION_
+-T STACK_OF_X509_INFO_
+-T STACK_OF_X509_LOOKUP_
+-T STACK_OF_X509_NAME_
+-T STACK_OF_X509_NAME_ENTRY_
+-T STACK_OF_X509_OBJECT_
+-T STACK_OF_X509_POLICY_DATA_
+-T STACK_OF_X509_POLICY_NODE_
+-T STACK_OF_X509_PURPOSE_
+-T STACK_OF_X509_REVOKED_
+-T STACK_OF_X509_TRUST_
+-T STACK_OF_X509_VERIFY_PARAM_
+-T STACK_OF_nid_triple_
+-T STACK_OF_void_
+-T LHASH_OF_ADDED_OBJ_
+-T LHASH_OF_APP_INFO_
+-T LHASH_OF_CONF_VALUE_
+-T LHASH_OF_ENGINE_PILE_
+-T LHASH_OF_ERR_STATE_
+-T LHASH_OF_ERR_STRING_DATA_
+-T LHASH_OF_EX_CLASS_ITEM_
+-T LHASH_OF_FUNCTION_
+-T LHASH_OF_MEM_
+-T LHASH_OF_OBJ_NAME_
+-T LHASH_OF_OPENSSL_STRING_
+-T LHASH_OF_SSL_SESSION_
+-T LHASH_OF_STRING_
+-T clock_t
+-T custom_ext_methods
+-T hm_fragment
+-T record_pqueue
+-T ssl_ctx_st
+-T ssl_flag_tbl
+-T ssl_st
+-T ssl_trace_tbl
+-T _stdcall
+-T tls12_lookup
+-T OPTIONS
+-T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER
+-T ASYNC_FIBRE
+-T ASYNC_CTX
+-T ASYNC_JOB
+-T intmax_t
+-T uintmax_t
+-T pqueue
+-T danetls_record
diff --git a/openssl-1.1.0h/util/libcrypto.num b/openssl-1.1.0h/util/libcrypto.num
new file mode 100644
index 0000000..8414d97
--- /dev/null
+++ b/openssl-1.1.0h/util/libcrypto.num
@@ -0,0 +1,4236 @@
+d2i_EC_PUBKEY                           1	1_1_0	EXIST::FUNCTION:EC
+b2i_PVK_bio                             2	1_1_0	EXIST::FUNCTION:DSA,RC4
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     3	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_chain               4	1_1_0	EXIST::FUNCTION:
+COMP_expand_block                       5	1_1_0	EXIST::FUNCTION:COMP
+X509V3_get_string                       6	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_free                     7	1_1_0	EXIST::FUNCTION:TS
+DES_xcbc_encrypt                        8	1_1_0	EXIST::FUNCTION:DES
+TS_RESP_CTX_new                         9	1_1_0	EXIST::FUNCTION:TS
+PKCS5_PBE_add                           10	1_1_0	EXIST::FUNCTION:
+i2d_DSAparams                           11	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_get0_der                      12	1_1_0	EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   13	1_1_0	EXIST::FUNCTION:TS
+X509at_get_attr_by_NID                  14	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  15	1_1_0	EXIST::FUNCTION:
+PKCS12_it                               16	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               16	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_ASN1_OCTET_STRING                   17	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_private_key                  18	1_1_0	EXIST::FUNCTION:EC
+SRP_VBASE_get_by_user                   19	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
+Camellia_cfb128_encrypt                 21	1_1_0	EXIST::FUNCTION:CAMELLIA
+DES_ncbc_encrypt                        22	1_1_0	EXIST::FUNCTION:DES
+TS_REQ_get_ext_count                    23	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_128_ocb                         24	1_1_0	EXIST::FUNCTION:OCB
+ASN1_item_d2i_fp                        25	1_1_0	EXIST::FUNCTION:STDIO
+BN_lshift                               26	1_1_0	EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              27	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_bool                   28	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             29	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_get_uint64                 30	1_1_0	EXIST::FUNCTION:
+EVP_DigestInit_ex                       31	1_1_0	EXIST::FUNCTION:
+CTLOG_new                               32	1_1_0	EXIST::FUNCTION:CT
+UI_get_result_minsize                   33	1_1_0	EXIST::FUNCTION:UI
+EVP_PBE_alg_add_type                    34	1_1_0	EXIST::FUNCTION:
+EVP_cast5_ofb                           35	1_1_0	EXIST::FUNCTION:CAST
+d2i_PUBKEY_fp                           36	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_set_cipher                        37	1_1_0	EXIST::FUNCTION:
+BF_decrypt                              38	1_1_0	EXIST::FUNCTION:BF
+PEM_read_bio_PUBKEY                     39	1_1_0	EXIST::FUNCTION:
+X509_NAME_delete_entry                  40	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        41	1_1_0	EXIST::FUNCTION:
+UI_set_method                           42	1_1_0	EXIST::FUNCTION:UI
+PKCS7_ISSUER_AND_SERIAL_it              43	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              43	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      44	1_1_0	EXIST::FUNCTION:EC
+RSA_blinding_on                         45	1_1_0	EXIST::FUNCTION:RSA
+X509_get0_signature                     47	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get0_extensions            48	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_verify                    49	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPONSE                       50	1_1_0	EXIST::FUNCTION:OCSP
+ERR_peek_error                          51	1_1_0	EXIST::FUNCTION:
+X509v3_asid_validate_resource_set       52	1_1_0	EXIST::FUNCTION:RFC3779
+PEM_write_bio_Parameters                53	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_verify                   54	1_1_0	EXIST::FUNCTION:CMS
+X509v3_asid_is_canonical                55	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_ENUMERATED_get                     56	1_1_0	EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    57	1_1_0	EXIST::FUNCTION:
+OCSP_crl_reason_str                     58	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_ctrl_cmd_string                  59	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_finish                           60	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_Calc_client_key                     61	1_1_0	EXIST::FUNCTION:SRP
+X509_PUBKEY_free                        62	1_1_0	EXIST::FUNCTION:
+BIO_free_all                            63	1_1_0	EXIST::FUNCTION:
+EVP_idea_ofb                            64	1_1_0	EXIST::FUNCTION:IDEA
+DSO_bind_func                           65	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_copy                  66	1_1_0	EXIST::FUNCTION:
+RSA_up_ref                              67	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_meth_set_ctrl                  68	1_1_0	EXIST::FUNCTION:
+OCSP_basic_sign                         69	1_1_0	EXIST::FUNCTION:OCSP
+BN_GENCB_set                            70	1_1_0	EXIST::FUNCTION:
+BN_generate_prime                       71	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+d2i_DSAPrivateKey_fp                    72	1_1_0	EXIST::FUNCTION:DSA,STDIO
+BIO_nread0                              73	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     74	1_1_0	EXIST::FUNCTION:
+X509_set_pubkey                         75	1_1_0	EXIST::FUNCTION:
+ASN1_item_print                         76	1_1_0	EXIST::FUNCTION:
+CONF_set_nconf                          77	1_1_0	EXIST::FUNCTION:
+RAND_set_rand_method                    78	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_mul                         79	1_1_0	EXIST::FUNCTION:EC2M
+UI_add_input_boolean                    80	1_1_0	EXIST::FUNCTION:UI
+ASN1_TIME_adj                           81	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 82	1_1_0	EXIST::FUNCTION:
+BN_add_word                             83	1_1_0	EXIST::FUNCTION:
+EVP_des_ede                             84	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_add1_attr_by_OBJ               85	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_get_all_fds              86	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_do_cipher           87	1_1_0	EXIST::FUNCTION:
+EVP_set_pw_prompt                       88	1_1_0	EXIST::FUNCTION:UI
+d2i_OCSP_RESPBYTES                      89	1_1_0	EXIST::FUNCTION:OCSP
+TS_REQ_get_ext_by_NID                   90	1_1_0	EXIST::FUNCTION:TS
+ASN1_item_ndef_i2d                      91	1_1_0	EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 92	1_1_0	EXIST::FUNCTION:OCSP
+DSA_size                                93	1_1_0	EXIST::FUNCTION:DSA
+IPAddressRange_free                     94	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_ContentInfo_free                    95	1_1_0	EXIST::FUNCTION:CMS
+BIO_accept                              96	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+X509_VERIFY_PARAM_set1_policies         97	1_1_0	EXIST::FUNCTION:
+SCT_set0_extensions                     98	1_1_0	EXIST::FUNCTION:CT
+PKCS5_pbe2_set_scrypt                   99	1_1_0	EXIST::FUNCTION:SCRYPT
+X509_find_by_subject                    100	1_1_0	EXIST::FUNCTION:
+DSAparams_print                         101	1_1_0	EXIST::FUNCTION:DSA
+BF_set_key                              102	1_1_0	EXIST::FUNCTION:BF
+d2i_DHparams                            103	1_1_0	EXIST::FUNCTION:DH
+i2d_PKCS7_ENC_CONTENT                   104	1_1_0	EXIST::FUNCTION:
+DH_generate_key                         105	1_1_0	EXIST::FUNCTION:DH
+ENGINE_add_conf_module                  106	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_new_socket                          107	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_OBJECT_free                        108	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_extensions                 109	1_1_0	EXIST::FUNCTION:
+X509_get_version                        110	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_dup                         111	1_1_0	EXIST::FUNCTION:OCSP
+RSA_PSS_PARAMS_free                     112	1_1_0	EXIST::FUNCTION:RSA
+i2d_TS_MSG_IMPRINT                      113	1_1_0	EXIST::FUNCTION:TS
+EC_POINT_mul                            114	1_1_0	EXIST::FUNCTION:EC
+WHIRLPOOL_Final                         115	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+CMS_get1_ReceiptRequest                 116	1_1_0	EXIST::FUNCTION:CMS
+BIO_sock_non_fatal_error                117	1_1_0	EXIST::FUNCTION:SOCK
+HMAC_Update                             118	1_1_0	EXIST::FUNCTION:
+i2d_PKCS12                              119	1_1_0	EXIST::FUNCTION:
+EVP_BytesToKey                          120	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      121	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_BASICRESP_add1_ext_i2d             122	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_128_ctr                    123	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_CIPHER_impl_ctx_size                124	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_nextUpdate                 125	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+PKCS12_free                             126	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr                     127	1_1_0	EXIST::FUNCTION:CMS
+ENGINE_set_destroy_function             128	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_STRING_TABLE_add                   129	1_1_0	EXIST::FUNCTION:
+d2i_ASIdentifiers                       130	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_PKCS12_bio                          131	1_1_0	EXIST::FUNCTION:
+X509_to_X509_REQ                        132	1_1_0	EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   133	1_1_0	EXIST::FUNCTION:OCSP
+d2i_OCSP_BASICRESP                      134	1_1_0	EXIST::FUNCTION:OCSP
+X509v3_add_ext                          135	1_1_0	EXIST::FUNCTION:
+X509v3_addr_subset                      136	1_1_0	EXIST::FUNCTION:RFC3779
+CRYPTO_strndup                          137	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_free                       138	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_new                          140	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_free                          141	1_1_0	EXIST::FUNCTION:
+PKCS12_BAGS_new                         142	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_new                            143	1_1_0	EXIST::FUNCTION:CMAC
+ASIdentifierChoice_new                  144	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_PKEY_asn1_set_public                145	1_1_0	EXIST::FUNCTION:
+IDEA_set_decrypt_key                    146	1_1_0	EXIST::FUNCTION:IDEA
+X509_STORE_CTX_set_flags                147	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_rawmake                        148	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_asn1_set_ctrl                  149	1_1_0	EXIST::FUNCTION:
+EC_POINTs_mul                           150	1_1_0	EXIST::FUNCTION:EC
+ASN1_get_object                         151	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressFamily                     152	1_1_0	EXIST::FUNCTION:RFC3779
+ENGINE_get_ctrl_function                153	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_get_ext_count              154	1_1_0	EXIST::FUNCTION:
+BN_is_prime_fasttest_ex                 155	1_1_0	EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 156	1_1_0	EXIST::FUNCTION:
+EVP_sha384                              157	1_1_0	EXIST::FUNCTION:
+i2d_DHparams                            158	1_1_0	EXIST::FUNCTION:DH
+TS_VERIFY_CTX_set_store                 159	1_1_0	EXIST::FUNCTION:TS
+PKCS12_verify_mac                       160	1_1_0	EXIST::FUNCTION:
+X509v3_addr_canonize                    161	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_item_ex_i2d                        162	1_1_0	EXIST::FUNCTION:
+ENGINE_set_digests                      163	1_1_0	EXIST::FUNCTION:ENGINE
+PEM_ASN1_read_bio                       164	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_free                 165	1_1_0	EXIST::FUNCTION:CT
+CMS_RecipientInfo_kari_get0_ctx         166	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_set_attributes                    167	1_1_0	EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      168	1_1_0	EXIST::FUNCTION:
+EVP_MD_type                             170	1_1_0	EXIST::FUNCTION:
+EVP_PKCS82PKEY                          171	1_1_0	EXIST::FUNCTION:
+BN_generate_prime_ex                    172	1_1_0	EXIST::FUNCTION:
+EVP_EncryptInit                         173	1_1_0	EXIST::FUNCTION:
+RAND_OpenSSL                            174	1_1_0	EXIST::FUNCTION:
+BN_uadd                                 175	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive_init                    176	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               177	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    178	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_key_length               179	1_1_0	EXIST::FUNCTION:
+BIO_clear_flags                         180	1_1_0	EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         181	1_1_0	EXIST::FUNCTION:
+OCSP_response_status                    182	1_1_0	EXIST::FUNCTION:OCSP
+i2d_ASN1_PRINTABLESTRING                183	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_hostflags         184	1_1_0	EXIST::FUNCTION:
+SCT_get0_log_id                         185	1_1_0	EXIST::FUNCTION:CT
+ASN1_IA5STRING_it                       186	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       186	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_write_bio_ECPrivateKey              187	1_1_0	EXIST::FUNCTION:EC
+BN_consttime_swap                       188	1_1_0	EXIST::FUNCTION:
+BIO_f_buffer                            189	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_get0_signer_id           190	1_1_0	EXIST::FUNCTION:CMS
+TS_TST_INFO_new                         191	1_1_0	EXIST::FUNCTION:TS
+X509_REQ_check_private_key              192	1_1_0	EXIST::FUNCTION:
+EVP_DigestInit                          193	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_find                      194	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_count             195	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 196	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_cmp                            197	1_1_0	EXIST::FUNCTION:
+d2i_X509_ALGORS                         198	1_1_0	EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          199	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_256                         200	1_1_0	EXIST::FUNCTION:
+OCSP_request_add0_id                    201	1_1_0	EXIST::FUNCTION:OCSP
+EVP_seed_cfb128                         202	1_1_0	EXIST::FUNCTION:SEED
+BASIC_CONSTRAINTS_free                  203	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_flags                        204	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_ECPKParameters            205	1_1_0	EXIST::FUNCTION:EC
+SCT_set_version                         206	1_1_0	EXIST::FUNCTION:CT
+CMS_add1_ReceiptRequest                 207	1_1_0	EXIST::FUNCTION:CMS
+d2i_CRL_DIST_POINTS                     208	1_1_0	EXIST::FUNCTION:
+X509_CRL_INFO_free                      209	1_1_0	EXIST::FUNCTION:
+ERR_load_UI_strings                     210	1_1_0	EXIST::FUNCTION:UI
+ERR_load_strings                        211	1_1_0	EXIST::FUNCTION:
+RSA_X931_hash_id                        212	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_set_method                       213	1_1_0	EXIST::FUNCTION:EC
+PEM_write_PKCS8_PRIV_KEY_INFO           214	1_1_0	EXIST::FUNCTION:STDIO
+X509at_get0_data_by_OBJ                 215	1_1_0	EXIST::FUNCTION:
+b2i_PublicKey_bio                       216	1_1_0	EXIST::FUNCTION:DSA
+s2i_ASN1_OCTET_STRING                   217	1_1_0	EXIST::FUNCTION:
+POLICYINFO_it                           218	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           218	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OBJ_create                              219	1_1_0	EXIST::FUNCTION:
+d2i_NOTICEREF                           220	1_1_0	EXIST::FUNCTION:
+BN_get_rfc2409_prime_768                221	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PKCS8                      222	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      223	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               224	1_1_0	EXIST::FUNCTION:
+ASN1_put_eoc                            225	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_input_blocksize         226	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_attrs               227	1_1_0	EXIST::FUNCTION:
+PKCS8_get_attr                          228	1_1_0	EXIST::FUNCTION:
+DSAparams_print_fp                      229	1_1_0	EXIST::FUNCTION:DSA,STDIO
+EC_POINT_set_Jprojective_coordinates_GFp 230	1_1_0	EXIST::FUNCTION:EC
+DIST_POINT_NAME_new                     231	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_file                        232	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               233	1_1_0	EXIST::FUNCTION:
+EVP_rc2_ecb                             234	1_1_0	EXIST::FUNCTION:RC2
+i2b_PublicKey_bio                       235	1_1_0	EXIST::FUNCTION:DSA
+d2i_ASN1_SET_ANY                        236	1_1_0	EXIST::FUNCTION:
+ASN1_item_i2d                           238	1_1_0	EXIST::FUNCTION:
+OCSP_copy_nonce                         239	1_1_0	EXIST::FUNCTION:OCSP
+OBJ_txt2nid                             240	1_1_0	EXIST::FUNCTION:
+SEED_set_key                            241	1_1_0	EXIST::FUNCTION:SEED
+EC_KEY_clear_flags                      242	1_1_0	EXIST::FUNCTION:EC
+CMS_RecipientInfo_ktri_get0_algs        243	1_1_0	EXIST::FUNCTION:CMS
+i2d_EC_PUBKEY                           244	1_1_0	EXIST::FUNCTION:EC
+MDC2                                    245	1_1_0	EXIST::FUNCTION:MDC2
+BN_clear_free                           246	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              247	1_1_0	EXIST::FUNCTION:ENGINE
+DSO_merge                               248	1_1_0	EXIST::FUNCTION:
+RSA_get_ex_data                         249	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_meth_get_decrypt               250	1_1_0	EXIST::FUNCTION:
+DES_cfb_encrypt                         251	1_1_0	EXIST::FUNCTION:DES
+CMS_SignerInfo_set1_signer_cert         252	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_http_nbio                      253	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_all_ciphers             254	1_1_0	EXIST::FUNCTION:ENGINE
+SXNET_new                               255	1_1_0	EXIST::FUNCTION:
+EVP_camellia_256_ctr                    256	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_PKCS8_PRIV_KEY_INFO                 257	1_1_0	EXIST::FUNCTION:
+EVP_md2                                 259	1_1_0	EXIST::FUNCTION:MD2
+RC2_ecb_encrypt                         260	1_1_0	EXIST::FUNCTION:RC2
+ENGINE_register_DH                      261	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_NULL_free                          262	1_1_0	EXIST::FUNCTION:
+EC_KEY_copy                             263	1_1_0	EXIST::FUNCTION:EC
+EVP_des_ede3                            264	1_1_0	EXIST::FUNCTION:DES
+PKCS7_add1_attrib_digest                265	1_1_0	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     266	1_1_0	EXIST::FUNCTION:EC
+EVP_seed_ecb                            267	1_1_0	EXIST::FUNCTION:SEED
+BIO_dgram_sctp_wait_for_dry             268	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+ASN1_OCTET_STRING_NDEF_it               269	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               269	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_asn1_get_count                 270	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_Init                          271	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+EVP_OpenInit                            272	1_1_0	EXIST::FUNCTION:RSA
+OCSP_response_get1_basic                273	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_gcm128_tag                       274	1_1_0	EXIST::FUNCTION:
+OCSP_parse_url                          275	1_1_0	EXIST::FUNCTION:OCSP
+UI_get0_test_string                     276	1_1_0	EXIST::FUNCTION:UI
+CRYPTO_secure_free                      277	1_1_0	EXIST::FUNCTION:
+DSA_print_fp                            278	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509_get_ext_d2i                        279	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   280	1_1_0	EXIST::FUNCTION:
+BUF_MEM_grow                            281	1_1_0	EXIST::FUNCTION:
+TS_REQ_free                             282	1_1_0	EXIST::FUNCTION:TS
+PEM_read_DHparams                       283	1_1_0	EXIST::FUNCTION:DH,STDIO
+RSA_private_decrypt                     284	1_1_0	EXIST::FUNCTION:RSA
+X509V3_EXT_get_nid                      285	1_1_0	EXIST::FUNCTION:
+BIO_s_log                               286	1_1_0	EXIST:!WIN32,!macintosh:FUNCTION:
+EC_POINT_set_to_infinity                287	1_1_0	EXIST::FUNCTION:EC
+EVP_des_ede_ofb                         288	1_1_0	EXIST::FUNCTION:DES
+ECDH_KDF_X9_62                          289	1_1_0	EXIST::FUNCTION:EC
+ASN1_UNIVERSALSTRING_to_string          290	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_setiv                     291	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 292	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        293	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       294	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_set1_issuer          295	1_1_0	EXIST::FUNCTION:CT
+X509_NAME_ENTRY_set                     296	1_1_0	EXIST::FUNCTION:
+PKCS8_set0_pbe                          297	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                298	1_1_0	EXIST::FUNCTION:DSA
+PEM_X509_INFO_read_bio                  299	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_order                     300	1_1_0	EXIST::FUNCTION:EC
+OCSP_BASICRESP_delete_ext               301	1_1_0	EXIST::FUNCTION:OCSP
+PKCS12_get_attr_gen                     302	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_safes               303	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive                         304	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           305	1_1_0	EXIST::FUNCTION:OCSP
+OBJ_dup                                 306	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_count               307	1_1_0	EXIST::FUNCTION:CMS
+EC_get_builtin_curves                   308	1_1_0	EXIST::FUNCTION:EC
+i2d_ASN1_IA5STRING                      309	1_1_0	EXIST::FUNCTION:
+OCSP_check_nonce                        310	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_CTX_init                     311	1_1_0	EXIST::FUNCTION:
+OCSP_RESPONSE_free                      312	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_set_DH                           313	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_CIPHER_CTX_set_flags                314	1_1_0	EXIST::FUNCTION:
+err_free_strings_int                    315	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              316	1_1_0	EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       317	1_1_0	EXIST::FUNCTION:
+UI_process                              318	1_1_0	EXIST::FUNCTION:UI
+X509_get_subject_name                   319	1_1_0	EXIST::FUNCTION:
+DH_get_1024_160                         320	1_1_0	EXIST::FUNCTION:DH
+i2d_ASN1_UNIVERSALSTRING                321	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPID                         322	1_1_0	EXIST::FUNCTION:OCSP
+BIO_s_accept                            323	1_1_0	EXIST::FUNCTION:SOCK
+EVP_whirlpool                           324	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+OCSP_ONEREQ_get1_ext_d2i                325	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ESS_SIGNING_CERT                    326	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_set_default_method               327	1_1_0	EXIST::FUNCTION:EC
+X509_OBJECT_up_ref_count                328	1_1_0	EXIST::FUNCTION:
+RAND_load_file                          329	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             330	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_tag                       331	1_1_0	EXIST::FUNCTION:
+BIO_new_dgram_sctp                      332	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+d2i_RSAPrivateKey_fp                    333	1_1_0	EXIST::FUNCTION:RSA,STDIO
+s2i_ASN1_IA5STRING                      334	1_1_0	EXIST::FUNCTION:
+UI_get_ex_data                          335	1_1_0	EXIST::FUNCTION:UI
+EVP_EncryptUpdate                       336	1_1_0	EXIST::FUNCTION:
+SRP_create_verifier                     337	1_1_0	EXIST::FUNCTION:SRP
+TS_TST_INFO_print_bio                   338	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_get_index_by_OBJ              339	1_1_0	EXIST::FUNCTION:
+BIO_get_host_ip                         340	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+PKCS7_add_certificate                   341	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext                          342	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_cmp                           343	1_1_0	EXIST::FUNCTION:
+DIST_POINT_it                           344	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           344	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_X509_CRL                       345	1_1_0	EXIST::FUNCTION:STDIO
+OPENSSL_sk_sort                         346	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_load_file                   347	1_1_0	EXIST::FUNCTION:CT
+ASN1_SEQUENCE_it                        348	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        348	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_CTX_get_tst_info                349	1_1_0	EXIST::FUNCTION:TS
+RC4                                     350	1_1_0	EXIST::FUNCTION:RC4
+PKCS7_stream                            352	1_1_0	EXIST::FUNCTION:
+i2t_ASN1_OBJECT                         353	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_generator                 354	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS_mgf1          355	1_1_0	EXIST::FUNCTION:RSA
+EVP_MD_meth_set_init                    356	1_1_0	EXIST::FUNCTION:
+X509_get_issuer_name                    357	1_1_0	EXIST::FUNCTION:
+EVP_SignFinal                           358	1_1_0	EXIST::FUNCTION:
+PKCS12_mac_present                      359	1_1_0	EXIST::FUNCTION:
+d2i_PUBKEY_bio                          360	1_1_0	EXIST::FUNCTION:
+BN_asc2bn                               361	1_1_0	EXIST::FUNCTION:
+EVP_desx_cbc                            362	1_1_0	EXIST::FUNCTION:DES
+SXNETID_it                              363	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              363	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_gcm128_encrypt                   364	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   365	1_1_0	EXIST::FUNCTION:
+CMS_signed_add1_attr_by_txt             366	1_1_0	EXIST::FUNCTION:CMS
+i2d_NETSCAPE_SPKAC                      367	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_bool_nf                368	1_1_0	EXIST::FUNCTION:
+ASN1_item_verify                        369	1_1_0	EXIST::FUNCTION:
+SEED_ecb_encrypt                        370	1_1_0	EXIST::FUNCTION:SEED
+X509_PUBKEY_get0_param                  371	1_1_0	EXIST::FUNCTION:
+ASN1_i2d_fp                             372	1_1_0	EXIST::FUNCTION:STDIO
+BIO_new_mem_buf                         373	1_1_0	EXIST::FUNCTION:
+UI_get_input_flags                      374	1_1_0	EXIST::FUNCTION:UI
+X509V3_EXT_REQ_add_nconf                375	1_1_0	EXIST::FUNCTION:
+X509v3_asid_subset                      376	1_1_0	EXIST::FUNCTION:RFC3779
+RSA_check_key_ex                        377	1_1_0	EXIST::FUNCTION:RSA
+d2i_TS_MSG_IMPRINT_bio                  378	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_TYPE                           379	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_wrap_pad                    380	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kekri_id_cmp          381	1_1_0	EXIST::FUNCTION:CMS
+X509_VERIFY_PARAM_get0_peername         382	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 383	1_1_0	EXIST::FUNCTION:
+CONF_free                               384	1_1_0	EXIST::FUNCTION:
+DSO_get_filename                        385	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   387	1_1_0	EXIST::FUNCTION:
+OPENSSL_strlcpy                         388	1_1_0	EXIST::FUNCTION:
+BIO_get_port                            389	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+DISPLAYTEXT_free                        390	1_1_0	EXIST::FUNCTION:
+BN_div                                  391	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Update                        392	1_1_0	EXIST::FUNCTION:RMD160
+PEM_write_bio_CMS                       393	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OBJECT_new                         394	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb8                       395	1_1_0	EXIST::FUNCTION:DES
+BIO_dump_indent_fp                      396	1_1_0	EXIST::FUNCTION:STDIO
+X509_NAME_ENTRY_get_data                397	1_1_0	EXIST::FUNCTION:
+BIO_socket                              398	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_meth_get_derive                399	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_clear_free                  400	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    401	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_STRING_print_ex_fp                 402	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_SIGNED_new                        403	1_1_0	EXIST::FUNCTION:
+CMS_get0_eContentType                   404	1_1_0	EXIST::FUNCTION:CMS
+HMAC_Final                              405	1_1_0	EXIST::FUNCTION:
+X509_CRL_delete_ext                     406	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                407	1_1_0	EXIST::FUNCTION:TS
+X509_get_extended_key_usage             408	1_1_0	EXIST::FUNCTION:
+ERR_print_errors                        409	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         410	1_1_0	EXIST::FUNCTION:
+EVP_CipherFinal_ex                      411	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          412	1_1_0	EXIST::FUNCTION:DSA
+BN_CTX_get                              413	1_1_0	EXIST::FUNCTION:
+BN_to_montgomery                        414	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get0_X509_CRL               415	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cfb8                   416	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_METHOD_free                      417	1_1_0	EXIST::FUNCTION:EC
+TS_TST_INFO_set_policy_id               418	1_1_0	EXIST::FUNCTION:TS
+d2i_EXTENDED_KEY_USAGE                  419	1_1_0	EXIST::FUNCTION:
+ASYNC_unblock_pause                     420	1_1_0	EXIST::FUNCTION:
+i2d_X509_VAL                            421	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_flags                     422	1_1_0	EXIST::FUNCTION:
+RIPEMD160                               423	1_1_0	EXIST::FUNCTION:RMD160
+CRYPTO_ocb128_setiv                     424	1_1_0	EXIST::FUNCTION:OCB
+X509_CRL_digest                         425	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cbc_hmac_sha1               426	1_1_0	EXIST::FUNCTION:
+ERR_load_CMS_strings                    427	1_1_0	EXIST::FUNCTION:CMS
+EVP_MD_CTX_md                           428	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext                    429	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PSS_PARAMS                      430	1_1_0	EXIST::FUNCTION:RSA
+USERNOTICE_free                         431	1_1_0	EXIST::FUNCTION:
+MD4_Transform                           432	1_1_0	EXIST::FUNCTION:MD4
+EVP_CIPHER_block_size                   433	1_1_0	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 434	1_1_0	EXIST::FUNCTION:
+BIO_dump_fp                             435	1_1_0	EXIST::FUNCTION:STDIO
+BIO_set_flags                           436	1_1_0	EXIST::FUNCTION:
+BN_is_one                               437	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_def_policy                  438	1_1_0	EXIST::FUNCTION:TS
+DSA_free                                439	1_1_0	EXIST::FUNCTION:DSA
+BN_GENCB_new                            440	1_1_0	EXIST::FUNCTION:
+X509_VAL_new                            441	1_1_0	EXIST::FUNCTION:
+NCONF_load                              442	1_1_0	EXIST::FUNCTION:
+ASN1_put_object                         443	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       444	1_1_0	EXIST::FUNCTION:OCSP
+d2i_PublicKey                           445	1_1_0	EXIST::FUNCTION:
+ENGINE_set_ex_data                      446	1_1_0	EXIST::FUNCTION:ENGINE
+X509_get_default_private_dir            447	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_dane                448	1_1_0	EXIST::FUNCTION:
+EVP_des_ecb                             449	1_1_0	EXIST::FUNCTION:DES
+OCSP_resp_get0                          450	1_1_0	EXIST::FUNCTION:OCSP
+RSA_X931_generate_key_ex                452	1_1_0	EXIST::FUNCTION:RSA
+X509_get_serialNumber                   453	1_1_0	EXIST::FUNCTION:
+BIO_sock_should_retry                   454	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_digests                      455	1_1_0	EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_get_algo                 456	1_1_0	EXIST::FUNCTION:TS
+DH_new_method                           457	1_1_0	EXIST::FUNCTION:DH
+BF_ecb_encrypt                          458	1_1_0	EXIST::FUNCTION:BF
+PEM_write_bio_DHparams                  459	1_1_0	EXIST::FUNCTION:DH
+EVP_DigestFinal                         460	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 461	1_1_0	EXIST::FUNCTION:CT
+X509v3_asid_add_id_or_range             462	1_1_0	EXIST::FUNCTION:RFC3779
+X509_NAME_ENTRY_create_by_NID           463	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_init                  464	1_1_0	EXIST::FUNCTION:EC
+ASN1_INTEGER_to_BN                      465	1_1_0	EXIST::FUNCTION:
+OPENSSL_memcmp                          466	1_1_0	EXIST::FUNCTION:
+BUF_MEM_new                             467	1_1_0	EXIST::FUNCTION:
+DSO_set_filename                        468	1_1_0	EXIST::FUNCTION:
+DH_new                                  469	1_1_0	EXIST::FUNCTION:DH
+OCSP_RESPID_free                        470	1_1_0	EXIST::FUNCTION:OCSP
+PKCS5_pbe2_set                          471	1_1_0	EXIST::FUNCTION:
+SCT_set_signature_nid                   473	1_1_0	EXIST::FUNCTION:CT
+i2d_RSA_PUBKEY_fp                       474	1_1_0	EXIST::FUNCTION:RSA,STDIO
+PKCS12_BAGS_it                          475	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          475	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_pubkey_digest                      476	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_RSA                 477	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_THREAD_set_local                 478	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_dir_env           479	1_1_0	EXIST::FUNCTION:
+X509_CRL_sort                           480	1_1_0	EXIST::FUNCTION:
+i2d_RSA_PUBKEY_bio                      481	1_1_0	EXIST::FUNCTION:RSA
+ASN1_T61STRING_free                     482	1_1_0	EXIST::FUNCTION:
+PEM_write_CMS                           483	1_1_0	EXIST::FUNCTION:CMS,STDIO
+OPENSSL_sk_find                         484	1_1_0	EXIST::FUNCTION:
+ENGINE_get_ciphers                      485	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_rc2_ofb                             486	1_1_0	EXIST::FUNCTION:RC2
+EVP_PKEY_set1_RSA                       487	1_1_0	EXIST::FUNCTION:RSA
+CMS_SignerInfo_get0_md_ctx              488	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_set_trust                    489	1_1_0	EXIST::FUNCTION:
+d2i_POLICYINFO                          490	1_1_0	EXIST::FUNCTION:
+DES_cbc_encrypt                         491	1_1_0	EXIST::FUNCTION:DES
+BN_GF2m_mod_sqr_arr                     492	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_PRINTABLESTRING_it                 493	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 493	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_f_cipher                            494	1_1_0	EXIST::FUNCTION:
+UI_destroy_method                       495	1_1_0	EXIST::FUNCTION:UI
+BN_get_rfc3526_prime_3072               496	1_1_0	EXIST::FUNCTION:
+X509_INFO_new                           497	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_it                        498	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPDATA_it                        498	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_CRL_print                          499	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_Update                        500	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+DSA_get_ex_data                         501	1_1_0	EXIST::FUNCTION:DSA
+BN_copy                                 502	1_1_0	EXIST::FUNCTION:
+FIPS_mode_set                           503	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           504	1_1_0	EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             505	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get_trust                    506	1_1_0	EXIST::FUNCTION:
+DES_string_to_key                       507	1_1_0	EXIST::FUNCTION:DES
+ERR_error_string                        508	1_1_0	EXIST::FUNCTION:
+BIO_new_connect                         509	1_1_0	EXIST::FUNCTION:SOCK
+DSA_new_method                          511	1_1_0	EXIST::FUNCTION:DSA
+OCSP_CERTID_new                         512	1_1_0	EXIST::FUNCTION:OCSP
+X509_CRL_get_signature_nid              513	1_1_0	EXIST::FUNCTION:
+X509_policy_level_node_count            514	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     515	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_add1_i2d                         516	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  517	1_1_0	EXIST::FUNCTION:TS
+OCSP_RESPBYTES_new                      518	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_SINGLERESP_delete_ext              519	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_CTX_test_flags                   521	1_1_0	EXIST::FUNCTION:
+X509v3_addr_validate_path               522	1_1_0	EXIST::FUNCTION:RFC3779
+BIO_new_fp                              523	1_1_0	EXIST::FUNCTION:STDIO
+EC_GROUP_set_generator                  524	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_memdup                           525	1_1_0	EXIST::FUNCTION:
+DH_generate_parameters                  526	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DH
+BN_set_negative                         527	1_1_0	EXIST::FUNCTION:
+i2d_TS_RESP_bio                         528	1_1_0	EXIST::FUNCTION:TS
+ASYNC_WAIT_CTX_set_wait_fd              529	1_1_0	EXIST::FUNCTION:
+ERR_func_error_string                   530	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_data                        531	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_CRL_add1_ext_i2d                   532	1_1_0	EXIST::FUNCTION:
+i2d_TS_TST_INFO                         533	1_1_0	EXIST::FUNCTION:TS
+OBJ_sigid_free                          534	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_get0_status              535	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_get_flags                        536	1_1_0	EXIST::FUNCTION:EC
+ASN1_TYPE_cmp                           537	1_1_0	EXIST::FUNCTION:
+i2d_RSAPublicKey                        538	1_1_0	EXIST::FUNCTION:RSA
+EC_GROUP_get_trinomial_basis            539	1_1_0	EXIST::FUNCTION:EC,EC2M
+BIO_ADDRINFO_protocol                   540	1_1_0	EXIST::FUNCTION:SOCK
+i2d_PBKDF2PARAM                         541	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_RAND                  542	1_1_0	EXIST::FUNCTION:ENGINE
+PEM_write_bio_RSAPrivateKey             543	1_1_0	EXIST::FUNCTION:RSA
+CONF_get_number                         544	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_get_object               545	1_1_0	EXIST::FUNCTION:
+X509_EXTENSIONS_it                      546	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSIONS_it                      546	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_set_compressed_coordinates_GF2m 547	1_1_0	EXIST::FUNCTION:EC,EC2M
+RSA_sign_ASN1_OCTET_STRING              548	1_1_0	EXIST::FUNCTION:RSA
+d2i_X509_CRL_fp                         549	1_1_0	EXIST::FUNCTION:STDIO
+i2d_RSA_PUBKEY                          550	1_1_0	EXIST::FUNCTION:RSA
+EVP_aes_128_ccm                         551	1_1_0	EXIST::FUNCTION:
+ECParameters_print                      552	1_1_0	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get1_ext_d2i            553	1_1_0	EXIST::FUNCTION:OCSP
+RAND_status                             554	1_1_0	EXIST::FUNCTION:
+EVP_ripemd160                           555	1_1_0	EXIST::FUNCTION:RMD160
+EVP_MD_meth_set_final                   556	1_1_0	EXIST::FUNCTION:
+ENGINE_get_cmd_defns                    557	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_PKEY_USAGE_PERIOD                   558	1_1_0	EXIST::FUNCTION:
+RSAPublicKey_dup                        559	1_1_0	EXIST::FUNCTION:RSA
+RAND_write_file                         560	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod                             561	1_1_0	EXIST::FUNCTION:EC2M
+EC_GROUP_get_pentanomial_basis          562	1_1_0	EXIST::FUNCTION:EC,EC2M
+X509_CINF_free                          563	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_free                     564	1_1_0	EXIST::FUNCTION:
+EVP_DigestSignInit                      565	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_issuer          566	1_1_0	EXIST::FUNCTION:CT
+TLS_FEATURE_new                         567	1_1_0	EXIST::FUNCTION:
+RSA_get_default_method                  568	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_cts128_encrypt_block             569	1_1_0	EXIST::FUNCTION:
+ASN1_digest                             570	1_1_0	EXIST::FUNCTION:
+ERR_load_X509V3_strings                 571	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_cleanup               572	1_1_0	EXIST::FUNCTION:
+d2i_X509                                574	1_1_0	EXIST::FUNCTION:
+a2i_ASN1_STRING                         575	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_mont_data                  576	1_1_0	EXIST::FUNCTION:EC
+CMAC_CTX_copy                           577	1_1_0	EXIST::FUNCTION:CMAC
+EVP_camellia_128_cfb128                 579	1_1_0	EXIST::FUNCTION:CAMELLIA
+DH_compute_key_padded                   580	1_1_0	EXIST::FUNCTION:DH
+ERR_load_CONF_strings                   581	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_dup                   582	1_1_0	EXIST::FUNCTION:TS
+BN_GF2m_mod_exp_arr                     583	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_UTF8STRING_free                    584	1_1_0	EXIST::FUNCTION:
+BN_X931_generate_prime_ex               585	1_1_0	EXIST::FUNCTION:
+ENGINE_get_RAND                         586	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_DecryptInit                         587	1_1_0	EXIST::FUNCTION:
+BN_bin2bn                               588	1_1_0	EXIST::FUNCTION:
+X509_subject_name_hash                  589	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_flags               590	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      591	1_1_0	EXIST::FUNCTION:TS
+ASN1_TYPE_set                           592	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 593	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_bio                           594	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_copy                    595	1_1_0	EXIST::FUNCTION:
+RAND_query_egd_bytes                    596	1_1_0	EXIST::FUNCTION:EGD
+i2d_ASN1_PRINTABLE                      597	1_1_0	EXIST::FUNCTION:
+ENGINE_cmd_is_executable                598	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_puts                                599	1_1_0	EXIST::FUNCTION:
+RSAPublicKey_it                         601	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         601	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ISSUING_DIST_POINT_new                  602	1_1_0	EXIST::FUNCTION:
+X509_VAL_it                             603	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             603	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DigestVerifyInit                    604	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressChoice                     605	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_md5                                 606	1_1_0	EXIST::FUNCTION:MD5
+ASRange_new                             607	1_1_0	EXIST::FUNCTION:RFC3779
+BN_GF2m_mod_mul_arr                     608	1_1_0	EXIST::FUNCTION:EC2M
+d2i_RSA_OAEP_PARAMS                     609	1_1_0	EXIST::FUNCTION:RSA
+BIO_s_bio                               610	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_add                            611	1_1_0	EXIST::FUNCTION:
+BIO_fd_non_fatal_error                  612	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set_type                       613	1_1_0	EXIST::FUNCTION:
+ENGINE_get_next                         614	1_1_0	EXIST::FUNCTION:ENGINE
+BN_is_negative                          615	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 616	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617	1_1_0	EXIST::FUNCTION:
+X509at_get_attr                         618	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_it                          619	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          619	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DES_ede3_ofb64_encrypt                  620	1_1_0	EXIST::FUNCTION:DES
+EC_KEY_METHOD_get_compute_key           621	1_1_0	EXIST::FUNCTION:EC
+RC2_cfb64_encrypt                       622	1_1_0	EXIST::FUNCTION:RC2
+EVP_EncryptFinal_ex                     623	1_1_0	EXIST::FUNCTION:
+ERR_load_RSA_strings                    624	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_secure_malloc_done               625	1_1_0	EXIST::FUNCTION:
+RSA_OAEP_PARAMS_new                     626	1_1_0	EXIST::FUNCTION:RSA
+X509_NAME_free                          627	1_1_0	EXIST::FUNCTION:
+PKCS12_set_mac                          628	1_1_0	EXIST::FUNCTION:
+UI_get0_result_string                   629	1_1_0	EXIST::FUNCTION:UI
+TS_RESP_CTX_add_policy                  630	1_1_0	EXIST::FUNCTION:TS
+X509_REQ_dup                            631	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       633	1_1_0	EXIST::FUNCTION:DSA,STDIO
+OCSP_REQ_CTX_nbio_d2i                   634	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_REQ_fp                         635	1_1_0	EXIST::FUNCTION:STDIO
+DH_OpenSSL                              636	1_1_0	EXIST::FUNCTION:DH
+BN_get_rfc3526_prime_8192               637	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_it                         638	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         638	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_write_lock                639	1_1_0	EXIST::FUNCTION:
+X509V3_NAME_from_section                640	1_1_0	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 641	1_1_0	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get0_id                 642	1_1_0	EXIST::FUNCTION:OCSP
+UI_add_info_string                      643	1_1_0	EXIST::FUNCTION:UI
+OBJ_NAME_remove                         644	1_1_0	EXIST::FUNCTION:
+UI_get_method                           645	1_1_0	EXIST::FUNCTION:UI
+CONF_modules_unload                     646	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt_ccm64             647	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_malloc_init               648	1_1_0	EXIST::FUNCTION:
+DSAparams_dup                           649	1_1_0	EXIST::FUNCTION:DSA
+PKCS8_PRIV_KEY_INFO_new                 650	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_token                    652	1_1_0	EXIST::FUNCTION:TS
+PEM_read_bio_CMS                        653	1_1_0	EXIST::FUNCTION:CMS
+PEM_get_EVP_CIPHER_INFO                 654	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_print                        655	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_SINGLERESP                     656	1_1_0	EXIST::FUNCTION:OCSP
+ESS_CERT_ID_free                        657	1_1_0	EXIST::FUNCTION:TS
+PEM_SignInit                            658	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           659	1_1_0	EXIST::FUNCTION:
+X509_delete_ext                         660	1_1_0	EXIST::FUNCTION:
+OCSP_resp_get0_produced_at              661	1_1_0	EXIST::FUNCTION:OCSP
+IDEA_encrypt                            662	1_1_0	EXIST::FUNCTION:IDEA
+CRYPTO_nistcts128_encrypt_block         663	1_1_0	EXIST::FUNCTION:
+EVP_MD_do_all                           664	1_1_0	EXIST::FUNCTION:
+EC_KEY_oct2priv                         665	1_1_0	EXIST::FUNCTION:EC
+CONF_parse_list                         666	1_1_0	EXIST::FUNCTION:
+ENGINE_set_table_flags                  667	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_MD_meth_get_ctrl                    668	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           669	1_1_0	EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    670	1_1_0	EXIST::FUNCTION:
+ENGINE_get_table_flags                  671	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_MAC_DATA_new                     672	1_1_0	EXIST::FUNCTION:
+X509_chain_up_ref                       673	1_1_0	EXIST::FUNCTION:
+OCSP_REQINFO_it                         674	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REQINFO_it                         674	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PKCS12_add_localkeyid                   675	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_type                676	1_1_0	EXIST::FUNCTION:
+X509_TRUST_set_default                  677	1_1_0	EXIST::FUNCTION:
+TXT_DB_read                             678	1_1_0	EXIST::FUNCTION:
+BN_sub                                  679	1_1_0	EXIST::FUNCTION:
+ASRange_free                            680	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_aes_192_cfb8                        681	1_1_0	EXIST::FUNCTION:
+DSO_global_lookup                       682	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    683	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    683	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ocb128_copy_ctx                  684	1_1_0	EXIST::FUNCTION:OCB
+TS_REQ_get_ext_d2i                      685	1_1_0	EXIST::FUNCTION:TS
+AES_ige_encrypt                         686	1_1_0	EXIST::FUNCTION:
+d2i_SXNET                               687	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_log_id                       688	1_1_0	EXIST::FUNCTION:CT
+CMS_RecipientInfo_ktri_get0_signer_id   689	1_1_0	EXIST::FUNCTION:CMS
+OCSP_REQUEST_add1_ext_i2d               690	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PBE_CipherInit                      691	1_1_0	EXIST::FUNCTION:
+DSA_dup_DH                              692	1_1_0	EXIST::FUNCTION:DH,DSA
+CONF_imodule_get_value                  693	1_1_0	EXIST::FUNCTION:
+OCSP_id_issuer_cmp                      694	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_INTEGER_free                       695	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_224                  696	1_1_0	EXIST::FUNCTION:
+OPENSSL_isservice                       697	1_1_0	EXIST::FUNCTION:
+DH_compute_key                          698	1_1_0	EXIST::FUNCTION:DH
+TS_RESP_CTX_set_signer_key              699	1_1_0	EXIST::FUNCTION:TS
+i2d_DSAPrivateKey_bio                   700	1_1_0	EXIST::FUNCTION:DSA
+ASN1_item_d2i                           702	1_1_0	EXIST::FUNCTION:
+BIO_int_ctrl                            703	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_it                   704	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ReceiptRequest_it                   704	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+X509_ATTRIBUTE_get0_type                705	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_copy                    706	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     707	1_1_0	EXIST::FUNCTION:
+d2i_ASIdOrRange                         708	1_1_0	EXIST::FUNCTION:RFC3779
+i2s_ASN1_OCTET_STRING                   709	1_1_0	EXIST::FUNCTION:
+X509_add1_reject_object                 710	1_1_0	EXIST::FUNCTION:
+ERR_set_mark                            711	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  712	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     714	1_1_0	EXIST::FUNCTION:
+X509_certificate_type                   715	1_1_0	EXIST::FUNCTION:
+PKCS7_add_signature                     716	1_1_0	EXIST::FUNCTION:
+OBJ_ln2nid                              717	1_1_0	EXIST::FUNCTION:
+CRYPTO_128_unwrap                       718	1_1_0	EXIST::FUNCTION:
+BIO_new_PKCS7                           719	1_1_0	EXIST::FUNCTION:
+UI_get0_user_data                       720	1_1_0	EXIST::FUNCTION:UI
+TS_RESP_get_token                       721	1_1_0	EXIST::FUNCTION:TS
+OCSP_RESPID_new                         722	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_SET_ANY_it                         723	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         723	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_RESP_bio                         724	1_1_0	EXIST::FUNCTION:TS
+PEM_write_X509_REQ                      725	1_1_0	EXIST::FUNCTION:STDIO
+BIO_snprintf                            726	1_1_0	EXIST::FUNCTION:
+EC_POINT_hex2point                      727	1_1_0	EXIST::FUNCTION:EC
+X509v3_get_ext_by_critical              728	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_RSA                  729	1_1_0	EXIST::FUNCTION:ENGINE
+DSA_sign_setup                          730	1_1_0	EXIST::FUNCTION:DSA
+OPENSSL_sk_new_null                     731	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS8                          732	1_1_0	EXIST::FUNCTION:STDIO
+BN_mod_sqr                              733	1_1_0	EXIST::FUNCTION:
+CAST_ofb64_encrypt                      734	1_1_0	EXIST::FUNCTION:CAST
+TXT_DB_write                            735	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get1_ext_d2i               736	1_1_0	EXIST::FUNCTION:OCSP
+CMS_unsigned_add1_attr_by_NID           737	1_1_0	EXIST::FUNCTION:CMS
+BN_mod_exp_mont                         738	1_1_0	EXIST::FUNCTION:
+d2i_DHxparams                           739	1_1_0	EXIST::FUNCTION:DH
+DH_size                                 740	1_1_0	EXIST::FUNCTION:DH
+CONF_imodule_get_name                   741	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             742	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_BASICRESP_free                     743	1_1_0	EXIST::FUNCTION:OCSP
+BN_set_params                           744	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+BN_add                                  745	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_free                         746	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 747	1_1_0	EXIST::FUNCTION:TS
+RSA_check_key                           748	1_1_0	EXIST::FUNCTION:RSA
+TS_MSG_IMPRINT_set_algo                 749	1_1_0	EXIST::FUNCTION:TS
+BN_nist_mod_521                         750	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_get_local                 751	1_1_0	EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    752	1_1_0	EXIST::FUNCTION:TS
+X509_STORE_CTX_new                      753	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_new                         754	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_set_cleanup             755	1_1_0	EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      756	1_1_0	EXIST::FUNCTION:
+EVP_MD_pkey_type                        757	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_qualifiers        758	1_1_0	EXIST::FUNCTION:
+OCSP_cert_status_str                    759	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_meth_get_flags                   760	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     761	1_1_0	EXIST::FUNCTION:
+UI_UTIL_read_pw                         762	1_1_0	EXIST::FUNCTION:UI
+PKCS7_ENC_CONTENT_free                  763	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_type                  764	1_1_0	EXIST::FUNCTION:CMS
+OCSP_BASICRESP_get_ext                  765	1_1_0	EXIST::FUNCTION:OCSP
+BN_lebin2bn                             766	1_1_0	EXIST::FUNCTION:
+AES_decrypt                             767	1_1_0	EXIST::FUNCTION:
+BIO_fd_should_retry                     768	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_new                         769	1_1_0	EXIST::FUNCTION:
+ENGINE_init                             770	1_1_0	EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_add_flags                   771	1_1_0	EXIST::FUNCTION:TS
+BIO_gethostbyname                       772	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+X509V3_EXT_add                          773	1_1_0	EXIST::FUNCTION:
+UI_add_verify_string                    774	1_1_0	EXIST::FUNCTION:UI
+EVP_rc5_32_12_16_cfb64                  775	1_1_0	EXIST::FUNCTION:RC5
+PKCS7_dataVerify                        776	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  777	1_1_0	EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               778	1_1_0	EXIST::FUNCTION:
+ERR_peek_last_error_line_data           779	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  780	1_1_0	EXIST::FUNCTION:
+ASN1_i2d_bio                            781	1_1_0	EXIST::FUNCTION:
+DSA_verify                              782	1_1_0	EXIST::FUNCTION:DSA
+i2a_ASN1_OBJECT                         783	1_1_0	EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   784	1_1_0	EXIST::FUNCTION:
+DSA_new                                 785	1_1_0	EXIST::FUNCTION:DSA
+PEM_read_bio_X509_CRL                   786	1_1_0	EXIST::FUNCTION:
+PKCS7_dataDecode                        787	1_1_0	EXIST::FUNCTION:
+DSA_up_ref                              788	1_1_0	EXIST::FUNCTION:DSA
+EVP_DecryptInit_ex                      789	1_1_0	EXIST::FUNCTION:
+CONF_get1_default_config_file           790	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_encrypt                   791	1_1_0	EXIST::FUNCTION:OCB
+EXTENDED_KEY_USAGE_new                  792	1_1_0	EXIST::FUNCTION:
+EVP_EncryptFinal                        793	1_1_0	EXIST::FUNCTION:
+PEM_write_ECPrivateKey                  794	1_1_0	EXIST::FUNCTION:EC,STDIO
+EVP_CIPHER_meth_set_get_asn1_params     796	1_1_0	EXIST::FUNCTION:
+PKCS7_dataInit                          797	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               798	1_1_0	EXIST::FUNCTION:
+a2i_GENERAL_NAME                        799	1_1_0	EXIST::FUNCTION:
+SXNETID_new                             800	1_1_0	EXIST::FUNCTION:
+RC4_options                             801	1_1_0	EXIST::FUNCTION:RC4
+BIO_f_null                              802	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_name                 803	1_1_0	EXIST::FUNCTION:EC
+d2i_PBE2PARAM                           804	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_security_bits                  805	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 806	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_i2d                          807	1_1_0	EXIST::FUNCTION:
+X509V3_get_value_bool                   808	1_1_0	EXIST::FUNCTION:
+X509_verify_cert_error_string           809	1_1_0	EXIST::FUNCTION:
+d2i_X509_PUBKEY                         810	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     811	1_1_0	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             812	1_1_0	EXIST::FUNCTION:
+d2i_USERNOTICE                          813	1_1_0	EXIST::FUNCTION:
+X509_cmp                                814	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY                    815	1_1_0	EXIST::FUNCTION:EC
+ECPKParameters_print_fp                 816	1_1_0	EXIST::FUNCTION:EC,STDIO
+GENERAL_SUBTREE_free                    817	1_1_0	EXIST::FUNCTION:
+RSA_blinding_off                        818	1_1_0	EXIST::FUNCTION:RSA
+i2d_OCSP_REVOKEDINFO                    819	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_add_standard_extensions          820	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_RSA_PUBKEY                821	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_UTF8STRING                     822	1_1_0	EXIST::FUNCTION:
+TS_REQ_delete_ext                       823	1_1_0	EXIST::FUNCTION:TS
+PKCS7_DIGEST_free                       824	1_1_0	EXIST::FUNCTION:
+OBJ_nid2ln                              825	1_1_0	EXIST::FUNCTION:
+COMP_CTX_new                            826	1_1_0	EXIST::FUNCTION:COMP
+BIO_ADDR_family                         827	1_1_0	EXIST::FUNCTION:SOCK
+OCSP_RESPONSE_it                        828	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPONSE_it                        828	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BIO_ADDRINFO_socktype                   829	1_1_0	EXIST::FUNCTION:SOCK
+d2i_X509_REQ_bio                        830	1_1_0	EXIST::FUNCTION:
+EVP_PBE_cleanup                         831	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         832	1_1_0	EXIST::FUNCTION:
+CMS_get0_SignerInfos                    833	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_paramgen                       834	1_1_0	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           835	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_ATTR_VERIFY_it                    836	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    836	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_response_status_str                837	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_gcm128_new                       838	1_1_0	EXIST::FUNCTION:
+SMIME_read_PKCS7                        839	1_1_0	EXIST::FUNCTION:
+EC_GROUP_copy                           840	1_1_0	EXIST::FUNCTION:EC
+ENGINE_set_ciphers                      841	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_doall_arg                    842	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             843	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_get_attr_by_NID                844	1_1_0	EXIST::FUNCTION:
+PBE2PARAM_new                           845	1_1_0	EXIST::FUNCTION:
+DES_ecb_encrypt                         846	1_1_0	EXIST::FUNCTION:DES
+EVP_camellia_256_ecb                    847	1_1_0	EXIST::FUNCTION:CAMELLIA
+PEM_read_RSA_PUBKEY                     848	1_1_0	EXIST::FUNCTION:RSA,STDIO
+d2i_NETSCAPE_SPKAC                      849	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_check                         851	1_1_0	EXIST::FUNCTION:
+PKCS7_DIGEST_new                        852	1_1_0	EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      853	1_1_0	EXIST::FUNCTION:STDIO,TS
+d2i_PKCS8_fp                            854	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_keygen                         855	1_1_0	EXIST::FUNCTION:
+X509_CRL_dup                            856	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     857	1_1_0	EXIST::FUNCTION:
+X509_STORE_free                         858	1_1_0	EXIST::FUNCTION:
+ECDSA_sign_ex                           859	1_1_0	EXIST::FUNCTION:EC
+TXT_DB_insert                           860	1_1_0	EXIST::FUNCTION:
+EC_POINTs_make_affine                   861	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS               862	1_1_0	EXIST::FUNCTION:RSA
+BF_options                              863	1_1_0	EXIST::FUNCTION:BF
+OCSP_BASICRESP_it                       864	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_BASICRESP_it                       864	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_VERIFY_PARAM_get0_name             865	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_digest           866	1_1_0	EXIST::FUNCTION:TS
+X509_VERIFY_PARAM_set1_email            867	1_1_0	EXIST::FUNCTION:
+BIO_sock_error                          868	1_1_0	EXIST::FUNCTION:SOCK
+RSA_set_default_method                  869	1_1_0	EXIST::FUNCTION:RSA
+BN_GF2m_mod_sqrt_arr                    870	1_1_0	EXIST::FUNCTION:EC2M
+X509_get0_extensions                    871	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_set_status               872	1_1_0	EXIST::FUNCTION:TS
+RSA_verify                              873	1_1_0	EXIST::FUNCTION:RSA
+ASN1_FBOOLEAN_it                        874	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        874	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_TIME                           875	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_signctx               876	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_set_compute_key           877	1_1_0	EXIST::FUNCTION:EC
+X509_REQ_INFO_free                      878	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_create0              879	1_1_0	EXIST::FUNCTION:CMS
+EVP_MD_meth_set_cleanup                 880	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_xts                         881	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_signature                883	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_pkey_meths                   884	1_1_0	EXIST::FUNCTION:ENGINE
+CMS_EncryptedData_decrypt               885	1_1_0	EXIST::FUNCTION:CMS
+CONF_module_add                         886	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_print                      887	1_1_0	EXIST::FUNCTION:
+X509_REQ_verify                         888	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose           889	1_1_0	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  890	1_1_0	EXIST::FUNCTION:TS
+X509_EXTENSION_set_object               891	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_app_data             892	1_1_0	EXIST::FUNCTION:
+CRL_DIST_POINTS_it                      893	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      893	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DIRECTORYSTRING_new                     894	1_1_0	EXIST::FUNCTION:
+ERR_load_ASYNC_strings                  895	1_1_0	EXIST::FUNCTION:
+EVP_bf_cfb64                            896	1_1_0	EXIST::FUNCTION:BF
+PKCS7_sign_add_signer                   897	1_1_0	EXIST::FUNCTION:
+X509_print_ex                           898	1_1_0	EXIST::FUNCTION:
+PKCS7_add_recipient                     899	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 900	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_SIG                            901	1_1_0	EXIST::FUNCTION:
+X509_NAME_set                           902	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_pop                          903	1_1_0	EXIST::FUNCTION:
+ENGINE_register_ciphers                 904	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS5_pbe2_set_iv                       905	1_1_0	EXIST::FUNCTION:
+ASN1_add_stable_module                  906	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cbc                    907	1_1_0	EXIST::FUNCTION:CAMELLIA
+COMP_zlib                               908	1_1_0	EXIST::FUNCTION:COMP
+EVP_read_pw_string                      909	1_1_0	EXIST::FUNCTION:UI
+i2d_ASN1_NULL                           910	1_1_0	EXIST::FUNCTION:
+DES_encrypt1                            911	1_1_0	EXIST::FUNCTION:DES
+BN_mod_lshift1_quick                    912	1_1_0	EXIST::FUNCTION:
+BN_get_rfc3526_prime_6144               913	1_1_0	EXIST::FUNCTION:
+OBJ_obj2txt                             914	1_1_0	EXIST::FUNCTION:
+UI_set_result                           915	1_1_0	EXIST::FUNCTION:UI
+EVP_EncodeUpdate                        916	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  917	1_1_0	EXIST::FUNCTION:
+BN_cmp                                  918	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_log_store       919	1_1_0	EXIST::FUNCTION:CT
+CONF_set_default_method                 920	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  921	1_1_0	EXIST::FUNCTION:
+X509_add1_ext_i2d                       922	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    924	1_1_0	EXIST::FUNCTION:
+PKCS1_MGF1                              925	1_1_0	EXIST::FUNCTION:RSA
+BIO_vsnprintf                           926	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      927	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_malloc_initialized        928	1_1_0	EXIST::FUNCTION:
+o2i_SCT_LIST                            929	1_1_0	EXIST::FUNCTION:CT
+ASN1_PCTX_get_cert_flags                930	1_1_0	EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 931	1_1_0	EXIST::FUNCTION:
+DHparams_dup                            932	1_1_0	EXIST::FUNCTION:DH
+X509_get_ext                            933	1_1_0	EXIST::FUNCTION:
+X509_issuer_and_serial_hash             934	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_it                       935	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       935	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_EC_PUBKEY                      936	1_1_0	EXIST::FUNCTION:EC,STDIO
+d2i_ASN1_IA5STRING                      937	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    938	1_1_0	EXIST::FUNCTION:TS
+i2d_X509_CRL_fp                         939	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_get0_signers                      940	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              941	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTS_set_certs                 942	1_1_0	EXIST::FUNCTION:TS
+BN_MONT_CTX_copy                        943	1_1_0	EXIST::FUNCTION:
+OPENSSL_INIT_new                        945	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_dup                         946	1_1_0	EXIST::FUNCTION:TS
+i2d_ECPrivateKey                        947	1_1_0	EXIST::FUNCTION:EC
+X509_NAME_ENTRY_create_by_OBJ           948	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   949	1_1_0	EXIST::FUNCTION:TS
+ASN1_INTEGER_get                        950	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       951	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       951	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_VerifyFinal                         952	1_1_0	EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               953	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_ENTRY_set_object              954	1_1_0	EXIST::FUNCTION:
+BIO_s_socket                            955	1_1_0	EXIST::FUNCTION:SOCK
+EVP_rc5_32_12_16_ecb                    956	1_1_0	EXIST::FUNCTION:RC5
+i2d_PKCS8_bio                           957	1_1_0	EXIST::FUNCTION:
+v2i_ASN1_BIT_STRING                     958	1_1_0	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   959	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_init                           960	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                961	1_1_0	EXIST::FUNCTION:
+RSA_PSS_PARAMS_new                      962	1_1_0	EXIST::FUNCTION:RSA
+RSA_sign                                963	1_1_0	EXIST::FUNCTION:RSA
+EVP_DigestVerifyFinal                   964	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      965	1_1_0	EXIST::FUNCTION:RSA
+TS_RESP_dup                             966	1_1_0	EXIST::FUNCTION:TS
+ERR_set_error_data                      967	1_1_0	EXIST::FUNCTION:
+BN_RECP_CTX_new                         968	1_1_0	EXIST::FUNCTION:
+DES_options                             969	1_1_0	EXIST::FUNCTION:DES
+IPAddressChoice_it                      970	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      970	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ASN1_UNIVERSALSTRING_it                 971	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 971	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_DSAPublicKey                        972	1_1_0	EXIST::FUNCTION:DSA
+ENGINE_get_name                         973	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_THREAD_read_lock                 974	1_1_0	EXIST::FUNCTION:
+ASIdentifierChoice_free                 975	1_1_0	EXIST::FUNCTION:RFC3779
+BIO_dgram_sctp_msg_waiting              976	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+BN_is_bit_set                           978	1_1_0	EXIST::FUNCTION:
+AES_ofb128_encrypt                      979	1_1_0	EXIST::FUNCTION:
+X509_STORE_add_lookup                   980	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  981	1_1_0	EXIST::FUNCTION:
+IDEA_options                            982	1_1_0	EXIST::FUNCTION:IDEA
+d2i_X509_REQ                            983	1_1_0	EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      984	1_1_0	EXIST::FUNCTION:TS
+X509_PURPOSE_get_by_id                  985	1_1_0	EXIST::FUNCTION:
+X509_get1_ocsp                          986	1_1_0	EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 987	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_free                       988	1_1_0	EXIST::FUNCTION:
+ERR_load_TS_strings                     989	1_1_0	EXIST::FUNCTION:TS
+BN_nist_mod_func                        990	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_new                         991	1_1_0	EXIST::FUNCTION:OCSP
+DSA_SIG_new                             992	1_1_0	EXIST::FUNCTION:DSA
+DH_get_default_method                   993	1_1_0	EXIST::FUNCTION:DH
+PEM_proc_type                           994	1_1_0	EXIST::FUNCTION:
+BIO_printf                              995	1_1_0	EXIST::FUNCTION:
+a2i_IPADDRESS                           996	1_1_0	EXIST::FUNCTION:
+ERR_peek_error_line_data                997	1_1_0	EXIST::FUNCTION:
+ERR_unload_strings                      998	1_1_0	EXIST::FUNCTION:
+SEED_cfb128_encrypt                     999	1_1_0	EXIST::FUNCTION:SEED
+ASN1_BIT_STRING_it                      1000	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      1000	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_decrypt_skey                     1001	1_1_0	EXIST::FUNCTION:
+ENGINE_register_EC                      1002	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_new                       1003	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_cbc128_encrypt                   1004	1_1_0	EXIST::FUNCTION:
+i2d_RSAPublicKey_bio                    1005	1_1_0	EXIST::FUNCTION:RSA
+X509_chain_check_suiteb                 1006	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_REQUEST                        1007	1_1_0	EXIST::FUNCTION:OCSP
+BN_X931_generate_Xpq                    1008	1_1_0	EXIST::FUNCTION:
+ASN1_item_digest                        1009	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_trust             1010	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1011	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               1012	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_it                         1013	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         1013	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_DSA_PUBKEY_fp                       1014	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509at_get_attr_by_OBJ                  1015	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      1016	1_1_0	EXIST::FUNCTION:
+UI_dup_error_string                     1017	1_1_0	EXIST::FUNCTION:UI
+OPENSSL_LH_num_items                    1018	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_cmp                        1020	1_1_0	EXIST::FUNCTION:
+X509_NAME_entry_count                   1021	1_1_0	EXIST::FUNCTION:
+UI_method_set_closer                    1022	1_1_0	EXIST::FUNCTION:UI
+OPENSSL_LH_get_down_load                1023	1_1_0	EXIST::FUNCTION:
+EVP_md4                                 1024	1_1_0	EXIST::FUNCTION:MD4
+X509_set_subject_name                   1025	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             1026	1_1_0	EXIST::FUNCTION:
+ERR_put_error                           1027	1_1_0	EXIST::FUNCTION:
+ERR_add_error_data                      1028	1_1_0	EXIST::FUNCTION:
+X509_ALGORS_it                          1029	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGORS_it                          1029	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+MD5_Update                              1030	1_1_0	EXIST::FUNCTION:MD5
+X509_policy_check                       1031	1_1_0	EXIST::FUNCTION:
+X509_CRL_METHOD_new                     1032	1_1_0	EXIST::FUNCTION:
+ASN1_ANY_it                             1033	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             1033	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_DSA_SIG                             1034	1_1_0	EXIST::FUNCTION:DSA
+DH_free                                 1035	1_1_0	EXIST::FUNCTION:DH
+ENGINE_register_all_DSA                 1036	1_1_0	EXIST::FUNCTION:ENGINE
+TS_REQ_set_msg_imprint                  1037	1_1_0	EXIST::FUNCTION:TS
+BN_mod_sub_quick                        1038	1_1_0	EXIST::FUNCTION:
+SMIME_write_CMS                         1039	1_1_0	EXIST::FUNCTION:CMS
+i2d_DSAPublicKey                        1040	1_1_0	EXIST::FUNCTION:DSA
+SMIME_text                              1042	1_1_0	EXIST::FUNCTION:
+PKCS7_add_recipient_info                1043	1_1_0	EXIST::FUNCTION:
+BN_get_word                             1044	1_1_0	EXIST::FUNCTION:
+EVP_CipherFinal                         1045	1_1_0	EXIST::FUNCTION:
+i2d_X509_bio                            1046	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_new                      1047	1_1_0	EXIST::FUNCTION:
+X509_getm_notAfter                      1048	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_dup                          1049	1_1_0	EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       1050	1_1_0	EXIST::FUNCTION:
+d2i_EC_PUBKEY_bio                       1051	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_CTX_set_error                1052	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_set_keygen                1053	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_free                             1054	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_exp                         1055	1_1_0	EXIST::FUNCTION:EC2M
+OPENSSL_buf2hexstr                      1056	1_1_0	EXIST::FUNCTION:
+DES_encrypt2                            1057	1_1_0	EXIST::FUNCTION:DES
+DH_up_ref                               1058	1_1_0	EXIST::FUNCTION:DH
+RC2_ofb64_encrypt                       1059	1_1_0	EXIST::FUNCTION:RC2
+PKCS12_pbe_crypt                        1060	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_free                      1061	1_1_0	EXIST::FUNCTION:RFC3779
+X509_VERIFY_PARAM_get0                  1062	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_input_blocksize         1063	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  1064	1_1_0	EXIST::FUNCTION:TS
+PKCS12_SAFEBAG_create_cert              1065	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_malloc                 1066	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+RAND_seed                               1067	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKAC_free                     1068	1_1_0	EXIST::FUNCTION:
+X509_CRL_diff                           1069	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_flags             1070	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_set_data                 1071	1_1_0	EXIST::FUNCTION:
+ENGINE_get_EC                           1072	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_STRING_copy                        1073	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    1074	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_free                         1075	1_1_0	EXIST::FUNCTION:
+DES_is_weak_key                         1076	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_verify                         1077	1_1_0	EXIST::FUNCTION:
+ERR_load_BIO_strings                    1078	1_1_0	EXIST::FUNCTION:
+BIO_nread                               1079	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              1080	1_1_0	EXIST::FUNCTION:RSA
+OBJ_nid2obj                             1081	1_1_0	EXIST::FUNCTION:
+CRYPTO_ofb128_encrypt                   1082	1_1_0	EXIST::FUNCTION:
+ENGINE_set_init_function                1083	1_1_0	EXIST::FUNCTION:ENGINE
+NCONF_default                           1084	1_1_0	EXIST::FUNCTION:
+ENGINE_remove                           1085	1_1_0	EXIST::FUNCTION:ENGINE
+ASYNC_get_current_job                   1086	1_1_0	EXIST::FUNCTION:
+OBJ_nid2sn                              1087	1_1_0	EXIST::FUNCTION:
+X509_gmtime_adj                         1088	1_1_0	EXIST::FUNCTION:
+X509_add_ext                            1089	1_1_0	EXIST::FUNCTION:
+ENGINE_set_DSA                          1090	1_1_0	EXIST::FUNCTION:ENGINE
+EC_KEY_METHOD_set_sign                  1091	1_1_0	EXIST::FUNCTION:EC
+d2i_TS_MSG_IMPRINT                      1092	1_1_0	EXIST::FUNCTION:TS
+X509_print_ex_fp                        1093	1_1_0	EXIST::FUNCTION:STDIO
+ERR_load_PEM_strings                    1094	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       1095	1_1_0	EXIST::FUNCTION:ENGINE
+IPAddressFamily_free                    1096	1_1_0	EXIST::FUNCTION:RFC3779
+UI_method_get_prompt_constructor        1097	1_1_0	EXIST::FUNCTION:UI
+ASN1_NULL_it                            1098	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            1098	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_get_pubkey                     1099	1_1_0	EXIST::FUNCTION:
+X509_CRL_set1_nextUpdate                1100	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb64                      1101	1_1_0	EXIST::FUNCTION:DES
+BN_to_ASN1_INTEGER                      1102	1_1_0	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 1103	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  1104	1_1_0	EXIST::FUNCTION:EC
+BN_MONT_CTX_set                         1105	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_serial                      1106	1_1_0	EXIST::FUNCTION:TS
+X509_NAME_ENTRY_new                     1107	1_1_0	EXIST::FUNCTION:
+RSA_security_bits                       1108	1_1_0	EXIST::FUNCTION:RSA
+X509v3_addr_add_prefix                  1109	1_1_0	EXIST::FUNCTION:RFC3779
+X509_REQ_print_fp                       1110	1_1_0	EXIST::FUNCTION:STDIO
+ASN1_item_ex_new                        1111	1_1_0	EXIST::FUNCTION:
+BIO_s_datagram                          1112	1_1_0	EXIST::FUNCTION:DGRAM
+PEM_write_bio_PKCS8                     1113	1_1_0	EXIST::FUNCTION:
+ASN1_str2mask                           1114	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get                           1115	1_1_0	EXIST::FUNCTION:
+i2d_X509_EXTENSIONS                     1116	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_store               1117	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_p7data                      1118	1_1_0	EXIST::FUNCTION:
+RSA_print_fp                            1119	1_1_0	EXIST::FUNCTION:RSA,STDIO
+OPENSSL_INIT_set_config_appname         1120	1_1_0	EXIST::FUNCTION:STDIO
+EC_KEY_print_fp                         1121	1_1_0	EXIST::FUNCTION:EC,STDIO
+BIO_dup_chain                           1122	1_1_0	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_it                  1123	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  1123	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RSA_OAEP_PARAMS_free                    1124	1_1_0	EXIST::FUNCTION:RSA
+ASN1_item_new                           1125	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt                   1126	1_1_0	EXIST::FUNCTION:
+RC2_encrypt                             1127	1_1_0	EXIST::FUNCTION:RC2
+PEM_write                               1128	1_1_0	EXIST::FUNCTION:STDIO
+EVP_CIPHER_meth_get_get_asn1_params     1129	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      1130	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ASN1_UTF8STRING                     1131	1_1_0	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_it                   1132	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   1132	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit                          1133	1_1_0	EXIST::FUNCTION:
+PKCS12_add_safe                         1134	1_1_0	EXIST::FUNCTION:
+ENGINE_get_digest                       1135	1_1_0	EXIST::FUNCTION:ENGINE
+EC_GROUP_have_precompute_mult           1136	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_gmtime                          1137	1_1_0	EXIST::FUNCTION:
+X509_set_issuer_name                    1138	1_1_0	EXIST::FUNCTION:
+RSA_new                                 1139	1_1_0	EXIST::FUNCTION:RSA
+ASN1_STRING_set_by_NID                  1140	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS7                     1141	1_1_0	EXIST::FUNCTION:
+MDC2_Final                              1142	1_1_0	EXIST::FUNCTION:MDC2
+SMIME_crlf_copy                         1143	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              1144	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_REQ_CTX_new                        1145	1_1_0	EXIST::FUNCTION:OCSP
+X509_load_cert_crl_file                 1146	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    1147	1_1_0	EXIST::FUNCTION:
+DIST_POINT_new                          1148	1_1_0	EXIST::FUNCTION:
+BN_is_prime_fasttest                    1149	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+EC_POINT_dup                            1150	1_1_0	EXIST::FUNCTION:EC
+PKCS5_v2_scrypt_keyivgen                1151	1_1_0	EXIST::FUNCTION:SCRYPT
+X509_STORE_CTX_set0_param               1152	1_1_0	EXIST::FUNCTION:
+DES_check_key_parity                    1153	1_1_0	EXIST::FUNCTION:DES
+EVP_aes_256_ocb                         1154	1_1_0	EXIST::FUNCTION:OCB
+X509_VAL_free                           1155	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_certs               1156	1_1_0	EXIST::FUNCTION:
+PEM_write_RSA_PUBKEY                    1157	1_1_0	EXIST::FUNCTION:RSA,STDIO
+PKCS12_SAFEBAG_get0_p8inf               1158	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_issuer_name                1159	1_1_0	EXIST::FUNCTION:
+CMS_EncryptedData_encrypt               1160	1_1_0	EXIST::FUNCTION:CMS
+ASN1_tag2str                            1161	1_1_0	EXIST::FUNCTION:
+BN_zero_ex                              1162	1_1_0	EXIST::FUNCTION:
+X509_NAME_dup                           1163	1_1_0	EXIST::FUNCTION:
+SCT_LIST_print                          1164	1_1_0	EXIST::FUNCTION:CT
+NOTICEREF_it                            1165	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            1165	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CMS_add0_crl                            1166	1_1_0	EXIST::FUNCTION:CMS
+d2i_DSAparams                           1167	1_1_0	EXIST::FUNCTION:DSA
+EVP_CIPHER_CTX_set_app_data             1168	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1169	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_certs                       1170	1_1_0	EXIST::FUNCTION:TS
+BN_security_bits                        1171	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  1172	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  1173	1_1_0	EXIST::FUNCTION:TS
+ASN1_PCTX_get_str_flags                 1174	1_1_0	EXIST::FUNCTION:
+SHA256                                  1175	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    1176	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   1177	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_RAND                 1178	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_connect                             1179	1_1_0	EXIST::FUNCTION:SOCK
+TS_TST_INFO_add_ext                     1180	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_192_ccm                         1181	1_1_0	EXIST::FUNCTION:
+X509V3_add_value                        1182	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           1183	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_digests               1184	1_1_0	EXIST::FUNCTION:ENGINE
+IPAddressOrRange_new                    1185	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_aes_256_ofb                         1186	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_push                   1187	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+X509_PKEY_new                           1188	1_1_0	EXIST::FUNCTION:
+X509_get_key_usage                      1189	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            1190	1_1_0	EXIST::FUNCTION:
+PEM_SignFinal                           1191	1_1_0	EXIST::FUNCTION:
+PEM_bytes_read_bio                      1192	1_1_0	EXIST::FUNCTION:
+X509_signature_dump                     1193	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              1194	1_1_0	EXIST::FUNCTION:TS
+RAND_pseudo_bytes                       1195	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+DES_ofb_encrypt                         1196	1_1_0	EXIST::FUNCTION:DES
+EVP_add_digest                          1197	1_1_0	EXIST::FUNCTION:
+ASN1_item_sign_ctx                      1198	1_1_0	EXIST::FUNCTION:
+BIO_dump_indent_cb                      1199	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_depth             1200	1_1_0	EXIST::FUNCTION:
+DES_ecb3_encrypt                        1201	1_1_0	EXIST::FUNCTION:DES
+OBJ_obj2nid                             1202	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1203	1_1_0	EXIST::FUNCTION:
+EVP_cast5_cfb64                         1204	1_1_0	EXIST::FUNCTION:CAST
+OPENSSL_uni2asc                         1205	1_1_0	EXIST::FUNCTION:
+SCT_validation_status_string            1206	1_1_0	EXIST::FUNCTION:CT
+PKCS7_add_attribute                     1207	1_1_0	EXIST::FUNCTION:
+ENGINE_register_DSA                     1208	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_node_stats                   1209	1_1_0	EXIST::FUNCTION:STDIO
+X509_policy_tree_free                   1210	1_1_0	EXIST::FUNCTION:
+EC_GFp_simple_method                    1211	1_1_0	EXIST::FUNCTION:EC
+X509_it                                 1212	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 1212	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_PROXY_POLICY                        1213	1_1_0	EXIST::FUNCTION:
+MDC2_Update                             1214	1_1_0	EXIST::FUNCTION:MDC2
+EC_KEY_new_by_curve_name                1215	1_1_0	EXIST::FUNCTION:EC
+X509_CRL_free                           1216	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 1217	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      1218	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CERTSTATUS_it                      1218	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BIO_f_reliable                          1219	1_1_0	EXIST::FUNCTION:
+OCSP_resp_count                         1220	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_AUX                            1221	1_1_0	EXIST::FUNCTION:
+RSA_verify_PKCS1_PSS_mgf1               1222	1_1_0	EXIST::FUNCTION:RSA
+X509_time_adj                           1223	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  1224	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_flags             1225	1_1_0	EXIST::FUNCTION:
+OPENSSL_DIR_end                         1226	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new                            1227	1_1_0	EXIST::FUNCTION:EC
+CMS_SignerInfo_get0_pkey_ctx            1228	1_1_0	EXIST::FUNCTION:CMS
+d2i_ASN1_PRINTABLESTRING                1229	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_ktri_cert_cmp         1230	1_1_0	EXIST::FUNCTION:CMS
+CMS_decrypt_set1_pkey                   1231	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_RECIP_INFO_set                    1232	1_1_0	EXIST::FUNCTION:
+EC_POINT_is_on_curve                    1233	1_1_0	EXIST::FUNCTION:EC
+PKCS12_add_cert                         1234	1_1_0	EXIST::FUNCTION:
+X509_NAME_hash_old                      1235	1_1_0	EXIST::FUNCTION:
+PBKDF2PARAM_free                        1236	1_1_0	EXIST::FUNCTION:
+i2d_CMS_ContentInfo                     1237	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_set_ctrl                1238	1_1_0	EXIST::FUNCTION:
+RSA_public_decrypt                      1239	1_1_0	EXIST::FUNCTION:RSA
+ENGINE_get_id                           1240	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_item_decrypt_d2i                 1241	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_DSAparams                  1242	1_1_0	EXIST::FUNCTION:DSA
+X509_CRL_cmp                            1243	1_1_0	EXIST::FUNCTION:
+DSO_METHOD_openssl                      1244	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey_fp                       1245	1_1_0	EXIST::FUNCTION:STDIO
+i2d_NETSCAPE_CERT_SEQUENCE              1246	1_1_0	EXIST::FUNCTION:
+EC_POINT_oct2point                      1248	1_1_0	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_buf_noconst              1249	1_1_0	EXIST::FUNCTION:
+OPENSSL_DIR_read                        1250	1_1_0	EXIST::FUNCTION:
+CMS_add_smimecap                        1251	1_1_0	EXIST::FUNCTION:CMS
+X509_check_email                        1252	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt_block             1253	1_1_0	EXIST::FUNCTION:
+UI_method_get_opener                    1254	1_1_0	EXIST::FUNCTION:UI
+EVP_aes_192_gcm                         1255	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    1256	1_1_0	EXIST::FUNCTION:TS
+X509_email_free                         1257	1_1_0	EXIST::FUNCTION:
+BIO_get_callback                        1258	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_shift                        1259	1_1_0	EXIST::FUNCTION:
+i2d_X509_REVOKED                        1260	1_1_0	EXIST::FUNCTION:
+CMS_sign                                1261	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_add_cert                     1262	1_1_0	EXIST::FUNCTION:
+EC_GROUP_precompute_mult                1263	1_1_0	EXIST::FUNCTION:EC
+d2i_DISPLAYTEXT                         1265	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_copy                           1266	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_init                      1267	1_1_0	EXIST::FUNCTION:
+i2d_X509_CINF                           1268	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 1269	1_1_0	EXIST::FUNCTION:
+RC5_32_cfb64_encrypt                    1270	1_1_0	EXIST::FUNCTION:RC5
+TS_REQ_set_cert_req                     1271	1_1_0	EXIST::FUNCTION:TS
+TXT_DB_get_by_index                     1272	1_1_0	EXIST::FUNCTION:
+X509_check_ca                           1273	1_1_0	EXIST::FUNCTION:
+DH_get_2048_224                         1274	1_1_0	EXIST::FUNCTION:DH
+X509_http_nbio                          1275	1_1_0	EXIST::FUNCTION:OCSP
+i2d_AUTHORITY_INFO_ACCESS               1276	1_1_0	EXIST::FUNCTION:
+EVP_get_cipherbyname                    1277	1_1_0	EXIST::FUNCTION:
+CONF_dump_fp                            1278	1_1_0	EXIST::FUNCTION:STDIO
+d2i_DIST_POINT_NAME                     1279	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set_int64                  1280	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_free                          1281	1_1_0	EXIST::FUNCTION:
+i2o_SCT_LIST                            1282	1_1_0	EXIST::FUNCTION:CT
+AES_encrypt                             1283	1_1_0	EXIST::FUNCTION:
+MD5_Init                                1284	1_1_0	EXIST::FUNCTION:MD5
+UI_add_error_string                     1285	1_1_0	EXIST::FUNCTION:UI
+X509_TRUST_cleanup                      1286	1_1_0	EXIST::FUNCTION:
+PEM_read_X509                           1287	1_1_0	EXIST::FUNCTION:STDIO
+EC_KEY_new_method                       1288	1_1_0	EXIST::FUNCTION:EC
+i2d_RSAPublicKey_fp                     1289	1_1_0	EXIST::FUNCTION:RSA,STDIO
+CRYPTO_ctr128_encrypt_ctr32             1290	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_move_peername         1291	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_it                      1292	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SINGLERESP_it                      1292	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+BN_num_bits                             1293	1_1_0	EXIST::FUNCTION:
+X509_CRL_METHOD_free                    1294	1_1_0	EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1295	1_1_0	EXIST::FUNCTION:STDIO
+OPENSSL_load_builtin_modules            1296	1_1_0	EXIST::FUNCTION:
+X509_set_version                        1297	1_1_0	EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       1298	1_1_0	EXIST::FUNCTION:EC
+X509_REQ_get_attr_count                 1299	1_1_0	EXIST::FUNCTION:
+CMS_set1_signers_certs                  1300	1_1_0	EXIST::FUNCTION:CMS
+TS_ACCURACY_free                        1301	1_1_0	EXIST::FUNCTION:TS
+PEM_write_DSA_PUBKEY                    1302	1_1_0	EXIST::FUNCTION:DSA,STDIO
+BN_rshift1                              1303	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      1304	1_1_0	EXIST::FUNCTION:
+PBKDF2PARAM_it                          1305	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          1305	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_result_maxsize                   1306	1_1_0	EXIST::FUNCTION:UI
+PBEPARAM_it                             1307	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             1307	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_ACCURACY_set_seconds                 1308	1_1_0	EXIST::FUNCTION:TS
+UI_get0_action_string                   1309	1_1_0	EXIST::FUNCTION:UI
+RC2_decrypt                             1310	1_1_0	EXIST::FUNCTION:RC2
+OPENSSL_atexit                          1311	1_1_0	EXIST::FUNCTION:
+CMS_add_standard_smimecap               1312	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_add_attrib_content_type           1313	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_set_flags                   1314	1_1_0	EXIST::FUNCTION:
+ERR_peek_last_error                     1315	1_1_0	EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    1316	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_NULL                           1317	1_1_0	EXIST::FUNCTION:
+RAND_event                              1318	1_1_0	EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
+i2d_PKCS12_fp                           1319	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_meth_get_init                  1320	1_1_0	EXIST::FUNCTION:
+X509_check_trust                        1321	1_1_0	EXIST::FUNCTION:
+b2i_PrivateKey                          1322	1_1_0	EXIST::FUNCTION:DSA
+HMAC_Init_ex                            1323	1_1_0	EXIST::FUNCTION:
+SMIME_read_CMS                          1324	1_1_0	EXIST::FUNCTION:CMS
+X509_subject_name_cmp                   1325	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_finish                    1326	1_1_0	EXIST::FUNCTION:OCB
+EVP_CIPHER_do_all                       1327	1_1_0	EXIST::FUNCTION:
+POLICY_MAPPINGS_it                      1328	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      1328	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+SCT_set0_log_id                         1329	1_1_0	EXIST::FUNCTION:CT
+CRYPTO_cfb128_encrypt                   1330	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_PKCS1_type_2            1331	1_1_0	EXIST::FUNCTION:RSA
+TS_CONF_set_signer_cert                 1332	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_OBJECT                         1333	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1334	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_int                    1335	1_1_0	EXIST::FUNCTION:
+TS_REQ_set_nonce                        1336	1_1_0	EXIST::FUNCTION:TS
+Camellia_ctr128_encrypt                 1337	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_LOOKUP_new                         1338	1_1_0	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               1339	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     1340	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG,STDIO
+DES_set_key_unchecked                   1341	1_1_0	EXIST::FUNCTION:DES
+BN_free                                 1342	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb1                        1343	1_1_0	EXIST::FUNCTION:
+EC_KEY_get0_group                       1344	1_1_0	EXIST::FUNCTION:EC
+PEM_write_bio_CMS_stream                1345	1_1_0	EXIST::FUNCTION:CMS
+BIO_f_linebuffer                        1346	1_1_0	EXIST::FUNCTION:
+ASN1_item_d2i_bio                       1347	1_1_0	EXIST::FUNCTION:
+ENGINE_get_flags                        1348	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_resp_find                          1349	1_1_0	EXIST::FUNCTION:OCSP
+OPENSSL_LH_node_usage_stats_bio         1350	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1351	1_1_0	EXIST::FUNCTION:
+CRYPTO_cfb128_8_encrypt                 1352	1_1_0	EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1353	1_1_0	EXIST::FUNCTION:
+CRYPTO_clear_free                       1354	1_1_0	EXIST::FUNCTION:
+i2v_GENERAL_NAME                        1355	1_1_0	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   1356	1_1_0	EXIST::FUNCTION:
+CRYPTO_realloc                          1357	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_pending                        1358	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_new                         1360	1_1_0	EXIST::FUNCTION:
+X509_sign_ctx                           1361	1_1_0	EXIST::FUNCTION:
+BN_is_odd                               1362	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1363	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_get_int64               1364	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_app_data                  1365	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_file_env          1366	1_1_0	EXIST::FUNCTION:
+X509v3_addr_validate_resource_set       1367	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_X509_VAL                            1368	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_decrypt_ctr32             1370	1_1_0	EXIST::FUNCTION:
+DHparams_print                          1371	1_1_0	EXIST::FUNCTION:DH
+OPENSSL_sk_unshift                      1372	1_1_0	EXIST::FUNCTION:
+BN_GENCB_set_old                        1373	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509                      1374	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      1375	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_DH                    1376	1_1_0	EXIST::FUNCTION:ENGINE
+PROXY_CERT_INFO_EXTENSION_it            1377	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it            1377	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CT_POLICY_EVAL_CTX_set1_cert            1378	1_1_0	EXIST::FUNCTION:CT
+X509_NAME_hash                          1379	1_1_0	EXIST::FUNCTION:
+SCT_set_timestamp                       1380	1_1_0	EXIST::FUNCTION:CT
+UI_new                                  1381	1_1_0	EXIST::FUNCTION:UI
+TS_REQ_get_msg_imprint                  1382	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS12_BAGS                         1383	1_1_0	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1385	1_1_0	EXIST::FUNCTION:
+X509V3_get_section                      1386	1_1_0	EXIST::FUNCTION:
+BIO_parse_hostserv                      1387	1_1_0	EXIST::FUNCTION:SOCK
+EVP_PKEY_meth_set_cleanup               1388	1_1_0	EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free          1389	1_1_0	EXIST::FUNCTION:
+X509_dup                                1390	1_1_0	EXIST::FUNCTION:
+EDIPARTYNAME_free                       1391	1_1_0	EXIST::FUNCTION:
+X509_CRL_add0_revoked                   1393	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 1394	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1395	1_1_0	EXIST::FUNCTION:
+EC_GROUP_check_discriminant             1396	1_1_0	EXIST::FUNCTION:EC
+PKCS12_MAC_DATA_free                    1397	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 1398	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       1399	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       1400	1_1_0	EXIST::FUNCTION:
+X509_REQ_set_pubkey                     1401	1_1_0	EXIST::FUNCTION:
+UI_create_method                        1402	1_1_0	EXIST::FUNCTION:UI
+X509_REQ_add_extensions_nid             1403	1_1_0	EXIST::FUNCTION:
+PEM_X509_INFO_write_bio                 1404	1_1_0	EXIST::FUNCTION:
+BIO_dump_cb                             1405	1_1_0	EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1406	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_ofb                        1407	1_1_0	EXIST::FUNCTION:DES
+EVP_MD_meth_get_cleanup                 1408	1_1_0	EXIST::FUNCTION:
+SRP_Calc_server_key                     1409	1_1_0	EXIST::FUNCTION:SRP
+BN_mod_exp_simple                       1410	1_1_0	EXIST::FUNCTION:
+BIO_set_ex_data                         1411	1_1_0	EXIST::FUNCTION:
+SHA512                                  1412	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy      1413	1_1_0	EXIST::FUNCTION:
+EVP_DecodeBlock                         1414	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_http                       1415	1_1_0	EXIST::FUNCTION:OCSP
+EVP_MD_CTX_reset                        1416	1_1_0	EXIST::FUNCTION:
+X509_NAME_new                           1417	1_1_0	EXIST::FUNCTION:
+ASN1_item_pack                          1418	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 1419	1_1_0	EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1420	1_1_0	EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         1421	1_1_0	EXIST::FUNCTION:TS
+X509_TRUST_get_by_id                    1422	1_1_0	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1423	1_1_0	EXIST::FUNCTION:RSA,STDIO
+EVP_PBE_get                             1424	1_1_0	EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt               1425	1_1_0	EXIST::FUNCTION:
+CONF_modules_finish                     1426	1_1_0	EXIST::FUNCTION:
+BN_value_one                            1427	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_SSLv23                  1428	1_1_0	EXIST::FUNCTION:RSA
+OCSP_RESPBYTES_it                       1429	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPBYTES_it                       1429	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+EVP_aes_192_wrap                        1430	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_it                          1431	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CERTID_it                          1431	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+ENGINE_get_RSA                          1432	1_1_0	EXIST::FUNCTION:ENGINE
+RAND_get_rand_method                    1433	1_1_0	EXIST::FUNCTION:
+ERR_load_DSA_strings                    1434	1_1_0	EXIST::FUNCTION:DSA
+ASN1_check_infinite_end                 1435	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        1436	1_1_0	EXIST::FUNCTION:
+ERR_lib_error_string                    1437	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              1438	1_1_0	EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    1439	1_1_0	EXIST::FUNCTION:EC
+BN_GENCB_free                           1440	1_1_0	EXIST::FUNCTION:
+HMAC_size                               1441	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_DH                        1442	1_1_0	EXIST::FUNCTION:DH
+d2i_OCSP_CRLID                          1443	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_set_padding              1444	1_1_0	EXIST::FUNCTION:
+CTLOG_new_from_base64                   1445	1_1_0	EXIST::FUNCTION:CT
+AES_bi_ige_encrypt                      1446	1_1_0	EXIST::FUNCTION:
+ERR_pop_to_mark                         1447	1_1_0	EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1449	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      1450	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_ctr                    1451	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_PKEY_free                           1452	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    1453	1_1_0	EXIST::FUNCTION:
+BIO_new_dgram                           1454	1_1_0	EXIST::FUNCTION:DGRAM
+CMS_RecipientInfo_kari_get0_reks        1455	1_1_0	EXIST::FUNCTION:CMS
+BASIC_CONSTRAINTS_new                   1456	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   1457	1_1_0	EXIST::FUNCTION:
+BIO_sock_init                           1458	1_1_0	EXIST::FUNCTION:SOCK
+BN_nist_mod_192                         1459	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             1460	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_nconf                        1461	1_1_0	EXIST::FUNCTION:
+X509v3_addr_inherits                    1462	1_1_0	EXIST::FUNCTION:RFC3779
+NETSCAPE_SPKI_sign                      1463	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_update                      1464	1_1_0	EXIST::FUNCTION:
+BN_gcd                                  1465	1_1_0	EXIST::FUNCTION:
+CMS_dataInit                            1466	1_1_0	EXIST::FUNCTION:CMS
+TS_CONF_get_tsa_section                 1467	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS7_SIGNER_INFO                   1468	1_1_0	EXIST::FUNCTION:
+EVP_get_pw_prompt                       1469	1_1_0	EXIST::FUNCTION:UI
+BN_bn2bin                               1470	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_BIT_STRING                     1471	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     1472	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_RAND                    1473	1_1_0	EXIST::FUNCTION:ENGINE
+X509V3_section_free                     1474	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_debug_free                   1475	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+d2i_OCSP_REQUEST                        1476	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_get_cipher_engine                1477	1_1_0	EXIST::FUNCTION:ENGINE
+SHA384_Final                            1478	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   1479	1_1_0	EXIST::FUNCTION:TS
+BN_MONT_CTX_free                        1480	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad_arr              1481	1_1_0	EXIST::FUNCTION:EC2M
+UI_add_input_string                     1482	1_1_0	EXIST::FUNCTION:UI
+TS_TST_INFO_get_version                 1483	1_1_0	EXIST::FUNCTION:TS
+BIO_accept_ex                           1484	1_1_0	EXIST::FUNCTION:SOCK
+CRYPTO_get_mem_functions                1485	1_1_0	EXIST::FUNCTION:
+PEM_read_bio                            1486	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      1487	1_1_0	EXIST::FUNCTION:OCSP
+SXNET_it                                1488	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                1488	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_indent                              1489	1_1_0	EXIST::FUNCTION:
+i2d_X509_fp                             1490	1_1_0	EXIST::FUNCTION:STDIO
+d2i_ASN1_TYPE                           1491	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_free                        1492	1_1_0	EXIST::FUNCTION:CT
+ENGINE_get_pkey_meths                   1493	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_bio                          1494	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_CTX_get_operation              1495	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_ctrl                    1496	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_set_critical             1497	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_clear                          1498	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_DSA                          1499	1_1_0	EXIST::FUNCTION:ENGINE
+ASYNC_get_wait_ctx                      1500	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_privkey_function        1501	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_ccm128_setiv                     1502	1_1_0	EXIST::FUNCTION:
+PKCS7_dataFinal                         1503	1_1_0	EXIST::FUNCTION:
+SHA1_Final                              1504	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_STRING                         1505	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_rand_key                 1506	1_1_0	EXIST::FUNCTION:
+AES_set_encrypt_key                     1507	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_new                        1508	1_1_0	EXIST::FUNCTION:
+AES_cbc_encrypt                         1509	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_free                      1510	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_asn1_find                      1511	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1512	1_1_0	EXIST::FUNCTION:
+OPENSSL_cleanup                         1513	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1514	1_1_0	EXIST::FUNCTION:
+SCT_get_source                          1515	1_1_0	EXIST::FUNCTION:CT
+EVP_PKEY_verify_init                    1516	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_set_string                    1517	1_1_0	EXIST::FUNCTION:
+BIO_free                                1518	1_1_0	EXIST::FUNCTION:
+i2d_X509_ALGOR                          1519	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                1520	1_1_0	EXIST::FUNCTION:
+ASYNC_pause_job                         1521	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_new                      1522	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_256_ofb                    1523	1_1_0	EXIST::FUNCTION:CAMELLIA
+PKCS12_item_i2d_encrypt                 1524	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  1525	1_1_0	EXIST::FUNCTION:
+EC_POINT_clear_free                     1526	1_1_0	EXIST::FUNCTION:EC
+i2s_ASN1_ENUMERATED_TABLE               1527	1_1_0	EXIST::FUNCTION:
+PKCS7_verify                            1528	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            1529	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1530	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 1531	1_1_0	EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  1532	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_num                  1533	1_1_0	EXIST::FUNCTION:
+CONF_load                               1534	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_keygen                1535	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_add1_attr_by_txt               1536	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set_uint64                 1537	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                1538	1_1_0	EXIST::FUNCTION:
+ASN1_add_oid_module                     1539	1_1_0	EXIST::FUNCTION:
+BN_div_recp                             1540	1_1_0	EXIST::FUNCTION:
+SRP_Verify_B_mod_N                      1541	1_1_0	EXIST::FUNCTION:SRP
+SXNET_free                              1542	1_1_0	EXIST::FUNCTION:
+CMS_get0_content                        1543	1_1_0	EXIST::FUNCTION:CMS
+BN_is_word                              1544	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_key_length                   1545	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1546	1_1_0	EXIST::FUNCTION:
+OCSP_request_onereq_get0                1547	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_PKCS7_strings                  1548	1_1_0	EXIST::FUNCTION:
+X509_PUBKEY_get                         1549	1_1_0	EXIST::FUNCTION:
+EC_KEY_free                             1550	1_1_0	EXIST::FUNCTION:EC
+BIO_read                                1551	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID                1552	1_1_0	EXIST::FUNCTION:
+BIO_get_accept_socket                   1553	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
+CMS_SignerInfo_sign                     1554	1_1_0	EXIST::FUNCTION:CMS
+ASN1_item_i2d_bio                       1555	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_block_size               1556	1_1_0	EXIST::FUNCTION:
+DIRECTORYSTRING_free                    1557	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_default_engine              1558	1_1_0	EXIST::FUNCTION:ENGINE,TS
+BN_set_bit                              1559	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_app_datasize            1560	1_1_0	EXIST::FUNCTION:
+DSO_free                                1561	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     1562	1_1_0	EXIST::FUNCTION:TS
+EC_GROUP_check                          1563	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_sk_delete                       1564	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            1565	1_1_0	EXIST::FUNCTION:TS
+EVP_CIPHER_CTX_nid                      1566	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      1567	1_1_0	EXIST::FUNCTION:TS
+DES_set_key                             1568	1_1_0	EXIST::FUNCTION:DES
+X509V3_extensions_print                 1569	1_1_0	EXIST::FUNCTION:
+PEM_do_header                           1570	1_1_0	EXIST::FUNCTION:
+i2d_re_X509_CRL_tbs                     1571	1_1_0	EXIST::FUNCTION:
+BIO_method_name                         1572	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_CRLID                          1573	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_request_set1_name                  1574	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_NAME_ENTRY                     1575	1_1_0	EXIST::FUNCTION:
+X509_trusted                            1576	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get_flags                    1577	1_1_0	EXIST::FUNCTION:
+PKCS7_set_content                       1578	1_1_0	EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  1579	1_1_0	EXIST::FUNCTION:STDIO
+CONF_imodule_set_usr_data               1580	1_1_0	EXIST::FUNCTION:
+d2i_TS_RESP_fp                          1581	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_policy_tree_get0_user_policies     1582	1_1_0	EXIST::FUNCTION:
+DSA_do_sign                             1584	1_1_0	EXIST::FUNCTION:DSA
+EVP_CIPHER_CTX_reset                    1585	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_new                    1586	1_1_0	EXIST::FUNCTION:OCSP
+SRP_Verify_A_mod_N                      1587	1_1_0	EXIST::FUNCTION:SRP
+SRP_VBASE_free                          1588	1_1_0	EXIST::FUNCTION:SRP
+PKCS7_add0_attrib_signing_time          1589	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_flags                    1590	1_1_0	EXIST::FUNCTION:
+UI_get0_output_string                   1591	1_1_0	EXIST::FUNCTION:UI
+ERR_get_error_line_data                 1592	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_name                         1593	1_1_0	EXIST::FUNCTION:CT
+ASN1_TBOOLEAN_it                        1594	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        1594	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RC2_set_key                             1595	1_1_0	EXIST::FUNCTION:RC2
+X509_REVOKED_get_ext_by_NID             1596	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_none                    1597	1_1_0	EXIST::FUNCTION:RSA
+EVP_rc5_32_12_16_cbc                    1599	1_1_0	EXIST::FUNCTION:RC5
+PEM_dek_info                            1600	1_1_0	EXIST::FUNCTION:
+ASN1_SCTX_get_template                  1601	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      1602	1_1_0	EXIST::FUNCTION:
+X509_verify                             1603	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 1604	1_1_0	EXIST::FUNCTION:TS
+EVP_cast5_cbc                           1605	1_1_0	EXIST::FUNCTION:CAST
+PEM_read_bio_X509_AUX                   1606	1_1_0	EXIST::FUNCTION:
+TS_ext_print_bio                        1607	1_1_0	EXIST::FUNCTION:TS
+SCT_set1_log_id                         1608	1_1_0	EXIST::FUNCTION:CT
+X509_get0_pubkey_bitstr                 1609	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_RAND                1610	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_MD_meth_get_result_size             1612	1_1_0	EXIST::FUNCTION:
+BIO_ADDRINFO_address                    1613	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_STRING_print_ex                    1614	1_1_0	EXIST::FUNCTION:
+i2d_CMS_ReceiptRequest                  1615	1_1_0	EXIST::FUNCTION:CMS
+d2i_TS_REQ_fp                           1616	1_1_0	EXIST::FUNCTION:STDIO,TS
+OCSP_REQ_CTX_i2d                        1617	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_get_default_digest_nid         1618	1_1_0	EXIST::FUNCTION:
+ASIdOrRange_new                         1619	1_1_0	EXIST::FUNCTION:RFC3779
+ASN1_SCTX_new                           1620	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_get                          1621	1_1_0	EXIST::FUNCTION:
+OCSP_id_cmp                             1622	1_1_0	EXIST::FUNCTION:OCSP
+NCONF_dump_bio                          1623	1_1_0	EXIST::FUNCTION:
+X509_NAME_get_entry                     1624	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        1625	1_1_0	EXIST::FUNCTION:DH
+CRYPTO_gcm128_aad                       1626	1_1_0	EXIST::FUNCTION:
+EVP_des_cfb8                            1627	1_1_0	EXIST::FUNCTION:DES
+BN_BLINDING_convert                     1628	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_cleanup                   1629	1_1_0	EXIST::FUNCTION:OCB
+EVP_des_ede_cbc                         1630	1_1_0	EXIST::FUNCTION:DES
+i2d_ASN1_TIME                           1631	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     1632	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_set_max_response_length            1633	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ISSUING_DIST_POINT                  1634	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_set0_key              1635	1_1_0	EXIST::FUNCTION:CMS
+NCONF_new                               1636	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_free                    1637	1_1_0	EXIST::FUNCTION:OCSP
+PKCS7_ENCRYPT_free                      1638	1_1_0	EXIST::FUNCTION:
+i2d_DIST_POINT                          1639	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  1640	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      1641	1_1_0	EXIST::FUNCTION:TS
+CMS_ContentInfo_it                      1642	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ContentInfo_it                      1642	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+OCSP_resp_get0_signature                1643	1_1_0	EXIST::FUNCTION:OCSP
+X509_STORE_CTX_get1_issuer              1644	1_1_0	EXIST::FUNCTION:
+EVP_Digest                              1645	1_1_0	EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1646	1_1_0	EXIST::FUNCTION:
+BN_bn2hex                               1647	1_1_0	EXIST::FUNCTION:
+BN_lshift1                              1648	1_1_0	EXIST::FUNCTION:
+i2d_EDIPARTYNAME                        1649	1_1_0	EXIST::FUNCTION:
+X509_policy_tree_get0_policies          1650	1_1_0	EXIST::FUNCTION:
+X509at_add1_attr                        1651	1_1_0	EXIST::FUNCTION:
+X509_get_ex_data                        1653	1_1_0	EXIST::FUNCTION:
+RSA_set_method                          1654	1_1_0	EXIST::FUNCTION:RSA
+X509_REVOKED_dup                        1655	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_new                           1656	1_1_0	EXIST::FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1657	1_1_0	EXIST::FUNCTION:STDIO
+PEM_read_X509_REQ                       1658	1_1_0	EXIST::FUNCTION:STDIO
+EC_GROUP_free                           1659	1_1_0	EXIST::FUNCTION:EC
+X509_CRL_get_meth_data                  1660	1_1_0	EXIST::FUNCTION:
+X509V3_add_value_uchar                  1661	1_1_0	EXIST::FUNCTION:
+BIO_asn1_get_suffix                     1662	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_clear_flags           1663	1_1_0	EXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1664	1_1_0	EXIST::FUNCTION:
+DES_ede3_cfb_encrypt                    1665	1_1_0	EXIST::FUNCTION:DES
+i2d_CMS_bio_stream                      1667	1_1_0	EXIST::FUNCTION:CMS
+DES_quad_cksum                          1668	1_1_0	EXIST::FUNCTION:DES
+X509_ATTRIBUTE_create_by_NID            1669	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      1670	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_up_ref                           1671	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_basis_type                 1672	1_1_0	EXIST::FUNCTION:EC
+OCSP_crlID_new                          1673	1_1_0	EXIST:!VMS:FUNCTION:OCSP
+OCSP_crlID2_new                         1673	1_1_0	EXIST:VMS:FUNCTION:OCSP
+PEM_write_PKCS7                         1674	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_add_signer                        1675	1_1_0	EXIST::FUNCTION:
+X509_SIG_it                             1676	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             1676	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASYNC_start_job                         1677	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_dup                         1678	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_192_ctr                         1679	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_authsafes                   1680	1_1_0	EXIST::FUNCTION:
+PKCS7_get_attribute                     1681	1_1_0	EXIST::FUNCTION:
+OPENSSL_config                          1682	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+s2i_ASN1_INTEGER                        1683	1_1_0	EXIST::FUNCTION:
+CMS_signed_add1_attr_by_OBJ             1684	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_128_wrap_pad                     1685	1_1_0	EXIST::FUNCTION:
+CMS_EncryptedData_set1_key              1686	1_1_0	EXIST::FUNCTION:CMS
+OBJ_find_sigid_by_algs                  1687	1_1_0	EXIST::FUNCTION:
+ASN1_generate_nconf                     1688	1_1_0	EXIST::FUNCTION:
+CMS_add0_recipient_password             1689	1_1_0	EXIST::FUNCTION:CMS
+UI_get_string_type                      1690	1_1_0	EXIST::FUNCTION:UI
+PEM_read_bio_ECPrivateKey               1691	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_get_attr                       1692	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_ECPKParameters             1693	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_MAC_DATA                     1694	1_1_0	EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         1695	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS12_SAFEBAG_get_bag_nid              1696	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_digests                     1697	1_1_0	EXIST::FUNCTION:TS
+PKCS7_SIGNED_it                         1698	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         1698	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+b2i_PublicKey                           1699	1_1_0	EXIST::FUNCTION:DSA
+X509_PURPOSE_cleanup                    1700	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    1701	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_default_DSA                  1702	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_new                        1703	1_1_0	EXIST::FUNCTION:
+NCONF_WIN32                             1704	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_OAEP_mgf1       1705	1_1_0	EXIST::FUNCTION:RSA
+X509_policy_tree_get0_level             1706	1_1_0	EXIST::FUNCTION:
+ASN1_parse_dump                         1708	1_1_0	EXIST::FUNCTION:
+BIO_vfree                               1709	1_1_0	EXIST::FUNCTION:
+CRYPTO_cbc128_decrypt                   1710	1_1_0	EXIST::FUNCTION:
+UI_dup_verify_string                    1711	1_1_0	EXIST::FUNCTION:UI
+d2i_PKCS7_bio                           1712	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_digests              1713	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_PublicKey                           1714	1_1_0	EXIST::FUNCTION:
+RC5_32_set_key                          1715	1_1_0	EXIST::FUNCTION:RC5
+AES_unwrap_key                          1716	1_1_0	EXIST::FUNCTION:
+EVP_Cipher                              1717	1_1_0	EXIST::FUNCTION:
+AES_set_decrypt_key                     1718	1_1_0	EXIST::FUNCTION:
+BF_ofb64_encrypt                        1719	1_1_0	EXIST::FUNCTION:BF
+d2i_TS_TST_INFO_fp                      1720	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_find_by_issuer_and_serial          1721	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_type                           1722	1_1_0	EXIST::FUNCTION:
+ENGINE_ctrl                             1723	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_cast5_ecb                           1724	1_1_0	EXIST::FUNCTION:CAST
+BIO_nwrite0                             1725	1_1_0	EXIST::FUNCTION:
+CAST_encrypt                            1726	1_1_0	EXIST::FUNCTION:CAST
+a2d_ASN1_OBJECT                         1727	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  1728	1_1_0	EXIST::FUNCTION:OCSP
+UI_method_get_reader                    1729	1_1_0	EXIST::FUNCTION:UI
+CMS_unsigned_get_attr                   1730	1_1_0	EXIST::FUNCTION:CMS
+EVP_aes_256_cbc                         1731	1_1_0	EXIST::FUNCTION:
+X509_check_ip_asc                       1732	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  1733	1_1_0	EXIST::FUNCTION:
+RC2_cbc_encrypt                         1734	1_1_0	EXIST::FUNCTION:RC2
+TS_MSG_IMPRINT_new                      1735	1_1_0	EXIST::FUNCTION:TS
+EVP_ENCODE_CTX_new                      1736	1_1_0	EXIST::FUNCTION:
+BIO_f_base64                            1737	1_1_0	EXIST::FUNCTION:
+CMS_verify                              1738	1_1_0	EXIST::FUNCTION:CMS
+i2d_PrivateKey                          1739	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_ONEREQ                         1740	1_1_0	EXIST::FUNCTION:OCSP
+OPENSSL_issetugid                       1741	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         1742	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_flags                   1743	1_1_0	EXIST::FUNCTION:
+EVP_idea_cbc                            1744	1_1_0	EXIST::FUNCTION:IDEA
+EC_POINT_cmp                            1745	1_1_0	EXIST::FUNCTION:EC
+ASN1_buf_print                          1746	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_hex2ctrl                   1747	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1748	1_1_0	EXIST::FUNCTION:
+CMAC_Update                             1749	1_1_0	EXIST::FUNCTION:CMAC
+d2i_ASN1_UTCTIME                        1750	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_insert                       1751	1_1_0	EXIST::FUNCTION:
+DSO_up_ref                              1752	1_1_0	EXIST::FUNCTION:
+EVP_rc2_cbc                             1753	1_1_0	EXIST::FUNCTION:RC2
+i2d_NETSCAPE_SPKI                       1754	1_1_0	EXIST::FUNCTION:
+ASYNC_init_thread                       1755	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_OBJ           1756	1_1_0	EXIST::FUNCTION:OCSP
+X509_reject_clear                       1757	1_1_0	EXIST::FUNCTION:
+DH_security_bits                        1758	1_1_0	EXIST::FUNCTION:DH
+LONG_it                                 1759	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 1759	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_dup                                1760	1_1_0	EXIST::FUNCTION:
+TS_RESP_new                             1761	1_1_0	EXIST::FUNCTION:TS
+i2d_PKCS8PrivateKeyInfo_fp              1762	1_1_0	EXIST::FUNCTION:STDIO
+X509_alias_get0                         1763	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     1764	1_1_0	EXIST::FUNCTION:
+d2i_X509_bio                            1765	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    1766	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_256_ecb                         1767	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              1768	1_1_0	EXIST::FUNCTION:
+d2i_X509_EXTENSIONS                     1769	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  1770	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   1771	1_1_0	EXIST::FUNCTION:
+ASN1_tag2bit                            1772	1_1_0	EXIST::FUNCTION:
+TS_REQ_add_ext                          1773	1_1_0	EXIST::FUNCTION:TS
+X509_digest                             1776	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_cleanup_local             1777	1_1_0	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               1778	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               1778	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_128_wrap                        1779	1_1_0	EXIST::FUNCTION:
+X509V3_conf_free                        1780	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              1781	1_1_0	EXIST::FUNCTION:TS
+EVP_aes_256_cfb1                        1782	1_1_0	EXIST::FUNCTION:
+X509_issuer_name_cmp                    1783	1_1_0	EXIST::FUNCTION:
+CMS_RecipientEncryptedKey_get0_id       1784	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_meth_get_verify_recover        1785	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  1786	1_1_0	EXIST::FUNCTION:
+X509_CERT_AUX_it                        1787	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        1787	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_get_X509_PUBKEY                    1789	1_1_0	EXIST::FUNCTION:
+TXT_DB_create_index                     1790	1_1_0	EXIST::FUNCTION:
+RAND_set_rand_engine                    1791	1_1_0	EXIST::FUNCTION:ENGINE
+X509_set_serialNumber                   1792	1_1_0	EXIST::FUNCTION:
+BN_mod_exp_mont_consttime               1793	1_1_0	EXIST::FUNCTION:
+X509V3_parse_list                       1794	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_new                  1795	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_clear_flags              1796	1_1_0	EXIST::FUNCTION:
+ECDSA_size                              1797	1_1_0	EXIST::FUNCTION:EC
+X509_ALGOR_get0                         1798	1_1_0	EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1799	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          1800	1_1_0	EXIST::FUNCTION:OCSP
+a2i_IPADDRESS_NC                        1801	1_1_0	EXIST::FUNCTION:
+CTLOG_STORE_load_default_file           1802	1_1_0	EXIST::FUNCTION:CT
+PKCS12_SAFEBAG_create_pkcs8_encrypt     1803	1_1_0	EXIST::FUNCTION:
+RAND_screen                             1804	1_1_0	EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
+CONF_get_string                         1805	1_1_0	EXIST::FUNCTION:
+X509_cmp_current_time                   1806	1_1_0	EXIST::FUNCTION:
+i2d_DSAPrivateKey                       1807	1_1_0	EXIST::FUNCTION:DSA
+ASN1_BIT_STRING_new                     1808	1_1_0	EXIST::FUNCTION:
+BIO_new_file                            1809	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             1810	1_1_0	EXIST::FUNCTION:
+TS_RESP_set_status_info                 1811	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_LH_delete                       1812	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      1813	1_1_0	EXIST::FUNCTION:TS
+X509v3_addr_get_range                   1814	1_1_0	EXIST::FUNCTION:RFC3779
+X509_EXTENSION_get_data                 1815	1_1_0	EXIST::FUNCTION:
+RC5_32_encrypt                          1816	1_1_0	EXIST::FUNCTION:RC5
+DIST_POINT_set_dpname                   1817	1_1_0	EXIST::FUNCTION:
+BIO_sock_info                           1818	1_1_0	EXIST::FUNCTION:SOCK
+OPENSSL_hexstr2buf                      1819	1_1_0	EXIST::FUNCTION:
+EVP_add_cipher                          1820	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_list                     1821	1_1_0	EXIST::FUNCTION:
+CMS_compress                            1822	1_1_0	EXIST::FUNCTION:CMS
+X509_get_ext_by_critical                1823	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_clear_fd                 1824	1_1_0	EXIST::FUNCTION:
+ZLONG_it                                1825	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                1825	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OPENSSL_sk_find_ex                      1826	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1827	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    1828	1_1_0	EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1829	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_time                    1830	1_1_0	EXIST::FUNCTION:TS
+ASN1_VISIBLESTRING_it                   1831	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   1831	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_REQ_add_conf                 1832	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_to_UTF8                     1833	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_update                  1835	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cbc                    1836	1_1_0	EXIST::FUNCTION:CAMELLIA
+OPENSSL_LH_stats_bio                    1837	1_1_0	EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1838	1_1_0	EXIST::FUNCTION:
+EC_KEY_priv2buf                         1839	1_1_0	EXIST::FUNCTION:EC
+BN_BLINDING_free                        1840	1_1_0	EXIST::FUNCTION:
+IPAddressChoice_new                     1841	1_1_0	EXIST::FUNCTION:RFC3779
+X509_CRL_get_ext_count                  1842	1_1_0	EXIST::FUNCTION:
+PKCS12_add_key                          1843	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_cfb1                   1844	1_1_0	EXIST::FUNCTION:CAMELLIA
+BIO_find_type                           1845	1_1_0	EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   1846	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   1846	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_ctrl_wpending                       1847	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_cmp                          1848	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     1849	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_init_local                1850	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               1851	1_1_0	EXIST::FUNCTION:TS
+POLICY_MAPPING_it                       1852	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       1852	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_KDF_strings                    1853	1_1_0	EXIST::FUNCTION:
+UI_method_set_reader                    1854	1_1_0	EXIST::FUNCTION:UI
+BIO_next                                1855	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1856	1_1_0	EXIST::FUNCTION:
+X509_CRL_new                            1857	1_1_0	EXIST::FUNCTION:
+i2b_PrivateKey_bio                      1858	1_1_0	EXIST::FUNCTION:DSA
+ASN1_STRING_length_set                  1859	1_1_0	EXIST::FUNCTION:
+PEM_write_PKCS8                         1860	1_1_0	EXIST::FUNCTION:STDIO
+PKCS7_digest_from_attributes            1861	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_GFp                  1862	1_1_0	EXIST::FUNCTION:EC
+X509_PURPOSE_get0                       1863	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1864	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_it                            1865	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            1865	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OBJ_add_object                          1866	1_1_0	EXIST::FUNCTION:
+DSA_generate_key                        1867	1_1_0	EXIST::FUNCTION:DSA
+EVP_DigestUpdate                        1868	1_1_0	EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     1869	1_1_0	EXIST::FUNCTION:
+PBEPARAM_new                            1870	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cbc                         1871	1_1_0	EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1872	1_1_0	EXIST::FUNCTION:
+OCSP_single_get0_status                 1873	1_1_0	EXIST::FUNCTION:OCSP
+d2i_AUTHORITY_INFO_ACCESS               1874	1_1_0	EXIST::FUNCTION:
+PEM_read_RSAPrivateKey                  1875	1_1_0	EXIST::FUNCTION:RSA,STDIO
+BIO_closesocket                         1876	1_1_0	EXIST::FUNCTION:SOCK
+RSA_verify_ASN1_OCTET_STRING            1877	1_1_0	EXIST::FUNCTION:RSA
+SCT_set_log_entry_type                  1878	1_1_0	EXIST::FUNCTION:CT
+BN_new                                  1879	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         1880	1_1_0	EXIST::FUNCTION:
+MD5_Final                               1881	1_1_0	EXIST::FUNCTION:MD5
+X509_STORE_set_verify_cb                1882	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_print                      1883	1_1_0	EXIST::FUNCTION:OCSP
+CMS_add1_crl                            1884	1_1_0	EXIST::FUNCTION:CMS
+d2i_EDIPARTYNAME                        1885	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_trusted_stack       1886	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_service_string                 1887	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_BOOLEAN_it                         1888	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         1888	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_CTX_set_time_cb                 1889	1_1_0	EXIST::FUNCTION:TS
+IDEA_cbc_encrypt                        1890	1_1_0	EXIST::FUNCTION:IDEA
+BN_CTX_secure_new                       1891	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     1892	1_1_0	EXIST::FUNCTION:OCSP
+CMS_uncompress                          1893	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_mem_debug_pop                    1895	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+EVP_aes_192_cfb128                      1896	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_nbio                       1897	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_copy                     1898	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_allocated                 1899	1_1_0	EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  1900	1_1_0	EXIST::FUNCTION:UI
+NOTICEREF_free                          1901	1_1_0	EXIST::FUNCTION:
+AES_cfb1_encrypt                        1902	1_1_0	EXIST::FUNCTION:
+X509v3_get_ext                          1903	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt_ctr32             1905	1_1_0	EXIST::FUNCTION:
+SCT_set1_signature                      1906	1_1_0	EXIST::FUNCTION:CT
+CONF_imodule_get_module                 1907	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_new                    1908	1_1_0	EXIST::FUNCTION:
+BN_usub                                 1909	1_1_0	EXIST::FUNCTION:
+SRP_Calc_B                              1910	1_1_0	EXIST::FUNCTION:SRP
+CMS_decrypt_set1_key                    1911	1_1_0	EXIST::FUNCTION:CMS
+EC_GROUP_get_degree                     1912	1_1_0	EXIST::FUNCTION:EC
+X509_ALGOR_set0                         1913	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_set_down_load                1914	1_1_0	EXIST::FUNCTION:
+X509v3_asid_inherits                    1915	1_1_0	EXIST::FUNCTION:RFC3779
+EVP_MD_meth_get_app_datasize            1916	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_num_untrusted        1917	1_1_0	EXIST::FUNCTION:
+RAND_poll                               1918	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_print_public                   1919	1_1_0	EXIST::FUNCTION:
+CMS_SignedData_init                     1920	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_free                           1921	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_set                        1922	1_1_0	EXIST::FUNCTION:
+EVP_DecodeFinal                         1923	1_1_0	EXIST::FUNCTION:
+MD5_Transform                           1925	1_1_0	EXIST::FUNCTION:MD5
+SRP_create_verifier_BN                  1926	1_1_0	EXIST::FUNCTION:SRP
+ENGINE_register_all_EC                  1927	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_camellia_128_ofb                    1928	1_1_0	EXIST::FUNCTION:CAMELLIA
+PEM_write_X509_AUX                      1929	1_1_0	EXIST::FUNCTION:STDIO
+X509_LOOKUP_by_subject                  1930	1_1_0	EXIST::FUNCTION:
+X509_REQ_add_extensions                 1931	1_1_0	EXIST::FUNCTION:
+Camellia_cbc_encrypt                    1932	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_METHOD_new                       1933	1_1_0	EXIST::FUNCTION:EC
+RSA_flags                               1934	1_1_0	EXIST::FUNCTION:RSA
+X509_NAME_add_entry                     1935	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1936	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey_bio                   1937	1_1_0	EXIST::FUNCTION:RSA
+PKCS5_PBE_keyivgen                      1938	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     1939	1_1_0	EXIST::FUNCTION:OCSP
+EC_POINT_copy                           1940	1_1_0	EXIST::FUNCTION:EC
+X509V3_EXT_CRL_add_nconf                1941	1_1_0	EXIST::FUNCTION:
+SHA256_Init                             1942	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              1943	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    1944	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_meth_data                  1945	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_cfb1                        1946	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_set_flags                    1947	1_1_0	EXIST::FUNCTION:
+EVP_seed_cbc                            1948	1_1_0	EXIST::FUNCTION:SEED
+d2i_PKCS12                              1949	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_policy            1950	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_p7data                    1951	1_1_0	EXIST::FUNCTION:
+ECDSA_sign                              1952	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_fp                           1953	1_1_0	EXIST::FUNCTION:STDIO
+CMS_unsigned_get_attr_by_NID            1954	1_1_0	EXIST::FUNCTION:CMS
+UI_add_user_data                        1955	1_1_0	EXIST::FUNCTION:UI
+BN_bntest_rand                          1956	1_1_0	EXIST::FUNCTION:
+X509_get_pubkey                         1957	1_1_0	EXIST::FUNCTION:
+i2d_X509_NAME                           1958	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_add1_attr                      1959	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_purpose_inherit          1960	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_keygen                1961	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               1962	1_1_0	EXIST::FUNCTION:ENGINE
+SHA256_Update                           1963	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             1964	1_1_0	EXIST::FUNCTION:
+PKCS12_unpack_authsafes                 1965	1_1_0	EXIST::FUNCTION:
+X509_CRL_it                             1966	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             1966	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_X509_ALGOR                          1967	1_1_0	EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1968	1_1_0	EXIST::FUNCTION:
+BIO_test_flags                          1969	1_1_0	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    1970	1_1_0	EXIST::FUNCTION:EC,EC2M
+EVP_ENCODE_CTX_num                      1971	1_1_0	EXIST::FUNCTION:
+Camellia_cfb1_encrypt                   1972	1_1_0	EXIST::FUNCTION:CAMELLIA
+NCONF_load_fp                           1973	1_1_0	EXIST::FUNCTION:STDIO
+i2d_OCSP_REQINFO                        1974	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_sign                           1975	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              1976	1_1_0	EXIST::FUNCTION:TS
+EC_KEY_key2buf                          1977	1_1_0	EXIST::FUNCTION:EC
+X509_EXTENSION_it                       1978	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       1978	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PKCS8_fp                            1979	1_1_0	EXIST::FUNCTION:STDIO
+UTF8_getc                               1980	1_1_0	EXIST::FUNCTION:
+ASN1_IA5STRING_free                     1981	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_verify                1982	1_1_0	EXIST::FUNCTION:EC
+OBJ_NAME_do_all                         1983	1_1_0	EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   1984	1_1_0	EXIST::FUNCTION:STDIO,TS
+X509_CRL_verify                         1985	1_1_0	EXIST::FUNCTION:
+X509_get0_uids                          1986	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_DSA                       1987	1_1_0	EXIST::FUNCTION:DSA
+d2i_CMS_ContentInfo                     1988	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_get_do_cipher           1989	1_1_0	EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1990	1_1_0	EXIST::FUNCTION:DSA
+GENERAL_NAME_it                         1991	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         1991	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_des_ede_ecb                         1992	1_1_0	EXIST::FUNCTION:DES
+i2d_CRL_DIST_POINTS                     1993	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_X509_REQ_NEW              1994	1_1_0	EXIST::FUNCTION:
+RC5_32_ofb64_encrypt                    1995	1_1_0	EXIST::FUNCTION:RC5
+i2d_PKCS7                               1996	1_1_0	EXIST::FUNCTION:
+BN_mod_lshift_quick                     1997	1_1_0	EXIST::FUNCTION:
+DIST_POINT_NAME_it                      1998	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      1998	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PEM_read_PrivateKey                     1999	1_1_0	EXIST::FUNCTION:STDIO
+X509V3_get_d2i                          2000	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  2001	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_free                        2002	1_1_0	EXIST::FUNCTION:TS
+DSA_security_bits                       2003	1_1_0	EXIST::FUNCTION:DSA
+X509v3_addr_is_canonical                2004	1_1_0	EXIST::FUNCTION:RFC3779
+BN_mod_mul_reciprocal                   2005	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_version                      2006	1_1_0	EXIST::FUNCTION:TS
+BN_exp                                  2007	1_1_0	EXIST::FUNCTION:
+i2d_SXNET                               2008	1_1_0	EXIST::FUNCTION:
+OBJ_bsearch_                            2009	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_new                          2010	1_1_0	EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          2011	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function                2012	1_1_0	EXIST::FUNCTION:ENGINE
+EC_POINT_point2hex                      2013	1_1_0	EXIST::FUNCTION:EC
+ENGINE_get_default_DSA                  2014	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_register_all_complete            2015	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_get_default_gN                      2016	1_1_0	EXIST::FUNCTION:SRP
+UI_dup_input_boolean                    2017	1_1_0	EXIST::FUNCTION:UI
+PKCS7_dup                               2018	1_1_0	EXIST::FUNCTION:
+i2d_TS_REQ_fp                           2019	1_1_0	EXIST::FUNCTION:STDIO,TS
+i2d_OTHERNAME                           2020	1_1_0	EXIST::FUNCTION:
+EC_KEY_get0_private_key                 2021	1_1_0	EXIST::FUNCTION:EC
+SCT_get0_extensions                     2022	1_1_0	EXIST::FUNCTION:CT
+OPENSSL_LH_node_stats_bio               2023	1_1_0	EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     2024	1_1_0	EXIST::FUNCTION:
+BN_X931_derive_prime_ex                 2025	1_1_0	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           2026	1_1_0	EXIST::FUNCTION:ENGINE
+PKCS7_signatureVerify                   2027	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_new                       2028	1_1_0	EXIST::FUNCTION:OCB
+EC_curve_nist2nid                       2029	1_1_0	EXIST::FUNCTION:EC
+UI_get0_result                          2030	1_1_0	EXIST::FUNCTION:UI
+OCSP_request_add1_nonce                 2031	1_1_0	EXIST::FUNCTION:OCSP
+UI_construct_prompt                     2032	1_1_0	EXIST::FUNCTION:UI
+ENGINE_unregister_RSA                   2033	1_1_0	EXIST::FUNCTION:ENGINE
+EC_GROUP_order_bits                     2034	1_1_0	EXIST::FUNCTION:EC
+d2i_CMS_bio                             2035	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_sk_num                          2036	1_1_0	EXIST::FUNCTION:
+_shadow_DES_check_key                   2037	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   2037	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+CMS_RecipientInfo_set0_pkey             2038	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_CTX_set_default              2039	1_1_0	EXIST::FUNCTION:
+AES_wrap_key                            2040	1_1_0	EXIST::FUNCTION:
+EVP_md_null                             2041	1_1_0	EXIST::FUNCTION:
+i2d_SCT_LIST                            2042	1_1_0	EXIST::FUNCTION:CT
+PKCS7_get_issuer_and_serial             2043	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2044	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2044	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_d2i_fp                             2045	1_1_0	EXIST::FUNCTION:STDIO
+EVP_DecryptFinal                        2046	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      2047	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      2047	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+o2i_ECPublicKey                         2048	1_1_0	EXIST::FUNCTION:EC
+ERR_load_BUF_strings                    2049	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2050	1_1_0	EXIST::FUNCTION:RSA
+OCSP_SINGLERESP_new                     2051	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_SCTX_free                          2052	1_1_0	EXIST::FUNCTION:
+i2d_ECPrivateKey_fp                     2053	1_1_0	EXIST::FUNCTION:EC,STDIO
+EVP_CIPHER_CTX_original_iv              2054	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNED_free                       2055	1_1_0	EXIST::FUNCTION:
+X509_TRUST_get0_name                    2056	1_1_0	EXIST::FUNCTION:
+ENGINE_get_load_pubkey_function         2057	1_1_0	EXIST::FUNCTION:ENGINE
+UI_get_default_method                   2058	1_1_0	EXIST::FUNCTION:UI
+PKCS12_add_CSPName_asc                  2059	1_1_0	EXIST::FUNCTION:
+PEM_write_PUBKEY                        2060	1_1_0	EXIST::FUNCTION:STDIO
+UI_method_set_prompt_constructor        2061	1_1_0	EXIST::FUNCTION:UI
+OBJ_length                              2062	1_1_0	EXIST::FUNCTION:
+BN_GENCB_get_arg                        2063	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_clear_flags                  2064	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_verifyctx             2065	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get0_cert            2066	1_1_0	EXIST::FUNCTION:CT
+PEM_write_DHparams                      2067	1_1_0	EXIST::FUNCTION:DH,STDIO
+DH_set_ex_data                          2068	1_1_0	EXIST::FUNCTION:DH
+OCSP_SIGNATURE_free                     2069	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_128_unwrap_pad                   2070	1_1_0	EXIST::FUNCTION:
+BIO_new_CMS                             2071	1_1_0	EXIST::FUNCTION:CMS
+i2d_ASN1_ENUMERATED                     2072	1_1_0	EXIST::FUNCTION:
+PEM_read_DSAparams                      2073	1_1_0	EXIST::FUNCTION:DSA,STDIO
+TS_TST_INFO_set_ordering                2074	1_1_0	EXIST::FUNCTION:TS
+MDC2_Init                               2075	1_1_0	EXIST::FUNCTION:MDC2
+i2o_SCT                                 2076	1_1_0	EXIST::FUNCTION:CT
+d2i_TS_STATUS_INFO                      2077	1_1_0	EXIST::FUNCTION:TS
+ERR_error_string_n                      2078	1_1_0	EXIST::FUNCTION:
+HMAC                                    2079	1_1_0	EXIST::FUNCTION:
+BN_mul                                  2080	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_384                  2081	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_ip_asc           2082	1_1_0	EXIST::FUNCTION:
+CONF_modules_load                       2083	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey                        2084	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_GENERALSTRING                  2085	1_1_0	EXIST::FUNCTION:
+POLICYQUALINFO_new                      2086	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               2087	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_base_id                        2088	1_1_0	EXIST::FUNCTION:
+UI_method_set_opener                    2089	1_1_0	EXIST::FUNCTION:UI
+X509v3_get_ext_by_NID                   2090	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_policies                    2091	1_1_0	EXIST::FUNCTION:TS
+CMS_SignerInfo_cert_cmp                 2092	1_1_0	EXIST::FUNCTION:CMS
+PEM_read                                2093	1_1_0	EXIST::FUNCTION:STDIO
+X509_STORE_set_depth                    2094	1_1_0	EXIST::FUNCTION:
+EC_KEY_METHOD_get_sign                  2095	1_1_0	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_iv                       2096	1_1_0	EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    2097	1_1_0	EXIST::FUNCTION:TS
+TS_RESP_set_tst_info                    2098	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_CTX_set_data                   2099	1_1_0	EXIST::FUNCTION:
+CMS_EnvelopedData_create                2100	1_1_0	EXIST::FUNCTION:CMS
+SCT_new                                 2101	1_1_0	EXIST::FUNCTION:CT
+X509_REQ_add1_attr                      2102	1_1_0	EXIST::FUNCTION:
+X509_get_ext_count                      2103	1_1_0	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt                   2104	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_get_fd                   2105	1_1_0	EXIST::FUNCTION:
+i2d_TS_REQ                              2106	1_1_0	EXIST::FUNCTION:TS
+OCSP_ONEREQ_add1_ext_i2d                2107	1_1_0	EXIST::FUNCTION:OCSP
+ENGINE_register_pkey_meths              2108	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key                  2109	1_1_0	EXIST::FUNCTION:ENGINE
+ASIdOrRange_it                          2110	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          2110	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+DHparams_print_fp                       2111	1_1_0	EXIST::FUNCTION:DH,STDIO
+ERR_load_CRYPTO_strings                 2112	1_1_0	EXIST:!VMS:FUNCTION:
+ERR_load_CRYPTOlib_strings              2112	1_1_0	EXIST:VMS:FUNCTION:
+X509_REQ_set_version                    2113	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2114	1_1_0	EXIST::FUNCTION:
+i2d_ASIdentifiers                       2115	1_1_0	EXIST::FUNCTION:RFC3779
+X509V3_EXT_cleanup                      2116	1_1_0	EXIST::FUNCTION:
+CAST_ecb_encrypt                        2117	1_1_0	EXIST::FUNCTION:CAST
+BIO_s_file                              2118	1_1_0	EXIST::FUNCTION:
+RSA_X931_derive_ex                      2119	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_decrypt_init                   2120	1_1_0	EXIST::FUNCTION:
+ENGINE_get_destroy_function             2121	1_1_0	EXIST::FUNCTION:ENGINE
+SHA224_Init                             2122	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_conf                     2123	1_1_0	EXIST::FUNCTION:
+ASN1_object_size                        2124	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_free                       2125	1_1_0	EXIST::FUNCTION:
+BN_mod_exp_recp                         2126	1_1_0	EXIST::FUNCTION:
+EVP_mdc2                                2127	1_1_0	EXIST::FUNCTION:MDC2
+EVP_des_cfb64                           2128	1_1_0	EXIST::FUNCTION:DES
+PKCS7_sign                              2129	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2130	1_1_0	EXIST::FUNCTION:OCSP
+EDIPARTYNAME_it                         2131	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         2131	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_print_errors_fp                     2132	1_1_0	EXIST::FUNCTION:STDIO
+BN_GF2m_mod_div_arr                     2133	1_1_0	EXIST::FUNCTION:EC2M
+PKCS12_SAFEBAG_get0_attr                2134	1_1_0	EXIST::FUNCTION:
+BIO_s_mem                               2135	1_1_0	EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2136	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_item_i2d_fp                        2137	1_1_0	EXIST::FUNCTION:STDIO
+BN_GF2m_mod_sqr                         2138	1_1_0	EXIST::FUNCTION:EC2M
+ASN1_PRINTABLE_new                      2139	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_new_index                      2140	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 2141	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       2142	1_1_0	EXIST::FUNCTION:DSA
+SEED_cbc_encrypt                        2143	1_1_0	EXIST::FUNCTION:SEED
+EVP_rc2_40_cbc                          2144	1_1_0	EXIST::FUNCTION:RC2
+ECDSA_SIG_new                           2145	1_1_0	EXIST::FUNCTION:EC
+i2d_PKCS8PrivateKey_nid_fp              2146	1_1_0	EXIST::FUNCTION:STDIO
+X509_NAME_ENTRY_it                      2147	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2147	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_compare_id                2148	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressChoice                     2149	1_1_0	EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      2150	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      2150	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ERR_load_OCSP_strings                   2151	1_1_0	EXIST::FUNCTION:OCSP
+BIO_push                                2152	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_new                      2153	1_1_0	EXIST::FUNCTION:
+COMP_get_type                           2154	1_1_0	EXIST::FUNCTION:COMP
+d2i_ASIdentifierChoice                  2155	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_ASN1_T61STRING                      2156	1_1_0	EXIST::FUNCTION:
+X509_add1_trust_object                  2157	1_1_0	EXIST::FUNCTION:
+PEM_write_X509                          2158	1_1_0	EXIST::FUNCTION:STDIO
+BN_CTX_free                             2159	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 2160	1_1_0	EXIST::FUNCTION:EC,EC2M
+EVP_MD_flags                            2161	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_set                          2162	1_1_0	EXIST::FUNCTION:
+OCSP_request_sign                       2163	1_1_0	EXIST::FUNCTION:OCSP
+BN_GF2m_mod_solve_quad                  2164	1_1_0	EXIST::FUNCTION:EC2M
+EC_POINT_method_of                      2165	1_1_0	EXIST::FUNCTION:EC
+PKCS7_ENCRYPT_it                        2166	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2166	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2167	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2167	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_EXTENSION_create_by_NID            2168	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey                       2169	1_1_0	EXIST::FUNCTION:RSA
+d2i_CERTIFICATEPOLICIES                 2170	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx                2171	1_1_0	EXIST::FUNCTION:CMAC
+X509_STORE_load_locations               2172	1_1_0	EXIST::FUNCTION:
+OBJ_find_sigid_algs                     2173	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                2174	1_1_0	EXIST::FUNCTION:TS
+NETSCAPE_SPKI_get_pubkey                2175	1_1_0	EXIST::FUNCTION:
+ECDSA_do_sign_ex                        2176	1_1_0	EXIST::FUNCTION:EC
+OCSP_ONEREQ_get_ext                     2177	1_1_0	EXIST::FUNCTION:OCSP
+BN_get_rfc3526_prime_4096               2179	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_fp                            2180	1_1_0	EXIST::FUNCTION:STDIO
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    2181	1_1_0	EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2182	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2182	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_free                         2183	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_orig_id_cmp      2184	1_1_0	EXIST::FUNCTION:CMS
+NETSCAPE_SPKI_b64_encode                2185	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey                          2186	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_new                          2187	1_1_0	EXIST::FUNCTION:
+X509_get0_tbs_sigalg                    2189	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2190	1_1_0	EXIST::FUNCTION:
+d2i_ECDSA_SIG                           2191	1_1_0	EXIST::FUNCTION:EC
+d2i_OTHERNAME                           2192	1_1_0	EXIST::FUNCTION:
+i2d_TS_RESP_fp                          2193	1_1_0	EXIST::FUNCTION:STDIO,TS
+OCSP_BASICRESP_get_ext_count            2194	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_T61STRING_new                      2195	1_1_0	EXIST::FUNCTION:
+BN_kronecker                            2196	1_1_0	EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2197	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cfb8                   2198	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_STORE_CTX_set_depth                2199	1_1_0	EXIST::FUNCTION:
+X509v3_delete_ext                       2200	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set0                        2201	1_1_0	EXIST::FUNCTION:
+BN_GF2m_add                             2202	1_1_0	EXIST::FUNCTION:EC2M
+CMAC_resume                             2203	1_1_0	EXIST::FUNCTION:CMAC
+TS_ACCURACY_set_millis                  2204	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_conf                         2205	1_1_0	EXIST::FUNCTION:
+i2d_DHxparams                           2206	1_1_0	EXIST::FUNCTION:DH
+EVP_CIPHER_CTX_free                     2207	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL_BitUpdate                     2208	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+EVP_idea_ecb                            2209	1_1_0	EXIST::FUNCTION:IDEA
+i2d_TS_ACCURACY                         2210	1_1_0	EXIST::FUNCTION:TS
+ASN1_VISIBLESTRING_free                 2211	1_1_0	EXIST::FUNCTION:
+NCONF_load_bio                          2212	1_1_0	EXIST::FUNCTION:
+DSA_get_default_method                  2213	1_1_0	EXIST::FUNCTION:DSA
+OPENSSL_LH_retrieve                     2214	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt_ccm64             2215	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  2216	1_1_0	EXIST::FUNCTION:TS
+SCT_LIST_validate                       2217	1_1_0	EXIST::FUNCTION:CT
+X509_PURPOSE_get_id                     2218	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_ex_data                      2219	1_1_0	EXIST::FUNCTION:EC
+EVP_MD_size                             2220	1_1_0	EXIST::FUNCTION:
+CRYPTO_malloc                           2221	1_1_0	EXIST::FUNCTION:
+ERR_load_ASN1_strings                   2222	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_extension_nids             2223	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   2224	1_1_0	EXIST::FUNCTION:TS
+i2d_X509                                2225	1_1_0	EXIST::FUNCTION:
+PEM_read_X509_AUX                       2226	1_1_0	EXIST::FUNCTION:STDIO
+TS_VERIFY_CTX_set_flags                 2227	1_1_0	EXIST::FUNCTION:TS
+IPAddressRange_new                      2228	1_1_0	EXIST::FUNCTION:RFC3779
+TS_REQ_get_exts                         2229	1_1_0	EXIST::FUNCTION:TS
+POLICY_CONSTRAINTS_new                  2230	1_1_0	EXIST::FUNCTION:
+OTHERNAME_new                           2231	1_1_0	EXIST::FUNCTION:
+BN_rshift                               2232	1_1_0	EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       2233	1_1_0	EXIST::FUNCTION:
+EC_METHOD_get_field_type                2234	1_1_0	EXIST::FUNCTION:EC
+ENGINE_set_name                         2235	1_1_0	EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               2236	1_1_0	EXIST::FUNCTION:TS
+PKCS7_SIGNER_INFO_set                   2237	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       2238	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 2239	1_1_0	EXIST::FUNCTION:EC,EC2M
+ENGINE_load_builtin_engines             2240	1_1_0	EXIST::FUNCTION:ENGINE
+SRP_VBASE_init                          2241	1_1_0	EXIST::FUNCTION:SRP
+SHA224_Final                            2242	1_1_0	EXIST::FUNCTION:
+OCSP_CERTSTATUS_free                    2243	1_1_0	EXIST::FUNCTION:OCSP
+d2i_TS_TST_INFO                         2244	1_1_0	EXIST::FUNCTION:TS
+IPAddressOrRange_it                     2245	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     2245	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+ENGINE_get_cipher                       2246	1_1_0	EXIST::FUNCTION:ENGINE
+TS_TST_INFO_delete_ext                  2247	1_1_0	EXIST::FUNCTION:TS
+TS_OBJ_print_bio                        2248	1_1_0	EXIST::FUNCTION:TS
+X509_time_adj_ex                        2249	1_1_0	EXIST::FUNCTION:
+OCSP_request_add1_cert                  2250	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_X509_strings                   2251	1_1_0	EXIST::FUNCTION:
+SHA1_Transform                          2252	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_by_NID              2253	1_1_0	EXIST::FUNCTION:CMS
+X509_STORE_CTX_get_by_subject           2254	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    2255	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    2255	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OPENSSL_sk_set_cmp_func                 2256	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_table_cleanup         2257	1_1_0	EXIST::FUNCTION:
+i2d_re_X509_REQ_tbs                     2258	1_1_0	EXIST::FUNCTION:
+CONF_load_bio                           2259	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2260	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             2261	1_1_0	EXIST::FUNCTION:
+X509_REQ_INFO_new                       2262	1_1_0	EXIST::FUNCTION:
+EVP_rc2_cfb64                           2263	1_1_0	EXIST::FUNCTION:RC2
+PKCS7_get_smimecap                      2264	1_1_0	EXIST::FUNCTION:
+ERR_get_state                           2265	1_1_0	EXIST::FUNCTION:
+d2i_DSAPrivateKey_bio                   2266	1_1_0	EXIST::FUNCTION:DSA
+X509_PURPOSE_get_trust                  2267	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      2268	1_1_0	EXIST::FUNCTION:EC
+ASN1_OBJECT_it                          2269	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          2269	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2270	1_1_0	EXIST::FUNCTION:
+NCONF_free                              2271	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_decode                2272	1_1_0	EXIST::FUNCTION:
+BIO_f_md                                2273	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_pkey_ctx                     2274	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_EC                   2275	1_1_0	EXIST::FUNCTION:ENGINE
+CMS_ReceiptRequest_free                 2276	1_1_0	EXIST::FUNCTION:CMS
+TS_STATUS_INFO_get0_text                2277	1_1_0	EXIST::FUNCTION:TS
+CRYPTO_get_ex_new_index                 2278	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     2279	1_1_0	EXIST::FUNCTION:
+PEM_write_X509_CRL                      2280	1_1_0	EXIST::FUNCTION:STDIO
+BF_cbc_encrypt                          2281	1_1_0	EXIST::FUNCTION:BF
+BN_num_bits_word                        2282	1_1_0	EXIST::FUNCTION:
+EVP_DecodeInit                          2283	1_1_0	EXIST::FUNCTION:
+BN_ucmp                                 2284	1_1_0	EXIST::FUNCTION:
+SXNET_get_id_asc                        2285	1_1_0	EXIST::FUNCTION:
+SCT_set1_extensions                     2286	1_1_0	EXIST::FUNCTION:CT
+PKCS12_SAFEBAG_new                      2287	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   2288	1_1_0	EXIST::FUNCTION:TS
+PEM_read_ECPrivateKey                   2289	1_1_0	EXIST::FUNCTION:EC,STDIO
+RSA_free                                2290	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_INFO_new                       2291	1_1_0	EXIST::FUNCTION:
+AES_cfb8_encrypt                        2292	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   2293	1_1_0	EXIST::FUNCTION:
+PKCS12_create                           2294	1_1_0	EXIST::FUNCTION:
+X509at_get_attr_count                   2295	1_1_0	EXIST::FUNCTION:
+PKCS12_init                             2296	1_1_0	EXIST::FUNCTION:
+CRYPTO_free_ex_data                     2297	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb8                        2298	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  2299	1_1_0	EXIST::FUNCTION:TS
+BN_mod_exp_mont_word                    2300	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_nconf_nid                    2301	1_1_0	EXIST::FUNCTION:
+UTF8_putc                               2302	1_1_0	EXIST::FUNCTION:
+RSA_private_encrypt                     2303	1_1_0	EXIST::FUNCTION:RSA
+X509_LOOKUP_shutdown                    2304	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                2305	1_1_0	EXIST::FUNCTION:TS
+OCSP_basic_verify                       2306	1_1_0	EXIST::FUNCTION:OCSP
+X509at_add1_attr_by_OBJ                 2307	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_add0                      2308	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_crl                 2309	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2310	1_1_0	EXIST::FUNCTION:
+X509_alias_set1                         2311	1_1_0	EXIST::FUNCTION:
+ASN1_item_unpack                        2312	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_free                           2313	1_1_0	EXIST::FUNCTION:
+EC_POINT_new                            2314	1_1_0	EXIST::FUNCTION:EC
+PKCS7_ISSUER_AND_SERIAL_digest          2315	1_1_0	EXIST::FUNCTION:
+EVP_des_ofb                             2316	1_1_0	EXIST::FUNCTION:DES
+DSA_set_method                          2317	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_get1_RSA                       2318	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_OpenSSL                          2319	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_192_ofb                    2320	1_1_0	EXIST::FUNCTION:CAMELLIA
+ASN1_STRING_length                      2321	1_1_0	EXIST::FUNCTION:
+PKCS7_set_digest                        2322	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2323	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS7                          2324	1_1_0	EXIST::FUNCTION:STDIO
+DH_get_2048_256                         2325	1_1_0	EXIST::FUNCTION:DH
+X509at_delete_attr                      2326	1_1_0	EXIST::FUNCTION:
+PEM_write_bio                           2327	1_1_0	EXIST::FUNCTION:
+CMS_signed_get_attr_by_OBJ              2329	1_1_0	EXIST::FUNCTION:CMS
+X509_REVOKED_add_ext                    2330	1_1_0	EXIST::FUNCTION:
+EVP_CipherUpdate                        2331	1_1_0	EXIST::FUNCTION:
+Camellia_cfb8_encrypt                   2332	1_1_0	EXIST::FUNCTION:CAMELLIA
+EVP_aes_256_xts                         2333	1_1_0	EXIST::FUNCTION:
+EVP_DigestSignFinal                     2334	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_cmp                         2335	1_1_0	EXIST::FUNCTION:
+EVP_chacha20_poly1305                   2336	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305
+OPENSSL_sk_zero                         2337	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     2338	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           2339	1_1_0	EXIST::FUNCTION:TS
+PEM_read_DSAPrivateKey                  2340	1_1_0	EXIST::FUNCTION:DSA,STDIO
+DH_generate_parameters_ex               2341	1_1_0	EXIST::FUNCTION:DH
+UI_dup_input_string                     2342	1_1_0	EXIST::FUNCTION:UI
+X509_keyid_set1                         2343	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1                  2344	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  2345	1_1_0	EXIST::FUNCTION:EC
+CMS_decrypt_set1_password               2346	1_1_0	EXIST::FUNCTION:CMS
+BIO_copy_next_retry                     2347	1_1_0	EXIST::FUNCTION:
+X509_POLICY_NODE_print                  2348	1_1_0	EXIST::FUNCTION:
+ASN1_TIME_diff                          2349	1_1_0	EXIST::FUNCTION:
+BIO_s_fd                                2350	1_1_0	EXIST::FUNCTION:
+i2d_CMS_bio                             2351	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_gcm128_decrypt                   2352	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_ctr                         2353	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_bits                           2354	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_new                         2355	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              2356	1_1_0	EXIST::FUNCTION:
+BN_clear_bit                            2357	1_1_0	EXIST::FUNCTION:
+BN_bn2lebinpad                          2358	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_up_ref                         2359	1_1_0	EXIST::FUNCTION:
+X509_getm_notBefore                     2360	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_224                         2361	1_1_0	EXIST::FUNCTION:
+DES_decrypt3                            2362	1_1_0	EXIST::FUNCTION:DES
+OTHERNAME_it                            2363	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2363	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509at_add1_attr_by_txt                 2364	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                2365	1_1_0	EXIST::FUNCTION:
+BIO_dgram_is_sctp                       2366	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+DH_check                                2367	1_1_0	EXIST::FUNCTION:DH
+Camellia_set_key                        2368	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_LOOKUP_by_issuer_serial            2369	1_1_0	EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2370	1_1_0	EXIST::FUNCTION:
+BIO_new_accept                          2371	1_1_0	EXIST::FUNCTION:SOCK
+GENERAL_NAME_new                        2372	1_1_0	EXIST::FUNCTION:
+DES_encrypt3                            2373	1_1_0	EXIST::FUNCTION:DES
+PKCS7_get_signer_info                   2374	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_set                   2375	1_1_0	EXIST::FUNCTION:
+BN_mask_bits                            2376	1_1_0	EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2377	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2377	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_SCTX_set_app_data                  2378	1_1_0	EXIST::FUNCTION:
+CMS_add0_cert                           2379	1_1_0	EXIST::FUNCTION:CMS
+i2d_GENERAL_NAME                        2380	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_new                            2381	1_1_0	EXIST::FUNCTION:SOCK
+ENGINE_get_pkey_asn1_meth_engine        2382	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_BMPSTRING                      2383	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_create0_p8inf            2384	1_1_0	EXIST::FUNCTION:
+OBJ_cmp                                 2385	1_1_0	EXIST::FUNCTION:
+MD2                                     2386	1_1_0	EXIST::FUNCTION:MD2
+X509_PUBKEY_new                         2387	1_1_0	EXIST::FUNCTION:
+BN_CTX_end                              2388	1_1_0	EXIST::FUNCTION:
+BIO_get_retry_BIO                       2389	1_1_0	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2390	1_1_0	EXIST::FUNCTION:
+ASN1_item_ex_free                       2391	1_1_0	EXIST::FUNCTION:
+X509_SIG_new                            2392	1_1_0	EXIST::FUNCTION:
+BN_sqr                                  2393	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_time                    2394	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_die                             2395	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_by_alias                    2396	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_conv_form                    2397	1_1_0	EXIST::FUNCTION:EC
+X509_TRUST_get_count                    2399	1_1_0	EXIST::FUNCTION:
+IPAddressOrRange_free                   2400	1_1_0	EXIST::FUNCTION:RFC3779
+RSA_padding_add_PKCS1_OAEP              2401	1_1_0	EXIST::FUNCTION:RSA
+EC_KEY_set_ex_data                      2402	1_1_0	EXIST::FUNCTION:EC
+SRP_VBASE_new                           2403	1_1_0	EXIST::FUNCTION:SRP
+i2d_ECDSA_SIG                           2404	1_1_0	EXIST::FUNCTION:EC
+BIO_dump_indent                         2405	1_1_0	EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              2406	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_gmtime_diff                     2407	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_crypto_device               2408	1_1_0	EXIST::FUNCTION:ENGINE,TS
+COMP_CTX_get_method                     2409	1_1_0	EXIST::FUNCTION:COMP
+EC_GROUP_get_cofactor                   2410	1_1_0	EXIST::FUNCTION:EC
+EVP_rc5_32_12_16_ofb                    2411	1_1_0	EXIST::FUNCTION:RC5
+EVP_MD_CTX_md_data                      2412	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_nm_flags                  2413	1_1_0	EXIST::FUNCTION:
+BIO_ctrl                                2414	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_default_method             2415	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey_fp                     2417	1_1_0	EXIST::FUNCTION:RSA,STDIO
+UI_method_get_flusher                   2418	1_1_0	EXIST::FUNCTION:UI
+EC_POINT_dbl                            2419	1_1_0	EXIST::FUNCTION:EC
+i2d_X509_CRL_INFO                       2420	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2421	1_1_0	EXIST::FUNCTION:OCSP
+X509_REVOKED_get0_revocationDate        2422	1_1_0	EXIST::FUNCTION:
+PKCS7_add_crl                           2423	1_1_0	EXIST::FUNCTION:
+ECDSA_do_sign                           2424	1_1_0	EXIST::FUNCTION:EC
+ASN1_GENERALIZEDTIME_it                 2425	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2425	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS8_pkey_get0                         2426	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_new                        2427	1_1_0	EXIST::FUNCTION:OCSP
+EVP_aes_256_cfb128                      2428	1_1_0	EXIST::FUNCTION:
+RSA_set_ex_data                         2429	1_1_0	EXIST::FUNCTION:RSA
+BN_GENCB_call                           2430	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_nconf_sk                 2431	1_1_0	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   2432	1_1_0	EXIST::FUNCTION:STDIO,TS
+PKCS12_new                              2433	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2434	1_1_0	EXIST::FUNCTION:
+EVP_get_digestbyname                    2435	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_lastUpdate                 2436	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+OBJ_create_objects                      2437	1_1_0	EXIST::FUNCTION:
+EVP_enc_null                            2438	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_critical         2439	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_request_onereq_count               2440	1_1_0	EXIST::FUNCTION:OCSP
+BN_hex2bn                               2441	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_set_impl_ctx_size       2442	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_new                       2443	1_1_0	EXIST::FUNCTION:RFC3779
+CONF_imodule_get_flags                  2444	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2445	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2445	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CIPHER_meth_set_set_asn1_params     2446	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_enc_flags                    2447	1_1_0	EXIST::FUNCTION:EC
+X509_OBJECT_idx_by_subject              2448	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_copy                      2449	1_1_0	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              2450	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_decrypt                   2451	1_1_0	EXIST::FUNCTION:OCB
+ASYNC_WAIT_CTX_free                     2452	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        2453	1_1_0	EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     2454	1_1_0	EXIST::FUNCTION:TS
+BIGNUM_it                               2455	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               2455	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_BLINDING_get_flags                   2456	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_get_critical             2457	1_1_0	EXIST::FUNCTION:
+DSA_set_default_method                  2458	1_1_0	EXIST::FUNCTION:DSA
+PEM_write_bio_DHxparams                 2459	1_1_0	EXIST::FUNCTION:DH
+DSA_set_ex_data                         2460	1_1_0	EXIST::FUNCTION:DSA
+BIO_s_datagram_sctp                     2461	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+SXNET_add_id_asc                        2462	1_1_0	EXIST::FUNCTION:
+X509_print_fp                           2463	1_1_0	EXIST::FUNCTION:STDIO
+TS_REQ_set_version                      2464	1_1_0	EXIST::FUNCTION:TS
+OCSP_REQINFO_new                        2465	1_1_0	EXIST::FUNCTION:OCSP
+Camellia_decrypt                        2466	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_signature_print                    2467	1_1_0	EXIST::FUNCTION:
+EVP_camellia_128_ecb                    2468	1_1_0	EXIST::FUNCTION:CAMELLIA
+MD2_Final                               2469	1_1_0	EXIST::FUNCTION:MD2
+OCSP_REQ_CTX_add1_header                2470	1_1_0	EXIST::FUNCTION:OCSP
+NETSCAPE_SPKAC_it                       2471	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2471	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASIdOrRange_free                        2472	1_1_0	EXIST::FUNCTION:RFC3779
+EC_POINT_get_Jprojective_coordinates_GFp 2473	1_1_0	EXIST::FUNCTION:EC
+EVP_aes_128_cbc_hmac_sha256             2474	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        2475	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_set_data                  2476	1_1_0	EXIST::FUNCTION:TS
+BN_pseudo_rand_range                    2477	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_add_nconf                    2478	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2479	1_1_0	EXIST::FUNCTION:
+ASN1_T61STRING_it                       2480	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2480	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_prev                         2481	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_accept_responses_new               2482	1_1_0	EXIST::FUNCTION:OCSP
+ERR_load_EC_strings                     2483	1_1_0	EXIST::FUNCTION:EC
+X509V3_string_free                      2484	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              2485	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_ssl_client_cert_function 2486	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_ENCODE_CTX_free                     2487	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_BIT_STRING                     2488	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             2489	1_1_0	EXIST::FUNCTION:
+X509_TRUST_add                          2490	1_1_0	EXIST::FUNCTION:
+BUF_MEM_free                            2491	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                2492	1_1_0	EXIST::FUNCTION:TS
+TS_REQ_dup                              2493	1_1_0	EXIST::FUNCTION:TS
+ASN1_STRING_type_new                    2494	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_free                     2495	1_1_0	EXIST::FUNCTION:TS
+BN_mod_mul                              2496	1_1_0	EXIST::FUNCTION:
+CMS_add0_recipient_key                  2497	1_1_0	EXIST::FUNCTION:CMS
+BIO_f_zlib                              2498	1_1_0	EXIST:ZLIB:FUNCTION:COMP
+AES_cfb128_encrypt                      2499	1_1_0	EXIST::FUNCTION:
+ENGINE_set_EC                           2500	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ECPKParameters                      2501	1_1_0	EXIST::FUNCTION:EC
+IDEA_ofb64_encrypt                      2502	1_1_0	EXIST::FUNCTION:IDEA
+CAST_decrypt                            2503	1_1_0	EXIST::FUNCTION:CAST
+TS_STATUS_INFO_get0_failure_info        2504	1_1_0	EXIST::FUNCTION:TS
+ENGINE_unregister_pkey_meths            2506	1_1_0	EXIST::FUNCTION:ENGINE
+DISPLAYTEXT_new                         2507	1_1_0	EXIST::FUNCTION:
+CMS_final                               2508	1_1_0	EXIST::FUNCTION:CMS
+BIO_nwrite                              2509	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_free                       2510	1_1_0	EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   2511	1_1_0	EXIST::FUNCTION:
+BN_generate_dsa_nonce                   2512	1_1_0	EXIST::FUNCTION:
+X509_verify_cert                        2513	1_1_0	EXIST::FUNCTION:
+X509_policy_level_get0_node             2514	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_attr                       2515	1_1_0	EXIST::FUNCTION:
+SHA1                                    2516	1_1_0	EXIST::FUNCTION:
+X509_print                              2517	1_1_0	EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2518	1_1_0	EXIST::FUNCTION:
+X509_REQ_new                            2519	1_1_0	EXIST::FUNCTION:
+PKCS12_add_safes                        2520	1_1_0	EXIST::FUNCTION:
+PKCS12_parse                            2521	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_div                         2522	1_1_0	EXIST::FUNCTION:EC2M
+i2d_USERNOTICE                          2523	1_1_0	EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       2524	1_1_0	EXIST::FUNCTION:
+CRYPTO_mem_leaks                        2525	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+BN_get_rfc3526_prime_1536               2526	1_1_0	EXIST::FUNCTION:
+DSA_sign                                2527	1_1_0	EXIST::FUNCTION:DSA
+RAND_egd                                2528	1_1_0	EXIST::FUNCTION:EGD
+ASN1_d2i_bio                            2529	1_1_0	EXIST::FUNCTION:
+X509_REQ_digest                         2531	1_1_0	EXIST::FUNCTION:
+X509_set1_notAfter                      2532	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_type                         2533	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               2534	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  2535	1_1_0	EXIST::FUNCTION:
+CMS_signed_get0_data_by_OBJ             2536	1_1_0	EXIST::FUNCTION:CMS
+X509_PURPOSE_add                        2537	1_1_0	EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     2538	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_uni                      2539	1_1_0	EXIST::FUNCTION:
+WHIRLPOOL                               2540	1_1_0	EXIST::FUNCTION:WHIRLPOOL
+UI_set_default_method                   2542	1_1_0	EXIST::FUNCTION:UI
+EC_POINT_is_at_infinity                 2543	1_1_0	EXIST::FUNCTION:EC
+i2d_NOTICEREF                           2544	1_1_0	EXIST::FUNCTION:
+EC_KEY_new                              2545	1_1_0	EXIST::FUNCTION:EC
+EVP_chacha20                            2546	1_1_0	EXIST::FUNCTION:CHACHA
+BN_bn2dec                               2547	1_1_0	EXIST::FUNCTION:
+X509_REQ_print_ex                       2548	1_1_0	EXIST::FUNCTION:
+PEM_read_CMS                            2549	1_1_0	EXIST::FUNCTION:CMS,STDIO
+d2i_NETSCAPE_CERT_SEQUENCE              2550	1_1_0	EXIST::FUNCTION:
+X509_CRL_set_version                    2551	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                2552	1_1_0	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                2553	1_1_0	EXIST::FUNCTION:
+SHA224_Update                           2554	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name              2555	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_set_purpose                  2556	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_signature                 2557	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            2558	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       2559	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        2560	1_1_0	EXIST::FUNCTION:
+d2i_EC_PUBKEY_fp                        2561	1_1_0	EXIST::FUNCTION:EC,STDIO
+i2d_OCSP_SIGNATURE                      2562	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_EXTENSION                      2563	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_X509                       2564	1_1_0	EXIST::FUNCTION:
+DES_key_sched                           2565	1_1_0	EXIST::FUNCTION:DES
+GENERAL_NAME_dup                        2566	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_crls                2567	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                2568	1_1_0	EXIST::FUNCTION:
+EVP_sha256                              2569	1_1_0	EXIST::FUNCTION:
+CMS_unsigned_delete_attr                2570	1_1_0	EXIST::FUNCTION:CMS
+EVP_md5_sha1                            2571	1_1_0	EXIST::FUNCTION:MD5
+EVP_PKEY_sign_init                      2572	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_insert                       2573	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_get_cleanup             2574	1_1_0	EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2575	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_free                        2576	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_new                       2577	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_OAEP            2578	1_1_0	EXIST::FUNCTION:RSA
+OCSP_SERVICELOC_it                      2579	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SERVICELOC_it                      2579	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PKCS12_SAFEBAG_get_nid                  2580	1_1_0	EXIST::FUNCTION:
+EVP_MD_CTX_set_update_fn                2581	1_1_0	EXIST::FUNCTION:
+BIO_f_asn1                              2582	1_1_0	EXIST::FUNCTION:
+BIO_dump                                2583	1_1_0	EXIST::FUNCTION:
+ENGINE_load_ssl_client_cert             2584	1_1_0	EXIST::FUNCTION:ENGINE
+X509_STORE_CTX_set_verify_cb            2585	1_1_0	EXIST::FUNCTION:
+CRYPTO_clear_realloc                    2586	1_1_0	EXIST::FUNCTION:
+OPENSSL_strnlen                         2587	1_1_0	EXIST::FUNCTION:
+IDEA_ecb_encrypt                        2588	1_1_0	EXIST::FUNCTION:IDEA
+ASN1_STRING_set_default_mask            2589	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_add_flags                 2590	1_1_0	EXIST::FUNCTION:TS
+FIPS_mode                               2591	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                2592	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_free                   2593	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_order                      2594	1_1_0	EXIST::FUNCTION:EC
+X509_REVOKED_add1_ext_i2d               2595	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add1_host             2596	1_1_0	EXIST::FUNCTION:
+i2d_PUBKEY_bio                          2597	1_1_0	EXIST::FUNCTION:
+MD4_Update                              2598	1_1_0	EXIST::FUNCTION:MD4
+X509_STORE_CTX_set_time                 2599	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_DH                   2600	1_1_0	EXIST::FUNCTION:ENGINE
+X509_ocspid_print                       2601	1_1_0	EXIST::FUNCTION:
+DH_set_method                           2602	1_1_0	EXIST::FUNCTION:DH
+EVP_rc2_64_cbc                          2603	1_1_0	EXIST::FUNCTION:RC2
+CRYPTO_THREAD_get_current_id            2604	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_cb                     2605	1_1_0	EXIST::FUNCTION:
+PROXY_POLICY_it                         2606	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it                         2606	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_complete                2607	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_DecodeUpdate                        2609	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_RAND                 2610	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line                2611	1_1_0	EXIST::FUNCTION:
+ENGINE_get_ssl_client_cert_function     2612	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_node_usage_stats             2613	1_1_0	EXIST::FUNCTION:STDIO
+DIRECTORYSTRING_it                      2614	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2614	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_write                               2615	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_OBJ              2616	1_1_0	EXIST::FUNCTION:OCSP
+SEED_encrypt                            2617	1_1_0	EXIST::FUNCTION:SEED
+IPAddressRange_it                       2618	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       2618	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+PEM_read_bio_DSAPrivateKey              2619	1_1_0	EXIST::FUNCTION:DSA
+CMS_get0_type                           2620	1_1_0	EXIST::FUNCTION:CMS
+ASN1_PCTX_free                          2621	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    2622	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_conf_nid                     2623	1_1_0	EXIST::FUNCTION:
+EC_KEY_check_key                        2624	1_1_0	EXIST::FUNCTION:EC
+PKCS5_PBKDF2_HMAC                       2625	1_1_0	EXIST::FUNCTION:
+CONF_get_section                        2626	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_decrypt          2627	1_1_0	EXIST::FUNCTION:CMS
+OBJ_add_sigid                           2628	1_1_0	EXIST::FUNCTION:
+d2i_SXNETID                             2629	1_1_0	EXIST::FUNCTION:
+CMS_get1_certs                          2630	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_check_suiteb                   2631	1_1_0	EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2632	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2632	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASIdentifierChoice_it                   2633	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   2633	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+CMS_RecipientEncryptedKey_cert_cmp      2634	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_get_app_data               2635	1_1_0	EXIST::FUNCTION:
+EC_GROUP_clear_free                     2636	1_1_0	EXIST::FUNCTION:EC
+BN_get_rfc2409_prime_1024               2637	1_1_0	EXIST::FUNCTION:
+CRYPTO_set_mem_functions                2638	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_VISIBLESTRING                  2639	1_1_0	EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         2640	1_1_0	EXIST::FUNCTION:
+ERR_load_COMP_strings                   2641	1_1_0	EXIST::FUNCTION:COMP
+EVP_PKEY_meth_add0                      2642	1_1_0	EXIST::FUNCTION:
+EVP_rc4_40                              2643	1_1_0	EXIST::FUNCTION:RC4
+RSA_bits                                2645	1_1_0	EXIST::FUNCTION:RSA
+ASN1_item_dup                           2646	1_1_0	EXIST::FUNCTION:
+GENERAL_NAMES_it                        2647	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2647	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_issuer_name_hash                   2648	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   2649	1_1_0	EXIST::FUNCTION:TS
+MD4_Init                                2650	1_1_0	EXIST::FUNCTION:MD4
+X509_EXTENSION_create_by_OBJ            2651	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha1               2652	1_1_0	EXIST::FUNCTION:
+SCT_validate                            2653	1_1_0	EXIST::FUNCTION:CT
+EC_GROUP_dup                            2654	1_1_0	EXIST::FUNCTION:EC
+EVP_sha1                                2655	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_new                          2656	1_1_0	EXIST::FUNCTION:
+BN_dup                                  2657	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                2658	1_1_0	EXIST::FUNCTION:TS
+CONF_module_set_usr_data                2659	1_1_0	EXIST::FUNCTION:
+EC_KEY_generate_key                     2660	1_1_0	EXIST::FUNCTION:EC
+BIO_ctrl_get_write_guarantee            2661	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_assign                         2662	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ofb                         2663	1_1_0	EXIST::FUNCTION:
+CMS_data                                2664	1_1_0	EXIST::FUNCTION:CMS
+X509_load_cert_file                     2665	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp521_method                  2667	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+ECDSA_SIG_free                          2668	1_1_0	EXIST::FUNCTION:EC
+d2i_PKCS12_BAGS                         2669	1_1_0	EXIST::FUNCTION:
+RSA_public_encrypt                      2670	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_get0_extensions                2671	1_1_0	EXIST::FUNCTION:
+CMS_digest_verify                       2672	1_1_0	EXIST::FUNCTION:CMS
+ASN1_GENERALIZEDTIME_set                2673	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_set_imprint               2674	1_1_0	EXIST::FUNCTION:TS
+BN_RECP_CTX_set                         2675	1_1_0	EXIST::FUNCTION:
+CRYPTO_secure_zalloc                    2676	1_1_0	EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  2677	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_DSAparams                 2678	1_1_0	EXIST::FUNCTION:DSA
+X509_cmp_time                           2679	1_1_0	EXIST::FUNCTION:
+d2i_CMS_ReceiptRequest                  2680	1_1_0	EXIST::FUNCTION:CMS
+X509_CRL_INFO_it                        2681	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        2681	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BUF_reverse                             2682	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SIGNATURE                      2683	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_delete_attr                    2684	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             2685	1_1_0	EXIST::FUNCTION:TS
+X509V3_EXT_d2i                          2686	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALSTRING_it                   2687	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2687	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+POLICYQUALINFO_free                     2688	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_group                        2689	1_1_0	EXIST::FUNCTION:EC
+OCSP_check_validity                     2690	1_1_0	EXIST::FUNCTION:OCSP
+PEM_write_ECPKParameters                2691	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_VERIFY_PARAM_lookup                2692	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              2693	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_free                    2694	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    2695	1_1_0	EXIST::FUNCTION:
+d2i_ECPrivateKey_fp                     2696	1_1_0	EXIST::FUNCTION:EC,STDIO
+TS_CONF_set_ordering                    2697	1_1_0	EXIST::FUNCTION:TS
+X509_CRL_get_ext                        2698	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 2699	1_1_0	EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2700	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_PRINTABLESTRING_new                2701	1_1_0	EXIST::FUNCTION:
+i2d_PBEPARAM                            2702	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       2703	1_1_0	EXIST::FUNCTION:
+AES_options                             2704	1_1_0	EXIST::FUNCTION:
+POLICYINFO_free                         2705	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_Parameters                 2706	1_1_0	EXIST::FUNCTION:
+BN_abs_is_word                          2707	1_1_0	EXIST::FUNCTION:
+BIO_set_callback_arg                    2708	1_1_0	EXIST::FUNCTION:
+CONF_modules_load_file                  2709	1_1_0	EXIST::FUNCTION:
+X509_trust_clear                        2710	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_test_flags               2711	1_1_0	EXIST::FUNCTION:
+PKCS12_BAGS_free                        2712	1_1_0	EXIST::FUNCTION:
+PEM_X509_INFO_read                      2713	1_1_0	EXIST::FUNCTION:STDIO
+d2i_DSAPrivateKey                       2714	1_1_0	EXIST::FUNCTION:DSA
+i2d_PKCS8_PRIV_KEY_INFO_fp              2715	1_1_0	EXIST::FUNCTION:STDIO
+TS_RESP_print_bio                       2716	1_1_0	EXIST::FUNCTION:TS
+X509_STORE_set_default_paths            2717	1_1_0	EXIST::FUNCTION:
+d2i_TS_REQ                              2718	1_1_0	EXIST::FUNCTION:TS
+i2d_TS_TST_INFO_bio                     2719	1_1_0	EXIST::FUNCTION:TS
+CMS_sign_receipt                        2720	1_1_0	EXIST::FUNCTION:CMS
+ENGINE_set_RAND                         2721	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REVOKED_get_ext_by_OBJ             2722	1_1_0	EXIST::FUNCTION:
+SEED_decrypt                            2723	1_1_0	EXIST::FUNCTION:SEED
+PEM_write_PKCS8PrivateKey               2724	1_1_0	EXIST::FUNCTION:STDIO
+ENGINE_new                              2725	1_1_0	EXIST::FUNCTION:ENGINE
+X509_check_issued                       2726	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_length                2727	1_1_0	EXIST::FUNCTION:
+DES_string_to_2keys                     2728	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_copy_parameters                2729	1_1_0	EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               2730	1_1_0	EXIST::FUNCTION:CMS
+d2i_PKCS7_SIGNED                        2731	1_1_0	EXIST::FUNCTION:
+GENERAL_NAMES_free                      2732	1_1_0	EXIST::FUNCTION:
+SCT_get_timestamp                       2733	1_1_0	EXIST::FUNCTION:CT
+OCSP_SIGNATURE_it                       2734	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_SIGNATURE_it                       2734	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+CMS_verify_receipt                      2735	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_THREAD_lock_new                  2736	1_1_0	EXIST::FUNCTION:
+BIO_get_ex_data                         2737	1_1_0	EXIST::FUNCTION:
+CMS_digest_create                       2738	1_1_0	EXIST::FUNCTION:CMS
+EC_KEY_METHOD_set_verify                2739	1_1_0	EXIST::FUNCTION:EC
+PEM_read_RSAPublicKey                   2740	1_1_0	EXIST::FUNCTION:RSA,STDIO
+ENGINE_pkey_asn1_find_str               2741	1_1_0	EXIST::FUNCTION:ENGINE
+ENGINE_get_load_privkey_function        2742	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_IPAddressRange                      2743	1_1_0	EXIST::FUNCTION:RFC3779
+ERR_remove_state                        2744	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_0_0
+X509_CRL_print_fp                       2745	1_1_0	EXIST::FUNCTION:STDIO
+TS_CONF_load_key                        2746	1_1_0	EXIST::FUNCTION:TS
+d2i_OCSP_REQINFO                        2747	1_1_0	EXIST::FUNCTION:OCSP
+d2i_X509_CINF                           2748	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        2749	1_1_0	EXIST::FUNCTION:OCSP
+X509_REQ_to_X509                        2750	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_wrap_pad                    2751	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 2752	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_policy_id                    2753	1_1_0	EXIST::FUNCTION:TS
+RC5_32_cbc_encrypt                      2754	1_1_0	EXIST::FUNCTION:RC5
+BN_is_zero                              2755	1_1_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_new                  2756	1_1_0	EXIST::FUNCTION:CT
+NETSCAPE_SPKI_it                        2757	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        2757	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_THREAD_unlock                    2758	1_1_0	EXIST::FUNCTION:
+UI_method_set_writer                    2759	1_1_0	EXIST::FUNCTION:UI
+UI_dup_info_string                      2760	1_1_0	EXIST::FUNCTION:UI
+OPENSSL_init                            2761	1_1_0	EXIST::FUNCTION:
+TS_RESP_get_tst_info                    2762	1_1_0	EXIST::FUNCTION:TS
+X509_VERIFY_PARAM_get_depth             2763	1_1_0	EXIST::FUNCTION:
+EVP_SealFinal                           2764	1_1_0	EXIST::FUNCTION:RSA
+BIO_set                                 2765	1_1_0	NOEXIST::FUNCTION:
+CONF_imodule_set_flags                  2766	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        2767	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_decrypt                        2768	1_1_0	EXIST::FUNCTION:
+OCSP_RESPID_it                          2769	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_RESPID_it                          2769	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+EVP_des_ede3_cbc                        2770	1_1_0	EXIST::FUNCTION:DES
+X509_up_ref                             2771	1_1_0	EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2772	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_DSA                   2773	1_1_0	EXIST::FUNCTION:ENGINE
+ASN1_bn_print                           2774	1_1_0	EXIST::FUNCTION:
+CMS_is_detached                         2775	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_INFO_it                        2776	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        2776	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RSAPrivateKey_it                        2777	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2777	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+X509_NAME_ENTRY_free                    2778	1_1_0	EXIST::FUNCTION:
+BIO_new_fd                              2779	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_value                        2781	1_1_0	EXIST::FUNCTION:
+NCONF_get_section                       2782	1_1_0	EXIST::FUNCTION:
+PKCS12_MAC_DATA_it                      2783	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      2783	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_add1_attr_by_NID               2784	1_1_0	EXIST::FUNCTION:
+ASN1_sign                               2785	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_encrypt               2786	1_1_0	EXIST::FUNCTION:CMS
+X509_get_pubkey_parameters              2787	1_1_0	EXIST::FUNCTION:
+PKCS12_setup_mac                        2788	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_PKCS7                      2789	1_1_0	EXIST::FUNCTION:
+SHA512_Final                            2790	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_host             2791	1_1_0	EXIST::FUNCTION:
+OCSP_resp_find_status                   2792	1_1_0	EXIST::FUNCTION:OCSP
+d2i_ASN1_T61STRING                      2793	1_1_0	EXIST::FUNCTION:
+DES_pcbc_encrypt                        2794	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_print_params                   2795	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_192                  2796	1_1_0	EXIST::FUNCTION:
+EVP_SealInit                            2798	1_1_0	EXIST::FUNCTION:RSA
+X509_REQ_get0_signature                 2799	1_1_0	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  2800	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      2801	1_1_0	EXIST::FUNCTION:EC
+CMS_dataFinal                           2802	1_1_0	EXIST::FUNCTION:CMS
+ASN1_TIME_it                            2803	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2803	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_static_state                 2804	1_1_0	EXIST::FUNCTION:ENGINE
+EC_KEY_set_asn1_flag                    2805	1_1_0	EXIST::FUNCTION:EC
+EC_GFp_mont_method                      2806	1_1_0	EXIST::FUNCTION:EC
+OPENSSL_asc2uni                         2807	1_1_0	EXIST::FUNCTION:
+TS_REQ_new                              2808	1_1_0	EXIST::FUNCTION:TS
+ENGINE_register_all_DH                  2809	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_clear_error                         2810	1_1_0	EXIST::FUNCTION:
+EC_KEY_dup                              2811	1_1_0	EXIST::FUNCTION:EC
+X509_LOOKUP_init                        2812	1_1_0	EXIST::FUNCTION:
+i2b_PVK_bio                             2813	1_1_0	EXIST::FUNCTION:DSA,RC4
+OCSP_ONEREQ_free                        2814	1_1_0	EXIST::FUNCTION:OCSP
+X509V3_EXT_print_fp                     2815	1_1_0	EXIST::FUNCTION:STDIO
+OBJ_bsearch_ex_                         2816	1_1_0	EXIST::FUNCTION:
+DES_ofb64_encrypt                       2817	1_1_0	EXIST::FUNCTION:DES
+i2d_IPAddressOrRange                    2818	1_1_0	EXIST::FUNCTION:RFC3779
+CRYPTO_secure_used                      2819	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       2820	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_issuer                     2821	1_1_0	EXIST::FUNCTION:
+d2i_SCT_LIST                            2822	1_1_0	EXIST::FUNCTION:CT
+EC_GFp_nist_method                      2823	1_1_0	EXIST::FUNCTION:EC
+SCT_free                                2824	1_1_0	EXIST::FUNCTION:CT
+TS_TST_INFO_get_msg_imprint             2825	1_1_0	EXIST::FUNCTION:TS
+X509v3_addr_add_range                   2826	1_1_0	EXIST::FUNCTION:RFC3779
+PKCS12_get_friendlyname                 2827	1_1_0	EXIST::FUNCTION:
+X509_CRL_add_ext                        2829	1_1_0	EXIST::FUNCTION:
+X509_REQ_get_signature_nid              2830	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     2831	1_1_0	EXIST::FUNCTION:TS
+i2d_OCSP_RESPID                         2832	1_1_0	EXIST::FUNCTION:OCSP
+EVP_camellia_256_cfb8                   2833	1_1_0	EXIST::FUNCTION:CAMELLIA
+EC_KEY_get0_public_key                  2834	1_1_0	EXIST::FUNCTION:EC
+SRP_Calc_x                              2835	1_1_0	EXIST::FUNCTION:SRP
+a2i_ASN1_ENUMERATED                     2836	1_1_0	EXIST::FUNCTION:
+CONF_module_get_usr_data                2837	1_1_0	EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     2838	1_1_0	EXIST::FUNCTION:
+SCT_LIST_free                           2839	1_1_0	EXIST::FUNCTION:CT
+PROXY_POLICY_new                        2840	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_set_md                       2841	1_1_0	EXIST::FUNCTION:
+PKCS7_print_ctx                         2842	1_1_0	EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     2843	1_1_0	EXIST::FUNCTION:
+EVP_des_cbc                             2844	1_1_0	EXIST::FUNCTION:DES
+i2v_ASN1_BIT_STRING                     2845	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set1                          2846	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL_bio                        2847	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get1_cert                2848	1_1_0	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               2849	1_1_0	EXIST::FUNCTION:
+EC_KEY_precompute_mult                  2850	1_1_0	EXIST::FUNCTION:EC
+CRYPTO_mem_debug_realloc                2851	1_1_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+PKCS7_new                               2852	1_1_0	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2853	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2853	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_generate_v3                        2854	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                2855	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_check                      2856	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_it                   2857	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2857	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_MSG_IMPRINT_get_msg                  2859	1_1_0	EXIST::FUNCTION:TS
+PKCS8_add_keyusage                      2860	1_1_0	EXIST::FUNCTION:
+X509_EXTENSION_dup                      2861	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_new                       2862	1_1_0	EXIST::FUNCTION:
+BIO_socket_nbio                         2863	1_1_0	EXIST::FUNCTION:SOCK
+EVP_CIPHER_set_asn1_iv                  2864	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp224_method                  2865	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+BN_swap                                 2866	1_1_0	EXIST::FUNCTION:
+d2i_ECParameters                        2867	1_1_0	EXIST::FUNCTION:EC
+X509_NAME_add_entry_by_OBJ              2868	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               2869	1_1_0	EXIST::FUNCTION:TS
+i2d_OCSP_CERTID                         2870	1_1_0	EXIST::FUNCTION:OCSP
+BN_CTX_start                            2871	1_1_0	EXIST::FUNCTION:
+BN_print                                2872	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_flags                        2873	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_get0                           2874	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default                      2875	1_1_0	EXIST::FUNCTION:ENGINE
+NCONF_get_number_e                      2876	1_1_0	EXIST::FUNCTION:
+OPENSSL_cleanse                         2877	1_1_0	EXIST::FUNCTION:
+SCT_set0_signature                      2878	1_1_0	EXIST::FUNCTION:CT
+X509_CRL_sign                           2879	1_1_0	EXIST::FUNCTION:
+X509_CINF_it                            2880	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2880	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_CONF_set_accuracy                    2881	1_1_0	EXIST::FUNCTION:TS
+DES_crypt                               2882	1_1_0	EXIST::FUNCTION:DES
+BN_BLINDING_create_param                2883	1_1_0	EXIST::FUNCTION:
+OCSP_SERVICELOC_free                    2884	1_1_0	EXIST::FUNCTION:OCSP
+DIST_POINT_NAME_free                    2885	1_1_0	EXIST::FUNCTION:
+BIO_listen                              2886	1_1_0	EXIST::FUNCTION:SOCK
+BIO_ADDR_path_string                    2887	1_1_0	EXIST::FUNCTION:SOCK
+POLICY_CONSTRAINTS_it                   2888	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   2888	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NCONF_free_data                         2889	1_1_0	EXIST::FUNCTION:
+BIO_asn1_set_prefix                     2890	1_1_0	EXIST::FUNCTION:
+PEM_SignUpdate                          2891	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_EC_PUBKEY                 2892	1_1_0	EXIST::FUNCTION:EC
+CMS_add_simple_smimecap                 2893	1_1_0	EXIST::FUNCTION:CMS
+IPAddressChoice_free                    2894	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_X509_AUX                            2895	1_1_0	EXIST::FUNCTION:
+X509_get_default_cert_area              2896	1_1_0	EXIST::FUNCTION:
+ERR_load_DSO_strings                    2897	1_1_0	EXIST::FUNCTION:
+ASIdentifiers_it                        2898	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        2898	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+BN_mod_lshift                           2899	1_1_0	EXIST::FUNCTION:
+ENGINE_get_last                         2900	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_PKEY_encrypt_init                   2901	1_1_0	EXIST::FUNCTION:
+i2d_RSAPrivateKey_fp                    2902	1_1_0	EXIST::FUNCTION:RSA,STDIO
+X509_REQ_print                          2903	1_1_0	EXIST::FUNCTION:
+RSA_size                                2904	1_1_0	EXIST::FUNCTION:RSA
+EVP_CIPHER_CTX_iv_noconst               2905	1_1_0	EXIST::FUNCTION:
+DH_set_default_method                   2906	1_1_0	EXIST::FUNCTION:DH
+X509_ALGOR_new                          2907	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ofb                         2908	1_1_0	EXIST::FUNCTION:
+EVP_des_ede3_cfb1                       2909	1_1_0	EXIST::FUNCTION:DES
+TS_REQ_to_TS_VERIFY_CTX                 2910	1_1_0	EXIST::FUNCTION:TS
+d2i_PBEPARAM                            2911	1_1_0	EXIST::FUNCTION:
+BN_get0_nist_prime_521                  2912	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2913	1_1_0	EXIST::FUNCTION:OCSP
+X509_PUBKEY_get0                        2914	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          2915	1_1_0	EXIST::FUNCTION:
+EC_GROUP_set_seed                       2916	1_1_0	EXIST::FUNCTION:EC
+X509_STORE_CTX_free                     2917	1_1_0	EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2918	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2918	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_get_value_int                    2919	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 2920	1_1_0	EXIST::FUNCTION:
+RC5_32_decrypt                          2921	1_1_0	EXIST::FUNCTION:RC5
+i2d_X509_REQ_INFO                       2922	1_1_0	EXIST::FUNCTION:
+EVP_des_cfb1                            2923	1_1_0	EXIST::FUNCTION:DES
+OBJ_NAME_cleanup                        2924	1_1_0	EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2925	1_1_0	EXIST::FUNCTION:OCSP
+DES_cfb64_encrypt                       2926	1_1_0	EXIST::FUNCTION:DES
+CAST_cfb64_encrypt                      2927	1_1_0	EXIST::FUNCTION:CAST
+EVP_PKEY_asn1_set_param                 2928	1_1_0	EXIST::FUNCTION:
+BN_RECP_CTX_free                        2929	1_1_0	EXIST::FUNCTION:
+BN_with_flags                           2930	1_1_0	EXIST::FUNCTION:
+DSO_ctrl                                2931	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_final                   2932	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               2933	1_1_0	EXIST::FUNCTION:
+ENGINE_by_id                            2934	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_PKCS7_SIGNER_INFO                   2935	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_cbc                         2936	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_set0                         2937	1_1_0	EXIST::FUNCTION:
+X509_get1_email                         2938	1_1_0	EXIST::FUNCTION:
+EC_POINT_point2oct                      2939	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_curve_GFp                  2940	1_1_0	EXIST::FUNCTION:EC
+ASYNC_block_pause                       2941	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2942	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_strdup                           2943	1_1_0	EXIST::FUNCTION:
+i2d_X509_CRL_bio                        2945	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_item                  2946	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt                   2947	1_1_0	EXIST::FUNCTION:
+X509v3_addr_get_afi                     2948	1_1_0	EXIST::FUNCTION:RFC3779
+X509_STORE_CTX_get0_param               2949	1_1_0	EXIST::FUNCTION:
+EVP_add_alg_module                      2950	1_1_0	EXIST::FUNCTION:
+X509_check_purpose                      2951	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2952	1_1_0	EXIST::FUNCTION:OCSP
+X509_PURPOSE_get_count                  2953	1_1_0	EXIST::FUNCTION:
+d2i_PKCS12_bio                          2954	1_1_0	EXIST::FUNCTION:
+ASN1_item_free                          2955	1_1_0	EXIST::FUNCTION:
+PKCS7_content_new                       2956	1_1_0	EXIST::FUNCTION:
+X509_keyid_get0                         2957	1_1_0	EXIST::FUNCTION:
+COMP_get_name                           2958	1_1_0	EXIST::FUNCTION:COMP
+EC_GROUP_new_curve_GF2m                 2959	1_1_0	EXIST::FUNCTION:EC,EC2M
+X509_SIG_free                           2960	1_1_0	EXIST::FUNCTION:
+PEM_ASN1_write                          2961	1_1_0	EXIST::FUNCTION:STDIO
+ENGINE_get_digest_engine                2962	1_1_0	EXIST::FUNCTION:ENGINE
+BN_CTX_new                              2963	1_1_0	EXIST::FUNCTION:
+EC_curve_nid2nist                       2964	1_1_0	EXIST::FUNCTION:EC
+ENGINE_get_finish_function              2965	1_1_0	EXIST::FUNCTION:ENGINE
+EC_POINT_add                            2966	1_1_0	EXIST::FUNCTION:EC
+EC_KEY_oct2key                          2967	1_1_0	EXIST::FUNCTION:EC
+SHA384_Init                             2968	1_1_0	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                2969	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_print_private                  2970	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_new                        2971	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     2972	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     2972	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_REQ_get_cert_req                     2973	1_1_0	EXIST::FUNCTION:TS
+BIO_pop                                 2974	1_1_0	EXIST::FUNCTION:
+SHA256_Final                            2975	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2976	1_1_0	EXIST::FUNCTION:DH
+DH_get_ex_data                          2977	1_1_0	EXIST::FUNCTION:DH
+CRYPTO_secure_malloc                    2978	1_1_0	EXIST::FUNCTION:
+TS_RESP_get_status_info                 2979	1_1_0	EXIST::FUNCTION:TS
+HMAC_CTX_new                            2980	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_DH                   2981	1_1_0	EXIST::FUNCTION:ENGINE
+ECDSA_do_verify                         2982	1_1_0	EXIST::FUNCTION:EC
+DSO_flags                               2983	1_1_0	EXIST::FUNCTION:
+RAND_add                                2984	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                2985	1_1_0	EXIST::FUNCTION:
+PKCS7_encrypt                           2986	1_1_0	EXIST::FUNCTION:
+i2d_DSA_SIG                             2987	1_1_0	EXIST::FUNCTION:DSA
+CMS_set_detached                        2988	1_1_0	EXIST::FUNCTION:CMS
+X509_REQ_get_attr_by_OBJ                2989	1_1_0	EXIST::FUNCTION:
+i2d_ASRange                             2990	1_1_0	EXIST::FUNCTION:RFC3779
+EC_GROUP_set_asn1_flag                  2991	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_new                            2992	1_1_0	EXIST::FUNCTION:
+i2d_POLICYINFO                          2993	1_1_0	EXIST::FUNCTION:
+BN_get_flags                            2994	1_1_0	EXIST::FUNCTION:
+SHA384                                  2995	1_1_0	EXIST::FUNCTION:
+NCONF_get_string                        2996	1_1_0	EXIST::FUNCTION:
+d2i_PROXY_CERT_INFO_EXTENSION           2997	1_1_0	EXIST::FUNCTION:
+EC_POINT_point2buf                      2998	1_1_0	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_OAEP_mgf1         2999	1_1_0	EXIST::FUNCTION:RSA
+COMP_CTX_get_type                       3000	1_1_0	EXIST::FUNCTION:COMP
+TS_RESP_CTX_set_status_info             3001	1_1_0	EXIST::FUNCTION:TS
+BIO_f_nbio_test                         3002	1_1_0	EXIST::FUNCTION:
+SEED_ofb128_encrypt                     3003	1_1_0	EXIST::FUNCTION:SEED
+d2i_RSAPrivateKey_bio                   3004	1_1_0	EXIST::FUNCTION:RSA
+DH_KDF_X9_42                            3005	1_1_0	EXIST::FUNCTION:CMS,DH
+EVP_PKEY_meth_set_signctx               3006	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_version                    3007	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get0_info                 3008	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_RSAPublicKey               3009	1_1_0	EXIST::FUNCTION:RSA
+EVP_PKEY_asn1_set_private               3010	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_RSA                       3011	1_1_0	EXIST::FUNCTION:RSA
+DES_ede3_cfb64_encrypt                  3012	1_1_0	EXIST::FUNCTION:DES
+POLICY_MAPPING_free                     3014	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_gcm                         3015	1_1_0	EXIST::FUNCTION:
+BIO_dgram_non_fatal_error               3016	1_1_0	EXIST::FUNCTION:DGRAM
+OCSP_request_is_signed                  3017	1_1_0	EXIST::FUNCTION:OCSP
+i2d_BASIC_CONSTRAINTS                   3018	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_method                       3019	1_1_0	EXIST::FUNCTION:EC
+EC_POINT_bn2point                       3021	1_1_0	EXIST::FUNCTION:EC
+PBE2PARAM_it                            3022	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            3022	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_rand                                 3023	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_unpack_sequence               3024	1_1_0	EXIST::FUNCTION:
+X509_CRL_sign_ctx                       3025	1_1_0	EXIST::FUNCTION:
+X509_STORE_add_crl                      3026	1_1_0	EXIST::FUNCTION:
+PEM_write_RSAPrivateKey                 3027	1_1_0	EXIST::FUNCTION:RSA,STDIO
+RC4_set_key                             3028	1_1_0	EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_cipher                   3029	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       3030	1_1_0	EXIST::FUNCTION:
+BN_MONT_CTX_new                         3031	1_1_0	EXIST::FUNCTION:
+CRYPTO_free_ex_index                    3032	1_1_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_new                      3033	1_1_0	EXIST::FUNCTION:
+PKCS7_it                                3034	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3034	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CMS_unsigned_get_attr_by_OBJ            3035	1_1_0	EXIST::FUNCTION:CMS
+BN_clear                                3036	1_1_0	EXIST::FUNCTION:
+BIO_socket_ioctl                        3037	1_1_0	EXIST::FUNCTION:SOCK
+GENERAL_NAME_cmp                        3038	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_purpose              3039	1_1_0	EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                3040	1_1_0	EXIST::FUNCTION:
+X509V3_set_conf_lhash                   3041	1_1_0	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_it                    3042	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3042	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_item_pack_safebag                3043	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_RESPDATA                       3044	1_1_0	EXIST::FUNCTION:OCSP
+i2d_X509_PUBKEY                         3045	1_1_0	EXIST::FUNCTION:
+EVP_DecryptUpdate                       3046	1_1_0	EXIST::FUNCTION:
+CAST_cbc_encrypt                        3047	1_1_0	EXIST::FUNCTION:CAST
+BN_BLINDING_invert                      3048	1_1_0	EXIST::FUNCTION:
+SHA512_Update                           3049	1_1_0	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   3050	1_1_0	EXIST::FUNCTION:TS
+PKCS12_SAFEBAG_get0_pkcs8               3051	1_1_0	EXIST::FUNCTION:
+X509_get_ext_by_NID                     3052	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressFamily                     3053	1_1_0	EXIST::FUNCTION:RFC3779
+X509_check_private_key                  3054	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 3055	1_1_0	EXIST::FUNCTION:
+X509_check_akid                         3056	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_asc                      3057	1_1_0	EXIST::FUNCTION:
+EVP_bf_ofb                              3058	1_1_0	EXIST::FUNCTION:BF
+AUTHORITY_KEYID_free                    3059	1_1_0	EXIST::FUNCTION:
+EVP_seed_ofb                            3060	1_1_0	EXIST::FUNCTION:SEED
+OBJ_NAME_get                            3061	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_set                        3062	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                3063	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 3064	1_1_0	EXIST::FUNCTION:
+i2a_ASN1_INTEGER                        3065	1_1_0	EXIST::FUNCTION:
+d2i_TS_RESP                             3066	1_1_0	EXIST::FUNCTION:TS
+EVP_des_ede_cfb64                       3067	1_1_0	EXIST::FUNCTION:DES
+d2i_RSAPrivateKey                       3068	1_1_0	EXIST::FUNCTION:RSA
+ERR_load_BN_strings                     3069	1_1_0	EXIST::FUNCTION:
+BF_encrypt                              3070	1_1_0	EXIST::FUNCTION:BF
+MD5                                     3071	1_1_0	EXIST::FUNCTION:MD5
+BN_GF2m_arr2poly                        3072	1_1_0	EXIST::FUNCTION:EC2M
+EVP_PKEY_meth_get_ctrl                  3073	1_1_0	EXIST::FUNCTION:
+i2d_X509_REQ_bio                        3074	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name             3075	1_1_0	EXIST::FUNCTION:
+d2i_RSAPublicKey_bio                    3076	1_1_0	EXIST::FUNCTION:RSA
+X509_REQ_get_X509_PUBKEY                3077	1_1_0	EXIST::FUNCTION:
+ENGINE_load_private_key                 3078	1_1_0	EXIST::FUNCTION:ENGINE
+GENERAL_NAMES_new                       3079	1_1_0	EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      3080	1_1_0	EXIST::FUNCTION:
+EC_GF2m_simple_method                   3081	1_1_0	EXIST::FUNCTION:EC,EC2M
+RSA_get_method                          3082	1_1_0	EXIST::FUNCTION:RSA
+d2i_ASRange                             3083	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_ContentInfo_new                     3084	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_init_crypto                     3085	1_1_0	EXIST::FUNCTION:
+X509_TRUST_set                          3086	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_ecb                    3087	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_X509_REVOKED                        3088	1_1_0	EXIST::FUNCTION:
+d2i_IPAddressOrRange                    3089	1_1_0	EXIST::FUNCTION:RFC3779
+TS_TST_INFO_set_version                 3090	1_1_0	EXIST::FUNCTION:TS
+PKCS12_get0_mac                         3091	1_1_0	EXIST::FUNCTION:
+EVP_EncodeInit                          3092	1_1_0	EXIST::FUNCTION:
+X509_get0_trust_objects                 3093	1_1_0	EXIST::FUNCTION:
+d2i_ECPrivateKey_bio                    3094	1_1_0	EXIST::FUNCTION:EC
+BIO_s_secmem                            3095	1_1_0	EXIST::FUNCTION:
+ENGINE_get_default_EC                   3096	1_1_0	EXIST::FUNCTION:ENGINE
+TS_RESP_create_response                 3097	1_1_0	EXIST::FUNCTION:TS
+BIO_ADDR_rawaddress                     3098	1_1_0	EXIST::FUNCTION:SOCK
+PKCS7_ENCRYPT_new                       3099	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  3100	1_1_0	EXIST::FUNCTION:STDIO
+SRP_user_pwd_free                       3101	1_1_0	EXIST::FUNCTION:SRP
+Camellia_encrypt                        3102	1_1_0	EXIST::FUNCTION:CAMELLIA
+BIO_ADDR_hostname_string                3103	1_1_0	EXIST::FUNCTION:SOCK
+USERNOTICE_new                          3104	1_1_0	EXIST::FUNCTION:
+POLICY_MAPPING_new                      3105	1_1_0	EXIST::FUNCTION:
+CRYPTO_gcm128_release                   3106	1_1_0	EXIST::FUNCTION:
+BIO_new                                 3107	1_1_0	EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       3108	1_1_0	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   3109	1_1_0	EXIST::FUNCTION:
+PEM_read_DSA_PUBKEY                     3110	1_1_0	EXIST::FUNCTION:DSA,STDIO
+X509_get0_subject_key_id                3111	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     3112	1_1_0	EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   3113	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_free                       3114	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_ocb128_aad                       3115	1_1_0	EXIST::FUNCTION:OCB
+OPENSSL_sk_deep_copy                    3116	1_1_0	EXIST::FUNCTION:
+i2d_RSA_PSS_PARAMS                      3117	1_1_0	EXIST::FUNCTION:RSA
+EVP_aes_128_wrap_pad                    3118	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     3119	1_1_0	EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  3120	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_type_2          3121	1_1_0	EXIST::FUNCTION:RSA
+EVP_des_ede3_ecb                        3122	1_1_0	EXIST::FUNCTION:DES
+CBIGNUM_it                              3123	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              3123	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BIO_new_NDEF                            3124	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_wrap                        3125	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_print                       3126	1_1_0	EXIST::FUNCTION:
+CRYPTO_THREAD_lock_free                 3127	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 3128	1_1_0	EXIST::FUNCTION:TS
+BN_options                              3129	1_1_0	EXIST::FUNCTION:
+BIO_debug_callback                      3130	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_get_update                  3131	1_1_0	EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             3132	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 3133	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_ccm                         3134	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  3135	1_1_0	EXIST::FUNCTION:
+CONF_load_fp                            3136	1_1_0	EXIST::FUNCTION:STDIO
+BN_to_ASN1_ENUMERATED                   3137	1_1_0	EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  3138	1_1_0	EXIST::FUNCTION:
+TXT_DB_free                             3139	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_set                         3140	1_1_0	EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         3141	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_meth_set_derive                3142	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_stats                        3143	1_1_0	EXIST::FUNCTION:STDIO
+NCONF_dump_fp                           3144	1_1_0	EXIST::FUNCTION:STDIO
+TS_STATUS_INFO_print_bio                3145	1_1_0	EXIST::FUNCTION:TS
+OPENSSL_sk_dup                          3146	1_1_0	EXIST::FUNCTION:
+BF_cfb64_encrypt                        3147	1_1_0	EXIST::FUNCTION:BF
+ASN1_GENERALIZEDTIME_adj                3148	1_1_0	EXIST::FUNCTION:
+ECDSA_verify                            3149	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_256_cfb128                 3150	1_1_0	EXIST::FUNCTION:CAMELLIA
+CMAC_Init                               3151	1_1_0	EXIST::FUNCTION:CMAC
+OCSP_basic_add1_status                  3152	1_1_0	EXIST::FUNCTION:OCSP
+X509_CRL_get0_by_cert                   3153	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     3154	1_1_0	EXIST::FUNCTION:TS
+i2d_ASN1_GENERALIZEDTIME                3155	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                3156	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 3157	1_1_0	EXIST::FUNCTION:
+CRYPTO_ccm128_init                      3158	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time              3159	1_1_0	EXIST::FUNCTION:
+BN_reciprocal                           3160	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 3161	1_1_0	EXIST::FUNCTION:
+X509_NAME_digest                        3162	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     3163	1_1_0	EXIST::FUNCTION:OCSP
+GENERAL_NAME_print                      3164	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_get0_values          3165	1_1_0	EXIST::FUNCTION:CMS
+a2i_ASN1_INTEGER                        3166	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_bio                        3167	1_1_0	EXIST::FUNCTION:OCSP
+PKCS12_SAFEBAG_create_crl               3168	1_1_0	EXIST::FUNCTION:
+d2i_X509_NAME                           3169	1_1_0	EXIST::FUNCTION:
+IDEA_cfb64_encrypt                      3170	1_1_0	EXIST::FUNCTION:IDEA
+BN_mod_sub                              3171	1_1_0	EXIST::FUNCTION:
+ASN1_NULL_new                           3172	1_1_0	EXIST::FUNCTION:
+HMAC_Init                               3173	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+EVP_MD_CTX_update_fn                    3174	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ecb                         3175	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    3176	1_1_0	EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3178	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_enc_flags                    3179	1_1_0	EXIST::FUNCTION:EC
+i2d_PUBKEY_fp                           3180	1_1_0	EXIST::FUNCTION:STDIO
+b2i_PrivateKey_bio                      3181	1_1_0	EXIST::FUNCTION:DSA
+OCSP_REQUEST_add_ext                    3182	1_1_0	EXIST::FUNCTION:OCSP
+SXNET_add_id_INTEGER                    3183	1_1_0	EXIST::FUNCTION:
+CTLOG_get0_public_key                   3184	1_1_0	EXIST::FUNCTION:CT
+OCSP_REQUEST_get_ext_by_OBJ             3185	1_1_0	EXIST::FUNCTION:OCSP
+X509_NAME_oneline                       3186	1_1_0	EXIST::FUNCTION:
+X509V3_set_nconf                        3187	1_1_0	EXIST::FUNCTION:
+RSAPrivateKey_dup                       3188	1_1_0	EXIST::FUNCTION:RSA
+BN_mod_add                              3189	1_1_0	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     3190	1_1_0	EXIST::FUNCTION:EC
+X509_get_default_cert_file              3191	1_1_0	EXIST::FUNCTION:
+UI_method_set_flusher                   3192	1_1_0	EXIST::FUNCTION:UI
+RSA_new_method                          3193	1_1_0	EXIST::FUNCTION:RSA
+OCSP_request_verify                     3194	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_THREAD_run_once                  3195	1_1_0	EXIST::FUNCTION:
+TS_REQ_print_bio                        3196	1_1_0	EXIST::FUNCTION:TS
+SCT_get_version                         3197	1_1_0	EXIST::FUNCTION:CT
+IDEA_set_encrypt_key                    3198	1_1_0	EXIST::FUNCTION:IDEA
+ENGINE_get_DH                           3199	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_ASIdentifierChoice                  3200	1_1_0	EXIST::FUNCTION:RFC3779
+SRP_Calc_A                              3201	1_1_0	EXIST::FUNCTION:SRP
+OCSP_BASICRESP_add_ext                  3202	1_1_0	EXIST::FUNCTION:OCSP
+EVP_idea_cfb64                          3203	1_1_0	EXIST::FUNCTION:IDEA
+PKCS12_newpass                          3204	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha256             3205	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  3206	1_1_0	EXIST::FUNCTION:TS
+X509_CRL_get_REVOKED                    3207	1_1_0	EXIST::FUNCTION:
+X509_issuer_name_hash_old               3208	1_1_0	EXIST::FUNCTION:MD5
+i2d_PKCS12_SAFEBAG                      3209	1_1_0	EXIST::FUNCTION:
+BN_rand_range                           3210	1_1_0	EXIST::FUNCTION:
+SMIME_write_ASN1                        3211	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_new                      3212	1_1_0	EXIST::FUNCTION:
+MD4_Final                               3213	1_1_0	EXIST::FUNCTION:MD4
+EVP_PKEY_id                             3214	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_get0_pkey_ctx         3215	1_1_0	EXIST::FUNCTION:CMS
+OCSP_REQINFO_free                       3216	1_1_0	EXIST::FUNCTION:OCSP
+AUTHORITY_KEYID_new                     3217	1_1_0	EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     3218	1_1_0	EXIST::FUNCTION:
+OpenSSL_version_num                     3219	1_1_0	EXIST::FUNCTION:
+OCSP_CERTID_free                        3220	1_1_0	EXIST::FUNCTION:OCSP
+BIO_hex_string                          3221	1_1_0	EXIST::FUNCTION:
+X509_REQ_sign_ctx                       3222	1_1_0	EXIST::FUNCTION:
+CRYPTO_ocb128_init                      3223	1_1_0	EXIST::FUNCTION:OCB
+EVP_PKEY_get1_EC_KEY                    3224	1_1_0	EXIST::FUNCTION:EC
+ASN1_PRINTABLESTRING_free               3225	1_1_0	EXIST::FUNCTION:
+BIO_get_retry_reason                    3226	1_1_0	EXIST::FUNCTION:
+X509_NAME_print                         3227	1_1_0	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 3228	1_1_0	EXIST::FUNCTION:
+BN_nist_mod_384                         3229	1_1_0	EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3230	1_1_0	EXIST::FUNCTION:EC,STDIO
+ENGINE_set_default_pkey_meths           3231	1_1_0	EXIST::FUNCTION:ENGINE
+DH_bits                                 3232	1_1_0	EXIST::FUNCTION:DH
+i2d_X509_ALGORS                         3233	1_1_0	EXIST::FUNCTION:
+EVP_camellia_192_cfb1                   3234	1_1_0	EXIST::FUNCTION:CAMELLIA
+TS_RESP_CTX_add_failure_info            3235	1_1_0	EXIST::FUNCTION:TS
+EVP_PBE_alg_add                         3236	1_1_0	EXIST::FUNCTION:
+ESS_CERT_ID_dup                         3237	1_1_0	EXIST::FUNCTION:TS
+CMS_SignerInfo_get0_signature           3238	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_verify_recover                 3239	1_1_0	EXIST::FUNCTION:
+i2d_PUBKEY                              3240	1_1_0	EXIST::FUNCTION:
+ERR_load_EVP_strings                    3241	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                3242	1_1_0	EXIST::FUNCTION:
+d2i_X509_fp                             3243	1_1_0	EXIST::FUNCTION:STDIO
+MD2_Init                                3244	1_1_0	EXIST::FUNCTION:MD2
+ERR_get_error_line                      3245	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 3246	1_1_0	EXIST::FUNCTION:
+OPENSSL_INIT_free                       3247	1_1_0	EXIST::FUNCTION:
+PBE2PARAM_free                          3248	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ecb                         3249	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_new                   3250	1_1_0	EXIST::FUNCTION:
+CMS_set1_eContentType                   3251	1_1_0	EXIST::FUNCTION:CMS
+EVP_des_ede3_wrap                       3252	1_1_0	EXIST::FUNCTION:DES
+GENERAL_SUBTREE_it                      3253	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3253	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_read_pw_string_min                  3254	1_1_0	EXIST::FUNCTION:UI
+X509_set1_notBefore                     3255	1_1_0	EXIST::FUNCTION:
+MD4                                     3256	1_1_0	EXIST::FUNCTION:MD4
+EVP_PKEY_CTX_dup                        3257	1_1_0	EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev              3258	1_1_0	EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
+PEM_read_bio_DHparams                   3259	1_1_0	EXIST::FUNCTION:DH
+CMS_SharedInfo_encode                   3260	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OBJECT_create                      3261	1_1_0	EXIST::FUNCTION:
+i2d_ECParameters                        3262	1_1_0	EXIST::FUNCTION:EC
+BN_GF2m_mod_arr                         3263	1_1_0	EXIST::FUNCTION:EC2M
+ENGINE_set_finish_function              3264	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ASN1_OCTET_STRING                   3265	1_1_0	EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         3266	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_vprintf                             3267	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_decrypt               3268	1_1_0	EXIST::FUNCTION:CMS
+RSA_generate_key                        3269	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
+PKCS7_set0_type_other                   3270	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_new                        3271	1_1_0	EXIST::FUNCTION:OCSP
+BIO_lookup                              3272	1_1_0	EXIST::FUNCTION:SOCK
+EC_GROUP_get0_cofactor                  3273	1_1_0	EXIST::FUNCTION:EC
+SCT_print                               3275	1_1_0	EXIST::FUNCTION:CT
+X509_PUBKEY_set                         3276	1_1_0	EXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3277	1_1_0	EXIST::FUNCTION:
+EVP_aes_256_cfb8                        3278	1_1_0	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      3279	1_1_0	EXIST::FUNCTION:DSA
+X509_NAME_get_text_by_OBJ               3280	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_none                  3281	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_set_mem_debug                    3282	1_1_0	EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      3283	1_1_0	EXIST::FUNCTION:TS
+OCSP_cert_id_new                        3284	1_1_0	EXIST::FUNCTION:OCSP
+GENERAL_SUBTREE_new                     3285	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_push                         3286	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        3287	1_1_0	EXIST::FUNCTION:
+SRP_check_known_gN_param                3288	1_1_0	EXIST::FUNCTION:SRP
+d2i_DIST_POINT                          3289	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       3290	1_1_0	EXIST::FUNCTION:
+PBEPARAM_free                           3291	1_1_0	EXIST::FUNCTION:
+NETSCAPE_SPKI_set_pubkey                3292	1_1_0	EXIST::FUNCTION:
+EVP_sha512                              3293	1_1_0	EXIST::FUNCTION:
+X509_CRL_match                          3294	1_1_0	EXIST::FUNCTION:
+i2s_ASN1_IA5STRING                      3295	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_default_method               3296	1_1_0	EXIST::FUNCTION:EC
+PKCS8_decrypt                           3297	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_data                   3298	1_1_0	EXIST::FUNCTION:
+POLICYQUALINFO_it                       3299	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       3299	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            3300	1_1_0	EXIST::FUNCTION:
+DSA_SIG_free                            3301	1_1_0	EXIST::FUNCTION:DSA
+BIO_asn1_set_suffix                     3302	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   3303	1_1_0	EXIST::FUNCTION:
+i2d_X509_SIG                            3304	1_1_0	EXIST::FUNCTION:
+OPENSSL_LH_strhash                      3305	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                3306	1_1_0	EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  3307	1_1_0	EXIST::FUNCTION:TS
+EVP_DigestFinal_ex                      3308	1_1_0	EXIST::FUNCTION:
+X509_get0_pubkey                        3309	1_1_0	EXIST::FUNCTION:
+X509_check_ip                           3310	1_1_0	EXIST::FUNCTION:
+PKCS7_get_signed_attribute              3311	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               3312	1_1_0	EXIST::FUNCTION:
+COMP_compress_block                     3313	1_1_0	EXIST::FUNCTION:COMP
+ASN1_STRING_dup                         3314	1_1_0	EXIST::FUNCTION:
+X509_LOOKUP_free                        3315	1_1_0	EXIST::FUNCTION:
+EC_GROUP_cmp                            3316	1_1_0	EXIST::FUNCTION:EC
+TS_TST_INFO_get_ext_by_critical         3317	1_1_0	EXIST::FUNCTION:TS
+ECParameters_print_fp                   3318	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_REQ_sign                           3319	1_1_0	EXIST::FUNCTION:
+CRYPTO_xts128_encrypt                   3320	1_1_0	EXIST::FUNCTION:
+PEM_def_callback                        3321	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             3322	1_1_0	EXIST::FUNCTION:
+X509_policy_tree_level_count            3323	1_1_0	EXIST::FUNCTION:
+OBJ_sn2nid                              3324	1_1_0	EXIST::FUNCTION:
+CTLOG_free                              3325	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_dup                     3326	1_1_0	EXIST::FUNCTION:
+CMS_get1_crls                           3327	1_1_0	EXIST::FUNCTION:CMS
+X509_aux_print                          3328	1_1_0	EXIST::FUNCTION:
+OPENSSL_thread_stop                     3330	1_1_0	EXIST::FUNCTION:
+X509_policy_node_get0_parent            3331	1_1_0	EXIST::FUNCTION:
+X509_PKEY_free                          3332	1_1_0	EXIST::FUNCTION:
+OCSP_CRLID_new                          3333	1_1_0	EXIST::FUNCTION:OCSP
+CONF_dump_bio                           3334	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  3335	1_1_0	EXIST::FUNCTION:STDIO
+RSA_setup_blinding                      3336	1_1_0	EXIST::FUNCTION:RSA
+ERR_peek_error_line                     3337	1_1_0	EXIST::FUNCTION:
+d2i_PKCS7                               3338	1_1_0	EXIST::FUNCTION:
+ERR_reason_error_string                 3339	1_1_0	EXIST::FUNCTION:
+ERR_remove_thread_state                 3340	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+PEM_write_PrivateKey                    3341	1_1_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_CTX_str2ctrl                   3342	1_1_0	EXIST::FUNCTION:
+CMS_SignerInfo_verify_content           3343	1_1_0	EXIST::FUNCTION:CMS
+ASN1_INTEGER_get_int64                  3344	1_1_0	EXIST::FUNCTION:
+ASN1_item_sign                          3345	1_1_0	EXIST::FUNCTION:
+OCSP_SERVICELOC_new                     3346	1_1_0	EXIST::FUNCTION:OCSP
+ASN1_VISIBLESTRING_new                  3347	1_1_0	EXIST::FUNCTION:
+BN_set_flags                            3348	1_1_0	EXIST::FUNCTION:
+d2i_PrivateKey_bio                      3349	1_1_0	EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    3350	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    3350	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_UTCTIME_adj                        3351	1_1_0	EXIST::FUNCTION:
+BN_mod_sqrt                             3352	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_is_sorted                    3353	1_1_0	EXIST::FUNCTION:
+OCSP_SIGNATURE_new                      3354	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_meth_get_paramgen              3355	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            3356	1_1_0	EXIST::FUNCTION:
+RSA_generate_key_ex                     3357	1_1_0	EXIST::FUNCTION:RSA
+CMS_SignerInfo_get0_algs                3358	1_1_0	EXIST::FUNCTION:CMS
+DIST_POINT_free                         3359	1_1_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   3360	1_1_0	EXIST::FUNCTION:TS
+SCT_new_from_base64                     3361	1_1_0	EXIST::FUNCTION:CT
+OpenSSL_version                         3362	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_OBJ          3363	1_1_0	EXIST::FUNCTION:OCSP
+ECDSA_SIG_get0                          3364	1_1_0	EXIST::FUNCTION:EC
+BN_set_word                             3365	1_1_0	EXIST::FUNCTION:
+ENGINE_set_flags                        3366	1_1_0	EXIST::FUNCTION:ENGINE
+DSA_OpenSSL                             3367	1_1_0	EXIST::FUNCTION:DSA
+CMS_RecipientInfo_kari_get0_alg         3368	1_1_0	EXIST::FUNCTION:CMS
+PKCS7_ENVELOPE_new                      3369	1_1_0	EXIST::FUNCTION:
+EDIPARTYNAME_new                        3370	1_1_0	EXIST::FUNCTION:
+CMS_add1_cert                           3371	1_1_0	EXIST::FUNCTION:CMS
+DSO_convert_filename                    3372	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_SSLv23                3373	1_1_0	EXIST::FUNCTION:RSA
+CRYPTO_gcm128_finish                    3374	1_1_0	EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      3375	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      3375	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_PBE_add                          3376	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_public_key_affine_coordinates 3377	1_1_0	EXIST::FUNCTION:EC
+EVP_EncryptInit_ex                      3378	1_1_0	EXIST::FUNCTION:
+ENGINE_add                              3379	1_1_0	EXIST::FUNCTION:ENGINE
+OPENSSL_LH_error                        3380	1_1_0	EXIST::FUNCTION:
+PKCS7_DIGEST_it                         3381	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3381	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_new                           3382	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    3383	1_1_0	EXIST::FUNCTION:
+EVP_aes_192_ocb                         3384	1_1_0	EXIST::FUNCTION:OCB
+EVP_camellia_256_cfb1                   3385	1_1_0	EXIST::FUNCTION:CAMELLIA
+CRYPTO_secure_actual_size               3387	1_1_0	EXIST::FUNCTION:
+COMP_CTX_free                           3388	1_1_0	EXIST::FUNCTION:COMP
+i2d_PBE2PARAM                           3389	1_1_0	EXIST::FUNCTION:
+EC_POINT_make_affine                    3390	1_1_0	EXIST::FUNCTION:EC
+DSA_generate_parameters                 3391	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA
+ASN1_BIT_STRING_num_asc                 3392	1_1_0	EXIST::FUNCTION:
+X509_INFO_free                          3394	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_fp              3395	1_1_0	EXIST::FUNCTION:STDIO
+X509_OBJECT_retrieve_match              3396	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_ctr                         3397	1_1_0	EXIST::FUNCTION:
+EVP_PBE_find                            3398	1_1_0	EXIST::FUNCTION:
+SHA512_Transform                        3399	1_1_0	EXIST::FUNCTION:
+ERR_add_error_vdata                     3400	1_1_0	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    3401	1_1_0	EXIST::FUNCTION:OCSP
+NETSCAPE_SPKAC_new                      3402	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_verify                3403	1_1_0	EXIST::FUNCTION:
+CRYPTO_128_wrap                         3404	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_lookup_crls              3405	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_meth_get_ctrl                3406	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   3407	1_1_0	EXIST::FUNCTION:OCSP
+CONF_imodule_get_usr_data               3408	1_1_0	EXIST::FUNCTION:
+CRYPTO_new_ex_data                      3409	1_1_0	EXIST::FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            3410	1_1_0	EXIST::FUNCTION:STDIO
+TS_VERIFY_CTX_new                       3411	1_1_0	EXIST::FUNCTION:TS
+BUF_MEM_new_ex                          3412	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_X931                    3413	1_1_0	EXIST::FUNCTION:RSA
+BN_get0_nist_prime_256                  3414	1_1_0	EXIST::FUNCTION:
+CRYPTO_memcmp                           3415	1_1_0	EXIST::FUNCTION:
+DH_check_pub_key                        3416	1_1_0	EXIST::FUNCTION:DH
+ASN1_mbstring_copy                      3417	1_1_0	EXIST::FUNCTION:
+PKCS7_set_type                          3418	1_1_0	EXIST::FUNCTION:
+BIO_gets                                3419	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_PKCS1_type_1          3420	1_1_0	EXIST::FUNCTION:RSA
+UI_ctrl                                 3421	1_1_0	EXIST::FUNCTION:UI
+i2d_X509_REQ_fp                         3422	1_1_0	EXIST::FUNCTION:STDIO
+BN_BLINDING_convert_ex                  3423	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              3424	1_1_0	EXIST::FUNCTION:
+BIO_s_null                              3425	1_1_0	EXIST::FUNCTION:
+PEM_ASN1_read                           3426	1_1_0	EXIST::FUNCTION:STDIO
+SCT_get_log_entry_type                  3427	1_1_0	EXIST::FUNCTION:CT
+EVP_CIPHER_meth_get_init                3428	1_1_0	EXIST::FUNCTION:
+X509_ALGOR_free                         3429	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_count           3430	1_1_0	EXIST::FUNCTION:OCSP
+EC_POINT_free                           3431	1_1_0	EXIST::FUNCTION:EC
+EVP_OpenFinal                           3432	1_1_0	EXIST::FUNCTION:RSA
+RAND_egd_bytes                          3433	1_1_0	EXIST::FUNCTION:EGD
+UI_method_get_writer                    3434	1_1_0	EXIST::FUNCTION:UI
+BN_secure_new                           3435	1_1_0	EXIST::FUNCTION:
+SHA1_Update                             3437	1_1_0	EXIST::FUNCTION:
+BIO_s_connect                           3438	1_1_0	EXIST::FUNCTION:SOCK
+EVP_MD_meth_get_init                    3439	1_1_0	EXIST::FUNCTION:
+ASN1_BIT_STRING_free                    3440	1_1_0	EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION           3441	1_1_0	EXIST::FUNCTION:
+ASN1_IA5STRING_new                      3442	1_1_0	EXIST::FUNCTION:
+X509_CRL_up_ref                         3443	1_1_0	EXIST::FUNCTION:
+EVP_EncodeFinal                         3444	1_1_0	EXIST::FUNCTION:
+X509_set_ex_data                        3445	1_1_0	EXIST::FUNCTION:
+ERR_get_next_error_library              3446	1_1_0	EXIST::FUNCTION:
+OCSP_RESPONSE_print                     3447	1_1_0	EXIST::FUNCTION:OCSP
+BN_get_rfc3526_prime_2048               3448	1_1_0	EXIST::FUNCTION:
+BIO_new_bio_pair                        3449	1_1_0	EXIST::FUNCTION:
+EC_GFp_nistp256_method                  3450	1_1_0	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+BIO_method_type                         3451	1_1_0	EXIST::FUNCTION:
+ECPKParameters_print                    3452	1_1_0	EXIST::FUNCTION:EC
+EVP_rc4                                 3453	1_1_0	EXIST::FUNCTION:RC4
+CMS_data_create                         3454	1_1_0	EXIST::FUNCTION:CMS
+EC_POINT_point2bn                       3455	1_1_0	EXIST::FUNCTION:EC
+CMS_unsigned_get0_data_by_OBJ           3456	1_1_0	EXIST::FUNCTION:CMS
+ASN1_OCTET_STRING_cmp                   3457	1_1_0	EXIST::FUNCTION:
+X509_NAME_print_ex                      3458	1_1_0	EXIST::FUNCTION:
+ASN1_parse                              3459	1_1_0	EXIST::FUNCTION:
+EC_KEY_priv2oct                         3460	1_1_0	EXIST::FUNCTION:EC
+PKCS7_simple_smimecap                   3461	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           3462	1_1_0	EXIST::FUNCTION:
+BIO_number_written                      3463	1_1_0	EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             3464	1_1_0	EXIST::FUNCTION:TS
+CRYPTO_get_ex_data                      3465	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_get0_sname                 3466	1_1_0	EXIST::FUNCTION:
+RSA_verify_PKCS1_PSS                    3467	1_1_0	EXIST::FUNCTION:RSA
+HMAC_CTX_reset                          3468	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  3469	1_1_0	EXIST::FUNCTION:
+X509_REQ_extension_nid                  3470	1_1_0	EXIST::FUNCTION:
+ENGINE_up_ref                           3471	1_1_0	EXIST::FUNCTION:ENGINE
+BN_BLINDING_invert_ex                   3472	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Init                          3473	1_1_0	EXIST::FUNCTION:RMD160
+ASYNC_WAIT_CTX_get_changed_fds          3474	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_save_parameters                3475	1_1_0	EXIST::FUNCTION:
+SCT_set_source                          3476	1_1_0	EXIST::FUNCTION:CT
+DES_set_odd_parity                      3477	1_1_0	EXIST::FUNCTION:DES
+CMAC_CTX_free                           3478	1_1_0	EXIST::FUNCTION:CMAC
+d2i_ESS_ISSUER_SERIAL                   3479	1_1_0	EXIST::FUNCTION:TS
+HMAC_CTX_set_flags                      3480	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8_bio                           3481	1_1_0	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               3482	1_1_0	EXIST::FUNCTION:OCSP
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        3483	1_1_0	EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      3484	1_1_0	EXIST::FUNCTION:OCSP
+CMAC_Final                              3485	1_1_0	EXIST::FUNCTION:CMAC
+X509V3_EXT_add_alias                    3486	1_1_0	EXIST::FUNCTION:
+BN_get_params                           3487	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+PKCS5_pbkdf2_set                        3488	1_1_0	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_bio                 3489	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     3490	1_1_0	EXIST::FUNCTION:
+ENGINE_register_digests                 3491	1_1_0	EXIST::FUNCTION:ENGINE
+X509_NAME_get_text_by_NID               3492	1_1_0	EXIST::FUNCTION:
+SMIME_read_ASN1                         3493	1_1_0	EXIST::FUNCTION:
+X509_REQ_set_subject_name               3494	1_1_0	EXIST::FUNCTION:
+BN_sub_word                             3495	1_1_0	EXIST::FUNCTION:
+DSO_load                                3496	1_1_0	EXIST::FUNCTION:
+BN_mod_exp                              3497	1_1_0	EXIST::FUNCTION:
+X509_get_signature_type                 3498	1_1_0	EXIST::FUNCTION:
+BIO_ptr_ctrl                            3499	1_1_0	EXIST::FUNCTION:
+EVP_rc4_hmac_md5                        3500	1_1_0	EXIST::FUNCTION:MD5,RC4
+OPENSSL_strlcat                         3501	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3502	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_rawport                        3503	1_1_0	EXIST::FUNCTION:SOCK
+BUF_MEM_grow_clean                      3504	1_1_0	EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   3505	1_1_0	EXIST::FUNCTION:STDIO
+X509_check_host                         3506	1_1_0	EXIST::FUNCTION:
+PEM_read_ECPKParameters                 3507	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509_ATTRIBUTE_get0_data                3508	1_1_0	EXIST::FUNCTION:
+CMS_add1_signer                         3509	1_1_0	EXIST::FUNCTION:CMS
+BN_pseudo_rand                          3510	1_1_0	EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     3511	1_1_0	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      3512	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3513	1_1_0	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO_bio             3514	1_1_0	EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              3515	1_1_0	EXIST::FUNCTION:
+ENGINE_get_first                        3516	1_1_0	EXIST::FUNCTION:ENGINE
+CERTIFICATEPOLICIES_it                  3517	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  3517	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_ctrl                         3518	1_1_0	EXIST::FUNCTION:
+PKCS7_final                             3519	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_size                           3520	1_1_0	EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     3521	1_1_0	EXIST::FUNCTION:
+SCT_get_signature_nid                   3522	1_1_0	EXIST::FUNCTION:CT
+PROXY_CERT_INFO_EXTENSION_new           3523	1_1_0	EXIST::FUNCTION:
+EVP_bf_cbc                              3524	1_1_0	EXIST::FUNCTION:BF
+DSA_do_verify                           3525	1_1_0	EXIST::FUNCTION:DSA
+EC_GROUP_get_seed_len                   3526	1_1_0	EXIST::FUNCTION:EC
+EC_POINT_set_affine_coordinates_GF2m    3527	1_1_0	EXIST::FUNCTION:EC,EC2M
+TS_REQ_set_policy_id                    3528	1_1_0	EXIST::FUNCTION:TS
+BIO_callback_ctrl                       3529	1_1_0	EXIST::FUNCTION:
+v2i_GENERAL_NAME                        3530	1_1_0	EXIST::FUNCTION:
+ERR_print_errors_cb                     3531	1_1_0	EXIST::FUNCTION:
+ENGINE_set_default_string               3532	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_number_read                         3533	1_1_0	EXIST::FUNCTION:
+CRYPTO_zalloc                           3534	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 3535	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     3537	1_1_0	EXIST::FUNCTION:
+TLS_FEATURE_free                        3538	1_1_0	EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   3539	1_1_0	EXIST::FUNCTION:
+X509_CERT_AUX_new                       3540	1_1_0	EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         3541	1_1_0	EXIST::FUNCTION:ENGINE
+CRYPTO_ocb128_tag                       3542	1_1_0	EXIST::FUNCTION:OCB
+ERR_load_OBJ_strings                    3544	1_1_0	EXIST::FUNCTION:
+BIO_ctrl_get_read_request               3545	1_1_0	EXIST::FUNCTION:
+BN_from_montgomery                      3546	1_1_0	EXIST::FUNCTION:
+DSO_new                                 3547	1_1_0	EXIST::FUNCTION:
+AES_ecb_encrypt                         3548	1_1_0	EXIST::FUNCTION:
+BN_dec2bn                               3549	1_1_0	EXIST::FUNCTION:
+CMS_decrypt                             3550	1_1_0	EXIST::FUNCTION:CMS
+BN_mpi2bn                               3551	1_1_0	EXIST::FUNCTION:
+EVP_aes_128_cfb128                      3552	1_1_0	EXIST::FUNCTION:
+RC5_32_ecb_encrypt                      3554	1_1_0	EXIST::FUNCTION:RC5
+EVP_CIPHER_meth_new                     3555	1_1_0	EXIST::FUNCTION:
+i2d_RSA_OAEP_PARAMS                     3556	1_1_0	EXIST::FUNCTION:RSA
+SXNET_get_id_ulong                      3557	1_1_0	EXIST::FUNCTION:
+BIO_get_callback_arg                    3558	1_1_0	EXIST::FUNCTION:
+ENGINE_register_RSA                     3559	1_1_0	EXIST::FUNCTION:ENGINE
+i2v_GENERAL_NAMES                       3560	1_1_0	EXIST::FUNCTION:
+PKCS7_decrypt                           3562	1_1_0	EXIST::FUNCTION:
+X509_STORE_set1_param                   3563	1_1_0	EXIST::FUNCTION:
+RAND_file_name                          3564	1_1_0	EXIST::FUNCTION:
+EVP_CipherInit_ex                       3566	1_1_0	EXIST::FUNCTION:
+BIO_dgram_sctp_notification_cb          3567	1_1_0	EXIST::FUNCTION:DGRAM,SCTP
+ERR_load_RAND_strings                   3568	1_1_0	EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       3569	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       3569	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_ALGOR_it                           3570	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           3570	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_CRLID_free                         3571	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_ccm128_aad                       3572	1_1_0	EXIST::FUNCTION:
+IPAddressFamily_new                     3573	1_1_0	EXIST::FUNCTION:RFC3779
+d2i_TS_ACCURACY                         3574	1_1_0	EXIST::FUNCTION:TS
+X509_load_crl_file                      3575	1_1_0	EXIST::FUNCTION:
+SXNET_add_id_ulong                      3576	1_1_0	EXIST::FUNCTION:
+EVP_camellia_256_cbc                    3577	1_1_0	EXIST::FUNCTION:CAMELLIA
+i2d_PROXY_POLICY                        3578	1_1_0	EXIST::FUNCTION:
+X509_subject_name_hash_old              3579	1_1_0	EXIST::FUNCTION:MD5
+PEM_read_bio_DSA_PUBKEY                 3580	1_1_0	EXIST::FUNCTION:DSA
+OCSP_cert_to_id                         3581	1_1_0	EXIST::FUNCTION:OCSP
+PEM_write_DSAparams                     3582	1_1_0	EXIST::FUNCTION:DSA,STDIO
+ASN1_TIME_to_generalizedtime            3583	1_1_0	EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            3584	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_type                        3585	1_1_0	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               3586	1_1_0	EXIST::FUNCTION:
+PEM_write_RSAPublicKey                  3587	1_1_0	EXIST::FUNCTION:RSA,STDIO
+EVP_MD_meth_dup                         3588	1_1_0	EXIST::FUNCTION:
+ENGINE_unregister_ciphers               3589	1_1_0	EXIST::FUNCTION:ENGINE
+X509_issuer_and_serial_cmp              3590	1_1_0	EXIST::FUNCTION:
+OCSP_response_create                    3591	1_1_0	EXIST::FUNCTION:OCSP
+SHA224                                  3592	1_1_0	EXIST::FUNCTION:
+MD2_options                             3593	1_1_0	EXIST::FUNCTION:MD2
+X509_REQ_it                             3595	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             3595	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+RAND_bytes                              3596	1_1_0	EXIST::FUNCTION:
+PKCS7_free                              3597	1_1_0	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           3598	1_1_0	EXIST::FUNCTION:
+DES_cbc_cksum                           3599	1_1_0	EXIST::FUNCTION:DES
+UI_free                                 3600	1_1_0	EXIST::FUNCTION:UI
+BN_is_prime                             3601	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_0_9_8
+CMS_get0_signers                        3602	1_1_0	EXIST::FUNCTION:CMS
+i2d_PrivateKey_fp                       3603	1_1_0	EXIST::FUNCTION:STDIO
+OTHERNAME_cmp                           3604	1_1_0	EXIST::FUNCTION:
+SMIME_write_PKCS7                       3605	1_1_0	EXIST::FUNCTION:
+EC_KEY_set_public_key                   3606	1_1_0	EXIST::FUNCTION:EC
+d2i_X509_EXTENSION                      3607	1_1_0	EXIST::FUNCTION:
+CMS_add1_recipient_cert                 3608	1_1_0	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_get0_id         3609	1_1_0	EXIST::FUNCTION:CMS
+BN_mod_word                             3610	1_1_0	EXIST::FUNCTION:
+ASN1_PCTX_new                           3611	1_1_0	EXIST::FUNCTION:
+BN_is_prime_ex                          3612	1_1_0	EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   3613	1_1_0	EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt                   3614	1_1_0	EXIST::FUNCTION:
+CMS_unsigned_add1_attr_by_OBJ           3615	1_1_0	EXIST::FUNCTION:CMS
+PEM_write_EC_PUBKEY                     3616	1_1_0	EXIST::FUNCTION:EC,STDIO
+X509v3_asid_add_inherit                 3617	1_1_0	EXIST::FUNCTION:RFC3779
+ERR_get_error                           3618	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_signer_digest               3619	1_1_0	EXIST::FUNCTION:TS
+OBJ_new_nid                             3620	1_1_0	EXIST::FUNCTION:
+CMS_ReceiptRequest_new                  3621	1_1_0	EXIST::FUNCTION:CMS
+SRP_VBASE_get1_by_user                  3622	1_1_0	EXIST::FUNCTION:SRP
+UI_method_get_closer                    3623	1_1_0	EXIST::FUNCTION:UI
+ENGINE_get_ex_data                      3624	1_1_0	EXIST::FUNCTION:ENGINE
+BN_print_fp                             3625	1_1_0	EXIST::FUNCTION:STDIO
+MD2_Update                              3626	1_1_0	EXIST::FUNCTION:MD2
+ENGINE_free                             3628	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_X509_ATTRIBUTE                      3629	1_1_0	EXIST::FUNCTION:
+TS_RESP_free                            3630	1_1_0	EXIST::FUNCTION:TS
+PKCS5_pbe_set                           3631	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_free                        3632	1_1_0	EXIST::FUNCTION:TS
+d2i_PUBKEY                              3633	1_1_0	EXIST::FUNCTION:
+ASYNC_cleanup_thread                    3634	1_1_0	EXIST::FUNCTION:
+SHA384_Update                           3635	1_1_0	EXIST::FUNCTION:
+CRYPTO_cfb128_1_encrypt                 3636	1_1_0	EXIST::FUNCTION:
+BIO_set_cipher                          3637	1_1_0	EXIST::FUNCTION:
+PEM_read_PUBKEY                         3638	1_1_0	EXIST::FUNCTION:STDIO
+RSA_PKCS1_OpenSSL                       3639	1_1_0	EXIST::FUNCTION:RSA
+AUTHORITY_INFO_ACCESS_free              3640	1_1_0	EXIST::FUNCTION:
+SCT_get0_signature                      3641	1_1_0	EXIST::FUNCTION:CT
+DISPLAYTEXT_it                          3643	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          3643	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OPENSSL_gmtime_adj                      3644	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_dup                        3645	1_1_0	EXIST::FUNCTION:
+DSA_print                               3646	1_1_0	EXIST::FUNCTION:DSA
+X509_REQ_set_extension_nids             3647	1_1_0	EXIST::FUNCTION:
+X509_free                               3648	1_1_0	EXIST::FUNCTION:
+ERR_load_ERR_strings                    3649	1_1_0	EXIST::FUNCTION:
+ASN1_const_check_infinite_end           3650	1_1_0	EXIST::FUNCTION:
+RSA_null_method                         3651	1_1_0	EXIST::FUNCTION:RSA
+TS_REQ_ext_free                         3652	1_1_0	EXIST::FUNCTION:TS
+EVP_PKEY_meth_get_encrypt               3653	1_1_0	EXIST::FUNCTION:
+Camellia_ecb_encrypt                    3654	1_1_0	EXIST::FUNCTION:CAMELLIA
+ENGINE_set_default_RSA                  3655	1_1_0	EXIST::FUNCTION:ENGINE
+EVP_EncodeBlock                         3656	1_1_0	EXIST::FUNCTION:
+SXNETID_free                            3657	1_1_0	EXIST::FUNCTION:
+SHA1_Init                               3658	1_1_0	EXIST::FUNCTION:
+CRYPTO_atomic_add                       3659	1_1_0	EXIST::FUNCTION:
+TS_CONF_load_certs                      3660	1_1_0	EXIST::FUNCTION:TS
+PEM_write_bio_DSAPrivateKey             3661	1_1_0	EXIST::FUNCTION:DSA
+CMS_encrypt                             3662	1_1_0	EXIST::FUNCTION:CMS
+CRYPTO_nistcts128_decrypt               3663	1_1_0	EXIST::FUNCTION:
+ERR_load_DH_strings                     3664	1_1_0	EXIST::FUNCTION:DH
+EVP_MD_block_size                       3665	1_1_0	EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 3666	1_1_0	EXIST::FUNCTION:TS
+d2i_PKCS7_ENVELOPE                      3667	1_1_0	EXIST::FUNCTION:
+ESS_CERT_ID_new                         3669	1_1_0	EXIST::FUNCTION:TS
+EC_POINT_invert                         3670	1_1_0	EXIST::FUNCTION:EC
+CAST_set_key                            3671	1_1_0	EXIST::FUNCTION:CAST
+ENGINE_get_pkey_meth                    3672	1_1_0	EXIST::FUNCTION:ENGINE
+BIO_ADDRINFO_free                       3673	1_1_0	EXIST::FUNCTION:SOCK
+DES_ede3_cbc_encrypt                    3674	1_1_0	EXIST::FUNCTION:DES
+X509v3_asid_canonize                    3675	1_1_0	EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3676	1_1_0	EXIST::FUNCTION:RFC3779
+OCSP_url_svcloc_new                     3677	1_1_0	EXIST::FUNCTION:OCSP
+CRYPTO_mem_ctrl                         3678	1_1_0	EXIST::FUNCTION:
+ASN1_verify                             3679	1_1_0	EXIST::FUNCTION:
+DSA_generate_parameters_ex              3680	1_1_0	EXIST::FUNCTION:DSA
+X509_sign                               3681	1_1_0	EXIST::FUNCTION:
+SHA256_Transform                        3682	1_1_0	EXIST::FUNCTION:
+BIO_ADDR_free                           3683	1_1_0	EXIST::FUNCTION:SOCK
+ASN1_STRING_free                        3684	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit               3685	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get_curve_name                 3686	1_1_0	EXIST::FUNCTION:EC
+RSA_print                               3687	1_1_0	EXIST::FUNCTION:RSA
+i2d_ASN1_BMPSTRING                      3688	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    3689	1_1_0	EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 3690	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_ip               3691	1_1_0	EXIST::FUNCTION:
+OTHERNAME_free                          3692	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_free                   3693	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_encrypting               3694	1_1_0	EXIST::FUNCTION:
+EC_KEY_can_sign                         3695	1_1_0	EXIST::FUNCTION:EC
+PEM_write_bio_RSAPublicKey              3696	1_1_0	EXIST::FUNCTION:RSA
+X509_CRL_set1_lastUpdate                3697	1_1_0	EXIST::FUNCTION:
+OCSP_sendreq_nbio                       3698	1_1_0	EXIST::FUNCTION:OCSP
+PKCS8_encrypt                           3699	1_1_0	EXIST::FUNCTION:
+i2d_PKCS7_fp                            3700	1_1_0	EXIST::FUNCTION:STDIO
+i2d_X509_REQ                            3701	1_1_0	EXIST::FUNCTION:
+OCSP_CRLID_it                           3702	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_CRLID_it                           3702	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+PEM_ASN1_write_bio                      3703	1_1_0	EXIST::FUNCTION:
+X509_get0_reject_objects                3704	1_1_0	EXIST::FUNCTION:
+BIO_set_tcp_ndelay                      3705	1_1_0	EXIST::FUNCTION:SOCK
+CMS_add0_CertificateChoices             3706	1_1_0	EXIST::FUNCTION:CMS
+POLICYINFO_new                          3707	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 3708	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             3709	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               3710	1_1_0	EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     3711	1_1_0	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3712	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3712	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_all_digests             3713	1_1_0	EXIST::FUNCTION:ENGINE
+X509_REQ_get_version                    3714	1_1_0	EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        3715	1_1_0	EXIST::FUNCTION:
+TS_STATUS_INFO_new                      3716	1_1_0	EXIST::FUNCTION:TS
+UI_set_ex_data                          3717	1_1_0	EXIST::FUNCTION:UI
+ASN1_TIME_set                           3718	1_1_0	EXIST::FUNCTION:
+TS_RESP_verify_response                 3719	1_1_0	EXIST::FUNCTION:TS
+X509_REVOKED_get0_serialNumber          3720	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_free                  3721	1_1_0	EXIST::FUNCTION:
+ASN1_TYPE_new                           3722	1_1_0	EXIST::FUNCTION:
+CMAC_CTX_cleanup                        3723	1_1_0	EXIST::FUNCTION:CMAC
+i2d_PKCS7_NDEF                          3724	1_1_0	EXIST::FUNCTION:
+OPENSSL_sk_pop_free                     3725	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3726	1_1_0	EXIST::FUNCTION:
+DES_set_key_checked                     3727	1_1_0	EXIST::FUNCTION:DES
+EVP_PKEY_meth_free                      3728	1_1_0	EXIST::FUNCTION:
+EVP_sha224                              3729	1_1_0	EXIST::FUNCTION:
+ENGINE_set_id                           3730	1_1_0	EXIST::FUNCTION:ENGINE
+d2i_ECPrivateKey                        3731	1_1_0	EXIST::FUNCTION:EC
+CMS_signed_add1_attr_by_NID             3732	1_1_0	EXIST::FUNCTION:CMS
+i2d_DSAPrivateKey_fp                    3733	1_1_0	EXIST::FUNCTION:DSA,STDIO
+EVP_CIPHER_meth_get_set_asn1_params     3734	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              3735	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_set0_pkey        3736	1_1_0	EXIST::FUNCTION:CMS
+X509v3_addr_add_inherit                 3737	1_1_0	EXIST::FUNCTION:RFC3779
+SRP_Calc_u                              3738	1_1_0	EXIST::FUNCTION:SRP
+i2d_PKCS8PrivateKey_bio                 3739	1_1_0	EXIST::FUNCTION:
+X509_get_extension_flags                3740	1_1_0	EXIST::FUNCTION:
+X509V3_EXT_val_prn                      3741	1_1_0	EXIST::FUNCTION:
+SCT_get_validation_status               3742	1_1_0	EXIST::FUNCTION:CT
+NETSCAPE_CERT_SEQUENCE_free             3743	1_1_0	EXIST::FUNCTION:
+EVP_PBE_scrypt                          3744	1_1_0	EXIST::FUNCTION:SCRYPT
+d2i_TS_REQ_bio                          3745	1_1_0	EXIST::FUNCTION:TS
+ENGINE_set_default_ciphers              3746	1_1_0	EXIST::FUNCTION:ENGINE
+X509_get_signature_nid                  3747	1_1_0	EXIST::FUNCTION:
+DES_fcrypt                              3748	1_1_0	EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ                  3749	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_meth_get_sign                  3750	1_1_0	EXIST::FUNCTION:
+TS_REQ_get_nonce                        3751	1_1_0	EXIST::FUNCTION:TS
+ENGINE_unregister_EC                    3752	1_1_0	EXIST::FUNCTION:ENGINE
+X509v3_get_ext_count                    3753	1_1_0	EXIST::FUNCTION:
+UI_OpenSSL                              3754	1_1_0	EXIST::FUNCTION:UI
+CRYPTO_ccm128_decrypt                   3755	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_RESPDATA                       3756	1_1_0	EXIST::FUNCTION:OCSP
+BIO_set_callback                        3757	1_1_0	EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3758	1_1_0	EXIST::FUNCTION:EC2M
+CMS_unsigned_get_attr_count             3759	1_1_0	EXIST::FUNCTION:CMS
+EVP_aes_256_gcm                         3760	1_1_0	EXIST::FUNCTION:
+RSA_padding_check_X931                  3761	1_1_0	EXIST::FUNCTION:RSA
+ECDH_compute_key                        3762	1_1_0	EXIST::FUNCTION:EC
+ASN1_TIME_print                         3763	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               3764	1_1_0	EXIST::FUNCTION:
+BN_mod_lshift1                          3765	1_1_0	EXIST::FUNCTION:
+BIO_ADDRINFO_family                     3766	1_1_0	EXIST::FUNCTION:SOCK
+PEM_write_DHxparams                     3767	1_1_0	EXIST::FUNCTION:DH,STDIO
+BN_mod_exp2_mont                        3768	1_1_0	EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3769	1_1_0	EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      3771	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      3771	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_copy                         3772	1_1_0	EXIST::FUNCTION:
+ENGINE_set_ctrl_function                3773	1_1_0	EXIST::FUNCTION:ENGINE
+OCSP_id_get0_info                       3774	1_1_0	EXIST::FUNCTION:OCSP
+BIO_ADDRINFO_next                       3775	1_1_0	EXIST::FUNCTION:SOCK
+OCSP_RESPBYTES_free                     3776	1_1_0	EXIST::FUNCTION:OCSP
+EC_KEY_METHOD_set_init                  3777	1_1_0	EXIST::FUNCTION:EC
+EVP_PKEY_asn1_copy                      3778	1_1_0	EXIST::FUNCTION:
+RSA_PSS_PARAMS_it                       3779	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_PSS_PARAMS_it                       3779	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+X509_STORE_CTX_get_error_depth          3780	1_1_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         3781	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  3782	1_1_0	EXIST::FUNCTION:EC
+UI_new_method                           3783	1_1_0	EXIST::FUNCTION:UI
+Camellia_ofb128_encrypt                 3784	1_1_0	EXIST::FUNCTION:CAMELLIA
+X509_new                                3785	1_1_0	EXIST::FUNCTION:
+EC_KEY_get_conv_form                    3786	1_1_0	EXIST::FUNCTION:EC
+CTLOG_STORE_get0_log_by_id              3787	1_1_0	EXIST::FUNCTION:CT
+CMS_signed_add1_attr                    3788	1_1_0	EXIST::FUNCTION:CMS
+EVP_CIPHER_meth_set_iv_length           3789	1_1_0	EXIST::FUNCTION:
+X509v3_asid_validate_path               3790	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_RecipientInfo_set0_password         3791	1_1_0	EXIST::FUNCTION:CMS
+TS_CONF_load_cert                       3792	1_1_0	EXIST::FUNCTION:TS
+i2d_ECPKParameters                      3793	1_1_0	EXIST::FUNCTION:EC
+X509_TRUST_get0                         3794	1_1_0	EXIST::FUNCTION:
+CMS_get0_RecipientInfos                 3795	1_1_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_new                        3796	1_1_0	EXIST::FUNCTION:
+i2d_DSA_PUBKEY_bio                      3797	1_1_0	EXIST::FUNCTION:DSA
+X509_REQ_get_subject_name               3798	1_1_0	EXIST::FUNCTION:
+BN_div_word                             3799	1_1_0	EXIST::FUNCTION:
+TS_CONF_set_signer_key                  3800	1_1_0	EXIST::FUNCTION:TS
+BN_GF2m_mod_sqrt                        3801	1_1_0	EXIST::FUNCTION:EC2M
+EVP_CIPHER_nid                          3802	1_1_0	EXIST::FUNCTION:
+OBJ_txt2obj                             3803	1_1_0	EXIST::FUNCTION:
+CMS_RecipientInfo_kari_get0_orig_id     3804	1_1_0	EXIST::FUNCTION:CMS
+EVP_bf_ecb                              3805	1_1_0	EXIST::FUNCTION:BF
+v2i_GENERAL_NAME_ex                     3806	1_1_0	EXIST::FUNCTION:
+CMS_signed_delete_attr                  3807	1_1_0	EXIST::FUNCTION:CMS
+ASN1_TYPE_pack_sequence                 3808	1_1_0	EXIST::FUNCTION:
+USERNOTICE_it                           3809	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3809	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKEY_USAGE_PERIOD_it                    3810	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    3810	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mul_word                             3811	1_1_0	EXIST::FUNCTION:
+i2d_IPAddressRange                      3813	1_1_0	EXIST::FUNCTION:RFC3779
+CMS_unsigned_add1_attr_by_txt           3814	1_1_0	EXIST::FUNCTION:CMS
+d2i_RSA_PUBKEY                          3815	1_1_0	EXIST::FUNCTION:RSA
+PKCS12_gen_mac                          3816	1_1_0	EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 3817	1_1_0	EXIST::FUNCTION:ENGINE
+ERR_load_CT_strings                     3818	1_1_0	EXIST::FUNCTION:CT
+OCSP_ONEREQ_it                          3819	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_ONEREQ_it                          3819	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509_PURPOSE_get_by_sname               3820	1_1_0	EXIST::FUNCTION:
+X509_PURPOSE_set                        3821	1_1_0	EXIST::FUNCTION:
+BN_mod_inverse                          3822	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   3823	1_1_0	EXIST::FUNCTION:
+BN_bn2binpad                            3824	1_1_0	EXIST::FUNCTION:
+X509_supported_extension                3825	1_1_0	EXIST::FUNCTION:
+ECDSA_sign_setup                        3826	1_1_0	EXIST::FUNCTION:EC
+EVP_camellia_192_cfb128                 3827	1_1_0	EXIST::FUNCTION:CAMELLIA
+d2i_AUTHORITY_KEYID                     3828	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Transform                     3829	1_1_0	EXIST::FUNCTION:RMD160
+DES_random_key                          3830	1_1_0	EXIST::FUNCTION:DES
+i2d_PKCS12_MAC_DATA                     3831	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get0_EC_KEY                    3832	1_1_0	EXIST::FUNCTION:EC
+ASN1_SCTX_get_item                      3833	1_1_0	EXIST::FUNCTION:
+NOTICEREF_new                           3834	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_inv                         3835	1_1_0	EXIST::FUNCTION:EC2M
+X509_CERT_AUX_free                      3836	1_1_0	EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3837	1_1_0	EXIST::FUNCTION:EC2M
+X509_REQ_get1_email                     3838	1_1_0	EXIST::FUNCTION:
+EC_KEY_print                            3839	1_1_0	EXIST::FUNCTION:EC
+i2d_ASN1_INTEGER                        3840	1_1_0	EXIST::FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            3841	1_1_0	EXIST::FUNCTION:OCSP
+PKCS7_add_signed_attribute              3842	1_1_0	EXIST::FUNCTION:
+i2d_PrivateKey_bio                      3843	1_1_0	EXIST::FUNCTION:
+RSA_padding_add_PKCS1_type_1            3844	1_1_0	EXIST::FUNCTION:RSA
+i2d_re_X509_tbs                         3845	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_iv_length                    3846	1_1_0	EXIST::FUNCTION:
+OCSP_REQ_CTX_get0_mem_bio               3847	1_1_0	EXIST::FUNCTION:OCSP
+i2d_PKCS8PrivateKeyInfo_bio             3848	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_CERTID                         3849	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_meth_set_init                3850	1_1_0	EXIST::FUNCTION:
+RIPEMD160_Final                         3851	1_1_0	EXIST::FUNCTION:RMD160
+NETSCAPE_SPKI_free                      3852	1_1_0	EXIST::FUNCTION:
+BIO_asn1_get_prefix                     3853	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3854	1_1_0	EXIST::FUNCTION:OCSP
+EVP_PKEY_asn1_set_security_bits         3855	1_1_0	EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 3856	1_1_0	EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       3857	1_1_0	EXIST::FUNCTION:
+i2o_ECPublicKey                         3858	1_1_0	EXIST::FUNCTION:EC
+PKCS12_SAFEBAG_create0_pkcs8            3859	1_1_0	EXIST::FUNCTION:
+OBJ_get0_data                           3860	1_1_0	EXIST::FUNCTION:
+EC_GROUP_get0_seed                      3861	1_1_0	EXIST::FUNCTION:EC
+OCSP_REQUEST_it                         3862	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REQUEST_it                         3862	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+ASRange_it                              3863	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3863	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+i2d_TS_RESP                             3864	1_1_0	EXIST::FUNCTION:TS
+TS_TST_INFO_get_ext_by_OBJ              3865	1_1_0	EXIST::FUNCTION:TS
+d2i_PKCS7_RECIP_INFO                    3866	1_1_0	EXIST::FUNCTION:
+d2i_X509_CRL                            3867	1_1_0	EXIST::FUNCTION:
+ASN1_OCTET_STRING_dup                   3868	1_1_0	EXIST::FUNCTION:
+CRYPTO_nistcts128_decrypt_block         3869	1_1_0	EXIST::FUNCTION:
+CMS_stream                              3870	1_1_0	EXIST::FUNCTION:CMS
+RSA_OAEP_PARAMS_it                      3871	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_OAEP_PARAMS_it                      3871	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+BN_bn2mpi                               3872	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  3873	1_1_0	EXIST::FUNCTION:
+OCSP_onereq_get0_id                     3874	1_1_0	EXIST::FUNCTION:OCSP
+X509_get_default_cert_dir               3875	1_1_0	EXIST::FUNCTION:
+PROXY_POLICY_free                       3877	1_1_0	EXIST::FUNCTION:
+PEM_write_DSAPrivateKey                 3878	1_1_0	EXIST::FUNCTION:DSA,STDIO
+OPENSSL_sk_delete_ptr                   3879	1_1_0	EXIST::FUNCTION:
+CMS_add0_RevocationInfoChoice           3880	1_1_0	EXIST::FUNCTION:CMS
+ASN1_PCTX_get_flags                     3881	1_1_0	EXIST::FUNCTION:
+EVP_MD_meth_set_result_size             3882	1_1_0	EXIST::FUNCTION:
+i2d_X509_CRL                            3883	1_1_0	EXIST::FUNCTION:
+ASN1_INTEGER_it                         3885	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         3885	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_ACCURACY_new                         3886	1_1_0	EXIST::FUNCTION:TS
+i2d_SXNETID                             3887	1_1_0	EXIST::FUNCTION:
+BN_mod_mul_montgomery                   3888	1_1_0	EXIST::FUNCTION:
+BN_nnmod                                3889	1_1_0	EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info_cond        3890	1_1_0	EXIST::FUNCTION:TS
+PBKDF2PARAM_new                         3891	1_1_0	EXIST::FUNCTION:
+ENGINE_set_RSA                          3892	1_1_0	EXIST::FUNCTION:ENGINE
+i2d_X509_ATTRIBUTE                      3893	1_1_0	EXIST::FUNCTION:
+PKCS7_ctrl                              3894	1_1_0	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3895	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
+OCSP_REVOKEDINFO_it                     3895	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
+X509V3_set_ctx                          3896	1_1_0	EXIST::FUNCTION:
+ASN1_ENUMERATED_set_int64               3897	1_1_0	EXIST::FUNCTION:
+o2i_SCT                                 3898	1_1_0	EXIST::FUNCTION:CT
+CRL_DIST_POINTS_free                    3899	1_1_0	EXIST::FUNCTION:
+d2i_OCSP_SINGLERESP                     3900	1_1_0	EXIST::FUNCTION:OCSP
+EVP_CIPHER_CTX_num                      3901	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            3902	1_1_0	EXIST::FUNCTION:
+SHA512_Init                             3903	1_1_0	EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  3904	1_1_0	EXIST::FUNCTION:TS
+CMS_unsigned_add1_attr                  3905	1_1_0	EXIST::FUNCTION:CMS
+OPENSSL_LH_doall                        3906	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_get0_attrs                   3907	1_1_0	EXIST::FUNCTION:
+PKCS8_pkey_add1_attr_by_NID             3908	1_1_0	EXIST::FUNCTION:
+ASYNC_is_capable                        3909	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_cipher_data          3910	1_1_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_cipher_data          3911	1_1_0	EXIST::FUNCTION:
+BIO_up_ref                              3912	1_1_0	EXIST::FUNCTION:
+X509_STORE_up_ref                       3913	1_1_0	EXIST::FUNCTION:
+DSA_SIG_get0                            3914	1_1_0	EXIST::FUNCTION:DSA
+BN_BLINDING_is_current_thread           3915	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_set_current_thread          3916	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_lock                        3917	1_1_0	EXIST::FUNCTION:
+BN_BLINDING_unlock                      3918	1_1_0	EXIST::FUNCTION:
+EC_GROUP_new_from_ecpkparameters        3919	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_get_ecpkparameters             3920	1_1_0	EXIST::FUNCTION:EC
+EC_GROUP_new_from_ecparameters          3921	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_it                         3922	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPARAMETERS_it                         3922	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+ECPKPARAMETERS_it                       3923	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPKPARAMETERS_it                       3923	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+EC_GROUP_get_ecparameters               3924	1_1_0	EXIST::FUNCTION:EC
+DHparams_it                             3925	1_1_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
+DHparams_it                             3925	1_1_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
+EVP_blake2s256                          3926	1_1_0	EXIST::FUNCTION:BLAKE2
+EVP_blake2b512                          3927	1_1_0	EXIST::FUNCTION:BLAKE2
+X509_SIG_get0                           3928	1_1_0	EXIST::FUNCTION:
+BIO_meth_new                            3929	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_puts                       3930	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_ctrl                       3931	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_gets                       3932	1_1_0	EXIST::FUNCTION:
+BIO_get_data                            3933	1_1_0	EXIST::FUNCTION:
+BIO_set_init                            3934	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_puts                       3935	1_1_0	EXIST::FUNCTION:
+BIO_get_shutdown                        3936	1_1_0	EXIST::FUNCTION:
+BIO_get_init                            3937	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_ctrl                       3938	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_read                       3939	1_1_0	EXIST::FUNCTION:
+BIO_set_shutdown                        3940	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_create                     3941	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_write                      3942	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_callback_ctrl              3943	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_create                     3944	1_1_0	EXIST::FUNCTION:
+BIO_set_next                            3945	1_1_0	EXIST::FUNCTION:
+BIO_set_data                            3946	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_write                      3947	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_destroy                    3948	1_1_0	EXIST::FUNCTION:
+BIO_meth_set_gets                       3949	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_callback_ctrl              3950	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_destroy                    3951	1_1_0	EXIST::FUNCTION:
+BIO_meth_get_read                       3952	1_1_0	EXIST::FUNCTION:
+BIO_set_retry_reason                    3953	1_1_0	EXIST::FUNCTION:
+BIO_meth_free                           3954	1_1_0	EXIST::FUNCTION:
+DSA_meth_set_bn_mod_exp                 3955	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_init                       3956	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_free                           3957	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_mod_exp                    3958	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_sign                       3959	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_finish                     3960	1_1_0	EXIST::FUNCTION:DSA
+DSA_set_flags                           3961	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_pqg                            3962	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get0_app_data                  3963	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_keygen                     3964	1_1_0	EXIST::FUNCTION:DSA
+DSA_clear_flags                         3965	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get0_name                      3966	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_paramgen                   3967	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_sign                       3968	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_paramgen                   3969	1_1_0	EXIST::FUNCTION:DSA
+DSA_test_flags                          3970	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set0_app_data                  3971	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set1_name                      3972	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_key                            3973	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_mod_exp                    3974	1_1_0	EXIST::FUNCTION:DSA
+DSA_set0_pqg                            3975	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_flags                      3976	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_verify                     3977	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_verify                     3978	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_finish                     3979	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_keygen                     3980	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_dup                            3981	1_1_0	EXIST::FUNCTION:DSA
+DSA_set0_key                            3982	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_init                       3983	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_sign_setup                 3984	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_bn_mod_exp                 3985	1_1_0	EXIST::FUNCTION:DSA
+DSA_get_method                          3986	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_new                            3987	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_set_flags                      3988	1_1_0	EXIST::FUNCTION:DSA
+DSA_meth_get_sign_setup                 3989	1_1_0	EXIST::FUNCTION:DSA
+DSA_get0_engine                         3990	1_1_0	EXIST::FUNCTION:DSA
+X509_VERIFY_PARAM_set_auth_level        3991	1_1_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_auth_level        3992	1_1_0	EXIST::FUNCTION:
+X509_REQ_get0_pubkey                    3993	1_1_0	EXIST::FUNCTION:
+RSA_set0_key                            3994	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_flags                      3995	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_finish                     3996	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_priv_dec                   3997	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_sign                       3998	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_bn_mod_exp                 3999	1_1_0	EXIST::FUNCTION:RSA
+RSA_test_flags                          4000	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_new                            4001	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get0_app_data                  4002	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_dup                            4003	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set1_name                      4004	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set0_app_data                  4005	1_1_0	EXIST::FUNCTION:RSA
+RSA_set_flags                           4006	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_sign                       4007	1_1_0	EXIST::FUNCTION:RSA
+RSA_clear_flags                         4008	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_keygen                     4009	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_keygen                     4010	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_pub_dec                    4011	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_finish                     4012	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_key                            4013	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_engine                         4014	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_priv_enc                   4015	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_verify                     4016	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_factors                        4017	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get0_name                      4018	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_mod_exp                    4019	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_flags                      4020	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_pub_dec                    4021	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_bn_mod_exp                 4022	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_init                       4023	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_free                           4024	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_pub_enc                    4025	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_mod_exp                    4026	1_1_0	EXIST::FUNCTION:RSA
+RSA_set0_factors                        4027	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_pub_enc                    4028	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_priv_dec                   4029	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_verify                     4030	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_set_init                       4031	1_1_0	EXIST::FUNCTION:RSA
+RSA_meth_get_priv_enc                   4032	1_1_0	EXIST::FUNCTION:RSA
+RSA_set0_crt_params                     4037	1_1_0	EXIST::FUNCTION:RSA
+RSA_get0_crt_params                     4038	1_1_0	EXIST::FUNCTION:RSA
+DH_set0_pqg                             4039	1_1_0	EXIST::FUNCTION:DH
+DH_clear_flags                          4041	1_1_0	EXIST::FUNCTION:DH
+DH_get0_key                             4042	1_1_0	EXIST::FUNCTION:DH
+DH_get0_engine                          4043	1_1_0	EXIST::FUNCTION:DH
+DH_set0_key                             4044	1_1_0	EXIST::FUNCTION:DH
+DH_set_length                           4045	1_1_0	EXIST::FUNCTION:DH
+DH_test_flags                           4046	1_1_0	EXIST::FUNCTION:DH
+DH_get_length                           4047	1_1_0	EXIST::FUNCTION:DH
+DH_get0_pqg                             4048	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_compute_key                 4049	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set1_name                       4050	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_init                        4051	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_finish                      4052	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get0_name                       4053	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_generate_params             4054	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_compute_key                 4055	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_flags                       4056	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_generate_params             4057	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_flags                       4058	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_finish                      4059	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get0_app_data                   4060	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set0_app_data                   4061	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_init                        4062	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_bn_mod_exp                  4063	1_1_0	EXIST::FUNCTION:DH
+DH_meth_new                             4064	1_1_0	EXIST::FUNCTION:DH
+DH_meth_dup                             4065	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_bn_mod_exp                  4066	1_1_0	EXIST::FUNCTION:DH
+DH_meth_set_generate_key                4067	1_1_0	EXIST::FUNCTION:DH
+DH_meth_free                            4068	1_1_0	EXIST::FUNCTION:DH
+DH_meth_get_generate_key                4069	1_1_0	EXIST::FUNCTION:DH
+DH_set_flags                            4070	1_1_0	EXIST::FUNCTION:DH
+X509_STORE_CTX_get_obj_by_subject       4071	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_free                        4072	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get0_X509                   4073	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_untrusted           4074	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_error_depth          4075	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get0_cert                4076	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_verify               4077	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set_current_cert         4078	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_verify               4079	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_verify_cb            4080	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_verified_chain      4081	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_set0_untrusted           4082	1_1_0	EXIST::FUNCTION:
+OPENSSL_hexchar2int                     4083	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_ex_data                  4084	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_ex_data                  4085	1_1_0	EXIST::FUNCTION:
+X509_STORE_get0_objects                 4086	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_get_type                    4087	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_verify                   4088	1_1_0	EXIST::FUNCTION:
+X509_OBJECT_new                         4089	1_1_0	EXIST::FUNCTION:
+X509_STORE_get0_param                   4090	1_1_0	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey_traditional    4091	1_1_0	EXIST::FUNCTION:
+X509_get_pathlen                        4092	1_1_0	EXIST::FUNCTION:
+ECDSA_SIG_set0                          4093	1_1_0	EXIST::FUNCTION:EC
+DSA_SIG_set0                            4094	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_get0_hmac                      4095	1_1_0	EXIST::FUNCTION:
+HMAC_CTX_get_md                         4096	1_1_0	EXIST::FUNCTION:
+NAME_CONSTRAINTS_check_CN               4097	1_1_0	EXIST::FUNCTION:
+OCSP_resp_get0_id                       4098	1_1_0	EXIST::FUNCTION:OCSP
+OCSP_resp_get0_certs                    4099	1_1_0	EXIST::FUNCTION:OCSP
+X509_set_proxy_flag                     4100	1_1_0	EXIST::FUNCTION:
+EVP_ENCODE_CTX_copy                     4101	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_issued         4102	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_lookup_certs             4103	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_crl            4104	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_cleanup                  4105	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_lookup_crls              4106	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_cert_crl                 4107	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_lookup_certs             4108	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_revocation         4109	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_get_crl                  4110	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_issued             4111	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_policy         4112	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_crl                4113	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_crl                4114	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_issued             4115	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_get_issuer               4116	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_get_crl              4117	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_get_issuer               4118	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_cleanup                  4119	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_cleanup              4120	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_get_crl                  4121	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_revocation         4122	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_cert_crl             4123	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_lookup_certs         4124	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_check_policy             4125	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_get_issuer           4126	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_check_policy             4127	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_cert_crl                 4128	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_check_revocation     4129	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_verify_cb                4130	1_1_0	EXIST::FUNCTION:
+X509_STORE_CTX_get_lookup_crls          4131	1_1_0	EXIST::FUNCTION:
+X509_STORE_get_verify                   4132	1_1_0	EXIST::FUNCTION:
+X509_STORE_unlock                       4133	1_1_0	EXIST::FUNCTION:
+X509_STORE_lock                         4134	1_1_0	EXIST::FUNCTION:
+X509_set_proxy_pathlen                  4135	1_1_0	EXIST::FUNCTION:
+X509_get_proxy_pathlen                  4136	1_1_0	EXIST::FUNCTION:
+DSA_bits                                4137	1_1_0	EXIST::FUNCTION:DSA
+EVP_PKEY_set1_tls_encodedpoint          4138	1_1_0	EXIST::FUNCTION:
+EVP_PKEY_get1_tls_encodedpoint          4139	1_1_0	EXIST::FUNCTION:
+ASN1_STRING_get0_data                   4140	1_1_0	EXIST::FUNCTION:
+X509_SIG_getm                           4141	1_1_0	EXIST::FUNCTION:
+X509_get0_serialNumber                  4142	1_1_0	EXIST::FUNCTION:
+PKCS12_get_attr                         4143	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_CRL_get0_lastUpdate                4144	1_1_0	EXIST::FUNCTION:
+X509_get0_notBefore                     4145	1_1_0	EXIST::FUNCTION:
+X509_get0_notAfter                      4146	1_1_0	EXIST::FUNCTION:
+X509_CRL_get0_nextUpdate                4147	1_1_0	EXIST::FUNCTION:
+BIO_get_new_index                       4148	1_1_0	EXIST::FUNCTION:
+OPENSSL_utf82uni                        4149	1_1_0	EXIST::FUNCTION:
+PKCS12_add_friendlyname_utf8            4150	1_1_0	EXIST::FUNCTION:
+OPENSSL_uni2utf8                        4151	1_1_0	EXIST::FUNCTION:
+PKCS12_key_gen_utf8                     4152	1_1_0	EXIST::FUNCTION:
+ECPKPARAMETERS_free                     4153	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_free                       4154	1_1_0	EXIST::FUNCTION:EC
+ECPKPARAMETERS_new                      4155	1_1_0	EXIST::FUNCTION:EC
+ECPARAMETERS_new                        4156	1_1_0	EXIST::FUNCTION:EC
+OCSP_RESPID_set_by_name                 4157	1_1_0a	EXIST::FUNCTION:OCSP
+OCSP_RESPID_set_by_key                  4158	1_1_0a	EXIST::FUNCTION:OCSP
+OCSP_RESPID_match                       4159	1_1_0a	EXIST::FUNCTION:OCSP
+DSO_pathbyaddr                          4170	1_1_0c	EXIST::FUNCTION:
+DSO_dsobyaddr                           4171	1_1_0c	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_get_time             4172	1_1_0d	EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set_time             4173	1_1_0d	EXIST::FUNCTION:CT
+X509_VERIFY_PARAM_set_inh_flags         4174	1_1_0d	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_inh_flags         4175	1_1_0d	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_time              4181	1_1_0d	EXIST::FUNCTION:
+DH_check_params                         4183	1_1_0d	EXIST::FUNCTION:DH
+INT32_it                                4208	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT32_it                                4208	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT64_it                               4209	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT64_it                               4209	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT32_it                               4210	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT32_it                               4210	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT64_it                              4211	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT64_it                              4211	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+INT64_it                                4212	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT64_it                                4212	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT32_it                              4213	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT32_it                              4213	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT32_it                               4214	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT32_it                               4214	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT64_it                               4215	1_1_0f	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT64_it                               4215	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_secure_clear_free                4315	1_1_0g	EXIST::FUNCTION:
+EVP_PKEY_set1_engine                    4347	1_1_0g	EXIST::FUNCTION:ENGINE
+OCSP_resp_get0_signer                   4374	1_1_0h	EXIST::FUNCTION:OCSP
+X509_get0_authority_key_id              4448	1_1_0h	EXIST::FUNCTION:
diff --git a/openssl-1.1.0h/util/libssl.num b/openssl-1.1.0h/util/libssl.num
new file mode 100644
index 0000000..7b9b3c2
--- /dev/null
+++ b/openssl-1.1.0h/util/libssl.num
@@ -0,0 +1,407 @@
+SSL_get_selected_srtp_profile           1	1_1_0	EXIST::FUNCTION:SRTP
+SSL_set_read_ahead                      2	1_1_0	EXIST::FUNCTION:
+SSL_set_accept_state                    3	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 4	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_client_pwd_callback     5	1_1_0	EXIST::FUNCTION:SRP
+SSL_copy_session_id                     6	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_password                7	1_1_0	EXIST::FUNCTION:SRP
+SSL_shutdown                            8	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                9	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_ticket                 11	1_1_0	EXIST::FUNCTION:
+SSL_get1_supported_ciphers              12	1_1_0	EXIST::FUNCTION:
+SSL_state_string_long                   13	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_certificate                14	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 15	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_depth                    16	1_1_0	EXIST::FUNCTION:
+SSL_get0_dane                           17	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_get_get_cb                 18	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_default_passwd_cb_userdata  19	1_1_0	EXIST::FUNCTION:
+SSL_set_tmp_dh_callback                 20	1_1_0	EXIST::FUNCTION:DH
+SSL_CTX_get_verify_depth                21	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_RSAPrivateKey_file          22	1_1_0	EXIST::FUNCTION:RSA
+SSL_use_PrivateKey_file                 23	1_1_0	EXIST::FUNCTION:
+SSL_set_generate_session_id             24	1_1_0	EXIST::FUNCTION:
+SSL_get_ex_data_X509_STORE_CTX_idx      25	1_1_0	EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  26	1_1_0	EXIST::FUNCTION:
+SSL_dane_enable                         27	1_1_0	EXIST::FUNCTION:
+SSL_COMP_add_compression_method         28	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_RSAPrivateKey               29	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_sess_get_new_cb                 30	1_1_0	EXIST::FUNCTION:
+d2i_SSL_SESSION                         31	1_1_0	EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 32	1_1_0	EXIST::FUNCTION:
+PEM_write_SSL_SESSION                   33	1_1_0	EXIST::FUNCTION:STDIO
+SSL_CTX_set_session_id_context          34	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_cipher_nid               35	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_g                           36	1_1_0	EXIST::FUNCTION:SRP
+SSL_want                                37	1_1_0	EXIST::FUNCTION:
+SSL_get_cipher_list                     38	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_result                   39	1_1_0	EXIST::FUNCTION:
+SSL_renegotiate                         40	1_1_0	EXIST::FUNCTION:
+SSL_get_privatekey                      41	1_1_0	EXIST::FUNCTION:
+SSL_peek                                42	1_1_0	EXIST::FUNCTION:
+SRP_Calc_A_param                        43	1_1_0	EXIST::FUNCTION:SRP
+SSL_SESSION_get_ticket_lifetime_hint    44	1_1_0	EXIST::FUNCTION:
+SSL_SRP_CTX_free                        45	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_client_CA_list              46	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_next_proto_select_cb        47	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+BIO_ssl_copy_session_id                 48	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_security_callback           49	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd_value_type                 50	1_1_0	EXIST::FUNCTION:
+SSL_CTX_remove_session                  51	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_new                         52	1_1_0	EXIST::FUNCTION:
+TLSv1_2_server_method                   53	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+BIO_new_buffer_ssl_connect              54	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set0_security_ex_data           55	1_1_0	EXIST::FUNCTION:
+SSL_alert_desc_string                   56	1_1_0	EXIST::FUNCTION:
+SSL_get0_dane_authority                 57	1_1_0	EXIST::FUNCTION:
+SSL_set_purpose                         58	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             59	1_1_0	EXIST::FUNCTION:
+SSL_get_rfd                             60	1_1_0	EXIST::FUNCTION:
+DTLSv1_listen                           61	1_1_0	EXIST::FUNCTION:SOCK
+SSL_set_ssl_method                      62	1_1_0	EXIST::FUNCTION:
+SSL_get0_security_ex_data               63	1_1_0	EXIST::FUNCTION:
+SSLv3_client_method                     64	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_set_security_level                  65	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_method                         66	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_get_fd                              67	1_1_0	EXIST::FUNCTION:
+SSL_get1_session                        68	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey                   69	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_set_srp_cb_arg                  70	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_add_session                     71	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_N                           72	1_1_0	EXIST::FUNCTION:SRP
+SSL_has_matching_session_id             73	1_1_0	EXIST::FUNCTION:
+PEM_read_SSL_SESSION                    74	1_1_0	EXIST::FUNCTION:STDIO
+SSL_get_shared_ciphers                  75	1_1_0	EXIST::FUNCTION:
+SSL_add1_host                           76	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd_argv                       77	1_1_0	EXIST::FUNCTION:
+SSL_version                             78	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print                       79	1_1_0	EXIST::FUNCTION:
+SSL_get_client_ciphers                  80	1_1_0	EXIST::FUNCTION:
+SSL_get_srtp_profiles                   81	1_1_0	EXIST::FUNCTION:SRTP
+SSL_use_certificate_ASN1                82	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_certificate                83	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_server_method                  84	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_set_cert_cb                         85	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cookie_verify_cb            86	1_1_0	EXIST::FUNCTION:
+SSL_get_shared_sigalgs                  87	1_1_0	EXIST::FUNCTION:
+SSL_config                              88	1_1_0	EXIST::FUNCTION:
+TLSv1_1_client_method                   89	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+SSL_CIPHER_standard_name                90	1_1_0	EXIST::FUNCTION:SSL_TRACE
+SSL_CTX_get_verify_mode                 91	1_1_0	EXIST::FUNCTION:
+SSL_get_all_async_fds                   92	1_1_0	EXIST::FUNCTION:
+SSL_CTX_check_private_key               93	1_1_0	EXIST::FUNCTION:
+SSL_set_wfd                             94	1_1_0	EXIST::FUNCTION:SOCK
+SSL_get_client_CA_list                  95	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_flags                  96	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_username_callback       97	1_1_0	EXIST::FUNCTION:SRP
+SSL_connect                             98	1_1_0	EXIST::FUNCTION:
+SSL_get_psk_identity                    99	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_use_certificate_file            100	1_1_0	EXIST::FUNCTION:
+SSL_set_session_ticket_ext              101	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         102	1_1_0	EXIST::FUNCTION:PSK
+SSL_get_sigalgs                         103	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_next_protos_advertised_cb   104	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+SSL_CTX_set_trust                       105	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_verify                      106	1_1_0	EXIST::FUNCTION:
+SSL_set_rfd                             107	1_1_0	EXIST::FUNCTION:SOCK
+SSL_SESSION_set_timeout                 108	1_1_0	EXIST::FUNCTION:
+SSL_set_psk_client_callback             109	1_1_0	EXIST::FUNCTION:PSK
+SSL_get_client_random                   110	1_1_0	EXIST::FUNCTION:
+TLS_method                              111	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_clear_flags                112	1_1_0	EXIST::FUNCTION:
+TLSv1_client_method                     113	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+SSL_CIPHER_get_bits                     114	1_1_0	EXIST::FUNCTION:
+SSL_test_functions                      115	1_1_0	EXIST::FUNCTION:UNIT_TEST
+SSL_get_SSL_CTX                         116	1_1_0	EXIST::FUNCTION:
+SSL_get_session                         117	1_1_0	EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   118	1_1_0	EXIST::FUNCTION:
+SSL_get_finished                        119	1_1_0	EXIST::FUNCTION:
+SSL_add_dir_cert_subjects_to_stack      120	1_1_0	EXIST::FUNCTION:
+SSL_get_state                           121	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_finish                     122	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_server_custom_ext           123	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 124	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_username                    125	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_purpose                     126	1_1_0	EXIST::FUNCTION:
+SSL_clear                               127	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  128	1_1_0	EXIST::FUNCTION:
+TLSv1_2_method                          129	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+SSL_session_reused                      130	1_1_0	EXIST::FUNCTION:
+SSL_free                                131	1_1_0	EXIST::FUNCTION:
+BIO_ssl_shutdown                        132	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              133	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sessions                        134	1_1_0	EXIST::FUNCTION:
+SSL_get_options                         135	1_1_0	EXIST::FUNCTION:
+SSL_set_verify_depth                    136	1_1_0	EXIST::FUNCTION:
+SSL_get_error                           137	1_1_0	EXIST::FUNCTION:
+SSL_get_servername                      138	1_1_0	EXIST::FUNCTION:
+SSL_get_version                         139	1_1_0	EXIST::FUNCTION:
+SSL_state_string                        140	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 141	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_get_remove_cb              142	1_1_0	EXIST::FUNCTION:
+SSL_get_current_cipher                  143	1_1_0	EXIST::FUNCTION:
+SSL_up_ref                              144	1_1_0	EXIST::FUNCTION:
+SSL_export_keying_material              145	1_1_0	EXIST::FUNCTION:
+SSL_callback_ctrl                       146	1_1_0	EXIST::FUNCTION:
+SSL_set_security_callback               147	1_1_0	EXIST::FUNCTION:
+SSL_SRP_CTX_init                        148	1_1_0	EXIST::FUNCTION:SRP
+ERR_load_SSL_strings                    149	1_1_0	EXIST::FUNCTION:
+SSL_CTX_SRP_CTX_init                    150	1_1_0	EXIST::FUNCTION:SRP
+SSL_SESSION_set_time                    151	1_1_0	EXIST::FUNCTION:
+i2d_SSL_SESSION                         152	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_master_key              153	1_1_0	EXIST::FUNCTION:
+SSL_COMP_get_compression_methods        154	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_alpn_select_cb              155	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_tmp_dh_callback             156	1_1_0	EXIST::FUNCTION:DH
+SSL_CTX_get_default_passwd_cb           157	1_1_0	EXIST::FUNCTION:
+TLSv1_server_method                     158	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+DTLS_server_method                      159	1_1_0	EXIST::FUNCTION:
+SSL_set0_rbio                           160	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_options                     161	1_1_0	EXIST::FUNCTION:
+SSL_set_msg_callback                    162	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_free                       163	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_ssl_method                  164	1_1_0	EXIST::FUNCTION:
+SSL_get_server_random                   165	1_1_0	EXIST::FUNCTION:
+SSL_set_shutdown                        166	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   167	1_1_0	EXIST::FUNCTION:
+TLSv1_1_server_method                   168	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+PEM_write_bio_SSL_SESSION               169	1_1_0	EXIST::FUNCTION:
+SSL_write                               170	1_1_0	EXIST::FUNCTION:
+SSL_set1_host                           171	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey_file              172	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_get_info_callback               173	1_1_0	EXIST::FUNCTION:
+SSL_get0_peername                       174	1_1_0	EXIST::FUNCTION:
+SSL_set_srp_server_param                175	1_1_0	EXIST::FUNCTION:SRP
+TLS_server_method                       176	1_1_0	EXIST::FUNCTION:
+SSL_get_psk_identity_hint               177	1_1_0	EXIST::FUNCTION:PSK
+SSL_set_session                         178	1_1_0	EXIST::FUNCTION:
+SSL_get0_param                          179	1_1_0	EXIST::FUNCTION:
+SSL_set_default_passwd_cb               180	1_1_0	EXIST::FUNCTION:
+SSL_get_read_ahead                      181	1_1_0	EXIST::FUNCTION:
+SSL_dup_CA_list                         182	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_callback                 183	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           184	1_1_0	EXIST::FUNCTION:
+SSL_get_servername_type                 185	1_1_0	EXIST::FUNCTION:
+TLSv1_2_client_method                   186	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
+SSL_add_client_CA                       187	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_security_ex_data           188	1_1_0	EXIST::FUNCTION:
+SSL_get_ex_data                         189	1_1_0	EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  190	1_1_0	EXIST::FUNCTION:
+SSL_use_PrivateKey                      191	1_1_0	EXIST::FUNCTION:
+DTLSv1_client_method                    192	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_CTX_dane_mtype_set                  193	1_1_0	EXIST::FUNCTION:
+SSL_get_wfd                             194	1_1_0	EXIST::FUNCTION:
+SSL_get_ssl_method                      195	1_1_0	EXIST::FUNCTION:
+SSL_set_verify_result                   196	1_1_0	EXIST::FUNCTION:
+SSL_use_RSAPrivateKey_ASN1              197	1_1_0	EXIST::FUNCTION:RSA
+SSL_CIPHER_get_name                     198	1_1_0	EXIST::FUNCTION:
+OPENSSL_init_ssl                        199	1_1_0	EXIST::FUNCTION:
+SSL_dup                                 200	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_serverinfo                  201	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_serverinfo_file             202	1_1_0	EXIST::FUNCTION:
+SSL_set_options                         203	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_dir          204	1_1_0	EXIST::FUNCTION:
+SSL_do_handshake                        205	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     206	1_1_0	EXIST::FUNCTION:
+SSL_is_init_finished                    207	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_file         208	1_1_0	EXIST::FUNCTION:
+SSLv3_method                            209	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_CTX_set_cookie_generate_cb          210	1_1_0	EXIST::FUNCTION:
+SSL_certs_clear                         211	1_1_0	EXIST::FUNCTION:
+SSL_set_connect_state                   212	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_ex_data                     213	1_1_0	EXIST::FUNCTION:
+SSL_rstate_string                       214	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_peer                   215	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_compress_id             216	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 217	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_cb                     218	1_1_0	EXIST::FUNCTION:
+PEM_read_bio_SSL_SESSION                219	1_1_0	EXIST::FUNCTION:
+SSL_set_info_callback                   220	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_new_cb                 221	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_security_level              222	1_1_0	EXIST::FUNCTION:
+SSL_CTX_ctrl                            223	1_1_0	EXIST::FUNCTION:
+SSL_set_alpn_protos                     224	1_1_0	EXIST::FUNCTION:
+SSL_set_ex_data                         225	1_1_0	EXIST::FUNCTION:
+SSL_rstate_string_long                  226	1_1_0	EXIST::FUNCTION:
+SSL_ctrl                                227	1_1_0	EXIST::FUNCTION:
+SSL_get_current_compression             228	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_has_ticket                  229	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        230	1_1_0	EXIST::FUNCTION:
+SSL_set_session_secret_cb               231	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_client_cert_engine          232	1_1_0	EXIST::FUNCTION:ENGINE
+SSL_CTX_get0_param                      233	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set1_param                      234	1_1_0	EXIST::FUNCTION:
+SSL_get_certificate                     235	1_1_0	EXIST::FUNCTION:
+DTLSv1_server_method                    236	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_set_fd                              237	1_1_0	EXIST::FUNCTION:SOCK
+SSL_use_certificate                     238	1_1_0	EXIST::FUNCTION:
+DTLSv1_method                           239	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
+SSL_set0_wbio                           240	1_1_0	EXIST::FUNCTION:
+SSL_read                                241	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_options                     242	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 243	1_1_0	EXIST::FUNCTION:
+SSL_set_SSL_CTX                         244	1_1_0	EXIST::FUNCTION:
+SSL_renegotiate_abbreviated             245	1_1_0	EXIST::FUNCTION:
+SSL_get_verify_mode                     246	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_id                       247	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print_keylog                248	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_psk_client_callback         249	1_1_0	EXIST::FUNCTION:PSK
+SSL_SESSION_get_time                    250	1_1_0	EXIST::FUNCTION:
+SSL_set_debug                           251	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+SSL_get_security_level                  252	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_description                  253	1_1_0	EXIST::FUNCTION:
+SSL_set_default_passwd_cb_userdata      254	1_1_0	EXIST::FUNCTION:
+SSL_get_srp_userinfo                    255	1_1_0	EXIST::FUNCTION:SRP
+SSL_extension_supported                 256	1_1_0	EXIST::FUNCTION:
+SSL_dane_tlsa_add                       257	1_1_0	EXIST::FUNCTION:
+SSL_srp_server_param_with_username      258	1_1_0	EXIST::FUNCTION:SRP
+SSL_CIPHER_get_version                  259	1_1_0	EXIST::FUNCTION:
+SSL_get0_verified_chain                 260	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_find                         261	1_1_0	EXIST::FUNCTION:
+SSL_get_rbio                            262	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_ssl                    263	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_verify_depth                264	1_1_0	EXIST::FUNCTION:
+SSL_get_ciphers                         265	1_1_0	EXIST::FUNCTION:
+SSL_CTX_config                          266	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set_ssl_ctx                267	1_1_0	EXIST::FUNCTION:
+SSL_CONF_cmd                            268	1_1_0	EXIST::FUNCTION:
+SSL_add_ssl_module                      269	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             270	1_1_0	EXIST::FUNCTION:
+SSL_set1_param                          271	1_1_0	EXIST::FUNCTION:
+SSL_use_certificate_file                272	1_1_0	EXIST::FUNCTION:
+SSL_get_changed_async_fds               273	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_client_cert_cb              274	1_1_0	EXIST::FUNCTION:
+DTLS_client_method                      275	1_1_0	EXIST::FUNCTION:
+SSL_set_trust                           276	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_security_callback           277	1_1_0	EXIST::FUNCTION:
+SSL_CTX_clear_options                   278	1_1_0	EXIST::FUNCTION:
+SSL_check_chain                         279	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_remove_cb              280	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_info_callback               281	1_1_0	EXIST::FUNCTION:
+SSL_pending                             282	1_1_0	EXIST::FUNCTION:
+SSL_set_bio                             283	1_1_0	EXIST::FUNCTION:
+BIO_new_ssl_connect                     284	1_1_0	EXIST::FUNCTION:
+SSL_waiting_for_async                   285	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_strength                286	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_get_quiet_shutdown              287	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      288	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_enable                     289	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_new                        290	1_1_0	EXIST::FUNCTION:
+SSL_get0_alpn_selected                  291	1_1_0	EXIST::FUNCTION:
+SSL_get0_next_proto_negotiated          292	1_1_0	EXIST::FUNCTION:NEXTPROTONEG
+SSL_set0_security_ex_data               293	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_tlsext_use_srtp             294	1_1_0	EXIST::FUNCTION:SRTP
+SSL_COMP_set0_compression_methods       295	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_not_resumable_session_callback 296	1_1_0	EXIST::FUNCTION:
+SSL_accept                              297	1_1_0	EXIST::FUNCTION:
+SSL_use_psk_identity_hint               298	1_1_0	EXIST::FUNCTION:PSK
+SSL_trace                               299	1_1_0	EXIST::FUNCTION:SSL_TRACE
+DTLS_method                             300	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_verify_param_callback   301	1_1_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_timeout                     302	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_security_level              303	1_1_0	EXIST::FUNCTION:
+TLS_client_method                       304	1_1_0	EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  305	1_1_0	EXIST::FUNCTION:
+SSL_CTX_up_ref                          306	1_1_0	EXIST::FUNCTION:
+SSL_check_private_key                   307	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              308	1_1_0	EXIST::FUNCTION:
+SSL_select_next_proto                   309	1_1_0	EXIST::FUNCTION:
+SSL_load_client_CA_file                 310	1_1_0	EXIST::FUNCTION:
+SSL_set_srp_server_param_pw             311	1_1_0	EXIST::FUNCTION:SRP
+SSL_renegotiate_pending                 312	1_1_0	EXIST::FUNCTION:
+SSL_CTX_new                             313	1_1_0	EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           314	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_timeout                     315	1_1_0	EXIST::FUNCTION:
+SSL_use_certificate_chain_file          316	1_1_0	EXIST::FUNCTION:
+SSL_set_not_resumable_session_callback  317	1_1_0	EXIST::FUNCTION:
+SSL_CTX_SRP_CTX_free                    318	1_1_0	EXIST::FUNCTION:SRP
+SSL_get_current_expansion               319	1_1_0	EXIST::FUNCTION:
+SSL_clear_options                       320	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  321	1_1_0	EXIST::FUNCTION:
+SSL_get_info_callback                   322	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_psk_identity_hint           323	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_use_RSAPrivateKey_ASN1          324	1_1_0	EXIST::FUNCTION:RSA
+SSL_CTX_use_PrivateKey_ASN1             325	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get0_privatekey                 326	1_1_0	EXIST::FUNCTION:
+BIO_f_ssl                               327	1_1_0	EXIST::FUNCTION:
+SSLv3_server_method                     328	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
+SSL_SESSION_free                        329	1_1_0	EXIST::FUNCTION:
+SSL_get_shutdown                        330	1_1_0	EXIST::FUNCTION:
+SSL_get_peer_finished                   331	1_1_0	EXIST::FUNCTION:
+SSL_set_tlsext_use_srtp                 332	1_1_0	EXIST::FUNCTION:SRTP
+TLSv1_method                            333	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
+SSL_set_psk_server_callback             334	1_1_0	EXIST::FUNCTION:PSK
+SSL_CTX_set_alpn_protos                 335	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        336	1_1_0	EXIST::FUNCTION:
+SSL_CTX_sess_set_get_cb                 337	1_1_0	EXIST::FUNCTION:
+SSL_add_file_cert_subjects_to_stack     338	1_1_0	EXIST::FUNCTION:
+SSL_get_default_passwd_cb_userdata      339	1_1_0	EXIST::FUNCTION:
+SSL_get_security_callback               340	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_srp_username                341	1_1_0	EXIST::FUNCTION:SRP
+SSL_COMP_get_name                       342	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  343	1_1_0	EXIST::FUNCTION:
+SSL_set_verify                          344	1_1_0	EXIST::FUNCTION:
+SSL_in_before                           345	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_digest_nid               346	1_1_0	EXIST::FUNCTION:
+SSL_CTX_add_client_custom_ext           347	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate                 348	1_1_0	EXIST::FUNCTION:
+SSL_set_cipher_list                     349	1_1_0	EXIST::FUNCTION:
+SSL_get_wbio                            350	1_1_0	EXIST::FUNCTION:
+SSL_set_hostflags                       351	1_1_0	EXIST::FUNCTION:
+SSL_alert_desc_string_long              352	1_1_0	EXIST::FUNCTION:
+SSL_get_default_timeout                 353	1_1_0	EXIST::FUNCTION:
+SSL_set_session_id_context              354	1_1_0	EXIST::FUNCTION:
+SSL_new                                 355	1_1_0	EXIST::FUNCTION:
+TLSv1_1_method                          356	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
+SSL_CTX_get_cert_store                  357	1_1_0	EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           358	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_print_fp                    359	1_1_0	EXIST::FUNCTION:STDIO
+SSL_get0_dane_tlsa                      360	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_generate_session_id         361	1_1_0	EXIST::FUNCTION:
+SSL_alert_type_string_long              362	1_1_0	EXIST::FUNCTION:
+SSL_CONF_CTX_set1_prefix                363	1_1_0	EXIST::FUNCTION:
+SSL_in_init                             364	1_1_0	EXIST::FUNCTION:
+BIO_new_ssl                             365	1_1_0	EXIST::FUNCTION:
+SSL_CTX_get_client_cert_cb              366	1_1_0	EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            367	1_1_0	EXIST::FUNCTION:
+SSL_set_client_CA_list                  368	1_1_0	EXIST::FUNCTION:
+SSL_CTX_free                            369	1_1_0	EXIST::FUNCTION:
+SSL_get_default_passwd_cb               370	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_id                      371	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set1_id_context             372	1_1_0	EXIST::FUNCTION:
+SSL_is_server                           373	1_1_0	EXIST::FUNCTION:
+SSL_alert_type_string                   374	1_1_0	EXIST::FUNCTION:
+DTLSv1_2_client_method                  375	1_1_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
+SSL_CTX_set_ctlog_list_file             376	1_1_0	EXIST::FUNCTION:CT
+SSL_set_ct_validation_callback          377	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_set_default_ctlog_list_file     378	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_has_client_custom_ext           379	1_1_0	EXIST::FUNCTION:
+SSL_ct_is_enabled                       380	1_1_0	EXIST::FUNCTION:CT
+SSL_get0_peer_scts                      381	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_set_ct_validation_callback      382	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_ct_is_enabled                   383	1_1_0	EXIST::FUNCTION:CT
+SSL_set_default_read_buffer_len         384	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set_default_read_buffer_len     385	1_1_0	EXIST::FUNCTION:
+SSL_has_pending                         386	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_auth_nid                 387	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_get_kx_nid                   388	1_1_0	EXIST::FUNCTION:
+SSL_CIPHER_is_aead                      389	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_up_ref                      390	1_1_0	EXIST::FUNCTION:
+SSL_CTX_set0_ctlog_store                391	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_get0_ctlog_store                392	1_1_0	EXIST::FUNCTION:CT
+SSL_enable_ct                           393	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_enable_ct                       394	1_1_0	EXIST::FUNCTION:CT
+SSL_CTX_get_ciphers                     395	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_hostname               396	1_1_0	EXIST::FUNCTION:
+SSL_client_version                      397	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get_protocol_version        398	1_1_0	EXIST::FUNCTION:
+SSL_is_dtls                             399	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_set_flags                  400	1_1_0	EXIST::FUNCTION:
+SSL_dane_set_flags                      401	1_1_0	EXIST::FUNCTION:
+SSL_CTX_dane_clear_flags                402	1_1_0	EXIST::FUNCTION:
+SSL_dane_clear_flags                    403	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_cipher                 404	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_id_context             405	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_set1_id                     406	1_1_0	EXIST::FUNCTION:
+SSL_COMP_get_id                         412	1_1_0d	EXIST::FUNCTION:
+SSL_COMP_get0_name                      413	1_1_0d	EXIST::FUNCTION:
diff --git a/openssl-1.1.0h/util/local_shlib.com.in b/openssl-1.1.0h/util/local_shlib.com.in
new file mode 100644
index 0000000..e49aa15
--- /dev/null
+++ b/openssl-1.1.0h/util/local_shlib.com.in
@@ -0,0 +1,30 @@
+${-
+  use File::Spec::Functions qw(rel2abs);
+
+  my $bldtop = rel2abs($config{builddir});
+  our %names = ( map { $_ => $bldtop.$_.".EXE" }
+                 map { $unified_info{sharednames}->{$_} || () }
+                 @{$unified_info{libraries}} );
+  "" -}
+$       ! Create a local environment with the shared library logical names
+$       ! properly set.  Undo this with unlocal_shlib.com
+$
+$       OPENSSL_NAMES := OPENSSL_NAMES_'F$GETJPI("","PID")'
+$       CREATE/NAME_TABLE/PARENT_TABLE=LNM$PROCESS_DIRECTORY 'OPENSSL_NAMES'
+$       DEFINE/TABLE='OPENSSL_NAMES' OSSL_FLAG YES
+$
+$       NAMES := {- join(",", keys %names); -}
+{-
+  join("\n", map { "\$       __$_ = \"".$names{$_}."\"" } keys %names);
+-}      
+$       I = 0
+$       LOOP:
+$           E = F$ELEMENT(I,",",NAMES)
+$           I = I + 1
+$           IF E .EQS. "," THEN GOTO ENDLOOP
+$           EV = __'E'
+$           OLDV = F$TRNLNM(E,"LNM$PROCESS")
+$           IF OLDV .NES. "" THEN DEFINE/TABLE='OPENSSL_NAMES' 'E' 'OLDV'
+$           DEFINE 'E' 'EV'
+$           GOTO LOOP
+$       ENDLOOP:
diff --git a/openssl-1.1.0h/util/mkbuildinf.pl b/openssl-1.1.0h/util/mkbuildinf.pl
new file mode 100755
index 0000000..5bf0168
--- /dev/null
+++ b/openssl-1.1.0h/util/mkbuildinf.pl
@@ -0,0 +1,41 @@
+#! /usr/bin/env perl
+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+my ($cflags, $platform) = @ARGV;
+
+$cflags = "compiler: $cflags";
+$date = localtime();
+print <<"END_OUTPUT";
+/* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
+#define CFLAGS cflags
+/*
+ * Generate CFLAGS as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char cflags[] = {
+END_OUTPUT
+my $ctr = 0;
+foreach my $c (split //, $cflags) {
+    $c =~ s|([\\'])|\\$1|;
+    # Max 16 characters per line
+    if  (($ctr++ % 16) == 0) {
+        if ($ctr != 1) {
+            print "\n";
+        }
+        print "    ";
+    }
+    print "'$c',";
+}
+print <<"END_OUTPUT";
+'\\0'
+};
+#define PLATFORM "platform: $platform"
+#define DATE "built on: $date"
+END_OUTPUT
diff --git a/openssl-1.1.0h/util/mkcerts.sh b/openssl-1.1.0h/util/mkcerts.sh
new file mode 100755
index 0000000..e4a9892
--- /dev/null
+++ b/openssl-1.1.0h/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!/bin/sh
+
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
+
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+	-new -sha256 -newkey $CAbits \
+	-keyout pca-key.pem \
+	-out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+	echo problems generating PCA request
+	exit 1
+fi
+
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -sha256 -days 36525 \
+	-req -signkey pca-key.pem \
+	-CAcreateserial -CAserial pca-cert.srl \
+	-in pca-req.pem -out pca-cert.pem
+
+if [ $? != 0 ]; then
+	echo problems self signing PCA cert
+	exit 1
+fi
+echo
+
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+	-new -sha256 -newkey $CAbits \
+	-keyout ca-key.pem \
+	-out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+	echo problems generating CA request
+	exit 1
+fi
+
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -sha256 -days 36525 \
+	-req \
+	-CAcreateserial -CAserial pca-cert.srl \
+	-CA pca-cert.pem -CAkey pca-key.pem \
+	-in ca-req.pem -out ca-cert.pem
+
+if [ $? != 0 ]; then
+	echo problems signing CA cert
+	exit 1
+fi
+echo
+
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+	-new -sha256 -newkey 512 \
+	-keyout s512-key.pem \
+	-out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+	echo problems generating 512 bit server cert request
+	exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -sha256 -days 36525 \
+	-req \
+	-CAcreateserial -CAserial ca-cert.srl \
+	-CA ca-cert.pem -CAkey ca-key.pem \
+	-in s512-req.pem -out server.pem
+
+if [ $? != 0 ]; then
+	echo problems signing 512 bit server cert
+	exit 1
+fi
+echo
+
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+	-new -sha256 -newkey 1024 \
+	-keyout s1024key.pem \
+	-out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+	echo problems generating 1024 bit server cert request
+	exit 1
+fi
+
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -sha256 -days 36525 \
+	-req \
+	-CAcreateserial -CAserial ca-cert.srl \
+	-CA ca-cert.pem -CAkey ca-key.pem \
+	-in s1024req.pem -out server2.pem
+
+if [ $? != 0 ]; then
+	echo problems signing 1024 bit server cert
+	exit 1
+fi
+echo
+
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+	-new -sha256 -newkey 512 \
+	-keyout c512-key.pem \
+	-out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+	echo problems generating 512 bit client cert request
+	exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -sha256 -days 36525 \
+	-req \
+	-CAcreateserial -CAserial ca-cert.srl \
+	-CA ca-cert.pem -CAkey ca-key.pem \
+	-in c512-req.pem -out client.pem
+
+if [ $? != 0 ]; then
+	echo problems signing 512 bit client cert
+	exit 1
+fi
+
+echo cleanup
+
+cat pca-key.pem  >> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+
+#/bin/rm -f *key.pem *req.pem *.srl
+
+echo Finished
+
diff --git a/openssl-1.1.0h/util/mkdef.pl b/openssl-1.1.0h/util/mkdef.pl
new file mode 100755
index 0000000..66db26c
--- /dev/null
+++ b/openssl-1.1.0h/util/mkdef.pl
@@ -0,0 +1,1685 @@
+#! /usr/bin/env perl
+# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+# Intermediary files are created, call libcrypto.num and libssl.num,
+# The format of these files is:
+#
+#	routine-name	nnnn	vers	info
+#
+# The "nnnn" and "vers" fields are the numeric id and version for the symbol
+# respectively. The "info" part is actually a colon-separated string of fields
+# with the following meaning:
+#
+#	existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+
+use lib ".";
+use configdata;
+use File::Spec::Functions;
+use File::Basename;
+use FindBin;
+use lib "$FindBin::Bin/perl";
+use OpenSSL::Glob;
+
+# When building a "variant" shared library, with a custom SONAME, also customize
+# all the symbol versions.  This produces a shared object that can coexist
+# without conflict in the same address space as a default build, or an object
+# with a different variant tag.
+#
+# For example, with a target definition that includes:
+#
+#         shlib_variant => "-opt",
+#
+# we build the following objects:
+#
+# $ perl -le '
+#     for (@ARGV) {
+#         if ($l = readlink) {
+#             printf "%s -> %s\n", $_, $l
+#         } else {
+#             print
+#         }
+#     }' *.so*
+# libcrypto-opt.so.1.1
+# libcrypto.so -> libcrypto-opt.so.1.1
+# libssl-opt.so.1.1
+# libssl.so -> libssl-opt.so.1.1
+#
+# whose SONAMEs and dependencies are:
+#
+# $ for l in *.so; do
+#     echo $l
+#     readelf -d $l | egrep 'SONAME|NEEDED.*(ssl|crypto)'
+#   done
+# libcrypto.so
+#  0x000000000000000e (SONAME)             Library soname: [libcrypto-opt.so.1.1]
+# libssl.so
+#  0x0000000000000001 (NEEDED)             Shared library: [libcrypto-opt.so.1.1]
+#  0x000000000000000e (SONAME)             Library soname: [libssl-opt.so.1.1]
+#
+# We case-fold the variant tag to upper case and replace all non-alnum
+# characters with "_".  This yields the following symbol versions:
+#
+# $ nm libcrypto.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0a
+# 0000000000000000 A OPENSSL_OPT_1_1_0c
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+# 0000000000000000 A OPENSSL_OPT_1_1_0f
+# 0000000000000000 A OPENSSL_OPT_1_1_0g
+# $ nm libssl.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+#
+(my $SO_VARIANT = qq{\U$target{"shlib_variant"}}) =~ s/\W/_/g;
+
+my $debug=0;
+my $trace=0;
+my $verbose=0;
+
+my $crypto_num= catfile($config{sourcedir},"util","libcrypto.num");
+my $ssl_num=    catfile($config{sourcedir},"util","libssl.num");
+my $libname;
+
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
+
+my $VMS=0;
+my $W32=0;
+my $NT=0;
+my $UNIX=0;
+my $linux=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
+
+my @known_platforms = ( "__FreeBSD__", "PERL5",
+			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
+			);
+my @known_ossl_platforms = ( "UNIX", "VMS", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( # These are algorithms we know are guarded in relevant
+			 # header files, but aren't actually disablable.
+			 # Without these, this script will warn a lot.
+			 "RSA", "MD5",
+			 # @disablables comes from configdata.pm
+			 map { (my $x = uc $_) =~ s|-|_|g; $x; } @disablables,
+			 # Deprecated functions.  Not really algorithmss, but
+			 # treated as such here for the sake of simplicity
+			 "DEPRECATEDIN_0_9_8",
+			 "DEPRECATEDIN_1_0_0",
+			 "DEPRECATEDIN_1_1_0",
+                     );
+
+# %disabled comes from configdata.pm
+my %disabled_algorithms =
+    map { (my $x = uc $_) =~ s|-|_|g; $x => 1; } keys %disabled;
+
+my $zlib;
+
+foreach (@ARGV, split(/ /, $config{options}))
+	{
+	$debug=1 if $_ eq "debug";
+	$trace=1 if $_ eq "trace";
+	$verbose=1 if $_ eq "verbose";
+	$W32=1 if $_ eq "32";
+	die "win16 not supported" if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	}
+	if ($_ eq "linux") {
+		$linux=1;
+		$UNIX=1;
+	}
+	$VMS=1 if $_ eq "VMS";
+	if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+			 || $_ eq "enable-zlib-dynamic") {
+		$zlib = 1;
+	}
+
+	$do_ssl=1 if $_ eq "libssl";
+	if ($_ eq "ssl") {
+		$do_ssl=1; 
+		$libname=$_
+	}
+	$do_crypto=1 if $_ eq "libcrypto";
+	if ($_ eq "crypto") {
+		$do_crypto=1;
+		$libname=$_;
+	}
+	$do_update=1 if $_ eq "update";
+	$do_rewrite=1 if $_ eq "rewrite";
+	$do_ctest=1 if $_ eq "ctest";
+	$do_ctestall=1 if $_ eq "ctestall";
+	$do_checkexist=1 if $_ eq "exist";
+	if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
+		my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
+		foreach (@known_algorithms) {
+			if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
+				my $depv = sprintf "%x%02x%02x", $1, $2, $3;
+				$disabled_algorithms{$_} = 1 if $apiv ge $depv;
+			}
+		}
+	}
+	if (/^no-deprecated$/) {
+		foreach (@known_algorithms) {
+			if (/^DEPRECATEDIN_/) {
+				$disabled_algorithms{$_} = 1;
+			}
+		}
+	}
+	elsif (/^(enable|disable|no)-(.*)$/) {
+		my $alg = uc $2;
+        $alg =~ tr/-/_/;
+		if (exists $disabled_algorithms{$alg}) {
+			$disabled_algorithms{$alg} = $1 eq "enable" ? 0 : 1;
+		}
+	}
+
+	}
+
+if (!$libname) { 
+	if ($do_ssl) {
+		$libname="LIBSSL";
+	}
+	if ($do_crypto) {
+		$libname="LIBCRYPTO";
+	}
+}
+
+# If no platform is given, assume WIN32
+if ($W32 + $VMS + $linux == 0) {
+	$W32 = 1;
+}
+die "Please, only one platform at a time"
+    if ($W32 + $VMS + $linux > 1);
+
+if (!$do_ssl && !$do_crypto)
+	{
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 | linux | VMS ]\n";
+	exit(1);
+	}
+
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+my $ssl="include/openssl/ssl.h";
+$ssl.=" include/openssl/tls1.h";
+$ssl.=" include/openssl/srtp.h";
+
+# We use headers found in include/openssl and include/internal only.
+# The latter is needed so libssl.so/.dll/.exe can link properly.
+my $crypto ="include/openssl/crypto.h";
+$crypto.=" include/internal/o_dir.h";
+$crypto.=" include/internal/o_str.h";
+$crypto.=" include/internal/err.h";
+$crypto.=" include/internal/asn1t.h";
+$crypto.=" include/openssl/des.h" ; # unless $no_des;
+$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
+$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
+$crypto.=" include/openssl/rc5.h" ; # unless $no_rc5;
+$crypto.=" include/openssl/rc2.h" ; # unless $no_rc2;
+$crypto.=" include/openssl/blowfish.h" ; # unless $no_bf;
+$crypto.=" include/openssl/cast.h" ; # unless $no_cast;
+$crypto.=" include/openssl/whrlpool.h" ;
+$crypto.=" include/openssl/md2.h" ; # unless $no_md2;
+$crypto.=" include/openssl/md4.h" ; # unless $no_md4;
+$crypto.=" include/openssl/md5.h" ; # unless $no_md5;
+$crypto.=" include/openssl/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" include/openssl/sha.h" ; # unless $no_sha;
+$crypto.=" include/openssl/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" include/openssl/aes.h" ; # unless $no_aes;
+$crypto.=" include/openssl/camellia.h" ; # unless $no_camellia;
+$crypto.=" include/openssl/seed.h"; # unless $no_seed;
+
+$crypto.=" include/openssl/bn.h";
+$crypto.=" include/openssl/rsa.h" ; # unless $no_rsa;
+$crypto.=" include/openssl/dsa.h" ; # unless $no_dsa;
+$crypto.=" include/openssl/dh.h" ; # unless $no_dh;
+$crypto.=" include/openssl/ec.h" ; # unless $no_ec;
+$crypto.=" include/openssl/hmac.h" ; # unless $no_hmac;
+$crypto.=" include/openssl/cmac.h" ;
+
+$crypto.=" include/openssl/engine.h"; # unless $no_engine;
+$crypto.=" include/openssl/stack.h" ; # unless $no_stack;
+$crypto.=" include/openssl/buffer.h" ; # unless $no_buffer;
+$crypto.=" include/openssl/bio.h" ; # unless $no_bio;
+$crypto.=" include/internal/dso.h" ; # unless $no_dso;
+$crypto.=" include/openssl/lhash.h" ; # unless $no_lhash;
+$crypto.=" include/openssl/conf.h";
+$crypto.=" include/openssl/txt_db.h";
+
+$crypto.=" include/openssl/evp.h" ; # unless $no_evp;
+$crypto.=" include/openssl/objects.h";
+$crypto.=" include/openssl/pem.h";
+#$crypto.=" include/openssl/meth.h";
+$crypto.=" include/openssl/asn1.h";
+$crypto.=" include/openssl/asn1t.h";
+$crypto.=" include/openssl/err.h" ; # unless $no_err;
+$crypto.=" include/openssl/pkcs7.h";
+$crypto.=" include/openssl/pkcs12.h";
+$crypto.=" include/openssl/x509.h";
+$crypto.=" include/openssl/x509_vfy.h";
+$crypto.=" include/openssl/x509v3.h";
+$crypto.=" include/openssl/ts.h";
+$crypto.=" include/openssl/rand.h";
+$crypto.=" include/openssl/comp.h" ; # unless $no_comp;
+$crypto.=" include/openssl/ocsp.h";
+$crypto.=" include/openssl/ui.h";
+#$crypto.=" include/openssl/store.h";
+$crypto.=" include/openssl/cms.h";
+$crypto.=" include/openssl/srp.h";
+$crypto.=" include/openssl/modes.h";
+$crypto.=" include/openssl/async.h";
+$crypto.=" include/openssl/ct.h";
+$crypto.=" include/openssl/kdf.h";
+
+my $symhacks="include/openssl/symhacks.h";
+
+my @ssl_symbols = &do_defs("LIBSSL", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBCRYPTO", $crypto, $symhacks);
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+
+	&maybe_add_info("LIBSSL",*ssl_list,@ssl_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$ssl_num");
+		&rewrite_numbers(*OUT,"LIBSSL",*ssl_list,@ssl_symbols);
+	} else {
+		open(OUT, ">>$ssl_num");
+	}
+	&update_numbers(*OUT,"LIBSSL",*ssl_list,$max_ssl,@ssl_symbols);
+	close OUT;
+}
+
+if($do_crypto == 1) {
+
+	&maybe_add_info("LIBCRYPTO",*crypto_list,@crypto_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$crypto_num");
+		&rewrite_numbers(*OUT,"LIBCRYPTO",*crypto_list,@crypto_symbols);
+	} else {
+		open(OUT, ">>$crypto_num");
+	}
+	&update_numbers(*OUT,"LIBCRYPTO",*crypto_list,$max_crypto,@crypto_symbols);
+	close OUT;
+} 
+
+} elsif ($do_checkexist) {
+	&check_existing(*ssl_list, @ssl_symbols)
+		if $do_ssl == 1;
+	&check_existing(*crypto_list, @crypto_symbols)
+		if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+
+	print <<"EOF";
+
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+
+int main()
+{
+EOF
+	&print_test_file(*STDOUT,"LIBSSL",*ssl_list,$do_ctestall,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_test_file(*STDOUT,"LIBCRYPTO",*crypto_list,$do_ctestall,@crypto_symbols)
+		if $do_crypto == 1;
+
+	print "}\n";
+
+} else {
+
+	&print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
+		if $do_crypto == 1;
+
+}
+
+
+sub do_defs
+{
+	my($name,$files,$symhacksfile)=@_;
+	my $file;
+	my @ret;
+	my %syms;
+	my %platform;		# For anything undefined, we assume ""
+	my %kind;		# For anything undefined, we assume "FUNCTION"
+	my %algorithm;		# For anything undefined, we assume ""
+	my %variant;
+	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
+				# is the same name as the original.
+	my $cpp;
+	my %unknown_algorithms = ();
+	my $parens = 0;
+
+	foreach $file (split(/\s+/,$symhacksfile." ".$files))
+		{
+		my $fn = catfile($config{sourcedir},$file);
+		print STDERR "TRACE: start reading $fn\n" if $trace;
+		open(IN,"<$fn") || die "unable to open $fn:$!\n";
+		my $line = "", my $def= "";
+		my %tag = (
+			(map { $_ => 0 } @known_platforms),
+			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
+			NOPROTO		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		my $symhacking = $file eq $symhacksfile;
+		my @current_platforms = ();
+		my @current_algorithms = ();
+
+		# params: symbol, alias, platforms, kind
+		# The reason to put this subroutine in a variable is that
+		# it will otherwise create it's own, unshared, version of
+		# %tag and %variant...
+		my $make_variant = sub
+		{
+			my ($s, $a, $p, $k) = @_;
+			my ($a1, $a2);
+
+			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+			if (defined($p))
+			{
+				$a1 = join(",",$p,
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			else
+			{
+				$a1 = join(",",
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			$a2 = join(",",
+				   grep(!/^$/,
+					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+					@known_ossl_platforms));
+			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+			if ($a1 eq "") { $a1 = $a2; }
+			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+			if ($a eq $s)
+			{
+				if (!defined($variant_cnt{$s}))
+				{
+					$variant_cnt{$s} = 0;
+				}
+				$variant_cnt{$s}++;
+				$a .= "{$variant_cnt{$s}}";
+			}
+			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+			if (!grep(/^$togrep$/,
+				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+				if (defined($variant{$s})) { $variant{$s} .= ";"; }
+				$variant{$s} .= $toadd;
+			}
+			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+		};
+
+		print STDERR "DEBUG: parsing ----------\n" if $debug;
+		while(<IN>) {
+			s|\R$||; # Better chomp
+			if($parens > 0) {
+				#Inside a DEPRECATEDIN
+				$stored_multiline .= $_;
+				print STDERR "DEBUG: Continuing multiline DEPRECATEDIN: $stored_multiline\n" if $debug;
+				$parens = count_parens($stored_multiline);
+				if ($parens == 0) {
+					$def .= do_deprecated($stored_multiline,
+							\@current_platforms,
+							\@current_algorithms);
+				}
+				next;
+			}
+			if (/\/\* Error codes for the \w+ functions\. \*\//)
+				{
+				undef @tag;
+				last;
+				}
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
+			}
+
+			if (/\\$/) {
+				$line = $`; # keep what was before the backslash
+				next;
+			}
+
+			if(/\/\*/) {
+				if (not /\*\//) {	# multiline comment...
+					$line = $_;	# ... just accumulate
+					next;
+				} else {
+					s/\/\*.*?\*\///gs;# wipe it
+				}
+			}
+
+			if ($cpp) {
+				$cpp++ if /^#\s*if/;
+				$cpp-- if /^#\s*endif/;
+				next;
+			}
+			if (/^#.*ifdef.*cplusplus/) {
+				$cpp = 1;
+				next;
+			}
+
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+			if (/^\#\s*ifndef\s+(.*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=-1;
+				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+			} elsif (/^\#\s*if\s+!defined\s*\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(!defined\s*\(([^\)]+)\)(\s+\&\&\s+!defined\s*\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\&\&',$tmp_1) {
+						$tmp_ =~ /!defined\s*\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=-1;
+					}
+				} else {
+					print STDERR "Warning: $file: taking only '!defined($1)' of complicated expression: $_" if $verbose; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=-1;
+				}
+			} elsif (/^\#\s*ifdef\s+(\S*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=1;
+				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+			} elsif (/^\#\s*if\s+defined\s*\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(defined\s*\(([^\)]+)\)(\s+\|\|\s+defined\s*\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\|\|',$tmp_1) {
+						$tmp_ =~ /defined\s*\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=1;
+					}
+				} else {
+					print STDERR "Warning: $file: taking only 'defined($1)' of complicated expression: $_\n" if $verbose; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=1;
+				}
+			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+						$tag{$tag[$tag_i]}=2;
+						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+					}
+					$tag_i--;
+				}
+			} elsif (/^\#\s*endif/) {
+				my $tag_i = $#tag;
+				while($tag_i > 0 && $tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+					if ($tag{$t}==2) {
+						$tag{$t}=-1;
+					} else {
+						$tag{$t}=0;
+					}
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					pop(@tag);
+					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} else {
+						$t="";
+					}
+					if ($t ne ""
+					    && !grep(/^$t$/, @known_algorithms)) {
+						$unknown_algorithms{$t} = 1;
+						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+					}
+					$tag_i--;
+				}
+				pop(@tag);
+			} elsif (/^\#\s*else/) {
+				my $tag_i = $#tag;
+				die "$file unmatched else\n" if $tag_i < 0;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					$tag{$t}= -$tag{$t};
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					$tag_i--;
+				}
+			} elsif (/^\#\s*if\s+1/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				print STDERR "DEBUG: $file: found 1\n" if $debug;
+			} elsif (/^\#\s*if\s+0/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=-1;
+				print STDERR "DEBUG: $file: found 0\n" if $debug;
+			} elsif (/^\#\s*if\s+/) {
+				#Some other unrecognized "if" style
+				push(@tag,"-");
+				print STDERR "Warning: $file: ignoring unrecognized expression: $_\n" if $verbose; # because it is O...
+			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+				 && $symhacking && $tag{'TRUE'} != -1) {
+				# This is for aliasing.  When we find an alias,
+				# we have to invert
+				&$make_variant($1,$2);
+				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+			}
+			if (/^\#/) {
+				@current_platforms =
+				    grep(!/^$/,
+					 map { $tag{$_} == 1 ? $_ :
+						   $tag{$_} == -1 ? "!".$_  : "" }
+					 @known_platforms);
+				push @current_platforms
+				    , grep(!/^$/,
+					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+					   @known_ossl_platforms);
+				@current_algorithms = ();
+				@current_algorithms =
+				    grep(!/^$/,
+					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+					 @known_algorithms);
+				push @current_algorithms
+				    , grep(!/^$/,
+					 map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
+					 @known_algorithms);
+				$def .=
+				    "#INFO:"
+					.join(',',@current_platforms).":"
+					    .join(',',@current_algorithms).";";
+				next;
+			}
+			if ($tag{'TRUE'} != -1) {
+				if (/^\s*DEFINE_STACK_OF\s*\(\s*(\w*)\s*\)/
+						|| /^\s*DEFINE_STACK_OF_CONST\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					$def .= "int $3_free(void);";
+					$def .= "int $3_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$1(void);";
+					$def .= "int i2d_$1(void);";
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					$def .= "int $2_free(void);";
+					$def .= "int $2_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int i2d_$1_NDEF(void);";
+				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int $2_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+					/^DECLARE_PEM_write_const\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',"STDIO",@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					next;
+				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int _shadow_$2;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("_shadow_$2","_shadow_$2",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+				} elsif (/^\s*DEPRECATEDIN/) {
+					$parens = count_parens($_);
+					if ($parens == 0) {
+						$def .= do_deprecated($_,
+							\@current_platforms,
+							\@current_algorithms);
+					} else {
+						$stored_multiline = $_;
+						print STDERR "DEBUG: Found multiline DEPRECATEDIN starting with: $stored_multiline\n" if $debug;
+						next;
+					}
+				} elsif ($tag{'CONST_STRICT'} != 1) {
+					if (/\{|\/\*|\([^\)]*$/) {
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
+				}
+			}
+		}
+		close(IN);
+		die "$file: Unmatched tags\n" if $#tag >= 0;
+
+		my $algs;
+		my $plays;
+
+		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+		foreach (split /;/, $def) {
+			my $s; my $k = "FUNCTION"; my $p; my $a;
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/\#undef/);
+			next if(/typedef\W/);
+			next if(/\#define/);
+
+			print STDERR "TRACE: processing $_\n" if $trace && !/^\#INFO:/;
+			# Reduce argument lists to empty ()
+			# fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+			my $nsubst = 1; # prevent infinite loop, e.g., on  int fn()
+			while($nsubst && /\(.*\)/s) {
+				$nsubst = s/\([^\(\)]+\)/\{\}/gs;
+				$nsubst+= s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;	#(*f{}) -> f
+			}
+			# pretend as we didn't use curly braces: {} -> ()
+			s/\{\}/\(\)/gs;
+
+			s/STACK_OF\(\)/void/gs;
+			s/LHASH_OF\(\)/void/gs;
+
+			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+			if (/^\#INFO:([^:]*):(.*)$/) {
+				$plats = $1;
+				$algs = $2;
+				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+				next;
+			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+				$s = $1;
+				$k = "VARIABLE";
+				print STDERR "DEBUG: found external variable $s\n" if $debug;
+			} elsif (/TYPEDEF_\w+_OF/s) {
+				next;
+			} elsif (/(\w+)\s*\(\).*/s) {	# first token prior [first] () is
+				$s = $1;		# a function name!
+				print STDERR "DEBUG: found function $s\n" if $debug;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+				next;
+			} else {
+				next;
+			}
+
+			$syms{$s} = 1;
+			$kind{$s} = $k;
+
+			$p = $plats;
+			$a = $algs;
+
+			$platform{$s} =
+			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+			$algorithm{$s} .= ','.$a;
+
+			if (defined($variant{$s})) {
+				foreach $v (split /;/,$variant{$s}) {
+					(my $r, my $p, my $k) = split(/:/,$v);
+					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+					$syms{$r} = 1;
+					if (!defined($k)) { $k = $kind{$s}; }
+					$kind{$r} = $k."(".$s.")";
+					$algorithm{$r} = $algorithm{$s};
+					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+				}
+			}
+			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
+		}
+	}
+
+	# Prune the returned symbols
+
+        delete $syms{"bn_dump1"};
+	$platform{"BIO_s_log"} .= ",!WIN32,!macintosh";
+
+	$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+	$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+
+	# Info we know about
+
+	push @ret, map { $_."\\".&info_string($_,"EXIST",
+					      $platform{$_},
+					      $kind{$_},
+					      $algorithm{$_}) } keys %syms;
+
+	if (keys %unknown_algorithms) {
+		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+	}
+	return(@ret);
+}
+
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+	my ($platforms) = @_;
+	my $pl = defined($platforms) ? $platforms : "";
+	my %p = map { $_ => 0 } split /,/, $pl;
+	my $ret;
+
+	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+	    if $debug;
+	# We do this, because if there's code like the following, it really
+	# means the function exists in all cases and should therefore be
+	# everywhere.  By increasing and decreasing, we may attain 0:
+	#
+	# ifndef WIN16
+	#    int foo();
+	# else
+	#    int _fat foo();
+	# endif
+	foreach $platform (split /,/, $pl) {
+		if ($platform =~ /^!(.*)$/) {
+			$p{$1}--;
+		} else {
+			$p{$platform}++;
+		}
+	}
+	foreach $platform (keys %p) {
+		if ($p{$platform} == 0) { delete $p{$platform}; }
+	}
+
+	delete $p{""};
+
+	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+	    if $debug;
+	return $ret;
+}
+
+sub info_string
+{
+	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+	my %a = defined($algorithms) ?
+	    map { $_ => 1 } split /,/, $algorithms : ();
+	my $k = defined($kind) ? $kind : "FUNCTION";
+	my $ret;
+	my $p = &reduce_platforms($platforms);
+
+	delete $a{""};
+
+	$ret = $exist;
+	$ret .= ":".$p;
+	$ret .= ":".$k;
+	$ret .= ":".join(',',sort keys %a);
+	return $ret;
+}
+
+sub maybe_add_info
+{
+	(my $name, *nums, my @symbols) = @_;
+	my $sym;
+	my $new_info = 0;
+	my %syms=();
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = split /\\/, $sym;
+		if (defined($nums{$s})) {
+			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+			(my $n, my $vers, my $dummy) = split /\\/, $nums{$s};
+			if (!defined($dummy) || $i ne $dummy) {
+				$nums{$s} = $n."\\".$vers."\\".$i;
+				$new_info++;
+				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+			}
+		}
+		$syms{$s} = 1;
+	}
+
+	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $vers, my $i) = split /\\/, $nums{$sym};
+		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+			$new_info++;
+			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+		}
+	}
+	if ($new_info) {
+		print STDERR "$name: $new_info old symbols have updated info\n";
+		if (!$do_rewrite) {
+			print STDERR "You should do a rewrite to fix this.\n";
+		}
+	} else {
+	}
+}
+
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+	my ($keywords_txt,$platforms) = @_;
+	my (@keywords) = split /,/,$keywords_txt;
+	my ($falsesum, $truesum) = (0, 1);
+
+	# Param: one keyword
+	sub recognise
+	{
+		my ($keyword,$platforms) = @_;
+
+		if ($platforms) {
+			# platforms
+			if ($keyword eq "UNIX" && $UNIX) { return 1; }
+			if ($keyword eq "VMS" && $VMS) { return 1; }
+			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "_WIN32" && $W32) { return 1; }
+			if ($keyword eq "WINNT" && $NT) { return 1; }
+			# Special platforms:
+			# EXPORT_VAR_AS_FUNCTION means that global variables
+			# will be represented as functions.
+			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && $W32) {
+				return 1;
+			}
+			if ($keyword eq "ZLIB" && $zlib) { return 1; }
+			return 0;
+		} else {
+			# algorithms
+			if ($disabled_algorithms{$keyword} == 1) { return 0;}
+
+			# Nothing recognise as true
+			return 1;
+		}
+	}
+
+	foreach $k (@keywords) {
+		if ($k =~ /^!(.*)$/) {
+			$falsesum += &recognise($1,$platforms);
+		} else {
+			$truesum *= &recognise($k,$platforms);
+		}
+	}
+	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+	return (!$falsesum) && $truesum;
+}
+
+sub print_test_file
+{
+	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+	my $n = 1; my @e; my @r;
+	my $sym; my $prev = ""; my $prefSSLeay;
+
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	@symbols=((sort @e),(sort @r));
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+		if (!defined($nums{$s})) {
+			print STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} elsif (is_valid($p,1) && is_valid($a,0)) {
+			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+			if ($prev eq $s2) {
+				print OUT "\t/* The following has already appeared previously */\n";
+				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+			}
+			$prev = $s2;	# To warn about duplicates...
+
+			(my $nn, my $vers, my $ni) = split /\\/, $nums{$s2};
+			if ($v) {
+				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+			} else {
+				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+			}
+		}
+	}
+}
+
+sub get_version
+{
+   return $config{version};
+}
+
+sub print_def_file
+{
+	(*OUT,my $name,*nums,my @symbols)=@_;
+	my $n = 1; my @e; my @r; my @v; my $prev="";
+	my $liboptions="";
+	my $libname = $name;
+	my $http_vendor = 'www.openssl.org/';
+	my $version = get_version();
+	my $what = "OpenSSL: implementation of Secure Socket Layer";
+	my $description = "$what $version, $name - http://$http_vendor";
+	my $prevsymversion = "", $prevprevsymversion = "";
+        # For VMS
+        my $prevnum = 0;
+        my $symvtextcount = 0;
+
+	if ($W32)
+		{ $libname.="32"; }
+
+        if ($W32)
+                {
+                print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+
+LIBRARY         $libname	$liboptions
+
+EOF
+
+		print "EXPORTS\n";
+                }
+        elsif ($VMS)
+                {
+                print OUT <<"EOF";
+CASE_SENSITIVE=YES
+SYMBOL_VECTOR=(-
+EOF
+                $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                }
+
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+        if ($VMS) {
+            # VMS needs to have the symbols on slot number order
+            @symbols=(map { $_->[1] }
+                      sort { $a->[0] <=> $b->[0] }
+                      map { (my $s, my $i) = $_ =~ /^(.*?)\\(.*)$/;
+                            die "Error: $s doesn't have a number assigned\n"
+                                if !defined($nums{$s});
+                            (my $n, my @rest) = split /\\/, $nums{$s};
+                            [ $n, $_ ] } (@e, @r, @v));
+        } else {
+            @symbols=((sort @e),(sort @r), (sort @v));
+        }
+
+	my ($baseversion, $currversion) = get_openssl_version();
+	my $thisversion;
+	do {
+		if (!defined($thisversion)) {
+			$thisversion = $baseversion;
+		} else {
+			$thisversion = get_next_version($thisversion);
+		}
+		foreach $sym (@symbols) {
+			(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+			my $v = 0;
+			$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+			if (!defined($nums{$s})) {
+				die "Error: $s does not have a number assigned\n"
+					if(!$do_update);
+			} else {
+				(my $n, my $symversion, my $dummy) = split /\\/, $nums{$s};
+				my %pf = ();
+				my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+				my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+				if (is_valid($p,1) && is_valid($a,0)) {
+					my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+					if ($prev eq $s2) {
+						print STDERR "Warning: Symbol '",$s2,
+							"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),
+							", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+					}
+					$prev = $s2;	# To warn about duplicates...
+					if($linux) {
+						next if $symversion ne $thisversion;
+						if ($symversion ne $prevsymversion) {
+							if ($prevsymversion ne "") {
+								if ($prevprevsymversion ne "") {
+									print OUT "} OPENSSL${SO_VARIANT}_"
+												."$prevprevsymversion;\n\n";
+								} else {
+									print OUT "};\n\n";
+								}
+							}
+							print OUT "OPENSSL${SO_VARIANT}_$symversion {\n    global:\n";
+							$prevprevsymversion = $prevsymversion;
+							$prevsymversion = $symversion;
+						}
+						print OUT "        $s2;\n";
+                                        } elsif ($VMS) {
+                                            while(++$prevnum < $n) {
+                                                my $symline=" ,SPARE -\n  ,SPARE -\n";
+                                                if ($symvtextcount + length($symline) - 2 > 1024) {
+                                                    print OUT ")\nSYMBOL_VECTOR=(-\n";
+                                                    $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                                                }
+                                                if ($symvtextcount == 16) {
+                                                    # Take away first comma
+                                                    $symline =~ s/,//;
+                                                }
+                                                print OUT $symline;
+                                                $symvtextcount += length($symline) - 2;
+                                            }
+                                            (my $s_uc = $s) =~ tr/a-z/A-Z/;
+                                            my $symtype=
+                                                $v ? "DATA" : "PROCEDURE";
+                                            my $symline=
+                                                ($s_uc ne $s
+                                                 ? " ,$s_uc/$s=$symtype -\n  ,$s=$symtype -\n"
+                                                 : " ,$s=$symtype -\n  ,SPARE -\n");
+                                            if ($symvtextcount + length($symline) - 2 > 1024) {
+                                                print OUT ")\nSYMBOL_VECTOR=(-\n";
+                                                $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+                                            }
+                                            if ($symvtextcount == 16) {
+                                                # Take away first comma
+                                                $symline =~ s/,//;
+                                            }
+                                            print OUT $symline;
+                                            $symvtextcount += length($symline) - 2;
+					} elsif($v) {
+						printf OUT "    %s%-39s DATA\n",
+								($W32)?"":"_",$s2;
+					} else {
+						printf OUT "    %s%s\n",
+								($W32)?"":"_",$s2;
+					}
+				}
+			}
+		}
+	} while ($linux && $thisversion ne $currversion);
+	if ($linux) {
+		if ($prevprevsymversion ne "") {
+			print OUT "    local: *;\n} OPENSSL${SO_VARIANT}_$prevprevsymversion;\n\n";
+		} else {
+			print OUT "    local: *;\n};\n\n";
+		}
+	} elsif ($VMS) {
+            print OUT ")\n";
+            (my $libvmaj, my $libvmin, my $libvedit) =
+                $currversion =~ /^(\d+)_(\d+)_(\d+)$/;
+            # The reason to multiply the edit number with 100 is to make space
+            # for the possibility that we want to encode the patch letters
+            print OUT "GSMATCH=LEQUAL,",($libvmaj * 100 + $libvmin),",",($libvedit * 100),"\n";
+        }
+	printf OUT "\n";
+}
+
+sub load_numbers
+{
+	my($name)=@_;
+	my(@a,%ret);
+	my $prevversion;
+
+	$max_num = 0;
+	$num_noinfo = 0;
+	$prev = "";
+	$prev_cnt = 0;
+
+	my ($baseversion, $currversion) = get_openssl_version();
+
+	open(IN,"<$name") || die "unable to open $name:$!\n";
+	while (<IN>) {
+		s|\R$||;        # Better chomp
+		s/#.*$//;
+		next if /^\s*$/;
+		@a=split;
+		if (defined $ret{$a[0]}) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+		}
+		if ($max_num > $a[1]) {
+			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+		}
+		elsif ($max_num == $a[1]) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+			if ($a[0] eq $prev) {
+				$prev_cnt++;
+				$a[0] .= "{$prev_cnt}";
+			}
+		}
+		else {
+			$prev_cnt = 0;
+		}
+		if ($#a < 2) {
+			# Existence will be proven later, in do_defs
+			$ret{$a[0]}=$a[1];
+			$num_noinfo++;
+		} else {
+			#Sanity check the version number
+			if (defined $prevversion) {
+				check_version_lte($prevversion, $a[2]);
+			}
+			check_version_lte($a[2], $currversion);
+			$prevversion = $a[2];
+			$ret{$a[0]}=$a[1]."\\".$a[2]."\\".$a[3]; # \\ is a special marker
+		}
+		$max_num = $a[1] if $a[1] > $max_num;
+		$prev=$a[0];
+	}
+	if ($num_noinfo) {
+		print STDERR "Warning: $num_noinfo symbols were without info." if $verbose || !$do_rewrite;
+		if ($do_rewrite) {
+			printf STDERR "  The rewrite will fix this.\n" if $verbose;
+		} else {
+			printf STDERR "  You should do a rewrite to fix this.\n";
+		}
+	}
+	close(IN);
+	return(%ret);
+}
+
+sub parse_number
+{
+	(my $str, my $what) = @_;
+	(my $n, my $v, my $i) = split(/\\/,$str);
+	if ($what eq "n") {
+		return $n;
+	} else {
+		return $i;
+	}
+}
+
+sub rewrite_numbers
+{
+	(*OUT,$name,*nums,@symbols)=@_;
+	my $thing;
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	my %syms = ();
+	foreach $_ (@symbols) {
+		(my $n, my $i) = split /\\/;
+		$syms{$n} = 1;
+	}
+
+	my @s=sort {
+	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+	    || $a cmp $b
+	} keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $vers, my $i) = split /\\/, $nums{$sym};
+		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+		$i="NOEXIST::FUNCTION:"
+			if !defined($i) || $i eq "" || !defined($syms{$sym});
+		my $s2 = $sym;
+		$s2 =~ s/\{[0-9]+\}$//;
+		printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
+		if (exists $r{$sym}) {
+			(my $s, $i) = split /\\/,$r{$sym};
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
+		}
+	}
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+	my $new_syms = 0;
+	my $basevers;
+	my $vers;
+
+	($basevers, $vers) = get_openssl_version();
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		die "ERROR: Symbol $sym had no info attached to it."
+		    if $i eq "";
+		if (!exists $nums{$s}) {
+			$new_syms++;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\t%s\n","",$s2, ++$start_num,$vers,$i;
+			if (exists $r{$s}) {
+				($s, $i) = split /\\/,$r{$s};
+				$s =~ s/\{[0-9]+\}$//;
+				printf OUT "%s%-39s %d\t%s\t%s\n","",$s, $start_num,$vers,$i;
+			}
+		}
+	}
+	if($new_syms) {
+		print STDERR "$name: Added $new_syms new symbols\n";
+	} else {
+		print STDERR "$name: No new symbols added\n";
+	}
+}
+
+sub check_existing
+{
+	(*nums, my @symbols)=@_;
+	my %existing; my @remaining;
+	@remaining=();
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		$existing{$s}=1;
+	}
+	foreach $sym (keys %nums) {
+		if (!exists $existing{$sym}) {
+			push @remaining, $sym;
+		}
+	}
+	if(@remaining) {
+		print STDERR "The following symbols do not seem to exist:\n";
+		foreach $sym (@remaining) {
+			print STDERR "\t",$sym,"\n";
+		}
+	}
+}
+
+sub count_parens
+{
+	my $line = shift(@_);
+
+	my $open = $line =~ tr/\(//;
+	my $close = $line =~ tr/\)//;
+
+	return $open - $close;
+}
+
+#Parse opensslv.h to get the current version number. Also work out the base
+#version, i.e. the lowest version number that is binary compatible with this
+#version
+sub get_openssl_version()
+{
+	my $fn = catfile($config{sourcedir},"include","openssl","opensslv.h");
+	open (IN, "$fn") || die "Can't open opensslv.h";
+
+	while(<IN>) {
+		if (/OPENSSL_VERSION_TEXT\s+"OpenSSL (\d\.\d\.)(\d[a-z]*)(-| )/) {
+			my $suffix = $2;
+			(my $baseversion = $1) =~ s/\./_/g;
+			close IN;
+			return ($baseversion."0", $baseversion.$suffix);
+		}
+	}
+	die "Can't find OpenSSL version number\n";
+}
+
+#Given an OpenSSL version number, calculate the next version number. If the
+#version number gets to a.b.czz then we go to a.b.(c+1)
+sub get_next_version()
+{
+	my $thisversion = shift;
+
+	my ($base, $letter) = $thisversion =~ /^(\d_\d_\d)([a-z]{0,2})$/;
+
+	if ($letter eq "zz") {
+		my $lastnum = substr($base, -1);
+		return substr($base, 0, length($base)-1).(++$lastnum);
+	}
+	return $base.get_next_letter($letter);
+}
+
+#Given the letters off the end of an OpenSSL version string, calculate what
+#the letters for the next release would be.
+sub get_next_letter()
+{
+	my $thisletter = shift;
+	my $baseletter = "";
+	my $endletter;
+
+	if ($thisletter eq "") {
+		return "a";
+	}
+	if ((length $thisletter) > 1) {
+		($baseletter, $endletter) = $thisletter =~ /([a-z]+)([a-z])/;
+	} else {
+		$endletter = $thisletter;
+	}
+
+	if ($endletter eq "z") {
+		return $thisletter."a";
+	} else {
+		return $baseletter.(++$endletter);
+	}
+}
+
+#Check if a version is less than or equal to the current version. Its a fatal
+#error if not. They must also only differ in letters, or the last number (i.e.
+#the first two numbers must be the same)
+sub check_version_lte()
+{
+	my ($testversion, $currversion) = @_;
+	my $lentv;
+	my $lencv;
+	my $cvbase;
+
+	my ($cvnums) = $currversion =~ /^(\d_\d_\d)[a-z]*$/;
+	my ($tvnums) = $testversion =~ /^(\d_\d_\d)[a-z]*$/;
+
+	#Die if we can't parse the version numbers or they don't look sane
+	die "Invalid version number: $testversion and $currversion\n"
+		if (!defined($cvnums) || !defined($tvnums)
+			|| length($cvnums) != 5
+			|| length($tvnums) != 5);
+
+	#If the base versions (without letters) don't match check they only differ
+	#in the last number
+	if ($cvnums ne $tvnums) {
+		die "Invalid version number: $testversion "
+			."for current version $currversion\n"
+			if (substr($cvnums, -1) < substr($tvnums, -1)
+				|| substr($cvnums, 0, 4) ne substr($tvnums, 0, 4));
+		return;
+	}
+	#If we get here then the base version (i.e. the numbers) are the same - they
+	#only differ in the letters
+
+	$lentv = length $testversion;
+	$lencv = length $currversion;
+
+	#If the testversion has more letters than the current version then it must
+	#be later (or malformed)
+	if ($lentv > $lencv) {
+		die "Invalid version number: $testversion "
+			."is greater than $currversion\n";
+	}
+
+	#Get the last letter from the current version
+	my ($cvletter) = $currversion =~ /([a-z])$/;
+	if (defined $cvletter) {
+		($cvbase) = $currversion =~ /(\d_\d_\d[a-z]*)$cvletter$/;
+	} else {
+		$cvbase = $currversion;
+	}
+	die "Unable to parse version number $currversion" if (!defined $cvbase);
+	my $tvbase;
+	my ($tvletter) = $testversion =~ /([a-z])$/;
+	if (defined $tvletter) {
+		($tvbase) = $testversion =~ /(\d_\d_\d[a-z]*)$tvletter$/;
+	} else {
+		$tvbase = $testversion;
+	}
+	die "Unable to parse version number $testversion" if (!defined $tvbase);
+
+	if ($lencv > $lentv) {
+		#If current version has more letters than testversion then testversion
+		#minus the final letter must be a substring of the current version
+		die "Invalid version number $testversion "
+			."is greater than $currversion or is invalid\n"
+			if (index($cvbase, $tvbase) != 0);
+	} else {
+		#If both versions have the same number of letters then they must be
+		#equal up to the last letter, and the last letter in testversion must
+		#be less than or equal to the last letter in current version.
+		die "Invalid version number $testversion "
+			."is greater than $currversion\n"
+			if (($cvbase ne $tvbase) && ($tvletter gt $cvletter));
+	}
+}
+
+sub do_deprecated()
+{
+	my ($decl, $plats, $algs) = @_;
+	$decl =~ /^\s*(DEPRECATEDIN_\d+_\d+_\d+)\s*\((.*)\)\s*$/
+            or die "Bad DEPRECTEDIN: $decl\n";
+	my $info1 .= "#INFO:";
+	$info1 .= join(',', @{$plats}) . ":";
+	my $info2 = $info1;
+	$info1 .= join(',',@{$algs}, $1) . ";";
+	$info2 .= join(',',@{$algs}) . ";";
+	return $info1 . $2 . ";" . $info2;
+}
diff --git a/openssl-1.1.0h/util/mkdir-p.pl b/openssl-1.1.0h/util/mkdir-p.pl
new file mode 100755
index 0000000..3280602
--- /dev/null
+++ b/openssl-1.1.0h/util/mkdir-p.pl
@@ -0,0 +1,44 @@
+#! /usr/bin/env perl
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  $arg =~ tr|\\|/|;
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  unless (mkdir($dir, 0777)) {
+    if (-d $dir) {
+      # We raced against another instance doing the same thing.
+      return;
+    }
+    die "Cannot create directory $dir: $!\n";
+  }
+  print "created directory `$dir'\n";
+}
diff --git a/openssl-1.1.0h/util/mkerr.pl b/openssl-1.1.0h/util/mkerr.pl
new file mode 100644
index 0000000..79c8cfc
--- /dev/null
+++ b/openssl-1.1.0h/util/mkerr.pl
@@ -0,0 +1,771 @@
+#! /usr/bin/env perl
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $unref = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+my $staticloader = "";
+my @t = localtime();
+my $YEAR = @t[5] + 1900;
+
+my $pack_errcode;
+my $load_errcode;
+
+my $errcount;
+my $year = (localtime)[5] + 1900;
+
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-conf") {
+		shift @ARGV;
+		$config = shift @ARGV;
+	} elsif($arg eq "-hprefix") {
+		shift @ARGV;
+		$hprefix = shift @ARGV;
+	} elsif($arg eq "-debug") {
+		$debug = 1;
+		$unref = 1;
+		shift @ARGV;
+	} elsif($arg eq "-rebuild") {
+		$rebuild = 1;
+		shift @ARGV;
+	} elsif($arg eq "-recurse") {
+		$recurse = 1;
+		shift @ARGV;
+	} elsif($arg eq "-reindex") {
+		$reindex = 1;
+		shift @ARGV;
+	} elsif($arg eq "-nostatic") {
+		$static = 0;
+		shift @ARGV;
+	} elsif($arg eq "-staticloader") {
+		$staticloader = "static ";
+		shift @ARGV;
+	} elsif($arg eq "-unref") {
+		$unref = 1;
+		shift @ARGV;
+	} elsif($arg eq "-write") {
+		$dowrite = 1;
+		shift @ARGV;
+	} elsif($arg eq "-help" || $arg eq "-h" || $arg eq "-?" || $arg eq "--help") {
+		print STDERR <<"EOF";
+mkerr.pl [options] ...
+
+Options:
+
+  -conf F       Use the config file F instead of the default one:
+                  crypto/err/openssl.ec
+
+  -hprefix P    Prepend the filenames in generated #include <header>
+                statements with prefix P. Default: 'openssl/' (without
+                the quotes, naturally)
+                NOTE: not used any more because our include directory
+                structure has changed.
+
+  -debug        Turn on debugging verbose output on stderr.
+
+  -rebuild      Rebuild all header and C source files, irrespective of the
+                fact if any error or function codes have been added/removed.
+                Default: only update files for libraries which saw change
+                         (of course, this requires '-write' as well, or no
+                          files will be touched!)
+
+  -recurse      scan a preconfigured set of directories / files for error and
+                function codes:
+                  (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <apps/*.c>)
+                When this option is NOT specified, the filelist is taken from
+                the commandline instead. Here, wildcards may be embedded. (Be
+                sure to escape those to prevent the shell from expanding them
+                for you when you wish mkerr.pl to do so instead.)
+                Default: take file list to scan from the command line.
+
+  -reindex      Discard the numeric values previously assigned to the error
+                and function codes as extracted from the scanned header files;
+                instead renumber all of them starting from 100. (Note that
+                the numbers assigned through 'R' records in the config file
+                remain intact.)
+                Default: keep previously assigned numbers. (You are warned
+                         when collisions are detected.)
+
+  -nostatic     Generates a different source code, where these additional 
+                functions are generated for each library specified in the
+                config file:
+                  void ERR_load_<LIB>_strings(void);
+                  void ERR_unload_<LIB>_strings(void);
+                  void ERR_<LIB>_error(int f, int r, char *fn, int ln);
+                  #define <LIB>err(f,r) ERR_<LIB>_error(f,r,OPENSSL_FILE,OPENSSL_LINE)
+                while the code facilitates the use of these in an environment
+                where the error support routines are dynamically loaded at 
+                runtime.
+                Default: 'static' code generation.
+
+  -staticloader Prefix generated functions with the 'static' scope modifier.
+                Default: don't write any scope modifier prefix.
+
+  -unref        Print out unreferenced function and reason codes.
+
+  -write        Actually (over)write the generated code to the header and C 
+                source files as assigned to each library through the config 
+                file.
+                Default: don't write.
+
+  -help / -h / -? / --help            Show this help text.
+
+  ...           Additional arguments are added to the file list to scan,
+                assuming '-recurse' was NOT specified on the command line.
+
+EOF
+		exit 1;
+	} else {
+		last;
+	}
+}
+
+if($recurse) {
+	@source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <ssl/*/*.c> )
+} else {
+	@source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while(<IN>)
+{
+	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+		$hinc{$1} = $2;
+		$libinc{$2} = $1;
+		$cskip{$3} = $1;
+		if($3 ne "NONE") {
+			$csrc{$1} = $3;
+			$fmax{$1} = 100;
+			$rmax{$1} = 100;
+			$fassigned{$1} = ":";
+			$rassigned{$1} = ":";
+			$fnew{$1} = 0;
+			$rnew{$1} = 0;
+		}
+	} elsif (/^F\s+(\S+)/) {
+	# Add extra function with $1
+	} elsif (/^R\s+(\S+)\s+(\S+)/) {
+		$rextra{$1} = $2;
+		$rcodes{$1} = $2;
+	}
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($hdr, $lib) = each %libinc)
+{
+	next if($hdr eq "NONE");
+	print STDERR "Scanning header file $hdr\n" if $debug;
+	my $line = "", $def= "", $linenr = 0, $gotfile = 0, $cpp = 0;
+	if (open(IN, "<$hdr")) {
+	    $gotfile = 1;
+	    while(<IN>) {
+		$linenr++;
+		print STDERR "line: $linenr\r" if $debug;
+
+		last if(/BEGIN\s+ERROR\s+CODES/);
+		if ($line ne '') {
+		    $_ = $line . $_;
+		    $line = '';
+		}
+
+		if (/\\$/) {
+		    $line = $_;
+		    next;
+		}
+
+		if(/\/\*/) {
+		    if (not /\*\//) {		# multiline comment...
+			$line = $_;		# ... just accumulate
+			next; 
+		    } else {
+			s/\/\*.*?\*\///gs;	# wipe it
+		    }
+		}
+
+		if ($cpp) {
+		    $cpp++ if /^#\s*if/;
+		    $cpp-- if /^#\s*endif/;
+		    next;
+		}
+		$cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+
+		next if (/^\#/);                      # skip preprocessor directives
+
+		s/{[^{}]*}//gs;                      # ignore {} blocks
+
+		if (/\{|\/\*/) { # Add a } so editor works...
+		    $line = $_;
+		} else {
+		    $def .= $_;
+		}
+	    }
+	}
+
+	print STDERR "                                  \r" if $debug;
+        $defnr = 0;
+	# Delete any DECLARE_ macros
+	$def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
+	foreach (split /;/, $def) {
+	    $defnr++;
+	    print STDERR "def: $defnr\r" if $debug;
+
+	    # The goal is to collect function names from function declarations.
+
+	    s/^[\n\s]*//g;
+	    s/[\n\s]*$//g;
+
+	    # Skip over recognized non-function declarations
+	    next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/);
+
+	    # Remove STACK_OF(foo)
+	    s/STACK_OF\(\w+\)/void/;
+
+	    # Reduce argument lists to empty ()
+	    # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+	    while(/\(.*\)/s) {
+		s/\([^\(\)]+\)/\{\}/gs;
+		s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;	#(*f{}) -> f
+	    }
+	    # pretend as we didn't use curly braces: {} -> ()
+	    s/\{\}/\(\)/gs;
+
+	    if (/(\w+)\s*\(\).*/s) {	# first token prior [first] () is
+		my $name = $1;		# a function name!
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/[\(\)]/ and not (/=/)) {
+		print STDERR "Header $hdr: cannot parse: $_;\n";
+	    }
+	}
+
+	print STDERR "                                  \r" if $debug;
+
+	next if $reindex;
+
+	# Scan function and reason codes and store them: keep a note of the
+	# maximum code used.
+
+	if ($gotfile) {
+	  while(<IN>) {
+		if(/^\#\s*define\s+(\S+)\s+(\S+)/) {
+			$name = $1;
+			$code = $2;
+			next if $name =~ /^${lib}err/;
+			unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+				print STDERR "Invalid error code $name\n";
+				next;
+			}
+			if($1 eq "R") {
+				$rcodes{$name} = $code;
+				if ($rassigned{$lib} =~ /:$code:/) {
+					print STDERR "!! ERROR: $lib reason code $code assigned twice (collision at $name)\n";
+					++$errcount;
+				}
+				$rassigned{$lib} .= "$code:";
+				if(!(exists $rextra{$name}) &&
+					 ($code > $rmax{$lib}) ) {
+					$rmax{$lib} = $code;
+				}
+			} else {
+				if ($fassigned{$lib} =~ /:$code:/) {
+					print STDERR "!! ERROR: $lib function code $code assigned twice (collision at $name)\n";
+					++$errcount;
+				}
+				$fassigned{$lib} .= "$code:";
+				if($code > $fmax{$lib}) {
+					$fmax{$lib} = $code;
+				}
+				$fcodes{$name} = $code;
+			}
+		}
+	  }
+	}
+
+	if ($debug) {
+		if (defined($fmax{$lib})) {
+			print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n";
+			$fassigned{$lib} =~ m/^:(.*):$/;
+			@fassigned = sort {$a <=> $b} split(":", $1);
+			print STDERR "  @fassigned\n";
+		}
+		if (defined($rmax{$lib})) {
+			print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n";
+			$rassigned{$lib} =~ m/^:(.*):$/;
+			@rassigned = sort {$a <=> $b} split(":", $1);
+			print STDERR "  @rassigned\n";
+		}
+	}
+
+	if ($lib eq "SSL") {
+		if ($rmax{$lib} >= 1000) {
+			print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
+			print STDERR "!!        Any new alerts must be added to $config.\n";
+			++$errcount;
+			print STDERR "\n";
+		}
+	}
+	close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+foreach $file (@source) {
+	# Don't parse the error source file.
+	next if exists $cskip{$file};
+	print STDERR "File loaded: ".$file."\r" if $debug;
+	open(IN, "<$file") || die "Can't open source file $file\n";
+	my $func;
+	my $linenr = 0;
+	while(<IN>) {
+		# skip obsoleted source files entirely!
+		last if(/^#error\s+obsolete/);
+		$linenr++;
+		if (!/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/)
+			{
+			/^([^()]*(\([^()]*\)[^()]*)*)\(/;
+			$1 =~ /([A-Za-z_0-9]*)$/;
+			$func = $1;
+			}
+
+		if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+			next unless exists $csrc{$2};
+			next if($1 eq "BIO_F_BUFFER_CTX");
+			$ufcodes{$1} = 1;
+			if(!exists $fcodes{$1}) {
+				$fcodes{$1} = "X";
+				$fnew{$2}++;
+			}
+			$ftrans{$3} = $func unless exists $ftrans{$3};
+            if (uc $func ne $3) {
+                print STDERR "ERROR: mismatch $file:$linenr $func:$3\n";
+                $errcount++;
+            }
+			print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; 
+		}
+		if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+			next unless exists $csrc{$2};
+			$urcodes{$1} = 1;
+			if(!exists $rcodes{$1}) {
+				$rcodes{$1} = "X";
+				$rnew{$2}++;
+			}
+			print STDERR "Reason: $1\t= $rcodes{$1} (lib: $2)\n" if $debug; 
+		} 
+	}
+	close IN;
+}
+print STDERR "                                  \n" if $debug;
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+	my $hfile = $hinc{$lib};
+	my $cfile = $csrc{$lib};
+	if(!$fnew{$lib} && !$rnew{$lib}) {
+		next unless $rebuild;
+	} else {
+		print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+		print STDERR " $rnew{$lib} New Reasons.\n";
+		next unless $dowrite;
+	}
+
+	# If we get here then we have some new error codes so we
+	# need to rebuild the header file and C file.
+
+	# Make a sorted list of error and reason codes for later use.
+
+	my @function = sort grep(/^${lib}_/,keys %fcodes);
+	my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+	# Rewrite the header file
+
+	$cpp = 0;
+	$cplusplus = 0;
+	if (open(IN, "<$hfile")) {
+	    # Copy across the old file
+	    while(<IN>) {
+		$cplusplus = $cpp if /^#.*ifdef.*cplusplus/;
+		$cpp++ if /^#\s*if/;
+		$cpp-- if /^#\s*endif/;
+		push @out, $_;
+		last if (/BEGIN ERROR CODES/);
+	    }
+	    close IN;
+	} else {
+	    $cpp = 1;
+	    $cplusplus = 1;
+	    push @out,
+"/*\n",
+" * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.\n",
+" *\n",
+" * Licensed under the OpenSSL license (the \"License\").  You may not use\n",
+" * this file except in compliance with the License.  You can obtain a copy\n",
+" * in the file LICENSE in the source distribution or at\n",
+" * https://www.openssl.org/source/license.html\n",
+" */\n",
+"\n",
+"#ifndef HEADER_${lib}_ERR_H\n",
+"# define HEADER_${lib}_ERR_H\n",
+"\n",
+"# ifdef  __cplusplus\n",
+"extern \"C\" {\n",
+"# endif\n",
+"\n",
+"/* BEGIN ERROR CODES */\n";
+	}
+	open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+	print OUT @out;
+	undef @out;
+	print OUT <<"EOF";
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+EOF
+	if($static) {
+		print OUT <<"EOF";
+${staticloader}int ERR_load_${lib}_strings(void);
+
+EOF
+	} else {
+		print OUT <<"EOF";
+${staticloader}int ERR_load_${lib}_strings(void);
+${staticloader}void ERR_unload_${lib}_strings(void);
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+EOF
+	}
+	print OUT <<"EOF";
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+	foreach $i (@function) {
+		$z=48 - length($i);
+		if($fcodes{$i} eq "X") {
+			$fassigned{$lib} =~ m/^:([^:]*):/;
+			$findcode = $1;
+			if (!defined($findcode)) {
+				$findcode = $fmax{$lib};
+			}
+			while ($fassigned{$lib} =~ m/:$findcode:/) {
+				$findcode++;
+			}
+			$fcodes{$i} = $findcode;
+			$fassigned{$lib} .= "$findcode:";
+			print STDERR "New Function code $i\n" if $debug;
+		}
+		printf OUT "# define $i%s $fcodes{$i}\n"," " x $z;
+	}
+
+	print OUT "\n/* Reason codes. */\n";
+
+	foreach $i (@reasons) {
+		$z=48 - length($i);
+		if($rcodes{$i} eq "X") {
+			$rassigned{$lib} =~ m/^:([^:]*):/;
+			$findcode = $1;
+			if (!defined($findcode)) {
+				$findcode = $rmax{$lib};
+			}
+			while ($rassigned{$lib} =~ m/:$findcode:/) {
+				$findcode++;
+			}
+			$rcodes{$i} = $findcode;
+			$rassigned{$lib} .= "$findcode:";
+			print STDERR "New Reason code   $i\n" if $debug;
+		}
+		printf OUT "# define $i%s $rcodes{$i}\n"," " x $z;
+	}
+	print OUT <<"EOF";
+
+EOF
+	do {
+	    if ($cplusplus == $cpp) {
+		print OUT "#", " "x$cpp, "ifdef  __cplusplus\n";
+		print OUT "}\n";
+		print OUT "#", " "x$cpp, "endif\n";
+	    }
+	    if ($cpp-- > 0) {
+		print OUT "#", " "x$cpp, "endif\n";
+	    }
+	} while ($cpp);
+	close OUT;
+
+	# Rewrite the C source file containing the error details.
+
+	# First, read any existing reason string definitions:
+	my %err_reason_strings;
+	if (open(IN,"<$cfile")) {
+		my $line = "";
+		while (<IN>) {
+			s|\R$||; # Better chomp
+			$_ = $line . $_;
+			$line = "";
+			if (/{ERR_(FUNC|REASON)\(/) {
+				if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
+					$err_reason_strings{$1} = $2;
+				} elsif (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) {
+					if (!exists $ftrans{$1} && ($1 ne $2)) {
+						print STDERR "WARNING: Mismatched function string $2\n";
+						$ftrans{$1} = $2;
+					}
+				} else {
+					$line = $_;
+				}
+			}
+		}
+		close(IN);
+	}
+
+
+	my $hincf;
+	if($static) {
+		$hincf = $hfile;
+		$hincf =~ s|.*include/||;
+		if ($hincf =~ m|^openssl/|) {
+			$hincf = "<${hincf}>";
+		} else {
+			$hincf = "\"${hincf}\"";
+		}
+	} else {
+		$hincf = "\"$hfile\"";
+	}
+
+	# If static we know the error code at compile time so use it
+	# in error definitions.
+
+	if ($static)
+		{
+		$pack_errcode = "ERR_LIB_${lib}";
+		$load_errcode = "0";
+		}
+	else
+		{
+		$pack_errcode = "0";
+		$load_errcode = "ERR_LIB_${lib}";
+		}
+
+
+	open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+	print OUT <<"EOF";
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
+# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
+
+static ERR_STRING_DATA ${lib}_str_functs[] = {
+EOF
+	# Add each function code: if a function name is found then use it.
+	foreach $i (@function) {
+		my $fn;
+		$i =~ /^${lib}_F_(\S+)$/;
+		$fn = $1;
+		if(exists $ftrans{$fn}) {
+			$fn = $ftrans{$fn};
+		}
+#		print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
+		if(length($i) + length($fn) > 57) {
+			print OUT "    {ERR_FUNC($i),\n     \"$fn\"},\n";
+		} else {
+			print OUT "    {ERR_FUNC($i), \"$fn\"},\n";
+		}
+	}
+	print OUT <<"EOF";
+    {0, NULL}
+};
+
+static ERR_STRING_DATA ${lib}_str_reasons[] = {
+EOF
+	# Add each reason code.
+	foreach $i (@reasons) {
+		my $rn;
+		my $rstr = "ERR_REASON($i)";
+		if (exists $err_reason_strings{$i}) {
+			$rn = $err_reason_strings{$i};
+		} else {
+			$i =~ /^${lib}_R_(\S+)$/;
+			$rn = $1;
+			$rn =~ tr/_[A-Z]/ [a-z]/;
+		}
+		if(length($i) + length($rn) > 55) {
+			print OUT "    {${rstr},\n     \"$rn\"},\n";
+		} else {
+			print OUT "    {${rstr}, \"$rn\"},\n";
+		}
+	}
+if($static) {
+	print OUT <<"EOF";
+    {0, NULL}
+};
+
+#endif
+
+${staticloader}int ERR_load_${lib}_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) {
+        ERR_load_strings($load_errcode, ${lib}_str_functs);
+        ERR_load_strings($load_errcode, ${lib}_str_reasons);
+    }
+#endif
+    return 1;
+}
+EOF
+} else {
+	print OUT <<"EOF";
+    {0, NULL}
+};
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[] = {
+    {0, ${lib}_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int ${lib}_lib_error_code = 0;
+static int ${lib}_error_init = 1;
+
+${staticloader}int ERR_load_${lib}_strings(void)
+{
+    if (${lib}_lib_error_code == 0)
+        ${lib}_lib_error_code = ERR_get_next_error_library();
+
+    if (${lib}_error_init) {
+        ${lib}_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs);
+        ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+        ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0);
+        ERR_load_strings(0, ${lib}_lib_name);
+#endif
+    }
+    return 1;
+}
+
+${staticloader}void ERR_unload_${lib}_strings(void)
+{
+    if (${lib}_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs);
+        ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+        ERR_unload_strings(0, ${lib}_lib_name);
+#endif
+        ${lib}_error_init = 1;
+    }
+}
+
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
+{
+    if (${lib}_lib_error_code == 0)
+        ${lib}_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line);
+}
+EOF
+
+}
+
+	close OUT;
+	undef %err_reason_strings;
+}
+
+if($debug && %notrans) {
+	print STDERR "The following function codes were not translated:\n";
+	foreach(sort keys %notrans)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+	push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+	push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($unref && @funref) {
+	print STDERR "The following function codes were not referenced:\n";
+	foreach(sort @funref)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+if($unref && @runref) {
+	print STDERR "The following reason codes were not referenced:\n";
+	foreach(sort @runref)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+if($errcount) {
+	print STDERR "There were errors, failing...\n\n";
+	exit $errcount;
+}
+
diff --git a/openssl-1.1.0h/util/mkrc.pl b/openssl-1.1.0h/util/mkrc.pl
new file mode 100755
index 0000000..c177349
--- /dev/null
+++ b/openssl-1.1.0h/util/mkrc.pl
@@ -0,0 +1,83 @@
+#! /usr/bin/env perl
+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use lib ".";
+use configdata;
+use File::Spec::Functions;
+
+my $versionfile = catfile($config{sourcedir},"include/openssl/opensslv.h");
+
+open FD, $versionfile or die "Couldn't open include/openssl/opensslv.h: $!\n";
+while(<FD>) {
+    if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) {
+	$ver = hex($1);
+	$v1 = ($ver>>28);
+	$v2 = ($ver>>20)&0xff;
+	$v3 = ($ver>>12)&0xff;
+	$v4 = ($ver>> 4)&0xff;
+	$beta = $ver&0xf;
+	$version = "$v1.$v2.$v3";
+	if ($beta==0xf)	{ $version .= chr(ord('a')+$v4-1) if ($v4);	}
+	elsif ($beta==0){ $version .= "-dev";				}
+	else		{ $version .= "-beta$beta";			}
+	last;
+    }
+}
+close(FD);
+
+$filename = $ARGV[0]; $filename =~ /(.*)\.([^.]+)$/;
+$basename = $1;
+$extname  = $2;
+
+if ($extname =~ /dll/i)	{ $description = "OpenSSL shared library"; }
+else			{ $description = "OpenSSL application";    }
+
+print <<___;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+  FILEVERSION $v1,$v2,$v3,$v4
+  PRODUCTVERSION $v1,$v2,$v3,$v4
+  FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+  FILEFLAGS 0x01L
+#else
+  FILEFLAGS 0x00L
+#endif
+  FILEOS VOS__WINDOWS32
+  FILETYPE VFT_DLL
+  FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            // Required:
+            VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+            VALUE "FileDescription", "$description\\0"
+            VALUE "FileVersion", "$version\\0"
+            VALUE "InternalName", "$basename\\0"
+            VALUE "OriginalFilename", "$filename\\0"
+            VALUE "ProductName", "The OpenSSL Toolkit\\0"
+            VALUE "ProductVersion", "$version\\0"
+            // Optional:
+            //VALUE "Comments", "\\0"
+            VALUE "LegalCopyright", "Copyright 1998-2016 The OpenSSL Authors. All rights reserved.\\0"
+            //VALUE "LegalTrademarks", "\\0"
+            //VALUE "PrivateBuild", "\\0"
+            //VALUE "SpecialBuild", "\\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 0x4b0
+    END
+END
+___
diff --git a/openssl-1.1.0h/util/openssl-format-source b/openssl-1.1.0h/util/openssl-format-source
new file mode 100755
index 0000000..3dcc128
--- /dev/null
+++ b/openssl-1.1.0h/util/openssl-format-source
@@ -0,0 +1,175 @@
+#!/bin/sh
+#
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# openssl-format-source 
+# - format source tree according to OpenSSL coding style using indent
+#
+# usage:
+#   openssl-format-source [-v] [-n] [file|directory] ...
+#
+# note: the indent options assume GNU indent v2.2.10 which was released
+#       Feb-2009 so if you have an older indent the options may not 
+#	match what is expected
+#
+# any marked block comment blocks have to be moved to align manually after
+# the reformatting has been completed as marking a block causes indent to 
+# not move it at all ...
+#
+
+PATH=/usr/local/bin:/bin:/usr/bin:$PATH
+export PATH
+HERE="`dirname $0`"
+
+set -e
+
+INDENT=indent
+uname -s | grep BSD > /dev/null && type gindent > /dev/null 2>&1 && INDENT=gindent
+
+if [ $# -eq 0 ]; then
+  echo "usage: $0 [-v] [-n] [-c] [sourcefile|sourcedir] ..." >&2
+  exit 1
+fi
+
+VERBOSE=false
+DONT=false
+STOPARGS=false
+COMMENTS=false
+CHANGED=false
+DEBUG=""
+
+# for this exercise, we want to force the openssl style, so we roll
+# our own indent profile, which is at a well known location
+INDENT_PROFILE="$HERE/indent.pro"
+export INDENT_PROFILE
+if [ ! -f "$INDENT_PROFILE" ]; then
+  echo "$0: unable to locate the openssl indent.pro file" >&2
+  exit 1
+fi
+
+# Extra arguments; for adding the comment-formatting
+INDENT_ARGS=""
+for i 
+do
+  if [ "$STOPARGS" != "true" ]; then
+    case $i in
+      --) STOPARGS="true"; continue;;
+      -n) DONT="true"; continue;;
+      -v) VERBOSE="true"; 
+	  echo "INDENT_PROFILE=$INDENT_PROFILE";
+	  continue;;
+      -c) COMMENTS="true"; 
+      	  INDENT_ARGS="-fc1 -fca -cdb -sc"; 
+	  continue;;
+      -nc) COMMENTS="true";
+	  continue;;
+      -d) DEBUG='eval tee "$j.pre" |'
+	  continue;;
+    esac
+  fi
+
+  if [ -d "$i" ]; then
+    LIST=`find "$i" -name '*.[ch]' -print`
+  else 
+    if [ ! -f "$i" ]; then
+      echo "$0: source file not found: $i" >&2
+      exit 1
+    fi
+    LIST="$i"
+  fi
+  
+  for j in $LIST
+  do
+    # ignore symlinks - we only ever process the base file - so if we
+    # expand a directory tree we need to ignore any located symlinks
+    if [ -d "$i" ]; then
+      if [ -h "$j" ]; then
+	continue;
+      fi
+    fi
+
+    if [ "$DONT" = "false" ]; then
+      tmp=$(mktemp /tmp/indent.XXXXXX)
+      trap 'rm -f "$tmp"' HUP INT TERM EXIT
+
+      case `basename $j` in 
+	# the list of files that indent is unable to handle correctly
+	# that we simply leave alone for manual formatting now
+	obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
+	  echo "skipping $j"
+	  ;;
+	*)
+	  if [ "$COMMENTS" = "true" ]; then
+	    # we have to mark single line comments as /*- ...*/ to stop indent
+	    # messing with them, run expand then indent as usual but with the
+	    # the process-comments options and then undo that marking, and then 
+	    # finally re-run indent without process-comments so the marked-to-
+	    # be-ignored comments we did automatically end up getting moved 
+	    # into the right possition within the code as indent leaves marked 
+	    # comments entirely untouched - we appear to have no way to avoid 
+	    # the double processing and get the desired output
+	    cat "$j" | \
+	    expand | \
+	    perl -0 -np \
+	      -e 's/(\n#[ \t]*ifdef[ \t]+__cplusplus\n[^\n]*\n#[ \t]*endif\n)/\n\/**INDENT-OFF**\/$1\/**INDENT-ON**\/\n/g;' \
+	      -e 's/(\n\/\*\!)/\n\/**/g;' \
+	      -e 's/(STACK_OF|LHASH_OF)\(([^ \t,\)]+)\)( |\n)/$1_$2_$3/g;' \
+	      | \
+	    perl -np \
+	      -e 's/^([ \t]*)\/\*([ \t]+.*)\*\/[ \t]*$/my ($x1,$x2) = ($1, $2); if (length("$x1$x2")<75 && $x2 !~ m#^\s*\*INDENT-(ON|OFF)\*\s*$#) {$c="-"}else{$c=""}; "$x1\/*$c$x2*\/"/e;' \
+	      -e 's/^\/\* ((Copyright|=|----).*)$/\/*-$1/;' \
+	      -e 's/^((DECLARE|IMPLEMENT)_.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)\(.*\)[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^(ASN1_ADB_TEMPLATE\(.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^((ASN1|ADB)_.*_(end|END)\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
+	      -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
+	      -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
+	      | \
+	      $DEBUG $INDENT $INDENT_ARGS | \
+	      perl -np \
+		-e 's/^([ \t]*)\/\*-(.*)\*\/[ \t]*$/$1\/*$2*\//;' \
+		-e 's/^\/\*-((Copyright|=|----).*)$/\/* $1/;' \
+	      | $INDENT | \
+	      perl -0 -np \
+		-e 's/\/\*\*INDENT-(ON|OFF)\*\*\/\n//g;' \
+	      | perl -np \
+	        -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_( |\/)/$1($2)$3/g;' \
+	        -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_$/$1($2)/g;' \
+	      | perl "$HERE"/su-filter.pl \
+	      > "$tmp"
+	  else
+	    expand "$j" | $INDENT $INDENT_ARGS > "$tmp"
+	  fi;
+	  if cmp -s "$tmp" "$j"; then
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j unchanged"
+	    fi
+	    rm "$tmp"
+	  else
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j changed"
+	    fi
+	    CHANGED=true
+	    mv "$tmp" "$j"
+	  fi
+	  ;;
+      esac
+    fi
+  done
+done
+
+
+if [ "$VERBOSE" = "true" ]; then
+  echo
+  if [ "$CHANGED" = "true" ]; then
+    echo "SOURCE WAS MODIFIED"
+  else
+    echo "SOURCE WAS NOT MODIFIED"
+  fi
+fi
diff --git a/openssl-1.1.0h/util/opensslwrap.sh b/openssl-1.1.0h/util/opensslwrap.sh
new file mode 100755
index 0000000..b27cbb8
--- /dev/null
+++ b/openssl-1.1.0h/util/opensslwrap.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+HERE="`echo $0 | sed -e 's|[^/]*$||'`"
+OPENSSL="${HERE}../apps/openssl"
+
+if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then
+	OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
+fi
+
+if [ -x "${OPENSSL}.exe" ]; then
+	# The original reason for this script existence is to work around
+	# certain caveats in run-time linker behaviour. On Windows platforms
+	# adjusting $PATH used to be sufficient, but with introduction of
+	# SafeDllSearchMode in XP/2003 the only way to get it right in
+	# *all* possible situations is to copy newly built .DLLs to apps/
+	# and test/, which is now done elsewhere... The $PATH is adjusted
+	# for backward compatibility (and nostagical reasons:-).
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${HERE}..:$PATH"; export PATH
+	fi
+	exec "${OPENSSL}.exe" "$@"
+elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
+	exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
+else
+	exec "${OPENSSL}" "$@"	# hope for the best...
+fi
diff --git a/openssl-1.1.0h/util/perl/OpenSSL/Glob.pm b/openssl-1.1.0h/util/perl/OpenSSL/Glob.pm
new file mode 100644
index 0000000..ec87da4
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/OpenSSL/Glob.pm
@@ -0,0 +1,21 @@
+package OpenSSL::Glob;
+
+use strict;
+use warnings;
+
+use File::Glob;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT);
+
+$VERSION = '0.1';
+@ISA = qw(Exporter);
+@EXPORT = qw(glob);
+
+sub glob {
+    goto &File::Glob::bsd_glob if $^O ne "VMS";
+    goto &CORE::glob;
+}
+
+1;
+__END__
diff --git a/openssl-1.1.0h/util/perl/OpenSSL/Test.pm b/openssl-1.1.0h/util/perl/OpenSSL/Test.pm
new file mode 100644
index 0000000..5de7b58
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/OpenSSL/Test.pm
@@ -0,0 +1,1051 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test;
+
+use strict;
+use warnings;
+
+use Test::More 0.96;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.8";
+@ISA = qw(Exporter);
+@EXPORT = (@Test::More::EXPORT, qw(setup indir app fuzz  perlapp test perltest
+                                   run));
+@EXPORT_OK = (@Test::More::EXPORT_OK, qw(bldtop_dir bldtop_file
+                                         srctop_dir srctop_file
+                                         data_file
+                                         pipe with cmdstr quotify));
+
+=head1 NAME
+
+OpenSSL::Test - a private extension of Test::More
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test;
+
+  setup("my_test_name");
+
+  ok(run(app(["openssl", "version"])), "check for openssl presence");
+
+  indir "subdir" => sub {
+    ok(run(test(["sometest", "arg1"], stdout => "foo.txt")),
+       "run sometest with output to foo.txt");
+  };
+
+=head1 DESCRIPTION
+
+This module is a private extension of L<Test::More> for testing OpenSSL.
+In addition to the Test::More functions, it also provides functions that
+easily find the diverse programs within a OpenSSL build tree, as well as
+some other useful functions.
+
+This module I<depends> on the environment variables C<$TOP> or C<$SRCTOP>
+and C<$BLDTOP>.  Without one of the combinations it refuses to work.
+See L</ENVIRONMENT> below.
+
+With each test recipe, a parallel data directory with (almost) the same name
+as the recipe is possible in the source directory tree.  For example, for a
+recipe C<$SRCTOP/test/recipes/99-foo.t>, there could be a directory
+C<$SRCTOP/test/recipes/99-foo_data/>.
+
+=cut
+
+use File::Copy;
+use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
+                             catdir catfile splitpath catpath devnull abs2rel
+                             rel2abs/;
+use File::Path 2.00 qw/rmtree mkpath/;
+use File::Basename;
+
+
+# The name of the test.  This is set by setup() and is used in the other
+# functions to verify that setup() has been used.
+my $test_name = undef;
+
+# Directories we want to keep track of TOP, APPS, TEST and RESULTS are the
+# ones we're interested in, corresponding to the environment variables TOP
+# (mandatory), BIN_D, TEST_D, UTIL_D and RESULT_D.
+my %directories = ();
+
+# The environment variables that gave us the contents in %directories.  These
+# get modified whenever we change directories, so that subprocesses can use
+# the values of those environment variables as well
+my @direnv = ();
+
+# A bool saying if we shall stop all testing if the current recipe has failing
+# tests or not.  This is set by setup() if the environment variable STOPTEST
+# is defined with a non-empty value.
+my $end_with_bailout = 0;
+
+# A set of hooks that is affected by with() and may be used in diverse places.
+# All hooks are expected to be CODE references.
+my %hooks = (
+
+    # exit_checker is used by run() directly after completion of a command.
+    # it receives the exit code from that command and is expected to return
+    # 1 (for success) or 0 (for failure).  This is the value that will be
+    # returned by run().
+    # NOTE: When run() gets the option 'capture => 1', this hook is ignored.
+    exit_checker => sub { return shift == 0 ? 1 : 0 },
+
+    );
+
+# Debug flag, to be set manually when needed
+my $debug = 0;
+
+# Declare some utility functions that are defined at the end
+sub bldtop_file;
+sub bldtop_dir;
+sub srctop_file;
+sub srctop_dir;
+sub quotify;
+
+# Declare some private functions that are defined at the end
+sub __env;
+sub __cwd;
+sub __apps_file;
+sub __results_file;
+sub __fixup_cmd;
+sub __build_cmd;
+
+=head2 Main functions
+
+The following functions are exported by default when using C<OpenSSL::Test>.
+
+=cut
+
+=over 4
+
+=item B<setup "NAME">
+
+C<setup> is used for initial setup, and it is mandatory that it's used.
+If it's not used in a OpenSSL test recipe, the rest of the recipe will
+most likely refuse to run.
+
+C<setup> checks for environment variables (see L</ENVIRONMENT> below),
+checks that C<$TOP/Configure> or C<$SRCTOP/Configure> exists, C<chdir>
+into the results directory (defined by the C<$RESULT_D> environment
+variable if defined, otherwise C<$BLDTOP/test> or C<$TOP/test>, whichever
+is defined).
+
+=back
+
+=cut
+
+sub setup {
+    my $old_test_name = $test_name;
+    $test_name = shift;
+
+    BAIL_OUT("setup() must receive a name") unless $test_name;
+    warn "setup() detected test name change.  Innocuous, so we continue...\n"
+        if $old_test_name && $old_test_name ne $test_name;
+
+    return if $old_test_name;
+
+    BAIL_OUT("setup() needs \$TOP or \$SRCTOP and \$BLDTOP to be defined")
+        unless $ENV{TOP} || ($ENV{SRCTOP} && $ENV{BLDTOP});
+    BAIL_OUT("setup() found both \$TOP and \$SRCTOP or \$BLDTOP...")
+        if $ENV{TOP} && ($ENV{SRCTOP} || $ENV{BLDTOP});
+
+    __env();
+
+    BAIL_OUT("setup() expects the file Configure in the source top directory")
+        unless -f srctop_file("Configure");
+
+    __cwd($directories{RESULTS});
+}
+
+=over 4
+
+=item B<indir "SUBDIR" =E<gt> sub BLOCK, OPTS>
+
+C<indir> is used to run a part of the recipe in a different directory than
+the one C<setup> moved into, usually a subdirectory, given by SUBDIR.
+The part of the recipe that's run there is given by the codeblock BLOCK.
+
+C<indir> takes some additional options OPTS that affect the subdirectory:
+
+=over 4
+
+=item B<create =E<gt> 0|1>
+
+When set to 1 (or any value that perl preceives as true), the subdirectory
+will be created if it doesn't already exist.  This happens before BLOCK
+is executed.
+
+=item B<cleanup =E<gt> 0|1>
+
+When set to 1 (or any value that perl preceives as true), the subdirectory
+will be cleaned out and removed.  This happens both before and after BLOCK
+is executed.
+
+=back
+
+An example:
+
+  indir "foo" => sub {
+      ok(run(app(["openssl", "version"]), stdout => "foo.txt"));
+      if (ok(open(RESULT, "foo.txt"), "reading foo.txt")) {
+          my $line = <RESULT>;
+          close RESULT;
+          is($line, qr/^OpenSSL 1\./,
+             "check that we're using OpenSSL 1.x.x");
+      }
+  }, create => 1, cleanup => 1;
+
+=back
+
+=cut
+
+sub indir {
+    my $subdir = shift;
+    my $codeblock = shift;
+    my %opts = @_;
+
+    my $reverse = __cwd($subdir,%opts);
+    BAIL_OUT("FAILURE: indir, \"$subdir\" wasn't possible to move into")
+	unless $reverse;
+
+    $codeblock->();
+
+    __cwd($reverse);
+
+    if ($opts{cleanup}) {
+	rmtree($subdir, { safe => 0 });
+    }
+}
+
+=over 4
+
+=item B<app ARRAYREF, OPTS>
+
+=item B<test ARRAYREF, OPTS>
+
+Both of these functions take a reference to a list that is a command and
+its arguments, and some additional options (described further on).
+
+C<app> expects to find the given command (the first item in the given list
+reference) as an executable in C<$BIN_D> (if defined, otherwise C<$TOP/apps>
+or C<$BLDTOP/apps>).
+
+C<test> expects to find the given command (the first item in the given list
+reference) as an executable in C<$TEST_D> (if defined, otherwise C<$TOP/test>
+or C<$BLDTOP/test>).
+
+Both return a CODEREF to be used by C<run>, C<pipe> or C<cmdstr>.
+
+The options that both C<app> and C<test> can take are in the form of hash
+values:
+
+=over 4
+
+=item B<stdin =E<gt> PATH>
+
+=item B<stdout =E<gt> PATH>
+
+=item B<stderr =E<gt> PATH>
+
+In all three cases, the corresponding standard input, output or error is
+redirected from (for stdin) or to (for the others) a file given by the
+string PATH, I<or>, if the value is C<undef>, C</dev/null> or similar.
+
+=back
+
+=item B<perlapp ARRAYREF, OPTS>
+
+=item B<perltest ARRAYREF, OPTS>
+
+Both these functions function the same way as B<app> and B<test>, except
+that they expect the command to be a perl script.  Also, they support one
+more option:
+
+=over 4
+
+=item B<interpreter_args =E<gt> ARRAYref>
+
+The array reference is a set of arguments for perl rather than the script.
+Take care so that none of them can be seen as a script!  Flags and their
+eventual arguments only!
+
+=back
+
+An example:
+
+  ok(run(perlapp(["foo.pl", "arg1"],
+                 interpreter_args => [ "-I", srctop_dir("test") ])));
+
+=back
+
+=cut
+
+sub app {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub { my $num = shift;
+		 return __build_cmd($num, \&__apps_file, $cmd, %opts); }
+}
+
+sub fuzz {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub { my $num = shift;
+		 return __build_cmd($num, \&__fuzz_file, $cmd, %opts); }
+}
+
+sub test {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub { my $num = shift;
+		 return __build_cmd($num, \&__test_file, $cmd, %opts); }
+}
+
+sub perlapp {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub { my $num = shift;
+		 return __build_cmd($num, \&__perlapps_file, $cmd, %opts); }
+}
+
+sub perltest {
+    my $cmd = shift;
+    my %opts = @_;
+    return sub { my $num = shift;
+		 return __build_cmd($num, \&__perltest_file, $cmd, %opts); }
+}
+
+=over 4
+
+=item B<run CODEREF, OPTS>
+
+This CODEREF is expected to be the value return by C<app> or C<test>,
+anything else will most likely cause an error unless you know what you're
+doing.
+
+C<run> executes the command returned by CODEREF and return either the
+resulting output (if the option C<capture> is set true) or a boolean indicating
+if the command succeeded or not.
+
+The options that C<run> can take are in the form of hash values:
+
+=over 4
+
+=item B<capture =E<gt> 0|1>
+
+If true, the command will be executed with a perl backtick, and C<run> will
+return the resulting output as an array of lines.  If false or not given,
+the command will be executed with C<system()>, and C<run> will return 1 if
+the command was successful or 0 if it wasn't.
+
+=back
+
+For further discussion on what is considered a successful command or not, see
+the function C<with> further down.
+
+=back
+
+=cut
+
+sub run {
+    my ($cmd, $display_cmd) = shift->(0);
+    my %opts = @_;
+
+    return () if !$cmd;
+
+    my $prefix = "";
+    if ( $^O eq "VMS" ) {	# VMS
+	$prefix = "pipe ";
+    }
+
+    my @r = ();
+    my $r = 0;
+    my $e = 0;
+
+    # In non-verbose, we want to shut up the command interpreter, in case
+    # it has something to complain about.  On VMS, it might complain both
+    # on stdout and stderr
+    my $save_STDOUT;
+    my $save_STDERR;
+    if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
+        open $save_STDOUT, '>&', \*STDOUT or die "Can't dup STDOUT: $!";
+        open $save_STDERR, '>&', \*STDERR or die "Can't dup STDERR: $!";
+        open STDOUT, ">", devnull();
+        open STDERR, ">", devnull();
+    }
+
+    # The dance we do with $? is the same dance the Unix shells appear to
+    # do.  For example, a program that gets aborted (and therefore signals
+    # SIGABRT = 6) will appear to exit with the code 134.  We mimic this
+    # to make it easier to compare with a manual run of the command.
+    if ($opts{capture}) {
+	@r = `$prefix$cmd`;
+	$e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
+    } else {
+	system("$prefix$cmd");
+	$e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
+	$r = $hooks{exit_checker}->($e);
+    }
+
+    if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
+        close STDOUT;
+        close STDERR;
+        open STDOUT, '>&', $save_STDOUT or die "Can't restore STDOUT: $!";
+        open STDERR, '>&', $save_STDERR or die "Can't restore STDERR: $!";
+    }
+
+    print STDERR "$prefix$display_cmd => $e\n"
+        if !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
+
+    # At this point, $? stops being interesting, and unfortunately,
+    # there are Test::More versions that get picky if we leave it
+    # non-zero.
+    $? = 0;
+
+    if ($opts{capture}) {
+	return @r;
+    } else {
+	return $r;
+    }
+}
+
+END {
+    my $tb = Test::More->builder;
+    my $failure = scalar(grep { $_ == 0; } $tb->summary);
+    if ($failure && $end_with_bailout) {
+	BAIL_OUT("Stoptest!");
+    }
+}
+
+=head2 Utility functions
+
+The following functions are exported on request when using C<OpenSSL::Test>.
+
+  # To only get the bldtop_file and srctop_file functions.
+  use OpenSSL::Test qw/bldtop_file srctop_file/;
+
+  # To only get the bldtop_file function in addition to the default ones.
+  use OpenSSL::Test qw/:DEFAULT bldtop_file/;
+
+=cut
+
+# Utility functions, exported on request
+
+=over 4
+
+=item B<bldtop_dir LIST>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+build directory (as indicated by the environment variable C<$TOP> or
+C<$BLDTOP>).
+C<bldtop_dir> returns the resulting directory as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub bldtop_dir {
+    return __bldtop_dir(@_);	# This caters for operating systems that have
+				# a very distinct syntax for directories.
+}
+
+=over 4
+
+=item B<bldtop_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+build directory (as indicated by the environment variable C<$TOP> or
+C<$BLDTOP>) and FILENAME is the name of a file located in that directory path.
+C<bldtop_file> returns the resulting file path as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub bldtop_file {
+    return __bldtop_file(@_);
+}
+
+=over 4
+
+=item B<srctop_dir LIST>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+source directory (as indicated by the environment variable C<$TOP> or
+C<$SRCTOP>).
+C<srctop_dir> returns the resulting directory as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub srctop_dir {
+    return __srctop_dir(@_);	# This caters for operating systems that have
+				# a very distinct syntax for directories.
+}
+
+=over 4
+
+=item B<srctop_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the top of the OpenSSL
+source directory (as indicated by the environment variable C<$TOP> or
+C<$SRCTOP>) and FILENAME is the name of a file located in that directory path.
+C<srctop_file> returns the resulting file path as a string, adapted to the local
+operating system.
+
+=back
+
+=cut
+
+sub srctop_file {
+    return __srctop_file(@_);
+}
+
+=over 4
+
+=item B<data_file LIST, FILENAME>
+
+LIST is a list of directories that make up a path from the data directory
+associated with the test (see L</DESCRIPTION> above) and FILENAME is the name
+of a file located in that directory path.  C<data_file> returns the resulting
+file path as a string, adapted to the local operating system.
+
+=back
+
+=cut
+
+sub data_file {
+    return __data_file(@_);
+}
+
+=over 4
+
+=item B<pipe LIST>
+
+LIST is a list of CODEREFs returned by C<app> or C<test>, from which C<pipe>
+creates a new command composed of all the given commands put together in a
+pipe.  C<pipe> returns a new CODEREF in the same manner as C<app> or C<test>,
+to be passed to C<run> for execution.
+
+=back
+
+=cut
+
+sub pipe {
+    my @cmds = @_;
+    return
+	sub {
+	    my @cs  = ();
+	    my @dcs = ();
+	    my @els = ();
+	    my $counter = 0;
+	    foreach (@cmds) {
+		my ($c, $dc, @el) = $_->(++$counter);
+
+		return () if !$c;
+
+		push @cs, $c;
+		push @dcs, $dc;
+		push @els, @el;
+	    }
+	    return (
+		join(" | ", @cs),
+		join(" | ", @dcs),
+		@els
+		);
+    };
+}
+
+=over 4
+
+=item B<with HASHREF, CODEREF>
+
+C<with> will temporarly install hooks given by the HASHREF and then execute
+the given CODEREF.  Hooks are usually expected to have a coderef as value.
+
+The currently available hoosk are:
+
+=over 4
+
+=item B<exit_checker =E<gt> CODEREF>
+
+This hook is executed after C<run> has performed its given command.  The
+CODEREF receives the exit code as only argument and is expected to return
+1 (if the exit code indicated success) or 0 (if the exit code indicated
+failure).
+
+=back
+
+=back
+
+=cut
+
+sub with {
+    my $opts = shift;
+    my %opts = %{$opts};
+    my $codeblock = shift;
+
+    my %saved_hooks = ();
+
+    foreach (keys %opts) {
+	$saved_hooks{$_} = $hooks{$_}	if exists($hooks{$_});
+	$hooks{$_} = $opts{$_};
+    }
+
+    $codeblock->();
+
+    foreach (keys %saved_hooks) {
+	$hooks{$_} = $saved_hooks{$_};
+    }
+}
+
+=over 4
+
+=item B<cmdstr CODEREF, OPTS>
+
+C<cmdstr> takes a CODEREF from C<app> or C<test> and simply returns the
+command as a string.
+
+C<cmdstr> takes some additiona options OPTS that affect the string returned:
+
+=over 4
+
+=item B<display =E<gt> 0|1>
+
+When set to 0, the returned string will be with all decorations, such as a
+possible redirect of stderr to the null device.  This is suitable if the
+string is to be used directly in a recipe.
+
+When set to 1, the returned string will be without extra decorations.  This
+is suitable for display if that is desired (doesn't confuse people with all
+internal stuff), or if it's used to pass a command down to a subprocess.
+
+Default: 0
+
+=back
+
+=back
+
+=cut
+
+sub cmdstr {
+    my ($cmd, $display_cmd) = shift->(0);
+    my %opts = @_;
+
+    if ($opts{display}) {
+        return $display_cmd;
+    } else {
+        return $cmd;
+    }
+}
+
+=over 4
+
+=item B<quotify LIST>
+
+LIST is a list of strings that are going to be used as arguments for a
+command, and makes sure to inject quotes and escapes as necessary depending
+on the content of each string.
+
+This can also be used to put quotes around the executable of a command.
+I<This must never ever be done on VMS.>
+
+=back
+
+=cut
+
+sub quotify {
+    # Unix setup (default if nothing else is mentioned)
+    my $arg_formatter =
+	sub { $_ = shift;
+	      ($_ eq '' || /\s|[\{\}\\\$\[\]\*\?\|\&:;<>]/) ? "'$_'" : $_ };
+
+    if ( $^O eq "VMS") {	# VMS setup
+	$arg_formatter = sub {
+	    $_ = shift;
+	    if ($_ eq '' || /\s|["[:upper:]]/) {
+		s/"/""/g;
+		'"'.$_.'"';
+	    } else {
+		$_;
+	    }
+	};
+    } elsif ( $^O eq "MSWin32") { # MSWin setup
+	$arg_formatter = sub {
+	    $_ = shift;
+	    if ($_ eq '' || /\s|["\|\&\*\;<>]/) {
+		s/(["\\])/\\$1/g;
+		'"'.$_.'"';
+	    } else {
+		$_;
+	    }
+	};
+    }
+
+    return map { $arg_formatter->($_) } @_;
+}
+
+######################################################################
+# private functions.  These are never exported.
+
+=head1 ENVIRONMENT
+
+OpenSSL::Test depends on some environment variables.
+
+=over 4
+
+=item B<TOP>
+
+This environment variable is mandatory.  C<setup> will check that it's
+defined and that it's a directory that contains the file C<Configure>.
+If this isn't so, C<setup> will C<BAIL_OUT>.
+
+=item B<BIN_D>
+
+If defined, its value should be the directory where the openssl application
+is located.  Defaults to C<$TOP/apps> (adapted to the operating system).
+
+=item B<TEST_D>
+
+If defined, its value should be the directory where the test applications
+are located.  Defaults to C<$TOP/test> (adapted to the operating system).
+
+=item B<STOPTEST>
+
+If defined, it puts testing in a different mode, where a recipe with
+failures will result in a C<BAIL_OUT> at the end of its run.
+
+=back
+
+=cut
+
+sub __env {
+    (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
+
+    $directories{SRCTOP}  = $ENV{SRCTOP} || $ENV{TOP};
+    $directories{BLDTOP}  = $ENV{BLDTOP} || $ENV{TOP};
+    $directories{BLDAPPS} = $ENV{BIN_D}  || __bldtop_dir("apps");
+    $directories{SRCAPPS} =                 __srctop_dir("apps");
+    $directories{BLDFUZZ} =                 __bldtop_dir("fuzz");
+    $directories{SRCFUZZ} =                 __srctop_dir("fuzz");
+    $directories{BLDTEST} = $ENV{TEST_D} || __bldtop_dir("test");
+    $directories{SRCTEST} =                 __srctop_dir("test");
+    $directories{SRCDATA} =                 __srctop_dir("test", "recipes",
+                                                         $recipe_datadir);
+    $directories{RESULTS} = $ENV{RESULT_D} || $directories{BLDTEST};
+
+    push @direnv, "TOP"       if $ENV{TOP};
+    push @direnv, "SRCTOP"    if $ENV{SRCTOP};
+    push @direnv, "BLDTOP"    if $ENV{BLDTOP};
+    push @direnv, "BIN_D"     if $ENV{BIN_D};
+    push @direnv, "TEST_D"    if $ENV{TEST_D};
+    push @direnv, "RESULT_D"  if $ENV{RESULT_D};
+
+    $end_with_bailout	  = $ENV{STOPTEST} ? 1 : 0;
+};
+
+sub __srctop_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{SRCTOP},@_,$f);
+}
+
+sub __srctop_dir {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    return catdir($directories{SRCTOP},@_);
+}
+
+sub __bldtop_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{BLDTOP},@_,$f);
+}
+
+sub __bldtop_dir {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    return catdir($directories{BLDTOP},@_);
+}
+
+sub __exeext {
+    my $ext = "";
+    if ($^O eq "VMS" ) {	# VMS
+	$ext = ".exe";
+    } elsif ($^O eq "MSWin32") { # Windows
+	$ext = ".exe";
+    }
+    return $ENV{"EXE_EXT"} || $ext;
+}
+
+sub __test_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    my $out = catfile($directories{BLDTEST},@_,$f . __exeext());
+    $out = catfile($directories{SRCTEST},@_,$f) unless -x $out;
+    return $out;
+}
+
+sub __perltest_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    my $out = catfile($directories{BLDTEST},@_,$f);
+    $out = catfile($directories{SRCTEST},@_,$f) unless -f $out;
+    return ($^X, $out);
+}
+
+sub __apps_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    my $out = catfile($directories{BLDAPPS},@_,$f . __exeext());
+    $out = catfile($directories{SRCAPPS},@_,$f) unless -x $out;
+    return $out;
+}
+
+sub __fuzz_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    my $out = catfile($directories{BLDFUZZ},@_,$f . __exeext());
+    $out = catfile($directories{SRCFUZZ},@_,$f) unless -x $out;
+    return $out;
+}
+
+sub __perlapps_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    my $out = catfile($directories{BLDAPPS},@_,$f);
+    $out = catfile($directories{SRCAPPS},@_,$f) unless -f $out;
+    return ($^X, $out);
+}
+
+sub __data_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{SRCDATA},@_,$f);
+}
+
+sub __results_file {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $f = pop;
+    return catfile($directories{RESULTS},@_,$f);
+}
+
+sub __cwd {
+    my $dir = catdir(shift);
+    my %opts = @_;
+    my $abscurdir = rel2abs(curdir());
+    my $absdir = rel2abs($dir);
+    my $reverse = abs2rel($abscurdir, $absdir);
+
+    # PARANOIA: if we're not moving anywhere, we do nothing more
+    if ($abscurdir eq $absdir) {
+	return $reverse;
+    }
+
+    # Do not support a move to a different volume for now.  Maybe later.
+    BAIL_OUT("FAILURE: \"$dir\" moves to a different volume, not supported")
+	if $reverse eq $abscurdir;
+
+    # If someone happened to give a directory that leads back to the current,
+    # it's extremely silly to do anything more, so just simulate that we did
+    # move.
+    # In this case, we won't even clean it out, for safety's sake.
+    return "." if $reverse eq "";
+
+    $dir = canonpath($dir);
+    if ($opts{create}) {
+	mkpath($dir);
+    }
+
+    # We are recalculating the directories we keep track of, but need to save
+    # away the result for after having moved into the new directory.
+    my %tmp_directories = ();
+    my %tmp_ENV = ();
+
+    # For each of these directory variables, figure out where they are relative
+    # to the directory we want to move to if they aren't absolute (if they are,
+    # they don't change!)
+    my @dirtags = sort keys %directories;
+    foreach (@dirtags) {
+	if (!file_name_is_absolute($directories{$_})) {
+	    my $newpath = abs2rel(rel2abs($directories{$_}), rel2abs($dir));
+	    $tmp_directories{$_} = $newpath;
+	}
+    }
+
+    # Treat each environment variable that was used to get us the values in
+    # %directories the same was as the paths in %directories, so any sub
+    # process can use their values properly as well
+    foreach (@direnv) {
+	if (!file_name_is_absolute($ENV{$_})) {
+	    my $newpath = abs2rel(rel2abs($ENV{$_}), rel2abs($dir));
+	    $tmp_ENV{$_} = $newpath;
+	}
+    }
+
+    # Should we just bail out here as well?  I'm unsure.
+    return undef unless chdir($dir);
+
+    if ($opts{cleanup}) {
+	rmtree(".", { safe => 0, keep_root => 1 });
+    }
+
+    # We put back new values carefully.  Doing the obvious
+    # %directories = ( %tmp_irectories )
+    # will clear out any value that happens to be an absolute path
+    foreach (keys %tmp_directories) {
+        $directories{$_} = $tmp_directories{$_};
+    }
+    foreach (keys %tmp_ENV) {
+        $ENV{$_} = $tmp_ENV{$_};
+    }
+
+    if ($debug) {
+	print STDERR "DEBUG: __cwd(), directories and files:\n";
+	print STDERR "  \$directories{BLDTEST} = \"$directories{BLDTEST}\"\n";
+	print STDERR "  \$directories{SRCTEST} = \"$directories{SRCTEST}\"\n";
+	print STDERR "  \$directories{SRCDATA} = \"$directories{SRCDATA}\"\n";
+	print STDERR "  \$directories{RESULTS} = \"$directories{RESULTS}\"\n";
+	print STDERR "  \$directories{BLDAPPS} = \"$directories{BLDAPPS}\"\n";
+	print STDERR "  \$directories{SRCAPPS} = \"$directories{SRCAPPS}\"\n";
+	print STDERR "  \$directories{SRCTOP}  = \"$directories{SRCTOP}\"\n";
+	print STDERR "  \$directories{BLDTOP}  = \"$directories{BLDTOP}\"\n";
+	print STDERR "\n";
+	print STDERR "  current directory is \"",curdir(),"\"\n";
+	print STDERR "  the way back is \"$reverse\"\n";
+    }
+
+    return $reverse;
+}
+
+sub __fixup_cmd {
+    my $prog = shift;
+    my $exe_shell = shift;
+
+    my $prefix = __bldtop_file("util", "shlib_wrap.sh")." ";
+
+    if (defined($exe_shell)) {
+	$prefix = "$exe_shell ";
+    } elsif ($^O eq "VMS" ) {	# VMS
+	$prefix = ($prog =~ /^(?:[\$a-z0-9_]+:)?[<\[]/i ? "mcr " : "mcr []");
+    } elsif ($^O eq "MSWin32") { # Windows
+	$prefix = "";
+    }
+
+    # We test both with and without extension.  The reason
+    # is that we might be passed a complete file spec, with
+    # extension.
+    if ( ! -x $prog ) {
+	my $prog = "$prog";
+	if ( ! -x $prog ) {
+	    $prog = undef;
+	}
+    }
+
+    if (defined($prog)) {
+	# Make sure to quotify the program file on platforms that may
+	# have spaces or similar in their path name.
+	# To our knowledge, VMS is the exception where quotifying should
+	# never happen.
+	($prog) = quotify($prog) unless $^O eq "VMS";
+	return $prefix.$prog;
+    }
+
+    print STDERR "$prog not found\n";
+    return undef;
+}
+
+sub __build_cmd {
+    BAIL_OUT("Must run setup() first") if (! $test_name);
+
+    my $num = shift;
+    my $path_builder = shift;
+    # Make a copy to not destroy the caller's array
+    my @cmdarray = ( @{$_[0]} ); shift;
+    my %opts = @_;
+
+    # We do a little dance, as $path_builder might return a list of
+    # more than one.  If so, only the first is to be considered a
+    # program to fix up, the rest is part of the arguments.  This
+    # happens for perl scripts, where $path_builder will return
+    # a list of two, $^X and the script name.
+    # Also, if $path_builder returned more than one, we don't apply
+    # the EXE_SHELL environment variable.
+    my @prog = ($path_builder->(shift @cmdarray));
+    my $first = shift @prog;
+    my $exe_shell = @prog ? undef : $ENV{EXE_SHELL};
+    my $cmd = __fixup_cmd($first, $exe_shell);
+    if (@prog) {
+	if ( ! -f $prog[0] ) {
+	    print STDERR "$prog[0] not found\n";
+	    $cmd = undef;
+	}
+    }
+    my @args = (@prog, @cmdarray);
+    if (defined($opts{interpreter_args})) {
+        unshift @args, @{$opts{interpreter_args}};
+    }
+
+    return () if !$cmd;
+
+    my $arg_str = "";
+    my $null = devnull();
+
+
+    $arg_str = " ".join(" ", quotify @args) if @args;
+
+    my $fileornull = sub { $_[0] ? $_[0] : $null; };
+    my $stdin = "";
+    my $stdout = "";
+    my $stderr = "";
+    my $saved_stderr = undef;
+    $stdin = " < ".$fileornull->($opts{stdin})  if exists($opts{stdin});
+    $stdout= " > ".$fileornull->($opts{stdout}) if exists($opts{stdout});
+    $stderr=" 2> ".$fileornull->($opts{stderr}) if exists($opts{stderr});
+
+    my $display_cmd = "$cmd$arg_str$stdin$stdout$stderr";
+
+    $stderr=" 2> ".$null
+        unless $stderr || !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
+
+    $cmd .= "$arg_str$stdin$stdout$stderr";
+
+    if ($debug) {
+	print STDERR "DEBUG[__build_cmd]: \$cmd = \"$cmd\"\n";
+	print STDERR "DEBUG[__build_cmd]: \$display_cmd = \"$display_cmd\"\n";
+    }
+
+    return ($cmd, $display_cmd);
+}
+
+=head1 SEE ALSO
+
+L<Test::More>, L<Test::Harness>
+
+=head1 AUTHORS
+
+Richard Levitte E<lt>levitte@openssl.orgE<gt> with assitance and
+inspiration from Andy Polyakov E<lt>appro@openssl.org<gt>.
+
+=cut
+
+1;
diff --git a/openssl-1.1.0h/util/perl/OpenSSL/Test/Simple.pm b/openssl-1.1.0h/util/perl/OpenSSL/Test/Simple.pm
new file mode 100644
index 0000000..c5a84d5
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/OpenSSL/Test/Simple.pm
@@ -0,0 +1,91 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test::Simple;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.2";
+@ISA = qw(Exporter);
+@EXPORT = qw(simple_test);
+
+=head1 NAME
+
+OpenSSL::Test::Simple - a few very simple test functions
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test::Simple;
+
+  simple_test("my_test_name", "destest", "des");
+
+=head1 DESCRIPTION
+
+Sometimes, the functions in L<OpenSSL::Test> are quite tedious for some
+repetitive tasks.  This module provides functions to make life easier.
+You could call them hacks if you wish.
+
+=cut
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+=over 4
+
+=item B<simple_test NAME, PROGRAM, ALGORITHM>
+
+Runs a test named NAME, running the program PROGRAM with no arguments,
+to test the algorithm ALGORITHM.
+
+A complete recipe looks like this:
+
+  use OpenSSL::Test::Simple;
+
+  simple_test("test_bf", "bftest", "bf");
+
+=back
+
+=cut
+
+# args:
+#  name			(used with setup())
+#  algorithm		(used to check if it's at all supported)
+#  name of binary	(the program that does the actual test)
+sub simple_test {
+    my ($name, $prgr, @algos) = @_;
+
+    setup($name);
+
+    if (scalar(disabled(@algos))) {
+	if (scalar(@algos) == 1) {
+	    plan skip_all => $algos[0]." is not supported by this OpenSSL build";
+	} else {
+	    my $last = pop @algos;
+	    plan skip_all => join(", ", @algos)." and $last are not supported by this OpenSSL build";
+	}
+    }
+
+    plan tests => 1;
+
+    ok(run(test([$prgr])), "running $prgr");
+}
+
+=head1 SEE ALSO
+
+L<OpenSSL::Test>
+
+=head1 AUTHORS
+
+Richard Levitte E<lt>levitte@openssl.orgE<gt> with inspiration
+from Rich Salz E<lt>rsalz@openssl.orgE<gt>.
+
+=cut
+
+1;
diff --git a/openssl-1.1.0h/util/perl/OpenSSL/Test/Utils.pm b/openssl-1.1.0h/util/perl/OpenSSL/Test/Utils.pm
new file mode 100644
index 0000000..7b0a705
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/OpenSSL/Test/Utils.pm
@@ -0,0 +1,240 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Test::Utils;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.1";
+@ISA = qw(Exporter);
+@EXPORT = qw(alldisabled anydisabled disabled config available_protocols
+             have_IPv4 have_IPv6);
+
+=head1 NAME
+
+OpenSSL::Test::Utils - test utility functions
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Test::Utils;
+
+  my @tls = available_protocols("tls");
+  my @dtls = available_protocols("dtls");
+  alldisabled("dh", "dsa");
+  anydisabled("dh", "dsa");
+
+  config("fips");
+
+  have_IPv4();
+  have_IPv6();
+
+=head1 DESCRIPTION
+
+This module provides utility functions for the testing framework.
+
+=cut
+
+use OpenSSL::Test qw/:DEFAULT bldtop_file/;
+
+=over 4
+
+=item B<available_protocols STRING>
+
+Returns a list of strings for all the available SSL/TLS versions if
+STRING is "tls", or for all the available DTLS versions if STRING is
+"dtls".  Otherwise, it returns the empty list.  The strings in the
+returned list can be used with B<alldisabled> and B<anydisabled>.
+
+=item B<alldisabled ARRAY>
+=item B<anydisabled ARRAY>
+
+In an array context returns an array with each element set to 1 if the
+corresponding feature is disabled and 0 otherwise.
+
+In a scalar context, alldisabled returns 1 if all of the features in
+ARRAY are disabled, while anydisabled returns 1 if any of them are
+disabled.
+
+=item B<config STRING>
+
+Returns an item from the %config hash in \$TOP/configdata.pm.
+
+=item B<have_IPv4>
+=item B<have_IPv6>
+
+Return true if IPv4 / IPv6 is possible to use on the current system.
+
+=back
+
+=cut
+
+our %available_protocols;
+our %disabled;
+our %config;
+my $configdata_loaded = 0;
+
+sub load_configdata {
+    # We eval it so it doesn't run at compile time of this file.
+    # The latter would have bldtop_file() complain that setup() hasn't
+    # been run yet.
+    my $configdata = bldtop_file("configdata.pm");
+    eval { require $configdata;
+	   %available_protocols = %configdata::available_protocols;
+	   %disabled = %configdata::disabled;
+	   %config = %configdata::config;
+    };
+    $configdata_loaded = 1;
+}
+
+# args
+#  list of 1s and 0s, coming from check_disabled()
+sub anyof {
+    my $x = 0;
+    foreach (@_) { $x += $_ }
+    return $x > 0;
+}
+
+# args
+#  list of 1s and 0s, coming from check_disabled()
+sub allof {
+    my $x = 1;
+    foreach (@_) { $x *= $_ }
+    return $x > 0;
+}
+
+# args
+#  list of strings, all of them should be names of features
+#  that can be disabled.
+# returns a list of 1s (if the corresponding feature is disabled)
+#  and 0s (if it isn't)
+sub check_disabled {
+    return map { exists $disabled{lc $_} ? 1 : 0 } @_;
+}
+
+# Exported functions #################################################
+
+# args:
+#  list of features to check
+sub anydisabled {
+    load_configdata() unless $configdata_loaded;
+    my @ret = check_disabled(@_);
+    return @ret if wantarray;
+    return anyof(@ret);
+}
+
+# args:
+#  list of features to check
+sub alldisabled {
+    load_configdata() unless $configdata_loaded;
+    my @ret = check_disabled(@_);
+    return @ret if wantarray;
+    return allof(@ret);
+}
+
+# !!! Kept for backward compatibility
+# args:
+#  single string
+sub disabled {
+    anydisabled(@_);
+}
+
+sub available_protocols {
+    load_configdata() unless $configdata_loaded;
+    my $protocol_class = shift;
+    if (exists $available_protocols{lc $protocol_class}) {
+	return @{$available_protocols{lc $protocol_class}}
+    }
+    return ();
+}
+
+sub config {
+    load_configdata() unless $configdata_loaded;
+    return $config{$_[0]};
+}
+
+# IPv4 / IPv6 checker
+my $have_IPv4 = -1;
+my $have_IPv6 = -1;
+my $IP_factory;
+sub check_IP {
+    my $listenaddress = shift;
+
+    eval {
+        require IO::Socket::IP;
+        my $s = IO::Socket::IP->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    eval {
+        require IO::Socket::INET6;
+        my $s = IO::Socket::INET6->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    eval {
+        require IO::Socket::INET;
+        my $s = IO::Socket::INET->new(
+            LocalAddr => $listenaddress,
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        return 1;
+    }
+
+    return 0;
+}
+
+sub have_IPv4 {
+    if ($have_IPv4 < 0) {
+        $have_IPv4 = check_IP("127.0.0.1");
+    }
+    return $have_IPv4;
+}
+
+sub have_IPv6 {
+    if ($have_IPv6 < 0) {
+        $have_IPv6 = check_IP("::1");
+    }
+    return $have_IPv6;
+}
+
+
+=head1 SEE ALSO
+
+L<OpenSSL::Test>
+
+=head1 AUTHORS
+
+Stephen Henson E<lt>steve@openssl.orgE<gt> and
+Richard Levitte E<lt>levitte@openssl.orgE<gt>
+
+=cut
+
+1;
diff --git a/openssl-1.1.0h/util/perl/OpenSSL/Util/Pod.pm b/openssl-1.1.0h/util/perl/OpenSSL/Util/Pod.pm
new file mode 100644
index 0000000..5c0af95
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/OpenSSL/Util/Pod.pm
@@ -0,0 +1,158 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Util::Pod;
+
+use strict;
+use warnings;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+$VERSION = "0.1";
+@ISA = qw(Exporter);
+@EXPORT = qw(extract_pod_info);
+@EXPORT_OK = qw();
+
+=head1 NAME
+
+OpenSSL::Util::Pod - utilities to manipulate .pod files
+
+=head1 SYNOPSIS
+
+  use OpenSSL::Util::Pod;
+
+  my %podinfo = extract_pod_info("foo.pod");
+
+  # or if the file is already opened...  Note that this consumes the
+  # remainder of the file.
+
+  my %podinfo = extract_pod_info(\*STDIN);
+
+=head1 DESCRIPTION
+
+=over
+
+=item B<extract_pod_info "FILENAME", HASHREF>
+
+=item B<extract_pod_info "FILENAME">
+
+=item B<extract_pod_info GLOB, HASHREF>
+
+=item B<extract_pod_info GLOB>
+
+Extracts information from a .pod file, given a STRING (file name) or a
+GLOB (a file handle).  The result is given back as a hash table.
+
+The additional hash is for extra parameters:
+
+=over
+
+=item B<section =E<gt> N>
+
+The value MUST be a number, and will be the default man section number
+to be used with the given .pod file.  This number can be altered if
+the .pod file has a line like this:
+
+  =for comment openssl_manual_section: 4
+
+=item B<debug =E<gt> 0|1>
+
+If set to 1, extra debug text will be printed on STDERR
+
+=back
+
+=back
+
+=head1 RETURN VALUES
+
+=over
+
+=item B<extract_pod_info> returns a hash table with the following
+items:
+
+=over
+
+=item B<section =E<gt> N>
+
+The man section number this .pod file belongs to.  Often the same as
+was given as input.
+
+=item B<names =E<gt> [ "name", ... ]>
+
+All the names extracted from the NAME section.
+
+=back
+
+=back
+
+=cut
+
+sub extract_pod_info {
+    my $input = shift;
+    my $defaults_ref = shift || {};
+    my %defaults = ( debug => 0, section => 0, %$defaults_ref );
+    my $fh = undef;
+    my $filename = undef;
+
+    # If not a file handle, then it's assume to be a file path (a string)
+    unless (ref $input eq "GLOB") {
+        $filename = $input;
+        open $fh, $input or die "Trying to read $filename: $!\n";
+        print STDERR "DEBUG: Reading $input\n" if $defaults{debug};
+        $input = $fh;
+    }
+
+    my %podinfo = ( section => $defaults{section});
+    while(<$input>) {
+        s|\R$||;
+        if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
+            print STDERR "DEBUG: Found man section number $1\n"
+                if $defaults{debug};
+            $podinfo{section} = $1;
+        }
+
+        # Stop reading when we have reached past the NAME section.
+        last if (m|^=head1|
+                 && defined $podinfo{lastsect}
+                 && $podinfo{lastsect} eq "NAME");
+
+        # Collect the section name
+        if (m|^=head1\s*(.*)|) {
+            $podinfo{lastsect} = $1;
+            $podinfo{lastsect} =~ s/\s+$//;
+            print STDERR "DEBUG: Found new pod section $1\n"
+                if $defaults{debug};
+            print STDERR "DEBUG: Clearing pod section text\n"
+                if $defaults{debug};
+            $podinfo{lastsecttext} = "";
+        }
+
+        next if (m|^=| || m|^\s*$|);
+
+        # Collect the section text
+        print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
+            if $defaults{debug};
+        $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
+        $podinfo{lastsecttext} .= $_;
+    }
+
+
+    if (defined $fh) {
+        close $fh;
+        print STDERR "DEBUG: Done reading $filename\n" if $defaults{debug};
+    }
+
+    $podinfo{lastsecttext} =~ s| - .*$||;
+
+    my @names =
+        map { s|\s+||g; $_ }
+        split(m|,|, $podinfo{lastsecttext});
+
+    return ( section => $podinfo{section}, names => [ @names ] );
+}
+
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/ClientHello.pm b/openssl-1.1.0h/util/perl/TLSProxy/ClientHello.pm
new file mode 100644
index 0000000..ec739d2
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/ClientHello.pm
@@ -0,0 +1,242 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ClientHello;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        1,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{client_version} = 0;
+    $self->{random} = [];
+    $self->{session_id_len} = 0;
+    $self->{session} = "";
+    $self->{ciphersuite_len} = 0;
+    $self->{ciphersuites} = [];
+    $self->{comp_meth_len} = 0;
+    $self->{comp_meths} = [];
+    $self->{extensions_len} = 0;
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $ptr = 2;
+    my ($client_version) = unpack('n', $self->data);
+    my $random = substr($self->data, $ptr, 32);
+    $ptr += 32;
+    my $session_id_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my $session = substr($self->data, $ptr, $session_id_len);
+    $ptr += $session_id_len;
+    my $ciphersuite_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my @ciphersuites = unpack('n*', substr($self->data, $ptr,
+                                           $ciphersuite_len));
+    $ptr += $ciphersuite_len;
+    my $comp_meth_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my @comp_meths = unpack('C*', substr($self->data, $ptr, $comp_meth_len));
+    $ptr += $comp_meth_len;
+    my $extensions_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    #For now we just deal with this as a block of data. In the future we will
+    #want to parse this
+    my $extension_data = substr($self->data, $ptr);
+
+    if (length($extension_data) != $extensions_len) {
+        die "Invalid extension length\n";
+    }
+    my %extensions = ();
+    while (length($extension_data) >= 4) {
+        my ($type, $size) = unpack("nn", $extension_data);
+        my $extdata = substr($extension_data, 4, $size);
+        $extension_data = substr($extension_data, 4 + $size);
+        $extensions{$type} = $extdata;
+    }
+
+    $self->client_version($client_version);
+    $self->random($random);
+    $self->session_id_len($session_id_len);
+    $self->session($session);
+    $self->ciphersuite_len($ciphersuite_len);
+    $self->ciphersuites(\@ciphersuites);
+    $self->comp_meth_len($comp_meth_len);
+    $self->comp_meths(\@comp_meths);
+    $self->extensions_len($extensions_len);
+    $self->extension_data(\%extensions);
+
+    $self->process_extensions();
+
+    print "    Client Version:".$client_version."\n";
+    print "    Session ID Len:".$session_id_len."\n";
+    print "    Ciphersuite len:".$ciphersuite_len."\n";
+    print "    Compression Method Len:".$comp_meth_len."\n";
+    print "    Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the extensions we've seen
+sub process_extensions
+{
+    my $self = shift;
+    my %extensions = %{$self->extension_data};
+
+    #Clear any state from a previous run
+    TLSProxy::Record->etm(0);
+
+    if (exists $extensions{TLSProxy::Message::EXT_ENCRYPT_THEN_MAC}) {
+        TLSProxy::Record->etm(1);
+    }
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    $data = pack('n', $self->client_version);
+    $data .= $self->random;
+    $data .= pack('C', $self->session_id_len);
+    $data .= $self->session;
+    $data .= pack('n', $self->ciphersuite_len);
+    $data .= pack("n*", @{$self->ciphersuites});
+    $data .= pack('C', $self->comp_meth_len);
+    $data .= pack("C*", @{$self->comp_meths});
+
+    foreach my $key (keys %{$self->extension_data}) {
+        my $extdata = ${$self->extension_data}{$key};
+        $extensions .= pack("n", $key);
+        $extensions .= pack("n", length($extdata));
+        $extensions .= $extdata;
+        if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
+          $extensions .= pack("n", $key);
+          $extensions .= pack("n", length($extdata));
+          $extensions .= $extdata;
+        }
+    }
+
+    $data .= pack('n', length($extensions));
+    $data .= $extensions;
+
+    $self->data($data);
+}
+
+#Read/write accessors
+sub client_version
+{
+    my $self = shift;
+    if (@_) {
+      $self->{client_version} = shift;
+    }
+    return $self->{client_version};
+}
+sub random
+{
+    my $self = shift;
+    if (@_) {
+      $self->{random} = shift;
+    }
+    return $self->{random};
+}
+sub session_id_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session_id_len} = shift;
+    }
+    return $self->{session_id_len};
+}
+sub session
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session} = shift;
+    }
+    return $self->{session};
+}
+sub ciphersuite_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuite_len} = shift;
+    }
+    return $self->{ciphersuite_len};
+}
+sub ciphersuites
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuites} = shift;
+    }
+    return $self->{ciphersuites};
+}
+sub comp_meth_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meth_len} = shift;
+    }
+    return $self->{comp_meth_len};
+}
+sub comp_meths
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meths} = shift;
+    }
+    return $self->{comp_meths};
+}
+sub extensions_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extensions_len} = shift;
+    }
+    return $self->{extensions_len};
+}
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/Message.pm b/openssl-1.1.0h/util/perl/TLSProxy/Message.pm
new file mode 100644
index 0000000..0821bde
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/Message.pm
@@ -0,0 +1,456 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::Message;
+
+use constant TLS_MESSAGE_HEADER_LENGTH => 4;
+
+#Message types
+use constant {
+    MT_HELLO_REQUEST => 0,
+    MT_CLIENT_HELLO => 1,
+    MT_SERVER_HELLO => 2,
+    MT_NEW_SESSION_TICKET => 4,
+    MT_CERTIFICATE => 11,
+    MT_SERVER_KEY_EXCHANGE => 12,
+    MT_CERTIFICATE_REQUEST => 13,
+    MT_SERVER_HELLO_DONE => 14,
+    MT_CERTIFICATE_VERIFY => 15,
+    MT_CLIENT_KEY_EXCHANGE => 16,
+    MT_FINISHED => 20,
+    MT_CERTIFICATE_STATUS => 22,
+    MT_NEXT_PROTO => 67
+};
+
+#Alert levels
+use constant {
+    AL_LEVEL_WARN => 1,
+    AL_LEVEL_FATAL => 2
+};
+
+#Alert descriptions
+use constant {
+    AL_DESC_CLOSE_NOTIFY => 0,
+    AL_DESC_UNEXPECTED_MESSAGE => 10,
+    AL_DESC_NO_RENEGOTIATION => 100
+};
+
+my %message_type = (
+    MT_HELLO_REQUEST, "HelloRequest",
+    MT_CLIENT_HELLO, "ClientHello",
+    MT_SERVER_HELLO, "ServerHello",
+    MT_NEW_SESSION_TICKET, "NewSessionTicket",
+    MT_CERTIFICATE, "Certificate",
+    MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
+    MT_CERTIFICATE_REQUEST, "CertificateRequest",
+    MT_SERVER_HELLO_DONE, "ServerHelloDone",
+    MT_CERTIFICATE_VERIFY, "CertificateVerify",
+    MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
+    MT_FINISHED, "Finished",
+    MT_CERTIFICATE_STATUS, "CertificateStatus",
+    MT_NEXT_PROTO, "NextProto"
+);
+
+use constant {
+    EXT_STATUS_REQUEST => 5,
+    EXT_ENCRYPT_THEN_MAC => 22,
+    EXT_EXTENDED_MASTER_SECRET => 23,
+    EXT_SESSION_TICKET => 35,
+    # This extension does not exist and isn't recognised by OpenSSL.
+    # We use it to test handling of duplicate extensions.
+    EXT_DUPLICATE_EXTENSION => 1234
+};
+
+my $payload = "";
+my $messlen = -1;
+my $mt;
+my $startoffset = -1;
+my $server = 0;
+my $success = 0;
+my $end = 0;
+my @message_rec_list = ();
+my @message_frag_lens = ();
+my $ciphersuite = 0;
+
+sub clear
+{
+    $payload = "";
+    $messlen = -1;
+    $startoffset = -1;
+    $server = 0;
+    $success = 0;
+    $end = 0;
+    @message_rec_list = ();
+    @message_frag_lens = ();
+}
+
+#Class method to extract messages from a record
+sub get_messages
+{
+    my $class = shift;
+    my $serverin = shift;
+    my $record = shift;
+    my @messages = ();
+    my $message;
+
+    @message_frag_lens = ();
+
+    if ($serverin != $server && length($payload) != 0) {
+        die "Changed peer, but we still have fragment data\n";
+    }
+    $server = $serverin;
+
+    if ($record->content_type == TLSProxy::Record::RT_CCS) {
+        if ($payload ne "") {
+            #We can't handle this yet
+            die "CCS received before message data complete\n";
+        }
+        if ($server) {
+            TLSProxy::Record->server_ccs_seen(1);
+        } else {
+            TLSProxy::Record->client_ccs_seen(1);
+        }
+    } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
+        if ($record->len == 0 || $record->len_real == 0) {
+            print "  Message truncated\n";
+        } else {
+            my $recoffset = 0;
+
+            if (length $payload > 0) {
+                #We are continuing processing a message started in a previous
+                #record. Add this record to the list associated with this
+                #message
+                push @message_rec_list, $record;
+
+                if ($messlen <= length($payload)) {
+                    #Shouldn't happen
+                    die "Internal error: invalid messlen: ".$messlen
+                        ." payload length:".length($payload)."\n";
+                }
+                if (length($payload) + $record->decrypt_len >= $messlen) {
+                    #We can complete the message with this record
+                    $recoffset = $messlen - length($payload);
+                    $payload .= substr($record->decrypt_data, 0, $recoffset);
+                    push @message_frag_lens, $recoffset;
+                    $message = create_message($server, $mt, $payload,
+                                              $startoffset);
+                    push @messages, $message;
+
+                    $payload = "";
+                } else {
+                    #This is just part of the total message
+                    $payload .= $record->decrypt_data;
+                    $recoffset = $record->decrypt_len;
+                    push @message_frag_lens, $record->decrypt_len;
+                }
+                print "  Partial message data read: ".$recoffset." bytes\n";
+            }
+
+            while ($record->decrypt_len > $recoffset) {
+                #We are at the start of a new message
+                if ($record->decrypt_len - $recoffset < 4) {
+                    #Whilst technically probably valid we can't cope with this
+                    die "End of record in the middle of a message header\n";
+                }
+                @message_rec_list = ($record);
+                my $lenhi;
+                my $lenlo;
+                ($mt, $lenhi, $lenlo) = unpack('CnC',
+                                               substr($record->decrypt_data,
+                                                      $recoffset));
+                $messlen = ($lenhi << 8) | $lenlo;
+                print "  Message type: $message_type{$mt}\n";
+                print "  Message Length: $messlen\n";
+                $startoffset = $recoffset;
+                $recoffset += 4;
+                $payload = "";
+                
+                if ($recoffset <= $record->decrypt_len) {
+                    #Some payload data is present in this record
+                    if ($record->decrypt_len - $recoffset >= $messlen) {
+                        #We can complete the message with this record
+                        $payload .= substr($record->decrypt_data, $recoffset,
+                                           $messlen);
+                        $recoffset += $messlen;
+                        push @message_frag_lens, $messlen;
+                        $message = create_message($server, $mt, $payload,
+                                                  $startoffset);
+                        push @messages, $message;
+
+                        $payload = "";
+                    } else {
+                        #This is just part of the total message
+                        $payload .= substr($record->decrypt_data, $recoffset,
+                                           $record->decrypt_len - $recoffset);
+                        $recoffset = $record->decrypt_len;
+                        push @message_frag_lens, $recoffset;
+                    }
+                }
+            }
+        }
+    } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
+        print "  [ENCRYPTED APPLICATION DATA]\n";
+        print "  [".$record->decrypt_data."]\n";
+    } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
+        my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
+        #A CloseNotify from the client indicates we have finished successfully
+        #(we assume)
+        if (!$end && !$server && $alertlev == AL_LEVEL_WARN
+            && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
+            $success = 1;
+        }
+        #All alerts end the test
+        $end = 1;
+    }
+
+    return @messages;
+}
+
+#Function to work out which sub-class we need to create and then
+#construct it
+sub create_message
+{
+    my ($server, $mt, $data, $startoffset) = @_;
+    my $message;
+
+    #We only support ClientHello in this version...needs to be extended for
+    #others
+    if ($mt == MT_CLIENT_HELLO) {
+        $message = TLSProxy::ClientHello->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_SERVER_HELLO) {
+        $message = TLSProxy::ServerHello->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
+        $message = TLSProxy::ServerKeyExchange->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } elsif ($mt == MT_NEW_SESSION_TICKET) {
+        $message = TLSProxy::NewSessionTicket->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
+    } else {
+        #Unknown message type
+        $message = TLSProxy::Message->new(
+            $server,
+            $mt,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+    }
+
+    return $message;
+}
+
+sub end
+{
+    my $class = shift;
+    return $end;
+}
+sub success
+{
+    my $class = shift;
+    return $success;
+}
+sub fail
+{
+    my $class = shift;
+    return !$success && $end;
+}
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $mt,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+    
+    my $self = {
+        server => $server,
+        data => $data,
+        records => $records,
+        mt => $mt,
+        startoffset => $startoffset,
+        message_frag_lens => $message_frag_lens
+    };
+
+    return bless $self, $class;
+}
+
+sub ciphersuite
+{
+    my $class = shift;
+    if (@_) {
+      $ciphersuite = shift;
+    }
+    return $ciphersuite;
+}
+
+#Update all the underlying records with the modified data from this message
+#Note: Does not currently support re-encrypting
+sub repack
+{
+    my $self = shift;
+    my $msgdata;
+
+    my $numrecs = $#{$self->records};
+
+    $self->set_message_contents();
+
+    my $lenhi;
+    my $lenlo;
+
+    $lenlo = length($self->data) & 0xff;
+    $lenhi = length($self->data) >> 8;
+    $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
+
+    if ($numrecs == 0) {
+        #The message is fully contained within one record
+        my ($rec) = @{$self->records};
+        my $recdata = $rec->decrypt_data;
+
+        my $old_length;
+
+        # We use empty message_frag_lens to indicates that pre-repacking,
+        # the message wasn't present. The first fragment length doesn't include
+        # the TLS header, so we need to check and compute the right length.
+        if (@{$self->message_frag_lens}) {
+            $old_length = ${$self->message_frag_lens}[0] +
+              TLS_MESSAGE_HEADER_LENGTH;
+        } else {
+            $old_length = 0;
+        }
+
+        my $prefix = substr($recdata, 0, $self->startoffset);
+        my $suffix = substr($recdata, $self->startoffset + $old_length);
+
+        $rec->decrypt_data($prefix.($msgdata).($suffix));
+        # TODO(openssl-team): don't keep explicit lengths.
+        # (If a length override is ever needed to construct invalid packets,
+        #  use an explicit override field instead.)
+        $rec->decrypt_len(length($rec->decrypt_data));
+        $rec->len($rec->len + length($msgdata) - $old_length);
+        # Don't support re-encryption.
+        $rec->data($rec->decrypt_data);
+
+        #Update the fragment len in case we changed it above
+        ${$self->message_frag_lens}[0] = length($msgdata)
+                                         - TLS_MESSAGE_HEADER_LENGTH;
+        return;
+    }
+
+    #Note we don't currently support changing a fragmented message length
+    my $recctr = 0;
+    my $datadone = 0;
+    foreach my $rec (@{$self->records}) {
+        my $recdata = $rec->decrypt_data;
+        if ($recctr == 0) {
+            #This is the first record
+            my $remainlen = length($recdata) - $self->startoffset;
+            $rec->data(substr($recdata, 0, $self->startoffset)
+                       .substr(($msgdata), 0, $remainlen));
+            $datadone += $remainlen;
+        } elsif ($recctr + 1 == $numrecs) {
+            #This is the last record
+            $rec->data(substr($msgdata, $datadone));
+        } else {
+            #This is a middle record
+            $rec->data(substr($msgdata, $datadone, length($rec->data)));
+            $datadone += length($rec->data);
+        }
+        $recctr++;
+    }
+}
+
+#To be overridden by sub-classes
+sub set_message_contents
+{
+}
+
+#Read only accessors
+sub server
+{
+    my $self = shift;
+    return $self->{server};
+}
+
+#Read/write accessors
+sub mt
+{
+    my $self = shift;
+    if (@_) {
+      $self->{mt} = shift;
+    }
+    return $self->{mt};
+}
+sub data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{data} = shift;
+    }
+    return $self->{data};
+}
+sub records
+{
+    my $self = shift;
+    if (@_) {
+      $self->{records} = shift;
+    }
+    return $self->{records};
+}
+sub startoffset
+{
+    my $self = shift;
+    if (@_) {
+      $self->{startoffset} = shift;
+    }
+    return $self->{startoffset};
+}
+sub message_frag_lens
+{
+    my $self = shift;
+    if (@_) {
+      $self->{message_frag_lens} = shift;
+    }
+    return $self->{message_frag_lens};
+}
+sub encoded_length
+{
+    my $self = shift;
+    return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
+}
+
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/NewSessionTicket.pm b/openssl-1.1.0h/util/perl/TLSProxy/NewSessionTicket.pm
new file mode 100644
index 0000000..e509985
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/NewSessionTicket.pm
@@ -0,0 +1,81 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::NewSessionTicket;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_NEW_SESSION_TICKET,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{ticket_lifetime_hint} = 0;
+    $self->{ticket} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    my $ticket_lifetime_hint = unpack('N', $self->data);
+    my $ticket_len = unpack('n', $self->data);
+    my $ticket = substr($self->data, 6, $ticket_len);
+
+    $self->ticket_lifetime_hint($ticket_lifetime_hint);
+    $self->ticket($ticket);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+
+    $data = pack('N', $self->ticket_lifetime_hint);
+    $data .= pack('n', length($self->ticket));
+    $data .= $self->ticket;
+
+    $self->data($data);
+}
+
+#Read/write accessors
+sub ticket_lifetime_hint
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ticket_lifetime_hint} = shift;
+    }
+    return $self->{ticket_lifetime_hint};
+}
+sub ticket
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ticket} = shift;
+    }
+    return $self->{ticket};
+}
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/Proxy.pm b/openssl-1.1.0h/util/perl/TLSProxy/Proxy.pm
new file mode 100644
index 0000000..de14362
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/Proxy.pm
@@ -0,0 +1,553 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use POSIX ":sys_wait_h";
+
+package TLSProxy::Proxy;
+
+use File::Spec;
+use IO::Socket;
+use IO::Select;
+use TLSProxy::Record;
+use TLSProxy::Message;
+use TLSProxy::ClientHello;
+use TLSProxy::ServerHello;
+use TLSProxy::ServerKeyExchange;
+use TLSProxy::NewSessionTicket;
+use Time::HiRes qw/usleep/;
+
+my $have_IPv6 = 0;
+my $IP_factory;
+
+sub new
+{
+    my $class = shift;
+    my ($filter,
+        $execute,
+        $cert,
+        $debug) = @_;
+
+    my $self = {
+        #Public read/write
+        proxy_addr => "localhost",
+        proxy_port => 4453,
+        server_addr => "localhost",
+        server_port => 4443,
+        filter => $filter,
+        serverflags => "",
+        clientflags => "",
+        serverconnects => 1,
+        serverpid => 0,
+        clientpid => 0,
+        reneg => 0,
+
+        #Public read
+        execute => $execute,
+        cert => $cert,
+        debug => $debug,
+        cipherc => "",
+        ciphers => "AES128-SHA",
+        flight => -1,
+        direction => -1,
+        partial => ["", ""],
+        record_list => [],
+        message_list => [],
+    };
+
+    # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't.
+    # However, IO::Socket::INET6 is older and is said to be more widely
+    # deployed for the moment, and may have less bugs, so we try the latter
+    # first, then fall back on the code modules.  Worst case scenario, we
+    # fall back to IO::Socket::INET, only supports IPv4.
+    eval {
+        require IO::Socket::INET6;
+        my $s = IO::Socket::INET6->new(
+            LocalAddr => "::1",
+            LocalPort => 0,
+            Listen=>1,
+            );
+        $s or die "\n";
+        $s->close();
+    };
+    if ($@ eq "") {
+        $IP_factory = sub { IO::Socket::INET6->new(@_); };
+        $have_IPv6 = 1;
+    } else {
+        eval {
+            require IO::Socket::IP;
+            my $s = IO::Socket::IP->new(
+                LocalAddr => "::1",
+                LocalPort => 0,
+                Listen=>1,
+                );
+            $s or die "\n";
+            $s->close();
+        };
+        if ($@ eq "") {
+            $IP_factory = sub { IO::Socket::IP->new(@_); };
+            $have_IPv6 = 1;
+        } else {
+            $IP_factory = sub { IO::Socket::INET->new(@_); };
+        }
+    }
+
+    # Create the Proxy socket
+    my $proxaddr = $self->{proxy_addr};
+    $proxaddr =~ s/[\[\]]//g; # Remove [ and ]
+    my @proxyargs = (
+        LocalHost   => $proxaddr,
+        LocalPort   => $self->{proxy_port},
+        Proto       => "tcp",
+        Listen      => SOMAXCONN,
+       );
+    push @proxyargs, ReuseAddr => 1
+        unless $^O eq "MSWin32";
+    $self->{proxy_sock} = $IP_factory->(@proxyargs);
+
+    if ($self->{proxy_sock}) {
+        print "Proxy started on port ".$self->{proxy_port}."\n";
+    } else {
+        warn "Failed creating proxy socket (".$proxaddr.",".$self->{proxy_port}."): $!\n";
+    }
+
+    return bless $self, $class;
+}
+
+sub DESTROY
+{
+    my $self = shift;
+
+    $self->{proxy_sock}->close() if $self->{proxy_sock};
+}
+
+sub clearClient
+{
+    my $self = shift;
+
+    $self->{cipherc} = "";
+    $self->{flight} = -1;
+    $self->{direction} = -1;
+    $self->{partial} = ["", ""];
+    $self->{record_list} = [];
+    $self->{message_list} = [];
+    $self->{clientflags} = "";
+    $self->{clientpid} = 0;
+
+    TLSProxy::Message->clear();
+    TLSProxy::Record->clear();
+}
+
+sub clear
+{
+    my $self = shift;
+
+    $self->clearClient;
+    $self->{ciphers} = "AES128-SHA";
+    $self->{serverflags} = "";
+    $self->{serverconnects} = 1;
+    $self->{serverpid} = 0;
+    $self->{reneg} = 0;
+}
+
+sub restart
+{
+    my $self = shift;
+
+    $self->clear;
+    $self->start;
+}
+
+sub clientrestart
+{
+    my $self = shift;
+
+    $self->clear;
+    $self->clientstart;
+}
+
+sub start
+{
+    my ($self) = shift;
+    my $pid;
+
+    if ($self->{proxy_sock} == 0) {
+        return 0;
+    }
+
+    $pid = fork();
+    if ($pid == 0) {
+        my $execcmd = $self->execute
+            ." s_server -max_protocol TLSv1.2 -no_comp -rev -engine ossltest -accept "
+            .($self->server_port)
+            ." -cert ".$self->cert." -naccept ".$self->serverconnects;
+        unless ($self->supports_IPv6) {
+            $execcmd .= " -4";
+        }
+        if ($self->ciphers ne "") {
+            $execcmd .= " -cipher ".$self->ciphers;
+        }
+        if ($self->serverflags ne "") {
+            $execcmd .= " ".$self->serverflags;
+        }
+        if ($self->debug) {
+            print STDERR "Server command: $execcmd\n";
+        }
+        exec($execcmd);
+    }
+    $self->serverpid($pid);
+
+    return $self->clientstart;
+}
+
+sub clientstart
+{
+    my ($self) = shift;
+    my $oldstdout;
+
+    if ($self->execute) {
+        my $pid = fork();
+        if ($pid == 0) {
+            my $echostr;
+            if ($self->reneg()) {
+                $echostr = "R";
+            } else {
+                $echostr = "test";
+            }
+            my $execcmd = "echo ".$echostr." | ".$self->execute
+                 ." s_client -max_protocol TLSv1.2 -engine ossltest -connect "
+                 .($self->proxy_addr).":".($self->proxy_port);
+            unless ($self->supports_IPv6) {
+                $execcmd .= " -4";
+            }
+            if ($self->cipherc ne "") {
+                $execcmd .= " -cipher ".$self->cipherc;
+            }
+            if ($self->clientflags ne "") {
+                $execcmd .= " ".$self->clientflags;
+            }
+            if ($self->debug) {
+                print STDERR "Client command: $execcmd\n";
+            }
+            exec($execcmd);
+        }
+        $self->clientpid($pid);
+    }
+
+    # Wait for incoming connection from client
+    my $client_sock;
+    if(!($client_sock = $self->{proxy_sock}->accept())) {
+        warn "Failed accepting incoming connection: $!\n";
+        return 0;
+    }
+
+    print "Connection opened\n";
+
+    # Now connect to the server
+    my $retry = 50;
+    my $server_sock;
+    #We loop over this a few times because sometimes s_server can take a while
+    #to start up
+    do {
+        my $servaddr = $self->server_addr;
+        $servaddr =~ s/[\[\]]//g; # Remove [ and ]
+        eval {
+            $server_sock = $IP_factory->(
+                PeerAddr => $servaddr,
+                PeerPort => $self->server_port,
+                MultiHomed => 1,
+                Proto => 'tcp'
+            );
+        };
+
+        $retry--;
+        #Some buggy IP factories can return a defined server_sock that hasn't
+        #actually connected, so we check peerport too
+        if ($@ || !defined($server_sock) || !defined($server_sock->peerport)) {
+            $server_sock->close() if defined($server_sock);
+            undef $server_sock;
+            if ($retry) {
+                #Sleep for a short while
+                select(undef, undef, undef, 0.1);
+            } else {
+                warn "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n";
+                return 0;
+            }
+        }
+    } while (!$server_sock);
+
+    my $sel = IO::Select->new($server_sock, $client_sock);
+    my $indata;
+    my @handles = ($server_sock, $client_sock);
+
+    #Wait for either the server socket or the client socket to become readable
+    my @ready;
+    local $SIG{PIPE} = "IGNORE";
+    while(!(TLSProxy::Message->end) && (@ready = $sel->can_read)) {
+        foreach my $hand (@ready) {
+            if ($hand == $server_sock) {
+                $server_sock->sysread($indata, 16384) or goto END;
+                $indata = $self->process_packet(1, $indata);
+                $client_sock->syswrite($indata);
+            } elsif ($hand == $client_sock) {
+                $client_sock->sysread($indata, 16384) or goto END;
+                $indata = $self->process_packet(0, $indata);
+                $server_sock->syswrite($indata);
+            } else {
+                print "Err\n";
+                goto END;
+            }
+        }
+    }
+
+    END:
+    print "Connection closed\n";
+    if($server_sock) {
+        $server_sock->close();
+    }
+    if($client_sock) {
+        #Closing this also kills the child process
+        $client_sock->close();
+    }
+    if(!$self->debug) {
+        select($oldstdout);
+    }
+    $self->serverconnects($self->serverconnects - 1);
+    if ($self->serverconnects == 0) {
+        die "serverpid is zero\n" if $self->serverpid == 0;
+        print "Waiting for server process to close: "
+              .$self->serverpid."\n";
+        waitpid( $self->serverpid, 0);
+        die "exit code $? from server process\n" if $? != 0;
+    } else {
+        # Give s_server sufficient time to finish what it was doing
+        usleep(250000);
+    }
+    die "clientpid is zero\n" if $self->clientpid == 0;
+    print "Waiting for client process to close: ".$self->clientpid."\n";
+    waitpid($self->clientpid, 0);
+
+    return 1;
+}
+
+sub process_packet
+{
+    my ($self, $server, $packet) = @_;
+    my $len_real;
+    my $decrypt_len;
+    my $data;
+    my $recnum;
+
+    if ($server) {
+        print "Received server packet\n";
+    } else {
+        print "Received client packet\n";
+    }
+
+    if ($self->{direction} != $server) {
+        $self->{flight} = $self->{flight} + 1;
+        $self->{direction} = $server;
+    }
+
+    print "Packet length = ".length($packet)."\n";
+    print "Processing flight ".$self->flight."\n";
+
+    #Return contains the list of record found in the packet followed by the
+    #list of messages in those records and any partial message
+    my @ret = TLSProxy::Record->get_records($server, $self->flight, $self->{partial}[$server].$packet);
+    $self->{partial}[$server] = $ret[2];
+    push @{$self->record_list}, @{$ret[0]};
+    push @{$self->{message_list}}, @{$ret[1]};
+
+    print "\n";
+
+    if (scalar(@{$ret[0]}) == 0 or length($ret[2]) != 0) {
+        return "";
+    }
+
+    #Finished parsing. Call user provided filter here
+    if (defined $self->filter) {
+        $self->filter->($self);
+    }
+
+    #Reconstruct the packet
+    $packet = "";
+    foreach my $record (@{$self->record_list}) {
+        $packet .= $record->reconstruct_record();
+    }
+
+    print "Forwarded packet length = ".length($packet)."\n\n";
+
+    return $packet;
+}
+
+#Read accessors
+sub execute
+{
+    my $self = shift;
+    return $self->{execute};
+}
+sub cert
+{
+    my $self = shift;
+    return $self->{cert};
+}
+sub debug
+{
+    my $self = shift;
+    return $self->{debug};
+}
+sub flight
+{
+    my $self = shift;
+    return $self->{flight};
+}
+sub record_list
+{
+    my $self = shift;
+    return $self->{record_list};
+}
+sub success
+{
+    my $self = shift;
+    return $self->{success};
+}
+sub end
+{
+    my $self = shift;
+    return $self->{end};
+}
+sub supports_IPv6
+{
+    my $self = shift;
+    return $have_IPv6;
+}
+sub proxy_addr
+{
+    my $self = shift;
+    return $self->{proxy_addr};
+}
+sub proxy_port
+{
+    my $self = shift;
+    return $self->{proxy_port};
+}
+
+#Read/write accessors
+sub server_addr
+{
+    my $self = shift;
+    if (@_) {
+      $self->{server_addr} = shift;
+    }
+    return $self->{server_addr};
+}
+sub server_port
+{
+    my $self = shift;
+    if (@_) {
+      $self->{server_port} = shift;
+    }
+    return $self->{server_port};
+}
+sub filter
+{
+    my $self = shift;
+    if (@_) {
+      $self->{filter} = shift;
+    }
+    return $self->{filter};
+}
+sub cipherc
+{
+    my $self = shift;
+    if (@_) {
+      $self->{cipherc} = shift;
+    }
+    return $self->{cipherc};
+}
+sub ciphers
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphers} = shift;
+    }
+    return $self->{ciphers};
+}
+sub serverflags
+{
+    my $self = shift;
+    if (@_) {
+      $self->{serverflags} = shift;
+    }
+    return $self->{serverflags};
+}
+sub clientflags
+{
+    my $self = shift;
+    if (@_) {
+      $self->{clientflags} = shift;
+    }
+    return $self->{clientflags};
+}
+sub serverconnects
+{
+    my $self = shift;
+    if (@_) {
+      $self->{serverconnects} = shift;
+    }
+    return $self->{serverconnects};
+}
+# This is a bit ugly because the caller is responsible for keeping the records
+# in sync with the updated message list; simply updating the message list isn't
+# sufficient to get the proxy to forward the new message.
+# But it does the trick for the one test (test_sslsessiontick) that needs it.
+sub message_list
+{
+    my $self = shift;
+    if (@_) {
+        $self->{message_list} = shift;
+    }
+    return $self->{message_list};
+}
+sub serverpid
+{
+    my $self = shift;
+    if (@_) {
+      $self->{serverpid} = shift;
+    }
+    return $self->{serverpid};
+}
+sub clientpid
+{
+    my $self = shift;
+    if (@_) {
+        $self->{clientpid} = shift;
+    }
+    return $self->{clientpid};
+}
+
+sub fill_known_data
+{
+    my $length = shift;
+    my $ret = "";
+    for (my $i = 0; $i < $length; $i++) {
+        $ret .= chr($i);
+    }
+    return $ret;
+}
+
+sub reneg
+{
+    my $self = shift;
+    if (@_) {
+      $self->{reneg} = shift;
+    }
+    return $self->{reneg};
+}
+
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/Record.pm b/openssl-1.1.0h/util/perl/TLSProxy/Record.pm
new file mode 100644
index 0000000..786ba0c
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/Record.pm
@@ -0,0 +1,339 @@
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+use TLSProxy::Proxy;
+
+package TLSProxy::Record;
+
+my $server_ccs_seen = 0;
+my $client_ccs_seen = 0;
+my $etm = 0;
+
+use constant TLS_RECORD_HEADER_LENGTH => 5;
+
+#Record types
+use constant {
+    RT_APPLICATION_DATA => 23,
+    RT_HANDSHAKE => 22,
+    RT_ALERT => 21,
+    RT_CCS => 20,
+    RT_UNKNOWN => 100
+};
+
+my %record_type = (
+    RT_APPLICATION_DATA, "APPLICATION DATA",
+    RT_HANDSHAKE, "HANDSHAKE",
+    RT_ALERT, "ALERT",
+    RT_CCS, "CCS",
+    RT_UNKNOWN, "UNKNOWN"
+);
+
+use constant {
+    VERS_TLS_1_3 => 772,
+    VERS_TLS_1_2 => 771,
+    VERS_TLS_1_1 => 770,
+    VERS_TLS_1_0 => 769,
+    VERS_SSL_3_0 => 768,
+    VERS_SSL_LT_3_0 => 767
+};
+
+my %tls_version = (
+    VERS_TLS_1_3, "TLS1.3",
+    VERS_TLS_1_2, "TLS1.2",
+    VERS_TLS_1_1, "TLS1.1",
+    VERS_TLS_1_0, "TLS1.0",
+    VERS_SSL_3_0, "SSL3",
+    VERS_SSL_LT_3_0, "SSL<3"
+);
+
+#Class method to extract records from a packet of data
+sub get_records
+{
+    my $class = shift;
+    my $server = shift;
+    my $flight = shift;
+    my $packet = shift;
+    my $partial = "";
+    my @record_list = ();
+    my @message_list = ();
+    my $data;
+    my $content_type;
+    my $version;
+    my $len;
+    my $len_real;
+    my $decrypt_len;
+
+    my $recnum = 1;
+    while (length ($packet) > 0) {
+        print " Record $recnum";
+        if ($server) {
+            print " (server -> client)\n";
+        } else {
+            print " (client -> server)\n";
+        }
+        #Get the record header
+        if (length($packet) < TLS_RECORD_HEADER_LENGTH
+                || length($packet) < 5 + unpack("n", substr($packet, 3, 2))) {
+            print "Partial data : ".length($packet)." bytes\n";
+            $partial = $packet;
+            $packet = "";
+        } else {
+            ($content_type, $version, $len) = unpack('CnnC*', $packet);
+            $data = substr($packet, 5, $len);
+
+            print "  Content type: ".$record_type{$content_type}."\n";
+            print "  Version: $tls_version{$version}\n";
+            print "  Length: $len";
+            if ($len == length($data)) {
+                print "\n";
+                $decrypt_len = $len_real = $len;
+            } else {
+                print " (expected), ".length($data)." (actual)\n";
+                $decrypt_len = $len_real = length($data);
+            }
+
+            my $record = TLSProxy::Record->new(
+                $flight,
+                $content_type,
+                $version,
+                $len,
+                0,
+                $len_real,
+                $decrypt_len,
+                substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real),
+                substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real)
+            );
+
+            if (($server && $server_ccs_seen)
+                     || (!$server && $client_ccs_seen)) {
+                if ($etm) {
+                    $record->decryptETM();
+                } else {
+                    $record->decrypt();
+                }
+            }
+
+            push @record_list, $record;
+
+            #Now figure out what messages are contained within this record
+            my @messages = TLSProxy::Message->get_messages($server, $record);
+            push @message_list, @messages;
+
+            $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len_real);
+            $recnum++;
+        }
+    }
+
+    return (\@record_list, \@message_list, $partial);
+}
+
+sub clear
+{
+    $server_ccs_seen = 0;
+    $client_ccs_seen = 0;
+}
+
+#Class level accessors
+sub server_ccs_seen
+{
+    my $class = shift;
+    if (@_) {
+      $server_ccs_seen = shift;
+    }
+    return $server_ccs_seen;
+}
+sub client_ccs_seen
+{
+    my $class = shift;
+    if (@_) {
+      $client_ccs_seen = shift;
+    }
+    return $client_ccs_seen;
+}
+#Enable/Disable Encrypt-then-MAC
+sub etm
+{
+    my $class = shift;
+    if (@_) {
+      $etm = shift;
+    }
+    return $etm;
+}
+
+sub new
+{
+    my $class = shift;
+    my ($flight,
+        $content_type,
+        $version,
+        $len,
+        $sslv2,
+        $len_real,
+        $decrypt_len,
+        $data,
+        $decrypt_data) = @_;
+    
+    my $self = {
+        flight => $flight,
+        content_type => $content_type,
+        version => $version,
+        len => $len,
+        sslv2 => $sslv2,
+        len_real => $len_real,
+        decrypt_len => $decrypt_len,
+        data => $data,
+        decrypt_data => $decrypt_data,
+        orig_decrypt_data => $decrypt_data,
+        sent => 0
+    };
+
+    return bless $self, $class;
+}
+
+#Decrypt using encrypt-then-MAC
+sub decryptETM
+{
+    my ($self) = shift;
+
+    my $data = $self->data;
+
+    if($self->version >= VERS_TLS_1_1()) {
+        #TLS1.1+ has an explicit IV. Throw it away
+        $data = substr($data, 16);
+    }
+
+    #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
+    $data = substr($data, 0, length($data) - 20);
+
+    #Find out what the padding byte is
+    my $padval = unpack("C", substr($data, length($data) - 1));
+
+    #Throw away the padding
+    $data = substr($data, 0, length($data) - ($padval + 1));
+
+    $self->decrypt_data($data);
+    $self->decrypt_len(length($data));
+
+    return $data;
+}
+
+#Standard decrypt
+sub decrypt()
+{
+    my ($self) = shift;
+
+    my $data = $self->data;
+
+    if($self->version >= VERS_TLS_1_1()) {
+        #TLS1.1+ has an explicit IV. Throw it away
+        $data = substr($data, 16);
+    }
+
+    #Find out what the padding byte is
+    my $padval = unpack("C", substr($data, length($data) - 1));
+
+    #Throw away the padding
+    $data = substr($data, 0, length($data) - ($padval + 1));
+
+    #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
+    $data = substr($data, 0, length($data) - 20);
+
+    $self->decrypt_data($data);
+    $self->decrypt_len(length($data));
+
+    return $data;
+}
+
+#Reconstruct the on-the-wire record representation
+sub reconstruct_record
+{
+    my $self = shift;
+    my $data;
+
+    if ($self->{sent}) {
+        return "";
+    }
+    $self->{sent} = 1;
+
+    if ($self->sslv2) {
+        $data = pack('n', $self->len | 0x8000);
+    } else {
+        $data = pack('Cnn', $self->content_type, $self->version, $self->len);
+    }
+    $data .= $self->data;
+
+    return $data;
+}
+
+#Read only accessors
+sub flight
+{
+    my $self = shift;
+    return $self->{flight};
+}
+sub content_type
+{
+    my $self = shift;
+    return $self->{content_type};
+}
+sub version
+{
+    my $self = shift;
+    return $self->{version};
+}
+sub sslv2
+{
+    my $self = shift;
+    return $self->{sslv2};
+}
+sub len_real
+{
+    my $self = shift;
+    return $self->{len_real};
+}
+sub orig_decrypt_data
+{
+    my $self = shift;
+    return $self->{orig_decrypt_data};
+}
+
+#Read/write accessors
+sub decrypt_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{decrypt_len} = shift;
+    }
+    return $self->{decrypt_len};
+}
+sub data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{data} = shift;
+    }
+    return $self->{data};
+}
+sub decrypt_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{decrypt_data} = shift;
+    }
+    return $self->{decrypt_data};
+}
+sub len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{len} = shift;
+    }
+    return $self->{len};
+}
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/ServerHello.pm b/openssl-1.1.0h/util/perl/TLSProxy/ServerHello.pm
new file mode 100644
index 0000000..79a8be9
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/ServerHello.pm
@@ -0,0 +1,210 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ServerHello;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+    
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_SERVER_HELLO,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{server_version} = 0;
+    $self->{random} = [];
+    $self->{session_id_len} = 0;
+    $self->{session} = "";
+    $self->{ciphersuite} = 0;
+    $self->{comp_meth} = 0;
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $ptr = 2;
+    my ($server_version) = unpack('n', $self->data);
+    my $random = substr($self->data, $ptr, 32);
+    $ptr += 32;
+    my $session_id_len = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my $session = substr($self->data, $ptr, $session_id_len);
+    $ptr += $session_id_len;
+    my $ciphersuite = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $comp_meth = unpack('C', substr($self->data, $ptr));
+    $ptr++;
+    my $extensions_len = unpack('n', substr($self->data, $ptr));
+    if (!defined $extensions_len) {
+        $extensions_len = 0;
+    } else {
+        $ptr += 2;
+    }
+    #For now we just deal with this as a block of data. In the future we will
+    #want to parse this
+    my $extension_data;
+    if ($extensions_len != 0) {
+        $extension_data = substr($self->data, $ptr);
+    
+        if (length($extension_data) != $extensions_len) {
+            die "Invalid extension length\n";
+        }
+    } else {
+        if (length($self->data) != $ptr) {
+            die "Invalid extension length\n";
+        }
+        $extension_data = "";
+    }
+    my %extensions = ();
+    while (length($extension_data) >= 4) {
+        my ($type, $size) = unpack("nn", $extension_data);
+        my $extdata = substr($extension_data, 4, $size);
+        $extension_data = substr($extension_data, 4 + $size);
+        $extensions{$type} = $extdata;
+    }
+
+    $self->server_version($server_version);
+    $self->random($random);
+    $self->session_id_len($session_id_len);
+    $self->session($session);
+    $self->ciphersuite($ciphersuite);
+    $self->comp_meth($comp_meth);
+    $self->extension_data(\%extensions);
+
+    $self->process_data();
+
+    print "    Server Version:".$server_version."\n";
+    print "    Session ID Len:".$session_id_len."\n";
+    print "    Ciphersuite:".$ciphersuite."\n";
+    print "    Compression Method:".$comp_meth."\n";
+    print "    Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the data we've seen
+sub process_data
+{
+    my $self = shift;
+
+    TLSProxy::Message->ciphersuite($self->ciphersuite);
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    $data = pack('n', $self->server_version);
+    $data .= $self->random;
+    $data .= pack('C', $self->session_id_len);
+    $data .= $self->session;
+    $data .= pack('n', $self->ciphersuite);
+    $data .= pack('C', $self->comp_meth);
+
+    foreach my $key (keys %{$self->extension_data}) {
+        my $extdata = ${$self->extension_data}{$key};
+        $extensions .= pack("n", $key);
+        $extensions .= pack("n", length($extdata));
+        $extensions .= $extdata;
+        if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) {
+          $extensions .= pack("n", $key);
+          $extensions .= pack("n", length($extdata));
+          $extensions .= $extdata;
+        }
+    }
+
+    $data .= pack('n', length($extensions));
+    $data .= $extensions;
+    $self->data($data);
+}
+
+#Read/write accessors
+sub server_version
+{
+    my $self = shift;
+    if (@_) {
+      $self->{client_version} = shift;
+    }
+    return $self->{client_version};
+}
+sub random
+{
+    my $self = shift;
+    if (@_) {
+      $self->{random} = shift;
+    }
+    return $self->{random};
+}
+sub session_id_len
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session_id_len} = shift;
+    }
+    return $self->{session_id_len};
+}
+sub session
+{
+    my $self = shift;
+    if (@_) {
+      $self->{session} = shift;
+    }
+    return $self->{session};
+}
+sub ciphersuite
+{
+    my $self = shift;
+    if (@_) {
+      $self->{ciphersuite} = shift;
+    }
+    return $self->{ciphersuite};
+}
+sub comp_meth
+{
+    my $self = shift;
+    if (@_) {
+      $self->{comp_meth} = shift;
+    }
+    return $self->{comp_meth};
+}
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+      $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
diff --git a/openssl-1.1.0h/util/perl/TLSProxy/ServerKeyExchange.pm b/openssl-1.1.0h/util/perl/TLSProxy/ServerKeyExchange.pm
new file mode 100644
index 0000000..6e5b4cd
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/TLSProxy/ServerKeyExchange.pm
@@ -0,0 +1,134 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::ServerKeyExchange;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+    
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    #DHE
+    $self->{p} = "";
+    $self->{g} = "";
+    $self->{pub_key} = "";
+    $self->{sig} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+
+    #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE
+    #the parsing data will be trash...which is ok as long as we don't try to
+    #use it)
+
+    my $p_len = unpack('n', $self->data);
+    my $ptr = 2;
+    my $p = substr($self->data, $ptr, $p_len);
+    $ptr += $p_len;
+
+    my $g_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $g = substr($self->data, $ptr, $g_len);
+    $ptr += $g_len;
+
+    my $pub_key_len = unpack('n', substr($self->data, $ptr));
+    $ptr += 2;
+    my $pub_key = substr($self->data, $ptr, $pub_key_len);
+    $ptr += $pub_key_len;
+
+    #We assume its signed
+    my $sig_len = unpack('n', substr($self->data, $ptr));
+    my $sig = "";
+    if (defined $sig_len) {
+	$ptr += 2;
+	$sig = substr($self->data, $ptr, $sig_len);
+	$ptr += $sig_len;
+    }
+
+    $self->p($p);
+    $self->g($g);
+    $self->pub_key($pub_key);
+    $self->sig($sig);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+
+    $data = pack('n', length($self->p));
+    $data .= $self->p;
+    $data .= pack('n', length($self->g));
+    $data .= $self->g;
+    $data .= pack('n', length($self->pub_key));
+    $data .= $self->pub_key;
+    if (length($self->sig) > 0) {
+        $data .= pack('n', length($self->sig));
+        $data .= $self->sig;
+    }
+
+    $self->data($data);
+}
+
+#Read/write accessors
+#DHE
+sub p
+{
+    my $self = shift;
+    if (@_) {
+      $self->{p} = shift;
+    }
+    return $self->{p};
+}
+sub g
+{
+    my $self = shift;
+    if (@_) {
+      $self->{g} = shift;
+    }
+    return $self->{g};
+}
+sub pub_key
+{
+    my $self = shift;
+    if (@_) {
+      $self->{pub_key} = shift;
+    }
+    return $self->{pub_key};
+}
+sub sig
+{
+    my $self = shift;
+    if (@_) {
+      $self->{sig} = shift;
+    }
+    return $self->{sig};
+}
+1;
diff --git a/openssl-1.1.0h/util/perl/with_fallback.pm b/openssl-1.1.0h/util/perl/with_fallback.pm
new file mode 100644
index 0000000..2af1d5f
--- /dev/null
+++ b/openssl-1.1.0h/util/perl/with_fallback.pm
@@ -0,0 +1,25 @@
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package with_fallback;
+
+sub import {
+    use File::Basename;
+    use File::Spec::Functions;
+    foreach (@_) {
+	eval "require $_";
+	if ($@) {
+	    unshift @INC, catdir(dirname(__FILE__),
+                                 "..", "..", "external", "perl");
+	    my $transfer = "transfer::$_";
+	    eval "require $transfer";
+	    shift @INC;
+	    warn $@ if $@;
+	}
+    }
+}
+1;
diff --git a/openssl-1.1.0h/util/point.sh b/openssl-1.1.0h/util/point.sh
new file mode 100755
index 0000000..da39899
--- /dev/null
+++ b/openssl-1.1.0h/util/point.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+rm -f "$2"
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
+    cp "$1" "$2"
+else
+    ln -s "$1" "$2"
+fi
+echo "$2 => $1"
+
diff --git a/openssl-1.1.0h/util/process_docs.pl b/openssl-1.1.0h/util/process_docs.pl
new file mode 100755
index 0000000..e084df7
--- /dev/null
+++ b/openssl-1.1.0h/util/process_docs.pl
@@ -0,0 +1,248 @@
+#! /usr/bin/env perl
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use File::Spec::Functions;
+use File::Basename;
+use File::Copy;
+use File::Path;
+use FindBin;
+use lib "$FindBin::Bin/perl";
+use OpenSSL::Glob;
+use Getopt::Long;
+use Pod::Usage;
+
+use lib '.';
+use configdata;
+
+# We know we are in the 'util' directory and that our perl modules are
+# in util/perl
+use lib catdir(dirname($0), "perl");
+use OpenSSL::Util::Pod;
+
+my %options = ();
+GetOptions(\%options,
+           'sourcedir=s',       # Source directory
+           'subdir=s%',         # Subdirectories to look through,
+                                # with associated section numbers
+           'destdir=s',         # Destination directory
+           #'in=s@',             # Explicit files to process (ignores sourcedir)
+           #'section=i',         # Default section used for --in files
+           'type=s',            # The result type, 'man' or 'html'
+           'suffix:s',          # Suffix to add to the extension.
+                                # Only used with type=man
+           'remove',            # To remove files rather than writing them
+           'dry-run|n',         # Only output file names on STDOUT
+           'debug|D+',
+          );
+
+unless ($options{subdir}) {
+    $options{subdir} = { apps   => '1',
+                         crypto => '3',
+                         ssl    => '3' };
+}
+unless ($options{sourcedir}) {
+    $options{sourcedir} = catdir($config{sourcedir}, "doc");
+}
+pod2usage(1) unless ( defined $options{subdir}
+                      && defined $options{sourcedir}
+                      && defined $options{destdir}
+                      && defined $options{type}
+                      && ($options{type} eq 'man'
+                          || $options{type} eq 'html') );
+pod2usage(1) if ( $options{type} eq 'html'
+                  && defined $options{suffix} );
+
+if ($options{debug}) {
+    print STDERR "DEBUG: options:\n";
+    print STDERR "DEBUG:   --sourcedir = $options{sourcedir}\n"
+        if defined $options{sourcedir};
+    print STDERR "DEBUG:   --destdir   = $options{destdir}\n"
+        if defined $options{destdir};
+    print STDERR "DEBUG:   --type      = $options{type}\n"
+        if defined $options{type};
+    print STDERR "DEBUG:   --suffix    = $options{suffix}\n"
+        if defined $options{suffix};
+    foreach (keys %{$options{subdir}}) {
+        print STDERR "DEBUG:   --subdir    = $_=$options{subdir}->{$_}\n";
+    }
+    print STDERR "DEBUG:   --remove    = $options{remove}\n"
+        if defined $options{remove};
+    print STDERR "DEBUG:   --debug     = $options{debug}\n"
+        if defined $options{debug};
+    print STDERR "DEBUG:   --dry-run   = $options{\"dry-run\"}\n"
+        if defined $options{"dry-run"};
+}
+
+my $symlink_exists = eval { symlink("",""); 1 };
+
+foreach my $subdir (keys %{$options{subdir}}) {
+    my $section = $options{subdir}->{$subdir};
+    my $podsourcedir = catfile($options{sourcedir}, $subdir);
+    my $podglob = catfile($podsourcedir, "*.pod");
+
+    foreach my $podfile (glob $podglob) {
+        my $podname = basename($podfile, ".pod");
+        my $podpath = catfile($podfile);
+        my %podinfo = extract_pod_info($podpath,
+                                       { debug => $options{debug},
+                                         section => $section });
+        my @podfiles = grep { $_ ne $podname } @{$podinfo{names}};
+
+        my $updir = updir();
+        my $name = uc $podname;
+        my $suffix = { man  => ".$podinfo{section}".($options{suffix} // ""),
+                       html => ".html" } -> {$options{type}};
+        my $generate = { man  => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
+                         html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\""
+                         } -> {$options{type}};
+        my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
+        my $output_file = $podname . $suffix;
+        my $output_path = catfile($output_dir, $output_file);
+
+        if (! $options{remove}) {
+            my @output;
+            print STDERR "DEBUG: Processing, using \"$generate\"\n"
+                if $options{debug};
+            unless ($options{"dry-run"}) {
+                @output = `$generate`;
+                map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html|g; } @output
+                    if $options{type} eq "html";
+            }
+            print STDERR "DEBUG: Done processing\n" if $options{debug};
+
+            if (! -d $output_dir) {
+                print STDERR "DEBUG: Creating directory $output_dir\n" if $options{debug};
+                unless ($options{"dry-run"}) {
+                    mkpath $output_dir
+                        or die "Trying to create directory $output_dir: $!\n";
+                }
+            }
+            print STDERR "DEBUG: Writing $output_path\n" if $options{debug};
+            unless ($options{"dry-run"}) {
+                open my $output_fh, '>', $output_path
+                    or die "Trying to write to $output_path: $!\n";
+                foreach (@output) {
+                    print $output_fh $_;
+                }
+                close $output_fh;
+            }
+            print STDERR "DEBUG: Done writing $output_path\n" if $options{debug};
+        } else {
+            print STDERR "DEBUG: Removing $output_path\n" if $options{debug};
+            unless ($options{"dry-run"}) {
+                while (unlink $output_path) {}
+            }
+        }
+        print "$output_path\n";
+
+        foreach (@podfiles) {
+            my $link_file = $_ . $suffix;
+            my $link_path = catfile($output_dir, $link_file);
+            if (! $options{remove}) {
+                if ($symlink_exists) {
+                    print STDERR "DEBUG: Linking $link_path -> $output_file\n"
+                        if $options{debug};
+                    unless ($options{"dry-run"}) {
+                        symlink $output_file, $link_path;
+                    }
+                } else {
+                    print STDERR "DEBUG: Copying $output_path to link_path\n"
+                        if $options{debug};
+                    unless ($options{"dry-run"}) {
+                        copy $output_path, $link_path;
+                    }
+                }
+            } else {
+                print STDERR "DEBUG: Removing $link_path\n" if $options{debug};
+                unless ($options{"dry-run"}) {
+                    while (unlink $link_path) {}
+                }
+            }
+            print "$link_path -> $output_path\n";
+        }
+    }
+}
+
+__END__
+
+=pod
+
+=head1 NAME
+
+process_docs.pl - A script to process OpenSSL docs
+
+=head1 SYNOPSIS
+
+B<process_docs.pl>
+[B<--sourcedir>=I<dir>]
+B<--destdir>=I<dir>
+B<--type>=B<man>|B<html>
+[B<--suffix>=I<suffix>]
+[B<--remove>]
+[B<--dry-run>|B<-n>]
+[B<--debug>|B<-D>]
+
+=head1 DESCRIPTION
+
+This script looks for .pod files in the subdirectories 'apps', 'crypto'
+and 'ssl' under the given source directory.
+
+The OpenSSL configuration data file F<configdata.pm> I<must> reside in
+the current directory, I<or> perl must have the directory it resides in
+in its inclusion array.  For the latter variant, a call like this would
+work:
+
+ perl -I../foo util/process_docs.pl {options ...}
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--sourcedir>=I<dir>
+
+Top directory where the source files are found.
+
+=item B<--destdir>=I<dir>
+
+Top directory where the resulting files should end up
+
+=item B<--type>=B<man>|B<html>
+
+Type of output to produce.  Currently supported are man pages and HTML files.
+
+=item B<--suffix>=I<suffix>
+
+A suffix added to the extension.  Only valid with B<--type>=B<man>
+
+=item B<--remove>
+
+Instead of writing the files, remove them.
+
+=item B<--dry-run>|B<-n>
+
+Do not perform any file writing, directory creation or file removal.
+
+=item B<--debug>|B<-D>
+
+Print extra debugging output.
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+https://www.openssl.org/source/license.html
+
+=cut
diff --git a/openssl-1.1.0h/util/selftest.pl b/openssl-1.1.0h/util/selftest.pl
new file mode 100644
index 0000000..d1d1159
--- /dev/null
+++ b/openssl-1.1.0h/util/selftest.pl
@@ -0,0 +1,207 @@
+#! /usr/bin/env perl
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Run the test suite and generate a report
+
+if (! -f "Configure") {
+    print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
+    exit 1;
+}
+
+my $report="testlog";
+my $os="??";
+my $version="??";
+my $platform0="??";
+my $platform="??";
+my $options="??";
+my $last="??";
+my $ok=0;
+my $cc="cc";
+my $cversion="??";
+my $sep="-----------------------------------------------------------------------------\n";
+my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
+
+open(OUT,">$report") or die;
+
+print OUT "OpenSSL self-test report:\n\n";
+
+$uname=`uname -a`;
+$uname="??\n" if $uname eq "";
+
+$c=`sh config -t`;
+foreach $_ (split("\n",$c)) {
+    $os=$1 if (/Operating system: (.*)$/);
+    $platform0=$1 if (/Configuring for (.*)$/);
+}
+
+system "sh config" if (! -f "Makefile");
+
+if (open(IN,"<Makefile")) {
+    while (<IN>) {
+	$version=$1 if (/^VERSION=(.*)$/);
+	$platform=$1 if (/^PLATFORM=(.*)$/);
+	$options=$1 if (/^OPTIONS=(.*)$/);
+	$cc=$1 if (/^CC= *(.*)$/);
+    }
+    close(IN);
+} else {
+    print OUT "Error running config!\n";
+}
+
+$cversion=`$cc -v 2>&1`;
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
+$cversion=`$cc -V |head -1` if $cversion =~ "Error";
+$cversion=`$cc --version` if $cversion eq "";
+$cversion =~ s/Reading specs.*\n//;
+$cversion =~ s/usage.*\n//;
+$cversion =~ s|\R$||;
+
+if (open(IN,"<CHANGES")) {
+    while(<IN>) {
+	if (/\*\) (.{0,55})/ && !/applies to/) {
+	    $last=$1;
+	    last;
+	}
+    }
+    close(IN);
+}
+
+print OUT "OpenSSL version:  $version\n";
+print OUT "Last change:      $last...\n";
+print OUT "Options:          $options\n" if $options ne "";
+print OUT "OS (uname):       $uname";
+print OUT "OS (config):      $os\n";
+print OUT "Target (default): $platform0\n";
+print OUT "Target:           $platform\n";
+print OUT "Compiler:         $cversion\n";
+print OUT "\n";
+
+print "Checking compiler...\n";
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    close(TEST);
+    system("$cc -o cctest cctest.c");
+    if (`./cctest` !~ /Hello world/) {
+	print OUT "Compiler doesn't work.\n";
+	print OUT $not_our_fault;
+	goto err;
+    }
+    system("ar r cctest.a /dev/null");
+    if (not -f "cctest.a") {
+	print OUT "Check your archive tool (ar).\n";
+	print OUT $not_our_fault;
+	goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    close(TEST);
+    system("$cc -o cctest -Iinclude cctest.c");
+    $cctest = `./cctest`;
+    if ($cctest !~ /OpenSSL $version/) {
+	if ($cctest =~ /OpenSSL/) {
+	    print OUT "#include uses headers from different OpenSSL version!\n";
+	} else {
+	    print OUT "Can't compile test program!\n";
+	}
+	print OUT $not_our_fault;
+	goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+
+print "Running make...\n";
+if (system("make 2>&1 | tee make.log") > 255) {
+
+    print OUT "make failed!\n";
+    if (open(IN,"<make.log")) {
+	print OUT $sep;
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "make.log not found!\n";
+    }
+    goto err;
+}
+
+# Not sure why this is here.  The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+#                   -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+#    print OUT "Test skipped.\n";
+#    goto err;
+#}
+
+print "Running make test...\n";
+if (system("make test 2>&1 | tee maketest.log") > 255)
+ {
+    print OUT "make test failed!\n";
+} else {
+    $ok=1;
+}
+
+if ($ok and open(IN,"<maketest.log")) {
+    while (<IN>) {
+	$ok=2 if /^platform: $platform/;
+    }
+    close(IN);
+}
+
+if ($ok != 2) {
+    print OUT "Failure!\n";
+    if (open(IN,"<make.log")) {
+	print OUT $sep;
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "make.log not found!\n";
+    }
+    if (open(IN,"<maketest.log")) {
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "maketest.log not found!\n";
+    }
+} else {
+    print OUT "Test passed.\n";
+}
+err:
+close(OUT);
+
+print "\n";
+open(IN,"<$report") or die;
+while (<IN>) {
+    if (/$sep/) {
+	print "[...]\n";
+	last;
+    }
+    print;
+}
+print "\nTest report in file $report\n";
+
+die if $ok != 2;
diff --git a/openssl-1.1.0h/util/shlib_wrap.sh.in b/openssl-1.1.0h/util/shlib_wrap.sh.in
new file mode 100755
index 0000000..6c115ba
--- /dev/null
+++ b/openssl-1.1.0h/util/shlib_wrap.sh.in
@@ -0,0 +1,128 @@
+#!/bin/sh
+
+# To test this OpenSSL version's applications against another version's
+# shared libraries, simply set
+#
+#     OPENSSL_REGRESSION=/path/to/other/OpenSSL/build/tree
+if [ -n "$OPENSSL_REGRESSION" ]; then
+    shlibwrap="$OPENSSL_REGRESSION/util/shlib_wrap.sh"
+    if [ -x "$shlibwrap" ]; then
+        # We clear OPENSSL_REGRESSION to avoid a loop, should the shlib_wrap.sh
+        # we exec also support that mechanism...
+        OPENSSL_REGRESSION= exec "$shlibwrap" "$@"
+    else
+        if [ -f "$shlibwrap" ]; then
+            echo "Not permitted to run $shlibwrap" >&2
+        else
+            echo "No $shlibwrap, perhaps OPENSSL_REGRESSION isn't properly set?" >&2
+        fi
+        exit 1
+    fi
+fi
+
+[ $# -ne 0 ] || set -x		# debug mode without arguments:-)
+
+THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
+[ -d "${THERE}" ] || exec "$@"	# should never happen...
+
+# Alternative to this is to parse ${THERE}/Makefile...
+LIBCRYPTOSO="${THERE}/libcrypto.so"
+if [ -f "$LIBCRYPTOSO" ]; then
+    while [ -h "$LIBCRYPTOSO" ]; do
+	LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
+    done
+    SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
+    LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
+fi
+
+SYSNAME=`(uname -s) 2>/dev/null`;
+case "$SYSNAME" in
+SunOS|IRIX*)
+	# SunOS and IRIX run-time linkers evaluate alternative
+	# variables depending on target ABI...
+	rld_var=LD_LIBRARY_PATH
+	case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
+	*ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
+		[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
+		LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
+		preload_var=LD_PRELOAD_64
+		;;
+	*ELF\ 32*SPARC*|*ELF\ 32*80386*)
+		# We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32
+		# on a multi-arch system.  Otherwise, trust the fallbacks.
+		if [ -f /lib/64/ld.so.1 ]; then
+		    [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32
+		    LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32
+		    preload_var=LD_PRELOAD_32
+		fi
+		;;
+	# Why are newly built .so's preloaded anyway? Because run-time
+	# .so lookup path embedded into application takes precedence
+	# over LD_LIBRARY_PATH and as result application ends up linking
+	# to previously installed .so's. On IRIX instead of preloading
+	# newly built .so's we trick run-time linker to fail to find
+	# the installed .so by setting _RLD_ROOT variable.
+	*ELF\ 32*MIPS*)
+		#_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
+		_RLD_ROOT=/no/such/dir; export _RLD_ROOT
+		eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLD_LIST
+		;;
+	*ELF\ N32*MIPS*)
+		[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
+		#_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
+		_RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
+		eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLDN32_LIST
+		;;
+	*ELF\ 64*MIPS*)
+		[ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
+		#_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
+		_RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
+		eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
+		preload_var=_RLD64_LIST
+		;;
+	esac
+	eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
+	unset rld_var
+	;;
+*)	LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"	# Linux, ELF HP-UX
+	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
+	SHLIB_PATH="${THERE}:$SHLIB_PATH"		# legacy HP-UX
+	LIBPATH="${THERE}:$LIBPATH"			# AIX, OS/2
+	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
+	# Even though $PATH is adjusted [for Windows sake], it doesn't
+	# necessarily does the trick. Trouble is that with introduction
+	# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
+	# .DLLs in vicinity of executable, which is done elsewhere...
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${THERE}:$PATH"; export PATH
+	fi
+	;;
+esac
+
+{- output_off() if $config{ex_libs} !~ /,-rpath,/; ""; -}
+if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
+	# Following three lines are major excuse for isolating them into
+	# this wrapper script. Original reason for setting LD_PRELOAD
+	# was to make it possible to pass 'make test' when user linked
+	# with -rpath pointing to previous version installation. Wrapping
+	# it into a script makes it possible to do so on multi-ABI
+	# platforms.
+	case "$SYSNAME" in
+	*BSD|QNX)	LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;	# *BSD, QNX
+	*)	LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;	# SunOS, Linux, ELF HP-UX
+	esac
+	_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"	# Tru64, o32 IRIX
+	DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO"	# MacOS X
+	export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
+fi
+{- output_on() if $config{ex_libs} !~ /,-rpath,/; ""; -}
+
+cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}"
+shift
+if [ $# -eq 0 ]; then
+	exec "$cmd"	# old sh, such as Tru64 4.x, fails to expand empty "$@"
+else
+	exec "$cmd" "$@"
+fi
diff --git a/openssl-1.1.0h/util/su-filter.pl b/openssl-1.1.0h/util/su-filter.pl
new file mode 100644
index 0000000..5996f58
--- /dev/null
+++ b/openssl-1.1.0h/util/su-filter.pl
@@ -0,0 +1,264 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+my $in_su = 0;
+my $indent = 0;
+my $out;
+my $braces = 0;
+my $arrcnt;
+my $data;
+my $tststr;
+my $incomm = 0;
+
+while(<>) {
+    $tststr = $_;
+    $incomm++ while $tststr =~ /\/\*/g;
+    $incomm-- while $tststr =~ /\*\//g;
+
+    if($in_su == 1) {
+        if(/}(.*);/) {
+            $out .= $_;
+            do_output($out);
+            $in_su = 0;
+        } elsif(/^ *\} [^\s]+(\[\d*\])* = \{/) {
+           $tststr = $1;
+           $arrcnt = 0;
+           $arrcnt++ while $tststr =~ /\[/g;
+           $in_su++;
+           $braces = 1;
+           /^(.* = \{)(.*)$/;
+           $data = $2;
+           $out .= $1."\n";
+        } else {
+            $out .= $_;
+        }
+    } elsif($in_su == 2) {
+        $data .= $_;
+        if(/};$/) {
+            #$data = "\n$data";
+            $data =~ s/\n */\n/g;
+            $data =~ s/};\n?//s;
+            my @strucdata = structureData($data);
+            $out .= displayData($indent, 0, \@strucdata);
+            $out .= "\n$indent};\n";
+            do_output($out);
+            $in_su = 0;
+        }
+    } elsif($incomm <= 0 && /( *)(static )?(const )?(union|struct) ([a-zA-Z_\$][\$0-9a-zA-Z_]+ )?\{/) {
+        $in_su = 1;
+        $indent = $1;
+        $out = $_;
+        next;
+    } else {
+        do_output($_);
+    }
+}
+
+
+sub structureData {
+    my $data = $_[0];
+    my @datalist = split(/(\{|\}|,|"|#|\n|\/\*|\*\/|\(|\))/, $data);
+    my $item;
+    my $dataitem = "";
+    my @struclist = ();
+    my $substruc;
+    my $inquote = 0;
+    my $inbrace = 0;
+    my $preproc = 0;
+    my $comment = 0;
+    my $inparen = 0;
+
+
+    foreach $item (@datalist) {
+        if($comment) {
+            if($item eq "*/") {
+                $comment = 0;
+                $dataitem .= "*/";
+                push @struclist, $dataitem;
+                $dataitem = "";
+                next;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inquote) {
+            $dataitem .= $item;
+            if($item eq "\"") {
+                $inquote--;
+            }
+            next;
+        }
+        if($preproc) {
+            if($item eq "\n") {
+                $preproc = 0;
+                push @struclist, $dataitem;
+                $dataitem = "";
+                next;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inbrace) {
+            if($item eq "}") {
+                $inbrace --;
+            
+                if(!$inbrace) {
+                    $substruc = structureData($dataitem);
+                    $dataitem = $substruc;
+                    next;
+                }
+            } elsif($item eq "{") {
+                $inbrace++;
+            } elsif ($item eq "\"") {
+                $inquote++;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($inparen) {
+            if($item eq ")") {
+                $inparen--;
+            }
+            $dataitem .= $item;
+            next;
+        }
+        if($item eq "\n") {
+            next;
+        }
+        if($item eq "#") {
+            $preproc = 1;
+            push @struclist, $dataitem;
+            $dataitem = "#";
+            next;
+        }
+        if($item eq "/*") {
+            $comment = 1;
+            push @struclist, $dataitem;
+            $dataitem= "/*";
+            next;
+        }
+        if($item eq "\"") {
+            $dataitem .= $item;
+            $inquote++;
+            next;
+        }
+        if($item eq "{") {
+            $inbrace++;
+            next;
+        }
+        if($item eq ",") {
+            push @struclist, $dataitem;
+            $dataitem = "";
+            next;
+        }
+        if($item eq "(") {
+            $dataitem .= $item;
+            $inparen++;
+            next;
+        }
+        if($item =~ /^\s*$/) {
+            next;
+        }
+        if(ref $dataitem eq 'ARRAY') {
+            push @struclist, $dataitem;
+            $dataitem = "";
+        }
+        $dataitem .= $item;
+    }
+    push @struclist, $dataitem;
+    return \@struclist;
+}
+
+sub displayData {
+    my $indent = shift;
+    my $depth = shift;
+    my $data = shift;
+    my $item;
+    my $out = "";
+    my $currline = "";
+    my $first = 1;
+    my $prevpreproc = 0;
+    my $prevcomment = 0;
+
+    foreach $item (@{$data}) {
+        if($item =~ /^\/\*/) {
+            #Comment
+            $item =~ s/\n/\n$indent/g;
+            if($out =~ /\n\s*$/s) {
+                $out .= $item."\n".$indent;
+            } else {
+                $out .= "\n".$indent.$item."\n".$indent;
+            }
+            $currline = $indent;
+            $prevcomment = 1;
+            next;
+        }
+        $item =~ s/^\s+//;
+        if($item =~ /^#/) {
+            #Pre-processor directive
+            if($out =~ /\n\s*$/s) {
+                $out =~ s/\n\s*$/\n/;
+                $out .= $item."\n".$indent;
+            } else {
+                $out .= "\n".$item."\n".$indent;
+            }
+            $currline = $indent;
+            $prevpreproc = 1;
+            next;
+        }
+        if($first) {
+            $first = 0;
+            if($depth != 0) {
+                $out .= $indent;
+                $currline = $indent;
+            }
+        } else {
+            if(!$prevpreproc && !$prevcomment) {
+                $out .= ", ";
+                $currline .= ", ";
+                if($depth == 1) {
+                    $out .= "\n";
+                    $currline = "";
+                }
+                if($depth == 1) {
+                    $out .= $indent;
+                    $currline .= $indent;
+                }
+            }
+
+        }
+        $prevpreproc = 0;
+        $prevcomment = 0;
+
+        if (ref $item eq 'ARRAY') {
+            if($depth == 0) {
+                $out .= displayData("$indent    ", $depth+1, $item);
+            } else {
+                $out .= "{\n".displayData("$indent    ", $depth+1, $item)."\n".$indent."}";
+                $currline = $indent."}";
+            }
+        } else {
+            if(length $currline.$item > 79) {
+                $currline = $indent;
+                $out .= "\n$indent";
+            }
+            $out .= $item;
+            $currline .= $item;
+        }
+    }
+    return $out;
+}
+
+sub do_output {
+    my $out = shift;
+    # Strip any trailing whitespace
+    $out =~ s/\s+\n/\n/g;
+    print $out;
+}
diff --git a/openssl-1.1.0h/util/unlocal_shlib.com.in b/openssl-1.1.0h/util/unlocal_shlib.com.in
new file mode 100644
index 0000000..dd4fd2a
--- /dev/null
+++ b/openssl-1.1.0h/util/unlocal_shlib.com.in
@@ -0,0 +1,26 @@
+${-
+  use File::Spec::Functions qw(rel2abs);
+
+  my $bldtop = rel2abs($config{builddir});
+  our %names = ( map { $_ => $bldtop.$_.".EXE" }
+                 map { $unified_info{sharednames}->{$_} || () }
+                 @{$unified_info{libraries}} );
+  "" -}
+$       ! Remove the local environment created by local_shlib.com
+$
+$       OPENSSL_NAMES := OPENSSL_NAMES_'F$GETJPI("","PID")'
+$       IF F$TRNLNM("OSSL_FLAG",OPENSSL_NAMES) .EQS. "" THEN EXIT 0
+$
+$       NAMES := {- join(",", keys %names); -}
+$       I = 0
+$       LOOP:
+$           E = F$ELEMENT(I,",",NAMES)
+$           I = I + 1
+$           IF E .EQS. "," THEN GOTO ENDLOOP
+$           OLDV = F$TRNLNM(E,OPENSSL_NAMES)
+$           DEASSIGN 'E'
+$           IF OLDV .NES. "" THEN DEFINE 'E' 'OLDV'
+$           GOTO LOOP
+$       ENDLOOP:
+$
+$       DEASSIGN 'OPENSSL_NAMES' /TABLE=LNM$PROCESS_DIRECTORY
diff --git a/pop.cpp b/pop.cpp
new file mode 100644
index 0000000..3407d1c
--- /dev/null
+++ b/pop.cpp
@@ -0,0 +1,252 @@
+#include <string.h>
+#include <unistd.h>
+#include <iostream>
+#include <fstream>
+#include <set>
+#include <regex>
+
+#include <io.h>
+#include <direct.h>
+
+#include "vmime/vmime.hpp"
+#include "utilities.h"
+#include "timeout_handler.hpp"
+#include "exceptions.hpp"
+
+extern "C" void validate_config(struct config *config)
+{
+	if (config->use_SSL == PARAM_NOT_GIVEN)
+		config->use_SSL = PARAM_NO;	
+	if (config->use_AUTH == PARAM_NOT_GIVEN)
+		config->use_AUTH = PARAM_NO;
+	if (config->save_body == PARAM_NOT_GIVEN)
+		config->save_body = PARAM_YES;
+	if (config->save_subj == PARAM_NOT_GIVEN)
+		config->save_subj = PARAM_YES;
+	if (config->del_msgs == PARAM_NOT_GIVEN)
+		config->del_msgs = PARAM_NO;
+
+	if (is_empty_string(config->host))
+		FAIL(MSG_BAD_VAR, "SERVER:host");
+	if (!is_valid_port_number(config->port_POP3))
+		FAIL(MSG_BAD_PORT_VAR, "SERVER:port_pop3");
+	if (!config->password)
+		FAIL(MSG_BAD_VAR, "SERVER:password");
+	if (is_empty_string(config->login))
+		FAIL(MSG_BAD_VAR, "SERVER:login");
+	if (is_empty_string(config->dest_dir))
+		FAIL(MSG_BAD_VAR, "SERVER:outputdir");
+	if (config->dest_dir[strlen(config->dest_dir) - 1] != '\\')
+		FAIL(MSG_BAD_DEST_DIR_END);
+	if (access(config->dest_dir, F_OK) != 0)
+		FAIL(MSG_DEST_DIR_NOT_EXIST);
+	if (access(config->dest_dir, W_OK) != 0)
+		FAIL(MSG_DEST_DIR_NOT_WRITEABLE);
+}
+
+static const char mail_dir_base[] = "mail_";
+static const int mail_base_length = sizeof(mail_dir_base) - 1;
+
+static long deduct_mail_dir_number(const char *parent_dir_path)
+{
+	size_t path_length = strlen(parent_dir_path);
+	intptr_t search_group;
+	_finddata_t find_data;
+	long max_number = 0, parsed_number;
+	char *glob = (char*) dirtyalloc(path_length + mail_base_length + 2);
+	const char *glob_match_start;
+
+	memcpy(glob, parent_dir_path, path_length);
+	memcpy(glob + path_length, mail_dir_base, mail_base_length);
+	path_length += mail_base_length;
+	strcpy(glob + path_length, "*");
+
+	search_group = _findfirst(glob, &find_data);
+	if (search_group < 0)
+		goto after_searching;
+	do {
+		glob_match_start = find_data.name + mail_base_length;
+		if (*glob_match_start < '1' || *glob_match_start > '9')
+			continue;
+
+		parsed_number = atol(glob_match_start);
+		if (parsed_number > max_number)
+			max_number = parsed_number;
+	} while (_findnext(search_group, &find_data) == 0);
+
+	_findclose(search_group);
+after_searching:
+	free(glob);
+	return max_number + 1;
+}
+
+static std::string get_next_filename(std::string filename)
+{
+	std::regex
+		numbered_reg("(.[^.]*)[(]([1-9][0-9]{0,8})[)](([.].*)?)"),
+		unnumbered_reg("(.[^.]*)(([.].*)?)");
+	std::smatch what;
+	std::string base_name, number, rest;
+	long new_idx;
+
+	if (regex_match(filename, what, numbered_reg)) {
+		base_name = what[1];
+		number = what[2];
+		rest = what[3];
+		new_idx = std::stol(number) + 1;
+	} else {
+		regex_match(filename, what, unnumbered_reg);
+		base_name = what[1];
+		rest = what[2];
+		new_idx = 1;
+	}
+
+	return base_name + "(" + std::to_string(new_idx) + ")" + rest;
+}
+
+static int save_file_from_handler
+(std::string dir_path, std::string file_name,
+ vmime::shared_ptr<const vmime::contentHandler> handler,
+ std::set<std::string> *filenames_used)
+{
+	while (filenames_used->count(file_name))
+		file_name = get_next_filename(file_name);
+
+	std::ofstream write;
+	write.open(dir_path + file_name, std::ios_base::binary);
+	vmime::utility::outputStreamAdapter
+		write_adapter(write);
+	handler->extract(write_adapter);
+
+	filenames_used->insert(file_name);
+
+	if (!write.good()) {
+		fprintf(stderr, MSG_FILE_SAVE_FAIL, dir_path + file_name);
+		fputs("\r\n", stderr);
+		return -1;
+	}
+	return 0;
+}
+
+static void save_message(const struct config *config, long dir_number,
+			 vmime::shared_ptr<vmime::net::message> msg,
+			 long *saved_files_count)
+{
+	size_t path_length = strlen(config->dest_dir);
+	char *dir_path =
+		(char*) dirtyalloc(path_length + mail_base_length + 25);
+
+	memcpy(dir_path, config->dest_dir, path_length);
+	memcpy(dir_path + path_length, mail_dir_base, mail_base_length);
+	path_length += mail_base_length;
+	path_length += sprintf(dir_path + path_length, "%ld\\", dir_number);
+
+	if (_mkdir(dir_path) != 0) {
+		PRINT_ERROR(MSG_MKDIR_FAIL, dir_path);
+		throw silent_exception();
+	}
+
+	std::string dir_path_str = std::string(dir_path);
+	std::set<std::string> filenames_used;
+	vmime::messageParser mp(msg->getParsedMessage());
+
+	if (config->save_subj) {
+		std::ofstream write_subj;
+		write_subj.open(dir_path_str + "temat.txt");
+		write_subj << mp.getSubject().getWholeBuffer();
+		filenames_used.insert("temat.txt");
+	}
+
+	if (config->save_body) {
+		std::string file_name;
+		for (auto text_part : mp.getTextPartList()) {
+			if (text_part->getType().getType() == "text/html")
+				file_name = "tresc.html";
+			else
+				file_name = "tresc.txt";
+
+			save_file_from_handler(dir_path_str, file_name,
+					       text_part->getText(),
+					       &filenames_used);
+		}
+	}
+
+	for (auto attachment : mp.getAttachmentList()) {
+		std::string file_name = attachment->getName().getBuffer();
+		if (save_file_from_handler(dir_path_str, file_name,
+					   attachment->getData(),
+					   &filenames_used) == 0)
+			(*saved_files_count)++;
+	}
+
+	free(dir_path);
+}
+
+using namespace vmime::security::cert;
+
+static void _perform_work(const struct config *config, long *saved_messages,
+			  long *saved_files, long *first_mail_dir_number)
+{
+	vmime::shared_ptr<vmime::net::session> session =
+		vmime::net::session::create();
+	vmime::shared_ptr<vmime::net::store> store;
+	vmime::shared_ptr<vmime::net::folder> folder;
+	vmime::shared_ptr <vmime::net::message> msg;
+	long left;
+	std::string proto = config->use_SSL ? "pop3s" : "pop3";
+
+	  session->getProperties().setProperty("store.protocol", proto);
+	session->getProperties().setProperty
+	  ("store." + proto + ".server.address", std::string(config->host));
+	session->getProperties().setProperty("server.port", config->port_POP3);
+	session->getProperties().setProperty
+	  ("store." + proto + ".auth.password", std::string(config->password));
+	session->getProperties().setProperty
+	  ("store." + proto + ".auth.username", std::string(config->login));
+	store = session->getStore();
+	if (config->use_SSL)
+		store->setCertificateVerifier(windows_root_certs_verifier());
+	store->setTimeoutHandlerFactory
+		(vmime::make_shared<parameterized_timeout_handler_factory>
+		 (config->timeout));
+	store->connect();
+	folder = store->getDefaultFolder();
+	folder->open(vmime::net::folder::MODE_READ_WRITE);
+	*first_mail_dir_number = deduct_mail_dir_number(config->dest_dir);
+	long nmes = folder->getMessageCount();
+	for (left = nmes /*folder->getMessageCount()*/; left > 0; left--) {
+		msg = folder->getMessage(/*1*/nmes - left + 1);
+		save_message(config, *first_mail_dir_number + *saved_messages,
+			     msg, saved_files);
+		(*saved_messages)++;
+		if (config->del_msgs) {
+			folder->deleteMessages
+				(vmime::net::messageSet::byNumber(nmes - left + 1));
+		}
+	}
+	folder->close(true);
+	store->disconnect();
+}
+
+extern "C" void perform_work(const struct config *config)
+{
+	long saved_messages = 0, saved_files = 0, first_mail_dir_number = 0;
+
+#define PRINT_STATS() \
+	if (first_mail_dir_number > 0)					\
+		(std::cout << "[" << saved_messages << "\\" << saved_files \
+		 << "\\" << first_mail_dir_number << "]" << std::endl)
+
+	try {
+		_perform_work(config, &saved_messages,
+			      &saved_files, &first_mail_dir_number);
+		PRINT_STATS();
+		SUCCEED();
+	} catch (vmime::exception &e) {
+		PRINT_STATS();
+		handle_vmime_exception(&e);
+	} catch (std::exception &e) {
+		PRINT_STATS();
+		handle_std_exception(&e);
+	}
+}
diff --git a/push.cpp b/push.cpp
new file mode 100644
index 0000000..e304403
--- /dev/null
+++ b/push.cpp
@@ -0,0 +1,123 @@
+#include <unistd.h>
+
+#include "vmime/vmime.hpp"
+#include "utilities.h"
+#include "timeout_handler.hpp"
+#include "exceptions.hpp"
+
+extern "C" void validate_config(struct config *config)
+{
+	if (config->use_SSL == PARAM_NOT_GIVEN)
+		config->use_SSL = PARAM_NO;	
+	if (config->use_AUTH == PARAM_NOT_GIVEN)
+		config->use_AUTH = PARAM_NO;
+
+	if (is_empty_string(config->host))
+		FAIL(MSG_BAD_VAR, "SERVER:host");
+	if (!is_valid_port_number(config->port_SMTP))
+		FAIL(MSG_BAD_PORT_VAR, "SERVER:port_smtp");
+	if (!config->subject)
+		FAIL(MSG_BAD_VAR, "MAIL:subject");
+	if (!config->from)
+		FAIL(MSG_BAD_VAR, "MAIL:from");
+	if (!config->reply_to)
+		FAIL(MSG_BAD_VAR, "MAIL:replyto");
+	if (config->nto == 0)
+		FAIL(MSG_NO_SECTION, "adresow odbiorcow", "CC");
+	if (!config->msg_body)
+		FAIL(MSG_NO_SECTION, "tresci wiadomosci", "MSG");
+	if (config->use_AUTH) {
+		if (!config->password)
+			FAIL(MSG_BAD_VAR, "SERVER:password");
+		if (is_empty_string(config->login))
+			FAIL(MSG_BAD_VAR, "SERVER:login");
+	}
+	for (unsigned int i = 0; i < config->nfiles; i++) {
+		if (access(config->files[i], F_OK) != 0)
+			FAIL(MSG_ATTACH_NOT_EXIST, config->files[i]);
+	}
+}
+
+void _perform_work(const struct config *config)
+{
+	vmime::messageBuilder mb;
+	mb.setSubject(vmime::text(std::string(config->subject)));
+	mb.setExpeditor(vmime::mailbox(std::string(config->from)));
+	mb. getTextPart()->setText
+		(vmime::make_shared<vmime::stringContentHandler>
+		 (config->msg_body));
+	for (unsigned int i = 0; i < config->nto; i++) {
+		mb.getCopyRecipients().appendAddress
+			(vmime::make_shared<vmime::mailbox>
+			 (std::string(config->to[i])));
+	}
+	for (unsigned int i = 0; i < config->nfiles; i++) {
+		const char *file_name =
+			config->files[i] + strlen(config->files[i]) - 1;
+
+		while (*file_name != '\\' &&
+		       file_name != config->files[i])
+			file_name--;
+
+		vmime::shared_ptr<vmime::fileAttachment> att =
+			vmime::make_shared<vmime::fileAttachment>
+			(std::string(config->files[i]),
+			 vmime::mediaType("application/octet-stream"));
+		att->getFileInfo().setFilename(file_name);
+		mb.appendAttachment(att);
+	}
+
+	vmime::shared_ptr<vmime::message> msg = mb.construct();
+	vmime::shared_ptr<vmime::headerFieldFactory> hf =
+		vmime::headerFieldFactory::getInstance();
+	vmime::shared_ptr<vmime::headerField> reply_to =
+		hf->create(vmime::fields::REPLY_TO);
+
+	reply_to->setValue(vmime::make_shared<vmime::mailbox>
+			   (std::string(config->reply_to)));
+	msg->getHeader()->appendField(reply_to);
+
+	vmime::shared_ptr<vmime::net::session> session =
+		vmime::net::session::create();
+	vmime::shared_ptr<vmime::net::transport> transport;
+	std::string proto = config->use_SSL ? "smtps" : "smtp";
+
+	session->getProperties().setProperty("transport.protocol", proto);
+	session->getProperties().setProperty
+		("transport." + proto + ".server.address",
+		 std::string(config->host));
+	session->getProperties().setProperty("server.port", config->port_SMTP);
+	if (config->use_AUTH) {
+		session->getProperties().setProperty
+			("transport." + proto + ".auth.password",
+			 std::string(config->password));
+		session->getProperties().setProperty
+			("transport." + proto + ".auth.username",
+			 std::string(config->login));
+		session->getProperties().setProperty
+			("transport." + proto + ".options.need-authentication",
+			 true);
+	}
+	transport = session->getTransport();
+	if (config->use_SSL)
+		transport->setCertificateVerifier
+			(windows_root_certs_verifier());
+	transport->setTimeoutHandlerFactory
+		(vmime::make_shared<parameterized_timeout_handler_factory>
+		 (config->timeout));
+	transport->connect();
+	transport->send(msg);
+	transport->disconnect();
+}
+
+extern "C" void perform_work(const struct config *config)
+{
+	try {
+		_perform_work(config);
+		SUCCEED();
+	} catch (vmime::exception &e) {
+		handle_vmime_exception(&e);
+	} catch (std::exception &e) {
+		handle_std_exception(&e);
+	}
+}
diff --git a/test_config.ini b/test_config.ini
new file mode 100644
index 0000000..2ab9217
--- /dev/null
+++ b/test_config.ini
@@ -0,0 +1,50 @@
+[SERVER]
+#login=exampleu
+#password=exampleu
+# replyto=****@*********
+# from=****@*********
+# host=mail.mydomain.com
+# ssl=0
+# auth=1
+
+login=*********@***********
+password=CV45asOPew
+#login=*******@********
+#password=****************
+#replyto=*********@**********
+#from=*********@**********
+replyto=*********@***********
+from=*********@***********
+host=****************
+#host=******************
+ssl=1
+auth=1
+timeout=30
+outputdir=Z:\some\path
+#save_subject=1
+#save_body=1
+#delete_msg=0
+# port_pop3=995
+# port_smtp=25
+port_pop3=993
+port_smtp=465
+#port_smtp=587
+
+[MAIL]
+subject=blah blah
+
+[CC]
+#cc1=exampleu@mydomain.com
+cc1=*********@***********
+#cc1=*********@**********
+#cc2=absd1@mydomain.com
+#cc3=absd2@mydomain.com
+
+
+[MSG]
+line1=
+
+[FILES]
+file1=Z:\home\urz\pierdoly6+\zucie\pop3\proj_dirty\push.exe
+file2=Z:\home\urz\pierdoly6+\zucie\pop3\proj_dirty\pop.exe
+#file2=Z:\home\urz\pierdoly6+\zucie\pop3\hello.c
diff --git a/timeout_handler.cpp b/timeout_handler.cpp
new file mode 100644
index 0000000..a7deba4
--- /dev/null
+++ b/timeout_handler.cpp
@@ -0,0 +1,81 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+/* modified from defaultTimeoutHandler.cpp */
+
+#include "vmime/config.hpp"
+#include "timeout_handler.hpp"
+
+
+parameterized_timeout_handler::parameterized_timeout_handler
+(int timeout_seconds)
+{
+
+	m_startTime = time(NULL);
+	this->timeout_seconds = timeout_seconds;
+}
+
+
+parameterized_timeout_handler::~parameterized_timeout_handler()
+{
+
+}
+
+
+bool parameterized_timeout_handler::isTimeOut()
+{
+
+	return time(NULL) - m_startTime >= timeout_seconds;
+}
+
+
+void parameterized_timeout_handler::resetTimeOut()
+{
+
+	m_startTime = time(NULL);
+}
+
+
+bool parameterized_timeout_handler::handleTimeOut()
+{
+
+	return false;
+}
+
+parameterized_timeout_handler_factory::parameterized_timeout_handler_factory
+(int timeout_seconds)
+{
+	this->timeout_seconds = timeout_seconds;
+}
+
+parameterized_timeout_handler_factory::~parameterized_timeout_handler_factory()
+{
+}
+
+vmime::shared_ptr <vmime::net::timeoutHandler>
+parameterized_timeout_handler_factory::create()
+{
+//	vmime::shared_ptr <vmime::net::timeoutHandler> handler =
+	return vmime::make_shared <parameterized_timeout_handler>(timeout_seconds);
+//	handler.set_timeout()
+}
diff --git a/timeout_handler.hpp b/timeout_handler.hpp
new file mode 100644
index 0000000..b8448a1
--- /dev/null
+++ b/timeout_handler.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+/* modified from defaultTimeoutHandler.hpp */
+
+#ifndef VMIME_NET_PARAMETERIZABLETTIMEOUTHANDLER_HPP_INCLUDED
+#define VMIME_NET_PARAMETERIZABLETTIMEOUTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+#include <ctime>
+
+
+/** A parameterized timeout handler for messaging services. The default action
+  * is to throw a exceptions::operation_timed_out exception when an
+  * operation is blocked for more than the specified number of seconds.
+  */
+class parameterized_timeout_handler : public vmime::net::timeoutHandler {
+
+public:
+
+	parameterized_timeout_handler(int timeout_seconds);
+	~parameterized_timeout_handler();
+
+	bool isTimeOut();
+	void resetTimeOut();
+	bool handleTimeOut();
+
+private:
+
+	time_t m_startTime;
+	int timeout_seconds;
+};
+
+/** A class that creates parameterized timeout handlers.
+  */
+class parameterized_timeout_handler_factory :
+	public vmime::net::timeoutHandlerFactory {
+
+public:
+
+	parameterized_timeout_handler_factory(int timeout_seconds);
+	~parameterized_timeout_handler_factory();
+
+	vmime::shared_ptr <vmime::net::timeoutHandler> create();
+
+private:
+
+	int timeout_seconds;
+};
+
+
+#endif // VMIME_NET_PARAMETERIZABLETTIMEOUTHANDLER_HPP_INCLUDED
diff --git a/utilities.h b/utilities.h
new file mode 100644
index 0000000..23044ca
--- /dev/null
+++ b/utilities.h
@@ -0,0 +1,83 @@
+#ifndef UTILITIES_H
+#define UTILITIES_H
+
+#include <stdbool.h>
+#include <stdio.h>
+
+#ifdef __cplusplus
+#include "vmime/vmime.hpp"
+
+vmime::shared_ptr<vmime::security::cert::defaultCertificateVerifier>
+windows_root_certs_verifier(void);
+
+extern "C" {
+#endif
+
+enum bool_param {
+	PARAM_NO,
+	PARAM_YES,
+	PARAM_NOT_GIVEN
+};
+
+struct config {
+	const char *host;
+	const char *login;
+	const char *password;
+	const char *subject;
+	const char *reply_to;
+	const char *from;
+	const char *dest_dir;
+	const char **files;
+	size_t nfiles;
+	const char *msg_body;
+	size_t msg_size;
+	const char **to;
+	size_t nto;
+	int port_POP3;
+	int port_SMTP;
+	enum bool_param use_SSL;
+	enum bool_param use_AUTH;
+	int timeout;
+	enum bool_param del_msgs;
+	enum bool_param save_body;
+	enum bool_param save_subj;
+};
+
+void _finish(bool ok);
+#define PRINT_ERROR(message...) \
+  ((fprintf(stderr, message) && false) || fprintf(stderr, "\r\n"))
+#define FAIL(message...) _finish(PRINT_ERROR(message) && false)
+#define FAIL_NOMSG() _finish(false)
+#define SUCCEED() _finish(true)
+
+void *dirtyalloc(size_t size);
+
+void read_config(const char *filename, struct config *config);
+
+void get_config(int argc, const char **argv, struct config *config);
+
+int dummy_errback(const char *fmt, ...);
+
+int provisional_wide_char_fgetc(FILE *stream);
+
+bool is_valid_port_number(int port);
+
+void free_config(struct config *config);
+
+void validate_config(struct config *config);
+
+void perform_work(const struct config *config);
+
+inline static bool is_empty_string(const char *string)
+{
+	return string == NULL || *string == '\0';
+}
+
+#define MESSAGES_EXTERN
+#include "messages.c"
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UTILITIES_H */
diff --git a/vmime-master/.gitignore b/vmime-master/.gitignore
new file mode 100644
index 0000000..2262aac
--- /dev/null
+++ b/vmime-master/.gitignore
@@ -0,0 +1,41 @@
+*.o
+*.sw?
+*.a
+*.dSYM
+*.vim
+
+# Doxygen-generated
+doc/html/*
+
+# CMake-generated / Build files
+CMakeFiles/
+CMakeCache.txt
+/_CPack_Packages/
+cmake_install.cmake
+/CPackConfig.cmake
+/CPackSourceConfig.cmake
+/Doxyfile
+/Makefile
+/install_manifest*
+/libvmime.a
+/vmime.pc
+/src/vmime/config.hpp
+/src/vmime/export-static.hpp
+/src/vmime/export-shared.hpp
+/COPYING.txt
+build/
+Makefile
+export-shared.hpp
+export-static.hpp
+
+# Outsourced build test
+/_build/
+/_install/
+
+# CTest-generated files
+/CTestTestfile.cmake
+/Testing/
+
+# Mac
+._DS_Store
+
diff --git a/vmime-master/.travis.yml b/vmime-master/.travis.yml
new file mode 100644
index 0000000..eb3ada8
--- /dev/null
+++ b/vmime-master/.travis.yml
@@ -0,0 +1,37 @@
+# Travis-CI build file for VMime
+# See http://travis-ci.org for details
+
+language: cpp
+
+compiler:
+  - gcc
+  - clang
+
+# Settings
+env:
+  # -- default configuration (iconv + GnuTLS)
+  - CTEST_OUTPUT_ON_FAILURE=1 OPTIONS="-DVMIME_SENDMAIL_PATH=/path/to/sendmail -DCMAKE_BUILD_TYPE=Debug -DVMIME_BUILD_TESTS=ON -DVMIME_BUILD_SAMPLES=ON"
+  # -- ICU
+  - CTEST_OUTPUT_ON_FAILURE=1 OPTIONS="-DVMIME_SENDMAIL_PATH=/path/to/sendmail -DCMAKE_BUILD_TYPE=Debug -DVMIME_BUILD_TESTS=ON -DVMIME_BUILD_SAMPLES=ON -DVMIME_CHARSETCONV_LIB_IS_ICONV=OFF -DVMIME_CHARSETCONV_LIB_IS_ICU=ON"
+  # -- OpenSSL
+  - CTEST_OUTPUT_ON_FAILURE=1 OPTIONS="-DVMIME_SENDMAIL_PATH=/path/to/sendmail -DCMAKE_BUILD_TYPE=Debug -DVMIME_BUILD_TESTS=ON -DVMIME_BUILD_SAMPLES=ON -DVMIME_TLS_SUPPORT_LIB_IS_GNUTLS=OFF -DVMIME_TLS_SUPPORT_LIB_IS_OPENSSL=ON"
+
+# Make sure some required tools/libraries are installed
+install:
+  - sudo apt-get update >/dev/null
+  - sudo apt-get -q install cmake libcppunit-dev valgrind
+  - sudo apt-get -q install libgsasl7-dev libgnutls-dev libssl-dev libicu-dev libboost-dev
+  # -- for the samples
+  - sudo apt-get -q install libgtk-3-dev
+
+# Run the build script
+script:
+  - mkdir _build
+  - cd _build
+  - cmake .. -DCMAKE_INSTALL_PREFIX=../_install $OPTIONS
+  - cmake .. -L
+  - cat ./src/vmime/config.hpp
+  - cat ./src/vmime/export-shared.hpp
+  - cat ./src/vmime/export-static.hpp
+  - cmake --build . --target install
+  - ctest
diff --git a/vmime-master/AUTHORS b/vmime-master/AUTHORS
new file mode 100644
index 0000000..1ddeb3d
--- /dev/null
+++ b/vmime-master/AUTHORS
@@ -0,0 +1,38 @@
+
+VMIME AUTHOR
+============
+
+Vincent Richard <vincent@vmime.org>
+Project owner and creator. VMime was created in 1998, and publicly released
+under the GNU GPL license in 2003.
+
+
+VMIME CONTRIBUTORS
+==================
+
+VMime is Open Source software, you are free and welcome to contribute!
+
+If you have a patch and you want it to be included into official VMime
+release, you have to release your patch into the public domain or assign
+the copyright to "VMime authors". You will then be credited in this
+AUTHORS file.
+
+ - Stefan Uhrig  <stefanuhrig@gmx.net>
+ - Rafael Fernandez <prf@adinet.com.uy>
+ - Xin Li <lixin3@staff.sina.com.cn>
+ - Benjamin Biron <benbiron@gmail.com>
+ - Bertrand Benoit <projettwk@users.sourceforge.net>
+ - Tim Teulings <rael@edge.ping.de>
+ - Georg Sauthoff <gsauthof@techfak.uni-bielefeld.de>
+ - Pierre Thierry <nowhere.man@levallois.eu.org> (patches for STL algorithms)
+ - Zarafa <http://developer.zarafa.com/VmimePatches>
+ - Bartek Szurgot <vempirelord@wp.pl, http://baszerr.org>
+ - Achim Brandt <http://sourceforge.net/users/a-brandt/>
+ - Mehmet Bozkurt <mehmet.bozkurt78@gmail.com> (OpenSSL support, ICU support)
+ - Anthony Dervish <antmd@mac.com>
+
+Please apologize if I have forgotten someone here.  ;)  Send me an email
+to <vincent@vmime.org> if you want your name to be listed.
+
+See Changelogs for full list.
+
diff --git a/vmime-master/CMakeLists.txt b/vmime-master/CMakeLists.txt
new file mode 100644
index 0000000..6206e6f
--- /dev/null
+++ b/vmime-master/CMakeLists.txt
@@ -0,0 +1,1038 @@
+#
+# CMake configuration file for VMime
+#
+# Usage:
+#
+# . 'cmake -LH' to list build settings variable
+#
+# . 'cmake -G <generator>' to generate makefiles for a build system
+#   eg. cmake -G "Unix Makefiles"
+#
+# For more information, please visit:
+# http://www.cmake.org
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 3.1 FATAL_ERROR)
+
+INCLUDE(cmake/Utils.cmake)
+
+INCLUDE(CheckIncludeFiles)
+INCLUDE(CheckIncludeFileCXX)
+INCLUDE(CheckFunctionExists)
+INCLUDE(CheckSymbolExists)
+INCLUDE(CheckTypeSize)
+INCLUDE(CheckLibraryExists)
+INCLUDE(CheckCXXSourceCompiles)
+INCLUDE(GNUInstallDirs)
+
+
+# CMake configuration
+SET(CMAKE_RUNTIME_OUTPUT_DIRECTORY build/bin)
+SET(CMAKE_LIBRARY_OUTPUT_DIRECTORY build/lib)
+SET(CMAKE_ARCHIVE_OUTPUT_DIRECTORY build/lib)
+
+SET(CMAKE_VERBOSE_MAKEFILE ON)
+
+
+# Package version number
+SET(VMIME_VERSION_MAJOR  0)
+SET(VMIME_VERSION_MINOR  9)
+SET(VMIME_VERSION_MICRO  2)
+
+# API version number (libtool)
+#
+# Increment this number only immediately before a public release.
+# This is independent from package version number.
+#
+# See: http://semver.org/
+#
+# . Implementation changed (eg. bug/security fix):  REVISION++
+# . Interfaces added/removed/changed:               CURRENT++, REVISION=0
+# . Interfaces added (upward-compatible changes):   AGE++
+# . Interfaces removed:                             AGE=0
+SET(VMIME_API_VERSION_CURRENT   1)
+SET(VMIME_API_VERSION_REVISION  0)
+SET(VMIME_API_VERSION_AGE       0)
+
+
+SET(VMIME_VERSION ${VMIME_VERSION_MAJOR}.${VMIME_VERSION_MINOR}.${VMIME_VERSION_MICRO})
+SET(VMIME_API_VERSION ${VMIME_API_VERSION_CURRENT}.${VMIME_API_VERSION_REVISION}.${VMIME_API_VERSION_AGE})
+
+
+##############################################################################
+# VMime Library
+
+# Project
+PROJECT(
+	vmime
+	LANGUAGES CXX C
+	VERSION ${VMIME_VERSION}
+)
+
+# Set base name
+SET(VMIME_LIBRARY_NAME vmime)
+SET(VMIME_LIBRARY_VENDOR Kisli)
+
+# Enable C++11
+SET(CMAKE_CXX_STANDARD 11)
+SET(CMAKE_CXX_STANDARD_REQUIRED ON)
+SET(CMAKE_CXX_EXTENSIONS OFF)
+
+# Source files
+FILE(
+	GLOB_RECURSE
+	VMIME_LIBRARY_SRC_FILES
+	${CMAKE_CURRENT_SOURCE_DIR}/src/vmime/*.cpp
+)
+
+FILE(
+	GLOB_RECURSE
+	VMIME_LIBRARY_INCLUDE_FILES
+	${CMAKE_CURRENT_SOURCE_DIR}/src/vmime/*.hpp
+)
+
+LIST(APPEND VMIME_LIBRARY_GENERATED_INCLUDE_FILES "${CMAKE_BINARY_DIR}/src/vmime/config.hpp")
+
+INCLUDE_DIRECTORIES(
+	${CMAKE_CURRENT_SOURCE_DIR}          # for "contrib/"
+	${CMAKE_CURRENT_SOURCE_DIR}/src      # for "vmime/
+	${CMAKE_BINARY_DIR}/src              # for "config.hpp"
+	${CMAKE_BINARY_DIR}/src/vmime        # for "config.hpp"
+)
+
+INCLUDE(GenerateExportHeader)
+ADD_COMPILER_EXPORT_FLAGS()
+
+# Shared library
+OPTION(
+	VMIME_BUILD_SHARED_LIBRARY
+	"Build shared library"
+	ON
+)
+
+IF(VMIME_BUILD_SHARED_LIBRARY)
+
+	ADD_LIBRARY(
+		${VMIME_LIBRARY_NAME}
+		SHARED
+		${VMIME_LIBRARY_SRC_FILES}
+		${VMIME_LIBRARY_INCLUDE_FILES}
+	)
+
+	TARGET_INCLUDE_DIRECTORIES(${VMIME_LIBRARY_NAME} PUBLIC
+  		$<INSTALL_INTERFACE:include>
+	)
+
+	GENERATE_EXPORT_HEADER(
+		${VMIME_LIBRARY_NAME}
+		BASE_NAME VMIME
+		STATIC_DEFINE VMIME_STATIC
+		EXPORT_FILE_NAME export-shared.hpp
+	)
+
+	FILE(
+		COPY
+		${CMAKE_CURRENT_BINARY_DIR}/export-shared.hpp
+		DESTINATION
+		${CMAKE_BINARY_DIR}/src/vmime
+	)
+
+	LIST(APPEND VMIME_LIBRARY_GENERATED_INCLUDE_FILES "${CMAKE_BINARY_DIR}/src/vmime/export-shared.hpp")
+
+	SET_TARGET_PROPERTIES(
+		${VMIME_LIBRARY_NAME}
+		PROPERTIES
+		VERSION    "${VMIME_API_VERSION}"
+		SOVERSION  "${VMIME_API_VERSION_CURRENT}"
+		COMPILE_FLAGS -DVMIME_SHARED
+	)
+
+ENDIF()
+
+# Static library
+#
+# Note: cannot have two targets with the same name so the static version has
+# '-static' appended and then the name of the output file is set separately.
+OPTION(
+	VMIME_BUILD_STATIC_LIBRARY
+	"Build static library"
+	ON
+)
+
+IF(VMIME_BUILD_STATIC_LIBRARY)
+
+	ADD_LIBRARY(
+		${VMIME_LIBRARY_NAME}-static
+		STATIC
+		${VMIME_LIBRARY_SRC_FILES}
+		${VMIME_LIBRARY_INCLUDE_FILES}
+	)
+
+ 	TARGET_INCLUDE_DIRECTORIES(${VMIME_LIBRARY_NAME}-static PUBLIC
+  		$<INSTALL_INTERFACE:include>
+	)
+
+	GENERATE_EXPORT_HEADER(
+		${VMIME_LIBRARY_NAME}-static
+		BASE_NAME VMIME
+		STATIC_DEFINE VMIME_STATIC
+		EXPORT_FILE_NAME export-static.hpp
+	)
+
+	FILE(
+		COPY
+		${CMAKE_CURRENT_BINARY_DIR}/export-static.hpp
+		DESTINATION
+		${CMAKE_BINARY_DIR}/src/vmime
+	)
+
+	LIST(APPEND VMIME_LIBRARY_GENERATED_INCLUDE_FILES "${CMAKE_BINARY_DIR}/src/vmime/export-static.hpp")
+
+	SET_TARGET_PROPERTIES(
+		${VMIME_LIBRARY_NAME}-static
+		PROPERTIES
+		OUTPUT_NAME  ${VMIME_LIBRARY_NAME}
+		COMPILE_FLAGS -DVMIME_STATIC
+	)
+
+ENDIF()
+
+# Ensure at least one type of library (either shared or static) is build
+IF(NOT(VMIME_BUILD_SHARED_LIBRARY OR VMIME_BUILD_STATIC_LIBRARY))
+	MESSAGE(FATAL_ERROR "You should select at least one library to build (either VMIME_BUILD_SHARED_LIBRARY or VMIME_BUILD_STATIC_LIBRARY must be set to YES.")
+ENDIF()
+
+# These next two lines are required but it is unclear exactly what they do.
+# The CMake FAQ mentions they are necessary and it does not work otherwise.
+IF(VMIME_BUILD_SHARED_LIBRARY)
+	SET_TARGET_PROPERTIES(${VMIME_LIBRARY_NAME} PROPERTIES CLEAN_DIRECT_OUTPUT 1)
+ENDIF()
+IF(VMIME_BUILD_STATIC_LIBRARY)
+	SET_TARGET_PROPERTIES(${VMIME_LIBRARY_NAME}-static PROPERTIES CLEAN_DIRECT_OUTPUT 1)
+ENDIF()
+
+SET(CMAKE_INSTALL_LIBDIR lib CACHE PATH "Output directory for libraries")
+
+# Installation of libraries
+IF(VMIME_BUILD_SHARED_LIBRARY)
+	INSTALL(
+		TARGETS ${VMIME_LIBRARY_NAME}
+		EXPORT ${VMIME_LIBRARY_NAME}-config
+		LIBRARY DESTINATION "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}" COMPONENT sharedlibs
+		ARCHIVE DESTINATION "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}" COMPONENT sharedlibs
+	)
+ENDIF()
+
+IF(VMIME_BUILD_STATIC_LIBRARY)
+	INSTALL(
+		TARGETS ${VMIME_LIBRARY_NAME}-static
+		EXPORT ${VMIME_LIBRARY_NAME}-config
+		LIBRARY DESTINATION "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}" COMPONENT staticlibs
+		ARCHIVE DESTINATION "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}" COMPONENT staticlibs
+	)
+ENDIF()
+
+# Installation of header files
+INSTALL_HEADERS_WITH_DIRECTORY(VMIME_LIBRARY_INCLUDE_FILES headers "${CMAKE_CURRENT_SOURCE_DIR}/src/")
+INSTALL_HEADERS_WITH_DIRECTORY(VMIME_LIBRARY_GENERATED_INCLUDE_FILES headers "${CMAKE_BINARY_DIR}/src")
+
+#INSTALL(
+#	FILES ${VMIME_LIBRARY_INCLUDE_FILES}
+#	DESTINATION include
+#	COMPONENT headers
+#)
+
+install(EXPORT ${VMIME_LIBRARY_NAME}-config DESTINATION cmake)
+
+
+##############################################################################
+# Tests
+
+OPTION(
+	VMIME_BUILD_TESTS
+	"Build unit tests (this will create a 'run-tests' binary)"
+	OFF
+)
+
+IF(VMIME_BUILD_TESTS)
+
+	ENABLE_TESTING()
+
+	INCLUDE(cmake/FindCppUnit.cmake)
+	INCLUDE_DIRECTORIES(${CPPUNIT_INCLUDE_DIR})
+
+	FILE(
+		GLOB_RECURSE
+		VMIME_TESTS_SRC_FILES
+		${CMAKE_CURRENT_SOURCE_DIR}/tests/*Test.cpp
+	)
+
+	ADD_LIBRARY(
+		test-runner
+		${CMAKE_CURRENT_SOURCE_DIR}/tests/testRunner.cpp ${CMAKE_CURRENT_SOURCE_DIR}/tests/testUtils.cpp
+	)
+
+	# Build one file for each test
+	FOREACH(VMIME_TEST_SRC_FILE ${VMIME_TESTS_SRC_FILES})
+
+		# "/path/to/vmime/tests/module/testFile.cpp" --> "module_testFile"
+		GET_FILENAME_COMPONENT(VMIME_TEST_SRC_PATH "${VMIME_TEST_SRC_FILE}" PATH)
+		STRING(REPLACE "${CMAKE_CURRENT_SOURCE_DIR}" "" VMIME_TEST_SRC_PATH "${VMIME_TEST_SRC_PATH}")
+		GET_FILENAME_COMPONENT(VMIME_TEST_NAME "${VMIME_TEST_SRC_FILE}" NAME_WE)
+		SET(VMIME_TEST_NAME "${VMIME_TEST_SRC_PATH}/${VMIME_TEST_NAME}")
+		STRING(REPLACE "/" "_" VMIME_TEST_NAME "${VMIME_TEST_NAME}")
+		STRING(REPLACE "_tests_" "" VMIME_TEST_NAME "${VMIME_TEST_NAME}")
+
+		ADD_EXECUTABLE(
+			${VMIME_TEST_NAME}
+			${VMIME_TEST_SRC_FILE}
+		)
+
+		TARGET_LINK_LIBRARIES(
+			${VMIME_TEST_NAME}
+			${VMIME_LIBRARY_NAME}
+			${CPPUNIT_LIBRARY} test-runner
+		)
+
+		ADD_DEPENDENCIES(
+			${VMIME_TEST_NAME}
+			${VMIME_LIBRARY_NAME}
+		)
+
+		ADD_TEST(
+			${VMIME_TEST_NAME}
+			${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/${VMIME_TEST_NAME}
+		)
+
+	ENDFOREACH()
+
+	# Build one file for all tests
+	ADD_EXECUTABLE(
+		"run-tests"
+		${VMIME_TESTS_SRC_FILES}
+	)
+
+	TARGET_LINK_LIBRARIES(
+		"run-tests"
+		${VMIME_LIBRARY_NAME}
+		${CPPUNIT_LIBRARY} test-runner
+	)
+
+	ADD_DEPENDENCIES(
+		"run-tests"
+		${VMIME_LIBRARY_NAME}
+	)
+
+ENDIF()
+
+
+##############################################################################
+# Examples
+
+OPTION(
+	VMIME_BUILD_SAMPLES
+	"Build samples (in 'examples' directory)"
+	OFF
+)
+
+
+##############################################################################
+# Packaging / Distribution
+
+# Package information
+SET(VMIME_PACKAGE_NAME         ${VMIME_LIBRARY_NAME})
+SET(VMIME_PACKAGE_VENDOR       ${VMIME_LIBRARY_VENDOR})
+SET(VMIME_PACKAGE_VERSION      ${VMIME_VERSION})
+SET(VMIME_PACKAGE_CONTACT      "Vincent Richard <vincent@vmime.org>")
+SET(VMIME_PACKAGE_DESCRIPTION  "VMime C++ Mail Library (http://www.vmime.org)")
+SET(VMIME_PACKAGE_HOMEPAGE_URL "https://www.vmime.org")
+
+SET(CPACK_PACKAGE_NAME                 "${VMIME_PACKAGE_NAME}")
+SET(CPACK_PACKAGE_VENDOR               "${VMIME_PACKAGE_VENDOR}")
+SET(CPACK_PACKAGE_CONTACT              "${VMIME_PACKAGE_CONTACT}")
+SET(CPACK_PACKAGE_DESCRIPTION          "${VMIME_PACKAGE_DESCRIPTION}")
+SET(CPACK_PACKAGE_DESCRIPTION_SUMMARY  "${CPACK_PACKAGE_DESCRIPTION}")
+SET(CPACK_PACKAGE_HOMEPAGE_URL         "${VMIME_PACKAGE_HOMEPAGE_URL}")
+SET(CPACK_PACKAGE_VERSION              "${VMIME_PACKAGE_VERSION}")
+
+# Package settings
+IF(APPLE)
+	# CPack/PackageManager won't allow file without recognized extension
+	# to be used as license file.
+	CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/COPYING" "${CMAKE_BINARY_DIR}/COPYING.txt" COPYONLY)
+	SET(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_BINARY_DIR}/COPYING.txt")
+	CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/README" "${CMAKE_BINARY_DIR}/README.txt" COPYONLY)
+	SET(CPACK_RESOURCE_FILE_README "${CMAKE_BINARY_DIR}/README.txt")
+ELSE()
+	SET(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING")
+	SET(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README")
+ENDIF(APPLE)
+
+SET(CPACK_SOURCE_GENERATOR             TGZ)
+SET(CPACK_SOURCE_IGNORE_FILES          "\\\\.git;~$;build/")
+SET(CPACK_SOURCE_PACKAGE_FILE_NAME     ${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION})
+
+# Set components
+SET(CPACK_COMPONENTS_ALL sharedlibs staticlibs headers)
+
+SET(CPACK_COMPONENT_SHAREDLIBS_DISPLAY_NAME "Shared libraries")
+SET(CPACK_COMPONENT_SHAREDLIBS_DESCRIPTION
+	"Shared library for general use.")
+
+SET(CPACK_COMPONENT_STATICLIBS_DISPLAY_NAME "Static libraries")
+SET(CPACK_COMPONENT_STATICLIBS_DESCRIPTION
+	"Static library, good if you want to embed VMime in your application.")
+
+SET(CPACK_COMPONENT_HEADERS_DISPLAY_NAME "C++ Headers")
+SET(CPACK_COMPONENT_HEADERS_DESCRIPTION
+	"C/C++ header files.")
+
+SET(CPACK_COMPONENT_SHAREDLIBS_GROUP "Development")
+SET(CPACK_COMPONENT_STATICLIBS_GROUP "Development")
+SET(CPACK_COMPONENT_HEADERS_GROUP    "Development")
+SET(CPACK_COMPONENT_GROUP_DEVELOPMENT_DESCRIPTION "")
+
+# Make a target "dist" to generate tarball
+SET(ARCHIVE_NAME ${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION})
+
+ADD_CUSTOM_TARGET(
+	dist
+	COMMAND git archive --prefix=${ARCHIVE_NAME}/ HEAD
+	| bzip2 > ${CMAKE_BINARY_DIR}/${ARCHIVE_NAME}.tar.bz2
+	WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+# PkgConfig
+SET(prefix      ${CMAKE_INSTALL_PREFIX})
+SET(exec_prefix ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR})
+SET(includedir  ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR}/vmime)
+SET(libdir      ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR})
+
+SET(VMIME_PKGCONFIG_LIBS     "")
+SET(VMIME_PKGCONFIG_CFLAGS   "")
+SET(VMIME_PKGCONFIG_REQUIRES "")
+
+
+##############################################################################
+# Build type
+
+IF(NOT CMAKE_BUILD_TYPE)
+	SET(
+		CMAKE_BUILD_TYPE
+		"Debug"
+		CACHE STRING
+		"Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel."
+		FORCE
+	)
+ENDIF(NOT CMAKE_BUILD_TYPE)
+
+# Set a default build type for single-configuration
+# CMake generators if no build type is set.
+IF(NOT CMAKE_CONFIGURATION_TYPES AND NOT CMAKE_BUILD_TYPE)
+	SET(CMAKE_BUILD_TYPE Debug)
+ENDIF()
+
+# Debug build
+MESSAGE("-- Build type: ${CMAKE_BUILD_TYPE}")
+IF(${CMAKE_BUILD_TYPE} STREQUAL Debug)
+	ADD_DEFINITIONS(-DDEBUG)
+ENDIF(${CMAKE_BUILD_TYPE} STREQUAL Debug)
+
+
+IF(CMAKE_BUILD_TYPE STREQUAL "Debug")
+	SET(VMIME_DEBUG 1)
+ELSE()
+	SET(VMIME_DEBUG 0)
+ENDIF()
+
+
+##############################################################################
+# Test endianness and basic type sizes
+
+INCLUDE(TestBigEndian)
+TEST_BIG_ENDIAN(BIGENDIAN)
+
+IF(BIGENDIAN EQUAL 0)
+	set(VMIME_BYTE_ORDER_BIG_ENDIAN     0)
+	set(VMIME_BYTE_ORDER_LITTLE_ENDIAN  1)
+ELSE(BIGENDIAN EQUAL 0)
+	SET(VMIME_BYTE_ORDER_BIG_ENDIAN     1)
+	SET(VMIME_BYTE_ORDER_LITTLE_ENDIAN  0)
+ENDIF(BIGENDIAN EQUAL 0)
+
+
+CHECK_INCLUDE_FILE_CXX(cstdint VMIME_HAVE_CSTDINT)
+
+CHECK_TYPE_SIZE("char"      SIZEOF_CHAR)
+CHECK_TYPE_SIZE("short"     SIZEOF_SHORT)
+CHECK_TYPE_SIZE("int"       SIZEOF_INT)
+CHECK_TYPE_SIZE("long"      SIZEOF_LONG)
+CHECK_TYPE_SIZE("long long" SIZEOF_LONG_LONG)
+CHECK_TYPE_SIZE("__int64"   SIZEOF___INT64)
+
+SET(CMAKE_EXTRA_INCLUDE_FILES cstdint)
+CHECK_TYPE_SIZE("int64_t"   SIZEOF_INT64_T)
+SET(CMAKE_EXTRA_INCLUDE_FILES)
+
+
+IF(SIZEOF_CHAR EQUAL 1)
+	SET(VMIME_8BIT_TYPE "char")
+ELSE()
+	MESSAGE(FATAL_ERROR "Cannot determine 8-bit type")
+ENDIF()
+
+IF(SIZEOF_INT EQUAL 2)
+	SET(VMIME_16BIT_TYPE "int")
+ELSE()
+	IF(SIZEOF_SHORT EQUAL 2)
+		SET(VMIME_16BIT_TYPE "short")
+	ELSE()
+		MESSAGE(FATAL_ERROR "Cannot determine 16-bit type")
+	ENDIF()
+ENDIF()
+
+IF(SIZEOF_INT EQUAL 4)
+	SET(VMIME_32BIT_TYPE "int")
+ELSE()
+	IF(SIZEOF_LONG EQUAL 4)
+		SET(VMIME_32BIT_TYPE "long")
+	ELSE()
+		IF(SIZEOF_LONG_LONG EQUAL 4)
+			SET(VMIME_32BIT_TYPE "long long")
+		ELSE()
+			MESSAGE(FATAL_ERROR "Cannot determine 32-bit type")
+		ENDIF()
+	ENDIF()
+ENDIF()
+
+IF(SIZEOF_INT EQUAL 8)
+	SET(VMIME_64BIT_TYPE "int")
+ELSE()
+	IF(SIZEOF_LONG EQUAL 8)
+		SET(VMIME_64BIT_TYPE "long")
+	ELSE()
+		IF(SIZEOF_LONG_LONG EQUAL 8)
+			SET(VMIME_64BIT_TYPE "long long")
+		ELSE()
+			IF(SIZEOF_INT64_T EQUAL 8)
+				SET(VMIME_64BIT_TYPE "int64_t")
+			ELSE()
+				IF(SIZEOF___INT64 EQUAL 8)
+					SET(VMIME_64BIT_TYPE "__int64")
+				ELSE()
+					MESSAGE(FATAL_ERROR "Cannot determine 64-bit type")
+				ENDIF()
+			ENDIF()
+		ENDIF()
+	ENDIF()
+ENDIF()
+
+
+CHECK_TYPE_SIZE(size_t VMIME_HAVE_SIZE_T)
+
+
+##############################################################################
+# Sendmail path
+
+FOREACH (SENDMAIL_PATH /usr/sbin/sendmail /usr/lib/sendmail /usr/bin/sendmail /bin/sendmail /var/qmail/bin/qmail-inject /bin/cgimail)
+	IF(EXISTS ${SENDMAIL_PATH})
+		MESSAGE(STATUS "Sendmail binary found at ${SENDMAIL_PATH}")
+		SET(VMIME_DEFAULT_SENDMAIL_PATH ${SENDMAIL_PATH})
+	ENDIF()
+ENDFOREACH(SENDMAIL_PATH)
+
+SET(
+	VMIME_SENDMAIL_PATH
+	${VMIME_DEFAULT_SENDMAIL_PATH}
+	CACHE
+	STRING
+	"Specifies the path to sendmail binary"
+)
+
+
+##############################################################################
+# Messaging features
+
+# Module
+OPTION(
+	VMIME_HAVE_MESSAGING_FEATURES
+	"Enable messaging features (connection to IMAP, POP3, SMTP...)"
+	ON
+)
+
+# Protocols
+OPTION(
+	VMIME_HAVE_MESSAGING_PROTO_POP3
+	"Enable POP3 protocol"
+	ON
+)
+
+OPTION(
+	VMIME_HAVE_MESSAGING_PROTO_SMTP
+	"Enable SMTP protocol"
+	ON
+)
+
+OPTION(
+	VMIME_HAVE_MESSAGING_PROTO_IMAP
+	"Enable IMAP protocol"
+	ON
+)
+
+OPTION(
+	VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+	"Enable Maildir protocol"
+	ON
+)
+
+OPTION(
+	VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+	"Enable Sendmail protocol"
+	ON
+)
+
+
+##############################################################################
+# File-system features
+
+OPTION(
+	VMIME_HAVE_FILESYSTEM_FEATURES
+	"Enable file-system features (required for file attachments and Maildir)"
+	ON
+)
+
+
+##############################################################################
+# SASL support
+
+INCLUDE(cmake/FindGSasl.cmake)
+
+OPTION(
+	VMIME_HAVE_SASL_SUPPORT
+	"Enable SASL support (requires GNU SASL library)"
+	ON
+)
+
+IF(VMIME_HAVE_SASL_SUPPORT)
+
+	INCLUDE_DIRECTORIES(
+		${INCLUDE_DIRECTORIES}
+		${GSASL_INCLUDE_DIR}
+	)
+
+	IF(VMIME_BUILD_SHARED_LIBRARY)
+		TARGET_LINK_LIBRARIES(
+			${VMIME_LIBRARY_NAME}
+			${TARGET_LINK_LIBRARIES}
+			${GSASL_LIBRARIES}
+		)
+	ENDIF()
+
+	SET(VMIME_PKGCONFIG_REQUIRES "${VMIME_PKGCONFIG_REQUIRES} libgsasl")
+
+ENDIF()
+
+
+##############################################################################
+# SSL/TLS support
+
+INCLUDE(FindGnuTLS)
+INCLUDE(FindOpenSSL)
+
+SET(CMAKE_REQUIRED_LIBRARIES "${GNUTLS_LIBRARY}")
+CHECK_FUNCTION_EXISTS(gnutls_priority_set_direct VMIME_HAVE_GNUTLS_PRIORITY_FUNCS)
+
+
+OPTION(
+	VMIME_HAVE_TLS_SUPPORT
+	"SSL/TLS support (requires either GNU TLS or OpenSSL library)"
+	ON
+)
+
+SET(
+	VMIME_TLS_SUPPORT_LIB
+	"gnutls"
+	CACHE
+	STRING
+	"Library to use for SSL/TLS conversion"
+)
+SET_PROPERTY(
+	CACHE
+	VMIME_TLS_SUPPORT_LIB
+	PROPERTY STRINGS gnutls openssl
+)
+
+
+IF(VMIME_HAVE_TLS_SUPPORT)
+
+	IF(VMIME_TLS_SUPPORT_LIB STREQUAL "gnutls")
+
+		INCLUDE_DIRECTORIES(
+			${INCLUDE_DIRECTORIES}
+			${GNUTLS_INCLUDE_DIR}
+		)
+
+		LINK_DIRECTORIES(
+			${LINK_DIRECTORIES}
+			${GNUTLS_LIBRARY_DIRS}
+		)
+
+		IF(VMIME_BUILD_SHARED_LIBRARY)
+			TARGET_LINK_LIBRARIES(
+				${VMIME_LIBRARY_NAME}
+				${TARGET_LINK_LIBRARIES}
+				${GNUTLS_LIBRARY}
+			)
+		ENDIF()
+
+		SET(VMIME_PKGCONFIG_REQUIRES "${VMIME_PKGCONFIG_REQUIRES} gnutls")
+
+		SET(VMIME_TLS_SUPPORT_LIB_IS_GNUTLS "ON")
+		SET(VMIME_TLS_SUPPORT_LIB_IS_OPENSSL "OFF")
+
+	ELSEIF(VMIME_TLS_SUPPORT_LIB STREQUAL "openssl")
+
+		INCLUDE_DIRECTORIES(
+			${INCLUDE_DIRECTORIES}
+			${OPENSSL_INCLUDE_DIR}
+		)
+
+		IF(VMIME_BUILD_SHARED_LIBRARY)
+			TARGET_LINK_LIBRARIES(
+				${VMIME_LIBRARY_NAME}
+				${TARGET_LINK_LIBRARIES}
+				${OPENSSL_LIBRARIES}
+			)
+		ENDIF()
+
+		SET(VMIME_PKGCONFIG_REQUIRES "${VMIME_PKGCONFIG_REQUIRES} openssl")
+
+		SET(VMIME_TLS_SUPPORT_LIB_IS_GNUTLS "OFF")
+		SET(VMIME_TLS_SUPPORT_LIB_IS_OPENSSL "ON")
+
+	ELSE()
+
+		MESSAGE(FATAL_ERROR "TLS support is enabled, but no TLS/SSL library was selected/found")
+
+	ENDIF()
+
+ENDIF(VMIME_HAVE_TLS_SUPPORT)
+
+
+##############################################################################
+# Charset conversion library
+
+INCLUDE(cmake/FindIconv.cmake)
+INCLUDE(cmake/FindICU.cmake)
+
+FIND_PACKAGE(ICU QUIET)
+
+IF(ICU_LIBRARIES)
+	SET(VMIME_CHARSETCONV_LIB_DETECTED "icu")
+ELSEIF(ICONV_FOUND)
+	SET(VMIME_CHARSETCONV_LIB_DETECTED "iconv")
+ELSEIF(WIN32)
+	SET(VMIME_CHARSETCONV_LIB_DETECTED "win")
+ENDIF()
+
+SET(
+	VMIME_CHARSETCONV_LIB
+	"${VMIME_CHARSETCONV_LIB_DETECTED}"
+	CACHE
+	STRING
+	"Library to use for charset conversion"
+)
+SET_PROPERTY(
+	CACHE
+	VMIME_CHARSETCONV_LIB
+	PROPERTY STRINGS win iconv icu
+)
+
+
+IF(VMIME_CHARSETCONV_LIB STREQUAL "iconv")
+
+	INCLUDE_DIRECTORIES(
+		${INCLUDE_DIRECTORIES}
+		${ICONV_INCLUDE_DIR}
+	)
+
+	IF(VMIME_BUILD_SHARED_LIBRARY)
+		TARGET_LINK_LIBRARIES(
+			${VMIME_LIBRARY_NAME}
+			${TARGET_LINK_LIBRARIES}
+			${ICONV_LIBRARIES}
+		)
+	ENDIF()
+
+	SET(VMIME_PKGCONFIG_LIBS "${VMIME_PKGCONFIG_LIBS} ${ICONV_LIBRARIES}")
+	SET(VMIME_PKGCONFIG_CFLAGS "${VMIME_PKGCONFIG_CFLAGS} -I${ICONV_INCLUDE_DIR}")
+
+	SET(VMIME_CHARSETCONV_LIB_IS_ICONV "ON")
+	SET(VMIME_CHARSETCONV_LIB_IS_ICU "OFF")
+	SET(VMIME_CHARSETCONV_LIB_IS_WIN "OFF")
+
+ELSEIF(VMIME_CHARSETCONV_LIB STREQUAL "icu")
+
+	INCLUDE_DIRECTORIES(
+		${INCLUDE_DIRECTORIES}
+		${ICU_INCLUDE_DIRS}
+	)
+
+	IF(VMIME_BUILD_SHARED_LIBRARY)
+		TARGET_LINK_LIBRARIES(
+			${VMIME_LIBRARY_NAME}
+			${TARGET_LINK_LIBRARIES}
+			${ICU_LIBRARIES}
+		)
+	ENDIF()
+
+	SET(VMIME_PKGCONFIG_LIBS "${VMIME_PKGCONFIG_LIBS} ${ICU_LIBRARIES}")
+	SET(VMIME_PKGCONFIG_CFLAGS "${VMIME_PKGCONFIG_CFLAGS} -I${ICU_INCLUDE_DIRS}")
+
+	SET(VMIME_CHARSETCONV_LIB_IS_ICONV "OFF")
+	SET(VMIME_CHARSETCONV_LIB_IS_ICU "ON")
+	SET(VMIME_CHARSETCONV_LIB_IS_WIN "OFF")
+
+ELSEIF(VMIME_CHARSETCONV_LIB STREQUAL "win")
+
+	MESSAGE(WARNING "*** ICU or iconv library should always be preferred"
+		" over MultiByteToWideChar/WideCharToMultiByte on Windows, as"
+		" error handling is very poor, and there is no streaming support.")
+
+	SET(VMIME_CHARSETCONV_LIB_IS_ICONV "OFF")
+	SET(VMIME_CHARSETCONV_LIB_IS_ICU "OFF")
+	SET(VMIME_CHARSETCONV_LIB_IS_WIN "ON")
+
+ELSE()
+
+	MESSAGE(FATAL_ERROR "No charset conversion library was selected/found")
+
+ENDIF()
+
+
+##############################################################################
+# Platform
+
+SET(VMIME_PLATFORM_IS_POSIX OFF)
+SET(VMIME_PLATFORM_IS_WINDOWS OFF)
+
+IF(WIN32)
+	SET(VMIME_PLATFORM_IS_WINDOWS ON)
+ELSE()
+	SET(VMIME_PLATFORM_IS_POSIX ON)
+ENDIF()
+
+
+##############################################################################
+# Platform-specific checks
+
+CHECK_FUNCTION_EXISTS(gmtime_s VMIME_HAVE_GMTIME_S)
+CHECK_FUNCTION_EXISTS(gmtime_r VMIME_HAVE_GMTIME_R)
+CHECK_FUNCTION_EXISTS(localtime_s VMIME_HAVE_LOCALTIME_S)
+CHECK_FUNCTION_EXISTS(localtime_r VMIME_HAVE_LOCALTIME_R)
+CHECK_FUNCTION_EXISTS(strcpy_s VMIME_HAVE_STRCPY_S)
+
+
+##############################################################################
+# Windows-specific checks
+
+IF(WIN32)
+
+	# Winsock
+	CHECK_LIBRARY_EXISTS("ws2_32" getch "${CMAKE_LIBRARY_PATH}" VMIME_HAVE_LIBWS2_32)
+
+	IF(VMIME_HAVE_LIBWS2_32)
+		IF(VMIME_BUILD_SHARED_LIBRARY)
+			TARGET_LINK_LIBRARIES(
+				${VMIME_LIBRARY_NAME}
+				${TARGET_LINK_LIBRARIES}
+				"ws2_32"
+			)
+		ELSE()
+			SET(VMIME_PKGCONFIG_LIBS "${VMIME_PKGCONFIG_LIBS} -lws2_32")
+		ENDIF()
+	ENDIF()
+
+	# MLang
+	CHECK_INCLUDE_FILES(Mlang.h VMIME_HAVE_MLANG_H)
+	CHECK_LIBRARY_EXISTS("mlang" ConvertINetString "${CMAKE_LIBRARY_PATH}" VMIME_HAVE_MLANG_LIB)
+
+	IF(VMIME_HAVE_MLANG_H)
+		IF(VMIME_HAVE_MLANG_LIB)
+			SET(VMIME_HAVE_MLANG ON)
+
+			IF(VMIME_BUILD_SHARED_LIBRARY)
+				TARGET_LINK_LIBRARIES(
+					${VMIME_LIBRARY_NAME}
+					${TARGET_LINK_LIBRARIES}
+					"mlang"
+				)
+			ENDIF()
+		ENDIF()
+	ENDIF()
+
+ENDIF()
+
+
+##############################################################################
+# POSIX-specific checks
+
+CHECK_FUNCTION_EXISTS(getaddrinfo VMIME_HAVE_GETADDRINFO)
+CHECK_FUNCTION_EXISTS(getnameinfo VMIME_HAVE_GETNAMEINFO)
+
+CHECK_FUNCTION_EXISTS(gettid VMIME_HAVE_GETTID)
+CHECK_FUNCTION_EXISTS(syscall VMIME_HAVE_SYSCALL)
+CHECK_SYMBOL_EXISTS(SYS_gettid sys/syscall.h VMIME_HAVE_SYSCALL_GETTID)
+CHECK_SYMBOL_EXISTS(getthrid unistd.h VMIME_HAVE_GETTHRID)
+
+CHECK_SYMBOL_EXISTS(SO_KEEPALIVE sys/socket.h VMIME_HAVE_SO_KEEPALIVE)
+CHECK_SYMBOL_EXISTS(SO_NOSIGPIPE sys/socket.h VMIME_HAVE_SO_NOSIGPIPE)
+
+CHECK_SYMBOL_EXISTS(MSG_NOSIGNAL sys/socket.h VMIME_HAVE_MSG_NOSIGNAL)
+
+CHECK_SYMBOL_EXISTS(strerror_r string.h VMIME_HAVE_STRERROR_R)
+
+FIND_PACKAGE(Threads)
+
+IF(VMIME_BUILD_SHARED_LIBRARY)
+	TARGET_LINK_LIBRARIES(
+		${VMIME_LIBRARY_NAME}
+		${TARGET_LINK_LIBRARIES}
+		${CMAKE_THREAD_LIBS_INIT}
+	)
+ENDIF()
+
+FIND_LIBRARY(PTHREAD_LIB pthread)
+
+IF(PTHREAD_LIB)
+	SET(VMIME_HAVE_PTHREAD 1)
+
+	IF(VMIME_BUILD_SHARED_LIBRARY)
+		TARGET_LINK_LIBRARIES(
+			${VMIME_LIBRARY_NAME}
+			${TARGET_LINK_LIBRARIES}
+			${PTHREAD_LIB}
+		)
+	ENDIF()
+ELSE(PTHREAD_LIB)
+	SET(VMIME_HAVE_PTHREAD 0)
+ENDIF(PTHREAD_LIB)
+
+# getaddrinfo_a() - GNU libc
+LIST(APPEND CMAKE_REQUIRED_DEFINITIONS -D_GNU_SOURCE)
+LIST(APPEND CMAKE_REQUIRED_LIBRARIES anl)
+CHECK_SYMBOL_EXISTS(getaddrinfo_a netdb.h VMIME_HAVE_GETADDRINFO_A)
+
+IF(VMIME_HAVE_GETADDRINFO_A)
+	IF(VMIME_BUILD_SHARED_LIBRARY)
+		TARGET_LINK_LIBRARIES(
+			${VMIME_LIBRARY_NAME}
+			${TARGET_LINK_LIBRARIES}
+			anl
+		)
+	ENDIF()
+ENDIF()
+
+
+##############################################################################
+# Additional compiler flags
+
+IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
+
+	SET(
+		CMAKE_CXX_FLAGS
+		"-D_REENTRANT=1 -W -Wall -pedantic -Warray-bounds-pointer-arithmetic -Wold-style-cast -Wconversion -Wcast-align -Wno-sign-conversion ${CMAKE_CXX_FLAGS}"
+	)
+
+	SET(CMAKE_CXX_FLAGS_RELEASE "-O2 ${CMAKE_CXX_FLAGS_RELEASE}")
+	SET(CMAKE_CXX_FLAGS_DEBUG "-O0 ${CMAKE_CXX_FLAGS_DEBUG}")
+	SET(CMAKE_CXX_FLAGS_RELWITHDEBINFO "-O2 -g ${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
+
+	#SET(CMAKE_EXE_LINKER_FLAGS "-s")
+
+ELSE()
+
+	IF(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX)
+
+		SET(
+			CMAKE_CXX_FLAGS
+			"-D_REENTRANT=1 -W -Wall -pedantic -Wpointer-arith -Wold-style-cast -Wconversion -Wcast-align -Wno-long-long ${CMAKE_CXX_FLAGS}"
+		)
+
+		SET(CMAKE_CXX_FLAGS_RELEASE "-O2 ${CMAKE_CXX_FLAGS_RELEASE}")
+		SET(CMAKE_CXX_FLAGS_DEBUG "-O0 ${CMAKE_CXX_FLAGS_DEBUG}")
+		SET(CMAKE_CXX_FLAGS_RELWITHDEBINFO "-O2 -g ${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
+
+		#SET(CMAKE_EXE_LINKER_FLAGS "-s")
+
+	ENDIF()
+
+ENDIF()
+
+
+##############################################################################
+# Documentation
+
+OPTION(
+	VMIME_BUILD_DOCUMENTATION
+	"Build documentation"
+	ON
+)
+
+IF(VMIME_BUILD_DOCUMENTATION)
+	FIND_PACKAGE(Doxygen)
+
+	IF(DOXYGEN_FOUND)
+		CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.in ${CMAKE_BINARY_DIR}/Doxyfile @ONLY)
+
+		# Make a target so that documentation can be generated by running "make doc"
+		ADD_CUSTOM_TARGET(
+			doc
+			${DOXYGEN_EXECUTABLE} ${CMAKE_BINARY_DIR}/Doxyfile
+			WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
+			COMMENT "Generating API documentation with Doxygen" VERBATIM
+		)
+	ENDIF(DOXYGEN_FOUND)
+ENDIF(VMIME_BUILD_DOCUMENTATION)
+
+##############################################################################
+# Sanity checks
+
+# Maildir protocol is available only if file-system features are enabled
+IF(VMIME_HAVE_MESSAGING_FEATURES AND VMIME_HAVE_MESSAGING_PROTO_MAILDIR AND NOT VMIME_HAVE_FILESYSTEM_FEATURES)
+	MESSAGE(FATAL_ERROR "Maildir protocol requires file-system support (VMIME_HAVE_FILESYSTEM_FEATURES must be set to ON).")
+ENDIF()
+
+# Sendmail protocol is available only if file-system features are enabled
+IF(VMIME_HAVE_MESSAGING_FEATURES AND VMIME_HAVE_MESSAGING_PROTO_SENDMAIL AND NOT VMIME_HAVE_FILESYSTEM_FEATURES)
+	MESSAGE(FATAL_ERROR "Sendmail protocol requires file-system support (VMIME_HAVE_FILESYSTEM_FEATURES must be set to ON).")
+ENDIF()
+
+# Path to 'sendmail' must be specified if Sendmail protocol is enabled
+IF(VMIME_HAVE_MESSAGING_PROTO_SENDMAIL)
+	IF(NOT VMIME_SENDMAIL_PATH OR VMIME_SENDMAIL_PATH STREQUAL "")
+		MESSAGE(FATAL_ERROR "Enabling Sendmail protocol requires that you specify path to 'sendmail' binary.")
+	ENDIF()
+ENDIF()
+
+
+##############################################################################
+# Build examples
+
+IF(VMIME_BUILD_SAMPLES)
+	ADD_SUBDIRECTORY(examples)
+ENDIF()
+
+
+# Set our configure file
+CONFIGURE_FILE(cmake/config.hpp.cmake ${CMAKE_BINARY_DIR}/src/vmime/config.hpp)
+
+# PkgConfig post-configuration
+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/vmime.pc.in ${CMAKE_BINARY_DIR}/vmime.pc @ONLY)
+INSTALL(FILES ${CMAKE_BINARY_DIR}/vmime.pc DESTINATION "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/pkgconfig" COMPONENT headers)
+
+INCLUDE(CPack)
+
+IF(WIN32)
+  target_link_libraries(vmime crypt32)
+ENDIF()
diff --git a/vmime-master/COPYING b/vmime-master/COPYING
new file mode 100644
index 0000000..94a9ed0
--- /dev/null
+++ b/vmime-master/COPYING
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/vmime-master/COPYING.OpenSSL b/vmime-master/COPYING.OpenSSL
new file mode 100644
index 0000000..bf205f5
--- /dev/null
+++ b/vmime-master/COPYING.OpenSSL
@@ -0,0 +1,26 @@
+OpenSSL License Exception
+-------------------------
+
+Copyright (C) 2002-2020, Vincent Richard <vincent@vmime.org>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License 3 (GPL) as published by
+the Free Software Foundation.
+The full text of the GPL can be found in the COPYING file.
+
+In addition, as a special exception, the copyright holders give permission
+to link the code of portions of this program against the OpenSSL library
+according to the terms described here:
+
+You have permission to copy, modify, propagate, and distribute a work
+formed by combining OpenSSL with VMime, or a work derivative of such a
+combination, even if such copying, modification, propagation, or
+distribution would otherwise violate the terms of the GPL. You must
+comply with the GPL in all respects for all of the code used other than
+OpenSSL.
+
+You may include this OpenSSL exception and its grant of permissions when
+you distribute VMime. Inclusion of this notice with such a distribution
+constitutes a grant of such permission.  If you do not wish to grant these
+permissions, delete this file.
+
diff --git a/vmime-master/Doxyfile.in b/vmime-master/Doxyfile.in
new file mode 100644
index 0000000..3b491c3
--- /dev/null
+++ b/vmime-master/Doxyfile.in
@@ -0,0 +1,1043 @@
+#
+# Doxygen settings for VMime
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+#
+
+#---------------------------------------------------------------------------
+# General configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = VMime
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER         =
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = @CMAKE_CURRENT_BINARY_DIR@/doc/
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch,
+# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en
+# (Japanese with english messages), Korean, Norwegian, Polish, Portuguese,
+# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these class will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = YES
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+#HIDE_IN_BODY_DOCS      = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = NO
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited
+# members of a class in the documentation of that class as if those members were
+# ordinary class members. Constructors, destructors and assignment operators of
+# the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. It is allowed to use relative paths in the argument list.
+
+STRIP_FROM_PATH        =
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower case letters. If set to YES upper case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# users are adviced to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = YES
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES     = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments  will behave just like the Qt-style comments (thus requiring an
+# explict @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF      = YES
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# reimplements.
+
+INHERIT_DOCS           = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = NO
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS       = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                =
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consist of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
+# only. Doxygen will then generate output that is more tailored for C.
+# For instance some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = NO
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources
+# only. Doxygen will then generate output that is more tailored for Java.
+# For instance namespaces will be presented as packages, qualified scopes
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = YES
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+#WARN_IF_DOC_ERROR      = YES
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text.
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE           =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT                  = @CMAKE_CURRENT_SOURCE_DIR@/src/ @CMAKE_CURRENT_SOURCE_DIR@/vmime/
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp
+# *.h++ *.idl *.odl
+
+FILE_PATTERNS          =
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE              = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                 =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories
+# that are symbolic links (a Unix filesystem feature) are excluded from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+
+EXCLUDE_PATTERNS       = */config.hpp */IMAPTag* */IMAPParser* */IMAPUtils* */IMAPConnection* */md5* */smartPtr* */authHelper* */maildirUtils*
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH           =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS       =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH             =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.
+
+INPUT_FILTER           =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+
+SOURCE_BROWSER         = NO
+# YES --> sources visibles
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default)
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default)
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 1
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER            =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER            =
+
+# The HTML_STYLESHEET tag can be used to specify a user defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet
+
+HTML_STYLESHEET        =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output dir.
+
+CHM_FILE               =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non empty doxygen will try to run
+# the html help compiler on the generated index.hhp.
+
+HHC_LOCATION           =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the Html help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX          = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript and frames is required (for instance Mozilla, Netscape 4.0+,
+# or Internet explorer 4.0+). Note that for large projects the tree generation
+# can take a very long time. In such cases it is better to disable this feature.
+# Windows users are probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH         = 300
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimised for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assigments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_XML           = NO
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA             =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD                =
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+#GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+#PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader.  This is useful
+# if you want to understand what is going on.  On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+#PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+#PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_PREDEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH           =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS  =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed.
+
+PREDEFINED             = VMIME_BUILDING_DOC VMIME_HAVE_SASL_SUPPORT VMIME_HAVE_TLS_SUPPORT VMIME_HAVE_FILESYSTEM_FEATURES VMIME_HAVE_MESSAGING_FEATURES VMIME_HAVE_MESSAGING_PROTO_POP3 VMIME_HAVE_MESSAGING_PROTO_SMTP VMIME_HAVE_MESSAGING_PROTO_IMAP VMIME_HAVE_MESSAGING_PROTO_MAILDIR VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse the
+# parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::addtions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES tag can be used to specify one or more tagfiles.
+
+TAGFILES               =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in Html, RTF and LaTeX) for classes with base or
+# super classes. Setting the tag to NO turns the diagrams off. Note that this
+# option is superceded by the HAVE_DOT option below. This is only a fallback. It is
+# recommended to install and use dot, since it yield more powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = YES
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found on the path.
+
+DOT_PATH               =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS           =
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_WIDTH    = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT   = 1024
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermedate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::addtions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
+
+# The CGI_NAME tag should be the name of the CGI script that
+# starts the search engine (doxysearch) with the correct parameters.
+# A script with this name will be generated by doxygen.
+
+#CGI_NAME               = search.cgi
+
+# The CGI_URL tag should be the absolute URL to the directory where the
+# cgi binaries are located. See the documentation of your http daemon for
+# details.
+
+#CGI_URL                =
+
+# The DOC_URL tag should be the absolute URL to the directory where the
+# documentation is located. If left blank the absolute path to the
+# documentation, with file:// prepended to it, will be used.
+
+#DOC_URL                =
+
+# The DOC_ABSPATH tag should be the absolute path to the directory where the
+# documentation is located. If left blank the directory on the local machine
+# will be used.
+
+#DOC_ABSPATH            =
+
+# The BIN_ABSPATH tag must point to the directory where the doxysearch binary
+# is installed.
+
+#BIN_ABSPATH            = /usr/local/bin/
+
+# The EXT_DOC_PATHS tag can be used to specify one or more paths to
+# documentation generated for other projects. This allows doxysearch to search
+# the documentation for these projects as well.
+
+#EXT_DOC_PATHS          =
+
diff --git a/vmime-master/HACKING b/vmime-master/HACKING
new file mode 100644
index 0000000..a1cf21c
--- /dev/null
+++ b/vmime-master/HACKING
@@ -0,0 +1,360 @@
+This file contains coding guidelines for VMime. You should follow them
+if you want to contribute to VMime. The rules below are not guidelines
+or recommendations, but strict rules.
+
+
+1. General rules
+     1.1. Language
+     1.2. Unit tests
+     1.3. Version Control
+     1.4. Warnings
+2. Style, indentation and braces
+     2.1. Indentation
+     2.2. Brace position
+     2.3. "switch" statement
+     2.4. Single instruction
+     2.5. Line length
+     2.6. Spaces and parentheses
+     2.7. End-of-line character
+     2.8. Short functions
+     2.9. Limit Variable Scope
+3. Naming conventions
+     3.1. Classes
+     3.2. Variables/parameters/member variables
+     3.3. Member variables
+     3.4. Files
+     3.5. Namespaces
+     3.6. Constants
+4. Comments
+5. Miscellaneous
+
+
+
+1. General rules
+================
+
+1.1. Language
+-------------
+
+The project language is English. All comments, variable names, class names,
+commit messages and so on, must be in English.
+
+
+1.2. Unit tests
+---------------
+
+Unit tests are very important. For each new class you write, you should also
+write a unit test for it. If you write a new method, add a new test case in
+the unit test of the class.
+
+When you fix a bug, also add a new test case to ensure the bug will not
+happen anymore.
+
+
+1.3. Version Control
+--------------------
+
+Each commit MUST be done with a message ('-m' flag) that briefly describes what
+changes have been done.
+
+DO NOT use commit messages like -m "Updated"!
+
+
+1.4. Warnings
+-------------
+
+The code should compile WITHOUT ANY WARNING, even those for unused parameters!
+
+
+
+2. Style, indentation and braces
+================================
+
+2.1. Indentation
+----------------
+
+Use TABS (ASCII character #9) and _not_ SPACES. This allow everyone to set tab
+width to its preferred settings (eg. 4 or 8 spaces).
+
+
+2.2. Brace position
+-------------------
+
+Open braces should always be at the end of the line of the statement that
+begins the block. Contents of the brace should be indented by 1 tab.
+
+   if (expr) {
+
+         do_something();
+         do_another_thing();
+
+   } else {
+
+         do_something_else();
+   }
+
+In a function, the opening brace must always be followed by an empty line:
+
+   void header::appendField(const shared_ptr <headerField>& field) {
+
+         m_fields.push_back(field);
+   }
+
+A function with few arguments:
+
+   bool header::hasField(const string& fieldName) const {
+
+        ...
+   }
+
+A function with more arguments:
+
+   void header::parseImpl(
+         const parsingContext& ctx,
+         const string& buffer,
+         const size_t position,
+         const size_t end,
+         size_t* newPosition
+   ) {
+
+         ...
+   }
+
+
+2.3. "switch" statement
+-----------------------
+
+   switch (expr) {
+
+        case 0:
+
+             something;
+             break;
+
+        case 1:
+
+             something_else;
+             break;
+
+        case 2: {
+
+             int var = 42;
+             another_thing;
+             break;
+        }
+   }
+
+
+2.4. Single instruction
+-----------------------
+
+Don't omit braces around simple single-statement body:
+
+   if (...) {
+      something;
+   }
+
+and not:
+
+   if (...)
+      something;
+
+
+2.5. Line length
+----------------
+
+If possible, each line of text should not exceed 100 characters, except if
+manual line wrapping breaks code clarity.
+
+Exception: if a comment line contains an example command or a literal URL
+longer than 100 characters, that line may be longer than 100 characters
+for ease of cut and paste.
+
+
+2.6. Spaces and parentheses
+---------------------------
+
+Put spaces around operators: =, >, <, !=, +, -, /, *, ^, %, ||, &&, &, |:
+
+    x = (a * (b + (c - d)))
+
+Do not put spaces around parentheses.
+
+    if ((a == b) || (c == d))
+
+Do not put spaces around "->":
+
+    object->method()
+
+Do not put spaces inside brackets:
+
+    x = array[index]     and _NOT_:    x = array[ index ]
+
+Do not use space between a function name and parenthesis. No extra spaces
+between parameters and arguments, just after commas:
+
+    method(arg1, arg2, ...)
+
+Do use a single space before flow control statements:
+
+    while (x == y)     and _NOT_:    while(x==y)
+
+
+2.7. End-of-line character
+--------------------------
+
+Configure your editor to use "\n" (UNIX convention) for end-of-line sequence,
+and not "\r\n" (Windows), nor "\n\r", nor any other combination.
+
+
+2.8. Short functions
+--------------------
+
+To the extent that it is feasible, functions should be kept small and focused.
+It is, however, recognized that long functions are sometimes appropriate, so no
+hard limit is placed on method length. If a function exceeds 40 lines or so,
+think about whether it can be broken up without harming the structure of the
+program.
+
+
+2.9. Limit Variable Scope
+-------------------------
+
+The scope of local variables should be kept to a minimum. By doing so, you
+increase the readability and maintainability of your code and reduce the
+likelihood of error. Each variable should be declared in the innermost block
+that encloses all uses of the variable.
+
+Local variables should be declared at the point they are first used. Nearly
+every local variable declaration should contain an initializer. If you don't
+yet have enough information to initialize a variable sensibly, you should
+postpone the declaration until you do.
+
+
+
+3. Naming conventions
+=====================
+
+3.1. Classes
+------------
+
+Classes names are in lower-case. However, each word should start with an
+upper-case letter.
+
+Examples: "object", "exampleClass", "anotherExampleClass"...
+
+
+3.2. Variables/parameters/member variables
+------------------------------------------
+
+Variable names should be enough explicit so that someone reading the code can
+instantly understand what the variable contains and is used for.
+
+Variables names are in lower-case.
+
+DO NOT use Hungarian notation.
+
+Examples: "address", "recipientMailbox", ...
+
+Avoid variable names with less than 5 characters, except for loop indices and
+iterators.
+
+NOTE: variable names like "it", "jt" and so on are commonly used when iterating
+over STL containers.
+
+
+3.3. Member variables
+---------------------
+
+Use a prefix for class members: "m_" for normal class members, and "sm_" for
+static members, if they are not public.
+
+Examples: "m_mailboxList", "sm_instance"...
+
+
+3.4. Files
+----------
+
+Use ".hpp" for header files, and ".cpp" for implementation files. ".inc" should
+be used for implementation files not directly compiled, but included from
+other implementation files.
+
+Files have to be named exactly like the class they define. For example, class
+"mailboxList" should be declared in "mailboxList.hpp" and implemented in
+"mailboxList.cpp".
+
+Both header and implementation files must be placed in 'src/vmime/' directory.
+
+
+3.5. Namespaces
+---------------
+
+Namespaces are named exactly like variables.
+
+
+3.6. Constants
+--------------
+
+Constants are ALL_CAPS_WITH_UNDERSCORES.
+
+
+
+4. Comments
+===========
+
+The // (two slashes) style of comment tags should be used in most situations.
+Where ever possible, place comments above the code instead of beside it.
+
+Comments can be placed at the end of a line when one or more spaces follow.
+Tabs should NOT be used to indent at the end of a line:
+
+   class myClass {
+
+   private:
+
+       int m_member1;         // first member
+       int m_secondMember;    // second member
+   };
+
+Note about special comment blocks: Doxygen is used to generate documentation
+from annotated C++ sources, so be sure to use available markings to annotate
+the purpose of the functions/classes and the meaning of the parameters.
+
+
+5. Miscellaneous
+================
+
+* No code should be put in header files, only declarations (except for
+  templates and inline functions).
+
+* Try to avoid public member variables. Write accessors instead (get/set).
+
+* Do NOT use 'using namespace' (and especially not in header files). All
+  namespaces should be explicitely named.
+
+* Use the 'get' and 'set' prefix for accessors:
+
+     Variable:    m_foo
+     Get method:  getFoo()
+     Set method:  setFoo()
+
+* No more than one class per file (except for inner classes).
+
+* Put the #include for the class's header file first in the implementation
+  file.
+
+* Put the copyright header at the top of each file.
+
+* Write "unique inclusion #ifdef's" for header files:
+
+     #ifndef N1_N2_FILENAME_HPP_INCLUDED
+     #define N1_N2_FILENAME_HPP_INCLUDED
+
+     // ...
+
+     #endif // N1_N2_FILENAME_HPP_INCLUDED
+
+  where N1 is the top-level namespace, N2 the sub-namespace, and so on.
+  For example, class "vmime::utility::stringUtils" uses the following
+  #ifdef name: VMIME_UTILITY_STRINGUTILS_HPP_INCLUDED.
+
diff --git a/vmime-master/NEWS b/vmime-master/NEWS
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/vmime-master/NEWS
diff --git a/vmime-master/README b/vmime-master/README
new file mode 100644
index 0000000..7db9175
--- /dev/null
+++ b/vmime-master/README
@@ -0,0 +1,30 @@
+
+VMime is a powerful C++ class library for working with RFC-822 and MIME messages
+and Internet messaging services like IMAP, POP or SMTP.
+
+With VMime you can parse, generate and modify messages, and also connect to store
+and transport services to receive or send messages over the Internet. The library
+offers all the features to build a complete mail client.
+
+Key Features
+------------
+
+* it is free software! GNU GPL license (Commercial licenses available!)
+* fully RFC-compliant implementation
+* object-oriented and modular design
+* very easy-to-use (intuitive design)
+* well documented code
+* very high reliability
+* maximum portability
+
+Features Overview
+-----------------
+
+* RFC-2822 and multipart messages
+* aggregate documents and embedded objects
+* 8-bit MIME and encoded word extensions
+* full support for attachments
+* POP3, IMAP, SMTP, maildir and sendmail
+* SSL/TLS security layer and X.509 certificates (using GNU TLS)
+* SASL authentication (using GNU SASL)
+
diff --git a/vmime-master/README.autotools b/vmime-master/README.autotools
new file mode 100644
index 0000000..a67c1c8
--- /dev/null
+++ b/vmime-master/README.autotools
@@ -0,0 +1,13 @@
+Where are the ./configure script and the Makefile's?
+
+Configure and Make scripts are not included in the git source tree. They are
+automatically generated by the CMake script.
+
+Just use the following instruction to generate everything needed for the
+traditional "make" and "make install" build process.
+
+   cmake -G "Unix Makefiles"
+
+Please note that "configure" script is not needed anymore, as platform
+checks are now done by CMake.
+
diff --git a/vmime-master/build_for_losedows.sh b/vmime-master/build_for_losedows.sh
new file mode 100755
index 0000000..55b242f
--- /dev/null
+++ b/vmime-master/build_for_losedows.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+rm -rf build/
+mkdir build/
+
+# perhaps we'll also disable VMIME_HAVE_FILESYSTEM_FEATURES ?
+## perhaps we should change CMAKE_BUILD_TYPE to Release or MinSizeRel.
+cmake \
+    -D GNU_HOST=i686-w64-mingw32 \
+    -D CMAKE_TOOLCHAIN_FILE=./mingw_cross_toolchain.cmake \
+    -D OPENSSL_ROOT_DIR=../openssl-1.1.0h/ \
+    -D VMIME_TLS_SUPPORT_LIB=openssl \
+    -D VMIME_HAVE_SASL_SUPPORT=OFF \
+    -D VMIME_BUILD_DOCUMENTATION=OFF \
+    -D VMIME_HAVE_MESSAGING_PROTO_SENDMAIL=OFF \
+    -D VMIME_HAVE_MESSAGING_PROTO_MAILDIR=OFF \
+    -D CMAKE_BUILD_TYPE=MinSizeRel. \
+    -B build/ ./
+
+cd build/ && make vmime-static
+cd ../
+cp build/build/lib/libvmime.a .
+cp build/src/vmime/config.hpp src/vmime/
diff --git a/vmime-master/cmake/FindCppUnit.cmake b/vmime-master/cmake/FindCppUnit.cmake
new file mode 100644
index 0000000..d74a4f3
--- /dev/null
+++ b/vmime-master/cmake/FindCppUnit.cmake
@@ -0,0 +1,34 @@
+#
+# http://root.cern.ch/viewvc/trunk/cint/reflex/cmake/modules/FindCppUnit.cmake
+#
+# - Find CppUnit
+# This module finds an installed CppUnit package.
+#
+# It sets the following variables:
+#  CPPUNIT_FOUND       - Set to false, or undefined, if CppUnit isn't found.
+#  CPPUNIT_INCLUDE_DIR - The CppUnit include directory.
+#  CPPUNIT_LIBRARY     - The CppUnit library to link against.
+
+FIND_PATH(CPPUNIT_INCLUDE_DIR cppunit/Test.h)
+FIND_LIBRARY(CPPUNIT_LIBRARY NAMES cppunit)
+
+IF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+	SET(CPPUNIT_FOUND TRUE)
+ENDIF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+
+IF (CPPUNIT_FOUND)
+
+	# show which CppUnit was found only if not quiet
+	IF (NOT CppUnit_FIND_QUIETLY)
+		MESSAGE(STATUS "Found CppUnit: ${CPPUNIT_LIBRARY}")
+	ENDIF (NOT CppUnit_FIND_QUIETLY)
+
+ELSE (CPPUNIT_FOUND)
+
+	# fatal error if CppUnit is required but not found
+	IF (CppUnit_FIND_REQUIRED)
+		MESSAGE(FATAL_ERROR "Could not find CppUnit")
+	ENDIF (CppUnit_FIND_REQUIRED)
+
+ENDIF (CPPUNIT_FOUND)
+
diff --git a/vmime-master/cmake/FindGSasl.cmake b/vmime-master/cmake/FindGSasl.cmake
new file mode 100644
index 0000000..31890a2
--- /dev/null
+++ b/vmime-master/cmake/FindGSasl.cmake
@@ -0,0 +1,51 @@
+# - Try to find the GNU sasl library (gsasl)
+#
+# Once done this will define
+#
+#  GNUTLS_FOUND - System has gnutls
+#  GNUTLS_INCLUDE_DIR - The gnutls include directory
+#  GNUTLS_LIBRARIES - The libraries needed to use gnutls
+#  GNUTLS_DEFINITIONS - Compiler switches required for using gnutls
+
+# Adapted from FindGnuTLS.cmake, which is:
+#   Copyright 2009, Brad Hards, <bradh@kde.org>
+#
+# Changes are Copyright 2009, Michele Caini, <skypjack@gmail.com>
+#
+# Redistribution and use is allowed according to the terms of the BSD license.
+# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+
+
+IF (GSASL_INCLUDE_DIR AND GSASL_LIBRARIES)
+   # in cache already
+   SET(GSasl_FIND_QUIETLY TRUE)
+ENDIF (GSASL_INCLUDE_DIR AND GSASL_LIBRARIES)
+
+IF (NOT WIN32)
+   # use pkg-config to get the directories and then use these values
+   # in the FIND_PATH() and FIND_LIBRARY() calls
+   find_package(PkgConfig)
+   pkg_check_modules(PC_GSASL libgsasl)
+   SET(GSASL_DEFINITIONS ${PC_GSASL_CFLAGS_OTHER})
+ENDIF (NOT WIN32)
+
+FIND_PATH(GSASL_INCLUDE_DIR gsasl.h
+   HINTS
+   ${PC_GSASL_INCLUDEDIR}
+   ${PC_GSASL_INCLUDE_DIRS}
+   PATH_SUFFIXES gsasl
+   )
+
+FIND_LIBRARY(GSASL_LIBRARIES NAMES gsasl libgsasl
+    HINTS
+    ${PC_GSASL_LIBDIR}
+    ${PC_GSASL_LIBRARY_DIRS}
+  )
+
+INCLUDE(FindPackageHandleStandardArgs)
+
+# handle the QUIETLY and REQUIRED arguments and set GSASL_FOUND to TRUE if 
+# all listed variables are TRUE
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(GSASL DEFAULT_MSG GSASL_LIBRARIES GSASL_INCLUDE_DIR)
+
+MARK_AS_ADVANCED(GSASL_INCLUDE_DIR GSASL_LIBRARIES)
diff --git a/vmime-master/cmake/FindICU.cmake b/vmime-master/cmake/FindICU.cmake
new file mode 100644
index 0000000..786f157
--- /dev/null
+++ b/vmime-master/cmake/FindICU.cmake
@@ -0,0 +1,314 @@
+# This module can find the International Components for Unicode (ICU) Library
+#
+# Requirements:
+# - CMake >= 2.8.3 (for new version of find_package_handle_standard_args)
+#
+# The following variables will be defined for your use:
+#   - ICU_FOUND             : were all of your specified components found (include dependencies)?
+#   - ICU_INCLUDE_DIRS      : ICU include directory
+#   - ICU_LIBRARIES         : ICU libraries
+#   - ICU_VERSION           : complete version of ICU (x.y.z)
+#   - ICU_MAJOR_VERSION     : major version of ICU
+#   - ICU_MINOR_VERSION     : minor version of ICU
+#   - ICU_PATCH_VERSION     : patch version of ICU
+#   - ICU_<COMPONENT>_FOUND : were <COMPONENT> found? (FALSE for non specified component if it is not a dependency)
+#
+# For windows or non standard installation, define ICU_ROOT variable to point to the root installation of ICU. Two ways:
+#   - run cmake with -DICU_ROOT=<PATH>
+#   - define an environment variable with the same name before running cmake
+# With cmake-gui, before pressing "Configure":
+#   1) Press "Add Entry" button
+#   2) Add a new entry defined as:
+#     - Name: ICU_ROOT
+#     - Type: choose PATH in the selection list
+#     - Press "..." button and select the root installation of ICU
+#
+# Example Usage:
+#
+#   1. Copy this file in the root of your project source directory
+#   2. Then, tell CMake to search this non-standard module in your project directory by adding to your CMakeLists.txt:
+#     set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR})
+#   3. Finally call find_package() once, here are some examples to pick from
+#
+#   Require ICU 4.4 or later
+#     find_package(ICU 4.4 REQUIRED)
+#
+#   if(ICU_FOUND)
+#      include_directories(${ICU_INCLUDE_DIRS})
+#      add_executable(myapp myapp.c)
+#      target_link_libraries(myapp ${ICU_LIBRARIES})
+#   endif(ICU_FOUND)
+
+#=============================================================================
+# Copyright (c) 2011-2012, julp
+# https://github.com/julp/FindICU.cmake
+#
+# Distributed under the OSI-approved BSD License
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#=============================================================================
+
+find_package(PkgConfig QUIET)
+
+########## Private ##########
+set(ICU_PUBLIC_VAR_NS "ICU")                          # Prefix for all ICU relative public variables
+set(ICU_PRIVATE_VAR_NS "_${ICU_PUBLIC_VAR_NS}")       # Prefix for all ICU relative internal variables
+set(PC_ICU_PRIVATE_VAR_NS "_PC${ICU_PRIVATE_VAR_NS}") # Prefix for all pkg-config relative internal variables
+
+function(icudebug _VARNAME)
+    if(${ICU_PUBLIC_VAR_NS}_DEBUG)
+        if(DEFINED ${ICU_PUBLIC_VAR_NS}_${_VARNAME})
+            message("${ICU_PUBLIC_VAR_NS}_${_VARNAME} = ${${ICU_PUBLIC_VAR_NS}_${_VARNAME}}")
+        else(DEFINED ${ICU_PUBLIC_VAR_NS}_${_VARNAME})
+            message("${ICU_PUBLIC_VAR_NS}_${_VARNAME} = <UNDEFINED>")
+        endif(DEFINED ${ICU_PUBLIC_VAR_NS}_${_VARNAME})
+    endif(${ICU_PUBLIC_VAR_NS}_DEBUG)
+endfunction(icudebug)
+
+set(${ICU_PRIVATE_VAR_NS}_ROOT "")
+if(DEFINED ENV{ICU_ROOT})
+    set(${ICU_PRIVATE_VAR_NS}_ROOT "$ENV{ICU_ROOT}")
+endif(DEFINED ENV{ICU_ROOT})
+if (DEFINED ICU_ROOT)
+    set(${ICU_PRIVATE_VAR_NS}_ROOT "${ICU_ROOT}")
+endif(DEFINED ICU_ROOT)
+
+set(${ICU_PRIVATE_VAR_NS}_BIN_SUFFIXES )
+set(${ICU_PRIVATE_VAR_NS}_LIB_SUFFIXES )
+if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+    list(APPEND ${ICU_PRIVATE_VAR_NS}_BIN_SUFFIXES "bin64")
+    list(APPEND ${ICU_PRIVATE_VAR_NS}_LIB_SUFFIXES "lib64")
+endif(CMAKE_SIZEOF_VOID_P EQUAL 8)
+list(APPEND ${ICU_PRIVATE_VAR_NS}_BIN_SUFFIXES "bin")
+list(APPEND ${ICU_PRIVATE_VAR_NS}_LIB_SUFFIXES "lib")
+
+set(${ICU_PRIVATE_VAR_NS}_COMPONENTS )
+# <icu component name> <library name 1> ... <library name N>
+macro(icu_declare_component _NAME)
+    list(APPEND ${ICU_PRIVATE_VAR_NS}_COMPONENTS ${_NAME})
+    set("${ICU_PRIVATE_VAR_NS}_COMPONENTS_${_NAME}" ${ARGN})
+endmacro(icu_declare_component)
+
+icu_declare_component(data icudata)
+icu_declare_component(uc   icuuc)         # Common and Data libraries
+icu_declare_component(i18n icui18n icuin) # Internationalization library
+icu_declare_component(io   icuio ustdio)  # Stream and I/O Library
+icu_declare_component(le   icule)         # Layout library
+icu_declare_component(lx   iculx)         # Paragraph Layout library
+
+########## Public ##########
+set(${ICU_PUBLIC_VAR_NS}_FOUND TRUE)
+set(${ICU_PUBLIC_VAR_NS}_LIBRARIES )
+set(${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS )
+set(${ICU_PUBLIC_VAR_NS}_C_FLAGS "")
+set(${ICU_PUBLIC_VAR_NS}_CXX_FLAGS "")
+set(${ICU_PUBLIC_VAR_NS}_CPP_FLAGS "")
+set(${ICU_PUBLIC_VAR_NS}_C_SHARED_FLAGS "")
+set(${ICU_PUBLIC_VAR_NS}_CXX_SHARED_FLAGS "")
+set(${ICU_PUBLIC_VAR_NS}_CPP_SHARED_FLAGS "")
+foreach(${ICU_PRIVATE_VAR_NS}_COMPONENT ${${ICU_PRIVATE_VAR_NS}_COMPONENTS})
+    string(TOUPPER "${${ICU_PRIVATE_VAR_NS}_COMPONENT}" ${ICU_PRIVATE_VAR_NS}_UPPER_COMPONENT)
+    set("${ICU_PUBLIC_VAR_NS}_${${ICU_PRIVATE_VAR_NS}_UPPER_COMPONENT}_FOUND" FALSE) # may be done in the icu_declare_component macro
+endforeach(${ICU_PRIVATE_VAR_NS}_COMPONENT)
+
+# Check components
+if(NOT ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS) # uc required at least
+    set(${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS uc)
+else(NOT ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS)
+    list(APPEND ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS uc)
+    list(REMOVE_DUPLICATES ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS)
+    foreach(${ICU_PRIVATE_VAR_NS}_COMPONENT ${${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS})
+        if(NOT DEFINED ${ICU_PRIVATE_VAR_NS}_COMPONENTS_${${ICU_PRIVATE_VAR_NS}_COMPONENT})
+            message(FATAL_ERROR "Unknown ICU component: ${${ICU_PRIVATE_VAR_NS}_COMPONENT}")
+        endif(NOT DEFINED ${ICU_PRIVATE_VAR_NS}_COMPONENTS_${${ICU_PRIVATE_VAR_NS}_COMPONENT})
+    endforeach(${ICU_PRIVATE_VAR_NS}_COMPONENT)
+endif(NOT ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS)
+
+# Includes
+find_path(
+    ${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS
+    NAMES unicode/utypes.h utypes.h
+    HINTS ${${ICU_PRIVATE_VAR_NS}_ROOT}
+    PATH_SUFFIXES "include"
+    DOC "Include directories for ICU"
+)
+
+if(${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS)
+    ########## <part to keep synced with tests/version/CMakeLists.txt> ##########
+    if(EXISTS "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/uvernum.h") # ICU >= 4
+        file(READ "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/uvernum.h" ${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS)
+    elseif(EXISTS "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/uversion.h") # ICU [2;4[
+        file(READ "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/uversion.h" ${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS)
+    elseif(EXISTS "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/utypes.h") # ICU [1.4;2[
+        file(READ "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/unicode/utypes.h" ${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS)
+    elseif(EXISTS "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/utypes.h") # ICU 1.3
+        file(READ "${${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS}/utypes.h" ${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS)
+    else()
+        message(FATAL_ERROR "ICU version header not found")
+    endif()
+
+    if(${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS MATCHES ".*# *define *ICU_VERSION *\"([0-9]+)\".*") # ICU 1.3
+        # [1.3;1.4[ as #define ICU_VERSION "3" (no patch version, ie all 1.3.X versions will be detected as 1.3.0)
+        set(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION "1")
+        set(${ICU_PUBLIC_VAR_NS}_MINOR_VERSION "${CMAKE_MATCH_1}")
+        set(${ICU_PUBLIC_VAR_NS}_PATCH_VERSION "0")
+    elseif(${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS MATCHES ".*# *define *U_ICU_VERSION_MAJOR_NUM *([0-9]+).*")
+        set(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION "${CMAKE_MATCH_1}")
+        #
+        # Since version 4.9.1, ICU release version numbering was totaly changed, see:
+        # - http://site.icu-project.org/download/49
+        # - http://userguide.icu-project.org/design#TOC-Version-Numbers-in-ICU
+        #
+        if(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION LESS 49)
+            string(REGEX REPLACE ".*# *define *U_ICU_VERSION_MINOR_NUM *([0-9]+).*" "\\1" ${ICU_PUBLIC_VAR_NS}_MINOR_VERSION "${${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS}")
+            string(REGEX REPLACE ".*# *define *U_ICU_VERSION_PATCHLEVEL_NUM *([0-9]+).*" "\\1" ${ICU_PUBLIC_VAR_NS}_PATCH_VERSION "${${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS}")
+        else(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION LESS 49)
+            string(REGEX MATCH [0-9]$ ${ICU_PUBLIC_VAR_NS}_MINOR_VERSION "${${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION}")
+            string(REGEX REPLACE [0-9]$ "" ${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION "${${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION}")
+            string(REGEX REPLACE ".*# *define *U_ICU_VERSION_MINOR_NUM *([0-9]+).*" "\\1" ${ICU_PUBLIC_VAR_NS}_PATCH_VERSION "${${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS}")
+        endif(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION LESS 49)
+    elseif(${ICU_PRIVATE_VAR_NS}_VERSION_HEADER_CONTENTS MATCHES ".*# *define *U_ICU_VERSION *\"(([0-9]+)(\\.[0-9]+)*)\".*") # ICU [1.4;1.8[
+        # [1.4;1.8[ as #define U_ICU_VERSION "1.4.1.2" but it seems that some 1.4.1(?:\.\d)? have releasing error and appears as 1.4.0
+        set(${ICU_PRIVATE_VAR_NS}_FULL_VERSION "${CMAKE_MATCH_1}") # copy CMAKE_MATCH_1, no longer valid on the following if
+        if(${ICU_PRIVATE_VAR_NS}_FULL_VERSION MATCHES "^([0-9]+)\\.([0-9]+)$")
+            set(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION "${CMAKE_MATCH_1}")
+            set(${ICU_PUBLIC_VAR_NS}_MINOR_VERSION "${CMAKE_MATCH_2}")
+            set(${ICU_PUBLIC_VAR_NS}_PATCH_VERSION "0")
+        elseif(${ICU_PRIVATE_VAR_NS}_FULL_VERSION MATCHES "^([0-9]+)\\.([0-9]+)\\.([0-9]+)")
+            set(${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION "${CMAKE_MATCH_1}")
+            set(${ICU_PUBLIC_VAR_NS}_MINOR_VERSION "${CMAKE_MATCH_2}")
+            set(${ICU_PUBLIC_VAR_NS}_PATCH_VERSION "${CMAKE_MATCH_3}")
+        endif()
+    else()
+        message(FATAL_ERROR "failed to detect ICU version")
+    endif()
+    set(${ICU_PUBLIC_VAR_NS}_VERSION "${${ICU_PUBLIC_VAR_NS}_MAJOR_VERSION}.${${ICU_PUBLIC_VAR_NS}_MINOR_VERSION}.${${ICU_PUBLIC_VAR_NS}_PATCH_VERSION}")
+    ########## </part to keep synced with tests/version/CMakeLists.txt> ##########
+
+    # Check dependencies (implies pkg-config)
+    if(PKG_CONFIG_FOUND)
+        set(${ICU_PRIVATE_VAR_NS}_COMPONENTS_DUP ${${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS})
+        foreach(${ICU_PRIVATE_VAR_NS}_COMPONENT ${${ICU_PRIVATE_VAR_NS}_COMPONENTS_DUP})
+            pkg_check_modules(PC_ICU_PRIVATE_VAR_NS "icu-${${ICU_PRIVATE_VAR_NS}_COMPONENT}" QUIET)
+
+            if(${PC_ICU_PRIVATE_VAR_NS}_FOUND)
+                foreach(${PC_ICU_PRIVATE_VAR_NS}_LIBRARY ${PC_ICU_LIBRARIES})
+                    string(REGEX REPLACE "^icu" "" ${PC_ICU_PRIVATE_VAR_NS}_STRIPPED_LIBRARY ${${PC_ICU_PRIVATE_VAR_NS}_LIBRARY})
+                    list(APPEND ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS ${${PC_ICU_PRIVATE_VAR_NS}_STRIPPED_LIBRARY})
+                endforeach(${PC_ICU_PRIVATE_VAR_NS}_LIBRARY)
+            endif(${PC_ICU_PRIVATE_VAR_NS}_FOUND)
+        endforeach(${ICU_PRIVATE_VAR_NS}_COMPONENT)
+        list(REMOVE_DUPLICATES ${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS)
+    endif(PKG_CONFIG_FOUND)
+
+    # Check libraries
+    foreach(${ICU_PRIVATE_VAR_NS}_COMPONENT ${${ICU_PUBLIC_VAR_NS}_FIND_COMPONENTS})
+        set(${ICU_PRIVATE_VAR_NS}_POSSIBLE_RELEASE_NAMES )
+        set(${ICU_PRIVATE_VAR_NS}_POSSIBLE_DEBUG_NAMES )
+        foreach(${ICU_PRIVATE_VAR_NS}_BASE_NAME ${${ICU_PRIVATE_VAR_NS}_COMPONENTS_${${ICU_PRIVATE_VAR_NS}_COMPONENT}})
+            list(APPEND ${ICU_PRIVATE_VAR_NS}_POSSIBLE_RELEASE_NAMES "${${ICU_PRIVATE_VAR_NS}_BASE_NAME}")
+            list(APPEND ${ICU_PRIVATE_VAR_NS}_POSSIBLE_DEBUG_NAMES "${${ICU_PRIVATE_VAR_NS}_BASE_NAME}d")
+            list(APPEND ${ICU_PRIVATE_VAR_NS}_POSSIBLE_RELEASE_NAMES "${${ICU_PRIVATE_VAR_NS}_BASE_NAME}${ICU_MAJOR_VERSION}${ICU_MINOR_VERSION}")
+            list(APPEND ${ICU_PRIVATE_VAR_NS}_POSSIBLE_DEBUG_NAMES "${${ICU_PRIVATE_VAR_NS}_BASE_NAME}${ICU_MAJOR_VERSION}${ICU_MINOR_VERSION}d")
+        endforeach(${ICU_PRIVATE_VAR_NS}_BASE_NAME)
+
+        find_library(
+            ${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT}
+            NAMES ${${ICU_PRIVATE_VAR_NS}_POSSIBLE_RELEASE_NAMES}
+            HINTS ${${ICU_PRIVATE_VAR_NS}_ROOT}
+            PATH_SUFFIXES ${_ICU_LIB_SUFFIXES}
+            DOC "Release libraries for ICU"
+        )
+        find_library(
+            ${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}
+            NAMES ${${ICU_PRIVATE_VAR_NS}_POSSIBLE_DEBUG_NAMES}
+            HINTS ${${ICU_PRIVATE_VAR_NS}_ROOT}
+            PATH_SUFFIXES ${_ICU_LIB_SUFFIXES}
+            DOC "Debug libraries for ICU"
+        )
+
+        string(TOUPPER "${${ICU_PRIVATE_VAR_NS}_COMPONENT}" ${ICU_PRIVATE_VAR_NS}_UPPER_COMPONENT)
+        if(NOT ${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT} AND NOT ${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}) # both not found
+            set("${ICU_PUBLIC_VAR_NS}_${${ICU_PRIVATE_VAR_NS}_UPPER_COMPONENT}_FOUND" FALSE)
+            set("${ICU_PUBLIC_VAR_NS}_FOUND" FALSE)
+        else(NOT ${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT} AND NOT ${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}) # one or both found
+            set("${ICU_PUBLIC_VAR_NS}_${${ICU_PRIVATE_VAR_NS}_UPPER_COMPONENT}_FOUND" TRUE)
+            if(NOT ${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT}) # release not found => we are in debug
+                set(${ICU_PRIVATE_VAR_NS}_LIB_${${ICU_PRIVATE_VAR_NS}_COMPONENT} "${${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}}")
+            elseif(NOT ${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}) # debug not found => we are in release
+                set(${ICU_PRIVATE_VAR_NS}_LIB_${${ICU_PRIVATE_VAR_NS}_COMPONENT} "${${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT}}")
+            else() # both found
+                set(
+                    ${ICU_PRIVATE_VAR_NS}_LIB_${${ICU_PRIVATE_VAR_NS}_COMPONENT}
+                    optimized ${${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT}}
+                    debug ${${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT}}
+                )
+            endif()
+            list(APPEND ${ICU_PUBLIC_VAR_NS}_LIBRARIES ${${ICU_PRIVATE_VAR_NS}_LIB_${${ICU_PRIVATE_VAR_NS}_COMPONENT}})
+        endif(NOT ${ICU_PRIVATE_VAR_NS}_LIB_RELEASE_${${ICU_PRIVATE_VAR_NS}_COMPONENT} AND NOT ${ICU_PRIVATE_VAR_NS}_LIB_DEBUG_${${ICU_PRIVATE_VAR_NS}_COMPONENT})
+    endforeach(${ICU_PRIVATE_VAR_NS}_COMPONENT)
+
+    # Try to find out compiler flags
+    find_program(${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE HINTS ${${ICU_PRIVATE_VAR_NS}_ROOT} icu-config)
+    if(${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE)
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cflags OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_C_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cxxflags OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_CXX_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cppflags OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_CPP_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cflags-dynamic OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_C_SHARED_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cxxflags-dynamic OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_CXX_SHARED_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+        execute_process(COMMAND ${${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE} --cppflags-dynamic OUTPUT_VARIABLE ${ICU_PUBLIC_VAR_NS}_CPP_SHARED_FLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+    endif(${ICU_PUBLIC_VAR_NS}_CONFIG_EXECUTABLE)
+
+    # Check find_package arguments
+    include(FindPackageHandleStandardArgs)
+    if(${ICU_PUBLIC_VAR_NS}_FIND_REQUIRED AND NOT ${ICU_PUBLIC_VAR_NS}_FIND_QUIETLY)
+        find_package_handle_standard_args(
+            ${ICU_PUBLIC_VAR_NS}
+            REQUIRED_VARS ${ICU_PUBLIC_VAR_NS}_LIBRARIES ${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS
+            VERSION_VAR ${ICU_PUBLIC_VAR_NS}_VERSION
+        )
+    else(${ICU_PUBLIC_VAR_NS}_FIND_REQUIRED AND NOT ${ICU_PUBLIC_VAR_NS}_FIND_QUIETLY)
+        find_package_handle_standard_args(${ICU_PUBLIC_VAR_NS} "ICU not found" ${ICU_PUBLIC_VAR_NS}_LIBRARIES ${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS)
+    endif(${ICU_PUBLIC_VAR_NS}_FIND_REQUIRED AND NOT ${ICU_PUBLIC_VAR_NS}_FIND_QUIETLY)
+else(${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS)
+    if(${ICU_PUBLIC_VAR_NS}_FIND_REQUIRED AND NOT ${ICU_PUBLIC_VAR_NS}_FIND_QUIETLY)
+        message(FATAL_ERROR "Could not find ICU include directory")
+    endif(${ICU_PUBLIC_VAR_NS}_FIND_REQUIRED AND NOT ${ICU_PUBLIC_VAR_NS}_FIND_QUIETLY)
+endif(${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS)
+
+mark_as_advanced(
+    ${ICU_PUBLIC_VAR_NS}_INCLUDE_DIRS
+    ${ICU_PUBLIC_VAR_NS}_LIBRARIES
+)
+
+# IN (args)
+icudebug("FIND_COMPONENTS")
+icudebug("FIND_REQUIRED")
+icudebug("FIND_QUIETLY")
+icudebug("FIND_VERSION")
+# OUT
+# Found
+icudebug("FOUND")
+icudebug("UC_FOUND")
+icudebug("I18N_FOUND")
+icudebug("IO_FOUND")
+icudebug("LE_FOUND")
+icudebug("LX_FOUND")
+icudebug("DATA_FOUND")
+# Flags
+icudebug("C_FLAGS")
+icudebug("CPP_FLAGS")
+icudebug("CXX_FLAGS")
+icudebug("C_SHARED_FLAGS")
+icudebug("CPP_SHARED_FLAGS")
+icudebug("CXX_SHARED_FLAGS")
+# Linking
+icudebug("INCLUDE_DIRS")
+icudebug("LIBRARIES")
+# Version
+icudebug("MAJOR_VERSION")
+icudebug("MINOR_VERSION")
+icudebug("PATCH_VERSION")
+icudebug("VERSION")
diff --git a/vmime-master/cmake/FindIconv.cmake b/vmime-master/cmake/FindIconv.cmake
new file mode 100644
index 0000000..6233657
--- /dev/null
+++ b/vmime-master/cmake/FindIconv.cmake
@@ -0,0 +1,61 @@
+# - Try to find Iconv
+# Once done this will define
+#
+#  ICONV_FOUND - system has Iconv
+#  ICONV_INCLUDE_DIR - the Iconv include directory
+#  ICONV_LIBRARIES - Link these to use Iconv
+#  ICONV_SECOND_ARGUMENT_IS_CONST - the second argument for iconv() is const
+#
+include(CheckCXXSourceCompiles)
+
+IF (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES)
+  # Already in cache, be silent
+  SET(ICONV_FIND_QUIETLY TRUE)
+ENDIF (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES)
+
+FIND_PATH(ICONV_INCLUDE_DIR iconv.h)
+
+IF(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+	FIND_LIBRARY(ICONV_LIBRARIES NAMES iconv libiconv libiconv-2 c HINTS "/opt/local/lib")
+ELSE()
+	FIND_LIBRARY(ICONV_LIBRARIES NAMES iconv libiconv libiconv-2 c)
+ENDIF()
+
+IF(ICONV_INCLUDE_DIR AND ICONV_LIBRARIES)
+   SET(ICONV_FOUND TRUE)
+ENDIF(ICONV_INCLUDE_DIR AND ICONV_LIBRARIES)
+
+set(CMAKE_REQUIRED_INCLUDES ${ICONV_INCLUDE_DIR})
+set(CMAKE_REQUIRED_LIBRARIES ${ICONV_LIBRARIES})
+IF(ICONV_FOUND)
+  check_cxx_source_compiles("
+  #include <iconv.h>
+  int main(){
+    iconv_t conv = 0;
+    const char* in = 0;
+    size_t ilen = 0;
+    char* out = 0;
+    size_t olen = 0;
+    iconv(conv, &in, &ilen, &out, &olen);
+    return 0;
+  }
+" ICONV_SECOND_ARGUMENT_IS_CONST )
+ENDIF(ICONV_FOUND)
+set(CMAKE_REQUIRED_INCLUDES)
+set(CMAKE_REQUIRED_LIBRARIES)
+
+IF(ICONV_FOUND)
+  IF(NOT ICONV_FIND_QUIETLY)
+    MESSAGE(STATUS "Found Iconv: ${ICONV_LIBRARIES}")
+  ENDIF(NOT ICONV_FIND_QUIETLY)
+ELSE(ICONV_FOUND)
+  IF(Iconv_FIND_REQUIRED)
+    MESSAGE(FATAL_ERROR "Could not find Iconv")
+  ENDIF(Iconv_FIND_REQUIRED)
+ENDIF(ICONV_FOUND)
+
+MARK_AS_ADVANCED(
+  ICONV_INCLUDE_DIR
+  ICONV_LIBRARIES
+  ICONV_SECOND_ARGUMENT_IS_CONST
+)
diff --git a/vmime-master/cmake/Utils.cmake b/vmime-master/cmake/Utils.cmake
new file mode 100644
index 0000000..fd8928e
--- /dev/null
+++ b/vmime-master/cmake/Utils.cmake
@@ -0,0 +1,13 @@
+
+# Installing headers and preserving the directory structure
+# Found here: http://www.semipol.de/archives/251
+MACRO(INSTALL_HEADERS_WITH_DIRECTORY HEADER_LIST COMPONENT_NAME REMOVE_PREFIX)
+
+	FOREACH(HEADER ${${HEADER_LIST}})
+		STRING(REGEX MATCH "(.*)[/\\]" DIR ${HEADER})
+		STRING(REPLACE "${REMOVE_PREFIX}" "" DIR ${DIR})
+		INSTALL(FILES ${HEADER} DESTINATION include/${DIR} COMPONENT ${COMPONENT_NAME})
+	ENDFOREACH(HEADER)
+
+ENDMACRO(INSTALL_HEADERS_WITH_DIRECTORY)
+
diff --git a/vmime-master/cmake/config.hpp.cmake b/vmime-master/cmake/config.hpp.cmake
new file mode 100644
index 0000000..c5e9fde
--- /dev/null
+++ b/vmime-master/cmake/config.hpp.cmake
@@ -0,0 +1,97 @@
+//
+// This file was automatically generated by CMake.
+//
+
+#ifndef VMIME_CONFIG_HPP_INCLUDED
+#define VMIME_CONFIG_HPP_INCLUDED
+
+
+#include "vmime/export.hpp"
+
+
+// Name of package
+#define VMIME_PACKAGE "@PROJECT_NAME@"
+
+// Version number of package
+#define VMIME_VERSION "@VMIME_VERSION@"
+#define VMIME_API "@VMIME_API_VERSION@"
+
+// Set to 1 if debugging should be activated
+#define VMIME_DEBUG @VMIME_DEBUG@
+
+// Byte order (set one or the other, but not both!)
+#define VMIME_BYTE_ORDER_BIG_ENDIAN     @VMIME_BYTE_ORDER_BIG_ENDIAN@
+#define VMIME_BYTE_ORDER_LITTLE_ENDIAN  @VMIME_BYTE_ORDER_LITTLE_ENDIAN@
+
+// Generic types
+#cmakedefine01 VMIME_HAVE_CSTDINT
+#if VMIME_HAVE_CSTDINT
+#	include <cstdint>
+#endif
+
+// -- 8-bit
+typedef signed @VMIME_8BIT_TYPE@ vmime_int8;
+typedef unsigned @VMIME_8BIT_TYPE@ vmime_uint8;
+// -- 16-bit
+typedef signed @VMIME_16BIT_TYPE@ vmime_int16;
+typedef unsigned @VMIME_16BIT_TYPE@ vmime_uint16;
+// -- 32-bit
+typedef signed @VMIME_32BIT_TYPE@ vmime_int32;
+typedef unsigned @VMIME_32BIT_TYPE@ vmime_uint32;
+// -- 64-bit
+typedef signed @VMIME_64BIT_TYPE@ vmime_int64;
+typedef unsigned @VMIME_64BIT_TYPE@ vmime_uint64;
+
+#cmakedefine01 VMIME_HAVE_SIZE_T
+
+// Charset conversion support
+#cmakedefine01 VMIME_CHARSETCONV_LIB_IS_ICONV
+#cmakedefine01 VMIME_CHARSETCONV_LIB_IS_ICU
+#cmakedefine01 VMIME_CHARSETCONV_LIB_IS_WIN
+
+// Options
+// -- File-system support
+#cmakedefine01 VMIME_HAVE_FILESYSTEM_FEATURES
+// -- SASL support
+#cmakedefine01 VMIME_HAVE_SASL_SUPPORT
+// -- TLS/SSL support
+#cmakedefine01 VMIME_HAVE_TLS_SUPPORT
+#cmakedefine01 VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+#cmakedefine01 VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+#define VMIME_HAVE_GNUTLS_PRIORITY_FUNCS @VMIME_HAVE_GNUTLS_PRIORITY_FUNCS@
+// -- Messaging support
+#cmakedefine01 VMIME_HAVE_MESSAGING_FEATURES
+// -- Messaging protocols
+#cmakedefine01 VMIME_HAVE_MESSAGING_PROTO_POP3
+#cmakedefine01 VMIME_HAVE_MESSAGING_PROTO_SMTP
+#cmakedefine01 VMIME_HAVE_MESSAGING_PROTO_IMAP
+#cmakedefine01 VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+#cmakedefine01 VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+// -- Platform-specific code
+#cmakedefine01 VMIME_PLATFORM_IS_POSIX
+#cmakedefine01 VMIME_PLATFORM_IS_WINDOWS
+#cmakedefine01 VMIME_HAVE_PTHREAD
+#cmakedefine01 VMIME_HAVE_GETADDRINFO
+#cmakedefine01 VMIME_HAVE_GETADDRINFO_A
+#cmakedefine01 VMIME_HAVE_GETTID
+#cmakedefine01 VMIME_HAVE_SYSCALL
+#cmakedefine01 VMIME_HAVE_SYSCALL_GETTID
+#cmakedefine01 VMIME_HAVE_GETTHRID
+#cmakedefine01 VMIME_HAVE_GMTIME_S
+#cmakedefine01 VMIME_HAVE_GMTIME_R
+#cmakedefine01 VMIME_HAVE_LOCALTIME_S
+#cmakedefine01 VMIME_HAVE_LOCALTIME_R
+#cmakedefine01 VMIME_HAVE_STRERROR_R
+#cmakedefine01 VMIME_HAVE_MLANG
+#cmakedefine01 VMIME_HAVE_SO_KEEPALIVE
+#cmakedefine01 VMIME_HAVE_SO_NOSIGPIPE
+#cmakedefine01 VMIME_HAVE_MSG_NOSIGNAL
+#cmakedefine01 VMIME_SHARED_PTR_USE_CXX
+#cmakedefine01 VMIME_SHARED_PTR_USE_BOOST
+
+
+#define VMIME_SENDMAIL_PATH "@VMIME_SENDMAIL_PATH@"
+
+
+#endif // VMIME_CONFIG_HPP_INCLUDED
+
diff --git a/vmime-master/config_header/config.hpp b/vmime-master/config_header/config.hpp
new file mode 100644
index 0000000..026b839
--- /dev/null
+++ b/vmime-master/config_header/config.hpp
@@ -0,0 +1,97 @@
+//
+// This file was automatically generated by CMake.
+//
+
+#ifndef VMIME_CONFIG_HPP_INCLUDED
+#define VMIME_CONFIG_HPP_INCLUDED
+
+
+#include "vmime/export.hpp"
+
+
+// Name of package
+#define VMIME_PACKAGE "vmime"
+
+// Version number of package
+#define VMIME_VERSION "0.9.2"
+#define VMIME_API "1.0.0"
+
+// Set to 1 if debugging should be activated
+#define VMIME_DEBUG 1
+
+// Byte order (set one or the other, but not both!)
+#define VMIME_BYTE_ORDER_BIG_ENDIAN     0
+#define VMIME_BYTE_ORDER_LITTLE_ENDIAN  1
+
+// Generic types
+#define VMIME_HAVE_CSTDINT 1
+#if VMIME_HAVE_CSTDINT
+#	include <cstdint>
+#endif
+
+// -- 8-bit
+typedef signed char vmime_int8;
+typedef unsigned char vmime_uint8;
+// -- 16-bit
+typedef signed short vmime_int16;
+typedef unsigned short vmime_uint16;
+// -- 32-bit
+typedef signed int vmime_int32;
+typedef unsigned int vmime_uint32;
+// -- 64-bit
+typedef signed long long vmime_int64;
+typedef unsigned long long vmime_uint64;
+
+#define VMIME_HAVE_SIZE_T 1
+
+// Charset conversion support
+#define VMIME_CHARSETCONV_LIB_IS_ICONV 0
+#define VMIME_CHARSETCONV_LIB_IS_ICU 0
+#define VMIME_CHARSETCONV_LIB_IS_WIN 1
+
+// Options
+// -- File-system support
+#define VMIME_HAVE_FILESYSTEM_FEATURES 1
+// -- SASL support
+#define VMIME_HAVE_SASL_SUPPORT 0
+// -- TLS/SSL support
+#define VMIME_HAVE_TLS_SUPPORT 1
+#define VMIME_TLS_SUPPORT_LIB_IS_GNUTLS 0
+#define VMIME_TLS_SUPPORT_LIB_IS_OPENSSL 1
+#define VMIME_HAVE_GNUTLS_PRIORITY_FUNCS 
+// -- Messaging support
+#define VMIME_HAVE_MESSAGING_FEATURES 1
+// -- Messaging protocols
+#define VMIME_HAVE_MESSAGING_PROTO_POP3 1
+#define VMIME_HAVE_MESSAGING_PROTO_SMTP 1
+#define VMIME_HAVE_MESSAGING_PROTO_IMAP 1
+#define VMIME_HAVE_MESSAGING_PROTO_MAILDIR 0
+#define VMIME_HAVE_MESSAGING_PROTO_SENDMAIL 0
+// -- Platform-specific code
+#define VMIME_PLATFORM_IS_POSIX 0
+#define VMIME_PLATFORM_IS_WINDOWS 1
+#define VMIME_HAVE_PTHREAD 0
+#define VMIME_HAVE_GETADDRINFO 0
+#define VMIME_HAVE_GETADDRINFO_A 0
+#define VMIME_HAVE_GETTID 0
+#define VMIME_HAVE_SYSCALL 0
+#define VMIME_HAVE_SYSCALL_GETTID 0
+#define VMIME_HAVE_GETTHRID 0
+#define VMIME_HAVE_GMTIME_S 0
+#define VMIME_HAVE_GMTIME_R 0
+#define VMIME_HAVE_LOCALTIME_S 0
+#define VMIME_HAVE_LOCALTIME_R 0
+#define VMIME_HAVE_STRERROR_R 0
+#define VMIME_HAVE_MLANG 0
+#define VMIME_HAVE_SO_KEEPALIVE 0
+#define VMIME_HAVE_SO_NOSIGPIPE 0
+#define VMIME_HAVE_MSG_NOSIGNAL 0
+#define VMIME_SHARED_PTR_USE_CXX 0
+#define VMIME_SHARED_PTR_USE_BOOST 0
+
+
+#define VMIME_SENDMAIL_PATH "/usr/lib/sendmail"
+
+
+#endif // VMIME_CONFIG_HPP_INCLUDED
+
diff --git a/vmime-master/contrib/punycode/punycode.c b/vmime-master/contrib/punycode/punycode.c
new file mode 100644
index 0000000..f669aa0
--- /dev/null
+++ b/vmime-master/contrib/punycode/punycode.c
@@ -0,0 +1,264 @@
+/*
+punycode.c from RFC 3492
+http://www.nicemice.net/idn/
+Adam M. Costello
+http://www.nicemice.net/amc/
+
+This is ANSI C code (C89) implementing Punycode (RFC 3492).
+
+*/
+
+#include <string.h>
+
+/*** Bootstring parameters for Punycode ***/
+
+enum { base = 36, tmin = 1, tmax = 26, skew = 38, damp = 700,
+       initial_bias = 72, initial_n = 0x80, delimiter = 0x2D };
+
+/* basic(cp) tests whether cp is a basic code point: */
+#define basic(cp) ((punycode_uint)(cp) < 0x80)
+
+/* delim(cp) tests whether cp is a delimiter: */
+#define delim(cp) ((cp) == delimiter)
+
+/* decode_digit(cp) returns the numeric value of a basic code */
+/* point (for use in representing integers) in the range 0 to */
+/* base-1, or base if cp is does not represent a value.       */
+
+static punycode_uint decode_digit(punycode_uint cp)
+{
+  return  cp - 48 < 10 ? cp - 22 :  cp - 65 < 26 ? cp - 65 :
+          cp - 97 < 26 ? cp - 97 :  (punycode_uint) base;
+}
+
+/* encode_digit(d,flag) returns the basic code point whose value      */
+/* (when used for representing integers) is d, which needs to be in   */
+/* the range 0 to base-1.  The lowercase form is used unless flag is  */
+/* nonzero, in which case the uppercase form is used.  The behavior   */
+/* is undefined if flag is nonzero and digit d has no uppercase form. */
+
+static char encode_digit(punycode_uint d, int flag)
+{
+  return char(d + 22 + 75 * (d < 26) - ((flag != 0) << 5));
+  /*  0..25 map to ASCII a..z or A..Z */
+  /* 26..35 map to ASCII 0..9         */
+}
+
+/* flagged(bcp) tests whether a basic code point is flagged */
+/* (uppercase).  The behavior is undefined if bcp is not a  */
+/* basic code point.                                        */
+
+#define flagged(bcp) ((punycode_uint)(bcp) - 65 < 26)
+
+/* encode_basic(bcp,flag) forces a basic code point to lowercase */
+/* if flag is zero, uppercase if flag is nonzero, and returns    */
+/* the resulting code point.  The code point is unchanged if it  */
+/* is caseless.  The behavior is undefined if bcp is not a basic */
+/* code point.                                                   */
+
+static char encode_basic(punycode_uint bcp, int flag)
+{
+  bcp -= (bcp - 97 < 26) << 5;
+  return char(bcp + ((!flag && (bcp - 65 < 26)) << 5));
+}
+
+/*** Platform-specific constants ***/
+
+/* maxint is the maximum value of a punycode_uint variable: */
+static const punycode_uint maxint = -1U;
+/* Because maxint is unsigned, -1 becomes the maximum value. */
+
+/*** Bias adaptation function ***/
+
+static punycode_uint adapt(
+  punycode_uint delta, punycode_uint numpoints, int firsttime )
+{
+  punycode_uint k;
+
+  delta = firsttime ? delta / damp : delta >> 1;
+  /* delta >> 1 is a faster way of doing delta / 2 */
+  delta += delta / numpoints;
+
+  for (k = 0;  delta > ((base - tmin) * tmax) / 2;  k += base) {
+    delta /= base - tmin;
+  }
+
+  return k + (base - tmin + 1) * delta / (delta + skew);
+}
+
+/*** Main encode function ***/
+
+enum punycode_status punycode_encode(
+  punycode_uint input_length,
+  const punycode_uint input[],
+  const unsigned char case_flags[],
+  punycode_uint *output_length,
+  char output[] )
+{
+  punycode_uint n, delta, h, b, out, max_out, bias, j, m, q, k, t;
+
+  /* Initialize the state: */
+
+  n = initial_n;
+  delta = out = 0;
+  max_out = *output_length;
+  bias = initial_bias;
+
+  /* Handle the basic code points: */
+
+  for (j = 0;  j < input_length;  ++j) {
+    if (basic(input[j])) {
+      if (max_out - out < 2) return punycode_big_output;
+      output[out++] = char(
+        case_flags ?  encode_basic(input[j], case_flags[j]) : input[j]
+      );
+    }
+    /* else if (input[j] < n) return punycode_bad_input; */
+    /* (not needed for Punycode with unsigned code points) */
+  }
+
+  h = b = out;
+
+  /* h is the number of code points that have been handled, b is the  */
+  /* number of basic code points, and out is the number of characters */
+  /* that have been output.                                           */
+
+  if (b > 0) output[out++] = delimiter;
+
+  /* Main encoding loop: */
+
+  while (h < input_length) {
+    /* All non-basic code points < n have been     */
+    /* handled already.  Find the next larger one: */
+
+    for (m = maxint, j = 0;  j < input_length;  ++j) {
+      /* if (basic(input[j])) continue; */
+      /* (not needed for Punycode) */
+      if (input[j] >= n && input[j] < m) m = input[j];
+    }
+
+    /* Increase delta enough to advance the decoder's    */
+    /* <n,i> state to <m,0>, but guard against overflow: */
+
+    if (m - n > (maxint - delta) / (h + 1)) return punycode_overflow;
+    delta += (m - n) * (h + 1);
+    n = m;
+
+    for (j = 0;  j < input_length;  ++j) {
+      /* Punycode does not need to check whether input[j] is basic: */
+      if (input[j] < n /* || basic(input[j]) */ ) {
+        if (++delta == 0) return punycode_overflow;
+      }
+
+      if (input[j] == n) {
+        /* Represent delta as a generalized variable-length integer: */
+
+        for (q = delta, k = base;  ;  k += base) {
+          if (out >= max_out) return punycode_big_output;
+          t = k <= bias /* + tmin */ ? (punycode_uint) tmin :     /* +tmin not needed */
+              k >= (punycode_uint) bias + (punycode_uint) tmax ? (punycode_uint) tmax : k - (punycode_uint) bias;
+          if (q < t) break;
+          output[out++] = encode_digit(t + (q - t) % (base - t), 0);
+          q = (q - t) / (base - t);
+        }
+
+        output[out++] = encode_digit(q, case_flags && case_flags[j]);
+        bias = adapt(delta, h + 1, h == b);
+        delta = 0;
+        ++h;
+      }
+    }
+
+    ++delta, ++n;
+  }
+
+  *output_length = out;
+  return punycode_success;
+}
+
+/*** Main decode function ***/
+
+enum punycode_status punycode_decode(
+  punycode_uint input_length,
+  const char input[],
+  punycode_uint *output_length,
+  punycode_uint output[],
+  unsigned char case_flags[] )
+{
+  punycode_uint n, out, i, max_out, bias,
+                 b, j, in, oldi, w, k, digit, t;
+
+  /* Initialize the state: */
+
+  n = initial_n;
+  out = i = 0;
+  max_out = *output_length;
+  bias = initial_bias;
+
+  /* Handle the basic code points:  Let b be the number of input code */
+  /* points before the last delimiter, or 0 if there is none, then    */
+  /* copy the first b code points to the output.                      */
+
+  for (b = j = 0;  j < input_length;  ++j) if (delim(input[j])) b = j;
+  if (b > max_out) return punycode_big_output;
+
+  for (j = 0;  j < b;  ++j) {
+    if (case_flags) case_flags[out] = flagged(input[j]);
+    if (!basic(input[j])) return punycode_bad_input;
+    output[out++] = input[j];
+  }
+
+  /* Main decoding loop:  Start just after the last delimiter if any  */
+  /* basic code points were copied; start at the beginning otherwise. */
+
+  for (in = b > 0 ? b + 1 : 0;  in < input_length;  ++out) {
+
+    /* in is the index of the next character to be consumed, and */
+    /* out is the number of code points in the output array.     */
+
+    /* Decode a generalized variable-length integer into delta,  */
+    /* which gets added to i.  The overflow checking is easier   */
+    /* if we increase i as we go, then subtract off its starting */
+    /* value at the end to obtain delta.                         */
+
+    for (oldi = i, w = 1, k = base;  ;  k += base) {
+      if (in >= input_length) return punycode_bad_input;
+      digit = decode_digit(input[in++]);
+      if (digit >= base) return punycode_bad_input;
+      if (digit > (maxint - i) / w) return punycode_overflow;
+      i += digit * w;
+      t = k <= (punycode_uint) bias /* + tmin */ ? (punycode_uint) tmin :     /* +tmin not needed */
+          k >= (punycode_uint) bias + (punycode_uint) tmax ? (punycode_uint) tmax : k - (punycode_uint) bias;
+      if (digit < t) break;
+      if (w > maxint / (base - t)) return punycode_overflow;
+      w *= (base - t);
+    }
+
+    bias = adapt(i - oldi, out + 1, oldi == 0);
+
+    /* i was supposed to wrap around from out+1 to 0,   */
+    /* incrementing n each time, so we'll fix that now: */
+
+    if (i / (out + 1) > maxint - n) return punycode_overflow;
+    n += i / (out + 1);
+    i %= (out + 1);
+
+    /* Insert n at position i of the output: */
+
+    /* not needed for Punycode: */
+    /* if (decode_digit(n) <= base) return punycode_invalid_input; */
+    if (out >= max_out) return punycode_big_output;
+
+    if (case_flags) {
+      memmove(case_flags + i + 1, case_flags + i, out - i);
+      /* Case of last character determines uppercase flag: */
+      case_flags[i] = flagged(input[in - 1]);
+    }
+
+    memmove(output + i + 1, output + i, (out - i) * sizeof *output);
+    output[i++] = n;
+  }
+
+  *output_length = out;
+  return punycode_success;
+}
diff --git a/vmime-master/contrib/punycode/punycode.h b/vmime-master/contrib/punycode/punycode.h
new file mode 100644
index 0000000..fb02ee9
--- /dev/null
+++ b/vmime-master/contrib/punycode/punycode.h
@@ -0,0 +1,84 @@
+/*
+punycode.h from RFC 3492
+http://www.nicemice.net/idn/
+Adam M. Costello
+http://www.nicemice.net/amc/
+
+This is ANSI C code (C89) implementing Punycode (RFC 3492).
+
+*/
+
+#include <limits.h>
+
+enum punycode_status {
+  punycode_success,
+  punycode_bad_input,   /* Input is invalid.                       */
+  punycode_big_output,  /* Output would exceed the space provided. */
+  punycode_overflow     /* Input needs wider integers to process.  */
+};
+
+#if UINT_MAX >= (1 << 26) - 1
+typedef unsigned int punycode_uint;
+#else
+typedef unsigned long punycode_uint;
+#endif
+
+enum punycode_status punycode_encode(
+  punycode_uint input_length,
+  const punycode_uint input[],
+  const unsigned char case_flags[],
+  punycode_uint *output_length,
+  char output[] );
+
+    /* punycode_encode() converts Unicode to Punycode.  The input     */
+    /* is represented as an array of Unicode code points (not code    */
+    /* units; surrogate pairs are not allowed), and the output        */
+    /* will be represented as an array of ASCII code points.  The     */
+    /* output string is *not* null-terminated; it will contain        */
+    /* zeros if and only if the input contains zeros.  (Of course     */
+    /* the caller can leave room for a terminator and add one if      */
+    /* needed.)  The input_length is the number of code points in     */
+    /* the input.  The output_length is an in/out argument: the       */
+    /* caller passes in the maximum number of code points that it     */
+    /* can receive, and on successful return it will contain the      */
+    /* number of code points actually output.  The case_flags array   */
+    /* holds input_length boolean values, where nonzero suggests that */
+    /* the corresponding Unicode character be forced to uppercase     */
+    /* after being decoded (if possible), and zero suggests that      */
+    /* it be forced to lowercase (if possible).  ASCII code points    */
+    /* are encoded literally, except that ASCII letters are forced    */
+    /* to uppercase or lowercase according to the corresponding       */
+    /* uppercase flags.  If case_flags is a null pointer then ASCII   */
+    /* letters are left as they are, and other code points are        */
+    /* treated as if their uppercase flags were zero.  The return     */
+    /* value can be any of the punycode_status values defined above   */
+    /* except punycode_bad_input; if not punycode_success, then       */
+    /* output_size and output might contain garbage.                  */
+
+enum punycode_status punycode_decode(
+  punycode_uint input_length,
+  const char input[],
+  punycode_uint *output_length,
+  punycode_uint output[],
+  unsigned char case_flags[] );
+
+    /* punycode_decode() converts Punycode to Unicode.  The input is  */
+    /* represented as an array of ASCII code points, and the output   */
+    /* will be represented as an array of Unicode code points.  The   */
+    /* input_length is the number of code points in the input.  The   */
+    /* output_length is an in/out argument: the caller passes in      */
+    /* the maximum number of code points that it can receive, and     */
+    /* on successful return it will contain the actual number of      */
+    /* code points output.  The case_flags array needs room for at    */
+    /* least output_length values, or it can be a null pointer if the */
+    /* case information is not needed.  A nonzero flag suggests that  */
+    /* the corresponding Unicode character be forced to uppercase     */
+    /* by the caller (if possible), while zero suggests that it be    */
+    /* forced to lowercase (if possible).  ASCII code points are      */
+    /* output already in the proper case, but their flags will be set */
+    /* appropriately so that applying the flags would be harmless.    */
+    /* The return value can be any of the punycode_status values      */
+    /* defined above; if not punycode_success, then output_length,    */
+    /* output, and case_flags might contain garbage.  On success, the */
+    /* decoder will never need to write an output_length greater than */
+    /* input_length, because of how the encoding is defined.          */
diff --git a/vmime-master/contrib/utf8/utf8.h b/vmime-master/contrib/utf8/utf8.h
new file mode 100644
index 0000000..4e44514
--- /dev/null
+++ b/vmime-master/contrib/utf8/utf8.h
@@ -0,0 +1,34 @@
+// Copyright 2006 Nemanja Trifunovic

+

+/*

+Permission is hereby granted, free of charge, to any person or organization

+obtaining a copy of the software and accompanying documentation covered by

+this license (the "Software") to use, reproduce, display, distribute,

+execute, and transmit the Software, and to prepare derivative works of the

+Software, and to permit third-parties to whom the Software is furnished to

+do so, all subject to the following:

+

+The copyright notices in the Software and this entire statement, including

+the above license grant, this restriction and the following disclaimer,

+must be included in all copies of the Software, in whole or in part, and

+all derivative works of the Software, unless such copies or derivative

+works are solely in the form of machine-executable object code generated by

+a source language processor.

+

+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT

+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE

+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,

+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

+DEALINGS IN THE SOFTWARE.

+*/

+

+

+#ifndef UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731

+#define UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731

+

+#include "utf8/checked.h"

+#include "utf8/unchecked.h"

+

+#endif // header guard

diff --git a/vmime-master/contrib/utf8/utf8/checked.h b/vmime-master/contrib/utf8/utf8/checked.h
new file mode 100644
index 0000000..1331155
--- /dev/null
+++ b/vmime-master/contrib/utf8/utf8/checked.h
@@ -0,0 +1,327 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_CHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_CHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include "core.h"
+#include <stdexcept>
+
+namespace utf8
+{
+    // Base for the exceptions that may be thrown from the library
+    class exception : public ::std::exception {
+    };
+
+    // Exceptions that may be thrown from the library functions.
+    class invalid_code_point : public exception {
+        uint32_t cp;
+    public:
+        invalid_code_point(uint32_t cp) : cp(cp) {}
+        virtual const char* what() const throw() { return "Invalid code point"; }
+        uint32_t code_point() const {return cp;}
+    };
+
+    class invalid_utf8 : public exception {
+        uint8_t u8;
+    public:
+        invalid_utf8 (uint8_t u) : u8(u) {}
+        virtual const char* what() const throw() { return "Invalid UTF-8"; }
+        uint8_t utf8_octet() const {return u8;}
+    };
+
+    class invalid_utf16 : public exception {
+        uint16_t u16;
+    public:
+        invalid_utf16 (uint16_t u) : u16(u) {}
+        virtual const char* what() const throw() { return "Invalid UTF-16"; }
+        uint16_t utf16_word() const {return u16;}
+    };
+
+    class not_enough_room : public exception {
+    public:
+        virtual const char* what() const throw() { return "Not enough space"; }
+    };
+
+    /// The library API - functions intended to be called by the users
+
+    template <typename octet_iterator>
+    octet_iterator append(uint32_t cp, octet_iterator result)
+    {
+        if (!utf8::internal::is_code_point_valid(cp))
+            throw invalid_code_point(cp);
+
+        if (cp < 0x80)                        // one octet
+            *(result++) = static_cast<uint8_t>(cp);
+        else if (cp < 0x800) {                // two octets
+            *(result++) = static_cast<uint8_t>((cp >> 6)            | 0xc0);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        else if (cp < 0x10000) {              // three octets
+            *(result++) = static_cast<uint8_t>((cp >> 12)           | 0xe0);
+            *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f)   | 0x80);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        else {                                // four octets
+            *(result++) = static_cast<uint8_t>((cp >> 18)           | 0xf0);
+            *(result++) = static_cast<uint8_t>(((cp >> 12) & 0x3f)  | 0x80);
+            *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f)   | 0x80);
+            *(result++) = static_cast<uint8_t>((cp & 0x3f)          | 0x80);
+        }
+        return result;
+    }
+
+    template <typename octet_iterator, typename output_iterator>
+    output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out, uint32_t replacement)
+    {
+        while (start != end) {
+            octet_iterator sequence_start = start;
+            internal::utf_error err_code = utf8::internal::validate_next(start, end);
+            switch (err_code) {
+                case internal::UTF8_OK :
+                    for (octet_iterator it = sequence_start; it != start; ++it)
+                        *out++ = *it;
+                    break;
+                case internal::NOT_ENOUGH_ROOM:
+                    throw not_enough_room();
+                case internal::INVALID_LEAD:
+                    out = utf8::append (replacement, out);
+                    ++start;
+                    break;
+                case internal::INCOMPLETE_SEQUENCE:
+                case internal::OVERLONG_SEQUENCE:
+                case internal::INVALID_CODE_POINT:
+                    out = utf8::append (replacement, out);
+                    ++start;
+                    // just one replacement mark for the sequence
+                    while (start != end && utf8::internal::is_trail(*start))
+                        ++start;
+                    break;
+            }
+        }
+        return out;
+    }
+
+    template <typename octet_iterator, typename output_iterator>
+    inline output_iterator replace_invalid(octet_iterator start, octet_iterator end, output_iterator out)
+    {
+        static const uint32_t replacement_marker = utf8::internal::mask16(0xfffd);
+        return utf8::replace_invalid(start, end, out, replacement_marker);
+    }
+
+    template <typename octet_iterator>
+    uint32_t next(octet_iterator& it, octet_iterator end)
+    {
+        uint32_t cp = 0;
+        internal::utf_error err_code = utf8::internal::validate_next(it, end, cp);
+        switch (err_code) {
+            case internal::UTF8_OK :
+                break;
+            case internal::NOT_ENOUGH_ROOM :
+                throw not_enough_room();
+            case internal::INVALID_LEAD :
+            case internal::INCOMPLETE_SEQUENCE :
+            case internal::OVERLONG_SEQUENCE :
+                throw invalid_utf8(*it);
+            case internal::INVALID_CODE_POINT :
+                throw invalid_code_point(cp);
+        }
+        return cp;
+    }
+
+    template <typename octet_iterator>
+    uint32_t peek_next(octet_iterator it, octet_iterator end)
+    {
+        return utf8::next(it, end);
+    }
+
+    template <typename octet_iterator>
+    uint32_t prior(octet_iterator& it, octet_iterator start)
+    {
+        // can't do much if it == start
+        if (it == start)
+            throw not_enough_room();
+
+        octet_iterator end = it;
+        // Go back until we hit either a lead octet or start
+        while (utf8::internal::is_trail(*(--it)))
+            if (it == start)
+                throw invalid_utf8(*it); // error - no lead byte in the sequence
+        return utf8::peek_next(it, end);
+    }
+
+    /// Deprecated in versions that include "prior"
+    template <typename octet_iterator>
+    uint32_t previous(octet_iterator& it, octet_iterator pass_start)
+    {
+        octet_iterator end = it;
+        while (utf8::internal::is_trail(*(--it)))
+            if (it == pass_start)
+                throw invalid_utf8(*it); // error - no lead byte in the sequence
+        octet_iterator temp = it;
+        return utf8::next(temp, end);
+    }
+
+    template <typename octet_iterator, typename distance_type>
+    void advance (octet_iterator& it, distance_type n, octet_iterator end)
+    {
+        for (distance_type i = 0; i < n; ++i)
+            utf8::next(it, end);
+    }
+
+    template <typename octet_iterator>
+    typename std::iterator_traits<octet_iterator>::difference_type
+    distance (octet_iterator first, octet_iterator last)
+    {
+        typename std::iterator_traits<octet_iterator>::difference_type dist;
+        for (dist = 0; first < last; ++dist)
+            utf8::next(first, last);
+        return dist;
+    }
+
+    template <typename u16bit_iterator, typename octet_iterator>
+    octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result)
+    {
+        while (start != end) {
+            uint32_t cp = utf8::internal::mask16(*start++);
+            // Take care of surrogate pairs first
+            if (utf8::internal::is_lead_surrogate(cp)) {
+                if (start != end) {
+                    uint32_t trail_surrogate = utf8::internal::mask16(*start++);
+                    if (utf8::internal::is_trail_surrogate(trail_surrogate))
+                        cp = (cp << 10) + trail_surrogate + internal::SURROGATE_OFFSET;
+                    else
+                        throw invalid_utf16(static_cast<uint16_t>(trail_surrogate));
+                }
+                else
+                    throw invalid_utf16(static_cast<uint16_t>(cp));
+
+            }
+            // Lone trail surrogate
+            else if (utf8::internal::is_trail_surrogate(cp))
+                throw invalid_utf16(static_cast<uint16_t>(cp));
+
+            result = utf8::append(cp, result);
+        }
+        return result;
+    }
+
+    template <typename u16bit_iterator, typename octet_iterator>
+    u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result)
+    {
+        while (start != end) {
+            uint32_t cp = utf8::next(start, end);
+            if (cp > 0xffff) { //make a surrogate pair
+                *result++ = static_cast<uint16_t>((cp >> 10)   + internal::LEAD_OFFSET);
+                *result++ = static_cast<uint16_t>((cp & 0x3ff) + internal::TRAIL_SURROGATE_MIN);
+            }
+            else
+                *result++ = static_cast<uint16_t>(cp);
+        }
+        return result;
+    }
+
+    template <typename octet_iterator, typename u32bit_iterator>
+    octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result)
+    {
+        while (start != end)
+            result = utf8::append(*(start++), result);
+
+        return result;
+    }
+
+    template <typename octet_iterator, typename u32bit_iterator>
+    u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result)
+    {
+        while (start != end)
+            (*result++) = utf8::next(start, end);
+
+        return result;
+    }
+
+    // The iterator class
+    template <typename octet_iterator>
+    class iterator : public std::iterator <std::bidirectional_iterator_tag, uint32_t> {
+      octet_iterator it;
+      octet_iterator range_start;
+      octet_iterator range_end;
+      public:
+      iterator () {}
+      explicit iterator (const octet_iterator& octet_it,
+                         const octet_iterator& range_start,
+                         const octet_iterator& range_end) :
+               it(octet_it), range_start(range_start), range_end(range_end)
+      {
+          if (it < range_start || it > range_end)
+              throw std::out_of_range("Invalid utf-8 iterator position");
+      }
+      // the default "big three" are OK
+      octet_iterator base () const { return it; }
+      uint32_t operator * () const
+      {
+          octet_iterator temp = it;
+          return utf8::next(temp, range_end);
+      }
+      bool operator == (const iterator& rhs) const
+      {
+          if (range_start != rhs.range_start || range_end != rhs.range_end)
+              throw std::logic_error("Comparing utf-8 iterators defined with different ranges");
+          return (it == rhs.it);
+      }
+      bool operator != (const iterator& rhs) const
+      {
+          return !(operator == (rhs));
+      }
+      iterator& operator ++ ()
+      {
+          utf8::next(it, range_end);
+          return *this;
+      }
+      iterator operator ++ (int)
+      {
+          iterator temp = *this;
+          utf8::next(it, range_end);
+          return temp;
+      }
+      iterator& operator -- ()
+      {
+          utf8::prior(it, range_start);
+          return *this;
+      }
+      iterator operator -- (int)
+      {
+          iterator temp = *this;
+          utf8::prior(it, range_start);
+          return temp;
+      }
+    }; // class iterator
+
+} // namespace utf8
+
+#endif //header guard
+
+
diff --git a/vmime-master/contrib/utf8/utf8/core.h b/vmime-master/contrib/utf8/utf8/core.h
new file mode 100644
index 0000000..f858c4a
--- /dev/null
+++ b/vmime-master/contrib/utf8/utf8/core.h
@@ -0,0 +1,326 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_CORE_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_CORE_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include <iterator>
+
+namespace utf8
+{
+    typedef vmime_uint8   uint8_t;
+    typedef vmime_uint16  uint16_t;
+    typedef vmime_uint32  uint32_t;
+
+// Helper code - not intended to be directly called by the library users. May be changed at any time
+namespace internal
+{
+    // Unicode constants
+    // Leading (high) surrogates: 0xd800 - 0xdbff
+    // Trailing (low) surrogates: 0xdc00 - 0xdfff
+    const uint16_t LEAD_SURROGATE_MIN  = 0xd800u;
+    const uint16_t LEAD_SURROGATE_MAX  = 0xdbffu;
+    const uint16_t TRAIL_SURROGATE_MIN = 0xdc00u;
+    const uint16_t TRAIL_SURROGATE_MAX = 0xdfffu;
+    const uint16_t LEAD_OFFSET         = LEAD_SURROGATE_MIN - (0x10000 >> 10);
+    const uint32_t SURROGATE_OFFSET    = 0x10000u - (LEAD_SURROGATE_MIN << 10) - TRAIL_SURROGATE_MIN;
+
+    // Maximum valid value for a Unicode code point
+    const uint32_t CODE_POINT_MAX      = 0x0010ffffu;
+
+    template<typename octet_type>
+    inline uint8_t mask8(octet_type oc)
+    {
+        return static_cast<uint8_t>(0xff & oc);
+    }
+    template<typename u16_type>
+    inline uint16_t mask16(u16_type oc)
+    {
+        return static_cast<uint16_t>(0xffff & oc);
+    }
+    template<typename octet_type>
+    inline bool is_trail(octet_type oc)
+    {
+        return ((utf8::internal::mask8(oc) >> 6) == 0x2);
+    }
+
+    template <typename u16>
+    inline bool is_lead_surrogate(u16 cp)
+    {
+        return (cp >= LEAD_SURROGATE_MIN && cp <= LEAD_SURROGATE_MAX);
+    }
+
+    template <typename u16>
+    inline bool is_trail_surrogate(u16 cp)
+    {
+        return (cp >= TRAIL_SURROGATE_MIN && cp <= TRAIL_SURROGATE_MAX);
+    }
+
+    template <typename u16>
+    inline bool is_surrogate(u16 cp)
+    {
+        return (cp >= LEAD_SURROGATE_MIN && cp <= TRAIL_SURROGATE_MAX);
+    }
+
+    template <typename u32>
+    inline bool is_code_point_valid(u32 cp)
+    {
+        return (cp <= CODE_POINT_MAX && !utf8::internal::is_surrogate(cp));
+    }
+
+    template <typename octet_iterator>
+    inline typename std::iterator_traits<octet_iterator>::difference_type
+    sequence_length(octet_iterator lead_it)
+    {
+        uint8_t lead = utf8::internal::mask8(*lead_it);
+        if (lead < 0x80)
+            return 1;
+        else if ((lead >> 5) == 0x6)
+            return 2;
+        else if ((lead >> 4) == 0xe)
+            return 3;
+        else if ((lead >> 3) == 0x1e)
+            return 4;
+        else
+            return 0;
+    }
+
+    template <typename octet_difference_type>
+    inline bool is_overlong_sequence(uint32_t cp, octet_difference_type length)
+    {
+        if (cp < 0x80) {
+            if (length != 1)
+                return true;
+        }
+        else if (cp < 0x800) {
+            if (length != 2)
+                return true;
+        }
+        else if (cp < 0x10000) {
+            if (length != 3)
+                return true;
+        }
+
+        return false;
+    }
+
+    enum utf_error {UTF8_OK, NOT_ENOUGH_ROOM, INVALID_LEAD, INCOMPLETE_SEQUENCE, OVERLONG_SEQUENCE, INVALID_CODE_POINT};
+
+    /// Helper for get_sequence_x
+    template <typename octet_iterator>
+    utf_error increase_safely(octet_iterator& it, octet_iterator end)
+    {
+        if (++it == end)
+            return NOT_ENOUGH_ROOM;
+
+        if (!utf8::internal::is_trail(*it))
+            return INCOMPLETE_SEQUENCE;
+
+        return UTF8_OK;
+    }
+
+    #define UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(IT, END) {utf_error ret = increase_safely(IT, END); if (ret != UTF8_OK) return ret;}
+
+    /// get_sequence_x functions decode utf-8 sequences of the length x
+    template <typename octet_iterator>
+    utf_error get_sequence_1(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+            return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_2(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+            return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 6) & 0x7ff) + ((*it) & 0x3f);
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_3(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+            return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 12) & 0xffff) + ((utf8::internal::mask8(*it) << 6) & 0xfff);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (*it) & 0x3f;
+
+        return UTF8_OK;
+    }
+
+    template <typename octet_iterator>
+    utf_error get_sequence_4(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        if (it == end)
+           return NOT_ENOUGH_ROOM;
+
+        code_point = utf8::internal::mask8(*it);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point = ((code_point << 18) & 0x1fffff) + ((utf8::internal::mask8(*it) << 12) & 0x3ffff);
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (utf8::internal::mask8(*it) << 6) & 0xfff;
+
+        UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR(it, end)
+
+        code_point += (*it) & 0x3f;
+
+        return UTF8_OK;
+    }
+
+    #undef UTF8_CPP_INCREASE_AND_RETURN_ON_ERROR
+
+    template <typename octet_iterator>
+    utf_error validate_next(octet_iterator& it, octet_iterator end, uint32_t& code_point)
+    {
+        // Save the original value of it so we can go back in case of failure
+        // Of course, it does not make much sense with i.e. stream iterators
+        octet_iterator original_it = it;
+
+        uint32_t cp = 0;
+        // Determine the sequence length based on the lead octet
+        typedef typename std::iterator_traits<octet_iterator>::difference_type octet_difference_type;
+        const octet_difference_type length = utf8::internal::sequence_length(it);
+
+        // Get trail octets and calculate the code point
+        utf_error err = UTF8_OK;
+        switch (length) {
+            case 0:
+                return INVALID_LEAD;
+            case 1:
+                err = utf8::internal::get_sequence_1(it, end, cp);
+                break;
+            case 2:
+                err = utf8::internal::get_sequence_2(it, end, cp);
+            break;
+            case 3:
+                err = utf8::internal::get_sequence_3(it, end, cp);
+            break;
+            case 4:
+                err = utf8::internal::get_sequence_4(it, end, cp);
+            break;
+        }
+
+        if (err == UTF8_OK) {
+            // Decoding succeeded. Now, security checks...
+            if (utf8::internal::is_code_point_valid(cp)) {
+                if (!utf8::internal::is_overlong_sequence(cp, length)){
+                    // Passed! Return here.
+                    code_point = cp;
+                    ++it;
+                    return UTF8_OK;
+                }
+                else
+                    err = OVERLONG_SEQUENCE;
+            }
+            else
+                err = INVALID_CODE_POINT;
+        }
+
+        // Failure branch - restore the original value of the iterator
+        it = original_it;
+        return err;
+    }
+
+    template <typename octet_iterator>
+    inline utf_error validate_next(octet_iterator& it, octet_iterator end) {
+        uint32_t ignored;
+        return utf8::internal::validate_next(it, end, ignored);
+    }
+
+} // namespace internal
+
+    /// The library API - functions intended to be called by the users
+
+    // Byte order mark
+    const uint8_t bom[] = {0xef, 0xbb, 0xbf};
+
+    template <typename octet_iterator>
+    octet_iterator find_invalid(octet_iterator start, octet_iterator end)
+    {
+        octet_iterator result = start;
+        while (result != end) {
+            utf8::internal::utf_error err_code = utf8::internal::validate_next(result, end);
+            if (err_code != internal::UTF8_OK)
+                return result;
+        }
+        return result;
+    }
+
+    template <typename octet_iterator>
+    inline bool is_valid(octet_iterator start, octet_iterator end)
+    {
+        return (utf8::find_invalid(start, end) == end);
+    }
+
+    template <typename octet_iterator>
+    inline bool starts_with_bom (octet_iterator it, octet_iterator end)
+    {
+        return (
+            ((it != end) && (utf8::internal::mask8(*it++)) == bom[0]) &&
+            ((it != end) && (utf8::internal::mask8(*it++)) == bom[1]) &&
+            ((it != end) && (utf8::internal::mask8(*it))   == bom[2])
+           );
+    }
+
+    //Deprecated in release 2.3
+    template <typename octet_iterator>
+    inline bool is_bom (octet_iterator it)
+    {
+        return (
+            (utf8::internal::mask8(*it++)) == bom[0] &&
+            (utf8::internal::mask8(*it++)) == bom[1] &&
+            (utf8::internal::mask8(*it))   == bom[2]
+           );
+    }
+} // namespace utf8
+
+#endif // header guard
+
+
diff --git a/vmime-master/contrib/utf8/utf8/unchecked.h b/vmime-master/contrib/utf8/utf8/unchecked.h
new file mode 100644
index 0000000..cb24271
--- /dev/null
+++ b/vmime-master/contrib/utf8/utf8/unchecked.h
@@ -0,0 +1,228 @@
+// Copyright 2006 Nemanja Trifunovic
+
+/*
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+*/
+
+
+#ifndef UTF8_FOR_CPP_UNCHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+#define UTF8_FOR_CPP_UNCHECKED_H_2675DCD0_9480_4c0c_B92A_CC14C027B731
+
+#include "core.h"
+
+namespace utf8
+{
+    namespace unchecked 
+    {
+        template <typename octet_iterator>
+        octet_iterator append(uint32_t cp, octet_iterator result)
+        {
+            if (cp < 0x80)                        // one octet
+                *(result++) = static_cast<uint8_t>(cp);  
+            else if (cp < 0x800) {                // two octets
+                *(result++) = static_cast<uint8_t>((cp >> 6)          | 0xc0);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            else if (cp < 0x10000) {              // three octets
+                *(result++) = static_cast<uint8_t>((cp >> 12)         | 0xe0);
+                *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f) | 0x80);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            else {                                // four octets
+                *(result++) = static_cast<uint8_t>((cp >> 18)         | 0xf0);
+                *(result++) = static_cast<uint8_t>(((cp >> 12) & 0x3f)| 0x80);
+                *(result++) = static_cast<uint8_t>(((cp >> 6) & 0x3f) | 0x80);
+                *(result++) = static_cast<uint8_t>((cp & 0x3f)        | 0x80);
+            }
+            return result;
+        }
+
+        template <typename octet_iterator>
+        uint32_t next(octet_iterator& it)
+        {
+            uint32_t cp = utf8::internal::mask8(*it);
+            typename std::iterator_traits<octet_iterator>::difference_type length = utf8::internal::sequence_length(it);
+            switch (length) {
+                case 1:
+                    break;
+                case 2:
+                    it++;
+                    cp = ((cp << 6) & 0x7ff) + ((*it) & 0x3f);
+                    break;
+                case 3:
+                    ++it; 
+                    cp = ((cp << 12) & 0xffff) + ((utf8::internal::mask8(*it) << 6) & 0xfff);
+                    ++it;
+                    cp += (*it) & 0x3f;
+                    break;
+                case 4:
+                    ++it;
+                    cp = ((cp << 18) & 0x1fffff) + ((utf8::internal::mask8(*it) << 12) & 0x3ffff);                
+                    ++it;
+                    cp += (utf8::internal::mask8(*it) << 6) & 0xfff;
+                    ++it;
+                    cp += (*it) & 0x3f; 
+                    break;
+            }
+            ++it;
+            return cp;        
+        }
+
+        template <typename octet_iterator>
+        uint32_t peek_next(octet_iterator it)
+        {
+            return utf8::unchecked::next(it);    
+        }
+
+        template <typename octet_iterator>
+        uint32_t prior(octet_iterator& it)
+        {
+            while (utf8::internal::is_trail(*(--it))) ;
+            octet_iterator temp = it;
+            return utf8::unchecked::next(temp);
+        }
+
+        // Deprecated in versions that include prior, but only for the sake of consistency (see utf8::previous)
+        template <typename octet_iterator>
+        inline uint32_t previous(octet_iterator& it)
+        {
+            return utf8::unchecked::prior(it);
+        }
+
+        template <typename octet_iterator, typename distance_type>
+        void advance (octet_iterator& it, distance_type n)
+        {
+            for (distance_type i = 0; i < n; ++i)
+                utf8::unchecked::next(it);
+        }
+
+        template <typename octet_iterator>
+        typename std::iterator_traits<octet_iterator>::difference_type
+        distance (octet_iterator first, octet_iterator last)
+        {
+            typename std::iterator_traits<octet_iterator>::difference_type dist;
+            for (dist = 0; first < last; ++dist) 
+                utf8::unchecked::next(first);
+            return dist;
+        }
+
+        template <typename u16bit_iterator, typename octet_iterator>
+        octet_iterator utf16to8 (u16bit_iterator start, u16bit_iterator end, octet_iterator result)
+        {       
+            while (start != end) {
+                uint32_t cp = utf8::internal::mask16(*start++);
+            // Take care of surrogate pairs first
+                if (utf8::internal::is_lead_surrogate(cp)) {
+                    uint32_t trail_surrogate = utf8::internal::mask16(*start++);
+                    cp = (cp << 10) + trail_surrogate + internal::SURROGATE_OFFSET;
+                }
+                result = utf8::unchecked::append(cp, result);
+            }
+            return result;         
+        }
+
+        template <typename u16bit_iterator, typename octet_iterator>
+        u16bit_iterator utf8to16 (octet_iterator start, octet_iterator end, u16bit_iterator result)
+        {
+            while (start < end) {
+                uint32_t cp = utf8::unchecked::next(start);
+                if (cp > 0xffff) { //make a surrogate pair
+                    *result++ = static_cast<uint16_t>((cp >> 10)   + internal::LEAD_OFFSET);
+                    *result++ = static_cast<uint16_t>((cp & 0x3ff) + internal::TRAIL_SURROGATE_MIN);
+                }
+                else
+                    *result++ = static_cast<uint16_t>(cp);
+            }
+            return result;
+        }
+
+        template <typename octet_iterator, typename u32bit_iterator>
+        octet_iterator utf32to8 (u32bit_iterator start, u32bit_iterator end, octet_iterator result)
+        {
+            while (start != end)
+                result = utf8::unchecked::append(*(start++), result);
+
+            return result;
+        }
+
+        template <typename octet_iterator, typename u32bit_iterator>
+        u32bit_iterator utf8to32 (octet_iterator start, octet_iterator end, u32bit_iterator result)
+        {
+            while (start < end)
+                (*result++) = utf8::unchecked::next(start);
+
+            return result;
+        }
+
+        // The iterator class
+        template <typename octet_iterator>
+          class iterator : public std::iterator <std::bidirectional_iterator_tag, uint32_t> { 
+            octet_iterator it;
+            public:
+            iterator () {}
+            explicit iterator (const octet_iterator& octet_it): it(octet_it) {}
+            // the default "big three" are OK
+            octet_iterator base () const { return it; }
+            uint32_t operator * () const
+            {
+                octet_iterator temp = it;
+                return utf8::unchecked::next(temp);
+            }
+            bool operator == (const iterator& rhs) const 
+            { 
+                return (it == rhs.it);
+            }
+            bool operator != (const iterator& rhs) const
+            {
+                return !(operator == (rhs));
+            }
+            iterator& operator ++ () 
+            {
+                ::std::advance(it, utf8::internal::sequence_length(it));
+                return *this;
+            }
+            iterator operator ++ (int)
+            {
+                iterator temp = *this;
+                ::std::advance(it, utf8::internal::sequence_length(it));
+                return temp;
+            }  
+            iterator& operator -- ()
+            {
+                utf8::unchecked::prior(it);
+                return *this;
+            }
+            iterator operator -- (int)
+            {
+                iterator temp = *this;
+                utf8::unchecked::prior(it);
+                return temp;
+            }
+          }; // class iterator
+
+    } // namespace utf8::unchecked
+} // namespace utf8 
+
+
+#endif // header guard
+
diff --git a/vmime-master/doc/book/.gitignore b/vmime-master/doc/book/.gitignore
new file mode 100644
index 0000000..5bb5584
--- /dev/null
+++ b/vmime-master/doc/book/.gitignore
@@ -0,0 +1,17 @@
+# PDFLatex
+*.log
+*.aux
+*.toc
+*.out
+*.pdf
+*.lo[flt]
+
+# Hevea
+*.haux
+*.htoc
+book.image.tex
+book.html
+
+images/Makefile2
+images/*.png
+
diff --git a/vmime-master/doc/book/basics.tex b/vmime-master/doc/book/basics.tex
new file mode 100644
index 0000000..94633ef
--- /dev/null
+++ b/vmime-master/doc/book/basics.tex
@@ -0,0 +1,823 @@
+\chapter{Basics}
+
+% ============================================================================
+\section{Reference counting}
+
+\subsection{Introduction} % --------------------------------------------------
+
+Since version 0.7.2cvs, VMime use smart pointers to simplify memory
+management. Smart pointers rely on
+RAII\footnote{Ressource Allocation is Initialisation} so that we do not need
+to bother with deleting an object (freeing memory) when it is not used
+anymore.
+
+There are two possibilities for owning a reference to an object. We can own a
+strong reference to an object: as long as we keep this reference, the object
+is not destroyed. Or we can own a weak reference to the object: the object can
+be destroyed if nobody owns a strong reference to it, in which case the weak
+reference becomes invalid.
+
+An object is destroyed as soon as the last strong reference to it is released.
+At the same tine, all weak references (if any) are automatically set to point
+to \vnull.
+
+In VMime, these two types of references are known as {\vcode vmime::shared\_ptr}
+and {\vcode vmime::weak\_ptr}, respectively.
+
+\vnote{since November 2013, we switched from an old, intrusive implementation
+of smart pointers to a more standard one: either Boost {\vcode shared\_ptr<>}
+implementation or standard C++ one if we are compiling in C++11. Here are the
+changes:
+
+{\vcode vmime::ref <>} is replaced with {\vcode vmime::shared\_ptr <>}
+
+{\vcode vmime::weak\_ref <>} is replaced with {\vcode vmime::weak\_ptr <>}
+
+{\vcode vmime::create <>} is replaced with {\vcode vmime::make\_shared <>}
+}
+
+\subsection{Instanciating reference-counted objects} % -----------------------
+
+In VMime, all objects that support reference counting inherit from the
+{\vcode vmime::object} class, which is responsible for
+incrementing/decrementing the counter and managing the object's life cycle.
+If you want to create a smart pointer to a new object instance, you should
+use the function {\vcode vmime::make\_shared} instead of the {\vcode new}
+operator.
+
+\begin{lstlisting}[caption={Smarts pointers and creating objects}]
+class myObject : public vmime::object {
+
+public:
+
+   myObject(const vmime::string& name)
+      : m_name(name) {
+
+   }
+
+   void sayHello() {
+
+      std::cout << "Hello " << m_name << std::endl;
+   }
+
+private:
+
+   vmime::string m_name;
+};
+
+int main() {
+
+   vmime::shared_ptr <myObject> obj =
+      vmime::make_shared <myObject>("world");
+
+   obj->sayHello();
+
+   return 0;
+
+} // Here, 'obj' gets automatically destroyed
+\end{lstlisting}
+
+\subsection{Using smart pointers} % ------------------------------------------
+
+Smart pointers are copiable, assignable and comparable. You can use them like
+you would use normal ("raw") C++ pointers (eg. you can write
+\lstinline{!ptr, ptr != NULL, ptr->method(), *ptr}...).
+
+Type safety is also guaranteed, and you can type cast smart pointers using
+the {\vcode static\_cast()}, {\vcode dynamic\_cast()} and {\vcode const\_cast()}
+equivalents on {\vcode vmime::shared\_ptr} and {\vcode vmime::weak\_ptr} objects:
+
+\begin{lstlisting}[caption={Casting smart pointers}]
+class myBase : public vmime::object { }
+class myObject : public myBase { }
+
+vmime::shared_ptr <myObject> obj = vmime::make_shared <myObject>();
+
+// Implicit downcast
+vmime::shared_ptr <myBase> base = obj;
+
+// Explicit upcast
+vmime::shared_ptr <myObject> obj2 = vmime::dynamicCast <myObject>(base);
+\end{lstlisting}
+
+Weak references are used to resolve reference cycles (an object which refers
+directly or indirectly to itself). The following example illustrates a
+typical problem of reference counting:
+
+\begin{lstlisting}
+class parent : public vmime::object {
+
+public:
+
+   void createChild(vmime::shared_ptr <child> c) {
+
+      m_child = c;
+   }
+
+private:
+
+   vmime::shared_ptr <child> m_child;
+};
+
+class child : public vmime::object {
+
+public:
+
+   child(vmime::shared_ptr <parent> p)
+      : m_parent(p) {
+
+   }
+
+private:
+
+   vmime::shared_ptr <parent> m_parent;
+};
+
+int main() {
+
+   vmime::shared_ptr <parent> p = vmime::make_shared <parent>();
+   vmime::shared_ptr <child> c = vmime::make_shared <child>();
+
+   p->setChild(c);
+}
+\end{lstlisting}
+
+In this example, neither {\vcode p} nor {\vcode c} will be deleted when
+exiting {\vcode main()}. That's because {\vcode p} indirectly points to itself
+{\em via} {\vcode c}, and {\em vice versa}. The solution is to use a weak
+reference to the parent:
+
+\begin{lstlisting}
+vmime::weak_ptr <parent> m_parent;
+\end{lstlisting}
+
+The decision to make the parent or the child a weak reference is purely
+semantic, and it depends on the context and the relationships between the
+objects. Note that when the parent is deleted, the {\vcode m\_parent} member
+of the child points to \vnull.
+
+More information about reference counting can be found on
+Wikipedia\footnote{http://en.wikipedia.org/wiki/Reference\_counting}.
+
+% ============================================================================
+\section{Error handling}
+
+In VMime, error handling is exclusively based on exceptions, there is no error
+codes, or things like that.
+
+VMime code may throw exceptions in many different situations: an unexpected
+error occurred, an operation is not supported, etc. You should catch them if
+you want to report failures to the user. This is also useful when debugging
+your program.
+
+VMime exceptions support chaining: an exception can be encapsulated into
+another exception to hide implementation details. The function
+{\vcode exception::other()} returns the next exception in the chain,
+or \vnull.
+
+Following is an example code for catching VMime exceptions and writing error
+messages to the console:
+
+\begin{lstlisting}[caption={Catching VMime exceptions}]
+std::ostream& operator<<(std::ostream& os, const vmime::exception& e) {
+
+   os << "* vmime::exceptions::" << e.name() << std::endl;
+   os << "    what = " << e.what() << std::endl;
+
+   // Recursively print all encapsuled exceptions
+   if (e.other() != NULL) {
+      os << *e.other();
+   }
+
+   return os;
+}
+
+...
+
+try {
+
+   // ...some call to VMime...
+
+} catch (vmime::exception& e) {
+
+   std::cerr << e;         // VMime exception
+
+} catch (std::exception& e) {
+
+   std::cerr << e.what();  // standard exception
+}
+\end{lstlisting}
+
+Read the source of {\vexample example6} if yo want to see a more complete
+example of using VMime exceptions (such as getting more detailed information
+by using specialized classes of {\vcode vmime::exception}).
+
+
+% ============================================================================
+\section{Basic objects}
+
+\subsection{The {\vcode component} class} % ----------------------------------
+
+In VMime, all the components of a message inherit from the same class
+{\vcode component}. This includes the message itself (classes {\vcode message}
+and {\vcode bodyPart}), the header, the header fields and the value of each
+header field, the body and all the parts in the message.
+
+The class component provide a common interface for parsing or generating all
+these components (methods {\vcode parse()} and {\vcode generate()}). It also
+provides additional functions to get some information about the parsing
+process or the structure (methods {\vcode getParsedOffset()},
+{\vcode getParsedLength()} and {\vcode getChildComponents()}).
+
+VMime also provides a set of classes corresponding to the basic types found
+in a message; for example a mailbox, a mailbox list, date/time information,
+media type, etc. They all inherit from {\vcode component} too.
+
+\subsection{Date and time} % -------------------------------------------------
+
+Date and time are used in several places in VMime, particularly in header
+fields (Date, Received, ...). VMime fully supports RFC-2822's date and time
+specification. The object {\vcode vmime::datetime} is used to manipulate date
+and time information, and to parse/generate it from/to RFC-2822 format.
+
+The following code snippet show various manners of using the
+{\vcode vmime::datetime} object:
+
+\begin{lstlisting}[caption={Using {\vcode vmime::datetime} object}]
+// Creating from string in RFC-2822 format
+vmime::datetime d1("Sat, 08 Oct 2005 14:07:52 +0200");
+
+// Creating from components
+vmime::datetime d2(
+   /* date */ 2005, vmime::datetime::OCTOBER, 8,
+   /* time */ 14, 7, 52,
+   /* zone */ vmime::datetime::GMT2
+);
+
+// Getting day of week
+const int dow = d2.getWeekDay();  // 'dow' should be datetime::SATURDAY
+\end{lstlisting}
+
+\subsection{Media type} % ----------------------------------------------------
+
+In MIME, the nature of the data contained in parts is identified using a
+media type. A general type (eg. \emph{image}) and a sub-type (eg. \emph{jpeg})
+are put together to form a media type (eg. \emph{image/jpeg}). This is also
+called the MIME type.
+
+There are a lot of media types officially registered, and vendor-specific
+types are possible (they start with ``x-'', eg.
+\emph{application/x-zip-compressed}).
+
+In VMime, the object {\vcode vmime::mediaType} represents a media type. There
+are also some constants for top-level types and sub-types in the
+{\vcode vmime::mediaTypes} namespace. For example, you can instanciate a new
+media type with:
+
+\begin{lstlisting}
+vmime::mediaType theType(
+   /* top-level type */ vmime::mediaTypes::IMAGE,
+   /* sub-type */       vmime::mediaTypes::IMAGE_JPEG
+);
+
+// theType.getType() is "image"
+// theType.getSubType() is "jpeg"
+// theType.generate() returns "image/jpeg"
+\end{lstlisting}
+
+For more information about media types, see
+RFC-2046\footnote{http://www.faqs.org/rfcs/rfc2046.html}.
+
+\subsection{Mailbox and mailbox groups} % ------------------------------------
+
+VMime provides several objects for working with mailboxes and addresses.
+
+The {\vcode vmime::address} class is an abstract type for representing an
+address: it can be either a mailbox (type {\vcode vmime::mailbox}) or a
+mailbox group (type {\vcode vmime::mailboxGroup}). A mailbox is composed of
+an email address (mandatory) and possibly a name. A mailbox group is simply
+a named list of mailboxes (see Figure \ref{uml_addr_mbox_mboxgroup}).
+
+\begin{lstlisting}[caption={Using mailboxes and mailbox groups}]
+vmime::shared_ptr <vmime::mailbox> mbox1 = vmime::make_shared <vmime::mailbox>
+    (/* name */ vmime::text("John Doe"), /* email */ "john.doe@acme.com");
+vmime::shared_ptr <vmime::mailbox> mbox2 = vmime::make_shared <vmime::mailbox>
+    (/* no name, email only */ "bill@acme.com");
+
+vmime::shared_ptr <vmime::mailboxGroup> grp = vmime::make_shared <vmime::mailboxGroup>();
+grp->appendMailbox(mbox1);
+grp->appendMailbox(mbox2);
+\end{lstlisting}
+
+\begin{figure}[ht!]
+	\center\includegraphics[width=0.7\textwidth]
+		{images/address-mailbox-mailboxgroup.png}\endcenter
+	\caption{Diagram for address-related classes}
+	\label{uml_addr_mbox_mboxgroup}
+\end{figure}
+
+
+% ============================================================================
+\section{Message, body parts and header}
+
+\subsection{Introduction to MIME messages} % ---------------------------------
+
+A MIME message is a recursive structure in which each part can contains one
+or more parts (or \emph{entities}). Each part is composed of a header and
+a body (actual contents). Figure \ref{uml_msg_body_header} shows how this
+model is implemented in VMime, and all classes that take part in it.
+
+\begin{figure}
+	\center\includegraphics[width=1.0\textwidth]
+		{images/message-body-header.png}\endcenter
+	\caption{Overall structure of MIME messages}
+	\label{uml_msg_body_header}
+\end{figure}
+
+
+\subsection{Header and header fields} % --------------------------------------
+
+\subsubsection{Standard header fields} % .....................................
+
+Header fields carry information about a message (or a part) and its contents.
+Each header field has a name and a value. All types that can be used as a
+field value inherit from the {\vcode headerFieldValue} class.
+
+You cannot instanciate header fields directly using their constructor.
+Instead, you should use the {\vcode headerFieldFactory} object. This ensures
+the right field type and value type is used for the specified field name.
+For more information about how to use header fields and the factory, see
+section \ref{msg-building-simple-message}.
+
+Some standard fields are officially registered and have their value type
+specified in a RFC. Table \ref{standard-fields} lists all the fields
+registered by default in VMime and the value type they contains.
+
+By default, all unregistered fields have a value of type {\vcode text}.
+
+\begin{table}[!ht]
+\begin{center}
+\noindent\begin{tabularx}{0.85\textwidth}{|X|X|}
+\hline
+	{\bf Field Name} &
+	{\bf Value Type} \\
+\hline
+\hline
+From & mailbox \\
+To & addressList \\
+Cc & addressList \\
+Bcc & addressList \\
+Sender & mailbox \\
+Date & datetime \\
+Received & relay \\
+Subject & text \\
+Reply-To & mailbox \\
+Delivered-To & mailbox \\
+Organization & text \\
+Return-Path & path \\
+Mime-Version & text \\
+Content-Type & mediaType \\
+Content-Transfer-Encoding & encoding \\
+Content-Description & text \\
+Content-Disposition & contentDisposition \\
+Content-Id & messageId \\
+Content-Location & text \\
+Message-Id & messageId \\
+In-Reply-To & messageIdSequence \\
+References & messageIdSequence \\
+Original-Message-Id & messageId \\
+Disposition & disposition \\
+Disposition-Notification-To & mailboxList \\
+\hline
+\end{tabularx}
+\end{center}
+\label{standard-fields}
+\caption{Standard fields and their types}
+\end{table}
+
+
+\subsubsection{Parameterized fields} % .......................................
+
+In addition to a value, some header fields can contain one or more
+\emph{name=value} couples which are called \emph{parameters}. For example,
+this is used in the \emph{Content-Type} field to give more information about
+the content:
+
+\begin{verbatim}
+   Content-Type: text/plain; charset="utf-8"
+\end{verbatim}
+
+Fields that support parameters inherit from the
+{\vcode parameterizedHeaderField} class which provides methods to deal with
+these parameters: {\vcode appendParameter()}, {\vcode getParameterAt()}...
+
+A parameter is identified by a name (eg. \emph{charset}) and associated to
+a value of type {\vcode vmime::text}. Parameters provide helper functions to
+convert automatically from basic types to text, and \emph{vice versa}. The
+following example illustrates it:
+
+\begin{lstlisting}[caption={Getting and setting parameter value in fields}]
+vmime::shared_ptr <vmime::parameterizedField> field =
+   header->findField <vmime::parameterizedField>("X-Field-That-Contains-Parameters");
+
+// Use setValue() to convert from a basic type to 'text'
+vmime::shared_ptr <vmime::parameter> prm = field->getParameter("my-date-param");
+prm->setValue(vmime::datetime::now());
+
+// Use getValueAs() to convert from 'text' to a basic type
+prm = field->getParameter("my-charset-param");
+const vmime::charset ch = prm->getValueAs <vmime::charset>();
+\end{lstlisting}
+
+Some fields provide easy access to their standard parameters (see
+Table \ref{standard-prm-fields}). This avoids finding the parameter and
+\emph{dynamic-casting} its value to the right type. The following code
+illustrates how to use it:
+
+\begin{lstlisting}
+vmime::shared_ptr <vmime::contentTypeField> field =
+   header->getField <vmime::contentTypeField>(vmime::fields::CONTENT_TYPE);
+
+// 1. First solution: the "hard" way
+vmime::shared_ptr <vmime::parameter> prm = field->findParameter("charset");
+const charset ch1 = prm->getValueAs <vmime::charset>();
+
+// 2. Second solution: the simple way
+const charset ch2 = field->getCharset();
+\end{lstlisting}
+
+\vnote{In both cases, an exception {\vcode no\_such\_parameter} can be
+thrown if the parameter does not exist, so be sure to catch it.}
+
+\begin{table}[ht!]
+\begin{center}
+\noindent\begin{tabularx}{0.85\textwidth}{|l|l|X|}
+\hline
+	{\bf Field Name} &
+	{\bf Field Type} &
+	{\bf Parameters} \\
+\hline
+\hline
+Content-Type & contentTypeField & boundary, charset, report-type  \\
+\hline
+Content-Disposition & contentDispositionField & creation-date,
+modification-date, read-date, filename, size \\
+\hline
+\end{tabularx}
+\end{center}
+\label{standard-prm-fields}
+\caption{Standard parameterized fields}
+\end{table}
+
+
+
+% ============================================================================
+\section{Streams}
+
+\subsection{Streams and stream adapters} % -----------------------------------
+
+Streams permit reading or writing data whatever the underlying system is:
+a file on a hard disk, a socket connected to a remote service...
+
+There are two types of streams: input streams (from which you can read data)
+and output streams (in which you can write data). Some adapters are provided
+for compatibility and convenience, for example:
+
+\begin{itemize}
+\item {\vcode inputStreamAdapter} and {\vcode outputStreamAdapter}: allow
+to use standard C++ iostreams with VMime;
+\item {\vcode inputStreamStringAdapter} and
+{\vcode outputStreamStringAdapter}: use a {\vcode vmime::string} object to
+read/write data.
+\end{itemize}
+
+The following example shows two ways of writing the current date to the
+standard output, using stream adapters:
+
+\begin{lstlisting}[caption={Using stream adapters}]
+// Get current date and time
+const vmime::datetime date = vmime::datetime::now();
+
+// 1. Using outputStreamAdapter
+vmime::utility::outputStreamAdapter out(std::cout);
+
+std::cout << "Current date is: ";
+date.generate(out);
+std::cout << std::endl;
+
+// 2. Using outputStreamStringAdapter
+vmime::string dateStr;
+vmime::utility::outputStreamStringAdapter outStr(dateStr);
+
+date.generate(outStr);
+
+std::cout << "Current date is: " << dateStr << std::endl;
+\end{lstlisting}
+
+
+\subsection{Stream filters} % ------------------------------------------------
+
+Input and output streams can be filtered to perform inline conversions (for
+example, there is a filter to convert ``{\textbackslash}r{\textbackslash}n''
+sequences to ``{\textbackslash}n''). They inherit from
+{\vcode vmime::utility::filteredInputStream} or
+{\vcode vmime::utility::filteredOutputStream} and are used like adapters (some
+filters also accept parameters; read the documentation).
+
+The most useful filter in VMime (and probably the only one you will need) is
+the {\vcode charsetFilteredOutputStream}, which performs inline conversion
+of charsets. See \ref{section_charsets} to know how to use it.
+
+\vnote{After you have finished to use a filtered output stream, it is
+important to call {\vcode flush()} on it to flush the internal buffer.
+If {\vcode flush()} is not called, not all data may be written to the
+underlying stream.}
+
+
+% ============================================================================
+\section{Content handlers}
+
+\subsection{Introduction} % --------------------------------------------------
+
+Content handlers are an abstraction for data sources. They are currently used
+when some data need to be stored for later use (eg. body part contents,
+attachment data, ...). Data can be stored encoded or unencoded (for more
+information about encodings, see \ref{section_encodings}).
+
+\subsection{Extracting data from content handlers} % -------------------------
+
+You can extract data in a content handler using the {\vcode extract()} method
+(which automatically decodes data if encoded) or {\vcode extractRaw()} (which
+extracts data without perfoming any decoding).
+
+The following example shows how to extract the body text from a message, and
+writing it to the standard output with charset conversion:
+
+\begin{lstlisting}[caption={Using content handlers to extract body text from
+a message}]
+// Suppose we already have a message
+vmime::shared_ptr <vmime::message> msg;
+
+// Obtains a reference to the body contents
+vmime::shared_ptr <vmime::body> body = msg->getBody();
+vmime::shared_ptr <vmime::contentHandler> cts = body->getContents();
+
+vmime::utility::outputStreamAdapter out(std::cout);
+cts->extract(out);
+\end{lstlisting}
+
+\vnote{The body contents is extracted ``as is''. No charset conversion is
+performed. See \ref{section_charsets} to know more about conversion between
+charsets.}
+
+
+\subsection{Creating content handlers} % -------------------------------------
+
+When you are building a message, you may need to instanciate content handlers
+if you want to set the contents of a body part. The following code snippet
+shows how to set the body text of a part from a string:
+
+\begin{lstlisting}[caption={Setting the contents of a body part}]
+vmime::shared_ptr <vmime::bodyPart> part;  // suppose we have a body part
+
+// Create a new content handler from a string
+vmime::shared_ptr <vmime::contentHandler> cth =
+   vmime::make_shared <vmime::stringContentHandler>("Put body contents here");
+
+// Set the contents
+part->getBody()->setContents(cth);
+\end{lstlisting}
+
+Content handlers are also used when creating attachments. The following
+example illustrates how to create an attachment from a file:
+
+\begin{lstlisting}[caption={Creating an attachment from a file}]
+// Create a stream from a file
+std::ifstream* fileStream = new std::ifstream();
+
+fileStream->open("/home/vincent/paris.jpg", std::ios::binary);
+
+if (!*fileStream) {
+   // handle error
+}
+
+vmime::shared_ptr <utility::stream> dataStream =
+   vmime::make_shared <vmime::utility::inputStreamPointerAdapter>(fileStream);
+
+   // NOTE: 'fileStream' will be automatically deleted
+   // when 'dataStream' is deleted
+
+// Create a new content handler
+vmime::shared_ptr <contentHandler> data =
+   vmime::make_shared <vmime::streamContentHandler>(dataStream, 0);
+
+// Now create the attachment
+ref <vmime::attachment> att = vmime::make_shared <vmime::defaultAttachment>(
+   /* attachment data */ data,
+   /* content type */    vmime::mediaType("image/jpeg"),
+   /* description */     vmime::text("Holiday photo"),
+   /* filename */        vmime::word("paris.jpg")
+);
+\end{lstlisting}
+
+You will see later that the {\vcode vmime::fileAttachment} class already
+encapsulates all the mechanics to create an attachment from a file.
+
+
+% ============================================================================
+\section{Character sets, charsets and conversions\label{section_charsets}}
+
+Quoting from RFC-2278: \emph{`` The term 'charset' is used to refer to a
+method of converting a sequence of octets into a sequence of characters.''}
+
+With the {\vcode vmime::charset} object, VMime supports conversion between
+charsets using the {\em iconv} library, which is available on almost all
+existing platforms. See {\vcode vmime::charset} and
+{\vcode vmime::charsetConverter} in the class documentation to know more
+about charset conversion.
+
+The following example shows how to convert data in one charset to another
+charset. The data is extracted from the body of a message and converted
+to UTF-8 charset:
+
+\begin{lstlisting}[caption={Extracting and converting body contents to a
+specified charset}]
+vmime::shared_ptr <vmime::message> msg;  // we have a message
+
+// Obtain the content handler first
+vmime::shared_ptr <vmime::body> body = msg->getBody();
+vmime::shared_ptr <const vmime::contentHandler> cth = body->getContents();
+
+// Then, extract and convert the contents
+vmime::utility::outputStreamAdapter out(std::cout);
+vmime::utility::charsetFilteredOutputStream fout(
+    /* source charset */ body->getCharset(),
+    /* dest charset */   vmime::charset("utf-8"),
+    /* dest stream */    out
+);
+
+cth->extract(fout);
+
+fout.flush();  // Very important!
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Non-ASCII text in header fields}
+
+MIME standard defines methods\footnote{See RFC-2047: Message Header Extensions
+for Non-ASCII Text} for dealing with data which is not 7-bit only (ie. the
+ASCII character set), in particular in header fields. For example, the field
+``Subject:'' use this data type.
+
+VMime is fully compatible with RFC-2047 and provides two objects for
+manipulating 8-bit data: {\vcode vmime::text} and {\vcode vmime::word}. A word
+represents textual information encoded in a specified charset. A text is
+composed of one or more words.
+
+RFC-2047 describes the process of encoding 8-bit data into a 7-bit form;
+basically, it relies on Base64 and Quoted-Printable encoding. Hopefully, all
+the encoding/decoding process is done internally by VMime, so creating text
+objects is fairly simple:
+
+\begin{lstlisting}[caption={Creating \vcode{vmime::text} objects}]
+vmime::string inText = "Linux dans un téléphone mobile";
+vmime::charset inCharset = "utf-8";
+
+vmime::text outText;
+outText.createFromString(inText, inCharset);
+
+// 'outText' now contains 3 words:
+//    . <us-ascii>   "Linux dans un "
+//    . <utf-8>      "téléphone "
+//    . <us-ascii>   "mobile"
+
+vmime::shared_ptr <vmime::header> header = myMessage->getHeader();
+header->Subject()->setValue(outText);
+\end{lstlisting}
+
+In general, you will not need to decode RFC-2047-encoded data as the process
+is totally transparent in VMime. If you really have to, you can use the
+{\vcode vmime::text::decodeAndUnfold()} static method to create a text object
+from encoded data.
+
+For example, say you have the following encoded data:
+
+\begin{verbatim}
+   Linux dans un =?UTF-8?B?dMOpbMOpcGhvbmUgbW9iaWxl?=
+\end{verbatim}
+
+You can simply decode it using the following code:
+
+\begin{lstlisting}[caption={Decoding RFC-2047-encoded data}]
+vmime::string inData =
+    "Linux dans un =?UTF-8?B?dMOpbMOpcGhvbmUgbW9iaWxl?=";
+
+vmime::text outText;
+vmime::text::decodeAndUnfold(inData, &outText);
+\end{lstlisting}
+
+{\vcode vmime::text} also provides a function to convert all the words to
+another charset in a single call. The following example shows how to convert
+text stored in the Subject field of a message:
+
+\begin{lstlisting}[caption={Converting data in a {\vcode vmime::text} to a
+specified charset}]
+vmime::shared_ptr <vmime::message> msg;  // we have a message
+
+vmime::text subject = msg->getHeader()->Subject()->getValue();
+
+const vmime::string subjectText =
+   subject.getConvertedText(vmime::charset("utf-8"));
+
+// 'subjectText' now contains the subject in UTF-8 encoding
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Encodings\label{section_encodings}}
+
+\subsection{Introduction} % --------------------------------------------------
+
+The MIME standard defines a certain number of encodings to allow data
+to be safely transmitted from one peer to another. VMime provides
+data encoding and decoding using the {\vcode vmime::utility::encoder::encoder} object.
+
+You should not need to use encoders directly, as all encoding/decoding
+process is handled internally by the library, but it is good to know
+they exist and how they work.
+
+\subsection{Using encoders} % ------------------------------------------------
+
+You can create an instance of an encoder using the 'vmime::utility::encoder::encoderFactory'
+object, giving the encoding name ({\it base64}, {\it quoted-printable}, ...).
+The following example creates an instance of the Base64 encoder to encode
+some data:
+
+\begin{lstlisting}[caption={A simple example of using an encoder}]
+vmime::shared_ptr <vmime::utility::encoder::encoder> enc =
+    vmime::utility::encoder::encoderFactory::getInstance()->create("base64");
+
+vmime::string inString("Some data to encode");
+vmime::utility::inputStreamStringAdapter in(inString);
+
+vmime::string outString;
+vmime::utility::outputStreamStringAdapter out(outString);
+
+enc->encode(in, out);
+
+std::cout << "Encoded data is:"  << outString << std::endl;
+\end{lstlisting}
+
+\subsection{Enumerating available encoders} % --------------------------------
+
+The behaviour of the encoders can be configured using properties. However,
+not all encoders support properties. The following example\footnote{This is
+an excerpt from {\vexample example6}} enumerates available encoders and the
+supported properties for each of them:
+
+\begin{lstlisting}[caption={Enumerating encoders and their properties}]
+vmime::shared_ptr <vmime::utility::encoder::encoderFactory> ef =
+   vmime::utility::encoder::encoderFactory::getInstance();
+
+std::cout << "Available encoders:" << std::endl;
+
+for (int i = 0 ; i < ef->getEncoderCount() ; ++i) {
+
+   // Output encoder name
+   vmime::shared_ptr <const vmime::utility::encoder::encoderFactory::registeredEncoder>
+      enc = ef->getEncoderAt(i);
+
+   std::cout << "  * " << enc->getName() << std::endl;
+
+   // Create an instance of the encoder to get its properties
+   vmime::shared_ptr <vmime::utility::encoder::encoder> e = enc->create();
+
+   std::vector <vmime::string> props = e->getAvailableProperties();
+   std::vector <vmime::string>::const_iterator it;
+
+   for (it = props.begin() ; it != props.end() ; ++it) {
+      std::cout << "      - " << *it << std::endl;
+   }
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Progress listeners}
+
+Progress listeners are used with objects that can notify you about the state
+of progress when they are performing an operation.
+
+The {\vcode vmime::utility::progressListener} interface is rather simple:
+
+\begin{lstlisting}
+void start(const int predictedTotal);
+void progress(const int current, const int currentTotal);
+void stop(const int total);
+\end{lstlisting}
+
+{\vcode start()} and {\vcode stop()} are called at the beginning and the end
+of the operation, respectively. {\vcode progress()} is called each time the
+status of progress changes (eg. a chunk of data has been processed). There is
+no unit specified for the values passed in argument. It depends on the
+notifier: it can be bytes, percent, number of messages...
diff --git a/vmime-master/doc/book/book.tex b/vmime-master/doc/book/book.tex
new file mode 100644
index 0000000..4db213a
--- /dev/null
+++ b/vmime-master/doc/book/book.tex
@@ -0,0 +1,118 @@
+\documentclass[11pt]{report}
+
+\title{{\Huge VMime Book} \\ \ \\ A Developer's Guide To VMime}
+\author{Vincent Richard \\ vincent@vmime.org}
+
+\usepackage{graphicx}
+\usepackage{tabularx}
+\usepackage{array}
+\usepackage{listings}
+\usepackage[usenames]{color}
+\usepackage{ucs}
+\usepackage[utf8x]{inputenc}
+\usepackage[vcentering,dvips]{geometry}
+%\usepackage{type1cm}  % scalable Computer Modern fonts
+\usepackage{courier}  % use Adobe Courier instead of Computer Modern Typewriter
+\usepackage{fancyheadings}
+\usepackage{hyperref}
+\usepackage{verbatim}
+\usepackage{footmisc}
+
+
+\setcounter{secnumdepth}{10}
+\setcounter{tocdepth}{10}
+
+\def\vcode{\tt}
+\def\vnull{{\tt NULL}}
+\newcommand{\vnote}[1]{{\sc note:} #1}
+\def\vexample{\tt\sc}
+\newcommand{\verti}[1]{\rotatebox{90}{#1\ }}  % vertical text
+\def\vdot{$\bullet$}
+
+\sloppy  % Disable "overfull \hbox..." warnings
+
+\newcommand{\Chapter}[1]{\chapter{#1} \setcounter{figure}{1}}
+
+% 'listings' configuration
+\definecolor{listingFrame}{rgb}{0.9,0.9,0.9}
+\lstset{language=C++,showstringspaces=false}
+\lstset{keywordstyle=\bf,commentstyle=\it}
+\lstset{captionpos=b,extendedchars=true,inputencoding=latin1}
+\lstset{fontadjust=true,basewidth={0.5em,0.4em},columns=fixed,flexiblecolumns=false}
+\lstset{frame=leftline,framerule=0.1cm,framesep=0.3cm,rulecolor=\color{listingFrame}}
+\lstset{abovecaptionskip=0.5cm,xleftmargin=1.1cm,aboveskip=0.5cm,belowskip=0.2cm}
+
+% 'hyperref' configuration
+\hypersetup{
+   backref=true,pagebackref=true,hyperindex=rue,colorlinks=true,
+   breaklinks=true,urlcolor=blue,linkcolor=black,bookmarks=true,bookmarksopen=true
+}
+
+% HTML output configuration
+%HEVEA\renewcommand{\includegraphics}[2][]{\imgsrc{#2}}
+%HEVEA\renewcommand{\verti}[1]{#1}
+%HEVEA\def\vdot{\bullet}
+%HEVEA\newcommand{\linespread}{}
+%HEVEA\newcommand{\clubpenalty}{}
+%HEVEA\newcommand{\widowpenalty}{}
+%HEVEA\newcommand{\geometry}{}
+
+
+% Page layout
+\geometry{papersize={210mm,297mm},total={160mm,230mm}}
+
+% Text layout
+\setlength{\skip\footins}{1cm}  % margin between text and footnotes
+\clubpenalty=1000
+\addtolength{\parskip}{+0.3cm}
+\linespread{1.05}
+\widowpenalty=1000
+
+
+\begin{document}
+
+% Title page
+\maketitle
+\newpage
+
+% Table of contents
+\tableofcontents
+\newpage
+
+% Chapters
+\include{intro}
+\include{building}
+\include{start}
+\include{basics}
+\include{msg}
+\include{net}
+
+\thispagestyle{empty}
+\ \newpage
+
+
+%HEVEA\begin{comment}
+
+% List of listings
+\lstlistoflistings
+\addcontentsline{toc}{chapter}{Listings}
+
+% List of figures
+\listoffigures
+\addcontentsline{toc}{chapter}{List of figures}
+
+% List of table
+\listoftables
+\addcontentsline{toc}{chapter}{List of tables}
+
+%HEVEA\end{comment}
+
+
+% Appendixes
+\appendix
+
+\chapter{The GNU General Public License\label{appendix_license}}
+\verbatiminput{../../COPYING}
+
+\end{document}
+
diff --git a/vmime-master/doc/book/building.tex b/vmime-master/doc/book/building.tex
new file mode 100644
index 0000000..9feeedc
--- /dev/null
+++ b/vmime-master/doc/book/building.tex
@@ -0,0 +1,175 @@
+\label{chapter_building}
+\chapter{Building and Installing VMime}
+
+% ============================================================================
+\section{Introduction}
+
+If no pre-build packages of VMime is available for your system, or if for some
+reason you want to compile it yourself from scratch, this section will guide
+you through the process.
+
+% ============================================================================
+\section{What you need}
+
+To build VMime from the sources, you will need the following:
+
+\begin{itemize}
+\item a working C++ compiler with good STL implementation and also a good
+support for templates (for example, \href{http://gcc.gnu.org/}{GNU GCC}) ;
+\item \href{http://www.cmake.org/}{CMake} build system ;
+\item either \href{http://www.icu-project.org}{ICU library} or an usable
+{\vcode iconv()} implementation (see
+\href{http://www.gnu.org/software/libiconv/}{libiconv of GNU Project}) ;
+\item the \href{http://www.gnu.org/software/gsasl/}{GNU SASL Library} if you
+want SASL\footnote{Simple Authentication and Security Layer} support ;
+\item either the \href{http://www.openssl.org}{OpenSSL library} or the
+\href{http://www.gnu.org/software/gnutls/}{GNU TLS Library} if you
+want SSL and TLS\footnote{Transport Layer Security} support ;
+\end{itemize}
+
+% ============================================================================
+\section{Obtaining source files}
+
+You can download a package containing the source files of the latest release
+of the VMime library from the \href{http://www.vmime.org/}{VMime web site}.
+
+You can also obtain the current development version from the Git repository,
+which is currently hosted at GitHub. It can be checked out through anonymous
+access with the following instruction:
+
+\begin{verbatim}
+   git clone git://github.com/kisli/vmime
+\end{verbatim}
+
+% ============================================================================
+\section{Compiling and installing}
+
+VMime relies on CMake for building. CMake is an open source, cross-platform
+build system. It will generate all build scripts required to compile VMime on
+your platform.
+
+First, extract the tarball or checkout the VMime source code into a directory
+somewhere on your system, let's call it {\vcode /path/to/vmime-source}. Then,
+create a build directory, which will contain all intermediate build files and
+the final libraries, let's call it {\vcode /path/to/vmime-build}.
+
+From the build directory, run {\vcode cmake} with the {\vcode -G} argument
+corresponding to your platform/choice. For example, if you are on a
+Unix-compatible platform (like GNU/Linux or MacOS) and want to use the
+{\vcode make} utility for building, type:
+
+\begin{verbatim}
+   $ cd /path/to/vmime-build
+   $ cmake -G "Unix Makefiles" /path/to/vmime-source
+\end{verbatim}
+
+CMake will perform some tests on your system to check for libs installed
+and some platform-specific includes, and create all files needed for
+compiling the project. Additionally, a {\vcode src/vmime/config.hpp} file
+with the parameters detected for your system will be created.
+
+Next, you can start the compilation process:
+
+\begin{verbatim}
+   $ cmake --build .
+\end{verbatim}
+
+Please wait a few minutes while the compilation runs (you should have some
+time to have a coffee right now!). If you get errors during the compilation,
+be sure your system meet the requirements given at the beginning of the
+chapter. You can also try to get a newer version (from the Git repository, for
+example) or to get some help on VMime user forums.
+
+If everything compiled successfully, you can install the library and
+the development files on your system:
+
+\begin{verbatim}
+   # make install
+\end{verbatim}
+
+\vnote{you must do that with superuser rights (root) if you chose to install
+the library into the default location (ie: /usr/lib and /usr/include).}
+
+Now, you are done! You can jump to the next chapter to know how to use VMime
+in your program...
+
+
+% ============================================================================
+\section{\label{custom-build}Customizing build}
+
+You should not modify the {\vcode config.hpp} file directly. Instead, you
+should run {\vcode cmake} again, and specify your build options on the command
+line. For example, to force using OpenSSL library instead of GnuTLS for TLS
+support, type:
+
+\begin{verbatim}
+   $ cmake -G "Unix Makefiles" -DVMIME_TLS_SUPPORT_LIB=openssl
+\end{verbatim}
+
+If you want to enable or disable some features in VMime, you can obtain some
+help by typing {\vcode cmake -L}. The defaults should be OK though. For a
+complate list of build options, you can also refer to section
+\ref{build-options}, page \pageref{build-options}. For more information about
+using CMake, go to \href{http://www.cmake.org/}{the CMake web site}.
+
+\vnote{Delete the {\vcode CMakeCache.txt} file if you changed configuration
+or if something changed on your system, as CMake may cache some values to
+speed things up.}
+
+You can also use another build backend, like
+Ninja\footnote{\url{https://ninja-build.org/}}, if you have it on your system:
+
+\begin{verbatim}
+   $ cd /path/to/vmime-build
+   $ cmake -G Ninja /path/to/vmime-source
+   $ ninja
+   # ninja install
+\end{verbatim}
+
+To install VMime in a directory different from the default directory
+({\vcode /usr} on GNU/Linux systems), set the
+{\vcode CMAKE\_INSTALL\_PREFIX} option:
+
+\begin{verbatim}
+   $ cmake -DCMAKE_INSTALL_PREFIX=/opt/ ...
+\end{verbatim}
+
+
+% ============================================================================
+\section{\label{build-options}Build options}
+
+Some options can be given to CMake to control the build:
+
+\begin{table}[!ht]
+\noindent\begin{tabularx}{1.0\textwidth}{|l|X|}
+\hline
+	{\bf Option name} &
+	{\bf Description} \\
+\hline
+\hline
+VMIME\_BUILD\_SHARED\_LIBRARY &
+Set to ON to build a shared version (.so) of the library (default is ON). \\
+\hline
+VMIME\_BUILD\_STATIC\_LIBRARY &
+Set to ON to build a static version (.a) of the library (default is ON). \\
+\hline
+VMIME\_BUILD\_TESTS &
+Set to ON to build unit tests (default is OFF). \\
+\hline
+VMIME\_TLS\_SUPPORT\_LIB &
+Set to either "openssl" or "gnutls" to force using either OpenSSL or GNU TLS
+for SSL/TLS support (default depends on which libraries are available on
+your system). \\
+\hline
+VMIME\_CHARSETCONV\_LIB &
+Set to either "iconv", "icu" or "win" (Windows only) to force using iconv, ICU
+or Windows built-in API for converting between charsets (default value depends
+on which libraries are available on your system). \\
+\hline
+CMAKE\_BUILD\_TYPE &
+Set the build type: either "Release" or "Debug". In Debug build, optimizations
+are disabled and debugging information are enabled. \\
+\hline
+\end{tabularx}
+\caption{CMake build options}
+\end{table}
diff --git a/vmime-master/doc/book/images/address-mailbox-mailboxgroup.svg b/vmime-master/doc/book/images/address-mailbox-mailboxgroup.svg
new file mode 100644
index 0000000..a7752d4
--- /dev/null
+++ b/vmime-master/doc/book/images/address-mailbox-mailboxgroup.svg
@@ -0,0 +1,355 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://inkscape.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="453.27998pt"
+   height="307.89001pt"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.42.2"
+   sodipodi:docbase="/home/vincent/projects/vmime/doc/book/images"
+   sodipodi:docname="address-mailbox-mailboxgroup.svg"
+   inkscape:export-xdpi="73.779999"
+   inkscape:export-ydpi="73.779999">
+  <defs
+     id="defs3">
+    <marker
+       inkscape:stockid="Torso"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Torso"
+       style="overflow:visible">
+      <g
+         id="g2045"
+         transform="scale(0.7)">
+        <path
+           sodipodi:nodetypes="ccccc"
+           id="path1128"
+           d="M -4.7792281,-3.2395420 C -2.4288541,-2.8736027 0.52103922,-1.3019943 0.25792722,0.38794346 C -0.0051877922,2.0778819 -2.2126741,2.6176539 -4.5630471,2.2517169 C -6.9134221,1.8857769 -8.5210350,0.75201414 -8.2579220,-0.93792336 C -7.9948090,-2.6278615 -7.1296041,-3.6054813 -4.7792281,-3.2395420 z "
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;marker-start:none;marker-mid:none;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1909"
+           d="M 4.4598789,0.088665736 C -2.5564571,-4.3783320 5.2248769,-3.9061806 -0.84829578,-8.7197331"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1910"
+           d="M 4.9298719,0.057520736 C -1.3872731,1.7494689 1.8027579,5.4782079 -4.9448731,7.5462725"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none" />
+        <rect
+           transform="matrix(0.527536,-0.849533,0.887668,0.460484,0.000000,0.000000)"
+           y="-1.7408575"
+           x="-10.391706"
+           height="2.7608147"
+           width="2.6366582"
+           id="rect2035"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <rect
+           transform="matrix(0.671205,-0.741272,0.790802,0.612072,0.000000,0.000000)"
+           y="-7.9629307"
+           x="4.9587269"
+           height="2.8614161"
+           width="2.7327356"
+           id="rect2036"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,25.96648,19.71619)"
+           d="M 16.779951 -28.685045 A 0.60731727 0.60731727 0 1 0 15.565317,-28.685045 A 0.60731727 0.60731727 0 1 0 16.779951 -28.685045 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2037"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,26.82450,16.99126)"
+           d="M 16.779951 -28.685045 A 0.60731727 0.60731727 0 1 0 15.565317,-28.685045 A 0.60731727 0.60731727 0 1 0 16.779951 -28.685045 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2038"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+      </g>
+    </marker>
+    <marker
+       inkscape:stockid="TriangleOutL"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="TriangleOutL"
+       style="overflow:visible">
+      <path
+         sodipodi:nodetypes="cccc"
+         id="path5324"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none"
+         transform="scale(0.8)" />
+    </marker>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="1.0000000"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1.0000000"
+     inkscape:cx="248.49444"
+     inkscape:cy="298.91345"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="1150"
+     inkscape:window-height="986"
+     inkscape:window-x="0"
+     inkscape:window-y="30"
+     fill="#ff0000"
+     inkscape:showpageshadow="true"
+     showguides="true"
+     showgrid="false"
+     inkscape:grid-bbox="false"
+     inkscape:grid-points="false" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/GPL/2.0/" />
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/GPL/2.0/">
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/Reproduction" />
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/Distribution" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/Notice" />
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/ShareAlike" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/SourceCode" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <path
+     id="path5442"
+     d="M 303.65293,104.37647 L 303.65293,173.68448"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5440"
+     d="M 462.39333,172.39335 L 462.39333,240.10630"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5438"
+     d="M 139.24323,172.39335 L 139.24323,240.10630"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:none;stroke-opacity:1.0000000"
+       d="M 257.32713,293.92642 L 392.05898,293.92642"
+       id="path2543" />
+    <rect
+       style="fill:#e0f5cc;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dasharray:none;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect1291"
+       width="132.69368"
+       height="105.95705"
+       x="237.85556"
+       y="13.003311" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="245.51651"
+       y="55.887268"
+       id="text1293"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2242"
+         x="245.51651"
+         y="55.887268">isEmpty() : bool</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2244"
+         x="245.51651"
+         y="70.887268">isGroup() : bool</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="279.65814"
+       y="29.038483"
+       id="text2347"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2222"
+         x="279.65814"
+         y="29.038483">address</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:none;stroke-opacity:1.0000000"
+       d="M 238.27499,37.373470 L 370.37704,37.373470"
+       id="path2351" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.0000000;stroke-miterlimit:4.0000000;stroke-dasharray:none;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2433"
+       width="242.87289"
+       height="157.12062"
+       x="17.947495"
+       y="215.62213" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="24.265694"
+       y="258.30316"
+       id="text2435"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan2315"
+         x="24.265694"
+         y="258.30316">getName() : string</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2317"
+         x="24.265694"
+         y="273.30316">setName(n : string) : void</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2319"
+         x="24.265694"
+         y="288.30316">appendMailbox(m : ref &lt;mailbox&gt;)</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2321"
+         x="24.265694"
+         y="303.30316">getMailboxCount() : int</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2323"
+         x="24.265694"
+         y="318.30316">getMailboxAt(i : int) : ref &lt;mailbox&gt;</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2325"
+         x="24.265694"
+         y="333.30316">...</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="91.950951"
+       y="231.45441"
+       id="text2439"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2246"
+         x="91.950951"
+         y="231.45441">mailboxGroup</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:none;stroke-opacity:1.0000000"
+       d="M 19.330207,239.78939 L 260.20091,239.78939"
+       id="path2443" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2447"
+       width="174.79645"
+       height="124.30678"
+       x="373.27942"
+       y="215.33472" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="380.74768"
+       y="258.15143"
+       id="text2449"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2286"
+         x="380.74768"
+         y="258.15143">getName() : text</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2288"
+         x="380.74768"
+         y="273.15143">setName(n : text) : void</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2290"
+         x="380.74768"
+         y="288.15143">getEmail() : string</tspan><tspan
+         sodipodi:role="line"
+         id="tspan2292"
+         x="380.74768"
+         y="303.15143">setEmail(e : string) : void</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="434.7478"
+       y="231.30267"
+       id="text2453"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2276"
+         x="434.74780"
+         y="231.30267">mailbox</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 373.64397,239.63760 L 547.69600,239.63760"
+       id="path2457" />
+    <rect
+       style="fill:#ffffff;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500457;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2541"
+       width="15.541327"
+       height="15.541327"
+       x="-23.443876"
+       y="392.33624"
+       transform="matrix(0.707107,-0.707107,0.707107,0.707107,0.000000,0.000000)" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="344.41357"
+       y="289.23822"
+       id="text2545"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5160"
+         sodipodi:role="line"
+         y="289.23822"
+         x="344.41357">0..n</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="293.07501"
+       y="312.23822"
+       id="text2549"
+       sodipodi:linespacing="125.00000%"><tspan
+         sodipodi:role="line"
+         id="tspan2294"
+         x="293.07501"
+         y="312.23822">mailboxes</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="289.07501"
+       y="289.23822"
+       id="text2553"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5158"
+         sodipodi:role="line"
+         y="289.23822"
+         x="289.07501">0</tspan></text>
+    <path
+       id="path2575"
+       d="M 290.22642,134.62157 L 318.11534,134.62157 L 303.70606,120.21230 L 290.22642,134.62157 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  </g>
+  <path
+     id="path5436"
+     d="M 139.78693,173.17443 L 461.72537,173.17443"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000;stroke-dasharray:none" />
+</svg>
diff --git a/vmime-master/doc/book/images/message-body-header.svg b/vmime-master/doc/book/images/message-body-header.svg
new file mode 100644
index 0000000..29923fa
--- /dev/null
+++ b/vmime-master/doc/book/images/message-body-header.svg
@@ -0,0 +1,716 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://inkscape.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="707.28000pt"
+   height="612.89000pt"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.42.2"
+   sodipodi:docbase="/home/vincent/projects/vmime/doc/book/images"
+   sodipodi:docname="message-body-header.svg"
+   inkscape:export-xdpi="73.779999"
+   inkscape:export-ydpi="73.779999">
+  <defs
+     id="defs3">
+    <marker
+       inkscape:stockid="Torso"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Torso"
+       style="overflow:visible">
+      <g
+         id="g2045"
+         transform="scale(0.7)">
+        <path
+           sodipodi:nodetypes="ccccc"
+           id="path1128"
+           d="M -4.7792281,-3.2395420 C -2.4288541,-2.8736027 0.52103922,-1.3019943 0.25792722,0.38794346 C -0.0051877922,2.0778819 -2.2126741,2.6176539 -4.5630471,2.2517169 C -6.9134221,1.8857769 -8.5210350,0.75201414 -8.2579220,-0.93792336 C -7.9948090,-2.6278615 -7.1296041,-3.6054813 -4.7792281,-3.2395420 z "
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;marker-start:none;marker-mid:none;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1909"
+           d="M 4.4598789,0.088665736 C -2.5564571,-4.3783320 5.2248769,-3.9061806 -0.84829578,-8.7197331"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1910"
+           d="M 4.9298719,0.057520736 C -1.3872731,1.7494689 1.8027579,5.4782079 -4.9448731,7.5462725"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none" />
+        <rect
+           transform="matrix(0.527536,-0.849533,0.887668,0.460484,0.000000,0.000000)"
+           y="-1.7408575"
+           x="-10.391706"
+           height="2.7608147"
+           width="2.6366582"
+           id="rect2035"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <rect
+           transform="matrix(0.671205,-0.741272,0.790802,0.612072,0.000000,0.000000)"
+           y="-7.9629307"
+           x="4.9587269"
+           height="2.8614161"
+           width="2.7327356"
+           id="rect2036"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,25.96648,19.71619)"
+           d="M 16.779951 -28.685045 A 0.60731727 0.60731727 0 1 0 15.565317,-28.685045 A 0.60731727 0.60731727 0 1 0 16.779951 -28.685045 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2037"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,26.82450,16.99126)"
+           d="M 16.779951 -28.685045 A 0.60731727 0.60731727 0 1 0 15.565317,-28.685045 A 0.60731727 0.60731727 0 1 0 16.779951 -28.685045 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2038"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+      </g>
+    </marker>
+    <marker
+       inkscape:stockid="TriangleOutL"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="TriangleOutL"
+       style="overflow:visible">
+      <path
+         sodipodi:nodetypes="cccc"
+         id="path5324"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none"
+         transform="scale(0.8)" />
+    </marker>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1.00000000"
+     inkscape:cx="394.46478"
+     inkscape:cy="380.70648"
+     inkscape:document-units="px"
+     inkscape:current-layer="svg2"
+     inkscape:window-width="1150"
+     inkscape:window-height="986"
+     inkscape:window-x="0"
+     inkscape:window-y="30" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/GPL/2.0/" />
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/GPL/2.0/">
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/Reproduction" />
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/Distribution" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/Notice" />
+        <cc:permits
+           rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/ShareAlike" />
+        <cc:requires
+           rdf:resource="http://web.resource.org/cc/SourceCode" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <path
+     id="path2407"
+     d="M 253.02743,136.68448 L 253.02743,67.376470"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5442"
+     d="M 635.99153,281.37647 L 635.99153,350.68448"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5440"
+     d="M 783.39333,349.39335 L 783.39333,417.10630"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5438"
+     d="M 446.06998,349.39335 L 446.06998,417.10630"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 16.987518,219.56412 L 153.50367,219.56412"
+       id="path2375" />
+    <path
+       id="path2345"
+       d="M 508.29892,263.82217 L 105.85472,471.31117"
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <path
+       id="path2347"
+       d="M 502.39025,252.30315 L 515.17042,277.09145 L 521.37461,257.68108 L 502.39025,252.30315 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <g
+       transform="matrix(1.828236e-17,1.000000,-1.000000,1.828236e-17,533.0981,623.6004)"
+       id="g2321">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+         d="M -100.36367,371.67294 L 26.017722,371.67294"
+         id="path2323" />
+      <g
+         id="g2325"
+         transform="translate(-113.9177,-82.19766)">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 140.20049,454.12696 L 129.75724,443.68372"
+           id="path2327" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+           d="M 139.84823,453.80527 L 129.66343,463.99007"
+           id="path2329" />
+      </g>
+    </g>
+    <path
+       id="path2241"
+       d="M 507.60723,180.01568 L 350.16119,180.01568"
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <rect
+       style="fill:#dcf5e6;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect1291"
+       width="236.14607"
+       height="157.54773"
+       x="522.13733"
+       y="126.86942" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="529.52441"
+       y="169.54865"
+       id="text1293"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan5228"
+         sodipodi:role="line"
+         y="169.54865"
+         x="529.52441">parse(buf : string) : void</tspan><tspan
+         id="tspan5230"
+         sodipodi:role="line"
+         y="183.94865"
+         x="529.52441">generate(out : outputStream) : void</tspan><tspan
+         id="tspan5232"
+         sodipodi:role="line"
+         y="198.34865"
+         x="529.52441" /><tspan
+         id="tspan5234"
+         sodipodi:role="line"
+         y="212.74865"
+         x="529.52441">clone() : ref &lt;component&gt;</tspan><tspan
+         id="tspan5236"
+         sodipodi:role="line"
+         y="227.14865"
+         x="529.52441">copyFrom(src : component) : void</tspan><tspan
+         id="tspan5238"
+         sodipodi:role="line"
+         y="241.54865"
+         x="529.52441">getChildComponents() : vector</tspan><tspan
+         id="tspan5240"
+         sodipodi:role="line"
+         y="255.94865"
+         x="529.52441">getParsedOffset() : int</tspan><tspan
+         id="tspan5242"
+         sodipodi:role="line"
+         y="270.34865"
+         x="529.52441">getParsedLength() : int</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="609.02057"
+       y="142.69992"
+       id="text2347"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5172"
+         sodipodi:role="line"
+         y="142.69992"
+         x="609.02057">component</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 522.50261,151.03487 L 758.16522,151.03487"
+       id="path2351" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2353"
+       width="218.71376"
+       height="151.16983"
+       x="145.51056"
+       y="133.04831" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="154.6483"
+       y="175.75391"
+       id="text2355"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan2349"
+         sodipodi:role="line"
+         y="175.75391"
+         x="154.64830">getBody() : ref &lt;body&gt;</tspan><tspan
+         id="tspan2351"
+         sodipodi:role="line"
+         y="190.15391"
+         x="154.64830">getHeader() : ref &lt;header&gt;</tspan><tspan
+         id="tspan2353"
+         sodipodi:role="line"
+         y="204.55391"
+         x="154.64830">getParentPart() : ref &lt;bodyPart&gt;</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="222.66418"
+       y="148.90518"
+       id="text2375"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5272"
+         sodipodi:role="line"
+         y="148.90518"
+         x="222.66418">bodyPart</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 145.87565,157.24013 L 363.84409,157.24013"
+       id="path2379" />
+    <g
+       transform="matrix(1.828236e-17,1.000000,-1.000000,1.828236e-17,548.9327,384.9312)"
+       id="g2247">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+         d="M -100.36367,371.67294 L 26.017722,371.67294"
+         id="path2387" />
+      <g
+         id="g2395"
+         transform="translate(-113.9177,-82.19766)">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 140.20049,454.12696 L 129.75724,443.68372"
+           id="path2389" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+           d="M 139.84823,453.80527 L 129.66343,463.99007"
+           id="path2393" />
+      </g>
+    </g>
+    <text
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="138.11696"
+       y="382.06345"
+       id="text2403"><tspan
+         id="tspan2273"
+         sodipodi:role="line"
+         y="382.06345"
+         x="138.11696">body</tspan></text>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2433"
+       width="276.37778"
+       height="157.12062"
+       x="304.96820"
+       y="412.46472" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="313.24988"
+       y="455.14575"
+       id="text2435"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan5256"
+         sodipodi:role="line"
+         y="455.14575"
+         x="313.24988">hasField(name : string) : bool</tspan><tspan
+         id="tspan5258"
+         sodipodi:role="line"
+         y="469.54575"
+         x="313.24988">findField(name : string) : ref &lt;headerField&gt;</tspan><tspan
+         id="tspan5260"
+         sodipodi:role="line"
+         y="483.94575"
+         x="313.24988">findAllFields(name : string) : vector</tspan><tspan
+         id="tspan5262"
+         sodipodi:role="line"
+         y="498.34575"
+         x="313.24988">getField(name : string) : ref &lt;headerField&gt;</tspan><tspan
+         id="tspan5264"
+         sodipodi:role="line"
+         y="512.74575"
+         x="313.24988">appendField(f : ref &lt;headerField&gt;) : void</tspan><tspan
+         id="tspan5266"
+         sodipodi:role="line"
+         y="527.14575"
+         x="313.24988">...</tspan><tspan
+         id="tspan5268"
+         sodipodi:role="line"
+         y="541.54576"
+         x="313.24988">getFieldAt(pos : int) : ref &lt;headerField&gt;</tspan><tspan
+         id="tspan5270"
+         sodipodi:role="line"
+         y="555.94576"
+         x="313.24988">getFieldCount() : int</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="412.95099"
+       y="428.297"
+       id="text2439"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5154"
+         sodipodi:role="line"
+         y="428.29700"
+         x="412.95099">header</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 306.34976,436.63194 L 580.95005,436.63194"
+       id="path2443" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2447"
+       width="174.79645"
+       height="124.30678"
+       x="694.27942"
+       y="412.17731" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="701.74768"
+       y="454.99402"
+       id="text2449"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan5176"
+         sodipodi:role="line"
+         y="454.99402"
+         x="701.74768">getName() : string</tspan><tspan
+         id="tspan5178"
+         sodipodi:role="line"
+         y="469.39402"
+         x="701.74768">getValue() : component</tspan><tspan
+         id="tspan5180"
+         sodipodi:role="line"
+         y="483.79402"
+         x="701.74768">setValue(val : component)</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="738.73987"
+       y="428.14526"
+       id="text2453"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5152"
+         sodipodi:role="line"
+         y="428.14526"
+         x="738.73987">headerField</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 694.64397,436.48015 L 868.69600,436.48015"
+       id="path2457" />
+    <rect
+       style="fill:#ffffff;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500381;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2541"
+       width="15.541226"
+       height="15.541226"
+       x="65.401291"
+       y="759.55469"
+       transform="matrix(0.707107,-0.707107,0.707107,0.707107,0.000000,0.000000)" />
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 605.07226,490.76897 L 694.31385,490.76897"
+       id="path2543" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="661.23236"
+       y="486.08081"
+       id="text2545"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5160"
+         sodipodi:role="line"
+         y="486.08081"
+         x="661.23236">0..n</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="626.90173"
+       y="509.08081"
+       id="text2549"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5156"
+         sodipodi:role="line"
+         y="509.08081"
+         x="626.90173">fields</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="611.56311"
+       y="486.08081"
+       id="text2553"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan5158"
+         sodipodi:role="line"
+         y="486.08081"
+         x="611.56311">0</tspan></text>
+    <path
+       id="path2575"
+       d="M 622.56502,300.28297 L 650.45394,300.28297 L 636.04466,285.87370 L 622.56502,300.28297 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2225"
+       width="171.85686"
+       height="151.16983"
+       x="74.698677"
+       y="412.04831" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="82.183701"
+       y="454.75391"
+       id="text2227"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan2377"
+         sodipodi:role="line"
+         y="454.75391"
+         x="82.183701">getContents() : ref &lt;ch&gt;</tspan><tspan
+         id="tspan2379"
+         sodipodi:role="line"
+         y="469.15391"
+         x="82.183701">getCharset() : charset</tspan><tspan
+         id="tspan2381"
+         sodipodi:role="line"
+         y="483.55391"
+         x="82.183701">getEncoding() : encoding</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="141.69556"
+       y="427.90518"
+       id="text2231"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2237"
+         sodipodi:role="line"
+         y="427.90518"
+         x="141.69556">body</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 75.063282,436.24013 L 246.17599,436.24013"
+       id="path2235" />
+    <path
+       id="path2239"
+       d="M 506.13949,167.78737 L 506.13949,195.67630 L 520.54876,181.26702 L 506.13949,167.78737 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <g
+       transform="matrix(1.828236e-17,1.000000,-1.000000,1.828236e-17,548.9327,384.9312)"
+       id="g2253">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+         d="M -100.36367,371.67294 L 26.017722,371.67294"
+         id="path2255" />
+      <g
+         id="g2257"
+         transform="translate(-113.9177,-82.19766)">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 140.20049,454.12696 L 129.75724,443.68372"
+           id="path2259" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+           d="M 139.84823,453.80527 L 129.66343,463.99007"
+           id="path2261" />
+      </g>
+    </g>
+    <g
+       transform="matrix(1.828236e-17,1.000000,-1.000000,1.828236e-17,704.8357,384.9312)"
+       id="g2263">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+         d="M -100.36367,371.67294 L 26.017722,371.67294"
+         id="path2265" />
+      <g
+         id="g2267"
+         transform="translate(-113.9177,-82.19766)">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 140.20049,454.12696 L 129.75724,443.68372"
+           id="path2269" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+           d="M 139.84823,453.80527 L 129.66343,463.99007"
+           id="path2271" />
+      </g>
+    </g>
+    <text
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="342.21133"
+       y="384.8981"
+       id="text2275"><tspan
+         id="tspan2279"
+         sodipodi:role="line"
+         y="384.89810"
+         x="342.21133">header</tspan></text>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2283"
+       width="223.48137"
+       height="99.596283"
+       x="46.366730"
+       y="650.83508" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="53.664009"
+       y="693.75391"
+       id="text2285"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan2337"
+         sodipodi:role="line"
+         y="693.75391"
+         x="53.664009">extract(out : outputStream) : void</tspan><tspan
+         id="tspan2339"
+         sodipodi:role="line"
+         y="708.15391"
+         x="53.664009">getLength() : int</tspan><tspan
+         id="tspan2341"
+         sodipodi:role="line"
+         y="722.55391"
+         x="53.664009">getEncoding() : encoding</tspan><tspan
+         id="tspan2343"
+         sodipodi:role="line"
+         y="736.95391"
+         x="53.664009">isEmpty() : bool</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="107.50659"
+       y="666.90515"
+       id="text2289"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2295"
+         sodipodi:role="line"
+         y="666.90515"
+         x="107.50659">contentHandler</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 46.694654,675.24013 L 269.50523,675.24013"
+       id="path2293" />
+    <text
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="96.439804"
+       y="606.38623"
+       id="text2313"><tspan
+         id="tspan2331"
+         sodipodi:role="line"
+         y="606.38623"
+         x="96.439804">contents</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2343873;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 16.600928,494.52517 L 54.665082,494.52517"
+       id="path2357" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="114.21628"
+       y="211.67206"
+       id="text2359"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2361"
+         sodipodi:role="line"
+         y="211.67206"
+         x="114.21628">0..n</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="15.201084"
+       y="211.39832"
+       id="text2363"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2371"
+         sodipodi:role="line"
+         y="211.39832"
+         x="15.201084">sub-parts</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="37.547035"
+       y="486.67206"
+       id="text2367"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2369"
+         sodipodi:role="line"
+         y="486.67206"
+         x="37.547035">0</tspan></text>
+    <rect
+       style="fill:#ffffff;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500843;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2355"
+       width="15.541844"
+       height="15.541844"
+       x="-313.66727"
+       y="385.82047"
+       transform="matrix(0.707107,-0.707107,0.707107,0.707107,0.000000,0.000000)" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2383"
+       width="171.85686"
+       height="67.987976"
+       x="169.86403"
+       y="15.308525" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="228.35699"
+       y="31.574478"
+       id="text2393"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2399"
+         sodipodi:role="line"
+         y="31.574478"
+         x="228.35699">message</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 170.22863,39.909422 L 341.34134,39.909422"
+       id="path2397" />
+    <path
+       id="path2405"
+       d="M 266.45394,117.77798 L 238.56502,117.77798 L 252.97430,132.18725 L 266.45394,117.77798 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  </g>
+  <path
+     id="path5436"
+     d="M 446.81292,350.17443 L 782.69938,350.17443"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2515085;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path2373"
+     d="M 16.806908,219.05029 L 16.806908,493.94805"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2522694;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+</svg>
diff --git a/vmime-master/doc/book/images/messaging-services.svg b/vmime-master/doc/book/images/messaging-services.svg
new file mode 100644
index 0000000..fe4f8c8
--- /dev/null
+++ b/vmime-master/doc/book/images/messaging-services.svg
@@ -0,0 +1,617 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="629.28000pt"
+   height="615.89000pt"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.0 r9654"
+   sodipodi:docname="messaging-services.svg"
+   inkscape:export-filename="/home/vincent/www/vmime/documentation/images/design-messaging.png"
+   inkscape:export-xdpi="74.639999"
+   inkscape:export-ydpi="74.639999"
+   version="1.1">
+  <defs
+     id="defs3">
+    <marker
+       inkscape:stockid="Torso"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Torso"
+       style="overflow:visible">
+      <g
+         id="g2045"
+         transform="scale(0.7)">
+        <path
+           sodipodi:nodetypes="ccccc"
+           id="path1128"
+           d="M -4.7792281,-3.2395420 C -2.4288541,-2.8736027 0.52103922,-1.3019943 0.25792722,0.38794346 C -0.0051877922,2.0778819 -2.2126741,2.6176539 -4.5630471,2.2517169 C -6.9134221,1.8857769 -8.5210350,0.75201414 -8.2579220,-0.93792336 C -7.9948090,-2.6278615 -7.1296041,-3.6054813 -4.7792281,-3.2395420 z "
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;marker-start:none;marker-mid:none;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1909"
+           d="M 4.4598789,0.088665736 C -2.5564571,-4.3783320 5.2248769,-3.9061806 -0.84829578,-8.7197331"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           sodipodi:nodetypes="cc"
+           id="path1910"
+           d="M 4.9298719,0.057520736 C -1.3872731,1.7494689 1.8027579,5.4782079 -4.9448731,7.5462725"
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none" />
+        <rect
+           transform="matrix(0.527536,-0.849533,0.887668,0.460484,0.000000,0.000000)"
+           y="-1.7408575"
+           x="-10.391706"
+           height="2.7608147"
+           width="2.6366582"
+           id="rect2035"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <rect
+           transform="matrix(0.671205,-0.741272,0.790802,0.612072,0.000000,0.000000)"
+           y="-7.9629307"
+           x="4.9587269"
+           height="2.8614161"
+           width="2.7327356"
+           id="rect2036"
+           style="fill-rule:evenodd;stroke-width:1.0000000pt;marker-end:none" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,25.96648,19.71619)"
+           d="m 16.779951,-28.685045 c 0,0.335412 -0.271905,0.607317 -0.607317,0.607317 -0.335412,0 -0.607317,-0.271905 -0.607317,-0.607317 0,-0.335412 0.271905,-0.607318 0.607317,-0.607318 0.335412,0 0.607317,0.271906 0.607317,0.607318 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2037"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+        <path
+           transform="matrix(6.793608e-17,-1.109517,1.109517,6.793608e-17,26.82450,16.99126)"
+           d="m 16.779951,-28.685045 c 0,0.335412 -0.271905,0.607317 -0.607317,0.607317 -0.335412,0 -0.607317,-0.271905 -0.607317,-0.607317 0,-0.335412 0.271905,-0.607318 0.607317,-0.607318 0.335412,0 0.607317,0.271906 0.607317,0.607318 z"
+           sodipodi:ry="0.60731727"
+           sodipodi:rx="0.60731727"
+           sodipodi:cy="-28.685045"
+           sodipodi:cx="16.172634"
+           id="path2038"
+           style="fill:#ff0000;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000pt;marker-start:none;marker-end:none"
+           sodipodi:type="arc" />
+      </g>
+    </marker>
+    <marker
+       inkscape:stockid="TriangleOutL"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="TriangleOutL"
+       style="overflow:visible">
+      <path
+         sodipodi:nodetypes="cccc"
+         id="path5324"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none"
+         transform="scale(0.8)" />
+    </marker>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.75785828"
+     inkscape:cx="365.32198"
+     inkscape:cy="407.27112"
+     inkscape:document-units="px"
+     inkscape:current-layer="svg2"
+     inkscape:window-width="1150"
+     inkscape:window-height="986"
+     inkscape:window-x="69"
+     inkscape:window-y="33"
+     showgrid="false"
+     inkscape:window-maximized="0" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <path
+     id="path5442"
+     d="M 495.30781,321.26414 L 495.30781,390.57215"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5440"
+     d="M 662.55216,389.28102 L 662.55216,456.99397"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <path
+     id="path5438"
+     d="M 325.22881,389.28102 L 325.22881,456.99397"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <g
+       transform="matrix(0.866025,0.499999,-0.499999,0.866025,111.0615,336.6054)"
+       id="g3452">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:5.0000000 5.0000000 ;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+         d="M 278.87323,198.08204 L 405.25462,198.08204"
+         id="path3454" />
+      <g
+         transform="matrix(-1.000000,-1.845854e-17,1.845854e-17,-1.000000,684.3929,415.9391)"
+         style="stroke-width:1.2500000;stroke-miterlimit:4.0000000"
+         id="g3456">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 278.87321,217.60074 L 289.31646,228.04398"
+           id="path3458" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 279.22547,217.92243 L 289.41027,207.73763"
+           id="path3460" />
+      </g>
+    </g>
+    <g
+       transform="matrix(-0.499998,0.866024,-0.866024,-0.499998,528.2205,319.3107)"
+       id="g3396">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:5.0000000 5.0000000 ;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+         d="M 278.87323,198.08204 L 405.25462,198.08204"
+         id="path3398" />
+      <g
+         transform="matrix(-1.000000,-1.845854e-17,1.845854e-17,-1.000000,684.3929,415.9391)"
+         style="stroke-width:1.2500000;stroke-miterlimit:4.0000000"
+         id="g3400">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 278.87321,217.60074 L 289.31646,228.04398"
+           id="path3402" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 279.22547,217.92243 L 289.41027,207.73763"
+           id="path3404" />
+      </g>
+    </g>
+    <g
+       transform="matrix(0.500000,0.866024,-0.866024,0.500000,431.6077,-252.3913)"
+       id="g3200">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:5.0000000 5.0000000 ;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+         d="M 278.87323,198.08204 L 405.25462,198.08204"
+         id="path3202" />
+      <g
+         transform="matrix(-1.000000,-1.845854e-17,1.845854e-17,-1.000000,684.3929,415.9391)"
+         style="stroke-width:1.2500000;stroke-miterlimit:4.0000000"
+         id="g3204">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 278.87321,217.60074 L 289.31646,228.04398"
+           id="path3206" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 279.22547,217.92243 L 289.41027,207.73763"
+           id="path3208" />
+      </g>
+    </g>
+    <g
+       transform="matrix(0.499999,-0.866025,0.866025,0.499999,-54.36140,359.0658)"
+       id="g3168">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-dasharray:5.0000000 5.0000000 ;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+         d="M 278.87323,198.08204 L 405.25462,198.08204"
+         id="path3156" />
+      <g
+         transform="matrix(-1.000000,-1.845854e-17,1.845854e-17,-1.000000,684.3929,415.9391)"
+         style="stroke-width:1.2500000;stroke-miterlimit:4.0000000"
+         id="g3158">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 278.87321,217.60074 L 289.31646,228.04398"
+           id="path3160" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 279.22547,217.92243 L 289.41027,207.73763"
+           id="path3162" />
+      </g>
+    </g>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect1291"
+       width="144.63049"
+       height="123.75754"
+       x="423.21133"
+       y="200.65219" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="430.8407"
+       y="243.43631"
+       id="text1293"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3116"
+         sodipodi:role="line"
+         y="243.43631"
+         x="430.84070">connect() : void</tspan><tspan
+         id="tspan3118"
+         sodipodi:role="line"
+         y="257.83631"
+         x="430.84070">disconnect() : void</tspan><tspan
+         id="tspan3120"
+         sodipodi:role="line"
+         y="272.23631"
+         x="430.84070">isConnected() : bool</tspan><tspan
+         id="tspan3122"
+         sodipodi:role="line"
+         y="286.63631"
+         x="430.84070">noop() : void</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="473.4863"
+       y="216.58759"
+       id="text2347"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2932"
+         sodipodi:role="line"
+         y="216.58759"
+         x="473.48630">service</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 423.62452,224.92254 L 567.67587,224.92254"
+       id="path2351" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2353"
+       width="254.50919"
+       height="106.53888"
+       x="40.771675"
+       y="200.75146" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="49.807129"
+       y="243.64157"
+       id="text2355"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3148"
+         sodipodi:role="line"
+         y="243.64157"
+         x="49.807129">getTransport(url : url) : ref &lt;transport&gt;</tspan><tspan
+         id="tspan3150"
+         sodipodi:role="line"
+         y="258.04157"
+         x="49.807129">getStore(url : url) : ref &lt;store&gt;</tspan><tspan
+         id="tspan3152"
+         sodipodi:role="line"
+         y="272.44157"
+         x="49.807129">getProperties() : propertySet</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="143.33478"
+       y="216.79285"
+       id="text2375"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan3124"
+         sodipodi:role="line"
+         y="216.79285"
+         x="143.33478">session</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 41.137120,225.12780 L 294.90028,225.12780"
+       id="path2379" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2433"
+       width="219.00885"
+       height="100.80741"
+       x="215.20381"
+       y="429.00940" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="223.58997"
+       y="472.3562"
+       id="text2435"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3110"
+         sodipodi:role="line"
+         y="472.35620"
+         x="223.58997">getDefaultFolder() : ref &lt;folder&gt;</tspan><tspan
+         id="tspan3112"
+         sodipodi:role="line"
+         y="486.75620"
+         x="223.58997">getRootFolder() : ref &lt;folder&gt;</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="309.11777"
+       y="445.50742"
+       id="text2439"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2936"
+         sodipodi:role="line"
+         y="445.50742"
+         x="309.11777">store</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 216.61640,453.84241 L 433.36337,453.84241"
+       id="path2443" />
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect2447"
+       width="219.00674"
+       height="101.04262"
+       x="553.75336"
+       y="428.77499" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="561.0639"
+       y="472.20447"
+       id="text2449"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3114"
+         sodipodi:role="line"
+         y="472.20447"
+         x="561.06390">send(msg : ref &lt;message&gt;) : void</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="632.07196"
+       y="445.35568"
+       id="text2453"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan2934"
+         sodipodi:role="line"
+         y="445.35568"
+         x="632.07196">transport</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 554.08593,453.69062 L 771.88660,453.69062"
+       id="path2457" />
+    <path
+       id="path2575"
+       d="M 481.88130,340.17064 L 509.77022,340.17064 L 495.36094,325.76137 L 481.88130,340.17064 z "
+       style="fill:#ffffff;fill-opacity:1.0000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.0000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+    <g
+       transform="translate(17.15883,45.55696)"
+       id="g3136">
+      <path
+         style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+         d="M 405.51967,217.85706 L 279.13828,217.85706"
+         id="path2265" />
+      <g
+         style="stroke-width:1.2500000;stroke-miterlimit:4.0000000"
+         id="g3132">
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 278.87321,217.60074 L 289.31646,228.04398"
+           id="path2269" />
+        <path
+           style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000"
+           d="M 279.22547,217.92243 L 289.41027,207.73763"
+           id="path2271" />
+      </g>
+    </g>
+    <text
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="335.37018"
+       y="257.45505"
+       id="text2275"><tspan
+         id="tspan3146"
+         sodipodi:role="line"
+         y="257.45505"
+         x="335.37018">session</tspan></text>
+    <text
+       transform="matrix(0.500000,0.866025,-0.866025,0.500000,0.000000,0.000000)"
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:11.999973px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="313.42676"
+       y="-318.0412"
+       id="text3174"><tspan
+         id="tspan3178"
+         sodipodi:role="line"
+         y="-318.04120"
+         x="313.42676">&lt;instanciates&gt;</tspan></text>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect3180"
+       width="253.81813"
+       height="96.037521"
+       x="234.02649"
+       y="9.0948601" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="241.24963"
+       y="52.019093"
+       id="text3182"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3218"
+         sodipodi:role="line"
+         y="52.019093"
+         x="241.24963">create(protocol : string) : ref &lt;service&gt;</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="312.24161"
+       y="25.170307"
+       id="text3192"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan3198"
+         sodipodi:role="line"
+         y="25.170307"
+         x="312.24161">serviceFactory</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2500000;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 234.44127,33.505080 L 487.67742,33.505080"
+       id="path3196" />
+    <text
+       transform="matrix(0.500000,-0.866025,0.866025,0.500000,0.000000,0.000000)"
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:11.999965px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="-19.006903"
+       y="316.46106"
+       id="text3210"><tspan
+         id="tspan3214"
+         sodipodi:role="line"
+         y="316.46106"
+         x="-19.006903">&lt;uses&gt;</tspan></text>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect3362"
+       width="244.86130"
+       height="116.61144"
+       x="14.277589"
+       y="572.10736" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="22.589966"
+       y="615.3562"
+       id="text3364"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3386"
+         sodipodi:role="line"
+         y="615.35620"
+         x="22.589966">getName() : string</tspan><tspan
+         id="tspan3388"
+         sodipodi:role="line"
+         y="629.75620"
+         x="22.589966">open() : void</tspan><tspan
+         id="tspan3390"
+         sodipodi:role="line"
+         y="644.15620"
+         x="22.589966">close() : void</tspan><tspan
+         id="tspan3392"
+         sodipodi:role="line"
+         y="658.55620"
+         x="22.589966">getMessages(int from, int to) : vector</tspan><tspan
+         id="tspan3394"
+         sodipodi:role="line"
+         y="672.95620"
+         x="22.589966">...</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="119.45631"
+       y="588.50739"
+       id="text3370"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan3376"
+         sodipodi:role="line"
+         y="588.50739"
+         x="119.45631">folder</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2449049;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 15.691587,596.84241 L 258.28817,596.84241"
+       id="path3374" />
+    <text
+       transform="matrix(0.500000,-0.866025,0.866025,0.500000,0.000000,0.000000)"
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:11.999992px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="-398.12543"
+       y="406.40524"
+       id="text3406"><tspan
+         id="tspan3408"
+         sodipodi:role="line"
+         y="406.40524"
+         x="-398.12543">&lt;instanciates&gt;</tspan></text>
+    <rect
+       style="fill:#f5f5c8;fill-opacity:1.0000000;stroke:#000000;stroke-width:1.2500000;stroke-miterlimit:4.0000000;stroke-dashoffset:0.0000000;stroke-opacity:1.0000000"
+       id="rect3410"
+       width="244.86130"
+       height="140.35690"
+       x="365.27762"
+       y="617.23462" />
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:120.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="373.59"
+       y="660.3562"
+       id="text3412"
+       sodipodi:linespacing="120.00000%"><tspan
+         id="tspan3440"
+         sodipodi:role="line"
+         y="660.35620"
+         x="373.59000">getNumber() : int</tspan><tspan
+         id="tspan3442"
+         sodipodi:role="line"
+         y="674.75620"
+         x="373.59000">getFlags() : int</tspan><tspan
+         id="tspan3444"
+         sodipodi:role="line"
+         y="689.15620"
+         x="373.59000">getHeader() : int</tspan><tspan
+         id="tspan3446"
+         sodipodi:role="line"
+         y="703.55620"
+         x="373.59000">getStructure() : structure</tspan><tspan
+         id="tspan3448"
+         sodipodi:role="line"
+         y="717.95620"
+         x="373.59000">extract(out : outputStream) : void</tspan><tspan
+         id="tspan3450"
+         sodipodi:role="line"
+         y="732.35620"
+         x="373.59000">...</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:12.000000px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="459.11771"
+       y="633.50739"
+       id="text3424"
+       sodipodi:linespacing="100.00000%"><tspan
+         id="tspan3430"
+         sodipodi:role="line"
+         y="633.50739"
+         x="459.11771">message</tspan></text>
+    <path
+       style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2449049;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000"
+       d="M 366.69159,641.84241 L 609.28817,641.84241"
+       id="path3428" />
+    <text
+       transform="matrix(0.866025,0.500000,-0.500000,0.866025,0.000000,0.000000)"
+       sodipodi:linespacing="100.00000%"
+       xml:space="preserve"
+       style="font-size:11.999992px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:100.00000%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1.0000000;stroke:none;stroke-width:1.0000000px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1.0000000;font-family:Bitstream Vera Sans"
+       x="558.315"
+       y="419.37476"
+       id="text3462"><tspan
+         id="tspan3464"
+         sodipodi:role="line"
+         y="419.37476"
+         x="558.31500">&lt;instanciates&gt;</tspan></text>
+  </g>
+  <path
+     id="path5436"
+     d="M 325.97175,390.06210 L 661.85821,390.06210"
+     style="fill:none;fill-opacity:0.75000000;fill-rule:evenodd;stroke:#000000;stroke-width:1.2515085;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4.0000000;stroke-opacity:1.0000000" />
+  <rect
+     y="170.36218"
+     x="668.00000"
+     height="76.000000"
+     width="134.00000"
+     id="rect3360"
+     style="stroke-opacity:1.0000000;stroke-dashoffset:0.0000000;stroke-miterlimit:4.0000000;stroke-linejoin:miter;stroke-linecap:round;stroke-width:1.2500000;stroke:none;fill-rule:nonzero;fill-opacity:1.0000000;fill:none" />
+</svg>
diff --git a/vmime-master/doc/book/intro.tex b/vmime-master/doc/book/intro.tex
new file mode 100644
index 0000000..fe7bcf5
--- /dev/null
+++ b/vmime-master/doc/book/intro.tex
@@ -0,0 +1,90 @@
+\chapter{Introduction}
+
+% ============================================================================
+\section{Overview}
+
+VMime is a powerful C++ class library for working with MIME messages and
+Internet messaging services like IMAP, POP or SMTP.
+
+With VMime you can parse, generate and modify messages, and also connect to
+store and transport services to receive or send messages over the Internet.
+The library offers all the features to build a complete mail client.
+
+The main objectives of this library are:
+
+\begin{itemize}
+\item fully RFC-compliant implementation;
+\item object-oriented and modular design;
+\item very easy-to-use (intuitive design);
+\item well documented code;
+\item very high reliability;
+\item maximum portability.
+\end{itemize}
+
+
+% ============================================================================
+\section{Features}
+
+\noindent MIME features:
+
+\begin{itemize}
+\item Full support for RFC-2822 and multipart messages (RFC-1521)
+\item Aggregate documents (MHTML) and embedded objects (RFC-2557)
+\item Message Disposition Notification (RFC-3798)
+\item 8-bit MIME (RFC-2047)
+\item Encoded word extensions (RFC-2231)
+\item Attachments
+\end{itemize}
+
+\noindent Network features:
+
+\begin{itemize}
+\item Support for IMAP, POP3 and maildir stores
+\item Support for SMTP and sendmail transport methods
+\item Extraction of whole message or specific parts
+\item TLS/SSL security layer
+\item SASL authentication
+\end{itemize}
+
+
+% ============================================================================
+\section{Copyright and license}
+
+VMime library is Free Software and is licensed under the terms of the GNU
+General Public License\footnote{See Appendix \ref{appendix_license} and
+\url{http://www.gnu.org/copyleft/gpl.html}} (GPL) version 3:
+
+\begin{verbatim}
+   Copyright (C) 2002 Vincent Richard
+
+   VMime library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License as
+   published by the Free Software Foundation; either version 3 of
+   the License, or (at your option) any later version.
+
+   VMime is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU General Public License for more details.
+
+   Linking this library statically or dynamically with other
+   modules is making a combined work based on this library.
+   Thus, the terms and conditions of the GNU General Public
+   License cover the whole combination.
+\end{verbatim}
+
+\newpage
+\noindent This document is released under the terms of the
+GNU Free Documentation
+License\footnote{See \url{http://www.gnu.org/copyleft/fdl.html}} (FDL):
+
+\begin{verbatim}
+   Copyright (C) 2004 Vincent Richard
+
+   Permission is granted to copy, distribute and/or modify
+   this document under the terms of the GNU Free Documentation
+   License, Version 1.2 or any later version published by the
+   Free Software Foundation; with no Invariant Sections, no
+   Front-Cover Texts, and no Back-Cover Texts.
+\end{verbatim}
+
diff --git a/vmime-master/doc/book/msg.tex b/vmime-master/doc/book/msg.tex
new file mode 100644
index 0000000..ce9d8a8
--- /dev/null
+++ b/vmime-master/doc/book/msg.tex
@@ -0,0 +1,430 @@
+\chapter{Parsing and Building Messages}
+
+% ============================================================================
+\section{Parsing messages}
+
+\subsection{Introduction} % --------------------------------------------------
+
+Parsing is the process of creating a structured representation (for example,
+a hierarchy of C++ objects) of a message from its ``textual'' representation
+(the raw data that is actually sent on the Internet).
+
+For example, say you have the following email in a file called "hello.eml":
+
+\begin{verbatim}
+Date: Thu, Oct 13 2005 15:22:46 +0200
+From: Vincent <vincent@vmime.org>
+To: you@vmime.org
+Subject: Hello from VMime!
+
+A simple message to test VMime
+\end{verbatim}
+
+The following code snippet shows how you can easily obtain a
+{\vcode vmime::message} object from data in this file:
+
+\begin{lstlisting}[caption={Parsing a message from a file}]
+// Read data from file
+std::ifstream file;
+file.open("hello.eml", std::ios::in | std::ios::binary);
+
+vmime::utility::inputStreamAdapter is(file);
+
+vmime::string data;
+vmime::utility::outputStreamStringAdapter os(data);
+
+vmime::utility::bufferedStreamCopy(is, os);
+
+// Actually parse the message
+vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+msg->parse(data);
+
+vmime::shared_ptr <vmime::header> hdr = msg->getHeader();
+vmime::shared_ptr <vmime::body> bdy = msg->getBody();
+
+// Now, you can extract some of its components
+vmime::charset ch(vmime::charsets::UTF_8);
+
+std::cout
+   << "The subject of the message is: "
+   << hdr->Subject()->getValue <vmime::text>()->getConvertedText(ch)
+   << std::endl
+   << "It was sent by: "
+   << hdr->From()->getValue <vmime::mailbox>()->getName().getConvertedText(ch)
+   << " (email: " << hdr->From()->getValue <vmime::mailbox>()->getEmail() << ")"
+   << std::endl;
+\end{lstlisting}
+
+The output of this program is:
+
+\begin{verbatim}
+The subject of the message is: Hello from VMime!
+It was sent by: Vincent (email: vincent@vmime.org)
+\end{verbatim}
+
+
+\subsection{Using the {\vcode vmime::messageParser} object} % ----------------
+
+The {\vcode vmime::messageParser} object allows to parse messages in a more
+simple manner. You can obtain all the text parts and attachments as well as
+basic fields (expeditor, recipients, subject...), without dealing with
+MIME message structure.
+
+\begin{lstlisting}[caption={Using {\vcode vmime::messageParser} to parse
+more complex messages}]
+// Read data from file
+std::ifstream file;
+file.open("hello.eml", std::ios::in | std::ios::binary);
+
+vmime::utility::inputStreamAdapter is(file);
+
+vmime::string data;
+vmime::utility::outputStreamStringAdapter os(data);
+
+vmime::utility::bufferedStreamCopy(is, os);
+
+// Actually parse the message
+vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+msg->parse(data);
+
+// Here start the differences with the previous example
+vmime::messageParser mp(msg);
+
+// Output information about attachments
+std::cout << "Message has " << mp.getAttachmentCount()
+   << " attachment(s)" << std::endl;
+
+for (int i = 0 ; i < mp.getAttachmentCount() ; ++i) {
+
+   vmime::shared_ptr <const vmime::attachment> att = mp.getAttachmentAt(i);
+   std::cout << "   - " << att->getType().generate() << std::endl;
+}
+
+// Output information about text parts
+std::cout << "Message has " << mp.getTextPartCount()
+   << " text part(s)" << std::endl;
+
+for (int i = 0 ; i < mp.getTextPartCount() ; ++i) {
+
+   vmime::shared_ptr <const vmime::textPart> tp = mp.getTextPartAt(i);
+
+   // text/html
+   if (tp->getType().getSubType() == vmime::mediaTypes::TEXT_HTML) {
+
+      vmime::shared_ptr <const vmime::htmlTextPart> htp =
+         vmime::dynamicCast <const vmime::htmlTextPart>(tp);
+
+      // HTML text is in tp->getText()
+      // Plain text is in tp->getPlainText()
+
+      // Enumerate embedded objects
+      for (int j = 0 ; j < htp->getObjectCount() ; ++j) {
+
+         vmime::shared_ptr <const vmime::htmlTextPart::embeddedObject> obj =
+            htp->getObjectAt(j);
+
+         // Identifier (Content-Id or Content-Location) is obj->getId()
+         // Object data is in obj->getData()
+      }
+
+   // text/plain or anything else
+   } else {
+
+      // Text is in tp->getText()
+   }
+}
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Building messages}
+
+\subsection{A simple message\label{msg-building-simple-message}} % -----------
+
+Of course, you can build a MIME message from scratch by creating the various
+objects that compose it (parts, fields, etc.). The following is an example of
+how to achieve it:
+
+\begin{lstlisting}[caption={Building a simple message from scratch}]
+vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+
+vmime::shared_ptr <vmime::header> hdr = msg->getHeader();
+vmime::shared_ptr <vmime::body> bdy = msg->getBody();
+
+vmime::shared_ptr <vmime::headerFieldFactory> hfFactory =
+   vmime::headerFieldFactory::getInstance();
+
+// Append a 'Date:' field
+vmime::shared_ptr <vmime::headerField> dateField =
+   hfFactory->create(vmime::fields::DATE);
+
+dateField->setValue(vmime::datetime::now());
+hdr->appendField(dateField);
+
+// Append a 'Subject:' field
+vmime::shared_ptr <vmime::headerField> subjectField =
+   hfFactory->create(vmime::fields::SUBJECT);
+
+subjectField->setValue(vmime::text("Message subject"));
+hdr->appendField(subjectField);
+
+// Append a 'From:' field
+vmime::shared_ptr <vmime::headerField> fromField =
+   hfFactory->create(vmime::fields::FROM);
+
+fromField->setValue(vmime::make_shared <vmime::mailbox>("me@vmime.org"));
+hdr->appendField(fromField);
+
+// Append a 'To:' field
+vmime::shared_ptr <vmime::headerField> toField =
+   hfFactory->create(vmime::fields::TO);
+
+vmime::shared_ptr <vmime::mailboxList> recipients =
+   vmime::make_shared <vmime::mailboxList>();
+
+recipients->appendMailbox
+   (vmime::make_shared <vmime::mailbox>("you@vmime.org"));
+
+toField->setValue(recipients);
+hdr->appendField(toField);
+
+// Set the body contents
+bdy->setContents(
+   vmime::make_shared <vmime::stringContentHandler>(
+      "This is the text of your message..."
+   )
+);
+
+// Output raw message data to standard output
+vmime::utility::outputStreamAdapter out(std::cout);
+msg->generate(out);
+\end{lstlisting}
+
+As you can see, this is a little fastidious. Hopefully, VMime also offers a
+more simple way for creating messages. The {\vcode vmime::messageBuilder}
+object can create basic messages that you can then customize.
+
+The following code can be used to build exactly the same message as in the
+previous example, using the {\vcode vmime::messageBuilder} object:
+
+\begin{lstlisting}[caption={Building a simple message
+using {\vcode vmime::messageBuilder}}]
+try {
+
+   vmime::messageBuilder mb;
+
+   // Fill in some header fields and message body
+   mb.setSubject(vmime::text("Message subject"));
+   mb.setExpeditor(vmime::mailbox("me@vmime.org"));
+   mb.getRecipients().appendAddress(
+      vmime::make_shared <vmime::mailbox>("you@vmime.org")
+   );
+
+   mb.getTextPart()->setCharset(vmime::charsets::ISO8859_15);
+   mb.getTextPart()->setText(
+      vmime::make_shared <vmime::stringContentHandler>(
+         "This is the text of your message..."
+      )
+   );
+
+   // Message construction
+   vmime::shared_ptr <vmime::message> msg = mb.construct();
+
+   // Output raw message data to standard output
+   vmime::utility::outputStreamAdapter out(std::cout);
+   msg->generate(out);
+
+// VMime exception
+} catch (vmime::exception& e) {
+
+   std::cerr << "vmime::exception: " << e.what() << std::endl;
+
+// Standard exception
+} catch (std::exception& e) {
+
+   std::cerr << "std::exception: " << e.what() << std::endl;
+}
+\end{lstlisting}
+
+
+\subsection{Adding an attachment} % ------------------------------------------
+
+Dealing with attachments is quite simple. Add the following code to the
+previous example to attach a file to the message:
+
+\begin{lstlisting}[caption={Building a message with an attachment using
+{\vcode vmime::messageBuilder}}]
+// Create an attachment
+vmime::shared_ptr <vmime::fileAttachment> att =
+   vmime::make_shared <vmime::fileAttachment>(
+      /* full path to file */  "/home/vincent/paris.jpg",
+      /* content type */       vmime::mediaType("image/jpeg),
+      /* description */        vmime::text("My holidays in Paris")
+   );
+
+// You can also set some infos about the file
+att->getFileInfo().setFilename("paris.jpg");
+att->getFileInfo().setCreationDate(
+   vmime::datetime("30 Apr 2003 14:30:00 +0200")
+);
+
+// Add this attachment to the message
+mb.appendAttachment(att);
+\end{lstlisting}
+
+
+\subsection{HTML messages and embedded objects} % ----------------------------
+
+VMime also supports aggregate messages, which permits to build MIME messages
+containing HTML text and embedded objects (such as images). For more information
+about aggregate messages, please read RFC-2557 (\emph{MIME Encapsulation of
+Aggregate Documents, such as HTML}).
+
+Creating such messages is quite easy, using the {\vcode vmime::messageBuilder}
+object. The following code constructs a message containing text in both plain
+and HTML format, and a JPEG image:
+
+\begin{lstlisting}[caption={Building an HTML message with an embedded image
+using the {\vcode vmime::messageBuilder}}]
+// Fill in some header fields
+mb.setSubject(vmime::text("An HTML message"));
+mb.setExpeditor(vmime::mailbox("me@vmime.org"));
+mb.getRecipients().appendAddress(
+   vmime::make_shared <vmime::mailbox>("you@vmime.org")
+);
+
+// Set the content-type to "text/html": a text part factory must be
+// available for the type you are using. The following code will make
+// the message builder construct the two text parts.
+mb.constructTextPart(
+   vmime::mediaType(
+      vmime::mediaTypes::TEXT,
+      vmime::mediaTypes::TEXT_HTML
+   )
+);
+
+// Set contents of the text parts; the message is available in two formats:
+// HTML and plain text. The HTML format also includes an embedded image.
+vmime::shared_ptr <vmime::htmlTextPart> textPart =
+   vmime::dynamicCast <vmime::htmlTextPart>(mb.getTextPart());
+
+// -- Add the JPEG image (the returned identifier is used to identify the
+// -- embedded object in the HTML text, the famous "CID", or "Content-Id").
+// -- Note: you can also read data from a file; see the next example.
+const vmime::string id = textPart->addObject("<...image data...>",
+   vmime::mediaType(vmime::mediaTypes::IMAGE, vmime::mediaTypes::IMAGE_JPEG));
+
+// -- Set the text
+textPart->setCharset(vmime::charsets::ISO8859_15);
+
+textPart->setText(
+   vmime::make_shared <vmime::stringContentHandler>(
+      "This is the <b>HTML text</b>, and the image:<br/>"
+      "<img src=\"") + id + vmime::string("\"/>"
+   )
+);
+
+textPart->setPlainText(
+   vmime::make_shared <vmime::stringContentHandler>(
+      "This is the plain text."
+   )
+);
+\end{lstlisting}
+
+This will create a message having the following structure:
+
+\begin{verbatim}
+multipart/alternative
+   text/plain
+   multipart/related
+      text/html
+      image/jpeg
+\end{verbatim}
+
+You can easily tell VMime to read the embedded object data from a file. The
+following code opens the file \emph{/path/to/image.jpg}, connects it to an
+input stream, then add an embedded object:
+
+\begin{lstlisting}
+vmime::utility::fileSystemFactory* fs =
+   vmime::platform::getHandler()->getFileSystemFactory();
+
+vmime::shared_ptr <vmime::utility::file> imageFile =
+   fs->create(fs->stringToPath("/path/to/image.jpg"));
+
+vmime::shared_ptr <vmime::contentHandler> imageCts =
+   vmime::make_shared <vmime::streamContentHandler>(
+      imageFile->getFileReader()->getInputStream(),
+      imageFile->getLength()
+   );
+
+const vmime::string cid = textPart.addObject(
+   imageCts,
+   vmime::mediaType(
+      vmime::mediaTypes::IMAGE,
+      vmime::mediaTypes::IMAGE_JPEG
+   )
+);
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Working with attachments: the attachment helper}
+
+The {\vcode attachmentHelper} object allows listing all attachments in a
+message, as well as adding new attachments, without using the
+{\vcode messageParser} and {\vcode messageBuilders} objects. It can work
+directly on messages and body parts.
+
+To use it, you do not need any knowledge about how attachment parts should
+be organized in a MIME message.
+
+The following code snippet tests if a body part is an attachment, and if so,
+extract its contents to the standard output:
+
+\begin{lstlisting}[caption={Testing if a body part is an attachment}]
+vmime::shared_ptr <vmime::bodyPart> part;  // suppose we have a body part
+
+if (vmime::attachmentHelper::isBodyPartAnAttachment(part)) {
+
+   // The body part contains an attachment, get it
+   vmime::shared_ptr <const vmime::attachment> attach =
+      attachmentHelper::getBodyPartAttachment(part);
+
+   // Extract attachment data to standard output
+   vmime::utility::outputStreamAdapter out(std::cout);
+   attach->getData()->extract(out);
+}
+\end{lstlisting}
+
+You can also easily extract all attachments from a message:
+
+\begin{lstlisting}[caption={Extracting all attachments from a message}]
+vmime::shared_ptr <vmime::message> msg;  // suppose we have a message
+
+const std::vector <ref <const attachment> > atts =
+   attachmentHelper::findAttachmentsInMessage(msg);
+\end{lstlisting}
+
+Finally, the {\vcode attachmentHelper} object can be used to add an
+attachment to an existing message, whatever it contains (text parts,
+attachments, ...). The algorithm can modify the structure of the
+message if needed (eg. add a \emph{multipart/mixed} part if no one
+exists in the message). Simply call the {\vcode addAttachment}
+function:
+
+\begin{lstlisting}[caption={Adding an attachment to an existing message}]
+vmime::shared_ptr <vmime::message> msg;  // suppose we have a message
+
+// Create an attachment
+vmime::shared_ptr <vmime::fileAttachment> att =
+   vmime::make_shared <vmime::fileAttachment>(
+      /* full path to file */  "/home/vincent/paris.jpg",
+      /* content type */       vmime::mediaType("image/jpeg),
+      /* description */        vmime::text("My holidays in Paris")
+   );
+
+// Attach it to the message
+vmime::attachmentHelper::addAttachment(msg, att);
+\end{lstlisting}
+
diff --git a/vmime-master/doc/book/net.tex b/vmime-master/doc/book/net.tex
new file mode 100644
index 0000000..3fab903
--- /dev/null
+++ b/vmime-master/doc/book/net.tex
@@ -0,0 +1,1203 @@
+\chapter{Working with Messaging Services}
+
+% ============================================================================
+\section{Introduction}
+
+In addition to parsing and building MIME messages, VMime also offers a lot of
+features to work with messaging services. This includes connecting to remote
+messaging stores (like IMAP or POP3), local stores (maildir) and transport
+services (send messages over SMTP or local sendmail), through an unified
+interface (see Figure \ref{uml_messaging_module}). That means that you can
+use independently IMAP of POP3 without having to change any line of code.
+
+Source code of {\vexample Example6} covers all features presented in this
+chapter, so it is important you take some time to read it.
+
+\begin{figure}
+	\center\includegraphics[width=0.9\textwidth]
+		{images/messaging-services.png}\endcenter
+	\caption{Overall structure of the messaging module}
+	\label{uml_messaging_module}
+\end{figure}
+
+The interface is composed of five classes:
+
+\begin{itemize}
+\item {\vcode vmime::net::service}: this is the base interface for a
+messaging service. It can be either a store service or a transport
+service.
+
+\item {\vcode vmime::net::serviceFactory}: create instances of a service.
+This is used internally by the session object (see below).
+
+\item {\vcode vmime::net::store}: interface for a store service. A store
+service offers access to a set of folders containing messages. This is
+used for IMAP, POP3 and maildir.
+
+\item {\vcode vmime::net::transport}: interface for a transport service.
+A transport service is capable of sending messages. This is used for
+SMTP and sendmail.
+
+\item {\vcode vmime::net::session}: a session object is used to store the
+parameters used by a service (eg. connection parameters). Each service
+instance is associated with only one session. The session object is capable
+of creating instances of services.
+\end{itemize}
+
+The following classes are specific to store services:
+
+\begin{itemize}
+\item {\vcode vmime::net::folder}: a folder can either contain other folders
+or messages, or both.
+
+\item {\vcode vmime::net::message}: this is the interface for dealing with
+messages. For a given message, you can have access to its flags, its MIME
+structure and you can also extract the whole message data or given parts (if
+supported by the underlying protocol).
+\end{itemize}
+
+
+% ============================================================================
+\section{Working with sessions}
+
+\subsection{Setting properties} % --------------------------------------------
+
+Sessions are used to store configuration parameters for services. They
+contains a set of typed properties that can modify the behaviour of the
+services. Before using a messaging service, you must create and
+initialize a session object:
+
+\begin{lstlisting}
+vmime::shared_ptr <vmime::net::session> theSession = vmime::net::session::create();
+\end{lstlisting}
+
+Session properties include:
+
+\begin{itemize}
+\item connection parameters: host and port to connect to;
+\item authentication parameters: user credentials required to use the
+service (if any);
+\item protocol-specific parameters: enable or disable extensions (eg. APOP
+support in POP3).
+\end{itemize}
+
+Properties are stored using a dotted notation, to specify the service type,
+the protocol name, the category and the name of the property:
+
+\begin{verbatim}
+   {service_type}.{protocol}.category.name
+\end{verbatim}
+
+An example of property is \emph{store.pop3.options.apop} (used to enable or
+disable the use of APOP authentication). The \emph{store.pop3} part is called
+the \emph{prefix}. This allow specifying different values for the same
+property depending on the protocol used.
+
+The session properties are stored in a {\vcode vmime::propertySet} object.
+To set the value of a property, you can use either:
+
+\begin{lstlisting}
+theSession->getProperties().setProperty("property-name", value);
+\end{lstlisting}
+
+or:
+
+\begin{lstlisting}
+theSession->getProperties()["property-name"] = value;
+\end{lstlisting}
+
+
+\subsection{Available properties} % ------------------------------------------
+
+Following is a list of available properties and the protocols they apply to,
+as the time of writing this documentation\footnote{You can get an up-to-date
+list of the properties by running \vexample{Example7}}. For better clarity,
+the prefixes do not appear in this table.
+
+\begin{table}[!ht]
+\noindent\begin{tabularx}{1.0\textwidth}{|l|c|X|c|c|c|c|c|c|c|c|}
+\hline
+	{\bf Property name} &
+	{\bf Type} &
+	{\bf Description} &
+	\verti{\bf POP3} &
+	\verti{\bf POP3S} &
+	\verti{\bf IMAP} &
+	\verti{\bf IMAPS} &
+	\verti{\bf SMTP} &
+	\verti{\bf SMTPS} &
+	\verti{\bf maildir} &
+	\verti{\bf sendmail} \\
+\hline
+\hline
+options.sasl & bool & Set to {\vcode true} to use SASL authentication, if
+available. & \vdot & \vdot & \vdot & \vdot & \vdot & \vdot & & \\
+\hline
+options.sasl.fallback & bool & Fail if SASL authentication failed (do not
+try other authentication mechanisms). & \vdot & \vdot & \vdot & \vdot &
+\vdot & \vdot & & \\
+\hline
+auth.username\footnote{You should use authenticators
+instead.\label{fn_auth_username}} & string & Set the username of the account
+to connect to. & \vdot & \vdot & \vdot & \vdot & \vdot & \vdot & & \\
+\hline
+auth.password\footref{fn_auth_username} & string & Set the password of the
+account. & \vdot & \vdot & \vdot & \vdot & \vdot & \vdot & & \\
+\hline
+connection.tls & bool & Set to {\vcode true} to start a secured connection
+using STARTTLS extension, if available. & \vdot & & \vdot & & \vdot & & & \\
+\hline
+connection.tls.required & bool & Fail if a secured connection cannot be
+started. & \vdot & & \vdot & & \vdot & & & \\
+\hline
+server.address & string & Server host name or IP address. &\vdot & \vdot &
+\vdot & \vdot & \vdot & \vdot & & \\
+\hline
+server.port & int & Server port. & \vdot & \vdot & \vdot & \vdot &
+\vdot & \vdot & & \\
+\hline
+server.rootpath & string & Root directory for mail repository (eg.
+\emph{/home/vincent/Mail}). & & & & & & & \vdot & \\
+\hline
+\end{tabularx}
+\caption{Properties common to all protocols}
+\end{table}
+
+\newpage
+These are the protocol-specific options:
+
+\begin{table}[!ht]
+\noindent\begin{tabularx}{1.0\textwidth}{|l|c|X|}
+\hline
+	{\bf Property name} &
+	{\bf Type} &
+	{\bf Description} \\
+% POP3/POP3S
+\hline
+\multicolumn{3}{|c|}{POP3, POP3S} \\
+\hline
+store.pop3.options.apop & bool & Enable or disable authentication with
+APOP (if SASL is enabled, this occurs after all SASL mechanisms have been
+tried). \\
+\hline
+store.pop3.options.apop.fallback & bool & If set to {\vcode true} and
+APOP fails, the authentication process fails (ie. unsecure plain text
+authentication is not used). \\
+\hline
+% SMTP
+\multicolumn{3}{|c|}{SMTP, SMTPS} \\
+\hline
+transport.smtp.options.need-authentication & bool & Set to \emph{true} if
+the server requires to authenticate before sending messages. \\
+\hline
+transport.smtp.options.pipelining & bool & Set to {\vcode false} to disable
+command pipelining, if the server supports it (default is {\vcode true}). \\
+\hline
+transport.smtp.options.chunking & bool & Set to {\vcode false} to disable
+CHUNKING extension, if the server supports it (default is {\vcode true}). \\
+\hline
+% sendmail
+\multicolumn{3}{|c|}{sendmail} \\
+\hline
+transport.sendmail.binpath & string & The path to the \emph{sendmail}
+executable on your system. The default is the one found by the configuration
+script when VMime was built. \\
+\hline
+\end{tabularx}
+\caption{Protocol-specific options}
+\end{table}
+
+
+\subsection{Instanciating services} % ----------------------------------------
+
+You can create a service either by specifying its protocol name, or by
+specifying the URL of the service. Creation by name is deprecated so
+this chapter only presents the latter option.
+
+The URL scheme for connecting to services is:
+
+\begin{verbatim}
+   protocol://[username[:password]@]host[:port]/[root-path]
+\end{verbatim}
+
+\vnote{For local services (ie. \emph{sendmail} and \emph{maildir}), the host
+part is not used, but it must not be empty (you can use "localhost").}
+
+The following table shows an example URL for each service:
+
+\noindent\begin{tabularx}{1.0\textwidth}{|c|X|}
+\hline
+	{\bf Service} &
+	{\bf Connection URL} \\
+\hline
+imap, imaps & {\tt imap://imap.example.com},
+{\tt imaps://vincent:pass@example.com} \\
+\hline
+pop3, pop3s & {\tt pop3://pop3.example.com} \\
+\hline
+smtp, smtps & {\tt smtp://smtp.example.com} \\
+\hline
+maildir & {\tt maildir://localhost/home/vincent/Mail} (host not used) \\
+\hline
+sendmail & {\tt sendmail://localhost} (host not used, always localhost) \\
+\hline
+\end{tabularx}
+
+\newpage
+
+When you have the connection URL, instanciating the service is quite simple.
+Depending on the type of service, you will use either {\vcode getStore()} or
+{\vcode getTransport()}. For example, for store services, use:
+
+\begin{lstlisting}
+vmime::utility:url url("imap://user:pass@imap.example.com");
+vmime::shared_ptr <vmime::net::store> st = sess->getStore(url);
+\end{lstlisting}
+
+and for transport services:
+
+\begin{lstlisting}
+vmime::utility:url url("smtp://smtp.example.com");
+vmime::shared_ptr <vmime::net::transport> tr = sess->getTransport(url);
+\end{lstlisting}
+
+
+% ============================================================================
+\section{User credentials and authenticators}
+
+Some services need some user credentials (eg. username and password) to open
+a session. In VMime, user credentials can be specified in the session
+properties or by using a custom authenticator (callback).
+
+\begin{lstlisting}[caption={Setting user credentials using session
+properties}]
+vmime::shared_ptr <vmime::net::session> sess;  // Suppose we have a session
+
+sess->getProperties()["store.imap.auth.username"] = "vincent";
+sess->getProperties()["store.imap.auth.password"] = "my-password";
+\end{lstlisting}
+
+Although not recommended, you can also specify username and password
+directly in the connection URL,
+ie: \emph{imap://username:password@imap.example.com/}. This works only for
+services requiring an username and a password as user credentials, and no
+other information.
+
+Sometimes, it may not be very convenient to set username/password in the
+session properties, or not possible (eg. extended SASL mechanisms) . That's
+why VMime offers an alternate way of getting user credentials: the
+{\vcode authenticator} object. Basically, an authenticator is an object that
+can return user credentials on-demand (like a callback).
+
+Currently, there are two types of authenticator in VMime: a basic
+authenticator (class {\vcode vmime::security::authenticator}) and, if SASL
+support is enabled, a SASL authenticator
+(class {\vcode vmime::security::sasl::SASLAuthenticator}). Usually, you
+should use the default implementations, or at least make your own
+implementation inherit from them.
+
+The following example shows how to use a custom authenticator to request
+the user to enter her/his credentials:
+
+\begin{lstlisting}[caption={A simple interactive authenticator}]
+class myAuthenticator : public vmime::security::defaultAuthenticator {
+
+   const string getUsername() const {
+
+      std::cout << "Enter your username: " << std::endl;
+
+      vmime::string res;
+      std::getline(std::cin, res);
+
+      return res;
+   }
+
+   const string getPassword() const {
+
+      std::cout << "Enter your password: " << std::endl;
+
+      vmime::string res;
+      std::getline(std::cin, res);
+
+      return res;
+   }
+};
+\end{lstlisting}
+
+This is how to use it:
+
+\begin{lstlisting}
+// First, create a session
+vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+// Next, initialize a service which will use our authenticator
+vmime::shared_ptr <vmime::net::store> st = sess->getStore(
+   vmime::utility::url("imap://imap.example.com"),
+   /* use our authenticator */ vmime::make_shared <myAuthenticator>()
+);
+\end{lstlisting}
+
+\vnote{An authenticator object should be used with one and only one service
+at a time. This is required because the authentication process may need to
+retrieve the service name (SASL).}
+
+Of course, this example is quite simplified. For example, if several
+authentication mechanisms are tried, the user may be requested to enter the
+same information multiple times. See  {\vexample Example6} for a more complex
+implementation of an authenticator, with caching support.
+
+If you want to use SASL (ie. if \emph{options.sasl} is set to \emph{true}),
+your authenticator must inherit from
+{\vcode vmime::security::sasl::SASLAuthenticator} or
+{\vcode vmime::security::sasl::defaultSASLAuthenticator}, even if you do not
+use the SASL-specific methods {\vcode getAcceptableMechanisms()} and
+{\vcode setSASLMechanism()}. Have a look at {\vexample Example6} to see an
+implementation of an SASL authenticator.
+
+\begin{lstlisting}[caption={A simple SASL authenticator}]
+class mySASLAuthenticator : public vmime::security::sasl::defaultSASLAuthenticator {
+
+   typedef vmime::security::sasl::SASLMechanism mechanism;  // save us typing
+
+   const std::vector <vmime::shared_ptr <mechanism> > getAcceptableMechanisms(
+      const std::vector <vmime::shared_ptr <mechanism> >& available,
+      const vmime::shared_ptr <mechanism>& suggested
+   ) const {
+
+      // Here, you can sort the SASL mechanisms in the order they will be
+      // tried. If no SASL mechanism is acceptable (ie. for example, not
+      // enough secure), you can return an empty list.
+      //
+      // If you do not want to bother with this, you can simply return
+      // the default list, which is ordered by security strength.
+      return defaultSASLAuthenticator::
+         getAcceptableMechanisms(available, suggested);
+   }
+
+   void setSASLMechanism(const vmime::shared_ptr <mechanism>& mech) {
+
+      // This is called when the authentication process is going to
+      // try the specified mechanism.
+      //
+      // The mechanism name is in mech->getName()
+
+      defaultSASLAuthenticator::setSASLMechanism(mech);
+   }
+
+   // ...implement getUsername() and getPassword()...
+};
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Using transport service}
+
+You have two possibilities for giving message data to the service when you
+want to send a message:
+
+\begin{itemize}
+\item either you have a reference to a message (type {\vcode vmime::message})
+and you can simply call {\vcode send(msg)};
+\item or you only have raw message data (as a string, for example), and you
+have to call the second overload of {\vcode send()}, which takes additional
+parameters (corresponding to message envelope);
+\end{itemize}
+
+The following example illustrates the use of a transport service to send a
+message using the second method:
+
+\begin{lstlisting}[caption={Using a transport service}]
+const vmime::string msgData =
+   "From: me@example.org \r\n"
+   "To: you@example.org \r\n"
+   "Date: Sun, Oct 30 2005 17:06:42 +0200 \r\n"
+   "Subject: Test \r\n"
+   "\r\n"
+   "Message body";
+
+// Create a new session
+vmime::utility::url url("smtp://example.com");
+
+vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+// Create an instance of the transport service
+vmime::shared_ptr <vmime::net::transport> tr = sess->getTransport(url);
+
+// Connect it
+tr->connect();
+
+// Send the message
+vmime::utility::inputStreamStringAdapter is(msgData);
+
+vmime::mailbox from("me@example.org");
+vmime::mailboxList to;
+to.appendMailbox(vmime::make_shared <vmime::mailbox>("you@example.org"));
+
+tr->send(
+   /* expeditor */    from,
+   /* recipient(s) */ to,
+   /* data */         is,
+   /* total length */ msgData.length()
+);
+
+// We have finished using the service
+tr->disconnect();
+\end{lstlisting}
+
+\vnote{Exceptions can be thrown at any time when using a service. For better
+clarity, exceptions are not caught here, but be sure to catch them in your own
+application to provide error feedback to the user.}
+
+If you use SMTP, you can enable authentication by setting some properties
+on the session object ({\vcode service::setProperty()} is a shortcut for
+setting properties on the session with the correct prefix):
+
+\begin{lstlisting}
+tr->setProperty("options.need-authentication", true);
+tr->setProperty("auth.username", "user");
+tr->setProperty("auth.password", "password");
+\end{lstlisting}
+
+
+% ============================================================================
+\section{Using store service}
+
+\subsection{Connecting to a store} % -----------------------------------------
+
+The first basic step for using a store service is to connect to it. The
+following example shows how to initialize a session and instanciate the
+store service:
+
+\begin{lstlisting}[caption={Connecting to a store service}]
+// Create a new session
+vmime::utility::url url("imap://vincent:password@imap:example.org");
+
+vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+// Create an instance of the transport service
+vmime::shared_ptr <vmime::net::store> store = sess->getStore(url);
+
+// Connect it
+store->connect();
+\end{lstlisting}
+
+\vnote{{\vexample Example6} contains a more complete example for connecting
+to a store service, with support for a custom authenticator.}
+
+\subsection{Opening a folder} % ----------------------------------------------
+
+You can open a folder using two different access modes: either in
+\emph{read-only} mode (where you can only read message flags and contents), or
+in \emph{read-write} mode (where you can read messages, but also delete them
+or add new ones). When you have a reference to a folder, simply call the
+{\vcode open()} method with the desired access mode:
+
+\begin{lstlisting}
+folder->open(vmime::net::folder::MODE_READ_WRITE);
+\end{lstlisting}
+
+\vnote{Not all stores support the \emph{read-write} mode. By default, if the
+\emph{read-write} mode is not available, the folder silently fall backs on
+the \emph{read-only} mode, unless the \emph{failIfModeIsNotAvailable} argument
+to {\vcode open()} is set to true.}
+
+Call {\vcode getDefaultFolder()} on the store to obtain a reference to the
+default folder, which is usually the INBOX folder (where messages arrive when
+they are received).
+
+You can also open a specific folder by specifying its path. The following
+example will open a folder named \emph{bar}, which is a child of \emph{foo}
+in the root folder:
+
+\begin{lstlisting}[caption={Opening a folder from its path}]
+vmime::net::folder::path path;
+path /= vmime::net::folder::path::component("foo");
+path /= vmime::net::folder::path::component("bar");
+
+vmime::shared_ptr <vmime::net::folder> fld = store->getFolder(path);
+fld->open(vmime::net::folder::MODE_READ_WRITE);
+\end{lstlisting}
+
+\vnote{You can specify a path as a string as there is no way to get the
+separator used to delimitate path components. Always use {\vcode operator/=}
+or {\vcode appendComponent}.}
+
+\vnote{Path components are of type {\vcode vmime::word}, which means that
+VMime supports folder names with extended characters, not only 7-bit
+US-ASCII. However, be careful that this may not be supported by the
+underlying store protocol (IMAP supports it, because it uses internally a
+modified UTF-7 encoding).}
+
+\subsection{Fetching messages} % ---------------------------------------------
+
+You can fetch some information about a message without having to download the
+whole message. Moreover, folders support fetching for multiple messages in
+a single request, for better performance. The following items are currently
+available for fetching:
+
+\begin{itemize}
+\item {\bf envelope}: sender, recipients, date and subject;
+\item {\bf structure}: MIME structure of the message;
+\item {\bf content-info}: content-type of the root part;
+\item {\bf flags}: message flags;
+\item {\bf size}: message size;
+\item {\bf header}: retrieve all the header fields of a message;
+\item {\bf uid}: unique identifier of a message;
+\item {\bf importance}: fetch header fields suitable for use with
+{\vcode misc::importanceHelper}.
+\end{itemize}
+
+\vnote{Not all services support all fetchable items. Call
+{\vcode getFetchCapabilities()} on a folder to know which information can be
+fetched by a service.}
+
+The following code shows how to list all the messages in a folder, and
+retrieve basic information to show them to the user:
+
+\begin{lstlisting}[caption={Fetching information about multiple messages}]
+std::vector <ref <vmime::net::message> > allMessages =
+   folder->getMessages(vmime::net::messageSet::byNumber(1, -1));
+      // -1 is a special value to mean "the number of the last message in the folder"
+
+folder->fetchMessages(
+   allMessages,
+   vmime::net::fetchAttributes::FLAGS |
+   vmime::net::fetchAttributes::ENVELOPE
+);
+
+for (unsigned int i = 0 ; i < allMessages.size() ; ++i) {
+
+   vmime::shared_ptr <vmime::net::message> msg = allMessages[i];
+
+   const int flags = msg->getFlags();
+
+   std::cout << "Message " << i << ":" << std::endl;
+
+   if (flags & vmime::net::message::FLAG_SEEN) {
+      std::cout << " - is read" << std::endl;
+   }
+   if (flags & vmime::net::message::FLAG_DELETED) {
+      std::cout << " - is deleted" << std::endl;
+   }
+
+   vmime::shared_ptr <const vmime::header> hdr = msg->getHeader();
+
+   std::cout << " - sent on " << hdr->Date()->generate() << std::endl;
+   std::cout << " - sent by " << hdr->From()->generate() << std::endl;
+}
+\end{lstlisting}
+
+IMAP supports fetching specific header fields of a message. Here is how to use
+the {\vcode fetchAttributes} object to do it:
+
+\begin{lstlisting}[caption={Using fetchAttributes object to fetch specific header fields of a message}]
+
+// Fetch message flags and the "Received" and "X-Mailer" header fields
+vmime::net::fetchAttributes fetchAttribs;
+fetchAttribs.add(vmime::net::fetchAttributes::FLAGS);
+fetchAttribs.add("Received");
+fetchAttribs.add("X-Mailer");
+
+folder->fetchMessages(allMessages, fetchAttribs);
+\end{lstlisting}
+
+
+\subsection{Extracting messages and parts}
+
+To extract the whole contents of a message (including headers), use the
+{\vcode extract()} method on a {\vcode vmime::net::message} object. The
+following example extracts the first message in the default folder:
+
+\begin{lstlisting}[caption={Extracting messages}]
+// Get a reference to the folder and to its first message
+vmime::shared_ptr <vmime::net::folder> folder = store->getDefaultFolder();
+vmime::shared_ptr <vmime::net::message> msg = folder->getMessage(1);
+
+// Write the message contents to the standard output
+vmime::utility::outputStreamAdapter out(std::cout);
+msg->extract(out);
+\end{lstlisting}
+
+Some protocols (like IMAP) also support the extraction of specific MIME parts
+of a message without downloading the whole message. This can save bandwidth
+and time. The method {\vcode extractPart()} is used in this case:
+
+\begin{lstlisting}[caption={Extracting a specific MIME part of a message}]
+// Fetching structure is required before extracting a part
+folder->fetchMessage(msg, vmime::net::fetchAttributes::STRUCTURE);
+
+// Now, we can extract the part
+msg->extractPart(msg->getStructure()->getPartAt(0)->getPartAt(1));
+\end{lstlisting}
+
+Suppose we have a message with the following structure:
+
+\begin{verbatim}
+   multipart/mixed
+      text/html
+      image/jpeg [*]
+\end{verbatim}
+
+The previous example will extract the header and body of the \emph{image/jpeg}
+part.
+
+\subsection{Deleting messages} % ---------------------------------------------
+
+The following example will delete the second and the third message from the
+store.
+
+\begin{lstlisting}[caption={Deleting messages}]
+vmime::shared_ptr <vmime::net::folder> folder = store->getDefaultFolder();
+
+folder->deleteMessages(vmime::net::messageSet::byNumber(/* from */ 2, /* to */ 3));
+
+// This is equivalent
+std::vector <int> nums;
+nums.push_back(2);
+nums.push_back(3);
+folder->deleteMessages(vmime::net::messageSet::byNumber(nums));
+
+// This is also equivalent (but will require 2 roundtrips to server)
+folder->deleteMessages(vmime::net::messageSet::byNumber(2));
+folder->deleteMessages(vmime::net::messageSet::byNumber(2)); // renumbered, 3 becomes 2
+\end{lstlisting}
+
+\subsection{Events} % --------------------------------------------------------
+
+As a result of executing some operation (or from time to time, even if no
+operation has been performed), a store service can send events to notify you
+that something has changed (eg. the number of messages in a folder). These
+events may allow you to update the user interface associated to a message
+store.
+
+Currently, there are three types of event:
+
+\begin{itemize}
+\item {\bf message change}: sent when the number of messages in a folder
+has changed (ie. some messages have been added or removed);
+\item {\bf message count change}: sent when one or more message(s) have
+changed (eg. flags or deleted status);
+\item {\bf folder change}: sent when a folder has been created, renamed or
+deleted.
+\end{itemize}
+
+You can register a listener for each event type by using the corresponding
+methods on a {\vcode folder} object: {\vcode addMessageChangedListener()},
+{\vcode addMessageCountListener()} or {\vcode addFolderListener()}. For more
+information, please read the class documentation for
+{\vcode vmime::net::events} namespace.
+
+
+% ============================================================================
+\section{Handling timeouts}
+
+Unexpected errors can occur while messaging services are performing
+operations and waiting a response from the server (eg. server stops
+responding, network link falls down). As all operations as synchronous,
+they can be ``blocked'' a long time before returning (in fact, they loop
+until they either receive a response from the server, or the underlying
+socket system returns an error).
+
+VMime provides a mechanism to control the duration of operations. This
+mechanism allows the program to cancel an operation that is currently
+running.
+
+An interface called {\vcode timeoutHandler} is provided:
+
+\begin{lstlisting}
+class timeoutHandler : public object {
+
+   /** Called to test if the time limit has been reached.
+     *
+     * @return true if the timeout delay is elapsed
+     */
+   virtual const bool isTimeOut() = 0;
+
+   /** Called to reset the timeout counter.
+     */
+   virtual void resetTimeOut() = 0;
+
+   /** Called when the time limit has been reached (when
+     * isTimeOut() returned true).
+     *
+     * @return true to continue (and reset the timeout)
+     * or false to cancel the current operation
+     */
+   virtual const bool handleTimeOut() = 0;
+};
+\end{lstlisting}
+
+While the operation runs, the service calls {\vcode isTimeout()} at variable
+intervals. If the {\vcode isTimeout()} function returns {\vcode true},
+then {\vcode handleTimeout()} is called. If the {\vcode handleTimeout()}
+function returns {\vcode false}, the operation is cancelled and
+an {\vcode operation\_timed\_out} exception is thrown. Else, if
+{\vcode handleTimeout()} returns true, the operation continues and the
+timeout counter is reset.
+The function {\vcode resetTimeout()} is called each time data has
+been received from the server to reset the timeout delay.
+
+When using a service, a default timeout handler is set: if an operation
+is blocked for more than 30 seconds (ie. network link is down and no data
+was received since 30 seconds), an {\vcode operation\_timed\_out} exception
+is thrown.
+
+The following example shows how to implement a simple timeout handler:
+
+\begin{lstlisting}[caption={Implementing a simple timeout handler}]
+class myTimeoutHandler : public vmime::net::timeoutHandler {
+
+public:
+
+   myTimeoutHandler() {
+
+      m_startTime = time(NULL);
+   }
+
+   const bool isTimeOut() {
+
+      return time(NULL) >= m_startTime + 30;  // 30 seconds timeout
+   }
+
+   void resetTimeOut() {
+
+      m_startTime = time(NULL);
+   }
+
+   const bool handleTimeOut() {
+
+      std::cout << "Operation timed out." << std::endl;
+                << "Press [Y] to continue, or [N] to "
+                << "cancel the operation." << std::endl;
+
+      std::string response;
+      std::cin >> response;
+
+      return response == "y" || response == "Y";
+   }
+
+private:
+
+   time_t m_startTime;
+};
+\end{lstlisting}
+
+To make the service use your timeout handler, you need to write a factory
+class, to allow the service to create instances of the handler class. This
+is required because the service can use several connections to the server
+simultaneously, and each connection needs its own timeout handler.
+
+\begin{lstlisting}
+class myTimeoutHandlerFactory : public vmime::net::timeoutHandlerFactory {
+
+public:
+
+   ref <timeoutHandler> create() {
+
+      return vmime::make_shared <myTimeoutHandler>();
+   }
+};
+\end{lstlisting}
+
+Then, call the {\vcode setTimeoutHandlerFactory()} method on the service object
+to set the timeout handler factory to use during the session:
+
+\begin{lstlisting}
+theService->setTimeoutHandlerFactory(vmime::make_shared <myTimeoutHandlerFactory>());
+\end{lstlisting}
+
+
+% ============================================================================
+\newpage
+\section{Secured connection using TLS/SSL}
+
+\subsection{Introduction} % --------------------------------------------------
+
+If you have enabled TLS support in VMime, you can configure messaging services
+so that they use a secured connection.
+
+Quoting from RFC-2246 - the TLS 1.0 protocol specification: \emph{`` The TLS
+protocol provides communications privacy over the Internet. The protocol
+allows client/server applications to communicate in a way that is designed
+to prevent eavesdropping, tampering, or message forgery.''}
+
+TLS has the following advantages:
+
+\begin{itemize}
+\item authentication: server identity can be verified;
+\item privacy: transmission of data between client and server cannot be read
+by someone in the middle of the connection;
+\item integrity: original data which is transferred between a client and a
+server can not be modified by an attacker without being detected.
+\end{itemize}
+
+\vnote{What is the difference between SSL and TLS? SSL is a protocol designed
+by Netscape. TLS is a standard protocol, and is partly based on version 3 of
+the SSL protocol. The two protocols are not interoperable, but TLS does
+support a mechanism to back down to SSL 3.}
+
+VMime offers two possibilities for using a secured connection:
+
+\begin{itemize}
+\item you can connect to a server listening on a special port (eg. IMAPS
+instead of IMAP): this is the classical use of SSL, but is now deprecated;
+\item connect to a server listening on the default port, and then begin a
+secured connection: this is STARTTLS.
+\end{itemize}
+
+
+\subsection{Setting up a secured connection} % -------------------------------
+
+\subsubsection{Connecting to a ``secured'' port} % ...........................
+
+To use the classical SSL/TLS way, simply use the ``S'' version of the protocol
+to connect to the server (eg. \emph{imaps} instead of \emph{imap}). This is
+currently available for SMTP, POP3 and IMAP.
+
+\begin{lstlisting}
+vmime::shared_ptr <vmime::net::store> store =
+   theSession->getStore(vmime::utility::url("imaps://example.org"));
+\end{lstlisting}
+
+\subsubsection{Using STARTTLS} % .............................................
+
+To make the service start a secured session using the STARTTLS method, simply
+set the \emph{connection.tls} property:
+
+\begin{lstlisting}
+theService->setProperty("connection.tls", true);
+\end{lstlisting}
+
+\vnote{If, for some reason, a secured connection cannot be started, the
+default behaviour is to fallback on a normal connection. To make
+{\vcode connect()} fail if STARTTLS fails, set the
+\emph{connection.tls.required} to \emph{true}.}
+
+\subsection{Certificate verification} % --------------------------------------
+
+\subsubsection{How it works} % ...............................................
+
+If you tried the previous examples, a
+{\vcode certificateException} might have been thrown.
+This is because the default certificate verifier in VMime did not manage to
+verify the certificate, and so could not trust it.
+
+Basically, when you connect to a server using TLS, the server responds with
+a list of certificates, called a certificate chain (usually, certificates are
+of type X.509\footnote{And VMime currently supports only X.509 certificates}).
+The certificate chain is ordered so that the first certificate is the subject
+certificate, the second is the subject's issuer one, the third is the issuer's
+issuer, and so on.
+
+To decide whether the server can be trusted or not, you have to verify that
+\emph{each} certificate is valid (ie. is trusted). For more information
+about X.509 and certificate verification, see related articles on Wikipedia
+\footnote{See \url{http://wikipedia.org/wiki/Public\_key\_certificate}}.
+
+\subsubsection{Using the default certificate verifier} % .....................
+
+The default certificate verifier maintains a list of root (CAs) and user
+certificates that are trusted. By default, the list is empty. So, you have
+to initialize it before using the verifier.
+
+The algorithm\footnote{See
+\url{http://wikipedia.org/wiki/Certification\_path\_validation\_algorithm}}
+used is quite simple:
+
+\begin{enumerate}
+\item for every certificate in the chain, verify that the certificate has been
+issued by the next certificate in the chain;
+\item for every certificate in the chain, verify that the certificate is valid
+at the current time;
+\item ensure that the first certificate's subject name matches the hostname
+of the server;
+\item decide whether the subject's certificate can be trusted:
+	\begin{itemize}
+	\item first, verify that the the last certificate in the chain was
+	issued by a third-party that we trust (root CAs);
+	\item if the issuer certificate cannot be verified against root CAs,
+	compare the subject's certificate against the trusted certificates
+	(the certificates the user has decided to trust).
+	\end{itemize}
+\end{enumerate}
+
+First, we need some code to load existing X.509 certificates:
+
+\begin{lstlisting}[caption={Reading a X.509 certificate from a file}]
+vmime::shared_ptr <vmime::security::cert::X509Certificate>
+   loadX509CertificateFromFile(const std::string& path) {
+
+   std::ifstream certFile;
+   certFile.open(path.c_str(), std::ios::in | std::ios::binary);
+
+   if (!certFile) {
+      // ...handle error...
+   }
+
+   vmime::utility::inputStreamAdapter is(certFile);
+   vmime::shared_ptr <vmime::security::cert::X509Certificate> cert;
+
+   cert = vmime::security::cert::X509Certificate::import(is);
+
+   return cert;
+}
+\end{lstlisting}
+
+Then, we can use the {\vcode loadX509CertificateFromFile} function to load
+certificates and initialize the certificate verifier:
+
+\begin{lstlisting}[caption={Using the default certificate verifier}]
+vmime::shared_ptr <vmime::security::cert::defaultCertificateVerifier> vrf =
+   vmime::make_shared <vmime::security::cert::defaultCertificateVerifier>();
+
+// Load root CAs (such as Verisign or Thawte)
+std::vector <vmime::shared_ptr <vmime::security::cert::X509Certificate> > rootCAs;
+
+rootCAs.push_back(loadX509CertificateFromFile("/path/to/root-ca1.cer");
+rootCAs.push_back(loadX509CertificateFromFile("/path/to/root-ca2.cer");
+rootCAs.push_back(loadX509CertificateFromFile("/path/to/root-ca3.cer");
+
+vrf->setX509RootCAs(rootCAs);
+
+// Then, load certificates that the user explicitely chose to trust
+std::vector <vmime::shared_ptr <vmime::security::cert::X509Certificate> > trusted;
+
+trusted.push_back(loadX509CertificateFromFile("/path/to/trusted-site1.cer");
+trusted.push_back(loadX509CertificateFromFile("/path/to/trusted-site2.cer");
+
+vrf->setX509TrustedCerts(trusted);
+\end{lstlisting}
+
+
+\subsubsection{Writing your own certificate verifier} % ......................
+
+If you need to do more complex verifications on certificates, you will have to
+write your own verifier. Your verifier should inherit from the
+{\vcode vmime::security::cert::certificateVerifier} class and implement the
+method {\vcode verify()}. Then, if the specified certificate chain is trusted,
+simply return from the function, or else throw a
+{\vcode certificateException}.
+
+The following example shows how to implement an interactive certificate
+verifier which relies on the user's decision, and nothing else (you SHOULD NOT
+use this in a production application as this is obviously a serious security
+issue):
+
+\begin{lstlisting}[caption={A custom certificate verifier}]
+class myCertVerifier : public vmime::security::cert::certificateVerifier {
+
+public:
+
+   void verify(const vmime::shared_ptr <certificateChain>& certs) {
+
+      // Obtain the subject's certificate
+      vmime::shared_ptr <vmime::security::cert::certificate> cert = chain->getAt(0);
+
+      std::cout << std::endl;
+      std::cout << "Server sent a '" << cert->getType() << "'"
+         << " certificate." << std::endl;
+      std::cout << "Do you want to accept this certificate? (Y/n) ";
+      std::cout.flush();
+
+      std::string answer;
+      std::getline(std::cin, answer);
+
+      if (answer.length() != 0 && (answer[0] == 'Y' || answer[0] == 'y')) {
+         return;  // OK, we trust the certificate
+      }
+
+      // Don't trust this certificate
+      throw vmime::security::cert::certificateException();
+   }
+};
+\end{lstlisting}
+
+\vnote{In production code, it may be a good idea to remember user's decisions
+about which certificates to trust and which not. See {\vexample Example6} for
+a basic cache implementation.}
+
+Finally, to make the service use your own certificate verifier, simply write:
+
+\begin{lstlisting}
+theService->setCertificateVerifier(vmime::make_shared <myCertVerifier>());
+\end{lstlisting}
+
+\subsection{SSL/TLS Properties} % --------------------------------------------
+
+If you want to customize behavior or set some options on TLS/SSL connection,
+you may use the TLSProperties object, and pass it to the service session. The
+TLS/SSL options must be set {\em before} creating any service with the session
+(ie. before calling either {\vcode getStore()} or {\vcode getTransport()} on
+the session), or they will not be used.
+
+The following example shows how to set the cipher suite preferences for TLS:
+
+\begin{lstlisting}[caption={Setting TLS cipher suite preferences}]
+vmime::shared_ptr <vmime::net::session> sess = /* ... */;
+
+vmime::shared_ptr <vmime::net::tls::TLSProperties> tlsProps =
+	vmime::make_shared <vmime::net::tls::TLSProperties>();
+
+// for OpenSSL
+tlsProps->setCipherString("HIGH:!ADH:@STRENGTH");
+
+// for GNU TLS
+tlsProps->setCipherString("NORMAL:%SSL3_RECORD_VERSION");
+
+sess->setTLSProperties(tlsProps);
+\end{lstlisting}
+
+Please note that the cipher suite string format and meaning depend on the
+underlying TLS library (either OpenSSL or GNU TLS):
+
+\begin{itemize}
+\item for GNU TLS, read this: \newline
+\url{http://gnutls.org/manual/html\_node/Priority-Strings.html}
+
+\item for OpenSSL, read this: \newline
+\url{http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS}
+\end{itemize}
+
+You may also set cipher suite preferences using predefined constants that
+map to generic security modes:
+
+\begin{lstlisting}[caption={Setting TLS cipher suite preferences using predefined modes}]
+sess->setCipherSuite(vmime::net::tls::TLSProperties::CIPHERSUITE_HIGH);
+\end{lstlisting}
+
+The following constants are available:
+
+\noindent\begin{tabularx}{1.0\textwidth}{|l|X|}
+\hline
+	{\bf Constant} &
+	{\bf Meaning} \\
+\hline
+	CIPHERSUITE\_HIGH &
+	High encryption cipher suites ($>$ 128 bits) \\
+\hline
+	CIPHERSUITE\_MEDIUM &
+	Medium encryption cipher suites ($>=$ 128 bits) \\
+\hline
+	CIPHERSUITE\_LOW &
+	Low encryption cipher suites ($>=$ 64 bits) \\
+\hline
+	CIPHERSUITE\_DEFAULT &
+	Default cipher suite (actual cipher suites used depends
+	on the underlying SSL/TLS library) \\
+\hline
+\end{tabularx}
+
+
+% ============================================================================
+\section{Tracing connection}
+
+Connection tracing is used to log what is sent and received on the wire
+between the client and the server, and may help debugging.
+
+First, you have to create your own tracer, which must implement the
+{\vcode vmime::net::tracer} interface. Here is an example of a tracer which
+simply logs to the standard output:
+
+\begin{lstlisting}[caption={A simple tracer}]
+class myTracer : public vmime::net::tracer {
+
+public:
+
+   myTracer(const vmime::string& proto, const int connectionId)
+      : m_proto(proto),
+        m_connectionId(connectionId) {
+
+   }
+
+   // Called by VMime to trace what is sent on the socket
+   void traceSend(const vmime::string& line) {
+
+      std::cout << "[" << m_proto << ":" << m_connectionId
+                << "] C: " << line << std::endl;
+   }
+
+   // Called by VMime to trace what is received from the socket
+   void traceReceive(const vmime::string& line) {
+
+      std::cout << "[" < < m_proto << ":" << m_connectionId
+                << "] S: " << line << std::endl;
+   }
+
+private:
+
+   const vmime::string m_proto;
+   const int m_connectionId;
+};
+\end{lstlisting}
+
+Also create a factory class, used to instanciate your tracer objects:
+
+\begin{lstlisting}
+class myTracerFactory : public vmime::net::tracerFactory {
+
+public:
+
+   vmime::shared_ptr <vmime::net::tracer> create(
+      const vmime::shared_ptr <vmime::net::service>& serv,
+      const int connectionId
+   ) {
+
+      return vmime::make_shared <myTracer>(
+         serv->getProtocolName(), connectionId
+      );
+   }
+};
+\end{lstlisting}
+
+Next, we have to tell VMime to use it. When you create your service
+(either store or transport), simply call the {\vcode setTracerFactory}
+on the service and pass an instance of your factory class:
+
+\begin{lstlisting}[caption={Enabling tracer on a connection}]
+vmime::shared_ptr <vmime::net::transport> store =
+   session->getStore("imaps://user:password@imap.myserver.com");
+
+// Enable tracing communication between client and server
+store->setTracerFactory(vmime::make_shared <myTracerFactory>());
+\end{lstlisting}
+
+That's all! Now, everything which is sent on/received from the socket
+will be logged using your tracer object. Here is an example of a trace
+session for IMAP:
+
+\begin{verbatim}
+[imaps:1] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
+   LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
+[imaps:1] C: a001 AUTHENTICATE PLAIN
+[imaps:1] S: +
+[imaps:1] C: {...SASL exchange: 52 bytes of data...}
+[imaps:1] S: a001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
+   LOGIN-REFERRALS ID ENABLE IDLE SORT SPECIAL-USE QUOTA] Logged in
+[imaps:1] C: a002 LIST "" ""
+[imaps:1] S: * LIST (\Noselect) "." ""
+[imaps:1] S: a002 OK List completed.
+[imaps:1] C: a003 CAPABILITY
+[imaps:1] S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
+   LOGIN-REFERRALS ID ENABLE IDLE SORT SPECIAL-USE QUOTA
+[imaps:1] S: a003 OK Capability completed.
+[imaps:1] C: a003 SELECT INBOX (CONDSTORE)
+[imaps:1] S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft
+   $NotJunk NonJunk JunkRecorded $MDNSent NotJunk $Forwarded
+   Junk $Junk Forwarded $MailFlagBit1)
+[imaps:1] S: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted
+   \Seen \Draft $NotJunk NonJunk JunkRecorded $MDNSent NotJunk
+   $Forwarded Junk $Junk Forwarded $MailFlagBit1 \*)]
+   Flags permitted.
+[imaps:1] S: * 104 EXISTS
+[imaps:1] S: * 0 RECENT
+[imaps:1] S: * OK [UNSEEN 6] First unseen.
+[imaps:1] S: * OK [UIDVALIDITY 1268127585] UIDs valid
+[imaps:1] S: * OK [UIDNEXT 32716] Predicted next UID
+[imaps:1] S: * OK [HIGHESTMODSEQ 148020] Highest
+[imaps:1] S: a003 OK [READ-WRITE] Select completed.
+\end{verbatim}
+
+Please note that no sensitive data (ie. login or password) will be traced.
+Same, {\em blob} data such as message content or SASL exchanges will be logged
+as a marker which indicates how many bytes were sent/received (eg. "{...SASL
+exchange: 52 bytes of data...}"").
diff --git a/vmime-master/doc/book/start.tex b/vmime-master/doc/book/start.tex
new file mode 100644
index 0000000..f169330
--- /dev/null
+++ b/vmime-master/doc/book/start.tex
@@ -0,0 +1,111 @@
+\chapter{Getting Started}
+
+% ============================================================================
+\section{Using VMime in your programs}
+
+First, make sure you have successfully compiled and installed VMime using the
+instructions described in Chapter \ref{chapter_building}. To use VMime in your
+program, you simply have to include VMime headers:
+
+\begin{lstlisting}
+#include <vmime/vmime.hpp>
+\end{lstlisting}
+
+\vnote{for versions older than 0.6.1, include $<$vmime/vmime$>$.}
+
+As of version 0.6.1, VMime uses {\vcode pkg-config} to simplify compiling and
+linking with VMime. The {\vcode pkg-config} utility is used to detect the
+appropriate compiler and linker flags needed for a library.
+
+You can simply build your program with:
+
+\begin{verbatim}
+   $ g++ `pkg-config --cflags --libs vmime` -static -o myprog myprog.cpp
+\end{verbatim}
+
+to use the static version, or with:
+
+\begin{verbatim}
+   $ g++ `pkg-config --cflags vmime` -o myprog myprog.cpp `pkg-config --libs vmime`
+\end{verbatim}
+
+to use the shared version.
+
+\vnote{it is highly recommended that you link your program against the shared
+version of the library.}
+
+All VMime classes and global functions are defined in the namespace
+{\vcode vmime}, so prefix explicitely all your declarations which use VMime
+with {\vcode vmime::}, or import the {\vcode vmime} namespace into the global
+namespace with the C++ keywork {\vcode using} (not recommended, though).
+
+
+% ============================================================================
+\section{If you can not (or do not want to) use {\vcode pkg-config}}
+
+{\bf Linking with the shared library (.so):} compile your program with the
+{\vcode -lvmime} flag. You can use the -L path flag if the library file is
+not in a standard path (ie. not in /usr/lib or /usr/local/lib).
+
+\vnote{if you want to link your program with the shared version of VMime
+library, make sure the library has been compiled using CMake build system
+({\vcode make}, then {\vcode make install}). When you compile with SCons,
+only the static library is built and installed.}
+
+{\bf Linking with the static library (.a):} follow the same procedure as for
+shared linking and append the flag -static to force static linking. Although
+static linking is possible, you are encouraged to use the shared (dynamic)
+version of the library.
+
+
+% ============================================================================
+\section{Platform-dependent code}
+
+While the most part of VMime code is pure ANSI C++, there are some features
+that are platform-specific: file management (opening/reading/writing files),
+network code (socket, DNS resolution) and time management. All the
+non-portable stuff is done by a bridge object called a platform handler (see
+{\vcode vmime::platform}).
+
+If your platform is POSIX-compatible (eg. GNU/Linux, *BSD) or is Windows,
+then you are lucky: VMime has built-in support for these platforms. If not,
+don't worry, the sources of the built-in platform handlers are very well
+documented, so writing you own should not be very difficult.
+
+If your VMime version is $<=$ 0.9.1, you should tell VMime which platform
+handler you want to use at the beginning of your program (before using
+\emph{any} VMime object, or calling \emph{any} VMime global function).
+
+So, if your platform is POSIX, your program should look like this:
+
+\begin{lstlisting}[caption={Initializing VMime and the platform handler}]
+#include <vmime/vmime.hpp>
+#include <vmime/platforms/posix/posixHandler.hpp>
+
+int main() {
+
+   vmime::platform::
+      setHandler <vmime::platforms::posix::posixHandler>();
+
+   // Now, you can use VMime
+   // ...do what you want, it's your program...
+}
+\end{lstlisting}
+
+For using VMime on Windows, include
+{\vcode vmime/platforms/windows/windowsHandler.hpp} and use the following line
+to initialize the platform handler:
+
+\begin{lstlisting}
+vmime::platform::
+   setHandler <vmime::platforms::windows::windowsHandler>();
+\end{lstlisting}
+
+\vnote{since version 0.9.2, this is not needed any more: the platform
+handler is installed automatically using the platform detected during the
+build configuration.}
+
+\vnote{since version 0.8.1, {\vcode vmime::platformDependant} was renamed
+to {\vcode vmime::platform}. The old name has been kept for compatibility
+but it is recommended that you update your code, if needed.}
+
diff --git a/vmime-master/examples/CMakeLists.txt b/vmime-master/examples/CMakeLists.txt
new file mode 100644
index 0000000..9e6998f
--- /dev/null
+++ b/vmime-master/examples/CMakeLists.txt
@@ -0,0 +1,38 @@
+
+IF(VMIME_BUILD_SAMPLES)
+
+	ADD_SUBDIRECTORY(viewer)
+
+	FILE(
+		GLOB
+		VMIME_SAMPLES_SRC_FILES
+		${CMAKE_SOURCE_DIR}/examples/*.cpp
+	)
+
+	# Build one file for each sample
+	FOREACH(VMIME_SAMPLE_SRC_FILE ${VMIME_SAMPLES_SRC_FILES})
+
+		GET_FILENAME_COMPONENT(VMIME_SAMPLE_NAME "${VMIME_SAMPLE_SRC_FILE}" NAME_WE)
+
+		ADD_EXECUTABLE(
+			${VMIME_SAMPLE_NAME}
+			${VMIME_SAMPLE_SRC_FILE}
+		)
+
+		TARGET_LINK_LIBRARIES(
+			${VMIME_SAMPLE_NAME}
+			${VMIME_LIBRARY_NAME}
+		)
+
+		ADD_DEPENDENCIES(
+			${VMIME_SAMPLE_NAME}
+			${VMIME_LIBRARY_NAME}
+		)
+
+	ENDFOREACH()
+
+ELSE()
+
+	MESSAGE(FATAL_ERROR "Examples are not to be built (set VMIME_BUILD_SAMPLES to YES.")
+
+ENDIF()
diff --git a/vmime-master/examples/example1.cpp b/vmime-master/examples/example1.cpp
new file mode 100644
index 0000000..c698fa7
--- /dev/null
+++ b/vmime-master/examples/example1.cpp
@@ -0,0 +1,107 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrate the use of the messageBuilder component
+// to build a simple message.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	std::cout << std::endl;
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	try {
+
+		vmime::messageBuilder mb;
+
+		// Fill in the basic fields
+		mb.setExpeditor(vmime::mailbox("me@somewhere.com"));
+
+		vmime::addressList to;
+		to.appendAddress(vmime::make_shared <vmime::mailbox>("you@elsewhere.com"));
+
+		mb.setRecipients(to);
+
+		vmime::addressList bcc;
+		bcc.appendAddress(vmime::make_shared <vmime::mailbox>("you-bcc@nowhere.com"));
+
+		mb.setBlindCopyRecipients(bcc);
+
+		mb.setSubject(vmime::text("My first message generated with vmime::messageBuilder"));
+
+		// Message body
+		mb.getTextPart()->setText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"I'm writing this short text to test message construction " \
+				"using the vmime::messageBuilder component."
+			)
+		);
+
+		// Construction
+		vmime::shared_ptr <vmime::message> msg = mb.construct();
+
+		// Raw text generation
+		std::cout << "Generated message:" << std::endl;
+		std::cout << "==================" << std::endl;
+
+		vmime::utility::outputStreamAdapter out(std::cout);
+		msg->generate(out);
+
+	// VMime exception
+	} catch (vmime::exception& e) {
+
+		std::cout << "vmime::exception: " << e.what() << std::endl;
+		throw;
+
+	// Standard exception
+	} catch (std::exception& e) {
+
+		std::cout << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/example2.cpp b/vmime-master/examples/example2.cpp
new file mode 100644
index 0000000..da01d75
--- /dev/null
+++ b/vmime-master/examples/example2.cpp
@@ -0,0 +1,121 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrate the use of the messageBuilder component
+// to build a simple message with an attachment.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	std::cout << std::endl;
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	try {
+
+		vmime::messageBuilder mb;
+
+		// Fill in the basic fields
+		mb.setExpeditor(vmime::mailbox("me@somewhere.com"));
+
+		vmime::addressList to;
+		to.appendAddress(vmime::make_shared <vmime::mailbox>("you@elsewhere.com"));
+
+		mb.setRecipients(to);
+
+		vmime::addressList bcc;
+		bcc.appendAddress(vmime::make_shared <vmime::mailbox>("you-bcc@nowhere.com"));
+
+		mb.setBlindCopyRecipients(bcc);
+
+		mb.setSubject(vmime::text("My first message generated with vmime::messageBuilder"));
+
+		// Message body
+		mb.getTextPart()->setText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"I'm writing this short text to test message construction " \
+				"with attachment, using the vmime::messageBuilder component."
+			)
+		);
+
+		// Adding an attachment
+		vmime::shared_ptr <vmime::fileAttachment> a =
+			vmime::make_shared <vmime::fileAttachment>(
+				__FILE__,                                       // full path to file
+				vmime::mediaType("application/octet-stream"),   // content type
+				vmime::text("My first attachment")              // description
+			);
+
+		a->getFileInfo().setFilename("example2.cpp");
+		a->getFileInfo().setCreationDate(vmime::datetime("30 Apr 2003 14:30:00 +0200"));
+
+		mb.attach(a);
+
+		// Construction
+		vmime::shared_ptr <vmime::message> msg = mb.construct();
+
+		// Raw text generation
+		vmime::string dataToSend = msg->generate();
+
+		std::cout << "Generated message:" << std::endl;
+		std::cout << "==================" << std::endl;
+		std::cout << std::endl;
+		std::cout << dataToSend << std::endl;
+
+	// VMime exception
+	} catch (vmime::exception& e) {
+
+		std::cout << "vmime::exception: " << e.what() << std::endl;
+		throw;
+
+	// Standard exception
+	} catch (std::exception& e) {
+
+		std::cout << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/example3.cpp b/vmime-master/examples/example3.cpp
new file mode 100644
index 0000000..b452225
--- /dev/null
+++ b/vmime-master/examples/example3.cpp
@@ -0,0 +1,153 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrate the use of the messageBuilder component
+// to build a complex message (HTML content, plain text and embedded image).
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	std::cout << std::endl;
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	try {
+
+		vmime::messageBuilder mb;
+
+		// Fill in the basic fields
+		mb.setExpeditor(vmime::mailbox("me@somewhere.com"));
+
+		vmime::addressList to;
+		to.appendAddress(vmime::make_shared <vmime::mailbox>("you@elsewhere.com"));
+
+		mb.setRecipients(to);
+
+		vmime::addressList bcc;
+		bcc.appendAddress(vmime::make_shared <vmime::mailbox>("you-bcc@nowhere.com"));
+
+		mb.setBlindCopyRecipients(bcc);
+
+		mb.setSubject(vmime::text("My first message generated with vmime::messageBuilder"));
+
+		// Set the content-type to "text/html"
+		mb.constructTextPart(
+			vmime::mediaType(
+				vmime::mediaTypes::TEXT,
+				vmime::mediaTypes::TEXT_HTML
+			)
+		);
+
+		// Fill in the text part: the message is available in two formats: HTML and plain text.
+		// HTML text part also includes an inline image (embedded into the message).
+		vmime::htmlTextPart& textPart =
+			*vmime::dynamicCast <vmime::htmlTextPart>(mb.getTextPart());
+
+		// -- embed an image (the returned "CID" (content identifier) is used to reference
+		// -- the image into HTML content).
+		vmime::shared_ptr <vmime::utility::fileSystemFactory> fs =
+			vmime::platform::getHandler()->getFileSystemFactory();
+
+		vmime::shared_ptr <vmime::utility::file> imageFile =
+			fs->create(fs->stringToPath("/path/to/image.jpg"));
+
+		vmime::shared_ptr <vmime::utility::fileReader> fileReader =
+			imageFile->getFileReader();
+
+		vmime::shared_ptr <vmime::contentHandler> imageCts =
+			vmime::make_shared <vmime::streamContentHandler>(
+				fileReader->getInputStream(),
+				imageFile->getLength()
+			);
+
+		vmime::shared_ptr <const vmime::htmlTextPart::embeddedObject> obj =
+			textPart.addObject(
+				imageCts,
+				vmime::mediaType(
+					vmime::mediaTypes::IMAGE,
+					vmime::mediaTypes::IMAGE_JPEG
+				)
+			);
+
+		// -- message text
+		textPart.setText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				vmime::string("This is the <b>HTML text</b>.<br/>"
+				"<img src=\"") + obj->getReferenceId() + vmime::string("\"/>")
+			)
+		);
+
+		textPart.setPlainText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"This is the plain text (without HTML formatting)."
+			)
+		);
+
+		// Construction
+		vmime::shared_ptr <vmime::message> msg = mb.construct();
+
+		// Raw text generation
+		vmime::string dataToSend = msg->generate();
+
+		std::cout << "Generated message:" << std::endl;
+		std::cout << "==================" << std::endl;
+		std::cout << std::endl;
+		std::cout << dataToSend << std::endl;
+
+	// VMime exception
+	} catch (vmime::exception& e) {
+
+		std::cout << "vmime::exception: " << e.what() << std::endl;
+		throw;
+
+	// Standard exception
+	} catch (std::exception& e) {
+
+		std::cout << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/example4.cpp b/vmime-master/examples/example4.cpp
new file mode 100644
index 0000000..4d50c2e
--- /dev/null
+++ b/vmime-master/examples/example4.cpp
@@ -0,0 +1,108 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrate the use of the messageParser component
+// to enumerate the text parts in a message.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	std::cout << std::endl;
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	try {
+
+		vmime::messageParser mp("<...MIME message content...>");
+
+		// Enumerate text parts
+		for (size_t i = 0 ; i < mp.getTextPartCount() ; ++i) {
+
+			const vmime::textPart& part = *mp.getTextPartAt(i);
+
+			// Output content-type of the part
+			std::cout << part.getType().generate() << std::endl;
+
+			// text/html
+			if (part.getType().getSubType() == vmime::mediaTypes::TEXT_HTML) {
+
+				const vmime::htmlTextPart& hp = dynamic_cast<const vmime::htmlTextPart&>(part);
+
+				// HTML text is in "hp.getText()"
+				// Corresponding plain text is in "hp.getPlainText()"
+
+				// Enumerate embedded objects (eg. images)
+				for (size_t j = 0 ; j < hp.getObjectCount() ; ++j) {
+
+					const vmime::htmlTextPart::embeddedObject& obj = *hp.getObjectAt(j);
+
+					// Identifier (content-id or content-location) is in "obj.getId()"
+					// Object data is in "obj.getData()"
+				}
+
+			// text/plain
+			} else {
+
+				const vmime::textPart& tp = dynamic_cast<const vmime::textPart&>(part);
+
+				// Text is in "tp.getText()"
+			}
+		}
+
+	// VMime exception
+	} catch (vmime::exception& e) {
+
+		std::cout << "vmime::exception: " << e.what() << std::endl;
+		throw;
+
+	// Standard exception
+	} catch (std::exception& e) {
+
+		std::cout << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/example5.cpp b/vmime-master/examples/example5.cpp
new file mode 100644
index 0000000..24d5cbf
--- /dev/null
+++ b/vmime-master/examples/example5.cpp
@@ -0,0 +1,85 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrate the use of the messageParser component
+// to enumerate the attachments in a message.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	std::cout << std::endl;
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	try {
+
+		vmime::messageParser mp("<...MIME message content...>");
+
+		// Enumerate attachments
+		for (size_t i = 0 ; i < mp.getAttachmentCount() ; ++i) {
+
+			const vmime::attachment& att = *mp.getAttachmentAt(i);
+
+			// Media type (content type) is in "att.getType()"
+			// Name is in "att.getName()"
+			// Description is in "att.getDescription()"
+			// Data is in "att.getData()"
+		}
+
+	// VMime exception
+	} catch (vmime::exception& e) {
+
+		std::cout << "vmime::exception: " << e.what() << std::endl;
+		throw;
+
+	// Standard exception
+	} catch (std::exception& e) {
+
+		std::cout << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/example6.cpp b/vmime-master/examples/example6.cpp
new file mode 100644
index 0000000..add24b3
--- /dev/null
+++ b/vmime-master/examples/example6.cpp
@@ -0,0 +1,938 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include <iostream>
+#include <sstream>
+#include <vector>
+#include <map>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+#include "example6_tracer.hpp"
+#include "example6_authenticator.hpp"
+#include "example6_certificateVerifier.hpp"
+#include "example6_timeoutHandler.hpp"
+
+
+// Global session object
+static vmime::shared_ptr <vmime::net::session> g_session = vmime::net::session::create();
+
+
+/** Returns the messaging protocols supported by VMime.
+  *
+  * @param type service type (vmime::net::service::TYPE_STORE or
+  * vmime::net::service::TYPE_TRANSPORT)
+  */
+static const std::string findAvailableProtocols(const vmime::net::service::Type type) {
+
+	vmime::shared_ptr <vmime::net::serviceFactory> sf =
+		vmime::net::serviceFactory::getInstance();
+
+	std::ostringstream res;
+	size_t count = 0;
+
+	for (size_t i = 0 ; i < sf->getServiceCount() ; ++i) {
+
+		const vmime::net::serviceFactory::registeredService& serv = *sf->getServiceAt(i);
+
+		if (serv.getType() == type) {
+
+			if (count != 0) {
+				res << ", ";
+			}
+
+			res << serv.getName();
+			++count;
+		}
+	}
+
+	return res.str();
+}
+
+
+// Exception helper
+static std::ostream& operator<<(std::ostream& os, const vmime::exception& e) {
+
+	os << "* vmime::exceptions::" << e.name() << std::endl;
+	os << "    what = " << e.what() << std::endl;
+
+	// More information for special exceptions
+	if (dynamic_cast <const vmime::exceptions::command_error*>(&e)) {
+
+		const vmime::exceptions::command_error& cee =
+			dynamic_cast <const vmime::exceptions::command_error&>(e);
+
+		os << "    command = " << cee.command() << std::endl;
+		os << "    response = " << cee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::invalid_response*>(&e)) {
+
+		const vmime::exceptions::invalid_response& ir =
+			dynamic_cast <const vmime::exceptions::invalid_response&>(e);
+
+		os << "    response = " << ir.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::connection_greeting_error*>(&e)) {
+
+		const vmime::exceptions::connection_greeting_error& cgee =
+			dynamic_cast <const vmime::exceptions::connection_greeting_error&>(e);
+
+		os << "    response = " << cgee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::authentication_error*>(&e)) {
+
+		const vmime::exceptions::authentication_error& aee =
+			dynamic_cast <const vmime::exceptions::authentication_error&>(e);
+
+		os << "    response = " << aee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::filesystem_exception*>(&e)) {
+
+		const vmime::exceptions::filesystem_exception& fse =
+			dynamic_cast <const vmime::exceptions::filesystem_exception&>(e);
+
+		os << "    path = " << vmime::platform::getHandler()->
+			getFileSystemFactory()->pathToString(fse.path()) << std::endl;
+	}
+
+	if (e.other()) {
+		os << *e.other();
+	}
+
+	return os;
+}
+
+
+/** Print the MIME structure of a message on the standard output.
+  *
+  * @param s structure object
+  * @param level current depth
+  */
+static void printStructure(
+	vmime::shared_ptr <const vmime::net::messageStructure> s,
+	const int level = 0
+) {
+
+	for (size_t i = 0 ; i < s->getPartCount() ; ++i) {
+
+		vmime::shared_ptr <const vmime::net::messagePart> part = s->getPartAt(i);
+
+		for (int j = 0 ; j < level * 2 ; ++j) {
+			std::cout << " ";
+		}
+
+		std::cout
+			<< (part->getNumber() + 1) << ". "
+			<< part->getType().generate()
+			<< " [" << part->getSize() << " byte(s)]"
+			<< std::endl;
+
+		printStructure(part->getStructure(), level + 1);
+	}
+}
+
+
+static const vmime::string getFolderPathString(vmime::shared_ptr <vmime::net::folder> f) {
+
+	const vmime::string n = f->getName().getBuffer();
+
+	if (n.empty()) {  // root folder
+
+		return "/";
+
+	} else {
+
+		vmime::shared_ptr <vmime::net::folder> p = f->getParent();
+		return getFolderPathString(p) + n + "/";
+	}
+}
+
+
+/** Print folders and sub-folders on the standard output.
+  *
+  * @param folder current folder
+  */
+static void printFolders(vmime::shared_ptr <vmime::net::folder> folder, const int level = 0) {
+
+	for (int j = 0 ; j < level * 2 ; ++j) {
+		std::cout << " ";
+	}
+
+	const vmime::net::folderAttributes attr = folder->getAttributes();
+	std::ostringstream attrStr;
+
+	if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_ALL) {
+		attrStr << " \\use:All";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_ARCHIVE) {
+		attrStr << " \\use:Archive";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_DRAFTS) {
+		attrStr << " \\use:Drafts";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_FLAGGED) {
+		attrStr << " \\use:Flagged";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_JUNK) {
+		attrStr << " \\use:Junk";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_SENT) {
+		attrStr << " \\use:Sent";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_TRASH) {
+		attrStr << " \\use:Trash";
+	} else if (attr.getSpecialUse() == vmime::net::folderAttributes::SPECIALUSE_IMPORTANT) {
+		attrStr << " \\use:Important";
+	}
+
+	if (attr.getFlags() & vmime::net::folderAttributes::FLAG_HAS_CHILDREN) {
+		attrStr << " \\flag:HasChildren";
+	}
+	if (attr.getFlags() & vmime::net::folderAttributes::FLAG_NO_OPEN) {
+		attrStr << " \\flag:NoOpen";
+	}
+
+	for (size_t i = 0, n = attr.getUserFlags().size() ; i < n ; ++i) {
+		attrStr << " \\" << attr.getUserFlags()[i];
+	}
+
+	std::cout << getFolderPathString(folder);
+	std::cout << " " << attrStr.str();
+	std::cout << std::endl;
+
+	std::vector <vmime::shared_ptr <vmime::net::folder> > subFolders = folder->getFolders(false);
+
+	for (unsigned int i = 0 ; i < subFolders.size() ; ++i) {
+		printFolders(subFolders[i], level + 1);
+	}
+}
+
+
+/** Print a menu on the standard output.
+  *
+  * @param choices menu choices
+  */
+static unsigned int printMenu(const std::vector <std::string>& choices) {
+
+	std::cout << std::endl;
+
+	for (unsigned int i = 0 ; i < choices.size() ; ++i) {
+		std::cout << "   " << (i + 1) << ". " << choices[i] << std::endl;
+	}
+
+	std::cout << std::endl;
+	std::cout << "   Your choice? [1-" << choices.size() << "] ";
+	std::cout.flush();
+
+	std::string line;
+	std::getline(std::cin, line);
+
+	std::istringstream iss(line);
+
+	unsigned int choice = 0;
+	iss >> choice;
+
+	std::cout << std::endl;
+
+	if (choice < 1 || choice > choices.size()) {
+		return 0;
+	} else {
+		return choice;
+	}
+}
+
+
+/** Send a message interactively.
+  */
+static void sendMessage() {
+
+	try {
+
+		// Request user to enter an URL
+		std::cout << "Enter an URL to connect to transport service." << std::endl;
+		std::cout << "Available protocols: " << findAvailableProtocols(vmime::net::service::TYPE_TRANSPORT) << std::endl;
+		std::cout << "(eg. smtp://myserver.com, sendmail://localhost)" << std::endl;
+		std::cout << "> ";
+		std::cout.flush();
+
+		vmime::string urlString;
+		std::getline(std::cin, urlString);
+
+		vmime::utility::url url(urlString);
+
+		vmime::shared_ptr <vmime::net::transport> tr;
+
+		if (url.getUsername().empty() || url.getPassword().empty()) {
+			tr = g_session->getTransport(url, vmime::make_shared <interactiveAuthenticator>());
+		} else {
+			tr = g_session->getTransport(url);
+		}
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+		// Enable TLS support if available
+		tr->setProperty("connection.tls", true);
+
+		// Set the time out handler
+		tr->setTimeoutHandlerFactory(vmime::make_shared <timeoutHandlerFactory>());
+
+		// Set the object responsible for verifying certificates, in the
+		// case a secured connection is used (TLS/SSL)
+		tr->setCertificateVerifier(
+			vmime::make_shared <interactiveCertificateVerifier>()
+		);
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		// You can also set some properties (see example7 to know the properties
+		// available for each service). For example, for SMTP:
+		if (!url.getUsername().empty() || !url.getPassword().empty()) {
+			tr->setProperty("options.need-authentication", true);
+		}
+
+		// Trace communication between client and server
+		vmime::shared_ptr <std::ostringstream> traceStream = vmime::make_shared <std::ostringstream>();
+		tr->setTracerFactory(vmime::make_shared <myTracerFactory>(traceStream));
+
+		// Information about the mail
+		std::cout << "Enter email of the expeditor (eg. me@somewhere.com): ";
+		std::cout.flush();
+
+		vmime::string fromString;
+		std::getline(std::cin, fromString);
+
+		vmime::mailbox from(fromString);
+		vmime::mailboxList to;
+
+		for (bool cont = true ; cont ; ) {
+
+			std::cout << "Enter email of the recipient (empty to stop): ";
+			std::cout.flush();
+
+			vmime::string toString;
+			std::getline(std::cin, toString);
+
+			cont = (toString.size() != 0);
+
+			if (cont) {
+				to.appendMailbox(vmime::make_shared <vmime::mailbox>(toString));
+			}
+		}
+
+		std::cout << "Enter message data, including headers (end with '.' on a single line):" << std::endl;
+
+		std::ostringstream data;
+
+		for (bool cont = true ; cont ; ) {
+
+			std::string line;
+			std::getline(std::cin, line);
+
+			if (line == ".") {
+				cont = false;
+			} else {
+				data << line << "\r\n";
+			}
+		}
+
+		// Connect to server
+		tr->connect();
+
+		// Send the message
+		vmime::string msgData = data.str();
+		vmime::utility::inputStreamStringAdapter vis(msgData);
+
+		tr->send(from, to, vis, msgData.length());
+
+		// Note: you could also write this:
+		//     vmime::message msg;
+		//     ...
+		//     tr->send(&msg);
+
+		// Display connection log
+		std::cout << std::endl;
+		std::cout << "Connection Trace:" << std::endl;
+		std::cout << "=================" << std::endl;
+		std::cout << traceStream->str();
+
+		tr->disconnect();
+
+	} catch (vmime::exception& e) {
+
+		std::cerr << std::endl;
+		std::cerr << e << std::endl;
+		throw;
+
+	} catch (std::exception& e) {
+
+		std::cerr << std::endl;
+		std::cerr << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+}
+
+
+/** Connect to a message store interactively.
+  */
+static void connectStore() {
+
+	try {
+
+		// Request user to enter an URL
+		std::cout << "Enter an URL to connect to store service." << std::endl;
+		std::cout << "Available protocols: " << findAvailableProtocols(vmime::net::service::TYPE_STORE) << std::endl;
+		std::cout << "(eg. pop3://user:pass@myserver.com, imap://myserver.com:123)" << std::endl;
+		std::cout << "> ";
+		std::cout.flush();
+
+		vmime::string urlString;
+		std::getline(std::cin, urlString);
+
+		vmime::utility::url url(urlString);
+
+		// If no authenticator is given in argument to getStore(), a default one
+		// is used. Its behaviour is to get the user credentials from the
+		// session properties "auth.username" and "auth.password".
+		vmime::shared_ptr <vmime::net::store> st;
+
+		if (url.getUsername().empty() || url.getPassword().empty()) {
+			st = g_session->getStore(url, vmime::make_shared <interactiveAuthenticator>());
+		} else {
+			st = g_session->getStore(url);
+		}
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+		// Enable TLS support if available
+		st->setProperty("connection.tls", true);
+
+		// Set the time out handler
+		st->setTimeoutHandlerFactory(vmime::make_shared <timeoutHandlerFactory>());
+
+		// Set the object responsible for verifying certificates, in the
+		// case a secured connection is used (TLS/SSL)
+		st->setCertificateVerifier(
+			vmime::make_shared <interactiveCertificateVerifier>()
+		);
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		// Trace communication between client and server
+		vmime::shared_ptr <std::ostringstream> traceStream = vmime::make_shared <std::ostringstream>();
+		st->setTracerFactory(vmime::make_shared <myTracerFactory>(traceStream));
+
+		// Connect to the mail store
+		st->connect();
+
+		// Display some information about the connection
+		vmime::shared_ptr <vmime::net::connectionInfos> ci = st->getConnectionInfos();
+
+		std::cout << std::endl;
+		std::cout << "Connected to '" << ci->getHost() << "' (port " << ci->getPort() << ")" << std::endl;
+		std::cout << "Connection is " << (st->isSecuredConnection() ? "" : "NOT ") << "secured." << std::endl;
+
+		// Open the default folder in this store
+		vmime::shared_ptr <vmime::net::folder> f = st->getDefaultFolder();
+//		vmime::shared_ptr <vmime::net::folder> f = st->getFolder(vmime::utility::path("a"));
+
+		f->open(vmime::net::folder::MODE_READ_WRITE);
+
+		vmime::size_t count = f->getMessageCount();
+
+		std::cout << std::endl;
+		std::cout << count << " message(s) in your inbox" << std::endl;
+
+		for (bool cont = true ; cont ; ) {
+
+			typedef std::map <vmime::size_t, vmime::shared_ptr <vmime::net::message> > MessageList;
+			MessageList msgList;
+
+			try {
+
+				std::vector <std::string> choices;
+
+				choices.push_back("Show message flags");
+				choices.push_back("Show message structure");
+				choices.push_back("Show message header");
+				choices.push_back("Show message envelope");
+				choices.push_back("Extract whole message");
+				choices.push_back("Extract attachments");
+				choices.push_back("Status");
+				choices.push_back("List folders");
+				choices.push_back("Change folder");
+				choices.push_back("Add message (to the current folder)");
+				choices.push_back("Copy message (into the current folder)");
+				choices.push_back("Display trace output");
+				choices.push_back("Return to main menu");
+
+				const int choice = printMenu(choices);
+
+				// Request message number
+				vmime::shared_ptr <vmime::net::message> msg;
+
+				if (choice == 1 || choice == 2 || choice == 3 || choice == 4 ||
+				    choice == 5 || choice == 6 || choice == 11) {
+
+					std::cout << "Enter message number: ";
+					std::cout.flush();
+
+					std::string line;
+					std::getline(std::cin, line);
+
+					std::istringstream iss(line);
+
+					vmime::size_t num = 0;
+					iss >> num;
+
+					if (num < 1 || num > f->getMessageCount()) {
+
+						std::cerr << "Invalid message number." << std::endl;
+						continue;
+					}
+
+					MessageList::iterator it = msgList.find(num);
+
+					if (it != msgList.end()) {
+
+						msg = (*it).second;
+
+					} else {
+
+						msg = f->getMessage(num);
+						msgList.insert(MessageList::value_type(num, msg));
+					}
+
+					std::cout << std::endl;
+				}
+
+				switch (choice) {
+
+				// Show message flags
+				case 1:
+
+					f->fetchMessage(msg, vmime::net::fetchAttributes::FLAGS);
+
+					if (msg->getFlags() & vmime::net::message::FLAG_SEEN) {
+						std::cout << "FLAG_SEEN" << std::endl;
+					}
+					if (msg->getFlags() & vmime::net::message::FLAG_RECENT) {
+						std::cout << "FLAG_RECENT" << std::endl;
+					}
+					if (msg->getFlags() & vmime::net::message::FLAG_REPLIED) {
+						std::cout << "FLAG_REPLIED" << std::endl;
+					}
+					if (msg->getFlags() & vmime::net::message::FLAG_DELETED) {
+						std::cout << "FLAG_DELETED" << std::endl;
+					}
+					if (msg->getFlags() & vmime::net::message::FLAG_MARKED) {
+						std::cout << "FLAG_MARKED" << std::endl;
+					}
+					if (msg->getFlags() & vmime::net::message::FLAG_PASSED) {
+						std::cout << "FLAG_PASSED" << std::endl;
+					}
+
+					break;
+
+				// Show message structure
+				case 2:
+
+					f->fetchMessage(msg, vmime::net::fetchAttributes::STRUCTURE);
+					printStructure(msg->getStructure());
+					break;
+
+				// Show message header
+				case 3:
+
+					f->fetchMessage(msg, vmime::net::fetchAttributes::FULL_HEADER);
+					std::cout << msg->getHeader()->generate() << std::endl;
+					break;
+
+				// Show message envelope
+				case 4: {
+
+					vmime::net::fetchAttributes attr(vmime::net::fetchAttributes::ENVELOPE);
+
+					// If you also want to fetch "Received: " fields:
+					//attr.add("Received");
+
+					f->fetchMessage(msg, attr);
+
+					std::cout << msg->getHeader()->generate() << std::endl;
+
+					break;
+				}
+				// Extract whole message
+				case 5: {
+
+					vmime::utility::outputStreamAdapter out(std::cout);
+					msg->extract(out);
+
+					break;
+				}
+				// Extract attachments
+				case 6: {
+
+					vmime::shared_ptr <vmime::message> parsedMsg = msg->getParsedMessage();
+
+					std::vector <vmime::shared_ptr <const vmime::attachment> > attchs =
+						vmime::attachmentHelper::findAttachmentsInMessage(parsedMsg);
+
+					if (attchs.size() > 0) {
+
+						std::cout << attchs.size() << " attachments found." << std::endl;
+
+						for (std::vector <vmime::shared_ptr <const vmime::attachment> >::iterator
+						     it = attchs.begin() ; it != attchs.end() ; ++it) {
+
+							vmime::shared_ptr <const vmime::attachment> att = *it;
+
+							// Get attachment size
+							vmime::size_t size = 0;
+
+							if (att->getData()->isEncoded()) {
+								size = att->getData()->getEncoding().getEncoder()->getDecodedSize(att->getData()->getLength());
+							} else {
+								size = att->getData()->getLength();
+							}
+
+							std::cout << "Found attachment '" << att->getName().getBuffer() << "'"
+							          << ", size is " << size << " bytes:" << std::endl;
+
+							// Get attachment data
+							std::cout << std::endl;
+							std::cout << "========== BEGIN CONTENT ==========" << std::endl;
+
+							vmime::utility::outputStreamAdapter osa(std::cout);
+							att->getData()->extract(osa);
+
+							std::cout << std::endl;
+							std::cout << "========== END CONTENT ==========" << std::endl;
+
+							// Or write it to a file
+							/*
+							vmime::shared_ptr <vmime::utility::fileSystemFactory> fsf
+								= vmime::platform::getHandler()->getFileSystemFactory();
+
+							vmime::shared_ptr <vmime::utility::file> file
+								= fsf->create(vmime::utility::path::fromString
+									("/path/to/attachment-file", "/", vmime::charsets::UTF_8));
+							// -or- ("C:\\Temp\\attachment-file", "\\", vmime::charsets::UTF_8));
+
+							file->createFile();
+
+							vmime::shared_ptr <vmime::utility::outputStream> output =
+								file->getFileWriter()->getOutputStream();
+
+							att->getData()->extract(*output.get());
+							*/
+						}
+
+					} else {
+
+						std::cout << "No attachments found." << std::endl;
+					}
+
+					break;
+				}
+				// Status
+				case 7: {
+
+					vmime::size_t count, unseen;
+					f->status(count, unseen);
+
+					std::cout << "Status: count=" << count << ", unseen=" << unseen << std::endl;
+					break;
+				}
+				// List folders
+				case 8: {
+
+					vmime::shared_ptr <vmime::net::folder> root = st->getRootFolder();
+
+					printFolders(root);
+					break;
+				}
+				// Change folder
+				case 9: {
+
+					std::cout << "Enter folder path (eg. /root/subfolder):" << std::endl;
+					std::cout.flush();
+
+					std::string path;
+					std::getline(std::cin, path);
+
+					vmime::shared_ptr <vmime::net::folder> newFolder = st->getRootFolder();
+
+					for (std::string::size_type s = 0, p = 0 ; ; s = p + 1) {
+
+						p = path.find_first_of('/', s);
+
+						const std::string x = (p == std::string::npos)
+							? std::string(path.begin() + s, path.end())
+							: std::string(path.begin() + s, path.begin() + p);
+
+						if (!x.empty()) {
+							newFolder = newFolder->getFolder(vmime::utility::path::component(x));
+						}
+
+						if (p == std::string::npos) {
+							break;
+						}
+					}
+
+					newFolder->open(vmime::net::folder::MODE_READ_WRITE);
+
+					count = newFolder->getMessageCount();
+
+					std::cout << std::endl;
+					std::cout << count << " message(s) in this folder" << std::endl;
+
+					f->close(true);  // 'true' to expunge deleted messages
+					f = newFolder;
+
+					break;
+				}
+				// Add message
+				case 10: {
+
+					vmime::messageBuilder mb;
+
+					mb.setExpeditor(vmime::mailbox("me@somewhere.com"));
+
+					vmime::addressList to;
+					to.appendAddress(vmime::make_shared <vmime::mailbox>("you@elsewhere.com"));
+					mb.setRecipients(to);
+
+					mb.setSubject(vmime::text("Test message from VMime example6"));
+					mb.getTextPart()->setText(
+						vmime::make_shared <vmime::stringContentHandler>(
+							"Body of test message from VMime example6."
+						)
+					);
+
+					vmime::shared_ptr <vmime::message> msg = mb.construct();
+
+					vmime::net::messageSet set = f->addMessage(msg);
+
+					if (set.isEmpty()) {
+
+						std::cout << "Message has successfully been added, "
+						          << "but its UID/number is not known." << std::endl;
+
+					} else {
+
+						const vmime::net::messageRange& range = set.getRangeAt(0);
+
+						if (set.isUIDSet()) {
+
+							const vmime::net::message::uid uid =
+								dynamic_cast <const vmime::net::UIDMessageRange&>(range).getFirst();
+
+							std::cout << "Message has successfully been added, "
+							          << "its UID is '" << uid << "'." << std::endl;
+
+						} else {
+
+							const vmime::size_t number =
+								dynamic_cast <const vmime::net::numberMessageRange&>(range).getFirst();
+
+							std::cout << "Message has successfully been added, "
+							          << "its number is '" << number << "'." << std::endl;
+						}
+					}
+
+					break;
+				}
+				// Copy message
+				case 11: {
+
+					vmime::net::messageSet set = f->copyMessages(f->getFullPath(),
+						vmime::net::messageSet::byNumber(msg->getNumber()));
+
+					if (set.isEmpty()) {
+
+						std::cout << "Message has successfully been copied, "
+						          << "but its UID/number is not known." << std::endl;
+
+					} else {
+
+						const vmime::net::messageRange& range = set.getRangeAt(0);
+
+						if (set.isUIDSet()) {
+
+							const vmime::net::message::uid uid =
+								dynamic_cast <const vmime::net::UIDMessageRange&>(range).getFirst();
+
+							std::cout << "Message has successfully been copied, "
+							          << "its UID is '" << uid << "'." << std::endl;
+
+						} else {
+
+							const vmime::size_t number =
+								dynamic_cast <const vmime::net::numberMessageRange&>(range).getFirst();
+
+							std::cout << "Message has successfully been copied, "
+							          << "its number is '" << number << "'." << std::endl;
+						}
+					}
+
+					break;
+				}
+				// Display trace output
+				case 12:
+
+					std::cout << std::endl;
+					std::cout << "Connection Trace:" << std::endl;
+					std::cout << "=================" << std::endl;
+					std::cout << traceStream->str();
+					break;
+
+				// Main menu
+				case 13:
+
+					f->close(true);  // 'true' to expunge deleted messages
+					cont = false;
+					break;
+				}
+
+/*
+		// Append message
+		std::istringstream iss(
+			"From: me@localhost\r\n"
+			"To: you@localhost\r\n"
+			"Subject: Message Text\r\n"
+			"\r\n"
+			"This is a test message...\r\n"
+			"Bye bye!\r\n"
+		);
+
+		f->addMessage(iss, iss.str().size());
+
+		// Folder renaming
+		{
+			vmime::shared_ptr <vmime::net::folder> f = st->getFolder(vmime::net::folder::path("c"));
+			f->rename(vmime::net::folder::path("c2"));
+
+			vmime::shared_ptr <vmime::net::folder> g = st->getFolder(vmime::net::folder::path("c2"));
+			g->rename(vmime::net::folder::path("c"));
+		}
+
+		// Message copy: copy all messages from 'f' to 'g'
+		{
+			vmime::shared_ptr <vmime::net::folder> g = st->getFolder(vmime::net::folder::path("TEMP"));
+
+			if (!g->exists()) {
+				g->create(vmime::net::folder::TYPE_CONTAINS_MESSAGES);
+			}
+
+			f->copyMessages(g->getFullPath());
+		}
+*/
+
+			} catch (vmime::exception& e) {
+
+				std::cerr << std::endl;
+				std::cerr << e << std::endl;
+
+			} catch (std::exception& e) {
+
+				std::cerr << std::endl;
+				std::cerr << "std::exception: " << e.what() << std::endl;
+			}
+
+		} // for(cont)
+
+		st->disconnect();
+
+	} catch (vmime::exception& e) {
+
+		std::cerr << std::endl;
+		std::cerr << e << std::endl;
+		throw;
+
+	} catch (std::exception& e) {
+
+		std::cerr << std::endl;
+		std::cerr << "std::exception: " << e.what() << std::endl;
+		throw;
+	}
+}
+
+
+/* Show the main menu.
+ *
+ * @return true to quit the program, false to continue
+ */
+static bool menu() {
+
+	std::vector <std::string> items;
+
+	items.push_back("Connect to a message store");
+	items.push_back("Send a message");
+	items.push_back("Quit");
+
+	switch (printMenu(items)) {
+
+	// Connect to store
+	case 1:
+
+		connectStore();
+		return false;
+
+	// Send a message
+	case 2:
+
+		sendMessage();
+		return false;
+
+	// Quit
+	case 3:
+
+		return true;
+
+	// Other choice
+	default:
+
+		return false;
+	}
+}
+
+
+int main() {
+
+	// Set the global C and C++ locale to the user-configured locale.
+	// The locale should use UTF-8 encoding for these tests to run successfully.
+	try {
+		std::locale::global(std::locale(""));
+	} catch (std::exception &) {
+		std::setlocale(LC_ALL, "");
+	}
+
+	for (bool quit = false ; !quit ; ) {
+
+		// Loop on main menu
+		quit = menu();
+	}
+
+	return 0;
+}
diff --git a/vmime-master/examples/example6_authenticator.hpp b/vmime-master/examples/example6_authenticator.hpp
new file mode 100644
index 0000000..56f0239
--- /dev/null
+++ b/vmime-master/examples/example6_authenticator.hpp
@@ -0,0 +1,112 @@
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+// SASL authentication handler
+class interactiveAuthenticator : public vmime::security::sasl::defaultSASLAuthenticator {
+
+	const std::vector <vmime::shared_ptr <vmime::security::sasl::SASLMechanism> >
+		getAcceptableMechanisms(
+			const std::vector <vmime::shared_ptr <vmime::security::sasl::SASLMechanism> >& available,
+			const vmime::shared_ptr <vmime::security::sasl::SASLMechanism>& suggested
+		) const {
+
+		std::cout << std::endl << "Available SASL mechanisms:" << std::endl;
+
+		for (unsigned int i = 0 ; i < available.size() ; ++i) {
+
+			std::cout << "  " << available[i]->getName();
+
+			if (suggested && available[i]->getName() == suggested->getName()) {
+				std::cout << "(suggested)";
+			}
+		}
+
+		std::cout << std::endl << std::endl;
+
+		return defaultSASLAuthenticator::getAcceptableMechanisms(available, suggested);
+	}
+
+	void setSASLMechanism(const vmime::shared_ptr <vmime::security::sasl::SASLMechanism>& mech) {
+
+		std::cout << "Trying '" << mech->getName() << "' authentication mechanism" << std::endl;
+
+		defaultSASLAuthenticator::setSASLMechanism(mech);
+	}
+
+	const vmime::string getUsername() const {
+
+		if (m_username.empty()) {
+			m_username = getUserInput("Username");
+		}
+
+		return m_username;
+	}
+
+	const vmime::string getPassword() const {
+
+		if (m_password.empty()) {
+			m_password = getUserInput("Password");
+		}
+
+		return m_password;
+	}
+
+	static const vmime::string getUserInput(const std::string& prompt) {
+
+		std::cout << prompt << ": ";
+		std::cout.flush();
+
+		vmime::string res;
+		std::getline(std::cin, res);
+
+		return res;
+	}
+
+private:
+
+	mutable vmime::string m_username;
+	mutable vmime::string m_password;
+};
+
+#else // !VMIME_HAVE_SASL_SUPPORT
+
+// Simple authentication handler
+class interactiveAuthenticator : public vmime::security::defaultAuthenticator {
+
+	const vmime::string getUsername() const {
+
+		if (m_username.empty()) {
+			m_username = getUserInput("Username");
+		}
+
+		return m_username;
+	}
+
+	const vmime::string getPassword() const {
+
+		if (m_password.empty()) {
+			m_password = getUserInput("Password");
+		}
+
+		return m_password;
+	}
+
+	static const vmime::string getUserInput(const std::string& prompt) {
+
+		std::cout << prompt << ": ";
+		std::cout.flush();
+
+		vmime::string res;
+		std::getline(std::cin, res);
+
+		return res;
+	}
+
+private:
+
+	mutable vmime::string m_username;
+	mutable vmime::string m_password;
+};
+
+#endif // VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/examples/example6_certificateVerifier.hpp b/vmime-master/examples/example6_certificateVerifier.hpp
new file mode 100644
index 0000000..3d8bf82
--- /dev/null
+++ b/vmime-master/examples/example6_certificateVerifier.hpp
@@ -0,0 +1,64 @@
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+// Certificate verifier (TLS/SSL)
+class interactiveCertificateVerifier : public vmime::security::cert::defaultCertificateVerifier {
+
+public:
+
+	void verify(
+		const vmime::shared_ptr <vmime::security::cert::certificateChain>& chain,
+		const vmime::string& hostname
+	) {
+
+		try {
+
+			setX509TrustedCerts(m_trustedCerts);
+
+			defaultCertificateVerifier::verify(chain, hostname);
+
+		} catch (vmime::security::cert::certificateException&) {
+
+			// Obtain subject's certificate
+			vmime::shared_ptr <vmime::security::cert::certificate> cert = chain->getAt(0);
+
+			std::cout << std::endl;
+			std::cout << "Server sent a '" << cert->getType() << "'" << " certificate." << std::endl;
+			std::cout << "Do you want to accept this certificate? (Y/n) ";
+			std::cout.flush();
+
+			std::string answer;
+			std::getline(std::cin, answer);
+
+			if (answer.length() != 0 &&
+			    (answer[0] == 'Y' || answer[0] == 'y')) {
+
+				// Accept it, and remember user's choice for later
+				if (cert->getType() == "X.509") {
+
+					m_trustedCerts.push_back(
+						vmime::dynamicCast <vmime::security::cert::X509Certificate>(cert)
+					);
+
+					setX509TrustedCerts(m_trustedCerts);
+					defaultCertificateVerifier::verify(chain, hostname);
+				}
+
+				return;
+			}
+
+			throw vmime::security::cert::certificateException("User did not accept the certificate.");
+		}
+	}
+
+private:
+
+	static std::vector <vmime::shared_ptr <vmime::security::cert::X509Certificate> > m_trustedCerts;
+};
+
+
+std::vector <vmime::shared_ptr <vmime::security::cert::X509Certificate> >
+	interactiveCertificateVerifier::m_trustedCerts;
+
+#endif // VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/examples/example6_timeoutHandler.hpp b/vmime-master/examples/example6_timeoutHandler.hpp
new file mode 100644
index 0000000..7999084
--- /dev/null
+++ b/vmime-master/examples/example6_timeoutHandler.hpp
@@ -0,0 +1,60 @@
+#include <ctime>
+
+
+/** Time out handler.
+  * Used to stop the current operation after too much time, or if the user
+  * requested cancellation.
+  */
+class timeoutHandler : public vmime::net::timeoutHandler {
+
+public:
+
+	timeoutHandler()
+		: m_start(time(NULL)) {
+
+	}
+
+	bool isTimeOut() {
+
+		// This is a cancellation point: return true if you want to cancel
+		// the current operation. If you return true, handleTimeOut() will
+		// be called just after this, and before actually cancelling the
+		// operation
+
+		// 10 seconds timeout
+		return (time(NULL) - m_start) >= 10;  // seconds
+	}
+
+	void resetTimeOut() {
+
+		// Called at the beginning of an operation (eg. connecting,
+		// a read() or a write() on a socket...)
+		m_start = time(NULL);
+	}
+
+	bool handleTimeOut() {
+
+		// If isTimeOut() returned true, this function will be called. This
+		// allows you to interact with the user, ie. display a prompt to
+		// know whether he wants to cancel the operation.
+
+		// If you return false here, the operation will be actually cancelled.
+		// If true, the time out is reset and the operation continues.
+		return false;
+	}
+
+private:
+
+	time_t m_start;
+};
+
+
+class timeoutHandlerFactory : public vmime::net::timeoutHandlerFactory {
+
+public:
+
+	vmime::shared_ptr <vmime::net::timeoutHandler> create() {
+
+		return vmime::make_shared <timeoutHandler>();
+	}
+};
diff --git a/vmime-master/examples/example6_tracer.hpp b/vmime-master/examples/example6_tracer.hpp
new file mode 100644
index 0000000..27090cf
--- /dev/null
+++ b/vmime-master/examples/example6_tracer.hpp
@@ -0,0 +1,59 @@
+
+/** Tracer used to demonstrate logging communication between client and server.
+  */
+class myTracer : public vmime::net::tracer {
+
+public:
+
+	myTracer(
+		const vmime::shared_ptr <std::ostringstream>& stream,
+		const vmime::shared_ptr <vmime::net::service>& serv,
+		const int connectionId
+	)
+		: m_stream(stream),
+		  m_service(serv),
+		  m_connectionId(connectionId) {
+
+	}
+
+	void traceSend(const vmime::string& line) {
+
+		*m_stream << "[" << m_service->getProtocolName() << ":" << m_connectionId
+		          << "] C: " << line << std::endl;
+	}
+
+	void traceReceive(const vmime::string& line) {
+
+		*m_stream << "[" << m_service->getProtocolName() << ":" << m_connectionId
+		          << "] S: " << line << std::endl;
+	}
+
+private:
+
+	vmime::shared_ptr <std::ostringstream> m_stream;
+	vmime::shared_ptr <vmime::net::service> m_service;
+	const int m_connectionId;
+};
+
+
+class myTracerFactory : public vmime::net::tracerFactory {
+
+public:
+
+	myTracerFactory(const vmime::shared_ptr <std::ostringstream>& stream)
+		: m_stream(stream) {
+
+	}
+
+	vmime::shared_ptr <vmime::net::tracer> create(
+		const vmime::shared_ptr <vmime::net::service>& serv,
+		const int connectionId
+	) {
+
+		return vmime::make_shared <myTracer>(m_stream, serv, connectionId);
+	}
+
+private:
+
+	vmime::shared_ptr <std::ostringstream> m_stream;
+};
diff --git a/vmime-master/examples/example7.cpp b/vmime-master/examples/example7.cpp
new file mode 100644
index 0000000..db96dbd
--- /dev/null
+++ b/vmime-master/examples/example7.cpp
@@ -0,0 +1,118 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// This sample program demonstrates how to enumerate encoders and
+// messaging services in VMime.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <locale>
+#include <clocale>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+int main() {
+
+	// Enumerate encoders
+	vmime::shared_ptr <vmime::utility::encoder::encoderFactory> ef =
+		vmime::utility::encoder::encoderFactory::getInstance();
+
+	std::cout << "Available encoders:" << std::endl;
+
+	for (size_t i = 0 ; i < ef->getEncoderCount() ; ++i) {
+
+		vmime::shared_ptr <const vmime::utility::encoder::encoderFactory::registeredEncoder>
+			enc = ef->getEncoderAt(i);
+
+		std::cout << "  * " << enc->getName() << std::endl;
+
+		vmime::shared_ptr <vmime::utility::encoder::encoder> e =
+			vmime::utility::encoder::encoderFactory::getInstance()->create(enc->getName());
+
+		std::vector <vmime::string> props = e->getAvailableProperties();
+
+		for (std::vector <vmime::string>::const_iterator it = props.begin() ; it != props.end() ; ++it) {
+			std::cout << "      - " << *it << std::endl;
+		}
+	}
+
+	std::cout << std::endl;
+
+	// Enumerate messaging services and their properties
+	vmime::shared_ptr <vmime::net::serviceFactory> sf =
+		vmime::net::serviceFactory::getInstance();
+
+	std::cout << "Available messaging services:" << std::endl;
+
+	for (size_t i = 0 ; i < sf->getServiceCount() ; ++i) {
+
+		const vmime::net::serviceFactory::registeredService& serv = *sf->getServiceAt(i);
+
+		std::cout << "  * " << serv.getName() << std::endl;
+
+		std::vector <vmime::net::serviceInfos::property> props =
+			serv.getInfos().getAvailableProperties();
+
+		for (std::vector <vmime::net::serviceInfos::property>::const_iterator it = props.begin() ;
+		     it != props.end() ; ++it) {
+
+			const vmime::net::serviceInfos::property& p = *it;
+
+			const vmime::string name = serv.getInfos().getPropertyPrefix() + p.getName();
+
+			vmime::string type;
+
+			switch (p.getType()) {
+				case vmime::net::serviceInfos::property::TYPE_INTEGER: type = "TYPE_INTEGER"; break;
+				case vmime::net::serviceInfos::property::TYPE_STRING: type = "TYPE_STRING"; break;
+				case vmime::net::serviceInfos::property::TYPE_BOOLEAN: type = "TYPE_BOOLEAN"; break;
+				default: type = "(unknown)"; break;
+			}
+
+			vmime::string flags;
+
+			if (p.getFlags() & vmime::net::serviceInfos::property::FLAG_REQUIRED) {
+				flags += " FLAG_REQUIRED";
+			}
+			if (p.getFlags() & vmime::net::serviceInfos::property::FLAG_HIDDEN) {
+				flags += " FLAG_HIDDEN";
+			}
+
+			std::cout << "      - " << serv.getInfos().getPropertyPrefix() + p.getName();
+			std::cout << " (type=" << type << ", flags=" << flags;
+			std::cout << ", defaultValue=" << p.getDefaultValue() << ")" << std::endl;
+		}
+	}
+
+	std::cout << std::endl;
+
+	return 0;
+}
diff --git a/vmime-master/examples/viewer/CMakeLists.txt b/vmime-master/examples/viewer/CMakeLists.txt
new file mode 100644
index 0000000..c8d9316
--- /dev/null
+++ b/vmime-master/examples/viewer/CMakeLists.txt
@@ -0,0 +1,31 @@
+
+IF(VMIME_BUILD_SAMPLES)
+
+	FIND_PACKAGE(PkgConfig REQUIRED)
+	PKG_CHECK_MODULES(GTK3 REQUIRED gtk+-3.0)
+
+	INCLUDE_DIRECTORIES(${GTK3_INCLUDE_DIRS})
+	LINK_DIRECTORIES(${GTK3_LIBRARY_DIRS})
+	ADD_DEFINITIONS(${GTK3_CFLAGS_OTHER})
+
+	ADD_EXECUTABLE(
+		viewer
+		viewer.cpp
+	)
+
+	TARGET_LINK_LIBRARIES(
+		viewer
+		${VMIME_LIBRARY_NAME}
+		${GTK3_LIBRARIES}
+	)
+
+	ADD_DEPENDENCIES(
+		viewer
+		${VMIME_LIBRARY_NAME}
+	)
+
+ELSE()
+
+	MESSAGE(FATAL_ERROR "Examples are not to be built (set VMIME_BUILD_SAMPLES to YES.")
+
+ENDIF()
diff --git a/vmime-master/examples/viewer/viewer.cpp b/vmime-master/examples/viewer/viewer.cpp
new file mode 100644
index 0000000..a03120a
--- /dev/null
+++ b/vmime-master/examples/viewer/viewer.cpp
@@ -0,0 +1,294 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+//
+// EXAMPLE DESCRIPTION:
+// ====================
+// A simple MIME viewer to show all the components of a message.
+// The user interface is written using GTK+ 2.6.
+//
+// For more information, please visit:
+// http://www.vmime.org/
+//
+
+#include <iostream>
+#include <fstream>
+#include <vector>
+#include <typeinfo>
+
+#include <gtk/gtk.h>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+
+GtkWidget* window = NULL;
+GtkWidget* treeView = NULL;
+GtkWidget* textArea = NULL;
+
+GtkTreeStore* treeModel = NULL;
+
+vmime::shared_ptr <vmime::message> currentMessage;
+
+
+
+void insertRowInModel(
+	GtkTreeStore* model,
+	vmime::shared_ptr <vmime::component> comp,
+	GtkTreeIter* parent = NULL
+) {
+
+	GtkTreeIter iter;
+
+	gtk_tree_store_append(model, &iter, parent);
+	gtk_tree_store_set(model, &iter, 0, typeid(*comp).name(), 1, comp.get(), -1);
+
+	const std::vector <vmime::shared_ptr <vmime::component> > children = comp->getChildComponents();
+
+	for (int i = 0 ; i < children.size() ; ++i) {
+		insertRowInModel(model, children[i], &iter);
+	}
+}
+
+
+void updateTreeView() {
+
+	GtkTreeStore* model = GTK_TREE_STORE(gtk_tree_view_get_model(GTK_TREE_VIEW(treeView)));
+
+	g_object_ref(model);
+	gtk_tree_view_set_model(GTK_TREE_VIEW(treeView), NULL);
+
+	gtk_tree_store_clear(model);
+
+	insertRowInModel(model, currentMessage);
+
+	gtk_tree_view_set_model(GTK_TREE_VIEW(treeView), GTK_TREE_MODEL(model));
+	g_object_unref(model);
+}
+
+
+static void treeViewSelChanged(GtkTreeView* treeView, gpointer userData) {
+
+	GtkTreePath* path = NULL;
+	GtkTreeViewColumn* col = NULL;
+
+	gtk_tree_view_get_cursor(treeView, &path, &col);
+
+	GtkTreeIter iter;
+	gtk_tree_model_get_iter(GTK_TREE_MODEL(treeModel), &iter, path);
+
+	vmime::component* comp = NULL;
+	gtk_tree_model_get(GTK_TREE_MODEL(treeModel), &iter, 1, &comp, -1);
+
+	GtkTextBuffer* textBuffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(textArea));
+	GtkTextIter start, end;
+
+	gtk_text_buffer_get_iter_at_offset(textBuffer, &start, comp->getParsedOffset());
+	gtk_text_buffer_get_iter_at_offset(textBuffer, &end, comp->getParsedOffset() + comp->getParsedLength());
+
+	gtk_text_buffer_select_range(textBuffer, &start, &end);
+
+	gtk_text_view_scroll_to_iter(GTK_TEXT_VIEW(textArea), &start, 0.0, FALSE, 0.0, 0.0);
+
+	gtk_tree_path_free(path);
+}
+
+
+static void destroy(GtkWidget* widget, gpointer data) {
+
+	gtk_main_quit();
+}
+
+
+void openFile(const std::string& filename) {
+
+	std::ifstream file;
+	file.open(filename.c_str(), std::ios::in | std::ios::binary);
+
+	if (!file) {
+		std::cerr << "Can't open file '" << filename << "'." << std::endl;
+		return;
+	}
+
+	vmime::string data;
+	char buffer[16384];
+
+	do {
+		file.read(buffer, sizeof(buffer));
+		data += vmime::string(buffer, file.gcount());
+	} while (file.gcount());
+
+	vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+	msg->parse(data);
+
+	currentMessage = msg;
+
+	char* convData = g_convert_with_fallback(data.c_str(), data.length(),
+		"UTF-8", "ISO-8859-1", "?", NULL, NULL, NULL);
+
+	if (!convData) {
+
+		gtk_text_buffer_set_text(gtk_text_view_get_buffer(GTK_TEXT_VIEW(textArea)),
+			"GLib UTF-8 conversion error.", -1);
+
+	} else {
+
+		gtk_text_buffer_set_text(gtk_text_view_get_buffer(GTK_TEXT_VIEW(textArea)),
+			convData, strlen(convData));
+
+		g_free(convData);
+	}
+
+	updateTreeView();
+}
+
+
+static void onFileOpen() {
+
+	GtkWidget* dlg = gtk_file_chooser_dialog_new(
+		"Open Message File",
+		GTK_WINDOW(window),
+		GTK_FILE_CHOOSER_ACTION_OPEN,
+		GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
+		GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT,
+		NULL
+	);
+
+	if (gtk_dialog_run(GTK_DIALOG(dlg)) == GTK_RESPONSE_ACCEPT) {
+
+		char* filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dlg));
+
+		openFile(filename);
+
+		g_free(filename);
+	}
+
+	gtk_widget_destroy(dlg);
+}
+
+
+
+// UI definitions
+static const GtkActionEntry uiActions[] = {
+	{ "FileMenu", NULL, "_File" },
+	{ "FileOpen", GTK_STOCK_OPEN, "_Open...", "<control>O", NULL, G_CALLBACK(onFileOpen) },
+	{ "FileExit", GTK_STOCK_QUIT, "_Exit", "<control>Q", NULL, G_CALLBACK(gtk_main_quit) }
+};
+
+static const char* uiDefinition =
+	"<ui>" \
+	"	<menubar name=\"MainMenuBar\">" \
+	"		<menu action=\"FileMenu\">" \
+	"			<menuitem action=\"FileOpen\"/>" \
+	"			<menuitem action=\"FileExit\"/>" \
+	"		</menu>" \
+	"	</menubar>" \
+	"</ui>";
+
+
+int main(int argc, char* argv[]) {
+
+	// VMime initialization
+	vmime::platform::setHandler<vmime::platforms::posix::posixHandler>();
+
+	// GTK+ initialization
+	gtk_init(&argc, &argv);
+
+	// Create a new window
+	window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+
+	gtk_window_set_default_size(GTK_WINDOW(window), 800, 550);
+	gtk_window_set_title(GTK_WINDOW(window), "VMime Viewer Example");
+
+	g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(destroy), NULL);
+
+	GtkWidget* vbox = gtk_vbox_new(FALSE, 0);
+	gtk_container_add(GTK_CONTAINER(window), vbox);
+
+	// Menubar
+	GtkActionGroup* actionGroup = gtk_action_group_new ("Actions");
+	gtk_action_group_add_actions(actionGroup, uiActions, G_N_ELEMENTS(uiActions), NULL);
+
+	GtkUIManager* uiManager = gtk_ui_manager_new();
+	gtk_ui_manager_insert_action_group(uiManager, actionGroup, 1);
+	gtk_ui_manager_add_ui_from_string(uiManager, uiDefinition, -1, NULL);
+
+	GtkWidget* menuBar = gtk_ui_manager_get_widget(uiManager, "/MainMenuBar");
+
+	gtk_box_pack_start(GTK_BOX(vbox), menuBar, FALSE, FALSE, 0);
+
+	// Horizontal Pane
+	GtkWidget* hpane = gtk_hpaned_new();
+	gtk_box_pack_start(GTK_BOX(vbox), hpane, TRUE, TRUE, 0);
+
+	// Tree View
+	treeModel = gtk_tree_store_new(2, G_TYPE_STRING, G_TYPE_POINTER);
+
+	treeView = gtk_tree_view_new();
+
+	g_signal_connect(G_OBJECT(treeView), "cursor-changed", G_CALLBACK(treeViewSelChanged), NULL);
+
+	GtkWidget* scroll = gtk_scrolled_window_new(NULL, NULL);
+
+	gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scroll), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
+	gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scroll), GTK_SHADOW_IN);
+	gtk_container_add(GTK_CONTAINER(scroll), treeView);
+
+	gtk_paned_add1(GTK_PANED(hpane), scroll);
+
+	GtkTreeViewColumn* col = gtk_tree_view_column_new();
+	gtk_tree_view_column_set_title(col, "Component Name");
+	gtk_tree_view_append_column(GTK_TREE_VIEW(treeView), col);
+
+	GtkCellRenderer* renderer = gtk_cell_renderer_text_new();
+
+	gtk_tree_view_column_pack_start(col, renderer, TRUE);
+	gtk_tree_view_column_add_attribute(col, renderer, "text", 0);
+
+	gtk_tree_view_set_model(GTK_TREE_VIEW(treeView), GTK_TREE_MODEL(treeModel));
+	g_object_unref(treeModel);
+
+	gtk_widget_set_size_request(treeView, 200, 100);
+
+	// Text Area
+	textArea = gtk_text_view_new();
+
+	gtk_text_view_set_editable(GTK_TEXT_VIEW(textArea), FALSE);
+
+	scroll = gtk_scrolled_window_new(NULL, NULL);
+
+	gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scroll), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
+	gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scroll), GTK_SHADOW_IN);
+	gtk_container_add(GTK_CONTAINER(scroll), textArea);
+
+	gtk_paned_add2(GTK_PANED(hpane), scroll);
+
+	// Show main window
+	gtk_widget_show_all(window);
+
+	// GTK main loop
+	gtk_main();
+
+	return 0;
+}
diff --git a/vmime-master/mingw_cross_toolchain.cmake b/vmime-master/mingw_cross_toolchain.cmake
new file mode 100644
index 0000000..d8727f1
--- /dev/null
+++ b/vmime-master/mingw_cross_toolchain.cmake
@@ -0,0 +1,14 @@
+SET(CMAKE_SYSTEM_NAME Windows)
+SET(CMAKE_CROSSCOMPILING TRUE)
+
+IF("${GNU_HOST}" STREQUAL "")
+    SET(GNU_HOST i686-w64-mingw32)
+ENDIF()
+
+# specify the cross compiler
+SET(CMAKE_C_COMPILER_TARGET ${GNU_HOST})
+SET(CMAKE_C_COMPILER ${GNU_HOST}-gcc)
+SET(CMAKE_CXX_COMPILER_TARGET ${GNU_HOST})
+SET(CMAKE_CXX_COMPILER ${GNU_HOST}-g++)
+SET(CMAKE_RC_COMPILER_TARGET ${GNU_HOST})
+SET(CMAKE_RC_COMPILER ${GNU_HOST}-windres)
diff --git a/vmime-master/src/vmime/address.cpp b/vmime-master/src/vmime/address.cpp
new file mode 100644
index 0000000..3bc434f
--- /dev/null
+++ b/vmime-master/src/vmime/address.cpp
@@ -0,0 +1,236 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/address.hpp"
+
+#include "vmime/mailbox.hpp"
+#include "vmime/mailboxGroup.hpp"
+
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+address::address() {
+
+}
+
+
+/*
+
+ RFC #2822:
+ 3.4.  ADDRESS SPECIFICATION
+
+   Addresses occur in several message header fields to indicate senders
+   and recipients of messages.  An address may either be an individual
+   mailbox, or a group of mailboxes.
+
+address         =       mailbox / group
+
+mailbox         =       name-addr / addr-spec
+
+name-addr       =       [display-name] angle-addr
+
+angle-addr      =       [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr
+
+group           =       display-name ":" [mailbox-list / CFWS] ";"
+                        [CFWS]
+
+display-name    =       phrase
+
+mailbox-list    =       (mailbox *("," mailbox)) / obs-mbox-list
+
+address-list    =       (address *("," address)) / obs-addr-list
+
+*/
+
+shared_ptr <address> address::parseNext(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition,
+	bool *isLastAddressOfGroup
+) {
+
+	bool escaped = false;
+	bool quoted = false;
+	bool quotedRFC2047 = false;
+	bool inRouteAddr = false;
+	bool isGroup = false;
+	bool stop = false;
+	int commentLevel = 0;
+
+	if (isLastAddressOfGroup) {
+		*isLastAddressOfGroup = false;
+	}
+
+	size_t pos = position;
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+		++pos;
+	}
+
+	const size_t start = pos;
+
+	while (!stop && pos < end) {
+
+		if (escaped) {
+
+			escaped = false;
+
+		} else {
+
+			switch (buffer[pos]) {
+
+				case '\\':
+
+					escaped = true;
+					break;
+
+				case '"':
+
+					quoted = !quoted;
+					break;
+
+				case '<':
+
+					inRouteAddr = true;
+					break;
+
+				case '>':
+
+					inRouteAddr = false;
+					break;
+
+				case '(':
+
+					++commentLevel;
+					break;
+
+				case ')':
+
+					if (commentLevel > 0) {
+						--commentLevel;
+					}
+
+					break;
+
+				case '=':
+
+					if (commentLevel == 0 && !quoted && !quotedRFC2047 && pos + 1 < end && buffer[pos + 1] == '?') {
+						++pos;
+						quotedRFC2047 = true;
+					}
+
+					break;
+
+				case '?':
+
+					if (commentLevel == 0 && quotedRFC2047 && pos + 1 < end && buffer[pos + 1] == '=') {
+						++pos;
+						quotedRFC2047 = false;
+					}
+
+					break;
+
+				default:
+				{
+					if (commentLevel == 0 && !quoted && !quotedRFC2047 && !inRouteAddr) {
+
+						switch (buffer[pos]) {
+
+							case ';':
+
+								if (isGroup) {
+
+									if (pos + 1 < end && buffer[pos + 1] == ',') {
+										++pos;
+									}
+								}
+
+								if (isLastAddressOfGroup) {
+									*isLastAddressOfGroup = true;
+								}
+
+								stop = true;
+								break;
+
+							case ':':
+
+								isGroup = true;
+								break;
+
+							case ',':
+
+								if (!isGroup) {
+									stop = true;
+								}
+
+								break;
+						}
+					}
+
+					break;
+				}
+
+			}
+		}
+
+		if (!stop) {
+			++pos;
+		}
+	}
+
+	if (newPosition) {
+
+		if (pos == end) {
+			*newPosition = end;
+		} else {
+			*newPosition = pos + 1;  // ',' or ';'
+		}
+	}
+
+	// Parse extracted address (mailbox or group)
+	if (pos != start) {
+
+		shared_ptr <address> parsedAddress;
+
+		if (isGroup) {
+			parsedAddress = make_shared <mailboxGroup>();
+		} else {
+			parsedAddress = make_shared <mailbox>();
+		}
+
+		parsedAddress->parse(ctx, buffer, start, pos, NULL);
+		parsedAddress->setParsedBounds(start, pos);
+
+		return parsedAddress;
+	}
+
+	return null;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/address.hpp b/vmime-master/src/vmime/address.hpp
new file mode 100644
index 0000000..f83f238
--- /dev/null
+++ b/vmime-master/src/vmime/address.hpp
@@ -0,0 +1,89 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_ADDRESS_HPP_INCLUDED
+#define VMIME_ADDRESS_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** Abstract class representing a mailbox or a group of mailboxes.
+  *
+  * This class define a common behaviour for the mailbox
+  * and mailboxGroup classes.
+  */
+class VMIME_EXPORT address : public headerFieldValue {
+
+protected:
+
+	address();
+
+public:
+
+	/** Check whether this address is empty (no mailboxes specified
+	  * if this is a mailboxGroup -or- no email specified if this is
+	  * a mailbox).
+	  *
+	  * @return true if this address is empty
+	  */
+	virtual bool isEmpty() const = 0;
+
+	/** Test whether this is object is a mailboxGroup.
+	  *
+	  * @return true if this is a mailboxGroup, false otherwise
+	  */
+	virtual bool isGroup() const = 0;
+
+	virtual shared_ptr <component> clone() const = 0;
+
+	/** Parse an address from an input buffer.
+	  *
+	  * @param ctx parsing context
+	  * @param buffer input buffer
+	  * @param position position in the input buffer
+	  * @param end end position in the input buffer
+	  * @param newPosition will receive the new position in the input buffer
+	  * @param isLastAddressOfGroup will be set to true if this is the last address
+	  * of a group (end delimiter was found), or false otherwise (may be set to NULL)
+	  * @return a new address object, or null if no more address is available in the input buffer
+	  */
+	static shared_ptr <address> parseNext(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition,
+		bool *isLastAddressOfGroup
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_ADDRESS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/addressList.cpp b/vmime-master/src/vmime/addressList.cpp
new file mode 100644
index 0000000..03c9e8f
--- /dev/null
+++ b/vmime-master/src/vmime/addressList.cpp
@@ -0,0 +1,328 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/addressList.hpp"
+#include "vmime/parserHelpers.hpp"
+#include "vmime/exception.hpp"
+#include "vmime/mailboxList.hpp"
+#include "vmime/mailboxGroup.hpp"
+
+
+namespace vmime {
+
+
+addressList::addressList() {
+
+}
+
+
+addressList::addressList(const addressList& addrList)
+	: headerFieldValue() {
+
+	copyFrom(addrList);
+}
+
+
+addressList::~addressList() {
+
+	removeAllAddresses();
+}
+
+
+void addressList::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	removeAllAddresses();
+
+	size_t pos = position;
+
+	while (pos < end) {
+
+		shared_ptr <address> parsedAddress = address::parseNext(ctx, buffer, pos, end, &pos, NULL);
+
+		if (parsedAddress) {
+			m_list.push_back(parsedAddress);
+		}
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void addressList::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	size_t pos = curLinePos;
+
+	generationContext tmpCtx(ctx);
+	tmpCtx.setMaxLineLength(tmpCtx.getMaxLineLength() - 2);
+
+	if (!m_list.empty()) {
+
+		for (std::vector <shared_ptr <address> >::const_iterator i = m_list.begin() ; ; ) {
+
+			(*i)->generate(ctx, os, pos, &pos);
+
+			if (++i == m_list.end()) {
+				break;
+			}
+
+			os << ", ";
+			pos += 2;
+		}
+	}
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+void addressList::copyFrom(const component& other) {
+
+	const addressList& addrList = dynamic_cast <const addressList&>(other);
+
+	removeAllAddresses();
+
+	for (std::vector <shared_ptr <address> >::const_iterator it = addrList.m_list.begin() ;
+	     it != addrList.m_list.end() ; ++it) {
+
+		m_list.push_back(vmime::clone(*it));
+	}
+}
+
+
+addressList& addressList::operator=(const addressList& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+addressList& addressList::operator=(const mailboxList& other) {
+
+	removeAllAddresses();
+
+	for (size_t i = 0 ; i < other.getMailboxCount() ; ++i) {
+		m_list.push_back(dynamicCast <address>(other.getMailboxAt(i)->clone()));
+	}
+
+	return *this;
+}
+
+
+shared_ptr <component> addressList::clone() const {
+
+	return make_shared <addressList>(*this);
+}
+
+
+void addressList::appendAddress(const shared_ptr <address> &addr) {
+
+	m_list.push_back(addr);
+}
+
+
+void addressList::insertAddressBefore(const shared_ptr <address>& beforeAddress, const shared_ptr <address>& addr) {
+
+	const std::vector <shared_ptr <address> >::iterator it = std::find(
+		m_list.begin(), m_list.end(), beforeAddress
+	);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(it, addr);
+}
+
+
+void addressList::insertAddressBefore(const size_t pos, const shared_ptr <address>& addr) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(m_list.begin() + pos, addr);
+}
+
+
+void addressList::insertAddressAfter(
+	const shared_ptr <address>& afterAddress,
+	const shared_ptr <address>& addr
+) {
+
+	const std::vector <shared_ptr <address> >::iterator it = std::find(
+		m_list.begin(), m_list.end(), afterAddress
+	);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(it + 1, addr);
+}
+
+
+void addressList::insertAddressAfter(const size_t pos, const shared_ptr <address>& addr) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(m_list.begin() + pos + 1, addr);
+}
+
+
+void addressList::removeAddress(const shared_ptr <address>& addr) {
+
+	const std::vector <shared_ptr <address> >::iterator it = std::find(
+		m_list.begin(), m_list.end(), addr
+	);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.erase(it);
+}
+
+
+void addressList::removeAddress(const size_t pos) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	const std::vector <shared_ptr <address> >::iterator it = m_list.begin() + pos;
+
+	m_list.erase(it);
+}
+
+
+void addressList::removeAllAddresses() {
+
+	m_list.clear();
+}
+
+
+size_t addressList::getAddressCount() const {
+
+	return m_list.size();
+}
+
+
+bool addressList::isEmpty() const {
+
+	return m_list.empty();
+}
+
+
+shared_ptr <address> addressList::getAddressAt(const size_t pos) {
+
+	return m_list[pos];
+}
+
+
+const shared_ptr <const address> addressList::getAddressAt(const size_t pos) const {
+
+	return m_list[pos];
+}
+
+
+const std::vector <shared_ptr <const address> > addressList::getAddressList() const {
+
+	std::vector <shared_ptr <const address> > list;
+
+	list.reserve(m_list.size());
+
+	for (std::vector <shared_ptr <address> >::const_iterator it = m_list.begin() ;
+	     it != m_list.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <address> > addressList::getAddressList() {
+
+	return m_list;
+}
+
+
+const std::vector <shared_ptr <component> > addressList::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	copy_vector(m_list, list);
+
+	return list;
+}
+
+
+shared_ptr <mailboxList> addressList::toMailboxList() const {
+
+	shared_ptr <mailboxList> res = make_shared <mailboxList>();
+
+	for (std::vector <shared_ptr <address> >::const_iterator it = m_list.begin() ;
+	     it != m_list.end() ; ++it) {
+
+		shared_ptr <const address> addr = *it;
+
+		if (addr->isGroup()) {
+
+			const std::vector <shared_ptr <const mailbox> > mailboxes =
+				dynamicCast <const mailboxGroup>(addr)->getMailboxList();
+
+			for (std::vector <shared_ptr <const mailbox> >::const_iterator jt = mailboxes.begin() ;
+			     jt != mailboxes.end() ; ++jt) {
+
+				res->appendMailbox(vmime::clone(*jt));
+			}
+
+		} else {
+
+			res->appendMailbox(dynamicCast <mailbox>(addr->clone()));
+		}
+	}
+
+	return res;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/addressList.hpp b/vmime-master/src/vmime/addressList.hpp
new file mode 100644
index 0000000..69cbd74
--- /dev/null
+++ b/vmime-master/src/vmime/addressList.hpp
@@ -0,0 +1,198 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_ADDRESSLIST_HPP_INCLUDED
+#define VMIME_ADDRESSLIST_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+#include "vmime/address.hpp"
+
+
+namespace vmime {
+
+
+class mailboxList;
+
+
+/** A list of addresses.
+  */
+class VMIME_EXPORT addressList : public headerFieldValue {
+
+public:
+
+	addressList();
+	addressList(const addressList& addrList);
+
+	~addressList();
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	addressList& operator=(const addressList& other);
+	addressList& operator=(const mailboxList& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+
+	/** Add a address at the end of the list.
+	  *
+	  * @param addr address to append
+	  */
+	void appendAddress(const shared_ptr <address>& addr);
+
+	/** Insert a new address before the specified address.
+	  *
+	  * @param beforeAddress address before which the new address will be inserted
+	  * @param addr address to insert
+	  * @throw std::out_of_range if the address is not in the list
+	  */
+	void insertAddressBefore(
+		const shared_ptr <address>& beforeAddress,
+		const shared_ptr <address>& addr
+		);
+
+	/** Insert a new address before the specified position.
+	  *
+	  * @param pos position at which to insert the new address (0 to insert at
+	  * the beginning of the list)
+	  * @param addr address to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertAddressBefore(const size_t pos, const shared_ptr <address>& addr);
+
+	/** Insert a new address after the specified address.
+	  *
+	  * @param afterAddress address after which the new address will be inserted
+	  * @param addr address to insert
+	  * @throw std::out_of_range if the address is not in the list
+	  */
+	void insertAddressAfter(
+		const shared_ptr <address>& afterAddress,
+		const shared_ptr <address>& addr
+	);
+
+	/** Insert a new address after the specified position.
+	  *
+	  * @param pos position of the address before the new address
+	  * @param addr address to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertAddressAfter(const size_t pos, const shared_ptr <address>& addr);
+
+	/** Remove the specified address from the list.
+	  *
+	  * @param addr address to remove
+	  * @throw std::out_of_range if the address is not in the list
+	  */
+	void removeAddress(const shared_ptr <address>& addr);
+
+	/** Remove the address at the specified position.
+	  *
+	  * @param pos position of the address to remove
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void removeAddress(const size_t pos);
+
+	/** Remove all addresses from the list.
+	  */
+	void removeAllAddresses();
+
+	/** Return the number of addresses in the list.
+	  *
+	  * @return number of addresses
+	  */
+	size_t getAddressCount() const;
+
+	/** Tests whether the list of addresses is empty.
+	  *
+	  * @return true if there is no address, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the address at the specified position.
+	  *
+	  * @param pos position
+	  * @return address at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	shared_ptr <address> getAddressAt(const size_t pos);
+
+	/** Return the address at the specified position.
+	  *
+	  * @param pos position
+	  * @return address at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	const shared_ptr <const address> getAddressAt(const size_t pos) const;
+
+	/** Return the address list.
+	  *
+	  * @return list of addresses
+	  */
+	const std::vector <shared_ptr <const address> > getAddressList() const;
+
+	/** Return the address list.
+	  *
+	  * @return list of addresses
+	  */
+	const std::vector <shared_ptr <address> > getAddressList();
+
+	/** Return a list of mailboxes.
+	  * If some addresses are actually groups, mailboxes are recursively
+	  * extracted from these groups.
+	  *
+	  * @return list of mailboxes
+	  */
+	shared_ptr <mailboxList> toMailboxList() const;
+
+private:
+
+	std::vector <shared_ptr <address> > m_list;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_ADDRESSLIST_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/attachment.hpp b/vmime-master/src/vmime/attachment.hpp
new file mode 100644
index 0000000..be20e33
--- /dev/null
+++ b/vmime-master/src/vmime/attachment.hpp
@@ -0,0 +1,116 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_ATTACHMENT_HPP_INCLUDED
+#define VMIME_ATTACHMENT_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+#include "vmime/bodyPart.hpp"
+#include "vmime/mediaType.hpp"
+#include "vmime/text.hpp"
+#include "vmime/contentHandler.hpp"
+#include "vmime/encoding.hpp"
+
+
+namespace vmime {
+
+
+/** Base class for all types of attachment.
+  */
+class VMIME_EXPORT attachment : public object {
+
+	friend class messageBuilder;
+	friend class messageParser;
+	friend class attachmentHelper;
+
+protected:
+
+	attachment() { }
+
+public:
+
+	virtual ~attachment() { }
+
+	/** Return the media type of this attachment.
+	  *
+	  * @return content type of the attachment
+	  */
+	virtual const mediaType getType() const = 0;
+
+	/** Return the description of this attachment.
+	  *
+	  * @return attachment description, or an empty text
+	  * if no description is available
+	  */
+	virtual const text getDescription() const = 0;
+
+	/** Return the (file) name of this attachment.
+	  *
+	  * @return attachment name, or an empty word if no
+	  * name is available
+	  */
+	virtual const word getName() const = 0;
+
+	/** Return the data contained in this attachment.
+	  *
+	  * @return attachment data
+	  */
+	virtual const shared_ptr <const contentHandler> getData() const = 0;
+
+	/** Return the encoding used for this attachment.
+	  *
+	  * @return attachment data encoding
+	  */
+	virtual const encoding getEncoding() const = 0;
+
+	/** Return the part in which the attachment has been found.
+	  * This can be a vmime::bodyPart or a vmime::net::part object.
+	  *
+	  * @return attachment part or NULL if the attachment is not
+	  * attached to a part
+	  */
+	virtual shared_ptr <const object> getPart() const = 0;
+
+	/** Return the header of the attachment part.
+	  *
+	  * @return attachment part header or NULL if the attachment
+	  * is not attached to a part
+	  */
+	virtual shared_ptr <const header> getHeader() const = 0;
+
+protected:
+
+	/** Generate the attachment in the specified body part.
+	  *
+	  * @param parent body part in which to generate the attachment
+	  */
+	virtual void generateIn(const shared_ptr <bodyPart>& parent) const = 0;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_ATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/attachmentHelper.cpp b/vmime-master/src/vmime/attachmentHelper.cpp
new file mode 100644
index 0000000..8605122
--- /dev/null
+++ b/vmime-master/src/vmime/attachmentHelper.cpp
@@ -0,0 +1,339 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/attachmentHelper.hpp"
+
+#include "vmime/bodyPartAttachment.hpp"
+#include "vmime/parsedMessageAttachment.hpp"
+#include "vmime/generatedMessageAttachment.hpp"
+
+#include "vmime/disposition.hpp"
+#include "vmime/emptyContentHandler.hpp"
+
+#include <iterator>
+
+
+namespace vmime {
+
+
+// static
+bool attachmentHelper::isBodyPartAnAttachment(
+	const shared_ptr <const bodyPart>& part,
+	const unsigned int options
+) {
+
+	// First, try with "Content-Disposition" field.
+	// If not present, we will try with "Content-Type" field.
+	shared_ptr <const contentDispositionField> cdf =
+		part->getHeader()->findField <contentDispositionField>(fields::CONTENT_DISPOSITION);
+
+	if (cdf) {
+
+		const contentDisposition disp = *cdf->getValue <contentDisposition>();
+
+		if (disp.getName() != contentDispositionTypes::INLINE) {
+			return true;
+		}
+
+		if ((options & INLINE_OBJECTS) == 0) {
+
+			// If the Content-Disposition is 'inline' and there is no
+			// Content-Id or Content-Location field, it may be an attachment
+			if (!part->getHeader()->hasField(vmime::fields::CONTENT_ID) &&
+			    !part->getHeader()->hasField(vmime::fields::CONTENT_LOCATION)) {
+
+				// If this is the root part, it might not be an attachment
+				if (!part->getParentPart()) {
+					return false;
+				}
+
+				return true;
+			}
+
+			return false;
+		}
+	}
+
+	// Assume "attachment" if type is not "text/..." or "multipart/...".
+	mediaType type;
+	bool hasContentTypeName = false;
+
+	shared_ptr <const contentTypeField> ctf =
+		part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		type = *ctf->getValue <mediaType>();
+
+		if (ctf->hasParameter("name")) {
+			hasContentTypeName = true;
+		}
+
+	} else {
+
+		// If this is the root part and no Content-Type field is present,
+		// then this may not be a MIME message, so do not assume it is
+		// an attachment
+		if (!part->getParentPart()) {
+			return false;
+		}
+
+		// No "Content-type" field: assume "application/octet-stream".
+		type = mediaType(
+			mediaTypes::APPLICATION,
+			mediaTypes::APPLICATION_OCTET_STREAM
+		);
+	}
+
+	if (type.getType() != mediaTypes::TEXT &&
+	    type.getType() != mediaTypes::MULTIPART) {
+
+		// Compatibility with (obsolete) RFC-1341: if there is a "name" parameter
+		// on the "Content-Type" field, then we assume it is an attachment
+		if (hasContentTypeName) {
+			return true;
+		}
+
+		if ((options & INLINE_OBJECTS) == 0) {
+
+			// If a "Content-Id" field is present, it might be an
+			// embedded object (MHTML messages)
+			if (part->getHeader()->hasField(vmime::fields::CONTENT_ID)) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	return false;
+}
+
+
+// static
+shared_ptr <const attachment> attachmentHelper::getBodyPartAttachment(
+	const shared_ptr <const bodyPart>& part,
+	const unsigned int options
+) {
+
+	if (!isBodyPartAnAttachment(part, options)) {
+		return null;
+	}
+
+	mediaType type;
+
+	shared_ptr <const contentTypeField> ctf =
+		part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		type = *ctf->getValue <mediaType>();
+
+	} else {
+
+		// No "Content-type" field: assume "application/octet-stream".
+		type = mediaType(
+			mediaTypes::APPLICATION,
+			mediaTypes::APPLICATION_OCTET_STREAM
+		);
+	}
+
+	if (type.getType() == mediaTypes::MESSAGE &&
+	    type.getSubType() == mediaTypes::MESSAGE_RFC822) {
+
+		return make_shared <generatedMessageAttachment>(part);
+
+	} else {
+
+		return make_shared <bodyPartAttachment>(part);
+	}
+}
+
+
+// static
+const std::vector <shared_ptr <const attachment> >
+	attachmentHelper::findAttachmentsInMessage(
+		const shared_ptr <const message>& msg,
+		const unsigned int options
+	) {
+
+	return findAttachmentsInBodyPart(msg, options);
+}
+
+
+// static
+const std::vector <shared_ptr <const attachment> >
+	attachmentHelper::findAttachmentsInBodyPart(
+		const shared_ptr <const bodyPart>& part,
+		const unsigned int options
+	) {
+
+	std::vector <shared_ptr <const attachment> > atts;
+
+	// Test this part
+	if (isBodyPartAnAttachment(part, options)) {
+
+		atts.push_back(getBodyPartAttachment(part, options));
+
+	// Find in sub-parts
+	} else {
+
+		shared_ptr <const body> bdy = part->getBody();
+
+		for (size_t i = 0 ; i < bdy->getPartCount() ; ++i) {
+
+			std::vector <shared_ptr <const attachment> > partAtts =
+				findAttachmentsInBodyPart(bdy->getPartAt(i), options);
+
+			std::copy(partAtts.begin(), partAtts.end(), std::back_inserter(atts));
+		}
+	}
+
+	return atts;
+}
+
+
+// static
+void attachmentHelper::addAttachment(const shared_ptr <message>& msg, const shared_ptr <attachment>& att) {
+
+	// We simply search for a "multipart/mixed" part. If no one exists,
+	// create it in the root part. This (very simple) algorithm should
+	// work in the most cases.
+
+	vmime::mediaType mpMixed(
+		vmime::mediaTypes::MULTIPART,
+		vmime::mediaTypes::MULTIPART_MIXED
+	);
+
+	shared_ptr <bodyPart> part = findBodyPart(msg, mpMixed);
+
+	if (!part) {  // create it
+
+		if (msg->getBody()->getPartCount() != 0) {
+
+			// Create a new container part for the parts that were in
+			// the root part of the message
+			shared_ptr <bodyPart> container = make_shared <bodyPart>();
+
+			if (msg->getHeader()->hasField(fields::CONTENT_TYPE)) {
+
+				container->getHeader()->ContentType()->setValue(
+					msg->getHeader()->ContentType()->getValue()
+				);
+			}
+
+			if (msg->getHeader()->hasField(fields::CONTENT_TRANSFER_ENCODING)) {
+
+				container->getHeader()->ContentTransferEncoding()->setValue(
+					msg->getHeader()->ContentTransferEncoding()->getValue()
+				);
+			}
+
+			// Move parts from the root part to this new part
+			const std::vector <shared_ptr <bodyPart> > partList =
+				msg->getBody()->getPartList();
+
+			msg->getBody()->removeAllParts();
+
+			for (unsigned int i = 0 ; i < partList.size() ; ++i) {
+				container->getBody()->appendPart(partList[i]);
+			}
+
+			msg->getBody()->appendPart(container);
+
+		} else {
+
+			// The message is a simple (RFC-822) message, and do not
+			// contains any MIME part. Move the contents from the
+			// root to a new child part.
+			shared_ptr <bodyPart> child = make_shared <bodyPart>();
+
+			if (msg->getHeader()->hasField(fields::CONTENT_TYPE)) {
+
+				child->getHeader()->ContentType()->setValue(
+					msg->getHeader()->ContentType()->getValue()
+				);
+			}
+
+			if (msg->getHeader()->hasField(fields::CONTENT_TRANSFER_ENCODING)) {
+
+				child->getHeader()->ContentTransferEncoding()->setValue(
+					msg->getHeader()->ContentTransferEncoding()->getValue()
+				);
+			}
+
+			child->getBody()->setContents(msg->getBody()->getContents());
+			msg->getBody()->setContents(make_shared <emptyContentHandler>());
+
+			msg->getBody()->appendPart(child);
+		}
+
+		// Set the root part to 'multipart/mixed'
+		msg->getHeader()->ContentType()->setValue(mpMixed);
+
+		msg->getHeader()->removeAllFields(vmime::fields::CONTENT_DISPOSITION);
+		msg->getHeader()->removeAllFields(vmime::fields::CONTENT_TRANSFER_ENCODING);
+
+		part = msg;
+	}
+
+	// Generate the attachment part
+	att->generateIn(part);
+}
+
+
+// static
+shared_ptr <bodyPart> attachmentHelper::findBodyPart(
+	const shared_ptr <bodyPart>& part,
+	const mediaType& type
+) {
+
+	if (part->getBody()->getContentType() == type) {
+		return part;
+	}
+
+	// Try in sub-parts
+	shared_ptr <body> bdy = part->getBody();
+
+	for (size_t i = 0 ; i < bdy->getPartCount() ; ++i) {
+
+		shared_ptr <bodyPart> found = findBodyPart(bdy->getPartAt(i), type);
+
+		if (found) {
+			return found;
+		}
+	}
+
+	return null;
+}
+
+
+// static
+void attachmentHelper::addAttachment(const shared_ptr <message>& msg, const shared_ptr <message>& amsg) {
+
+	shared_ptr <attachment> att = make_shared <parsedMessageAttachment>(amsg);
+	addAttachment(msg, att);
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/attachmentHelper.hpp b/vmime-master/src/vmime/attachmentHelper.hpp
new file mode 100644
index 0000000..f28819f
--- /dev/null
+++ b/vmime-master/src/vmime/attachmentHelper.hpp
@@ -0,0 +1,137 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_ATTACHMENTHELPER_HPP_INCLUDED
+#define VMIME_ATTACHMENTHELPER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+#include "vmime/attachment.hpp"
+#include "vmime/message.hpp"
+
+
+namespace vmime {
+
+
+/** Retrieve attachment information from message parts.
+  */
+class VMIME_EXPORT attachmentHelper {
+
+public:
+
+	/** Options for use with the following functions:
+	  *     findAttachmentsInMessage,
+	  *     getBodyPartAttachment,
+	  * and isBodyPartAnAttachment.
+	  */
+	enum FindOptions {
+		INLINE_OBJECTS = (1 << 0)        /**< Recognize and return inline objects. The aim is to
+		                                      consider MHTML objects (parts with a "Content-Id" or
+		                                      a "Content-Location", such as inline images) as attachments. */
+	};
+
+	/** Test whether a body part is an attachment.
+	  *
+	  * @param part message part to test
+	  * @param options search options (see FindOptions)
+	  * @return true if the part is an attachment, false otherwise
+	  */
+	static bool isBodyPartAnAttachment(
+		const shared_ptr <const bodyPart>& part,
+		const unsigned int options = 0
+	);
+
+	/** Return attachment information in the specified body part.
+	  * If the specified body part does not contain attachment
+	  * information (ie. is not an attachment), NULL is returned.
+	  *
+	  * @param part message part in which to search
+	  * @param options search options (see FindOptions)
+	  * @return attachment found in the part, or NULL
+	  */
+	static shared_ptr <const attachment> getBodyPartAttachment(
+		const shared_ptr <const bodyPart>& part,
+		const unsigned int options = 0
+	);
+
+	/** Find all attachments contained in the specified part
+	  * and all its children parts.
+	  * This is simply a recursive call to getBodyPartAttachment().
+	  *
+	  * @param part part in which to search
+	  * @param options search options (see FindOptions)
+	  * @return a list of attachments found
+	  */
+	static const std::vector <shared_ptr <const attachment> >
+		findAttachmentsInBodyPart(
+			const shared_ptr <const bodyPart>& part,
+			const unsigned int options = 0
+		);
+
+	/** Find all attachments contained in the specified message.
+	  * This is simply a recursive call to getBodyPartAttachment().
+	  *
+	  * @param msg message in which to search
+	  * @param options search options (see FindOptions)
+	  * @return a list of attachments found
+	  */
+	static const std::vector <shared_ptr <const attachment> >
+		findAttachmentsInMessage(
+			const shared_ptr <const message>& msg,
+			const unsigned int options = 0
+		);
+
+	/** Add an attachment to the specified message.
+	  *
+	  * @param msg message into which to add the attachment
+	  * @param att attachment to add
+	  */
+	static void addAttachment(
+		const shared_ptr <message>& msg,
+		const shared_ptr <attachment>& att
+	);
+
+	/** Add a message attachment to the specified message.
+	  *
+	  * @param msg message into which to add the attachment
+	  * @param amsg message to attach
+	  */
+	static void addAttachment(
+		const shared_ptr <message>& msg,
+		const shared_ptr <message>& amsg
+	);
+
+protected:
+
+	static shared_ptr <bodyPart> findBodyPart(
+		const shared_ptr <bodyPart>& part,
+		const mediaType& type
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_ATTACHMENTHELPER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/base.cpp b/vmime-master/src/vmime/base.cpp
new file mode 100644
index 0000000..395d7b3
--- /dev/null
+++ b/vmime-master/src/vmime/base.cpp
@@ -0,0 +1,158 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+#include "vmime/charset.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/utility/encoder/encoder.hpp"
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/utility/encoder/qpEncoder.hpp"
+
+#include "vmime/text.hpp"
+
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+// For initializing
+#include "vmime/utility/encoder/encoderFactory.hpp"
+#include "vmime/headerFieldFactory.hpp"
+#include "vmime/textPartFactory.hpp"
+#include "vmime/generationContext.hpp"
+#include "vmime/parsingContext.hpp"
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	#include "vmime/net/serviceFactory.hpp"
+#endif
+
+
+namespace vmime {
+
+
+/** "Null" (empty) string.
+  */
+const string NULL_STRING;
+
+/** "Null" (empty) text.
+  */
+const text NULL_TEXT;
+
+/** "Null" (empty) word.
+  */
+const word NULL_WORD("", vmime::charset(vmime::charsets::US_ASCII));
+
+
+/** Return the library name (eg: "libvmime").
+  *
+  * @return library name
+  */
+const string libname() { return (VMIME_PACKAGE); }
+
+/** Return the library version (eg: "0.5.2").
+  *
+  * @return library version
+  */
+const string libversion() { return (VMIME_VERSION " (" __DATE__ " " __TIME__ ")"); }
+
+/** Return the library API version (eg: "6:1:6").
+  *
+  * @return library API version
+  */
+const string libapi() { return (VMIME_API); }
+
+
+// New line sequence to be used when folding header fields.
+const string NEW_LINE_SEQUENCE = "\r\n ";
+const size_t NEW_LINE_SEQUENCE_LENGTH = 1;   // space
+
+/** The CR-LF sequence.
+  */
+const string CRLF = "\r\n";
+
+
+/** The current MIME version supported by VMime.
+  */
+const string SUPPORTED_MIME_VERSION = "1.0";
+
+
+#ifndef VMIME_BUILDING_DOC
+
+/** Null shared pointer.
+  */
+nullPtrType null;
+
+#endif // VMIME_BUILDING_DOC
+
+
+// Line length limits
+namespace lineLengthLimits {
+
+	const size_t infinite = std::numeric_limits <size_t>::max();
+}
+
+
+const size_t npos = std::numeric_limits <size_t>::max();
+
+
+
+#ifndef VMIME_BUILDING_DOC
+
+//
+//  V-Mime Initializer
+// ====================
+//
+// Force instanciation of singletons. This is to prevent problems that might
+// happen in multithreaded applications...
+//
+// WARNING: we put the initializer at the end of this compilation unit. This
+// ensures this object is initialized _after_ all other global variables in
+// the same compilation unit (in particular "lineLengthLimits::infinite",
+// which is used by the generate() function (called from "textPartFactory"
+// constructor, for example).
+//
+
+struct initializer {
+
+	initializer() {
+
+		parsingContext::getDefaultContext();
+		generationContext::getDefaultContext();
+
+		utility::encoder::encoderFactory::getInstance();
+		headerFieldFactory::getInstance();
+		textPartFactory::getInstance();
+
+		#if VMIME_HAVE_MESSAGING_FEATURES
+			net::serviceFactory::getInstance();
+		#endif
+	}
+};
+
+initializer theInitializer;
+
+#endif // VMIME_BUILDING_DOC
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/base.hpp b/vmime-master/src/vmime/base.hpp
new file mode 100644
index 0000000..7782477
--- /dev/null
+++ b/vmime-master/src/vmime/base.hpp
@@ -0,0 +1,258 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_BASE_HPP_INCLUDED
+#define VMIME_BASE_HPP_INCLUDED
+
+
+#include <string>
+#include <vector>
+#include <map>
+#include <sstream>
+#include <cctype>
+#include <locale>
+
+#include "vmime/config.hpp"
+#include "vmime/types.hpp"
+#include "vmime/constants.hpp"
+
+
+namespace vmime {
+
+	class text;
+	class word;
+	class charset;
+
+
+	// "Null" strings
+	extern VMIME_EXPORT const string NULL_STRING;
+
+	extern VMIME_EXPORT const text NULL_TEXT;
+	extern VMIME_EXPORT const word NULL_WORD;
+
+#ifndef VMIME_BUILDING_DOC
+
+	// Null pointer
+	struct nullPtrType {
+
+		template <typename T>
+	    operator shared_ptr <T>() { return shared_ptr <T>(); }
+	};
+
+	extern nullPtrType VMIME_EXPORT null;
+
+#endif // VMIME_BUILDING_DOC
+
+
+	//
+	// Library name and version
+	//
+
+	const string VMIME_EXPORT libname();
+	const string VMIME_EXPORT libversion();
+	const string VMIME_EXPORT libapi();
+
+
+	//
+	// Helpful functions used for array -> iterator conversion
+	//
+
+	template <typename T, size_t N>
+	inline T const* cbegin(T const (&array)[N]) {
+
+		return array;
+	}
+
+	template <typename T, size_t N>
+	inline T const* cend(T const (&array)[N]) {
+
+		return array + N;
+	}
+
+	template <typename T, size_t N>
+	inline T* begin(T (&array)[N]) {
+
+		return array;
+	}
+
+	template <typename T, size_t N>
+	inline T* end(T (&array)[N]) {
+
+		return array + N;
+	}
+
+	template <typename T, size_t N>
+	inline size_t count(T const (&/* array */)[N]) {
+
+		return N;
+	}
+
+
+	// Copy one vector to another, with type conversion
+
+	template <class T1, class T2>
+	void copy_vector(const T1& v1, T2& v2) {
+
+		const typename T1::size_type count = v1.size();
+
+		v2.resize(count);
+
+		for (typename T1::size_type i = 0 ; i < count ; ++i) {
+			v2[i] = v1[i];
+		}
+	}
+
+
+	/*
+
+	RFC#2822
+	2.1.1. Line Length Limits
+
+	There are two limits that this standard places on the number of
+	characters in a line. Each line of characters MUST be no more than
+	998 characters, and SHOULD be no more than 78 characters, excluding
+	the CRLF.
+
+	The 998 character limit is due to limitations in many implementations
+	which send, receive, or store Internet Message Format messages that
+	simply cannot handle more than 998 characters on a line. Receiving
+	implementations would do well to handle an arbitrarily large number
+	of characters in a line for robustness sake. However, there are so
+	many implementations which (in compliance with the transport
+	requirements of [RFC2821]) do not accept messages containing more
+	than 1000 character including the CR and LF per line, it is important
+	for implementations not to create such messages.
+
+	The more conservative 78 character recommendation is to accommodate
+	the many implementations of user interfaces that display these
+	messages which may truncate, or disastrously wrap, the display of
+	more than 78 characters per line, in spite of the fact that such
+	implementations are non-conformant to the intent of this specification
+	(and that of [RFC2821] if they actually cause information to be lost).
+	Again, even though this limitation is put on messages, it is encumbant
+	upon implementations which display messages to handle an arbitrarily
+	large number of characters in a line (certainly at least up to the 998
+	character limit) for the sake of robustness.
+	*/
+
+	namespace lineLengthLimits {
+
+		extern VMIME_EXPORT const size_t infinite;
+
+		enum {
+			max = 998,
+			convenient = 78
+		};
+	}
+
+
+	// New line sequence to be used when folding header fields.
+	extern VMIME_EXPORT const string NEW_LINE_SEQUENCE;
+	extern VMIME_EXPORT const size_t NEW_LINE_SEQUENCE_LENGTH;
+
+
+	// CR-LF sequence
+	extern VMIME_EXPORT const string CRLF;
+
+
+	// Mime version
+	extern VMIME_EXPORT const string SUPPORTED_MIME_VERSION;
+
+	/** Utility classes. */
+	namespace utility { }
+
+
+	/** Constant value with the greatest possible value for an element
+	  * of type size_t. The meaning is "infinite" or "until the end".
+	  */
+	extern VMIME_EXPORT const size_t npos;
+
+
+	/** Clone helper (using a shared_ptr).
+	  * This is an alias for dynamic_pointer_cast <T>(obj->clone()).
+	  */
+	template <class T>
+	shared_ptr <T> clone(const shared_ptr <T>& obj) {
+
+		return dynamic_pointer_cast <T>(obj->clone());
+	}
+
+	/** Clone helper (using a const shared_ptr).
+	  * This is an alias for dynamic_pointer_cast <T>(obj->clone()).
+	  */
+	template <class T>
+	shared_ptr <T> clone(const shared_ptr <const T>& obj) {
+
+		return dynamic_pointer_cast <T>(obj->clone());
+	}
+
+	/** Clone helper (using a const reference).
+	  * This is an alias for dynamic_pointer_cast <T>(obj.clone()).
+	  */
+	template <class T>
+	shared_ptr <T> clone(const T& obj) {
+
+		return dynamic_pointer_cast <T>(obj.clone());
+	}
+
+	/** Downcast helper.
+	  * Usage: vmime::dynamicCast <DerivedType>(obj), where 'obj' is of
+	  * type Type, and DerivedType is derived from Type.
+	  */
+	template <class X, class Y>
+	shared_ptr <X> dynamicCast(const shared_ptr <Y>& obj) {
+
+		return dynamic_pointer_cast <X, Y>(obj);
+	}
+
+	/** Const cast helper.
+	  */
+	template <class X, class Y>
+	shared_ptr <X> constCast(const shared_ptr <Y>& obj) {
+
+		return const_pointer_cast <X, Y>(obj);
+	}
+
+	/** Inherit from this class to indicate the subclass is not copyable,
+	  * ie. you want to prohibit copy construction and copy assignment.
+	  */
+	class VMIME_EXPORT noncopyable {
+
+	protected:
+
+		noncopyable() { }
+		virtual ~noncopyable() { }
+
+	private:
+
+		noncopyable(const noncopyable&);
+		void operator=(const noncopyable&);
+	};
+
+} // vmime
+
+
+#include "vmime/utility/stream.hpp"
+
+
+#endif // VMIME_BASE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/body.cpp b/vmime-master/src/vmime/body.cpp
new file mode 100644
index 0000000..a3875b9
--- /dev/null
+++ b/vmime-master/src/vmime/body.cpp
@@ -0,0 +1,1111 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/bodyPart.hpp"
+#include "vmime/body.hpp"
+
+#include "vmime/contentTypeField.hpp"
+#include "vmime/text.hpp"
+
+#include "vmime/utility/random.hpp"
+
+#include "vmime/utility/seekableInputStreamRegionAdapter.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/emptyContentHandler.hpp"
+#include "vmime/stringContentHandler.hpp"
+#include "vmime/streamContentHandler.hpp"
+
+
+namespace vmime {
+
+
+body::body()
+	: m_contents(make_shared <emptyContentHandler>()) {
+
+}
+
+
+body::~body() {
+
+}
+
+
+/*
+ * boundaryStart: will become the index for "\r\n--marker"
+ * boundaryEnd:   will become the index after "marker", i.e. index for potential trailing "--", "\r\n", etc.
+ * return value:  index for "marker"
+ */
+// static
+size_t body::findNextBoundaryPosition(
+	const shared_ptr <utility::parserInputStreamAdapter>& parser,
+	const string& boundary,
+	const size_t position,
+	const size_t end,
+	size_t* boundaryStart,
+	size_t* boundaryEnd
+) {
+
+	size_t pos = position;
+
+	for (; pos != npos && pos < end; ++pos) {
+
+		pos = parser->findNext(boundary, pos);
+
+		if (pos == npos) {
+			break;  // not found
+		}
+
+		if (pos == 0) {
+			// Boundary is a prefix of another, continue the search (same for the other "continue"s)
+			continue;
+		}
+
+		// Ensure the bytes before boundary are "[LF]--": boundary should be
+		// at the beginning of a line, and should start with "--"
+		if (pos < 3) {
+			continue;
+		}
+		parser->seek(pos - 3);
+		if (!parser->matchBytes("\n--", 3)) {
+			continue;
+		}
+
+		parser->seek(pos + boundary.length());
+
+		const byte_t next = parser->peekByte();
+
+		// Boundary should be followed by a new line or a dash
+		if (!isspace(next) && next != '-') {
+			continue;
+		}
+
+		// Get rid of the "[CR]" just before "[LF]--", if any
+		size_t backwards = 0;
+		if (pos >= 4) {
+			parser->seek(pos - 4);
+			if (parser->peekByte() == '\r') {
+				++backwards;
+			}
+		}
+
+		*boundaryStart = pos - backwards - 3;
+		*boundaryEnd = pos + boundary.length();
+
+		return pos;
+	}
+
+	return pos;
+}
+
+
+void body::parseImpl(
+	const parsingContext& ctx,
+	const shared_ptr <utility::parserInputStreamAdapter>& parser,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	removeAllParts();
+
+	m_prologText.clear();
+	m_epilogText.clear();
+
+	if (end == position) {
+
+		setParsedBounds(position, end);
+
+		if (newPosition) {
+			*newPosition = end;
+		}
+
+		return;
+	}
+
+	// Check whether the body is a MIME-multipart.
+	// If it is, also get (or try to guess) the boundary separator.
+	bool isMultipart = false;
+	string boundary;
+
+	shared_ptr <const contentTypeField> ctf =
+		m_part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		const mediaType type = *ctf->getValue <mediaType>();
+
+		if (type.getType() == mediaTypes::MULTIPART) {
+
+			isMultipart = true;
+
+			if (ctf->hasBoundary()) {
+
+				boundary = ctf->getBoundary();
+
+			} else {
+
+				// No "boundary" parameter specified: we can try to
+				// guess it by scanning the body contents...
+				size_t pos = position;
+
+				parser->seek(pos);
+
+				if (pos + 2 < end && parser->matchBytes("--", 2)) {
+
+					pos += 2;
+
+				} else {
+
+					pos = parser->findNext("\n--", position);
+
+					if ((pos != npos) && (pos + 3 < end)) {
+						pos += 3;  // skip \n--
+					}
+				}
+
+				if ((pos != npos) && (pos < end)) {
+
+					parser->seek(pos);
+
+					// Read some bytes after boundary separator
+					byte_t buffer[256];
+					const size_t bufferLen =
+						parser->read(buffer, std::min(end - pos, sizeof(buffer) / sizeof(buffer[0])));
+
+					buffer[sizeof(buffer) / sizeof(buffer[0]) - 1] = '\0';
+
+					// Skip transport padding bytes (SPACE or HTAB), if any
+					size_t boundarySkip = 0;
+
+					while (boundarySkip < bufferLen && parserHelpers::isSpace(buffer[boundarySkip])) {
+						++boundarySkip;
+					}
+
+					// Extract boundary from buffer (stop at first CR or LF).
+					// We have to stop after a reasonnably long boundary length (100)
+					// not to take the whole body contents for a boundary...
+					byte_t boundaryBytes[100];
+					size_t boundaryLen = 0;
+
+					for (byte_t c = buffer[boundarySkip] ;
+					     boundaryLen < bufferLen && boundaryLen < 100 && !(c == '\r' || c == '\n') ;
+					     ++boundaryLen, c = buffer[boundarySkip + boundaryLen]) {
+
+						boundaryBytes[boundaryLen] = c;
+					}
+
+					if (boundaryLen >= 1 && boundaryLen < 100) {
+
+						// RFC #1521, Page 31:
+						// "...the boundary parameter, which consists of 1 to 70
+						//  characters from a set of characters known to be very
+						//  robust through email gateways, and NOT ending with
+						//  white space..."
+						while (boundaryLen != 0 &&
+						       parserHelpers::isSpace(boundaryBytes[boundaryLen - 1])) {
+
+							boundaryLen--;
+						}
+
+						if (boundaryLen >= 1) {
+							boundary = string(boundaryBytes, boundaryBytes + boundaryLen);
+						}
+					}
+				}
+			}
+		}
+ 	}
+
+	// This is a multi-part body
+	if (isMultipart && !boundary.empty()) {
+
+		size_t partStart = position;
+		size_t pos = position;
+
+		bool lastPart = false;
+
+		// Find the first boundary
+		size_t boundaryStart, boundaryEnd;
+		pos = findNextBoundaryPosition(parser, boundary, pos, end, &boundaryStart, &boundaryEnd);
+
+		for (int index = 0 ; !lastPart && (pos != npos) && (pos < end) ; ++index) {
+
+			size_t partEnd = boundaryStart;
+
+			// Check whether it is the last part (boundary terminated by "--")
+			parser->seek(boundaryEnd);
+
+			if (boundaryEnd + 1 < end && parser->matchBytes("--", 2)) {
+
+				lastPart = true;
+				boundaryEnd += 2;
+			}
+
+			// RFC 2046 §5.1.1 page 22: """If a boundary delimiter
+			// line appears to end with white space, the white
+			// space must be presumed to have been added by a
+			// gateway, and must be deleted."""
+			parser->seek(boundaryEnd);
+			boundaryEnd += parser->skipIf(parserHelpers::isSpaceOrTab, end);
+
+			// End of boundary line
+			if (boundaryEnd + 1 < end && parser->matchBytes("\r\n", 2)) {
+				boundaryEnd += 2;
+			} else if (boundaryEnd < end && parser->peekByte() == '\n') {
+				++boundaryEnd;
+			} else if (boundaryEnd == end) {
+			} else {
+				/*
+				 * RFC 2046 §5.1.1 page 19: """[...] optional
+				 * linear whitespace, and a terminating
+				 * CRLF.""" — junk handling is left
+				 * unspecified, so we might as well skip it to
+				 * facilitate broken mails.
+				 */
+				boundaryEnd += parser->skipIf([](char_t c) { return c != '\n'; }, end);
+				pos = findNextBoundaryPosition(parser, boundary, boundaryEnd, end, &boundaryStart, &boundaryEnd);
+				--index;
+				continue;
+			}
+
+			if (index == 0) {
+
+				if (partEnd > partStart) {
+
+					vmime::text text;
+					text.parse(ctx, parser, partStart, partEnd);
+
+					m_prologText = text.getWholeBuffer();
+
+				} else {
+
+					m_prologText = "";
+				}
+
+			} else {  // index > 0
+
+				shared_ptr <bodyPart> part = m_part->createChildPart();
+
+				// End before start may happen on empty bodyparts (directly
+				// successive boundaries without even a line-break)
+				if (partEnd < partStart) {
+					std::swap(partStart, partEnd);
+				}
+
+				part->parse(ctx, parser, partStart, partEnd, NULL);
+
+				m_parts.push_back(part);
+			}
+
+			partStart = boundaryEnd;
+
+			// Find the next boundary
+			pos = findNextBoundaryPosition(
+				parser, boundary, boundaryEnd, end, &boundaryStart, &boundaryEnd
+			);
+		}
+
+		m_contents = make_shared <emptyContentHandler>();
+
+		// Last part was not found: recover from missing boundary
+		if (!lastPart && pos == npos) {
+
+			shared_ptr <bodyPart> part = m_part->createChildPart();
+
+			try {
+				part->parse(ctx, parser, partStart, end);
+			} catch (std::exception&) {
+				throw;
+			}
+
+			m_parts.push_back(part);
+
+		// Treat remaining text as epilog
+		} else if (partStart < end) {
+
+			vmime::text text;
+			text.parse(ctx, parser, partStart, end);
+
+			m_epilogText = text.getWholeBuffer();
+		}
+
+	// Treat the contents as 'simple' data
+	} else {
+
+		encoding enc;
+
+		shared_ptr <const headerField> cef =
+			m_part->getHeader()->findField(fields::CONTENT_TRANSFER_ENCODING);
+
+		if (cef) {
+
+			enc = *cef->getValue <encoding>();
+
+		} else {
+
+			// Defaults to "7bit" (RFC-1521)
+			enc = vmime::encoding(encodingTypes::SEVEN_BIT);
+		}
+
+		// Extract the (encoded) contents
+		const size_t length = end - position;
+
+		shared_ptr <utility::inputStream> contentStream =
+			make_shared <utility::seekableInputStreamRegionAdapter>(
+				parser->getUnderlyingStream(), position, length
+			);
+
+		m_contents = make_shared <streamContentHandler>(contentStream, length, enc);
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+text body::getActualPrologText(const generationContext& ctx) const {
+
+	const string& prologText =
+		m_prologText.empty()
+			? (isRootPart()
+				? ctx.getPrologText()
+				: NULL_STRING
+			  )
+			: m_prologText;
+
+	if (prologText.empty()) {
+		return text();
+	} else {
+		return text(prologText, vmime::charset("us-ascii"));
+	}
+}
+
+
+text body::getActualEpilogText(const generationContext& ctx) const {
+
+	const string& epilogText =
+		m_epilogText.empty()
+			? (isRootPart()
+				? ctx.getEpilogText()
+				: NULL_STRING
+			  )
+			: m_epilogText;
+
+	if (epilogText.empty()) {
+		return text();
+	} else {
+		return text(epilogText, vmime::charset("us-ascii"));
+	}
+}
+
+
+void body::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t /* curLinePos */,
+	size_t* newLinePos
+) const {
+
+	// MIME-Multipart
+	if (getPartCount() != 0) {
+
+		string boundary;
+
+		if (!m_part) {
+
+			boundary = generateRandomBoundaryString();
+
+		} else {
+
+			// Use current boundary string, if specified. If no "Content-Type" field is
+			// present, or the boundary is not specified, generate a random one
+			shared_ptr <contentTypeField> ctf =
+				m_part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+			if (ctf) {
+
+				if (ctf->hasBoundary()) {
+
+					boundary = ctf->getBoundary();
+
+				} else {
+
+					// No boundary string specified
+					boundary = generateRandomBoundaryString();
+				}
+
+			} else {
+
+				// No Content-Type (and no boundary string specified)
+				boundary = generateRandomBoundaryString();
+			}
+		}
+
+		const text prologText = getActualPrologText(ctx);
+		const text epilogText = getActualEpilogText(ctx);
+
+		if (!prologText.isEmpty()) {
+
+			prologText.encodeAndFold(
+				ctx, os, 0, NULL,
+				text::FORCE_NO_ENCODING | text::NO_NEW_LINE_SEQUENCE
+			);
+
+			os << CRLF;
+		}
+
+		os << "--" << boundary;
+
+		for (size_t p = 0 ; p < getPartCount() ; ++p) {
+
+			os << CRLF;
+
+			getPartAt(p)->generate(ctx, os, 0);
+
+			os << CRLF << "--" << boundary;
+		}
+
+		os << "--" << CRLF;
+
+		if (!epilogText.isEmpty()) {
+
+			epilogText.encodeAndFold(
+				ctx, os, 0, NULL,
+				text::FORCE_NO_ENCODING | text::NO_NEW_LINE_SEQUENCE
+			);
+
+			os << CRLF;
+		}
+
+		if (newLinePos) {
+			*newLinePos = 0;
+		}
+
+	// Simple body
+	} else {
+
+		// Generate the contents
+		shared_ptr <contentHandler> contents = m_contents->clone();
+		contents->setContentTypeHint(getContentType());
+
+		contents->generate(os, getEncoding(), ctx.getMaxLineLength());
+	}
+}
+
+
+size_t body::getGeneratedSize(const generationContext& ctx) {
+
+	// MIME-Multipart
+	if (getPartCount() != 0) {
+
+		size_t size = 0;
+
+		// Size of parts and boundaries
+		for (size_t p = 0 ; p < getPartCount() ; ++p) {
+			size += 100;  // boundary, CRLF...
+			size += getPartAt(p)->getGeneratedSize(ctx);
+		}
+
+		// Size of prolog/epilog text
+		const text prologText = getActualPrologText(ctx);
+
+		if (!prologText.isEmpty()) {
+
+			std::ostringstream oss;
+			utility::outputStreamAdapter osa(oss);
+
+			prologText.encodeAndFold(
+				ctx, osa, 0, NULL,
+				text::FORCE_NO_ENCODING | text::NO_NEW_LINE_SEQUENCE
+			);
+
+			size += oss.str().size();
+		}
+
+		const text epilogText = getActualEpilogText(ctx);
+
+		if (!epilogText.isEmpty()) {
+
+			std::ostringstream oss;
+			utility::outputStreamAdapter osa(oss);
+
+			epilogText.encodeAndFold(
+				ctx, osa, 0, NULL,
+				text::FORCE_NO_ENCODING | text::NO_NEW_LINE_SEQUENCE
+			);
+
+			size += oss.str().size();
+		}
+
+		return size;
+
+	// Simple body
+	} else {
+
+		if (getEncoding() == m_contents->getEncoding()) {
+
+			// No re-encoding has to be performed
+			return m_contents->getLength();
+
+		} else {
+
+			shared_ptr <utility::encoder::encoder> srcEncoder = m_contents->getEncoding().getEncoder();
+			shared_ptr <utility::encoder::encoder> dstEncoder = getEncoding().getEncoder();
+
+			return dstEncoder->getEncodedSize(srcEncoder->getDecodedSize(m_contents->getLength()));
+		}
+	}
+}
+
+
+/*
+   RFC #1521, Page 32:
+   7.2.1. Multipart: The common syntax
+
+   "...Encapsulation boundaries must not appear within the
+   encapsulations, and must be no longer than 70 characters..."
+
+
+   boundary := 0*69<bchars> bcharsnospace
+
+   bchars := bcharsnospace / " "
+
+   bcharsnospace :=    DIGIT / ALPHA / "'" / "(" / ")" / "+" /"_"
+                 / "," / "-" / "." / "/" / ":" / "=" / "?"
+*/
+
+const string body::generateRandomBoundaryString() {
+
+	// 64 characters that can be _safely_ used in a boundary string
+	static const char bchars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-+";
+
+	/*
+		RFC #1521, Page 19:
+
+		Since the hyphen character ("-") is represented as itself in the
+		Quoted-Printable encoding, care must be taken, when encapsulating a
+		quoted-printable encoded body in a multipart entity, to ensure that
+		the encapsulation boundary does not appear anywhere in the encoded
+		body.  (A good strategy is to choose a boundary that includes a
+		character sequence such as "=_" which can never appear in a quoted-
+		printable body.  See the definition of multipart messages later in
+		this document.)
+	*/
+
+	char boundary[2 + 48 + 1] = { 0 };
+
+	boundary[0] = '=';
+	boundary[1] = '_';
+
+	// Generate a string of random characters
+	unsigned int r = utility::random::getTime();
+	unsigned int m = static_cast <unsigned int>(sizeof(unsigned int));
+
+	for (size_t i = 2 ; i < (sizeof(boundary) / sizeof(boundary[0]) - 1) ; ++i) {
+
+			boundary[i] = bchars[r & 63];
+			r >>= 6;
+
+			if (--m == 0) {
+				r = utility::random::getNext();
+				m = static_cast <unsigned int>(sizeof(unsigned int));
+			}
+	}
+
+	return string(boundary);
+}
+
+
+bool body::isValidBoundary(const string& boundary) {
+
+	static const string validChars("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'()+_,-./:=?");
+
+	const string::const_iterator end = boundary.end();
+	bool valid = false;
+
+	if (boundary.length() > 0 && boundary.length() < 70) {
+
+		const char last = *(end - 1);
+
+		if (!(last == ' ' || last == '\t' || last == '\n')) {
+
+			valid = true;
+
+			for (string::const_iterator i = boundary.begin() ; valid && i != end ; ++i) {
+				valid = (validChars.find_first_of(*i) != string::npos);
+			}
+		}
+	}
+
+	return valid;
+}
+
+
+//
+// Quick-access functions
+//
+
+
+void body::setContentType(const mediaType& type, const charset& chset) {
+
+	shared_ptr <contentTypeField> ctf =
+		dynamicCast <contentTypeField>(m_part->getHeader()->ContentType());
+
+	ctf->setValue(type);
+	ctf->setCharset(chset);
+}
+
+
+void body::setContentType(const mediaType& type) {
+
+	m_part->getHeader()->ContentType()->setValue(type);
+}
+
+
+const mediaType body::getContentType() const {
+
+	shared_ptr <const contentTypeField> ctf =
+		m_part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		return *ctf->getValue <mediaType>();
+
+	} else {
+
+		// Defaults to "text/plain" (RFC-1521)
+		return mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN);
+	}
+}
+
+
+void body::setCharset(const charset& chset) {
+
+	shared_ptr <contentTypeField> ctf =
+		m_part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	// If a Content-Type field exists, set charset
+	if (ctf) {
+
+		ctf->setCharset(chset);
+
+	// Else, create a new Content-Type field of default type "text/plain"
+	// and set charset on it
+	} else {
+
+		setContentType(mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN), chset);
+	}
+}
+
+
+const charset body::getCharset() const {
+
+	const shared_ptr <const contentTypeField> ctf =
+		m_part->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		if (ctf->hasCharset()) {
+
+			return ctf->getCharset();
+
+		} else {
+
+			// Defaults to "us-ascii" (RFC-1521)
+			return vmime::charset(charsets::US_ASCII);
+		}
+
+	} else {
+
+		// Defaults to "us-ascii" (RFC-1521)
+		return vmime::charset(charsets::US_ASCII);
+	}
+}
+
+
+void body::setEncoding(const encoding& enc) {
+
+	m_part->getHeader()->ContentTransferEncoding()->setValue(enc);
+}
+
+
+const encoding body::getEncoding() const {
+
+	shared_ptr <const headerField> cef =
+		m_part->getHeader()->findField(fields::CONTENT_TRANSFER_ENCODING);
+
+	if (cef) {
+
+		return *cef->getValue <encoding>();
+
+	} else {
+
+		if (m_contents->isEncoded()) {
+			return m_contents->getEncoding();
+		}
+	}
+
+	// Defaults to "7bit" (RFC-1521)
+	return vmime::encoding(encodingTypes::SEVEN_BIT);
+}
+
+
+void body::setParentPart(bodyPart* parent) {
+
+	m_part = parent;
+
+	for (std::vector <shared_ptr <bodyPart> >::iterator it = m_parts.begin() ;
+	     it != m_parts.end() ; ++it) {
+
+		shared_ptr <bodyPart> childPart = *it;
+		parent->importChildPart(childPart);
+	}
+}
+
+
+bool body::isRootPart() const {
+
+	return !m_part || !m_part->getParentPart();
+}
+
+
+shared_ptr <component> body::clone() const {
+
+	shared_ptr <body> bdy = make_shared <body>();
+
+	bdy->copyFrom(*this);
+
+	return bdy;
+}
+
+
+void body::copyFrom(const component& other) {
+
+	const body& bdy = dynamic_cast <const body&>(other);
+
+	m_prologText = bdy.m_prologText;
+	m_epilogText = bdy.m_epilogText;
+
+	m_contents = bdy.m_contents;
+
+	removeAllParts();
+
+	for (size_t p = 0 ; p < bdy.getPartCount() ; ++p) {
+
+		shared_ptr <bodyPart> part = m_part->createChildPart();
+
+		part->copyFrom(*bdy.getPartAt(p));
+
+		m_parts.push_back(part);
+	}
+}
+
+
+body& body::operator=(const body& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const string& body::getPrologText() const {
+
+	return m_prologText;
+}
+
+
+void body::setPrologText(const string& prologText) {
+
+	m_prologText = prologText;
+}
+
+
+const string& body::getEpilogText() const {
+
+	return m_epilogText;
+}
+
+
+void body::setEpilogText(const string& epilogText) {
+
+	m_epilogText = epilogText;
+}
+
+
+const shared_ptr <const contentHandler> body::getContents() const {
+
+	return m_contents;
+}
+
+
+void body::setContents(const shared_ptr <const contentHandler>& contents) {
+
+	m_contents = contents;
+}
+
+
+void body::setContents(
+	const shared_ptr <const contentHandler>& contents,
+	const mediaType& type
+) {
+
+	m_contents = contents;
+
+	setContentType(type);
+}
+
+
+void body::setContents(
+	const shared_ptr <const contentHandler>& contents,
+	const mediaType& type,
+	const charset& chset
+) {
+
+	m_contents = contents;
+
+	setContentType(type, chset);
+}
+
+
+void body::setContents(
+	const shared_ptr <const contentHandler>& contents,
+	const mediaType& type,
+	const charset& chset,
+	const encoding& enc
+) {
+
+	m_contents = contents;
+
+	setContentType(type, chset);
+	setEncoding(enc);
+}
+
+
+void body::initNewPart(const shared_ptr <bodyPart>& part) {
+
+	// A part can be in only one body at the same time: if part is
+	// already attached to a parent part, remove it from the current
+	// parent part
+	if (part->getParentPart()) {
+		part->getParentPart()->getBody()->removePart(part);
+	}
+
+	if (m_part) {
+
+		m_part->importChildPart(part);
+
+		shared_ptr <header> hdr = m_part->getHeader();
+
+		// Check whether we have a boundary string
+		shared_ptr <contentTypeField> ctf =
+			hdr->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+		if (ctf) {
+
+			if (ctf->hasBoundary()) {
+
+				const string boundary = ctf->getBoundary();
+
+				if (boundary.empty() || !isValidBoundary(boundary)) {
+					ctf->setBoundary(generateRandomBoundaryString());
+				}
+
+			} else {
+
+				// No "boundary" parameter: generate a random one.
+				ctf->setBoundary(generateRandomBoundaryString());
+			}
+
+			if (ctf->getValue <mediaType>()->getType() != mediaTypes::MULTIPART) {
+
+				// Warning: multi-part body but the Content-Type is
+				// not specified as "multipart/..."
+			}
+
+		} else {
+
+			// No "Content-Type" field: create a new one and generate
+			// a random boundary string.
+			ctf = hdr->getField <contentTypeField>(fields::CONTENT_TYPE);
+
+			ctf->setValue(mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_MIXED));
+			ctf->setBoundary(generateRandomBoundaryString());
+		}
+	}
+}
+
+
+void body::appendPart(const shared_ptr <bodyPart>& part) {
+
+	initNewPart(part);
+
+	m_parts.push_back(part);
+}
+
+
+void body::insertPartBefore(
+	const shared_ptr <bodyPart>& beforePart,
+	const shared_ptr <bodyPart>& part
+) {
+
+	initNewPart(part);
+
+	const std::vector <shared_ptr <bodyPart> >::iterator it = std::find(
+		m_parts.begin(), m_parts.end(), beforePart
+	);
+
+	if (it == m_parts.end()) {
+		throw exceptions::no_such_part();
+	}
+
+	m_parts.insert(it, part);
+}
+
+
+void body::insertPartBefore(
+	const size_t pos,
+	const shared_ptr <bodyPart>& part
+) {
+
+	initNewPart(part);
+
+	m_parts.insert(m_parts.begin() + pos, part);
+}
+
+
+void body::insertPartAfter(
+	const shared_ptr <bodyPart>& afterPart,
+	const shared_ptr <bodyPart>& part
+) {
+
+	initNewPart(part);
+
+	const std::vector <shared_ptr <bodyPart> >::iterator it = std::find(
+		m_parts.begin(), m_parts.end(), afterPart
+	);
+
+	if (it == m_parts.end()) {
+		throw exceptions::no_such_part();
+	}
+
+	m_parts.insert(it + 1, part);
+}
+
+
+void body::insertPartAfter(const size_t pos, const shared_ptr <bodyPart>& part) {
+
+	initNewPart(part);
+
+	m_parts.insert(m_parts.begin() + pos + 1, part);
+}
+
+
+void body::removePart(const shared_ptr <bodyPart>& part) {
+
+	const std::vector <shared_ptr <bodyPart> >::iterator it = std::find(
+		m_parts.begin(), m_parts.end(), part
+	);
+
+	if (it == m_parts.end()) {
+		throw exceptions::no_such_part();
+	}
+
+	m_parts.erase(it);
+}
+
+
+void body::removePart(const size_t pos) {
+
+	m_parts.erase(m_parts.begin() + pos);
+}
+
+
+void body::removeAllParts() {
+
+	m_parts.clear();
+}
+
+
+size_t body::getPartCount() const {
+
+	return m_parts.size();
+}
+
+
+bool body::isEmpty() const {
+
+	return m_parts.size() == 0;
+}
+
+
+shared_ptr <bodyPart> body::getPartAt(const size_t pos) {
+
+	return m_parts[pos];
+}
+
+
+const shared_ptr <const bodyPart> body::getPartAt(const size_t pos) const {
+
+	return m_parts[pos];
+}
+
+
+const std::vector <shared_ptr <const bodyPart> > body::getPartList() const {
+
+	std::vector <shared_ptr <const bodyPart> > list;
+
+	list.reserve(m_parts.size());
+
+	for (std::vector <shared_ptr <bodyPart> >::const_iterator it = m_parts.begin() ;
+	     it != m_parts.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <bodyPart> > body::getPartList() {
+
+	return m_parts;
+}
+
+
+const std::vector <shared_ptr <component> > body::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	copy_vector(m_parts, list);
+
+	return list;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/body.hpp b/vmime-master/src/vmime/body.hpp
new file mode 100644
index 0000000..7ece000
--- /dev/null
+++ b/vmime-master/src/vmime/body.hpp
@@ -0,0 +1,365 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_BODY_HPP_INCLUDED
+#define VMIME_BODY_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+
+#include "vmime/header.hpp"
+
+#include "vmime/mediaType.hpp"
+#include "vmime/charset.hpp"
+#include "vmime/encoding.hpp"
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+class bodyPart;
+
+
+/** Body section of a MIME part.
+  */
+class VMIME_EXPORT body : public component {
+
+	friend class bodyPart;
+
+public:
+
+	body();
+	~body();
+
+	/** Add a part at the end of the list.
+	  *
+	  * @param part part to append
+	  */
+	void appendPart(const shared_ptr <bodyPart>& part);
+
+	/** Insert a new part before the specified part.
+	  *
+	  * @param beforePart part before which the new part will be inserted
+	  * @param part part to insert
+	  * @throw exceptions::no_such_part if the part is not in the list
+	  */
+	void insertPartBefore(
+		const shared_ptr <bodyPart>& beforePart,
+		const shared_ptr <bodyPart>& part
+	);
+
+	/** Insert a new part before the specified position.
+	  *
+	  * @param pos position at which to insert the new part (0 to insert at
+	  * the beginning of the list)
+	  * @param part part to insert
+	  */
+	void insertPartBefore(const size_t pos, const shared_ptr <bodyPart>& part);
+
+	/** Insert a new part after the specified part.
+	  *
+	  * @param afterPart part after which the new part will be inserted
+	  * @param part part to insert
+	  * @throw exceptions::no_such_part if the part is not in the list
+	  */
+	void insertPartAfter(
+		const shared_ptr <bodyPart>& afterPart,
+		const shared_ptr <bodyPart>& part
+	);
+
+	/** Insert a new part after the specified position.
+	  *
+	  * @param pos position of the part before the new part
+	  * @param part part to insert
+	  */
+	void insertPartAfter(const size_t pos, const shared_ptr <bodyPart>& part);
+
+	/** Remove the specified part from the list.
+	  *
+	  * @param part part to remove
+	  * @throw exceptions::no_such_part if the part is not in the list
+	  */
+	void removePart(const shared_ptr <bodyPart>& part);
+
+	/** Remove the part at the specified position.
+	  *
+	  * @param pos position of the part to remove
+	  */
+	void removePart(const size_t pos);
+
+	/** Remove all parts from the list.
+	  */
+	void removeAllParts();
+
+	/** Return the number of parts in the list.
+	  *
+	  * @return number of parts
+	  */
+	size_t getPartCount() const;
+
+	/** Tests whether the list of parts is empty.
+	  *
+	  * @return true if there is no part, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the part at the specified position.
+	  *
+	  * @param pos position
+	  * @return part at position 'pos'
+	  */
+	shared_ptr <bodyPart> getPartAt(const size_t pos);
+
+	/** Return the part at the specified position.
+	  *
+	  * @param pos position
+	  * @return part at position 'pos'
+	  */
+	const shared_ptr <const bodyPart> getPartAt(const size_t pos) const;
+
+	/** Return the part list.
+	  *
+	  * @return list of parts
+	  */
+	const std::vector <shared_ptr <const bodyPart> > getPartList() const;
+
+	/** Return the part list.
+	  *
+	  * @return list of parts
+	  */
+	const std::vector <shared_ptr <bodyPart> > getPartList();
+
+	/** Return the prolog text.
+	  *
+	  * @return prolog text
+	  */
+	const string& getPrologText() const;
+
+	/** Set the prolog text.
+	  *
+	  * @param prologText new prolog text
+	  */
+	void setPrologText(const string& prologText);
+
+	/** Return the epilog text.
+	  *
+	  * @return epilog text
+	  */
+	const string& getEpilogText() const;
+
+	/** Set the epilog text.
+	  *
+	  * @param epilogText new epilog text
+	  */
+	void setEpilogText(const string& epilogText);
+
+	/** Return a read-only reference to body contents.
+	  *
+	  * @return read-only body contents
+	  */
+	const shared_ptr <const contentHandler> getContents() const;
+
+	/** Set the body contents.
+	  *
+	  * @param contents new body contents
+	  */
+	void setContents(const shared_ptr <const contentHandler>& contents);
+
+	/** Set the body contents and type.
+	  *
+	  * @param contents new body contents
+	  * @param type type of contents
+	  */
+	void setContents(
+		const shared_ptr <const contentHandler>& contents,
+		const mediaType& type
+	);
+
+	/** Set the body contents, type and charset.
+	  *
+	  * @param contents new body contents
+	  * @param type type of contents
+	  * @param chset charset of contents
+	  */
+	void setContents(
+		const shared_ptr <const contentHandler>& contents,
+		const mediaType& type,
+		const charset& chset
+	);
+
+	/** Set the body contents, type, charset and encoding.
+	  *
+	  * @param contents new body contents
+	  * @param type type of contents
+	  * @param chset charset of contents
+	  * @param enc contents encoding
+	  */
+	void setContents(
+		const shared_ptr <const contentHandler>& contents,
+		const mediaType& type,
+		const charset& chset,
+		const encoding& enc
+	);
+
+	/** Set the MIME type and charset of contents.
+	  * If a charset is defined, it will not be modified.
+	  *
+	  * @param type MIME media type of contents
+	  * @param chset charset of contents
+	  */
+	void setContentType(const mediaType& type, const charset& chset);
+
+	/** Set the MIME type of contents.
+	  *
+	  * @param type MIME media type of contents
+	  */
+	void setContentType(const mediaType& type);
+
+	/** Return the media type of the data contained in the body contents.
+	  * This is a shortcut for getHeader()->ContentType()->getValue()
+	  * on the parent part.
+	  *
+	  * @return media type of body contents
+	  */
+	const mediaType getContentType() const;
+
+	/** Set the charset of contents.
+	  * If the type is not set, it will be set to default "text/plain" type.
+	  *
+	  * @param chset charset of contents
+	  */
+	void setCharset(const charset& chset);
+
+	/** Return the charset of the data contained in the body contents.
+	  * This is a shortcut for getHeader()->ContentType()->getCharset()
+	  * on the parent part.
+	  *
+	  * @return charset of body contents
+	  */
+	const charset getCharset() const;
+
+	/** Set the output encoding of contents.
+	  * Contents will be encoded (or re-encoded) when this node is being generated.
+	  *
+	  * @param enc encoding of contents
+	  */
+	void setEncoding(const encoding& enc);
+
+	/** Return the encoding used to encode the body contents.
+	  * This is a shortcut for getHeader()->ContentTransferEncoding()->getValue()
+	  * on the parent part.
+	  *
+	  * @return encoding of body contents
+	  */
+	const encoding getEncoding() const;
+
+	/** Generate a new random boundary string.
+	  *
+	  * @return randomly generated boundary string
+	  */
+	static const string generateRandomBoundaryString();
+
+	/** Test a boundary string for validity (as defined in RFC #1521, page 19).
+	  *
+	  * @param boundary boundary string to test
+	  * @return true if the boundary string is valid, false otherwise
+	  */
+	static bool isValidBoundary(const string& boundary);
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	body& operator=(const body& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+private:
+
+	text getActualPrologText(const generationContext& ctx) const;
+	text getActualEpilogText(const generationContext& ctx) const;
+
+	void setParentPart(bodyPart* parent);
+
+
+	string m_prologText;
+	string m_epilogText;
+
+	shared_ptr <const contentHandler> m_contents;
+
+	bodyPart* m_part;
+
+	std::vector <shared_ptr <bodyPart> > m_parts;
+
+	bool isRootPart() const;
+
+	void initNewPart(const shared_ptr <bodyPart>& part);
+
+protected:
+
+	/** Finds the next boundary position in the parsing buffer.
+	  *
+	  * @param parser parser object
+	  * @param boundary boundary string (without "--" nor CR/LF)
+	  * @param position start position
+	  * @param end end position
+	  * @param boundaryStart will hold the start position of the boundary (including any
+	  * CR/LF and "--" before the boundary)
+	  * @param boundaryEnd will hold the end position of the boundary (position just
+	  * before the CRLF or "--" which follows)
+	  * @return the position of the boundary string, or npos if not found
+	  */
+	size_t findNextBoundaryPosition(
+		const shared_ptr <utility::parserInputStreamAdapter>& parser,
+		const string& boundary,
+		const size_t position,
+		const size_t end,
+		size_t* boundaryStart,
+		size_t* boundaryEnd
+	);
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const shared_ptr <utility::parserInputStreamAdapter>& parser,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_BODY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/bodyPart.cpp b/vmime-master/src/vmime/bodyPart.cpp
new file mode 100644
index 0000000..ff81994
--- /dev/null
+++ b/vmime-master/src/vmime/bodyPart.cpp
@@ -0,0 +1,198 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/bodyPart.hpp"
+
+
+namespace vmime {
+
+
+bodyPart::bodyPart()
+	: m_header(make_shared <header>()),
+	  m_body(make_shared <body>()),
+	  m_parent() {
+
+	m_body->setParentPart(this);
+}
+
+
+void bodyPart::parseImpl(
+	const parsingContext& ctx,
+	const shared_ptr <utility::parserInputStreamAdapter>& parser,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	// Parse the headers
+	size_t pos = position;
+	m_header->parse(ctx, parser, pos, end, &pos);
+
+	// Parse the body contents
+	m_body->parse(ctx, parser, pos, end, NULL);
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void bodyPart::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t /* curLinePos */,
+	size_t* newLinePos
+) const {
+
+	m_header->generate(ctx, os);
+
+	os << CRLF;
+
+	m_body->generate(ctx, os);
+
+	if (newLinePos) {
+		*newLinePos = 0;
+	}
+}
+
+
+size_t bodyPart::getGeneratedSize(const generationContext& ctx) {
+
+	return m_header->getGeneratedSize(ctx) + 2 /* CRLF */ + m_body->getGeneratedSize(ctx);
+}
+
+
+shared_ptr <component> bodyPart::clone() const {
+
+	shared_ptr <bodyPart> p = make_shared <bodyPart>();
+
+	p->m_parent = NULL;
+
+	p->m_header->copyFrom(*m_header);
+	p->m_body->copyFrom(*m_body);
+
+	return p;
+}
+
+
+void bodyPart::copyFrom(const component& other) {
+
+	const bodyPart& bp = dynamic_cast <const bodyPart&>(other);
+
+	m_header->copyFrom(*(bp.m_header));
+	m_body->copyFrom(*(bp.m_body));
+}
+
+
+bodyPart& bodyPart::operator=(const bodyPart& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const shared_ptr <const header> bodyPart::getHeader() const {
+
+	return m_header;
+}
+
+
+shared_ptr <header> bodyPart::getHeader() {
+
+	return m_header;
+}
+
+
+void bodyPart::setHeader(const shared_ptr <header>& h) {
+
+	m_header = h;
+}
+
+
+const shared_ptr <const body> bodyPart::getBody() const {
+
+	return m_body;
+}
+
+
+shared_ptr <body> bodyPart::getBody() {
+
+	return m_body;
+}
+
+
+void bodyPart::setBody(const shared_ptr <body>& b) {
+
+	bodyPart* oldPart = b->m_part;
+
+	m_body = b;
+	m_body->setParentPart(this);
+
+	// A body is associated to one and only one part
+	if (oldPart) {
+		oldPart->setBody(make_shared <body>());
+	}
+}
+
+
+bodyPart* bodyPart::getParentPart() {
+
+	return m_parent;
+}
+
+
+const bodyPart* bodyPart::getParentPart() const {
+
+	return m_parent;
+}
+
+
+shared_ptr <bodyPart> bodyPart::createChildPart() {
+
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+	part->m_parent = this;
+
+	return part;
+}
+
+
+void bodyPart::importChildPart(const shared_ptr <bodyPart>& part) {
+
+	part->m_parent = this;
+}
+
+
+const std::vector <shared_ptr <component> > bodyPart::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	list.push_back(m_header);
+	list.push_back(m_body);
+
+	return list;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/bodyPart.hpp b/vmime-master/src/vmime/bodyPart.hpp
new file mode 100644
index 0000000..f63b367
--- /dev/null
+++ b/vmime-master/src/vmime/bodyPart.hpp
@@ -0,0 +1,155 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_BODYPART_HPP_INCLUDED
+#define VMIME_BODYPART_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+
+#include "vmime/header.hpp"
+#include "vmime/body.hpp"
+
+
+namespace vmime {
+
+
+/** A MIME part.
+  */
+class VMIME_EXPORT bodyPart : public component {
+
+	friend class body;
+
+public:
+
+	bodyPart();
+
+	/** Return the header section of this part.
+	  *
+	  * @return header section
+	  */
+	const shared_ptr <const header> getHeader() const;
+
+	/** Return the header section of this part.
+	  *
+	  * @return header section
+	  */
+	shared_ptr <header> getHeader();
+
+	/** Replaces the header section of this part.
+	  *
+	  * @param header the new header of this part
+	  */
+	void setHeader(const shared_ptr <header>& header);
+
+	/** Return the body section of this part.
+	  *
+	  * @return body section
+	  */
+	const shared_ptr <const body> getBody() const;
+
+	/** Return the body section of this part.
+	  *
+	  * @return body section
+	  */
+	shared_ptr <body> getBody();
+
+	/** Replaces the body section of this part.
+	  *
+	  * @param body new body section
+	  */
+	void setBody(const shared_ptr <body>& body);
+
+	/** Return the parent part of this part.
+	  *
+	  * @return parent part or NULL if not known
+	  */
+	bodyPart* getParentPart();
+
+	/** Return the parent part of this part (const version).
+	  *
+	  * @return parent part or NULL if not known
+	  */
+	const bodyPart* getParentPart() const;
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	bodyPart& operator=(const bodyPart& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+private:
+
+	shared_ptr <header> m_header;
+	mutable shared_ptr <body> m_body;
+
+	// We can't use a weak_ptr<> here as the parent part may
+	// have been allocated on the stack
+	bodyPart* m_parent;
+
+protected:
+
+	/** Creates and returns a new part and set this part as its
+	  * parent. The newly created sub-part should then be added
+	  * to this part by calling getBody()->appendPart(). Called
+	  * by the body class.
+	  *
+	  * @return child part
+	  */
+	shared_ptr <bodyPart> createChildPart();
+
+	/** Detach the specified part from its current parent part (if
+	  * any) and attach it to this part by setting this part as its
+	  * new parent. The sub-part should then be added to this part
+	  * by calling getBody()->appendPart(). Called by body class.
+	  *
+	  * @param part child part to attach
+	  */
+	void importChildPart(const shared_ptr <bodyPart>& part);
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const shared_ptr <utility::parserInputStreamAdapter>& parser,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_BODYPART_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/bodyPartAttachment.cpp b/vmime-master/src/vmime/bodyPartAttachment.cpp
new file mode 100644
index 0000000..01b306e
--- /dev/null
+++ b/vmime-master/src/vmime/bodyPartAttachment.cpp
@@ -0,0 +1,147 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/bodyPartAttachment.hpp"
+
+
+namespace vmime {
+
+
+bodyPartAttachment::bodyPartAttachment(const shared_ptr <const bodyPart>& part)
+	: m_part(part) {
+
+}
+
+
+const mediaType bodyPartAttachment::getType() const {
+
+	shared_ptr <const contentTypeField> ctf = getContentType();
+
+	if (ctf) {
+
+		return *ctf->getValue <mediaType>();
+
+	} else {
+
+		// No "Content-type" field: assume "application/octet-stream".
+		return mediaType(
+			mediaTypes::APPLICATION,
+			mediaTypes::APPLICATION_OCTET_STREAM
+		);
+	}
+}
+
+
+const word bodyPartAttachment::getName() const {
+
+	word name;
+
+	// Try the 'filename' parameter of 'Content-Disposition' field
+	shared_ptr <const contentDispositionField> cdf = getContentDisposition();
+
+	if (cdf && cdf->hasFilename()) {
+
+		name = cdf->getFilename();
+
+	// Try the 'name' parameter of 'Content-Type' field
+	} else {
+
+		shared_ptr <const contentTypeField> ctf = getContentType();
+
+		if (ctf) {
+
+			shared_ptr <const parameter> prm = ctf->findParameter("name");
+
+			if (prm) {
+				name = prm->getValue();
+			}
+		}
+	}
+
+	return name;
+}
+
+
+const text bodyPartAttachment::getDescription() const {
+
+	text description;
+
+	shared_ptr <const headerField> cd =
+		getHeader()->findField(fields::CONTENT_DESCRIPTION);
+
+	if (cd) {
+
+		description = *cd->getValue <text>();
+
+	} else {
+
+		// No description available.
+	}
+
+	return description;
+}
+
+
+const encoding bodyPartAttachment::getEncoding() const {
+
+	return m_part->getBody()->getEncoding();
+}
+
+
+const shared_ptr <const contentHandler> bodyPartAttachment::getData() const {
+
+	return m_part->getBody()->getContents();
+}
+
+
+shared_ptr <const object> bodyPartAttachment::getPart() const {
+
+	return m_part;
+}
+
+
+shared_ptr <const header> bodyPartAttachment::getHeader() const {
+
+	return m_part->getHeader();
+}
+
+
+shared_ptr <const contentDispositionField> bodyPartAttachment::getContentDisposition() const {
+
+	return getHeader()->findField <contentDispositionField>(fields::CONTENT_DISPOSITION);
+}
+
+
+shared_ptr <const contentTypeField> bodyPartAttachment::getContentType() const {
+
+	return getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+}
+
+
+void bodyPartAttachment::generateIn(const shared_ptr <bodyPart>& /* parent */) const {
+
+	// Not used
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/bodyPartAttachment.hpp b/vmime-master/src/vmime/bodyPartAttachment.hpp
new file mode 100644
index 0000000..974e2f8
--- /dev/null
+++ b/vmime-master/src/vmime/bodyPartAttachment.hpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_BODYPARTATTACHMENT_HPP_INCLUDED
+#define VMIME_BODYPARTATTACHMENT_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC  // implementation detail
+
+
+#include "vmime/attachment.hpp"
+
+#include "vmime/contentDispositionField.hpp"
+#include "vmime/contentTypeField.hpp"
+
+
+namespace vmime {
+
+
+/** An attachment related to a local body part.
+  */
+class VMIME_EXPORT bodyPartAttachment : public attachment {
+
+public:
+
+	bodyPartAttachment(const shared_ptr <const bodyPart>& part);
+
+	const mediaType getType() const;
+	const word getName() const;
+	const text getDescription() const;
+	const encoding getEncoding() const;
+
+	const shared_ptr <const contentHandler> getData() const;
+
+	shared_ptr <const object> getPart() const;
+	shared_ptr <const header> getHeader() const;
+
+private:
+
+	void generateIn(const shared_ptr <bodyPart>& parent) const;
+
+	shared_ptr <const contentDispositionField> getContentDisposition() const;
+	shared_ptr <const contentTypeField> getContentType() const;
+
+
+	shared_ptr <const bodyPart> m_part;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_BUILDING_DOC
+
+
+#endif // VMIME_BODYPARTATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charset.cpp b/vmime-master/src/vmime/charset.cpp
new file mode 100644
index 0000000..8828c56
--- /dev/null
+++ b/vmime-master/src/vmime/charset.cpp
@@ -0,0 +1,268 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/charset.hpp"
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+#include "vmime/encoding.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/charsetConverter.hpp"
+
+
+
+namespace vmime {
+
+
+charset::charset()
+	: m_name(charsets::US_ASCII) {
+
+}
+
+
+charset::charset(const string& name)
+	: m_name(name) {
+
+	// If we receive this rfc-1642 valid MIME charset, convert it to something usefull for iconv
+	if (utility::stringUtils::isStringEqualNoCase(m_name, "unicode-1-1-utf-7")) {
+		m_name = "utf-7";
+	}
+}
+
+
+charset::charset(const char* name)
+	: m_name(name) {
+
+}
+
+
+void charset::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_name = utility::stringUtils::trim(
+		string(buffer.begin() + position, buffer.begin() + end)
+	);
+
+	// If we parsed this rfc-1642 valid MIME charset, convert it to something usefull for iconv
+	if (utility::stringUtils::isStringEqualNoCase(m_name, "unicode-1-1-utf-7")) {
+		m_name = "utf-7";
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void charset::generateImpl(
+	const generationContext& /* ctx */,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	os << m_name;
+
+	if (newLinePos) {
+		*newLinePos = curLinePos + m_name.length();
+	}
+}
+
+
+void charset::convert(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+) {
+
+	shared_ptr <charsetConverter> conv = charsetConverter::create(source, dest, opts);
+	conv->convert(in, out);
+}
+
+
+void charset::convert(
+	const string& in,
+	string& out,
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+) {
+
+	if (source == dest) {
+		out = in;
+		return;
+	}
+
+	shared_ptr <charsetConverter> conv = charsetConverter::create(source, dest, opts);
+	conv->convert(in, out);
+}
+
+
+bool charset::isValidText(const string& text, string::size_type* firstInvalidByte) const {
+
+	charsetConverterOptions opts;
+	opts.silentlyReplaceInvalidSequences = false;
+
+	charsetConverter::status st;
+
+	try {
+
+		std::string out;
+
+		// Try converting to UTF-8
+		shared_ptr <charsetConverter> conv = charsetConverter::create(*this, vmime::charset("utf-8"), opts);
+		conv->convert(text, out, &st);
+
+	} catch (exceptions::illegal_byte_sequence_for_charset& e) {
+
+		// An illegal byte sequence was found in the input buffer
+		if (firstInvalidByte) {
+
+			if (st.inputBytesRead < text.length())
+				*firstInvalidByte = st.inputBytesRead;
+			else
+				*firstInvalidByte = text.length();
+		}
+
+		return false;
+	}
+
+	if (firstInvalidByte) {
+		*firstInvalidByte = text.length();
+	}
+
+	return true;
+}
+
+
+const charset charset::getLocalCharset() {
+
+	return platform::getHandler()->getLocalCharset();
+}
+
+
+charset& charset::operator=(const charset& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+bool charset::operator==(const charset& value) const {
+
+	return utility::stringUtils::isStringEqualNoCase(m_name, value.m_name);
+}
+
+
+bool charset::operator!=(const charset& value) const {
+
+	return !(*this == value);
+}
+
+
+shared_ptr <component> charset::clone() const {
+
+	return make_shared <charset>(m_name);
+}
+
+
+const string& charset::getName() const {
+
+	return m_name;
+}
+
+
+void charset::copyFrom(const component& other) {
+
+	m_name = dynamic_cast <const charset&>(other).m_name;
+}
+
+
+const std::vector <shared_ptr <component> > charset::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+
+// Explicitly force encoding for some charsets
+struct CharsetEncodingEntry {
+
+	CharsetEncodingEntry(const string& charset_, const string& encoding_)
+		: charset(charset_), encoding(encoding_) {
+
+	}
+
+	const string charset;
+	const string encoding;
+};
+
+
+CharsetEncodingEntry g_charsetEncodingMap[] = {
+
+	// Use QP encoding for ISO-8859-x charsets
+	CharsetEncodingEntry("iso-8859",     encodingTypes::QUOTED_PRINTABLE),
+	CharsetEncodingEntry("iso8859",      encodingTypes::QUOTED_PRINTABLE),
+
+	// RFC-1468 states:
+	//   " ISO-2022-JP may also be used in MIME Part 2 headers.  The "B"
+	//     encoding should be used with ISO-2022-JP text. "
+	// Use Base64 encoding for all ISO-2022 charsets.
+	CharsetEncodingEntry("iso-2022",     encodingTypes::BASE64),
+	CharsetEncodingEntry("iso2022",      encodingTypes::BASE64),
+
+	// Last entry is not used
+	CharsetEncodingEntry("", "")
+};
+
+
+bool charset::getRecommendedEncoding(encoding& enc) const {
+
+	// Special treatment for some charsets
+	const string cset = utility::stringUtils::toLower(getName());
+
+	for (unsigned int i = 0 ;
+	     i < (sizeof(g_charsetEncodingMap) / sizeof(g_charsetEncodingMap[0])) - 1 ;
+	     ++i) {
+
+		if (cset.find(g_charsetEncodingMap[i].charset) != string::npos) {
+			enc = g_charsetEncodingMap[i].encoding;
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/charset.hpp b/vmime-master/src/vmime/charset.hpp
new file mode 100644
index 0000000..61f9bd6
--- /dev/null
+++ b/vmime-master/src/vmime/charset.hpp
@@ -0,0 +1,176 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSET_HPP_INCLUDED
+#define VMIME_CHARSET_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/utility/inputStream.hpp"
+#include "vmime/utility/outputStream.hpp"
+#include "vmime/charsetConverterOptions.hpp"
+#include "vmime/component.hpp"
+
+
+namespace vmime {
+
+
+class encoding;  // forward reference
+
+
+/** Charset description (basic type).
+  */
+class VMIME_EXPORT charset : public component {
+
+public:
+
+	charset();
+	charset(const string& name);
+	charset(const char* name); // to allow creation from vmime::charsets constants
+
+public:
+
+	/** Return the ISO name of the charset.
+	  *
+	  * @return charset name
+	  */
+	const string& getName() const;
+
+	charset& operator=(const charset& other);
+
+	bool operator==(const charset& value) const;
+	bool operator!=(const charset& value) const;
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Gets the recommended encoding for this charset.
+	  * Note: there may be no recommended encoding.
+	  *
+	  * @param enc output parameter that will hold recommended encoding
+	  * @return true if an encoding is recommended (the encoding is stored
+	  * in the enc parameter), false otherwise (in this case, the enc
+	  * parameter is not modified)
+	  */
+	bool getRecommendedEncoding(encoding& enc) const;
+
+	/** Returns the default charset used on the system.
+	  *
+	  * This function simply calls <code>platformHandler::getLocalCharset()</code>
+	  * and is provided for convenience.
+	  *
+	  * @return system default charset
+	  */
+	static const charset getLocalCharset();
+
+	/** Convert a string buffer from one charset to another
+	  * charset (in-memory conversion)
+	  *
+	  * \deprecated Use the new convert() method, which takes
+	  * an outputStream parameter.
+	  *
+	  * @param in input buffer
+	  * @param out output buffer
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  * @throws exceptions::illegal_byte_sequence_for_charset if an illegal
+	  * byte sequence was found in the input bytes, and the
+	  * 'silentlyReplaceInvalidSequences' flag is set to false in
+	  * the charsetConverterOptions
+	  * @throws exceptions::charset_conv_error if an unexpected error occurred
+	  * during the conversion
+	  */
+	static void convert(
+		const string& in,
+		string& out,
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	/** Convert the contents of an input stream in a specified charset
+	  * to another charset and write the result to an output stream.
+	  *
+	  * @param in input stream to read data from
+	  * @param out output stream to write the converted data
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  * @throws exceptions::illegal_byte_sequence_for_charset if an illegal
+	  * byte sequence was found in the input bytes, and the
+	  * 'silentlyReplaceInvalidSequences' flag is set to false in
+	  * the charsetConverterOptions
+	  * @throws exceptions::charset_conv_error if an unexpected error occurred
+	  * during the conversion
+	  */
+	static void convert(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	/** Checks whether the specified text is valid in this charset.
+	  *
+	  * @param text input text
+	  * @param firstInvalidByte if the function returns false, will contain
+	  * the index of the first invalid byte in the string. Can be NULL if
+	  * not used.
+	  * @return true if the text is perfectly valid in this charset,
+	  * or false otherwise (eg. it contains illegal sequences)
+	  */
+	bool isValidText(const string& text, string::size_type* firstInvalidByte) const;
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+
+private:
+
+	string m_name;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charsetConverter.cpp b/vmime-master/src/vmime/charsetConverter.cpp
new file mode 100644
index 0000000..96bc3b8
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter.cpp
@@ -0,0 +1,53 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/charsetConverter.hpp"
+
+#include "vmime/charsetConverter_idna.hpp"
+
+
+namespace vmime {
+
+
+// static
+shared_ptr <charsetConverter> charsetConverter::create(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+) {
+
+	if (source == "idna" || dest == "idna") {
+		return make_shared <charsetConverter_idna>(source, dest, opts);
+	} else {
+		return createGenericConverter(source, dest, opts);
+	}
+}
+
+
+charsetConverter::status::status()
+	: inputBytesRead(0), outputBytesWritten(0) {
+
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/charsetConverter.hpp b/vmime-master/src/vmime/charsetConverter.hpp
new file mode 100644
index 0000000..2cde4b5
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter.hpp
@@ -0,0 +1,162 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSETCONVERTER_HPP_INCLUDED
+#define VMIME_CHARSETCONVERTER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+
+#include "vmime/charset.hpp"
+#include "vmime/charsetConverterOptions.hpp"
+#include "vmime/utility/filteredStream.hpp"
+
+
+namespace vmime {
+
+
+namespace utility {
+
+
+/** A filtered output stream which applies a charset conversion
+  * to input bytes.
+  *
+  * May throw a exceptions::charset_conv_error if an unexpected error
+  * occurred when initializing convert, or during charset conversion.
+  *
+  * May also throw a exceptions::illegal_byte_sequence_for_charset
+  * if an illegal byte sequence was found in the input bytes, and the
+  * 'silentlyReplaceInvalidSequences' flag is set to false in
+  * the charsetConverterOptions.
+  */
+class VMIME_EXPORT charsetFilteredOutputStream : public filteredOutputStream {
+
+};
+
+
+} // utility
+
+
+/** Convert between charsets.
+  */
+class VMIME_EXPORT charsetConverter : public object {
+
+public:
+
+	/** Holds information about a conversion.
+	  */
+	struct status {
+
+		status();
+
+
+		/** Number of bytes read from input buffer and successfully converted.
+		  */
+		size_t inputBytesRead;
+
+		/** Number of bytes written to output buffer.
+		  */
+		size_t outputBytesWritten;
+	};
+
+
+	/** Construct and initialize an iconv charset converter.
+	  *
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  */
+	static shared_ptr <charsetConverter> create(
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	/** Convert a string buffer from one charset to another
+	  * charset (in-memory conversion)
+	  *
+	  * \deprecated Use the new convert() method, which takes
+	  * an outputStream parameter.
+	  *
+	  * @param in input buffer
+	  * @param out output buffer
+	  * @param st will receive some extra infos when conversion is finished
+	  * or stopped by an error (can be NULL)
+	  * @throws exceptions::illegal_byte_sequence_for_charset if an illegal
+	  * byte sequence was found in the input bytes, and the
+	  * 'silentlyReplaceInvalidSequences' flag is set to false in
+	  * the charsetConverterOptions
+	  * @throws exceptions::charset_conv_error if an unexpected error occurred
+	  * during the conversion
+	  */
+	virtual void convert(const string& in, string& out, status* st = NULL) = 0;
+
+	/** Convert the contents of an input stream in a specified charset
+	  * to another charset and write the result to an output stream.
+	  *
+	  * @param in input stream to read data from
+	  * @param out output stream to write the converted data
+	  * @param st will receive some extra infos when conversion is finished
+	  * or stopped by an error (can be NULL)
+	  * @throws exceptions::illegal_byte_sequence_for_charset if an illegal
+	  * byte sequence was found in the input bytes, and the
+	  * 'silentlyReplaceInvalidSequences' flag is set to false in
+	  * the charsetConverterOptions
+	  * @throws exceptions::charset_conv_error if an unexpected error occurred
+	  * during the conversion
+	  */
+	virtual void convert(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		status* st = NULL
+	) = 0;
+
+	/** Returns a filtered output stream which applies a charset
+	  * conversion to input bytes. Please note that it may not be
+	  * supported by the converter.
+	  *
+	  * @param os stream into which filtered data will be written
+	  * @param opts conversion options
+	  * @return a filtered output stream, or NULL if not supported
+	  */
+	virtual shared_ptr <utility::charsetFilteredOutputStream>
+		getFilteredOutputStream(
+			utility::outputStream& os,
+			const charsetConverterOptions& opts = charsetConverterOptions()
+		) = 0;
+
+private:
+
+	static shared_ptr <charsetConverter> createGenericConverter(
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONVERTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charsetConverterOptions.cpp b/vmime-master/src/vmime/charsetConverterOptions.cpp
new file mode 100644
index 0000000..a18a928
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverterOptions.cpp
@@ -0,0 +1,37 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/charsetConverterOptions.hpp"
+
+
+namespace vmime {
+
+
+charsetConverterOptions::charsetConverterOptions()
+	: silentlyReplaceInvalidSequences(true),
+	  invalidSequence("?") {
+
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/charsetConverterOptions.hpp b/vmime-master/src/vmime/charsetConverterOptions.hpp
new file mode 100644
index 0000000..567e004
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverterOptions.hpp
@@ -0,0 +1,59 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSETCONVERTEROPTIONS_HPP_INCLUDED
+#define VMIME_CHARSETCONVERTEROPTIONS_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+
+
+/** Options for charset conversion.
+  */
+class VMIME_EXPORT charsetConverterOptions : public object {
+
+public:
+
+	charsetConverterOptions();
+
+
+	/** If true, invalid sequences will be silently replaced with
+	  * a string when possible (see 'invalidSequence').
+	  * Default is true.
+	  */
+	bool silentlyReplaceInvalidSequences;
+
+	/** Replace invalid sequences with this string.
+	  * Default is '?'.
+	  */
+	string invalidSequence;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONVERTEROPTIONS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charsetConverter_iconv.cpp b/vmime-master/src/vmime/charsetConverter_iconv.cpp
new file mode 100644
index 0000000..5c4cc17
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_iconv.cpp
@@ -0,0 +1,537 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_CHARSETCONV_LIB_IS_ICONV
+
+
+#include "vmime/charsetConverter_iconv.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+
+extern "C" {
+
+#ifndef VMIME_BUILDING_DOC
+
+	#include <iconv.h>
+	#include <errno.h>
+
+	// HACK: prototypes may differ depending on the compiler and/or system (the
+	// second parameter may or may not be 'const'). This relies on the compiler
+	// for choosing the right type.
+
+	class ICONV_IN_TYPE {
+
+	public:
+
+		ICONV_IN_TYPE(const char** ptr) : m_ptr(ptr) { }
+
+		ICONV_IN_TYPE(const vmime::byte_t** ptr)
+			: m_ptr(reinterpret_cast <const char**>(ptr)) { }
+
+		operator const char**() { return m_ptr; }
+		operator char**() { return const_cast <char**>(m_ptr); }
+
+	private:
+
+		const char** m_ptr;
+	};
+
+	class ICONV_OUT_TYPE {
+
+	public:
+
+		ICONV_OUT_TYPE(char** ptr) : m_ptr(ptr) { }
+
+		ICONV_OUT_TYPE(vmime::byte_t** ptr)
+			: m_ptr(reinterpret_cast <char**>(ptr)) { }
+
+		operator char**() { return m_ptr; }
+
+	private:
+
+		char** m_ptr;
+	};
+
+#endif // VMIME_BUILDING_DOC
+}
+
+
+
+// Output replacement char when an invalid sequence is encountered
+template <typename OUTPUT_CLASS, typename ICONV_DESC>
+void outputInvalidChar(
+	OUTPUT_CLASS& out,
+	ICONV_DESC cd,
+	const vmime::charsetConverterOptions& opts = vmime::charsetConverterOptions()
+) {
+
+	const char* invalidCharIn = opts.invalidSequence.c_str();
+	vmime::size_t invalidCharInLen = opts.invalidSequence.length();
+
+	vmime::byte_t invalidCharOutBuffer[16];
+	vmime::byte_t* invalidCharOutPtr = invalidCharOutBuffer;
+	vmime::size_t invalidCharOutLen = 16;
+
+	if (iconv(cd, ICONV_IN_TYPE(&invalidCharIn), &invalidCharInLen,
+		ICONV_OUT_TYPE(&invalidCharOutPtr), &invalidCharOutLen) != static_cast <size_t>(-1)) {
+
+		out.write(invalidCharOutBuffer, 16 - invalidCharOutLen);
+	}
+}
+
+
+
+namespace vmime {
+
+
+// static
+shared_ptr <charsetConverter> charsetConverter::createGenericConverter(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+) {
+
+	return make_shared <charsetConverter_iconv>(source, dest, opts);
+}
+
+
+charsetConverter_iconv::charsetConverter_iconv(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+)
+	: m_desc(NULL),
+	  m_source(source),
+	  m_dest(dest),
+	  m_options(opts) {
+
+	// Get an iconv descriptor
+	const iconv_t cd = iconv_open(dest.getName().c_str(), source.getName().c_str());
+
+	if (cd != reinterpret_cast <iconv_t>(-1)) {
+
+		iconv_t* p = new iconv_t;
+		*p= cd;
+
+		m_desc = p;
+	}
+}
+
+
+charsetConverter_iconv::~charsetConverter_iconv() {
+
+	if (m_desc) {
+
+		// Close iconv handle
+		iconv_close(*static_cast <iconv_t*>(m_desc));
+
+		delete static_cast <iconv_t*>(m_desc);
+		m_desc = NULL;
+	}
+}
+
+
+void charsetConverter_iconv::convert(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	status* st
+) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	if (!m_desc) {
+		throw exceptions::charset_conv_error("Cannot initialize converter.");
+	}
+
+	const iconv_t cd = *static_cast <iconv_t*>(m_desc);
+
+	byte_t inBuffer[32768];
+	byte_t outBuffer[32768];
+	size_t inPos = 0;
+
+	bool prevIsInvalid = false;
+	bool breakAfterNext = false;
+
+	while (true) {
+
+		// Fullfill the buffer
+		size_t inLength = static_cast <size_t>(in.read(inBuffer + inPos, sizeof(inBuffer) - inPos) + inPos);
+		size_t outLength = sizeof(outBuffer);
+
+		const byte_t* inPtr = breakAfterNext ? NULL : inBuffer;
+		size_t *ptrLength = breakAfterNext ? NULL : &inLength;
+		byte_t* outPtr = outBuffer;
+
+		// Convert input bytes
+		if (iconv(cd, ICONV_IN_TYPE(&inPtr), ptrLength,
+			      ICONV_OUT_TYPE(&outPtr), &outLength) == static_cast <size_t>(-1)) {
+
+			if (st && inPtr) {
+				st->inputBytesRead += (inPtr - inBuffer);
+				st->outputBytesWritten += (outPtr - outBuffer);
+			}
+
+			// Illegal input sequence or input sequence has no equivalent
+			// sequence in the destination charset.
+			if (prevIsInvalid) {
+
+				// Write successfully converted bytes
+				out.write(outBuffer, sizeof(outBuffer) - outLength);
+
+				if (!m_options.silentlyReplaceInvalidSequences) {
+					throw exceptions::illegal_byte_sequence_for_charset();
+				}
+
+				// Output a special character to indicate we don't known how to
+				// convert the sequence at this position
+				outputInvalidChar(out, cd, m_options);
+
+				// Skip a byte and leave unconverted bytes in the input buffer
+				std::copy(const_cast <byte_t*>(inPtr + 1), inBuffer + sizeof(inBuffer), inBuffer);
+				inPos = inLength - 1;
+
+			} else {
+
+				// Write successfully converted bytes
+				out.write(outBuffer, sizeof(outBuffer) - outLength);
+
+				// Leave unconverted bytes in the input buffer
+				std::copy(const_cast <byte_t*>(inPtr), inBuffer + sizeof(inBuffer), inBuffer);
+				inPos = inLength;
+
+				if (errno != E2BIG) {
+					prevIsInvalid = true;
+				}
+			}
+
+		} else {
+
+			// Write successfully converted bytes
+			out.write(outBuffer, sizeof(outBuffer) - outLength);
+
+			if (st && inPtr) {
+				st->inputBytesRead += (inPtr - inBuffer);
+				st->outputBytesWritten += (outPtr - outBuffer);
+			}
+
+			inPos = 0;
+			prevIsInvalid = false;
+		}
+
+		if (breakAfterNext) {
+			break;
+		}
+
+		// Check for end of data, loop again to flush stateful data from iconv
+		if (in.eof() && inPos == 0) {
+			breakAfterNext = true;
+		}
+	}
+}
+
+
+void charsetConverter_iconv::convert(const string& in, string& out, status* st) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	out.clear();
+
+	utility::inputStreamStringAdapter is(in);
+	utility::outputStreamStringAdapter os(out);
+
+	convert(is, os, st);
+
+	os.flush();
+}
+
+
+shared_ptr <utility::charsetFilteredOutputStream>
+	charsetConverter_iconv::getFilteredOutputStream(
+		utility::outputStream& os,
+		const charsetConverterOptions& opts
+	) {
+
+	return make_shared <utility::charsetFilteredOutputStream_iconv>(m_source, m_dest, &os, opts);
+}
+
+
+
+// charsetFilteredOutputStream_iconv
+
+namespace utility {
+
+
+charsetFilteredOutputStream_iconv::charsetFilteredOutputStream_iconv(
+	const charset& source,
+	const charset& dest, outputStream* os,
+	const charsetConverterOptions& opts
+)
+	: m_desc(NULL),
+	  m_sourceCharset(source),
+	  m_destCharset(dest),
+	  m_stream(*os),
+	  m_unconvCount(0),
+	  m_options(opts) {
+
+	// Get an iconv descriptor
+	const iconv_t cd = iconv_open(dest.getName().c_str(), source.getName().c_str());
+
+	if (cd != reinterpret_cast <iconv_t>(-1)) {
+
+		iconv_t* p = new iconv_t;
+		*p= cd;
+
+		m_desc = p;
+	}
+}
+
+
+charsetFilteredOutputStream_iconv::~charsetFilteredOutputStream_iconv() {
+
+	if (m_desc) {
+
+		// Close iconv handle
+		iconv_close(*static_cast <iconv_t*>(m_desc));
+
+		delete static_cast <iconv_t*>(m_desc);
+		m_desc = NULL;
+	}
+}
+
+
+outputStream& charsetFilteredOutputStream_iconv::getNextOutputStream() {
+
+	return m_stream;
+}
+
+
+void charsetFilteredOutputStream_iconv::writeImpl(
+	const byte_t* const data,
+	const size_t count
+) {
+
+	if (!m_desc) {
+		throw exceptions::charset_conv_error("Cannot initialize converter.");
+	}
+
+	const iconv_t cd = *static_cast <iconv_t*>(m_desc);
+
+	const byte_t* curData = data;
+	size_t curDataLen = count;
+
+	// If there is some unconverted bytes left, add more data from this
+	// chunk to see if it can now be converted.
+	while (m_unconvCount != 0 || curDataLen != 0) {
+
+		if (m_unconvCount != 0) {
+
+			// Check if an incomplete input sequence is larger than the
+			// input buffer size: should not happen except if something
+			// in the input sequence is invalid. If so, output a special
+			// character and skip one byte in the invalid sequence.
+			if (m_unconvCount >= sizeof(m_unconvBuffer)) {
+
+				if (!m_options.silentlyReplaceInvalidSequences) {
+					throw exceptions::illegal_byte_sequence_for_charset();
+				}
+
+				outputInvalidChar(m_stream, cd);
+
+				std::copy(
+					m_unconvBuffer + 1,
+					m_unconvBuffer + m_unconvCount, m_unconvBuffer
+				);
+
+				m_unconvCount--;
+			}
+
+			// Get more data
+			const size_t remaining =
+				std::min(curDataLen, sizeof(m_unconvBuffer) - m_unconvCount);
+
+			std::copy(curData, curData + remaining, m_unconvBuffer + m_unconvCount);
+
+			m_unconvCount += remaining;
+			curDataLen -= remaining;
+			curData += remaining;
+
+			if (remaining == 0)
+				return;  // no more data
+
+			// Try a conversion
+			const byte_t* inPtr = m_unconvBuffer;
+			size_t inLength = m_unconvCount;
+			byte_t* outPtr = m_outputBuffer;
+			size_t outLength = sizeof(m_outputBuffer);
+
+			const size_t inLength0 = inLength;
+
+			if (iconv(cd, ICONV_IN_TYPE(&inPtr), &inLength,
+			          ICONV_OUT_TYPE(&outPtr), &outLength) == static_cast <size_t>(-1)) {
+
+				const size_t inputConverted = inLength0 - inLength;
+
+				// Write successfully converted bytes
+				m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+				// Shift unconverted bytes
+				std::copy(
+					m_unconvBuffer + inputConverted,
+					m_unconvBuffer + m_unconvCount, m_unconvBuffer
+				);
+
+				m_unconvCount -= inputConverted;
+
+				continue;
+			}
+
+			// Write successfully converted bytes
+			m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+			// Empty the unconverted buffer
+			m_unconvCount = 0;
+		}
+
+		if (curDataLen == 0) {
+			return;  // no more data
+		}
+
+		// Now, convert the current data buffer
+		const byte_t* inPtr = curData;
+		size_t inLength = std::min(curDataLen, sizeof(m_outputBuffer) / MAX_CHARACTER_WIDTH);
+		byte_t* outPtr = m_outputBuffer;
+		size_t outLength = sizeof(m_outputBuffer);
+
+		const size_t inLength0 = inLength;
+
+		if (iconv(cd, ICONV_IN_TYPE(&inPtr), &inLength,
+		          ICONV_OUT_TYPE(&outPtr), &outLength) == static_cast <size_t>(-1)) {
+
+			// Write successfully converted bytes
+			m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+			const size_t inputConverted = inLength0 - inLength;
+
+			curData += inputConverted;
+			curDataLen -= inputConverted;
+
+			// Put one byte byte into the unconverted buffer so
+			// that the next iteration fill it
+			if (curDataLen != 0) {
+
+				m_unconvCount = 1;
+				m_unconvBuffer[0] = *curData;
+
+				curData++;
+				curDataLen--;
+			}
+
+		} else {
+
+			// Write successfully converted bytes
+			m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+			curData += inLength0;
+			curDataLen -= inLength0;
+		}
+	}
+}
+
+
+void charsetFilteredOutputStream_iconv::flush() {
+
+	if (!m_desc) {
+		throw exceptions::charset_conv_error("Cannot initialize converter.");
+	}
+
+	const iconv_t cd = *static_cast <iconv_t*>(m_desc);
+
+	size_t offset = 0;
+
+	// Process unconverted bytes
+	while (m_unconvCount != 0) {
+
+		// Try a conversion
+		const byte_t* inPtr = m_unconvBuffer + offset;
+		size_t inLength = m_unconvCount;
+		byte_t* outPtr = m_outputBuffer;
+		size_t outLength = sizeof(m_outputBuffer);
+
+		const size_t inLength0 = inLength;
+
+		if (iconv(cd, ICONV_IN_TYPE(&inPtr), &inLength,
+			      ICONV_OUT_TYPE(&outPtr), &outLength) == static_cast <size_t>(-1)) {
+
+			const size_t inputConverted = inLength0 - inLength;
+
+			// Skip a "blocking" character
+			if (inputConverted == 0) {
+
+				if (!m_options.silentlyReplaceInvalidSequences) {
+					throw exceptions::illegal_byte_sequence_for_charset();
+				}
+
+				outputInvalidChar(m_stream, cd);
+
+				offset++;
+				m_unconvCount--;
+
+			} else {
+
+				// Write successfully converted bytes
+				m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+				offset += inputConverted;
+				m_unconvCount -= inputConverted;
+			}
+
+		} else {
+
+			// Write successfully converted bytes
+			m_stream.write(m_outputBuffer, sizeof(m_outputBuffer) - outLength);
+
+			m_unconvCount = 0;
+		}
+	}
+
+	m_stream.flush();
+}
+
+
+} // utility
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONV_LIB_IS_ICONV
diff --git a/vmime-master/src/vmime/charsetConverter_iconv.hpp b/vmime-master/src/vmime/charsetConverter_iconv.hpp
new file mode 100644
index 0000000..c64813c
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_iconv.hpp
@@ -0,0 +1,145 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSETCONVERTER_ICONV_HPP_INCLUDED
+#define VMIME_CHARSETCONVERTER_ICONV_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_CHARSETCONV_LIB_IS_ICONV
+
+
+#include "vmime/charsetConverter.hpp"
+
+
+namespace vmime {
+
+
+/** A generic charset converter which uses iconv library.
+  */
+class charsetConverter_iconv : public charsetConverter {
+
+public:
+
+	/** Construct and initialize an iconv charset converter.
+	  *
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  */
+	charsetConverter_iconv(
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	~charsetConverter_iconv();
+
+	void convert(const string& in, string& out, status* st = NULL);
+	void convert(utility::inputStream& in, utility::outputStream& out, status* st = NULL);
+
+	shared_ptr <utility::charsetFilteredOutputStream> getFilteredOutputStream(
+		utility::outputStream& os,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+private:
+
+	void* m_desc;
+
+	charset m_source;
+	charset m_dest;
+
+	charsetConverterOptions m_options;
+};
+
+
+namespace utility {
+
+
+class charsetFilteredOutputStream_iconv : public charsetFilteredOutputStream {
+
+public:
+
+	/** Construct a new filter for the specified output stream.
+	  *
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param os stream into which write filtered data
+	  * @param opts conversion options
+	  */
+	charsetFilteredOutputStream_iconv(
+		const charset& source,
+		const charset& dest, outputStream* os,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	~charsetFilteredOutputStream_iconv();
+
+
+	outputStream& getNextOutputStream();
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	// Maximum character width in any charset
+	enum { MAX_CHARACTER_WIDTH = 128 };
+
+
+	void* m_desc;
+
+	const charset m_sourceCharset;
+	const charset m_destCharset;
+
+	outputStream& m_stream;
+
+	// Buffer in which unconverted bytes are left until they can
+	// be converted (when more data arrives). The length should be
+	// large enough to contain any character in any charset.
+	byte_t m_unconvBuffer[MAX_CHARACTER_WIDTH];
+	size_t m_unconvCount;
+
+	// Buffer used for conversion. Avoids declaring it in write().
+	// Should be at least MAX_CHARACTER_WIDTH * MAX_CHARACTER_WIDTH.
+	byte_t m_outputBuffer[32768];
+
+	charsetConverterOptions m_options;
+};
+
+
+} // utility
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONV_LIB_IS_ICONV
+
+#endif // VMIME_CHARSETCONVERTER_ICONV_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charsetConverter_icu.cpp b/vmime-master/src/vmime/charsetConverter_icu.cpp
new file mode 100644
index 0000000..55195b7
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_icu.cpp
@@ -0,0 +1,572 @@
+//

+// VMime library (http://www.vmime.org)

+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>

+//

+// This program is free software; you can redistribute it and/or

+// modify it under the terms of the GNU General Public License as

+// published by the Free Software Foundation; either version 3 of

+// the License, or (at your option) any later version.

+//

+// This program is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

+// General Public License for more details.

+//

+// You should have received a copy of the GNU General Public License along

+// with this program; if not, write to the Free Software Foundation, Inc.,

+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

+//

+// Linking this library statically or dynamically with other modules is making

+// a combined work based on this library.  Thus, the terms and conditions of

+// the GNU General Public License cover the whole combination.

+//

+

+#include "vmime/config.hpp"

+

+

+#if VMIME_CHARSETCONV_LIB_IS_ICU

+

+

+#include "vmime/charsetConverter_icu.hpp"

+

+#include "vmime/exception.hpp"

+#include "vmime/utility/inputStreamStringAdapter.hpp"

+#include "vmime/utility/outputStreamStringAdapter.hpp"

+

+

+#ifndef VMIME_BUILDING_DOC

+

+	#include <unicode/ucnv.h>

+	#include <unicode/ucnv_err.h>

+

+#endif // VMIME_BUILDING_DOC

+

+

+#include <unicode/unistr.h>

+

+

+namespace vmime {

+

+

+// static

+shared_ptr <charsetConverter> charsetConverter::createGenericConverter(

+	const charset& source,

+	const charset& dest,

+	const charsetConverterOptions& opts

+) {

+

+	return make_shared <charsetConverter_icu>(source, dest, opts);

+}

+

+

+charsetConverter_icu::charsetConverter_icu(

+	const charset& source,

+	const charset& dest,

+	const charsetConverterOptions& opts

+)

+	: m_from(NULL),

+	  m_to(NULL),

+	  m_source(source),

+	  m_dest(dest),

+	  m_options(opts) {

+

+	UErrorCode err = U_ZERO_ERROR;

+	m_from = ucnv_open(source.getName().c_str(), &err);

+

+	if (!U_SUCCESS(err)) {

+

+		throw exceptions::charset_conv_error(

+			"Cannot initialize ICU converter for source charset '" + source.getName()

+			+ "' (error code: " + u_errorName(err) + "."

+		);

+	}

+

+	m_to = ucnv_open(dest.getName().c_str(), &err);

+

+	if (!U_SUCCESS(err)) {

+

+		throw exceptions::charset_conv_error(

+			"Cannot initialize ICU converter for destination charset '" + dest.getName()

+			+ "' (error code: " + u_errorName(err) + "."

+		);

+	}

+}

+

+

+charsetConverter_icu::~charsetConverter_icu() {

+

+	if (m_from) ucnv_close(m_from);

+	if (m_to) ucnv_close(m_to);

+}

+

+

+void charsetConverter_icu::convert(

+	utility::inputStream& in,

+	utility::outputStream& out,

+	status* st

+) {

+

+	UErrorCode err = U_ZERO_ERROR;

+

+	ucnv_reset(m_from);

+	ucnv_reset(m_to);

+

+	if (st) {

+		new (st) status();

+	}

+

+	// From buffers

+	byte_t cpInBuffer[16]; // stream data put here

+	const size_t outSize = ucnv_getMinCharSize(m_from) * sizeof(cpInBuffer) * sizeof(UChar);

+	std::vector <UChar> uOutBuffer(outSize); // Unicode chars end up here

+

+	// To buffers

+	// converted (char) data end up here

+	const size_t cpOutBufferSz = ucnv_getMaxCharSize(m_to) * outSize;

+	std::vector <char> cpOutBuffer(cpOutBufferSz);

+

+	// Tell ICU what to do when encountering an illegal byte sequence

+	if (m_options.silentlyReplaceInvalidSequences) {

+

+		// Set replacement chars for when converting from Unicode to codepage

+		icu::UnicodeString substString(m_options.invalidSequence.c_str());

+		ucnv_setSubstString(m_to, substString.getTerminatedBuffer(), -1, &err);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting substitution string.");

+		}

+

+	} else {

+

+		// Tell ICU top stop (and return an error) on illegal byte sequences

+		ucnv_setToUCallBack(

+			m_from, UCNV_TO_U_CALLBACK_STOP, UCNV_SUB_STOP_ON_ILLEGAL, NULL, NULL, &err

+		);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting ToU callback.");

+		}

+

+		ucnv_setFromUCallBack(

+			m_to, UCNV_FROM_U_CALLBACK_STOP, UCNV_SUB_STOP_ON_ILLEGAL, NULL, NULL, &err

+		);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting FromU callback.");

+		}

+	}

+

+	// Input data available

+	while (!in.eof()) {

+

+		// Read input data into buffer

+		size_t inLength = in.read(cpInBuffer, sizeof(cpInBuffer));

+

+		// Beginning of read data

+		const char* source = reinterpret_cast <const char*>(&cpInBuffer[0]);

+		const char* sourceLimit = source + inLength; // end + 1

+

+		UBool flush = in.eof();  // is this last run?

+

+		UErrorCode toErr;

+

+		// Loop until all source has been processed

+		do {

+

+			// Set up target pointers

+			UChar* target = &uOutBuffer[0];

+			UChar* targetLimit = &target[0] + outSize;

+

+			toErr = U_ZERO_ERROR;

+

+			ucnv_toUnicode(

+				m_from, &target, targetLimit,

+				&source, sourceLimit, NULL, flush, &toErr

+			);

+

+			if (st) {

+				st->inputBytesRead += (source - reinterpret_cast <const char*>(&cpInBuffer[0]));

+			}

+

+			if (toErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(toErr)) {

+

+				if (toErr == U_INVALID_CHAR_FOUND ||

+				    toErr == U_TRUNCATED_CHAR_FOUND ||

+				    toErr == U_ILLEGAL_CHAR_FOUND) {

+

+					// Error will be thrown later (*)

+

+				} else {

+

+					throw exceptions::charset_conv_error(

+						"[ICU] Error converting to Unicode from " + m_source.getName()

+					);

+				}

+			}

+

+			// The Unicode source is the buffer just written and the limit

+			// is where the previous conversion stopped (target is moved in the conversion)

+			const UChar* uSource = &uOutBuffer[0];

+			UChar* uSourceLimit = &target[0];

+			UErrorCode fromErr;

+

+			// Loop until converted chars are fully written

+			do {

+

+				char* cpTarget = &cpOutBuffer[0];

+				const char* cpTargetLimit = &cpOutBuffer[0] + cpOutBufferSz;

+

+				fromErr = U_ZERO_ERROR;

+

+				// Write converted bytes (Unicode) to destination codepage

+				ucnv_fromUnicode(

+					m_to, &cpTarget, cpTargetLimit,

+					&uSource, uSourceLimit, NULL, flush, &fromErr

+				);

+

+				if (st) {

+

+					// Decrement input bytes count by the number of input bytes in error

+					char errBytes[16];

+					int8_t errBytesLen = sizeof(errBytes);

+					UErrorCode errBytesErr = U_ZERO_ERROR;

+

+	 				ucnv_getInvalidChars(m_from, errBytes, &errBytesLen, &errBytesErr);

+

+					st->inputBytesRead -= errBytesLen;

+					st->outputBytesWritten += cpTarget - &cpOutBuffer[0];

+				}

+

+				// (*) If an error occurred while converting from input charset, throw it now

+				if (toErr == U_INVALID_CHAR_FOUND ||

+				    toErr == U_TRUNCATED_CHAR_FOUND ||

+				    toErr == U_ILLEGAL_CHAR_FOUND) {

+

+					throw exceptions::illegal_byte_sequence_for_charset();

+				}

+

+				if (fromErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(fromErr)) {

+

+					if (fromErr == U_INVALID_CHAR_FOUND ||

+					    fromErr == U_TRUNCATED_CHAR_FOUND ||

+					    fromErr == U_ILLEGAL_CHAR_FOUND) {

+

+						throw exceptions::illegal_byte_sequence_for_charset();

+

+					} else {

+

+						throw exceptions::charset_conv_error(

+							"[ICU] Error converting from Unicode to " + m_dest.getName()

+						);

+					}

+				}

+

+				// Write to destination stream

+				out.write(&cpOutBuffer[0], (cpTarget - &cpOutBuffer[0]));

+

+			} while (fromErr == U_BUFFER_OVERFLOW_ERROR);

+

+		} while (toErr == U_BUFFER_OVERFLOW_ERROR);

+	}

+}

+

+

+void charsetConverter_icu::convert(const string& in, string& out, status* st) {

+

+	if (st) {

+		new (st) status();

+	}

+

+	out.clear();

+

+	utility::inputStreamStringAdapter is(in);

+	utility::outputStreamStringAdapter os(out);

+

+	convert(is, os, st);

+

+	os.flush();

+}

+

+

+shared_ptr <utility::charsetFilteredOutputStream>

+	charsetConverter_icu::getFilteredOutputStream(

+		utility::outputStream& os,

+		const charsetConverterOptions& opts

+	) {

+

+	return make_shared <utility::charsetFilteredOutputStream_icu>(m_source, m_dest, &os, opts);

+}

+

+

+

+// charsetFilteredOutputStream_icu

+

+namespace utility {

+

+

+charsetFilteredOutputStream_icu::charsetFilteredOutputStream_icu(

+	const charset& source,

+	const charset& dest,

+	outputStream* os,

+	const charsetConverterOptions& opts

+)

+	: m_from(NULL),

+	  m_to(NULL),

+	  m_sourceCharset(source),

+	  m_destCharset(dest),

+	  m_stream(*os),

+	  m_options(opts) {

+

+	UErrorCode err = U_ZERO_ERROR;

+	m_from = ucnv_open(source.getName().c_str(), &err);

+

+	if (!U_SUCCESS(err)) {

+

+		throw exceptions::charset_conv_error(

+			"Cannot initialize ICU converter for source charset '" + source.getName()

+			+ "' (error code: " + u_errorName(err) + "."

+		);

+	}

+

+	m_to = ucnv_open(dest.getName().c_str(), &err);

+

+	if (!U_SUCCESS(err)) {

+

+		throw exceptions::charset_conv_error(

+			"Cannot initialize ICU converter for destination charset '" + dest.getName()

+			+ "' (error code: " + u_errorName(err) + "."

+		);

+	}

+

+	// Tell ICU what to do when encountering an illegal byte sequence

+	if (m_options.silentlyReplaceInvalidSequences) {

+

+		// Set replacement chars for when converting from Unicode to codepage

+		icu::UnicodeString substString(m_options.invalidSequence.c_str());

+		ucnv_setSubstString(m_to, substString.getTerminatedBuffer(), -1, &err);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting substitution string.");

+		}

+

+	} else {

+

+		// Tell ICU top stop (and return an error) on illegal byte sequences

+		ucnv_setToUCallBack(

+			m_to, UCNV_TO_U_CALLBACK_STOP, UCNV_SUB_STOP_ON_ILLEGAL, NULL, NULL, &err

+		);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting ToU callback.");

+		}

+

+		ucnv_setFromUCallBack(

+			m_to, UCNV_FROM_U_CALLBACK_STOP, UCNV_SUB_STOP_ON_ILLEGAL, NULL, NULL, &err

+		);

+

+		if (U_FAILURE(err)) {

+			throw exceptions::charset_conv_error("[ICU] Error when setting FromU callback.");

+		}

+	}

+}

+

+

+charsetFilteredOutputStream_icu::~charsetFilteredOutputStream_icu() {

+

+	if (m_from) ucnv_close(m_from);

+	if (m_to) ucnv_close(m_to);

+}

+

+

+outputStream& charsetFilteredOutputStream_icu::getNextOutputStream() {

+

+	return m_stream;

+}

+

+

+void charsetFilteredOutputStream_icu::writeImpl(

+	const byte_t* const data,

+	const size_t count

+) {

+

+	if (!m_from || !m_to) {

+		throw exceptions::charset_conv_error("Cannot initialize converters.");

+	}

+

+	// Allocate buffer for Unicode chars

+	const size_t uniSize = ucnv_getMinCharSize(m_from) * count * sizeof(UChar);

+	std::vector <UChar> uniBuffer(uniSize);

+

+	// Conversion loop

+	UErrorCode toErr = U_ZERO_ERROR;

+

+	const char* uniSource = reinterpret_cast <const char*>(data);

+	const char* uniSourceLimit = uniSource + count;

+

+	do {

+

+		// Convert from source charset to Unicode

+		UChar* uniTarget = &uniBuffer[0];

+		UChar* uniTargetLimit = &uniBuffer[0] + uniSize;

+

+		toErr = U_ZERO_ERROR;

+

+		ucnv_toUnicode(

+			m_from, &uniTarget, uniTargetLimit,

+			&uniSource, uniSourceLimit, NULL, /* flush */ FALSE, &toErr

+		);

+

+		if (U_FAILURE(toErr) && toErr != U_BUFFER_OVERFLOW_ERROR) {

+

+			if (toErr == U_INVALID_CHAR_FOUND ||

+			    toErr == U_TRUNCATED_CHAR_FOUND ||

+			    toErr == U_ILLEGAL_CHAR_FOUND) {

+

+				throw exceptions::illegal_byte_sequence_for_charset();

+

+			} else {

+

+				throw exceptions::charset_conv_error(

+					"[ICU] Error converting to Unicode from '" + m_sourceCharset.getName() + "'."

+				);

+			}

+		}

+

+		const size_t uniLength = uniTarget - &uniBuffer[0];

+

+		// Allocate buffer for destination charset

+		const size_t cpSize = ucnv_getMinCharSize(m_to) * uniLength;

+		std::vector <char> cpBuffer(cpSize);

+

+		// Convert from Unicode to destination charset

+		UErrorCode fromErr = U_ZERO_ERROR;

+

+		const UChar* cpSource = &uniBuffer[0];

+		const UChar* cpSourceLimit = &uniBuffer[0] + uniLength;

+

+		do {

+

+			char* cpTarget = &cpBuffer[0];

+			char* cpTargetLimit = &cpBuffer[0] + cpSize;

+

+			fromErr = U_ZERO_ERROR;

+

+			ucnv_fromUnicode(

+				m_to, &cpTarget, cpTargetLimit,

+				&cpSource, cpSourceLimit, NULL, /* flush */ FALSE, &fromErr

+			);

+

+			if (fromErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(fromErr)) {

+

+				if (fromErr == U_INVALID_CHAR_FOUND ||

+				    fromErr == U_TRUNCATED_CHAR_FOUND ||

+				    fromErr == U_ILLEGAL_CHAR_FOUND) {

+

+					throw exceptions::illegal_byte_sequence_for_charset();

+

+				} else {

+

+					throw exceptions::charset_conv_error(

+						"[ICU] Error converting from Unicode to '" + m_destCharset.getName() + "'."

+					);

+				}

+			}

+

+			const size_t cpLength = cpTarget - &cpBuffer[0];

+

+			// Write successfully converted bytes

+			m_stream.write(&cpBuffer[0], cpLength);

+

+		} while (fromErr == U_BUFFER_OVERFLOW_ERROR);

+

+	} while (toErr == U_BUFFER_OVERFLOW_ERROR);

+}

+

+

+void charsetFilteredOutputStream_icu::flush() {

+

+	if (!m_from || !m_to) {

+		throw exceptions::charset_conv_error("Cannot initialize converters.");

+	}

+

+	// Allocate buffer for Unicode chars

+	const size_t uniSize = ucnv_getMinCharSize(m_from) * 1024 * sizeof(UChar);

+	std::vector <UChar> uniBuffer(uniSize);

+

+	// Conversion loop (with flushing)

+	UErrorCode toErr = U_ZERO_ERROR;

+

+	const char* uniSource = 0;

+	const char* uniSourceLimit = 0;

+

+	do {

+

+		// Convert from source charset to Unicode

+		UChar* uniTarget = &uniBuffer[0];

+		UChar* uniTargetLimit = &uniBuffer[0] + uniSize;

+

+		toErr = U_ZERO_ERROR;

+

+		ucnv_toUnicode(

+			m_from, &uniTarget, uniTargetLimit,

+			&uniSource, uniSourceLimit, NULL, /* flush */ TRUE, &toErr

+		);

+

+		if (U_FAILURE(toErr) && toErr != U_BUFFER_OVERFLOW_ERROR) {

+

+			throw exceptions::charset_conv_error(

+				"[ICU] Error converting to Unicode from '" + m_sourceCharset.getName() + "'."

+			);

+		}

+

+		const size_t uniLength = uniTarget - &uniBuffer[0];

+

+		// Allocate buffer for destination charset

+		const size_t cpSize = ucnv_getMinCharSize(m_to) * uniLength;

+		std::vector <char> cpBuffer(cpSize);

+

+		// Convert from Unicode to destination charset

+		UErrorCode fromErr = U_ZERO_ERROR;

+

+		const UChar* cpSource = &uniBuffer[0];

+		const UChar* cpSourceLimit = &uniBuffer[0] + uniLength;

+

+		do {

+

+			char* cpTarget = &cpBuffer[0];

+			char* cpTargetLimit = &cpBuffer[0] + cpSize;

+

+			fromErr = U_ZERO_ERROR;

+

+			ucnv_fromUnicode(

+				m_to, &cpTarget, cpTargetLimit,

+				&cpSource, cpSourceLimit, NULL, /* flush */ TRUE, &fromErr

+			);

+

+			if (fromErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(fromErr)) {

+

+				throw exceptions::charset_conv_error(

+					"[ICU] Error converting from Unicode to '" + m_destCharset.getName() + "'."

+				);

+			}

+

+			const size_t cpLength = cpTarget - &cpBuffer[0];

+

+			// Write successfully converted bytes

+			m_stream.write(&cpBuffer[0], cpLength);

+

+		} while (fromErr == U_BUFFER_OVERFLOW_ERROR);

+

+	} while (toErr == U_BUFFER_OVERFLOW_ERROR);

+

+	m_stream.flush();

+}

+

+

+} // utility

+

+

+} // vmime

+

+

+#endif // VMIME_CHARSETCONV_LIB_IS_ICU

diff --git a/vmime-master/src/vmime/charsetConverter_icu.hpp b/vmime-master/src/vmime/charsetConverter_icu.hpp
new file mode 100644
index 0000000..cf5eb6b
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_icu.hpp
@@ -0,0 +1,137 @@
+//

+// VMime library (http://www.vmime.org)

+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>

+//

+// This program is free software; you can redistribute it and/or

+// modify it under the terms of the GNU General Public License as

+// published by the Free Software Foundation; either version 3 of

+// the License, or (at your option) any later version.

+//

+// This program is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

+// General Public License for more details.

+//

+// You should have received a copy of the GNU General Public License along

+// with this program; if not, write to the Free Software Foundation, Inc.,

+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

+//

+// Linking this library statically or dynamically with other modules is making

+// a combined work based on this library.  Thus, the terms and conditions of

+// the GNU General Public License cover the whole combination.

+//

+

+#ifndef VMIME_CHARSETCONVERTER_ICU_HPP_INCLUDED

+#define VMIME_CHARSETCONVERTER_ICU_HPP_INCLUDED

+

+

+#include "vmime/config.hpp"

+

+

+#if VMIME_CHARSETCONV_LIB_IS_ICU

+

+

+#include "vmime/charsetConverter.hpp"

+

+

+struct UConverter;

+

+

+namespace vmime {

+

+

+/** A generic charset converter which uses ICU library.

+  */

+class charsetConverter_icu : public charsetConverter {

+

+public:

+

+	/** Construct and initialize an ICU charset converter.

+	  *

+	  * @param source input charset

+	  * @param dest output charset

+	  * @param opts conversion options

+	  */

+	charsetConverter_icu(

+		const charset& source,

+		const charset& dest,

+		const charsetConverterOptions& opts = charsetConverterOptions()

+	);

+

+	~charsetConverter_icu();

+

+	void convert(const string& in, string& out, status* st = NULL);

+	void convert(utility::inputStream& in, utility::outputStream& out, status* st = NULL);

+

+	shared_ptr <utility::charsetFilteredOutputStream> getFilteredOutputStream(

+		utility::outputStream& os,

+		const charsetConverterOptions& opts = charsetConverterOptions()

+	);

+

+private:

+

+	UConverter* m_from;

+	UConverter* m_to;

+

+	charset m_source;

+	charset m_dest;

+

+	charsetConverterOptions m_options;

+};

+

+

+namespace utility {

+

+

+class charsetFilteredOutputStream_icu : public charsetFilteredOutputStream {

+

+public:

+

+	/** Construct a new filter for the specified output stream.

+	  *

+	  * @param source input charset

+	  * @param dest output charset

+	  * @param os stream into which write filtered data

+	  * @param opts conversion options

+	  */

+	charsetFilteredOutputStream_icu(

+		const charset& source,

+		const charset& dest,

+		outputStream* os,

+		const charsetConverterOptions& opts = charsetConverterOptions()

+	);

+

+	~charsetFilteredOutputStream_icu();

+

+

+	outputStream& getNextOutputStream();

+

+	void flush();

+

+protected:

+

+	void writeImpl(const byte_t* const data, const size_t count);

+

+private:

+

+	UConverter* m_from;

+	UConverter* m_to;

+

+	const charset m_sourceCharset;

+	const charset m_destCharset;

+

+	outputStream& m_stream;

+

+	charsetConverterOptions m_options;

+};

+

+

+} // utility

+

+

+} // vmime

+

+

+#endif // VMIME_CHARSETCONV_LIB_IS_ICU

+

+#endif // VMIME_CHARSETCONVERTER_ICU_HPP_INCLUDED

diff --git a/vmime-master/src/vmime/charsetConverter_idna.cpp b/vmime-master/src/vmime/charsetConverter_idna.cpp
new file mode 100644
index 0000000..eb8764f
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_idna.cpp
@@ -0,0 +1,208 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/charsetConverter_idna.hpp"
+
+#include "vmime/exception.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/streamUtils.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+
+extern "C" {
+
+#include "contrib/punycode/punycode.h"
+#include "contrib/punycode/punycode.c"
+
+}
+
+#include "contrib/utf8/utf8.h"
+
+
+namespace vmime {
+
+
+charsetConverter_idna::charsetConverter_idna(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+)
+	: m_source(source),
+	  m_dest(dest),
+	  m_options(opts) {
+
+}
+
+
+charsetConverter_idna::~charsetConverter_idna() {
+
+}
+
+
+void charsetConverter_idna::convert(utility::inputStream& in, utility::outputStream& out, status* st) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	// IDNA should be used for short strings, so it does not matter if we
+	// do not work directly on the stream
+	string inStr;
+	vmime::utility::outputStreamStringAdapter os(inStr);
+	vmime::utility::bufferedStreamCopy(in, os);
+
+	string outStr;
+	convert(inStr, outStr, st);
+
+	out << outStr;
+}
+
+
+void charsetConverter_idna::convert(const string& in, string& out, status* st) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	out.clear();
+
+	if (m_dest == "idna") {
+
+		if (utility::stringUtils::is7bit(in)) {
+
+			if (st) {
+				st->inputBytesRead = in.length();
+				st->outputBytesWritten = in.length();
+			}
+
+			// No need to encode as Punycode
+			out = in;
+			return;
+		}
+
+		string inUTF8;
+		charset::convert(in, inUTF8, m_source, vmime::charsets::UTF_8);
+
+		const char* ch = inUTF8.c_str();
+		const char* end = inUTF8.c_str() + inUTF8.length();
+
+		std::vector <punycode_uint> unichars;
+		unichars.reserve(inUTF8.length());
+
+		while (ch < end) {
+			const utf8::uint32_t uc = utf8::unchecked::next(ch);
+			unichars.push_back(uc);
+		}
+
+		if (st) {
+			st->inputBytesRead = in.length();
+		}
+
+		punycode_uint inputLen = static_cast <punycode_uint>(unichars.size());
+
+		std::vector <char> output(inUTF8.length() * 2);
+		punycode_uint outputLen = static_cast <punycode_uint>(output.size());
+
+		const punycode_status status = punycode_encode(
+			inputLen, &unichars[0], /* case_flags */ NULL, &outputLen, &output[0]
+		);
+
+		if (status == punycode_success) {
+
+			out = string("xn--") + string(output.begin(), output.begin() + outputLen);
+
+			if (st) {
+				st->outputBytesWritten = out.length();
+			}
+
+		} else {
+
+			// TODO
+		}
+
+	} else if (m_source == "idna") {
+
+		if (in.length() < 5 || in.substr(0, 4) != "xn--") {
+
+			if (st) {
+				st->inputBytesRead = in.length();
+				st->outputBytesWritten = in.length();
+			}
+
+			// Not an IDNA string
+			out = in;
+			return;
+		}
+
+		punycode_uint inputLen = static_cast <punycode_uint>(in.length() - 4);
+
+		std::vector <punycode_uint> output(in.length() - 4);
+		punycode_uint outputLen = static_cast <punycode_uint>(output.size());
+
+		const punycode_status status = punycode_decode(
+		inputLen, &in[4], &outputLen, &output[0], /* case_flags */ NULL
+		);
+
+		if (st) {
+			st->inputBytesRead = in.length();
+		}
+
+		if (status == punycode_success) {
+
+			std::vector <char> outUTF8Bytes(outputLen * 4);
+			char* p = &outUTF8Bytes[0];
+
+			for (std::vector <punycode_uint>::const_iterator it = output.begin() ;
+			     it != output.begin() + outputLen ; ++it) {
+
+				p = utf8::unchecked::append(*it, p);
+			}
+
+			string outUTF8(&outUTF8Bytes[0], p);
+			charset::convert(outUTF8, out, vmime::charsets::UTF_8, m_dest);
+
+			if (st) {
+				st->outputBytesWritten = out.length();
+			}
+
+		} else {
+
+			// TODO
+		}
+	}
+}
+
+
+shared_ptr <utility::charsetFilteredOutputStream>
+	charsetConverter_idna::getFilteredOutputStream(
+		utility::outputStream& /* os */,
+		const charsetConverterOptions& /* opts */
+	) {
+
+	// Not supported
+	return null;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/charsetConverter_idna.hpp b/vmime-master/src/vmime/charsetConverter_idna.hpp
new file mode 100644
index 0000000..aaf547d
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_idna.hpp
@@ -0,0 +1,74 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSETCONVERTER_IDNA_HPP_INCLUDED
+#define VMIME_CHARSETCONVERTER_IDNA_HPP_INCLUDED
+
+
+#include "vmime/charsetConverter.hpp"
+
+
+namespace vmime {
+
+
+/** A charset converter which can convert to and from Punycode (for IDNA).
+  */
+class charsetConverter_idna : public charsetConverter {
+
+public:
+
+	/** Construct and initialize an IDNA charset converter.
+	  *
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  */
+	charsetConverter_idna(
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	~charsetConverter_idna();
+
+	void convert(const string& in, string& out, status* st = NULL);
+	void convert(utility::inputStream& in, utility::outputStream& out, status* st = NULL);
+
+	shared_ptr <utility::charsetFilteredOutputStream> getFilteredOutputStream(
+		utility::outputStream& os,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+private:
+
+	charset m_source;
+	charset m_dest;
+
+	charsetConverterOptions m_options;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONVERTER_IDNA_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/charsetConverter_win.cpp b/vmime-master/src/vmime/charsetConverter_win.cpp
new file mode 100644
index 0000000..eab1829
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_win.cpp
@@ -0,0 +1,227 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_CHARSETCONV_LIB_IS_WIN
+
+
+#include "vmime/charsetConverter_win.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+#include <string.h>
+#include <stdlib.h>
+
+
+#if (_WIN32 || _WIN64 || WIN32 || WIN64)
+	#include <windows.h>
+	#include "vmime/platforms/windows/windowsCodepages.hpp"
+#else
+	#error Please use VMIME_CHARSETCONV_LIB_IS_WIN only on Windows!
+#endif
+
+
+#define CP_UNICODE   1200
+
+
+namespace vmime {
+
+
+// static
+shared_ptr <charsetConverter> charsetConverter::createGenericConverter(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+) {
+
+	return make_shared <charsetConverter_win>(source, dest, opts);
+}
+
+
+charsetConverter_win::charsetConverter_win(
+	const charset& source,
+	const charset& dest,
+	const charsetConverterOptions& opts
+)
+	: m_source(source),
+	  m_dest(dest),
+	  m_options(opts) {
+
+}
+
+
+void charsetConverter_win::convert(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	status* st
+) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	byte_t buffer[32768];
+	string inStr, outStr;
+
+	while (!in.eof()) {
+		const size_t len = in.read(buffer, sizeof(buffer));
+		utility::stringUtils::appendBytesToString(inStr, buffer, len);
+	}
+
+	convert(inStr, outStr, st);
+
+	out.write(outStr.data(), outStr.length());
+}
+
+
+void charsetConverter_win::convert(const string& in, string& out, status* st) {
+
+	if (st) {
+		new (st) status();
+	}
+
+	const int sourceCodePage = getCodePage(m_source.getName().c_str());
+	const int destCodePage = getCodePage(m_dest.getName().c_str());
+
+	// Convert from source charset to Unicode
+	std::vector <char> unicodeBuffer;
+	const WCHAR* unicodePtr = NULL;
+	size_t unicodeLen = 0;
+
+	if (sourceCodePage == CP_UNICODE) {
+
+		unicodePtr = reinterpret_cast <const WCHAR*>(in.c_str());
+		unicodeLen = in.length() / 2;
+
+	} else {
+
+ 		const size_t bufferSize = MultiByteToWideChar(
+ 			sourceCodePage, 0, in.c_str(), static_cast <int>(in.length()), NULL, 0
+ 		) * sizeof(WCHAR); // in wide characters
+
+		unicodeBuffer.resize(bufferSize);
+
+		DWORD flags = 0;
+
+		if (!m_options.silentlyReplaceInvalidSequences) {
+			flags |= MB_ERR_INVALID_CHARS;
+		}
+
+		unicodePtr = reinterpret_cast <const WCHAR*>(&unicodeBuffer[0]);
+		unicodeLen = MultiByteToWideChar(
+			sourceCodePage, 0, in.c_str(), static_cast <int>(in.length()),
+			reinterpret_cast <WCHAR*>(&unicodeBuffer[0]), static_cast <int>(bufferSize)
+		);
+
+		if (unicodeLen == 0) {
+
+			if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+
+				throw exceptions::illegal_byte_sequence_for_charset();
+
+			} else {
+
+				throw exceptions::charset_conv_error(
+					"MultiByteToWideChar() failed when converting to Unicode from " + m_source.getName()
+				);
+			}
+		}
+	}
+
+	// Convert from Unicode to destination charset
+	if (destCodePage == CP_UNICODE) {
+
+		out.assign(reinterpret_cast <const char*>(unicodePtr), unicodeLen * 2);
+
+	} else {
+
+		const size_t bufferSize = WideCharToMultiByte(
+			destCodePage, 0, unicodePtr, static_cast <int>(unicodeLen),
+			NULL, 0, 0, NULL
+		);  // in multibyte characters
+
+		std::vector <char> buffer;
+		buffer.resize(bufferSize);
+
+		const size_t len = WideCharToMultiByte(
+			destCodePage, 0, unicodePtr, static_cast <int>(unicodeLen),
+			&buffer[0], static_cast <int>(bufferSize), 0, NULL
+		);
+
+		if (len == 0) {
+
+			if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+
+				throw exceptions::illegal_byte_sequence_for_charset();
+
+			} else {
+
+				throw exceptions::charset_conv_error(
+					"WideCharToMultiByte() failed when converting from Unicode to " + m_source.getName()
+				);
+			}
+		}
+
+		out.assign(&buffer[0], len);
+	}
+}
+
+
+// static
+int charsetConverter_win::getCodePage(const char* name) {
+
+	if (_stricmp(name, charsets::UTF_16) == 0) {  // wchar_t is UTF-16 on Windows
+		return CP_UNICODE;
+	}
+
+	// "cp1252" --> return 1252
+	if ((name[0] == 'c' || name[0] == 'C') &&
+	    (name[1] == 'p' || name[1] == 'P')) {
+
+		return atoi(name + 2);
+	}
+
+	return vmime::platforms::windows::windowsCodepages::getByName(name);  // throws
+}
+
+
+shared_ptr <utility::charsetFilteredOutputStream>
+	charsetConverter_win::getFilteredOutputStream(
+		utility::outputStream& /* os */,
+		const charsetConverterOptions& /* opts */
+	) {
+
+	// TODO: implement me!
+	return null;
+}
+
+
+} // vmime
+
+
+#endif // VMIME_CHARSETCONV_LIB_IS_WIN
diff --git a/vmime-master/src/vmime/charsetConverter_win.hpp b/vmime-master/src/vmime/charsetConverter_win.hpp
new file mode 100644
index 0000000..d20970b
--- /dev/null
+++ b/vmime-master/src/vmime/charsetConverter_win.hpp
@@ -0,0 +1,91 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CHARSETCONVERTER_WIN_HPP_INCLUDED
+#define VMIME_CHARSETCONVERTER_WIN_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_CHARSETCONV_LIB_IS_WIN
+
+
+#include "vmime/charsetConverter.hpp"
+
+
+namespace vmime {
+
+
+/** A generic charset converter which uses Windows MultiByteToWideChar
+  * and WideCharToMultiByte API functions.
+  *
+  * ICU or iconv library should always be preferred over this one, even
+  * on Windows platform, as MultiByteToWideChar() and WideCharToMultiByte()
+  * functions cannot be used easily with streams (no context). Moreover,
+  * error handling is very poor, in particular when an invalid sequence
+  * is found...
+  *
+  * Also, "status" is not supported by this converter for the same reason.
+  */
+class charsetConverter_win : public charsetConverter {
+
+public:
+
+	/** Construct and initialize a Windows charset converter.
+	  *
+	  * @param source input charset
+	  * @param dest output charset
+	  * @param opts conversion options
+	  */
+	charsetConverter_win(
+		const charset& source,
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	);
+
+	void convert(const string& in, string& out, status* st);
+	void convert(utility::inputStream& in, utility::outputStream& out, status* st);
+
+	shared_ptr <utility::charsetFilteredOutputStream> getFilteredOutputStream(
+		utility::outputStream& os,
+		const charsetConverterOptions& opts
+	);
+
+private:
+
+	static int getCodePage(const char* name);
+
+	charset m_source;
+	charset m_dest;
+
+	charsetConverterOptions m_options;
+};
+
+
+} // namespace
+
+
+#endif // VMIME_CHARSETCONV_LIB_IS_WIN
+
+#endif // VMIME_CHARSETCONVERTER_WIN_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/component.cpp b/vmime-master/src/vmime/component.cpp
new file mode 100644
index 0000000..7adf8f7
--- /dev/null
+++ b/vmime-master/src/vmime/component.cpp
@@ -0,0 +1,275 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/component.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/utility/streamUtils.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+
+
+component::component()
+	: m_parsedOffset(0), m_parsedLength(0) {
+
+}
+
+
+component::~component() {
+
+}
+
+
+void component::parse(
+	const shared_ptr <utility::inputStream>& inputStream,
+	const size_t length
+) {
+
+	parse(inputStream, 0, length, NULL);
+}
+
+
+void component::parse(
+	const shared_ptr <utility::inputStream>& inputStream,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition) {
+
+	parse(parsingContext::getDefaultContext(), inputStream, position, end, newPosition);
+}
+
+
+void component::parse(
+	const parsingContext& ctx,
+	const shared_ptr <utility::inputStream>& inputStream,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_parsedOffset = m_parsedLength = 0;
+
+	shared_ptr <utility::seekableInputStream> seekableStream =
+		dynamicCast <utility::seekableInputStream>(inputStream);
+
+	if (!seekableStream || end == 0) {
+
+		// Read the whole stream into a buffer
+		std::ostringstream oss;
+		utility::outputStreamAdapter ossAdapter(oss);
+
+		utility::bufferedStreamCopyRange(*inputStream, ossAdapter, position, end - position);
+
+		const string buffer = oss.str();
+		parseImpl(ctx, buffer, 0, buffer.length(), NULL);
+
+	} else {
+
+		shared_ptr <utility::parserInputStreamAdapter> parser =
+			make_shared <utility::parserInputStreamAdapter>(seekableStream);
+
+		parseImpl(ctx, parser, position, end, newPosition);
+	}
+}
+
+
+void component::parse(const string& buffer) {
+
+	m_parsedOffset = m_parsedLength = 0;
+
+	parseImpl(parsingContext::getDefaultContext(), buffer, 0, buffer.length(), NULL);
+}
+
+
+void component::parse(const parsingContext& ctx, const string& buffer) {
+
+	m_parsedOffset = m_parsedLength = 0;
+
+	parseImpl(ctx, buffer, 0, buffer.length(), NULL);
+}
+
+
+void component::parse(
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_parsedOffset = m_parsedLength = 0;
+
+	parseImpl(parsingContext::getDefaultContext(), buffer, position, end, newPosition);
+}
+
+
+void component::parse(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end, size_t* newPosition
+) {
+
+	m_parsedOffset = m_parsedLength = 0;
+
+	parseImpl(ctx, buffer, position, end, newPosition);
+}
+
+
+void component::offsetParsedBounds(const size_t offset) {
+
+	// Offset parsed bounds of this component
+	if (m_parsedLength != 0) {
+		m_parsedOffset += offset;
+	}
+
+	// Offset parsed bounds of our children
+	std::vector <shared_ptr <component> > children = getChildComponents();
+
+	for (size_t i = 0, n = children.size() ; i < n ; ++i) {
+		children[i]->offsetParsedBounds(offset);
+	}
+}
+
+
+void component::parseImpl(
+	const parsingContext& ctx,
+	const shared_ptr <utility::parserInputStreamAdapter>& parser,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	// This is the default implementation for parsing from an input stream:
+	// actually, we extract the substring and use the "parse from string" implementation
+	const string buffer = parser->extract(position, end);
+	parseImpl(ctx, buffer, 0, buffer.length(), newPosition);
+
+	// Recursivey offset parsed bounds on children
+	if (position != 0) {
+		offsetParsedBounds(position);
+	}
+
+	if (newPosition) {
+		*newPosition += position;
+	}
+}
+
+
+void component::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition) {
+
+	// This is the default implementation for parsing from a string:
+	// actually, we encapsulate the string buffer in an input stream, then use
+	// the "parse from input stream" implementation
+	shared_ptr <utility::seekableInputStream> stream =
+		make_shared <utility::inputStreamStringAdapter>(buffer);
+
+	shared_ptr <utility::parserInputStreamAdapter> parser =
+		make_shared <utility::parserInputStreamAdapter>(stream);
+
+	parseImpl(ctx, parser, position, end, newPosition);
+}
+
+
+const string component::generate(
+	const size_t maxLineLength,
+	const size_t curLinePos
+) const {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter adapter(oss);
+
+	generationContext ctx(generationContext::getDefaultContext());
+	ctx.setMaxLineLength(maxLineLength);
+
+	generateImpl(ctx, adapter, curLinePos, NULL);
+
+	return oss.str();
+}
+
+
+void component::generate(
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	generateImpl(generationContext::getDefaultContext(), os, curLinePos, newLinePos);
+}
+
+
+void component::generate(
+	const generationContext& ctx,
+	utility::outputStream& outputStream,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	generateImpl(ctx, outputStream, curLinePos, newLinePos);
+}
+
+
+size_t component::getParsedOffset() const {
+
+	return m_parsedOffset;
+}
+
+
+size_t component::getParsedLength() const {
+
+	return m_parsedLength;
+}
+
+
+void component::setParsedBounds(const size_t start, const size_t end) {
+
+	m_parsedOffset = start;
+	m_parsedLength = end - start;
+}
+
+
+size_t component::getGeneratedSize(const generationContext& ctx) {
+
+	std::vector <shared_ptr <component> > children = getChildComponents();
+	size_t totalSize = 0;
+
+	for (std::vector <shared_ptr <component> >::iterator it = children.begin() ;
+	     it != children.end() ; ++it) {
+
+		totalSize += (*it)->getGeneratedSize(ctx);
+	}
+
+	return totalSize;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/component.hpp b/vmime-master/src/vmime/component.hpp
new file mode 100644
index 0000000..91164c3
--- /dev/null
+++ b/vmime-master/src/vmime/component.hpp
@@ -0,0 +1,265 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_COMPONENT_HPP_INCLUDED
+#define VMIME_COMPONENT_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/utility/inputStream.hpp"
+#include "vmime/utility/seekableInputStream.hpp"
+#include "vmime/utility/parserInputStreamAdapter.hpp"
+#include "vmime/utility/outputStream.hpp"
+#include "vmime/generationContext.hpp"
+#include "vmime/parsingContext.hpp"
+
+
+namespace vmime {
+
+
+/** This abstract class is the base class for all the components of a message.
+  * It defines methods for parsing and generating a component.
+  */
+class VMIME_EXPORT component : public object {
+
+public:
+
+	component();
+	virtual ~component();
+
+	/** Parse RFC-822/MIME data for this component, using the default
+	  * parsing context.
+	  *
+	  * @param buffer input buffer
+	  */
+	void parse(const string& buffer);
+
+	/** Parse RFC-822/MIME data for this component.
+	  *
+	  * @param ctx parsing context
+	  * @param buffer input buffer
+	  */
+	void parse(const parsingContext& ctx, const string& buffer);
+
+	/** Parse RFC-822/MIME data for this component. If stream is not seekable,
+	  * or if length is not specified, entire contents of the stream will
+	  * be loaded into memory before parsing.
+	  *
+	  * @param inputStream stream from which to read data
+	  * @param length data length, in bytes (0 = unknown/not specified)
+	  */
+	void parse(const shared_ptr <utility::inputStream>& inputStream, const size_t length);
+
+	/** Parse RFC-822/MIME data for this component, using the default
+	  * parsing context.
+	  *
+	  * @param buffer input buffer
+	  * @param position current position in the input buffer
+	  * @param end end position in the input buffer
+	  * @param newPosition will receive the new position in the input buffer
+	  */
+	void parse(
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	/** Parse RFC-822/MIME data for this component.
+	  *
+	  * @param ctx parsing context
+	  * @param buffer input buffer
+	  * @param position current position in the input buffer
+	  * @param end end position in the input buffer
+	  * @param newPosition will receive the new position in the input buffer
+	  */
+	void parse(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	/** Parse RFC-822/MIME data for this component. If stream is not seekable,
+	  * or if end position is not specified, entire contents of the stream will
+	  * be loaded into memory before parsing. The default parsing context
+	  * will be used.
+	  *
+	  * @param inputStream stream from which to read data
+	  * @param position current position in the input stream
+	  * @param end end position in the input stream
+	  * @param newPosition will receive the new position in the input stream
+	  */
+	void parse(
+		const shared_ptr <utility::inputStream>& inputStream,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	/** Parse RFC-822/MIME data for this component. If stream is not seekable,
+	  * or if end position is not specified, entire contents of the stream will
+	  * be loaded into memory before parsing.
+	  *
+	  * @param ctx parsing context
+	  * @param inputStream stream from which to read data
+	  * @param position current position in the input stream
+	  * @param end end position in the input stream
+	  * @param newPosition will receive the new position in the input stream
+	  */
+	void parse(
+		const parsingContext& ctx,
+		const shared_ptr <utility::inputStream>& inputStream,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	/** Generate RFC-2822/MIME data for this component.
+	  *
+	  * \deprecated Use the new generate() method, which takes an outputStream parameter.
+	  *
+	  * @param maxLineLength maximum line length for output
+	  * @param curLinePos length of the current line in the output buffer
+	  * @return generated data
+	  */
+	virtual const string generate(
+		const size_t maxLineLength = lineLengthLimits::infinite,
+		const size_t curLinePos = 0
+	) const;
+
+	/** Generate RFC-2822/MIME data for this component, using the default generation context.
+	  *
+	  * @param outputStream output stream
+	  * @param curLinePos length of the current line in the output buffer
+	  * @param newLinePos will receive the new line position (length of the last line written)
+	  */
+	virtual void generate(
+		utility::outputStream& outputStream,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+	/** Generate RFC-2822/MIME data for this component, using the default generation context.
+	  *
+	  * @param ctx generation context
+	  * @param outputStream output stream
+	  * @param curLinePos length of the current line in the output buffer
+	  * @param newLinePos will receive the new line position (length of the last line written)
+	  */
+	virtual void generate(
+		const generationContext& ctx,
+		utility::outputStream& outputStream,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+	/** Clone this component.
+	  *
+	  * @return a copy of this component
+	  */
+	virtual shared_ptr <component> clone() const = 0;
+
+	/** Replace data in this component by data in other component.
+	  * Both components must be of the same type.
+	  *
+	  * @throw std::bad_cast_exception if the components are not
+	  * of the same (dynamic) type
+	  * @param other other component to copy data from
+	  */
+	virtual void copyFrom(const component& other) = 0;
+
+	/** Return the start position of this component in the
+	  * parsed message contents. Use for debugging only.
+	  *
+	  * @return start position in parsed buffer
+	  * or 0 if this component has not been parsed
+	  */
+	size_t getParsedOffset() const;
+
+	/** Return the length of this component in the
+	  * parsed message contents. Use for debugging only.
+	  *
+	  * @return length of the component in parsed buffer
+	  * or 0 if this component has not been parsed
+	  */
+	size_t getParsedLength() const;
+
+	/** Return the list of children of this component.
+	  *
+	  * @return list of child components
+	  */
+	virtual const std::vector <shared_ptr <component> > getChildComponents() = 0;
+
+	/** Get the number of bytes that will be used by this component when
+	  * it is generated. This may be a heuristically-derived estimate,
+	  * but such an estimated size should always be larger than the actual
+	  * generated size.
+	  *
+	  * @param ctx generation context
+	  * @return component size when generated
+	  */
+	virtual size_t getGeneratedSize(const generationContext& ctx);
+
+protected:
+
+	void setParsedBounds(const size_t start, const size_t end);
+
+	// AT LEAST ONE of these parseImpl() functions MUST be implemented in derived class
+	virtual void parseImpl(
+		const parsingContext& ctx,
+		const shared_ptr <utility::parserInputStreamAdapter>& parser,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	virtual void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	virtual void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const = 0;
+
+private:
+
+	void offsetParsedBounds(const size_t offset);
+
+	size_t m_parsedOffset;
+	size_t m_parsedLength;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_COMPONENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/constants.cpp b/vmime-master/src/vmime/constants.cpp
new file mode 100644
index 0000000..445c012
--- /dev/null
+++ b/vmime-master/src/vmime/constants.cpp
@@ -0,0 +1,251 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/constants.hpp"
+
+
+namespace vmime {
+
+
+// Media Types
+namespace mediaTypes {
+
+	// Types
+	const char* const TEXT = "text";
+	const char* const MULTIPART = "multipart";
+	const char* const MESSAGE = "message";
+	const char* const APPLICATION = "application";
+	const char* const IMAGE = "image";
+	const char* const AUDIO = "audio";
+	const char* const VIDEO = "video";
+
+	// Sub-types
+	const char* const TEXT_PLAIN = "plain";
+	const char* const TEXT_HTML = "html";
+	const char* const TEXT_RICHTEXT = "richtext";
+	const char* const TEXT_ENRICHED = "enriched";
+	const char* const TEXT_RFC822_HEADERS = "rfc822-headers";  // RFC-1892
+	const char* const TEXT_DIRECTORY = "directory";  // RFC-2426
+
+	const char* const MULTIPART_MIXED = "mixed";
+	const char* const MULTIPART_RELATED = "related";
+	const char* const MULTIPART_ALTERNATIVE = "alternative";
+	const char* const MULTIPART_PARALLEL = "parallel";
+	const char* const MULTIPART_DIGEST = "digest";
+	const char* const MULTIPART_REPORT = "report";  // RFC-1892
+
+	const char* const MESSAGE_RFC822 = "rfc822";
+	const char* const MESSAGE_PARTIAL = "partial";
+	const char* const MESSAGE_EXTERNAL_BODY = "external-body";
+	const char* const MESSAGE_DISPOSITION_NOTIFICATION = "disposition-notification";
+	const char* const MESSAGE_DELIVERY_STATUS = "delivery-status";
+
+	const char* const APPLICATION_OCTET_STREAM = "octet-stream";
+
+	const char* const IMAGE_JPEG = "jpeg";
+	const char* const IMAGE_GIF = "gif";
+
+	const char* const AUDIO_BASIC = "basic";
+
+	const char* const VIDEO_MPEG = "mpeg";
+}
+
+
+// Encoding types
+namespace encodingTypes {
+
+	const char* const SEVEN_BIT = "7bit";
+	const char* const EIGHT_BIT = "8bit";
+	const char* const BASE64 = "base64";
+	const char* const QUOTED_PRINTABLE = "quoted-printable";
+	const char* const BINARY = "binary";
+	const char* const UUENCODE = "uuencode";
+}
+
+
+// Content disposition types
+namespace contentDispositionTypes {
+
+	const char* const INLINE = "inline";
+	const char* const ATTACHMENT = "attachment";
+}
+
+
+// Charsets
+namespace charsets {
+
+	const char* const ISO8859_1 = "iso-8859-1";
+	const char* const ISO8859_2 = "iso-8859-2";
+	const char* const ISO8859_3 = "iso-8859-3";
+	const char* const ISO8859_4 = "iso-8859-4";
+	const char* const ISO8859_5 = "iso-8859-5";
+	const char* const ISO8859_6 = "iso-8859-6";
+	const char* const ISO8859_7 = "iso-8859-7";
+	const char* const ISO8859_8 = "iso-8859-8";
+	const char* const ISO8859_9 = "iso-8859-9";
+	const char* const ISO8859_10 = "iso-8859-10";
+	const char* const ISO8859_13 = "iso-8859-13";
+	const char* const ISO8859_14 = "iso-8859-14";
+	const char* const ISO8859_15 = "iso-8859-15";
+	const char* const ISO8859_16 = "iso-8859-16";
+
+	const char* const CP_437 = "cp437";
+	const char* const CP_737 = "cp737";
+	const char* const CP_775 = "cp775";
+	const char* const CP_850 = "cp850";
+	const char* const CP_852 = "cp852";
+	const char* const CP_853 = "cp853";
+	const char* const CP_855 = "cp855";
+	const char* const CP_857 = "cp857";
+	const char* const CP_858 = "cp858";
+	const char* const CP_860 = "cp860";
+	const char* const CP_861 = "cp861";
+	const char* const CP_862 = "cp862";
+	const char* const CP_863 = "cp863";
+	const char* const CP_864 = "cp864";
+	const char* const CP_865 = "cp865";
+	const char* const CP_866 = "cp866";
+	const char* const CP_869 = "cp869";
+	const char* const CP_874 = "cp874";
+	const char* const CP_1125 = "cp1125";
+	const char* const CP_1250 = "cp1250";
+	const char* const CP_1251 = "cp1251";
+	const char* const CP_1252 = "cp1252";
+	const char* const CP_1253 = "cp1253";
+	const char* const CP_1254 = "cp1254";
+	const char* const CP_1255 = "cp1255";
+	const char* const CP_1256 = "cp1256";
+	const char* const CP_1257 = "cp1257";
+
+	const char* const US_ASCII = "us-ascii";
+
+	const char* const UTF_7 = "utf-7";
+	const char* const UTF_8 = "utf-8";
+	const char* const UTF_16 = "utf-16";
+	const char* const UTF_32 = "utf-32";
+
+	const char* const WINDOWS_1250 = "windows-1250";
+	const char* const WINDOWS_1251 = "windows-1251";
+	const char* const WINDOWS_1252 = "windows-1252";
+	const char* const WINDOWS_1253 = "windows-1253";
+	const char* const WINDOWS_1254 = "windows-1254";
+	const char* const WINDOWS_1255 = "windows-1255";
+	const char* const WINDOWS_1256 = "windows-1256";
+	const char* const WINDOWS_1257 = "windows-1257";
+	const char* const WINDOWS_1258 = "windows-1258";
+
+	const char* const IDNA = "idna";
+}
+
+
+// Fields
+namespace fields {
+
+	const char* const RECEIVED = "Received";
+	const char* const FROM = "From";
+	const char* const SENDER = "Sender";
+	const char* const REPLY_TO = "Reply-To";
+	const char* const TO = "To";
+	const char* const CC = "Cc";
+	const char* const BCC = "Bcc";
+	const char* const DATE = "Date";
+	const char* const SUBJECT = "Subject";
+	const char* const ORGANIZATION = "Organization";
+	const char* const USER_AGENT = "User-Agent";
+	const char* const DELIVERED_TO = "Delivered-To";
+	const char* const RETURN_PATH = "Return-Path";
+	const char* const MIME_VERSION = "Mime-Version";
+	const char* const MESSAGE_ID = "Message-Id";
+	const char* const CONTENT_TYPE = "Content-Type";
+	const char* const CONTENT_TRANSFER_ENCODING = "Content-Transfer-Encoding";
+	const char* const CONTENT_DESCRIPTION = "Content-Description";
+	const char* const CONTENT_DISPOSITION = "Content-Disposition";
+	const char* const CONTENT_ID = "Content-Id";
+	const char* const CONTENT_LOCATION = "Content-Location";
+	const char* const IN_REPLY_TO = "In-Reply-To";
+	const char* const REFERENCES = "References";
+
+	const char* const X_MAILER = "X-Mailer";
+	const char* const X_PRIORITY = "X-Priority";
+
+	// RFC-3798: Message Disposition
+	const char* const ORIGINAL_MESSAGE_ID = "Original-Message-ID";
+	const char* const DISPOSITION_NOTIFICATION_TO = "Disposition-Notification-To";
+	const char* const DISPOSITION_NOTIFICATION_OPTIONS = "Disposition-Notification-Options";
+	const char* const DISPOSITION = "Disposition";
+	const char* const FAILURE = "Failure";
+	const char* const ERROR = "Error";
+	const char* const WARNING = "Warning";
+	const char* const ORIGINAL_RECIPIENT = "Original-Recipient";
+	const char* const FINAL_RECIPIENT = "Final-Recipient";
+	const char* const REPORTING_UA = "Reporting-UA";
+	const char* const MDN_GATEWAY = "MDN-Gateway";
+}
+
+
+// Constants for disposition action modes (RFC-3978).
+namespace dispositionActionModes {
+
+	const char* const MANUAL = "manual";
+	const char* const AUTOMATIC = "automatic";
+}
+
+
+// Constants for disposition sending modes (RFC-3798).
+namespace dispositionSendingModes {
+
+	const char* const SENT_MANUALLY = "MDN-sent-manually";
+	const char* const SENT_AUTOMATICALLY ="MDN-sent-automatically";
+}
+
+
+// Constants for disposition types (RFC-3798).
+namespace dispositionTypes {
+
+	const char* const DISPLAYED = "displayed";
+	const char* const DELETED = "deleted";
+}
+
+
+// Constants for disposition modifiers (RFC-3798).
+namespace dispositionModifiers {
+
+	const char* const ERROR = "error";
+}
+
+// Constants for DSN (delivery status notification)
+namespace dsn {
+
+	const char* const NOTIFY = "NOTIFY";
+	const char* const NEVER = "NEVER";
+	const char* const SUCCESS = "SUCCESS";
+	const char* const FAILURE = "FAILURE";
+	const char* const DELAY = "DELAY";
+	const char* const ORCPT = "ORCPT";
+	const char* const RET = "RET";
+	const char* const FULL = "FULL";
+	const char* const HDRS = "HDRS";
+	const char* const ENVID = "ENVID";
+}
+
+} // vmime
diff --git a/vmime-master/src/vmime/constants.hpp b/vmime-master/src/vmime/constants.hpp
new file mode 100644
index 0000000..9d25383
--- /dev/null
+++ b/vmime-master/src/vmime/constants.hpp
@@ -0,0 +1,272 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free SOFTWARE; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software FOUNDATION; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// along with this PROGRAM; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONSTANTS_HPP_INCLUDED
+#define VMIME_CONSTANTS_HPP_INCLUDED
+
+
+#include <string>
+
+#include "vmime/types.hpp"
+
+
+// Remove Windows defines of ERROR and WARNING
+#ifdef _WIN32
+	#undef ERROR
+	#undef WARNING
+#endif
+
+
+namespace vmime {
+
+	/** Constants for media types. */
+	namespace mediaTypes {
+
+		// Types
+		extern VMIME_EXPORT const char* const TEXT;
+		extern VMIME_EXPORT const char* const MULTIPART;
+		extern VMIME_EXPORT const char* const MESSAGE;
+		extern VMIME_EXPORT const char* const APPLICATION;
+		extern VMIME_EXPORT const char* const IMAGE;
+		extern VMIME_EXPORT const char* const AUDIO;
+		extern VMIME_EXPORT const char* const VIDEO;
+
+		// Sub-types
+		extern VMIME_EXPORT const char* const TEXT_PLAIN;
+		extern VMIME_EXPORT const char* const TEXT_HTML;
+		extern VMIME_EXPORT const char* const TEXT_RICHTEXT;
+		extern VMIME_EXPORT const char* const TEXT_ENRICHED;
+		extern VMIME_EXPORT const char* const TEXT_RFC822_HEADERS;  // RFC-1892
+		extern VMIME_EXPORT const char* const TEXT_DIRECTORY;  // RFC-2426
+
+		extern VMIME_EXPORT const char* const MULTIPART_MIXED;
+		extern VMIME_EXPORT const char* const MULTIPART_RELATED;
+		extern VMIME_EXPORT const char* const MULTIPART_ALTERNATIVE;
+		extern VMIME_EXPORT const char* const MULTIPART_PARALLEL;
+		extern VMIME_EXPORT const char* const MULTIPART_DIGEST;
+		extern VMIME_EXPORT const char* const MULTIPART_REPORT;  // RFC-1892
+
+		extern VMIME_EXPORT const char* const MESSAGE_RFC822;
+		extern VMIME_EXPORT const char* const MESSAGE_PARTIAL;
+		extern VMIME_EXPORT const char* const MESSAGE_EXTERNAL_BODY;
+		extern VMIME_EXPORT const char* const MESSAGE_DISPOSITION_NOTIFICATION;
+		extern VMIME_EXPORT const char* const MESSAGE_DELIVERY_STATUS;
+
+		extern VMIME_EXPORT const char* const APPLICATION_OCTET_STREAM;
+
+		extern VMIME_EXPORT const char* const IMAGE_JPEG;
+		extern VMIME_EXPORT const char* const IMAGE_GIF;
+
+		extern VMIME_EXPORT const char* const AUDIO_BASIC;
+
+		extern VMIME_EXPORT const char* const VIDEO_MPEG;
+	}
+
+
+	/** Constants for encoding types. */
+	namespace encodingTypes {
+
+		extern VMIME_EXPORT const char* const SEVEN_BIT;
+		extern VMIME_EXPORT const char* const EIGHT_BIT;
+		extern VMIME_EXPORT const char* const BASE64;
+		extern VMIME_EXPORT const char* const QUOTED_PRINTABLE;
+		extern VMIME_EXPORT const char* const BINARY;
+		extern VMIME_EXPORT const char* const UUENCODE;
+	}
+
+
+	/** Constants for content disposition types (RFC-2183). */
+	namespace contentDispositionTypes {
+
+		extern VMIME_EXPORT const char* const INLINE;
+		extern VMIME_EXPORT const char* const ATTACHMENT;
+	}
+
+
+	/** Constants for charsets. */
+	namespace charsets {
+
+		extern VMIME_EXPORT const char* const ISO8859_1;
+		extern VMIME_EXPORT const char* const ISO8859_2;
+		extern VMIME_EXPORT const char* const ISO8859_3;
+		extern VMIME_EXPORT const char* const ISO8859_4;
+		extern VMIME_EXPORT const char* const ISO8859_5;
+		extern VMIME_EXPORT const char* const ISO8859_6;
+		extern VMIME_EXPORT const char* const ISO8859_7;
+		extern VMIME_EXPORT const char* const ISO8859_8;
+		extern VMIME_EXPORT const char* const ISO8859_9;
+		extern VMIME_EXPORT const char* const ISO8859_10;
+		extern VMIME_EXPORT const char* const ISO8859_13;
+		extern VMIME_EXPORT const char* const ISO8859_14;
+		extern VMIME_EXPORT const char* const ISO8859_15;
+		extern VMIME_EXPORT const char* const ISO8859_16;
+
+		extern VMIME_EXPORT const char* const CP_437;
+		extern VMIME_EXPORT const char* const CP_737;
+		extern VMIME_EXPORT const char* const CP_775;
+		extern VMIME_EXPORT const char* const CP_850;
+		extern VMIME_EXPORT const char* const CP_852;
+		extern VMIME_EXPORT const char* const CP_853;
+		extern VMIME_EXPORT const char* const CP_855;
+		extern VMIME_EXPORT const char* const CP_857;
+		extern VMIME_EXPORT const char* const CP_858;
+		extern VMIME_EXPORT const char* const CP_860;
+		extern VMIME_EXPORT const char* const CP_861;
+		extern VMIME_EXPORT const char* const CP_862;
+		extern VMIME_EXPORT const char* const CP_863;
+		extern VMIME_EXPORT const char* const CP_864;
+		extern VMIME_EXPORT const char* const CP_865;
+		extern VMIME_EXPORT const char* const CP_866;
+		extern VMIME_EXPORT const char* const CP_869;
+		extern VMIME_EXPORT const char* const CP_874;
+		extern VMIME_EXPORT const char* const CP_1125;
+		extern VMIME_EXPORT const char* const CP_1250;
+		extern VMIME_EXPORT const char* const CP_1251;
+		extern VMIME_EXPORT const char* const CP_1252;
+		extern VMIME_EXPORT const char* const CP_1253;
+		extern VMIME_EXPORT const char* const CP_1254;
+		extern VMIME_EXPORT const char* const CP_1255;
+		extern VMIME_EXPORT const char* const CP_1256;
+		extern VMIME_EXPORT const char* const CP_1257;
+
+		extern VMIME_EXPORT const char* const US_ASCII;
+
+		extern VMIME_EXPORT const char* const UTF_7;
+		extern VMIME_EXPORT const char* const UTF_8;
+		extern VMIME_EXPORT const char* const UTF_16;
+		extern VMIME_EXPORT const char* const UTF_32;
+
+		extern VMIME_EXPORT const char* const WINDOWS_1250;
+		extern VMIME_EXPORT const char* const WINDOWS_1251;
+		extern VMIME_EXPORT const char* const WINDOWS_1252;
+		extern VMIME_EXPORT const char* const WINDOWS_1253;
+		extern VMIME_EXPORT const char* const WINDOWS_1254;
+		extern VMIME_EXPORT const char* const WINDOWS_1255;
+		extern VMIME_EXPORT const char* const WINDOWS_1256;
+		extern VMIME_EXPORT const char* const WINDOWS_1257;
+		extern VMIME_EXPORT const char* const WINDOWS_1258;
+
+		extern VMIME_EXPORT const char* const IDNA;
+	}
+
+	/** Constants for standard field names. */
+	namespace fields {
+
+		extern VMIME_EXPORT const char* const RECEIVED;
+		extern VMIME_EXPORT const char* const FROM;
+		extern VMIME_EXPORT const char* const SENDER;
+		extern VMIME_EXPORT const char* const REPLY_TO;
+		extern VMIME_EXPORT const char* const TO;
+		extern VMIME_EXPORT const char* const CC;
+		extern VMIME_EXPORT const char* const BCC;
+		extern VMIME_EXPORT const char* const DATE;
+		extern VMIME_EXPORT const char* const SUBJECT;
+		extern VMIME_EXPORT const char* const ORGANIZATION;
+		extern VMIME_EXPORT const char* const USER_AGENT;
+		extern VMIME_EXPORT const char* const DELIVERED_TO;
+		extern VMIME_EXPORT const char* const RETURN_PATH;
+		extern VMIME_EXPORT const char* const MIME_VERSION;
+		extern VMIME_EXPORT const char* const MESSAGE_ID;
+		extern VMIME_EXPORT const char* const CONTENT_TYPE;
+		extern VMIME_EXPORT const char* const CONTENT_TRANSFER_ENCODING;
+		extern VMIME_EXPORT const char* const CONTENT_DESCRIPTION;
+		extern VMIME_EXPORT const char* const CONTENT_DISPOSITION;
+		extern VMIME_EXPORT const char* const CONTENT_ID;
+		extern VMIME_EXPORT const char* const CONTENT_LOCATION;
+		extern VMIME_EXPORT const char* const IN_REPLY_TO;
+		extern VMIME_EXPORT const char* const REFERENCES;
+
+		extern VMIME_EXPORT const char* const X_MAILER;
+		extern VMIME_EXPORT const char* const X_PRIORITY;
+
+		// RFC-3798: Message Disposition Notification
+		extern VMIME_EXPORT const char* const ORIGINAL_MESSAGE_ID;
+		extern VMIME_EXPORT const char* const DISPOSITION_NOTIFICATION_TO;
+		extern VMIME_EXPORT const char* const DISPOSITION_NOTIFICATION_OPTIONS;
+		extern VMIME_EXPORT const char* const DISPOSITION;
+		extern VMIME_EXPORT const char* const FAILURE;
+		extern VMIME_EXPORT const char* const ERROR;
+		extern VMIME_EXPORT const char* const WARNING;
+		extern VMIME_EXPORT const char* const ORIGINAL_RECIPIENT;
+		extern VMIME_EXPORT const char* const FINAL_RECIPIENT;
+		extern VMIME_EXPORT const char* const REPORTING_UA;
+		extern VMIME_EXPORT const char* const MDN_GATEWAY;
+	}
+
+	/** Constants for disposition action modes (RFC-3978). */
+	namespace dispositionActionModes {
+
+		/** User implicitely displayed or deleted the message (filter or
+		  * any other automatic action). */
+		extern VMIME_EXPORT const char* const AUTOMATIC;
+
+		/** User explicitely displayed or deleted the message (manual action). */
+		extern VMIME_EXPORT const char* const MANUAL;
+	}
+
+	/** Constants for disposition sending modes (RFC-3798). */
+	namespace dispositionSendingModes {
+
+		/** The MDN was sent because the MUA had previously been configured
+		  * to do so automatically. */
+		extern VMIME_EXPORT const char* const SENT_AUTOMATICALLY;
+
+		/** User explicitly gave permission for this particular MDN to be sent. */
+		extern VMIME_EXPORT const char* const SENT_MANUALLY;
+	}
+
+	/** Constants for disposition types (RFC-3798). */
+	namespace dispositionTypes {
+
+		/** Message has been displayed to the user. */
+		extern VMIME_EXPORT const char* const DISPLAYED;
+		/** Message has been deleted without being displayed. */
+		extern VMIME_EXPORT const char* const DELETED;
+		/** Message has been denied. */
+		extern VMIME_EXPORT const char* const DENIED;
+	}
+
+	/** Constants for disposition modifiers (RFC-3798). */
+	namespace dispositionModifiers {
+
+		extern VMIME_EXPORT const char* const ERROR;
+	}
+
+	/** Constants for DSN (delivery status notification) */
+	namespace dsn {
+
+		extern VMIME_EXPORT const char* const NOTIFY;
+		extern VMIME_EXPORT const char* const NEVER;
+		extern VMIME_EXPORT const char* const SUCCESS;
+		extern VMIME_EXPORT const char* const FAILURE;
+		extern VMIME_EXPORT const char* const DELAY;
+		extern VMIME_EXPORT const char* const ORCPT;
+		extern VMIME_EXPORT const char* const RET;
+		extern VMIME_EXPORT const char* const FULL;
+		extern VMIME_EXPORT const char* const HDRS;
+		extern VMIME_EXPORT const char* const ENVID;
+	}
+}
+
+
+#endif // VMIME_CONSTANTS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/contentDisposition.cpp b/vmime-master/src/vmime/contentDisposition.cpp
new file mode 100644
index 0000000..1602273
--- /dev/null
+++ b/vmime-master/src/vmime/contentDisposition.cpp
@@ -0,0 +1,144 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/contentDisposition.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+
+
+contentDisposition::contentDisposition()
+	: m_name(contentDispositionTypes::INLINE) {
+
+}
+
+
+contentDisposition::contentDisposition(const string& name)
+	: m_name(utility::stringUtils::toLower(name)) {
+
+}
+
+
+contentDisposition::contentDisposition(const contentDisposition& type)
+	: headerFieldValue(), m_name(type.m_name) {
+
+}
+
+
+void contentDisposition::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_name = utility::stringUtils::trim(
+		utility::stringUtils::toLower(
+			string(buffer.begin() + position, buffer.begin() + end)
+		)
+	);
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void contentDisposition::generateImpl(
+	const generationContext& /* ctx */,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	os << m_name;
+
+	if (newLinePos) {
+		*newLinePos = curLinePos + m_name.length();
+	}
+}
+
+
+contentDisposition& contentDisposition::operator=(const string& name) {
+
+	m_name = utility::stringUtils::toLower(name);
+	return *this;
+}
+
+
+bool contentDisposition::operator==(const contentDisposition& value) const {
+
+	return utility::stringUtils::toLower(m_name) == value.m_name;
+}
+
+
+bool contentDisposition::operator!=(const contentDisposition& value) const {
+
+	return !(*this == value);
+}
+
+
+shared_ptr <component> contentDisposition::clone() const {
+
+	return make_shared <contentDisposition>(*this);
+}
+
+
+void contentDisposition::copyFrom(const component& other) {
+
+	const contentDisposition& d = dynamic_cast <const contentDisposition&>(other);
+
+	m_name = d.m_name;
+}
+
+
+contentDisposition& contentDisposition::operator=(const contentDisposition& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const string& contentDisposition::getName() const {
+
+	return m_name;
+}
+
+
+void contentDisposition::setName(const string& name) {
+
+	m_name = name;
+}
+
+
+const std::vector <shared_ptr <component> > contentDisposition::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/contentDisposition.hpp b/vmime-master/src/vmime/contentDisposition.hpp
new file mode 100644
index 0000000..636c0fb
--- /dev/null
+++ b/vmime-master/src/vmime/contentDisposition.hpp
@@ -0,0 +1,99 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONTENTDISPOSITION_HPP_INCLUDED
+#define VMIME_CONTENTDISPOSITION_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** Content disposition (basic type).
+  */
+class VMIME_EXPORT contentDisposition : public headerFieldValue {
+
+public:
+
+	contentDisposition();
+	contentDisposition(const string& name);
+	contentDisposition(const contentDisposition& disp);
+
+
+	/** Return the content disposition type.
+	  * See the constants in vmime::dispositionTypes.
+	  *
+	  * @return name of the disposition type (eg. "inline")
+	  */
+	const string& getName() const;
+
+	/** Set the content disposition type.
+	  * See the constants in vmime::dispositionTypes.
+	  *
+	  * @param name name of the disposition type
+	  */
+	void setName(const string& name);
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	contentDisposition& operator=(const contentDisposition& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+
+	contentDisposition& operator=(const string& name);
+
+	bool operator==(const contentDisposition& value) const;
+	bool operator!=(const contentDisposition& value) const;
+
+private:
+
+	string m_name;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CONTENTDISPOSITION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/contentDispositionField.cpp b/vmime-master/src/vmime/contentDispositionField.cpp
new file mode 100644
index 0000000..7e50680
--- /dev/null
+++ b/vmime-master/src/vmime/contentDispositionField.cpp
@@ -0,0 +1,162 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/contentDispositionField.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+contentDispositionField::contentDispositionField() {
+
+}
+
+
+contentDispositionField::contentDispositionField(contentDispositionField&)
+	: parameterizedHeaderField() {
+
+}
+
+
+bool contentDispositionField::hasCreationDate() const {
+
+	return hasParameter("creation-date");
+}
+
+
+const datetime contentDispositionField::getCreationDate() const {
+
+	shared_ptr <parameter> param = findParameter("creation-date");
+
+	if (param) {
+		return param->getValueAs <datetime>();
+	} else {
+		return datetime::now();
+	}
+}
+
+
+void contentDispositionField::setCreationDate(const datetime& creationDate) {
+
+	getParameter("creation-date")->setValue(creationDate);
+}
+
+
+bool contentDispositionField::hasModificationDate() const {
+
+	return hasParameter("modification-date");
+}
+
+
+const datetime contentDispositionField::getModificationDate() const {
+
+	shared_ptr <parameter> param = findParameter("modification-date");
+
+	if (param) {
+		return param->getValueAs <datetime>();
+	} else {
+		return datetime::now();
+	}
+}
+
+
+void contentDispositionField::setModificationDate(const datetime& modificationDate) {
+
+	getParameter("modification-date")->setValue(modificationDate);
+}
+
+
+bool contentDispositionField::hasReadDate() const {
+
+	return hasParameter("read-date");
+}
+
+
+const datetime contentDispositionField::getReadDate() const {
+
+	shared_ptr <parameter> param = findParameter("read-date");
+
+	if (param) {
+		return param->getValueAs <datetime>();
+	} else {
+		return datetime::now();
+	}
+}
+
+
+void contentDispositionField::setReadDate(const datetime& readDate) {
+
+	getParameter("read-date")->setValue(readDate);
+}
+
+
+bool contentDispositionField::hasFilename() const {
+
+	return hasParameter("filename");
+}
+
+
+const word contentDispositionField::getFilename() const {
+
+	shared_ptr <parameter> param = findParameter("filename");
+
+	if (param) {
+		return param->getValue();
+	} else {
+		return word();
+	}
+}
+
+
+void contentDispositionField::setFilename(const word& filename) {
+
+	getParameter("filename")->setValue(filename);
+}
+
+
+bool contentDispositionField::hasSize() const {
+
+	return hasParameter("size");
+}
+
+
+const string contentDispositionField::getSize() const {
+
+	shared_ptr <parameter> param = findParameter("size");
+
+	if (param) {
+		return param->getValue().getBuffer();
+	} else {
+		return "";
+	}
+}
+
+
+void contentDispositionField::setSize(const string& size) {
+
+	getParameter("size")->setValue(word(size, vmime::charsets::US_ASCII));
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/contentDispositionField.hpp b/vmime-master/src/vmime/contentDispositionField.hpp
new file mode 100644
index 0000000..89eb907
--- /dev/null
+++ b/vmime-master/src/vmime/contentDispositionField.hpp
@@ -0,0 +1,146 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONTENTDISPOSITIONFIELD_HPP_INCLUDED
+#define VMIME_CONTENTDISPOSITIONFIELD_HPP_INCLUDED
+
+
+#include "vmime/parameterizedHeaderField.hpp"
+
+#include "vmime/contentDisposition.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/word.hpp"
+
+
+namespace vmime {
+
+
+/** Describes presentation information, as per RFC-2183.
+  */
+class VMIME_EXPORT contentDispositionField : public parameterizedHeaderField {
+
+	friend class headerFieldFactory;
+
+protected:
+
+	contentDispositionField();
+	contentDispositionField(contentDispositionField&);
+
+public:
+
+	/** Test whether the "creation-date" parameter is set.
+	  *
+	  * @return true if the "creation-date" parameter is set, or false otherwise
+	  */
+	bool hasCreationDate() const;
+
+	/** Return the value of the "creation-date" parameter.
+	  *
+	  * @return value of the "creation-date" parameter
+	  */
+	const datetime getCreationDate() const;
+
+	/** Set the value of the "creation-date" parameter.
+	  *
+	  * @param creationDate new value for the "creation-date" parameter
+	  */
+	void setCreationDate(const datetime& creationDate);
+
+	/** Test whether the "modification-date" parameter is set.
+	  *
+	  * @return true if the "modification-date" parameter is set, or false otherwise
+	  */
+	bool hasModificationDate() const;
+
+	/** Return the value of the "modification-date" parameter.
+	  *
+	  * @return value of the "modification-date" parameter
+	  */
+	const datetime getModificationDate() const;
+
+	/** Set the value of the "modification-date" parameter.
+	  *
+	  * @param modificationDate new value for the "modification-date" parameter
+	  */
+	void setModificationDate(const datetime& modificationDate);
+
+	/** Test whether the "read-date" parameter is set.
+	  *
+	  * @return true if the "read-date" parameter is set, or false otherwise
+	  */
+	bool hasReadDate() const;
+
+	/** Return the value of the "read-date" parameter.
+	  *
+	  * @return value of the "read-date" parameter
+	  */
+	const datetime getReadDate() const;
+
+	/** Set the value of the "read-date" parameter.
+	  *
+	  * @param readDate new value for the "read-date" parameter
+	  */
+	void setReadDate(const datetime& readDate);
+
+	/** Test whether the "filename" parameter is set.
+	  *
+	  * @return true if the "filename" parameter is set, or false otherwise
+	  */
+	bool hasFilename() const;
+
+	/** Return the value of the "filename" parameter.
+	  *
+	  * @return value of the "filename" parameter
+	  */
+	const word getFilename() const;
+
+	/** Set the value of the "filename" parameter.
+	  *
+	  * @param filename new value for the "filename" parameter
+	  */
+	void setFilename(const word& filename);
+
+	/** Test whether the "size" parameter is set.
+	  *
+	  * @return true if the "size" parameter is set, or false otherwise
+	  */
+	bool hasSize() const;
+
+	/** Return the value of the "size" parameter.
+	  *
+	  * @return value of the "size" parameter
+	  */
+	const string getSize() const;
+
+	/** Set the value of the "size" parameter.
+	  *
+	  * @param size new value for the "size" parameter
+	  */
+	void setSize(const string& size);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CONTENTDISPOSITIONFIELD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/contentHandler.cpp b/vmime-master/src/vmime/contentHandler.cpp
new file mode 100644
index 0000000..0a0e6ad
--- /dev/null
+++ b/vmime-master/src/vmime/contentHandler.cpp
@@ -0,0 +1,39 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+// No encoding = "binary" encoding
+const encoding contentHandler::NO_ENCODING(encodingTypes::BINARY);
+
+
+contentHandler::~contentHandler() {
+
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/contentHandler.hpp b/vmime-master/src/vmime/contentHandler.hpp
new file mode 100644
index 0000000..2d344ee
--- /dev/null
+++ b/vmime-master/src/vmime/contentHandler.hpp
@@ -0,0 +1,147 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONTENTHANDLER_HPP_INCLUDED
+#define VMIME_CONTENTHANDLER_HPP_INCLUDED
+
+
+#include <limits>
+
+#include "vmime/base.hpp"
+#include "vmime/utility/progressListener.hpp"
+#include "vmime/encoding.hpp"
+#include "vmime/mediaType.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT contentHandler : public object {
+
+public:
+
+	/** Used to specify that enclosed data is not encoded. */
+	static const vmime::encoding NO_ENCODING;
+
+
+	virtual ~contentHandler();
+
+	/** Return a copy of this object.
+	  *
+	  * @return copy of this object
+	  */
+	virtual shared_ptr <contentHandler> clone() const = 0;
+
+	/** Output the contents into the specified stream. Data will be
+	  * encoded before being written into the stream. This is used internally
+	  * by the body object to generate the message, you may not need to use
+	  * this (see contentHandler::extract() if you want to get the contents).
+	  *
+	  * @param os output stream
+	  * @param enc encoding for output
+	  * @param maxLineLength maximum line length for output
+	  */
+	virtual void generate(
+		utility::outputStream& os,
+		const vmime::encoding& enc,
+		const size_t maxLineLength = lineLengthLimits::infinite
+	) const = 0;
+
+	/** Extract the contents into the specified stream. If needed, data
+	  * will be decoded before being written into the stream.
+	  *
+	  * @throw exceptions::no_encoder_available if the encoding is
+	  * not supported
+	  * @param os output stream
+	  * @param progress progress listener, or NULL if you do not
+	  * want to receive progress notifications
+	  */
+	virtual void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL
+	) const = 0;
+
+	/** Extract the contents into the specified stream, without
+	  * decoding it. It may be useful in case the encoding is not
+	  * supported and you want to extract raw data.
+	  *
+	  * @param os output stream
+	  * @param progress progress listener, or NULL if you do not
+	  * want to receive progress notifications
+	  */
+	virtual void extractRaw(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL
+	) const = 0;
+
+	/** Returns the actual length of data. WARNING: this can return 0 if no
+	  * length was specified when setting data of this object, or if the
+	  * length is not known).
+	  *
+	  * @return length of data
+	  */
+	virtual size_t getLength() const = 0;
+
+	/** Returns 'true' if data managed by this object is encoded.
+	  *
+	  * @return true if data is encoded, false otherwise
+	  */
+	virtual bool isEncoded() const = 0;
+
+	/** Returns the encoding used for data (or "binary" if not encoded).
+	  *
+	  * @return encoding used for data
+	  */
+	virtual const vmime::encoding& getEncoding() const = 0;
+
+	/** Returns 'true' if there is no data set.
+	  *
+	  * @return true if no data is managed by this object, false otherwise
+	  */
+	virtual bool isEmpty() const = 0;
+
+	/** Indicates whether the extract() method can be called multiple times.
+	  *
+	  * @return true if the data can be extracted multiple times, or false
+	  * if not (ie. streamed data from socket)
+	  */
+	virtual bool isBuffered() const = 0;
+
+	/** Gives a hint about the kind of data managed by this object.
+	  *
+	  * @param type content media type
+	  */
+	virtual void setContentTypeHint(const mediaType& type) = 0;
+
+	/** Returns a hint about the kind of data managed by this object.
+	  *
+	  * @return type content media type
+	  */
+	virtual const mediaType getContentTypeHint() const = 0;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CONTENTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/contentTypeField.cpp b/vmime-master/src/vmime/contentTypeField.cpp
new file mode 100644
index 0000000..ec4971d
--- /dev/null
+++ b/vmime-master/src/vmime/contentTypeField.cpp
@@ -0,0 +1,114 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/contentTypeField.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+contentTypeField::contentTypeField() {
+
+}
+
+
+contentTypeField::contentTypeField(contentTypeField&)
+	: parameterizedHeaderField() {
+
+}
+
+
+bool contentTypeField::hasBoundary() const {
+
+	return hasParameter("boundary");
+}
+
+
+const string contentTypeField::getBoundary() const {
+
+	shared_ptr <parameter> param = findParameter("boundary");
+
+	if (param) {
+		return param->getValue().getBuffer();
+	} else {
+		return "";
+	}
+}
+
+
+void contentTypeField::setBoundary(const string& boundary) {
+
+	getParameter("boundary")->setValue(word(boundary, vmime::charsets::US_ASCII));
+}
+
+
+bool contentTypeField::hasCharset() const {
+
+	return hasParameter("charset");
+}
+
+
+const charset contentTypeField::getCharset() const {
+
+	shared_ptr <parameter> param = findParameter("charset");
+
+	if (param) {
+		return param->getValueAs <charset>();
+	} else {
+		return charset();
+	}
+}
+
+
+void contentTypeField::setCharset(const charset& ch) {
+
+	getParameter("charset")->setValue(ch);
+}
+
+
+bool contentTypeField::hasReportType() const {
+
+	return hasParameter("report-type");
+}
+
+
+const string contentTypeField::getReportType() const {
+
+	shared_ptr <parameter> param = findParameter("report-type");
+
+	if (param) {
+		return param->getValue().getBuffer();
+	} else {
+		return "";
+	}
+}
+
+
+void contentTypeField::setReportType(const string& reportType) {
+
+	getParameter("report-type")->setValue(word(reportType, vmime::charsets::US_ASCII));
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/contentTypeField.hpp b/vmime-master/src/vmime/contentTypeField.hpp
new file mode 100644
index 0000000..a63e7da
--- /dev/null
+++ b/vmime-master/src/vmime/contentTypeField.hpp
@@ -0,0 +1,113 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONTENTTYPEFIELD_HPP_INCLUDED
+#define VMIME_CONTENTTYPEFIELD_HPP_INCLUDED
+
+
+#include "vmime/parameterizedHeaderField.hpp"
+
+#include "vmime/mediaType.hpp"
+#include "vmime/charset.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT contentTypeField : public parameterizedHeaderField {
+
+	friend class headerFieldFactory;
+
+protected:
+
+	contentTypeField();
+	contentTypeField(contentTypeField&);
+
+public:
+
+	/** Test whether the "boundary" parameter is set.
+	  *
+	  * @return true if the "boundary" parameter is set, or false otherwise
+	  */
+	bool hasBoundary() const;
+
+	/** Return the value of the "boundary" parameter. Boundary is a
+	  * random string used to separate body parts.
+	  *
+	  * @return value of the "boundary" parameter
+	  */
+	const string getBoundary() const;
+
+	/** Set the value of the "boundary" parameter. Boundary is a
+	  * random string used to separate body parts. Normally, the
+	  * boundary is generated automatically by VMime, you should
+	  * not need to call this.
+	  *
+	  * @param boundary new value for the "boundary" parameter
+	  */
+	void setBoundary(const string& boundary);
+
+	/** Test whether the "charset" parameter is set.
+	  *
+	  * @return true if the "charset" parameter is set, or false otherwise
+	  */
+	bool hasCharset() const;
+
+	/** Return the value of the "charset" parameter. It specifies the
+	  * charset used in the body part contents.
+	  *
+	  * @return value of the "charset" parameter
+	  */
+	const charset getCharset() const;
+
+	/** Set the value of the "charset" parameter. It specifies the
+	  * charset used in the body part contents.
+	  *
+	  * @param ch new value for the "charset" parameter
+	  */
+	void setCharset(const charset& ch);
+
+	/** Test whether the "report-type" parameter is set.
+	  *
+	  * @return true if the "report-type" parameter is set, or false otherwise
+	  */
+	bool hasReportType() const;
+
+	/** Return the value of the "report-type" parameter (RFC-1892).
+	  *
+	  * @return value of the "report-type" parameter
+	  */
+	const string getReportType() const;
+
+	/** Set the value of the "report-type" parameter (RFC-1892).
+	  *
+	  * @param reportType new value for the "report-type" parameter
+	  */
+	void setReportType(const string& reportType);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CONTENTTYPEFIELD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/context.cpp b/vmime-master/src/vmime/context.cpp
new file mode 100644
index 0000000..3fc4941
--- /dev/null
+++ b/vmime-master/src/vmime/context.cpp
@@ -0,0 +1,86 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/context.hpp"
+
+
+namespace vmime {
+
+
+context::context()
+	: m_internationalizedEmail(false) {
+
+}
+
+
+context::context(const context& ctx)
+	: object(),
+	  m_internationalizedEmail(ctx.m_internationalizedEmail) {
+
+}
+
+
+context::~context() {
+
+}
+
+
+bool context::getInternationalizedEmailSupport() const {
+
+	return m_internationalizedEmail;
+}
+
+
+void context::setInternationalizedEmailSupport(const bool support) {
+
+	m_internationalizedEmail = support;
+}
+
+
+const charsetConverterOptions& context::getCharsetConversionOptions() const {
+
+	return m_charsetConvOptions;
+}
+
+
+void context::setCharsetConversionOptions(const charsetConverterOptions& opts) {
+
+	m_charsetConvOptions = opts;
+}
+
+
+context& context::operator=(const context& ctx) {
+
+	copyFrom(ctx);
+	return *this;
+}
+
+
+void context::copyFrom(const context& ctx) {
+
+	m_internationalizedEmail = ctx.m_internationalizedEmail;
+	m_charsetConvOptions = ctx.m_charsetConvOptions;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/context.hpp b/vmime-master/src/vmime/context.hpp
new file mode 100644
index 0000000..1d00950
--- /dev/null
+++ b/vmime-master/src/vmime/context.hpp
@@ -0,0 +1,120 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_CONTEXT_HPP_INCLUDED
+#define VMIME_CONTEXT_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/charsetConverterOptions.hpp"
+
+
+namespace vmime {
+
+
+/** Holds configuration parameters used either for parsing or generating messages.
+  */
+class VMIME_EXPORT context : public object {
+
+public:
+
+	virtual ~context();
+
+	/** Returns whether support for Internationalized Email Headers (RFC-6532)
+	  * is enabled.
+	  *
+	  * @return true if RFC-6532 support is enabled, false otherwise
+	  */
+	bool getInternationalizedEmailSupport() const;
+
+	/** Enables or disables support for Internationalized Email Headers (RFC-6532).
+	  * This is disabled by default, and should be used only with servers
+	  * which support it (eg. SMTP servers with SMTPUTF8 extension).
+	  *
+	  * @param support true if RFC-6532 support is enabled, false otherwise
+	  */
+	void setInternationalizedEmailSupport(const bool support);
+
+	/** Returns options used currently for charset conversions by the parser and/or
+	  * the generator. See charsetConverterOptions class for more information.
+	  *
+	  * @return current charset conversion options
+	  */
+	const charsetConverterOptions& getCharsetConversionOptions() const;
+
+	/** Sets the options used currently for charset conversions by the parser and/or
+	  * the generator. See charsetConverterOptions class for more information.
+	  *
+	  * @param opts new charset conversion options
+	  */
+	void setCharsetConversionOptions(const charsetConverterOptions& opts);
+
+	/** Switches between contexts temporarily.
+	  */
+	template <typename CTX_CLASS>
+	class switcher {
+
+	public:
+
+		/** Switches to the specified context.
+		  * Default context will temporarily use the data of the specified
+		  * new context during the lifetime of this object.
+		  *
+		  * @param newCtx new context
+		  */
+		switcher(CTX_CLASS& newCtx)
+			: m_oldCtxData(CTX_CLASS::getDefaultContext()), m_newCtx(&newCtx) {
+
+			CTX_CLASS::getDefaultContext().copyFrom(newCtx);
+		}
+
+		/** Restores back saved context.
+		  */
+		~switcher() {
+
+			CTX_CLASS::getDefaultContext().copyFrom(m_oldCtxData);
+		}
+
+	private:
+
+		CTX_CLASS  m_oldCtxData;
+		CTX_CLASS* m_newCtx;
+	};
+
+protected:
+
+	context();
+	context(const context& ctx);
+
+	virtual context& operator=(const context& ctx);
+	void copyFrom(const context& ctx);
+
+	bool m_internationalizedEmail;
+	charsetConverterOptions m_charsetConvOptions;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_CONTEXT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/dateTime.cpp b/vmime-master/src/vmime/dateTime.cpp
new file mode 100644
index 0000000..fd44303
--- /dev/null
+++ b/vmime-master/src/vmime/dateTime.cpp
@@ -0,0 +1,925 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include <iomanip>
+
+#include "vmime/config.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/platform.hpp"
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/utility/datetimeUtils.hpp"
+
+
+namespace vmime {
+
+/*
+
+ RFC #822:
+ 5. DATE AND TIME SPECIFICATION
+
+date-time = [ day "," ] date time                 ; dd mm yy
+                                                  ; hh:mm:ss zzz
+day = "Mon" / "Tue" / "Wed" / "Thu" /
+      "Fri" / "Sat" / "Sun"
+
+date = 1*2DIGIT month 2DIGIT                      ; day month year
+                                                  ; e.g. 20 Jun 82
+month = "Jan" / "Feb" / "Mar" / "Apr" /
+        "May" / "Jun" / "Jul" / "Aug" /
+        "Sep" / "Oct" / "Nov" / "Dec"
+
+time = hour zone                                  ; ANSI and Military
+
+hour = 2DIGIT ":" 2DIGIT [":" 2DIGIT]             ; 00:00:00 - 23:59:59
+
+zone = "UT" / "GMT"                               ; Universal Time
+                                                  ; North American : UT
+       / "EST" / "EDT"                            ; Eastern: - 5/ - 4
+       / "CST" / "CDT"                            ; Central: - 6/ - 5
+       / "MST" / "MDT"                            ; Mountain: - 7/ - 6
+       / "PST" / "PDT"                            ; Pacific: - 8/ - 7
+       / 1ALPHA                                   ; Military: Z = UT;
+                                                  ; A:-1; (J not used)
+                                                  ; M:-12; N:+1; Y:+12
+       / ( ("+" / "-") 4DIGIT )                   ; Local differential
+                                                  ; hours+min. (HHMM)
+*/
+
+
+void datetime::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* p = buffer.data() + position;
+
+	// Parse the date and time value
+	while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+	if (p < pend) {
+
+		if (parserHelpers::isAlpha(*p)) {
+
+			// Ignore week day
+			while (p < pend && parserHelpers::isAlpha(*p)) ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+			if (p < pend && *p == ',') ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+		}
+
+		bool dayParsed = false;
+
+		if (parserHelpers::isAlpha(*p)) {
+
+			// Ill-formed date/time, this may be the month,
+			// so we skip day parsing (will be done later)
+
+		} else {
+
+			while (p < pend && !parserHelpers::isDigit(*p)) ++p;
+
+			if (p < pend && parserHelpers::isDigit(*p)) {
+
+				// Month day
+				int day = 0;
+
+				do {
+					day = day * 10 + (*p - '0');
+					++p;
+				} while (p < pend && parserHelpers::isDigit(*p));
+
+				m_day = (day >= 1 && day <= 31) ? day : 1;
+
+				while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+			} else {
+
+				m_day = 1;
+
+				// Skip everything to the next field
+				while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+			}
+
+			dayParsed = true;
+		}
+
+		if (p < pend && parserHelpers::isAlpha(*p)) {
+
+			// Month
+			char_t month[4] = { 0 };
+			int monthLength = 0;
+
+			do {
+				month[monthLength++] = *p;
+				++p;
+			} while (monthLength < 3 && p < pend && parserHelpers::isAlpha(*p));
+
+			while (p < pend && parserHelpers::isAlpha(*p)) ++p;
+
+			switch (month[0]) {
+
+				case 'a':
+				case 'A': {
+
+					if (month[1] == 'u' || month[1] == 'U')
+						m_month = AUGUST;
+					else
+						m_month = APRIL; // by default
+
+					break;
+				}
+				case 'd':
+				case 'D': {
+
+					m_month = DECEMBER;
+					break;
+				}
+				case 'f':
+				case 'F': {
+
+					m_month = FEBRUARY;
+					break;
+				}
+				case 'j':
+				case 'J': {
+
+					if (month[1] == 'u' || month[1] == 'U') {
+
+						if (month[2] == 'l' || month[2] == 'L') {
+							m_month = JULY;
+						} else {  // if (month[2] == 'n' || month[2] == 'N')
+							m_month = JUNE;
+						}
+
+					} else {
+
+						m_month = JANUARY; // by default
+					}
+
+					break;
+				}
+				case 'm':
+				case 'M': {
+
+					if ((month[1] == 'a' || month[1] == 'A') &&
+					    (month[2] == 'y' || month[2] == 'Y')) {
+
+						m_month = MAY;
+
+					} else {
+
+						m_month = MARCH; // by default
+					}
+
+					break;
+				}
+				case 'n':
+				case 'N': {
+
+					m_month = NOVEMBER;
+					break;
+				}
+				case 'o':
+				case 'O': {
+
+					m_month = OCTOBER;
+					break;
+				}
+				case 's':
+				case 'S': {
+
+					m_month = SEPTEMBER;
+					break;
+				}
+				default: {
+
+					m_month = JANUARY; // by default
+					break;
+				}
+			}
+
+			while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+		} else {
+
+			m_month = JANUARY;
+
+			if (parserHelpers::isDigit(*p)) {
+
+				// Here, we expected a month, but it maybe
+				// a ill-formed date, so try to parse a year
+				// (we don't skip anything).
+
+			} else {
+
+				// Skip everything to the next field
+				while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+			}
+		}
+
+		if (!dayParsed && p < pend && parserHelpers::isDigit(*p)) {
+
+			// Month day
+			int day = 0;
+
+			do {
+				day = day * 10 + (*p - '0');
+				++p;
+			} while (p < pend && parserHelpers::isDigit(*p));
+
+			m_day = (day >= 1 && day <= 31) ? day : 1;
+
+			while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+		}
+
+		if (p < pend && parserHelpers::isDigit(*p)) {
+
+			// Check for ill-formed date/time and try to recover
+			if (p + 2 < pend && *(p + 2) == ':') {
+
+				// Skip year (default to current), and advance
+				// to time parsing
+				m_year = now().getYear();
+
+			} else {
+
+				// Year
+				int year = 0;
+
+				do {
+					year = year * 10 + (*p - '0');
+					++p;
+				} while (p < pend && parserHelpers::isDigit(*p));
+
+				if (year < 70)         m_year = year + 2000;
+				else if (year < 1000)  m_year = year + 1900;
+				else                   m_year = year;
+
+				while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+			}
+
+		} else {
+
+			m_year = 1970;
+
+			// Skip everything to the next field
+			while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+		}
+
+		if (p < pend && parserHelpers::isDigit(*p)) {
+
+			// Hour
+			int hour = 0;
+
+			do {
+				hour = hour * 10 + (*p - '0');
+				++p;
+			} while (p < pend && parserHelpers::isDigit(*p));
+
+			m_hour = (hour >= 0 && hour <= 23) ? hour : 0;
+
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+			if (p < pend && *p == ':') {
+
+				++p;
+
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+				if (p < pend && parserHelpers::isDigit(*p)) {
+
+					// Minute
+					int minute = 0;
+
+					do {
+						minute = minute * 10 + (*p - '0');
+						++p;
+					} while (p < pend && parserHelpers::isDigit(*p));
+
+					m_minute = (minute >= 0 && minute <= 59) ? minute : 0;
+
+					while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+					if (p < pend && *p == ':') {
+
+						++p;
+
+						while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+						if (p < pend && parserHelpers::isDigit(*p)) {
+
+							// Second
+							int second = 0;
+
+							do {
+								second = second * 10 + (*p - '0');
+								++p;
+							} while (p < pend && parserHelpers::isDigit(*p));
+
+							m_second = (second >= 0 && second <= 59) ? second : 0;
+
+							while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+							while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+						} else {
+
+							m_second = 0;
+						}
+
+					} else {
+
+						m_second = 0;
+					}
+
+				} else {
+
+					m_minute = 0;
+				}
+
+			} else {
+
+				m_minute = 0;
+			}
+
+		} else {
+
+			m_hour = 0;
+
+			// Skip everything to the next field
+			while (p < pend && !parserHelpers::isSpace(*p)) ++p;
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+		}
+
+		if (p + 1 < pend && (*p == '+' || *p == '-') && parserHelpers::isDigit(*(p + 1))) {
+
+			const char_t sign = *p;
+			++p;
+
+			// Zone offset (in hour/minutes)
+			int offset = 0;
+
+			do {
+				offset = offset * 10 + (*p - '0');
+				++p;
+			} while (p < pend && parserHelpers::isDigit(*p));
+
+			const int hourOff = offset / 100;
+			const int minOff = offset % 100;
+
+			if (sign == '+') {
+				m_zone = hourOff * 60 + minOff;
+			} else {
+				m_zone = -(hourOff * 60 + minOff);
+			}
+
+		} else if (p < pend && isalpha(*p)) {
+
+			bool done = false;
+
+			// Zone offset (Time zone name)
+			char_t zone[4] = { 0 };
+			int zoneLength = 0;
+
+			do {
+				zone[zoneLength++] = *p;
+				++p;
+			} while (zoneLength < 3 && p < pend);
+
+			switch (zone[0])
+			{
+			case 'c':
+			case 'C':
+			{
+				if (zoneLength >= 2)
+				{
+					if (zone[1] == 's' || zone[1] == 'S')
+						m_zone = CST;
+					else
+						m_zone = CDT;
+
+					done = true;
+				}
+
+				break;
+			}
+			case 'e':
+			case 'E':
+			{
+				if (zoneLength >= 2) {
+
+					if (zone[1] == 's' || zone[1] == 'S') {
+						m_zone = EST;
+					} else {
+						m_zone = EDT;
+					}
+
+					done = true;
+				}
+
+				break;
+			}
+			case 'm':
+			case 'M': {
+
+				if (zoneLength >= 2) {
+
+					if (zone[1] == 's' || zone[1] == 'S') {
+						m_zone = MST;
+					} else {
+						m_zone = MDT;
+					}
+
+					done = true;
+				}
+
+				break;
+			}
+			case 'p':
+			case 'P': {
+
+				if (zoneLength >= 2) {
+
+					if (zone[1] == 's' || zone[1] == 'S') {
+						m_zone = PST;
+					} else {
+						m_zone = PDT;
+					}
+
+					done = true;
+				}
+
+				break;
+			}
+			case 'g':
+			case 'G':
+			case 'u':
+			case 'U': {
+
+				if (zoneLength >= 2) {
+
+					m_zone = GMT;  // = UTC
+					done = true;
+				}
+
+				break;
+			}
+
+			}
+
+			if (!done) {
+
+				const char_t z = zone[0];
+
+				// Military time zone
+				if (z != 'j' && z != 'J') {
+
+					typedef std::map <char_t, int> Map;
+					static const Map::value_type offsetMapInit[] = {
+
+						Map::value_type('a', -60),
+						Map::value_type('b', -120),
+						Map::value_type('c', -180),
+						Map::value_type('d', -240),
+						Map::value_type('e', -300),
+						Map::value_type('f', -360),
+						Map::value_type('g', -420),
+						Map::value_type('h', -480),
+						Map::value_type('i', -540),
+						Map::value_type('k', -600),
+						Map::value_type('l', -660),
+						Map::value_type('m', -720),
+
+						Map::value_type('n', 60),
+						Map::value_type('o', 120),
+						Map::value_type('p', 180),
+						Map::value_type('q', 240),
+						Map::value_type('r', 300),
+						Map::value_type('s', 360),
+						Map::value_type('t', 420),
+						Map::value_type('u', 480),
+						Map::value_type('v', 540),
+						Map::value_type('w', 600),
+						Map::value_type('x', 660),
+						Map::value_type('y', 720),
+
+						Map::value_type('z', 0),
+					};
+
+					static const Map offsetMap(
+						::vmime::begin(offsetMapInit),
+						::vmime::end(offsetMapInit)
+					);
+
+					Map::const_iterator pos =
+						offsetMap.find(parserHelpers::toLower(z));
+
+					if (pos != offsetMap.end()) {
+						m_zone = (*pos).second;
+					} else {
+						m_zone = GMT;
+					}
+
+				} else {
+
+					m_zone = GMT;
+				}
+			}
+
+		} else {
+
+			m_zone = 0;
+		}
+
+	} else {
+
+		m_year = 1970;
+		m_month = JANUARY;
+		m_day = 1;
+
+		m_hour = 0;
+		m_minute = 0;
+		m_second = 0;
+
+		m_zone = 0;
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void datetime::generateImpl(
+	const generationContext& /* ctx */,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	static const char* dayNames[] = {
+		"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
+	};
+	static const char* monthNames[] = {
+		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+	};
+
+	const int z = ((m_zone < 0) ? -m_zone : m_zone);
+	const int zh = z / 60;
+	const int zm = z % 60;
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+
+	oss << dayNames[getWeekDay()] << ", "
+	    << m_day << " " << monthNames[m_month - 1] << " " << m_year
+	    << " " << std::setfill('0') << std::setw(2) << m_hour << ":"
+	    << std::setfill('0') << std::setw(2) << m_minute << ":"
+	    << std::setfill('0') << std::setw(2) << m_second
+	    << " " << ((m_zone < 0) ? '-' : '+') << std::setfill('0') << std::setw(2) << zh
+	    << std::setfill('0') << std::setw(2) << zm;
+
+	const string& str = oss.str();
+	os << str;
+
+	if (newLinePos) {
+		*newLinePos = curLinePos + str.length();
+	}
+}
+
+
+datetime::datetime()
+	: m_year(1970), m_month(1), m_day(1),
+	  m_hour(0), m_minute(0), m_second(0), m_zone(0) {
+
+}
+
+
+datetime::datetime(const int year, const int month, const int day)
+	: m_year(year), m_month(month), m_day(day),
+	  m_hour(0), m_minute(0), m_second(0), m_zone(0) {
+
+}
+
+
+datetime::datetime(
+	const int year,
+	const int month,
+	const int day,
+	const int hour,
+	const int minute,
+	const int second,
+	const int zone
+)
+	: m_year(year),
+	  m_month(month),
+	  m_day(day),
+	  m_hour(hour),
+	  m_minute(minute),
+	  m_second(second),
+	  m_zone(zone) {
+
+}
+
+
+datetime::datetime(const datetime& d)
+	: headerFieldValue(),
+	  m_year(d.m_year),
+	  m_month(d.m_month),
+	  m_day(d.m_day),
+	  m_hour(d.m_hour),
+	  m_minute(d.m_minute),
+	  m_second(d.m_second),
+	  m_zone(d.m_zone) {
+
+}
+
+
+datetime::datetime(const time_t t, const int zone) {
+
+#if VMIME_HAVE_LOCALTIME_S
+
+	struct tm tms;
+
+	if (!gmtime_s(&tms, &t)) {
+		localtime_s(&tms, &t);
+	}
+
+#elif VMIME_HAVE_LOCALTIME_R
+	struct tm tms;
+
+	if (!gmtime_r(&t, &tms)) {
+		localtime_r(&t, &tms);
+	}
+
+#else
+
+	struct tm* gtm = gmtime(&t);
+	struct tm* ltm = localtime(&t);
+
+	struct tm tms;
+
+	if (gtm) {
+		tms = *gtm;
+	} else if (ltm) {
+		tms = *ltm;
+	}
+
+#endif
+
+	m_year = tms.tm_year + 1900;
+	m_month = tms.tm_mon + 1;
+	m_day = tms.tm_mday;
+	m_hour = tms.tm_hour;
+	m_minute = tms.tm_min;
+	m_second = tms.tm_sec;
+	m_zone = zone;
+}
+
+
+datetime::datetime(const string& date) {
+
+	parse(date);
+}
+
+
+datetime::~datetime() {
+
+}
+
+
+void datetime::copyFrom(const component& other) {
+
+	const datetime& d = dynamic_cast <const datetime&>(other);
+
+	m_year = d.m_year;
+	m_month = d.m_month;
+	m_day = d.m_day;
+	m_hour = d.m_hour;
+	m_minute = d.m_minute;
+	m_second = d.m_second;
+	m_zone = d.m_zone;
+}
+
+
+datetime& datetime::operator=(const datetime& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+datetime& datetime::operator=(const string& s) {
+
+	parse(s);
+	return *this;
+}
+
+
+void datetime::getTime(int& hour, int& minute, int& second, int& zone) const {
+
+	hour = m_hour;
+	minute = m_minute;
+	second = m_second;
+	zone = m_zone;
+}
+
+
+void datetime::getTime(int& hour, int& minute, int& second) const {
+
+	hour = m_hour;
+	minute = m_minute;
+	second = m_second;
+}
+
+
+void datetime::getDate(int& year, int& month, int& day) const {
+
+	year = m_year;
+	month = m_month;
+	day = m_day;
+}
+
+
+void datetime::setTime(
+	const int hour,
+	const int minute,
+	const int second,
+	const int zone
+) {
+
+	m_hour = hour;
+	m_minute = minute;
+	m_second = second;
+	m_zone = zone;
+}
+
+
+void datetime::setDate(
+	const int year,
+	const int month,
+	const int day
+) {
+
+	m_year = year;
+	m_month = month;
+	m_day = day;
+}
+
+
+const datetime datetime::now() {
+
+	return platform::getHandler()->getCurrentLocalTime();
+}
+
+
+shared_ptr <component> datetime::clone() const {
+
+	return make_shared <datetime>(*this);
+}
+
+
+const std::vector <shared_ptr <component> > datetime::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+int datetime::getYear() const { return m_year; }
+int datetime::getMonth() const { return m_month; }
+int datetime::getDay() const { return m_day; }
+int datetime::getHour() const { return m_hour; }
+int datetime::getMinute() const { return m_minute; }
+int datetime::getSecond() const { return m_second; }
+int datetime::getZone() const { return m_zone; }
+int datetime::getWeekDay() const { return utility::datetimeUtils::getDayOfWeek(m_year, m_month, m_day); }
+int datetime::getWeek() const { return utility::datetimeUtils::getWeekOfYear(m_year, m_month, m_day); }
+
+void datetime::setYear(const int year) { m_year = year; }
+void datetime::setMonth(const int month) { m_month = std::min(std::max(month, 1), 12); }
+void datetime::setDay(const int day) { m_day = day; }
+void datetime::setHour(const int hour) { m_hour = hour; }
+void datetime::setMinute(const int minute) { m_minute = minute; }
+void datetime::setSecond(const int second) { m_second = second; }
+void datetime::setZone(const int zone) { m_zone = zone; }
+
+
+bool datetime::operator==(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return ut1.m_year   == ut2.m_year   &&
+	       ut1.m_month  == ut2.m_month  &&
+	       ut1.m_day    == ut2.m_day    &&
+	       ut1.m_hour   == ut2.m_hour   &&
+	       ut1.m_minute == ut2.m_minute &&
+	       ut1.m_second == ut2.m_second;
+}
+
+
+bool datetime::operator!=(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return ut1.m_year   != ut2.m_year   ||
+	       ut1.m_month  != ut2.m_month  ||
+	       ut1.m_day    != ut2.m_day    ||
+	       ut1.m_hour   != ut2.m_hour   ||
+	       ut1.m_minute != ut2.m_minute ||
+	       ut1.m_second != ut2.m_second;
+}
+
+
+bool datetime::operator<(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return (ut1.m_year    <  ut2.m_year) ||
+	       ((ut1.m_year   == ut2.m_year)   && ((ut1.m_month  < ut2.m_month)  ||
+	       ((ut1.m_month  == ut2.m_month)  && ((ut1.m_day    < ut2.m_day)    ||
+	       ((ut1.m_day    == ut2.m_day)    && ((ut1.m_hour   < ut2.m_hour)   ||
+	       ((ut1.m_hour   == ut2.m_hour)   && ((ut1.m_minute < ut2.m_minute) ||
+	       ((ut1.m_minute == ut2.m_minute) && ((ut1.m_second < ut2.m_second)))))))))));
+}
+
+
+bool datetime::operator<=(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return (ut1.m_year    <  ut2.m_year) ||
+	       ((ut1.m_year   == ut2.m_year)   && ((ut1.m_month  <  ut2.m_month)  ||
+	       ((ut1.m_month  == ut2.m_month)  && ((ut1.m_day    <  ut2.m_day)    ||
+	       ((ut1.m_day    == ut2.m_day)    && ((ut1.m_hour   <  ut2.m_hour)   ||
+	       ((ut1.m_hour   == ut2.m_hour)   && ((ut1.m_minute <  ut2.m_minute) ||
+	       ((ut1.m_minute == ut2.m_minute) && ((ut1.m_second <= ut2.m_second)))))))))));
+}
+
+
+bool datetime::operator>(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return (ut1.m_year    >  ut2.m_year) ||
+	       ((ut1.m_year   == ut2.m_year)   && ((ut1.m_month  > ut2.m_month)  ||
+	       ((ut1.m_month  == ut2.m_month)  && ((ut1.m_day    > ut2.m_day)    ||
+	       ((ut1.m_day    == ut2.m_day)    && ((ut1.m_hour   > ut2.m_hour)   ||
+	       ((ut1.m_hour   == ut2.m_hour)   && ((ut1.m_minute > ut2.m_minute) ||
+	       ((ut1.m_minute == ut2.m_minute) && (ut1.m_second > ut2.m_second))))))))));
+}
+
+
+bool datetime::operator>=(const datetime& other) const {
+
+	const datetime ut1 = utility::datetimeUtils::toUniversalTime(*this);
+	const datetime ut2 = utility::datetimeUtils::toUniversalTime(other);
+
+	return (ut1.m_year    >  ut2.m_year) ||
+	       ((ut1.m_year   == ut2.m_year)   && ((ut1.m_month  >  ut2.m_month)  ||
+	       ((ut1.m_month  == ut2.m_month)  && ((ut1.m_day    >  ut2.m_day)    ||
+	       ((ut1.m_day    == ut2.m_day)    && ((ut1.m_hour   >  ut2.m_hour)   ||
+	       ((ut1.m_hour   == ut2.m_hour)   && ((ut1.m_minute >  ut2.m_minute) ||
+	       ((ut1.m_minute == ut2.m_minute) && (ut1.m_second >= ut2.m_second))))))))));
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/dateTime.hpp b/vmime-master/src/vmime/dateTime.hpp
new file mode 100644
index 0000000..64e8dad
--- /dev/null
+++ b/vmime-master/src/vmime/dateTime.hpp
@@ -0,0 +1,275 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_DATETIME_HPP_INCLUDED
+#define VMIME_DATETIME_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+#include <ctime>
+
+
+namespace vmime {
+
+
+/** Date and time (basic type).
+  */
+class VMIME_EXPORT datetime : public headerFieldValue {
+
+public:
+
+	// Constructors
+	datetime();
+	datetime(
+		const int year,
+		const int month,
+		const int day
+	);
+	datetime(
+		const int year,
+		const int month,
+		const int day,
+		const int hour,
+		const int minute,
+		const int second,
+		const int zone = GMT
+	);
+	datetime(const datetime& d);
+	datetime(const string& date);
+	datetime(const time_t t, const int zone = GMT);
+
+	// Destructor
+	~datetime();
+
+	// Some time zones (in minutes)
+	enum TimeZones {
+
+		GMT_12 = -720,   // GMT-12h
+		GMT_11 = -660,   // GMT-11h
+		GMT_10 = -600,   // GMT-10h
+		GMT_9 = -540,    // GMT-9h
+		GMT_8 = -480,    // GMT-8h
+		GMT_7 = -420,    // GMT-7h
+		GMT_6 = -360,    // GMT-6h
+		GMT_5 = -300,    // GMT-5h
+		GMT_4 = -240,    // GMT-4h
+		GMT_3 = -180,    // GMT-3h
+		GMT_2 = -120,    // GMT-2h
+		GMT_1 = -60,     // GMT-1h
+		GMT = 0,         // GMT
+		GMT1 = 60,       // GMT+1h
+		GMT2 = 120,      // GMT+2h
+		GMT3 = 180,      // GMT+3h
+		GMT4 = 240,      // GMT+4h
+		GMT5 = 300,      // GMT+5h
+		GMT6 = 360,      // GMT+6h
+		GMT7 = 420,      // GMT+7h
+		GMT8 = 480,      // GMT+8h
+		GMT9 = 540,      // GMT+9h
+		GMT10 = 600,     // GMT+10h
+		GMT11 = 660,     // GMT+11h
+		GMT12 = 720,     // GMT+12h
+
+		UT = GMT,        // Universal Time
+
+		EST = GMT_5,     // Eastern
+		EDT = GMT_4,
+		CST = GMT_6,     // Central
+		CDT = GMT_5,
+		MST = GMT_7,     // Mountain
+		MDT = GMT_6,
+		PST = GMT_8,     // Pacific
+		PDT = GMT_7,
+
+		// Military time zones
+		A = GMT_1,
+		B = GMT_2,
+		C = GMT_3,
+		D = GMT_4,
+		E = GMT_5,
+		F = GMT_6,
+		G = GMT_7,
+		H = GMT_8,
+		I = GMT_9,       // J not used
+		K = GMT_10,
+		L = GMT_11,
+		M = GMT_12,
+
+		N = GMT1,
+		O = GMT2,
+		P = GMT3,
+		Q = GMT4,
+		R = GMT5,
+		S = GMT6,
+		T = GMT7,
+		U = GMT8,
+		V = GMT9,
+		W = GMT10,
+		X = GMT11,
+		Y = GMT12,
+
+		Z = GMT
+	};
+
+	// Months list
+	enum Months {
+
+		// Long
+		JANUARY = 1,
+		FEBRUARY = 2,
+		MARCH = 3,
+		APRIL = 4,
+		MAY = 5,
+		JUNE = 6,
+		JULY = 7,
+		AUGUST = 8,
+		SEPTEMBER = 9,
+		OCTOBER = 10,
+		NOVEMBER = 11,
+		DECEMBER = 12,
+
+		// Short
+		JAN = 1,
+		FEB = 2,
+		MAR = 3,
+		APR = 4,
+		JUN = 6,
+		JUL = 7,
+		AUG = 8,
+		SEP = 9,
+		OCT = 10,
+		NOV = 11,
+		DEC = 12
+	};
+
+	// Days of week list
+	enum DaysOfWeek {
+
+		// Long
+		SUNDAY = 0,
+		MONDAY = 1,
+		TUESDAY = 2,
+		WEDNESDAY = 3,
+		THURSDAY = 4,
+		FRIDAY = 5,
+		SATURDAY = 6,
+
+		// Short
+		SUN = 0,
+		MON = 1,
+		TUE = 2,
+		WED = 3,
+		THU = 4,
+		FRI = 5,
+		SAT = 6
+	};
+
+private:
+
+	// Date components
+	int m_year;
+	int m_month;
+	int m_day;
+
+	// Time components
+	int m_hour;
+	int m_minute;
+	int m_second;
+	int m_zone;
+
+public:
+
+	// Get
+	int getYear() const;
+	int getMonth() const;
+	int getDay() const;
+	int getHour() const;
+	int getMinute() const;
+	int getSecond() const;
+	int getZone() const;
+	int getWeekDay() const;
+	int getWeek() const;
+
+	void getTime(int& hour, int& minute, int& second, int& zone) const;
+	void getTime(int& hour, int& minute, int& second) const;
+	void getDate(int& year, int& month, int& day) const;
+
+	// Set
+	void setYear(const int year);
+	void setMonth(const int month);
+	void setDay(const int day);
+	void setHour(const int hour);
+	void setMinute(const int minute);
+	void setSecond(const int second);
+	void setZone(const int zone);
+
+	void setTime(const int hour = 0, const int minute = 0, const int second = 0, const int zone = GMT);
+	void setDate(const int year, const int month, const int day);
+
+	// Assignment
+	datetime& operator=(const datetime& other);
+	datetime& operator=(const string& s);
+
+	void copyFrom(const component& other);
+
+	shared_ptr <component> clone() const;
+
+	// Comparison
+	bool operator==(const datetime& other) const;
+	bool operator!=(const datetime& other) const;
+	bool operator<(const datetime& other) const;
+	bool operator<=(const datetime& other) const;
+	bool operator>(const datetime& other) const;
+	bool operator>=(const datetime& other) const;
+
+	// Current date and time
+	static const datetime now();
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_DATETIME_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/defaultAttachment.cpp b/vmime-master/src/vmime/defaultAttachment.cpp
new file mode 100644
index 0000000..36eaa3c
--- /dev/null
+++ b/vmime-master/src/vmime/defaultAttachment.cpp
@@ -0,0 +1,164 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/defaultAttachment.hpp"
+
+#include "vmime/contentDisposition.hpp"
+#include "vmime/contentDispositionField.hpp"
+#include "vmime/encoding.hpp"
+
+
+namespace vmime {
+
+
+defaultAttachment::defaultAttachment() {
+
+}
+
+
+defaultAttachment::defaultAttachment(
+	const shared_ptr <const contentHandler>& data,
+	const encoding& enc,
+	const mediaType& type,
+	const text& desc,
+	const word& name
+)
+	: m_type(type),
+	  m_desc(desc),
+	  m_data(data),
+	  m_encoding(enc),
+	  m_name(name) {
+
+}
+
+
+defaultAttachment::defaultAttachment(
+	const shared_ptr <const contentHandler>& data,
+	const mediaType& type,
+	const text& desc,
+	const word& name
+)
+	: m_type(type),
+	  m_desc(desc),
+	  m_data(data),
+	  m_encoding(encoding::decide(data)),
+	  m_name(name) {
+
+}
+
+
+defaultAttachment::defaultAttachment(const defaultAttachment& attach)
+	: attachment(),
+	  m_type(attach.m_type),
+	  m_desc(attach.m_desc),
+	  m_data(vmime::clone(attach.m_data)),
+	  m_encoding(attach.m_encoding),
+	  m_name(attach.m_name) {
+
+}
+
+
+defaultAttachment::~defaultAttachment() {
+
+}
+
+
+defaultAttachment& defaultAttachment::operator=(const defaultAttachment& attach) {
+
+	m_type = attach.m_type;
+	m_desc = attach.m_desc;
+	m_name = attach.m_name;
+	m_data = vmime::clone(attach.m_data);
+	m_encoding = attach.m_encoding;
+
+	return *this;
+}
+
+
+void defaultAttachment::generateIn(const shared_ptr <bodyPart>& parent) const {
+
+	// Create and append a new part for this attachment
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+	parent->getBody()->appendPart(part);
+
+	generatePart(part);
+}
+
+
+void defaultAttachment::generatePart(const shared_ptr <bodyPart>& part) const {
+
+	// Set header fields
+	part->getHeader()->ContentType()->setValue(m_type);
+	if (!m_desc.isEmpty()) part->getHeader()->ContentDescription()->setValue(m_desc);
+	part->getHeader()->ContentTransferEncoding()->setValue(m_encoding);
+	part->getHeader()->ContentDisposition()->setValue(contentDisposition(contentDispositionTypes::ATTACHMENT));
+	dynamicCast <contentDispositionField>(part->getHeader()->ContentDisposition())->setFilename(m_name);
+
+	// Set contents
+	part->getBody()->setContents(m_data);
+}
+
+
+const mediaType defaultAttachment::getType() const {
+
+	return m_type;
+}
+
+
+const text defaultAttachment::getDescription() const {
+
+	return m_desc;
+}
+
+
+const word defaultAttachment::getName() const {
+
+	return m_name;
+}
+
+
+const shared_ptr <const contentHandler> defaultAttachment::getData() const {
+
+	return m_data;
+}
+
+
+const encoding defaultAttachment::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+shared_ptr <const object> defaultAttachment::getPart() const {
+
+	return null;
+}
+
+
+shared_ptr <const header> defaultAttachment::getHeader() const {
+
+	return null;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/defaultAttachment.hpp b/vmime-master/src/vmime/defaultAttachment.hpp
new file mode 100644
index 0000000..ce1c603
--- /dev/null
+++ b/vmime-master/src/vmime/defaultAttachment.hpp
@@ -0,0 +1,99 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_DEFAULTATTACHMENT_HPP_INCLUDED
+#define VMIME_DEFAULTATTACHMENT_HPP_INCLUDED
+
+
+#include "vmime/attachment.hpp"
+#include "vmime/encoding.hpp"
+
+
+namespace vmime {
+
+
+/** Default implementation for attachments.
+  */
+class VMIME_EXPORT defaultAttachment : public attachment {
+
+protected:
+
+	// For use in derived classes.
+	defaultAttachment();
+
+public:
+
+	defaultAttachment(
+		const shared_ptr <const contentHandler>& data,
+		const encoding& enc,
+		const mediaType& type,
+		const text& desc = NULL_TEXT,
+		const word& name = NULL_WORD
+	);
+
+	defaultAttachment(
+		const shared_ptr <const contentHandler>& data,
+		const mediaType& type,
+		const text& desc = NULL_TEXT,
+		const word& name = NULL_WORD
+	);
+
+	defaultAttachment(const defaultAttachment& attach);
+
+	~defaultAttachment();
+
+	defaultAttachment& operator=(const defaultAttachment& attach);
+
+	const mediaType getType() const;
+	const text getDescription() const;
+	const word getName() const;
+	const shared_ptr <const contentHandler> getData() const;
+	const encoding getEncoding() const;
+
+	shared_ptr <const object> getPart() const;
+
+	shared_ptr <const header> getHeader() const;
+
+protected:
+
+	mediaType m_type;                   /**< Media type (eg. "application/octet-stream") */
+	text m_desc;                        /**< Description (eg. "The image you requested") */
+	shared_ptr <const contentHandler> m_data;  /**< Attachment data (eg. the file contents) */
+	encoding m_encoding;                /**< Encoding */
+	word m_name;                        /**< Name/filename (eg. "sunset.jpg") */
+
+private:
+
+	// No need to override "generateIn", use "generatePart" instead (see below).
+	void generateIn(const shared_ptr <bodyPart>& parent) const;
+
+protected:
+
+	virtual void generatePart(const shared_ptr <bodyPart>& part) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_DEFAULTATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/disposition.cpp b/vmime-master/src/vmime/disposition.cpp
new file mode 100644
index 0000000..6e10cb9
--- /dev/null
+++ b/vmime-master/src/vmime/disposition.cpp
@@ -0,0 +1,351 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/disposition.hpp"
+
+#include "vmime/parserHelpers.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+
+
+disposition::disposition() {
+
+}
+
+
+disposition::disposition(
+	const string& actionMode,
+	const string& sendingMode,
+	const string& type,
+	const string& modifier
+)
+	: m_actionMode(actionMode),
+	  m_sendingMode(sendingMode),
+	  m_type(type) {
+
+	m_modifiers.push_back(modifier);
+}
+
+
+shared_ptr <component> disposition::clone() const {
+
+	shared_ptr <disposition> disp = make_shared <disposition>();
+
+	disp->m_actionMode = m_actionMode;
+	disp->m_sendingMode = m_sendingMode;
+	disp->m_type = m_type;
+	disp->m_modifiers.resize(m_modifiers.size());
+
+	std::copy(m_modifiers.begin(), m_modifiers.end(), disp->m_modifiers.begin());
+
+	return disp;
+}
+
+
+void disposition::copyFrom(const component& other) {
+
+	const disposition& disp = dynamic_cast <const disposition&>(other);
+
+	m_actionMode = disp.m_actionMode;
+	m_sendingMode = disp.m_sendingMode;
+	m_type = disp.m_type;
+	m_modifiers.resize(disp.m_modifiers.size());
+
+	std::copy(disp.m_modifiers.begin(), disp.m_modifiers.end(), m_modifiers.begin());
+}
+
+
+disposition& disposition::operator=(const disposition& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const std::vector <shared_ptr <component> > disposition::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+void disposition::setActionMode(const string& mode) {
+
+	m_actionMode = mode;
+}
+
+
+const string& disposition::getActionMode() const {
+
+	return m_actionMode;
+}
+
+
+void disposition::setSendingMode(const string& mode) {
+
+	m_sendingMode = mode;
+}
+
+
+const string& disposition::getSendingMode() const {
+
+	return m_sendingMode;
+}
+
+
+void disposition::setType(const string& type) {
+
+	m_type = type;
+}
+
+
+const string& disposition::getType() const {
+
+	return m_type;
+}
+
+
+void disposition::addModifier(const string& modifier) {
+
+	if (!hasModifier(modifier)) {
+		m_modifiers.push_back(utility::stringUtils::toLower(modifier));
+	}
+}
+
+
+void disposition::removeModifier(const string& modifier) {
+
+	const string modifierLC = utility::stringUtils::toLower(modifier);
+
+	for (std::vector <string>::iterator it = m_modifiers.begin() ;
+	     it != m_modifiers.end() ; ++it) {
+
+		if (*it == modifierLC) {
+			m_modifiers.erase(it);
+			break;
+		}
+	}
+}
+
+
+void disposition::removeAllModifiers() {
+
+	m_modifiers.clear();
+}
+
+
+bool disposition::hasModifier(const string& modifier) const {
+
+	const string modifierLC = utility::stringUtils::toLower(modifier);
+
+	for (std::vector <string>::const_iterator it = m_modifiers.begin() ;
+	     it != m_modifiers.end() ; ++it) {
+
+		if (*it == modifierLC) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+const std::vector <string> disposition::getModifierList() const {
+
+	return m_modifiers;
+}
+
+
+void disposition::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	// disposition-mode ";" disposition-type
+	//      [ "/" disposition-modifier *( "," disposition-modifier ) ]
+	//
+	// disposition-mode = action-mode "/" sending-mode
+
+	size_t pos = position;
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+		++pos;
+	}
+
+	// -- disposition-mode
+	const size_t modeStart = pos;
+	size_t modeEnd = pos;
+
+	while (pos < end && buffer[pos] != ';') {
+		++modeEnd;
+		++pos;
+	}
+
+	while (modeEnd > modeStart && parserHelpers::isSpace(buffer[modeEnd - 1])) {
+		--modeEnd;
+	}
+
+	const string mode = string(buffer.begin() + modeStart, buffer.begin() + modeEnd);
+	const size_t slash = mode.find('/');
+
+	if (slash != string::npos) {
+
+		m_actionMode = string(mode.begin(), mode.begin() + slash);
+		m_sendingMode = string(mode.begin() + slash + 1, mode.end());
+
+	} else {
+
+		m_actionMode = mode;
+		m_sendingMode.clear();
+	}
+
+	if (pos < end) {
+		// Skip ';'
+		++pos;
+	}
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+		++pos;
+	}
+
+	// -- disposition-type
+	const size_t typeStart = pos;
+	size_t typeEnd = pos;
+
+	while (pos < end && buffer[pos] != '/') {
+		++typeEnd;
+		++pos;
+	}
+
+	while (typeEnd > typeStart && parserHelpers::isSpace(buffer[typeEnd - 1])) {
+		--typeEnd;
+	}
+
+	m_type = string(buffer.begin() + typeStart, buffer.begin() + typeEnd);
+
+	m_modifiers.clear();
+
+	if (pos < end) {  // modifiers follow
+
+		// Skip '/'
+		++pos;
+
+		while (pos < end) {
+
+			while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+				++pos;
+			}
+
+			const size_t modifierStart = pos;
+			size_t modifierEnd = pos;
+
+			while (pos < end && buffer[pos] != ',') {
+				++modifierEnd;
+				++pos;
+			}
+
+			while (modifierEnd > modifierStart && parserHelpers::isSpace(buffer[modifierEnd - 1])) {
+				--modifierEnd;
+			}
+
+			if (modifierEnd > modifierStart) {
+
+				m_modifiers.push_back(
+					string(
+						buffer.begin() + modifierStart,
+						buffer.begin() + modifierEnd
+					)
+				);
+			}
+
+			// Skip ','
+			if (pos < end) {
+				++pos;
+			}
+		}
+	}
+
+	if (newPosition) {
+		*newPosition = pos;
+	}
+}
+
+
+void disposition::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	size_t pos = curLinePos;
+
+	const string actionMode = (m_actionMode.empty() ? "automatic-action" : m_actionMode);
+	const string sendingMode = (m_sendingMode.empty() ? "MDN-sent-automatically" : m_sendingMode);
+
+	os << actionMode << "/" << sendingMode << ";";
+	pos += actionMode.length() + 1 + sendingMode.length() + 1;
+
+	if (pos > ctx.getMaxLineLength()) {
+		os << NEW_LINE_SEQUENCE;
+		pos = NEW_LINE_SEQUENCE_LENGTH;
+	}
+
+	const string type = (m_type.empty() ? "displayed" : m_type);
+
+	os << type;
+	pos += type.length();
+
+	if (m_modifiers.size() >= 1) {
+
+		for (std::vector <string>::size_type i = 0, n = 0 ; i < m_modifiers.size() ; ++i) {
+
+			const string mod = utility::stringUtils::trim(m_modifiers[i]);
+
+			if (!mod.empty()) {
+
+				if (n == 0) {
+					os << "/";
+				} else {
+					os << ",";
+				}
+
+				os << mod;
+				pos += 1 + mod.length();
+
+				++n;
+			}
+		}
+	}
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+}
diff --git a/vmime-master/src/vmime/disposition.hpp b/vmime-master/src/vmime/disposition.hpp
new file mode 100644
index 0000000..d4b023b
--- /dev/null
+++ b/vmime-master/src/vmime/disposition.hpp
@@ -0,0 +1,163 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_DISPOSITION_HPP_INCLUDED
+#define VMIME_DISPOSITION_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+#include <vector>
+
+
+namespace vmime {
+
+
+/** Disposition - from RFC-3798 (basic type).
+  */
+class VMIME_EXPORT disposition : public headerFieldValue {
+
+public:
+
+	disposition();
+	disposition(
+		const string& actionMode,
+		const string& sendingMode,
+		const string& type,
+		const string& modifier
+	);
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	disposition& operator=(const disposition& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+
+	/** Set the disposition action mode.
+	  * See the constants in vmime::dispositionActionModes.
+	  *
+	  * @param mode disposition action mode
+	  */
+	void setActionMode(const string& mode);
+
+	/** Return the disposition action mode.
+	  * See the constants in vmime::dispositionActionModes.
+	  *
+	  * @return disposition action mode
+	  */
+	const string& getActionMode() const;
+
+	/** Set the disposition sending mode.
+	  * See the constants in vmime::dispositionSendingModes.
+	  *
+	  * @param mode disposition sending mode
+	  */
+	void setSendingMode(const string& mode);
+
+	/** Return the disposition sending mode.
+	  * See the constants in vmime::dispositionSendingModes.
+	  *
+	  * @return disposition sending mode
+	  */
+	const string& getSendingMode() const;
+
+	/** Set the disposition type.
+	  * See the constants in vmime::dispositionTypes.
+	  *
+	  * @param type disposition type
+	  */
+	void setType(const string& type);
+
+	/** Return the disposition type.
+	  * See the constants in vmime::dispositionTypes.
+	  *
+	  * @return disposition type
+	  */
+	const string& getType() const;
+
+	/** Add a disposition modifier if it does not exist.
+	  * See the constants in vmime::dispositionModifiers.
+	  *
+	  * @param modifier modifier to add
+	  */
+	void addModifier(const string& modifier);
+
+	/** Remove the specified disposition modifier.
+	  * See the constants in vmime::dispositionModifiers.
+	  *
+	  * @param modifier modifier to remove
+	  */
+	void removeModifier(const string& modifier);
+
+	/** Remove all disposition modifiers.
+	  */
+	void removeAllModifiers();
+
+	/** Test whether a disposition modifier is set.
+	  *
+	  * @param modifier modifier to test
+	  * @return true if the specified modifier is set, false otherwise
+	  */
+	bool hasModifier(const string& modifier) const;
+
+	/** Return the list of modifiers.
+	  *
+	  * @return list of modifiers
+	  */
+	const std::vector <string> getModifierList() const;
+
+private:
+
+	string m_actionMode;
+	string m_sendingMode;
+	string m_type;
+
+	std::vector <string> m_modifiers;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_DISPOSITION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/emailAddress.cpp b/vmime-master/src/vmime/emailAddress.cpp
new file mode 100644
index 0000000..1be678a
--- /dev/null
+++ b/vmime-master/src/vmime/emailAddress.cpp
@@ -0,0 +1,708 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/emailAddress.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/parserHelpers.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+
+
+/** Decode an IDNA-encoded domain name ("xn--5rtw95l.xn--wgv71a")
+  * to a fully decoded domain name in UTF-8 ("黒�.日本").
+  *
+  * @param idnaDomain domain name encoded with IDNA
+  * @return decoded domain name in UTF-8
+  */
+static const string domainNameFromIDNA(const string& idnaDomain) {
+
+	std::ostringstream domainName;
+	size_t p = 0;
+
+	for (size_t n = idnaDomain.find('.', p) ;
+	     (n = idnaDomain.find('.', p)) != string::npos ; p = n + 1) {
+
+		const string encodedPart(idnaDomain.begin() + p, idnaDomain.begin() + n);
+
+		if (encodedPart.length() > 4 &&
+		    encodedPart[0] == 'x' && encodedPart[1] == 'n' &&
+		    encodedPart[2] == '-' && encodedPart[3] == '-') {
+
+			string decodedPart;
+			charset::convert(
+				encodedPart, decodedPart,
+				vmime::charsets::IDNA, vmime::charsets::UTF_8
+			);
+
+			domainName << decodedPart << '.';
+
+		} else {
+
+			domainName << encodedPart << '.';  // not encoded
+		}
+	}
+
+	if (p < idnaDomain.length()) {
+
+		const string encodedPart(idnaDomain.begin() + p, idnaDomain.end());
+
+		if (encodedPart.length() > 4 &&
+		    encodedPart[0] == 'x' && encodedPart[1] == 'n' &&
+		    encodedPart[2] == '-' && encodedPart[3] == '-') {
+
+			string decodedPart;
+			charset::convert(
+				encodedPart, decodedPart,
+				vmime::charsets::IDNA, vmime::charsets::UTF_8
+			);
+
+			domainName << decodedPart;
+
+		} else {
+
+			domainName << encodedPart;  // not encoded
+		}
+	}
+
+	return domainName.str();
+}
+
+
+/** Encode an UTF-8 domain name ("黒�.日本") to an IDNA-encoded
+  * domain name ("xn--5rtw95l.xn--wgv71a").
+  *
+  * @param domainName domain name in UTF-8
+  * @return domain name encoded with IDNA
+  */
+static const string domainNameToIDNA(const string& domainName) {
+
+	std::ostringstream idnaDomain;
+	size_t p = 0;
+
+	for (size_t n = domainName.find('.', p) ;
+	     (n = domainName.find('.', p)) != string::npos ; p = n + 1) {
+
+		string idnaPart;
+		charset::convert(
+			string(domainName.begin() + p, domainName.begin() + n), idnaPart,
+			vmime::charsets::UTF_8, vmime::charsets::IDNA
+		);
+
+		idnaDomain << idnaPart << '.';
+	}
+
+	if (p < domainName.length()) {
+
+		string idnaPart;
+		charset::convert(
+			string(domainName.begin() + p, domainName.end()), idnaPart,
+			vmime::charsets::UTF_8, vmime::charsets::IDNA
+		);
+
+		idnaDomain << idnaPart;
+	}
+
+	return idnaDomain.str();
+}
+
+
+
+
+emailAddress::emailAddress() {
+
+}
+
+
+emailAddress::emailAddress(const emailAddress& eml)
+	: component(),
+	  m_localName(eml.m_localName),
+	  m_domainName(eml.m_domainName) {
+
+}
+
+
+emailAddress::emailAddress(const string& email) {
+
+	parse(email);
+}
+
+
+emailAddress::emailAddress(const char* email) {
+
+	parse(email);
+}
+
+
+emailAddress::emailAddress(const string& localName, const string& domainName)
+	: component(),
+	  m_localName(word(localName, vmime::charsets::UTF_8)),
+	  m_domainName(word(domainName, vmime::charsets::UTF_8)) {
+
+}
+
+
+emailAddress::emailAddress(const word& localName, const word& domainName)
+	: component(),
+	  m_localName(localName),
+	  m_domainName(domainName) {
+
+}
+
+
+void emailAddress::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	enum ParserStates {
+		State_Before,
+		State_LocalPartStart,
+		State_LocalPartMiddle,
+		State_LocalPartComment,
+		State_LocalPartQuoted,
+		State_LocalPartRFC2047Start,
+		State_LocalPartRFC2047Middle,
+		State_LocalPartRFC2047MiddleQM,
+		State_LocalPartRFC2047End,
+		State_DomainPartStart,
+		State_DomainPartMiddle,
+		State_DomainPartComment,
+		State_End,
+		State_Error
+	} state = State_Before;
+
+	std::ostringstream localPart;
+	std::ostringstream domainPart;
+
+	bool escapeNext = false;  // for quoting
+	bool prevIsDot = false;
+	bool atFound = false;
+	bool stop = false;
+	int commentLevel = 0;
+	bool localPartIsRFC2047 = false;
+
+	while (p < pend && !stop) {
+
+		const char c = *p;
+
+		if ((localPart.str().length() + domainPart.str().length()) >= 256) {
+			state = State_Error;
+			break;
+		}
+
+		switch (state) {
+
+			case State_Before:
+
+				if (parserHelpers::isSpace(c)) {
+					++p;
+				} else {
+					state = State_LocalPartStart;
+				}
+
+				break;
+
+			case State_LocalPartStart:
+
+				if (c == '"') {
+
+					state = State_LocalPartQuoted;
+					++p;
+
+				} else if (c == '=') {
+
+					state = State_LocalPartRFC2047Start;
+					++p;
+
+				} else if (c == '(') {
+
+					state = State_LocalPartComment;
+					++commentLevel;
+					++p;
+
+				} else {
+
+					state = State_LocalPartMiddle;
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartComment:
+
+				if (escapeNext) {
+
+					escapeNext = false;
+					++p;
+
+				} else if (c == '\\') {
+
+					escapeNext = true;
+					++p;
+
+				} else if (c == '(') {
+
+					++commentLevel;
+					++p;
+
+				} else if (c == ')') {
+
+					if (--commentLevel == 0) {
+						// End of comment
+						state = State_LocalPartMiddle;
+					}
+
+					++p;
+
+				} else {
+
+					// Comment continues
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartQuoted:
+
+				if (escapeNext) {
+
+					escapeNext = false;
+
+					if (c == '"' || c == '\\') {
+
+						localPart << c;
+						++p;
+
+					} else {
+
+						// This char cannot be escaped
+						state = State_Error;
+					}
+
+				} else if (c == '"') {
+
+					// End of quoted string
+					state = State_LocalPartMiddle;
+					++p;
+
+				} else if (c == '\\') {
+
+					escapeNext = true;
+					++p;
+
+				} else {
+
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartRFC2047Start:
+
+				if (c == '?') {
+
+					state = State_LocalPartRFC2047Middle;
+					localPart << "=?";
+					localPartIsRFC2047 = true;
+					++p;
+
+				} else {
+
+					state = State_LocalPartMiddle;
+					localPart << '=';
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartMiddle:
+
+				if (c == '.') {
+
+					prevIsDot = true;
+					localPart << c;
+					++p;
+
+				} else if (c == '"' && prevIsDot) {
+
+					prevIsDot = false;
+					state = State_LocalPartQuoted;
+					++p;
+
+				} else if (c == '(') {
+
+					// By allowing comments anywhere in the local part,
+					// we are more permissive than RFC-2822
+					state = State_LocalPartComment;
+					++commentLevel;
+					++p;
+
+				} else if (c == '@') {
+
+					atFound = true;
+					state = State_DomainPartStart;
+					++p;
+
+				} else if (parserHelpers::isSpace(c)) {
+
+					// Allow not specifying domain part
+					state = State_End;
+
+				} else {
+
+					prevIsDot = false;
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartRFC2047Middle:
+
+				if (c == '?') {
+
+					state = State_LocalPartRFC2047MiddleQM;
+					++p;
+
+				} else {
+
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartRFC2047MiddleQM:
+
+				if (c == '=') {
+
+					// End of RFC-2047 encoded word
+					state = State_LocalPartRFC2047End;
+					localPart << "?=";
+					++p;
+
+				} else {
+
+					state = State_LocalPartRFC2047Middle;
+					localPart << '?';
+					localPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_LocalPartRFC2047End:
+
+				if (c == '@') {
+
+					atFound = true;
+					state = State_DomainPartStart;
+					++p;
+
+				} else {
+
+					state = State_End;
+				}
+
+				break;
+
+			case State_DomainPartStart:
+
+				if (c == '(') {
+
+					state = State_DomainPartComment;
+					++commentLevel;
+					++p;
+
+				} else {
+
+					state = State_DomainPartMiddle;
+					domainPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_DomainPartMiddle:
+
+				if (parserHelpers::isSpace(c)) {
+
+					state = State_End;
+
+				} else if (c == '(') {
+
+					// By allowing comments anywhere in the domain part,
+					// we are more permissive than RFC-2822
+					state = State_DomainPartComment;
+					++commentLevel;
+					++p;
+
+				} else {
+
+					domainPart << c;
+					++p;
+				}
+
+				break;
+
+			case State_DomainPartComment:
+
+				if (escapeNext) {
+
+					escapeNext = false;
+					++p;
+
+				} else if (c == '\\') {
+
+					escapeNext = true;
+					++p;
+
+				} else if (c == '(') {
+
+					++commentLevel;
+					++p;
+
+				} else if (c == ')') {
+
+					if (--commentLevel == 0) {
+
+						// End of comment
+						state = State_DomainPartMiddle;
+					}
+
+					++p;
+
+				} else {
+
+					// Comment continues
+					++p;
+				}
+
+				break;
+
+			case State_End:
+			case State_Error:
+
+				stop = true;
+				break;
+		}
+	}
+
+	if (p == pend && state != State_Error) {
+
+		if (state == State_DomainPartMiddle) {
+			state = State_End;
+		} else if (state == State_LocalPartMiddle) {
+			state = State_End;  // allow not specifying domain part
+		}
+	}
+
+	if (state != State_End) {
+
+		m_localName = word("invalid", vmime::charsets::UTF_8);
+		m_domainName = word("invalid", vmime::charsets::UTF_8);
+
+	} else {
+
+		// If the domain part is missing, use local host name
+		if (domainPart.str().empty() && !atFound) {
+			domainPart << platform::getHandler()->getHostName();
+		}
+
+		if (localPartIsRFC2047) {
+			m_localName.parse(localPart.str());
+		} else {
+			m_localName = word(localPart.str(), vmime::charsets::UTF_8);
+		}
+
+		m_domainName = word(domainNameFromIDNA(domainPart.str()), vmime::charsets::UTF_8);
+	}
+
+	setParsedBounds(position, p - pend);
+
+	if (newPosition) {
+		*newPosition = p - pend;
+	}
+}
+
+
+void emailAddress::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	string localPart, domainPart;
+
+	if (ctx.getInternationalizedEmailSupport() &&
+	    (!utility::stringUtils::is7bit(m_localName.getBuffer()) ||
+	     !utility::stringUtils::is7bit(m_domainName.getBuffer()))) {
+
+		// Local part
+		string localPartUTF8(m_localName.getConvertedText(vmime::charsets::UTF_8));
+		word localPartWord(localPartUTF8, vmime::charsets::UTF_8);
+
+		vmime::utility::outputStreamStringAdapter os(localPart);
+		localPartWord.generate(ctx, os, 0, NULL, text::FORCE_NO_ENCODING | text::QUOTE_IF_NEEDED, NULL);
+
+		// Domain part
+		domainPart = m_domainName.getConvertedText(vmime::charsets::UTF_8);
+
+	} else {
+
+		// Local part
+		vmime::utility::outputStreamStringAdapter os(localPart);
+		m_localName.generate(ctx, os, 0, NULL, text::QUOTE_IF_NEEDED, NULL);
+
+		// Domain part as IDNA
+		domainPart = domainNameToIDNA(m_domainName.getConvertedText(vmime::charsets::UTF_8));
+	}
+
+	os << localPart
+	   << "@"
+	   << domainPart;
+
+	if (newLinePos) {
+
+		*newLinePos = curLinePos
+			+ localPart.length()
+			+ 1 // @
+			+ domainPart.length();
+	}
+}
+
+
+bool emailAddress::operator==(const class emailAddress& eml) const {
+
+	return m_localName == eml.m_localName &&
+	       m_domainName == eml.m_domainName;
+}
+
+
+bool emailAddress::operator!=(const class emailAddress& eml) const {
+
+	return !(*this == eml);
+}
+
+
+void emailAddress::copyFrom(const component& other) {
+
+	const emailAddress& source = dynamic_cast <const emailAddress&>(other);
+
+	m_localName = source.m_localName;
+	m_domainName = source.m_domainName;
+}
+
+
+emailAddress& emailAddress::operator=(const emailAddress& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+shared_ptr <component>emailAddress::clone() const {
+
+	return make_shared <emailAddress>(*this);
+}
+
+
+const word& emailAddress::getLocalName() const {
+
+	return m_localName;
+}
+
+
+void emailAddress::setLocalName(const word& localName) {
+
+	m_localName = localName;
+}
+
+
+const word& emailAddress::getDomainName() const {
+
+	return m_domainName;
+}
+
+
+void emailAddress::setDomainName(const word& domainName) {
+
+	m_domainName = domainName;
+}
+
+
+const std::vector <shared_ptr <component> > emailAddress::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+bool emailAddress::isEmpty() const {
+
+	return m_localName.isEmpty();
+}
+
+
+const string emailAddress::toString() const {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter adapter(oss);
+
+	generationContext ctx(generationContext::getDefaultContext());
+	ctx.setMaxLineLength(lineLengthLimits::infinite);
+
+	generateImpl(ctx, adapter, 0, NULL);
+
+	return oss.str();
+}
+
+
+const text emailAddress::toText() const {
+
+	text txt;
+	txt.appendWord(make_shared <vmime::word>(m_localName));
+	txt.appendWord(make_shared <vmime::word>("@", vmime::charsets::US_ASCII));
+	txt.appendWord(make_shared <vmime::word>(m_domainName));
+
+	return txt;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/emailAddress.hpp b/vmime-master/src/vmime/emailAddress.hpp
new file mode 100644
index 0000000..7824996
--- /dev/null
+++ b/vmime-master/src/vmime/emailAddress.hpp
@@ -0,0 +1,135 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_EMAILADDRESS_HPP_INCLUDED
+#define VMIME_EMAILADDRESS_HPP_INCLUDED
+
+
+#include "vmime/component.hpp"
+#include "vmime/text.hpp"
+
+
+namespace vmime {
+
+
+/** An email address: local name and domain name (basic type).
+  */
+class VMIME_EXPORT emailAddress : public component {
+
+public:
+
+	emailAddress();
+	emailAddress(const emailAddress& eml);
+	emailAddress(const string& email);
+	emailAddress(const char* email);
+	emailAddress(const string& localName, const string& domainName);
+	emailAddress(const word& localName, const word& domainName);
+
+	/** Return the local name of the address.
+	  *
+	  * @return local name of the address
+	  */
+	const word& getLocalName() const;
+
+	/** Set the local name of the address.
+	  *
+	  * @param localName local name of the address
+	  */
+	void setLocalName(const word& localName);
+
+	/** Return the domain name of the address.
+	  *
+	  * @return domain name of the address
+	  */
+	const word& getDomainName() const;
+
+	/** Set the domain name of the address.
+	  *
+	  * @param domainName domain name of the address
+	  */
+	void setDomainName(const word& domainName);
+
+	/** Returns whether this email address is empty.
+	  * Address is considered as empty if the local part is not specified.
+	  *
+	  * @return true if the address is empty, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Returns the email address as a string, by joining components.
+	  * (ie. the local name, followed by a @ then the domain name.)
+	  *
+	  * @return email address as a string
+	  */
+	const string toString() const;
+
+	/** Returns the email address as multibyte text, by joining components.
+	  * (ie. the local name, followed by a @ then the domain name.)
+	  *
+	  * @return email address as multibyte text
+	  */
+	const text toText() const;
+
+	// Comparison
+	bool operator==(const class emailAddress& eml) const;
+	bool operator!=(const class emailAddress& eml) const;
+
+	// Assignment
+	void copyFrom(const component& other);
+	shared_ptr <component> clone() const;
+	emailAddress& operator=(const emailAddress& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+protected:
+
+	word m_localName;
+	word m_domainName;
+
+public:
+
+	using component::parse;
+	using component::generate;
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_EMAILADDRESS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/emptyContentHandler.cpp b/vmime-master/src/vmime/emptyContentHandler.cpp
new file mode 100644
index 0000000..3cf7965
--- /dev/null
+++ b/vmime-master/src/vmime/emptyContentHandler.cpp
@@ -0,0 +1,126 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/emptyContentHandler.hpp"
+
+
+namespace vmime {
+
+
+emptyContentHandler::emptyContentHandler() {
+
+}
+
+
+shared_ptr <contentHandler> emptyContentHandler::clone() const {
+
+	return make_shared <emptyContentHandler>();
+}
+
+
+void emptyContentHandler::generate(
+	utility::outputStream& /* os */,
+	const vmime::encoding& /* enc */,
+	const size_t /* maxLineLength */
+) const {
+
+	// Nothing to do.
+}
+
+
+void emptyContentHandler::extract(
+	utility::outputStream& /* os */,
+	utility::progressListener* progress) const
+{
+	if (progress) {
+		progress->start(0);
+	}
+
+	// Nothing to do.
+
+	if (progress) {
+		progress->stop(0);
+	}
+}
+
+
+void emptyContentHandler::extractRaw(
+	utility::outputStream& /* os */,
+	utility::progressListener* progress
+) const {
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	// Nothing to do.
+
+	if (progress) {
+		progress->stop(0);
+	}
+}
+
+
+size_t emptyContentHandler::getLength() const {
+
+	return 0;
+}
+
+
+bool emptyContentHandler::isEmpty() const {
+
+	return true;
+}
+
+
+bool emptyContentHandler::isEncoded() const {
+
+	return false;
+}
+
+
+const vmime::encoding& emptyContentHandler::getEncoding() const {
+
+	return NO_ENCODING;
+}
+
+
+bool emptyContentHandler::isBuffered() const {
+
+	return true;
+}
+
+
+void emptyContentHandler::setContentTypeHint(const mediaType& type) {
+
+	m_contentType = type;
+}
+
+
+const mediaType emptyContentHandler::getContentTypeHint() const {
+
+	return m_contentType;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/emptyContentHandler.hpp b/vmime-master/src/vmime/emptyContentHandler.hpp
new file mode 100644
index 0000000..b7e0897
--- /dev/null
+++ b/vmime-master/src/vmime/emptyContentHandler.hpp
@@ -0,0 +1,80 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_EMPTYCONTENTHANDLER_HPP_INCLUDED
+#define VMIME_EMPTYCONTENTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT emptyContentHandler : public contentHandler {
+
+public:
+
+	emptyContentHandler();
+
+	shared_ptr <contentHandler> clone() const;
+
+	void generate(
+		utility::outputStream& os,
+		const vmime::encoding& enc,
+		const size_t maxLineLength = lineLengthLimits::infinite
+	) const;
+
+	void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL
+	) const;
+
+	void extractRaw(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL
+	) const;
+
+	size_t getLength() const;
+
+	bool isEncoded() const;
+
+	const vmime::encoding& getEncoding() const;
+
+	bool isEmpty() const;
+
+	bool isBuffered() const;
+
+	void setContentTypeHint(const mediaType& type);
+	const mediaType getContentTypeHint() const;
+
+private:
+
+	mediaType m_contentType;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_EMPTYCONTENTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/encoding.cpp b/vmime-master/src/vmime/encoding.cpp
new file mode 100644
index 0000000..23814a6
--- /dev/null
+++ b/vmime-master/src/vmime/encoding.cpp
@@ -0,0 +1,331 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/encoding.hpp"
+#include "vmime/contentHandler.hpp"
+
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+#include "vmime/utility/encoder/encoderFactory.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+
+
+encoding::encoding()
+	: m_name(encodingTypes::SEVEN_BIT),
+	  m_usage(USAGE_UNKNOWN) {
+
+}
+
+
+encoding::encoding(const string& name)
+	: m_name(utility::stringUtils::toLower(name)),
+	  m_usage(USAGE_UNKNOWN) {
+
+}
+
+
+encoding::encoding(const string& name, const EncodingUsage usage)
+	: m_name(utility::stringUtils::toLower(name)),
+	  m_usage(usage) {
+
+}
+
+
+encoding::encoding(const encoding& enc)
+	: headerFieldValue(),
+	  m_name(enc.m_name),
+	  m_usage(enc.m_usage) {
+}
+
+
+void encoding::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_usage = USAGE_UNKNOWN;
+
+	m_name = utility::stringUtils::toLower(
+		utility::stringUtils::trim(
+			utility::stringUtils::unquote(
+				utility::stringUtils::trim(
+					string(buffer.begin() + position, buffer.begin() + end)
+				)
+			)
+		)
+	);
+
+	if (m_name.empty()) {
+		m_name = encodingTypes::SEVEN_BIT;   // assume default "7-bit"
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void encoding::generateImpl(
+	const generationContext& /* ctx */,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	os << m_name;
+
+	if (newLinePos) {
+		*newLinePos = curLinePos + m_name.length();
+	}
+}
+
+
+shared_ptr <utility::encoder::encoder> encoding::getEncoder() const {
+
+	shared_ptr <utility::encoder::encoder> encoder =
+		utility::encoder::encoderFactory::getInstance()->create(generate());
+
+	// FIXME: this should not be here (move me into QP encoder instead?)
+	if (m_usage == USAGE_TEXT && m_name == encodingTypes::QUOTED_PRINTABLE) {
+		encoder->getProperties()["text"] = true;
+	}
+
+	return encoder;
+}
+
+
+encoding& encoding::operator=(const encoding& other) {
+
+	copyFrom(other);
+	return (*this);
+}
+
+
+encoding& encoding::operator=(const string& name) {
+
+	m_name = utility::stringUtils::toLower(name);
+	m_usage = USAGE_UNKNOWN;
+
+	return *this;
+}
+
+
+bool encoding::operator==(const encoding& value) const {
+
+	return utility::stringUtils::toLower(m_name) == value.m_name;
+}
+
+
+bool encoding::operator!=(const encoding& value) const {
+
+	return !(*this == value);
+}
+
+
+const encoding encoding::decideImpl(
+	const string::const_iterator begin,
+	const string::const_iterator end
+) {
+
+	const string::difference_type length = end - begin;
+	const string::difference_type count = std::count_if(
+		begin, end,
+		std::bind2nd(std::less<unsigned char>(), 127)
+	);
+
+	// All is in 7-bit US-ASCII --> 7-bit (or Quoted-Printable...)
+	if (length == count) {
+
+		// Now, we check if there is any line with more than
+		// "lineLengthLimits::convenient" characters (7-bit requires that)
+		string::const_iterator p = begin;
+
+		const size_t maxLen = lineLengthLimits::convenient;
+		size_t len = 0;
+
+		for ( ; p != end && len <= maxLen ; ) {
+
+			if (*p == '\n') {
+
+				len = 0;
+				++p;
+
+				// May or may not need to be encoded, we don't take
+				// any risk (avoid problems with SMTP)
+				if (p != end && *p == '.') {
+					len = maxLen + 1;
+				}
+
+			} else {
+
+				++len;
+				++p;
+			}
+		}
+
+		if (len > maxLen) {
+			return encoding(encodingTypes::QUOTED_PRINTABLE);
+		} else {
+			return encoding(encodingTypes::SEVEN_BIT);
+		}
+
+	// Less than 20% non US-ASCII --> Quoted-Printable
+	} else if ((length - count) <= length / 5) {
+
+		return encoding(encodingTypes::QUOTED_PRINTABLE);
+
+	// Otherwise --> Base64
+	} else {
+
+		return encoding(encodingTypes::BASE64);
+	}
+}
+
+
+bool encoding::shouldReencode() const {
+
+	if (m_name == encodingTypes::BASE64 ||
+	    m_name == encodingTypes::QUOTED_PRINTABLE ||
+	    m_name == encodingTypes::UUENCODE) {
+
+		return false;
+	}
+
+	return true;
+}
+
+
+const encoding encoding::decide(
+	const shared_ptr <const contentHandler>& data,
+	const EncodingUsage usage
+) {
+
+	// Do not re-encode data if it is already encoded
+	if (data->isEncoded() && !data->getEncoding().shouldReencode()) {
+		return data->getEncoding();
+	}
+
+	encoding enc;
+
+	if (usage == USAGE_TEXT && data->isBuffered() &&
+	    data->getLength() > 0 && data->getLength() < 32768) {
+
+		// Extract data into temporary buffer
+		string buffer;
+		utility::outputStreamStringAdapter os(buffer);
+
+		data->extract(os);
+		os.flush();
+
+		enc = decideImpl(buffer.begin(), buffer.end());
+
+	} else {
+
+		enc = encoding(encodingTypes::BASE64);
+	}
+
+	enc.setUsage(usage);
+
+	return enc;
+}
+
+
+const encoding encoding::decide(
+	const shared_ptr <const contentHandler>& data,
+	const charset& chset,
+	const EncodingUsage usage
+) {
+
+	// Do not re-encode data if it is already encoded
+	if (data->isEncoded() && !data->getEncoding().shouldReencode()) {
+		return data->getEncoding();
+	}
+
+	if (usage == USAGE_TEXT) {
+
+		encoding recEncoding;
+
+		if (chset.getRecommendedEncoding(recEncoding)) {
+
+			recEncoding.setUsage(usage);
+			return recEncoding;
+		}
+	}
+
+	return decide(data, usage);
+}
+
+
+shared_ptr <component> encoding::clone() const {
+
+	return make_shared <encoding>(*this);
+}
+
+
+void encoding::copyFrom(const component& other) {
+
+	const encoding& e = dynamic_cast <const encoding&>(other);
+
+	m_name = e.m_name;
+}
+
+
+const string& encoding::getName() const {
+
+	return m_name;
+}
+
+
+void encoding::setName(const string& name) {
+
+	m_name = name;
+}
+
+
+encoding::EncodingUsage encoding::getUsage() const {
+
+	return m_usage;
+}
+
+
+void encoding::setUsage(const EncodingUsage usage) {
+
+	m_usage = usage;
+}
+
+
+const std::vector <shared_ptr <component> > encoding::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/encoding.hpp b/vmime-master/src/vmime/encoding.hpp
new file mode 100644
index 0000000..2ff17ef
--- /dev/null
+++ b/vmime-master/src/vmime/encoding.hpp
@@ -0,0 +1,180 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_ENCODING_HPP_INCLUDED
+#define VMIME_ENCODING_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+#include "vmime/utility/encoder/encoder.hpp"
+
+
+namespace vmime {
+
+
+class contentHandler;
+
+
+/** Content encoding (basic type).
+  */
+class VMIME_EXPORT encoding : public headerFieldValue {
+
+public:
+
+	enum EncodingUsage {
+
+		USAGE_UNKNOWN,
+		USAGE_TEXT,         /**< Use for body text. */
+		USAGE_BINARY_DATA   /**< Use for attachment, image... */
+	};
+
+
+	encoding();
+	explicit encoding(const string& name);
+	encoding(const string& name, const EncodingUsage usage);
+	encoding(const encoding& enc);
+
+	/** Return the name of the encoding.
+	  * See the constants in vmime::encodingTypes.
+	  *
+	  * @return name of the encoding (eg. "quoted-printable")
+	  */
+	const string& getName() const;
+
+	/** Set the name of the encoding.
+	  * See the constants in vmime::encodingTypes.
+	  *
+	  * @param name name of the encoding
+	  */
+	void setName(const string& name);
+
+	/** Return the type of contents this encoding is used for.
+	  * See the EncodingUsage enum.
+	  */
+	EncodingUsage getUsage() const;
+
+	/** Set the type of contents this encoding is used for.
+	  * See the EncodingUsage enum.
+	  *
+	  * @param usage type of contents
+	  */
+	void setUsage(const EncodingUsage usage);
+
+
+	encoding& operator=(const encoding& other);
+	encoding& operator=(const string& name);
+
+	bool operator==(const encoding& value) const;
+	bool operator!=(const encoding& value) const;
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Decide which encoding to use based on the specified data.
+	  *
+	  * @param data data used to determine encoding
+	  * @param usage context of use of data
+	  * @return suitable encoding for specified data
+	  */
+	static const encoding decide(
+		const shared_ptr <const contentHandler>& data,
+		const EncodingUsage usage = USAGE_BINARY_DATA
+	);
+
+	/** Decide which encoding to use based on the specified data and charset.
+	  *
+	  * @param data data used to determine encoding
+	  * @param chset charset of data
+	  * @param usage context of use of data
+	  * @return suitable encoding for specified data and charset
+	  */
+	static const encoding decide(
+		const shared_ptr <const contentHandler>& data,
+		const charset& chset,
+		const EncodingUsage usage = USAGE_BINARY_DATA
+	);
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+
+	/** Use encoderFactory to obtain an encoder/decoder object
+	  * for the current encoding type.
+	  *
+	  * @throw exceptions::no_encoder_available if no encoder
+	  * is registered for the encoding
+	  * @return a new encoder object for the encoding type
+	  */
+	shared_ptr <utility::encoder::encoder> getEncoder() const;
+
+private:
+
+	string m_name;
+	EncodingUsage m_usage;
+
+	/** Determine whether data encoded using this encoding should
+	  * be re-encoded if needed.
+	  *
+	  * @return true if data should be re-encoded, false otherwise
+	  */
+	bool shouldReencode() const;
+
+	/** Decide which encoding to use based on the specified data.
+	  *
+	  * Please note: this will read the whole buffer, so it should be used only
+	  * for small amount of data (eg. text), and not large binary attachments.
+	  *
+	  * @param begin start iterator in buffer
+	  * @param end end iterator in buffer
+	  * @return suitable encoding for specified data
+	  */
+	static const encoding decideImpl(
+		const string::const_iterator begin,
+		const string::const_iterator end
+	);
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_ENCODING_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/exception.cpp b/vmime-master/src/vmime/exception.cpp
new file mode 100644
index 0000000..fb9dea9
--- /dev/null
+++ b/vmime-master/src/vmime/exception.cpp
@@ -0,0 +1,735 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+//
+// exception
+//
+
+const exception exception::NO_EXCEPTION;
+
+
+exception::exception()
+	: std::runtime_error(""), m_other(NULL) {
+
+}
+
+
+exception::exception(const string& what, const exception& other)
+	: std::runtime_error(what), m_other(&other != &NO_EXCEPTION ? other.clone() : NULL) {
+
+}
+
+
+exception::exception(const exception& e)
+	: std::runtime_error(e.what()), m_other(e.m_other == NULL ? NULL : e.m_other->clone()) {
+
+}
+
+
+exception::~exception() throw() {
+
+	delete m_other;
+}
+
+
+void exception::chainException(const exception& other) {
+
+	exception* e = other.clone();
+
+	delete m_other;
+	m_other = e;
+}
+
+
+const exception* exception::other() const throw() {
+
+	return m_other;
+}
+
+
+const char* exception::name() const throw() {
+
+	return "exception";
+}
+
+
+exception* exception::clone() const {
+
+	return new exception(*this);
+}
+
+
+
+namespace exceptions {
+
+
+//
+// bad_field_value_type
+//
+
+bad_field_value_type::~bad_field_value_type() throw() {}
+bad_field_value_type::bad_field_value_type(const string& fieldName, const exception& other)
+	: exception("Bad value type for field '" + fieldName + "'.", other) {}
+
+exception* bad_field_value_type::clone() const { return new bad_field_value_type(*this); }
+const char* bad_field_value_type::name() const throw() { return "bad_field_value_type"; }
+
+
+
+//
+// charset_conv_error
+//
+
+charset_conv_error::~charset_conv_error() throw() {}
+charset_conv_error::charset_conv_error(const string& what, const exception& other)
+	: exception(what.empty() ? "Charset conversion error." : what, other) {}
+
+exception* charset_conv_error::clone() const { return new charset_conv_error(*this); }
+const char* charset_conv_error::name() const throw() { return "charset_conv_error"; }
+
+
+
+//
+// illegal_byte_sequence_for_charset
+//
+
+illegal_byte_sequence_for_charset::~illegal_byte_sequence_for_charset() throw() {}
+illegal_byte_sequence_for_charset::illegal_byte_sequence_for_charset(const string& what, const exception& other)
+	: exception(what.empty() ? "Found illegal byte sequence for this charset." : what, other) {}
+
+exception* illegal_byte_sequence_for_charset::clone() const { return new illegal_byte_sequence_for_charset(*this); }
+const char* illegal_byte_sequence_for_charset::name() const throw() { return "illegal_byte_sequence_for_charset"; }
+
+
+
+//
+// no_encoder_available
+//
+
+no_encoder_available::~no_encoder_available() throw() {}
+no_encoder_available::no_encoder_available(const string& name, const exception& other)
+	: exception("No encoder available: '" + name + "'.", other) {}
+
+exception* no_encoder_available::clone() const { return new no_encoder_available(*this); }
+const char* no_encoder_available::name() const throw() { return "no_encoder_available"; }
+
+
+//
+// no_digest_algorithm_available
+//
+
+no_digest_algorithm_available::~no_digest_algorithm_available() throw() {}
+no_digest_algorithm_available::no_digest_algorithm_available(const string& name, const exception& other)
+	: exception("No algorithm available: '" + name + "'.", other) {}
+
+exception* no_digest_algorithm_available::clone() const { return new no_digest_algorithm_available(*this); }
+const char* no_digest_algorithm_available::name() const throw() { return "no_digest_algorithm_available"; }
+
+
+//
+// no_such_field
+//
+
+no_such_field::~no_such_field() throw() {}
+no_such_field::no_such_field(const exception& other)
+	: exception("Field not found.", other) {}
+
+exception* no_such_field::clone() const { return new no_such_field(*this); }
+const char* no_such_field::name() const throw() { return "no_such_field"; }
+
+
+//
+// no_such_part
+//
+
+no_such_part::~no_such_part() throw() {}
+no_such_part::no_such_part(const exception& other)
+	: exception("Part not found.", other) {}
+
+exception* no_such_part::clone() const { return new no_such_part(*this); }
+const char* no_such_part::name() const throw() { return "no_such_part"; }
+
+
+//
+// no_such_message_id
+//
+
+no_such_message_id::~no_such_message_id() throw() {}
+no_such_message_id::no_such_message_id(const exception& other)
+	: exception("Message-Id not found.", other) {}
+
+exception* no_such_message_id::clone() const { return new no_such_message_id(*this); }
+const char* no_such_message_id::name() const throw() { return "no_such_message_id"; }
+
+
+//
+// open_file_error
+//
+
+open_file_error::~open_file_error() throw() {}
+open_file_error::open_file_error(const exception& other)
+	: exception("Error opening file.", other) {}
+
+exception* open_file_error::clone() const { return new open_file_error(*this); }
+const char* open_file_error::name() const throw() { return "open_file_error"; }
+
+
+//
+// no_factory_available
+//
+
+no_factory_available::~no_factory_available() throw() {}
+no_factory_available::no_factory_available(const exception& other)
+	: exception("No factory available.", other) {}
+
+exception* no_factory_available::clone() const { return new no_factory_available(*this); }
+const char* no_factory_available::name() const throw() { return "no_factory_available"; }
+
+
+//
+// no_platform_handler
+//
+
+no_platform_handler::~no_platform_handler() throw() {}
+no_platform_handler::no_platform_handler(const exception& other)
+	: exception("No platform handler installed.", other) {}
+
+exception* no_platform_handler::clone() const { return new no_platform_handler(*this); }
+const char* no_platform_handler::name() const throw() { return "no_platform_handler"; }
+
+
+//
+// no_expeditor
+//
+
+no_expeditor::~no_expeditor() throw() {}
+no_expeditor::no_expeditor(const exception& other)
+	: exception("No expeditor specified.", other) {}
+
+exception* no_expeditor::clone() const { return new no_expeditor(*this); }
+const char* no_expeditor::name() const throw() { return "no_expeditor"; }
+
+
+//
+// no_recipient
+//
+
+no_recipient::~no_recipient() throw() {}
+no_recipient::no_recipient(const exception& other)
+	: exception("No recipient specified.", other) {}
+
+exception* no_recipient::clone() const { return new no_recipient(*this); }
+const char* no_recipient::name() const throw() { return "no_recipient"; }
+
+
+//
+// no_such_property
+//
+
+no_such_property::~no_such_property() throw() {}
+no_such_property::no_such_property(const string& name, const exception& other)
+	: exception(string("No such property: '") + name + string("'."), other) { }
+
+exception* no_such_property::clone() const { return new no_such_property(*this); }
+const char* no_such_property::name() const throw() { return "no_such_property"; }
+
+
+//
+// invalid_property_type
+//
+
+invalid_property_type::~invalid_property_type() throw() {}
+invalid_property_type::invalid_property_type(const exception& other)
+	: exception("Invalid property type.", other) {}
+
+exception* invalid_property_type::clone() const { return new invalid_property_type(*this); }
+const char* invalid_property_type::name() const throw() { return "invalid_property_type"; }
+
+
+//
+// invalid_argument
+//
+
+invalid_argument::~invalid_argument() throw() {}
+invalid_argument::invalid_argument(const exception& other)
+	: exception("Invalid argument.", other) {}
+
+exception* invalid_argument::clone() const { return new invalid_argument(*this); }
+const char* invalid_argument::name() const throw() { return "invalid_argument"; }
+
+
+//
+// system_error
+//
+
+system_error::~system_error() throw() { }
+system_error::system_error(const string& what, const exception& other)
+	: exception(what, other) {}
+
+exception* system_error::clone() const { return new system_error(*this); }
+const char* system_error::name() const throw() { return "system_error"; }
+
+
+//
+// malformed_url
+//
+
+malformed_url::~malformed_url() throw() {}
+malformed_url::malformed_url(const string& error, const exception& other)
+	: exception("Malformed URL: " + error + ".", other) {}
+
+exception* malformed_url::clone() const { return new malformed_url(*this); }
+const char* malformed_url::name() const throw() { return "malformed_url"; }
+
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+//
+// net_exception
+//
+
+net_exception::~net_exception() throw() {}
+net_exception::net_exception(const string& what, const exception& other)
+	: exception(what, other) {}
+
+exception* net_exception::clone() const { return new net_exception(*this); }
+const char* net_exception::name() const throw() { return "net_exception"; }
+
+
+//
+// socket_exception
+//
+
+socket_exception::~socket_exception() throw() {}
+socket_exception::socket_exception(const string& what, const exception& other)
+	: net_exception(what.empty()
+		? "Socket error." : what, other) {}
+
+exception* socket_exception::clone() const { return new socket_exception(*this); }
+const char* socket_exception::name() const throw() { return "socket_exception"; }
+
+
+//
+// socket_not_connected_exception
+//
+
+socket_not_connected_exception::~socket_not_connected_exception() throw() {}
+socket_not_connected_exception::socket_not_connected_exception(const string& what, const exception& other)
+	: socket_exception(what.empty()
+		? "Socket is not connected." : what, other) {}
+
+exception* socket_not_connected_exception::clone() const { return new socket_not_connected_exception(*this); }
+const char* socket_not_connected_exception::name() const throw() { return "socket_not_connected_exception"; }
+
+
+//
+// connection_error
+//
+
+connection_error::~connection_error() throw() {}
+connection_error::connection_error(const string& what, const exception& other)
+	: socket_exception(what.empty()
+		? "Connection error." : what, other) {}
+
+exception* connection_error::clone() const { return new connection_error(*this); }
+const char* connection_error::name() const throw() { return "connection_error"; }
+
+
+//
+// connection_greeting_error
+//
+
+connection_greeting_error::~connection_greeting_error() throw() {}
+connection_greeting_error::connection_greeting_error(const string& response, const exception& other)
+	: net_exception("Greeting error.", other), m_response(response) {}
+
+const string& connection_greeting_error::response() const { return (m_response); }
+
+exception* connection_greeting_error::clone() const { return new connection_greeting_error(*this); }
+const char* connection_greeting_error::name() const throw() { return "connection_greeting_error"; }
+
+
+//
+// authentication_error
+//
+
+authentication_error::~authentication_error() throw() {}
+authentication_error::authentication_error(const string& response, const exception& other)
+	: net_exception("Authentication error.", other), m_response(response) {}
+
+const string& authentication_error::response() const { return (m_response); }
+
+exception* authentication_error::clone() const { return new authentication_error(*this); }
+const char* authentication_error::name() const throw() { return "authentication_error"; }
+
+
+//
+// unsupported_option
+//
+
+unsupported_option::~unsupported_option() throw() {}
+unsupported_option::unsupported_option(const exception& other)
+	: net_exception("Unsupported option.", other) {}
+
+exception* unsupported_option::clone() const { return new unsupported_option(*this); }
+const char* unsupported_option::name() const throw() { return "unsupported_option"; }
+
+
+//
+// illegal_state
+//
+
+illegal_state::~illegal_state() throw() {}
+illegal_state::illegal_state(const string& state, const exception& other)
+	: net_exception("Illegal state to accomplish the operation: '" + state + "'.", other) {}
+
+exception* illegal_state::clone() const { return new illegal_state(*this); }
+const char* illegal_state::name() const throw() { return "illegal_state"; }
+
+
+//
+// folder_not_found
+//
+
+folder_not_found::~folder_not_found() throw() {}
+folder_not_found::folder_not_found(const exception& other)
+	: net_exception("Folder not found.", other) {}
+
+exception* folder_not_found::clone() const { return new folder_not_found(*this); }
+const char* folder_not_found::name() const throw() { return "folder_not_found"; }
+
+
+//
+// folder_already_open
+//
+
+folder_already_open::~folder_already_open() throw() {}
+folder_already_open::folder_already_open(const exception& other)
+	: net_exception("Folder is already open in the same session.", other) {}
+
+exception* folder_already_open::clone() const { return new folder_already_open(*this); }
+const char* folder_already_open::name() const throw() { return "folder_already_open"; }
+
+
+//
+// message_not_found
+//
+
+message_not_found::~message_not_found() throw() {}
+message_not_found::message_not_found(const exception& other)
+	: net_exception("Message not found.", other) {}
+
+exception* message_not_found::clone() const { return new message_not_found(*this); }
+const char* message_not_found::name() const throw() { return "message_not_found"; }
+
+
+//
+// operation_not_supported
+//
+
+operation_not_supported::~operation_not_supported() throw() {}
+operation_not_supported::operation_not_supported(const exception& other)
+	: net_exception("Operation not supported.", other) {}
+
+exception* operation_not_supported::clone() const { return new operation_not_supported(*this); }
+const char* operation_not_supported::name() const throw() { return "operation_not_supported"; }
+
+
+//
+// operation_timed_out
+//
+
+operation_timed_out::~operation_timed_out() throw() {}
+operation_timed_out::operation_timed_out(const exception& other)
+	: net_exception("Operation timed out.", other) {}
+
+exception* operation_timed_out::clone() const { return new operation_timed_out(*this); }
+const char* operation_timed_out::name() const throw() { return "operation_timed_out"; }
+
+
+//
+// operation_cancelled
+//
+
+operation_cancelled::~operation_cancelled() throw() {}
+operation_cancelled::operation_cancelled(const exception& other)
+	: net_exception("Operation cancelled by the user.", other) {}
+
+exception* operation_cancelled::clone() const { return new operation_cancelled(*this); }
+const char* operation_cancelled::name() const throw() { return "operation_cancelled"; }
+
+
+//
+// unfetched_object
+//
+
+unfetched_object::~unfetched_object() throw() {}
+unfetched_object::unfetched_object(const exception& other)
+	: net_exception("Object not fetched.", other) {}
+
+exception* unfetched_object::clone() const { return new unfetched_object(*this); }
+const char* unfetched_object::name() const throw() { return "unfetched_object"; }
+
+
+//
+// not_connected
+//
+
+not_connected::~not_connected() throw() {}
+not_connected::not_connected(const exception& other)
+	: net_exception("Not connected to a service.", other) {}
+
+exception* not_connected::clone() const { return new not_connected(*this); }
+const char* not_connected::name() const throw() { return "not_connected"; }
+
+
+//
+// already_connected
+//
+
+already_connected::~already_connected() throw() {}
+already_connected::already_connected(const exception& other)
+	: net_exception("Already connected to a service. Disconnect and retry.", other) {}
+
+exception* already_connected::clone() const { return new already_connected(*this); }
+const char* already_connected::name() const throw() { return "already_connected"; }
+
+
+//
+// illegal_operation
+//
+
+illegal_operation::~illegal_operation() throw() {}
+illegal_operation::illegal_operation(const string& msg, const exception& other)
+	: net_exception(msg.empty()
+		? "Illegal operation."
+		: "Illegal operation: " + msg + ".",
+		other
+	) {}
+
+exception* illegal_operation::clone() const { return new illegal_operation(*this); }
+const char* illegal_operation::name() const throw() { return "illegal_operation"; }
+
+
+//
+// command_error
+//
+
+command_error::~command_error() throw() {}
+command_error::command_error(const string& command, const string& response,
+                             const string& desc, const exception& other)
+	: net_exception(desc.empty()
+		? "Error while executing command '" + command + "'."
+		: "Error while executing command '" + command + "': " + desc + ".",
+		other
+	),
+	m_command(command), m_response(response) {}
+
+const string& command_error::command() const { return (m_command); }
+
+const string& command_error::response() const { return (m_response); }
+
+exception* command_error::clone() const { return new command_error(*this); }
+const char* command_error::name() const throw() { return "command_error"; }
+
+
+//
+// invalid_response
+//
+
+invalid_response::~invalid_response() throw() {}
+invalid_response::invalid_response(const string& command, const string& response, const exception& other)
+	: net_exception(command.empty()
+		? "Received invalid response."
+		: "Received invalid response for command '" + command + "'.",
+		other
+	),
+	m_command(command), m_response(response) {}
+
+const string& invalid_response::command() const { return (m_command); }
+
+const string& invalid_response::response() const { return (m_response); }
+
+exception* invalid_response::clone() const { return new invalid_response(*this); }
+const char* invalid_response::name() const throw() { return "invalid_response"; }
+
+
+//
+// partial_fetch_not_supported
+//
+
+partial_fetch_not_supported::~partial_fetch_not_supported() throw() {}
+partial_fetch_not_supported::partial_fetch_not_supported(const exception& other)
+	: net_exception("Partial fetch not supported.", other) {}
+
+exception* partial_fetch_not_supported::clone() const { return new partial_fetch_not_supported(*this); }
+const char* partial_fetch_not_supported::name() const throw() { return "partial_fetch_not_supported"; }
+
+
+//
+// invalid_folder_name
+//
+
+invalid_folder_name::~invalid_folder_name() throw() {}
+invalid_folder_name::invalid_folder_name(const string& error, const exception& other)
+	: net_exception(error.empty()
+		? "Invalid folder name: " + error + "."
+		: "Invalid folder name.",
+		other) {}
+
+exception* invalid_folder_name::clone() const { return new invalid_folder_name(*this); }
+const char* invalid_folder_name::name() const throw() { return "invalid_folder_name"; }
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+//
+// filesystem_exception
+//
+
+filesystem_exception::~filesystem_exception() throw() {}
+filesystem_exception::filesystem_exception(const string& what, const utility::path& path, const exception& other)
+	: exception(what, other), m_path(path) {}
+
+const utility::path& filesystem_exception::path() const { return (m_path); }
+
+exception* filesystem_exception::clone() const { return new filesystem_exception(*this); }
+const char* filesystem_exception::name() const throw() { return "filesystem_exception"; }
+
+
+//
+// not_a_directory
+//
+
+not_a_directory::~not_a_directory() throw() {}
+not_a_directory::not_a_directory(const utility::path& path, const exception& other)
+	: filesystem_exception("Operation failed: this is not a directory.", path, other) {}
+
+exception* not_a_directory::clone() const { return new not_a_directory(*this); }
+const char* not_a_directory::name() const throw() { return "not_a_directory"; }
+
+
+//
+// file_not_found
+//
+
+file_not_found::~file_not_found() throw() {}
+file_not_found::file_not_found(const utility::path& path, const exception& other)
+	: filesystem_exception("File not found.", path, other) {}
+
+exception* file_not_found::clone() const { return new file_not_found(*this); }
+const char* file_not_found::name() const throw() { return "file_not_found"; }
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+//
+// authentication_exception
+//
+
+authentication_exception::~authentication_exception() throw() {}
+authentication_exception::authentication_exception(const string& what, const exception& other)
+	: exception(what, other) {}
+
+exception* authentication_exception::clone() const { return new authentication_exception(*this); }
+const char* authentication_exception::name() const throw() { return "authentication_exception"; }
+
+
+//
+// no_auth_information
+//
+
+no_auth_information::~no_auth_information() throw() {}
+no_auth_information::no_auth_information(const exception& other)
+	: authentication_exception("Information cannot be provided.", other) {}
+
+exception* no_auth_information::clone() const { return new no_auth_information(*this); }
+const char* no_auth_information::name() const throw() { return "no_auth_information"; }
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+
+//
+// sasl_exception
+//
+
+sasl_exception::~sasl_exception() throw() {}
+sasl_exception::sasl_exception(const string& what, const exception& other)
+	: authentication_exception(what, other) {}
+
+exception* sasl_exception::clone() const { return new sasl_exception(*this); }
+const char* sasl_exception::name() const throw() { return "sasl_exception"; }
+
+
+//
+// no_such_mechanism
+//
+
+no_such_mechanism::~no_such_mechanism() throw() {}
+no_such_mechanism::no_such_mechanism(const string& name, const exception& other)
+	: sasl_exception("No such SASL mechanism: '" + name + "'.", other) {}
+
+exception* no_such_mechanism::clone() const { return new no_such_mechanism(*this); }
+const char* no_such_mechanism::name() const throw() { return "no_such_mechanism"; }
+
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+
+//
+// tls_exception
+//
+
+tls_exception::~tls_exception() throw() {}
+tls_exception::tls_exception(const string& what, const exception& other)
+	: exception(what, other) {}
+
+exception* tls_exception::clone() const { return new tls_exception(*this); }
+const char* tls_exception::name() const throw() { return "tls_exception"; }
+
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+} // exceptions
+
+
+} // vmime
+
diff --git a/vmime-master/src/vmime/exception.hpp b/vmime-master/src/vmime/exception.hpp
new file mode 100644
index 0000000..da0ec24
--- /dev/null
+++ b/vmime-master/src/vmime/exception.hpp
@@ -0,0 +1,865 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_EXCEPTION_HPP_INCLUDED
+#define VMIME_EXCEPTION_HPP_INCLUDED
+
+
+#include <stdexcept>
+
+#include "vmime/config.hpp"
+#include "vmime/base.hpp"
+#include "vmime/utility/path.hpp"
+
+
+namespace vmime {
+
+
+/** Base class for VMime exceptions.
+  */
+class VMIME_EXPORT exception : public std::runtime_error {
+
+private:
+
+	exception* m_other;
+
+	exception();
+
+public:
+
+	exception(const string& what, const exception& other = NO_EXCEPTION);
+	exception(const exception& e);
+
+	virtual ~exception() throw();
+
+	/** Chain the specified exception with this exception.
+	  *
+	  * @param other next exception in the chain
+	  */
+	void chainException(const exception& other);
+
+	/** Return the next exception in the chain, that is the exception
+	  * that caused this exception. This permits nesting exceptions.
+	  *
+	  * @return next exception in the chain
+	  */
+	const exception* other() const throw();
+
+	/** Return a name identifying the exception.
+	  *
+	  * @return exception name
+	  */
+	virtual const char* name() const throw();
+
+	/** Clone this object.
+	  *
+	  * @return a new copy of this object
+	  */
+	virtual exception* clone() const;
+
+protected:
+
+	static const exception NO_EXCEPTION;
+};
+
+
+
+/** List of all VMime exceptions. */
+namespace exceptions {
+
+
+class VMIME_EXPORT bad_field_value_type : public vmime::exception {
+
+public:
+
+	bad_field_value_type(const string& fieldName, const exception& other = NO_EXCEPTION);
+	~bad_field_value_type() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT charset_conv_error : public vmime::exception {
+
+public:
+
+	charset_conv_error(const string& what = "", const exception& other = NO_EXCEPTION);
+	~charset_conv_error() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT illegal_byte_sequence_for_charset : public vmime::exception {
+
+public:
+
+	illegal_byte_sequence_for_charset(const string& what = "", const exception& other = NO_EXCEPTION);
+	~illegal_byte_sequence_for_charset() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** No encoder has been found for the specified encoding name.
+  */
+class VMIME_EXPORT no_encoder_available : public vmime::exception {
+
+public:
+
+	no_encoder_available(const string& name, const exception& other = NO_EXCEPTION);
+	~no_encoder_available() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** No algorithm has been found for the specified name.
+  */
+class VMIME_EXPORT no_digest_algorithm_available : public vmime::exception {
+
+public:
+
+	no_digest_algorithm_available(const string& name, const exception& other = NO_EXCEPTION);
+	~no_digest_algorithm_available() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT no_such_field : public vmime::exception {
+
+public:
+
+	no_such_field(const exception& other = NO_EXCEPTION);
+	~no_such_field() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT no_such_part : public vmime::exception {
+
+public:
+
+	no_such_part(const exception& other = NO_EXCEPTION);
+	~no_such_part() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT no_such_message_id : public vmime::exception {
+
+public:
+
+	no_such_message_id(const exception& other = NO_EXCEPTION);
+	~no_such_message_id() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT open_file_error : public vmime::exception {
+
+public:
+
+	open_file_error(const exception& other = NO_EXCEPTION);
+	~open_file_error() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT no_factory_available : public vmime::exception {
+
+public:
+
+	no_factory_available(const exception& other = NO_EXCEPTION);
+	~no_factory_available() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+class VMIME_EXPORT no_platform_handler : public vmime::exception {
+
+public:
+
+	no_platform_handler(const exception& other = NO_EXCEPTION);
+	~no_platform_handler() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** No expeditor specified.
+  */
+class VMIME_EXPORT no_expeditor : public vmime::exception {
+
+public:
+
+	no_expeditor(const exception& other = NO_EXCEPTION);
+	~no_expeditor() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** No recipient specified.
+  */
+class VMIME_EXPORT no_recipient : public vmime::exception {
+
+public:
+
+	no_recipient(const exception& other = NO_EXCEPTION);
+	~no_recipient() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** There is no property with that name in the set.
+  */
+class VMIME_EXPORT no_such_property : public vmime::exception {
+
+public:
+
+	no_such_property(const string& name, const exception& other = NO_EXCEPTION);
+	~no_such_property() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Bad type specified when reading property.
+  */
+class VMIME_EXPORT invalid_property_type : public vmime::exception {
+
+public:
+
+	invalid_property_type(const exception& other = NO_EXCEPTION);
+	~invalid_property_type() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Bad argument was passed to the function.
+  */
+class VMIME_EXPORT invalid_argument : public vmime::exception {
+
+public:
+
+	invalid_argument(const exception& other = NO_EXCEPTION);
+	~invalid_argument() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Underlying operating system error.
+  */
+class VMIME_EXPORT system_error : public vmime::exception {
+
+public:
+
+	system_error(const string& what, const exception& other = NO_EXCEPTION);
+	~system_error() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The URL is malformed.
+  */
+class VMIME_EXPORT malformed_url : public vmime::exception {
+
+public:
+
+	malformed_url(const string& error, const exception& other = NO_EXCEPTION);
+	~malformed_url() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+/** Base class for exceptions thrown by the networking module.
+  */
+class VMIME_EXPORT net_exception : public vmime::exception {
+
+public:
+
+	net_exception(const string& what, const exception& other = NO_EXCEPTION);
+	~net_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Alias for 'net_exception' (compatibility with version <= 0.7.1);
+  * this is deprecated.
+  */
+typedef net_exception messaging_exception;
+
+
+/** Socket error.
+  */
+class VMIME_EXPORT socket_exception : public net_exception {
+
+public:
+
+	socket_exception(const string& what = "", const exception& other = NO_EXCEPTION);
+	~socket_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+
+};
+
+
+/** Socket not connected: you are trying to write to/read from a socket which
+  * is not connected to a peer.
+  */
+class VMIME_EXPORT socket_not_connected_exception : public socket_exception {
+
+public:
+
+	socket_not_connected_exception(const string& what = "", const exception& other = NO_EXCEPTION);
+	~socket_not_connected_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+
+};
+
+
+/** Error while connecting to the server: this may be a DNS resolution error
+  * or a connection error (for example, time-out while connecting).
+  */
+class VMIME_EXPORT connection_error : public socket_exception {
+
+public:
+
+	connection_error(const string& what = "", const exception& other = NO_EXCEPTION);
+	~connection_error() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Server did not initiated the connection correctly.
+  */
+class VMIME_EXPORT connection_greeting_error : public net_exception {
+
+public:
+
+	connection_greeting_error(const string& response, const exception& other = NO_EXCEPTION);
+	~connection_greeting_error() throw();
+
+	const string& response() const;
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	string m_response;
+};
+
+
+/** Error while giving credentials to the server (wrong username
+  * or password, or wrong authentication method).
+  */
+class VMIME_EXPORT authentication_error : public net_exception {
+
+public:
+
+	authentication_error(const string& response, const exception& other = NO_EXCEPTION);
+	~authentication_error() throw();
+
+	const string& response() const;
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	string m_response;
+};
+
+
+/** Option not supported.
+  */
+class VMIME_EXPORT unsupported_option : public net_exception {
+
+public:
+
+	unsupported_option(const exception& other = NO_EXCEPTION);
+	~unsupported_option() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The current state of the object does not permit to execute the
+  * operation (for example, you try to close a folder which is not open).
+  */
+class VMIME_EXPORT illegal_state : public net_exception {
+
+public:
+
+	illegal_state(const string& state, const exception& other = NO_EXCEPTION);
+	~illegal_state() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Folder not found (does not exist).
+  */
+class VMIME_EXPORT folder_not_found : public net_exception {
+
+public:
+
+	folder_not_found(const exception& other = NO_EXCEPTION);
+	~folder_not_found() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Folder is already open in the same session.
+  */
+class VMIME_EXPORT folder_already_open : public net_exception {
+
+public:
+
+	folder_already_open(const exception& other = NO_EXCEPTION);
+	~folder_already_open() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Message not found (does not exist).
+  */
+class VMIME_EXPORT message_not_found : public net_exception {
+
+public:
+
+	message_not_found(const exception& other = NO_EXCEPTION);
+	~message_not_found() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Operation not supported by the underlying protocol.
+  */
+class VMIME_EXPORT operation_not_supported : public net_exception {
+
+public:
+
+	operation_not_supported(const exception& other = NO_EXCEPTION);
+	~operation_not_supported() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The operation timed out (time-out delay is elapsed).
+  */
+class VMIME_EXPORT operation_timed_out : public net_exception {
+
+public:
+
+	operation_timed_out(const exception& other = NO_EXCEPTION);
+	~operation_timed_out() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The operation has been cancelled.
+  */
+class VMIME_EXPORT operation_cancelled : public net_exception {
+
+public:
+
+	operation_cancelled(const exception& other = NO_EXCEPTION);
+	~operation_cancelled() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Must call fetchMessage() or fetchHeader() before accessing
+  * the requested object.
+  */
+class VMIME_EXPORT unfetched_object : public net_exception {
+
+public:
+
+	unfetched_object(const exception& other = NO_EXCEPTION);
+	~unfetched_object() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The service is not currently connected.
+  */
+class VMIME_EXPORT not_connected : public net_exception {
+
+public:
+
+	not_connected(const exception& other = NO_EXCEPTION);
+	~not_connected() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The service is already connected (must disconnect before).
+  */
+class VMIME_EXPORT already_connected : public net_exception {
+
+public:
+
+	already_connected(const exception& other = NO_EXCEPTION);
+	~already_connected() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Illegal operation: cannot run this operation on the object.
+  */
+class VMIME_EXPORT illegal_operation : public net_exception {
+
+public:
+
+	illegal_operation(const string& msg = "", const exception& other = NO_EXCEPTION);
+	~illegal_operation() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Command error: operation failed (this is specific to the underlying protocol).
+  */
+class VMIME_EXPORT command_error : public net_exception {
+
+public:
+
+	command_error(
+		const string& command,
+		const string& response,
+		const string& desc = "",
+		const exception& other = NO_EXCEPTION
+	);
+
+	~command_error() throw();
+
+	/** Return the name of the command which have thrown the exception.
+	  * This is protocol-dependent.
+	  *
+	  * @return command name (protocol-dependent)
+	  */
+	const string& command() const;
+
+	/** Return the invalid response line.
+	  * The meaning is protocol-dependent.
+	  *
+	  * @return response line (protocol-dependent)
+	  */
+	const string& response() const;
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	string m_command;
+	string m_response;
+};
+
+
+/** The server returned an invalid response.
+  */
+class VMIME_EXPORT invalid_response : public net_exception {
+
+public:
+
+	invalid_response(
+		const string& command,
+		const string& response,
+		const exception& other = NO_EXCEPTION
+	);
+
+	~invalid_response() throw();
+
+	/** Return the name of the command which have thrown the exception.
+	  * This is protocol-dependent.
+	  *
+	  * @return command name (protocol-dependent)
+	  */
+	const string& command() const;
+
+	/** Return the invalid response line.
+	  * The meaning is protocol-dependent.
+	  *
+	  * @return response line (protocol-dependent)
+	  */
+	const string& response() const;
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	string m_command;
+	string m_response;
+};
+
+
+/** Partial fetch is not supported by the underlying protocol.
+  */
+class VMIME_EXPORT partial_fetch_not_supported : public net_exception {
+
+public:
+
+	partial_fetch_not_supported(const exception& other = NO_EXCEPTION);
+	~partial_fetch_not_supported() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** Folder name is invalid.
+  */
+class VMIME_EXPORT invalid_folder_name : public net_exception {
+
+public:
+
+	invalid_folder_name(const string& error = "", const exception& other = NO_EXCEPTION);
+	~invalid_folder_name() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+/** Base class for exceptions thrown by the filesystem features.
+  */
+class VMIME_EXPORT filesystem_exception : public vmime::exception {
+
+public:
+
+	filesystem_exception(
+		const string& what,
+		const utility::path& path,
+		const exception& other = NO_EXCEPTION
+	);
+
+	~filesystem_exception() throw();
+
+	/** Return the full path of the file have thrown the exception.
+	  *
+	  * @return full path of the file/directory
+	  */
+	const utility::path& path() const;
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	const utility::path m_path;
+};
+
+
+/** File is not a directory.
+  */
+class VMIME_EXPORT not_a_directory : public filesystem_exception {
+
+public:
+
+	not_a_directory(const utility::path& path, const exception& other = NO_EXCEPTION);
+	~not_a_directory() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** File not found.
+  */
+class VMIME_EXPORT file_not_found : public filesystem_exception {
+
+public:
+
+	file_not_found(const utility::path& path, const exception& other = NO_EXCEPTION);
+	~file_not_found() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+/** Authentication exception.
+  */
+class VMIME_EXPORT authentication_exception : public vmime::exception {
+
+public:
+
+	authentication_exception(const string& what, const exception& other = NO_EXCEPTION);
+	~authentication_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** The requested information cannot be provided.
+  */
+class VMIME_EXPORT no_auth_information : public authentication_exception {
+
+public:
+
+	no_auth_information(const exception& other = NO_EXCEPTION);
+	~no_auth_information() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+
+/** Base class for exceptions thrown by SASL module.
+  */
+class VMIME_EXPORT sasl_exception : public authentication_exception {
+
+public:
+
+	sasl_exception(const string& what, const exception& other = NO_EXCEPTION);
+	~sasl_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** No mechanism is registered with the specified name.
+  */
+class VMIME_EXPORT no_such_mechanism : public sasl_exception {
+
+public:
+
+	no_such_mechanism(const string& name, const exception& other = NO_EXCEPTION);
+	~no_such_mechanism() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+
+/** Base class for exceptions thrown by TLS module.
+  */
+class VMIME_EXPORT tls_exception : public vmime::exception {
+
+public:
+
+	tls_exception(const string& what, const exception& other = NO_EXCEPTION);
+	~tls_exception() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+} // exceptions
+
+
+} // vmime
+
+
+#endif // VMIME_EXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/export.hpp b/vmime-master/src/vmime/export.hpp
new file mode 100644
index 0000000..a3b4dfb
--- /dev/null
+++ b/vmime-master/src/vmime/export.hpp
@@ -0,0 +1,36 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_EXPORT_HPP_INCLUDED
+#define VMIME_EXPORT_HPP_INCLUDED
+
+
+// Define VMIME_STATIC if you are linking with the static library
+#ifdef VMIME_STATIC
+#	include "vmime/export-static.hpp"
+#else
+#	include "vmime/export-shared.hpp"
+#endif
+
+
+#endif // VMIME_EXPORT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/fileAttachment.cpp b/vmime-master/src/vmime/fileAttachment.cpp
new file mode 100644
index 0000000..ac75570
--- /dev/null
+++ b/vmime-master/src/vmime/fileAttachment.cpp
@@ -0,0 +1,253 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include <fstream>
+#include <sstream>
+
+#include "vmime/fileAttachment.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/streamContentHandler.hpp"
+#include "vmime/utility/inputStreamPointerAdapter.hpp"
+
+#include "vmime/contentDispositionField.hpp"
+
+#include "vmime/platform.hpp"
+#include "vmime/utility/file.hpp"
+
+
+namespace vmime {
+
+
+fileAttachment::fileAttachment(
+	const string& filepath,
+	const mediaType& type
+) {
+
+	m_type = type;
+
+	setData(filepath);
+
+	m_encoding = encoding::decide(m_data);
+}
+
+
+fileAttachment::fileAttachment(
+	const string& filepath,
+	const mediaType& type,
+	const text& desc
+) {
+
+	m_type = type;
+	m_desc = desc;
+
+	setData(filepath);
+
+	m_encoding = encoding::decide(m_data);
+}
+
+
+fileAttachment::fileAttachment(
+	const string& filepath,
+	const mediaType& type,
+	const text& desc,
+	const encoding& enc
+) {
+
+	m_type = type;
+	m_desc = desc;
+
+	setData(filepath);
+
+	m_encoding = enc;
+}
+
+
+fileAttachment::fileAttachment(
+	const shared_ptr <contentHandler>& cts,
+	const word& filename,
+	const mediaType& type) {
+
+	if (!filename.isEmpty()) {
+		m_fileInfo.setFilename(filename);
+	}
+
+	m_type = type;
+
+	setData(cts);
+
+	m_encoding = encoding::decide(m_data);
+}
+
+
+fileAttachment::fileAttachment(
+	const shared_ptr <contentHandler>& cts,
+	const word& filename,
+	const mediaType& type,
+	const text& desc
+) {
+
+	if (!filename.isEmpty()) {
+		m_fileInfo.setFilename(filename);
+	}
+
+	m_type = type;
+	m_desc = desc;
+
+	setData(cts);
+
+	m_encoding = encoding::decide(m_data);
+}
+
+
+fileAttachment::fileAttachment(
+	const shared_ptr <contentHandler>& cts,
+	const word& filename,
+	const mediaType& type,
+	const text& desc,
+	const encoding& enc
+) {
+
+	if (!filename.isEmpty()) {
+		m_fileInfo.setFilename(filename);
+	}
+
+	m_type = type;
+	m_desc = desc;
+	m_encoding = enc;
+
+	setData(cts);
+}
+
+
+void fileAttachment::setData(const string& filepath) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+	utility::file::path path = fsf->stringToPath(filepath);
+
+	shared_ptr <utility::file> file = fsf->create(path);
+
+	if (!file->isFile()) {
+		throw exceptions::open_file_error();
+	}
+
+	m_data = make_shared <streamContentHandler>(
+		file->getFileReader()->getInputStream(), file->getLength()
+	);
+
+	m_fileInfo.setFilename(path.getLastComponent());
+	m_fileInfo.setSize(file->getLength());
+}
+
+
+void fileAttachment::setData(const shared_ptr <contentHandler>& cts) {
+
+	m_data = cts;
+
+	m_fileInfo.setSize(cts->getLength());
+}
+
+
+void fileAttachment::generatePart(const shared_ptr <bodyPart>& part) const {
+
+	defaultAttachment::generatePart(part);
+
+	shared_ptr <contentDispositionField> cdf =
+		dynamicCast <contentDispositionField>(part->getHeader()->ContentDisposition());
+
+	if (m_fileInfo.hasSize()) cdf->setSize(utility::stringUtils::toString(m_fileInfo.getSize()));
+	if (m_fileInfo.hasFilename() && !m_fileInfo.getFilename().isEmpty()) cdf->setFilename(m_fileInfo.getFilename());
+	if (m_fileInfo.hasCreationDate()) cdf->setCreationDate(m_fileInfo.getCreationDate());
+	if (m_fileInfo.hasModificationDate()) cdf->setModificationDate(m_fileInfo.getModificationDate());
+	if (m_fileInfo.hasReadDate()) cdf->setReadDate(m_fileInfo.getReadDate());
+}
+
+
+const fileAttachment::fileInfo& fileAttachment::getFileInfo() const {
+
+	return m_fileInfo;
+}
+
+
+fileAttachment::fileInfo& fileAttachment::getFileInfo() {
+
+	return m_fileInfo;
+}
+
+
+
+//
+// fileAttachment::fileInfo
+//
+
+fileAttachment::fileInfo::fileInfo()
+	: m_filename(NULL),
+	  m_size(NULL),
+	  m_creationDate(NULL),
+	  m_modifDate(NULL),
+	  m_readDate(NULL) {
+
+}
+
+
+fileAttachment::fileInfo::~fileInfo()
+{
+	delete m_filename;
+	delete m_size;
+	delete m_creationDate;
+	delete m_modifDate;
+	delete m_readDate;
+}
+
+bool fileAttachment::fileInfo::hasFilename() const { return m_filename; }
+const word& fileAttachment::fileInfo::getFilename() const { return *m_filename; }
+void fileAttachment::fileInfo::setFilename(const string& name) { if (m_filename) { *m_filename = name; } else { m_filename = new word(name); } }
+void fileAttachment::fileInfo::setFilename(const word& name) { if (m_filename) { *m_filename = name; } else { m_filename = new word(name); } }
+
+bool fileAttachment::fileInfo::hasCreationDate() const { return m_creationDate; }
+const datetime& fileAttachment::fileInfo::getCreationDate() const { return *m_creationDate; }
+void fileAttachment::fileInfo::setCreationDate(const datetime& date) { if (m_creationDate) { *m_creationDate = date; } else { m_creationDate = new datetime(date); } }
+
+bool fileAttachment::fileInfo::hasModificationDate() const { return m_modifDate; }
+const datetime& fileAttachment::fileInfo::getModificationDate() const { return *m_modifDate; }
+void fileAttachment::fileInfo::setModificationDate(const datetime& date) { if (m_modifDate) { *m_modifDate = date; } else { m_modifDate = new datetime(date); } }
+
+bool fileAttachment::fileInfo::hasReadDate() const { return m_readDate; }
+const datetime& fileAttachment::fileInfo::getReadDate() const { return *m_readDate; }
+void fileAttachment::fileInfo::setReadDate(const datetime& date) { if (m_readDate) { *m_readDate = date; } else { m_readDate = new datetime(date); } }
+
+bool fileAttachment::fileInfo::hasSize() const { return m_size; }
+size_t fileAttachment::fileInfo::getSize() const { return *m_size; }
+void fileAttachment::fileInfo::setSize(const size_t size) { if (m_size) { *m_size = size; } else { m_size = new size_t(size); } }
+
+
+} // vmime
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
diff --git a/vmime-master/src/vmime/fileAttachment.hpp b/vmime-master/src/vmime/fileAttachment.hpp
new file mode 100644
index 0000000..c77662f
--- /dev/null
+++ b/vmime-master/src/vmime/fileAttachment.hpp
@@ -0,0 +1,226 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_FILEATTACHMENT_HPP_INCLUDED
+#define VMIME_FILEATTACHMENT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/defaultAttachment.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/contentHandler.hpp"
+#include "vmime/utility/stream.hpp"
+
+
+namespace vmime {
+
+
+/** Attachment of type 'file'.
+  */
+class VMIME_EXPORT fileAttachment : public defaultAttachment {
+
+public:
+
+	fileAttachment(
+		const string& filepath,
+		const mediaType& type
+	);
+
+	fileAttachment(
+		const string& filepath,
+		const mediaType& type,
+		const text& desc
+	);
+
+	fileAttachment(
+		const string& filepath,
+		const mediaType& type,
+		const text& desc,
+		const encoding& enc
+	);
+
+	fileAttachment(
+		const shared_ptr <contentHandler>& cts,
+		const word& filename,
+		const mediaType& type
+	);
+
+	fileAttachment(
+		const shared_ptr <contentHandler>& cts,
+		const word& filename,
+		const mediaType& type,
+		const text& desc
+	);
+
+	fileAttachment(
+		const shared_ptr <contentHandler>& cts,
+		const word& filename,
+		const mediaType& type,
+		const text& desc,
+		const encoding& enc
+	);
+
+	/** Stores information about a file attachment.
+	  */
+	class VMIME_EXPORT fileInfo {
+
+	public:
+
+		fileInfo();
+		~fileInfo();
+
+		/** Check whether the 'filename' property is present.
+		  *
+		  * @return true if the 'filename' property is set,
+		  * false otherwise
+		  */
+		bool hasFilename() const;
+
+		/** Return the value of the 'filename' property.
+		  *
+		  * @return file name
+		  */
+		const word& getFilename() const;
+
+		/** Set the value of the 'filename' property.
+		  *
+		  * @param name file name
+		  */
+		void setFilename(const string& name);
+
+		/** Set the value of the 'filename' property.
+		  *
+		  * @param name file name
+		  */
+		void setFilename(const word& name);
+
+		/** Check whether the 'creation-date' property is present.
+		  *
+		  * @return true if the 'creation-date' property is set,
+		  * false otherwise
+		  */
+		bool hasCreationDate() const;
+
+		/** Return the value of the 'creation-date' property.
+		  *
+		  * @return file creation time
+		  */
+		const datetime& getCreationDate() const;
+
+		/** Set the value of the 'creation-date' property.
+		  *
+		  * @param date file creation time
+		  */
+		void setCreationDate(const datetime& date);
+
+		/** Check whether the 'modification-date' property is present.
+		  *
+		  * @return true if the 'modification-date' property is set,
+		  * false otherwise
+		  */
+		bool hasModificationDate() const;
+
+		/** Return the value of the 'modification-date' property.
+		  *
+		  * @return file modification time
+		  */
+		const datetime& getModificationDate() const;
+
+		/** Set the value of the 'modification-date' property.
+		  *
+		  * @param date file modification time
+		  */
+		void setModificationDate(const datetime& date);
+
+		/** Check whether the 'read-date' property is set.
+		  *
+		  * @return true if the 'read-date' property is set,
+		  * false otherwise
+		  */
+		bool hasReadDate() const;
+
+		/** Return the value of the 'read-date' property.
+		  *
+		  * @return file access time
+		  */
+		const datetime& getReadDate() const;
+
+		/** Set the value of the 'read-date' property.
+		  *
+		  * @param date file access time
+		  */
+		void setReadDate(const datetime& date);
+
+		/** Check whether the value of the 'size' property is set.
+		  *
+		  * @return true if the 'size' property is set,
+		  * false otherwise
+		  */
+		bool hasSize() const;
+
+		/** Return the value of the 'size' property.
+		  *
+		  * @return file size
+		  */
+		size_t getSize() const;
+
+		/** Set the value of the 'size' property.
+		  *
+		  * @param size file size
+		  */
+		void setSize(const size_t size);
+
+	private:
+
+		word* m_filename;
+		size_t * m_size;
+		datetime* m_creationDate;
+		datetime* m_modifDate;
+		datetime* m_readDate;
+	};
+
+	const fileInfo& getFileInfo() const;
+	fileInfo& getFileInfo();
+
+private:
+
+	void setData(const string& filepath);
+	void setData(const shared_ptr <contentHandler>& cts);
+
+	fileInfo m_fileInfo;
+
+	void generatePart(const shared_ptr <bodyPart>& part) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
+
+#endif // VMIME_FILEATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/fileContentHandler.cpp b/vmime-master/src/vmime/fileContentHandler.cpp
new file mode 100644
index 0000000..baedf69
--- /dev/null
+++ b/vmime-master/src/vmime/fileContentHandler.cpp
@@ -0,0 +1,94 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/fileContentHandler.hpp"
+
+
+namespace vmime {
+
+
+fileContentHandler::fileContentHandler()
+	: streamContentHandler() {
+
+}
+
+
+fileContentHandler::fileContentHandler(
+	const shared_ptr <utility::file>& file,
+	const vmime::encoding& enc
+) {
+
+	setData(file, enc);
+}
+
+
+fileContentHandler::~fileContentHandler() {
+
+}
+
+
+fileContentHandler::fileContentHandler(const fileContentHandler& cts)
+	: streamContentHandler() {
+
+	setData(cts.m_file, cts.m_encoding);
+}
+
+
+fileContentHandler& fileContentHandler::operator=(const fileContentHandler& cts) {
+
+	setData(cts.m_file, cts.m_encoding);
+
+	return *this;
+}
+
+
+shared_ptr <contentHandler> fileContentHandler::clone() const {
+
+	return make_shared <fileContentHandler>(*this);
+}
+
+
+void fileContentHandler::setData(
+	const shared_ptr <utility::file>& file,
+	const vmime::encoding& enc
+) {
+
+	m_file = file;
+	m_encoding = enc;
+
+	streamContentHandler::setData(
+		file->getFileReader()->getInputStream(), file->getLength(), enc
+	);
+}
+
+
+} // vmime
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
diff --git a/vmime-master/src/vmime/fileContentHandler.hpp b/vmime-master/src/vmime/fileContentHandler.hpp
new file mode 100644
index 0000000..80df069
--- /dev/null
+++ b/vmime-master/src/vmime/fileContentHandler.hpp
@@ -0,0 +1,102 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_FILECONTENTHANDLER_HPP_INCLUDED
+#define VMIME_FILECONTENTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/streamContentHandler.hpp"
+#include "vmime/utility/file.hpp"
+
+
+namespace vmime {
+
+
+/** A content handler which obtains its data from a file.
+  */
+class VMIME_EXPORT fileContentHandler : public streamContentHandler {
+
+public:
+
+	/** Creates a new empty content handler. No data can be extracted until
+	  * a file is attached using setData() function.
+	  *
+	  * @return a reference to a new content handler
+	  */
+	fileContentHandler();
+
+	/** Creates a new content handler using a file.
+	  *
+	  * @param file file from which data will be obtained
+	  * @param enc set to anything other than NO_ENCODING if the data contained
+	  * in the file is already encoded with the specified encoding
+	  *
+	  * @return a reference to a new content handler
+	  */
+	fileContentHandler(
+		const shared_ptr <utility::file>& file,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+	~fileContentHandler();
+
+	fileContentHandler(const fileContentHandler& cts);
+	fileContentHandler& operator=(const fileContentHandler& cts);
+
+	shared_ptr <contentHandler> clone() const;
+
+	/** Sets the data managed by this content handler.
+	  *
+	  * @param file file from which data will be obtained
+	  * @param enc set to anything other than NO_ENCODING if the data contained
+	  * in the file is already encoded with the specified encoding
+	  */
+	void setData(
+		const shared_ptr <utility::file>& file,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+private:
+
+	// Equals to NO_ENCODING if data is not encoded, otherwise this
+	// specifies the encoding that have been used to encode the data.
+	vmime::encoding m_encoding;
+
+	// Actual data
+	shared_ptr <utility::file> m_file;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#endif // VMIME_FILECONTENTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/generatedMessageAttachment.cpp b/vmime-master/src/vmime/generatedMessageAttachment.cpp
new file mode 100644
index 0000000..ad9e678
--- /dev/null
+++ b/vmime-master/src/vmime/generatedMessageAttachment.cpp
@@ -0,0 +1,108 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/generatedMessageAttachment.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+
+
+generatedMessageAttachment::generatedMessageAttachment(
+	const shared_ptr <const bodyPart>& part
+)
+	: m_bpa(make_shared <bodyPartAttachment>(part)) {
+
+}
+
+
+const mediaType generatedMessageAttachment::getType() const {
+
+	return mediaType(mediaTypes::MESSAGE, mediaTypes::MESSAGE_RFC822);
+}
+
+
+const text generatedMessageAttachment::getDescription() const {
+
+	return m_bpa->getDescription();
+}
+
+
+const word generatedMessageAttachment::getName() const {
+
+	return m_bpa->getName();
+}
+
+
+const shared_ptr <const contentHandler> generatedMessageAttachment::getData() const {
+
+	return m_bpa->getData();
+}
+
+
+const encoding generatedMessageAttachment::getEncoding() const {
+
+	return m_bpa->getEncoding();
+}
+
+
+shared_ptr <const object> generatedMessageAttachment::getPart() const {
+
+	return m_bpa->getPart();
+}
+
+
+shared_ptr <const header> generatedMessageAttachment::getHeader() const {
+
+	return m_bpa->getHeader();
+}
+
+
+shared_ptr <message> generatedMessageAttachment::getMessage() const {
+
+	if (!m_msg) {
+
+		// Extract data
+		std::ostringstream oss;
+		utility::outputStreamAdapter os(oss);
+
+		getData()->extract(os);
+
+		// Parse message
+		m_msg = make_shared <message>();
+		m_msg->parse(oss.str());
+	}
+
+	return m_msg;
+}
+
+
+void generatedMessageAttachment::generateIn(const shared_ptr <bodyPart>& /* parent */) const {
+
+	// Not used (see 'parsedMessageAttachment')
+}
+
+
+} // vmime
+
diff --git a/vmime-master/src/vmime/generatedMessageAttachment.hpp b/vmime-master/src/vmime/generatedMessageAttachment.hpp
new file mode 100644
index 0000000..b65fcc1
--- /dev/null
+++ b/vmime-master/src/vmime/generatedMessageAttachment.hpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_GENERATEDMESSAGEATTACHMENT_HPP_INCLUDED
+#define VMIME_GENERATEDMESSAGEATTACHMENT_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC  // implementation detail
+
+
+#include "vmime/messageAttachment.hpp"
+#include "vmime/bodyPartAttachment.hpp"
+
+
+namespace vmime {
+
+
+/** A message attachment that can be extracted from a message.
+  */
+class VMIME_EXPORT generatedMessageAttachment : public messageAttachment {
+
+public:
+
+	generatedMessageAttachment(const shared_ptr <const bodyPart>& part);
+
+	const mediaType getType() const;
+	const text getDescription() const;
+	const word getName() const;
+
+	const shared_ptr <const contentHandler> getData() const;
+
+	const encoding getEncoding() const;
+
+	shared_ptr <const object> getPart() const;
+
+	shared_ptr <const header> getHeader() const;
+
+	shared_ptr <message> getMessage() const;
+
+protected:
+
+	void generateIn(const shared_ptr <bodyPart>& parent) const;
+
+private:
+
+	shared_ptr <bodyPartAttachment> m_bpa;
+	mutable shared_ptr <message> m_msg;
+};
+
+
+} // vmime
+
+
+#endif // !VMIME_BUILDING_DOC
+
+
+#endif // VMIME_GENERATEDMESSAGEATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/generationContext.cpp b/vmime-master/src/vmime/generationContext.cpp
new file mode 100644
index 0000000..24757c7
--- /dev/null
+++ b/vmime-master/src/vmime/generationContext.cpp
@@ -0,0 +1,139 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/generationContext.hpp"
+
+
+namespace vmime {
+
+
+generationContext::generationContext()
+	: m_maxLineLength(lineLengthLimits::convenient),
+	  m_prologText("This is a multi-part message in MIME format. Your mail reader " \
+	               "does not understand MIME message format."),
+	  m_epilogText(""),
+	  m_wrapMessageId(true),
+	  m_paramValueMode(PARAMETER_VALUE_RFC2231_ONLY) {
+
+}
+
+
+generationContext::generationContext(const generationContext& ctx)
+	: context(ctx),
+	  m_maxLineLength(ctx.m_maxLineLength),
+	  m_prologText(ctx.m_prologText),
+	  m_epilogText(ctx.m_epilogText),
+	  m_wrapMessageId(ctx.m_wrapMessageId),
+	  m_paramValueMode(ctx.m_paramValueMode) {
+
+}
+
+
+generationContext& generationContext::getDefaultContext() {
+
+	static generationContext ctx;
+	return ctx;
+}
+
+
+size_t generationContext::getMaxLineLength() const {
+
+	return m_maxLineLength;
+}
+
+
+void generationContext::setMaxLineLength(const size_t maxLineLength) {
+
+	m_maxLineLength = maxLineLength;
+}
+
+
+
+const string generationContext::getPrologText() const {
+
+	return m_prologText;
+}
+
+
+void generationContext::setPrologText(const string& prologText) {
+
+	m_prologText = prologText;
+}
+
+
+const string generationContext::getEpilogText() const {
+
+	return m_epilogText;
+}
+
+
+void generationContext::setEpilogText(const string& epilogText) {
+
+	m_epilogText = epilogText;
+}
+
+
+bool generationContext::getWrapMessageId() const {
+
+	return m_wrapMessageId;
+}
+
+
+void generationContext::setWrapMessageId(const bool& wrapMessageId) {
+
+	m_wrapMessageId = wrapMessageId;
+}
+
+
+void generationContext::setEncodedParameterValueMode(const EncodedParameterValueModes mode) {
+
+	m_paramValueMode = mode;
+}
+
+
+generationContext::EncodedParameterValueModes
+	generationContext::getEncodedParameterValueMode() const {
+
+	return m_paramValueMode;
+}
+
+
+generationContext& generationContext::operator=(const generationContext& ctx) {
+
+	copyFrom(ctx);
+	return *this;
+}
+
+
+void generationContext::copyFrom(const generationContext& ctx) {
+
+	context::copyFrom(ctx);
+
+	m_maxLineLength = ctx.m_maxLineLength;
+	m_prologText = ctx.m_prologText;
+	m_epilogText = ctx.m_epilogText;
+	m_paramValueMode = ctx.m_paramValueMode;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/generationContext.hpp b/vmime-master/src/vmime/generationContext.hpp
new file mode 100644
index 0000000..5e36513
--- /dev/null
+++ b/vmime-master/src/vmime/generationContext.hpp
@@ -0,0 +1,171 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_GENERATIONCONTEXT_HPP_INCLUDED
+#define VMIME_GENERATIONCONTEXT_HPP_INCLUDED
+
+
+#include "vmime/context.hpp"
+
+
+namespace vmime {
+
+
+/** Holds configuration parameters used for generating messages.
+  */
+class VMIME_EXPORT generationContext : public context {
+
+public:
+
+	generationContext();
+	generationContext(const generationContext& ctx);
+
+	/** Returns the current maximum line length used when generating messages.
+	  *
+	  * @return current maximum line length, in bytes
+	  */
+	size_t getMaxLineLength() const;
+
+	/** Sets the maximum line length used when generating messages.
+	  * You may use the constants lineLengthLimits::convenient,
+	  * lineLengthLimits::max and lineLengthLimits::infinite.
+	  *
+	  * @param maxLineLength new maximum line length, in bytes
+	  */
+	void setMaxLineLength(const size_t maxLineLength);
+
+	/** Returns the current prolog text used when generating MIME body parts.
+	  *
+	  * @return current MIME prolog text
+	  */
+	const string getPrologText() const;
+
+	/** Sets the prolog text used when generating MIME body parts. This text
+	  * appears before the part, and should be displayed by MUAs which do not
+	  * support MIME. This should be 7-bit ASCII text only.
+	  *
+	  * @param prologText MIME prolog text
+	  */
+	void setPrologText(const string& prologText);
+
+	/** Returns the current epilog text used when generating MIME body parts.
+	  *
+	  * @return current MIME epilog text
+	  */
+	const string getEpilogText() const;
+
+	/** Sets the epilog text used when generating MIME body parts. This test
+	  * appears after the part, and should be displayed by MUAs which do not
+	  * support MIME. This should be 7-bit ASCII text only.
+	  */
+	void setEpilogText(const string& epilogText);
+
+	/** Returns a boolean variable that indicates whether the
+	  * message id can be wrapped or not, i.e. from
+	  *
+	  * Message-Id: <very very long@domain>
+          *
+          * to
+          *
+          * Message-Id:
+          *  <very very long@domain>
+	  *
+	  * @return boolean indicating if the Message-Id can be wrapped
+	  */
+	bool getWrapMessageId() const;
+
+	/** Sets the boolean variable that indicates whether the
+	  * Message-Id can be wrapped or not
+          */
+	void setWrapMessageId(const bool& wrapMessageId);
+
+	/** Modes available for generating values in parameterized header fields.
+	  */
+	enum EncodedParameterValueModes {
+
+		PARAMETER_VALUE_NO_ENCODING,          /**< Only generate 7-bit (ASCII-only) values,
+		                                           even if the value contains non-ASCII chars or
+		                                           if folding is needed. */
+		PARAMETER_VALUE_RFC2047_ONLY,         /**< Only generate RFC-2047 values (do not use
+		                                           RFC-2231). This is non-standard but most
+		                                           mail clients support it. */
+		PARAMETER_VALUE_RFC2231_ONLY,         /**< Only generate RFC-2231 values (do not use
+		                                           RFC-2047). Some mail clients may not support
+		                                           it. This is the default. */
+		PARAMETER_VALUE_RFC2231_AND_RFC2047   /**< Generate both RFC-2047- and RFC-2231-encoded
+		                                           values. */
+	};
+
+	/** Sets the mode used for generating parameter values in a parameterized
+	  * header field (see parameterizedHeaderField class).
+	  *
+	  * PARAMETER_VALUE_NO_ENCODING or PARAMETER_VALUE_RFC2047_ONLY
+	  * can be used for compatibility with implementations that do not
+	  * understand RFC-2231, to generate a normal parameter value.
+	  * PARAMETER_VALUE_RFC2047_ONLY is non-standard (and expressly
+	  * prohibited by the RFC) but most mail clients support it.
+	  *
+	  * Notice: if both the normal value and the extended value are present,
+	  * the latter can be ignored by mail processing systems. This may lead
+	  * to annoying problems, for example, with strange names of attachments
+	  * with all but 7-bit ascii characters removed, etc. Either
+	  * PARAMETER_VALUE_RFC2231_ONLY or PARAMETER_VALUE_RFC2047_ONLY should
+	  * be preferred over PARAMETER_VALUE_RFC2231_AND_RFC2047, not to create
+	  * a normal value if the extended value is to be generated.
+	  *
+	  * @param mode parameter value generation mode
+	  */
+	void setEncodedParameterValueMode(const EncodedParameterValueModes mode);
+
+	/** Returns the mode used for generating parameter values in a parameterized
+	  * header field (see parameterizedHeaderField class).
+	  *
+	  * @return parameter value generation mode
+	  */
+	EncodedParameterValueModes getEncodedParameterValueMode() const;
+
+	/** Returns the default context used for generating messages.
+	  *
+	  * @return a reference to the default generation context
+	  */
+	static generationContext& getDefaultContext();
+
+	generationContext& operator=(const generationContext& ctx);
+	void copyFrom(const generationContext& ctx);
+
+protected:
+
+	size_t m_maxLineLength;
+
+	string m_prologText;
+	string m_epilogText;
+	bool m_wrapMessageId;
+
+	EncodedParameterValueModes m_paramValueMode;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_GENERATIONCONTEXT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/header.cpp b/vmime-master/src/vmime/header.cpp
new file mode 100644
index 0000000..c7d7ca0
--- /dev/null
+++ b/vmime-master/src/vmime/header.cpp
@@ -0,0 +1,417 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/header.hpp"
+#include "vmime/parserHelpers.hpp"
+
+#include <algorithm>
+#include <iterator>
+
+
+namespace vmime {
+
+
+header::header() {
+
+}
+
+
+header::~header() {
+
+	removeAllFields();
+}
+
+
+/*
+
+ RFC #822:
+ 3.2.  HEADER FIELD DEFINITIONS
+
+field       =  field-name ":" [ field-body ] CRLF
+
+field-name  =  1*<any CHAR, excluding CTLs, SPACE, and ":">
+
+field-body  =  field-body-contents
+		[CRLF LWSP-char field-body]
+
+field-body-contents =
+		<the ASCII characters making up the field-body, as
+		 defined in the following sections, and consisting
+		 of combinations of atom, quoted-string, and
+		 specials tokens, or else consisting of texts>
+*/
+
+void header::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	size_t pos = position;
+
+	removeAllFields();
+
+	while (pos < end) {
+
+		shared_ptr <headerField> field = headerField::parseNext(ctx, buffer, pos, end, &pos);
+		if (!field) break;
+
+		m_fields.push_back(field);
+	}
+
+	setParsedBounds(position, pos);
+
+	if (newPosition) {
+		*newPosition = pos;
+	}
+}
+
+
+void header::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t /* curLinePos */,
+	size_t* newLinePos
+) const {
+
+	// Generate the fields
+	for (std::vector <shared_ptr <headerField> >::const_iterator it = m_fields.begin() ;
+	     it != m_fields.end() ; ++it) {
+
+		(*it)->generate(ctx, os);
+		os << CRLF;
+	}
+
+	if (newLinePos) {
+		*newLinePos = 0;
+	}
+}
+
+
+size_t header::getGeneratedSize(const generationContext& ctx) {
+
+	return component::getGeneratedSize(ctx) + 2 * m_fields.size() /* CRLF */;
+}
+
+
+shared_ptr <component> header::clone() const {
+
+	shared_ptr <header> hdr = make_shared <header>();
+
+	hdr->m_fields.reserve(m_fields.size());
+
+	for (std::vector <shared_ptr <headerField> >::const_iterator it = m_fields.begin() ;
+	     it != m_fields.end() ; ++it) {
+
+		hdr->m_fields.push_back(vmime::clone(*it));
+	}
+
+	return hdr;
+}
+
+
+void header::copyFrom(const component& other) {
+
+	const header& h = dynamic_cast <const header&>(other);
+
+	std::vector <shared_ptr <headerField> > fields;
+
+	fields.reserve(h.m_fields.size());
+
+	for (std::vector <shared_ptr <headerField> >::const_iterator it = h.m_fields.begin() ;
+	     it != h.m_fields.end() ; ++it) {
+
+		fields.push_back(vmime::clone(*it));
+	}
+
+	m_fields.clear();
+	m_fields.resize(fields.size());
+
+	std::copy(fields.begin(), fields.end(), m_fields.begin());
+}
+
+
+header& header::operator=(const header& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+bool header::hasField(const string& fieldName) const {
+
+	std::vector <shared_ptr <headerField> >::const_iterator pos =
+		std::find_if(
+			m_fields.begin(), m_fields.end(),
+			fieldHasName(utility::stringUtils::toLower(fieldName))
+		);
+
+	return pos != m_fields.end();
+}
+
+
+shared_ptr <headerField> header::findField(const string& fieldName) const {
+
+	// Find the first field that matches the specified name
+	std::vector <shared_ptr <headerField> >::const_iterator pos =
+		std::find_if(
+			m_fields.begin(), m_fields.end(),
+			fieldHasName(utility::stringUtils::toLower(fieldName))
+		);
+
+	// No field with this name can be found
+	if (pos == m_fields.end()) {
+		return null;
+	}
+
+	// Else, return a reference to the existing field
+	return *pos;
+}
+
+
+std::vector <shared_ptr <headerField> > header::findAllFields(const string& fieldName) {
+
+	std::vector <shared_ptr <headerField> > result;
+	std::back_insert_iterator <std::vector <shared_ptr <headerField> > > back(result);
+
+	std::remove_copy_if(
+		m_fields.begin(), m_fields.end(), back,
+		fieldHasNotName(utility::stringUtils::toLower(fieldName))
+	);
+
+	return result;
+}
+
+
+shared_ptr <headerField> header::getField(const string& fieldName) {
+
+	const string name = utility::stringUtils::toLower(fieldName);
+
+	// Find the first field that matches the specified name
+	std::vector <shared_ptr <headerField> >::const_iterator pos = m_fields.begin();
+	const std::vector <shared_ptr <headerField> >::const_iterator end = m_fields.end();
+
+	while (pos != end && utility::stringUtils::toLower((*pos)->getName()) != name) {
+		++pos;
+	}
+
+	// If no field with this name can be found, create a new one
+	if (pos == end) {
+
+		shared_ptr <headerField> field = headerFieldFactory::getInstance()->create(fieldName);
+
+		appendField(field);
+
+		// Return a reference to the new field
+		return (field);
+
+	// Else, return a reference to the existing field
+	} else {
+
+		return *pos;
+	}
+}
+
+
+void header::appendField(const shared_ptr <headerField>& field) {
+
+	m_fields.push_back(field);
+}
+
+
+void header::insertFieldBefore(
+	const shared_ptr <headerField>& beforeField,
+	const shared_ptr <headerField>& field
+) {
+
+	const std::vector <shared_ptr <headerField> >::iterator it =
+		std::find(m_fields.begin(), m_fields.end(), beforeField);
+
+	if (it == m_fields.end()) {
+		throw exceptions::no_such_field();
+	}
+
+	m_fields.insert(it, field);
+}
+
+
+void header::insertFieldBefore(const size_t pos, const shared_ptr <headerField>& field) {
+
+	m_fields.insert(m_fields.begin() + pos, field);
+}
+
+
+void header::insertFieldAfter(
+	const shared_ptr <headerField>& afterField,
+	const shared_ptr <headerField>& field
+) {
+
+	const std::vector <shared_ptr <headerField> >::iterator it =
+		std::find(m_fields.begin(), m_fields.end(), afterField);
+
+	if (it == m_fields.end()) {
+		throw exceptions::no_such_field();
+	}
+
+	m_fields.insert(it + 1, field);
+}
+
+
+void header::insertFieldAfter(const size_t pos, const shared_ptr <headerField>& field) {
+
+	m_fields.insert(m_fields.begin() + pos + 1, field);
+}
+
+
+void header::removeField(const shared_ptr <headerField>& field) {
+
+	const std::vector <shared_ptr <headerField> >::iterator it =
+		std::find(m_fields.begin(), m_fields.end(), field);
+
+	if (it == m_fields.end()) {
+		throw exceptions::no_such_field();
+	}
+
+	m_fields.erase(it);
+}
+
+
+void header::removeField(const size_t pos) {
+
+	const std::vector <shared_ptr <headerField> >::iterator it = m_fields.begin() + pos;
+
+	m_fields.erase(it);
+}
+
+
+void header::replaceField(
+	const shared_ptr <headerField>& field,
+	const shared_ptr <headerField>& newField
+) {
+
+	insertFieldBefore(field, newField);
+	removeField(field);
+}
+
+
+void header::removeAllFields() {
+
+	m_fields.clear();
+}
+
+
+void header::removeAllFields(const string& fieldName) {
+
+	std::vector <shared_ptr <headerField> > fields = findAllFields(fieldName);
+
+	for (unsigned int i = 0 ; i < fields.size() ; ++i) {
+		removeField(fields[i]);
+	}
+}
+
+
+size_t header::getFieldCount() const {
+
+	return m_fields.size();
+}
+
+
+bool header::isEmpty() const {
+
+	return m_fields.empty();
+}
+
+
+const shared_ptr <headerField> header::getFieldAt(const size_t pos) {
+
+	return m_fields[pos];
+}
+
+
+const shared_ptr <const headerField> header::getFieldAt(const size_t pos) const {
+
+	return m_fields[pos];
+}
+
+
+const std::vector <shared_ptr <const headerField> > header::getFieldList() const {
+
+	std::vector <shared_ptr <const headerField> > list;
+
+	list.reserve(m_fields.size());
+
+	for (std::vector <shared_ptr <headerField> >::const_iterator it = m_fields.begin() ;
+	     it != m_fields.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <headerField> > header::getFieldList() {
+
+	return m_fields;
+}
+
+
+const std::vector <shared_ptr <component> > header::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	copy_vector(m_fields, list);
+
+	return list;
+}
+
+
+
+// Field search
+
+
+header::fieldHasName::fieldHasName(const string& name)
+	: m_name(name) {
+
+}
+
+bool header::fieldHasName::operator() (const shared_ptr <const headerField>& field) {
+
+	return utility::stringUtils::toLower(field->getName()) == m_name;
+}
+
+
+header::fieldHasNotName::fieldHasNotName(const string& name)
+	: m_name(name) {
+
+}
+
+bool header::fieldHasNotName::operator() (const shared_ptr <const headerField>& field) {
+
+	return utility::stringUtils::toLower(field->getName()) != m_name;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/header.hpp b/vmime-master/src/vmime/header.hpp
new file mode 100644
index 0000000..7b4a161
--- /dev/null
+++ b/vmime-master/src/vmime/header.hpp
@@ -0,0 +1,362 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_HEADER_HPP_INCLUDED
+#define VMIME_HEADER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/headerField.hpp"
+#include "vmime/headerFieldFactory.hpp"
+
+
+namespace vmime {
+
+
+class bodyPart;
+
+
+/** Header section of a MIME part.
+  */
+class VMIME_EXPORT header : public component {
+
+	friend class bodyPart;
+	friend class body;
+	friend class message;
+
+public:
+
+	header();
+	~header();
+
+#define FIELD_ACCESS(methodName, fieldName) \
+	shared_ptr <headerField> methodName() { return getField(fields::fieldName); } \
+	shared_ptr <const headerField> methodName() const { return findField(fields::fieldName); }
+
+	FIELD_ACCESS(From,                         FROM)
+	FIELD_ACCESS(Sender,                       SENDER)
+	FIELD_ACCESS(ReplyTo,                      REPLY_TO)
+	FIELD_ACCESS(DeliveredTo,                  DELIVERED_TO)
+	FIELD_ACCESS(InReplyTo,                    IN_REPLY_TO)
+	FIELD_ACCESS(ReturnPath,                   RETURN_PATH)
+	FIELD_ACCESS(References,                   REFERENCES)
+
+	FIELD_ACCESS(To,                           TO)
+	FIELD_ACCESS(Cc,                           CC)
+	FIELD_ACCESS(Bcc,                          BCC)
+	FIELD_ACCESS(Date,                         DATE)
+	FIELD_ACCESS(Subject,                      SUBJECT)
+	FIELD_ACCESS(Organization,                 ORGANIZATION)
+	FIELD_ACCESS(UserAgent,                    USER_AGENT)
+
+	FIELD_ACCESS(ContentType,                  CONTENT_TYPE)
+	FIELD_ACCESS(ContentDescription,           CONTENT_DESCRIPTION)
+	FIELD_ACCESS(ContentTransferEncoding,      CONTENT_TRANSFER_ENCODING)
+	FIELD_ACCESS(MimeVersion,                  MIME_VERSION)
+	FIELD_ACCESS(ContentDisposition,           CONTENT_DISPOSITION)
+	FIELD_ACCESS(ContentId,                    CONTENT_ID)
+	FIELD_ACCESS(MessageId,                    MESSAGE_ID)
+	FIELD_ACCESS(ContentLocation,              CONTENT_LOCATION)
+
+	FIELD_ACCESS(OriginalMessageId,            ORIGINAL_MESSAGE_ID)
+	FIELD_ACCESS(Disposition,                  DISPOSITION)
+	FIELD_ACCESS(DispositionNotificationTo,    DISPOSITION_NOTIFICATION_TO)
+
+#undef FIELD_ACCESS
+
+	/** Checks whether (at least) one field with this name exists.
+	  * Field name is case-insensitive.
+	  *
+	  * @return true if at least one field with the specified name
+	  * exists, or false otherwise
+	  */
+	bool hasField(const string& fieldName) const;
+
+	/** Find the first field that matches the specified name.
+	  * Field name is case-insensitive.
+	  * If no field is found, NULL is returned.
+	  *
+	  * @param fieldName name of field to return (eg: "X-Mailer" or "From",
+	  * common field names are available in the vmime::fields namespace)
+	  * @return first field with the specified name, or NULL if no field
+	  * with this name was found
+	  */
+	shared_ptr <headerField> findField(const string& fieldName) const;
+
+	/** Find the first field that matches the specified name,
+	  * casted to the specified field type. Field name is case-insensitive.
+	  * If no field is found, or the field is not of the specified type,
+	  * NULL is returned.
+	  *
+	  * @param fieldName name of field whose value is to be returned
+	  * (eg: "X-Mailer" or "From", common field names are available in
+	  * the vmime::fields namespace)
+	  * @return first field with the specified name, or NULL if no field
+	  * with this name was found
+	  */
+	template <typename T>
+	shared_ptr <T> findField(const string& fieldName) const {
+
+		return dynamicCast <T>(findField(fieldName));
+	}
+
+	/** Find the value of the first field that matches the specified name,
+	  * casted to the specified value type. Field name is case-insensitive.
+	  * If no field is found, or the field value is not of the specified
+	  * type, NULL is returned.
+	  *
+	  * @param fieldName name of field to return (eg: "X-Mailer" or "From",
+	  * common field names are available in the vmime::fields namespace)
+	  * @return value of the first field with the specified name, or NULL
+	  * if no field with this name was found, or the value is not of the
+	  * specified type
+	  */
+	template <typename T>
+	shared_ptr <T> findFieldValue(const string& fieldName) const {
+
+		shared_ptr <headerField> field = findField(fieldName);
+
+		if (field) {
+			return dynamicCast <T>(field->getValue());
+		} else {
+			return null;
+		}
+	}
+
+	/** Find all fields that match the specified name.
+	  * If no field is found, an empty vector is returned.
+	  *
+	  * @param fieldName name of field to return (eg: "X-Mailer" or "From",
+	  * common field names are available in the vmime::fields namespace)
+	  * @return list of fields with the specified name
+	  */
+	std::vector <shared_ptr <headerField> > findAllFields(const string& fieldName);
+
+	/** Find the first field that matches the specified name.
+	  * If no field is found, one will be created and inserted into
+	  * the header.
+	  *
+	  * @param fieldName name of field to return (eg: "X-Mailer" or "From",
+	  * common field names are available in the vmime::fields namespace)
+	  * @return first field with the specified name or a new field
+	  * if no field is found
+	  */
+	shared_ptr <headerField> getField(const string& fieldName);
+
+	/** Find the first field that matches the specified name,
+	  * casted to the specified type.
+	  * If no field is found, one will be created and inserted into
+	  * the header.
+	  *
+	  * @return first field with the specified name or a new field
+	  * if no field is found
+	  */
+	template <typename T>
+	shared_ptr <T> getField(const string& fieldName) {
+
+		return dynamicCast <T>(getField(fieldName));
+	}
+
+	/** Add a field at the end of the list.
+	  *
+	  * @param field field to append
+	  */
+	void appendField(const shared_ptr <headerField>& field);
+
+	/** Insert a new field before the specified field.
+	  *
+	  * @param beforeField field before which the new field will be inserted
+	  * @param field field to insert
+	  * @throw exceptions::no_such_field if the field is not in the list
+	  */
+	void insertFieldBefore(
+		const shared_ptr <headerField>& beforeField,
+		const shared_ptr <headerField>& field
+	);
+
+	/** Insert a new field before the specified position.
+	  *
+	  * @param pos position at which to insert the new field (0 to insert at
+	  * the beginning of the list)
+	  * @param field field to insert
+	  */
+	void insertFieldBefore(
+		const size_t pos,
+		const shared_ptr <headerField>& field
+	);
+
+	/** Insert a new field after the specified field.
+	  *
+	  * @param afterField field after which the new field will be inserted
+	  * @param field field to insert
+	  * @throw exceptions::no_such_field if the field is not in the list
+	  */
+	void insertFieldAfter(
+		const shared_ptr <headerField>& afterField,
+		const shared_ptr <headerField>& field
+	);
+
+	/** Insert a new field after the specified position.
+	  *
+	  * @param pos position of the field before the new field
+	  * @param field field to insert
+	  */
+	void insertFieldAfter(
+		const size_t pos,
+		const shared_ptr <headerField>& field
+	);
+
+	/** Remove the specified field from the list.
+	  *
+	  * @param field field to remove
+	  * @throw exceptions::no_such_field if the field is not in the list
+	  */
+	void removeField(const shared_ptr <headerField>& field);
+
+	/** Remove the field at the specified position.
+	  *
+	  * @param pos position of the field to remove
+	  */
+	void removeField(const size_t pos);
+
+	/** Replaces a field with another field.
+	  *
+	  * @param field field to be replaced
+	  * @param newField field to replace with
+	  * @throw exceptions::no_such_field if the field is not in the list
+	  */
+	void replaceField(
+		const shared_ptr <headerField>& field,
+		const shared_ptr <headerField>& newField
+	);
+
+	/** Remove all fields from the list.
+	  */
+	void removeAllFields();
+
+	/** Remove all fields with the specified name.
+	  */
+	void removeAllFields(const string& fieldName);
+
+	/** Return the number of fields in the list.
+	  *
+	  * @return number of fields
+	  */
+	size_t getFieldCount() const;
+
+	/** Tests whether the list of fields is empty.
+	  *
+	  * @return true if there is no field, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the field at the specified position.
+	  *
+	  * @param pos position
+	  * @return field at position 'pos'
+	  */
+	const shared_ptr <headerField> getFieldAt(const size_t pos);
+
+	/** Return the field at the specified position.
+	  *
+	  * @param pos position
+	  * @return field at position 'pos'
+	  */
+	const shared_ptr <const headerField> getFieldAt(const size_t pos) const;
+
+	/** Return the field list.
+	  *
+	  * @return list of fields
+	  */
+	const std::vector <shared_ptr <const headerField> > getFieldList() const;
+
+	/** Return the field list.
+	  *
+	  * @return list of fields
+	  */
+	const std::vector <shared_ptr <headerField> > getFieldList();
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	header& operator=(const header& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+private:
+
+	std::vector <shared_ptr <headerField> > m_fields;
+
+
+	class fieldHasName {
+
+	public:
+
+		fieldHasName(const string& name);
+		bool operator() (const shared_ptr <const headerField>& field);
+
+	private:
+
+		string m_name;
+	};
+
+	class fieldHasNotName {
+
+	public:
+
+		fieldHasNotName(const string& name);
+		bool operator() (const shared_ptr <const headerField>& field);
+
+	private:
+
+		string m_name;
+	};
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HEADER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/headerField.cpp b/vmime-master/src/vmime/headerField.cpp
new file mode 100644
index 0000000..bff365d
--- /dev/null
+++ b/vmime-master/src/vmime/headerField.cpp
@@ -0,0 +1,374 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/headerField.hpp"
+#include "vmime/headerFieldFactory.hpp"
+
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+headerField::headerField()
+	: m_name("X-Undefined") {
+
+}
+
+
+headerField::headerField(const string& fieldName)
+	: m_name(fieldName) {
+
+}
+
+
+headerField::~headerField() {
+
+}
+
+
+shared_ptr <component> headerField::clone() const {
+
+	shared_ptr <headerField> field = headerFieldFactory::getInstance()->create(m_name);
+
+	field->copyFrom(*this);
+
+	return field;
+}
+
+
+void headerField::copyFrom(const component& other) {
+
+	const headerField& hf = dynamic_cast <const headerField&>(other);
+
+	m_value->copyFrom(*hf.m_value);
+}
+
+
+headerField& headerField::operator=(const headerField& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+shared_ptr <headerField> headerField::parseNext(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	size_t pos = position;
+
+	while (pos < end) {
+
+		char_t c = buffer[pos];
+
+		// Check for end of headers (empty line): although RFC-822 recommends
+		// to use CRLF for header/body separator (see 4.1 SYNTAX), here, we
+		// also check for LF for compatibility with broken implementations...
+		if (c == '\n') {
+
+			if (newPosition) {
+				*newPosition = pos + 1;   // LF: illegal
+			}
+
+			return null;
+
+		} else if (c == '\r' && pos + 1 < end && buffer[pos + 1] == '\n') {
+
+			if (newPosition) {
+				*newPosition = pos + 2;   // CR+LF
+			}
+
+			return null;
+		}
+
+		// This line may be a field description
+		if (!parserHelpers::isSpace(c)) {
+
+			const size_t nameStart = pos;  // remember the start position of the line
+
+			while (pos < end && (buffer[pos] != ':' && !parserHelpers::isSpace(buffer[pos]))) {
+				++pos;
+			}
+
+			const size_t nameEnd = pos;
+
+			while (pos < end && (buffer[pos] == ' ' || buffer[pos] == '\t')) {
+				++pos;
+			}
+
+			if (buffer[pos] != ':') {
+
+				switch (ctx.getHeaderParseErrorRecoveryMethod()) {
+
+					case vmime::headerParseRecoveryMethod::SKIP_LINE:
+						// Humm...does not seem to be a valid header line.
+						// Skip this error and advance to the next line
+						pos = nameStart;
+
+						while (pos < end && buffer[pos] != '\n') {
+							++pos;
+						}
+
+						if (pos < end && buffer[pos] == '\n') {
+							++pos;
+						}
+
+						break;
+
+//					case vmime::headerParseRecoveryMethod::APPEND_TO_PREVIOUS_LINE:
+//
+//						// TODO Implement this...
+//						break;
+
+					case vmime::headerParseRecoveryMethod::ASSUME_END_OF_HEADERS:
+
+						return null;
+						break;
+				}
+
+			} else {
+
+				// Extract the field name
+				const string name(
+					buffer.begin() + nameStart,
+					buffer.begin() + nameEnd
+				);
+
+				// Skip ':' character
+				while (pos < end && buffer[pos] == ':') {
+					++pos;
+				}
+
+				// Skip spaces between ':' and the field contents
+				while (pos < end && (buffer[pos] == ' ' || buffer[pos] == '\t')) {
+					++pos;
+				}
+
+				const size_t contentsStart = pos;
+				size_t contentsEnd = 0;
+
+				bool firstLine = true;
+
+				// Parse field value, taking care of line folding (value on multiple lines)
+				for (size_t eol = 0 ; parserHelpers::findEOL(buffer, pos, end, &eol) ; pos = eol) {
+
+					// If the line does not start with a folding indicator (SPACE or TAB),
+					// and this is not the first line, then stop parsing lines
+					if (!firstLine && !(buffer[pos] == ' ' || buffer[pos] == '\t')) {
+						break;
+					}
+
+					contentsEnd = eol;
+					firstLine = false;
+				}
+
+				if (pos == end && contentsEnd == 0) {
+
+					// End of data, and no CRLF was found at the end
+					contentsEnd = end;
+				}
+
+				// Strip spaces from end of header lines
+				while (contentsEnd > contentsStart &&
+				       (buffer[contentsEnd - 1] == ' ' || buffer[contentsEnd - 1] == '\t' ||
+				        buffer[contentsEnd - 1] == '\r' || buffer[contentsEnd - 1] == '\n')) {
+
+					contentsEnd--;
+				}
+
+				// Return a new field
+				shared_ptr <headerField> field = headerFieldFactory::getInstance()->create(name);
+
+				field->parse(ctx, buffer, contentsStart, contentsEnd, NULL);
+				field->setParsedBounds(nameStart, pos);
+
+				if (newPosition) {
+					*newPosition = pos;
+				}
+
+				return field;
+			}
+
+		} else {
+
+			// If the line contains only space characters, we assume it is
+			// the end of the headers.
+			while (pos < end && (buffer[pos] == ' ' || buffer[pos] == '\t')) {
+				++pos;
+			}
+
+			if (pos < end && buffer[pos] == '\n') {
+
+				if (newPosition) {
+					*newPosition = pos + 1;   // LF: illegal
+				}
+
+				return null;
+
+			} else if (pos + 1 < end && buffer[pos] == '\r' && buffer[pos + 1] == '\n') {
+
+				if (newPosition) {
+					*newPosition = pos + 2;   // CR+LF
+				}
+
+				return null;
+			}
+
+			// Skip this error and advance to the next line
+			while (pos < end && buffer[pos] != '\n') {
+				++pos;
+			}
+
+			if (buffer[pos] == '\n') {
+				++pos;
+			}
+		}
+	}
+
+	if (newPosition) {
+		*newPosition = pos;
+	}
+
+	return null;
+}
+
+
+void headerField::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_value->parse(ctx, buffer, position, end, newPosition);
+}
+
+
+void headerField::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	os << m_name + ": ";
+
+	m_value->generate(ctx, os, curLinePos + m_name.length() + 2, newLinePos);
+}
+
+
+size_t headerField::getGeneratedSize(const generationContext& ctx) {
+
+	return m_name.length() + 2 /* ": " */ + m_value->getGeneratedSize(ctx);
+}
+
+
+const string headerField::getName() const {
+
+	return m_name;
+}
+
+
+void headerField::setName(const string& name) {
+
+	m_name = name;
+}
+
+
+bool headerField::isCustom() const {
+
+	return m_name.length() > 2 && m_name[0] == 'X' && m_name[1] == '-';
+}
+
+
+const std::vector <shared_ptr <component> > headerField::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	if (m_value) {
+		list.push_back(m_value);
+	}
+
+	return list;
+}
+
+
+shared_ptr <const headerFieldValue> headerField::getValue() const {
+
+	return m_value;
+}
+
+
+shared_ptr <headerFieldValue> headerField::getValue() {
+
+	return m_value;
+}
+
+
+void headerField::setValue(const shared_ptr <headerFieldValue>& value) {
+
+	if (!headerFieldFactory::getInstance()->isValueTypeValid(*this, *value)) {
+		throw exceptions::bad_field_value_type(getName());
+	}
+
+	if (value != NULL) {
+		m_value = value;
+	}
+}
+
+
+void headerField::setValueConst(const shared_ptr <const headerFieldValue>& value) {
+
+	if (!headerFieldFactory::getInstance()->isValueTypeValid(*this, *value)) {
+		throw exceptions::bad_field_value_type(getName());
+	}
+
+	m_value = vmime::clone(value);
+}
+
+
+void headerField::setValue(const headerFieldValue& value) {
+
+	if (!headerFieldFactory::getInstance()->isValueTypeValid(*this, value)) {
+		throw exceptions::bad_field_value_type(getName());
+	}
+
+	m_value = vmime::clone(value);
+}
+
+
+void headerField::setValue(const string& value) {
+
+	parse(value);
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/headerField.hpp b/vmime-master/src/vmime/headerField.hpp
new file mode 100644
index 0000000..66e9946
--- /dev/null
+++ b/vmime-master/src/vmime/headerField.hpp
@@ -0,0 +1,191 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_HEADERFIELD_HPP_INCLUDED
+#define VMIME_HEADERFIELD_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** Base class for header fields.
+  */
+class VMIME_EXPORT headerField : public component {
+
+	friend class headerFieldFactory;
+	friend class header;
+
+protected:
+
+	// Protected constructor to prevent the user from creating
+	// new objects without using 'headerFieldFactory'
+	headerField();
+	headerField(const string& fieldName);
+
+public:
+
+	~headerField();
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	headerField& operator=(const headerField& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Sets the name of this field.
+	  *
+	  * @param name field name (eg: "From" or "X-MyField").
+	  */
+	void setName(const string& name);
+
+	/** Return the name of this field.
+	  *
+	  * @return field name
+	  */
+	const string getName() const;
+
+	/** Check whether this field is a custom (non-standard) field.
+	  * Custom fields have a name beginning with "X-".
+	  *
+	  * @return true if the field is a custom field, false otherwise
+	  */
+	bool isCustom() const;
+
+	/** Return the read-only value object attached to this field.
+	  *
+	  * @return read-only value object
+	  */
+	virtual shared_ptr <const headerFieldValue> getValue() const;
+
+	/** Return the read-only value object attached to this field,
+	  * casted to the specified type.
+	  *
+	  * @return value object
+	  */
+	template <typename T>
+	shared_ptr <const T> getValue() const {
+
+		return dynamicCast <const T>(m_value);
+	}
+
+	/** Return the value object attached to this field.
+	  *
+	  * @return value object
+	  */
+	virtual shared_ptr <headerFieldValue> getValue();
+
+	/** Return the value object attached to this field,
+	  * casted to the specified type.
+	  *
+	  * @return value object
+	  */
+	template <typename T>
+	shared_ptr <T> getValue() {
+
+		return dynamicCast <T>(m_value);
+	}
+
+	/** Set the value of this field.
+	  *
+	  * @throw exceptions::bad_field_value_type if the value type is not
+	  * valid for this header field
+	  * @param value new value
+	  */
+	virtual void setValue(const shared_ptr <headerFieldValue>& value);
+
+	/** Set the value of this field by cloning the specified value.
+	  *
+	  * @throw exceptions::bad_field_value_type if the value type is not
+	  * valid for this header field
+	  * @param value new value
+	  */
+	virtual void setValueConst(const shared_ptr <const headerFieldValue>& value);
+
+	/** Set the value of this field (reference version).
+	  * The value will be cloned.
+	  *
+	  * @throw exceptions::bad_field_value_type if the value type is not
+	  * valid for this header field
+	  * @param value new value
+	  */
+	virtual void setValue(const headerFieldValue& value);
+
+	/** Set the value of this field given a character string.
+	  *
+	  * @param value value string to parse
+	  */
+	void setValue(const string& value);
+
+
+	/** Parse a header field from a buffer.
+	  *
+	  * @param ctx parsing context
+	  * @param buffer input buffer
+	  * @param position current position in the input buffer
+	  * @param end end position in the input buffer
+	  * @param newPosition will receive the new position in the input buffer
+	  * @return parsed header field, or NULL if no more header field can be parsed
+	  * in the input buffer
+	  */
+	static shared_ptr <headerField> parseNext(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+protected:
+
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+
+	string m_name;
+	shared_ptr <headerFieldValue> m_value;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HEADERFIELD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/headerFieldFactory.cpp b/vmime-master/src/vmime/headerFieldFactory.cpp
new file mode 100644
index 0000000..db281fa
--- /dev/null
+++ b/vmime-master/src/vmime/headerFieldFactory.cpp
@@ -0,0 +1,158 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/headerFieldFactory.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/mailboxList.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/text.hpp"
+#include "vmime/path.hpp"
+#include "vmime/relay.hpp"
+#include "vmime/encoding.hpp"
+#include "vmime/disposition.hpp"
+#include "vmime/messageIdSequence.hpp"
+
+#include "vmime/contentTypeField.hpp"
+#include "vmime/contentDispositionField.hpp"
+#include "vmime/mailboxField.hpp"
+
+
+namespace vmime {
+
+
+headerFieldFactory::headerFieldFactory() {
+
+	// Register parameterized fields
+	registerField <contentTypeField>(vmime::fields::CONTENT_TYPE);
+	registerField <parameterizedHeaderField>(vmime::fields::CONTENT_TRANSFER_ENCODING);
+	registerField <contentDispositionField>(vmime::fields::CONTENT_DISPOSITION);
+
+	registerField <mailboxField>(vmime::fields::FROM);
+	registerField <mailboxField>(vmime::fields::SENDER);
+	registerField <mailboxField>(vmime::fields::REPLY_TO);
+	registerField <mailboxField>(vmime::fields::DELIVERED_TO);
+
+	// Register standard field values
+	registerFieldValue <mailbox>(vmime::fields::FROM);
+	registerFieldValue <addressList>(vmime::fields::TO);
+	registerFieldValue <addressList>(vmime::fields::CC);
+	registerFieldValue <addressList>(vmime::fields::BCC);
+	registerFieldValue <mailbox>(vmime::fields::SENDER);
+	registerFieldValue <datetime>(vmime::fields::DATE);
+	registerFieldValue <relay>(vmime::fields::RECEIVED);
+	registerFieldValue <text>(vmime::fields::SUBJECT);
+	registerFieldValue <mailbox>(vmime::fields::REPLY_TO);
+	registerFieldValue <mailbox>(vmime::fields::DELIVERED_TO);
+	registerFieldValue <text>(vmime::fields::ORGANIZATION);
+	registerFieldValue <text>(vmime::fields::USER_AGENT);
+	registerFieldValue <path>(vmime::fields::RETURN_PATH);
+	registerFieldValue <mediaType>(vmime::fields::CONTENT_TYPE);
+	registerFieldValue <encoding>(vmime::fields::CONTENT_TRANSFER_ENCODING);
+	registerFieldValue <text>(vmime::fields::CONTENT_DESCRIPTION);
+	registerFieldValue <text>(vmime::fields::MIME_VERSION);
+	registerFieldValue <contentDisposition>(vmime::fields::CONTENT_DISPOSITION);
+	registerFieldValue <messageId>(vmime::fields::CONTENT_ID);
+	registerFieldValue <messageId>(vmime::fields::MESSAGE_ID);
+	registerFieldValue <text>(vmime::fields::CONTENT_LOCATION);
+	registerFieldValue <messageIdSequence>(vmime::fields::IN_REPLY_TO);
+	registerFieldValue <messageIdSequence>(vmime::fields::REFERENCES);
+
+	registerFieldValue <messageId>(vmime::fields::ORIGINAL_MESSAGE_ID);
+	registerFieldValue <disposition>(vmime::fields::DISPOSITION);
+	registerFieldValue <mailboxList>(vmime::fields::DISPOSITION_NOTIFICATION_TO);
+}
+
+
+headerFieldFactory::~headerFieldFactory() {
+
+}
+
+
+shared_ptr <headerFieldFactory> headerFieldFactory::getInstance() {
+
+	static headerFieldFactory instance;
+	return shared_ptr <headerFieldFactory>(&instance, noop_shared_ptr_deleter <headerFieldFactory>());
+}
+
+
+shared_ptr <headerField> headerFieldFactory::create(
+	const string& name,
+	const string& body
+) {
+
+	NameMap::const_iterator pos = m_nameMap.find(utility::stringUtils::toLower(name));
+	shared_ptr <headerField> field;
+
+	if (pos != m_nameMap.end()) {
+		field = ((*pos).second)();
+	} else {
+		field = registerer <headerField, headerField>::creator();
+	}
+
+	field->setName(name);
+	field->setValue(createValue(name));
+
+	if (body != NULL_STRING) {
+		field->parse(body);
+	}
+
+	return field;
+}
+
+
+shared_ptr <headerFieldValue> headerFieldFactory::createValue(const string& fieldName) {
+
+	ValueMap::const_iterator pos = m_valueMap.find(
+		utility::stringUtils::toLower(fieldName)
+	);
+
+	shared_ptr <headerFieldValue> value;
+
+	if (pos != m_valueMap.end()) {
+		value = ((*pos).second.allocFunc)();
+	} else {
+		value = registerer <headerFieldValue, text>::creator();
+	}
+
+	return value;
+}
+
+
+bool headerFieldFactory::isValueTypeValid(
+	const headerField& field,
+	const headerFieldValue& value
+) const {
+
+	ValueMap::const_iterator pos = m_valueMap.find
+		(utility::stringUtils::toLower(field.getName()));
+
+	if (pos != m_valueMap.end()) {
+		return ((*pos).second.checkTypeFunc)(value);
+	}
+
+	return true;  // No info on this field
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/headerFieldFactory.hpp b/vmime-master/src/vmime/headerFieldFactory.hpp
new file mode 100644
index 0000000..b3e3415
--- /dev/null
+++ b/vmime-master/src/vmime/headerFieldFactory.hpp
@@ -0,0 +1,159 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_HEADERFIELDFACTORY_HPP_INCLUDED
+#define VMIME_HEADERFIELDFACTORY_HPP_INCLUDED
+
+
+#include "vmime/headerField.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+
+
+/** Creates header field and header field value objects.
+  */
+class VMIME_EXPORT headerFieldFactory {
+
+protected:
+
+	headerFieldFactory();
+	~headerFieldFactory();
+
+	typedef shared_ptr <headerField> (*AllocFunc)(void);
+	typedef std::map <string, AllocFunc> NameMap;
+
+	NameMap m_nameMap;
+
+
+	struct ValueInfo {
+
+		typedef shared_ptr <headerFieldValue> (*ValueAllocFunc)(void);
+		typedef bool (*ValueTypeCheckFunc)(const object&);
+
+		ValueAllocFunc allocFunc;
+		ValueTypeCheckFunc checkTypeFunc;
+	};
+
+	typedef std::map <string, ValueInfo> ValueMap;
+
+	ValueMap m_valueMap;
+
+public:
+
+	static shared_ptr <headerFieldFactory> getInstance();
+
+#ifndef VMIME_BUILDING_DOC
+
+	// TYPE must inherit from BASE_TYPE
+	template <class BASE_TYPE, class TYPE>
+	class registerer {
+
+	public:
+
+		static bool checkType(const object& obj) {
+
+			const TYPE* typedObj = dynamic_cast <const TYPE*>(&obj);
+			return typedObj != NULL;
+		}
+
+		static shared_ptr <BASE_TYPE> creator() {
+
+			// Allocate a new object
+			return shared_ptr <BASE_TYPE>(new TYPE());
+		}
+	};
+
+#endif // VMIME_BUILDING_DOC
+
+
+	/** Register a field type.
+	  *
+	  * @param T field class (must inherit from 'headerField')
+	  * @param name field name (eg. "X-MyField")
+	  */
+	template <class T>
+	void registerField(const string& name) {
+
+		m_nameMap.insert(
+			NameMap::value_type(
+				utility::stringUtils::toLower(name),
+				&registerer <headerField, T>::creator
+			)
+		);
+	}
+
+	/** Register a field value type.
+	  *
+	  * @param T value class (must inherit from 'headerFieldValue')
+	  * @param name field name
+	  */
+	template <class T>
+	void registerFieldValue(const string& name) {
+
+		ValueInfo vi;
+		vi.allocFunc = &registerer <headerFieldValue, T>::creator;
+		vi.checkTypeFunc = &registerer <headerField, T>::checkType;
+
+		m_valueMap.insert(
+			ValueMap::value_type(
+				utility::stringUtils::toLower(name),
+				vi
+			)
+		);
+	}
+
+	/** Create a new field object for the specified field name.
+	  * If the field name has not been registered, a default type
+	  * is used.
+	  *
+	  * @param name field name
+	  * @param body string that will be parsed to initialize
+	  * the value of the field
+	  * @return a new field object
+	  */
+	shared_ptr <headerField> create(const string& name, const string& body = NULL_STRING);
+
+	/** Create a new field value for the specified field.
+	  *
+	  * @param fieldName name of the field for which to create value
+	  * @return a new value object for the field
+	  */
+	shared_ptr <headerFieldValue> createValue(const string& fieldName);
+
+	/** Returns whether the specified value type is valid for the specified field.
+	  *
+	  * @param field header field
+	  * @param value value for this header field
+	  * @return true if the value type is compatible with the header field, or
+	  * false otherwise
+	  */
+	bool isValueTypeValid(const headerField& field, const headerFieldValue& value) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HEADERFIELDFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/headerFieldValue.cpp b/vmime-master/src/vmime/headerFieldValue.cpp
new file mode 100644
index 0000000..073edbe
--- /dev/null
+++ b/vmime-master/src/vmime/headerFieldValue.cpp
@@ -0,0 +1,43 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/headerFieldValue.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+
+
+size_t headerFieldValue::getGeneratedSize(const generationContext& ctx) {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter osa(oss);
+
+	generate(ctx, osa);
+
+	return oss.str().length();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/headerFieldValue.hpp b/vmime-master/src/vmime/headerFieldValue.hpp
new file mode 100644
index 0000000..20d1768
--- /dev/null
+++ b/vmime-master/src/vmime/headerFieldValue.hpp
@@ -0,0 +1,49 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_HEADERFIELDVALUE_HPP_INCLUDED
+#define VMIME_HEADERFIELDVALUE_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+
+
+namespace vmime {
+
+
+/** Base class for all classes that can be used as a value
+  * for a header field.
+  */
+class VMIME_EXPORT headerFieldValue : public component {
+
+public:
+
+	size_t getGeneratedSize(const generationContext& ctx);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HEADERFIELDVALUE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/htmlTextPart.cpp b/vmime-master/src/vmime/htmlTextPart.cpp
new file mode 100644
index 0000000..a30023c
--- /dev/null
+++ b/vmime-master/src/vmime/htmlTextPart.cpp
@@ -0,0 +1,568 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/htmlTextPart.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/contentTypeField.hpp"
+#include "vmime/contentDisposition.hpp"
+#include "vmime/text.hpp"
+
+#include "vmime/emptyContentHandler.hpp"
+#include "vmime/stringContentHandler.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+
+
+htmlTextPart::htmlTextPart()
+	: m_plainText(make_shared <emptyContentHandler>()),
+	  m_text(make_shared <emptyContentHandler>()) {
+
+}
+
+
+htmlTextPart::~htmlTextPart() {
+
+}
+
+
+const mediaType htmlTextPart::getType() const {
+
+	return mediaType(mediaTypes::TEXT, mediaTypes::TEXT_HTML);
+}
+
+
+size_t htmlTextPart::getPartCount() const {
+
+	return m_plainText->isEmpty() ? 1 : 2;
+}
+
+
+void htmlTextPart::generateIn(
+	const shared_ptr <bodyPart>& /* message */,
+	const shared_ptr <bodyPart>& parent
+) const {
+
+	// Plain text
+	if (!m_plainText->isEmpty()) {
+
+		// -- Create a new part
+		shared_ptr <bodyPart> part = make_shared <bodyPart>();
+		parent->getBody()->appendPart(part);
+
+		// -- Set contents
+		part->getBody()->setContents(
+			m_plainText,
+			mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN),
+			m_charset,
+			encoding::decide(m_plainText, m_charset, encoding::USAGE_TEXT)
+		);
+	}
+
+	// HTML text
+	// -- Create a new part
+	shared_ptr <bodyPart> htmlPart = make_shared <bodyPart>();
+
+	// -- Set contents
+	htmlPart->getBody()->setContents(
+		m_text,
+		mediaType(mediaTypes::TEXT, mediaTypes::TEXT_HTML),
+		m_charset,
+		encoding::decide(m_text, m_charset, encoding::USAGE_TEXT)
+	);
+
+	// Handle the case we have embedded objects
+	if (!m_objects.empty()) {
+
+		// Create a "multipart/related" body part
+		shared_ptr <bodyPart> relPart = make_shared <bodyPart>();
+		parent->getBody()->appendPart(relPart);
+
+		relPart->getHeader()->ContentType()->setValue(
+			mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_RELATED)
+		);
+
+		// Add the HTML part into this part
+		relPart->getBody()->appendPart(htmlPart);
+
+		// Also add objects into this part
+		for (std::vector <shared_ptr <embeddedObject> >::const_iterator it = m_objects.begin() ;
+		     it != m_objects.end() ; ++it) {
+
+			shared_ptr <bodyPart> objPart = make_shared <bodyPart>();
+			relPart->getBody()->appendPart(objPart);
+
+			string id = (*it)->getId();
+
+			if (id.length() >= 4 &&
+			    (id[0] == 'c' || id[0] == 'C') &&
+			    (id[1] == 'i' || id[1] == 'I') &&
+			    (id[2] == 'd' || id[2] == 'D') &&
+			    id[3] == ':') {
+
+				id = id.substr(4);
+			}
+
+			objPart->getHeader()->ContentType()->setValue((*it)->getType());
+			objPart->getHeader()->ContentId()->setValue(messageId("<" + id + ">"));
+			objPart->getHeader()->ContentDisposition()->setValue(contentDisposition(contentDispositionTypes::INLINE));
+			objPart->getHeader()->ContentTransferEncoding()->setValue((*it)->getEncoding());
+				//encoding(encodingTypes::BASE64);
+
+			objPart->getBody()->setContents((*it)->getData()->clone());
+		}
+
+	} else {
+
+		// Add the HTML part into the parent part
+		parent->getBody()->appendPart(htmlPart);
+	}
+}
+
+
+void htmlTextPart::findEmbeddedParts(
+	const bodyPart& part,
+	std::vector <shared_ptr <const bodyPart> >& cidParts,
+	std::vector <shared_ptr <const bodyPart> >& locParts
+) {
+
+	for (size_t i = 0 ; i < part.getBody()->getPartCount() ; ++i) {
+
+		shared_ptr <const bodyPart> p = part.getBody()->getPartAt(i);
+
+		// For a part to be an embedded object, it must have either a
+		// Content-Id field or a Content-Location field.
+		if (p->getHeader()->hasField(fields::CONTENT_ID)) {
+			cidParts.push_back(p);
+		}
+
+		if (p->getHeader()->hasField(fields::CONTENT_LOCATION)) {
+			locParts.push_back(p);
+		}
+
+		findEmbeddedParts(*p, cidParts, locParts);
+	}
+}
+
+
+void htmlTextPart::addEmbeddedObject(
+	const bodyPart& part,
+	const string& id,
+	const embeddedObject::ReferenceType refType
+) {
+
+	// The object may already exists. This can happen if an object is
+	// identified by both a Content-Id and a Content-Location. In this
+	// case, there will be two embedded objects with two different IDs
+	// but referencing the same content.
+
+	mediaType type;
+
+	shared_ptr <const headerField> ctf =
+		part.getHeader()->findField(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		type = *ctf->getValue <mediaType>();
+
+	} else {
+
+		// No "Content-type" field: assume "application/octet-stream".
+	}
+
+	m_objects.push_back(
+		make_shared <embeddedObject>(
+			vmime::clone(part.getBody()->getContents()),
+			part.getBody()->getEncoding(),
+			id,
+			type,
+			refType
+		)
+	);
+}
+
+
+void htmlTextPart::parse(
+	const shared_ptr <const bodyPart>& message,
+	const shared_ptr <const bodyPart>& parent,
+	const shared_ptr <const bodyPart>& textPart
+) {
+
+	// Search for possible embedded objects in the _whole_ message.
+	std::vector <shared_ptr <const bodyPart> > cidParts;
+	std::vector <shared_ptr <const bodyPart> > locParts;
+
+	findEmbeddedParts(*message, cidParts, locParts);
+
+	// Extract HTML text
+	std::ostringstream oss;
+	utility::outputStreamAdapter adapter(oss);
+
+	textPart->getBody()->getContents()->extract(adapter);
+
+	const string data = oss.str();
+
+	m_text = textPart->getBody()->getContents()->clone();
+
+	// Find charset
+	shared_ptr <const contentTypeField> ctf =
+		textPart->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf && ctf->hasCharset()) {
+		m_charset = ctf->getCharset();
+	} else {
+		m_charset = charset();
+	}
+
+	// Extract embedded objects. The algorithm is quite simple: for each previously
+	// found inline part, we check if its CID/Location is contained in the HTML text.
+	for (std::vector <shared_ptr <const bodyPart> >::const_iterator p = cidParts.begin() ;
+	     p != cidParts.end() ; ++p) {
+
+		const shared_ptr <const headerField> midField =
+			(*p)->getHeader()->findField(fields::CONTENT_ID);
+
+		const messageId mid = *midField->getValue <messageId>();
+
+		if (data.find("CID:" + mid.getId()) != string::npos ||
+		    data.find("cid:" + mid.getId()) != string::npos) {
+
+			// This part is referenced in the HTML text.
+			// Add it to the embedded object list.
+			addEmbeddedObject(**p, mid.getId(), embeddedObject::REFERENCED_BY_ID);
+		}
+	}
+
+	for (std::vector <shared_ptr <const bodyPart> >::const_iterator p = locParts.begin() ;
+	     p != locParts.end() ; ++p) {
+
+		const shared_ptr <const headerField> locField =
+			(*p)->getHeader()->findField(fields::CONTENT_LOCATION);
+
+		const text loc = *locField->getValue <text>();
+		const string locStr = loc.getWholeBuffer();
+
+		if (data.find(locStr) != string::npos) {
+
+			// This part is referenced in the HTML text.
+			// Add it to the embedded object list.
+			addEmbeddedObject(**p, locStr, embeddedObject::REFERENCED_BY_LOCATION);
+		}
+	}
+
+	// Extract plain text, if any.
+	if (!findPlainTextPart(*message, *parent, *textPart)) {
+
+		m_plainText = make_shared <emptyContentHandler>();
+	}
+}
+
+
+bool htmlTextPart::findPlainTextPart(
+	const bodyPart& part,
+	const bodyPart& parent,
+	const bodyPart& textPart
+) {
+
+	// We search for the nearest "multipart/alternative" part.
+	const shared_ptr <const headerField> ctf =
+		part.getHeader()->findField(fields::CONTENT_TYPE);
+
+	if (ctf) {
+
+		const mediaType type = *ctf->getValue <mediaType>();
+
+		if (type.getType() == mediaTypes::MULTIPART &&
+		    type.getSubType() == mediaTypes::MULTIPART_ALTERNATIVE) {
+
+			shared_ptr <const bodyPart> foundPart;
+
+			for (size_t i = 0 ; i < part.getBody()->getPartCount() ; ++i) {
+
+				const shared_ptr <const bodyPart> p = part.getBody()->getPartAt(i);
+
+				if (p.get() == &parent ||     // if "text/html" is in "multipart/related"
+				    p.get() == &textPart) {   // if not...
+
+					foundPart = p;
+				}
+			}
+
+			if (foundPart) {
+
+				bool found = false;
+
+				// Now, search for the alternative plain text part
+				for (size_t i = 0 ; !found && i < part.getBody()->getPartCount() ; ++i) {
+
+					const shared_ptr <const bodyPart> p = part.getBody()->getPartAt(i);
+
+					const shared_ptr <const headerField> ctf =
+						p->getHeader()->findField(fields::CONTENT_TYPE);
+
+					if (ctf) {
+
+						const mediaType type = *ctf->getValue <mediaType>();
+
+						if (type.getType() == mediaTypes::TEXT &&
+						    type.getSubType() == mediaTypes::TEXT_PLAIN) {
+
+							m_plainText = p->getBody()->getContents()->clone();
+							found = true;
+						}
+
+					} else {
+
+						// No "Content-type" field.
+					}
+				}
+
+				// If we don't have found the plain text part here, it means that
+				// it does not exists (the MUA which built this message probably
+				// did not include it...).
+				return found;
+			}
+		}
+
+	} else {
+
+		// No "Content-type" field.
+	}
+
+	bool found = false;
+
+	for (size_t i = 0 ; !found && i < part.getBody()->getPartCount() ; ++i) {
+
+		found = findPlainTextPart(*part.getBody()->getPartAt(i), parent, textPart);
+	}
+
+	return found;
+}
+
+
+const charset& htmlTextPart::getCharset() const {
+
+	return m_charset;
+}
+
+
+void htmlTextPart::setCharset(const charset& ch) {
+
+	m_charset = ch;
+}
+
+
+shared_ptr <const contentHandler> htmlTextPart::getPlainText() const {
+
+	return m_plainText;
+}
+
+
+void htmlTextPart::setPlainText(const shared_ptr <contentHandler>& plainText) {
+
+	m_plainText = plainText->clone();
+}
+
+
+const shared_ptr <const contentHandler> htmlTextPart::getText() const {
+
+	return m_text;
+}
+
+
+void htmlTextPart::setText(const shared_ptr <contentHandler>& text) {
+
+	m_text = text->clone();
+}
+
+
+size_t htmlTextPart::getObjectCount() const {
+
+	return m_objects.size();
+}
+
+
+shared_ptr <const htmlTextPart::embeddedObject> htmlTextPart::getObjectAt(const size_t pos) const {
+
+	return m_objects[pos];
+}
+
+
+shared_ptr <const htmlTextPart::embeddedObject> htmlTextPart::findObject(const string& id) const
+{
+	for (std::vector <shared_ptr <embeddedObject> >::const_iterator o = m_objects.begin() ;
+	     o != m_objects.end() ; ++o) {
+
+		if ((*o)->matchesId(id)) {
+			return *o;
+		}
+	}
+
+	return null;
+}
+
+
+bool htmlTextPart::hasObject(const string& id) const {
+
+	for (std::vector <shared_ptr <embeddedObject> >::const_iterator o = m_objects.begin() ;
+	     o != m_objects.end() ; ++o) {
+
+		if ((*o)->matchesId(id)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+shared_ptr <const htmlTextPart::embeddedObject> htmlTextPart::addObject(
+	const shared_ptr <contentHandler>& data,
+	const vmime::encoding& enc,
+	const mediaType& type
+) {
+
+	const messageId mid(messageId::generateId());
+
+	shared_ptr <embeddedObject> obj = make_shared <embeddedObject>(
+		data, enc, mid.getId(), type, embeddedObject::REFERENCED_BY_ID
+	);
+
+	m_objects.push_back(obj);
+
+	return obj;
+}
+
+
+shared_ptr <const htmlTextPart::embeddedObject> htmlTextPart::addObject(
+	const shared_ptr <contentHandler>& data,
+	const mediaType& type
+) {
+
+	return addObject(data, encoding::decide(data), type);
+}
+
+
+shared_ptr <const htmlTextPart::embeddedObject> htmlTextPart::addObject(
+	const string& data,
+	const mediaType& type
+) {
+
+	shared_ptr <stringContentHandler> cts = make_shared <stringContentHandler>(data);
+	return addObject(cts, encoding::decide(cts), type);
+}
+
+
+
+//
+// htmlTextPart::embeddedObject
+//
+
+htmlTextPart::embeddedObject::embeddedObject(
+	const shared_ptr <contentHandler>& data,
+	const encoding& enc,
+	const string& id,
+	const mediaType& type,
+	const ReferenceType refType
+)
+	: m_data(vmime::clone(data)),
+	  m_encoding(enc),
+	  m_id(id),
+	  m_type(type),
+	  m_refType(refType) {
+
+}
+
+
+shared_ptr <const contentHandler> htmlTextPart::embeddedObject::getData() const {
+
+	return m_data;
+}
+
+
+const vmime::encoding htmlTextPart::embeddedObject::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+const string htmlTextPart::embeddedObject::getId() const {
+
+	return m_id;
+}
+
+
+const string htmlTextPart::embeddedObject::getReferenceId() const {
+
+	if (m_refType == REFERENCED_BY_ID) {
+		return string("cid:") + m_id;
+	} else {
+		return m_id;
+	}
+}
+
+
+const mediaType htmlTextPart::embeddedObject::getType() const {
+
+	return m_type;
+}
+
+
+htmlTextPart::embeddedObject::ReferenceType htmlTextPart::embeddedObject::getReferenceType() const {
+
+	return m_refType;
+}
+
+
+bool htmlTextPart::embeddedObject::matchesId(const string& id) const {
+
+	if (m_refType == REFERENCED_BY_ID) {
+		return m_id == cleanId(id);
+	} else {
+		return m_id == id;
+	}
+}
+
+
+// static
+const string htmlTextPart::embeddedObject::cleanId(const string& id) {
+
+	if (id.length() >= 4 &&
+	    (id[0] == 'c' || id[0] == 'C') &&
+	    (id[1] == 'i' || id[1] == 'I') &&
+	    (id[2] == 'd' || id[2] == 'D') &&
+	    id[3] == ':') {
+
+		return id.substr(4);
+
+	} else {
+
+		return id;
+	}
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/htmlTextPart.hpp b/vmime-master/src/vmime/htmlTextPart.hpp
new file mode 100644
index 0000000..ac2711b
--- /dev/null
+++ b/vmime-master/src/vmime/htmlTextPart.hpp
@@ -0,0 +1,268 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_HTMLTEXTPART_HPP_INCLUDED
+#define VMIME_HTMLTEXTPART_HPP_INCLUDED
+
+
+#include "vmime/textPart.hpp"
+#include "vmime/messageId.hpp"
+#include "vmime/encoding.hpp"
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+/** Text part of type 'text/html'.
+  */
+class VMIME_EXPORT htmlTextPart : public textPart {
+
+public:
+
+	htmlTextPart();
+	~htmlTextPart();
+
+	const mediaType getType() const;
+
+	const charset& getCharset() const;
+	void setCharset(const charset& ch);
+
+	shared_ptr <const contentHandler> getPlainText() const;
+	void setPlainText(const shared_ptr <contentHandler>& plainText);
+
+	const shared_ptr <const contentHandler> getText() const;
+	void setText(const shared_ptr <contentHandler>& text);
+
+	/** Embedded object (eg: image for &lt;IMG> tag).
+	  */
+	class VMIME_EXPORT embeddedObject : public object {
+	public:
+
+		/** The ways embedded objects can be referenced. */
+		enum ReferenceType {
+			REFERENCED_BY_ID,         /**< Referenced by Content-Id. */
+			REFERENCED_BY_LOCATION    /**< Referenced by Content-Location. */
+		};
+
+		/** Constructs an embedded object.
+		  *
+		  * @param data content of the object
+		  * @param enc encoding of the data
+		  * @param id object identifier
+		  * @param type object content type
+		  * @param refType reference type
+		  * @return a reference to a new embedded object
+		  */
+		embeddedObject(
+			const shared_ptr <contentHandler>& data,
+			const encoding& enc,
+			const string& id,
+			const mediaType& type,
+			const ReferenceType refType
+		);
+
+		/** Return data stored in this embedded object.
+		  *
+		  * @return stored data
+		  */
+		shared_ptr <const contentHandler> getData() const;
+
+		/** Return the encoding used for data in this
+		  * embedded object.
+		  *
+		  * @return data encoding
+		  */
+		const vmime::encoding getEncoding() const;
+
+		/** Returns the identifier of this embedded object (either a
+		  * unique ID or a location).
+		  *
+		  * @return object identifier
+		  */
+		const string getId() const;
+
+		/** Return the identifier used to reference this embedded object
+		  * in a text document (for example, you can use the result as
+		  * the "src" attribute of an &lt;img> tag).
+		  *
+		  * @return object reference identifier
+		  */
+		const string getReferenceId() const;
+
+		/** Return the content type of data stored in
+		  * this embedded object.
+		  *
+		  * @return data type
+		  */
+		const mediaType getType() const;
+
+		/** Returns the way this object is referenced.
+		  *
+		  * @return reference type (see ReferenceType enum)
+		  */
+		ReferenceType getReferenceType() const;
+
+		/** Returns whether this object matches the specified identifier.
+		  *
+		  * @param id identifier to test
+		  * @return true if the specified identifier references this
+		  * object, or false otherwise
+		  */
+		bool matchesId(const string& id) const;
+
+	private:
+
+		static const string cleanId(const string& id);
+
+		shared_ptr <contentHandler> m_data;
+		encoding m_encoding;
+		string m_id;
+		mediaType m_type;
+		ReferenceType m_refType;
+	};
+
+
+	/** Test the existence of an embedded object given its identifier.
+	  *
+	  * @param id object identifier
+	  * @return true if an object with this identifier exists,
+	  * false otherwise
+	  */
+	bool hasObject(const string& id) const;
+
+	/** Return the embedded object with the specified identifier.
+	  *
+	  * @param id object identifier
+	  * @return embedded object with the specified identifier, or NULL if
+	  * no object has been found
+	  */
+	shared_ptr <const embeddedObject> findObject(const string& id) const;
+
+	/** Return the number of embedded objects.
+	  *
+	  * @return number of embedded objects
+	  */
+	size_t getObjectCount() const;
+
+	/** Return the embedded object at the specified position.
+	  *
+	  * @param pos position of the embedded object
+	  * @return embedded object at position 'pos'
+	  */
+	shared_ptr <const embeddedObject> getObjectAt(const size_t pos) const;
+
+	/** Embed an object and returns a string which identifies it.
+	  * The returned identifier is suitable for use in the 'src' attribute
+	  * of an &lt;img> tag.
+	  *
+	  * \deprecated Use the addObject() methods which take a 'contentHandler'
+	  * parameter type instead.
+	  *
+	  * @param data object data
+	  * @param type data type
+	  * @return an unique object identifier used to identify the new
+	  * object among all other embedded objects
+	  */
+	shared_ptr <const embeddedObject> addObject(
+		const string& data,
+		const mediaType& type
+	);
+
+	/** Embed an object and returns a string which identifies it.
+	  * The returned identifier is suitable for use in the 'src' attribute
+	  * of an &lt;img> tag.
+	  *
+	  * @param data object data
+	  * @param type data type
+	  * @return an unique object identifier used to identify the new
+	  * object among all other embedded objects
+	  */
+	shared_ptr <const embeddedObject> addObject(
+		const shared_ptr <contentHandler>& data,
+		const mediaType& type
+	);
+
+	/** Embed an object and returns a string which identifies it.
+	  * The returned identifier is suitable for use in the 'src' attribute
+	  * of an &lt;img> tag.
+	  *
+	  * @param data object data
+	  * @param enc data encoding
+	  * @param type data type
+	  * @return an unique object identifier used to identify the new
+	  * object among all other embedded objects
+	  */
+	shared_ptr <const embeddedObject> addObject(
+		const shared_ptr <contentHandler>& data,
+		const encoding& enc,
+		const mediaType& type
+	);
+
+
+	size_t getPartCount() const;
+
+	void generateIn(
+		const shared_ptr <bodyPart>& message,
+		const shared_ptr <bodyPart>& parent
+	) const;
+
+	void parse(
+		const shared_ptr <const bodyPart>& message,
+		const shared_ptr <const bodyPart>& parent,
+		const shared_ptr <const bodyPart>& textPart
+	);
+
+private:
+
+	shared_ptr <contentHandler> m_plainText;
+	shared_ptr <contentHandler> m_text;
+	charset m_charset;
+
+	std::vector <shared_ptr <embeddedObject> > m_objects;
+
+	void findEmbeddedParts(
+		const bodyPart& part,
+		std::vector <shared_ptr <const bodyPart> >& cidParts,
+		std::vector <shared_ptr <const bodyPart> >& locParts
+	);
+
+	void addEmbeddedObject(
+		const bodyPart& part,
+		const string& id,
+		const embeddedObject::ReferenceType refType
+	);
+
+	bool findPlainTextPart(
+		const bodyPart& part,
+		const bodyPart& parent,
+		const bodyPart& textPart
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_HTMLTEXTPART_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mailbox.cpp b/vmime-master/src/vmime/mailbox.cpp
new file mode 100644
index 0000000..30a082e
--- /dev/null
+++ b/vmime-master/src/vmime/mailbox.cpp
@@ -0,0 +1,476 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mailbox.hpp"
+#include "vmime/parserHelpers.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+
+
+mailbox::mailbox() {
+
+}
+
+
+mailbox::mailbox(const mailbox& mbox)
+	: address(),
+	  m_name(mbox.m_name),
+	  m_email(mbox.m_email) {
+
+}
+
+
+mailbox::mailbox(const emailAddress& email)
+	: m_email(email) {
+
+}
+
+
+mailbox::mailbox(const text& name, const emailAddress& email)
+	: m_name(name),
+	  m_email(email) {
+
+}
+
+
+/*
+
+ RFC #2822:
+ 3.4.  ADDRESS SPECIFICATION
+
+mailbox         =       name-addr / addr-spec
+
+name-addr       =       [display-name] angle-addr
+
+angle-addr      =       [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr
+
+*/
+
+void mailbox::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	// Current state for parsing machine
+	enum States {
+		State_None,
+		State_String,
+		State_Name,
+		State_Bracket,
+		State_Address_Bracketed,
+		State_Address_Unbracketed,
+		State_NameAt,
+	};
+
+	States state = State_None;
+
+	// Temporary buffers for extracted name and address
+	string name, address;
+	unsigned int hold = 0;
+	bool hadBrackets = false;
+
+	while (p < pend) {
+		if (state == State_None) {
+			while (p < pend && parserHelpers::isSpace(*p))
+				++p;
+			if (*p == ',' || *p == ';')
+				/* Completely new mailbox -- stop parsing this one. */
+				break;
+			if (*p == '<') {
+				state = State_Bracket;
+				continue;
+			}
+			if (*p == '"') {  // Quoted string
+				state = State_String;
+				++p;
+				continue;
+			}
+			state = State_Name;
+		} else if (state == State_String) {
+			bool escaped = false;
+
+			for (; p < pend; ++p) {
+				if (escaped) {
+					name += *p;
+					escaped = false;
+					continue;
+				} else if (*p == '\\') {
+					escaped = true;
+					continue;
+				}
+				if (*p == '"') {
+					++p;
+					state = State_None;
+					break;
+				}
+				name += *p;
+			}
+		} else if (state == State_Address_Bracketed) {
+			bool escaped = false;
+			int comment = 0;
+
+			for (; p < pend; ++p) {
+				if (escaped) {
+					if (!comment) {
+						address += *p;
+						name += *p;
+						++hold;
+					}
+					escaped = false;
+				} else if (comment) {
+					if (*p == '\\') {
+						escaped = true;
+					} else if (*p == '(') {
+						++comment;
+					} else if (*p == ')') {
+						--comment;
+					}
+				} else if (*p == '(') {
+					++comment;
+				} else if (*p == '\\') {
+					escaped = true;
+				} else if (*p == '<') {
+					state = State_Bracket;
+					break;
+				} else if (*p == '>') {
+					hadBrackets = true;
+					name += *p++;
+					++hold;
+					state = State_Name;
+					break;
+				} else if (parserHelpers::isSpace(*p)) {
+					name += *p;
+					++hold;
+				} else {
+					address += *p;
+					name += *p;
+					++hold;
+				}
+			}
+		} else if (state == State_Address_Unbracketed) {
+			bool escaped = false;
+			int comment = 0;
+
+			for (; p < pend; ++p) {
+				if (escaped) {
+					if (!comment) {
+						address += *p;
+						name += *p;
+						++hold;
+					}
+					escaped = false;
+				} else if (comment) {
+					if (*p == '\\')
+						escaped = true;
+					else if (*p == '(')
+						++comment;
+					else if (*p == ')')
+						--comment;
+				} else if (*p == '(') {
+					++comment;
+				} else if (*p == '\\') {
+					escaped = true;
+				} else if (*p == '<') {
+					state = State_Bracket;
+					break;
+				} else if (*p == '>') {
+					name += *p++;
+					++hold;
+					state = State_None;
+					break;
+				} else if (*p == ',' || *p == ';') {
+					state = State_None;
+					break;
+				} else if (parserHelpers::isSpace(*p)) {
+					state = State_Name;
+					break;
+				} else {
+					address += *p;
+					name += *p;
+					++hold;
+				}
+			}
+		} else if (state == State_Name) {
+			bool escaped = false;
+			unsigned int comment = 0, at_hold = 0;
+
+			for (; p < pend; ++p) {
+				if (escaped) {
+					if (!comment) {
+						name += *p;
+						++at_hold;
+					}
+					escaped = false;
+				} else if (comment) {
+					if (*p == '\\')
+						escaped = true;
+					else if (*p == '(')
+						++comment;
+					else if (*p == ')')
+						--comment;
+				} else if (*p == '\\') {
+					escaped = true;
+				} else if (*p == '(') {
+					++comment;
+				} else if (*p == '<') {
+					state = State_Bracket;
+					break;
+				} else if (*p == '@') {
+					hold = at_hold;
+					state = State_NameAt;
+					break;
+				} else if (parserHelpers::isSpace(*p)) {
+					name += *p;
+					++hold;
+					at_hold = 1;
+				} else {
+					name += *p;
+					hold = 0;
+					++at_hold;
+				}
+			}
+		} else if (state == State_Bracket) {
+			string::const_iterator q = name.cend();
+			unsigned int nh = 0;
+			while (nh < hold && q != name.cbegin() && parserHelpers::isSpace(*(q - 1))) {
+				--q;
+				++nh;
+			}
+			hold = nh;
+			name += *p++;
+			++hold;
+			if (!address.empty())
+				// If we found a '<' here, it means that the address
+				// starts _only_ here...and the stuff we have parsed
+				// before belongs actually to the display name!
+				address.clear();
+			state = State_Address_Bracketed;
+		} else if (state == State_NameAt) {
+			name += *p++;
+			++hold;
+			// (*) Actually, we were parsing the local-part of an address
+			// and not a display name...
+			// Back up to the last whitespace and treat as address
+			string::const_iterator q = name.cend();
+			unsigned int nh = 0;
+			while (nh < hold && q != name.cbegin() && !parserHelpers::isSpace(*(q - 1))) {
+				--q;
+				++nh;
+			}
+			address.assign(q, name.cend());
+			while (nh < hold && q != name.cbegin() && parserHelpers::isSpace(*(q - 1))) {
+				--q;
+				++nh;
+			}
+			hold = nh;
+			state = State_Address_Unbracketed;
+		}
+	}
+
+	if (hold <= name.size())
+		name.erase(name.size() - hold);
+
+	// Swap name and address when no address was found
+	// (email address is mandatory, whereas name is optional).
+	if (address.empty() && !name.empty() && !hadBrackets) {
+
+		m_name.removeAllWords();
+		m_email.parse(ctx, name);
+
+	} else {
+
+		text::decodeAndUnfold(ctx, name, &m_name);
+		m_email.parse(ctx, address);
+	}
+
+	setParsedBounds(position, position + (p - pstart));
+
+	if (newPosition) {
+		*newPosition = position + (p - pstart);
+	}
+}
+
+
+void mailbox::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	string generatedEmail;
+	utility::outputStreamStringAdapter generatedEmailStream(generatedEmail);
+	m_email.generate(ctx, generatedEmailStream, 0, NULL);
+
+	if (m_name.isEmpty()) {
+
+		size_t pos = curLinePos;
+
+		// No display name is specified, only email address.
+		if (curLinePos + generatedEmail.length() > ctx.getMaxLineLength()) {
+
+			os << NEW_LINE_SEQUENCE;
+			pos = NEW_LINE_SEQUENCE.length();
+		}
+
+		os << generatedEmail;
+		pos += generatedEmail.length();
+
+		if (newLinePos) {
+			*newLinePos = pos;
+		}
+
+	} else {
+
+		// We have to encode the name:
+		//   - if it contains characters in a charset different from "US-ASCII",
+		//   - and/or if it contains one or more of these special chars:
+		//        CR  LF  TAB  "  ;  ,  <  >  (  )  @  /  ?  .  =  :
+		//     these special chars only require quoting, not full encoding
+		// Check whether there are words that are not "US-ASCII"
+		// and/or contain the special chars.
+		bool forceEncode = false;
+
+		for (size_t w = 0 ; !forceEncode && w != m_name.getWordCount() ; ++w) {
+
+			if (m_name.getWordAt(w)->getCharset() != charset(charsets::US_ASCII)) {
+				forceEncode = true;
+			}
+		}
+
+		size_t pos = curLinePos;
+
+		m_name.encodeAndFold(
+			ctx, os, pos, &pos,
+			text::QUOTE_IF_POSSIBLE | (forceEncode ? text::FORCE_ENCODING : 0)
+		);
+
+		if (pos + generatedEmail.length() + 3 > ctx.getMaxLineLength()) {
+
+			os << NEW_LINE_SEQUENCE;
+			pos = NEW_LINE_SEQUENCE.length();
+		}
+
+		os << " <" << generatedEmail << ">";
+		pos += 2 + generatedEmail.length() + 1;
+
+		if (newLinePos) {
+			*newLinePos = pos;
+		}
+	}
+}
+
+
+bool mailbox::operator==(const class mailbox& mailbox) const {
+
+	return m_name == mailbox.m_name && m_email == mailbox.m_email;
+}
+
+
+bool mailbox::operator!=(const class mailbox& mailbox) const {
+
+	return !(*this == mailbox);
+}
+
+
+void mailbox::copyFrom(const component& other) {
+
+	const mailbox& source = dynamic_cast <const mailbox&>(other);
+
+	m_name = source.m_name;
+	m_email = source.m_email;
+}
+
+
+mailbox& mailbox::operator=(const mailbox& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+shared_ptr <component>mailbox::clone() const {
+
+	return make_shared <mailbox>(*this);
+}
+
+
+bool mailbox::isEmpty() const {
+
+	return m_email.isEmpty();
+}
+
+
+void mailbox::clear() {
+
+	m_name.removeAllWords();
+	m_email = emailAddress();
+}
+
+
+bool mailbox::isGroup() const {
+
+	return false;
+}
+
+
+const text& mailbox::getName() const {
+
+	return m_name;
+}
+
+
+void mailbox::setName(const text& name) {
+
+	m_name = name;
+}
+
+
+const emailAddress& mailbox::getEmail() const {
+
+	return m_email;
+}
+
+
+void mailbox::setEmail(const emailAddress& email) {
+
+	m_email = email;
+}
+
+
+const std::vector <shared_ptr <component> > mailbox::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/mailbox.hpp b/vmime-master/src/vmime/mailbox.hpp
new file mode 100644
index 0000000..c563129
--- /dev/null
+++ b/vmime-master/src/vmime/mailbox.hpp
@@ -0,0 +1,123 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MAILBOX_HPP_INCLUDED
+#define VMIME_MAILBOX_HPP_INCLUDED
+
+
+#include "vmime/emailAddress.hpp"
+#include "vmime/address.hpp"
+#include "vmime/text.hpp"
+
+
+namespace vmime {
+
+
+/** A mailbox: full name + email (basic type).
+  */
+class VMIME_EXPORT mailbox : public address {
+
+	friend class mailboxGroup;
+	friend class mailboxField;
+
+public:
+
+	mailbox();
+	mailbox(const mailbox& mbox);
+	mailbox(const emailAddress& email);
+	mailbox(const text& name, const emailAddress& email);
+
+	/** Return the full name of the mailbox (empty if not specified).
+	  *
+	  * @return full name of the mailbox
+	  */
+	const text& getName() const;
+
+	/** Set the full name of the mailbox.
+	  *
+	  * @param name full name of the mailbox
+	  */
+	void setName(const text& name);
+
+	/** Return the email of the mailbox.
+	  *
+	  * @return email of the mailbox
+	  */
+	const emailAddress& getEmail() const;
+
+	/** Set the email of the mailbox.
+	  *
+	  * @param email email of the mailbox
+	  */
+	void setEmail(const emailAddress& email);
+
+	// Comparison
+	bool operator==(const class mailbox& mailbox) const;
+	bool operator!=(const class mailbox& mailbox) const;
+
+	// Assignment
+	void copyFrom(const component& other);
+	shared_ptr <component> clone() const;
+	mailbox& operator=(const mailbox& other);
+
+	bool isEmpty() const;
+
+	void clear();
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+
+	bool isGroup() const;
+
+protected:
+
+	text m_name;
+	emailAddress m_email;
+
+public:
+
+	using address::parse;
+	using address::generate;
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MAILBOX_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mailboxField.cpp b/vmime-master/src/vmime/mailboxField.cpp
new file mode 100644
index 0000000..82ef592
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxField.cpp
@@ -0,0 +1,96 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mailboxField.hpp"
+#include "vmime/mailboxGroup.hpp"
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+namespace vmime {
+
+
+mailboxField::mailboxField() {
+
+}
+
+
+mailboxField::mailboxField(const mailboxField&)
+	: headerField() {
+
+}
+
+
+void mailboxField::parse(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	shared_ptr <mailbox> mbox = make_shared <mailbox>();
+
+	// Here, we cannot simply call "m_mailbox.parse()" because it
+	// may have more than one address specified (even if this field
+	// should contain only one). We are never too much careful...
+	shared_ptr <address> parsedAddress = address::parseNext(
+		ctx, buffer, position, end, newPosition, NULL
+	);
+
+	if (parsedAddress) {
+
+		if (parsedAddress->isGroup()) {
+
+			// If it is a group of mailboxes, take the first
+			// mailbox of the group
+			shared_ptr <mailboxGroup> group = dynamicCast <mailboxGroup>(parsedAddress);
+
+			if (!group->isEmpty()) {
+				mbox = group->getMailboxAt(0);
+			}
+
+		} else {
+
+			// Parse only if it is a mailbox
+			mbox = dynamicCast <mailbox>(parsedAddress);
+		}
+	}
+
+	mbox->setParsedBounds(position, end);
+
+	setValue(mbox);
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+} // vmime
+
+
+#endif // VMIME_BUILDING_DOC
diff --git a/vmime-master/src/vmime/mailboxField.hpp b/vmime-master/src/vmime/mailboxField.hpp
new file mode 100644
index 0000000..6c65361
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxField.hpp
@@ -0,0 +1,69 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MAILBOXFIELD_HPP_INCLUDED
+#define VMIME_MAILBOXFIELD_HPP_INCLUDED
+
+
+#include "vmime/headerField.hpp"
+#include "vmime/mailbox.hpp"
+
+
+// Hide implementation details from user
+#ifndef VMIME_BUILDING_DOC
+
+
+namespace vmime {
+
+
+/** Work-around for malformed header fields that are of type 'mailbox'
+  * and contains multiple addresses.
+  */
+class VMIME_EXPORT mailboxField : public headerField {
+
+	friend class headerFieldFactory;
+
+protected:
+
+	mailboxField();
+	mailboxField(const mailboxField&);
+
+public:
+
+	void parse(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t * newPosition = NULL
+	);
+};
+
+
+#endif // VMIME_BUILDING_DOC
+
+
+} // vmime
+
+
+#endif // VMIME_MAILBOXFIELD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mailboxGroup.cpp b/vmime-master/src/vmime/mailboxGroup.cpp
new file mode 100644
index 0000000..38a6e35
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxGroup.cpp
@@ -0,0 +1,406 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mailboxGroup.hpp"
+#include "vmime/parserHelpers.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+mailboxGroup::mailboxGroup() {
+
+}
+
+
+mailboxGroup::mailboxGroup(const mailboxGroup& mboxGroup)
+	: address() {
+
+	copyFrom(mboxGroup);
+}
+
+
+mailboxGroup::mailboxGroup(const text& name)
+	: m_name(name) {
+
+}
+
+
+mailboxGroup::~mailboxGroup() {
+
+	removeAllMailboxes();
+}
+
+
+void mailboxGroup::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	while (p < pend && parserHelpers::isSpace(*p)) {
+		++p;
+	}
+
+	string name;
+
+	while (p < pend && *p != ':') {
+		name += *p;
+		++p;
+	}
+
+	if (p < pend && *p == ':') {
+		++p;
+	}
+
+
+	size_t pos = position + (p - pstart);
+	bool isLastAddressOfGroup = false;
+
+	while (pos < end && !isLastAddressOfGroup) {
+
+		shared_ptr <address> parsedAddress =
+			address::parseNext(ctx, buffer, pos, end, &pos, &isLastAddressOfGroup);
+
+		if (parsedAddress) {
+
+			if (parsedAddress->isGroup()) {
+
+				shared_ptr <mailboxGroup> group = dynamicCast <mailboxGroup>(parsedAddress);
+
+				// Sub-groups are not allowed in mailbox groups: so, we add all
+				// the contents of the sub-group into this group...
+				for (size_t i = 0 ; i < group->getMailboxCount() ; ++i) {
+					m_list.push_back(vmime::clone(group->getMailboxAt(i)));
+				}
+
+			} else {
+
+				m_list.push_back(dynamicCast <mailbox>(parsedAddress));
+			}
+		}
+	}
+
+	text::decodeAndUnfold(ctx, utility::stringUtils::trim(name), &m_name);
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void mailboxGroup::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	// We have to encode the name:
+	//   - if it contains characters in a charset different from "US-ASCII",
+	//   - and/or if it contains one or more of these special chars:
+	//        SPACE  TAB  "  ;  ,  <  >  (  )  @  /  ?  .  =  :
+
+	// Check whether there are words that are not "US-ASCII"
+	// and/or contain the special chars.
+	bool forceEncode = false;
+
+	for (size_t w = 0 ; !forceEncode && w < m_name.getWordCount() ; ++w) {
+
+		if (m_name.getWordAt(w)->getCharset() == charset(charsets::US_ASCII)) {
+
+			const string& buffer = m_name.getWordAt(w)->getBuffer();
+
+			for (string::const_iterator c = buffer.begin() ;
+			     !forceEncode && c != buffer.end() ; ++c) {
+
+				switch (*c) {
+
+					case ' ':
+					case '\t':
+					case ';':
+					case ',':
+					case '<': case '>':
+					case '(': case ')':
+					case '@':
+					case '/':
+					case '?':
+					case '.':
+					case '=':
+					case ':':
+
+						forceEncode = true;
+						break;
+				}
+			}
+		}
+	}
+
+	size_t pos = curLinePos;
+
+	generationContext tmpCtx(ctx);
+	tmpCtx.setMaxLineLength(ctx.getMaxLineLength() - 2);
+
+	m_name.encodeAndFold(
+		ctx, os, pos, &pos,
+		forceEncode ? text::FORCE_ENCODING : 0
+	);
+
+	os << ":";
+	++pos;
+
+	for (std::vector <shared_ptr <mailbox> >::const_iterator it = m_list.begin() ;
+	     it != m_list.end() ; ++it) {
+
+		if (it != m_list.begin()) {
+
+			os << ", ";
+			pos += 2;
+
+		} else {
+
+			os << " ";
+			++pos;
+		}
+
+		(*it)->generate(tmpCtx, os, pos, &pos);
+	}
+
+	os << ";";
+	pos++;
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+void mailboxGroup::copyFrom(const component& other) {
+
+	const mailboxGroup& source = dynamic_cast <const mailboxGroup&>(other);
+
+	m_name = source.m_name;
+
+	removeAllMailboxes();
+
+	for (std::vector <shared_ptr <mailbox> >::const_iterator it = source.m_list.begin() ;
+	     it != source.m_list.end() ; ++it) {
+
+		m_list.push_back(vmime::clone(*it));
+	}
+}
+
+
+shared_ptr <component> mailboxGroup::clone() const {
+
+	return make_shared <mailboxGroup>(*this);
+}
+
+
+mailboxGroup& mailboxGroup::operator=(const component& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const text& mailboxGroup::getName() const {
+
+	return m_name;
+}
+
+
+void mailboxGroup::setName(const text& name) {
+
+	m_name = name;
+}
+
+
+bool mailboxGroup::isGroup() const {
+
+	return true;
+}
+
+
+bool mailboxGroup::isEmpty() const {
+
+	return m_list.empty();
+}
+
+
+void mailboxGroup::appendMailbox(const shared_ptr <mailbox>& mbox) {
+
+	m_list.push_back(mbox);
+}
+
+
+void mailboxGroup::insertMailboxBefore(
+	const shared_ptr <mailbox>& beforeMailbox,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	const std::vector <shared_ptr <mailbox> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), beforeMailbox);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(it, mbox);
+}
+
+
+void mailboxGroup::insertMailboxBefore(
+	const size_t pos,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(m_list.begin() + pos, mbox);
+}
+
+
+void mailboxGroup::insertMailboxAfter(
+	const shared_ptr <mailbox>& afterMailbox,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	const std::vector <shared_ptr <mailbox> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), afterMailbox);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(it + 1, mbox);
+}
+
+
+void mailboxGroup::insertMailboxAfter(
+	const size_t pos,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.insert(m_list.begin() + pos + 1, mbox);
+}
+
+
+void mailboxGroup::removeMailbox(const shared_ptr <mailbox>& mbox) {
+
+	const std::vector <shared_ptr <mailbox> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), mbox);
+
+	if (it == m_list.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_list.erase(it);
+}
+
+
+void mailboxGroup::removeMailbox(const size_t pos) {
+
+	if (pos >= m_list.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	const std::vector <shared_ptr <mailbox> >::iterator it = m_list.begin() + pos;
+
+	m_list.erase(it);
+}
+
+
+void mailboxGroup::removeAllMailboxes() {
+
+	m_list.clear();
+}
+
+
+size_t mailboxGroup::getMailboxCount() const {
+
+	return m_list.size();
+}
+
+
+shared_ptr <mailbox> mailboxGroup::getMailboxAt(const size_t pos) {
+
+	return m_list[pos];
+}
+
+
+const shared_ptr <const mailbox> mailboxGroup::getMailboxAt(const size_t pos) const {
+
+	return m_list[pos];
+}
+
+
+const std::vector <shared_ptr <const mailbox> > mailboxGroup::getMailboxList() const {
+
+	std::vector <shared_ptr <const mailbox> > list;
+
+	list.reserve(m_list.size());
+
+	for (std::vector <shared_ptr <mailbox> >::const_iterator it = m_list.begin() ;
+	     it != m_list.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <mailbox> > mailboxGroup::getMailboxList() {
+
+	return m_list;
+}
+
+
+const std::vector <shared_ptr <component> > mailboxGroup::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	copy_vector(m_list, list);
+
+	return list;
+
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/mailboxGroup.hpp b/vmime-master/src/vmime/mailboxGroup.hpp
new file mode 100644
index 0000000..4a7da3e
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxGroup.hpp
@@ -0,0 +1,206 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MAILBOXGROUP_HPP_INCLUDED
+#define VMIME_MAILBOXGROUP_HPP_INCLUDED
+
+
+#include "vmime/address.hpp"
+#include "vmime/mailbox.hpp"
+#include "vmime/text.hpp"
+
+
+namespace vmime {
+
+
+/** A group of mailboxes (basic type).
+  */
+class VMIME_EXPORT mailboxGroup : public address {
+
+public:
+
+	mailboxGroup();
+	mailboxGroup(const mailboxGroup& mboxGroup);
+	mailboxGroup(const text& name);
+
+	~mailboxGroup();
+
+
+	void copyFrom(const component& other);
+	shared_ptr <component> clone() const;
+	mailboxGroup& operator=(const component& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Return the name of the group.
+	  *
+	  * @return group name
+	  */
+	const text& getName() const;
+
+	/** Set the name of the group.
+	  *
+	  * @param name group name
+	  */
+	void setName(const text& name);
+
+	/** Add a mailbox at the end of the list.
+	  *
+	  * @param mbox mailbox to append
+	  */
+	void appendMailbox(const shared_ptr <mailbox>& mbox);
+
+	/** Insert a new mailbox before the specified mailbox.
+	  *
+	  * @param beforeMailbox mailbox before which the new mailbox will be inserted
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void insertMailboxBefore(
+		const shared_ptr <mailbox>& beforeMailbox,
+		const shared_ptr <mailbox>& mbox
+	);
+
+	/** Insert a new mailbox before the specified position.
+	  *
+	  * @param pos position at which to insert the new mailbox (0 to insert at
+	  * the beginning of the list)
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertMailboxBefore(
+		const size_t pos,
+		const shared_ptr <mailbox>& mbox
+	);
+
+	/** Insert a new mailbox after the specified mailbox.
+	  *
+	  * @param afterMailbox mailbox after which the new mailbox will be inserted
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void insertMailboxAfter(
+		const shared_ptr <mailbox>& afterMailbox,
+		const shared_ptr <mailbox>& mbox
+	);
+
+	/** Insert a new mailbox after the specified position.
+	  *
+	  * @param pos position of the mailbox before the new mailbox
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertMailboxAfter(
+		const size_t pos,
+		const shared_ptr <mailbox>& mbox
+	);
+
+	/** Remove the specified mailbox from the list.
+	  *
+	  * @param mbox mailbox to remove
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void removeMailbox(const shared_ptr <mailbox>& mbox);
+
+	/** Remove the mailbox at the specified position.
+	  *
+	  * @param pos position of the mailbox to remove
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void removeMailbox(const size_t pos);
+
+	/** Remove all mailboxes from the list.
+	  */
+	void removeAllMailboxes();
+
+	/** Return the number of mailboxes in the list.
+	  *
+	  * @return number of mailboxes
+	  */
+	size_t getMailboxCount() const;
+
+	/** Tests whether the list of mailboxes is empty.
+	  *
+	  * @return true if there is no mailbox, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the mailbox at the specified position.
+	  *
+	  * @param pos position
+	  * @return mailbox at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	shared_ptr <mailbox> getMailboxAt(const size_t pos);
+
+	/** Return the mailbox at the specified position.
+	  *
+	  * @param pos position
+	  * @return mailbox at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	const shared_ptr <const mailbox> getMailboxAt(const size_t pos) const;
+
+	/** Return the mailbox list.
+	  *
+	  * @return list of mailboxes
+	  */
+	const std::vector <shared_ptr <const mailbox> > getMailboxList() const;
+
+	/** Return the mailbox list.
+	  *
+	  * @return list of mailboxes
+	  */
+	const std::vector <shared_ptr <mailbox> > getMailboxList();
+
+	bool isGroup() const;
+
+private:
+
+	text m_name;
+	std::vector <shared_ptr <mailbox> > m_list;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MAILBOXGROUP_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mailboxList.cpp b/vmime-master/src/vmime/mailboxList.cpp
new file mode 100644
index 0000000..e7aba81
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxList.cpp
@@ -0,0 +1,252 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mailboxList.hpp"
+#include "vmime/mailboxGroup.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+mailboxList::mailboxList() {
+
+}
+
+
+mailboxList::mailboxList(const mailboxList& mboxList)
+	: headerFieldValue(),
+	  m_list(mboxList.m_list) {
+
+}
+
+
+void mailboxList::appendMailbox(const shared_ptr <mailbox>& mbox) {
+
+	m_list.appendAddress(mbox);
+}
+
+
+void mailboxList::insertMailboxBefore(
+	const shared_ptr <mailbox>& beforeMailbox,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	m_list.insertAddressBefore(beforeMailbox, mbox);
+}
+
+
+void mailboxList::insertMailboxBefore(
+	const size_t pos,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	m_list.insertAddressBefore(pos, mbox);
+}
+
+
+void mailboxList::insertMailboxAfter(
+	const shared_ptr <mailbox>& afterMailbox,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	m_list.insertAddressAfter(afterMailbox, mbox);
+}
+
+
+void mailboxList::insertMailboxAfter(
+	const size_t pos,
+	const shared_ptr <mailbox>& mbox
+) {
+
+	m_list.insertAddressAfter(pos, mbox);
+}
+
+
+void mailboxList::removeMailbox(const shared_ptr <mailbox>& mbox) {
+
+	m_list.removeAddress(mbox);
+}
+
+
+void mailboxList::removeMailbox(const size_t pos) {
+
+	m_list.removeAddress(pos);
+}
+
+
+void mailboxList::removeAllMailboxes() {
+
+	m_list.removeAllAddresses();
+}
+
+
+size_t mailboxList::getMailboxCount() const {
+
+	return m_list.getAddressCount();
+}
+
+
+bool mailboxList::isEmpty() const {
+
+	return m_list.isEmpty();
+}
+
+
+shared_ptr <mailbox> mailboxList::getMailboxAt(const size_t pos) {
+
+	return dynamicCast <mailbox>(m_list.getAddressAt(pos));
+}
+
+
+const shared_ptr <const mailbox> mailboxList::getMailboxAt(const size_t pos) const {
+
+	return dynamicCast <const mailbox>(m_list.getAddressAt(pos));
+}
+
+
+const std::vector <shared_ptr <const mailbox> > mailboxList::getMailboxList() const {
+
+	const std::vector <shared_ptr <const address> > addrList = m_list.getAddressList();
+	std::vector <shared_ptr <const mailbox> > res;
+
+	for (std::vector <shared_ptr <const address> >::const_iterator it = addrList.begin() ;
+	     it != addrList.end() ; ++it) {
+
+		const shared_ptr <const mailbox> mbox = dynamicCast <const mailbox>(*it);
+
+		if (mbox) {
+			res.push_back(mbox);
+		}
+	}
+
+	return res;
+}
+
+
+const std::vector <shared_ptr <mailbox> > mailboxList::getMailboxList() {
+
+	const std::vector <shared_ptr <address> > addrList = m_list.getAddressList();
+	std::vector <shared_ptr <mailbox> > res;
+
+	for (std::vector <shared_ptr <address> >::const_iterator it = addrList.begin() ;
+	     it != addrList.end() ; ++it) {
+
+		const shared_ptr <mailbox> mbox = dynamicCast <mailbox>(*it);
+
+		if (mbox) {
+			res.push_back(mbox);
+		}
+	}
+
+	return res;
+}
+
+
+shared_ptr <component> mailboxList::clone() const {
+
+	return make_shared <mailboxList>(*this);
+}
+
+
+void mailboxList::copyFrom(const component& other) {
+
+	const mailboxList& mboxList = dynamic_cast <const mailboxList&>(other);
+
+	m_list = mboxList.m_list;
+}
+
+
+mailboxList& mailboxList::operator=(const mailboxList& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const std::vector <shared_ptr <component> > mailboxList::getChildComponents() {
+
+	return m_list.getChildComponents();
+}
+
+
+void mailboxList::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_list.removeAllAddresses();
+
+	size_t pos = position;
+
+	while (pos < end) {
+
+		shared_ptr <address> parsedAddress = address::parseNext(ctx, buffer, pos, end, &pos, NULL);
+
+		if (parsedAddress) {
+
+			if (parsedAddress->isGroup()) {
+
+				shared_ptr <mailboxGroup> group = dynamicCast <mailboxGroup>(parsedAddress);
+
+				for (size_t i = 0 ; i < group->getMailboxCount() ; ++i) {
+					m_list.appendAddress(group->getMailboxAt(i));
+				}
+
+			} else {
+
+				m_list.appendAddress(parsedAddress);
+			}
+		}
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void mailboxList::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	m_list.generate(ctx, os, curLinePos, newLinePos);
+}
+
+
+shared_ptr <addressList> mailboxList::toAddressList() const {
+
+	return vmime::clone(m_list);
+}
+
+
+} // vmime
+
diff --git a/vmime-master/src/vmime/mailboxList.hpp b/vmime-master/src/vmime/mailboxList.hpp
new file mode 100644
index 0000000..8d799d2
--- /dev/null
+++ b/vmime-master/src/vmime/mailboxList.hpp
@@ -0,0 +1,184 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MAILBOXLIST_HPP_INCLUDED
+#define VMIME_MAILBOXLIST_HPP_INCLUDED
+
+
+#include "vmime/addressList.hpp"
+#include "vmime/mailbox.hpp"
+
+
+namespace vmime {
+
+
+/** A list of mailboxes (basic type).
+  *
+  * This class works exactly like 'addressList' except it prevents user
+  * from inserting mailbox groups where it is not allowed by the RFC.
+  */
+class VMIME_EXPORT mailboxList : public headerFieldValue {
+
+public:
+
+	mailboxList();
+	mailboxList(const mailboxList& mboxList);
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	mailboxList& operator=(const mailboxList& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Add a mailbox at the end of the list.
+	  *
+	  * @param mbox mailbox to append
+	  */
+	void appendMailbox(const shared_ptr <mailbox>& mbox);
+
+	/** Insert a new mailbox before the specified mailbox.
+	  *
+	  * @param beforeMailbox mailbox before which the new mailbox will be inserted
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void insertMailboxBefore(const shared_ptr <mailbox>& beforeMailbox, const shared_ptr <mailbox>& mbox);
+
+	/** Insert a new mailbox before the specified position.
+	  *
+	  * @param pos position at which to insert the new mailbox (0 to insert at
+	  * the beginning of the list)
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertMailboxBefore(const size_t pos, const shared_ptr <mailbox>& mbox);
+
+	/** Insert a new mailbox after the specified mailbox.
+	  *
+	  * @param afterMailbox mailbox after which the new mailbox will be inserted
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void insertMailboxAfter(const shared_ptr <mailbox>& afterMailbox, const shared_ptr <mailbox>& mbox);
+
+	/** Insert a new mailbox after the specified position.
+	  *
+	  * @param pos position of the mailbox before the new mailbox
+	  * @param mbox mailbox to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertMailboxAfter(const size_t pos, const shared_ptr <mailbox>& mbox);
+
+	/** Remove the specified mailbox from the list.
+	  *
+	  * @param mbox mailbox to remove
+	  * @throw std::out_of_range if the mailbox is not in the list
+	  */
+	void removeMailbox(const shared_ptr <mailbox>& mbox);
+
+	/** Remove the mailbox at the specified position.
+	  *
+	  * @param pos position of the mailbox to remove
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void removeMailbox(const size_t pos);
+
+	/** Remove all mailboxes from the list.
+	  */
+	void removeAllMailboxes();
+
+	/** Return the number of mailboxes in the list.
+	  *
+	  * @return number of mailboxes
+	  */
+	size_t getMailboxCount() const;
+
+	/** Tests whether the list of mailboxes is empty.
+	  *
+	  * @return true if there is no mailbox, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the mailbox at the specified position.
+	  *
+	  * @param pos position
+	  * @return mailbox at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	shared_ptr <mailbox> getMailboxAt(const size_t pos);
+
+	/** Return the mailbox at the specified position.
+	  *
+	  * @param pos position
+	  * @return mailbox at position 'pos'
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	const shared_ptr <const mailbox> getMailboxAt(const size_t pos) const;
+
+	/** Return the mailbox list.
+	  *
+	  * @return list of mailboxes
+	  */
+	const std::vector <shared_ptr <const mailbox> > getMailboxList() const;
+
+	/** Return the mailbox list.
+	  *
+	  * @return list of mailboxes
+	  */
+	const std::vector <shared_ptr <mailbox> > getMailboxList();
+
+	/** Return a list of addresses.
+	  *
+	  * @return list of addresses
+	  */
+	shared_ptr <addressList> toAddressList() const;
+
+private:
+
+	addressList m_list;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MAILBOXLIST_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mdn/MDNHelper.cpp b/vmime-master/src/vmime/mdn/MDNHelper.cpp
new file mode 100644
index 0000000..a21a181
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/MDNHelper.cpp
@@ -0,0 +1,362 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mdn/MDNHelper.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/stringContentHandler.hpp"
+
+#include "vmime/contentTypeField.hpp"
+
+#include "vmime/path.hpp"
+#include "vmime/dateTime.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+void MDNHelper::attachMDNRequest(const shared_ptr <message>& msg, const mailboxList& mailboxes) {
+
+	shared_ptr <header> hdr = msg->getHeader();
+
+	hdr->DispositionNotificationTo()->setValue(mailboxes);
+}
+
+
+void MDNHelper::attachMDNRequest(const shared_ptr <message>& msg, const mailbox& mbox) {
+
+	mailboxList mboxList;
+	mboxList.appendMailbox(vmime::clone(mbox));
+
+	attachMDNRequest(msg, mboxList);
+}
+
+
+const std::vector <sendableMDNInfos> MDNHelper::getPossibleMDNs(const shared_ptr <const message>& msg) {
+
+	std::vector <sendableMDNInfos> result;
+
+	const shared_ptr <const header> hdr = msg->getHeader();
+
+	if (hdr->hasField(fields::DISPOSITION_NOTIFICATION_TO)) {
+
+		const mailboxList& dnto =
+			*hdr->DispositionNotificationTo()->getValue <mailboxList>();
+
+		for (size_t i = 0 ; i < dnto.getMailboxCount() ; ++i) {
+			result.push_back(sendableMDNInfos(msg, *dnto.getMailboxAt(i)));
+		}
+	}
+
+	return result;
+}
+
+
+bool MDNHelper::isMDN(const shared_ptr <const message>& msg)
+{
+	const shared_ptr <const header> hdr = msg->getHeader();
+
+	// A MDN message implies the following:
+	//   - a Content-Type field is present and its value is "multipart/report"
+	//   - a "report-type" parameter is present in the Content-Type field,
+	//     and its value is "disposition-notification"
+	if (hdr->hasField(fields::CONTENT_TYPE)) {
+
+		const contentTypeField& ctf = *dynamicCast <const contentTypeField>(hdr->ContentType());
+
+		const mediaType type = *ctf.getValue <mediaType>();
+
+		if (type.getType() == vmime::mediaTypes::MULTIPART &&
+		    type.getSubType() == vmime::mediaTypes::MULTIPART_REPORT) {
+
+			if (ctf.hasParameter("report-type") &&
+			    ctf.getReportType() == "disposition-notification") {
+
+				return true;
+			}
+		}
+	}
+
+	return false;
+}
+
+
+receivedMDNInfos MDNHelper::getReceivedMDN(const shared_ptr <const message>& msg)
+{
+	if (!isMDN(msg)) {
+		throw exceptions::invalid_argument();
+	}
+
+	return receivedMDNInfos(msg);
+}
+
+
+bool MDNHelper::needConfirmation(const shared_ptr <const message>& msg)
+{
+	shared_ptr <const header> hdr = msg->getHeader();
+
+	// No "Return-Path" field
+	if (!hdr->hasField(fields::RETURN_PATH)) {
+		return true;
+	}
+
+	// More than one address in Disposition-Notification-To
+	if (hdr->hasField(fields::DISPOSITION_NOTIFICATION_TO)) {
+
+		const mailboxList& dnto = *hdr->DispositionNotificationTo()->getValue <mailboxList>();
+
+		if (dnto.getMailboxCount() > 1) {
+			return true;
+		} else if (dnto.getMailboxCount() == 0) {
+			return false;
+		}
+
+		// Return-Path != Disposition-Notification-To
+		const mailbox& mbox = *dnto.getMailboxAt(0);
+		const path& rp = *hdr->ReturnPath()->getValue <path>();
+
+		if (mbox.getEmail() != rp.getLocalPart() + "@" + rp.getDomain()) {
+			return true;
+		}
+	}
+
+	// User confirmation not needed
+	return false;
+}
+
+
+shared_ptr <message> MDNHelper::buildMDN(
+	const sendableMDNInfos& mdnInfos,
+    const string& text,
+    const charset& ch,
+    const mailbox& expeditor,
+    const disposition& dispo,
+    const string& reportingUA,
+    const std::vector <string>& reportingUAProducts,
+    const std::map <string, string>& fields
+) {
+
+	// Create a new message
+	shared_ptr <message> msg = make_shared <message>();
+
+	// Fill-in header fields
+	shared_ptr <header> hdr = msg->getHeader();
+
+	hdr->ContentType()->setValue(
+		mediaType(vmime::mediaTypes::MULTIPART, vmime::mediaTypes::MULTIPART_REPORT)
+	);
+
+	dynamicCast <contentTypeField>(hdr->ContentType())->setReportType("disposition-notification");
+
+	hdr->Disposition()->setValue(dispo);
+
+	addressList to;
+	to.appendAddress(make_shared <mailbox>(mdnInfos.getRecipient()));
+	hdr->To()->setValue(to);
+
+	hdr->From()->setValue(expeditor);
+
+	hdr->Subject()->setValue(vmime::text(word("Disposition notification")));
+
+	hdr->Date()->setValue(datetime::now());
+	hdr->MimeVersion()->setValue(string(SUPPORTED_MIME_VERSION));
+
+	msg->getBody()->appendPart(createFirstMDNPart(mdnInfos, text, ch));
+	msg->getBody()->appendPart(createSecondMDNPart(mdnInfos,
+		dispo, reportingUA, reportingUAProducts, fields));
+	msg->getBody()->appendPart(createThirdMDNPart(mdnInfos));
+
+	return msg;
+}
+
+
+shared_ptr <bodyPart> MDNHelper::createFirstMDNPart(
+	const sendableMDNInfos& /* mdnInfos */,
+    const string& text,
+    const charset& ch
+) {
+
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+
+	// Header
+	shared_ptr <header> hdr = part->getHeader();
+
+	hdr->ContentType()->setValue(
+		mediaType(vmime::mediaTypes::TEXT, vmime::mediaTypes::TEXT_PLAIN)
+	);
+
+	dynamicCast <contentTypeField>(hdr->ContentType())->setCharset(ch);
+
+	// Body
+	part->getBody()->setContents(make_shared <stringContentHandler>(text));
+
+	return part;
+}
+
+
+shared_ptr <bodyPart> MDNHelper::createSecondMDNPart(
+	const sendableMDNInfos& mdnInfos,
+    const disposition& dispo,
+    const string& reportingUA,
+    const std::vector <string>& reportingUAProducts,
+    const std::map <string, string>& additionalFields
+) {
+
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+
+	// Header
+	shared_ptr <header> hdr = part->getHeader();
+
+	hdr->ContentDisposition()->setValue(vmime::contentDispositionTypes::INLINE);
+	hdr->ContentType()->setValue(mediaType(vmime::mediaTypes::MESSAGE,
+	                                       vmime::mediaTypes::MESSAGE_DISPOSITION_NOTIFICATION));
+
+	// Body
+	//
+	//   The body of a message/disposition-notification consists of one or
+	//   more "fields" formatted according to the ABNF of [RFC-MSGFMT] header
+	//   "fields".  The syntax of the message/disposition-notification content
+	//   is as follows:
+	//
+	//      disposition-notification-content = [ reporting-ua-field CRLF ]
+	//      [ mdn-gateway-field CRLF ]
+	//      [ original-recipient-field CRLF ]
+	//      final-recipient-field CRLF
+	//      [ original-message-id-field CRLF ]
+	//      disposition-field CRLF
+	//      *( failure-field CRLF )
+	//      *( error-field CRLF )
+	//      *( warning-field CRLF )
+	//      *( extension-field CRLF )
+	//
+	header fields;
+
+	// -- Reporting-UA (optional)
+	if (!reportingUA.empty()) {
+
+		string ruaText;
+		ruaText = reportingUA;
+
+		for (unsigned int i = 0 ; i < reportingUAProducts.size() ; ++i) {
+
+			if (i == 0) {
+				ruaText += "; ";
+			} else {
+				ruaText += ", ";
+			}
+
+			ruaText += reportingUAProducts[i];
+		}
+
+		shared_ptr <headerField> rua = headerFieldFactory::getInstance()->
+			create(vmime::fields::REPORTING_UA);
+
+		rua->setValue(ruaText);
+
+		fields.appendField(rua);
+	}
+
+	// -- Final-Recipient
+	shared_ptr <headerField> fr = headerFieldFactory::getInstance()->
+		create(vmime::fields::FINAL_RECIPIENT);
+
+	fr->setValue("rfc822; " + mdnInfos.getRecipient().getEmail().generate());
+
+	fields.appendField(fr);
+
+	// -- Original-Message-ID
+	if (mdnInfos.getMessage()->getHeader()->hasField(vmime::fields::MESSAGE_ID)) {
+
+		fields.OriginalMessageId()->setValueConst
+			(mdnInfos.getMessage()->getHeader()->MessageId()->getValue());
+	}
+
+	// -- Disposition
+	fields.Disposition()->setValue(dispo);
+
+	// -- Failure, Error and Warning fields
+	std::map <string, string>::const_iterator it;
+
+	if (additionalFields.size() > 0) {
+
+		if ((it = additionalFields.find(vmime::fields::ERROR)) != additionalFields.end()) {
+
+			shared_ptr <headerField> error = headerFieldFactory::getInstance()->create(vmime::fields::ERROR);
+			error->setValue(it->second);
+			fields.appendField(error);
+		}
+
+		if ((it = additionalFields.find(vmime::fields::WARNING)) != additionalFields.end()) {
+
+			shared_ptr <headerField> warn = headerFieldFactory::getInstance()->create(vmime::fields::WARNING);
+			warn->setValue(it->second);
+			fields.appendField(warn);
+		}
+
+		if ((it = additionalFields.find(vmime::fields::FAILURE)) != additionalFields.end()) {
+
+			shared_ptr <headerField> fail = headerFieldFactory::getInstance()->create(vmime::fields::FAILURE);
+			fail->setValue(it->second);
+			fields.appendField(fail);
+		}
+	}
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter vos(oss);
+
+	fields.generate(vos);
+
+	part->getBody()->setContents(make_shared <stringContentHandler>(oss.str()));
+
+	return part;
+}
+
+
+shared_ptr <bodyPart> MDNHelper::createThirdMDNPart(const sendableMDNInfos& mdnInfos) {
+
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+
+	// Header
+	shared_ptr <header> hdr = part->getHeader();
+
+	hdr->ContentDisposition()->setValue(vmime::contentDispositionTypes::INLINE);
+	hdr->ContentType()->setValue(mediaType(vmime::mediaTypes::TEXT,
+	                                       vmime::mediaTypes::TEXT_RFC822_HEADERS));
+
+	// Body: original message headers
+	std::ostringstream oss;
+	utility::outputStreamAdapter vos(oss);
+
+	mdnInfos.getMessage()->getHeader()->generate(vos);
+
+	part->getBody()->setContents(make_shared <stringContentHandler>(oss.str()));
+
+	return part;
+}
+
+
+} // mdn
+} // vmime
diff --git a/vmime-master/src/vmime/mdn/MDNHelper.hpp b/vmime-master/src/vmime/mdn/MDNHelper.hpp
new file mode 100644
index 0000000..c1bec2f
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/MDNHelper.hpp
@@ -0,0 +1,142 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MDN_MDNHELPER_HPP_INCLUDED
+#define VMIME_MDN_MDNHELPER_HPP_INCLUDED
+
+
+#include "vmime/mdn/receivedMDNInfos.hpp"
+#include "vmime/mdn/sendableMDNInfos.hpp"
+
+#include "vmime/mailboxList.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+/** Helper for creating or extracting Message Disposition
+  * Notifications (MDN), as defined in RFC-3798.
+  */
+class VMIME_EXPORT MDNHelper {
+
+public:
+
+	/** Attach a MDN request to the specified message.
+	  *
+	  * @param msg message in which to add a MDN request
+	  * @param mailboxes list of mailboxes to which the MDN will be sent
+	  */
+	static void attachMDNRequest(const shared_ptr <message>& msg, const mailboxList& mailboxes);
+
+	/** Attach a MDN request to the specified message.
+	  *
+	  * @param msg message in which to add a MDN request
+	  * @param mbox mailbox to which the MDN will be sent
+	  */
+	static void attachMDNRequest(const shared_ptr <message>& msg, const mailbox& mbox);
+
+	/** Return a list of possible MDNs that can be generated
+	  * for the specified message.
+	  *
+	  * @param msg message for which to send a MDN
+	  * @return list of possible MDNs
+	  */
+	static const std::vector <sendableMDNInfos> getPossibleMDNs(const shared_ptr <const message>& msg);
+
+	/** Test whether the specified message is a MDN.
+	  *
+	  * @param msg message
+	  * @return true if the message is a MDN, false otherwise
+	  */
+	static bool isMDN(const shared_ptr <const message>& msg);
+
+	/** If the specified message is a MDN, return information
+	  * about it.
+	  *
+	  * @param msg message
+	  * @throw exceptions::invalid_argument if the message is not a MDN
+	  * @return information about the MDN
+	  */
+	static receivedMDNInfos getReceivedMDN(const shared_ptr <const message>& msg);
+
+	/** Check whether we need user confirmation for sending a MDN even
+	  * if he/she explicitely allowed automatic send of MDNs. This can
+	  * happen in some situations, described in RFC-3798.
+	  *
+	  * @param msg message for which to send a MDN
+	  * @return true if user confirmation should be asked, false otherwise
+	  */
+	static bool needConfirmation(const shared_ptr <const message>& msg);
+
+	/** Build a new MDN for the message. The resulting MDN can then be
+	  * sent over SMTP transport service.
+	  *
+	  * @param mdnInfos information about the MDN to construct
+	  * @param text human readable message. The purpose of this message is
+	  *             to provide an easily-understood description of the
+	  *             condition(s) that caused the report to be generated.
+	  * @param ch charset of the text
+	  * @param expeditor expeditor of the MDN
+	  * @param dispo disposition information
+	  * @param reportingUA name of reporting user-agent (optional)
+	  * @param reportingUAProducts list of products in the reporting user-agent (optional)
+	  * @param fields additional MDN fields, like "Error", "Warning" or "Failure" (optional)
+	  * @return a new message object containing the MDN
+	  */
+	static shared_ptr <message> buildMDN(
+		const sendableMDNInfos& mdnInfos,
+		const string& text,
+		const charset& ch,
+		const mailbox& expeditor,
+		const disposition& dispo,
+		const string& reportingUA = NULL_STRING,
+		const std::vector <string>& reportingUAProducts = std::vector <string>(),
+		const std::map <string, string>& fields = std::map <string, string>()
+	);
+
+private:
+
+	static shared_ptr <bodyPart> createFirstMDNPart(
+		const sendableMDNInfos& mdnInfos,
+		const string& text,
+		const charset& ch
+	);
+
+	static shared_ptr <bodyPart> createSecondMDNPart(
+		const sendableMDNInfos& mdnInfos,
+		const disposition& dispo,
+		const string& reportingUA,
+		const std::vector <string>& reportingUAProducts,
+		const std::map <string, string>& fields
+	);
+
+	static shared_ptr <bodyPart> createThirdMDNPart(const sendableMDNInfos& mdnInfos);
+};
+
+
+} // mdn
+} // vmime
+
+
+#endif // VMIME_MDN_MDNHELPER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mdn/MDNInfos.cpp b/vmime-master/src/vmime/mdn/MDNInfos.cpp
new file mode 100644
index 0000000..3efe9f9
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/MDNInfos.cpp
@@ -0,0 +1,38 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mdn/MDNInfos.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+
+MDNInfos::~MDNInfos() {
+
+}
+
+
+} // mdn
+} // vmime
diff --git a/vmime-master/src/vmime/mdn/MDNInfos.hpp b/vmime-master/src/vmime/mdn/MDNInfos.hpp
new file mode 100644
index 0000000..f6d7929
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/MDNInfos.hpp
@@ -0,0 +1,57 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MDN_MDNINFOS_HPP_INCLUDED
+#define VMIME_MDN_MDNINFOS_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/message.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+/** Holds information about Message Disposition Notifications (MDN).
+  */
+class VMIME_EXPORT MDNInfos : public object {
+
+public:
+
+	virtual ~MDNInfos();
+
+
+	/** Return the message related to this MDN.
+	  *
+	  * @return related message
+	  */
+	virtual const shared_ptr <const message> getMessage() const = 0;
+};
+
+
+} // mdn
+} // vmime
+
+
+#endif // VMIME_MDN_MDNINFOS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mdn/receivedMDNInfos.cpp b/vmime-master/src/vmime/mdn/receivedMDNInfos.cpp
new file mode 100644
index 0000000..6f4463e
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/receivedMDNInfos.cpp
@@ -0,0 +1,140 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mdn/receivedMDNInfos.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+receivedMDNInfos::receivedMDNInfos(const shared_ptr <const message>& msg)
+	: m_msg(msg) {
+
+	extract();
+}
+
+
+receivedMDNInfos::receivedMDNInfos(const receivedMDNInfos& other)
+	: MDNInfos() {
+
+	copyFrom(other);
+}
+
+
+receivedMDNInfos& receivedMDNInfos::operator=(const receivedMDNInfos& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const shared_ptr <const message> receivedMDNInfos::getMessage() const {
+
+	return m_msg;
+}
+
+
+const messageId receivedMDNInfos::getOriginalMessageId() const {
+
+	return m_omid;
+}
+
+
+const disposition receivedMDNInfos::getDisposition() const {
+
+	return m_disp;
+}
+
+
+const string receivedMDNInfos::getContentMIC() const {
+
+	return m_contentMIC;
+}
+
+
+void receivedMDNInfos::copyFrom(const receivedMDNInfos& other) {
+
+	m_msg = other.m_msg;
+	m_omid = other.m_omid;
+	m_disp = other.m_disp;
+	m_contentMIC = other.m_contentMIC;
+}
+
+
+void receivedMDNInfos::extract() {
+
+	const shared_ptr <const body> bdy = m_msg->getBody();
+
+	for (size_t i = 0 ; i < bdy->getPartCount() ; ++i) {
+
+		const shared_ptr <const bodyPart> part = bdy->getPartAt(i);
+
+		if (!part->getHeader()->hasField(fields::CONTENT_TYPE)) {
+			continue;
+		}
+
+		const mediaType& type = *part->getHeader()->ContentType()->getValue <mediaType>();
+
+		// Extract from second part (message/disposition-notification)
+		if (type.getType() == vmime::mediaTypes::MESSAGE &&
+		    type.getSubType() == vmime::mediaTypes::MESSAGE_DISPOSITION_NOTIFICATION) {
+
+			std::ostringstream oss;
+			utility::outputStreamAdapter vos(oss);
+
+			part->getBody()->getContents()->extract(vos);
+
+			// Body actually contains fields
+			header fields;
+			fields.parse(oss.str());
+
+			shared_ptr <messageId> omid =
+				fields.findFieldValue <messageId>(fields::ORIGINAL_MESSAGE_ID);
+
+			if (omid) {
+				m_omid = *omid;
+			}
+
+			shared_ptr <disposition> disp =
+				fields.findFieldValue <disposition>(fields::DISPOSITION);
+
+			if (disp) {
+				m_disp = *disp;
+			}
+
+			shared_ptr <text> contentMIC =
+				fields.findFieldValue <text>("Received-content-MIC");
+
+			if (contentMIC) {
+				m_contentMIC = contentMIC->generate();
+			}
+		}
+	}
+}
+
+
+} // mdn
+} // vmime
diff --git a/vmime-master/src/vmime/mdn/receivedMDNInfos.hpp b/vmime-master/src/vmime/mdn/receivedMDNInfos.hpp
new file mode 100644
index 0000000..7809acb
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/receivedMDNInfos.hpp
@@ -0,0 +1,93 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MDN_RECEIVEDMDNINFOS_HPP_INCLUDED
+#define VMIME_MDN_RECEIVEDMDNINFOS_HPP_INCLUDED
+
+
+#include "vmime/mdn/MDNInfos.hpp"
+
+#include "vmime/disposition.hpp"
+#include "vmime/messageId.hpp"
+#include "vmime/mailbox.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+/** Holds information about a Message Disposition Notification (MDN)
+  * that has been received.
+  */
+class VMIME_EXPORT receivedMDNInfos : public MDNInfos {
+
+public:
+
+	receivedMDNInfos(const shared_ptr <const message>& msg);
+	receivedMDNInfos(const receivedMDNInfos& other);
+
+	receivedMDNInfos& operator=(const receivedMDNInfos& other);
+
+
+	const shared_ptr <const message> getMessage() const;
+
+	/** Return the identifier of the message for which this MDN
+	  * has been generated.
+	  *
+	  * @return original message-id
+	  */
+	const messageId getOriginalMessageId() const;
+
+	/** Return information about the disposition.
+	  *
+	  * @return disposition information
+	  */
+	const disposition getDisposition() const;
+
+	/** Return the Message Integrity Check (MIC), that is the value
+	  * of the "Received-content-MIC" field.
+	  *
+	  * @return MIC hash value, or an empty string if not specified
+	  */
+	const string getContentMIC() const;
+
+private:
+
+	void copyFrom(const receivedMDNInfos& other);
+
+	void extract();
+
+
+	shared_ptr <const message> m_msg;
+
+	disposition m_disp;
+	messageId m_omid;
+	string m_contentMIC;
+};
+
+
+} // mdn
+} // vmime
+
+
+#endif // VMIME_MDN_RECEIVEDMDNINFOS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mdn/sendableMDNInfos.cpp b/vmime-master/src/vmime/mdn/sendableMDNInfos.cpp
new file mode 100644
index 0000000..281655f
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/sendableMDNInfos.cpp
@@ -0,0 +1,72 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mdn/sendableMDNInfos.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+sendableMDNInfos::sendableMDNInfos(const shared_ptr <const message>& msg, const mailbox& mbox)
+	: m_msg(msg),
+	  m_mailbox(mbox) {
+
+}
+
+
+sendableMDNInfos::sendableMDNInfos(const sendableMDNInfos& other)
+	: MDNInfos() {
+
+	copyFrom(other);
+}
+
+
+sendableMDNInfos& sendableMDNInfos::operator=(const sendableMDNInfos& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const shared_ptr <const message> sendableMDNInfos::getMessage() const {
+
+	return m_msg;
+}
+
+
+const mailbox& sendableMDNInfos::getRecipient() const {
+
+	return m_mailbox;
+}
+
+
+void sendableMDNInfos::copyFrom(const sendableMDNInfos& other) {
+
+	m_msg = other.m_msg;
+	m_mailbox = other.m_mailbox;
+}
+
+
+} // mdn
+} // vmime
diff --git a/vmime-master/src/vmime/mdn/sendableMDNInfos.hpp b/vmime-master/src/vmime/mdn/sendableMDNInfos.hpp
new file mode 100644
index 0000000..5b69b94
--- /dev/null
+++ b/vmime-master/src/vmime/mdn/sendableMDNInfos.hpp
@@ -0,0 +1,72 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MDN_SENDABLEMDNINFOS_HPP_INCLUDED
+#define VMIME_MDN_SENDABLEMDNINFOS_HPP_INCLUDED
+
+
+#include "vmime/mdn/MDNInfos.hpp"
+
+#include "vmime/mailbox.hpp"
+
+
+namespace vmime {
+namespace mdn {
+
+
+/** Holds information about a Message Disposition Notifications (MDN)
+  * that is to be sent.
+  */
+class VMIME_EXPORT sendableMDNInfos : public MDNInfos {
+
+public:
+
+	sendableMDNInfos(const shared_ptr <const message>& msg, const mailbox& mbox);
+	sendableMDNInfos(const sendableMDNInfos& other);
+
+	sendableMDNInfos& operator=(const sendableMDNInfos& other);
+
+	const shared_ptr <const message> getMessage() const;
+
+	/** Return the recipient of the MDN (the mailbox that will receive
+	  * the notification message).
+	  *
+	  * @return recipient of the MDN
+	  */
+	const mailbox& getRecipient() const;
+
+private:
+
+	void copyFrom(const sendableMDNInfos& other);
+
+
+	shared_ptr <const message> m_msg;
+	mailbox m_mailbox;
+};
+
+
+} // mdn
+} // vmime
+
+
+#endif // VMIME_MDN_SENDABLEMDNINFOS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/mediaType.cpp b/vmime-master/src/vmime/mediaType.cpp
new file mode 100644
index 0000000..9547593
--- /dev/null
+++ b/vmime-master/src/vmime/mediaType.cpp
@@ -0,0 +1,207 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/mediaType.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+mediaType::mediaType()
+	: m_type(mediaTypes::APPLICATION),
+	  m_subType(mediaTypes::APPLICATION_OCTET_STREAM) {
+
+}
+
+
+mediaType::mediaType(const string& type) {
+
+	parse(type);
+}
+
+
+mediaType::mediaType(const string& type, const string& subType)
+	: m_type(utility::stringUtils::toLower(type)),
+	  m_subType(utility::stringUtils::toLower(subType)) {
+
+}
+
+
+void mediaType::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	// Extract the type
+	const size_t typeStart = position;
+
+	while (p < pend && *p != '/') ++p;
+
+	m_type = utility::stringUtils::trim(
+		utility::stringUtils::toLower(
+			string(
+				buffer.begin() + typeStart,
+				buffer.begin() + position + (p - pstart)
+			)
+		)
+	);
+
+	if (p < pend) {
+
+		// Skip '/' character
+		++p;
+
+		// Extract the sub-type
+		m_subType = utility::stringUtils::trim(
+			utility::stringUtils::toLower(
+				string(
+					buffer.begin() + position + (p - pstart),
+					buffer.begin() + end
+				)
+			)
+		);
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void mediaType::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	const string value = m_type + "/" + m_subType;
+
+	if (curLinePos + value.length() > ctx.getMaxLineLength()) {
+
+		os << NEW_LINE_SEQUENCE;
+		os << value;
+
+		if (newLinePos) {
+			*newLinePos = NEW_LINE_SEQUENCE_LENGTH + value.length();
+		}
+
+	} else {
+
+		os << value;
+
+		if (newLinePos) {
+			*newLinePos = curLinePos + value.length();
+		}
+	}
+}
+
+
+bool mediaType::operator==(const mediaType& type) const {
+
+	return m_type == type.m_type && m_subType == type.m_subType;
+}
+
+
+bool mediaType::operator!=(const mediaType& type) const {
+
+	return !(*this == type);
+}
+
+
+mediaType& mediaType::operator=(const string& type) {
+
+	parse(type);
+	return *this;
+}
+
+
+shared_ptr <component> mediaType::clone() const {
+
+	return make_shared <mediaType>(m_type, m_subType);
+}
+
+
+void mediaType::copyFrom(const component& other) {
+
+	const mediaType& mt = dynamic_cast <const mediaType&>(other);
+
+	m_type = mt.m_type;
+	m_subType = mt.m_subType;
+}
+
+
+mediaType& mediaType::operator=(const mediaType& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const string& mediaType::getType() const {
+
+	return m_type;
+}
+
+
+void mediaType::setType(const string& type) {
+
+	m_type = utility::stringUtils::toLower(type);
+}
+
+
+const string& mediaType::getSubType() const {
+
+	return m_subType;
+}
+
+
+void mediaType::setSubType(const string& subType) {
+
+	m_subType = utility::stringUtils::toLower(subType);
+}
+
+
+void mediaType::setFromString(const string& type) {
+
+	parse(type);
+}
+
+
+const std::vector <shared_ptr <component> > mediaType::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/mediaType.hpp b/vmime-master/src/vmime/mediaType.hpp
new file mode 100644
index 0000000..4026167
--- /dev/null
+++ b/vmime-master/src/vmime/mediaType.hpp
@@ -0,0 +1,119 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MEDIATYPE_HPP_INCLUDED
+#define VMIME_MEDIATYPE_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** Content media type (basic type).
+  */
+class VMIME_EXPORT mediaType : public headerFieldValue {
+
+public:
+
+	mediaType();
+	mediaType(const string& type);
+	mediaType(const string& type, const string& subType);
+
+public:
+
+	bool operator==(const mediaType& type) const;
+	bool operator!=(const mediaType& type) const;
+
+	mediaType& operator=(const string& type);
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	mediaType& operator=(const mediaType& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Return the media type.
+	  * See the constants in vmime::mediaTypes.
+	  *
+	  * @return media type
+	  */
+	const string& getType() const;
+
+	/** Set the media type.
+	  * See the constants in vmime::mediaTypes.
+	  *
+	  * @param type media type
+	  */
+	void setType(const string& type);
+
+	/** Return the media subtype.
+	  * See the constants in vmime::mediaTypes.
+	  *
+	  * @return media subtype
+	  */
+	const string& getSubType() const;
+
+	/** Set the media subtype.
+	  * See the constants in vmime::mediaTypes.
+	  *
+	  * @param subType media subtype
+	  */
+	void setSubType(const string& subType);
+
+	/** Set the media type and subtype from a string
+	  * in the form "type/subtype" (eg: "image/jpeg").
+	  *
+	  * @param type media type and subtype
+	  */
+	void setFromString(const string& type);
+
+protected:
+
+	string m_type;
+	string m_subType;
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MEDIATYPE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/message.cpp b/vmime-master/src/vmime/message.cpp
new file mode 100644
index 0000000..f034cdb
--- /dev/null
+++ b/vmime-master/src/vmime/message.cpp
@@ -0,0 +1,49 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/message.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+
+
+message::message() {
+
+}
+
+
+const string message::generate(
+	const size_t maxLineLength,
+	const size_t curLinePos
+) const {
+
+	return bodyPart::generate(maxLineLength, curLinePos);
+}
+
+
+} // vmime
+
diff --git a/vmime-master/src/vmime/message.hpp b/vmime-master/src/vmime/message.hpp
new file mode 100644
index 0000000..1b97a5d
--- /dev/null
+++ b/vmime-master/src/vmime/message.hpp
@@ -0,0 +1,60 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGE_HPP_INCLUDED
+#define VMIME_MESSAGE_HPP_INCLUDED
+
+
+#include "vmime/bodyPart.hpp"
+#include "vmime/generationContext.hpp"
+
+
+namespace vmime {
+
+
+/** A MIME message.
+  */
+class VMIME_EXPORT message : public bodyPart {
+
+public:
+
+	message();
+
+public:
+
+	using bodyPart::parse;
+	using bodyPart::generate;
+
+	// Override default generate() functions so that we can change
+	// the default 'maxLineLength' value
+	const string generate(
+		const size_t maxLineLength = generationContext::getDefaultContext().getMaxLineLength(),
+		const size_t curLinePos = 0
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/messageAttachment.hpp b/vmime-master/src/vmime/messageAttachment.hpp
new file mode 100644
index 0000000..2d95d20
--- /dev/null
+++ b/vmime-master/src/vmime/messageAttachment.hpp
@@ -0,0 +1,52 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGEATTACHMENT_HPP_INCLUDED
+#define VMIME_MESSAGEATTACHMENT_HPP_INCLUDED
+
+
+#include "vmime/attachment.hpp"
+#include "vmime/message.hpp"
+
+
+namespace vmime {
+
+
+/** Attachment of type message/rfc822.
+  */
+class VMIME_EXPORT messageAttachment : public attachment {
+
+public:
+
+	/** Return the message encapsulated in this attachment.
+	  *
+	  * @return encapsulated message
+	  */
+	virtual shared_ptr <message> getMessage() const = 0;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGEATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/messageBuilder.cpp b/vmime-master/src/vmime/messageBuilder.cpp
new file mode 100644
index 0000000..4de81bf
--- /dev/null
+++ b/vmime-master/src/vmime/messageBuilder.cpp
@@ -0,0 +1,333 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/messageBuilder.hpp"
+
+#include "vmime/dateTime.hpp"
+#include "vmime/textPartFactory.hpp"
+
+
+namespace vmime {
+
+
+messageBuilder::messageBuilder() {
+
+	// By default there is one text part of type "text/plain"
+	constructTextPart(mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN));
+}
+
+
+messageBuilder::~messageBuilder() {
+
+}
+
+
+shared_ptr <message> messageBuilder::construct() const {
+
+	// Create a new message
+	shared_ptr <message> msg = make_shared <message>();
+
+	// Generate the header fields
+	msg->getHeader()->Subject()->setValue(m_subject);
+
+	if (((m_to.isEmpty()) || (m_to.getAddressAt(0)->isEmpty() && !m_to.getAddressAt(0)->isGroup())) &&
+	    (m_cc.isEmpty() || m_cc.getAddressAt(0)->isEmpty()) &&
+	    (m_bcc.isEmpty() || m_bcc.getAddressAt(0)->isEmpty())) {
+
+		throw exceptions::no_recipient();
+	}
+
+	if (!m_from.isEmpty()) {
+		msg->getHeader()->From()->setValue(m_from);
+	}
+
+	if (!m_to.isEmpty()) {
+		msg->getHeader()->To()->setValue(m_to);
+	}
+
+	if (!m_cc.isEmpty()) {
+		msg->getHeader()->Cc()->setValue(m_cc);
+	}
+
+	if (!m_bcc.isEmpty()) {
+		msg->getHeader()->Bcc()->setValue(m_bcc);
+	}
+
+	// Add a "Date" field
+	msg->getHeader()->Date()->setValue(datetime::now());
+
+	// Add a "Mime-Version" header field
+	msg->getHeader()->MimeVersion()->setValue(string(SUPPORTED_MIME_VERSION));
+
+	// If there is one or more attachments (or other parts that are
+	// not "text/...") and if there is more than one parts for the
+	// text part, we generate these text parts into a sub-part:
+	//
+	// [message]
+	// |
+	// +-- multipart/mixed
+	//     |
+	//     +-- multipart/alternative
+	//     |   |
+	//     |   +-- text part #1  (eg. plain text "text/plain")
+	//     |   +-- text part #2  (eg. HTML       "text/html")
+	//     |   +-- ...
+	//     |
+	//     +-- application/octet-stream (attachment #1)
+	//     |
+	//     +-- ... (other attachments/parts)
+	//
+	if (!m_attach.empty() && m_textPart->getPartCount() > 1) {
+
+		// Set parent part (message) to "multipart/mixed"
+		msg->getHeader()->ContentType()->setValue(
+			mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_MIXED)
+		);
+
+		// Create a sub-part "multipart/alternative" for text parts
+		shared_ptr <bodyPart> subPart = make_shared <bodyPart>();
+		msg->getBody()->appendPart(subPart);
+
+		subPart->getHeader()->ContentType()->setValue(
+			mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_ALTERNATIVE)
+		);
+
+		// Generate the text parts into this sub-part (normally, this
+		// sub-part will have the "multipart/alternative" content-type...)
+		m_textPart->generateIn(msg, subPart);
+
+	} else {
+
+		// Generate the text part(s) directly into the message
+		m_textPart->generateIn(msg, msg);
+
+		// If any attachment, set message content-type to "multipart/mixed"
+		if (!m_attach.empty()) {
+
+			msg->getHeader()->ContentType()->setValue(
+				mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_MIXED)
+			);
+
+		// Else, set it to "multipart/alternative" if there are more than one text part.
+		} else if (m_textPart->getPartCount() > 1) {
+
+			msg->getHeader()->ContentType()->setValue(
+				mediaType(mediaTypes::MULTIPART, mediaTypes::MULTIPART_ALTERNATIVE)
+			);
+		}
+	}
+
+	// Generate the attachments
+	if (!m_attach.empty()) {
+
+		for (std::vector <shared_ptr <attachment> >::const_iterator a = m_attach.begin() ;
+		     a != m_attach.end() ; ++a) {
+
+			(*a)->generateIn(msg);
+		}
+	}
+
+	// If there is only one part in the message, move it into the message
+	// (hence, the message will not be multipart...)
+	if (msg->getBody()->getPartCount() == 1) {
+
+		const bodyPart& part = *msg->getBody()->getPartAt(0);
+
+		// Make a full copy of the body, otherwise the copyFrom() will delete the body we're copying
+		shared_ptr <body> bodyCopy = vmime::clone(part.getBody());
+
+		// First, copy (and replace) the header fields
+		const std::vector <shared_ptr <const headerField> > fields = part.getHeader()->getFieldList();
+
+		for (std::vector <shared_ptr <const headerField> >::const_iterator it = fields.begin() ;
+		     it != fields.end() ; ++it) {
+
+			*(msg->getHeader()->getField((*it)->getName())) = **it;
+		}
+
+		// Second, copy the body contents and sub-parts (this also remove
+		// the body part we are copying...)
+		msg->getBody()->copyFrom(*bodyCopy);
+	}
+
+	return msg;
+}
+
+
+void messageBuilder::attach(const shared_ptr <attachment>& attach) {
+
+	appendAttachment(attach);
+}
+
+
+void messageBuilder::appendAttachment(const shared_ptr <attachment>& attach) {
+
+	m_attach.push_back(attach);
+}
+
+
+void messageBuilder::constructTextPart(const mediaType& type) {
+
+	shared_ptr <textPart> part;
+
+	try {
+		part = textPartFactory::getInstance()->create(type);
+	} catch (exceptions::no_factory_available& e) {
+		throw;
+	}
+
+	m_textPart = part;
+}
+
+
+shared_ptr <textPart> messageBuilder::getTextPart() {
+
+	return m_textPart;
+}
+
+
+const mailbox& messageBuilder::getExpeditor() const {
+
+	return m_from;
+}
+
+
+void messageBuilder::setExpeditor(const mailbox& expeditor) {
+
+	m_from = expeditor;
+}
+
+
+const addressList& messageBuilder::getRecipients() const {
+
+	return m_to;
+}
+
+
+addressList& messageBuilder::getRecipients() {
+
+	return m_to;
+}
+
+
+void messageBuilder::setRecipients(const addressList& recipients) {
+
+	m_to = recipients;
+}
+
+
+const addressList& messageBuilder::getCopyRecipients() const {
+
+	return m_cc;
+}
+
+
+addressList& messageBuilder::getCopyRecipients() {
+
+	return m_cc;
+}
+
+
+void messageBuilder::setCopyRecipients(const addressList& cc) {
+
+	m_cc = cc;
+}
+
+
+const addressList& messageBuilder::getBlindCopyRecipients() const {
+
+	return m_bcc;
+}
+
+
+addressList& messageBuilder::getBlindCopyRecipients() {
+
+	return m_bcc;
+}
+
+
+void messageBuilder::setBlindCopyRecipients(const addressList& bcc) {
+
+	m_bcc = bcc;
+}
+
+
+const text& messageBuilder::getSubject() const {
+
+	return m_subject;
+}
+
+
+void messageBuilder::setSubject(const text& subject) {
+
+	m_subject = subject;
+}
+
+
+void messageBuilder::removeAttachment(const size_t pos) {
+
+	m_attach.erase(m_attach.begin() + pos);
+}
+
+
+const shared_ptr <const attachment> messageBuilder::getAttachmentAt(const size_t pos) const {
+
+	return m_attach[pos];
+}
+
+
+shared_ptr <attachment> messageBuilder::getAttachmentAt(const size_t pos) {
+
+	return m_attach[pos];
+}
+
+
+size_t messageBuilder::getAttachmentCount() const {
+
+	return m_attach.size();
+}
+
+
+const std::vector <shared_ptr <const attachment> > messageBuilder::getAttachmentList() const {
+
+	std::vector <shared_ptr <const attachment> > res;
+
+	res.reserve(m_attach.size());
+
+	for (std::vector <shared_ptr <attachment> >::const_iterator it = m_attach.begin() ;
+	     it != m_attach.end() ; ++it) {
+
+		res.push_back(*it);
+	}
+
+	return res;
+}
+
+
+const std::vector <shared_ptr <attachment> > messageBuilder::getAttachmentList() {
+
+	return m_attach;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/messageBuilder.hpp b/vmime-master/src/vmime/messageBuilder.hpp
new file mode 100644
index 0000000..bfe5ed9
--- /dev/null
+++ b/vmime-master/src/vmime/messageBuilder.hpp
@@ -0,0 +1,221 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGEBUILDER_HPP_INCLUDED
+#define VMIME_MESSAGEBUILDER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+#include "vmime/mailbox.hpp"
+#include "vmime/addressList.hpp"
+#include "vmime/text.hpp"
+#include "vmime/message.hpp"
+#include "vmime/mediaType.hpp"
+#include "vmime/attachment.hpp"
+#include "vmime/textPart.hpp"
+#include "vmime/bodyPart.hpp"
+
+
+namespace vmime {
+
+
+/** A helper for building MIME messages.
+  */
+class VMIME_EXPORT messageBuilder {
+
+public:
+
+	messageBuilder();
+	~messageBuilder();
+
+public:
+
+	/** Return the expeditor of the message (From:).
+	  *
+	  * @return expeditor of the message
+	  */
+	const mailbox& getExpeditor() const;
+
+	/** Set the expeditor of the message (From:).
+	  *
+	  * @param expeditor expeditor of the message
+	  */
+	void setExpeditor(const mailbox& expeditor);
+
+	/** Return the recipients of the message (To:).
+	  *
+	  * return recipients of the message
+	  */
+	const addressList& getRecipients() const;
+
+	/** Return the recipients of the message (To:).
+	  *
+	  * return recipients of the message
+	  */
+	addressList& getRecipients();
+
+	/** Set the recipients of the message (To:).
+	  *
+	  * @param recipients list of recipients
+	  */
+	void setRecipients(const addressList& recipients);
+
+	/** Return the copy recipients of the message (Cc:).
+	  *
+	  * @return copy recipients of the message
+	  */
+	const addressList& getCopyRecipients() const;
+
+	/** Return the copy recipients of the message (Cc:).
+	  *
+	  * @return copy recipients of the message
+	  */
+	addressList& getCopyRecipients();
+
+	/** Set the copy recipients of the message (Cc:).
+	  *
+	  * @param cc list of copy recipients
+	  */
+	void setCopyRecipients(const addressList& cc);
+
+	/** Return the blind-copy recipients of the message (Bcc:).
+	  *
+	  * @return blind-copy recipients of the message
+	  */
+	const addressList& getBlindCopyRecipients() const;
+
+	/** Return the blind-copy recipients of the message (Bcc:).
+	  *
+	  * @return blind-copy recipients of the message
+	  */
+	addressList& getBlindCopyRecipients();
+
+	/** Set the blind-copy recipients of the message (Bcc:).
+	  *
+	  * @param bcc list of blind-copy recipients
+	  */
+	void setBlindCopyRecipients(const addressList& bcc);
+
+	/** Return the subject of the message.
+	  *
+	  * @return subject of the message
+	  */
+	const text& getSubject() const;
+
+	/** Set the subject of the message.
+	  *
+	  * @param subject message subject
+	  */
+	void setSubject(const text& subject);
+
+	/** Attach a new object to the message.
+	  * \deprecated Use messageBuilder::appendAttachment() instead.
+	  *
+	  * @param attach new attachment
+	  */
+	void attach(const shared_ptr <attachment>& attach);
+
+	/** Attach a new object to the message.
+	  *
+	  * @param attach new attachment
+	  */
+	void appendAttachment(const shared_ptr <attachment>& attach);
+
+	/** Remove the attachment at the specified position.
+	  *
+	  * @param pos position of the attachment to remove
+	  */
+	void removeAttachment(const size_t pos);
+
+	/** Return the attachment at the specified position.
+	  *
+	  * @param pos position of the attachment
+	  * @return attachment at the specified position
+	  */
+	const shared_ptr <const attachment> getAttachmentAt(const size_t pos) const;
+
+	/** Return the attachment at the specified position.
+	  *
+	  * @param pos position of the attachment
+	  * @return attachment at the specified position
+	  */
+	shared_ptr <attachment> getAttachmentAt(const size_t pos);
+
+	/** Return the number of attachments in the message.
+	  *
+	  * @return number of attachments
+	  */
+	size_t getAttachmentCount() const;
+
+	/** Return the list of attachments.
+	  *
+	  * @return list of attachments
+	  */
+	const std::vector <shared_ptr <const attachment> > getAttachmentList() const;
+
+	/** Return the list of attachments.
+	  *
+	  * @return list of attachments
+	  */
+	const std::vector <shared_ptr <attachment> > getAttachmentList();
+
+	/** Change the type of the text part and construct a new part.
+	  *
+	  * @param type media type of the text part
+	  */
+	void constructTextPart(const mediaType& type);
+
+	/** Return the text part of the message.
+	  *
+	  * @return text part of the message
+	  */
+	shared_ptr <textPart> getTextPart();
+
+	/** Construct a new message based on the information specified
+	  * in this object.
+	  *
+	  * @return a new message
+	  */
+	shared_ptr <message> construct() const;
+
+private:
+
+	mailbox m_from;
+
+	addressList m_to;
+	addressList m_cc;
+	addressList m_bcc;
+
+	text m_subject;
+
+	shared_ptr <textPart> m_textPart;
+
+	std::vector <shared_ptr <attachment> > m_attach;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGEBUILDER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/messageId.cpp b/vmime-master/src/vmime/messageId.cpp
new file mode 100644
index 0000000..c8ea642
--- /dev/null
+++ b/vmime-master/src/vmime/messageId.cpp
@@ -0,0 +1,329 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/messageId.hpp"
+#include "vmime/utility/random.hpp"
+#include "vmime/platform.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+messageId::messageId() {
+
+}
+
+
+messageId::messageId(const string& id) {
+
+	parse(id);
+}
+
+
+messageId::messageId(const messageId& mid)
+	: headerFieldValue(),
+	  m_left(mid.m_left),
+	  m_right(mid.m_right) {
+
+}
+
+
+messageId::messageId(const string& left, const string& right)
+	: m_left(left),
+	  m_right(right) {
+
+}
+
+
+/*
+	RFC-2822:
+	3.6.4. Identification fields
+
+	msg-id          =       [CFWS] "<" id-left "@" id-right ">" [CFWS]
+*/
+
+void messageId::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	m_left.clear();
+	m_right.clear();
+
+	unsigned int commentLevel = 0;
+	bool escape = false;
+	bool stop = false;
+
+	for ( ; !stop && p < pend ; ++p) {
+
+		if (escape) {
+
+			// Ignore this character
+
+		} else {
+
+			switch (*p) {
+
+				case '(': ++commentLevel; break;
+				case ')': --commentLevel; break;
+				case '\\': escape = true; break;
+				case '<': {
+
+					if (commentLevel == 0) {
+						stop = true;
+						break;
+					}
+				}
+
+			}
+		}
+	}
+
+	// Fix for message ids without angle brackets (invalid)
+	bool hasBrackets = true;
+
+	if (p == pend) {  // no opening angle bracket found
+
+		hasBrackets = false;
+		p = pstart;
+
+		while (p < pend && parserHelpers::isSpace(*p)) {
+			++p;
+		}
+	}
+
+	if (p < pend) {
+
+		// Extract left part
+		const size_t leftStart = position + (p - pstart);
+
+		while (p < pend && *p != '@' && *p != '>') ++p;
+
+		m_left = string(
+			buffer.begin() + leftStart,
+			buffer.begin() + position + (p - pstart)
+		);
+
+		if (p < pend) {
+
+			// Skip '@'
+			++p;
+
+			// Extract right part
+			const size_t rightStart = position + (p - pstart);
+
+			while (p < pend && *p != '>' && (hasBrackets || !parserHelpers::isSpace(*p))) ++p;
+
+			m_right = string(
+				buffer.begin() + rightStart,
+				buffer.begin() + position + (p - pstart)
+			);
+		}
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+shared_ptr <messageId> messageId::parseNext(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	size_t pos = position;
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+		++pos;
+	}
+
+	if (pos != end) {
+
+		const size_t begin = pos;
+
+		while (pos < end && !parserHelpers::isSpace(buffer[pos])) {
+			++pos;
+		}
+
+		shared_ptr <messageId> mid = make_shared <messageId>();
+		mid->parse(ctx, buffer, begin, pos, NULL);
+
+		if (newPosition) {
+			*newPosition = pos;
+		}
+
+		return mid;
+	}
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+
+	return null;
+}
+
+
+const string messageId::getId() const {
+
+	if (m_right.empty()) {
+		return m_left;
+	}
+
+	return m_left + '@' + m_right;
+}
+
+
+void messageId::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	size_t pos = curLinePos;
+
+	if (ctx.getWrapMessageId() &&
+	    (curLinePos + m_left.length() + m_right.length() + 3 > ctx.getMaxLineLength())) {
+
+		os << NEW_LINE_SEQUENCE;
+		pos = NEW_LINE_SEQUENCE_LENGTH;
+	}
+
+	os << '<' << m_left;
+
+	if (m_right != "") {
+		os << '@' << m_right;
+	}
+
+	os << '>';
+
+	if (newLinePos) {
+		*newLinePos = pos + m_left.length() + m_right.length() + 3;
+	}
+}
+
+
+messageId& messageId::operator=(const string& id) {
+
+	parse(id);
+	return *this;
+}
+
+
+messageId messageId::generateId() {
+
+	std::ostringstream left;
+	left.imbue(std::locale::classic());
+
+	left << "vmime";
+	left << '.';
+	left << std::hex << utility::random::getTime();
+	left << '.';
+	left << std::hex << utility::random::getProcess();
+	left << '.';
+	left << std::hex << utility::random::getNext();
+	left << std::hex << utility::random::getNext();
+
+	return messageId(left.str(), platform::getHandler()->getHostName());
+}
+
+
+bool messageId::operator==(const messageId& mid) const {
+
+	return m_left == mid.m_left && m_right == mid.m_right;
+}
+
+
+bool messageId::operator!=(const messageId& mid) const {
+
+	return !(*this == mid);
+}
+
+
+shared_ptr <component> messageId::clone() const {
+
+	return make_shared <messageId>(*this);
+}
+
+
+void messageId::copyFrom(const component& other) {
+
+	const messageId& mid = dynamic_cast <const messageId&>(other);
+
+	m_left = mid.m_left;
+	m_right = mid.m_right;
+}
+
+
+messageId& messageId::operator=(const messageId& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const string& messageId::getLeft() const {
+
+	return m_left;
+}
+
+
+void messageId::setLeft(const string& left) {
+
+	m_left = left;
+}
+
+
+const string& messageId::getRight() const {
+
+	return m_right;
+}
+
+
+void messageId::setRight(const string& right) {
+
+	m_right = right;
+}
+
+
+const std::vector <shared_ptr <component> > messageId::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/messageId.hpp b/vmime-master/src/vmime/messageId.hpp
new file mode 100644
index 0000000..8edbe3e
--- /dev/null
+++ b/vmime-master/src/vmime/messageId.hpp
@@ -0,0 +1,144 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGEID_HPP_INCLUDED
+#define VMIME_MESSAGEID_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** Message identifier (basic type).
+  */
+class VMIME_EXPORT messageId : public headerFieldValue {
+
+	friend class messageIdSequence;
+
+public:
+
+	messageId();
+	messageId(const string& id);
+	messageId(const messageId& mid);
+	messageId(const string& left, const string& right);
+
+public:
+
+	/** Return the left part of the message identifier.
+	  *
+	  * @return left part of message identifier
+	  */
+	const string& getLeft() const;
+
+	/** Set the left part of the message identifier.
+	  *
+	  * @param left left part of message identifier
+	  */
+	void setLeft(const string& left);
+
+	/** Return the right part of the message identifier.
+	  *
+	  * @return right part of message identifier
+	  */
+	const string& getRight() const;
+
+	/** Set the right part of the message identifier.
+	  *
+	  * @param right right part of message identifier
+	  */
+	void setRight(const string& right);
+
+
+	messageId& operator=(const string& id);
+
+	bool operator==(const messageId& mid) const;
+	bool operator!=(const messageId& mid) const;
+
+	/** Generate a random message identifier.
+	  *
+	  * @return randomly created message identifier
+	  */
+	static messageId generateId();
+
+	/** Return the message identifier constructed by using
+	  * the right part and the left part, separated by
+	  * a '@' character.
+	  *
+	  * @return full message identifier
+	  */
+	const string getId() const;
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	messageId& operator=(const messageId& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+private:
+
+	string m_left;
+	string m_right;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+	/** Parse a message-id from an input buffer.
+	  *
+	  * @param buffer input buffer
+	  * @param position position in the input buffer
+	  * @param end end position in the input buffer
+	  * @param newPosition will receive the new position in the input buffer
+	  * @return a new message-id object, or null if no more message-id can be parsed from the input buffer
+	  */
+	static shared_ptr <messageId> parseNext(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGEID_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/messageIdSequence.cpp b/vmime-master/src/vmime/messageIdSequence.cpp
new file mode 100644
index 0000000..2b68bcc
--- /dev/null
+++ b/vmime-master/src/vmime/messageIdSequence.cpp
@@ -0,0 +1,277 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/messageIdSequence.hpp"
+#include "vmime/exception.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+
+
+messageIdSequence::messageIdSequence() {
+
+}
+
+
+messageIdSequence::~messageIdSequence() {
+
+	removeAllMessageIds();
+}
+
+
+messageIdSequence::messageIdSequence(const messageIdSequence& midSeq)
+	: headerFieldValue() {
+
+	copyFrom(midSeq);
+}
+
+
+shared_ptr <component> messageIdSequence::clone() const {
+
+	return make_shared <messageIdSequence>(*this);
+}
+
+
+void messageIdSequence::copyFrom(const component& other) {
+
+	const messageIdSequence& midSeq = dynamic_cast <const messageIdSequence&>(other);
+
+	removeAllMessageIds();
+
+	for (unsigned int i = 0 ; i < midSeq.m_list.size() ; ++i) {
+		m_list.push_back(vmime::clone(midSeq.m_list[i]));
+	}
+}
+
+
+messageIdSequence& messageIdSequence::operator=(const messageIdSequence& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const std::vector <shared_ptr <component> > messageIdSequence::getChildComponents() {
+
+	std::vector <shared_ptr <component> > res;
+
+	copy_vector(m_list, res);
+
+	return res;
+}
+
+
+void messageIdSequence::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	removeAllMessageIds();
+
+	size_t pos = position;
+
+	while (pos < end) {
+
+		shared_ptr <messageId> parsedMid = messageId::parseNext(ctx, buffer, pos, end, &pos);
+
+		if (parsedMid) {
+			m_list.push_back(parsedMid);
+		}
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void messageIdSequence::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	size_t pos = curLinePos;
+
+	if (!m_list.empty()) {
+
+		generationContext tmpCtx(ctx);
+		tmpCtx.setMaxLineLength(ctx.getMaxLineLength() - 2);
+
+		for (std::vector <shared_ptr <messageId> >::const_iterator it = m_list.begin() ; ; ) {
+
+			(*it)->generate(ctx, os, pos, &pos);
+
+			if (++it == m_list.end()) {
+				break;
+			}
+
+			os << " ";
+			pos++;
+		}
+	}
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+void messageIdSequence::appendMessageId(const shared_ptr <messageId>& mid) {
+
+	m_list.push_back(mid);
+}
+
+
+void messageIdSequence::insertMessageIdBefore(
+	const shared_ptr <messageId>& beforeMid,
+	const shared_ptr <messageId>& mid
+) {
+
+	const std::vector <shared_ptr <messageId> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), beforeMid);
+
+	if (it == m_list.end()) {
+		throw exceptions::no_such_message_id();
+	}
+
+	m_list.insert(it, mid);
+}
+
+
+void messageIdSequence::insertMessageIdBefore(
+	const size_t pos,
+	const shared_ptr <messageId>& mid
+) {
+
+	m_list.insert(m_list.begin() + pos, mid);
+}
+
+
+void messageIdSequence::insertMessageIdAfter(
+	const shared_ptr <messageId>& afterMid,
+	const shared_ptr <messageId>& mid
+) {
+
+	const std::vector <shared_ptr <messageId> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), afterMid);
+
+	if (it == m_list.end()) {
+		throw exceptions::no_such_message_id();
+	}
+
+	m_list.insert(it + 1, mid);
+}
+
+
+void messageIdSequence::insertMessageIdAfter(
+	const size_t pos,
+	const shared_ptr <messageId>& mid
+) {
+
+	m_list.insert(m_list.begin() + pos + 1, mid);
+}
+
+
+void messageIdSequence::removeMessageId(const shared_ptr <messageId>& mid)
+{
+	const std::vector <shared_ptr <messageId> >::iterator it =
+		std::find(m_list.begin(), m_list.end(), mid);
+
+	if (it == m_list.end()) {
+		throw exceptions::no_such_message_id();
+	}
+
+	m_list.erase(it);
+}
+
+
+void messageIdSequence::removeMessageId(const size_t pos) {
+
+	const std::vector <shared_ptr <messageId> >::iterator it = m_list.begin() + pos;
+
+	m_list.erase(it);
+}
+
+
+void messageIdSequence::removeAllMessageIds() {
+
+	m_list.clear();
+}
+
+
+size_t messageIdSequence::getMessageIdCount() const {
+
+	return m_list.size();
+}
+
+
+bool messageIdSequence::isEmpty() const {
+
+	return m_list.empty();
+}
+
+
+const shared_ptr <messageId> messageIdSequence::getMessageIdAt(const size_t pos) {
+
+	return m_list[pos];
+}
+
+
+const shared_ptr <const messageId> messageIdSequence::getMessageIdAt(const size_t pos) const {
+
+	return m_list[pos];
+}
+
+
+const std::vector <shared_ptr <const messageId> > messageIdSequence::getMessageIdList() const {
+
+	std::vector <shared_ptr <const messageId> > list;
+
+	list.reserve(m_list.size());
+
+	for (std::vector <shared_ptr <messageId> >::const_iterator it = m_list.begin() ;
+	     it != m_list.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <messageId> > messageIdSequence::getMessageIdList() {
+
+	return m_list;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/messageIdSequence.hpp b/vmime-master/src/vmime/messageIdSequence.hpp
new file mode 100644
index 0000000..e5d0eb6
--- /dev/null
+++ b/vmime-master/src/vmime/messageIdSequence.hpp
@@ -0,0 +1,175 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGEIDSEQUENCE_HPP_INCLUDED
+#define VMIME_MESSAGEIDSEQUENCE_HPP_INCLUDED
+
+
+#include "vmime/messageId.hpp"
+
+
+namespace vmime {
+
+
+/** A list of message identifiers (basic type).
+  */
+class VMIME_EXPORT messageIdSequence : public headerFieldValue {
+
+public:
+
+	messageIdSequence();
+	messageIdSequence(const messageIdSequence& midSeq);
+
+	~messageIdSequence();
+
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	messageIdSequence& operator=(const messageIdSequence& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+
+	/** Add a message-id at the end of the list.
+	  *
+	  * @param mid message-id to append
+	  */
+	void appendMessageId(const shared_ptr <messageId>& mid);
+
+	/** Insert a new message-id before the specified message-id.
+	  *
+	  * @param beforeMid message-id before which the new message-id will be inserted
+	  * @param mid message-id to insert
+	  * @throw exceptions::no_such_messageid if the message-id is not in the list
+	  */
+	void insertMessageIdBefore(const shared_ptr <messageId>& beforeMid, const shared_ptr <messageId>& mid);
+
+	/** Insert a new message-id before the specified position.
+	  *
+	  * @param pos position at which to insert the new message-id (0 to insert at
+	  * the beginning of the list)
+	  * @param mid message-id to insert
+	  */
+	void insertMessageIdBefore(const size_t pos, const shared_ptr <messageId>& mid);
+
+	/** Insert a new message-id after the specified message-id.
+	  *
+	  * @param afterMid message-id after which the new message-id will be inserted
+	  * @param mid message-id to insert
+	  * @throw exceptions::no_such_message_id if the message-id is not in the list
+	  */
+	void insertMessageIdAfter(
+		const shared_ptr <messageId>& afterMid,
+		const shared_ptr <messageId>& mid
+	);
+
+	/** Insert a new message-id after the specified position.
+	  *
+	  * @param pos position of the message-id before the new message-id
+	  * @param mid message-id to insert
+	  */
+	void insertMessageIdAfter(const size_t pos, const shared_ptr <messageId>& mid);
+
+	/** Remove the specified message-id from the list.
+	  *
+	  * @param mid message-id to remove
+	  * @throw exceptions::no_such_message_id if the message-id is not in the list
+	  */
+	void removeMessageId(const shared_ptr <messageId>& mid);
+
+	/** Remove the message-id at the specified position.
+	  *
+	  * @param pos position of the message-id to remove
+	  */
+	void removeMessageId(const size_t pos);
+
+	/** Remove all message-ids from the list.
+	  */
+	void removeAllMessageIds();
+
+	/** Return the number of message-ides in the list.
+	  *
+	  * @return number of message-ides
+	  */
+	size_t getMessageIdCount() const;
+
+	/** Tests whether the list of message-ides is empty.
+	  *
+	  * @return true if there is no message-id, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the message-id at the specified position.
+	  *
+	  * @param pos position
+	  * @return message-id at position 'pos'
+	  */
+	const shared_ptr <messageId> getMessageIdAt(const size_t pos);
+
+	/** Return the message-id at the specified position.
+	  *
+	  * @param pos position
+	  * @return message-id at position 'pos'
+	  */
+	const shared_ptr <const messageId> getMessageIdAt(const size_t pos) const;
+
+	/** Return the message-id list.
+	  *
+	  * @return list of message-ids
+	  */
+	const std::vector <shared_ptr <const messageId> > getMessageIdList() const;
+
+	/** Return the message-id list.
+	  *
+	  * @return list of message-ids
+	  */
+	const std::vector <shared_ptr <messageId> > getMessageIdList();
+
+private:
+
+	std::vector <shared_ptr <messageId> > m_list;
+
+protected:
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGEIDSEQUENCE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/messageParser.cpp b/vmime-master/src/vmime/messageParser.cpp
new file mode 100644
index 0000000..21ac09b
--- /dev/null
+++ b/vmime-master/src/vmime/messageParser.cpp
@@ -0,0 +1,328 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/messageParser.hpp"
+
+#include "vmime/attachmentHelper.hpp"
+
+#include "vmime/defaultAttachment.hpp"
+#include "vmime/textPartFactory.hpp"
+
+#include "vmime/relay.hpp"
+#include "vmime/contentTypeField.hpp"
+#include "vmime/contentDispositionField.hpp"
+
+
+namespace vmime {
+
+
+messageParser::messageParser(const string& buffer) {
+
+	shared_ptr <message> msg = make_shared <message>();
+	msg->parse(buffer);
+
+	parse(msg);
+}
+
+
+messageParser::messageParser(const shared_ptr <const message>& msg) {
+
+	parse(msg);
+}
+
+
+messageParser::~messageParser() {
+
+}
+
+
+void messageParser::parse(const shared_ptr <const message>& msg) {
+
+	// Header fields (if field is present, copy its value, else do nothing)
+#ifndef VMIME_BUILDING_DOC
+
+#define TRY_FIELD(var, type, name) { \
+		shared_ptr <type> fldValue = msg->getHeader()->findFieldValue <type>(name); \
+		if (fldValue) { \
+			var = *fldValue; \
+		} \
+	}
+
+	TRY_FIELD(m_from, mailbox, fields::FROM);
+
+	TRY_FIELD(m_to, addressList, fields::TO);
+	TRY_FIELD(m_cc, addressList, fields::CC);
+	TRY_FIELD(m_bcc, addressList, fields::BCC);
+
+	TRY_FIELD(m_subject, text, fields::SUBJECT);
+
+#undef TRY_FIELD
+
+#endif // VMIME_BUILDING_DOC
+
+	// Date
+	shared_ptr <const headerField> recv = msg->getHeader()->findField(fields::RECEIVED);
+
+	if (recv) {
+
+		m_date = recv->getValue <relay>()->getDate();
+
+	} else {
+
+		shared_ptr <const headerField> date = msg->getHeader()->findField(fields::DATE);
+
+		if (date) {
+			m_date = *date->getValue <datetime>();
+		} else {
+			m_date = datetime::now();
+		}
+	}
+
+	// Attachments
+	findAttachments(msg);
+
+	// Text parts
+	findTextParts(msg, msg);
+}
+
+
+void messageParser::findAttachments(const shared_ptr <const message>& msg) {
+
+	m_attach = attachmentHelper::findAttachmentsInMessage(msg);
+}
+
+
+void messageParser::findTextParts(
+	const shared_ptr <const bodyPart>& msg,
+	const shared_ptr <const bodyPart>& part
+) {
+
+	// Handle the case in which the message is not multipart: if the body part is
+	// "text/*", take this part.
+	if (part->getBody()->getPartCount() == 0) {
+
+		mediaType type(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN);
+		bool accept = false;
+
+		shared_ptr <const contentTypeField> ctf =
+			msg->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+		if (ctf) {
+
+			const mediaType ctfType = *ctf->getValue <mediaType>();
+
+			if (ctfType.getType() == mediaTypes::TEXT) {
+
+				type = ctfType;
+				accept = true;
+			}
+
+		} else {
+
+			// No "Content-type" field: assume "text/plain".
+			accept = true;
+		}
+
+		if (accept) {
+
+			shared_ptr <textPart> txtPart = textPartFactory::getInstance()->create(type);
+			txtPart->parse(msg, msg, msg);
+
+			m_textParts.push_back(txtPart);
+		}
+
+	// Multipart message
+	} else {
+
+		findSubTextParts(msg, part);
+	}
+}
+
+
+bool messageParser::findSubTextParts(
+	const shared_ptr <const bodyPart>& msg,
+	const shared_ptr <const bodyPart>& part
+) {
+
+	// In general, all the text parts are contained in parallel in the same
+	// parent part (or message).
+	// So, wherever the text parts are, all we have to do is to find the first
+	// MIME part which is a text part.
+
+	std::vector <shared_ptr <const bodyPart> > textParts;
+
+	for (size_t i = 0 ; i < part->getBody()->getPartCount() ; ++i) {
+
+		const shared_ptr <const bodyPart> p = part->getBody()->getPartAt(i);
+
+		shared_ptr <const contentTypeField> ctf =
+			p->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+		if (ctf) {
+
+			const mediaType type = *ctf->getValue <mediaType>();
+			contentDisposition disp; // default should be inline
+
+			if (type.getType() == mediaTypes::TEXT) {
+
+				shared_ptr <const contentDispositionField> cdf = p->getHeader()->
+					findField <contentDispositionField>(fields::CONTENT_DISPOSITION);
+
+				if (cdf) {
+
+					disp = *cdf->getValue <contentDisposition>();
+
+				} else {
+
+					// No "Content-Disposition" field, assume default
+				}
+
+				if (disp.getName() == contentDispositionTypes::INLINE) {
+					textParts.push_back(p);
+				}
+			}
+
+		} else {
+
+			// No "Content-type" field.
+		}
+	}
+
+	if (textParts.size()) {
+
+		// Okay. So we have found at least one text part
+		for (std::vector <shared_ptr <const bodyPart> >::const_iterator p = textParts.begin() ;
+		     p != textParts.end() ; ++p) {
+
+			const contentTypeField& ctf =
+				*(*p)->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+			const mediaType type = *ctf.getValue <mediaType>();
+
+			try {
+
+				shared_ptr <textPart> txtPart = textPartFactory::getInstance()->create(type);
+				txtPart->parse(msg, part, *p);
+
+				m_textParts.push_back(txtPart);
+
+			} catch (exceptions::no_factory_available& e) {
+
+				// Content-type not recognized.
+			}
+		}
+	}
+
+	bool found = false;
+
+	for (size_t i = 0 ; !found && (i < part->getBody()->getPartCount()) ; ++i) {
+		found = findSubTextParts(msg, part->getBody()->getPartAt(i));
+	}
+
+	return found;
+}
+
+
+const mailbox& messageParser::getExpeditor() const {
+
+	return m_from;
+}
+
+
+const addressList& messageParser::getRecipients() const {
+
+	return m_to;
+}
+
+
+const addressList& messageParser::getCopyRecipients() const {
+
+	return m_cc;
+}
+
+
+const addressList& messageParser::getBlindCopyRecipients() const {
+
+	return m_bcc;
+}
+
+
+const text& messageParser::getSubject() const {
+
+	return m_subject;
+}
+
+
+const datetime& messageParser::getDate() const {
+
+	return m_date;
+}
+
+
+const std::vector <shared_ptr <const attachment> > messageParser::getAttachmentList() const {
+
+	return m_attach;
+}
+
+
+size_t messageParser::getAttachmentCount() const {
+
+	return m_attach.size();
+}
+
+
+const shared_ptr <const attachment> messageParser::getAttachmentAt(const size_t pos) const {
+
+	return m_attach[pos];
+}
+
+
+const std::vector <shared_ptr <const textPart> > messageParser::getTextPartList() const {
+
+	std::vector <shared_ptr <const textPart> > res;
+
+	res.reserve(m_textParts.size());
+
+	for (std::vector <shared_ptr <textPart> >::const_iterator it = m_textParts.begin() ;
+	     it != m_textParts.end() ; ++it) {
+
+		res.push_back(*it);
+	}
+
+	return res;
+}
+
+
+size_t messageParser::getTextPartCount() const {
+
+	return m_textParts.size();
+}
+
+
+const shared_ptr <const textPart> messageParser::getTextPartAt(const size_t pos) const {
+
+	return m_textParts[pos];
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/messageParser.hpp b/vmime-master/src/vmime/messageParser.hpp
new file mode 100644
index 0000000..8019ef3
--- /dev/null
+++ b/vmime-master/src/vmime/messageParser.hpp
@@ -0,0 +1,164 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MESSAGEPARSER_HPP_INCLUDED
+#define VMIME_MESSAGEPARSER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+#include "vmime/message.hpp"
+#include "vmime/attachment.hpp"
+
+#include "vmime/mailbox.hpp"
+#include "vmime/addressList.hpp"
+#include "vmime/dateTime.hpp"
+
+#include "vmime/textPart.hpp"
+
+
+namespace vmime {
+
+
+/** A helper for parsing MIME messages.
+  */
+class VMIME_EXPORT messageParser {
+
+public:
+
+	messageParser(const string& buffer);
+	messageParser(const shared_ptr <const message>& msg);
+	~messageParser();
+
+public:
+
+	/** Return the expeditor of the message (From:).
+	  *
+	  * @return expeditor of the message
+	  */
+	const mailbox& getExpeditor() const;
+
+	/** Return the recipients of the message (To:).
+	  *
+	  * return recipients of the message
+	  */
+	const addressList& getRecipients() const;
+
+	/** Return the copy recipients of the message (Cc:).
+	  *
+	  * @return copy recipients of the message
+	  */
+	const addressList& getCopyRecipients() const;
+
+	/** Return the blind-copy recipients of the message (Bcc:).
+	  *
+	  * @return blind-copy recipients of the message
+	  */
+	const addressList& getBlindCopyRecipients() const;
+
+	/** Return the subject of the message.
+	  *
+	  * @return subject of the message
+	  */
+	const text& getSubject() const;
+
+	/** Return the date of the message.
+	  *
+	  * @return date of the message
+	  */
+	const datetime& getDate() const;
+
+	/** Return the number of attachments in the message.
+	  *
+	  * @return number of attachments
+	  */
+	size_t getAttachmentCount() const;
+
+	/** Return the attachment at the specified position.
+	  *
+	  * @param pos position of the attachment
+	  * @return attachment at position 'pos'
+	  */
+	const shared_ptr <const attachment> getAttachmentAt(const size_t pos) const;
+
+	/** Return the attachments of the message.
+	  *
+	  * @return list of attachments in the message
+	  */
+	const std::vector <shared_ptr <const attachment> > getAttachmentList() const;
+
+	/** Return the text parts of the message.
+	  *
+	  * @return list of text parts in the message
+	  */
+	const std::vector <shared_ptr <const textPart> > getTextPartList() const;
+
+	/** Return the number of text parts in the message.
+	  *
+	  * @return number of text parts
+	  */
+	size_t getTextPartCount() const;
+
+	/** Return the text part at the specified position.
+	  *
+	  * @param pos position of the text part
+	  * @return text part at position 'pos'
+	  */
+	const shared_ptr <const textPart> getTextPartAt(const size_t pos) const;
+
+private:
+
+	mailbox m_from;
+
+	addressList m_to;
+	addressList m_cc;
+	addressList m_bcc;
+
+	text m_subject;
+
+	datetime m_date;
+
+	std::vector <shared_ptr <const attachment> > m_attach;
+
+	std::vector <shared_ptr <textPart> > m_textParts;
+
+	void parse(const shared_ptr <const message>& msg);
+
+	void findAttachments(const shared_ptr <const message>& msg);
+
+	void findTextParts(
+		const shared_ptr <const bodyPart>& msg,
+		const shared_ptr <const bodyPart>& part
+	);
+
+	bool findSubTextParts(
+		const shared_ptr <const bodyPart>& msg,
+		const shared_ptr <const bodyPart>& part
+	);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_MESSAGEPARSER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/misc/importanceHelper.cpp b/vmime-master/src/vmime/misc/importanceHelper.cpp
new file mode 100644
index 0000000..20c8e13
--- /dev/null
+++ b/vmime-master/src/vmime/misc/importanceHelper.cpp
@@ -0,0 +1,163 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/misc/importanceHelper.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/text.hpp"
+
+
+namespace vmime {
+namespace misc {
+
+
+void importanceHelper::resetImportance(const shared_ptr <message>& msg) {
+
+	resetImportanceHeader(msg->getHeader());
+}
+
+
+void importanceHelper::resetImportanceHeader(const shared_ptr <header>& hdr) {
+
+	shared_ptr <headerField> fld;
+
+	if ((fld = hdr->findField("X-Priority")))
+		hdr->removeField(fld);
+
+	if ((fld = hdr->findField("Importance")))
+		hdr->removeField(fld);
+}
+
+
+importanceHelper::Importance importanceHelper::getImportance(const shared_ptr <const message>& msg) {
+
+	return getImportanceHeader(msg->getHeader());
+}
+
+
+importanceHelper::Importance importanceHelper::getImportanceHeader(const shared_ptr <const header>& hdr) {
+
+	// Try "X-Priority" field
+	shared_ptr <const headerField> fld = hdr->findField("X-Priority");
+
+	if (fld) {
+
+		const string value = fld->getValue <text>()->getWholeBuffer();
+
+		int n = IMPORTANCE_NORMAL;
+
+		std::istringstream iss(value);
+		iss.imbue(std::locale::classic());
+
+		iss >> n;
+
+		Importance i = IMPORTANCE_NORMAL;
+
+		switch (n) {
+			case 1: i = IMPORTANCE_HIGHEST; break;
+			case 2: i = IMPORTANCE_HIGH; break;
+			case 3: i = IMPORTANCE_NORMAL; break;
+			case 4: i = IMPORTANCE_LOW; break;
+			case 5: i = IMPORTANCE_LOWEST; break;
+		}
+
+		return i;
+
+	} else {
+
+		// Try "Importance" field
+		fld = hdr->findField("Importance");
+
+		if (fld) {
+
+			const string value = utility::stringUtils::toLower(utility::stringUtils::trim
+				(fld->getValue <text>()->getWholeBuffer()));
+
+			if (value == "low") {
+				return IMPORTANCE_LOWEST;
+			} else if (value == "high") {
+				return IMPORTANCE_HIGHEST;
+			} else {
+				return IMPORTANCE_NORMAL;
+			}
+
+		} else {
+
+			// Default
+			return IMPORTANCE_NORMAL;
+		}
+	}
+
+	// Should not go here...
+	return IMPORTANCE_NORMAL;
+}
+
+
+void importanceHelper::setImportance(const shared_ptr <message>& msg, const Importance i) {
+
+	setImportanceHeader(msg->getHeader(), i);
+}
+
+
+void importanceHelper::setImportanceHeader(const shared_ptr <header>& hdr, const Importance i) {
+
+	// "X-Priority:" Field
+	shared_ptr <headerField> fld = hdr->getField("X-Priority");
+
+	switch (i) {
+		case IMPORTANCE_HIGHEST: fld->setValue("1 (Highest)"); break;
+		case IMPORTANCE_HIGH:    fld->setValue("2 (High)"); break;
+		default:
+		case IMPORTANCE_NORMAL:  fld->setValue("3 (Normal)"); break;
+		case IMPORTANCE_LOW:     fld->setValue("4 (Low)"); break;
+		case IMPORTANCE_LOWEST:  fld->setValue("5 (Lowest)"); break;
+	}
+
+	// "Importance:" Field
+	fld = hdr->getField("Importance");
+
+	switch (i) {
+
+		case IMPORTANCE_HIGHEST:
+		case IMPORTANCE_HIGH:
+
+			fld->setValue("high");
+			break;
+
+		default:
+		case IMPORTANCE_NORMAL:
+
+			fld->setValue("normal");
+			break;
+
+		case IMPORTANCE_LOWEST:
+		case IMPORTANCE_LOW:
+
+			fld->setValue("low");
+			break;
+	}
+}
+
+
+} // misc
+} // vmime
diff --git a/vmime-master/src/vmime/misc/importanceHelper.hpp b/vmime-master/src/vmime/misc/importanceHelper.hpp
new file mode 100644
index 0000000..45e0bcc
--- /dev/null
+++ b/vmime-master/src/vmime/misc/importanceHelper.hpp
@@ -0,0 +1,103 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_MISC_IMPORTANCEHELPER_HPP_INCLUDED
+#define VMIME_MISC_IMPORTANCEHELPER_HPP_INCLUDED
+
+
+#include "vmime/message.hpp"
+
+
+namespace vmime {
+namespace misc {
+
+
+/** Deals with setting and retrieving message importance (also
+  * known as priority).
+  *
+  * Basically, it wraps the use of the 'X-Priority' (non standard)
+  * and 'Importance' (RFC-1327, RFC-1911) fields.
+  */
+class VMIME_EXPORT importanceHelper {
+
+public:
+
+	/** Different levels of importance. */
+	enum Importance {
+		IMPORTANCE_HIGHEST,
+		IMPORTANCE_HIGH,
+		IMPORTANCE_NORMAL,
+		IMPORTANCE_LOW,
+		IMPORTANCE_LOWEST
+	};
+
+
+	/** Reset the importance of the message to the default importance.
+	  *
+	  * @param msg message on which to reset importance
+	  */
+	static void resetImportance(const shared_ptr <message>& msg);
+
+	/** Reset the importance of a message to the default importance.
+	  *
+	  * @param hdr message header on which to reset importance
+	  */
+	static void resetImportanceHeader(const shared_ptr <header>& hdr);
+
+	/** Return the importance of the specified message.
+	  *
+	  * @param msg message from which to retrieve importance
+	  * @return importance of the message, or default importance is no
+	  * information about importance is given in the message
+	  */
+	static Importance getImportance(const shared_ptr <const message>& msg);
+
+	/** Return the importance of a message, given its header.
+	  *
+	  * @param hdr message header from which to retrieve importance
+	  * @return importance of the message, or default importance is no
+	  * information about importance is given in the message
+	  */
+	static Importance getImportanceHeader(const shared_ptr <const header>& hdr);
+
+	/** Set the importance of the specified message.
+	  *
+	  * @param msg message on which to set importance
+	  * @param i new message importance
+	  */
+	static void setImportance(const shared_ptr <message>& msg, const Importance i);
+
+	/** Set the importance of a message, given its header.
+	  *
+	  * @param hdr message header on which to set importance
+	  * @param i new message importance
+	  */
+	static void setImportanceHeader(const shared_ptr <header>& hdr, const Importance i);
+};
+
+
+} // misc
+} // vmime
+
+
+#endif // VMIME_MISC_IMPORTANCEHELPER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/builtinServices.inl b/vmime-master/src/vmime/net/builtinServices.inl
new file mode 100644
index 0000000..2f67d2e
--- /dev/null
+++ b/vmime-master/src/vmime/net/builtinServices.inl
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+
+// Include registration helpers
+#include "vmime/net/serviceRegistration.inl"
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#if VMIME_HAVE_MESSAGING_PROTO_POP3
+	#include "vmime/net/pop3/POP3Store.hpp"
+	REGISTER_SERVICE(pop3::POP3Store, pop3, TYPE_STORE);
+
+	#if VMIME_HAVE_TLS_SUPPORT
+		#include "vmime/net/pop3/POP3SStore.hpp"
+		REGISTER_SERVICE(pop3::POP3SStore, pop3s, TYPE_STORE);
+	#endif // VMIME_HAVE_TLS_SUPPORT
+#endif
+
+
+#if VMIME_HAVE_MESSAGING_PROTO_SMTP
+	#include "vmime/net/smtp/SMTPTransport.hpp"
+	REGISTER_SERVICE(smtp::SMTPTransport, smtp, TYPE_TRANSPORT);
+
+	#if VMIME_HAVE_TLS_SUPPORT
+		#include "vmime/net/smtp/SMTPSTransport.hpp"
+		REGISTER_SERVICE(smtp::SMTPSTransport, smtps, TYPE_TRANSPORT);
+	#endif // VMIME_HAVE_TLS_SUPPORT
+#endif
+
+
+#if VMIME_HAVE_MESSAGING_PROTO_IMAP
+	#include "vmime/net/imap/IMAPStore.hpp"
+	REGISTER_SERVICE(imap::IMAPStore, imap, TYPE_STORE);
+
+	#if VMIME_HAVE_TLS_SUPPORT
+		#include "vmime/net/imap/IMAPSStore.hpp"
+		REGISTER_SERVICE(imap::IMAPSStore, imaps, TYPE_STORE);
+	#endif // VMIME_HAVE_TLS_SUPPORT
+#endif
+
+
+#if VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+	#include "vmime/net/maildir/maildirStore.hpp"
+	REGISTER_SERVICE(maildir::maildirStore, maildir, TYPE_STORE);
+#endif
+
+#if VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+	#include "vmime/net/sendmail/sendmailTransport.hpp"
+	REGISTER_SERVICE(sendmail::sendmailTransport, sendmail, TYPE_TRANSPORT);
+#endif
+
+
+#endif // VMIME_BUILDING_DOC
diff --git a/vmime-master/src/vmime/net/connectionInfos.hpp b/vmime-master/src/vmime/net/connectionInfos.hpp
new file mode 100644
index 0000000..0e519c7
--- /dev/null
+++ b/vmime-master/src/vmime/net/connectionInfos.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_CONNECTIONINFOS_HPP_INCLUDED
+#define VMIME_NET_CONNECTIONINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/object.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Information about the connection used by a service.
+  */
+class VMIME_EXPORT connectionInfos : public object {
+
+public:
+
+	/** Return the host to which the service is connected.
+	  *
+	  * @return server host name or address
+	  */
+	virtual const string getHost() const = 0;
+
+	/** Return the port to which the service is connected.
+	  *
+	  * @return server port
+	  */
+	virtual port_t getPort() const = 0;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_CONNECTIONINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/defaultConnectionInfos.cpp b/vmime-master/src/vmime/net/defaultConnectionInfos.cpp
new file mode 100644
index 0000000..889f214
--- /dev/null
+++ b/vmime-master/src/vmime/net/defaultConnectionInfos.cpp
@@ -0,0 +1,60 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+defaultConnectionInfos::defaultConnectionInfos(const string& host, const port_t port)
+	: m_host(host), m_port(port) {
+
+}
+
+
+const string defaultConnectionInfos::getHost() const {
+
+	return m_host;
+}
+
+
+port_t defaultConnectionInfos::getPort() const {
+
+	return m_port;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/defaultConnectionInfos.hpp b/vmime-master/src/vmime/net/defaultConnectionInfos.hpp
new file mode 100644
index 0000000..f348859
--- /dev/null
+++ b/vmime-master/src/vmime/net/defaultConnectionInfos.hpp
@@ -0,0 +1,66 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_DEFAULTCONNECTIONINFOS_HPP_INCLUDED
+#define VMIME_NET_DEFAULTCONNECTIONINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/connectionInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Information about the connection used by a service.
+  */
+class VMIME_EXPORT defaultConnectionInfos : public connectionInfos {
+
+public:
+
+	defaultConnectionInfos(const string& host, const port_t port);
+
+	const string getHost() const;
+	port_t getPort() const;
+
+private:
+
+	string m_host;
+	port_t m_port;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_DEFAULTCONNECTIONINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/defaultTimeoutHandler.cpp b/vmime-master/src/vmime/net/defaultTimeoutHandler.cpp
new file mode 100644
index 0000000..f5dcc7d
--- /dev/null
+++ b/vmime-master/src/vmime/net/defaultTimeoutHandler.cpp
@@ -0,0 +1,78 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/defaultTimeoutHandler.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+defaultTimeoutHandler::defaultTimeoutHandler() {
+
+	m_startTime = time(NULL);
+}
+
+
+defaultTimeoutHandler::~defaultTimeoutHandler() {
+
+}
+
+
+bool defaultTimeoutHandler::isTimeOut() {
+
+	return time(NULL) - m_startTime >= 30;
+}
+
+
+void defaultTimeoutHandler::resetTimeOut() {
+
+	m_startTime = time(NULL);
+}
+
+
+bool defaultTimeoutHandler::handleTimeOut() {
+
+	return false;
+}
+
+
+
+
+shared_ptr <timeoutHandler> defaultTimeoutHandlerFactory::create() {
+
+	return make_shared <defaultTimeoutHandler>();
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/defaultTimeoutHandler.hpp b/vmime-master/src/vmime/net/defaultTimeoutHandler.hpp
new file mode 100644
index 0000000..545c655
--- /dev/null
+++ b/vmime-master/src/vmime/net/defaultTimeoutHandler.hpp
@@ -0,0 +1,80 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_DEFAULTTIMEOUTHANDLER_HPP_INCLUDED
+#define VMIME_NET_DEFAULTTIMEOUTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/timeoutHandler.hpp"
+
+#include <ctime>
+
+
+namespace vmime {
+namespace net {
+
+
+/** A default timeout handler for messaging services. The default action
+  * is to throw a exceptions::operation_timed_out exception when an
+  * operation is blocked for more than 30 seconds.
+  */
+class VMIME_EXPORT defaultTimeoutHandler : public timeoutHandler {
+
+public:
+
+	defaultTimeoutHandler();
+	~defaultTimeoutHandler();
+
+	bool isTimeOut();
+	void resetTimeOut();
+	bool handleTimeOut();
+
+private:
+
+	time_t m_startTime;
+};
+
+
+/** A class that creates default timeout handlers.
+  */
+class defaultTimeoutHandlerFactory : public timeoutHandlerFactory {
+
+public:
+
+	shared_ptr <timeoutHandler> create();
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_DEFAULTTIMEOUTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/dsnAttributes.cpp b/vmime-master/src/vmime/net/dsnAttributes.cpp
new file mode 100644
index 0000000..dc949b9
--- /dev/null
+++ b/vmime-master/src/vmime/net/dsnAttributes.cpp
@@ -0,0 +1,71 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2020 Jan Osusky <jan@osusky.name>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/dsnAttributes.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+dsnAttributes::dsnAttributes(const string& dsnNotify, const string& dsnRet, const string& dsnEnvelopId)
+	: m_notifications(dsnNotify), m_returnFormat(dsnRet), m_envelopId(dsnEnvelopId) {
+
+}
+
+
+string dsnAttributes::getNotificationConditions() const {
+
+	return m_notifications;
+}
+
+
+string dsnAttributes::getReturnFormat() const {
+
+	return m_returnFormat;
+}
+
+
+string dsnAttributes::getEnvelopId() const {
+
+	return m_envelopId;
+}
+
+
+bool dsnAttributes::isEmpty() const {
+
+	return m_notifications.empty() && m_returnFormat.empty() && m_envelopId.empty();
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/dsnAttributes.hpp b/vmime-master/src/vmime/net/dsnAttributes.hpp
new file mode 100644
index 0000000..945da28
--- /dev/null
+++ b/vmime-master/src/vmime/net/dsnAttributes.hpp
@@ -0,0 +1,114 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2020 Jan Osusky <jan@osusky.name>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_DSNATTRIBUTES_HPP_INCLUDED
+#define VMIME_NET_DSNATTRIBUTES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Holds a set of attributes for Delivery Status Notifications (DSN).
+  */
+class VMIME_EXPORT dsnAttributes : public object {
+
+public:
+
+	/** Constructs an empty dsnAttributes object.
+	  */
+	dsnAttributes() = default;
+
+	/** Constructs a new dsnAttributes object by copying an existing object.
+	  *
+	  * @param dsn object to copy
+	  */
+	dsnAttributes(const dsnAttributes& dsn) = default;
+
+	/** Constructs a new dsnAttributes object by moving an existing object.
+	  *
+	  * @param dsn object (Rvalue reference) to move from.
+	  */
+	dsnAttributes(dsnAttributes&& dsn) = default;
+
+	~dsnAttributes() = default;
+
+	/** Constructs a new dsnAttributes object by specifying the attributes.
+	  *
+	  * @param dsnNotify comma separated list of notification conditions as specified in RFC 1891
+	  * @param dsnRet content of DSN - full message or headers only ("FULL" or "HDRS")
+	  * @param dsnEnvelopId envelop ID to be able to pair the DSN with original message (plain text not in "<" ">")
+	  */
+	dsnAttributes(const string& dsnNotify, const string& dsnRet, const string& dsnEnvelopId);
+
+	/** Returns comma separated list of notification conditions as specified in RFC 1891
+	  *
+	  * @return comma separated list of notification conditions as specified in RFC 1891
+	  */
+	string getNotificationConditions() const;
+
+	/** Returns requested format of the notification (RET parameter of the ESMTP MAIL command).
+	  *
+	  * @return requested format of the notification.
+	  */
+	string getReturnFormat() const;
+
+	/** Returns envelop ID used to pair the DSN with the original message.
+	  *
+	  * @return envelop ID used to pair the DSN with the original message.
+	  */
+	string getEnvelopId() const;
+
+	/** Returns whether the object is empty, and no attribute has been set.
+	  *
+	  * @return true if object is empty, or false otherwise
+	  */
+	bool isEmpty() const;
+
+private:
+
+	string m_notifications;
+	string m_returnFormat;
+	string m_envelopId;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_NET_DSNATTRIBUTES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/events.cpp b/vmime-master/src/vmime/net/events.cpp
new file mode 100644
index 0000000..8660812
--- /dev/null
+++ b/vmime-master/src/vmime/net/events.cpp
@@ -0,0 +1,180 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/events.hpp"
+#include "vmime/net/folder.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+namespace events {
+
+
+//
+// event
+//
+
+event::event() {
+
+}
+
+
+event::~event() {
+
+}
+
+
+//
+// messageCountEvent
+//
+
+const char* messageCountEvent::EVENT_CLASS = "messageCountEvent";
+
+
+messageCountEvent::messageCountEvent(
+	const shared_ptr <folder>& folder,
+	const Types type,
+	const std::vector <size_t>& nums
+)
+	: m_folder(folder),
+	  m_type(type) {
+
+	m_nums.resize(nums.size());
+	std::copy(nums.begin(), nums.end(), m_nums.begin());
+}
+
+
+shared_ptr <folder> messageCountEvent::getFolder() const { return (m_folder); }
+messageCountEvent::Types messageCountEvent::getType() const { return (m_type); }
+const std::vector <size_t>& messageCountEvent::getNumbers() const { return (m_nums); }
+
+
+void messageCountEvent::dispatch(messageCountListener* listener) {
+
+	if (m_type == TYPE_ADDED) {
+		listener->messagesAdded(dynamicCast <messageCountEvent>(shared_from_this()));
+	} else {
+		listener->messagesRemoved(dynamicCast <messageCountEvent>(shared_from_this()));
+	}
+}
+
+
+const char* messageCountEvent::getClass() const {
+
+	return EVENT_CLASS;
+}
+
+
+//
+// messageChangedEvent
+//
+
+const char* messageChangedEvent::EVENT_CLASS = "messageChangedEvent";
+
+
+messageChangedEvent::messageChangedEvent(
+	const shared_ptr <folder>& folder,
+	const Types type,
+	const std::vector <size_t>& nums
+)
+	: m_folder(folder),
+	  m_type(type) {
+
+	m_nums.resize(nums.size());
+	std::copy(nums.begin(), nums.end(), m_nums.begin());
+}
+
+
+shared_ptr <folder> messageChangedEvent::getFolder() const { return (m_folder); }
+messageChangedEvent::Types messageChangedEvent::getType() const { return (m_type); }
+const std::vector <size_t>& messageChangedEvent::getNumbers() const { return (m_nums); }
+
+
+void messageChangedEvent::dispatch(messageChangedListener* listener) {
+
+	listener->messageChanged(dynamicCast <messageChangedEvent>(shared_from_this()));
+}
+
+
+const char* messageChangedEvent::getClass() const {
+
+	return EVENT_CLASS;
+}
+
+
+//
+// folderEvent
+//
+
+const char* folderEvent::EVENT_CLASS = "folderEvent";
+
+
+folderEvent::folderEvent(
+	const shared_ptr <folder>& folder,
+	const Types type,
+	const utility::path& oldPath,
+	const utility::path& newPath
+)
+	: m_folder(folder),
+	  m_type(type),
+	  m_oldPath(oldPath),
+	  m_newPath(newPath) {
+
+}
+
+
+shared_ptr <folder> folderEvent::getFolder() const { return (m_folder); }
+folderEvent::Types folderEvent::getType() const { return (m_type); }
+
+
+void folderEvent::dispatch(folderListener* listener) {
+
+	switch (m_type) {
+		case TYPE_CREATED: listener->folderCreated(dynamicCast <folderEvent>(shared_from_this())); break;
+		case TYPE_RENAMED: listener->folderRenamed(dynamicCast <folderEvent>(shared_from_this())); break;
+		case TYPE_DELETED: listener->folderDeleted(dynamicCast <folderEvent>(shared_from_this())); break;
+	}
+}
+
+
+const char* folderEvent::getClass() const {
+
+	return EVENT_CLASS;
+}
+
+
+} // events
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/events.hpp b/vmime-master/src/vmime/net/events.hpp
new file mode 100644
index 0000000..2ad64e7
--- /dev/null
+++ b/vmime-master/src/vmime/net/events.hpp
@@ -0,0 +1,276 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_EVENTS_HPP_INCLUDED
+#define VMIME_NET_EVENTS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/utility/path.hpp"
+
+
+namespace vmime {
+namespace net {
+
+class folder;
+
+namespace events {
+
+
+/** Event occurring on folders or messages.
+  */
+class VMIME_EXPORT event : public object, public enable_shared_from_this <event> {
+
+public:
+
+	event();
+	virtual ~event();
+
+	virtual const char* getClass() const = 0;
+};
+
+
+/** Event about the message count in a folder.
+  */
+class VMIME_EXPORT messageCountEvent : public event {
+
+public:
+
+	static const char* EVENT_CLASS;
+
+
+	enum Types {
+		TYPE_ADDED,     /**< New messages have been added. */
+		TYPE_REMOVED    /**< Messages have been expunged (renumbering). */
+	};
+
+
+	messageCountEvent(
+		const shared_ptr <folder>& folder,
+		const Types type,
+		const std::vector <size_t>& nums
+	);
+
+	/** Return the folder in which messages have been added/removed.
+	  *
+	  * @return folder in which message count changed
+	  */
+	shared_ptr <folder> getFolder() const;
+
+	/** Return the event type.
+	  *
+	  * @return event type (see messageCountEvent::Types)
+	  */
+	Types getType() const;
+
+	/** Return the numbers of the messages that have been added/removed.
+	  *
+	  * @return a list of message numbers
+	  */
+	const std::vector <size_t>& getNumbers() const;
+
+	/** Dispatch the event to the specified listener.
+	  *
+	  * @param listener listener to notify
+	  */
+	void dispatch(class messageCountListener* listener);
+
+
+	const char* getClass() const;
+
+private:
+
+	shared_ptr <folder> m_folder;
+	const Types m_type;
+	std::vector <size_t> m_nums;
+};
+
+
+/** Listener for events about the message count in a folder.
+  */
+class VMIME_EXPORT messageCountListener {
+
+protected:
+
+	virtual ~messageCountListener() { }
+
+public:
+
+	virtual void messagesAdded(const shared_ptr <messageCountEvent>& event) = 0;
+	virtual void messagesRemoved(const shared_ptr <messageCountEvent>& event) = 0;
+};
+
+
+/** Event occuring on a message.
+  */
+class VMIME_EXPORT messageChangedEvent : public event {
+
+public:
+
+	static const char* EVENT_CLASS;
+
+
+	enum Types {
+		TYPE_FLAGS    // flags changed
+	};
+
+
+	messageChangedEvent(
+		const shared_ptr <folder>& folder,
+		const Types type,
+		const std::vector <size_t>& nums
+	);
+
+	/** Return the folder in which messages have changed.
+	  *
+	  * @return folder in which message count changed
+	  */
+	shared_ptr <folder> getFolder() const;
+
+	/** Return the event type.
+	  *
+	  * @return event type (see messageChangedEvent::Types)
+	  */
+	Types getType() const;
+
+	/** Return the numbers of the messages that have changed.
+	  *
+	  * @return a list of message numbers
+	  */
+	const std::vector <size_t>& getNumbers() const;
+
+	/** Dispatch the event to the specified listener.
+	  *
+	  * @param listener listener to notify
+	  */
+	void dispatch(class messageChangedListener* listener);
+
+
+	const char* getClass() const;
+
+private:
+
+	shared_ptr <folder> m_folder;
+	const Types m_type;
+	std::vector <size_t> m_nums;
+};
+
+
+/** Listener for events occuring on a message.
+  */
+class VMIME_EXPORT messageChangedListener {
+
+protected:
+
+	virtual ~messageChangedListener() { }
+
+public:
+
+	virtual void messageChanged(const shared_ptr <messageChangedEvent>& event) = 0;
+};
+
+
+/** Event occuring on a folder.
+  */
+class VMIME_EXPORT folderEvent : public event {
+
+public:
+
+	static const char* EVENT_CLASS;
+
+
+	enum Types {
+		TYPE_CREATED,   /**< A folder was created. */
+		TYPE_DELETED,   /**< A folder was deleted. */
+		TYPE_RENAMED    /**< A folder was renamed. */
+	};
+
+
+	folderEvent(
+		const shared_ptr <folder>& folder,
+		const Types type,
+		const utility::path& oldPath,
+		const utility::path& newPath
+	);
+
+	/** Return the folder on which the event occurred.
+	  *
+	  * @return folder on which the event occurred
+	  */
+	shared_ptr <folder> getFolder() const;
+
+	/** Return the event type.
+	  *
+	  * @return event type (see folderEvent::Types)
+	  */
+	Types getType() const;
+
+	/** Dispatch the event to the specified listener.
+	  *
+	  * @param listener listener to notify
+	  */
+	void dispatch(class folderListener* listener);
+
+
+	const char* getClass() const;
+
+private:
+
+	shared_ptr <folder> m_folder;
+	const Types m_type;
+	const utility::path m_oldPath;
+	const utility::path m_newPath;
+};
+
+
+/** Listener for events occuring on a folder.
+  */
+class VMIME_EXPORT folderListener {
+
+protected:
+
+	virtual ~folderListener() { }
+
+public:
+
+	virtual void folderCreated(const shared_ptr <folderEvent>& event) = 0;
+	virtual void folderRenamed(const shared_ptr <folderEvent>& event) = 0;
+	virtual void folderDeleted(const shared_ptr <folderEvent>& event) = 0;
+};
+
+
+} // events
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_EVENTS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/fetchAttributes.cpp b/vmime-master/src/vmime/net/fetchAttributes.cpp
new file mode 100644
index 0000000..d9b54b8
--- /dev/null
+++ b/vmime-master/src/vmime/net/fetchAttributes.cpp
@@ -0,0 +1,98 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/fetchAttributes.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+
+
+fetchAttributes::fetchAttributes()
+	: m_predefinedAttribs(0) {
+
+}
+
+
+fetchAttributes::fetchAttributes(const int attribs)
+	: m_predefinedAttribs(attribs) {
+
+}
+
+
+fetchAttributes::fetchAttributes(const fetchAttributes& attribs)
+	: object() {
+
+	m_predefinedAttribs = attribs.m_predefinedAttribs;
+	m_headers = attribs.m_headers;
+}
+
+
+void fetchAttributes::add(const int attribs) {
+
+	m_predefinedAttribs |= attribs;
+}
+
+
+void fetchAttributes::add(const string& header) {
+
+	m_headers.push_back(utility::stringUtils::toLower(header));
+}
+
+
+bool fetchAttributes::has(const int attribs) const {
+
+	return (m_predefinedAttribs & attribs) != 0;
+}
+
+
+bool fetchAttributes::has(const string& header) const {
+
+	return std::find(
+		m_headers.begin(), m_headers.end(),
+		utility::stringUtils::toLower(header)
+	) != m_headers.end();
+}
+
+
+const std::vector <string> fetchAttributes::getHeaderFields() const {
+
+	return m_headers;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/fetchAttributes.hpp b/vmime-master/src/vmime/net/fetchAttributes.hpp
new file mode 100644
index 0000000..19d9262
--- /dev/null
+++ b/vmime-master/src/vmime/net/fetchAttributes.hpp
@@ -0,0 +1,140 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_FETCHATTRIBUTES_HPP_INCLUDED
+#define VMIME_NET_FETCHATTRIBUTES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Holds a set of attributes to fetch for a message.
+  */
+class VMIME_EXPORT fetchAttributes : public object {
+
+public:
+
+	/** Predefined attributes that can be fetched.
+	  */
+	enum PredefinedFetchAttributes {
+		ENVELOPE = (1 << 0),       /**< Sender, recipients, date, subject. */
+		STRUCTURE = (1 << 1),      /**< MIME structure (body parts). */
+		CONTENT_INFO = (1 << 2),   /**< Top-level content type. */
+		FLAGS = (1 << 3),          /**< Message flags. */
+		SIZE = (1 << 4),           /**< Message size (exact or estimated). */
+		FULL_HEADER = (1 << 5),    /**< Full RFC-[2]822 header. */
+		UID = (1 << 6),            /**< Unique identifier (protocol specific). */
+		IMPORTANCE = (1 << 7),     /**< Header fields suitable for use with misc::importanceHelper. */
+
+		CUSTOM = (1 << 16)         /**< Reserved for future use. */
+	};
+
+	/** Constructs an empty fetchAttributes object.
+	  */
+	fetchAttributes();
+
+	/** Constructs a new fetchAttributes object by specifying one or more
+	  * predefined objects.
+	  *
+	  * @param attribs one or more OR-ed values of the PredefinedFetchAttributes enum
+	  */
+	fetchAttributes(const int attribs);
+
+	/** Constructs a new fetchAttributes object by copying an existing object.
+	  *
+	  * @param attribs object to copy
+	  */
+	fetchAttributes(const fetchAttributes& attribs);
+
+	/** Adds the specified predefined attribute to the set of attributes to fetch.
+	  *
+	  * @param attribs one or more OR-ed values of the PredefinedFetchAttributes enum
+	  */
+	void add(const int attribs);
+
+	/** Adds the specified header field to the set of attributes to fetch.
+	  * Fetching custom header fields is not supported by all protocols.
+	  * At this time, only IMAP supports this.
+	  *
+	  * @param header name of header field (eg. "X-Mailer")
+	  */
+	void add(const string& header);
+
+	/** Returns true if the set contains the specified attribute(s).
+	  *
+	  * @param attribs one or more OR-ed values of the PredefinedFetchAttributes enum
+	  * @return true if the specified attributes are to be fetched
+	  */
+	bool has(const int attribs) const;
+
+	/** Returns true if the set contains the specified header field.
+	  *
+	  * @param header name of header field (eg. "X-Mailer")
+	  * @return true if the specified header fields are to be fetched
+	  */
+	bool has(const string& header) const;
+
+	/** Returns true if the set contains the specified attribute(s).
+	  *
+	  * \deprecated Use the has() methods instead
+	  *
+	  * @param attribs one or more OR-ed values of the PredefinedFetchAttributes enum
+	  * @return true if the specified attributes are to be fetched
+	  */
+	VMIME_DEPRECATED inline bool operator&(const int attribs) const {
+		return has(attribs);
+	}
+
+	/** Returns a list of header fields to fetch.
+	  *
+	  * @return list of header names (eg. "X-Mailer")
+	  */
+	const std::vector <string> getHeaderFields() const;
+
+private:
+
+	int m_predefinedAttribs;
+	std::vector <string> m_headers;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_NET_FETCHATTRIBUTES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/folder.cpp b/vmime-master/src/vmime/net/folder.cpp
new file mode 100644
index 0000000..6e01b60
--- /dev/null
+++ b/vmime-master/src/vmime/net/folder.cpp
@@ -0,0 +1,134 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/folder.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+
+
+int folder::getType() {
+
+	return getAttributes().getType();
+}
+
+
+int folder::getFlags() {
+
+	return getAttributes().getFlags();
+}
+
+
+void folder::addMessageChangedListener(events::messageChangedListener* l) {
+
+	m_messageChangedListeners.push_back(l);
+}
+
+
+void folder::removeMessageChangedListener(events::messageChangedListener* l) {
+
+	std::remove(m_messageChangedListeners.begin(), m_messageChangedListeners.end(), l);
+}
+
+
+void folder::notifyMessageChanged(const shared_ptr <events::messageChangedEvent>& event) {
+
+	for (std::list <events::messageChangedListener*>::iterator
+	     it = m_messageChangedListeners.begin() ; it != m_messageChangedListeners.end() ; ++it) {
+
+		event->dispatch(*it);
+	}
+}
+
+
+void folder::addMessageCountListener(events::messageCountListener* l) {
+
+	m_messageCountListeners.push_back(l);
+}
+
+
+void folder::removeMessageCountListener(events::messageCountListener* l) {
+
+	std::remove(m_messageCountListeners.begin(), m_messageCountListeners.end(), l);
+}
+
+
+void folder::notifyMessageCount(const shared_ptr <events::messageCountEvent>& event) {
+
+	for (std::list <events::messageCountListener*>::iterator
+	     it = m_messageCountListeners.begin() ; it != m_messageCountListeners.end() ; ++it) {
+
+		event->dispatch(*it);
+	}
+}
+
+
+void folder::addFolderListener(events::folderListener* l) {
+
+	m_folderListeners.push_back(l);
+}
+
+
+void folder::removeFolderListener(events::folderListener* l) {
+
+	std::remove(m_folderListeners.begin(), m_folderListeners.end(), l);
+}
+
+
+void folder::notifyFolder(const shared_ptr <events::folderEvent>& event) {
+
+	for (std::list <events::folderListener*>::iterator
+	     it = m_folderListeners.begin() ; it != m_folderListeners.end() ; ++it) {
+
+		event->dispatch(*it);
+	}
+}
+
+
+void folder::notifyEvent(const shared_ptr <events::event>& event) {
+
+	if (event->getClass() == events::messageCountEvent::EVENT_CLASS) {
+		notifyMessageCount(dynamicCast <events::messageCountEvent>(event));
+	} else if (event->getClass() == events::messageChangedEvent::EVENT_CLASS) {
+		notifyMessageChanged(dynamicCast <events::messageChangedEvent>(event));
+	} else if (event->getClass() == events::folderEvent::EVENT_CLASS) {
+		notifyFolder(dynamicCast <events::folderEvent>(event));
+	}
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/folder.hpp b/vmime-master/src/vmime/net/folder.hpp
new file mode 100644
index 0000000..4d5cf6e
--- /dev/null
+++ b/vmime-master/src/vmime/net/folder.hpp
@@ -0,0 +1,440 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_FOLDER_HPP_INCLUDED
+#define VMIME_NET_FOLDER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+#include "vmime/dateTime.hpp"
+
+#include "vmime/message.hpp"
+#include "vmime/net/message.hpp"
+#include "vmime/net/messageSet.hpp"
+#include "vmime/net/events.hpp"
+#include "vmime/net/folderStatus.hpp"
+#include "vmime/net/fetchAttributes.hpp"
+#include "vmime/net/folderAttributes.hpp"
+
+#include "vmime/utility/path.hpp"
+#include "vmime/utility/stream.hpp"
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class store;
+
+
+/** Abstract representation of a folder in a message store.
+  */
+class VMIME_EXPORT folder : public object, public enable_shared_from_this <folder> {
+
+protected:
+
+	folder(const folder&) : object(), enable_shared_from_this <folder>() { }
+	folder() { }
+
+
+	enum PrivateConstants {
+		TYPE_UNDEFINED = 9999,      /**< Used internally to indicate type has not
+		                                 been initialized yet. */
+		FLAG_UNDEFINED = 9999       /**< Used internally to indicate flags have not
+		                                 been initialized yet. */
+	};
+
+public:
+
+	virtual ~folder() { }
+
+	/** Type used for fully qualified path name of a folder.
+	  */
+	typedef vmime::utility::path path;
+
+
+	/** Open mode.
+	  */
+	enum Modes {
+		MODE_READ_ONLY,    /**< Read-only mode (no modification to folder or messages is possible). */
+		MODE_READ_WRITE    /**< Full access mode (read and write). */
+	};
+
+
+	/** Return the type of this folder.
+	  *
+	  * \deprecated Use the getAttributes().getType() method instead
+	  *
+	  * @return folder type (see folderAttributes::Types enum)
+	  */
+	int getType();
+
+	/** Return the flags of this folder.
+	  *
+	  * \deprecated Use the getAttributes().getFlags() method instead
+	  *
+	  * @return folder flags (see folderAttributes::Flags enum)
+	  */
+	int getFlags();
+
+	/** Return the attributes of the folder.
+	  *
+	  * @return folder attributes (see folder::Flags)
+	  */
+	virtual const folderAttributes getAttributes() = 0;
+
+	/** Return the mode in which the folder has been open.
+	  *
+	  * @return folder opening mode (see folder::Modes)
+	  */
+	virtual int getMode() const = 0;
+
+	/** Return the name of this folder.
+	  *
+	  * @return folder name
+	  */
+	virtual const folder::path::component getName() const = 0;
+
+	/** Return the fully qualified path name of this folder.
+	  *
+	  * @return absolute path of the folder
+	  */
+	virtual const folder::path getFullPath() const = 0;
+
+	/** Open this folder.
+	  *
+	  * @param mode open mode (see folder::Modes)
+	  * @param failIfModeIsNotAvailable if set to false and if the requested mode
+	  * is not available, a more restricted mode will be selected automatically.
+	  * If set to true and if the requested mode is not available, the opening
+	  * will fail.
+	  * @throw exceptions::net_exception if an error occurs
+	  * @throw exceptions::folder_already_open if the folder is already open
+	  *        in the same session
+	  */
+	virtual void open(const int mode, bool failIfModeIsNotAvailable = false) = 0;
+
+	/** Close this folder.
+	  *
+	  * @param expunge if set to true, deleted messages are expunged
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void close(const bool expunge) = 0;
+
+	/** Create this folder.
+	  *
+	  * @param attribs attributes of the new folder
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void create(const folderAttributes& attribs) = 0;
+
+	/** Test whether this folder exists.
+	  *
+	  * @return true if the folder exists, false otherwise
+	  */
+	virtual bool exists() = 0;
+
+	/** Delete this folder.
+	  * The folder should be closed before attempting to delete it.
+	  *
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void destroy() = 0;
+
+	/** Test whether this folder is open.
+	  *
+	  * @return true if the folder is open, false otherwise
+	  */
+	virtual bool isOpen() const = 0;
+
+	/** Get a new reference to a message in this folder, given its number.
+	  *
+	  * @param num message sequence number
+	  * @return a new object referencing the specified message
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual shared_ptr <message> getMessage(const size_t num) = 0;
+
+	/** Get new references to messages in this folder, given either their
+	  * sequence numbers or UIDs.
+	  *
+	  * To retrieve messages by their number, use:
+	  * \code{.cpp}
+	  *    // Get messages from sequence number 5 to sequence number 8 (including)
+	  *    folder->getMessage(vmime::net::messageSet::byNumber(5, 8));
+	  *
+	  *    // Get all messages in the folder, starting from number 42
+	  *    folder->getMessage(vmime::net::messageSet::byNumber(42, -1));
+	  * \endcode
+	  * Or, to retrieve messages by their UID, use:
+	  * \code{.cpp}
+	  *    // Get messages from UID 1000 to UID 1042 (including)
+	  *    folder->getMessage(vmime::net::messageSet::byUID(1000, 1042));
+	  *
+	  *    // Get message with UID 1042
+	  *    folder->getMessage(vmime::net::messageSet::byUID(1042));
+	  *
+	  *    // Get all messages in the folder, starting from UID 1000
+	  *    folder->getMessage(vmime::net::messageSet::byUID(1000, "*"));
+	  * \endcode
+	  *
+	  * @param msgs index set of messages to retrieve
+	  * @return new objects referencing the specified messages
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual std::vector <shared_ptr <message> > getMessages(const messageSet& msgs) = 0;
+
+	/** Return the number of messages in this folder.
+	  *
+	  * @return number of messages in the folder
+	  */
+	virtual size_t getMessageCount() = 0;
+
+	/** Get a new reference to a sub-folder in this folder.
+	  *
+	  * @param name sub-folder name
+	  * @return a new object referencing the specified folder
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual shared_ptr <folder> getFolder(const folder::path::component& name) = 0;
+
+	/** Get the list of all sub-folders in this folder.
+	  *
+	  * @param recursive if set to true, all the descendant are returned.
+	  * If set to false, only the direct children are returned.
+	  * @return list of sub-folders
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual std::vector <shared_ptr <folder> > getFolders(const bool recursive = false) = 0;
+
+	/** Rename (move) this folder to another location.
+	  *
+	  * @param newPath new path of the folder
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void rename(const folder::path& newPath) = 0;
+
+	/** Remove one or more messages from this folder.
+	  *
+	  * @param msgs index set of messages to delete
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void deleteMessages(const messageSet& msgs) = 0;
+
+	/** Change the flags for one or more messages in this folder.
+	  *
+	  * @param msgs index set of messages on which to set the flags
+	  * @param flags set of flags (see message::Flags)
+	  * @param mode indicate how to treat old and new flags (see message::FlagsModes)
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void setMessageFlags(const messageSet& msgs, const int flags, const int mode = message::FLAG_MODE_SET) = 0;
+
+	/** Add a message to this folder.
+	  *
+	  * @param msg message to add (data: header + body)
+	  * @param flags flags for the new message (if -1, default flags are used)
+	  * @param date date/time for the new message (if NULL, the current time is used)
+	  * @param progress progress listener, or NULL if not used
+	  * @return a message set containing the number or UID of the new message, or
+	  * an empty set if the information could not be obtained (ie. the server does not
+	  * support returning the number or UID of an added message)
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual messageSet addMessage(
+		const shared_ptr <vmime::message>& msg,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	) = 0;
+
+	/** Add a message to this folder.
+	  *
+	  * @param is message to add (data: header + body)
+	  * @param size size of the message to add (in bytes)
+	  * @param flags flags for the new message (if -1, default flags are used)
+	  * @param date date/time for the new message (if NULL, the current time is used)
+	  * @param progress progress listener, or NULL if not used
+	  * @return a message set containing the number or UID of the new message, or
+	  * an empty set if the information could not be obtained (ie. the server does not
+	  * support returning the number or UID of an added message)
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual messageSet addMessage(
+		utility::inputStream& is,
+		const size_t size,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	) = 0;
+
+	/** Copy messages from this folder to another folder.
+	  *
+	  * @param dest destination folder path
+	  * @param msgs index set of messages to copy
+	  * @return a message set containing the number(s) or UID(s) of the copied message(s),
+	  * or an empty set if the information could not be obtained (ie. the server does not
+	  * support returning the number or UID of a copied message)
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual messageSet copyMessages(
+		const folder::path& dest,
+		const messageSet& msgs
+	) = 0;
+
+	/** Request folder status without opening it.
+	  *
+	  * \deprecated Use the new getStatus() method
+	  *
+	  * @param count will receive the number of messages in the folder
+	  * @param unseen will receive the number of unseen messages in the folder
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void status(size_t& count, size_t& unseen) = 0;
+
+	/** Request folder status without opening it.
+	  *
+	  * @return current folder status
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual shared_ptr <folderStatus> getStatus() = 0;
+
+	/** Expunge deleted messages.
+	  *
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void expunge() = 0;
+
+	/** Return a new folder object referencing the parent folder of this folder.
+	  *
+	  * @return parent folder object
+	  */
+	virtual shared_ptr <folder> getParent() = 0;
+
+	/** Return a reference to the store to which this folder belongs.
+	  *
+	  * @return the store object to which this folder is attached
+	  */
+	virtual shared_ptr <const store> getStore() const = 0;
+
+	/** Return a reference to the store to which this folder belongs.
+	  *
+	  * @return the store object to which this folder is attached
+	  */
+	virtual shared_ptr <store> getStore() = 0;
+
+	/** Fetch objects for the specified messages.
+	  *
+	  * @param msg list of message sequence numbers
+	  * @param attribs set of attributes to fetch
+	  * @param progress progress listener, or NULL if not used
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void fetchMessages(
+		std::vector <shared_ptr <message> >& msg,
+		const fetchAttributes& attribs,
+		utility::progressListener* progress = NULL
+	) = 0;
+
+	/** Fetch objects for the specified message.
+	  *
+	  * @param msg the message
+	  * @param attribs set of attributes to fetch
+	  * @throw exceptions::net_exception if an error occurs
+	  */
+	virtual void fetchMessage(
+		const shared_ptr <message>& msg,
+		const fetchAttributes& attribs
+	) = 0;
+
+	/** Get new references to messages in this folder, given either their
+	  * sequence numbers or UIDs, and fetch objects for them at the same time.
+	  *
+	  * @param msgs index set of messages to retrieve
+	  * @param attribs set of attributes to fetch
+	  * @return new objects referencing the specified messages
+	  * @throw exceptions::net_exception if an error occurs
+	  * @see folder::getMessages()
+	  * @see folder::fetchMessages()
+	  */
+	virtual std::vector <shared_ptr <message> > getAndFetchMessages(
+		const messageSet& msgs,
+		const fetchAttributes& attribs
+	) = 0;
+
+	/** Return the list of fetchable objects supported by
+	  * the underlying protocol (see folder::fetchAttributes).
+	  *
+	  * @return list of supported fetchable objects
+	  */
+	virtual int getFetchCapabilities() const = 0;
+
+	/** Return the sequence numbers of messages whose UID equal or greater than
+	  * the specified UID.
+ 	  *
+ 	  * @param uid the uid of the first message
+ 	  * @throw exceptions::net_exception if an error occurs
+ 	  */
+	virtual std::vector <size_t> getMessageNumbersStartingOnUID(const message::uid& uid) = 0;
+
+	// Event listeners
+	void addMessageChangedListener(events::messageChangedListener* l);
+	void removeMessageChangedListener(events::messageChangedListener* l);
+
+	void addMessageCountListener(events::messageCountListener* l);
+	void removeMessageCountListener(events::messageCountListener* l);
+
+	void addFolderListener(events::folderListener* l);
+	void removeFolderListener(events::folderListener* l);
+
+protected:
+
+	void notifyMessageChanged(const shared_ptr <events::messageChangedEvent>& event);
+	void notifyMessageCount(const shared_ptr <events::messageCountEvent>& event);
+	void notifyFolder(const shared_ptr <events::folderEvent>& event);
+	void notifyEvent(const shared_ptr <events::event>& event);
+
+private:
+
+	std::list <events::messageChangedListener*> m_messageChangedListeners;
+	std::list <events::messageCountListener*> m_messageCountListeners;
+	std::list <events::folderListener*> m_folderListeners;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_FOLDER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/folderAttributes.cpp b/vmime-master/src/vmime/net/folderAttributes.cpp
new file mode 100644
index 0000000..107007c
--- /dev/null
+++ b/vmime-master/src/vmime/net/folderAttributes.cpp
@@ -0,0 +1,122 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/folderAttributes.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+
+
+folderAttributes::folderAttributes()
+	: m_type(TYPE_CONTAINS_FOLDERS | TYPE_CONTAINS_MESSAGES),
+	  m_flags(0),
+	  m_specialUse(SPECIALUSE_NONE) {
+
+}
+
+
+folderAttributes::folderAttributes(const folderAttributes& attribs)
+	: object(),
+	  m_type(attribs.m_type),
+	  m_flags(attribs.m_flags),
+	  m_userFlags(attribs.m_userFlags),
+	  m_specialUse(attribs.m_specialUse) {
+
+}
+
+
+int folderAttributes::getType() const {
+
+	return m_type;
+}
+
+
+void folderAttributes::setType(const int type) {
+
+	m_type = type;
+}
+
+
+int folderAttributes::getSpecialUse() const {
+
+	return m_specialUse;
+}
+
+
+void folderAttributes::setSpecialUse(const int use) {
+
+	m_specialUse = use;
+}
+
+
+int folderAttributes::getFlags() const {
+
+	return m_flags;
+}
+
+
+void folderAttributes::setFlags(const int flags) {
+
+	m_flags = flags;
+}
+
+
+bool folderAttributes::hasFlag(const int flag) {
+
+	return (m_flags & flag) != 0;
+}
+
+
+const std::vector <string> folderAttributes::getUserFlags() const {
+
+	return m_userFlags;
+}
+
+
+void folderAttributes::setUserFlags(const std::vector <string>& flags) {
+
+	m_userFlags = flags;
+}
+
+
+bool folderAttributes::hasUserFlag(const string& flag) {
+
+	return std::find(m_userFlags.begin(), m_userFlags.end(), flag) != m_userFlags.end();
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/folderAttributes.hpp b/vmime-master/src/vmime/net/folderAttributes.hpp
new file mode 100644
index 0000000..715b72a
--- /dev/null
+++ b/vmime-master/src/vmime/net/folderAttributes.hpp
@@ -0,0 +1,177 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_FOLDERATTRIBUTES_HPP_INCLUDED
+#define VMIME_NET_FOLDERATTRIBUTES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Holds a set of attributes for a folder.
+  */
+class VMIME_EXPORT folderAttributes : public object {
+
+public:
+
+	/** Folder types.
+	  */
+	enum Types {
+		TYPE_CONTAINS_FOLDERS  = (1 << 0),   /**< Folder can contain folders. */
+		TYPE_CONTAINS_MESSAGES = (1 << 1)    /**< Folder can contain messages. */
+	};
+
+	/** Folder flags.
+	  */
+	enum Flags {
+		FLAG_HAS_CHILDREN = (1 << 0),        /**< Folder contains subfolders. */
+		FLAG_NO_OPEN  = (1 << 1)             /**< Folder cannot be open. */
+	};
+
+	/** Folder special uses.
+	  * Not all protocols support this. At the current time, only IMAP supports this,
+	  * if the server has the SPECIAL-USE capability.
+	  */
+	enum SpecialUses {
+		SPECIALUSE_NONE,         /**< User folder, no special use (or unknown). */
+		SPECIALUSE_ALL,          /**< Virtual folder containing all messages. */
+		SPECIALUSE_INBOX,        /**< Inbox. */
+		SPECIALUSE_ARCHIVE,      /**< Folder is used to archives messages (server-dependent). */
+		SPECIALUSE_DRAFTS,       /**< Folder is used to hold draft messages - typically, messages
+		                              that are being composed but have not yet been sent. */
+		SPECIALUSE_FLAGGED,      /**< Virtual folder containing all messages which are marked
+		                              in some way as "important" or "flagged". */
+		SPECIALUSE_JUNK,         /**< Folder is used to hold junk mail. */
+		SPECIALUSE_SENT,         /**< Folder is is used to hold copies of messages that have
+		                              been sent. */
+		SPECIALUSE_TRASH,        /**< Folder is used to hold messages that have been deleted or
+		                              marked for deletion (may be a virtual folder). */
+		SPECIALUSE_IMPORTANT     /**< Folder contains messages that are likely important to the
+		                              user. */
+	};
+
+
+	/** Construct a new folderAttributes object with the default set of attributes.
+	  */
+	folderAttributes();
+
+	/** Construct a new folderAttributes object by copying an existing object.
+	  *
+	  * @param attribs object to copy
+	  */
+	folderAttributes(const folderAttributes& attribs);
+
+	/** Return the type of the folder.
+	  *
+	  * @return combination of one ore more folder types (see folderAttributes::Types enum)
+	  */
+	int getType() const;
+
+	/** Set the type of the folder.
+	  *
+	  * @param type combination of one ore more folder types (see folderAttributes::Types enum)
+	  */
+	void setType(const int type);
+
+	/** Return the special use of the folder.
+	  * Not all protocols support this. At the current time, only IMAP supports this,
+	  * if the server has the SPECIAL-USE capability.
+	  *
+	  * @return a value which indicates a special use (see folderAttributes::SpecialUses enum)
+	  */
+	int getSpecialUse() const;
+
+	/** Set the special use of the folder.
+	  * Not all protocols support this. At the current time, only IMAP supports this,
+	  * if the server has the SPECIAL-USE capability.
+	  *
+	  * @param use a value which indicates a special use (see folderAttributes::SpecialUses enum)
+	  */
+	void setSpecialUse(const int use);
+
+	/** Return the standard (non-user) flags of the folder.
+	  *
+	  * @return combination of one ore more folder flags (see folderAttributes::Flags enum)
+	  */
+	int getFlags() const;
+
+	/** Set the standard (non-user) flags of the folder.
+	  *
+	  * @param type combination of one ore more folder flags (see folderAttributes::Flags enum)
+	  */
+	void setFlags(const int flags);
+
+	/** Return whether the specified folder flag(s) is/are set.
+	  *
+	  * @param flag combination of one ore more folder flags (see folderAttributes::Flags enum)
+	  * @return true if the specified flags are all set, or false otherwise
+	  */
+	bool hasFlag(const int flag);
+
+	/** Set the user-defined flags of the folder.
+	  *
+	  * @return a list of user-defined flags
+	  */
+	const std::vector <string> getUserFlags() const;
+
+	/** Set the user-defined flags of the folder.
+	  *
+	  * @param flags a list of user-defined flags
+	  */
+	void setUserFlags(const std::vector <string>& flags);
+
+	/** Return whether the specified user-defined flag is set.
+	  *
+	  * @return true if the specified flag is set, or false otherwise
+	  */
+	bool hasUserFlag(const string& flag);
+
+private:
+
+	int m_type;
+	int m_flags;
+	std::vector <string> m_userFlags;
+	int m_specialUse;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_NET_FOLDERATTRIBUTES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/folderStatus.hpp b/vmime-master/src/vmime/net/folderStatus.hpp
new file mode 100644
index 0000000..fcc4afc
--- /dev/null
+++ b/vmime-master/src/vmime/net/folderStatus.hpp
@@ -0,0 +1,73 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_FOLDERSTATUS_HPP_INCLUDED
+#define VMIME_NET_FOLDERSTATUS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Holds the status of a mail store folder.
+  */
+class VMIME_EXPORT folderStatus : public object {
+
+public:
+
+	/** Returns the total number of messages in the folder.
+	  *
+	  * @return number of messages
+	  */
+	virtual size_t getMessageCount() const = 0;
+
+	/** Returns the number of unseen messages in the folder.
+	  *
+	  * @return number of unseen messages
+	  */
+	virtual size_t getUnseenCount() const = 0;
+
+	/** Clones this object.
+	  *
+	  * @return a copy of this object
+	  */
+	virtual shared_ptr <folderStatus> clone() const = 0;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_FOLDERSTATUS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPCommand.cpp b/vmime-master/src/vmime/net/imap/IMAPCommand.cpp
new file mode 100644
index 0000000..8911ed0
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPCommand.cpp
@@ -0,0 +1,437 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPCommand.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPUtils.hpp"
+
+#include <sstream>
+
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPCommand::IMAPCommand(const string& text, const string& traceText)
+	: m_text(text),
+	  m_traceText(traceText) {
+
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::LOGIN(const string& username, const string& password) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "LOGIN " << IMAPUtils::quoteString(username)
+	    << " " << IMAPUtils::quoteString(password);
+
+	std::ostringstream trace;
+	trace.imbue(std::locale::classic());
+	trace << "LOGIN {username} {password}";
+
+	return createCommand(cmd.str(), trace.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::AUTHENTICATE(const string& mechName) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTHENTICATE " << mechName;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::AUTHENTICATE(const string& mechName, const string& initialResponse) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTHENTICATE " << mechName << " " << initialResponse;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::LIST(const string& refName, const string& mailboxName) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "LIST " << IMAPUtils::quoteString(refName)
+	    << " " << IMAPUtils::quoteString(mailboxName);
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::SELECT(
+	const bool readOnly,
+	const string& mailboxName,
+	const std::vector <string>& params
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	if (readOnly) {
+		cmd << "EXAMINE ";
+	} else {
+		cmd << "SELECT ";
+	}
+
+	cmd << IMAPUtils::quoteString(mailboxName);
+
+	if (!params.empty()) {
+
+		cmd << " (";
+
+		for (size_t i = 0, n = params.size() ; i < n ; ++i) {
+			if (i != 0) cmd << " ";
+			cmd << params[i];
+		}
+
+		cmd << ")";
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::STATUS(
+	const string& mailboxName,
+	const std::vector <string>& attribs
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "STATUS " << IMAPUtils::quoteString(mailboxName);
+
+	cmd << " (";
+
+	for (size_t i = 0, n = attribs.size() ; i < n ; ++i) {
+		if (i != 0) cmd << " ";
+		cmd << attribs[i];
+	}
+
+	cmd << ")";
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::CREATE(
+	const string& mailboxName,
+	const std::vector <string>& params
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "CREATE " << IMAPUtils::quoteString(mailboxName);
+
+	if (!params.empty()) {
+
+		cmd << " (";
+
+		for (size_t i = 0, n = params.size() ; i < n ; ++i) {
+			if (i != 0) cmd << " ";
+			cmd << params[i];
+		}
+
+		cmd << ")";
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::DELETE(const string& mailboxName) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "DELETE " << IMAPUtils::quoteString(mailboxName);
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::RENAME(
+	const string& mailboxName,
+	const string& newMailboxName
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "RENAME " << IMAPUtils::quoteString(mailboxName)
+	    << " " << IMAPUtils::quoteString(newMailboxName);
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::FETCH(
+	const messageSet& msgs,
+	const std::vector <string>& params
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	if (msgs.isUIDSet()) {
+		cmd << "UID FETCH " << IMAPUtils::messageSetToSequenceSet(msgs);
+	} else {
+		cmd << "FETCH " << IMAPUtils::messageSetToSequenceSet(msgs);
+	}
+
+	if (params.size() == 1) {
+
+		cmd << " " << params[0];
+
+	} else {
+
+		cmd << " (";
+
+		for (size_t i = 0, n = params.size() ; i < n ; ++i) {
+			if (i != 0) cmd << " ";
+			cmd << params[i];
+		}
+
+		cmd << ")";
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::STORE(
+	const messageSet& msgs,
+	const int mode,
+	const std::vector <string>& flags
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	if (msgs.isUIDSet()) {
+		cmd << "UID STORE " << IMAPUtils::messageSetToSequenceSet(msgs);
+	} else {
+		cmd << "STORE " << IMAPUtils::messageSetToSequenceSet(msgs);
+	}
+
+	if (mode == message::FLAG_MODE_ADD) {
+		cmd << " +FLAGS ";
+	} else if (mode == message::FLAG_MODE_REMOVE) {
+		cmd << " -FLAGS ";
+	} else { // if (mode == message::FLAG_MODE_SET)
+		cmd << " FLAGS ";
+	}
+
+	cmd << "(";
+
+	for (size_t i = 0, n = flags.size() ; i < n ; ++i) {
+		if (i != 0) cmd << " ";
+		cmd << flags[i];
+	}
+
+	cmd << ")";
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::APPEND(
+	const string& mailboxName,
+	const std::vector <string>& flags,
+	vmime::datetime* date,
+	const size_t size
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "APPEND " << IMAPUtils::quoteString(mailboxName);
+
+	if (!flags.empty()) {
+
+		cmd << " (";
+
+		for (size_t i = 0, n = flags.size() ; i < n ; ++i) {
+			if (i != 0) cmd << " ";
+			cmd << flags[i];
+		}
+
+		cmd << ")";
+	}
+
+	if (date != NULL) {
+		cmd << " " << IMAPUtils::dateTime(*date);
+	}
+
+	cmd << " {" << size << "}";
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::COPY(
+	const messageSet& msgs,
+	const string& mailboxName
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	if (msgs.isUIDSet()) {
+		cmd << "UID COPY " << IMAPUtils::messageSetToSequenceSet(msgs);
+	} else {
+		cmd << "COPY " << IMAPUtils::messageSetToSequenceSet(msgs);
+	}
+
+	cmd << " " << IMAPUtils::quoteString(mailboxName);
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::SEARCH(
+	const std::vector <string>& keys,
+	const vmime::charset* charset
+) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "SEARCH";
+
+	if (charset) {
+		cmd << " CHARSET " << charset->getName();
+	}
+
+	for (size_t i = 0, n = keys.size() ; i < n ; ++i) {
+		cmd << " " << keys[i];
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::STARTTLS() {
+
+	return createCommand("STARTTLS");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::CAPABILITY() {
+
+	return createCommand("CAPABILITY");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::NOOP() {
+
+	return createCommand("NOOP");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::EXPUNGE() {
+
+	return createCommand("EXPUNGE");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::CLOSE() {
+
+	return createCommand("CLOSE");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::LOGOUT() {
+
+	return createCommand("LOGOUT");
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPCommand::createCommand(
+	const string& text,
+	const string& traceText
+) {
+
+	if (traceText.empty()) {
+		return shared_ptr <IMAPCommand>(new IMAPCommand(text, text));
+	} else {
+		return shared_ptr <IMAPCommand>(new IMAPCommand(text, traceText));
+	}
+}
+
+
+const string IMAPCommand::getText() const {
+
+	return m_text;
+}
+
+
+const string IMAPCommand::getTraceText() const {
+
+	return m_traceText;
+}
+
+
+void IMAPCommand::send(const shared_ptr <IMAPConnection>& conn) {
+
+	conn->sendCommand(dynamicCast <IMAPCommand>(shared_from_this()));
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
diff --git a/vmime-master/src/vmime/net/imap/IMAPCommand.hpp b/vmime-master/src/vmime/net/imap/IMAPCommand.hpp
new file mode 100644
index 0000000..4915a57
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPCommand.hpp
@@ -0,0 +1,124 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPCOMMAND_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPCOMMAND_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/object.hpp"
+#include "vmime/base.hpp"
+#include "vmime/dateTime.hpp"
+
+#include "vmime/net/messageSet.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPConnection;
+
+
+/** An IMAP command that will be sent to the server.
+  */
+class VMIME_EXPORT IMAPCommand : public object, public enable_shared_from_this <IMAPCommand> {
+
+public:
+
+	static shared_ptr <IMAPCommand> LOGIN(const string& username, const string& password);
+	static shared_ptr <IMAPCommand> AUTHENTICATE(const string& mechName);
+	static shared_ptr <IMAPCommand> AUTHENTICATE(const string& mechName, const string& initialResponse);
+	static shared_ptr <IMAPCommand> LIST(const string& refName, const string& mailboxName);
+	static shared_ptr <IMAPCommand> SELECT(const bool readOnly, const string& mailboxName, const std::vector <string>& params);
+	static shared_ptr <IMAPCommand> STATUS(const string& mailboxName, const std::vector <string>& attribs);
+	static shared_ptr <IMAPCommand> CREATE(const string& mailboxName, const std::vector <string>& params);
+	static shared_ptr <IMAPCommand> DELETE(const string& mailboxName);
+	static shared_ptr <IMAPCommand> RENAME(const string& mailboxName, const string& newMailboxName);
+	static shared_ptr <IMAPCommand> FETCH(const messageSet& msgs, const std::vector <string>& params);
+	static shared_ptr <IMAPCommand> STORE(const messageSet& msgs, const int mode, const std::vector <string>& flags);
+	static shared_ptr <IMAPCommand> APPEND(const string& mailboxName, const std::vector <string>& flags, vmime::datetime* date, const size_t size);
+	static shared_ptr <IMAPCommand> COPY(const messageSet& msgs, const string& mailboxName);
+	static shared_ptr <IMAPCommand> SEARCH(const std::vector <string>& keys, const vmime::charset* charset);
+	static shared_ptr <IMAPCommand> STARTTLS();
+	static shared_ptr <IMAPCommand> CAPABILITY();
+	static shared_ptr <IMAPCommand> NOOP();
+	static shared_ptr <IMAPCommand> EXPUNGE();
+	static shared_ptr <IMAPCommand> CLOSE();
+	static shared_ptr <IMAPCommand> LOGOUT();
+
+	/** Creates a new IMAP command with the specified text.
+	  *
+	  * @param text command text
+	  * @param traceText trace text (if empty, command text is used)
+	  * @return a new IMAPCommand object
+	  */
+	static shared_ptr <IMAPCommand> createCommand(const string& text, const string& traceText = "");
+
+	/** Sends this command over the specified connection.
+	  *
+	  * @param conn connection onto which the command will be sent
+	  */
+	virtual void send(const shared_ptr <IMAPConnection>& conn);
+
+	/** Returns the full text of the command, including command name
+	  * and parameters (if any). This is the text that will be sent
+	  * to the server.
+	  *
+	  * @return command text (eg. "LOGIN myusername mypassword")
+	  */
+	virtual const string getText() const;
+
+	/** Returns the full text of the command, suitable for outputing
+	  * to the tracer.
+	  *
+	  * @return trace text (eg. "LOGIN {username} {password}")
+	  */
+	virtual const string getTraceText() const;
+
+protected:
+
+	IMAPCommand(const string& text, const string& traceText);
+	IMAPCommand(const IMAPCommand&);
+
+private:
+
+	string m_text;
+	string m_traceText;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPCOMMAND_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPConnection.cpp b/vmime-master/src/vmime/net/imap/IMAPConnection.cpp
new file mode 100644
index 0000000..df3da1c
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPConnection.cpp
@@ -0,0 +1,886 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPTag.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPUtils.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPCommand.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+#if VMIME_HAVE_SASL_SUPPORT
+	#include "vmime/security/sasl/SASLContext.hpp"
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "vmime/net/tls/TLSSession.hpp"
+	#include "vmime/net/tls/TLSSecuredConnectionInfos.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+#include <sstream>
+
+
+// Helpers for service properties
+#define GET_PROPERTY(type, prop) \
+	(m_store.lock()->getInfos().getPropertyValue <type>(getSession(), \
+		dynamic_cast <const IMAPServiceInfos&>(m_store.lock()->getInfos()).getProperties().prop))
+#define HAS_PROPERTY(prop) \
+	(m_store.lock()->getInfos().hasProperty(getSession(), \
+		dynamic_cast <const IMAPServiceInfos&>(m_store.lock()->getInfos()).getProperties().prop))
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPConnection::IMAPConnection(
+	const shared_ptr <IMAPStore>& store,
+	const shared_ptr <security::authenticator>& auth
+)
+	: m_store(store),
+	  m_auth(auth),
+	  m_socket(null),
+	  m_parser(null),
+	  m_tag(null),
+	  m_hierarchySeparator('\0'),
+	  m_state(STATE_NONE),
+	  m_timeoutHandler(null),
+	  m_secured(false),
+	  m_firstTag(true),
+	  m_capabilitiesFetched(false),
+	  m_noModSeq(false) {
+
+	static int connectionId = 0;
+
+	m_tag = make_shared <IMAPTag>();
+
+	if (store->getTracerFactory()) {
+		m_tracer = store->getTracerFactory()->create(store, ++connectionId);
+	}
+
+	m_parser = make_shared <IMAPParser>();
+	m_parser->setTracer(m_tracer);
+}
+
+
+IMAPConnection::~IMAPConnection() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		} else if (m_socket) {
+			internalDisconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void IMAPConnection::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	m_state = STATE_NONE;
+	m_hierarchySeparator = '\0';
+
+	const string address = GET_PROPERTY(string, PROPERTY_SERVER_ADDRESS);
+	const port_t port = GET_PROPERTY(port_t, PROPERTY_SERVER_PORT);
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	// Create the time-out handler
+	if (store->getTimeoutHandlerFactory()) {
+		m_timeoutHandler = store->getTimeoutHandlerFactory()->create();
+	}
+
+	// Create and connect the socket
+	m_socket = store->getSocketFactory()->create(m_timeoutHandler);
+	m_socket->setTracer(m_tracer);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (store->isIMAPS()) {  // dedicated port/IMAPS
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
+
+		shared_ptr <tls::TLSSocket> tlsSocket =
+			tlsSession->getSocket(m_socket);
+
+		m_socket = tlsSocket;
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(address, port, tlsSession, tlsSocket);
+
+	} else
+#endif // VMIME_HAVE_TLS_SUPPORT
+	{
+		m_cntInfos = make_shared <defaultConnectionInfos>(address, port);
+	}
+
+	m_socket->connect(address, port);
+
+
+	m_parser->setSocket(m_socket);
+	m_parser->setTimeoutHandler(m_timeoutHandler);
+
+
+	setState(STATE_NON_AUTHENTICATED);
+
+
+	// Connection greeting
+	//
+	// eg:  C: <connection to server>
+	// ---  S: * OK mydomain.org IMAP4rev1 v12.256 server ready
+
+	scoped_ptr <IMAPParser::greeting> greet(m_parser->readGreeting());
+	bool needAuth = false;
+
+	if (greet->resp_cond_bye) {
+
+		internalDisconnect();
+		throw exceptions::connection_greeting_error(greet->getErrorLog());
+
+	} else if (greet->resp_cond_auth->condition != IMAPParser::resp_cond_auth::PREAUTH) {
+
+		needAuth = true;
+	}
+
+	if (greet->resp_cond_auth->resp_text->resp_text_code &&
+	    greet->resp_cond_auth->resp_text->resp_text_code->capability_data) {
+
+		processCapabilityResponseData(greet->resp_cond_auth->resp_text->resp_text_code->capability_data.get());
+	}
+
+#if VMIME_HAVE_TLS_SUPPORT
+	// Setup secured connection, if requested
+	const bool tls = HAS_PROPERTY(PROPERTY_CONNECTION_TLS)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS);
+	const bool tlsRequired = HAS_PROPERTY(PROPERTY_CONNECTION_TLS_REQUIRED)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS_REQUIRED);
+
+	if (!store->isIMAPS() && tls) {  // only if not IMAPS
+
+		try {
+
+			startTLS();
+
+		// Non-fatal error
+		} catch (exceptions::command_error&) {
+
+			if (tlsRequired) {
+				m_state = STATE_NONE;
+				throw;
+			} else {
+				// TLS is not required, so don't bother
+			}
+
+		// Fatal error
+		} catch (...) {
+
+			m_state = STATE_NONE;
+			throw;
+		}
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	// Authentication
+	if (needAuth) {
+
+		try {
+
+			authenticate();
+
+		} catch (...) {
+
+			m_state = STATE_NONE;
+			throw;
+		}
+	}
+
+	// Get the hierarchy separator character
+	initHierarchySeparator();
+
+	// Switch to state "Authenticated"
+	setState(STATE_AUTHENTICATED);
+}
+
+
+void IMAPConnection::authenticate() {
+
+	getAuthenticator()->setService(m_store.lock());
+
+#if VMIME_HAVE_SASL_SUPPORT
+	// First, try SASL authentication
+	if (GET_PROPERTY(bool, PROPERTY_OPTIONS_SASL)) {
+
+		try {
+
+			authenticateSASL();
+			return;
+
+		} catch (exceptions::authentication_error&) {
+
+			if (!GET_PROPERTY(bool, PROPERTY_OPTIONS_SASL_FALLBACK)) {
+
+				// Can't fallback on normal authentication
+				internalDisconnect();
+				throw;
+
+			} else {
+
+				// Ignore, will try normal authentication
+			}
+
+		} catch (exception&) {
+
+			internalDisconnect();
+			throw;
+		}
+	}
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// Normal authentication
+	const string username = getAuthenticator()->getUsername();
+	const string password = getAuthenticator()->getPassword();
+
+	shared_ptr <IMAPConnection> conn = dynamicCast <IMAPConnection>(shared_from_this());
+	IMAPCommand::LOGIN(username, password)->send(conn);
+
+	scoped_ptr <IMAPParser::response> resp(m_parser->readResponse(*m_tag));
+
+	if (resp->isBad()) {
+
+		internalDisconnect();
+		throw exceptions::command_error("LOGIN", resp->getErrorLog());
+
+	} else if (resp->response_done->response_tagged->
+					resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		internalDisconnect();
+		throw exceptions::authentication_error(resp->getErrorLog());
+	}
+
+	// Server capabilities may change when logged in
+	if (!processCapabilityResponseData(resp.get())) {
+		invalidateCapabilities();
+	}
+}
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+void IMAPConnection::authenticateSASL() {
+
+	if (!dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())) {
+		throw exceptions::authentication_error("No SASL authenticator available.");
+	}
+
+	const std::vector <string> capa = getCapabilities();
+	std::vector <string> saslMechs;
+
+	for (unsigned int i = 0 ; i < capa.size() ; ++i) {
+
+		const string& x = capa[i];
+
+		if (x.length() > 5 &&
+		    (x[0] == 'A' || x[0] == 'a') &&
+		    (x[1] == 'U' || x[1] == 'u') &&
+		    (x[2] == 'T' || x[2] == 't') &&
+		    (x[3] == 'H' || x[3] == 'h') &&
+		    x[4] == '=') {
+
+			saslMechs.push_back(string(x.begin() + 5, x.end()));
+		}
+	}
+
+	if (saslMechs.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	std::vector <shared_ptr <security::sasl::SASLMechanism> > mechList;
+
+	shared_ptr <security::sasl::SASLContext> saslContext =
+		security::sasl::SASLContext::create();
+
+	for (unsigned int i = 0 ; i < saslMechs.size() ; ++i) {
+
+		try {
+			mechList.push_back(saslContext->createMechanism(saslMechs[i]));
+		} catch (exceptions::no_such_mechanism&) {
+			// Ignore mechanism
+		}
+	}
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try to suggest a mechanism among all those supported
+	shared_ptr <security::sasl::SASLMechanism> suggestedMech =
+		saslContext->suggestMechanism(mechList);
+
+	if (!suggestedMech) {
+		throw exceptions::authentication_error("Unable to suggest SASL mechanism.");
+	}
+
+	// Allow application to choose which mechanisms to use
+	mechList = dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())->
+		getAcceptableMechanisms(mechList, suggestedMech);
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try each mechanism in the list in turn
+	for (unsigned int i = 0 ; i < mechList.size() ; ++i) {
+
+		shared_ptr <security::sasl::SASLMechanism> mech = mechList[i];
+
+		shared_ptr <security::sasl::SASLSession> saslSession =
+			saslContext->createSession("imap", getAuthenticator(), mech);
+
+		saslSession->init();
+
+		shared_ptr <IMAPCommand> authCmd;
+
+		if (saslSession->getMechanism()->hasInitialResponse()) {
+
+			byte_t* initialResp = 0;
+			size_t initialRespLen = 0;
+
+			saslSession->evaluateChallenge(NULL, 0, &initialResp, &initialRespLen);
+
+			string encodedInitialResp(saslContext->encodeB64(initialResp, initialRespLen));
+			delete [] initialResp;
+
+			if (encodedInitialResp.empty()) {
+				authCmd = IMAPCommand::AUTHENTICATE(mech->getName(), "=");
+			} else {
+				authCmd = IMAPCommand::AUTHENTICATE(mech->getName(), encodedInitialResp);
+			}
+
+		} else {
+
+			authCmd = IMAPCommand::AUTHENTICATE(mech->getName());
+		}
+
+		authCmd->send(dynamicCast <IMAPConnection>(shared_from_this()));
+
+		for (bool cont = true ; cont ; ) {
+
+			scoped_ptr <IMAPParser::response> resp(m_parser->readResponse(*m_tag));
+
+			if (resp->response_done &&
+			    resp->response_done->response_tagged &&
+			    resp->response_done->response_tagged->resp_cond_state->
+			    	status == IMAPParser::resp_cond_state::OK) {
+
+				m_socket = saslSession->getSecuredSocket(m_socket);
+				return;
+
+			} else {
+
+				string response;
+				bool hasResponse = false;
+
+				for (auto &respData : resp->continue_req_or_response_data) {
+
+					if (respData->continue_req) {
+
+						response = respData->continue_req->resp_text->text;
+						hasResponse = true;
+						break;
+					}
+				}
+
+				if (!hasResponse) {
+					cont = false;
+					continue;
+				}
+
+				byte_t* challenge = 0;
+				size_t challengeLen = 0;
+
+				byte_t* resp = 0;
+				size_t respLen = 0;
+
+				try {
+
+					// Extract challenge
+					saslContext->decodeB64(response, &challenge, &challengeLen);
+
+					// Prepare response
+					saslSession->evaluateChallenge
+						(challenge, challengeLen, &resp, &respLen);
+
+					// Send response
+					const string respB64 = saslContext->encodeB64(resp, respLen) + "\r\n";
+					sendRaw(utility::stringUtils::bytesFromString(respB64), respB64.length());
+
+					if (m_tracer) {
+						m_tracer->traceSendBytes(respB64.length() - 2, "SASL exchange");
+					}
+
+					// Server capabilities may change when logged in
+					invalidateCapabilities();
+
+				} catch (exceptions::sasl_exception& e) {
+
+					if (challenge) {
+						delete [] challenge;
+						challenge = NULL;
+					}
+
+					if (resp) {
+						delete [] resp;
+						resp = NULL;
+					}
+
+					// Cancel SASL exchange
+					sendRaw(utility::stringUtils::bytesFromString("*\r\n"), 3);
+
+					if (m_tracer) {
+						m_tracer->traceSend("*");
+					}
+
+				} catch (...) {
+
+					if (challenge) {
+						delete [] challenge;
+					}
+
+					if (resp) {
+						delete [] resp;
+					}
+
+					throw;
+				}
+
+				if (challenge) {
+					delete [] challenge;
+				}
+
+				if (resp) {
+					delete [] resp;
+				}
+			}
+		}
+	}
+
+	throw exceptions::authentication_error("Could not authenticate using SASL: all mechanisms failed.");
+}
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+void IMAPConnection::startTLS() {
+
+	try {
+
+		IMAPCommand::STARTTLS()->send(dynamicCast <IMAPConnection>(shared_from_this()));
+
+		scoped_ptr <IMAPParser::response> resp(m_parser->readResponse(*m_tag));
+
+		if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+			throw exceptions::command_error("STARTTLS", resp->getErrorLog(), "bad response");
+		}
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create(
+			m_store.lock()->getCertificateVerifier(),
+			m_store.lock()->getSession()->getTLSProperties()
+		);
+
+		shared_ptr <tls::TLSSocket> tlsSocket = tlsSession->getSocket(m_socket);
+
+		tlsSocket->handshake();
+
+		m_socket = tlsSocket;
+		m_parser->setSocket(m_socket);
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(
+			m_cntInfos->getHost(), m_cntInfos->getPort(), tlsSession, tlsSocket
+		);
+
+		// " Once TLS has been started, the client MUST discard cached
+		//   information about server capabilities and SHOULD re-issue the
+		//   CAPABILITY command.  This is necessary to protect against
+		//   man-in-the-middle attacks which alter the capabilities list prior
+		//   to STARTTLS. " (RFC-2595)
+		invalidateCapabilities();
+
+	} catch (exceptions::command_error&) {
+
+		// Non-fatal error
+		throw;
+
+	} catch (exception&) {
+
+		// Fatal error
+		internalDisconnect();
+		throw;
+	}
+}
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+const std::vector <string> IMAPConnection::getCapabilities() {
+
+	if (!m_capabilitiesFetched) {
+		fetchCapabilities();
+	}
+
+	return m_capabilities;
+}
+
+
+bool IMAPConnection::hasCapability(const string& capa) {
+
+	if (!m_capabilitiesFetched) {
+		fetchCapabilities();
+	}
+
+	const string normCapa = utility::stringUtils::toUpper(capa);
+
+	for (size_t i = 0, n = m_capabilities.size() ; i < n ; ++i) {
+
+		if (m_capabilities[i] == normCapa) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+bool IMAPConnection::hasCapability(const string& capa) const {
+
+	const string normCapa = utility::stringUtils::toUpper(capa);
+
+	for (size_t i = 0, n = m_capabilities.size() ; i < n ; ++i) {
+
+		if (m_capabilities[i] == normCapa)
+			return true;
+	}
+
+	return false;
+}
+
+
+void IMAPConnection::invalidateCapabilities() {
+
+	m_capabilities.clear();
+	m_capabilitiesFetched = false;
+}
+
+
+void IMAPConnection::fetchCapabilities() {
+
+	IMAPCommand::CAPABILITY()->send(dynamicCast <IMAPConnection>(shared_from_this()));
+
+	scoped_ptr <IMAPParser::response> resp(m_parser->readResponse(*m_tag));
+
+	if (resp->response_done->response_tagged->
+			resp_cond_state->status == IMAPParser::resp_cond_state::OK) {
+
+		processCapabilityResponseData(resp.get());
+	}
+}
+
+
+bool IMAPConnection::processCapabilityResponseData(const IMAPParser::response* resp) {
+
+	for (auto &respData : resp->continue_req_or_response_data) {
+
+		if (respData->response_data == NULL) {
+			continue;
+		}
+
+		auto &capaData = respData->response_data->capability_data;
+
+		if (!capaData) {
+			continue;
+		}
+
+		processCapabilityResponseData(capaData.get());
+		return true;
+	}
+
+	return false;
+}
+
+
+void IMAPConnection::processCapabilityResponseData(const IMAPParser::capability_data* capaData) {
+
+	std::vector <string> res;
+
+	for (auto &cap : capaData->capabilities) {
+
+		if (cap->auth_type) {
+			res.push_back("AUTH=" + cap->auth_type->name);
+		} else {
+			res.push_back(utility::stringUtils::toUpper(cap->atom->value));
+		}
+	}
+
+	m_capabilities = res;
+	m_capabilitiesFetched = true;
+}
+
+
+shared_ptr <security::authenticator> IMAPConnection::getAuthenticator() {
+
+	return m_auth;
+}
+
+
+bool IMAPConnection::isConnected() const {
+
+	return m_socket
+	    && m_socket->isConnected()
+	    && (m_state == STATE_AUTHENTICATED || m_state == STATE_SELECTED);
+}
+
+
+bool IMAPConnection::isSecuredConnection() const {
+
+	return m_secured;
+}
+
+
+shared_ptr <connectionInfos> IMAPConnection::getConnectionInfos() const {
+
+	return m_cntInfos;
+}
+
+
+void IMAPConnection::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	internalDisconnect();
+}
+
+
+void IMAPConnection::internalDisconnect() {
+
+	if (isConnected()) {
+
+		IMAPCommand::LOGOUT()->send(dynamicCast <IMAPConnection>(shared_from_this()));
+
+		m_socket->disconnect();
+		m_socket = null;
+	}
+
+	m_timeoutHandler = null;
+
+	m_state = STATE_LOGOUT;
+
+	m_secured = false;
+	m_cntInfos = null;
+}
+
+
+void IMAPConnection::initHierarchySeparator() {
+
+	IMAPCommand::LIST("", "")->send(dynamicCast <IMAPConnection>(shared_from_this()));
+
+	scoped_ptr <IMAPParser::response> resp(m_parser->readResponse(*m_tag));
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		internalDisconnect();
+		throw exceptions::command_error("LIST", resp->getErrorLog(), "bad response");
+	}
+
+	const auto& respDataList = resp->continue_req_or_response_data;
+
+	bool found = false;
+
+	for (unsigned int i = 0 ; !found && i < respDataList.size() ; ++i) {
+
+		if (!respDataList[i]->response_data) {
+			continue;
+		}
+
+		auto &mailboxData = respDataList[i]->response_data->mailbox_data;
+
+		if (!mailboxData || mailboxData->type != IMAPParser::mailbox_data::LIST) {
+			continue;
+		}
+
+		if (mailboxData->mailbox_list->quoted_char != '\0') {
+			m_hierarchySeparator = mailboxData->mailbox_list->quoted_char;
+			found = true;
+		}
+	}
+
+	if (!found) {  // default
+		m_hierarchySeparator = '/';
+	}
+}
+
+
+void IMAPConnection::sendCommand(const shared_ptr <IMAPCommand>& cmd) {
+
+	if (!m_firstTag) {
+		++(*m_tag);
+	}
+
+	m_socket->send(*m_tag);
+	m_socket->send(" ");
+	m_socket->send(cmd->getText());
+	m_socket->send("\r\n");
+
+	m_firstTag = false;
+
+	if (m_tracer) {
+
+		std::ostringstream oss;
+		oss << string(*m_tag) << " " << cmd->getText();
+
+		m_tracer->traceSend(oss.str());
+	}
+}
+
+
+void IMAPConnection::sendRaw(const byte_t* buffer, const size_t count) {
+
+	m_socket->sendRaw(buffer, count);
+}
+
+
+IMAPParser::response* IMAPConnection::readResponse(IMAPParser::literalHandler* lh) {
+
+	return m_parser->readResponse(*m_tag, lh);
+}
+
+
+IMAPConnection::ProtocolStates IMAPConnection::state() const {
+
+	return m_state;
+}
+
+
+void IMAPConnection::setState(const ProtocolStates state) {
+
+	m_state = state;
+}
+
+
+char IMAPConnection::hierarchySeparator() const {
+
+	return m_hierarchySeparator;
+}
+
+
+shared_ptr <const IMAPStore> IMAPConnection::getStore() const {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <IMAPStore> IMAPConnection::getStore() {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <session> IMAPConnection::getSession() {
+
+	return m_store.lock()->getSession();
+}
+
+
+shared_ptr <const socket> IMAPConnection::getSocket() const {
+
+	return m_socket;
+}
+
+
+void IMAPConnection::setSocket(const shared_ptr <socket>& sok) {
+
+	m_socket = sok;
+	m_parser->setSocket(sok);
+}
+
+
+shared_ptr <tracer> IMAPConnection::getTracer() {
+
+	return m_tracer;
+}
+
+
+shared_ptr <IMAPTag> IMAPConnection::getTag() {
+
+	return m_tag;
+}
+
+
+bool IMAPConnection::isMODSEQDisabled() const {
+
+	return m_noModSeq;
+}
+
+
+void IMAPConnection::disableMODSEQ() {
+
+	m_noModSeq = true;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPConnection.hpp b/vmime-master/src/vmime/net/imap/IMAPConnection.hpp
new file mode 100644
index 0000000..99750d4
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPConnection.hpp
@@ -0,0 +1,172 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPCONNECTION_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPCONNECTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/tracer.hpp"
+#include "vmime/net/session.hpp"
+#include "vmime/net/connectionInfos.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+#include "vmime/security/authenticator.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPTag;
+class IMAPStore;
+class IMAPCommand;
+
+
+class VMIME_EXPORT IMAPConnection : public object, public enable_shared_from_this <IMAPConnection> {
+
+public:
+
+	IMAPConnection(const shared_ptr <IMAPStore>& store, const shared_ptr <security::authenticator>& auth);
+	~IMAPConnection();
+
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+
+	enum ProtocolStates {
+		STATE_NONE,
+		STATE_NON_AUTHENTICATED,
+		STATE_AUTHENTICATED,
+		STATE_SELECTED,
+		STATE_LOGOUT
+	};
+
+	ProtocolStates state() const;
+	void setState(const ProtocolStates state);
+
+
+	char hierarchySeparator() const;
+
+
+	void sendCommand(const shared_ptr <IMAPCommand>& cmd);
+	void sendRaw(const byte_t* buffer, const size_t count);
+
+	IMAPParser::response* readResponse(IMAPParser::literalHandler* lh = NULL);
+
+
+	shared_ptr <const IMAPStore> getStore() const;
+	shared_ptr <IMAPStore> getStore();
+
+	shared_ptr <session> getSession();
+
+	void fetchCapabilities();
+	void invalidateCapabilities();
+	const std::vector <string> getCapabilities();
+	bool hasCapability(const string& capa);
+	bool hasCapability(const string& capa) const;
+
+	shared_ptr <security::authenticator> getAuthenticator();
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+
+	shared_ptr <const socket> getSocket() const;
+	void setSocket(const shared_ptr <socket>& sok);
+
+	shared_ptr <tracer> getTracer();
+
+	shared_ptr <IMAPTag> getTag();
+
+	bool isMODSEQDisabled() const;
+	void disableMODSEQ();
+
+private:
+
+	void authenticate();
+#if VMIME_HAVE_SASL_SUPPORT
+	void authenticateSASL();
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	void startTLS();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	bool processCapabilityResponseData(const IMAPParser::response* resp);
+	void processCapabilityResponseData(const IMAPParser::capability_data* capaData);
+
+
+	weak_ptr <IMAPStore> m_store;
+
+	shared_ptr <security::authenticator> m_auth;
+
+	shared_ptr <socket> m_socket;
+
+	shared_ptr <IMAPParser> m_parser;
+
+	shared_ptr <IMAPTag> m_tag;
+
+	char m_hierarchySeparator;
+
+	ProtocolStates m_state;
+
+	shared_ptr <timeoutHandler> m_timeoutHandler;
+
+	bool m_secured;
+	shared_ptr <connectionInfos> m_cntInfos;
+
+	bool m_firstTag;
+
+	std::vector <string> m_capabilities;
+	bool m_capabilitiesFetched;
+
+	bool m_noModSeq;
+
+	shared_ptr <tracer> m_tracer;
+
+
+	void internalDisconnect();
+
+	void initHierarchySeparator();
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPCONNECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPFolder.cpp b/vmime-master/src/vmime/net/imap/IMAPFolder.cpp
new file mode 100644
index 0000000..98bc05d
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPFolder.cpp
@@ -0,0 +1,1622 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPFolder.hpp"
+
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPParser.hpp"
+#include "vmime/net/imap/IMAPMessage.hpp"
+#include "vmime/net/imap/IMAPUtils.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+#include "vmime/net/imap/IMAPCommand.hpp"
+
+#include "vmime/message.hpp"
+
+#include "vmime/exception.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include <algorithm>
+#include <sstream>
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPFolder::IMAPFolder(
+	const folder::path& path,
+	const shared_ptr <IMAPStore>& store,
+	const shared_ptr <folderAttributes>& attribs
+)
+	: m_store(store),
+	  m_connection(store->connection()),
+	  m_path(path),
+	  m_name(path.isEmpty() ? folder::path::component("") : path.getLastComponent()),
+	  m_mode(-1),
+	  m_open(false),
+	  m_attribs(attribs) {
+
+	store->registerFolder(this);
+
+	m_status = make_shared <IMAPFolderStatus>();
+}
+
+
+IMAPFolder::~IMAPFolder() {
+
+	try {
+
+		shared_ptr <IMAPStore> store = m_store.lock();
+
+		if (store) {
+
+			if (m_open) {
+				close(false);
+			}
+
+			store->unregisterFolder(this);
+
+		} else if (m_open) {
+
+			m_connection = null;
+			onClose();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+int IMAPFolder::getMode() const {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_mode;
+}
+
+
+const folderAttributes IMAPFolder::getAttributes() {
+
+	// Root folder
+	if (m_path.isEmpty()) {
+
+		folderAttributes attribs;
+		attribs.setType(folderAttributes::TYPE_CONTAINS_FOLDERS);
+		attribs.setFlags(folderAttributes::FLAG_HAS_CHILDREN | folderAttributes::FLAG_NO_OPEN);
+
+		return attribs;
+
+	} else {
+
+		if (!m_attribs) {
+			testExistAndGetType();
+		}
+
+		return *m_attribs;
+	}
+}
+
+
+const folder::path::component IMAPFolder::getName() const {
+
+	return m_name;
+}
+
+
+const folder::path IMAPFolder::getFullPath() const {
+
+	return m_path;
+}
+
+
+void IMAPFolder::open(const int mode, bool failIfModeIsNotAvailable) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	// Ensure this folder is not already open in the same session
+	for (std::list <IMAPFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && (*it)->getFullPath() == m_path) {
+			throw exceptions::folder_already_open();
+		}
+	}
+
+	// Open a connection for this folder
+	shared_ptr <IMAPConnection> connection =
+		make_shared <IMAPConnection>(store, store->getAuthenticator());
+
+	try {
+
+		connection->connect();
+
+		// Emit the "SELECT" command
+		//
+		// Example:  C: A142 SELECT INBOX
+		//           S: * 172 EXISTS
+		//           S: * 1 RECENT
+		//           S: * OK [UNSEEN 12] Message 12 is first unseen
+		//           S: * OK [UIDVALIDITY 3857529045] UIDs valid
+		//           S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
+		//           S: * OK [PERMANENTFLAGS (\Deleted \Seen \*)] Limited
+		//           S: A142 OK [READ-WRITE] SELECT completed
+
+		std::vector <string> selectParams;
+
+		if (m_connection->hasCapability("CONDSTORE")) {
+			selectParams.push_back("CONDSTORE");
+		}
+
+		IMAPCommand::SELECT(
+			mode == MODE_READ_ONLY,
+			IMAPUtils::pathToString(connection->hierarchySeparator(), getFullPath()),
+			selectParams
+		)->send(connection);
+
+		// Read the response
+		scoped_ptr <IMAPParser::response> resp(connection->readResponse());
+
+		if (resp->isBad() || resp->response_done->response_tagged->
+				resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+			throw exceptions::command_error("SELECT", resp->getErrorLog(), "bad response");
+		}
+
+		auto &respDataList = resp->continue_req_or_response_data;
+
+		for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+			auto *responseData = (*it)->response_data.get();
+
+			if (!responseData) {
+				throw exceptions::command_error("SELECT", resp->getErrorLog(), "invalid response");
+			}
+
+			// OK Untagged responses: UNSEEN, PERMANENTFLAGS, UIDVALIDITY (optional)
+			if (responseData->resp_cond_state) {
+
+				auto *code = responseData->resp_cond_state->resp_text->resp_text_code.get();
+
+				if (code) {
+
+					switch (code->type) {
+
+						case IMAPParser::resp_text_code::NOMODSEQ:
+
+							connection->disableMODSEQ();
+							break;
+
+						default:
+
+							break;
+					}
+				}
+
+			// Untagged responses: FLAGS, EXISTS, RECENT (required)
+			} else if (responseData->mailbox_data) {
+
+				switch (responseData->mailbox_data->type) {
+
+					default: break;
+
+					case IMAPParser::mailbox_data::FLAGS: {
+
+						if (!m_attribs) {
+							m_attribs = make_shared <folderAttributes>();
+						}
+
+						IMAPUtils::mailboxFlagsToFolderAttributes(
+							connection,
+							m_path,
+							*responseData->mailbox_data->mailbox_flag_list,
+							*m_attribs
+						);
+
+						break;
+					}
+				}
+			}
+		}
+
+		processStatusUpdate(resp.get());
+
+		// Check for access mode (read-only or read-write)
+		auto *respTextCode = resp->response_done->response_tagged->resp_cond_state->resp_text->resp_text_code.get();
+
+		if (respTextCode) {
+
+			const int openMode =
+				(respTextCode->type == IMAPParser::resp_text_code::READ_WRITE)
+					? MODE_READ_WRITE
+					: MODE_READ_ONLY;
+
+			if (failIfModeIsNotAvailable &&
+			    mode == MODE_READ_WRITE && openMode == MODE_READ_ONLY) {
+
+				throw exceptions::operation_not_supported();
+			}
+		}
+
+		m_connection = connection;
+		m_open = true;
+		m_mode = mode;
+
+	} catch (std::exception&) {
+
+		throw;
+	}
+}
+
+
+void IMAPFolder::close(const bool expunge) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	shared_ptr <IMAPConnection> oldConnection = m_connection;
+
+	// Emit the "CLOSE" command to expunge messages marked
+	// as deleted (this is fastest than "EXPUNGE")
+	if (expunge) {
+
+		if (m_mode == MODE_READ_ONLY) {
+			throw exceptions::operation_not_supported();
+		}
+
+		IMAPCommand::CLOSE()->send(oldConnection);
+	}
+
+	// Close this folder connection
+	oldConnection->disconnect();
+
+	// Now use default store connection
+	m_connection = m_store.lock()->connection();
+
+	m_open = false;
+	m_mode = -1;
+
+	m_status = make_shared <IMAPFolderStatus>();
+
+	onClose();
+}
+
+
+void IMAPFolder::onClose() {
+
+	for (std::vector <IMAPMessage*>::iterator it = m_messages.begin() ;
+	     it != m_messages.end() ; ++it) {
+
+		(*it)->onFolderClosed();
+	}
+
+	m_messages.clear();
+}
+
+
+void IMAPFolder::create(const folderAttributes& attribs) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (isOpen()) {
+		throw exceptions::illegal_state("Folder is open");
+	} else if (exists()) {
+		throw exceptions::illegal_state("Folder already exists");
+	} else if (!store->isValidFolderName(m_name)) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	// Emit the "CREATE" command
+	//
+	// Example:   C: A003 CREATE owatagusiam/
+	//            S: A003 OK CREATE completed
+	//            C: A004 CREATE owatagusiam/blurdybloop
+	//            S: A004 OK CREATE completed
+
+	string mailbox = IMAPUtils::pathToString
+		(m_connection->hierarchySeparator(), getFullPath());
+
+	if (attribs.getType() & folderAttributes::TYPE_CONTAINS_FOLDERS) {
+		mailbox += m_connection->hierarchySeparator();
+	}
+
+	std::vector <string> createParams;
+
+	if (attribs.getSpecialUse() != folderAttributes::SPECIALUSE_NONE) {
+
+		if (!m_connection->hasCapability("CREATE-SPECIAL-USE")) {
+			throw exceptions::operation_not_supported();
+		}
+
+		// C: t2 CREATE MySpecial (USE (\Drafts \Sent))
+		std::ostringstream oss;
+		oss << "USE (";
+
+		switch (attribs.getSpecialUse()) {
+
+			case folderAttributes::SPECIALUSE_NONE:      // should not happen
+			case folderAttributes::SPECIALUSE_ALL:       oss << "\\All"; break;
+			case folderAttributes::SPECIALUSE_ARCHIVE:   oss << "\\Archive"; break;
+			case folderAttributes::SPECIALUSE_DRAFTS:    oss << "\\Drafts"; break;
+			case folderAttributes::SPECIALUSE_FLAGGED:   oss << "\\Flagged"; break;
+			case folderAttributes::SPECIALUSE_JUNK:      oss << "\\Junk"; break;
+			case folderAttributes::SPECIALUSE_SENT:      oss << "\\Sent"; break;
+			case folderAttributes::SPECIALUSE_TRASH:     oss << "\\Trash"; break;
+			case folderAttributes::SPECIALUSE_IMPORTANT: oss << "\\Important"; break;
+		}
+
+		oss << ")";
+
+		createParams.push_back(oss.str());
+	}
+
+	IMAPCommand::CREATE(mailbox, createParams)->send(m_connection);
+
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("CREATE", resp->getErrorLog(), "bad response");
+	}
+
+	// Notify folder created
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_CREATED,
+			m_path, m_path
+		);
+
+	notifyFolder(event);
+}
+
+
+void IMAPFolder::destroy() {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (isOpen()) {
+		throw exceptions::illegal_state("Folder is open");
+	}
+
+	const string mailbox = IMAPUtils::pathToString(
+		m_connection->hierarchySeparator(), getFullPath()
+	);
+
+	IMAPCommand::DELETE(mailbox)->send(m_connection);
+
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("DELETE", resp->getErrorLog(), "bad response");
+	}
+
+	// Notify folder deleted
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_DELETED,
+			m_path, m_path
+		);
+
+	notifyFolder(event);
+}
+
+
+bool IMAPFolder::exists() {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!isOpen() && !store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	return testExistAndGetType() != -1;
+}
+
+
+int IMAPFolder::testExistAndGetType() {
+
+	// To test whether a folder exists, we simple list it using
+	// the "LIST" command, and there should be one unique mailbox
+	// with this name...
+	//
+	// Eg. Test whether '/foo/bar' exists
+	//
+	//     C: a005 list "" foo/bar
+	//     S: * LIST (\NoSelect) "/" foo/bar
+	//     S: a005 OK LIST completed
+	//
+	// ==> OK, exists
+	//
+	// Test whether '/foo/bar/zap' exists
+	//
+	//     C: a005 list "" foo/bar/zap
+	//     S: a005 OK LIST completed
+	//
+	// ==> NO, does not exist
+
+	IMAPCommand::LIST(
+		"",
+		IMAPUtils::pathToString(
+			m_connection->hierarchySeparator(),
+			getFullPath()
+		)
+	)->send(m_connection);
+
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("LIST", resp->getErrorLog(), "bad response");
+	}
+
+	// Check whether the result mailbox list contains this folder
+	auto& respDataList = resp->continue_req_or_response_data;
+
+	folderAttributes attribs;
+	attribs.setType(-1);
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if (!(*it)->response_data) {
+			throw exceptions::command_error("LIST", resp->getErrorLog(), "invalid response");
+		}
+
+		auto *mailboxData = (*it)->response_data->mailbox_data.get();
+
+		// We are only interested in responses of type "LIST"
+		if (mailboxData &&
+		    mailboxData->type == IMAPParser::mailbox_data::LIST) {
+
+			// Get the folder type/flags at the same time
+			IMAPUtils::mailboxFlagsToFolderAttributes(
+				m_connection,
+				m_path,
+				*mailboxData->mailbox_list->mailbox_flag_list,
+				attribs
+			);
+		}
+	}
+
+	m_attribs = make_shared <folderAttributes>(attribs);
+
+	return m_attribs->getType();
+}
+
+
+bool IMAPFolder::isOpen() const {
+
+	return m_open;
+}
+
+
+shared_ptr <message> IMAPFolder::getMessage(const size_t num) {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (num < 1 || num > m_status->getMessageCount()) {
+		throw exceptions::message_not_found();
+	}
+
+	return make_shared <IMAPMessage>(dynamicCast <IMAPFolder>(shared_from_this()), num);
+}
+
+
+std::vector <shared_ptr <message> > IMAPFolder::getMessages(const messageSet& msgs) {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msgs.isEmpty()) {
+		return std::vector <shared_ptr <message> >();
+	}
+
+	std::vector <shared_ptr <message> > messages;
+
+	// Sequence number message set:
+	//     C: . FETCH uuuu1,uuuu2,uuuu3 UID
+	//     S: * nnnn1 FETCH (UID uuuu1)
+	//     S: * nnnn2 FETCH (UID uuuu2)
+	//     S: * nnnn3 FETCH (UID uuuu3)
+	//     S: . OK FETCH completed
+
+	// UID message set:
+	//     C: . UID FETCH uuuu1,uuuu2,uuuu3 UID
+	//     S: * nnnn1 FETCH (UID uuuu1)
+	//     S: * nnnn2 FETCH (UID uuuu2)
+	//     S: * nnnn3 FETCH (UID uuuu3)
+	//     S: . OK UID FETCH completed
+
+	std::vector <string> params;
+	params.push_back("UID");
+
+	IMAPCommand::FETCH(msgs, params)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("UID FETCH ... UID", resp->getErrorLog(), "bad response");
+	}
+
+	// Process the response
+	auto &respDataList = resp->continue_req_or_response_data;
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if (!(*it)->response_data) {
+			throw exceptions::command_error("UID FETCH ... UID", resp->getErrorLog(), "invalid response");
+		}
+
+		auto *messageData = (*it)->response_data->message_data.get();
+
+		// We are only interested in responses of type "FETCH"
+		if (!messageData || messageData->type != IMAPParser::message_data::FETCH) {
+			continue;
+		}
+
+		// Find UID in message attributes
+		const size_t msgNum = messageData->number;
+		message::uid msgUID;
+
+		for (auto &att : messageData->msg_att->items) {
+
+			if (att->type == IMAPParser::msg_att_item::UID) {
+				msgUID = att->uniqueid->value;
+				break;
+			}
+		}
+
+		if (!msgUID.empty()) {
+			shared_ptr <IMAPFolder> thisFolder = dynamicCast <IMAPFolder>(shared_from_this());
+			messages.push_back(make_shared <IMAPMessage>(thisFolder, msgNum, msgUID));
+		}
+	}
+
+	return messages;
+}
+
+
+size_t IMAPFolder::getMessageCount() {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_status->getMessageCount();
+}
+
+
+vmime_uint32 IMAPFolder::getUIDValidity() const {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_status->getUIDValidity();
+}
+
+
+vmime_uint64 IMAPFolder::getHighestModSequence() const {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_status->getHighestModSeq();
+}
+
+
+shared_ptr <folder> IMAPFolder::getFolder(const folder::path::component& name) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	return make_shared <IMAPFolder>(m_path / name, store, shared_ptr <folderAttributes>());
+}
+
+
+std::vector <shared_ptr <folder> > IMAPFolder::getFolders(const bool recursive) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!isOpen() && !store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	// Eg. List folders in '/foo/bar'
+	//
+	//     C: a005 list "foo/bar" *
+	//     S: * LIST (\NoSelect) "/" foo/bar
+	//     S: * LIST (\NoInferiors) "/" foo/bar/zap
+	//     S: a005 OK LIST completed
+
+	shared_ptr <IMAPCommand> cmd;
+
+	const string pathString = IMAPUtils::pathToString(
+		m_connection->hierarchySeparator(), getFullPath()
+	);
+
+	if (recursive) {
+
+		cmd = IMAPCommand::LIST(pathString, "*");
+
+	} else {
+
+		cmd = IMAPCommand::LIST(
+			pathString.empty()
+				? ""
+				: (pathString + m_connection->hierarchySeparator()),
+			"%"
+		);
+	}
+
+	cmd->send(m_connection);
+
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("LIST", resp->getErrorLog(), "bad response");
+	}
+
+	auto &respDataList = resp->continue_req_or_response_data;
+
+	std::vector <shared_ptr <folder> > v;
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if (!(*it)->response_data) {
+			throw exceptions::command_error("LIST", resp->getErrorLog(), "invalid response");
+		}
+
+		auto *mailboxData = (*it)->response_data->mailbox_data.get();
+
+		if (!mailboxData || mailboxData->type != IMAPParser::mailbox_data::LIST) {
+			continue;
+		}
+
+		// Get folder path
+		auto &mailbox = mailboxData->mailbox_list->mailbox;
+
+		folder::path path = IMAPUtils::stringToPath(
+			mailboxData->mailbox_list->quoted_char, mailbox->name
+		);
+
+		if (recursive || m_path.isDirectParentOf(path)) {
+
+			// Append folder to list
+			shared_ptr <folderAttributes> attribs = make_shared <folderAttributes>();
+
+			IMAPUtils::mailboxFlagsToFolderAttributes(
+				m_connection,
+				path,
+				*mailboxData->mailbox_list->mailbox_flag_list,
+				*attribs
+			);
+
+			v.push_back(make_shared <IMAPFolder>(path, store, attribs));
+		}
+	}
+
+	return v;
+}
+
+
+void IMAPFolder::fetchMessages(
+	std::vector <shared_ptr <message> >& msg,
+	const fetchAttributes& options,
+	utility::progressListener* progress
+) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msg.empty()) {
+		return;
+	}
+
+	// Build message numbers list
+	std::vector <size_t> list;
+	list.reserve(msg.size());
+
+	std::map <size_t, shared_ptr <IMAPMessage> > numberToMsg;
+
+	for (std::vector <shared_ptr <message> >::iterator it = msg.begin() ; it != msg.end() ; ++it) {
+
+		list.push_back((*it)->getNumber());
+		numberToMsg[(*it)->getNumber()] = dynamicCast <IMAPMessage>(*it);
+	}
+
+	// Send the request
+	IMAPUtils::buildFetchCommand(
+		m_connection, messageSet::byNumber(list), options
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("FETCH", resp->getErrorLog(), "bad response");
+	}
+
+	auto &respDataList = resp->continue_req_or_response_data;
+
+	const size_t total = msg.size();
+	size_t current = 0;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	try {
+
+		for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+			if (!(*it)->response_data) {
+				throw exceptions::command_error("FETCH", resp->getErrorLog(), "invalid response");
+			}
+
+			auto *messageData = (*it)->response_data->message_data.get();
+
+			// We are only interested in responses of type "FETCH"
+			if (!messageData || messageData->type != IMAPParser::message_data::FETCH) {
+				continue;
+			}
+
+			// Process fetch response for this message
+			const size_t num = messageData->number;
+
+			std::map <size_t, shared_ptr <IMAPMessage> >::iterator msg = numberToMsg.find(num);
+
+			if (msg != numberToMsg.end()) {
+
+				(*msg).second->processFetchResponse(options, *messageData);
+
+				if (progress) {
+					progress->progress(++current, total);
+				}
+			}
+		}
+
+	} catch (...) {
+
+		if (progress) {
+			progress->stop(total);
+		}
+
+		throw;
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+
+	processStatusUpdate(resp.get());
+}
+
+
+void IMAPFolder::fetchMessage(const shared_ptr <message>& msg, const fetchAttributes& options) {
+
+	std::vector <shared_ptr <message> > msgs;
+	msgs.push_back(msg);
+
+	fetchMessages(msgs, options, /* progress */ NULL);
+}
+
+
+std::vector <shared_ptr <message> > IMAPFolder::getAndFetchMessages(
+	const messageSet& msgs,
+	const fetchAttributes& attribs
+) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msgs.isEmpty()) {
+		return std::vector <shared_ptr <message> >();
+	}
+
+	// Ensure we also get the UID for each message
+	fetchAttributes attribsWithUID(attribs);
+	attribsWithUID.add(fetchAttributes::UID);
+
+	// Send the request
+	IMAPUtils::buildFetchCommand(m_connection, msgs, attribsWithUID)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("FETCH", resp->getErrorLog(), "bad response");
+	}
+
+	auto &respDataList = resp->continue_req_or_response_data;
+
+	std::vector <shared_ptr <message> > messages;
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if (!(*it)->response_data) {
+			throw exceptions::command_error("FETCH", resp->getErrorLog(), "invalid response");
+		}
+
+		auto *messageData = (*it)->response_data->message_data.get();
+
+		// We are only interested in responses of type "FETCH"
+		if (!messageData || messageData->type != IMAPParser::message_data::FETCH) {
+			continue;
+		}
+
+		// Get message number
+		const size_t msgNum = messageData->number;
+
+		// Get message UID
+		message::uid msgUID;
+
+		for (auto &att : messageData->msg_att->items) {
+
+			if (att->type == IMAPParser::msg_att_item::UID) {
+				msgUID = att->uniqueid->value;
+				break;
+			}
+		}
+
+		// Create a new message reference
+		shared_ptr <IMAPFolder> thisFolder = dynamicCast <IMAPFolder>(shared_from_this());
+		shared_ptr <IMAPMessage> msg = make_shared <IMAPMessage>(thisFolder, msgNum, msgUID);
+
+		messages.push_back(msg);
+
+		// Process fetch response for this message
+		msg->processFetchResponse(attribsWithUID, *messageData);
+	}
+
+	processStatusUpdate(resp.get());
+
+	return messages;
+}
+
+
+int IMAPFolder::getFetchCapabilities() const {
+
+	return fetchAttributes::ENVELOPE | fetchAttributes::CONTENT_INFO |
+	       fetchAttributes::STRUCTURE | fetchAttributes::FLAGS |
+	       fetchAttributes::SIZE | fetchAttributes::FULL_HEADER |
+	       fetchAttributes::UID | fetchAttributes::IMPORTANCE;
+}
+
+
+shared_ptr <folder> IMAPFolder::getParent() {
+
+	if (m_path.isEmpty()) {
+
+		return null;
+
+	} else {
+
+		return make_shared <IMAPFolder>(
+			m_path.getParent(), m_store.lock(), shared_ptr <folderAttributes>()
+		);
+	}
+}
+
+
+shared_ptr <const store> IMAPFolder::getStore() const {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <store> IMAPFolder::getStore() {
+
+	return m_store.lock();
+}
+
+
+void IMAPFolder::registerMessage(IMAPMessage* msg) {
+
+	m_messages.push_back(msg);
+}
+
+
+void IMAPFolder::unregisterMessage(IMAPMessage* msg) {
+
+	std::vector <IMAPMessage*>::iterator it =
+		std::find(m_messages.begin(), m_messages.end(), msg);
+
+	if (it != m_messages.end()) {
+		m_messages.erase(it);
+	}
+}
+
+
+void IMAPFolder::onStoreDisconnected() {
+
+	m_store.reset();
+}
+
+
+void IMAPFolder::deleteMessages(const messageSet& msgs) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (msgs.isEmpty()) {
+		throw exceptions::invalid_argument();
+	}
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	// Send the request
+	IMAPCommand::STORE(
+		msgs, message::FLAG_MODE_ADD,
+		IMAPUtils::messageFlagList(message::FLAG_DELETED)
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("STORE", resp->getErrorLog(), "bad response");
+	}
+
+	processStatusUpdate(resp.get());
+}
+
+
+void IMAPFolder::setMessageFlags(
+	const messageSet& msgs,
+	const int flags,
+	const int mode
+) {
+
+	const std::vector <string> flagList = IMAPUtils::messageFlagList(flags);
+
+	if ((mode == message::FLAG_MODE_SET) || !flagList.empty()) {
+
+		// Send the request
+		IMAPCommand::STORE(msgs, mode, flagList)->send(m_connection);
+
+		// Get the response
+		scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+		if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+			throw exceptions::command_error("STORE", resp->getErrorLog(), "bad response");
+		}
+
+		processStatusUpdate(resp.get());
+	}
+}
+
+
+messageSet IMAPFolder::addMessage(
+	const shared_ptr <vmime::message>& msg,
+	const int flags,
+	vmime::datetime* date,
+	utility::progressListener* progress
+) {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter ossAdapter(oss);
+
+	msg->generate(ossAdapter);
+
+	const string& str = oss.str();
+	utility::inputStreamStringAdapter strAdapter(str);
+
+	return addMessage(strAdapter, str.length(), flags, date, progress);
+}
+
+
+messageSet IMAPFolder::addMessage(
+	utility::inputStream& is,
+	const size_t size,
+	const int flags,
+	vmime::datetime* date,
+	utility::progressListener* progress
+) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	// Send the request
+	IMAPCommand::APPEND(
+		IMAPUtils::pathToString(m_connection->hierarchySeparator(), getFullPath()),
+		IMAPUtils::messageFlagList(flags), date, size
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	bool ok = false;
+	auto &respList = resp->continue_req_or_response_data;
+
+	for (auto it = respList.begin() ; !ok && (it != respList.end()) ; ++it) {
+
+		if ((*it)->continue_req) {
+			ok = true;
+		}
+	}
+
+	if (!ok) {
+		throw exceptions::command_error("APPEND", resp->getErrorLog(), "bad response");
+	}
+
+	processStatusUpdate(resp.get());
+
+	// Send message data
+	const size_t total = size;
+	size_t current = 0;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	const size_t blockSize = std::min(
+		is.getBlockSize(),
+		static_cast <size_t>(m_connection->getSocket()->getBlockSize())
+	);
+
+	std::vector <byte_t> vbuffer(blockSize);
+	byte_t* buffer = &vbuffer.front();
+
+	while (!is.eof()) {
+
+		// Read some data from the input stream
+		const size_t read = is.read(buffer, blockSize);
+		current += read;
+
+		// Put read data into socket output stream
+		m_connection->sendRaw(buffer, read);
+
+		// Notify progress
+		if (progress) {
+			progress->progress(current, total);
+		}
+	}
+
+	m_connection->sendRaw(utility::stringUtils::bytesFromString("\r\n"), 2);
+
+	if (m_connection->getTracer()) {
+		m_connection->getTracer()->traceSendBytes(current);
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> finalResp(m_connection->readResponse());
+
+	if (finalResp->isBad() || finalResp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("APPEND", resp->getErrorLog(), "bad response");
+	}
+
+	processStatusUpdate(finalResp.get());
+
+	auto *respTextCode =
+		finalResp->response_done->response_tagged->resp_cond_state->resp_text->resp_text_code.get();
+
+	if (respTextCode && respTextCode->type == IMAPParser::resp_text_code::APPENDUID) {
+		return IMAPUtils::buildMessageSet(*respTextCode->uid_set);
+	}
+
+	return messageSet::empty();
+}
+
+
+void IMAPFolder::expunge() {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	// Send the request
+	IMAPCommand::EXPUNGE()->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("EXPUNGE", resp->getErrorLog(), "bad response");
+	}
+
+	processStatusUpdate(resp.get());
+}
+
+
+void IMAPFolder::rename(const folder::path& newPath) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (m_path.isEmpty() || newPath.isEmpty()) {
+		throw exceptions::illegal_operation("Cannot rename root folder");
+	} else if (m_path.getSize() == 1 && m_name.getBuffer() == "INBOX") {
+		throw exceptions::illegal_operation("Cannot rename 'INBOX' folder");
+	} else if (!store->isValidFolderName(newPath.getLastComponent())) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	// Send the request
+	IMAPCommand::RENAME(
+		IMAPUtils::pathToString(m_connection->hierarchySeparator(), getFullPath()),
+		IMAPUtils::pathToString(m_connection->hierarchySeparator(), newPath)
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("RENAME", resp->getErrorLog(), "bad response");
+	}
+
+	// Notify folder renamed
+	folder::path oldPath(m_path);
+
+	m_path = newPath;
+	m_name = newPath.getLastComponent();
+
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_RENAMED,
+			oldPath,
+			newPath
+		);
+
+	notifyFolder(event);
+
+	// Notify sub-folders
+	for (std::list <IMAPFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && oldPath.isParentOf((*it)->getFullPath())) {
+
+			folder::path oldPath((*it)->m_path);
+
+			(*it)->m_path.renameParent(oldPath, newPath);
+
+			shared_ptr <events::folderEvent> event =
+				make_shared <events::folderEvent>(
+					dynamicCast <folder>((*it)->shared_from_this()),
+					events::folderEvent::TYPE_RENAMED,
+					oldPath, (*it)->m_path
+				);
+
+			(*it)->notifyFolder(event);
+		}
+	}
+
+	processStatusUpdate(resp.get());
+}
+
+
+messageSet IMAPFolder::copyMessages(const folder::path& dest, const messageSet& set) {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	// Send the request
+	IMAPCommand::COPY(
+		set,
+		IMAPUtils::pathToString(m_connection->hierarchySeparator(), dest)
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("COPY", resp->getErrorLog(), "bad response");
+	}
+
+	processStatusUpdate(resp.get());
+
+	auto *respTextCode =
+		resp->response_done->response_tagged->resp_cond_state->resp_text->resp_text_code.get();
+
+	if (respTextCode && respTextCode->type == IMAPParser::resp_text_code::COPYUID) {
+		return IMAPUtils::buildMessageSet(*respTextCode->uid_set2);
+	}
+
+	return messageSet::empty();
+}
+
+
+void IMAPFolder::status(size_t& count, size_t& unseen) {
+
+	count = 0;
+	unseen = 0;
+
+	shared_ptr <folderStatus> status = getStatus();
+
+	count = status->getMessageCount();
+	unseen = status->getUnseenCount();
+}
+
+
+shared_ptr <folderStatus> IMAPFolder::getStatus() {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	// Build the attributes list
+	std::vector <string> attribs;
+
+	attribs.push_back("MESSAGES");
+	attribs.push_back("UNSEEN");
+	attribs.push_back("UIDNEXT");
+	attribs.push_back("UIDVALIDITY");
+
+	if (m_connection->hasCapability("CONDSTORE")) {
+		attribs.push_back("HIGHESTMODSEQ");
+	}
+
+	// Send the request
+	IMAPCommand::STATUS(
+		IMAPUtils::pathToString(m_connection->hierarchySeparator(), getFullPath()),
+		attribs
+	)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("STATUS", resp->getErrorLog(), "bad response");
+	}
+
+	auto &respDataList = resp->continue_req_or_response_data;
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if ((*it)->response_data) {
+
+			auto &responseData = (*it)->response_data;
+
+			if (responseData->mailbox_data &&
+				responseData->mailbox_data->type == IMAPParser::mailbox_data::STATUS) {
+
+				shared_ptr <IMAPFolderStatus> status = make_shared <IMAPFolderStatus>();
+				status->updateFromResponse(*responseData->mailbox_data);
+
+				m_status->updateFromResponse(*responseData->mailbox_data);
+
+				return status;
+			}
+		}
+	}
+
+	throw exceptions::command_error("STATUS", resp->getErrorLog(), "invalid response");
+}
+
+
+void IMAPFolder::noop() {
+
+	shared_ptr <IMAPStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	IMAPCommand::NOOP()->send(m_connection);
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("NOOP", resp->getErrorLog());
+	}
+
+	processStatusUpdate(resp.get());
+}
+
+
+std::vector <size_t> IMAPFolder::getMessageNumbersStartingOnUID(const message::uid& uid) {
+
+	// Send the request
+	std::ostringstream uidSearchKey;
+	uidSearchKey.imbue(std::locale::classic());
+	uidSearchKey << "UID " << uid << ":*";
+
+	std::vector <string> searchKeys;
+	searchKeys.push_back(uidSearchKey.str());
+
+	IMAPCommand::SEARCH(searchKeys, /* charset */ NULL)->send(m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() ||
+	    resp->response_done->response_tagged->resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("SEARCH", resp->getErrorLog(), "bad response");
+	}
+
+	auto& respDataList = resp->continue_req_or_response_data;
+
+	std::vector <size_t> seqNumbers;
+
+	for (auto it = respDataList.begin() ; it != respDataList.end() ; ++it) {
+
+		if (!(*it)->response_data) {
+			throw exceptions::command_error("SEARCH", resp->getErrorLog(), "invalid response");
+		}
+
+		auto *mailboxData = (*it)->response_data->mailbox_data.get();
+
+		// We are only interested in responses of type "SEARCH"
+		if (!mailboxData ||
+		    mailboxData->type != IMAPParser::mailbox_data::SEARCH) {
+
+			continue;
+		}
+
+		for (auto &nzn : mailboxData->search_nz_number_list) {
+			seqNumbers.push_back(nzn->value);
+		}
+	}
+
+	processStatusUpdate(resp.get());
+
+	return seqNumbers;
+}
+
+
+void IMAPFolder::processStatusUpdate(const IMAPParser::response* resp) {
+
+	std::vector <shared_ptr <events::event> > events;
+
+	shared_ptr <IMAPFolderStatus> oldStatus = vmime::clone(m_status);
+	int expungedMessageCount = 0;
+
+	// Process tagged response
+	if (resp->response_done &&
+	    resp->response_done->response_tagged &&
+	    resp->response_done->response_tagged->resp_cond_state->resp_text->resp_text_code) {
+
+		m_status->updateFromResponse(
+			*resp->response_done->response_tagged->resp_cond_state->resp_text->resp_text_code
+		);
+	}
+
+	// Process untagged responses
+	for (auto it = resp->continue_req_or_response_data.begin() ;
+	     it != resp->continue_req_or_response_data.end() ; ++it) {
+
+		if ((*it)->response_data &&
+		    (*it)->response_data->resp_cond_state &&
+		    (*it)->response_data->resp_cond_state->resp_text->resp_text_code) {
+
+			m_status->updateFromResponse(
+				*(*it)->response_data->resp_cond_state->resp_text->resp_text_code
+			);
+
+		} else if ((*it)->response_data &&
+		           (*it)->response_data->mailbox_data) {
+
+			m_status->updateFromResponse(*(*it)->response_data->mailbox_data);
+
+			// Update folder attributes, if available
+			if ((*it)->response_data->mailbox_data->type == IMAPParser::mailbox_data::LIST) {
+
+				folderAttributes attribs;
+				IMAPUtils::mailboxFlagsToFolderAttributes(
+					m_connection,
+					m_path,
+					*(*it)->response_data->mailbox_data->mailbox_list->mailbox_flag_list,
+					attribs
+				);
+
+				m_attribs = make_shared <folderAttributes>(attribs);
+			}
+
+		} else if ((*it)->response_data && (*it)->response_data->message_data) {
+
+			auto* msgData = (*it)->response_data->message_data.get();
+			const size_t msgNumber = msgData->number;
+
+			if (msgData->type == IMAPParser::message_data::FETCH) {
+
+				// Message changed
+				for (std::vector <IMAPMessage*>::iterator mit =
+				     m_messages.begin() ; mit != m_messages.end() ; ++mit) {
+
+					if ((*mit)->getNumber() == msgNumber) {
+						(*mit)->processFetchResponse(/* options */ 0, *msgData);
+					}
+				}
+
+				events.push_back(
+					make_shared <events::messageChangedEvent>(
+						dynamicCast <folder>(shared_from_this()),
+						events::messageChangedEvent::TYPE_FLAGS,
+						std::vector <size_t>(1, msgNumber)
+					)
+				);
+
+			} else if (msgData->type == IMAPParser::message_data::EXPUNGE) {
+
+				// A message has been expunged, renumber messages
+				for (std::vector <IMAPMessage*>::iterator jt =
+				     m_messages.begin() ; jt != m_messages.end() ; ++jt) {
+
+					if ((*jt)->getNumber() == msgNumber) {
+						(*jt)->setExpunged();
+					} else if ((*jt)->getNumber() > msgNumber) {
+						(*jt)->renumber((*jt)->getNumber() - 1);
+					}
+				}
+
+				events.push_back(
+					make_shared <events::messageCountEvent>(
+						dynamicCast <folder>(shared_from_this()),
+						events::messageCountEvent::TYPE_REMOVED,
+						std::vector <size_t>(1, msgNumber)
+					)
+				);
+
+				expungedMessageCount++;
+			}
+		}
+	}
+
+	// New messages arrived
+	if (m_status->getMessageCount() > oldStatus->getMessageCount() - expungedMessageCount) {
+
+		std::vector <size_t> newMessageNumbers;
+
+		for (size_t msgNumber = oldStatus->getMessageCount() - expungedMessageCount ;
+		     msgNumber <= m_status->getMessageCount() ; ++msgNumber) {
+
+			newMessageNumbers.push_back(msgNumber);
+		}
+
+		events.push_back(
+			make_shared <events::messageCountEvent>(
+				dynamicCast <folder>(shared_from_this()),
+				events::messageCountEvent::TYPE_ADDED,
+				newMessageNumbers
+			)
+		);
+	}
+
+	// Dispatch notifications
+	for (std::vector <shared_ptr <events::event> >::iterator evit =
+	     events.begin() ; evit != events.end() ; ++evit) {
+
+		notifyEvent(*evit);
+	}
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPFolder.hpp b/vmime-master/src/vmime/net/imap/IMAPFolder.hpp
new file mode 100644
index 0000000..3e6b04b
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPFolder.hpp
@@ -0,0 +1,230 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPFOLDER_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPFOLDER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include <vector>
+#include <map>
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/folder.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPStore;
+class IMAPMessage;
+class IMAPConnection;
+class IMAPFolderStatus;
+
+
+/** IMAP folder implementation.
+  */
+class VMIME_EXPORT IMAPFolder : public folder {
+
+private:
+
+	friend class IMAPStore;
+	friend class IMAPMessage;
+
+	IMAPFolder(const IMAPFolder&);
+
+public:
+
+	IMAPFolder(
+		const folder::path& path,
+		const shared_ptr <IMAPStore>& store,
+		const shared_ptr <folderAttributes>& attribs
+	);
+
+	~IMAPFolder();
+
+	int getMode() const;
+
+	const folderAttributes getAttributes();
+
+	const folder::path::component getName() const;
+	const folder::path getFullPath() const;
+
+	void open(const int mode, bool failIfModeIsNotAvailable = false);
+	void close(const bool expunge);
+	void create(const folderAttributes& attribs);
+
+	bool exists();
+
+	void destroy();
+
+	bool isOpen() const;
+
+	shared_ptr <message> getMessage(const size_t num);
+	std::vector <shared_ptr <message> > getMessages(const messageSet& msgs);
+
+	std::vector <size_t> getMessageNumbersStartingOnUID(const message::uid& uid);
+
+	size_t getMessageCount();
+
+	shared_ptr <folder> getFolder(const folder::path::component& name);
+	std::vector <shared_ptr <folder> > getFolders(const bool recursive = false);
+
+	void rename(const folder::path& newPath);
+
+	void deleteMessages(const messageSet& msgs);
+
+	void setMessageFlags(
+		const messageSet& msgs,
+		const int flags,
+		const int mode = message::FLAG_MODE_SET
+	);
+
+	messageSet addMessage(
+		const shared_ptr <vmime::message>& msg,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet addMessage(
+		utility::inputStream& is,
+		const size_t size,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet copyMessages(const folder::path& dest, const messageSet& msgs);
+
+	void status(size_t& count, size_t& unseen);
+	shared_ptr <folderStatus> getStatus();
+
+	void noop();
+
+	void expunge();
+
+	shared_ptr <folder> getParent();
+
+	shared_ptr <const store> getStore() const;
+	shared_ptr <store> getStore();
+
+
+	void fetchMessages(
+		std::vector <shared_ptr <message> >& msg,
+		const fetchAttributes& options,
+		utility::progressListener* progress = NULL
+	);
+
+	void fetchMessage(const shared_ptr <message>& msg, const fetchAttributes& options);
+
+	std::vector <shared_ptr <message> > getAndFetchMessages(
+		const messageSet& msgs,
+		const fetchAttributes& attribs
+	);
+
+	int getFetchCapabilities() const;
+
+	/** Returns the UID validity of the folder for the current session.
+	  * If the server is capable of persisting UIDs accross sessions,
+	  * this value should never change for a folder. If the UID validity
+	  * differs across sessions, then the UIDs obtained during a previous
+	  * session may not correspond to the UIDs of the same messages in
+	  * this session.
+	  *
+	  * @return UID validity of the folder
+	  */
+	vmime_uint32 getUIDValidity() const;
+
+	/** Returns the highest modification sequence of this folder, ie the
+	  * modification sequence of the last message that changed in this
+	  * folder.
+	  *
+	  * @return modification sequence, or zero if not supported by
+	  * the underlying protocol
+	  */
+	vmime_uint64 getHighestModSequence() const;
+
+private:
+
+	void registerMessage(IMAPMessage* msg);
+	void unregisterMessage(IMAPMessage* msg);
+
+	void onStoreDisconnected();
+
+	void onClose();
+
+	int testExistAndGetType();
+
+	void setMessageFlagsImpl(const string& set, const int flags, const int mode);
+
+	void copyMessagesImpl(const string& set, const folder::path& dest);
+
+
+	/** Process status updates ("unsolicited responses") contained in the
+	  * specified response. Example:
+	  *
+	  *    C: a006 NOOP
+	  *    S: * 930 EXISTS       <-- this is a status update
+	  *    S: a006 OK Success
+	  *
+	  * @param resp parsed IMAP response
+	  */
+	void processStatusUpdate(const IMAPParser::response* resp);
+
+
+	weak_ptr <IMAPStore> m_store;
+	shared_ptr <IMAPConnection> m_connection;
+
+	folder::path m_path;
+	folder::path::component m_name;
+
+	int m_mode;
+	bool m_open;
+
+	shared_ptr <folderAttributes> m_attribs;
+
+	shared_ptr <IMAPFolderStatus> m_status;
+
+	std::vector <IMAPMessage*> m_messages;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPFOLDER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPFolderStatus.cpp b/vmime-master/src/vmime/net/imap/IMAPFolderStatus.cpp
new file mode 100644
index 0000000..55df337
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPFolderStatus.cpp
@@ -0,0 +1,292 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPFolderStatus::IMAPFolderStatus()
+	: m_count(0),
+	  m_unseen(0),
+	  m_recent(0),
+	  m_uidValidity(0),
+	  m_uidNext(0),
+	  m_highestModSeq(0) {
+
+}
+
+
+IMAPFolderStatus::IMAPFolderStatus(const IMAPFolderStatus& other)
+	: folderStatus(),
+	  m_count(other.m_count),
+	  m_unseen(other.m_unseen),
+	  m_recent(other.m_recent),
+	  m_uidValidity(other.m_uidValidity),
+	  m_uidNext(other.m_uidNext),
+	  m_highestModSeq(other.m_highestModSeq) {
+
+}
+
+
+size_t IMAPFolderStatus::getMessageCount() const {
+
+	return m_count;
+}
+
+
+size_t IMAPFolderStatus::getUnseenCount() const {
+
+	return m_unseen;
+}
+
+
+size_t IMAPFolderStatus::getRecentCount() const {
+
+	return m_recent;
+}
+
+
+vmime_uint32 IMAPFolderStatus::getUIDValidity() const {
+
+	return m_uidValidity;
+}
+
+
+vmime_uint32 IMAPFolderStatus::getUIDNext() const {
+
+	return m_uidNext;
+}
+
+
+vmime_uint64 IMAPFolderStatus::getHighestModSeq() const {
+
+	return m_highestModSeq;
+}
+
+
+shared_ptr <folderStatus> IMAPFolderStatus::clone() const {
+
+	return make_shared <IMAPFolderStatus>(*this);
+}
+
+
+bool IMAPFolderStatus::updateFromResponse(const IMAPParser::mailbox_data& resp) {
+
+	bool changed = false;
+
+	if (resp.type == IMAPParser::mailbox_data::STATUS) {
+
+		for (auto &attval : resp.status_att_list->values) {
+
+			switch (attval->type) {
+
+				case IMAPParser::status_att_val::MESSAGES: {
+
+					const size_t count =
+						static_cast <size_t>(attval->value_as_number()->value);
+
+					if (m_count != count) {
+						m_count = count;
+						changed = true;
+					}
+
+					break;
+				}
+				case IMAPParser::status_att_val::UNSEEN: {
+
+					const size_t unseen =
+						static_cast <size_t>(attval->value_as_number()->value);
+
+					if (m_unseen != unseen) {
+						m_unseen = unseen;
+						changed = true;
+					}
+
+					break;
+				}
+				case IMAPParser::status_att_val::RECENT: {
+
+					const size_t recent =
+						static_cast <size_t>(attval->value_as_number()->value);
+
+					if (m_recent != recent) {
+						m_recent = recent;
+						changed = true;
+					}
+
+					break;
+				}
+				case IMAPParser::status_att_val::UIDNEXT: {
+
+					const vmime_uint32 uidNext =
+						static_cast <vmime_uint32>(attval->value_as_number()->value);
+
+					if (m_uidNext != uidNext) {
+						m_uidNext = uidNext;
+						changed = true;
+					}
+
+					break;
+				}
+				case IMAPParser::status_att_val::UIDVALIDITY: {
+
+					const vmime_uint32 uidValidity =
+						static_cast <vmime_uint32>(attval->value_as_number()->value);
+
+					if (m_uidValidity != uidValidity) {
+						m_uidValidity = uidValidity;
+						changed = true;
+					}
+
+					break;
+				}
+				case IMAPParser::status_att_val::HIGHESTMODSEQ: {
+
+					const vmime_uint64 highestModSeq =
+						static_cast <vmime_uint64>(attval->value_as_mod_sequence_value()->value);
+
+					if (m_highestModSeq != highestModSeq) {
+						m_highestModSeq = highestModSeq;
+						changed = true;
+					}
+
+					break;
+				}
+
+			}
+		}
+
+	} else if (resp.type == IMAPParser::mailbox_data::EXISTS) {
+
+		const size_t count =
+			static_cast <size_t>(resp.number->value);
+
+		if (m_count != count) {
+			m_count = count;
+			changed = true;
+		}
+
+	} else if (resp.type == IMAPParser::mailbox_data::RECENT) {
+
+		const size_t recent =
+			static_cast <size_t>(resp.number->value);
+
+		if (m_recent != recent) {
+			m_recent = recent;
+			changed = true;
+		}
+	}
+
+	return changed;
+}
+
+
+bool IMAPFolderStatus::updateFromResponse(const IMAPParser::resp_text_code& resp) {
+
+	bool changed = false;
+
+	switch (resp.type) {
+
+		case IMAPParser::resp_text_code::UIDVALIDITY: {
+
+			const vmime_uint32 uidValidity =
+				static_cast <vmime_uint32>(resp.nz_number->value);
+
+			if (m_uidValidity != uidValidity) {
+				m_uidValidity = uidValidity;
+				changed = true;
+			}
+
+			break;
+		}
+		case IMAPParser::resp_text_code::UIDNEXT: {
+
+			const vmime_uint32 uidNext =
+				static_cast <vmime_uint32>(resp.nz_number->value);
+
+			if (m_uidNext != uidNext) {
+				m_uidNext = uidNext;
+				changed = true;
+			}
+
+			break;
+		}
+		case IMAPParser::resp_text_code::UNSEEN: {
+
+			const size_t unseen =
+				static_cast <size_t>(resp.nz_number->value);
+
+			if (m_unseen != unseen)
+			{
+				m_unseen = unseen;
+				changed = true;
+			}
+
+			break;
+		}
+		case IMAPParser::resp_text_code::HIGHESTMODSEQ: {
+
+			const vmime_uint64 highestModSeq =
+				static_cast <vmime_uint64>(resp.mod_sequence_value->value);
+
+			if (m_highestModSeq != highestModSeq) {
+				m_highestModSeq = highestModSeq;
+				changed = true;
+			}
+
+			break;
+		}
+		case IMAPParser::resp_text_code::NOMODSEQ: {
+
+			if (m_highestModSeq != 0) {
+				m_highestModSeq = 0;
+				changed = true;
+			}
+
+			break;
+		}
+		default:
+
+			break;
+	}
+
+	return changed;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
diff --git a/vmime-master/src/vmime/net/imap/IMAPFolderStatus.hpp b/vmime-master/src/vmime/net/imap/IMAPFolderStatus.hpp
new file mode 100644
index 0000000..b9a73ec
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPFolderStatus.hpp
@@ -0,0 +1,123 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPFOLDERSTATUS_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPFOLDERSTATUS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/folderStatus.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+/** Holds the status of an IMAP folder.
+  */
+class VMIME_EXPORT IMAPFolderStatus : public folderStatus {
+
+public:
+
+	IMAPFolderStatus();
+	IMAPFolderStatus(const IMAPFolderStatus& other);
+
+	// Inherited from folderStatus
+	size_t getMessageCount() const;
+	size_t getUnseenCount() const;
+
+	shared_ptr <folderStatus> clone() const;
+
+	/** Returns the the number of messages with the Recent flag set.
+	  *
+	  * @return number of messages flagged Recent
+	  */
+	size_t getRecentCount() const;
+
+	/** Returns the UID validity of the folder for the current session.
+	  * If the server is capable of persisting UIDs accross sessions,
+	  * this value should never change for a folder.
+	  *
+	  * @return UID validity of the folder
+	  */
+	vmime_uint32 getUIDValidity() const;
+
+	/** Returns the UID value that will be assigned to a new message
+	  * in the folder. If the server does not support the UIDPLUS
+	  * extension, it will return 0.
+	  *
+	  * @return UID of the next message
+	  */
+	vmime_uint32 getUIDNext() const;
+
+	/** Returns the highest modification sequence of all messages
+	  * in the folder, or 0 if not available for this folder, or not
+	  * supported by the server. The server must support the CONDSTORE
+	  * extension for this to be available.
+	  *
+	  * @return highest modification sequence
+	  */
+	vmime_uint64 getHighestModSeq() const;
+
+
+	/** Reads the folder status from the specified IMAP response.
+	  *
+	  * @param resp parsed IMAP response
+	  * @return true if the status changed, or false otherwise
+	  */
+	bool updateFromResponse(const IMAPParser::mailbox_data& resp);
+
+	/** Reads the folder status from the specified IMAP response.
+	  *
+	  * @param resp parsed IMAP response
+	  * @return true if the status changed, or false otherwise
+	  */
+	bool updateFromResponse(const IMAPParser::resp_text_code& resp);
+
+private:
+
+	size_t m_count;
+	size_t m_unseen;
+	size_t m_recent;
+	vmime_uint32 m_uidValidity;
+	vmime_uint32 m_uidNext;
+	vmime_uint64 m_highestModSeq;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPFOLDERSTATUS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessage.cpp b/vmime-master/src/vmime/net/imap/IMAPMessage.cpp
new file mode 100644
index 0000000..f74a4a4
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessage.cpp
@@ -0,0 +1,760 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPParser.hpp"
+#include "vmime/net/imap/IMAPMessage.hpp"
+#include "vmime/net/imap/IMAPFolder.hpp"
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPUtils.hpp"
+#include "vmime/net/imap/IMAPMessageStructure.hpp"
+#include "vmime/net/imap/IMAPMessagePart.hpp"
+#include "vmime/net/imap/IMAPMessagePartContentHandler.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include <sstream>
+#include <iterator>
+#include <typeinfo>
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+#ifndef VMIME_BUILDING_DOC
+
+//
+// IMAPMessage_literalHandler
+//
+
+class IMAPMessage_literalHandler : public IMAPParser::literalHandler {
+
+public:
+
+	IMAPMessage_literalHandler(utility::outputStream& os, utility::progressListener* progress) {
+
+		m_target = shared_ptr <target>(new targetStream(progress, os));
+	}
+
+	shared_ptr <target> targetFor(const IMAPParser::component& comp, const int /* data */) {
+
+		if (typeid(comp) == typeid(IMAPParser::msg_att_item)) {
+
+			const int type = static_cast
+				<const IMAPParser::msg_att_item&>(comp).type;
+
+			if (type == IMAPParser::msg_att_item::BODY_SECTION ||
+			    type == IMAPParser::msg_att_item::RFC822_TEXT) {
+
+				return m_target;
+			}
+		}
+
+		return shared_ptr <target>();
+	}
+
+	shared_ptr <target> getTarget() {
+
+		return m_target;
+	}
+
+private:
+
+	shared_ptr <target> m_target;
+};
+
+#endif // VMIME_BUILDING_DOC
+
+
+
+//
+// IMAPMessage
+//
+
+
+IMAPMessage::IMAPMessage(
+	const shared_ptr <IMAPFolder>& folder,
+	const size_t num
+)
+	: m_folder(folder),
+	  m_num(num),
+	  m_size(-1U),
+	  m_flags(FLAG_UNDEFINED),
+	  m_expunged(false),
+	  m_modseq(0),
+	  m_structure(null) {
+
+	folder->registerMessage(this);
+}
+
+
+IMAPMessage::IMAPMessage(
+	const shared_ptr <IMAPFolder>& folder,
+	const size_t num,
+	const uid& uid
+)
+	: m_folder(folder),
+	  m_num(num),
+	  m_size(-1),
+	  m_flags(FLAG_UNDEFINED),
+	  m_expunged(false),
+	  m_uid(uid),
+	  m_modseq(0),
+	  m_structure(null) {
+
+	folder->registerMessage(this);
+}
+
+
+IMAPMessage::~IMAPMessage() {
+
+	try {
+
+		shared_ptr <IMAPFolder> folder = m_folder.lock();
+
+		if (folder) {
+			folder->unregisterMessage(this);
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void IMAPMessage::onFolderClosed() {
+
+	m_folder.reset();
+}
+
+
+size_t IMAPMessage::getNumber() const {
+
+	return m_num;
+}
+
+
+const message::uid IMAPMessage::getUID() const {
+
+	return m_uid;
+}
+
+
+vmime_uint64 IMAPMessage::getModSequence() const {
+
+	return m_modseq;
+}
+
+
+size_t IMAPMessage::getSize() const {
+
+	if (m_size == -1U) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_size;
+}
+
+
+bool IMAPMessage::isExpunged() const {
+
+	return m_expunged;
+}
+
+
+int IMAPMessage::getFlags() const {
+
+	if (m_flags == FLAG_UNDEFINED) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_flags;
+}
+
+
+shared_ptr <const messageStructure> IMAPMessage::getStructure() const {
+
+	if (m_structure == NULL) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_structure;
+}
+
+
+shared_ptr <messageStructure> IMAPMessage::getStructure() {
+
+	if (m_structure == NULL) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_structure;
+}
+
+
+shared_ptr <const header> IMAPMessage::getHeader() const {
+
+	if (m_header == NULL) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_header;
+}
+
+
+void IMAPMessage::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress,
+    const size_t start,
+    const size_t length,
+    const bool peek
+) const {
+
+	shared_ptr <const IMAPFolder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::folder_not_found();
+	}
+
+	extractImpl(
+		null, os, progress, start, length,
+		EXTRACT_HEADER | EXTRACT_BODY | (peek ? EXTRACT_PEEK : 0)
+	);
+}
+
+
+void IMAPMessage::extractPart(
+	const shared_ptr <const messagePart>& p,
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const bool peek
+) const {
+
+	shared_ptr <const IMAPFolder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::folder_not_found();
+	}
+
+	extractImpl(
+		p, os, progress, start, length,
+		EXTRACT_HEADER | EXTRACT_BODY | (peek ? EXTRACT_PEEK : 0)
+	);
+}
+
+
+void IMAPMessage::fetchPartHeader(const shared_ptr <messagePart>& p) {
+
+	shared_ptr <IMAPFolder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::folder_not_found();
+	}
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter ossAdapter(oss);
+
+	extractImpl(p, ossAdapter, NULL, 0, -1, EXTRACT_HEADER | EXTRACT_PEEK);
+
+	dynamicCast <IMAPMessagePart>(p)->getOrCreateHeader().parse(oss.str());
+}
+
+
+void IMAPMessage::fetchPartHeaderForStructure(const shared_ptr <messageStructure>& str) {
+
+	for (size_t i = 0, n = str->getPartCount() ; i < n ; ++i) {
+
+		shared_ptr <messagePart> part = str->getPartAt(i);
+
+		// Fetch header of current part
+		fetchPartHeader(part);
+
+		// Fetch header of sub-parts
+		fetchPartHeaderForStructure(part->getStructure());
+	}
+}
+
+
+size_t IMAPMessage::extractImpl(
+	const shared_ptr <const messagePart>& p,
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const int extractFlags
+) const {
+
+	shared_ptr <const IMAPFolder> folder = m_folder.lock();
+
+	IMAPMessage_literalHandler literalHandler(os, progress);
+
+	if (length == 0) {
+		return 0;
+	}
+
+	// Construct section identifier
+	std::ostringstream section;
+	section.imbue(std::locale::classic());
+
+	if (p != NULL) {
+
+		shared_ptr <const IMAPMessagePart> currentPart = dynamicCast <const IMAPMessagePart>(p);
+		std::vector <size_t> numbers;
+
+		numbers.push_back(currentPart->getNumber());
+		currentPart = currentPart->getParent();
+
+		while (currentPart != NULL) {
+			numbers.push_back(currentPart->getNumber());
+			currentPart = currentPart->getParent();
+		}
+
+		numbers.erase(numbers.end() - 1);
+
+		for (std::vector <size_t>::reverse_iterator it = numbers.rbegin() ; it != numbers.rend() ; ++it) {
+			if (it != numbers.rbegin()) section << ".";
+			section << (*it + 1);
+		}
+	}
+
+	// Build the body descriptor for FETCH
+	/*
+	   BODY[]               header + body
+	   BODY.PEEK[]          header + body (peek)
+	   BODY[HEADER]         header
+	   BODY.PEEK[HEADER]    header (peek)
+	   BODY[TEXT]           body
+	   BODY.PEEK[TEXT]      body (peek)
+	*/
+	std::ostringstream bodyDesc;
+	bodyDesc.imbue(std::locale::classic());
+
+	bodyDesc << "BODY";
+
+	if (extractFlags & EXTRACT_PEEK) {
+		bodyDesc << ".PEEK";
+	}
+
+	bodyDesc << "[";
+
+	if (section.str().empty()) {
+
+		// header + body
+		if ((extractFlags & EXTRACT_HEADER) && (extractFlags & EXTRACT_BODY)) {
+			bodyDesc << "";
+		// body only
+		} else if (extractFlags & EXTRACT_BODY) {
+			bodyDesc << "TEXT";
+		// header only
+		} else if (extractFlags & EXTRACT_HEADER) {
+			bodyDesc << "HEADER";
+		}
+
+	} else {
+
+		bodyDesc << section.str();
+
+		// header + body
+		if ((extractFlags & EXTRACT_HEADER) && (extractFlags & EXTRACT_BODY)) {
+
+			// First, extract header
+			std::ostringstream header;
+			utility::outputStreamAdapter headerStream(header);
+
+			const size_t headerLength = extractImpl(
+				p, headerStream, /* progress */ NULL,
+				/* start */ 0, /* length */ -1, extractFlags & ~EXTRACT_BODY
+			);
+
+			size_t s = start;
+			size_t l = length;
+
+			if (s < headerLength) {
+
+				if (l == static_cast <size_t>(-1)) {
+
+					os.write(header.str().data() + s, headerLength - s);
+
+				} else {
+
+					size_t headerCopyLength = l;
+
+					if (start + headerCopyLength > headerLength) {
+						headerCopyLength = headerLength - start;
+					}
+
+					os.write(header.str().data() + s, headerCopyLength);
+
+					l -= headerCopyLength;
+				}
+
+				s = 0;
+
+			} else {
+
+				s -= headerLength;
+			}
+
+			// Then, extract body
+			return extractImpl(p, os, progress, s, l, extractFlags & ~EXTRACT_HEADER);
+
+		// header only
+		} else if (extractFlags & EXTRACT_HEADER) {
+
+			bodyDesc << ".MIME";   // "MIME" not "HEADER" for parts
+		}
+	}
+
+	bodyDesc << "]";
+
+	if (start != 0 || length != static_cast <size_t>(-1)) {
+
+		if (length == static_cast <size_t>(-1)) {
+			bodyDesc << "<" << start << "." << static_cast <unsigned int>(-1) << ">";
+		} else {
+			bodyDesc << "<" << start << "." << length << ">";
+		}
+	}
+
+	std::vector <std::string> fetchParams;
+	fetchParams.push_back(bodyDesc.str());
+
+	// Send the request
+	IMAPCommand::FETCH(
+		m_uid.empty() ? messageSet::byNumber(m_num) : messageSet::byUID(m_uid),
+		fetchParams
+	)->send(folder->m_connection);
+
+	// Get the response
+	scoped_ptr <IMAPParser::response> resp(folder->m_connection->readResponse(&literalHandler));
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+		resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("FETCH", resp->getErrorLog(), "bad response");
+	}
+
+
+	if (extractFlags & EXTRACT_BODY) {
+		// TODO: update the flags (eg. flag "\Seen" may have been set)
+	}
+
+	return literalHandler.getTarget()->getBytesWritten();
+}
+
+
+int IMAPMessage::processFetchResponse(
+	const fetchAttributes& options,
+	const IMAPParser::message_data& msgData
+) {
+
+	shared_ptr <IMAPFolder> folder = m_folder.lock();
+
+	// Get message attributes
+	int changes = 0;
+
+	for (auto &att : msgData.msg_att->items) {
+
+		switch (att->type) {
+
+			case IMAPParser::msg_att_item::FLAGS: {
+
+				int flags = IMAPUtils::messageFlagsFromFlags(*att->flag_list);
+
+				if (m_flags != flags) {
+					m_flags = flags;
+					changes |= events::messageChangedEvent::TYPE_FLAGS;
+				}
+
+				break;
+			}
+			case IMAPParser::msg_att_item::UID: {
+
+				m_uid = att->uniqueid->value;
+				break;
+			}
+			case IMAPParser::msg_att_item::MODSEQ: {
+
+				m_modseq = att->mod_sequence_value->value;
+				break;
+			}
+			case IMAPParser::msg_att_item::ENVELOPE: {
+
+				if (!options.has(fetchAttributes::FULL_HEADER)) {
+
+					auto* env = att->envelope.get();
+					shared_ptr <vmime::header> hdr = getOrCreateHeader();
+
+					// Date
+					hdr->Date()->setValue(env->env_date->value);
+
+					// Subject
+					text subject;
+					text::decodeAndUnfold(env->env_subject->value, &subject);
+
+					hdr->Subject()->setValue(subject);
+
+					// From
+					mailboxList from;
+					IMAPUtils::convertAddressList(*(env->env_from), from);
+
+					if (!from.isEmpty()) {
+						hdr->From()->setValue(*(from.getMailboxAt(0)));
+					}
+
+					// To
+					mailboxList to;
+					IMAPUtils::convertAddressList(*(env->env_to), to);
+
+					hdr->To()->setValue(to.toAddressList());
+
+					// Sender
+					mailboxList sender;
+					IMAPUtils::convertAddressList(*(env->env_sender), sender);
+
+					if (!sender.isEmpty()) {
+						hdr->Sender()->setValue(*(sender.getMailboxAt(0)));
+					}
+
+					// Reply-to
+					mailboxList replyTo;
+					IMAPUtils::convertAddressList(*(env->env_reply_to), replyTo);
+
+					if (!replyTo.isEmpty()) {
+						hdr->ReplyTo()->setValue(*(replyTo.getMailboxAt(0)));
+					}
+
+					// Cc
+					mailboxList cc;
+					IMAPUtils::convertAddressList(*(env->env_cc), cc);
+
+					if (!cc.isEmpty()) {
+						hdr->Cc()->setValue(cc.toAddressList());
+					}
+
+					// Bcc
+					mailboxList bcc;
+					IMAPUtils::convertAddressList(*(env->env_bcc), bcc);
+
+					if (!bcc.isEmpty()) {
+						hdr->Bcc()->setValue(bcc.toAddressList());
+					}
+				}
+
+				break;
+			}
+			case IMAPParser::msg_att_item::BODY_STRUCTURE: {
+
+				m_structure = make_shared <IMAPMessageStructure>(att->body.get());
+				break;
+			}
+			case IMAPParser::msg_att_item::RFC822_HEADER: {
+
+				getOrCreateHeader()->parse(att->nstring->value);
+				break;
+			}
+			case IMAPParser::msg_att_item::RFC822_SIZE: {
+
+				m_size = static_cast <size_t>(att->number->value);
+				break;
+			}
+			case IMAPParser::msg_att_item::BODY_SECTION: {
+
+				if (!options.has(fetchAttributes::FULL_HEADER)) {
+
+					if (att->section->section_text1 &&
+					    att->section->section_text1->type
+					        == IMAPParser::section_text::HEADER_FIELDS) {
+
+						header tempHeader;
+						tempHeader.parse(att->nstring->value);
+
+						vmime::header& hdr = *getOrCreateHeader();
+
+						for (auto& fld : tempHeader.getFieldList()) {
+							hdr.appendField(vmime::clone(fld));
+						}
+					}
+				}
+
+				break;
+			}
+			case IMAPParser::msg_att_item::INTERNALDATE:
+			case IMAPParser::msg_att_item::RFC822:
+			case IMAPParser::msg_att_item::RFC822_TEXT:
+			case IMAPParser::msg_att_item::BODY: {
+
+				break;
+			}
+
+		}
+	}
+
+	return changes;
+}
+
+
+shared_ptr <header> IMAPMessage::getOrCreateHeader() {
+
+	if (m_header != NULL) {
+		return m_header;
+	} else {
+		return m_header = make_shared <header>();
+	}
+}
+
+
+void IMAPMessage::setFlags(const int flags, const int mode) {
+
+	shared_ptr <IMAPFolder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::folder_not_found();
+	}
+
+	if (!m_uid.empty()) {
+		folder->setMessageFlags(messageSet::byUID(m_uid), flags, mode);
+	} else {
+		folder->setMessageFlags(messageSet::byNumber(m_num), flags, mode);
+	}
+}
+
+
+void IMAPMessage::constructParsedMessage(
+	const shared_ptr <bodyPart>& parentPart,
+	const shared_ptr <messageStructure>& str,
+	int level
+) {
+
+	if (level == 0) {
+
+		shared_ptr <messagePart> part = str->getPartAt(0);
+
+		// Copy header
+		shared_ptr <const header> hdr = part->getHeader();
+		parentPart->getHeader()->copyFrom(*hdr);
+
+		// Initialize body
+		parentPart->getBody()->setContents(
+			make_shared <IMAPMessagePartContentHandler>(
+				dynamicCast <IMAPMessage>(shared_from_this()),
+				part, parentPart->getBody()->getEncoding()
+			)
+		);
+
+		constructParsedMessage(parentPart, part->getStructure(), 1);
+
+	} else {
+
+		for (size_t i = 0, n = str->getPartCount() ; i < n ; ++i) {
+
+			shared_ptr <messagePart> part = str->getPartAt(i);
+
+			shared_ptr <bodyPart> childPart = make_shared <bodyPart>();
+
+			// Copy header
+			shared_ptr <const header> hdr = part->getHeader();
+			childPart->getHeader()->copyFrom(*hdr);
+
+			// Initialize body
+			childPart->getBody()->setContents(
+				make_shared <IMAPMessagePartContentHandler>(
+					dynamicCast <IMAPMessage>(shared_from_this()),
+					part, childPart->getBody()->getEncoding()
+				)
+			);
+
+			// Add child part
+			parentPart->getBody()->appendPart(childPart);
+
+			// Construct sub parts
+			constructParsedMessage(childPart, part->getStructure(), ++level);
+		}
+	}
+}
+
+
+shared_ptr <vmime::message> IMAPMessage::getParsedMessage() {
+
+	// Fetch structure
+	shared_ptr <messageStructure> structure;
+
+	try {
+
+		structure = getStructure();
+
+	} catch (exceptions::unfetched_object&) {
+
+		std::vector <shared_ptr <message> > msgs;
+		msgs.push_back(dynamicCast <IMAPMessage>(shared_from_this()));
+
+		m_folder.lock()->fetchMessages(
+			msgs, fetchAttributes(fetchAttributes::STRUCTURE), /* progress */ NULL
+		);
+
+		structure = getStructure();
+	}
+
+	// Fetch header for each part
+	fetchPartHeaderForStructure(structure);
+
+	// Construct message from structure
+	shared_ptr <vmime::message> msg = make_shared <vmime::message>();
+
+	constructParsedMessage(msg, structure);
+
+	return msg;
+}
+
+
+void IMAPMessage::renumber(const size_t number) {
+
+	m_num = number;
+}
+
+
+void IMAPMessage::setExpunged() {
+
+	m_expunged = true;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessage.hpp b/vmime-master/src/vmime/net/imap/IMAPMessage.hpp
new file mode 100644
index 0000000..6d82a3e
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessage.hpp
@@ -0,0 +1,200 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPMESSAGE_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPMESSAGE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/message.hpp"
+#include "vmime/net/folder.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPFolder;
+
+
+/** IMAP message implementation.
+  */
+class VMIME_EXPORT IMAPMessage : public message {
+
+private:
+
+	friend class IMAPFolder;
+	friend class IMAPMessagePartContentHandler;
+
+	IMAPMessage(const IMAPMessage&) : message() { }
+
+public:
+
+	IMAPMessage(const shared_ptr <IMAPFolder>& folder, const size_t num);
+	IMAPMessage(const shared_ptr <IMAPFolder>& folder, const size_t num, const uid& uid);
+
+	~IMAPMessage();
+
+	size_t getNumber() const;
+
+	const uid getUID() const;
+
+	/** Returns the modification sequence for this message.
+	  *
+	  * Every time metadata for this message changes, the modification
+	  * sequence is updated, and is greater than the previous one. The
+	  * server must support the CONDSTORE extension for this to be
+	  * available.
+	  *
+	  * @return modification sequence, or zero if not supported by
+	  * the underlying protocol
+	  */
+	vmime_uint64 getModSequence() const;
+
+	size_t getSize() const;
+
+	bool isExpunged() const;
+
+	shared_ptr <const messageStructure> getStructure() const;
+	shared_ptr <messageStructure> getStructure();
+
+	shared_ptr <const header> getHeader() const;
+
+	int getFlags() const;
+	void setFlags(const int flags, const int mode = FLAG_MODE_SET);
+
+	void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void extractPart(
+		const shared_ptr <const messagePart>& p,
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void fetchPartHeader(const shared_ptr <messagePart>& p);
+
+	shared_ptr <vmime::message> getParsedMessage();
+
+private:
+
+	/** Renumbers the message.
+	  *
+	  * @param number new sequence number
+	  */
+	void renumber(const size_t number);
+
+	/** Marks the message as expunged.
+	  */
+	void setExpunged();
+
+	/** Processes the parsed response to fill in the attributes
+	  * and metadata of this message.
+	  *
+	  * @param options one or more fetch options (see folder::fetchAttributes)
+	  * @param msgData pointer to message_data component of the parsed response
+	  * @return a combination of flags that specify what changed exactly on
+	  * this message (see events::messageChangedEvent::Types)
+	  */
+	int processFetchResponse(const fetchAttributes& options, const IMAPParser::message_data& msgData);
+
+	/** Recursively fetch part header for all parts in the structure.
+	  *
+	  * @param str structure for which to fetch parts headers
+	  */
+	void fetchPartHeaderForStructure(const shared_ptr <messageStructure>& str);
+
+	/** Recursively contruct parsed message from structure.
+	  * Called by getParsedMessage().
+	  *
+	  * @param parentPart root body part (the message)
+	  * @param str structure for which to construct part
+	  * @param level current nesting level (0 is root)
+	  */
+	void constructParsedMessage(
+		const shared_ptr <bodyPart>& parentPart,
+		const shared_ptr <messageStructure>& str,
+		int level = 0
+	);
+
+
+	enum ExtractFlags
+	{
+		EXTRACT_HEADER = 0x1,
+		EXTRACT_BODY = 0x2,
+		EXTRACT_PEEK = 0x10
+	};
+
+	size_t extractImpl(
+		const shared_ptr <const messagePart>& p,
+		utility::outputStream& os,
+		utility::progressListener* progress,
+		const size_t start,
+		const size_t length,
+		const int extractFlags
+	) const;
+
+
+	shared_ptr <header> getOrCreateHeader();
+
+
+	void onFolderClosed();
+
+	weak_ptr <IMAPFolder> m_folder;
+
+	size_t m_num;
+	size_t m_size;
+	int m_flags;
+	bool m_expunged;
+	uid m_uid;
+	vmime_uint64 m_modseq;
+
+	shared_ptr <header> m_header;
+	shared_ptr <messageStructure> m_structure;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPMESSAGE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessagePart.cpp b/vmime-master/src/vmime/net/imap/IMAPMessagePart.cpp
new file mode 100644
index 0000000..ed2c0bd
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessagePart.cpp
@@ -0,0 +1,225 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPMessagePart.hpp"
+#include "vmime/net/imap/IMAPMessageStructure.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPMessagePart::IMAPMessagePart(
+	const shared_ptr <IMAPMessagePart>& parent,
+	const size_t number,
+	const IMAPParser::body_type_mpart* mpart
+)
+	: m_parent(parent),
+	  m_header(null),
+	  m_number(number),
+	  m_size(0) {
+
+	m_mediaType = vmime::mediaType(
+		"multipart",
+		mpart->media_subtype->value
+	);
+}
+
+namespace {
+	template<typename T>
+	vmime::string getPartName(const T& body_type) {
+		if (const auto* pparam = body_type->body_fields->body_fld_param.get()) {
+			for (const auto& param : pparam->items) {
+				if (param->string1->value == "NAME") {
+					return param->string2->value;
+				}
+			}
+		}
+
+		return {};
+	}
+}
+
+
+IMAPMessagePart::IMAPMessagePart(
+	const shared_ptr <IMAPMessagePart>& parent,
+	const size_t number,
+	const IMAPParser::body_type_1part* part
+)
+	: m_parent(parent),
+	  m_header(null),
+	  m_number(number),
+	  m_size(0) {
+
+	if (part->body_type_text) {
+
+		m_mediaType = vmime::mediaType(
+			"text",
+			part->body_type_text->media_text->media_subtype->value
+		);
+
+		m_size = part->body_type_text->body_fields->body_fld_octets->value;
+
+		m_name = getPartName(part->body_type_text);
+
+	} else if (part->body_type_msg) {
+
+		m_mediaType = vmime::mediaType(
+			"message",
+			part->body_type_msg->media_message->media_subtype->value
+		);
+
+	} else {
+
+		m_mediaType = vmime::mediaType(
+			part->body_type_basic->media_basic->media_type->value,
+			part->body_type_basic->media_basic->media_subtype->value
+		);
+
+		m_size = part->body_type_basic->body_fields->body_fld_octets->value;
+
+		m_name = getPartName(part->body_type_basic);
+	}
+
+	if (part->body_ext_1part && part->body_ext_1part->body_fld_dsp) {
+		auto *cdisp = part->body_ext_1part->body_fld_dsp->str();
+		if (cdisp) {
+			m_dispType = contentDisposition(cdisp->value);
+		}
+	}
+
+	m_structure = null;
+}
+
+
+shared_ptr <const messageStructure> IMAPMessagePart::getStructure() const {
+
+	if (m_structure) {
+		return m_structure;
+	} else {
+		return IMAPMessageStructure::emptyStructure();
+	}
+}
+
+
+shared_ptr <messageStructure> IMAPMessagePart::getStructure() {
+
+	if (m_structure) {
+		return m_structure;
+	} else {
+		return IMAPMessageStructure::emptyStructure();
+	}
+}
+
+
+shared_ptr <const IMAPMessagePart> IMAPMessagePart::getParent() const {
+
+	return m_parent.lock();
+}
+
+
+const mediaType& IMAPMessagePart::getType() const {
+
+	return m_mediaType;
+}
+
+
+const contentDisposition &IMAPMessagePart::getDisposition() const {
+
+	return m_dispType;
+}
+
+
+size_t IMAPMessagePart::getSize() const {
+
+	return m_size;
+}
+
+
+size_t IMAPMessagePart::getNumber() const {
+
+	return m_number;
+}
+
+
+string IMAPMessagePart::getName() const {
+
+	return m_name;
+}
+
+
+shared_ptr <const header> IMAPMessagePart::getHeader() const {
+
+	if (!m_header) {
+		throw exceptions::unfetched_object();
+	} else {
+		return m_header;
+	}
+}
+
+
+// static
+shared_ptr <IMAPMessagePart> IMAPMessagePart::create(
+	const shared_ptr <IMAPMessagePart>& parent,
+	const size_t number,
+	const IMAPParser::body* body
+) {
+
+	if (body->body_type_mpart) {
+
+		auto part = make_shared <IMAPMessagePart>(parent, number, body->body_type_mpart.get());
+		part->m_structure = make_shared <IMAPMessageStructure>(part, body->body_type_mpart->list);
+
+		return part;
+
+	} else {
+
+		return make_shared <IMAPMessagePart>(parent, number, body->body_type_1part.get());
+	}
+}
+
+
+header& IMAPMessagePart::getOrCreateHeader() {
+
+	if (m_header) {
+		return *m_header;
+	} else {
+		return *(m_header = make_shared <header>());
+	}
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessagePart.hpp b/vmime-master/src/vmime/net/imap/IMAPMessagePart.hpp
new file mode 100644
index 0000000..34ea172
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessagePart.hpp
@@ -0,0 +1,108 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPMESSAGEPART_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPMESSAGEPART_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/message.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPMessageStructure;
+
+
+class VMIME_EXPORT IMAPMessagePart : public messagePart {
+
+public:
+
+	IMAPMessagePart(
+		const shared_ptr <IMAPMessagePart>& parent,
+		const size_t number,
+		const IMAPParser::body_type_mpart* mpart
+	);
+
+	IMAPMessagePart(
+		const shared_ptr <IMAPMessagePart>& parent,
+		const size_t number,
+		const IMAPParser::body_type_1part* part
+	);
+
+	shared_ptr <const messageStructure> getStructure() const;
+	shared_ptr <messageStructure> getStructure();
+
+	shared_ptr <const IMAPMessagePart> getParent() const;
+
+	const mediaType& getType() const;
+	const contentDisposition &getDisposition() const;
+	size_t getSize() const;
+	size_t getNumber() const;
+	string getName() const;
+
+	shared_ptr <const header> getHeader() const;
+
+
+	static shared_ptr <IMAPMessagePart> create(
+		const shared_ptr <IMAPMessagePart>& parent,
+		const size_t number,
+		const IMAPParser::body* body
+	);
+
+
+	header& getOrCreateHeader();
+
+private:
+
+	shared_ptr <IMAPMessageStructure> m_structure;
+	weak_ptr <IMAPMessagePart> m_parent;
+	shared_ptr <header> m_header;
+
+	size_t m_number;
+	size_t m_size;
+	string m_name;
+	mediaType m_mediaType;
+	contentDisposition m_dispType;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPMESSAGEPART_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.cpp b/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.cpp
new file mode 100644
index 0000000..85f6cb6
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.cpp
@@ -0,0 +1,227 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPMessagePartContentHandler.hpp"
+#include "vmime/net/imap/IMAPFolder.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPMessagePartContentHandler::IMAPMessagePartContentHandler(
+	const shared_ptr <IMAPMessage>& msg,
+	const shared_ptr <messagePart>& part,
+	const vmime::encoding& encoding
+)
+	: m_message(msg),
+	  m_part(part),
+	  m_encoding(encoding) {
+
+}
+
+
+shared_ptr <contentHandler> IMAPMessagePartContentHandler::clone() const {
+
+	return make_shared <IMAPMessagePartContentHandler>(
+		m_message.lock(), m_part.lock(), m_encoding
+	);
+}
+
+
+void IMAPMessagePartContentHandler::generate(
+	utility::outputStream& os,
+	const vmime::encoding& enc,
+	const size_t maxLineLength
+) const {
+
+	shared_ptr <IMAPMessage> msg = m_message.lock();
+	shared_ptr <messagePart> part = m_part.lock();
+
+	// Data is already encoded
+	if (isEncoded()) {
+
+		// The data is already encoded but the encoding specified for
+		// the generation is different from the current one. We need
+		// to re-encode data: decode from input buffer to temporary
+		// buffer, and then re-encode to output stream...
+		if (m_encoding != enc) {
+
+			// Extract part contents to temporary buffer
+			std::ostringstream oss;
+			utility::outputStreamAdapter tmp(oss);
+
+			msg->extractPart(part, tmp, NULL);
+
+			// Decode to another temporary buffer
+			utility::inputStreamStringAdapter in(oss.str());
+
+			std::ostringstream oss2;
+			utility::outputStreamAdapter tmp2(oss2);
+
+			shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+			theDecoder->decode(in, tmp2);
+
+			// Reencode to output stream
+			string str = oss2.str();
+			utility::inputStreamStringAdapter tempIn(str);
+
+			shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+			theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+			theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+			theEncoder->encode(tempIn, os);
+
+		// No encoding to perform
+		} else {
+
+			msg->extractPart(part, os);
+		}
+
+	// Need to encode data before
+	} else {
+
+		// Extract part contents to temporary buffer
+		std::ostringstream oss;
+		utility::outputStreamAdapter tmp(oss);
+
+		msg->extractPart(part, tmp, NULL);
+
+		// Encode temporary buffer to output stream
+		shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+		theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+		theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+		utility::inputStreamStringAdapter is(oss.str());
+
+		theEncoder->encode(is, os);
+	}
+}
+
+
+void IMAPMessagePartContentHandler::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	shared_ptr <IMAPMessage> msg = m_message.lock();
+	shared_ptr <messagePart> part = m_part.lock();
+
+	// No decoding to perform
+	if (!isEncoded()) {
+
+		msg->extractImpl(part, os, progress, 0, -1, IMAPMessage::EXTRACT_BODY);
+
+	// Need to decode data
+	} else {
+
+		// Extract part contents to temporary buffer
+		std::ostringstream oss;
+		utility::outputStreamAdapter tmp(oss);
+
+		msg->extractImpl(part, tmp, NULL, 0, -1, IMAPMessage::EXTRACT_BODY);
+
+		// Encode temporary buffer to output stream
+		utility::inputStreamStringAdapter is(oss.str());
+		utility::progressListenerSizeAdapter plsa(progress, getLength());
+
+		shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+		theDecoder->decode(is, os, &plsa);
+	}
+}
+
+
+void IMAPMessagePartContentHandler::extractRaw(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	shared_ptr <IMAPMessage> msg = m_message.lock();
+	shared_ptr <messagePart> part = m_part.lock();
+
+	msg->extractPart(part, os, progress);
+}
+
+
+size_t IMAPMessagePartContentHandler::getLength() const {
+
+	return m_part.lock()->getSize();
+}
+
+
+bool IMAPMessagePartContentHandler::isEncoded() const {
+
+	return m_encoding != NO_ENCODING;
+}
+
+
+const vmime::encoding& IMAPMessagePartContentHandler::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+bool IMAPMessagePartContentHandler::isEmpty() const {
+
+	return getLength() == 0;
+}
+
+
+bool IMAPMessagePartContentHandler::isBuffered() const {
+
+	return true;
+}
+
+
+void IMAPMessagePartContentHandler::setContentTypeHint(const mediaType& type) {
+
+	m_contentType = type;
+}
+
+
+const mediaType IMAPMessagePartContentHandler::getContentTypeHint() const {
+
+	return m_contentType;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.hpp b/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.hpp
new file mode 100644
index 0000000..17f53e3
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessagePartContentHandler.hpp
@@ -0,0 +1,95 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPMESSAGEPARTCONTENTHANDLER_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPMESSAGEPARTCONTENTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/contentHandler.hpp"
+#include "vmime/net/imap/IMAPMessage.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class VMIME_EXPORT IMAPMessagePartContentHandler : public contentHandler {
+
+public:
+
+	IMAPMessagePartContentHandler(
+		const shared_ptr <IMAPMessage>& msg,
+		const shared_ptr <messagePart>& part,
+		const vmime::encoding& encoding
+	);
+
+	shared_ptr <contentHandler> clone() const;
+
+	void generate(
+		utility::outputStream& os,
+		const vmime::encoding& enc,
+		const size_t maxLineLength = lineLengthLimits::infinite
+	) const;
+
+	void extract(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+	void extractRaw(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+
+	size_t getLength() const;
+
+	bool isEncoded() const;
+
+	const vmime::encoding& getEncoding() const;
+
+	bool isEmpty() const;
+
+	bool isBuffered() const;
+
+	void setContentTypeHint(const mediaType& type);
+	const mediaType getContentTypeHint() const;
+
+private:
+
+	weak_ptr <IMAPMessage> m_message;
+	weak_ptr <messagePart> m_part;
+
+	vmime::encoding m_encoding;
+	vmime::mediaType m_contentType;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPMESSAGEPARTCONTENTHANDLER_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessageStructure.cpp b/vmime-master/src/vmime/net/imap/IMAPMessageStructure.cpp
new file mode 100644
index 0000000..c7ee809
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessageStructure.cpp
@@ -0,0 +1,94 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPMessageStructure.hpp"
+#include "vmime/net/imap/IMAPMessagePart.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPMessageStructure::IMAPMessageStructure() {
+}
+
+
+IMAPMessageStructure::IMAPMessageStructure(const IMAPParser::body* body) {
+
+	m_parts.push_back(IMAPMessagePart::create(null, 0, body));
+}
+
+
+IMAPMessageStructure::IMAPMessageStructure(
+	const shared_ptr <IMAPMessagePart>& parent,
+	const std::vector <std::unique_ptr <IMAPParser::body>>& list
+) {
+
+	size_t number = 0;
+
+	for (auto it = list.begin() ; it != list.end() ; ++it, ++number) {
+		m_parts.push_back(IMAPMessagePart::create(parent, number, it->get()));
+	}
+}
+
+
+shared_ptr <const messagePart> IMAPMessageStructure::getPartAt(const size_t x) const {
+
+	return m_parts[x];
+}
+
+
+shared_ptr <messagePart> IMAPMessageStructure::getPartAt(const size_t x) {
+
+	return m_parts[x];
+}
+
+
+size_t IMAPMessageStructure::getPartCount() const {
+
+	return m_parts.size();
+}
+
+
+// static
+shared_ptr <IMAPMessageStructure> IMAPMessageStructure::emptyStructure() {
+
+	static shared_ptr <IMAPMessageStructure> emptyStructure = make_shared <IMAPMessageStructure>();
+	return emptyStructure;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPMessageStructure.hpp b/vmime-master/src/vmime/net/imap/IMAPMessageStructure.hpp
new file mode 100644
index 0000000..ee1eac4
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPMessageStructure.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPMESSAGESTRUCTURE_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPMESSAGESTRUCTURE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/message.hpp"
+
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPMessagePart;
+
+
+class VMIME_EXPORT IMAPMessageStructure : public messageStructure {
+
+public:
+
+	IMAPMessageStructure();
+	IMAPMessageStructure(const IMAPParser::body* body);
+	IMAPMessageStructure(const shared_ptr <IMAPMessagePart>& parent, const std::vector <std::unique_ptr <IMAPParser::body>>& list);
+
+	shared_ptr <const messagePart> getPartAt(const size_t x) const;
+	shared_ptr <messagePart> getPartAt(const size_t x);
+	size_t getPartCount() const;
+
+	static shared_ptr <IMAPMessageStructure> emptyStructure();
+
+private:
+
+	std::vector <shared_ptr <IMAPMessagePart> > m_parts;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPMESSAGESTRUCTURE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPParser.hpp b/vmime-master/src/vmime/net/imap/IMAPParser.hpp
new file mode 100644
index 0000000..281fcb6
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPParser.hpp
@@ -0,0 +1,4986 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPPARSER_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPPARSER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/base.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/charset.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/progressListener.hpp"
+
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/utility/encoder/qpEncoder.hpp"
+
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/socket.hpp"
+#include "vmime/net/tracer.hpp"
+
+#include "vmime/net/imap/IMAPTag.hpp"
+
+#include <vector>
+#include <stdexcept>
+#include <memory>
+
+
+//#define DEBUG_RESPONSE 1
+
+
+#if DEBUG_RESPONSE
+#   include <iostream>
+#endif
+
+
+/** Make the parsing of a component fail.
+  */
+#define VIMAP_PARSER_FAIL() \
+	{  \
+		parser.m_errorResponseLine = makeResponseLine(getComponentName(), line, pos);  \
+		return false;  \
+	}
+
+/** Make the parsing of a component fail if a condition is not matched.
+  * If the specified expression does not resolve to "true", the parsing
+  * will fail.
+  *
+  * @param cond condition expression
+  */
+#define VIMAP_PARSER_FAIL_UNLESS(cond) \
+	if (!(cond))  \
+	{  \
+		VIMAP_PARSER_FAIL();  \
+	}
+
+/** Check for a token and advance.
+  * If the token is not matched, parsing will fail.
+  *
+  * @param type token class
+  */
+#define VIMAP_PARSER_CHECK(type) \
+	VIMAP_PARSER_FAIL_UNLESS(parser.check <type>(line, &pos))
+
+/** Check for an optional token and advance.
+  * If the token is not matched, parsing will continue anyway.
+  *
+  * @param type token class
+  */
+#define VIMAP_PARSER_TRY_CHECK(type) \
+	(parser.check <type>(line, &pos))
+
+/** Get a token and advance.
+  * If the token is not matched, parsing will fail.
+  *
+  * @param type token class
+  * @param variable variable which will receive pointer to the retrieved token
+  */
+#define VIMAP_PARSER_GET(type, variable) \
+	{ \
+		variable.reset(parser.get <type>(line, &pos));  \
+		VIMAP_PARSER_FAIL_UNLESS(variable.get());  \
+	}
+
+/** Get an optional token and advance.
+  * If the token is not matched, parsing will continue anyway.
+  */
+#define VIMAP_PARSER_TRY_GET(type, variable) \
+	(variable.reset(parser.get <type>(line, &pos)), variable.get())
+
+/** Get an optional token and advance. If found, token will be pushed back
+  * to a vector. If the token is not matched, stopInstr will be executed.
+  *
+  * @param type token class
+  * @param variable variable of type std::vector<> to which the retrieved
+  * token will be pushed
+  * @param stopInstr instruction to execute if token is not found
+  */
+#define VIMAP_PARSER_TRY_GET_PUSHBACK_OR_ELSE(type, variable, stopInstr) \
+	{  \
+		std::unique_ptr <type> v;  \
+		try  \
+		{  \
+			v.reset(parser.get <type>(line, &pos));  \
+			if (!v)  \
+			{  \
+				stopInstr;  \
+			}  \
+			variable.push_back(std::move(v));  \
+		}  \
+		catch (...)  \
+		{  \
+			throw;  \
+		}  \
+	}
+
+/** Get a token and advance. Token will be pushed back to a vector.
+  * If the token is not matched, parsing will fail.
+  *
+  * @param type token class
+  * @param variable variable of type std::vector<> to which the retrieved
+  * token will be pushed
+  */
+#define VIMAP_PARSER_GET_PUSHBACK(type, variable) \
+	VIMAP_PARSER_TRY_GET_PUSHBACK_OR_ELSE(type, variable, VIMAP_PARSER_FAIL())
+
+
+/** Check for a token which takes an argument and advance.
+  * If the token is not matched, parsing will fail.
+  *
+  * @param type token class
+  */
+#define VIMAP_PARSER_CHECK_WITHARG(type, arg) \
+	VIMAP_PARSER_FAIL_UNLESS(parser.checkWithArg <type>(line, &pos, arg))
+
+/** Check for an optional token which takes an argument and advance.
+  * If the token is not matched, parsing will continue anyway.
+  *
+  * @param type token class
+  */
+#define VIMAP_PARSER_TRY_CHECK_WITHARG(type, arg) \
+	(parser.checkWithArg <type>(line, &pos, arg))
+
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+#if DEBUG_RESPONSE
+	static int IMAPParserDebugResponse_level = 0;
+	static std::vector <string> IMAPParserDebugResponse_stack;
+
+	class IMAPParserDebugResponse {
+
+	public:
+
+		IMAPParserDebugResponse(
+			const string& name,
+			string& line,
+			const size_t currentPos,
+			const bool &result
+		)
+			: m_name(name),
+			  m_line(line),
+			  m_pos(currentPos),
+			  m_result(result) {
+
+			++IMAPParserDebugResponse_level;
+			IMAPParserDebugResponse_stack.push_back(name);
+
+			for (int i = 0 ; i < IMAPParserDebugResponse_level ; ++i) {
+				std::cout << "  ";
+			}
+
+			std::cout << "ENTER(" << m_name << "), pos=" << m_pos;
+			std::cout << std::endl;
+
+			for (std::vector <string>::iterator it = IMAPParserDebugResponse_stack.begin() ;
+			     it != IMAPParserDebugResponse_stack.end() ; ++it) {
+
+				std::cout << "> " << *it << " ";
+			}
+
+			std::cout << std::endl;
+			std::cout << string(m_line.begin() + (m_pos < 30 ? 0U : m_pos - 30),
+				m_line.begin() + std::min(m_line.length(), m_pos + 30)) << std::endl;
+
+			for (size_t i = (m_pos < 30 ? m_pos : (m_pos - (m_pos - 30))) ; i != 0 ; --i) {
+				std::cout << " ";
+			}
+
+			std::cout << "^" << std::endl;
+		}
+
+		~IMAPParserDebugResponse() {
+
+			for (int i = 0 ; i < IMAPParserDebugResponse_level ; ++i) {
+				std::cout << "  ";
+			}
+
+			std::cout << "LEAVE(" << m_name << "), result=";
+			std::cout << (m_result ? "TRUE" : "FALSE") << ", pos=" << m_pos;
+			std::cout << std::endl;
+
+			--IMAPParserDebugResponse_level;
+			IMAPParserDebugResponse_stack.pop_back();
+		}
+
+	private:
+
+		const string m_name;
+		string m_line;
+		size_t m_pos;
+		const bool& m_result;
+	};
+
+
+	#define DEBUG_ENTER_COMPONENT(x, result) \
+		IMAPParserDebugResponse dbg(x, line, *currentPos, result)
+
+	#define DEBUG_FOUND(x, y) \
+		std::cout << "FOUND: " << x << ": " << y << std::endl;
+#else
+	#define DEBUG_ENTER_COMPONENT(x, result)
+	#define DEBUG_FOUND(x, y)
+#endif
+
+
+class VMIME_EXPORT IMAPParser : public object {
+
+public:
+
+	IMAPParser()
+		: m_progress(NULL),
+		  m_strict(false),
+		  m_literalHandler(NULL) {
+
+	}
+
+	~IMAPParser() {
+
+		for (auto it = m_pendingResponses.begin() ; it != m_pendingResponses.end() ; ++it) {
+			delete it->second;
+		}
+	}
+
+
+	/** Set the socket currently used by this parser to receive data
+	  * from server.
+	  *
+	  * @param sok socket
+	  */
+	void setSocket(const shared_ptr <socket>& sok) {
+
+		m_socket = sok;
+	}
+
+	/** Set the timeout handler currently used by this parser.
+	  *
+	  * @param toh timeout handler
+	  */
+	void setTimeoutHandler(const shared_ptr <timeoutHandler>& toh) {
+
+		m_timeoutHandler = toh;
+	}
+
+	/** Set the tracer currently used by this parser.
+	  *
+	  * @param tr tracer
+	  */
+	void setTracer(const shared_ptr <tracer>& tr) {
+
+		m_tracer = tr;
+	}
+
+	/** Set whether we operate in strict mode (this may not work
+	  * with some servers which are not fully standard-compliant).
+	  *
+	  * @param strict true to operate in strict mode, or false
+	  * to operate in default, relaxed mode
+	  */
+	void setStrict(const bool strict) {
+
+		m_strict = strict;
+	}
+
+	/** Return true if the parser operates in strict mode, or
+	  * false otherwise.
+	  *
+	  * @return true if we are in strict mode, false otherwise
+	  */
+	bool isStrict() const {
+
+		return m_strict;
+	}
+
+
+
+	//
+	// literalHandler : literal content handler
+	//
+
+	class component;
+
+	class literalHandler {
+
+	public:
+
+		virtual ~literalHandler() { }
+
+
+		// Abstract target class
+		class target {
+
+		protected:
+
+			target(utility::progressListener* progress) : m_progress(progress) {}
+			target(const target&) {}
+
+		public:
+
+			virtual ~target() { }
+
+
+			utility::progressListener* progressListener() { return (m_progress); }
+
+			virtual void putData(const string& chunk) = 0;
+
+			virtual size_t getBytesWritten() const = 0;
+
+		private:
+
+			utility::progressListener* m_progress;
+		};
+
+
+		// Target: put in a string
+		class targetString : public target {
+
+		public:
+
+			targetString(utility::progressListener* progress, vmime::string& str)
+				: target(progress), m_string(str), m_bytesWritten(0) { }
+
+			const vmime::string& string() const { return (m_string); }
+			vmime::string& string() { return (m_string); }
+
+
+			void putData(const vmime::string& chunk) {
+
+				m_string += chunk;
+				m_bytesWritten += chunk.length();
+			}
+
+			size_t getBytesWritten() const {
+
+				return m_bytesWritten;
+			}
+
+		private:
+
+			vmime::string& m_string;
+			size_t m_bytesWritten;
+		};
+
+
+		// Target: redirect to an output stream
+		class targetStream : public target {
+
+		public:
+
+			targetStream(
+				utility::progressListener* progress,
+				utility::outputStream& stream
+			)
+				: target(progress),
+				  m_stream(stream),
+				  m_bytesWritten(0) {
+
+			}
+
+			const utility::outputStream& stream() const { return (m_stream); }
+			utility::outputStream& stream() { return (m_stream); }
+
+
+			void putData(const string& chunk) {
+
+				m_stream.write(chunk.data(), chunk.length());
+				m_bytesWritten += chunk.length();
+			}
+
+			size_t getBytesWritten() const {
+
+				return m_bytesWritten;
+			}
+
+		private:
+
+			utility::outputStream& m_stream;
+			size_t m_bytesWritten;
+		};
+
+
+		// Called when the parser needs to know what to do with a literal
+		//    . comp: the component in which we are at this moment
+		//    . data: data specific to the component (may not be used)
+		//
+		// Returns :
+		//    . == NULL to put the literal into the response
+		//    . != NULL to redirect the literal to the specified target
+
+		virtual shared_ptr <target> targetFor(const component& comp, const int data) = 0;
+	};
+
+
+	//
+	// Base class for a terminal or a non-terminal
+	//
+
+	class component {
+
+	public:
+
+		component() { }
+		virtual ~component() { }
+
+		virtual const string getComponentName() const = 0;
+
+		bool parse(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			bool res = false;
+			DEBUG_ENTER_COMPONENT(getComponentName(), res);
+			res = parseImpl(parser, line, currentPos);
+			return res;
+		}
+
+		virtual bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) = 0;
+
+
+		const string makeResponseLine(
+			const string& comp,
+			const string& line,
+			const size_t pos
+		) {
+
+#if DEBUG_RESPONSE
+			if (pos > line.length()) {
+				std::cout << "WARNING: component::makeResponseLine(): pos > line.length()" << std::endl;
+			}
+#endif
+
+			string result(line.substr(0, pos));
+			result += "[^]";   // indicates current parser position
+			result += line.substr(pos, line.length());
+			if (!comp.empty()) result += " [" + comp + "]";
+
+			return (result);
+		}
+	};
+
+
+#define COMPONENT_ALIAS(parent, name) \
+	class name : public parent { \
+		virtual const string getComponentName() const { return #name; }  \
+	public: \
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) { \
+			return parent::parseImpl(parser, line, currentPos); \
+		} \
+	}
+
+#define DECLARE_COMPONENT(name) \
+	class name : public component {  \
+		virtual const string getComponentName() const { return #name; }  \
+	public:
+
+
+	//
+	// Parse one character
+	//
+
+	template <char C>
+	class one_char : public component {
+
+	public:
+
+		const string getComponentName() const {
+
+			return string("one_char <") + C + ">";
+		}
+
+		bool parseImpl(IMAPParser& /* parser */, string& line, size_t* currentPos) {
+
+			const size_t pos = *currentPos;
+
+			if (pos < line.length() && line[pos] == C) {
+				*currentPos = pos + 1;
+				return true;
+			} else {
+				return false;
+			}
+		}
+	};
+
+
+	//
+	// SPACE  ::= <ASCII SP, space, 0x20>
+	//
+
+	DECLARE_COMPONENT(SPACE)
+
+		bool parseImpl(IMAPParser& /* parser */, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			while (pos < line.length() && (line[pos] == ' ' || line[pos] == '\t')) {
+				++pos;
+			}
+
+			if (pos > *currentPos) {
+				*currentPos = pos;
+				return true;
+			} else {
+				return false;
+			}
+		}
+	};
+
+
+	//
+	// CR    ::= <ASCII CR, carriage return, 0x0D>
+	// LF    ::= <ASCII LF, line feed, 0x0A>
+	// CRLF  ::= CR LF
+	//
+
+	DECLARE_COMPONENT(CRLF)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+
+			if (pos + 1 < line.length() &&
+			    line[pos] == 0x0d && line[pos + 1] == 0x0a) {
+
+				*currentPos = pos + 2;
+				return true;
+
+			} else {
+
+				return false;
+			}
+		}
+	};
+
+
+	//
+	// SPACE           ::= <ASCII SP, space, 0x20>
+	// CTL             ::= <any ASCII control character and DEL, 0x00 - 0x1f, 0x7f>
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	// ATOM_CHAR       ::= <any CHAR except atom_specials>
+	// atom_specials   ::= "(" / ")" / "{" / SPACE / CTL / list_wildcards / quoted_specials
+	// list_wildcards  ::= "%" / "*"
+	// quoted_specials ::= <"> / "\"
+	//
+	// tag             ::= 1*<any ATOM_CHAR except "+">    (named "xtag")
+	//
+
+	DECLARE_COMPONENT(xtag)
+
+		bool parseImpl(IMAPParser& /* parser */, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			bool end = false;
+
+			tagString.reserve(10);
+
+			while (!end && pos < line.length()) {
+
+				const unsigned char c = line[pos];
+
+				switch (c) {
+
+					case '+':
+					case '(':
+					case ')':
+					case '{':
+					case 0x20:  // SPACE
+					case '%':   // list_wildcards
+					case '*':   // list_wildcards
+					case '"':   // quoted_specials
+					case '\\':  // quoted_specials
+
+						end = true;
+						break;
+
+					default:
+
+						if (c <= 0x1f || c >= 0x7f) {
+							end = true;
+						} else {
+							tagString += c;
+							++pos;
+						}
+
+						break;
+				}
+			}
+
+			*currentPos = pos;
+			return true;
+		}
+
+		string tagString;
+	};
+
+
+	//
+	// digit     ::= "0" / digit_nz
+	// digit_nz  ::= "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9"
+	//
+	// number    ::= 1*digit
+	//               ;; Unsigned 32-bit integer
+	//               ;; (0 <= n < 4,294,967,296)
+	//
+
+	DECLARE_COMPONENT(number)
+
+		number(const bool nonZero = false)
+			: value(0),
+			  m_nonZero(nonZero) {
+
+		}
+
+		bool parseImpl(IMAPParser& /* parser */, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			bool valid = true;
+			unsigned int val = 0;
+
+			while (valid && pos < line.length()) {
+
+				const char c = line[pos];
+
+				if (c >= '0' && c <= '9') {
+					val = (val * 10) + (c - '0');
+					++pos;
+				} else {
+					valid = false;
+				}
+			}
+
+			// Check for non-null length (and for non-zero number)
+			if (!(m_nonZero && val == 0) && pos != *currentPos) {
+				value = val;
+				*currentPos = pos;
+				return true;
+			} else {
+				return false;
+			}
+		}
+
+
+		unsigned long value;
+
+	private:
+
+		const bool m_nonZero;
+	};
+
+
+	// nz_number  ::= digit_nz *digit
+	//                ;; Non-zero unsigned 32-bit integer
+	//                ;; (0 < n < 4,294,967,296)
+	//
+
+	class nz_number : public number {
+
+	public:
+
+		nz_number()
+			: number(true) {
+
+		}
+	};
+
+
+	//
+	// uniqueid    ::= nz_number
+	//                 ;; Strictly ascending
+	//
+
+	class uniqueid : public nz_number {
+
+	public:
+
+		uniqueid()
+			: nz_number() {
+
+		}
+	};
+
+
+	// uid-range       = (uniqueid ":" uniqueid)
+	//                   ; two uniqueid values and all values
+	//                   ; between these two regards of order.
+	//                   ; Example: 2:4 and 4:2 are equivalent.
+
+	DECLARE_COMPONENT(uid_range)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(uniqueid, uniqueid1);
+			VIMAP_PARSER_CHECK(one_char <':'>);
+			VIMAP_PARSER_GET(uniqueid, uniqueid2);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <uniqueid> uniqueid1;
+		std::unique_ptr <uniqueid> uniqueid2;
+	};
+
+
+	//
+	// uid-set         = (uniqueid / uid-range) *("," uid-set)
+	//
+
+	DECLARE_COMPONENT(uid_set)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// We have either a 'uid_range' or a 'uniqueid'
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::uid_range, uid_range)) {
+				VIMAP_PARSER_GET(IMAPParser::uniqueid, uniqueid);
+			}
+
+			// And maybe another 'uid-set' following
+			if (VIMAP_PARSER_TRY_CHECK(one_char <','>)) {
+				VIMAP_PARSER_GET(IMAPParser::uid_set, next_uid_set);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::uniqueid> uniqueid;
+		std::unique_ptr <IMAPParser::uid_range> uid_range;
+
+		std::unique_ptr <IMAPParser::uid_set> next_uid_set;
+	};
+
+
+	//
+	// text       ::= 1*TEXT_CHAR
+	//
+	// CHAR       ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	// TEXT_CHAR  ::= <any CHAR except CR and LF>
+	//
+
+	DECLARE_COMPONENT(text)
+
+		text(bool allow8bits = false, const char except = 0)
+			: m_allow8bits(allow8bits),
+			  m_except(except) {
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+			size_t len = 0;
+
+			if (m_allow8bits || !parser.isStrict()) {
+
+				const unsigned char except = m_except;
+
+				for (bool end = false ; !end && pos < line.length() ; ) {
+
+					const unsigned char c = line[pos];
+
+					if (c == 0x00 || c == 0x0d || c == 0x0a || c == except) {
+						end = true;
+					} else {
+						++pos;
+						++len;
+					}
+				}
+
+			} else {
+
+				const unsigned char except = m_except;
+
+				for (bool end = false ; !end && pos < line.length() ; ) {
+
+					const unsigned char c = line[pos];
+
+					if (c < 0x01 || c > 0x7f || c == 0x0d || c == 0x0a || c == except) {
+						end = true;
+					} else {
+						++pos;
+						++len;
+					}
+				}
+			}
+
+			if (len == 0) {
+				VIMAP_PARSER_FAIL();
+			}
+
+			value.resize(len);
+			std::copy(line.begin() + *currentPos, line.begin() + pos, value.begin());
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		string value;
+
+	private:
+
+		const bool m_allow8bits;
+		const char m_except;
+	};
+
+
+	class text8 : public text {
+
+	public:
+
+		text8() : text(true) {
+
+		}
+	};
+
+
+	template <char C>
+	class text_except : public text {
+
+	public:
+
+		text_except() : text(false, C) {
+
+		}
+	};
+
+
+	template <char C>
+	class text8_except : public text {
+
+	public:
+
+		text8_except() : text(true, C) {
+
+		}
+	};
+
+
+	//
+	// QUOTED_CHAR     ::= <any TEXT_CHAR except quoted_specials> / "\" quoted_specials
+	// quoted_specials ::= <"> / "\"
+	// TEXT_CHAR       ::= <any CHAR except CR and LF>
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	//
+
+	DECLARE_COMPONENT(QUOTED_CHAR)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			const unsigned char c = static_cast <unsigned char>(pos < line.length() ? line[pos] : 0);
+
+			if (c >= 0x01 && c <= 0x7f &&   // 0x01 - 0x7f
+			    c != '"' && c != '\\' &&    // quoted_specials
+			    c != '\r' && c != '\n') {   // CR and LF
+
+				value = c;
+				*currentPos = pos + 1;
+
+			} else if (c == '\\' && pos + 1 < line.length() &&
+			           (line[pos + 1] == '"' || line[pos + 1] == '\\')) {
+
+				value = line[pos + 1];
+				*currentPos = pos + 2;
+
+			} else {
+
+				VIMAP_PARSER_FAIL();
+			}
+
+			return true;
+		}
+
+
+		char value;
+	};
+
+
+	//
+	// quoted          ::= <"> *QUOTED_CHAR <">
+	// QUOTED_CHAR     ::= <any TEXT_CHAR except quoted_specials> / "\" quoted_specials
+	// quoted_specials ::= <"> / "\"
+	// TEXT_CHAR       ::= <any CHAR except CR and LF>
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	//
+
+	DECLARE_COMPONENT(quoted_text)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+			size_t len = 0;
+			bool valid = false;
+
+			value.reserve(line.length() - pos);
+
+			for (bool end = false, quoted = false ; !end && pos < line.length() ; ) {
+
+				const unsigned char c = line[pos];
+
+				if (quoted) {
+
+					if (c == '"' || c == '\\') {
+						value += c;
+					} else {
+						value += '\\';
+						value += c;
+					}
+
+					quoted = false;
+
+					++pos;
+					++len;
+
+				} else {
+
+					if (c == '\\') {
+
+						quoted = true;
+
+						++pos;
+						++len;
+
+					} else if (c == '"') {
+
+						valid = true;
+						end = true;
+
+					} else if (c >= 0x01 && c <= 0x7f &&  // CHAR
+					           c != 0x0a && c != 0x0d) {  // CR and LF
+
+						value += c;
+
+						++pos;
+						++len;
+
+					} else {
+
+						valid = false;
+						end = true;
+					}
+				}
+			}
+
+			if (!valid) {
+				VIMAP_PARSER_FAIL();
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		string value;
+	};
+
+
+	//
+	// nil  ::= "NIL"
+	//
+
+	DECLARE_COMPONENT(NIL)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK_WITHARG(special_atom, "nil");
+
+			*currentPos = pos;
+
+			return true;
+		}
+	};
+
+
+	//
+	// string          ::= quoted / literal    ----> named 'xstring'
+	//
+	// nil             ::= "NIL"
+	// quoted          ::= <"> *QUOTED_CHAR <">
+	// QUOTED_CHAR     ::= <any TEXT_CHAR except quoted_specials> / "\" quoted_specials
+	// quoted_specials ::= <"> / "\"
+	// TEXT_CHAR       ::= <any CHAR except CR and LF>
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	// literal         ::= "{" number "}" CRLF *CHAR8
+	//                     ;; Number represents the number of CHAR8 octets
+	// CHAR8           ::= <any 8-bit octet except NUL, 0x01 - 0xff>
+	//
+
+	DECLARE_COMPONENT(xstring)
+
+		xstring(
+			const bool canBeNIL = false,
+			component* comp = NULL,
+			const int data = 0
+		)
+			: isNIL(true),
+			  m_canBeNIL(canBeNIL),
+			  m_component(comp),
+			  m_data(data) {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (m_canBeNIL &&
+			    VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "nil")) {
+
+				// NIL
+				isNIL = true;
+
+			} else {
+
+				pos = *currentPos;
+
+				isNIL = false;
+
+				// quoted ::= <"> *QUOTED_CHAR <">
+				if (VIMAP_PARSER_TRY_CHECK(one_char <'"'>)) {
+
+					shared_ptr <quoted_text> text;
+					VIMAP_PARSER_GET(quoted_text, text);
+					VIMAP_PARSER_CHECK(one_char <'"'>);
+
+					if (parser.m_literalHandler != NULL) {
+
+						shared_ptr <literalHandler::target> target =
+							parser.m_literalHandler->targetFor(*m_component, m_data);
+
+						if (target != NULL) {
+
+							value = "[literal-handler]";
+
+							const size_t length = text->value.length();
+							utility::progressListener* progress = target->progressListener();
+
+							if (progress) {
+								progress->start(length);
+							}
+
+							target->putData(text->value);
+
+							if (progress) {
+								progress->progress(length, length);
+								progress->stop(length);
+							}
+
+						} else {
+
+							value = text->value;
+						}
+
+					} else {
+
+						value = text->value;
+					}
+
+					DEBUG_FOUND("string[quoted]", "<length=" << value.length() << ", value='" << value << "'>");
+
+				// literal ::= "{" number "}" CRLF *CHAR8
+				} else {
+
+					VIMAP_PARSER_CHECK(one_char <'{'>);
+
+					shared_ptr <number> num;
+					VIMAP_PARSER_GET(number, num);
+
+					const size_t length = num->value;
+
+					VIMAP_PARSER_CHECK(one_char <'}'> );
+
+					VIMAP_PARSER_CHECK(CRLF);
+
+
+					if (parser.m_literalHandler != NULL) {
+
+						shared_ptr <literalHandler::target> target =
+							parser.m_literalHandler->targetFor(*m_component, m_data);
+
+						if (target != NULL) {
+
+							value = "[literal-handler]";
+
+							parser.m_progress = target->progressListener();
+							parser.readLiteral(*target, length);
+							parser.m_progress = NULL;
+
+						} else {
+
+							literalHandler::targetString target(NULL, value);
+							parser.readLiteral(target, length);
+						}
+
+					} else {
+
+						literalHandler::targetString target(NULL, value);
+						parser.readLiteral(target, length);
+					}
+
+					line += parser.readLine();
+
+					DEBUG_FOUND("string[literal]", "<length=" << length << ", value='" << value << "'>");
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		bool isNIL;
+		string value;
+
+	private:
+
+		bool m_canBeNIL;
+
+		component* m_component;
+		const int m_data;
+	};
+
+
+	//
+	// nstring         ::= string / nil
+	//
+
+	class nstring : public xstring {
+
+	public:
+
+		const string getComponentName() const {
+
+			return "nstring";
+		}
+
+		nstring(component* comp = NULL, const int data = 0)
+			: xstring(true, comp, data) {
+
+		}
+	};
+
+
+	//
+	// astring ::= atom / string
+	//
+
+	DECLARE_COMPONENT(astring)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			std::unique_ptr <xstring> str;
+			VIMAP_PARSER_TRY_GET(xstring, str);
+
+			if (str) {
+				value = str->value;
+			} else {
+				std::unique_ptr <atom> at;
+				VIMAP_PARSER_GET(atom, at);
+				value = at->value;
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		string value;
+	};
+
+
+	//
+	// atom            ::= 1*ATOM_CHAR
+	//
+	// ATOM_CHAR       ::= <any CHAR except atom_specials>
+	// atom_specials   ::= "(" / ")" / "{" / SPACE / CTL / list_wildcards / quoted_specials
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL, 0x01 - 0x7f>
+	// CTL             ::= <any ASCII control character and DEL, 0x00 - 0x1f, 0x7f>
+	// list_wildcards  ::= "%" / "*"
+	// quoted_specials ::= <"> / "\"
+	// SPACE           ::= <ASCII SP, space, 0x20>
+	//
+
+	DECLARE_COMPONENT(atom)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+			size_t len = 0;
+
+			for (bool end = false ; !end && pos < line.length() ; ) {
+
+				const unsigned char c = line[pos];
+
+				switch (c) {
+
+					case '(':
+					case ')':
+					case '{':
+					case 0x20:  // SPACE
+					case '%':   // list_wildcards
+					case '*':   // list_wildcards
+					case '"':   // quoted_specials
+					case '\\':  // quoted_specials
+
+					case '[':
+					case ']':   // for "special_atom"
+
+						end = true;
+						break;
+
+					default:
+
+						if (c <= 0x1f || c >= 0x7f) {
+							end = true;
+						} else {
+							++pos;
+							++len;
+						}
+					}
+			}
+
+			if (len != 0) {
+
+				value.resize(len);
+				std::copy(line.begin() + *currentPos, line.begin() + pos, value.begin());
+
+				*currentPos = pos;
+
+			} else {
+
+				VIMAP_PARSER_FAIL();
+			}
+
+			return true;
+		}
+
+
+		string value;
+	};
+
+
+	//
+	// special atom (eg. "CAPABILITY", "FLAGS", "STATUS"...)
+	//
+	//  " Except as noted otherwise, all alphabetic characters are case-
+	//    insensitive. The use of upper or lower case characters to define
+	//    token strings is for editorial clarity only. Implementations MUST
+	//    accept these strings in a case-insensitive fashion. "
+	//
+
+	class special_atom : public atom {
+
+	public:
+
+		const std::string getComponentName() const {
+
+			return string("special_atom <") + m_string + ">";
+		}
+
+		special_atom(const char* str)
+			: m_string(str) {  // 'string' must be in lower-case
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!atom::parseImpl(parser, line, &pos)) {
+				return false;
+			}
+
+			const char* cmp = value.c_str();
+			const char* with = m_string;
+
+			bool ok = true;
+
+			while (ok && *cmp && *with) {
+
+				ok = (std::tolower(*cmp, std::locale()) == *with);
+
+				++cmp;
+				++with;
+			}
+
+			if (!ok || *cmp || *with) {
+				VIMAP_PARSER_FAIL();
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+	private:
+
+		const char* m_string;
+	};
+
+
+	//
+	// text_mime2 ::= "=?" <charset> "?" <encoding> "?" <encoded-text> "?="
+	//                ;; Syntax defined in [MIME-HDRS]
+	//
+
+	DECLARE_COMPONENT(text_mime2)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			std::unique_ptr <atom> theCharset, theEncoding;
+			std::unique_ptr <text> theText;
+
+			VIMAP_PARSER_CHECK(one_char <'='> );
+			VIMAP_PARSER_CHECK(one_char <'?'> );
+
+			VIMAP_PARSER_GET(atom, theCharset);
+
+			VIMAP_PARSER_CHECK(one_char <'?'> );
+
+			VIMAP_PARSER_GET(atom, theEncoding);
+
+			VIMAP_PARSER_CHECK(one_char <'?'> );
+
+			VIMAP_PARSER_GET(text8_except <'?'> , theText);
+
+			VIMAP_PARSER_CHECK(one_char <'?'> );
+			VIMAP_PARSER_CHECK(one_char <'='> );
+
+			charset = theCharset->value;
+
+			// Decode text
+			scoped_ptr <utility::encoder::encoder> theEncoder;
+
+			if (theEncoding->value[0] == 'q' || theEncoding->value[0] == 'Q') {
+
+				// Quoted-printable
+				theEncoder.reset(new utility::encoder::qpEncoder());
+				theEncoder->getProperties()["rfc2047"] = true;
+
+			} else if (theEncoding->value[0] == 'b' || theEncoding->value[0] == 'B') {
+
+				// Base64
+				theEncoder.reset(new utility::encoder::b64Encoder());
+			}
+
+			if (theEncoder.get()) {
+
+				utility::inputStreamStringAdapter in(theText->value);
+				utility::outputStreamStringAdapter out(value);
+
+				theEncoder->decode(in, out);
+
+			// No decoder available
+			} else {
+
+				value = theText->value;
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		vmime::charset charset;
+		string value;
+	};
+
+
+	// seq-number      = nz-number / "*"
+	//                    ; message sequence number (COPY, FETCH, STORE
+	//                    ; commands) or unique identifier (UID COPY,
+	//                    ; UID FETCH, UID STORE commands).
+
+	DECLARE_COMPONENT(seq_number)
+
+		seq_number()
+			: star(false) {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'*'> )) {
+
+				star = true;
+				number.reset();
+
+			} else {
+
+				star = false;
+				VIMAP_PARSER_GET(IMAPParser::number, number);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::number> number;
+		bool star;
+	};
+
+
+	// seq-range       = seq-number ":" seq-number
+	//                    ; two seq-number values and all values between
+	//                    ; these two regardless of order.
+	//                    ; Example: 2:4 and 4:2 are equivalent and indicate
+	//                    ; values 2, 3, and 4.
+
+	DECLARE_COMPONENT(seq_range)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(seq_number, first);
+
+			VIMAP_PARSER_CHECK(one_char <'*'> );
+
+			VIMAP_PARSER_GET(seq_number, last);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::seq_number> first;
+		std::unique_ptr <IMAPParser::seq_number> last;
+	};
+
+
+	// sequence-set    = (seq-number / seq-range) *("," sequence-set)
+	//                    ; set of seq-number values, regardless of order.
+	//                    ; Servers MAY coalesce overlaps and/or execute the
+	//                    ; sequence in any order.
+	//                    ; Example: a message sequence number set of
+	//                    ; 2,4:7,9,12:* for a mailbox with 15 messages is
+	//                    ; equivalent to 2,4,5,6,7,9,12,13,14,15
+
+	DECLARE_COMPONENT(sequence_set)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::seq_range, range)) {
+				VIMAP_PARSER_GET(IMAPParser::seq_number, number);
+			}
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <','> )) {
+				VIMAP_PARSER_GET(sequence_set, nextSet);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::seq_number> number;
+		std::unique_ptr <IMAPParser::seq_range> range;
+		std::unique_ptr <IMAPParser::sequence_set> nextSet;
+	};
+
+
+	// mod-sequence-value  = 1*DIGIT
+	//                        ;; Positive unsigned 64-bit integer
+	//                        ;; (mod-sequence)
+	//                        ;; (1 <= n < 18,446,744,073,709,551,615)
+
+	DECLARE_COMPONENT(mod_sequence_value)
+
+		mod_sequence_value()
+			: value(0) {
+
+		}
+
+		bool parseImpl(IMAPParser& /* parser */, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			bool valid = true;
+			vmime_uint64 val = 0;
+
+			while (valid && pos < line.length()) {
+
+				const char c = line[pos];
+
+				if (c >= '0' && c <= '9') {
+					val = (val * 10) + (c - '0');
+					++pos;
+				} else {
+					valid = false;
+				}
+			}
+
+			value = val;
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		vmime_uint64 value;
+	};
+
+
+	//
+	// flag            ::= "\Answered" / "\Flagged" / "\Deleted" /
+	//                     "\Seen" / "\Draft" / flag_keyword / flag_extension
+	//
+	// flag_extension  ::= "\" atom
+	//                     ;; Future expansion.  Client implementations
+	//                     ;; MUST accept flag_extension flags.  Server
+	//                     ;; implementations MUST NOT generate
+	//                     ;; flag_extension flags except as defined by
+	//                     ;; future standard or standards-track
+	//                     ;; revisions of this specification.
+	//
+	// flag_keyword    ::= atom
+	//
+
+	DECLARE_COMPONENT(flag)
+
+		flag()
+			: type(UNKNOWN) {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'\\'> )) {
+
+				if (VIMAP_PARSER_TRY_CHECK(one_char <'*'> )) {
+
+					type = STAR;
+
+				} else {
+
+					shared_ptr <atom> at;
+					VIMAP_PARSER_GET(atom, at);
+
+					const string tname = utility::stringUtils::toLower(at->value);
+
+					if (tname == "answered") {
+						type = ANSWERED;
+					} else if (tname == "flagged") {
+						type = FLAGGED;
+					} else if (tname == "deleted") {
+						type = DELETED;
+					} else if (tname == "seen") {
+						type = SEEN;
+					} else if (tname == "draft") {
+						type = DRAFT;
+					} else {
+						type = UNKNOWN;
+						name = tname;
+					}
+				}
+
+			} else {
+
+				if (!parser.isStrict() && VIMAP_PARSER_TRY_CHECK(one_char <'*'> )) {
+					type = STAR;  // map "*" to "\*"
+				} else {
+					type = KEYWORD_OR_EXTENSION;
+					VIMAP_PARSER_GET(atom, flag_keyword);
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			UNKNOWN,
+			ANSWERED,
+			FLAGGED,
+			DELETED,
+			SEEN,
+			DRAFT,
+			KEYWORD_OR_EXTENSION,
+			STAR       // * = custom flags allowed
+		};
+
+
+		Type type;
+		string name;
+
+		std::unique_ptr <IMAPParser::atom> flag_keyword;
+	};
+
+
+	//
+	// flag_list ::= "(" #flag ")"
+	//
+
+	DECLARE_COMPONENT(flag_list)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+				VIMAP_PARSER_GET_PUSHBACK(flag, flags);
+				VIMAP_PARSER_TRY_CHECK(SPACE);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <flag>> flags;
+	};
+
+
+	//
+	// mailbox ::= "INBOX" / astring
+	//             ;; INBOX is case-insensitive.  All case variants of
+	//             ;; INBOX (e.g. "iNbOx") MUST be interpreted as INBOX
+	//             ;; not as an astring.  Refer to section 5.1 for
+	//             ;; further semantic details of mailbox names.
+	//
+
+	DECLARE_COMPONENT(mailbox)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "inbox")) {
+
+				type = INBOX;
+				name = "INBOX";
+
+			} else {
+
+				type = OTHER;
+
+				std::unique_ptr <astring> astr;
+				VIMAP_PARSER_GET(astring, astr);
+				name = astr->value;
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			INBOX,
+			OTHER
+		};
+
+
+		Type type;
+		string name;
+	};
+
+
+	//
+	// mailbox_flag := "\Marked" / "\Noinferiors" /
+	//                 "\Noselect" / "\Unmarked" / flag_extension
+	//
+
+	DECLARE_COMPONENT(mailbox_flag)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'\\'> )) {
+
+				std::unique_ptr <atom> at;
+				VIMAP_PARSER_GET(atom, at);
+
+				const string tname = utility::stringUtils::toLower(at->value);
+
+				type = UNKNOWN;  // default
+
+				switch (tname[0]) {
+
+					case 'a':
+
+						if (tname == "all") {
+							type = SPECIALUSE_ALL;
+						} else if (tname == "archive") {
+							type = SPECIALUSE_ARCHIVE;
+						}
+
+						break;
+
+					case 'd':
+
+						if (tname == "drafts") {
+							type = SPECIALUSE_DRAFTS;
+						}
+
+						break;
+
+					case 'f':
+
+						if (tname == "flagged") {
+							type = SPECIALUSE_FLAGGED;
+						}
+
+						break;
+
+					case 'h':
+
+						if (tname == "haschildren") {
+							type = HASCHILDREN;
+						} else if (tname == "hasnochildren") {
+							type = HASNOCHILDREN;
+						}
+
+						break;
+
+					case 'i':
+
+						if (tname == "important") {
+							type = SPECIALUSE_IMPORTANT;
+						}
+
+						break;
+
+					case 'j':
+
+						if (tname == "junk") {
+							type = SPECIALUSE_JUNK;
+						}
+
+						break;
+
+					case 'm':
+
+						if (tname == "marked") {
+							type = MARKED;
+						}
+
+						break;
+
+					case 'n':
+
+						if (tname == "noinferiors") {
+							type = NOINFERIORS;
+						} else if (tname == "noselect") {
+							type = NOSELECT;
+						}
+
+						break;
+
+					case 's':
+
+						if (tname == "sent") {
+							type = SPECIALUSE_SENT;
+						}
+
+						break;
+
+					case 't':
+
+						if (tname == "trash") {
+							type = SPECIALUSE_TRASH;
+						}
+
+						break;
+
+					case 'u':
+
+						if (tname == "unmarked") {
+							type = UNMARKED;
+						}
+
+						break;
+				}
+
+				if (type == UNKNOWN) {
+					name = "\\" + tname;
+				}
+
+			} else {
+
+				std::unique_ptr <atom> at;
+				VIMAP_PARSER_GET(atom, at);
+				const string tname = utility::stringUtils::toLower(at->value);
+
+				type = UNKNOWN;
+				name = tname;
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			// RFC-3348 - Child Mailbox Extension
+			HASCHILDREN,
+			HASNOCHILDREN,
+
+			// RFC-6154 - Special-Use Mailboxes
+			SPECIALUSE_ALL,
+			SPECIALUSE_ARCHIVE,
+			SPECIALUSE_DRAFTS,
+			SPECIALUSE_FLAGGED,
+			SPECIALUSE_JUNK,
+			SPECIALUSE_SENT,
+			SPECIALUSE_TRASH,
+			SPECIALUSE_IMPORTANT,    // draft
+
+			// Standard mailbox flags
+			UNKNOWN,
+			MARKED,
+			NOINFERIORS,
+			NOSELECT,
+			UNMARKED
+		};
+
+
+		Type type;
+		string name;
+	};
+
+
+	//
+	// mailbox_flag_list ::= "(" #(mailbox_flag) ")"
+	//
+
+	DECLARE_COMPONENT(mailbox_flag_list)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+				VIMAP_PARSER_GET_PUSHBACK(mailbox_flag, flags);
+				VIMAP_PARSER_TRY_CHECK(SPACE);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <mailbox_flag>> flags;
+	};
+
+
+	//
+	// mailbox_list ::= mailbox_flag_list SPACE
+	//                  (<"> QUOTED_CHAR <"> / nil) SPACE mailbox
+	//
+
+	DECLARE_COMPONENT(mailbox_list)
+
+		mailbox_list()
+			: quoted_char('\0') {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::mailbox_flag_list, mailbox_flag_list);
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			if (!VIMAP_PARSER_TRY_CHECK(NIL)) {
+
+				VIMAP_PARSER_CHECK(one_char <'"'> );
+
+				std::unique_ptr <QUOTED_CHAR> qc;
+				VIMAP_PARSER_GET(QUOTED_CHAR, qc);
+				quoted_char = qc->value;
+
+				VIMAP_PARSER_CHECK(one_char <'"'> );
+			}
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::mailbox, mailbox);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::mailbox_flag_list> mailbox_flag_list;
+		std::unique_ptr <IMAPParser::mailbox> mailbox;
+
+		char quoted_char;
+	};
+
+
+	//
+	// auth_type ::= atom
+	//               ;; Defined by [IMAP-AUTH]
+	//
+
+	DECLARE_COMPONENT(auth_type)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			std::unique_ptr <atom> at;
+			VIMAP_PARSER_GET(atom, at);
+
+			name = utility::stringUtils::toLower(at->value);
+
+			if (name == "kerberos_v4") {
+				type = KERBEROS_V4;
+			} else if (name == "gssapi") {
+				type = GSSAPI;
+			} else if (name == "skey") {
+				type = SKEY;
+			} else {
+				type = UNKNOWN;
+			}
+
+			return true;
+		}
+
+
+		enum Type {
+			UNKNOWN,
+
+			// RFC 1731 - IMAP4 Authentication Mechanisms
+			KERBEROS_V4,
+			GSSAPI,
+			SKEY
+		};
+
+
+		Type type;
+		string name;
+	};
+
+
+	//
+	// status-att-val  = ("MESSAGES" SP number) /
+	//                   ("RECENT" SP number) /
+	//                   ("UIDNEXT" SP nz-number) /
+	//                   ("UIDVALIDITY" SP nz-number) /
+	//                   ("UNSEEN" SP number)
+	//
+	// IMAP Extension for Conditional STORE (RFC-4551):
+	//
+	//   status-att-val      =/ "HIGHESTMODSEQ" SP mod-sequence-valzer
+	//                          ;; extends non-terminal defined in [IMAPABNF].
+	//                          ;; Value 0 denotes that the mailbox doesn't
+	//                          ;; support persistent mod-sequences
+	//
+
+	DECLARE_COMPONENT(status_att_val)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// "HIGHESTMODSEQ" SP mod-sequence-valzer
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "highestmodseq")) {
+
+				type = HIGHESTMODSEQ;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::mod_sequence_value, value);
+
+			} else {
+
+				if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "messages")) {
+					type = MESSAGES;
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "recent")) {
+					type = RECENT;
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "uidnext")) {
+					type = UIDNEXT;
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "uidvalidity")) {
+					type = UIDVALIDITY;
+				} else {
+					VIMAP_PARSER_CHECK_WITHARG(special_atom, "unseen");
+					type = UNSEEN;
+				}
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::number, value);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			// Extensions
+			HIGHESTMODSEQ,
+
+			// Standard IMAP
+			MESSAGES,
+			RECENT,
+			UIDNEXT,
+			UIDVALIDITY,
+			UNSEEN
+		};
+
+
+		Type type;
+		std::unique_ptr <IMAPParser::component> value;
+
+
+		const IMAPParser::number* value_as_number() const {
+			return dynamic_cast <IMAPParser::number *>(value.get());
+		}
+
+		const IMAPParser::mod_sequence_value* value_as_mod_sequence_value() const {
+			return dynamic_cast <IMAPParser::mod_sequence_value *>(value.get());
+		}
+	};
+
+
+	// status-att-list = status-att-val *(SP status-att-val)
+
+	DECLARE_COMPONENT(status_att_list)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET_PUSHBACK(IMAPParser::status_att_val, values);
+
+			while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+				VIMAP_PARSER_GET_PUSHBACK(IMAPParser::status_att_val, values);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <status_att_val>> values;
+	};
+
+
+	//
+	// capability ::= "AUTH=" auth_type / atom
+	//                ;; New capabilities MUST begin with "X" or be
+	//                ;; registered with IANA as standard or standards-track
+	//
+
+	DECLARE_COMPONENT(capability)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::atom, atom);
+
+			string value = atom->value;
+			const char* str = value.c_str();
+
+			if ((str[0] == 'a' || str[0] == 'A') &&
+			    (str[1] == 'u' || str[1] == 'U') &&
+			    (str[2] == 't' || str[2] == 'T') &&
+			    (str[3] == 'h' || str[3] == 'H') &&
+			    (str[4] == '=')) {
+
+				size_t pos = 5;
+				auth_type.reset(parser.get <IMAPParser::auth_type>(value, &pos));
+
+				atom.reset();
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::auth_type> auth_type;
+		std::unique_ptr <IMAPParser::atom> atom;
+	};
+
+
+	//
+	// capability_data ::= "CAPABILITY" SPACE [1#capability SPACE] "IMAP4rev1"
+	//                     [SPACE 1#capability]
+	//                     ;; IMAP4rev1 servers which offer RFC 1730
+	//                     ;; compatibility MUST list "IMAP4" as the first
+	//                     ;; capability.
+	//
+
+	DECLARE_COMPONENT(capability_data)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK_WITHARG(special_atom, "capability");
+
+			while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+				std::unique_ptr <capability> cap;
+
+				if (parser.isStrict() || capabilities.empty()) {
+					VIMAP_PARSER_GET(capability, cap);
+				} else {
+					VIMAP_PARSER_TRY_GET(capability, cap);  // allow SPACE at end of line (Apple iCloud IMAP server)
+				}
+
+				if (!cap) {
+					break;
+				}
+
+				capabilities.push_back(std::move(cap));
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <capability>> capabilities;
+	};
+
+
+	//
+	// date_day_fixed  ::= (SPACE digit) / 2digit
+	//                    ;; Fixed-format version of date_day
+	//
+	// date_month      ::= "Jan" / "Feb" / "Mar" / "Apr" / "May" / "Jun" /
+	//                    "Jul" / "Aug" / "Sep" / "Oct" / "Nov" / "Dec"
+	//
+	// date_year       ::= 4digit
+	//
+	// time            ::= 2digit ":" 2digit ":" 2digit
+	//                     ;; Hours minutes seconds
+	//
+	// zone            ::= ("+" / "-") 4digit
+	//                     ;; Signed four-digit value of hhmm representing
+	//                     ;; hours and minutes west of Greenwich (that is,
+	//                     ;; (the amount that the given time differs from
+	//                     ;; Universal Time).  Subtracting the timezone
+	//                     ;; from the given time will give the UT form.
+	//                     ;; The Universal Time zone is "+0000".
+	//
+	// date_time       ::= <"> date_day_fixed "-" date_month "-" date_year
+	//                     SPACE time SPACE zone <">
+	//
+
+	DECLARE_COMPONENT(date_time)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// <"> date_day_fixed "-" date_month "-" date_year
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+
+			shared_ptr <number> nd;
+			VIMAP_PARSER_GET(number, nd);
+
+			VIMAP_PARSER_CHECK(one_char <'-'> );
+
+			shared_ptr <atom> amo;
+			VIMAP_PARSER_GET(atom, amo);
+
+			VIMAP_PARSER_CHECK(one_char <'-'> );
+
+			shared_ptr <number> ny;
+			VIMAP_PARSER_GET(number, ny);
+
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+
+			// 2digit ":" 2digit ":" 2digit
+			shared_ptr <number> nh;
+			VIMAP_PARSER_GET(number, nh);
+
+			VIMAP_PARSER_CHECK(one_char <':'> );
+
+			shared_ptr <number> nmi;
+			VIMAP_PARSER_GET(number, nmi);
+
+			VIMAP_PARSER_CHECK(one_char <':'> );
+
+			shared_ptr <number> ns;
+			VIMAP_PARSER_GET(number, ns);
+
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+
+			// ("+" / "-") 4digit
+			int sign = 1;
+
+			if (!(VIMAP_PARSER_TRY_CHECK(one_char <'+'> ))) {
+				VIMAP_PARSER_CHECK(one_char <'-'> );
+			}
+
+			shared_ptr <number> nz;
+			VIMAP_PARSER_GET(number, nz);
+
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+
+
+			m_datetime.setHour(static_cast <int>(std::min(std::max(nh->value, 0ul), 23ul)));
+			m_datetime.setMinute(static_cast <int>(std::min(std::max(nmi->value, 0ul), 59ul)));
+			m_datetime.setSecond(static_cast <int>(std::min(std::max(ns->value, 0ul), 59ul)));
+
+			const int zone = static_cast <int>(nz->value);
+			const int zh = zone / 100;   // hour offset
+			const int zm = zone % 100;   // minute offset
+
+			m_datetime.setZone(((zh * 60) + zm) * sign);
+
+			m_datetime.setDay(static_cast <int>(std::min(std::max(nd->value, 1ul), 31ul)));
+			m_datetime.setYear(static_cast <int>(ny->value));
+
+			const string month(utility::stringUtils::toLower(amo->value));
+			int mon = vmime::datetime::JANUARY;
+
+			if (month.length() >= 3) {
+
+				switch (month[0]) {
+
+					case 'j': {
+
+						switch (month[1]) {
+
+							case 'a': mon = vmime::datetime::JANUARY; break;
+							case 'u': {
+
+								switch (month[2]) {
+
+									case 'n': mon = vmime::datetime::JUNE; break;
+									default:  mon = vmime::datetime::JULY; break;
+								}
+
+								break;
+							}
+
+						}
+
+						break;
+					}
+					case 'f': mon = vmime::datetime::FEBRUARY; break;
+					case 'm': {
+
+						switch (month[2]) {
+							case 'r': mon = vmime::datetime::MARCH; break;
+							default:  mon = vmime::datetime::MAY; break;
+						}
+
+						break;
+					}
+					case 'a':
+					{
+						switch (month[1]) {
+							case 'p': mon = vmime::datetime::APRIL; break;
+							default:  mon = vmime::datetime::AUGUST; break;
+						}
+
+						break;
+					}
+					case 's': mon = vmime::datetime::SEPTEMBER; break;
+					case 'o': mon = vmime::datetime::OCTOBER; break;
+					case 'n': mon = vmime::datetime::NOVEMBER; break;
+					case 'd': mon = vmime::datetime::DECEMBER; break;
+				}
+			}
+
+			m_datetime.setMonth(mon);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+	private:
+
+		vmime::datetime m_datetime;
+	};
+
+
+	//
+	// header_fld_name ::= astring
+	//
+
+	COMPONENT_ALIAS(astring, header_fld_name);
+
+
+	//
+	// header_list     ::= "(" 1#header_fld_name ")"
+	//
+
+	DECLARE_COMPONENT(header_list)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+				VIMAP_PARSER_GET_PUSHBACK(header_fld_name, fld_names);
+				VIMAP_PARSER_TRY_CHECK(SPACE);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <header_fld_name>> fld_names;
+	};
+
+
+	//
+	// body_extension  ::= nstring / number / "(" 1#body_extension ")"
+	//                     ;; Future expansion.  Client implementations
+	//                     ;; MUST accept body_extension fields.  Server
+	//                     ;; implementations MUST NOT generate
+	//                     ;; body_extension fields except as defined by
+	//                     ;; future standard or standards-track
+	//                     ;; revisions of this specification.
+	//
+
+	DECLARE_COMPONENT(body_extension)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'('> )) {
+
+				VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+
+				while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+					VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+					VIMAP_PARSER_TRY_CHECK(SPACE);
+				}
+
+			} else {
+
+				if (!VIMAP_PARSER_TRY_GET(IMAPParser::nstring, nstring)) {
+					VIMAP_PARSER_GET(IMAPParser::number, number);
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::nstring> nstring;
+		std::unique_ptr <IMAPParser::number> number;
+
+		std::vector <std::unique_ptr <body_extension>> body_extensions;
+	};
+
+
+	//
+	// section_text    ::= "HEADER" / "HEADER.FIELDS" [".NOT"]
+	//                     SPACE header_list / "TEXT" / "MIME"
+	//
+
+	DECLARE_COMPONENT(section_text)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// "HEADER.FIELDS" [".NOT"] SPACE header_list
+			const bool b1 = VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "header.fields.not");
+			const bool b2 = (b1 ? false : VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "header.fields"));
+
+			if (b1 || b2) {
+
+				type = b1 ? HEADER_FIELDS_NOT : HEADER_FIELDS;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::header_list, header_list);
+
+			// "HEADER"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "header")) {
+
+				type = HEADER;
+
+			// "MIME"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "mime")) {
+
+				type = MIME;
+
+			// "TEXT"
+			} else {
+
+				type = TEXT;
+
+				VIMAP_PARSER_CHECK_WITHARG(special_atom, "text");
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			HEADER,
+			HEADER_FIELDS,
+			HEADER_FIELDS_NOT,
+			MIME,
+			TEXT
+		};
+
+
+		Type type;
+		std::unique_ptr <IMAPParser::header_list> header_list;
+	};
+
+
+	//
+	// section         ::= "[" [section_text / (nz_number *["." nz_number]
+	//                     ["." (section_text / "MIME")])] "]"
+	//
+
+	DECLARE_COMPONENT(section)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'['> );
+
+			if (!VIMAP_PARSER_TRY_CHECK(one_char <']'> )) {
+
+				if (!VIMAP_PARSER_TRY_GET(section_text, section_text1)) {
+
+					std::unique_ptr <nz_number> num;
+					VIMAP_PARSER_GET(nz_number, num);
+					nz_numbers.push_back(static_cast <unsigned int>(num->value));
+
+					while (VIMAP_PARSER_TRY_CHECK(one_char <'.'> )) {
+
+						if (VIMAP_PARSER_TRY_GET(nz_number, num)) {
+							nz_numbers.push_back(static_cast <unsigned int>(num->value));
+						} else {
+							VIMAP_PARSER_GET(section_text, section_text2);
+							break;
+						}
+					}
+				}
+
+				VIMAP_PARSER_CHECK(one_char <']'> );
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <section_text> section_text1;
+		std::unique_ptr <section_text> section_text2;
+		std::vector <unsigned int> nz_numbers;
+	};
+
+
+	//
+	// addr_adl        ::= nstring
+	//                     ;; Holds route from [RFC-822] route-addr if
+	//                     ;; non-NIL
+	//
+	// addr_host       ::= nstring
+	//                     ;; NIL indicates [RFC-822] group syntax.
+	//                     ;; Otherwise, holds [RFC-822] domain name
+	//
+	// addr_mailbox    ::= nstring
+	//                     ;; NIL indicates end of [RFC-822] group; if
+	//                     ;; non-NIL and addr_host is NIL, holds
+	//                     ;; [RFC-822] group name.
+	//                     ;; Otherwise, holds [RFC-822] local-part
+	//
+	// addr_name       ::= nstring
+	//                     ;; Holds phrase from [RFC-822] mailbox if
+	//                     ;; non-NIL
+	//
+	// address         ::= "(" addr_name SPACE addr_adl SPACE addr_mailbox
+	//                     SPACE addr_host ")"
+	//
+
+	DECLARE_COMPONENT(address)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+			VIMAP_PARSER_GET(nstring, addr_name);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(nstring, addr_adl);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(nstring, addr_mailbox);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(nstring, addr_host);
+			VIMAP_PARSER_CHECK(one_char <')'> );
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <nstring> addr_name;
+		std::unique_ptr <nstring> addr_adl;
+		std::unique_ptr <nstring> addr_mailbox;
+		std::unique_ptr <nstring> addr_host;
+	};
+
+
+	//
+	// address_list ::= "(" 1*address ")" / nil
+	//
+
+	DECLARE_COMPONENT(address_list)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!VIMAP_PARSER_TRY_CHECK(NIL)) {
+
+				VIMAP_PARSER_CHECK(one_char <'('> );
+
+				while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+					VIMAP_PARSER_GET_PUSHBACK(address, addresses);
+					VIMAP_PARSER_TRY_CHECK(SPACE);
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <address>> addresses;
+	};
+
+
+	//
+	// env_bcc         ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_bcc);
+
+
+	//
+	// env_cc          ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_cc);
+
+
+	//
+	// env_date        ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, env_date);
+
+
+	//
+	// env_from        ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_from);
+
+
+	//
+	// env_in_reply_to ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, env_in_reply_to);
+
+
+	//
+	// env_message_id  ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, env_message_id);
+
+
+	//
+	// env_reply_to    ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_reply_to);
+
+
+	//
+	// env_sender      ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_sender);
+
+
+	//
+	// env_subject     ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, env_subject);
+
+
+	//
+	// env_to          ::= "(" 1*address ")" / nil
+	//
+
+	COMPONENT_ALIAS(address_list, env_to);
+
+
+	//
+	// envelope ::= "(" env_date SPACE env_subject SPACE env_from
+	//              SPACE env_sender SPACE env_reply_to SPACE env_to
+	//              SPACE env_cc SPACE env_bcc SPACE env_in_reply_to
+	//              SPACE env_message_id ")"
+	//
+
+	DECLARE_COMPONENT(envelope)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			VIMAP_PARSER_GET(IMAPParser::env_date, env_date);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_subject, env_subject);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_from, env_from);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_sender, env_sender);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_reply_to, env_reply_to);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_to, env_to);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_cc, env_cc);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_bcc, env_bcc);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_in_reply_to, env_in_reply_to);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::env_message_id, env_message_id);
+
+			VIMAP_PARSER_CHECK(one_char <')'> );
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::env_date> env_date;
+		std::unique_ptr <IMAPParser::env_subject> env_subject;
+		std::unique_ptr <IMAPParser::env_from> env_from;
+		std::unique_ptr <IMAPParser::env_sender> env_sender;
+		std::unique_ptr <IMAPParser::env_reply_to> env_reply_to;
+		std::unique_ptr <IMAPParser::env_to> env_to;
+		std::unique_ptr <IMAPParser::env_cc> env_cc;
+		std::unique_ptr <IMAPParser::env_bcc> env_bcc;
+		std::unique_ptr <IMAPParser::env_in_reply_to> env_in_reply_to;
+		std::unique_ptr <IMAPParser::env_message_id> env_message_id;
+	};
+
+
+	//
+	// body_fld_desc   ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, body_fld_desc);
+
+
+	//
+	// body_fld_id     ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, body_fld_id);
+
+
+	//
+	// body_fld_md5    ::= nstring
+	//
+
+	COMPONENT_ALIAS(nstring, body_fld_md5);
+
+
+	//
+	// body_fld_octets ::= number
+	//
+
+	COMPONENT_ALIAS(number, body_fld_octets);
+
+
+	//
+	// body_fld_lines  ::= number
+	//
+
+	COMPONENT_ALIAS(number, body_fld_lines);
+
+
+	//
+	// body_fld_enc    ::= (<"> ("7BIT" / "8BIT" / "BINARY" / "BASE64"/
+	//                     "QUOTED-PRINTABLE") <">) / string
+	//
+
+	class body_fld_enc : public nstring {
+
+	public:
+
+		const string getComponentName() const {
+
+			return "body_fld_enc";
+		}
+
+		body_fld_enc() {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!xstring::parseImpl(parser, line, &pos)) {
+				return false;
+			}
+
+			// " When an IMAP4 client sends a FETCH (bodystructure) request
+			//   to a server that is running the Exchange Server 2007 IMAP4
+			//   service, a corrupted response is sent as a reply "
+			//   (see http://support.microsoft.com/kb/975918/en-us)
+			//
+			// Fail in strict mode
+			if (isNIL && parser.isStrict()) {
+				VIMAP_PARSER_FAIL();
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+	};
+
+
+	//
+	// body_fld_param_item ::= string SPACE string
+	//
+
+	DECLARE_COMPONENT(body_fld_param_item)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!parser.isStrict()) {
+
+				// Some servers send an <atom> instead of a <string> here:
+				// eg. ... (CHARSET "X-UNKNOWN") ...
+				if (!VIMAP_PARSER_TRY_GET(xstring, string1)) {
+
+					std::unique_ptr <atom> at;
+					VIMAP_PARSER_GET(atom, at);
+
+					string1.reset(new xstring());
+					string1->value = at->value;
+				}
+
+			} else {
+
+				VIMAP_PARSER_GET(xstring, string1);
+			}
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			if (!parser.isStrict()) {
+
+				// In non-strict mode, allow NIL in value
+				std::unique_ptr <nstring> nstr;
+				VIMAP_PARSER_GET(nstring, nstr);
+
+				string2.reset(new xstring());
+				string2->value = nstr->value;
+
+			} else {
+
+				VIMAP_PARSER_GET(xstring, string2);
+			}
+
+			DEBUG_FOUND("body_fld_param_item", "<" << string1->value << ", " << string2->value << ">");
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <xstring> string1;
+		std::unique_ptr <xstring> string2;
+	};
+
+
+	//
+	// body_fld_param  ::= "(" 1#(body_fld_param_item) ")" / nil
+	//
+
+	DECLARE_COMPONENT(body_fld_param)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'('> )) {
+
+				bool isNIL = false;
+
+				if (!parser.isStrict()) {
+
+					// In non-strict mode, allow "()" instead of "NIL"
+					if (VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+						isNIL = true;
+					}
+				}
+
+				if (!isNIL) {
+
+					VIMAP_PARSER_GET_PUSHBACK(body_fld_param_item, items);
+
+					while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+						VIMAP_PARSER_CHECK(SPACE);
+						VIMAP_PARSER_GET_PUSHBACK(body_fld_param_item, items);
+					}
+				}
+
+			} else {
+
+				VIMAP_PARSER_CHECK(NIL);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <body_fld_param_item>> items;
+	};
+
+
+	//
+	// body_fld_dsp    ::= "(" string SPACE body_fld_param ")" / nil
+	//
+
+	DECLARE_COMPONENT(body_fld_dsp)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'('> )) {
+
+				VIMAP_PARSER_GET(xstring, m_string);
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(class body_fld_param, m_body_fld_param);
+				VIMAP_PARSER_CHECK(one_char <')'> );
+
+			} else {
+
+				VIMAP_PARSER_CHECK(NIL);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+	private:
+
+		std::unique_ptr <class xstring> m_string;
+		std::unique_ptr <class body_fld_param> m_body_fld_param;
+
+	public:
+
+		const class xstring* str() const { return m_string.get(); }
+		const class body_fld_param* body_fld_param() const { return m_body_fld_param.get(); }
+	};
+
+
+	//
+	// body_fld_lang   ::= nstring / "(" 1#string ")"
+	//
+
+	DECLARE_COMPONENT(body_fld_lang)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'('> )) {
+
+				VIMAP_PARSER_GET_PUSHBACK(xstring, strings);
+
+				while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+					VIMAP_PARSER_CHECK(SPACE);
+					VIMAP_PARSER_GET_PUSHBACK(xstring, strings);
+				}
+
+			} else {
+
+				VIMAP_PARSER_GET_PUSHBACK(nstring, strings);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <xstring>> strings;
+	};
+
+
+	//
+	// body_fields     ::= body_fld_param SPACE body_fld_id SPACE
+	//                     body_fld_desc SPACE body_fld_enc SPACE
+	//                     body_fld_octets
+	//
+
+	DECLARE_COMPONENT(body_fields)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::body_fld_param, body_fld_param);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_id, body_fld_id);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_desc, body_fld_desc);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_enc, body_fld_enc);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_octets, body_fld_octets);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::body_fld_param> body_fld_param;
+		std::unique_ptr <IMAPParser::body_fld_id> body_fld_id;
+		std::unique_ptr <IMAPParser::body_fld_desc> body_fld_desc;
+		std::unique_ptr <IMAPParser::body_fld_enc> body_fld_enc;
+		std::unique_ptr <IMAPParser::body_fld_octets> body_fld_octets;
+	};
+
+
+	//
+	// media_subtype   ::= string
+	//                     ;; Defined in [MIME-IMT]
+	//
+
+	COMPONENT_ALIAS(xstring, media_subtype);
+
+
+	//
+	// media_text      ::= <"> "TEXT" <"> SPACE media_subtype
+	//                     ;; Defined in [MIME-IMT]
+	//
+
+	DECLARE_COMPONENT(media_text)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+			VIMAP_PARSER_CHECK_WITHARG(special_atom, "text");
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::media_subtype, media_subtype);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_subtype> media_subtype;
+	};
+
+
+	//
+	// media_message   ::= <"> "MESSAGE" <"> SPACE <"> "RFC822" <">
+	//                     ;; Defined in [MIME-IMT]
+	//
+
+	DECLARE_COMPONENT(media_message)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+			VIMAP_PARSER_CHECK_WITHARG(special_atom, "message");
+			VIMAP_PARSER_CHECK(one_char <'"'> );
+			VIMAP_PARSER_CHECK(SPACE);
+
+			//VIMAP_PARSER_CHECK(one_char <'"'> );
+			//VIMAP_PARSER_CHECK_WITHARG(special_atom, "rfc822");
+			//VIMAP_PARSER_CHECK(one_char <'"'> );
+
+			VIMAP_PARSER_GET(IMAPParser::media_subtype, media_subtype);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_subtype> media_subtype;
+	};
+
+
+	//
+	// media_basic     ::= (<"> ("APPLICATION" / "AUDIO" / "IMAGE" /
+	//                     "MESSAGE" / "VIDEO") <">) / string)
+	//                     SPACE media_subtype
+	//                     ;; Defined in [MIME-IMT]
+
+	DECLARE_COMPONENT(media_basic)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(xstring, media_type);
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::media_subtype, media_subtype);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::xstring> media_type;
+		std::unique_ptr <IMAPParser::media_subtype> media_subtype;
+	};
+
+
+	//
+	// body_ext_1part  ::= body_fld_md5 [SPACE body_fld_dsp
+	//                     [SPACE body_fld_lang
+	//                     [SPACE 1#body_extension]]]
+	//                     ;; MUST NOT be returned on non-extensible
+	//                     ;; "BODY" fetch
+	//
+
+	DECLARE_COMPONENT(body_ext_1part)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos)
+		{
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::body_fld_md5, body_fld_md5);
+
+			// [SPACE body_fld_dsp
+			if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+				VIMAP_PARSER_GET(IMAPParser::body_fld_dsp, body_fld_dsp);
+
+				// [SPACE body_fld_lang
+				if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+					VIMAP_PARSER_GET(IMAPParser::body_fld_lang, body_fld_lang);
+
+					// [SPACE 1#body_extension]
+					if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+						VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+
+						while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+							VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+						}
+					}
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::body_fld_md5> body_fld_md5;
+		std::unique_ptr <IMAPParser::body_fld_dsp> body_fld_dsp;
+		std::unique_ptr <IMAPParser::body_fld_lang> body_fld_lang;
+
+		std::vector <std::unique_ptr <body_extension>> body_extensions;
+	};
+
+
+	//
+	// body_ext_mpart  ::= body_fld_param
+	//                     [SPACE body_fld_dsp [SPACE body_fld_lang
+	//                     [SPACE 1#body_extension]]]
+	//                     ;; MUST NOT be returned on non-extensible
+	//                     ;; "BODY" fetch
+
+	DECLARE_COMPONENT(body_ext_mpart)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::body_fld_param, body_fld_param);
+
+			// [SPACE body_fld_dsp [SPACE body_fld_lang [SPACE 1#body_extension]]]
+			if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+				VIMAP_PARSER_GET(IMAPParser::body_fld_dsp, body_fld_dsp);
+
+				if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+					VIMAP_PARSER_GET(IMAPParser::body_fld_lang, body_fld_lang);
+
+					// [SPACE 1#body_extension]
+					if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+						VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+
+						while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+							VIMAP_PARSER_GET_PUSHBACK(body_extension, body_extensions);
+						}
+					}
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::body_fld_param> body_fld_param;
+		std::unique_ptr <IMAPParser::body_fld_dsp> body_fld_dsp;
+		std::unique_ptr <IMAPParser::body_fld_lang> body_fld_lang;
+
+		std::vector <std::unique_ptr <body_extension>> body_extensions;
+	};
+
+
+	//
+	// body_type_basic ::= media_basic SPACE body_fields
+	//                     ;; MESSAGE subtype MUST NOT be "RFC822"
+	//
+
+	DECLARE_COMPONENT(body_type_basic)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::media_basic, media_basic);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fields, body_fields);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_basic> media_basic;
+		std::unique_ptr <IMAPParser::body_fields> body_fields;
+	};
+
+
+	//
+	// body_type_msg   ::= media_message SPACE body_fields SPACE envelope
+	//                     SPACE body SPACE body_fld_lines
+	//
+
+	class xbody;
+	typedef xbody body;
+
+	DECLARE_COMPONENT(body_type_msg)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::media_message, media_message);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fields, body_fields);
+			VIMAP_PARSER_CHECK(SPACE);
+
+			// BUGFIX: made SPACE optional. This is not standard, but some servers
+			// seem to return responses like that...
+			VIMAP_PARSER_GET(IMAPParser::envelope, envelope);
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::xbody, body);
+			VIMAP_PARSER_TRY_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_lines, body_fld_lines);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_message> media_message;
+		std::unique_ptr <IMAPParser::body_fields> body_fields;
+		std::unique_ptr <IMAPParser::envelope> envelope;
+		std::unique_ptr <IMAPParser::xbody> body;
+		std::unique_ptr <IMAPParser::body_fld_lines> body_fld_lines;
+	};
+
+
+	//
+	// body_type_text  ::= media_text SPACE body_fields SPACE body_fld_lines
+	//
+
+	DECLARE_COMPONENT(body_type_text)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::media_text, media_text);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fields, body_fields);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::body_fld_lines, body_fld_lines);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_text> media_text;
+		std::unique_ptr <IMAPParser::body_fields> body_fields;
+		std::unique_ptr <IMAPParser::body_fld_lines> body_fld_lines;
+	};
+
+
+	//
+	// body_type_1part ::= (body_type_basic / body_type_msg / body_type_text)
+	//                     [SPACE body_ext_1part]
+	//
+
+	DECLARE_COMPONENT(body_type_1part)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::body_type_text, body_type_text)) {
+				if (!VIMAP_PARSER_TRY_GET(IMAPParser::body_type_msg, body_type_msg)) {
+					VIMAP_PARSER_GET(IMAPParser::body_type_basic, body_type_basic);
+				}
+			}
+
+			if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+				if (!VIMAP_PARSER_TRY_GET(IMAPParser::body_ext_1part, body_ext_1part)) {
+					--pos;
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::body_type_basic> body_type_basic;
+		std::unique_ptr <IMAPParser::body_type_msg> body_type_msg;
+		std::unique_ptr <IMAPParser::body_type_text> body_type_text;
+
+		std::unique_ptr <IMAPParser::body_ext_1part> body_ext_1part;
+	};
+
+
+	//
+	// body_type_mpart ::= 1*body SPACE media_subtype
+	//                     [SPACE body_ext_mpart]
+	//
+
+	DECLARE_COMPONENT(body_type_mpart)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET_PUSHBACK(xbody, list);
+
+			while (true) {
+				VIMAP_PARSER_TRY_GET_PUSHBACK_OR_ELSE(xbody, list, break);
+			}
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::media_subtype, media_subtype);
+
+			if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+				VIMAP_PARSER_GET(IMAPParser::body_ext_mpart, body_ext_mpart);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::media_subtype> media_subtype;
+		std::unique_ptr <IMAPParser::body_ext_mpart> body_ext_mpart;
+
+		std::vector <std::unique_ptr <xbody>> list;
+	};
+
+
+	//
+	// xbody ::= "(" body_type_1part / body_type_mpart ")"
+	//
+
+	DECLARE_COMPONENT(xbody)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::body_type_mpart, body_type_mpart)) {
+				VIMAP_PARSER_GET(IMAPParser::body_type_1part, body_type_1part);
+			}
+
+			VIMAP_PARSER_CHECK(one_char <')'> );
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::body_type_1part> body_type_1part;
+		std::unique_ptr <IMAPParser::body_type_mpart> body_type_mpart;
+	};
+
+
+	// msg_att_item ::= "ENVELOPE" SPACE envelope /
+	//                  "FLAGS" SPACE "(" #(flag / "\Recent") ")" /
+	//                  "INTERNALDATE" SPACE date_time /
+	//                  "RFC822" [".HEADER" / ".TEXT"] SPACE nstring /
+	//                  "RFC822.SIZE" SPACE number /
+	//                  "BODY" ["STRUCTURE"] SPACE body /
+	//                  "BODY" section ["<" number ">"] SPACE nstring /
+	//                  "UID" SPACE uniqueid
+	//
+	// IMAP Extension for Conditional STORE (RFC-4551):
+	//
+	//   msg_att_item      /= "MODSEQ" SP "(" mod_sequence_value ")"
+
+	DECLARE_COMPONENT(msg_att_item)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// "ENVELOPE" SPACE envelope
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "envelope")) {
+
+				type = ENVELOPE;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::envelope, envelope);
+
+			// "FLAGS" SPACE "(" #(flag / "\Recent") ")"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "flags")) {
+
+				type = FLAGS;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::flag_list, flag_list);
+
+			// "INTERNALDATE" SPACE date_time
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "internaldate")) {
+
+				type = INTERNALDATE;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::date_time, date_time);
+
+			// "RFC822" ".HEADER" SPACE nstring
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "rfc822.header")) {
+
+				type = RFC822_HEADER;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::nstring, nstring);
+
+			// "RFC822" ".TEXT" SPACE nstring
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "rfc822.text")) {
+
+				type = RFC822_TEXT;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				nstring.reset(parser.getWithArgs <IMAPParser::nstring>(line, &pos, this, RFC822_TEXT));
+
+				VIMAP_PARSER_FAIL_UNLESS(nstring);
+
+			// "RFC822.SIZE" SPACE number
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "rfc822.size")) {
+
+				type = RFC822_SIZE;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::number, number);
+
+			// "RFC822" SPACE nstring
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "rfc822")) {
+
+				type = RFC822;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::nstring, nstring);
+
+			// "BODY" "STRUCTURE" SPACE body
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "bodystructure")) {
+
+				type = BODY_STRUCTURE;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::body, body);
+
+			// "BODY" section ["<" number ">"] SPACE nstring
+			// "BODY" SPACE body
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "body")) {
+
+				VIMAP_PARSER_TRY_GET(IMAPParser::section, section);
+
+				// "BODY" section ["<" number ">"] SPACE nstring
+				if (section != NULL) {
+
+					type = BODY_SECTION;
+
+					if (VIMAP_PARSER_TRY_CHECK(one_char <'<'> )) {
+						VIMAP_PARSER_GET(IMAPParser::number, number);
+						VIMAP_PARSER_CHECK(one_char <'>'> );
+					}
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					nstring.reset(parser.getWithArgs <IMAPParser::nstring>(line, &pos, this, BODY_SECTION));
+
+					VIMAP_PARSER_FAIL_UNLESS(nstring);
+
+				// "BODY" SPACE body
+				} else {
+
+					type = BODY;
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::body, body);
+				}
+
+			// "MODSEQ" SP "(" mod_sequence_value ")"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "modseq")) {
+
+				type = MODSEQ;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_CHECK(one_char <'('> );
+
+				VIMAP_PARSER_GET(IMAPParser::mod_sequence_value, mod_sequence_value);
+
+				VIMAP_PARSER_CHECK(one_char <')'> );
+
+			// "UID" SPACE uniqueid
+			} else {
+
+				type = UID;
+
+				VIMAP_PARSER_CHECK_WITHARG(special_atom, "uid");
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::uniqueid, uniqueid);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			ENVELOPE,
+			FLAGS,
+			INTERNALDATE,
+			RFC822,
+			RFC822_SIZE,
+			RFC822_HEADER,
+			RFC822_TEXT,
+			BODY,
+			BODY_SECTION,
+			BODY_STRUCTURE,
+			UID,
+			MODSEQ
+		};
+
+
+		Type type;
+
+		std::unique_ptr <IMAPParser::date_time> date_time;
+		std::unique_ptr <IMAPParser::number> number;
+		std::unique_ptr <IMAPParser::envelope> envelope;
+		std::unique_ptr <IMAPParser::uniqueid> uniqueid;
+		std::unique_ptr <IMAPParser::nstring> nstring;
+		std::unique_ptr <IMAPParser::xbody> body;
+		std::unique_ptr <IMAPParser::flag_list> flag_list;
+		std::unique_ptr <IMAPParser::section> section;
+		std::unique_ptr <IMAPParser::mod_sequence_value> mod_sequence_value;
+	};
+
+
+	//
+	// msg_att ::= "(" 1#(msg_att_item) ")"
+	//
+
+	DECLARE_COMPONENT(msg_att)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'('> );
+
+			items.push_back(std::move(std::unique_ptr <msg_att_item>(parser.get <msg_att_item>(line, &pos))));
+
+			while (!VIMAP_PARSER_TRY_CHECK(one_char <')'> )) {
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET_PUSHBACK(msg_att_item, items);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::vector <std::unique_ptr <msg_att_item>> items;
+	};
+
+
+	//
+	// message_data ::= nz_number SPACE ("EXPUNGE" /
+	//                  ("FETCH" SPACE msg_att))
+	//
+
+	DECLARE_COMPONENT(message_data)
+
+		message_data()
+			: number(0) {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			scoped_ptr <nz_number> num;
+			VIMAP_PARSER_GET(nz_number, num);
+			number = static_cast <unsigned int>(num->value);
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "expunge")) {
+
+				type = EXPUNGE;
+
+			} else {
+
+				type = FETCH;
+
+				VIMAP_PARSER_CHECK_WITHARG(special_atom, "fetch");
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::msg_att, msg_att);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			EXPUNGE,
+			FETCH
+		};
+
+
+		Type type;
+		unsigned int number;
+		std::unique_ptr <IMAPParser::msg_att> msg_att;
+	};
+
+
+	//
+	// resp_text_code ::= "ALERT" / "PARSE" /
+	//                    capability-data /
+	//                    "PERMANENTFLAGS" SPACE "(" #(flag / "\*") ")" /
+	//                    "READ-ONLY" / "READ-WRITE" / "TRYCREATE" /
+	//                    "UIDVALIDITY" SPACE nz_number /
+	//                    "UNSEEN" SPACE nz_number /
+	//                    "UIDNEXT" SPACE nz-number /
+	//                    atom [SPACE 1*<any TEXT_CHAR except "]">]
+	//
+	// IMAP Extension for Conditional STORE (RFC-4551):
+	//
+	//   resp-text-code      =/ "HIGHESTMODSEQ" SP mod-sequence-value /
+	//                          "NOMODSEQ" /
+	//                          "MODIFIED" SP set
+	//
+	// IMAP UIDPLUS Extension (RFC-4315):
+	//
+	//   resp-text-code      =/ "APPENDUID" SP nz-number SP append-uid /
+	//                          "COPYUID" SP nz-number SP uid-set SP uid-set /
+	//                          "UIDNOTSTICKY"
+
+	DECLARE_COMPONENT(resp_text_code)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			// "ALERT"
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "alert")) {
+
+				type = ALERT;
+
+			// "PARSE"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "parse")) {
+
+				type = PARSE;
+
+			// capability_data
+			} else if (VIMAP_PARSER_TRY_GET(IMAPParser::capability_data, capability_data)) {
+
+				type = CAPABILITY;
+
+			// "PERMANENTFLAGS" SPACE flag_list
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "permanentflags")) {
+
+				type = PERMANENTFLAGS;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::flag_list, flag_list);
+
+			// "READ-ONLY"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "read-only")) {
+
+				type = READ_ONLY;
+
+			// "READ-WRITE"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "read-write")) {
+
+				type = READ_WRITE;
+
+			// "TRYCREATE"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "trycreate")) {
+
+				type = TRYCREATE;
+
+			// "UIDVALIDITY" SPACE nz_number
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "uidvalidity")) {
+
+				type = UIDVALIDITY;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::nz_number, nz_number);
+
+			// "UIDNEXT" SPACE nz_number
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "uidnext")) {
+
+				type = UIDNEXT;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::nz_number, nz_number);
+
+			// "UNSEEN" SPACE nz_number
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "unseen")) {
+
+				type = UNSEEN;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::nz_number, nz_number);
+
+			// "HIGHESTMODSEQ" SP mod-sequence-value
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "highestmodseq")) {
+
+				type = HIGHESTMODSEQ;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::mod_sequence_value, mod_sequence_value);
+
+			// "NOMODSEQ"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "nomodseq")) {
+
+				type = NOMODSEQ;
+
+			// "MODIFIED" SP sequence-set
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "modified")) {
+
+				type = MODIFIED;
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::sequence_set, sequence_set);
+
+			// "APPENDUID" SP nz-number SP append-uid
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "appenduid")) {
+
+				type = APPENDUID;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::nz_number, nz_number);
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::uid_set, uid_set);
+
+			// "COPYUID" SP nz-number SP uid-set SP uid-set
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "copyuid")) {
+
+				type = COPYUID;
+
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::nz_number, nz_number);
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::uid_set, uid_set);
+				VIMAP_PARSER_CHECK(SPACE);
+				VIMAP_PARSER_GET(IMAPParser::uid_set, uid_set2);
+
+			// "UIDNOTSTICKY"
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "uidnotsticky")) {
+
+				type = UIDNOTSTICKY;
+
+			// atom [SPACE 1*<any TEXT_CHAR except "]">]
+			} else {
+
+				type = OTHER;
+
+				VIMAP_PARSER_GET(IMAPParser::atom, atom);
+
+				if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+					VIMAP_PARSER_GET(text_except <']'> , text);
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+			// Extensions
+			HIGHESTMODSEQ,
+			NOMODSEQ,
+			MODIFIED,
+			APPENDUID,
+			COPYUID,
+			UIDNOTSTICKY,
+
+			// Standard IMAP
+			ALERT,
+			PARSE,
+			CAPABILITY,
+			PERMANENTFLAGS,
+			READ_ONLY,
+			READ_WRITE,
+			TRYCREATE,
+			UIDVALIDITY,
+			UIDNEXT,
+			UNSEEN,
+			OTHER
+		};
+
+
+		Type type;
+
+		std::unique_ptr <IMAPParser::nz_number> nz_number;
+		std::unique_ptr <IMAPParser::atom> atom;
+		std::unique_ptr <IMAPParser::flag_list> flag_list;
+		std::unique_ptr <IMAPParser::text> text;
+		std::unique_ptr <IMAPParser::mod_sequence_value> mod_sequence_value;
+		std::unique_ptr <IMAPParser::sequence_set> sequence_set;
+		std::unique_ptr <IMAPParser::capability_data> capability_data;
+		std::unique_ptr <IMAPParser::uid_set> uid_set;
+		std::unique_ptr <IMAPParser::uid_set> uid_set2;
+	};
+
+
+	//
+	// resp_text ::= ["[" resp_text_code "]" SPACE] (text_mime2 / text)
+	//               ;; text SHOULD NOT begin with "[" or "="
+
+	DECLARE_COMPONENT(resp_text)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK(one_char <'['> )) {
+
+				VIMAP_PARSER_GET(IMAPParser::resp_text_code, resp_text_code);
+
+				VIMAP_PARSER_CHECK(one_char <']'> );
+				VIMAP_PARSER_TRY_CHECK(SPACE);
+			}
+
+			std::unique_ptr <text_mime2> text1;
+			VIMAP_PARSER_TRY_GET(text_mime2, text1);
+
+			if (text1.get()) {
+
+				text = text1->value;
+
+			} else {
+
+				std::unique_ptr <IMAPParser::text> text2;
+				VIMAP_PARSER_TRY_GET(IMAPParser::text, text2);
+
+				if (text2.get()) {
+					text = text2->value;
+				} else {
+					// Empty response text
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_text_code> resp_text_code;
+		string text;
+	};
+
+
+	//
+	// continue_req   ::= "+" SPACE (resp_text / base64)
+	//
+
+	DECLARE_COMPONENT(continue_req)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'+'> );
+
+			if (!parser.isStrict()) {
+
+				// Some servers do not send SPACE when response text is empty
+				if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+					VIMAP_PARSER_GET(IMAPParser::resp_text, resp_text);
+				} else {
+					resp_text.reset(new IMAPParser::resp_text());  // empty
+				}
+
+			} else {
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				VIMAP_PARSER_GET(IMAPParser::resp_text, resp_text);
+			}
+
+			VIMAP_PARSER_CHECK(CRLF);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_text> resp_text;
+	};
+
+
+	//
+	// resp_cond_state ::= ("OK" / "NO" / "BAD") SPACE resp_text
+	//                     ;; Status condition
+	//
+
+	DECLARE_COMPONENT(resp_cond_state)
+
+		resp_cond_state()
+			: status(BAD) {
+
+		}
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "ok")) {
+				status = OK;
+			} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "no")) {
+				status = NO;
+			} else {
+				VIMAP_PARSER_CHECK_WITHARG(special_atom, "bad");
+				status = BAD;
+			}
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::resp_text, resp_text);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Status {
+			OK,
+			NO,
+			BAD
+		};
+
+
+		std::unique_ptr <IMAPParser::resp_text> resp_text;
+		Status status;
+	};
+
+
+	//
+	// resp_cond_bye ::= "BYE" SPACE resp_text
+	//
+
+	DECLARE_COMPONENT(resp_cond_bye)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK_WITHARG(special_atom, "bye");
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::resp_text, resp_text);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_text> resp_text;
+	};
+
+
+	//
+	// resp_cond_auth  ::= ("OK" / "PREAUTH") SPACE resp_text
+	//                     ;; Authentication condition
+	//
+
+	DECLARE_COMPONENT(resp_cond_auth)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "ok")) {
+				condition = OK;
+			} else {
+				VIMAP_PARSER_CHECK_WITHARG(special_atom, "preauth");
+				condition = PREAUTH;
+			}
+
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::resp_text, resp_text);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Condition {
+			OK,
+			PREAUTH
+		};
+
+
+		Condition condition;
+		std::unique_ptr <IMAPParser::resp_text> resp_text;
+	};
+
+
+	//
+	// mailbox_data ::= "FLAGS" SPACE mailbox_flag_list /
+	//                  "LIST" SPACE mailbox_list /
+	//                  "LSUB" SPACE mailbox_list /
+	//                  "MAILBOX" SPACE text /
+	//                  "SEARCH" [SPACE 1#nz_number] /
+	//                  "STATUS" SPACE mailbox SPACE
+	//                    "(" [status-att-list] ")" /
+	//                  number SPACE "EXISTS" /
+	//                  number SPACE "RECENT"
+	//
+
+	DECLARE_COMPONENT(mailbox_data)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (VIMAP_PARSER_TRY_GET(IMAPParser::number, number)) {
+
+				VIMAP_PARSER_CHECK(SPACE);
+
+				if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "exists")) {
+					type = EXISTS;
+				} else {
+					VIMAP_PARSER_CHECK_WITHARG(special_atom, "recent");
+					type = RECENT;
+				}
+
+			} else {
+
+				// "FLAGS" SPACE mailbox_flag_list
+				if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "flags")) {
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::mailbox_flag_list, mailbox_flag_list);
+
+					type = FLAGS;
+
+				// "LIST" SPACE mailbox_list
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "list")) {
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::mailbox_list, mailbox_list);
+
+					type = LIST;
+
+				// "LSUB" SPACE mailbox_list
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "lsub")) {
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::mailbox_list, mailbox_list);
+
+					type = LSUB;
+
+				// "MAILBOX" SPACE text
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "mailbox")) {
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::text, text);
+
+					type = MAILBOX;
+
+				// "SEARCH" [SPACE 1#nz_number]
+				} else if (VIMAP_PARSER_TRY_CHECK_WITHARG(special_atom, "search")) {
+
+					if (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+
+						VIMAP_PARSER_GET_PUSHBACK(nz_number, search_nz_number_list);
+
+						while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+							VIMAP_PARSER_GET_PUSHBACK(nz_number, search_nz_number_list);
+						}
+					}
+
+					type = SEARCH;
+
+				// "STATUS" SPACE mailbox SPACE
+				// "(" [status_att_list] ")"
+				} else {
+
+					VIMAP_PARSER_CHECK_WITHARG(special_atom, "status");
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_GET(IMAPParser::mailbox, mailbox);
+
+					VIMAP_PARSER_CHECK(SPACE);
+
+					VIMAP_PARSER_CHECK(one_char <'('> );
+					VIMAP_PARSER_TRY_GET(IMAPParser::status_att_list, status_att_list);
+					VIMAP_PARSER_CHECK(one_char <')'> );
+
+					type = STATUS;
+				}
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		enum Type {
+
+			FLAGS,
+			LIST,
+			LSUB,
+			MAILBOX,
+			SEARCH,
+			STATUS,
+			EXISTS,
+			RECENT
+		};
+
+
+		Type type;
+
+		std::unique_ptr <IMAPParser::number> number;
+		std::unique_ptr <IMAPParser::mailbox_flag_list> mailbox_flag_list;
+		std::unique_ptr <IMAPParser::mailbox_list> mailbox_list;
+		std::unique_ptr <IMAPParser::mailbox> mailbox;
+		std::unique_ptr <IMAPParser::text> text;
+		std::vector <std::unique_ptr <nz_number>> search_nz_number_list;
+		std::unique_ptr <IMAPParser::status_att_list> status_att_list;
+	};
+
+
+	//
+	// response_data  ::= "*" SPACE (resp_cond_state / resp_cond_bye /
+	//                    mailbox_data / message_data / capability_data) CRLF
+	//
+
+	DECLARE_COMPONENT(response_data)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'*'> );
+			VIMAP_PARSER_CHECK(SPACE);
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::resp_cond_state, resp_cond_state)) {
+				if (!VIMAP_PARSER_TRY_GET(IMAPParser::resp_cond_bye, resp_cond_bye)) {
+					if (!VIMAP_PARSER_TRY_GET(IMAPParser::mailbox_data, mailbox_data)) {
+						if (!VIMAP_PARSER_TRY_GET(IMAPParser::message_data, message_data)) {
+							VIMAP_PARSER_GET(IMAPParser::capability_data, capability_data);
+						}
+					}
+				}
+			}
+
+			if (!parser.isStrict()) {
+
+				// Allow SPACEs at end of line
+				while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+					;
+				}
+			}
+
+			VIMAP_PARSER_CHECK(CRLF);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_cond_state> resp_cond_state;
+		std::unique_ptr <IMAPParser::resp_cond_bye> resp_cond_bye;
+		std::unique_ptr <IMAPParser::mailbox_data> mailbox_data;
+		std::unique_ptr <IMAPParser::message_data> message_data;
+		std::unique_ptr <IMAPParser::capability_data> capability_data;
+	};
+
+
+	DECLARE_COMPONENT(continue_req_or_response_data)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::continue_req, continue_req)) {
+				VIMAP_PARSER_GET(IMAPParser::response_data, response_data);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::continue_req> continue_req;
+		std::unique_ptr <IMAPParser::response_data> response_data;
+	};
+
+
+	//
+	// response_fatal ::= "*" SPACE resp_cond_bye CRLF
+	//                    ;; Server closes connection immediately
+	//
+
+	DECLARE_COMPONENT(response_fatal)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'*'> );
+			VIMAP_PARSER_CHECK(SPACE);
+
+			VIMAP_PARSER_GET(IMAPParser::resp_cond_bye, resp_cond_bye);
+
+			if (!parser.isStrict()) {
+
+				// Allow SPACEs at end of line
+				while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+					;
+				}
+			}
+
+			VIMAP_PARSER_CHECK(CRLF);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_cond_bye> resp_cond_bye;
+	};
+
+
+	//
+	// response_tagged ::= tag SPACE resp_cond_state CRLF
+	//
+
+	DECLARE_COMPONENT(response_tagged)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_GET(IMAPParser::xtag, tag);
+			VIMAP_PARSER_CHECK(SPACE);
+			VIMAP_PARSER_GET(IMAPParser::resp_cond_state, resp_cond_state);
+
+			if (!parser.isStrict()) {
+
+				// Allow SPACEs at end of line
+				while (VIMAP_PARSER_TRY_CHECK(SPACE)) {
+					;
+				}
+			}
+
+			VIMAP_PARSER_CHECK(CRLF);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::xtag> tag;
+		std::unique_ptr <IMAPParser::resp_cond_state> resp_cond_state;
+	};
+
+
+	//
+	// response_done ::= response_tagged / response_fatal
+	//
+
+	DECLARE_COMPONENT(response_done)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::response_tagged, response_tagged)) {
+				VIMAP_PARSER_GET(IMAPParser::response_fatal, response_fatal);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		std::unique_ptr <IMAPParser::response_tagged> response_tagged;
+		std::unique_ptr <IMAPParser::response_fatal> response_fatal;
+	};
+
+
+	//
+	// response ::= *(continue_req / response_data) response_done
+	//
+
+	DECLARE_COMPONENT(response)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+			string curLine = line;
+			bool partial = false;  // partial response
+
+			IMAPParser::continue_req_or_response_data* resp = NULL;
+
+			while ((resp = parser.get <IMAPParser::continue_req_or_response_data>(curLine, &pos))) {
+
+				continue_req_or_response_data.push_back(
+					std::move(
+						std::unique_ptr <IMAPParser::continue_req_or_response_data>(resp)
+					)
+				);
+
+				// Partial response (continue_req)
+				if (resp->continue_req) {
+					partial = true;
+					break;
+				}
+
+				// We have read a CRLF, read another line
+				curLine = parser.readLine();
+				pos = 0;
+			}
+
+			if (!partial) {
+				response_done.reset(parser.get <IMAPParser::response_done>(curLine, &pos));
+				VIMAP_PARSER_FAIL_UNLESS(response_done);
+			}
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+
+		bool isBad() const {
+
+			if (!response_done) {  // incomplete (partial) response
+				return true;
+			}
+
+			if (response_done->response_fatal) {
+				return true;
+			}
+
+			if (response_done->response_tagged->resp_cond_state->status == IMAPParser::resp_cond_state::BAD) {
+
+				return true;
+			}
+
+			return false;
+		}
+
+		void setErrorLog(const string& errorLog) {
+
+			m_errorLog = errorLog;
+		}
+
+		const string& getErrorLog() const {
+
+			return m_errorLog;
+		}
+
+
+		std::vector <std::unique_ptr <IMAPParser::continue_req_or_response_data>> continue_req_or_response_data;
+		std::unique_ptr <IMAPParser::response_done> response_done;
+
+	private:
+
+		string m_errorLog;
+	};
+
+
+	//
+	// greeting ::= "*" SPACE (resp_cond_auth / resp_cond_bye) CRLF
+	//
+
+	DECLARE_COMPONENT(greeting)
+
+		bool parseImpl(IMAPParser& parser, string& line, size_t* currentPos) {
+
+			size_t pos = *currentPos;
+
+			VIMAP_PARSER_CHECK(one_char <'*'> );
+			VIMAP_PARSER_CHECK(SPACE);
+
+			if (!VIMAP_PARSER_TRY_GET(IMAPParser::resp_cond_auth, resp_cond_auth)) {
+				VIMAP_PARSER_GET(IMAPParser::resp_cond_bye, resp_cond_bye);
+			}
+
+			VIMAP_PARSER_CHECK(CRLF);
+
+			*currentPos = pos;
+
+			return true;
+		}
+
+		void setErrorLog(const string& errorLog) {
+
+			m_errorLog = errorLog;
+		}
+
+		const string& getErrorLog() const {
+
+			return m_errorLog;
+		}
+
+
+		std::unique_ptr <IMAPParser::resp_cond_auth> resp_cond_auth;
+		std::unique_ptr <IMAPParser::resp_cond_bye> resp_cond_bye;
+
+	private:
+
+		string m_errorLog;
+	};
+
+
+
+	//
+	// The main functions used to parse a response
+	//
+
+	response* readResponse(const IMAPTag& tag, literalHandler* lh = NULL) {
+
+		while (true) {
+
+			auto it = m_pendingResponses.find(std::string(tag));
+
+			if (it != m_pendingResponses.end()) {
+				auto* resp = it->second;
+				m_pendingResponses.erase(it);
+				return resp;
+			}
+
+			size_t pos = 0;
+			string line = readLine();
+
+			m_literalHandler = lh;
+			response* resp = get <response>(line, &pos);
+			m_literalHandler = NULL;
+
+			if (!resp) {
+				throw exceptions::invalid_response("", m_errorResponseLine);
+			}
+
+			resp->setErrorLog(lastLine());
+
+			// If there is a continue_req, return the response immediately
+			for (auto &respData : resp->continue_req_or_response_data) {
+				if (respData->continue_req) {
+					return resp;
+				}
+			}
+
+			// Else, return response if the tag is the one we expect
+			if (resp->response_done && resp->response_done->response_tagged &&
+			    resp->response_done->response_tagged->tag) {
+
+				if (tag == resp->response_done->response_tagged->tag->tagString) {
+					return resp;
+				} else {
+					// Not our response tag, cache it for later
+					m_pendingResponses[resp->response_done->response_tagged->tag->tagString] = resp;
+				}
+			} else {
+				// Untagged response
+				return resp;
+			}
+		}
+	}
+
+
+	greeting* readGreeting() {
+
+		size_t pos = 0;
+		string line = readLine();
+
+		greeting* greet = get <greeting>(line, &pos);
+
+		if (!greet) {
+			throw exceptions::invalid_response("", m_errorResponseLine);
+		}
+
+		greet->setErrorLog(lastLine());
+
+		return greet;
+	}
+
+
+	/** Parse a token and advance.
+	  * If the token has been parsed successfully, a raw pointer to it
+	  * will be returned. The caller is responsible to free the memory.
+	  *
+	  * @param TYPE token type (class)
+	  * @param line line which is currently being parsed
+	  * @param currentPos current position in the line (will be updated
+	  * when the function returns)
+	  * @return a raw pointer to the parsed token, or NULL otherwise
+	  */
+	template <class TYPE>
+	TYPE* get(string& line, size_t* currentPos) {
+
+		component* resp = new TYPE;
+		return internalGet <TYPE>(resp, line, currentPos);
+	}
+
+	/** Parse a token which takes 2 arguments and advance.
+	  * If the token has been parsed successfully, a raw pointer to it
+	  * will be returned. The caller is responsible to free the memory.
+	  *
+	  * @param TYPE token type (class)
+	  * @param ARG1_TYPE type of argument #1 (class)
+	  * @param ARG2_TYPE type of argument #2 (class)
+	  * @param line line which is currently being parsed
+	  * @param currentPos current position in the line (will be updated
+	  * when the function returns)
+	  * @param arg1 value of argument 1 to be passed to the token
+	  * @param arg2 value of argument 2 to be passed to the token
+	  * @return a raw pointer to the parsed token, or NULL otherwise
+	  */
+	template <class TYPE, class ARG1_TYPE, class ARG2_TYPE>
+	TYPE* getWithArgs(string& line, size_t* currentPos, ARG1_TYPE arg1, ARG2_TYPE arg2) {
+
+		component* resp = new TYPE(arg1, arg2);
+		return internalGet <TYPE>(resp, line, currentPos);
+	}
+
+private:
+
+	template <class TYPE>
+	TYPE* internalGet(component* resp, string& line, size_t* currentPos) {
+
+		const size_t oldPos = *currentPos;
+
+		if (!resp->parse(*this, line, currentPos)) {
+
+			*currentPos = oldPos;
+
+			delete resp;
+
+			return NULL;
+		}
+
+		return static_cast <TYPE*>(resp);
+	}
+
+	const string lastLine() const {
+
+		// Remove blanks and new lines at the end of the line.
+		string line(m_lastLine);
+
+		string::const_iterator it = line.end();
+		int count = 0;
+
+		while (it != line.begin()) {
+
+			const unsigned char c = *(it - 1);
+
+			if (!(c == ' ' || c == '\t' || c == '\n' || c == '\r')) {
+				break;
+			}
+
+			++count;
+			--it;
+		}
+
+		line.resize(line.length() - count);
+
+		return (line);
+	}
+
+public:
+
+	/** Check for a token and advance.
+	  *
+	  * @param TYPE token type (class)
+	  * @param line line which is currently being parsed
+	  * @param currentPos current position in the line (will be updated
+	  * when the function returns)
+	  * @return true if the token has been parsed, or false otherwise
+	  */
+	template <class TYPE>
+	bool check(string& line, size_t* currentPos) {
+
+		const size_t oldPos = *currentPos;
+
+		TYPE term;
+
+		if (!term.parse(*this, line, currentPos)) {
+			*currentPos = oldPos;
+			return false;
+		} else {
+			return true;
+		}
+	}
+
+	/** Check for a token which takes an argument and advance.
+	  *
+	  * @param TYPE token type (class)
+	  * @param ARG_TYPE argument type (class)
+	  * @param line line which is currently being parsed
+	  * @param currentPos current position in the line (will be updated
+	  * when the function returns)
+	  * @param arg argument to be passed to the token
+	  * @return true if the token has been parsed, or false otherwise
+	  */
+	template <class TYPE, class ARG_TYPE>
+	bool checkWithArg(string& line, size_t* currentPos, const ARG_TYPE arg) {
+
+		const size_t oldPos = *currentPos;
+
+		TYPE term(arg);
+
+		if (!term.parse(*this, line, currentPos)) {
+			*currentPos = oldPos;
+			return false;
+		} else {
+			return true;
+		}
+	}
+
+
+private:
+
+	weak_ptr <socket> m_socket;
+	shared_ptr <tracer> m_tracer;
+
+	utility::progressListener* m_progress;
+
+	bool m_strict;
+
+	literalHandler* m_literalHandler;
+
+	weak_ptr <timeoutHandler> m_timeoutHandler;
+
+
+	string m_buffer;
+
+	string m_lastLine;
+	string m_errorResponseLine;
+
+	std::map <std::string, response*> m_pendingResponses;
+
+public:
+
+	/** Read a line from the input buffer. The function blocks until a
+	  * complete line is read from the buffer. Position in input buffer
+	  * will be updated.
+	  *
+	  * @return next line
+	  */
+	const string readLine() {
+
+		size_t pos;
+
+		while ((pos = m_buffer.find('\n')) == string::npos) {
+			read();
+		}
+
+		string line;
+		line.resize(pos + 1);
+		std::copy(m_buffer.begin(), m_buffer.begin() + pos + 1, line.begin());
+
+		m_buffer.erase(m_buffer.begin(), m_buffer.begin() + pos + 1);
+
+		m_lastLine = line;
+
+#if DEBUG_RESPONSE
+		std::cout << std::endl << "Read line:" << std::endl << line << std::endl;
+#endif
+
+		if (m_tracer) {
+			string::size_type len = line.length();
+			while (len != 0 && (line[len - 1] == '\r' || line[len - 1] == '\n')) --len;
+			m_tracer->traceReceive(line.substr(0, len));
+		}
+
+		return (line);
+	}
+
+	/** Fill in the input buffer with data available from the socket stream.
+	  * The function blocks until some data is available.
+	  */
+	void read() {
+
+		string receiveBuffer;
+
+		shared_ptr <timeoutHandler> toh = m_timeoutHandler.lock();
+		shared_ptr <socket> sok = m_socket.lock();
+
+		if (toh) {
+			toh->resetTimeOut();
+		}
+
+		while (receiveBuffer.empty()) {
+
+			// Check whether the time-out delay is elapsed
+			if (toh && toh->isTimeOut()) {
+				if (!toh->handleTimeOut()) {
+					throw exceptions::operation_timed_out();
+				}
+			}
+
+			// We have received data: reset the time-out counter
+			sok->receive(receiveBuffer);
+
+			if (receiveBuffer.empty()) {   // buffer is empty
+
+				if (sok->getStatus() & socket::STATUS_WANT_WRITE) {
+					sok->waitForWrite();
+				} else {
+					sok->waitForRead();
+				}
+
+				continue;
+			}
+
+			// We have received data ...
+			if (toh) {
+				toh->resetTimeOut();
+			}
+		}
+
+		m_buffer += receiveBuffer;
+	}
+
+
+	void readLiteral(literalHandler::target& buffer, size_t count) {
+
+		size_t len = 0;
+		string receiveBuffer;
+
+		shared_ptr <timeoutHandler> toh = m_timeoutHandler.lock();
+		shared_ptr <socket> sok = m_socket.lock();
+
+		if (m_progress) {
+			m_progress->start(count);
+		}
+
+		if (toh) {
+			toh->resetTimeOut();
+		}
+
+		if (!m_buffer.empty()) {
+
+			if (m_buffer.length() > count) {
+
+				buffer.putData(string(m_buffer.begin(), m_buffer.begin() + count));
+				m_buffer.erase(m_buffer.begin(), m_buffer.begin() + count);
+				len = count;
+
+			} else {
+
+				len += m_buffer.length();
+				buffer.putData(m_buffer);
+				m_buffer.clear();
+			}
+		}
+
+		while (len < count) {
+
+			// Check whether the time-out delay is elapsed
+			if (toh && toh->isTimeOut()) {
+
+				if (!toh->handleTimeOut()) {
+					throw exceptions::operation_timed_out();
+				}
+
+				toh->resetTimeOut();
+			}
+
+			// Receive data from the socket
+			sok->receive(receiveBuffer);
+
+			if (receiveBuffer.empty()) {  // buffer is empty
+
+				if (sok->getStatus() & socket::STATUS_WANT_WRITE) {
+					sok->waitForWrite();
+				} else {
+					sok->waitForRead();
+				}
+
+				continue;
+			}
+
+			// We have received data: reset the time-out counter
+			if (toh) {
+				toh->resetTimeOut();
+			}
+
+			if (len + receiveBuffer.length() > count) {
+
+				const size_t remaining = count - len;
+
+				// Get the needed amount of data
+				buffer.putData(string(receiveBuffer.begin(), receiveBuffer.begin() + remaining));
+
+				// Put the remaining data into the internal response buffer
+				receiveBuffer.erase(receiveBuffer.begin(), receiveBuffer.begin() + remaining);
+				m_buffer += receiveBuffer;
+
+				len = count;
+
+			} else {
+
+				buffer.putData(receiveBuffer);
+				len += receiveBuffer.length();
+			}
+
+			// Notify progress
+			if (m_progress) {
+				m_progress->progress(len, count);
+			}
+		}
+
+		if (m_tracer) {
+			m_tracer->traceReceiveBytes(count);
+		}
+
+		if (m_progress) {
+			m_progress->stop(count);
+		}
+	}
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#undef VIMAP_PARSER_FAIL
+#undef VIMAP_PARSER_FAIL_UNLESS
+#undef VIMAP_PARSER_CHECK
+#undef VIMAP_PARSER_TRY_CHECK
+#undef VIMAP_PARSER_GET
+#undef VIMAP_PARSER_GET
+#undef VIMAP_PARSER_TRY_GET
+#undef VIMAP_PARSER_TRY_GET
+#undef VIMAP_PARSER_GET_PUSHBACK
+#undef VIMAP_PARSER_CHECK_WITHARG
+#undef VIMAP_PARSER_TRY_CHECK_WITHARG
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPPARSER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPSStore.cpp b/vmime-master/src/vmime/net/imap/IMAPSStore.cpp
new file mode 100644
index 0000000..dd9c318
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPSStore.cpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPSStore.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPSStore::IMAPSStore(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth
+)
+	: IMAPStore(sess, auth, true) {
+
+}
+
+
+IMAPSStore::~IMAPSStore() {
+
+}
+
+
+const string IMAPSStore::getProtocolName() const {
+
+	return "imaps";
+}
+
+
+
+// Service infos
+
+IMAPServiceInfos IMAPSStore::sm_infos(true);
+
+
+const serviceInfos& IMAPSStore::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& IMAPSStore::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPSStore.hpp b/vmime-master/src/vmime/net/imap/IMAPSStore.hpp
new file mode 100644
index 0000000..e18a067
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPSStore.hpp
@@ -0,0 +1,70 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPSSTORE_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPSSTORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPStore.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+/** IMAPS store service.
+  */
+class VMIME_EXPORT IMAPSStore : public IMAPStore {
+
+public:
+
+	IMAPSStore(const shared_ptr <session>& sess, const shared_ptr <security::authenticator>& auth);
+	~IMAPSStore();
+
+	const string getProtocolName() const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+private:
+
+	static IMAPServiceInfos sm_infos;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPSSTORE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPServiceInfos.cpp b/vmime-master/src/vmime/net/imap/IMAPServiceInfos.cpp
new file mode 100644
index 0000000..baed6ba
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPServiceInfos.cpp
@@ -0,0 +1,135 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPServiceInfos::IMAPServiceInfos(const bool imaps)
+	: m_imaps(imaps) {
+
+}
+
+
+const string IMAPServiceInfos::getPropertyPrefix() const {
+
+	if (m_imaps) {
+		return "store.imaps.";
+	} else {
+		return "store.imap.";
+	}
+}
+
+
+const IMAPServiceInfos::props& IMAPServiceInfos::getProperties() const {
+
+	static props imapProps = {
+		// IMAP-specific options
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "143"),
+	};
+
+	static props imapsProps = {
+		// IMAP-specific options
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "993"),
+	};
+
+	return m_imaps ? imapsProps : imapProps;
+}
+
+
+const std::vector <serviceInfos::property> IMAPServiceInfos::getAvailableProperties() const {
+
+	std::vector <property> list;
+	const props& p = getProperties();
+
+	// IMAP-specific options
+#if VMIME_HAVE_SASL_SUPPORT
+	list.push_back(p.PROPERTY_OPTIONS_SASL);
+	list.push_back(p.PROPERTY_OPTIONS_SASL_FALLBACK);
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// Common properties
+	list.push_back(p.PROPERTY_AUTH_USERNAME);
+	list.push_back(p.PROPERTY_AUTH_PASSWORD);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (!m_imaps) {
+		list.push_back(p.PROPERTY_CONNECTION_TLS);
+		list.push_back(p.PROPERTY_CONNECTION_TLS_REQUIRED);
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	list.push_back(p.PROPERTY_SERVER_ADDRESS);
+	list.push_back(p.PROPERTY_SERVER_PORT);
+
+	return list;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPServiceInfos.hpp b/vmime-master/src/vmime/net/imap/IMAPServiceInfos.hpp
new file mode 100644
index 0000000..73fca7a
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPServiceInfos.hpp
@@ -0,0 +1,89 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPSERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPSERVICEINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+/** Information about IMAP service.
+  */
+class VMIME_EXPORT IMAPServiceInfos : public serviceInfos {
+
+public:
+
+	IMAPServiceInfos(const bool imaps);
+
+	struct props {
+		// IMAP-specific options
+#if VMIME_HAVE_SASL_SUPPORT
+		serviceInfos::property PROPERTY_OPTIONS_SASL;
+		serviceInfos::property PROPERTY_OPTIONS_SASL_FALLBACK;
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		serviceInfos::property PROPERTY_AUTH_USERNAME;
+		serviceInfos::property PROPERTY_AUTH_PASSWORD;
+
+#if VMIME_HAVE_TLS_SUPPORT
+		serviceInfos::property PROPERTY_CONNECTION_TLS;
+		serviceInfos::property PROPERTY_CONNECTION_TLS_REQUIRED;
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		serviceInfos::property PROPERTY_SERVER_ADDRESS;
+		serviceInfos::property PROPERTY_SERVER_PORT;
+	};
+
+	const props& getProperties() const;
+
+	const string getPropertyPrefix() const;
+	const std::vector <serviceInfos::property> getAvailableProperties() const;
+
+private:
+
+	const bool m_imaps;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPSERVICEINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPStore.cpp b/vmime-master/src/vmime/net/imap/IMAPStore.cpp
new file mode 100644
index 0000000..eafa444
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPStore.cpp
@@ -0,0 +1,287 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPFolder.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+#include "vmime/net/imap/IMAPCommand.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include <map>
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+IMAPStore::IMAPStore(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth,
+	const bool secured
+)
+	: store(sess, getInfosInstance(), auth),
+	  m_connection(null),
+	  m_isIMAPS(secured) {
+
+}
+
+
+IMAPStore::~IMAPStore() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+const string IMAPStore::getProtocolName() const {
+
+	return "imap";
+}
+
+
+shared_ptr <folder> IMAPStore::getRootFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return make_shared <IMAPFolder>(
+		folder::path(),
+		dynamicCast <IMAPStore>(shared_from_this()),
+		shared_ptr <folderAttributes>()
+	);
+}
+
+
+shared_ptr <folder> IMAPStore::getDefaultFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return make_shared <IMAPFolder>(
+		folder::path::component("INBOX"),
+		dynamicCast <IMAPStore>(shared_from_this()),
+		shared_ptr <folderAttributes>()
+	);
+}
+
+
+shared_ptr <folder> IMAPStore::getFolder(const folder::path& path) {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return make_shared <IMAPFolder>(
+		path,
+		dynamicCast <IMAPStore>(shared_from_this()),
+		shared_ptr <folderAttributes>()
+	);
+}
+
+
+bool IMAPStore::isValidFolderName(const folder::path::component& /* name */) const {
+
+	return true;
+}
+
+
+void IMAPStore::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	m_connection = make_shared <IMAPConnection>(
+		dynamicCast <IMAPStore>(shared_from_this()), getAuthenticator()
+	);
+
+	m_connection->connect();
+}
+
+
+bool IMAPStore::isConnected() const {
+
+	return m_connection && m_connection->isConnected();
+}
+
+
+bool IMAPStore::isIMAPS() const {
+
+	return m_isIMAPS;
+}
+
+
+bool IMAPStore::isSecuredConnection() const {
+
+	if (!m_connection) {
+		return false;
+	}
+
+	return m_connection->isSecuredConnection();
+}
+
+
+shared_ptr <connectionInfos> IMAPStore::getConnectionInfos() const {
+
+	if (!m_connection) {
+		return null;
+	}
+
+	return m_connection->getConnectionInfos();
+}
+
+
+shared_ptr <IMAPConnection> IMAPStore::getConnection() {
+
+	return m_connection;
+}
+
+
+void IMAPStore::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	for (std::list <IMAPFolder*>::iterator it = m_folders.begin() ;
+	     it != m_folders.end() ; ++it) {
+
+		(*it)->onStoreDisconnected();
+	}
+
+	m_folders.clear();
+
+
+	m_connection->disconnect();
+
+	m_connection = null;
+}
+
+
+void IMAPStore::noop() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	IMAPCommand::NOOP()->send(m_connection);
+
+	scoped_ptr <IMAPParser::response> resp(m_connection->readResponse());
+
+	if (resp->isBad() || resp->response_done->response_tagged->
+			resp_cond_state->status != IMAPParser::resp_cond_state::OK) {
+
+		throw exceptions::command_error("NOOP", resp->getErrorLog());
+	}
+
+
+	for (std::list <IMAPFolder*>::iterator it = m_folders.begin() ;
+	     it != m_folders.end() ; ++it) {
+
+		if ((*it)->isOpen()) {
+			(*it)->noop();
+		}
+	}
+}
+
+
+shared_ptr <IMAPConnection> IMAPStore::connection() {
+
+	return m_connection;
+}
+
+
+void IMAPStore::registerFolder(IMAPFolder* folder) {
+
+	m_folders.push_back(folder);
+}
+
+
+void IMAPStore::unregisterFolder(IMAPFolder* folder) {
+
+	std::list <IMAPFolder*>::iterator it = std::find(m_folders.begin(), m_folders.end(), folder);
+
+	if (it != m_folders.end()) {
+		m_folders.erase(it);
+	}
+}
+
+
+int IMAPStore::getCapabilities() const {
+
+	return CAPABILITY_CREATE_FOLDER |
+	       CAPABILITY_RENAME_FOLDER |
+	       CAPABILITY_ADD_MESSAGE |
+	       CAPABILITY_COPY_MESSAGE |
+	       CAPABILITY_DELETE_MESSAGE |
+	       CAPABILITY_PARTIAL_FETCH |
+	       CAPABILITY_MESSAGE_FLAGS |
+	       CAPABILITY_EXTRACT_PART;
+}
+
+
+
+// Service infos
+
+IMAPServiceInfos IMAPStore::sm_infos(false);
+
+
+const serviceInfos& IMAPStore::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& IMAPStore::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPStore.hpp b/vmime-master/src/vmime/net/imap/IMAPStore.hpp
new file mode 100644
index 0000000..018c195
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPStore.hpp
@@ -0,0 +1,124 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPSTORE_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPSTORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/store.hpp"
+#include "vmime/net/socket.hpp"
+#include "vmime/net/folder.hpp"
+
+#include "vmime/net/imap/IMAPServiceInfos.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class IMAPParser;
+class IMAPTag;
+class IMAPFolder;
+
+
+/** IMAP store service.
+  */
+class VMIME_EXPORT IMAPStore : public store {
+
+	friend class IMAPFolder;
+	friend class IMAPMessage;
+	friend class IMAPConnection;
+
+public:
+
+	IMAPStore(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth,
+		const bool secured = false
+	);
+
+	~IMAPStore();
+
+	const string getProtocolName() const;
+
+	shared_ptr <folder> getDefaultFolder();
+	shared_ptr <folder> getRootFolder();
+	shared_ptr <folder> getFolder(const folder::path& path);
+
+	bool isValidFolderName(const folder::path::component& name) const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+	void noop();
+
+	int getCapabilities() const;
+
+	bool isIMAPS() const;
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+	shared_ptr <IMAPConnection> getConnection();
+
+protected:
+
+	// Connection
+	shared_ptr <IMAPConnection> m_connection;
+
+
+
+	shared_ptr <IMAPConnection> connection();
+
+
+	void registerFolder(IMAPFolder* folder);
+	void unregisterFolder(IMAPFolder* folder);
+
+	std::list <IMAPFolder*> m_folders;
+
+	const bool m_isIMAPS;  // Use IMAPS
+
+
+	static IMAPServiceInfos sm_infos;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPSTORE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPTag.cpp b/vmime-master/src/vmime/net/imap/IMAPTag.cpp
new file mode 100644
index 0000000..52cd212
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPTag.cpp
@@ -0,0 +1,148 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPTag.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+const int IMAPTag::sm_maxNumber = 52 * 10 * 10 * 10;
+
+
+IMAPTag::IMAPTag(const int number)
+	: m_number(number) {
+
+	m_tag.resize(4);
+	generate();
+}
+
+
+IMAPTag::IMAPTag(const IMAPTag& tag)
+	: object(),
+	  m_number(tag.m_number) {
+
+	m_tag.resize(4);
+	generate();
+}
+
+
+IMAPTag::IMAPTag()
+	: m_number(1) {
+
+	m_tag.resize(4);
+	generate();
+}
+
+
+IMAPTag& IMAPTag::operator++() {
+
+	++m_number;
+
+	if (m_number >= sm_maxNumber) {
+		m_number = 1;
+	}
+
+	generate();
+
+	return *this;
+}
+
+
+const IMAPTag IMAPTag::operator++(int) {
+
+	IMAPTag old(*this);
+	operator++();
+	return old;
+}
+
+
+bool IMAPTag::operator<(const IMAPTag &other) const {
+
+	return m_number < other.m_number;
+}
+
+
+bool IMAPTag::operator==(const IMAPTag &other) const {
+
+	return m_number == other.m_number;
+}
+
+
+bool IMAPTag::operator!=(const IMAPTag &other) const {
+
+	return m_number != other.m_number;
+}
+
+
+bool IMAPTag::operator==(const std::string &tag) const {
+
+	return m_tag == tag;
+}
+
+
+int IMAPTag::maximumNumber() const {
+
+	return sm_maxNumber - 1;
+}
+
+
+int IMAPTag::number() const {
+
+	return m_number;
+}
+
+
+IMAPTag::operator string() const
+{
+	return m_tag;
+}
+
+
+void IMAPTag::generate() {
+
+	static const char prefixChars[53] =
+		"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+	m_tag[0] = prefixChars[m_number / 1000];
+	m_tag[1] = static_cast <char>('0' + (m_number % 1000) / 100);
+	m_tag[2] = static_cast <char>('0' + (m_number % 100) / 10);
+	m_tag[3] = static_cast <char>('0' + m_number % 10);
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPTag.hpp b/vmime-master/src/vmime/net/imap/IMAPTag.hpp
new file mode 100644
index 0000000..cbab942
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPTag.hpp
@@ -0,0 +1,85 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPTAG_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPTAG_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class VMIME_EXPORT IMAPTag : public object {
+
+private:
+
+	IMAPTag(const int number);
+
+public:
+
+	IMAPTag();
+	IMAPTag(const IMAPTag& tag);
+
+	IMAPTag& operator++();           // ++IMAPTag
+	const IMAPTag operator++(int);   // IMAPTag++
+
+	int maximumNumber() const;
+	int number() const;
+
+	operator string() const;
+
+	bool operator<(const IMAPTag &other) const;
+	bool operator==(const IMAPTag &other) const;
+	bool operator!=(const IMAPTag &other) const;
+
+	bool operator==(const std::string &tag) const;
+
+private:
+
+	void generate();
+
+	static const int sm_maxNumber;
+
+	int m_number;
+	string m_tag;
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPTAG_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/IMAPUtils.cpp b/vmime-master/src/vmime/net/imap/IMAPUtils.cpp
new file mode 100644
index 0000000..59b1e18
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPUtils.cpp
@@ -0,0 +1,854 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/net/imap/IMAPUtils.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+
+#include "vmime/net/message.hpp"
+#include "vmime/net/folder.hpp"
+
+#include <sstream>
+#include <iterator>
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+// static
+const string IMAPUtils::quoteString(const string& text) {
+
+	//
+	// ATOM_CHAR       ::= <any CHAR except atom_specials>
+	//
+	// atom_specials   ::= "(" / ")" / "{" / SPACE / CTL /
+	//                     list_wildcards / quoted_specials
+	//
+	// list_wildcards  ::= "%" / "*"
+	//
+	// quoted_specials ::= <"> / "\"
+	//
+	// CHAR            ::= <any 7-bit US-ASCII character except NUL,
+	//                      0x01 - 0x7f>
+	//
+	// CTL             ::= <any ASCII control character and DEL,
+	//                      0x00 - 0x1f, 0x7f>
+	//
+
+	bool needQuoting = text.empty();
+
+	for (string::const_iterator it = text.begin() ;
+	     !needQuoting && it != text.end() ; ++it) {
+
+		const unsigned char c = *it;
+
+		switch (c) {
+
+			case '(':
+			case ')':
+			case '{':
+			case 0x20:   // SPACE
+			case '%':
+			case '*':
+			case '"':
+			case '\\':
+
+				needQuoting = true;
+				break;
+
+			default:
+
+				if (c <= 0x1f || c >= 0x7f) {
+					needQuoting = true;
+				}
+			}
+	}
+
+	if (needQuoting) {
+
+		string quoted;
+		quoted.reserve((text.length() * 3) / 2 + 2);
+
+		quoted += '"';
+
+		for (string::const_iterator it = text.begin() ; it != text.end() ; ++it) {
+
+			const unsigned char c = *it;
+
+			if (c == '\\' || c == '"') {
+				quoted += '\\';
+			}
+
+			quoted += c;
+		}
+
+		quoted += '"';
+
+		return quoted;
+
+	} else {
+
+		return text;
+	}
+}
+
+
+const string IMAPUtils::pathToString(
+	const char hierarchySeparator,
+	const folder::path& path
+) {
+
+	string result;
+
+	for (size_t i = 0 ; i < path.getSize() ; ++i) {
+
+		if (i > 0) result += hierarchySeparator;
+		result += toModifiedUTF7(hierarchySeparator, path[i]);
+	}
+
+	return (result);
+}
+
+
+const folder::path IMAPUtils::stringToPath(
+	const char hierarchySeparator,
+	const string& str
+) {
+
+	folder::path result;
+	string::const_iterator begin = str.begin();
+
+	for (string::const_iterator it = str.begin() ; it != str.end() ; ++it) {
+
+		if (*it == hierarchySeparator) {
+			result /= fromModifiedUTF7(string(begin, it));
+			begin = it + 1;
+		}
+	}
+
+	if (begin != str.end()) {
+		result /= fromModifiedUTF7(string(begin, str.end()));
+	}
+
+	return result;
+}
+
+
+const string IMAPUtils::toModifiedUTF7(
+	const char hierarchySeparator,
+	const folder::path::component& text
+) {
+
+	// We will replace the hierarchy separator with an equivalent
+	// UTF-7 sequence, so we compute it here...
+	const char base64alphabet[] =
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,=";
+
+	const unsigned int hs = static_cast <unsigned int>(static_cast <unsigned char>(hierarchySeparator));
+
+	string hsUTF7;
+	hsUTF7.resize(3);
+
+	hsUTF7[0] = base64alphabet[0];
+	hsUTF7[1] = base64alphabet[(hs & 0xF0) >> 4];
+	hsUTF7[2] = base64alphabet[(hs & 0x0F) << 2];
+
+	// iconv() is buggy with UTF-8 to UTF-7 conversion, so we do it "by hand".
+	// This code is largely inspired from "imap/utf7.c", in mutt 1.4.
+	// Copyright (C) 2000 Edmund Grimley Evans <edmundo@rano.org>
+
+	// WARNING: This may throw "exceptions::charset_conv_error"
+	const string cvt = text.getConvertedText(charset(charsets::UTF_8));
+
+	// In the worst case we convert 2 chars to 7 chars.
+	// For example: "\x10&\x10&..." -> "&ABA-&-&ABA-&-...".
+	string out;
+	out.reserve((cvt.length() / 2) * 7 + 6);
+
+	int b = 0, k = 0;
+	bool base64 = false;
+
+	size_t remaining = cvt.length();
+
+	for (size_t i = 0, len = cvt.length() ; i < len ; ) {
+
+		const unsigned char c = cvt[i];
+
+		// Replace hierarchy separator with an equivalent UTF-7 Base64 sequence
+		if (!base64 && c == hierarchySeparator) {
+
+			out += "&" + hsUTF7 + "-";
+
+			++i;
+			--remaining;
+			continue;
+		}
+
+		size_t n = 0;
+		int ch = 0;
+
+		if (c < 0x80) {
+			ch = c, n = 0;
+		} else if (c < 0xc2) {
+			return "";
+		} else if (c < 0xe0) {
+			ch = c & 0x1f, n = 1;
+		} else if (c < 0xf0) {
+			ch = c & 0x0f, n = 2;
+		} else if (c < 0xf8) {
+			ch = c & 0x07, n = 3;
+		} else if (c < 0xfc) {
+			ch = c & 0x03, n = 4;
+		} else if (c < 0xfe) {
+			ch = c & 0x01, n = 5;
+		} else {
+			return "";
+		}
+
+		if (n > remaining) {
+			return "";  // error
+		}
+
+		++i;
+		--remaining;
+
+		for (size_t j = 0 ; j < n ; j++) {
+
+			if ((cvt[i + j] & 0xc0) != 0x80) {
+				return "";  // error
+			}
+
+			ch = (ch << 6) | (cvt[i + j] & 0x3f);
+		}
+
+		if (n > 1 && !(ch >> (n * 5 + 1))) {
+			return "";  // error
+		}
+
+		i += n;
+		remaining -= n;
+
+		if (ch < 0x20 || ch >= 0x7f) {
+
+			if (!base64) {
+				out += '&';
+				base64 = true;
+				b = 0;
+				k = 10;
+			}
+
+			if (ch & ~0xffff) {
+				ch = 0xfffe;
+			}
+
+			out += base64alphabet[b | ch >> k];
+
+			k -= 6;
+
+			for ( ; k >= 0 ; k -= 6) {
+				out += base64alphabet[(ch >> k) & 0x3f];
+			}
+
+			b = (ch << (-k)) & 0x3f;
+			k += 16;
+
+		} else {
+
+			if (base64) {
+
+				if (k > 10) {
+					out += base64alphabet[b];
+				}
+
+				out += '-';
+				base64 = false;
+			}
+
+			out += static_cast <char>(ch);
+
+			if (ch == '&') {
+				out += '-';
+			}
+		}
+	}
+
+	if (base64) {
+
+		if (k > 10) {
+			out += base64alphabet[b];
+		}
+
+		out += '-';
+	}
+
+	return (out);
+}
+
+
+const folder::path::component IMAPUtils::fromModifiedUTF7(const string& text) {
+
+	// Transcode from modified UTF-7 (RFC-2060).
+	string out;
+	out.reserve(text.length());
+
+	bool inB64sequence = false;
+	bool plusOutput = false;
+	unsigned char prev = 0;
+
+	for (string::const_iterator it = text.begin() ; it != text.end() ; ++it) {
+
+		const unsigned char c = *it;
+
+		switch (c) {
+
+			// Start of Base64 sequence
+			case '&': {
+
+				if (!inB64sequence) {
+					inB64sequence = true;
+					plusOutput = false;
+				} else {
+					out += '&';
+				}
+
+				break;
+			}
+			// End of Base64 sequence (or "&-" --> "&")
+			case '-': {
+
+				if (inB64sequence && prev == '&') {  // special case "&-" --> "&"
+					out += '&';
+				} else {
+					out += '-';
+				}
+
+				inB64sequence = false;
+				break;
+			}
+			// ',' is used instead of '/' in modified Base64
+			case ',': {
+
+				if (inB64sequence && !plusOutput) {
+					out += '+';
+					plusOutput = true;
+				}
+
+				out += (inB64sequence ? '/' : ',');
+				break;
+			}
+			default: {
+
+				if (inB64sequence && !plusOutput) {
+					out += '+';
+					plusOutput = true;
+				}
+
+				out += c;
+				break;
+			}
+		}
+
+		prev = c;
+	}
+
+	// Store it as UTF-8 by default
+	string cvt;
+	charset::convert(out, cvt, charset(charsets::UTF_7), charset(charsets::UTF_8));
+
+	return folder::path::component(cvt, charset(charsets::UTF_8));
+}
+
+
+// static
+void IMAPUtils::mailboxFlagsToFolderAttributes(
+	const shared_ptr <const IMAPConnection>& cnt,
+	const folder::path &path,
+	const IMAPParser::mailbox_flag_list& list,
+	folderAttributes& attribs
+) {
+
+	int specialUse = folderAttributes::SPECIALUSE_NONE;
+	int type = folderAttributes::TYPE_CONTAINS_MESSAGES | folderAttributes::TYPE_CONTAINS_FOLDERS;
+	int flags = 0;
+
+	// If CHILDREN extension (RFC-3348) is not supported, assume folder has children
+	// as we have no hint about it
+	if (!cnt->hasCapability("CHILDREN")) {
+		flags |= folderAttributes::FLAG_HAS_CHILDREN;
+	}
+
+	for (auto it = list.flags.begin() ; it != list.flags.end() ; ++it) {
+
+		switch ((*it)->type) {
+
+			case IMAPParser::mailbox_flag::NOSELECT:
+
+				type &= ~folderAttributes::TYPE_CONTAINS_MESSAGES;
+				flags |= folderAttributes::FLAG_NO_OPEN;
+				break;
+
+			case IMAPParser::mailbox_flag::NOINFERIORS:
+			case IMAPParser::mailbox_flag::HASNOCHILDREN:
+
+				flags &= ~folderAttributes::FLAG_HAS_CHILDREN;
+				break;
+
+			case IMAPParser::mailbox_flag::HASCHILDREN:
+
+				flags |= folderAttributes::FLAG_HAS_CHILDREN;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_ALL:
+
+				specialUse = folderAttributes::SPECIALUSE_ALL;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_ARCHIVE:
+
+				specialUse = folderAttributes::SPECIALUSE_ARCHIVE;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_DRAFTS:
+
+				specialUse = folderAttributes::SPECIALUSE_DRAFTS;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_FLAGGED:
+
+				specialUse = folderAttributes::SPECIALUSE_FLAGGED;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_JUNK:
+
+				specialUse = folderAttributes::SPECIALUSE_JUNK;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_SENT:
+
+				specialUse = folderAttributes::SPECIALUSE_SENT;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_TRASH:
+
+				specialUse = folderAttributes::SPECIALUSE_TRASH;
+				break;
+
+			case IMAPParser::mailbox_flag::SPECIALUSE_IMPORTANT:
+
+				specialUse = folderAttributes::SPECIALUSE_IMPORTANT;
+				break;
+
+			default:
+
+				break;
+		}
+	}
+
+	if (path.getSize() == 1 && path.getLastComponent().getBuffer() == "INBOX") {
+		specialUse = folderAttributes::SPECIALUSE_INBOX;
+	}
+
+	attribs.setSpecialUse(specialUse);
+	attribs.setType(type);
+	attribs.setFlags(flags);
+}
+
+
+int IMAPUtils::messageFlagsFromFlags(const IMAPParser::flag_list& list) {
+
+	int flags = 0;
+
+	for (auto &flag : list.flags) {
+
+		switch (flag->type) {
+
+			case IMAPParser::flag::ANSWERED:
+
+				flags |= message::FLAG_REPLIED;
+				break;
+
+			case IMAPParser::flag::FLAGGED:
+
+				flags |= message::FLAG_MARKED;
+				break;
+
+			case IMAPParser::flag::DELETED:
+
+				flags |= message::FLAG_DELETED;
+				break;
+
+			case IMAPParser::flag::SEEN:
+
+				flags |= message::FLAG_SEEN;
+				break;
+
+			case IMAPParser::flag::DRAFT:
+
+				flags |= message::FLAG_DRAFT;
+				break;
+
+			default:
+			//case IMAPParser::flag::UNKNOWN:
+
+				break;
+		}
+	}
+
+	return flags;
+}
+
+
+// static
+const std::vector <string> IMAPUtils::messageFlagList(const int flags) {
+
+	std::vector <string> flagList;
+
+	if (flags == -1) {
+		return flagList;  // default flags
+	}
+
+	if (flags & message::FLAG_REPLIED) flagList.push_back("\\Answered");
+	if (flags & message::FLAG_MARKED) flagList.push_back("\\Flagged");
+	if (flags & message::FLAG_DELETED) flagList.push_back("\\Deleted");
+	if (flags & message::FLAG_SEEN) flagList.push_back("\\Seen");
+	if (flags & message::FLAG_DRAFT) flagList.push_back("\\Draft");
+
+	return flagList;
+}
+
+
+// static
+const string IMAPUtils::dateTime(const vmime::datetime& date) {
+
+	std::ostringstream res;
+	res.imbue(std::locale::classic());
+
+	// date_time ::= <"> date_day_fixed "-" date_month "-" date_year
+	//               SPACE time SPACE zone <">
+	//
+	// time      ::= 2digit ":" 2digit ":" 2digit
+	//               ;; Hours minutes seconds
+	// zone      ::= ("+" / "-") 4digit
+	//               ;; Signed four-digit value of hhmm representing
+	//               ;; hours and minutes west of Greenwich
+	res << '"';
+
+	// Date
+	if (date.getDay() < 10) res << ' ';
+	res << date.getDay();
+
+	res << '-';
+
+	static const char* monthNames[12] = {
+		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+	};
+
+	res << monthNames[std::min(std::max(date.getMonth() - 1, 0), 11)];
+
+	res << '-';
+
+	if (date.getYear() < 10) res << '0';
+	if (date.getYear() < 100) res << '0';
+	if (date.getYear() < 1000) res << '0';
+	res << date.getYear();
+
+	res << ' ';
+
+	// Time
+	if (date.getHour() < 10) res << '0';
+	res << date.getHour() << ':';
+
+	if (date.getMinute() < 10) res << '0';
+	res << date.getMinute() << ':';
+
+	if (date.getSecond() < 10) res << '0';
+	res << date.getSecond();
+
+	res << ' ';
+
+	// Zone
+	const int zs = (date.getZone() < 0 ? -1 : 1);
+	const int zh = (date.getZone() * zs) / 60;
+	const int zm = (date.getZone() * zs) % 60;
+
+	res << (zs < 0 ? '-' : '+');
+
+	if (zh < 10) res << '0';
+	res << zh;
+
+	if (zm < 10) res << '0';
+	res << zm;
+
+	res << '"';
+
+	return res.str();
+}
+
+
+// static
+shared_ptr <IMAPCommand> IMAPUtils::buildFetchCommand(
+	const shared_ptr <IMAPConnection>& cnt,
+	const messageSet& msgs,
+	const fetchAttributes& options
+) {
+
+	// Example:
+	//   C: A654 FETCH 2:4 (FLAGS BODY[HEADER.FIELDS (DATE FROM)])
+	//   S: * 2 FETCH ....
+	//   S: * 3 FETCH ....
+	//   S: * 4 FETCH ....
+	//   S: A654 OK FETCH completed
+
+	std::vector <string> items;
+
+	if (options.has(fetchAttributes::SIZE)) {
+		items.push_back("RFC822.SIZE");
+	}
+
+	if (options.has(fetchAttributes::FLAGS)) {
+		items.push_back("FLAGS");
+	}
+
+	if (options.has(fetchAttributes::STRUCTURE)) {
+		items.push_back("BODYSTRUCTURE");
+	}
+
+	if (options.has(fetchAttributes::UID)) {
+
+		items.push_back("UID");
+
+		// Also fetch MODSEQ if CONDSTORE is supported
+		if (cnt && cnt->hasCapability("CONDSTORE") && !cnt->isMODSEQDisabled()) {
+			items.push_back("MODSEQ");
+		}
+	}
+
+	if (options.has(fetchAttributes::FULL_HEADER)) {
+
+		items.push_back("RFC822.HEADER");
+
+	} else {
+
+		if (options.has(fetchAttributes::ENVELOPE)) {
+			items.push_back("ENVELOPE");
+		}
+
+		std::vector <string> headerFields;
+
+		if (options.has(fetchAttributes::CONTENT_INFO)) {
+			headerFields.push_back("CONTENT_TYPE");
+		}
+
+		if (options.has(fetchAttributes::IMPORTANCE)) {
+			headerFields.push_back("IMPORTANCE");
+			headerFields.push_back("X-PRIORITY");
+		}
+
+		// Also add custom header fields to fetch, if any
+		const std::vector <string> customHeaderFields = options.getHeaderFields();
+		std::copy(customHeaderFields.begin(), customHeaderFields.end(), std::back_inserter(headerFields));
+
+		if (!headerFields.empty()) {
+
+			string list;
+
+			for (std::vector <string>::iterator it = headerFields.begin() ;
+			     it != headerFields.end() ; ++it) {
+
+				if (it != headerFields.begin()) {
+					list += " ";
+				}
+
+				list += *it;
+			}
+
+			items.push_back("BODY[HEADER.FIELDS (" + list + ")]");
+		}
+	}
+
+	return IMAPCommand::FETCH(msgs, items);
+}
+
+
+// static
+void IMAPUtils::convertAddressList(
+	const IMAPParser::address_list& src,
+	mailboxList& dest
+) {
+
+	for (auto& addr : src.addresses) {
+
+		text name;
+		text::decodeAndUnfold(addr->addr_name->value, &name);
+
+		string email = addr->addr_mailbox->value
+			+ "@" + addr->addr_host->value;
+
+		dest.appendMailbox(make_shared <mailbox>(name, email));
+	}
+}
+
+
+
+class IMAPUIDMessageSetEnumerator : public messageSetEnumerator {
+
+public:
+
+	IMAPUIDMessageSetEnumerator()
+		: m_first(true) {
+
+		m_oss.imbue(std::locale::classic());
+	}
+
+	void enumerateNumberMessageRange(const vmime::net::numberMessageRange& range) {
+
+		if (!m_first) {
+			m_oss << ",";
+		}
+
+		if (range.getFirst() == range.getLast()) {
+			m_oss << range.getFirst();
+		} else if (range.getLast() == size_t(-1)) {
+			m_oss << range.getFirst() << ":*";
+		} else {
+			m_oss << range.getFirst() << ":" << range.getLast();
+		}
+
+		m_first = false;
+	}
+
+	void enumerateUIDMessageRange(const vmime::net::UIDMessageRange& range) {
+
+		if (!m_first) {
+			m_oss << ",";
+		}
+
+		if (range.getFirst() == range.getLast()) {
+			m_oss << range.getFirst();
+		} else if (range.getLast() == size_t(-1)) {
+			m_oss << range.getFirst() << ":*";
+		} else {
+			m_oss << range.getFirst() << ":" << range.getLast();
+		}
+
+		m_first = false;
+	}
+
+	const std::string str() const {
+
+		return m_oss.str();
+	}
+
+private:
+
+	std::ostringstream m_oss;
+	bool m_first;
+};
+
+
+class IMAPMessageSetEnumerator : public messageSetEnumerator {
+
+public:
+
+	void enumerateNumberMessageRange(const vmime::net::numberMessageRange& range) {
+
+		for (size_t i = range.getFirst(), last = range.getLast() ; i <= last ; ++i) {
+			m_list.push_back(i);
+		}
+	}
+
+	void enumerateUIDMessageRange(const vmime::net::UIDMessageRange& /* range */) {
+
+		// Not used
+	}
+
+	const std::vector <size_t>& list() const {
+
+		return m_list;
+	}
+
+public:
+
+	std::vector <size_t> m_list;
+};
+
+
+
+// static
+const string IMAPUtils::messageSetToSequenceSet(const messageSet& msgs) {
+
+	IMAPUIDMessageSetEnumerator en;
+	msgs.enumerate(en);
+
+	return en.str();
+}
+
+
+// static
+messageSet IMAPUtils::buildMessageSet(const IMAPParser::uid_set& uidSetRef) {
+
+	messageSet set = messageSet::empty();
+
+	const IMAPParser::uid_set* uidSet = &uidSetRef;
+
+	for ( ; uidSet ; uidSet = uidSet->next_uid_set.get()) {
+
+		if (uidSet->uid_range) {
+
+			set.addRange(
+				UIDMessageRange(
+					message::uid(uidSet->uid_range->uniqueid1->value),
+					message::uid(uidSet->uid_range->uniqueid2->value)
+				)
+			);
+
+		} else {
+
+			set.addRange(
+				UIDMessageRange(
+					message::uid(uidSet->uniqueid->value)
+				)
+			);
+		}
+	}
+
+	return set;
+}
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
diff --git a/vmime-master/src/vmime/net/imap/IMAPUtils.hpp b/vmime-master/src/vmime/net/imap/IMAPUtils.hpp
new file mode 100644
index 0000000..d4bd135
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/IMAPUtils.hpp
@@ -0,0 +1,144 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAPUTILS_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAPUTILS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+
+#include "vmime/types.hpp"
+#include "vmime/dateTime.hpp"
+
+#include "vmime/net/folder.hpp"
+#include "vmime/net/message.hpp"
+#include "vmime/net/imap/IMAPParser.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+#include "vmime/net/imap/IMAPCommand.hpp"
+
+#include "vmime/mailboxList.hpp"
+
+#include <vector>
+
+
+namespace vmime {
+namespace net {
+namespace imap {
+
+
+class VMIME_EXPORT IMAPUtils
+{
+public:
+
+	static const string pathToString(const char hierarchySeparator, const folder::path& path);
+	static const folder::path stringToPath(const char hierarchySeparator, const string& str);
+
+	static const string toModifiedUTF7(const char hierarchySeparator, const folder::path::component& text);
+	static const folder::path::component fromModifiedUTF7(const string& text);
+
+	/** Quote string if it contains IMAP-special characters.
+	  *
+	  * @param text string to quote
+	  * @return quoted string
+	  */
+	static const string quoteString(const string& text);
+
+	/** Parse mailbox flags and fill in folder attributes.
+	  *
+	  * @param cnt reference to current IMAP connection (for testing capabilities)
+	  * @param path folder full path
+	  * @param list list of mailbox flags
+	  * @param attribs reference to an object holding folder attributes
+	  */
+	static void mailboxFlagsToFolderAttributes(
+		const shared_ptr <const IMAPConnection>& cnt,
+		const folder::path &path,
+		const IMAPParser::mailbox_flag_list& list,
+		folderAttributes& attribs
+	);
+
+	static int messageFlagsFromFlags(const IMAPParser::flag_list& list);
+
+	static const std::vector <string> messageFlagList(const int flags);
+
+	/** Format a date/time to IMAP date/time format.
+	  *
+	  * @param date date/time to format
+	  * @return IMAP-formatted date/time
+	  */
+	static const string dateTime(const vmime::datetime& date);
+
+	/** Construct a fetch request for the specified messages, designated
+	  * either by their sequence numbers or their UIDs.
+	  *
+	  * @param cnt connection
+	  * @param msgs message set
+	  * @param options fetch options
+	  * @return fetch request
+	  */
+	static shared_ptr <IMAPCommand> buildFetchCommand(
+		const shared_ptr <IMAPConnection>& cnt,
+		const messageSet& msgs,
+		const fetchAttributes& options
+	);
+
+	/** Convert a parser-style address list to a mailbox list.
+	  *
+	  * @param src input address list
+	  * @param dest output mailbox list
+	  */
+	static void convertAddressList(const IMAPParser::address_list& src, mailboxList& dest);
+
+	/** Returns an IMAP-formatted sequence set given a message set.
+	  *
+	  * @param msgs message set
+	  * @return IMAP sequence set (eg. "1:5,7,15:*")
+	  */
+	static const string messageSetToSequenceSet(const messageSet& msgs);
+
+	/** Constructs a message set from a parser 'uid_set' structure.
+	  *
+	  * @param uidSet UID set, as returned by the parser
+	  * @return message set
+	  */
+	static messageSet buildMessageSet(const IMAPParser::uid_set& uidSet);
+
+private:
+
+	static const string buildFetchRequestImpl
+		(const shared_ptr <IMAPConnection>& cnt, const string& mode, const string& set, const int options);
+};
+
+
+} // imap
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_IMAP
+
+#endif // VMIME_NET_IMAP_IMAPUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/imap/imap.hpp b/vmime-master/src/vmime/net/imap/imap.hpp
new file mode 100644
index 0000000..f25baa4
--- /dev/null
+++ b/vmime-master/src/vmime/net/imap/imap.hpp
@@ -0,0 +1,35 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_IMAP_IMAP_HPP_INCLUDED
+#define VMIME_NET_IMAP_IMAP_HPP_INCLUDED
+
+
+#include "vmime/net/imap/IMAPFolder.hpp"
+#include "vmime/net/imap/IMAPFolderStatus.hpp"
+#include "vmime/net/imap/IMAPMessage.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPSStore.hpp"
+
+
+#endif // VMIME_NET_IMAP_IMAP_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.cpp b/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.cpp
new file mode 100644
index 0000000..e611949
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.cpp
@@ -0,0 +1,569 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/format/courierMaildirFormat.hpp"
+
+#include "vmime/net/maildir/maildirStore.hpp"
+#include "vmime/net/maildir/maildirUtils.hpp"
+
+#include "vmime/platform.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+namespace format {
+
+
+courierMaildirFormat::courierMaildirFormat(const shared_ptr <context>& ctx)
+	: maildirFormat(ctx) {
+
+}
+
+
+const string courierMaildirFormat::getName() const {
+
+	return "courier";
+}
+
+
+void courierMaildirFormat::createFolder(const folder::path& path) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	if (!fsf->isValidPath(folderPathToFileSystemPath(path, ROOT_DIRECTORY))) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+	);
+
+	shared_ptr <utility::file> newDir = fsf->create(
+		folderPathToFileSystemPath(path, NEW_DIRECTORY)
+	);
+	shared_ptr <utility::file> tmpDir = fsf->create(
+		folderPathToFileSystemPath(path, TMP_DIRECTORY)
+	);
+	shared_ptr <utility::file> curDir = fsf->create(
+		folderPathToFileSystemPath(path, CUR_DIRECTORY)
+	);
+
+	rootDir->createDirectory(true);
+
+	newDir->createDirectory(false);
+	tmpDir->createDirectory(false);
+	curDir->createDirectory(false);
+
+	shared_ptr <utility::file> maildirFile = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+		 	/ utility::file::path::component("maildirfolder")
+	);
+
+	maildirFile->createFile();
+}
+
+
+void courierMaildirFormat::destroyFolder(const folder::path& path) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	// Recursively delete directories of subfolders
+	const std::vector <folder::path> folders = listFolders(path, true);
+
+	for (std::vector <folder::path>::size_type i = 0, n = folders.size() ; i < n ; ++i) {
+
+		maildirUtils::recursiveFSDelete(
+			fsf->create(folderPathToFileSystemPath(folders[i], ROOT_DIRECTORY))
+		);
+	}
+
+	// Recursively delete the directory of this folder
+	maildirUtils::recursiveFSDelete(
+		fsf->create(folderPathToFileSystemPath(path, ROOT_DIRECTORY))
+	);
+}
+
+
+void courierMaildirFormat::renameFolder(
+	const folder::path& oldPath,
+	const folder::path& newPath
+) {
+
+	const std::vector <folder::path> folders = listFolders(oldPath, true);
+
+	for (std::vector <folder::path>::size_type i = 0, n = folders.size() ; i < n ; ++i) {
+
+		const folder::path folderOldPath = folders[i];
+
+		folder::path folderNewPath = folderOldPath;
+		folderNewPath.renameParent(oldPath, newPath);
+
+		renameFolderImpl(folderOldPath, folderNewPath);
+	}
+
+	renameFolderImpl(oldPath, newPath);
+}
+
+
+void courierMaildirFormat::renameFolderImpl(
+	const folder::path& oldPath,
+	const folder::path& newPath
+) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	const utility::file::path oldFSPath =
+		folderPathToFileSystemPath(oldPath, ROOT_DIRECTORY);
+
+	const utility::file::path newFSPath =
+		folderPathToFileSystemPath(newPath, ROOT_DIRECTORY);
+
+	shared_ptr <utility::file> rootDir = fsf->create(oldFSPath);
+	rootDir->rename(newFSPath);
+}
+
+
+bool courierMaildirFormat::folderExists(const folder::path& path) const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+	);
+
+	shared_ptr <utility::file> newDir = fsf->create(
+		folderPathToFileSystemPath(path, NEW_DIRECTORY)
+	);
+	shared_ptr <utility::file> tmpDir = fsf->create(
+		folderPathToFileSystemPath(path, TMP_DIRECTORY)
+	);
+	shared_ptr <utility::file> curDir = fsf->create(
+		folderPathToFileSystemPath(path, CUR_DIRECTORY)
+	);
+
+	shared_ptr <utility::file> maildirFile = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+		 	/ utility::file::path::component("maildirfolder")
+	);
+
+	bool exists = rootDir->exists() && rootDir->isDirectory() &&
+	              newDir->exists() && newDir->isDirectory() &&
+	              tmpDir->exists() && tmpDir->isDirectory() &&
+	              curDir->exists() && curDir->isDirectory();
+
+	// If this is not the root folder, then a file named "maildirfolder"
+	// must also be present in the directory
+	if (!path.isRoot()) {
+		exists = exists && maildirFile->exists() && maildirFile->isFile();
+	}
+
+	return exists;
+}
+
+
+bool courierMaildirFormat::folderHasSubfolders(const folder::path& path) const {
+
+	std::vector <string> dirs;
+	return listDirectories(path, dirs, true);
+}
+
+
+const utility::file::path courierMaildirFormat::folderPathToFileSystemPath(
+	const folder::path& path,
+	const DirectoryType type
+) const {
+
+	// Virtual folder "/MyFolder/SubFolder" corresponds to physical
+	// directory "[store root]/.MyFolder.SubFolder"
+	utility::file::path fsPath = getContext()->getStore()->getFileSystemPath();
+
+	if (!path.isRoot()) {
+
+		string folderComp;
+
+		for (size_t i = 0, n = path.getSize() ; i < n ; ++i) {
+			folderComp += "." + toModifiedUTF7(path[i]);
+		}
+
+		fsPath /= utility::file::path::component(folderComp);
+	}
+
+	// Last component
+	switch (type) {
+
+		case ROOT_DIRECTORY:
+
+			// Nothing to add
+			break;
+
+		case NEW_DIRECTORY:
+
+			fsPath /= NEW_DIR;
+			break;
+
+		case CUR_DIRECTORY:
+
+			fsPath /= CUR_DIR;
+			break;
+
+		case TMP_DIRECTORY:
+
+			fsPath /= TMP_DIR;
+			break;
+
+		case CONTAINER_DIRECTORY:
+
+			// Not used
+			break;
+	}
+
+	return fsPath;
+}
+
+
+const std::vector <folder::path> courierMaildirFormat::listFolders(
+	const folder::path& root,
+	const bool recursive
+) const {
+
+	// First, list directories
+	std::vector <string> dirs;
+	listDirectories(root, dirs, false);
+
+	// Then, map directories to folders
+	std::vector <folder::path> folders;
+
+	for (std::vector <string>::size_type i = 0, n = dirs.size() ; i < n ; ++i) {
+
+		const string dir = dirs[i].substr(1) + ".";
+		folder::path path;
+
+		for (size_t pos = dir.find("."), prev = 0 ;
+		     pos != string::npos ; prev = pos + 1, pos = dir.find(".", pos + 1)) {
+
+			const string comp = dir.substr(prev, pos - prev);
+			path /= fromModifiedUTF7(comp);
+		}
+
+		if (recursive || path.getSize() == root.getSize() + 1) {
+			folders.push_back(path);
+		}
+	}
+
+	return folders;
+}
+
+
+bool courierMaildirFormat::listDirectories(
+	const folder::path& root,
+	std::vector <string>& dirs,
+	const bool onlyTestForExistence
+) const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		getContext()->getStore()->getFileSystemPath()
+	);
+
+	if (rootDir->exists()) {
+
+		// To speed up things, and if we are not searching in root folder,
+		// search for directories with a common prefix
+		string base;
+
+		if (!root.isRoot()) {
+			for (size_t i = 0, n = root.getSize() ; i < n ; ++i) {
+				base += "." + toModifiedUTF7(root[i]);
+			}
+		}
+
+		// Enumerate directories
+		shared_ptr <utility::fileIterator> it = rootDir->getFiles();
+
+		while (it->hasMoreElements()) {
+
+			shared_ptr <utility::file> file = it->nextElement();
+
+			if (isSubfolderDirectory(*file)) {
+
+				const string dir = file->getFullPath().getLastComponent().getBuffer();
+
+				if (base.empty() || (dir.length() > base.length() && dir.substr(0, base.length()) == base)) {
+
+					dirs.push_back(dir);
+
+					if (onlyTestForExistence) {
+						return true;
+					}
+				}
+			}
+		}
+
+	} else {
+
+		// No sub-folder
+	}
+
+	std::sort(dirs.begin(), dirs.end());
+
+	return !dirs.empty();
+}
+
+
+// static
+bool courierMaildirFormat::isSubfolderDirectory(const utility::file& file) {
+
+	// A directory which names starts with '.' may be a subfolder
+	if (file.isDirectory() &&
+	    file.getFullPath().getLastComponent().getBuffer().length() >= 1 &&
+	    file.getFullPath().getLastComponent().getBuffer()[0] == '.') {
+
+		return true;
+	}
+
+	return false;
+}
+
+
+// static
+const string courierMaildirFormat::toModifiedUTF7(const folder::path::component& text) {
+
+	// From http://www.courier-mta.org/?maildir.html:
+	//
+	// Folder names can contain any Unicode character, except for control
+	// characters. US-ASCII characters, U+0x0020 - U+0x007F, except for the
+	// period, forward-slash, and ampersand characters (U+0x002E, U+0x002F,
+	// and U+0x0026) represent themselves. The ampersand is represented by
+	// the two character sequence "&-". The period, forward slash, and non
+	// US-ASCII Unicode characters are represented using the UTF-7 character
+	// set, and encoded with a modified form of base64-encoding.
+	//
+	// The "&" character starts the modified base64-encoded sequence; the
+	// sequence is terminated by the "-" character. The sequence of 16-bit
+	// Unicode characters is written in big-endian order, and encoded using
+	// the base64-encoding method described in section 5.2 of RFC 1521, with
+	// the following modifications:
+	//
+	// * The "=" padding character is omitted. When decoding, an incomplete
+	//   16-bit character is discarded.
+	//
+	// * The comma character, "," is used in place of the "/" character in
+	//   the base64 alphabet.
+	//
+	// For example, the word "Resume" with both "e"s being the e-acute
+	// character, U+0x00e9, is encoded as "R&AOk-sum&AOk-" (so a folder of
+	// that name would be a maildir subdirectory called ".R&AOk-sum&AOk-").
+	//
+
+	// Transcode path component to UTF-7 charset.
+	// WARNING: This may throw "exceptions::charset_conv_error"
+	const string cvt = text.getConvertedText(charset(charsets::UTF_7));
+
+	// Transcode to modified UTF-7 (RFC-2060).
+	string out;
+	out.reserve((cvt.length() * 3) / 2);
+
+	bool inB64sequence = false;
+
+	for (string::const_iterator it = cvt.begin() ; it != cvt.end() ; ++it) {
+
+		const unsigned char c = *it;
+
+		switch (c) {
+
+			// Beginning of Base64 sequence: replace '+' with '&'
+			case '+': {
+
+				if (!inB64sequence) {
+					inB64sequence = true;
+					out += '&';
+				} else {
+					out += '+';
+				}
+
+				break;
+			}
+			// End of Base64 sequence
+			case '-': {
+
+				inB64sequence = false;
+				out += '-';
+				break;
+			}
+			// ',' is used instead of '/' in modified Base64,
+			// and simply UTF7-encoded out of a Base64 sequence
+			case '/': {
+
+				if (inB64sequence) {
+					out += ',';
+				} else {
+					out += "&Lw-";
+				}
+
+				break;
+			}
+			// Encode period (should not happen in a Base64 sequence)
+			case '.': {
+
+				out += "&Lg-";
+				break;
+			}
+			// '&' (0x26) is represented by the two-octet sequence "&-"
+			case '&': {
+
+				if (!inB64sequence) {
+					out += "&-";
+				} else {
+					out += '&';
+				}
+
+				break;
+			}
+			default: {
+
+				out += c;
+				break;
+			}
+		}
+	}
+
+	return out;
+}
+
+
+// static
+const folder::path::component courierMaildirFormat::fromModifiedUTF7(const string& text) {
+
+	// Transcode from modified UTF-7
+	string out;
+	out.reserve(text.length());
+
+	bool inB64sequence = false;
+	unsigned char prev = 0;
+
+	for (string::const_iterator it = text.begin() ; it != text.end() ; ++it) {
+
+		const unsigned char c = *it;
+
+		switch (c) {
+
+			// Start of Base64 sequence
+			case '&': {
+
+				if (!inB64sequence) {
+					inB64sequence = true;
+					out += '+';
+				} else {
+					out += '&';
+				}
+
+				break;
+			}
+			// End of Base64 sequence (or "&-" --> "&")
+			case '-': {
+
+				if (inB64sequence && prev == '&') {
+					out += '&';
+				} else {
+					out += '-';
+				}
+
+				inB64sequence = false;
+				break;
+			}
+			// ',' is used instead of '/' in modified Base64
+			case ',': {
+
+				out += (inB64sequence ? '/' : ',');
+				break;
+			}
+			default: {
+
+				out += c;
+				break;
+			}
+
+		}
+
+		prev = c;
+	}
+
+	// Store it as UTF-8 by default
+	string cvt;
+	charset::convert(out, cvt, charset(charsets::UTF_7), charset(charsets::UTF_8));
+
+	return folder::path::component(cvt, charset(charsets::UTF_8));
+}
+
+
+bool courierMaildirFormat::supports() const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		getContext()->getStore()->getFileSystemPath()
+	);
+
+	if (rootDir->exists()) {
+
+		// Try to find a file named "maildirfolder", which indicates
+		// the Maildir is in Courier format
+		shared_ptr <utility::fileIterator> it = rootDir->getFiles();
+
+		while (it->hasMoreElements()) {
+
+			shared_ptr <utility::file> file = it->nextElement();
+
+			if (isSubfolderDirectory(*file)) {
+
+				shared_ptr <utility::file> folderFile = fsf->create(
+					file->getFullPath() / utility::file::path::component("maildirfolder")
+				);
+
+				if (folderFile->exists() && folderFile->isFile()) {
+					return true;
+				}
+			}
+		}
+	}
+
+	return false;
+}
+
+
+} // format
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.hpp b/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.hpp
new file mode 100644
index 0000000..7db1a83
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/format/courierMaildirFormat.hpp
@@ -0,0 +1,127 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_FORMAT_COURIERMAILDIRFORMAT_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_FORMAT_COURIERMAILDIRFORMAT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirFormat.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+namespace format {
+
+
+/** Reads Courier/QMail Maildir format.
+  */
+class VMIME_EXPORT courierMaildirFormat : public maildirFormat {
+
+public:
+
+	courierMaildirFormat(const shared_ptr <context>& ctx);
+
+
+	/* Folder types:
+	 *
+	 * - ROOT_DIRECTORY:       ~/Mail/.MyFolder
+	 * - NEW_DIRECTORY:        ~/Mail/.MyFolder/new
+	 * - CUR_DIRECTORY:        ~/Mail/.MyFolder/cur
+	 * - TMP_DIRECTORY:        ~/Mail/.MyFolder/tmp
+	 * - CONTAINER_DIRECTORY:  not used
+	 */
+
+	const string getName() const;
+
+	void createFolder(const folder::path& path);
+	void destroyFolder(const folder::path& path);
+	void renameFolder(const folder::path& oldPath, const folder::path& newPath);
+
+	bool folderExists(const folder::path& path) const;
+	bool folderHasSubfolders(const folder::path& path) const;
+
+	const utility::file::path folderPathToFileSystemPath(
+		const folder::path& path,
+		const DirectoryType type
+	) const;
+
+	const std::vector <folder::path> listFolders(
+		const folder::path& root,
+		const bool recursive
+	) const;
+
+protected:
+
+	bool supports() const;
+
+
+	static const string toModifiedUTF7(const folder::path::component& text);
+	static const folder::path::component fromModifiedUTF7(const string& text);
+
+	void renameFolderImpl(const folder::path& oldPath, const folder::path& newPath);
+
+	/** Test whether the specified file system directory corresponds to
+	  * a maildir subfolder. The name of the directory should start
+	  * with a '.' to be listed as a subfolder.
+	  *
+	  * @param file reference to a file system directory
+	  * @return true if the specified directory is a maildir subfolder,
+	  * false otherwise
+	  */
+	static bool isSubfolderDirectory(const utility::file& file);
+
+	/** List directories corresponding to folders which are (direct or
+	  * indirect) children of specified folder.
+	  *
+	  * @param root root folder
+	  * @param dirs list in which found directories will be added
+	  * @param onlyTestForExistence if true, the function returns as soon
+	  * as the first directory is found
+	  * @return true if at least one directory has been found,
+	  * false otherwise
+	  */
+	bool listDirectories(
+		const folder::path& root,
+		std::vector <string>& dirs,
+		const bool onlyTestForExistence
+	) const;
+};
+
+
+} // format
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_FORMAT_COURIERMAILDIRFORMAT_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.cpp b/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.cpp
new file mode 100644
index 0000000..4eb89e8
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.cpp
@@ -0,0 +1,337 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/format/kmailMaildirFormat.hpp"
+
+#include "vmime/net/maildir/maildirStore.hpp"
+#include "vmime/net/maildir/maildirUtils.hpp"
+
+#include "vmime/platform.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+namespace format {
+
+
+kmailMaildirFormat::kmailMaildirFormat(const shared_ptr <context>& ctx)
+	: maildirFormat(ctx) {
+
+}
+
+
+const string kmailMaildirFormat::getName() const {
+
+	return "kmail";
+}
+
+
+void kmailMaildirFormat::createFolder(const folder::path& path) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	if (!fsf->isValidPath(folderPathToFileSystemPath(path, ROOT_DIRECTORY))) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+	);
+
+	shared_ptr <utility::file> newDir = fsf->create(
+		folderPathToFileSystemPath(path, NEW_DIRECTORY)
+	);
+	shared_ptr <utility::file> tmpDir = fsf->create(
+		folderPathToFileSystemPath(path, TMP_DIRECTORY)
+	);
+	shared_ptr <utility::file> curDir = fsf->create(
+		folderPathToFileSystemPath(path, CUR_DIRECTORY)
+	);
+
+	rootDir->createDirectory(true);
+
+	newDir->createDirectory(false);
+	tmpDir->createDirectory(false);
+	curDir->createDirectory(false);
+}
+
+
+void kmailMaildirFormat::destroyFolder(const folder::path& path) {
+
+	// Delete 'folder' and '.folder.directory' directories
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	maildirUtils::recursiveFSDelete(
+		fsf->create(folderPathToFileSystemPath(path, ROOT_DIRECTORY))  // root
+	);
+
+	maildirUtils::recursiveFSDelete(
+		fsf->create(folderPathToFileSystemPath(path, CONTAINER_DIRECTORY))  // container
+	);
+}
+
+
+bool kmailMaildirFormat::folderExists(const folder::path& path) const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(path, ROOT_DIRECTORY)
+	);
+
+	shared_ptr <utility::file> newDir = fsf->create(
+		folderPathToFileSystemPath(path, NEW_DIRECTORY)
+	);
+	shared_ptr <utility::file> tmpDir = fsf->create(
+		folderPathToFileSystemPath(path, TMP_DIRECTORY)
+	);
+	shared_ptr <utility::file> curDir = fsf->create(
+		folderPathToFileSystemPath(path, CUR_DIRECTORY)
+	);
+
+	return rootDir->exists() && rootDir->isDirectory() &&
+	       newDir->exists() && newDir->isDirectory() &&
+	       tmpDir->exists() && tmpDir->isDirectory() &&
+	       curDir->exists() && curDir->isDirectory();
+}
+
+
+const utility::file::path kmailMaildirFormat::folderPathToFileSystemPath(
+	const folder::path& path,
+	const DirectoryType type
+) const {
+
+	// Root path
+	utility::file::path fsPath = getContext()->getStore()->getFileSystemPath();
+
+	const size_t pathSize = path.getSize();
+	const size_t count = (type == CONTAINER_DIRECTORY
+		? pathSize : (pathSize >= 1 ? pathSize - 1 : 0));
+
+	// Parent folders
+	for (size_t i = 0 ; i < count ; ++i) {
+
+		utility::file::path::component comp(path[i]);
+
+		// TODO: may not work with all encodings...
+		comp.setBuffer("." + comp.getBuffer() + ".directory");
+
+		fsPath /= comp;
+	}
+
+	// Last component
+	if (path.getSize() != 0 && type != CONTAINER_DIRECTORY) {
+
+		fsPath /= path.getLastComponent();
+
+		switch (type) {
+
+			case ROOT_DIRECTORY:
+
+				// Nothing to add
+				break;
+
+			case NEW_DIRECTORY:
+
+				fsPath /= NEW_DIR;
+				break;
+
+			case CUR_DIRECTORY:
+
+				fsPath /= CUR_DIR;
+				break;
+
+			case TMP_DIRECTORY:
+
+				fsPath /= TMP_DIR;
+				break;
+
+			case CONTAINER_DIRECTORY:
+
+				// Can't happen...
+				break;
+		}
+	}
+
+	return fsPath;
+}
+
+
+const std::vector <folder::path> kmailMaildirFormat::listFolders(
+	const folder::path& root,
+	const bool recursive
+) const {
+
+	std::vector <folder::path> list;
+	listFoldersImpl(list, root, recursive);
+
+	return list;
+}
+
+
+void kmailMaildirFormat::listFoldersImpl(
+	std::vector <folder::path>& list,
+	const folder::path& root,
+	const bool recursive
+) const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(root, root.isEmpty() ? ROOT_DIRECTORY : CONTAINER_DIRECTORY)
+	);
+
+	if (rootDir->exists()) {
+
+		shared_ptr <utility::fileIterator> it = rootDir->getFiles();
+
+		while (it->hasMoreElements()) {
+
+			shared_ptr <utility::file> file = it->nextElement();
+
+			if (isSubfolderDirectory(*file)) {
+
+				const utility::path subPath = root / file->getFullPath().getLastComponent();
+
+				list.push_back(subPath);
+
+				if (recursive) {
+					listFoldersImpl(list, subPath, true);
+				}
+			}
+		}
+
+	} else {
+
+		// No sub-folder
+	}
+}
+
+
+// static
+bool kmailMaildirFormat::isSubfolderDirectory(const utility::file& file) {
+
+	// A directory which name does not start with '.' is listed as a sub-folder
+	if (file.isDirectory() &&
+	    file.getFullPath().getLastComponent().getBuffer().length() >= 1 &&
+	    file.getFullPath().getLastComponent().getBuffer()[0] != '.') {
+
+		return true;
+	}
+
+	return false;
+}
+
+
+void kmailMaildirFormat::renameFolder(const folder::path& oldPath, const folder::path& newPath) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(oldPath, ROOT_DIRECTORY)
+	);
+	shared_ptr <utility::file> contDir = fsf->create(
+		folderPathToFileSystemPath(oldPath, CONTAINER_DIRECTORY)
+	);
+
+	try {
+
+		const utility::file::path newRootPath =
+			folderPathToFileSystemPath(newPath, ROOT_DIRECTORY);
+		const utility::file::path newContPath =
+			folderPathToFileSystemPath(newPath, CONTAINER_DIRECTORY);
+
+		rootDir->rename(newRootPath);
+
+		// Container directory may not exist, so ignore error when trying to rename it
+		try {
+			contDir->rename(newContPath);
+		} catch (exceptions::filesystem_exception& e) {
+			// Ignore
+		}
+
+	} catch (exceptions::filesystem_exception& e) {
+
+		// Revert to old location
+		const utility::file::path rootPath =
+			folderPathToFileSystemPath(oldPath, ROOT_DIRECTORY);
+		const utility::file::path contPath =
+			folderPathToFileSystemPath(oldPath, CONTAINER_DIRECTORY);
+
+		try {
+			rootDir->rename(rootPath);
+			contDir->rename(contPath);
+		} catch (exceptions::filesystem_exception& e) {
+			// Ignore (not recoverable)
+		}
+
+		throw;
+	}
+}
+
+
+bool kmailMaildirFormat::folderHasSubfolders(const folder::path& path) const {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> rootDir = fsf->create(
+		folderPathToFileSystemPath(path, CONTAINER_DIRECTORY)
+	);
+
+	shared_ptr <utility::fileIterator> it = rootDir->getFiles();
+
+	while (it->hasMoreElements()) {
+
+		shared_ptr <utility::file> file = it->nextElement();
+
+		if (isSubfolderDirectory(*file)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+bool kmailMaildirFormat::supports() const {
+
+	// This is the default
+	return true;
+}
+
+
+} // format
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.hpp b/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.hpp
new file mode 100644
index 0000000..26b557a
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/format/kmailMaildirFormat.hpp
@@ -0,0 +1,115 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_FORMAT_KMAILMAILDIRFORMAT_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_FORMAT_KMAILMAILDIRFORMAT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirFormat.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+namespace format {
+
+
+/** Reads KMail Maildir format.
+  */
+class VMIME_EXPORT kmailMaildirFormat : public maildirFormat {
+
+public:
+
+	kmailMaildirFormat(const shared_ptr <context>& ctx);
+
+
+	/* Folder types:
+	 *
+	 * - ROOT_DIRECTORY:       ~/Mail/MyFolder
+	 * - NEW_DIRECTORY:        ~/Mail/MyFolder/new
+	 * - CUR_DIRECTORY:        ~/Mail/MyFolder/cur
+	 * - TMP_DIRECTORY:        ~/Mail/MyFolder/tmp
+	 * - CONTAINER_DIRECTORY:  ~/Mail/.MyFolder.directory
+	 */
+
+	const string getName() const;
+
+	void createFolder(const folder::path& path);
+	void destroyFolder(const folder::path& path);
+	void renameFolder(const folder::path& oldPath, const folder::path& newPath);
+
+	bool folderExists(const folder::path& path) const;
+	bool folderHasSubfolders(const folder::path& path) const;
+
+	const utility::file::path folderPathToFileSystemPath(
+		const folder::path& path,
+		const DirectoryType type
+	) const;
+
+	const std::vector <folder::path> listFolders(
+		const folder::path& root,
+		const bool recursive
+	) const;
+
+protected:
+
+	bool supports() const;
+
+
+	/** Recursive implementation of listFolders().
+	  */
+	void listFoldersImpl(
+		std::vector <folder::path>& list,
+		const folder::path& root,
+		const bool recursive
+	) const;
+
+	/** Test whether the specified file system directory corresponds to
+	  * a maildir subfolder. The name of the directory should not start
+	  * with '.' to be listed as a subfolder.
+	  *
+	  * @param file reference to a file system directory
+	  * @return true if the specified directory is a maildir subfolder,
+	  * false otherwise
+	  */
+	static bool isSubfolderDirectory(const utility::file& file);
+};
+
+
+} // format
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#endif // VMIME_NET_MAILDIR_FORMAT_KMAILMAILDIRFORMAT_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/maildir/maildir.hpp b/vmime-master/src/vmime/net/maildir/maildir.hpp
new file mode 100644
index 0000000..8835bf4
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildir.hpp
@@ -0,0 +1,34 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIR_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIR_HPP_INCLUDED
+
+
+#include "vmime/net/maildir/maildirFolder.hpp"
+#include "vmime/net/maildir/maildirFolderStatus.hpp"
+#include "vmime/net/maildir/maildirMessage.hpp"
+#include "vmime/net/maildir/maildirStore.hpp"
+
+
+#endif // VMIME_NET_MAILDIR_MAILDIR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirFolder.cpp b/vmime-master/src/vmime/net/maildir/maildirFolder.cpp
new file mode 100644
index 0000000..8c02025
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFolder.cpp
@@ -0,0 +1,1365 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirFolder.hpp"
+
+#include "vmime/net/maildir/maildirStore.hpp"
+#include "vmime/net/maildir/maildirMessage.hpp"
+#include "vmime/net/maildir/maildirUtils.hpp"
+#include "vmime/net/maildir/maildirFormat.hpp"
+#include "vmime/net/maildir/maildirFolderStatus.hpp"
+
+#include "vmime/message.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirFolder::maildirFolder(
+	const folder::path& path,
+	const shared_ptr <maildirStore>& store
+)
+	: m_store(store),
+	  m_path(path),
+	  m_name(path.isEmpty() ? folder::path::component("") : path.getLastComponent()),
+	  m_mode(-1),
+	  m_open(false),
+	  m_unreadMessageCount(0),
+	  m_messageCount(0) {
+
+	store->registerFolder(this);
+}
+
+
+maildirFolder::~maildirFolder() {
+
+	try {
+
+		shared_ptr <maildirStore> store = m_store.lock();
+
+		if (store) {
+
+			if (m_open) {
+				close(false);
+			}
+
+			store->unregisterFolder(this);
+
+		} else if (m_open) {
+
+			close(false);
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void maildirFolder::onStoreDisconnected() {
+
+	m_store.reset();
+}
+
+
+int maildirFolder::getMode() const {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_mode;
+}
+
+
+const folderAttributes maildirFolder::getAttributes() {
+
+	folderAttributes attribs;
+
+	if (m_path.isEmpty()) {
+		attribs.setType(folderAttributes::TYPE_CONTAINS_FOLDERS);
+	} else {
+		attribs.setType(folderAttributes::TYPE_CONTAINS_FOLDERS | folderAttributes::TYPE_CONTAINS_MESSAGES);
+	}
+
+	if (m_store.lock()->getFormat()->folderHasSubfolders(m_path)) {
+		attribs.setFlags(folderAttributes::FLAG_HAS_CHILDREN);  // contains at least one sub-folder
+	}
+
+	return attribs;
+}
+
+
+const folder::path::component maildirFolder::getName() const {
+
+	return m_name;
+}
+
+
+const folder::path maildirFolder::getFullPath() const {
+
+	return m_path;
+}
+
+
+void maildirFolder::open(const int mode, bool /* failIfModeIsNotAvailable */) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (isOpen()) {
+		throw exceptions::illegal_state("Folder is already open");
+	} else if (!exists()) {
+		throw exceptions::illegal_state("Folder does not exist");
+	}
+
+	scanFolder();
+
+	m_open = true;
+	m_mode = mode;
+}
+
+
+void maildirFolder::close(const bool expunge) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (expunge) {
+		this->expunge();
+	}
+
+	m_open = false;
+	m_mode = -1;
+
+	onClose();
+}
+
+
+void maildirFolder::onClose() {
+
+	for (std::vector <maildirMessage*>::iterator it = m_messages.begin() ;
+	     it != m_messages.end() ; ++it) {
+
+		(*it)->onFolderClosed();
+	}
+
+	m_messages.clear();
+}
+
+
+void maildirFolder::registerMessage(maildirMessage* msg) {
+
+	m_messages.push_back(msg);
+}
+
+
+void maildirFolder::unregisterMessage(maildirMessage* msg) {
+
+	std::vector <maildirMessage*>::iterator it =
+		std::find(m_messages.begin(), m_messages.end(), msg);
+
+	if (it != m_messages.end()) {
+		m_messages.erase(it);
+	}
+}
+
+
+void maildirFolder::create(const folderAttributes& /* attribs */) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (isOpen()) {
+		throw exceptions::illegal_state("Folder is open");
+	} else if (exists()) {
+		throw exceptions::illegal_state("Folder already exists");
+	} else if (!store->isValidFolderName(m_name)) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	// Create directory on file system
+	try {
+		store->getFormat()->createFolder(m_path);
+	} catch (exceptions::filesystem_exception& e) {
+		throw exceptions::command_error("CREATE", "", "File system exception", e);
+	}
+
+	// Notify folder created
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_CREATED,
+			m_path, m_path
+		);
+
+	notifyFolder(event);
+}
+
+
+void maildirFolder::destroy() {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (isOpen()) {
+		throw exceptions::illegal_state("Folder is open");
+	}
+
+	// Delete folder
+	try {
+		store->getFormat()->destroyFolder(m_path);
+	} catch (std::exception&) {
+		// Ignore exception: anyway, we can't recover from this...
+	}
+
+	// Notify folder deleted
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_DELETED,
+			m_path, m_path
+		);
+
+	notifyFolder(event);
+}
+
+
+bool maildirFolder::exists() {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	return store->getFormat()->folderExists(m_path);
+}
+
+
+bool maildirFolder::isOpen() const {
+
+	return m_open;
+}
+
+
+void maildirFolder::scanFolder() {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	try {
+
+		m_messageCount = 0;
+		m_unreadMessageCount = 0;
+
+		shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+		utility::file::path newDirPath =
+			store->getFormat()->folderPathToFileSystemPath(m_path, maildirFormat::NEW_DIRECTORY);
+		shared_ptr <utility::file> newDir = fsf->create(newDirPath);
+
+		utility::file::path curDirPath =
+			store->getFormat()->folderPathToFileSystemPath(m_path, maildirFormat::CUR_DIRECTORY);
+		shared_ptr <utility::file> curDir = fsf->create(curDirPath);
+
+		// New received messages (new/)
+		shared_ptr <utility::fileIterator> nit = newDir->getFiles();
+		std::vector <utility::file::path::component> newMessageFilenames;
+
+		while (nit->hasMoreElements()) {
+
+			shared_ptr <utility::file> file = nit->nextElement();
+
+			if (maildirUtils::isMessageFile(*file)) {
+				newMessageFilenames.push_back(file->getFullPath().getLastComponent());
+			}
+		}
+
+		// Current messages (cur/)
+		shared_ptr <utility::fileIterator> cit = curDir->getFiles();
+		std::vector <utility::file::path::component> curMessageFilenames;
+
+		while (cit->hasMoreElements()) {
+
+			shared_ptr <utility::file> file = cit->nextElement();
+
+			if (maildirUtils::isMessageFile(*file)) {
+				curMessageFilenames.push_back(file->getFullPath().getLastComponent());
+			}
+		}
+
+		// Update/delete existing messages (found in previous scan)
+		for (size_t i = 0 ; i < m_messageInfos.size() ; ++i) {
+
+			messageInfos& msgInfos = m_messageInfos[i];
+
+			// NOTE: the flags may have changed (eg. moving from 'new' to 'cur'
+			// may imply the 'S' flag) and so the filename. That's why we use
+			// "maildirUtils::messageIdComparator" to compare only the 'unique'
+			// portion of the filename...
+
+			if (msgInfos.type == messageInfos::TYPE_CUR) {
+
+				const std::vector <utility::file::path::component>::iterator pos =
+					std::find_if(
+						curMessageFilenames.begin(),
+						curMessageFilenames.end(),
+						maildirUtils::messageIdComparator(msgInfos.path)
+					);
+
+				// If we cannot find this message in the 'cur' directory,
+				// it means it has been deleted (and expunged).
+				if (pos == curMessageFilenames.end()) {
+
+					msgInfos.type = messageInfos::TYPE_DELETED;
+
+				// Otherwise, update its information.
+				} else {
+
+					msgInfos.path = *pos;
+					curMessageFilenames.erase(pos);
+				}
+			}
+		}
+
+		m_messageInfos.reserve(m_messageInfos.size()
+			+ newMessageFilenames.size() + curMessageFilenames.size());
+
+		// Add new messages from 'new': we are responsible to move the files
+		// from the 'new' directory to the 'cur' directory, and append them
+		// to our message list.
+		for (std::vector <utility::file::path::component>::const_iterator
+		     it = newMessageFilenames.begin() ; it != newMessageFilenames.end() ; ++it) {
+
+			const utility::file::path::component newFilename =
+				maildirUtils::buildFilename(maildirUtils::extractId(*it), 0);
+
+			// Move messages from 'new' to 'cur'
+			shared_ptr <utility::file> file = fsf->create(newDirPath / *it);
+			file->rename(curDirPath / newFilename);
+
+			// Append to message list
+			messageInfos msgInfos;
+			msgInfos.path = newFilename;
+
+			if (maildirUtils::extractFlags(msgInfos.path) & message::FLAG_DELETED) {
+				msgInfos.type = messageInfos::TYPE_DELETED;
+			} else {
+				msgInfos.type = messageInfos::TYPE_CUR;
+			}
+
+			m_messageInfos.push_back(msgInfos);
+		}
+
+		// Add new messages from 'cur': the files have already been moved
+		// from 'new' to 'cur'. Just append them to our message list.
+		for (std::vector <utility::file::path::component>::const_iterator
+		     it = curMessageFilenames.begin() ; it != curMessageFilenames.end() ; ++it) {
+
+			// Append to message list
+			messageInfos msgInfos;
+			msgInfos.path = *it;
+
+			if (maildirUtils::extractFlags(msgInfos.path) & message::FLAG_DELETED) {
+				msgInfos.type = messageInfos::TYPE_DELETED;
+			} else {
+				msgInfos.type = messageInfos::TYPE_CUR;
+			}
+
+			m_messageInfos.push_back(msgInfos);
+		}
+
+		// Update message count
+		size_t unreadMessageCount = 0;
+
+		for (std::vector <messageInfos>::const_iterator
+		     it = m_messageInfos.begin() ; it != m_messageInfos.end() ; ++it) {
+
+			if ((maildirUtils::extractFlags((*it).path) & message::FLAG_SEEN) == 0) {
+				++unreadMessageCount;
+			}
+		}
+
+		m_unreadMessageCount = unreadMessageCount;
+		m_messageCount = static_cast <size_t>(m_messageInfos.size());
+
+	} catch (exceptions::filesystem_exception&) {
+
+		// Should not happen...
+	}
+}
+
+
+shared_ptr <message> maildirFolder::getMessage(const size_t num) {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (num < 1 || num > m_messageCount) {
+		throw exceptions::message_not_found();
+	}
+
+	return make_shared <maildirMessage>(dynamicCast <maildirFolder>(shared_from_this()), num);
+}
+
+
+std::vector <shared_ptr <message> > maildirFolder::getMessages(const messageSet& msgs) {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msgs.isNumberSet()) {
+
+		const std::vector <size_t> numbers = maildirUtils::messageSetToNumberList(msgs, m_messageCount);
+
+		std::vector <shared_ptr <message> > messages;
+		shared_ptr <maildirFolder> thisFolder = dynamicCast <maildirFolder>(shared_from_this());
+
+		for (std::vector <size_t>::const_iterator it = numbers.begin() ; it != numbers.end() ; ++it) {
+
+			if (*it < 1|| *it > m_messageCount) {
+				throw exceptions::message_not_found();
+			}
+
+			messages.push_back(make_shared <maildirMessage>(thisFolder, *it));
+		}
+
+		return messages;
+
+	} else {
+
+		throw exceptions::operation_not_supported();
+	}
+}
+
+
+size_t maildirFolder::getMessageCount() {
+
+	return m_messageCount;
+}
+
+
+shared_ptr <folder> maildirFolder::getFolder(const folder::path::component& name) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	return shared_ptr <maildirFolder>(new maildirFolder(m_path / name, store));
+}
+
+
+std::vector <shared_ptr <folder> > maildirFolder::getFolders(const bool recursive) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!isOpen() && !store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	std::vector <shared_ptr <folder> > list;
+
+	listFolders(list, recursive);
+
+	return list;
+}
+
+
+void maildirFolder::listFolders(std::vector <shared_ptr <folder> >& list, const bool recursive) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	try {
+
+		std::vector <folder::path> pathList =
+			store->getFormat()->listFolders(m_path, recursive);
+
+		list.reserve(pathList.size());
+
+		for (std::vector <folder::path>::size_type i = 0, n = pathList.size() ; i < n ; ++i) {
+
+			shared_ptr <maildirFolder> subFolder(
+				new maildirFolder(pathList[i], store)
+			);
+
+			list.push_back(subFolder);
+		}
+
+	} catch (exceptions::filesystem_exception& e) {
+
+		throw exceptions::command_error("LIST", "", "", e);
+	}
+}
+
+
+void maildirFolder::rename(const folder::path& newPath) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (m_path.isEmpty() || newPath.isEmpty()) {
+		throw exceptions::illegal_operation("Cannot rename root folder");
+	} else if (!store->isValidFolderName(newPath.getLastComponent())) {
+		throw exceptions::invalid_folder_name();
+	}
+
+	// Rename the directory on the file system
+	try {
+		store->getFormat()->renameFolder(m_path, newPath);
+	} catch (vmime::exception& e) {
+		throw exceptions::command_error("RENAME", "", "", e);
+	}
+
+	// Notify folder renamed
+	folder::path oldPath(m_path);
+
+	m_path = newPath;
+	m_name = newPath.getLastComponent();
+
+	shared_ptr <events::folderEvent> event =
+		make_shared <events::folderEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::folderEvent::TYPE_RENAMED,
+			oldPath, newPath
+		);
+
+	notifyFolder(event);
+
+	// Notify folders with the same path
+	for (std::list <maildirFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && (*it)->getFullPath() == oldPath) {
+
+			(*it)->m_path = newPath;
+			(*it)->m_name = newPath.getLastComponent();
+
+			shared_ptr <events::folderEvent> event =
+				make_shared <events::folderEvent>(
+					dynamicCast <folder>((*it)->shared_from_this()),
+					events::folderEvent::TYPE_RENAMED,
+					oldPath, newPath
+				);
+
+			(*it)->notifyFolder(event);
+
+		} else if ((*it) != this && oldPath.isParentOf((*it)->getFullPath())) {
+
+			folder::path oldPath((*it)->m_path);
+
+			(*it)->m_path.renameParent(oldPath, newPath);
+
+			shared_ptr <events::folderEvent> event =
+				make_shared <events::folderEvent>(
+					dynamicCast <folder>((*it)->shared_from_this()),
+					events::folderEvent::TYPE_RENAMED,
+					oldPath, (*it)->m_path
+				);
+
+			(*it)->notifyFolder(event);
+		}
+	}
+}
+
+
+void maildirFolder::deleteMessages(const messageSet& msgs) {
+
+	// Mark messages as deleted
+	setMessageFlags(msgs, message::FLAG_DELETED, message::FLAG_MODE_ADD);
+}
+
+
+void maildirFolder::setMessageFlags(
+	const messageSet& msgs,
+	const int flags,
+	const int mode
+) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	if (msgs.isNumberSet()) {
+
+		const std::vector <size_t> nums = maildirUtils::messageSetToNumberList(msgs, m_messageCount);
+
+		// Change message flags
+		shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+		utility::file::path curDirPath = store->getFormat()->
+			folderPathToFileSystemPath(m_path, maildirFormat::CUR_DIRECTORY);
+
+		for (std::vector <size_t>::const_iterator it =
+			 nums.begin() ; it != nums.end() ; ++it) {
+
+			const size_t num = *it - 1;
+
+			try {
+
+				const utility::file::path::component path = m_messageInfos[num].path;
+				shared_ptr <utility::file> file = fsf->create(curDirPath / path);
+
+				int newFlags = maildirUtils::extractFlags(path);
+
+				switch (mode) {
+					case message::FLAG_MODE_ADD:    newFlags |= flags; break;
+					case message::FLAG_MODE_REMOVE: newFlags &= ~flags; break;
+					default:
+					case message::FLAG_MODE_SET:    newFlags = flags; break;
+				}
+
+				const utility::file::path::component newPath =
+					maildirUtils::buildFilename(maildirUtils::extractId(path), newFlags);
+
+				file->rename(curDirPath / newPath);
+
+				if (flags & message::FLAG_DELETED) {
+					m_messageInfos[num].type = messageInfos::TYPE_DELETED;
+				} else {
+					m_messageInfos[num].type = messageInfos::TYPE_CUR;
+				}
+
+				m_messageInfos[num].path = newPath;
+
+			} catch (exceptions::filesystem_exception& e) {
+
+				// Ignore (not important)
+			}
+		}
+
+		// Update local flags
+		switch (mode) {
+
+			case message::FLAG_MODE_ADD: {
+
+				for (std::vector <maildirMessage*>::iterator it =
+					 m_messages.begin() ; it != m_messages.end() ; ++it) {
+
+					if (std::binary_search(nums.begin(), nums.end(), (*it)->getNumber()) &&
+						(*it)->m_flags != maildirMessage::FLAG_UNDEFINED) {
+
+						(*it)->m_flags |= flags;
+					}
+				}
+
+				break;
+			}
+			case message::FLAG_MODE_REMOVE: {
+
+				for (std::vector <maildirMessage*>::iterator it =
+					 m_messages.begin() ; it != m_messages.end() ; ++it) {
+
+					if (std::binary_search(nums.begin(), nums.end(), (*it)->getNumber()) &&
+						(*it)->m_flags != maildirMessage::FLAG_UNDEFINED) {
+
+						(*it)->m_flags &= ~flags;
+					}
+				}
+
+				break;
+			}
+			default:
+			case message::FLAG_MODE_SET: {
+
+				for (std::vector <maildirMessage*>::iterator it =
+					 m_messages.begin() ; it != m_messages.end() ; ++it) {
+
+					if (std::binary_search(nums.begin(), nums.end(), (*it)->getNumber()) &&
+						(*it)->m_flags != maildirMessage::FLAG_UNDEFINED) {
+
+						(*it)->m_flags = flags;
+					}
+				}
+
+				break;
+			}
+
+		}
+
+		// Notify message flags changed
+		shared_ptr <events::messageChangedEvent> event =
+			make_shared <events::messageChangedEvent>(
+				dynamicCast <folder>(shared_from_this()),
+				events::messageChangedEvent::TYPE_FLAGS,
+				nums
+			);
+
+		notifyMessageChanged(event);
+
+		// TODO: notify other folders with the same path
+
+	} else {
+
+		throw exceptions::operation_not_supported();
+	}
+}
+
+
+messageSet maildirFolder::addMessage(
+	const shared_ptr <vmime::message>& msg,
+	const int flags,
+	vmime::datetime* date,
+	utility::progressListener* progress
+) {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter ossAdapter(oss);
+
+	msg->generate(ossAdapter);
+
+	const string& str = oss.str();
+	utility::inputStreamStringAdapter strAdapter(str);
+
+	return addMessage(strAdapter, str.length(), flags, date, progress);
+}
+
+
+messageSet maildirFolder::addMessage(
+	utility::inputStream& is,
+	const size_t size,
+	const int flags,
+	vmime::datetime* /* date */,
+	utility::progressListener* progress
+) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	utility::file::path tmpDirPath = store->getFormat()->
+		folderPathToFileSystemPath(m_path,maildirFormat::TMP_DIRECTORY);
+	utility::file::path dstDirPath = store->getFormat()->
+		folderPathToFileSystemPath(
+			m_path,
+			flags == message::FLAG_RECENT ?
+				maildirFormat::NEW_DIRECTORY :
+				maildirFormat::CUR_DIRECTORY
+		);
+
+	const utility::file::path::component filename =
+		maildirUtils::buildFilename(maildirUtils::generateId(), ((flags == -1) ? 0 : flags));
+
+	try {
+		shared_ptr <utility::file> tmpDir = fsf->create(tmpDirPath);
+		tmpDir->createDirectory(true);
+	} catch (exceptions::filesystem_exception&) {
+		// Don't throw now, it will fail later...
+	}
+
+	try {
+		shared_ptr <utility::file> curDir = fsf->create(dstDirPath);
+		curDir->createDirectory(true);
+	} catch (exceptions::filesystem_exception&) {
+		// Don't throw now, it will fail later...
+	}
+
+	// Actually add the message
+	copyMessageImpl(tmpDirPath, dstDirPath, filename, is, size, progress);
+
+	// Append the message to the cache list
+	messageInfos msgInfos;
+	msgInfos.path = filename;
+	msgInfos.type = messageInfos::TYPE_CUR;
+
+	m_messageInfos.push_back(msgInfos);
+	m_messageCount++;
+
+	if ((flags == -1) || !(flags & message::FLAG_SEEN)) {
+		m_unreadMessageCount++;
+	}
+
+	// Notification
+	std::vector <size_t> nums;
+	nums.push_back(m_messageCount);
+
+	shared_ptr <events::messageCountEvent> event =
+		make_shared <events::messageCountEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::messageCountEvent::TYPE_ADDED,
+			nums
+		);
+
+	notifyMessageCount(event);
+
+	// Notify folders with the same path
+	for (std::list <maildirFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && (*it)->getFullPath() == m_path) {
+
+			(*it)->m_messageCount = m_messageCount;
+			(*it)->m_unreadMessageCount = m_unreadMessageCount;
+
+			(*it)->m_messageInfos.resize(m_messageInfos.size());
+			std::copy(m_messageInfos.begin(), m_messageInfos.end(), (*it)->m_messageInfos.begin());
+
+			shared_ptr <events::messageCountEvent> event =
+				make_shared <events::messageCountEvent>(
+					dynamicCast <folder>((*it)->shared_from_this()),
+					events::messageCountEvent::TYPE_ADDED,
+					nums
+				);
+
+			(*it)->notifyMessageCount(event);
+		}
+	}
+
+	return messageSet::empty();
+}
+
+
+void maildirFolder::copyMessageImpl(
+	const utility::file::path& tmpDirPath,
+	const utility::file::path& dstDirPath,
+	const utility::file::path::component& filename,
+	utility::inputStream& is, const size_t size,
+	utility::progressListener* progress
+) {
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	shared_ptr <utility::file> file = fsf->create(tmpDirPath / filename);
+
+	if (progress) {
+		progress->start(size);
+	}
+
+	// First, write the message into 'tmp'...
+	try {
+
+		file->createFile();
+
+		shared_ptr <utility::fileWriter> fw = file->getFileWriter();
+		shared_ptr <utility::outputStream> os = fw->getOutputStream();
+
+		byte_t buffer[65536];
+		size_t total = 0;
+
+		while (!is.eof()) {
+
+			const size_t read = is.read(buffer, sizeof(buffer));
+
+			if (read != 0) {
+				os->write(buffer, read);
+				total += read;
+			}
+
+			if (progress) {
+				progress->progress(total, size);
+			}
+		}
+
+		os->flush();
+
+	} catch (exception& e) {
+
+		if (progress) {
+			progress->stop(size);
+		}
+
+		// Delete temporary file
+		try {
+			shared_ptr <utility::file> file = fsf->create(tmpDirPath / filename);
+			file->remove();
+		} catch (exceptions::filesystem_exception&) {
+			// Ignore
+		}
+
+		throw exceptions::command_error("ADD", "", "", e);
+	}
+
+	// ...then, move it to 'cur'
+	try {
+
+		file->rename(dstDirPath / filename);
+
+	} catch (exception& e) {
+
+		if (progress) {
+			progress->stop(size);
+		}
+
+		// Delete temporary file
+		try {
+
+			file->remove();
+			shared_ptr <utility::file> file = fsf->create(dstDirPath / filename);
+			file->remove();
+
+		} catch (exceptions::filesystem_exception&) {
+
+			// Ignore
+		}
+
+		throw exceptions::command_error("ADD", "", "", e);
+	}
+
+	if (progress) {
+		progress->stop(size);
+	}
+}
+
+
+messageSet maildirFolder::copyMessages(const folder::path& dest, const messageSet& msgs) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	utility::file::path curDirPath =
+		store->getFormat()->folderPathToFileSystemPath(m_path, maildirFormat::CUR_DIRECTORY);
+
+	utility::file::path destCurDirPath = store->getFormat()->
+		folderPathToFileSystemPath(dest, maildirFormat::CUR_DIRECTORY);
+	utility::file::path destTmpDirPath = store->getFormat()->
+		folderPathToFileSystemPath(dest, maildirFormat::TMP_DIRECTORY);
+
+	// Create destination directories
+	try {
+
+		shared_ptr <utility::file> destTmpDir = fsf->create(destTmpDirPath);
+		destTmpDir->createDirectory(true);
+
+	} catch (exceptions::filesystem_exception&) {
+
+		// Don't throw now, it will fail later...
+	}
+
+	try {
+
+		shared_ptr <utility::file> destCurDir = fsf->create(destCurDirPath);
+		destCurDir->createDirectory(true);
+
+	} catch (exceptions::filesystem_exception&) {
+
+		// Don't throw now, it will fail later...
+	}
+
+	// Copy messages
+	const std::vector <size_t> nums = maildirUtils::messageSetToNumberList(msgs, m_messageCount);
+
+	try {
+
+		for (std::vector <size_t>::const_iterator it =
+		     nums.begin() ; it != nums.end() ; ++it) {
+
+			const size_t num = *it;
+			const messageInfos& msg = m_messageInfos[num - 1];
+			const int flags = maildirUtils::extractFlags(msg.path);
+
+			const utility::file::path::component filename =
+				maildirUtils::buildFilename(maildirUtils::generateId(), flags);
+
+			shared_ptr <utility::file> file = fsf->create(curDirPath / msg.path);
+			shared_ptr <utility::fileReader> fr = file->getFileReader();
+			shared_ptr <utility::inputStream> is = fr->getInputStream();
+
+			copyMessageImpl(destTmpDirPath, destCurDirPath,
+				filename, *is, file->getLength(), NULL);
+		}
+
+	} catch (exception& e) {
+
+		notifyMessagesCopied(dest);
+		throw exceptions::command_error("COPY", "", "", e);
+	}
+
+	notifyMessagesCopied(dest);
+
+	return messageSet::empty();
+}
+
+
+void maildirFolder::notifyMessagesCopied(const folder::path& dest) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	for (std::list <maildirFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && (*it)->getFullPath() == dest) {
+
+			// We only need to update the first folder we found as calling
+			// status() will notify all the folders with the same path.
+			size_t count, unseen;
+			(*it)->status(count, unseen);
+
+			return;
+		}
+	}
+}
+
+
+void maildirFolder::status(size_t& count, size_t& unseen) {
+
+	count = 0;
+	unseen = 0;
+
+	shared_ptr <folderStatus> status = getStatus();
+
+	count = status->getMessageCount();
+	unseen = status->getUnseenCount();
+
+	m_messageCount = count;
+}
+
+
+shared_ptr <folderStatus> maildirFolder::getStatus() {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	const size_t oldCount = m_messageCount;
+
+	scanFolder();
+
+	shared_ptr <maildirFolderStatus> status = make_shared <maildirFolderStatus>();
+
+	status->setMessageCount(m_messageCount);
+	status->setUnseenCount(m_unreadMessageCount);
+
+	// Notify message count changed (new messages)
+	if (m_messageCount > oldCount) {
+
+		std::vector <size_t> nums;
+		nums.reserve(m_messageCount - oldCount);
+
+		for (size_t i = oldCount + 1, j = 0 ; i <= m_messageCount ; ++i, ++j) {
+			nums[j] = i;
+		}
+
+		shared_ptr <events::messageCountEvent> event =
+			make_shared <events::messageCountEvent>(
+				dynamicCast <folder>(shared_from_this()),
+				events::messageCountEvent::TYPE_ADDED,
+				nums
+			);
+
+		notifyMessageCount(event);
+
+		// Notify folders with the same path
+		for (std::list <maildirFolder*>::iterator it = store->m_folders.begin() ;
+		     it != store->m_folders.end() ; ++it) {
+
+			if ((*it) != this && (*it)->getFullPath() == m_path) {
+
+				(*it)->m_messageCount = m_messageCount;
+				(*it)->m_unreadMessageCount = m_unreadMessageCount;
+
+				(*it)->m_messageInfos.resize(m_messageInfos.size());
+				std::copy(m_messageInfos.begin(), m_messageInfos.end(), (*it)->m_messageInfos.begin());
+
+				shared_ptr <events::messageCountEvent> event =
+					make_shared <events::messageCountEvent>(
+						dynamicCast <folder>((*it)->shared_from_this()),
+						events::messageCountEvent::TYPE_ADDED,
+						nums
+					);
+
+				(*it)->notifyMessageCount(event);
+			}
+		}
+	}
+
+	return status;
+}
+
+
+void maildirFolder::expunge() {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (m_mode == MODE_READ_ONLY) {
+		throw exceptions::illegal_state("Folder is read-only");
+	}
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	utility::file::path curDirPath = store->getFormat()->
+		folderPathToFileSystemPath(m_path, maildirFormat::CUR_DIRECTORY);
+
+	std::vector <size_t> nums;
+	size_t unreadCount = 0;
+
+	for (size_t num = 1 ; num <= m_messageCount ; ++num) {
+
+		messageInfos& infos = m_messageInfos[num - 1];
+
+		if (infos.type == messageInfos::TYPE_DELETED) {
+
+			nums.push_back(num);
+
+			for (std::vector <maildirMessage*>::iterator it =
+			     m_messages.begin() ; it != m_messages.end() ; ++it) {
+
+				if ((*it)->m_num == num) {
+					(*it)->m_expunged = true;
+				} else if ((*it)->m_num > num) {
+					(*it)->m_num--;
+				}
+			}
+
+			if (maildirUtils::extractFlags(infos.path) & message::FLAG_SEEN) {
+				++unreadCount;
+			}
+
+			// Delete file from file system
+			try {
+				shared_ptr <utility::file> file = fsf->create(curDirPath / infos.path);
+				file->remove();
+			} catch (exceptions::filesystem_exception& e) {
+				// Ignore (not important)
+			}
+		}
+	}
+
+	if (!nums.empty()) {
+
+		for (std::vector <size_t>::size_type i = nums.size() ; i != 0 ; --i) {
+			m_messageInfos.erase(m_messageInfos.begin() + (i - 1));
+		}
+	}
+
+	m_messageCount -= static_cast <size_t>(nums.size());
+	m_unreadMessageCount -= unreadCount;
+
+	// Notify message expunged
+	shared_ptr <events::messageCountEvent> event =
+		make_shared <events::messageCountEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::messageCountEvent::TYPE_REMOVED,
+			nums
+		);
+
+	notifyMessageCount(event);
+
+	// Notify folders with the same path
+	for (std::list <maildirFolder*>::iterator it = store->m_folders.begin() ;
+	     it != store->m_folders.end() ; ++it) {
+
+		if ((*it) != this && (*it)->getFullPath() == m_path) {
+
+			(*it)->m_messageCount = m_messageCount;
+			(*it)->m_unreadMessageCount = m_unreadMessageCount;
+
+			(*it)->m_messageInfos.resize(m_messageInfos.size());
+			std::copy(m_messageInfos.begin(), m_messageInfos.end(), (*it)->m_messageInfos.begin());
+
+			shared_ptr <events::messageCountEvent> event =
+				make_shared <events::messageCountEvent>(
+					dynamicCast <folder>((*it)->shared_from_this()),
+					events::messageCountEvent::TYPE_REMOVED,
+					nums
+				);
+
+			(*it)->notifyMessageCount(event);
+		}
+	}
+}
+
+
+shared_ptr <folder> maildirFolder::getParent() {
+
+	if (m_path.isEmpty()) {
+		return null;
+	} else {
+		return shared_ptr <maildirFolder>(new maildirFolder(m_path.getParent(), m_store.lock()));
+	}
+}
+
+
+shared_ptr <const store> maildirFolder::getStore() const {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <store> maildirFolder::getStore() {
+
+	return m_store.lock();
+}
+
+
+void maildirFolder::fetchMessages(
+	std::vector <shared_ptr <message> >& msg,
+	const fetchAttributes& options,
+	utility::progressListener* progress
+) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msg.empty()) {
+		return;
+	}
+
+	const size_t total = msg.size();
+	size_t current = 0;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	shared_ptr <maildirFolder> thisFolder = dynamicCast <maildirFolder>(shared_from_this());
+
+	for (std::vector <shared_ptr <message> >::iterator it = msg.begin() ;
+	     it != msg.end() ; ++it) {
+
+		dynamicCast <maildirMessage>(*it)->fetch(thisFolder, options);
+
+		if (progress) {
+			progress->progress(++current, total);
+		}
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+}
+
+
+void maildirFolder::fetchMessage(
+	const shared_ptr <message>& msg,
+	const fetchAttributes& options
+) {
+
+	shared_ptr <maildirStore> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	dynamicCast <maildirMessage>(msg)->fetch(
+		dynamicCast <maildirFolder>(shared_from_this()),
+		options
+	);
+}
+
+
+std::vector <shared_ptr <message> > maildirFolder::getAndFetchMessages(
+	const messageSet& msgs,
+	const fetchAttributes& attribs
+) {
+
+	if (msgs.isEmpty()) {
+		return std::vector <shared_ptr <message> >();
+	}
+
+	std::vector <shared_ptr <message> > messages = getMessages(msgs);
+	fetchMessages(messages, attribs);
+
+	return messages;
+}
+
+
+int maildirFolder::getFetchCapabilities() const {
+
+	return fetchAttributes::ENVELOPE |
+	       fetchAttributes::STRUCTURE |
+	       fetchAttributes::CONTENT_INFO |
+	       fetchAttributes::FLAGS |
+	       fetchAttributes::SIZE |
+	       fetchAttributes::FULL_HEADER |
+	       fetchAttributes::UID |
+	       fetchAttributes::IMPORTANCE;
+}
+
+
+const utility::file::path maildirFolder::getMessageFSPath(const size_t number) const {
+
+	utility::file::path curDirPath = m_store.lock()->getFormat()->
+		folderPathToFileSystemPath(m_path, maildirFormat::CUR_DIRECTORY);
+
+	return curDirPath / m_messageInfos[number - 1].path;
+}
+
+
+std::vector <size_t> maildirFolder::getMessageNumbersStartingOnUID(const message::uid& /* uid */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirFolder.hpp b/vmime-master/src/vmime/net/maildir/maildirFolder.hpp
new file mode 100644
index 0000000..24f2bf8
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFolder.hpp
@@ -0,0 +1,211 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRFOLDER_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRFOLDER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include <vector>
+#include <map>
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/folder.hpp"
+
+#include "vmime/utility/file.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirStore;
+class maildirMessage;
+
+
+/** maildir folder implementation.
+  */
+class VMIME_EXPORT maildirFolder : public folder {
+
+private:
+
+	friend class maildirStore;
+	friend class maildirMessage;
+
+	maildirFolder(const maildirFolder&) : folder() { }
+	maildirFolder(const folder::path& path, const shared_ptr <maildirStore>& store);
+
+public:
+
+	~maildirFolder();
+
+
+	int getMode() const;
+
+	const folderAttributes getAttributes();
+
+	const folder::path::component getName() const;
+	const folder::path getFullPath() const;
+
+	void open(const int mode, bool failIfModeIsNotAvailable = false);
+	void close(const bool expunge);
+	void create(const folderAttributes& attribs);
+
+	bool exists();
+
+	void destroy();
+
+	bool isOpen() const;
+
+	shared_ptr <message> getMessage(const size_t num);
+	std::vector <shared_ptr <message> > getMessages(const messageSet& msgs);
+
+	size_t getMessageCount();
+
+	shared_ptr <folder> getFolder(const folder::path::component& name);
+	std::vector <shared_ptr <folder> > getFolders(const bool recursive = false);
+
+	void rename(const folder::path& newPath);
+
+	void deleteMessages(const messageSet& msgs);
+
+	void setMessageFlags(
+		const messageSet& msgs,
+		const int flags,
+		const int mode = message::FLAG_MODE_SET
+	);
+
+	messageSet addMessage(
+		const shared_ptr <vmime::message>& msg,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet addMessage(
+		utility::inputStream& is,
+		const size_t size,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet copyMessages(const folder::path& dest, const messageSet& msgs);
+
+	void status(size_t& count, size_t& unseen);
+	shared_ptr <folderStatus> getStatus();
+
+	void expunge();
+
+	shared_ptr <folder> getParent();
+
+	shared_ptr <const store> getStore() const;
+	shared_ptr <store> getStore();
+
+
+	void fetchMessages(
+		std::vector <shared_ptr <message> >& msg,
+		const fetchAttributes& options,
+		utility::progressListener* progress = NULL
+	);
+
+	void fetchMessage(const shared_ptr <message>& msg, const fetchAttributes& options);
+
+	std::vector <shared_ptr <message> > getAndFetchMessages(
+		const messageSet& msgs,
+		const fetchAttributes& attribs
+	);
+
+	int getFetchCapabilities() const;
+
+	std::vector <size_t> getMessageNumbersStartingOnUID(const message::uid& uid);
+
+private:
+
+	void scanFolder();
+
+	void listFolders(std::vector <shared_ptr <folder> >& list, const bool recursive);
+
+	void registerMessage(maildirMessage* msg);
+	void unregisterMessage(maildirMessage* msg);
+
+	const utility::file::path getMessageFSPath(const size_t number) const;
+
+	void onStoreDisconnected();
+
+	void onClose();
+
+	void deleteMessagesImpl(const std::vector <size_t>& nums);
+	void setMessageFlagsImpl(const std::vector <size_t>& nums, const int flags, const int mode);
+
+	void copyMessagesImpl(const folder::path& dest, const std::vector <size_t>& nums);
+	void copyMessageImpl(const utility::file::path& tmpDirPath, const utility::file::path& curDirPath, const utility::file::path::component& filename, utility::inputStream& is, const size_t size, utility::progressListener* progress);
+
+	void notifyMessagesCopied(const folder::path& dest);
+
+
+	weak_ptr <maildirStore> m_store;
+
+	folder::path m_path;
+	folder::path::component m_name;
+
+	int m_mode;
+	bool m_open;
+
+	size_t m_unreadMessageCount;
+	size_t m_messageCount;
+
+	// Store information about scanned messages
+	struct messageInfos {
+
+		enum Type {
+			TYPE_CUR,
+			TYPE_DELETED
+		};
+
+		utility::file::path::component path;    // filename
+		Type type;                              // current location
+	};
+
+	std::vector <messageInfos> m_messageInfos;
+
+	// Instanciated message objects
+	std::vector <maildirMessage*> m_messages;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRFOLDER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirFolderStatus.cpp b/vmime-master/src/vmime/net/maildir/maildirFolderStatus.cpp
new file mode 100644
index 0000000..7438d8c
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFolderStatus.cpp
@@ -0,0 +1,88 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirFolderStatus.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirFolderStatus::maildirFolderStatus()
+	: m_count(0),
+	  m_unseen(0) {
+
+}
+
+
+maildirFolderStatus::maildirFolderStatus(const maildirFolderStatus& other)
+	: folderStatus(),
+	  m_count(other.m_count),
+	  m_unseen(other.m_unseen) {
+
+}
+
+
+size_t maildirFolderStatus::getMessageCount() const {
+
+	return m_count;
+}
+
+
+size_t maildirFolderStatus::getUnseenCount() const {
+
+	return m_unseen;
+}
+
+
+void maildirFolderStatus::setMessageCount(const size_t count) {
+
+	m_count = count;
+}
+
+
+void maildirFolderStatus::setUnseenCount(const size_t unseen) {
+
+	m_unseen = unseen;
+}
+
+
+shared_ptr <folderStatus> maildirFolderStatus::clone() const {
+
+	return make_shared <maildirFolderStatus>(*this);
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
diff --git a/vmime-master/src/vmime/net/maildir/maildirFolderStatus.hpp b/vmime-master/src/vmime/net/maildir/maildirFolderStatus.hpp
new file mode 100644
index 0000000..3b69375
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFolderStatus.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRFOLDERSTATUS_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRFOLDERSTATUS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/folderStatus.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+/** Holds the status of a Maildir folder.
+  */
+class VMIME_EXPORT maildirFolderStatus : public folderStatus {
+
+public:
+
+	maildirFolderStatus();
+	maildirFolderStatus(const maildirFolderStatus& other);
+
+	// Inherited from folderStatus
+	size_t getMessageCount() const;
+	size_t getUnseenCount() const;
+
+	shared_ptr <folderStatus> clone() const;
+
+
+	void setMessageCount(const size_t count);
+	void setUnseenCount(const size_t unseen);
+
+private:
+
+	size_t m_count;
+	size_t m_unseen;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRFOLDERSTATUS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirFormat.cpp b/vmime-master/src/vmime/net/maildir/maildirFormat.cpp
new file mode 100644
index 0000000..914c078
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFormat.cpp
@@ -0,0 +1,104 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirFormat.hpp"
+#include "vmime/net/maildir/maildirStore.hpp"
+
+#include "vmime/net/maildir/format/kmailMaildirFormat.hpp"
+#include "vmime/net/maildir/format/courierMaildirFormat.hpp"
+
+#include "vmime/utility/file.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+const utility::file::path::component maildirFormat::TMP_DIR("tmp", vmime::charset(vmime::charsets::US_ASCII));
+const utility::file::path::component maildirFormat::CUR_DIR("cur", vmime::charset(vmime::charsets::US_ASCII));
+const utility::file::path::component maildirFormat::NEW_DIR("new", vmime::charset(vmime::charsets::US_ASCII));
+
+
+//
+// maildirFormat::context
+//
+
+maildirFormat::context::context(const shared_ptr <maildirStore>& store)
+	: m_store(store) {
+
+}
+
+
+shared_ptr <maildirStore> maildirFormat::context::getStore() {
+
+	return m_store.lock();
+}
+
+
+//
+// maildirFormat
+//
+
+maildirFormat::maildirFormat(const shared_ptr <context>& ctx)
+	: m_context(ctx) {
+
+}
+
+
+shared_ptr <maildirFormat::context> maildirFormat::getContext() const {
+
+	return m_context;
+}
+
+
+// static
+shared_ptr <maildirFormat> maildirFormat::detect(const shared_ptr <maildirStore>& store) {
+
+	shared_ptr <context> ctx = make_shared <context>(store);
+
+	// Try Courier format
+	shared_ptr <maildirFormat> fmt = make_shared <format::courierMaildirFormat>(ctx);
+
+	if (fmt->supports()) {
+		return fmt;
+	}
+
+	// Default is KMail format
+	return make_shared <format::kmailMaildirFormat>(ctx);
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirFormat.hpp b/vmime-master/src/vmime/net/maildir/maildirFormat.hpp
new file mode 100644
index 0000000..9b9e063
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirFormat.hpp
@@ -0,0 +1,192 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_FORMAT_MAILDIRFORMAT_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_FORMAT_MAILDIRFORMAT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/folder.hpp"
+
+#include "vmime/utility/file.hpp"
+#include "vmime/utility/path.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirStore;
+
+
+/** Interface for an object capable of reading a specific Maildir format.
+  */
+class VMIME_EXPORT maildirFormat : public object {
+
+public:
+
+	class context : public object {
+
+	public:
+
+		context(const shared_ptr <maildirStore>& store);
+
+		shared_ptr <maildirStore> getStore();
+
+	private:
+
+		weak_ptr <maildirStore> m_store;
+	};
+
+
+	/** Physical directory types. */
+	enum DirectoryType {
+		ROOT_DIRECTORY,       /**< Root directory. */
+		NEW_DIRECTORY,        /**< Directory containing unread messages. */
+		CUR_DIRECTORY,        /**< Directory containing messages that have been seen. */
+		TMP_DIRECTORY,        /**< Temporary directory used for reliable delivery. */
+		CONTAINER_DIRECTORY   /**< Container for subfolders. */
+	};
+
+	/** Return the name of this Maildir format.
+	  *
+	  * @return format name
+	  */
+	virtual const string getName() const = 0;
+
+	/** Create the specified folder.
+	  *
+	  * @param path virtual path of the folder
+	  * @throw exceptions::filesystem_exception, invalid_folder_name
+	  */
+	virtual void createFolder(const folder::path& path) = 0;
+
+	/** Destroy the specified folder.
+	  *
+	  * @param path virtual path of the folder
+	  * @throw exceptions::filesystem_exception
+	  */
+	virtual void destroyFolder(const folder::path& path) = 0;
+
+	/** Rename the specified folder.
+	  *
+	  * @param oldPath old virtual path of the folder
+	  * @param newPath new virtual path of the folder
+	  * @throw exceptions::filesystem_exception
+	  */
+	virtual void renameFolder(const folder::path& oldPath, const folder::path& newPath) = 0;
+
+	/** Test whether the specified folder exists.
+	  *
+	  * @param path virtual path of the folder
+	  * @return true if the folder exists, false otherwise
+	  */
+	virtual bool folderExists(const folder::path& path) const = 0;
+
+	/** Test whether the specified folder has subfolders.
+	  *
+	  * @param path virtual path of the folder
+	  * @return true if the folder has at least one subfolder,
+	  * false otherwise
+	  */
+	virtual bool folderHasSubfolders(const folder::path& path) const = 0;
+
+	/** Returns the directory which represents the specified
+	  * folder on the file system.
+	  *
+	  * @param path virtual path of the folder
+	  * @param type type of directory to return
+	  * @return corresponding directory on the file system
+	  */
+	virtual const utility::file::path folderPathToFileSystemPath(
+		const folder::path& path,
+		const DirectoryType type
+	) const = 0;
+
+	/** List subfolders in the specified folder.
+	  *
+	  * @param root root folder in which to start the search
+	  * @param recursive if set to true, all the descendant are
+	  * returned; if set to false, only direct children are returned.
+	  * @return list of subfolders
+	  */
+	virtual const std::vector <folder::path> listFolders(
+		const folder::path& root,
+		const bool recursive
+	) const = 0;
+
+
+	/** Try to detect the format of the specified Maildir store.
+	  * If the format cannot be detected, a compatible implementation
+	  * will be returned.
+	  *
+	  * @param store of which to detect format
+	  * @return a Maildir format implementation for the specified store
+	  */
+	static shared_ptr <maildirFormat> detect(const shared_ptr <maildirStore>& store);
+
+protected:
+
+	static const utility::file::path::component TMP_DIR;  /**< Ensure reliable delivery (not to be listed). */
+	static const utility::file::path::component CUR_DIR;  /**< No longer new messages. */
+	static const utility::file::path::component NEW_DIR;  /**< Unread messages. */
+
+
+	maildirFormat(const shared_ptr <context>& ctx);
+
+
+	/** Returns the current context.
+	  *
+	  * @return current context
+	  */
+	shared_ptr <context> getContext() const;
+
+	/** Quick checks whether this implementation can read the Maildir
+	  * format in the specified directory.
+	  *
+	  * @return true if the implementation supports the specified
+	  * Maildir, or false otherwise
+	  */
+	virtual bool supports() const = 0;
+
+private:
+
+	shared_ptr <context> m_context;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_FORMAT_MAILDIRFORMAT_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessage.cpp b/vmime-master/src/vmime/net/maildir/maildirMessage.cpp
new file mode 100644
index 0000000..ae99c59
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessage.cpp
@@ -0,0 +1,410 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirMessage.hpp"
+#include "vmime/net/maildir/maildirMessagePart.hpp"
+#include "vmime/net/maildir/maildirMessageStructure.hpp"
+#include "vmime/net/maildir/maildirFolder.hpp"
+#include "vmime/net/maildir/maildirUtils.hpp"
+#include "vmime/net/maildir/maildirStore.hpp"
+
+#include "vmime/message.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirMessage::maildirMessage(const shared_ptr <maildirFolder>& folder, const size_t num)
+	: m_folder(folder),
+	  m_num(num),
+	  m_size(-1),
+	  m_flags(FLAG_UNDEFINED),
+	  m_expunged(false),
+	  m_structure(null) {
+
+	folder->registerMessage(this);
+}
+
+
+maildirMessage::~maildirMessage() {
+
+	try {
+
+		shared_ptr <maildirFolder> folder = m_folder.lock();
+
+		if (folder) {
+			folder->unregisterMessage(this);
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void maildirMessage::onFolderClosed() {
+
+	m_folder.reset();
+}
+
+
+size_t maildirMessage::getNumber() const {
+
+	return m_num;
+}
+
+
+const message::uid maildirMessage::getUID() const {
+
+	return m_uid;
+}
+
+
+size_t maildirMessage::getSize() const {
+
+	if (m_size == static_cast <size_t>(-1)) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_size;
+}
+
+
+bool maildirMessage::isExpunged() const {
+
+	return m_expunged;
+}
+
+
+shared_ptr <const messageStructure> maildirMessage::getStructure() const {
+
+	if (!m_structure) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_structure;
+}
+
+
+shared_ptr <messageStructure> maildirMessage::getStructure() {
+
+	if (!m_structure) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_structure;
+}
+
+
+shared_ptr <const header> maildirMessage::getHeader() const {
+
+	if (!m_header) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_header;
+}
+
+
+int maildirMessage::getFlags() const {
+
+	if (m_flags == FLAG_UNDEFINED) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_flags;
+}
+
+
+void maildirMessage::setFlags(const int flags, const int mode) {
+
+	shared_ptr <maildirFolder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::folder_not_found();
+	}
+
+	folder->setMessageFlags(messageSet::byNumber(m_num), flags, mode);
+}
+
+
+void maildirMessage::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const bool peek
+) const {
+
+	extractImpl(os, progress, 0, m_size, start, length, peek);
+}
+
+
+void maildirMessage::extractPart(
+	const shared_ptr <const messagePart>& p,
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const bool peek
+) const {
+
+	shared_ptr <const maildirMessagePart> mp = dynamicCast <const maildirMessagePart>(p);
+
+	extractImpl(
+		os, progress, mp->getBodyParsedOffset(), mp->getBodyParsedLength(),
+		start, length, peek
+	);
+}
+
+
+void maildirMessage::extractImpl(
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const size_t partialStart,
+	const size_t partialLength,
+	const bool /* peek */
+) const {
+
+	shared_ptr <const maildirFolder> folder = m_folder.lock();
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	const utility::file::path path = folder->getMessageFSPath(m_num);
+	shared_ptr <utility::file> file = fsf->create(path);
+
+	shared_ptr <utility::fileReader> reader = file->getFileReader();
+	shared_ptr <utility::inputStream> is = reader->getInputStream();
+
+	is->skip(start + partialStart);
+
+	byte_t buffer[8192];
+	size_t remaining =
+		(partialLength == static_cast <size_t>(-1)
+			? length
+			: std::min(partialLength, length)
+		);
+
+	const size_t total = remaining;
+	size_t current = 0;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	while (!is->eof() && remaining > 0) {
+
+		const size_t read = is->read(buffer, std::min(remaining, sizeof(buffer)));
+
+		remaining -= read;
+		current += read;
+
+		os.write(buffer, read);
+
+		if (progress) {
+			progress->progress(current, total);
+		}
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+
+	// TODO: mark as read unless 'peek' is set
+}
+
+
+void maildirMessage::fetchPartHeader(const shared_ptr <messagePart>& p) {
+
+	shared_ptr <maildirFolder> folder = m_folder.lock();
+
+	shared_ptr <maildirMessagePart> mp = dynamicCast <maildirMessagePart>(p);
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	const utility::file::path path = folder->getMessageFSPath(m_num);
+	shared_ptr <utility::file> file = fsf->create(path);
+
+	shared_ptr <utility::fileReader> reader = file->getFileReader();
+	shared_ptr <utility::inputStream> is = reader->getInputStream();
+
+	is->skip(mp->getHeaderParsedOffset());
+
+	byte_t buffer[1024];
+	size_t remaining = mp->getHeaderParsedLength();
+
+	string contents;
+	contents.reserve(remaining);
+
+	while (!is->eof() && remaining > 0) {
+
+		const size_t read = is->read(buffer, std::min(remaining, sizeof(buffer)));
+
+		remaining -= read;
+
+		vmime::utility::stringUtils::appendBytesToString(contents, buffer, read);
+	}
+
+	mp->getOrCreateHeader().parse(contents);
+}
+
+
+void maildirMessage::fetch(const shared_ptr <maildirFolder>& msgFolder, const fetchAttributes& options) {
+
+	shared_ptr <maildirFolder> folder = m_folder.lock();
+
+	if (folder != msgFolder) {
+		throw exceptions::folder_not_found();
+	}
+
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	const utility::file::path path = folder->getMessageFSPath(m_num);
+	shared_ptr <utility::file> file = fsf->create(path);
+
+	if (options.has(fetchAttributes::FLAGS)) {
+		m_flags = maildirUtils::extractFlags(path.getLastComponent());
+	}
+
+	if (options.has(fetchAttributes::SIZE)) {
+		m_size = file->getLength();
+	}
+
+	if (options.has(fetchAttributes::UID)) {
+		m_uid = maildirUtils::extractId(path.getLastComponent()).getBuffer();
+	}
+
+	if (options.has(fetchAttributes::ENVELOPE | fetchAttributes::CONTENT_INFO |
+	                fetchAttributes::FULL_HEADER | fetchAttributes::STRUCTURE |
+	                fetchAttributes::IMPORTANCE)) {
+
+		string contents;
+
+		shared_ptr <utility::fileReader> reader = file->getFileReader();
+		shared_ptr <utility::inputStream> is = reader->getInputStream();
+
+		// Need whole message contents for structure
+		if (options.has(fetchAttributes::STRUCTURE)) {
+
+			byte_t buffer[16384];
+
+			contents.reserve(file->getLength());
+
+			while (!is->eof()) {
+				const size_t read = is->read(buffer, sizeof(buffer));
+				vmime::utility::stringUtils::appendBytesToString(contents, buffer, read);
+			}
+
+		// Need only header
+		} else {
+
+			byte_t buffer[1024];
+
+			contents.reserve(4096);
+
+			while (!is->eof()) {
+
+				const size_t read = is->read(buffer, sizeof(buffer));
+				vmime::utility::stringUtils::appendBytesToString(contents, buffer, read);
+
+				const size_t sep1 = contents.rfind("\r\n\r\n");
+				const size_t sep2 = contents.rfind("\n\n");
+
+				if (sep1 != string::npos) {
+					contents.erase(contents.begin() + sep1 + 4, contents.end());
+					break;
+				} else if (sep2 != string::npos) {
+					contents.erase(contents.begin() + sep2 + 2, contents.end());
+					break;
+				}
+			}
+		}
+
+		vmime::message msg;
+		msg.parse(contents);
+
+		// Extract structure
+		if (options.has(fetchAttributes::STRUCTURE)) {
+			m_structure = make_shared <maildirMessageStructure>(shared_ptr <maildirMessagePart>(), msg);
+		}
+
+		// Extract some header fields or whole header
+		if (options.has(fetchAttributes::ENVELOPE |
+		                fetchAttributes::CONTENT_INFO |
+		                fetchAttributes::FULL_HEADER |
+		                fetchAttributes::IMPORTANCE)) {
+
+			getOrCreateHeader()->copyFrom(*(msg.getHeader()));
+		}
+	}
+}
+
+
+shared_ptr <header> maildirMessage::getOrCreateHeader() {
+
+	if (m_header) {
+		return m_header;
+	} else {
+		return (m_header = make_shared <header>());
+	}
+}
+
+
+shared_ptr <vmime::message> maildirMessage::getParsedMessage() {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter os(oss);
+
+	extract(os);
+
+	shared_ptr <vmime::message> msg = make_shared <vmime::message>();
+	msg->parse(oss.str());
+
+	return msg;
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessage.hpp b/vmime-master/src/vmime/net/maildir/maildirMessage.hpp
new file mode 100644
index 0000000..8cd0aac
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessage.hpp
@@ -0,0 +1,137 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRMESSAGE_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRMESSAGE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/message.hpp"
+#include "vmime/net/folder.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirFolder;
+
+
+/** maildir message implementation.
+  */
+class VMIME_EXPORT maildirMessage : public message {
+
+	friend class maildirFolder;
+
+	maildirMessage(const maildirMessage&) : message() { }
+
+public:
+
+	maildirMessage(const shared_ptr <maildirFolder>& folder, const size_t num);
+
+	~maildirMessage();
+
+
+	size_t getNumber() const;
+
+	const uid getUID() const;
+
+	size_t getSize() const;
+
+	bool isExpunged() const;
+
+	shared_ptr <const messageStructure> getStructure() const;
+	shared_ptr <messageStructure> getStructure();
+
+	shared_ptr <const header> getHeader() const;
+
+	int getFlags() const;
+	void setFlags(const int flags, const int mode = FLAG_MODE_SET);
+
+	void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void extractPart(
+		const shared_ptr <const messagePart>& p,
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void fetchPartHeader(const shared_ptr <messagePart>& p);
+
+	shared_ptr <vmime::message> getParsedMessage();
+
+private:
+
+	void fetch(const shared_ptr <maildirFolder>& folder, const fetchAttributes& options);
+
+	void onFolderClosed();
+
+	shared_ptr <header> getOrCreateHeader();
+
+	void extractImpl(
+		utility::outputStream& os,
+		utility::progressListener* progress,
+		const size_t start,
+		const size_t length,
+		const size_t partialStart,
+		const size_t partialLength,
+		const bool peek
+	) const;
+
+
+	weak_ptr <maildirFolder> m_folder;
+
+	size_t m_num;
+	size_t m_size;
+	int m_flags;
+	bool m_expunged;
+	uid m_uid;
+
+	shared_ptr <header> m_header;
+	shared_ptr <messageStructure> m_structure;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRMESSAGE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessagePart.cpp b/vmime-master/src/vmime/net/maildir/maildirMessagePart.cpp
new file mode 100644
index 0000000..7448d7e
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessagePart.cpp
@@ -0,0 +1,178 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirMessagePart.hpp"
+#include "vmime/net/maildir/maildirMessageStructure.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirMessagePart::maildirMessagePart(
+	const shared_ptr <maildirMessagePart>& parent,
+	const size_t number,
+	const bodyPart& part
+)
+	: m_parent(parent),
+	  m_header(null),
+	  m_number(number) {
+
+	m_headerParsedOffset = part.getHeader()->getParsedOffset();
+	m_headerParsedLength = part.getHeader()->getParsedLength();
+
+	m_bodyParsedOffset = part.getBody()->getParsedOffset();
+	m_bodyParsedLength = part.getBody()->getParsedLength();
+
+	m_size = part.getBody()->getContents()->getLength();
+
+	m_mediaType = part.getBody()->getContentType();
+
+	auto cdispField = part.getHeader()->ContentDisposition();
+	if (cdispField) {
+		m_dispType = dynamic_cast <const contentDisposition&>(*cdispField->getValue());
+	}
+}
+
+
+maildirMessagePart::~maildirMessagePart() {
+
+}
+
+
+void maildirMessagePart::initStructure(const bodyPart& part) {
+
+	if (part.getBody()->getPartList().size() == 0) {
+
+		m_structure = null;
+
+	} else {
+
+		m_structure = make_shared <maildirMessageStructure>(
+			dynamicCast <maildirMessagePart>(shared_from_this()), part.getBody()->getPartList()
+		);
+	}
+}
+
+
+shared_ptr <const messageStructure> maildirMessagePart::getStructure() const {
+
+	if (m_structure) {
+		return m_structure;
+	} else {
+		return maildirMessageStructure::emptyStructure();
+	}
+}
+
+
+shared_ptr <messageStructure> maildirMessagePart::getStructure() {
+
+	if (m_structure) {
+		return m_structure;
+	} else {
+		return maildirMessageStructure::emptyStructure();
+	}
+}
+
+
+const mediaType& maildirMessagePart::getType() const {
+
+	return m_mediaType;
+}
+
+
+const contentDisposition &maildirMessagePart::getDisposition() const {
+
+	return m_dispType;
+}
+
+
+size_t maildirMessagePart::getSize() const {
+
+	return m_size;
+}
+
+
+size_t maildirMessagePart::getNumber() const {
+
+	return m_number;
+}
+
+
+shared_ptr <const header> maildirMessagePart::getHeader() const {
+
+	if (!m_header) {
+		throw exceptions::unfetched_object();
+	} else {
+		return m_header;
+	}
+}
+
+
+header& maildirMessagePart::getOrCreateHeader() {
+
+	if (m_header) {
+		return *m_header;
+	} else {
+		return *(m_header = make_shared <header>());
+	}
+}
+
+
+size_t maildirMessagePart::getHeaderParsedOffset() const {
+
+	return m_headerParsedOffset;
+}
+
+
+size_t maildirMessagePart::getHeaderParsedLength() const {
+
+	return m_headerParsedLength;
+}
+
+
+size_t maildirMessagePart::getBodyParsedOffset() const {
+
+	return m_bodyParsedOffset;
+}
+
+
+size_t maildirMessagePart::getBodyParsedLength() const {
+
+	return m_bodyParsedLength;
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessagePart.hpp b/vmime-master/src/vmime/net/maildir/maildirMessagePart.hpp
new file mode 100644
index 0000000..5ecc739
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessagePart.hpp
@@ -0,0 +1,106 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRMESSAGEPART_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRMESSAGEPART_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/message.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirMessageStructure;
+
+
+class maildirMessagePart : public messagePart
+{
+public:
+
+	maildirMessagePart(
+		const shared_ptr <maildirMessagePart>& parent,
+		const size_t number,
+		const bodyPart& part
+	);
+
+	~maildirMessagePart();
+
+
+	shared_ptr <const messageStructure> getStructure() const;
+	shared_ptr <messageStructure> getStructure();
+
+	weak_ptr <const maildirMessagePart> getParent() const { return (m_parent); }
+
+	const mediaType& getType() const;
+	const contentDisposition &getDisposition() const;
+	size_t getSize() const;
+	size_t getNumber() const;
+
+	shared_ptr <const header> getHeader() const;
+
+	header& getOrCreateHeader();
+
+	size_t getHeaderParsedOffset() const;
+	size_t getHeaderParsedLength() const;
+
+	size_t getBodyParsedOffset() const;
+	size_t getBodyParsedLength() const;
+
+	void initStructure(const bodyPart& part);
+
+private:
+
+	shared_ptr <maildirMessageStructure> m_structure;
+	weak_ptr <maildirMessagePart> m_parent;
+	shared_ptr <header> m_header;
+
+	size_t m_number;
+	size_t m_size;
+	mediaType m_mediaType;
+	contentDisposition m_dispType;
+
+	size_t m_headerParsedOffset;
+	size_t m_headerParsedLength;
+
+	size_t m_bodyParsedOffset;
+	size_t m_bodyParsedLength;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRMESSAGEPART_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessageStructure.cpp b/vmime-master/src/vmime/net/maildir/maildirMessageStructure.cpp
new file mode 100644
index 0000000..1e2f2cc
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessageStructure.cpp
@@ -0,0 +1,104 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirMessageStructure.hpp"
+#include "vmime/net/maildir/maildirMessagePart.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+shared_ptr <maildirMessageStructure> maildirMessageStructure::m_emptyStructure = make_shared <maildirMessageStructure>();
+
+
+maildirMessageStructure::maildirMessageStructure()
+{
+}
+
+
+maildirMessageStructure::maildirMessageStructure(
+	const shared_ptr <maildirMessagePart>& parent,
+	const bodyPart& part
+) {
+
+	shared_ptr <maildirMessagePart> mpart = make_shared <maildirMessagePart>(parent, 0, part);
+	mpart->initStructure(part);
+
+	m_parts.push_back(mpart);
+}
+
+
+maildirMessageStructure::maildirMessageStructure(
+	const shared_ptr <maildirMessagePart>& parent,
+	const std::vector <shared_ptr <const vmime::bodyPart> >& list
+) {
+
+	for (size_t i = 0 ; i < list.size() ; ++i) {
+
+		shared_ptr <maildirMessagePart> mpart = make_shared <maildirMessagePart>(parent, i, *list[i]);
+		mpart->initStructure(*list[i]);
+
+		m_parts.push_back(mpart);
+	}
+}
+
+
+shared_ptr <const messagePart> maildirMessageStructure::getPartAt(const size_t x) const {
+
+	return m_parts[x];
+}
+
+
+shared_ptr <messagePart> maildirMessageStructure::getPartAt(const size_t x) {
+
+	return m_parts[x];
+}
+
+
+size_t maildirMessageStructure::getPartCount() const {
+
+	return m_parts.size();
+}
+
+
+// static
+shared_ptr <maildirMessageStructure> maildirMessageStructure::emptyStructure() {
+
+	return m_emptyStructure;
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
diff --git a/vmime-master/src/vmime/net/maildir/maildirMessageStructure.hpp b/vmime-master/src/vmime/net/maildir/maildirMessageStructure.hpp
new file mode 100644
index 0000000..1a20ea4
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirMessageStructure.hpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRMESSAGESTRUCTURE_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRMESSAGESTRUCTURE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/message.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirMessagePart;
+
+
+class maildirMessageStructure : public messageStructure {
+
+public:
+
+	maildirMessageStructure();
+	maildirMessageStructure(
+		const shared_ptr <maildirMessagePart>& parent,
+		const bodyPart& part
+	);
+	maildirMessageStructure(
+		const shared_ptr <maildirMessagePart>& parent,
+		const std::vector <shared_ptr <const vmime::bodyPart> >& list
+	);
+
+
+	shared_ptr <const messagePart> getPartAt(const size_t x) const;
+	shared_ptr <messagePart> getPartAt(const size_t x);
+
+	size_t getPartCount() const;
+
+	static shared_ptr <maildirMessageStructure> emptyStructure();
+
+private:
+
+	static shared_ptr <maildirMessageStructure> m_emptyStructure;
+
+	std::vector <shared_ptr <maildirMessagePart> > m_parts;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRMESSAGESTRUCTURE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirServiceInfos.cpp b/vmime-master/src/vmime/net/maildir/maildirServiceInfos.cpp
new file mode 100644
index 0000000..f9d92d3
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirServiceInfos.cpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirServiceInfos::maildirServiceInfos() {
+
+}
+
+
+const string maildirServiceInfos::getPropertyPrefix() const {
+
+	return "store.maildir.";
+}
+
+
+const maildirServiceInfos::props& maildirServiceInfos::getProperties() const {
+
+	static props maildirProps = {
+		property(serviceInfos::property::SERVER_ROOTPATH, serviceInfos::property::FLAG_REQUIRED)
+	};
+
+	return maildirProps;
+}
+
+
+const std::vector <serviceInfos::property> maildirServiceInfos::getAvailableProperties() const {
+
+	std::vector <property> list;
+	const props& p = getProperties();
+
+	list.push_back(p.PROPERTY_SERVER_ROOTPATH);
+
+	return list;
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirServiceInfos.hpp b/vmime-master/src/vmime/net/maildir/maildirServiceInfos.hpp
new file mode 100644
index 0000000..827a7d7
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirServiceInfos.hpp
@@ -0,0 +1,69 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRSERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRSERVICEINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+/** Information about maildir service.
+  */
+class VMIME_EXPORT maildirServiceInfos : public serviceInfos {
+
+public:
+
+	maildirServiceInfos();
+
+	struct props {
+		serviceInfos::property PROPERTY_SERVER_ROOTPATH;
+	};
+
+	const props& getProperties() const;
+
+	const string getPropertyPrefix() const;
+	const std::vector <serviceInfos::property> getAvailableProperties() const;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRSERVICEINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirStore.cpp b/vmime-master/src/vmime/net/maildir/maildirStore.cpp
new file mode 100644
index 0000000..a994f45
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirStore.cpp
@@ -0,0 +1,294 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirStore.hpp"
+
+#include "vmime/net/maildir/maildirFolder.hpp"
+#include "vmime/net/maildir/maildirFormat.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+
+// Helpers for service properties
+#define GET_PROPERTY(type, prop) \
+	(getInfos().getPropertyValue <type>(getSession(), \
+		dynamic_cast <const maildirServiceInfos&>(getInfos()).getProperties().prop))
+#define HAS_PROPERTY(prop) \
+	(getInfos().hasProperty(getSession(), \
+		dynamic_cast <const maildirServiceInfos&>(getInfos()).getProperties().prop))
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+maildirStore::maildirStore(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth
+)
+	: store(sess, getInfosInstance(), auth),
+	  m_connected(false) {
+
+}
+
+
+maildirStore::~maildirStore() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+const string maildirStore::getProtocolName() const {
+
+	return "maildir";
+}
+
+
+shared_ptr <folder> maildirStore::getRootFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <maildirFolder>(
+		new maildirFolder(
+			folder::path(),
+			dynamicCast <maildirStore>(shared_from_this())
+		)
+	);
+}
+
+
+shared_ptr <folder> maildirStore::getDefaultFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <maildirFolder>(
+		new maildirFolder(
+			folder::path::component("inbox"),
+			dynamicCast <maildirStore>(shared_from_this())
+		)
+	);
+}
+
+
+shared_ptr <folder> maildirStore::getFolder(const folder::path& path) {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <maildirFolder>(
+		new maildirFolder(
+			path,
+			dynamicCast <maildirStore>(shared_from_this())
+		)
+	);
+}
+
+
+bool maildirStore::isValidFolderName(const folder::path::component& name) const {
+
+	if (!platform::getHandler()->getFileSystemFactory()->isValidPathComponent(name)) {
+		return false;
+	}
+
+	const string& buf = name.getBuffer();
+
+	// Name cannot start/end with spaces
+	if (utility::stringUtils::trim(buf) != buf) {
+		return false;
+	}
+
+	// Name cannot start with '.'
+	const size_t length = buf.length();
+	size_t pos = 0;
+
+	while ((pos < length) && (buf[pos] == '.')) {
+		++pos;
+	}
+
+	return (pos == 0);
+}
+
+
+void maildirStore::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	// Get root directory
+	shared_ptr <utility::fileSystemFactory> fsf = platform::getHandler()->getFileSystemFactory();
+
+	m_fsPath = fsf->stringToPath(GET_PROPERTY(string, PROPERTY_SERVER_ROOTPATH));
+
+	shared_ptr <utility::file> rootDir = fsf->create(m_fsPath);
+
+	// Try to create the root directory if it does not exist
+	if (!(rootDir->exists() && rootDir->isDirectory())) {
+
+		try {
+			rootDir->createDirectory();
+		} catch (exceptions::filesystem_exception& e) {
+			throw exceptions::connection_error("Cannot create root directory.", e);
+		}
+	}
+
+	m_format = maildirFormat::detect(dynamicCast <maildirStore>(shared_from_this()));
+
+	m_connected = true;
+}
+
+
+bool maildirStore::isConnected() const {
+
+	return m_connected;
+}
+
+
+bool maildirStore::isSecuredConnection() const {
+
+	return false;
+}
+
+
+shared_ptr <connectionInfos> maildirStore::getConnectionInfos() const {
+
+	return make_shared <defaultConnectionInfos>("localhost", static_cast <port_t>(0));
+}
+
+
+void maildirStore::disconnect() {
+
+	for (std::list <maildirFolder*>::iterator it = m_folders.begin() ;
+	     it != m_folders.end() ; ++it) {
+
+		(*it)->onStoreDisconnected();
+	}
+
+	m_folders.clear();
+
+	m_connected = false;
+}
+
+
+void maildirStore::noop() {
+
+	// Nothing to do.
+}
+
+
+shared_ptr <maildirFormat> maildirStore::getFormat() {
+
+	return m_format;
+}
+
+
+shared_ptr <const maildirFormat> maildirStore::getFormat() const {
+
+	return m_format;
+}
+
+
+void maildirStore::registerFolder(maildirFolder* folder) {
+
+	m_folders.push_back(folder);
+}
+
+
+void maildirStore::unregisterFolder(maildirFolder* folder) {
+
+	std::list <maildirFolder*>::iterator it = std::find(m_folders.begin(), m_folders.end(), folder);
+
+	if (it != m_folders.end()) {
+		m_folders.erase(it);
+	}
+}
+
+
+const utility::path& maildirStore::getFileSystemPath() const {
+
+	return m_fsPath;
+}
+
+
+int maildirStore::getCapabilities() const {
+
+	return CAPABILITY_CREATE_FOLDER |
+	       CAPABILITY_RENAME_FOLDER |
+	       CAPABILITY_ADD_MESSAGE |
+	       CAPABILITY_COPY_MESSAGE |
+	       CAPABILITY_DELETE_MESSAGE |
+	       CAPABILITY_PARTIAL_FETCH |
+	       CAPABILITY_MESSAGE_FLAGS |
+	       CAPABILITY_EXTRACT_PART;
+}
+
+
+
+// Service infos
+
+maildirServiceInfos maildirStore::sm_infos;
+
+
+const serviceInfos& maildirStore::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& maildirStore::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirStore.hpp b/vmime-master/src/vmime/net/maildir/maildirStore.hpp
new file mode 100644
index 0000000..13255c0
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirStore.hpp
@@ -0,0 +1,123 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRSTORE_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRSTORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/store.hpp"
+#include "vmime/net/socket.hpp"
+#include "vmime/net/folder.hpp"
+
+#include "vmime/net/maildir/maildirFormat.hpp"
+#include "vmime/net/maildir/maildirServiceInfos.hpp"
+
+#include "vmime/utility/file.hpp"
+
+#include <ostream>
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirFolder;
+
+
+/** maildir store service.
+  */
+class VMIME_EXPORT maildirStore : public store {
+
+	friend class maildirFolder;
+
+public:
+
+	maildirStore(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	~maildirStore();
+
+	const string getProtocolName() const;
+
+	shared_ptr <folder> getDefaultFolder();
+	shared_ptr <folder> getRootFolder();
+	shared_ptr <folder> getFolder(const folder::path& path);
+
+	bool isValidFolderName(const folder::path::component& name) const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+	void noop();
+
+	const utility::path& getFileSystemPath() const;
+
+	int getCapabilities() const;
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+
+	shared_ptr <maildirFormat> getFormat();
+	shared_ptr <const maildirFormat> getFormat() const;
+
+private:
+
+	void registerFolder(maildirFolder* folder);
+	void unregisterFolder(maildirFolder* folder);
+
+
+	std::list <maildirFolder*> m_folders;
+
+	shared_ptr <maildirFormat> m_format;
+
+	bool m_connected;
+
+	utility::path m_fsPath;
+
+
+	// Service infos
+	static maildirServiceInfos sm_infos;
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRSTORE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/maildir/maildirUtils.cpp b/vmime-master/src/vmime/net/maildir/maildirUtils.cpp
new file mode 100644
index 0000000..9942e56
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirUtils.cpp
@@ -0,0 +1,288 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/net/maildir/maildirUtils.hpp"
+#include "vmime/net/maildir/maildirStore.hpp"
+
+#include "vmime/utility/random.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+bool maildirUtils::isMessageFile(const utility::file& file) {
+
+	// Ignore files which name begins with '.'
+	if (file.isFile() &&
+	    file.getFullPath().getLastComponent().getBuffer().length() >= 1 &&
+	    file.getFullPath().getLastComponent().getBuffer()[0] != '.') {
+
+		return true;
+	}
+
+	return false;
+}
+
+
+// NOTE ABOUT ID/FLAGS SEPARATOR
+// -----------------------------
+// In the maildir specification, the character ':' is used to separate
+// the unique identifier and the message flags.
+//
+// On Windows (and particularly FAT file systems), ':' is not allowed
+// in a filename, so we use a dash ('-') instead. This is the solution
+// used by Mutt/Win32, so we also use it here.
+//
+// To be compatible between implementations, we check for both
+// characters when reading file names.
+
+
+const utility::file::path::component maildirUtils::extractId(
+	const utility::file::path::component& filename
+) {
+
+	size_t sep = filename.getBuffer().rfind(':');  // try colon
+
+	if (sep == string::npos) {
+		sep = filename.getBuffer().rfind('-');  // try dash (Windows)
+		if (sep == string::npos) return (filename);
+	}
+
+	return utility::path::component(
+		string(filename.getBuffer().begin(), filename.getBuffer().begin() + sep)
+	);
+}
+
+
+int maildirUtils::extractFlags(const utility::file::path::component& comp) {
+
+	size_t sep = comp.getBuffer().rfind(':');  // try colon
+
+	if (sep == string::npos) {
+		sep = comp.getBuffer().rfind('-');  // try dash (Windows)
+		if (sep == string::npos) return 0;
+	}
+
+	const string flagsString(comp.getBuffer().begin() + sep + 1, comp.getBuffer().end());
+	const size_t count = flagsString.length();
+
+	int flags = 0;
+
+	for (size_t i = 0 ; i < count ; ++i) {
+
+		switch (flagsString[i]) {
+			case 'R': case 'r': flags |= message::FLAG_REPLIED; break;
+			case 'S': case 's': flags |= message::FLAG_SEEN; break;
+			case 'T': case 't': flags |= message::FLAG_DELETED; break;
+			case 'F': case 'f': flags |= message::FLAG_MARKED; break;
+			case 'P': case 'p': flags |= message::FLAG_PASSED; break;
+			case 'D': case 'd': flags |= message::FLAG_DRAFT; break;
+		}
+	}
+
+	return flags;
+}
+
+
+const utility::file::path::component maildirUtils::buildFlags(const int flags) {
+
+	string str;
+	str.reserve(8);
+
+	str += "2,";
+
+	if (flags & message::FLAG_MARKED)  str += "F";
+	if (flags & message::FLAG_PASSED)  str += "P";
+	if (flags & message::FLAG_REPLIED) str += "R";
+	if (flags & message::FLAG_SEEN)    str += "S";
+	if (flags & message::FLAG_DELETED) str += "T";
+	if (flags & message::FLAG_DRAFT)   str += "D";
+
+	return utility::file::path::component(str);
+}
+
+
+const utility::file::path::component maildirUtils::buildFilename(
+	const utility::file::path::component& id,
+	const int flags
+) {
+
+	if (flags == message::FLAG_RECENT) {
+		return id;
+	} else {
+		return buildFilename(id, buildFlags(flags));
+	}
+}
+
+
+const utility::file::path::component maildirUtils::buildFilename(
+	const utility::file::path::component& id,
+	const utility::file::path::component& flags
+) {
+
+#if VMIME_PLATFORM_IS_WINDOWS
+	static const char DELIMITER[] = "-";
+#else
+	static const char DELIMITER[] = ":";
+#endif
+
+	return utility::path::component(id.getBuffer() + DELIMITER + flags.getBuffer());
+}
+
+
+const utility::file::path::component maildirUtils::generateId() {
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+
+	oss << utility::random::getTime();
+	oss << ".";
+	oss << utility::random::getProcess();
+	oss << ".";
+	oss << utility::random::getString(6);
+	oss << ".";
+	oss << platform::getHandler()->getHostName();
+
+	return utility::file::path::component(oss.str());
+}
+
+
+void maildirUtils::recursiveFSDelete(const shared_ptr <utility::file>& dir) {
+
+	shared_ptr <utility::fileIterator> files = dir->getFiles();
+
+	// First, delete files and subdirectories in this directory
+	while (files->hasMoreElements()) {
+
+		shared_ptr <utility::file> file = files->nextElement();
+
+		if (file->isDirectory()) {
+
+			maildirUtils::recursiveFSDelete(file);
+
+		} else {
+
+			try {
+				file->remove();
+			} catch (exceptions::filesystem_exception&) {
+				// Ignore
+			}
+		}
+	}
+
+	// Then, delete this (empty) directory
+	try {
+		dir->remove();
+	} catch (exceptions::filesystem_exception&) {
+		// Ignore
+	}
+}
+
+
+
+class maildirMessageSetEnumerator : public messageSetEnumerator {
+
+public:
+
+	maildirMessageSetEnumerator(const size_t msgCount)
+		: m_msgCount(msgCount) {
+
+	}
+
+	void enumerateNumberMessageRange(const vmime::net::numberMessageRange& range) {
+
+		size_t last = range.getLast();
+		if (last == size_t(-1)) last = m_msgCount;
+
+		for (size_t i = range.getFirst() ; i <= last ; ++i) {
+			list.push_back(i);
+		}
+	}
+
+	void enumerateUIDMessageRange(const vmime::net::UIDMessageRange& /* range */) {
+
+		// Not supported
+	}
+
+public:
+
+	std::vector <size_t> list;
+
+private:
+
+	size_t m_msgCount;
+};
+
+
+// static
+const std::vector <size_t> maildirUtils::messageSetToNumberList(
+	const messageSet& msgs,
+	const size_t msgCount
+) {
+
+	maildirMessageSetEnumerator en(msgCount);
+	msgs.enumerate(en);
+
+	return en.list;
+}
+
+
+
+//
+// messageIdComparator
+//
+
+maildirUtils::messageIdComparator::messageIdComparator(
+	const utility::file::path::component& comp
+)
+	: m_comp(maildirUtils::extractId(comp)) {
+
+}
+
+
+bool maildirUtils::messageIdComparator::operator()(
+	const utility::file::path::component& other
+) const {
+
+	return m_comp == maildirUtils::extractId(other);
+}
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
diff --git a/vmime-master/src/vmime/net/maildir/maildirUtils.hpp b/vmime-master/src/vmime/net/maildir/maildirUtils.hpp
new file mode 100644
index 0000000..94ab998
--- /dev/null
+++ b/vmime-master/src/vmime/net/maildir/maildirUtils.hpp
@@ -0,0 +1,160 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MAILDIR_MAILDIRUTILS_HPP_INCLUDED
+#define VMIME_NET_MAILDIR_MAILDIRUTILS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+
+#include "vmime/utility/file.hpp"
+#include "vmime/utility/path.hpp"
+
+#include "vmime/net/messageSet.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace maildir {
+
+
+class maildirStore;
+
+
+/** Miscellaneous helpers functions for maildir messaging system.
+  */
+class VMIME_EXPORT maildirUtils {
+
+public:
+
+	/** Comparator for message filenames, based only on the
+	  * unique identifier part of the filename.
+	  */
+	class messageIdComparator {
+
+	public:
+
+		messageIdComparator(const utility::file::path::component& comp);
+
+		bool operator()(const utility::file::path::component& other) const;
+
+	private:
+
+		const utility::file::path::component m_comp;
+	};
+
+	/** Test whether the specified file-system object is a message.
+	  *
+	  * @param file reference to a file-system object
+	  * @return true if the specified object is a message file,
+	  * false otherwise
+	  */
+	static bool isMessageFile(const utility::file& file);
+
+	/** Extract the unique identifier part of the message filename.
+	  * Eg: for the filename "1071577232.28549.m03s:2,RS", it will
+	  * return "1071577232.28549.m03s".
+	  *
+	  * @param filename filename part
+	  * @return part of the filename that corresponds to the unique
+	  * identifier of the message
+	  */
+	static const utility::file::path::component extractId(const utility::file::path::component& filename);
+
+	/** Extract message flags from the specified message filename.
+	  * Eg: for the filename "1071577232.28549.m03s:2,RS", it will
+	  * return (message::FLAG_SEEN | message::FLAG_REPLIED).
+	  *
+	  * @param comp filename part
+	  * @return message flags extracted from the specified filename
+	  */
+	static int extractFlags(const utility::file::path::component& comp);
+
+	/** Return a string representing the specified message flags.
+	  * Eg: for (message::FLAG_SEEN | message::FLAG_REPLIED), it will
+	  * return "RS".
+	  *
+	  * @param flags set of flags
+	  * @return message flags in a string representation
+	  */
+	static const utility::file::path::component buildFlags(const int flags);
+
+	/** Build a filename with the specified id and flags.
+	  *
+	  * @param id id part of the filename
+	  * @param flags flags part of the filename
+	  * @return message filename
+	  */
+	static const utility::file::path::component buildFilename(
+		const utility::file::path::component& id,
+		const utility::file::path::component& flags
+	);
+
+	/** Build a filename with the specified id and flags.
+	  *
+	  * @param id id part of the filename
+	  * @param flags set of flags
+	  * @return message filename
+	  */
+	static const utility::file::path::component buildFilename(
+		const utility::file::path::component& id,
+		const int flags
+	);
+
+	/** Generate a new unique message identifier.
+	  *
+	  * @return unique message id
+	  */
+	static const utility::file::path::component generateId();
+
+	/** Recursively delete a directory on the file system.
+	  *
+	  * @param dir directory to delete
+	  */
+	static void recursiveFSDelete(const shared_ptr <utility::file>& dir);
+
+	/** Returns a list of message numbers given a message set.
+	  *
+	  * @param msgs message set
+	  * @param msgCount number of messages in folder
+	  * @return list of message numbers
+	  */
+	static const std::vector <size_t> messageSetToNumberList(
+		const messageSet& msgs,
+		const size_t msgCount
+	);
+};
+
+
+} // maildir
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_MAILDIR
+
+#endif // VMIME_NET_MAILDIR_MAILDIRUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/message.cpp b/vmime-master/src/vmime/net/message.cpp
new file mode 100644
index 0000000..2d6f995
--- /dev/null
+++ b/vmime-master/src/vmime/net/message.cpp
@@ -0,0 +1,155 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/message.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace net {
+
+
+string messagePart::getName() const
+{
+	return {};
+}
+
+shared_ptr <const messagePart> messagePart::getPartAt(const size_t pos) const {
+
+	return getStructure()->getPartAt(pos);
+}
+
+
+shared_ptr <messagePart> messagePart::getPartAt(const size_t pos) {
+
+	return getStructure()->getPartAt(pos);
+}
+
+
+size_t messagePart::getPartCount() const {
+
+	return getStructure()->getPartCount();
+}
+
+
+
+// message::uid
+
+
+message::uid::uid() {
+
+}
+
+
+message::uid::uid(const string& uid)
+	: m_str(uid) {
+
+}
+
+
+message::uid::uid(const unsigned long uid) {
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+	oss << uid;
+
+	m_str = oss.str();
+}
+
+
+message::uid::uid(const char* uid)
+	: m_str(uid) {
+
+}
+
+
+message::uid::uid(const uid& other) {
+
+	m_str = other.m_str;
+}
+
+
+message::uid& message::uid::operator=(const uid& other) {
+
+	m_str = other.m_str;
+	return *this;
+}
+
+
+message::uid& message::uid::operator=(const string& uid) {
+
+	m_str = uid;
+	return *this;
+}
+
+
+message::uid& message::uid::operator=(const unsigned long uid) {
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+	oss << uid;
+
+	m_str = oss.str();
+
+	return *this;
+}
+
+
+message::uid::operator string() const {
+
+	return m_str;
+}
+
+
+bool message::uid::empty() const {
+
+	return m_str.empty();
+}
+
+
+bool message::uid::operator==(const uid& other) const {
+
+	return m_str == other.m_str;
+}
+
+
+std::ostream& operator<<(std::ostream& os, const message::uid& uid) {
+
+	os << static_cast <string>(uid);
+	return os;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/message.hpp b/vmime-master/src/vmime/net/message.hpp
new file mode 100644
index 0000000..8679879
--- /dev/null
+++ b/vmime-master/src/vmime/net/message.hpp
@@ -0,0 +1,369 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MESSAGE_HPP_INCLUDED
+#define VMIME_NET_MESSAGE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/header.hpp"
+#include "vmime/mediaType.hpp"
+#include "vmime/contentDisposition.hpp"
+
+#include "vmime/utility/progressListener.hpp"
+#include "vmime/utility/stream.hpp"
+
+#include "vmime/message.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class messageStructure;
+
+
+/** A MIME part in a message.
+  */
+class VMIME_EXPORT messagePart : public object, public enable_shared_from_this <messagePart> {
+
+protected:
+
+	messagePart() { }
+	messagePart(const messagePart&);
+
+	virtual ~messagePart() { }
+
+public:
+
+	/** Return the structure of this part.
+	  *
+	  * @return structure of the part
+	  */
+	virtual shared_ptr <const messageStructure> getStructure() const = 0;
+
+	/** Return the structure of this part.
+	  *
+	  * @return structure of the part
+	  */
+	virtual shared_ptr <messageStructure> getStructure() = 0;
+
+	/** Return the header section for this part (you must fetch header
+	  * before using this function: see message::fetchPartHeader).
+	  *
+	  * @return header section
+	  */
+	virtual shared_ptr <const header> getHeader() const = 0;
+
+	/** Return the media-type of the content in this part.
+	  *
+	  * @return content media type
+	  */
+	virtual const mediaType& getType() const = 0;
+
+	/** Return the disposition type of the content in this part.
+	  *
+	  * @return content disposition type
+	  */
+	virtual const contentDisposition &getDisposition() const = 0;
+
+	/** Return the size of this part.
+	  *
+	  * @return size of the part (in bytes)
+	  */
+	virtual size_t getSize() const = 0;
+
+	/** Return the part sequence number (index).
+	  * The first part is at index zero.
+	  *
+	  * @return part number
+	  */
+	virtual size_t getNumber() const = 0;
+
+	/** Return the name of this part. In particular, this corresponds to
+	  * the attachment file name for attachment parts.
+	  *
+	  * The part name may be empty if the part does not advertise it or
+	  * if the underlying protocol does not support it.
+	  *
+	  * @return part name
+	  */
+	virtual string getName() const;
+
+	/** Return the sub-part at the specified position (zero is the
+	  * first part).
+	  *
+	  * @param pos index of the sub-part
+	  * @return sub-part at position 'pos'
+	  */
+	shared_ptr <const messagePart> getPartAt(const size_t pos) const;
+
+	/** Return the sub-part at the specified position (zero is the
+	  * first part).
+	  *
+	  * @param pos index of the sub-part
+	  * @return sub-part at position 'pos'
+	  */
+	shared_ptr <messagePart> getPartAt(const size_t pos);
+
+	/** Return the number of sub-parts in this part.
+	  *
+	  * @return number of sub-parts
+	  */
+	size_t getPartCount() const;
+};
+
+
+/** Structure of a MIME part/message.
+  */
+class VMIME_EXPORT messageStructure : public object, public enable_shared_from_this <messageStructure> {
+
+protected:
+
+	messageStructure() { }
+	messageStructure(const messageStructure&);
+
+public:
+
+	virtual ~messageStructure() { }
+
+	/** Return the part at the specified position (first
+	  * part is at position 0).
+	  *
+	  * @param pos position
+	  * @return part at position 'pos'
+	  */
+	virtual shared_ptr <const messagePart> getPartAt(const size_t pos) const = 0;
+
+	/** Return the part at the specified position (first
+	  * part is at position 0).
+	  *
+	  * @param pos position
+	  * @return part at position 'pos'
+	  */
+	virtual shared_ptr <messagePart> getPartAt(const size_t pos) = 0;
+
+	/** Return the number of parts in this part.
+	  *
+	  * @return number of parts
+	  */
+	virtual size_t getPartCount() const = 0;
+};
+
+
+/** Abstract representation of a message in a store/transport service.
+  */
+class VMIME_EXPORT message : public object, public enable_shared_from_this <message> {
+
+protected:
+
+	message() { }
+	message(const message&);
+
+	enum PrivateConstants {
+		FLAG_UNDEFINED = 9999       /**< Used internally to indicate flags have not
+		                                 been initialized yet. */
+	};
+
+public:
+
+	/** The type for an unique message identifier.
+	  */
+	class VMIME_EXPORT uid {
+
+	public:
+
+		uid();
+		uid(const string& uid);
+		uid(const unsigned long uid);
+		uid(const char* uid);
+		uid(const uid& other);
+
+		uid& operator=(const uid& other);
+		uid& operator=(const string& uid);
+		uid& operator=(const unsigned long uid);
+
+		operator string() const;
+
+		bool empty() const;
+
+		bool operator==(const uid& other) const;
+
+	private:
+
+		string m_str;
+	};
+
+	/** Return the MIME structure of the message (must fetch before).
+	  *
+	  * @return MIME structure of the message
+	  */
+	virtual shared_ptr <const messageStructure> getStructure() const = 0;
+
+	/** Return the MIME structure of the message (must fetch before).
+	  *
+	  * @return MIME structure of the message
+	  */
+	virtual shared_ptr <messageStructure> getStructure() = 0;
+
+	/** Return a reference to the header fields of the message (must fetch before).
+	  *
+	  * @return header section of the message
+	  */
+	virtual shared_ptr <const header> getHeader() const = 0;
+
+	/** Return the sequence number of this message. This number is
+	  * used to reference the message in the folder.
+	  *
+	  * @return sequence number of the message
+	  */
+	virtual size_t getNumber() const = 0;
+
+	/** Return the unique identifier (UID) of this message in its
+	  * folder (must fetch before).
+	  *
+	  * @return UID of the message
+	  */
+	virtual const uid getUID() const = 0;
+
+	/** Return the size of the message (must fetch before).
+	  *
+	  * @return size of the message (in bytes)
+	  */
+	virtual size_t getSize() const = 0;
+
+	/** Check whether this message has been expunged (ie: definitively
+	  * deleted) and does not exist in the folder anymore.
+	  *
+	  * @return true if the message is expunged, false otherwise
+	  */
+	virtual bool isExpunged() const = 0;
+
+	/** Possible flags for a message.
+	  */
+	enum Flags {
+		FLAG_SEEN    = (1 << 0),   /**< Message has been seen. */
+		FLAG_RECENT  = (1 << 1),   /**< Message has been recently received. */
+		FLAG_DELETED = (1 << 2),   /**< Message is marked for deletion. */
+		FLAG_REPLIED = (1 << 3),   /**< User replied to this message. */
+		FLAG_MARKED  = (1 << 4),   /**< Used-defined flag. */
+		FLAG_PASSED  = (1 << 5),   /**< Message has been resent/forwarded/bounced. */
+		FLAG_DRAFT   = (1 << 6)    /**< Message is marked as a 'draft'. */
+	};
+
+	/** Methods for setting the flags.
+	  */
+	enum FlagsModes {
+		FLAG_MODE_SET,     /**< Set (replace) the flags. */
+		FLAG_MODE_ADD,     /**< Add the flags. */
+		FLAG_MODE_REMOVE   /**< Remove the flags. */
+	};
+
+	/** Return the flags of this message.
+	  *
+	  * @return flags of the message
+	  */
+	virtual int getFlags() const = 0;
+
+	/** Set the flags of this message.
+	  *
+	  * @param flags set of flags (see Flags)
+	  * @param mode indicate how to treat old and new flags (see FlagsModes)
+	  */
+	virtual void setFlags(const int flags, const int mode = FLAG_MODE_SET) = 0;
+
+	/** Extract the whole message data (header + contents).
+	  *
+	  * \warning Partial fetch might not be supported by the underlying protocol.
+	  *
+	  * @param os output stream in which to write message data
+	  * @param progress progress listener, or NULL if not used
+	  * @param start index of the first byte to retrieve (used for partial fetch)
+	  * @param length number of bytes to retrieve (used for partial fetch)
+	  * @param peek if true, try not to mark the message as read. This may not
+	  * be supported by the protocol (IMAP supports this), but it will NOT throw
+	  * an exception if not supported.
+	  */
+	virtual void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const = 0;
+
+	/** Extract the specified MIME part of the message (header + contents).
+	  *
+	  * \warning Partial fetch might not be supported by the underlying protocol.
+	  *
+	  * @param p part to extract
+	  * @param os output stream in which to write part data
+	  * @param progress progress listener, or NULL if not used
+	  * @param start index of the first byte to retrieve (used for partial fetch)
+	  * @param length number of bytes to retrieve (used for partial fetch)
+	  * @param peek if true, try not to mark the message as read. This may not
+	  * be supported by the protocol (IMAP supports this), but it will NOT throw
+	  * an exception if not supported.
+	  */
+	virtual void extractPart(
+		const shared_ptr <const messagePart>& p,
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const = 0;
+
+	/** Fetch the MIME header for the specified part.
+	  *
+	  * @param p the part for which to fetch the header
+	  */
+	virtual void fetchPartHeader(const shared_ptr <messagePart>& p) = 0;
+
+	/** Get the RFC-822 message for this abstract message.
+	  * Warning: This may require getting some data (ie: structure and headers) from
+	  * the server, which is done automatically. Actual message contents (ie: body)
+	  * will not be fetched if possible (IMAP allows it, whereas POP3 will require
+	  * to fetch the whole message).
+	  *
+	  * @return a RFC-822-parsed message
+	  */
+	virtual shared_ptr <vmime::message> getParsedMessage() = 0;
+};
+
+
+VMIME_EXPORT std::ostream& operator<<(std::ostream& os, const message::uid& uid);
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_MESSAGE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/messageSet.cpp b/vmime-master/src/vmime/net/messageSet.cpp
new file mode 100644
index 0000000..fe2d645
--- /dev/null
+++ b/vmime-master/src/vmime/net/messageSet.cpp
@@ -0,0 +1,430 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/messageSet.hpp"
+
+#include <iterator>
+#include <algorithm>
+#include <typeinfo>
+
+
+namespace vmime {
+namespace net {
+
+// messageSetEnumerator
+
+messageSetEnumerator::~messageSetEnumerator()
+{
+}
+
+// messageRange
+
+messageRange::messageRange() {
+
+}
+
+
+messageRange::~messageRange() {
+
+}
+
+
+// numberMessageRange
+
+numberMessageRange::numberMessageRange(const size_t number)
+	: m_first(number),
+	  m_last(number) {
+
+	if (number < 1) {
+		throw std::invalid_argument("number");
+	}
+}
+
+
+numberMessageRange::numberMessageRange(const size_t first, const size_t last)
+	: m_first(first),
+	  m_last(last) {
+
+	if (first < 1 || first == static_cast <size_t>(-1)) {
+		throw std::invalid_argument("first");
+	} else if (last != static_cast <size_t>(-1) && last < first) {
+		throw std::invalid_argument("last");
+	}
+}
+
+
+numberMessageRange::numberMessageRange(const numberMessageRange& other)
+	: messageRange(),
+	  m_first(other.m_first),
+	  m_last(other.m_last) {
+
+}
+
+
+size_t numberMessageRange::getFirst() const {
+
+	return m_first;
+}
+
+
+size_t numberMessageRange::getLast() const {
+
+	return m_last;
+}
+
+
+void numberMessageRange::enumerate(messageSetEnumerator& en) const {
+
+	en.enumerateNumberMessageRange(*this);
+}
+
+
+messageRange* numberMessageRange::clone() const {
+
+	return new numberMessageRange(*this);
+}
+
+
+// UIDMessageRange
+
+UIDMessageRange::UIDMessageRange(const message::uid& uid)
+	: m_first(uid),
+	  m_last(uid) {
+
+}
+
+
+UIDMessageRange::UIDMessageRange(const message::uid& first, const message::uid& last)
+	: m_first(first),
+	  m_last(last) {
+
+}
+
+
+UIDMessageRange::UIDMessageRange(const UIDMessageRange& other)
+	: messageRange(),
+	  m_first(other.m_first),
+	  m_last(other.m_last) {
+
+}
+
+
+const message::uid UIDMessageRange::getFirst() const {
+
+	return m_first;
+}
+
+
+const message::uid UIDMessageRange::getLast() const {
+
+	return m_last;
+}
+
+
+void UIDMessageRange::enumerate(messageSetEnumerator& en) const {
+
+	en.enumerateUIDMessageRange(*this);
+}
+
+
+messageRange* UIDMessageRange::clone() const {
+
+	return new UIDMessageRange(*this);
+}
+
+
+// messageSet
+
+
+messageSet::messageSet() {
+
+}
+
+
+messageSet::messageSet(const messageSet& other)
+	: object() {
+
+	m_ranges.resize(other.m_ranges.size());
+
+	for (size_t i = 0, n = other.m_ranges.size() ; i < n ; ++i) {
+		m_ranges[i] = other.m_ranges[i]->clone();
+	}
+}
+
+
+messageSet::~messageSet() {
+
+	for (size_t i = 0, n = m_ranges.size() ; i < n ; ++i) {
+		delete m_ranges[i];
+	}
+}
+
+
+// static
+messageSet messageSet::empty() {
+
+	return messageSet();
+}
+
+
+// static
+messageSet messageSet::byNumber(const size_t number) {
+
+	messageSet set;
+	set.m_ranges.push_back(new numberMessageRange(number));
+
+	return set;
+}
+
+
+// static
+messageSet messageSet::byNumber(const size_t first, const size_t last) {
+
+	messageSet set;
+	set.m_ranges.push_back(new numberMessageRange(first, last));
+
+	return set;
+}
+
+
+// static
+messageSet messageSet::byNumber(const std::vector <size_t>& numbers) {
+
+	// Sort a copy of the list
+	std::vector <size_t> sortedNumbers;
+
+	sortedNumbers.resize(numbers.size());
+
+	std::copy(numbers.begin(), numbers.end(), sortedNumbers.begin());
+	std::sort(sortedNumbers.begin(), sortedNumbers.end());
+
+	// Build the set by detecting ranges of continuous numbers
+	size_t previous = static_cast <size_t>(-1), rangeStart = static_cast <size_t>(-1);
+	messageSet set;
+
+	for (std::vector <size_t>::const_iterator it = sortedNumbers.begin() ;
+	     it != sortedNumbers.end() ; ++it) {
+
+		const size_t current = *it;
+
+		if (current == previous) {
+			continue;  // skip duplicates
+		}
+
+		if (current == static_cast <size_t>(-1)) {
+			throw std::invalid_argument("numbers");
+		}
+
+		if (previous == static_cast <size_t>(-1)) {
+
+			previous = current;
+			rangeStart = current;
+
+		} else {
+
+			if (current == previous + 1) {
+
+				previous = current;
+
+			} else {
+
+				set.m_ranges.push_back(new numberMessageRange(rangeStart, previous));
+
+				previous = current;
+				rangeStart = current;
+			}
+		}
+	}
+
+	set.m_ranges.push_back(new numberMessageRange(rangeStart, previous));
+
+	return set;
+}
+
+
+// static
+messageSet messageSet::byUID(const message::uid& uid) {
+
+	messageSet set;
+	set.m_ranges.push_back(new UIDMessageRange(uid));
+
+	return set;
+}
+
+
+messageSet messageSet::byUID(const message::uid& first, const message::uid& last) {
+
+	messageSet set;
+	set.m_ranges.push_back(new UIDMessageRange(first, last));
+
+	return set;
+}
+
+
+messageSet messageSet::byUID(const std::vector <message::uid>& uids) {
+
+	std::vector <vmime_uint32> numericUIDs;
+
+	for (size_t i = 0, n = uids.size() ; i < n ; ++i) {
+
+		const string uid = uids[i];
+		int numericUID = 0;
+
+		const char* p = uid.c_str();
+
+		for ( ; *p >= '0' && *p <= '9' ; ++p) {
+			numericUID = (numericUID * 10) + (*p - '0');
+		}
+
+		if (*p != '\0') {
+
+			messageSet set;
+
+			// Non-numeric UID, fall back to plain UID list (single-UID ranges)
+			for (size_t i = 0, n = uids.size() ; i < n ; ++i) {
+				set.m_ranges.push_back(new UIDMessageRange(uids[i]));
+			}
+
+			return set;
+		}
+
+		numericUIDs.push_back(numericUID);
+	}
+
+	// Sort a copy of the list
+	std::vector <vmime_uint32> sortedUIDs;
+
+	sortedUIDs.resize(numericUIDs.size());
+
+	std::copy(numericUIDs.begin(), numericUIDs.end(), sortedUIDs.begin());
+	std::sort(sortedUIDs.begin(), sortedUIDs.end());
+
+	// Build the set by detecting ranges of continuous numbers
+	vmime_uint32 previous = static_cast <vmime_uint32>(-1), rangeStart = static_cast <vmime_uint32>(-1);
+	messageSet set;
+
+	for (std::vector <vmime_uint32>::const_iterator it = sortedUIDs.begin() ;
+	     it != sortedUIDs.end() ; ++it) {
+
+		const vmime_uint32 current = *it;
+
+		if (current == previous) {
+			continue;  // skip duplicates
+		}
+
+		if (previous == static_cast <vmime_uint32>(-1)) {
+
+			previous = current;
+			rangeStart = current;
+
+		} else {
+
+			if (current == previous + 1) {
+
+				previous = current;
+
+			} else {
+
+				set.m_ranges.push_back(
+					new UIDMessageRange(
+						utility::stringUtils::toString(rangeStart),
+						utility::stringUtils::toString(previous)
+					)
+				);
+
+				previous = current;
+				rangeStart = current;
+			}
+		}
+	}
+
+	set.m_ranges.push_back(
+		new UIDMessageRange(
+			utility::stringUtils::toString(rangeStart),
+			utility::stringUtils::toString(previous)
+		)
+	);
+
+	return set;
+}
+
+
+void messageSet::addRange(const messageRange& range) {
+
+	if (!m_ranges.empty() && typeid(*m_ranges[0]) != typeid(range)) {
+		throw std::invalid_argument("range");
+	}
+
+	m_ranges.push_back(range.clone());
+}
+
+
+void messageSet::enumerate(messageSetEnumerator& en) const {
+
+	for (size_t i = 0, n = m_ranges.size() ; i < n ; ++i) {
+		m_ranges[i]->enumerate(en);
+	}
+}
+
+
+bool messageSet::isEmpty() const {
+
+	return m_ranges.empty();
+}
+
+
+bool messageSet::isNumberSet() const {
+
+	return !isEmpty() && dynamic_cast <numberMessageRange*>(m_ranges[0]) != NULL;
+}
+
+
+bool messageSet::isUIDSet() const {
+
+	return !isEmpty() && dynamic_cast <UIDMessageRange*>(m_ranges[0]) != NULL;
+}
+
+
+size_t messageSet::getRangeCount() const {
+
+	return m_ranges.size();
+}
+
+
+const messageRange& messageSet::getRangeAt(const size_t i) const {
+
+	return *m_ranges[i];
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/messageSet.hpp b/vmime-master/src/vmime/net/messageSet.hpp
new file mode 100644
index 0000000..848c4c9
--- /dev/null
+++ b/vmime-master/src/vmime/net/messageSet.hpp
@@ -0,0 +1,358 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_MESSAGESET_HPP_INCLUDED
+#define VMIME_NET_MESSAGESET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/message.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+// Forward references
+class numberMessageRange;
+class UIDMessageRange;
+
+
+/** Enumerator used to retrieve the message number/UID ranges contained
+  * in a messageSet object.
+  */
+class VMIME_EXPORT messageSetEnumerator {
+
+public:
+	virtual ~messageSetEnumerator();
+	virtual void enumerateNumberMessageRange(const numberMessageRange& range) = 0;
+	virtual void enumerateUIDMessageRange(const UIDMessageRange& range) = 0;
+};
+
+
+/** A range of (continuous) messages, designated either by their
+  * sequence number, or by their UID.
+  */
+class VMIME_EXPORT messageRange : public object {
+
+public:
+
+	virtual ~messageRange();
+
+	/** Enumerates this range with the specified enumerator.
+	  *
+	  * @param en enumerator that will receive the method calls while
+	  * enumerating this range
+	  */
+	virtual void enumerate(messageSetEnumerator& en) const = 0;
+
+	/** Clones this message range.
+	  */
+	virtual messageRange* clone() const = 0;
+
+protected:
+
+	messageRange();
+	messageRange(const messageRange&);
+};
+
+
+/** A range of (continuous) messages designated by their sequence number.
+  */
+class VMIME_EXPORT numberMessageRange : public messageRange {
+
+public:
+
+	/** Constructs a message range containing a single message.
+	  *
+	  * @param number message number (numbering starts at 1, not 0)
+	  */
+	numberMessageRange(const size_t number);
+
+	/** Constructs a message range for multiple messages.
+	  *
+	  * @param first number of the first message in the range (numbering
+	  * starts at 1, not 0)
+	  * @param last number of the last message in the range, or use the
+	  * special value -1 to designate the last message in the folder
+	  */
+	numberMessageRange(const size_t first, const size_t last);
+
+	/** Constructs a message range by copying from another range.
+	  *
+	  * @param other range to copy
+	  */
+	numberMessageRange(const numberMessageRange& other);
+
+	/** Returns the number of the first message in the range.
+	  *
+	  * @return number of the first message
+	  */
+	size_t getFirst() const;
+
+	/** Returns the number of the last message in the range, or -1
+	  * to designate the last message in the folder
+	  *
+	  * @return number of the last message
+	  */
+	size_t getLast() const;
+
+	void enumerate(messageSetEnumerator& en) const;
+
+	messageRange* clone() const;
+
+private:
+
+	size_t m_first, m_last;
+};
+
+
+/** A range of (continuous) messages represented by their UID.
+  */
+class VMIME_EXPORT UIDMessageRange : public messageRange {
+
+public:
+
+	/** Constructs a message range containing a single message.
+	  *
+	  * @param uid message UID
+	  */
+	UIDMessageRange(const message::uid& uid);
+
+	/** Constructs a message range for multiple messages.
+	  *
+	  * @param first UID of the first message in the range
+	  * @param last UID of the last message in the range, or use the
+	  * special value '*' to designate the last message in the folder
+	  */
+	UIDMessageRange(const message::uid& first, const message::uid& last);
+
+	/** Constructs a message range by copying from another range.
+	  *
+	  * @param other range to copy
+	  */
+	UIDMessageRange(const UIDMessageRange& other);
+
+	/** Returns the UID of the first message in the range.
+	  *
+	  * @return UID of the first message
+	  */
+	const message::uid getFirst() const;
+
+	/** Returns the UID of the last message in the range, or '*'
+	  * to designate the last message in the folder
+	  *
+	  * @return UID of the last message
+	  */
+	const message::uid getLast() const;
+
+	void enumerate(messageSetEnumerator& en) const;
+
+	messageRange* clone() const;
+
+private:
+
+	message::uid m_first, m_last;
+};
+
+
+/** Represents a set of messages, designated either by their sequence
+  * number, or by their UID (but not both).
+  *
+  * Following is example code to designate messages by their number:
+  * \code{.cpp}
+  *    // Designate a single message with sequence number 42
+  *    vmime::net::messageSet::byNumber(42)
+  *
+  *    // Designate messages from sequence number 5 to sequence number 8 (including)
+  *    vmime::net::messageSet::byNumber(5, 8)
+  *
+  *    // Designate all messages in the folder, starting from number 42
+  *    vmime::net::messageSet::byNumber(42, -1)
+  * \endcode
+  * Or, to designate messages by their UID, use:
+  * \code{.cpp}
+  *    // Designate a single message with UID 1042
+  *    vmime::net::messageSet::byUID(1042)
+  *
+  *    // Designate messages from UID 1000 to UID 1042 (including)
+  *    vmime::net::messageSet::byUID(1000, 1042)
+  *
+  *    // Designate all messages in the folder, starting from UID 1000
+  *    vmime::net::messageSet::byUID(1000, "*")
+  * \endcode
+  */
+class VMIME_EXPORT messageSet : public object {
+
+public:
+
+	~messageSet();
+
+	messageSet(const messageSet& other);
+
+	/** Constructs an empty set.
+	  *
+	  * @return new empty message set
+	  */
+	static messageSet empty();
+
+	/** Constructs a new message set and initializes it with a single
+	  * message represented by its sequence number.
+	  *
+	  * @param number message number (numbering starts at 1, not 0)
+	  * @return new message set
+	  */
+	static messageSet byNumber(const size_t number);
+
+	/** Constructs a new message set and initializes it with a range
+	  * of messages represented by their sequence number.
+	  *
+	  * @param first number of the first message in the range (numbering
+	  * starts at 1, not 0)
+	  * @param last number of the last message in the range, or use the
+	  * special value -1 to designate the last message in the folder
+	  * @return new message set
+	  */
+	static messageSet byNumber(const size_t first, const size_t last);
+
+	/** Constructs a new message set and initializes it with a possibly
+	  * unsorted list of messages represented by their sequence number.
+	  * Please note that numbering starts at 1, not 0.
+	  *
+	  * The function tries to group consecutive message numbers into
+	  * ranges to reduce the size of the resulting set.
+	  *
+	  * For example, given the list "1,2,3,4,5,7,8,13,15,16,17" it will
+	  * result in the following ranges: "1:5,7:8,13,15:17".
+	  *
+	  * @param numbers a vector containing numbers of the messages
+	  * @return new message set
+	  */
+	static messageSet byNumber(const std::vector <size_t>& numbers);
+
+	/** Constructs a new message set and initializes it with a single
+	  * message represented by its UID.
+	  *
+	  * @param uid message UID
+	  * @return new message set
+	  */
+	static messageSet byUID(const message::uid& uid);
+
+	/** Constructs a new message set and initializes it with a range
+	  * of messages represented by their sequence number.
+	  *
+	  * @param first UID of the first message in the range
+	  * @param last UID of the last message in the range, or use the
+	  * special value '*' to designate the last message in the folder
+	  * @return new message set
+	  */
+	static messageSet byUID(const message::uid& first, const message::uid& last);
+
+	/** Constructs a new message set and initializes it with a possibly
+	  * unsorted list of messages represented by their UID.
+	  *
+	  * For UIDs that actually are numbers (this is the case for IMAP), the
+	  * function tries to group consecutive UIDs into ranges to reduce the
+	  * size of the resulting set.
+	  *
+	  * For example, given the list "1,2,3,4,5,7,8,13,15,16,17" it will
+	  * result in the following ranges: "1:5,7:8,13,15:17".
+	  *
+	  * @param uids a vector containing UIDs of the messages
+	  * @return new message set
+	  */
+	static messageSet byUID(const std::vector <message::uid>& uids);
+
+	/** Adds the specified range to this set. The type of message range
+	  * (either number or UID) must match the type of the ranges already
+	  * contained in this set (ie. it's not possible to have a message
+	  * set which contains both number ranges and UID ranges).
+	  *
+	  * @param range range to add
+	  * @throw std::invalid_argument exception if the range type does
+	  * not match the type of the ranges in this set
+	  */
+	void addRange(const messageRange& range);
+
+	/** Enumerates this set with the specified enumerator.
+	  *
+	  * @param en enumerator that will receive the method calls while
+	  * enumerating the ranges in this set
+	  */
+	void enumerate(messageSetEnumerator& en) const;
+
+	/** Returns whether this set is empty (contains no range).
+	  *
+	  * @return true if this set is empty, or false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Returns whether this set references messages by their sequence
+	  * number.
+	  *
+	  * @return true if this set references messages by their sequence
+	  * number, or false otherwise
+	  */
+	bool isNumberSet() const;
+
+	/** Returns whether this set references messages by their UID.
+	  *
+	  * @return true if this set references messages by their UID,
+	  * or false otherwise
+	  */
+	bool isUIDSet() const;
+
+	/** Returns the number of ranges contained in this set.
+	  *
+	  * @return range count
+	  */
+	size_t getRangeCount() const;
+
+	/** Returns the message range at the specified index.
+	  *
+	  * @param i range index (from 0 to getRangeCount())
+	  * @return a reference to the message range at the specified index
+	  */
+	const messageRange& getRangeAt(const size_t i) const;
+
+private:
+
+	messageSet();
+
+	std::vector <messageRange*> m_ranges;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_NET_MESSAGESET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Command.cpp b/vmime-master/src/vmime/net/pop3/POP3Command.cpp
new file mode 100644
index 0000000..0e79888
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Command.cpp
@@ -0,0 +1,267 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Command.hpp"
+#include "vmime/net/pop3/POP3Connection.hpp"
+#include "vmime/net/pop3/POP3Store.hpp"
+
+#include "vmime/net/socket.hpp"
+
+#include "vmime/mailbox.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3Command::POP3Command(const string& text, const string& traceText)
+	: m_text(text),
+	  m_traceText(traceText) {
+
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::CAPA() {
+
+	return createCommand("CAPA");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::NOOP() {
+
+	return createCommand("NOOP");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::AUTH(const string& mechName) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTH " << mechName;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::AUTH(const string& mechName, const string& initialResponse) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTH " << mechName << " " << initialResponse;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::STLS() {
+
+	return createCommand("STLS");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::APOP(const string& username, const string& digest) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "APOP " << username << " " << digest;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::USER(const string& username) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "USER " << username;
+
+	std::ostringstream trace;
+	trace.imbue(std::locale::classic());
+	trace << "USER {username}";
+
+	return createCommand(cmd.str(), trace.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::PASS(const string& password) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "PASS " << password;
+
+	std::ostringstream trace;
+	trace.imbue(std::locale::classic());
+	trace << "PASS {password}";
+
+	return createCommand(cmd.str(), trace.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::STAT() {
+
+	return createCommand("STAT");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::LIST() {
+
+	return createCommand("LIST");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::LIST(const unsigned long msg) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "LIST " << msg;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::UIDL() {
+
+	return createCommand("UIDL");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::UIDL(const unsigned long msg) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "UIDL " << msg;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::DELE(const unsigned long msg) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "DELE " << msg;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::RETR(const unsigned long msg) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "RETR " << msg;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::TOP(const unsigned long msg, const unsigned long lines) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "TOP " << msg << " " << lines;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::RSET() {
+
+	return createCommand("RSET");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::QUIT() {
+
+	return createCommand("QUIT");
+}
+
+
+// static
+shared_ptr <POP3Command> POP3Command::createCommand(
+	const string& text,
+	const string& traceText
+) {
+
+	if (traceText.empty()) {
+		return shared_ptr <POP3Command>(new POP3Command(text, text));
+	} else {
+		return shared_ptr <POP3Command>(new POP3Command(text, traceText));
+	}
+}
+
+
+const string POP3Command::getText() const {
+
+	return m_text;
+}
+
+
+const string POP3Command::getTraceText() const {
+
+	return m_traceText;
+}
+
+
+void POP3Command::send(const shared_ptr <POP3Connection>& conn) {
+
+	conn->getSocket()->send(m_text + "\r\n");
+
+	if (conn->getTracer()) {
+		conn->getTracer()->traceSend(m_traceText);
+	}
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
diff --git a/vmime-master/src/vmime/net/pop3/POP3Command.hpp b/vmime-master/src/vmime/net/pop3/POP3Command.hpp
new file mode 100644
index 0000000..06a61b9
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Command.hpp
@@ -0,0 +1,123 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3COMMAND_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3COMMAND_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/object.hpp"
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+
+
+class mailbox;
+
+
+namespace net {
+namespace pop3 {
+
+
+class POP3Connection;
+
+
+/** A POP3 command that will be sent to the server.
+  */
+class VMIME_EXPORT POP3Command : public object {
+
+public:
+
+	static shared_ptr <POP3Command> CAPA();
+	static shared_ptr <POP3Command> NOOP();
+	static shared_ptr <POP3Command> AUTH(const string& mechName);
+	static shared_ptr <POP3Command> AUTH(const string& mechName, const string& initialResponse);
+	static shared_ptr <POP3Command> STLS();
+	static shared_ptr <POP3Command> APOP(const string& username, const string& digest);
+	static shared_ptr <POP3Command> USER(const string& username);
+	static shared_ptr <POP3Command> PASS(const string& password);
+	static shared_ptr <POP3Command> STAT();
+	static shared_ptr <POP3Command> LIST();
+	static shared_ptr <POP3Command> LIST(const unsigned long msg);
+	static shared_ptr <POP3Command> UIDL();
+	static shared_ptr <POP3Command> UIDL(const unsigned long msg);
+	static shared_ptr <POP3Command> DELE(const unsigned long msg);
+	static shared_ptr <POP3Command> RETR(const unsigned long msg);
+	static shared_ptr <POP3Command> TOP(const unsigned long msg, const unsigned long lines);
+	static shared_ptr <POP3Command> RSET();
+	static shared_ptr <POP3Command> QUIT();
+
+	/** Creates a new POP3 command with the specified text.
+	  *
+	  * @param text command text
+	  * @param traceText trace text (if empty, command text is used)
+	  * @return a new POP3Command object
+	  */
+	static shared_ptr <POP3Command> createCommand(const string& text, const string& traceText = "");
+
+	/** Sends this command over the specified connection.
+	  *
+	  * @param conn connection onto which the command will be sent
+	  */
+	virtual void send(const shared_ptr <POP3Connection>& conn);
+
+	/** Returns the full text of the command, including command name
+	  * and parameters (if any).
+	  *
+	  * @return command text (eg. "LIST 42")
+	  */
+	virtual const string getText() const;
+
+	/** Returns the full text of the command, suitable for outputing
+	  * to the tracer.
+	  *
+	  * @return trace text (eg. "USER myusername")
+	  */
+	virtual const string getTraceText() const;
+
+protected:
+
+	POP3Command(const string& text, const string& traceText);
+	POP3Command(const POP3Command&);
+
+private:
+
+	string m_text;
+	string m_traceText;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3COMMAND_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Connection.cpp b/vmime-master/src/vmime/net/pop3/POP3Connection.cpp
new file mode 100644
index 0000000..749f7ef
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Connection.cpp
@@ -0,0 +1,737 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Connection.hpp"
+#include "vmime/net/pop3/POP3Store.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/security/digest/messageDigestFactory.hpp"
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+#if VMIME_HAVE_SASL_SUPPORT
+	#include "vmime/security/sasl/SASLContext.hpp"
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "vmime/net/tls/TLSSession.hpp"
+	#include "vmime/net/tls/TLSSecuredConnectionInfos.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+
+// Helpers for service properties
+#define GET_PROPERTY(type, prop) \
+	(m_store.lock()->getInfos().getPropertyValue <type>(getSession(), \
+		dynamic_cast <const POP3ServiceInfos&>(m_store.lock()->getInfos()).getProperties().prop))
+#define HAS_PROPERTY(prop) \
+	(m_store.lock()->getInfos().hasProperty(getSession(), \
+		dynamic_cast <const POP3ServiceInfos&>(m_store.lock()->getInfos()).getProperties().prop))
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+
+POP3Connection::POP3Connection(
+	const shared_ptr <POP3Store>& store,
+	const shared_ptr <security::authenticator>& auth
+)
+	: m_store(store),
+	  m_auth(auth),
+	  m_socket(null),
+	  m_timeoutHandler(null),
+	  m_authenticated(false),
+	  m_secured(false),
+	  m_capabilitiesFetched(false) {
+
+	static int connectionId = 0;
+
+	if (store->getTracerFactory()) {
+		m_tracer = store->getTracerFactory()->create(store, ++connectionId);
+	}
+}
+
+
+POP3Connection::~POP3Connection() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		} else if (m_socket) {
+			internalDisconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void POP3Connection::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	const string address = GET_PROPERTY(string, PROPERTY_SERVER_ADDRESS);
+	const port_t port = GET_PROPERTY(port_t, PROPERTY_SERVER_PORT);
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	// Create the time-out handler
+	if (store->getTimeoutHandlerFactory()) {
+		m_timeoutHandler = store->getTimeoutHandlerFactory()->create();
+	}
+
+	// Create and connect the socket
+	m_socket = store->getSocketFactory()->create(m_timeoutHandler);
+	m_socket->setTracer(m_tracer);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (store->isPOP3S()) {  // dedicated port/POP3S
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
+
+		shared_ptr <tls::TLSSocket> tlsSocket =
+			tlsSession->getSocket(m_socket);
+
+		m_socket = tlsSocket;
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(address, port, tlsSession, tlsSocket);
+	} else
+#endif // VMIME_HAVE_TLS_SUPPORT
+	{
+		m_cntInfos = make_shared <defaultConnectionInfos>(address, port);
+	}
+
+	m_socket->connect(address, port);
+
+	// Connection
+	//
+	// eg:  C: <connection to server>
+	// ---  S: +OK MailSite POP3 Server 5.3.4.0 Ready <36938848.1056800841.634@somewhere.com>
+
+	shared_ptr <POP3Response> response = POP3Response::readResponse(
+		dynamicCast <POP3Connection>(shared_from_this())
+	);
+
+	if (!response->isSuccess()) {
+
+		internalDisconnect();
+		throw exceptions::connection_greeting_error(response->getFirstLine());
+	}
+
+#if VMIME_HAVE_TLS_SUPPORT
+	// Setup secured connection, if requested
+	const bool tls = HAS_PROPERTY(PROPERTY_CONNECTION_TLS)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS);
+	const bool tlsRequired = HAS_PROPERTY(PROPERTY_CONNECTION_TLS_REQUIRED)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS_REQUIRED);
+
+	if (!store->isPOP3S() && tls) {  // only if not POP3S
+
+		try {
+
+			startTLS();
+
+		// Non-fatal error
+		} catch (exceptions::command_error&) {
+
+			if (tlsRequired) {
+				throw;
+			} else {
+				// TLS is not required, so don't bother
+			}
+
+		// Fatal error
+		} catch (...) {
+			throw;
+		}
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	// Start authentication process
+	authenticate(messageId(response->getText()));
+}
+
+
+void POP3Connection::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	internalDisconnect();
+}
+
+
+void POP3Connection::internalDisconnect() {
+
+	if (m_socket) {
+
+		if (m_socket->isConnected()) {
+
+			try {
+
+				POP3Command::QUIT()->send(dynamicCast <POP3Connection>(shared_from_this()));
+				POP3Response::readResponse(dynamicCast <POP3Connection>(shared_from_this()));
+
+			} catch (exception&) {
+
+				// Not important
+			}
+
+			m_socket->disconnect();
+		}
+
+		m_socket = null;
+	}
+
+	m_timeoutHandler = null;
+
+	m_authenticated = false;
+	m_secured = false;
+
+	m_cntInfos = null;
+}
+
+
+void POP3Connection::authenticate(const messageId& randomMID) {
+
+	getAuthenticator()->setService(m_store.lock());
+
+#if VMIME_HAVE_SASL_SUPPORT
+	// First, try SASL authentication
+	if (GET_PROPERTY(bool, PROPERTY_OPTIONS_SASL)) {
+
+		try {
+
+			authenticateSASL();
+
+			m_authenticated = true;
+			return;
+
+		} catch (exceptions::authentication_error&) {
+
+			if (!GET_PROPERTY(bool, PROPERTY_OPTIONS_SASL_FALLBACK)) {
+
+				// Can't fallback on APOP/normal authentication
+				internalDisconnect();
+				throw;
+
+			} else {
+
+				// Ignore, will try APOP/normal authentication
+			}
+
+		} catch (exception&) {
+
+			internalDisconnect();
+			throw;
+		}
+	}
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// Secured authentication with APOP (if requested and if available)
+	//
+	// eg:  C: APOP vincent <digest>
+	// ---  S: +OK vincent is a valid mailbox
+
+	const string username = getAuthenticator()->getUsername();
+	const string password = getAuthenticator()->getPassword();
+
+	shared_ptr <POP3Connection> conn = dynamicCast <POP3Connection>(shared_from_this());
+	shared_ptr <POP3Response> response;
+
+	if (GET_PROPERTY(bool, PROPERTY_OPTIONS_APOP)) {
+
+		if (randomMID.getLeft().length() != 0 &&
+		    randomMID.getRight().length() != 0) {
+
+			// <digest> is the result of MD5 applied to "<message-id>password"
+			shared_ptr <security::digest::messageDigest> md5 =
+				security::digest::messageDigestFactory::getInstance()->create("md5");
+
+			md5->update(randomMID.generate() + password);
+			md5->finalize();
+
+			POP3Command::APOP(username, md5->getHexDigest())->send(conn);
+			response = POP3Response::readResponse(conn);
+
+			if (response->isSuccess()) {
+
+				m_authenticated = true;
+				return;
+
+			} else {
+
+				// Some servers close the connection after an unsuccessful APOP
+				// command, so the fallback may not always work...
+				//
+				// S: +OK Qpopper (version 4.0.5) at xxx starting.  <30396.1126730747@xxx>
+				// C: APOP plop c5e0a87d088ec71d60e32692d4c5bdf4
+				// S: -ERR [AUTH] Password supplied for "plop" is incorrect.
+				// S: +OK Pop server at xxx signing off.
+				// [Connection closed by foreign host.]
+
+				if (!GET_PROPERTY(bool, PROPERTY_OPTIONS_APOP_FALLBACK)) {
+
+					// Can't fallback on basic authentication
+					internalDisconnect();
+					throw exceptions::authentication_error(response->getFirstLine());
+				}
+
+				// Ensure connection is valid (cf. note above)
+				try {
+
+					POP3Command::NOOP()->send(conn);
+					POP3Response::readResponse(conn);
+
+				} catch (exceptions::socket_exception&) {
+
+					internalDisconnect();
+					throw exceptions::authentication_error(response->getFirstLine());
+				}
+			}
+
+		} else {
+
+			// APOP not supported
+			if (!GET_PROPERTY(bool, PROPERTY_OPTIONS_APOP_FALLBACK)) {
+
+				// Can't fallback on basic authentication
+				internalDisconnect();
+				throw exceptions::authentication_error("APOP not supported");
+			}
+		}
+	}
+
+	// Basic authentication
+	//
+	// eg:  C: USER vincent
+	// ---  S: +OK vincent is a valid mailbox
+	//
+	//      C: PASS couic
+	//      S: +OK vincent's maildrop has 2 messages (320 octets)
+	POP3Command::USER(username)->send(conn);
+	response = POP3Response::readResponse(conn);
+
+	if (!response->isSuccess()) {
+
+		internalDisconnect();
+		throw exceptions::authentication_error(response->getFirstLine());
+	}
+
+	POP3Command::PASS(password)->send(conn);
+	response = POP3Response::readResponse(conn);
+
+	if (!response->isSuccess()) {
+
+		internalDisconnect();
+		throw exceptions::authentication_error(response->getFirstLine());
+	}
+
+	m_authenticated = true;
+}
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+void POP3Connection::authenticateSASL() {
+
+	if (!dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())) {
+		throw exceptions::authentication_error("No SASL authenticator available.");
+	}
+
+	std::vector <string> capa = getCapabilities();
+	std::vector <string> saslMechs;
+
+	for (unsigned int i = 0 ; i < capa.size() ; ++i) {
+
+		const string& x = capa[i];
+
+		// C: CAPA
+		// S: +OK List of capabilities follows
+		// S: LOGIN-DELAY 0
+		// S: PIPELINING
+		// S: UIDL
+		// S: ...
+		// S: SASL DIGEST-MD5 CRAM-MD5   <-----
+		// S: EXPIRE NEVER
+		// S: ...
+
+		if (x.length() > 5 &&
+		    (x[0] == 'S' || x[0] == 's') &&
+		    (x[1] == 'A' || x[1] == 'a') &&
+		    (x[2] == 'S' || x[2] == 's') &&
+		    (x[3] == 'L' || x[3] == 'l') &&
+		    (x[4] == ' ' || x[4] == '\t')) {
+
+			const string list(x.begin() + 5, x.end());
+
+			std::istringstream iss(list);
+			iss.imbue(std::locale::classic());
+
+			string mech;
+
+			while (iss >> mech) {
+				saslMechs.push_back(mech);
+			}
+		}
+	}
+
+	if (saslMechs.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	std::vector <shared_ptr <security::sasl::SASLMechanism> > mechList;
+
+	shared_ptr <security::sasl::SASLContext> saslContext =
+		security::sasl::SASLContext::create();
+
+	for (unsigned int i = 0 ; i < saslMechs.size() ; ++i) {
+
+		try {
+			mechList.push_back(saslContext->createMechanism(saslMechs[i]));
+		} catch (exceptions::no_such_mechanism&) {
+			// Ignore mechanism
+		}
+	}
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try to suggest a mechanism among all those supported
+	shared_ptr <security::sasl::SASLMechanism> suggestedMech =
+		saslContext->suggestMechanism(mechList);
+
+	if (!suggestedMech) {
+		throw exceptions::authentication_error("Unable to suggest SASL mechanism.");
+	}
+
+	// Allow application to choose which mechanisms to use
+	mechList = dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())->
+		getAcceptableMechanisms(mechList, suggestedMech);
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try each mechanism in the list in turn
+	for (unsigned int i = 0 ; i < mechList.size() ; ++i) {
+
+		shared_ptr <security::sasl::SASLMechanism> mech = mechList[i];
+
+		shared_ptr <security::sasl::SASLSession> saslSession =
+			saslContext->createSession("pop3", getAuthenticator(), mech);
+
+		saslSession->init();
+
+		shared_ptr <POP3Command> authCmd;
+
+		if (saslSession->getMechanism()->hasInitialResponse()) {
+
+			byte_t* initialResp = 0;
+			size_t initialRespLen = 0;
+
+			saslSession->evaluateChallenge(NULL, 0, &initialResp, &initialRespLen);
+
+			string encodedInitialResp(saslContext->encodeB64(initialResp, initialRespLen));
+			delete [] initialResp;
+
+			if (encodedInitialResp.empty()) {
+				authCmd = POP3Command::AUTH(mech->getName(), "=");
+			} else {
+				authCmd = POP3Command::AUTH(mech->getName(), encodedInitialResp);
+			}
+
+		} else {
+
+			authCmd = POP3Command::AUTH(mech->getName());
+		}
+
+		authCmd->send(dynamicCast <POP3Connection>(shared_from_this()));
+
+		for (bool cont = true ; cont ; ) {
+
+			shared_ptr <POP3Response> response =
+				POP3Response::readResponse(dynamicCast <POP3Connection>(shared_from_this()));
+
+			switch (response->getCode()) {
+
+				case POP3Response::CODE_OK: {
+
+					m_socket = saslSession->getSecuredSocket(m_socket);
+					return;
+				}
+
+				case POP3Response::CODE_READY: {
+
+					byte_t* challenge = 0;
+					size_t challengeLen = 0;
+
+					byte_t* resp = 0;
+					size_t respLen = 0;
+
+					try {
+
+						// Extract challenge
+						saslContext->decodeB64(response->getText(), &challenge, &challengeLen);
+
+						// Prepare response
+						saslSession->evaluateChallenge(challenge, challengeLen, &resp, &respLen);
+
+						// Send response
+						const string respB64 = saslContext->encodeB64(resp, respLen) + "\r\n";
+						m_socket->sendRaw(utility::stringUtils::bytesFromString(respB64), respB64.length());
+
+						if (m_tracer) {
+							m_tracer->traceSendBytes(respB64.length() - 2, "SASL exchange");
+						}
+
+					} catch (exceptions::sasl_exception& e) {
+
+						if (challenge) {
+							delete [] challenge;
+							challenge = NULL;
+						}
+
+						if (resp) {
+							delete [] resp;
+							resp = NULL;
+						}
+
+						// Cancel SASL exchange
+						m_socket->send("*\r\n");
+
+						if (m_tracer) {
+							m_tracer->traceSend("*");
+						}
+
+					} catch (...) {
+
+						if (challenge) {
+							delete [] challenge;
+						}
+
+						if (resp) {
+							delete [] resp;
+						}
+
+						throw;
+					}
+
+					if (challenge) {
+						delete [] challenge;
+					}
+
+					if (resp) {
+						delete [] resp;
+					}
+
+					break;
+				}
+
+				default:
+
+					cont = false;
+					break;
+			}
+		}
+	}
+
+	throw exceptions::authentication_error("Could not authenticate using SASL: all mechanisms failed.");
+}
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+void POP3Connection::startTLS() {
+
+	try {
+
+		POP3Command::STLS()->send(dynamicCast <POP3Connection>(shared_from_this()));
+
+		shared_ptr <POP3Response> response =
+			POP3Response::readResponse(dynamicCast <POP3Connection>(shared_from_this()));
+
+		if (!response->isSuccess()) {
+			throw exceptions::command_error("STLS", response->getFirstLine());
+		}
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create(
+			m_store.lock()->getCertificateVerifier(),
+			m_store.lock()->getSession()->getTLSProperties()
+		);
+
+		shared_ptr <tls::TLSSocket> tlsSocket = tlsSession->getSocket(m_socket);
+
+		tlsSocket->handshake();
+
+		m_socket = tlsSocket;
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(
+			m_cntInfos->getHost(), m_cntInfos->getPort(), tlsSession, tlsSocket
+		);
+
+		// " Once TLS has been started, the client MUST discard cached
+		//   information about server capabilities and SHOULD re-issue
+		//   the CAPA command.  This is necessary to protect against
+		//   man-in-the-middle attacks which alter the capabilities list
+		//   prior to STLS. " (RFC-2595)
+		invalidateCapabilities();
+
+	} catch (exceptions::command_error&) {
+
+		// Non-fatal error
+		throw;
+
+	} catch (exception&) {
+
+		// Fatal error
+		internalDisconnect();
+		throw;
+	}
+}
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+const std::vector <string> POP3Connection::getCapabilities() {
+
+	if (!m_capabilitiesFetched) {
+		fetchCapabilities();
+	}
+
+	return m_capabilities;
+}
+
+
+void POP3Connection::invalidateCapabilities() {
+
+	m_capabilities.clear();
+	m_capabilitiesFetched = false;
+}
+
+
+void POP3Connection::fetchCapabilities() {
+
+	POP3Command::CAPA()->send(dynamicCast <POP3Connection>(shared_from_this()));
+
+	shared_ptr <POP3Response> response =
+		POP3Response::readMultilineResponse(dynamicCast <POP3Connection>(shared_from_this()));
+
+	std::vector <string> res;
+
+	if (response->isSuccess()) {
+
+		for (size_t i = 0, n = response->getLineCount() ; i < n ; ++i) {
+			res.push_back(response->getLineAt(i));
+		}
+	}
+
+	m_capabilities = res;
+	m_capabilitiesFetched = true;
+}
+
+
+bool POP3Connection::isConnected() const {
+
+	return m_socket && m_socket->isConnected() && m_authenticated;
+}
+
+
+bool POP3Connection::isSecuredConnection() const {
+
+	return m_secured;
+}
+
+
+shared_ptr <connectionInfos> POP3Connection::getConnectionInfos() const {
+
+	return m_cntInfos;
+}
+
+
+shared_ptr <POP3Store> POP3Connection::getStore() {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <session> POP3Connection::getSession() {
+
+	return m_store.lock()->getSession();
+}
+
+
+shared_ptr <socket> POP3Connection::getSocket() {
+
+	return m_socket;
+}
+
+
+shared_ptr <tracer> POP3Connection::getTracer() {
+
+	return m_tracer;
+}
+
+
+shared_ptr <timeoutHandler> POP3Connection::getTimeoutHandler() {
+
+	return m_timeoutHandler;
+}
+
+
+shared_ptr <security::authenticator> POP3Connection::getAuthenticator() {
+
+	return m_auth;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
diff --git a/vmime-master/src/vmime/net/pop3/POP3Connection.hpp b/vmime-master/src/vmime/net/pop3/POP3Connection.hpp
new file mode 100644
index 0000000..26b3f3c
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Connection.hpp
@@ -0,0 +1,132 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3CONNECTION_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3CONNECTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/messageId.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/session.hpp"
+#include "vmime/net/connectionInfos.hpp"
+#include "vmime/net/tracer.hpp"
+
+#include "vmime/net/pop3/POP3Command.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+
+#include "vmime/security/authenticator.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class socket;
+class timeoutHandler;
+
+
+namespace pop3 {
+
+
+class POP3Store;
+
+
+/** Manage connection to a POP3 server.
+  */
+class VMIME_EXPORT POP3Connection : public object, public enable_shared_from_this <POP3Connection> {
+
+public:
+
+	POP3Connection(
+		const shared_ptr <POP3Store>& store,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	virtual ~POP3Connection();
+
+
+	virtual void connect();
+	virtual bool isConnected() const;
+	virtual void disconnect();
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+
+	virtual shared_ptr <POP3Store> getStore();
+	virtual shared_ptr <socket> getSocket();
+	virtual shared_ptr <timeoutHandler> getTimeoutHandler();
+	virtual shared_ptr <security::authenticator> getAuthenticator();
+	virtual shared_ptr <session> getSession();
+	virtual shared_ptr <tracer> getTracer();
+
+private:
+
+	void authenticate(const messageId& randomMID);
+#if VMIME_HAVE_SASL_SUPPORT
+	void authenticateSASL();
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	void startTLS();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	void fetchCapabilities();
+	void invalidateCapabilities();
+	const std::vector <string> getCapabilities();
+
+	void internalDisconnect();
+
+
+	weak_ptr <POP3Store> m_store;
+
+	shared_ptr <security::authenticator> m_auth;
+	shared_ptr <socket> m_socket;
+	shared_ptr <timeoutHandler> m_timeoutHandler;
+	shared_ptr <tracer> m_tracer;
+
+	bool m_authenticated;
+	bool m_secured;
+
+	shared_ptr <connectionInfos> m_cntInfos;
+
+	std::vector <string> m_capabilities;
+	bool m_capabilitiesFetched;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3CONNECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Folder.cpp b/vmime-master/src/vmime/net/pop3/POP3Folder.cpp
new file mode 100644
index 0000000..b69a483
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Folder.cpp
@@ -0,0 +1,822 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Folder.hpp"
+
+#include "vmime/net/pop3/POP3Store.hpp"
+#include "vmime/net/pop3/POP3Message.hpp"
+#include "vmime/net/pop3/POP3Command.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+#include "vmime/net/pop3/POP3FolderStatus.hpp"
+
+#include "vmime/net/pop3/POP3Utils.hpp"
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3Folder::POP3Folder(
+	const folder::path& path,
+	const shared_ptr <POP3Store>& store
+)
+	: m_store(store),
+	  m_path(path),
+	  m_name(path.isEmpty() ? folder::path::component("") : path.getLastComponent()),
+	  m_mode(-1),
+	  m_open(false) {
+
+	store->registerFolder(this);
+}
+
+
+POP3Folder::~POP3Folder() {
+
+	try {
+
+		shared_ptr <POP3Store> store = m_store.lock();
+
+		if (store) {
+
+			if (m_open) {
+				close(false);
+			}
+
+			store->unregisterFolder(this);
+
+		} else if (m_open) {
+
+			onClose();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+int POP3Folder::getMode() const {
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_mode;
+}
+
+
+const folderAttributes POP3Folder::getAttributes() {
+
+	folderAttributes attribs;
+
+	if (m_path.isEmpty()) {
+		attribs.setType(folderAttributes::TYPE_CONTAINS_FOLDERS);
+	} else if (m_path.getSize() == 1 && m_path[0].getBuffer() == "INBOX") {
+		attribs.setType(folderAttributes::TYPE_CONTAINS_MESSAGES);
+		attribs.setSpecialUse(folderAttributes::SPECIALUSE_INBOX);
+	} else {
+		throw exceptions::folder_not_found();
+	}
+
+	attribs.setFlags(0);
+
+	return attribs;
+}
+
+
+const folder::path::component POP3Folder::getName() const {
+
+	return m_name;
+}
+
+
+const folder::path POP3Folder::getFullPath() const {
+
+	return m_path;
+}
+
+
+void POP3Folder::open(const int mode, bool failIfModeIsNotAvailable) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (m_path.isEmpty()) {
+
+		if (mode != MODE_READ_ONLY && failIfModeIsNotAvailable) {
+			throw exceptions::operation_not_supported();
+		}
+
+		m_open = true;
+		m_mode = mode;
+
+		m_messageCount = 0;
+
+	} else if (m_path.getSize() == 1 && m_path[0].getBuffer() == "INBOX") {
+
+		POP3Command::STAT()->send(store->getConnection());
+
+		shared_ptr <POP3Response> response = POP3Response::readResponse(store->getConnection());
+
+		if (!response->isSuccess()) {
+			throw exceptions::command_error("STAT", response->getFirstLine());
+		}
+
+		std::istringstream iss(response->getText());
+		iss.imbue(std::locale::classic());
+		iss >> m_messageCount;
+
+		if (iss.fail()) {
+			throw exceptions::invalid_response("STAT", response->getFirstLine());
+		}
+
+		m_open = true;
+		m_mode = mode;
+
+	} else {
+
+		throw exceptions::folder_not_found();
+	}
+}
+
+
+void POP3Folder::close(const bool expunge) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (!expunge) {
+		POP3Command::RSET()->send(store->getConnection());
+		POP3Response::readResponse(store->getConnection());
+	}
+
+	m_open = false;
+	m_mode = -1;
+
+	onClose();
+}
+
+
+void POP3Folder::onClose() {
+
+	for (MessageMap::iterator it = m_messages.begin() ; it != m_messages.end() ; ++it) {
+		(*it).first->onFolderClosed();
+	}
+
+	m_messages.clear();
+}
+
+
+void POP3Folder::create(const folderAttributes& /* attribs */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+void POP3Folder::destroy() {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+bool POP3Folder::exists() {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	return m_path.isEmpty() || (m_path.getSize() == 1 && m_path[0].getBuffer() == "INBOX");
+}
+
+
+bool POP3Folder::isOpen() const {
+
+	return m_open;
+}
+
+
+shared_ptr <message> POP3Folder::getMessage(const size_t num) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	} else if (num < 1 || num > m_messageCount) {
+		throw exceptions::message_not_found();
+	}
+
+	return make_shared <POP3Message>(dynamicCast <POP3Folder>(shared_from_this()), num);
+}
+
+
+std::vector <shared_ptr <message> > POP3Folder::getMessages(const messageSet& msgs) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msgs.isNumberSet()) {
+
+		const std::vector <size_t> numbers = POP3Utils::messageSetToNumberList(msgs, m_messageCount);
+
+		std::vector <shared_ptr <message> > messages;
+		shared_ptr <POP3Folder> thisFolder(dynamicCast <POP3Folder>(shared_from_this()));
+
+		for (std::vector <size_t>::const_iterator it = numbers.begin() ; it != numbers.end() ; ++it) {
+
+			if (*it < 1|| *it > m_messageCount) {
+				throw exceptions::message_not_found();
+			}
+
+			messages.push_back(make_shared <POP3Message>(thisFolder, *it));
+		}
+
+		return messages;
+
+	} else {
+
+		throw exceptions::operation_not_supported();
+	}
+}
+
+
+size_t POP3Folder::getMessageCount() {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	return m_messageCount;
+}
+
+
+shared_ptr <folder> POP3Folder::getFolder(const folder::path::component& name) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	return shared_ptr <POP3Folder>(new POP3Folder(m_path / name, store));
+}
+
+
+std::vector <shared_ptr <folder> > POP3Folder::getFolders(const bool /* recursive */) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (m_path.isEmpty()) {
+
+		std::vector <shared_ptr <folder> > v;
+		v.push_back(shared_ptr <POP3Folder>(new POP3Folder(folder::path::component("INBOX"), store)));
+		return v;
+
+	} else {
+
+		std::vector <shared_ptr <folder> > v;
+		return v;
+	}
+}
+
+
+void POP3Folder::fetchMessages(
+	std::vector <shared_ptr <message> >& msg,
+	const fetchAttributes& options,
+    utility::progressListener* progress
+) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	if (msg.empty()) {
+		return;
+	}
+
+	const size_t total = msg.size();
+	size_t current = 0;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	for (std::vector <shared_ptr <message> >::iterator it = msg.begin() ;
+	     it != msg.end() ; ++it) {
+
+		dynamicCast <POP3Message>(*it)->fetch(
+			dynamicCast <POP3Folder>(shared_from_this()),
+			options
+		);
+
+		if (progress) {
+			progress->progress(++current, total);
+		}
+	}
+
+	if (options.has(fetchAttributes::SIZE)) {
+
+		// Send the "LIST" command
+		POP3Command::LIST()->send(store->getConnection());
+
+		// Get the response
+		shared_ptr <POP3Response> response =
+			POP3Response::readMultilineResponse(store->getConnection());
+
+		if (response->isSuccess()) {
+
+			// C: LIST
+			// S: +OK
+			// S: 1 47548
+			// S: 2 12653
+			// S: .
+			std::map <size_t, string> result;
+			POP3Utils::parseMultiListOrUidlResponse(response, result);
+
+			for (std::vector <shared_ptr <message> >::iterator it = msg.begin() ;
+			     it != msg.end() ; ++it) {
+
+				shared_ptr <POP3Message> m = dynamicCast <POP3Message>(*it);
+
+				std::map <size_t, string>::const_iterator x = result.find(m->m_num);
+
+				if (x != result.end()) {
+
+					size_t size = 0;
+
+					std::istringstream iss((*x).second);
+					iss.imbue(std::locale::classic());
+					iss >> size;
+
+					m->m_size = size;
+				}
+			}
+		}
+	}
+
+	if (options.has(fetchAttributes::UID)) {
+
+		// Send the "UIDL" command
+		POP3Command::UIDL()->send(store->getConnection());
+
+		// Get the response
+		shared_ptr <POP3Response> response =
+			POP3Response::readMultilineResponse(store->getConnection());
+
+		if (response->isSuccess()) {
+
+			// C: UIDL
+			// S: +OK
+			// S: 1 whqtswO00WBw418f9t5JxYwZ
+			// S: 2 QhdPYR:00WBw1Ph7x7
+			// S: .
+			std::map <size_t, string> result;
+			POP3Utils::parseMultiListOrUidlResponse(response, result);
+
+			for (std::vector <shared_ptr <message> >::iterator it = msg.begin() ;
+			     it != msg.end() ; ++it) {
+
+				shared_ptr <POP3Message> m = dynamicCast <POP3Message>(*it);
+
+				std::map <size_t, string>::const_iterator x = result.find(m->m_num);
+
+				if (x != result.end()) {
+					m->m_uid = (*x).second;
+				}
+			}
+		}
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+}
+
+
+void POP3Folder::fetchMessage(const shared_ptr <message>& msg, const fetchAttributes& options) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	dynamicCast <POP3Message>(msg)->fetch(
+		dynamicCast <POP3Folder>(shared_from_this()),
+		options
+	);
+
+	if (options.has(fetchAttributes::SIZE)) {
+
+		// Send the "LIST" command
+		POP3Command::LIST(msg->getNumber())->send(store->getConnection());
+
+		// Get the response
+		shared_ptr <POP3Response> response =
+			POP3Response::readResponse(store->getConnection());
+
+		if (response->isSuccess()) {
+
+			string responseText = response->getText();
+
+			// C: LIST 2
+			// S: +OK 2 4242
+			string::iterator it = responseText.begin();
+
+			while (it != responseText.end() && (*it == ' ' || *it == '\t')) ++it;
+			while (it != responseText.end() && !(*it == ' ' || *it == '\t')) ++it;
+			while (it != responseText.end() && (*it == ' ' || *it == '\t')) ++it;
+
+			if (it != responseText.end()) {
+
+				size_t size = 0;
+
+				std::istringstream iss(string(it, responseText.end()));
+				iss.imbue(std::locale::classic());
+				iss >> size;
+
+				dynamicCast <POP3Message>(msg)->m_size = size;
+			}
+		}
+	}
+
+	if (options.has(fetchAttributes::UID)) {
+
+		// Send the "UIDL" command
+		POP3Command::UIDL(msg->getNumber())->send(store->getConnection());
+
+		// Get the response
+		shared_ptr <POP3Response> response =
+			POP3Response::readResponse(store->getConnection());
+
+		if (response->isSuccess()) {
+
+			string responseText = response->getText();
+
+			// C: UIDL 2
+			// S: +OK 2 QhdPYR:00WBw1Ph7x7
+			string::iterator it = responseText.begin();
+
+			while (it != responseText.end() && (*it == ' ' || *it == '\t')) ++it;
+			while (it != responseText.end() && !(*it == ' ' || *it == '\t')) ++it;
+			while (it != responseText.end() && (*it == ' ' || *it == '\t')) ++it;
+
+			if (it != responseText.end()) {
+				dynamicCast <POP3Message>(msg)->m_uid = string(it, responseText.end());
+			}
+		}
+	}
+}
+
+
+std::vector <shared_ptr <message> > POP3Folder::getAndFetchMessages(
+	const messageSet& msgs,
+	const fetchAttributes& attribs
+) {
+
+	if (msgs.isEmpty()) {
+		return std::vector <shared_ptr <message> >();
+	}
+
+	std::vector <shared_ptr <message> > messages = getMessages(msgs);
+	fetchMessages(messages, attribs);
+
+	return messages;
+}
+
+
+int POP3Folder::getFetchCapabilities() const {
+
+	return fetchAttributes::ENVELOPE |
+	       fetchAttributes::CONTENT_INFO |
+	       fetchAttributes::SIZE |
+	       fetchAttributes::FULL_HEADER |
+	       fetchAttributes::UID |
+	       fetchAttributes::IMPORTANCE;
+}
+
+
+shared_ptr <folder> POP3Folder::getParent() {
+
+	if (m_path.isEmpty()) {
+		return null;
+	} else {
+		return shared_ptr <POP3Folder>(new POP3Folder(m_path.getParent(), m_store.lock()));
+	}
+}
+
+
+shared_ptr <const store> POP3Folder::getStore() const {
+
+	return m_store.lock();
+}
+
+
+shared_ptr <store> POP3Folder::getStore() {
+
+	return m_store.lock();
+}
+
+
+void POP3Folder::registerMessage(POP3Message* msg) {
+
+	m_messages.insert(MessageMap::value_type(msg, msg->getNumber()));
+}
+
+
+void POP3Folder::unregisterMessage(POP3Message* msg) {
+
+	m_messages.erase(msg);
+}
+
+
+void POP3Folder::onStoreDisconnected() {
+
+	m_store.reset();
+}
+
+
+void POP3Folder::deleteMessages(const messageSet& msgs) {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	const std::vector <size_t> nums = POP3Utils::messageSetToNumberList(msgs, m_messageCount);
+
+	if (nums.empty()) {
+		throw exceptions::invalid_argument();
+	}
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	} else if (!isOpen()) {
+		throw exceptions::illegal_state("Folder not open");
+	}
+
+	for (std::vector <size_t>::const_iterator
+	     it = nums.begin() ; it != nums.end() ; ++it) {
+
+		POP3Command::DELE(*it)->send(store->getConnection());
+
+		shared_ptr <POP3Response> response =
+			POP3Response::readResponse(store->getConnection());
+
+		if (!response->isSuccess()) {
+			throw exceptions::command_error("DELE", response->getFirstLine());
+		}
+	}
+
+	// Sort message list
+	std::vector <size_t> list;
+
+	list.resize(nums.size());
+	std::copy(nums.begin(), nums.end(), list.begin());
+
+	std::sort(list.begin(), list.end());
+
+	// Update local flags
+	for (std::map <POP3Message*, size_t>::iterator it =
+	     m_messages.begin() ; it != m_messages.end() ; ++it) {
+
+		POP3Message* msg = (*it).first;
+
+		if (std::binary_search(list.begin(), list.end(), msg->getNumber())) {
+			msg->m_deleted = true;
+		}
+	}
+
+	// Notify message flags changed
+	shared_ptr <events::messageChangedEvent> event =
+		make_shared <events::messageChangedEvent>(
+			dynamicCast <folder>(shared_from_this()),
+			events::messageChangedEvent::TYPE_FLAGS,
+			list
+		);
+
+	notifyMessageChanged(event);
+}
+
+
+void POP3Folder::setMessageFlags(
+	const messageSet& /* msgs */,
+	const int /* flags */,
+	const int /* mode */
+) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+void POP3Folder::rename(const folder::path& /* newPath */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+messageSet POP3Folder::addMessage(
+	const shared_ptr <vmime::message>& /* msg */,
+	const int /* flags */,
+	vmime::datetime* /* date */,
+	utility::progressListener* /* progress */
+) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+messageSet POP3Folder::addMessage(
+	utility::inputStream& /* is */,
+	const size_t /* size */,
+	const int /* flags */,
+	vmime::datetime* /* date */,
+	utility::progressListener* /* progress */
+) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+messageSet POP3Folder::copyMessages(
+	const folder::path& /* dest */,
+	const messageSet& /* msgs */
+) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+void POP3Folder::status(size_t& count, size_t& unseen) {
+
+	count = 0;
+	unseen = 0;
+
+	shared_ptr <folderStatus> status = getStatus();
+
+	count = status->getMessageCount();
+	unseen = status->getUnseenCount();
+
+	m_messageCount = count;
+}
+
+
+shared_ptr <folderStatus> POP3Folder::getStatus() {
+
+	shared_ptr <POP3Store> store = m_store.lock();
+
+	if (!store) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	POP3Command::STAT()->send(store->getConnection());
+
+	shared_ptr <POP3Response> response =
+		POP3Response::readResponse(store->getConnection());
+
+	if (!response->isSuccess()) {
+		throw exceptions::command_error("STAT", response->getFirstLine());
+	}
+
+
+	size_t count = 0;
+
+	std::istringstream iss(response->getText());
+	iss.imbue(std::locale::classic());
+	iss >> count;
+
+	shared_ptr <POP3FolderStatus> status = make_shared <POP3FolderStatus>();
+
+	status->setMessageCount(count);
+	status->setUnseenCount(count);
+
+	// Update local message count
+	if (m_messageCount != count) {
+
+		const size_t oldCount = m_messageCount;
+
+		m_messageCount = count;
+
+		if (count > oldCount) {
+
+			std::vector <size_t> nums;
+			nums.resize(count - oldCount);
+
+			for (size_t i = oldCount + 1, j = 0 ; i <= count ; ++i, ++j) {
+				nums[j] = i;
+			}
+
+			// Notify message count changed
+			shared_ptr <events::messageCountEvent> event =
+				make_shared <events::messageCountEvent>(
+					dynamicCast <folder>(shared_from_this()),
+					events::messageCountEvent::TYPE_ADDED,
+					nums
+				);
+
+			notifyMessageCount(event);
+
+			// Notify folders with the same path
+			for (std::list <POP3Folder*>::iterator it = store->m_folders.begin() ;
+			     it != store->m_folders.end() ; ++it) {
+
+				if ((*it) != this && (*it)->getFullPath() == m_path) {
+
+					(*it)->m_messageCount = count;
+
+					shared_ptr <events::messageCountEvent> event =
+						make_shared <events::messageCountEvent>(
+							dynamicCast <folder>((*it)->shared_from_this()),
+							events::messageCountEvent::TYPE_ADDED,
+							nums
+						);
+
+					(*it)->notifyMessageCount(event);
+				}
+			}
+		}
+	}
+
+	return status;
+}
+
+
+void POP3Folder::expunge() {
+
+	// Not supported by POP3 protocol (deleted messages are automatically
+	// expunged at the end of the session...).
+}
+
+
+std::vector <size_t> POP3Folder::getMessageNumbersStartingOnUID(const message::uid& /* uid */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3Folder.hpp b/vmime-master/src/vmime/net/pop3/POP3Folder.hpp
new file mode 100644
index 0000000..73e29f9
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Folder.hpp
@@ -0,0 +1,179 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3FOLDER_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3FOLDER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include <vector>
+#include <map>
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/folder.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+class POP3Store;
+class POP3Message;
+
+
+/** POP3 folder implementation.
+  */
+class VMIME_EXPORT POP3Folder : public folder {
+
+private:
+
+	friend class POP3Store;
+	friend class POP3Message;
+
+	POP3Folder(const POP3Folder&);
+	POP3Folder(const folder::path& path, const shared_ptr <POP3Store>& store);
+
+public:
+
+	~POP3Folder();
+
+	int getMode() const;
+
+	const folderAttributes getAttributes();
+
+	const folder::path::component getName() const;
+	const folder::path getFullPath() const;
+
+	void open(const int mode, bool failIfModeIsNotAvailable = false);
+	void close(const bool expunge);
+	void create(const folderAttributes& attribs);
+
+	bool exists();
+
+	void destroy();
+
+	bool isOpen() const;
+
+	shared_ptr <message> getMessage(const size_t num);
+	std::vector <shared_ptr <message> > getMessages(const messageSet& msgs);
+
+	size_t getMessageCount();
+
+	shared_ptr <folder> getFolder(const folder::path::component& name);
+	std::vector <shared_ptr <folder> > getFolders(const bool recursive = false);
+
+	void rename(const folder::path& newPath);
+
+	void deleteMessages(const messageSet& msgs);
+
+	void setMessageFlags(
+		const messageSet& msgs,
+		const int flags,
+		const int mode = message::FLAG_MODE_SET
+	);
+
+	messageSet addMessage(
+		const shared_ptr <vmime::message>& msg,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet addMessage(
+		utility::inputStream& is,
+		const size_t size,
+		const int flags = -1,
+		vmime::datetime* date = NULL,
+		utility::progressListener* progress = NULL
+	);
+
+	messageSet copyMessages(const folder::path& dest, const messageSet& msgs);
+
+	void status(size_t& count, size_t& unseen);
+	shared_ptr <folderStatus> getStatus();
+
+	void expunge();
+
+	shared_ptr <folder> getParent();
+
+	shared_ptr <const store> getStore() const;
+	shared_ptr <store> getStore();
+
+
+	void fetchMessages(
+		std::vector <shared_ptr <message> >& msg,
+		const fetchAttributes& options,
+		utility::progressListener* progress = NULL
+	);
+
+	void fetchMessage(const shared_ptr <message>& msg, const fetchAttributes& options);
+
+	std::vector <shared_ptr <message> > getAndFetchMessages(
+		const messageSet& msgs,
+		const fetchAttributes& attribs
+	);
+
+	int getFetchCapabilities() const;
+
+	std::vector <size_t> getMessageNumbersStartingOnUID(const message::uid& uid);
+
+private:
+
+	void registerMessage(POP3Message* msg);
+	void unregisterMessage(POP3Message* msg);
+
+	void onStoreDisconnected();
+
+	void onClose();
+
+
+	weak_ptr <POP3Store> m_store;
+
+	folder::path m_path;
+	folder::path::component m_name;
+
+	int m_mode;
+	bool m_open;
+
+	size_t m_messageCount;
+
+	typedef std::map <POP3Message*, size_t> MessageMap;
+	MessageMap m_messages;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3FOLDER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3FolderStatus.cpp b/vmime-master/src/vmime/net/pop3/POP3FolderStatus.cpp
new file mode 100644
index 0000000..9f2c49f
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3FolderStatus.cpp
@@ -0,0 +1,88 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3FolderStatus.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3FolderStatus::POP3FolderStatus()
+	: m_count(0),
+	  m_unseen(0) {
+
+}
+
+
+POP3FolderStatus::POP3FolderStatus(const POP3FolderStatus& other)
+	: folderStatus(),
+	  m_count(other.m_count),
+	  m_unseen(other.m_unseen) {
+
+}
+
+
+size_t POP3FolderStatus::getMessageCount() const {
+
+	return m_count;
+}
+
+
+size_t POP3FolderStatus::getUnseenCount() const {
+
+	return m_unseen;
+}
+
+
+void POP3FolderStatus::setMessageCount(const size_t count) {
+
+	m_count = count;
+}
+
+
+void POP3FolderStatus::setUnseenCount(const size_t unseen) {
+
+	m_unseen = unseen;
+}
+
+
+shared_ptr <folderStatus> POP3FolderStatus::clone() const {
+
+	return make_shared <POP3FolderStatus>(*this);
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
diff --git a/vmime-master/src/vmime/net/pop3/POP3FolderStatus.hpp b/vmime-master/src/vmime/net/pop3/POP3FolderStatus.hpp
new file mode 100644
index 0000000..0ce413e
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3FolderStatus.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3FOLDERSTATUS_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3FOLDERSTATUS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/folderStatus.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+/** Holds the status of a POP3 folder.
+  */
+class VMIME_EXPORT POP3FolderStatus : public folderStatus {
+
+public:
+
+	POP3FolderStatus();
+	POP3FolderStatus(const POP3FolderStatus& other);
+
+	// Inherited from folderStatus
+	size_t getMessageCount() const;
+	size_t getUnseenCount() const;
+
+	shared_ptr <folderStatus> clone() const;
+
+
+	void setMessageCount(const size_t count);
+	void setUnseenCount(const size_t unseen);
+
+private:
+
+	size_t m_count;
+	size_t m_unseen;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3FOLDERSTATUS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Message.cpp b/vmime-master/src/vmime/net/pop3/POP3Message.cpp
new file mode 100644
index 0000000..8d6b7f5
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Message.cpp
@@ -0,0 +1,283 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Message.hpp"
+#include "vmime/net/pop3/POP3Command.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+#include "vmime/net/pop3/POP3Folder.hpp"
+#include "vmime/net/pop3/POP3Store.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3Message::POP3Message(
+	const shared_ptr <POP3Folder>& folder,
+	const size_t num
+)
+	: m_folder(folder),
+	  m_num(num),
+	  m_size(-1),
+	  m_deleted(false) {
+
+	folder->registerMessage(this);
+}
+
+
+POP3Message::~POP3Message() {
+
+	try {
+
+		shared_ptr <POP3Folder> folder = m_folder.lock();
+
+		if (folder) {
+			folder->unregisterMessage(this);
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void POP3Message::onFolderClosed() {
+
+	m_folder.reset();
+}
+
+
+size_t POP3Message::getNumber() const {
+
+	return m_num;
+}
+
+
+const message::uid POP3Message::getUID() const {
+
+	return m_uid;
+}
+
+
+size_t POP3Message::getSize() const {
+
+	if (m_size == static_cast <size_t>(-1)) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_size;
+}
+
+
+bool POP3Message::isExpunged() const {
+
+	return false;
+}
+
+
+int POP3Message::getFlags() const {
+
+	int flags = 0;
+
+	if (m_deleted) {
+		flags |= FLAG_DELETED;
+	}
+
+	return flags;
+}
+
+
+shared_ptr <const messageStructure> POP3Message::getStructure() const {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+shared_ptr <messageStructure> POP3Message::getStructure() {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+shared_ptr <const header> POP3Message::getHeader() const {
+
+	if (!m_header) {
+		throw exceptions::unfetched_object();
+	}
+
+	return m_header;
+}
+
+
+void POP3Message::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t start,
+	const size_t length,
+	const bool /* peek */
+) const {
+
+	shared_ptr <const POP3Folder> folder = m_folder.lock();
+
+	if (!folder) {
+		throw exceptions::illegal_state("Folder closed");
+	} else if (!folder->getStore()) {
+		throw exceptions::illegal_state("Store disconnected");
+	}
+
+	if (start != 0 && length != static_cast <size_t>(-1)) {
+		throw exceptions::partial_fetch_not_supported();
+	}
+
+	// Emit the "RETR" command
+	shared_ptr <POP3Store> store = folder->m_store.lock();
+
+	POP3Command::RETR(m_num)->send(store->getConnection());
+
+	try {
+
+		POP3Response::readLargeResponse(
+			store->getConnection(), os, progress,
+			m_size == static_cast <size_t>(-1) ? 0 : m_size
+		);
+
+	} catch (exceptions::command_error& e) {
+
+		throw exceptions::command_error("RETR", e.response());
+	}
+}
+
+
+void POP3Message::extractPart(
+	const shared_ptr <const messagePart>& /* p */,
+	utility::outputStream& /* os */,
+	utility::progressListener* /* progress */,
+	const size_t /* start */,
+	const size_t /* length */,
+	const bool /* peek */
+) const {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+void POP3Message::fetchPartHeader(const shared_ptr <messagePart>& /* p */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+void POP3Message::fetch(
+	const shared_ptr <POP3Folder>& msgFolder,
+	const fetchAttributes& options
+) {
+
+	shared_ptr <POP3Folder> folder = m_folder.lock();
+
+	if (folder != msgFolder) {
+		throw exceptions::folder_not_found();
+	}
+
+	// STRUCTURE and FLAGS attributes are not supported by POP3
+	if (options.has(fetchAttributes::STRUCTURE | fetchAttributes::FLAGS)) {
+		throw exceptions::operation_not_supported();
+	}
+
+	// Check for the real need to fetch the full header
+	static const int optionsRequiringHeader =
+		fetchAttributes::ENVELOPE | fetchAttributes::CONTENT_INFO |
+		fetchAttributes::FULL_HEADER | fetchAttributes::IMPORTANCE;
+
+	if (!options.has(optionsRequiringHeader)) {
+		return;
+	}
+
+	// No need to differenciate between ENVELOPE, CONTENT_INFO, ...
+	// since POP3 only permits to retrieve the whole header and not
+	// fields in particular.
+
+	// Emit the "TOP" command
+	shared_ptr <POP3Store> store = folder->m_store.lock();
+
+	POP3Command::TOP(m_num, 0)->send(store->getConnection());
+
+	try {
+
+		string buffer;
+		utility::outputStreamStringAdapter bufferStream(buffer);
+
+		POP3Response::readLargeResponse(
+			store->getConnection(),
+			bufferStream, /* progress */ NULL, /* predictedSize */ 0
+		);
+
+		m_header = make_shared <header>();
+		m_header->parse(buffer);
+
+	} catch (exceptions::command_error& e) {
+
+		throw exceptions::command_error("TOP", e.response());
+	}
+}
+
+
+void POP3Message::setFlags(const int /* flags */, const int /* mode */) {
+
+	throw exceptions::operation_not_supported();
+}
+
+
+shared_ptr <vmime::message> POP3Message::getParsedMessage() {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter os(oss);
+
+	extract(os);
+
+	shared_ptr <vmime::message> msg = make_shared <vmime::message>();
+	msg->parse(oss.str());
+
+	return msg;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3Message.hpp b/vmime-master/src/vmime/net/pop3/POP3Message.hpp
new file mode 100644
index 0000000..3d6dc92
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Message.hpp
@@ -0,0 +1,124 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3MESSAGE_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3MESSAGE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/message.hpp"
+#include "vmime/net/folder.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+class POP3Folder;
+
+
+/** POP3 message implementation.
+  */
+class VMIME_EXPORT POP3Message : public message {
+
+private:
+
+	friend class POP3Folder;
+
+	POP3Message(const POP3Message&);
+
+public:
+
+	POP3Message(const shared_ptr <POP3Folder>& folder, const size_t num);
+
+	~POP3Message();
+
+
+	size_t getNumber() const;
+
+	const uid getUID() const;
+
+	size_t getSize() const;
+
+	bool isExpunged() const;
+
+	shared_ptr <const messageStructure> getStructure() const;
+	shared_ptr <messageStructure> getStructure();
+
+	shared_ptr <const header> getHeader() const;
+
+	int getFlags() const;
+	void setFlags(const int flags, const int mode = FLAG_MODE_SET);
+
+	void extract(
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void extractPart(
+		const shared_ptr <const messagePart>& p,
+		utility::outputStream& os,
+		utility::progressListener* progress = NULL,
+		const size_t start = 0,
+		const size_t length = -1,
+		const bool peek = false
+	) const;
+
+	void fetchPartHeader(const shared_ptr <messagePart>& p);
+
+	shared_ptr <vmime::message> getParsedMessage();
+
+private:
+
+	void fetch(const shared_ptr <POP3Folder>& folder, const fetchAttributes& options);
+
+	void onFolderClosed();
+
+	weak_ptr <POP3Folder> m_folder;
+	size_t m_num;
+	uid m_uid;
+	size_t m_size;
+
+	bool m_deleted;
+
+	shared_ptr <header> m_header;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3MESSAGE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Response.cpp b/vmime-master/src/vmime/net/pop3/POP3Response.cpp
new file mode 100644
index 0000000..725841e
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Response.cpp
@@ -0,0 +1,504 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Response.hpp"
+#include "vmime/net/pop3/POP3Connection.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/filteredStream.hpp"
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/inputStreamSocketAdapter.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3Response::POP3Response(
+	const shared_ptr <socket>& sok,
+	const shared_ptr <timeoutHandler>& toh,
+	const shared_ptr <tracer>& tracer
+)
+	: m_socket(sok),
+	  m_timeoutHandler(toh),
+	  m_tracer(tracer) {
+
+}
+
+
+// static
+shared_ptr <POP3Response> POP3Response::readResponse(
+	const shared_ptr <POP3Connection>& conn
+) {
+
+	shared_ptr <POP3Response> resp = shared_ptr <POP3Response>(
+		new POP3Response(conn->getSocket(), conn->getTimeoutHandler(), conn->getTracer())
+	);
+
+	string buffer;
+	resp->readResponseImpl(buffer, /* multiLine */ false);
+
+	resp->m_firstLine = buffer;
+	resp->m_code = getResponseCode(buffer);
+	stripResponseCode(buffer, resp->m_text);
+
+	if (resp->m_tracer) {
+		resp->m_tracer->traceReceive(buffer);
+	}
+
+	return resp;
+}
+
+
+// static
+shared_ptr <POP3Response> POP3Response::readMultilineResponse(
+	const shared_ptr <POP3Connection>& conn
+) {
+
+	shared_ptr <POP3Response> resp = shared_ptr <POP3Response>(
+		new POP3Response(conn->getSocket(), conn->getTimeoutHandler(), conn->getTracer())
+	);
+
+	string buffer;
+	resp->readResponseImpl(buffer, /* multiLine */ true);
+
+	string firstLine, nextLines;
+	stripFirstLine(buffer, nextLines, &firstLine);
+
+	resp->m_firstLine = firstLine;
+	resp->m_code = getResponseCode(firstLine);
+	stripResponseCode(firstLine, resp->m_text);
+
+	std::istringstream iss(nextLines);
+	string line;
+
+	if (resp->m_tracer) {
+		resp->m_tracer->traceReceive(firstLine);
+	}
+
+	while (std::getline(iss, line, '\n')) {
+
+		line = utility::stringUtils::trim(line);
+		resp->m_lines.push_back(line);
+
+		if (resp->m_tracer) {
+			resp->m_tracer->traceReceive(line);
+		}
+	}
+
+	if (resp->m_tracer) {
+		resp->m_tracer->traceReceive(".");
+	}
+
+	return resp;
+}
+
+
+// static
+shared_ptr <POP3Response> POP3Response::readLargeResponse(
+	const shared_ptr <POP3Connection>& conn,
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t predictedSize
+) {
+
+	shared_ptr <POP3Response> resp = shared_ptr <POP3Response>(
+		new POP3Response(conn->getSocket(), conn->getTimeoutHandler(), conn->getTracer())
+	);
+
+	string firstLine;
+	const size_t length = resp->readResponseImpl(firstLine, os, progress, predictedSize);
+
+	resp->m_firstLine = firstLine;
+	resp->m_code = getResponseCode(firstLine);
+	stripResponseCode(firstLine, resp->m_text);
+
+	if (resp->m_tracer) {
+		resp->m_tracer->traceReceive(firstLine);
+		resp->m_tracer->traceReceiveBytes(length - firstLine.length());
+		resp->m_tracer->traceReceive(".");
+	}
+
+	return resp;
+}
+
+
+bool POP3Response::isSuccess() const {
+
+	return m_code == CODE_OK;
+}
+
+
+const string POP3Response::getFirstLine() const {
+
+	return m_firstLine;
+}
+
+
+POP3Response::ResponseCode POP3Response::getCode() const {
+
+	return m_code;
+}
+
+
+const string POP3Response::getText() const {
+
+	return m_text;
+}
+
+
+const string POP3Response::getLineAt(const size_t pos) const {
+
+	return m_lines[pos];
+}
+
+
+size_t POP3Response::getLineCount() const {
+
+	return m_lines.size();
+}
+
+
+void POP3Response::readResponseImpl(string& buffer, const bool multiLine) {
+
+	bool foundTerminator = false;
+
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	buffer.clear();
+
+	char last1 = '\0', last2 = '\0';
+
+	for ( ; !foundTerminator ; ) {
+
+		// Check whether the time-out delay is elapsed
+		if (m_timeoutHandler && m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+				throw exceptions::operation_timed_out();
+			}
+
+			m_timeoutHandler->resetTimeOut();
+		}
+
+		// Receive data from the socket
+		string receiveBuffer;
+		m_socket->receive(receiveBuffer);
+
+		if (receiveBuffer.empty()) {  // buffer is empty
+
+			if (m_socket->getStatus() & socket::STATUS_WANT_WRITE) {
+				m_socket->waitForWrite();
+			} else {
+				m_socket->waitForRead();
+			}
+
+			continue;
+		}
+
+		// We have received data: reset the time-out counter
+		if (m_timeoutHandler) {
+			m_timeoutHandler->resetTimeOut();
+		}
+
+		// Check for transparent characters: '\n..' becomes '\n.'
+		const char first = receiveBuffer[0];
+
+		if (first == '.' && last2 == '\n' && last1 == '.') {
+
+			receiveBuffer.erase(receiveBuffer.begin());
+
+		} else if (receiveBuffer.length() >= 2 && first == '.' &&
+		           receiveBuffer[1] == '.' && last1 == '\n') {
+
+			receiveBuffer.erase(receiveBuffer.begin());
+		}
+
+		for (size_t trans ;
+		     string::npos != (trans = receiveBuffer.find("\n..")) ; ) {
+
+			receiveBuffer.replace(trans, 3, "\n.");
+		}
+
+		last1 = receiveBuffer[receiveBuffer.length() - 1];
+		last2 = static_cast <char>((receiveBuffer.length() >= 2) ? receiveBuffer[receiveBuffer.length() - 2] : 0);
+
+		// Append the data to the response buffer
+		buffer += receiveBuffer;
+
+		// Check for terminator string (and strip it if present)
+		foundTerminator = checkTerminator(buffer, multiLine);
+
+		// If there is an error (-ERR) when executing a command that
+		// requires a multi-line response, the error response will
+		// include only one line, so we stop waiting for a multi-line
+		// terminator and check for a "normal" one.
+		if (multiLine &&
+		    !foundTerminator &&
+		    buffer.length() >= 4 && buffer[0] == '-') {
+
+			foundTerminator = checkTerminator(buffer, false);
+		}
+	}
+}
+
+
+size_t POP3Response::readResponseImpl(
+	string& firstLine,
+	utility::outputStream& os,
+	utility::progressListener* progress,
+	const size_t predictedSize
+) {
+
+	size_t current = 0, total = predictedSize;
+
+	string temp;
+	bool codeDone = false;
+
+	if (progress) {
+		progress->start(total);
+	}
+
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	utility::inputStreamSocketAdapter sis(*m_socket);
+	utility::stopSequenceFilteredInputStream <5> sfis1(sis, "\r\n.\r\n");
+	utility::stopSequenceFilteredInputStream <3> sfis2(sfis1, "\n.\n");
+	utility::dotFilteredInputStream dfis(sfis2);   // "\n.." --> "\n."
+
+	utility::inputStream& is = dfis;
+
+	while (!is.eof()) {
+
+		// Check whether the time-out delay is elapsed
+		if (m_timeoutHandler && m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+				throw exceptions::operation_timed_out();
+			}
+		}
+
+		// Receive data from the socket
+		byte_t buffer[65536];
+		const size_t read = is.read(buffer, sizeof(buffer));
+
+		if (read == 0) {  // buffer is empty
+
+			if (m_socket->getStatus() & socket::STATUS_WANT_WRITE) {
+				m_socket->waitForWrite();
+			} else if (m_socket->getStatus() & socket::STATUS_WANT_READ) {
+				m_socket->waitForRead();
+			} else {
+				// Input stream needs more bytes to continue, but there
+				// is enough data into socket buffer. Do not waitForRead(),
+				// just retry read()ing on the stream.
+			}
+
+			continue;
+		}
+
+		// We have received data: reset the time-out counter
+		if (m_timeoutHandler) {
+			m_timeoutHandler->resetTimeOut();
+		}
+
+		// Notify progress
+		current += read;
+
+		if (progress) {
+			total = std::max(total, current);
+			progress->progress(current, total);
+		}
+
+		// If we don't have extracted the response code yet
+		if (!codeDone) {
+
+			vmime::utility::stringUtils::appendBytesToString(temp, buffer, read);
+
+			string responseData;
+
+			if (stripFirstLine(temp, responseData, &firstLine) == true) {
+
+				if (getResponseCode(firstLine) != CODE_OK) {
+					throw exceptions::command_error("?", firstLine);
+				}
+
+				codeDone = true;
+
+				os.write(responseData.data(), responseData.length());
+				temp.clear();
+
+				continue;
+			}
+
+		} else {
+
+			// Inject the data into the output stream
+			os.write(buffer, read);
+		}
+	}
+
+	if (progress) {
+		progress->stop(total);
+	}
+
+	return current;
+}
+
+
+// static
+bool POP3Response::stripFirstLine(
+	const string& buffer,
+	string& result,
+	string* firstLine
+) {
+
+	const size_t end = buffer.find('\n');
+
+	if (end != string::npos) {
+
+		if (firstLine) {
+			*firstLine = utility::stringUtils::trim(buffer.substr(0, end));
+		}
+
+		result = buffer.substr(end + 1);
+
+		return true;
+
+	} else {
+
+		if (firstLine) {
+			*firstLine = utility::stringUtils::trim(buffer);
+		}
+
+		result = "";
+
+		return false;
+	}
+}
+
+
+// static
+POP3Response::ResponseCode POP3Response::getResponseCode(const string& buffer) {
+
+	if (buffer.length() >= 2) {
+
+		// +[space]
+		if (buffer[0] == '+' &&
+		    (buffer[1] == ' ' || buffer[1] == '\t')) {
+
+			return CODE_READY;
+		}
+
+		// +OK
+		if (buffer.length() >= 3) {
+
+			if (buffer[0] == '+' &&
+			    (buffer[1] == 'O' || buffer[1] == 'o') &&
+			    (buffer[2] == 'K' || buffer[1] == 'k')) {
+
+				return CODE_OK;
+			}
+		}
+	}
+
+	// -ERR or whatever
+	return CODE_ERR;
+}
+
+
+// static
+void POP3Response::stripResponseCode(const string& buffer, string& result) {
+
+	const size_t pos = buffer.find_first_of(" \t");
+
+	if (pos != string::npos) {
+		result = buffer.substr(pos + 1);
+	} else {
+		result = buffer;
+	}
+}
+
+
+// static
+bool POP3Response::checkTerminator(string& buffer, const bool multiLine) {
+
+	// Multi-line response
+	if (multiLine) {
+
+		static const string term1("\r\n.\r\n");
+		static const string term2("\n.\n");
+
+		return checkOneTerminator(buffer, term1) ||
+		       checkOneTerminator(buffer, term2);
+
+	// Normal response
+	} else {
+
+		static const string term1("\r\n");
+		static const string term2("\n");
+
+		return checkOneTerminator(buffer, term1) ||
+		       checkOneTerminator(buffer, term2);
+	}
+
+	return false;
+}
+
+
+// static
+bool POP3Response::checkOneTerminator(string& buffer, const string& term) {
+
+	if (buffer.length() >= term.length() &&
+		std::equal(buffer.end() - term.length(), buffer.end(), term.begin())) {
+
+		buffer.erase(buffer.end() - term.length(), buffer.end());
+		return true;
+	}
+
+	return false;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
diff --git a/vmime-master/src/vmime/net/pop3/POP3Response.hpp b/vmime-master/src/vmime/net/pop3/POP3Response.hpp
new file mode 100644
index 0000000..69f8d5d
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Response.hpp
@@ -0,0 +1,194 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_POP3RESPONSE_HPP_INCLUDED
+#define VMIME_NET_SMTP_POP3RESPONSE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/object.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/utility/outputStream.hpp"
+#include "vmime/utility/progressListener.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/tracer.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class timeoutHandler;
+
+
+namespace pop3 {
+
+
+class POP3Connection;
+
+
+/** A POP3 response, as sent by the server.
+  */
+class VMIME_EXPORT POP3Response : public object {
+
+public:
+
+	/** Possible response codes. */
+	enum ResponseCode {
+		CODE_OK = 0,
+		CODE_READY,
+		CODE_ERR
+	};
+
+
+	/** Receive and parse a POP3 response from the
+	  * specified connection.
+	  *
+	  * @param conn connection from which to read
+	  * @return POP3 response
+	  * @throws exceptions::operation_timed_out if no data
+	  * has been received within the granted time
+	  */
+	static shared_ptr <POP3Response> readResponse(const shared_ptr <POP3Connection>& conn);
+
+	/** Receive and parse a multiline POP3 response from
+	  * the specified connection.
+	  *
+	  * @param conn connection from which to read
+	  * @return POP3 response
+	  * @throws exceptions::operation_timed_out if no data
+	  * has been received within the granted time
+	  */
+	static shared_ptr <POP3Response> readMultilineResponse(const shared_ptr <POP3Connection>& conn);
+
+	/** Receive and parse a large POP3 response (eg. message data)
+	  * from the specified connection.
+	  *
+	  * @param conn connection from which to read
+	  * @param os output stream to which response data will be written
+	  * @param progress progress listener (can be NULL)
+	  * @param predictedSize estimated size of response data (in bytes)
+	  * @return POP3 response
+	  * @throws exceptions::operation_timed_out if no data
+	  * has been received within the granted time
+	  */
+	static shared_ptr <POP3Response> readLargeResponse(
+		const shared_ptr <POP3Connection>& conn,
+		utility::outputStream& os,
+		utility::progressListener* progress,
+		const size_t predictedSize
+	);
+
+
+	/** Returns whether the response is successful ("OK").
+	  *
+	  * @return true if the response if successful, false otherwise
+	  */
+	bool isSuccess() const;
+
+	/** Return the POP3 response code.
+	  *
+	  * @return response code
+	  */
+	ResponseCode getCode() const;
+
+	/** Return the POP3 response text (first line).
+	  *
+	  * @return response text
+	  */
+	const string getText() const;
+
+	/** Return the first POP3 response line.
+	  *
+	  * @return first response line
+	  */
+	const string getFirstLine() const;
+
+	/** Return the response line at the specified position.
+	  *
+	  * @param pos line index
+	  * @return line at the specified index
+	  */
+	const string getLineAt(const size_t pos) const;
+
+	/** Return the number of lines in the response.
+	  *
+	  * @return number of lines in the response
+	  */
+	size_t getLineCount() const;
+
+private:
+
+	POP3Response(
+		const shared_ptr <socket>& sok,
+		const shared_ptr <timeoutHandler>& toh,
+		const shared_ptr <tracer>& tracer
+	);
+
+	void readResponseImpl(string& buffer, const bool multiLine);
+
+	size_t readResponseImpl(
+		string& firstLine,
+		utility::outputStream& os,
+		utility::progressListener* progress,
+		const size_t predictedSize
+	);
+
+
+	static bool stripFirstLine(const string& buffer, string& result, string* firstLine);
+
+	static ResponseCode getResponseCode(const string& buffer);
+
+	static void stripResponseCode(const string& buffer, string& result);
+
+	static bool checkTerminator(string& buffer, const bool multiLine);
+	static bool checkOneTerminator(string& buffer, const string& term);
+
+
+	shared_ptr <socket> m_socket;
+	shared_ptr <timeoutHandler> m_timeoutHandler;
+	shared_ptr <tracer> m_tracer;
+
+	string m_firstLine;
+	ResponseCode m_code;
+	string m_text;
+
+	std::vector <string> m_lines;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_SMTP_POP3RESPONSE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3SStore.cpp b/vmime-master/src/vmime/net/pop3/POP3SStore.cpp
new file mode 100644
index 0000000..81a50bc
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3SStore.cpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3SStore.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3SStore::POP3SStore(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth
+)
+	: POP3Store(sess, auth, true) {
+
+}
+
+
+POP3SStore::~POP3SStore() {
+
+}
+
+
+const string POP3SStore::getProtocolName() const {
+
+	return "pop3s";
+}
+
+
+
+// Service infos
+
+POP3ServiceInfos POP3SStore::sm_infos(true);
+
+
+const serviceInfos& POP3SStore::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& POP3SStore::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3SStore.hpp b/vmime-master/src/vmime/net/pop3/POP3SStore.hpp
new file mode 100644
index 0000000..76a6ee1
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3SStore.hpp
@@ -0,0 +1,74 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3SSTORE_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3SSTORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Store.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+/** POP3S store service.
+  */
+class VMIME_EXPORT POP3SStore : public POP3Store {
+
+public:
+
+	POP3SStore(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	~POP3SStore();
+
+	const string getProtocolName() const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+private:
+
+	static POP3ServiceInfos sm_infos;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3SSTORE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.cpp b/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.cpp
new file mode 100644
index 0000000..4deee74
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.cpp
@@ -0,0 +1,142 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3ServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3ServiceInfos::POP3ServiceInfos(const bool pop3s)
+	: m_pop3s(pop3s) {
+
+}
+
+
+const string POP3ServiceInfos::getPropertyPrefix() const {
+
+	if (m_pop3s) {
+		return "store.pop3s.";
+	} else {
+		return "store.pop3.";
+	}
+}
+
+
+const POP3ServiceInfos::props& POP3ServiceInfos::getProperties() const {
+
+	static props pop3Props = {
+		// POP3-specific options
+		property("options.apop", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.apop.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "110"),
+	};
+
+	static props pop3sProps = {
+
+		// POP3-specific options
+		property("options.apop", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.apop.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "true"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "995"),
+	};
+
+	return m_pop3s ? pop3sProps : pop3Props;
+}
+
+
+const std::vector <serviceInfos::property> POP3ServiceInfos::getAvailableProperties() const {
+
+	std::vector <property> list;
+	const props& p = getProperties();
+
+	// POP3-specific options
+	list.push_back(p.PROPERTY_OPTIONS_APOP);
+	list.push_back(p.PROPERTY_OPTIONS_APOP_FALLBACK);
+#if VMIME_HAVE_SASL_SUPPORT
+	list.push_back(p.PROPERTY_OPTIONS_SASL);
+	list.push_back(p.PROPERTY_OPTIONS_SASL_FALLBACK);
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// Common properties
+	list.push_back(p.PROPERTY_AUTH_USERNAME);
+	list.push_back(p.PROPERTY_AUTH_PASSWORD);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (!m_pop3s) {
+		list.push_back(p.PROPERTY_CONNECTION_TLS);
+		list.push_back(p.PROPERTY_CONNECTION_TLS_REQUIRED);
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	list.push_back(p.PROPERTY_SERVER_ADDRESS);
+	list.push_back(p.PROPERTY_SERVER_PORT);
+
+	return list;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.hpp b/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.hpp
new file mode 100644
index 0000000..590a6be
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3ServiceInfos.hpp
@@ -0,0 +1,91 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3SERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3SERVICEINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+/** Information about POP3 service.
+  */
+class VMIME_EXPORT POP3ServiceInfos : public serviceInfos {
+
+public:
+
+	POP3ServiceInfos(const bool pop3s);
+
+	struct props {
+		// POP3-specific options
+		serviceInfos::property PROPERTY_OPTIONS_APOP;
+		serviceInfos::property PROPERTY_OPTIONS_APOP_FALLBACK;
+#if VMIME_HAVE_SASL_SUPPORT
+		serviceInfos::property PROPERTY_OPTIONS_SASL;
+		serviceInfos::property PROPERTY_OPTIONS_SASL_FALLBACK;
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		// Common properties
+		serviceInfos::property PROPERTY_AUTH_USERNAME;
+		serviceInfos::property PROPERTY_AUTH_PASSWORD;
+
+#if VMIME_HAVE_TLS_SUPPORT
+		serviceInfos::property PROPERTY_CONNECTION_TLS;
+		serviceInfos::property PROPERTY_CONNECTION_TLS_REQUIRED;
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		serviceInfos::property PROPERTY_SERVER_ADDRESS;
+		serviceInfos::property PROPERTY_SERVER_PORT;
+	};
+
+	const props& getProperties() const;
+
+	const string getPropertyPrefix() const;
+	const std::vector <serviceInfos::property> getAvailableProperties() const;
+
+private:
+
+	const bool m_pop3s;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3SERVICEINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3Store.cpp b/vmime-master/src/vmime/net/pop3/POP3Store.cpp
new file mode 100644
index 0000000..b06640f
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Store.cpp
@@ -0,0 +1,262 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Store.hpp"
+#include "vmime/net/pop3/POP3Folder.hpp"
+#include "vmime/net/pop3/POP3Command.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+
+#include "vmime/exception.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+POP3Store::POP3Store(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth,
+	const bool secured
+)
+	: store(sess, getInfosInstance(), auth),
+	m_isPOP3S(secured) {
+
+}
+
+
+POP3Store::~POP3Store() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+const string POP3Store::getProtocolName() const {
+
+	return "pop3";
+}
+
+
+shared_ptr <folder> POP3Store::getDefaultFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <POP3Folder>(
+		new POP3Folder(
+			folder::path(folder::path::component("INBOX")),
+			dynamicCast <POP3Store>(shared_from_this())
+		)
+	);
+}
+
+
+shared_ptr <folder> POP3Store::getRootFolder() {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <POP3Folder>(
+		new POP3Folder(
+			folder::path(),
+			dynamicCast <POP3Store>(shared_from_this())
+		)
+	);
+}
+
+
+shared_ptr <folder> POP3Store::getFolder(const folder::path& path) {
+
+	if (!isConnected()) {
+		throw exceptions::illegal_state("Not connected");
+	}
+
+	return shared_ptr <POP3Folder>(
+		new POP3Folder(
+			path,
+			dynamicCast <POP3Store>(shared_from_this())
+		)
+	);
+}
+
+
+bool POP3Store::isValidFolderName(const folder::path::component& /* name */) const {
+
+	return true;
+}
+
+
+void POP3Store::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	m_connection = make_shared <POP3Connection>(
+		dynamicCast <POP3Store>(shared_from_this()), getAuthenticator()
+	);
+
+	m_connection->connect();
+}
+
+
+bool POP3Store::isPOP3S() const {
+
+	return m_isPOP3S;
+}
+
+
+bool POP3Store::isConnected() const {
+
+	return m_connection && m_connection->isConnected();
+}
+
+
+bool POP3Store::isSecuredConnection() const {
+
+	if (!m_connection) {
+		return false;
+	}
+
+	return m_connection->isSecuredConnection();
+}
+
+
+shared_ptr <connectionInfos> POP3Store::getConnectionInfos() const {
+
+	if (!m_connection) {
+		return null;
+	}
+
+	return m_connection->getConnectionInfos();
+}
+
+
+shared_ptr <POP3Connection> POP3Store::getConnection() {
+
+	return m_connection;
+}
+
+
+void POP3Store::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	for (std::list <POP3Folder*>::iterator it = m_folders.begin() ;
+	     it != m_folders.end() ; ++it) {
+
+		(*it)->onStoreDisconnected();
+	}
+
+	m_folders.clear();
+
+
+	m_connection->disconnect();
+	m_connection = null;
+}
+
+
+void POP3Store::noop() {
+
+	if (!m_connection) {
+		throw exceptions::not_connected();
+	}
+
+	POP3Command::NOOP()->send(m_connection);
+
+	shared_ptr <POP3Response> response = POP3Response::readResponse(m_connection);
+
+	if (!response->isSuccess()) {
+		throw exceptions::command_error("NOOP", response->getFirstLine());
+	}
+}
+
+
+void POP3Store::registerFolder(POP3Folder* folder) {
+
+	m_folders.push_back(folder);
+}
+
+
+void POP3Store::unregisterFolder(POP3Folder* folder) {
+
+	std::list <POP3Folder*>::iterator it = std::find(m_folders.begin(), m_folders.end(), folder);
+
+	if (it != m_folders.end()) {
+		m_folders.erase(it);
+	}
+}
+
+
+int POP3Store::getCapabilities() const {
+
+	return CAPABILITY_DELETE_MESSAGE;
+}
+
+
+
+// Service infos
+
+POP3ServiceInfos POP3Store::sm_infos(false);
+
+
+const serviceInfos& POP3Store::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& POP3Store::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3Store.hpp b/vmime-master/src/vmime/net/pop3/POP3Store.hpp
new file mode 100644
index 0000000..140a1ab
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Store.hpp
@@ -0,0 +1,120 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3STORE_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3STORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/store.hpp"
+
+#include "vmime/net/pop3/POP3ServiceInfos.hpp"
+#include "vmime/net/pop3/POP3Connection.hpp"
+
+#include "vmime/utility/stream.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+class POP3Folder;
+class POP3Command;
+class POP3Response;
+
+
+/** POP3 store service.
+  */
+class VMIME_EXPORT POP3Store : public store {
+
+	friend class POP3Folder;
+	friend class POP3Message;
+
+public:
+
+	POP3Store(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth,
+		const bool secured = false
+	);
+
+	~POP3Store();
+
+	const string getProtocolName() const;
+
+	shared_ptr <folder> getDefaultFolder();
+	shared_ptr <folder> getRootFolder();
+	shared_ptr <folder> getFolder(const folder::path& path);
+
+	bool isValidFolderName(const folder::path::component& name) const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+	void noop();
+
+	int getCapabilities() const;
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+	shared_ptr <POP3Connection> getConnection();
+
+	bool isPOP3S() const;
+
+private:
+
+	shared_ptr <POP3Connection> m_connection;
+
+
+	void registerFolder(POP3Folder* folder);
+	void unregisterFolder(POP3Folder* folder);
+
+	std::list <POP3Folder*> m_folders;
+
+
+	const bool m_isPOP3S;
+
+
+	// Service infos
+	static POP3ServiceInfos sm_infos;
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3STORE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/pop3/POP3Utils.cpp b/vmime-master/src/vmime/net/pop3/POP3Utils.cpp
new file mode 100644
index 0000000..b38161e
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Utils.cpp
@@ -0,0 +1,135 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include "vmime/net/pop3/POP3Utils.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+// static
+void POP3Utils::parseMultiListOrUidlResponse(
+	const shared_ptr <POP3Response>& response,
+	std::map <size_t, string>& result
+) {
+
+	std::map <size_t, string> ids;
+
+	for (size_t i = 0, n = response->getLineCount() ; i < n ; ++i) {
+
+		string line = response->getLineAt(i);
+		string::iterator it = line.begin();
+
+		while (it != line.end() && (*it == ' ' || *it == '\t')) {
+			++it;
+		}
+
+		if (it != line.end()) {
+
+			size_t number = 0;
+
+			while (it != line.end() && (*it >= '0' && *it <= '9')) {
+				number = (number * 10) + (*it - '0');
+				++it;
+			}
+
+			while (it != line.end() && !(*it == ' ' || *it == '\t')) ++it;
+			while (it != line.end() && (*it == ' ' || *it == '\t')) ++it;
+
+			if (it != line.end()) {
+				result.insert(std::map <size_t, string>::value_type(number, string(it, line.end())));
+			}
+		}
+	}
+}
+
+
+
+class POP3MessageSetEnumerator : public messageSetEnumerator {
+
+public:
+
+	POP3MessageSetEnumerator(const size_t msgCount)
+		: m_msgCount(msgCount) {
+
+	}
+
+	void enumerateNumberMessageRange(const vmime::net::numberMessageRange& range) {
+
+		size_t last = range.getLast();
+
+		if (last == size_t(-1)) {
+			last = m_msgCount;
+		}
+
+		for (size_t i = range.getFirst() ; i <= last ; ++i) {
+			list.push_back(i);
+		}
+	}
+
+	void enumerateUIDMessageRange(const vmime::net::UIDMessageRange& /* range */) {
+
+		// Not supported
+	}
+
+public:
+
+	std::vector <size_t> list;
+
+private:
+
+	size_t m_msgCount;
+};
+
+
+// static
+const std::vector <size_t> POP3Utils::messageSetToNumberList(
+	const messageSet& msgs,
+	const size_t msgCount
+) {
+
+	POP3MessageSetEnumerator en(msgCount);
+	msgs.enumerate(en);
+
+	return en.list;
+}
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
diff --git a/vmime-master/src/vmime/net/pop3/POP3Utils.hpp b/vmime-master/src/vmime/net/pop3/POP3Utils.hpp
new file mode 100644
index 0000000..09d15d5
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/POP3Utils.hpp
@@ -0,0 +1,92 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3UTILS_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3UTILS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+
+#include <map>
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/messageSet.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace pop3 {
+
+
+class POP3Response;
+
+
+class VMIME_EXPORT POP3Utils {
+
+public:
+
+	/** Parse a response of type ([integer] [string] \n)*.
+	  * This is used in LIST or UIDL commands:
+	  *
+	  *    C: UIDL
+	  *    S: +OK
+	  *    S: 1 whqtswO00WBw418f9t5JxYwZ
+	  *    S: 2 QhdPYR:00WBw1Ph7x7
+	  *    S: .
+	  *
+	  * @param response raw response string as returned by the server
+	  * @param result points to an associative array which maps a message
+	  * number to its corresponding data (either UID or size)
+	  */
+	static void parseMultiListOrUidlResponse(
+		const shared_ptr <POP3Response>& response,
+		std::map <size_t, string>& result
+	);
+
+	/** Returns a list of message numbers given a message set.
+	  *
+	  * @param msgs message set
+	  * @param msgCount number of messages in folder
+	  * @return list of message numbers
+	  */
+	static const std::vector <size_t> messageSetToNumberList(
+		const messageSet& msgs,
+		const size_t msgCount
+	);
+};
+
+
+} // pop3
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_POP3
+
+#endif // VMIME_NET_POP3_POP3UTILS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/pop3/pop3.hpp b/vmime-master/src/vmime/net/pop3/pop3.hpp
new file mode 100644
index 0000000..ced3a97
--- /dev/null
+++ b/vmime-master/src/vmime/net/pop3/pop3.hpp
@@ -0,0 +1,35 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_POP3_POP3_HPP_INCLUDED
+#define VMIME_NET_POP3_POP3_HPP_INCLUDED
+
+
+#include "vmime/net/pop3/POP3Folder.hpp"
+#include "vmime/net/pop3/POP3FolderStatus.hpp"
+#include "vmime/net/pop3/POP3Message.hpp"
+#include "vmime/net/pop3/POP3Store.hpp"
+#include "vmime/net/pop3/POP3SStore.hpp"
+
+
+#endif // VMIME_NET_POP3_POP3_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/securedConnectionInfos.hpp b/vmime-master/src/vmime/net/securedConnectionInfos.hpp
new file mode 100644
index 0000000..6025801
--- /dev/null
+++ b/vmime-master/src/vmime/net/securedConnectionInfos.hpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SECUREDCONNECTIONINFOS_HPP_INCLUDED
+#define VMIME_NET_SECUREDCONNECTIONINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/connectionInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Information about the secured connection used by a service.
+  */
+class VMIME_EXPORT securedConnectionInfos : public connectionInfos {
+
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SECUREDCONNECTIONINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/sendmail/sendmail.hpp b/vmime-master/src/vmime/net/sendmail/sendmail.hpp
new file mode 100644
index 0000000..a8d1412
--- /dev/null
+++ b/vmime-master/src/vmime/net/sendmail/sendmail.hpp
@@ -0,0 +1,31 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SENDMAIL_SENDMAIL_HPP_INCLUDED
+#define VMIME_NET_SENDMAIL_SENDMAIL_HPP_INCLUDED
+
+
+#include "vmime/net/sendmail/sendmailTransport.hpp"
+
+
+#endif // VMIME_NET_SENDMAIL_SENDMAIL_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.cpp b/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.cpp
new file mode 100644
index 0000000..b865446
--- /dev/null
+++ b/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.cpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+
+#include "vmime/net/sendmail/sendmailServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace sendmail {
+
+
+sendmailServiceInfos::sendmailServiceInfos() {
+
+}
+
+
+const string sendmailServiceInfos::getPropertyPrefix() const {
+
+	return "transport.sendmail.";
+}
+
+
+const sendmailServiceInfos::props& sendmailServiceInfos::getProperties() const {
+
+	static props sendmailProps = {
+		// Path to sendmail (override default)
+		property("binpath", serviceInfos::property::TYPE_STRING, string(VMIME_SENDMAIL_PATH))
+	};
+
+	return sendmailProps;
+}
+
+
+const std::vector <serviceInfos::property> sendmailServiceInfos::getAvailableProperties() const {
+
+	std::vector <property> list;
+	const props& p = getProperties();
+
+	list.push_back(p.PROPERTY_BINPATH);
+
+	return list;
+}
+
+
+} // sendmail
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
diff --git a/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.hpp b/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.hpp
new file mode 100644
index 0000000..bfec2e0
--- /dev/null
+++ b/vmime-master/src/vmime/net/sendmail/sendmailServiceInfos.hpp
@@ -0,0 +1,69 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SENDMAIL_SENDMAILSERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_SENDMAIL_SENDMAILSERVICEINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace sendmail {
+
+
+/** Information about sendmail service.
+  */
+class VMIME_EXPORT sendmailServiceInfos : public serviceInfos {
+
+public:
+
+	sendmailServiceInfos();
+
+	struct props {
+		serviceInfos::property PROPERTY_BINPATH;
+	};
+
+	const props& getProperties() const;
+
+	const string getPropertyPrefix() const;
+	const std::vector <serviceInfos::property> getAvailableProperties() const;
+};
+
+
+} // sendmail
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+#endif // VMIME_NET_SENDMAIL_SENDMAILSERVICEINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/sendmail/sendmailTransport.cpp b/vmime-master/src/vmime/net/sendmail/sendmailTransport.cpp
new file mode 100644
index 0000000..7010fd8
--- /dev/null
+++ b/vmime-master/src/vmime/net/sendmail/sendmailTransport.cpp
@@ -0,0 +1,244 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+
+#include "vmime/net/sendmail/sendmailTransport.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+#include "vmime/message.hpp"
+#include "vmime/mailboxList.hpp"
+
+#include "vmime/utility/filteredStream.hpp"
+#include "vmime/utility/childProcess.hpp"
+
+#include "vmime/utility/streamUtils.hpp"
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+#include "vmime/config.hpp"
+
+
+// Helpers for service properties
+#define GET_PROPERTY(type, prop) \
+	(getInfos().getPropertyValue <type>(getSession(), \
+		dynamic_cast <const sendmailServiceInfos&>(getInfos()).getProperties().prop))
+#define HAS_PROPERTY(prop) \
+	(getInfos().hasProperty(getSession(), \
+		dynamic_cast <const sendmailServiceInfos&>(getInfos()).getProperties().prop))
+
+
+namespace vmime {
+namespace net {
+namespace sendmail {
+
+
+sendmailTransport::sendmailTransport(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth
+)
+	: transport(sess, getInfosInstance(), auth),
+	  m_connected(false) {
+
+}
+
+
+sendmailTransport::~sendmailTransport() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+const string sendmailTransport::getProtocolName() const {
+
+	return "sendmail";
+}
+
+
+void sendmailTransport::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	// Use the specified path for 'sendmail' or a default one if no path is specified
+	m_sendmailPath = GET_PROPERTY(string, PROPERTY_BINPATH);
+
+	m_connected = true;
+}
+
+
+bool sendmailTransport::isConnected() const {
+
+	return m_connected;
+}
+
+
+bool sendmailTransport::isSecuredConnection() const {
+
+	return false;
+}
+
+
+shared_ptr <connectionInfos> sendmailTransport::getConnectionInfos() const {
+
+	return make_shared <defaultConnectionInfos>("localhost", static_cast <port_t>(0));
+}
+
+
+void sendmailTransport::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	internalDisconnect();
+}
+
+
+void sendmailTransport::internalDisconnect() {
+
+	m_connected = false;
+}
+
+
+void sendmailTransport::noop() {
+
+	// Do nothing
+}
+
+
+void sendmailTransport::send(
+	const mailbox& expeditor,
+	const mailboxList& recipients,
+	utility::inputStream& is,
+	const size_t size,
+	utility::progressListener* progress,
+	const mailbox& sender,
+	const dsnAttributes& /*dsnAttrs*/
+) {
+
+	// If no recipient/expeditor was found, throw an exception
+	if (recipients.isEmpty()) {
+		throw exceptions::no_recipient();
+	} else if (expeditor.isEmpty()) {
+		throw exceptions::no_expeditor();
+	}
+
+	// Construct the argument list
+	std::vector <string> args;
+
+	args.push_back("-i");
+	args.push_back("-f");
+
+	if (!sender.isEmpty()) {
+		args.push_back(expeditor.getEmail().generate());
+	} else {
+		args.push_back(sender.getEmail().generate());
+	}
+
+	args.push_back("--");
+
+	for (size_t i = 0 ; i < recipients.getMailboxCount() ; ++i) {
+		args.push_back(recipients.getMailboxAt(i)->getEmail().generate());
+	}
+
+	// Call sendmail
+	try {
+		internalSend(args, is, size, progress);
+	} catch (vmime::exception& e) {
+		throw exceptions::command_error("SEND", "", "sendmail failed", e);
+	}
+}
+
+
+void sendmailTransport::internalSend(
+	const std::vector <string>& args,
+	utility::inputStream& is,
+	const size_t size,
+	utility::progressListener* progress
+) {
+
+	const utility::file::path path = vmime::platform::getHandler()->
+		getFileSystemFactory()->stringToPath(m_sendmailPath);
+
+	shared_ptr <utility::childProcess> proc =
+		vmime::platform::getHandler()->getChildProcessFactory()->create(path);
+
+	proc->start(args, utility::childProcess::FLAG_REDIRECT_STDIN);
+
+	// Copy message data from input stream to output pipe
+	utility::outputStream& os = *(proc->getStdIn());
+
+	// Workaround for lame sendmail implementations that
+	// can't handle CRLF eoln sequences: we transform CRLF
+	// sequences into LF characters.
+	utility::CRLFToLFFilteredOutputStream fos(os);
+
+	// TODO: remove 'Bcc:' field from message header
+
+	utility::bufferedStreamCopy(is, fos, size, progress);
+
+	// Wait for sendmail to exit
+	proc->waitForFinish();
+}
+
+
+// Service infos
+
+sendmailServiceInfos sendmailTransport::sm_infos;
+
+
+const serviceInfos& sendmailTransport::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& sendmailTransport::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // sendmail
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
diff --git a/vmime-master/src/vmime/net/sendmail/sendmailTransport.hpp b/vmime-master/src/vmime/net/sendmail/sendmailTransport.hpp
new file mode 100644
index 0000000..ce2cfe9
--- /dev/null
+++ b/vmime-master/src/vmime/net/sendmail/sendmailTransport.hpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SENDMAIL_SENDMAILTRANSPORT_HPP_INCLUDED
+#define VMIME_NET_SENDMAIL_SENDMAILTRANSPORT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+
+#include "vmime/net/transport.hpp"
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+#include "vmime/net/sendmail/sendmailServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace sendmail {
+
+
+/** Sendmail local transport service.
+  */
+class VMIME_EXPORT sendmailTransport : public transport {
+
+public:
+
+	sendmailTransport(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	~sendmailTransport();
+
+	const string getProtocolName() const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+	void noop();
+
+	void send(
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		utility::inputStream& is,
+		const size_t size,
+		utility::progressListener* progress = NULL,
+		const mailbox& sender = mailbox(),
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+
+private:
+
+	void internalDisconnect();
+
+	void internalSend(
+		const std::vector <string>& args,
+		utility::inputStream& is,
+		const size_t size,
+		utility::progressListener* progress
+	);
+
+
+	string m_sendmailPath;
+
+	bool m_connected;
+
+
+	// Service infos
+	static sendmailServiceInfos sm_infos;
+};
+
+
+} // sendmail
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SENDMAIL
+
+#endif // VMIME_NET_SENDMAIL_SENDMAILTRANSPORT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/service.cpp b/vmime-master/src/vmime/net/service.cpp
new file mode 100644
index 0000000..b43c3e2
--- /dev/null
+++ b/vmime-master/src/vmime/net/service.cpp
@@ -0,0 +1,170 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/service.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/net/defaultTimeoutHandler.hpp"
+
+#if VMIME_HAVE_SASL_SUPPORT
+	#include "vmime/security/sasl/defaultSASLAuthenticator.hpp"
+#else
+	#include "vmime/security/defaultAuthenticator.hpp"
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "vmime/security/cert/defaultCertificateVerifier.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+namespace vmime {
+namespace net {
+
+
+service::service(
+	const shared_ptr <session>& sess,
+	const serviceInfos& /* infos */,
+    const shared_ptr <security::authenticator>& auth
+)
+	: m_session(sess),
+	  m_auth(auth) {
+
+	if (!auth) {
+
+#if VMIME_HAVE_SASL_SUPPORT
+		m_auth = make_shared <security::sasl::defaultSASLAuthenticator>();
+#else
+		m_auth = make_shared <security::defaultAuthenticator>();
+#endif // VMIME_HAVE_SASL_SUPPORT
+	}
+
+#if VMIME_HAVE_TLS_SUPPORT
+	m_certVerifier = make_shared <security::cert::defaultCertificateVerifier>();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	m_socketFactory = platform::getHandler()->getSocketFactory();
+
+	m_toHandlerFactory = make_shared <defaultTimeoutHandlerFactory>();
+}
+
+
+service::~service() {
+
+}
+
+
+shared_ptr <const session> service::getSession() const {
+
+	return m_session;
+}
+
+
+shared_ptr <session> service::getSession() {
+
+	return m_session;
+}
+
+
+shared_ptr <const security::authenticator> service::getAuthenticator() const {
+
+	return m_auth;
+}
+
+
+shared_ptr <security::authenticator> service::getAuthenticator() {
+
+	return m_auth;
+}
+
+
+void service::setAuthenticator(const shared_ptr <security::authenticator>& auth) {
+
+	m_auth = auth;
+}
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+void service::setCertificateVerifier(const shared_ptr <security::cert::certificateVerifier>& cv) {
+
+	m_certVerifier = cv;
+}
+
+
+shared_ptr <security::cert::certificateVerifier> service::getCertificateVerifier() {
+
+	return m_certVerifier;
+}
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+void service::setSocketFactory(const shared_ptr <socketFactory>& sf) {
+
+	m_socketFactory = sf;
+}
+
+
+shared_ptr <socketFactory> service::getSocketFactory() {
+
+	return m_socketFactory;
+}
+
+
+void service::setTracerFactory(const shared_ptr <tracerFactory>& tf) {
+
+	m_tracerFactory = tf;
+}
+
+
+shared_ptr <tracerFactory> service::getTracerFactory() {
+
+	return m_tracerFactory;
+}
+
+
+void service::setTimeoutHandlerFactory(const shared_ptr <timeoutHandlerFactory>& thf) {
+
+	m_toHandlerFactory = thf;
+}
+
+
+shared_ptr <timeoutHandlerFactory> service::getTimeoutHandlerFactory() {
+
+	return m_toHandlerFactory;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/service.hpp b/vmime-master/src/vmime/net/service.hpp
new file mode 100644
index 0000000..a1869de
--- /dev/null
+++ b/vmime-master/src/vmime/net/service.hpp
@@ -0,0 +1,239 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SERVICE_HPP_INCLUDED
+#define VMIME_NET_SERVICE_HPP_INCLUDED
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/session.hpp"
+
+#include "vmime/net/serviceInfos.hpp"
+#include "vmime/net/connectionInfos.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/tracer.hpp"
+
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "vmime/security/cert/certificateVerifier.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Base class for messaging services.
+  */
+class VMIME_EXPORT service : public object, public enable_shared_from_this <service> {
+
+protected:
+
+	service(
+		const shared_ptr <session>& sess,
+		const serviceInfos& infos,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+public:
+
+	virtual ~service();
+
+	/** Possible service types. */
+	enum Type {
+		TYPE_STORE = 0,    /**< The service is a message store. */
+		TYPE_TRANSPORT     /**< The service sends messages. */
+	};
+
+	/** Return the type of service.
+	  *
+	  * @return type of service
+	  */
+	virtual Type getType() const = 0;
+
+	/** Return the protocol name of this service.
+	  *
+	  * @return protocol name
+	  */
+	virtual const string getProtocolName() const = 0;
+
+	/** Return the session object associated with this service instance.
+	  *
+	  * @return session object
+	  */
+	shared_ptr <const session> getSession() const;
+
+	/** Return the session object associated with this service instance.
+	  *
+	  * @return session object
+	  */
+	shared_ptr <session> getSession();
+
+	/** Return information about this service.
+	  *
+	  * @return information about the service
+	  */
+	virtual const serviceInfos& getInfos() const = 0;
+
+	/** Connect to service.
+	  */
+	virtual void connect() = 0;
+
+	/** Disconnect from service.
+	  */
+	virtual void disconnect() = 0;
+
+	/** Test whether this service is connected.
+	  *
+	  * @return true if the service is connected, false otherwise
+	  */
+	virtual bool isConnected() const = 0;
+
+	/** Do nothing but ensure the server do not disconnect (for
+	  * example, this can reset the auto-logout timer on the
+	  * server, if one exists).
+	  */
+	virtual void noop() = 0;
+
+	/** Return the authenticator object used with this service instance.
+	  *
+	  * @return authenticator object
+	  */
+	shared_ptr <const security::authenticator> getAuthenticator() const;
+
+	/** Return the authenticator object used with this service instance.
+	  *
+	  * @return authenticator object
+	  */
+	shared_ptr <security::authenticator> getAuthenticator();
+
+	/** Set the authenticator object used with this service instance.
+	  *
+	  * @param auth authenticator object
+	  */
+	void setAuthenticator(const shared_ptr <security::authenticator>& auth);
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+	/** Set the object responsible for verifying certificates when
+	  * using secured connections (TLS/SSL).
+	  */
+	void setCertificateVerifier(const shared_ptr <security::cert::certificateVerifier>& cv);
+
+	/** Get the object responsible for verifying certificates when
+	  * using secured connections (TLS/SSL).
+	  */
+	shared_ptr <security::cert::certificateVerifier> getCertificateVerifier();
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	/** Set the factory used to create socket objects for this
+	  * service.
+	  *
+	  * @param sf socket factory
+	  */
+	void setSocketFactory(const shared_ptr <socketFactory>& sf);
+
+	/** Return the factory used to create socket objects for this
+	  * service.
+	  *
+	  * @return socket factory
+	  */
+	shared_ptr <socketFactory> getSocketFactory();
+
+	/** Set the factory used to create timeoutHandler objects for
+	  * this service. By default, the defaultTimeoutHandler class
+	  * is used. Not all services support timeout handling.
+	  *
+	  * @param thf timeoutHandler factory
+	  */
+	void setTimeoutHandlerFactory(const shared_ptr <timeoutHandlerFactory>& thf);
+
+	/** Return the factory used to create timeoutHandler objects for
+	  * this service.
+	  *
+	  * @return timeoutHandler factory
+	  */
+	shared_ptr <timeoutHandlerFactory> getTimeoutHandlerFactory();
+
+
+	void setTracerFactory(const shared_ptr <tracerFactory>& tf);
+
+	shared_ptr <tracerFactory> getTracerFactory();
+
+	/** Set a property for this service (service prefix is added automatically).
+	  *
+	  * WARNING: this sets the property on the session object, so all service
+	  * instances created with the session object will inherit the property.
+	  *
+	  * @param name property name
+	  * @param value property value
+	  */
+	template <typename TYPE>
+	void setProperty(const string& name, const TYPE& value) {
+		m_session->getProperties()[getInfos().getPropertyPrefix() + name] = value;
+	}
+
+	/** Check whether the connection is secured.
+	  *
+	  * @return true if the connection is secured, false otherwise
+	  */
+	virtual bool isSecuredConnection() const = 0;
+
+	/** Get information about the connection.
+	  *
+	  * @return information about the connection
+	  */
+	virtual shared_ptr <connectionInfos> getConnectionInfos() const = 0;
+
+private:
+
+	shared_ptr <session> m_session;
+	shared_ptr <security::authenticator> m_auth;
+
+#if VMIME_HAVE_TLS_SUPPORT
+	shared_ptr <security::cert::certificateVerifier> m_certVerifier;
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	shared_ptr <socketFactory> m_socketFactory;
+	shared_ptr <timeoutHandlerFactory> m_toHandlerFactory;
+	shared_ptr <tracerFactory> m_tracerFactory;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SERVICE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/serviceFactory.cpp b/vmime-master/src/vmime/net/serviceFactory.cpp
new file mode 100644
index 0000000..72b96fe
--- /dev/null
+++ b/vmime-master/src/vmime/net/serviceFactory.cpp
@@ -0,0 +1,157 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/serviceFactory.hpp"
+#include "vmime/net/service.hpp"
+
+#include "vmime/exception.hpp"
+
+#include "vmime/net/builtinServices.inl"
+
+
+namespace vmime {
+namespace net {
+
+
+serviceFactory::serviceFactory() {
+
+}
+
+
+serviceFactory::~serviceFactory() {
+
+}
+
+
+shared_ptr <serviceFactory> serviceFactory::getInstance() {
+
+	static serviceFactory instance;
+	return shared_ptr <serviceFactory>(&instance, noop_shared_ptr_deleter <serviceFactory>());
+}
+
+
+shared_ptr <service> serviceFactory::create(
+	const shared_ptr <session>& sess,
+	const string& protocol,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <const registeredService> rserv = getServiceByProtocol(protocol);
+
+	if (!rserv) {
+		throw exceptions::no_factory_available("No service is registered for protocol '" + protocol + "'.");
+	}
+
+	return rserv->create(sess, auth);
+}
+
+
+shared_ptr <service> serviceFactory::create(
+	const shared_ptr <session>& sess,
+	const utility::url& u,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <service> serv = create(sess, u.getProtocol(), auth);
+
+	sess->getProperties()[serv->getInfos().getPropertyPrefix() + "server.address"] = u.getHost();
+
+	if (u.getPort() != utility::url::UNSPECIFIED_PORT) {
+		sess->getProperties()[serv->getInfos().getPropertyPrefix() + "server.port"] = u.getPort();
+	}
+
+	// Path portion of the URL is used to point a specific folder (empty = root).
+	// In maildir, this is used to point to the root of the message repository.
+	if (!u.getPath().empty()) {
+		sess->getProperties()[serv->getInfos().getPropertyPrefix() + "server.rootpath"] = u.getPath();
+	}
+
+	if (!u.getUsername().empty()) {
+		sess->getProperties()[serv->getInfos().getPropertyPrefix() + "auth.username"] = u.getUsername();
+		sess->getProperties()[serv->getInfos().getPropertyPrefix() + "auth.password"] = u.getPassword();
+	}
+
+	return serv;
+}
+
+
+shared_ptr <const serviceFactory::registeredService> serviceFactory::getServiceByProtocol(const string& protocol) const {
+
+	const string name(utility::stringUtils::toLower(protocol));
+
+	for (std::vector <shared_ptr <registeredService> >::const_iterator it = m_services.begin() ;
+	     it != m_services.end() ; ++it) {
+
+		if ((*it)->getName() == name) {
+			return (*it);
+		}
+	}
+
+	return null;
+}
+
+
+size_t serviceFactory::getServiceCount() const {
+
+	return m_services.size();
+}
+
+
+shared_ptr <const serviceFactory::registeredService> serviceFactory::getServiceAt(const size_t pos) const {
+
+	return m_services[pos];
+}
+
+
+const std::vector <shared_ptr <const serviceFactory::registeredService> > serviceFactory::getServiceList() const {
+
+	std::vector <shared_ptr <const registeredService> > res;
+
+	for (std::vector <shared_ptr <registeredService> >::const_iterator it = m_services.begin() ;
+	     it != m_services.end() ; ++it) {
+
+		res.push_back(*it);
+	}
+
+	return (res);
+}
+
+
+void serviceFactory::registerService(const shared_ptr <registeredService>& reg) {
+
+	m_services.push_back(reg);
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/serviceFactory.hpp b/vmime-master/src/vmime/net/serviceFactory.hpp
new file mode 100644
index 0000000..8911e08
--- /dev/null
+++ b/vmime-master/src/vmime/net/serviceFactory.hpp
@@ -0,0 +1,168 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SERVICEFACTORY_HPP_INCLUDED
+#define VMIME_NET_SERVICEFACTORY_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <map>
+
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/url.hpp"
+
+#include "vmime/net/service.hpp"
+#include "vmime/net/serviceInfos.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+#include "vmime/security/authenticator.hpp"
+
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class session;
+
+
+/** A factory to create 'service' objects for a specified protocol.
+  */
+
+class VMIME_EXPORT serviceFactory {
+
+private:
+
+	serviceFactory();
+	~serviceFactory();
+
+public:
+
+	static shared_ptr <serviceFactory> getInstance();
+
+	/** Information about a registered service. */
+	class registeredService : public object {
+
+		friend class serviceFactory;
+
+	protected:
+
+		virtual ~registeredService() { }
+
+	public:
+
+		virtual shared_ptr <service> create(
+			const shared_ptr <session>& sess,
+			const shared_ptr <security::authenticator>& auth
+		) const = 0;
+
+		virtual int getType() const = 0;
+		virtual const string& getName() const = 0;
+		virtual const serviceInfos& getInfos() const = 0;
+	};
+
+
+	/** Register a new service by its protocol name.
+	  *
+	  * @param reg service registration infos
+	  */
+	void registerService(const shared_ptr <registeredService>& reg);
+
+	/** Create a new service instance from a protocol name.
+	  *
+	  * @param sess session
+	  * @param protocol protocol name (eg. "pop3")
+	  * @param auth authenticator used to provide credentials (can be NULL if not used)
+	  * @return a new service instance for the specified protocol, or NULL if no service
+	  * is registered for this protocol
+	  */
+	shared_ptr <service> create(
+		const shared_ptr <session>& sess,
+		const string& protocol,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Create a new service instance from a URL.
+	  *
+	  * @param sess session
+	  * @param u full URL with at least protocol and server (you can also specify
+	  * port, username and password)
+	  * @param auth authenticator used to provide credentials (can be NULL if not used)
+	  * @return a new service instance for the specified protocol or NULL if no service
+	  * is registered for this protocol
+	  */
+	shared_ptr <service> create(
+		const shared_ptr <session>& sess,
+		const utility::url& u,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return information about a registered protocol.
+	  *
+	  * @param protocol protocol name
+	  * @return information about this protocol, or NULL if no service is registered
+	  * for this protocol
+	  */
+	shared_ptr <const registeredService> getServiceByProtocol(const string& protocol) const;
+
+	/** Return the number of registered services.
+	  *
+	  * @return number of registered services
+	  */
+	size_t getServiceCount() const;
+
+	/** Return the registered service at the specified position.
+	  *
+	  * @param pos position of the registered service to return
+	  * @return registered service at the specified position
+	  */
+	shared_ptr <const registeredService> getServiceAt(const size_t pos) const;
+
+	/** Return a list of all registered services.
+	  *
+	  * @return list of registered services
+	  */
+	const std::vector <shared_ptr <const registeredService> > getServiceList() const;
+
+private:
+
+	std::vector <shared_ptr <registeredService> > m_services;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SERVICEFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/serviceInfos.cpp b/vmime-master/src/vmime/net/serviceInfos.cpp
new file mode 100644
index 0000000..2c7b044
--- /dev/null
+++ b/vmime-master/src/vmime/net/serviceInfos.cpp
@@ -0,0 +1,198 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+// Common properties
+const serviceInfos::property serviceInfos::property::SERVER_ADDRESS(
+	"server.address",
+	serviceInfos::property::TYPE_STRING
+);
+
+const serviceInfos::property serviceInfos::property::SERVER_PORT(
+	"server.port",
+	serviceInfos::property::TYPE_INTEGER
+);
+
+const serviceInfos::property serviceInfos::property::SERVER_ROOTPATH(
+	"server.rootpath",
+	serviceInfos::property::TYPE_STRING
+);
+
+const serviceInfos::property serviceInfos::property::AUTH_USERNAME(
+	"auth.username",
+	serviceInfos::property::TYPE_STRING
+);
+
+const serviceInfos::property serviceInfos::property::AUTH_PASSWORD(
+	"auth.password",
+	serviceInfos::property::TYPE_STRING
+);
+
+const serviceInfos::property serviceInfos::property::AUTH_ACCESS_TOKEN(
+	"auth.accesstoken",
+	serviceInfos::property::TYPE_STRING
+);
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+const serviceInfos::property serviceInfos::property::CONNECTION_TLS(
+	"connection.tls",
+	serviceInfos::property::TYPE_BOOLEAN,
+	"false"
+);
+
+const serviceInfos::property serviceInfos::property::CONNECTION_TLS_REQUIRED(
+	"connection.tls.required",
+	serviceInfos::property::TYPE_BOOLEAN,
+	"false"
+);
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+
+// serviceInfos
+
+serviceInfos::serviceInfos() {
+
+}
+
+
+serviceInfos::serviceInfos(const serviceInfos&) {
+
+}
+
+
+serviceInfos& serviceInfos::operator=(const serviceInfos&) {
+
+	return *this;
+}
+
+
+serviceInfos::~serviceInfos() {
+
+}
+
+
+bool serviceInfos::hasProperty(const shared_ptr <session>& s, const property& p) const {
+	return s->getProperties().hasProperty(getPropertyPrefix() + p.getName());
+}
+
+
+
+// serviceInfos::property
+
+serviceInfos::property::property(
+	const string& name,
+	const Types type,
+	const string& defaultValue,
+	const int flags
+)
+	: m_name(name),
+	  m_defaultValue(defaultValue),
+	  m_type(type),
+	  m_flags(flags) {
+
+}
+
+
+serviceInfos::property::property(
+	const property& p,
+	const int addFlags,
+	const int removeFlags
+) {
+
+	m_name = p.m_name;
+	m_type = p.m_type;
+	m_defaultValue = p.m_defaultValue;
+	m_flags = (p.m_flags | addFlags) & ~removeFlags;
+}
+
+
+serviceInfos::property::property(
+	const property& p,
+	const string& newDefaultValue,
+	const int addFlags,
+	const int removeFlags
+) {
+
+	m_name = p.m_name;
+	m_type = p.m_type;
+	m_defaultValue = newDefaultValue;
+	m_flags = (p.m_flags | addFlags) & ~removeFlags;
+}
+
+
+serviceInfos::property& serviceInfos::property::operator=(const property& p) {
+
+	m_name = p.m_name;
+	m_type = p.m_type;
+	m_defaultValue = p.m_defaultValue;
+	m_flags = p.m_flags;
+
+	return *this;
+}
+
+
+const string& serviceInfos::property::getName() const {
+
+	return m_name;
+}
+
+
+const string& serviceInfos::property::getDefaultValue() const {
+
+	return m_defaultValue;
+}
+
+
+serviceInfos::property::Types serviceInfos::property::getType() const {
+
+	return m_type;
+}
+
+
+int serviceInfos::property::getFlags() const {
+
+	return m_flags;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/serviceInfos.hpp b/vmime-master/src/vmime/net/serviceInfos.hpp
new file mode 100644
index 0000000..1c4ac99
--- /dev/null
+++ b/vmime-master/src/vmime/net/serviceInfos.hpp
@@ -0,0 +1,263 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_SERVICEINFOS_HPP_INCLUDED
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/session.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Stores information about a messaging service.
+  */
+class VMIME_EXPORT serviceInfos {
+
+	friend class serviceFactory;
+
+protected:
+
+	serviceInfos();
+	serviceInfos(const serviceInfos&);
+
+private:
+
+	serviceInfos& operator=(const serviceInfos&);
+
+public:
+
+	virtual ~serviceInfos();
+
+
+	/** A service property.
+	  */
+	class VMIME_EXPORT property {
+
+	public:
+
+		/** The common property 'server.address' which is
+		  * the host name or the IP address of the server. */
+		static const property SERVER_ADDRESS;
+
+		/** The common property 'server.port' which is
+		  * the port used to connect to the server. */
+		static const property SERVER_PORT;
+
+		/** The common property 'server.rootpath' which is
+		  * the full path of the folder on the server (for
+		  * maildir, this is the local filesystem directory). */
+		static const property SERVER_ROOTPATH;
+
+		/** The common property 'auth.username' which is the
+		  * username used to authenticate with the server. */
+		static const property AUTH_USERNAME;
+
+		/** The common property 'auth.password' which is the
+		  * password used to authenticate with the server. */
+		static const property AUTH_PASSWORD;
+
+		/** The common property 'auth.accesstoken' which is the
+		  * access token used to authenticate with the server. */
+		static const property AUTH_ACCESS_TOKEN;
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+		/** The common property 'connection.tls': this is used to
+		  * start a secured connection if it is supported by the
+		  * server (STARTTLS extension).
+		  */
+		static const property CONNECTION_TLS;
+
+		/** The common property 'connection.tls.required' should be
+		  * set to 'true' to make the connection process fail if the
+		  * server can't start a secured connection (no effect if
+		  * 'connection.tls' is not set to 'true').
+		  */
+		static const property CONNECTION_TLS_REQUIRED;
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+		/** Value types.
+		  */
+		enum Types {
+			TYPE_INTEGER,   /*< Integer number. */
+			TYPE_STRING,    /*< Character string. */
+			TYPE_BOOLEAN,   /*< Boolean (true or false). */
+
+			TYPE_DEFAULT = TYPE_STRING
+		};
+
+		/** Property flags.
+		  */
+		enum Flags {
+			FLAG_NONE = 0,              /*< No flags. */
+			FLAG_REQUIRED = (1 << 0),   /*< The property must be valued. */
+			FLAG_HIDDEN = (1 << 1),     /*< The property should not be shown
+			                                to the user but can be modified. */
+
+			FLAG_DEFAULT = FLAG_NONE    /*< Default flags. */
+		};
+
+
+		/** Construct a new property.
+		  *
+		  * @param name property name
+		  * @param type value type
+		  * @param defaultValue default value
+		  * @param flags property attributes
+		  */
+		property(
+			const string& name,
+			const Types type,
+			const string& defaultValue = "",
+			const int flags = FLAG_DEFAULT
+		);
+
+		/** Construct a new property from an existing property.
+		  *
+		  * @param p source property
+		  * @param addFlags flags to add
+		  * @param removeFlags flags to remove
+		  */
+		property(
+			const property& p,
+			const int addFlags = FLAG_NONE,
+			const int removeFlags = FLAG_NONE
+		);
+
+		/** Construct a new property from an existing property.
+		  *
+		  * @param p source property
+		  * @param newDefaultValue new default value
+		  * @param addFlags flags to add
+		  * @param removeFlags flags to remove
+		  */
+		property(
+			const property& p,
+			const string& newDefaultValue,
+			const int addFlags = FLAG_NONE,
+			const int removeFlags = FLAG_NONE
+		);
+
+		property& operator=(const property& p);
+
+		/** Return the name of the property.
+		  *
+		  * @return property name
+		  */
+		const string& getName() const;
+
+		/** Return the default value of the property or
+		  * an empty string if there is no default value.
+		  *
+		  * @return default value for the property
+		  */
+		const string& getDefaultValue() const;
+
+		/** Return the value type of the property.
+		  *
+		  * @return property value type
+		  */
+		Types getType() const;
+
+		/** Return the attributes of the property (see
+		  * serviceInfos::property::Types constants).
+		  *
+		  * @return property attributes
+		  */
+		int getFlags() const;
+
+	private:
+
+		string m_name;
+		string m_defaultValue;
+		Types m_type;
+		int m_flags;
+	};
+
+
+	/** Return the property prefix used by this service.
+	  * Use this to set/get properties in the session object.
+	  *
+	  * @return property prefix
+	  */
+	virtual const string getPropertyPrefix() const = 0;
+
+	/** Return a list of available properties for this service.
+	  *
+	  * @return list of properties
+	  */
+	virtual const std::vector <property> getAvailableProperties() const = 0;
+
+	/** Helper function to retrieve the value of a property.
+	  *
+	  * @param s session object
+	  * @param p property to retrieve
+	  * @throw exceptions::no_such_property if the property does not exist
+	  * and has the flag property::FLAG_REQUIRED
+	  * @return value of the property
+	  */
+	template <typename TYPE>
+	const TYPE getPropertyValue(const shared_ptr <session>& s, const property& p) const {
+
+		if (p.getFlags() & property::FLAG_REQUIRED) {
+			return s->getProperties()[getPropertyPrefix() + p.getName()].template getValue <TYPE>();
+		}
+
+		return s->getProperties().template getProperty <TYPE>(
+			getPropertyPrefix() + p.getName(),
+			propertySet::valueFromString <TYPE>(p.getDefaultValue())
+		);
+	}
+
+	/** Helper function to test if the specified property is set in
+	  * the session object.
+	  *
+	  * @param s session object
+	  * @param p property to test
+	  * @return true if the property is set, false otherwise
+	  */
+	bool hasProperty(const shared_ptr <session>& s, const property& p) const;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SERVICEINFOS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/serviceRegistration.inl b/vmime-master/src/vmime/net/serviceRegistration.inl
new file mode 100644
index 0000000..9365199
--- /dev/null
+++ b/vmime-master/src/vmime/net/serviceRegistration.inl
@@ -0,0 +1,105 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/net/serviceFactory.hpp"
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+namespace vmime {
+namespace net {
+
+
+template <class S>
+class registeredServiceImpl : public serviceFactory::registeredService {
+
+public:
+
+	registeredServiceImpl(
+		const string& name,
+		const int type
+	)
+		: m_type(type),
+		  m_name(name),
+		  m_servInfos(S::getInfosInstance()) {
+
+	}
+
+	shared_ptr <service> create(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth
+	) const {
+
+		return make_shared <S>(sess, auth);
+	}
+
+	const serviceInfos& getInfos() const {
+
+		return m_servInfos;
+	}
+
+	const string& getName() const {
+
+		return m_name;
+	}
+
+	int getType() const {
+
+		return m_type;
+	}
+
+private:
+
+	const int m_type;
+	const string m_name;
+	const serviceInfos& m_servInfos;
+};
+
+
+// Basic service registerer
+template <class S>
+class serviceRegisterer {
+
+public:
+
+	serviceRegisterer(const string& protocol, const service::Type type) {
+
+		serviceFactory::getInstance()->registerService(
+			make_shared <registeredServiceImpl <S> >(protocol, type)
+		);
+	}
+};
+
+
+} // net
+} // vmime
+
+
+#define REGISTER_SERVICE(p_class, p_name, p_type) \
+	vmime::net::serviceRegisterer <vmime::net::p_class> \
+		p_name(#p_name, vmime::net::service::p_type)
+
+
+#endif // VMIME_BUILDING_DOC
+
diff --git a/vmime-master/src/vmime/net/session.cpp b/vmime-master/src/vmime/net/session.cpp
new file mode 100644
index 0000000..d4b13b4
--- /dev/null
+++ b/vmime-master/src/vmime/net/session.cpp
@@ -0,0 +1,188 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/session.hpp"
+#include "vmime/net/serviceFactory.hpp"
+
+#include "vmime/net/store.hpp"
+#include "vmime/net/transport.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+session::session() {
+
+#if VMIME_HAVE_TLS_SUPPORT
+	m_tlsProps = make_shared <tls::TLSProperties>();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+}
+
+
+session::session(const propertySet& props)
+	: m_props(props) {
+
+#if VMIME_HAVE_TLS_SUPPORT
+	m_tlsProps = make_shared <tls::TLSProperties>();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+}
+
+
+session::~session() {
+
+}
+
+
+// static
+shared_ptr <session> session::create() {
+
+	return shared_ptr <session>(new session());
+}
+
+
+// static
+shared_ptr <session> session::create(const propertySet& props) {
+
+	return shared_ptr <session>(new session(props));
+}
+
+
+shared_ptr <transport> session::getTransport(const shared_ptr <security::authenticator>& auth) {
+
+	return getTransport(m_props["transport.protocol"], auth);
+}
+
+
+shared_ptr <transport> session::getTransport(
+	const string& protocol,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <session> sess(dynamicCast <session>(shared_from_this()));
+	shared_ptr <service> sv = serviceFactory::getInstance()->create(sess, protocol, auth);
+
+	if (!sv || sv->getType() != service::TYPE_TRANSPORT) {
+		return null;
+	}
+
+	return dynamicCast <transport>(sv);
+}
+
+
+shared_ptr <transport> session::getTransport(
+	const utility::url& url,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <session> sess(dynamicCast <session>(shared_from_this()));
+	shared_ptr <service> sv = serviceFactory::getInstance()->create(sess, url, auth);
+
+	if (!sv || sv->getType() != service::TYPE_TRANSPORT) {
+		return null;
+	}
+
+	return dynamicCast <transport>(sv);
+}
+
+
+shared_ptr <store> session::getStore(const shared_ptr <security::authenticator>& auth) {
+
+	return getStore(m_props["store.protocol"], auth);
+}
+
+
+shared_ptr <store> session::getStore(
+	const string& protocol,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <session> sess(dynamicCast <session>(shared_from_this()));
+	shared_ptr <service> sv = serviceFactory::getInstance()->create(sess, protocol, auth);
+
+	if (!sv || sv->getType() != service::TYPE_STORE) {
+		return null;
+	}
+
+	return dynamicCast <store>(sv);
+}
+
+
+shared_ptr <store> session::getStore(
+	const utility::url& url,
+	const shared_ptr <security::authenticator>& auth
+) {
+
+	shared_ptr <session> sess(dynamicCast <session>(shared_from_this()));
+	shared_ptr <service> sv = serviceFactory::getInstance()->create(sess, url, auth);
+
+	if (!sv || sv->getType() != service::TYPE_STORE) {
+		return null;
+	}
+
+	return dynamicCast <store>(sv);
+}
+
+
+const propertySet& session::getProperties() const {
+
+	return m_props;
+}
+
+
+propertySet& session::getProperties() {
+
+	return m_props;
+}
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+void session::setTLSProperties(const shared_ptr <tls::TLSProperties>& tlsProps) {
+
+	m_tlsProps = make_shared <tls::TLSProperties>(*tlsProps);
+}
+
+
+shared_ptr <tls::TLSProperties> session::getTLSProperties() const {
+
+	return m_tlsProps;
+}
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/session.hpp b/vmime-master/src/vmime/net/session.hpp
new file mode 100644
index 0000000..7ccd0be
--- /dev/null
+++ b/vmime-master/src/vmime/net/session.hpp
@@ -0,0 +1,206 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SESSION_HPP_INCLUDED
+#define VMIME_NET_SESSION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/security/authenticator.hpp"
+
+#if VMIME_HAVE_TLS_SUPPORT
+#	include "vmime/net/tls/TLSProperties.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+#include "vmime/utility/url.hpp"
+
+#include "vmime/propertySet.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class store;
+class transport;
+
+
+/** An object that contains all the information needed
+  * for connection to a service.
+  */
+class VMIME_EXPORT session : public object, public enable_shared_from_this <session> {
+
+public:
+
+	/** Construct a new session.
+	  *
+	  * @return pointer to a new session
+	  */
+	static shared_ptr <session> create();
+
+	/** Construct a new session given properties.
+	  *
+	  * @param props session properties
+	  * @return pointer to a new session
+	  */
+	static shared_ptr <session> create(const propertySet& props);
+
+	~session();
+
+	/** Return a transport service instance for the protocol specified
+	  * in the session properties.
+	  *
+	  * The property "transport.protocol" specify the protocol to use.
+	  *
+	  * @param auth authenticator object to use for the new transport service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new transport service, or NULL if no service is registered for this
+	  * protocol or is not a transport protocol
+	  */
+	shared_ptr <transport> getTransport(
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return a transport service instance for the specified protocol.
+	  *
+	  * @param protocol transport protocol to use (eg. "smtp")
+	  * @param auth authenticator object to use for the new transport service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new transport service, or NULL if no service is registered for this
+	  * protocol or is not a transport protocol
+	  */
+	shared_ptr <transport> getTransport(
+		const string& protocol,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return a transport service instance for the specified URL.
+	  *
+	  * @param url full URL with at least the protocol to use (eg: "smtp://myserver.com/")
+	  * @param auth authenticator object to use for the new transport service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new transport service, or NULL if no service is registered for this
+	  * protocol or is not a transport protocol
+	  */
+	shared_ptr <transport> getTransport(
+		const utility::url& url,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return a transport service instance for the protocol specified
+	  * in the session properties.
+	  *
+	  * The property "store.protocol" specify the protocol to use.
+	  *
+	  * @param auth authenticator object to use for the new store service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new store service, or NULL if no service is registered for this
+	  * protocol or is not a store protocol
+	  */
+	shared_ptr <store> getStore(
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return a store service instance for the specified protocol.
+	  *
+	  * @param protocol store protocol to use (eg. "imap")
+	  * @param auth authenticator object to use for the new store service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new store service, or NULL if no service is registered for this
+	  * protocol or is not a store protocol
+	  */
+	shared_ptr <store> getStore(
+		const string& protocol,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Return a store service instance for the specified URL.
+	  *
+	  * @param url full URL with at least the protocol to use (eg: "imap://username:password@myserver.com/")
+	  * @param auth authenticator object to use for the new store service. If
+	  * NULL, a default one is used. The default authenticator simply return user
+	  * credentials by reading the session properties "auth.username" and "auth.password".
+	  * @return a new store service, or NULL if no service is registered for this
+	  * protocol or is not a store protocol
+	  */
+	shared_ptr <store> getStore(
+		const utility::url& url,
+		const shared_ptr <security::authenticator>& auth = null
+	);
+
+	/** Properties for the session and for the services.
+	  */
+	const propertySet& getProperties() const;
+
+	/** Properties for the session and for the services.
+	  */
+	propertySet& getProperties();
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+	/** Set properties for SSL/TLS secured connections in this session.
+	  *
+	  * @param tlsProps SSL/TLS properties
+	  */
+	void setTLSProperties(const shared_ptr <tls::TLSProperties>& tlsProps);
+
+	/** Get properties for SSL/TLS secured connections in this session.
+	  *
+	  * @return SSL/TLS properties
+	  */
+	shared_ptr <tls::TLSProperties> getTLSProperties() const;
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+private:
+
+	session();
+	session(const propertySet& props);
+
+
+	propertySet m_props;
+
+#if VMIME_HAVE_TLS_SUPPORT
+	shared_ptr <tls::TLSProperties> m_tlsProps;
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SESSION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.cpp b/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.cpp
new file mode 100644
index 0000000..3b242d1
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.cpp
@@ -0,0 +1,180 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp"
+
+#include "vmime/net/smtp/SMTPConnection.hpp"
+#include "vmime/net/smtp/SMTPTransport.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPChunkingOutputStreamAdapter::SMTPChunkingOutputStreamAdapter(
+	const shared_ptr <SMTPConnection>& conn,
+	const size_t size,
+	utility::progressListener* progress
+)
+	: m_connection(conn),
+	  m_bufferSize(0),
+	  m_chunkCount(0),
+	  m_totalSize(size),
+	  m_totalSent(0),
+	  m_progress(progress) {
+
+	if (progress) {
+		progress->start(size);
+	}
+}
+
+
+void SMTPChunkingOutputStreamAdapter::sendChunk(
+	const byte_t* const data,
+	const size_t count,
+	const bool last
+) {
+
+	if (count == 0 && !last) {
+		// Nothing to send
+		return;
+	}
+
+	// Send this chunk
+	m_connection->sendRequest(SMTPCommand::BDAT(count, last));
+	m_connection->getSocket()->sendRaw(data, count);
+
+	++m_chunkCount;
+
+	if (m_progress) {
+
+		m_totalSent += count;
+		m_totalSize = std::max(m_totalSize, m_totalSent);
+
+		m_progress->progress(m_totalSent, m_totalSize);
+	}
+
+	if (m_connection->getTracer()) {
+		m_connection->getTracer()->traceSendBytes(count);
+	}
+
+	// If PIPELINING is not supported, read one response for this BDAT command
+	if (!m_connection->hasExtension("PIPELINING")) {
+
+		shared_ptr <SMTPResponse> resp = m_connection->readResponse();
+
+		if (resp->getCode() != 250) {
+			m_connection->getTransport()->disconnect();
+			throw exceptions::command_error("BDAT", resp->getText());
+		}
+
+	// If PIPELINING is supported, read one response for each chunk (ie. number
+	// of BDAT commands issued) after the last chunk has been sent
+	} else if (last) {
+
+		bool invalidReply = false;
+		shared_ptr <SMTPResponse> resp;
+
+		for (unsigned int i = 0 ; i < m_chunkCount ; ++i) {
+
+			resp = m_connection->readResponse();
+
+			if (resp->getCode() != 250) {
+				invalidReply = true;
+			}
+		}
+
+		if (invalidReply) {
+			m_connection->getTransport()->disconnect();
+			throw exceptions::command_error("BDAT", resp->getText());
+		}
+	}
+}
+
+
+void SMTPChunkingOutputStreamAdapter::writeImpl(
+	const byte_t* const data,
+	const size_t count
+) {
+
+	const byte_t* curData = data;
+	size_t curCount = count;
+
+	while (curCount != 0) {
+
+		// Fill the buffer
+		const size_t remaining = sizeof(m_buffer) - m_bufferSize;
+		const size_t bytesToCopy = std::min(remaining, curCount);
+
+		std::copy(curData, curData + bytesToCopy, m_buffer + m_bufferSize);
+
+		m_bufferSize += bytesToCopy;
+		curData += bytesToCopy;
+		curCount -= bytesToCopy;
+
+		// If the buffer is full, send this chunk
+		if (m_bufferSize >= sizeof(m_buffer)) {
+
+			sendChunk(m_buffer, m_bufferSize, /* last */ false);
+			m_bufferSize = 0;
+		}
+	}
+}
+
+
+void SMTPChunkingOutputStreamAdapter::flush() {
+
+	sendChunk(m_buffer, m_bufferSize, /* last */ true);
+	m_bufferSize = 0;
+
+	if (m_progress) {
+		m_progress->stop(m_totalSize);
+	}
+
+	if (m_connection->getTracer()) {
+		m_connection->getTracer()->traceSendBytes(m_bufferSize);
+	}
+}
+
+
+size_t SMTPChunkingOutputStreamAdapter::getBlockSize() {
+
+	return sizeof(m_buffer);
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
diff --git a/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp b/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp
new file mode 100644
index 0000000..4ef466a
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp
@@ -0,0 +1,94 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPCHUNKINGOUTPUTSTREAMADAPTER_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPCHUNKINGOUTPUTSTREAMADAPTER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/utility/outputStream.hpp"
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+class SMTPConnection;
+
+
+/** An output stream adapter used with ESMTP CHUNKING extension.
+  */
+class VMIME_EXPORT SMTPChunkingOutputStreamAdapter : public utility::outputStream {
+
+public:
+
+	SMTPChunkingOutputStreamAdapter(
+		const shared_ptr <SMTPConnection>& conn,
+		const size_t size,
+		utility::progressListener* progress
+	);
+
+	void flush();
+
+	size_t getBlockSize();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	SMTPChunkingOutputStreamAdapter(const SMTPChunkingOutputStreamAdapter&);
+
+
+	void sendChunk(const byte_t* const data, const size_t count, const bool last);
+
+
+	shared_ptr <SMTPConnection> m_connection;
+
+	byte_t m_buffer[262144];  // 256 KB
+	size_t m_bufferSize;
+
+	unsigned int m_chunkCount;
+
+	size_t m_totalSize;
+	size_t m_totalSent;
+	utility::progressListener* m_progress;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPCHUNKINGOUTPUTSTREAMADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/SMTPCommand.cpp b/vmime-master/src/vmime/net/smtp/SMTPCommand.cpp
new file mode 100644
index 0000000..5e533d1
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPCommand.cpp
@@ -0,0 +1,258 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPCommand.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/tracer.hpp"
+
+#include "vmime/mailbox.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPCommand::SMTPCommand(const string& text, const string& traceText)
+	: m_text(text),
+	  m_traceText(traceText)
+{
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::EHLO(const string& hostname) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "EHLO " << hostname;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::HELO(const string& hostname) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "HELO " << hostname;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::AUTH(const string& mechName) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTH " << mechName;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::AUTH(const string& mechName, const std::string& initialResponse) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "AUTH " << mechName << " " << initialResponse;
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::STARTTLS() {
+
+	return createCommand("STARTTLS");
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::MAIL(const mailbox& mbox, const bool utf8,
+										   const std::string& dsnRet, const std::string& dsnEnvelopId) {
+
+	return MAIL(mbox, utf8, 0, dsnRet, dsnEnvelopId);
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::MAIL(const mailbox& mbox, const bool utf8, const size_t size,
+										   const std::string& dsnRet, const std::string& dsnEnvelopId) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "MAIL FROM:<";
+
+	if (utf8) {
+
+		cmd << mbox.getEmail().toText().getConvertedText(vmime::charsets::UTF_8);
+
+	} else {
+
+		vmime::utility::outputStreamAdapter cmd2(cmd);
+		mbox.getEmail().generate(cmd2);
+	}
+
+	cmd << ">";
+
+	if (!dsnRet.empty()) {
+		cmd << " " << dsn::RET << "=" << dsnRet;
+	}
+	if (!dsnEnvelopId.empty()) {
+		cmd << " " << dsn::ENVID << "=<" << dsnEnvelopId << ">";
+	}
+
+	if (utf8) {
+		cmd << " SMTPUTF8";
+	}
+
+	if (size != 0) {
+		cmd << " SIZE=" << size;
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::RCPT(const mailbox& mbox, const bool utf8,
+										   const string& dsnNotify) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "RCPT TO:<";
+
+	if (utf8) {
+
+		cmd << mbox.getEmail().toText().getConvertedText(vmime::charsets::UTF_8);
+
+	} else {
+
+		vmime::utility::outputStreamAdapter cmd2(cmd);
+		mbox.getEmail().generate(cmd2);
+	}
+
+	cmd << ">";
+
+	if (!dsnNotify.empty()) {
+		cmd << " " << dsn::NOTIFY << "=" << dsnNotify;
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::RSET() {
+
+	return createCommand("RSET");
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::DATA() {
+
+	return createCommand("DATA");
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::BDAT(const size_t chunkSize, const bool last) {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+	cmd << "BDAT " << chunkSize;
+
+	if (last) {
+		cmd << " LAST";
+	}
+
+	return createCommand(cmd.str());
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::NOOP() {
+
+	return createCommand("NOOP");
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::QUIT() {
+
+	return createCommand("QUIT");
+}
+
+
+// static
+shared_ptr <SMTPCommand> SMTPCommand::createCommand(const string& text, const string& traceText) {
+
+	if (traceText.empty()) {
+		return shared_ptr <SMTPCommand>(new SMTPCommand(text, text));
+	} else {
+		return shared_ptr <SMTPCommand>(new SMTPCommand(text, traceText));
+	}
+}
+
+
+const string SMTPCommand::getText() const {
+
+	return m_text;
+}
+
+
+const string SMTPCommand::getTraceText() const {
+
+	return m_traceText;
+}
+
+
+void SMTPCommand::writeToSocket(const shared_ptr <socket>& sok, shared_ptr <tracer> tr) {
+
+	sok->send(m_text + "\r\n");
+
+	if (tr) {
+		tr->traceSend(m_traceText);
+	}
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
diff --git a/vmime-master/src/vmime/net/smtp/SMTPCommand.hpp b/vmime-master/src/vmime/net/smtp/SMTPCommand.hpp
new file mode 100644
index 0000000..9a32d1e
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPCommand.hpp
@@ -0,0 +1,125 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPCOMMAND_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPCOMMAND_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/object.hpp"
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+
+
+class mailbox;
+
+
+namespace net {
+
+
+class socket;
+class timeoutHandler;
+class tracer;
+
+
+namespace smtp {
+
+
+/** A SMTP command, as sent to server.
+  */
+class VMIME_EXPORT SMTPCommand : public object {
+
+public:
+
+	static shared_ptr <SMTPCommand> HELO(const string& hostname);
+	static shared_ptr <SMTPCommand> EHLO(const string& hostname);
+	static shared_ptr <SMTPCommand> AUTH(const string& mechName);
+	static shared_ptr <SMTPCommand> AUTH(const string& mechName, const std::string& initialResponse);
+	static shared_ptr <SMTPCommand> STARTTLS();
+	static shared_ptr <SMTPCommand> MAIL(const mailbox& mbox, const bool utf8,
+										 const std::string& dsnRet, const std::string& dsnEnvelopId);
+	static shared_ptr <SMTPCommand> MAIL(const mailbox& mbox, const bool utf8, const size_t size,
+										 const std::string& dsnRet, const std::string& dsnEnvelopId);
+	static shared_ptr <SMTPCommand> RCPT(const mailbox& mbox, const bool utf8,
+										 const std::string& dsnNotify);
+	static shared_ptr <SMTPCommand> RSET();
+	static shared_ptr <SMTPCommand> DATA();
+	static shared_ptr <SMTPCommand> BDAT(const size_t chunkSize, const bool last);
+	static shared_ptr <SMTPCommand> NOOP();
+	static shared_ptr <SMTPCommand> QUIT();
+
+	/** Creates a new SMTP command with the specified text.
+	  *
+	  * @param text command text
+	  * @return a new SMTPCommand object
+	  */
+	static shared_ptr <SMTPCommand> createCommand(const string& text, const string& traceText = "");
+
+	/** Sends this command to the specified socket.
+	  *
+	  * @param sok socket to which the command will be written
+	  * @param tr tracer
+	  */
+	virtual void writeToSocket(const shared_ptr <socket>& sok, shared_ptr <tracer> tr);
+
+	/** Returns the full text of the command, including command name
+	  * and parameters (if any).
+	  *
+	  * @return command text (eg. "RCPT TO:<vincent@kisli.com>")
+	  */
+	virtual const string getText() const;
+
+	/** Returns the full text of the command, suitable for outputing
+	  * to the tracer.
+	  *
+	  * @return trace text (eg. "LOGIN myusername ***")
+	  */
+	virtual const string getTraceText() const;
+
+protected:
+
+	SMTPCommand(const string& text, const string& traceText);
+	SMTPCommand(const SMTPCommand&);
+
+private:
+
+	string m_text;
+	string m_traceText;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPCOMMAND_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/SMTPCommandSet.cpp b/vmime-master/src/vmime/net/smtp/SMTPCommandSet.cpp
new file mode 100644
index 0000000..eab7086
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPCommandSet.cpp
@@ -0,0 +1,160 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPCommandSet.hpp"
+
+#include "vmime/net/socket.hpp"
+
+#include "vmime/mailbox.hpp"
+
+#include <stdexcept>
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPCommandSet::SMTPCommandSet(const bool pipeline)
+	: SMTPCommand("", ""),
+	  m_pipeline(pipeline),
+	  m_started(false),
+	  m_lastCommandSent() {
+
+}
+
+
+// static
+shared_ptr <SMTPCommandSet> SMTPCommandSet::create(const bool pipeline) {
+
+	return shared_ptr <SMTPCommandSet>(new SMTPCommandSet(pipeline));
+}
+
+
+void SMTPCommandSet::addCommand(const shared_ptr <SMTPCommand>& cmd) {
+
+	if (m_started) {
+		throw std::runtime_error("Could not add command to pipeline: "
+			"one or more commands have already been sent to the server.");
+	}
+
+	m_commands.push_back(cmd);
+}
+
+
+void SMTPCommandSet::writeToSocket(const shared_ptr <socket>& sok, const shared_ptr <tracer>& tr) {
+
+	if (m_pipeline) {
+
+		if (!m_started) {
+
+			// Send all commands at once
+			for (std::list <shared_ptr <SMTPCommand> >::const_iterator it = m_commands.begin() ;
+			     it != m_commands.end() ; ++it) {
+
+				shared_ptr <SMTPCommand> cmd = *it;
+				cmd->writeToSocket(sok, tr);
+			}
+		}
+
+		if (!m_commands.empty()) {
+
+			// Advance the pointer to last command sent
+			shared_ptr <SMTPCommand> cmd = m_commands.front();
+			m_commands.pop_front();
+
+			m_lastCommandSent = cmd;
+		}
+
+	} else {
+
+		if (!m_commands.empty()) {
+
+			// Send only one command
+			shared_ptr <SMTPCommand> cmd = m_commands.front();
+			m_commands.pop_front();
+
+			cmd->writeToSocket(sok, tr);
+
+			m_lastCommandSent = cmd;
+		}
+	}
+
+	m_started = true;
+}
+
+
+const string SMTPCommandSet::getText() const {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	for (std::list <shared_ptr <SMTPCommand> >::const_iterator it = m_commands.begin() ;
+	     it != m_commands.end() ; ++it) {
+
+		cmd << (*it)->getText() << "\r\n";
+	}
+
+	return cmd.str();
+}
+
+
+const string SMTPCommandSet::getTraceText() const {
+
+	std::ostringstream cmd;
+	cmd.imbue(std::locale::classic());
+
+	for (std::list <shared_ptr <SMTPCommand> >::const_iterator it = m_commands.begin() ;
+	     it != m_commands.end() ; ++it) {
+
+		cmd << (*it)->getTraceText() << "\r\n";
+	}
+
+	return cmd.str();
+}
+
+
+bool SMTPCommandSet::isFinished() const {
+
+	return (m_pipeline && m_started) || (m_commands.size() == 0 && m_started);
+}
+
+
+shared_ptr <SMTPCommand> SMTPCommandSet::getLastCommandSent() const {
+
+	return m_lastCommandSent;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
diff --git a/vmime-master/src/vmime/net/smtp/SMTPCommandSet.hpp b/vmime-master/src/vmime/net/smtp/SMTPCommandSet.hpp
new file mode 100644
index 0000000..2fd977c
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPCommandSet.hpp
@@ -0,0 +1,106 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPCOMMANDSET_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPCOMMANDSET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include <list>
+
+#include "vmime/net/smtp/SMTPCommand.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+/** A set of SMTP commands, which may be sent all at once
+  * to the server if pipelining is supported.
+  */
+class VMIME_EXPORT SMTPCommandSet : public SMTPCommand {
+
+public:
+
+	/** Creates a new set of SMTP commands.
+	  *
+	  * @param pipeline set to true if the server supports pipelining
+	  * @return a new SMTPCommandSet object
+	  */
+	static shared_ptr <SMTPCommandSet> create(const bool pipeline);
+
+	/** Adds a new command to this set.
+	  * If one or more comments have already been sent to the server,
+	  * an exception will be thrown.
+	  *
+	  * @param cmd command to add
+	  */
+	void addCommand(const shared_ptr <SMTPCommand>& cmd);
+
+	/** Tests whether all commands have been sent.
+	  *
+	  * @return true if all commands have been sent,
+	  * or false otherwise
+	  */
+	bool isFinished() const;
+
+	/** Returns the last command which has been sent.
+	  *
+	  * @return a pointer to a SMTPCommand, of NULL if no command
+	  * has been sent yet
+	  */
+	shared_ptr <SMTPCommand> getLastCommandSent() const;
+
+
+	void writeToSocket(const shared_ptr <socket>& sok, const shared_ptr <tracer>& tr);
+
+	const string getText() const;
+	const string getTraceText() const;
+
+private:
+
+	SMTPCommandSet(const bool pipeline);
+	SMTPCommandSet(const SMTPCommandSet&);
+
+
+	bool m_pipeline;
+	bool m_started;
+	std::list <shared_ptr <SMTPCommand> > m_commands;
+	shared_ptr <SMTPCommand> m_lastCommandSent;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPCOMMANDSET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/SMTPConnection.cpp b/vmime-master/src/vmime/net/smtp/SMTPConnection.cpp
new file mode 100644
index 0000000..07d0376
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPConnection.cpp
@@ -0,0 +1,714 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPConnection.hpp"
+#include "vmime/net/smtp/SMTPTransport.hpp"
+#include "vmime/net/smtp/SMTPExceptions.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/platform.hpp"
+
+#include "vmime/security/digest/messageDigestFactory.hpp"
+
+#include "vmime/net/defaultConnectionInfos.hpp"
+
+#if VMIME_HAVE_SASL_SUPPORT
+	#include "vmime/security/sasl/SASLContext.hpp"
+#else
+	#include "vmime/utility/encoder/b64Encoder.hpp"
+	#include "vmime/utility/inputStreamStringAdapter.hpp"
+	#include "vmime/utility/outputStreamStringAdapter.hpp"
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "vmime/net/tls/TLSSession.hpp"
+	#include "vmime/net/tls/TLSSecuredConnectionInfos.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+// Helpers for service properties
+#define GET_PROPERTY(type, prop) \
+	(m_transport.lock()->getInfos().getPropertyValue <type>(getSession(), \
+		dynamic_cast <const SMTPServiceInfos&>(m_transport.lock()->getInfos()).getProperties().prop))
+#define HAS_PROPERTY(prop) \
+	(m_transport.lock()->getInfos().hasProperty(getSession(), \
+		dynamic_cast <const SMTPServiceInfos&>(m_transport.lock()->getInfos()).getProperties().prop))
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+
+SMTPConnection::SMTPConnection(
+	const shared_ptr <SMTPTransport>& transport,
+	const shared_ptr <security::authenticator>& auth
+)
+	: m_transport(transport),
+	  m_auth(auth),
+	  m_socket(null),
+	  m_timeoutHandler(null),
+	  m_authenticated(false),
+	  m_secured(false),
+	  m_extendedSMTP(false) {
+
+	static int connectionId = 0;
+
+	if (transport->getTracerFactory()) {
+		m_tracer = transport->getTracerFactory()->create(transport, ++connectionId);
+	}
+}
+
+
+SMTPConnection::~SMTPConnection() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		} else if (m_socket) {
+			internalDisconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+void SMTPConnection::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	const string address = GET_PROPERTY(string, PROPERTY_SERVER_ADDRESS);
+	const port_t port = GET_PROPERTY(port_t, PROPERTY_SERVER_PORT);
+
+	shared_ptr <SMTPTransport> transport = m_transport.lock();
+
+	// Create the time-out handler
+	if (transport->getTimeoutHandlerFactory()) {
+		m_timeoutHandler = transport->getTimeoutHandlerFactory()->create();
+	}
+
+	// Create and connect the socket
+	m_socket = transport->getSocketFactory()->create(m_timeoutHandler);
+	m_socket->setTracer(m_tracer);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (transport->isSMTPS()) {  // dedicated port/SMTPS
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create(
+			transport->getCertificateVerifier(),
+			transport->getSession()->getTLSProperties()
+		);
+
+		shared_ptr <tls::TLSSocket> tlsSocket = tlsSession->getSocket(m_socket);
+
+		m_socket = tlsSocket;
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(address, port, tlsSession, tlsSocket);
+
+	} else
+#endif // VMIME_HAVE_TLS_SUPPORT
+	{
+		m_cntInfos = make_shared <defaultConnectionInfos>(address, port);
+	}
+
+	m_socket->connect(address, port);
+
+	// Connection
+	//
+	// eg:  C: <connection to server>
+	// ---  S: 220 smtp.domain.com Service ready
+
+	shared_ptr <SMTPResponse> resp;
+
+	if ((resp = readResponse())->getCode() != 220) {
+		internalDisconnect();
+		throw exceptions::connection_greeting_error(resp->getText());
+	}
+
+	// Identification
+	helo();
+
+#if VMIME_HAVE_TLS_SUPPORT
+	// Setup secured connection, if requested
+	const bool tls = HAS_PROPERTY(PROPERTY_CONNECTION_TLS)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS);
+	const bool tlsRequired = HAS_PROPERTY(PROPERTY_CONNECTION_TLS_REQUIRED)
+		&& GET_PROPERTY(bool, PROPERTY_CONNECTION_TLS_REQUIRED);
+
+	if (!transport->isSMTPS() && tls) {  // only if not SMTPS
+
+		try {
+
+			startTLS();
+
+		// Non-fatal error
+		} catch (exceptions::command_error&) {
+
+			if (tlsRequired) {
+				throw;
+			} else {
+				// TLS is not required, so don't bother
+			}
+
+		// Fatal error
+		} catch (...) {
+
+			throw;
+		}
+
+		// Must reissue a EHLO command [RFC-2487, 5.2]
+		helo();
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	// Authentication
+	if (GET_PROPERTY(bool, PROPERTY_OPTIONS_NEEDAUTH)) {
+		authenticate();
+	} else {
+		m_authenticated = true;
+	}
+}
+
+
+void SMTPConnection::helo() {
+
+	// First, try Extended SMTP (ESMTP)
+	//
+	// eg:  C: EHLO thismachine.ourdomain.com
+	//      S: 250-smtp.theserver.com
+	//      S: 250-AUTH CRAM-MD5 DIGEST-MD5
+	//      S: 250-PIPELINING
+	//      S: 250 SIZE 2555555555
+
+	sendRequest(SMTPCommand::EHLO(platform::getHandler()->getHostName()));
+
+	shared_ptr <SMTPResponse> resp;
+
+	if ((resp = readResponse())->getCode() != 250) {
+
+		// Next, try "Basic" SMTP
+		//
+		// eg:  C: HELO thismachine.ourdomain.com
+		//      S: 250 OK
+
+		sendRequest(SMTPCommand::HELO(platform::getHandler()->getHostName()));
+
+		if ((resp = readResponse())->getCode() != 250) {
+			internalDisconnect();
+			throw exceptions::connection_greeting_error(resp->getLastLine().getText());
+		}
+
+		m_extendedSMTP = false;
+		m_extensions.clear();
+
+	} else {
+
+		m_extendedSMTP = true;
+		m_extensions.clear();
+
+		// Get supported extensions from SMTP response
+		// One extension per line, format is: EXT PARAM1 PARAM2...
+		for (size_t i = 1, n = resp->getLineCount() ; i < n ; ++i) {
+
+			const string line = resp->getLineAt(i).getText();
+
+			std::istringstream iss(line);
+			iss.imbue(std::locale::classic());
+
+			string ext;
+			iss >> ext;
+
+			std::vector <string> params;
+			string param;
+
+			// Special case: some servers send "AUTH=MECH [MECH MECH...]"
+			if (ext.length() >= 5 && utility::stringUtils::toUpper(ext.substr(0, 5)) == "AUTH=") {
+
+				params.push_back(utility::stringUtils::toUpper(ext.substr(5)));
+				ext = "AUTH";
+			}
+
+			while (iss >> param) {
+				params.push_back(utility::stringUtils::toUpper(param));
+			}
+
+			m_extensions[ext] = params;
+		}
+	}
+}
+
+
+bool SMTPConnection::hasExtension(
+	const std::string& extName,
+	std::vector <string>* params
+) const {
+
+	std::map <string, std::vector <string> >::const_iterator
+		it = m_extensions.find(extName);
+
+	if (it != m_extensions.end()) {
+
+		if (params) {
+			*params = (*it).second;
+		}
+
+		return true;
+
+	} else {
+
+		return false;
+	}
+}
+
+
+void SMTPConnection::authenticate() {
+
+	if (!m_extendedSMTP) {
+		internalDisconnect();
+		throw exceptions::command_error("AUTH", "ESMTP not supported.");
+	}
+
+	getAuthenticator()->setService(m_transport.lock());
+
+#if VMIME_HAVE_SASL_SUPPORT
+	// Try SASL authentication
+	if (GET_PROPERTY(bool, PROPERTY_OPTIONS_SASL)) {
+
+		try {
+
+			authenticateSASL();
+
+			m_authenticated = true;
+			return;
+
+		} catch (exception&) {
+
+			internalDisconnect();
+			throw;
+		}
+	}
+#else  // no SASL
+
+	// allow AUTH PLAIN over TLS - it is a popular and simple mechanism
+	if (m_secured) {
+
+		std::vector <string> authMechs;
+		hasExtension("AUTH", &authMechs);
+
+		if (authMechs.empty()) {
+			throw exceptions::authentication_error("No AUTH mechanism available.");
+		}
+
+		const string plain("PLAIN");
+
+		if (std::find(authMechs.begin(), authMechs.end(), plain) != authMechs.end()) {
+
+			const string username = getAuthenticator()->getUsername();
+			const string password = getAuthenticator()->getPassword();
+			const string authToken = username + '\0' + username + '\0' + password;
+
+			utility::inputStreamStringAdapter in(authToken);
+			string authTokenBase64;
+			utility::outputStreamStringAdapter out(authTokenBase64);
+
+			vmime::utility::encoder::b64Encoder encoder;
+			encoder.encode(in, out);
+
+			sendRequest(SMTPCommand::AUTH(plain, authTokenBase64));
+
+			shared_ptr <SMTPResponse> response = readResponse();
+
+			const int code = response ? response->getCode() : -1;
+
+			if (code == 235) {
+				m_authenticated = true;
+				return;
+			}
+		}
+	}
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// No other authentication method is possible
+	throw exceptions::authentication_error("All authentication methods failed");
+}
+
+
+
+#if VMIME_HAVE_SASL_SUPPORT
+
+void SMTPConnection::authenticateSASL() {
+
+	if (!dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())) {
+		throw exceptions::authentication_error("No SASL authenticator available.");
+	}
+
+	// Obtain SASL mechanisms supported by server from ESMTP extensions
+	std::vector <string> saslMechs;
+	hasExtension("AUTH", &saslMechs);
+
+	if (saslMechs.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	std::vector <shared_ptr <security::sasl::SASLMechanism> > mechList;
+
+	shared_ptr <security::sasl::SASLContext> saslContext =
+		security::sasl::SASLContext::create();
+
+	for (unsigned int i = 0 ; i < saslMechs.size() ; ++i) {
+
+		try {
+
+			mechList.push_back
+				(saslContext->createMechanism(saslMechs[i]));
+
+		} catch (exceptions::no_such_mechanism&) {
+
+			// Ignore mechanism
+		}
+	}
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try to suggest a mechanism among all those supported
+	shared_ptr <security::sasl::SASLMechanism> suggestedMech =
+		saslContext->suggestMechanism(mechList);
+
+	if (!suggestedMech) {
+		throw exceptions::authentication_error("Unable to suggest SASL mechanism.");
+	}
+
+	// Allow application to choose which mechanisms to use
+	mechList = dynamicCast <security::sasl::SASLAuthenticator>(getAuthenticator())->
+		getAcceptableMechanisms(mechList, suggestedMech);
+
+	if (mechList.empty()) {
+		throw exceptions::authentication_error("No SASL mechanism available.");
+	}
+
+	// Try each mechanism in the list in turn
+	for (unsigned int i = 0 ; i < mechList.size() ; ++i) {
+
+		shared_ptr <security::sasl::SASLMechanism> mech = mechList[i];
+
+		shared_ptr <security::sasl::SASLSession> saslSession =
+			saslContext->createSession("smtp", getAuthenticator(), mech);
+
+		saslSession->init();
+
+		if (saslSession->getMechanism()->hasInitialResponse()) {
+
+			byte_t* initialResp = 0;
+			size_t initialRespLen = 0;
+
+			saslSession->evaluateChallenge(NULL, 0, &initialResp, &initialRespLen);
+
+			string encodedInitialResp(saslContext->encodeB64(initialResp, initialRespLen));
+			delete [] initialResp;
+
+			if (encodedInitialResp.empty()) {
+				sendRequest(SMTPCommand::AUTH(mech->getName(), "="));
+			} else {
+				sendRequest(SMTPCommand::AUTH(mech->getName(), encodedInitialResp));
+			}
+
+		} else {
+
+			sendRequest(SMTPCommand::AUTH(mech->getName()));
+		}
+
+		for (bool cont = true ; cont ; ) {
+
+			shared_ptr <SMTPResponse> response = readResponse();
+
+			switch (response->getCode()) {
+
+				case 235: {
+
+					m_socket = saslSession->getSecuredSocket(m_socket);
+					return;
+				}
+				case 334: {
+
+					byte_t* challenge = 0;
+					size_t challengeLen = 0;
+
+					byte_t* resp = 0;
+					size_t respLen = 0;
+
+					try {
+
+						// Extract challenge
+						saslContext->decodeB64(response->getText(), &challenge, &challengeLen);
+
+						// Prepare response
+						saslSession->evaluateChallenge(challenge, challengeLen, &resp, &respLen);
+
+						// Send response
+						const string respB64 = saslContext->encodeB64(resp, respLen) + "\r\n";
+						m_socket->sendRaw(utility::stringUtils::bytesFromString(respB64), respB64.length());
+
+						if (m_tracer) {
+							m_tracer->traceSendBytes(respB64.length() - 2, "SASL exchange");
+						}
+
+					} catch (exceptions::sasl_exception& e) {
+
+						if (challenge) {
+							delete [] challenge;
+							challenge = NULL;
+						}
+
+						if (resp) {
+							delete [] resp;
+							resp = NULL;
+						}
+
+						// Cancel SASL exchange
+						m_socket->send("*\r\n");
+
+						if (m_tracer) {
+							m_tracer->traceSend("*");
+						}
+
+					} catch (...) {
+
+						if (challenge) {
+							delete [] challenge;
+						}
+
+						if (resp) {
+							delete [] resp;
+						}
+
+						throw;
+					}
+
+					if (challenge) {
+						delete [] challenge;
+					}
+
+					if (resp) {
+						delete [] resp;
+					}
+
+					break;
+				}
+				default:
+
+					cont = false;
+					break;
+			}
+		}
+	}
+
+	throw exceptions::authentication_error("Could not authenticate using SASL: all mechanisms failed.");
+}
+
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+
+#if VMIME_HAVE_TLS_SUPPORT
+
+void SMTPConnection::startTLS() {
+
+	try {
+
+		sendRequest(SMTPCommand::STARTTLS());
+
+		shared_ptr <SMTPResponse> resp = readResponse();
+
+		if (resp->getCode() != 220) {
+
+			throw SMTPCommandError(
+				"STARTTLS", resp->getText(), resp->getCode(), resp->getEnhancedCode()
+			);
+		}
+
+		shared_ptr <tls::TLSSession> tlsSession = tls::TLSSession::create(
+			getTransport()->getCertificateVerifier(),
+			getTransport()->getSession()->getTLSProperties()
+		);
+
+		shared_ptr <tls::TLSSocket> tlsSocket = tlsSession->getSocket(m_socket);
+
+		tlsSocket->handshake();
+
+		m_socket = tlsSocket;
+
+		m_secured = true;
+		m_cntInfos = make_shared <tls::TLSSecuredConnectionInfos>(
+			m_cntInfos->getHost(), m_cntInfos->getPort(), tlsSession, tlsSocket
+		);
+
+	} catch (exceptions::command_error&) {
+
+		// Non-fatal error
+		throw;
+
+	} catch (exception&) {
+
+		// Fatal error
+		internalDisconnect();
+		throw;
+	}
+}
+
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+void SMTPConnection::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	internalDisconnect();
+}
+
+
+void SMTPConnection::internalDisconnect() {
+
+	if (isConnected()) {
+
+		try {
+
+			sendRequest(SMTPCommand::QUIT());
+
+			// Do not wait for server response. This is contrary to the RFC, but
+			// some servers never send a response to a QUIT command.
+
+		} catch (exception&) {
+
+			// Not important
+		}
+	}
+
+	m_socket->disconnect();
+	m_socket = null;
+
+	m_timeoutHandler = null;
+
+	m_authenticated = false;
+	m_extendedSMTP = false;
+
+	m_secured = false;
+	m_cntInfos = null;
+}
+
+
+void SMTPConnection::sendRequest(const shared_ptr <SMTPCommand>& cmd) {
+
+	cmd->writeToSocket(m_socket, m_tracer);
+}
+
+
+shared_ptr <SMTPResponse> SMTPConnection::readResponse() {
+
+	shared_ptr <SMTPResponse> resp = SMTPResponse::readResponse(
+		m_tracer, m_socket, m_timeoutHandler, m_responseState
+	);
+
+	m_responseState = resp->getCurrentState();
+
+	return resp;
+}
+
+
+bool SMTPConnection::isConnected() const {
+
+	return m_socket && m_socket->isConnected() && m_authenticated;
+}
+
+
+bool SMTPConnection::isSecuredConnection() const {
+
+	return m_secured;
+}
+
+
+shared_ptr <connectionInfos> SMTPConnection::getConnectionInfos() const {
+
+	return m_cntInfos;
+}
+
+
+shared_ptr <SMTPTransport> SMTPConnection::getTransport() {
+
+	return m_transport.lock();
+}
+
+
+shared_ptr <session> SMTPConnection::getSession() {
+
+	return m_transport.lock()->getSession();
+}
+
+
+shared_ptr <socket> SMTPConnection::getSocket() {
+
+	return m_socket;
+}
+
+
+shared_ptr <tracer> SMTPConnection::getTracer() {
+
+	return m_tracer;
+}
+
+
+shared_ptr <timeoutHandler> SMTPConnection::getTimeoutHandler() {
+
+	return m_timeoutHandler;
+}
+
+
+shared_ptr <security::authenticator> SMTPConnection::getAuthenticator() {
+
+	return m_auth;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
diff --git a/vmime-master/src/vmime/net/smtp/SMTPConnection.hpp b/vmime-master/src/vmime/net/smtp/SMTPConnection.hpp
new file mode 100644
index 0000000..d8a2375
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPConnection.hpp
@@ -0,0 +1,136 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPCONNECTION_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPCONNECTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/messageId.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/session.hpp"
+#include "vmime/net/connectionInfos.hpp"
+#include "vmime/net/tracer.hpp"
+
+#include "vmime/net/smtp/SMTPCommand.hpp"
+#include "vmime/net/smtp/SMTPResponse.hpp"
+
+#include "vmime/security/authenticator.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class socket;
+class timeoutHandler;
+
+
+namespace smtp {
+
+
+class SMTPTransport;
+
+
+/** Manage connection to a SMTP server.
+  */
+class VMIME_EXPORT SMTPConnection : public object {
+
+public:
+
+	SMTPConnection(
+		const shared_ptr <SMTPTransport>& transport,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	~SMTPConnection();
+
+
+	virtual void connect();
+	virtual bool isConnected() const;
+	virtual void disconnect();
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+
+	virtual shared_ptr <SMTPTransport> getTransport();
+	virtual shared_ptr <socket> getSocket();
+	virtual shared_ptr <timeoutHandler> getTimeoutHandler();
+	virtual shared_ptr <security::authenticator> getAuthenticator();
+	virtual shared_ptr <session> getSession();
+	virtual shared_ptr <tracer> getTracer();
+
+	void sendRequest(const shared_ptr <SMTPCommand>& cmd);
+	shared_ptr <SMTPResponse> readResponse();
+
+	bool hasExtension(const std::string& extName, std::vector <string>* params = NULL) const;
+
+private:
+
+	void internalDisconnect();
+
+	void helo();
+	void authenticate();
+#if VMIME_HAVE_SASL_SUPPORT
+	void authenticateSASL();
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+#if VMIME_HAVE_TLS_SUPPORT
+	void startTLS();
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+	weak_ptr <SMTPTransport> m_transport;
+
+	shared_ptr <security::authenticator> m_auth;
+	shared_ptr <socket> m_socket;
+	shared_ptr <timeoutHandler> m_timeoutHandler;
+	shared_ptr <tracer> m_tracer;
+
+	SMTPResponse::state m_responseState;
+
+	bool m_authenticated;
+	bool m_secured;
+
+	shared_ptr <connectionInfos> m_cntInfos;
+
+	bool m_extendedSMTP;
+	std::map <string, std::vector <string> > m_extensions;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPCONNECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/SMTPExceptions.cpp b/vmime-master/src/vmime/net/smtp/SMTPExceptions.cpp
new file mode 100644
index 0000000..e3b4652
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPExceptions.cpp
@@ -0,0 +1,212 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPExceptions.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+//
+// SMTPCommandError
+//
+
+SMTPCommandError::SMTPCommandError(
+	const string& command,
+	const string& response,
+	const string& desc,
+	const int statusCode,
+    const SMTPResponse::enhancedStatusCode& extendedStatusCode,
+    const exception& other
+)
+	: command_error(command, response, desc, other),
+	  m_status(statusCode),
+	  m_exStatus(extendedStatusCode) {
+
+}
+
+
+SMTPCommandError::SMTPCommandError(
+	const string& command,
+	const string& response,
+	const int statusCode,
+	const SMTPResponse::enhancedStatusCode& extendedStatusCode,
+    const exception& other
+)
+	: command_error(command, response, "", other),
+	  m_status(statusCode),
+	  m_exStatus(extendedStatusCode) {
+
+}
+
+
+SMTPCommandError::~SMTPCommandError() throw() {
+
+}
+
+
+int SMTPCommandError::statusCode() const {
+
+	return m_status;
+}
+
+
+const SMTPResponse::enhancedStatusCode SMTPCommandError::extendedStatusCode() const {
+
+	return m_exStatus;
+}
+
+
+exception* SMTPCommandError::clone() const {
+
+	return new SMTPCommandError(*this);
+}
+
+
+const char* SMTPCommandError::name() const throw() {
+
+	return "SMTPCommandError";
+}
+
+
+//
+// SMTPMessageSizeExceedsMaxLimitsException
+//
+
+SMTPMessageSizeExceedsMaxLimitsException::SMTPMessageSizeExceedsMaxLimitsException(const exception& other)
+	: net_exception("Message size exceeds maximum server limits (permanent error).", other) {
+
+}
+
+
+SMTPMessageSizeExceedsMaxLimitsException::~SMTPMessageSizeExceedsMaxLimitsException() throw() {
+
+}
+
+
+exception* SMTPMessageSizeExceedsMaxLimitsException::clone() const {
+
+	return new SMTPMessageSizeExceedsMaxLimitsException(*this);
+}
+
+
+const char* SMTPMessageSizeExceedsMaxLimitsException::name() const throw() {
+
+	return "SMTPMessageSizeExceedsMaxLimitsException";
+}
+
+
+//
+// SMTPMessageSizeExceedsCurLimitsException
+//
+
+SMTPMessageSizeExceedsCurLimitsException::SMTPMessageSizeExceedsCurLimitsException(const exception& other)
+	: net_exception("Message size exceeds current server limits (temporary storage error).", other) {
+
+}
+
+
+SMTPMessageSizeExceedsCurLimitsException::~SMTPMessageSizeExceedsCurLimitsException() throw() {
+
+}
+
+
+exception* SMTPMessageSizeExceedsCurLimitsException::clone() const {
+
+	return new SMTPMessageSizeExceedsCurLimitsException(*this);
+}
+
+
+const char* SMTPMessageSizeExceedsCurLimitsException::name() const throw() {
+
+	return "SMTPMessageSizeExceedsCurLimitsException";
+}
+
+
+//
+// SMTPExtensionNotSupportedException
+//
+
+SMTPExtensionNotSupportedException::SMTPExtensionNotSupportedException(const string &what, const exception& other)
+	: net_exception(what.empty() ? "A required extension is not supported by the SMTP server." : what, other) {
+
+}
+
+
+SMTPExtensionNotSupportedException::~SMTPExtensionNotSupportedException() throw() {
+
+}
+
+
+exception* SMTPExtensionNotSupportedException::clone() const {
+
+	return new SMTPExtensionNotSupportedException(*this);
+}
+
+
+const char* SMTPExtensionNotSupportedException::name() const throw() {
+
+	return "SMTPExtensionNotSupportedException";
+}
+
+
+//
+// SMTPDSNExtensionNotSupportedException
+//
+
+SMTPDSNExtensionNotSupportedException::SMTPDSNExtensionNotSupportedException(const exception& other)
+	: SMTPExtensionNotSupportedException("RFC-1891 DSN extension is not supported by the SMTP server.", other) {
+
+}
+
+
+SMTPDSNExtensionNotSupportedException::~SMTPDSNExtensionNotSupportedException() throw() {
+
+}
+
+
+exception* SMTPDSNExtensionNotSupportedException::clone() const {
+	return new SMTPDSNExtensionNotSupportedException(*this);
+}
+
+
+const char* SMTPDSNExtensionNotSupportedException::name() const throw() {
+
+	return "SMTPDSNExtensionNotSupportedException";
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
diff --git a/vmime-master/src/vmime/net/smtp/SMTPExceptions.hpp b/vmime-master/src/vmime/net/smtp/SMTPExceptions.hpp
new file mode 100644
index 0000000..488ee2e
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPExceptions.hpp
@@ -0,0 +1,159 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPEXCEPTIONS_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPEXCEPTIONS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/exception.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/net/smtp/SMTPResponse.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+/** SMTP Command error: a SMTP command failed.
+  */
+class VMIME_EXPORT SMTPCommandError : public exceptions::command_error {
+
+public:
+
+	SMTPCommandError(
+		const string& command,
+		const string& response,
+		const string& desc,
+		const int statusCode,
+		const SMTPResponse::enhancedStatusCode& extendedStatusCode,
+		const exception& other = NO_EXCEPTION
+	);
+
+	SMTPCommandError(
+		const string& command,
+		const string& response,
+		const int statusCode, const SMTPResponse::enhancedStatusCode& extendedStatusCode,
+		const exception& other = NO_EXCEPTION
+	);
+
+	~SMTPCommandError() throw();
+
+	/** Returns the SMTP status code for this error.
+	  *
+	  * @return status code (protocol-dependent)
+	  */
+	int statusCode() const;
+
+	/** Returns the extended status code (following RFC-3463) for this
+	  * error, if available.
+	  *
+	  * @return status code
+	  */
+	const SMTPResponse::enhancedStatusCode extendedStatusCode() const;
+
+
+	exception* clone() const;
+	const char* name() const throw();
+
+private:
+
+	int m_status;
+	SMTPResponse::enhancedStatusCode m_exStatus;
+};
+
+
+/** SMTP error: message size exceeds maximum server limits.
+  * This is a permanent error.
+  */
+class VMIME_EXPORT SMTPMessageSizeExceedsMaxLimitsException : public exceptions::net_exception {
+
+public:
+
+	SMTPMessageSizeExceedsMaxLimitsException(const exception& other = NO_EXCEPTION);
+	~SMTPMessageSizeExceedsMaxLimitsException() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** SMTP error: message size exceeds current server limits.
+  * This is a temporary error (you may retry later).
+  */
+class VMIME_EXPORT SMTPMessageSizeExceedsCurLimitsException : public exceptions::net_exception {
+
+public:
+
+	SMTPMessageSizeExceedsCurLimitsException(const exception& other = NO_EXCEPTION);
+	~SMTPMessageSizeExceedsCurLimitsException() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** SMTP error: a required extension is not supported by the server.
+  */
+class VMIME_EXPORT SMTPExtensionNotSupportedException : public exceptions::net_exception {
+
+public:
+
+	SMTPExtensionNotSupportedException(const string& what, const exception& other = NO_EXCEPTION);
+	~SMTPExtensionNotSupportedException() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+/** SMTP error: RFC-1891 DSN extension is not supported by the server.
+  */
+class VMIME_EXPORT SMTPDSNExtensionNotSupportedException : public SMTPExtensionNotSupportedException {
+
+public:
+
+	SMTPDSNExtensionNotSupportedException(const exception& other = NO_EXCEPTION);
+	~SMTPDSNExtensionNotSupportedException() throw();
+
+	exception* clone() const;
+	const char* name() const throw();
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPEXCEPTIONS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPResponse.cpp b/vmime-master/src/vmime/net/smtp/SMTPResponse.cpp
new file mode 100644
index 0000000..2234705
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPResponse.cpp
@@ -0,0 +1,366 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPResponse.hpp"
+
+#include "vmime/platform.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/tracer.hpp"
+
+#include <cctype>
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPResponse::SMTPResponse(
+	const shared_ptr <tracer>& tr,
+	const shared_ptr <socket>& sok,
+	const shared_ptr <timeoutHandler>& toh,
+	const state& st
+)
+	: m_socket(sok),
+	  m_timeoutHandler(toh),
+	  m_tracer(tr),
+	  m_responseBuffer(st.responseBuffer),
+	  m_responseContinues(false) {
+
+}
+
+
+SMTPResponse::SMTPResponse(const SMTPResponse&)
+	: vmime::object() {
+
+	// Not used
+}
+
+
+int SMTPResponse::getCode() const {
+
+	const int firstCode = m_lines[0].getCode();
+
+	for (unsigned int i = 1 ; i < m_lines.size() ; ++i) {
+
+		// All response codes returned must be equal
+		// or else this in an error...
+		if (m_lines[i].getCode() != firstCode) {
+			return 0;
+		}
+	}
+
+	return firstCode;
+}
+
+
+const SMTPResponse::enhancedStatusCode SMTPResponse::getEnhancedCode() const {
+
+	return m_lines[m_lines.size() - 1].getEnhancedCode();
+}
+
+
+const string SMTPResponse::getText() const {
+
+	string text = m_lines[0].getText();
+
+	for (unsigned int i = 1 ; i < m_lines.size() ; ++i) {
+
+		text += '\n';
+		text += m_lines[i].getText();
+	}
+
+	return text;
+}
+
+
+// static
+shared_ptr <SMTPResponse> SMTPResponse::readResponse(
+	const shared_ptr <tracer>& tr,
+	const shared_ptr <socket>& sok,
+	const shared_ptr <timeoutHandler>& toh,
+	const state& st
+) {
+
+	shared_ptr <SMTPResponse> resp =
+		shared_ptr <SMTPResponse>(new SMTPResponse(tr, sok, toh, st));
+
+	resp->readResponse();
+
+	return resp;
+}
+
+
+void SMTPResponse::readResponse() {
+
+	responseLine line = getNextResponse();
+	m_lines.push_back(line);
+
+	while (m_responseContinues) {
+		line = getNextResponse();
+		m_lines.push_back(line);
+	}
+}
+
+
+const string SMTPResponse::readResponseLine() {
+
+	string currentBuffer = m_responseBuffer;
+
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	while (true) {
+
+		// Get a line from the response buffer
+		const size_t lineEnd = currentBuffer.find_first_of('\n');
+
+		if (lineEnd != string::npos) {
+
+			size_t actualLineEnd = lineEnd;
+
+			if (actualLineEnd != 0 && currentBuffer[actualLineEnd - 1] == '\r') {  // CRLF case
+				actualLineEnd--;
+			}
+
+			const string line(currentBuffer.begin(), currentBuffer.begin() + actualLineEnd);
+
+			currentBuffer.erase(currentBuffer.begin(), currentBuffer.begin() + lineEnd + 1);
+			m_responseBuffer = currentBuffer;
+
+			if (m_tracer) {
+				m_tracer->traceReceive(line);
+			}
+
+			return line;
+		}
+
+		// Check whether the time-out delay is elapsed
+		if (m_timeoutHandler && m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+				throw exceptions::operation_timed_out();
+			}
+
+			m_timeoutHandler->resetTimeOut();
+		}
+
+		// Receive data from the socket
+		string receiveBuffer;
+		m_socket->receive(receiveBuffer);
+
+		if (receiveBuffer.empty()) {   // buffer is empty
+			m_socket->waitForRead();
+			continue;
+		}
+
+		currentBuffer += receiveBuffer;
+	}
+}
+
+
+const SMTPResponse::responseLine SMTPResponse::getNextResponse() {
+
+	string line = readResponseLine();
+
+	const int code = extractResponseCode(line);
+	string text;
+
+	m_responseContinues = (line.length() >= 4 && line[3] == '-');
+
+	if (line.length() > 4) {
+		text = utility::stringUtils::trim(line.substr(4));
+	} else {
+		text = "";
+	}
+
+	return responseLine(code, text, extractEnhancedCode(text));
+}
+
+
+// static
+int SMTPResponse::extractResponseCode(const string& response) {
+
+	int code = 0;
+
+	if (response.length() >= 3) {
+
+		code = (response[0] - '0') * 100
+		     + (response[1] - '0') * 10
+		     + (response[2] - '0');
+	}
+
+	return code;
+}
+
+
+// static
+const SMTPResponse::enhancedStatusCode SMTPResponse::extractEnhancedCode(const string& responseText) {
+
+	enhancedStatusCode enhCode;
+
+	std::istringstream iss(responseText);
+	iss.imbue(std::locale::classic());
+
+	if (std::isdigit(iss.peek())) {
+
+		iss >> enhCode.klass;
+
+		if (iss.get() == '.' && std::isdigit(iss.peek())) {
+
+			iss >> enhCode.subject;
+
+			if (iss.get() == '.' && std::isdigit(iss.peek())) {
+
+				iss >> enhCode.detail;
+				return enhCode;
+			}
+		}
+	}
+
+	return enhancedStatusCode();   // no enhanced code found
+}
+
+
+const SMTPResponse::responseLine SMTPResponse::getLineAt(const size_t pos) const {
+
+	return m_lines[pos];
+}
+
+
+size_t SMTPResponse::getLineCount() const {
+
+	return m_lines.size();
+}
+
+
+const SMTPResponse::responseLine SMTPResponse::getLastLine() const {
+
+	return m_lines[m_lines.size() - 1];
+}
+
+
+const SMTPResponse::state SMTPResponse::getCurrentState() const {
+
+	state st;
+	st.responseBuffer = m_responseBuffer;
+
+	return st;
+}
+
+
+
+// SMTPResponse::responseLine
+
+SMTPResponse::responseLine::responseLine(
+	const int code,
+	const string& text,
+	const enhancedStatusCode& enhCode
+)
+	: m_code(code),
+	  m_text(text),
+	  m_enhCode(enhCode) {
+
+}
+
+
+void SMTPResponse::responseLine::setCode(const int code) {
+
+	m_code = code;
+}
+
+
+int SMTPResponse::responseLine::getCode() const {
+
+	return m_code;
+}
+
+
+void SMTPResponse::responseLine::setEnhancedCode(const enhancedStatusCode& enhCode) {
+
+	m_enhCode = enhCode;
+}
+
+
+const SMTPResponse::enhancedStatusCode SMTPResponse::responseLine::getEnhancedCode() const {
+
+	return m_enhCode;
+}
+
+
+void SMTPResponse::responseLine::setText(const string& text) {
+
+	m_text = text;
+}
+
+
+const string SMTPResponse::responseLine::getText() const {
+
+	return m_text;
+}
+
+
+
+// SMTPResponse::enhancedStatusCode
+
+
+SMTPResponse::enhancedStatusCode::enhancedStatusCode()
+	: klass(0),
+	  subject(0),
+	  detail(0) {
+
+}
+
+
+SMTPResponse::enhancedStatusCode::enhancedStatusCode(const enhancedStatusCode& enhCode)
+	: klass(enhCode.klass),
+	  subject(enhCode.subject),
+	  detail(enhCode.detail) {
+
+}
+
+
+std::ostream& operator<<(std::ostream& os, const SMTPResponse::enhancedStatusCode& code) {
+
+	os << code.klass << '.' << code.subject << '.' << code.detail;
+	return os;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPResponse.hpp b/vmime-master/src/vmime/net/smtp/SMTPResponse.hpp
new file mode 100644
index 0000000..2eec7f4
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPResponse.hpp
@@ -0,0 +1,200 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPRESPONSE_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPRESPONSE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/object.hpp"
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class socket;
+class timeoutHandler;
+class tracer;
+
+
+namespace smtp {
+
+
+/** A SMTP response, as sent by the server.
+  */
+class VMIME_EXPORT SMTPResponse : public object {
+
+public:
+
+	/** Current state of response parser. */
+	struct state {
+
+		string responseBuffer;
+	};
+
+	/** Enhanced status code (as per RFC-3463). */
+	struct enhancedStatusCode {
+
+		enhancedStatusCode();
+		enhancedStatusCode(const enhancedStatusCode& enhCode);
+
+		unsigned short klass;     /**< Success/failure. */
+		unsigned short subject;   /**< Source of anomaly. */
+		unsigned short detail;    /**< Precise error condition. */
+	};
+
+	/** An element of a SMTP response. */
+	class responseLine {
+
+	public:
+
+		responseLine(const int code, const string& text, const enhancedStatusCode& enhCode);
+
+		void setCode(const int code);
+		int getCode() const;
+
+		void setEnhancedCode(const enhancedStatusCode& enhCode);
+		const enhancedStatusCode getEnhancedCode() const;
+
+		void setText(const string& text);
+		const string getText() const;
+
+	private:
+
+		int m_code;
+		string m_text;
+		enhancedStatusCode m_enhCode;
+	};
+
+	/** Receive and parse a new SMTP response from the
+	  * specified socket.
+	  *
+	  * @param tr tracer
+	  * @param sok socket from which to read
+	  * @param toh time-out handler
+	  * @param st previous state of response parser for the specified socket
+	  * @return SMTP response
+	  * @throws exceptions::operation_timed_out if no data
+	  * has been received within the granted time
+	  */
+	static shared_ptr <SMTPResponse> readResponse(
+		const shared_ptr <tracer>& tr,
+		const shared_ptr <socket>& sok,
+		const shared_ptr <timeoutHandler>& toh,
+		const state& st
+	);
+
+	/** Return the SMTP response code.
+	  *
+	  * @return response code
+	  */
+	int getCode() const;
+
+	/** Return the SMTP enhanced status code, if available.
+	  *
+	  * @return enhanced status code
+	  */
+	const enhancedStatusCode getEnhancedCode() const;
+
+	/** Return the SMTP response text.
+	  * The text of each line is concatenated.
+	  *
+	  * @return response text
+	  */
+	const string getText() const;
+
+	/** Return the response line at the specified position.
+	  *
+	  * @param pos line index
+	  * @return line at the specified index
+	  */
+	const responseLine getLineAt(const size_t pos) const;
+
+	/** Return the number of lines in the response.
+	  *
+	  * @return number of lines in the response
+	  */
+	size_t getLineCount() const;
+
+	/** Return the last line in the response.
+	  *
+	  * @return last response line
+	  */
+	const responseLine getLastLine() const;
+
+	/** Returns the current state of the response parser.
+	  *
+	  * @return current parser state
+	  */
+	const state getCurrentState() const;
+
+private:
+
+	SMTPResponse(
+		const shared_ptr <tracer>& tr,
+		const shared_ptr <socket>& sok,
+		const shared_ptr <timeoutHandler>& toh,
+		const state& st
+	);
+
+	SMTPResponse(const SMTPResponse&);
+
+	void readResponse();
+
+	const string readResponseLine();
+	const responseLine getNextResponse();
+
+	static int extractResponseCode(const string& response);
+	static const enhancedStatusCode extractEnhancedCode(const string& responseText);
+
+
+	std::vector <responseLine> m_lines;
+
+	shared_ptr <socket> m_socket;
+	shared_ptr <timeoutHandler> m_timeoutHandler;
+	shared_ptr <tracer> m_tracer;
+
+	string m_responseBuffer;
+	bool m_responseContinues;
+};
+
+
+VMIME_EXPORT std::ostream& operator<<(std::ostream& os, const SMTPResponse::enhancedStatusCode& code);
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPRESPONSE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPSTransport.cpp b/vmime-master/src/vmime/net/smtp/SMTPSTransport.cpp
new file mode 100644
index 0000000..5158aa9
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPSTransport.cpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPSTransport.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPSTransport::SMTPSTransport(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth
+)
+	: SMTPTransport(sess, auth, true) {
+
+}
+
+
+SMTPSTransport::~SMTPSTransport() {
+
+}
+
+
+const string SMTPSTransport::getProtocolName() const {
+
+	return "smtps";
+}
+
+
+
+// Service infos
+
+SMTPServiceInfos SMTPSTransport::sm_infos(true);
+
+
+const serviceInfos& SMTPSTransport::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& SMTPSTransport::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPSTransport.hpp b/vmime-master/src/vmime/net/smtp/SMTPSTransport.hpp
new file mode 100644
index 0000000..f19b3c5
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPSTransport.hpp
@@ -0,0 +1,74 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPSSTORE_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPSSTORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPTransport.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+/** SMTPS transport service.
+  */
+class VMIME_EXPORT SMTPSTransport : public SMTPTransport {
+
+public:
+
+	SMTPSTransport(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+	~SMTPSTransport();
+
+	const string getProtocolName() const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+private:
+
+	static SMTPServiceInfos sm_infos;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPSSTORE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.cpp b/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.cpp
new file mode 100644
index 0000000..a2ee3d5
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.cpp
@@ -0,0 +1,144 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPServiceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPServiceInfos::SMTPServiceInfos(const bool smtps)
+	: m_smtps(smtps) {
+
+}
+
+
+const string SMTPServiceInfos::getPropertyPrefix() const {
+
+	if (m_smtps) {
+		return "transport.smtps.";
+	} else {
+		return "transport.smtp.";
+	}
+}
+
+
+const SMTPServiceInfos::props& SMTPServiceInfos::getProperties() const {
+
+	static props smtpProps = {
+		// SMTP-specific options
+		property("options.need-authentication", serviceInfos::property::TYPE_BOOLEAN, "false"),
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "false"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		property("options.pipelining", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.chunking", serviceInfos::property::TYPE_BOOLEAN, "true"),
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "25"),
+	};
+
+	static props smtpsProps = {
+		// SMTP-specific options
+		property("options.need-authentication", serviceInfos::property::TYPE_BOOLEAN, "false"),
+#if VMIME_HAVE_SASL_SUPPORT
+		property("options.sasl", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.sasl.fallback", serviceInfos::property::TYPE_BOOLEAN, "false"),
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		property("options.pipelining", serviceInfos::property::TYPE_BOOLEAN, "true"),
+		property("options.chunking", serviceInfos::property::TYPE_BOOLEAN, "true"),
+
+		// Common properties
+		property(serviceInfos::property::AUTH_USERNAME, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::AUTH_PASSWORD, serviceInfos::property::FLAG_REQUIRED),
+
+#if VMIME_HAVE_TLS_SUPPORT
+		property(serviceInfos::property::CONNECTION_TLS),
+		property(serviceInfos::property::CONNECTION_TLS_REQUIRED),
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		property(serviceInfos::property::SERVER_ADDRESS, serviceInfos::property::FLAG_REQUIRED),
+		property(serviceInfos::property::SERVER_PORT, "465"),
+	};
+
+	return m_smtps ? smtpsProps : smtpProps;
+}
+
+
+const std::vector <serviceInfos::property> SMTPServiceInfos::getAvailableProperties() const {
+
+	std::vector <property> list;
+	const props& p = getProperties();
+
+	// SMTP-specific options
+	list.push_back(p.PROPERTY_OPTIONS_NEEDAUTH);
+#if VMIME_HAVE_SASL_SUPPORT
+	list.push_back(p.PROPERTY_OPTIONS_SASL);
+	list.push_back(p.PROPERTY_OPTIONS_SASL_FALLBACK);
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+	// Common properties
+	list.push_back(p.PROPERTY_AUTH_USERNAME);
+	list.push_back(p.PROPERTY_AUTH_PASSWORD);
+
+#if VMIME_HAVE_TLS_SUPPORT
+	if (!m_smtps) {
+		list.push_back(p.PROPERTY_CONNECTION_TLS);
+		list.push_back(p.PROPERTY_CONNECTION_TLS_REQUIRED);
+	}
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+	list.push_back(p.PROPERTY_SERVER_ADDRESS);
+	list.push_back(p.PROPERTY_SERVER_PORT);
+
+	return list;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.hpp b/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.hpp
new file mode 100644
index 0000000..005a0a2
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPServiceInfos.hpp
@@ -0,0 +1,93 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPSERVICEINFOS_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPSERVICEINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/serviceInfos.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+/** Information about SMTP service.
+  */
+class VMIME_EXPORT SMTPServiceInfos : public serviceInfos {
+
+public:
+
+	SMTPServiceInfos(const bool smtps);
+
+	struct props {
+		// SMTP-specific options
+		serviceInfos::property PROPERTY_OPTIONS_NEEDAUTH;
+#if VMIME_HAVE_SASL_SUPPORT
+		serviceInfos::property PROPERTY_OPTIONS_SASL;
+		serviceInfos::property PROPERTY_OPTIONS_SASL_FALLBACK;
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+		serviceInfos::property PROPERTY_OPTIONS_PIPELINING;
+		serviceInfos::property PROPERTY_OPTIONS_CHUNKING;
+
+		// Common properties
+		serviceInfos::property PROPERTY_AUTH_USERNAME;
+		serviceInfos::property PROPERTY_AUTH_PASSWORD;
+
+#if VMIME_HAVE_TLS_SUPPORT
+		serviceInfos::property PROPERTY_CONNECTION_TLS;
+		serviceInfos::property PROPERTY_CONNECTION_TLS_REQUIRED;
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+		serviceInfos::property PROPERTY_SERVER_ADDRESS;
+		serviceInfos::property PROPERTY_SERVER_PORT;
+	};
+
+	const props& getProperties() const;
+
+	const string getPropertyPrefix() const;
+	const std::vector <serviceInfos::property> getAvailableProperties() const;
+
+private:
+
+	const bool m_smtps;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPSERVICEINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPTransport.cpp b/vmime-master/src/vmime/net/smtp/SMTPTransport.cpp
new file mode 100644
index 0000000..561bd59
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPTransport.cpp
@@ -0,0 +1,502 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/smtp/SMTPTransport.hpp"
+#include "vmime/net/smtp/SMTPResponse.hpp"
+#include "vmime/net/smtp/SMTPCommand.hpp"
+#include "vmime/net/smtp/SMTPCommandSet.hpp"
+#include "vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp"
+#include "vmime/net/smtp/SMTPExceptions.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/mailboxList.hpp"
+#include "vmime/message.hpp"
+
+#include "vmime/utility/filteredStream.hpp"
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/utility/outputStreamSocketAdapter.hpp"
+#include "vmime/utility/streamUtils.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+SMTPTransport::SMTPTransport(
+	const shared_ptr <session>& sess,
+	const shared_ptr <security::authenticator>& auth,
+	const bool secured
+)
+	: transport(sess, getInfosInstance(), auth),
+	  m_isSMTPS(secured),
+	  m_needReset(false) {
+
+}
+
+
+SMTPTransport::~SMTPTransport() {
+
+	try {
+
+		if (isConnected()) {
+			disconnect();
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+const string SMTPTransport::getProtocolName() const {
+
+	return "smtp";
+}
+
+
+bool SMTPTransport::isSMTPS() const {
+
+	return m_isSMTPS;
+}
+
+
+void SMTPTransport::connect() {
+
+	if (isConnected()) {
+		throw exceptions::already_connected();
+	}
+
+	m_connection = make_shared <SMTPConnection>(
+		dynamicCast <SMTPTransport>(shared_from_this()), getAuthenticator()
+	);
+
+	m_connection->connect();
+}
+
+
+bool SMTPTransport::isConnected() const {
+
+	return m_connection && m_connection->isConnected();
+}
+
+
+bool SMTPTransport::isSecuredConnection() const {
+
+	if (!m_connection) {
+		return false;
+	}
+
+	return m_connection->isSecuredConnection();
+}
+
+
+shared_ptr <connectionInfos> SMTPTransport::getConnectionInfos() const {
+
+	if (!m_connection) {
+		return null;
+	}
+
+	return m_connection->getConnectionInfos();
+}
+
+
+shared_ptr <SMTPConnection> SMTPTransport::getConnection() {
+
+	return m_connection;
+}
+
+
+void SMTPTransport::disconnect() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	m_connection->disconnect();
+	m_connection = null;
+}
+
+
+void SMTPTransport::noop() {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	m_connection->sendRequest(SMTPCommand::NOOP());
+
+	shared_ptr <SMTPResponse> resp = m_connection->readResponse();
+
+	if (resp->getCode() != 250) {
+		throw SMTPCommandError("NOOP", resp->getText(), resp->getCode(), resp->getEnhancedCode());
+	}
+}
+
+
+// static
+bool SMTPTransport::mailboxNeedsUTF8(const mailbox& mb) {
+
+	bool all7bit =
+		   utility::stringUtils::is7bit(mb.getEmail().getLocalName().getBuffer())
+		&& utility::stringUtils::is7bit(mb.getEmail().getDomainName().getBuffer());
+
+	for (size_t i = 0, n = mb.getName().getWordCount() ; all7bit && i != n ; ++i) {
+		all7bit = utility::stringUtils::is7bit(mb.getName().getWordAt(i)->getBuffer());
+	}
+
+	return !all7bit;
+}
+
+
+void SMTPTransport::sendEnvelope(
+	const mailbox& expeditor,
+	const mailboxList& recipients,
+	const mailbox& sender,
+	bool sendDATACommand,
+	const size_t size,
+	const dsnAttributes& dsnAttrs
+) {
+
+	// If no recipient/expeditor was found, throw an exception
+	if (recipients.isEmpty()) {
+		throw exceptions::no_recipient();
+	} else if (expeditor.isEmpty()) {
+		throw exceptions::no_expeditor();
+	}
+
+	// If DSN extension is used, ensure it is supported by the server
+	if (!dsnAttrs.isEmpty() && !m_connection->hasExtension("DSN")) {
+		throw SMTPDSNExtensionNotSupportedException();
+	}
+
+
+	const bool needReset = m_needReset;
+	const bool hasPipelining = m_connection->hasExtension("PIPELINING") &&
+		getInfos().getPropertyValue <bool>(getSession(),
+			dynamic_cast <const SMTPServiceInfos&>(getInfos()).getProperties().PROPERTY_OPTIONS_PIPELINING);
+
+	shared_ptr <SMTPResponse> resp;
+	shared_ptr <SMTPCommandSet> commands = SMTPCommandSet::create(hasPipelining);
+
+	// Emit a "RSET" command if we previously sent a message on this connection
+	if (needReset) {
+		commands->addCommand(SMTPCommand::RSET());
+	}
+
+	// Check whether we need SMTPUTF8
+	const bool hasSMTPUTF8 = m_connection->hasExtension("SMTPUTF8");
+	bool needSMTPUTF8 = false;
+
+	if (!sender.isEmpty()) {
+		needSMTPUTF8 = needSMTPUTF8 || mailboxNeedsUTF8(sender);
+	} else {
+		needSMTPUTF8 = needSMTPUTF8 || mailboxNeedsUTF8(expeditor);
+	}
+
+	for (size_t i = 0 ; i < recipients.getMailboxCount() ; ++i) {
+
+		const mailbox& mbox = *recipients.getMailboxAt(i);
+		needSMTPUTF8 = needSMTPUTF8 || mailboxNeedsUTF8(mbox);
+	}
+
+	// Emit the "MAIL" command
+	const bool hasSize = m_connection->hasExtension("SIZE");
+
+	if (!sender.isEmpty()) {
+
+		commands->addCommand(
+			SMTPCommand::MAIL(
+				sender, hasSMTPUTF8 && needSMTPUTF8, hasSize ? size : 0,
+				dsnAttrs.getNotificationConditions(),
+				dsnAttrs.getEnvelopId()
+			)
+		);
+
+	} else {
+
+		commands->addCommand(
+			SMTPCommand::MAIL(
+				expeditor, hasSMTPUTF8 && needSMTPUTF8, hasSize ? size : 0,
+				dsnAttrs.getNotificationConditions(),
+				dsnAttrs.getEnvelopId()
+			)
+		);
+	}
+
+	// Now, we will need to reset next time
+	m_needReset = true;
+
+	// Emit a "RCPT TO" command for each recipient
+	for (size_t i = 0 ; i < recipients.getMailboxCount() ; ++i) {
+
+		const mailbox& mbox = *recipients.getMailboxAt(i);
+		commands->addCommand(SMTPCommand::RCPT(mbox, hasSMTPUTF8 && needSMTPUTF8,
+											   dsnAttrs.getNotificationConditions()));
+	}
+
+	// Prepare sending of message data
+	if (sendDATACommand) {
+		commands->addCommand(SMTPCommand::DATA());
+	}
+
+	// Read response for "RSET" command
+	if (needReset) {
+
+		commands->writeToSocket(m_connection->getSocket(), m_connection->getTracer());
+
+		resp = m_connection->readResponse();
+
+		if (resp->getCode() != 250 &&
+		    resp->getCode() != 200) {   // RFC-876: << In reply to a RSET and/or a NOOP command,
+		                                //             some servers reply "200" >>
+
+			disconnect();
+
+			throw SMTPCommandError(
+				commands->getLastCommandSent()->getText(), resp->getText(),
+				resp->getCode(), resp->getEnhancedCode()
+			);
+		}
+	}
+
+	// Read response for "MAIL" command
+	commands->writeToSocket(m_connection->getSocket(), m_connection->getTracer());
+
+	if ((resp = m_connection->readResponse())->getCode() != 250) {
+
+		// SIZE extension: insufficient system storage
+		if (resp->getCode() == 452) {
+
+			throw SMTPMessageSizeExceedsCurLimitsException(
+				SMTPCommandError(
+					commands->getLastCommandSent()->getText(), resp->getText(),
+					resp->getCode(), resp->getEnhancedCode()
+				)
+			);
+
+		// SIZE extension: message size exceeds fixed maximum message size
+		} else if (resp->getCode() == 552) {
+
+			throw SMTPMessageSizeExceedsMaxLimitsException(
+				SMTPCommandError(
+					commands->getLastCommandSent()->getText(), resp->getText(),
+				 	resp->getCode(), resp->getEnhancedCode()
+				 )
+			);
+
+		// Other error
+		} else {
+
+			throw SMTPCommandError(
+				commands->getLastCommandSent()->getText(), resp->getText(),
+				resp->getCode(), resp->getEnhancedCode()
+			);
+		}
+	}
+
+	// Read responses for "RCPT TO" commands
+	for (size_t i = 0 ; i < recipients.getMailboxCount() ; ++i) {
+
+		commands->writeToSocket(m_connection->getSocket(), m_connection->getTracer());
+
+		resp = m_connection->readResponse();
+
+		if (resp->getCode() != 250 &&
+		    resp->getCode() != 251) {
+
+			// SIZE extension: insufficient system storage
+			if (resp->getCode() == 452) {
+
+				throw SMTPMessageSizeExceedsCurLimitsException(
+					SMTPCommandError(
+						commands->getLastCommandSent()->getText(), resp->getText(),
+						resp->getCode(), resp->getEnhancedCode()
+					)
+				);
+
+			// SIZE extension: message size exceeds fixed maximum message size
+			} else if (resp->getCode() == 552) {
+
+				throw SMTPMessageSizeExceedsMaxLimitsException(
+					SMTPCommandError(
+						commands->getLastCommandSent()->getText(), resp->getText(),
+						resp->getCode(), resp->getEnhancedCode()
+					)
+				);
+
+			// Other error
+			} else {
+
+				throw SMTPCommandError(
+					commands->getLastCommandSent()->getText(), resp->getText(),
+					resp->getCode(), resp->getEnhancedCode()
+				);
+			}
+		}
+	}
+
+	// Read response for "DATA" command
+	if (sendDATACommand) {
+
+		commands->writeToSocket(m_connection->getSocket(), m_connection->getTracer());
+
+		if ((resp = m_connection->readResponse())->getCode() != 354) {
+
+			throw SMTPCommandError(
+				commands->getLastCommandSent()->getText(), resp->getText(),
+				resp->getCode(), resp->getEnhancedCode()
+			);
+		}
+	}
+}
+
+
+void SMTPTransport::send(
+	const mailbox& expeditor,
+	const mailboxList& recipients,
+	utility::inputStream& is,
+	const size_t size,
+	utility::progressListener* progress,
+	const mailbox& sender,
+	const dsnAttributes& dsnAttrs
+) {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	// Send message envelope
+	sendEnvelope(expeditor, recipients, sender, /* sendDATACommand */ true, size,
+				 dsnAttrs);
+
+	// Send the message data
+	// Stream copy with "\n." to "\n.." transformation
+	utility::outputStreamSocketAdapter sos(*m_connection->getSocket());
+	utility::dotFilteredOutputStream fos(sos);
+
+	utility::bufferedStreamCopy(is, fos, size, progress);
+
+	fos.flush();
+
+	// Send end-of-data delimiter
+	m_connection->getSocket()->send("\r\n.\r\n");
+
+	if (m_connection->getTracer()) {
+		m_connection->getTracer()->traceSendBytes(size);
+		m_connection->getTracer()->traceSend(".");
+	}
+
+	shared_ptr <SMTPResponse> resp;
+
+	if ((resp = m_connection->readResponse())->getCode() != 250) {
+		throw SMTPCommandError("DATA", resp->getText(), resp->getCode(), resp->getEnhancedCode());
+	}
+}
+
+
+void SMTPTransport::send(
+	const shared_ptr <vmime::message>& msg,
+	const mailbox& expeditor,
+	const mailboxList& recipients,
+	utility::progressListener* progress,
+	const mailbox& sender,
+	const dsnAttributes& dsnAttrs
+) {
+
+	if (!isConnected()) {
+		throw exceptions::not_connected();
+	}
+
+	// Generate the message with Internationalized Email support,
+	// if this is supported by the SMTP server
+	generationContext ctx(generationContext::getDefaultContext());
+	ctx.setInternationalizedEmailSupport(m_connection->hasExtension("SMTPUTF8"));
+
+	// If CHUNKING is not supported, generate the message to a temporary
+	// buffer then use the send() method which takes an inputStream
+	if (!m_connection->hasExtension("CHUNKING") ||
+	    !getInfos().getPropertyValue <bool>(getSession(),
+			dynamic_cast <const SMTPServiceInfos&>(getInfos()).getProperties().PROPERTY_OPTIONS_CHUNKING)) {
+
+		std::ostringstream oss;
+		utility::outputStreamAdapter ossAdapter(oss);
+
+		msg->generate(ctx, ossAdapter);
+
+		const string& str(oss.str());
+
+		utility::inputStreamStringAdapter isAdapter(str);
+
+		send(expeditor, recipients, isAdapter, str.length(), progress, sender, dsnAttrs);
+		return;
+	}
+
+	// Send message envelope
+	const size_t msgSize = msg->getGeneratedSize(ctx);
+
+	sendEnvelope(expeditor, recipients, sender, /* sendDATACommand */ false, msgSize, dsnAttrs);
+
+	// Send the message by chunks
+	SMTPChunkingOutputStreamAdapter chunkStream(m_connection, msgSize, progress);
+
+	msg->generate(ctx, chunkStream);
+
+	chunkStream.flush();
+}
+
+
+
+// Service infos
+
+SMTPServiceInfos SMTPTransport::sm_infos(false);
+
+
+const serviceInfos& SMTPTransport::getInfosInstance() {
+
+	return sm_infos;
+}
+
+
+const serviceInfos& SMTPTransport::getInfos() const {
+
+	return sm_infos;
+}
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
diff --git a/vmime-master/src/vmime/net/smtp/SMTPTransport.hpp b/vmime-master/src/vmime/net/smtp/SMTPTransport.hpp
new file mode 100644
index 0000000..cd7c712
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/SMTPTransport.hpp
@@ -0,0 +1,144 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTPTRANSPORT_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTPTRANSPORT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+
+#include "vmime/net/transport.hpp"
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+#include "vmime/net/smtp/SMTPServiceInfos.hpp"
+#include "vmime/net/smtp/SMTPConnection.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace smtp {
+
+
+class SMTPCommand;
+
+
+/** SMTP transport service.
+  */
+class VMIME_EXPORT SMTPTransport : public transport {
+
+public:
+
+	SMTPTransport(
+		const shared_ptr <session>& sess,
+		const shared_ptr <security::authenticator>& auth,
+		const bool secured = false
+	);
+
+	~SMTPTransport();
+
+	const string getProtocolName() const;
+
+	static const serviceInfos& getInfosInstance();
+	const serviceInfos& getInfos() const;
+
+	void connect();
+	bool isConnected() const;
+	void disconnect();
+
+	void noop();
+
+	void send(
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		utility::inputStream& is,
+		const size_t size,
+		utility::progressListener* progress = NULL,
+		const mailbox& sender = mailbox(),
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+	void send(
+		const shared_ptr <vmime::message>& msg,
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		utility::progressListener* progress = NULL,
+		const mailbox& sender = mailbox(),
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+	bool isSecuredConnection() const;
+	shared_ptr <connectionInfos> getConnectionInfos() const;
+	shared_ptr <SMTPConnection> getConnection();
+
+	bool isSMTPS() const;
+
+private:
+
+	static bool mailboxNeedsUTF8(const mailbox& mb);
+
+	/** Send the MAIL and RCPT commands to the server, checking the
+	  * response, and using pipelining if supported by the server.
+	  * Optionally, the DATA command can also be sent.
+	  *
+	  * @param expeditor expeditor mailbox
+	  * @param recipients list of recipient mailboxes
+	  * @param sender envelope sender (if empty, expeditor will be used)
+	  * @param sendDATACommand if true, the DATA command will be sent
+	  * @param size message size, in bytes (or 0, if not known)
+	  * @param dsnAttributes attributes for Delivery Status Notification (if needed)
+	  */
+	void sendEnvelope(
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		const mailbox& sender,
+		bool sendDATACommand,
+		const size_t size,
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+
+	shared_ptr <SMTPConnection> m_connection;
+
+
+	const bool m_isSMTPS;
+
+	bool m_needReset;
+
+	// Service infos
+	static SMTPServiceInfos sm_infos;
+};
+
+
+} // smtp
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_MESSAGING_PROTO_SMTP
+
+#endif // VMIME_NET_SMTP_SMTPTRANSPORT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/smtp/smtp.hpp b/vmime-master/src/vmime/net/smtp/smtp.hpp
new file mode 100644
index 0000000..4c0b17d
--- /dev/null
+++ b/vmime-master/src/vmime/net/smtp/smtp.hpp
@@ -0,0 +1,33 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SMTP_SMTP_HPP_INCLUDED
+#define VMIME_NET_SMTP_SMTP_HPP_INCLUDED
+
+
+#include "vmime/net/smtp/SMTPTransport.hpp"
+#include "vmime/net/smtp/SMTPSTransport.hpp"
+#include "vmime/net/smtp/SMTPExceptions.hpp"
+
+
+#endif // VMIME_NET_SMTP_SMTP_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/socket.hpp b/vmime-master/src/vmime/net/socket.hpp
new file mode 100644
index 0000000..a236a9f
--- /dev/null
+++ b/vmime-master/src/vmime/net/socket.hpp
@@ -0,0 +1,223 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_SOCKET_HPP_INCLUDED
+#define VMIME_NET_SOCKET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/base.hpp"
+
+#include "vmime/net/timeoutHandler.hpp"
+#include "vmime/net/tracer.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** Interface for connecting to servers.
+  */
+class VMIME_EXPORT socket : public object {
+
+public:
+
+	enum Status {
+		STATUS_WOULDBLOCK = 0xf,    /**< The operation would block. Retry later. */
+		STATUS_WANT_READ = 0x1,     /**< The socket wants to read data, retry when data is available. */
+		STATUS_WANT_WRITE = 0x2     /**< The socket wants to write data, retry when data can be written. */
+	};
+
+
+	virtual ~socket() { }
+
+
+	/** Connect to the specified address and port.
+	  *
+	  * @param address server address (this can be a full qualified domain name
+	  * or an IP address, doesn't matter)
+	  * @param port server port
+	  */
+	virtual void connect(const string& address, const port_t port) = 0;
+
+	/** Disconnect from the server.
+	  */
+	virtual void disconnect() = 0;
+
+	/** Test whether this socket is connected.
+	  *
+	  * @return true if the socket is connected, false otherwise
+	  */
+	virtual bool isConnected() const = 0;
+
+	/** Block until new data is available for reading. The function will
+	  * timeout after msecs milliseconds.
+	  *
+	  * @param timeout maximum wait time, in milliseconds (default is 30000);
+	  * resolution is 10ms
+	  * @return true if data is available, or false if the operation timed out
+	  */
+	virtual bool waitForRead(const int msecs = 30000) = 0;
+
+	/** Block until pending data has been written and new data can be written.
+	  * The function will timeout after msecs milliseconds.
+	  *
+	  * @param timeout maximum wait time, in milliseconds (default is 30000);
+	  * resolution is 10ms
+	  * @return true if new data can be written immediately, or false if the
+	  * operation timed out
+	  */
+	virtual bool waitForWrite(const int msecs = 30000) = 0;
+
+	/** Receive text data from the socket.
+	  *
+	  * @param buffer buffer in which to write received data
+	  */
+	virtual void receive(string& buffer) = 0;
+
+	/** Receive raw data from the socket.
+	  *
+	  * @param buffer buffer in which to write received data
+	  * @param count maximum number of bytes to receive (size of buffer)
+	  * @return number of bytes received/written into output buffer
+	  */
+	virtual size_t receiveRaw(byte_t* buffer, const size_t count) = 0;
+
+	/** Send text data to the socket.
+	  *
+	  * @param buffer data to send
+	  */
+	virtual void send(const string& buffer) = 0;
+
+	/** Send text data to the socket.
+	  *
+	  * @param str null-terminated string
+	  */
+	virtual void send(const char* str) = 0;
+
+	/** Send raw data to the socket.
+	  *
+	  * @param buffer data to send
+	  * @param count number of bytes to send (size of buffer)
+	  */
+	virtual void sendRaw(const byte_t* buffer, const size_t count) = 0;
+
+	/** Send raw data to the socket.
+	  * Function may returns before all data is sent.
+	  *
+	  * @param buffer data to send
+	  * @param count number of bytes to send (size of buffer)
+	  * @return number of bytes sent
+	  */
+	virtual size_t sendRawNonBlocking(const byte_t* buffer, const size_t count) = 0;
+
+	/** Return the preferred maximum block size when reading
+	  * from or writing to this stream.
+	  *
+	  * @return block size, in bytes
+	  */
+	virtual size_t getBlockSize() const = 0;
+
+	/** Return the current status of this socket.
+	  *
+	  * @return status flags for this socket
+	  */
+	virtual unsigned int getStatus() const = 0;
+
+	/** Return the hostname of peer this socket is connected to.
+	  *
+	  * @return name of the peer, or numeric address if it cannot be found
+	  */
+	virtual const string getPeerName() const = 0;
+
+	/** Return the address of peer this socket is connected to.
+	  *
+	  * @return numeric address of the peer
+	  */
+	virtual const string getPeerAddress() const = 0;
+
+	/** Return the timeout handler associated with this socket.
+	  *
+	  * @return timeout handler, or NULL if none is set
+	  */
+	virtual shared_ptr <timeoutHandler> getTimeoutHandler() = 0;
+
+	/** Set the tracer used by this socket. Tracer will only be used
+	  * to report socket-specific events such as connection (not when
+	  * sending/receiving data).
+	  *
+	  * @param tracer tracer to use
+	  */
+	virtual void setTracer(const shared_ptr <tracer>& tracer) = 0;
+
+	/** Return the tracer used by this socket.
+	  *
+	  * @return tracer, or NULL if none is set
+	  */
+	virtual shared_ptr <tracer> getTracer() = 0;
+
+protected:
+
+	socket() { }
+
+private:
+
+	socket(const socket&) : object() { }
+};
+
+
+/** A class to create 'socket' objects.
+  */
+class socketFactory : public object {
+
+public:
+
+	virtual ~socketFactory() { }
+
+	/** Creates a socket without timeout handler.
+	  *
+	  * @return a new socket
+	  */
+	virtual shared_ptr <socket> create() = 0;
+
+	/** Creates a socket with the specified timeout handler.
+	  *
+	  * @param th timeout handler
+	  * @return a new socket
+	  */
+	virtual shared_ptr <socket> create(const shared_ptr <timeoutHandler>& th) = 0;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_SOCKET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/store.cpp b/vmime-master/src/vmime/net/store.cpp
new file mode 100644
index 0000000..3c9a66d
--- /dev/null
+++ b/vmime-master/src/vmime/net/store.cpp
@@ -0,0 +1,57 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/store.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+store::store(
+	const shared_ptr <session>& sess,
+	const serviceInfos& infos,
+	const shared_ptr <security::authenticator>& auth
+)
+	: service(sess, infos, auth) {
+
+}
+
+
+store::Type store::getType() const {
+
+	return TYPE_STORE;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/store.hpp b/vmime-master/src/vmime/net/store.hpp
new file mode 100644
index 0000000..a96f267
--- /dev/null
+++ b/vmime-master/src/vmime/net/store.hpp
@@ -0,0 +1,115 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_STORE_HPP_INCLUDED
+#define VMIME_NET_STORE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/service.hpp"
+#include "vmime/net/folder.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** A store service.
+  * Encapsulate protocols that provide access to user's mail drop.
+  */
+class VMIME_EXPORT store : public service {
+
+protected:
+
+	store(
+		const shared_ptr <session>& sess,
+		const serviceInfos& infos,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+public:
+
+	/** Return the default folder. This is protocol dependent
+	  * and usually is the INBOX folder.
+	  *
+	  * @return default folder
+	  */
+	virtual shared_ptr <folder> getDefaultFolder() = 0;
+
+	/** Return the root folder. This is protocol dependent
+	  * and usually is the user's mail drop root folder.
+	  *
+	  * @return root folder
+	  */
+	virtual shared_ptr <folder> getRootFolder() = 0;
+
+	/** Return the folder specified by the path.
+	  *
+	  * @param path absolute folder path
+	  * @return folder at the specified path
+	  */
+	virtual shared_ptr <folder> getFolder(const folder::path& path) = 0;
+
+	/** Test whether the specified folder name is a syntactically
+	  * a valid name.
+	  *
+	  * @return true if the specified folder name is valid, false otherwise
+	  */
+	virtual bool isValidFolderName(const folder::path::component& name) const = 0;
+
+	/** Store capabilities. */
+	enum Capabilities {
+		CAPABILITY_CREATE_FOLDER = (1 << 0),    /**< Can create folders. */
+		CAPABILITY_RENAME_FOLDER = (1 << 1),    /**< Can rename folders. */
+		CAPABILITY_ADD_MESSAGE = (1 << 2),      /**< Can append message to folders. */
+		CAPABILITY_COPY_MESSAGE = (1 << 3),     /**< Can copy messages from a folder to another one. */
+		CAPABILITY_DELETE_MESSAGE = (1 << 4),   /**< Can delete messages. */
+		CAPABILITY_PARTIAL_FETCH = (1 << 5),    /**< Is partial fetch supported? */
+		CAPABILITY_MESSAGE_FLAGS = (1 << 6),    /**< Can set flags on messages. */
+		CAPABILITY_EXTRACT_PART = (1 << 7)      /**< Can extract a specific part of the message. */
+	};
+
+	/** Return the features supported by this service. This is
+	  * a combination of store::CAPABILITY_xxx flags.
+	  *
+	  * @return features supported by this service
+	  */
+	virtual int getCapabilities() const = 0;
+
+
+	Type getType() const;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_STORE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/timeoutHandler.hpp b/vmime-master/src/vmime/net/timeoutHandler.hpp
new file mode 100644
index 0000000..fed1bc4
--- /dev/null
+++ b/vmime-master/src/vmime/net/timeoutHandler.hpp
@@ -0,0 +1,89 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TIMEOUTHANDLER_HPP_INCLUDED
+#define VMIME_NET_TIMEOUTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+/** A class to manage timeouts in messaging services. This can be used
+  * to stop operations that takes too much time to complete (ie. no data
+  * received from the server for a long time if the network link is down).
+  */
+class VMIME_EXPORT timeoutHandler : public object {
+
+public:
+
+	virtual ~timeoutHandler() { }
+
+	/** Called to test if the time limit has been reached.
+	  *
+	  * @return true if the timeout delay is elapsed
+	  */
+	virtual bool isTimeOut() = 0;
+
+	/** Called to reset the timeout counter.
+	  */
+	virtual void resetTimeOut() = 0;
+
+	/** Called when the time limit has been reached (when
+	  * isTimeOut() returned true).
+	  *
+	  * @return true to continue (and reset the timeout)
+	  * or false to cancel the current operation
+	  */
+	virtual bool handleTimeOut() = 0;
+};
+
+
+/** A class to create 'timeoutHandler' objects.
+  */
+class timeoutHandlerFactory : public object {
+
+public:
+
+	virtual ~timeoutHandlerFactory() { }
+
+	virtual shared_ptr <timeoutHandler> create() = 0;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_TIMEOUTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/tls/TLSProperties.cpp b/vmime-master/src/vmime/net/tls/TLSProperties.cpp
new file mode 100644
index 0000000..f7721d4
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSProperties.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/vmime-master/src/vmime/net/tls/TLSProperties.hpp b/vmime-master/src/vmime/net/tls/TLSProperties.hpp
new file mode 100644
index 0000000..94341ca
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSProperties.hpp
@@ -0,0 +1,105 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+/** Holds options for a TLS session.
+  */
+class VMIME_EXPORT TLSProperties : public object {
+
+public:
+
+	TLSProperties();
+	TLSProperties(const TLSProperties&);
+
+
+	/** Predefined generic cipher suites (work with all TLS libraries). */
+	enum GenericCipherSuite {
+
+		CIPHERSUITE_HIGH,           /**< High encryption cipher suites (> 128 bits). */
+		CIPHERSUITE_MEDIUM,         /**< Medium encryption cipher suites (>= 128 bits). */
+		CIPHERSUITE_LOW,            /**< Low encryption cipher suites (>= 64 bits). */
+
+		CIPHERSUITE_DEFAULT         /**< Default cipher suite. */
+	};
+
+	/** Sets the cipher suite preferences for a SSL/TLS session, using
+	  * predefined, generic suites. This works with all underlying TLS
+	  * libraries (OpenSSL and GNU TLS).
+	  *
+	  * @param cipherSuite predefined cipher suite
+	  */
+	void setCipherSuite(const GenericCipherSuite cipherSuite);
+
+	/** Sets the cipher suite preferences for a SSL/TLS session, using
+	  * a character string. The format and meaning of the string depend
+	  * on the underlying TLS library.
+	  *
+	  * For GNU TLS, read this:
+	  * http://gnutls.org/manual/html_node/Priority-Strings.html
+	  *
+	  * For OpenSSL, read this:
+	  * http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+	  *
+	  * @param cipherSuite cipher suite as a string
+	  */
+	void setCipherSuite(const string& cipherSuite);
+
+	/** Returns the cipher suite preferences for a SSL/TLS session, as
+	  * a character string. The format and meaning of the string depend
+	  * on the underlying TLS library (see setCipherSuite() method).
+	  *
+	  * @return cipher suite string
+	  */
+	const string getCipherSuite() const;
+
+private:
+
+	shared_ptr <object> m_data;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.cpp b/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.cpp
new file mode 100644
index 0000000..055dfea
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.cpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSSecuredConnectionInfos.hpp"
+#include "vmime/net/tls/TLSSession.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSSecuredConnectionInfos::TLSSecuredConnectionInfos(
+	const string& host,
+	const port_t port,
+	const shared_ptr <TLSSession>& tlsSession,
+	const shared_ptr <TLSSocket>& tlsSocket
+)
+	: m_host(host),
+	  m_port(port),
+	  m_tlsSession(tlsSession),
+	  m_tlsSocket(tlsSocket) {
+
+}
+
+
+const string TLSSecuredConnectionInfos::getHost() const {
+
+	return m_host;
+}
+
+
+port_t TLSSecuredConnectionInfos::getPort() const {
+
+	return m_port;
+}
+
+
+shared_ptr <const security::cert::certificateChain> TLSSecuredConnectionInfos::getPeerCertificates() const {
+
+	return m_tlsSocket->getPeerCertificates();
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.hpp b/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.hpp
new file mode 100644
index 0000000..c65e9d2
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSecuredConnectionInfos.hpp
@@ -0,0 +1,88 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLSSECUREDCONNECTIONINFOS_HPP_INCLUDED
+#define VMIME_NET_TLSSECUREDCONNECTIONINFOS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/securedConnectionInfos.hpp"
+
+#include "vmime/security/cert/certificateChain.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession;
+class TLSSocket;
+
+
+/** Information about a TLS-secured connection used by a service.
+  */
+class VMIME_EXPORT TLSSecuredConnectionInfos : public securedConnectionInfos {
+
+public:
+
+	TLSSecuredConnectionInfos(
+		const string& host,
+		const port_t port,
+		const shared_ptr <TLSSession>& tlsSession,
+		const shared_ptr <TLSSocket>& tlsSocket
+	);
+
+	const string getHost() const;
+	port_t getPort() const;
+
+	/** Return the peer's certificate (chain) as sent by the peer.
+	  *
+	  * @return server certificate chain
+	  */
+	shared_ptr <const security::cert::certificateChain> getPeerCertificates() const;
+
+private:
+
+	string m_host;
+	port_t m_port;
+
+	shared_ptr <TLSSession> m_tlsSession;
+	shared_ptr <TLSSocket> m_tlsSocket;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_NET_TLSSECUREDCONNECTIONINFOS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/TLSSession.cpp b/vmime-master/src/vmime/net/tls/TLSSession.cpp
new file mode 100644
index 0000000..ab8b7c3
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSession.cpp
@@ -0,0 +1,48 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSSession.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSSession::TLSSession() {
+
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/net/tls/TLSSession.hpp b/vmime-master/src/vmime/net/tls/TLSSession.hpp
new file mode 100644
index 0000000..9e84fe7
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSession.hpp
@@ -0,0 +1,96 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSESSION_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSESSION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
+
+#include "vmime/security/cert/certificateVerifier.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+/** Describe a TLS connection between a client and a server.
+  */
+class VMIME_EXPORT TLSSession : public object, public enable_shared_from_this <TLSSession> {
+
+public:
+
+	/** Create and initialize a new TLS session.
+	  *
+	  * @param cv object responsible for verifying certificates
+	  * sent by the server
+	  * @param props TLS properties for this session
+	  * @return a new TLS session
+	  */
+	static shared_ptr <TLSSession> create(
+		const shared_ptr <security::cert::certificateVerifier>& cv,
+		const shared_ptr <TLSProperties>& props
+	);
+
+	/** Create a new socket that adds a TLS security layer around
+	  * an existing socket. You should create only one socket
+	  * per session.
+	  *
+	  * @param sok socket to wrap
+	  * @return TLS socket wrapper
+	  */
+	virtual shared_ptr <TLSSocket> getSocket(const shared_ptr <socket>& sok) = 0;
+
+	/** Get the object responsible for verifying certificates when
+	  * using secured connections (TLS/SSL).
+	  */
+	virtual shared_ptr <security::cert::certificateVerifier> getCertificateVerifier() = 0;
+
+protected:
+
+	TLSSession();
+
+private:
+
+	TLSSession(const TLSSession&);
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_NET_TLS_TLSSESSION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/tls/TLSSocket.cpp b/vmime-master/src/vmime/net/tls/TLSSocket.cpp
new file mode 100644
index 0000000..fbca082
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSocket.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSSocket.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/vmime-master/src/vmime/net/tls/TLSSocket.hpp b/vmime-master/src/vmime/net/tls/TLSSocket.hpp
new file mode 100644
index 0000000..ca50aa8
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/TLSSocket.hpp
@@ -0,0 +1,88 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSOCKET_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSOCKET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/exception.hpp"
+
+#include "vmime/net/socket.hpp"
+#include "vmime/net/timeoutHandler.hpp"
+
+#include "vmime/security/cert/certificateChain.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession;
+
+
+/** Add a TLS security layer to an existing socket.
+  */
+class VMIME_EXPORT TLSSocket : public socket {
+
+public:
+
+	/** Create a new socket object that adds a security layer
+	  * around an existing socket.
+	  *
+	  * @param session TLS session
+	  * @param sok socket to wrap
+	  */
+	static shared_ptr <TLSSocket> wrap(const shared_ptr <TLSSession>& session, const shared_ptr <socket>& sok);
+
+	/** Starts a TLS handshake on this connection.
+	  *
+	  * @throw exceptions::tls_exception if a fatal error occurs
+	  * during the negociation process, exceptions::operation_timed_out
+	  * if a time-out occurs
+	  */
+	virtual void handshake() = 0;
+
+	/** Return the peer's certificate (chain) as sent by the peer.
+	  *
+	  * @return server certificate chain, or NULL if the handshake
+	  * has not been performed yet
+	  */
+	virtual shared_ptr <security::cert::certificateChain> getPeerCertificates() = 0;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_NET_TLS_TLSSOCKET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.cpp b/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.cpp
new file mode 100644
index 0000000..b2996fb
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.cpp
@@ -0,0 +1,113 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
+
+#include <gnutls/gnutls.h>
+#if GNUTLS_VERSION_NUMBER < 0x030000
+#include <gnutls/extra.h>
+#endif
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(make_shared <TLSProperties_GnuTLS>()) {
+
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(make_shared <TLSProperties_GnuTLS>()) {
+
+	*dynamicCast <TLSProperties_GnuTLS>(m_data) = *dynamicCast <TLSProperties_GnuTLS>(props.m_data);
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite) {
+
+	switch (cipherSuite) {
+
+		case CIPHERSUITE_HIGH:
+
+			setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
+			break;
+
+		case CIPHERSUITE_MEDIUM:
+
+			setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
+			break;
+
+		case CIPHERSUITE_LOW:
+
+			setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+			break;
+
+		default:
+		case CIPHERSUITE_DEFAULT:
+
+			setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+			break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite) {
+
+	dynamicCast <TLSProperties_GnuTLS>(m_data)->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const {
+
+	return dynamicCast <TLSProperties_GnuTLS>(m_data)->cipherSuite;
+}
+
+
+
+TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other) {
+
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp b/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
new file mode 100644
index 0000000..96bbaea
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSProperties_GnuTLS : public object {
+
+public:
+
+	TLSProperties_GnuTLS& operator=(const TLSProperties_GnuTLS& other);
+
+
+	string cipherSuite;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.cpp b/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.cpp
new file mode 100644
index 0000000..8586537
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.cpp
@@ -0,0 +1,313 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include <gnutls/gnutls.h>
+#if GNUTLS_VERSION_NUMBER < 0x030000
+#include <gnutls/extra.h>
+#endif
+
+
+// Dependency on gcrypt is not needed since GNU TLS version 2.12.
+// See here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638651
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
+#	define VMIME_GNUTLS_NEEDS_GCRYPT  1
+#endif
+
+#if VMIME_HAVE_PTHREAD
+#	include <pthread.h>
+#	if VMIME_GNUTLS_NEEDS_GCRYPT
+#		include <gcrypt.h>
+#	endif
+#	include <errno.h>
+#endif // VMIME_HAVE_PTHREAD
+
+#include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
+
+#include "vmime/exception.hpp"
+
+
+// Enable GnuTLS debugging by defining GNUTLS_DEBUG
+//#define GNUTLS_DEBUG 1
+
+
+#include <sstream>
+#include <iomanip>
+
+#if VMIME_DEBUG && GNUTLS_DEBUG
+	#include <iostream>
+#endif // VMIME_DEBUG && GNUTLS_DEBUG
+
+
+#if VMIME_HAVE_PTHREAD && VMIME_GNUTLS_NEEDS_GCRYPT && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL)
+extern "C"
+{
+	GCRY_THREAD_OPTION_PTHREAD_IMPL;
+}
+#endif // VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+#ifndef VMIME_BUILDING_DOC
+
+// Initialize GNU TLS library
+struct TLSGlobal {
+
+	TLSGlobal() {
+
+#if VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL)
+	#if VMIME_GNUTLS_NEEDS_GCRYPT
+		gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+	#endif // VMIME_GNUTLS_NEEDS_GCRYPT
+#endif // VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL
+
+		gnutls_global_init();
+		//gnutls_global_init_extra();
+
+#if VMIME_DEBUG && GNUTLS_DEBUG
+		gnutls_global_set_log_function(TLSLogFunc);
+		gnutls_global_set_log_level(10);
+#endif // VMIME_DEBUG && GNUTLS_DEBUG
+
+		gnutls_anon_allocate_client_credentials(&anonCred);
+		gnutls_certificate_allocate_credentials(&certCred);
+	}
+
+	~TLSGlobal() {
+
+		gnutls_anon_free_client_credentials(anonCred);
+		gnutls_certificate_free_credentials(certCred);
+
+		gnutls_global_deinit();
+	}
+
+#if VMIME_DEBUG && GNUTLS_DEBUG
+
+	static void TLSLogFunc(int level, const char *str) {
+
+		std::cerr << "GNUTLS: [" << level << "] " << str << std::endl;
+	}
+
+#endif // VMIME_DEBUG && GNUTLS_DEBUG
+
+
+	gnutls_anon_client_credentials_t anonCred;
+	gnutls_certificate_credentials_t certCred;
+};
+
+static TLSGlobal g_gnutlsGlobal;
+
+
+#endif // VMIME_BUILDING_DOC
+
+
+
+// static
+shared_ptr <TLSSession> TLSSession::create(
+	const shared_ptr <security::cert::certificateVerifier>& cv,
+	const shared_ptr <TLSProperties>& props
+) {
+
+	return make_shared <TLSSession_GnuTLS>(cv, props);
+}
+
+
+TLSSession_GnuTLS::TLSSession_GnuTLS(
+	const shared_ptr <security::cert::certificateVerifier>& cv,
+	const shared_ptr <TLSProperties>& props
+)
+	: m_certVerifier(cv),
+	  m_props(props) {
+
+	int res;
+
+	m_gnutlsSession = new gnutls_session_t;
+
+	if (gnutls_init(m_gnutlsSession, GNUTLS_CLIENT) != 0) {
+		throw std::bad_alloc();
+	}
+
+	// Sets some default priority on the ciphers, key exchange methods,
+	// macs and compression methods.
+#ifdef VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
+	gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
+
+	if ((res = gnutls_priority_set_direct
+		(*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0) {
+
+		throwTLSException("gnutls_priority_set_direct", res);
+	}
+
+#else  // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
+
+	gnutls_set_default_priority(*m_gnutlsSession);
+
+	// Sets the priority on the certificate types supported by gnutls.
+	// Priority is higher for types specified before others. After
+	// specifying the types you want, you must append a 0.
+	const int certTypePriority[] = { GNUTLS_CRT_X509, 0 };
+
+	res = gnutls_certificate_type_set_priority(*m_gnutlsSession, certTypePriority);
+
+	if (res < 0) {
+		throwTLSException("gnutls_certificate_type_set_priority", res);
+	}
+
+	// Sets the priority on the protocol types
+	const int protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+
+	res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
+
+	if (res < 0) {
+		throwTLSException("gnutls_certificate_type_set_priority", res);
+	}
+
+	// Priority on the ciphers
+	const int cipherPriority[] = {
+		GNUTLS_CIPHER_ARCFOUR_128,
+		GNUTLS_CIPHER_3DES_CBC,
+		GNUTLS_CIPHER_AES_128_CBC,
+		GNUTLS_CIPHER_AES_256_CBC,
+		GNUTLS_CIPHER_ARCFOUR_40,
+		GNUTLS_CIPHER_RC2_40_CBC,
+		GNUTLS_CIPHER_DES_CBC,
+		0
+	};
+
+	gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
+
+	// Priority on MACs
+	const int macPriority[] = {
+		GNUTLS_MAC_SHA,
+		GNUTLS_MAC_MD5,
+		0
+	};
+
+	gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
+
+	// Priority on key exchange methods
+	const int kxPriority[] = {
+		GNUTLS_KX_RSA,
+		GNUTLS_KX_DHE_DSS,
+		GNUTLS_KX_DHE_RSA,
+		GNUTLS_KX_ANON_DH,
+		GNUTLS_KX_SRP,
+		GNUTLS_KX_RSA_EXPORT,
+		GNUTLS_KX_SRP_RSA,
+		GNUTLS_KX_SRP_DSS,
+		0
+	};
+
+	gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
+
+	// Priority on compression methods
+	const int compressionPriority[] = {
+		GNUTLS_COMP_ZLIB,
+		//GNUTLS_COMP_LZO,
+		GNUTLS_COMP_NULL,
+		0
+	};
+
+	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
+
+#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
+
+	// Initialize credentials
+	gnutls_credentials_set(
+		*m_gnutlsSession, GNUTLS_CRD_ANON, g_gnutlsGlobal.anonCred
+	);
+
+	gnutls_credentials_set(
+		*m_gnutlsSession, GNUTLS_CRD_CERTIFICATE, g_gnutlsGlobal.certCred
+	);
+}
+
+
+TLSSession_GnuTLS::TLSSession_GnuTLS(const TLSSession_GnuTLS&)
+	: TLSSession() {
+
+	// Not used
+}
+
+
+TLSSession_GnuTLS::~TLSSession_GnuTLS() {
+
+	try {
+
+		if (m_gnutlsSession) {
+
+			gnutls_deinit(*m_gnutlsSession);
+
+			delete m_gnutlsSession;
+			m_gnutlsSession = NULL;
+		}
+
+	} catch (...) {
+
+		// Don't throw in destructor
+	}
+}
+
+
+shared_ptr <TLSSocket> TLSSession_GnuTLS::getSocket(const shared_ptr <socket>& sok) {
+
+	return TLSSocket::wrap(dynamicCast <TLSSession>(shared_from_this()), sok);
+}
+
+
+shared_ptr <security::cert::certificateVerifier> TLSSession_GnuTLS::getCertificateVerifier() {
+
+	return m_certVerifier;
+}
+
+
+void TLSSession_GnuTLS::throwTLSException(const string& fname, const int code) {
+
+	std::ostringstream msg;
+
+	msg << fname + "() returned code ";
+	msg << std::hex << code;
+	msg << ": ";
+	msg << gnutls_strerror(code);
+
+	throw exceptions::tls_exception(msg.str());
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp b/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp
new file mode 100644
index 0000000..2a7f9d7
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp
@@ -0,0 +1,95 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSESSION_GNUTLS_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSESSION_GNUTLS_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSSession.hpp"
+#include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession_GnuTLS : public TLSSession {
+
+	friend class TLSSocket_GnuTLS;
+
+public:
+
+	TLSSession_GnuTLS(
+		const shared_ptr <security::cert::certificateVerifier>& cv,
+		const shared_ptr <TLSProperties>& props
+	);
+
+	~TLSSession_GnuTLS();
+
+
+	shared_ptr <TLSSocket> getSocket(const shared_ptr <socket>& sok);
+
+	shared_ptr <security::cert::certificateVerifier> getCertificateVerifier();
+
+private:
+
+	TLSSession_GnuTLS(const TLSSession_GnuTLS&);
+
+	static void throwTLSException(const string& fname, const int code);
+
+
+#ifdef LIBGNUTLS_VERSION
+	gnutls_session_t* m_gnutlsSession;
+#else
+	void* m_gnutlsSession;
+#endif // LIBGNUTLS_VERSION
+
+	shared_ptr <security::cert::certificateVerifier> m_certVerifier;
+	shared_ptr <TLSProperties> m_props;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSSESSION_GNUTLS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.cpp b/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.cpp
new file mode 100644
index 0000000..53e4eae
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.cpp
@@ -0,0 +1,548 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <errno.h>
+
+#include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/security/cert/X509Certificate.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <cstring>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+// static
+shared_ptr <TLSSocket> TLSSocket::wrap(
+	const shared_ptr <TLSSession>& session,
+	const shared_ptr <socket>& sok
+)
+{
+	return make_shared <TLSSocket_GnuTLS>(dynamicCast <TLSSession_GnuTLS>(session), sok);
+}
+
+
+TLSSocket_GnuTLS::TLSSocket_GnuTLS(
+	const shared_ptr <TLSSession_GnuTLS>& session,
+	const shared_ptr <socket>& sok
+)
+	: m_session(session),
+	  m_wrapped(sok),
+	  m_connected(false),
+	  m_ex(NULL),
+	  m_status(0),
+	  m_errno(0) {
+
+	gnutls_transport_set_ptr(*m_session->m_gnutlsSession, this);
+
+	gnutls_transport_set_push_function(*m_session->m_gnutlsSession, gnutlsPushFunc);
+	gnutls_transport_set_pull_function(*m_session->m_gnutlsSession, gnutlsPullFunc);
+	gnutls_transport_set_errno_function(*m_session->m_gnutlsSession, gnutlsErrnoFunc);
+}
+
+
+TLSSocket_GnuTLS::~TLSSocket_GnuTLS() {
+
+	resetException();
+
+	try {
+		disconnect();
+	} catch (...) {
+		// Don't throw exception in destructor
+	}
+}
+
+
+void TLSSocket_GnuTLS::connect(const string& address, const port_t port) {
+
+	try {
+
+		m_wrapped->connect(address, port);
+
+		handshake();
+
+	} catch (...) {
+
+		disconnect();
+		throw;
+	}
+}
+
+
+void TLSSocket_GnuTLS::disconnect() {
+
+	if (m_connected) {
+
+		gnutls_bye(*m_session->m_gnutlsSession, GNUTLS_SHUT_RDWR);
+
+		m_wrapped->disconnect();
+
+		m_connected = false;
+	}
+}
+
+
+bool TLSSocket_GnuTLS::isConnected() const {
+
+	return m_wrapped->isConnected() && m_connected;
+}
+
+
+size_t TLSSocket_GnuTLS::getBlockSize() const {
+
+	return 16384;  // 16 KB
+}
+
+
+const string TLSSocket_GnuTLS::getPeerName() const {
+
+	return m_wrapped->getPeerName();
+}
+
+
+const string TLSSocket_GnuTLS::getPeerAddress() const {
+
+	return m_wrapped->getPeerAddress();
+}
+
+
+shared_ptr <timeoutHandler> TLSSocket_GnuTLS::getTimeoutHandler() {
+
+	return m_wrapped->getTimeoutHandler();
+}
+
+
+void TLSSocket_GnuTLS::setTracer(const shared_ptr <net::tracer>& tracer) {
+
+	m_wrapped->setTracer(tracer);
+}
+
+
+shared_ptr <net::tracer> TLSSocket_GnuTLS::getTracer() {
+
+	return m_wrapped->getTracer();
+}
+
+
+bool TLSSocket_GnuTLS::waitForRead(const int msecs) {
+
+	return m_wrapped->waitForRead(msecs);
+}
+
+
+bool TLSSocket_GnuTLS::waitForWrite(const int msecs) {
+
+	return m_wrapped->waitForWrite(msecs);
+}
+
+
+void TLSSocket_GnuTLS::receive(string& buffer) {
+
+	const size_t size = receiveRaw(m_buffer, sizeof(m_buffer));
+	buffer = utility::stringUtils::makeStringFromBytes(m_buffer, size);
+}
+
+
+void TLSSocket_GnuTLS::send(const string& buffer) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(buffer.data()), buffer.length());
+}
+
+
+void TLSSocket_GnuTLS::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(str), ::strlen(str));
+}
+
+
+size_t TLSSocket_GnuTLS::receiveRaw(byte_t* buffer, const size_t count) {
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	resetException();
+
+	const ssize_t ret = gnutls_record_recv(
+		*m_session->m_gnutlsSession,
+		buffer, static_cast <size_t>(count)
+	);
+
+	throwException();
+
+	if (ret < 0) {
+
+		if (ret == GNUTLS_E_AGAIN) {
+
+			if (gnutls_record_get_direction(*m_session->m_gnutlsSession) == 0) {
+				m_status |= STATUS_WANT_READ;
+			} else {
+				m_status |= STATUS_WANT_WRITE;
+			}
+
+			return 0;
+		}
+
+		TLSSession_GnuTLS::throwTLSException("gnutls_record_recv", static_cast <int>(ret));
+	}
+
+	return static_cast <size_t>(ret);
+}
+
+
+void TLSSocket_GnuTLS::sendRaw(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	for (size_t size = count ; size > 0 ; ) {
+
+		resetException();
+
+		ssize_t ret = gnutls_record_send(
+			*m_session->m_gnutlsSession,
+			buffer, static_cast <size_t>(size)
+		);
+
+		throwException();
+
+		if (ret < 0) {
+
+			if (ret == GNUTLS_E_AGAIN) {
+
+				if (gnutls_record_get_direction(*m_session->m_gnutlsSession) == 0) {
+					m_wrapped->waitForRead();
+				} else {
+					m_wrapped->waitForWrite();
+				}
+
+				continue;
+			}
+
+			TLSSession_GnuTLS::throwTLSException("gnutls_record_send", static_cast <int>(ret));
+
+		} else {
+
+			buffer += ret;
+			size -= ret;
+		}
+	}
+}
+
+
+size_t TLSSocket_GnuTLS::sendRawNonBlocking(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	resetException();
+
+	ssize_t ret = gnutls_record_send(
+		*m_session->m_gnutlsSession,
+		buffer, static_cast <size_t>(count)
+	);
+
+	throwException();
+
+	if (ret < 0) {
+
+		if (ret == GNUTLS_E_AGAIN) {
+
+			if (gnutls_record_get_direction(*m_session->m_gnutlsSession) == 0) {
+				m_status |= STATUS_WANT_READ;
+			} else {
+				m_status |= STATUS_WANT_WRITE;
+			}
+
+			return 0;
+		}
+
+		TLSSession_GnuTLS::throwTLSException("gnutls_record_send", static_cast <int>(ret));
+	}
+
+	return static_cast <size_t>(ret);
+}
+
+
+unsigned int TLSSocket_GnuTLS::getStatus() const {
+
+	return m_status | m_wrapped->getStatus();
+}
+
+
+void TLSSocket_GnuTLS::handshake() {
+
+	shared_ptr <timeoutHandler> toHandler = m_wrapped->getTimeoutHandler();
+
+	if (toHandler) {
+		toHandler->resetTimeOut();
+	}
+
+	if (getTracer()) {
+		getTracer()->traceSend("Beginning SSL/TLS handshake");
+	}
+
+	// Start handshaking process
+	try {
+		string peerName = getPeerName();
+		
+		gnutls_server_name_set(*m_session->m_gnutlsSession, GNUTLS_NAME_DNS, peerName.c_str(), peerName.size());
+
+		while (true) {
+
+			resetException();
+
+			const int ret = gnutls_handshake(*m_session->m_gnutlsSession);
+
+			throwException();
+
+			if (ret < 0) {
+
+				if (ret == GNUTLS_E_AGAIN) {
+
+					if (gnutls_record_get_direction(*m_session->m_gnutlsSession) == 0) {
+						m_wrapped->waitForRead();
+					} else {
+						m_wrapped->waitForWrite();
+					}
+
+				} else if (ret == GNUTLS_E_INTERRUPTED) {
+
+					// Non-fatal error
+
+				} else {
+
+					TLSSession_GnuTLS::throwTLSException("gnutls_handshake", ret);
+				}
+
+			} else {
+
+				// Successful handshake
+				break;
+			}
+		}
+
+	} catch (...) {
+
+		throw;
+	}
+
+	// Verify server's certificate(s)
+	shared_ptr <security::cert::certificateChain> certs = getPeerCertificates();
+
+	if (certs == NULL) {
+		throw exceptions::tls_exception("No peer certificate.");
+	}
+
+	m_session->getCertificateVerifier()->verify(certs, getPeerName());
+
+	m_connected = true;
+}
+
+
+int TLSSocket_GnuTLS::gnutlsErrnoFunc(gnutls_transport_ptr_t trspt) {
+
+	TLSSocket_GnuTLS* sok = reinterpret_cast <TLSSocket_GnuTLS*>(trspt);
+	return sok->m_errno;
+}
+
+
+ssize_t TLSSocket_GnuTLS::gnutlsPushFunc(
+	gnutls_transport_ptr_t trspt,
+	const void* data,
+	size_t len
+) {
+
+	TLSSocket_GnuTLS* sok = reinterpret_cast <TLSSocket_GnuTLS*>(trspt);
+
+	try {
+
+		const ssize_t ret = static_cast <ssize_t>(
+			sok->m_wrapped->sendRawNonBlocking(reinterpret_cast <const byte_t*>(data), len)
+		);
+
+		if (ret == 0) {
+
+			gnutls_transport_set_errno(*sok->m_session->m_gnutlsSession, EAGAIN);
+			sok->m_errno = EAGAIN;
+			return -1;
+		}
+
+		return ret;
+
+	} catch (exception& e) {
+
+		// Workaround for non-portable behaviour when throwing C++ exceptions
+		// from C functions (GNU TLS)
+		sok->m_ex = e.clone();
+		return -1;
+	}
+}
+
+
+ssize_t TLSSocket_GnuTLS::gnutlsPullFunc(
+	gnutls_transport_ptr_t trspt,
+	void* data,
+	size_t len
+) {
+
+	TLSSocket_GnuTLS* sok = reinterpret_cast <TLSSocket_GnuTLS*>(trspt);
+
+	try {
+
+		const ssize_t n = static_cast <ssize_t>(
+			sok->m_wrapped->receiveRaw(reinterpret_cast <byte_t*>(data), len)
+		);
+
+		if (n == 0) {
+
+			gnutls_transport_set_errno(*sok->m_session->m_gnutlsSession, EAGAIN);
+			sok->m_errno = EAGAIN;
+			return -1;
+		}
+
+		return n;
+
+	} catch (exception& e) {
+
+		// Workaround for non-portable behaviour when throwing C++ exceptions
+		// from C functions (GNU TLS)
+		sok->m_ex = e.clone();
+		return -1;
+	}
+}
+
+
+shared_ptr <security::cert::certificateChain> TLSSocket_GnuTLS::getPeerCertificates() {
+
+	if (getTracer()) {
+		getTracer()->traceSend("Getting peer certificates");
+	}
+
+	unsigned int certCount = 0;
+	const gnutls_datum_t* rawData = gnutls_certificate_get_peers(
+		*m_session->m_gnutlsSession, &certCount
+	);
+
+	if (rawData == NULL) {
+		return null;
+	}
+
+	// Try X.509
+	gnutls_x509_crt_t* x509Certs = new gnutls_x509_crt_t[certCount];
+
+	for (unsigned int i = 0; i < certCount; ++i) {
+
+		gnutls_x509_crt_init(x509Certs + i);
+
+		int res = gnutls_x509_crt_import(x509Certs[i], rawData + i, GNUTLS_X509_FMT_DER);
+
+		if (res < 0) {
+
+			for (unsigned int j = 0 ; j <= i ; ++j) {
+				gnutls_x509_crt_deinit(x509Certs[j]);
+			}
+
+			// XXX more fine-grained error reporting?
+			delete [] x509Certs;
+			return null;
+		}
+	}
+
+	std::vector <shared_ptr <security::cert::certificate> > certs;
+	bool error = false;
+
+	for (unsigned int i = 0 ; i < certCount ; ++i) {
+
+		size_t dataSize = 0;
+
+		gnutls_x509_crt_export(x509Certs[i], GNUTLS_X509_FMT_DER, NULL, &dataSize);
+
+		std::vector <byte_t> data(dataSize);
+
+		gnutls_x509_crt_export(x509Certs[i], GNUTLS_X509_FMT_DER, &data[0], &dataSize);
+
+		shared_ptr <security::cert::X509Certificate> cert =
+			security::cert::X509Certificate::import(&data[0], dataSize);
+
+		if (cert != NULL) {
+			certs.push_back(cert);
+		} else {
+			error = true;
+		}
+
+		gnutls_x509_crt_deinit(x509Certs[i]);
+	}
+
+	delete [] x509Certs;
+
+	if (error) {
+		return null;
+	}
+
+	return make_shared <security::cert::certificateChain>(certs);
+}
+
+
+// Following is a workaround for C++ exceptions to pass correctly between
+// C and C++ calls.
+//
+// gnutls_record_recv() calls TLSSocket::gnutlsPullFunc, and exceptions
+// thrown by the socket can not be caught.
+
+void TLSSocket_GnuTLS::throwException() {
+
+	if (m_ex) {
+		throw *m_ex;
+	}
+}
+
+
+void TLSSocket_GnuTLS::resetException() {
+
+	if (m_ex) {
+		delete m_ex;
+		m_ex = NULL;
+	}
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp b/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp
new file mode 100644
index 0000000..0ac3e70
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp
@@ -0,0 +1,129 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSOCKET_GNUTLS_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSOCKET_GNUTLS_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/net/tls/TLSSocket.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession;
+class TLSSession_GnuTLS;
+
+
+class TLSSocket_GnuTLS : public TLSSocket {
+
+public:
+
+	TLSSocket_GnuTLS(const shared_ptr <TLSSession_GnuTLS>& session, const shared_ptr <socket>& sok);
+	~TLSSocket_GnuTLS();
+
+
+	void handshake();
+
+	shared_ptr <security::cert::certificateChain> getPeerCertificates();
+
+	// Implementation of 'socket'
+	void connect(const string& address, const port_t port);
+	void disconnect();
+	bool isConnected() const;
+
+	bool waitForRead(const int msecs = 30000);
+	bool waitForWrite(const int msecs = 30000);
+
+	void receive(string& buffer);
+	size_t receiveRaw(byte_t* buffer, const size_t count);
+
+	void send(const string& buffer);
+	void send(const char* str);
+	void sendRaw(const byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const string getPeerName() const;
+	const string getPeerAddress() const;
+
+	shared_ptr <timeoutHandler> getTimeoutHandler();
+
+	void setTracer(const shared_ptr <net::tracer>& tracer);
+	shared_ptr <net::tracer> getTracer();
+
+private:
+
+	void resetException();
+	void throwException();
+
+#ifdef LIBGNUTLS_VERSION
+	static ssize_t gnutlsPushFunc(gnutls_transport_ptr_t trspt, const void* data, size_t len);
+	static ssize_t gnutlsPullFunc(gnutls_transport_ptr_t trspt, void* data, size_t len);
+	static int gnutlsErrnoFunc(gnutls_transport_ptr_t trspt);
+#else
+	static int gnutlsPushFunc(void* trspt, const void* data, size_t len);
+	static int gnutlsPullFunc(void* trspt, void* data, size_t len);
+	static int gnutlsErrnoFunc(void* trspt);
+#endif // LIBGNUTLS_VERSION
+
+
+	shared_ptr <TLSSession_GnuTLS> m_session;
+	shared_ptr <socket> m_wrapped;
+
+	bool m_connected;
+
+	byte_t m_buffer[65536];
+
+	exception* m_ex;
+
+	unsigned int m_status;
+	int m_errno;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSSOCKET_GNUTLS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.cpp b/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.cpp
new file mode 100644
index 0000000..c7b1013
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.cpp
@@ -0,0 +1,169 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
+
+#include "vmime/platform.hpp"
+
+#include <openssl/opensslv.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#	define OPENSSL_API_COMPAT 0x10100000L
+#endif
+
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x0907000L
+#	include <openssl/conf.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#	include "vmime/utility/sync/autoLock.hpp"
+#	include "vmime/utility/sync/criticalSection.hpp"
+#endif
+
+
+// OpenSSL locking callbacks for multithreading support (< v1.1 only)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+namespace {
+
+vmime::shared_ptr <vmime::utility::sync::criticalSection >* g_openSSLMutexes = NULL;
+
+extern "C" void VMime_OpenSSLCallback_lock(int mode, int n, const char* /* file */, int /* line */) {
+
+	if (mode & CRYPTO_LOCK) {
+		g_openSSLMutexes[n]->lock();
+	} else {
+		g_openSSLMutexes[n]->unlock();
+	}
+}
+
+extern "C" unsigned long VMime_OpenSSLCallback_id() {
+
+	return vmime::platform::getHandler()->getThreadId();
+}
+
+}
+
+#endif
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+OpenSSLInitializer::autoInitializer::autoInitializer() {
+
+	// The construction of this unique 'oneTimeInitializer' object will be triggered
+	// by the 'autoInitializer' objects from the other translation units
+	static OpenSSLInitializer::oneTimeInitializer oneTimeInitializer;
+}
+
+
+OpenSSLInitializer::autoInitializer::~autoInitializer() {
+
+}
+
+
+OpenSSLInitializer::oneTimeInitializer::oneTimeInitializer() {
+
+	initialize();
+}
+
+
+OpenSSLInitializer::oneTimeInitializer::~oneTimeInitializer() {
+
+	uninitialize();
+}
+
+
+// static
+void OpenSSLInitializer::initialize() {
+
+#if OPENSSL_VERSION_NUMBER >= 0x0907000L && OPENSSL_VERSION_NUMBER < 0x10100000L
+	OPENSSL_config(NULL);
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	SSL_load_error_strings();
+	SSL_library_init();
+	OpenSSL_add_all_algorithms();
+
+	int numMutexes = CRYPTO_num_locks();
+	g_openSSLMutexes = new shared_ptr <vmime::utility::sync::criticalSection>[numMutexes];
+
+	for (int i = 0 ; i < numMutexes ; ++i) {
+		g_openSSLMutexes[i] = vmime::platform::getHandler()->createCriticalSection();
+	}
+
+	CRYPTO_set_locking_callback(VMime_OpenSSLCallback_lock);
+	CRYPTO_set_id_callback(VMime_OpenSSLCallback_id);
+#endif
+
+	// Seed the RNG, in case /dev/urandom is not available. Explicitely calling
+	// RAND_seed() even though /dev/urandom is available is harmless.
+	enum {
+		SEEDSIZE = 256
+	};
+
+	unsigned char seed[SEEDSIZE];
+	vmime::platform::getHandler()->generateRandomBytes(seed, SEEDSIZE);
+	RAND_seed(seed, SEEDSIZE);
+}
+
+
+// static
+void OpenSSLInitializer::uninitialize() {
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	EVP_cleanup();
+	ERR_free_strings();
+
+	CRYPTO_set_locking_callback(NULL);
+	CRYPTO_set_id_callback(NULL);
+
+	delete [] g_openSSLMutexes;
+	g_openSSLMutexes = NULL;
+#endif
+
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.hpp b/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.hpp
new file mode 100644
index 0000000..3b8496d
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/OpenSSLInitializer.hpp
@@ -0,0 +1,90 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_OPENSSL_OPENSSLINITIALIZER_HPP_INCLUDED
+#define VMIME_NET_TLS_OPENSSL_OPENSSLINITIALIZER_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+#include <vector>
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/utility/sync/criticalSection.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+/** Class responsible for setting up OpenSSL
+  */
+class OpenSSLInitializer {
+
+public:
+
+	/** Automatically initialize OpenSSL
+	  */
+	struct autoInitializer {
+
+		autoInitializer();
+		~autoInitializer();
+	};
+
+protected:
+
+	struct oneTimeInitializer {
+
+		oneTimeInitializer();
+		~oneTimeInitializer();
+	};
+
+
+	/** Initializes the OpenSSL lib
+	  */
+	static void initialize();
+
+	/** Shutdown the OpenSSL lib
+	  */
+	static void uninitialize();
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_OPENSSL_OPENSSLINITIALIZER_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.cpp b/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.cpp
new file mode 100644
index 0000000..ea22f1c
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.cpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(make_shared <TLSProperties_OpenSSL>()) {
+
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(make_shared <TLSProperties_OpenSSL>()) {
+
+	*dynamicCast <TLSProperties_OpenSSL>(m_data) = *dynamicCast <TLSProperties_OpenSSL>(props.m_data);
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite) {
+
+	switch (cipherSuite) {
+
+		case CIPHERSUITE_HIGH:
+
+			setCipherSuite("HIGH:!ADH:@STRENGTH");
+			break;
+
+		case CIPHERSUITE_MEDIUM:
+
+			setCipherSuite("MEDIUM:!ADH:@STRENGTH");
+			break;
+
+		case CIPHERSUITE_LOW:
+
+			setCipherSuite("LOW:!ADH:@STRENGTH");
+			break;
+
+		default:
+		case CIPHERSUITE_DEFAULT:
+
+			setCipherSuite("DEFAULT:!ADH:@STRENGTH");
+			break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite) {
+
+	dynamicCast <TLSProperties_OpenSSL>(m_data)->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const {
+
+	return dynamicCast <TLSProperties_OpenSSL>(m_data)->cipherSuite;
+}
+
+
+
+TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other) {
+
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp b/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
new file mode 100644
index 0000000..8304df2
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSProperties_OpenSSL : public object {
+
+public:
+
+	TLSProperties_OpenSSL& operator=(const TLSProperties_OpenSSL& other);
+
+
+	string cipherSuite;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.cpp b/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.cpp
new file mode 100644
index 0000000..019341c
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.cpp
@@ -0,0 +1,147 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
+
+#include "vmime/security/cert/certificateException.hpp"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+static OpenSSLInitializer::autoInitializer openSSLInitializer;
+
+
+// static
+shared_ptr <TLSSession> TLSSession::create(
+	const shared_ptr <security::cert::certificateVerifier>& cv,
+	const shared_ptr <TLSProperties>& props
+) {
+
+	return make_shared <TLSSession_OpenSSL>(cv, props);
+}
+
+
+TLSSession_OpenSSL::TLSSession_OpenSSL(
+	const shared_ptr <vmime::security::cert::certificateVerifier>& cv,
+	const shared_ptr <TLSProperties>& props
+)
+	: m_sslctx(0),
+	  m_certVerifier(cv),
+	  m_props(props) {
+
+	m_sslctx = SSL_CTX_new(SSLv23_client_method());
+	SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+	SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
+	SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
+	SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
+}
+
+
+TLSSession_OpenSSL::TLSSession_OpenSSL(const TLSSession_OpenSSL&)
+	: TLSSession() {
+
+	// Not used
+}
+
+
+TLSSession_OpenSSL::~TLSSession_OpenSSL() {
+
+	SSL_CTX_free(m_sslctx);
+}
+
+
+shared_ptr <TLSSocket> TLSSession_OpenSSL::getSocket(const shared_ptr <socket>& sok) {
+
+	return TLSSocket::wrap(dynamicCast <TLSSession>(shared_from_this()), sok);
+}
+
+
+shared_ptr <security::cert::certificateVerifier> TLSSession_OpenSSL::getCertificateVerifier() {
+
+	return m_certVerifier;
+}
+
+
+void TLSSession_OpenSSL::usePrivateKeyFile(const vmime::string& keyfile) {
+
+	ERR_clear_error();
+
+	if (SSL_CTX_use_PrivateKey_file(m_sslctx, keyfile.c_str(), SSL_FILETYPE_PEM) != 1) {
+
+		unsigned long errCode = ERR_get_error();
+		char buffer[256];
+		ERR_error_string_n(errCode, buffer, sizeof(buffer));
+		vmime::string sslErr(buffer);
+		std::ostringstream oss;
+		oss << "Error loading private key from file " << keyfile;
+		oss << " - msg: " << sslErr;
+		throw security::cert::certificateException(oss.str());
+	}
+}
+
+
+void TLSSession_OpenSSL::useCertificateChainFile(const vmime::string& chainFile) {
+
+	ERR_clear_error();
+
+	if (SSL_CTX_use_certificate_chain_file(m_sslctx, chainFile.c_str()) != 1) {
+
+		unsigned long errCode = ERR_get_error();
+		char buffer[256];
+		ERR_error_string_n(errCode, buffer, sizeof(buffer));
+		vmime::string sslErr(buffer);
+		std::ostringstream oss;
+		oss << "Error loading certificate from file " << chainFile;
+		oss << " - msg: " << sslErr;
+		throw security::cert::certificateException(oss.str());
+	}
+}
+
+
+SSL_CTX* TLSSession_OpenSSL::getContext() const {
+
+	return m_sslctx;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp b/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp
new file mode 100644
index 0000000..518216b
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp
@@ -0,0 +1,109 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSESSION_OPENSSL_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSESSION_OPENSSL_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSSession.hpp"
+#include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+#include <openssl/ssl.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession_OpenSSL : public TLSSession {
+
+	friend class TLSSocket_OpenSSL;
+
+public:
+
+	TLSSession_OpenSSL(
+		const shared_ptr <security::cert::certificateVerifier>& cv,
+		const shared_ptr <TLSProperties>& props
+	);
+
+	~TLSSession_OpenSSL();
+
+
+	shared_ptr <TLSSocket> getSocket(const shared_ptr <socket>& sok);
+
+	shared_ptr <security::cert::certificateVerifier> getCertificateVerifier();
+
+
+	/** Set the private key to use if server requires a client certificate.
+	 *
+	 * @param keyfile path to the private key in PEM format
+	*/
+	void usePrivateKeyFile(const vmime::string& keyfile);
+
+	/** Supply the certificate chain to present if requested by server.
+	 *
+	 * @param chainFile	File in PEM format holding certificate chain
+	 */
+	void useCertificateChainFile(const vmime::string& chainFile);
+
+	/** Get a pointer to the SSL_CTX used for this session.
+	 *
+	 * @return the SSL_CTX used for all connections created with this session
+	 */
+	SSL_CTX* getContext() const;
+
+private:
+
+	TLSSession_OpenSSL(const TLSSession_OpenSSL&);
+
+	SSL_CTX* m_sslctx;
+
+	shared_ptr <security::cert::certificateVerifier> m_certVerifier;
+	shared_ptr <TLSProperties> m_props;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSSESSION_OPENSSL_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.cpp b/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.cpp
new file mode 100644
index 0000000..978f0ca
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.cpp
@@ -0,0 +1,761 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "vmime/net/tls/openssl/TLSSocket_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/security/cert/openssl/X509Certificate_OpenSSL.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <vector>
+#include <cstring>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+static OpenSSLInitializer::autoInitializer openSSLInitializer;
+
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+// static
+BIO_METHOD TLSSocket_OpenSSL::sm_customBIOMethod = {
+	100 | BIO_TYPE_SOURCE_SINK,
+	"vmime::socket glue",
+	TLSSocket_OpenSSL::bio_write,
+	TLSSocket_OpenSSL::bio_read,
+	TLSSocket_OpenSSL::bio_puts,
+	NULL,  // gets
+	TLSSocket_OpenSSL::bio_ctrl,
+	TLSSocket_OpenSSL::bio_create,
+	TLSSocket_OpenSSL::bio_destroy,
+	0
+};
+
+#define BIO_set_init(b, val) b->init = val
+#define BIO_set_data(b, val) b->ptr = val
+#define BIO_set_num(b, val) b->num = val
+#define BIO_set_flags(b, val) b->flags = val
+#define BIO_set_shutdown(b, val) b->shutdown = val
+#define BIO_get_init(b) b->init
+#define BIO_get_data(b) b->ptr
+#define BIO_get_shutdown(b) b->shutdown
+
+#else
+
+#define BIO_set_num(b, val)
+
+#endif
+
+
+
+// static
+shared_ptr <TLSSocket> TLSSocket::wrap(
+	const shared_ptr <TLSSession>& session,
+	const shared_ptr <socket>& sok
+) {
+
+	return make_shared <TLSSocket_OpenSSL>(dynamicCast <TLSSession_OpenSSL>(session), sok);
+}
+
+
+TLSSocket_OpenSSL::TLSSocket_OpenSSL(
+	const shared_ptr <TLSSession_OpenSSL>& session,
+	const shared_ptr <socket>& sok
+)
+	: m_session(session),
+	  m_wrapped(sok),
+	  m_connected(false),
+	  m_ssl(0),
+	  m_status(0),
+	  m_ex() {
+
+}
+
+
+TLSSocket_OpenSSL::~TLSSocket_OpenSSL() {
+
+	try {
+		disconnect();
+	} catch (...) {
+		// Don't throw in destructor
+	}
+}
+
+
+void TLSSocket_OpenSSL::createSSLHandle() {
+
+	if (m_wrapped->isConnected()) {
+		string peerName = getPeerName();
+		
+		if (peerName.empty()) {
+			throw exceptions::tls_exception("Unknown host name, will not be able to set SNI");
+		}
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+		BIO* sockBio = BIO_new(&sm_customBIOMethod);
+		sockBio->ptr = this;
+		sockBio->init = 1;
+
+#else
+
+		BIO_METHOD* bioMeth = BIO_meth_new(BIO_TYPE_SOURCE_SINK | BIO_get_new_index(), "vmime::socket glue");
+
+		if (!bioMeth) {
+			BIO_meth_free(bioMeth);
+			throw exceptions::tls_exception("BIO_meth_new() failed");
+		}
+
+		BIO_meth_set_write(bioMeth, TLSSocket_OpenSSL::bio_write);
+		BIO_meth_set_read(bioMeth, TLSSocket_OpenSSL::bio_read);
+		BIO_meth_set_puts(bioMeth, TLSSocket_OpenSSL::bio_puts);
+		BIO_meth_set_ctrl(bioMeth, TLSSocket_OpenSSL::bio_ctrl);
+		BIO_meth_set_create(bioMeth, TLSSocket_OpenSSL::bio_create);
+		BIO_meth_set_destroy(bioMeth, TLSSocket_OpenSSL::bio_destroy);
+
+		BIO* sockBio = BIO_new(bioMeth);
+		BIO_set_data(sockBio, this);
+		BIO_set_init(sockBio, 1);
+
+#endif
+
+		if (!sockBio) {
+			throw exceptions::tls_exception("BIO_new() failed");
+		}
+
+		m_ssl = SSL_new(m_session->getContext());
+
+		if (!m_ssl) {
+			BIO_free(sockBio);
+			throw exceptions::tls_exception("Cannot create SSL object");
+		}
+
+		SSL_set_bio(m_ssl, sockBio, sockBio);
+		SSL_set_tlsext_host_name(m_ssl, peerName.c_str());
+		SSL_set_connect_state(m_ssl);
+		SSL_set_mode(m_ssl, SSL_MODE_AUTO_RETRY | SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+	} else {
+
+		throw exceptions::tls_exception("Unconnected socket error");
+	}
+}
+
+
+void TLSSocket_OpenSSL::connect(const string& address, const port_t port) {
+
+	try {
+
+		m_wrapped->connect(address, port);
+		
+		createSSLHandle();
+
+		handshake();
+
+	} catch (...) {
+
+		disconnect();
+		throw;
+	}
+}
+
+
+void TLSSocket_OpenSSL::disconnect() {
+
+	if (m_ssl) {
+
+		// Don't shut down the socket more than once.
+		int shutdownState = SSL_get_shutdown(m_ssl);
+		bool shutdownSent = (shutdownState & SSL_SENT_SHUTDOWN) == SSL_SENT_SHUTDOWN;
+
+		if (!shutdownSent) {
+			SSL_shutdown(m_ssl);
+		}
+
+		SSL_free(m_ssl);
+		m_ssl = 0;
+	}
+
+	if (m_connected) {
+		m_connected = false;
+		m_wrapped->disconnect();
+	}
+}
+
+
+bool TLSSocket_OpenSSL::isConnected() const {
+
+	return m_wrapped->isConnected() && m_connected;
+}
+
+
+size_t TLSSocket_OpenSSL::getBlockSize() const {
+
+	return 16384;  // 16 KB
+}
+
+
+const string TLSSocket_OpenSSL::getPeerName() const {
+
+	return m_wrapped->getPeerName();
+}
+
+
+const string TLSSocket_OpenSSL::getPeerAddress() const {
+
+	return m_wrapped->getPeerAddress();
+}
+
+
+shared_ptr <timeoutHandler> TLSSocket_OpenSSL::getTimeoutHandler() {
+
+	return m_wrapped->getTimeoutHandler();
+}
+
+
+void TLSSocket_OpenSSL::setTracer(const shared_ptr <net::tracer>& tracer) {
+
+	m_wrapped->setTracer(tracer);
+}
+
+
+shared_ptr <net::tracer> TLSSocket_OpenSSL::getTracer() {
+
+	return m_wrapped->getTracer();
+}
+
+
+bool TLSSocket_OpenSSL::waitForRead(const int msecs) {
+
+	return m_wrapped->waitForRead(msecs);
+}
+
+
+bool TLSSocket_OpenSSL::waitForWrite(const int msecs) {
+
+	return m_wrapped->waitForWrite(msecs);
+}
+
+
+void TLSSocket_OpenSSL::receive(string& buffer) {
+
+	const size_t size = receiveRaw(m_buffer, sizeof(m_buffer));
+
+	if (size != 0) {
+		buffer = utility::stringUtils::makeStringFromBytes(m_buffer, size);
+	} else {
+		buffer.clear();
+	}
+}
+
+
+void TLSSocket_OpenSSL::send(const string& buffer) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(buffer.data()), buffer.length());
+}
+
+
+void TLSSocket_OpenSSL::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(str), ::strlen(str));
+}
+
+
+size_t TLSSocket_OpenSSL::receiveRaw(byte_t* buffer, const size_t count) {
+
+	if (!m_ssl) {
+		throw exceptions::socket_not_connected_exception();
+	}
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	ERR_clear_error();
+	int rc = SSL_read(m_ssl, buffer, static_cast <int>(count));
+
+	if (m_ex.get()) {
+		internalThrow();
+	}
+
+	if (rc <= 0) {
+
+		int error = SSL_get_error(m_ssl, rc);
+
+		if (error == SSL_ERROR_WANT_WRITE) {
+			m_status |= STATUS_WANT_WRITE;
+			return 0;
+		} else if (error == SSL_ERROR_WANT_READ) {
+			m_status |= STATUS_WANT_READ;
+			return 0;
+		}
+
+		handleError(rc);
+	}
+
+	return rc;
+}
+
+
+void TLSSocket_OpenSSL::sendRaw(const byte_t* buffer, const size_t count) {
+
+	if (!m_ssl) {
+		throw exceptions::socket_not_connected_exception();
+	}
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	for (size_t size = count ; size > 0 ; ) {
+
+		ERR_clear_error();
+		int rc = SSL_write(m_ssl, buffer, static_cast <int>(size));
+
+		if (rc <= 0) {
+
+			int error = SSL_get_error(m_ssl, rc);
+
+			if (error == SSL_ERROR_WANT_READ) {
+				m_wrapped->waitForRead();
+				continue;
+			} else if (error == SSL_ERROR_WANT_WRITE) {
+				m_wrapped->waitForWrite();
+				continue;
+			}
+
+			handleError(rc);
+
+		} else {
+
+			buffer += rc;
+			size -= rc;
+		}
+	}
+}
+
+
+size_t TLSSocket_OpenSSL::sendRawNonBlocking(const byte_t* buffer, const size_t count) {
+
+	if (!m_ssl) {
+		throw exceptions::socket_not_connected_exception();
+	}
+
+	m_status &= ~(STATUS_WANT_WRITE | STATUS_WANT_READ);
+
+	ERR_clear_error();
+	int rc = SSL_write(m_ssl, buffer, static_cast <int>(count));
+
+	if (m_ex.get()) {
+		internalThrow();
+	}
+
+	if (rc <= 0) {
+
+		int error = SSL_get_error(m_ssl, rc);
+
+		if (error == SSL_ERROR_WANT_WRITE) {
+			m_status |= STATUS_WANT_WRITE;
+			return 0;
+		} else if (error == SSL_ERROR_WANT_READ) {
+			m_status |= STATUS_WANT_READ;
+			return 0;
+		}
+
+		handleError(rc);
+	}
+
+	return rc;
+}
+
+
+void TLSSocket_OpenSSL::handshake() {
+
+	shared_ptr <timeoutHandler> toHandler = m_wrapped->getTimeoutHandler();
+
+	if (toHandler) {
+		toHandler->resetTimeOut();
+	}
+
+	if (getTracer()) {
+		getTracer()->traceSend("Beginning SSL/TLS handshake");
+	}
+
+	// Start handshaking process
+	if (!m_ssl) {
+		createSSLHandle();
+	}
+
+	try {
+
+		int rc;
+
+		ERR_clear_error();
+
+		while ((rc = SSL_do_handshake(m_ssl)) <= 0) {
+
+			const int err = SSL_get_error(m_ssl, rc);
+
+			if (err == SSL_ERROR_WANT_READ) {
+				m_wrapped->waitForRead();
+			} else if (err == SSL_ERROR_WANT_WRITE) {
+				m_wrapped->waitForWrite();
+			} else {
+				handleError(rc);
+			}
+
+			// Check whether the time-out delay is elapsed
+			if (toHandler && toHandler->isTimeOut()) {
+
+				if (!toHandler->handleTimeOut()) {
+					throw exceptions::operation_timed_out();
+				}
+
+				toHandler->resetTimeOut();
+			}
+
+			ERR_clear_error();
+		}
+
+	} catch (...) {
+
+		throw;
+	}
+
+	// Verify server's certificate(s)
+	shared_ptr <security::cert::certificateChain> certs = getPeerCertificates();
+
+	if (!certs) {
+		throw exceptions::tls_exception("No peer certificate.");
+	}
+
+	m_session->getCertificateVerifier()->verify(certs, getPeerName());
+
+	m_connected = true;
+}
+
+
+shared_ptr <security::cert::certificateChain> TLSSocket_OpenSSL::getPeerCertificates() {
+
+	if (getTracer()) {
+		getTracer()->traceSend("Getting peer certificates");
+	}
+
+	STACK_OF(X509)* chain = SSL_get_peer_cert_chain(m_ssl);
+
+	if (chain == NULL) {
+		return null;
+	}
+
+	int certCount = sk_X509_num(chain);
+
+	if (certCount == 0) {
+		return null;
+	}
+
+	bool error = false;
+	std::vector <shared_ptr <security::cert::certificate> > certs;
+
+	for (int i = 0; i < certCount && !error; i++) {
+
+		shared_ptr <vmime::security::cert::X509Certificate> cert =
+			vmime::security::cert::X509Certificate_OpenSSL::importInternal(sk_X509_value(chain, i));
+
+		if (cert) {
+			certs.push_back(cert);
+		} else {
+			error = true;
+		}
+	}
+
+	if (error) {
+		return null;
+	}
+
+	return make_shared <security::cert::certificateChain>(certs);
+}
+
+
+void TLSSocket_OpenSSL::internalThrow() {
+
+	if (m_ex.get()) {
+		throw *m_ex;
+	}
+}
+
+
+void TLSSocket_OpenSSL::handleError(int rc) {
+
+	if (rc > 0) {
+		return;
+	}
+
+	internalThrow();
+
+	int  sslError   = SSL_get_error(m_ssl, rc);
+	long lastError  = ERR_get_error();
+
+	switch (sslError) {
+
+		case SSL_ERROR_ZERO_RETURN:
+
+			disconnect();
+			return;
+
+		case SSL_ERROR_SYSCALL: {
+
+			if (lastError == 0) {
+
+				if (rc == 0) {
+
+					throw exceptions::tls_exception("SSL connection unexpectedly closed");
+
+				} else {
+
+					std::ostringstream oss;
+					oss << "The BIO reported an error: " << rc;
+					oss.flush();
+					throw exceptions::tls_exception(oss.str());
+				}
+			}
+
+			break;
+		}
+
+		case SSL_ERROR_WANT_READ:
+
+			BIO_set_retry_read(SSL_get_rbio(m_ssl));
+			break;
+
+		case SSL_ERROR_WANT_WRITE:
+
+			BIO_set_retry_write(SSL_get_wbio(m_ssl));
+			break;
+
+		// This happens only for BIOs of type BIO_s_connect() or BIO_s_accept()
+		case SSL_ERROR_WANT_CONNECT:
+		case SSL_ERROR_WANT_ACCEPT:
+		// SSL_CTX_set_client_cert_cb related, not used
+		case SSL_ERROR_WANT_X509_LOOKUP:
+		case SSL_ERROR_SSL:
+		default:
+
+			if (lastError == 0) {
+
+				throw exceptions::tls_exception("Unexpected SSL IO error");
+
+			} else {
+
+				char buffer[256];
+				ERR_error_string_n(lastError, buffer, sizeof(buffer));
+				vmime::string msg(buffer);
+				throw exceptions::tls_exception(msg);
+			}
+
+			break;
+	}
+}
+
+
+unsigned int TLSSocket_OpenSSL::getStatus() const {
+
+	return m_status;
+}
+
+
+// Implementation of custom BIO methods
+
+
+// static
+int TLSSocket_OpenSSL::bio_write(BIO* bio, const char* buf, int len) {
+
+	BIO_clear_retry_flags(bio);
+
+	if (buf == NULL || len <= 0) {
+		return -1;
+	}
+
+	TLSSocket_OpenSSL *sok = reinterpret_cast <TLSSocket_OpenSSL*>(BIO_get_data(bio));
+
+	if (!BIO_get_init(bio) || !sok) {
+		return -1;
+	}
+
+	try {
+
+		const size_t n = sok->m_wrapped->sendRawNonBlocking(
+			reinterpret_cast <const byte_t*>(buf), len
+		);
+
+		if (n == 0 && sok->m_wrapped->getStatus() & socket::STATUS_WOULDBLOCK) {
+			BIO_set_retry_write(bio);
+			return -1;
+		}
+
+		return static_cast <int>(n);
+
+	} catch (exception& e) {
+
+		// Workaround for passing C++ exceptions from C BIO functions
+		sok->m_ex.reset(e.clone());
+		return -1;
+	}
+}
+
+
+// static
+int TLSSocket_OpenSSL::bio_read(BIO* bio, char* buf, int len) {
+
+	BIO_clear_retry_flags(bio);
+
+	if (buf == NULL || len <= 0) {
+		return -1;
+	}
+
+	TLSSocket_OpenSSL *sok = reinterpret_cast <TLSSocket_OpenSSL*>(BIO_get_data(bio));
+
+	if (!BIO_get_init(bio) || !sok) {
+		return -1;
+	}
+
+	try {
+
+		const size_t n = sok->m_wrapped->receiveRaw(
+			reinterpret_cast <byte_t*>(buf), len
+		);
+
+		if (n == 0 || sok->m_wrapped->getStatus() & socket::STATUS_WOULDBLOCK) {
+			BIO_set_retry_read(bio);
+			return -1;
+		}
+
+		return static_cast <int>(n);
+
+	} catch (exception& e) {
+
+		// Workaround for passing C++ exceptions from C BIO functions
+		sok->m_ex.reset(e.clone());
+		return -1;
+	}
+}
+
+
+// static
+int TLSSocket_OpenSSL::bio_puts(BIO* bio, const char* str) {
+
+	return bio_write(bio, str, static_cast <int>(strlen(str)));
+}
+
+
+// static
+long TLSSocket_OpenSSL::bio_ctrl(BIO* bio, int cmd, long num, void* /* ptr */) {
+
+	long ret = 1;
+
+	switch (cmd) {
+
+		case BIO_CTRL_INFO:
+
+			ret = 0;
+			break;
+
+		case BIO_CTRL_GET_CLOSE:
+
+			ret = BIO_get_shutdown(bio);
+			break;
+
+		case BIO_CTRL_SET_CLOSE:
+
+			BIO_set_shutdown(bio, static_cast <int>(num));
+			break;
+
+		case BIO_CTRL_PENDING:
+		case BIO_CTRL_WPENDING:
+
+			ret = 0;
+			break;
+
+		case BIO_CTRL_DUP:
+		case BIO_CTRL_FLUSH:
+
+			ret = 1;
+			break;
+
+		default:
+
+			ret = 0;
+			break;
+	}
+
+	return ret;
+}
+
+
+// static
+int TLSSocket_OpenSSL::bio_create(BIO* bio) {
+
+	BIO_set_init(bio, 0);
+	BIO_set_num(bio, 0);
+	BIO_set_data(bio, NULL);
+	BIO_set_flags(bio, 0);
+
+	return 1;
+}
+
+
+// static
+int TLSSocket_OpenSSL::bio_destroy(BIO* bio) {
+
+	if (!bio) {
+		return 0;
+	}
+
+	if (BIO_get_shutdown(bio)) {
+		BIO_set_data(bio, NULL);
+		BIO_set_init(bio, 0);
+		BIO_set_flags(bio, 0);
+	}
+
+	return 1;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
diff --git a/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.hpp b/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.hpp
new file mode 100644
index 0000000..e30df68
--- /dev/null
+++ b/vmime-master/src/vmime/net/tls/openssl/TLSSocket_OpenSSL.hpp
@@ -0,0 +1,142 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSSOCKET_OPENSSL_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSSOCKET_OPENSSL_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/net/tls/TLSSocket.hpp"
+
+#include <memory>
+
+#include <openssl/ssl.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSSession;
+class TLSSession_OpenSSL;
+
+
+class TLSSocket_OpenSSL : public TLSSocket {
+
+public:
+
+	TLSSocket_OpenSSL(
+		const shared_ptr <TLSSession_OpenSSL>& session,
+		const shared_ptr <socket>& sok
+	);
+
+	~TLSSocket_OpenSSL();
+
+
+	void handshake();
+
+	shared_ptr <security::cert::certificateChain> getPeerCertificates();
+
+	// Implementation of 'socket'
+	void connect(const string& address, const port_t port);
+	void disconnect();
+	bool isConnected() const;
+
+	bool waitForRead(const int msecs = 30000);
+	bool waitForWrite(const int msecs = 30000);
+
+	void receive(string& buffer);
+	size_t receiveRaw(byte_t* buffer, const size_t count);
+
+	void send(const string& buffer);
+	void send(const char* str);
+	void sendRaw(const byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const string getPeerName() const;
+	const string getPeerAddress() const;
+
+	shared_ptr <timeoutHandler> getTimeoutHandler();
+
+	void setTracer(const shared_ptr <net::tracer>& tracer);
+	shared_ptr <net::tracer> getTracer();
+
+private:
+
+	static BIO_METHOD sm_customBIOMethod;
+
+	static int bio_write(BIO* bio, const char* buf, int len);
+	static int bio_read(BIO* bio, char* buf, int len);
+	static int bio_puts(BIO* bio, const char* str);
+	static int bio_gets(BIO* bio, char* buf, int len);
+	static long bio_ctrl(BIO* bio, int cmd, long num, void* ptr);
+	static int bio_create(BIO* bio);
+	static int bio_destroy(BIO* bio);
+
+	void createSSLHandle();
+
+	void internalThrow();
+	void handleError(int rc);
+
+
+	shared_ptr <TLSSession_OpenSSL> m_session;
+
+	shared_ptr <socket> m_wrapped;
+
+	bool m_connected;
+
+	byte_t m_buffer[65536];
+
+	SSL* m_ssl;
+
+	unsigned int m_status;
+
+	// Last exception thrown from C BIO functions
+	scoped_ptr <exception> m_ex;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSSOCKET_OPENSSL_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/net/tracer.cpp b/vmime-master/src/vmime/net/tracer.cpp
new file mode 100644
index 0000000..66afb36
--- /dev/null
+++ b/vmime-master/src/vmime/net/tracer.cpp
@@ -0,0 +1,74 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "tracer.hpp"
+
+
+#include <sstream>
+
+
+namespace vmime {
+namespace net {
+
+
+void tracer::traceReceiveBytes(const size_t count, const string& state) {
+
+	std::ostringstream oss;
+	oss << "{...";
+
+	if (!state.empty()) {
+		oss << state << ": ";
+	}
+
+	oss << count << " bytes of data...}";
+
+	traceReceive(oss.str());
+}
+
+
+void tracer::traceSendBytes(const size_t count, const string& state) {
+
+	std::ostringstream oss;
+	oss << "{...";
+
+	if (!state.empty()) {
+		oss << state << ": ";
+	}
+
+	oss << count << " bytes of data...}";
+
+	traceSend(oss.str());
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/net/tracer.hpp b/vmime-master/src/vmime/net/tracer.hpp
new file mode 100644
index 0000000..7472463
--- /dev/null
+++ b/vmime-master/src/vmime/net/tracer.hpp
@@ -0,0 +1,110 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TRACER_HPP_INCLUDED
+#define VMIME_NET_TRACER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+class service;
+
+
+/** Base class for an object used to trace network communication
+  * between the client and the server.
+  */
+class VMIME_EXPORT tracer : public object {
+
+public:
+
+	virtual ~tracer() {
+
+	}
+
+	/** Trace raw bytes which have been received.
+	  *
+	  * @param count number of bytes
+	  * @param state protocol state (eg. "SASL exchange"), or empty
+	  */
+	virtual void traceReceiveBytes(const size_t count, const string& state = "");
+
+	/** Trace raw bytes which have been sent.
+	  *
+	  * @param count number of bytes
+	  * @param state protocol state (eg. "SASL exchange"), or empty
+	  */
+	virtual void traceSendBytes(const size_t count, const string& state = "");
+
+	/** Trace a command line which has been sent.
+	  *
+	  * @param line command line
+	  */
+	virtual void traceSend(const string& line) = 0;
+
+	/** Trace a response line which has been received.
+	  *
+	  * @param line response line
+	  */
+	virtual void traceReceive(const string& line) = 0;
+};
+
+
+/** A class to create 'tracer' objects.
+  */
+class VMIME_EXPORT tracerFactory : public object {
+
+public:
+
+	virtual ~tracerFactory() {
+
+	}
+
+	/** Creates a tracer for the specified service.
+	  *
+	  * @param serv messaging service
+	  * @param connectionId an identifier for the connection to distinguate between
+	  * different connections used by a service
+	  * @return a new tracer
+	  */
+	virtual shared_ptr <tracer> create(const shared_ptr <service>& serv, const int connectionId) = 0;
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_TRACER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/net/transport.cpp b/vmime-master/src/vmime/net/transport.cpp
new file mode 100644
index 0000000..0991302
--- /dev/null
+++ b/vmime-master/src/vmime/net/transport.cpp
@@ -0,0 +1,265 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/transport.hpp"
+
+#include "vmime/utility/stream.hpp"
+#include "vmime/mailboxList.hpp"
+#include "vmime/message.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/messageId.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+namespace net {
+
+
+transport::transport(
+	const shared_ptr <session>& sess,
+	const serviceInfos& infos,
+	const shared_ptr <security::authenticator>& auth
+)
+	: service(sess, infos, auth) {
+
+}
+
+
+shared_ptr <headerField> transport::processHeaderField(const shared_ptr <headerField>& field) {
+
+	if (utility::stringUtils::isStringEqualNoCase(field->getName(), fields::BCC)) {
+
+		// Remove Bcc headers from the message, as required by the RFC.
+		// Some SMTP server automatically strip this header (Postfix, qmail),
+		// and others have an option for this (Exim).
+		return null;
+
+	} else if (utility::stringUtils::isStringEqualNoCase(field->getName(), fields::RETURN_PATH)) {
+
+		// RFC-2821: Return-Path header is added by the final transport system
+		// that delivers the message to its recipient. Then, it should not be
+		// transmitted to MSA.
+   		return null;
+
+	} else if (utility::stringUtils::isStringEqualNoCase(field->getName(), fields::ORIGINAL_RECIPIENT)) {
+
+		// RFC-2298: Delivering MTA may add the Original-Recipient header and
+		// discard existing one; so, no need to send it.
+		return null;
+	}
+
+	// Leave the header field as is
+	return field;
+}
+
+
+void transport::processHeader(const shared_ptr <header>& header) {
+
+	if (header->getFieldCount() == 0) {
+		return;
+	}
+
+	// Remove/replace fields
+	for (size_t idx = header->getFieldCount() ; idx != 0 ; --idx) {
+
+		shared_ptr <headerField> field = header->getFieldAt(idx - 1);
+		shared_ptr <headerField> newField = processHeaderField(field);
+
+		if (newField == NULL) {
+			header->removeField(field);
+		} else if (newField != field) {
+			header->replaceField(field, newField);
+		}
+	}
+
+	// Add missing header fields
+	// -- Date
+	if (!header->hasField(fields::DATE)) {
+		header->Date()->setValue(datetime::now());
+	}
+
+	// -- Mime-Version
+	if (!header->hasField(fields::MIME_VERSION)) {
+		header->MimeVersion()->setValue(string(SUPPORTED_MIME_VERSION));
+	}
+
+	// -- Message-Id
+	if (!header->hasField(fields::MESSAGE_ID)) {
+		header->MessageId()->setValue(messageId::generateId());
+	}
+}
+
+
+static void extractMailboxes(
+	mailboxList& recipients,
+	const addressList& list
+) {
+
+	for (size_t i = 0 ; i < list.getAddressCount() ; ++i) {
+
+		shared_ptr <mailbox> mbox = dynamicCast <mailbox>(list.getAddressAt(i)->clone());
+
+		if (mbox) {
+			recipients.appendMailbox(mbox);
+		}
+	}
+}
+
+
+void transport::send(
+	const shared_ptr <vmime::message>& msg,
+	utility::progressListener* progress,
+	const dsnAttributes& dsnAttrs
+) {
+
+	// Extract expeditor
+	shared_ptr <mailbox> fromMbox =
+		msg->getHeader()->findFieldValue <mailbox>(fields::FROM);
+
+	if (!fromMbox) {
+		throw exceptions::no_expeditor();
+	}
+
+	mailbox expeditor = *fromMbox;
+
+	// Extract sender
+	shared_ptr <mailbox> senderMbox =
+		msg->getHeader()->findFieldValue <mailbox>(fields::SENDER);
+
+	mailbox sender;
+
+	if (!senderMbox) {
+		sender = expeditor;
+	} else {
+		sender = *senderMbox;
+	}
+
+	// Extract recipients
+	mailboxList recipients;
+
+	// -- "To" field
+	shared_ptr <addressList> addresses =
+		msg->getHeader()->findFieldValue <addressList>(fields::TO);
+
+	if (addresses) {
+		extractMailboxes(recipients, *addresses);
+	}
+
+	// -- "Cc" field
+	addresses = msg->getHeader()->findFieldValue <addressList>(fields::CC);
+
+	if (addresses) {
+		extractMailboxes(recipients, *addresses);
+	}
+
+	// -- "Bcc" field
+	addresses = msg->getHeader()->findFieldValue <addressList>(fields::BCC);
+
+	if (addresses) {
+		extractMailboxes(recipients, *addresses);
+	}
+
+	// Process message header by removing fields that should be removed
+	// before transmitting the message to MSA, and adding missing fields
+	// which are required/recommended by the RFCs.
+	shared_ptr <header> hdr = vmime::clone(msg->getHeader());
+	processHeader(hdr);
+
+	// To avoid cloning message body (too much overhead), use processed
+	// header during the time we are generating the message to a stream.
+	// Revert it back to original header after.
+	struct XChangeMsgHeader {
+
+		XChangeMsgHeader(
+			const shared_ptr <vmime::message>& _msg,
+		    const shared_ptr <vmime::header>& _hdr
+		)
+			: msg(_msg),
+			  hdr(msg->getHeader()) {
+
+			// Set new header
+			msg->setHeader(_hdr);
+		}
+
+		~XChangeMsgHeader() {
+
+			// Revert original header
+			msg->setHeader(hdr);
+		}
+
+	private:
+
+		shared_ptr <vmime::message> msg;
+		shared_ptr <vmime::header> hdr;
+
+	} headerExchanger(msg, hdr);
+
+	send(msg, expeditor, recipients, progress, sender, dsnAttrs);
+}
+
+
+void transport::send(
+	const shared_ptr <vmime::message>& msg,
+	const mailbox& expeditor,
+	const mailboxList& recipients,
+	utility::progressListener* progress,
+	const mailbox& sender,
+	const dsnAttributes& dsnAttrs
+) {
+
+	// Generate the message, "stream" it and delegate the sending
+	// to the generic send() function.
+	std::ostringstream oss;
+	utility::outputStreamAdapter ossAdapter(oss);
+
+	msg->generate(ossAdapter);
+
+	const string& str(oss.str());
+
+	utility::inputStreamStringAdapter isAdapter(str);
+
+	send(expeditor, recipients, isAdapter, str.length(), progress, sender,
+		 dsnAttrs);
+}
+
+
+transport::Type transport::getType() const {
+
+	return TYPE_TRANSPORT;
+}
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/net/transport.hpp b/vmime-master/src/vmime/net/transport.hpp
new file mode 100644
index 0000000..daa4717
--- /dev/null
+++ b/vmime-master/src/vmime/net/transport.hpp
@@ -0,0 +1,152 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TRANSPORT_HPP_INCLUDED
+#define VMIME_NET_TRANSPORT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/dsnAttributes.hpp"
+#include "vmime/net/service.hpp"
+#include "vmime/utility/stream.hpp"
+
+#include "vmime/mailboxList.hpp"
+
+
+namespace vmime {
+
+class header;
+class headerField;
+class message;
+class mailbox;
+class mailboxList;
+
+namespace net {
+
+
+/** A transport service.
+  * Encapsulate protocols that can send messages.
+  */
+class VMIME_EXPORT transport : public service {
+
+protected:
+
+	transport(
+		const shared_ptr <session>& sess,
+		const serviceInfos& infos,
+		const shared_ptr <security::authenticator>& auth
+	);
+
+public:
+
+	/** Send a message over this transport service.
+	  * The default implementation simply generates the whole message into
+	  * a string buffer and "streams" it via a inputStreamStringAdapter.
+	  *
+	  * @param msg message to send
+	  * @param progress progress listener, or NULL if not used
+	  * @param dsnAttributes attributes for Delivery Status Notification (if needed)
+	  */
+	virtual void send(
+		const shared_ptr <vmime::message>& msg,
+		utility::progressListener* progress = NULL,
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+	/** Send a message over this transport service.
+	  *
+	  * @param expeditor expeditor mailbox
+	  * @param recipients list of recipient mailboxes
+	  * @param is input stream providing message data (header + body)
+	  * @param size size of the message data
+	  * @param progress progress listener, or NULL if not used
+	  * @param sender envelope sender (if empty, expeditor will be used)
+	  * @param dsnAttributes attributes for Delivery Status Notification (if needed)
+	  */
+	virtual void send(
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		utility::inputStream& is,
+		const size_t size,
+		utility::progressListener* progress = NULL,
+		const mailbox& sender = mailbox(),
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	) = 0;
+
+	/** Send a message over this transport service.
+	  * The default implementation simply generates the whole message into
+	  * a string buffer and "streams" it via a inputStreamStringAdapter.
+	  *
+	  * @param msg message to send
+	  * @param expeditor expeditor mailbox
+	  * @param recipients list of recipient mailboxes
+	  * @param progress progress listener, or NULL if not used
+	  * @param sender envelope sender (if empty, expeditor will be used)
+	  * @param dsnAttributes attributes for Delivery Status Notification (if needed)
+	  */
+	virtual void send(
+		const shared_ptr <vmime::message>& msg,
+		const mailbox& expeditor,
+		const mailboxList& recipients,
+		utility::progressListener* progress = NULL,
+		const mailbox& sender = mailbox(),
+		const dsnAttributes& dsnAttrs = dsnAttributes()
+	);
+
+
+	Type getType() const;
+
+protected:
+
+	/** Called by processHeader().
+	  * Decides what to do with the specified header field.
+	  *
+	  * @return NULL if the header should be removed, a reference to a new headerField
+	  * if the field is to be replaced, or a reference to the same headerField
+	  * that was passed if the field should be left as is
+	  */
+	shared_ptr <headerField> processHeaderField(const shared_ptr <headerField>& field);
+
+	/** Prepares the header before transmitting the message.
+	  * Removes headers that should not be present (eg. "Bcc", "Return-Path"),
+	  * or adds missing headers that are required/recommended by the RFCs.
+	  * The header is modified inline.
+	  *
+	  * @param header headers to process
+	  */
+	void processHeader(const shared_ptr <header>& header);
+};
+
+
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_NET_TRANSPORT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/object.cpp b/vmime-master/src/vmime/object.cpp
new file mode 100644
index 0000000..f61b2ac
--- /dev/null
+++ b/vmime-master/src/vmime/object.cpp
@@ -0,0 +1,52 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/types.hpp"
+#include "vmime/object.hpp"
+
+
+namespace vmime {
+
+
+object::object() {
+
+}
+
+
+object::object(const object&) {
+
+}
+
+
+object& object::operator=(const object&) {
+
+	return *this;
+}
+
+
+object::~object() {
+
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/object.hpp b/vmime-master/src/vmime/object.hpp
new file mode 100644
index 0000000..5869d38
--- /dev/null
+++ b/vmime-master/src/vmime/object.hpp
@@ -0,0 +1,52 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_OBJECT_HPP_INCLUDED
+#define VMIME_OBJECT_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+
+
+/** Base object for all objects in the library.
+  */
+class VMIME_EXPORT object {
+
+protected:
+
+	object();
+	object(const object&);
+
+	object& operator=(const object&);
+
+	virtual ~object();
+};
+
+
+} // vmime
+
+
+#endif // VMIME_OBJECT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/parameter.cpp b/vmime-master/src/vmime/parameter.cpp
new file mode 100644
index 0000000..41b37a4
--- /dev/null
+++ b/vmime-master/src/vmime/parameter.cpp
@@ -0,0 +1,665 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/parameter.hpp"
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/text.hpp"
+#include "vmime/encoding.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+
+
+parameter::parameter(const string& name)
+	: m_name(name),
+	  m_value(make_shared <word>()) {
+
+}
+
+
+parameter::parameter(const string& name, const word& value)
+	: m_name(name),
+	  m_value(make_shared <word>(value)) {
+
+}
+
+
+parameter::parameter(const string& name, const string& value)
+	: m_name(name),
+	  m_value(make_shared <word>(value)) {
+
+}
+
+
+parameter::parameter(const parameter&)
+	: component() {
+
+}
+
+
+shared_ptr <component> parameter::clone() const {
+
+	shared_ptr <parameter> p = make_shared <parameter>(m_name);
+	p->copyFrom(*this);
+
+	return (p);
+}
+
+
+void parameter::copyFrom(const component& other) {
+
+	const parameter& param = dynamic_cast <const parameter&>(other);
+
+	m_name = param.m_name;
+	m_value->copyFrom(*param.m_value);
+}
+
+
+parameter& parameter::operator=(const parameter& other) {
+
+	copyFrom(other);
+	return (*this);
+}
+
+
+const string& parameter::getName() const {
+
+	return m_name;
+}
+
+
+const word& parameter::getValue() const {
+
+	return *m_value;
+}
+
+
+void parameter::setValue(const component& value) {
+
+	std::ostringstream oss;
+	utility::outputStreamAdapter vos(oss);
+
+	value.generate(vos);
+
+	setValue(word(oss.str(), vmime::charsets::US_ASCII));
+}
+
+
+void parameter::setValue(const word& value) {
+
+	*m_value = value;
+}
+
+
+void parameter::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	m_value->setBuffer(string(buffer.begin() + position, buffer.begin() + end));
+
+	if (ctx.getInternationalizedEmailSupport()) {
+		m_value->setCharset(charset(charsets::UTF_8));
+	} else {
+		m_value->setCharset(charset(charsets::US_ASCII));
+	}
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void parameter::parse(
+	const parsingContext& ctx,
+	const std::vector <valueChunk>& chunks
+) {
+
+	bool foundCharsetChunk = false;
+
+	charset ch(charsets::US_ASCII);
+	string lang;
+
+	std::ostringstream value;
+	value.imbue(std::locale::classic());
+
+	for (std::vector <valueChunk>::size_type i = 0 ; i < chunks.size() ; ++i) {
+
+		const valueChunk& chunk = chunks[i];
+
+		// Decode following data
+		if (chunk.encoded) {
+
+			const size_t len = chunk.data.length();
+			size_t pos = 0;
+
+			// If this is the first encoded chunk, extract charset
+			// and language information
+			if (!foundCharsetChunk) {
+
+				// Eg. "us-ascii'en'This%20is%20even%20more%20"
+				size_t q = chunk.data.find_first_of('\'');
+
+				if (q != string::npos) {
+
+					const string chs = chunk.data.substr(0, q);
+
+					if (!chs.empty()) {
+						ch = charset(chs);
+					}
+
+					++q;
+					pos = q;
+				}
+
+				q = chunk.data.find_first_of('\'', pos);
+
+				if (q != string::npos) {
+
+					// Extract language
+					lang = chunk.data.substr(pos, q - pos);
+
+					++q;
+					pos = q;
+				}
+
+				foundCharsetChunk = true;
+			}
+
+			for (size_t i = pos ; i < len ; ++i) {
+
+				const char c = chunk.data[i];
+
+				if (c == '%' && i + 2 < len) {
+
+					unsigned int v = 0;
+
+					// First char
+					switch (chunk.data[i + 1]) {
+
+						case 'a': case 'A': v += 10; break;
+						case 'b': case 'B': v += 11; break;
+						case 'c': case 'C': v += 12; break;
+						case 'd': case 'D': v += 13; break;
+						case 'e': case 'E': v += 14; break;
+						case 'f': case 'F': v += 15; break;
+						default: // assume 0-9
+
+							v += (chunk.data[i + 1] - '0');
+							break;
+					}
+
+					v *= 16;
+
+					// Second char
+					switch (chunk.data[i + 2]) {
+
+						case 'a': case 'A': v += 10; break;
+						case 'b': case 'B': v += 11; break;
+						case 'c': case 'C': v += 12; break;
+						case 'd': case 'D': v += 13; break;
+						case 'e': case 'E': v += 14; break;
+						case 'f': case 'F': v += 15; break;
+						default: // assume 0-9
+
+							v += (chunk.data[i + 2] - '0');
+							break;
+					}
+
+					value << static_cast <char>(v);
+
+					i += 2; // skip next 2 chars
+
+				} else {
+
+					value << c;
+				}
+			}
+
+		// Simply copy data, as it is not encoded
+		} else {
+
+			// This syntax is non-standard (expressly prohibited
+			// by RFC-2047), but is used by Mozilla:
+			//
+    		// Content-Type: image/png;
+			//    name="=?us-ascii?Q?Logo_VMime=2Epng?="
+
+			// Using 'vmime::text' to parse the data is safe even
+			// if the data is not encoded, because it can recover
+			// from parsing errors.
+			vmime::text t;
+			t.parse(ctx, chunk.data);
+
+			if (t.getWordCount() != 0) {
+
+				value << t.getWholeBuffer();
+
+				if (!foundCharsetChunk) {
+
+					// This is still wrong. Each word can have it's own charset, and can
+					// be mixed (eg. iso-8859-1 and iso-2022-jp), but very unlikely. Real
+					// fix is to have parameters store a vmime::text instead of a
+					// vmime::word in m_value. But that changes the interface.
+					for (size_t i = 0 ; i < t.getWordCount() ; ++i) {
+
+						if (t.getWordAt(i)->getCharset() != ch && ch == charsets::US_ASCII) {
+
+							ch = t.getWordAt(i)->getCharset();
+							break;
+						}
+					}
+				}
+			}
+		}
+	}
+
+	m_value->setBuffer(value.str());
+	m_value->setCharset(ch);
+	m_value->setLanguage(lang);
+}
+
+
+void parameter::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	const string& name = m_name;
+	const string& value = m_value->getBuffer();
+
+	// For compatibility with implementations that do not understand RFC-2231,
+	// we may also generate a normal "7bit/us-ascii" parameter
+	generationContext::EncodedParameterValueModes
+		genMode = ctx.getEncodedParameterValueMode();
+
+#if VMIME_ALWAYS_GENERATE_7BIT_PARAMETER
+	genMode = generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047;
+#endif
+
+	// [By Eugene A. Shatokhin]
+	// Note that if both the normal "7bit/us-ascii" value and the extended
+	// value are present, the latter can be ignored by mail processing systems.
+	// This may lead to annoying problems, for example, with strange names of
+	// attachments with all but 7-bit ascii characters removed, etc. To avoid
+	// this, I would suggest not to create "7bit/us-ascii" value if the extended
+	// value is to be generated.
+
+	// A stream for a temporary storage
+	string sevenBitBuffer;
+	utility::outputStreamStringAdapter sevenBitStream(sevenBitBuffer);
+
+	size_t pos = curLinePos;
+
+	if (pos + name.length() + 10 + value.length() > ctx.getMaxLineLength()) {
+
+		sevenBitStream << NEW_LINE_SEQUENCE;
+		pos = NEW_LINE_SEQUENCE_LENGTH;
+	}
+
+	bool needQuoting = false;
+	bool needQuotedPrintable = false;
+	size_t valueLength = 0;
+
+	// Use worst-case length name.length()+2 for 'name=' part of line
+	for (size_t i = 0 ; (i < value.length()) && (pos + name.length() + 2 + valueLength < ctx.getMaxLineLength() - 4) ; ++i, ++valueLength) {
+
+		switch (value[i]) {
+
+			// Characters that need to be quoted _and_ escaped
+			case '"':
+			case '\\':
+			// Other characters that need quoting
+			case ' ':
+			case '\t':
+			case '(':
+			case ')':
+			case '<':
+			case '>':
+			case '@':
+			case ',':
+			case ';':
+			case ':':
+			case '/':
+			case '[':
+			case ']':
+			case '?':
+			case '=':
+
+				needQuoting = true;
+				break;
+
+			default:
+
+				if (!parserHelpers::isAscii(value[i])) {
+					needQuotedPrintable = true;
+					needQuoting = true;
+				}
+
+				break;
+		}
+	}
+
+	const bool cutValue = (valueLength != value.length());  // has the value been cut?
+
+	if (needQuoting) {
+
+		sevenBitStream << name << "=\"";
+		pos += name.length() + 2;
+
+	} else {
+
+		sevenBitStream << name << "=";
+		pos += name.length() + 1;
+	}
+
+	// Check whether there is a recommended encoding for this charset.
+	// If so, the whole buffer will be encoded. Else, the number of
+	// 7-bit (ASCII) bytes in the input will be used to determine if
+	// we need to encode the whole buffer.
+	encoding recommendedEnc;
+	const bool alwaysEncode = m_value->getCharset().getRecommendedEncoding(recommendedEnc);
+	bool extended = alwaysEncode;
+
+	if ((needQuotedPrintable || cutValue || !m_value->getLanguage().empty()) &&
+	    genMode != generationContext::PARAMETER_VALUE_NO_ENCODING) {
+
+		// Send the name in quoted-printable, so outlook express et.al.
+		// will understand the real filename
+		size_t oldLen = sevenBitBuffer.length();
+		m_value->generate(sevenBitStream);
+		pos += sevenBitBuffer.length() - oldLen;
+		extended = true;		// also send with RFC-2231 encoding
+
+	} else {
+
+		// Do not chop off this value, but just add the complete name as one header line.
+		for (size_t i = 0, n = value.length(), curValueLength = 0 ;
+		     i < n && curValueLength < valueLength ; ++i) {
+
+			const char_t c = value[i];
+
+			if (/* needQuoting && */ (c == '"' || c == '\\')) {  // 'needQuoting' is implicit
+
+				sevenBitStream << '\\' << value[i];  // escape 'x' with '\x'
+				pos += 2;
+
+			} else if (parserHelpers::isAscii(c)) {
+
+				sevenBitStream << value[i];
+				++pos;
+				++curValueLength;
+
+			} else {
+
+				extended = true;
+			}
+		}
+
+	} // !needQuotedPrintable
+
+	if (needQuoting) {
+
+		sevenBitStream << '"';
+		++pos;
+	}
+
+	if (genMode == generationContext::PARAMETER_VALUE_RFC2047_ONLY ||
+	    genMode == generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047) {
+
+		os << sevenBitBuffer;
+	}
+
+	// Also generate an extended parameter if the value contains 8-bit characters
+	// or is too long for a single line
+	if ((extended || cutValue) &&
+		genMode != generationContext::PARAMETER_VALUE_NO_ENCODING &&
+	    genMode != generationContext::PARAMETER_VALUE_RFC2047_ONLY) {
+
+
+		if (genMode == generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047) {
+
+			os << ';';
+			++pos;
+
+		} else {
+
+			// The data output to 'sevenBitBuffer' will be discarded in this case
+			pos = curLinePos;
+		}
+
+		/* RFC-2231
+		 * ========
+		 *
+		 * Content-Type: message/external-body; access-type=URL;
+		 *    URL*0="ftp://";
+		 *    URL*1="cs.utk.edu/pub/moore/bulk-mailer/bulk-mailer.tar"
+		 *
+		 * Content-Type: application/x-stuff;
+		 *    title*=us-ascii'en-us'This%20is%20%2A%2A%2Afun%2A%2A%2A
+		 *
+		 * Content-Type: application/x-stuff;
+		 *    title*0*=us-ascii'en'This%20is%20even%20more%20
+		 *    title*1*=%2A%2A%2Afun%2A%2A%2A%20
+		 *    title*2="isn't it!"
+		 */
+
+		// Check whether there is enough space for the first section:
+		// parameter name, section identifier, charset and separators
+		// + at least 5 characters for the value
+		const size_t firstSectionLength =
+			  name.length() + 4 /* *0*= */ + 2 /* '' */
+			+ m_value->getCharset().getName().length();
+
+		if (pos + firstSectionLength + 5 >= ctx.getMaxLineLength()) {
+
+			os << NEW_LINE_SEQUENCE;
+			pos = NEW_LINE_SEQUENCE_LENGTH;
+		}
+
+		// Split text into multiple sections that fit on one line
+		int sectionCount = 0;
+		std::vector <string> sectionText;
+
+		string currentSection;
+		size_t currentSectionLength = firstSectionLength;
+
+		for (size_t i = 0 ; i < value.length() ; ++i) {
+
+			// Check whether we should start a new line (taking into
+			// account the next character will be encoded = worst case)
+			if (currentSectionLength + 3 >= ctx.getMaxLineLength()) {
+
+				sectionText.push_back(currentSection);
+				sectionCount++;
+
+				currentSection.clear();
+				currentSectionLength = NEW_LINE_SEQUENCE_LENGTH + name.length() + 6;
+			}
+
+			// Output next character
+			const char_t c = value[i];
+			bool encode = false;
+
+			switch (c) {
+
+				// special characters
+				case ' ':
+				case '\t':
+				case '\r':
+				case '\n':
+				case '%':
+				case '"':
+				case ';':
+				case ',':
+				case '(':
+				case ')':
+				case '<':
+				case '>':
+				case '@':
+				case ':':
+				case '/':
+				case '[':
+				case ']':
+				case '?':
+				case '=':
+
+					encode = true;
+					break;
+
+				default:
+
+					encode = (!parserHelpers::isPrint(c) ||
+					          !parserHelpers::isAscii(c) ||
+					          alwaysEncode);
+
+					break;
+			}
+
+			if (encode) {  // need encoding
+
+				const int h1 = static_cast <unsigned char>(c) / 16;
+				const int h2 = static_cast <unsigned char>(c) % 16;
+
+				currentSection += '%';
+				currentSection += "0123456789ABCDEF"[h1];
+				currentSection += "0123456789ABCDEF"[h2];
+
+				pos += 3;
+				currentSectionLength += 3;
+
+			} else {
+
+				currentSection += value[i];
+
+				++pos;
+				++currentSectionLength;
+			}
+		}
+
+		if (!currentSection.empty()) {
+
+			sectionText.push_back(currentSection);
+			sectionCount++;
+		}
+
+		// Output sections
+		for (int sectionNumber = 0 ; sectionNumber < sectionCount ; ++sectionNumber) {
+
+			os << name;
+
+			if (sectionCount != 1) {  // no section specifier when only a single one
+
+				os << '*';
+				os << sectionNumber;
+			}
+
+			os << "*=";
+
+			if (sectionNumber == 0) {
+
+				os << m_value->getCharset().getName();
+				os << '\'' << /* No language */ '\'';
+			}
+
+			os << sectionText[sectionNumber];
+
+			if (sectionNumber + 1 < sectionCount) {
+
+				os << ';';
+				os << NEW_LINE_SEQUENCE;
+				pos = NEW_LINE_SEQUENCE_LENGTH;
+			}
+		}
+
+	} else if (!(genMode == generationContext::PARAMETER_VALUE_RFC2047_ONLY ||
+	             genMode == generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047)) {
+
+		// The value does not contain 8-bit characters and
+		// is short enough for a single line.
+		// "7bit/us-ascii" will suffice in this case.
+
+		// Output what has been stored in temporary buffer so far
+		os << sevenBitBuffer;
+	}
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+size_t parameter::getGeneratedSize(const generationContext& ctx) {
+
+	const string& name = m_name;
+	const string& value = m_value->getBuffer();
+
+	const size_t bytesNeedingEncoding =
+		value.length() - utility::stringUtils::countASCIIchars(value.begin(), value.end());
+
+	const size_t valueLength = value.length();
+
+	// Compute generated length in the very worst case
+
+	// Non-encoded parameter + value (worst case: quoting + QP)
+	size_t len = name.length() + 1 /* = */ + 2 /* "" */ + 7 /* =?...?Q?...?= */
+		+ m_value->getCharset().getName().length() + valueLength + bytesNeedingEncoding * 2 + 1 /* ; */;
+
+	// Encoded parameter + value
+	const size_t maxEncodedValueLengthOnLine =
+		  ctx.getMaxLineLength() - 2 /* CRLF */ - NEW_LINE_SEQUENCE_LENGTH
+		- name.length() - 5 /* *00*= */ - 1 /* ; */;
+
+	const size_t encodedValueLength = (valueLength + bytesNeedingEncoding * 2)
+		+ m_value->getCharset().getName().length() + m_value->getLanguage().length() + 2 /* 2 x ' */;
+
+	const size_t numberOfSections = 1 /* worst case: generation starts at the end of a line */
+		+ std::max(size_t(1), encodedValueLength / maxEncodedValueLengthOnLine);
+
+	len += numberOfSections * (name.length() + 5 /* *00*= */ + 1 /* ; */ + 2 /* CRLF */ + NEW_LINE_SEQUENCE_LENGTH) + encodedValueLength;
+
+	return len;
+
+}
+
+
+const std::vector <shared_ptr <component> > parameter::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	list.push_back(m_value);
+
+	return list;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/parameter.hpp b/vmime-master/src/vmime/parameter.hpp
new file mode 100644
index 0000000..f965bad
--- /dev/null
+++ b/vmime-master/src/vmime/parameter.hpp
@@ -0,0 +1,176 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PARAMETER_HPP_INCLUDED
+#define VMIME_PARAMETER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/component.hpp"
+#include "vmime/word.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT parameter : public component {
+
+	friend class parameterizedHeaderField;
+
+private:
+
+	parameter(const parameter&);
+
+public:
+
+	/** Construct a parameter with no value.
+	  * Charset is set to the current locale charset.
+	  *
+	  * @param name parameter name
+	  */
+	parameter(const string& name);
+
+	/** Construct a parameter given a name and a value.
+	  *
+	  * @param name parameter name
+	  * @param value parameter value
+	  */
+	parameter(const string& name, const word& value);
+
+	/** Construct a parameter given a name and a string value
+	  * expressed in the current locale charset.
+	  *
+	  * @param name parameter name
+	  * @param value parameter value
+	  */
+	parameter(const string& name, const string& value);
+
+
+#ifndef VMIME_BUILDING_DOC
+
+	/** A single section of a multi-section parameter,
+	  * as defined in RFC-2231/3. This is used when
+	  * calling parse() on the parameter.
+	  */
+	struct valueChunk {
+		bool encoded;
+		string data;
+	};
+
+#endif // VMIME_BUILDING_DOC
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	parameter& operator=(const parameter& other);
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Return the name of this parameter.
+	  *
+	  * @return name of this parameter
+	  */
+	const string& getName() const;
+
+	/** Return the raw value of this parameter.
+	  *
+	  * @return read-only value
+	  */
+	const word& getValue() const;
+
+	/** Return the value of this object in the specified type.
+	  * For example, the following code:
+	  *
+	  * <pre>
+	  *    getParameter("creation-date")->getValueAs <vmime::dateTime>()
+	  * </pre>
+	  *
+	  * is equivalent to:
+	  *
+	  * <pre>
+	  *    shared_ptr <vmime::word> rawValue = getParameter("creation-date");
+	  *
+	  *    vmime::dateTime theDate;
+	  *    theDate.parse(rawValue->getBuffer());
+	  * </pre>
+	  *
+	  * @param T type to which convert the value
+	  * @return value
+	  */
+	template <typename T>
+	const T getValueAs() const {
+
+		T ret;
+		ret.parse(m_value->getBuffer());
+
+		return ret;
+	}
+
+	/** Set the value of this parameter.
+	  *
+	  * @param value new value
+	  */
+	void setValue(const component& value);
+
+	/** Set the raw value of this parameter.
+	  *
+	  * @param value new value
+	  */
+	void setValue(const word& value);
+
+
+protected:
+
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+private:
+
+	void parse(
+		const parsingContext& ctx,
+		const std::vector <valueChunk>& chunks
+	);
+
+
+	string m_name;
+	shared_ptr <word> m_value;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PARAMETER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/parameterizedHeaderField.cpp b/vmime-master/src/vmime/parameterizedHeaderField.cpp
new file mode 100644
index 0000000..6815fad
--- /dev/null
+++ b/vmime-master/src/vmime/parameterizedHeaderField.cpp
@@ -0,0 +1,634 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/parameterizedHeaderField.hpp"
+#include "vmime/text.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+parameterizedHeaderField::parameterizedHeaderField() {
+
+}
+
+
+parameterizedHeaderField::~parameterizedHeaderField() {
+
+	removeAllParameters();
+}
+
+
+/*
+     This class handles field contents of the following form:
+     Field: VALUE; PARAM1="VALUE1"; PARAM2="VALUE2"...
+
+     eg. RFC-1521
+
+     content  :=   "Content-Type"  ":"  type  "/"  subtype  *(";" parameter)
+
+     parameter := attribute "=" value
+
+     attribute := token   ; case-insensitive
+
+     value := token / quoted-string
+
+     token  :=  1*<any (ASCII) CHAR except SPACE, CTLs, or tspecials>
+
+     tspecials :=  "(" / ")" / "<" / ">" / "@"
+                /  "," / ";" / ":" / "\" / <">
+                /  "/" / "[" / "]" / "?" / "="
+               ; Must be in quoted-string,
+               ; to use within parameter values
+*/
+
+
+#ifndef VMIME_BUILDING_DOC
+
+struct paramInfo {
+
+	bool extended;
+	std::vector <parameter::valueChunk> value;
+	size_t start;
+	size_t end;
+};
+
+#endif // VMIME_BUILDING_DOC
+
+
+void parameterizedHeaderField::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pstart;
+
+	// Skip non-significant whitespaces
+	size_t valueStart = position;
+
+	while (p < pend && parserHelpers::isSpace(*p)) {
+		++p;
+		++valueStart;
+	}
+
+	// Advance up to ';', if any
+	size_t valueLength = 0;
+
+	while (p < pend && *p != ';' && (!parserHelpers::isSpace(*p))) {  // FIXME: support ";" inside quoted or RFC-2047-encoded text
+
+		++p;
+		++valueLength;
+	}
+
+	// Trim whitespaces at the end of the value
+	while (valueLength > 0 && parserHelpers::isSpace(buffer[valueStart + valueLength - 1])) {
+		--valueLength;
+	}
+
+	// Parse value
+	getValue()->parse(ctx, buffer, valueStart, valueStart + valueLength);
+
+	// Reset parameters
+	removeAllParameters();
+
+	// If there is one or more parameters following...
+	if (p < pend) {
+
+		std::map <string, paramInfo> params;
+
+		if (*p != ';') {
+
+			while (p < pend && *p != ';') {  // FIXME: support ";" inside quoted or RFC-2047-encoded text
+				++p;
+			}
+		}
+
+		while (*p == ';') {
+
+			// Skip ';'
+			++p;
+
+			while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+			const size_t attrStart = position + (p - pstart);
+
+			while (p < pend && !(*p == ';' || *p == '=')) {
+				++p;
+			}
+
+			if (p >= pend || *p == ';') {
+
+				// Hmmmm... we didn't found an '=' sign.
+				// This parameter may not be valid so try to advance
+				// to the next one, if there is one.
+				while (p < pend && *p != ';')
+					++p;
+
+			} else {
+
+				// Extract the attribute name
+				size_t attrEnd = position + (p - pstart);
+
+				while (attrEnd != attrStart && parserHelpers::isSpace(buffer[attrEnd - 1])) {
+					--attrEnd;
+				}
+
+				// Skip '='
+				++p;
+
+				// Skip white-spaces between '=' and the value
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+
+				// Extract the value
+				string value;
+
+				// -- this is a quoted-string
+				if (*p == '"') {
+
+					// Skip '"'
+					++p;
+
+					// Extract quoted-string
+					bool escape = false;
+					bool stop = false;
+
+					std::ostringstream ss;
+					size_t start = position + (p - pstart);
+
+					for ( ; p < pend && !stop ; ++p) {
+
+						if (escape) {
+
+							escape = false;
+							start = position + (p - pstart);
+
+						} else {
+
+							switch (*p) {
+
+								case '"': {
+
+									ss << string(
+										buffer.begin() + start,
+										buffer.begin() + position + (p - pstart)
+									);
+
+									stop = true;
+									break;
+								}
+								case '\\': {
+
+									ss << string(
+										buffer.begin() + start,
+										buffer.begin() + position + (p - pstart)
+									);
+
+									escape = true;
+									break;
+								}
+
+							}
+						}
+					}
+
+					if (!stop) {
+
+						ss << string(
+							buffer.begin() + start,
+							buffer.begin() + position + (p - pstart)
+						);
+					}
+
+					value = ss.str();
+
+				// -- the value is a simple token
+				} else {
+
+					const size_t valStart = position + (p - pstart);
+
+					while (p < pend && *p != ';') {
+						++p;
+					}
+
+					size_t valEnd = position + (p - pstart);
+
+					while (valEnd != valStart && parserHelpers::isSpace(buffer[valEnd - 1])) {
+						--valEnd;
+					}
+
+					value = string(
+						buffer.begin() + valStart,
+						buffer.begin() + valEnd
+					);
+				}
+
+				// Don't allow ill-formed parameters
+				if (attrStart != attrEnd && value.length()) {
+
+					string name(buffer.begin() + attrStart, buffer.begin() + attrEnd);
+
+					// Check for RFC-2231 extended parameters
+					bool extended = false;
+					bool encoded = false;
+
+					if (name[name.length() - 1] == '*') {
+
+						name.erase(name.end() - 1, name.end());
+
+						extended = true;
+						encoded = true;
+					}
+
+					// Check for RFC-2231 multi-section parameters
+					const size_t star = name.find_last_of('*');
+
+					if (star != string::npos) {
+
+						bool allDigits = true;
+
+						for (size_t i = star + 1 ; allDigits && (i < name.length()) ; ++i) {
+							allDigits = parserHelpers::isDigit(name[i]);
+						}
+
+						if (allDigits) {
+							name.erase(name.begin() + star, name.end());
+							extended = true;
+						}
+
+						// NOTE: we ignore section number, and we suppose that
+						// the sequence is correct (ie. the sections appear
+						// in order: param*0, param*1...)
+					}
+
+					// Add/replace/modify the parameter
+					const std::map <string, paramInfo>::iterator it = params.find(name);
+
+					if (it != params.end()) {
+
+						paramInfo& info = (*it).second;
+
+						// An extended parameter replaces a normal one
+						if (!info.extended) {
+
+							info.extended = extended;
+							info.value.clear();
+							info.start = attrStart;
+						}
+
+						// Append a new section for a multi-section parameter
+						parameter::valueChunk chunk;
+						chunk.encoded = encoded;
+						chunk.data = value;
+
+						info.value.push_back(chunk);
+						info.end = position + (p - pstart);
+
+					} else {
+
+						parameter::valueChunk chunk;
+						chunk.encoded = encoded;
+						chunk.data = value;
+
+						paramInfo info;
+						info.extended = extended;
+						info.value.push_back(chunk);
+						info.start = attrStart;
+						info.end = position + (p - pstart);
+
+						// Insert a new parameter
+						params.insert(std::map <string, paramInfo>::value_type(name, info));
+					}
+				}
+
+				// Skip white-spaces after this parameter
+				while (p < pend && parserHelpers::isSpace(*p)) ++p;
+			}
+		}
+
+		for (std::map <string, paramInfo>::const_iterator it = params.begin() ;
+		     it != params.end() ; ++it) {
+
+			const paramInfo& info = (*it).second;
+
+			// Append this parameter to the list
+			shared_ptr <parameter> param = make_shared <parameter>((*it).first);
+
+			param->parse(ctx, info.value);
+			param->setParsedBounds(info.start, info.end);
+
+			appendParameter(param);
+		}
+	}
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void parameterizedHeaderField::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	size_t pos = curLinePos;
+
+	// Parent header field
+	headerField::generateImpl(ctx, os, pos, &pos);
+
+	// Parameters
+	for (std::vector <shared_ptr <parameter> >::const_iterator
+	     it = m_params.begin() ; it != m_params.end() ; ++it) {
+
+		os << "; ";
+		pos += 2;
+
+		(*it)->generate(ctx, os, pos, &pos);
+	}
+
+	if (newLinePos) {
+		*newLinePos = pos;
+	}
+}
+
+
+size_t parameterizedHeaderField::getGeneratedSize(const generationContext& ctx)
+{
+	size_t size = headerField::getGeneratedSize(ctx);
+
+	for (std::vector <shared_ptr <parameter> >::const_iterator
+	     it = m_params.begin() ; it != m_params.end() ; ++it) {
+
+		size += 2;  // "; "
+		size += (*it)->getGeneratedSize(ctx);
+	}
+
+	return size;
+}
+
+
+void parameterizedHeaderField::copyFrom(const component& other) {
+
+	headerField::copyFrom(other);
+
+	const parameterizedHeaderField& source = dynamic_cast<const parameterizedHeaderField&>(other);
+
+	removeAllParameters();
+
+	for (std::vector <shared_ptr <parameter> >::const_iterator i = source.m_params.begin() ;
+	     i != source.m_params.end() ; ++i) {
+
+		appendParameter(vmime::clone(*i));
+	}
+}
+
+
+parameterizedHeaderField& parameterizedHeaderField::operator=(const parameterizedHeaderField& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+bool parameterizedHeaderField::hasParameter(const string& paramName) const {
+
+	const string name = utility::stringUtils::toLower(paramName);
+
+	std::vector <shared_ptr <parameter> >::const_iterator pos = m_params.begin();
+	const std::vector <shared_ptr <parameter> >::const_iterator end = m_params.end();
+
+	for ( ; pos != end && utility::stringUtils::toLower((*pos)->getName()) != name ; ++pos) {}
+
+	return pos != end;
+}
+
+
+shared_ptr <parameter> parameterizedHeaderField::findParameter(const string& paramName) const {
+
+	const string name = utility::stringUtils::toLower(paramName);
+
+	// Find the first parameter that matches the specified name
+	std::vector <shared_ptr <parameter> >::const_iterator pos = m_params.begin();
+	const std::vector <shared_ptr <parameter> >::const_iterator end = m_params.end();
+
+	for ( ; pos != end && utility::stringUtils::toLower((*pos)->getName()) != name ; ++pos) {}
+
+	// No parameter with this name can be found
+	if (pos == end) {
+		return null;
+	}
+
+	// Else, return a reference to the existing parameter
+	return *pos;
+}
+
+
+shared_ptr <parameter> parameterizedHeaderField::getParameter(const string& paramName) {
+
+	const string name = utility::stringUtils::toLower(paramName);
+
+	// Find the first parameter that matches the specified name
+	std::vector <shared_ptr <parameter> >::const_iterator pos = m_params.begin();
+	const std::vector <shared_ptr <parameter> >::const_iterator end = m_params.end();
+
+	for ( ; pos != end && utility::stringUtils::toLower((*pos)->getName()) != name ; ++pos) {}
+
+	// If no parameter with this name can be found, create a new one
+	if (pos == end) {
+
+		shared_ptr <parameter> param = make_shared <parameter>(paramName);
+
+		appendParameter(param);
+
+		// Return a reference to the new parameter
+		return param;
+
+	// Else, return a reference to the existing parameter
+	} else {
+
+		return *pos;
+	}
+}
+
+
+void parameterizedHeaderField::appendParameter(const shared_ptr <parameter>& param) {
+
+	m_params.push_back(param);
+}
+
+
+void parameterizedHeaderField::insertParameterBefore(
+	const shared_ptr <parameter>& beforeParam,
+	const shared_ptr <parameter>& param
+) {
+
+	const std::vector <shared_ptr <parameter> >::iterator it =
+		std::find(m_params.begin(), m_params.end(), beforeParam);
+
+	if (it == m_params.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_params.insert(it, param);
+}
+
+
+void parameterizedHeaderField::insertParameterBefore(
+	const size_t pos,
+	const shared_ptr <parameter>& param
+) {
+
+	if (pos >= m_params.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_params.insert(m_params.begin() + pos, param);
+}
+
+
+void parameterizedHeaderField::insertParameterAfter(
+	const shared_ptr <parameter>& afterParam,
+	const shared_ptr <parameter>& param
+) {
+
+	const std::vector <shared_ptr <parameter> >::iterator it =
+		std::find(m_params.begin(), m_params.end(), afterParam);
+
+	if (it == m_params.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_params.insert(it + 1, param);
+}
+
+
+void parameterizedHeaderField::insertParameterAfter(
+	const size_t pos,
+	const shared_ptr <parameter>& param
+) {
+
+	if (pos >= m_params.size()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_params.insert(m_params.begin() + pos + 1, param);
+}
+
+
+void parameterizedHeaderField::removeParameter(const shared_ptr <parameter>& param) {
+
+	const std::vector <shared_ptr <parameter> >::iterator it =
+		std::find(m_params.begin(), m_params.end(), param);
+
+	if (it == m_params.end()) {
+		throw std::out_of_range("Invalid position");
+	}
+
+	m_params.erase(it);
+}
+
+
+void parameterizedHeaderField::removeParameter(const size_t pos) {
+
+	const std::vector <shared_ptr <parameter> >::iterator it = m_params.begin() + pos;
+
+	m_params.erase(it);
+}
+
+
+void parameterizedHeaderField::removeAllParameters() {
+
+	m_params.clear();
+}
+
+
+size_t parameterizedHeaderField::getParameterCount() const {
+
+	return m_params.size();
+}
+
+
+bool parameterizedHeaderField::isEmpty() const {
+
+	return m_params.empty();
+}
+
+
+const shared_ptr <parameter> parameterizedHeaderField::getParameterAt(const size_t pos) {
+
+	return m_params[pos];
+}
+
+
+const shared_ptr <const parameter> parameterizedHeaderField::getParameterAt(const size_t pos) const {
+
+	return m_params[pos];
+}
+
+
+const std::vector <shared_ptr <const parameter> > parameterizedHeaderField::getParameterList() const {
+
+	std::vector <shared_ptr <const parameter> > list;
+
+	list.reserve(m_params.size());
+
+	for (std::vector <shared_ptr <parameter> >::const_iterator it = m_params.begin() ;
+	     it != m_params.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <parameter> > parameterizedHeaderField::getParameterList() {
+
+	return m_params;
+}
+
+
+const std::vector <shared_ptr <component> > parameterizedHeaderField::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list = headerField::getChildComponents();
+
+	for (std::vector <shared_ptr <parameter> >::iterator it = m_params.begin() ;
+	     it != m_params.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+} // vmime
+
diff --git a/vmime-master/src/vmime/parameterizedHeaderField.hpp b/vmime-master/src/vmime/parameterizedHeaderField.hpp
new file mode 100644
index 0000000..d884f1f
--- /dev/null
+++ b/vmime-master/src/vmime/parameterizedHeaderField.hpp
@@ -0,0 +1,222 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PARAMETERIZEDHEADERFIELD_HPP_INCLUDED
+#define VMIME_PARAMETERIZEDHEADERFIELD_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldFactory.hpp"
+#include "vmime/parameter.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+
+
+/** A header field that can also contain parameters (name=value pairs).
+  * Parameters can be created using vmime::parameterFactory.
+  */
+class VMIME_EXPORT parameterizedHeaderField : public headerField {
+
+	friend class headerFieldFactory;
+
+protected:
+
+	// Protected constructor to prevent the user from creating
+	// new objects without using 'headerFieldFactory'
+	parameterizedHeaderField();
+
+public:
+
+	~parameterizedHeaderField();
+
+	void copyFrom(const component& other);
+	parameterizedHeaderField& operator=(const parameterizedHeaderField& other);
+
+	/** Checks whether (at least) one parameter with this name exists.
+	  * Parameter name is case-insensitive.
+	  *
+	  * @param paramName parameter name
+	  * @return true if at least one parameter with the specified name
+	  * exists, or false otherwise
+	  */
+	bool hasParameter(const string& paramName) const;
+
+	/** Find the first parameter that matches the specified name. Parameter name
+	  * is case-insensitive. If no parameter is found, NULL is returned.
+	  *
+	  * @param paramName parameter name
+	  * @return first parameter with the specified name, or NULL if
+	  * no parameter with this name exists
+	  */
+	shared_ptr <parameter> findParameter(const string& paramName) const;
+
+	/** Find the first parameter that matches the specified name.
+	  * Parameter name is case-insensitive.
+	  * If no parameter is found, one will be created and inserted into
+	  * the parameter list.
+	  *
+	  * @param paramName parameter name
+	  * @return first parameter with the specified name or a new field
+	  * if no parameter is found
+	  */
+	shared_ptr <parameter> getParameter(const string& paramName);
+
+	/** Add a parameter at the end of the list.
+	  *
+	  * @param param parameter to append
+	  */
+	void appendParameter(const shared_ptr <parameter>& param);
+
+	/** Insert a new parameter before the specified parameter.
+	  *
+	  * @param beforeParam parameter before which the new parameter will be inserted
+	  * @param param parameter to insert
+	  * @throw std::out_of_range if the parameter is not in the list
+	  */
+	void insertParameterBefore(
+		const shared_ptr <parameter>& beforeParam,
+		const shared_ptr <parameter>& param
+	);
+
+	/** Insert a new parameter before the specified position.
+	  *
+	  * @param pos position at which to insert the new parameter (0 to insert at
+	  * the beginning of the list)
+	  * @param param parameter to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertParameterBefore(
+		const size_t pos,
+		const shared_ptr <parameter>& param
+	);
+
+	/** Insert a new parameter after the specified parameter.
+	  *
+	  * @param afterParam parameter after which the new parameter will be inserted
+	  * @param param parameter to insert
+	  * @throw std::out_of_range if the parameter is not in the list
+	  */
+	void insertParameterAfter(
+		const shared_ptr <parameter>& afterParam,
+		const shared_ptr <parameter>& param
+	);
+
+	/** Insert a new parameter after the specified position.
+	  *
+	  * @param pos position of the parameter before the new parameter
+	  * @param param parameter to insert
+	  * @throw std::out_of_range if the position is out of range
+	  */
+	void insertParameterAfter(
+		const size_t pos,
+		const shared_ptr <parameter>& param
+	);
+
+	/** Remove the specified parameter from the list.
+	  *
+	  * @param param parameter to remove
+	  * @throw std::out_of_range if the parameter is not in the list
+	  */
+	void removeParameter(const shared_ptr <parameter>& param);
+
+	/** Remove the parameter at the specified position.
+	  *
+	  * @param pos position of the parameter to remove
+	  */
+	void removeParameter(const size_t pos);
+
+	/** Remove all parameters from the list.
+	  */
+	void removeAllParameters();
+
+	/** Return the number of parameters in the list.
+	  *
+	  * @return number of parameters
+	  */
+	size_t getParameterCount() const;
+
+	/** Tests whether the list of parameters is empty.
+	  *
+	  * @return true if there is no parameter, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the parameter at the specified position.
+	  *
+	  * @param pos position
+	  * @return parameter at position 'pos'
+	  */
+	const shared_ptr <parameter> getParameterAt(const size_t pos);
+
+	/** Return the parameter at the specified position.
+	  *
+	  * @param pos position
+	  * @return parameter at position 'pos'
+	  */
+	const shared_ptr <const parameter> getParameterAt(const size_t pos) const;
+
+	/** Return the parameter list.
+	  *
+	  * @return list of parameters
+	  */
+	const std::vector <shared_ptr <const parameter> > getParameterList() const;
+
+	/** Return the parameter list.
+	  *
+	  * @return list of parameters
+	  */
+	const std::vector <shared_ptr <parameter> > getParameterList();
+
+	size_t getGeneratedSize(const generationContext& ctx);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+private:
+
+	std::vector <shared_ptr <parameter> > m_params;
+
+protected:
+
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PARAMETERIZEDHEADERFIELD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/parsedMessageAttachment.cpp b/vmime-master/src/vmime/parsedMessageAttachment.cpp
new file mode 100644
index 0000000..d50862b
--- /dev/null
+++ b/vmime-master/src/vmime/parsedMessageAttachment.cpp
@@ -0,0 +1,114 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/parsedMessageAttachment.hpp"
+
+#include "vmime/stringContentHandler.hpp"
+#include "vmime/contentDisposition.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+
+
+parsedMessageAttachment::parsedMessageAttachment(const shared_ptr <message>& msg)
+	: m_msg(msg) {
+
+}
+
+
+const mediaType parsedMessageAttachment::getType() const {
+
+	return mediaType(mediaTypes::MESSAGE, mediaTypes::MESSAGE_RFC822);
+}
+
+
+const text parsedMessageAttachment::getDescription() const {
+
+	return text();
+}
+
+
+const word parsedMessageAttachment::getName() const {
+
+	return word();
+}
+
+
+const shared_ptr <const contentHandler> parsedMessageAttachment::getData() const {
+
+	if (!m_data) {
+
+		std::ostringstream oss;
+		utility::outputStreamAdapter os(oss);
+
+		m_msg->generate(os);
+
+		m_data = make_shared <stringContentHandler>(oss.str());
+	}
+
+	return m_data;
+}
+
+
+const encoding parsedMessageAttachment::getEncoding() const {
+
+	return encoding(encodingTypes::EIGHT_BIT);  // not important
+}
+
+
+shared_ptr <const object> parsedMessageAttachment::getPart() const {
+
+	return null;
+}
+
+
+shared_ptr <const header> parsedMessageAttachment::getHeader() const {
+
+	return null;
+}
+
+
+shared_ptr <message> parsedMessageAttachment::getMessage() const {
+
+	return m_msg;
+}
+
+
+void parsedMessageAttachment::generateIn(const shared_ptr <bodyPart>& parent) const {
+
+	// Create and append a new part for this attachment
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+	parent->getBody()->appendPart(part);
+
+	// Set header fields
+	part->getHeader()->ContentType()->setValue(getType());
+	part->getHeader()->ContentDisposition()->setValue(contentDisposition(contentDispositionTypes::ATTACHMENT));
+
+	// Set contents
+	part->getBody()->setContents(getData());
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/parsedMessageAttachment.hpp b/vmime-master/src/vmime/parsedMessageAttachment.hpp
new file mode 100644
index 0000000..2a5358e
--- /dev/null
+++ b/vmime-master/src/vmime/parsedMessageAttachment.hpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PARSEDMESSAGEATTACHMENT_HPP_INCLUDED
+#define VMIME_PARSEDMESSAGEATTACHMENT_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC  // implementation detail
+
+
+#include "vmime/messageAttachment.hpp"
+
+
+namespace vmime {
+
+
+/** A message attachment that can be generated into a message.
+  */
+class VMIME_EXPORT parsedMessageAttachment : public messageAttachment {
+
+public:
+
+	parsedMessageAttachment(const shared_ptr <message>& msg);
+
+	const mediaType getType() const;
+	const text getDescription() const;
+	const word getName() const;
+
+	const shared_ptr <const contentHandler> getData() const;
+
+	const encoding getEncoding() const;
+
+	shared_ptr <const object> getPart() const;
+
+	shared_ptr <const header> getHeader() const;
+
+	shared_ptr <message> getMessage() const;
+
+protected:
+
+	void generateIn(const shared_ptr <bodyPart>& parent) const;
+
+private:
+
+	shared_ptr <message> m_msg;
+	mutable shared_ptr <contentHandler> m_data;
+};
+
+
+} // vmime
+
+
+#endif // !VMIME_BUILDING_DOC
+
+
+#endif // VMIME_PARSEDMESSAGEATTACHMENT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/parserHelpers.hpp b/vmime-master/src/vmime/parserHelpers.hpp
new file mode 100644
index 0000000..cba43c6
--- /dev/null
+++ b/vmime-master/src/vmime/parserHelpers.hpp
@@ -0,0 +1,140 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PARSERHELPERS_HPP_INCLUDED
+#define VMIME_PARSERHELPERS_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+#include <algorithm>
+
+
+
+namespace vmime {
+
+
+class parserHelpers {
+
+public:
+
+	static bool isSpace(const char_t c) {
+
+		return c == ' ' || c == '\t' || c == '\n' || c == '\r';
+	}
+
+	static bool isSpaceOrTab(const char_t c) {
+
+		return c == ' ' || c == '\t';
+	}
+
+	static bool isDigit(const char_t c) {
+
+		return c >= '0' && c <= '9';
+	}
+
+	static bool isAlpha(const char_t c) {
+
+		return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
+	}
+
+
+	static char_t toLower(const char_t c) {
+
+		if (c >= 'A' && c <= 'Z') {
+			return ('a' + (c - 'A'));
+		} else {
+			return c;
+		}
+	}
+
+
+	// Checks whether a character is in the 7-bit US-ASCII charset
+
+	static bool isAscii(const char_t c) {
+
+		const unsigned int x = static_cast <unsigned int>(c);
+		return x <= 127;
+	}
+
+
+	// Checks whether a character has a visual representation
+
+	static bool isPrint(const char_t c) {
+
+		const unsigned int x = static_cast <unsigned int>(c);
+		return x >= 0x20 && x <= 0x7E;
+	}
+
+
+	/** Finds the next EOL sequence in the specified buffer.
+	  * An EOL sequence may be a CR+LF sequence, or a LF sequence.
+	  *
+	  * @param buffer search buffer
+	  * @param currentPos start searching from this position
+	  * @param end stop searching at this position
+	  * @param eol will receive the position after the EOL sequence
+	  * @return true if an EOL sequence has been found, or false if
+	  * no EOL sequence was found before the end of the buffer
+	  */
+	static bool findEOL(
+		const string& buffer,
+		const size_t currentPos,
+		const size_t end,
+		size_t* eol
+	) {
+
+		size_t pos = currentPos;
+
+		if (pos == end) {
+			return false;
+		}
+
+		while (pos < end) {
+
+			if (buffer[pos] == '\r' && pos + 1 < end && buffer[pos + 1] == '\n') {
+
+				*eol = pos + 2;
+				return true;
+
+			} else if (buffer[pos] == '\n') {
+
+				*eol = pos + 1;
+				return true;
+			}
+
+			++pos;
+		}
+
+		*eol = end;
+
+		return true;
+	}
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PARSERHELPERS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/parsingContext.cpp b/vmime-master/src/vmime/parsingContext.cpp
new file mode 100644
index 0000000..0975e3d
--- /dev/null
+++ b/vmime-master/src/vmime/parsingContext.cpp
@@ -0,0 +1,64 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/parsingContext.hpp"
+
+
+namespace vmime {
+
+
+parsingContext::parsingContext()
+	: m_headerParseErrorRecovery(vmime::headerParseRecoveryMethod::SKIP_LINE) {
+
+}
+
+
+parsingContext::parsingContext(const parsingContext& ctx)
+	: context(ctx),
+	  m_headerParseErrorRecovery(vmime::headerParseRecoveryMethod::SKIP_LINE) {
+
+}
+
+
+parsingContext& parsingContext::getDefaultContext() {
+
+	static parsingContext ctx;
+	return ctx;
+}
+
+
+headerParseRecoveryMethod::headerLineError parsingContext::getHeaderParseErrorRecoveryMethod() const {
+
+	return m_headerParseErrorRecovery;
+}
+
+
+void parsingContext::setHeaderParseErrorRecoveryMethod(
+	const headerParseRecoveryMethod::headerLineError recoveryMethod
+) {
+
+	m_headerParseErrorRecovery = recoveryMethod;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/parsingContext.hpp b/vmime-master/src/vmime/parsingContext.hpp
new file mode 100644
index 0000000..d13d94e
--- /dev/null
+++ b/vmime-master/src/vmime/parsingContext.hpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PARSINGCONTEXT_HPP_INCLUDED
+#define VMIME_PARSINGCONTEXT_HPP_INCLUDED
+
+
+#include "vmime/context.hpp"
+
+
+namespace vmime {
+
+/** Provides runtime configurable options to provide flexibility in header parsing
+  */
+struct headerParseRecoveryMethod {
+
+	enum headerLineError {
+		SKIP_LINE = 0,
+		/* APPEND_TO_PREVIOUS_LINE = 1, */
+		ASSUME_END_OF_HEADERS = 2
+	};
+};
+
+/** Holds configuration parameters used for parsing messages.
+  */
+class VMIME_EXPORT parsingContext : public context {
+
+public:
+
+	parsingContext();
+	parsingContext(const parsingContext& ctx);
+
+	/** Returns the default context used for parsing messages.
+	  *
+	  * @return a reference to the default parsing context
+	  */
+	static parsingContext& getDefaultContext();
+
+	/** Sets the recovery method when parsing a header encounters an error
+	  * such as a failed fold or missing new line.
+	  *
+	  * @param recoveryMethod is one of vmime::headerParseRecoveryMethod.
+	  * Defaults to vmime::headerParseRecoveryMethod::SKIP_LINE.
+	  */
+	void setHeaderParseErrorRecoveryMethod(const headerParseRecoveryMethod::headerLineError recoveryMethod);
+
+	/** Return the recovery method when parsing a header encounters an error.
+	  *
+	  * @return is an enum from vmime::headerParseRecoveryMethod
+	  */
+	headerParseRecoveryMethod::headerLineError getHeaderParseErrorRecoveryMethod() const;
+
+protected:
+
+	headerParseRecoveryMethod::headerLineError m_headerParseErrorRecovery;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PARSINGCONTEXT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/path.cpp b/vmime-master/src/vmime/path.cpp
new file mode 100644
index 0000000..f57d128
--- /dev/null
+++ b/vmime-master/src/vmime/path.cpp
@@ -0,0 +1,206 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/path.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+path::path() {
+
+}
+
+
+path::path(const string& localPart, const string& domain)
+	: m_localPart(localPart),
+	  m_domain(domain) {
+
+}
+
+
+path::path(const path& p)
+	: headerFieldValue(),
+	  m_localPart(p.m_localPart),
+	  m_domain(p.m_domain) {
+
+}
+
+
+const string& path::getLocalPart() const {
+
+	return m_localPart;
+}
+
+
+void path::setLocalPart(const string& localPart) {
+
+	m_localPart = localPart;
+}
+
+
+const string& path::getDomain() const {
+
+	return m_domain;
+}
+
+
+void path::setDomain(const string& domain) {
+
+	m_domain = domain;
+}
+
+
+bool path::operator==(const path& p) const {
+
+	return m_localPart == p.m_localPart &&
+	       m_domain == p.m_domain;
+}
+
+
+bool path::operator!=(const path& p) const {
+
+	return m_localPart != p.m_localPart ||
+	       m_domain != p.m_domain;
+}
+
+
+void path::copyFrom(const component& other) {
+
+	const path& p = dynamic_cast <const path&>(other);
+
+	m_localPart = p.m_localPart;
+	m_domain = p.m_domain;
+}
+
+
+shared_ptr <component> path::clone() const {
+
+	return make_shared <path>(*this);
+}
+
+
+path& path::operator=(const path& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+const std::vector <shared_ptr <component> > path::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+void path::parseImpl(
+	const parsingContext& /* ctx */,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	size_t pos = position;
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+		++pos;
+	}
+
+	string addrSpec;
+
+	if (pos < end && buffer[pos] == '<') {
+
+		// Skip '<'
+		++pos;
+
+		while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+			++pos;
+		}
+
+		const size_t addrStart = pos;
+
+		while (pos < end && buffer[pos] != '>') {
+			++pos;
+		}
+
+		size_t addrEnd = pos;
+
+		while (addrEnd > addrStart && parserHelpers::isSpace(buffer[addrEnd - 1])) {
+			addrEnd--;
+		}
+
+		addrSpec = string(buffer.begin() + addrStart, buffer.begin() + addrEnd);
+
+	} else {
+
+		addrSpec = string(buffer.begin() + position, buffer.begin() + end);
+	}
+
+	const size_t at = addrSpec.find_first_of('@');
+
+	if (at != string::npos) {
+
+		m_localPart = string(addrSpec.begin(), addrSpec.begin() + at);
+		m_domain = string(addrSpec.begin() + at + 1, addrSpec.end());
+
+	} else {
+
+		m_localPart.clear();
+		m_domain = addrSpec;
+	}
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void path::generateImpl(
+	const generationContext& /* ctx */,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	if (m_localPart.empty() && m_domain.empty()) {
+
+		os << "<>";
+
+		if (newLinePos) {
+			*newLinePos = curLinePos + 2;
+		}
+
+	} else {
+
+		os << "<" << m_localPart << "@" << m_domain << ">";
+
+		if (newLinePos) {
+			*newLinePos = curLinePos + m_localPart.length() + m_domain.length() + 3;
+		}
+	}
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/path.hpp b/vmime-master/src/vmime/path.hpp
new file mode 100644
index 0000000..d63ee67
--- /dev/null
+++ b/vmime-master/src/vmime/path.hpp
@@ -0,0 +1,106 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PATH_HPP_INCLUDED
+#define VMIME_PATH_HPP_INCLUDED
+
+
+#include "vmime/headerFieldValue.hpp"
+
+
+namespace vmime {
+
+
+/** A path: a local part + '@' + a domain.
+  */
+class VMIME_EXPORT path : public headerFieldValue {
+
+public:
+
+	path();
+	path(const string& localPart, const string& domain);
+	path(const path& p);
+
+	/** Return the local part of the address.
+	  *
+	  * @return local part of the address
+	  */
+	const string& getLocalPart() const;
+
+	/** Set the local part of the address.
+	  *
+	  * @param localPart local part of the address
+	  */
+	void setLocalPart(const string& localPart);
+
+	/** Return the domain of the address.
+	  *
+	  * @return domain of the address
+	  */
+	const string& getDomain() const;
+
+	/** Set the domain of the address.
+	  *
+	  * @param domain domain of the address
+	  */
+	void setDomain(const string& domain);
+
+	// Comparison
+	bool operator==(const path& p) const;
+	bool operator!=(const path& p) const;
+
+	// Assignment
+	void copyFrom(const component& other);
+	shared_ptr <component> clone() const;
+	path& operator=(const path& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+protected:
+
+	string m_localPart;
+	string m_domain;
+
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PATH_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/plainTextPart.cpp b/vmime-master/src/vmime/plainTextPart.cpp
new file mode 100644
index 0000000..859a67c
--- /dev/null
+++ b/vmime-master/src/vmime/plainTextPart.cpp
@@ -0,0 +1,121 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/plainTextPart.hpp"
+#include "vmime/header.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/contentTypeField.hpp"
+
+#include "vmime/emptyContentHandler.hpp"
+
+
+namespace vmime {
+
+
+plainTextPart::plainTextPart()
+	: m_text(make_shared <emptyContentHandler>()) {
+
+}
+
+
+plainTextPart::~plainTextPart() {
+
+}
+
+
+const mediaType plainTextPart::getType() const {
+
+	return mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN);
+}
+
+
+size_t plainTextPart::getPartCount() const {
+
+	return 1;
+}
+
+
+void plainTextPart::generateIn(
+	const shared_ptr <bodyPart>& /* message */,
+	const shared_ptr <bodyPart>& parent
+) const {
+
+	// Create a new part
+	shared_ptr <bodyPart> part = make_shared <bodyPart>();
+	parent->getBody()->appendPart(part);
+
+	// Set contents
+	part->getBody()->setContents(
+		m_text,
+		mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN),
+		m_charset,
+		encoding::decide(m_text, m_charset, encoding::USAGE_TEXT)
+	);
+}
+
+
+void plainTextPart::parse(
+	const shared_ptr <const bodyPart>& /* message */,
+	const shared_ptr <const bodyPart>& /* parent */,
+	const shared_ptr <const bodyPart>& textPart
+) {
+
+	m_text = vmime::clone(textPart->getBody()->getContents());
+
+	shared_ptr <const contentTypeField> ctf =
+		textPart->getHeader()->findField <contentTypeField>(fields::CONTENT_TYPE);
+
+	if (ctf && ctf->hasCharset()) {
+		m_charset = ctf->getCharset();
+	} else {
+		m_charset = charset();
+	}
+}
+
+
+const charset& plainTextPart::getCharset() const {
+
+	return m_charset;
+}
+
+
+void plainTextPart::setCharset(const charset& ch) {
+
+	m_charset = ch;
+}
+
+
+const shared_ptr <const contentHandler> plainTextPart::getText() const{
+
+	return m_text;
+}
+
+
+void plainTextPart::setText(const shared_ptr <contentHandler>& text) {
+
+	m_text = vmime::clone(text);
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/plainTextPart.hpp b/vmime-master/src/vmime/plainTextPart.hpp
new file mode 100644
index 0000000..8a0249e
--- /dev/null
+++ b/vmime-master/src/vmime/plainTextPart.hpp
@@ -0,0 +1,74 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLAINTEXTPART_HPP_INCLUDED
+#define VMIME_PLAINTEXTPART_HPP_INCLUDED
+
+
+#include "vmime/textPart.hpp"
+
+
+namespace vmime {
+
+
+/** Text part of type 'text/plain'.
+  */
+class VMIME_EXPORT plainTextPart : public textPart {
+
+public:
+
+	plainTextPart();
+	~plainTextPart();
+
+	const mediaType getType() const;
+
+	const charset& getCharset() const;
+	void setCharset(const charset& ch);
+
+	const shared_ptr <const contentHandler> getText() const;
+	void setText(const shared_ptr <contentHandler>& text);
+
+	size_t getPartCount() const;
+
+	void generateIn(
+		const shared_ptr <bodyPart>& message,
+		const shared_ptr <bodyPart>& parent
+	) const;
+
+	void parse(
+		const shared_ptr <const bodyPart>& message,
+		const shared_ptr <const bodyPart>& parent,
+		const shared_ptr <const bodyPart>& textPart
+	);
+
+private:
+
+	shared_ptr <contentHandler> m_text;
+	charset m_charset;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PLAINTEXTPART_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platform.cpp b/vmime-master/src/vmime/platform.cpp
new file mode 100644
index 0000000..f2f1e97
--- /dev/null
+++ b/vmime-master/src/vmime/platform.cpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/platform.hpp"
+#include "vmime/config.hpp"
+
+#include "vmime/platforms/posix/posixHandler.hpp"
+#include "vmime/platforms/windows/windowsHandler.hpp"
+
+
+namespace vmime {
+
+
+shared_ptr <platform::handler> platform::sm_handler;
+
+
+platform::handler::~handler() {
+
+}
+
+
+// static
+shared_ptr <platform::handler> platform::getDefaultHandler() {
+
+#if VMIME_PLATFORM_IS_WINDOWS
+	return make_shared <platforms::windows::windowsHandler>();
+#elif VMIME_PLATFORM_IS_POSIX
+	return make_shared <platforms::posix::posixHandler>();
+#else
+	return null;
+#endif
+
+}
+
+
+// static
+shared_ptr <platform::handler> platform::getHandler() {
+
+	// If a custom platform handler is installed, return it
+	if (sm_handler) {
+		return sm_handler;
+	}
+
+	// Else, use the default handler for this platform
+	shared_ptr <handler> defaultHandler = getDefaultHandler();
+
+	if (defaultHandler) {
+		sm_handler = defaultHandler;
+		return sm_handler;
+	}
+
+	// Oops... no platform handler!
+	throw exceptions::no_platform_handler();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/platform.hpp b/vmime-master/src/vmime/platform.hpp
new file mode 100644
index 0000000..03a7b23
--- /dev/null
+++ b/vmime-master/src/vmime/platform.hpp
@@ -0,0 +1,158 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORM_HPP_INCLUDED
+#define VMIME_PLATFORM_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+#include "vmime/dateTime.hpp"
+#include "vmime/exception.hpp"
+#include "vmime/charset.hpp"
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	#include "vmime/net/socket.hpp"
+	#include "vmime/net/timeoutHandler.hpp"
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	#include "vmime/utility/file.hpp"
+	#include "vmime/utility/childProcess.hpp"
+#endif
+
+#include "vmime/utility/sync/criticalSection.hpp"
+
+
+namespace vmime {
+
+
+/** Allow setting or getting the current platform handler.
+  */
+class VMIME_EXPORT platform {
+
+public:
+
+	/** Takes care of all platform-dependent operations. It offers an interface to
+	  * access platform-dependent objects: sockets, date/time, file system, etc.
+	  */
+	class VMIME_EXPORT handler : public object {
+
+	public:
+
+		virtual ~handler();
+
+		/** Return the current UNIX time (Epoch time): the number of
+		  * seconds elapsed since Jan, 1st 1970 00:00.
+		  *
+		  * @return UNIX Epoch time
+		  */
+		virtual unsigned long getUnixTime() const = 0;
+
+		/** Return the current date and time, in the local time zone.
+		  *
+		  * @return current date and time
+		  */
+		virtual const datetime getCurrentLocalTime() const = 0;
+
+		/** Return the host name of the system.
+		  * Used when generating message ids.
+		  *
+		  * @return host name
+		  */
+		virtual const string getHostName() const = 0;
+
+		/** Return the current process identifier.
+		  * Used when generating random strings (part boundaries or message ids).
+		  *
+		  * @return current process id
+		  */
+		virtual unsigned int getProcessId() const = 0;
+
+		/** Return an unique identifier for the current thread.
+		  * Used for multi-threading synchronization.
+		  *
+		  * @return current thread id
+		  */
+		virtual unsigned int getThreadId() const = 0;
+
+		/** Return the charset used on the system.
+		  *
+		  * @return local charset
+		  */
+		virtual const charset getLocalCharset() const = 0;
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+		/** Return a pointer to the default socket factory for
+		  * this platform.
+		  *
+		  * @return socket factory
+		  */
+		virtual shared_ptr <net::socketFactory> getSocketFactory() = 0;
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+		/** Return a pointer to a factory that creates file-system objects.
+		  *
+		  * @return file-system factory
+		  */
+		virtual shared_ptr <utility::fileSystemFactory> getFileSystemFactory() = 0;
+
+		/** Return a pointer to a factory that creates child process objects,
+		  * which are used to spawn processes (run executable files).
+		  *
+		  * @return child process factory
+		  */
+		virtual shared_ptr <utility::childProcessFactory> getChildProcessFactory() = 0;
+#endif
+
+		/** Fills a buffer with cryptographically random bytes.
+		  *
+		  * @param buffer buffer to fill in with random bytes
+		  * @param count number of random bytes to write in buffer
+		  */
+		virtual void generateRandomBytes(unsigned char* buffer, const unsigned int count) = 0;
+
+		/** Creates and initializes a critical section.
+		  */
+		virtual shared_ptr <utility::sync::criticalSection> createCriticalSection() = 0;
+	};
+
+
+	template <class TYPE>
+	static void setHandler() {
+		sm_handler = vmime::make_shared <TYPE>();
+	}
+
+	static shared_ptr <handler> getDefaultHandler();
+	static shared_ptr <handler> getHandler();
+
+private:
+
+	static shared_ptr <handler> sm_handler;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_PLATFORM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/posix/posixChildProcess.cpp b/vmime-master/src/vmime/platforms/posix/posixChildProcess.cpp
new file mode 100644
index 0000000..4a9fef3
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixChildProcess.cpp
@@ -0,0 +1,410 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/platforms/posix/posixChildProcess.hpp"
+#include "vmime/platforms/posix/posixFile.hpp"
+
+#include "vmime/exception.hpp"
+
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/wait.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+// posixChildProcessFactory
+
+shared_ptr <utility::childProcess> posixChildProcessFactory::create(const utility::file::path& path) const {
+
+	return make_shared <posixChildProcess>(path);
+}
+
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+// getPosixSignalMessage
+// Returns the name of a POSIX signal.
+
+static const string getPosixSignalMessage(const int num) {
+
+	switch (num) {
+		case SIGHUP:  return "SIGHUP";
+		case SIGINT:  return "SIGINT";
+		case SIGQUIT: return "SIGQUIT";
+		case SIGILL:  return "SIGILL";
+		case SIGABRT: return "SIGABRT";
+		case SIGFPE:  return "SIGFPE";
+		case SIGKILL: return "SIGKILL";
+		case SIGSEGV: return "SIGSEGV";
+		case SIGPIPE: return "SIGPIPE";
+		case SIGALRM: return "SIGALRM";
+		case SIGTERM: return "SIGTERM";
+		case SIGUSR1: return "SIGUSR1";
+		case SIGUSR2: return "SIGUSR2";
+		case SIGCHLD: return "SIGCHLD";
+		case SIGCONT: return "SIGCONT";
+		case SIGSTOP: return "SIGSTOP";
+		case SIGTSTP: return "SIGTSTP";
+		case SIGTTIN: return "SIGTTIN";
+		case SIGTTOU: return "SIGTTOU";
+	}
+
+	return "(unknown)";
+}
+
+
+// getPosixErrorMessage
+// Returns a message corresponding to an error code.
+
+static const string getPosixErrorMessage(const int num) {
+
+#ifdef strerror_r
+	char res[256];
+	res[0] = '\0';
+
+	strerror_r(num, res, sizeof(res));
+
+	return string(res);
+#else
+	return string(strerror(num));
+#endif
+
+}
+
+
+// Output stream adapter for POSIX pipe
+
+class outputStreamPosixPipeAdapter : public utility::outputStream {
+
+public:
+
+	outputStreamPosixPipeAdapter(const int desc)
+		: m_desc(desc) {
+
+	}
+
+	void flush() {
+
+		::fsync(m_desc);
+	}
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count) {
+
+		if (::write(m_desc, data, count) == -1) {
+			const string errorMsg = getPosixErrorMessage(errno);
+			throw exceptions::system_error(errorMsg);
+		}
+	}
+
+private:
+
+	const int m_desc;
+};
+
+
+// Input stream adapter for POSIX pipe
+
+class inputStreamPosixPipeAdapter : public utility::inputStream {
+
+public:
+
+	inputStreamPosixPipeAdapter(const int desc)
+		: m_desc(desc) {
+	}
+
+	bool eof() const {
+
+		return m_eof;
+	}
+
+	void reset() {
+
+		// Do nothing: unsupported
+	}
+
+	size_t skip(const size_t count) {
+
+		// TODO: not tested
+		byte_t buffer[4096];
+
+		ssize_t bytesSkipped = 0;
+		ssize_t bytesRead = 0;
+
+		while ((bytesRead = ::read(m_desc, buffer,
+			std::min(sizeof(buffer), count - bytesSkipped))) != 0) {
+
+			if (bytesRead == -1) {
+				const string errorMsg = getPosixErrorMessage(errno);
+				throw exceptions::system_error(errorMsg);
+			}
+
+			bytesSkipped += bytesRead;
+		}
+
+		return static_cast <size_t>(bytesSkipped);
+	}
+
+	size_t read(byte_t* const data, const size_t count) {
+
+		ssize_t bytesRead = 0;
+
+		if ((bytesRead = ::read(m_desc, data, count)) == -1) {
+			const string errorMsg = getPosixErrorMessage(errno);
+			throw exceptions::system_error(errorMsg);
+		}
+
+		m_eof = (bytesRead == 0);
+
+		return static_cast <size_t>(bytesRead);
+	}
+
+private:
+
+	const int m_desc;
+
+	bool m_eof;
+};
+
+
+#endif // VMIME_BUILDING_DOC
+
+
+
+// posixChildProcess
+
+posixChildProcess::posixChildProcess(const utility::file::path& path)
+	: m_processPath(path),
+	  m_started(false),
+	  m_stdIn(null),
+	  m_stdOut(null),
+	  m_pid(0),
+	  m_argArray(NULL) {
+
+	m_pipe[0] = 0;
+	m_pipe[1] = 0;
+
+	sigemptyset(&m_oldProcMask);
+}
+
+
+posixChildProcess::~posixChildProcess() {
+
+	if (m_started) {
+		sigprocmask(SIG_SETMASK, &m_oldProcMask, NULL);
+	}
+
+	if (m_pipe[0] != 0) {
+		close(m_pipe[0]);
+	}
+
+	if (m_pipe[1] != 0) {
+		close(m_pipe[1]);
+	}
+
+	delete [] m_argArray;
+}
+
+
+// The following code is highly inspired and adapted from the 'sendmail'
+// provider module in Evolution data server code.
+//
+// Original authors: Dan Winship <danw@ximian.com>
+// Copyright 2000 Ximian, Inc. (www.ximian.com)
+
+void posixChildProcess::start(const std::vector <string>& args, const int flags) {
+
+	if (m_started) {
+		return;
+	}
+
+	// Construct C-style argument array
+	const char** argv = new const char*[args.size() + 2];
+
+	m_argVector = args;  // for c_str() pointer to remain valid
+	m_argArray = argv;   // to free later
+
+	argv[0] = m_processPath.getLastComponent().getBuffer().c_str();
+	argv[args.size() + 1] = NULL;
+
+	for (unsigned int i = 0 ; i < m_argVector.size() ; ++i) {
+		argv[i + 1] = m_argVector[i].c_str();
+	}
+
+	// Create a pipe to communicate with the child process
+	int fd[2];
+
+	if (pipe(fd) == -1) {
+		throw exceptions::system_error(getPosixErrorMessage(errno));
+	}
+
+	m_pipe[0] = fd[0];
+	m_pipe[1] = fd[1];
+
+	// Block SIGCHLD so the calling application doesn't notice
+	// process exiting before we do
+	sigset_t mask;
+
+	sigemptyset(&mask);
+	sigaddset(&mask, SIGCHLD);
+	sigprocmask(SIG_BLOCK, &mask, &m_oldProcMask);
+
+	// Spawn process
+	const pid_t pid = fork();
+
+	if (pid == -1) {  // error
+
+		const string errorMsg = getPosixErrorMessage(errno);
+
+		sigprocmask(SIG_SETMASK, &m_oldProcMask, NULL);
+
+		close(fd[0]);
+		close(fd[1]);
+
+		throw exceptions::system_error(errorMsg);
+
+	} else if (pid == 0) {  // child process
+
+		if (flags & FLAG_REDIRECT_STDIN) {
+			dup2(fd[0], STDIN_FILENO);
+		} else {
+			close(fd[0]);
+		}
+
+		if (flags & FLAG_REDIRECT_STDOUT) {
+			dup2(fd[1], STDOUT_FILENO);
+		} else {
+			close(fd[1]);
+		}
+
+		posixFileSystemFactory* pfsf = new posixFileSystemFactory();
+
+		const string path = pfsf->pathToString(m_processPath);
+
+		delete pfsf;
+
+		execv(path.c_str(), const_cast <char**>(argv));
+		_exit(255);
+	}
+
+	if (flags & FLAG_REDIRECT_STDIN) {
+
+		m_stdIn = make_shared <outputStreamPosixPipeAdapter>(m_pipe[1]);
+
+	} else {
+
+		close(m_pipe[1]);
+		m_pipe[1] = 0;
+	}
+
+	if (flags & FLAG_REDIRECT_STDOUT) {
+
+		m_stdOut = make_shared <inputStreamPosixPipeAdapter>(m_pipe[0]);
+
+	} else {
+
+		close(m_pipe[0]);
+		m_pipe[0] = 0;
+	}
+
+	m_pid = pid;
+	m_started = true;
+}
+
+
+shared_ptr <utility::outputStream> posixChildProcess::getStdIn() {
+
+	return m_stdIn;
+}
+
+
+shared_ptr <utility::inputStream> posixChildProcess::getStdOut() {
+
+	return m_stdOut;
+}
+
+
+void posixChildProcess::waitForFinish() {
+
+	// Close stdin pipe
+	if (m_pipe[1] != 0) {
+		close(m_pipe[1]);
+		m_pipe[1] = 0;
+	}
+
+	int wstat;
+
+	while (waitpid(m_pid, &wstat, 0) == -1 && errno == EINTR) {
+		;
+	}
+
+	if (!WIFEXITED(wstat)) {
+
+		throw exceptions::system_error("Process exited with signal "
+			+ getPosixSignalMessage(WTERMSIG(wstat)));
+
+	} else if (WEXITSTATUS(wstat) != 0) {
+
+		if (WEXITSTATUS(wstat) == 255) {
+
+			scoped_ptr <posixFileSystemFactory> pfsf(new posixFileSystemFactory());
+
+			throw exceptions::system_error("Could not execute '"
+				+ pfsf->pathToString(m_processPath) + "'");
+
+		} else {
+
+			std::ostringstream oss;
+			oss.imbue(std::locale::classic());
+
+			oss << "Process exited with status " << WEXITSTATUS(wstat);
+
+			throw exceptions::system_error(oss.str());
+		}
+	}
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
diff --git a/vmime-master/src/vmime/platforms/posix/posixChildProcess.hpp b/vmime-master/src/vmime/platforms/posix/posixChildProcess.hpp
new file mode 100644
index 0000000..b831e8b
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixChildProcess.hpp
@@ -0,0 +1,92 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_POSIX_POSIXCHILDPROCESS_HPP_INCLUDED
+#define VMIME_PLATFORMS_POSIX_POSIXCHILDPROCESS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/utility/childProcess.hpp"
+
+#include <sys/types.h>
+#include <signal.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+class posixChildProcess : public utility::childProcess {
+
+public:
+
+	posixChildProcess(const utility::file::path& path);
+	~posixChildProcess();
+
+	void start(const std::vector <string>& args, const int flags = 0);
+
+	shared_ptr <utility::outputStream> getStdIn();
+	shared_ptr <utility::inputStream> getStdOut();
+
+	void waitForFinish();
+
+private:
+
+	utility::file::path m_processPath;
+	bool m_started;
+
+	shared_ptr <utility::outputStream> m_stdIn;
+	shared_ptr <utility::inputStream> m_stdOut;
+
+	sigset_t m_oldProcMask;
+	pid_t m_pid;
+	int m_pipe[2];
+
+	std::vector <string> m_argVector;
+	const char** m_argArray;
+};
+
+
+class posixChildProcessFactory : public utility::childProcessFactory {
+
+public:
+
+	shared_ptr <utility::childProcess> create(const utility::file::path& path) const;
+};
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+#endif // VMIME_PLATFORMS_POSIX_POSIXCHILDPROCESS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/platforms/posix/posixCriticalSection.cpp b/vmime-master/src/vmime/platforms/posix/posixCriticalSection.cpp
new file mode 100644
index 0000000..2f25cfa
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixCriticalSection.cpp
@@ -0,0 +1,67 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX
+
+
+#include "vmime/platforms/posix/posixCriticalSection.hpp"
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+posixCriticalSection::posixCriticalSection() {
+
+	pthread_mutex_init(&m_cs, NULL);
+}
+
+
+posixCriticalSection::~posixCriticalSection() {
+
+	pthread_mutex_destroy(&m_cs);
+}
+
+
+void posixCriticalSection::lock() {
+
+	pthread_mutex_lock(&m_cs);
+}
+
+
+void posixCriticalSection::unlock() {
+
+	pthread_mutex_unlock(&m_cs);
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX
diff --git a/vmime-master/src/vmime/platforms/posix/posixCriticalSection.hpp b/vmime-master/src/vmime/platforms/posix/posixCriticalSection.hpp
new file mode 100644
index 0000000..9a4bed5
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixCriticalSection.hpp
@@ -0,0 +1,69 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_POSIX_CRITICALSECTION_HPP_INCLUDED
+#define VMIME_PLATFORMS_POSIX_CRITICALSECTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX
+
+
+#include "vmime/utility/sync/criticalSection.hpp"
+
+
+#include <unistd.h>
+#include <pthread.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+class posixCriticalSection : public utility::sync::criticalSection {
+
+public:
+
+	posixCriticalSection();
+	~posixCriticalSection();
+
+	void lock();
+	void unlock();
+
+private:
+
+	pthread_mutex_t m_cs;
+};
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX
+
+#endif // VMIME_PLATFORMS_POSIX_CRITICALSECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/posix/posixFile.cpp b/vmime-master/src/vmime/platforms/posix/posixFile.cpp
new file mode 100644
index 0000000..9773b3a
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixFile.cpp
@@ -0,0 +1,715 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/platforms/posix/posixFile.hpp"
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <dirent.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+//
+// posixFileIterator
+//
+
+posixFileIterator::posixFileIterator(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath),
+	  m_dir(NULL),
+	  m_dirEntry(NULL) {
+
+	if ((m_dir = ::opendir(m_nativePath.c_str())) == NULL) {
+		posixFileSystemFactory::reportError(path, errno);
+	}
+
+	getNextElement();
+}
+
+
+posixFileIterator::~posixFileIterator() {
+
+	if (m_dir) {
+
+		if (::closedir(m_dir) == -1) {
+			posixFileSystemFactory::reportError(m_path, errno);
+		}
+	}
+}
+
+
+bool posixFileIterator::hasMoreElements() const {
+
+	return (m_dirEntry != NULL);
+}
+
+
+shared_ptr <vmime::utility::file> posixFileIterator::nextElement() {
+
+	shared_ptr <posixFile> file = make_shared <posixFile>(
+		m_path / vmime::utility::file::path::component(m_dirEntry->d_name)
+	);
+
+	getNextElement();
+
+	return file;
+}
+
+
+void posixFileIterator::getNextElement() {
+
+	errno = 0;
+
+	while ((m_dirEntry = ::readdir(m_dir)) != NULL) {
+
+		const char* name = m_dirEntry->d_name;
+		const size_t len = ::strlen(name);
+
+		if (!(len == 1 && name[0] == '.') &&
+		    !(len == 2 && name[0] == '.' && name[1] == '.')) {
+
+			break;
+		}
+	}
+
+	if (errno) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+}
+
+
+
+//
+// posixFileWriterOutputStream
+//
+
+posixFileWriterOutputStream::posixFileWriterOutputStream(
+	const vmime::utility::file::path& path,
+	const int fd
+)
+	: m_path(path),
+	  m_fd(fd) {
+
+}
+
+
+posixFileWriterOutputStream::~posixFileWriterOutputStream() {
+
+	::close(m_fd);
+}
+
+
+void posixFileWriterOutputStream::writeImpl(
+	const byte_t* const data,
+	const size_t count
+) {
+
+	const byte_t* array = data;
+	size_t size = count;
+
+	while (1) {
+
+		ssize_t ret = ::write(m_fd, array, size);
+
+		if (ret == -1) {
+
+			if (errno == EINTR) {
+				continue;
+			}
+
+			posixFileSystemFactory::reportError(m_path, errno);
+			break;
+
+		} else if (size_t(ret) < size) {
+
+			array += ret;
+			size -= ret;
+		}
+
+		break;
+	}
+}
+
+
+void posixFileWriterOutputStream::flush() {
+
+	if (::fsync(m_fd) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+}
+
+
+
+//
+// posixFileReaderInputStream
+//
+
+posixFileReaderInputStream::posixFileReaderInputStream(
+	const vmime::utility::file::path& path,
+	const int fd
+)
+	: m_path(path),
+	  m_fd(fd),
+	  m_eof(false) {
+
+}
+
+
+posixFileReaderInputStream::~posixFileReaderInputStream() {
+
+	if (::close(m_fd) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+}
+
+
+bool posixFileReaderInputStream::eof() const {
+
+	return m_eof;
+}
+
+
+void posixFileReaderInputStream::reset() {
+
+	if (::lseek(m_fd, 0, SEEK_SET) == off_t(-1)) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	m_eof = false;
+}
+
+
+size_t posixFileReaderInputStream::read(
+	byte_t* const data,
+	const size_t count
+) {
+
+	ssize_t c = 0;
+
+	if ((c = ::read(m_fd, data, count)) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	if (c == 0 && count != 0) {
+		m_eof = true;
+	}
+
+	return static_cast <size_t>(c);
+}
+
+
+size_t posixFileReaderInputStream::skip(const size_t count) {
+
+	const off_t curPos = ::lseek(m_fd, 0, SEEK_CUR);
+
+	if (curPos == off_t(-1)) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	const off_t newPos = ::lseek(m_fd, count, SEEK_CUR);
+
+	if (newPos == off_t(-1)) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	return static_cast <size_t>(newPos - curPos);
+}
+
+
+size_t posixFileReaderInputStream::getPosition() const {
+
+	const off_t curPos = ::lseek(m_fd, 0, SEEK_CUR);
+
+	if (curPos == off_t(-1)) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	return static_cast <size_t>(curPos);
+}
+
+
+void posixFileReaderInputStream::seek(const size_t pos) {
+
+	const off_t newPos = ::lseek(m_fd, pos, SEEK_SET);
+
+	if (newPos == off_t(-1)) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+}
+
+
+
+//
+// posixFileWriter
+//
+
+posixFileWriter::posixFileWriter(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath) {
+
+}
+
+
+shared_ptr <vmime::utility::outputStream> posixFileWriter::getOutputStream() {
+
+	int fd = 0;
+
+	if ((fd = ::open(m_nativePath.c_str(), O_WRONLY, 0660)) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	return make_shared <posixFileWriterOutputStream>(m_path, fd);
+}
+
+
+
+//
+// posixFileReader
+//
+
+posixFileReader::posixFileReader(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath) {
+
+}
+
+
+shared_ptr <vmime::utility::inputStream> posixFileReader::getInputStream() {
+
+	int fd = 0;
+
+	if ((fd = ::open(m_nativePath.c_str(), O_RDONLY, 0640)) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	return make_shared <posixFileReaderInputStream>(m_path, fd);
+}
+
+
+
+//
+// posixFile
+//
+
+posixFile::posixFile(const vmime::utility::file::path& path)
+	: m_path(path),
+	  m_nativePath(posixFileSystemFactory::pathToStringImpl(path)) {
+
+}
+
+
+void posixFile::createFile() {
+
+	int fd = 0;
+
+	if ((fd = ::open(m_nativePath.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660)) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	if (::fsync(fd) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	if (::close(fd) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+}
+
+
+void posixFile::createDirectory(const bool createAll) {
+
+	createDirectoryImpl(m_path, m_path, createAll);
+}
+
+
+bool posixFile::isFile() const {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+
+		if (errno == ENOENT) {
+			return false;
+		}
+
+		posixFileSystemFactory::reportError(m_path, errno);
+		return false;
+	}
+
+	return S_ISREG(buf.st_mode);
+}
+
+
+bool posixFile::isDirectory() const {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+
+		if (errno == ENOENT) {
+			return false;
+		}
+
+		posixFileSystemFactory::reportError(m_path, errno);
+		return false;
+	}
+
+	return S_ISDIR(buf.st_mode);
+}
+
+
+bool posixFile::canRead() const {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+
+		if (errno == ENOENT) {
+			return false;
+		}
+
+		posixFileSystemFactory::reportError(m_path, errno);
+		return false;
+	}
+
+	return S_ISREG(buf.st_mode)
+	    && ::access(m_nativePath.c_str(), R_OK | F_OK) == 0;
+}
+
+
+bool posixFile::canWrite() const {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+
+		if (errno == ENOENT) {
+			return false;
+		}
+
+		posixFileSystemFactory::reportError(m_path, errno);
+		return false;
+	}
+
+	return S_ISREG(buf.st_mode)
+	    && ::access(m_nativePath.c_str(), W_OK | F_OK) == 0;
+}
+
+
+posixFile::length_type posixFile::getLength() {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	return static_cast <length_type>(buf.st_size);
+}
+
+
+const posixFile::path& posixFile::getFullPath() const {
+
+	return m_path;
+}
+
+
+bool posixFile::exists() const {
+
+	struct stat buf;
+	return ::stat(m_nativePath.c_str(), &buf) == 0;
+}
+
+
+shared_ptr <vmime::utility::file> posixFile::getParent() const {
+
+	if (m_path.isEmpty()) {
+		return null;
+	} else {
+		return make_shared <posixFile>(m_path.getParent());
+	}
+}
+
+
+void posixFile::rename(const path& newName) {
+
+	const vmime::string newNativePath = posixFileSystemFactory::pathToStringImpl(newName);
+
+	posixFile dest(newName);
+
+	if (isDirectory()) {
+		dest.createDirectory();
+	} else {
+		dest.createFile();
+	}
+
+	if (::rename(m_nativePath.c_str(), newNativePath.c_str()) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	m_path = newName;
+	m_nativePath = newNativePath;
+}
+
+
+void posixFile::remove() {
+
+	struct stat buf;
+
+	if (::stat(m_nativePath.c_str(), &buf) == -1) {
+		posixFileSystemFactory::reportError(m_path, errno);
+	}
+
+	if (S_ISDIR(buf.st_mode)) {
+
+		if (::rmdir(m_nativePath.c_str()) == -1) {
+			posixFileSystemFactory::reportError(m_path, errno);
+		}
+
+	} else if (S_ISREG(buf.st_mode)) {
+
+		if (::unlink(m_nativePath.c_str()) == -1) {
+			posixFileSystemFactory::reportError(m_path, errno);
+		}
+	}
+}
+
+
+shared_ptr <vmime::utility::fileWriter> posixFile::getFileWriter() {
+
+	return make_shared <posixFileWriter>(m_path, m_nativePath);
+}
+
+
+shared_ptr <vmime::utility::fileReader> posixFile::getFileReader() {
+
+	return make_shared <posixFileReader>(m_path, m_nativePath);
+}
+
+
+shared_ptr <vmime::utility::fileIterator> posixFile::getFiles() const {
+
+	if (!isDirectory()) {
+		throw vmime::exceptions::not_a_directory(m_path);
+	}
+
+	return make_shared <posixFileIterator>(m_path, m_nativePath);
+}
+
+
+void posixFile::createDirectoryImpl(
+	const vmime::utility::file::path& fullPath,
+	const vmime::utility::file::path& path,
+	const bool recursive
+) {
+
+	const vmime::string nativePath = posixFileSystemFactory::pathToStringImpl(path);
+	struct stat buf;
+
+	if (::stat(nativePath.c_str(), &buf) == 0 && S_ISDIR(buf.st_mode)) {
+		return;
+	}
+
+	if (!path.isEmpty() && recursive) {
+		createDirectoryImpl(fullPath, path.getParent(), true);
+	}
+
+	if (::mkdir(nativePath.c_str(), 0750) == -1) {
+		posixFileSystemFactory::reportError(fullPath, errno);
+	}
+}
+
+
+
+//
+// posixFileSystemFactory
+//
+
+shared_ptr <vmime::utility::file> posixFileSystemFactory::create(
+	const vmime::utility::file::path& path
+) const {
+
+	return make_shared <posixFile>(path);
+}
+
+
+const vmime::utility::file::path posixFileSystemFactory::stringToPath(
+	const vmime::string& str
+) const {
+
+	return stringToPathImpl(str);
+}
+
+
+const vmime::string posixFileSystemFactory::pathToString(
+	const vmime::utility::file::path& path
+) const {
+
+	return pathToStringImpl(path);
+}
+
+
+const vmime::utility::file::path posixFileSystemFactory::stringToPathImpl(
+	const vmime::string& str
+) {
+
+	vmime::size_t offset = 0;
+	vmime::size_t prev = 0;
+
+	vmime::utility::file::path path;
+
+	while ((offset = str.find_first_of("/", offset)) != vmime::string::npos) {
+
+		if (offset != prev) {
+
+			path.appendComponent(
+				vmime::utility::file::path::component(
+					vmime::string(str.begin() + prev, str.begin() + offset)
+				)
+			);
+		}
+
+		prev = offset + 1;
+		offset++;
+	}
+
+	if (prev < str.length()) {
+
+		path.appendComponent(
+			vmime::utility::file::path::component(
+				vmime::string(str.begin() + prev, str.end())
+			)
+		);
+	}
+
+	return path;
+}
+
+
+const vmime::string posixFileSystemFactory::pathToStringImpl(const vmime::utility::file::path& path) {
+
+	vmime::string native = "/";
+
+	for (size_t i = 0 ; i < path.getSize() ; ++i) {
+
+		if (i > 0) {
+			native += "/";
+		}
+
+		native += path[i].getBuffer();
+	}
+
+	return native;
+}
+
+
+bool posixFileSystemFactory::isValidPathComponent(
+	const vmime::utility::file::path::component& comp
+) const {
+
+	return comp.getBuffer().find_first_of("/*") == vmime::string::npos;
+}
+
+
+bool posixFileSystemFactory::isValidPath(const vmime::utility::file::path& path) const {
+
+	for (size_t i = 0 ; i < path.getSize() ; ++i) {
+
+		if (!isValidPathComponent(path[i])) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+
+void posixFileSystemFactory::reportError(const vmime::utility::path& path, const int err) {
+
+	vmime::string desc;
+
+	switch (err) {
+		case EEXIST: desc = "EEXIST: file already exists."; break;
+		case EISDIR: desc = "EISDIR: path refers to a directory."; break;
+		case EACCES: desc = "EACCES: permission denied"; break;
+		case ENAMETOOLONG: desc = "ENAMETOOLONG: path too long."; break;
+		case ENOENT: desc = "ENOENT: a directory in the path does not exist."; break;
+		case ENOTDIR: desc = "ENOTDIR: path is not a directory."; break;
+		case EROFS: desc = "EROFS: read-only filesystem."; break;
+		case ELOOP: desc = "ELOOP: too many symbolic links."; break;
+		case ENOSPC: desc = "ENOSPC: no space left on device."; break;
+		case ENOMEM: desc = "ENOMEM: insufficient kernel memory."; break;
+		case EMFILE: desc = "ENFILE: limit on number of files open by the process has been reached."; break;
+		case ENFILE: desc = "ENFILE: limit on number of files open on the system has been reached."; break;
+#ifndef AIX
+		case ENOTEMPTY: desc = "ENOTEMPTY: directory is not empty."; break;
+#endif
+
+		default:
+
+			std::ostringstream oss;
+			oss << ::strerror(err) << ".";
+
+			desc = oss.str();
+			break;
+	}
+
+	throw vmime::exceptions::filesystem_exception(desc, path);
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
diff --git a/vmime-master/src/vmime/platforms/posix/posixFile.hpp b/vmime-master/src/vmime/platforms/posix/posixFile.hpp
new file mode 100644
index 0000000..d1fda9e
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixFile.hpp
@@ -0,0 +1,224 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_POSIX_FILE_HPP_INCLUDED
+#define VMIME_PLATFORMS_POSIX_FILE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/utility/file.hpp"
+#include "vmime/utility/seekableInputStream.hpp"
+
+
+#include <dirent.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+class posixFileWriterOutputStream : public vmime::utility::outputStream {
+
+public:
+
+	posixFileWriterOutputStream(const vmime::utility::file::path& path, const int fd);
+	~posixFileWriterOutputStream();
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	const vmime::utility::file::path m_path;
+	const int m_fd;
+};
+
+
+
+class posixFileReaderInputStream : public vmime::utility::seekableInputStream {
+
+public:
+
+	posixFileReaderInputStream(const vmime::utility::file::path& path, const int fd);
+	~posixFileReaderInputStream();
+
+	bool eof() const;
+
+	void reset();
+
+	size_t read(byte_t* const data, const size_t count);
+
+	size_t skip(const size_t count);
+
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	const vmime::utility::file::path m_path;
+	const int m_fd;
+
+	bool m_eof;
+};
+
+
+
+class posixFileWriter : public vmime::utility::fileWriter {
+
+public:
+
+	posixFileWriter(const vmime::utility::file::path& path, const vmime::string& nativePath);
+
+	shared_ptr <vmime::utility::outputStream> getOutputStream();
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+
+class posixFileReader : public vmime::utility::fileReader {
+
+public:
+
+	posixFileReader(const vmime::utility::file::path& path, const vmime::string& nativePath);
+
+	shared_ptr <vmime::utility::inputStream> getInputStream();
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+
+class posixFileIterator : public vmime::utility::fileIterator {
+
+public:
+
+	posixFileIterator(const vmime::utility::file::path& path, const vmime::string& nativePath);
+	~posixFileIterator();
+
+	bool hasMoreElements() const;
+	shared_ptr <vmime::utility::file> nextElement();
+
+private:
+
+	void getNextElement();
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+
+	DIR* m_dir;
+	struct dirent* m_dirEntry;
+};
+
+
+
+class posixFile : public vmime::utility::file {
+
+public:
+
+	posixFile(const vmime::utility::file::path& path);
+
+	void createFile();
+	void createDirectory(const bool createAll = false);
+
+	bool isFile() const;
+	bool isDirectory() const;
+
+	bool canRead() const;
+	bool canWrite() const;
+
+	length_type getLength();
+
+	const path& getFullPath() const;
+
+	bool exists() const;
+
+	shared_ptr <vmime::utility::file> getParent() const;
+
+	void rename(const path& newName);
+
+	void remove();
+
+	shared_ptr <vmime::utility::fileWriter> getFileWriter();
+	shared_ptr <vmime::utility::fileReader> getFileReader();
+
+	shared_ptr <vmime::utility::fileIterator> getFiles() const;
+
+private:
+
+	static void createDirectoryImpl(
+		const vmime::utility::file::path& fullPath,
+		const vmime::utility::file::path& path,
+		const bool recursive = false
+	);
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+
+class posixFileSystemFactory : public vmime::utility::fileSystemFactory {
+
+public:
+
+	shared_ptr <vmime::utility::file> create(const vmime::utility::file::path& path) const;
+
+	const vmime::utility::file::path stringToPath(const vmime::string& str) const;
+	const vmime::string pathToString(const vmime::utility::file::path& path) const;
+
+	static const vmime::utility::file::path stringToPathImpl(const vmime::string& str);
+	static const vmime::string pathToStringImpl(const vmime::utility::file::path& path);
+
+	bool isValidPathComponent(const vmime::utility::file::path::component& comp) const;
+	bool isValidPath(const vmime::utility::file::path& path) const;
+
+	static void reportError(const vmime::utility::path& path, const int err);
+};
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_FILESYSTEM_FEATURES
+
+#endif // VMIME_PLATFORMS_POSIX_FILE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/posix/posixHandler.cpp b/vmime-master/src/vmime/platforms/posix/posixHandler.cpp
new file mode 100644
index 0000000..eecdbea
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixHandler.cpp
@@ -0,0 +1,292 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX
+
+
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+#include "vmime/platforms/posix/posixCriticalSection.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <time.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <locale.h>
+#include <langinfo.h>
+#include <errno.h>
+#include <limits.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+
+#if VMIME_HAVE_SYSCALL
+#	include <sys/syscall.h>
+#endif
+
+#include <netdb.h>
+
+#include <string.h>
+#include <cassert>
+#include <cstdlib>
+
+
+/*
+#ifdef _POSIX_PRIORITY_SCHEDULING
+	#include <sched.h>
+#endif // _POSIX_PRIORITY_SCHEDULING
+*/
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+posixHandler::posixHandler() {
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	m_socketFactory = make_shared <posixSocketFactory>();
+#endif
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	m_fileSysFactory = make_shared <posixFileSystemFactory>();
+	m_childProcFactory = make_shared <posixChildProcessFactory>();
+#endif
+
+}
+
+
+posixHandler::~posixHandler() {
+
+}
+
+
+unsigned long posixHandler::getUnixTime() const {
+
+	return static_cast <unsigned long>(::time(NULL));
+}
+
+
+const vmime::datetime posixHandler::getCurrentLocalTime() const {
+
+	const time_t t(::time(NULL));
+
+	// Get the local time
+#if VMIME_HAVE_LOCALTIME_R
+	tm local;
+	::localtime_r(&t, &local);
+#else
+	tm local = *::localtime(&t);  // WARNING: this is not thread-safe!
+#endif
+
+	// Get the UTC time
+#if VMIME_HAVE_GMTIME_R
+	tm gmt;
+	::gmtime_r(&t, &gmt);
+#else
+	tm gmt = *::gmtime(&t);  // WARNING: this is not thread-safe!
+#endif
+
+	// "A negative value for tm_isdst causes mktime() to attempt
+	//  to determine whether Daylight Saving Time is in effect
+	//  for the specified time."
+	local.tm_isdst = -1;
+	gmt.tm_isdst = -1;
+
+	// Calculate the difference (in seconds)
+	const time_t diff = ::mktime(&local) - ::mktime(&gmt);
+
+	// Return the date
+	return vmime::datetime(
+		local.tm_year + 1900, local.tm_mon + 1, local.tm_mday,
+		local.tm_hour, local.tm_min, local.tm_sec, static_cast <int>(diff / 60)
+	);
+}
+
+
+const vmime::charset posixHandler::getLocalCharset() const {
+
+	// Note: nl_langinfo() might be affected by calls to setlocale()
+	// in a multithread environment. There is not MT-safe alternative
+	// to nl_langinfo().
+	auto codeset = ::nl_langinfo(CODESET);
+
+	if (codeset) {
+		return vmime::charset(codeset);
+	}
+
+	return vmime::charset();
+}
+
+
+static inline bool isAcceptableHostname(const vmime::string& str) {
+
+	// At least, try to find something better than "localhost"
+	if (utility::stringUtils::isStringEqualNoCase(str, "localhost", 9) ||
+	    utility::stringUtils::isStringEqualNoCase(str, "localhost.localdomain", 21)) {
+
+		return false;
+	}
+
+	// Anything else will be OK, as long as it is a valid hostname
+	return utility::stringUtils::isValidHostname(str);
+}
+
+
+const vmime::string posixHandler::getHostName() const {
+	char hostname[256];
+
+	::gethostname(hostname, sizeof(hostname));
+	hostname[sizeof(hostname)-1] = '\0';
+
+	// Try to get official canonical name of this host
+	struct addrinfo hints;
+	memset(&hints, 0, sizeof hints);
+	hints.ai_family = AF_UNSPEC;  // either IPV4 or IPV6
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_CANONNAME;
+
+	struct addrinfo* info;
+
+	if (getaddrinfo(hostname, "http", &hints, &info) == 0) {
+		// First, try to get a Fully-Qualified Domain Name (FQDN)
+		for (struct addrinfo* p = info ; p != NULL ; p = p->ai_next) {
+
+			if (p->ai_canonname) {
+
+				const string hn(p->ai_canonname);
+
+				if (utility::stringUtils::isValidFQDN(hn)) {
+					freeaddrinfo(info);
+					return hn;
+				}
+			}
+		}
+
+		// Then, try to find an acceptable host name
+		for (struct addrinfo* p = info ; p != NULL ; p = p->ai_next) {
+
+			if (p->ai_canonname) {
+
+				const string hn(p->ai_canonname);
+
+				if (isAcceptableHostname(hn)) {
+					freeaddrinfo(info);
+					return hn;
+				}
+			}
+		}
+
+		freeaddrinfo(info);
+	}
+
+	if (::strlen(hostname) == 0 || !isAcceptableHostname(hostname)) {
+		::strcpy(hostname, "localhost.localdomain");
+	}
+
+	return hostname;
+}
+
+
+unsigned int posixHandler::getProcessId() const {
+
+	return ::getpid();
+}
+
+
+unsigned int posixHandler::getThreadId() const {
+
+#if VMIME_HAVE_GETTID
+	return static_cast <unsigned int>(::gettid());
+#elif VMIME_HAVE_SYSCALL && VMIME_HAVE_SYSCALL_GETTID
+	return static_cast <unsigned int>(::syscall(SYS_gettid));
+#elif VMIME_HAVE_GETTHRID  // OpenBSD
+	return static_cast <unsigned int>(::getthrid());
+#else
+	#error We have no implementation of getThreadId() for this platform!
+#endif
+
+}
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+shared_ptr <vmime::net::socketFactory> posixHandler::getSocketFactory() {
+
+	return m_socketFactory;
+}
+
+#endif
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+shared_ptr <vmime::utility::fileSystemFactory> posixHandler::getFileSystemFactory() {
+
+	return m_fileSysFactory;
+}
+
+
+shared_ptr <vmime::utility::childProcessFactory> posixHandler::getChildProcessFactory() {
+
+	return m_childProcFactory;
+}
+
+#endif
+
+
+void posixHandler::generateRandomBytes(unsigned char* buffer, const unsigned int count) {
+
+	int fd = open("/dev/urandom", O_RDONLY);
+
+	if (fd != -1) {
+
+		read(fd, buffer, count);
+		close(fd);
+
+	} else {  // fallback
+
+		for (unsigned int i = 0 ; i < count ; ++i) {
+			buffer[i] = static_cast <unsigned char>(rand() % 255);
+		}
+	}
+}
+
+
+shared_ptr <utility::sync::criticalSection> posixHandler::createCriticalSection() {
+
+	return make_shared <posixCriticalSection>();
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX
diff --git a/vmime-master/src/vmime/platforms/posix/posixHandler.hpp b/vmime-master/src/vmime/platforms/posix/posixHandler.hpp
new file mode 100644
index 0000000..30417f1
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixHandler.hpp
@@ -0,0 +1,103 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_POSIX_HANDLER_HPP_INCLUDED
+#define VMIME_PLATFORMS_POSIX_HANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX
+
+
+#include "vmime/platform.hpp"
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	#include "vmime/platforms/posix/posixSocket.hpp"
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+     #include "vmime/platforms/posix/posixFile.hpp"
+     #include "vmime/platforms/posix/posixChildProcess.hpp"
+#endif
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+class VMIME_EXPORT posixHandler : public vmime::platform::handler {
+
+public:
+
+	posixHandler();
+	~posixHandler();
+
+	unsigned long getUnixTime() const;
+
+	const vmime::datetime getCurrentLocalTime() const;
+
+	const vmime::charset getLocalCharset() const;
+
+	const vmime::string getHostName() const;
+
+	unsigned int getProcessId() const;
+	unsigned int getThreadId() const;
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	shared_ptr <vmime::net::socketFactory> getSocketFactory();
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	shared_ptr <vmime::utility::fileSystemFactory> getFileSystemFactory();
+
+	shared_ptr <vmime::utility::childProcessFactory> getChildProcessFactory();
+#endif
+
+	void generateRandomBytes(unsigned char* buffer, const unsigned int count);
+
+	shared_ptr <utility::sync::criticalSection> createCriticalSection();
+
+private:
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	shared_ptr <posixSocketFactory> m_socketFactory;
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	shared_ptr <posixFileSystemFactory> m_fileSysFactory;
+	shared_ptr <posixChildProcessFactory> m_childProcFactory;
+#endif
+};
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX
+
+#endif // VMIME_PLATFORMS_POSIX_HANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/posix/posixSocket.cpp b/vmime-master/src/vmime/platforms/posix/posixSocket.cpp
new file mode 100644
index 0000000..aec6a83
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixSocket.cpp
@@ -0,0 +1,969 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/platforms/posix/posixSocket.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE  // for getaddrinfo_a() in <netdb.h>
+#endif
+
+#include <unistd.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <poll.h>
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/exception.hpp"
+
+
+#if defined(EWOULDBLOCK)
+#   define IS_EAGAIN(x)  ((x) == EAGAIN || (x) == EWOULDBLOCK || (x) == EINTR || (x) == EINPROGRESS)
+#else
+#   define IS_EAGAIN(x)  ((x) == EAGAIN || (x) == EINTR || (x) == EINPROGRESS)
+#endif
+
+
+// Workaround for detection of strerror_r variants
+#if VMIME_HAVE_STRERROR_R
+
+namespace {
+
+char* vmime_strerror_r_result(int /* res */, char* buf) {
+
+	// XSI-compliant prototype:
+	// int strerror_r(int errnum, char *buf, size_t buflen);
+	return buf;
+}
+
+char* vmime_strerror_r_result(char* res, char* /* buf */) {
+
+	// GNU-specific prototype:
+	// char *strerror_r(int errnum, char *buf, size_t buflen);
+	return res;
+}
+
+}
+
+#endif // VMIME_HAVE_STRERROR_R
+
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+//
+// posixSocket
+//
+
+posixSocket::posixSocket(shared_ptr <vmime::net::timeoutHandler> th)
+	: m_timeoutHandler(th),
+	  m_desc(-1),
+	  m_status(0) {
+
+}
+
+
+posixSocket::~posixSocket() {
+
+	if (m_desc != -1) {
+		::close(m_desc);
+	}
+}
+
+
+void posixSocket::connect(const vmime::string& address, const vmime::port_t port) {
+
+	// Close current connection, if any
+	if (m_desc != -1) {
+		::close(m_desc);
+		m_desc = -1;
+	}
+
+	if (m_tracer) {
+
+		std::ostringstream trace;
+		trace << "Connecting to " << address << ", port " << port;
+
+		m_tracer->traceSend(trace.str());
+	}
+
+#if VMIME_HAVE_GETADDRINFO  // use thread-safe and IPv6-aware getaddrinfo() if available
+
+	// Resolve address, if needed
+	m_serverAddress = address;
+
+	struct ::addrinfo* addrInfo = NULL;  // resolved addresses
+	resolve(&addrInfo, address, port);
+
+	// Connect to host
+	int sock = -1;
+	int connectErrno = 0;
+
+	if (m_timeoutHandler != NULL) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	for (struct ::addrinfo* curAddrInfo = addrInfo ;
+	     sock == -1 && curAddrInfo != NULL ;
+	     curAddrInfo = curAddrInfo->ai_next, connectErrno = ETIMEDOUT) {
+
+		if (curAddrInfo->ai_family != AF_INET && curAddrInfo->ai_family != AF_INET6) {
+			continue;
+		}
+
+		sock = ::socket(curAddrInfo->ai_family, curAddrInfo->ai_socktype, curAddrInfo->ai_protocol);
+
+		if (sock < 0) {
+			connectErrno = errno;
+			continue;  // try next
+		}
+
+#if VMIME_HAVE_SO_KEEPALIVE
+
+		// Enable TCP Keepalive
+		int keepAlive_optval = 1;
+		socklen_t keepAlive_optlen = sizeof(keepAlive_optval);
+
+		::setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepAlive_optval, keepAlive_optlen);
+
+#endif // VMIME_HAVE_SO_KEEPALIVE
+
+#if VMIME_HAVE_SO_NOSIGPIPE
+
+		// Return EPIPE instead of generating SIGPIPE
+		int nosigpipe_optval = 1;
+		socklen_t nosigpipe_optlen = sizeof(nosigpipe_optval);
+
+		::setsockopt(sock, SOL_SOCKET, SO_NOSIGPIPE, &nosigpipe_optval, nosigpipe_optlen);
+
+#endif // VMIME_HAVE_SO_NOSIGPIPE
+
+
+		if (m_timeoutHandler) {
+
+			::fcntl(sock, F_SETFL, ::fcntl(sock, F_GETFL) | O_NONBLOCK);
+
+			if (::connect(sock, curAddrInfo->ai_addr, curAddrInfo->ai_addrlen) < 0) {
+
+				switch (errno) {
+
+					case 0:
+					case EINPROGRESS:
+					case EINTR:
+#if defined(EAGAIN)
+					case EAGAIN:
+#endif // EAGAIN
+#if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN))
+					case EWOULDBLOCK:
+#endif // EWOULDBLOCK
+
+						// Connection in progress
+						break;
+
+					default:
+
+						connectErrno = errno;
+						::close(sock);
+						sock = -1;
+						continue;  // try next
+				}
+
+				// Wait for socket to be connected.
+				bool connected = false;
+
+				const int pollTimeout = 1000;   // poll() timeout (ms)
+				const int tryNextTimeout = 5000;  // maximum time before trying next (ms)
+
+				timeval startTime = { 0, 0 };
+				gettimeofday(&startTime, /* timezone */ NULL);
+
+				do {
+
+					pollfd fds[1];
+					fds[0].fd = sock;
+					fds[0].events = POLLIN | POLLOUT;
+
+					const int ret = ::poll(fds, sizeof(fds) / sizeof(fds[0]), pollTimeout);
+
+					// Success
+					if (ret > 0) {
+
+						if (fds[0].revents & (POLLIN | POLLOUT)) {
+
+							int error = 0;
+							socklen_t len = sizeof(error);
+
+							if (getsockopt(sock, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
+
+								connectErrno = errno;
+
+							} else {
+
+								if (error != 0) {
+									connectErrno = error;
+								} else {
+									connected = true;
+								}
+							}
+						}
+
+						break;
+
+					// Error
+					} else if (ret < -1) {
+
+						if (errno != EAGAIN && errno != EINTR) {
+
+							// Cancel connection
+							connectErrno = errno;
+							break;
+						}
+					}
+
+					// Check for timeout
+					if (m_timeoutHandler->isTimeOut()) {
+
+						if (!m_timeoutHandler->handleTimeOut()) {
+
+							// Cancel connection
+							connectErrno = ETIMEDOUT;
+							break;
+
+						} else {
+
+							// Reset timeout and keep waiting for connection
+							m_timeoutHandler->resetTimeOut();
+						}
+
+					} else {
+
+						// Keep waiting for connection
+					}
+
+					timeval curTime = { 0, 0 };
+					gettimeofday(&curTime, /* timezone */ NULL);
+
+					if (curAddrInfo->ai_next != NULL &&
+						curTime.tv_usec - startTime.tv_usec >= tryNextTimeout * 1000) {
+
+						connectErrno = ETIMEDOUT;
+						break;
+					}
+
+				} while (true);
+
+				if (!connected) {
+
+					::close(sock);
+					sock = -1;
+					continue;  // try next
+				}
+
+				break;
+
+			} else {
+
+				// Connection successful
+				break;
+			}
+
+		} else {
+
+			if (::connect(sock, curAddrInfo->ai_addr, curAddrInfo->ai_addrlen) < 0) {
+
+				connectErrno = errno;
+				::close(sock);
+				sock = -1;
+				continue;  // try next
+			}
+		}
+	}
+
+	::freeaddrinfo(addrInfo);
+
+	if (sock == -1) {
+
+		try {
+			throwSocketError(connectErrno);
+		} catch (exceptions::socket_exception& e) {  // wrap
+			throw vmime::exceptions::connection_error("Error while connecting socket.", e);
+		}
+	}
+
+	m_desc = sock;
+
+#else // !VMIME_HAVE_GETADDRINFO
+
+	// Resolve address
+	::sockaddr_in addr;
+
+	memset(&addr, 0, sizeof(addr));
+
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(static_cast <unsigned short>(port));
+	addr.sin_addr.s_addr = ::inet_addr(address.c_str());
+
+	if (addr.sin_addr.s_addr == static_cast <in_addr_t>(-1)) {
+
+		::hostent* hostInfo = ::gethostbyname(address.c_str());
+
+		if (hostInfo == NULL) {
+			// Error: cannot resolve address
+			throw vmime::exceptions::connection_error("Cannot resolve address.");
+		}
+
+		::memcpy(reinterpret_cast <char*>(&addr.sin_addr), hostInfo->h_addr, hostInfo->h_length);
+	}
+
+	m_serverAddress = address;
+
+	// Get a new socket
+	m_desc = ::socket(AF_INET, SOCK_STREAM, 0);
+
+	if (m_desc == -1) {
+
+		try {
+			throwSocketError(errno);
+		} catch (exceptions::socket_exception& e) {  // wrap
+			throw vmime::exceptions::connection_error("Error while creating socket.", e);
+		}
+	}
+
+	// Start connection
+	if (::connect(m_desc, reinterpret_cast <sockaddr*>(&addr), sizeof(addr)) == -1) {
+
+		try {
+
+			throwSocketError(errno);
+
+		} catch (exceptions::socket_exception& e) {  // wrap
+
+			::close(m_desc);
+			m_desc = -1;
+
+			// Error
+			throw vmime::exceptions::connection_error("Error while connecting socket.", e);
+		}
+	}
+
+#endif // VMIME_HAVE_GETADDRINFO
+
+	::fcntl(m_desc, F_SETFL, ::fcntl(m_desc, F_GETFL) | O_NONBLOCK);
+}
+
+
+void posixSocket::resolve(
+	struct ::addrinfo** addrInfo,
+	const vmime::string& address,
+	const vmime::port_t port
+) {
+
+	char portStr[16];
+	snprintf(portStr, sizeof(portStr), "%u", static_cast <unsigned int>(port));
+
+
+	struct ::addrinfo hints;
+	memset(&hints, 0, sizeof(hints));
+
+	hints.ai_flags = AI_CANONNAME | AI_NUMERICSERV;
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+
+#if VMIME_HAVE_GETADDRINFO_A
+
+	// If getaddrinfo_a() is available, use asynchronous resolving to allow
+	// the timeout handler to cancel the operation
+
+	struct ::gaicb gaiRequest;
+	memset(&gaiRequest, 0, sizeof(gaiRequest));
+
+	gaiRequest.ar_name = address.c_str();
+	gaiRequest.ar_service = portStr;
+	gaiRequest.ar_request = &hints;
+
+	struct ::gaicb* gaiRequests = &gaiRequest;
+	int gaiError;
+
+	if ((gaiError = getaddrinfo_a(GAI_NOWAIT, &gaiRequests, 1, NULL)) != 0) {
+
+		throw vmime::exceptions::connection_error(
+			"getaddrinfo_a() failed: " + std::string(gai_strerror(gaiError))
+		);
+	}
+
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	while (true) {
+
+		struct timespec gaiTimeout;
+		gaiTimeout.tv_sec = 1;  // query timeout handler every second
+		gaiTimeout.tv_nsec = 0;
+
+		gaiError = gai_suspend(&gaiRequests, 1, &gaiTimeout);
+
+		if (gaiError == 0 || gaiError == EAI_ALLDONE) {
+
+			const int ret = gai_error(&gaiRequest);
+
+			if (ret != 0) {
+
+				throw vmime::exceptions::connection_error(
+					"getaddrinfo_a() request failed: " + std::string(gai_strerror(ret))
+				);
+
+			} else {
+
+				*addrInfo = gaiRequest.ar_result;
+				break;
+			}
+
+		} else if (gaiError != EAI_AGAIN) {
+
+			if (gaiError == EAI_SYSTEM) {
+
+				const int ret = gai_error(&gaiRequest);
+
+				if (ret != EAI_INPROGRESS && errno != 0) {
+
+					try {
+						throwSocketError(errno);
+					} catch (exceptions::socket_exception& e) {  // wrap
+						throw vmime::exceptions::connection_error("Error while connecting socket.", e);
+					}
+				}
+
+			} else {
+
+				throw vmime::exceptions::connection_error(
+					"gai_suspend() failed: " + std::string(gai_strerror(gaiError))
+				);
+			}
+		}
+
+		// Check for timeout
+		if (m_timeoutHandler && m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				throw exceptions::operation_timed_out();
+
+			} else {
+
+				// Reset timeout and keep waiting for connection
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+	}
+
+#else  // !VMIME_HAVE_GETADDRINFO_A
+
+	if (::getaddrinfo(address.c_str(), portStr, &hints, addrInfo) != 0) {
+
+		// Error: cannot resolve address
+		throw vmime::exceptions::connection_error("Cannot resolve address.");
+	}
+
+#endif  // VMIME_HAVE_GETADDRINFO_A
+
+}
+
+
+bool posixSocket::isConnected() const {
+
+	if (m_desc == -1) {
+		return false;
+	}
+
+	char buff;
+
+	return ::recv(m_desc, &buff, 1, MSG_PEEK) != 0;
+}
+
+
+void posixSocket::disconnect() {
+
+	if (m_desc != -1) {
+
+		if (m_tracer) {
+			m_tracer->traceSend("Disconnecting");
+		}
+
+		::shutdown(m_desc, SHUT_RDWR);
+		::close(m_desc);
+
+		m_desc = -1;
+	}
+}
+
+
+static bool isNumericAddress(const char* address) {
+
+#if VMIME_HAVE_GETADDRINFO
+
+	struct addrinfo hint, *info = NULL;
+	memset(&hint, 0, sizeof(hint));
+
+	hint.ai_family = AF_UNSPEC;
+	hint.ai_flags = AI_NUMERICHOST;
+
+	if (getaddrinfo(address, 0, &hint, &info) == 0) {
+
+		freeaddrinfo(info);
+		return true;
+
+	} else {
+
+		return false;
+	}
+
+#else
+
+	return inet_addr(address) != INADDR_NONE;
+
+#endif
+
+}
+
+
+const string posixSocket::getPeerAddress() const {
+
+	// Get address of connected peer
+	sockaddr peer;
+	socklen_t peerLen = sizeof(peer);
+
+	if (getpeername(m_desc, &peer, &peerLen) != 0) {
+		throwSocketError(errno);
+	}
+
+	// Convert to numerical presentation format
+	char buf[INET6_ADDRSTRLEN];
+
+	if (!inet_ntop(peer.sa_family, &(reinterpret_cast <struct sockaddr_in *>(&peer))->sin_addr, buf, sizeof(buf))) {
+		throwSocketError(errno);
+	}
+
+	return string(buf);
+}
+
+
+const string posixSocket::getPeerName() const {
+
+	// Get address of connected peer
+	sockaddr peer;
+	socklen_t peerLen = sizeof(peer);
+
+	if (getpeername(m_desc, &peer, &peerLen) != 0) {
+		throwSocketError(errno);
+	}
+
+	// If server address as specified when connecting is a numeric
+	// address, try to get a host name for it
+	if (isNumericAddress(m_serverAddress.c_str())) {
+
+#if VMIME_HAVE_GETNAMEINFO
+
+		char host[NI_MAXHOST + 1];
+		char service[NI_MAXSERV + 1];
+
+		if (getnameinfo(reinterpret_cast <sockaddr *>(&peer), peerLen,
+				host, sizeof(host), service, sizeof(service),
+				/* flags */ NI_NAMEREQD) == 0) {
+
+			return string(host);
+		}
+
+#else
+
+		struct hostent *hp;
+
+		if ((hp = gethostbyaddr(reinterpret_cast <const void *>(&peer),
+				sizeof(peer), peer.sa_family)) != NULL) {
+
+			return string(hp->h_name);
+		}
+
+#endif
+
+	}
+
+	return m_serverAddress;
+}
+
+
+size_t posixSocket::getBlockSize() const {
+
+	return 16384;  // 16 KB
+}
+
+
+bool posixSocket::waitForData(const bool read, const bool write, const int msecs) {
+
+	for (int i = 0 ; i <= msecs / 10 ; ++i) {
+
+		// Check whether data is available
+		pollfd fds[1];
+		fds[0].fd = m_desc;
+		fds[0].events = 0;
+
+		if (read) {
+			fds[0].events |= POLLIN;
+		}
+
+		if (write) {
+			fds[0].events |= POLLOUT;
+		}
+
+		const int ret = ::poll(fds, sizeof(fds) / sizeof(fds[0]), 10 /* ms */);
+
+		if (ret < 0) {
+
+			if (errno != EAGAIN && errno != EINTR) {
+				throwSocketError(errno);
+			}
+
+		} else if (ret > 0) {
+
+			if (fds[0].revents & (POLLIN | POLLOUT)) {
+				return true;
+			}
+		}
+
+		// No data available at this time
+		// Check if we are timed out
+		if (m_timeoutHandler &&
+		    m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				// Server did not react within timeout delay
+				throw exceptions::operation_timed_out();
+
+			} else {
+
+				// Reset timeout
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+	}
+
+	return false;  // time out
+}
+
+
+bool posixSocket::waitForRead(const int msecs) {
+
+	return waitForData(/* read */ true, /* write */ false, msecs);
+}
+
+
+bool posixSocket::waitForWrite(const int msecs) {
+
+	return waitForData(/* read */ false, /* write */ true, msecs);
+}
+
+
+void posixSocket::receive(vmime::string& buffer) {
+
+	const size_t size = receiveRaw(m_buffer, sizeof(m_buffer));
+	buffer = utility::stringUtils::makeStringFromBytes(m_buffer, size);
+}
+
+
+size_t posixSocket::receiveRaw(byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+	// Check whether data is available
+	if (!waitForRead(50 /* msecs */)) {
+
+		m_status |= STATUS_WOULDBLOCK;
+
+		// Continue waiting for data
+		return 0;
+	}
+
+	// Read available data
+	ssize_t ret = ::recv(m_desc, buffer, count, 0);
+
+	if (ret < 0) {
+
+		if (!IS_EAGAIN(errno)) {
+			throwSocketError(errno);
+		}
+
+		// Check if we are timed out
+		if (m_timeoutHandler &&
+		    m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				// Server did not react within timeout delay
+				throwSocketError(errno);
+
+			} else {
+
+				// Reset timeout
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+
+		m_status |= STATUS_WOULDBLOCK;
+
+		// No data available at this time
+		return 0;
+
+	} else if (ret == 0) {
+
+		// Host shutdown
+		throwSocketError(ENOTCONN);
+
+	} else {
+
+		// Data received, reset timeout
+		if (m_timeoutHandler) {
+			m_timeoutHandler->resetTimeOut();
+		}
+	}
+
+	return ret;
+}
+
+
+void posixSocket::send(const vmime::string& buffer) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(buffer.data()), buffer.length());
+}
+
+
+void posixSocket::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(str), ::strlen(str));
+}
+
+
+void posixSocket::sendRaw(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+	size_t size = count;
+
+	while (size > 0) {
+
+#if VMIME_HAVE_MSG_NOSIGNAL
+		const ssize_t ret = ::send(m_desc, buffer, size, MSG_NOSIGNAL);
+#else
+		const ssize_t ret = ::send(m_desc, buffer, size, 0);
+#endif
+
+		if (ret <= 0) {
+
+			if (ret < 0 && !IS_EAGAIN(errno)) {
+				throwSocketError(errno);
+			}
+
+			waitForWrite(50 /* msecs */);
+
+		} else {
+
+			buffer += ret;
+			size -= ret;
+		}
+	}
+
+	// Reset timeout
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+}
+
+
+size_t posixSocket::sendRawNonBlocking(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+#if VMIME_HAVE_MSG_NOSIGNAL
+	const ssize_t ret = ::send(m_desc, buffer, count, MSG_NOSIGNAL);
+#else
+	const ssize_t ret = ::send(m_desc, buffer, count, 0);
+#endif
+
+	if (ret <= 0) {
+
+		if (ret < 0 && !IS_EAGAIN(errno)) {
+			throwSocketError(errno);
+		}
+
+		// Check if we are timed out
+		if (m_timeoutHandler &&
+		    m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				// Could not send data within timeout delay
+				throw exceptions::operation_timed_out();
+
+			} else {
+
+				// Reset timeout
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+
+		m_status |= STATUS_WOULDBLOCK;
+
+		// No data can be written at this time
+		return 0;
+	}
+
+	// Reset timeout
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	return ret;
+}
+
+
+void posixSocket::throwSocketError(const int err) {
+
+	const char* msg = NULL;
+
+	switch (err) {
+
+		case EACCES:          msg = "EACCES: permission denied"; break;
+		case EAFNOSUPPORT:    msg = "EAFNOSUPPORT: address family not supported"; break;
+		case EMFILE:          msg = "EMFILE: process file table overflow"; break;
+		case ENFILE:          msg = "ENFILE: system limit reached"; break;
+		case EPROTONOSUPPORT: msg = "EPROTONOSUPPORT: protocol not supported"; break;
+		case EAGAIN:          msg = "EGAIN: blocking operation"; break;
+		case EBADF:           msg = "EBADF: invalid descriptor"; break;
+		case ECONNRESET:      msg = "ECONNRESET: connection reset by peer"; break;
+		case EFAULT:          msg = "EFAULT: bad user space address"; break;
+		case EINTR:           msg = "EINTR: signal occurred before transmission"; break;
+		case EINVAL:          msg = "EINVAL: invalid argument"; break;
+		case EMSGSIZE:        msg = "EMSGSIZE: message cannot be sent atomically"; break;
+		case ENOBUFS:         msg = "ENOBUFS: output queue is full"; break;
+		case ENOMEM:          msg = "ENOMEM: out of memory"; break;
+		case EPIPE:           msg = "EPIPE: broken pipe"; break;
+		case ENOTCONN:        msg = "ENOTCONN: not connected"; break;
+		case ECONNREFUSED:    msg = "ECONNREFUSED: connection refused"; break;
+	}
+
+	if (msg) {
+
+		throw exceptions::socket_exception(msg);
+
+	} else {
+
+		// Use strerror() to get string describing error number
+
+#if VMIME_HAVE_STRERROR_R
+
+		char errbuf[512];
+
+		throw exceptions::socket_exception(
+			vmime_strerror_r_result(
+				strerror_r(err, errbuf, sizeof(errbuf)),
+				errbuf
+			)
+		);
+
+#else  // !VMIME_HAVE_STRERROR_R
+
+		const std::string strmsg(strerror(err));
+		throw exceptions::socket_exception(strmsg);
+
+#endif  // VMIME_HAVE_STRERROR_R
+
+	}
+}
+
+
+unsigned int posixSocket::getStatus() const {
+
+	return m_status;
+}
+
+
+shared_ptr <net::timeoutHandler> posixSocket::getTimeoutHandler() {
+
+	return m_timeoutHandler;
+}
+
+
+void posixSocket::setTracer(const shared_ptr <net::tracer>& tracer) {
+
+	m_tracer = tracer;
+}
+
+
+shared_ptr <net::tracer> posixSocket::getTracer() {
+
+	return m_tracer;
+}
+
+
+
+//
+// posixSocketFactory
+//
+
+shared_ptr <vmime::net::socket> posixSocketFactory::create() {
+
+	shared_ptr <vmime::net::timeoutHandler> th;
+	return make_shared <posixSocket>(th);
+}
+
+
+shared_ptr <vmime::net::socket> posixSocketFactory::create(const shared_ptr <vmime::net::timeoutHandler>& th) {
+
+	return make_shared <posixSocket>(th);
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/platforms/posix/posixSocket.hpp b/vmime-master/src/vmime/platforms/posix/posixSocket.hpp
new file mode 100644
index 0000000..7d732b7
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/posix/posixSocket.hpp
@@ -0,0 +1,118 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_POSIX_SOCKET_HPP_INCLUDED
+#define VMIME_PLATFORMS_POSIX_SOCKET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/socket.hpp"
+
+
+struct addrinfo;
+
+
+namespace vmime {
+namespace platforms {
+namespace posix {
+
+
+class posixSocket : public vmime::net::socket {
+
+public:
+
+	posixSocket(shared_ptr <vmime::net::timeoutHandler> th);
+	~posixSocket();
+
+	void connect(const vmime::string& address, const vmime::port_t port);
+	bool isConnected() const;
+	void disconnect();
+
+	bool waitForRead(const int msecs = 30000);
+	bool waitForWrite(const int msecs = 30000);
+
+	void receive(vmime::string& buffer);
+	size_t receiveRaw(byte_t* buffer, const size_t count);
+
+	void send(const vmime::string& buffer);
+	void send(const char* str);
+	void sendRaw(const byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const string getPeerName() const;
+	const string getPeerAddress() const;
+
+	shared_ptr <net::timeoutHandler> getTimeoutHandler();
+
+	void setTracer(const shared_ptr <net::tracer>& tracer);
+	shared_ptr <net::tracer> getTracer();
+
+protected:
+
+	void resolve(struct ::addrinfo** addrInfo, const vmime::string& address, const vmime::port_t port);
+
+	bool waitForData(const bool read, const bool write, const int msecs);
+
+	static void throwSocketError(const int err);
+
+private:
+
+	shared_ptr <vmime::net::timeoutHandler> m_timeoutHandler;
+	shared_ptr <net::tracer> m_tracer;
+
+	byte_t m_buffer[65536];
+	int m_desc;
+
+	unsigned int m_status;
+
+	string m_serverAddress;
+};
+
+
+
+class posixSocketFactory : public vmime::net::socketFactory {
+
+public:
+
+	shared_ptr <vmime::net::socket> create();
+	shared_ptr <vmime::net::socket> create(const shared_ptr <vmime::net::timeoutHandler>& th);
+};
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_POSIX && VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_PLATFORMS_POSIX_SOCKET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/windows/windowsCodepages.hpp b/vmime-master/src/vmime/platforms/windows/windowsCodepages.hpp
new file mode 100644
index 0000000..1457c59
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsCodepages.hpp
@@ -0,0 +1,197 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_WINDOWS_CODEPAGES_HPP_INCLUDED
+#define VMIME_PLATFORMS_WINDOWS_CODEPAGES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS
+
+
+#include <string.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+struct windowsCodepages {
+
+	static int getByName(const char* s8_Name) {
+
+		if (stricmp(s8_Name, "ASMO-708")          == 0) return 708;
+		if (stricmp(s8_Name, "big5")              == 0) return 950;
+		if (stricmp(s8_Name, "cp1025")            == 0) return 21025;
+		if (stricmp(s8_Name, "cp866")             == 0) return 866;
+		if (stricmp(s8_Name, "cp875")             == 0) return 875;
+		if (stricmp(s8_Name, "DOS-720")           == 0) return 720;
+		if (stricmp(s8_Name, "DOS-862")           == 0) return 862;
+		if (stricmp(s8_Name, "EUC-CN")            == 0) return 51936;
+		if (stricmp(s8_Name, "euc-jp")            == 0) return 51932;
+		if (stricmp(s8_Name, "EUC-JP")            == 0) return 20932;
+		if (stricmp(s8_Name, "euc-kr")            == 0) return 51949;
+		if (stricmp(s8_Name, "GB18030")           == 0) return 54936;
+		if (stricmp(s8_Name, "GBK")	          == 0) return 54936;
+		if (stricmp(s8_Name, "gb2312")            == 0) return 936;
+		if (stricmp(s8_Name, "hz-gb-2312")        == 0) return 52936;
+		if (stricmp(s8_Name, "IBM00858")          == 0) return 858;
+		if (stricmp(s8_Name, "IBM00924")          == 0) return 20924;
+		if (stricmp(s8_Name, "IBM01047")          == 0) return 1047;
+		if (stricmp(s8_Name, "IBM01140")          == 0) return 1140;
+		if (stricmp(s8_Name, "IBM01141")          == 0) return 1141;
+		if (stricmp(s8_Name, "IBM01142")          == 0) return 1142;
+		if (stricmp(s8_Name, "IBM01143")          == 0) return 1143;
+		if (stricmp(s8_Name, "IBM01144")          == 0) return 1144;
+		if (stricmp(s8_Name, "IBM01145")          == 0) return 1145;
+		if (stricmp(s8_Name, "IBM01146")          == 0) return 1146;
+		if (stricmp(s8_Name, "IBM01147")          == 0) return 1147;
+		if (stricmp(s8_Name, "IBM01148")          == 0) return 1148;
+		if (stricmp(s8_Name, "IBM01149")          == 0) return 1149;
+		if (stricmp(s8_Name, "IBM037")            == 0) return 37;
+		if (stricmp(s8_Name, "IBM1026")           == 0) return 1026;
+		if (stricmp(s8_Name, "IBM273")            == 0) return 20273;
+		if (stricmp(s8_Name, "IBM277")            == 0) return 20277;
+		if (stricmp(s8_Name, "IBM278")            == 0) return 20278;
+		if (stricmp(s8_Name, "IBM280")            == 0) return 20280;
+		if (stricmp(s8_Name, "IBM284")            == 0) return 20284;
+		if (stricmp(s8_Name, "IBM285")            == 0) return 20285;
+		if (stricmp(s8_Name, "IBM290")            == 0) return 20290;
+		if (stricmp(s8_Name, "IBM297")            == 0) return 20297;
+		if (stricmp(s8_Name, "IBM420")            == 0) return 20420;
+		if (stricmp(s8_Name, "IBM423")            == 0) return 20423;
+		if (stricmp(s8_Name, "IBM424")            == 0) return 20424;
+		if (stricmp(s8_Name, "IBM437")            == 0) return 437;
+		if (stricmp(s8_Name, "IBM500")            == 0) return 500;
+		if (stricmp(s8_Name, "ibm737")            == 0) return 737;
+		if (stricmp(s8_Name, "ibm775")            == 0) return 775;
+		if (stricmp(s8_Name, "ibm850")            == 0) return 850;
+		if (stricmp(s8_Name, "ibm852")            == 0) return 852;
+		if (stricmp(s8_Name, "IBM855")            == 0) return 855;
+		if (stricmp(s8_Name, "ibm857")            == 0) return 857;
+		if (stricmp(s8_Name, "IBM860")            == 0) return 860;
+		if (stricmp(s8_Name, "ibm861")            == 0) return 861;
+		if (stricmp(s8_Name, "IBM863")            == 0) return 863;
+		if (stricmp(s8_Name, "IBM864")            == 0) return 864;
+		if (stricmp(s8_Name, "IBM865")            == 0) return 865;
+		if (stricmp(s8_Name, "ibm869")            == 0) return 869;
+		if (stricmp(s8_Name, "IBM870")            == 0) return 870;
+		if (stricmp(s8_Name, "IBM871")            == 0) return 20871;
+		if (stricmp(s8_Name, "IBM880")            == 0) return 20880;
+		if (stricmp(s8_Name, "IBM905")            == 0) return 20905;
+		if (stricmp(s8_Name, "IBM-Thai")          == 0) return 20838;
+		if (stricmp(s8_Name, "iso-2022-jp")       == 0) return 50222;
+		if (stricmp(s8_Name, "iso-2022-kr")       == 0) return 50225;
+		if (stricmp(s8_Name, "iso-8859-1")        == 0) return 28591;
+		if (stricmp(s8_Name, "iso-8859-13")       == 0) return 28603;
+		if (stricmp(s8_Name, "iso-8859-15")       == 0) return 28605;
+		if (stricmp(s8_Name, "iso-8859-2")        == 0) return 28592;
+		if (stricmp(s8_Name, "iso-8859-3")        == 0) return 28593;
+		if (stricmp(s8_Name, "iso-8859-4")        == 0) return 28594;
+		if (stricmp(s8_Name, "iso-8859-5")        == 0) return 28595;
+		if (stricmp(s8_Name, "iso-8859-6")        == 0) return 28596;
+		if (stricmp(s8_Name, "iso-8859-7")        == 0) return 28597;
+		if (stricmp(s8_Name, "iso-8859-8")        == 0) return 28598;
+		if (stricmp(s8_Name, "iso-8859-8-i")      == 0) return 38598;
+		if (stricmp(s8_Name, "iso-8859-9")        == 0) return 28599;
+		if (stricmp(s8_Name, "Johab")             == 0) return 1361;
+		if (stricmp(s8_Name, "koi8-r")            == 0) return 20866;
+		if (stricmp(s8_Name, "koi8-u")            == 0) return 21866;
+		if (stricmp(s8_Name, "ks_c_5601-1987")    == 0) return 949;
+		if (stricmp(s8_Name, "macintosh")         == 0) return 10000;
+		if (stricmp(s8_Name, "unicodeFFFE")       == 0) return 1201;
+		if (stricmp(s8_Name, "us-ascii")          == 0) return 20127;
+		if (stricmp(s8_Name, "utf-16")            == 0) return 1200;
+		if (stricmp(s8_Name, "utf-32")            == 0) return 12000;
+		if (stricmp(s8_Name, "utf-32BE")          == 0) return 12001;
+		if (stricmp(s8_Name, "utf-7")             == 0) return 65000;
+		if (stricmp(s8_Name, "utf-8")             == 0) return 65001;
+		if (stricmp(s8_Name, "windows-1250")      == 0) return 1250;
+		if (stricmp(s8_Name, "windows-1251")      == 0) return 1251;
+		if (stricmp(s8_Name, "Windows-1252")      == 0) return 1252;
+		if (stricmp(s8_Name, "windows-1253")      == 0) return 1253;
+		if (stricmp(s8_Name, "windows-1254")      == 0) return 1254;
+		if (stricmp(s8_Name, "windows-1255")      == 0) return 1255;
+		if (stricmp(s8_Name, "windows-1256")      == 0) return 1256;
+		if (stricmp(s8_Name, "windows-1257")      == 0) return 1257;
+		if (stricmp(s8_Name, "windows-1258")      == 0) return 1258;
+		if (stricmp(s8_Name, "windows-874")       == 0) return 874;
+		if (stricmp(s8_Name, "x-Chinese-CNS")     == 0) return 20000;
+		if (stricmp(s8_Name, "x-Chinese-Eten")    == 0) return 20002;
+		if (stricmp(s8_Name, "x-cp20001")         == 0) return 20001;
+		if (stricmp(s8_Name, "x-cp20003")         == 0) return 20003;
+		if (stricmp(s8_Name, "x-cp20004")         == 0) return 20004;
+		if (stricmp(s8_Name, "x-cp20005")         == 0) return 20005;
+		if (stricmp(s8_Name, "x-cp20261")         == 0) return 20261;
+		if (stricmp(s8_Name, "x-cp20269")         == 0) return 20269;
+		if (stricmp(s8_Name, "x-cp20936")         == 0) return 20936;
+		if (stricmp(s8_Name, "x-cp20949")         == 0) return 20949;
+		if (stricmp(s8_Name, "x-cp50227")         == 0) return 50227;
+		if (stricmp(s8_Name, "x-EBCDIC-KoreanExtended") == 0) return 20833;
+		if (stricmp(s8_Name, "x-Europa")          == 0) return 29001;
+		if (stricmp(s8_Name, "x-IA5")             == 0) return 20105;
+		if (stricmp(s8_Name, "x-IA5-German")      == 0) return 20106;
+		if (stricmp(s8_Name, "x-IA5-Norwegian")   == 0) return 20108;
+		if (stricmp(s8_Name, "x-IA5-Swedish")     == 0) return 20107;
+		if (stricmp(s8_Name, "x-iscii-as")        == 0) return 57006;
+		if (stricmp(s8_Name, "x-iscii-be")        == 0) return 57003;
+		if (stricmp(s8_Name, "x-iscii-de")        == 0) return 57002;
+		if (stricmp(s8_Name, "x-iscii-gu")        == 0) return 57010;
+		if (stricmp(s8_Name, "x-iscii-ka")        == 0) return 57008;
+		if (stricmp(s8_Name, "x-iscii-ma")        == 0) return 57009;
+		if (stricmp(s8_Name, "x-iscii-or")        == 0) return 57007;
+		if (stricmp(s8_Name, "x-iscii-pa")        == 0) return 57011;
+		if (stricmp(s8_Name, "x-iscii-ta")        == 0) return 57004;
+		if (stricmp(s8_Name, "x-iscii-te")        == 0) return 57005;
+		if (stricmp(s8_Name, "x-mac-arabic")      == 0) return 10004;
+		if (stricmp(s8_Name, "x-mac-ce")          == 0) return 10029;
+		if (stricmp(s8_Name, "x-mac-chinesesimp") == 0) return 10008;
+		if (stricmp(s8_Name, "x-mac-chinesetrad") == 0) return 10002;
+		if (stricmp(s8_Name, "x-mac-croatian")    == 0) return 10082;
+		if (stricmp(s8_Name, "x-mac-cyrillic")    == 0) return 10007;
+		if (stricmp(s8_Name, "x-mac-greek")       == 0) return 10006;
+		if (stricmp(s8_Name, "x-mac-hebrew")      == 0) return 10005;
+		if (stricmp(s8_Name, "x-mac-icelandic")   == 0) return 10079;
+		if (stricmp(s8_Name, "x-mac-japanese")    == 0) return 10001;
+		if (stricmp(s8_Name, "x-mac-korean")      == 0) return 10003;
+		if (stricmp(s8_Name, "x-mac-romanian")    == 0) return 10010;
+		if (stricmp(s8_Name, "x-mac-thai")        == 0) return 10021;
+		if (stricmp(s8_Name, "x-mac-turkish")     == 0) return 10081;
+		if (stricmp(s8_Name, "x-mac-ukrainian")   == 0) return 10017;
+
+		throw exception(std::string("Unknown charset: ") + s8_Name);
+	}
+};
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS
+
+#endif // VMIME_PLATFORMS_WINDOWS_CODEPAGES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.cpp b/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.cpp
new file mode 100644
index 0000000..c0a0bec
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.cpp
@@ -0,0 +1,67 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS
+
+
+#include "vmime/platforms/windows/windowsCriticalSection.hpp"
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+windowsCriticalSection::windowsCriticalSection() {
+
+	InitializeCriticalSectionAndSpinCount(&m_cs, 0x400);
+}
+
+
+windowsCriticalSection::~windowsCriticalSection() {
+
+	DeleteCriticalSection(&m_cs);
+}
+
+
+void windowsCriticalSection::lock() {
+
+	EnterCriticalSection(&m_cs);
+}
+
+
+void windowsCriticalSection::unlock() {
+
+	LeaveCriticalSection(&m_cs);
+}
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS
diff --git a/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.hpp b/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.hpp
new file mode 100644
index 0000000..ffe8294
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsCriticalSection.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_WINDOWS_CRITICALSECTION_HPP_INCLUDED
+#define VMIME_PLATFORMS_WINDOWS_CRITICALSECTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS
+
+
+#include "vmime/utility/sync/criticalSection.hpp"
+
+
+#include <windows.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+class windowsCriticalSection : public utility::sync::criticalSection {
+
+public:
+
+	windowsCriticalSection();
+	~windowsCriticalSection();
+
+	void lock();
+	void unlock();
+
+private:
+
+	CRITICAL_SECTION m_cs;
+};
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS
+
+#endif // VMIME_PLATFORMS_WINDOWS_CRITICALSECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/windows/windowsFile.cpp b/vmime-master/src/vmime/platforms/windows/windowsFile.cpp
new file mode 100644
index 0000000..774731c
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsFile.cpp
@@ -0,0 +1,712 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/platforms/windows/windowsFile.hpp"
+
+#include <windows.h>
+#include <string.h>
+
+#include "vmime/exception.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+shared_ptr <vmime::utility::file> windowsFileSystemFactory::create(
+	const vmime::utility::file::path& path
+) const {
+
+	return make_shared <windowsFile>(path);
+}
+
+
+const vmime::utility::file::path windowsFileSystemFactory::stringToPath(
+	const vmime::string& str
+) const {
+
+	return stringToPathImpl(str);
+}
+
+
+const vmime::string windowsFileSystemFactory::pathToString(
+	const vmime::utility::file::path& path
+) const {
+
+	return pathToStringImpl(path);
+}
+
+
+const vmime::utility::file::path windowsFileSystemFactory::stringToPathImpl(
+	const vmime::string& str
+) {
+
+	vmime::size_t offset = 0;
+	vmime::size_t prev = 0;
+
+	vmime::utility::file::path path;
+
+	while ((offset = str.find_first_of("\\", offset)) != vmime::string::npos) {
+
+		if (offset != prev) {
+
+			path.appendComponent(
+				vmime::utility::file::path::component(
+					vmime::string(str.begin() + prev, str.begin() + offset)
+				)
+			);
+		}
+
+		prev = offset + 1;
+		offset++;
+	}
+
+	if (prev < str.length()) {
+
+		path.appendComponent(
+			vmime::utility::file::path::component(
+				vmime::string(str.begin() + prev, str.end())
+			)
+		);
+	}
+
+	return path;
+}
+
+
+const vmime::string windowsFileSystemFactory::pathToStringImpl(
+	const vmime::utility::file::path& path
+) {
+
+	vmime::string native = "";
+
+	for (int i = 0 ; i < path.getSize() ; ++i) {
+
+		if (i > 0) {
+			native += "\\";
+		}
+
+		native += path[i].getBuffer();
+	}
+
+	return native;
+}
+
+
+bool windowsFileSystemFactory::isValidPathComponent(
+	const vmime::utility::file::path::component& comp
+) const {
+
+	return isValidPathComponent(comp, false);
+}
+
+
+bool windowsFileSystemFactory::isValidPathComponent(
+	const vmime::utility::file::path::component& comp,
+	bool firstComponent
+) const {
+
+	const string& buffer = comp.getBuffer();
+
+	// If first component, check if component is a drive
+	if (firstComponent && (buffer.length() == 2) && (buffer[1] == ':')) {
+
+		char drive = tolower(buffer[0]);
+
+		if ((drive >= 'a') && (drive <= 'z')) {
+			return true;
+		}
+	}
+
+	// Check for invalid characters
+	for (size_t i = 0 ; i < buffer.length() ; ++i) {
+
+		const unsigned char c = buffer[i];
+
+		switch (c) {
+
+			// Reserved characters
+			case '<': case '>': case ':':
+			case '"': case '/': case '\\':
+			case '|': case '$': case '*':
+
+				return false;
+
+			default:
+
+				if (c <= 31) {
+					return false;
+				}
+		}
+	}
+
+	string upperBuffer = vmime::utility::stringUtils::toUpper(buffer);
+
+	// Check for reserved names
+	if (upperBuffer.length() == 3) {
+
+		if (upperBuffer == "CON" || buffer == "PRN" || buffer == "AUX" || buffer == "NUL") {
+			return false;
+		}
+
+	} else if (upperBuffer.length() == 4) {
+
+		if ((upperBuffer.substr(0, 3) == "COM") && // COM0 to COM9
+		    (upperBuffer[3] >= '0') && (upperBuffer[3] <= '9')) {
+
+			return false;
+
+		} else if ((upperBuffer.substr(0, 3) == "LPT") && // LPT0 to LPT9
+		           (upperBuffer[3] >= '0') && (upperBuffer[3] <= '9')) {
+
+			return false;
+		}
+	}
+
+	return true;
+}
+
+
+bool windowsFileSystemFactory::isValidPath(const vmime::utility::file::path& path) const {
+
+	for (int i = 0 ; i < path.getSize() ; ++i) {
+
+		if (!isValidPathComponent(path[i], (i == 0))) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+
+void windowsFileSystemFactory::reportError(const vmime::utility::path& path, const int err) {
+
+	vmime::string desc;
+
+	LPVOID lpMsgBuf;
+
+	if (FormatMessage(
+			FORMAT_MESSAGE_ALLOCATE_BUFFER |
+			FORMAT_MESSAGE_FROM_SYSTEM |
+			FORMAT_MESSAGE_IGNORE_INSERTS,
+			NULL,
+			err,
+			MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+			(LPTSTR) &lpMsgBuf,
+			0,
+			NULL)) {
+
+		desc = (char*) lpMsgBuf;
+		LocalFree(lpMsgBuf);
+	}
+
+	throw vmime::exceptions::filesystem_exception(desc, path);
+}
+
+
+
+
+windowsFile::windowsFile(const vmime::utility::file::path& path)
+	: m_path(path),
+	  m_nativePath(windowsFileSystemFactory::pathToStringImpl(path)) {
+
+}
+
+
+void windowsFile::createFile() {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_WRITE,
+		FILE_SHARE_READ | FILE_SHARE_WRITE,
+		NULL,
+		CREATE_ALWAYS,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	CloseHandle(hFile);
+}
+
+
+void windowsFile::createDirectory(const bool createAll) {
+
+	createDirectoryImpl(m_path, m_path, createAll);
+}
+
+
+bool windowsFile::isFile() const {
+
+	DWORD dwFileAttribute = GetFileAttributes(m_nativePath.c_str());
+
+	if (dwFileAttribute == INVALID_FILE_ATTRIBUTES) {
+		return false;
+	}
+
+	return (dwFileAttribute & FILE_ATTRIBUTE_DIRECTORY) == 0;
+}
+
+
+bool windowsFile::isDirectory() const {
+
+	DWORD dwFileAttribute = GetFileAttributes(m_nativePath.c_str());
+
+	if (dwFileAttribute == INVALID_FILE_ATTRIBUTES) {
+		return false;
+	}
+
+	return (dwFileAttribute & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY;
+}
+
+
+bool windowsFile::canRead() const {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_READ,
+		FILE_SHARE_READ,
+		NULL,
+		OPEN_EXISTING,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		return false;
+	}
+
+	CloseHandle(hFile);
+
+	return true;
+}
+
+
+bool windowsFile::canWrite() const {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_WRITE,
+		FILE_SHARE_WRITE,
+		NULL,
+		OPEN_ALWAYS,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		return false;
+	}
+
+	CloseHandle(hFile);
+
+	return true;
+}
+
+
+windowsFile::length_type windowsFile::getLength() {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_READ,
+		FILE_SHARE_READ,
+		NULL,
+		OPEN_EXISTING,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	DWORD dwSize = GetFileSize(hFile, NULL);
+
+	CloseHandle(hFile);
+
+	return dwSize;
+}
+
+
+const vmime::utility::path& windowsFile::getFullPath() const {
+
+	return m_path;
+}
+
+
+bool windowsFile::exists() const {
+
+	WIN32_FIND_DATA findData;
+	HANDLE hFind = FindFirstFile(m_nativePath.c_str(), &findData);
+
+	if (hFind != INVALID_HANDLE_VALUE) {
+		FindClose(hFind);
+		return true;
+	}
+
+	return false;
+}
+
+
+shared_ptr <vmime::utility::file> windowsFile::getParent() const {
+
+	if (m_path.isEmpty()) {
+		return null;
+	} else {
+		return make_shared <windowsFile>(m_path.getParent());
+	}
+}
+
+
+void windowsFile::rename(const path& newName) {
+
+	const vmime::string newNativeName = windowsFileSystemFactory::pathToStringImpl(newName);
+
+	if (MoveFile(m_nativePath.c_str(), newNativeName.c_str())) {
+
+		m_path = newName;
+		m_nativePath = newNativeName;
+
+	} else {
+
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+}
+
+
+void windowsFile::remove() {
+
+	if (!DeleteFile(m_nativePath.c_str())) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+}
+
+
+shared_ptr <vmime::utility::fileWriter> windowsFile::getFileWriter() {
+
+	return make_shared <windowsFileWriter>(m_path, m_nativePath);
+}
+
+
+shared_ptr <vmime::utility::fileReader> windowsFile::getFileReader() {
+
+	return make_shared <windowsFileReader>(m_path, m_nativePath);
+}
+
+
+shared_ptr <vmime::utility::fileIterator> windowsFile::getFiles() const {
+
+	return make_shared <windowsFileIterator>(m_path, m_nativePath);
+}
+
+
+void windowsFile::createDirectoryImpl(
+	const vmime::utility::file::path& fullPath,
+	const vmime::utility::file::path& path,
+	const bool recursive
+) {
+
+	const vmime::string nativePath = windowsFileSystemFactory::pathToStringImpl(path);
+
+	windowsFile tmp(path);
+
+	if (tmp.isDirectory()) {
+		return;
+	}
+
+	if (!path.isEmpty() && recursive) {
+		createDirectoryImpl(fullPath, path.getParent(), true);
+	}
+
+	if (!CreateDirectory(nativePath.c_str(), NULL)) {
+		windowsFileSystemFactory::reportError(fullPath, GetLastError());
+	}
+}
+
+
+
+windowsFileIterator::windowsFileIterator(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath),
+	  m_moreElements(false),
+	  m_hFind(INVALID_HANDLE_VALUE) {
+
+	findFirst();
+}
+
+
+windowsFileIterator::~windowsFileIterator() {
+
+	if (m_hFind != INVALID_HANDLE_VALUE) {
+		FindClose(m_hFind);
+	}
+}
+
+
+bool windowsFileIterator::hasMoreElements() const {
+
+	return m_moreElements;
+}
+
+
+shared_ptr <vmime::utility::file> windowsFileIterator::nextElement() {
+
+	shared_ptr <vmime::utility::file> pFile = make_shared <windowsFile>(
+		m_path / vmime::utility::file::path::component(m_findData.cFileName)
+	);
+
+	findNext();
+
+	return pFile;
+}
+
+
+void windowsFileIterator::findFirst() {
+
+	m_hFind = FindFirstFile(m_nativePath.c_str(), &m_findData);
+
+	if (m_hFind == INVALID_HANDLE_VALUE) {
+		m_moreElements = false;
+		return;
+	}
+
+	m_moreElements = true;
+
+	if (isCurrentOrParentDir()) {
+		findNext();
+	}
+}
+
+
+void windowsFileIterator::findNext() {
+
+	do {
+
+		if (!FindNextFile(m_hFind, &m_findData)) {
+			m_moreElements = false;
+			return;
+		}
+
+	} while (isCurrentOrParentDir());
+}
+
+
+bool windowsFileIterator::isCurrentOrParentDir() const {
+
+	vmime::string s(m_findData.cFileName);
+
+	if ((s == ".") || (s == "..")) {
+		return true;
+	}
+
+	return false;
+}
+
+
+
+windowsFileReader::windowsFileReader(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath) {
+
+}
+
+
+shared_ptr <vmime::utility::inputStream> windowsFileReader::getInputStream() {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_READ,
+		FILE_SHARE_READ,
+		NULL,
+		OPEN_EXISTING,
+		0,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	return make_shared <windowsFileReaderInputStream>(m_path, hFile);
+}
+
+
+windowsFileReaderInputStream::windowsFileReaderInputStream(
+	const vmime::utility::file::path& path,
+	HANDLE hFile
+)
+	: m_path(path),
+	  m_hFile(hFile) {
+
+}
+
+windowsFileReaderInputStream::~windowsFileReaderInputStream() {
+
+	CloseHandle(m_hFile);
+}
+
+
+bool windowsFileReaderInputStream::eof() const {
+
+	DWORD dwSize = GetFileSize(m_hFile, NULL);
+	DWORD dwPosition = SetFilePointer(m_hFile, 0, NULL, FILE_CURRENT);
+
+	return dwSize == dwPosition;
+}
+
+
+void windowsFileReaderInputStream::reset() {
+
+	SetFilePointer(m_hFile, 0, NULL, FILE_BEGIN);
+}
+
+
+size_t windowsFileReaderInputStream::read(byte_t* const data, const size_t count) {
+
+	DWORD dwBytesRead;
+
+	if (!ReadFile(m_hFile, (LPVOID) data, (DWORD) count, &dwBytesRead, NULL)) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	return dwBytesRead;
+}
+
+
+size_t windowsFileReaderInputStream::skip(const size_t count) {
+
+	DWORD dwCurPos = SetFilePointer(m_hFile, 0, NULL, FILE_CURRENT);
+	DWORD dwNewPos = SetFilePointer(m_hFile, (LONG) count, NULL, FILE_CURRENT);
+
+	return dwNewPos - dwCurPos;
+}
+
+
+size_t windowsFileReaderInputStream::getPosition() const {
+
+	DWORD dwCurPos = SetFilePointer(m_hFile, 0, NULL, FILE_CURRENT);
+
+	if (dwCurPos == INVALID_SET_FILE_POINTER) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	return static_cast <size_t>(dwCurPos);
+}
+
+void windowsFileReaderInputStream::seek(const size_t pos) {
+
+	DWORD dwNewPos = SetFilePointer(m_hFile, (LONG) pos, NULL, FILE_BEGIN);
+
+	if (dwNewPos == INVALID_SET_FILE_POINTER) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+}
+
+
+
+windowsFileWriter::windowsFileWriter(
+	const vmime::utility::file::path& path,
+	const vmime::string& nativePath
+)
+	: m_path(path),
+	  m_nativePath(nativePath) {
+
+}
+
+shared_ptr <vmime::utility::outputStream> windowsFileWriter::getOutputStream() {
+
+	HANDLE hFile = CreateFile(
+		m_nativePath.c_str(),
+		GENERIC_WRITE,
+		FILE_SHARE_WRITE,
+		NULL,
+		CREATE_ALWAYS,
+		FILE_ATTRIBUTE_NORMAL,
+		NULL
+	);
+
+	if (hFile == INVALID_HANDLE_VALUE) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+
+	return make_shared <windowsFileWriterOutputStream>(m_path, hFile);
+}
+
+
+windowsFileWriterOutputStream::windowsFileWriterOutputStream(
+	const vmime::utility::file::path& path,
+	HANDLE hFile
+)
+	: m_path(path),
+	  m_hFile(hFile) {
+
+}
+
+
+windowsFileWriterOutputStream::~windowsFileWriterOutputStream() {
+
+	CloseHandle(m_hFile);
+}
+
+
+void windowsFileWriterOutputStream::writeImpl(const byte_t* const data, const size_t count) {
+
+	DWORD dwBytesWritten;
+
+	if (!WriteFile(m_hFile, data, (DWORD) count, &dwBytesWritten, NULL)) {
+		windowsFileSystemFactory::reportError(m_path, GetLastError());
+	}
+}
+
+
+void windowsFileWriterOutputStream::flush() {
+
+	// TODO
+}
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_FILESYSTEM_FEATURES
+
diff --git a/vmime-master/src/vmime/platforms/windows/windowsFile.hpp b/vmime-master/src/vmime/platforms/windows/windowsFile.hpp
new file mode 100644
index 0000000..dc4b5ed
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsFile.hpp
@@ -0,0 +1,225 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_WINDOWS_FILE_HPP_INCLUDED
+#define VMIME_PLATFORMS_WINDOWS_FILE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#include "vmime/utility/file.hpp"
+#include "vmime/utility/seekableInputStream.hpp"
+
+#include <windows.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+class windowsFileSystemFactory : public vmime::utility::fileSystemFactory {
+
+public:
+
+	shared_ptr <vmime::utility::file> create(const vmime::utility::file::path& path) const;
+
+	const vmime::utility::file::path stringToPath(const vmime::string& str) const;
+	const vmime::string pathToString(const vmime::utility::file::path& path) const;
+
+	static const vmime::utility::file::path stringToPathImpl(const vmime::string& str);
+	static const vmime::string pathToStringImpl(const vmime::utility::file::path& path);
+
+	bool isValidPathComponent(const vmime::utility::file::path::component& comp) const;
+	bool isValidPathComponent(const vmime::utility::file::path::component& comp,
+		                              bool firstComponent) const;
+	bool isValidPath(const vmime::utility::file::path& path) const;
+
+	static void reportError(const vmime::utility::path& path, const int err);
+};
+
+
+class windowsFile : public vmime::utility::file {
+
+public:
+
+	windowsFile(const vmime::utility::file::path& path);
+
+	void createFile();
+	void createDirectory(const bool createAll = false);
+
+	bool isFile() const;
+	bool isDirectory() const;
+
+	bool canRead() const;
+	bool canWrite() const;
+
+	length_type getLength();
+
+	const path& getFullPath() const;
+
+	bool exists() const;
+
+	shared_ptr <file> getParent() const;
+
+	void rename(const path& newName);
+	void remove();
+
+	shared_ptr <vmime::utility::fileWriter> getFileWriter();
+
+	shared_ptr <vmime::utility::fileReader> getFileReader();
+
+	shared_ptr <vmime::utility::fileIterator> getFiles() const;
+
+private:
+
+	static void createDirectoryImpl(
+		const vmime::utility::file::path& fullPath,
+		const vmime::utility::file::path& path,
+		const bool recursive = false
+	);
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+class windowsFileIterator : public vmime::utility::fileIterator {
+
+public:
+
+	windowsFileIterator(const vmime::utility::file::path& path, const vmime::string& nativePath);
+	~windowsFileIterator();
+
+	bool hasMoreElements() const;
+	shared_ptr <vmime::utility::file> nextElement();
+
+private:
+
+	void findFirst();
+	void findNext();
+	bool isCurrentOrParentDir() const;
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+	WIN32_FIND_DATA m_findData;
+	bool m_moreElements;
+	HANDLE m_hFind;
+};
+
+
+class windowsFileReader : public vmime::utility::fileReader {
+
+public:
+
+	windowsFileReader(const vmime::utility::file::path& path, const vmime::string& nativePath);
+
+public:
+
+	shared_ptr <vmime::utility::inputStream> getInputStream();
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+class windowsFileReaderInputStream : public vmime::utility::inputStream {
+
+public:
+
+	windowsFileReaderInputStream(const vmime::utility::file::path& path, HANDLE hFile);
+	~windowsFileReaderInputStream();
+
+public:
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	const vmime::utility::file::path m_path;
+	HANDLE m_hFile;
+};
+
+
+class windowsFileWriter : public vmime::utility::fileWriter {
+
+public:
+
+	windowsFileWriter(const vmime::utility::file::path& path, const vmime::string& nativePath);
+
+public:
+
+	shared_ptr <vmime::utility::outputStream> getOutputStream();
+
+private:
+
+	vmime::utility::file::path m_path;
+	vmime::string m_nativePath;
+};
+
+
+class windowsFileWriterOutputStream : public vmime::utility::outputStream {
+
+public:
+
+	windowsFileWriterOutputStream(const vmime::utility::file::path& path, HANDLE hFile);
+	~windowsFileWriterOutputStream();
+
+public:
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	const vmime::utility::file::path m_path;
+	HANDLE m_hFile;
+};
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_FILESYSTEM_FEATURES
+
+#endif // VMIME_PLATFORMS_WINDOWS_FILE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/windows/windowsHandler.cpp b/vmime-master/src/vmime/platforms/windows/windowsHandler.cpp
new file mode 100644
index 0000000..551f672
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsHandler.cpp
@@ -0,0 +1,315 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS
+
+
+#include "vmime/platforms/windows/windowsHandler.hpp"
+
+#include "vmime/platforms/windows/windowsCriticalSection.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <time.h>
+#include <locale.h>
+#include <process.h>
+#include <winsock2.h> // for WSAStartup()
+#include <windows.h>  // for winnls.h
+#include <ws2tcpip.h>
+#include <wincrypt.h>
+
+#if VMIME_HAVE_MLANG
+#   include <mlang.h>
+#endif
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+windowsHandler::windowsHandler() {
+
+	WSAData wsaData;
+	WSAStartup(MAKEWORD(1, 1), &wsaData);
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	m_socketFactory = make_shared <windowsSocketFactory>();
+#endif
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	m_fileSysFactory = make_shared <windowsFileSystemFactory>();
+#endif
+
+}
+
+
+windowsHandler::~windowsHandler() {
+
+	WSACleanup();
+}
+
+
+unsigned long windowsHandler::getUnixTime() const {
+
+	return static_cast <unsigned long>(::time(NULL));
+}
+
+
+const vmime::datetime windowsHandler::getCurrentLocalTime() const {
+
+	const time_t t(::time(NULL));
+
+	// Get the local time
+#if VMIME_HAVE_LOCALTIME_S
+	tm local;
+	::localtime_s(&local, &t);
+#elif VMIME_HAVE_LOCALTIME_R
+	tm local;
+	::localtime_r(&t, &local);
+#else
+	tm local = *::localtime(&t);  // WARNING: this is not thread-safe!
+#endif
+
+	// Get the UTC time
+#if VMIME_HAVE_GMTIME_S
+	tm gmt;
+	::gmtime_s(&gmt, &t);
+#elif VMIME_HAVE_GMTIME_R
+	tm gmt;
+	::gmtime_r(&t, &gmt);
+#else
+	tm gmt = *::gmtime(&t);  // WARNING: this is not thread-safe!
+#endif
+
+	// "A negative value for tm_isdst causes mktime() to attempt
+	//  to determine whether Daylight Saving Time is in effect
+	//  for the specified time."
+	local.tm_isdst = -1;
+	gmt.tm_isdst = -1;
+
+	// Calculate the difference (in seconds)
+	const int diff = (const int)(::mktime(&local) - ::mktime(&gmt));
+
+	// Return the date
+	return vmime::datetime(
+		local.tm_year + 1900, local.tm_mon + 1, local.tm_mday,
+		local.tm_hour, local.tm_min, local.tm_sec, diff / 60  // minutes needed
+	);
+}
+
+
+const vmime::charset windowsHandler::getLocalCharset() const {
+
+#if VMIME_HAVE_MLANG
+
+	char szCharset[256];
+
+	CoInitialize(NULL);
+	{
+		IMultiLanguage* pMultiLanguage;
+
+		CoCreateInstance(
+			CLSID_CMultiLanguage,
+			NULL,
+			CLSCTX_INPROC_SERVER,
+			IID_IMultiLanguage,
+			(void**) &pMultiLanguage
+		);
+
+		UINT codePage = GetACP();
+		MIMECPINFO cpInfo;
+		pMultiLanguage->GetCodePageInfo(codePage, &cpInfo);
+
+		int nLengthW = lstrlenW(cpInfo.wszBodyCharset) + 1;
+
+		WideCharToMultiByte(
+			codePage, 0, cpInfo.wszBodyCharset, nLengthW,
+			szCharset, sizeof(szCharset), NULL, NULL
+		);
+
+		pMultiLanguage->Release();
+	}
+	CoUninitialize();
+
+	return vmime::charset(szCharset);
+
+#else // VMIME_HAVE_MLANG
+
+	vmime::string ch = vmime::charsets::ISO8859_1; // default
+
+	switch (GetACP()) {
+
+		case 437: ch = vmime::charsets::CP_437; break;
+		case 737: ch = vmime::charsets::CP_737; break;
+		case 775: ch = vmime::charsets::CP_775; break;
+		case 850: ch = vmime::charsets::CP_850; break;
+		case 852: ch = vmime::charsets::CP_852; break;
+		case 853: ch = vmime::charsets::CP_853; break;
+		case 855: ch = vmime::charsets::CP_855; break;
+		case 857: ch = vmime::charsets::CP_857; break;
+		case 858: ch = vmime::charsets::CP_858; break;
+		case 860: ch = vmime::charsets::CP_860; break;
+		case 861: ch = vmime::charsets::CP_861; break;
+		case 862: ch = vmime::charsets::CP_862; break;
+		case 863: ch = vmime::charsets::CP_863; break;
+		case 864: ch = vmime::charsets::CP_864; break;
+		case 865: ch = vmime::charsets::CP_865; break;
+		case 866: ch = vmime::charsets::CP_866; break;
+		case 869: ch = vmime::charsets::CP_869; break;
+		case 874: ch = vmime::charsets::CP_874; break;
+
+		case 1125: ch = vmime::charsets::CP_1125; break;
+		case 1250: ch = vmime::charsets::CP_1250; break;
+		case 1251: ch = vmime::charsets::CP_1251; break;
+		case 1252: ch = vmime::charsets::CP_1252; break;
+		case 1253: ch = vmime::charsets::CP_1253; break;
+		case 1254: ch = vmime::charsets::CP_1254; break;
+		case 1255: ch = vmime::charsets::CP_1255; break;
+		case 1256: ch = vmime::charsets::CP_1256; break;
+		case 1257: ch = vmime::charsets::CP_1257; break;
+
+		case 28591: ch = vmime::charsets::ISO8859_1; break;
+		case 28592: ch = vmime::charsets::ISO8859_2; break;
+		case 28593: ch = vmime::charsets::ISO8859_3; break;
+		case 28594: ch = vmime::charsets::ISO8859_4; break;
+		case 28595: ch = vmime::charsets::ISO8859_5; break;
+		case 28596: ch = vmime::charsets::ISO8859_6; break;
+		case 28597: ch = vmime::charsets::ISO8859_7; break;
+		case 28598: ch = vmime::charsets::ISO8859_8; break;
+		case 28599: ch = vmime::charsets::ISO8859_9; break;
+		case 28605: ch = vmime::charsets::ISO8859_15; break;
+
+		case 65000: ch = vmime::charsets::UTF_7; break;
+		case 65001: ch = vmime::charsets::UTF_8; break;
+	}
+
+	return vmime::charset(ch);
+
+#endif
+
+}
+
+
+const vmime::string windowsHandler::getHostName() const {
+
+	char hostname[1024];
+	DWORD hostnameLen;
+
+	// First, try to get a Fully-Qualified Domain Name (FQDN)
+	for (int cnf = ComputerNameDnsHostname ; cnf <= ComputerNameDnsFullyQualified ; ++cnf) {
+
+		hostnameLen = sizeof(hostname);
+
+		if (GetComputerNameEx((COMPUTER_NAME_FORMAT) cnf, hostname, &hostnameLen)) {
+
+			const vmime::string hostnameStr(hostname);
+
+			if (utility::stringUtils::isValidFQDN(hostnameStr)) {
+				return hostnameStr;
+			}
+		}
+	}
+
+	// Anything else will be OK, as long as it is a valid hostname
+	for (int cnf = 0 ; cnf < ComputerNameMax ; ++cnf) {
+
+		hostnameLen = sizeof(hostname);
+
+		if (GetComputerNameEx((COMPUTER_NAME_FORMAT) cnf, hostname, &hostnameLen)) {
+
+			const vmime::string hostnameStr(hostname);
+
+			if (utility::stringUtils::isValidHostname(hostnameStr)) {
+				return hostnameStr;
+			}
+		}
+	}
+
+	return "localhost.localdomain";
+}
+
+
+unsigned int windowsHandler::getProcessId() const {
+
+	return static_cast <unsigned int>(::GetCurrentProcessId());
+}
+
+
+unsigned int windowsHandler::getThreadId() const {
+
+	return static_cast <unsigned int>(::GetCurrentThreadId());
+}
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+shared_ptr <vmime::net::socketFactory> windowsHandler::getSocketFactory() {
+
+	return m_socketFactory;
+}
+
+#endif
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+shared_ptr <vmime::utility::fileSystemFactory> windowsHandler::getFileSystemFactory() {
+
+	return m_fileSysFactory;
+}
+
+
+shared_ptr <vmime::utility::childProcessFactory> windowsHandler::getChildProcessFactory() {
+
+	// TODO: Not implemented
+	return null;
+}
+
+#endif
+
+
+void windowsHandler::generateRandomBytes(unsigned char* buffer, const unsigned int count) {
+
+	HCRYPTPROV cryptProvider = 0;
+	CryptAcquireContext(&cryptProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
+	CryptGenRandom(cryptProvider, static_cast <unsigned long>(count), static_cast <unsigned char*>(buffer));
+	CryptReleaseContext(cryptProvider, 0);
+}
+
+
+shared_ptr <utility::sync::criticalSection> windowsHandler::createCriticalSection() {
+
+	return make_shared <windowsCriticalSection>();
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS
+
diff --git a/vmime-master/src/vmime/platforms/windows/windowsHandler.hpp b/vmime-master/src/vmime/platforms/windows/windowsHandler.hpp
new file mode 100644
index 0000000..9dda256
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsHandler.hpp
@@ -0,0 +1,101 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_WINDOWS_HANDLER_HPP_INCLUDED
+#define VMIME_PLATFORMS_WINDOWS_HANDLER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS
+
+
+#include "vmime/platform.hpp"
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	#include "vmime/platforms/windows/windowsSocket.hpp"
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	 #include "vmime/platforms/windows/windowsFile.hpp"
+#endif
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+class VMIME_EXPORT windowsHandler : public vmime::platform::handler {
+
+public:
+
+	windowsHandler();
+	~windowsHandler();
+
+	unsigned long getUnixTime() const;
+
+	const vmime::datetime getCurrentLocalTime() const;
+
+	const vmime::charset getLocalCharset() const;
+
+	const vmime::string getHostName() const;
+
+	unsigned int getProcessId() const;
+	unsigned int getThreadId() const;
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	shared_ptr <vmime::net::socketFactory> getSocketFactory();
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	shared_ptr <vmime::utility::fileSystemFactory> getFileSystemFactory();
+
+	shared_ptr <vmime::utility::childProcessFactory> getChildProcessFactory();
+#endif
+
+	void generateRandomBytes(unsigned char* buffer, const unsigned int count);
+
+	shared_ptr <utility::sync::criticalSection> createCriticalSection();
+
+private:
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+	shared_ptr <windowsSocketFactory> m_socketFactory;
+#endif
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+	shared_ptr <windowsFileSystemFactory> m_fileSysFactory;
+#endif
+};
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS
+
+#endif // VMIME_PLATFORMS_WINDOWS_HANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/platforms/windows/windowsSocket.cpp b/vmime-master/src/vmime/platforms/windows/windowsSocket.cpp
new file mode 100644
index 0000000..3a93c53
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsSocket.cpp
@@ -0,0 +1,547 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_MESSAGING_FEATURES
+
+
+#pragma warning(disable: 4267)
+
+#include "vmime/platforms/windows/windowsSocket.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/exception.hpp"
+
+#include <ws2tcpip.h>
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+//
+// windowsSocket
+//
+
+windowsSocket::windowsSocket(shared_ptr <vmime::net::timeoutHandler> th)
+	: m_timeoutHandler(th),
+	  m_desc(INVALID_SOCKET),
+	  m_status(0) {
+
+	WSAData wsaData;
+	WSAStartup(MAKEWORD(1, 1), &wsaData);
+}
+
+
+windowsSocket::~windowsSocket() {
+
+	if (m_desc != INVALID_SOCKET) {
+		::closesocket(m_desc);
+	}
+
+	WSACleanup();
+}
+
+
+void windowsSocket::connect(const vmime::string& address, const vmime::port_t port) {
+
+	// Close current connection, if any
+	if (m_desc != INVALID_SOCKET) {
+		::closesocket(m_desc);
+		m_desc = INVALID_SOCKET;
+	}
+
+	// Resolve address
+	::sockaddr_in addr;
+
+	memset(&addr, 0, sizeof(addr));
+
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(static_cast <unsigned short>(port));
+	addr.sin_addr.s_addr = ::inet_addr(address.c_str());
+
+	if (m_tracer) {
+
+		std::ostringstream trace;
+		trace << "Connecting to " << address << ", port " << port;
+
+		m_tracer->traceSend(trace.str());
+	}
+
+	if (addr.sin_addr.s_addr == static_cast <int>(-1)) {
+
+		::hostent* hostInfo = ::gethostbyname(address.c_str());
+
+		if (!hostInfo) {
+			// Error: cannot resolve address
+			throw vmime::exceptions::connection_error("Cannot resolve address.");
+		}
+
+		memcpy(reinterpret_cast <char*>(&addr.sin_addr), hostInfo->h_addr, hostInfo->h_length);
+	}
+
+	m_serverAddress = address;
+
+	// Get a new socket
+	m_desc = ::socket(AF_INET, SOCK_STREAM, 0);
+
+	if (m_desc == INVALID_SOCKET) {
+
+		try {
+
+			int err = WSAGetLastError();
+			throwSocketError(err);
+
+		} catch (exceptions::socket_exception& e) {
+
+			throw vmime::exceptions::connection_error("Error while creating socket.", e);
+		}
+	}
+
+	// Start connection
+	if (::connect(m_desc, reinterpret_cast <sockaddr*>(&addr), sizeof(addr)) == -1) {
+
+		try {
+
+			int err = WSAGetLastError();
+			throwSocketError(err);
+
+		} catch (exceptions::socket_exception& e) {
+
+			::closesocket(m_desc);
+			m_desc = INVALID_SOCKET;
+
+			// Error
+			throw vmime::exceptions::connection_error("Error while connecting socket.", e);
+		}
+	}
+
+	// Set socket to non-blocking
+	unsigned long non_blocking = 1;
+	::ioctlsocket(m_desc, FIONBIO, &non_blocking);
+}
+
+
+bool windowsSocket::isConnected() const {
+
+	if (m_desc == INVALID_SOCKET) {
+		return false;
+	}
+
+	char buff;
+
+	return ::recv(m_desc, &buff, 1, MSG_PEEK) != 0;
+}
+
+
+void windowsSocket::disconnect() {
+
+	if (m_desc != INVALID_SOCKET) {
+
+		if (m_tracer) {
+			m_tracer->traceSend("Disconnecting");
+		}
+
+		::shutdown(m_desc, SD_BOTH);
+		::closesocket(m_desc);
+
+		m_desc = INVALID_SOCKET;
+	}
+}
+
+
+static bool isNumericAddress(const char* address) {
+
+	struct addrinfo hint, *info = NULL;
+	memset(&hint, 0, sizeof(hint));
+
+	hint.ai_family = AF_UNSPEC;
+	hint.ai_flags = AI_NUMERICHOST;
+
+	if (getaddrinfo(address, 0, &hint, &info) == 0) {
+
+		freeaddrinfo(info);
+		return true;
+
+	} else {
+
+		return false;
+	}
+}
+
+
+const string windowsSocket::getPeerAddress() const {
+
+	// Get address of connected peer
+	sockaddr peer;
+	socklen_t peerLen = sizeof(peer);
+
+	getpeername(m_desc, reinterpret_cast <sockaddr*>(&peer), &peerLen);
+
+	// Convert to numerical presentation format
+	char host[NI_MAXHOST + 1];
+	char service[NI_MAXSERV + 1];
+
+	if (getnameinfo(reinterpret_cast <sockaddr *>(&peer), peerLen,
+			host, sizeof(host), service, sizeof(service),
+			/* flags */ NI_NUMERICHOST) == 0) {
+
+		return string(host);
+	}
+
+	return "";  // should not happen
+}
+
+
+const string windowsSocket::getPeerName() const {
+
+	// Get address of connected peer
+	sockaddr peer;
+	socklen_t peerLen = sizeof(peer);
+
+	getpeername(m_desc, reinterpret_cast <sockaddr*>(&peer), &peerLen);
+
+	// If server address as specified when connecting is a numeric
+	// address, try to get a host name for it
+	if (isNumericAddress(m_serverAddress.c_str())) {
+
+		char host[NI_MAXHOST + 1];
+		char service[NI_MAXSERV + 1];
+
+		if (getnameinfo(reinterpret_cast <sockaddr *>(&peer), peerLen,
+				host, sizeof(host), service, sizeof(service),
+				/* flags */ NI_NAMEREQD) == 0) {
+
+			return string(host);
+		}
+	}
+
+	return m_serverAddress;
+}
+
+
+size_t windowsSocket::getBlockSize() const {
+
+	return 16384;  // 16 KB
+}
+
+
+void windowsSocket::receive(vmime::string& buffer) {
+
+	const size_t size = receiveRaw(m_buffer, sizeof(m_buffer));
+	buffer = utility::stringUtils::makeStringFromBytes(m_buffer, size);
+}
+
+
+size_t windowsSocket::receiveRaw(byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+	// Check whether data is available
+	if (!waitForRead(50 /* msecs */)) {
+
+		// No data available at this time
+		// Check if we are timed out
+		if (m_timeoutHandler &&
+		    m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				// Server did not react within timeout delay
+				throwSocketError(WSAETIMEDOUT);
+
+			} else {
+
+				// Reset timeout
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+
+		// Continue waiting for data
+		return 0;
+	}
+
+	// Read available data
+	int ret = ::recv(m_desc, reinterpret_cast <char*>(buffer), count, 0);
+
+	if (ret == SOCKET_ERROR) {
+
+		int err = WSAGetLastError();
+
+		if (err != WSAEWOULDBLOCK) {
+			throwSocketError(err);
+		}
+
+		m_status |= STATUS_WOULDBLOCK;
+
+		// Error or no data
+		return 0;
+
+	} else if (ret == 0) {
+
+		// Host shutdown
+		throwSocketError(WSAENOTCONN);
+
+	} else {
+
+		// Data received, reset timeout
+		if (m_timeoutHandler) {
+			m_timeoutHandler->resetTimeOut();
+		}
+
+		return ret;
+	}
+}
+
+
+void windowsSocket::send(const vmime::string& buffer) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(buffer.data()), buffer.length());
+}
+
+
+void windowsSocket::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(str), strlen(str));
+}
+
+
+void windowsSocket::sendRaw(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+	size_t size = count;
+
+	while (size > 0) {
+
+		const int ret = ::send(m_desc, reinterpret_cast <const char*>(buffer), size, 0);
+
+		if (ret == SOCKET_ERROR) {
+
+			int err = WSAGetLastError();
+
+			if (err != WSAEWOULDBLOCK) {
+				throwSocketError(err);
+			}
+
+			waitForWrite(50 /* msecs */);
+
+		} else {
+
+			buffer += ret;
+			size -= ret;
+		}
+	}
+
+	// Reset timeout
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+}
+
+
+size_t windowsSocket::sendRawNonBlocking(const byte_t* buffer, const size_t count) {
+
+	m_status &= ~STATUS_WOULDBLOCK;
+
+	const int ret = ::send(m_desc, reinterpret_cast <const char*>(buffer), count, 0);
+
+	if (ret == SOCKET_ERROR) {
+
+		int err = WSAGetLastError();
+
+		if (err == WSAEWOULDBLOCK) {
+
+			// Check if we are timed out
+			if (m_timeoutHandler &&
+			    m_timeoutHandler->isTimeOut()) {
+
+				if (!m_timeoutHandler->handleTimeOut()) {
+
+					// Could not send data within timeout delay
+					throwSocketError(err);
+
+				} else {
+
+					// Reset timeout
+					m_timeoutHandler->resetTimeOut();
+				}
+			}
+
+			m_status |= STATUS_WOULDBLOCK;
+
+			// No data can be written at this time
+			return 0;
+
+		} else {
+
+			throwSocketError(err);
+		}
+	}
+
+	// Reset timeout
+	if (m_timeoutHandler) {
+		m_timeoutHandler->resetTimeOut();
+	}
+
+	return ret;
+}
+
+
+unsigned int windowsSocket::getStatus() const {
+
+	return m_status;
+}
+
+
+void windowsSocket::throwSocketError(const int err) {
+
+	std::ostringstream oss;
+	string msg;
+
+	LPTSTR str;
+
+	if (::FormatMessage(
+			FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+			NULL, err, 0, (LPTSTR) &str, 0, NULL) == 0) {
+
+		// Failed getting message
+		oss << "Unknown socket error (code " << err << ")";
+
+	} else {
+
+		oss << str;
+		::LocalFree(str);
+	}
+
+	msg = oss.str();
+
+	throw exceptions::socket_exception(msg);
+}
+
+
+bool windowsSocket::waitForData(const bool read, const bool write, const int msecs) {
+
+	for (int i = 0 ; i <= msecs / 10 ; ++i) {
+
+		// Check whether data is available
+		fd_set fds;
+		FD_ZERO(&fds);
+		FD_SET(m_desc, &fds);
+
+		struct timeval tv;
+		tv.tv_sec = 0;
+		tv.tv_usec = 10000;  // 10 ms
+
+		int ret = ::select(m_desc + 1, read ? &fds : NULL, write ? &fds : NULL, NULL, &tv);
+
+		if (ret == SOCKET_ERROR) {
+
+			int err = WSAGetLastError();
+			throwSocketError(err);
+
+		} else if (ret > 0) {
+
+			return true;
+		}
+
+		// No data available at this time
+		// Check if we are timed out
+		if (m_timeoutHandler &&
+		    m_timeoutHandler->isTimeOut()) {
+
+			if (!m_timeoutHandler->handleTimeOut()) {
+
+				// Server did not react within timeout delay
+				throw exceptions::operation_timed_out();
+
+			} else {
+
+				// Reset timeout
+				m_timeoutHandler->resetTimeOut();
+			}
+		}
+	}
+
+	return false;  // time out
+}
+
+
+bool windowsSocket::waitForRead(const int msecs) {
+
+	return waitForData(/* read */ true, /* write */ false, msecs);
+}
+
+
+bool windowsSocket::waitForWrite(const int msecs) {
+
+	return waitForData(/* read */ false, /* write */ true, msecs);
+}
+
+
+shared_ptr <net::timeoutHandler> windowsSocket::getTimeoutHandler() {
+
+	return m_timeoutHandler;
+}
+
+
+void windowsSocket::setTracer(const shared_ptr <net::tracer>& tracer) {
+
+	m_tracer = tracer;
+}
+
+
+shared_ptr <net::tracer> windowsSocket::getTracer() {
+
+	return m_tracer;
+}
+
+
+
+//
+// posixSocketFactory
+//
+
+shared_ptr <vmime::net::socket> windowsSocketFactory::create() {
+
+	shared_ptr <vmime::net::timeoutHandler> th;
+	return make_shared <windowsSocket>(th);
+}
+
+
+shared_ptr <vmime::net::socket> windowsSocketFactory::create(const shared_ptr <vmime::net::timeoutHandler>& th) {
+
+    return make_shared <windowsSocket>(th);
+}
+
+
+} // posix
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_MESSAGING_FEATURES
+
diff --git a/vmime-master/src/vmime/platforms/windows/windowsSocket.hpp b/vmime-master/src/vmime/platforms/windows/windowsSocket.hpp
new file mode 100644
index 0000000..ddb82da
--- /dev/null
+++ b/vmime-master/src/vmime/platforms/windows/windowsSocket.hpp
@@ -0,0 +1,117 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PLATFORMS_WINDOWS_SOCKET_HPP_INCLUDED
+#define VMIME_PLATFORMS_WINDOWS_SOCKET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include <winsock2.h>
+#include "vmime/net/socket.hpp"
+
+
+namespace vmime {
+namespace platforms {
+namespace windows {
+
+
+class windowsSocket : public vmime::net::socket {
+
+public:
+
+	windowsSocket();
+	windowsSocket(shared_ptr <vmime::net::timeoutHandler> th);
+	~windowsSocket();
+
+public:
+
+	void connect(const vmime::string& address, const vmime::port_t port);
+	bool isConnected() const;
+	void disconnect();
+
+	bool waitForRead(const int msecs = 30000);
+	bool waitForWrite(const int msecs = 30000);
+
+	void receive(vmime::string& buffer);
+	size_t receiveRaw(byte_t* buffer, const size_t count);
+
+	void send(const vmime::string& buffer);
+	void send(const char* str);
+	void sendRaw(const byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const string getPeerName() const;
+	const string getPeerAddress() const;
+
+	shared_ptr <net::timeoutHandler> getTimeoutHandler();
+	shared_ptr <net::tracer> m_tracer;
+
+	void setTracer(const shared_ptr <net::tracer>& tracer);
+	shared_ptr <net::tracer> getTracer();
+
+protected:
+
+	void throwSocketError(const int err);
+
+	bool waitForData(const bool read, const bool write, const int msecs);
+
+private:
+
+	shared_ptr <vmime::net::timeoutHandler> m_timeoutHandler;
+
+	byte_t m_buffer[65536];
+	SOCKET m_desc;
+
+	unsigned int m_status;
+
+	string m_serverAddress;
+};
+
+
+
+class windowsSocketFactory : public vmime::net::socketFactory {
+
+public:
+
+	shared_ptr <vmime::net::socket> create();
+	shared_ptr <vmime::net::socket> create(const shared_ptr <vmime::net::timeoutHandler>& th);
+};
+
+
+} // windows
+} // platforms
+} // vmime
+
+
+#endif // VMIME_PLATFORM_IS_WINDOWS && VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_PLATFORMS_WINDOWS_SOCKET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/propertySet.cpp b/vmime-master/src/vmime/propertySet.cpp
new file mode 100644
index 0000000..e0d4848
--- /dev/null
+++ b/vmime-master/src/vmime/propertySet.cpp
@@ -0,0 +1,399 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/propertySet.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+
+
+propertySet::propertySet() {
+
+}
+
+
+propertySet::propertySet(const string& props) {
+
+	parse(props);
+}
+
+
+propertySet::propertySet(const propertySet& set)
+	: object() {
+
+	for (std::list <shared_ptr <property> >::const_iterator it = set.m_props.begin() ;
+	     it != set.m_props.end() ; ++it) {
+
+		m_props.push_back(make_shared <property>(**it));
+	}
+}
+
+
+propertySet::~propertySet() {
+
+	removeAllProperties();
+}
+
+
+propertySet& propertySet::operator=(const propertySet& set) {
+
+	removeAllProperties();
+
+	for (std::list <shared_ptr <property> >::const_iterator it = set.m_props.begin() ;
+	     it != set.m_props.end() ; ++it) {
+
+		m_props.push_back(make_shared <property>(**it));
+	}
+
+	return *this;
+}
+
+
+void propertySet::setFromString(const string& props) {
+
+	parse(props);
+}
+
+
+void propertySet::removeAllProperties() {
+
+	m_props.clear();
+}
+
+
+void propertySet::removeProperty(const string& name) {
+
+	std::list <shared_ptr <property> >::iterator it =
+		std::find_if(m_props.begin(), m_props.end(), propFinder(name));
+
+	if (it != m_props.end()) {
+		m_props.erase(it);
+	}
+}
+
+
+void propertySet::parse(const string& props) {
+
+	const string::const_iterator end = props.end();
+	string::const_iterator pos = props.begin();
+
+	for ( ; pos != end ; ) {
+
+		// Skip white-spaces
+		for ( ; pos != end && parserHelpers::isSpace(*pos) ; ++pos) {}
+
+		if (pos != end) {
+
+			if (*pos == ';') {
+				++pos;
+				continue;
+			}
+
+			// Extract the property name
+			const string::const_iterator optStart = pos;
+
+			for ( ; pos != end && *pos != '=' ; ++pos) {}
+
+			string::const_iterator optEnd = pos;
+
+			for ( ; optEnd != optStart && parserHelpers::isSpace(*(optEnd - 1)) ; --optEnd) {}
+
+			const string option(optStart, optEnd);
+			string value = "1";
+
+			if (pos != end) {
+
+				++pos; // skip '='
+
+				// Extract the value
+				for ( ; pos != end && parserHelpers::isSpace(*pos) ; ++pos) {}
+
+				if (pos != end) {
+
+					// A quoted-string
+					if (*pos == '"' || *pos == '\'') {
+
+						value.reserve(50);
+
+						const char quoteChar = *pos;
+						bool theEnd = false;
+						bool escape = false;
+
+						for ( ; (pos != end) && !theEnd ; ++pos) {
+
+							if (escape) {
+
+								value += *pos;
+								escape = false;
+
+							} else {
+
+								if (*pos == '\\') {
+									escape = true;
+								} else if (*pos == quoteChar) {
+									theEnd = true;
+								} else {
+									value += *pos;
+								}
+							}
+						}
+
+						if (pos != end) {
+							++pos;
+						}
+
+					// Simple value
+					} else {
+
+						const string::const_iterator valStart = pos;
+
+						for ( ; pos != end && !parserHelpers::isSpace(*pos) ; ++pos) {}
+
+						value = string(valStart, pos);
+					}
+
+					// Advance to the next ';'
+					for ( ; pos != end && (*pos != ';') ; ++pos) {}
+
+					if (pos != end) {
+						++pos; // skip ';'
+					}
+				}
+			}
+
+			m_props.push_back(make_shared <property>(option, value));
+		}
+	}
+}
+
+
+shared_ptr <propertySet::property> propertySet::find(const string& name) const {
+
+	std::list <shared_ptr <property> >::const_iterator it =
+		std::find_if(m_props.begin(), m_props.end(), propFinder(name));
+
+	return it != m_props.end() ? *it : null;
+}
+
+
+shared_ptr <propertySet::property> propertySet::findOrCreate(const string& name) {
+
+	std::list <shared_ptr <property> >::const_iterator it =
+		std::find_if(m_props.begin(), m_props.end(), propFinder(name));
+
+	if (it != m_props.end()) {
+
+		return *it;
+
+	} else {
+
+		shared_ptr <property> prop = make_shared <property>(name, "");
+		m_props.push_back(prop);
+		return prop;
+	}
+}
+
+
+propertySet::propertyProxy propertySet::operator[](const string& name) {
+
+	return propertyProxy(name, this);
+}
+
+
+const propertySet::constPropertyProxy propertySet::operator[](const string& name) const {
+
+	return constPropertyProxy(name, this);
+}
+
+
+bool propertySet::hasProperty(const string& name) const {
+
+	return find(name) != NULL;
+}
+
+
+const std::vector <shared_ptr <const propertySet::property> > propertySet::getPropertyList() const {
+
+	std::vector <shared_ptr <const property> > res;
+
+	for (list_type::const_iterator it = m_props.begin() ; it != m_props.end() ; ++it) {
+		res.push_back(*it);
+	}
+
+	return res;
+}
+
+
+const std::vector <shared_ptr <propertySet::property> > propertySet::getPropertyList() {
+
+	std::vector <shared_ptr <property> > res;
+
+	for (list_type::const_iterator it = m_props.begin() ; it != m_props.end() ; ++it) {
+		res.push_back(*it);
+	}
+
+	return res;
+}
+
+
+//
+// propertySet::property
+//
+
+propertySet::property::property(const string& name, const string& value)
+	: m_name(name),
+	  m_value(value) {
+
+}
+
+
+propertySet::property::property(const string& name)
+	: m_name(name) {
+
+}
+
+
+propertySet::property::property(const property& prop)
+	: object(),
+	  m_name(prop.m_name),
+	  m_value(prop.m_value) {
+
+}
+
+
+const string& propertySet::property::getName() const {
+
+	return m_name;
+}
+
+
+#ifndef _MSC_VER
+
+
+const string& propertySet::property::getValue() const {
+
+	return m_value;
+}
+
+
+void propertySet::property::setValue(const string& value) {
+
+	m_value = value;
+}
+
+
+#endif // !_MSC_VER
+
+
+#ifndef VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+template <>
+void propertySet::property::setValue(const string& value) {
+
+	m_value = value;
+}
+
+
+template <>
+void propertySet::property::setValue(const bool& value) {
+
+	m_value = value ? "true" : "false";
+}
+
+
+template <>
+string propertySet::property::getValue() const {
+
+	return m_value;
+}
+
+
+template <>
+bool propertySet::property::getValue() const {
+
+	if (utility::stringUtils::toLower(m_value) == "true") {
+
+		return true;
+
+	} else {
+
+		int val = 0;
+
+		std::istringstream iss(m_value);
+		iss.imbue(std::locale::classic());  // no formatting
+
+		iss >> val;
+
+		return !iss.fail() && val != 0;
+	}
+}
+
+
+
+
+template <>
+string propertySet::valueFromString(const string& value) {
+
+	return value;
+}
+
+
+template <>
+string propertySet::valueToString(const string& value) {
+
+	return value;
+}
+
+
+template <>
+bool propertySet::valueFromString(const string& value) {
+
+	if (utility::stringUtils::toLower(value) == "true") {
+
+		return true;
+
+	} else {
+
+		int val = 0;
+
+		std::istringstream iss(value);
+		iss.imbue(std::locale::classic());  // no formatting
+
+		iss >> val;
+
+		return !iss.fail() && val != 0;
+	}
+}
+
+
+template <>
+string propertySet::valueToString(const bool& value) {
+
+	return value ? "true" : "false";
+}
+
+#endif // VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/propertySet.hpp b/vmime-master/src/vmime/propertySet.hpp
new file mode 100644
index 0000000..20eb9de
--- /dev/null
+++ b/vmime-master/src/vmime/propertySet.hpp
@@ -0,0 +1,461 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_PROPERTY_HPP_INCLUDED
+#define VMIME_PROPERTY_HPP_INCLUDED
+
+#include <list>
+#include <functional>
+#include <algorithm>
+#include <sstream>
+
+#include "vmime/base.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+
+
+/** Manage a list of (name,value) pairs.
+  */
+class VMIME_EXPORT propertySet : public object {
+
+public:
+
+	/** A property holds a (name,value) pair.
+	  */
+	class property : public object {
+
+	public:
+
+		property(const string& name, const string& value);
+		property(const string& name);
+		property(const property& prop);
+
+		/** Return the name of the property.
+		  *
+		  * @return property name
+		  */
+		const string& getName() const;
+
+#ifndef _MSC_VER
+
+		// Visual Studio errors on linking with these 2 functions,
+		// whereas GCC and CLang need them.
+
+		/** Return the value of the property as a string.
+		  *
+		  * @return current value of the property
+		  */
+		const string& getValue() const;
+
+		/** Set the value of the property as a string.
+		  *
+		  * @param value new value for property
+		  */
+		void setValue(const string& value);
+
+#endif  // !_MSC_VER
+
+		/** Set the value of the property as a generic type.
+		  *
+		  * @param value new value for property
+		  */
+		template <class TYPE> void setValue(const TYPE& value) {
+
+			std::ostringstream oss;
+			oss.imbue(std::locale::classic());  // no formatting
+
+			oss << value;
+
+			m_value = oss.str();
+		}
+
+		/** Get the value of the property as a generic type.
+		  *
+		  * @throw exceptions::invalid_property_type if the specified
+		  * type is incompatible with the string value (cannot be
+		  * converted using std::istringstream)
+		  * @return current value of the property
+		  */
+		template <class TYPE> TYPE getValue() const {
+
+			TYPE val = TYPE();
+
+			std::istringstream iss(m_value);
+			iss.imbue(std::locale::classic());  // no formatting
+
+			iss >> val;
+
+			if (iss.fail()) {
+				throw exceptions::invalid_property_type();
+			}
+
+			return (val);
+		}
+
+
+#ifdef VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+		template <>
+		void propertySet::property::setValue(const string& value) {
+
+			m_value = value;
+		}
+
+		template <>
+		void propertySet::property::setValue(const bool& value) {
+
+			m_value = value ? "true" : "false";
+		}
+
+		template <>
+		string propertySet::property::getValue() const {
+
+			return (m_value);
+		}
+
+		template <>
+		bool propertySet::property::getValue() const {
+
+			if (utility::stringUtils::toLower(m_value) == "true") {
+
+				return true;
+
+			} else {
+
+				int val = 0;
+
+				std::istringstream iss(m_value);
+				iss.imbue(std::locale::classic());  // no formatting
+
+				iss >> val;
+
+				return !iss.fail() && val != 0;
+			}
+		}
+
+#endif // VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+	private:
+
+		const string m_name;
+		string m_value;
+	};
+
+protected:
+
+	class propertyProxy {
+
+	public:
+
+		propertyProxy(const string& name, propertySet* set)
+			: m_name(name),
+			  m_set(set) {
+
+		}
+
+		template <class TYPE>
+		propertyProxy& operator=(const TYPE& value) {
+
+			m_set->setProperty(m_name, value);
+			return *this;
+		}
+
+		template <class TYPE>
+		void setValue(const TYPE& value) {
+
+			m_set->setProperty(m_name, value);
+		}
+
+		template <class TYPE>
+		const TYPE getValue() const {
+
+			return m_set->getProperty <TYPE>(m_name);
+		}
+
+		operator string() const {
+
+			return m_set->getProperty <string>(m_name);
+		}
+
+	private:
+
+		const string m_name;
+		propertySet* m_set;
+	};
+
+	class constPropertyProxy {
+
+	public:
+
+		constPropertyProxy(const string& name, const propertySet* set)
+			: m_name(name),
+			  m_set(set) {
+
+		}
+
+		template <class TYPE>
+		const TYPE getValue() const {
+
+			return m_set->getProperty <TYPE>(m_name);
+		}
+
+		operator string() const {
+
+			return m_set->getProperty <string>(m_name);
+		}
+
+	private:
+
+		const string m_name;
+		const propertySet* m_set;
+	};
+
+public:
+
+	propertySet();
+	propertySet(const string& props);
+	propertySet(const propertySet& set);
+
+	~propertySet();
+
+	propertySet& operator=(const propertySet& set);
+
+	/** Parse a string and extract one or more properties.
+	  * The string format is: name[=value](;name[=value])*.
+	  *
+	  * @param props string representing a list of properties
+	  */
+	void setFromString(const string& props);
+
+	/** Remove all properties from the list.
+	  */
+	void removeAllProperties();
+
+	/** Remove the specified property.
+	  *
+	  * @param name name of the property to remove
+	  */
+	void removeProperty(const string& name);
+
+	/** Test whether the specified property is set.
+	  *
+	  * @param name name of the property to test
+	  * @return true if the property is set (has a value),
+	  * false otherwise
+	  */
+	bool hasProperty(const string& name) const;
+
+	/** Get the value of the specified property.
+	  *
+	  * @throw exceptions::no_such_property if the property does not exist
+	  * @param name property name
+	  * @return value of the specified property
+	  */
+	template <class TYPE>
+	const TYPE getProperty(const string& name) const {
+
+		const shared_ptr <property> prop = find(name);
+		if (!prop) throw exceptions::no_such_property(name);
+
+		return (prop->template getValue <TYPE>());
+	}
+
+	/** Get the value of the specified property.
+	  * A default value can be returned if the property is not set.
+	  *
+	  * @param name property name
+	  * @param defaultValue value to return if the specified property
+	  * does not exist
+	  * @return value of the specified property or default value
+	  * if if does not exist
+	  */
+	template <class TYPE>
+	const TYPE getProperty(const string& name, const TYPE defaultValue) const {
+
+		const shared_ptr <property> prop = find(name);
+		return prop ? prop->template getValue <TYPE>() : defaultValue;
+	}
+
+	/** Change the value of the specified property or create
+	  * a new property set to the specified a value.
+	  *
+	  * @param name property name
+	  * @param value property value
+	  */
+	template <class TYPE>
+	void setProperty(const string& name, const TYPE& value) {
+		findOrCreate(name)->setValue(value);
+	}
+
+	/** Return a proxy object to access the specified property
+	  * suitable for reading or writing. If the property does not
+	  * exist and the value is changed, a new property will
+	  * be created.
+	  *
+	  * @param name property name
+	  * @return proxy object for the specified property
+	  */
+	propertyProxy operator[](const string& name);
+
+	/** Return a proxy object to access the specified property
+	  * suitable for reading only.
+	  *
+	  * @throw exceptions::no_such_property if the property does not exist
+	  * @return read-only proxy object for the specified property
+	  */
+	const constPropertyProxy operator[](const string& name) const;
+
+private:
+
+	void parse(const string& props);
+
+
+	class propFinder : public std::unary_function <shared_ptr <property>, bool> {
+
+	public:
+
+		propFinder(const string& name) : m_name(utility::stringUtils::toLower(name)) { }
+
+		bool operator()(const shared_ptr <property>& p) const {
+
+			return (utility::stringUtils::toLower(p->getName()) == m_name);
+		}
+
+	private:
+
+		const string m_name;
+	};
+
+	shared_ptr <property> find(const string& name) const;
+	shared_ptr <property> findOrCreate(const string& name);
+
+	typedef std::list <shared_ptr <property> > list_type;
+	list_type m_props;
+
+public:
+
+	template <typename TYPE>
+	static TYPE valueFromString(const string& value) {
+
+		TYPE v = TYPE();
+
+		std::istringstream iss(value);
+		iss.imbue(std::locale::classic());  // no formatting
+
+		iss >> v;
+
+		return v;
+	}
+
+	template <typename TYPE>
+	static string valueToString(const TYPE& value) {
+
+		std::ostringstream oss(value);
+		oss.imbue(std::locale::classic());  // no formatting
+
+		oss << value;
+
+		return oss.str();
+	}
+
+#ifdef VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+	template <>
+	static string valueFromString(const string& value) {
+
+		return value;
+	}
+
+	template <>
+	static string valueToString(const string& value) {
+
+		return value;
+	}
+
+	template <>
+	static bool valueFromString(const string& value) {
+
+		if (utility::stringUtils::toLower(value) == "true") {
+
+			return true;
+
+		} else {
+
+			int val = 0;
+
+			std::istringstream iss(value);
+			iss.imbue(std::locale::classic());  // no formatting
+
+			iss >> val;
+
+			return !iss.fail() && val != 0;
+		}
+	}
+
+	template <>
+	static string valueToString(const bool& value) {
+
+		return value ? "true" : "false";
+	}
+
+#endif // VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+	/** Return the property list.
+	  *
+	  * @return list of properties
+	  */
+	const std::vector <shared_ptr <const property> > getPropertyList() const;
+
+	/** Return the property list.
+	  *
+	  * @return list of properties
+	  */
+	const std::vector <shared_ptr <property> > getPropertyList();
+};
+
+
+#ifndef VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+template <> VMIME_EXPORT void propertySet::property::setValue <string>(const string& value);
+template <> VMIME_EXPORT void propertySet::property::setValue(const bool& value);
+
+template <> VMIME_EXPORT string propertySet::property::getValue() const;
+template <> VMIME_EXPORT bool propertySet::property::getValue() const;
+
+template <> VMIME_EXPORT string propertySet::valueFromString(const string& value);
+template <> VMIME_EXPORT string propertySet::valueToString(const string& value);
+
+template <> VMIME_EXPORT bool propertySet::valueFromString(const string& value);
+template <> VMIME_EXPORT string propertySet::valueToString(const bool& value);
+
+#endif // VMIME_INLINE_TEMPLATE_SPECIALIZATION
+
+
+} // vmime
+
+
+#endif // VMIME_PROPERTY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/relay.cpp b/vmime-master/src/vmime/relay.cpp
new file mode 100644
index 0000000..b0a6b60
--- /dev/null
+++ b/vmime-master/src/vmime/relay.cpp
@@ -0,0 +1,363 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/relay.hpp"
+#include "vmime/text.hpp"
+#include "vmime/parserHelpers.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+
+
+relay::relay() {
+
+}
+
+
+relay::relay(const relay& r)
+	: headerFieldValue() {
+
+	copyFrom(r);
+}
+
+
+/*
+
+ RFC #2822:
+
+     received    =  "Received"    ":"            ; one per relay
+                       ["from" domain]           ; sending host
+                       ["by"   domain]           ; receiving host
+                       ["via"  atom]             ; physical path
+                      *("with" atom)             ; link/mail protocol
+                       ["id"   msg-id]           ; receiver msg id
+                       ["for"  addr-spec]        ; initial form
+*/
+
+void relay::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	const char* const pend = buffer.data() + end;
+	const char* const pstart = buffer.data() + position;
+	const char* p = pend - 1;
+
+	// Find the beginning of the date part
+	while (p >= pstart && *p != ';') {
+		--p;
+	}
+
+	if (p >= pstart) {
+
+		// Parse the date/time part
+		m_date.parse(ctx, buffer, position + (p - pstart) + 1, end);
+
+		// Parse the components
+		std::istringstream iss(
+			string(buffer.begin() + position, buffer.begin() + position + (p - pstart))
+		);
+
+		iss.imbue(std::locale::classic());
+
+		string word;
+		std::vector <string> previous;
+
+		enum Parts {
+			Part_None,
+			Part_From,              // The "from" part
+			Part_By,                // The "by" part
+			Part_Via,               // The "via" part
+			Part_With,              // One "with" part
+			Part_Id,                // The "id" part
+			Part_For,               // The "for" part
+			Part_End
+		};
+
+		Parts part = Part_None;
+		bool cont = true;
+		bool inComment = false;
+
+		while (cont) {
+
+			Parts newPart = Part_None;
+
+			if ((cont = !(iss >> word).fail())) {
+
+				// A little hack for handling comments
+				if (inComment) {
+
+					size_t par = word.find(')');
+
+					if (par != string::npos) {
+
+						previous.push_back(string(word.begin(), word.begin() + par + 1));
+						word.erase(word.begin(), word.begin() + par + 1);
+						inComment = false;
+					}
+				}
+
+				bool keyword = false;
+
+				if (!inComment) {
+
+					if (utility::stringUtils::isStringEqualNoCase(word, "from", 4)) {
+
+						newPart = Part_From;
+						keyword = true;
+
+					} else if (utility::stringUtils::isStringEqualNoCase(word, "by", 2)) {
+
+						newPart = Part_By;
+						keyword = true;
+
+					} else if (utility::stringUtils::isStringEqualNoCase(word, "via", 2)) {
+
+						newPart = Part_Via;
+						keyword = true;
+
+					} else if (utility::stringUtils::isStringEqualNoCase(word, "with", 2)) {
+
+						newPart = Part_With;
+						keyword = true;
+
+					} else if (utility::stringUtils::isStringEqualNoCase(word, "id", 2)) {
+
+						newPart = Part_Id;
+						keyword = true;
+
+					} else if (utility::stringUtils::isStringEqualNoCase(word, "for", 2)) {
+
+						newPart = Part_For;
+						keyword = true;
+					}
+				}
+
+				if (!keyword) {
+
+					if (word.find('(') != string::npos) {
+						inComment = true;
+					}
+
+					previous.push_back(word);
+				}
+			}
+
+			if (!cont || newPart != Part_None) {
+
+				if (part != Part_None) {
+
+					std::ostringstream value;
+
+					for (std::vector <string>::const_iterator
+						it = previous.begin() ; it != previous.end() ; ++it) {
+
+						if (it != previous.begin()) value << " ";
+						value << *it;
+					}
+
+					switch (part) {
+						case Part_From: m_from = value.str(); break;
+						case Part_By: m_by = value.str(); break;
+						case Part_Via: m_via = value.str(); break;
+						case Part_With: m_with.push_back(value.str()); break;
+						case Part_Id: m_id = value.str(); break;
+						case Part_For: m_for = value.str(); break;
+						default: break; // Should never happen...
+					}
+				}
+
+				previous.clear();
+				part = newPart;
+			}
+		}
+	}
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void relay::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	std::ostringstream oss;
+	int count = 0;
+
+	if (m_from.length()) oss << (count++ > 0 ? " " : "") << "from " << m_from;
+	if (m_by.length()) oss << (count++ > 0 ? " " : "") << "by " << m_by;
+	if (m_via.length()) oss << (count++ > 0 ? " " : "") << "via " << m_via;
+
+	for (std::vector <string>::const_iterator
+	     it = m_with.begin() ; it != m_with.end() ; ++it) {
+
+		oss << (count++ > 0 ? " " : "") << "with " << *it;
+	}
+
+	if (m_id.length()) oss << (count++ > 0 ? " " : "") << "id " << m_id;
+	if (m_for.length()) oss << (count++ > 0 ? " " : "") << "for " << m_for;
+
+	oss << "; ";
+
+	vmime::utility::outputStreamAdapter dos(oss);
+	m_date.generate(ctx, dos, 0, NULL);
+
+	text(oss.str()).encodeAndFold(ctx, os, curLinePos, newLinePos, text::FORCE_NO_ENCODING);
+}
+
+
+void relay::copyFrom(const component& other) {
+
+	const relay& r = dynamic_cast <const relay&>(other);
+
+	m_from = r.m_from;
+	m_via = r.m_via;
+	m_by = r.m_by;
+	m_id = r.m_id;
+	m_for = r.m_for;
+
+	m_with.resize(r.m_with.size());
+	std::copy(r.m_with.begin(), r.m_with.end(), m_with.begin());
+
+	m_date = r.m_date;
+}
+
+
+relay& relay::operator=(const relay& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+shared_ptr <component> relay::clone() const {
+
+	return make_shared <relay>(*this);
+}
+
+
+const string& relay::getFrom() const {
+
+	return m_from;
+}
+
+
+void relay::setFrom(const string& from) {
+
+	m_from = from;
+}
+
+
+const string& relay::getVia() const {
+
+	return m_via;
+}
+
+
+void relay::setVia(const string& via) {
+
+	m_via = via;
+}
+
+
+const string& relay::getBy() const {
+
+	return m_by;
+}
+
+
+void relay::setBy(const string& by) {
+
+	m_by = by;
+}
+
+
+const string& relay::getId() const {
+
+	return m_id;
+}
+
+
+void relay::setId(const string& id) {
+
+	m_id = id;
+}
+
+
+const string& relay::getFor() const {
+
+	return m_for;
+}
+
+
+void relay::setFor(const string& for_) {
+
+	m_for = for_;
+}
+
+
+const datetime& relay::getDate() const {
+
+	return m_date;
+}
+
+
+void relay::setDate(const datetime& date) {
+
+	m_date = date;
+}
+
+
+const std::vector <string>& relay::getWithList() const {
+
+	return m_with;
+}
+
+
+std::vector <string>& relay::getWithList() {
+
+	return m_with;
+}
+
+
+const std::vector <shared_ptr <component> > relay::getChildComponents() {
+
+	// TODO: should fields inherit from 'component'? (using typeAdapter)
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/relay.hpp b/vmime-master/src/vmime/relay.hpp
new file mode 100644
index 0000000..f467602
--- /dev/null
+++ b/vmime-master/src/vmime/relay.hpp
@@ -0,0 +1,108 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_RELAY_HPP_INCLUDED
+#define VMIME_RELAY_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/headerFieldValue.hpp"
+
+#include "vmime/dateTime.hpp"
+
+
+namespace vmime {
+
+
+/** Trace information about a relay (basic type).
+  */
+class VMIME_EXPORT relay : public headerFieldValue {
+
+public:
+
+	relay();
+	relay(const relay& r);
+
+public:
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	relay& operator=(const relay& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	const string& getFrom() const;
+	void setFrom(const string& from);
+
+	const string& getVia() const;
+	void setVia(const string& via);
+
+	const string& getBy() const;
+	void setBy(const string& by);
+
+	const string& getId() const;
+	void setId(const string& id);
+
+	const string& getFor() const;
+	void setFor(const string& for_);
+
+	const datetime& getDate() const;
+	void setDate(const datetime& date);
+
+	const std::vector <string>& getWithList() const;
+	std::vector <string>& getWithList();
+
+private:
+
+	string m_from;
+	string m_via;
+	string m_by;
+	string m_id;
+	string m_for;
+	std::vector <string> m_with;
+
+	datetime m_date;
+
+protected:
+
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_RELAY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/authenticator.hpp b/vmime-master/src/vmime/security/authenticator.hpp
new file mode 100644
index 0000000..03bca73
--- /dev/null
+++ b/vmime-master/src/vmime/security/authenticator.hpp
@@ -0,0 +1,136 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_AUTHENTICATOR_HPP_INCLUDED
+#define VMIME_SECURITY_AUTHENTICATOR_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/types.hpp"
+
+
+// Forward declarations
+namespace vmime {
+namespace net {
+
+class service;
+
+} // net
+} // vmime
+
+
+namespace vmime {
+namespace security {
+
+
+/** Provides required information for user authentication. The same
+  * information can be requested multiple time (eg. in IMAP, there is a
+  * new connection started each time a folder is open), so the object is
+  * responsible for caching the information to avoid useless interactions
+  * with the user.
+  *
+  * Usually, you should not inherit from this class, but instead from the
+  * more convenient defaultAuthenticator class.
+  *
+  * WARNING: an authenticator should be used with one and ONLY ONE messaging
+  * service at a time.
+  */
+class VMIME_EXPORT authenticator : public object {
+
+public:
+
+	/** Return the authentication identity (usually, this
+	  * is the username).
+	  *
+	  * @return username
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getUsername() const = 0;
+
+	/** Return the password of the authentication identity.
+	  *
+	  * @return password
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getPassword() const = 0;
+
+	/** Return the optional access token for authentication. This is
+	  * used for example with XOAuth2 SASL authentication.
+	  *
+	  * @return access token
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getAccessToken() const = 0;
+
+	/** Return the local host name of the machine.
+	  *
+	  * @return hostname
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getHostname() const = 0;
+
+	/** Return the anonymous token (usually, this is the user's
+	  * email address).
+	  *
+	  * @return anonymous token
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getAnonymousToken() const = 0;
+
+	/** Return the registered service name of the application
+	  * service (eg: "imap"). This can be used by GSSAPI or DIGEST-MD5
+	  * mechanisms with SASL.
+	  *
+	  * @return service name
+	  * @throw exceptions::no_auth_information if the information
+	  * could not be provided
+	  */
+	virtual const string getServiceName() const = 0;
+
+	/** Called by the messaging service to allow this authenticator to
+	  * know which service is currently using it. This is called just
+	  * before the service starts the authentication process.
+	  *
+	  * @param serv messaging service instance
+	  */
+	virtual void setService(const shared_ptr <net::service>& serv) = 0;
+};
+
+
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_SECURITY_AUTHENTICATOR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/X509Certificate.cpp b/vmime-master/src/vmime/security/cert/X509Certificate.cpp
new file mode 100644
index 0000000..128fac1
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/X509Certificate.cpp
@@ -0,0 +1,72 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/X509Certificate.hpp"
+
+#include "vmime/security/cert/certificateNotYetValidException.hpp"
+#include "vmime/security/cert/certificateExpiredException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+X509Certificate::~X509Certificate() {
+
+}
+
+
+void X509Certificate::checkValidity() {
+
+	const datetime now = datetime::now();
+
+	if (now < getActivationDate()) {
+
+		certificateNotYetValidException ex;
+		ex.setCertificate(dynamicCast <certificate>(shared_from_this()));
+
+		throw ex;
+
+	} else if (now > getExpirationDate()) {
+
+		certificateExpiredException ex;
+		ex.setCertificate(dynamicCast <certificate>(shared_from_this()));
+
+		throw ex;
+	}
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/X509Certificate.hpp b/vmime-master/src/vmime/security/cert/X509Certificate.hpp
new file mode 100644
index 0000000..5434b45
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/X509Certificate.hpp
@@ -0,0 +1,197 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+
+#include "vmime/utility/stream.hpp"
+
+#include "vmime/base.hpp"
+#include "vmime/types.hpp"
+#include "vmime/dateTime.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Identity certificate based on X.509 standard.
+  */
+class VMIME_EXPORT X509Certificate : public certificate {
+
+public:
+
+	~X509Certificate();
+
+	/** Supported encodings for X.509 certificates. */
+	enum Format {
+		FORMAT_DER,   /**< DER encoding */
+		FORMAT_PEM    /**< PEM encoding */
+	};
+
+	/** Supported digest algorithms (used for fingerprint). */
+	enum DigestAlgorithm {
+		DIGEST_MD5,   /**< MD5 digest */
+		DIGEST_SHA1   /**< SHA1 digest */
+	};
+
+
+	/** Imports a DER or PEM encoded X.509 certificate.
+	  *
+	  * @param is input stream to read data from
+	  * @return a X.509 certificate, or NULL if the given data does not
+	  * represent a valid certificate
+	  */
+	static shared_ptr <X509Certificate> import(utility::inputStream& is);
+
+	/** Imports a DER or PEM encoded X.509 certificate.
+	  *
+	  * @param data points to raw data
+	  * @param length size of data
+	  * @return a X.509 certificate, or NULL if the given data does not
+	  * represent a valid certificate
+	  */
+	static shared_ptr <X509Certificate> import(const byte_t* data, const size_t length);
+
+	/** Import sveral DER or PEM encoded X.509 certificates.
+	  *
+	  * @param is input stream to read data from
+	  * @param certs the resulting list of certificates
+	  */
+	static void import(
+		utility::inputStream& is,
+		std::vector <shared_ptr <X509Certificate> >& certs
+	);
+
+	/** Import several DER or PEM encoded X.509 certificates.
+	 *
+	 * @param data points to raw data
+	 * @param length size of data
+	 * @param certs the resulting list of certificates
+	 */
+	static void import(
+		const byte_t* data,
+		const size_t length,
+		std::vector <shared_ptr <X509Certificate> >& certs
+	);
+
+	/** Exports this X.509 certificate to the specified format.
+	  *
+	  * @param os output stream into which write data
+	  * @param format output format
+	  */
+	virtual void write(utility::outputStream& os, const Format format) const = 0;
+
+	/** Returns the X.509 certificate's serial number. This is obtained
+	  * by the X.509 Certificate 'serialNumber' field. Serial is not
+	  * always a 32 or 64bit number. Some CAs use large serial numbers,
+	  * thus it may be wise to handle it as something opaque.
+	  *
+	  * @return serial number of this certificate
+	  */
+	virtual const byteArray getSerialNumber() const = 0;
+
+	/** Returns the distinguished name of the issuer of this certificate.
+	  * Eg. "C=US,O=VeriSign\, Inc.,OU=Class 1 Public Primary Certification Authority"
+	  *
+	  * @return distinguished name of the certificate issuer, as a string
+	  */
+	virtual const string getIssuerString() const = 0;
+
+	/** Checks if this certificate has the given issuer.
+	  *
+	  * @param issuer certificate of a possible issuer
+	  * @return true if this certificate was issued by the given issuer,
+	  * false otherwise
+	  */
+	virtual bool checkIssuer(const shared_ptr <const X509Certificate>& issuer) const = 0;
+
+	/** Verifies this certificate against a given trusted one.
+	  *
+	  * @param caCert a certificate that is considered to be trusted one
+	  * @return true if the verification succeeded, false otherwise
+	  */
+	virtual bool verify(const shared_ptr <const X509Certificate>& caCert) const = 0;
+
+	/** Verify certificate's subject name against the given hostname.
+	  *
+	  * @param hostname DNS name of the server
+	  * @param nonMatchingNames if not NULL, will contain the names that do
+	  * not match the identities in the certificate
+	  * @return true if the match is successful, false otherwise
+	  */
+	virtual bool verifyHostName(
+		const string& hostname,
+		std::vector <std::string>* nonMatchingNames = NULL
+	) const = 0;
+
+	/** Gets the expiration date of this certificate. This is the date
+	  * at which this certificate will not be valid anymore.
+	  *
+	  * @return expiration date of this certificate
+	  */
+	virtual const datetime getExpirationDate() const = 0;
+
+	/** Gets the activation date of this certificate. This is the date
+	  * at which this certificate will be valid.
+	  *
+	  * @return activation date of this certificate
+	  */
+	virtual const datetime getActivationDate() const = 0;
+
+	/** Returns the fingerprint of this certificate.
+	  *
+	  * @return the fingerprint of this certificate
+	  */
+	virtual const byteArray getFingerprint(const DigestAlgorithm algo) const = 0;
+
+	/** Checks that the certificate is currently valid. For the certificate
+	  * to be valid, the current date and time must be in the validity period
+	  * specified in the certificate.
+	  *
+	  * @throw certificateExpiredException if the certificate has expired
+	  * @throw certificateNotYetValidException if the certificate is not yet valid
+	  */
+	virtual void checkValidity();
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/certificate.hpp b/vmime-master/src/vmime/security/cert/certificate.hpp
new file mode 100644
index 0000000..ed0f175
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificate.hpp
@@ -0,0 +1,84 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATE_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATE_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Identity certificate for a peer.
+  */
+class VMIME_EXPORT certificate : public object, public enable_shared_from_this <certificate> {
+
+public:
+
+	/** Returns the encoded form of this certificate (for example,
+	  * X.509 certificates are encoded as ASN.1 DER).
+	  *
+	  * @return the encoded form of this certificate
+	  */
+	virtual const byteArray getEncoded() const = 0;
+
+	/** Return the type of this certificate.
+	  *
+	  * @return the type of this certificate
+	  */
+	virtual const string getType() const = 0;
+
+	/** Return the version of this certificate.
+	  *
+	  * @return the version of this certificate
+	  */
+	virtual int getVersion() const = 0;
+
+	/** Checks if two certificates are the same.
+	  *
+	  * @param other certificate to compare with
+	  * @return true if the two certificates are the same,
+	  * false otherwise
+	  */
+	virtual bool equals(const shared_ptr <const certificate>& other) const = 0;
+
+	/** Returns a pointer to internal binary data for this certificate.
+	  * The actual type of data depends on the library used for TLS support.
+	  *
+	  * @return pointer to underlying data
+	  */
+	virtual void* getInternalData() = 0;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATE_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/certificateChain.cpp b/vmime-master/src/vmime/security/cert/certificateChain.cpp
new file mode 100644
index 0000000..c506913
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateChain.cpp
@@ -0,0 +1,53 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/security/cert/certificateChain.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateChain::certificateChain(const std::vector <shared_ptr <certificate> >& certs)
+	: m_certs(certs) {
+
+}
+
+
+size_t certificateChain::getCount() const {
+
+	return m_certs.size();
+}
+
+
+const shared_ptr <certificate>& certificateChain::getAt(const size_t index) {
+
+	return m_certs[index];
+}
+
+
+} // cert
+} // security
+} // vmime
+
diff --git a/vmime-master/src/vmime/security/cert/certificateChain.hpp b/vmime-master/src/vmime/security/cert/certificateChain.hpp
new file mode 100644
index 0000000..f8c363e
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateChain.hpp
@@ -0,0 +1,79 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATECHAIN_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATECHAIN_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/security/cert/certificate.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** An ordered list of certificates, from the subject certificate to
+  * the issuer certificate.
+  */
+class VMIME_EXPORT certificateChain : public object {
+
+public:
+
+	/** Construct a new certificateChain object given an ordered list
+	  * of certificates.
+	  *
+	  * @param certs chain of certificates
+	  */
+	certificateChain(const std::vector <shared_ptr <certificate> >& certs);
+
+	/** Return the number of certificates in the chain.
+	  *
+	  * @return number of certificates in the chain
+	  */
+	size_t getCount() const;
+
+	/** Return the certificate at the specified position. 0 is the
+	  * subject certificate, 1 is the issuer's certificate, 2 is
+	  * the issuer's issuer, etc.
+	  *
+	  * @param index position at which to retrieve certificate
+	  * @return certificate at the specified position
+	  */
+	const shared_ptr <certificate>& getAt(const size_t index);
+
+protected:
+
+	std::vector <shared_ptr <certificate> > m_certs;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATECHAIN_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/certificateException.cpp b/vmime-master/src/vmime/security/cert/certificateException.cpp
new file mode 100644
index 0000000..51a4f03
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateException.cpp
@@ -0,0 +1,84 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateException::certificateException()
+	: exception("A problem occurred with a certificate.") {
+
+}
+
+
+certificateException::certificateException(const std::string& what)
+	: exception(what) {
+
+}
+
+
+certificateException::~certificateException() throw() {
+
+}
+
+
+exception* certificateException::clone() const {
+
+	return new certificateException(what());
+}
+
+
+void certificateException::setCertificate(const shared_ptr <certificate>& cert) {
+
+	m_cert = cert;
+}
+
+
+shared_ptr <certificate> certificateException::getCertificate() {
+
+	return m_cert;
+}
+
+
+shared_ptr <const certificate> certificateException::getCertificate() const {
+
+	return m_cert;
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/certificateException.hpp b/vmime-master/src/vmime/security/cert/certificateException.hpp
new file mode 100644
index 0000000..9dd5443
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateException.hpp
@@ -0,0 +1,95 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATEEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATEEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown to indicate a problem with a certificate or certificate verification.
+  */
+class VMIME_EXPORT certificateException : public exception {
+
+public:
+
+	/** Constructs a certificateException with no detail message.
+	  */
+	certificateException();
+
+	/** Constructs a certificateException with a detail message.
+	  *
+	  * @param what a message that describes this exception
+	  */
+	certificateException(const std::string& what);
+
+	~certificateException() throw();
+
+	exception* clone() const;
+
+	/** Sets the certificate on which the problem occured.
+	  *
+	  * @param cert certificate
+	  */
+	void setCertificate(const shared_ptr <certificate>& cert);
+
+	/** Returns the certificate on which the problem occured.
+	  *
+	  * @return certificate
+	  */
+	shared_ptr <certificate> getCertificate();
+
+	/** Returns the certificate on which the problem occured.
+	  *
+	  * @return certificate
+	  */
+	shared_ptr <const certificate> getCertificate() const;
+
+private:
+
+	shared_ptr <certificate> m_cert;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATEEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/certificateExpiredException.cpp b/vmime-master/src/vmime/security/cert/certificateExpiredException.cpp
new file mode 100644
index 0000000..1aa248e
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateExpiredException.cpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateExpiredException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateExpiredException::certificateExpiredException()
+	: certificateException("The certificate has expired.") {
+
+}
+
+
+exception* certificateExpiredException::clone() const
+{
+	return new certificateExpiredException();
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/certificateExpiredException.hpp b/vmime-master/src/vmime/security/cert/certificateExpiredException.hpp
new file mode 100644
index 0000000..4db0a1e
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateExpiredException.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATEEXPIREDEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATEEXPIREDEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when the current date and time is after the validity period
+  * specified in the certificate.
+  */
+class VMIME_EXPORT certificateExpiredException : public certificateException {
+
+public:
+
+	/** Constructs a certificateExpiredException with no detail message.
+	  */
+	certificateExpiredException();
+
+	exception* clone() const;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATEEXPIREDEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.cpp b/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.cpp
new file mode 100644
index 0000000..adf5049
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.cpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateIssuerVerificationException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateIssuerVerificationException::certificateIssuerVerificationException()
+	: certificateException("Certificate subject/issuer verification failed.") {
+
+}
+
+
+exception* certificateIssuerVerificationException::clone() const {
+
+	return new certificateIssuerVerificationException();
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.hpp b/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.hpp
new file mode 100644
index 0000000..e22bd92
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateIssuerVerificationException.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATEISSUERVERIFICATIONEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATEISSUERVERIFICATIONEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when a certificate in a certificate chain cannot be verified
+  * against the next certificate in the chain (the issuer).
+  */
+class VMIME_EXPORT certificateIssuerVerificationException : public certificateException {
+
+public:
+
+	/** Constructs a certificateIssuerVerificationException with no detail message.
+	  */
+	certificateIssuerVerificationException();
+
+	exception* clone() const;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATEISSUERVERIFICATIONEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/certificateNotTrustedException.cpp b/vmime-master/src/vmime/security/cert/certificateNotTrustedException.cpp
new file mode 100644
index 0000000..a5ebb99
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateNotTrustedException.cpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateNotTrustedException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateNotTrustedException::certificateNotTrustedException()
+	: certificateException("Cannot verify certificate against trusted certificates.") {
+
+}
+
+
+exception* certificateNotTrustedException::clone() const {
+
+	return new certificateNotTrustedException();
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/certificateNotTrustedException.hpp b/vmime-master/src/vmime/security/cert/certificateNotTrustedException.hpp
new file mode 100644
index 0000000..8cdb2f0
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateNotTrustedException.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATENOTTRUSTEDEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATENOTTRUSTEDEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when a certificate cannot be verified against root and/or
+  * trusted certificates.
+  */
+class VMIME_EXPORT certificateNotTrustedException : public certificateException {
+
+public:
+
+	/** Constructs a certificateNotTrustedException with no detail message.
+	  */
+	certificateNotTrustedException();
+
+	exception* clone() const;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATENOTTRUSTEDEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/certificateNotYetValidException.cpp b/vmime-master/src/vmime/security/cert/certificateNotYetValidException.cpp
new file mode 100644
index 0000000..ed8ca79
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateNotYetValidException.cpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateNotYetValidException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+certificateNotYetValidException::certificateNotYetValidException()
+	: certificateException("The certificate is not yet valid.") {
+
+}
+
+
+exception* certificateNotYetValidException::clone() const {
+
+	return new certificateNotYetValidException();
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/certificateNotYetValidException.hpp b/vmime-master/src/vmime/security/cert/certificateNotYetValidException.hpp
new file mode 100644
index 0000000..8f321eb
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateNotYetValidException.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATENOTYETVALIDEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATENOTYETVALIDEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when the current date and time is before the validity period
+  * specified in the certificate.
+  */
+class VMIME_EXPORT certificateNotYetValidException : public certificateException {
+
+public:
+
+	/** Constructs a certificateNotYetValidException with no detail message.
+	  */
+	certificateNotYetValidException();
+
+	exception* clone() const;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATENOTYETVALIDEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/certificateVerifier.hpp b/vmime-master/src/vmime/security/cert/certificateVerifier.hpp
new file mode 100644
index 0000000..7e2913a
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/certificateVerifier.hpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_CERTIFICATEVERIFIER_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_CERTIFICATEVERIFIER_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/security/cert/certificateChain.hpp"
+
+#include "vmime/security/cert/unsupportedCertificateTypeException.hpp"
+#include "vmime/security/cert/certificateIssuerVerificationException.hpp"
+#include "vmime/security/cert/certificateNotTrustedException.hpp"
+#include "vmime/security/cert/serverIdentityException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Verify that a certificate path issued by a server can be trusted.
+  */
+class VMIME_EXPORT certificateVerifier : public object {
+
+public:
+
+	/** Verify that the specified certificate chain is trusted.
+	  *
+	  * @param chain certificate chain
+	  * @param hostname server hostname
+	  * @throw unsupportedCertificateTypeException if a certificate in the
+	  * chain is of unsupported format
+	  * @throw certificateExpiredException if a certificate in the chain
+	  * has expired
+	  * @throw certificateNotYetValidException if a certificate in the chain
+	  * is not yet valid
+	  * @throw certificateNotTrustedException if a certificate in the chain
+	  * cannot be verified against root and/or trusted certificates
+	  * @throw certificateIssuerVerificationException if a certificate in the
+	  * chain cannot be verified against the next certificate (issuer)
+	  * @throw serverIdentityException if the subject name of the certificate
+	  * does not match the hostname of the server
+	  */
+	virtual void verify(const shared_ptr <certificateChain>& chain, const string& hostname) = 0;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_CERT_CERTIFICATEVERIFIER_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.cpp b/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.cpp
new file mode 100644
index 0000000..a67052e
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.cpp
@@ -0,0 +1,191 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/defaultCertificateVerifier.hpp"
+
+#include "vmime/security/cert/X509Certificate.hpp"
+
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+defaultCertificateVerifier::defaultCertificateVerifier() {
+
+}
+
+
+defaultCertificateVerifier::~defaultCertificateVerifier() {
+
+}
+
+
+defaultCertificateVerifier::defaultCertificateVerifier(const defaultCertificateVerifier&)
+	: certificateVerifier() {
+
+	// Not used
+}
+
+
+void defaultCertificateVerifier::verify(
+	const shared_ptr <certificateChain>& chain,
+	const string& hostname
+) {
+
+	if (chain->getCount() == 0) {
+		return;
+	}
+
+	const string type = chain->getAt(0)->getType();
+
+	if (type == "X.509") {
+		verifyX509(chain, hostname);
+	} else {
+		throw unsupportedCertificateTypeException(type);
+	}
+}
+
+
+void defaultCertificateVerifier::verifyX509(
+	const shared_ptr <certificateChain>& chain,
+	const string& hostname
+) {
+
+	// For every certificate in the chain, verify that the certificate
+	// has been issued by the next certificate in the chain
+	if (chain->getCount() >= 2) {
+
+		for (size_t i = 0 ; i < chain->getCount() - 1 ; ++i) {
+
+			shared_ptr <X509Certificate> cert =
+				dynamicCast <X509Certificate>(chain->getAt(i));
+
+			shared_ptr <X509Certificate> next =
+				dynamicCast <X509Certificate>(chain->getAt(i + 1));
+
+			if (!cert->checkIssuer(next)) {
+
+				certificateIssuerVerificationException ex;
+				ex.setCertificate(cert);
+
+				throw ex;
+			}
+		}
+	}
+
+	// For every certificate in the chain, verify that the certificate
+	// is valid at the current time
+	for (size_t i = 0 ; i < chain->getCount() ; ++i) {
+
+		shared_ptr <X509Certificate> cert =
+			dynamicCast <X509Certificate>(chain->getAt(i));
+
+		cert->checkValidity();
+	}
+
+	// Check whether the certificate can be trusted
+
+	// -- First, verify that the the last certificate in the chain was
+	// -- issued by a third-party that we trust
+	shared_ptr <X509Certificate> lastCert =
+		dynamicCast <X509Certificate>(chain->getAt(chain->getCount() - 1));
+
+	bool trusted = false;
+
+	for (size_t i = 0 ; !trusted && i < m_x509RootCAs.size() ; ++i) {
+
+		shared_ptr <X509Certificate> rootCa = m_x509RootCAs[i];
+
+		//		printf("rootCAs size is %d, i is %d\n", m_x509RootCAs.size(), i);
+		//		printf("will cal verify with %p\n", rootCa.get());
+		if (lastCert->verify(rootCa)) {
+			trusted = true;
+		}
+		//		printf("called verify");		
+	}
+
+	// -- Next, if the issuer certificate cannot be verified against
+	// -- root CAs, compare the subject's certificate against the
+	// -- trusted certificates
+	shared_ptr <X509Certificate> firstCert =
+		dynamicCast <X509Certificate>(chain->getAt(0));
+
+	for (size_t i = 0 ; !trusted && i < m_x509TrustedCerts.size() ; ++i) {
+
+		shared_ptr <X509Certificate> cert = m_x509TrustedCerts[i];
+
+		if (firstCert->equals(cert)) {
+			trusted = true;
+		}
+	}
+
+	if (!trusted) {
+
+		certificateNotTrustedException ex;
+		ex.setCertificate(firstCert);
+
+		throw ex;
+	}
+
+	// Ensure the first certificate's subject name matches server hostname
+	if (!firstCert->verifyHostName(hostname)) {
+
+		serverIdentityException ex;
+		ex.setCertificate(firstCert);
+
+		throw ex;
+	}
+}
+
+
+void defaultCertificateVerifier::setX509RootCAs(
+	const std::vector <shared_ptr <X509Certificate> >& caCerts
+) {
+
+	m_x509RootCAs = caCerts;
+}
+
+
+void defaultCertificateVerifier::setX509TrustedCerts(
+	const std::vector <shared_ptr <X509Certificate> >& trustedCerts
+) {
+
+	m_x509TrustedCerts = trustedCerts;
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.hpp b/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.hpp
new file mode 100644
index 0000000..4aa4445
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/defaultCertificateVerifier.hpp
@@ -0,0 +1,98 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_DEFAULTCERTIFICATEVERIFIER_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_DEFAULTCERTIFICATEVERIFIER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificateVerifier.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+class X509Certificate;
+
+
+/** Default implementation for certificate verification.
+  */
+class VMIME_EXPORT defaultCertificateVerifier : public certificateVerifier {
+
+private:
+
+	defaultCertificateVerifier(const defaultCertificateVerifier&);
+
+public:
+
+	defaultCertificateVerifier();
+	~defaultCertificateVerifier();
+
+	/** Sets a list of X.509 certificates that are trusted.
+	  *
+	  * @param trustedCerts list of trusted certificates
+	  */
+	void setX509TrustedCerts(const std::vector <shared_ptr <X509Certificate> >& trustedCerts);
+
+	/** Sets the X.509 root CAs used for certificate verification.
+	  *
+	  * @param caCerts list of root CAs
+	  */
+	void setX509RootCAs(const std::vector <shared_ptr <X509Certificate> >& caCerts);
+
+
+	// Implementation of 'certificateVerifier'
+	void verify(const shared_ptr <certificateChain>& chain, const string& hostname);
+
+private:
+
+	/** Verify a chain of X.509 certificates.
+	  *
+	  * @param chain list of X.509 certificates
+	  * @param hostname server hostname
+	  */
+	void verifyX509(const shared_ptr <certificateChain>& chain, const string& hostname);
+
+
+	std::vector <shared_ptr <X509Certificate> > m_x509RootCAs;
+	std::vector <shared_ptr <X509Certificate> > m_x509TrustedCerts;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#endif // VMIME_SECURITY_CERT_DEFAULTCERTIFICATEVERIFIER_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.cpp b/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.cpp
new file mode 100644
index 0000000..3dfa1c6
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.cpp
@@ -0,0 +1,395 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <ctime>
+
+#include "vmime/security/cert/gnutls/X509Certificate_GnuTLS.hpp"
+
+#include "vmime/utility/outputStreamByteArrayAdapter.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+#ifndef VMIME_BUILDING_DOC
+
+struct GnuTLSX509CertificateInternalData {
+
+	GnuTLSX509CertificateInternalData() {
+
+		gnutls_x509_crt_init(&cert);
+	}
+
+	~GnuTLSX509CertificateInternalData() {
+
+		gnutls_x509_crt_deinit(cert);
+	}
+
+	void swap(gnutls_x509_crt_t to) {
+		gnutls_x509_crt_deinit(cert);
+		cert = to;
+	}
+
+
+	gnutls_x509_crt_t cert;
+};
+
+#endif // VMIME_BUILDING_DOC
+
+
+X509Certificate_GnuTLS::X509Certificate_GnuTLS()
+	: m_data(new GnuTLSX509CertificateInternalData) {
+
+}
+
+
+X509Certificate_GnuTLS::X509Certificate_GnuTLS(const X509Certificate&)
+	: X509Certificate(), m_data(NULL) {
+
+	// Not used
+}
+
+
+X509Certificate_GnuTLS::~X509Certificate_GnuTLS() {
+
+	delete m_data;
+}
+
+
+void* X509Certificate_GnuTLS::getInternalData() {
+
+	return &m_data->cert;
+}
+
+
+// static
+shared_ptr <X509Certificate> X509Certificate::import(
+	utility::inputStream& is
+) {
+
+	byteArray bytes;
+	byte_t chunk[4096];
+
+	while (!is.eof()) {
+		const size_t len = is.read(chunk, sizeof(chunk));
+		bytes.insert(bytes.end(), chunk, chunk + len);
+	}
+
+	return import(&bytes[0], bytes.size());
+}
+
+
+// static
+shared_ptr <X509Certificate> X509Certificate::import(
+	const byte_t* data,
+	const size_t length
+) {
+
+	gnutls_datum_t buffer;
+	buffer.data = const_cast <byte_t*>(data);
+	buffer.size = static_cast <unsigned int>(length);
+
+	// Try DER format
+	shared_ptr <X509Certificate_GnuTLS> derCert = make_shared <X509Certificate_GnuTLS>();
+
+	if (gnutls_x509_crt_import(derCert->m_data->cert, &buffer, GNUTLS_X509_FMT_DER) >= 0) {
+		return derCert;
+	}
+
+	// Try PEM format
+	shared_ptr <X509Certificate_GnuTLS> pemCert = make_shared <X509Certificate_GnuTLS>();
+
+	if (gnutls_x509_crt_import(pemCert->m_data->cert, &buffer, GNUTLS_X509_FMT_PEM) >= 0) {
+		return pemCert;
+	}
+
+	return null;
+}
+
+
+// static
+void X509Certificate::import(
+	utility::inputStream& is,
+	std::vector <shared_ptr <X509Certificate> >& certs
+) {
+
+	byteArray bytes;
+	byte_t chunk[4096];
+
+	while (!is.eof()) {
+		const size_t len = is.read(chunk, sizeof(chunk));
+		bytes.insert(bytes.end(), chunk, chunk + len);
+	}
+
+	import(&bytes[0], bytes.size(), certs);
+}
+
+
+// static
+void X509Certificate::import(
+	const byte_t* data,
+	const size_t length,
+	std::vector <shared_ptr <X509Certificate> >& certs
+) {
+
+	gnutls_datum_t buffer;
+	buffer.data = const_cast <byte_t*>(data);
+	buffer.size = static_cast <unsigned int>(length);
+
+	unsigned int size = 1024;
+	gnutls_x509_crt_t x509[1024];
+
+	// Try DER format
+	if (gnutls_x509_crt_list_import(x509, &size, &buffer, GNUTLS_X509_FMT_DER, 0) < 0) {
+
+		// Try PEM format
+		if (gnutls_x509_crt_list_import(x509, &size, &buffer, GNUTLS_X509_FMT_PEM, 0) < 0) {
+			return;
+		}
+	}
+
+	for (unsigned int i = 0 ; i < size ; i += 1) {
+
+		auto c = make_shared <X509Certificate_GnuTLS>();
+		c->m_data->swap(x509[i]);
+		certs.push_back(c);
+	}
+}
+
+
+void X509Certificate_GnuTLS::write(
+	utility::outputStream& os,
+	const Format format
+) const {
+
+	size_t dataSize = 0;
+	gnutls_x509_crt_fmt_t fmt = GNUTLS_X509_FMT_DER;
+
+	switch (format) {
+		case FORMAT_DER: fmt = GNUTLS_X509_FMT_DER; break;
+		case FORMAT_PEM: fmt = GNUTLS_X509_FMT_PEM; break;
+	}
+
+	gnutls_x509_crt_export(m_data->cert, fmt, NULL, &dataSize);
+
+	std::vector <byte_t> data(dataSize);
+
+	gnutls_x509_crt_export(m_data->cert, fmt, &data[0], &dataSize);
+
+	os.write(reinterpret_cast <byte_t*>(&data[0]), dataSize);
+}
+
+
+const byteArray X509Certificate_GnuTLS::getSerialNumber() const {
+
+	char serial[64];
+	size_t serialSize = sizeof(serial);
+
+	gnutls_x509_crt_get_serial(m_data->cert, serial, &serialSize);
+
+	return byteArray(serial, serial + serialSize);
+}
+
+
+bool X509Certificate_GnuTLS::checkIssuer(const shared_ptr <const X509Certificate>& issuer_) const {
+
+	shared_ptr <const X509Certificate_GnuTLS> issuer =
+		dynamicCast <const X509Certificate_GnuTLS>(issuer_);
+
+	return gnutls_x509_crt_check_issuer(m_data->cert, issuer->m_data->cert) >= 1;
+}
+
+
+bool X509Certificate_GnuTLS::verify(const shared_ptr <const X509Certificate>& caCert_) const {
+
+	shared_ptr <const X509Certificate_GnuTLS> caCert =
+		dynamicCast <const X509Certificate_GnuTLS>(caCert_);
+
+	unsigned int verify = 0;
+
+	const int res = gnutls_x509_crt_verify(
+		m_data->cert, &(caCert->m_data->cert), 1,
+		GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+		&verify
+	);
+
+	return res == 0 && verify == 0;
+}
+
+
+bool X509Certificate_GnuTLS::verifyHostName(
+	const string& hostname,
+	std::vector <std::string>* nonMatchingNames
+) const {
+
+	if (gnutls_x509_crt_check_hostname(m_data->cert, hostname.c_str()) != 0) {
+		return true;
+	}
+
+	if (nonMatchingNames) {
+
+		const int MAX_CN = 256;
+		const char* OID_X520_COMMON_NAME = "2.5.4.3";
+
+		char dnsName[MAX_CN];
+		size_t dnsNameLength;
+
+		dnsNameLength = sizeof(dnsName);
+
+		if (gnutls_x509_crt_get_dn_by_oid(m_data->cert, OID_X520_COMMON_NAME, 0, 0, dnsName, &dnsNameLength) >= 0) {
+			nonMatchingNames->push_back(dnsName);
+		}
+
+		for (int i = 0, ret = 0 ; ret >= 0 ; ++i) {
+
+			dnsNameLength = sizeof(dnsName);
+			ret = gnutls_x509_crt_get_subject_alt_name(m_data->cert, i, dnsName, &dnsNameLength, NULL);
+
+			if (ret == GNUTLS_SAN_DNSNAME) {
+				nonMatchingNames->push_back(dnsName);
+			}
+		}
+	}
+
+	return false;
+}
+
+
+const datetime X509Certificate_GnuTLS::getActivationDate() const {
+
+	const time_t t = gnutls_x509_crt_get_activation_time(m_data->cert);
+	return datetime(t);
+}
+
+
+const datetime X509Certificate_GnuTLS::getExpirationDate() const {
+
+	const time_t t = gnutls_x509_crt_get_expiration_time(m_data->cert);
+	return datetime(t);
+}
+
+
+const byteArray X509Certificate_GnuTLS::getFingerprint(const DigestAlgorithm algo) const {
+
+	gnutls_digest_algorithm_t galgo;
+
+	switch (algo) {
+
+		case DIGEST_MD5:
+
+			galgo = GNUTLS_DIG_MD5;
+			break;
+
+		default:
+		case DIGEST_SHA1:
+
+			galgo = GNUTLS_DIG_SHA;
+			break;
+	}
+
+	size_t bufferSize = 0;
+	gnutls_x509_crt_get_fingerprint(m_data->cert, galgo, NULL, &bufferSize);
+
+	std::vector <byte_t> buffer(bufferSize);
+
+	if (gnutls_x509_crt_get_fingerprint(m_data->cert, galgo, &buffer[0], &bufferSize) == 0) {
+
+		byteArray res;
+		res.insert(res.end(), &buffer[0], &buffer[0] + bufferSize);
+
+		return res;
+	}
+
+	return byteArray();
+}
+
+
+const byteArray X509Certificate_GnuTLS::getEncoded() const {
+
+	byteArray bytes;
+	utility::outputStreamByteArrayAdapter os(bytes);
+
+	write(os, FORMAT_DER);
+
+	return bytes;
+}
+
+
+const string X509Certificate_GnuTLS::getIssuerString() const {
+
+	char buffer[4096];
+	size_t bufferSize = sizeof(buffer);
+
+	if (gnutls_x509_crt_get_issuer_dn(m_data->cert, buffer, &bufferSize) != GNUTLS_E_SUCCESS) {
+		return "";
+	}
+
+	return buffer;
+}
+
+
+const string X509Certificate_GnuTLS::getType() const {
+
+	return "X.509";
+}
+
+
+int X509Certificate_GnuTLS::getVersion() const {
+
+	return gnutls_x509_crt_get_version(m_data->cert);
+}
+
+
+bool X509Certificate_GnuTLS::equals(const shared_ptr <const certificate>& other) const {
+
+	shared_ptr <const X509Certificate_GnuTLS> otherX509 =
+		dynamicCast <const X509Certificate_GnuTLS>(other);
+
+	if (!otherX509) {
+		return false;
+	}
+
+	const byteArray fp1 = getFingerprint(DIGEST_MD5);
+	const byteArray fp2 = otherX509->getFingerprint(DIGEST_MD5);
+
+	return fp1 == fp2;
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.hpp b/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.hpp
new file mode 100644
index 0000000..c7c6c48
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/gnutls/X509Certificate_GnuTLS.hpp
@@ -0,0 +1,96 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_X509CERTIFICATE_GNUTLS_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_X509CERTIFICATE_GNUTLS_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/security/cert/X509Certificate.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+class X509Certificate_GnuTLS : public X509Certificate {
+
+	friend class X509Certificate;
+
+	X509Certificate_GnuTLS(const X509Certificate&);
+
+public:
+
+	X509Certificate_GnuTLS();
+
+	~X509Certificate_GnuTLS();
+
+
+	void write(utility::outputStream& os, const Format format) const;
+
+	const byteArray getSerialNumber() const;
+
+	const string getIssuerString() const;
+	bool checkIssuer(const shared_ptr <const X509Certificate>& issuer) const;
+
+	bool verify(const shared_ptr <const X509Certificate>& caCert) const;
+
+	bool verifyHostName(
+		const string& hostname,
+		std::vector <std::string>* nonMatchingNames = NULL
+	) const;
+
+	const datetime getExpirationDate() const;
+	const datetime getActivationDate() const;
+
+	const byteArray getFingerprint(const DigestAlgorithm algo) const;
+
+
+	// Implementation of 'certificate'
+	const byteArray getEncoded() const;
+	const string getType() const;
+	int getVersion() const;
+	bool equals(const shared_ptr <const certificate>& other) const;
+	void* getInternalData();
+
+private:
+
+	struct GnuTLSX509CertificateInternalData* m_data;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+#endif // VMIME_SECURITY_CERT_X509CERTIFICATE_GNUTLS_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.cpp b/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.cpp
new file mode 100644
index 0000000..5488801
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.cpp
@@ -0,0 +1,655 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include <cstdio>
+#include <ctime>
+#include <map>
+#include <algorithm>
+
+#include "vmime/security/cert/openssl/X509Certificate_OpenSSL.hpp"
+
+#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
+
+#include "vmime/utility/outputStreamByteArrayAdapter.hpp"
+
+#include "vmime/security/cert/certificateException.hpp"
+#include "vmime/security/cert/unsupportedCertificateTypeException.hpp"
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+
+#ifdef _WIN32
+#	define strcasecmp _stricmp
+#	define strncasecmp _strnicmp
+#endif
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+static net::tls::OpenSSLInitializer::autoInitializer openSSLInitializer;
+
+
+#ifndef VMIME_BUILDING_DOC
+
+class monthMap {
+
+public:
+
+	monthMap() {
+
+		m_monthMap["jan"] = vmime::datetime::JAN;
+		m_monthMap["feb"] = vmime::datetime::FEB;
+		m_monthMap["mar"] = vmime::datetime::MAR;
+		m_monthMap["apr"] = vmime::datetime::APR;
+		m_monthMap["may"] = vmime::datetime::MAY;
+		m_monthMap["jun"] = vmime::datetime::JUN;
+		m_monthMap["jul"] = vmime::datetime::JUL;
+		m_monthMap["aug"] = vmime::datetime::AUG;
+		m_monthMap["sep"] = vmime::datetime::SEP;
+		m_monthMap["oct"] = vmime::datetime::OCT;
+		m_monthMap["nov"] = vmime::datetime::NOV;
+		m_monthMap["dec"] = vmime::datetime::DEC;
+	}
+
+	int getMonth(vmime::string mstr) {
+
+		std::transform(mstr.begin(), mstr.end(), mstr.begin(), ::tolower);
+
+		std::map <vmime::string, vmime::datetime::Months>::const_iterator
+			c_it = m_monthMap.find(mstr);
+
+		if (c_it != m_monthMap.end()) {
+			return c_it->second;
+		}
+
+		return -1;
+	}
+
+private:
+
+	std::map<vmime::string, vmime::datetime::Months> m_monthMap;
+};
+
+static monthMap sg_monthMap;
+
+
+
+struct OpenSSLX509CertificateInternalData {
+
+	OpenSSLX509CertificateInternalData() {
+
+		cert = 0;
+	}
+
+	~OpenSSLX509CertificateInternalData() {
+
+		if (cert) {
+			X509_free(cert);
+		}
+	}
+
+	X509* cert;
+};
+
+
+// Workaround for i2v() taking either a const or a non-const 'method' on some platforms
+STACK_OF(CONF_VALUE)* call_i2v(const X509V3_EXT_METHOD* m, void* p1, STACK_OF(CONF_VALUE)* p2) {
+
+	return m->i2v(m, p1, p2);
+}
+
+
+STACK_OF(CONF_VALUE)* call_i2v(X509V3_EXT_METHOD* m, void* p1, STACK_OF(CONF_VALUE)* p2) {
+
+	return m->i2v(m, p1, p2);
+}
+
+
+#endif // VMIME_BUILDING_DOC
+
+
+X509Certificate_OpenSSL::X509Certificate_OpenSSL()
+	: m_data(new OpenSSLX509CertificateInternalData) {
+
+}
+
+
+X509Certificate_OpenSSL::X509Certificate_OpenSSL(X509* cert)
+	: m_data(new OpenSSLX509CertificateInternalData) {
+
+	m_data->cert = X509_dup(cert);
+}
+
+
+X509Certificate_OpenSSL::X509Certificate_OpenSSL(const X509Certificate_OpenSSL&)
+	: X509Certificate(), m_data(NULL) {
+
+	// Not used
+}
+
+
+X509Certificate_OpenSSL::~X509Certificate_OpenSSL() {
+
+	delete m_data;
+}
+
+
+void* X509Certificate_OpenSSL::getInternalData() {
+
+	return &m_data->cert;
+}
+
+
+// static
+shared_ptr <X509Certificate> X509Certificate_OpenSSL::importInternal(X509* cert) {
+
+	if (cert) {
+		return make_shared <X509Certificate_OpenSSL>(reinterpret_cast <X509 *>(cert));
+	}
+
+	return null;
+}
+
+
+// static
+shared_ptr <X509Certificate> X509Certificate::import(utility::inputStream& is) {
+
+	byteArray bytes;
+	byte_t chunk[4096];
+
+	while (!is.eof()) {
+		const size_t len = is.read(chunk, sizeof(chunk));
+		bytes.insert(bytes.end(), chunk, chunk + len);
+	}
+
+	return import(&bytes[0], bytes.size());
+}
+
+
+// static
+shared_ptr <X509Certificate> X509Certificate::import(
+	const byte_t* data,
+	const size_t length
+) {
+
+	shared_ptr <X509Certificate_OpenSSL> cert = make_shared <X509Certificate_OpenSSL>();
+
+	BIO* membio = BIO_new_mem_buf(const_cast <byte_t*>(data), static_cast <int>(length));
+
+	if (!(cert->m_data->cert = d2i_X509_bio(membio, NULL))
+	    /*!PEM_read_bio_X509(membio, &(cert->m_data->cert), 0, 0)*/) {
+		BIO_vfree(membio);
+		return null;
+	}
+
+	BIO_vfree(membio);
+
+	return cert;
+}
+
+
+// static
+void X509Certificate::import(
+	utility::inputStream& is,
+	std::vector <shared_ptr <X509Certificate> >& certs
+) {
+
+	byteArray bytes;
+	byte_t chunk[4096];
+
+	while (!is.eof()) {
+		const size_t len = is.read(chunk, sizeof(chunk));
+		bytes.insert(bytes.end(), chunk, chunk + len);
+	}
+
+	import(&bytes[0], bytes.size(), certs);
+}
+
+
+// static
+void X509Certificate::import(
+	const byte_t* data,
+	const size_t length,
+	std::vector <shared_ptr <X509Certificate> >& certs
+) {
+
+	BIO* membio = BIO_new_mem_buf(const_cast <byte_t*>(data), static_cast <int>(length));
+	shared_ptr <X509Certificate_OpenSSL> cert = null;
+
+	while (true) {
+
+		cert = make_shared <X509Certificate_OpenSSL>();
+
+		if (!PEM_read_bio_X509(membio, &(cert->m_data->cert), 0, 0)) {
+			break;
+		}
+
+		certs.push_back(cert);
+	}
+
+	BIO_vfree(membio);
+}
+
+
+void X509Certificate_OpenSSL::write(
+	utility::outputStream& os,
+	const Format format
+) const {
+
+	BIO* membio = 0;
+	long dataSize = 0;
+	unsigned char* out = 0;
+
+	if (format == FORMAT_DER) {
+
+		if ((dataSize = i2d_X509(m_data->cert, &out)) < 0) {
+			goto err;
+		}
+
+		os.write(reinterpret_cast <byte_t*>(out), dataSize);
+		os.flush();
+		OPENSSL_free(out);
+
+	} else if (format == FORMAT_PEM) {
+
+		membio = BIO_new(BIO_s_mem());
+		BIO_set_close(membio, BIO_CLOSE);
+
+		if (!PEM_write_bio_X509(membio, m_data->cert)) {
+			goto pem_err;
+		}
+
+		dataSize = BIO_get_mem_data(membio, &out);
+		os.write(reinterpret_cast <byte_t*>(out), dataSize);
+		os.flush();
+		BIO_vfree(membio);
+
+	} else {
+
+		throw unsupportedCertificateTypeException("Unknown format");
+	}
+
+	return; // #### Early Return ####
+
+pem_err:
+	{
+		if (membio) {
+			BIO_vfree(membio);
+		}
+	}
+
+err:
+	{
+		char errstr[256];
+		long ec = ERR_get_error();
+		ERR_error_string(ec, errstr);
+		throw certificateException("OpenSSLX509Certificate_OpenSSL::write exception - " + string(errstr));
+	}
+}
+
+
+const byteArray X509Certificate_OpenSSL::getSerialNumber() const {
+
+	ASN1_INTEGER *serial = X509_get_serialNumber(m_data->cert);
+	BIGNUM *bnser = ASN1_INTEGER_to_BN(serial, NULL);
+	int n = BN_num_bytes(bnser);
+	byte_t* outbuf = new byte_t[n];
+	BN_bn2bin(bnser, outbuf);
+	byteArray ser(outbuf, outbuf + n);
+	delete [] outbuf;
+	BN_free(bnser);
+	return ser;
+}
+
+
+bool X509Certificate_OpenSSL::checkIssuer(const shared_ptr <const X509Certificate>& cert_) const {
+
+	shared_ptr <const X509Certificate_OpenSSL> cert =
+		dynamicCast <const X509Certificate_OpenSSL>(cert_);
+
+	// Get issuer for this cert
+	BIO *out;
+	unsigned char *issuer;
+
+	out = BIO_new(BIO_s_mem());
+	X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253);
+	long n = BIO_get_mem_data(out, &issuer);
+	vmime::string thisIssuerName((char*)issuer, n);
+	BIO_free(out);
+
+	// Get subject of issuer
+	unsigned char *subject;
+	out = BIO_new(BIO_s_mem());
+	X509_NAME_print_ex(out, X509_get_subject_name(cert->m_data->cert), 0, XN_FLAG_RFC2253);
+	n = BIO_get_mem_data(out, &subject);
+	vmime::string subjOfIssuer((char*)subject, n);
+	BIO_free(out);
+
+	return subjOfIssuer == thisIssuerName;
+}
+
+
+bool X509Certificate_OpenSSL::verify(const shared_ptr <const X509Certificate>& caCert_) const {
+
+	shared_ptr <const X509Certificate_OpenSSL> caCert =
+		dynamicCast <const X509Certificate_OpenSSL>(caCert_);
+
+//	printf("ptr before cast is %p\n", caCert_.get());
+//	printf("ptr is %p\n", caCert.get());
+
+	bool verified = false;
+	bool error = true;
+
+	X509_STORE *store = X509_STORE_new();
+
+	if (store) {
+
+		X509_STORE_CTX *verifyCtx = X509_STORE_CTX_new();
+
+		if (verifyCtx) {
+
+			if (X509_STORE_add_cert(store, caCert->m_data->cert)) {
+
+				X509_STORE_CTX_init(verifyCtx, store, m_data->cert, NULL);
+
+				int ret = X509_verify_cert(verifyCtx);
+
+				if (ret == 1) {
+
+					verified = true;
+					error = false;
+
+				} else if (ret == 0) {
+
+					verified = false;
+					error = false;
+				}
+
+				//X509_verify_cert_error_string(vrfy_ctx->error)
+
+				X509_STORE_CTX_free(verifyCtx);
+			}
+		}
+
+		X509_STORE_free(store);
+	}
+
+	return verified && !error;
+}
+
+
+// static
+bool X509Certificate_OpenSSL::cnMatch(const char* cnBuf, const char* host) {
+
+	// Right-to-left match, looking for a '*' wildcard
+	const bool hasWildcard = (strlen(cnBuf) > 1 && cnBuf[0] == '*' && cnBuf[1] == '.');
+	const char* cnBufReverseEndPtr = (cnBuf + (hasWildcard ? 2 : 0));
+	const char* hostPtr = host + strlen(host);
+	const char* cnPtr = cnBuf + strlen(cnBuf);
+
+	bool matches = true;
+
+	while (matches && --hostPtr >= host && --cnPtr >= cnBufReverseEndPtr) {
+		matches = (toupper(*hostPtr) == toupper(*cnPtr));
+	}
+
+	return matches;
+}
+
+
+bool X509Certificate_OpenSSL::verifyHostName(
+	const string& hostname,
+	std::vector <std::string>* nonMatchingNames
+) const {
+
+	// First, check subject common name against hostname
+	char CNBuffer[1024];
+	CNBuffer[sizeof(CNBuffer) - 1] = '\0';
+
+	X509_NAME* xname = X509_get_subject_name(m_data->cert);
+
+	if (X509_NAME_get_text_by_NID(xname, NID_commonName, CNBuffer, sizeof(CNBuffer)) != -1) {
+
+		if (cnMatch(CNBuffer, hostname.c_str())) {
+			return true;
+		}
+
+		if (nonMatchingNames) {
+			nonMatchingNames->push_back(CNBuffer);
+		}
+	}
+
+	// Now, look in subject alternative names
+	bool verify = false;
+
+	STACK_OF(GENERAL_NAME)* altNames = static_cast <GENERAL_NAMES*>
+		(X509_get_ext_d2i(m_data->cert, NID_subject_alt_name, NULL, NULL));
+
+	if (altNames == NULL) {
+		return false;
+	}
+
+	// Check each name within the extension
+	for (int i = 0, n = sk_GENERAL_NAME_num(altNames) ; i < n ; ++i) {
+
+		const GENERAL_NAME* currentName = sk_GENERAL_NAME_value(altNames, i);
+
+		if (currentName->type == GEN_DNS) {
+
+			// Current name is a DNS name, let's check it
+			char *DNSName = (char *) ASN1_STRING_data(currentName->d.dNSName);
+
+			// Make sure there isn't an embedded NUL character in the DNS name
+			if (ASN1_STRING_length(currentName->d.dNSName) != strlen(DNSName)) {
+				// Malformed certificate
+				break;
+			}
+
+			if (cnMatch(DNSName, hostname.c_str())) {
+				verify = true;
+				break;
+			}
+
+			if (nonMatchingNames) {
+				nonMatchingNames->push_back(DNSName);
+			}
+		}
+	}
+
+	sk_GENERAL_NAME_pop_free(altNames, GENERAL_NAME_free);
+
+	return verify;
+}
+
+
+const datetime X509Certificate_OpenSSL::convertX509Date(void* time) const {
+
+	char* buffer;
+	BIO* out = BIO_new(BIO_s_mem());
+	BIO_set_close(out, BIO_CLOSE);
+
+	ASN1_TIME* asn1_time = reinterpret_cast<ASN1_TIME*>(time);
+	ASN1_TIME_print(out, asn1_time);
+
+	const long sz = BIO_get_mem_data(out, &buffer);
+	char* dest = new char[sz + 1];
+	dest[sz] = 0;
+	memcpy(dest, buffer, sz);
+	vmime::string t(dest);
+
+	BIO_free(out);
+	delete [] dest;
+
+	if (t.size() > 0) {
+
+		char month[4] = {0};
+		char zone[4] = {0};
+		int day, hour, minute, second, year;
+		int nrconv = sscanf(t.c_str(), "%s %2d %02d:%02d:%02d %d%s", month, &day, &hour, &minute, &second,&year,zone);
+
+		if (nrconv >= 6) {
+			return datetime(year, sg_monthMap.getMonth(vmime::string(month)), day, hour, minute, second);
+		}
+	}
+
+	// let datetime try and parse it
+	return datetime(t);
+}
+
+
+const datetime X509Certificate_OpenSSL::getActivationDate() const {
+
+	return convertX509Date(X509_get_notBefore(m_data->cert));
+}
+
+
+const datetime X509Certificate_OpenSSL::getExpirationDate() const {
+
+	return convertX509Date(X509_get_notAfter(m_data->cert));
+}
+
+
+const byteArray X509Certificate_OpenSSL::getFingerprint(const DigestAlgorithm algo) const {
+
+	BIO *out;
+	int j;
+	unsigned int n;
+	const EVP_MD *digest;
+	unsigned char * fingerprint;
+	unsigned char md[EVP_MAX_MD_SIZE];
+
+	switch (algo) {
+
+		case DIGEST_MD5:
+
+			digest = EVP_md5();
+			break;
+
+		default:
+		case DIGEST_SHA1:
+
+			digest = EVP_sha1();
+			break;
+	}
+
+	out = BIO_new(BIO_s_mem());
+	BIO_set_close(out, BIO_CLOSE);
+
+	if (X509_digest(m_data->cert, digest, md, &n)) {
+
+		for (j = 0 ; j < (int) n ; j++) {
+			BIO_printf(out, "%02X", md[j]);
+			if (j + 1 != (int) n) BIO_printf(out, ":");
+		}
+	}
+
+	const long resultLen = BIO_get_mem_data(out, &fingerprint);
+	unsigned char* result = new unsigned char[resultLen];
+	memcpy(result, fingerprint, resultLen);
+	BIO_free(out);
+
+	byteArray res;
+	res.insert(res.end(), &result[0], &result[0] + resultLen);
+
+	delete [] result;
+
+	return res;
+}
+
+
+const byteArray X509Certificate_OpenSSL::getEncoded() const {
+
+	byteArray bytes;
+	utility::outputStreamByteArrayAdapter os(bytes);
+
+	write(os, FORMAT_DER);
+
+	return bytes;
+}
+
+
+const string X509Certificate_OpenSSL::getIssuerString() const {
+
+	// Get issuer for this cert
+	BIO* out = BIO_new(BIO_s_mem());
+	X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253);
+
+	unsigned char* issuer;
+	const long n = BIO_get_mem_data(out, &issuer);
+
+	vmime::string name(reinterpret_cast <char*>(issuer), n);
+	BIO_free(out);
+
+	return name;
+}
+
+
+const string X509Certificate_OpenSSL::getType() const {
+
+	return "X.509";
+}
+
+
+int X509Certificate_OpenSSL::getVersion() const {
+
+	return (int) X509_get_version(m_data->cert);
+}
+
+
+bool X509Certificate_OpenSSL::equals(const shared_ptr <const certificate>& other) const {
+
+	shared_ptr <const X509Certificate_OpenSSL> otherX509 =
+		dynamicCast <const X509Certificate_OpenSSL>(other);
+
+	if (!otherX509) {
+		return false;
+	}
+
+	const byteArray fp1 = getFingerprint(DIGEST_MD5);
+	const byteArray fp2 = otherX509->getFingerprint(DIGEST_MD5);
+
+	return fp1 == fp2;
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.hpp b/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.hpp
new file mode 100644
index 0000000..c0ebf3c
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/openssl/X509Certificate_OpenSSL.hpp
@@ -0,0 +1,119 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_X509CERTIFICATE_OPENSSL_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_X509CERTIFICATE_OPENSSL_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/security/cert/X509Certificate.hpp"
+
+#include <openssl/x509.h>
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+class X509Certificate_OpenSSL : public X509Certificate {
+
+	friend class X509Certificate;
+
+	X509Certificate_OpenSSL(const X509Certificate_OpenSSL&);
+
+public:
+
+	X509Certificate_OpenSSL();
+	X509Certificate_OpenSSL(X509* cert);
+
+	~X509Certificate_OpenSSL();
+
+
+	void write(utility::outputStream& os, const Format format) const;
+
+	const byteArray getSerialNumber() const;
+
+	const string getIssuerString() const;
+	bool checkIssuer(const shared_ptr <const X509Certificate>& issuer) const;
+
+	bool verify(const shared_ptr <const X509Certificate>& caCert) const;
+
+	bool verifyHostName(
+		const string& hostname,
+		std::vector <std::string>* nonMatchingNames = NULL
+	) const;
+
+	const datetime getExpirationDate() const;
+	const datetime getActivationDate() const;
+
+	const byteArray getFingerprint(const DigestAlgorithm algo) const;
+
+
+	static shared_ptr <X509Certificate> importInternal(X509* cert);
+
+
+	// Implementation of 'certificate'
+	const byteArray getEncoded() const;
+	const string getType() const;
+	int getVersion() const;
+	bool equals(const shared_ptr <const certificate>& other) const;
+	void* getInternalData();
+
+private:
+
+	/** Internal utility function to test whether a hostname matches
+	  * the specified X509 Common Name (wildcard is supported).
+	  *
+	  * @param cnBuf pointer to buffer holding Common Name
+	  * @param host pointer to buffer holding host name
+	  * @return true if the hostname matches the Common Name, or
+	  * false otherwise
+	  */
+	static bool cnMatch(const char* cnBuf, const char* host);
+
+	/** Internal utility function to convert ASN1_TIME
+	 *  structs to vmime::datetime
+	 *
+	 *  @param pointer to ASN1_TIME struct to convert
+	 */
+	const datetime convertX509Date(void* time) const;
+
+	struct OpenSSLX509CertificateInternalData* m_data;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_SECURITY_CERT_X509CERTIFICATE_OPENSSL_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/cert/serverIdentityException.cpp b/vmime-master/src/vmime/security/cert/serverIdentityException.cpp
new file mode 100644
index 0000000..fcbe571
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/serverIdentityException.cpp
@@ -0,0 +1,55 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/serverIdentityException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+serverIdentityException::serverIdentityException()
+	: certificateException("Server identity cannot be verified.") {
+
+}
+
+
+exception* serverIdentityException::clone() const {
+
+	return new serverIdentityException();
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/serverIdentityException.hpp b/vmime-master/src/vmime/security/cert/serverIdentityException.hpp
new file mode 100644
index 0000000..358553e
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/serverIdentityException.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_SERVERIDENTITYEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_SERVERIDENTITYEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when the subject name of a certificate does not match
+  * the hostname of the server.
+  */
+class VMIME_EXPORT serverIdentityException : public certificateException {
+
+public:
+
+	/** Constructs a serverIdentityException with no detail message.
+	  */
+	serverIdentityException();
+
+	exception* clone() const;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_SERVERIDENTITYEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.cpp b/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.cpp
new file mode 100644
index 0000000..5765651
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.cpp
@@ -0,0 +1,61 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/unsupportedCertificateTypeException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+unsupportedCertificateTypeException::unsupportedCertificateTypeException(const string& type)
+	: certificateException(string("Unsupported certificate type: '") + type + "'."),
+	  m_type(type) {
+
+}
+
+
+unsupportedCertificateTypeException::~unsupportedCertificateTypeException() throw() {
+
+}
+
+
+exception* unsupportedCertificateTypeException::clone() const {
+
+	return new unsupportedCertificateTypeException(m_type);
+}
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
diff --git a/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.hpp b/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.hpp
new file mode 100644
index 0000000..725035f
--- /dev/null
+++ b/vmime-master/src/vmime/security/cert/unsupportedCertificateTypeException.hpp
@@ -0,0 +1,72 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_CERT_UNSUPPORTEDCERTIFICATETYPEEXCEPTION_HPP_INCLUDED
+#define VMIME_SECURITY_CERT_UNSUPPORTEDCERTIFICATETYPEEXCEPTION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/security/cert/certificate.hpp"
+#include "vmime/security/cert/certificateException.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace cert {
+
+
+/** Thrown when a certificate is of unsupported format.
+  */
+class VMIME_EXPORT unsupportedCertificateTypeException : public certificateException {
+
+public:
+
+	/** Constructs a unsupportedCertificateTypeException.
+	  *
+	  * @param type certificate type
+	  */
+	unsupportedCertificateTypeException(const string& type);
+
+	~unsupportedCertificateTypeException() throw();
+
+	exception* clone() const;
+
+private:
+
+	string m_type;
+};
+
+
+} // cert
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_SECURITY_CERT_UNSUPPORTEDCERTIFICATETYPEEXCEPTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/defaultAuthenticator.cpp b/vmime-master/src/vmime/security/defaultAuthenticator.cpp
new file mode 100644
index 0000000..86c29d3
--- /dev/null
+++ b/vmime-master/src/vmime/security/defaultAuthenticator.cpp
@@ -0,0 +1,130 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+#include "vmime/security/defaultAuthenticator.hpp"
+
+#include "vmime/net/service.hpp"
+
+#include "vmime/platform.hpp"
+
+
+namespace vmime {
+namespace security {
+
+
+defaultAuthenticator::defaultAuthenticator() {
+
+}
+
+
+defaultAuthenticator::~defaultAuthenticator() {
+
+}
+
+
+const string defaultAuthenticator::getUsername() const {
+
+	shared_ptr <const net::service> service = m_service.lock();
+
+	const string prefix = service->getInfos().getPropertyPrefix();
+	const propertySet& props = service->getSession()->getProperties();
+
+	if (props.hasProperty(prefix + net::serviceInfos::property::AUTH_USERNAME.getName())) {
+		return props[prefix + net::serviceInfos::property::AUTH_USERNAME.getName()];
+	}
+
+	throw exceptions::no_auth_information();
+}
+
+
+const string defaultAuthenticator::getPassword() const {
+
+	shared_ptr <const net::service> service = m_service.lock();
+
+	const string prefix = service->getInfos().getPropertyPrefix();
+	const propertySet& props = service->getSession()->getProperties();
+
+	if (props.hasProperty(prefix + net::serviceInfos::property::AUTH_PASSWORD.getName())) {
+		return props[prefix + net::serviceInfos::property::AUTH_PASSWORD.getName()];
+	}
+
+	throw exceptions::no_auth_information();
+}
+
+
+const string defaultAuthenticator::getAccessToken() const {
+
+	shared_ptr <const net::service> service = m_service.lock();
+
+	const string prefix = service->getInfos().getPropertyPrefix();
+	const propertySet& props = service->getSession()->getProperties();
+
+	if (props.hasProperty(prefix + net::serviceInfos::property::AUTH_ACCESS_TOKEN.getName())) {
+		return props[prefix + net::serviceInfos::property::AUTH_ACCESS_TOKEN.getName()];
+	}
+
+	throw exceptions::no_auth_information();
+}
+
+
+const string defaultAuthenticator::getHostname() const {
+
+	return platform::getHandler()->getHostName();
+}
+
+
+const string defaultAuthenticator::getAnonymousToken() const {
+
+	return "anonymous@" + platform::getHandler()->getHostName();
+}
+
+
+const string defaultAuthenticator::getServiceName() const {
+
+	// Information cannot be provided
+	throw exceptions::no_auth_information();
+}
+
+
+void defaultAuthenticator::setService(const shared_ptr <net::service>& serv) {
+
+	m_service = serv;
+}
+
+
+weak_ptr <net::service> defaultAuthenticator::getService() const {
+
+	return m_service;
+}
+
+
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/security/defaultAuthenticator.hpp b/vmime-master/src/vmime/security/defaultAuthenticator.hpp
new file mode 100644
index 0000000..e053f9e
--- /dev/null
+++ b/vmime-master/src/vmime/security/defaultAuthenticator.hpp
@@ -0,0 +1,73 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_DEFAULTAUTHENTICATOR_HPP_INCLUDED
+#define VMIME_SECURITY_DEFAULTAUTHENTICATOR_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/security/authenticator.hpp"
+
+
+namespace vmime {
+namespace security {
+
+
+/** An authenticator that can provide some basic information by
+  * reading in the messaging session properties.
+  */
+class VMIME_EXPORT defaultAuthenticator : public authenticator {
+
+public:
+
+	defaultAuthenticator();
+	~defaultAuthenticator();
+
+	const string getUsername() const;
+	const string getPassword() const;
+	const string getHostname() const;
+	const string getAnonymousToken() const;
+	const string getServiceName() const;
+	const string getAccessToken() const;
+
+	void setService(const shared_ptr <net::service>& serv);
+	weak_ptr <net::service> getService() const;
+
+private:
+
+	weak_ptr <net::service> m_service;
+};
+
+
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+#endif // VMIME_SECURITY_DEFAULTAUTHENTICATOR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.cpp b/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.cpp
new file mode 100644
index 0000000..9a07b57
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.cpp
@@ -0,0 +1,349 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+//
+// Derived from cryptoapi implementation, originally based on the
+// public domain implementation written by Colin Plumb in 1993.
+//
+// Copyright (C) Cryptoapi developers.
+//
+// Algorithm Copyright:
+//
+//     Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+//     rights reserved.
+//
+//     License to copy and use this software is granted provided that it
+//     is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+//     Algorithm" in all material mentioning or referencing this software
+//     or this function.
+//
+//     License is also granted to make and use derivative works provided
+//     that such works are identified as "derived from the RSA Data
+//     Security, Inc. MD5 Message-Digest Algorithm" in all material
+//     mentioning or referencing the derived work.
+//
+//     RSA Data Security, Inc. makes no representations concerning either
+//     the merchantability of this software or the suitability of this
+//     software forany particular purpose. It is provided "as is"
+//     without express or implied warranty of any kind.
+//     These notices must be retained in any copies of any part of this
+//     documentation and/or software.
+
+#include "vmime/security/digest/md5/md5MessageDigest.hpp"
+
+#include <cstring>
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+namespace md5 {
+
+
+md5MessageDigest::md5MessageDigest() {
+
+	init();
+}
+
+
+void md5MessageDigest::reset() {
+
+	init();
+}
+
+
+void md5MessageDigest::init() {
+
+	m_hash[0] = 0x67452301;
+	m_hash[1] = 0xefcdab89;
+	m_hash[2] = 0x98badcfe;
+	m_hash[3] = 0x10325476;
+
+	m_byteCount = 0;
+	m_finalized = false;
+}
+
+
+static void copyUint8Array(vmime_uint8* dest, const vmime_uint8* src, size_t count) {
+
+	for ( ; count >= 4 ; count -= 4, dest += 4, src += 4) {
+		dest[0] = src[0];
+		dest[1] = src[1];
+		dest[2] = src[2];
+		dest[3] = src[3];
+	}
+
+	for ( ; count ; --count, ++dest, ++src) {
+		dest[0] = src[0];
+	}
+}
+
+
+static inline vmime_uint32 swapUint32(const vmime_uint32 D) {
+
+	return ((D << 24) | ((D << 8) & 0x00FF0000) | ((D >> 8) & 0x0000FF00) | (D >> 24));
+}
+
+
+static inline void swapUint32Array(vmime_uint32* buf, size_t words) {
+
+	for ( ; words >= 4 ; words -= 4, buf += 4) {
+		buf[0] = swapUint32(buf[0]);
+		buf[1] = swapUint32(buf[1]);
+		buf[2] = swapUint32(buf[2]);
+		buf[3] = swapUint32(buf[3]);
+	}
+
+	for ( ; words ; --words, ++buf) {
+		buf[0] = swapUint32(buf[0]);
+	}
+}
+
+
+void md5MessageDigest::update(const byte_t b) {
+
+	update(&b, 1);
+}
+
+
+void md5MessageDigest::update(const string& s) {
+
+	update(reinterpret_cast <const byte_t*>(s.data()), s.length());
+}
+
+
+void md5MessageDigest::update(const byte_t* data, const size_t offset, const size_t len) {
+
+	update(data + offset, len);
+}
+
+
+void md5MessageDigest::update(const byte_t* data, const size_t length) {
+
+	const size_t avail = 64 - (m_byteCount & 0x3f);
+	size_t len = length;
+
+	m_byteCount += len;
+
+	if (avail > len) {
+		copyUint8Array(m_block.b8 + (64 - avail), data, len);
+		return;
+	}
+
+	copyUint8Array(m_block.b8 + (64 - avail), data, avail);
+	transformHelper();
+
+	data += avail;
+	len -= avail;
+
+	while (len >= 64) {
+
+		copyUint8Array(m_block.b8, data, 64);
+		transformHelper();
+
+		data += 64;
+		len -= 64;
+	}
+
+	copyUint8Array(m_block.b8, data, len);
+}
+
+
+void md5MessageDigest::finalize(const string& s) {
+
+	update(s);
+	finalize();
+}
+
+
+void md5MessageDigest::finalize(const byte_t* buffer, const size_t len) {
+
+	update(buffer, len);
+	finalize();
+}
+
+
+void md5MessageDigest::finalize(
+	const byte_t* buffer,
+	const size_t offset,
+	const size_t len
+) {
+
+	update(buffer, offset, len);
+	finalize();
+}
+
+
+void md5MessageDigest::finalize() {
+
+	const long offset = m_byteCount & 0x3f;
+
+	vmime_uint8* p = m_block.b8 + offset;
+	long padding = 56 - (offset + 1);
+
+	*p++ = 0x80;
+
+	if (padding < 0) {
+
+		memset(p, 0x00, padding + 8);
+		transformHelper();
+		p = m_block.b8;
+		padding = 56;
+	}
+
+	memset(p, 0, padding);
+
+	m_block.b32[14] = static_cast <vmime_uint32>(m_byteCount << 3);
+	m_block.b32[15] = static_cast <vmime_uint32>(m_byteCount >> 29);
+
+#if VMIME_BYTE_ORDER_BIG_ENDIAN
+	swapUint32Array(m_block.b32, (64 - 8) / 4);
+#endif
+
+	transform();
+
+#if VMIME_BYTE_ORDER_BIG_ENDIAN
+	swapUint32Array(m_hash, 4);
+#endif
+
+	m_finalized = true;
+}
+
+
+void md5MessageDigest::transformHelper() {
+
+#if VMIME_BYTE_ORDER_BIG_ENDIAN
+	swapUint32Array(m_block.b32, 64 / 4);
+#endif
+	transform();
+}
+
+
+void md5MessageDigest::transform() {
+
+	const vmime_uint32* const in = m_block.b32;
+
+	vmime_uint32 a = m_hash[0];
+	vmime_uint32 b = m_hash[1];
+	vmime_uint32 c = m_hash[2];
+	vmime_uint32 d = m_hash[3];
+
+#define F1(x, y, z)	(z ^ (x & (y ^ z)))
+#define F2(x, y, z)	F1(z, x, y)
+#define F3(x, y, z)	(x ^ y ^ z)
+#define F4(x, y, z)	(y ^ (x | ~z))
+
+#define MD5STEP(f, w, x, y, z, in, s) \
+	(w += f(x, y, z) + in, w = (w<<s | w>>(32-s)) + x)
+
+	MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+	MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+	MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
+	MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+	MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+	MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+	MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
+	MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
+	MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
+	MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+	MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+	MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+	MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
+	MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+	MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+	MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+
+	MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+	MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
+	MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+	MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+	MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+	MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
+	MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+	MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+	MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+	MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+	MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+	MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+	MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+	MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+	MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+	MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+
+	MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+	MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
+	MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+	MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+	MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+	MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+	MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+	MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+	MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+	MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+	MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+	MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
+	MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+	MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+	MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+	MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
+
+	MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
+	MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
+	MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+	MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+	MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+	MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+	MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+	MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+	MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+	MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+	MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
+	MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+	MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+	MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+	MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+	MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
+
+	m_hash[0] += a;
+	m_hash[1] += b;
+	m_hash[2] += c;
+	m_hash[3] += d;
+}
+
+
+size_t md5MessageDigest::getDigestLength() const {
+
+	return 16;
+}
+
+
+const byte_t* md5MessageDigest::getDigest() const {
+
+	return reinterpret_cast <const byte_t*>(m_hash);
+}
+
+
+} // md5
+} // digest
+} // security
+} // vmime
+
diff --git a/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.hpp b/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.hpp
new file mode 100644
index 0000000..bdb730a
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/md5/md5MessageDigest.hpp
@@ -0,0 +1,85 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_DIGEST_MD5_MD5MESSAGEDIGEST_HPP_INCLUDED
+#define VMIME_SECURITY_DIGEST_MD5_MD5MESSAGEDIGEST_HPP_INCLUDED
+
+
+#include "vmime/security/digest/messageDigest.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+namespace md5 {
+
+
+class md5MessageDigest : public messageDigest {
+
+public:
+
+	md5MessageDigest();
+
+	void update(const byte_t b);
+	void update(const string& s);
+	void update(const byte_t* buffer, const size_t len);
+	void update(const byte_t* buffer, const size_t offset, const size_t len);
+
+	void finalize();
+	void finalize(const string& s);
+	void finalize(const byte_t* buffer, const size_t len);
+	void finalize(const byte_t* buffer, const size_t offset, const size_t len);
+
+	size_t getDigestLength() const;
+	const byte_t* getDigest() const;
+
+	void reset();
+
+protected:
+
+	void init();
+	void transformHelper();
+	void transform();
+
+	vmime_uint32 m_hash[4];
+
+	union BlockType {
+		vmime_uint32 b32[16];
+		vmime_uint8 b8[64];
+	};
+
+	size_t m_byteCount;
+	BlockType m_block;
+
+	bool m_finalized;
+};
+
+
+} // md5
+} // digest
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_DIGEST_MD5_MD5MESSAGEDIGEST_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/digest/messageDigest.cpp b/vmime-master/src/vmime/security/digest/messageDigest.cpp
new file mode 100644
index 0000000..d7e394f
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/messageDigest.cpp
@@ -0,0 +1,56 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/security/digest/messageDigest.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+
+
+const string messageDigest::getHexDigest() const {
+
+	const byte_t* hash = getDigest();
+	const size_t len = getDigestLength();
+
+	static const unsigned char hex[] = "0123456789abcdef";
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+
+	for (size_t i = 0 ; i < len ; ++i) {
+		oss << hex[(hash[i] & 0xf0) >> 4];
+		oss << hex[(hash[i] & 0x0f)];
+	}
+
+	return oss.str();
+}
+
+
+} // digest
+} // security
+} // vmime
+
diff --git a/vmime-master/src/vmime/security/digest/messageDigest.hpp b/vmime-master/src/vmime/security/digest/messageDigest.hpp
new file mode 100644
index 0000000..0413810
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/messageDigest.hpp
@@ -0,0 +1,142 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_DIGEST_MESSAGEDIGEST_HPP_INCLUDED
+#define VMIME_SECURITY_DIGEST_MESSAGEDIGEST_HPP_INCLUDED
+
+
+#include "vmime/object.hpp"
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+
+
+/** Computes message digests using standard algorithms,
+  * such as MD5 or SHA.
+  */
+class VMIME_EXPORT messageDigest : public object {
+
+public:
+
+	/** Updates the digest using the specified string.
+	  *
+	  * @param s the string with which to update the digest.
+	  */
+	virtual void update(const string& s) = 0;
+
+	/** Updates the digest using the specified byte.
+	  *
+	  * @param b the byte with which to update the digest.
+	  */
+	virtual void update(const byte_t b) = 0;
+
+	/** Updates the digest using the specified array of bytes.
+	  *
+	  * @param buffer array of bytes
+	  * @param len number of bytes to use in the buffer
+	  */
+	virtual void update(const byte_t* buffer, const size_t len) = 0;
+
+	/** Updates the digest using the specified array of bytes,
+	  * starting at the specified offset.
+	  *
+	  * @param buffer array of bytes
+	  * @param offset offset to start from in the array of bytes
+	  * @param len number of bytes to use, starting at offset
+	  */
+	virtual void update(
+		const byte_t* buffer,
+		const size_t offset,
+		const size_t len
+	) = 0;
+
+	/** Completes the hash computation by performing final operations
+	  * such as padding.
+	  */
+	virtual void finalize() = 0;
+
+	/** Completes the hash computation by performing final operations
+	  * such as padding. This is equivalent to calling update() and
+	  * then finalize().
+	  */
+	virtual void finalize(const string& s) = 0;
+
+	/** Completes the hash computation by performing final operations
+	  * such as padding. This is equivalent to calling update() and
+	  * then finalize().
+	  */
+	virtual void finalize(
+		const byte_t* buffer,
+		const size_t len
+	) = 0;
+
+	/** Completes the hash computation by performing final operations
+	  * such as padding. This is equivalent to calling update() and
+	  * then finalize().
+	  */
+	virtual void finalize(
+		const byte_t* buffer,
+		const size_t offset,
+		const size_t len
+	) = 0;
+
+	/** Returns the length of the hash.
+	  * This is the length of the array returned by getDigest().
+	  *
+	  * @return length of computed hash
+	  */
+	virtual size_t getDigestLength() const = 0;
+
+	/** Returns the hash, as computed by the algorithm.
+	  * You must call finalize() before using this function, or the
+	  * hash will not be correct.
+	  * To get the size of the returned array, call getDigestLength().
+	  *
+	  * @return computed hash
+	  */
+	virtual const byte_t* getDigest() const = 0;
+
+	/** Returns the hash as an hexadecimal string.
+	  * You must call finalize() before using this function, or the
+	  * hash will not be correct.
+	  *
+	  * @return computed hash, in hexadecimal format
+	  */
+	virtual const string getHexDigest() const;
+
+	/** Resets the algorithm to its initial state, so that you can
+	  * compute a new hash using the same object.
+	  */
+	virtual void reset() = 0;
+};
+
+
+} // digest
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_DIGEST_MESSAGEDIGEST_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/digest/messageDigestFactory.cpp b/vmime-master/src/vmime/security/digest/messageDigestFactory.cpp
new file mode 100644
index 0000000..2e49968
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/messageDigestFactory.cpp
@@ -0,0 +1,81 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/security/digest/messageDigestFactory.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/security/digest/md5/md5MessageDigest.hpp"
+#include "vmime/security/digest/sha1/sha1MessageDigest.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+
+
+messageDigestFactory::messageDigestFactory() {
+
+	registerAlgorithm <md5::md5MessageDigest>("md5");
+	registerAlgorithm <sha1::sha1MessageDigest>("sha1");
+}
+
+
+messageDigestFactory::~messageDigestFactory() {
+
+}
+
+
+messageDigestFactory* messageDigestFactory::getInstance() {
+
+	static messageDigestFactory instance;
+	return &instance;
+}
+
+
+shared_ptr <messageDigest> messageDigestFactory::create(const string& name) {
+
+	const MapType::const_iterator it = m_algos.find(utility::stringUtils::toLower(name));
+
+	if (it != m_algos.end()) {
+		return (*it).second->create();
+	}
+
+	throw exceptions::no_digest_algorithm_available(name);
+}
+
+
+const std::vector <string> messageDigestFactory::getSupportedAlgorithms() const {
+
+	std::vector <string> res;
+
+	for (MapType::const_iterator it = m_algos.begin() ; it != m_algos.end() ; ++it) {
+		res.push_back((*it).first);
+	}
+
+	return res;
+}
+
+
+} // digest
+} // security
+} // vmime
diff --git a/vmime-master/src/vmime/security/digest/messageDigestFactory.hpp b/vmime-master/src/vmime/security/digest/messageDigestFactory.hpp
new file mode 100644
index 0000000..56a0cfe
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/messageDigestFactory.hpp
@@ -0,0 +1,110 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_DIGEST_MESSAGEDIGESTFACTORY_HPP_INCLUDED
+#define VMIME_SECURITY_DIGEST_MESSAGEDIGESTFACTORY_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/security/digest/messageDigest.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+
+
+/** Creates instances of message digest algorithms.
+  */
+
+class VMIME_EXPORT messageDigestFactory {
+
+private:
+
+	messageDigestFactory();
+	~messageDigestFactory();
+
+public:
+
+	static messageDigestFactory* getInstance();
+
+private:
+
+	struct digestAlgorithmFactory : public object {
+
+		virtual shared_ptr <messageDigest> create() const = 0;
+	};
+
+	template <class E>
+	struct digestAlgorithmFactoryImpl : public digestAlgorithmFactory {
+
+		shared_ptr <messageDigest> create() const {
+			return vmime::make_shared <E>();
+		}
+	};
+
+
+	typedef std::map <string, shared_ptr <digestAlgorithmFactory> > MapType;
+	MapType m_algos;
+
+public:
+
+	/** Register a new digest algorithm by its name.
+	  *
+	  * @param name algorithm name
+	  */
+	template <class E>
+	void registerAlgorithm(const string& name) {
+
+		m_algos.insert(
+			MapType::value_type(
+				utility::stringUtils::toLower(name),
+				vmime::make_shared <digestAlgorithmFactoryImpl <E> >()
+			)
+		);
+	}
+
+	/** Create a new algorithm instance from its name.
+	  *
+	  * @param name algorithm name (eg. "md5")
+	  * @return a new algorithm instance for the specified name
+	  * @throw exceptions::no_digest_algorithm_available if no algorithm is
+	  * registered with this name
+	  */
+	shared_ptr <messageDigest> create(const string& name);
+
+	/** Return a list of supported digest algorithms.
+	  *
+	  * @return list of supported digest algorithms
+	  */
+	const std::vector <string> getSupportedAlgorithms() const;
+};
+
+
+} // digest
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_DIGEST_MESSAGEDIGESTFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.cpp b/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.cpp
new file mode 100644
index 0000000..c098f14
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.cpp
@@ -0,0 +1,276 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+//
+// This is an implementation by Steve Reid <steve@edmweb.com>
+// 100% public domain.
+
+#include "vmime/security/digest/sha1/sha1MessageDigest.hpp"
+
+#include <cstring>
+#include <cassert>
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+namespace sha1 {
+
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+// blk0() and blk() perform the initial expand.
+// I got the idea of expanding during the round function from SSLeay
+#if VMIME_BYTE_ORDER_LITTLE_ENDIAN
+	#define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \
+	                             | (rol(block->l[i],  8) & 0x00FF00FF))
+#else
+	#define blk0(i) block->l[i]
+#endif
+
+#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
+                ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
+
+// (R0+R1), R2, R3, R4 are the different operations used in SHA1
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+sha1MessageDigest::sha1MessageDigest() {
+
+	init();
+}
+
+
+void sha1MessageDigest::reset() {
+
+	init();
+}
+
+
+void sha1MessageDigest::init() {
+
+	m_state[0] = 0x67452301;
+	m_state[1] = 0xefcdab89;
+	m_state[2] = 0x98badcfe;
+	m_state[3] = 0x10325476;
+	m_state[4] = 0xc3d2e1f0;
+
+	m_count[0] = 0;
+	m_count[1] = 0;
+}
+
+
+void sha1MessageDigest::update(const byte_t b) {
+
+	update(&b, 1);
+}
+
+
+void sha1MessageDigest::update(const string& s) {
+
+	update(reinterpret_cast <const byte_t*>(s.data()), s.length());
+}
+
+
+void sha1MessageDigest::update(const byte_t* buffer, const size_t offset, const size_t len) {
+
+	update(buffer + offset, len);
+}
+
+
+void sha1MessageDigest::update(const byte_t* buffer, const size_t len) {
+
+	unsigned int i, j;
+
+	j = (m_count[0] >> 3) & 63;
+
+	if ((m_count[0] += static_cast <unsigned int>(len << 3)) < static_cast <unsigned int>(len << 3)) {
+		m_count[1]++;
+	}
+
+	m_count[1] += static_cast <unsigned int>(len >> 29);
+
+	if ((j + len) > 63) {
+
+		memcpy(&m_buffer[j], buffer, (i = 64 - j));
+
+		transform(m_state, m_buffer);
+
+		for ( ; i + 63 < len ; i += 64) {
+			transform(m_state, &buffer[i]);
+		}
+
+		j = 0;
+
+	} else {
+
+		i = 0;
+	}
+
+	std::memcpy(&m_buffer[j], &buffer[i], len - i);
+}
+
+
+void sha1MessageDigest::finalize() {
+
+	unsigned int i, j;
+	unsigned char finalcount[8];
+
+	for (i = 0 ; i < 8 ; i++) {
+
+		finalcount[i] = static_cast <unsigned char>(
+			(m_count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255  // Endian independent
+		);
+	}
+
+	update(reinterpret_cast <const byte_t*>("\200"), 1);
+
+	while ((m_count[0] & 504) != 448) {
+		update(reinterpret_cast <const byte_t*>("\0"), 1);
+	}
+
+	update(finalcount, 8);  // Should cause a transform()
+
+	for (i = 0 ; i < 20 ; i++) {
+
+		m_digest[i] = static_cast <unsigned char>(
+			(m_state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255
+		);
+	}
+
+	// Wipe variables
+	i = j = 0;
+
+	std::memset(m_buffer, 0, 64);
+	std::memset(m_state, 0, 5 * sizeof(unsigned int));
+	std::memset(m_count, 0, 2 * sizeof(unsigned int));
+	std::memset(&finalcount, 0, 8);
+}
+
+
+void sha1MessageDigest::finalize(const string& s) {
+
+	finalize(reinterpret_cast <const byte_t*>(s.data()), s.length());
+}
+
+
+void sha1MessageDigest::finalize(const byte_t* buffer, const size_t len) {
+
+	update(buffer, len);
+	finalize();
+}
+
+
+void sha1MessageDigest::finalize(
+	const byte_t* buffer,
+	const size_t offset,
+	const size_t len
+) {
+
+	finalize(buffer + offset, len);
+}
+
+
+/** Hash a single 512-bit block.
+  * This is the core of the algorithm.
+  */
+void sha1MessageDigest::transform(
+	unsigned int state[5],
+	const unsigned char buffer[64]
+) {
+
+	unsigned int a, b, c, d, e;
+
+	typedef union {
+		unsigned char c[64];
+		unsigned int l[16];
+	} CHAR64LONG16;
+
+	assert(sizeof(unsigned int) == 4);
+
+	CHAR64LONG16* block;
+	static unsigned char workspace[64];
+
+	block = reinterpret_cast <CHAR64LONG16*>(workspace);
+	memcpy(block, buffer, 64);
+
+	// Copy context->state[] to working vars
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+
+	// 4 rounds of 20 operations each. Loop unrolled.
+	R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+	R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+	R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+	R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+	R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+	R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+	R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+	R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+	R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+	R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+	R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+	R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+	R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+	R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+	R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+	R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+	R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+	R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+	R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+	R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+
+	// Add the working vars back into context.state[]
+	state[0] += a;
+	state[1] += b;
+	state[2] += c;
+	state[3] += d;
+	state[4] += e;
+
+	// Wipe variables
+	a = b = c = d = e = 0;
+}
+
+
+size_t sha1MessageDigest::getDigestLength() const {
+
+	return 20;
+}
+
+
+const byte_t* sha1MessageDigest::getDigest() const {
+
+	return m_digest;
+}
+
+
+} // sha1
+} // digest
+} // security
+} // vmime
diff --git a/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.hpp b/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.hpp
new file mode 100644
index 0000000..1906236
--- /dev/null
+++ b/vmime-master/src/vmime/security/digest/sha1/sha1MessageDigest.hpp
@@ -0,0 +1,79 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_DIGEST_SHA1_SHA1MESSAGEDIGEST_HPP_INCLUDED
+#define VMIME_SECURITY_DIGEST_SHA1_SHA1MESSAGEDIGEST_HPP_INCLUDED
+
+
+#include "vmime/security/digest/messageDigest.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace digest {
+namespace sha1 {
+
+
+class sha1MessageDigest : public messageDigest {
+
+public:
+
+	sha1MessageDigest();
+
+	void update(const byte_t b);
+	void update(const string& s);
+	void update(const byte_t* buffer, const size_t len);
+	void update(const byte_t* buffer, const size_t offset, const size_t len);
+
+	void finalize();
+	void finalize(const string& s);
+	void finalize(const byte_t* buffer, const size_t len);
+	void finalize(const byte_t* buffer, const size_t offset, const size_t len);
+
+	size_t getDigestLength() const;
+	const byte_t* getDigest() const;
+
+	void reset();
+
+protected:
+
+	void init();
+
+	static void transform(unsigned int state[5], const byte_t buffer[64]);
+
+	unsigned int m_state[5];
+	unsigned int m_count[2];
+	byte_t m_buffer[64];
+
+	byte_t m_digest[20];
+};
+
+
+} // sha1
+} // digest
+} // security
+} // vmime
+
+
+#endif // VMIME_SECURITY_DIGEST_SHA1_SHA1MESSAGEDIGEST_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/security/sasl/SASLAuthenticator.hpp b/vmime-master/src/vmime/security/sasl/SASLAuthenticator.hpp
new file mode 100644
index 0000000..a75bfa0
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLAuthenticator.hpp
@@ -0,0 +1,96 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLAUTHENTICATOR_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLAUTHENTICATOR_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/security/authenticator.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLMechanism;
+class SASLSession;
+
+
+/** SASL-aware authenticator.
+  *
+  * Usually, you should not inherit from this class, but instead from the
+  * more convenient defaultSASLAuthenticator class.
+  */
+class VMIME_EXPORT SASLAuthenticator : public authenticator {
+
+public:
+
+	/** This method is called to allow the client to choose the
+	  * authentication mechanisms that will be used. By default,
+	  * the most secure mechanisms are chosen.
+	  *
+	  * @param available available mechanisms
+	  * @param suggested suggested mechanism (or NULL if the system
+	  * could not suggest a mechanism)
+	  * @return ordered list of mechanism to use among the available
+	  * mechanisms (from the first to try to the last)
+	  */
+	virtual const std::vector <shared_ptr <SASLMechanism> > getAcceptableMechanisms(
+		const std::vector <shared_ptr <SASLMechanism> >& available,
+		const shared_ptr <SASLMechanism>& suggested
+	) const = 0;
+
+	/** Set the SASL session which is using this authenticator.
+	  *
+	  * @param sess SASL session
+	  */
+	virtual void setSASLSession(const shared_ptr <SASLSession>& sess) = 0;
+
+	/** Set the SASL mechanism which has been selected for the
+	  * SASL authentication process. This may be called several times
+	  * if the multiple mechanisms are tried by the service which
+	  * use this authentication.
+	  *
+	  * @param mech SASL mechanism
+	  */
+	virtual void setSASLMechanism(const shared_ptr <SASLMechanism>& mech) = 0;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLAUTHENTICATOR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/SASLContext.cpp b/vmime-master/src/vmime/security/sasl/SASLContext.cpp
new file mode 100644
index 0000000..2174541
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLContext.cpp
@@ -0,0 +1,221 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include <sstream>
+
+#include <gsasl.h>
+
+#include "vmime/security/sasl/SASLContext.hpp"
+#include "vmime/security/sasl/SASLMechanism.hpp"
+
+#include "vmime/base.hpp"
+
+#include "vmime/utility/encoder/encoderFactory.hpp"
+
+#include "vmime/utility/stream.hpp"
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/inputStreamByteBufferAdapter.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+SASLContext::SASLContext() {
+
+	if (gsasl_init(&m_gsaslContext) != GSASL_OK) {
+		throw std::bad_alloc();
+	}
+}
+
+
+SASLContext::~SASLContext() {
+
+	gsasl_done(m_gsaslContext);
+}
+
+
+// static
+shared_ptr <SASLContext> SASLContext::create() {
+
+	return shared_ptr <SASLContext>(new SASLContext());
+}
+
+
+shared_ptr <SASLSession> SASLContext::createSession(
+	const string& serviceName,
+	const shared_ptr <authenticator>& auth,
+	const shared_ptr <SASLMechanism>& mech
+) {
+
+	return SASLSession::create
+		(serviceName, dynamicCast <SASLContext>(shared_from_this()), auth, mech);
+}
+
+
+shared_ptr <SASLMechanism> SASLContext::createMechanism(const string& name) {
+
+	return SASLMechanismFactory::getInstance()->create(
+		dynamicCast <SASLContext>(shared_from_this()), name
+	);
+}
+
+
+shared_ptr <SASLMechanism> SASLContext::suggestMechanism(
+	const std::vector <shared_ptr <SASLMechanism> >& mechs
+) {
+
+	if (mechs.empty()) {
+		return null;
+	}
+
+	std::ostringstream oss;
+
+	for (unsigned int i = 0 ; i < mechs.size() ; ++i) {
+		oss << mechs[i]->getName() << " ";
+	}
+
+	const string mechList = oss.str();
+	const char* suggested = gsasl_client_suggest_mechanism(m_gsaslContext, mechList.c_str());
+
+	if (suggested) {
+
+		for (unsigned int i = 0 ; i < mechs.size() ; ++i) {
+
+			if (mechs[i]->getName() == suggested) {
+				return mechs[i];
+			}
+		}
+	}
+
+	return null;
+}
+
+
+void SASLContext::decodeB64(const string& input, byte_t** output, size_t* outputLen) {
+
+	string res;
+
+	utility::inputStreamStringAdapter is(input);
+	utility::outputStreamStringAdapter os(res);
+
+	shared_ptr <utility::encoder::encoder> dec =
+		utility::encoder::encoderFactory::getInstance()->create("base64");
+
+	dec->decode(is, os);
+
+	byte_t* out = new byte_t[res.length()];
+
+	std::copy(res.begin(), res.end(), out);
+
+	*output = out;
+	*outputLen = res.length();
+}
+
+
+const string SASLContext::encodeB64(const byte_t* input, const size_t inputLen) {
+
+	string res;
+
+	utility::inputStreamByteBufferAdapter is(input, inputLen);
+	utility::outputStreamStringAdapter os(res);
+
+	shared_ptr <utility::encoder::encoder> enc =
+		utility::encoder::encoderFactory::getInstance()->create("base64");
+
+	enc->encode(is, os);
+
+	return res;
+}
+
+
+const string SASLContext::getErrorMessage(const string& fname, const int code) {
+
+	string msg = fname + "() returned ";
+
+#define ERROR(x) \
+	case x: msg += #x; break;
+
+	switch (code)
+	{
+		ERROR(GSASL_NEEDS_MORE)
+		ERROR(GSASL_UNKNOWN_MECHANISM)
+		ERROR(GSASL_MECHANISM_CALLED_TOO_MANY_TIMES)
+		ERROR(GSASL_MALLOC_ERROR)
+		ERROR(GSASL_BASE64_ERROR)
+		ERROR(GSASL_CRYPTO_ERROR)
+		ERROR(GSASL_SASLPREP_ERROR)
+		ERROR(GSASL_MECHANISM_PARSE_ERROR)
+		ERROR(GSASL_AUTHENTICATION_ERROR)
+		ERROR(GSASL_INTEGRITY_ERROR)
+		ERROR(GSASL_NO_CLIENT_CODE)
+		ERROR(GSASL_NO_SERVER_CODE)
+		ERROR(GSASL_NO_CALLBACK)
+		ERROR(GSASL_NO_ANONYMOUS_TOKEN)
+		ERROR(GSASL_NO_AUTHID)
+		ERROR(GSASL_NO_AUTHZID)
+		ERROR(GSASL_NO_PASSWORD)
+		ERROR(GSASL_NO_PASSCODE)
+		ERROR(GSASL_NO_PIN)
+		ERROR(GSASL_NO_SERVICE)
+		ERROR(GSASL_NO_HOSTNAME)
+		ERROR(GSASL_GSSAPI_RELEASE_BUFFER_ERROR)
+		ERROR(GSASL_GSSAPI_IMPORT_NAME_ERROR)
+		ERROR(GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR)
+		ERROR(GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR)
+		ERROR(GSASL_GSSAPI_UNWRAP_ERROR)
+		ERROR(GSASL_GSSAPI_WRAP_ERROR)
+		ERROR(GSASL_GSSAPI_ACQUIRE_CRED_ERROR)
+		ERROR(GSASL_GSSAPI_DISPLAY_NAME_ERROR)
+		ERROR(GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR)
+		ERROR(GSASL_KERBEROS_V5_INIT_ERROR)
+		ERROR(GSASL_KERBEROS_V5_INTERNAL_ERROR)
+		ERROR(GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE)
+		ERROR(GSASL_SECURID_SERVER_NEED_NEW_PIN)
+
+		default:
+
+			msg += "unknown error";
+			break;
+	}
+
+#undef ERROR
+
+	return msg;
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/SASLContext.hpp b/vmime-master/src/vmime/security/sasl/SASLContext.hpp
new file mode 100644
index 0000000..93d80ff
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLContext.hpp
@@ -0,0 +1,136 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLCONTEXT_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLCONTEXT_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/security/sasl/SASLSession.hpp"
+#include "vmime/security/sasl/SASLMechanismFactory.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+/** An SASL client context.
+  */
+class VMIME_EXPORT SASLContext : public object, public enable_shared_from_this <SASLContext> {
+
+	friend class SASLSession;
+	friend class builtinSASLMechanism;
+
+public:
+
+	~SASLContext();
+
+	/** Construct and initialize a new SASL context.
+	  *
+	  * @return pointer to a new SASL context
+	  */
+	static shared_ptr <SASLContext> create();
+
+	/** Create and initialize a new SASL session.
+	  *
+	  * @param serviceName name of the service which will use the session
+	  * @param auth authenticator object to use during the session
+	  * @param mech SASL mechanism
+	  * @return a new SASL session
+	  */
+	shared_ptr <SASLSession> createSession(
+		const string& serviceName,
+		const shared_ptr <authenticator>& auth,
+		const shared_ptr <SASLMechanism>& mech
+	);
+
+	/** Create an instance of an SASL mechanism.
+	  *
+	  * @param name mechanism name
+	  * @return a new instance of the specified SASL mechanism
+	  * @throw exceptions::no_such_mechanism if no mechanism is
+	  * registered for the specified name
+	  */
+	shared_ptr <SASLMechanism> createMechanism(const string& name);
+
+	/** Suggests an SASL mechanism among a set of mechanisms
+	  * supported by the server.
+	  *
+	  * @param mechs list of mechanisms
+	  * @return suggested mechanism (usually the safest mechanism
+	  * supported by both the client and the server)
+	  */
+	shared_ptr <SASLMechanism> suggestMechanism(
+		const std::vector <shared_ptr <SASLMechanism> >& mechs
+	);
+
+	/** Helper function for decoding Base64-encoded challenge.
+	  *
+	  * @param input input buffer
+	  * @param output output buffer
+	  * @param outputLen length of output buffer
+	  */
+	void decodeB64(const string& input, byte_t** output, size_t* outputLen);
+
+	/** Helper function for encoding challenge in Base64.
+	  *
+	  * @param input input buffer
+	  * @param inputLen length of input buffer
+	  * @return Base64-encoded challenge
+	  */
+	const string encodeB64(const byte_t* input, const size_t inputLen);
+
+private:
+
+	SASLContext();
+	SASLContext(SASLContext&);
+
+
+	static const string getErrorMessage(const string& fname, const int code);
+
+
+#ifdef GSASL_VERSION
+	Gsasl* m_gsaslContext;
+#else
+	void* m_gsaslContext;
+#endif // GSASL_VERSION
+
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLCONTEXT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/SASLMechanism.hpp b/vmime-master/src/vmime/security/sasl/SASLMechanism.hpp
new file mode 100644
index 0000000..a6e056d
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLMechanism.hpp
@@ -0,0 +1,153 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLMECHANISM_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLMECHANISM_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLSession;
+
+
+/** An SASL mechanism.
+  */
+class VMIME_EXPORT SASLMechanism : public object {
+
+public:
+
+	/** Return the name of this mechanism.
+	  *
+	  * @return mechanism name
+	  */
+	virtual const string getName() const = 0;
+
+	/** Perform one step of SASL authentication. Accept data from the
+	  * server (challenge), process it and return data to be returned
+	  * in response to the server.
+	  *
+	  * If the challenge is empty (challengeLen == 0), the initial
+	  * response is returned, if this mechanism has one.
+	  *
+	  * @param sess SASL session
+	  * @param challenge challenge sent from the server
+	  * @param challengeLen length of challenge
+	  * @param response response to send to the server (allocated by
+	  * this function, free with delete[])
+	  * @param responseLen length of response buffer
+	  * @return true if authentication terminated successfully, or
+	  * false if the authentication process should continue
+	  * @throw exceptions::sasl_exception if an error occurred during
+	  * authentication (in this case, the values in 'response' and
+	  * 'responseLen' are undetermined)
+	  */
+	virtual bool step(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* challenge,
+		const size_t challengeLen,
+		byte_t** response,
+		size_t* responseLen
+	) = 0;
+
+	/** Check whether authentication has completed. If false, more
+	  * calls to evaluateChallenge() are needed to complete the
+	  * authentication process).
+	  *
+	  * @return true if the authentication has finished, or false
+	  * otherwise
+	  */
+	virtual bool isComplete() const = 0;
+
+	/** Determine if this mechanism has an optional initial response.
+	  * If true, caller should call step() with an empty challenge to
+	  * get the initial response.
+	  *
+	  * @return true if this mechanism has an initial response, or
+	  * false otherwise
+	  */
+	virtual bool hasInitialResponse() const = 0;
+
+	/** Encode data according to negotiated SASL mechanism. This
+	  * might mean that data is integrity or privacy protected.
+	  *
+	  * @param sess SASL session
+	  * @param input input buffer
+	  * @param inputLen length of input buffer
+	  * @param output output buffer (allocated bu the function,
+	  * free with delete[])
+	  * @param outputLen length of output buffer
+	  * @throw exceptions::sasl_exception if an error occurred during
+	  * the encoding of data (in this case, the values in 'output' and
+	  * 'outputLen' are undetermined)
+	  */
+	virtual void encode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	) = 0;
+
+	/** Decode data according to negotiated SASL mechanism. This
+	  * might mean that data is integrity or privacy protected.
+	  *
+	  * @param sess SASL session
+	  * @param input input buffer
+	  * @param inputLen length of input buffer
+	  * @param output output buffer (allocated bu the function,
+	  * free with delete[])
+	  * @param outputLen length of output buffer
+	  * @throw exceptions::sasl_exception if an error occurred during
+	  * the encoding of data (in this case, the values in 'output' and
+	  * 'outputLen' are undetermined)
+	  */
+	virtual void decode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	) = 0;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLMECHANISM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.cpp b/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.cpp
new file mode 100644
index 0000000..a2fbedb
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.cpp
@@ -0,0 +1,149 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include <stdexcept>
+#include <new>
+
+#include <gsasl.h>
+
+#include "vmime/security/sasl/SASLMechanismFactory.hpp"
+#include "vmime/security/sasl/builtinSASLMechanism.hpp"
+#include "vmime/security/sasl/SASLContext.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/base.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+SASLMechanismFactory::SASLMechanismFactory() {
+
+	if (gsasl_init(&m_gsaslContext) != GSASL_OK) {
+		throw std::bad_alloc();
+	}
+}
+
+
+SASLMechanismFactory::~SASLMechanismFactory() {
+
+	gsasl_done(m_gsaslContext);
+}
+
+
+// static
+SASLMechanismFactory* SASLMechanismFactory::getInstance() {
+
+	static SASLMechanismFactory instance;
+	return &instance;
+}
+
+
+shared_ptr <SASLMechanism> SASLMechanismFactory::create(
+	const shared_ptr <SASLContext>& ctx,
+	const string& name_
+) {
+
+	const string name(utility::stringUtils::toUpper(name_));
+
+	// Check for registered mechanisms
+	MapType::iterator it = m_mechs.find(name);
+
+	if (it != m_mechs.end()) {
+		return (*it).second->create(ctx, name);
+	}
+
+	// Check for built-in mechanisms
+	if (isBuiltinMechanism(name)) {
+		return make_shared <builtinSASLMechanism>(ctx, name);
+	}
+
+	throw exceptions::no_such_mechanism(name);
+	return null;
+}
+
+
+const std::vector <string> SASLMechanismFactory::getSupportedMechanisms() const {
+
+	std::vector <string> list;
+
+	// Registered mechanisms
+	for (MapType::const_iterator it = m_mechs.begin() ;
+	     it != m_mechs.end() ; ++it) {
+
+		list.push_back((*it).first);
+	}
+
+	// Built-in mechanisms
+	char* out = 0;
+
+	if (gsasl_client_mechlist(m_gsaslContext, &out) == GSASL_OK) {
+
+		// 'out' contains SASL mechanism names, separated by spaces
+		for (char *start = out, *p = out ; ; ++p) {
+
+			if (*p == ' ' || !*p) {
+
+				list.push_back(string(start, p));
+				start = p + 1;
+
+				// End of string
+				if (!*p) break;
+			}
+		}
+
+		gsasl_free(out);
+	}
+
+	return list;
+}
+
+
+bool SASLMechanismFactory::isMechanismSupported(const string& name) const {
+
+	return isBuiltinMechanism(name) || m_mechs.find(name) != m_mechs.end();
+}
+
+
+bool SASLMechanismFactory::isBuiltinMechanism(const string& name) const {
+
+	return gsasl_client_support_p(m_gsaslContext, name.c_str()) != 0;
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.hpp b/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.hpp
new file mode 100644
index 0000000..af76c96
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLMechanismFactory.hpp
@@ -0,0 +1,155 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLMECHANISMFACTORY_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLMECHANISMFACTORY_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+
+#include "vmime/security/sasl/SASLMechanism.hpp"
+
+#include <map>
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLContext;
+
+
+/** Constructs SASL mechanism objects.
+  */
+class VMIME_EXPORT SASLMechanismFactory : public object {
+
+private:
+
+	SASLMechanismFactory();
+	~SASLMechanismFactory();
+
+
+	struct registeredMechanism : public object {
+
+		virtual shared_ptr <SASLMechanism> create(
+			const shared_ptr <SASLContext>& ctx, const string& name
+		) = 0;
+	};
+
+	template <typename T>
+	struct registeredMechanismImpl : public registeredMechanism {
+
+		shared_ptr <SASLMechanism> create(
+			const shared_ptr <SASLContext>& ctx,
+			const string& name
+		) {
+
+			return vmime::make_shared <T>(ctx, name);
+		}
+	};
+
+	typedef std::map <string, shared_ptr <registeredMechanism> > MapType;
+	MapType m_mechs;
+
+public:
+
+	static SASLMechanismFactory* getInstance();
+
+	/** Register a mechanism into this factory, so that subsequent
+	  * calls to create return a valid object for this mechanism.
+	  *
+	  * @param name mechanism name
+	  */
+	template <typename MECH_CLASS>
+	void registerMechanism(const string& name) {
+
+		m_mechs.insert(
+			MapType::value_type(
+				name,
+				vmime::make_shared <registeredMechanismImpl <MECH_CLASS> >()
+			)
+		);
+	}
+
+	/** Create a mechanism object given its name.
+	  *
+	  * @param ctx SASL context
+	  * @param name mechanism name
+	  * @return a new mechanism object
+	  * @throw exceptions::no_such_mechanism if no mechanism is
+	  * registered for the specified name
+	  */
+	shared_ptr <SASLMechanism> create(const shared_ptr <SASLContext>& ctx, const string& name);
+
+	/** Return a list of supported mechanisms. This includes mechanisms
+	  * registered using registerMechanism() as well as the ones that
+	  * are built-in.
+	  *
+	  * @return list of supported mechanisms
+	  */
+	const std::vector <string> getSupportedMechanisms() const;
+
+	/** Test whether an authentication mechanism is supported.
+	  *
+	  * @param name mechanism name
+	  * @return true if the specified mechanism is supported,
+	  * false otherwise
+	  */
+	bool isMechanismSupported(const string& name) const;
+
+	/** Test whether an authentication mechanism is directly supported
+	  * by the underlying SASL library.
+	  *
+	  * @param name mechanism name
+	  * @return true if the specified mechanism is built-in,
+	  * or false otherwise
+	  */
+	bool isBuiltinMechanism(const string& name) const;
+
+private:
+
+#ifdef GSASL_VERSION
+	Gsasl* m_gsaslContext;
+#else
+	void* m_gsaslContext;
+#endif // GSASL_VERSION
+
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLMECHANISMFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/SASLSession.cpp b/vmime-master/src/vmime/security/sasl/SASLSession.cpp
new file mode 100644
index 0000000..7498b46
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLSession.cpp
@@ -0,0 +1,221 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include <sstream>
+
+#include <gsasl.h>
+
+#include "vmime/security/sasl/SASLSession.hpp"
+
+#include "vmime/security/sasl/SASLContext.hpp"
+#include "vmime/security/sasl/SASLSocket.hpp"
+#include "vmime/security/sasl/SASLAuthenticator.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+SASLSession::SASLSession(
+	const string& serviceName,
+	const shared_ptr <SASLContext>& ctx,
+	const shared_ptr <authenticator>& auth,
+	const shared_ptr <SASLMechanism>& mech
+)
+	: m_serviceName(serviceName),
+	  m_context(ctx),
+	  m_auth(auth),
+	  m_mech(mech),
+	  m_gsaslContext(0),
+	  m_gsaslSession(0) {
+
+	if (gsasl_init(&m_gsaslContext) != GSASL_OK) {
+		throw std::bad_alloc();
+	}
+
+	gsasl_client_start(m_gsaslContext, mech->getName().c_str(), &m_gsaslSession);
+
+	gsasl_callback_set(m_gsaslContext, gsaslCallback);
+	gsasl_callback_hook_set(m_gsaslContext, this);
+}
+
+
+SASLSession::~SASLSession() {
+
+	gsasl_finish(m_gsaslSession);
+	m_gsaslSession = NULL;
+
+	gsasl_done(m_gsaslContext);
+	m_gsaslContext = NULL;
+}
+
+
+// static
+shared_ptr <SASLSession> SASLSession::create(
+	const string& serviceName,
+	const shared_ptr <SASLContext>& ctx,
+	const shared_ptr <authenticator>& auth,
+	const shared_ptr <SASLMechanism>& mech
+) {
+
+	return shared_ptr <SASLSession>(new SASLSession(serviceName, ctx, auth, mech));
+}
+
+
+void SASLSession::init() {
+
+	shared_ptr <SASLAuthenticator> saslAuth = dynamicCast <SASLAuthenticator>(m_auth);
+
+	if (saslAuth) {
+		saslAuth->setSASLMechanism(m_mech);
+		saslAuth->setSASLSession(dynamicCast <SASLSession>(shared_from_this()));
+	}
+}
+
+
+shared_ptr <authenticator> SASLSession::getAuthenticator() {
+
+	return m_auth;
+}
+
+
+shared_ptr <SASLMechanism> SASLSession::getMechanism() {
+
+	return m_mech;
+}
+
+
+shared_ptr <SASLContext> SASLSession::getContext() {
+
+	return m_context;
+}
+
+
+bool SASLSession::evaluateChallenge(
+	const byte_t* challenge,
+	const size_t challengeLen,
+	byte_t** response,
+	size_t* responseLen
+) {
+
+	return m_mech->step(
+		dynamicCast <SASLSession>(shared_from_this()),
+		challenge, challengeLen, response, responseLen
+	);
+}
+
+
+shared_ptr <net::socket> SASLSession::getSecuredSocket(const shared_ptr <net::socket>& sok) {
+
+	return make_shared <SASLSocket>(dynamicCast <SASLSession>(shared_from_this()), sok);
+}
+
+
+const string SASLSession::getServiceName() const {
+
+	return m_serviceName;
+}
+
+
+// static
+int SASLSession::gsaslCallback(
+	Gsasl* ctx,
+	Gsasl_session* sctx,
+	Gsasl_property prop
+) {
+
+	SASLSession* sess = reinterpret_cast <SASLSession*>(gsasl_callback_hook_get(ctx));
+
+	if (!sess) {
+		return GSASL_AUTHENTICATION_ERROR;
+	}
+
+	shared_ptr <authenticator> auth = sess->getAuthenticator();
+
+	try {
+
+		string res;
+
+		switch (prop) {
+
+			case GSASL_AUTHID:
+
+				res = auth->getUsername();
+				break;
+
+			case GSASL_PASSWORD:
+
+				res = auth->getPassword();
+				break;
+
+			case GSASL_ANONYMOUS_TOKEN:
+
+				res = auth->getAnonymousToken();
+				break;
+
+			case GSASL_HOSTNAME:
+
+				res = auth->getHostname();
+				break;
+
+			case GSASL_SERVICE:
+
+				res = auth->getServiceName();
+				break;
+
+			case GSASL_AUTHZID:
+			case GSASL_GSSAPI_DISPLAY_NAME:
+			case GSASL_PASSCODE:
+			case GSASL_SUGGESTED_PIN:
+			case GSASL_PIN:
+			case GSASL_REALM:
+
+			default:
+
+				return GSASL_NO_CALLBACK;
+		}
+
+		gsasl_property_set(sctx, prop, res.c_str());
+
+		return GSASL_OK;
+
+	} catch (...) {
+
+		return GSASL_NO_CALLBACK;
+	}
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/SASLSession.hpp b/vmime-master/src/vmime/security/sasl/SASLSession.hpp
new file mode 100644
index 0000000..7fc7225
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLSession.hpp
@@ -0,0 +1,180 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLSESSION_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLSESSION_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/socket.hpp"
+
+#include "vmime/security/sasl/SASLAuthenticator.hpp"
+#include "vmime/security/sasl/SASLMechanism.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLContext;
+
+
+/** An SASL client session.
+  */
+class VMIME_EXPORT SASLSession : public object, public enable_shared_from_this <SASLSession> {
+
+	friend class builtinSASLMechanism;
+	friend class SASLSocket;
+
+public:
+
+	~SASLSession();
+
+	/** Construct a new SASL session.
+	  *
+	  * @param serviceName name of the service using this session
+	  * @param ctx SASL context
+	  * @param auth authenticator to use for this session
+	  * @param mech SASL mechanism
+	  */
+	static shared_ptr <SASLSession> create(
+		const string& serviceName,
+		const shared_ptr <SASLContext>& ctx,
+		const shared_ptr <authenticator>& auth,
+		const shared_ptr <SASLMechanism>& mech
+	);
+
+	/** Initialize this SASL session. This must be called before
+	  * calling any other method on this object (except accessors).
+	  */
+	void init();
+
+	/** Return the authenticator used for this session. This is the
+	  * authenticator which has been previously set with a call to
+	  * setAuthenticator().
+	  *
+	  * @return authenticator object
+	  */
+	shared_ptr <authenticator> getAuthenticator();
+
+	/** Return the mechanism used for this session.
+	  *
+	  * @return SASL mechanism
+	  */
+	shared_ptr <SASLMechanism> getMechanism();
+
+	/** Return the SASL context.
+	  *
+	  * @return SASL context
+	  */
+	shared_ptr <SASLContext> getContext();
+
+	/** Perform one step of SASL authentication. Accept data from the
+	  * server (challenge), process it and return data to be returned
+	  * in response to the server.
+	  *
+	  * If the challenge is empty (challengeLen == 0), the initial
+	  * response is returned, if the mechanism has one.
+	  *
+	  * @param challenge challenge sent from the server
+	  * @param challengeLen length of challenge
+	  * @param response response to send to the server (allocated by
+	  * this function, free with delete[])
+	  * @param responseLen length of response buffer
+	  * @return true if authentication terminated successfully, or
+	  * false if the authentication process should continue
+	  * @throw exceptions::sasl_exception if an error occurred during
+	  * authentication (in this case, the values in 'response' and
+	  * 'responseLen' are undetermined)
+	  */
+	bool evaluateChallenge(
+		const byte_t* challenge,
+		const size_t challengeLen,
+		byte_t** response,
+		size_t* responseLen
+	);
+
+	/** Return a socket in which transmitted data is integrity
+	  * and/or privacy protected, depending on the QOP (Quality of
+	  * Protection) negotiated during the SASL authentication.
+	  *
+	  * @param sok socket to wrap
+	  * @return secured socket
+	  */
+	shared_ptr <net::socket> getSecuredSocket(const shared_ptr <net::socket>& sok);
+
+	/** Return the name of the service which is using this
+	  * SASL session (eg. "imap"). This value should be returned
+	  * by the authenticator when INFO_SERVICE is requested.
+	  *
+	  * @return service name
+	  */
+	const string getServiceName() const;
+
+private:
+
+	SASLSession(
+		const string& serviceName,
+		const shared_ptr <SASLContext>& ctx,
+		const shared_ptr <authenticator>& auth,
+		const shared_ptr <SASLMechanism>& mech
+	);
+
+
+	const string m_serviceName;
+
+	shared_ptr <SASLContext> m_context;
+	shared_ptr <authenticator> m_auth;
+	shared_ptr <SASLMechanism> m_mech;
+
+#ifdef GSASL_VERSION
+	Gsasl* m_gsaslContext;
+	Gsasl_session* m_gsaslSession;
+
+	static int gsaslCallback(Gsasl* ctx, Gsasl_session* sctx, Gsasl_property prop);
+#else
+	void* m_gsaslContext;
+	void* m_gsaslSession;
+
+	static int gsaslCallback(void* ctx, void* sctx, int prop);
+#endif // GSASL_VERSION
+
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLSESSION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/SASLSocket.cpp b/vmime-master/src/vmime/security/sasl/SASLSocket.cpp
new file mode 100644
index 0000000..0dbafd8
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLSocket.cpp
@@ -0,0 +1,273 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/SASLSocket.hpp"
+#include "vmime/security/sasl/SASLSession.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/exception.hpp"
+
+#include <algorithm>
+#include <cstring>
+
+#include <gsasl.h>
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+
+SASLSocket::SASLSocket(
+	const shared_ptr <SASLSession>& sess,
+	const shared_ptr <net::socket>& wrapped
+)
+	: m_session(sess),
+	  m_wrapped(wrapped),
+	  m_pendingBuffer(0),
+	  m_pendingPos(0),
+	  m_pendingLen(0) {
+
+}
+
+
+SASLSocket::~SASLSocket() {
+
+	if (m_pendingBuffer) {
+		delete [] m_pendingBuffer;
+	}
+}
+
+
+void SASLSocket::connect(const string& address, const port_t port) {
+
+	m_wrapped->connect(address, port);
+}
+
+
+void SASLSocket::disconnect() {
+
+	m_wrapped->disconnect();
+}
+
+
+bool SASLSocket::isConnected() const {
+
+	return m_wrapped->isConnected();
+}
+
+
+size_t SASLSocket::getBlockSize() const {
+
+	return m_wrapped->getBlockSize();
+}
+
+
+const string SASLSocket::getPeerName() const {
+
+	return m_wrapped->getPeerName();
+}
+
+
+const string SASLSocket::getPeerAddress() const {
+
+	return m_wrapped->getPeerAddress();
+}
+
+
+shared_ptr <net::timeoutHandler> SASLSocket::getTimeoutHandler() {
+
+	return m_wrapped->getTimeoutHandler();
+}
+
+
+void SASLSocket::setTracer(const shared_ptr <net::tracer>& tracer) {
+
+	m_wrapped->setTracer(tracer);
+}
+
+
+shared_ptr <net::tracer> SASLSocket::getTracer() {
+
+	return m_wrapped->getTracer();
+}
+
+
+bool SASLSocket::waitForRead(const int msecs) {
+
+	return m_wrapped->waitForRead(msecs);
+}
+
+
+bool SASLSocket::waitForWrite(const int msecs) {
+
+	return m_wrapped->waitForWrite(msecs);
+}
+
+
+void SASLSocket::receive(string& buffer) {
+
+	const size_t n = receiveRaw(m_recvBuffer, sizeof(m_recvBuffer));
+
+	buffer = utility::stringUtils::makeStringFromBytes(m_recvBuffer, n);
+}
+
+
+size_t SASLSocket::receiveRaw(byte_t* buffer, const size_t count) {
+
+	if (m_pendingLen != 0) {
+
+		const size_t copyLen =
+			(count >= m_pendingLen ? m_pendingLen : count);
+
+		std::copy(
+			m_pendingBuffer + m_pendingPos,
+			m_pendingBuffer + m_pendingPos + copyLen,
+			buffer
+		);
+
+		m_pendingLen -= copyLen;
+		m_pendingPos += copyLen;
+
+		if (m_pendingLen == 0) {
+
+			delete [] m_pendingBuffer;
+
+			m_pendingBuffer = 0;
+			m_pendingPos = 0;
+			m_pendingLen = 0;
+		}
+
+		return copyLen;
+	}
+
+	const size_t n = m_wrapped->receiveRaw(buffer, count);
+
+	byte_t* output = 0;
+	size_t outputLen = 0;
+
+	m_session->getMechanism()->decode(m_session, buffer, n, &output, &outputLen);
+
+	// If we can not copy all decoded data into the output buffer, put
+	// remaining data into a pending buffer for next calls to receive()
+	if (outputLen > count) {
+
+		std::copy(output, output + count, buffer);
+
+		m_pendingBuffer = output;
+		m_pendingLen = outputLen;
+		m_pendingPos = count;
+
+		return count;
+
+	} else {
+
+		std::copy(output, output + outputLen, buffer);
+
+		delete [] output;
+
+		return outputLen;
+	}
+}
+
+
+void SASLSocket::send(const string& buffer) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(buffer.data()), buffer.length());
+}
+
+
+void SASLSocket::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const byte_t*>(str), strlen(str));
+}
+
+
+void SASLSocket::sendRaw(const byte_t* buffer, const size_t count) {
+
+	byte_t* output = 0;
+	size_t outputLen = 0;
+
+	m_session->getMechanism()->encode(
+		m_session, buffer, count, &output, &outputLen
+	);
+
+	try {
+
+		m_wrapped->sendRaw(output, outputLen);
+
+	} catch (...) {
+
+		delete [] output;
+		throw;
+	}
+
+	delete [] output;
+}
+
+
+size_t SASLSocket::sendRawNonBlocking(const byte_t* buffer, const size_t count) {
+
+	byte_t* output = 0;
+	size_t outputLen = 0;
+
+	m_session->getMechanism()->encode(m_session, buffer, count, &output, &outputLen);
+
+	size_t bytesSent = 0;
+
+	try {
+
+		bytesSent = m_wrapped->sendRawNonBlocking(output, outputLen);
+
+	} catch (...) {
+
+		delete [] output;
+		throw;
+	}
+
+	delete [] output;
+
+	return bytesSent;
+}
+
+
+unsigned int SASLSocket::getStatus() const {
+
+	return m_wrapped->getStatus();
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/SASLSocket.hpp b/vmime-master/src/vmime/security/sasl/SASLSocket.hpp
new file mode 100644
index 0000000..ac0e89e
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/SASLSocket.hpp
@@ -0,0 +1,108 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_SASLSOCKET_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_SASLSOCKET_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/socket.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLSession;
+
+
+/** A socket which provides data integrity and/or privacy protection.
+  */
+class VMIME_EXPORT SASLSocket : public net::socket {
+
+public:
+
+	SASLSocket(
+		const shared_ptr <SASLSession>& sess,
+		const shared_ptr <net::socket>& wrapped
+	);
+
+	~SASLSocket();
+
+	void connect(const string& address, const port_t port);
+	void disconnect();
+
+	bool isConnected() const;
+
+	bool waitForRead(const int msecs = 30000);
+	bool waitForWrite(const int msecs = 30000);
+
+	void receive(string& buffer);
+	size_t receiveRaw(byte_t* buffer, const size_t count);
+
+	void send(const string& buffer);
+	void send(const char* str);
+	void sendRaw(const byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const string getPeerName() const;
+	const string getPeerAddress() const;
+
+	shared_ptr <net::timeoutHandler> getTimeoutHandler();
+
+	void setTracer(const shared_ptr <net::tracer>& tracer);
+	shared_ptr <net::tracer> getTracer();
+
+private:
+
+	shared_ptr <SASLSession> m_session;
+	shared_ptr <net::socket> m_wrapped;
+
+	byte_t* m_pendingBuffer;
+	size_t m_pendingPos;
+	size_t m_pendingLen;
+
+	byte_t m_recvBuffer[65536];
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_SASLSOCKET_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.cpp b/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.cpp
new file mode 100644
index 0000000..ecc715a
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.cpp
@@ -0,0 +1,99 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/XOAuth2SASLAuthenticator.hpp"
+
+#include "vmime/security/sasl/SASLMechanism.hpp"
+#include "vmime/security/sasl/SASLSession.hpp"
+#include "vmime/security/sasl/SASLContext.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+XOAuth2SASLAuthenticator::XOAuth2SASLAuthenticator(const Mode mode)
+	: m_mode(mode) {
+
+}
+
+
+XOAuth2SASLAuthenticator::~XOAuth2SASLAuthenticator() {
+
+}
+
+
+const std::vector <shared_ptr <SASLMechanism> >
+	XOAuth2SASLAuthenticator::getAcceptableMechanisms(
+		const std::vector <shared_ptr <SASLMechanism> >& available,
+		const shared_ptr <SASLMechanism>& suggested
+	) const {
+
+	if (m_mode == MODE_EXCLUSIVE) {
+
+		std::vector <shared_ptr <SASLMechanism> > mechs;
+
+		for (size_t i = available.size() ; i != 0 ; --i) {
+
+			shared_ptr <SASLMechanism> mech = available[i - 1];
+
+			if ("XOAUTH2" == mech->getName()) {
+				// Only allow XOAuth2
+				mechs.push_back(mech);
+			}
+		}
+
+		return mechs;
+
+	} else {
+
+		shared_ptr <SASLMechanism> newSuggested(suggested);
+
+		for (size_t i = available.size() ; i != 0 ; --i) {
+
+			shared_ptr <SASLMechanism> mech = available[i - 1];
+
+			if ("XOAUTH2" == mech->getName()) {
+				// Suggest using XOAuth2
+				newSuggested = mech;
+			}
+		}
+
+		return defaultSASLAuthenticator::getAcceptableMechanisms(available, newSuggested);
+	}
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.hpp b/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.hpp
new file mode 100644
index 0000000..e4d3d83
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/XOAuth2SASLAuthenticator.hpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_XOAUTH2SASLAUTHENTICATOR_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_XOAUTH2SASLAUTHENTICATOR_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/defaultSASLAuthenticator.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+/** An authenticator that is capable of providing information
+  * for XOAuth2 authentication mechanisms (username and access token).
+  * This authenticator force using the XOAUTH2 mechanism.
+  */
+class VMIME_EXPORT XOAuth2SASLAuthenticator : public defaultSASLAuthenticator {
+
+public:
+
+	enum Mode {
+		MODE_SUGGEST,    /**< Try XOAUTH2 before other mechanisms. */
+		MODE_EXCLUSIVE   /**< Use XOAUTH2 and nothing else. */
+	};
+
+
+	XOAuth2SASLAuthenticator(const Mode mode);
+	~XOAuth2SASLAuthenticator();
+
+	const std::vector <shared_ptr <SASLMechanism> > getAcceptableMechanisms(
+		const std::vector <shared_ptr <SASLMechanism> >& available,
+		const shared_ptr <SASLMechanism>& suggested
+	) const;
+
+private:
+
+	Mode m_mode;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_XOAUTH2SASLAUTHENTICATOR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.cpp b/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.cpp
new file mode 100644
index 0000000..e5ecd4b
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.cpp
@@ -0,0 +1,155 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/XOAuth2SASLMechanism.hpp"
+
+#include "vmime/security/sasl/SASLContext.hpp"
+#include "vmime/security/sasl/SASLSession.hpp"
+
+#include "vmime/exception.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+XOAuth2SASLMechanism::XOAuth2SASLMechanism(
+	const shared_ptr <SASLContext>& ctx,
+	const string& /* name */
+)
+	: m_context(ctx),
+	  m_complete(false) {
+
+}
+
+
+XOAuth2SASLMechanism::~XOAuth2SASLMechanism() {
+
+}
+
+
+const string XOAuth2SASLMechanism::getName() const {
+
+	return "XOAUTH2";
+}
+
+
+bool XOAuth2SASLMechanism::step(
+	const shared_ptr <SASLSession>& sess,
+	const byte_t* /* challenge */,
+	const size_t /* challengeLen */,
+	byte_t** response,
+	size_t* responseLen
+) {
+
+	// Build initial response
+	//
+	// The SASL XOAUTH2 initial client response has the following format:
+	//    base64("user=" {User} "^Aauth=Bearer " {Access Token} "^A^A")
+
+	const std::string user(sess->getAuthenticator()->getUsername());
+	const std::string accessToken(sess->getAuthenticator()->getAccessToken());
+
+	std::ostringstream initRespBytes;
+	initRespBytes.write("user=", 5);
+	initRespBytes.write(user.c_str(), user.length());
+	initRespBytes.write("\x01", 1);
+	initRespBytes.write("auth=Bearer ", 12);
+	initRespBytes.write(accessToken.c_str(), accessToken.length());
+	initRespBytes.write("\x01\x01", 2);
+
+	const std::string initResp = initRespBytes.str();
+
+	// Set initial response
+	byte_t* res = new byte_t[initResp.length()];
+	std::copy(initResp.c_str(), initResp.c_str() + initResp.length(), res);
+
+	*response = res;
+	*responseLen = initResp.length();
+	m_complete = true;
+
+	return true;
+}
+
+
+bool XOAuth2SASLMechanism::isComplete() const {
+
+	return m_complete;
+}
+
+
+bool XOAuth2SASLMechanism::hasInitialResponse() const {
+
+	return true;
+}
+
+
+void XOAuth2SASLMechanism::encode(
+	const shared_ptr <SASLSession>& /* sess */,
+	const byte_t* input,
+	const size_t inputLen,
+	byte_t** output,
+	size_t* outputLen
+) {
+
+	// No encoding performed, just copy input bytes
+	byte_t* res = new byte_t[inputLen];
+	std::copy(input, input + inputLen, res);
+
+	*outputLen = inputLen;
+	*output = res;
+}
+
+
+void XOAuth2SASLMechanism::decode(
+	const shared_ptr <SASLSession>& /* sess */,
+	const byte_t* input,
+	const size_t inputLen,
+	byte_t** output,
+	size_t* outputLen
+) {
+
+	// No decoding performed, just copy input bytes
+	byte_t* res = new byte_t[inputLen];
+	std::copy(input, input + inputLen, res);
+
+	*outputLen = inputLen;
+	*output = res;
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.hpp b/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.hpp
new file mode 100644
index 0000000..eacbb0a
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/XOAuth2SASLMechanism.hpp
@@ -0,0 +1,102 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_XOAUTH2SASLMECHANISM_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_XOAUTH2SASLMECHANISM_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/SASLMechanism.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLContext;
+
+
+/** SASL XOAUTH2 mechanism, used by GMail.
+  */
+class VMIME_EXPORT XOAuth2SASLMechanism : public SASLMechanism {
+
+public:
+
+	XOAuth2SASLMechanism(const shared_ptr <SASLContext>& ctx, const string& name);
+	~XOAuth2SASLMechanism();
+
+
+	const string getName() const;
+
+	bool step(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* challenge,
+		const size_t challengeLen,
+		byte_t** response,
+		size_t* responseLen
+	);
+
+	bool isComplete() const;
+
+	bool hasInitialResponse() const;
+
+	void encode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	);
+
+	void decode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	);
+
+private:
+
+	/** SASL context */
+	shared_ptr <SASLContext> m_context;
+
+	/** Authentication process status. */
+	bool m_complete;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_XOAUTH2SASLMECHANISM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.cpp b/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.cpp
new file mode 100644
index 0000000..846e2cc
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.cpp
@@ -0,0 +1,221 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include <gsasl.h>
+
+#include "vmime/security/sasl/builtinSASLMechanism.hpp"
+
+#include "vmime/security/sasl/SASLContext.hpp"
+#include "vmime/security/sasl/SASLSession.hpp"
+
+#include "vmime/exception.hpp"
+
+#include <stdexcept>
+#include <new>
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+builtinSASLMechanism::builtinSASLMechanism(
+	const shared_ptr <SASLContext>& ctx,
+	const string& name
+)
+	: m_context(ctx),
+	  m_name(name),
+	  m_complete(false) {
+
+}
+
+
+builtinSASLMechanism::~builtinSASLMechanism() {
+
+}
+
+
+const string builtinSASLMechanism::getName() const {
+
+	return m_name;
+}
+
+
+bool builtinSASLMechanism::step(
+	const shared_ptr <SASLSession>& sess,
+	const byte_t* challenge,
+	const size_t challengeLen,
+	byte_t** response,
+	size_t* responseLen
+) {
+
+	char* output = 0;
+	size_t outputLen = 0;
+
+	const int result = gsasl_step(
+		sess->m_gsaslSession,
+		reinterpret_cast <const char*>(challenge), challengeLen,
+		&output, &outputLen
+	);
+
+	if (result == GSASL_OK || result == GSASL_NEEDS_MORE) {
+
+		byte_t* res = new byte_t[outputLen];
+
+		for (size_t i = 0 ; i < outputLen ; ++i) {
+			res[i] = output[i];
+		}
+
+		*response = res;
+		*responseLen = outputLen;
+
+		gsasl_free(output);
+
+	} else {
+
+		*response = 0;
+		*responseLen = 0;
+	}
+
+	if (result == GSASL_OK) {
+
+		// Authentication process completed
+		m_complete = true;
+		return true;
+
+	} else if (result == GSASL_NEEDS_MORE) {
+
+		// Continue authentication process
+		return false;
+
+	} else if (result == GSASL_MALLOC_ERROR) {
+
+		throw std::bad_alloc();
+
+	} else {
+
+		throw exceptions::sasl_exception(
+			"Error when processing challenge: "
+			+ SASLContext::getErrorMessage("gsasl_step", result)
+		);
+	}
+}
+
+
+bool builtinSASLMechanism::isComplete() const {
+
+	return m_complete;
+}
+
+
+bool builtinSASLMechanism::hasInitialResponse() const {
+
+	// It seems GNU SASL does not support initial response
+	return false;
+}
+
+
+void builtinSASLMechanism::encode(
+	const shared_ptr <SASLSession>& sess,
+	const byte_t* input,
+	const size_t inputLen,
+	byte_t** output,
+	size_t* outputLen
+) {
+
+	char* coutput = 0;
+	size_t coutputLen = 0;
+
+	if (gsasl_encode(sess->m_gsaslSession, reinterpret_cast <const char*>(input), inputLen,
+			&coutput, &coutputLen) != GSASL_OK) {
+
+		throw exceptions::sasl_exception("Encoding error.");
+	}
+
+	try {
+
+		byte_t* res = new byte_t[coutputLen];
+
+		std::copy(coutput, coutput + coutputLen, res);
+
+		*output = res;
+		*outputLen = static_cast <int>(coutputLen);
+
+	} catch (...) {
+
+		gsasl_free(coutput);
+		throw;
+	}
+
+	gsasl_free(coutput);
+}
+
+
+void builtinSASLMechanism::decode(
+	const shared_ptr <SASLSession>& sess,
+	const byte_t* input,
+	const size_t inputLen,
+	byte_t** output,
+	size_t* outputLen
+) {
+
+	char* coutput = 0;
+	size_t coutputLen = 0;
+
+	try {
+
+		if (gsasl_decode(sess->m_gsaslSession, reinterpret_cast <const char*>(input), inputLen,
+				&coutput, &coutputLen) != GSASL_OK) {
+
+			throw exceptions::sasl_exception("Decoding error.");
+		}
+
+		byte_t* res = new byte_t[coutputLen];
+
+		std::copy(coutput, coutput + coutputLen, res);
+
+		*output = res;
+		*outputLen = static_cast <int>(coutputLen);
+
+	} catch (...) {
+
+		gsasl_free(coutput);
+		throw;
+	}
+
+	gsasl_free(coutput);
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.hpp b/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.hpp
new file mode 100644
index 0000000..2e412d6
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/builtinSASLMechanism.hpp
@@ -0,0 +1,105 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_BUILTINSASLMECHANISM_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_BUILTINSASLMECHANISM_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/SASLMechanism.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+class SASLContext;
+
+
+/** A built-in authentication mechanism that relies on
+  * the GNU SASL library.
+  */
+class VMIME_EXPORT builtinSASLMechanism : public SASLMechanism {
+
+public:
+
+	builtinSASLMechanism(const shared_ptr <SASLContext>& ctx, const string& name);
+	~builtinSASLMechanism();
+
+
+	const string getName() const;
+
+	bool step(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* challenge,
+		const size_t challengeLen,
+		byte_t** response, size_t* responseLen
+	);
+
+	bool isComplete() const;
+
+	bool hasInitialResponse() const;
+
+	void encode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	);
+
+	void decode(
+		const shared_ptr <SASLSession>& sess,
+		const byte_t* input,
+		const size_t inputLen,
+		byte_t** output,
+		size_t* outputLen
+	);
+
+private:
+
+	/** SASL context */
+	shared_ptr <SASLContext> m_context;
+
+	/** Mechanism name */
+	const string m_name;
+
+	/** Authentication process status. */
+	bool m_complete;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_BUILTINSASLMECHANISM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.cpp b/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.cpp
new file mode 100644
index 0000000..ebd7e68
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.cpp
@@ -0,0 +1,159 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/defaultSASLAuthenticator.hpp"
+
+#include "vmime/security/sasl/SASLMechanism.hpp"
+#include "vmime/security/sasl/SASLSession.hpp"
+#include "vmime/security/sasl/SASLContext.hpp"
+
+#include "vmime/net/service.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+defaultSASLAuthenticator::defaultSASLAuthenticator() {
+
+}
+
+
+defaultSASLAuthenticator::~defaultSASLAuthenticator() {
+
+}
+
+
+const std::vector <shared_ptr <SASLMechanism> > defaultSASLAuthenticator::getAcceptableMechanisms(
+	const std::vector <shared_ptr <SASLMechanism> >& available,
+	const shared_ptr <SASLMechanism>& suggested
+) const {
+
+	if (suggested) {
+
+		std::vector <shared_ptr <SASLMechanism> > res;
+
+		res.push_back(suggested);
+
+		for (unsigned int i = 0 ; i < available.size() ; ++i) {
+
+			if (available[i]->getName() != suggested->getName()) {
+				res.push_back(available[i]);
+			}
+		}
+
+		return res;
+
+	} else {
+
+		return available;
+	}
+}
+
+
+const string defaultSASLAuthenticator::getUsername() const {
+
+	return m_default.getUsername();
+}
+
+
+const string defaultSASLAuthenticator::getPassword() const {
+
+	return m_default.getPassword();
+}
+
+
+const string defaultSASLAuthenticator::getAccessToken() const {
+
+	return m_default.getAccessToken();
+}
+
+
+const string defaultSASLAuthenticator::getHostname() const {
+
+	return m_default.getHostname();
+}
+
+
+const string defaultSASLAuthenticator::getAnonymousToken() const {
+
+	return m_default.getAnonymousToken();
+}
+
+
+const string defaultSASLAuthenticator::getServiceName() const {
+
+	return m_saslSession.lock()->getServiceName();
+}
+
+
+void defaultSASLAuthenticator::setService(const shared_ptr <net::service>& serv) {
+
+	m_service = serv;
+	m_default.setService(serv);
+}
+
+
+weak_ptr <net::service> defaultSASLAuthenticator::getService() const {
+
+	return m_service;
+}
+
+
+void defaultSASLAuthenticator::setSASLSession(const shared_ptr <SASLSession>& sess) {
+
+	m_saslSession = sess;
+}
+
+
+shared_ptr <SASLSession> defaultSASLAuthenticator::getSASLSession() const {
+
+	return m_saslSession.lock();
+}
+
+
+void defaultSASLAuthenticator::setSASLMechanism(const shared_ptr <SASLMechanism>& mech) {
+
+	m_saslMech = mech;
+}
+
+
+shared_ptr <SASLMechanism> defaultSASLAuthenticator::getSASLMechanism() const {
+
+	return m_saslMech;
+}
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
diff --git a/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.hpp b/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.hpp
new file mode 100644
index 0000000..368e9ef
--- /dev/null
+++ b/vmime-master/src/vmime/security/sasl/defaultSASLAuthenticator.hpp
@@ -0,0 +1,91 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_SECURITY_SASL_DEFAULTSASLAUTHENTICATOR_HPP_INCLUDED
+#define VMIME_SECURITY_SASL_DEFAULTSASLAUTHENTICATOR_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+
+#include "vmime/security/sasl/SASLAuthenticator.hpp"
+#include "vmime/security/defaultAuthenticator.hpp"
+
+
+namespace vmime {
+namespace security {
+namespace sasl {
+
+
+/** An authenticator that is capable of providing information
+  * for simple authentication mechanisms (username and password).
+  */
+class VMIME_EXPORT defaultSASLAuthenticator : public SASLAuthenticator {
+
+public:
+
+	defaultSASLAuthenticator();
+	~defaultSASLAuthenticator();
+
+	const std::vector <shared_ptr <SASLMechanism> > getAcceptableMechanisms(
+		const std::vector <shared_ptr <SASLMechanism> >& available,
+		const shared_ptr <SASLMechanism>& suggested
+	) const;
+
+	const string getUsername() const;
+	const string getPassword() const;
+	const string getHostname() const;
+	const string getAnonymousToken() const;
+	const string getServiceName() const;
+	const string getAccessToken() const;
+
+	void setService(const shared_ptr <net::service>& serv);
+	weak_ptr <net::service> getService() const;
+
+	void setSASLSession(const shared_ptr <SASLSession>& sess);
+	shared_ptr <SASLSession> getSASLSession() const;
+
+	void setSASLMechanism(const shared_ptr <SASLMechanism>& mech);
+	shared_ptr <SASLMechanism> getSASLMechanism() const;
+
+private:
+
+	defaultAuthenticator m_default;
+
+	weak_ptr <net::service> m_service;
+	weak_ptr <SASLSession> m_saslSession;
+	shared_ptr <SASLMechanism> m_saslMech;
+};
+
+
+} // sasl
+} // security
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_SASL_SUPPORT
+
+#endif // VMIME_SECURITY_SASL_DEFAULTSASLAUTHENTICATOR_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/streamContentHandler.cpp b/vmime-master/src/vmime/streamContentHandler.cpp
new file mode 100644
index 0000000..e35bcd7
--- /dev/null
+++ b/vmime-master/src/vmime/streamContentHandler.cpp
@@ -0,0 +1,257 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/streamContentHandler.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/seekableInputStream.hpp"
+#include "vmime/utility/streamUtils.hpp"
+
+
+namespace vmime {
+
+
+streamContentHandler::streamContentHandler()
+	: m_encoding(NO_ENCODING),
+	  m_stream(null),
+	  m_length(0) {
+
+}
+
+
+streamContentHandler::streamContentHandler(
+	const shared_ptr <utility::inputStream>& is,
+	const size_t length,
+	const vmime::encoding& enc
+) {
+
+	setData(is, length, enc);
+}
+
+
+streamContentHandler::~streamContentHandler() {
+
+}
+
+
+streamContentHandler::streamContentHandler(const streamContentHandler& cts)
+	: contentHandler(),
+	  m_contentType(cts.m_contentType),
+	  m_encoding(cts.m_encoding),
+	  m_stream(cts.m_stream),
+	  m_length(cts.m_length) {
+
+}
+
+
+shared_ptr <contentHandler> streamContentHandler::clone() const {
+
+	return make_shared <streamContentHandler>(*this);
+}
+
+
+streamContentHandler& streamContentHandler::operator=(const streamContentHandler& cts) {
+
+	m_contentType = cts.m_contentType;
+	m_encoding = cts.m_encoding;
+
+	m_stream = cts.m_stream;
+	m_length = cts.m_length;
+
+	return *this;
+}
+
+
+void streamContentHandler::setData(
+	const shared_ptr <utility::inputStream>& is,
+	const size_t length,
+	const vmime::encoding& enc
+) {
+
+	m_encoding = enc;
+	m_length = length;
+	m_stream = is;
+}
+
+
+void streamContentHandler::generate(
+	utility::outputStream& os,
+	const vmime::encoding& enc,
+	const size_t maxLineLength
+) const {
+
+	if (!m_stream) {
+		return;
+	}
+
+	// Managed data is already encoded
+	if (isEncoded()) {
+
+		// The data is already encoded but the encoding specified for
+		// the generation is different from the current one. We need
+		// to re-encode data: decode from input buffer to temporary
+		// buffer, and then re-encode to output stream...
+		if (m_encoding != enc) {
+
+			shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+			shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+
+			theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+			theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+			m_stream->reset();  // may not work...
+
+			std::ostringstream oss;
+			utility::outputStreamAdapter tempOut(oss);
+
+			theDecoder->decode(*m_stream, tempOut);
+
+			string str = oss.str();
+			utility::inputStreamStringAdapter tempIn(str);
+
+			theEncoder->encode(tempIn, os);
+
+		// No encoding to perform
+		} else {
+
+			m_stream->reset();  // may not work...
+
+			utility::bufferedStreamCopy(*m_stream, os);
+		}
+
+	// Need to encode data before
+	} else {
+
+		shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+		theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+		theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+		m_stream->reset();  // may not work...
+
+		theEncoder->encode(*m_stream, os);
+	}
+}
+
+
+void streamContentHandler::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	if (!m_stream) {
+		return;
+	}
+
+	// No decoding to perform
+	if (!isEncoded()) {
+
+		m_stream->reset();  // may not work...
+
+		if (progress) {
+			utility::bufferedStreamCopy(*m_stream, os, getLength(), progress);
+		} else {
+			utility::bufferedStreamCopy(*m_stream, os);
+		}
+
+	// Need to decode data
+	} else {
+
+		shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+
+		m_stream->reset();  // may not work...
+
+		utility::progressListenerSizeAdapter plsa(progress, getLength());
+
+		theDecoder->decode(*m_stream, os, &plsa);
+	}
+}
+
+
+void streamContentHandler::extractRaw(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	if (!m_stream) {
+		return;
+	}
+
+	m_stream->reset();  // may not work...
+
+	if (progress) {
+		utility::bufferedStreamCopy(*m_stream, os, getLength(), progress);
+	} else {
+		utility::bufferedStreamCopy(*m_stream, os);
+	}
+}
+
+
+size_t streamContentHandler::getLength() const {
+
+	return m_length;
+}
+
+
+bool streamContentHandler::isEmpty() const {
+
+	return m_length == 0 || !m_stream;
+}
+
+
+bool streamContentHandler::isEncoded() const {
+
+	return m_encoding != NO_ENCODING;
+}
+
+
+const vmime::encoding& streamContentHandler::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+bool streamContentHandler::isBuffered() const {
+
+	if (dynamicCast <utility::seekableInputStream>(m_stream)) {
+		return true;
+	}
+
+	// FIXME: some streams can be resetted
+	return false;
+}
+
+
+void streamContentHandler::setContentTypeHint(const mediaType& type) {
+
+	m_contentType = type;
+}
+
+
+const mediaType streamContentHandler::getContentTypeHint() const {
+
+	return m_contentType;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/streamContentHandler.hpp b/vmime-master/src/vmime/streamContentHandler.hpp
new file mode 100644
index 0000000..6964a1c
--- /dev/null
+++ b/vmime-master/src/vmime/streamContentHandler.hpp
@@ -0,0 +1,126 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_STREAMCONTENTHANDLER_HPP_INCLUDED
+#define VMIME_STREAMCONTENTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+/** A content handler which obtains its data from a stream.
+  */
+class VMIME_EXPORT streamContentHandler : public contentHandler {
+
+public:
+
+	/** Creates a new empty content handler. No data can be extracted until
+	  * an input stream is set using setData() function.
+	  *
+	  * @return a reference to a new content handler
+	  */
+	streamContentHandler();
+
+	/** Creates a new content handler using an input stream.
+	  *
+	  * @param is input stream from which data will be obtained
+	  * @param length expected stream length. May be zero, but it is highly
+	  * recommended to set this parameter to take part of some optimizations
+	  * and features (eg. SMTP CHUNKING/SIZE extension).
+	  * @param enc set to anything other than NO_ENCODING if the data obtained
+	  * from the stream is already encoded with the specified encoding
+	  *
+	  * @return a reference to a new content handler
+	  */
+	streamContentHandler(
+		const shared_ptr <utility::inputStream>& is,
+		const size_t length,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+	~streamContentHandler();
+
+	streamContentHandler(const streamContentHandler& cts);
+	streamContentHandler& operator=(const streamContentHandler& cts);
+
+	shared_ptr <contentHandler> clone() const;
+
+	/** Sets the data managed by this content handler.
+	  *
+	  * @param is input stream from which data will be obtained
+	  * @param length expected stream length. May be zero, but it is highly
+	  * recommended to set this parameter to take part of some optimizations
+	  * and features (eg. SMTP CHUNKING/SIZE extension).
+	  * @param enc set to anything other than NO_ENCODING if the data obtained
+	  * from the stream is already encoded with the specified encoding
+	  */
+	void setData(
+		const shared_ptr <utility::inputStream>& is,
+		const size_t length,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+
+	void generate(
+		utility::outputStream& os,
+		const vmime::encoding& enc,
+		const size_t maxLineLength = lineLengthLimits::infinite
+	) const;
+
+	void extract(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+	void extractRaw(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+
+	size_t getLength() const;
+
+	bool isEncoded() const;
+
+	const vmime::encoding& getEncoding() const;
+
+	bool isEmpty() const;
+
+	bool isBuffered() const;
+
+	void setContentTypeHint(const mediaType& type);
+	const mediaType getContentTypeHint() const;
+
+private:
+
+	mediaType m_contentType;
+
+	// Equals to NO_ENCODING if data is not encoded, otherwise this
+	// specifies the encoding that have been used to encode the data.
+	vmime::encoding m_encoding;
+
+	// Actual data
+	mutable shared_ptr <utility::inputStream> m_stream;
+	size_t m_length;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_STREAMCONTENTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/stringContentHandler.cpp b/vmime-master/src/vmime/stringContentHandler.cpp
new file mode 100644
index 0000000..f7fadf7
--- /dev/null
+++ b/vmime-master/src/vmime/stringContentHandler.cpp
@@ -0,0 +1,228 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/stringContentHandler.hpp"
+
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/outputStreamAdapter.hpp"
+#include "vmime/utility/streamUtils.hpp"
+
+
+namespace vmime {
+
+
+stringContentHandler::stringContentHandler() {
+
+}
+
+
+stringContentHandler::stringContentHandler(
+	const string& buffer,
+	const vmime::encoding& enc
+)
+	: m_encoding(enc),
+	  m_string(buffer) {
+
+}
+
+
+stringContentHandler::stringContentHandler(
+	const stringContentHandler& cts
+)
+	: contentHandler(),
+	  m_contentType(cts.m_contentType),
+	  m_encoding(cts.m_encoding),
+	  m_string(cts.m_string) {
+
+}
+
+
+stringContentHandler::~stringContentHandler() {
+
+}
+
+
+shared_ptr <contentHandler> stringContentHandler::clone() const {
+
+	return make_shared <stringContentHandler>(*this);
+}
+
+
+stringContentHandler& stringContentHandler::operator=(const stringContentHandler& cts) {
+
+	m_contentType = cts.m_contentType;
+	m_encoding = cts.m_encoding;
+	m_string = cts.m_string;
+
+	return *this;
+}
+
+
+void stringContentHandler::setData(const string& buffer, const vmime::encoding& enc) {
+
+	m_encoding = enc;
+	m_string = buffer;
+}
+
+
+stringContentHandler& stringContentHandler::operator=(const string& buffer) {
+
+	setData(buffer, NO_ENCODING);
+	return *this;
+}
+
+
+void stringContentHandler::generate(
+	utility::outputStream& os,
+	const vmime::encoding& enc,
+	const size_t maxLineLength
+) const {
+
+	// Managed data is already encoded
+	if (isEncoded()) {
+
+		// The data is already encoded but the encoding specified for
+		// the generation is different from the current one. We need
+		// to re-encode data: decode from input buffer to temporary
+		// buffer, and then re-encode to output stream...
+		if (m_encoding != enc) {
+
+			shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+			shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+
+			theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+			theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+			utility::inputStreamStringAdapter in(m_string);
+
+			std::ostringstream oss;
+			utility::outputStreamAdapter tempOut(oss);
+
+			theDecoder->decode(in, tempOut);
+
+			string str = oss.str();
+			utility::inputStreamStringAdapter tempIn(str);
+
+			theEncoder->encode(tempIn, os);
+
+		// No encoding to perform
+		} else {
+
+			os.write(m_string.data(), m_string.length());
+		}
+
+	// Need to encode data before
+	} else {
+
+		shared_ptr <utility::encoder::encoder> theEncoder = enc.getEncoder();
+		theEncoder->getProperties()["maxlinelength"] = maxLineLength;
+		theEncoder->getProperties()["text"] = (m_contentType.getType() == mediaTypes::TEXT);
+
+		utility::inputStreamStringAdapter in(m_string);
+
+		theEncoder->encode(in, os);
+	}
+}
+
+
+void stringContentHandler::extract(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	// No decoding to perform
+	if (!isEncoded()) {
+
+		utility::inputStreamStringAdapter in(m_string);
+		utility::progressListenerSizeAdapter plsa(progress, getLength());
+
+		utility::bufferedStreamCopy(in, os, m_string.length(), progress);
+
+	// Need to decode data
+	} else {
+
+		shared_ptr <utility::encoder::encoder> theDecoder = m_encoding.getEncoder();
+
+		utility::inputStreamStringAdapter in(m_string);
+		utility::progressListenerSizeAdapter plsa(progress, getLength());
+
+		theDecoder->decode(in, os, &plsa);
+	}
+}
+
+
+void stringContentHandler::extractRaw(
+	utility::outputStream& os,
+	utility::progressListener* progress
+) const {
+
+	utility::inputStreamStringAdapter in(m_string);
+	utility::progressListenerSizeAdapter plsa(progress, getLength());
+
+	utility::bufferedStreamCopy(in, os, m_string.length(), progress);
+}
+
+
+size_t stringContentHandler::getLength() const {
+
+	return m_string.length();
+}
+
+
+bool stringContentHandler::isEmpty() const {
+
+	return m_string.length() == 0;
+}
+
+
+bool stringContentHandler::isEncoded() const {
+
+	return m_encoding != NO_ENCODING;
+}
+
+
+const vmime::encoding& stringContentHandler::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+bool stringContentHandler::isBuffered() const {
+
+	return true;
+}
+
+
+void stringContentHandler::setContentTypeHint(const mediaType& type) {
+
+	m_contentType = type;
+}
+
+
+const mediaType stringContentHandler::getContentTypeHint() const {
+
+	return m_contentType;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/stringContentHandler.hpp b/vmime-master/src/vmime/stringContentHandler.hpp
new file mode 100644
index 0000000..c9a7331
--- /dev/null
+++ b/vmime-master/src/vmime/stringContentHandler.hpp
@@ -0,0 +1,107 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_STRINGCONTENTHANDLER_HPP_INCLUDED
+#define VMIME_STRINGCONTENTHANDLER_HPP_INCLUDED
+
+
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT stringContentHandler : public contentHandler
+{
+public:
+
+	stringContentHandler();
+
+	stringContentHandler(
+		const string& buffer,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+	~stringContentHandler();
+
+	stringContentHandler(const stringContentHandler& cts);
+	stringContentHandler& operator=(const stringContentHandler& cts);
+
+	shared_ptr <contentHandler> clone() const;
+
+	/** Set data contained in this object.
+	  *
+	  * @param buffer buffer containing data
+	  * @param enc set to anything other than NO_ENCODING if the data managed by
+	  * this content handler is already encoded with the specified encoding (so, no
+	  * encoding/decoding will be performed on generate()/extract()). Note that the
+	  * data may be re-encoded (that is, decoded and encoded) if the encoding passed
+	  * to generate() is different from this one.
+	  */
+	void setData(
+		const string& buffer,
+		const vmime::encoding& enc = NO_ENCODING
+	);
+
+
+	stringContentHandler& operator=(const string& buffer);
+
+	void generate(
+		utility::outputStream& os,
+		const vmime::encoding& enc,
+		const size_t maxLineLength = lineLengthLimits::infinite
+	) const;
+
+	void extract(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+	void extractRaw(utility::outputStream& os, utility::progressListener* progress = NULL) const;
+
+	size_t getLength() const;
+
+	bool isEncoded() const;
+
+	const vmime::encoding& getEncoding() const;
+
+	bool isEmpty() const;
+
+	bool isBuffered() const;
+
+	void setContentTypeHint(const mediaType& type);
+	const mediaType getContentTypeHint() const;
+
+private:
+
+	mediaType m_contentType;
+
+	// Equals to NO_ENCODING if data is not encoded, otherwise this
+	// specifies the encoding that have been used to encode the data.
+	vmime::encoding m_encoding;
+
+	// The actual data
+	string m_string;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_STRINGCONTENTHANDLER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/text.cpp b/vmime-master/src/vmime/text.cpp
new file mode 100644
index 0000000..86ba44f
--- /dev/null
+++ b/vmime-master/src/vmime/text.cpp
@@ -0,0 +1,536 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/text.hpp"
+
+#include "vmime/parserHelpers.hpp"
+#include "vmime/encoding.hpp"
+
+
+namespace vmime {
+
+
+text::text() {
+
+}
+
+
+text::text(const text& t)
+	: headerFieldValue() {
+
+	copyFrom(t);
+}
+
+
+text::text(const string& t, const charset& ch) {
+
+	createFromString(t, ch);
+}
+
+
+text::text(const string& t) {
+
+	createFromString(t, charset::getLocalCharset());
+}
+
+
+text::text(const word& w) {
+
+	appendWord(make_shared <word>(w));
+}
+
+
+text::~text() {
+
+	removeAllWords();
+}
+
+
+void text::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	removeAllWords();
+
+	size_t newPos;
+
+	const std::vector <shared_ptr <word> > words =
+		word::parseMultiple(ctx, buffer, position, end, &newPos);
+
+	copy_vector(words, m_words);
+
+	setParsedBounds(position, newPos);
+
+	if (newPosition) {
+		*newPosition = newPos;
+	}
+}
+
+
+void text::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	encodeAndFold(ctx, os, curLinePos, newLinePos, 0);
+}
+
+
+void text::copyFrom(const component& other) {
+
+	const text& t = dynamic_cast <const text&>(other);
+
+	removeAllWords();
+
+	for (std::vector <shared_ptr <word> >::const_iterator i = t.m_words.begin() ;
+	     i != t.m_words.end() ; ++i) {
+
+		m_words.push_back(make_shared <word>(**i));
+	}
+}
+
+
+text& text::operator=(const component& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+text& text::operator=(const text& other) {
+
+	copyFrom(other);
+	return *this;
+}
+
+
+bool text::operator==(const text& t) const {
+
+	if (getWordCount() == t.getWordCount()) {
+
+		bool equal = true;
+
+		std::vector <shared_ptr <word> >::const_iterator i = m_words.begin();
+		std::vector <shared_ptr <word> >::const_iterator j = t.m_words.begin();
+
+		for ( ; equal && i != m_words.end() ; ++i, ++j) {
+			equal = (**i == **j);
+		}
+
+		return equal;
+	}
+
+	return false;
+}
+
+
+bool text::operator!=(const text& t) const {
+
+	return !(*this == t);
+}
+
+
+const string text::getConvertedText(
+	const charset& dest,
+	const charsetConverterOptions& opts
+) const {
+
+	string out;
+
+	for (std::vector <shared_ptr <word> >::const_iterator i = m_words.begin() ;
+	     i != m_words.end() ; ++i) {
+
+		out += (*i)->getConvertedText(dest, opts);
+	}
+
+	return out;
+}
+
+
+void text::appendWord(const shared_ptr <word>& w) {
+
+	m_words.push_back(w);
+}
+
+
+void text::insertWordBefore(const size_t pos, const shared_ptr <word>& w) {
+
+	m_words.insert(m_words.begin() + pos, w);
+}
+
+
+void text::insertWordAfter(const size_t pos, const shared_ptr <word>& w) {
+
+	m_words.insert(m_words.begin() + pos + 1, w);
+}
+
+
+void text::removeWord(const size_t pos) {
+
+	const std::vector <shared_ptr <word> >::iterator it = m_words.begin() + pos;
+
+	m_words.erase(it);
+}
+
+
+void text::removeAllWords() {
+
+	m_words.clear();
+}
+
+
+size_t text::getWordCount() const {
+
+	return m_words.size();
+}
+
+
+bool text::isEmpty() const {
+
+	return m_words.empty();
+}
+
+
+const shared_ptr <word> text::getWordAt(const size_t pos) {
+
+	return m_words[pos];
+}
+
+
+const shared_ptr <const word> text::getWordAt(const size_t pos) const {
+
+	return m_words[pos];
+}
+
+
+const std::vector <shared_ptr <const word> > text::getWordList() const {
+
+	std::vector <shared_ptr <const word> > list;
+
+	list.reserve(m_words.size());
+
+	for (std::vector <shared_ptr <word> >::const_iterator it = m_words.begin() ;
+	     it != m_words.end() ; ++it) {
+
+		list.push_back(*it);
+	}
+
+	return list;
+}
+
+
+const std::vector <shared_ptr <word> > text::getWordList() {
+
+	return m_words;
+}
+
+
+shared_ptr <component> text::clone() const {
+
+	return make_shared <text>(*this);
+}
+
+
+shared_ptr <text> text::newFromString(const string& in, const charset& ch) {
+
+	shared_ptr <text> t = make_shared <text>();
+
+	t->createFromString(in, ch);
+
+	return t;
+}
+
+
+void text::createFromString(const string& in, const charset& ch) {
+
+	size_t asciiCount = 0;
+	size_t asciiPercent = 0;
+
+	removeAllWords();
+
+	// Check whether there is a recommended encoding for this charset.
+	// If so, the whole buffer will be encoded. Else, the number of
+	// 7-bit (ASCII) bytes in the input will be used to determine if
+	// we need to encode the whole buffer.
+	encoding recommendedEnc;
+	const bool alwaysEncode = ch.getRecommendedEncoding(recommendedEnc);
+
+	if (!alwaysEncode) {
+		asciiCount = utility::stringUtils::countASCIIchars(in.begin(), in.end());
+		asciiPercent = (in.length() == 0 ? 100 : (100 * asciiCount) / in.length());
+	}
+
+	// If there are "too much" non-ASCII chars, encode everything
+	if (alwaysEncode || asciiPercent < 60) {  // less than 60% ASCII chars
+
+		appendWord(make_shared <word>(in, ch));
+
+	// Else, only encode words which need it
+	} else {
+
+		bool is8bit = false;     // is the current word 8-bit?
+		bool prevIs8bit = false; // is previous word 8-bit?
+		unsigned int count = 0;  // total number of words
+
+		for (size_t end = in.size(), pos = 0, start = 0 ; ; ) {
+
+			if (pos == end || parserHelpers::isSpace(in[pos])) {
+
+				const string chunk(in.begin() + start, in.begin() + pos);
+
+				if (pos != end) {
+					++pos;
+				}
+
+				if (is8bit) {
+
+					if (count && prevIs8bit) {
+
+						// No need to create a new encoded word, just append
+						// the current word to the previous one.
+						shared_ptr <word> w = getWordAt(getWordCount() - 1);
+						w->getBuffer() += " " + chunk;
+
+					} else {
+
+						if (count) {
+							shared_ptr <word> w = getWordAt(getWordCount() - 1);
+							w->getBuffer() += ' ';
+						}
+
+						appendWord(make_shared <word>(chunk, ch));
+
+						prevIs8bit = true;
+						++count;
+					}
+
+				} else {
+
+					if (count && !prevIs8bit) {
+
+						shared_ptr <word> w = getWordAt(getWordCount() - 1);
+						w->getBuffer() += " " + chunk;
+
+					} else {
+
+						appendWord(make_shared <word>(chunk, charset(charsets::US_ASCII)));
+
+						prevIs8bit = false;
+						++count;
+					}
+				}
+
+				if (pos == end) {
+					break;
+				}
+
+				is8bit = false;
+				start = pos;
+
+			} else if (!parserHelpers::isAscii(in[pos])) {
+
+				is8bit = true;
+				++pos;
+
+			} else {
+
+				++pos;
+			}
+		}
+	}
+}
+
+
+void text::encodeAndFold(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t firstLineOffset,
+	size_t* lastLineLength,
+	const int flags
+) const {
+
+	size_t curLineLength = firstLineOffset;
+	word::generatorState state;
+
+	for (size_t wi = 0 ; wi < getWordCount() ; ++wi) {
+
+		getWordAt(wi)->generate(
+			ctx, os, curLineLength,
+			&curLineLength, flags, &state
+		);
+	}
+
+	if (lastLineLength) {
+		*lastLineLength = curLineLength;
+	}
+}
+
+
+shared_ptr <text> text::decodeAndUnfold(const string& in) {
+
+	shared_ptr <text> t = make_shared <text>();
+
+	decodeAndUnfold(parsingContext::getDefaultContext(), in, t.get());
+
+	return t;
+}
+
+
+shared_ptr <text> text::decodeAndUnfold(const parsingContext& ctx, const string& in) {
+
+	shared_ptr <text> t = make_shared <text>();
+
+	decodeAndUnfold(ctx, in, t.get());
+
+	return t;
+}
+
+
+text* text::decodeAndUnfold(const string& in, text* generateInExisting) {
+
+	return decodeAndUnfold(parsingContext::getDefaultContext(), in, generateInExisting);
+}
+
+
+text* text::decodeAndUnfold(const parsingContext& ctx, const string& in, text* generateInExisting) {
+
+	text* out = generateInExisting ? generateInExisting : new text();
+
+	out->removeAllWords();
+
+	std::vector <shared_ptr <word> > words = word::parseMultiple(ctx, in, 0, in.length(), NULL);
+	fixBrokenWords(words);
+
+	copy_vector(words, out->m_words);
+
+	return out;
+}
+
+
+// static
+void text::fixBrokenWords(std::vector <shared_ptr <word> >& words) {
+
+	if (words.size() < 2) {
+		return;
+	}
+
+	// Fix words which encode a non-integral number of characters.
+	// This is not RFC-compliant, but we should be able to recover from it.
+	for (size_t i = 0, n = words.size() ; i < n - 1 ; ++i) {
+
+		shared_ptr <word> w1 = words[i];
+
+		// Check whether the word is valid
+		bool valid = false;
+
+		try {
+
+			valid = w1->getCharset().isValidText(w1->getBuffer(), NULL);
+
+		} catch (vmime::exceptions::charset_conv_error& e) {
+
+			// Unknown charset or unexpected conversion error: assume word is valid
+			valid = true;
+		}
+
+		// If the current word is not valid, try to grab some bytes
+		// from the next words, to see whether it becomes valid.
+		if (!valid) {
+
+			string buffer(w1->getBuffer());
+			size_t mergeWords = 1;  // number of adjacent words to merge
+
+			for (size_t j = i + 1 ; j < n ; ++j) {
+
+				shared_ptr <word> nextWord = words[j];
+
+				if (nextWord->getCharset() != w1->getCharset()) {
+					break;
+				}
+
+				buffer += nextWord->getBuffer();
+				++mergeWords;
+			}
+
+			if (mergeWords == 1) {
+				// No adjacent word with same charset found
+				continue;
+			}
+
+			string::size_type firstInvalidByte;
+			valid = w1->getCharset().isValidText(buffer, &firstInvalidByte);
+
+			// Current word with additional bytes from the next words
+			// is now valid: adjust buffers of words.
+			w1->setBuffer(string(buffer.begin(), buffer.begin() + firstInvalidByte));
+			words[i + 1]->setBuffer(string(buffer.begin() + firstInvalidByte, buffer.end()));
+
+			// Remove unused words
+			for (size_t j = 0 ; j < mergeWords - 2 ; ++j) {
+
+				words.erase(words.begin() + i + 2);
+				--n;
+			}
+
+			// If the next word is now empty, remove it
+			if (words[i + 1]->getBuffer().empty()) {
+
+				words.erase(words.begin() + i + 1);
+				--n;
+			}
+		}
+	}
+}
+
+
+const std::vector <shared_ptr <component> > text::getChildComponents() {
+
+	std::vector <shared_ptr <component> > list;
+
+	copy_vector(m_words, list);
+
+	return list;
+}
+
+
+const string text::getWholeBuffer() const {
+
+	string res;
+
+	for (std::vector <shared_ptr <word> >::const_iterator it = m_words.begin() ;
+	     it != m_words.end() ; ++it) {
+
+		res += (*it)->getBuffer();
+	}
+
+	return res;
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/text.hpp b/vmime-master/src/vmime/text.hpp
new file mode 100644
index 0000000..143f527
--- /dev/null
+++ b/vmime-master/src/vmime/text.hpp
@@ -0,0 +1,291 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_TEXT_HPP_INCLUDED
+#define VMIME_TEXT_HPP_INCLUDED
+
+
+#include "vmime/headerFieldValue.hpp"
+#include "vmime/base.hpp"
+#include "vmime/word.hpp"
+
+
+namespace vmime {
+
+
+/** List of encoded-words, as defined in RFC-2047 (basic type).
+  */
+class VMIME_EXPORT text : public headerFieldValue {
+
+public:
+
+	text();
+	text(const text& t);
+	text(const string& t, const charset& ch);
+	explicit text(const string& t);
+	explicit text(const word& w);
+	~text();
+
+public:
+
+	bool operator==(const text& t) const;
+	bool operator!=(const text& t) const;
+
+	shared_ptr <component> clone() const;
+	void copyFrom(const component& other);
+	text& operator=(const component& other);
+	text& operator=(const text& other);
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+	/** Add a word at the end of the list.
+	  *
+	  * @param w word to append
+	  */
+	void appendWord(const shared_ptr <word>& w);
+
+	/** Insert a new word before the specified position.
+	  *
+	  * @param pos position at which to insert the new word (0 to insert at
+	  * the beginning of the list)
+	  * @param w word to insert
+	  */
+	void insertWordBefore(const size_t pos, const shared_ptr <word>& w);
+
+	/** Insert a new word after the specified position.
+	  *
+	  * @param pos position of the word before the new word
+	  * @param w word to insert
+	  */
+	void insertWordAfter(const size_t pos, const shared_ptr <word>& w);
+
+	/** Remove the word at the specified position.
+	  *
+	  * @param pos position of the word to remove
+	  */
+	void removeWord(const size_t pos);
+
+	/** Remove all words from the list.
+	  */
+	void removeAllWords();
+
+	/** Return the number of words in the list.
+	  *
+	  * @return number of words
+	  */
+	size_t getWordCount() const;
+
+	/** Tests whether the list of words is empty.
+	  *
+	  * @return true if there is no word, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Return the word at the specified position.
+	  *
+	  * @param pos position
+	  * @return word at position 'pos'
+	  */
+	const shared_ptr <word> getWordAt(const size_t pos);
+
+	/** Return the word at the specified position.
+	  *
+	  * @param pos position
+	  * @return word at position 'pos'
+	  */
+	const shared_ptr <const word> getWordAt(const size_t pos) const;
+
+	/** Return the word list.
+	  *
+	  * @return list of words
+	  */
+	const std::vector <shared_ptr <const word> > getWordList() const;
+
+	/** Return the word list.
+	  *
+	  * @return list of words
+	  */
+	const std::vector <shared_ptr <word> > getWordList();
+
+
+	/** Return the text converted into the specified charset.
+	  * The encoded-words are decoded and then converted in the
+	  * specified destination charset.
+	  *
+	  * @param dest output charset
+	  * @param opts options for charset conversion
+	  * @return text decoded in the specified charset
+	  */
+	const string getConvertedText(
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	) const;
+
+	/** Return the unconverted (raw) data of all words. This is the
+	  * concatenation of the results returned by getBuffer() on
+	  * the contained words.
+	  *
+	  * @return raw data
+	  */
+	const string getWholeBuffer() const;
+
+	/** This function can be used to make several encoded words from a text.
+	  * All the characters in the text must be in the same specified charset.
+	  *
+	  * <p>Eg: giving:</p>
+	  * <pre>   &lt;iso-8859-1> "Linux dans un t'el'ephone mobile"
+	  *    ("=?iso-8859-1?Q?Linux_dans_un_t=E9l=E9phone_mobile?=")
+	  * </pre><p>it will return:</p>
+	  * <pre>   &lt;us-ascii>   "Linux dans un "
+	  *    &lt;iso-8859-1> "t'el'ephone "
+	  *    &lt;us-ascii>   "mobile"
+	  *    ("Linux dans un =?iso-8859-1?Q?t=E9l=E9phone_?= mobile")
+	  * </pre>
+	  *
+	  * @param in input string
+	  * @param ch input charset
+	  * @return new text object
+	  */
+	static shared_ptr <text> newFromString(const string& in, const charset& ch);
+
+	/** This function can be used to make several encoded words from a text.
+	  * All the characters in the text must be in the same specified charset.
+	  *
+	  * <p>Eg: giving:</p>
+	  * <pre>   &lt;iso-8859-1> "Linux dans un t'el'ephone mobile"
+	  *    ("=?iso-8859-1?Q?Linux_dans_un_t=E9l=E9phone_mobile?=")
+	  * </pre><p>it will return:</p>
+	  * <pre>   &lt;us-ascii>   "Linux dans un "
+	  *    &lt;iso-8859-1> "t'el'ephone "
+	  *    &lt;us-ascii>   "mobile"
+	  *    ("Linux dans un =?iso-8859-1?Q?t=E9l=E9phone_?= mobile")
+	  * </pre>
+	  *
+	  * @param in input string
+	  * @param ch input charset
+	  */
+	void createFromString(const string& in, const charset& ch);
+
+	/** Flags used by "encodeAndFold" function.
+	  */
+	enum EncodeAndFoldFlags {
+
+		// NOTE: If both "FORCE_NO_ENCODING" and "FORCE_ENCODING" are
+		// specified, "FORCE_NO_ENCODING" is used by default.
+
+		FORCE_NO_ENCODING = (1 << 0),    /**< Just fold lines, don't encode them. */
+		FORCE_ENCODING = (1 << 1),       /**< Encode lines even if they are plain ASCII text. */
+		NO_NEW_LINE_SEQUENCE = (1 << 2), /**< Use CRLF instead of new-line sequence (CRLF + TAB). */
+		QUOTE_IF_POSSIBLE = (1 << 3),    /**< Use quoting instead of encoding when possible (even if FORCE_ENCODING is specified). */
+		QUOTE_IF_NEEDED = (1 << 4)       /**< Use quoting instead of encoding if needed (eg. whitespaces and/or special chars). */
+	};
+
+	/** Encode and fold text in respect to RFC-2047.
+	  *
+	  * @param ctx generation context
+	  * @param os output stream
+	  * @param firstLineOffset the first line length (may be useful if the current output line is not empty)
+	  * @param lastLineLength will receive the length of the last line written
+	  * @param flags encoding flags (see EncodeAndFoldFlags)
+	  */
+	void encodeAndFold(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t firstLineOffset,
+		size_t* lastLineLength,
+		const int flags
+	) const;
+
+	/** Decode and unfold text (RFC-2047), using the default parsing context.
+	  *
+	  * @param in input string
+	  * @return new text object
+	  */
+	static shared_ptr <text> decodeAndUnfold(const string& in);
+
+	/** Decode and unfold text (RFC-2047).
+	  *
+	  * @param ctx parsingContext
+	  * @param in input string
+	  * @return new text object
+	  */
+	static shared_ptr <text> decodeAndUnfold(const parsingContext& ctx, const string& in);
+
+	/** Decode and unfold text (RFC-2047), using the default parsing context.
+	  *
+	  * @param in input string
+	  * @param generateInExisting if not NULL, the resulting text will be generated
+	  * in the specified object instead of a new created object (in this case, the
+	  * function returns the same pointer). Can be used to avoid copying the
+	  * resulting object into an existing object.
+	  * @return new text object or existing object if generateInExisting != NULL
+	  */
+	static text* decodeAndUnfold(const string& in, text* generateInExisting);
+
+	/** Decode and unfold text (RFC-2047).
+	  *
+	  * @param ctx parsing context
+	  * @param in input string
+	  * @param generateInExisting if not NULL, the resulting text will be generated
+	  * in the specified object instead of a new created object (in this case, the
+	  * function returns the same pointer). Can be used to avoid copying the
+	  * resulting object into an existing object.
+	  * @return new text object or existing object if generateInExisting != NULL
+	  */
+	static text* decodeAndUnfold(
+		const parsingContext& ctx,
+		const string& in,
+		text* generateInExisting
+	);
+
+protected:
+
+	static void fixBrokenWords(std::vector <shared_ptr <word> >& words);
+
+
+	// Component parsing & assembling
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+private:
+
+	std::vector <shared_ptr <word> > m_words;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_TEXT_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/textPart.hpp b/vmime-master/src/vmime/textPart.hpp
new file mode 100644
index 0000000..e34a169
--- /dev/null
+++ b/vmime-master/src/vmime/textPart.hpp
@@ -0,0 +1,117 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_TEXTPART_HPP_INCLUDED
+#define VMIME_TEXTPART_HPP_INCLUDED
+
+
+#include "vmime/bodyPart.hpp"
+
+#include "vmime/mediaType.hpp"
+#include "vmime/charset.hpp"
+#include "vmime/contentHandler.hpp"
+
+
+namespace vmime {
+
+
+/** Generic text part.
+  */
+class VMIME_EXPORT textPart : public object {
+
+	friend class textPartFactory;
+	friend class messageBuilder; // for generateIn, getPartCount
+	friend class messageParser;  // for parse
+
+public:
+
+	virtual ~textPart() { }
+
+	/** Return the type of text part (eg: "text/html").
+	  *
+	  * @return type of text part
+	  */
+	virtual const mediaType getType() const = 0;
+
+	/** Return the charset used to encode text in the
+	  * text part.
+	  *
+	  * @return text charset
+	  */
+	virtual const charset& getCharset() const = 0;
+
+	/** Set the charset used to encode text in the
+	  * text part.
+	  *
+	  * @param ch text charset
+	  */
+	virtual void setCharset(const charset& ch) = 0;
+
+	/** Return the text contained in the part.
+	  *
+	  * @return text of the part
+	  */
+	virtual const shared_ptr <const contentHandler> getText() const = 0;
+
+	/** Set the text contained in the part.
+	  *
+	  * @param text text of the part
+	  */
+	virtual void setText(const shared_ptr <contentHandler>& text) = 0;
+
+	/** Return the actual body parts this text part is composed of.
+	  * For example, HTML parts are composed of two parts: one "text/html"
+	  * part, and the plain text part "text/plain".
+	  *
+	  * @return number of body parts
+	  */
+	virtual size_t getPartCount() const = 0;
+
+	/** Generate the text part(s) into the specified message.
+	  *
+	  * @param message the message
+	  * @param parent body part into which generate this part
+	  */
+	virtual void generateIn(
+		const shared_ptr <bodyPart>& message,
+		const shared_ptr <bodyPart>& parent
+	) const = 0;
+
+	/** Parse the text part(s) from the specified message.
+	  *
+	  * @param message message containing the text part
+	  * @param parent part containing the text part
+	  * @param textPart actual text part
+	  */
+	virtual void parse(
+		const shared_ptr <const bodyPart>& message,
+		const shared_ptr <const bodyPart>& parent,
+		const shared_ptr <const bodyPart>& textPart
+	) = 0;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_TEXTPART_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/textPartFactory.cpp b/vmime-master/src/vmime/textPartFactory.cpp
new file mode 100644
index 0000000..2c58888
--- /dev/null
+++ b/vmime-master/src/vmime/textPartFactory.cpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/textPartFactory.hpp"
+#include "vmime/exception.hpp"
+
+
+#include "vmime/plainTextPart.hpp"
+#include "vmime/htmlTextPart.hpp"
+
+
+namespace vmime {
+
+
+textPartFactory::textPartFactory() {
+
+	registerType <plainTextPart>(mediaType(mediaTypes::TEXT, mediaTypes::TEXT_PLAIN));
+	registerType <htmlTextPart>(mediaType(mediaTypes::TEXT, mediaTypes::TEXT_HTML));
+}
+
+
+textPartFactory::~textPartFactory() {
+
+}
+
+
+textPartFactory* textPartFactory::getInstance() {
+
+	static textPartFactory instance;
+	return &instance;
+}
+
+
+shared_ptr <textPart> textPartFactory::create(const mediaType& type)
+{
+	for (MapType::const_iterator it = m_map.begin() ;
+	     it != m_map.end() ; ++it) {
+
+		if ((*it).first == type) {
+			return ((*it).second)();
+		}
+	}
+
+	throw exceptions::no_factory_available("No 'textPart' class registered for media type '" + type.generate() + "'.");
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/textPartFactory.hpp b/vmime-master/src/vmime/textPartFactory.hpp
new file mode 100644
index 0000000..322c616
--- /dev/null
+++ b/vmime-master/src/vmime/textPartFactory.hpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_TEXTPARTFACTORY_HPP_INCLUDED
+#define VMIME_TEXTPARTFACTORY_HPP_INCLUDED
+
+
+#include "vmime/textPart.hpp"
+#include "vmime/mediaType.hpp"
+
+
+namespace vmime {
+
+
+class VMIME_EXPORT textPartFactory {
+
+protected:
+
+	textPartFactory();
+	~textPartFactory();
+
+	typedef shared_ptr <textPart> (*AllocFunc)(void);
+	typedef std::vector <std::pair <mediaType, AllocFunc> > MapType;
+
+	MapType m_map;
+
+#ifndef VMIME_BUILDING_DOC
+	template <class TYPE>
+	class registerer {
+	public:
+
+		static shared_ptr <textPart> creator() {
+
+			// Allocate a new object
+			return vmime::make_shared <TYPE>();
+		}
+	};
+#endif // VMIME_BUILDING_DOC
+
+public:
+
+	static textPartFactory* getInstance();
+
+	template <class T>
+	void registerType(const mediaType& type) {
+
+		m_map.push_back(MapType::value_type(type, &registerer<T>::creator));
+	}
+
+	shared_ptr <textPart> create(const mediaType& type);
+};
+
+
+} // vmime
+
+
+#endif // VMIME_TEXTPARTFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/types.hpp b/vmime-master/src/vmime/types.hpp
new file mode 100644
index 0000000..3527883
--- /dev/null
+++ b/vmime-master/src/vmime/types.hpp
@@ -0,0 +1,87 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_TYPES_HPP_INCLUDED
+#define VMIME_TYPES_HPP_INCLUDED
+
+
+#include <limits>
+#include <string>
+#include <vector>
+#include <stdexcept>
+#include <cstddef>
+#include <utility>
+#include <memory>
+
+#include "vmime/config.hpp"
+
+
+#ifndef VMIME_BUILDING_DOC
+
+namespace vmime {
+
+	using std::shared_ptr;
+	using std::weak_ptr;
+	using std::make_shared;
+	using std::enable_shared_from_this;
+	using std::dynamic_pointer_cast;
+	using std::const_pointer_cast;
+
+	/** Custom deleter to be used with shared_ptr.
+	  * This does not actually delete the pointer, and is used
+	  * only for the singleton classes allocated on the stack.
+	  */
+	template <typename T>
+	struct noop_shared_ptr_deleter {
+		void operator()(T*) const {}
+	};
+
+	template <typename T> using scoped_ptr = std::unique_ptr <T>;
+}
+
+#endif // VMIME_BUILDING_DOC
+
+
+namespace vmime {
+
+	typedef std::string string;
+
+	typedef unsigned short port_t;
+
+	typedef int char_t;
+
+	typedef vmime_uint8 byte_t;
+	typedef std::vector <byte_t> byteArray;
+
+	typedef std::size_t size_t;
+
+	// For compatibility with versions <= 0.7.1 (deprecated)
+	namespace net { }
+	namespace messaging = net;
+}
+
+
+#include "vmime/object.hpp"
+
+
+#endif // VMIME_TYPES_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/childProcess.hpp b/vmime-master/src/vmime/utility/childProcess.hpp
new file mode 100644
index 0000000..b72ab85
--- /dev/null
+++ b/vmime-master/src/vmime/utility/childProcess.hpp
@@ -0,0 +1,103 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_CHILDPROCESS_HPP_INCLUDED
+#define VMIME_UTILITY_CHILDPROCESS_HPP_INCLUDED
+
+
+#include "vmime/utility/stream.hpp"
+#include "vmime/utility/file.hpp"
+
+#include <vector>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Spawn a process and redirect its standard input
+  * and/or standard output.
+  */
+class VMIME_EXPORT childProcess : public object {
+
+public:
+
+	virtual ~childProcess() { }
+
+	/** Flags used with start(). */
+	enum Flags {
+		FLAG_REDIRECT_STDIN = (1 << 0),
+		FLAG_REDIRECT_STDOUT = (1 << 1)
+	};
+
+	/** Start the child process.
+	  *
+	  * @param args list of arguments
+	  * @param flags one or more childProcess::Flags
+	  * @throws exceptions::system_error if the an error occurs
+	  * before the process can be started
+	  */
+	virtual void start(const std::vector <string>& args, const int flags = 0) = 0;
+
+	/** Return a wrapper to the child process standard input.
+	  *
+	  * @return output stream wrapper for child's stdin
+	  */
+	virtual shared_ptr <utility::outputStream> getStdIn() = 0;
+
+	/** Return a wrapper to the child process standard output.
+	  *
+	  * @return input stream wrapper for child's stdout
+	  */
+	virtual shared_ptr <utility::inputStream> getStdOut() = 0;
+
+	/** Wait for the process to finish.
+	  *
+	  * @throws exceptions::system_error if the process does
+	  * not exit normally
+	  */
+	virtual void waitForFinish() = 0;
+};
+
+
+/** Create 'childProcess' objects.
+  */
+class childProcessFactory : public object {
+
+public:
+
+	virtual ~childProcessFactory() { }
+
+	/** Create a new child process.
+	  *
+	  * @param path full path of the process executable file
+	  */
+	virtual shared_ptr <childProcess> create(const utility::file::path& path) const = 0;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_CHILDPROCESS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/datetimeUtils.cpp b/vmime-master/src/vmime/utility/datetimeUtils.cpp
new file mode 100644
index 0000000..b1a6c55
--- /dev/null
+++ b/vmime-master/src/vmime/utility/datetimeUtils.cpp
@@ -0,0 +1,317 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/datetimeUtils.hpp"
+
+#include <stdexcept>
+
+
+namespace vmime {
+namespace utility {
+
+
+#ifndef VMIME_BUILDING_DOC
+
+static inline void nextMonth(datetime& d) {
+
+	if (d.getMonth() >= 12) {
+		d.setMonth(1);
+		d.setYear(d.getYear() + 1);
+	} else {
+		d.setMonth(d.getMonth() + 1);
+	}
+}
+
+
+static inline void prevMonth(datetime& d) {
+
+	if (d.getMonth() <= 1) {
+		d.setYear(d.getYear() - 1);
+		d.setMonth(12);
+	} else {
+		d.setMonth(d.getMonth() - 1);
+	}
+}
+
+
+static inline void nextDay(datetime& d) {
+
+	if (d.getDay() >= datetimeUtils::getDaysInMonth(d.getYear(), d.getMonth())) {
+		d.setDay(1);
+		nextMonth(d);
+	} else {
+		d.setDay(d.getDay() + 1);
+	}
+}
+
+
+static inline void prevDay(datetime& d) {
+
+	if (d.getDay() <= 1) {
+		prevMonth(d);
+		d.setDay(datetimeUtils::getDaysInMonth(d.getYear(), d.getMonth()));
+	} else {
+		d.setDay(d.getDay() - 1);
+	}
+}
+
+
+static inline void nextHour(datetime& d) {
+
+	if (d.getHour() >= 23) {
+		d.setHour(0);
+		nextDay(d);
+	} else {
+		d.setHour(d.getHour() + 1);
+	}
+}
+
+
+static inline void prevHour(datetime& d) {
+
+	if (d.getHour() <= 0) {
+		d.setHour(23);
+		prevDay(d);
+	} else {
+		d.setHour(d.getHour() - 1);
+	}
+}
+
+
+static inline void addHoursAndMinutes(datetime& d, const int h, const int m) {
+
+	d.setMinute(d.getMinute() + m);
+
+	if (d.getMinute() >= 60) {
+		d.setMinute(d.getMinute() - 60);
+		nextHour(d);
+	}
+
+	d.setHour(d.getHour() + h);
+
+	if (d.getHour() >= 24) {
+		d.setHour(d.getHour() - 24);
+		nextDay(d);
+	}
+}
+
+
+static inline void substractHoursAndMinutes(datetime& d, const int h, const int m) {
+
+	if (m > d.getMinute()) {
+		d.setMinute(60 - (m - d.getMinute()));
+		prevHour(d);
+	} else {
+		d.setMinute(d.getMinute() - m);
+	}
+
+	if (h > d.getHour()) {
+		d.setHour(24 - (h - d.getHour()));
+		prevDay(d);
+	} else {
+		d.setHour(d.getHour() - h);
+	}
+}
+
+#endif // VMIME_BUILDING_DOC
+
+
+const datetime datetimeUtils::toUniversalTime(const datetime& date) {
+
+	if (date.getZone() == datetime::GMT) {
+		return date; // no conversion needed
+	}
+
+	datetime nd(date);
+	nd.setZone(datetime::GMT);
+
+	const int z = date.getZone();
+	const int h = (z < 0) ? (-z / 60) : (z / 60);
+	const int m = (z < 0) ? (-z - h * 60) : (z - h * 60);
+
+	if (z < 0) {  // GMT-hhmm: add hours and minutes to date
+		addHoursAndMinutes(nd, h, m);
+	} else {      // GMT+hhmm: substract hours and minutes from date
+		substractHoursAndMinutes(nd, h, m);
+	}
+
+	return nd;
+}
+
+
+const datetime datetimeUtils::toLocalTime(const datetime& date, const int zone) {
+
+	datetime utcDate(date);
+
+	if (utcDate.getZone() != datetime::GMT) {
+		utcDate = toUniversalTime(date); // convert to UT before
+	}
+
+	datetime nd(utcDate);
+	nd.setZone(zone);
+
+	const int h = (zone < 0) ? (-zone / 60) : (zone / 60);
+	const int m = (zone < 0) ? (-zone - h * 60) : (zone - h * 60);
+
+	if (zone < 0) {  // GMT+hhmm: substract hours and minutes from date
+		substractHoursAndMinutes(nd, h, m);
+	} else {         // GMT-hhmm: add hours and minutes to date
+		addHoursAndMinutes(nd, h, m);
+	}
+
+	return nd;
+}
+
+
+bool datetimeUtils::isLeapYear(const int year) {
+
+	// From RFC 3339 - Appendix C. Leap Years:
+	return ((year % 4) == 0 && (year % 100 != 0 || year % 400 == 0));
+}
+
+
+int datetimeUtils::getDaysInMonth(const int year, const int month) {
+
+	static const int daysInMonth[12] = {
+		31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+	};
+	static const int daysInMonthLeapYear[12] = {
+		31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+	};
+
+	if (month < 1 || month > 12) {
+		throw std::out_of_range("Invalid month number");
+	}
+
+	return isLeapYear(year) ? daysInMonthLeapYear[month - 1] : daysInMonth[month - 1];
+}
+
+
+int datetimeUtils::getDayOfWeek(const int year, const int month, const int day) {
+
+	int y = year;
+	int m = month;
+
+	if (month < 1 || month > 12) {
+		throw std::out_of_range("Invalid month number");
+	} else if (day < 1 || day > getDaysInMonth(year, month)) {
+		throw std::out_of_range("Invalid day number");
+	}
+
+	// From RFC-3339 - Appendix B. Day of the Week
+
+	// Adjust months so February is the last one
+	m -= 2;
+
+	if (m < 1) {
+		m += 12;
+		--y;
+	}
+
+	// Split by century
+	const int cent = y / 100;
+	y %= 100;
+
+	return ((26 * m - 2) / 10 + day + y + (y >> 2) + (cent >> 2) + 5 * cent) % 7;
+}
+
+
+int datetimeUtils::getWeekOfYear(const int year, const int month, const int day, const bool iso) {
+
+	// Algorithm from http://personal.ecu.edu/mccartyr/ISOwdALG.txt
+
+	const bool leapYear = ((year % 4) == 0 && (year % 100) != 0) || (year % 400) == 0;
+	const bool leapYear_1 = (((year - 1) % 4) == 0 && ((year - 1) % 100) != 0) || ((year - 1) % 400) == 0;
+
+	// 4. Find the DayOfYearNumber for Y M D
+	static const int DAY_OF_YEAR_NUMBER_MAP[12] = {
+		0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+	};
+
+	int DayOfYearNumber = day + DAY_OF_YEAR_NUMBER_MAP[month - 1];
+
+	if (leapYear && month > 2) {
+		DayOfYearNumber += 1;
+	}
+
+	// 5. Find the Jan1Weekday for Y (Monday=1, Sunday=7)
+	const int YY = (year - 1) % 100;
+	const int C = (year - 1) - YY;
+	const int G = YY + YY / 4;
+	const int Jan1Weekday = 1 + (((((C / 100) % 4) * 5) + G) % 7);
+
+	// 6. Find the Weekday for Y M D
+	const int H = DayOfYearNumber + (Jan1Weekday - 1);
+	const int Weekday = 1 + ((H - 1) % 7);
+
+	// 7. Find if Y M D falls in YearNumber Y-1, WeekNumber 52 or 53
+	int YearNumber = 0, WeekNumber = 0;
+
+	if (DayOfYearNumber <= (8 - Jan1Weekday) && Jan1Weekday > 4) {
+
+		YearNumber = year - 1;
+
+		if (Jan1Weekday == 5 || (Jan1Weekday == 6 && leapYear_1)) {
+			WeekNumber = 53;
+		} else {
+			WeekNumber = 52;
+		}
+
+	} else {
+
+		YearNumber = year;
+	}
+
+	// 8. Find if Y M D falls in YearNumber Y+1, WeekNumber 1
+	if (YearNumber == year) {
+
+		const int I = (leapYear ? 366 : 365);
+
+		if ((I - DayOfYearNumber) < (4 - Weekday)) {
+			YearNumber = year + 1;
+			WeekNumber = 1;
+		}
+	}
+
+	// 9. Find if Y M D falls in YearNumber Y, WeekNumber 1 through 53
+	if (YearNumber == year) {
+
+		const int J = DayOfYearNumber + (7 - Weekday) + (Jan1Weekday - 1);
+
+		WeekNumber = J / 7;
+
+		if (Jan1Weekday > 4) {
+			WeekNumber -= 1;
+		}
+	}
+
+	if (!iso && (WeekNumber == 1 && month == 12)) {
+		WeekNumber = 53;
+	}
+
+	return WeekNumber;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/datetimeUtils.hpp b/vmime-master/src/vmime/utility/datetimeUtils.hpp
new file mode 100644
index 0000000..b762a6e
--- /dev/null
+++ b/vmime-master/src/vmime/utility/datetimeUtils.hpp
@@ -0,0 +1,98 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_DATETIMEUTILS_HPP_INCLUDED
+#define VMIME_DATETIMEUTILS_HPP_INCLUDED
+
+
+#include "vmime/dateTime.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Miscellaneous functions related to date/time.
+  */
+class VMIME_EXPORT datetimeUtils {
+
+public:
+
+	/** Test whether the specified year is a leap year.
+	  *
+	  * @param year year in 4-digit format
+	  * @return true if year is a leap year, false otherwise
+	  */
+	static bool isLeapYear(const int year);
+
+	/** Return the number of days in the specified month.
+	  *
+	  * @param year year in 4-digit format (this is needed to check
+	  * for leap years)
+	  * @param month month, January is 1, December is 12 (see datetime::Months enum)
+	  * @return the number of days in the month
+	  */
+	static int getDaysInMonth(const int year, const int month);
+
+	/** Convert the specified date/time to UT (GMT).
+	  *
+	  * @param date date/time to convert
+	  * @return GMT date/time
+	  */
+	static const datetime toUniversalTime(const datetime& date);
+
+	/** Convert the specified date/time to the specified time zone.
+	  *
+	  * @param date date/time to convert
+	  * @param zone local zone to convert to (see datetime::TimeZones enum)
+	  * @return local time and date
+	  */
+	static const datetime toLocalTime(const datetime& date, const int zone);
+
+	/** Return the day of the week from the specified date.
+	  *
+	  * @param year year in 4-digit format
+	  * @param month month (1-12), January is 1, December is 12 (see datetime::Months enum)
+	  * @param day month day (1-31)
+	  * @return the day of the week, Sunday is 0, Monday is 1 (see datetime::DaysOfWeek enum)
+	  */
+	static int getDayOfWeek(const int year, const int month, const int day);
+
+	/** Return the week number in the year (ISO 8601).
+	  *
+	  * @param year year in 4-digit format
+	  * @param month month (1-12), January is 1, December is 12 (see datetime::Months enum)
+	  * @param day month day (1-31)
+	  * @param iso if TRUE, use ISO week-numbering year (default is to use calendar year).
+	  * For more information, read here: http://en.wikipedia.org/wiki/ISO_8601#Week_dates
+	  * @return the week number (1 is the first week of the year)
+	  */
+	static int getWeekOfYear(const int year, const int month, const int day, const bool iso = false);
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_DATETIMEUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/b64Encoder.cpp b/vmime-master/src/vmime/utility/encoder/b64Encoder.cpp
new file mode 100644
index 0000000..ef4e581
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/b64Encoder.cpp
@@ -0,0 +1,350 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+b64Encoder::b64Encoder() {
+
+}
+
+
+const std::vector <string> b64Encoder::getAvailableProperties() const {
+
+	std::vector <string> list(encoder::getAvailableProperties());
+
+	list.push_back("maxlinelength");
+
+	return list;
+}
+
+
+// 7-bits alphabet used to encode binary data
+const unsigned char b64Encoder::sm_alphabet[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+
+const unsigned char b64Encoder::sm_decodeMap[256] = {
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0x00 - 0x0f
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0x10 - 0x1f
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3e,0xff,0xff,0xff,0x3f,  // 0x20 - 0x2f
+	0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0xff,0xff,0xff,0x3d,0xff,0xff,  // 0x30 - 0x3f
+	0xff,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,  // 0x40 - 0x4f
+	0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0xff,0xff,0xff,0xff,0xff,  // 0x50 - 0x5f
+	0xff,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,  // 0x60 - 0x6f
+	0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0xff,0xff,0xff,0xff,0xff,  // 0x70 - 0x7f
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0x80 - 0x8f
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0x90 - 0x9f
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xa0 - 0xaf
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xb0 - 0xbf
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xc0 - 0xcf
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xd0 - 0xdf
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xe0 - 0xef
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,  // 0xf0 - 0xff
+};
+
+#ifndef VMIME_BUILDING_DOC
+	#define B64_WRITE(s, x, l) s.write(reinterpret_cast <byte_t*>(x), l)
+#endif // VMIME_BUILDING_DOC
+
+
+
+size_t b64Encoder::encode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	const size_t propMaxLineLength =
+		getProperties().getProperty <size_t>("maxlinelength", static_cast <size_t>(-1));
+
+	const bool cutLines = (propMaxLineLength != static_cast <size_t>(-1));
+	const size_t maxLineLength = std::min(propMaxLineLength, static_cast <size_t>(76));
+
+	// Process data
+	byte_t buffer[65536];
+	size_t bufferLength = 0;
+	size_t bufferPos = 0;
+
+	byte_t bytes[3];
+	byte_t output[4];
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	size_t curCol = 0;
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	while (bufferPos < bufferLength || !in.eof()) {
+
+		if (bufferPos >= bufferLength) {
+
+			bufferLength = in.read(buffer, sizeof(buffer));
+			bufferPos = 0;
+
+			if (bufferLength == 0) {
+				break;
+			}
+		}
+
+		// Get 3 bytes of data
+		int count = 0;
+
+		while (count < 3 && bufferPos < bufferLength) {
+			bytes[count++] = buffer[bufferPos++];
+		}
+
+		while (count < 3) {
+
+			// There may be more data in the next chunk...
+			if (bufferPos >= bufferLength) {
+
+				bufferLength = in.read(buffer, sizeof(buffer));
+				bufferPos = 0;
+
+				if (bufferLength == 0) {
+					break;
+				}
+			}
+
+			while (count < 3 && bufferPos < bufferLength) {
+				bytes[count++] = buffer[bufferPos++];
+			}
+		}
+
+		// Encode data
+		switch (count) {
+
+			case 1:
+
+				output[0] = sm_alphabet[(bytes[0] & 0xFC) >> 2];
+				output[1] = sm_alphabet[(bytes[0] & 0x03) << 4];
+				output[2] = sm_alphabet[64]; // padding
+				output[3] = sm_alphabet[64]; // padding
+
+				break;
+
+			case 2:
+
+				output[0] = sm_alphabet[(bytes[0] & 0xFC) >> 2];
+				output[1] = sm_alphabet[((bytes[0] & 0x03) << 4) | ((bytes[1] & 0xF0) >> 4)];
+				output[2] = sm_alphabet[(bytes[1] & 0x0F) << 2];
+				output[3] = sm_alphabet[64]; // padding
+
+				break;
+
+			default:
+			case 3:
+
+				output[0] = sm_alphabet[(bytes[0] & 0xFC) >> 2];
+				output[1] = sm_alphabet[((bytes[0] & 0x03) << 4) | ((bytes[1] & 0xF0) >> 4)];
+				output[2] = sm_alphabet[((bytes[1] & 0x0F) << 2) | ((bytes[2] & 0xC0) >> 6)];
+				output[3] = sm_alphabet[(bytes[2] & 0x3F)];
+
+				break;
+		}
+
+		// Write encoded data to output stream
+		B64_WRITE(out, output, 4);
+
+		inTotal += count;
+		total += 4;
+		curCol += 4;
+
+		if (cutLines && curCol + 2 /* \r\n */ + 4 /* next bytes */ >= maxLineLength) {
+			out.write("\r\n", 2);
+			curCol = 0;
+		}
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t b64Encoder::decode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	// Process the data
+	byte_t buffer[16384];
+	size_t bufferLength = 0;
+	size_t bufferPos = 0;
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	byte_t bytes[4];
+	byte_t output[3];
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	while (bufferPos < bufferLength || !in.eof()) {
+
+		bytes[0] = '=';
+		bytes[1] = '=';
+		bytes[2] = '=';
+		bytes[3] = '=';
+
+		// Need to get more data?
+		if (bufferPos >= bufferLength) {
+
+			bufferLength = in.read(buffer, sizeof(buffer));
+			bufferPos = 0;
+
+			// No more data
+			if (bufferLength == 0) {
+				break;
+			}
+		}
+
+		// 4 bytes of input provide 3 bytes of output, so
+		// get the next 4 bytes from the input stream.
+		int count = 0;
+
+		while (count < 4 && bufferPos < bufferLength) {
+
+			const byte_t c = buffer[bufferPos++];
+
+			if (!parserHelpers::isSpace(c)) {
+				bytes[count++] = c;
+			}
+		}
+
+		if (count != 4) {
+
+			while (count < 4 && !in.eof()) {
+
+				// Data continues on the next chunk
+				bufferLength = in.read(buffer, sizeof(buffer));
+				bufferPos = 0;
+
+				while (count < 4 && bufferPos < bufferLength) {
+
+					const byte_t c = buffer[bufferPos++];
+
+					if (!parserHelpers::isSpace(c)) {
+						bytes[count++] = c;
+					}
+				}
+			}
+		}
+
+		if (count != 4) {  // input length is not a multiple of 4 bytes
+			break;
+		}
+
+		// Decode the bytes
+		byte_t c1 = bytes[0];
+		byte_t c2 = bytes[1];
+
+		if (c1 == '=' || c2 == '=') {  // end
+			break;
+		}
+
+		output[0] = static_cast <byte_t>((sm_decodeMap[c1] << 2) | ((sm_decodeMap[c2] & 0x30) >> 4));
+
+		c1 = bytes[2];
+
+		if (c1 == '=') {  // end
+			B64_WRITE(out, output, 1);
+			total += 1;
+			break;
+		}
+
+		output[1] = static_cast <byte_t>(((sm_decodeMap[c2] & 0xf) << 4) | ((sm_decodeMap[c1] & 0x3c) >> 2));
+
+		c2 = bytes[3];
+
+		if (c2 == '=') {  // end
+			B64_WRITE(out, output, 2);
+			total += 2;
+			break;
+		}
+
+		output[2] = static_cast <byte_t>(((sm_decodeMap[c1] & 0x03) << 6) | sm_decodeMap[c2]);
+
+		B64_WRITE(out, output, 3);
+		total += 3;
+		inTotal += count;
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t b64Encoder::getEncodedSize(const size_t n) const {
+
+	const size_t propMaxLineLength =
+		getProperties().getProperty <size_t>("maxlinelength", static_cast <size_t>(-1));
+
+	const bool cutLines = (propMaxLineLength != static_cast <size_t>(-1));
+	const size_t maxLineLength = std::min(propMaxLineLength, static_cast <size_t>(76));
+
+	return (n * 4) / 3                               // 3 bytes of input provide 4 bytes of output
+		 + (cutLines ? (n / maxLineLength) * 2 : 0)  // CRLF (2 bytes) for each line.
+		 + 4;                                        // padding
+}
+
+
+size_t b64Encoder::getDecodedSize(const size_t n) const {
+
+	// 4 bytes of input provide 3 bytes of output
+	return (n * 3) / 4;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/b64Encoder.hpp b/vmime-master/src/vmime/utility/encoder/b64Encoder.hpp
new file mode 100644
index 0000000..c5be2c3
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/b64Encoder.hpp
@@ -0,0 +1,73 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_B64ENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_B64ENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/encoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** Base64 encoder.
+  */
+class VMIME_EXPORT b64Encoder : public encoder {
+
+public:
+
+	b64Encoder();
+
+	size_t encode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	size_t decode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	const std::vector <string> getAvailableProperties() const;
+
+	size_t getEncodedSize(const size_t n) const;
+	size_t getDecodedSize(const size_t n) const;
+
+protected:
+
+	static const unsigned char sm_alphabet[];
+	static const unsigned char sm_decodeMap[256];
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_B64ENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/binaryEncoder.cpp b/vmime-master/src/vmime/utility/encoder/binaryEncoder.cpp
new file mode 100644
index 0000000..b30bb7b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/binaryEncoder.cpp
@@ -0,0 +1,39 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/binaryEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+binaryEncoder::binaryEncoder() {
+
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/binaryEncoder.hpp b/vmime-master/src/vmime/utility/encoder/binaryEncoder.hpp
new file mode 100644
index 0000000..331014e
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/binaryEncoder.hpp
@@ -0,0 +1,51 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_BINARYENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_BINARYENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/noopEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** Binary encoder.
+  */
+class VMIME_EXPORT binaryEncoder : public noopEncoder {
+
+public:
+
+	binaryEncoder();
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_BINARYENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/eightBitEncoder.cpp b/vmime-master/src/vmime/utility/encoder/eightBitEncoder.cpp
new file mode 100644
index 0000000..a966931
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/eightBitEncoder.cpp
@@ -0,0 +1,39 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/eightBitEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+eightBitEncoder::eightBitEncoder() {
+
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/eightBitEncoder.hpp b/vmime-master/src/vmime/utility/encoder/eightBitEncoder.hpp
new file mode 100644
index 0000000..c400f51
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/eightBitEncoder.hpp
@@ -0,0 +1,51 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_EIGHTBITENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_EIGHTBITENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/noopEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** 8-bit encoder.
+  */
+class VMIME_EXPORT eightBitEncoder : public noopEncoder {
+
+public:
+
+	eightBitEncoder();
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_EIGHTBITENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/encoder.cpp b/vmime-master/src/vmime/utility/encoder/encoder.cpp
new file mode 100644
index 0000000..634adf0
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/encoder.cpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/encoder.hpp"
+#include "vmime/exception.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+encoder::encoder() {
+
+}
+
+
+encoder::~encoder() {
+
+}
+
+
+const propertySet& encoder::getProperties() const {
+
+	return m_props;
+}
+
+
+propertySet& encoder::getProperties() {
+
+	return m_props;
+}
+
+
+const propertySet& encoder::getResults() const {
+
+	return m_results;
+}
+
+
+propertySet& encoder::getResults() {
+
+	return m_results;
+}
+
+
+const std::vector <string> encoder::getAvailableProperties() const {
+
+	std::vector <string> list;
+	return list;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/encoder.hpp b/vmime-master/src/vmime/utility/encoder/encoder.hpp
new file mode 100644
index 0000000..134e813
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/encoder.hpp
@@ -0,0 +1,135 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_ENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_ENCODER_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+#include "vmime/propertySet.hpp"
+#include "vmime/exception.hpp"
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** Encode/decode data in different encodings.
+  */
+class VMIME_EXPORT encoder : public object {
+
+public:
+
+	encoder();
+	virtual ~encoder();
+
+	/** Encode data.
+	  *
+	  * @param in input data (decoded)
+	  * @param out output stream for encoded data
+	  * @param progress progress listener, or NULL if you do not
+	  * want to receive progress notifications
+	  * @return number of bytes written into output stream
+	  */
+	virtual size_t encode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	) = 0;
+
+	/** Decode data.
+	  *
+	  * @param in input data (encoded)
+	  * @param out output stream for decoded data
+	  * @param progress progress listener, or NULL if you do not
+	  * want to receive progress notifications
+	  * @return number of bytes written into output stream
+	  */
+	virtual size_t decode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	) = 0;
+
+	/** Return the properties of the encoder.
+	  *
+	  * @return properties of the encoder
+	  */
+	const propertySet& getProperties() const;
+
+	/** Return the properties of the encoder.
+	  *
+	  * @return properties of the encoder
+	  */
+	propertySet& getProperties();
+
+	/** Return a list of property names that can be set for
+	  * this encoder.
+	  *
+	  * @return list of property names
+	  */
+	virtual const std::vector <string> getAvailableProperties() const;
+
+	/** Return the results returned by this encoder.
+	  *
+	  * @return results returned by the encoder
+	  */
+	const propertySet& getResults() const;
+
+	/** Return the encoded size for the specified input (decoded) size.
+	  * If the size is not exact, it may be an estimate which should always
+	  * be larger than the actual encoded size.
+	  *
+	  * @param n count of input (decoded) bytes
+	  * @return count of output (encoded) bytes
+	  */
+	virtual size_t getEncodedSize(const size_t n) const = 0;
+
+	/** Return the encoded size for the specified input (encoded) size.
+	  * If the size is not exact, it may be an estimate which should always
+	  * be larger than the actual decoded size.
+	  *
+	  * @param n count of input (encoded) bytes
+	  * @return count of output (decoded) bytes
+	  */
+	virtual size_t getDecodedSize(const size_t n) const = 0;
+
+protected:
+
+	propertySet& getResults();
+
+private:
+
+	propertySet m_props;
+	propertySet m_results;
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_ENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/encoderFactory.cpp b/vmime-master/src/vmime/utility/encoder/encoderFactory.cpp
new file mode 100644
index 0000000..df655ae
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/encoderFactory.cpp
@@ -0,0 +1,149 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/encoderFactory.hpp"
+#include "vmime/exception.hpp"
+
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/utility/encoder/qpEncoder.hpp"
+#include "vmime/utility/encoder/uuEncoder.hpp"
+#include "vmime/utility/encoder/binaryEncoder.hpp"
+#include "vmime/utility/encoder/sevenBitEncoder.hpp"
+#include "vmime/utility/encoder/eightBitEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+encoderFactory::encoderFactory() {
+
+	// Register some default encoders
+	registerName <b64Encoder>("base64");
+	registerName <qpEncoder>("quoted-printable");
+	registerName <uuEncoder>("uuencode");
+	registerName <uuEncoder>("x-uuencode");
+	registerName <sevenBitEncoder>("7bit");
+	registerName <eightBitEncoder>("8bit");
+	registerName <binaryEncoder>("binary");
+
+	// Also register some non-standard encoding names
+	registerName <sevenBitEncoder>("7-bit");
+	registerName <eightBitEncoder>("8-bit");
+	registerName <eightBitEncoder>("8bits");
+
+	// Finally, register some bogus encoding names, for compatibility
+	registerName <qpEncoder>("bmoted-printable");
+}
+
+
+encoderFactory::~encoderFactory() {
+
+}
+
+
+shared_ptr <encoderFactory> encoderFactory::getInstance() {
+
+	static encoderFactory instance;
+	return shared_ptr <encoderFactory>(&instance, noop_shared_ptr_deleter <encoderFactory>());
+}
+
+
+shared_ptr <encoder> encoderFactory::create(const string& name) {
+
+	try {
+
+		return (getEncoderByName(name)->create());
+
+	} catch (exceptions::no_encoder_available &) {
+
+		if (m_defaultEncoder) {
+			return m_defaultEncoder;
+		}
+
+		throw;
+	}
+}
+
+
+const shared_ptr <const encoderFactory::registeredEncoder>
+	encoderFactory::getEncoderByName(const string& name) const {
+
+	const string lcName(utility::stringUtils::toLower(name));
+
+	for (std::vector <shared_ptr <registeredEncoder> >::const_iterator it = m_encoders.begin() ;
+	     it != m_encoders.end() ; ++it) {
+
+		if ((*it)->getName() == lcName) {
+			return (*it);
+		}
+	}
+
+	throw exceptions::no_encoder_available(name);
+}
+
+
+size_t encoderFactory::getEncoderCount() const {
+
+	return m_encoders.size();
+}
+
+
+const shared_ptr <const encoderFactory::registeredEncoder>
+	encoderFactory::getEncoderAt(const size_t pos) const {
+
+	return m_encoders[pos];
+}
+
+
+const std::vector <shared_ptr <const encoderFactory::registeredEncoder> >
+	encoderFactory::getEncoderList() const {
+
+	std::vector <shared_ptr <const registeredEncoder> > res;
+
+	for (std::vector <shared_ptr <registeredEncoder> >::const_iterator it = m_encoders.begin() ;
+	     it != m_encoders.end() ; ++it) {
+
+		res.push_back(*it);
+	}
+
+	return res;
+}
+
+
+void encoderFactory::setDefaultEncoder(const shared_ptr <encoder>& enc) {
+
+	m_defaultEncoder = enc;
+}
+
+
+shared_ptr <encoder> encoderFactory::getDefaultEncoder() const {
+
+	return m_defaultEncoder;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/encoderFactory.hpp b/vmime-master/src/vmime/utility/encoder/encoderFactory.hpp
new file mode 100644
index 0000000..e475f8e
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/encoderFactory.hpp
@@ -0,0 +1,164 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_ENCODERFACTORY_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_ENCODERFACTORY_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/encoder.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** A factory to create 'encoder' objects for the specified encoding.
+  */
+class VMIME_EXPORT encoderFactory
+{
+private:
+
+	encoderFactory();
+	~encoderFactory();
+
+public:
+
+	static shared_ptr <encoderFactory> getInstance();
+
+	/** Information about a registered encoder. */
+	class VMIME_EXPORT registeredEncoder : public object {
+
+	protected:
+
+		virtual ~registeredEncoder() { }
+
+	public:
+
+		virtual shared_ptr <encoder> create() const = 0;
+
+		virtual const string& getName() const = 0;
+	};
+
+private:
+
+	template <class E>
+	class registeredEncoderImpl : public registeredEncoder {
+
+	public:
+
+		registeredEncoderImpl(const string& name) : m_name(name) { }
+
+		shared_ptr <encoder> create() const {
+
+			return vmime::make_shared <E>();
+		}
+
+		const string& getName() const {
+
+			return m_name;
+		}
+
+	private:
+
+		const string m_name;
+	};
+
+
+	std::vector <shared_ptr <registeredEncoder> > m_encoders;
+	shared_ptr <encoder> m_defaultEncoder;
+
+public:
+
+	/** Register a new encoder by its encoding name.
+	  *
+	  * @param name encoding name
+	  */
+	template <class E>
+	void registerName(const string& name) {
+
+		m_encoders.push_back(
+			vmime::make_shared <registeredEncoderImpl <E> >(utility::stringUtils::toLower(name))
+		);
+	}
+
+	/** Create a new encoder instance from an encoding name.
+	  *
+	  * @param name encoding name (eg. "base64")
+	  * @return a new encoder instance for the specified encoding
+	  * @throw exceptions::no_encoder_available if no encoder is registered
+	  * for this encoding
+	  */
+	shared_ptr <encoder> create(const string& name);
+
+	/** Return information about a registered encoder.
+	  *
+	  * @param name encoding name
+	  * @return information about this encoder
+	  * @throw exceptions::no_encoder_available if no encoder is registered
+	  * for this encoding
+	  */
+	const shared_ptr <const registeredEncoder> getEncoderByName(const string& name) const;
+
+	/** Return the number of registered encoders.
+	  *
+	  * @return number of registered encoders
+	  */
+	size_t getEncoderCount() const;
+
+	/** Return the registered encoder at the specified position.
+	  *
+	  * @param pos position of the registered encoder to return
+	  * @return registered encoder at the specified position
+	  */
+	const shared_ptr <const registeredEncoder> getEncoderAt(const size_t pos) const;
+
+	/** Return a list of all registered encoders.
+	  *
+	  * @return list of registered encoders
+	  */
+	const std::vector <shared_ptr <const registeredEncoder> > getEncoderList() const;
+
+	/** Set the default encoder to use when no other encoder
+	  * is registered for an encoding (fallback).
+	  *
+	  * @param enc default encoder
+	  */
+	void setDefaultEncoder(const shared_ptr <encoder>& enc);
+
+	/** Return the default encoder to use when no other encoder
+	  * is registered for an encoding (fallback).
+	  *
+	  * @return default encoder
+	  */
+	shared_ptr <encoder> getDefaultEncoder() const;
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_ENCODERFACTORY_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/noopEncoder.cpp b/vmime-master/src/vmime/utility/encoder/noopEncoder.cpp
new file mode 100644
index 0000000..30cc6c1
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/noopEncoder.cpp
@@ -0,0 +1,94 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/noopEncoder.hpp"
+
+#include "vmime/utility/streamUtils.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+noopEncoder::noopEncoder() {
+
+}
+
+
+size_t noopEncoder::encode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	// No encoding performed
+	size_t res = 0;
+
+	if (progress)
+		res = utility::bufferedStreamCopy(in, out, 0, progress);
+	else
+		res = utility::bufferedStreamCopy(in, out);
+
+	return res;
+}
+
+
+size_t noopEncoder::decode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	// No decoding performed
+	size_t res = 0;
+
+	if (progress) {
+		res = utility::bufferedStreamCopy(in, out, 0, progress);
+	} else {
+		res = utility::bufferedStreamCopy(in, out);
+	}
+
+	return res;
+}
+
+
+size_t noopEncoder::getEncodedSize(const size_t n) const {
+
+	return n;
+}
+
+
+size_t noopEncoder::getDecodedSize(const size_t n) const {
+
+	return n;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/noopEncoder.hpp b/vmime-master/src/vmime/utility/encoder/noopEncoder.hpp
new file mode 100644
index 0000000..91944de
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/noopEncoder.hpp
@@ -0,0 +1,66 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_NOOPENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_NOOPENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/encoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** Default, no-op encoder (simple copy, no encoding/decoding is performed).
+  */
+class VMIME_EXPORT noopEncoder : public encoder {
+
+public:
+
+	noopEncoder();
+
+	size_t encode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	size_t decode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	size_t getEncodedSize(const size_t n) const;
+	size_t getDecodedSize(const size_t n) const;
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_NOOPENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/qpEncoder.cpp b/vmime-master/src/vmime/utility/encoder/qpEncoder.cpp
new file mode 100644
index 0000000..4aeb640
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/qpEncoder.cpp
@@ -0,0 +1,568 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/qpEncoder.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+qpEncoder::qpEncoder() {
+
+}
+
+
+const std::vector <string> qpEncoder::getAvailableProperties() const {
+
+	std::vector <string> list(encoder::getAvailableProperties());
+
+	list.push_back("maxlinelength");
+
+	list.push_back("text");  // if set, '\r' and '\n' are not hex-encoded.
+	                         // WARNING! You should not use this for binary data!
+
+	list.push_back("rfc2047");   // for header fields encoding (RFC #2047)
+
+	return list;
+}
+
+
+
+// Hex-encoding table
+const unsigned char qpEncoder::sm_hexDigits[] = "0123456789ABCDEF";
+
+
+// RFC-2047 encoding table: we always encode RFC-2047 using the restricted
+// charset, that is the one used for 'phrase' in From/To/Cc/... headers.
+//
+// " The set of characters that may be used in a "Q"-encoded 'encoded-word'
+//   is restricted to: <upper and lower case ASCII letters, decimal digits,
+//   "!", "*", "+", "-", "/", "=", and "_" (underscore, ASCII 95.)>. "
+//
+// Two special cases:
+// - encode space (32) as underscore (95)
+// - encode underscore as hex (=5F)
+//
+// This is a quick lookup table:
+//   '1' means "encode", '0' means "no encoding"
+//
+const vmime_uint8 qpEncoder::sm_RFC2047EncodeTable[] = {
+	/*   0  NUL */ 1, /*   1  SOH */ 1, /*   2  STX */ 1, /*   3  ETX */ 1, /*   4  EOT */ 1, /*   5  ENQ */ 1,
+	/*   6  ACK */ 1, /*   7  BEL */ 1, /*   8   BS */ 1, /*   9  TAB */ 1, /*  10   LF */ 1, /*  11   VT */ 1,
+	/*  12   FF */ 1, /*  13   CR */ 1, /*  14   SO */ 1, /*  15   SI */ 1, /*  16  DLE */ 1, /*  17  DC1 */ 1,
+	/*  18  DC2 */ 1, /*  19  DC3 */ 1, /*  20  DC4 */ 1, /*  21  NAK */ 1, /*  22  SYN */ 1, /*  23  ETB */ 1,
+	/*  24  CAN */ 1, /*  25   EM */ 1, /*  26  SUB */ 1, /*  27  ESC */ 1, /*  28   FS */ 1, /*  29   GS */ 1,
+	/*  30   RS */ 1, /*  31   US */ 1, /*  32 SPACE*/ 1, /*  33    ! */ 0, /*  34    " */ 1, /*  35    # */ 1,
+	/*  36    $ */ 1, /*  37    % */ 1, /*  38    & */ 1, /*  39    ' */ 1, /*  40    ( */ 1, /*  41    ) */ 1,
+	/*  42    * */ 0, /*  43    + */ 0, /*  44    , */ 1, /*  45    - */ 0, /*  46    . */ 1, /*  47    / */ 0,
+	/*  48    0 */ 0, /*  49    1 */ 0, /*  50    2 */ 0, /*  51    3 */ 0, /*  52    4 */ 0, /*  53    5 */ 0,
+	/*  54    6 */ 0, /*  55    7 */ 0, /*  56    8 */ 0, /*  57    9 */ 0, /*  58    : */ 1, /*  59    ; */ 1,
+	/*  60    < */ 1, /*  61    = */ 1, /*  62    > */ 1, /*  63    ? */ 1, /*  64    @ */ 1, /*  65    A */ 0,
+	/*  66    B */ 0, /*  67    C */ 0, /*  68    D */ 0, /*  69    E */ 0, /*  70    F */ 0, /*  71    G */ 0,
+	/*  72    H */ 0, /*  73    I */ 0, /*  74    J */ 0, /*  75    K */ 0, /*  76    L */ 0, /*  77    M */ 0,
+	/*  78    N */ 0, /*  79    O */ 0, /*  80    P */ 0, /*  81    Q */ 0, /*  82    R */ 0, /*  83    S */ 0,
+	/*  84    T */ 0, /*  85    U */ 0, /*  86    V */ 0, /*  87    W */ 0, /*  88    X */ 0, /*  89    Y */ 0,
+	/*  90    Z */ 0, /*  91    [ */ 1, /*  92    " */ 1, /*  93    ] */ 1, /*  94    ^ */ 1, /*  95    _ */ 1,
+	/*  96    ` */ 1, /*  97    a */ 0, /*  98    b */ 0, /*  99    c */ 0, /* 100    d */ 0, /* 101    e */ 0,
+	/* 102    f */ 0, /* 103    g */ 0, /* 104    h */ 0, /* 105    i */ 0, /* 106    j */ 0, /* 107    k */ 0,
+	/* 108    l */ 0, /* 109    m */ 0, /* 110    n */ 0, /* 111    o */ 0, /* 112    p */ 0, /* 113    q */ 0,
+	/* 114    r */ 0, /* 115    s */ 0, /* 116    t */ 0, /* 117    u */ 0, /* 118    v */ 0, /* 119    w */ 0,
+	/* 120    x */ 0, /* 121    y */ 0, /* 122    z */ 0, /* 123    { */ 1, /* 124    | */ 1, /* 125    } */ 1,
+	/* 126    ~ */ 1, /* 127  DEL */ 1
+};
+
+
+// Hex-decoding table
+const vmime_uint8 qpEncoder::sm_hexDecodeTable[256] = {
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  1,  2,  3,  4,  5,  6,  7,  8,  9,  0,  0,  0,  0,  0,  0,
+	 0, 10, 11, 12, 13, 14, 15,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0, 10, 11, 12, 13, 14, 15,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
+	 0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0
+};
+
+
+// static
+bool qpEncoder::RFC2047_isEncodingNeededForChar(const byte_t c) {
+
+	return c >= 128 || sm_RFC2047EncodeTable[c] != 0;
+}
+
+
+// static
+int qpEncoder::RFC2047_getEncodedLength(const byte_t c) {
+
+	if (c >= 128 || sm_RFC2047EncodeTable[c] != 0) {
+
+		if (c == 32) {  // space
+
+			// Encoded as "_"
+			return 1;
+
+		} else {
+
+			// Hex encoding
+			return 3;
+		}
+
+	} else {
+
+		return 1;  // no encoding
+	}
+}
+
+
+#ifndef VMIME_BUILDING_DOC
+
+#define QP_ENCODE_HEX(x) \
+	outBuffer[outBufferPos] = '=';                           \
+	outBuffer[outBufferPos + 1] = sm_hexDigits[x >> 4];  \
+	outBuffer[outBufferPos + 2] = sm_hexDigits[x & 0xF]; \
+	outBufferPos += 3;                                       \
+	curCol += 3
+
+#define QP_WRITE(s, x, l) s.write(reinterpret_cast <byte_t*>(x), l)
+
+#endif // VMIME_BUILDING_DOC
+
+
+size_t qpEncoder::encode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	const size_t propMaxLineLength =
+		getProperties().getProperty <size_t>("maxlinelength", static_cast <size_t>(-1));
+
+	const bool rfc2047 = getProperties().getProperty <bool>("rfc2047", false);
+	const bool text = getProperties().getProperty <bool>("text", false);  // binary mode by default
+
+	const bool cutLines = (propMaxLineLength != static_cast <size_t>(-1));
+	const size_t maxLineLength = std::min(propMaxLineLength, static_cast <size_t>(74));
+
+	// Process the data
+	byte_t buffer[16384];
+	size_t bufferLength = 0;
+	size_t bufferPos = 0;
+
+	size_t curCol = 0;
+
+	byte_t outBuffer[16384];
+	size_t outBufferPos = 0;
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	while (bufferPos < bufferLength || !in.eof()) {
+
+		// Flush current output buffer
+		if (outBufferPos + 6 >= static_cast <int>(sizeof(outBuffer))) {
+
+			QP_WRITE(out, outBuffer, outBufferPos);
+
+			total += outBufferPos;
+			outBufferPos = 0;
+		}
+
+		// Need to get more data?
+		if (bufferPos >= bufferLength) {
+
+			bufferLength = in.read(buffer, sizeof(buffer));
+			bufferPos = 0;
+
+			// No more data
+			if (bufferLength == 0) {
+				break;
+			}
+		}
+
+		// Get the next char and encode it
+		const byte_t c = buffer[bufferPos++];
+
+		if (rfc2047) {
+
+			if (c >= 128 || sm_RFC2047EncodeTable[c] != 0) {
+
+				if (c == 32) {  // space
+
+					// RFC-2047, Page 5, 4.2. The "Q" encoding:
+					// << The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be
+					// represented as "_" (underscore, ASCII 95.). >>
+					outBuffer[outBufferPos++] = '_';
+					++curCol;
+
+				} else {
+
+					// Other characters: '=' + hexadecimal encoding
+					QP_ENCODE_HEX(c);
+				}
+
+			} else {
+
+				// No encoding
+				outBuffer[outBufferPos++] = c;
+				++curCol;
+			}
+
+		} else {
+
+			switch (c) {
+
+				case 46: {  // .
+
+					if (curCol == 0) {
+						// If a '.' appears at the beginning of a line, we encode it to
+						// to avoid problems with SMTP servers... ("\r\n.\r\n" means the
+						// end of data transmission).
+						QP_ENCODE_HEX('.');
+						continue;
+					}
+
+					outBuffer[outBufferPos++] = '.';
+					++curCol;
+					break;
+				}
+				case 32: {  // space
+
+					// Need to get more data?
+					if (bufferPos >= bufferLength) {
+						bufferLength = in.read(buffer, sizeof(buffer));
+						bufferPos = 0;
+					}
+
+					// Spaces cannot appear at the end of a line. So, encode the space.
+					if (bufferPos >= bufferLength ||
+					    (buffer[bufferPos] == '\r' || buffer[bufferPos] == '\n')) {
+
+						QP_ENCODE_HEX(' ');
+
+					} else {
+
+						outBuffer[outBufferPos++] = ' ';
+						++curCol;
+					}
+
+					break;
+				}
+				case 9: {   // TAB
+
+					QP_ENCODE_HEX(c);
+					break;
+				}
+				case 13:    // CR
+				case 10: {  // LF
+
+					// RFC-2045/6.7(4)
+
+					// Text data
+					if (text && !rfc2047) {
+
+						outBuffer[outBufferPos++] = c;
+						++curCol;
+
+						if (c == 10) {
+							curCol = 0;  // reset current line length
+						}
+
+					// Binary data
+					} else {
+
+						QP_ENCODE_HEX(c);
+					}
+
+					break;
+				}
+				case 61: {  // =
+
+					QP_ENCODE_HEX('=');
+					break;
+				}
+				/*
+					Rule #2: (Literal representation) Octets with decimal values of 33
+					through 60 inclusive, and 62 through 126, inclusive, MAY be
+					represented as the ASCII characters which correspond to those
+					octets (EXCLAMATION POINT through LESS THAN, and GREATER THAN
+					through TILDE, respectively).
+				*/
+				default:
+
+					//if ((c >= 33 && c <= 60) || (c >= 62 && c <= 126))
+					if (c >= 33 && c <= 126 && c != 61 && c != 63) {
+
+						outBuffer[outBufferPos++] = c;
+						++curCol;
+
+					// Other characters: '=' + hexadecimal encoding
+					} else {
+
+						QP_ENCODE_HEX(c);
+					}
+
+					break;
+
+			} // switch (c)
+
+			// Soft line break : "=\r\n"
+			if (cutLines && curCol >= maxLineLength - 1) {
+
+				outBuffer[outBufferPos] = '=';
+				outBuffer[outBufferPos + 1] = '\r';
+				outBuffer[outBufferPos + 2] = '\n';
+
+				outBufferPos += 3;
+				curCol = 0;
+			}
+
+		} // !rfc2047
+
+		++inTotal;
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	// Flush remaining output buffer
+	if (outBufferPos != 0) {
+		QP_WRITE(out, outBuffer, outBufferPos);
+		total += outBufferPos;
+	}
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t qpEncoder::decode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	// Process the data
+	const bool rfc2047 = getProperties().getProperty <bool>("rfc2047", false);
+
+	byte_t buffer[16384];
+	size_t bufferLength = 0;
+	size_t bufferPos = 0;
+
+	byte_t outBuffer[16384];
+	size_t outBufferPos = 0;
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	while (bufferPos < bufferLength || !in.eof()) {
+
+		// Flush current output buffer
+		if (outBufferPos >= sizeof(outBuffer)) {
+
+			QP_WRITE(out, outBuffer, outBufferPos);
+
+			total += outBufferPos;
+			outBufferPos = 0;
+		}
+
+		// Need to get more data?
+		if (bufferPos >= bufferLength) {
+
+			bufferLength = in.read(buffer, sizeof(buffer));
+			bufferPos = 0;
+
+			// No more data
+			if (bufferLength == 0) {
+				break;
+			}
+		}
+
+		// Decode the next sequence (hex-encoded byte or printable character)
+		byte_t c = buffer[bufferPos++];
+
+		++inTotal;
+
+		switch (c) {
+
+			case '=': {
+
+				if (bufferPos >= bufferLength) {
+					bufferLength = in.read(buffer, sizeof(buffer));
+					bufferPos = 0;
+				}
+
+				if (bufferPos < bufferLength) {
+
+					c = buffer[bufferPos++];
+
+					++inTotal;
+
+					switch (c) {
+
+						// Ignore soft line break ("=\r\n" or "=\n")
+						case '\r':
+
+							// Read one byte more
+							if (bufferPos >= bufferLength) {
+								bufferLength = in.read(buffer, sizeof(buffer));
+								bufferPos = 0;
+							}
+
+							if (bufferPos < bufferLength) {
+								++bufferPos;
+								++inTotal;
+							}
+
+							break;
+
+						case '\n':
+
+							break;
+
+						// Hex-encoded char
+						default:
+						{
+							// We need another byte...
+							if (bufferPos >= bufferLength) {
+								bufferLength = in.read(buffer, sizeof(buffer));
+								bufferPos = 0;
+							}
+
+							if (bufferPos < bufferLength) {
+
+								const byte_t next = buffer[bufferPos++];
+
+								++inTotal;
+
+								const byte_t value = static_cast <byte_t>(
+									sm_hexDecodeTable[c] * 16 + sm_hexDecodeTable[next]
+								);
+
+								outBuffer[outBufferPos++] = value;
+
+							} else {
+
+								// Premature end-of-data
+							}
+
+							break;
+						}
+
+					}
+
+				} else {
+
+					// Premature end-of-data
+				}
+
+				break;
+			}
+			case '_': {
+
+				if (rfc2047) {
+
+					// RFC-2047, Page 5, 4.2. The "Q" encoding:
+					// << Note that the "_" always represents hexadecimal 20, even if the SPACE
+					// character occupies a different code position in the character set in use. >>
+					outBuffer[outBufferPos++] = 0x20;
+					break;
+				}
+
+				outBuffer[outBufferPos++] = c;
+				break;
+			}
+			default: {
+
+				outBuffer[outBufferPos++] = c;
+				break;
+			}
+
+		}
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	// Flush remaining output buffer
+	if (outBufferPos != 0) {
+		QP_WRITE(out, outBuffer, outBufferPos);
+		total += outBufferPos;
+	}
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t qpEncoder::getEncodedSize(const size_t n) const {
+
+	const size_t propMaxLineLength =
+		getProperties().getProperty <size_t>("maxlinelength", static_cast <size_t>(-1));
+
+	const bool cutLines = (propMaxLineLength != static_cast <size_t>(-1));
+	const size_t maxLineLength = std::min(propMaxLineLength, static_cast <size_t>(74));
+
+	// Worst cast: 1 byte of input provide 3 bytes of output
+	// Count CRLF (2 bytes) for each line.
+	return n * 3 + (cutLines ? (n / maxLineLength) * 2 : 0);
+}
+
+
+size_t qpEncoder::getDecodedSize(const size_t n) const {
+
+	// Worst case: 1 byte of input equals 1 byte of output
+	return n;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/qpEncoder.hpp b/vmime-master/src/vmime/utility/encoder/qpEncoder.hpp
new file mode 100644
index 0000000..21263a6
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/qpEncoder.hpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_QPENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_QPENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/encoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** Quoted-printable encoder.
+  */
+class VMIME_EXPORT qpEncoder : public encoder {
+
+public:
+
+	qpEncoder();
+
+	size_t encode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	size_t decode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	const std::vector <string> getAvailableProperties() const;
+
+	static bool RFC2047_isEncodingNeededForChar(const unsigned char c);
+	static int RFC2047_getEncodedLength(const unsigned char c);
+
+	size_t getEncodedSize(const size_t n) const;
+	size_t getDecodedSize(const size_t n) const;
+
+protected:
+
+	static const unsigned char sm_hexDigits[17];
+	static const unsigned char sm_hexDecodeTable[256];
+	static const unsigned char sm_RFC2047EncodeTable[128];
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_QPENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.cpp b/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.cpp
new file mode 100644
index 0000000..999b11e
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.cpp
@@ -0,0 +1,39 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/sevenBitEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+sevenBitEncoder::sevenBitEncoder() {
+
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.hpp b/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.hpp
new file mode 100644
index 0000000..37f84a6
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/sevenBitEncoder.hpp
@@ -0,0 +1,51 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_SEVENBITENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_SEVENBITENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/noopEncoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** 7-bit encoder.
+  */
+class VMIME_EXPORT sevenBitEncoder : public noopEncoder
+{
+public:
+
+	sevenBitEncoder();
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_SEVENBITENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/encoder/uuEncoder.cpp b/vmime-master/src/vmime/utility/encoder/uuEncoder.cpp
new file mode 100644
index 0000000..24dcdc8
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/uuEncoder.cpp
@@ -0,0 +1,358 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/encoder/uuEncoder.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+uuEncoder::uuEncoder() {
+
+	getProperties()["mode"] = 644;
+	getProperties()["filename"] = "no_name";
+	getProperties()["maxlinelength"] = 46;
+}
+
+
+const std::vector <string> uuEncoder::getAvailableProperties() const {
+
+	std::vector <string> list(encoder::getAvailableProperties());
+
+	list.push_back("maxlinelength");
+
+	list.push_back("mode");
+	list.push_back("filename");
+
+	return list;
+}
+
+
+// This is the character encoding function to make a character printable
+static inline byte_t UUENCODE(const unsigned int c) {
+
+	return static_cast <byte_t>((c & 077) + ' ');
+}
+
+// Single character decoding
+static inline unsigned int UUDECODE(const unsigned int c) {
+
+	return (c - ' ') & 077;
+}
+
+
+size_t uuEncoder::encode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	const string propFilename = getProperties().getProperty <string>("filename", "");
+	const string propMode = getProperties().getProperty <string>("mode", "644");
+
+	const size_t maxLineLength =
+		std::min(getProperties().getProperty <size_t>("maxlinelength", 46), static_cast <size_t>(46));
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	// Output the prelude text ("begin [mode] [filename]")
+	out << "begin";
+
+	if (!propFilename.empty()) {
+		out << " " << propMode << " " << propFilename;
+		total += 2 + propMode.length() + propFilename.length();
+	}
+
+	out << "\r\n";
+	total += 7;
+
+	// Process the data
+	byte_t inBuffer[64];
+	byte_t outBuffer[64];
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	while (!in.eof()) {
+
+		// Process up to 45 characters per line
+		std::fill(inBuffer, inBuffer + sizeof(inBuffer), 0);
+
+		const size_t inLength = in.read(inBuffer, maxLineLength - 1);
+
+		outBuffer[0] = UUENCODE(static_cast <unsigned int>(inLength)); // Line length
+
+		size_t j = 1;
+
+		for (size_t i = 0 ; i < inLength ; i += 3, j += 4) {
+
+			const byte_t c1 = inBuffer[i];
+			const byte_t c2 = inBuffer[i + 1];
+			const byte_t c3 = inBuffer[i + 2];
+
+			outBuffer[j]     = UUENCODE(c1 >> 2);
+			outBuffer[j + 1] = UUENCODE(((c1 << 4) & 060) | ((c2 >> 4) & 017));
+			outBuffer[j + 2] = UUENCODE(((c2 << 2) & 074) | ((c3 >> 6) & 03));
+			outBuffer[j + 3] = UUENCODE(c3 & 077);
+		}
+
+		outBuffer[j] = '\r';
+		outBuffer[j + 1] = '\n';
+
+		out.write(outBuffer, j + 2);
+
+		total += j + 2;
+		inTotal += inLength;
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	out << "end\r\n";
+	total += 5;
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t uuEncoder::decode(
+	utility::inputStream& in,
+	utility::outputStream& out,
+	utility::progressListener* progress
+) {
+
+	in.reset();  // may not work...
+
+	// Process the data
+	byte_t inBuffer[64];
+	byte_t outBuffer[64];
+
+	size_t total = 0;
+	size_t inTotal = 0;
+
+	bool stop = false;
+
+	std::fill(inBuffer, inBuffer + sizeof(inBuffer), 0);
+
+	if (progress) {
+		progress->start(0);
+	}
+
+	while (!stop && !in.eof()) {
+
+		// Get the line length
+		byte_t lengthChar;
+
+		if (in.read(&lengthChar, 1) == 0) {
+			break;
+		}
+
+		const size_t outLength = UUDECODE(lengthChar);
+		const size_t inLength = std::min((outLength * 4) / 3, static_cast <size_t>(64));
+		size_t inPos = 0;
+
+		switch (lengthChar) {
+
+			case ' ':
+			case '\t':
+			case '\r':
+			case '\n': {
+
+				// Ignore
+				continue;
+			}
+			case 'b': {
+
+				// Read 5 characters more to check for begin ("begin ...\r\n" or "begin ...\n")
+				inPos = in.read(inBuffer, 5);
+
+				if (inPos == 5 &&
+				    inBuffer[0] == 'e' &&
+				    inBuffer[1] == 'g' &&
+				    inBuffer[2] == 'i' &&
+				    inBuffer[3] == 'n' &&
+				    parserHelpers::isSpace(inBuffer[4])) {
+
+					inTotal += 5;
+
+					byte_t c = 0;
+
+					size_t count = 0;
+					byte_t buffer[512];
+
+					while (count < sizeof(buffer) - 1 && in.read(&c, 1) == 1) {
+
+						if (c == '\n') {
+							break;
+						}
+
+						buffer[count++] = c;
+					}
+
+					inTotal += count;
+
+					if (c != '\n') {
+
+						// OOPS! Weird line. Don't try to decode more...
+
+						if (progress) {
+							progress->stop(inTotal);
+						}
+
+						return total;
+					}
+
+					// Parse filename and mode
+					if (count > 0) {
+
+						buffer[count] = '\0';
+
+						byte_t* p = buffer;
+
+						while (*p && parserHelpers::isSpace(*p)) ++p;
+
+						byte_t* modeStart = buffer;
+
+						while (*p && !parserHelpers::isSpace(*p)) ++p;
+
+						getResults()["mode"] = string(modeStart, p);
+
+						while (*p && parserHelpers::isSpace(*p)) ++p;
+
+						byte_t* filenameStart = buffer;
+
+						while (*p && !(*p == '\r' || *p == '\n')) ++p;
+
+						getResults()["filename"] = string(filenameStart, p);
+
+					// No filename or mode specified
+					} else {
+
+						getResults()["filename"] = "untitled";
+						getResults()["mode"] = 644;
+					}
+
+					continue;
+				}
+
+				break;
+			}
+			case 'e': {
+
+				// Read 3 characters more to check for end ("end\r\n" or "end\n")
+				inPos = in.read(inBuffer, 3);
+
+				if (inPos == 3 &&
+				    inBuffer[0] == 'n' &&
+				    inBuffer[1] == 'd' &&
+				    (inBuffer[2] == '\r' || inBuffer[2] == '\n')) {
+
+					stop = true;
+					inTotal += 3;
+					continue;
+				}
+
+				break;
+			}
+
+		}
+
+		// Read encoded data
+		if (in.read(inBuffer + inPos, inLength - inPos) != inLength - inPos) {
+			// Premature end of data
+			break;
+		}
+
+		inTotal += (inLength - inPos);
+
+		// Decode data
+		for (size_t i = 0, j = 0 ; i < inLength ; i += 4, j += 3) {
+
+			const byte_t c1 = inBuffer[i];
+			const byte_t c2 = inBuffer[i + 1];
+			const byte_t c3 = inBuffer[i + 2];
+			const byte_t c4 = inBuffer[i + 3];
+
+			const size_t n = std::min(inLength - i, static_cast <size_t>(3));
+
+			if (n >= 3) {
+				outBuffer[j + 2] = static_cast <byte_t>(UUDECODE(c3) << 6 | UUDECODE(c4));
+			}
+			if (n >= 2) {
+				outBuffer[j + 1] = static_cast <byte_t>(UUDECODE(c2) << 4 | UUDECODE(c3) >> 2);
+			}
+			if (n >= 1) {
+				outBuffer[j]     = static_cast <byte_t>(UUDECODE(c1) << 2 | UUDECODE(c2) >> 4);
+			}
+
+			total += n;
+		}
+
+		out.write(outBuffer, outLength);
+
+		std::fill(inBuffer, inBuffer + sizeof(inBuffer), 0);
+
+		if (progress) {
+			progress->progress(inTotal, inTotal);
+		}
+	}
+
+	if (progress) {
+		progress->stop(inTotal);
+	}
+
+	return total;
+}
+
+
+size_t uuEncoder::getEncodedSize(const size_t n) const {
+
+	// 3 bytes of input provide 4 bytes of output.
+	// Count CRLF (2 bytes) for each line of 45 characters.
+	// Also reserve some space for header and footer.
+	return 200 + n * 3 + (n / 45) * 2;
+}
+
+
+size_t uuEncoder::getDecodedSize(const size_t n) const {
+
+	// 4 bytes of input provide 3 bytes of output
+	return (n * 3) / 4;
+}
+
+
+} // encoder
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/encoder/uuEncoder.hpp b/vmime-master/src/vmime/utility/encoder/uuEncoder.hpp
new file mode 100644
index 0000000..841cf66
--- /dev/null
+++ b/vmime-master/src/vmime/utility/encoder/uuEncoder.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_ENCODER_UUENCODER_HPP_INCLUDED
+#define VMIME_UTILITY_ENCODER_UUENCODER_HPP_INCLUDED
+
+
+#include "vmime/utility/encoder/encoder.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace encoder {
+
+
+/** UUEncode encoder.
+  */
+class VMIME_EXPORT uuEncoder : public encoder {
+
+public:
+
+	uuEncoder();
+
+	size_t encode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	size_t decode(
+		utility::inputStream& in,
+		utility::outputStream& out,
+		utility::progressListener* progress = NULL
+	);
+
+	const std::vector <string> getAvailableProperties() const;
+
+	size_t getEncodedSize(const size_t n) const;
+	size_t getDecodedSize(const size_t n) const;
+};
+
+
+} // encoder
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_ENCODER_UUENCODER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/file.hpp b/vmime-master/src/vmime/utility/file.hpp
new file mode 100644
index 0000000..6e0605e
--- /dev/null
+++ b/vmime-master/src/vmime/utility/file.hpp
@@ -0,0 +1,264 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_FILE_HPP_INCLUDED
+#define VMIME_UTILITY_FILE_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+#include "vmime/utility/path.hpp"
+#include "vmime/utility/stream.hpp"
+
+
+#if VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+namespace vmime {
+namespace utility {
+
+
+class file;
+
+
+/** File list iterator (see file::getFiles).
+  */
+class VMIME_EXPORT fileIterator : public object {
+
+public:
+
+	virtual ~fileIterator() { }
+
+	/** Check whether the cursor has reach the end of the list.
+	  *
+	  * @return true if you can call nextElement(), or false
+	  * if no more file is available
+	  */
+	virtual bool hasMoreElements() const = 0;
+
+	/** Return the next file in the list.
+	  *
+	  * @return next file or NULL
+	  */
+	virtual shared_ptr <file> nextElement() = 0;
+};
+
+
+/** Write to a file.
+  */
+class VMIME_EXPORT fileWriter : public object {
+
+public:
+
+	virtual ~fileWriter() { }
+
+	virtual shared_ptr <utility::outputStream> getOutputStream() = 0;
+};
+
+
+/** Read from a file.
+  */
+class VMIME_EXPORT fileReader : public object {
+
+public:
+
+	virtual ~fileReader() { }
+
+	virtual shared_ptr <utility::inputStream> getInputStream() = 0;
+};
+
+
+/** Abstract representation of a file or directory.
+  */
+class VMIME_EXPORT file : public object {
+
+public:
+
+	typedef utility::path path;
+	typedef unsigned long length_type;
+
+
+	virtual ~file() { }
+
+
+	/** Create the file pointed by this file object.
+	  *
+	  * @throw exceptions::filesystem_exception if an error occurs
+	  */
+	virtual void createFile() = 0;
+
+	/** Create the directory pointed by this file object.
+	  *
+	  * @param createAll if set to true, recursively create all
+	  * parent directories if they do not exist
+	  * @throw exceptions::filesystem_exception if an error occurs
+	  */
+	virtual void createDirectory(const bool createAll = false) = 0;
+
+	/** Test whether this is a file.
+	  *
+	  * @return true if this is a file, false otherwise
+	  */
+	virtual bool isFile() const = 0;
+
+	/** Test whether this is a directory.
+	  *
+	  * @return true if this is a directory, false otherwise
+	  */
+	virtual bool isDirectory() const = 0;
+
+	/** Test whether this file is readible.
+	  *
+	  * @return true if we can read this file, false otherwise
+	  */
+	virtual bool canRead() const = 0;
+
+	/** Test whether this file is writeable.
+	  *
+	  * @return true if we can write to this file, false otherwise
+	  */
+	virtual bool canWrite() const = 0;
+
+	/** Return the length of this file.
+	  *
+	  * @return file size (in bytes)
+	  */
+	virtual length_type getLength() = 0;
+
+	/** Return the full path of this file/directory.
+	  *
+	  * @return full path of the file
+	  */
+	virtual const path& getFullPath() const = 0;
+
+	/** Test whether this file/directory exists.
+	  *
+	  * @return true if the file exists, false otherwise
+	  */
+	virtual bool exists() const = 0;
+
+	/** Return the parent directory of this file/directory.
+	  *
+	  * @return parent directory (or NULL if root)
+	  */
+	virtual shared_ptr <file> getParent() const = 0;
+
+	/** Rename the file/directory.
+	  *
+	  * @param newName full path of the new file
+	  * @throw exceptions::filesystem_exception if an error occurs
+	  */
+	virtual void rename(const path& newName) = 0;
+
+	/** Deletes this file/directory.
+	  * If this is a directory, it must be empty.
+	  *
+	  * @throw exceptions::filesystem_exception if an error occurs
+	  */
+	virtual void remove() = 0;
+
+	/** Return an object capable of writing to this file.
+	  *
+	  * @return file writer object
+	  */
+	virtual shared_ptr <fileWriter> getFileWriter() = 0;
+
+	/** Return an object capable of reading from this file.
+	  *
+	  * @return file reader object
+	  */
+	virtual shared_ptr <fileReader> getFileReader() = 0;
+
+	/** Enumerate files contained in this directory.
+	  *
+	  * @return file iterator to enumerate files
+	  * @throw exceptions::not_a_directory if this is not a directory,
+	  * exceptions::filesystem_exception if another error occurs
+	  */
+	virtual shared_ptr <fileIterator> getFiles() const = 0;
+
+protected:
+
+	file() { }
+
+private:
+
+	file(const file&) : object() { }
+};
+
+
+/** Constructs 'file' objects.
+  */
+class VMIME_EXPORT fileSystemFactory : public object {
+
+public:
+
+	virtual ~fileSystemFactory() { }
+
+	/** Create a new file object from the specified path.
+	  *
+	  * @param path full path (absolute) of the file
+	  * @return new file object for the path
+	  */
+	virtual shared_ptr <file> create(const file::path& path) const = 0;
+
+	/** Parse a path contained in a string.
+	  *
+	  * @param str string containing a path in a system-dependent representation
+	  * @return path object (abstract representation)
+	  */
+	virtual const file::path stringToPath(const string& str) const = 0;
+
+	/** Return the system-dependent string representation for the specified path.
+	  *
+	  * @param path abstract representation of the path
+	  * @return string representation of the path
+	  */
+	virtual const string pathToString(const file::path& path) const = 0;
+
+	/** Test whether the specified path component is syntactically
+	  * valid (ie: does not contain any 'special' character).
+	  *
+	  * @param comp path component to test
+	  * @return true if the component is valid, false otherwise
+	  */
+	virtual bool isValidPathComponent(const file::path::component& comp) const = 0;
+
+	/** Test whether the specified path is syntactically valid
+	  * (ie: components do not contain any 'special' character).
+	  *
+	  * @param path path to test
+	  * @return true if the path is valid, false otherwise
+	  */
+	virtual bool isValidPath(const file::path& path) const = 0;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_HAVE_FILESYSTEM_FEATURES
+
+
+#endif // VMIME_UTILITY_FILE_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/filteredStream.cpp b/vmime-master/src/vmime/utility/filteredStream.cpp
new file mode 100644
index 0000000..d5ec17b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/filteredStream.cpp
@@ -0,0 +1,402 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/filteredStream.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace utility {
+
+
+// filteredInputStream
+
+size_t filteredInputStream::getBlockSize() {
+
+	return std::min(inputStream::getBlockSize(), getPreviousInputStream().getBlockSize());
+}
+
+
+// filteredOutputStream
+
+size_t filteredOutputStream::getBlockSize() {
+
+	return std::min(outputStream::getBlockSize(), getNextOutputStream().getBlockSize());
+}
+
+
+// dotFilteredInputStream
+
+dotFilteredInputStream::dotFilteredInputStream(inputStream& is)
+	: m_stream(is),
+	  m_previousChar2('\0'),
+	  m_previousChar1('\0') {
+
+}
+
+
+inputStream& dotFilteredInputStream::getPreviousInputStream() {
+
+	return m_stream;
+}
+
+
+bool dotFilteredInputStream::eof() const {
+
+	return m_stream.eof();
+}
+
+
+void dotFilteredInputStream::reset() {
+
+	m_previousChar2 = '\0';
+	m_previousChar1 = '\0';
+
+	m_stream.reset();
+}
+
+
+size_t dotFilteredInputStream::read(byte_t* const data, const size_t count) {
+
+	const size_t read = m_stream.read(data, count);
+
+	const byte_t* readPtr = data;
+	byte_t* writePtr = data;
+
+	const byte_t* end = data + read;
+
+	size_t written = 0;
+
+	byte_t prevChar2 = m_previousChar2;
+	byte_t prevChar1 = m_previousChar1;
+
+	// Replace "\n.." with "\n."
+	while (readPtr < end) {
+
+		if (*readPtr == '.' && prevChar2 == '\n' && prevChar1 == '.') {
+
+			// Ignore last dot
+			prevChar2 = '\0';
+			prevChar1 = '.';
+
+		} else {
+
+			*writePtr = *readPtr;
+
+			++writePtr;
+			++written;
+
+			prevChar2 = prevChar1;
+			prevChar1 = *readPtr;
+		}
+
+		++readPtr;
+	}
+
+	m_previousChar2 = prevChar2;
+	m_previousChar1 = prevChar1;
+
+	return written;
+}
+
+
+size_t dotFilteredInputStream::skip(const size_t /* count */) {
+
+	// Skipping bytes is not supported
+	return 0;
+}
+
+
+// dotFilteredOutputStream
+
+dotFilteredOutputStream::dotFilteredOutputStream(outputStream& os)
+	: m_stream(os),
+	  m_previousChar('\0'),
+	  m_start(true) {
+
+}
+
+
+outputStream& dotFilteredOutputStream::getNextOutputStream() {
+
+	return m_stream;
+}
+
+
+void dotFilteredOutputStream::writeImpl(const byte_t* const data, const size_t count) {
+
+	if (count == 0) {
+		return;
+	}
+
+	const byte_t* pos = data;
+	const byte_t* end = data + count;
+	const byte_t* start = data;
+
+	if (m_previousChar == '.') {
+
+		if (data[0] == '\n' || data[0] == '\r') {
+
+			m_stream.write(".", 1);  // extra <DOT>
+			m_stream.write(data, 1);
+
+			pos = data + 1;
+		}
+	}
+
+	// Replace "\n." with "\n.."
+	while ((pos = std::find(pos, end, '.')) != end) {
+
+		const byte_t previousChar = (pos == data ? m_previousChar : *(pos - 1));
+
+		if (previousChar == '\n') {
+
+			m_stream.write(start, pos - start);
+			m_stream.write("..", 2);
+
+			start = pos + 1;
+
+		} else if (pos == data && m_start) {  // <DOT><CR><LF> at the beginning of content
+
+			m_stream.write(start, pos - start);
+
+			if (pos + 1 < end && (*(pos + 1) == '\n' || *(pos + 1) == '\r')) {
+				m_stream.write("..", 2);
+			} else {
+				m_stream.write(".", 1);
+			}
+
+			start = pos + 1;
+		}
+
+		++pos;
+	}
+
+	m_stream.write(start, end - start);
+	m_previousChar = data[count - 1];
+	m_start = false;
+}
+
+
+void dotFilteredOutputStream::flush() {
+
+	// Do nothing
+	m_stream.flush();
+}
+
+
+size_t dotFilteredOutputStream::getBlockSize() {
+
+	return m_stream.getBlockSize();
+}
+
+
+// CRLFToLFFilteredOutputStream
+
+CRLFToLFFilteredOutputStream::CRLFToLFFilteredOutputStream(outputStream& os)
+	: m_stream(os),
+	  m_previousChar('\0') {
+
+}
+
+
+outputStream& CRLFToLFFilteredOutputStream::getNextOutputStream() {
+
+	return m_stream;
+}
+
+
+void CRLFToLFFilteredOutputStream::writeImpl(const byte_t* const data, const size_t count) {
+
+	if (count == 0) {
+		return;
+	}
+
+	const byte_t* pos = data;
+	const byte_t* end = data + count;
+	const byte_t* start = data;
+
+	// Warning: if the whole buffer finishes with '\r', this
+	// last character will not be written back if flush() is
+	// not called
+	if (m_previousChar == '\r') {
+
+		if (*pos != '\n') {
+			m_stream.write("\r", 1); // write back \r
+			m_previousChar = *pos;
+		}
+	}
+
+	// Replace "\r\n" (CRLF) with "\n" (LF)
+	while ((pos = std::find(pos, end, '\n')) != end) {
+
+		const byte_t previousChar = (pos == data ? m_previousChar : *(pos - 1));
+
+		if (previousChar == '\r') {
+
+			if (pos != start) {
+				m_stream.write(start, pos - 1 - start);  // do not write \r
+			}
+
+			m_stream.write("\n", 1);
+
+			start = pos + 1;
+		}
+
+		++pos;
+	}
+
+	if (data[count - 1] == '\r') {
+
+		m_stream.write(start, end - start - 1);
+		m_previousChar = '\r';
+
+	} else {
+
+		m_stream.write(start, end - start);
+		m_previousChar = data[count - 1];
+	}
+}
+
+
+void CRLFToLFFilteredOutputStream::flush() {
+
+	m_stream.flush();
+
+	// TODO
+}
+
+
+size_t CRLFToLFFilteredOutputStream::getBlockSize() {
+
+	return m_stream.getBlockSize();
+}
+
+
+// LFToCRLFFilteredOutputStream
+
+LFToCRLFFilteredOutputStream::LFToCRLFFilteredOutputStream(outputStream& os)
+	: m_stream(os),
+	m_previousChar('\0') {
+
+}
+
+
+outputStream& LFToCRLFFilteredOutputStream::getNextOutputStream() {
+
+	return m_stream;
+}
+
+
+void LFToCRLFFilteredOutputStream::writeImpl(const byte_t* const data, const size_t count)
+{
+	if (count == 0) {
+		return;
+	}
+
+	string buffer;
+	buffer.reserve(count);
+
+	const byte_t* pos = data;
+	const byte_t* end = data + count;
+
+	byte_t previousChar = m_previousChar;
+
+	while (pos < end) {
+
+		switch (*pos) {
+
+			case '\r':
+
+				buffer.append(1, '\r');
+				buffer.append(1, '\n');
+
+				break;
+
+			case '\n':
+
+				if (previousChar != '\r') {
+					buffer.append(1, '\r');
+					buffer.append(1, '\n');
+				}
+
+				break;
+
+			default:
+
+				buffer.append(1, *pos);
+				break;
+		}
+
+		previousChar = *pos;
+		++pos;
+	}
+
+	m_stream.write(&buffer[0], buffer.length());
+
+	m_previousChar = previousChar;
+}
+
+
+void LFToCRLFFilteredOutputStream::flush() {
+
+	m_stream.flush();
+}
+
+
+size_t LFToCRLFFilteredOutputStream::getBlockSize() {
+
+	return m_stream.getBlockSize();
+}
+
+
+// stopSequenceFilteredInputStream <1>
+
+template <>
+size_t stopSequenceFilteredInputStream <1>::read(byte_t* const data, const size_t count) {
+
+	if (eof() || m_stream.eof()) {
+		m_eof = true;
+		return 0;
+	}
+
+	const size_t read = m_stream.read(data, count);
+	byte_t* end = data + read;
+
+	byte_t* pos = std::find(data, end, m_sequence[0]);
+
+	if (pos == end) {
+
+		return read;
+
+	} else {
+
+		m_found = 1;
+		return pos - data;
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/filteredStream.hpp b/vmime-master/src/vmime/utility/filteredStream.hpp
new file mode 100644
index 0000000..2414c54
--- /dev/null
+++ b/vmime-master/src/vmime/utility/filteredStream.hpp
@@ -0,0 +1,405 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_FILTEREDSTREAM_HPP_INCLUDED
+#define VMIME_UTILITY_FILTEREDSTREAM_HPP_INCLUDED
+
+
+#include <algorithm>
+
+#include "vmime/utility/inputStream.hpp"
+#include "vmime/utility/outputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** A stream whose input is filtered.
+  */
+class VMIME_EXPORT filteredInputStream : public inputStream {
+public:
+
+	virtual size_t getBlockSize();
+
+	/** Return a reference to the stream being filtered.
+	  *
+	  * @return stream being filtered
+	  */
+	virtual inputStream& getPreviousInputStream() = 0;
+};
+
+
+/** A stream whose output is filtered.
+  */
+class VMIME_EXPORT filteredOutputStream : public outputStream {
+
+public:
+
+	virtual size_t getBlockSize();
+
+	/** Return a reference to the stream being filtered.
+	  *
+	  * @return destination stream for filtered data
+	  */
+	virtual outputStream& getNextOutputStream() = 0;
+};
+
+
+/** A filtered input stream which replaces "\n.."
+  * sequences with "\n." sequences.
+  */
+class VMIME_EXPORT dotFilteredInputStream : public filteredInputStream {
+
+public:
+
+	/** Construct a new filter for the specified input stream.
+	  *
+	  * @param is stream from which to read data to be filtered
+	  */
+	dotFilteredInputStream(inputStream& is);
+
+	inputStream& getPreviousInputStream();
+
+	bool eof() const;
+
+	void reset();
+
+	size_t read(byte_t* const data, const size_t count);
+
+	size_t skip(const size_t count);
+
+private:
+
+	inputStream& m_stream;
+
+	byte_t m_previousChar2; // (N - 1)th character of previous buffer
+	byte_t m_previousChar1; // (N)th (last) character of previous buffer
+};
+
+
+/** A filtered output stream which replaces "\n."
+  * sequences with "\n.." sequences.
+  */
+class VMIME_EXPORT dotFilteredOutputStream : public filteredOutputStream {
+
+public:
+
+	/** Construct a new filter for the specified output stream.
+	  *
+	  * @param os stream into which write filtered data
+	  */
+	dotFilteredOutputStream(outputStream& os);
+
+	outputStream& getNextOutputStream();
+
+	void flush();
+
+	size_t getBlockSize();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	outputStream& m_stream;
+	byte_t m_previousChar;
+	bool m_start;
+};
+
+
+/** A filtered output stream which replaces CRLF sequences
+  * with single LF characters.
+  */
+class VMIME_EXPORT CRLFToLFFilteredOutputStream : public filteredOutputStream {
+
+public:
+
+	/** Construct a new filter for the specified output stream.
+	  *
+	  * @param os stream into which write filtered data
+	  */
+	CRLFToLFFilteredOutputStream(outputStream& os);
+
+	outputStream& getNextOutputStream();
+
+	void flush();
+
+	size_t getBlockSize();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	outputStream& m_stream;
+	byte_t m_previousChar;
+};
+
+
+/** A filtered output stream which replaces CR or LF characters
+  * with CRLF sequences.
+  */
+class VMIME_EXPORT LFToCRLFFilteredOutputStream : public filteredOutputStream {
+
+public:
+
+	/** Construct a new filter for the specified output stream.
+	  *
+	  * @param os stream into which write filtered data
+	  */
+	LFToCRLFFilteredOutputStream(outputStream& os);
+
+	outputStream& getNextOutputStream();
+
+	void flush();
+
+	size_t getBlockSize();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	outputStream& m_stream;
+	byte_t m_previousChar;
+};
+
+
+/** A filtered input stream which stops when a specified sequence
+  * is found (eof() method will return 'true').
+  */
+template <int COUNT>
+class VMIME_EXPORT stopSequenceFilteredInputStream : public filteredInputStream {
+
+public:
+
+	/** Construct a new filter for the specified input stream.
+	  *
+	  * @param is stream from which to read data to be filtered
+	  * @param sequence sequence on which to stop
+	  */
+	stopSequenceFilteredInputStream(inputStream& is, const byte_t* sequence)
+		: m_stream(is),
+		  m_sequence(sequence),
+		  m_found(0),
+		  m_eof(false) {
+
+	}
+
+	/** Construct a new filter for the specified input stream.
+	  *
+	  * @param is stream from which to read data to be filtered
+	  * @param sequence sequence on which to stop
+	  */
+	stopSequenceFilteredInputStream(inputStream& is, const char* sequence)
+		: m_stream(is),
+		  m_sequence(reinterpret_cast <const byte_t*>(sequence)),
+		  m_found(0),
+		  m_eof(false) {
+
+	}
+
+	inputStream& getPreviousInputStream() {
+
+		return m_stream;
+	}
+
+	bool eof() const {
+
+		return m_found == COUNT || m_eof;
+	}
+
+	void reset() {
+
+		m_found = 0;
+		m_stream.reset();
+	}
+
+	size_t read(byte_t* const data, const size_t count) {
+
+		// Read buffer must be at least 'COUNT' size + 1 byte
+		if (eof() || count <= COUNT) {
+			return 0;
+		}
+
+		if (m_stream.eof()) {
+
+			if (m_found != 0) {
+
+				const size_t found = m_found;
+
+				for (size_t f = 0 ; f < found ; ++f) {
+					data[f] = m_sequence[f];
+				}
+
+				m_found = 0;
+				m_eof = true;
+
+				return found;
+
+			} else {
+
+				m_eof = true;
+				return 0;
+			}
+		}
+
+		size_t read = m_stream.read(data, count - COUNT);
+
+		byte_t* end = data + read;
+		byte_t* pos = data;
+
+		while (pos < end) {
+
+			// Very simple case, search for the whole sequence
+			if (m_found == 0) {
+
+				while (pos < end) {
+
+					pos = std::find(pos, end, m_sequence[0]);
+
+					if (pos == end) {
+						return read;
+					}
+
+					m_found = 1;
+					++pos;
+
+					while (pos < end && m_found < COUNT && m_sequence[m_found] == *pos) {
+						++m_found;
+						++pos;
+					}
+
+					// Didn't found whole sequence
+					if (m_found != COUNT) {
+
+						// We reached the end of the buffer
+						if (pos == end) {
+
+							return read - m_found;
+
+						// Common prefix but not whole sequence
+						} else {
+
+							m_found = 0;
+						}
+
+					// Whole sequence found
+					} else {
+
+						// End of stream
+						return pos - data - m_found;
+					}
+				}
+
+			// More complex case: search for a sequence which has begun
+			// in a previous buffer
+			} else {
+
+				// Search for the end of the previously started sequence
+				while (pos < end && m_found < COUNT && m_sequence[m_found] == *pos) {
+					++m_found;
+					++pos;
+				}
+
+				if (m_found != COUNT) {
+
+					// End of buffer
+					if (pos == end) {
+
+						// No data: this buffer is a sub-sequence of the
+						// searched sequence
+						return 0;
+
+					// Common prefix
+					} else {
+
+						// We have to reinject the incomplete sequence into
+						// the stream data
+
+						// -- shift right data
+						const size_t n = pos - data;
+
+						byte_t* newEnd = data + read + m_found - n;
+						byte_t* oldEnd = data + read;
+
+						for (size_t i = 0 ; i < read - n ; ++i) {
+
+							--newEnd;
+							--oldEnd;
+
+							*newEnd = *oldEnd;
+						}
+
+						// -- copy the prefix just before data
+						for (size_t f = 0 ; f < m_found ; ++f) {
+							data[f] = m_sequence[f];
+						}
+
+						read += m_found - n;
+						end += m_found - n;
+
+						m_found = 0;
+					}
+
+				} else {
+
+					return 0;  // no more data
+				}
+			}
+		}
+
+		return read;
+	}
+
+	size_t skip(const size_t /* count */) {
+
+		// Not supported
+		return 0;
+	}
+
+private:
+
+	inputStream& m_stream;
+
+	const byte_t* m_sequence;
+	size_t m_found;
+
+	bool m_eof;
+};
+
+
+template <>
+size_t stopSequenceFilteredInputStream <1>::read(byte_t* const data, const size_t count);
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_FILTEREDSTREAM_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/utility/inputStream.cpp b/vmime-master/src/vmime/utility/inputStream.cpp
new file mode 100644
index 0000000..916d8ba
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStream.cpp
@@ -0,0 +1,33 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+} // utility
+} // vmime
+
diff --git a/vmime-master/src/vmime/utility/inputStream.hpp b/vmime-master/src/vmime/utility/inputStream.hpp
new file mode 100644
index 0000000..0e1c2df
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStream.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAM_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAM_HPP_INCLUDED
+
+
+#include "vmime/utility/stream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Simple input stream.
+  */
+class VMIME_EXPORT inputStream : public stream {
+
+public:
+
+	/** Test for end of stream (no more data to read).
+	  *
+	  * @return true if we have reached the end of stream, false otherwise
+	  */
+	virtual bool eof() const = 0;
+
+	/** Set the read pointer to the beginning of the stream.
+	  *
+	  * @warning WARNING: this may not work for all stream types.
+	  */
+	virtual void reset() = 0;
+
+	/** Read data from the stream.
+	  *
+	  * @param data will receive the data read
+	  * @param count maximum number of bytes to read
+	  * @return number of bytes read
+	  */
+	virtual size_t read(byte_t* const data, const size_t count) = 0;
+
+	/** Skip a number of bytes.
+	  *
+	  * @param count maximum number of bytes to ignore
+	  * @return number of bytes skipped
+	  */
+	virtual size_t skip(const size_t count) = 0;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_INPUTSTREAM_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/utility/inputStreamAdapter.cpp b/vmime-master/src/vmime/utility/inputStreamAdapter.cpp
new file mode 100644
index 0000000..28be103
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamAdapter.cpp
@@ -0,0 +1,84 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+inputStreamAdapter::inputStreamAdapter(std::istream& is)
+	: m_stream(is) {
+
+}
+
+
+bool inputStreamAdapter::eof() const {
+
+	return m_stream.eof();
+}
+
+
+void inputStreamAdapter::reset() {
+
+	m_stream.exceptions(std::ios_base::badbit);
+	m_stream.seekg(0, std::ios::beg);
+	m_stream.clear();
+}
+
+
+size_t inputStreamAdapter::read(byte_t* const data, const size_t count) {
+
+	m_stream.exceptions(std::ios_base::badbit);
+	m_stream.read(reinterpret_cast <char*>(data), count);
+
+	return m_stream.gcount();
+}
+
+
+size_t inputStreamAdapter::skip(const size_t count) {
+
+	m_stream.exceptions(std::ios_base::badbit);
+	m_stream.ignore(count);
+
+	return m_stream.gcount();
+}
+
+
+size_t inputStreamAdapter::getPosition() const {
+
+	return m_stream.tellg();
+}
+
+
+void inputStreamAdapter::seek(const size_t pos) {
+
+	m_stream.clear();
+	m_stream.seekg(pos, std::ios_base::beg);
+}
+
+
+} // utility
+} // vmime
+
diff --git a/vmime-master/src/vmime/utility/inputStreamAdapter.hpp b/vmime-master/src/vmime/utility/inputStreamAdapter.hpp
new file mode 100644
index 0000000..340765c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamAdapter.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAMADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAMADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/seekableInputStream.hpp"
+
+#include <istream>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for C++ standard input streams.
+  */
+class VMIME_EXPORT inputStreamAdapter : public seekableInputStream {
+
+public:
+
+	/** @param is input stream to wrap
+	  */
+	inputStreamAdapter(std::istream& is);
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	std::istream& m_stream;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_INPUTSTREAMADAPTER_HPP_INCLUDED
+
diff --git a/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.cpp b/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.cpp
new file mode 100644
index 0000000..927215c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.cpp
@@ -0,0 +1,104 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStreamByteBufferAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+inputStreamByteBufferAdapter::inputStreamByteBufferAdapter(const byte_t* buffer, const size_t length)
+	: m_buffer(buffer),
+	  m_length(length),
+	  m_pos(0) {
+
+}
+
+
+bool inputStreamByteBufferAdapter::eof() const {
+
+	return m_pos >= m_length;
+}
+
+
+void inputStreamByteBufferAdapter::reset() {
+
+	m_pos = 0;
+}
+
+
+size_t inputStreamByteBufferAdapter::read(byte_t* const data, const size_t count) {
+
+	const size_t remaining = m_length - m_pos;
+
+	if (remaining < count) {
+
+		std::copy(m_buffer + m_pos, m_buffer + m_pos + remaining, data);
+		m_pos += remaining;
+
+		return remaining;
+
+	} else {
+
+		std::copy(m_buffer + m_pos, m_buffer + m_pos + count, data);
+		m_pos += count;
+
+		return count;
+	}
+}
+
+
+size_t inputStreamByteBufferAdapter::skip(const size_t count) {
+
+	const size_t remaining = m_length - m_pos;
+
+	if (remaining < count) {
+
+		m_pos += remaining;
+		return remaining;
+
+	} else {
+
+		m_pos += count;
+		return count;
+	}
+}
+
+
+size_t inputStreamByteBufferAdapter::getPosition() const {
+
+	return m_pos;
+}
+
+
+void inputStreamByteBufferAdapter::seek(const size_t pos) {
+
+	if (pos <= m_length) {
+		m_pos = pos;
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.hpp b/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.hpp
new file mode 100644
index 0000000..c9094c7
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamByteBufferAdapter.hpp
@@ -0,0 +1,63 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAMBYTEBUFFERADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAMBYTEBUFFERADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/seekableInputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for reading from an array of bytes.
+  */
+class VMIME_EXPORT inputStreamByteBufferAdapter : public seekableInputStream {
+
+public:
+
+	inputStreamByteBufferAdapter(const byte_t* buffer, size_t length);
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	const byte_t* m_buffer;
+	const size_t m_length;
+
+	size_t m_pos;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_INPUTSTREAMBYTEBUFFERADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/inputStreamPointerAdapter.cpp b/vmime-master/src/vmime/utility/inputStreamPointerAdapter.cpp
new file mode 100644
index 0000000..3f468d4
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamPointerAdapter.cpp
@@ -0,0 +1,48 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStreamPointerAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+inputStreamPointerAdapter::inputStreamPointerAdapter(std::istream* is, const bool own)
+	: inputStreamAdapter(*is),
+	  m_stream(is),
+	  m_own(own) {
+
+}
+
+
+inputStreamPointerAdapter::~inputStreamPointerAdapter() {
+
+	if (m_own) {
+		delete m_stream;
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/inputStreamPointerAdapter.hpp b/vmime-master/src/vmime/utility/inputStreamPointerAdapter.hpp
new file mode 100644
index 0000000..e48f9ce
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamPointerAdapter.hpp
@@ -0,0 +1,61 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAMPOINTERADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAMPOINTERADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/inputStreamAdapter.hpp"
+
+#include <istream>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for pointer to C++ standard input stream.
+  */
+class VMIME_EXPORT inputStreamPointerAdapter : public inputStreamAdapter {
+
+public:
+
+	/** @param is input stream to wrap
+	  * @param own if set to 'true', the pointer will be deleted when
+	  * this object is destroyed
+	  */
+	inputStreamPointerAdapter(std::istream* is, const bool own = true);
+	~inputStreamPointerAdapter();
+
+private:
+
+	std::istream* m_stream;
+	const bool m_own;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_INPUTSTREAMPOINTERADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/inputStreamSocketAdapter.cpp b/vmime-master/src/vmime/utility/inputStreamSocketAdapter.cpp
new file mode 100644
index 0000000..515906b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamSocketAdapter.cpp
@@ -0,0 +1,79 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStreamSocketAdapter.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/socket.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+inputStreamSocketAdapter::inputStreamSocketAdapter(net::socket& sok)
+	: m_socket(sok) {
+
+}
+
+
+bool inputStreamSocketAdapter::eof() const {
+
+	// Can't know...
+	return false;
+}
+
+
+void inputStreamSocketAdapter::reset() {
+
+	// Not supported
+}
+
+
+size_t inputStreamSocketAdapter::read(byte_t* const data, const size_t count) {
+
+	return m_socket.receiveRaw(data, count);
+}
+
+
+size_t inputStreamSocketAdapter::skip(const size_t /* count */) {
+
+	// Not supported
+	return 0;
+}
+
+
+size_t inputStreamSocketAdapter::getBlockSize() {
+
+	return m_socket.getBlockSize();
+}
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/utility/inputStreamSocketAdapter.hpp b/vmime-master/src/vmime/utility/inputStreamSocketAdapter.hpp
new file mode 100644
index 0000000..1650037
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamSocketAdapter.hpp
@@ -0,0 +1,75 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/inputStream.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+namespace vmime {
+namespace net {
+	class socket;  // forward reference
+} // net
+} // vmime
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An input stream that is connected to a socket.
+  */
+class VMIME_EXPORT inputStreamSocketAdapter : public inputStream {
+
+public:
+
+	inputStreamSocketAdapter(net::socket& sok);
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+
+	size_t getBlockSize();
+
+private:
+
+	inputStreamSocketAdapter(const inputStreamSocketAdapter&);
+
+	net::socket& m_socket;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_UTILITY_INPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/inputStreamStringAdapter.cpp b/vmime-master/src/vmime/utility/inputStreamStringAdapter.cpp
new file mode 100644
index 0000000..bf09a9b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamStringAdapter.cpp
@@ -0,0 +1,119 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+inputStreamStringAdapter::inputStreamStringAdapter(const string& buffer)
+	: m_buffer(buffer),
+	  m_begin(0),
+	  m_end(buffer.length()),
+	  m_pos(0) {
+
+}
+
+
+inputStreamStringAdapter::inputStreamStringAdapter(
+	const string& buffer,
+	const size_t begin,
+	const size_t end
+)
+	: m_buffer(buffer),
+	  m_begin(begin),
+	  m_end(end),
+	  m_pos(begin) {
+
+}
+
+
+bool inputStreamStringAdapter::eof() const {
+
+	return m_pos >= m_end;
+}
+
+
+void inputStreamStringAdapter::reset() {
+
+	m_pos = m_begin;
+}
+
+
+size_t inputStreamStringAdapter::read(byte_t* const data, const size_t count) {
+
+	if (m_pos + count >= m_end) {
+
+		const size_t remaining = m_end - m_pos;
+
+		std::copy(m_buffer.begin() + m_pos, m_buffer.end(), data);
+		m_pos = m_end;
+
+		return remaining;
+
+	} else {
+
+		std::copy(m_buffer.begin() + m_pos, m_buffer.begin() + m_pos + count, data);
+		m_pos += count;
+
+		return count;
+	}
+}
+
+
+size_t inputStreamStringAdapter::skip(const size_t count) {
+
+	if (m_pos + count >= m_end) {
+
+		const size_t remaining = m_end - m_pos;
+		m_pos = m_end;
+
+		return remaining;
+
+	} else {
+
+		m_pos += count;
+
+		return count;
+	}
+}
+
+
+size_t inputStreamStringAdapter::getPosition() const {
+
+	return m_pos - m_begin;
+}
+
+
+void inputStreamStringAdapter::seek(const size_t pos) {
+
+	if (m_begin + pos <= m_end) {
+		m_pos = m_begin + pos;
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/inputStreamStringAdapter.hpp b/vmime-master/src/vmime/utility/inputStreamStringAdapter.hpp
new file mode 100644
index 0000000..2c2cbb8
--- /dev/null
+++ b/vmime-master/src/vmime/utility/inputStreamStringAdapter.hpp
@@ -0,0 +1,66 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_INPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_INPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/seekableInputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for string input.
+  */
+class VMIME_EXPORT inputStreamStringAdapter : public seekableInputStream {
+
+public:
+
+	inputStreamStringAdapter(const string& buffer);
+	inputStreamStringAdapter(const string& buffer, const size_t begin, const size_t end);
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	inputStreamStringAdapter(const inputStreamStringAdapter&);
+
+	const string m_buffer;  // do _NOT_ keep a reference...
+	const size_t m_begin;
+	const size_t m_end;
+	size_t m_pos;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_INPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/outputStream.cpp b/vmime-master/src/vmime/utility/outputStream.cpp
new file mode 100644
index 0000000..b07fb07
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStream.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/outputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+void outputStream::write(const byte_t* const data, const size_t count) {
+
+	writeImpl(data, count);
+}
+
+
+void outputStream::write(const char* const data, const size_t count) {
+
+	writeImpl(reinterpret_cast <const byte_t*>(data), count);
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/outputStream.hpp b/vmime-master/src/vmime/utility/outputStream.hpp
new file mode 100644
index 0000000..318c1dd
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStream.hpp
@@ -0,0 +1,133 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_OUTPUTSTREAM_HPP_INCLUDED
+#define VMIME_UTILITY_OUTPUTSTREAM_HPP_INCLUDED
+
+
+#include "vmime/utility/stream.hpp"
+
+
+#if defined(_MSC_VER) && (_MSC_VER <= 1200)  // VC++6
+#	include <cstring>
+#endif
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Simple output stream.
+  */
+class VMIME_EXPORT outputStream : public stream {
+
+public:
+
+	/** Write data to the stream.
+	  *
+	  * @param data buffer containing data to write
+	  * @param count number of bytes to write
+	  */
+	void write(const byte_t* const data, const size_t count);
+
+	/** Write data to the stream.
+	  *
+	  * @param data buffer containing data to write
+	  * @param count number of bytes to write
+	  */
+	void write(const char* const data, const size_t count);
+
+	/** Write data to the stream.
+	  *
+	  * @param data buffer containing data to write
+	  * @param N number of bytes to write, including terminating
+	  * null (value is induced by compiler)
+	  */
+	template <int N>
+	void write(const char (&data)[N]) {
+
+		write(data, N - 1);
+	}
+
+	/** Flush this output stream and forces any buffered output
+	  * bytes to be written out to the stream.
+	  */
+	virtual void flush() = 0;
+
+protected:
+
+	/** Write data to the stream.
+	  * This is the method to be implemented is subclasses.
+	  *
+	  * @param data buffer containing data to write
+	  * @param count number of bytes to write
+	  */
+	virtual void writeImpl(const byte_t* const data, const size_t count) = 0;
+};
+
+
+// Helpers functions
+
+VMIME_EXPORT outputStream& operator<<(outputStream& os, const string& str);
+VMIME_EXPORT outputStream& operator<<(outputStream& os, const byte_t c);
+
+
+#if defined(_MSC_VER) && (_MSC_VER <= 1200)  // Internal compiler error with VC++6
+
+inline outputStream& operator<<(outputStream& os, const char* str) {
+
+	os.write(reinterpret_cast <const byte_t*>(str), ::strlen(str));
+	return os;
+}
+
+#else
+
+template <int N>
+outputStream& operator<<(outputStream& os, const char (&str)[N]) {
+
+	os.write(reinterpret_cast <const byte_t*>(str), N - 1);
+	return os;
+}
+
+#endif // defined(_MSC_VER) && (_MSC_VER <= 1200)
+
+
+template <typename T>
+outputStream& operator<<(outputStream& os, const T& t) {
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());  // no formatting
+
+	oss << t;
+
+	os << oss.str();
+
+	return os;
+}
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_OUTPUTSTREAM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/outputStreamAdapter.cpp b/vmime-master/src/vmime/utility/outputStreamAdapter.cpp
new file mode 100644
index 0000000..7455691
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamAdapter.cpp
@@ -0,0 +1,52 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+outputStreamAdapter::outputStreamAdapter(std::ostream& os)
+	: m_stream(os) {
+
+}
+
+
+void outputStreamAdapter::writeImpl(const byte_t* const data, const size_t count) {
+
+	m_stream.exceptions(std::ios_base::badbit);
+	m_stream.write(reinterpret_cast <const char*>(data), count);
+}
+
+
+void outputStreamAdapter::flush() {
+
+	m_stream.exceptions(std::ios_base::badbit);
+	m_stream.flush();
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/outputStreamAdapter.hpp b/vmime-master/src/vmime/utility/outputStreamAdapter.hpp
new file mode 100644
index 0000000..35c5cde
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamAdapter.hpp
@@ -0,0 +1,63 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_OUTPUTSTREAMADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_OUTPUTSTREAMADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/outputStream.hpp"
+
+#include <ostream>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for C++ standard output streams.
+  */
+class VMIME_EXPORT outputStreamAdapter : public outputStream {
+
+public:
+
+	/** @param os output stream to wrap
+	  */
+	outputStreamAdapter(std::ostream& os);
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	std::ostream& m_stream;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_OUTPUTSTREAMADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.cpp b/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.cpp
new file mode 100644
index 0000000..a38bd79
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.cpp
@@ -0,0 +1,50 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/outputStreamByteArrayAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+outputStreamByteArrayAdapter::outputStreamByteArrayAdapter(byteArray& array)
+	: m_array(array) {
+
+}
+
+
+void outputStreamByteArrayAdapter::writeImpl(const byte_t* const data, const size_t count) {
+
+	m_array.insert(m_array.end(), data, data + count);
+}
+
+
+void outputStreamByteArrayAdapter::flush() {
+
+	// Do nothing
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.hpp b/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.hpp
new file mode 100644
index 0000000..f36ff9c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamByteArrayAdapter.hpp
@@ -0,0 +1,59 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_OUTPUTSTREAMBYTEARRAYADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_OUTPUTSTREAMBYTEARRAYADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/outputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for byte array output.
+  */
+class VMIME_EXPORT outputStreamByteArrayAdapter : public outputStream {
+
+public:
+
+	outputStreamByteArrayAdapter(byteArray& array);
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	byteArray& m_array;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_OUTPUTSTREAMBYTEARRAYADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/outputStreamSocketAdapter.cpp b/vmime-master/src/vmime/utility/outputStreamSocketAdapter.cpp
new file mode 100644
index 0000000..cd82c44
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamSocketAdapter.cpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/outputStreamSocketAdapter.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+#include "vmime/net/socket.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+outputStreamSocketAdapter::outputStreamSocketAdapter(net::socket& sok)
+	: m_socket(sok) {
+
+}
+
+
+void outputStreamSocketAdapter::writeImpl(const byte_t* const data, const size_t count) {
+
+	m_socket.sendRaw(data, count);
+}
+
+
+void outputStreamSocketAdapter::flush() {
+
+	// Do nothing
+}
+
+
+size_t outputStreamSocketAdapter::getBlockSize() {
+
+	return m_socket.getBlockSize();
+}
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
diff --git a/vmime-master/src/vmime/utility/outputStreamSocketAdapter.hpp b/vmime-master/src/vmime/utility/outputStreamSocketAdapter.hpp
new file mode 100644
index 0000000..4fb199b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamSocketAdapter.hpp
@@ -0,0 +1,76 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_OUTPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_OUTPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/outputStream.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES
+
+
+namespace vmime {
+namespace net {
+	class socket;  // forward reference
+} // net
+} // vmime
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An output stream that is connected to a socket.
+  */
+class VMIME_EXPORT outputStreamSocketAdapter : public outputStream {
+
+public:
+
+	outputStreamSocketAdapter(net::socket& sok);
+
+	void flush();
+
+	size_t getBlockSize();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	outputStreamSocketAdapter(const outputStreamSocketAdapter&);
+
+	net::socket& m_socket;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+
+#endif // VMIME_UTILITY_OUTPUTSTREAMSOCKETADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/outputStreamStringAdapter.cpp b/vmime-master/src/vmime/utility/outputStreamStringAdapter.cpp
new file mode 100644
index 0000000..12c809c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamStringAdapter.cpp
@@ -0,0 +1,52 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+outputStreamStringAdapter::outputStreamStringAdapter(string& buffer)
+	: m_buffer(buffer) {
+
+}
+
+
+void outputStreamStringAdapter::writeImpl(const byte_t* const data, const size_t count) {
+
+	vmime::utility::stringUtils::appendBytesToString(m_buffer, data, count);
+}
+
+
+void outputStreamStringAdapter::flush() {
+
+	// Do nothing
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/outputStreamStringAdapter.hpp b/vmime-master/src/vmime/utility/outputStreamStringAdapter.hpp
new file mode 100644
index 0000000..a29e2cb
--- /dev/null
+++ b/vmime-master/src/vmime/utility/outputStreamStringAdapter.hpp
@@ -0,0 +1,59 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_OUTPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_OUTPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/outputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class for string output.
+  */
+class VMIME_EXPORT outputStreamStringAdapter : public outputStream {
+
+public:
+
+	outputStreamStringAdapter(string& buffer);
+
+	void flush();
+
+protected:
+
+	void writeImpl(const byte_t* const data, const size_t count);
+
+private:
+
+	string& m_buffer;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_OUTPUTSTREAMSTRINGADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/parserInputStreamAdapter.cpp b/vmime-master/src/vmime/utility/parserInputStreamAdapter.cpp
new file mode 100644
index 0000000..98bbe60
--- /dev/null
+++ b/vmime-master/src/vmime/utility/parserInputStreamAdapter.cpp
@@ -0,0 +1,175 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/parserInputStreamAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+parserInputStreamAdapter::parserInputStreamAdapter(const shared_ptr <seekableInputStream>& stream)
+	: m_stream(stream) {
+
+}
+
+
+bool parserInputStreamAdapter::eof() const {
+
+	return m_stream->eof();
+}
+
+
+void parserInputStreamAdapter::reset() {
+
+	m_stream->reset();
+}
+
+
+size_t parserInputStreamAdapter::read(byte_t* const data, const size_t count) {
+
+	return m_stream->read(data, count);
+}
+
+
+shared_ptr <seekableInputStream> parserInputStreamAdapter::getUnderlyingStream() {
+
+	return m_stream;
+}
+
+
+const string parserInputStreamAdapter::extract(const size_t begin, const size_t end) const {
+
+	const size_t initialPos = m_stream->getPosition();
+
+	byte_t *buffer = NULL;
+
+	try {
+
+		buffer = new byte_t[end - begin + 1];
+
+		m_stream->seek(begin);
+
+		const size_t readBytes = m_stream->read(buffer, end - begin);
+		buffer[readBytes] = '\0';
+
+		m_stream->seek(initialPos);
+
+		string str(buffer, buffer + readBytes);
+		delete [] buffer;
+
+		return str;
+
+	} catch (...) {
+
+		delete [] buffer;
+
+		m_stream->seek(initialPos);
+		throw;
+	}
+}
+
+
+size_t parserInputStreamAdapter::findNext(
+	const string& token,
+	const size_t startPosition
+) {
+
+	static const unsigned int BUFFER_SIZE = 4096;
+
+	// Token must not be longer than BUFFER_SIZE/2
+	if (token.empty() || token.length() > BUFFER_SIZE / 2) {
+		return npos;
+	}
+
+	const size_t initialPos = getPosition();
+
+	seek(startPosition);
+
+	try {
+
+		byte_t findBuffer[BUFFER_SIZE];
+		byte_t* findBuffer1 = findBuffer;
+		byte_t* findBuffer2 = findBuffer + (BUFFER_SIZE / 2);
+
+		size_t findBufferLen = 0;
+		size_t findBufferOffset = 0;
+
+		bool isEOF = false;
+
+		// Fill in initial buffer
+		findBufferLen = read(findBuffer, BUFFER_SIZE);
+
+		while (findBufferLen != 0) {
+
+			// Find token
+			for (byte_t *begin = findBuffer, *end = findBuffer + findBufferLen - token.length() ;
+			     begin <= end ; ++begin) {
+
+				if (begin[0] == token[0] &&
+				    (token.length() == 1 ||
+				     memcmp(static_cast <const void *>(&begin[1]),
+				            static_cast <const void *>(token.data() + 1),
+				            token.length() - 1) == 0)) {
+
+					seek(initialPos);
+
+					return startPosition + findBufferOffset + (begin - findBuffer);
+				}
+			}
+
+			// Rotate buffer
+			memcpy(findBuffer1, findBuffer2, (BUFFER_SIZE / 2));
+
+			// Read more bytes
+			if (findBufferLen < BUFFER_SIZE && (eof() || isEOF)) {
+
+				break;
+
+			} else {
+
+				const size_t bytesRead = read(findBuffer2, BUFFER_SIZE / 2);
+
+				if (bytesRead == 0) {
+					isEOF = true;
+				}
+
+				findBufferLen = (BUFFER_SIZE / 2) + bytesRead;
+				findBufferOffset += (BUFFER_SIZE / 2);
+			}
+		}
+
+		seek(initialPos);
+
+	} catch (...) {
+
+		seek(initialPos);
+		throw;
+	}
+
+	return npos;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/parserInputStreamAdapter.hpp b/vmime-master/src/vmime/utility/parserInputStreamAdapter.hpp
new file mode 100644
index 0000000..e448d29
--- /dev/null
+++ b/vmime-master/src/vmime/utility/parserInputStreamAdapter.hpp
@@ -0,0 +1,172 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_PARSERINPUTSTREAMADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_PARSERINPUTSTREAMADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/seekableInputStream.hpp"
+
+#include <cstring>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter class used for parsing from an input stream.
+  */
+class VMIME_EXPORT parserInputStreamAdapter : public seekableInputStream {
+
+public:
+
+	/** @param stream input stream to wrap
+	  */
+	parserInputStreamAdapter(const shared_ptr <seekableInputStream>& stream);
+
+	shared_ptr <seekableInputStream> getUnderlyingStream();
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+
+	void seek(const size_t pos) {
+
+		m_stream->seek(pos);
+	}
+
+	size_t skip(const size_t count) {
+
+		return m_stream->skip(count);
+	}
+
+	size_t getPosition() const {
+
+		return m_stream->getPosition();
+	}
+
+	/** Get the byte at the current position without updating the
+	  * current position.
+	  *
+	  * @return byte at the current position
+	  */
+	byte_t peekByte() const {
+
+		const size_t initialPos = m_stream->getPosition();
+
+		try {
+
+			byte_t buffer[1];
+			const size_t readBytes = m_stream->read(buffer, 1);
+
+			m_stream->seek(initialPos);
+
+			return (readBytes == 1 ? buffer[0] : static_cast <byte_t>(0));
+
+		} catch (...) {
+
+			m_stream->seek(initialPos);
+			throw;
+		}
+	}
+
+	/** Get the byte at the current position and advance current
+	  * position by one byte.
+	  *
+	  * @return byte at the current position
+	  */
+	byte_t getByte() {
+
+		byte_t buffer[1];
+		const size_t readBytes = m_stream->read(buffer, 1);
+
+		return readBytes == 1 ? buffer[0] : static_cast <byte_t>(0);
+	}
+
+	/** Check whether the bytes following the current position match
+	  * the specified bytes. Position is not updated.
+	  *
+	  * @param bytes bytes to compare
+	  * @param length number of bytes
+	  * @return true if the next bytes match the pattern, false otherwise
+	  */
+	template <typename T>
+	bool matchBytes(const T* bytes, const size_t length) const {
+
+		const size_t initialPos = m_stream->getPosition();
+
+		try {
+
+			byte_t buffer[32];
+			const size_t readBytes = m_stream->read(buffer, length);
+
+			m_stream->seek(initialPos);
+
+			return readBytes == length && ::memcmp(bytes, buffer, length) == 0;
+
+		} catch (...) {
+
+			m_stream->seek(initialPos);
+			throw;
+		}
+	}
+
+	const string extract(const size_t begin, const size_t end) const;
+
+	/** Skips bytes matching a predicate from the current position.
+	  * The current position is updated to the next following byte
+	  * which does not match the predicate.
+	  *
+	  * @param pred predicate
+	  * @param endPosition stop at this position (or at end of the stream,
+	  * whichever comes first)
+	  * @return number of bytes skipped
+	  */
+	template <typename PREDICATE>
+	size_t skipIf(PREDICATE pred, const size_t endPosition) {
+
+		const size_t initialPos = getPosition();
+		size_t pos = initialPos;
+
+		while (!m_stream->eof() && pos < endPosition && pred(getByte())) {
+			++pos;
+		}
+
+		m_stream->seek(pos);
+
+		return pos - initialPos;
+	}
+
+	size_t findNext(const string& token, const size_t startPosition = 0);
+
+private:
+
+	mutable shared_ptr <seekableInputStream> m_stream;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_PARSERINPUTSTREAMADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/path.cpp b/vmime-master/src/vmime/utility/path.cpp
new file mode 100644
index 0000000..0c70f11
--- /dev/null
+++ b/vmime-master/src/vmime/utility/path.cpp
@@ -0,0 +1,324 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/path.hpp"
+
+#include <algorithm>
+
+
+namespace vmime {
+namespace utility {
+
+
+path::path() {
+
+}
+
+
+path::path(const component& c) {
+
+	m_list.push_back(c);
+}
+
+
+path::path(const path& p)
+	: object() {
+
+	m_list.resize(p.m_list.size());
+	std::copy(p.m_list.begin(), p.m_list.end(), m_list.begin());
+}
+
+
+path::path(const string& s) {
+
+	m_list.push_back(component(s));
+}
+
+
+path path::operator/(const path& p) const {
+
+	path pr(*this);
+	pr /= p;
+
+	return pr;
+}
+
+
+path path::operator/(const component& c) const {
+
+	path pr(*this);
+	pr /= c;
+
+	return pr;
+}
+
+
+path& path::operator/=(const path& p) {
+
+	const list::size_type size = m_list.size();
+
+	m_list.resize(size + p.m_list.size());
+	std::copy(p.m_list.begin(), p.m_list.end(), m_list.begin() + size);
+
+	return *this;
+}
+
+
+path& path::operator/=(const component& c) {
+
+	m_list.push_back(c);
+	return *this;
+}
+
+
+path path::getParent() const {
+
+	path p;
+
+	if (!isEmpty()) {
+		p.m_list.resize(m_list.size() - 1);
+		std::copy(m_list.begin(), m_list.end() - 1, p.m_list.begin());
+	}
+
+	return p;
+}
+
+
+path& path::operator=(const path& p) {
+
+	m_list.resize(p.m_list.size());
+	std::copy(p.m_list.begin(), p.m_list.end(), m_list.begin());
+
+	return *this;
+}
+
+
+path& path::operator=(const component& c) {
+
+	m_list.resize(1);
+	m_list[0] = c;
+
+	return *this;
+}
+
+
+bool path::operator==(const path& p) const {
+
+	if (m_list.size() != p.m_list.size()) {
+		return (false);
+	}
+
+	list::const_iterator i = m_list.begin();
+	list::const_iterator j = p.m_list.begin();
+
+	bool equal = true;
+
+	for ( ; equal && i != m_list.end() ; ++i, ++j) {
+		equal = ((*i).isEquivalent(*j));
+	}
+
+	return equal;
+}
+
+
+bool path::operator!=(const path& p) const {
+
+	return !(*this == p);
+}
+
+
+bool path::isEmpty() const {
+
+	return m_list.empty();
+}
+
+
+bool path::isRoot() const {
+
+	return m_list.empty();
+}
+
+
+const path::component path::getLastComponent() const {
+
+	return m_list[m_list.size() - 1];
+}
+
+
+path::component& path::getLastComponent() {
+
+	return m_list[m_list.size() - 1];
+}
+
+
+size_t path::getSize() const {
+
+	return m_list.size();
+}
+
+
+const path::component& path::operator[](const size_t x) const {
+
+	return m_list[x];
+}
+
+
+path::component& path::operator[](const size_t x) {
+
+	return m_list[x];
+}
+
+
+bool path::isDirectParentOf(const path& p) const {
+
+	if (p.getSize() != getSize() + 1) {
+		return false;
+	}
+
+	bool equal = true;
+
+	for (list::size_type i = 0 ; equal && i < m_list.size() ; ++i) {
+		equal = (m_list[i].isEquivalent(p.m_list[i]));
+	}
+
+	return equal;
+}
+
+
+bool path::isParentOf(const path& p) const {
+
+	if (p.getSize() < getSize() + 1) {
+		return false;
+	}
+
+	bool equal = true;
+
+	for (list::size_type i = 0 ; equal && i < m_list.size() ; ++i) {
+		equal = (m_list[i].isEquivalent(p.m_list[i]));
+	}
+
+	return equal;
+}
+
+
+void path::renameParent(const path& oldPath, const path& newPath) {
+
+	if (isEmpty() || oldPath.getSize() > getSize()) {
+		return;
+	}
+
+	bool equal = true;
+	list::size_type i;
+
+	for (i = 0 ; equal && i < oldPath.m_list.size() ; ++i) {
+		equal = (m_list[i].isEquivalent(oldPath.m_list[i]));
+	}
+
+	if (i != oldPath.m_list.size())
+		return;
+
+	list newList;
+
+	for (list::size_type j = 0 ; j < newPath.m_list.size() ; ++j) {
+		newList.push_back(newPath.m_list[j]);
+	}
+
+	for (list::size_type j = i ; j < m_list.size() ; ++j) {
+		newList.push_back(m_list[j]);
+	}
+
+	m_list.resize(newList.size());
+	std::copy(newList.begin(), newList.end(), m_list.begin());
+}
+
+
+void path::appendComponent(const path::component& c) {
+
+	m_list.push_back(c);
+}
+
+
+const path::component& path::getComponentAt(const size_t pos) const {
+
+	return m_list[pos];
+}
+
+
+path::component& path::getComponentAt(const size_t pos) {
+
+	return m_list[pos];
+}
+
+
+// static
+path path::fromString(const string& str, const string& sep, const charset& cset) {
+
+	path p;
+
+	size_t start = 0;
+	size_t end = 0;
+
+	do {
+
+		end = str.find(sep, start);
+
+		string comp;
+
+		if (end == string::npos) {
+			comp = str.substr(start);
+		} else {
+			comp = str.substr(start, end - start);
+		}
+
+		// Skip leading or trailing separators
+		if (comp.length()) {
+		   p.appendComponent(component(comp, cset));
+		}
+
+		start = end + 1;
+
+	} while (end != string::npos);
+
+	return p;
+}
+
+
+const string path::toString(const string& sep, const charset& cset) const {
+
+	string str;
+
+	for (size_t i = 0 ; i < m_list.size() ; ++i) {
+
+		if (i != 0) {
+			str += sep;
+		}
+
+		str += m_list[i].getConvertedText(cset);
+	}
+
+	return str;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/path.hpp b/vmime-master/src/vmime/utility/path.hpp
new file mode 100644
index 0000000..f1f1514
--- /dev/null
+++ b/vmime-master/src/vmime/utility/path.hpp
@@ -0,0 +1,189 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_PATH_HPP_INCLUDED
+#define VMIME_UTILITY_PATH_HPP_INCLUDED
+
+
+#include <vector>
+
+#include "vmime/types.hpp"
+#include "vmime/word.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Abstract representation of a path (filesystem, mailbox, etc).
+  */
+class VMIME_EXPORT path : public object {
+
+public:
+
+	typedef vmime::word component;
+	typedef std::vector <component> list;
+
+	// Construct a path
+	path();
+	path(const component& c);
+	path(const path& p);
+	explicit path(const string& s);
+
+	// Append a component to a path
+	path operator/(const path& p) const;
+	path operator/(const component& c) const;
+
+	path& operator/=(const path& p);
+	path& operator/=(const component& c);
+
+	// Return the parent path
+	path getParent() const;
+
+	// Assignment
+	path& operator=(const path& p);
+	path& operator=(const component& c);
+
+	// Path comparison
+	bool operator==(const path& p) const;
+	bool operator!=(const path& p) const;
+
+	/** Append a component to the path.
+	  *
+	  * @param c component to add
+	  */
+	void appendComponent(const component& c);
+
+	/** Return the component at the specified position.
+	  *
+	  * @param pos position
+	  * @return component at position 'pos'
+	  */
+	const component& getComponentAt(const size_t pos) const;
+
+	/** Return the component at the specified position.
+	  *
+	  * @param pos position
+	  * @return component at position 'pos'
+	  */
+	component& getComponentAt(const size_t pos);
+
+	/** Test whether this path is empty (root).
+	  *
+	  * @return true if the path is empty (no components = root)
+	  */
+	bool isEmpty() const;
+
+	/** Test whether this path is the root (alias for isEmpty()).
+	  *
+	  * @return true if the path is the root
+	  */
+	bool isRoot() const;
+
+	/** Return the last component of this path (const version).
+	  *
+	  * @return last component
+	  */
+	const component getLastComponent() const;
+
+	/** Return the last component of this path (non-const version).
+	  *
+	  * @return last component
+	  */
+	component& getLastComponent();
+
+	/** Return the number of components in this path.
+	  *
+	  * @return number of components
+	  */
+	size_t getSize() const;
+
+	/** Return the specified component of the path (const version).
+	  *
+	  * @param x index of the component
+	  * @return component at the specified index
+	  */
+	const component& operator[](const size_t x) const;
+
+	/** Return the specified component of the path (non-const version).
+	  *
+	  * @param x index of the component
+	  * @return component at the specified index
+	  */
+	component& operator[](const size_t x);
+
+	/** Test whether this path is a direct parent of another one.
+	  *
+	  * @param p other path
+	  * @return true if the specified path is a child
+	  * of this path, false otherwise
+	  */
+	bool isDirectParentOf(const path& p) const;
+
+	/** Test whether this path is a parent of another one.
+	  *
+	  * @param p other path
+	  * @return true if the specified path is a child (direct or
+	  * indirect) of this path, false otherwise
+	  */
+	bool isParentOf(const path& p) const;
+
+	/** Rename a parent component in the path.
+	  * Example: path("a/b/c/d").renameParent("a/b", "x/y/z")
+	  * will return path("x/y/z/c/d").
+	  *
+	  * @param oldPath old parent path
+	  * @param newPath new parent path
+	  */
+	void renameParent(const path& oldPath, const path& newPath);
+
+	/** Construct a new path from a string.
+	  *
+	  * @param str string representation of the path
+	  * @param sep separator string (eg: "/")
+	  * @param cset charset in which the path is encoded (use the value returned by
+	  * vmime::charset::getLocalCharset() to use the default charset of your system)
+	  * @return a new path corresponding to the specified string
+	  */
+	static path fromString(const string& str, const string& sep, const charset& cset);
+
+	/** Returns a string representation of this path.
+	  *
+	  * @param sep separator string (eg: "/")
+	  * @param cset charset in which to encode the components (use the value returned by
+	  * vmime::charset::getLocalCharset() to use the default charset of your system)
+	  * @return a string representing this path
+	  */
+	const string toString(const string& sep, const charset& cset) const;
+
+private:
+
+	list m_list;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_PATH_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/progressListener.cpp b/vmime-master/src/vmime/utility/progressListener.cpp
new file mode 100644
index 0000000..cc4969c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/progressListener.cpp
@@ -0,0 +1,78 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+// progressListenerSizeAdapter
+
+progressListenerSizeAdapter::progressListenerSizeAdapter(
+	progressListener* list,
+	const size_t total
+)
+	: m_wrapped(list),
+	  m_total(total) {
+
+}
+
+
+void progressListenerSizeAdapter::start(const size_t predictedTotal) {
+
+	if (m_wrapped) {
+		m_wrapped->start(predictedTotal);
+	}
+}
+
+
+void progressListenerSizeAdapter::progress(const size_t current, const size_t currentTotal) {
+
+	if (m_wrapped) {
+
+		if (currentTotal > m_total) {
+			m_total = currentTotal;
+		}
+
+		m_wrapped->progress(current, m_total);
+	}
+}
+
+
+void progressListenerSizeAdapter::stop(const size_t total) {
+
+	if (m_wrapped) {
+
+		if (total > m_total) {
+			m_total = total;
+		}
+
+		m_wrapped->stop(m_total);
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/progressListener.hpp b/vmime-master/src/vmime/utility/progressListener.hpp
new file mode 100644
index 0000000..18b4e4d
--- /dev/null
+++ b/vmime-master/src/vmime/utility/progressListener.hpp
@@ -0,0 +1,99 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_PROGRESSLISTENER_HPP_INCLUDED
+#define VMIME_UTILITY_PROGRESSLISTENER_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An interface to implement if you want to be notified
+  * of a state of progress by some objects.
+  */
+class VMIME_EXPORT progressListener {
+
+protected:
+
+	virtual ~progressListener() { }
+
+public:
+
+	/** Called at the beginning of the operation.
+	  *
+	  * @param predictedTotal predicted amount of units (this has
+	  * no concrete meaning: these are not bytes, nor percentage...)
+	  */
+	virtual void start(const size_t predictedTotal) = 0;
+
+	/** Called during the operation (can be called several times).
+	  *
+	  * @param current current position
+	  * @param currentTotal adjusted total amount of units
+	  */
+	virtual void progress(const size_t current, const size_t currentTotal) = 0;
+
+	/** Called at the end of the operation.
+	  *
+	  * @param total final total amount of units
+	  */
+	virtual void stop(const size_t total) = 0;
+};
+
+
+
+/** A progress listener used when total size is known by the
+  * receiver, but not by the notifier.
+  */
+class VMIME_EXPORT progressListenerSizeAdapter : public progressListener {
+
+public:
+
+	/** Construct a new progressListenerSizeAdapter object.
+	  *
+	  * @param list wrapped progress listener (can be NULL)
+	  * @param total predicted total
+	  */
+	progressListenerSizeAdapter(progressListener* list, const size_t total);
+
+	void start(const size_t predictedTotal);
+	void progress(const size_t current, const size_t currentTotal);
+	void stop(const size_t total);
+
+private:
+
+	progressListener* m_wrapped;
+	size_t m_total;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_PROGRESSLISTENER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/random.cpp b/vmime-master/src/vmime/utility/random.cpp
new file mode 100644
index 0000000..055122b
--- /dev/null
+++ b/vmime-master/src/vmime/utility/random.cpp
@@ -0,0 +1,90 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/random.hpp"
+#include "vmime/platform.hpp"
+
+#include <ctime>
+
+
+namespace vmime {
+namespace utility {
+
+
+static unsigned int getRandomSeed() {
+
+	unsigned int seed;
+
+	platform::getHandler()->generateRandomBytes(
+		reinterpret_cast <unsigned char*>(&seed), sizeof(seed)
+	);
+
+	return seed;
+}
+
+
+unsigned int random::getNext() {
+
+	static unsigned int next = getRandomSeed();
+
+	// Park and Miller's minimal standard generator:
+	// xn+1 = (a * xn + b) mod c
+	// xn+1 = (16807 * xn) mod (2^31 - 1)
+	next = static_cast<unsigned int>((16807 * next) % 2147483647ul);
+	return next;
+}
+
+
+unsigned int random::getTime() {
+
+	return static_cast <unsigned int>((platform::getHandler()->getUnixTime()));
+}
+
+
+unsigned int random::getProcess() {
+
+	return platform::getHandler()->getProcessId();
+}
+
+
+const string random::getString(const size_t length, const string& randomChars) {
+
+	string res;
+	res.resize(length);
+
+	const unsigned int x = static_cast <unsigned int>(randomChars.length());
+	size_t c = 0;
+
+	while (c < length) {
+
+		for (unsigned int n = random::getNext() ; n != 0 && c < length ; n /= x) {
+			res[c++] = randomChars[n % x];
+		}
+	}
+
+	return res;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/random.hpp b/vmime-master/src/vmime/utility/random.hpp
new file mode 100644
index 0000000..21f4949
--- /dev/null
+++ b/vmime-master/src/vmime/utility/random.hpp
@@ -0,0 +1,78 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_RANDOM_HPP_INCLUDED
+#define VMIME_UTILITY_RANDOM_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Pseudo-random number generator.
+  */
+class random {
+
+public:
+
+	/** Return a new random number.
+	  *
+	  * @return random number
+	  */
+	static unsigned int getNext();
+
+	/** Return the current time as a number (may be used to
+	  * build "random" strings).
+	  *
+	  * @return time as a number
+	  */
+	static unsigned int getTime();
+
+	/** Return the current process number (may be user to
+	  * build "random" strings).
+	  *
+	  * @return process number
+	  */
+	static unsigned int getProcess();
+
+	/** Return a random character string with the specified length.
+	  *
+	  * @param length length of the string to generate
+	  * @param randomChars list of characters to use
+	  * @return random string
+	  */
+	static const string getString(
+		const size_t length,
+		const string& randomChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	);
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_RANDOM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/seekableInputStream.hpp b/vmime-master/src/vmime/utility/seekableInputStream.hpp
new file mode 100644
index 0000000..181e904
--- /dev/null
+++ b/vmime-master/src/vmime/utility/seekableInputStream.hpp
@@ -0,0 +1,62 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_SEEKABLEINPUTSTREAM_HPP_INCLUDED
+#define VMIME_UTILITY_SEEKABLEINPUTSTREAM_HPP_INCLUDED
+
+
+#include "vmime/utility/inputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An input stream that allows seeking within the input.
+  */
+class VMIME_EXPORT seekableInputStream : public inputStream {
+
+public:
+
+	/** Returns the current position in this stream.
+	  *
+	  * @return the offset from the beginning of the stream, in bytes,
+	  * at which the next read occurs
+	  */
+	virtual size_t getPosition() const = 0;
+
+	/** Sets the position, measured from the beginning of this stream,
+	  * at which the next read occurs.
+	  *
+	  * @param pos the offset position, measured in bytes from the
+	  * beginning of the stream, at which to set the stream pointer.
+	  */
+	virtual void seek(const size_t pos) = 0;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_SEEKABLEINPUTSTREAM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.cpp b/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.cpp
new file mode 100644
index 0000000..3272366
--- /dev/null
+++ b/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.cpp
@@ -0,0 +1,111 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/seekableInputStreamRegionAdapter.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+seekableInputStreamRegionAdapter::seekableInputStreamRegionAdapter(
+	const shared_ptr <seekableInputStream>& stream,
+	const size_t begin,
+	const size_t length
+)
+	: m_stream(stream),
+	  m_begin(begin),
+	  m_length(length),
+	  m_position(0) {
+
+}
+
+
+bool seekableInputStreamRegionAdapter::eof() const {
+
+	return m_position >= m_length;
+}
+
+
+void seekableInputStreamRegionAdapter::reset() {
+
+	m_position = 0;
+}
+
+
+size_t seekableInputStreamRegionAdapter::read(byte_t* const data, const size_t count) {
+
+	m_stream->seek(m_begin + m_position);
+
+	size_t readBytes = 0;
+
+	if (m_position + count >= m_length) {
+
+		const size_t remaining = m_length - m_position;
+		readBytes = m_stream->read(data, remaining);
+
+	} else {
+
+		readBytes = m_stream->read(data, count);
+	}
+
+	m_position += readBytes;
+
+	return readBytes;
+}
+
+
+size_t seekableInputStreamRegionAdapter::skip(const size_t count) {
+
+	if (m_position + count >= m_length) {
+
+		const size_t remaining = m_length - m_position;
+		m_position += remaining;
+		return remaining;
+
+	} else {
+
+		m_position += count;
+		return count;
+	}
+}
+
+
+size_t seekableInputStreamRegionAdapter::getPosition() const {
+
+	return m_position;
+}
+
+
+void seekableInputStreamRegionAdapter::seek(const size_t pos) {
+
+	if (pos > m_length) {
+		m_position = m_length;
+	} else {
+		m_position = pos;
+	}
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.hpp b/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.hpp
new file mode 100644
index 0000000..8406b29
--- /dev/null
+++ b/vmime-master/src/vmime/utility/seekableInputStreamRegionAdapter.hpp
@@ -0,0 +1,73 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_SEEKABLEINPUTSTREAMREGIONADAPTER_HPP_INCLUDED
+#define VMIME_UTILITY_SEEKABLEINPUTSTREAMREGIONADAPTER_HPP_INCLUDED
+
+
+#include "vmime/utility/seekableInputStream.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** An adapter for reading a limited region of a seekable input stream.
+  */
+class VMIME_EXPORT seekableInputStreamRegionAdapter : public seekableInputStream {
+
+public:
+
+	/** Creates a new adapter for a seekableInputStream.
+	  *
+	  * @param stream source stream
+	  * @param begin start position in source stream
+	  * @param length region length in source stream
+	  */
+	seekableInputStreamRegionAdapter(
+		const shared_ptr <seekableInputStream>& stream,
+		const size_t begin,
+		const size_t length
+	);
+
+	bool eof() const;
+	void reset();
+	size_t read(byte_t* const data, const size_t count);
+	size_t skip(const size_t count);
+	size_t getPosition() const;
+	void seek(const size_t pos);
+
+private:
+
+	shared_ptr <seekableInputStream> m_stream;
+	size_t m_begin;
+	size_t m_length;
+	size_t m_position;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_SEEKABLEINPUTSTREAMREGIONADAPTER_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/stream.cpp b/vmime-master/src/vmime/utility/stream.cpp
new file mode 100644
index 0000000..96f99cb
--- /dev/null
+++ b/vmime-master/src/vmime/utility/stream.cpp
@@ -0,0 +1,39 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/stream.hpp"
+
+
+
+namespace vmime {
+namespace utility {
+
+
+size_t stream::getBlockSize() {
+
+	return 32768;  // 32 KB
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/stream.hpp b/vmime-master/src/vmime/utility/stream.hpp
new file mode 100644
index 0000000..9aa1392
--- /dev/null
+++ b/vmime-master/src/vmime/utility/stream.hpp
@@ -0,0 +1,60 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_STREAM_HPP_INCLUDED
+#define VMIME_UTILITY_STREAM_HPP_INCLUDED
+
+
+#include <sstream>
+
+#include "vmime/config.hpp"
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Base class for input/output stream.
+  */
+class VMIME_EXPORT stream : public object, private noncopyable {
+
+public:
+
+	virtual ~stream() { }
+
+	/** Return the preferred maximum block size when reading
+	  * from or writing to this stream.
+	  *
+	  * @return block size, in bytes
+	  */
+	virtual size_t getBlockSize();
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_STREAM_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/streamUtils.cpp b/vmime-master/src/vmime/utility/streamUtils.cpp
new file mode 100644
index 0000000..793973c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/streamUtils.cpp
@@ -0,0 +1,130 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/streamUtils.hpp"
+
+#include <algorithm>  // for std::copy
+#include <iterator>   // for std::back_inserter
+
+
+
+namespace vmime {
+namespace utility {
+
+
+outputStream& operator<<(outputStream& os, const byte_t c) {
+
+	os.write(&c, 1);
+	return os;
+}
+
+
+outputStream& operator<<(outputStream& os, const string& str) {
+
+	os.write(str.data(), str.length());
+	return os;
+}
+
+
+size_t bufferedStreamCopy(inputStream& is, outputStream& os) {
+
+	return bufferedStreamCopy(is, os, 0, NULL);
+}
+
+
+size_t bufferedStreamCopyRange(
+	inputStream& is,
+	outputStream& os,
+	const size_t start,
+	const size_t length
+) {
+
+	const size_t blockSize =
+		std::min(is.getBlockSize(), os.getBlockSize());
+
+	is.skip(start);
+
+	std::vector <byte_t> vbuffer(blockSize);
+
+	byte_t* buffer = &vbuffer.front();
+	size_t total = 0;
+
+	while (!is.eof() && total < length) {
+
+		const size_t remaining = std::min(length - total, blockSize);
+		const size_t read = is.read(buffer, remaining);
+
+		if (read != 0) {
+			os.write(buffer, read);
+			total += read;
+		}
+	}
+
+	return total;
+}
+
+
+size_t bufferedStreamCopy(
+	inputStream& is,
+	outputStream& os,
+	const size_t length,
+	progressListener* progress
+) {
+
+	const size_t blockSize =
+		std::min(is.getBlockSize(), os.getBlockSize());
+
+	std::vector <byte_t> vbuffer(blockSize);
+
+	byte_t* buffer = &vbuffer.front();
+	size_t total = 0;
+
+	if (progress != NULL) {
+		progress->start(length);
+	}
+
+	while (!is.eof()) {
+
+		const size_t read = is.read(buffer, blockSize);
+
+		if (read != 0) {
+
+			os.write(buffer, read);
+			total += read;
+
+			if (progress != NULL) {
+				progress->progress(total, std::max(total, length));
+			}
+		}
+	}
+
+	if (progress != NULL) {
+		progress->stop(total);
+	}
+
+	return total;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/streamUtils.hpp b/vmime-master/src/vmime/utility/streamUtils.hpp
new file mode 100644
index 0000000..5d81fbe
--- /dev/null
+++ b/vmime-master/src/vmime/utility/streamUtils.hpp
@@ -0,0 +1,83 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_STREAMUTILS_HPP_INCLUDED
+#define VMIME_UTILITY_STREAMUTILS_HPP_INCLUDED
+
+
+#include "vmime/utility/inputStream.hpp"
+#include "vmime/utility/outputStream.hpp"
+
+#include "vmime/utility/progressListener.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Copy data from one stream into another stream using a buffered method.
+  *
+  * @param is input stream (source data)
+  * @param os output stream (destination for data)
+  * @return number of bytes copied
+  */
+VMIME_EXPORT size_t bufferedStreamCopy(inputStream& is, outputStream& os);
+
+/** Copy data from one stream into another stream using a buffered method
+  * and copying only a specified range of data.
+  *
+  * @param is input stream (source data)
+  * @param os output stream (destination for data)
+  * @param start number of bytes to ignore before starting copying
+  * @param length maximum number of bytes to copy
+  * @return number of bytes copied
+  */
+VMIME_EXPORT size_t bufferedStreamCopyRange(
+	inputStream& is,
+	outputStream& os,
+	const size_t start,
+	const size_t length
+);
+
+/** Copy data from one stream into another stream using a buffered method
+  * and notify progress state of the operation.
+  *
+  * @param is input stream (source data)
+  * @param os output stream (destination for data)
+  * @param length predicted number of bytes to copy
+  * @param progress listener to notify
+  * @return number of bytes copied
+  */
+VMIME_EXPORT size_t bufferedStreamCopy(
+	inputStream& is,
+	outputStream& os,
+	const size_t length,
+	progressListener* progress
+);
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_STREAMUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/stringUtils.cpp b/vmime-master/src/vmime/utility/stringUtils.cpp
new file mode 100644
index 0000000..823a3ea
--- /dev/null
+++ b/vmime-master/src/vmime/utility/stringUtils.cpp
@@ -0,0 +1,337 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+bool stringUtils::isStringEqualNoCase(const string& s1, const char* s2, const size_t n) {
+
+	// 'n' is the number of characters to compare
+	// 's2' must be in lowercase letters only
+	if (s1.length() < n) {
+		return (false);
+	}
+
+	const std::ctype <char>& fac =
+		std::use_facet <std::ctype <char> >(std::locale::classic());
+
+	bool equal = true;
+
+	for (size_t i = 0 ; equal && i < n ; ++i) {
+		equal = (fac.tolower(static_cast <unsigned char>(s1[i])) == s2[i]);
+	}
+
+	return equal;
+}
+
+
+bool stringUtils::isStringEqualNoCase(const string& s1, const string& s2) {
+
+	if (s1.length() != s2.length()) {
+		return false;
+	}
+
+	const std::ctype <char>& fac =
+		std::use_facet <std::ctype <char> >(std::locale::classic());
+
+	bool equal = true;
+	const string::const_iterator end = s1.end();
+
+	for (string::const_iterator i = s1.begin(), j = s2.begin() ; equal && i != end ; ++i, ++j) {
+		equal = (fac.tolower(static_cast <unsigned char>(*i)) == fac.tolower(static_cast <unsigned char>(*j)));
+	}
+
+	return equal;
+}
+
+
+bool stringUtils::isStringEqualNoCase(
+	const string::const_iterator begin,
+	const string::const_iterator end,
+	const char* s,
+	const size_t n
+) {
+
+	if (static_cast <size_t>(end - begin) < n) {
+		return false;
+	}
+
+	const std::ctype <char>& fac =
+		std::use_facet <std::ctype <char> >(std::locale::classic());
+
+	bool equal = true;
+	char* c = const_cast<char*>(s);
+	size_t r = n;
+
+	for (string::const_iterator i = begin ; equal && r && *c ; ++i, ++c, --r) {
+		equal = (fac.tolower(static_cast <unsigned char>(*i)) == static_cast <unsigned char>(*c));
+	}
+
+	return r == 0 && equal;
+}
+
+
+const string stringUtils::toLower(const string& str) {
+
+	const std::ctype <char>& fac =
+		std::use_facet <std::ctype <char> >(std::locale::classic());
+
+	string out;
+	out.resize(str.size());
+
+	for (size_t i = 0, len = str.length() ; i < len ; ++i) {
+		out[i] = fac.tolower(static_cast <unsigned char>(str[i]));
+	}
+
+	return out;
+}
+
+
+const string stringUtils::toUpper(const string& str) {
+
+	const std::ctype <char>& fac =
+		std::use_facet <std::ctype <char> >(std::locale::classic());
+
+	string out;
+	out.resize(str.size());
+
+	for (size_t i = 0, len = str.length() ; i < len ; ++i) {
+		out[i] = fac.toupper(static_cast <unsigned char>(str[i]));
+	}
+
+	return out;
+}
+
+
+const string stringUtils::trim(const string& str) {
+
+	string::const_iterator b = str.begin();
+	string::const_iterator e = str.end();
+
+	if (b != e) {
+
+		for ( ; b != e && parserHelpers::isSpace(*b) ; ++b) {}
+		for ( ; e != b && parserHelpers::isSpace(*(e - 1)) ; --e) {}
+	}
+
+	return string(b, e);
+}
+
+
+size_t stringUtils::countASCIIchars(
+	const string::const_iterator begin,
+	const string::const_iterator end
+) {
+
+	size_t count = 0;
+
+	for (string::const_iterator i = begin ; i != end ; ++i) {
+
+		if (parserHelpers::isAscii(*i)) {
+
+			if (*i != '=' || ((i + 1) != end && *(i + 1) != '?')) {  // To avoid bad behaviour...
+				++count;
+			}
+		}
+	}
+
+	return count;
+}
+
+
+bool stringUtils::is7bit(const string& str) {
+
+	return countASCIIchars(str.begin(), str.end()) == str.length();
+}
+
+
+size_t stringUtils::findFirstNonASCIIchar(
+	const string::const_iterator begin,
+	const string::const_iterator end
+) {
+
+	size_t pos = string::npos;
+
+	for (string::const_iterator i = begin ; i != end ; ++i) {
+
+		if (!parserHelpers::isAscii(*i)) {
+			pos = i - begin;
+			break;
+		}
+	}
+
+	return pos;
+}
+
+
+const string stringUtils::unquote(const string& str) {
+
+	if (str.length() < 2) {
+		return str;
+	}
+
+	if (str[0] != '"' || str[str.length() - 1] != '"') {
+		return str;
+	}
+
+	string res;
+	res.reserve(str.length());
+
+	bool escaped = false;
+
+	for (string::const_iterator it = str.begin() + 1, end = str.end() - 1 ; it != end ; ++it) {
+
+		const char c = *it;
+
+		if (escaped) {
+
+			res += c;
+			escaped = false;
+
+		} else if (!escaped && c == '\\') {
+
+			escaped = true;
+
+		} else {
+
+			res += c;
+		}
+	}
+
+	return res;
+}
+
+
+bool stringUtils::needQuoting(const string& str, const string& specialChars) {
+
+	return str.find_first_of(specialChars.c_str()) != string::npos;
+}
+
+
+string stringUtils::quote(
+	const string& str,
+	const string& escapeSpecialChars,
+	const string& escapeChar
+) {
+
+	std::ostringstream oss;
+	size_t lastPos = 0, pos = 0;
+
+	while ((pos = str.find_first_of(escapeSpecialChars, lastPos)) != string::npos) {
+
+		oss << str.substr(lastPos, pos - lastPos)
+		    << escapeChar
+		    << str[pos];
+
+		lastPos = pos + 1;
+	}
+
+	oss << str.substr(lastPos);
+
+	return oss.str();
+}
+
+
+bool stringUtils::isValidHostname(const vmime::string& hostname) {
+
+	short numberOfDots = 0;
+	return isValidFQDNImpl(hostname, &numberOfDots);
+}
+
+
+bool stringUtils::isValidFQDN(const vmime::string& fqdn) {
+
+	short numberOfDots = 0;
+	return isValidFQDNImpl(fqdn, &numberOfDots) && numberOfDots >= 2;
+}
+
+
+bool stringUtils::isValidFQDNImpl(const vmime::string& fqdn, short* numberOfDots) {
+
+	bool alphanumOnly = true;
+	bool invalid = false;
+	bool previousIsDot = true;  // dot is not allowed as the first char
+	bool previousIsDash = true;  // dash is not allowed as the first char
+
+	*numberOfDots = 0;
+
+	for (size_t i = 0, n = fqdn.length() ; alphanumOnly && !invalid && i < n ; ++i) {
+
+		const char c = fqdn[i];
+
+		alphanumOnly = (
+			   (c >= '0' && c <= '9')  // DIGIT
+			|| (c >= 'a' && c <= 'z')  // ALPHA
+			|| (c >= 'A' && c <= 'Z')  // ALPHA
+			|| (c == '.')
+			|| (c == '-')
+		);
+
+		if (c == '-') {
+
+			if (previousIsDot) {
+				invalid = true;  // dash is not allowed as the first char
+			}
+
+			previousIsDot = false;
+			previousIsDash = true;
+
+		} else if (c == '.') {
+
+			if (previousIsDash) {
+
+				invalid = true;  // dash is not allowed as the first char
+
+			} else if (previousIsDot) {
+
+				invalid = true;  // consecutive dots are not allowed
+
+			} else {
+
+				++*numberOfDots;
+				previousIsDot = true;
+			}
+
+			previousIsDash = false;
+
+		} else {
+
+			previousIsDot = false;
+			previousIsDash = false;
+		}
+	}
+
+	return alphanumOnly &&
+	       !previousIsDot &&
+	       !previousIsDash &&
+	       !invalid;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/stringUtils.hpp b/vmime-master/src/vmime/utility/stringUtils.hpp
new file mode 100644
index 0000000..4678940
--- /dev/null
+++ b/vmime-master/src/vmime/utility/stringUtils.hpp
@@ -0,0 +1,271 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_STRINGUTILS_HPP_INCLUDED
+#define VMIME_UTILITY_STRINGUTILS_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Miscellaneous functions related to strings.
+  */
+class VMIME_EXPORT stringUtils {
+
+public:
+
+	/** Makes a string from bytes.
+	  *
+	  * @param data pointer to buffer containing data
+	  * @param count number of bytes to use from buffer
+	  * @return a string object containing a copy of the specified data
+	  */
+	static const string makeStringFromBytes(const byte_t* data, const size_t count) {
+
+		return string(reinterpret_cast <const char*>(data), count);
+	}
+
+	/** Casts a string to bytes.
+	  *
+	  * @param str string
+	  * @return pointer to the first byte of the string
+	  */
+	static const byte_t* bytesFromString(const string& str) {
+
+		return reinterpret_cast <const byte_t*>(str.data());
+	}
+
+	/** Casts a NULL-terminated string to bytes.
+	  *
+	  * @param str string
+	  * @return pointer to the first byte of the string
+	  */
+	static const byte_t* bytesFromString(const char* str) {
+
+		return reinterpret_cast <const byte_t*>(str);
+	}
+
+	/** Appends bytes to a string.
+	  *
+	  * @param str string to which append data
+	  * @param data pointer to buffer containing data
+	  * @param count number of bytes to use from buffer
+	  * @return a reference to modified string
+	  */
+	static string& appendBytesToString(string& str, const byte_t* data, const size_t count) {
+
+		str.append(reinterpret_cast <const char*>(data), count);
+		return str;
+	}
+
+	/** Test two strings for equality (case insensitive).
+	  * \warning Use this with ASCII-only strings.
+	  *
+	  * @param s1 first string
+	  * @param s2 second string (must be in lower-case!)
+	  * @param n length of the second string
+	  * @return true if the two strings compare equally, false otherwise
+	  */
+	static bool isStringEqualNoCase(const string& s1, const char* s2, const size_t n);
+
+	/** Test two strings for equality (case insensitive).
+	  * \warning Use this with ASCII-only strings.
+	  *
+	  * @param s1 first string
+	  * @param s2 second string
+	  * @return true if the two strings compare equally, false otherwise
+	  */
+	static bool isStringEqualNoCase(const string& s1, const string& s2);
+
+	/** Test two strings for equality (case insensitive).
+	  * \warning Use this with ASCII-only strings.
+	  *
+	  * @param begin start position of the first string
+	  * @param end end position of the first string
+	  * @param s second string (must be in lower-case!)
+	  * @param n length of the second string
+	  * @return true if the two strings compare equally, false otherwise
+	  */
+	static bool isStringEqualNoCase(
+		const string::const_iterator begin,
+		const string::const_iterator end,
+		const char* s,
+		const size_t n
+	);
+
+	/** Transform all the characters in a string to lower-case.
+	  * \warning Use this with ASCII-only strings.
+	  *
+	  * @param str the string to transform
+	  * @return a new string in lower-case
+	  */
+	static const string toLower(const string& str);
+
+	/** Transform all the characters in a string to upper-case.
+	  * \warning Use this with ASCII-only strings.
+	  *
+	  * @param str the string to transform
+	  * @return a new string in upper-case
+	  */
+	static const string toUpper(const string& str);
+
+	/** Strip the space characters (SPC, TAB, CR, LF) at the beginning
+	  * and at the end of the specified string.
+	  *
+	  * @param str string in which to strip spaces
+	  * @return a new string with space characters removed
+	  */
+	static const string trim(const string& str);
+
+	/** Return the number of 7-bit US-ASCII characters in a string.
+	  *
+	  * @param begin start position
+	  * @param end end position
+	  * @return number of ASCII characters
+	  */
+	static size_t countASCIIchars(
+		const string::const_iterator begin,
+		const string::const_iterator end
+	);
+
+	/** Returns whether the specified string is composed exclusively
+	  * of 7-bit ASCII characters.
+	  *
+	  * @param str string to test
+	  * @return true if the string is ASCII-only, false otherwise
+	  */
+	static bool is7bit(const string& str);
+
+	/** Returns the position of the first non 7-bit US-ASCII character in a string.
+	  *
+	  * @param begin start position
+	  * @param end end position
+	  * @return position since begin, or string::npos
+	  */
+	static size_t findFirstNonASCIIchar(
+		const string::const_iterator begin,
+		const string::const_iterator end
+	);
+
+	/** Convert the specified value to a string value.
+	  *
+	  * @param value to convert
+	  * @return value converted from type 'TYPE'
+	  */
+	template <class TYPE>
+	static const string toString(const TYPE& value) {
+
+		std::ostringstream oss;
+		oss.imbue(std::locale::classic());
+
+		oss << value;
+
+		return oss.str();
+	}
+
+	/** Convert the specified string value to a value of
+	  * the specified type.
+	  *
+	  * @param value value to convert
+	  * @return value converted into type 'TYPE'
+	  */
+	template <class TYPE>
+	static const TYPE fromString(const string& value) {
+
+		TYPE ret;
+
+		std::istringstream iss(value);
+		iss.imbue(std::locale::classic());
+
+		iss >> ret;
+
+		return ret;
+	}
+
+	/** Unquote the specified string and transform escaped characters.
+	  *
+	  * @param str string from which to remove quotes
+	  * @return unquoted string
+	  */
+	static const string unquote(const string& str);
+
+	/** Determines whether the specified string needs to be quoted.
+	  *
+	  * @param str string to test
+	  * @param specialChars list of characters that will cause the
+	  * string to be quoted
+	  * @return true if the string needs to be quoted, false otherwise
+	  */
+	static bool needQuoting(
+		const string& str,
+		const string& specialChars = " \t\"(),:;<>@[\\]"
+	);
+
+	/** Quotes the specified string.
+	  *
+	  * @param str string to quote
+	  * @param escapeSpecialChars list of characters that will be escaped
+	  * @param escapeChar character that will be used for escaping (eg. '\')
+	  * @return quoted string
+	  */
+	static string quote(
+		const string& str,
+		const string& escapeSpecialChars,
+		const string& escapeChar
+	);
+
+	/** Return whether the specified string is a valid host name
+	  * or domain name.
+	  *
+	  * @param hostname string to test
+	  * @return true if the string is a valid host name or domain
+	  * name, or false otherwise
+	  */
+	static bool isValidHostname(const vmime::string& hostname);
+
+	/** Return whether the specified string is a valid fully
+	  * qualified domain name (FQDN).
+	  *
+	  * @param fqdn string to test
+	  * @return true if the string seems to be a FQDN, false otherwise
+	  */
+	static bool isValidFQDN(const vmime::string& fqdn);
+
+private:
+
+	static bool isValidFQDNImpl(const vmime::string& fqdn, short* minNumberOfDots);
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_STRINGUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/sync/autoLock.hpp b/vmime-master/src/vmime/utility/sync/autoLock.hpp
new file mode 100644
index 0000000..a3d3a7c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/sync/autoLock.hpp
@@ -0,0 +1,65 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_SYNC_AUTOLOCK_HPP_INCLUDED
+#define VMIME_UTILITY_SYNC_AUTOLOCK_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace sync {
+
+
+/** Critical section wrapper class
+  */
+template <class M>
+class VMIME_EXPORT autoLock : public object {
+
+public:
+
+	autoLock(const shared_ptr <M>& mutex)
+		: m_mutex(mutex) {
+
+		m_mutex->lock();
+	}
+
+	~autoLock() {
+
+		m_mutex->unlock();
+	}
+
+private:
+
+	shared_ptr <M> m_mutex;
+};
+
+
+} // sync
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_SYNC_AUTOLOCK_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/sync/criticalSection.cpp b/vmime-master/src/vmime/utility/sync/criticalSection.cpp
new file mode 100644
index 0000000..a1013cd
--- /dev/null
+++ b/vmime-master/src/vmime/utility/sync/criticalSection.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/sync/criticalSection.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace sync {
+
+
+criticalSection::criticalSection() {
+
+}
+
+
+criticalSection::~criticalSection() {
+
+}
+
+
+} // sync
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/sync/criticalSection.hpp b/vmime-master/src/vmime/utility/sync/criticalSection.hpp
new file mode 100644
index 0000000..1e7008c
--- /dev/null
+++ b/vmime-master/src/vmime/utility/sync/criticalSection.hpp
@@ -0,0 +1,64 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_SYNC_CRITICALSECTION_HPP_INCLUDED
+#define VMIME_UTILITY_SYNC_CRITICALSECTION_HPP_INCLUDED
+
+
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace utility {
+namespace sync {
+
+
+/** Critical section class.
+  */
+class VMIME_EXPORT criticalSection : public object {
+
+public:
+
+	virtual ~criticalSection();
+
+	/** Enters the critical section.
+	  */
+	virtual void lock() = 0;
+
+	/** Leaves the critical section.
+	  */
+	virtual void unlock() = 0;
+
+protected:
+
+	criticalSection();
+	criticalSection(criticalSection&);
+};
+
+
+} // sync
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_SYNC_CRITICALSECTION_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/url.cpp b/vmime-master/src/vmime/utility/url.cpp
new file mode 100644
index 0000000..59cb1f5
--- /dev/null
+++ b/vmime-master/src/vmime/utility/url.cpp
@@ -0,0 +1,431 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/url.hpp"
+
+#include "vmime/parserHelpers.hpp"
+#include "vmime/utility/urlUtils.hpp"
+#include "vmime/exception.hpp"
+
+#include <sstream>
+
+
+namespace vmime {
+namespace utility {
+
+
+// Unspecified port
+const port_t url::UNSPECIFIED_PORT = static_cast <port_t>(-1);
+
+// Known protocols
+const string url::PROTOCOL_FILE = "file";
+const string url::PROTOCOL_HTTP = "http";
+const string url::PROTOCOL_FTP = "ftp";
+
+
+
+url::url(const string& s) {
+
+	parse(s);
+}
+
+
+url::url(const url& u) {
+
+	operator=(u);
+}
+
+
+url::url(
+	const string& protocol,
+	const string& host,
+	const port_t port,
+	const string& path,
+	const string& username,
+	const string& password
+)
+	: m_protocol(protocol),
+	  m_username(username),
+	  m_password(password),
+	  m_host(host),
+	  m_port(port),
+	  m_path(path) {
+
+}
+
+
+url& url::operator=(const url& u) {
+
+	m_protocol = u.m_protocol;
+
+	m_username = u.m_username;
+	m_password = u.m_password;
+
+	m_host = u.m_host;
+	m_port = u.m_port;
+
+	m_path = u.m_path;
+
+	m_params = u.m_params;
+
+	return *this;
+}
+
+
+url& url::operator=(const string& s) {
+
+	parse(s);
+
+	return *this;
+}
+
+
+url::operator string() const {
+
+	return build();
+}
+
+
+const string url::build() const {
+
+	std::ostringstream oss;
+	oss.imbue(std::locale::classic());
+
+	oss << m_protocol << "://";
+
+	if (!m_username.empty()) {
+
+		oss << urlUtils::encode(m_username);
+
+		if (!m_password.empty()) {
+
+			oss << ":";
+			oss << urlUtils::encode(m_password);
+		}
+
+		oss << "@";
+	}
+
+	oss << urlUtils::encode(m_host);
+
+	if (m_port != UNSPECIFIED_PORT) {
+
+		oss << ":";
+		oss << m_port;
+	}
+
+	if (!m_path.empty()) {
+
+		oss << "/";
+		oss << urlUtils::encode(m_path);
+	}
+
+
+	if (!m_params.empty()) {
+
+		if (m_path.empty()) {
+			oss << "/";
+		}
+
+		oss << "?";
+
+		for (std::map <string, string>::const_iterator it = m_params.begin() ;
+		     it != m_params.end() ; ++it) {
+
+			if (it != m_params.begin()) {
+				oss << "&";
+			}
+
+			oss << urlUtils::encode((*it).first);
+			oss << "=";
+			oss << urlUtils::encode((*it).second);
+		}
+	}
+
+	return oss.str();
+}
+
+
+void url::parse(const string& str) {
+
+	// Protocol
+	const size_t protoEnd = str.find("://");
+
+	if (protoEnd == string::npos) {
+		throw exceptions::malformed_url("No protocol separator");
+	}
+
+	const string proto =
+		utility::stringUtils::toLower(string(str.begin(), str.begin() + protoEnd));
+
+	// Username/password
+	size_t slashPos = str.find('/', protoEnd + 3);
+
+	if (slashPos == string::npos) {
+		slashPos = str.length();
+	}
+
+	size_t atPos = str.rfind('@', slashPos);
+	string hostPart;
+
+	string username;
+	string password;
+
+	if (proto == PROTOCOL_FILE) {
+
+		// No user name, password and host part.
+		slashPos = protoEnd + 3;
+
+	} else {
+
+		if (atPos != string::npos && atPos < slashPos) {
+
+			const string userPart(str.begin() + protoEnd + 3, str.begin() + atPos);
+			const size_t colonPos = userPart.find(':');
+
+			if (colonPos == string::npos) {
+
+				username = userPart;
+
+			} else {
+
+				username = string(userPart.begin(), userPart.begin() + colonPos);
+				password = string(userPart.begin() + colonPos + 1, userPart.end());
+			}
+
+			hostPart = string(str.begin() + atPos + 1, str.begin() + slashPos);
+
+		} else {
+
+			hostPart = string(str.begin() + protoEnd + 3, str.begin() + slashPos);
+		}
+	}
+
+	// Host/port
+	const size_t colonPos = hostPart.find(':');
+
+	string host;
+	string port;
+
+	if (colonPos == string::npos) {
+
+		host = utility::stringUtils::trim(hostPart);
+
+	} else {
+
+		host = utility::stringUtils::trim(string(hostPart.begin(), hostPart.begin() + colonPos));
+		port = utility::stringUtils::trim(string(hostPart.begin() + colonPos + 1, hostPart.end()));
+	}
+
+	// Path
+	string path = utility::stringUtils::trim(string(str.begin() + slashPos, str.end()));
+	string params;
+
+	size_t paramSep = path.find_first_of('?');
+
+	if (paramSep != string::npos) {
+
+		params = string(path.begin() + paramSep + 1, path.end());
+		path.erase(path.begin() + paramSep, path.end());
+	}
+
+	if (path == "/") {
+		path.clear();
+	}
+
+	// Some sanity check
+	if (proto.empty()) {
+
+		throw exceptions::malformed_url("No protocol specified");
+
+	} else if (host.empty()) {
+
+		// Accept empty host (eg. "file:///home/vincent/mydoc")
+		if (proto != PROTOCOL_FILE) {
+			throw exceptions::malformed_url("No host specified");
+		}
+	}
+
+	bool onlyDigit = true;
+
+	for (string::const_iterator it = port.begin() ;
+	     onlyDigit && it != port.end() ; ++it) {
+
+		onlyDigit = parserHelpers::isDigit(*it);
+	}
+
+	if (!onlyDigit) {
+		throw exceptions::malformed_url("Port can only contain digits");
+	}
+
+	std::istringstream iss(port);
+	iss.imbue(std::locale::classic());
+
+	port_t portNum = 0;
+	iss >> portNum;
+
+	if (portNum == 0) {
+		portNum = UNSPECIFIED_PORT;
+	}
+
+	// Extract parameters
+	m_params.clear();
+
+	if (!params.empty()) {
+
+		size_t pos = 0;
+
+		do {
+
+			const size_t start = pos;
+
+			pos = params.find_first_of('&', pos);
+
+			const size_t equal = params.find_first_of('=', start);
+			const size_t end = (pos == string::npos ? params.length() : pos);
+
+			string name;
+			string value;
+
+			if (equal == string::npos || equal > pos) {  // no value
+
+				name = string(params.begin() + start, params.begin() + end);
+				value = name;
+
+			} else {
+
+				name = string(params.begin() + start, params.begin() + equal);
+				value = string(params.begin() + equal + 1, params.begin() + end);
+			}
+
+			name = urlUtils::decode(name);
+			value = urlUtils::decode(value);
+
+			m_params[name] = value;
+
+			if (pos != string::npos) {
+				++pos;
+			}
+
+		} while (pos != string::npos);
+	}
+
+	// Now, save URL parts
+	m_protocol = proto;
+
+	m_username = urlUtils::decode(username);
+	m_password = urlUtils::decode(password);
+
+	m_host = urlUtils::decode(host);
+	m_port = portNum;
+
+	m_path = urlUtils::decode(path);
+}
+
+
+const string& url::getProtocol() const {
+
+	return m_protocol;
+}
+
+
+void url::setProtocol(const string& protocol) {
+
+	m_protocol = protocol;
+}
+
+
+const string& url::getUsername() const {
+
+	return m_username;
+}
+
+
+void url::setUsername(const string& username) {
+
+	m_username = username;
+}
+
+
+const string& url::getPassword() const {
+
+	return m_password;
+}
+
+
+void url::setPassword(const string& password) {
+
+	m_password = password;
+}
+
+
+const string& url::getHost() const {
+
+	return m_host;
+}
+
+
+void url::setHost(const string& host) {
+
+	m_host = host;
+}
+
+
+port_t url::getPort() const {
+
+	return m_port;
+}
+
+
+void url::setPort(const port_t port) {
+
+	m_port = port;
+}
+
+
+const string& url::getPath() const {
+
+	return m_path;
+}
+
+
+void url::setPath(const string& path) {
+
+	m_path = path;
+}
+
+
+const std::map <string, string>& url::getParams() const {
+
+	return m_params;
+}
+
+
+std::map <string, string>& url::getParams() {
+
+	return m_params;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/url.hpp b/vmime-master/src/vmime/utility/url.hpp
new file mode 100644
index 0000000..8dfa3c4
--- /dev/null
+++ b/vmime-master/src/vmime/utility/url.hpp
@@ -0,0 +1,213 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_URL_HPP_INCLUDED
+#define VMIME_UTILITY_URL_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+#include "vmime/propertySet.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** This class represents a Uniform Resource Locator (a pointer
+  * to a "resource" on the World Wide Web).
+  *
+  * Format:
+  * "protocol://[username[:password]@]host[:port][/path]"
+  */
+class VMIME_EXPORT url {
+
+public:
+
+	/** Means "port not specified" (use default port). */
+	static const port_t UNSPECIFIED_PORT;
+
+	/** Standard name for FILE protocol (local file-system). */
+	static const string PROTOCOL_FILE;
+
+	/** Standard name for HTTP protocol. */
+	static const string PROTOCOL_HTTP;
+
+	/** Standard name for FTP protocol. */
+	static const string PROTOCOL_FTP;
+
+
+	/** Construct an URL from a string (parse the URL components).
+	  *
+	  * @param s full URL string (eg. http://www.vmime.org:80/download.html)
+	  * @throw exceptions::malformed_url if URL is malformed
+	  */
+	url(const string& s);
+
+	/** Construct an URL from another URL object.
+	  *
+	  * @param u other URL object
+	  */
+	url(const url& u);
+
+	/** Construct an URL from the components.
+	  *
+	  * @param protocol protocol (eg. "http", "ftp"...)
+	  * @param host host name (eg. "www.vmime.org", "123.45.67.89")
+	  * @param port optional port number (eg. 80, 110 or UNSPECIFIED_PORT to mean "default")
+	  * @param path optional full path (eg. "download.html")
+	  * @param username optional user name
+	  * @param password optional user password
+	  */
+	url(
+		const string& protocol,
+		const string& host,
+		const port_t port = UNSPECIFIED_PORT,
+		const string& path = "",
+		const string& username = "",
+		const string& password = ""
+	);
+
+
+	/** Return the protocol of the URL (eg: "http").
+	  *
+	  * @return protocol of the URL
+	  */
+	const string& getProtocol() const;
+
+	/** Set the protocol of the URL.
+	  *
+	  * @param protocol new protocol (eg: "http")
+	  */
+	void setProtocol(const string& protocol);
+
+	/** Return the username specified in the URL
+	  * or empty if not specified.
+	  *
+	  * @return user name
+	  */
+	const string& getUsername() const;
+
+	/** Set the username of the URL.
+	  *
+	  * @param username user name
+	  */
+	void setUsername(const string& username);
+
+	/** Return the password specified in the URL
+	  * or empty if not specified.
+	  *
+	  * @return user password
+	  */
+	const string& getPassword() const;
+
+	/** Set the password of the URL.
+	  *
+	  * @param password user password
+	  */
+	void setPassword(const string& password);
+
+	/** Return the host name of the URL (server name or IP address).
+	  *
+	  * @return host name
+	  */
+	const string& getHost() const;
+
+	/** Set the host name of the URL.
+	  *
+	  * @param host server name or IP address
+	  */
+	void setHost(const string& host);
+
+	/** Return the port of the URL, or url::UNSPECIFIED_PORT if
+	  * the default port if used.
+	  *
+	  * @return server port
+	  */
+	port_t getPort() const;
+
+	/** Set the port of the URL.
+	  *
+	  * @param port server port or url::UNSPECIFIED_PORT to
+	  * use the default port of the protocol
+	  */
+	void setPort(const port_t port);
+
+	/** Return the path portion of the URL,
+	  * or empty if not specified.
+	  *
+	  * @return path
+	  */
+	const string& getPath() const;
+
+	/** Set the part portion of the URL.
+	  *
+	  * @param path path
+	  */
+	void setPath(const string& path);
+
+	/** Return the parameters of the URL (read-only).
+	  *
+	  * @return parameters
+	  */
+	const std::map <string, string>& getParams() const;
+
+	/** Return the parameters of the URL.
+	  *
+	  * @return parameters
+	  */
+	std::map <string, string>& getParams();
+
+	/** Build a string URL from this object.
+	  */
+	operator string() const;
+
+	url& operator=(const url& u);
+	url& operator=(const string& s);
+
+private:
+
+	const string build() const;
+	void parse(const string& str);
+
+
+	string m_protocol;
+
+	string m_username;
+	string m_password;
+
+	string m_host;
+
+	port_t m_port;
+
+	string m_path;
+
+	std::map <string, string> m_params;
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_URL_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/utility/urlUtils.cpp b/vmime-master/src/vmime/utility/urlUtils.cpp
new file mode 100644
index 0000000..cf51a50
--- /dev/null
+++ b/vmime-master/src/vmime/utility/urlUtils.cpp
@@ -0,0 +1,133 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/utility/urlUtils.hpp"
+#include "vmime/parserHelpers.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+const string urlUtils::encode(const string& s) {
+
+	static const string RESERVED_CHARS =
+		/* reserved */ "$&+,/:;=?@"
+		/* unsafe */   "<>#%{}[]|\\^\"~`";
+
+	string result;
+	result.reserve(s.length());
+
+	for (string::const_iterator it = s.begin() ; it != s.end() ; ++it) {
+
+		const char c = *it;
+
+		if (parserHelpers::isPrint(c) && !parserHelpers::isSpace(c) &&
+		    static_cast <unsigned char>(c) <= 127 &&
+		    RESERVED_CHARS.find(c) == string::npos) {
+
+			result += c;
+
+		} else {
+
+			char hex[4];
+			const unsigned char k = static_cast <unsigned char>(c);
+
+			hex[0] = '%';
+			hex[1] = "0123456789ABCDEF"[k / 16];
+			hex[2] = "0123456789ABCDEF"[k % 16];
+			hex[3] = 0;
+
+			result += hex;
+		}
+	}
+
+	return result;
+}
+
+
+const string urlUtils::decode(const string& s) {
+
+	string result;
+	result.reserve(s.length());
+
+	for (string::const_iterator it = s.begin() ; it != s.end() ; ) {
+
+		const char c = *it;
+
+		switch (c) {
+
+			case '%': {
+
+				++it;  // skip '%'
+
+				const char_t p = (it != s.end() ? *(it++) : 0);
+				const char_t q = (it != s.end() ? *(it++) : 0);
+
+				unsigned int r = 0;
+
+				switch (p) {
+
+					case 0: r = '%'; break;
+					case 'a': case 'A': r = 10; break;
+					case 'b': case 'B': r = 11; break;
+					case 'c': case 'C': r = 12; break;
+					case 'd': case 'D': r = 13; break;
+					case 'e': case 'E': r = 14; break;
+					case 'f': case 'F': r = 15; break;
+					default: r = p - '0'; break;
+				}
+
+				if (q != 0) {
+
+					r *= 16;
+
+					switch (q) {
+
+						case 'a': case 'A': r += 10; break;
+						case 'b': case 'B': r += 11; break;
+						case 'c': case 'C': r += 12; break;
+						case 'd': case 'D': r += 13; break;
+						case 'e': case 'E': r += 14; break;
+						case 'f': case 'F': r += 15; break;
+						default: r += q - '0'; break;
+					}
+				}
+
+				result += static_cast <char>(r);
+				break;
+			}
+			default:
+
+				result += c;
+				++it;
+				break;
+		}
+	}
+
+	return result;
+}
+
+
+} // utility
+} // vmime
diff --git a/vmime-master/src/vmime/utility/urlUtils.hpp b/vmime-master/src/vmime/utility/urlUtils.hpp
new file mode 100644
index 0000000..54ffa2a
--- /dev/null
+++ b/vmime-master/src/vmime/utility/urlUtils.hpp
@@ -0,0 +1,57 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_UTILITY_URLUTILS_HPP_INCLUDED
+#define VMIME_UTILITY_URLUTILS_HPP_INCLUDED
+
+
+#include "vmime/types.hpp"
+#include "vmime/base.hpp"
+
+
+namespace vmime {
+namespace utility {
+
+
+/** Miscellaneous functions related to URLs.
+  */
+class VMIME_EXPORT urlUtils {
+
+public:
+
+	/** Encode extended characters in a URL string (ASCII characters
+	  * are unmodified, other are encoded as '%' followed by hex code).
+	  */
+	static const string encode(const string& s);
+
+	/** Decode an hex-encoded URL (see encode()).
+	  */
+	static const string decode(const string& s);
+};
+
+
+} // utility
+} // vmime
+
+
+#endif // VMIME_UTILITY_URLUTILS_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/vmime.hpp b/vmime-master/src/vmime/vmime.hpp
new file mode 100644
index 0000000..e92b7e5
--- /dev/null
+++ b/vmime-master/src/vmime/vmime.hpp
@@ -0,0 +1,160 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should.have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_INCLUDED
+#define VMIME_INCLUDED
+
+
+// Configuration
+#include "config.hpp"
+
+// Base definitions
+#include "base.hpp"
+#include "exception.hpp"
+#include "platform.hpp"
+
+// Base components
+#include "dateTime.hpp"
+#include "message.hpp"
+#include "bodyPart.hpp"
+#include "charset.hpp"
+#include "text.hpp"
+#include "encoding.hpp"
+#include "contentDisposition.hpp"
+#include "emailAddress.hpp"
+#include "mailbox.hpp"
+#include "mailboxGroup.hpp"
+#include "mailboxList.hpp"
+#include "addressList.hpp"
+#include "mediaType.hpp"
+#include "messageId.hpp"
+#include "messageIdSequence.hpp"
+#include "relay.hpp"
+#include "disposition.hpp"
+#include "path.hpp"
+
+#include "emptyContentHandler.hpp"
+#include "fileContentHandler.hpp"
+#include "stringContentHandler.hpp"
+#include "streamContentHandler.hpp"
+
+#include "generationContext.hpp"
+#include "parsingContext.hpp"
+
+// Message components
+#include "message.hpp"
+
+// Header fields
+#include "headerFieldFactory.hpp"
+#include "mailboxField.hpp"
+#include "parameterizedHeaderField.hpp"
+
+// Encoders
+#include "utility/encoder/encoderFactory.hpp"
+
+// Streams
+#include "utility/filteredStream.hpp"
+#include "utility/inputStream.hpp"
+#include "utility/inputStreamAdapter.hpp"
+#include "utility/inputStreamByteBufferAdapter.hpp"
+#include "utility/inputStreamPointerAdapter.hpp"
+#include "utility/inputStreamSocketAdapter.hpp"
+#include "utility/inputStreamStringAdapter.hpp"
+#include "utility/outputStream.hpp"
+#include "utility/outputStreamAdapter.hpp"
+#include "utility/outputStreamByteArrayAdapter.hpp"
+#include "utility/outputStreamSocketAdapter.hpp"
+#include "utility/outputStreamStringAdapter.hpp"
+#include "utility/streamUtils.hpp"
+
+// Message builder/parser
+#include "messageBuilder.hpp"
+#include "messageParser.hpp"
+
+#include "fileAttachment.hpp"
+#include "defaultAttachment.hpp"
+#include "messageAttachment.hpp"
+
+#include "plainTextPart.hpp"
+#include "htmlTextPart.hpp"
+
+#include "attachmentHelper.hpp"
+
+// MDN
+#include "mdn/MDNHelper.hpp"
+
+// Misc
+#include "misc/importanceHelper.hpp"
+
+// Property set
+#include "propertySet.hpp"
+
+// Utilities
+#include "utility/datetimeUtils.hpp"
+#include "utility/filteredStream.hpp"
+#include "charsetConverter.hpp"
+
+// Security
+#include "security/authenticator.hpp"
+#include "security/defaultAuthenticator.hpp"
+
+// Security/digest
+#include "security/digest/messageDigestFactory.hpp"
+
+// Security/SASL
+#if VMIME_HAVE_SASL_SUPPORT
+	#include "security/sasl/SASLAuthenticator.hpp"
+	#include "security/sasl/defaultSASLAuthenticator.hpp"
+	#include "security/sasl/SASLContext.hpp"
+	#include "security/sasl/SASLSession.hpp"
+#endif // VMIME_HAVE_SASL_SUPPORT
+
+// Messaging features
+#if VMIME_HAVE_MESSAGING_FEATURES
+	#include "net/socket.hpp"
+
+	#include "net/serviceFactory.hpp"
+	#include "net/store.hpp"
+	#include "net/transport.hpp"
+
+	#include "net/session.hpp"
+
+	#include "net/folder.hpp"
+	#include "net/message.hpp"
+#endif // VMIME_HAVE_MESSAGING_FEATURES
+
+// Net/TLS
+#if VMIME_HAVE_TLS_SUPPORT
+	#include "security/cert/certificate.hpp"
+	#include "security/cert/certificateChain.hpp"
+	#include "security/cert/certificateVerifier.hpp"
+
+	#include "security/cert/X509Certificate.hpp"
+
+	#include "security/cert/defaultCertificateVerifier.hpp"
+
+	#include "net/tls/TLSSession.hpp"
+#endif // VMIME_HAVE_TLS_SUPPORT
+
+
+#endif // VMIME_INCLUDED
diff --git a/vmime-master/src/vmime/word.cpp b/vmime-master/src/vmime/word.cpp
new file mode 100644
index 0000000..2607e90
--- /dev/null
+++ b/vmime-master/src/vmime/word.cpp
@@ -0,0 +1,939 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/word.hpp"
+#include "vmime/text.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+#include "vmime/parserHelpers.hpp"
+
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+#include "vmime/utility/encoder/encoder.hpp"
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/utility/encoder/qpEncoder.hpp"
+
+#include "vmime/wordEncoder.hpp"
+
+
+namespace vmime {
+
+
+word::word()
+	: m_charset(charset::getLocalCharset()) {
+
+}
+
+
+word::word(const word& w)
+	: headerFieldValue(),
+	  m_buffer(w.m_buffer),
+	  m_charset(w.m_charset),
+	  m_lang(w.m_lang) {
+
+}
+
+
+word::word(const string& buffer) // Defaults to local charset
+	: m_buffer(buffer),
+	  m_charset(charset::getLocalCharset()) {
+
+}
+
+
+word::word(const string& buffer, const charset& charset)
+	: m_buffer(buffer),
+	  m_charset(charset) {
+
+}
+
+
+word::word(const string& buffer, const charset& charset, const string& lang)
+	: m_buffer(buffer),
+	  m_charset(charset),
+	  m_lang(lang) {
+
+}
+
+
+shared_ptr <word> word::parseNext(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition,
+	parserState* state
+) {
+
+	size_t pos = position;
+
+	// Ignore white-spaces:
+	//   - before the first word
+	//   - between two encoded words
+	//   - after the last word
+	// Always ignore newlines
+	string whiteSpaces;
+
+	while (pos < end && parserHelpers::isSpace(buffer[pos])) {
+
+		if (buffer[pos] != '\r' && buffer[pos] != '\n') {  // do not include newlines
+			whiteSpaces += buffer[pos];
+		}
+
+		++pos;
+	}
+
+	size_t startPos = pos;
+	string unencoded;
+
+	const charset defaultCharset = ctx.getInternationalizedEmailSupport()
+		? charset(charsets::UTF_8) : charset(charsets::US_ASCII);
+
+	while (pos < end) {
+
+		// End of line: does not occur in the middle of an encoded word. This is
+		// used to remove folding white-spaces from unencoded text.
+		if (buffer[pos] == '\n') {
+
+			size_t endPos = pos;
+
+			if (pos > position && buffer[pos - 1] == '\r') {
+				++pos;
+				--endPos;
+			}
+
+			while (pos != end && parserHelpers::isSpace(buffer[pos])) {
+				++pos;
+			}
+
+			unencoded += buffer.substr(startPos, endPos - startPos);
+
+			if (pos != end) {  // ignore white-spaces at end
+				unencoded += ' ';
+			}
+
+			startPos = pos;
+			continue;
+
+		// Start of an encoded word
+		} else if (pos + 8 < end &&  // 8 = "=?(.+)?(.+)?(.*)?="
+		           buffer[pos] == '=' && buffer[pos + 1] == '?') {
+
+			// Check whether there is some unencoded text before
+			unencoded += buffer.substr(startPos, pos - startPos);
+
+			if (!unencoded.empty()) {
+
+				if (state->prevIsEncoded && !state->isFirst) {
+					unencoded = whiteSpaces + unencoded;
+				}
+
+				shared_ptr <word> w = make_shared <word>(unencoded, defaultCharset);
+				w->setParsedBounds(position, pos);
+
+				if (newPosition) {
+					*newPosition = pos;
+				}
+
+				state->prevIsEncoded = false;
+				state->isFirst = false;
+
+				return w;
+			}
+
+			// ...else find the finish sequence '?=' and return an encoded word
+			const size_t wordStart = pos;
+
+			pos += 2;
+
+			while (pos < end && buffer[pos] != '?') {
+				++pos;
+			}
+
+			if (pos < end) {
+
+				++pos; // skip '?' between charset and encoding
+
+				while (pos < end && buffer[pos] != '?') {
+					++pos;
+				}
+
+				if (pos < end) {
+					++pos; // skip '?' between encoding and encoded data
+				}
+			}
+
+			while (pos < end) {
+
+				if (buffer[pos] == '\n') {
+
+					// End of line not allowed in the middle of an encoded word:
+					// treat this text as unencoded text (see *).
+					break;
+
+				} else if (buffer[pos] == '?' && pos + 1 < end && buffer[pos + 1] == '=') {
+
+					// Found the finish sequence
+					break;
+				}
+
+				++pos;
+			}
+
+			if (pos == end) {  // not a valid word (no finish sequence)
+				continue;
+			} else if (buffer[pos] == '\n') {  // (*)
+				continue;
+			}
+
+			pos += 2; // ?=
+
+			shared_ptr <word> w = make_shared <word>();
+			w->parseWithState(ctx, buffer, wordStart, pos, NULL, state);
+
+			if (newPosition) {
+				*newPosition = pos;
+			}
+
+			state->prevIsEncoded = true;
+			state->isFirst = false;
+
+			return w;
+		}
+
+		++pos;
+	}
+
+	if (startPos != end) {
+
+		if (state->prevIsEncoded && !state->isFirst) {
+			unencoded = whiteSpaces + unencoded;
+		}
+
+		unencoded += buffer.substr(startPos, end - startPos);
+	}
+
+	// Treat unencoded text at the end of the buffer
+	if (!unencoded.empty()) {
+
+		shared_ptr <word> w = make_shared <word>(unencoded, defaultCharset);
+		w->setParsedBounds(position, end);
+
+		if (newPosition) {
+			*newPosition = end;
+		}
+
+		state->prevIsEncoded = false;
+		state->isFirst = false;
+
+		return w;
+	}
+
+	return null;
+}
+
+
+const std::vector <shared_ptr <word> > word::parseMultiple(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	std::vector <shared_ptr <word> > res;
+	shared_ptr <word> w;
+
+	size_t pos = position;
+
+	parserState state;
+
+	while ((w = word::parseNext(ctx, buffer, pos, end, &pos, &state))) {
+		res.push_back(w);
+	}
+
+	if (newPosition) {
+		*newPosition = pos;
+	}
+
+	return res;
+}
+
+
+void word::parseImpl(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition
+) {
+
+	parseWithState(ctx, buffer, position, end, newPosition, NULL);
+}
+
+
+void word::parseWithState(
+	const parsingContext& ctx,
+	const string& buffer,
+	const size_t position,
+	const size_t end,
+	size_t* newPosition,
+	parserState* state
+) {
+
+	if (position + 6 < end && // 6 = "=?(.+)?(.*)?="
+	    buffer[position] == '=' && buffer[position + 1] == '?') {
+
+		string::const_iterator p = buffer.begin() + position + 2;
+		const string::const_iterator pend = buffer.begin() + end;
+
+		const string::const_iterator charsetPos = p;
+
+		for ( ; p != pend && *p != '?' ; ++p) {}
+
+		if (p != pend) {  // a charset is specified
+
+			const string::const_iterator charsetEnd = p;
+			const string::const_iterator encPos = ++p; // skip '?'
+
+			for ( ; p != pend && *p != '?' ; ++p) {}
+
+			if (p != pend) {  // an encoding is specified
+
+				//const string::const_iterator encEnd = p;
+				const string::const_iterator dataPos = ++p; // skip '?'
+
+				for ( ; p != pend && !(*p == '?' && *(p + 1) == '=') ; ++p) {}
+
+				if (p != pend) {  // some data is specified
+
+					const string::const_iterator dataEnd = p;
+					p += 2; // skip '?='
+
+					scoped_ptr <utility::encoder::encoder> theEncoder;
+
+					// Base-64 encoding
+					if (*encPos == 'B' || *encPos == 'b') {
+
+						theEncoder.reset(new utility::encoder::b64Encoder());
+
+					// Quoted-Printable encoding
+					} else if (*encPos == 'Q' || *encPos == 'q') {
+
+						theEncoder.reset(new utility::encoder::qpEncoder());
+						theEncoder->getProperties()["rfc2047"] = true;
+					}
+
+					if (theEncoder) {
+
+						// Extract charset and language
+						const string charsetAndLang(charsetPos, charsetEnd);
+						const string::size_type asteriskPos = charsetAndLang.find('*');
+
+						if (asteriskPos != string::npos) {
+
+							m_charset = charset(string(charsetAndLang.begin(), charsetAndLang.begin() + asteriskPos));
+							m_lang = string(charsetAndLang.begin() + asteriskPos + 1, charsetAndLang.end());
+
+						} else {
+
+							m_charset = charset(charsetAndLang);
+							m_lang.clear();
+						}
+
+						// Decode text
+						string encodedBuffer(dataPos, dataEnd);
+						string decodedBuffer;
+
+						if (state && !state->undecodedBytes.empty()) {
+
+							encodedBuffer = state->undecodedBytes + encodedBuffer;
+							state->undecodedBytes.clear();
+						}
+
+						utility::inputStreamStringAdapter ein(encodedBuffer);
+						utility::outputStreamStringAdapter eout(decodedBuffer);
+
+						const size_t decodedLen = theEncoder->decode(ein, eout);
+
+						m_buffer = decodedBuffer;
+
+						setParsedBounds(position, p - buffer.begin());
+
+						if (newPosition) {
+							*newPosition = (p - buffer.begin());
+						}
+
+						// For Base64 encoding, ensure all bytes have been decoded.
+						// If there are remaining bytes, keep them for the next run.
+						//
+						// This allows decoding some insanities like:
+						//     =?utf-8?B?5Lit5?= =?utf-8?B?paH?=
+						if (*encPos == 'B' || *encPos == 'b') {
+
+							const size_t actualEncodedLen = encodedBuffer.length();
+							const size_t theoricalEncodedLen =
+								((decodedLen + ((decodedLen % 3) ? (3 - (decodedLen % 3)) : 0) ) / 3) * 4;
+
+							if (state && actualEncodedLen != theoricalEncodedLen) {
+								state->undecodedBytes.assign(dataPos + theoricalEncodedLen, dataEnd);
+							}
+						}
+
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	// Unknown encoding or malformed encoded word: treat the buffer as ordinary text (RFC-2047, Page 9).
+	m_buffer = string(buffer.begin() + position, buffer.begin() + end);
+	m_charset = ctx.getInternationalizedEmailSupport()
+		? charset(charsets::UTF_8) : charset(charsets::US_ASCII);
+
+	setParsedBounds(position, end);
+
+	if (newPosition) {
+		*newPosition = end;
+	}
+}
+
+
+void word::generateImpl(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos
+) const {
+
+	generate(ctx, os, curLinePos, newLinePos, 0, NULL);
+}
+
+
+void word::generate(
+	const generationContext& ctx,
+	utility::outputStream& os,
+	const size_t curLinePos,
+	size_t* newLinePos,
+	const int flags,
+	generatorState* state
+) const {
+
+	size_t curLineLength = curLinePos;
+
+	generatorState defaultGeneratorState;
+
+	if (!state) {
+		state = &defaultGeneratorState;
+	}
+
+	// Find out if encoding is forced or required by contents + charset
+	bool encodingNeeded = false;
+
+	if ((flags & text::FORCE_NO_ENCODING) != 0) {
+		encodingNeeded = false;
+	} else if ((flags & text::FORCE_ENCODING) != 0) {
+		encodingNeeded = true;
+	} else {  // auto-detect
+		encodingNeeded = wordEncoder::isEncodingNeeded(ctx, m_buffer, m_charset, m_lang);
+	}
+
+	// If text does not need to be encoded, quote the buffer (no folding is performed).
+	if (!encodingNeeded &&
+	    (flags & text::QUOTE_IF_NEEDED) &&
+	    utility::stringUtils::needQuoting(m_buffer)) {
+
+		const string quoted = utility::stringUtils::quote(m_buffer, "\\\"", "\\");
+
+		os << '"' << quoted << '"';
+		curLineLength += 1 + quoted.length() + 1;
+
+	// If possible and requested (with flag), quote the buffer (no folding is performed).
+	// Quoting is possible if and only if:
+	//  - the buffer does not need to be encoded
+	//  - the buffer does not contain quoting character (")
+	//  - there is enough remaining space on the current line to hold the whole buffer
+	} else if (!encodingNeeded &&
+	           (flags & text::QUOTE_IF_POSSIBLE) &&
+	           m_buffer.find('"') == string::npos &&
+	           (curLineLength + 2 /* 2 x " */ + m_buffer.length()) < ctx.getMaxLineLength()) {
+
+		os << '"' << m_buffer << '"';
+		curLineLength += 2 + m_buffer.length();
+
+	// We will fold lines without encoding them.
+	} else if (!encodingNeeded) {
+
+		string buffer;
+
+		if (ctx.getInternationalizedEmailSupport()) {
+
+			// Convert the buffer to UTF-8
+			charset::convert(m_buffer, buffer, m_charset, charsets::UTF_8);
+
+		} else {
+
+			// Leave the buffer as-is
+			buffer = m_buffer;
+		}
+
+		// Here, we could have the following conditions:
+		//
+		//  * a maximum line length of N bytes
+		//  * a buffer containing N+1 bytes, with no whitespace
+		//
+		// Look in the buffer for any run (ie. whitespace-separated sequence) which
+		// is longer than the maximum line length. If there is one, then force encoding,
+		// so that no generated line is longer than the maximum line length.
+		size_t maxRunLength = 0;
+		size_t curRunLength = 0;
+
+		for (string::const_iterator p = buffer.begin(), end = buffer.end() ; p != end ; ++p) {
+
+			if (parserHelpers::isSpace(*p)) {
+
+				maxRunLength = std::max(maxRunLength, curRunLength);
+				curRunLength = 0;
+
+			} else {
+
+				curRunLength++;
+			}
+		}
+
+		maxRunLength = std::max(maxRunLength, curRunLength);
+
+		if (((flags & text::FORCE_NO_ENCODING) == 0) && maxRunLength >= ctx.getMaxLineLength() - 3) {
+
+			// Generate with encoding forced
+			generate(ctx, os, curLinePos, newLinePos, flags | text::FORCE_ENCODING, state);
+			return;
+		}
+
+		// Output runs, and fold line when a whitespace is encountered
+		string::const_iterator lastWSpos = buffer.end(); // last white-space position
+		string::const_iterator curLineStart = buffer.begin(); // current line start
+
+		string::const_iterator p = buffer.begin();
+		const string::const_iterator end = buffer.end();
+
+		bool finished = false;
+		bool newLine = false;
+
+		while (!finished) {
+
+			for ( ; p != end ; ++p, ++curLineLength) {
+
+				// Exceeded maximum line length, but we have found a white-space
+				// where we can cut the line...
+				if (curLineLength >= ctx.getMaxLineLength() && lastWSpos != end) {
+					break;
+				}
+
+				if (*p == ' ' || *p == '\t') {
+					// Remember the position of this white-space character
+					lastWSpos = p;
+				}
+			}
+
+			if (p != end) {
+				++curLineLength;
+			}
+
+			if (p == end || lastWSpos == end) {
+
+				// If we are here, it means that we have found no whitespace
+				// before the first "maxLineLength" characters. In this case,
+				// we write the full line no matter of the max line length...
+
+				if (!newLine && p != end && lastWSpos == end &&
+				    !state->isFirstWord && curLineStart == buffer.begin()) {
+
+					// Here, we are continuing on the line of previous encoded
+					// word, but there is not even enough space to put the
+					// first word of this line, so we start a new line.
+					if (flags & text::NO_NEW_LINE_SEQUENCE) {
+
+						os << CRLF;
+						curLineLength = 0;
+
+						state->lastCharIsSpace = true;
+
+					} else {
+
+						os << NEW_LINE_SEQUENCE;
+						curLineLength = NEW_LINE_SEQUENCE_LENGTH;
+
+						state->lastCharIsSpace = true;
+					}
+
+					p = curLineStart;
+					lastWSpos = end;
+					newLine = true;
+
+				} else {
+
+					if (!state->isFirstWord &&
+					    (state->prevWordIsEncoded || ctx.getInternationalizedEmailSupport()) &&
+					    !state->lastCharIsSpace &&
+					    !parserHelpers::isSpace(*curLineStart)) {
+
+						os << " "; // Separate from previous word
+					}
+
+					os << string(curLineStart, p);
+
+					if (p != buffer.begin() && parserHelpers::isSpace(*(p - 1))) {
+						state->lastCharIsSpace = true;
+					} else {
+						state->lastCharIsSpace = false;
+					}
+
+					if (p == end) {
+
+						finished = true;
+
+					} else {
+
+						if (flags & text::NO_NEW_LINE_SEQUENCE) {
+
+							os << CRLF;
+							curLineLength = 0;
+
+						} else {
+
+							os << NEW_LINE_SEQUENCE;
+							curLineLength = NEW_LINE_SEQUENCE_LENGTH;
+						}
+
+						curLineStart = p;
+						lastWSpos = end;
+						newLine = true;
+					}
+				}
+
+			} else {
+
+				// In this case, there will not be enough space on the line for all the
+				// characters _after_ the last white-space; so we cut the line at this
+				// last white-space.
+
+				if (curLineLength != NEW_LINE_SEQUENCE_LENGTH &&
+				    !state->isFirstWord &&
+				    state->prevWordIsEncoded) {
+
+					os << " "; // Separate from previous word
+				}
+
+				os << string(curLineStart, lastWSpos);
+
+				if (lastWSpos > curLineStart && parserHelpers::isSpace(*(lastWSpos - 1))) {
+					state->lastCharIsSpace = true;
+				} else {
+					state->lastCharIsSpace = false;
+				}
+
+				if (flags & text::NO_NEW_LINE_SEQUENCE) {
+
+					os << CRLF;
+					curLineLength = 0;
+
+					state->lastCharIsSpace = true;
+
+				} else {
+
+					os << NEW_LINE_SEQUENCE;
+					curLineLength = NEW_LINE_SEQUENCE_LENGTH;
+
+					state->lastCharIsSpace = true;
+				}
+
+				curLineStart = lastWSpos + 1;
+
+				p = lastWSpos + 1;
+				lastWSpos = end;
+				newLine = true;
+			}
+		}
+
+	/*
+		RFC #2047:
+		4. Encodings
+
+		Initially, the legal values for "encoding" are "Q" and "B".  These
+		encodings are described below.  The "Q" encoding is recommended for
+		use when most of the characters to be encoded are in the ASCII
+		character set; otherwise, the "B" encoding should be used.
+		Nevertheless, a mail reader which claims to recognize 'encoded-word's
+		MUST be able to accept either encoding for any character set which it
+		supports.
+	*/
+	} else {
+
+		// We will encode _AND_ fold lines
+
+		/*
+			RFC #2047:
+			2. Syntax of encoded-words
+
+			" While there is no limit to the length of a multiple-line header
+			  field, each line of a header field that contains one or more
+			  'encoded-word's is limited to 76 characters. "
+		*/
+
+		const size_t maxLineLength3 =
+			(ctx.getMaxLineLength() == lineLengthLimits::infinite)
+				? ctx.getMaxLineLength()
+				: std::min(ctx.getMaxLineLength(), static_cast <size_t>(76));
+
+		wordEncoder wordEnc(m_buffer, m_charset);
+
+		const string wordStart("=?"
+			+ m_charset.getName()
+			+ (m_lang.empty() ? "" : string("*") + m_lang)
+			+ "?"
+			+ (wordEnc.getEncoding() == wordEncoder::ENCODING_B64 ? 'B' : 'Q')
+			+ "?");
+		const string wordEnd("?=");
+
+		const size_t minWordLength = wordStart.length() + wordEnd.length();
+		const size_t maxLineLength2 = (maxLineLength3 < minWordLength + 1)
+			? maxLineLength3 + minWordLength + 1 : maxLineLength3;
+
+		// Checks whether remaining space on this line is usable. If too few
+		// characters can be encoded, start a new line.
+		bool startNewLine = true;
+
+		if (curLineLength + 2 < maxLineLength2) {
+
+			const size_t remainingSpaceOnLine = maxLineLength2 - curLineLength - 2;
+
+			if (remainingSpaceOnLine < minWordLength + 10) {
+
+				// Space for no more than 10 encoded chars!
+				// It is not worth while to continue on this line...
+				startNewLine = true;
+
+			} else {
+
+				// OK, there is enough usable space on the current line.
+				startNewLine = false;
+			}
+		}
+
+		if (startNewLine) {
+
+			os << NEW_LINE_SEQUENCE;
+			curLineLength = NEW_LINE_SEQUENCE_LENGTH;
+
+			state->lastCharIsSpace = true;
+		}
+
+		// Encode and fold input buffer
+		if (!startNewLine && !state->isFirstWord && !state->lastCharIsSpace) {
+
+			os << " "; // Separate from previous word
+			++curLineLength;
+
+			state->lastCharIsSpace = true;
+		}
+
+		for (unsigned int i = 0 ; ; ++i) {
+
+			// Compute the number of encoded chars that will fit on this line
+			const size_t fit = maxLineLength2 - minWordLength
+				- (i == 0 ? curLineLength : NEW_LINE_SEQUENCE_LENGTH);
+
+			// Get the next encoded chunk
+			const string chunk = wordEnc.getNextChunk(fit);
+
+			if (chunk.empty()) {
+				break;
+			}
+
+			// Start a new encoded word
+			if (i != 0) {
+
+				os << NEW_LINE_SEQUENCE;
+				curLineLength = NEW_LINE_SEQUENCE_LENGTH;
+			}
+
+			os << wordStart;
+			curLineLength += minWordLength;
+
+			os << chunk;
+			curLineLength += chunk.length();
+
+			// End of the encoded word
+			os << wordEnd;
+
+			state->prevWordIsEncoded = true;
+			state->lastCharIsSpace = false;
+		}
+	}
+
+	if (newLinePos) {
+		*newLinePos = curLineLength;
+	}
+
+	state->isFirstWord = false;
+}
+
+
+word& word::operator=(const word& w) {
+
+	m_buffer = w.m_buffer;
+	m_charset = w.m_charset;
+	m_lang = w.m_lang;
+
+	return *this;
+}
+
+
+word& word::operator=(const string& s) {
+
+	m_buffer = s;
+	m_charset = charset::getLocalCharset();
+	m_lang.clear();
+
+	return *this;
+}
+
+
+void word::copyFrom(const component& other) {
+
+	const word& w = dynamic_cast <const word&>(other);
+
+	m_buffer = w.m_buffer;
+	m_charset = w.m_charset;
+	m_lang = w.m_lang;
+}
+
+
+bool word::operator==(const word& w) const {
+
+	return m_charset == w.m_charset && m_buffer == w.m_buffer && m_lang == w.m_lang;
+}
+
+
+bool word::operator!=(const word& w) const {
+
+	return m_charset != w.m_charset || m_buffer != w.m_buffer || m_lang != w.m_lang;
+}
+
+
+bool word::isEquivalent(const word& other) const {
+
+	return getConvertedText(charset(charsets::UTF_8)) == other.getConvertedText(charset(charsets::UTF_8));
+}
+
+
+const string word::getConvertedText(
+	const charset& dest,
+	const charsetConverterOptions& opts
+) const {
+
+	if (dest == m_charset) {
+		return m_buffer;  // no conversion needed
+	}
+
+	string out;
+
+	try {
+
+		charset::convert(m_buffer, out, m_charset, dest, opts);
+
+	} catch (vmime::exceptions::charset_conv_error& e) {
+
+		// Do not fail if charset is not recognized:
+		// copy 'word' as raw text
+		out = m_buffer;
+	}
+
+	return out;
+}
+
+
+shared_ptr <component> word::clone() const {
+
+	return make_shared <word>(m_buffer, m_charset);
+}
+
+
+const charset& word::getCharset() const {
+
+	return m_charset;
+}
+
+
+void word::setCharset(const charset& ch) {
+
+	m_charset = ch;
+}
+
+
+const string word::getLanguage() const {
+
+	return m_lang;
+}
+
+
+void word::setLanguage(const string& lang) {
+
+	m_lang = lang;
+}
+
+
+const string& word::getBuffer() const {
+
+	return m_buffer;
+}
+
+
+string& word::getBuffer() {
+
+	return m_buffer;
+}
+
+
+bool word::isEmpty() const {
+
+	return m_buffer.empty();
+}
+
+
+void word::setBuffer(const string& buffer) {
+
+	m_buffer = buffer;
+}
+
+
+const std::vector <shared_ptr <component> > word::getChildComponents() {
+
+	return std::vector <shared_ptr <component> >();
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/word.hpp b/vmime-master/src/vmime/word.hpp
new file mode 100644
index 0000000..1565a0b
--- /dev/null
+++ b/vmime-master/src/vmime/word.hpp
@@ -0,0 +1,272 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_WORD_HPP_INCLUDED
+#define VMIME_WORD_HPP_INCLUDED
+
+
+#include "vmime/headerFieldValue.hpp"
+#include "vmime/charset.hpp"
+#include "vmime/charsetConverterOptions.hpp"
+
+
+namespace vmime {
+
+
+/** A class that encapsulates an encoded-word (RFC-2047):
+  * some text encoded into one specified charset.
+  */
+class VMIME_EXPORT word : public headerFieldValue {
+
+	friend class text;
+
+public:
+
+	/** Construct an empty word.
+	  * Charset is set to the current locale charset.
+	  */
+	word();
+
+	/** Construct a word by copying another word.
+	  */
+	word(const word& w);
+
+	/** Construct a word using a string buffer.
+	  * Charset is set to the current locale charset.
+	  */
+	explicit word(const string& buffer);
+
+	/** Construct a word using a string buffer and a specified charset.
+	  *
+	  * @param buffer string buffer
+	  * @param charset charset in which the string is encoded
+	  */
+	word(const string& buffer, const charset& charset);
+
+	/** Construct a word using a string buffer and a specified charset
+	  * and language tag (RFC-1766).
+	  *
+	  * @param buffer string buffer
+	  * @param charset charset in which the string is encoded
+	  * @param lang language tag, in the format specified by RFC-1766
+	  */
+	word(const string& buffer, const charset& charset, const string& lang);
+
+	/** Return the raw data for this encoded word.
+	  *
+	  * @return raw data buffer
+	  */
+	const string& getBuffer() const;
+
+	/** Return the raw data for this encoded word.
+	  *
+	  * @return raw data buffer
+	  */
+	string& getBuffer();
+
+	/** Tests whether this word is empty.
+	  *
+	  * @return true if the buffer is empty, false otherwise
+	  */
+	bool isEmpty() const;
+
+	/** Set the raw data for this encoded word.
+	  *
+	  * @param buffer raw data buffer
+	  */
+	void setBuffer(const string& buffer);
+
+	/** Return the charset of this word.
+	  *
+	  * @return charset for this word
+	  */
+	const charset& getCharset() const;
+
+	/** Set the charset of this word.
+	  *
+	  * @param ch charset of this word
+	  */
+	void setCharset(const charset& ch);
+
+	/** Return the language used in this word (optional).
+	  * If not specified, the value is empty.
+	  *
+	  * @return language tag for this word, in the format specified
+	  * by RFC-1766
+	  */
+	const string getLanguage() const;
+
+	/** Set the language used in this word (optional).
+	  *
+	  * @param lang language tag, in the format specified by RFC-1766
+	  */
+	void setLanguage(const string& lang);
+
+	/** Returns whether two words actually represent the same text,
+	  * regardless of their charset.
+	  *
+	  * @param other word to compare to
+	  * @return true if the two words represent the same text, or false otherwise
+	  */
+	bool isEquivalent(const word& other) const;
+
+
+	word& operator=(const word& w);
+	word& operator=(const string& s);
+
+	bool operator==(const word& w) const;
+	bool operator!=(const word& w) const;
+
+	/** Return the contained text converted to the specified charset.
+	  *
+	  * @param dest output charset
+	  * @param opts options for charset conversion
+	  * @return word converted to the specified charset
+	  */
+	const string getConvertedText(
+		const charset& dest,
+		const charsetConverterOptions& opts = charsetConverterOptions()
+	) const;
+
+	/** Replace data in this word by data in other word.
+	  *
+	  * @param other other word to copy data from
+	  */
+	void copyFrom(const component& other);
+
+	/** Clone this word.
+	  *
+	  * @return a copy of this word
+	  */
+	shared_ptr <component> clone() const;
+
+
+#ifndef VMIME_BUILDING_DOC
+	class generatorState {
+
+	public:
+
+		generatorState()
+			: isFirstWord(true),
+			  prevWordIsEncoded(false),
+			  lastCharIsSpace(false) {
+
+		}
+
+		bool isFirstWord;
+		bool prevWordIsEncoded;
+		bool lastCharIsSpace;
+	};
+
+	class parserState {
+
+	public:
+
+		parserState()
+			: prevIsEncoded(false),
+			  isFirst(true) {
+
+		}
+
+		bool prevIsEncoded;
+		bool isFirst;
+		std::string undecodedBytes;
+	};
+#endif
+
+
+protected:
+
+	void parseImpl(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition = NULL
+	);
+
+	void generateImpl(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos = 0,
+		size_t* newLinePos = NULL
+	) const;
+
+	void parseWithState(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition,
+		parserState* state
+	);
+
+public:
+
+	using component::generate;
+
+#ifndef VMIME_BUILDING_DOC
+	void generate(
+		const generationContext& ctx,
+		utility::outputStream& os,
+		const size_t curLinePos,
+		size_t* newLinePos,
+		const int flags,
+		generatorState* state
+	) const;
+#endif
+
+	const std::vector <shared_ptr <component> > getChildComponents();
+
+private:
+
+	static shared_ptr <word> parseNext(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition,
+		parserState* state
+	);
+
+	static const std::vector <shared_ptr <word> > parseMultiple(
+		const parsingContext& ctx,
+		const string& buffer,
+		const size_t position,
+		const size_t end,
+		size_t* newPosition
+	);
+
+
+	// The "m_buffer" of this word holds the data, and this data is encoded
+	// in the specified "m_charset".
+	string m_buffer;
+	charset m_charset;
+	string m_lang;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_WORD_HPP_INCLUDED
diff --git a/vmime-master/src/vmime/wordEncoder.cpp b/vmime-master/src/vmime/wordEncoder.cpp
new file mode 100644
index 0000000..4f47d04
--- /dev/null
+++ b/vmime-master/src/vmime/wordEncoder.cpp
@@ -0,0 +1,320 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/wordEncoder.hpp"
+
+#include "vmime/exception.hpp"
+#include "vmime/charsetConverter.hpp"
+
+#include "vmime/encoding.hpp"
+
+#include "vmime/utility/encoder/b64Encoder.hpp"
+#include "vmime/utility/encoder/qpEncoder.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+
+
+namespace vmime {
+
+
+wordEncoder::wordEncoder(
+	const string& buffer,
+	const charset& charset,
+	const Encoding encoding
+)
+	: m_buffer(buffer),
+	  m_pos(0),
+	  m_length(buffer.length()),
+	  m_charset(charset),
+	  m_encoding(encoding) {
+
+	try {
+
+		string utf8Buffer;
+
+		vmime::charset::convert(
+			buffer, utf8Buffer, charset, vmime::charset(charsets::UTF_8)
+		);
+
+		m_buffer = utf8Buffer;
+		m_length = utf8Buffer.length();
+
+		m_simple = false;
+
+	} catch (exceptions::charset_conv_error&) {
+
+		// Ignore exception.
+		// We will fall back on simple encoding.
+		m_simple = true;
+	}
+
+	if (m_encoding == ENCODING_AUTO) {
+		m_encoding = guessBestEncoding(buffer, charset);
+	}
+
+	if (m_encoding == ENCODING_B64) {
+
+		m_encoder = make_shared <utility::encoder::b64Encoder>();
+
+	} else {  // ENCODING_QP
+
+		m_encoder = make_shared <utility::encoder::qpEncoder>();
+		m_encoder->getProperties()["rfc2047"] = true;
+	}
+}
+
+
+static size_t getUTF8CharLength(
+	const string& buffer,
+	const size_t pos,
+	const size_t length
+) {
+
+	// Gives the number of extra bytes in a UTF8 char, given the leading char
+	static const unsigned char UTF8_EXTRA_BYTES[256] = {
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+		1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+		2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+		3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5
+	};
+
+	const unsigned char c = buffer[pos];
+	const unsigned char n = UTF8_EXTRA_BYTES[c];
+
+	if (n < length - pos) {
+		return n + 1;
+	} else {
+		return 1;
+	}
+}
+
+
+const string wordEncoder::getNextChunk(const size_t maxLength) {
+
+	const size_t remaining = m_length - m_pos;
+
+	if (remaining == 0) {
+		return string();
+	}
+
+	vmime::string chunk;
+	vmime::utility::outputStreamStringAdapter chunkStream(chunk);
+
+	// Simple encoding
+	if (m_simple) {
+
+		// WARNING! Simple encoding can encode a non-integral number of
+		// characters and then may generate incorrectly-formed words!
+
+		if (m_encoding == ENCODING_B64) {
+
+			// Here, we have a formula to compute the maximum number of source
+			// bytes to encode knowing the maximum number of encoded chars. In
+			// Base64 encoding, 3 bytes of input provide 4 bytes of output.
+			const size_t inputCount =
+				std::min(remaining, (maxLength > 1) ? ((maxLength - 1) * 3) / 4 : 1);
+
+			// Encode chunk
+			utility::inputStreamStringAdapter in(m_buffer, m_pos, m_pos + inputCount);
+
+			m_encoder->encode(in, chunkStream);
+			m_pos += inputCount;
+
+		} else {  // ENCODING_QP
+
+			// Compute exactly how much input bytes are needed to have an output
+			// string length of less than 'maxLength' bytes. In Quoted-Printable
+			// encoding, encoded bytes take 3 bytes.
+			size_t inputCount = 0;
+			size_t outputCount = 0;
+
+			while ((inputCount == 0 || outputCount < maxLength) && (inputCount < remaining)) {
+
+				const unsigned char c = m_buffer[m_pos + inputCount];
+
+				inputCount++;
+				outputCount += utility::encoder::qpEncoder::RFC2047_getEncodedLength(c);
+			}
+
+			// Encode chunk
+			utility::inputStreamStringAdapter in(m_buffer, m_pos, m_pos + inputCount);
+
+			m_encoder->encode(in, chunkStream);
+			m_pos += inputCount;
+		}
+
+	// Fully RFC-compliant encoding
+	} else {
+
+		shared_ptr <charsetConverter> conv = charsetConverter::create(charsets::UTF_8, m_charset);
+
+		size_t inputCount = 0;
+		size_t outputCount = 0;
+		string encodeBuffer;
+
+		while ((inputCount == 0 || outputCount < maxLength) && (inputCount < remaining)) {
+
+			// Get the next UTF8 character
+			const size_t inputCharLength =
+				getUTF8CharLength(m_buffer, m_pos + inputCount, m_length);
+
+			const string inputChar(
+				m_buffer.begin() + m_pos + inputCount,
+				m_buffer.begin() + m_pos + inputCount + inputCharLength
+			);
+
+			// Convert back to original encoding
+			string encodeBytes;
+			conv->convert(inputChar, encodeBytes);
+
+			encodeBuffer += encodeBytes;
+
+			// Compute number of output bytes
+			if (m_encoding == ENCODING_B64) {
+
+				outputCount = std::max(
+					static_cast <size_t>(4),
+					(encodeBuffer.length() * 4) / 3
+				);
+
+			} else {  // ENCODING_QP
+
+				for (size_t i = 0, n = encodeBytes.length() ; i < n ; ++i) {
+
+					const unsigned char c = encodeBytes[i];
+					outputCount += utility::encoder::qpEncoder::RFC2047_getEncodedLength(c);
+				}
+			}
+
+			inputCount += inputCharLength;
+		}
+
+		// Encode chunk
+		utility::inputStreamStringAdapter in(encodeBuffer);
+
+		m_encoder->encode(in, chunkStream);
+		m_pos += inputCount;
+	}
+
+	return chunk;
+}
+
+
+wordEncoder::Encoding wordEncoder::getEncoding() const {
+
+	return m_encoding;
+}
+
+
+// static
+bool wordEncoder::isEncodingNeeded(
+	const generationContext& ctx,
+	const string& buffer,
+	const charset& charset,
+	const string& lang
+) {
+
+	if (!ctx.getInternationalizedEmailSupport()) {
+
+		// Charset-specific encoding
+		encoding recEncoding;
+
+		if (charset.getRecommendedEncoding(recEncoding)) {
+			return true;
+		}
+
+		// No encoding is needed if the buffer only contains ASCII chars
+		if (utility::stringUtils::findFirstNonASCIIchar(buffer.begin(), buffer.end()) != string::npos) {
+			return true;
+		}
+	}
+
+	// Force encoding when there are only ASCII chars, but there is
+	// also at least one of '\n' or '\r' (header fields)
+	if (buffer.find_first_of("\n\r") != string::npos) {
+		return true;
+	}
+
+	// If any RFC-2047 sequence is found in the buffer, encode it
+	if (buffer.find("=?") != string::npos || buffer.find("?=") != string::npos) {
+		return true;
+	}
+
+	// If a language is specified, force encoding
+	if (!lang.empty()) {
+		return true;
+	}
+
+	return false;
+}
+
+
+// static
+wordEncoder::Encoding wordEncoder::guessBestEncoding(
+	const string& buffer,
+	const charset& charset
+) {
+
+	// Charset-specific encoding
+	encoding recEncoding;
+
+	if (charset.getRecommendedEncoding(recEncoding)) {
+
+		if (recEncoding == encoding(encodingTypes::QUOTED_PRINTABLE)) {
+			return ENCODING_QP;
+		} else {
+			return ENCODING_B64;
+		}
+	}
+
+	// Use Base64 if more than 40% non-ASCII, or Quoted-Printable else (default)
+	const size_t asciiCount =
+		utility::stringUtils::countASCIIchars(buffer.begin(), buffer.end());
+
+	const size_t asciiPercent =
+		buffer.length() == 0 ? 100 : (100 * asciiCount) / buffer.length();
+
+	if (asciiPercent < 60) {
+		return ENCODING_B64;
+	} else {
+		return ENCODING_QP;
+	}
+}
+
+
+} // vmime
diff --git a/vmime-master/src/vmime/wordEncoder.hpp b/vmime-master/src/vmime/wordEncoder.hpp
new file mode 100644
index 0000000..e37bbe7
--- /dev/null
+++ b/vmime-master/src/vmime/wordEncoder.hpp
@@ -0,0 +1,118 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_WORDENCODER_HPP_INCLUDED
+#define VMIME_WORDENCODER_HPP_INCLUDED
+
+
+#include "vmime/charset.hpp"
+
+
+namespace vmime {
+
+
+namespace utility {
+namespace encoder {
+
+class encoder;
+
+} // encoder
+} // utility
+
+
+/** Encodes words according to RFC-2047.
+  */
+class VMIME_EXPORT wordEncoder {
+
+public:
+
+	/** Available encodings for RFC-2047. */
+	enum Encoding {
+		ENCODING_AUTO,
+		ENCODING_QP,
+		ENCODING_B64
+	};
+
+
+	wordEncoder(
+		const string& buffer,
+		const charset& charset,
+		const Encoding encoding = ENCODING_AUTO
+	);
+
+
+	/** Return the next chunk in the word.
+	  *
+	  * @param maxLength maximal length of the chunk
+	  * @return next chunk, of maximal length 'maxLength' if possible
+	  */
+	const string getNextChunk(const size_t maxLength);
+
+	/** Return the encoding used.
+	  *
+	  * @return encoding
+	  */
+	Encoding getEncoding() const;
+
+	/** Test whether RFC-2047 encoding is needed.
+	  *
+	  * @param ctx generation context
+	  * @param buffer buffer to analyze
+	  * @param charset charset of the buffer
+	  * @param lang language code, in the format specified by RFC-1766
+	  * @return true if encoding is needed, false otherwise.
+	  */
+	static bool isEncodingNeeded(
+		const generationContext& ctx,
+		const string& buffer,
+		const charset& charset,
+		const string& lang
+	);
+
+	/** Guess the best RFC-2047 encoding to use for the specified buffer.
+	  *
+	  * @param buffer buffer to analyze
+	  * @param charset charset of the buffer
+	  * @return RFC-2047 encoding
+	  */
+	static Encoding guessBestEncoding(const string& buffer, const charset& charset);
+
+private:
+
+	string m_buffer;
+	size_t m_pos;
+	size_t m_length;
+
+	bool m_simple;
+
+	charset m_charset;
+	Encoding m_encoding;
+
+	shared_ptr <utility::encoder::encoder> m_encoder;
+};
+
+
+} // vmime
+
+
+#endif // VMIME_WORDENCODER_HPP_INCLUDED
diff --git a/vmime-master/test-outsourced-build.sh b/vmime-master/test-outsourced-build.sh
new file mode 100755
index 0000000..ac07288
--- /dev/null
+++ b/vmime-master/test-outsourced-build.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+rm -rf _build _install
+mkdir _build _install
+cd _build
+rm -f ../CMakeCache.txt ../src/vmime/config.hpp ../src/vmime/export-static.hpp ../src/vmime/export-shared.hpp
+#cmake .. -DCMAKE_INSTALL_PREFIX=../_install -DVMIME_BUILD_SHARED_LIBRARY=NO
+#cmake .. -DCMAKE_INSTALL_PREFIX=../_install -DVMIME_BUILD_TESTS=YES
+cmake .. -DCMAKE_INSTALL_PREFIX=../_install -DVMIME_BUILD_TESTS=YES -DVMIME_BUILD_SAMPLES=YES -DVMIME_TLS_SUPPORT_LIB=openssl -DCMAKE_BUILD_TYPE=Debug
+cmake .. -L
+make
+make install
+
diff --git a/vmime-master/tests/misc/importanceHelperTest.cpp b/vmime-master/tests/misc/importanceHelperTest.cpp
new file mode 100644
index 0000000..d04d730
--- /dev/null
+++ b/vmime-master/tests/misc/importanceHelperTest.cpp
@@ -0,0 +1,191 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/misc/importanceHelper.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(importanceHelperTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testResetImportance)
+
+		VMIME_TEST(testSetImportance1)
+		VMIME_TEST(testSetImportance2)
+		VMIME_TEST(testSetImportance3)
+		VMIME_TEST(testSetImportance4)
+		VMIME_TEST(testSetImportance5)
+
+		VMIME_TEST(testGetImportance1)
+		VMIME_TEST(testGetImportance2)
+		VMIME_TEST(testGetImportance3)
+		VMIME_TEST(testGetImportance4)
+		VMIME_TEST(testGetImportance5)
+	VMIME_TEST_LIST_END
+
+
+	// resetImportance
+
+	void testResetImportance() {
+
+		vmime::shared_ptr <vmime::header> hdr = vmime::make_shared <vmime::header>();
+
+		hdr->getField("Importance")->setValue("xxx");
+		hdr->getField("X-Priority")->setValue("yyy");
+
+		VASSERT_NO_THROW("1", hdr->findField("Importance"));
+		VASSERT_NO_THROW("2", hdr->findField("X-Priority"));
+
+		vmime::misc::importanceHelper::resetImportanceHeader(hdr);
+
+		VASSERT_NULL("3", hdr->findField("Importance"));
+		VASSERT_NULL("4", hdr->findField("X-Priority"));
+	}
+
+
+	// setImportance
+
+	void testSetImportanceImpl(
+		const vmime::misc::importanceHelper::Importance i,
+		const std::string& ImportanceValue,
+		const std::string& XPriorityValue
+	) {
+
+		vmime::shared_ptr <vmime::header> hdr = vmime::make_shared <vmime::header>();
+
+		vmime::misc::importanceHelper::setImportanceHeader(hdr, i);
+
+		VASSERT_NO_THROW("1", hdr->findField("Importance"));
+		VASSERT_EQ("2", ImportanceValue, hdr->findField("Importance")->getValue()->generate());
+
+		VASSERT_NO_THROW("3", hdr->findField("X-Priority"));
+		VASSERT_EQ("4", XPriorityValue, hdr->findField("X-Priority")->getValue()->generate());
+	}
+
+	void testSetImportance1() {
+
+		testSetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_HIGHEST,
+			"high", "1 (Highest)"
+		);
+	}
+
+	void testSetImportance2() {
+
+		testSetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_HIGH,
+			"high", "2 (High)"
+		);
+	}
+
+	void testSetImportance3() {
+
+		testSetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_NORMAL,
+			"normal", "3 (Normal)"
+		);
+	}
+
+	void testSetImportance4() {
+
+		testSetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_LOW,
+			"low", "4 (Low)"
+		);
+	}
+
+	void testSetImportance5() {
+
+		testSetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_LOWEST,
+			"low", "5 (Lowest)"
+		);
+	}
+
+
+	// getImportance
+
+	void testGetImportanceImpl(
+		const vmime::misc::importanceHelper::Importance i1,
+		const vmime::misc::importanceHelper::Importance i2,
+		const std::string& ImportanceValue,
+		const std::string& XPriorityValue
+	) {
+
+		vmime::shared_ptr <vmime::header> hdr1 = vmime::make_shared <vmime::header>();
+
+		hdr1->getField("Importance")->setValue(ImportanceValue);
+		VASSERT_EQ("1", i1, vmime::misc::importanceHelper::getImportanceHeader(hdr1));
+
+		vmime::shared_ptr <vmime::header> hdr2 = vmime::make_shared <vmime::header>();
+
+		hdr2->getField("X-Priority")->setValue(XPriorityValue);
+		VASSERT_EQ("2", i2, vmime::misc::importanceHelper::getImportanceHeader(hdr2));
+	}
+
+	void testGetImportance1() {
+
+		testGetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_HIGHEST,
+			vmime::misc::importanceHelper::IMPORTANCE_HIGHEST,
+			"high", "1 (Highest)");
+	}
+
+	void testGetImportance2() {
+
+		testGetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_HIGHEST,
+			vmime::misc::importanceHelper::IMPORTANCE_HIGH,
+			"high", "2 (High)"
+		);
+	}
+
+	void testGetImportance3() {
+
+		testGetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_NORMAL,
+			vmime::misc::importanceHelper::IMPORTANCE_NORMAL,
+			"normal", "3 (Normal)"
+		);
+	}
+
+	void testGetImportance4() {
+
+		testGetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_LOWEST,
+			vmime::misc::importanceHelper::IMPORTANCE_LOW,
+			"low", "4 (Low)"
+		);
+	}
+
+	void testGetImportance5() {
+
+		testGetImportanceImpl(
+			vmime::misc::importanceHelper::IMPORTANCE_LOWEST,
+			vmime::misc::importanceHelper::IMPORTANCE_LOWEST,
+			"low", "5 (Lowest)"
+		);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/folderAttributesTest.cpp b/vmime-master/tests/net/folderAttributesTest.cpp
new file mode 100644
index 0000000..da0e025
--- /dev/null
+++ b/vmime-master/tests/net/folderAttributesTest.cpp
@@ -0,0 +1,137 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/folderAttributes.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(folderAttributesTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConstruct)
+		VMIME_TEST(testConstructCopy)
+		VMIME_TEST(testSetType)
+		VMIME_TEST(testSetFlags)
+		VMIME_TEST(testHasFlag)
+		VMIME_TEST(testSetUserFlags)
+		VMIME_TEST(testHasUserFlag)
+		VMIME_TEST(testSetSpecialUse)
+	VMIME_TEST_LIST_END
+
+
+	void testConstruct() {
+
+		vmime::net::folderAttributes attr;
+
+		// Default values
+		VASSERT_EQ("type", vmime::net::folderAttributes::TYPE_CONTAINS_FOLDERS
+			| vmime::net::folderAttributes::TYPE_CONTAINS_MESSAGES, attr.getType());
+		VASSERT_EQ("flags", 0, attr.getFlags());
+		VASSERT_EQ("user-flags", 0, attr.getUserFlags().size());
+		VASSERT_EQ("special-use", vmime::net::folderAttributes::SPECIALUSE_NONE, attr.getSpecialUse());
+	}
+
+	void testConstructCopy() {
+
+		std::vector <vmime::string> userFlags;
+		userFlags.push_back("\\XMyFlag1");
+		userFlags.push_back("\\XMyFlag2");
+		userFlags.push_back("\\XMyFlag3");
+
+		vmime::net::folderAttributes attr;
+
+		attr.setFlags(vmime::net::folderAttributes::FLAG_HAS_CHILDREN);
+		attr.setUserFlags(userFlags);
+
+		vmime::net::folderAttributes attr2(attr);
+
+		VASSERT("flags", attr2.getFlags() == attr.getFlags());
+		VASSERT("user-flags", attr2.getUserFlags() == attr.getUserFlags());
+	}
+
+	void testSetType() {
+
+		vmime::net::folderAttributes attr;
+		attr.setType(vmime::net::folderAttributes::TYPE_CONTAINS_FOLDERS);
+
+		VASSERT_EQ("eq", vmime::net::folderAttributes::TYPE_CONTAINS_FOLDERS, attr.getType());
+	}
+
+	void testSetFlags() {
+
+		vmime::net::folderAttributes attr;
+		attr.setFlags(vmime::net::folderAttributes::FLAG_HAS_CHILDREN);
+
+		VASSERT_EQ("eq", vmime::net::folderAttributes::FLAG_HAS_CHILDREN, attr.getFlags());
+	}
+
+	void testHasFlag() {
+
+		vmime::net::folderAttributes attr;
+		attr.setFlags(vmime::net::folderAttributes::FLAG_HAS_CHILDREN);
+
+		VASSERT("has", attr.hasFlag(vmime::net::folderAttributes::FLAG_HAS_CHILDREN));
+		VASSERT("has-not", !attr.hasFlag(vmime::net::folderAttributes::FLAG_NO_OPEN));
+	}
+
+	void testSetUserFlags() {
+
+		std::vector <vmime::string> userFlags;
+		userFlags.push_back("\\XMyFlag1");
+		userFlags.push_back("\\XMyFlag2");
+		userFlags.push_back("\\XMyFlag3");
+
+		vmime::net::folderAttributes attr;
+		attr.setUserFlags(userFlags);
+
+		VASSERT("eq", attr.getUserFlags() == userFlags);
+	}
+
+	void testHasUserFlag() {
+
+		std::vector <vmime::string> userFlags;
+		userFlags.push_back("\\XMyFlag1");
+		userFlags.push_back("\\XMyFlag2");
+		userFlags.push_back("\\XMyFlag3");
+
+		vmime::net::folderAttributes attr;
+		attr.setUserFlags(userFlags);
+
+		VASSERT("has", attr.hasUserFlag("\\XMyFlag1"));
+		VASSERT("has-casesensitive", !attr.hasUserFlag("\\xmyflag1"));
+		VASSERT("has-not", !attr.hasUserFlag("\\XMyFlag4"));
+	}
+
+	void testSetSpecialUse() {
+
+		const int use = vmime::net::folderAttributes::SPECIALUSE_JUNK
+			| vmime::net::folderAttributes::SPECIALUSE_TRASH;
+
+		vmime::net::folderAttributes attr;
+		attr.setSpecialUse(use);
+
+		VASSERT_EQ("eq", use, attr.getSpecialUse());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/imap/IMAPCommandTest.cpp b/vmime-master/tests/net/imap/IMAPCommandTest.cpp
new file mode 100644
index 0000000..cf3446d
--- /dev/null
+++ b/vmime-master/tests/net/imap/IMAPCommandTest.cpp
@@ -0,0 +1,495 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/imap/IMAPCommand.hpp"
+#include "vmime/net/imap/IMAPStore.hpp"
+#include "vmime/net/imap/IMAPConnection.hpp"
+
+
+using namespace vmime::net::imap;
+
+
+VMIME_TEST_SUITE_BEGIN(IMAPCommandTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testCreateCommand)
+		VMIME_TEST(testCreateCommandParams)
+		VMIME_TEST(testLOGIN)
+		VMIME_TEST(testAUTHENTICATE)
+		VMIME_TEST(testAUTHENTICATE_InitialResponse)
+		VMIME_TEST(testLIST)
+		VMIME_TEST(testSELECT)
+		VMIME_TEST(testSTATUS)
+		VMIME_TEST(testCREATE)
+		VMIME_TEST(testDELETE)
+		VMIME_TEST(testRENAME)
+		VMIME_TEST(testFETCH)
+		VMIME_TEST(testSTORE)
+		VMIME_TEST(testAPPEND)
+		VMIME_TEST(testCOPY)
+		VMIME_TEST(testSEARCH)
+		VMIME_TEST(testSTARTTLS)
+		VMIME_TEST(testCAPABILITY)
+		VMIME_TEST(testNOOP)
+		VMIME_TEST(testEXPUNGE)
+		VMIME_TEST(testCLOSE)
+		VMIME_TEST(testLOGOUT)
+		VMIME_TEST(testSend)
+	VMIME_TEST_LIST_END
+
+
+	void testCreateCommand() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::createCommand("MY_COMMAND");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND", cmd->getText());
+	}
+
+	void testCreateCommandParams() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::createCommand("MY_COMMAND param1 param2");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND param1 param2", cmd->getText());
+	}
+
+	void testLOGIN() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::LOGIN("username", "password");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "LOGIN username password", cmd->getText());
+		VASSERT_EQ("Trace Text", "LOGIN {username} {password}", cmd->getTraceText());
+	}
+
+	void testAUTHENTICATE() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::AUTHENTICATE("saslmechanism");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTHENTICATE saslmechanism", cmd->getText());
+	}
+
+	void testAUTHENTICATE_InitialResponse() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::AUTHENTICATE("saslmechanism", "initial-response");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTHENTICATE saslmechanism initial-response", cmd->getText());
+	}
+
+	void testLIST() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::LIST("ref-name", "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "LIST ref-name mailbox-name", cmd->getText());
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote = IMAPCommand::LIST("ref name", "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "LIST \"ref name\" mailbox-name", cmdQuote->getText());
+	}
+
+	void testSELECT() {
+
+		std::vector <vmime::string> params;
+		params.push_back("param-1");
+		params.push_back("param-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmdRO = IMAPCommand::SELECT(
+			/* readOnly */ true, "mailbox-name", std::vector <vmime::string>()
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdRO);
+		VASSERT_EQ("Text", "EXAMINE mailbox-name", cmdRO->getText());
+
+		vmime::shared_ptr <IMAPCommand> cmdROQuote = IMAPCommand::SELECT(
+			/* readOnly */ true, "mailbox name", std::vector <vmime::string>()
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdROQuote);
+		VASSERT_EQ("Text", "EXAMINE \"mailbox name\"", cmdROQuote->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdRW = IMAPCommand::SELECT(
+			/* readOnly */ false, "mailbox-name", std::vector <vmime::string>()
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdRW);
+		VASSERT_EQ("Text", "SELECT mailbox-name", cmdRW->getText());
+
+		vmime::shared_ptr <IMAPCommand> cmdRWParams = IMAPCommand::SELECT(
+			/* readOnly */ false, "mailbox-name", params
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdRWParams);
+		VASSERT_EQ("Text", "SELECT mailbox-name (param-1 param-2)", cmdRWParams->getText());
+
+		vmime::shared_ptr <IMAPCommand> cmdRWQuote = IMAPCommand::SELECT(
+			/* readOnly */ false, "mailbox name", std::vector <vmime::string>()
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdRWQuote);
+		VASSERT_EQ("Text", "SELECT \"mailbox name\"", cmdRWQuote->getText());
+	}
+
+	void testSTATUS() {
+
+		std::vector <vmime::string> attribs;
+		attribs.push_back("attrib-1");
+		attribs.push_back("attrib-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::STATUS("mailbox-name", attribs);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "STATUS mailbox-name (attrib-1 attrib-2)", cmd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::STATUS("mailbox name", attribs);
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "STATUS \"mailbox name\" (attrib-1 attrib-2)", cmdQuote->getText());
+	}
+
+	void testCREATE() {
+
+		std::vector <vmime::string> params;
+		params.push_back("param-1");
+		params.push_back("param-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::CREATE("mailbox-name", params);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "CREATE mailbox-name (param-1 param-2)", cmd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::CREATE("mailbox name", params);
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "CREATE \"mailbox name\" (param-1 param-2)", cmdQuote->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNoParam =
+			IMAPCommand::CREATE("mailbox-name", std::vector <vmime::string>());
+
+		VASSERT_NOT_NULL("Not null", cmdNoParam);
+		VASSERT_EQ("Text", "CREATE mailbox-name", cmdNoParam->getText());
+	}
+
+	void testDELETE() {
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::DELETE("mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "DELETE mailbox-name", cmd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::DELETE("mailbox name");
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "DELETE \"mailbox name\"", cmdQuote->getText());
+	}
+
+	void testRENAME() {
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::RENAME("mailbox-name", "new-mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RENAME mailbox-name new-mailbox-name", cmd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::RENAME("mailbox name", "new mailbox name");
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "RENAME \"mailbox name\" \"new mailbox name\"", cmdQuote->getText());
+	}
+
+	void testFETCH() {
+
+		std::vector <vmime::string> params;
+		params.push_back("param-1");
+		params.push_back("param-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNum =
+			IMAPCommand::FETCH(vmime::net::messageSet::byNumber(42), params);
+
+		VASSERT_NOT_NULL("Not null", cmdNum);
+		VASSERT_EQ("Text", "FETCH 42 (param-1 param-2)", cmdNum->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNums =
+			IMAPCommand::FETCH(vmime::net::messageSet::byNumber(42, 47), params);
+
+		VASSERT_NOT_NULL("Not null", cmdNums);
+		VASSERT_EQ("Text", "FETCH 42:47 (param-1 param-2)", cmdNums->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUID =
+			IMAPCommand::FETCH(vmime::net::messageSet::byUID(42), params);
+
+		VASSERT_NOT_NULL("Not null", cmdUID);
+		VASSERT_EQ("Text", "UID FETCH 42 (param-1 param-2)", cmdUID->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUIDs =
+			IMAPCommand::FETCH(vmime::net::messageSet::byUID(42, 47), params);
+
+		VASSERT_NOT_NULL("Not null", cmdUIDs);
+		VASSERT_EQ("Text", "UID FETCH 42:47 (param-1 param-2)", cmdUIDs->getText());
+	}
+
+	void testSTORE() {
+
+		std::vector <vmime::string> flags;
+		flags.push_back("flag-1");
+		flags.push_back("flag-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNum = IMAPCommand::STORE(
+			vmime::net::messageSet::byNumber(42), vmime::net::message::FLAG_MODE_SET, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdNum);
+		VASSERT_EQ("Text", "STORE 42 FLAGS (flag-1 flag-2)", cmdNum->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNums = IMAPCommand::STORE(
+			vmime::net::messageSet::byNumber(42, 47), vmime::net::message::FLAG_MODE_SET, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdNums);
+		VASSERT_EQ("Text", "STORE 42:47 FLAGS (flag-1 flag-2)", cmdNums->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUID = IMAPCommand::STORE(
+			vmime::net::messageSet::byUID(42), vmime::net::message::FLAG_MODE_SET, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdUID);
+		VASSERT_EQ("Text", "UID STORE 42 FLAGS (flag-1 flag-2)", cmdUID->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUIDs = IMAPCommand::STORE(
+			vmime::net::messageSet::byUID(42, 47), vmime::net::message::FLAG_MODE_SET, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdUIDs);
+		VASSERT_EQ("Text", "UID STORE 42:47 FLAGS (flag-1 flag-2)", cmdUIDs->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdAdd = IMAPCommand::STORE(
+			vmime::net::messageSet::byUID(42, 47), vmime::net::message::FLAG_MODE_ADD, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdAdd);
+		VASSERT_EQ("Text", "UID STORE 42:47 +FLAGS (flag-1 flag-2)", cmdAdd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdRem = IMAPCommand::STORE(
+			vmime::net::messageSet::byUID(42, 47), vmime::net::message::FLAG_MODE_REMOVE, flags
+		);
+
+		VASSERT_NOT_NULL("Not null", cmdRem);
+		VASSERT_EQ("Text", "UID STORE 42:47 -FLAGS (flag-1 flag-2)", cmdRem->getText());
+	}
+
+	void testAPPEND() {
+
+		std::vector <vmime::string> flags;
+		flags.push_back("flag-1");
+		flags.push_back("flag-2");
+
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::APPEND("mailbox-name", flags, /* date */ NULL, 1234);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "APPEND mailbox-name (flag-1 flag-2) {1234}", cmd->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::APPEND("mailbox name", flags, /* date */ NULL, 1234);
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "APPEND \"mailbox name\" (flag-1 flag-2) {1234}", cmdQuote->getText());
+
+
+		vmime::datetime date(2014, 3, 15, 23, 11, 47, vmime::datetime::GMT2);
+		vmime::shared_ptr <IMAPCommand> cmdDate =
+			IMAPCommand::APPEND("mailbox name", flags, &date, 1234);
+
+		VASSERT_NOT_NULL("Not null", cmdDate);
+		VASSERT_EQ("Text", "APPEND \"mailbox name\" (flag-1 flag-2) \"15-Mar-2014 23:11:47 +0200\" {1234}", cmdDate->getText());
+	}
+
+	void testCOPY() {
+
+		vmime::shared_ptr <IMAPCommand> cmdNum =
+			IMAPCommand::COPY(vmime::net::messageSet::byNumber(42), "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmdNum);
+		VASSERT_EQ("Text", "COPY 42 mailbox-name", cmdNum->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdNums =
+			IMAPCommand::COPY(vmime::net::messageSet::byNumber(42, 47), "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmdNums);
+		VASSERT_EQ("Text", "COPY 42:47 mailbox-name", cmdNums->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUID =
+			IMAPCommand::COPY(vmime::net::messageSet::byUID(42), "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmdUID);
+		VASSERT_EQ("Text", "UID COPY 42 mailbox-name", cmdUID->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdUIDs =
+			IMAPCommand::COPY(vmime::net::messageSet::byUID(42, 47), "mailbox-name");
+
+		VASSERT_NOT_NULL("Not null", cmdUIDs);
+		VASSERT_EQ("Text", "UID COPY 42:47 mailbox-name", cmdUIDs->getText());
+
+
+		vmime::shared_ptr <IMAPCommand> cmdQuote =
+			IMAPCommand::COPY(vmime::net::messageSet::byNumber(42, 47), "mailbox name");
+
+		VASSERT_NOT_NULL("Not null", cmdQuote);
+		VASSERT_EQ("Text", "COPY 42:47 \"mailbox name\"", cmdQuote->getText());
+	}
+
+	void testSEARCH() {
+
+		std::vector <vmime::string> searchKeys;
+		searchKeys.push_back("search-key-1");
+		searchKeys.push_back("search-key-2");
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::SEARCH(searchKeys, /* charset */ NULL);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "SEARCH search-key-1 search-key-2", cmd->getText());
+
+
+		vmime::charset cset("test-charset");
+
+		vmime::shared_ptr <IMAPCommand> cmdCset =
+			IMAPCommand::SEARCH(searchKeys, &cset);
+
+		VASSERT_NOT_NULL("Not null", cmdCset);
+		VASSERT_EQ("Text", "SEARCH CHARSET test-charset search-key-1 search-key-2", cmdCset->getText());
+	}
+
+	void testSTARTTLS() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::STARTTLS();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "STARTTLS", cmd->getText());
+	}
+
+	void testCAPABILITY() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::CAPABILITY();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "CAPABILITY", cmd->getText());
+	}
+
+	void testNOOP() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::NOOP();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "NOOP", cmd->getText());
+	}
+
+	void testEXPUNGE() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::EXPUNGE();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "EXPUNGE", cmd->getText());
+	}
+
+	void testCLOSE() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::CLOSE();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "CLOSE", cmd->getText());
+	}
+
+	void testLOGOUT() {
+
+		vmime::shared_ptr <IMAPCommand> cmd = IMAPCommand::LOGOUT();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "LOGOUT", cmd->getText());
+	}
+
+	void testSend() {
+
+		vmime::shared_ptr <IMAPCommand> cmd =
+			IMAPCommand::createCommand("MY_COMMAND param1 param2");
+
+		vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::security::authenticator> auth =
+			vmime::make_shared <vmime::security::defaultAuthenticator>();
+
+		vmime::shared_ptr <IMAPStore> store =
+			vmime::make_shared <IMAPStore>(sess, auth, /* secured */ false);
+
+		vmime::shared_ptr <IMAPConnection> conn =
+			vmime::make_shared <IMAPConnection>(store, auth);
+
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+		conn->setSocket(sok);
+
+		cmd->send(conn);
+
+		vmime::string response;
+		sok->localReceive(response);
+
+		VASSERT_EQ("Sent buffer", vmime::string(*conn->getTag()) + " MY_COMMAND param1 param2\r\n", response);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/imap/IMAPParserTest.cpp b/vmime-master/tests/net/imap/IMAPParserTest.cpp
new file mode 100644
index 0000000..60ce16d
--- /dev/null
+++ b/vmime-master/tests/net/imap/IMAPParserTest.cpp
@@ -0,0 +1,374 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/imap/IMAPTag.hpp"
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(IMAPParserTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testExtraSpaceInCapaResponse)
+		VMIME_TEST(testContinueReqWithoutSpace)
+		VMIME_TEST(testNILValueInBodyFldEnc)
+		VMIME_TEST(testFETCHResponse_optional_body_fld_lang)
+		VMIME_TEST(testFETCHBodyStructure_NIL_body_fld_param_value)
+		VMIME_TEST(testFETCHBodyStructure_empty_body_fld_param_instead_of_NIL)
+		VMIME_TEST(testPipelining)
+		VMIME_TEST(testStarFlagWithoutBackslash)
+	VMIME_TEST_LIST_END
+
+
+	// For Apple iCloud IMAP server
+	void testExtraSpaceInCapaResponse() {
+
+		const char* resp =
+			"* CAPABILITY IMAP4rev1 AUTH=ATOKEN AUTH=PLAIN \r\n"  // extra space at end
+			"a001 OK Capability completed.\r\n";
+
+		// Strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(true);
+
+			VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+		}
+
+		// Non-strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(false);
+
+			VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+		}
+	}
+
+	// For Apple iCloud/Exchange IMAP server
+	void testContinueReqWithoutSpace() {
+
+		// continue_req   ::= "+" SPACE (resp_text / base64)
+		//
+		// Some servers do not send SPACE when response text is empty.
+		// IMAP parser should allow this in non-strict mode.
+		//
+		// Eg:
+		//
+		//   C: a002 AUTHENTICATE xxx[CR][LF]
+		//   S: +[CR][LF]
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+				vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		socket->localSend("+\r\n");
+
+		vmime::shared_ptr <vmime::net::imap::IMAPParser> parser =
+			vmime::make_shared <vmime::net::imap::IMAPParser>();
+
+		parser->setSocket(socket);
+		parser->setTimeoutHandler(toh);
+
+		parser->setStrict(false);
+		VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+
+		++(*tag);
+
+		socket->localSend("+\r\n");
+
+		parser->setStrict(true);
+		VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+	}
+
+	// When an IMAP4 client sends a FETCH (bodystructure) request to a server
+	// that is running the Exchange Server 2007 IMAP4 service, a corrupted
+	// response is sent as a reply
+	// --> http://support.microsoft.com/kb/975918/en-us
+	void testNILValueInBodyFldEnc() {
+
+		const char* resp = "* 7970 FETCH (UID 8036 FLAGS () BODYSTRUCTURE (\"text\" \"html\" (\"charset\" \"utf-8\") NIL NIL NIL 175501 1651 NIL NIL NIL NIL) RFC822.HEADER {3}\r\nx\r\n)\r\na001 OK FETCH complete\r\n";
+
+		// Strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(true);
+
+			VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+		}
+
+		// Non-strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(false);
+
+			VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+		}
+	}
+
+	// "body_fld_lang" is optional after "body_fld_dsp" in "body_ext_mpart" (Yahoo)
+	void testFETCHResponse_optional_body_fld_lang() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+			vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		const char* resp = "* 1 FETCH (UID 7 RFC822.SIZE 694142 BODYSTRUCTURE (((\"text\" \"plain\" (\"charset\" \"utf-8\") NIL NIL \"7bit\" 0 0 NIL NIL NIL NIL)(\"text\" \"html\" (\"charset\" \"utf-8\") NIL NIL \"7bit\" 193 0 NIL NIL NIL NIL) \"alternative\" (\"boundary\" \"----=_Part_536_109505883.1410847112666\") NIL)(\"image\" \"jpeg\" NIL \"<4db20d0e-e9f8-729b-aaf7-688b5956d0bc@yahoo.com>\" NIL \"base64\" 351784 NIL (\"attachment\" (\"name\" \"att2\" \"filename\" \"9.jpg\")) NIL NIL)(\"image\" \"jpeg\" NIL \"<542417d7-c0ed-db72-f9fc-d9ab2c7e0a6f@yahoo.com>\" NIL \"base64\" 337676 NIL (\"attachment\" (\"name\" \"att3\" \"filename\" \"10.jpg\")) NIL NIL) \"mixed\" (\"boundary\" \"----=_Part_537_1371134700.1410847112668\") NIL) RFC822.HEADER {3}\r\nx\r\n)\r\na001 OK FETCH complete\r\n";
+
+		socket->localSend(resp);
+
+		vmime::shared_ptr <vmime::net::imap::IMAPParser> parser =
+			vmime::make_shared <vmime::net::imap::IMAPParser>();
+
+		parser->setSocket(socket);
+		parser->setTimeoutHandler(toh);
+
+		VASSERT_NO_THROW("parse", parser->readResponse(*tag));
+	}
+
+	// Support for NIL boundary, for mail.ru IMAP server:
+	// https://www.ietf.org/mail-archive/web/imapext/current/msg05442.html
+	void testFETCHBodyStructure_NIL_body_fld_param_value() {
+
+		// ...("boundary" NIL)))... is an invalid syntax for a "body_fld_param_item"
+		const char* resp = "* 1 FETCH (BODYSTRUCTURE ((\"text\" \"plain\" (\"charset\" \"utf-8\") NIL NIL \"8bit\" 536 0 NIL NIL NIL NIL)(\"text\" \"html\" (\"charset\" \"utf-8\") NIL NIL \"8bit\" 7130 0 NIL NIL NIL NIL) \"alternative\" (\"boundary\" NIL)))\r\na001 OK FETCH complete\r\n";
+
+		// Strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(true);
+
+			VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+		}
+
+		// Non-strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(false);
+
+			VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+		}
+	}
+
+	void testFETCHBodyStructure_empty_body_fld_param_instead_of_NIL() {
+
+		const char* resp = "* 1 FETCH (BODYSTRUCTURE ((\"text\" \"html\" (\"charset\" \"cp1251\") NIL NIL \"base64\" 84056 0 NIL (\"inline\" NIL) NIL NIL)(\"image\" \"gif\" () \"25b2b55b5d97f04e9ea939fe32a46a65.gif\" NIL \"base64\" 20776 NIL (\"inline\" NIL) NIL NIL) \"related\" (\"boundary\" NIL)))\r\na001 OK FETCH complete\r\n";
+
+		// Strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(true);
+
+			VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+		}
+
+		// Non-strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(vmime::make_shared <testTimeoutHandler>());
+			parser->setStrict(false);
+
+			VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+		}
+	}
+
+	// Test pipelined and out-of-order replies
+	void testPipelining() {
+
+		/*
+		[C] a001 SELECT "INBOX"
+		[C] a002 UID FETCH 42 (INTERNALDATE)
+		[C] a003 UID FETCH 43 (INTERNALDATE)
+		[S] * NO Error for a001
+		[S] a001 NO Access denied
+		[S] * NO Error for a003
+		[S] a003 BAD No mailbox selected
+		[S] * NO Error for a002
+		[S] a002 BAD No mailbox selected
+		*/
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::net::imap::IMAPTag tag1;  // a001
+		vmime::net::imap::IMAPTag tag2(tag1);  // a002
+		++tag2;
+		vmime::net::imap::IMAPTag tag3(tag2);  // a003
+		++tag3;
+
+		socket->localSend(
+			"* NO Error for a001\r\n"
+			"a001 NO Access denied\r\n"
+			"* NO Error for a003\r\n"
+			"a003 BAD No mailbox selected a003\r\n"
+			"* NO Error for a002\r\n"
+			"a002 BAD No mailbox selected a002\r\n"
+		);
+
+		vmime::shared_ptr <vmime::net::imap::IMAPParser> parser =
+			vmime::make_shared <vmime::net::imap::IMAPParser>();
+
+		parser->setSocket(socket);
+		parser->setTimeoutHandler(toh);
+
+		// Test response a001
+		vmime::scoped_ptr <vmime::net::imap::IMAPParser::response> resp1(parser->readResponse(tag1, /* literalHandler */ NULL));
+		VASSERT("a001 response", resp1);
+		VASSERT("a001 response_done", resp1->response_done);
+		VASSERT_EQ("a001 response tag", "a001", resp1->response_done->response_tagged->tag->tagString);
+		VASSERT_EQ("a001 response text", "Access denied", resp1->response_done->response_tagged->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a001 resp_data.size()", 1, resp1->continue_req_or_response_data.size());
+		VASSERT("a001 resp_data[0]", resp1->continue_req_or_response_data[0]->response_data);
+		VASSERT("a001 resp_cond_state", resp1->continue_req_or_response_data[0]->response_data->resp_cond_state);
+		VASSERT_EQ("a001 resp_cond_state.text", "Error for a001", resp1->continue_req_or_response_data[0]->response_data->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a001 resp_cond_state.status", vmime::net::imap::IMAPParser::resp_cond_state::NO, resp1->continue_req_or_response_data[0]->response_data->resp_cond_state->status);
+
+		// Test response a002
+		vmime::scoped_ptr <vmime::net::imap::IMAPParser::response> resp2(parser->readResponse(tag2, /* literalHandler */ NULL));
+		VASSERT("a002 response", resp2);
+		VASSERT("a002 response_done", resp2->response_done);
+		VASSERT_EQ("a002 response tag", "a002", resp2->response_done->response_tagged->tag->tagString);
+		VASSERT_EQ("a002 response text", "No mailbox selected a002", resp2->response_done->response_tagged->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a002 resp_data.size()", 1, resp2->continue_req_or_response_data.size());
+		VASSERT("a002 resp_data[0]", resp2->continue_req_or_response_data[0]->response_data);
+		VASSERT("a002 resp_cond_state", resp2->continue_req_or_response_data[0]->response_data->resp_cond_state);
+		VASSERT_EQ("a002 resp_cond_state.text", "Error for a002", resp2->continue_req_or_response_data[0]->response_data->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a002 resp_cond_state.status", vmime::net::imap::IMAPParser::resp_cond_state::NO, resp2->continue_req_or_response_data[0]->response_data->resp_cond_state->status);
+
+		// Test response a003
+		vmime::scoped_ptr <vmime::net::imap::IMAPParser::response> resp3(parser->readResponse(tag3, /* literalHandler */ NULL));
+		VASSERT("a003 response", resp3);
+		VASSERT("a003 response_done", resp3->response_done);
+		VASSERT_EQ("a003 response tag", "a003", resp3->response_done->response_tagged->tag->tagString);
+		VASSERT_EQ("a003 response text", "No mailbox selected a003", resp3->response_done->response_tagged->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a003 resp_data.size()", 1, resp3->continue_req_or_response_data.size());
+		VASSERT("a003 resp_data[0]", resp3->continue_req_or_response_data[0]->response_data);
+		VASSERT("a003 resp_cond_state", resp3->continue_req_or_response_data[0]->response_data->resp_cond_state);
+		VASSERT_EQ("a003 resp_cond_state.text", "Error for a003", resp3->continue_req_or_response_data[0]->response_data->resp_cond_state->resp_text->text);
+		VASSERT_EQ("a003 resp_cond_state.status", vmime::net::imap::IMAPParser::resp_cond_state::NO, resp3->continue_req_or_response_data[0]->response_data->resp_cond_state->status);
+	}
+
+	// Some IMAP servers return "*" instead of "\*" in PERMANENTFLAGS
+	void testStarFlagWithoutBackslash() {
+
+		const char* resp =
+			"* OK [PERMANENTFLAGS (Answered Flagged Deleted Seen Draft *)] Flags permitted.\r\n"
+			"a001 OK Completed.\r\n";
+
+		// Strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			auto toh = vmime::make_shared <testTimeoutHandler>();
+
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(toh);
+			parser->setStrict(true);
+
+			VASSERT_THROW("strict mode", parser->readResponse(*tag), vmime::exceptions::invalid_response);
+		}
+
+		// Non-strict mode
+		{
+			auto socket = vmime::make_shared <testSocket>();
+			auto toh = vmime::make_shared <testTimeoutHandler>();
+
+			auto tag = vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+			socket->localSend(resp);
+
+			auto parser = vmime::make_shared <vmime::net::imap::IMAPParser>();
+
+			parser->setSocket(socket);
+			parser->setTimeoutHandler(toh);
+			parser->setStrict(false);
+
+			VASSERT_NO_THROW("non-strict mode", parser->readResponse(*tag));
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/imap/IMAPTagTest.cpp b/vmime-master/tests/net/imap/IMAPTagTest.cpp
new file mode 100644
index 0000000..c8e09b6
--- /dev/null
+++ b/vmime-master/tests/net/imap/IMAPTagTest.cpp
@@ -0,0 +1,90 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/imap/IMAPTag.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(imapTagTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConstruct)
+		VMIME_TEST(testIncrement)
+		VMIME_TEST(testReset)
+		VMIME_TEST(testNumber)
+	VMIME_TEST_LIST_END
+
+
+	void testConstruct() {
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+			vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		VASSERT_EQ("init", "a001", static_cast <vmime::string>(*tag));
+	}
+
+	void testIncrement() {
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+			vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		(*tag)++;
+		VASSERT_EQ("init", "a002", static_cast <vmime::string>(*tag));
+
+		(*tag)++;
+		VASSERT_EQ("init", "a003", static_cast <vmime::string>(*tag));
+
+		(*tag)++;
+		VASSERT_EQ("init", "a004", static_cast <vmime::string>(*tag));
+	}
+
+	void testReset() {
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+			vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		for (int i = tag->number() ; i < tag->maximumNumber() ; ++i) {
+			(*tag)++;
+		}
+
+		VASSERT_EQ("last", "Z999", static_cast <vmime::string>(*tag));
+
+		(*tag)++;
+
+		VASSERT_EQ("reset", "a001", static_cast <vmime::string>(*tag));
+	}
+
+	void testNumber() {
+
+		vmime::shared_ptr <vmime::net::imap::IMAPTag> tag =
+			vmime::make_shared <vmime::net::imap::IMAPTag>();
+
+		for (int i = 0 ; i < 41 ; ++i) {
+			(*tag)++;
+		}
+
+		VASSERT_EQ("number", 42, tag->number());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/imap/IMAPUtilsTest.cpp b/vmime-master/tests/net/imap/IMAPUtilsTest.cpp
new file mode 100644
index 0000000..b707fd0
--- /dev/null
+++ b/vmime-master/tests/net/imap/IMAPUtilsTest.cpp
@@ -0,0 +1,283 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/imap/IMAPUtils.hpp"
+#include "vmime/net/imap/IMAPParser.hpp"
+
+
+using namespace vmime::net::imap;
+
+
+
+VMIME_TEST_SUITE_BEGIN(IMAPUtilsTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testQuoteString)
+		VMIME_TEST(testToModifiedUTF7)
+		VMIME_TEST(testFromModifiedUTF7)
+		VMIME_TEST(testConvertAddressList)
+		VMIME_TEST(testMessageFlagList)
+		VMIME_TEST(testDateTime)
+		VMIME_TEST(testPathToString)
+		VMIME_TEST(testStringToPath)
+		VMIME_TEST(testBuildFetchCommand)
+	VMIME_TEST_LIST_END
+
+
+	void testQuoteString() {
+
+		VASSERT_EQ("unquoted", "ascii", IMAPUtils::quoteString("ascii"));
+		VASSERT_EQ("space", "\"ascii with space\"", IMAPUtils::quoteString("ascii with space"));
+
+		VASSERT_EQ("special1", "\"(\"", IMAPUtils::quoteString("("));
+		VASSERT_EQ("special2", "\")\"", IMAPUtils::quoteString(")"));
+		VASSERT_EQ("special3", "\"{\"", IMAPUtils::quoteString("{"));
+		VASSERT_EQ("special4", "\" \"", IMAPUtils::quoteString(" "));
+		VASSERT_EQ("special5", "\"%\"", IMAPUtils::quoteString("%"));
+		VASSERT_EQ("special6", "\"*\"", IMAPUtils::quoteString("*"));
+		VASSERT_EQ("special7", "\"\\\"\"", IMAPUtils::quoteString("\""));
+		VASSERT_EQ("special8", "\"\\\\\"", IMAPUtils::quoteString("\\"));
+		VASSERT_EQ("special9", "\"\x7f\"", IMAPUtils::quoteString("\x7f"));
+
+	}
+
+	void testToModifiedUTF7() {
+
+		#define FC(x) vmime::net::folder::path::component(x, vmime::charsets::UTF_8)
+
+		// Example strings from RFC-1642 (modified for IMAP UTF-7)
+		VASSERT_EQ("1", "A&ImIDkQ-.", IMAPUtils::toModifiedUTF7('/', FC("A\xe2\x89\xa2\xce\x91.")));
+		VASSERT_EQ("2", "Hi Mum &Jjo-!", IMAPUtils::toModifiedUTF7('/', FC("Hi Mum \xe2\x98\xba!")));
+		VASSERT_EQ("3", "&ZeVnLIqe-", IMAPUtils::toModifiedUTF7('/', FC("\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e")));
+		VASSERT_EQ("4", "Item 3 is &AKM- 1.", IMAPUtils::toModifiedUTF7('/', FC("Item 3 is \xc2\xa3 1.")));
+
+		VASSERT_EQ("escape char", "&-", IMAPUtils::toModifiedUTF7('/', FC("&")));
+		VASSERT_EQ("ascii", "plain ascii text", IMAPUtils::toModifiedUTF7('/', FC("plain ascii text")));
+		VASSERT_EQ("special", "!\"#$%*+-;<=>@[]^_`{|}", IMAPUtils::toModifiedUTF7('/', FC("!\"#$%*+-;<=>@[]^_`{|}")));
+
+		#undef FC
+	}
+
+	void testFromModifiedUTF7() {
+
+		#define FC(x) vmime::net::folder::path::component(x, vmime::charsets::UTF_8)
+
+		// Example strings from RFC-1642 (modified for IMAP UTF-7)
+		VASSERT_EQ("1", FC("A\xe2\x89\xa2\xce\x91."), IMAPUtils::fromModifiedUTF7("A&ImIDkQ-."));
+		VASSERT_EQ("2", FC("Hi Mum \xe2\x98\xba!"), IMAPUtils::fromModifiedUTF7("Hi Mum &Jjo-!"));
+		VASSERT_EQ("3", FC("\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e"), IMAPUtils::fromModifiedUTF7("&ZeVnLIqe-"));
+		VASSERT_EQ("4", FC("Item 3 is \xc2\xa3 1."), IMAPUtils::fromModifiedUTF7("Item 3 is &AKM- 1."));
+
+		VASSERT_EQ("escape char", FC("&"), IMAPUtils::fromModifiedUTF7("&-"));
+		VASSERT_EQ("ascii", FC("plain ascii text"), IMAPUtils::fromModifiedUTF7("plain ascii text"));
+		VASSERT_EQ("special", FC("!\"#$%*+;<=>@[]^_`{|}"), IMAPUtils::fromModifiedUTF7("!\"#$%*+-;<=>@[]^_`{|}"));
+
+		#undef FC
+	}
+
+	void testConvertAddressList() {
+
+		IMAPParser parser;
+		IMAPParser::address_list addrList;
+
+		vmime::string line("((\"name\" NIL \"mailbox\" \"host\")(\"name2\" NIL \"mailbox2\" \"host2\"))");
+		vmime::size_t pos = 0;
+
+		VASSERT("parse", addrList.parseImpl(parser, line, &pos));
+
+		vmime::mailboxList mboxList;
+		IMAPUtils::convertAddressList(addrList, mboxList);
+
+		VASSERT_EQ("mbox-count", 2, mboxList.getMailboxCount());
+		VASSERT_EQ("mbox-1", "mailbox@host", mboxList.getMailboxAt(0)->getEmail().toString());
+		VASSERT_EQ("mbox-1", "name", mboxList.getMailboxAt(0)->getName().getWholeBuffer());
+		VASSERT_EQ("mbox-2", "mailbox2@host2", mboxList.getMailboxAt(1)->getEmail().toString());
+		VASSERT_EQ("mbox-2", "name2", mboxList.getMailboxAt(1)->getName().getWholeBuffer());
+	}
+
+	void testMessageFlagList() {
+
+		int flags = 0;
+		std::vector <vmime::string> flagList;
+
+		// Test each flag
+		flags = vmime::net::message::FLAG_REPLIED;
+		flagList = IMAPUtils::messageFlagList(flags);
+		VASSERT("replied", std::find(flagList.begin(), flagList.end(), "\\Answered") != flagList.end());
+
+		flags = vmime::net::message::FLAG_MARKED;
+		flagList = IMAPUtils::messageFlagList(flags);
+		VASSERT("marked", std::find(flagList.begin(), flagList.end(), "\\Flagged") != flagList.end());
+
+		flags = vmime::net::message::FLAG_DELETED;
+		flagList = IMAPUtils::messageFlagList(flags);
+		VASSERT("deleted", std::find(flagList.begin(), flagList.end(), "\\Deleted") != flagList.end());
+
+		flags = vmime::net::message::FLAG_SEEN;
+		flagList = IMAPUtils::messageFlagList(flags);
+		VASSERT("seen", std::find(flagList.begin(), flagList.end(), "\\Seen") != flagList.end());
+
+		flags = vmime::net::message::FLAG_DRAFT;
+		flagList = IMAPUtils::messageFlagList(flags);
+		VASSERT("draft", std::find(flagList.begin(), flagList.end(), "\\Draft") != flagList.end());
+
+		// Multiple flags
+		flags = vmime::net::message::FLAG_REPLIED;
+		flagList = IMAPUtils::messageFlagList(flags);
+
+		VASSERT_EQ("1.size", 1, flagList.size());
+		VASSERT("1.found", std::find(flagList.begin(), flagList.end(), "\\Answered") != flagList.end());
+
+		flags |= vmime::net::message::FLAG_SEEN;
+		flagList = IMAPUtils::messageFlagList(flags);
+
+		VASSERT_EQ("2.size", 2, flagList.size());
+		VASSERT("2.found1", std::find(flagList.begin(), flagList.end(), "\\Answered") != flagList.end());
+		VASSERT("2.found2", std::find(flagList.begin(), flagList.end(), "\\Seen") != flagList.end());
+	}
+
+	void testDateTime() {
+
+		vmime::datetime dt(2014, 3, 17, 23, 26, 22, vmime::datetime::GMT2);
+		VASSERT_EQ("datetime", "\"17-Mar-2014 23:26:22 +0200\"", IMAPUtils::dateTime(dt));
+	}
+
+	void testPathToString() {
+
+		#define FC(x) vmime::net::folder::path::component(x, vmime::charsets::UTF_8)
+
+		vmime::net::folder::path path;
+		path /= FC("Hi Mum \xe2\x98\xba!");
+		path /= FC("\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e");
+
+		VASSERT_EQ("string", "Hi Mum &Jjo-!/&ZeVnLIqe-", IMAPUtils::pathToString('/', path));
+
+		#undef FC
+	}
+
+	void testStringToPath() {
+
+		#define FC(x) vmime::net::folder::path::component(x, vmime::charsets::UTF_8)
+
+		vmime::net::folder::path path = IMAPUtils::stringToPath('/', "Hi Mum &Jjo-!/&ZeVnLIqe-");
+
+		VASSERT_EQ("count", 2, path.getSize());
+		VASSERT_EQ("component1", FC("Hi Mum \xe2\x98\xba!"), path[0]);
+		VASSERT_EQ("component2", FC("\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e"), path[1]);
+
+		#undef FC
+	}
+
+	void testBuildFetchCommand() {
+
+		vmime::shared_ptr <IMAPConnection> cnt;
+		vmime::net::messageSet msgs = vmime::net::messageSet::byNumber(42);
+
+		// SIZE
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::SIZE;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("size", "FETCH 42 RFC822.SIZE", cmd->getText());
+		}
+
+		// FLAGS
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::FLAGS;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("flags", "FETCH 42 FLAGS", cmd->getText());
+		}
+
+		// STRUCTURE
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::STRUCTURE;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("structure", "FETCH 42 BODYSTRUCTURE", cmd->getText());
+		}
+
+		// UID
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::UID;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("uid", "FETCH 42 UID", cmd->getText());
+		}
+
+		// ENVELOPE
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::ENVELOPE;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("envelope", "FETCH 42 ENVELOPE", cmd->getText());
+		}
+
+		// CONTENT_INFO
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::CONTENT_INFO;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("content", "FETCH 42 BODY[HEADER.FIELDS (CONTENT_TYPE)]", cmd->getText());
+		}
+
+		// IMPORTANCE
+		{
+			vmime::net::fetchAttributes attribs = vmime::net::fetchAttributes::IMPORTANCE;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("importance", "FETCH 42 BODY[HEADER.FIELDS (IMPORTANCE X-PRIORITY)]", cmd->getText());
+		}
+
+		// Any header attribute + full header should give RFC822.HEADER
+		{
+			vmime::net::fetchAttributes attribs;
+			attribs.add(vmime::net::fetchAttributes::ENVELOPE);
+			attribs.add(vmime::net::fetchAttributes::FULL_HEADER);
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("full-header", "FETCH 42 RFC822.HEADER", cmd->getText());
+		}
+
+		// Test custom header
+		{
+			vmime::net::fetchAttributes attribs;
+			attribs.add("X-MyHeader");
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("custom-header", "FETCH 42 BODY[HEADER.FIELDS (x-myheader)]", cmd->getText());
+		}
+
+		// Test multiple flags
+		{
+			vmime::net::fetchAttributes attribs =
+				vmime::net::fetchAttributes::UID | vmime::net::fetchAttributes::FLAGS;
+
+			vmime::shared_ptr <IMAPCommand> cmd = IMAPUtils::buildFetchCommand(cnt, msgs, attribs);
+			VASSERT_EQ("multiple", "FETCH 42 (FLAGS UID)", cmd->getText());
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/maildir/maildirStoreTest.cpp b/vmime-master/tests/net/maildir/maildirStoreTest.cpp
new file mode 100644
index 0000000..1f418e8
--- /dev/null
+++ b/vmime-master/tests/net/maildir/maildirStoreTest.cpp
@@ -0,0 +1,584 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/platform.hpp"
+
+#include "vmime/net/maildir/maildirStore.hpp"
+#include "vmime/net/maildir/maildirFormat.hpp"
+
+
+// Shortcuts and helpers
+typedef vmime::utility::file::path fspath;
+typedef vmime::utility::file::path::component fspathc;
+
+typedef vmime::net::folder::path fpath;
+typedef vmime::net::folder::path::component fpathc;
+
+
+const fpath operator/(const fpath& path, const std::string& c) {
+
+	return path / fpathc(c);
+}
+
+
+/** Test messages */
+static const vmime::string TEST_MESSAGE_1 =
+	"From: <test@vmime.org>\r\n"
+	"Subject: VMime Test\r\n"
+	"Date: Thu, 01 Mar 2007 09:49:35 +0100\r\n"
+	"\r\n"
+	"Hello, world!";
+
+
+/** Maildir trees used in tests.
+  * Structure:
+  *
+  *  .
+  *  |-- Folder
+  *  |   `-- SubFolder
+  *  |       |-- SubSubFolder1
+  *  |       `-- SubSubFolder2
+  *  `-- Folder2
+  *
+  */
+
+// KMail format
+static const vmime::string TEST_MAILDIR_KMAIL[] = {  // directories to create
+	"/Folder",
+	"/Folder/new",
+	"/Folder/tmp",
+	"/Folder/cur",
+	"/.Folder.directory",
+	"/.Folder.directory/SubFolder",
+	"/.Folder.directory/SubFolder/new",
+	"/.Folder.directory/SubFolder/tmp",
+	"/.Folder.directory/SubFolder/cur",
+	"/.Folder.directory/.SubFolder.directory",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder1",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder1/new",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder1/tmp",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder1/cur",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder2",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder2/new",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder2/tmp",
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder2/cur",
+	"/Folder2",
+	"/Folder2/new",
+	"/Folder2/tmp",
+	"/Folder2/cur",
+	"*"  // end
+};
+
+static const vmime::string TEST_MAILDIRFILES_KMAIL[] = {  // files to create and their contents
+	"/.Folder.directory/.SubFolder.directory/SubSubFolder2/cur/1043236113.351.EmqD:S", TEST_MESSAGE_1,
+	"*"  // end
+};
+
+// Courier format
+static const vmime::string TEST_MAILDIR_COURIER[] = {  // directories to create
+	"/.Folder",
+	"/.Folder/new",
+	"/.Folder/tmp",
+	"/.Folder/cur",
+	"/.Folder.SubFolder",
+	"/.Folder.SubFolder",
+	"/.Folder.SubFolder/new",
+	"/.Folder.SubFolder/tmp",
+	"/.Folder.SubFolder/cur",
+	"/.Folder.SubFolder.SubSubFolder1",
+	"/.Folder.SubFolder.SubSubFolder1/new",
+	"/.Folder.SubFolder.SubSubFolder1/tmp",
+	"/.Folder.SubFolder.SubSubFolder1/cur",
+	"/.Folder.SubFolder.SubSubFolder2",
+	"/.Folder.SubFolder.SubSubFolder2/new",
+	"/.Folder.SubFolder.SubSubFolder2/tmp",
+	"/.Folder.SubFolder.SubSubFolder2/cur",
+	"/.Folder2",
+	"/.Folder2/new",
+	"/.Folder2/tmp",
+	"/.Folder2/cur",
+	"*"  // end
+};
+
+static const vmime::string TEST_MAILDIRFILES_COURIER[] = {  // files to create and their contents
+	"/.Folder/maildirfolder", "",
+	"/.Folder.SubFolder/maildirfolder", "",
+	"/.Folder.SubFolder.SubSubFolder1/maildirfolder", "",
+	"/.Folder.SubFolder.SubSubFolder2/maildirfolder", "",
+	"/.Folder.SubFolder.SubSubFolder2/cur/1043236113.351.EmqD:S", TEST_MESSAGE_1,
+	"/.Folder2/maildirfolder", "",
+	"*"  // end
+};
+
+
+
+VMIME_TEST_SUITE_BEGIN(maildirStoreTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testDetectFormat_KMail)
+		VMIME_TEST(testDetectFormat_Courier)
+
+		VMIME_TEST(testListRootFolders_KMail)
+		VMIME_TEST(testListAllFolders_KMail)
+
+		VMIME_TEST(testListRootFolders_Courier)
+		VMIME_TEST(testListAllFolders_Courier)
+
+		VMIME_TEST(testListMessages_KMail)
+		VMIME_TEST(testListMessages_Courier)
+
+		VMIME_TEST(testRenameFolder_KMail)
+		VMIME_TEST(testRenameFolder_Courier)
+
+		VMIME_TEST(testDestroyFolder_KMail)
+		VMIME_TEST(testDestroyFolder_Courier)
+
+		VMIME_TEST(testFolderExists_KMail)
+		VMIME_TEST(testFolderExists_Courier)
+
+		VMIME_TEST(testCreateFolder_KMail)
+		VMIME_TEST(testCreateFolder_Courier)
+	VMIME_TEST_LIST_END
+
+
+public:
+
+	maildirStoreTest() {
+
+		// Temporary directory
+		m_tempPath = fspath() / fspathc("tmp")   // Use /tmp
+			/ fspathc("vmime" + vmime::utility::stringUtils::toString(std::time(NULL))
+				+ vmime::utility::stringUtils::toString(std::rand()));
+	}
+
+	void tearDown() {
+
+		// In case of an uncaught exception
+		destroyMaildir();
+	}
+
+	void testDetectFormat_KMail() {
+
+		createMaildir(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+
+		vmime::shared_ptr <vmime::net::maildir::maildirStore> store =
+			vmime::dynamicCast <vmime::net::maildir::maildirStore>(createAndConnectStore());
+
+		VASSERT_EQ("*", "kmail", store->getFormat()->getName());
+
+		destroyMaildir();
+	}
+
+	void testDetectFormat_Courier() {
+
+		createMaildir(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+
+		vmime::shared_ptr <vmime::net::maildir::maildirStore> store =
+			vmime::dynamicCast <vmime::net::maildir::maildirStore>(createAndConnectStore());
+
+		VASSERT_EQ("*", "courier", store->getFormat()->getName());
+
+		destroyMaildir();
+	}
+
+
+	void testListRootFolders_KMail() {
+
+		testListRootFoldersImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testListRootFolders_Courier() {
+
+		testListRootFoldersImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testListRootFoldersImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		// Connect to store
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		// Get root folders, not recursive
+		const std::vector <vmime::shared_ptr <vmime::net::folder> >
+			rootFolders = rootFolder->getFolders(false);
+
+		VASSERT_EQ("1", 2, rootFolders.size());
+		VASSERT("2", findFolder(rootFolders, fpath() / "Folder") != NULL);
+		VASSERT("3", findFolder(rootFolders, fpath() / "Folder2") != NULL);
+
+		destroyMaildir();
+	}
+
+
+	void testListAllFolders_KMail() {
+
+		testListAllFoldersImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testListAllFolders_Courier() {
+
+		testListAllFoldersImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testListAllFoldersImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		// Connect to store
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		// Get all folders, recursive
+		const std::vector <vmime::shared_ptr <vmime::net::folder> >
+			allFolders = rootFolder->getFolders(true);
+
+		VASSERT_EQ("1", 5, allFolders.size());
+		VASSERT("2", findFolder(allFolders, fpath() / "Folder") != NULL);
+		VASSERT("3", findFolder(allFolders, fpath() / "Folder" / "SubFolder") != NULL);
+		VASSERT("4", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder1") != NULL);
+		VASSERT("5", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder2") != NULL);
+		VASSERT("6", findFolder(allFolders, fpath() / "Folder2") != NULL);
+
+		destroyMaildir();
+	}
+
+
+	void testListMessages_KMail() {
+
+		testListMessagesImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testListMessages_Courier() {
+
+		testListMessagesImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testListMessagesImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		vmime::shared_ptr <vmime::net::folder> folder = store->getFolder(
+			fpath() / "Folder" / "SubFolder" / "SubSubFolder2"
+		);
+
+		vmime::size_t count, unseen;
+		folder->status(count, unseen);
+
+		VASSERT_EQ("Message count", 1, count);
+
+		folder->open(vmime::net::folder::MODE_READ_ONLY);
+
+		vmime::shared_ptr <vmime::net::message> msg = folder->getMessage(1);
+
+		folder->fetchMessage(msg, vmime::net::fetchAttributes::SIZE);
+
+		VASSERT_EQ("Message size", TEST_MESSAGE_1.length(), msg->getSize());
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter os(oss);
+		msg->extract(os);
+
+		VASSERT_EQ("Message contents", TEST_MESSAGE_1, oss.str());
+
+		folder->close(false);
+
+		destroyMaildir();
+	}
+
+
+	void testRenameFolder_KMail() {
+
+		try {
+
+			testRenameFolderImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+
+		} catch (vmime::exception& e) {
+
+			std::cerr << e;
+			throw e;
+		}
+	}
+
+	void testRenameFolder_Courier()
+	{
+		try {
+
+			testRenameFolderImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+
+		} catch (vmime::exception& e) {
+
+			std::cerr << e;
+			throw e;
+		}
+	}
+
+	void testRenameFolderImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		// Rename "Folder/SubFolder" to "Folder/foo"
+		vmime::shared_ptr <vmime::net::folder> folder =
+			store->getFolder(fpath() / "Folder" / "SubFolder");
+
+		folder->rename(fpath() / "Folder" / "foo");
+
+		// Ensure folder and its subfolders have been renamed
+		const std::vector <vmime::shared_ptr <vmime::net::folder> >
+			allFolders = rootFolder->getFolders(true);
+
+		VASSERT_EQ("1", 5, allFolders.size());
+		VASSERT("2", findFolder(allFolders, fpath() / "Folder") != NULL);
+		VASSERT("3", findFolder(allFolders, fpath() / "Folder" / "SubFolder") == NULL);
+		VASSERT("4", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder1") == NULL);
+		VASSERT("5", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder2") == NULL);
+		VASSERT("6", findFolder(allFolders, fpath() / "Folder2") != NULL);
+		VASSERT("7", findFolder(allFolders, fpath() / "Folder" / "foo") != NULL);
+		VASSERT("8", findFolder(allFolders, fpath() / "Folder" / "foo" / "SubSubFolder1") != NULL);
+		VASSERT("9", findFolder(allFolders, fpath() / "Folder" / "foo" / "SubSubFolder2") != NULL);
+
+		destroyMaildir();
+	}
+
+
+	void testDestroyFolder_KMail() {
+
+		testDestroyFolderImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testDestroyFolder_Courier() {
+
+		testDestroyFolderImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testDestroyFolderImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		// Destroy "Folder/SubFolder" (total: 3 folders)
+		vmime::shared_ptr <vmime::net::folder> folder =
+			store->getFolder(fpath() / "Folder" / "SubFolder");
+
+		folder->destroy();
+
+		// Ensure folder and its subfolders have been deleted and other folders still exist
+		const std::vector <vmime::shared_ptr <vmime::net::folder> >
+			allFolders = rootFolder->getFolders(true);
+
+		VASSERT_EQ("1", 2, allFolders.size());
+		VASSERT("2", findFolder(allFolders, fpath() / "Folder") != NULL);
+		VASSERT("3", findFolder(allFolders, fpath() / "Folder" / "SubFolder") == NULL);
+		VASSERT("4", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder1") == NULL);
+		VASSERT("5", findFolder(allFolders, fpath() / "Folder" / "SubFolder" / "SubSubFolder2") == NULL);
+		VASSERT("6", findFolder(allFolders, fpath() / "Folder2") != NULL);
+
+		destroyMaildir();
+	}
+
+
+	void testFolderExists_KMail() {
+
+		testFolderExistsImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testFolderExists_Courier() {
+
+		testFolderExistsImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testFolderExistsImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		VASSERT("1",  store->getFolder(fpath() / "Folder" / "SubFolder")->exists());
+		VASSERT("2", !store->getFolder(fpath() / "Folder" / "SubSubFolder1")->exists());
+		VASSERT("3",  store->getFolder(fpath() / "Folder2")->exists());
+		VASSERT("4",  store->getFolder(fpath() / "Folder" / "SubFolder" / "SubSubFolder2")->exists());
+
+		destroyMaildir();
+	}
+
+
+	void testCreateFolder_KMail() {
+
+		testCreateFolderImpl(TEST_MAILDIR_KMAIL, TEST_MAILDIRFILES_KMAIL);
+	}
+
+	void testCreateFolder_Courier() {
+
+		testCreateFolderImpl(TEST_MAILDIR_COURIER, TEST_MAILDIRFILES_COURIER);
+	}
+
+	void testCreateFolderImpl(const vmime::string* const dirs, const vmime::string* const files) {
+
+		createMaildir(dirs, files);
+
+		vmime::shared_ptr <vmime::net::store> store = createAndConnectStore();
+		vmime::shared_ptr <vmime::net::folder> rootFolder = store->getRootFolder();
+
+		VASSERT("Before", !store->getFolder(fpath() / "Folder" / "NewFolder")->exists());
+
+		vmime::net::folderAttributes attribs;
+		attribs.setType(vmime::net::folderAttributes::TYPE_CONTAINS_MESSAGES);
+
+		VASSERT_NO_THROW("Creation", store->getFolder(fpath() / "Folder" / "NewFolder")->create(attribs));
+
+		VASSERT("After", store->getFolder(fpath() / "Folder" / "NewFolder")->exists());
+
+		destroyMaildir();
+	}
+
+private:
+
+	vmime::utility::file::path m_tempPath;
+
+
+	vmime::shared_ptr <vmime::net::store> createAndConnectStore() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::store> store =
+			session->getStore(getStoreURL());
+
+		store->connect();
+
+		return store;
+	}
+
+	const vmime::shared_ptr <vmime::net::folder> findFolder(
+		const std::vector <vmime::shared_ptr <vmime::net::folder> >& folders,
+		const vmime::net::folder::path& path
+	) {
+
+		for (size_t i = 0, n = folders.size() ; i < n ; ++i) {
+
+			if (folders[i]->getFullPath() == path) {
+				return folders[i];
+			}
+		}
+
+		return vmime::null;
+	}
+
+	const vmime::utility::url getStoreURL() {
+
+		vmime::shared_ptr <vmime::utility::fileSystemFactory> fsf =
+			vmime::platform::getHandler()->getFileSystemFactory();
+
+		vmime::utility::url url(std::string("maildir://localhost")
+			+ fsf->pathToString(m_tempPath));
+
+		return url;
+	}
+
+	void createMaildir(const vmime::string* const dirs, const vmime::string* const files) {
+
+		vmime::shared_ptr <vmime::utility::fileSystemFactory> fsf =
+			vmime::platform::getHandler()->getFileSystemFactory();
+
+		vmime::shared_ptr <vmime::utility::file> rootDir = fsf->create(m_tempPath);
+		rootDir->createDirectory(false);
+
+		for (vmime::string const* dir = dirs ; *dir != "*" ; ++dir) {
+
+			vmime::shared_ptr <vmime::utility::file> fdir = fsf->create(m_tempPath / fsf->stringToPath(*dir));
+			fdir->createDirectory(false);
+		}
+
+		for (vmime::string const* file = files ; *file != "*" ; file += 2) {
+
+			const vmime::string& contents = *(file + 1);
+
+			vmime::shared_ptr <vmime::utility::file> ffile = fsf->create(m_tempPath / fsf->stringToPath(*file));
+			ffile->createFile();
+
+			vmime::shared_ptr <vmime::utility::fileWriter> fileWriter = ffile->getFileWriter();
+			vmime::shared_ptr <vmime::utility::outputStream> os = fileWriter->getOutputStream();
+
+			os->write(contents.data(), contents.length());
+			os->flush();
+
+			fileWriter = vmime::null;
+		}
+
+	}
+
+	void destroyMaildir() {
+
+		vmime::shared_ptr <vmime::utility::fileSystemFactory> fsf =
+			vmime::platform::getHandler()->getFileSystemFactory();
+
+		recursiveDelete(fsf->create(m_tempPath));
+	}
+
+	void recursiveDelete(vmime::shared_ptr <vmime::utility::file> dir) {
+
+		if (!dir->exists() || !dir->isDirectory()) {
+			return;
+		}
+
+		vmime::shared_ptr <vmime::utility::fileIterator> files = dir->getFiles();
+
+		// First, delete files and subdirectories in this directory
+		while (files->hasMoreElements()) {
+
+			vmime::shared_ptr <vmime::utility::file> file = files->nextElement();
+
+			if (file->isDirectory()) {
+
+				recursiveDelete(file);
+
+			} else {
+
+				try {
+					file->remove();
+				} catch (vmime::exceptions::filesystem_exception&) {
+					// Ignore
+				}
+			}
+		}
+
+		// Then, delete this (empty) directory
+		try {
+			dir->remove();
+		} catch (vmime::exceptions::filesystem_exception&) {
+			// Ignore
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/maildir/maildirUtilsTest.cpp b/vmime-master/tests/net/maildir/maildirUtilsTest.cpp
new file mode 100644
index 0000000..9deeebf
--- /dev/null
+++ b/vmime-master/tests/net/maildir/maildirUtilsTest.cpp
@@ -0,0 +1,54 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/maildir/maildirUtils.hpp"
+
+
+using namespace vmime::net::maildir;
+
+
+VMIME_TEST_SUITE_BEGIN(maildirUtilsTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testMessageSetToNumberList)
+	VMIME_TEST_LIST_END
+
+
+	void testMessageSetToNumberList() {
+
+		const std::vector <size_t> msgNums =
+			maildirUtils::messageSetToNumberList(
+				vmime::net::messageSet::byNumber(5, -1),
+				/* msgCount */ 8
+			);
+
+		VASSERT_EQ("Count", 4, msgNums.size());
+		VASSERT_EQ("1", 5, msgNums[0]);
+		VASSERT_EQ("2", 6, msgNums[1]);
+		VASSERT_EQ("3", 7, msgNums[2]);
+		VASSERT_EQ("4", 8, msgNums[3]);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/messageSetTest.cpp b/vmime-master/tests/net/messageSetTest.cpp
new file mode 100644
index 0000000..dee5dc8
--- /dev/null
+++ b/vmime-master/tests/net/messageSetTest.cpp
@@ -0,0 +1,229 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/messageSet.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(messageSetTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testNumberSet_Single)
+		VMIME_TEST(testNumberSet_Range)
+		VMIME_TEST(testNumberSet_InvalidRange)
+		VMIME_TEST(testNumberSet_InvalidFirst)
+		VMIME_TEST(testNumberSet_InfiniteRange)
+		VMIME_TEST(testNumberSet_Multiple)
+		VMIME_TEST(testUIDSet_Single)
+		VMIME_TEST(testUIDSet_Range)
+		VMIME_TEST(testUIDSet_InfiniteRange)
+		VMIME_TEST(testUIDSet_MultipleNumeric)
+		VMIME_TEST(testUIDSet_MultipleNonNumeric)
+		VMIME_TEST(testIsNumberSet)
+		VMIME_TEST(testIsUIDSet)
+		VMIME_TEST(testMixedRanges)
+	VMIME_TEST_LIST_END
+
+
+	class messageSetStringEnumerator : public vmime::net::messageSetEnumerator {
+
+	public:
+
+		messageSetStringEnumerator()
+			: m_first(true) {
+
+		}
+
+		void enumerateNumberMessageRange(const vmime::net::numberMessageRange& range) {
+
+			if (!m_first) {
+				m_oss << ",";
+			}
+
+			if (range.getFirst() == range.getLast()) {
+				m_oss << range.getFirst();
+			} else if (range.getLast() == size_t(-1)) {
+				m_oss << range.getFirst() << ":(LAST)";
+			} else {
+				m_oss << range.getFirst() << ":" << range.getLast();
+			}
+
+			m_first = false;
+		}
+
+		void enumerateUIDMessageRange(const vmime::net::UIDMessageRange& range) {
+
+			if (!m_first) {
+				m_oss << ",";
+			}
+
+			if (range.getFirst() == range.getLast()) {
+				m_oss << range.getFirst();
+			} else if (range.getLast() == size_t(-1)) {
+				m_oss << range.getFirst() << ":(LAST)";
+			} else {
+				m_oss << range.getFirst() << ":" << range.getLast();
+			}
+
+			m_first = false;
+		}
+
+		const std::string str() const {
+
+			return m_oss.str();
+		}
+
+	private:
+
+		std::ostringstream m_oss;
+		bool m_first;
+	};
+
+
+	const std::string enumerateAsString(const vmime::net::messageSet& set) {
+
+		messageSetStringEnumerator en;
+		set.enumerate(en);
+
+		return en.str();
+	}
+
+
+	void testNumberSet_Single() {
+
+		VASSERT_EQ("str", "42", enumerateAsString(vmime::net::messageSet::byNumber(42)));
+	}
+
+	void testNumberSet_Range() {
+
+		VASSERT_EQ("str", "42:100", enumerateAsString(vmime::net::messageSet::byNumber(42, 100)));
+	}
+
+	void testNumberSet_InvalidRange() {
+
+		VASSERT_THROW("first > last", vmime::net::messageSet::byNumber(100, 42), std::invalid_argument);
+	}
+
+	void testNumberSet_InvalidFirst() {
+
+		VASSERT_THROW("first == -1", vmime::net::messageSet::byNumber(-1, 42), std::invalid_argument);
+	}
+
+	void testNumberSet_InfiniteRange() {
+
+		VASSERT_EQ("str", "42:(LAST)", enumerateAsString(vmime::net::messageSet::byNumber(42, -1)));
+	}
+
+	void testNumberSet_Multiple() {
+
+		std::vector <vmime::size_t> numbers;
+		numbers.push_back(1);    // test grouping 1:3
+		numbers.push_back(89);   // test sorting
+		numbers.push_back(2);
+		numbers.push_back(3);
+		numbers.push_back(42);
+		numbers.push_back(53);   // test grouping 53:57
+		numbers.push_back(54);
+		numbers.push_back(55);
+		numbers.push_back(56);
+		numbers.push_back(56);   // test duplicates
+		numbers.push_back(57);
+		numbers.push_back(99);
+
+		VASSERT_EQ("str", "1:3,42,53:57,89,99", enumerateAsString(vmime::net::messageSet::byNumber(numbers)));
+	}
+
+
+	void testUIDSet_Single() {
+
+		VASSERT_EQ("str", "abcdef", enumerateAsString(vmime::net::messageSet::byUID("abcdef")));
+	}
+
+	void testUIDSet_Range() {
+
+		VASSERT_EQ("str", "abc:def", enumerateAsString(vmime::net::messageSet::byUID("abc:def")));
+	}
+
+	void testUIDSet_InfiniteRange() {
+
+		VASSERT_EQ("str", "abc:*", enumerateAsString(vmime::net::messageSet::byUID("abc", "*")));
+	}
+
+	void testUIDSet_MultipleNumeric() {
+
+		std::vector <vmime::net::message::uid> uids;
+		uids.push_back("1");    // test grouping 1:3
+		uids.push_back("89");   // test sorting
+		uids.push_back("2");
+		uids.push_back("3");
+		uids.push_back("42");
+		uids.push_back("53");   // test grouping 53:57
+		uids.push_back("54");
+		uids.push_back("55");
+		uids.push_back("56");
+		uids.push_back("56");   // test duplicates
+		uids.push_back("57");
+		uids.push_back("99");
+
+		VASSERT_EQ("str", "1:3,42,53:57,89,99", enumerateAsString(vmime::net::messageSet::byUID(uids)));
+	}
+
+	void testUIDSet_MultipleNonNumeric() {
+
+		std::vector <vmime::net::message::uid> uids;
+		uids.push_back("12");
+		uids.push_back("34");
+		uids.push_back("ab56");
+		uids.push_back("78cd");
+
+		VASSERT_EQ("str", "12,34,ab56,78cd", enumerateAsString(vmime::net::messageSet::byUID(uids)));
+	}
+
+	void testIsNumberSet() {
+
+		VASSERT_TRUE("number1", vmime::net::messageSet::byNumber(42).isNumberSet());
+		VASSERT_FALSE("uid1", vmime::net::messageSet::byUID("42").isNumberSet());
+
+		VASSERT_TRUE("number2", vmime::net::messageSet::byNumber(42, -1).isNumberSet());
+		VASSERT_FALSE("uid2", vmime::net::messageSet::byUID("42", "*").isNumberSet());
+	}
+
+	void testIsUIDSet() {
+
+		VASSERT_FALSE("number1", vmime::net::messageSet::byNumber(42).isUIDSet());
+		VASSERT_TRUE("uid1", vmime::net::messageSet::byUID("42").isUIDSet());
+
+		VASSERT_FALSE("number2", vmime::net::messageSet::byNumber(42, -1).isUIDSet());
+		VASSERT_TRUE("uid2", vmime::net::messageSet::byUID("42", "*").isUIDSet());
+	}
+
+	void testMixedRanges() {
+
+		vmime::net::messageSet set = vmime::net::messageSet::byNumber(1, 5);
+		set.addRange(vmime::net::numberMessageRange(6, 8));
+
+		VASSERT_THROW("mixed ranges", set.addRange(vmime::net::UIDMessageRange("123")), std::invalid_argument);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/pop3/POP3CommandTest.cpp b/vmime-master/tests/net/pop3/POP3CommandTest.cpp
new file mode 100644
index 0000000..3ed579e
--- /dev/null
+++ b/vmime-master/tests/net/pop3/POP3CommandTest.cpp
@@ -0,0 +1,241 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "tests/net/pop3/POP3TestUtils.hpp"
+
+#include "vmime/net/pop3/POP3Command.hpp"
+
+
+using namespace vmime::net::pop3;
+
+
+VMIME_TEST_SUITE_BEGIN(POP3CommandTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testCreateCommand)
+		VMIME_TEST(testCreateCommandParams)
+		VMIME_TEST(testCAPA)
+		VMIME_TEST(testNOOP)
+		VMIME_TEST(testAUTH)
+		VMIME_TEST(testAUTH_InitialResponse)
+		VMIME_TEST(testSTLS)
+		VMIME_TEST(testAPOP)
+		VMIME_TEST(testUSER)
+		VMIME_TEST(testPASS)
+		VMIME_TEST(testSTAT)
+		VMIME_TEST(testLIST)
+		VMIME_TEST(testLISTMessage)
+		VMIME_TEST(testUIDL)
+		VMIME_TEST(testUIDLMessage)
+		VMIME_TEST(testDELE)
+		VMIME_TEST(testRETR)
+		VMIME_TEST(testTOP)
+		VMIME_TEST(testRSET)
+		VMIME_TEST(testQUIT)
+		VMIME_TEST(testWriteToSocket)
+	VMIME_TEST_LIST_END
+
+
+	void testCreateCommand() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::createCommand("MY_COMMAND");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND", cmd->getText());
+	}
+
+	void testCreateCommandParams() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::createCommand("MY_COMMAND param1 param2");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND param1 param2", cmd->getText());
+	}
+
+	void testCAPA() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::CAPA();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "CAPA", cmd->getText());
+	}
+
+	void testNOOP() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::NOOP();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "NOOP", cmd->getText());
+	}
+
+	void testAUTH() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::AUTH("saslmechanism");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTH saslmechanism", cmd->getText());
+	}
+
+	void testAUTH_InitialResponse() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::AUTH("saslmechanism", "initial-response");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTH saslmechanism initial-response", cmd->getText());
+	}
+
+	void testSTLS() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::STLS();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "STLS", cmd->getText());
+	}
+
+	void testAPOP() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::APOP("user", "digest");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "APOP user digest", cmd->getText());
+	}
+
+	void testUSER() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::USER("user");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "USER user", cmd->getText());
+	}
+
+	void testPASS() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::PASS("pass");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "PASS pass", cmd->getText());
+	}
+
+	void testSTAT() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::STAT();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "STAT", cmd->getText());
+	}
+
+	void testLIST() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::LIST();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "LIST", cmd->getText());
+	}
+
+	void testLISTMessage() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::LIST(42);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "LIST 42", cmd->getText());
+	}
+
+	void testUIDL() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::UIDL();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "UIDL", cmd->getText());
+	}
+
+	void testUIDLMessage() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::UIDL(42);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "UIDL 42", cmd->getText());
+	}
+
+	void testDELE() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::DELE(42);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "DELE 42", cmd->getText());
+	}
+
+	void testRETR() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::RETR(42);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RETR 42", cmd->getText());
+	}
+
+	void testTOP() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::TOP(42, 567);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "TOP 42 567", cmd->getText());
+	}
+
+	void testRSET() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::RSET();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RSET", cmd->getText());
+	}
+
+	void testQUIT() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::QUIT();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "QUIT", cmd->getText());
+	}
+
+	void testWriteToSocket() {
+
+		vmime::shared_ptr <POP3Command> cmd = POP3Command::createCommand("MY_COMMAND param1 param2");
+
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(sok),
+				vmime::shared_ptr <vmime::net::timeoutHandler>()
+			);
+
+		cmd->send(conn);
+
+		vmime::string response;
+		sok->localReceive(response);
+
+		VASSERT_EQ("Sent buffer", "MY_COMMAND param1 param2\r\n", response);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/pop3/POP3ResponseTest.cpp b/vmime-master/tests/net/pop3/POP3ResponseTest.cpp
new file mode 100644
index 0000000..8fecb74
--- /dev/null
+++ b/vmime-master/tests/net/pop3/POP3ResponseTest.cpp
@@ -0,0 +1,244 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "tests/net/pop3/POP3TestUtils.hpp"
+
+#include "vmime/net/pop3/POP3Response.hpp"
+
+
+using namespace vmime::net::pop3;
+
+
+VMIME_TEST_SUITE_BEGIN(POP3ResponseTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testSingleLineResponseOK)
+		VMIME_TEST(testSingleLineResponseERR)
+		VMIME_TEST(testSingleLineResponseReady)
+		VMIME_TEST(testSingleLineResponseInvalid)
+		VMIME_TEST(testSingleLineResponseLF)
+		VMIME_TEST(testMultiLineResponse)
+		VMIME_TEST(testMultiLineResponseLF)
+		VMIME_TEST(testLargeResponse)
+	VMIME_TEST_LIST_END
+
+
+	void testSingleLineResponseOK() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Response Text\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_OK, resp->getCode());
+		VASSERT_TRUE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+		VASSERT_EQ("First Line", "+OK Response Text", resp->getFirstLine());
+	}
+
+	void testSingleLineResponseERR() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("-ERR Response Text\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_ERR, resp->getCode());
+		VASSERT_FALSE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+		VASSERT_EQ("First Line", "-ERR Response Text", resp->getFirstLine());
+	}
+
+	void testSingleLineResponseReady() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+ challenge_string\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_READY, resp->getCode());
+		VASSERT_FALSE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "challenge_string", resp->getText());
+		VASSERT_EQ("First Line", "+ challenge_string", resp->getFirstLine());
+	}
+
+	void testSingleLineResponseInvalid() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn = vmime::make_shared <POP3ConnectionTest>
+			(vmime::dynamicCast <vmime::net::socket>(socket), toh);
+
+		socket->localSend("Invalid Response Text\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_ERR, resp->getCode());
+		VASSERT_FALSE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+		VASSERT_EQ("First Line", "Invalid Response Text", resp->getFirstLine());
+	}
+
+	void testSingleLineResponseLF() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Response terminated by LF\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_OK, resp->getCode());
+		VASSERT_TRUE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "Response terminated by LF", resp->getText());
+		VASSERT_EQ("First Line", "+OK Response terminated by LF", resp->getFirstLine());
+	}
+
+	void testMultiLineResponse() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Response Text\r\n");
+		socket->localSend("Line 1\r\n");
+		socket->localSend("Line 2\r\n");
+		socket->localSend(".\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readMultilineResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_OK, resp->getCode());
+		VASSERT_TRUE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 2, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+		VASSERT_EQ("First Line", "+OK Response Text", resp->getFirstLine());
+		VASSERT_EQ("Line 1", "Line 1", resp->getLineAt(0));
+		VASSERT_EQ("Line 2", "Line 2", resp->getLineAt(1));
+	}
+
+	void testMultiLineResponseLF() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Response Text\n");
+		socket->localSend("Line 1\n");
+		socket->localSend("Line 2\n");
+		socket->localSend(".\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readMultilineResponse(conn);
+
+		VASSERT_EQ("Code", POP3Response::CODE_OK, resp->getCode());
+		VASSERT_TRUE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 2, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+		VASSERT_EQ("First Line", "+OK Response Text", resp->getFirstLine());
+		VASSERT_EQ("Line 1", "Line 1", resp->getLineAt(0));
+		VASSERT_EQ("Line 2", "Line 2", resp->getLineAt(1));
+	}
+
+	void testLargeResponse() {
+
+		std::ostringstream data;
+
+		for (unsigned int i = 0 ; i < 5000 ; ++i) {
+			data << "VMIME.VMIME\nVMIME\r\nVMIME_VMIME";
+		}
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Large Response Follows\n");
+		socket->localSend(data.str());
+		socket->localSend("\r\n.\r\n");
+
+		vmime::string receivedData;
+		vmime::utility::outputStreamStringAdapter receivedDataStream(receivedData);
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readLargeResponse(conn, receivedDataStream, NULL, 0);
+
+		VASSERT_EQ("Code", POP3Response::CODE_OK, resp->getCode());
+		VASSERT_TRUE("Success", resp->isSuccess());
+		VASSERT_EQ("Lines", 0, resp->getLineCount());
+		VASSERT_EQ("Text", "Large Response Follows", resp->getText());
+		VASSERT_EQ("Data Length", data.str().length(), receivedData.length());
+		VASSERT_EQ("Data Bytes", data.str(), receivedData);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/pop3/POP3StoreTest.cpp b/vmime-master/tests/net/pop3/POP3StoreTest.cpp
new file mode 100644
index 0000000..5d9e3c2
--- /dev/null
+++ b/vmime-master/tests/net/pop3/POP3StoreTest.cpp
@@ -0,0 +1,67 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "tests/net/pop3/POP3TestUtils.hpp"
+
+#include "vmime/net/pop3/POP3Store.hpp"
+#include "vmime/net/pop3/POP3SStore.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(POP3StoreTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testCreateFromURL)
+		VMIME_TEST(testConnectToInvalidServer)
+	VMIME_TEST_LIST_END
+
+
+	void testCreateFromURL() {
+
+		vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+		// POP3
+		vmime::utility::url url("pop3://pop3.vmime.org");
+		vmime::shared_ptr <vmime::net::store> store = sess->getStore(url);
+
+		VASSERT_TRUE("pop3", typeid(*store) == typeid(vmime::net::pop3::POP3Store));
+
+		// POP3S
+		vmime::utility::url url2("pop3s://pop3s.vmime.org");
+		vmime::shared_ptr <vmime::net::store> store2 = sess->getStore(url2);
+
+		VASSERT_TRUE("pop3s", typeid(*store2) == typeid(vmime::net::pop3::POP3SStore));
+	}
+
+	void testConnectToInvalidServer() {
+
+		vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+		vmime::utility::url url("pop3://invalid-pop3-server");
+		vmime::shared_ptr <vmime::net::store> store = sess->getStore(url);
+
+		VASSERT_THROW("connect", store->connect(), vmime::exceptions::connection_error);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/pop3/POP3TestUtils.hpp b/vmime-master/tests/net/pop3/POP3TestUtils.hpp
new file mode 100644
index 0000000..24efb8b
--- /dev/null
+++ b/vmime-master/tests/net/pop3/POP3TestUtils.hpp
@@ -0,0 +1,69 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/net/pop3/POP3Connection.hpp"
+#include "vmime/net/pop3/POP3Store.hpp"
+
+
+class POP3TestStore : public vmime::net::pop3::POP3Store {
+
+public:
+
+	POP3TestStore()
+		: POP3Store(vmime::net::session::create(),
+		            vmime::shared_ptr <vmime::security::authenticator>()) {
+
+	}
+};
+
+
+class POP3ConnectionTest : public vmime::net::pop3::POP3Connection {
+
+public:
+
+	POP3ConnectionTest(
+		vmime::shared_ptr <vmime::net::socket> socket,
+		vmime::shared_ptr <vmime::net::timeoutHandler> timeoutHandler
+	)
+		: POP3Connection(vmime::make_shared <POP3TestStore>(),
+		                 vmime::shared_ptr <vmime::security::authenticator>()),
+		  m_socket(socket),
+		  m_timeoutHandler(timeoutHandler) {
+
+	}
+
+	vmime::shared_ptr <vmime::net::socket> getSocket() {
+
+		return m_socket;
+	}
+
+	vmime::shared_ptr <vmime::net::timeoutHandler> getTimeoutHandler() {
+
+		return m_timeoutHandler;
+	}
+
+private:
+
+	vmime::shared_ptr <vmime::net::socket> m_socket;
+	vmime::shared_ptr <vmime::net::timeoutHandler> m_timeoutHandler;
+};
diff --git a/vmime-master/tests/net/pop3/POP3UtilsTest.cpp b/vmime-master/tests/net/pop3/POP3UtilsTest.cpp
new file mode 100644
index 0000000..1cded39
--- /dev/null
+++ b/vmime-master/tests/net/pop3/POP3UtilsTest.cpp
@@ -0,0 +1,88 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "tests/net/pop3/POP3TestUtils.hpp"
+
+#include "vmime/net/pop3/POP3Utils.hpp"
+#include "vmime/net/pop3/POP3Response.hpp"
+
+
+using namespace vmime::net::pop3;
+
+
+VMIME_TEST_SUITE_BEGIN(POP3UtilsTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParseMultiListOrUidlResponse)
+		VMIME_TEST(testMessageSetToNumberList)
+	VMIME_TEST_LIST_END
+
+
+	void testParseMultiListOrUidlResponse() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		vmime::shared_ptr <POP3ConnectionTest> conn =
+			vmime::make_shared <POP3ConnectionTest>(
+				vmime::dynamicCast <vmime::net::socket>(socket), toh
+			);
+
+		socket->localSend("+OK Response Text\r\n");
+		socket->localSend("1 abcdef\r\n");
+		socket->localSend("23    ghijkl\r\n");
+		socket->localSend("4\tmnopqr\r\n");
+		socket->localSend("567xx\tstuvwx\r\n");
+		socket->localSend("8 yz   \r\n");
+		socket->localSend(".\r\n");
+
+		vmime::shared_ptr <POP3Response> resp =
+			POP3Response::readMultilineResponse(conn);
+
+		std::map <vmime::size_t, vmime::string> result;
+		POP3Utils::parseMultiListOrUidlResponse(resp, result);
+
+		VASSERT_EQ("Count", 5, result.size());
+		VASSERT_EQ("1", "abcdef", result[1]);
+		VASSERT_EQ("2 (multiple spaces)", "ghijkl", result[23]);
+		VASSERT_EQ("3 (with tab)", "mnopqr", result[4]);
+		VASSERT_EQ("4 (with invalid digit)", "stuvwx", result[567]);
+		VASSERT_EQ("5 (with extra space)", "yz", result[8]);
+	}
+
+	void testMessageSetToNumberList() {
+
+		const std::vector <size_t> msgNums = POP3Utils::messageSetToNumberList(
+			vmime::net::messageSet::byNumber(5, -1), /* msgCount */ 8
+		);
+
+		VASSERT_EQ("Count", 4, msgNums.size());
+		VASSERT_EQ("1", 5, msgNums[0]);
+		VASSERT_EQ("2", 6, msgNums[1]);
+		VASSERT_EQ("3", 7, msgNums[2]);
+		VASSERT_EQ("4", 8, msgNums[3]);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/smtp/SMTPCommandSetTest.cpp b/vmime-master/tests/net/smtp/SMTPCommandSetTest.cpp
new file mode 100644
index 0000000..7ea3578
--- /dev/null
+++ b/vmime-master/tests/net/smtp/SMTPCommandSetTest.cpp
@@ -0,0 +1,181 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/smtp/SMTPCommandSet.hpp"
+#include "vmime/net/smtp/SMTPCommand.hpp"
+
+
+using namespace vmime::net::smtp;
+
+
+VMIME_TEST_SUITE_BEGIN(SMTPCommandSetTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testCreate)
+		VMIME_TEST(testCreatePipeline)
+		VMIME_TEST(testAddCommand)
+		VMIME_TEST(testAddCommandPipeline)
+		VMIME_TEST(testWriteToSocket)
+		VMIME_TEST(testWriteToSocketPipeline)
+		VMIME_TEST(testGetLastCommandSent)
+		VMIME_TEST(testGetLastCommandSentPipeline)
+	VMIME_TEST_LIST_END
+
+
+	void testCreate() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ false);
+
+		VASSERT_NOT_NULL("Not null", cset);
+		VASSERT_FALSE("Finished", cset->isFinished());
+	}
+
+	void testCreatePipeline() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ true);
+
+		VASSERT_NOT_NULL("Not null", cset);
+		VASSERT_FALSE("Finished", cset->isFinished());
+	}
+
+	void testAddCommand() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ false);
+
+		VASSERT_NO_THROW("No throw 1", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1")));
+		VASSERT_EQ("Text", "MY_COMMAND1\r\n", cset->getText());
+		VASSERT_NO_THROW("No throw 2", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2")));
+		VASSERT_EQ("Text", "MY_COMMAND1\r\nMY_COMMAND2\r\n", cset->getText());
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_FALSE("Finished", cset->isFinished());
+
+		// Can't add commands when writing to socket has started
+		VASSERT_THROW("Throw", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND3")), std::runtime_error);
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_TRUE("Finished", cset->isFinished());
+	}
+
+	void testAddCommandPipeline() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ true);
+
+		VASSERT_NO_THROW("No throw 1", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1")));
+		VASSERT_EQ("Text", "MY_COMMAND1\r\n", cset->getText());
+		VASSERT_NO_THROW("No throw 2", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2")));
+		VASSERT_EQ("Text", "MY_COMMAND1\r\nMY_COMMAND2\r\n", cset->getText());
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+		vmime::string response;
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_TRUE("Finished", cset->isFinished());
+
+		sok->localReceive(response);
+		VASSERT_EQ("Receive cmds", "MY_COMMAND1\r\nMY_COMMAND2\r\n", response);
+
+		// Can't add commands when writing to socket has started
+		VASSERT_THROW("Throw", cset->addCommand(SMTPCommand::createCommand("MY_COMMAND3")), std::runtime_error);
+	}
+
+	void testWriteToSocket() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ false);
+
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1"));
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2"));
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+		vmime::string response;
+
+		cset->writeToSocket(sok, tracer);
+
+		sok->localReceive(response);
+		VASSERT_EQ("Receive cmd 1", "MY_COMMAND1\r\n", response);
+
+		cset->writeToSocket(sok, tracer);
+
+		sok->localReceive(response);
+		VASSERT_EQ("Receive cmd 2", "MY_COMMAND2\r\n", response);
+	}
+
+	void testWriteToSocketPipeline() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ true);
+
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1"));
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2"));
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+		vmime::string response;
+
+		cset->writeToSocket(sok, tracer);
+
+		sok->localReceive(response);
+		VASSERT_EQ("Receive cmds", "MY_COMMAND1\r\nMY_COMMAND2\r\n", response);
+	}
+
+	void testGetLastCommandSent() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ false);
+
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1"));
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2"));
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_EQ("Cmd 1", "MY_COMMAND1", cset->getLastCommandSent()->getText());
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_EQ("Cmd 2", "MY_COMMAND2", cset->getLastCommandSent()->getText());
+	}
+
+	void testGetLastCommandSentPipeline() {
+
+		vmime::shared_ptr <SMTPCommandSet> cset = SMTPCommandSet::create(/* pipelining */ true);
+
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND1"));
+		cset->addCommand(SMTPCommand::createCommand("MY_COMMAND2"));
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_EQ("Cmd 1", "MY_COMMAND1", cset->getLastCommandSent()->getText());
+
+		cset->writeToSocket(sok, tracer);
+		VASSERT_EQ("Cmd 2", "MY_COMMAND2", cset->getLastCommandSent()->getText());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/smtp/SMTPCommandTest.cpp b/vmime-master/tests/net/smtp/SMTPCommandTest.cpp
new file mode 100644
index 0000000..ecaf292
--- /dev/null
+++ b/vmime-master/tests/net/smtp/SMTPCommandTest.cpp
@@ -0,0 +1,252 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/smtp/SMTPCommand.hpp"
+
+
+using namespace vmime::net::smtp;
+
+
+VMIME_TEST_SUITE_BEGIN(SMTPCommandTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testCreateCommand)
+		VMIME_TEST(testCreateCommandParams)
+		VMIME_TEST(testHELO)
+		VMIME_TEST(testEHLO)
+		VMIME_TEST(testAUTH)
+		VMIME_TEST(testAUTH_InitialResponse)
+		VMIME_TEST(testSTARTTLS)
+		VMIME_TEST(testMAIL)
+		VMIME_TEST(testMAIL_Encoded)
+		VMIME_TEST(testMAIL_UTF8)
+		VMIME_TEST(testMAIL_SIZE)
+		VMIME_TEST(testMAIL_SIZE_UTF8)
+		VMIME_TEST(testRCPT)
+		VMIME_TEST(testRCPT_Encoded)
+		VMIME_TEST(testRCPT_UTF8)
+		VMIME_TEST(testRSET)
+		VMIME_TEST(testDATA)
+		VMIME_TEST(testBDAT)
+		VMIME_TEST(testNOOP)
+		VMIME_TEST(testQUIT)
+		VMIME_TEST(testWriteToSocket)
+	VMIME_TEST_LIST_END
+
+
+	void testCreateCommand() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::createCommand("MY_COMMAND");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND", cmd->getText());
+	}
+
+	void testCreateCommandParams() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::createCommand("MY_COMMAND param1 param2");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MY_COMMAND param1 param2", cmd->getText());
+	}
+
+	void testHELO() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::HELO("hostname");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "HELO hostname", cmd->getText());
+	}
+
+	void testEHLO() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::EHLO("hostname");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "EHLO hostname", cmd->getText());
+	}
+
+	void testAUTH() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::AUTH("saslmechanism");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTH saslmechanism", cmd->getText());
+	}
+
+	void testAUTH_InitialResponse() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::AUTH("saslmechanism", "initial-response");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "AUTH saslmechanism initial-response", cmd->getText());
+	}
+
+	void testSTARTTLS() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::STARTTLS();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "STARTTLS", cmd->getText());
+	}
+
+	void testMAIL() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::MAIL(vmime::mailbox("me@vmime.org"), false, "FULL", "dsn-unique-id");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MAIL FROM:<me@vmime.org> RET=FULL ENVID=<dsn-unique-id>", cmd->getText());
+	}
+
+	void testMAIL_Encoded() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::MAIL(
+			vmime::mailbox(vmime::emailAddress("mailtest", "例�.テスト")), false, "FULL", "dsn-unique-id"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MAIL FROM:<mailtest@xn--r8jz45g.xn--zckzah> RET=FULL ENVID=<dsn-unique-id>", cmd->getText());
+	}
+
+	void testMAIL_UTF8() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::MAIL(
+			vmime::mailbox(vmime::emailAddress("mailtest", "例�.テスト")), true, "FULL", "dsn-unique-id"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MAIL FROM:<mailtest@例�.テスト> RET=FULL ENVID=<dsn-unique-id> SMTPUTF8", cmd->getText());
+	}
+
+	void testMAIL_SIZE() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::MAIL(
+			vmime::mailbox("me@vmime.org"), false, 123456789, "FULL", "dsn-unique-id"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MAIL FROM:<me@vmime.org> RET=FULL ENVID=<dsn-unique-id> SIZE=123456789", cmd->getText());
+	}
+
+	void testMAIL_SIZE_UTF8() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::MAIL(
+			vmime::mailbox(vmime::emailAddress("mailtest", "例�.テスト")), true, 123456789, "FULL", "dsn-unique-id"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "MAIL FROM:<mailtest@例�.テスト> RET=FULL ENVID=<dsn-unique-id> SMTPUTF8 SIZE=123456789", cmd->getText());
+	}
+
+	void testRCPT() {
+
+		vmime::shared_ptr <SMTPCommand> cmd =
+			SMTPCommand::RCPT(vmime::mailbox("someone@vmime.org"), false, "NEVER");
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RCPT TO:<someone@vmime.org> NOTIFY=NEVER", cmd->getText());
+	}
+
+	void testRCPT_Encoded() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::RCPT(
+			vmime::mailbox(vmime::emailAddress("mailtest", "例�.テスト")), false, "NEVER"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RCPT TO:<mailtest@xn--r8jz45g.xn--zckzah> NOTIFY=NEVER", cmd->getText());
+	}
+
+	void testRCPT_UTF8() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::RCPT(
+			vmime::mailbox(vmime::emailAddress("mailtest", "例�.テスト")), true, "NEVER"
+		);
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RCPT TO:<mailtest@例�.テスト> NOTIFY=NEVER", cmd->getText());
+	}
+
+	void testRSET() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::RSET();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "RSET", cmd->getText());
+	}
+
+	void testDATA() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::DATA();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "DATA", cmd->getText());
+	}
+
+	void testBDAT() {
+
+		vmime::shared_ptr <SMTPCommand> cmd1 = SMTPCommand::BDAT(12345, false);
+
+		VASSERT_NOT_NULL("Not null", cmd1);
+		VASSERT_EQ("Text", "BDAT 12345", cmd1->getText());
+
+		vmime::shared_ptr <SMTPCommand> cmd2 = SMTPCommand::BDAT(67890, true);
+
+		VASSERT_NOT_NULL("Not null", cmd2);
+		VASSERT_EQ("Text", "BDAT 67890 LAST", cmd2->getText());
+	}
+
+	void testNOOP() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::NOOP();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "NOOP", cmd->getText());
+	}
+
+	void testQUIT() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::QUIT();
+
+		VASSERT_NOT_NULL("Not null", cmd);
+		VASSERT_EQ("Text", "QUIT", cmd->getText());
+	}
+
+	void testWriteToSocket() {
+
+		vmime::shared_ptr <SMTPCommand> cmd = SMTPCommand::createCommand("MY_COMMAND param1 param2");
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> sok = vmime::make_shared <testSocket>();
+
+		cmd->writeToSocket(sok, tracer);
+
+		vmime::string response;
+		sok->localReceive(response);
+
+		VASSERT_EQ("Sent buffer", "MY_COMMAND param1 param2\r\n", response);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/smtp/SMTPResponseTest.cpp b/vmime-master/tests/net/smtp/SMTPResponseTest.cpp
new file mode 100644
index 0000000..f899a82
--- /dev/null
+++ b/vmime-master/tests/net/smtp/SMTPResponseTest.cpp
@@ -0,0 +1,238 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/smtp/SMTPResponse.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(SMTPResponseTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testSingleLineResponse)
+		VMIME_TEST(testSingleLineResponseLF)
+		VMIME_TEST(testMultiLineResponse)
+		VMIME_TEST(testMultiLineResponseDifferentCode)
+		VMIME_TEST(testIncompleteMultiLineResponse)
+		VMIME_TEST(testNoResponseText)
+		VMIME_TEST(testEnhancedStatusCode)
+		VMIME_TEST(testNoEnhancedStatusCode)
+		VMIME_TEST(testInvalidEnhancedStatusCode)
+	VMIME_TEST_LIST_END
+
+
+	void testSingleLineResponse() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend("123 Response Text\r\n");
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 123, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+	}
+
+	void testSingleLineResponseLF() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend("123 Response Text\n");
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 123, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "Response Text", resp->getText());
+	}
+
+	void testMultiLineResponse() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend(
+			"123-Response\r\n"
+			"123 Text\r\n"
+		);
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 123, resp->getCode());
+		VASSERT_EQ("Lines", 2, resp->getLineCount());
+		VASSERT_EQ("Text", "Response\nText", resp->getText());
+
+		VASSERT_EQ("Code", 123, resp->getLineAt(0).getCode());
+		VASSERT_EQ("Text", "Response", resp->getLineAt(0).getText());
+
+		VASSERT_EQ("Code", 123, resp->getLineAt(1).getCode());
+		VASSERT_EQ("Text", "Text", resp->getLineAt(1).getText());
+	}
+
+	void testMultiLineResponseDifferentCode() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend(
+			"123-Response\r\n"
+			"456 Text\r\n"
+		);
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 0, resp->getCode());
+		VASSERT_EQ("Lines", 2, resp->getLineCount());
+		VASSERT_EQ("Text", "Response\nText", resp->getText());
+
+		VASSERT_EQ("Code", 123, resp->getLineAt(0).getCode());
+		VASSERT_EQ("Text", "Response", resp->getLineAt(0).getText());
+
+		VASSERT_EQ("Code", 456, resp->getLineAt(1).getCode());
+		VASSERT_EQ("Text", "Text", resp->getLineAt(1).getText());
+	}
+
+	void testIncompleteMultiLineResponse() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>(1);
+
+		socket->localSend(
+			"123-Response\r\n"
+			"123-Text\r\n"
+			// Missing data
+		);
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		VASSERT_THROW(
+			"Incomplete response",
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState),
+			vmime::exceptions::operation_timed_out
+		);
+	}
+
+	void testNoResponseText() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>(1);
+
+		socket->localSend(
+			"250\r\n"
+		);
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 250, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "", resp->getText());
+	}
+
+	void testEnhancedStatusCode() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend("250 2.1.5 OK fu13sm4720601wic.7 - gsmtp\r\n");
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 250, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "2.1.5 OK fu13sm4720601wic.7 - gsmtp", resp->getText());
+		VASSERT_EQ("Enh.class", 2, resp->getEnhancedCode().klass);
+		VASSERT_EQ("Enh.subject", 1, resp->getEnhancedCode().subject);
+		VASSERT_EQ("Enh.detail", 5, resp->getEnhancedCode().detail);
+	}
+
+	void testNoEnhancedStatusCode() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend("354  Go ahead fu13sm4720601wic.7 - gsmtp\r\n");
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 354, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "Go ahead fu13sm4720601wic.7 - gsmtp", resp->getText());
+		VASSERT_EQ("Enh.class", 0, resp->getEnhancedCode().klass);
+		VASSERT_EQ("Enh.subject", 0, resp->getEnhancedCode().subject);
+		VASSERT_EQ("Enh.detail", 0, resp->getEnhancedCode().detail);
+	}
+
+	void testInvalidEnhancedStatusCode() {
+
+		vmime::shared_ptr <vmime::net::tracer> tracer;
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+		vmime::shared_ptr <vmime::net::timeoutHandler> toh = vmime::make_shared <testTimeoutHandler>();
+
+		socket->localSend("250 4.2 xxx\r\n");
+
+		vmime::net::smtp::SMTPResponse::state responseState;
+
+		vmime::shared_ptr <vmime::net::smtp::SMTPResponse> resp =
+			vmime::net::smtp::SMTPResponse::readResponse(tracer, socket, toh, responseState);
+
+		VASSERT_EQ("Code", 250, resp->getCode());
+		VASSERT_EQ("Lines", 1, resp->getLineCount());
+		VASSERT_EQ("Text", "4.2 xxx", resp->getText());
+		VASSERT_EQ("Enh.class", 0, resp->getEnhancedCode().klass);
+		VASSERT_EQ("Enh.subject", 0, resp->getEnhancedCode().subject);
+		VASSERT_EQ("Enh.detail", 0, resp->getEnhancedCode().detail);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/smtp/SMTPTransportTest.cpp b/vmime-master/tests/net/smtp/SMTPTransportTest.cpp
new file mode 100644
index 0000000..8ea4ba7
--- /dev/null
+++ b/vmime-master/tests/net/smtp/SMTPTransportTest.cpp
@@ -0,0 +1,324 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/net/smtp/SMTPTransport.hpp"
+#include "vmime/net/smtp/SMTPChunkingOutputStreamAdapter.hpp"
+#include "vmime/net/smtp/SMTPExceptions.hpp"
+
+#include "SMTPTransportTestUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(SMTPTransportTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConnectToInvalidServer)
+		VMIME_TEST(testGreetingError)
+		VMIME_TEST(testMAILandRCPT)
+		VMIME_TEST(testChunking)
+		VMIME_TEST(testSize_Chunking)
+		VMIME_TEST(testSize_NoChunking)
+		VMIME_TEST(testSMTPUTF8_available)
+		VMIME_TEST(testSMTPUTF8_notAvailable)
+	VMIME_TEST_LIST_END
+
+
+	void testConnectToInvalidServer() {
+
+		vmime::shared_ptr <vmime::net::session> sess = vmime::net::session::create();
+
+		vmime::utility::url url("smtp://invalid-smtp-server");
+		vmime::shared_ptr <vmime::net::transport> store = sess->getTransport(url);
+
+		VASSERT_THROW("connect", store->connect(), vmime::exceptions::connection_error);
+	}
+
+	void testGreetingError() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::transport> tr =
+			session->getTransport(vmime::utility::url("smtp://localhost"));
+
+		tr->setSocketFactory(vmime::make_shared <testSocketFactory <greetingErrorSMTPTestSocket> >());
+		tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+		VASSERT_THROW(
+			"Connection",
+			tr->connect(),
+			vmime::exceptions::connection_greeting_error
+		);
+	}
+
+	void testMAILandRCPT() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::transport> tr =
+			session->getTransport(vmime::utility::url("smtp://localhost"));
+
+		tr->setSocketFactory(vmime::make_shared <testSocketFactory <MAILandRCPTSMTPTestSocket> >());
+		tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+		VASSERT_NO_THROW("Connection", tr->connect());
+
+		vmime::mailbox exp("expeditor@test.vmime.org");
+
+		vmime::mailboxList recips;
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient1@test.vmime.org"));
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient2@test.vmime.org"));
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient3@test.vmime.org"));
+
+		vmime::string data("Message data");
+		vmime::utility::inputStreamStringAdapter is(data);
+
+		tr->send(exp, recips, is, 0);
+	}
+
+	void testChunking() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::transport> tr =
+			session->getTransport(vmime::utility::url("smtp://localhost"));
+
+		tr->setSocketFactory(vmime::make_shared <testSocketFactory <chunkingSMTPTestSocket> >());
+		tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+		tr->connect();
+
+		VASSERT(
+			"Test server should report it supports the CHUNKING extension!",
+			vmime::dynamicCast <vmime::net::smtp::SMTPTransport>(tr)->getConnection()->hasExtension("CHUNKING")
+		);
+
+		vmime::mailbox exp("expeditor@test.vmime.org");
+
+		vmime::mailboxList recips;
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient@test.vmime.org"));
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <SMTPTestMessage>();
+
+		tr->send(msg, exp, recips);
+	}
+
+	void testSize_Chunking() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::transport> tr =
+			session->getTransport(vmime::utility::url("smtp://localhost"));
+
+		tr->setSocketFactory(vmime::make_shared <testSocketFactory <bigMessageSMTPTestSocket <true> > >());
+		tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+		tr->connect();
+
+		VASSERT(
+			"Test server should report it supports the SIZE extension!",
+			vmime::dynamicCast <vmime::net::smtp::SMTPTransport>(tr)->getConnection()->hasExtension("SIZE")
+		);
+
+		vmime::mailbox exp("expeditor@test.vmime.org");
+
+		vmime::mailboxList recips;
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient@test.vmime.org"));
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <SMTPBigTestMessage4MB>();
+
+		VASSERT_THROW(
+			"Max size limit exception",
+			tr->send(msg, exp, recips),
+			vmime::net::smtp::SMTPMessageSizeExceedsMaxLimitsException
+		);
+	}
+
+	void testSize_NoChunking() {
+
+		vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+		vmime::shared_ptr <vmime::net::transport> tr =
+			session->getTransport(vmime::utility::url("smtp://localhost"));
+
+		tr->setSocketFactory(vmime::make_shared <testSocketFactory <bigMessageSMTPTestSocket <false> > >());
+		tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+		tr->connect();
+
+		VASSERT(
+			"Test server should report it supports the SIZE extension!",
+			vmime::dynamicCast <vmime::net::smtp::SMTPTransport>(tr)->getConnection()->hasExtension("SIZE")
+		);
+
+		vmime::mailbox exp("expeditor@test.vmime.org");
+
+		vmime::mailboxList recips;
+		recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient@test.vmime.org"));
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <SMTPBigTestMessage4MB>();
+
+		VASSERT_THROW(
+			"Max size limit exception",
+			tr->send(msg, exp, recips),
+			vmime::net::smtp::SMTPMessageSizeExceedsMaxLimitsException
+		);
+	}
+
+	void testSMTPUTF8_available() {
+
+		// Test with UTF8 sender
+		{
+			vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+			vmime::shared_ptr <vmime::net::transport> tr =
+				session->getTransport(vmime::utility::url("smtp://localhost"));
+
+			tr->setSocketFactory(vmime::make_shared <testSocketFactory <UTF8SMTPTestSocket <true> > >());
+			tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+			VASSERT_NO_THROW("Connection", tr->connect());
+
+			vmime::mailbox exp(
+				vmime::emailAddress(
+					vmime::word("expéditeur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			);
+
+			vmime::mailboxList recips;
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient1@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient2@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>(
+				vmime::emailAddress(
+					vmime::word("récepteur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			));
+
+			vmime::string data("Message data");
+			vmime::utility::inputStreamStringAdapter is(data);
+
+			tr->send(exp, recips, is, 0);
+		}
+
+		// Test with UTF8 recipient only
+		{
+			vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+			vmime::shared_ptr <vmime::net::transport> tr =
+				session->getTransport(vmime::utility::url("smtp://localhost"));
+
+			tr->setSocketFactory(vmime::make_shared <testSocketFactory <UTF8SMTPTestSocket <true> > >());
+			tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+			VASSERT_NO_THROW("Connection", tr->connect());
+
+			vmime::mailbox exp("expediteur@test.vmime.org");
+
+			vmime::mailboxList recips;
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient1@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient2@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>(
+				vmime::emailAddress(
+					vmime::word("récepteur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			));
+
+			vmime::string data("Message data");
+			vmime::utility::inputStreamStringAdapter is(data);
+
+			tr->send(exp, recips, is, 0);
+		}
+	}
+
+	void testSMTPUTF8_notAvailable() {
+
+		// Test with UTF8 sender
+		{
+			vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+			vmime::shared_ptr <vmime::net::transport> tr =
+				session->getTransport(vmime::utility::url("smtp://localhost"));
+
+			tr->setSocketFactory(vmime::make_shared <testSocketFactory <UTF8SMTPTestSocket <false> > >());
+			tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+			VASSERT_NO_THROW("Connection", tr->connect());
+
+			vmime::mailbox exp(
+				vmime::emailAddress(
+					vmime::word("expéditeur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			);
+
+			vmime::mailboxList recips;
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient1@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient2@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>(
+				vmime::emailAddress(
+					vmime::word("récepteur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			));
+
+			vmime::string data("Message data");
+			vmime::utility::inputStreamStringAdapter is(data);
+
+			tr->send(exp, recips, is, 0);
+		}
+
+		// Test with UTF8 recipient only
+		{
+			vmime::shared_ptr <vmime::net::session> session = vmime::net::session::create();
+
+			vmime::shared_ptr <vmime::net::transport> tr =
+				session->getTransport(vmime::utility::url("smtp://localhost"));
+
+			tr->setSocketFactory(vmime::make_shared <testSocketFactory <UTF8SMTPTestSocket <false> > >());
+			tr->setTimeoutHandlerFactory(vmime::make_shared <testTimeoutHandlerFactory>());
+
+			VASSERT_NO_THROW("Connection", tr->connect());
+
+			vmime::mailbox exp("expediteur@test.vmime.org");
+
+			vmime::mailboxList recips;
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient1@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>("recipient2@test.vmime.org"));
+			recips.appendMailbox(vmime::make_shared <vmime::mailbox>(
+				vmime::emailAddress(
+					vmime::word("récepteur", vmime::charsets::UTF_8),
+					vmime::word("test.vmime.org")
+				)
+			));
+
+			vmime::string data("Message data");
+			vmime::utility::inputStreamStringAdapter is(data);
+
+			tr->send(exp, recips, is, 0);
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/net/smtp/SMTPTransportTestUtils.hpp b/vmime-master/tests/net/smtp/SMTPTransportTestUtils.hpp
new file mode 100644
index 0000000..8710639
--- /dev/null
+++ b/vmime-master/tests/net/smtp/SMTPTransportTestUtils.hpp
@@ -0,0 +1,792 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+
+/** Accepts connection and fails on greeting.
+  */
+class greetingErrorSMTPTestSocket : public lineBasedTestSocket {
+
+public:
+
+	void onConnected() {
+
+		localSend("421 test.vmime.org Service not available, closing transmission channel\r\n");
+		disconnect();
+	}
+
+	void processCommand() {
+
+		if (!haveMoreLines()) {
+			return;
+		}
+
+		getNextLine();
+
+		localSend("502 Command not implemented\r\n");
+		processCommand();
+	}
+};
+
+
+/** SMTP test server 1.
+  *
+  * Test send().
+  * Ensure MAIL and RCPT commands are sent correctly.
+  */
+class MAILandRCPTSMTPTestSocket : public lineBasedTestSocket {
+
+public:
+
+	MAILandRCPTSMTPTestSocket() {
+
+		m_recipients.insert("recipient1@test.vmime.org");
+		m_recipients.insert("recipient2@test.vmime.org");
+		m_recipients.insert("recipient3@test.vmime.org");
+
+		m_state = STATE_NOT_CONNECTED;
+		m_ehloSent = m_heloSent = m_mailSent = m_rcptSent = m_dataSent = m_quitSent = false;
+	}
+
+	~MAILandRCPTSMTPTestSocket() {
+
+		VASSERT("Client must send the DATA command", m_dataSent);
+		VASSERT("Client must send the QUIT command", m_quitSent);
+	}
+
+	void onConnected() {
+
+		localSend("220 test.vmime.org Service ready\r\n");
+		processCommand();
+
+		m_state = STATE_COMMAND;
+	}
+
+	void processCommand() {
+
+		if (!haveMoreLines()) {
+			return;
+		}
+
+		vmime::string line = getNextLine();
+		std::istringstream iss(line);
+
+		switch (m_state) {
+
+		case STATE_NOT_CONNECTED:
+
+			localSend("451 Requested action aborted: invalid state\r\n");
+			break;
+
+		case STATE_COMMAND: {
+
+			std::string cmd;
+			iss >> cmd;
+
+			if (cmd.empty()) {
+
+				localSend("500 Syntax error, command unrecognized\r\n");
+
+			} else if (cmd == "EHLO") {
+
+				localSend("502 Command not implemented\r\n");
+
+				m_ehloSent = true;
+
+			} else if (cmd == "HELO") {
+
+				VASSERT("Client must send the EHLO command before HELO", m_ehloSent);
+
+				localSend("250 OK\r\n");
+
+				m_heloSent = true;
+
+			} else if (cmd == "MAIL") {
+
+				VASSERT("Client must send the HELO command", m_heloSent);
+				VASSERT("The MAIL command must be sent only one time", !m_mailSent);
+
+				VASSERT_EQ("MAIL", std::string("MAIL FROM:<expeditor@test.vmime.org>"), line);
+
+				localSend("250 OK\r\n");
+
+				m_mailSent = true;
+
+			} else if (cmd == "RCPT") {
+
+				const vmime::size_t lt = line.find('<');
+				const vmime::size_t gt = line.find('>');
+
+				VASSERT("RCPT <", lt != vmime::string::npos);
+				VASSERT("RCPT >", gt != vmime::string::npos);
+				VASSERT("RCPT ><", gt >= lt);
+
+				const vmime::string recip =
+					vmime::string(line.begin() + lt + 1, line.begin() + gt);
+
+				std::set <vmime::string>::iterator it =
+					m_recipients.find(recip);
+
+				VASSERT(
+					std::string("Recipient not found: '") + recip + "'",
+					it != m_recipients.end()
+				);
+
+				m_recipients.erase(it);
+
+				localSend("250 OK, recipient accepted\r\n");
+
+				m_rcptSent = true;
+
+			} else if (cmd == "DATA") {
+
+				VASSERT("Client must send the MAIL command", m_mailSent);
+				VASSERT("Client must send the RCPT command", m_rcptSent);
+				VASSERT("All recipients", m_recipients.empty());
+
+				localSend("354 Ready to accept data; end with <CRLF>.<CRLF>\r\n");
+
+				m_state = STATE_DATA;
+				m_msgData.clear();
+
+				m_dataSent = true;
+
+			} else if (cmd == "NOOP") {
+
+				localSend("250 Completed\r\n");
+
+			} else if (cmd == "QUIT") {
+
+				m_quitSent = true;
+
+				localSend("221 test.vmime.org Service closing transmission channel\r\n");
+
+			} else {
+
+				localSend("502 Command not implemented\r\n");
+			}
+
+			break;
+		}
+		case STATE_DATA: {
+
+			if (line == ".") {
+
+				VASSERT_EQ("Data", "Message data\r\n", m_msgData);
+
+				localSend("250 Message accepted for delivery\r\n");
+				m_state = STATE_COMMAND;
+
+			} else {
+
+				m_msgData += line + "\r\n";
+			}
+
+			break;
+		}
+
+		}
+
+		processCommand();
+	}
+
+private:
+
+	enum State {
+		STATE_NOT_CONNECTED,
+		STATE_COMMAND,
+		STATE_DATA
+	};
+
+	int m_state;
+
+	std::set <vmime::string> m_recipients;
+
+	std::string m_msgData;
+
+	bool m_ehloSent, m_heloSent, m_mailSent, m_rcptSent,
+	     m_dataSent, m_quitSent;
+};
+
+
+
+/** SMTP test server 2.
+  *
+  * Test CHUNKING extension/BDAT command.
+  */
+class chunkingSMTPTestSocket : public testSocket {
+
+public:
+
+	chunkingSMTPTestSocket() {
+
+		m_state = STATE_NOT_CONNECTED;
+		m_bdatChunkCount = 0;
+		m_ehloSent = m_mailSent = m_rcptSent = m_quitSent = false;
+	}
+
+	~chunkingSMTPTestSocket() {
+
+		VASSERT_EQ("BDAT chunk count", 3, m_bdatChunkCount);
+		VASSERT("Client must send the QUIT command", m_quitSent);
+	}
+
+	void onConnected() {
+
+		localSend("220 test.vmime.org Service ready\r\n");
+		processCommand();
+
+		m_state = STATE_COMMAND;
+	}
+
+	void onDataReceived() {
+
+		if (m_state == STATE_DATA) {
+
+			if (m_bdatChunkReceived != m_bdatChunkSize) {
+
+				const size_t remaining = m_bdatChunkSize - m_bdatChunkReceived;
+				const size_t received = localReceiveRaw(NULL, remaining);
+
+				m_bdatChunkReceived += received;
+			}
+
+			if (m_bdatChunkReceived == m_bdatChunkSize) {
+
+				m_state = STATE_COMMAND;
+			}
+		}
+
+		processCommand();
+	}
+
+	void processCommand() {
+
+		vmime::string line;
+
+		if (!localReceiveLine(line)) {
+			return;
+		}
+
+		std::istringstream iss(line);
+
+		switch (m_state) {
+
+		case STATE_NOT_CONNECTED:
+
+			localSend("451 Requested action aborted: invalid state\r\n");
+			break;
+
+		case STATE_COMMAND: {
+
+			std::string cmd;
+			iss >> cmd;
+
+			if (cmd == "EHLO") {
+
+				localSend("250-test.vmime.org says hello\r\n");
+				localSend("250 CHUNKING\r\n");
+
+				m_ehloSent = true;
+
+			} else if (cmd == "HELO") {
+
+				VASSERT("Client must not send the HELO command, as EHLO succeeded", false);
+
+			} else if (cmd == "MAIL") {
+
+				VASSERT("The MAIL command must be sent only one time", !m_mailSent);
+
+				localSend("250 OK\r\n");
+
+				m_mailSent = true;
+
+			} else if (cmd == "RCPT") {
+
+				localSend("250 OK, recipient accepted\r\n");
+
+				m_rcptSent = true;
+
+			} else if (cmd == "DATA") {
+
+				VASSERT("BDAT must be used here!", false);
+
+			} else if (cmd == "BDAT") {
+
+				VASSERT("Client must send the MAIL command", m_mailSent);
+				VASSERT("Client must send the RCPT command", m_rcptSent);
+
+				unsigned long chunkSize = 0;
+				iss >> chunkSize;
+
+				std::string last;
+				iss >> last;
+
+				if (m_bdatChunkCount == 0) {
+
+					VASSERT_EQ("BDAT chunk1 size", 262144, chunkSize);
+					VASSERT_EQ("BDAT chunk1 last", "", last);
+
+				} else if (m_bdatChunkCount == 1) {
+
+					VASSERT_EQ("BDAT chunk2 size", 262144, chunkSize);
+					VASSERT_EQ("BDAT chunk2 last", "", last);
+
+				} else if (m_bdatChunkCount == 2) {
+
+					VASSERT_EQ("BDAT chunk3 size", 4712, chunkSize);
+					VASSERT_EQ("BDAT chunk3 last", "LAST", last);
+
+				} else {
+
+					VASSERT("No more BDAT command should be issued!", false);
+				}
+
+				m_bdatChunkSize = chunkSize;
+				m_bdatChunkReceived = 0;
+				m_bdatChunkCount++;
+				m_state = STATE_DATA;
+
+				localSend("250 chunk received\r\n");
+
+			} else if (cmd == "NOOP") {
+
+				localSend("250 Completed\r\n");
+
+			} else if (cmd == "QUIT") {
+
+				localSend("221 test.vmime.org Service closing transmission channel\r\n");
+
+				m_quitSent = true;
+
+			} else {
+
+				localSend("502 Command not implemented\r\n");
+			}
+
+			break;
+		}
+
+		}
+
+		processCommand();
+	}
+
+private:
+
+	enum State {
+		STATE_NOT_CONNECTED,
+		STATE_COMMAND,
+		STATE_DATA
+	};
+
+	int m_state;
+	int m_bdatChunkCount;
+	size_t m_bdatChunkSize, m_bdatChunkReceived;
+
+	bool m_ehloSent, m_mailSent, m_rcptSent, m_quitSent;
+};
+
+
+class SMTPTestMessage : public vmime::message {
+
+public:
+
+	vmime::size_t getChunkBufferSize() const {
+
+		static vmime::net::smtp::SMTPChunkingOutputStreamAdapter chunkStream(vmime::null, 0, NULL);
+		return chunkStream.getBlockSize();
+	}
+
+	const std::vector <vmime::string>& getChunks() const {
+
+		static std::vector <vmime::string> chunks;
+
+		if (chunks.size() == 0) {
+			chunks.push_back(vmime::string(1000, 'A'));
+			chunks.push_back(vmime::string(3000, 'B'));
+			chunks.push_back(vmime::string(500000, 'C'));
+			chunks.push_back(vmime::string(25000, 'D'));
+		}
+
+		return chunks;
+	}
+
+	void generateImpl(
+		const vmime::generationContext& /* ctx */,
+		vmime::utility::outputStream& outputStream,
+		const size_t /* curLinePos */ = 0,
+		size_t* /* newLinePos */ = NULL
+	) const {
+
+		for (size_t i = 0, n = getChunks().size() ; i < n ; ++i) {
+
+			const vmime::string& chunk = getChunks()[i];
+			outputStream.write(chunk.data(), chunk.size());
+		}
+	}
+};
+
+
+
+/** SMTP test server 3.
+  *
+  * Test SIZE extension.
+  */
+template <bool WITH_CHUNKING>
+class bigMessageSMTPTestSocket : public testSocket {
+
+public:
+
+	bigMessageSMTPTestSocket() {
+
+		m_state = STATE_NOT_CONNECTED;
+		m_ehloSent = m_mailSent = m_rcptSent = m_quitSent = false;
+	}
+
+	~bigMessageSMTPTestSocket() {
+
+		VASSERT("Client must send the QUIT command", m_quitSent);
+	}
+
+	void onConnected() {
+
+		localSend("220 test.vmime.org Service ready\r\n");
+		processCommand();
+
+		m_state = STATE_COMMAND;
+	}
+
+	void onDataReceived() {
+
+		processCommand();
+	}
+
+	void processCommand() {
+
+		vmime::string line;
+
+		if (!localReceiveLine(line)) {
+			return;
+		}
+
+		std::istringstream iss(line);
+
+		switch (m_state) {
+
+		case STATE_NOT_CONNECTED:
+
+			localSend("451 Requested action aborted: invalid state\r\n");
+			break;
+
+		case STATE_COMMAND: {
+
+			std::string cmd;
+			iss >> cmd;
+
+			if (cmd == "EHLO") {
+
+				localSend("250-test.vmime.org says hello\r\n");
+
+				if (WITH_CHUNKING) {
+					localSend("250-CHUNKING\r\n");
+				}
+
+				localSend("250 SIZE 1000000\r\n");
+
+				m_ehloSent = true;
+
+			} else if (cmd == "HELO") {
+
+				VASSERT("Client must not send the HELO command, as EHLO succeeded", false);
+
+			} else if (cmd == "MAIL") {
+
+				VASSERT("The MAIL command must be sent only one time", !m_mailSent);
+
+				std::string address;
+				iss >> address;
+
+				VASSERT_EQ("MAIL/address", "FROM:<expeditor@test.vmime.org>", address);
+
+				std::string option;
+				iss >> option;
+
+				VASSERT_EQ("MAIL/size", "SIZE=4194304", option);
+
+				localSend("552 Channel size limit exceeded\r\n");
+
+				m_mailSent = true;
+
+			} else if (cmd == "NOOP") {
+
+				localSend("250 Completed\r\n");
+
+			} else if (cmd == "QUIT") {
+
+				localSend("221 test.vmime.org Service closing transmission channel\r\n");
+
+				m_quitSent = true;
+
+			} else {
+
+				VASSERT("No other command should be sent", false);
+
+				localSend("502 Command not implemented\r\n");
+			}
+
+			break;
+		}
+
+		}
+
+		processCommand();
+	}
+
+private:
+
+	enum State {
+		STATE_NOT_CONNECTED,
+		STATE_COMMAND,
+		STATE_DATA
+	};
+
+	int m_state;
+
+	bool m_ehloSent, m_mailSent, m_rcptSent, m_quitSent;
+};
+
+
+template <unsigned long SIZE>
+class SMTPBigTestMessage : public vmime::message {
+
+public:
+
+	size_t getGeneratedSize(const vmime::generationContext& /* ctx */) {
+
+		return SIZE;
+	}
+
+	void generateImpl(
+		const vmime::generationContext& /* ctx */,
+		vmime::utility::outputStream& outputStream,
+		const vmime::size_t /* curLinePos */ = 0,
+		vmime::size_t* /* newLinePos */ = NULL
+	) const {
+
+		for (unsigned int i = 0, n = SIZE ; i < n ; ++i) {
+			outputStream.write("X", 1);
+		}
+	}
+};
+
+typedef SMTPBigTestMessage <4194304> SMTPBigTestMessage4MB;
+
+
+
+/** SMTP test server for SMTPUTF8 extension.
+  */
+template <bool SUPPORTS_UTF8>
+class UTF8SMTPTestSocket : public lineBasedTestSocket {
+
+public:
+
+	UTF8SMTPTestSocket() {
+
+		if (SUPPORTS_UTF8) {
+
+			m_rcptLines.insert("RCPT TO:<recipient1@test.vmime.org>");
+			m_rcptLines.insert("RCPT TO:<recipient2@test.vmime.org>");
+			m_rcptLines.insert("RCPT TO:<récepteur@test.vmime.org>");
+
+		} else {
+
+			m_rcptLines.insert("RCPT TO:<recipient1@test.vmime.org>");
+			m_rcptLines.insert("RCPT TO:<recipient2@test.vmime.org>");
+			m_rcptLines.insert("RCPT TO:<=?utf-8?Q?r=C3=A9cepteur?=@test.vmime.org>");
+		}
+
+		m_state = STATE_NOT_CONNECTED;
+		m_ehloSent = m_mailSent = m_rcptSent = m_dataSent = m_quitSent = false;
+	}
+
+	~UTF8SMTPTestSocket() {
+
+	}
+
+	void onConnected() {
+
+		localSend("220 test.vmime.org Service ready\r\n");
+		processCommand();
+
+		m_state = STATE_COMMAND;
+	}
+
+	void processCommand() {
+
+		if (!haveMoreLines()) {
+			return;
+		}
+
+		vmime::string line = getNextLine();
+		std::istringstream iss(line);
+
+		switch (m_state) {
+
+		case STATE_NOT_CONNECTED:
+
+			localSend("451 Requested action aborted: invalid state\r\n");
+			break;
+
+		case STATE_COMMAND: {
+
+			std::string cmd;
+			iss >> cmd;
+
+			if (cmd.empty()) {
+
+				localSend("500 Syntax error, command unrecognized\r\n");
+
+			} else if (cmd == "EHLO") {
+
+				if (SUPPORTS_UTF8) {
+
+					localSend("250-test.vmime.org\r\n");
+					localSend("250 SMTPUTF8\r\n");
+
+				} else {
+
+					localSend("250 test.vmime.org\r\n");
+				}
+
+				m_ehloSent = true;
+
+			} else if (cmd == "HELO") {
+
+				VASSERT("Client must not send the HELO command, as EHLO succeeded", false);
+
+			} else if (cmd == "MAIL") {
+
+				VASSERT("Client must send the EHLO command", m_ehloSent);
+				VASSERT("The MAIL command must be sent only one time", !m_mailSent);
+
+				if (SUPPORTS_UTF8) {
+
+					VASSERT(
+						"MAIL",
+						   std::string("MAIL FROM:<expediteur@test.vmime.org> SMTPUTF8") == line
+						|| std::string("MAIL FROM:<expéditeur@test.vmime.org> SMTPUTF8") == line
+					);
+
+				} else {
+
+					VASSERT(
+						"MAIL",
+						   std::string("MAIL FROM:<expediteur@test.vmime.org>") == line
+						|| std::string("MAIL FROM:<=?utf-8?Q?exp=C3=A9diteur?=@test.vmime.org>") == line
+					);
+				}
+
+				localSend("250 OK\r\n");
+
+				m_mailSent = true;
+
+			} else if (cmd == "RCPT") {
+
+				std::set <vmime::string>::iterator it = m_rcptLines.find(line);
+
+				VASSERT(std::string("RCPT not found: '") + line + "'", it != m_rcptLines.end());
+
+				m_rcptLines.erase(it);
+
+				localSend("250 OK, recipient accepted\r\n");
+
+				m_rcptSent = true;
+
+			} else if (cmd == "DATA") {
+
+				VASSERT("Client must send the MAIL command", m_mailSent);
+				VASSERT("Client must send the RCPT command", m_rcptSent);
+				VASSERT("All recipients", m_rcptLines.empty());
+
+				localSend("354 Ready to accept data; end with <CRLF>.<CRLF>\r\n");
+
+				m_state = STATE_DATA;
+				m_msgData.clear();
+
+				m_dataSent = true;
+
+			} else if (cmd == "NOOP") {
+
+				localSend("250 Completed\r\n");
+
+			} else if (cmd == "QUIT") {
+
+				m_quitSent = true;
+
+				localSend("221 test.vmime.org Service closing transmission channel\r\n");
+
+			} else {
+
+				localSend("502 Command not implemented\r\n");
+			}
+
+			break;
+		}
+		case STATE_DATA: {
+
+			if (line == ".") {
+
+				VASSERT_EQ("Data", "Message data\r\n", m_msgData);
+
+				localSend("250 Message accepted for delivery\r\n");
+				m_state = STATE_COMMAND;
+
+			} else {
+
+				m_msgData += line + "\r\n";
+			}
+
+			break;
+		}
+
+		}
+
+		processCommand();
+	}
+
+private:
+
+	enum State {
+		STATE_NOT_CONNECTED,
+		STATE_COMMAND,
+		STATE_DATA
+	};
+
+	int m_state;
+
+	std::set <vmime::string> m_rcptLines;
+
+	std::string m_msgData;
+
+	bool m_ehloSent, m_mailSent, m_rcptSent, m_dataSent, m_quitSent;
+};
diff --git a/vmime-master/tests/parser/attachmentHelperTest.cpp b/vmime-master/tests/parser/attachmentHelperTest.cpp
new file mode 100644
index 0000000..866f8de
--- /dev/null
+++ b/vmime-master/tests/parser/attachmentHelperTest.cpp
@@ -0,0 +1,335 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(attachmentHelperTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testAddAttachment1)
+		VMIME_TEST(testAddAttachment2)
+		VMIME_TEST(testAddAttachment3)
+		VMIME_TEST(testIsBodyPartAnAttachment1)
+		VMIME_TEST(testIsBodyPartAnAttachment2)
+		VMIME_TEST(testIsBodyPartAnAttachment3)
+		VMIME_TEST(testGetBodyPartAttachment)
+		VMIME_TEST(testAddAttachmentMessage1)
+		VMIME_TEST(testGetBodyPartAttachmentMessage)
+	VMIME_TEST_LIST_END
+
+
+	static const vmime::string getStructure(const vmime::shared_ptr <vmime::bodyPart>& part) {
+
+		vmime::shared_ptr <vmime::body> bdy = part->getBody();
+
+		vmime::string res = part->getBody()->getContentType().generate();
+
+		if (bdy->getPartCount() == 0) {
+			return res;
+		}
+
+		res += "[";
+
+		for (size_t i = 0 ; i < bdy->getPartCount() ; ++i) {
+
+			vmime::shared_ptr <vmime::bodyPart> subPart = bdy->getPartAt(i);
+
+			if (i != 0) {
+				res += ",";
+			}
+
+			res += getStructure(subPart);
+		}
+
+		return res + "]";
+	}
+
+	static const vmime::string extractBodyContents(
+		const vmime::shared_ptr <const vmime::bodyPart>& part
+	) {
+
+		vmime::shared_ptr <const vmime::contentHandler> cth = part->getBody()->getContents();
+
+		vmime::string data;
+		vmime::utility::outputStreamStringAdapter os(data);
+
+		cth->extract(os);
+
+		return data;
+	}
+
+	void testAddAttachment1() {
+
+		vmime::string data =
+"Content-Type: text/plain\r\n"
+"\r\n"
+"The text\r\n"
+"";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(data);
+
+		vmime::shared_ptr <vmime::attachment> att =
+			vmime::make_shared <vmime::defaultAttachment>(
+				vmime::make_shared <vmime::stringContentHandler>("test"),
+				vmime::mediaType("image/jpeg")
+			);
+
+		vmime::attachmentHelper::addAttachment(msg, att);
+
+		VASSERT_EQ("1", "multipart/mixed[text/plain,image/jpeg]", getStructure(msg));
+		VASSERT_EQ("2", "The text\r\n", extractBodyContents(msg->getBody()->getPartAt(0)));
+	}
+
+	void testAddAttachment2() {
+
+		vmime::string data =
+"Content-Type: multipart/mixed; boundary=\"foo\"\r\n"
+"\r\n"
+"--foo\r\n"
+"Content-Type: text/plain\r\n"
+"\r\n"
+"The text\r\n"
+"--foo\r\n"
+"Content-Type: application/octet-stream\r\n"
+"\r\n"
+"Blah\r\n"
+"--foo--\r\n"
+"";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(data);
+
+		vmime::shared_ptr <vmime::attachment> att =
+			vmime::make_shared <vmime::defaultAttachment>(
+				vmime::make_shared <vmime::stringContentHandler>("test"),
+				vmime::mediaType("image/jpeg")
+			);
+
+		vmime::attachmentHelper::addAttachment(msg, att);
+
+		VASSERT_EQ("1", "multipart/mixed[text/plain,application/octet-stream,image/jpeg]", getStructure(msg));
+		VASSERT_EQ("2", "The text", extractBodyContents(msg->getBody()->getPartAt(0)));
+		VASSERT_EQ("3", "Blah", extractBodyContents(msg->getBody()->getPartAt(1)));
+		VASSERT_EQ("4", "test", extractBodyContents(msg->getBody()->getPartAt(2)));
+	}
+
+	// Initial part is encoded
+	void testAddAttachment3() {
+
+		vmime::string data =
+"Content-Type: text/plain\r\n"
+"Content-Transfer-Encoding: base64\r\n"
+"\r\n"
+"TWVzc2FnZSBib2R5";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(data);
+
+		vmime::shared_ptr <vmime::attachment> att =
+			vmime::make_shared <vmime::defaultAttachment>(
+				vmime::make_shared <vmime::stringContentHandler>("test"),
+				vmime::mediaType("image/jpeg")
+			);
+
+		vmime::attachmentHelper::addAttachment(msg, att);
+
+		VASSERT_EQ("1", "multipart/mixed[text/plain,image/jpeg]", getStructure(msg));
+		VASSERT_EQ("2", "Message body", extractBodyContents(msg->getBody()->getPartAt(0)));
+	}
+
+	// Content-Disposition: attachment
+	// No other field
+	void testIsBodyPartAnAttachment1() {
+
+		vmime::string data = "Content-Disposition: attachment\r\n\r\nFoo\r\n";
+
+		vmime::shared_ptr <vmime::bodyPart> p = vmime::make_shared <vmime::bodyPart>();
+		p->parse(data);
+
+		VASSERT_EQ("1", true, vmime::attachmentHelper::isBodyPartAnAttachment(p));
+	}
+
+	// No Content-Disposition field
+	// Content-Type: multipart/* or text/*
+	void testIsBodyPartAnAttachment2() {
+
+		vmime::string data = "Content-Type: multipart/*\r\n\r\nFoo\r\n";
+
+		vmime::shared_ptr <vmime::bodyPart> p = vmime::make_shared <vmime::bodyPart>();
+		p->parse(data);
+
+		VASSERT_EQ("1", false, vmime::attachmentHelper::isBodyPartAnAttachment(p));
+
+		data = "Content-Type: text/*\r\n\r\nFoo\r\n";
+
+		p->parse(data);
+
+		VASSERT_EQ("2", false, vmime::attachmentHelper::isBodyPartAnAttachment(p));
+	}
+
+	// No Content-Disposition field
+	void testIsBodyPartAnAttachment3() {
+
+		vmime::string data = "Content-Type: application/octet-stream\r\n\r\nFoo\r\n";
+
+		vmime::shared_ptr <vmime::bodyPart> p = vmime::make_shared <vmime::bodyPart>();
+		p->parse(data);
+
+		VASSERT_EQ("1", true, vmime::attachmentHelper::isBodyPartAnAttachment(p));
+	}
+
+	// Content-Disposition: attachment
+	// Content-Id field present
+	void testIsBodyPartAnAttachment4() {
+
+		vmime::string data = "Content-Disposition: attachment\r\n"
+			"Content-Type: application/octet-stream\r\n"
+			"Content-Id: bar\r\n"
+			"\r\nFoo\r\n";
+
+		vmime::shared_ptr <vmime::bodyPart> p = vmime::make_shared <vmime::bodyPart>();
+		p->parse(data);
+
+		VASSERT_EQ("1", false, vmime::attachmentHelper::isBodyPartAnAttachment(p));
+	}
+
+	void testGetBodyPartAttachment() {
+
+		vmime::string data =
+			"Content-Type: image/jpeg\r\n"
+			"Content-Description: foobar\r\n"
+			"Content-Transfer-Encoding: x-baz\r\n"
+			"Content-Disposition: attachment; filename=\"foobar.baz\"\r\n"
+			"\r\n"
+			"Foo bar baz";
+
+		vmime::shared_ptr <vmime::bodyPart> part = vmime::make_shared <vmime::bodyPart>();
+		part->parse(data);
+
+		vmime::shared_ptr <const vmime::attachment> att =
+			vmime::attachmentHelper::getBodyPartAttachment(part);
+
+		VASSERT_EQ("1", "image/jpeg", att->getType().generate());
+		VASSERT_EQ("2", "foobar", att->getDescription().generate());
+		VASSERT_EQ("3", "x-baz", att->getEncoding().generate());
+		VASSERT_EQ("4", "foobar.baz", att->getName().generate());
+
+		vmime::string attData;
+		vmime::utility::outputStreamStringAdapter out(attData);
+		att->getData()->extractRaw(out);  // 'x-baz' encoding not supported
+
+		VASSERT_EQ("5", "Foo bar baz", attData);
+
+		//VASSERT_EQ("6", part, att->getPart());
+		VASSERT_EQ("6", part->generate(), vmime::dynamicCast <const vmime::component>(att->getPart())->generate());
+		//VASSERT_EQ("7", part->getHeader(), att->getHeader());
+		VASSERT_EQ("7", part->getHeader()->generate(), att->getHeader()->generate());
+	}
+
+	void testAddAttachmentMessage1() {
+
+		const vmime::string data =
+"Subject: Test message\r\n"
+"Content-Type: text/plain\r\n"
+"\r\n"
+"Message body";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(data);
+
+		const vmime::string attData =
+"Subject: Attached message\r\n"
+"Content-Type: text/plain\r\n"
+"Content-Transfer-Encoding: base64\r\n"
+"\r\n"
+"QXR0YWNoZWQgbWVzc2FnZSBib2R5";
+
+		vmime::shared_ptr <vmime::message> amsg = vmime::make_shared <vmime::message>();
+		amsg->parse(attData);
+
+		vmime::attachmentHelper::addAttachment(msg, amsg);
+
+		VASSERT_EQ("1", "multipart/mixed[text/plain,message/rfc822]", getStructure(msg));
+		VASSERT_EQ("2", "Message body", extractBodyContents(msg->getBody()->getPartAt(0)));
+
+		// Ensure message has been encoded properly
+		vmime::shared_ptr <const vmime::bodyPart> attPart = msg->getBody()->getPartAt(1);
+		vmime::shared_ptr <const vmime::contentHandler> attCth = attPart->getBody()->getContents();
+
+		vmime::string attDataOut;
+		vmime::utility::outputStreamStringAdapter attDataOutOs(attDataOut);
+
+		attCth->extract(attDataOutOs);
+
+		vmime::shared_ptr <vmime::message> amsgOut = vmime::make_shared <vmime::message>();
+		amsgOut->parse(attDataOut);
+
+		vmime::shared_ptr <vmime::header> hdr = amsgOut->getHeader();
+
+		VASSERT_EQ("3", "Attached message", hdr->Subject()->getValue <vmime::text>()->generate());
+		VASSERT_EQ("4", "Attached message body", extractBodyContents(amsgOut));
+	}
+
+	void testGetBodyPartAttachmentMessage() {
+
+		const vmime::string data =
+"Subject: Test message\r\n"
+"Content-Type: multipart/mixed; boundary=\"foo\"\r\n"
+"\r\n"
+"--foo\r\n"
+"Content-Type: message/rfc822\r\n"
+"\r\n"
+"Subject: Attached message\r\n"
+"\r\n"
+"Attached message body\r\n"
+"--foo\r\n"
+"Content-Type: text/plain\r\n"
+"\r\n"
+"FooBar\r\n"
+"--foo--\r\n";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(data);
+
+		VASSERT_EQ("0", 2, msg->getBody()->getPartCount());
+
+		vmime::shared_ptr <const vmime::attachment> att =
+			vmime::attachmentHelper::getBodyPartAttachment(msg->getBody()->getPartAt(0));
+
+		VASSERT("1", att != NULL);
+
+		vmime::shared_ptr <const vmime::messageAttachment> msgAtt =
+			vmime::dynamicCast <const vmime::messageAttachment>(att);
+
+		VASSERT("2", msgAtt != NULL);
+
+		vmime::shared_ptr <vmime::message> amsg = msgAtt->getMessage();
+		vmime::shared_ptr <vmime::header> hdr = amsg->getHeader();
+
+		VASSERT_EQ("3", "Attached message", hdr->Subject()->getValue <vmime::text>()->generate());
+		VASSERT_EQ("4", "Attached message body", extractBodyContents(amsg));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/bodyPartTest.cpp b/vmime-master/tests/parser/bodyPartTest.cpp
new file mode 100644
index 0000000..3aaadd0
--- /dev/null
+++ b/vmime-master/tests/parser/bodyPartTest.cpp
@@ -0,0 +1,414 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(bodyPartTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testParseGuessBoundary)
+		VMIME_TEST(testParseGuessBoundaryWithTransportPadding)
+		VMIME_TEST(testParseMissingLastBoundary)
+		VMIME_TEST(testPrologEpilog)
+		VMIME_TEST(testPrologEncoding)
+		VMIME_TEST(testSuccessiveBoundaries)
+		VMIME_TEST(testTransportPaddingInBoundary)
+		VMIME_TEST(testGenerate7bit)
+		VMIME_TEST(testTextUsageForQPEncoding)
+		VMIME_TEST(testParseVeryBigMessage)
+		VMIME_TEST(testParseBoundaryPrefix)
+	VMIME_TEST_LIST_END
+
+
+	static const vmime::string extractComponentString(
+		const vmime::string& buffer,
+		const vmime::component& c
+	) {
+
+		return vmime::string(
+			buffer.begin() + c.getParsedOffset(),
+			buffer.begin() + c.getParsedOffset() + c.getParsedLength()
+		);
+	}
+
+	static const vmime::string extractContents(
+		const vmime::shared_ptr <const vmime::contentHandler>& cts
+	) {
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter os(oss);
+
+		cts->extract(os);
+
+		return oss.str();
+	}
+
+
+	void testParse() {
+
+		vmime::string str1 = "HEADER\r\n\r\nBODY";
+		vmime::bodyPart p1;
+		p1.parse(str1);
+
+		VASSERT_EQ("1", "HEADER\r\n\r\n", extractComponentString(str1, *p1.getHeader()));
+		VASSERT_EQ("2", "BODY", extractComponentString(str1, *p1.getBody()));
+
+		vmime::string str2 = "HEADER\n\nBODY";
+		vmime::bodyPart p2;
+		p2.parse(str2);
+
+		VASSERT_EQ("3", "HEADER\n\n", extractComponentString(str2, *p2.getHeader()));
+		VASSERT_EQ("4", "BODY", extractComponentString(str2, *p2.getBody()));
+
+		vmime::string str3 = "HEADER\r\n\nBODY";
+		vmime::bodyPart p3;
+		p3.parse(str3);
+
+		VASSERT_EQ("5", "HEADER\r\n\n", extractComponentString(str3, *p3.getHeader()));
+		VASSERT_EQ("6", "BODY", extractComponentString(str3, *p3.getBody()));
+	}
+
+	void testParseMissingLastBoundary() {
+
+		vmime::string str =
+			"Content-Type: multipart/mixed; boundary=\"MY-BOUNDARY\""
+			"\r\n\r\n"
+			"--MY-BOUNDARY\r\nHEADER1\r\n\r\nBODY1\r\n"
+			"--MY-BOUNDARY\r\nHEADER2\r\n\r\nBODY2";
+
+		vmime::bodyPart p;
+		p.parse(str);
+
+		VASSERT_EQ("count", 2, p.getBody()->getPartCount());
+
+		VASSERT_EQ("part1-body", "BODY1", extractContents(p.getBody()->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "BODY2", extractContents(p.getBody()->getPartAt(1)->getBody()->getContents()));
+	}
+
+	void testGenerate() {
+
+		vmime::bodyPart p1;
+		p1.getHeader()->getField("Foo")->setValue(vmime::string("bar"));
+		p1.getBody()->setContents(vmime::make_shared <vmime::stringContentHandler>("Baz"));
+
+		VASSERT_EQ("1", "Foo: bar\r\n\r\nBaz", p1.generate());
+	}
+
+	void testPrologEpilog() {
+
+		const char testMail[] =
+			"To: test@vmime.org\r\n"
+			"From: test@vmime.org\r\n"
+			"Subject: Prolog and epilog test\r\n"
+			"Content-Type: multipart/mixed; \r\n"
+			" boundary=\"=_boundary\"\r\n"
+			"\r\n"
+			"Prolog text\r\n"
+			"--=_boundary\r\n"
+			"Content-Type: text/plain\r\n"
+			"\r\n"
+			"Part1\r\n"
+			"--=_boundary--\r\n"
+			"Epilog text";
+
+		vmime::bodyPart part;
+		part.parse(testMail);
+
+		VASSERT_EQ("prolog", "Prolog text", part.getBody()->getPrologText());
+		VASSERT_EQ("epilog", "Epilog text", part.getBody()->getEpilogText());
+	}
+
+	// Test for bug fix: prolog should not be encoded
+	// http://sourceforge.net/tracker/?func=detail&atid=525568&aid=3174903&group_id=69724
+	void testPrologEncoding() {
+
+		const char testmail[] =
+			"To: test@vmime.org\r\n"
+			"From: test@vmime.org\r\n"
+			"Subject: Prolog encoding test\r\n"
+			"Content-Type: multipart/mixed; \r\n"
+			" boundary=\"=_+ZWjySayKqSf2CyrfnNpaAcO6-G1HpoXdHZ4YyswAWqEY39Q\"\r\n"
+			"\r\n"
+			"This is a multi-part message in MIME format. Your mail reader does not\r\n"
+			"understand MIME message format.\r\n"
+			"--=_+ZWjySayKqSf2CyrfnNpaAcO6-G1HpoXdHZ4YyswAWqEY39Q\r\n"
+			"Content-Type: text/html; charset=windows-1251\r\n"
+			"Content-Transfer-Encoding: quoted-printable\r\n"
+			"\r\n"
+			"=DD=F2=EE =F2=E5=EA=F1=F2=EE=E2=E0=FF =F7=E0=F1=F2=FC =F1=EB=EE=E6=ED=EE=E3=\r\n"
+			"=EE =F1=EE=EE=E1=F9=E5=ED=E8=FF\r\n"
+			"--=_+ZWjySayKqSf2CyrfnNpaAcO6-G1HpoXdHZ4YyswAWqEY39Q\r\n"
+			"Content-Type: application/octet-stream; charset=windows-1251\r\n"
+			"Content-Disposition: attachment; filename=FNS.zip\r\n"
+			"Content-Transfer-Encoding: base64\r\n"
+			"\r\n"
+			"UEsDBB...snap...EEAAAAAA==\r\n"
+			"--=_+ZWjySayKqSf2CyrfnNpaAcO6-G1HpoXdHZ4YyswAWqEY39Q--\r\n"
+			"Epilog text";
+
+		vmime::shared_ptr<vmime::message> msg = vmime::make_shared<vmime::message>();
+
+		std::string istr(testmail);
+
+		std::string ostr;
+		vmime::utility::outputStreamStringAdapter out(ostr);
+
+		for (int i = 0 ; i < 10 ; ++i) {
+
+			ostr.clear();
+
+			msg->parse(istr);
+			msg->generate(out);
+
+			istr = ostr;
+		}
+
+		VASSERT_EQ("prolog", "This is a multi-part message in MIME format. Your mail reader"
+					   " does not understand MIME message format.", msg->getBody()->getPrologText());
+		VASSERT_EQ("epilog", "Epilog text", msg->getBody()->getEpilogText());
+	}
+
+	void testSuccessiveBoundaries() {
+
+		vmime::string str =
+			"Content-Type: multipart/mixed; boundary=\"MY-BOUNDARY\""
+			"\r\n\r\n"
+			"--MY-BOUNDARY\r\nHEADER1\r\n\r\nBODY1\r\n"
+			"--MY-BOUNDARY\r\n"
+			"--MY-BOUNDARY--\r\n";
+
+		vmime::bodyPart p;
+		p.parse(str);
+
+		VASSERT_EQ("count", 2, p.getBody()->getPartCount());
+
+		VASSERT_EQ("part1-body", "BODY1", extractContents(p.getBody()->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "", extractContents(p.getBody()->getPartAt(1)->getBody()->getContents()));
+	}
+
+	void testTransportPaddingInBoundary() {
+
+		vmime::string str =
+			"Content-Type: multipart/mixed; boundary=\"MY-BOUNDARY\""
+			"\r\n\r\n"
+			"--MY-BOUNDARY  \t \r\nHEADER1\r\n\r\nBODY1\r\n"
+			"--MY-BOUNDARY\r\n"
+			"--MY-BOUNDARY-- \r\n";
+
+		vmime::bodyPart p;
+		p.parse(str);
+
+		VASSERT_EQ("count", 2, p.getBody()->getPartCount());
+
+		VASSERT_EQ("part1-body", "BODY1", extractContents(p.getBody()->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "", extractContents(p.getBody()->getPartAt(1)->getBody()->getContents()));
+	}
+
+	/** Ensure '7bit' encoding is used when body is 7-bit only. */
+	void testGenerate7bit() {
+
+		vmime::shared_ptr <vmime::plainTextPart> p1 = vmime::make_shared <vmime::plainTextPart>();
+		p1->setText(vmime::make_shared <vmime::stringContentHandler>("Part1 is US-ASCII only."));
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		p1->generateIn(msg, msg);
+
+		vmime::shared_ptr <vmime::header> header1 = msg->getBody()->getPartAt(0)->getHeader();
+		VASSERT_EQ("1", "7bit", header1->ContentTransferEncoding()->getValue()->generate());
+	}
+
+	void testTextUsageForQPEncoding() {
+
+		vmime::shared_ptr <vmime::plainTextPart> part = vmime::make_shared <vmime::plainTextPart>();
+		part->setText(vmime::make_shared <vmime::stringContentHandler>("Part1-line1\r\nPart1-line2\r\n\x89"));
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		part->generateIn(msg, msg);
+
+		vmime::shared_ptr <vmime::body> body = msg->getBody()->getPartAt(0)->getBody();
+		vmime::shared_ptr <vmime::header> header = msg->getBody()->getPartAt(0)->getHeader();
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter os(oss);
+		body->generate(os, 80);
+
+		VASSERT_EQ("1", "quoted-printable", header->ContentTransferEncoding()->getValue()->generate());
+
+		// This should *NOT* be:
+		//    Part1-line1=0D=0APart1-line2=0D=0A=89
+		VASSERT_EQ("2", "Part1-line1\r\nPart1-line2\r\n=89", oss.str());
+	}
+
+	void testParseGuessBoundary() {
+
+		// Boundary is not specified in "Content-Type" field
+		// Parser will try to guess it from message contents.
+
+		vmime::string str =
+			"Content-Type: multipart/mixed"
+			"\r\n\r\n"
+			"--UNKNOWN-BOUNDARY\r\nHEADER1\r\n\r\nBODY1\r\n"
+			"--UNKNOWN-BOUNDARY\r\nHEADER2\r\n\r\nBODY2\r\n"
+			"--UNKNOWN-BOUNDARY--";
+
+		vmime::bodyPart p;
+		p.parse(str);
+
+		VASSERT_EQ("count", 2, p.getBody()->getPartCount());
+
+		VASSERT_EQ("part1-body", "BODY1", extractContents(p.getBody()->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "BODY2", extractContents(p.getBody()->getPartAt(1)->getBody()->getContents()));
+	}
+
+	void testParseGuessBoundaryWithTransportPadding() {
+
+		// Boundary is not specified in "Content-Type" field
+		// Parser will try to guess it from message contents.
+		// Transport padding white spaces should be ignored.
+
+		vmime::string str =
+			"Content-Type: multipart/mixed"
+			"\r\n\r\n"
+			"--UNKNOWN-BOUNDARY  \t \r\nHEADER1\r\n\r\nBODY1\r\n"
+			"--UNKNOWN-BOUNDARY\r\nHEADER2\r\n\r\nBODY2\r\n"
+			"--UNKNOWN-BOUNDARY--";
+
+		vmime::bodyPart p;
+		p.parse(str);
+
+		VASSERT_EQ("count", 2, p.getBody()->getPartCount());
+
+		VASSERT_EQ("part1-body", "BODY1", extractContents(p.getBody()->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "BODY2", extractContents(p.getBody()->getPartAt(1)->getBody()->getContents()));
+	}
+
+	void testParseVeryBigMessage() {
+
+		// When parsing from a seekable input stream, body contents should not
+		// be kept in memory in a "stringContentHandler" object. Instead, content
+		// should be accessible via a "streamContentHandler" object.
+
+		static const std::string BODY1_BEGIN = "BEGIN1BEGIN1BEGIN1";
+		static const std::string BODY1_LINE = "BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1BODY1";
+		static const std::string BODY1_END = "END1END1";
+		static const unsigned int BODY1_REPEAT = 35000;
+		static const size_t BODY1_LENGTH =
+			BODY1_BEGIN.length() + BODY1_LINE.length() * BODY1_REPEAT + BODY1_END.length();
+
+		static const std::string BODY2_LINE = "BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2BODY2";
+		static const unsigned int BODY2_REPEAT = 20000;
+
+		std::ostringstream oss;
+		oss << "Content-Type: multipart/mixed; boundary=\"MY-BOUNDARY\""
+		    << "\r\n\r\n"
+		    << "--MY-BOUNDARY\r\n"
+		    << "HEADER1\r\n"
+		    << "\r\n";
+
+		oss << BODY1_BEGIN;
+
+		for (unsigned int i = 0 ; i < BODY1_REPEAT ; ++i) {
+			oss << BODY1_LINE;
+		}
+
+		oss << BODY1_END;
+
+		oss << "\r\n"
+		    << "--MY-BOUNDARY\r\n"
+		    << "HEADER2\r\n"
+		    << "\r\n";
+
+		for (unsigned int i = 0 ; i < BODY2_REPEAT ; ++i) {
+			oss << BODY2_LINE;
+		}
+
+		oss << "\r\n"
+		    << "--MY-BOUNDARY--\r\n";
+
+		vmime::shared_ptr <vmime::utility::inputStreamStringAdapter> is =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(oss.str());
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(is, oss.str().length());
+
+		vmime::shared_ptr <vmime::body> body1 = msg->getBody()->getPartAt(0)->getBody();
+		vmime::shared_ptr <const vmime::contentHandler> body1Cts = body1->getContents();
+
+		vmime::shared_ptr <vmime::body> body2 = msg->getBody()->getPartAt(1)->getBody();
+		vmime::shared_ptr <const vmime::contentHandler> body2Cts = body2->getContents();
+
+		vmime::string body1CtsExtracted;
+		vmime::utility::outputStreamStringAdapter body1CtsExtractStream(body1CtsExtracted);
+		body1Cts->extract(body1CtsExtractStream);
+
+		VASSERT_EQ("1.1", BODY1_LENGTH, body1Cts->getLength());
+		VASSERT("1.2", vmime::dynamicCast <const vmime::streamContentHandler>(body1Cts) != NULL);
+		VASSERT_EQ("1.3", BODY1_LENGTH, body1CtsExtracted.length());
+		VASSERT_EQ("1.4", BODY1_BEGIN, body1CtsExtracted.substr(0, BODY1_BEGIN.length()));
+		VASSERT_EQ("1.5", BODY1_END, body1CtsExtracted.substr(BODY1_LENGTH - BODY1_END.length(), BODY1_END.length()));
+
+		VASSERT_EQ("2.1", BODY2_LINE.length() * BODY2_REPEAT, body2Cts->getLength());
+		VASSERT("2.2", vmime::dynamicCast <const vmime::streamContentHandler>(body2Cts) != NULL);
+	}
+
+	void testParseBoundaryPrefix() {
+		/*
+		 * Clients are not supposed to create boundary identifiers that
+		 * contain a prefix of another (RFC 2046 section 5.1), but alas
+		 * CANCOM FortiMail produces this garbage.
+		 */
+		vmime::string str =
+			"Content-Type: multipart/related; boundary=\"--b12\"\r\n"
+			"\r\n"
+			"----b12\r\n"
+			"Content-Type: multipart/alternative; boundary=\"--b12-1\"\r\n"
+			"\r\n"
+			"----b12-1\r\n"
+			"Content-Type: text/plain; charset=utf-8\r\n"
+			"\r\n"
+			"P11\r\n"
+			"----b12-1\r\n"
+			"Content-Type: text/html; charset=utf-8\r\n"
+			"\r\n"
+			"P12\r\n"
+			"----b12-1--\r\n"
+			"----b12\r\n"
+			"\r\n"
+			"P2\r\n"
+			"----b12--\r\n";
+
+		vmime::bodyPart relco;
+		relco.parse(str);
+		auto relbd = relco.getBody();
+		VASSERT_EQ("global-partcount", 2, relbd->getPartCount());
+		auto altbd = relbd->getPartAt(0)->getBody();
+		VASSERT_EQ("part1-partcount", 2, altbd->getPartCount());
+		VASSERT_EQ("part1.1-body", "P11", extractContents(altbd->getPartAt(0)->getBody()->getContents()));
+		VASSERT_EQ("part1.2-body", "P12", extractContents(altbd->getPartAt(1)->getBody()->getContents()));
+		VASSERT_EQ("part2-body", "P2", extractContents(relbd->getPartAt(1)->getBody()->getContents()));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/bodyTest.cpp b/vmime-master/tests/parser/bodyTest.cpp
new file mode 100644
index 0000000..31054f3
--- /dev/null
+++ b/vmime-master/tests/parser/bodyTest.cpp
@@ -0,0 +1,79 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(bodyTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testGenerate_Text)
+		VMIME_TEST(testGenerate_NonText)
+	VMIME_TEST_LIST_END
+
+	void testGenerate_Text() {
+
+		// RFC-2015: [Quoted-Printable encoding] A line break in a text body,
+		// represented as a CRLF sequence in the text canonical form, must be
+		// represented by a line break which is also a CRLF sequence, in the
+		// Quoted-Printable encoding
+
+		vmime::bodyPart p;
+		p.getBody()->setContents(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"Foo éé\r\né bar\r\nbaz"
+			),
+			vmime::mediaType("text", "plain"),
+			vmime::charset("utf-8"),
+			vmime::encoding("quoted-printable")
+		);
+
+		VASSERT_EQ(
+			"generate",
+			"Foo =C3=A9=C3=A9\r\n"
+			"=C3=A9 bar\r\n"
+			"baz",
+			p.getBody()->generate()
+		);
+	}
+
+	void testGenerate_NonText() {
+
+		vmime::bodyPart p;
+		p.getBody()->setContents(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"Binary\xfa\xfb\r\ndata\r\n\r\n\xfc"
+			),
+			vmime::mediaType("application", "octet-stream"),
+			vmime::charset("utf-8"),
+			vmime::encoding("quoted-printable")
+		);
+
+		VASSERT_EQ(
+			"generate",
+			"Binary=FA=FB=0D=0Adata=0D=0A=0D=0A=FC",
+			p.getBody()->generate()
+		);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/charsetFilteredOutputStreamTest.cpp b/vmime-master/tests/parser/charsetFilteredOutputStreamTest.cpp
new file mode 100644
index 0000000..0ebd83a
--- /dev/null
+++ b/vmime-master/tests/parser/charsetFilteredOutputStreamTest.cpp
@@ -0,0 +1,213 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/charset.hpp"
+#include "vmime/charsetConverter.hpp"
+
+#include "charsetTestSuites.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(charsetFilteredOutputStreamTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testInputBufferUnderflow)
+		VMIME_TEST(testInvalidInput1)
+		VMIME_TEST(testStreamCopy)
+		VMIME_TEST(testOneByteAtTime)
+		VMIME_TEST(testVariableInputChunk)
+	VMIME_TEST_LIST_END
+
+
+	void testInputBufferUnderflow() {
+
+		vmime::shared_ptr <vmime::charsetConverter> cc =
+			vmime::charsetConverter::create("utf-8", "iso-8859-1");
+
+		vmime::string output;
+		vmime::utility::outputStreamStringAdapter os(output);
+		vmime::shared_ptr <vmime::utility::filteredOutputStream> cfos = cc->getFilteredOutputStream(os);
+
+		VASSERT_NOT_NULL("filteredOutputStream availability", cfos);
+
+		// føo = 66 c3 b8 6f [UTF8]
+		// føo = 66 f8 6f [latin1]
+
+		cfos->write("\x66\xc3", 2);
+
+		// Incomplete UTF-8 sequence was not converted
+		VASSERT_EQ("chunk 1", toHex("f"), toHex(output));
+
+		// Write second byte of UTF-8 sequence
+		cfos->write("\xb8\x6f", 2);
+
+		VASSERT_EQ("chunk 2", toHex("f\xf8o"), toHex(output));
+	}
+
+	void testInvalidInput1() {
+
+		vmime::string in("foo\xab\xcd\xef bar");
+		vmime::string expectedOut("foo??? bar");
+
+		vmime::string actualOut;
+		vmime::utility::outputStreamStringAdapter osa(actualOut);
+
+		vmime::shared_ptr <vmime::charsetConverter> conv =
+			vmime::charsetConverter::create(vmime::charset("utf-8"), vmime::charset("iso-8859-1"));
+
+		vmime::shared_ptr <vmime::utility::charsetFilteredOutputStream> os =
+			conv->getFilteredOutputStream(osa);
+
+		VASSERT_NOT_NULL("filteredOutputStream availability", os);
+
+		vmime::utility::inputStreamStringAdapter is(in);
+
+		vmime::byte_t buffer[16];
+
+		for (int i = 0 ; !is.eof() ; ++i)
+			os->write(buffer, is.read(buffer, 1));
+
+		os->flush();
+
+		VASSERT_EQ("1", toHex(expectedOut), toHex(actualOut));
+	}
+
+	// Using 'bufferedStreamCopy'
+	void testStreamCopy() {
+
+		for (unsigned int i = 0 ; i < charsetTestSuitesCount ; ++i) {
+
+			const charsetTestSuiteStruct& entry = charsetTestSuites[i];
+
+			std::ostringstream testName;
+			testName << i << ": " << entry.fromCharset << " -> " << entry.toCharset;
+
+			const unsigned long inLength = (entry.fromLength == 0 ? strlen(entry.fromBytes) : entry.fromLength);
+			vmime::string in(entry.fromBytes, entry.fromBytes + inLength);
+
+			const unsigned long outLength = (entry.toLength == 0 ? strlen(entry.toBytes) : entry.toLength);
+			vmime::string expectedOut(entry.toBytes, entry.toBytes + outLength);
+
+			vmime::string actualOut;
+			vmime::utility::outputStreamStringAdapter osa(actualOut);
+
+			vmime::shared_ptr <vmime::charsetConverter> conv =
+				vmime::charsetConverter::create(entry.fromCharset, entry.toCharset);
+
+			vmime::shared_ptr <vmime::utility::charsetFilteredOutputStream> os =
+				conv->getFilteredOutputStream(osa);
+
+			VASSERT_NOT_NULL("filteredOutputStream availability", os);
+
+			vmime::utility::inputStreamStringAdapter is(in);
+
+			vmime::utility::bufferedStreamCopy(is, *os);
+
+			os->flush();
+
+			VASSERT_EQ(testName.str(), toHex(expectedOut), toHex(actualOut));
+		}
+	}
+
+	// One byte at a time
+	void testOneByteAtTime() {
+
+		for (unsigned int i = 0 ; i < charsetTestSuitesCount ; ++i) {
+
+			const charsetTestSuiteStruct& entry = charsetTestSuites[i];
+
+			std::ostringstream testName;
+			testName << i << ": " << entry.fromCharset << " -> " << entry.toCharset;
+
+			const unsigned long inLength = (entry.fromLength == 0 ? strlen(entry.fromBytes) : entry.fromLength);
+			vmime::string in(entry.fromBytes, entry.fromBytes + inLength);
+
+			const unsigned long outLength = (entry.toLength == 0 ? strlen(entry.toBytes) : entry.toLength);
+			vmime::string expectedOut(entry.toBytes, entry.toBytes + outLength);
+
+			vmime::string actualOut;
+			vmime::utility::outputStreamStringAdapter osa(actualOut);
+
+			vmime::shared_ptr <vmime::charsetConverter> conv =
+				vmime::charsetConverter::create(entry.fromCharset, entry.toCharset);
+
+			vmime::shared_ptr <vmime::utility::charsetFilteredOutputStream> os =
+				conv->getFilteredOutputStream(osa);
+
+			VASSERT_NOT_NULL("filteredOutputStream availability", os);
+
+			vmime::utility::inputStreamStringAdapter is(in);
+
+			vmime::byte_t buffer[16];
+
+			for (int i = 0 ; !is.eof() ; ++i)
+				os->write(buffer, is.read(buffer, 1));
+
+			os->flush();
+
+			VASSERT_EQ(testName.str(), toHex(expectedOut), toHex(actualOut));
+		}
+	}
+
+	// Variable chunks
+	void testVariableInputChunk() {
+
+		for (unsigned int i = 0 ; i < charsetTestSuitesCount ; ++i) {
+
+			const charsetTestSuiteStruct& entry = charsetTestSuites[i];
+
+			std::ostringstream testName;
+			testName << i << ": " << entry.fromCharset << " -> " << entry.toCharset;
+
+			const unsigned long inLength = (entry.fromLength == 0 ? strlen(entry.fromBytes) : entry.fromLength);
+			vmime::string in(entry.fromBytes, entry.fromBytes + inLength);
+
+			const unsigned long outLength = (entry.toLength == 0 ? strlen(entry.toBytes) : entry.toLength);
+			vmime::string expectedOut(entry.toBytes, entry.toBytes + outLength);
+
+			vmime::string actualOut;
+			vmime::utility::outputStreamStringAdapter osa(actualOut);
+
+			vmime::shared_ptr <vmime::charsetConverter> conv =
+				vmime::charsetConverter::create(entry.fromCharset, entry.toCharset);
+
+			vmime::shared_ptr <vmime::utility::charsetFilteredOutputStream> os =
+				conv->getFilteredOutputStream(osa);
+
+			VASSERT_NOT_NULL("filteredOutputStream availability", os);
+
+			vmime::utility::inputStreamStringAdapter is(in);
+
+			vmime::byte_t buffer[16];
+
+			for (int i = 0 ; !is.eof() ; ++i)
+				os->write(buffer, is.read(buffer, (i % 5) + 1));
+
+			os->flush();
+
+			VASSERT_EQ(testName.str(), toHex(expectedOut), toHex(actualOut));
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/charsetTest.cpp b/vmime-master/tests/parser/charsetTest.cpp
new file mode 100644
index 0000000..e44bef5
--- /dev/null
+++ b/vmime-master/tests/parser/charsetTest.cpp
@@ -0,0 +1,252 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include <algorithm>
+
+#include "tests/testUtils.hpp"
+
+#include "charsetTestSuites.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(charsetTest)
+
+	VMIME_TEST_LIST_BEGIN
+		// Test valid input
+		VMIME_TEST(testConvertStringValid)
+		VMIME_TEST(testConvertStreamValid)
+		VMIME_TEST(testEncodingHebrew1255)
+
+		// IDNA
+		VMIME_TEST(testEncodeIDNA)
+		VMIME_TEST(testDecodeIDNA)
+
+		VMIME_TEST(testUTF7Support)
+
+		VMIME_TEST(testReplaceInvalidSequence)
+		VMIME_TEST(testStopOnInvalidSequence)
+
+		VMIME_TEST(testStatus)
+		VMIME_TEST(testStatusWithInvalidSequence)
+
+		VMIME_TEST(testIsValidText)
+	VMIME_TEST_LIST_END
+
+
+	void testConvertStringValid() {
+
+		for (unsigned int i = 0 ; i < charsetTestSuitesCount ; ++i) {
+
+			const charsetTestSuiteStruct& entry = charsetTestSuites[i];
+
+			std::ostringstream testName;
+			testName << i << ": " << entry.fromCharset << " -> " << entry.toCharset;
+
+			const unsigned long inLength = (entry.fromLength == 0 ? strlen(entry.fromBytes) : entry.fromLength);
+			vmime::string in(entry.fromBytes, entry.fromBytes + inLength);
+
+			const unsigned long outLength = (entry.toLength == 0 ? strlen(entry.toBytes) : entry.toLength);
+			vmime::string expectedOut(entry.toBytes, entry.toBytes + outLength);
+
+			vmime::string actualOut;
+
+			vmime::charset::convert
+				(in, actualOut, entry.fromCharset, entry.toCharset);
+
+			VASSERT_EQ(testName.str(), toHex(expectedOut), toHex(actualOut));
+		}
+	}
+
+	void testConvertStreamValid() {
+
+		for (unsigned int i = 0 ; i < charsetTestSuitesCount ; ++i) {
+
+			const charsetTestSuiteStruct& entry = charsetTestSuites[i];
+
+			std::ostringstream testName;
+			testName << i << ": " << entry.fromCharset << " -> " << entry.toCharset;
+
+			const unsigned long inLength = (entry.fromLength == 0 ? strlen(entry.fromBytes) : entry.fromLength);
+			vmime::string in(entry.fromBytes, entry.fromBytes + inLength);
+
+			const unsigned long outLength = (entry.toLength == 0 ? strlen(entry.toBytes) : entry.toLength);
+			vmime::string expectedOut(entry.toBytes, entry.toBytes + outLength);
+
+			vmime::string actualOut;
+			vmime::utility::outputStreamStringAdapter os(actualOut);
+
+			vmime::utility::inputStreamStringAdapter is(in);
+
+			vmime::charset::convert(is, os, entry.fromCharset, entry.toCharset);
+
+			os.flush();
+
+			VASSERT_EQ(testName.str(), toHex(expectedOut), toHex(actualOut));
+		}
+	}
+
+	void testEncodingHebrew1255() {
+
+		// hewbrew string in windows-1255 charset
+		const char data[] = "\xe9\xf9\xf7\xf8\xe9\xf9\xf8\xf7\xe9\xe9\xf9";
+		vmime::word w = vmime::word(data, "windows-1255");
+		vmime::string encoded = w.generate();
+		// less than 60% ascii, base64 received
+		VASSERT_EQ("1", "=?windows-1255?B?6fn3+On5+Pfp6fk=?=", encoded);
+	}
+
+	static const vmime::string convertHelper(
+		const vmime::string& in,
+		const vmime::charset& csrc,
+		const vmime::charset& cdest,
+		const vmime::charsetConverterOptions& opts = vmime::charsetConverterOptions(),
+		vmime::charsetConverter::status* st = NULL
+	) {
+
+		vmime::shared_ptr <vmime::charsetConverter> conv =
+			vmime::charsetConverter::create(csrc, cdest, opts);
+
+		vmime::string out;
+		conv->convert(in, out, st);
+
+		return out;
+	}
+
+	void testEncodeIDNA() {
+
+		VASSERT_EQ("1", "xn--espaol-zwa", convertHelper("español", "utf-8", "idna"));
+
+		// Tests from ICANN
+		VASSERT_EQ("2.1", "xn--hxajbheg2az3al", convertHelper("πα�άδειγμα", "utf-8", "idna"));
+		VASSERT_EQ("2.2", "xn--jxalpdlp", convertHelper("δοκιμή", "utf-8", "idna"));
+
+		VASSERT_EQ("3.1", "xn--mgbh0fb", convertHelper("مثال", "utf-8", "idna"));
+		VASSERT_EQ("3.2", "xn--kgbechtv", convertHelper("إختبار", "utf-8", "idna"));
+	}
+
+	void testDecodeIDNA() {
+
+		VASSERT_EQ("1", "español", convertHelper("xn--espaol-zwa", "idna", "utf-8"));
+
+		// Tests from ICANN
+		VASSERT_EQ("2.1", "πα�άδειγμα", convertHelper("xn--hxajbheg2az3al", "idna", "utf-8"));
+		VASSERT_EQ("2.2", "δοκιμή", convertHelper("xn--jxalpdlp", "idna", "utf-8"));
+
+		VASSERT_EQ("3.1", "مثال", convertHelper("xn--mgbh0fb", "idna", "utf-8"));
+		VASSERT_EQ("3.2", "إختبار", convertHelper("xn--kgbechtv", "idna", "utf-8"));
+	}
+
+	void testUTF7Support() {
+
+		// Ensure UTF-7 is supported, because it is used for IMAP
+		VASSERT_EQ("1", "VMime +- UTF-7 encoding", convertHelper("VMime + UTF-7 encoding", "utf-8", "utf-7"));
+		VASSERT_EQ("2", "f+APg-o", convertHelper("\x66\xc3\xb8\x6f", "utf-8", "utf-7"));
+	}
+
+	void testReplaceInvalidSequence() {
+
+		vmime::charsetConverterOptions opts;
+		opts.silentlyReplaceInvalidSequences = true;
+		opts.invalidSequence = "?";
+
+		vmime::string res = convertHelper(
+			"\x61\xf1\x80\x80\xe1\x80\xc2\x62\x80\x63\x80\xbf\x64",
+			"utf-8", "iso-8859-1", opts
+		);
+
+		// Result should be in the form "a???b?c??d" or "a??????b?c??d"...
+		// Remove consecutive question marks for easier matching.
+		res.erase(std::unique(res.begin(), res.end()), res.end());
+
+		VASSERT_EQ(
+			"Illegal UTF-8 sequence",
+			"a?b?c?d",
+			res
+		);
+	}
+
+	void testStopOnInvalidSequence() {
+
+		vmime::charsetConverterOptions opts;
+		opts.silentlyReplaceInvalidSequences = false;
+
+		VASSERT_THROW(
+			"Illegal UTF-8 sequence",
+			convertHelper("\x61\xf1\x80\x80\xe1\x80\xc2\x62\x80\x63\x80\xbf\x64", "utf-8", "iso-8859-1", opts),
+			vmime::exceptions::illegal_byte_sequence_for_charset
+		);
+	}
+
+	void testStatus() {
+
+		vmime::charsetConverterOptions opts;
+		opts.silentlyReplaceInvalidSequences = false;
+
+		vmime::charsetConverter::status st;
+
+		//             012345   6   7
+		convertHelper("Gwena\xc3\xabl", "utf-8", "iso-8859-1", opts, &st);
+
+		VASSERT_EQ("inputBytesRead", 8, st.inputBytesRead);
+		VASSERT_EQ("outputBytesWritten", 7, st.outputBytesWritten);
+	}
+
+	void testStatusWithInvalidSequence() {
+
+		vmime::charsetConverterOptions opts;
+		opts.silentlyReplaceInvalidSequences = false;
+
+		vmime::charsetConverter::status st;
+
+		try {
+
+			//             01234   5   6789   0   1
+			convertHelper("Fran\xc3\xa7ois\xf1\x80\x65", "utf-8", "iso-8859-1", opts, &st);
+
+		} catch (vmime::exceptions::illegal_byte_sequence_for_charset& e) {
+
+		} catch (...) {
+
+			throw;
+		}
+
+		VASSERT_EQ("inputBytesRead", 9, st.inputBytesRead);
+		VASSERT_EQ("outputBytesWritten", 8, st.outputBytesWritten);
+	}
+
+	void testIsValidText() {
+
+		// Invalid text
+		const vmime::string invalidText("Fran\xc3\xa7ois\xf1\x80\x65");
+		vmime::string::size_type firstInvalidByte;
+
+		VASSERT_EQ("invalid.isValidText", false, vmime::charset("utf-8").isValidText(invalidText, &firstInvalidByte));
+		VASSERT_EQ("invalid.firstInvalidByte", 9, firstInvalidByte);
+
+		// Valid text
+		const vmime::string validText("Gwena\xc3\xabl");
+
+		VASSERT_EQ("valid.isValidText", true, vmime::charset("utf-8").isValidText(validText, &firstInvalidByte));
+		VASSERT_EQ("valid.firstInvalidByte", 8, firstInvalidByte);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/charsetTestSuites.hpp b/vmime-master/tests/parser/charsetTestSuites.hpp
new file mode 100644
index 0000000..9653016
--- /dev/null
+++ b/vmime-master/tests/parser/charsetTestSuites.hpp
@@ -0,0 +1,102 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+
+struct charsetTestSuiteStruct {
+
+	const char* fromCharset;
+	const char* toCharset;
+	const char* fromBytes;
+	const unsigned int fromLength;
+	const char* toBytes;
+	const unsigned int toLength;
+};
+
+
+static const charsetTestSuiteStruct charsetTestSuites[] = {
+
+	// Test data 1 (excerpt from http://www.gnu.org)
+	{
+		"gb2312", "utf-8",
+
+		"\xbb\xb6\xd3\xad\xc0\xb4\xb5\xbd\x20\x47\x4e\x55\x20\xb9\xa4\xb3"
+		"\xcc\xb5\xc4\xcd\xf8\xd2\xb3\xcb\xc5\xb7\xfe\xd6\xf7\xbb\xfa\x20"
+		"\x77\x77\x77\x2e\x67\x6e\x75\x2e\x6f\x72\x67\x20\xa1\xa3\x20\x47"
+		"\x4e\x55\x20\xb9\xa4\xb3\xcc\x20\xbf\xaa\xca\xbc\xec\xb6\xd2\xbb"
+		"\xbe\xc5\xb0\xcb\xcb\xc4\xc4\xea\xa3\xac\xd6\xbc\xd4\xda\xb7\xa2"
+		"\xd5\xb9\xd2\xbb\xb8\xf6\xc0\xe0\xcb\xc6\x20\x55\x6e\x69\x78\x20"
+		"\xa3\xac\xc7\xd2\xce\xaa\x20\xd7\xd4\xd3\xc9\xc8\xed\xbc\xfe\x20"
+		"\xb5\xc4\xcd\xea\xd5\xfb\xb2\xd9\xd7\xf7\xcf\xb5\xcd\xb3\xa3\xba"
+		"\x20\x47\x4e\x55\x20\xcf\xb5\xcd\xb3\xa1\xa3\xa3\xa8\x47\x4e\x55"
+		"\x20\xca\xc7\xd3\xc9\xa1\xb0\x47\x4e\x55\x27\x73\x20\x4e\x6f\x74"
+		"\x20\x55\x6e\x69\x78\xa1\xb1\xcb\xf9\xb5\xdd\xbb\xd8\xb6\xa8\xd2"
+		"\xe5\xb3\xf6\xb5\xc4\xca\xd7\xd7\xd6\xc4\xb8\xcb\xf5\xd0\xb4\xd3"
+		"\xef\xa3\xbb\xcb\xfc\xb5\xc4\xb7\xa2\xd2\xf4\xce\xaa\xa1\xb0\x67"
+		"\x75\x68\x2d\x4e\x45\x57\xa1\xb1\xa3\xa9\xa1\xa3\xb8\xf7\xd6\xd6"
+		"\xca\xb9\xd3\xc3\x20\x4c\x69\x6e\x75\x78\x20\xd7\xf7\xce\xaa\xc4"
+		"\xda\xba\xcb\xb5\xc4\x20\x47\x4e\x55\x20\xb2\xd9\xd7\xf7\xcf\xb5"
+		"\xcd\xb3\xd5\xfd\xb1\xbb\xb9\xe3\xb7\xba\xb5\xd8\xca\xb9\xd3\xc3"
+		"\xd6\xf8\xa3\xbb\xcb\xe4\xc8\xbb\xd5\xe2\xd0\xa9\xcf\xb5\xcd\xb3"
+		"\xcd\xa8\xb3\xa3\xb1\xbb\xb3\xc6\xd7\xf7\xce\xaa\xa1\xb0\x4c\x69"
+		"\x6e\x75\x78\xa1\xb1\xa3\xac\xb5\xab\xca\xc7\xcb\xfc\xc3\xc7\xd3"
+		"\xa6\xb8\xc3\xb8\xfc\xbe\xab\xc8\xb7\xb5\xd8\xb1\xbb\xb3\xc6\xce"
+		"\xaa\x20\x47\x4e\x55\x2f\x4c\x69\x6e\x75\x78\x20\xcf\xb5\xcd\xb3"
+		"\x20\xa1\xa3\x0a",
+		0,
+
+		"\xe6\xac\xa2\xe8\xbf\x8e\xe6\x9d\xa5\xe5\x88\xb0\x20\x47\x4e\x55"
+		"\x20\xe5\xb7\xa5\xe7\xa8\x8b\xe7\x9a\x84\xe7\xbd\x91\xe9\xa1\xb5"
+		"\xe4\xbc\xba\xe6\x9c\x8d\xe4\xb8\xbb\xe6\x9c\xba\x20\x77\x77\x77"
+		"\x2e\x67\x6e\x75\x2e\x6f\x72\x67\x20\xe3\x80\x82\x20\x47\x4e\x55"
+		"\x20\xe5\xb7\xa5\xe7\xa8\x8b\x20\xe5\xbc\x80\xe5\xa7\x8b\xe6\x96"
+		"\xbc\xe4\xb8\x80\xe4\xb9\x9d\xe5\x85\xab\xe5\x9b\x9b\xe5\xb9\xb4"
+		"\xef\xbc\x8c\xe6\x97\xa8\xe5\x9c\xa8\xe5\x8f\x91\xe5\xb1\x95\xe4"
+		"\xb8\x80\xe4\xb8\xaa\xe7\xb1\xbb\xe4\xbc\xbc\x20\x55\x6e\x69\x78"
+		"\x20\xef\xbc\x8c\xe4\xb8\x94\xe4\xb8\xba\x20\xe8\x87\xaa\xe7\x94"
+		"\xb1\xe8\xbd\xaf\xe4\xbb\xb6\x20\xe7\x9a\x84\xe5\xae\x8c\xe6\x95"
+		"\xb4\xe6\x93\x8d\xe4\xbd\x9c\xe7\xb3\xbb\xe7\xbb\x9f\xef\xbc\x9a"
+		"\x20\x47\x4e\x55\x20\xe7\xb3\xbb\xe7\xbb\x9f\xe3\x80\x82\xef\xbc"
+		"\x88\x47\x4e\x55\x20\xe6\x98\xaf\xe7\x94\xb1\xe2\x80\x9c\x47\x4e"
+		"\x55\x27\x73\x20\x4e\x6f\x74\x20\x55\x6e\x69\x78\xe2\x80\x9d\xe6"
+		"\x89\x80\xe9\x80\x92\xe5\x9b\x9e\xe5\xae\x9a\xe4\xb9\x89\xe5\x87"
+		"\xba\xe7\x9a\x84\xe9\xa6\x96\xe5\xad\x97\xe6\xaf\x8d\xe7\xbc\xa9"
+		"\xe5\x86\x99\xe8\xaf\xad\xef\xbc\x9b\xe5\xae\x83\xe7\x9a\x84\xe5"
+		"\x8f\x91\xe9\x9f\xb3\xe4\xb8\xba\xe2\x80\x9c\x67\x75\x68\x2d\x4e"
+		"\x45\x57\xe2\x80\x9d\xef\xbc\x89\xe3\x80\x82\xe5\x90\x84\xe7\xa7"
+		"\x8d\xe4\xbd\xbf\xe7\x94\xa8\x20\x4c\x69\x6e\x75\x78\x20\xe4\xbd"
+		"\x9c\xe4\xb8\xba\xe5\x86\x85\xe6\xa0\xb8\xe7\x9a\x84\x20\x47\x4e"
+		"\x55\x20\xe6\x93\x8d\xe4\xbd\x9c\xe7\xb3\xbb\xe7\xbb\x9f\xe6\xad"
+		"\xa3\xe8\xa2\xab\xe5\xb9\xbf\xe6\xb3\x9b\xe5\x9c\xb0\xe4\xbd\xbf"
+		"\xe7\x94\xa8\xe8\x91\x97\xef\xbc\x9b\xe8\x99\xbd\xe7\x84\xb6\xe8"
+		"\xbf\x99\xe4\xba\x9b\xe7\xb3\xbb\xe7\xbb\x9f\xe9\x80\x9a\xe5\xb8"
+		"\xb8\xe8\xa2\xab\xe7\xa7\xb0\xe4\xbd\x9c\xe4\xb8\xba\xe2\x80\x9c"
+		"\x4c\x69\x6e\x75\x78\xe2\x80\x9d\xef\xbc\x8c\xe4\xbd\x86\xe6\x98"
+		"\xaf\xe5\xae\x83\xe4\xbb\xac\xe5\xba\x94\xe8\xaf\xa5\xe6\x9b\xb4"
+		"\xe7\xb2\xbe\xe7\xa1\xae\xe5\x9c\xb0\xe8\xa2\xab\xe7\xa7\xb0\xe4"
+		"\xb8\xba\x20\x47\x4e\x55\x2f\x4c\x69\x6e\x75\x78\x20\xe7\xb3\xbb"
+		"\xe7\xbb\x9f\x20\xe3\x80\x82\x0a",
+		0
+	}
+};
+
+static const vmime::size_t charsetTestSuitesCount = sizeof(charsetTestSuites) / sizeof(charsetTestSuites[0]);
diff --git a/vmime-master/tests/parser/datetimeTest.cpp b/vmime-master/tests/parser/datetimeTest.cpp
new file mode 100644
index 0000000..61c8522
--- /dev/null
+++ b/vmime-master/tests/parser/datetimeTest.cpp
@@ -0,0 +1,123 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(datetimeTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testCompare)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		struct datetimePair {
+			vmime::string parseBuffer;
+			vmime::datetime result;
+		};
+
+		// Here, we can't test all the possible structures for date/time,
+		// so we test some cases. Don't forget to add a new test case
+		// each time you encounter a bug in date/time parsing (after
+		// you have fixed it).
+		datetimePair pairs[] = {
+
+			{ /* 1 */ "Mon, 8 Nov 2004 13:42:56 +0000 (GMT)",
+			  vmime::datetime(2004, 11, 8, 13, 42, 56, vmime::datetime::GMT) },
+
+			{ /* 2 */ "Sun,  7 Nov 2004 00:43:22 -0500 (EST)",
+			  vmime::datetime(2004, 11, 7, 0, 43, 22, vmime::datetime::GMT_5) },
+
+			{ /* 3 */ "Thu Nov 18 12:11:16 2004",
+			  vmime::datetime(vmime::datetime::now().getYear(), 11, 18, 12, 11, 16, vmime::datetime::GMT) },
+
+			{ /* 4 */ "Sat, 18, 2004 22:36:32 -0400",
+			  vmime::datetime(2004, 1, 18, 22, 36, 32, vmime::datetime::GMT_4) },
+
+			{ /* 5 */ "Mon Dec 13 21:57:18 2004",
+			  vmime::datetime(vmime::datetime::now().getYear(), 12, 13, 21, 57, 18, vmime::datetime::GMT) },
+
+			{ /* 6 */ "18 Nov 2004 21:44:54 +0300",
+			  vmime::datetime(2004, 11, 18, 21, 44, 54, vmime::datetime::GMT3) }
+		};
+
+		for (unsigned int i = 0 ; i < sizeof(pairs) / sizeof(pairs[0]) ; ++i) {
+
+			vmime::datetime d;
+			d.parse(pairs[i].parseBuffer);
+
+			std::ostringstream oss;
+			oss << (i + 1);
+
+			VASSERT_EQ(oss.str(), pairs[i].result, d);
+		}
+	}
+
+	void testGenerate() {
+
+		vmime::datetime d1(2005, 7, 8, 4, 5, 6, 1 * 60 + 23);
+
+		VASSERT_EQ("1", "Fri, 8 Jul 2005 04:05:06 +0123", d1.generate());
+	}
+
+	void testCompare() {
+
+		// Date1 = Date2
+		vmime::datetime d1(2005, 4, 22, 14, 6, 0, vmime::datetime::GMT2);
+		vmime::datetime d2(2005, 4, 22, 10, 6, 0, vmime::datetime::GMT_2);
+
+		VASSERT_EQ("1.1", true,  d1 == d2);
+		VASSERT_EQ("1.2", false, d1 != d2);
+		VASSERT_EQ("1.3", true,  d1 <= d2);
+		VASSERT_EQ("1.4", false, d1 <  d2);
+		VASSERT_EQ("1.5", true,  d1 >= d2);
+		VASSERT_EQ("1.6", false, d1 >  d2);
+
+		// Date1 < Date2
+		vmime::datetime d3(2005, 4, 22, 14, 6, 0);
+		vmime::datetime d4(2005, 4, 22, 15, 6, 0);
+
+		VASSERT_EQ("2.1", false, d3 == d4);
+		VASSERT_EQ("2.2", true,  d3 != d4);
+		VASSERT_EQ("2.3", true,  d3 <= d4);
+		VASSERT_EQ("2.4", true,  d3 <  d4);
+		VASSERT_EQ("2.5", false, d3 >= d4);
+		VASSERT_EQ("2.6", false, d3 >  d4);
+
+		// Date1 > Date2
+		vmime::datetime d5(2005, 4, 22, 15, 6, 0);
+		vmime::datetime d6(2005, 4, 22, 14, 6, 0);
+
+		VASSERT_EQ("3.1", false, d5 == d6);
+		VASSERT_EQ("3.2", true,  d5 != d6);
+		VASSERT_EQ("3.3", false, d5 <= d6);
+		VASSERT_EQ("3.4", false, d5 <  d6);
+		VASSERT_EQ("3.5", true,  d5 >= d6);
+		VASSERT_EQ("3.6", true,  d5 >  d6);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/dispositionTest.cpp b/vmime-master/tests/parser/dispositionTest.cpp
new file mode 100644
index 0000000..f51c51e
--- /dev/null
+++ b/vmime-master/tests/parser/dispositionTest.cpp
@@ -0,0 +1,150 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(dispositionTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testModifiers)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		// disposition-mode ";" disposition-type
+		//      [ "/" disposition-modifier *( "," disposition-modifier ) ]
+		//
+		// disposition-mode = action-mode "/" sending-mode
+
+		vmime::disposition disp1;
+		disp1.parse("mode");
+
+		VASSERT_EQ("1.1", "mode", disp1.getActionMode());
+		VASSERT_EQ("1.2", "", disp1.getSendingMode());
+		VASSERT_EQ("1.3", "", disp1.getType());
+		VASSERT_EQ("1.4", 0, static_cast <int>(disp1.getModifierList().size()));
+
+		vmime::disposition disp2;
+		disp2.parse("amode/smode");
+
+		VASSERT_EQ("2.1", "amode", disp2.getActionMode());
+		VASSERT_EQ("2.2", "smode", disp2.getSendingMode());
+		VASSERT_EQ("2.3", "", disp2.getType());
+		VASSERT_EQ("2.4", 0, static_cast <int>(disp2.getModifierList().size()));
+
+		vmime::disposition disp3;
+		disp3.parse("amode/smode;type");
+
+		VASSERT_EQ("3.1", "amode", disp3.getActionMode());
+		VASSERT_EQ("3.2", "smode", disp3.getSendingMode());
+		VASSERT_EQ("3.3", "type", disp3.getType());
+		VASSERT_EQ("3.4", 0, static_cast <int>(disp3.getModifierList().size()));
+
+		vmime::disposition disp4;
+		disp4.parse("amode/smode;type/modif");
+
+		VASSERT_EQ("4.1", "amode", disp4.getActionMode());
+		VASSERT_EQ("4.2", "smode", disp4.getSendingMode());
+		VASSERT_EQ("4.3", "type", disp4.getType());
+		VASSERT_EQ("4.4", 1, static_cast <int>(disp4.getModifierList().size()));
+		VASSERT_EQ("4.5", "modif", disp4.getModifierList()[0]);
+
+		vmime::disposition disp5;
+		disp5.parse("amode/smode;type/modif1,modif2");
+
+		VASSERT_EQ("5.1", "amode", disp5.getActionMode());
+		VASSERT_EQ("5.2", "smode", disp5.getSendingMode());
+		VASSERT_EQ("5.3", "type", disp5.getType());
+		VASSERT_EQ("5.4", 2, static_cast <int>(disp5.getModifierList().size()));
+		VASSERT_EQ("5.5", "modif1", disp5.getModifierList()[0]);
+		VASSERT_EQ("5.6", "modif2", disp5.getModifierList()[1]);
+	}
+
+	void testGenerate() {
+
+		vmime::disposition disp;
+
+		VASSERT_EQ("1", "automatic-action/MDN-sent-automatically;displayed", disp.generate());
+
+		disp.setActionMode("amode");
+
+		VASSERT_EQ("2", "amode/MDN-sent-automatically;displayed", disp.generate());
+
+		disp.setActionMode("amode");
+		disp.setSendingMode("smode");
+
+		VASSERT_EQ("3", "amode/smode;displayed", disp.generate());
+
+		disp.setType("type");
+
+		VASSERT_EQ("4", "amode/smode;type", disp.generate());
+
+		disp.addModifier("modif1");
+
+		VASSERT_EQ("5", "amode/smode;type/modif1", disp.generate());
+
+		disp.addModifier("modif2");
+
+		VASSERT_EQ("6", "amode/smode;type/modif1,modif2", disp.generate());
+	}
+
+	void testModifiers() {
+
+		vmime::disposition disp1;
+
+		VASSERT_EQ("1", false, disp1.hasModifier("foo"));
+		VASSERT_EQ("2", 0, static_cast <int>(disp1.getModifierList().size()));
+
+		disp1.addModifier("bar");
+
+		VASSERT_EQ("3", false, disp1.hasModifier("foo"));
+		VASSERT_EQ("4", true, disp1.hasModifier("bar"));
+		VASSERT_EQ("5", 1, static_cast <int>(disp1.getModifierList().size()));
+
+		disp1.addModifier("plop");
+
+		VASSERT_EQ("6", false, disp1.hasModifier("foo"));
+		VASSERT_EQ("7", true, disp1.hasModifier("bar"));
+		VASSERT_EQ("8", true, disp1.hasModifier("plop"));
+		VASSERT_EQ("9", 2, static_cast <int>(disp1.getModifierList().size()));
+
+		disp1.removeModifier("bar");
+
+		VASSERT_EQ("10", false, disp1.hasModifier("foo"));
+		VASSERT_EQ("11", false, disp1.hasModifier("bar"));
+		VASSERT_EQ("12", true, disp1.hasModifier("plop"));
+		VASSERT_EQ("13", 1, static_cast <int>(disp1.getModifierList().size()));
+
+		disp1.removeModifier("PlOp");
+
+		VASSERT_EQ("14", false, disp1.hasModifier("foo"));
+		VASSERT_EQ("15", false, disp1.hasModifier("bar"));
+		VASSERT_EQ("16", false, disp1.hasModifier("plop"));
+		VASSERT_EQ("17", 0, static_cast <int>(disp1.getModifierList().size()));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/emailAddressTest.cpp b/vmime-master/tests/parser/emailAddressTest.cpp
new file mode 100644
index 0000000..f2a7070
--- /dev/null
+++ b/vmime-master/tests/parser/emailAddressTest.cpp
@@ -0,0 +1,281 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/platform.hpp"
+
+#include <locale>
+#include <clocale>
+
+
+VMIME_TEST_SUITE_BEGIN(emailAddressTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParseASCII)
+		VMIME_TEST(testParseEAI)
+		VMIME_TEST(testParseInvalid)
+		VMIME_TEST(testGenerateASCII)
+		VMIME_TEST(testGenerateEAI)
+		VMIME_TEST(testParseSpecialChars)
+		VMIME_TEST(testParseCommentInLocalPart)
+		VMIME_TEST(testParseCommentInDomainPart)
+		VMIME_TEST(testParseRFC2047EncodedLocalPart)
+		VMIME_TEST(testGenerateSpecialChars)
+	VMIME_TEST_LIST_END
+
+
+	void setUp() {
+
+		// Set the global C and C++ locale to the user-configured locale.
+		// The locale should use UTF-8 encoding for these tests to run successfully.
+		try {
+			std::locale::global(std::locale(""));
+		} catch (std::exception &) {
+			std::setlocale(LC_ALL, "");
+		}
+	}
+
+	void tearDown() {
+
+		// Restore default locale
+		std::locale::global(std::locale("C"));
+	}
+
+
+	void testParseASCII() {
+
+		vmime::emailAddress eml1("local@domain");
+		VASSERT_EQ("1/local", "local", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "domain", eml1.getDomainName());
+
+		// When not specified, domain should be local host name
+		vmime::emailAddress eml2("local");
+		VASSERT_EQ("2/local", "local", eml2.getLocalName());
+		VASSERT_EQ("2/domain", vmime::platform::getHandler()->getHostName(), eml2.getDomainName());
+	}
+
+	void testParseEAI() {
+
+		// Examples taken from Wikipedia (http://en.wikipedia.org/wiki/Email_address)
+
+		// Latin Alphabet (with diacritics):
+		vmime::emailAddress eml1("Pelé@example.com");
+		VASSERT_EQ("1/local", "Pelé", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "example.com", eml1.getDomainName());
+
+		// Greek Alphabet
+		vmime::emailAddress eml2("δοκιμή@πα�άδειγμα.δοκιμή");
+		VASSERT_EQ("2/local", "δοκιμή", eml2.getLocalName());
+		VASSERT_EQ("2/domain", "πα�άδειγμα.δοκιμή", eml2.getDomainName());
+
+		// Japanese Characters
+		vmime::emailAddress eml3("甲�@黒�.日本");
+		VASSERT_EQ("3/local", "甲�", eml3.getLocalName());
+		VASSERT_EQ("3/domain", "黒�.日本", eml3.getDomainName());
+
+		// Cyrillic Characters
+		vmime::emailAddress eml4("чебурашка@�щик-�-апель�инами.рф");
+		VASSERT_EQ("4/local", "чебурашка", eml4.getLocalName());
+		VASSERT_EQ("4/domain", "�щик-�-апель�инами.рф", eml4.getDomainName());
+	}
+
+	void testParseInvalid() {
+
+		// Only one @ is allowed outside quotation marks
+		vmime::emailAddress eml1("local@part@domain");
+		VASSERT_EQ("1/local", "local", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "part@domain", eml1.getDomainName());
+
+		// Quoted strings must be dot separated, or the only element making up
+		// the local-part: should be parsed correctly, but it still represents
+		// an invalid email address
+		vmime::emailAddress eml2("Just\"not\"right@example.com");
+		VASSERT_EQ("2/local", "Just\"not\"right", eml2.getLocalName());
+		VASSERT_EQ("2/domain", "example.com", eml2.getDomainName());
+
+		// An @ character must separate the local and domain parts
+		vmime::emailAddress eml3("Abc.example.com");
+		VASSERT_EQ("3/local", "Abc.example.com", eml3.getLocalName());
+		VASSERT_EQ("3/domain", vmime::platform::getHandler()->getHostName(), eml3.getDomainName());
+
+		// Whitespace must be escaped
+		vmime::emailAddress eml4("local part@domain");
+		VASSERT_EQ("4/local", "local", eml4.getLocalName());
+		VASSERT_EQ("4/domain", vmime::platform::getHandler()->getHostName(), eml4.getDomainName());
+
+		vmime::emailAddress eml5("this\\ still\\\"not\\\\allowed@example.com");
+		VASSERT_EQ("5/local", "this\\", eml5.getLocalName());
+		VASSERT_EQ("5/domain", vmime::platform::getHandler()->getHostName(), eml5.getDomainName());
+	}
+
+	void testParseSpecialChars() {
+
+		// Examples taken from Wikipedia (http://en.wikipedia.org/wiki/Email_address)
+
+		vmime::emailAddress eml1("\" \"@example.org");
+		VASSERT_EQ("1/local", " ", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "example.org", eml1.getDomainName());
+
+		vmime::emailAddress eml2("\"()<>[]:,;@\\\\\\\"!#$%&'*+-/=?^_`{}| ~.a\"@example.org");
+		VASSERT_EQ("2/local", "()<>[]:,;@\\\"!#$%&'*+-/=?^_`{}| ~.a", eml2.getLocalName());
+		VASSERT_EQ("3/domain", "example.org", eml2.getDomainName());
+
+		vmime::emailAddress eml3("!#$%&'*+-/=?^_`{}|~@example.org");
+		VASSERT_EQ("3/local", "!#$%&'*+-/=?^_`{}|~", eml3.getLocalName());
+		VASSERT_EQ("3/domain", "example.org", eml3.getDomainName());
+
+		vmime::emailAddress eml4("!#$%&'*+-/=?^_`{}|~@example.org");
+		VASSERT_EQ("4/local", "!#$%&'*+-/=?^_`{}|~", eml4.getLocalName());
+		VASSERT_EQ("4/domain", "example.org", eml4.getDomainName());
+
+		vmime::emailAddress eml5("\"very.unusual.@.unusual.com\"@example.com");
+		VASSERT_EQ("5/local", "very.unusual.@.unusual.com", eml5.getLocalName());
+		VASSERT_EQ("5/domain", "example.com", eml5.getDomainName());
+
+		vmime::emailAddress eml6("\"very.(),:;<>[]\\\".VERY.\\\"very@\\\\ \\\"very\\\".unusual\"@strange.example.com");
+		VASSERT_EQ("6/local", "very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual", eml6.getLocalName());
+		VASSERT_EQ("6/domain", "strange.example.com", eml6.getDomainName());
+	}
+
+	void testParseCommentInLocalPart() {
+
+		vmime::emailAddress eml1("john.smith(comment)@example.com");
+		VASSERT_EQ("1/local", "john.smith", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "example.com", eml1.getDomainName());
+
+		vmime::emailAddress eml2("(comment)john.smith@example.com");
+		VASSERT_EQ("2/local", "john.smith", eml2.getLocalName());
+		VASSERT_EQ("2/domain", "example.com", eml2.getDomainName());
+
+		vmime::emailAddress eml3("(comment (comment in comment))john.smith@example.com");
+		VASSERT_EQ("3/local", "john.smith", eml3.getLocalName());
+		VASSERT_EQ("3/domain", "example.com", eml3.getDomainName());
+
+		vmime::emailAddress eml4("(comment \\) end comment)john.smith@example.com");
+		VASSERT_EQ("4/local", "john.smith", eml4.getLocalName());
+		VASSERT_EQ("4/domain", "example.com", eml4.getDomainName());
+	}
+
+	void testParseCommentInDomainPart() {
+
+		vmime::emailAddress eml1("john.smith@(comment)example.com");
+		VASSERT_EQ("1/local", "john.smith", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "example.com", eml1.getDomainName());
+
+		vmime::emailAddress eml2("john.smith@example.com(comment)");
+		VASSERT_EQ("2/local", "john.smith", eml2.getLocalName());
+		VASSERT_EQ("2/domain", "example.com", eml2.getDomainName());
+
+		vmime::emailAddress eml3("john.smith@(comment (comment in comment))example.com");
+		VASSERT_EQ("3/local", "john.smith", eml3.getLocalName());
+		VASSERT_EQ("3/domain", "example.com", eml3.getDomainName());
+
+		vmime::emailAddress eml4("john.smith@(comment \\) end comment)example.com");
+		VASSERT_EQ("4/local", "john.smith", eml4.getLocalName());
+		VASSERT_EQ("4/domain", "example.com", eml4.getDomainName());
+	}
+
+	void testParseRFC2047EncodedLocalPart() {
+
+		vmime::emailAddress eml1("=?utf-8?Q?Pel=C3=A9?=@example.com");
+		VASSERT_EQ("1/local", "Pelé", eml1.getLocalName());
+		VASSERT_EQ("1/domain", "example.com", eml1.getDomainName());
+
+		vmime::emailAddress eml2("=?utf-8?B?55Sy5paQ?=@xn--5rtw95l.xn--wgv71a");
+		VASSERT_EQ("2/local", "甲�", eml2.getLocalName());
+		VASSERT_EQ("2/domain", "黒�.日本", eml2.getDomainName());
+
+		vmime::emailAddress eml3("=?utf-8?B?55Sy5paQ?=@xn--5rtw95l.com");
+		VASSERT_EQ("3/local", "甲�", eml3.getLocalName());
+		VASSERT_EQ("3/domain", "é»’å·�.com", eml3.getDomainName());
+	}
+
+	void testGenerateASCII() {
+
+		VASSERT_EQ(
+			"email 1", "local@domain",
+			vmime::emailAddress("local", "domain").generate()
+		);
+		VASSERT_EQ(
+			"email 2", "=?utf-8?Q?Pel=C3=A9?=@example.com",
+			vmime::emailAddress("Pelé", "example.com").generate()
+		);
+		VASSERT_EQ(
+			"email 3", "=?utf-8?B?55Sy5paQ?=@xn--5rtw95l.xn--wgv71a",
+			vmime::emailAddress("甲�", "黒�.日本").generate()
+		);
+		VASSERT_EQ(
+			"email 4", "mailtest@xn--r8jz45g.xn--zckzah",
+			vmime::emailAddress("mailtest", "例�.テスト").generate()
+		);
+		VASSERT_EQ(
+			"email 5", "mailtest@xn--mgbh0fb.xn--kgbechtv",
+			vmime::emailAddress("mailtest", "مثال.إختبار").generate()
+		);
+	}
+
+	void testGenerateEAI() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(true);
+
+		vmime::generationContext::switcher <vmime::generationContext> contextSwitcher(ctx);
+
+		VASSERT_EQ(
+			"email 1", "Pelé@example.com",
+			vmime::emailAddress("Pelé", "example.com").generate()
+		);
+		VASSERT_EQ(
+			"email 2", "δοκιμή@πα�άδειγμα.δοκιμή",
+			vmime::emailAddress("δοκιμή", "πα�άδειγμα.δοκιμή").generate()
+		);
+		VASSERT_EQ(
+			"email 3", "甲�@黒�.日本",
+			vmime::emailAddress("甲�", "黒�.日本").generate()
+		);
+		VASSERT_EQ(
+			"email 4", "чебурашка@�щик-�-апель�инами.рф",
+			vmime::emailAddress("чебурашка", "�щик-�-апель�инами.рф").generate()
+		);
+	}
+
+	void testGenerateSpecialChars() {
+
+		VASSERT_EQ(
+			"email 1", "\"very.unusual.@.unusual.com\"@example.com",
+			vmime::emailAddress("very.unusual.@.unusual.com", "example.com").generate()
+		);
+
+		VASSERT_EQ(
+			"email 2", "\"very.(),:;<>[]\\\".VERY.\\\"very@\\\\ \\\"very\\\".unusual\"@strange.example.com",
+			vmime::emailAddress("very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual", "strange.example.com").generate()
+		);
+
+		VASSERT_EQ(
+			"email 3", "\" \"@example.com",
+			vmime::emailAddress(" ", "example.com").generate()
+		);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/emptyContentHandlerTest.cpp b/vmime-master/tests/parser/emptyContentHandlerTest.cpp
new file mode 100644
index 0000000..43cd8c2
--- /dev/null
+++ b/vmime-master/tests/parser/emptyContentHandlerTest.cpp
@@ -0,0 +1,99 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(emptyContentHandlerTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testIsEmpty)
+		VMIME_TEST(testGetLength)
+		VMIME_TEST(testIsEncoded)
+		VMIME_TEST(testExtract)
+		VMIME_TEST(testExtractRaw)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	void testIsEmpty() {
+
+		vmime::emptyContentHandler cth;
+
+		VASSERT_TRUE("empty", cth.isEmpty());
+	}
+
+	void testGetLength() {
+
+		vmime::emptyContentHandler cth;
+
+		VASSERT_EQ("length", 0, cth.getLength());
+	}
+
+	void testIsEncoded() {
+
+		vmime::emptyContentHandler cth;
+
+		VASSERT_FALSE("encoded", cth.isEncoded());
+		VASSERT_EQ("encoding", vmime::contentHandler::NO_ENCODING, cth.getEncoding());
+	}
+
+	void testExtract() {
+
+		vmime::emptyContentHandler cth;
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		VASSERT_EQ("extract", "", oss.str());
+	}
+
+	void testExtractRaw() {
+
+		vmime::emptyContentHandler cth;
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extractRaw(osa);
+
+		VASSERT_EQ("extractRaw", "", oss.str());
+	}
+
+	void testGenerate() {
+
+		vmime::emptyContentHandler cth;
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("base64"));
+
+		VASSERT_EQ("generate", "", oss.str());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/fileContentHandlerTest.cpp b/vmime-master/tests/parser/fileContentHandlerTest.cpp
new file mode 100644
index 0000000..e979b52
--- /dev/null
+++ b/vmime-master/tests/parser/fileContentHandlerTest.cpp
@@ -0,0 +1,134 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(fileContentHandlerTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testIsEmpty)
+		VMIME_TEST(testGetLength)
+		VMIME_TEST(testIsEncoded)
+		VMIME_TEST(testExtract)
+		VMIME_TEST(testExtractRaw)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	vmime::shared_ptr <vmime::utility::file> testFile;
+	vmime::string testDataEncoded, testDataDecoded;
+
+
+	void setUp() {
+
+		testDataDecoded = "ABCDEFGHIJKLMNOPQRSTUVWXYZ \x12\x34\x56\x78\x90 abcdefghijklmnopqrstuvwxyz0123456789";
+		testDataEncoded = "QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogEjRWeJAgYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5";
+
+		std::ostringstream testFilePath;
+		testFilePath << "/tmp/vmime_test_" << (rand() % 999999999);
+
+		vmime::shared_ptr <vmime::utility::fileSystemFactory> fsf =
+			vmime::platform::getHandler()->getFileSystemFactory();
+
+		testFile = fsf->create(fsf->stringToPath(testFilePath.str()));
+		testFile->createFile();
+		testFile->getFileWriter()->getOutputStream()->write(testDataEncoded.data(), testDataEncoded.length());
+	}
+
+	void tearDown() {
+
+		testFile->remove();
+		testFile = vmime::null;
+	}
+
+
+	void testIsEmpty() {
+
+		vmime::fileContentHandler cth;
+
+		VASSERT_TRUE("empty", cth.isEmpty());
+	}
+
+	void testGetLength() {
+
+		vmime::fileContentHandler cth(testFile);
+
+		VASSERT_FALSE("empty", cth.isEmpty());
+		VASSERT_EQ("length", testDataEncoded.length(), cth.getLength());
+	}
+
+	void testIsEncoded() {
+
+		vmime::fileContentHandler cth(testFile, vmime::encoding("base64"));
+
+		VASSERT_TRUE("encoded", cth.isEncoded());
+		VASSERT_EQ("encoding", "base64", cth.getEncoding().generate());
+	}
+
+	void testExtract() {
+
+		vmime::fileContentHandler cth(testFile, vmime::encoding("base64"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		// Data should be decoded from B64
+		VASSERT_EQ("extract", testDataDecoded, oss.str());
+	}
+
+	void testExtractRaw() {
+
+		vmime::fileContentHandler cth(testFile, vmime::encoding("base64"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extractRaw(osa);
+
+		// Data should not be decoded
+		VASSERT_EQ("extractRaw", testDataEncoded, oss.str());
+	}
+
+	void testGenerate() {
+
+		vmime::fileContentHandler cth(testFile, vmime::encoding("base64"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("quoted-printable"));
+
+		// Data should be reencoded from B64 to QP
+		VASSERT_EQ(
+			"generate",
+			"ABCDEFGHIJKLMNOPQRSTUVWXYZ =124Vx=90 abcdefghijklmnopqrstuvwxyz0123456789",
+			oss.str()
+		);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/headerFieldTest.cpp b/vmime-master/tests/parser/headerFieldTest.cpp
new file mode 100644
index 0000000..78d0480
--- /dev/null
+++ b/vmime-master/tests/parser/headerFieldTest.cpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(headerFieldTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testBadValueType)
+		VMIME_TEST(testValueOnNextLine)
+		VMIME_TEST(testStripSpacesAtEnd)
+		VMIME_TEST(testValueWithEmptyLine)
+	VMIME_TEST_LIST_END
+
+
+	void testBadValueType() {
+
+		vmime::shared_ptr <vmime::headerFieldFactory> hfactory =
+			vmime::headerFieldFactory::getInstance();
+
+		// "To" header field accepts values of type "addressList"
+		vmime::shared_ptr <vmime::headerField> to = hfactory->create(vmime::fields::TO);
+
+		VASSERT_THROW(
+			"to",
+			to->setValue(vmime::mailbox("email@vmime.org")),
+			vmime::exceptions::bad_field_value_type
+		);
+
+		// Unregistered header field accepts any value type
+		vmime::shared_ptr <vmime::headerField> custom = hfactory->create("X-MyCustomHeader");
+
+		VASSERT_NO_THROW(
+			"custom/1",
+			custom->setValue(vmime::mailbox("email@vmime.org"))
+		);
+		VASSERT_NO_THROW(
+			"custom/2",
+			custom->setValue(vmime::text("field value text"))
+		);
+	}
+
+	void testValueOnNextLine() {
+
+		vmime::parsingContext ctx;
+
+		const vmime::string buffer = "Field: \r\n\tfield data";
+
+		vmime::shared_ptr <vmime::headerField> hfield =
+			vmime::headerField::parseNext(ctx, buffer, 0, buffer.size());
+
+		vmime::shared_ptr <vmime::text> hvalue =
+			hfield->getValue <vmime::text>();
+
+		VASSERT_EQ("Field name", "Field", hfield->getName());
+		VASSERT_EQ("Field value", "field data", hvalue->getWholeBuffer());
+	}
+
+	void testStripSpacesAtEnd() {
+
+		vmime::parsingContext ctx;
+
+		const vmime::string buffer = "Field: \r\n\tfield data   ";
+
+		vmime::shared_ptr <vmime::headerField> hfield =
+			vmime::headerField::parseNext(ctx, buffer, 0, buffer.size());
+
+		vmime::shared_ptr <vmime::text> hvalue =
+			hfield->getValue <vmime::text>();
+
+		VASSERT_EQ("Field name", "Field", hfield->getName());
+		VASSERT_EQ("Field value", toHex("field data"), toHex(hvalue->getWholeBuffer()));
+	}
+
+	void testValueWithEmptyLine() {
+
+		vmime::parsingContext ctx;
+
+		const vmime::string buffer = "Field: \r\n\tdata1\r\n\tdata2\r\n\t\r\n\tdata3";
+
+		vmime::shared_ptr <vmime::headerField> hfield =
+			vmime::headerField::parseNext(ctx, buffer, 0, buffer.size());
+
+		vmime::shared_ptr <vmime::text> hvalue =
+			hfield->getValue <vmime::text>();
+
+		VASSERT_EQ("Field name", "Field", hfield->getName());
+		VASSERT_EQ("Field value", "data1 data2 data3", hvalue->getWholeBuffer());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/headerTest.cpp b/vmime-master/tests/parser/headerTest.cpp
new file mode 100644
index 0000000..839acee
--- /dev/null
+++ b/vmime-master/tests/parser/headerTest.cpp
@@ -0,0 +1,375 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(headerTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testHas1)
+		VMIME_TEST(testHas2)
+
+		VMIME_TEST(testAppend1)
+		VMIME_TEST(testAppend2)
+
+		VMIME_TEST(testInsertFieldBefore1)
+		VMIME_TEST(testInsertFieldBefore2)
+
+		VMIME_TEST(testInsertFieldAfter1)
+		VMIME_TEST(testInsertFieldAfter2)
+
+		VMIME_TEST(testReplaceField)
+
+		VMIME_TEST(testRemoveField1)
+		VMIME_TEST(testRemoveField2)
+
+		VMIME_TEST(testRemoveAllFields)
+
+		VMIME_TEST(testgetFieldCount)
+
+		VMIME_TEST(testIsEmpty1)
+		VMIME_TEST(testIsEmpty2)
+
+		VMIME_TEST(testGetFieldAt)
+
+		VMIME_TEST(testGetFieldList1)
+		VMIME_TEST(testGetFieldList2)
+
+		VMIME_TEST(testFind1)
+
+		VMIME_TEST(testFindAllFields1)
+		VMIME_TEST(testFindAllFields2)
+		VMIME_TEST(testFindAllFields3)
+	VMIME_TEST_LIST_END
+
+
+	static const std::string getFieldValue(const vmime::headerField& field) {
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter voss(oss);
+		field.generate(voss);
+
+		return oss.str();
+	}
+
+	// has function tests
+	void testHas1() {
+
+		vmime::header hdr;
+		hdr.parse("From: x\r\nTo: y\r\nTo: z\r\n");
+
+		bool res = hdr.hasField("Z");
+
+		VASSERT_EQ("Value", false, res);
+	}
+
+	void testHas2() {
+
+		vmime::header hdr;
+		hdr.parse("X: x\r\nTo: y\r\nTo: z\r\n");
+
+		bool res = hdr.hasField("To");
+
+		VASSERT_EQ("Value", true, res);
+	}
+
+	// appendField function tests
+	void testAppend1() {
+
+		vmime::header hdr;
+		hdr.parse("");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("A", "a");
+		hdr.appendField(hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(1), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+	}
+
+	void testAppend2() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("B", "b");
+		hdr.appendField(hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(2), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b", headerTest::getFieldValue(*res[1]));
+	}
+
+	// insertFieldBefore
+	void testInsertFieldBefore1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("B", "b");
+		hdr.insertFieldBefore(hdr.getField("C"), hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+	}
+
+	void testInsertFieldBefore2() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("B", "b");
+		hdr.insertFieldBefore(1, hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+	}
+
+	// insertFieldAfter
+	void testInsertFieldAfter1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("B", "b");
+		hdr.insertFieldAfter(hdr.getField("A"), hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+	}
+
+	void testInsertFieldAfter2() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("B", "b");
+		hdr.insertFieldAfter(0, hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+	}
+
+	// replaceField
+	void testReplaceField() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nB: b\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> hf = vmime::headerFieldFactory::getInstance()->create("Z", "z");
+		hdr.replaceField(hdr.getField("B"), hf);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "Z: z", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+	}
+
+	// removeField
+	void testRemoveField1() {
+
+		vmime::header hdr1, hdr2;
+		hdr1.parse("A: a\r\nB: b\r\nC: c\r\n");
+		hdr2.parse("A: a\r\nB: b\r\nC: c\r\n");
+
+		hdr1.removeField(hdr1.getField("B"));
+		hdr2.removeField(1);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res1 = hdr1.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(2), res1.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res1[0]));
+		VASSERT_EQ("Second value", "C: c", headerTest::getFieldValue(*res1[1]));
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res2 = hdr2.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(2), res2.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res2[0]));
+		VASSERT_EQ("Second value", "C: c", headerTest::getFieldValue(*res2[1]));
+	}
+
+	void testRemoveField2() {
+
+		vmime::header hdr1, hdr2;
+		hdr1.parse("A: a\r\n");
+		hdr2.parse("A: a\r\n");
+
+		hdr1.removeField(hdr1.getField("A"));
+		hdr2.removeField(0);
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res1 = hdr1.getFieldList();
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res1.size());
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res2 = hdr2.getFieldList();
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res2.size());
+	}
+
+	// removeAllFields
+	void testRemoveAllFields() {
+
+		vmime::header hdr1, hdr2;
+		hdr1.parse("A: a\r\n");
+		hdr2.parse("A: a\r\nB: b\r\n");
+
+		hdr1.removeAllFields();
+		hdr2.removeAllFields();
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res1 = hdr1.getFieldList();
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res1.size());
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res2 = hdr2.getFieldList();
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res2.size());
+	}
+
+	// getFieldCount
+	void testgetFieldCount() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nB: b\r\nC: c\r\nD: d\r\n");
+
+		VASSERT_EQ("Value", 4, hdr.getFieldCount());
+	}
+
+	// isEmpty
+	void testIsEmpty1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nB: b\r\nC: c\r\n");
+
+		VASSERT_EQ("Value", false, hdr.isEmpty());
+	}
+
+	void testIsEmpty2() {
+
+		vmime::header hdr;
+		hdr.parse("\r\n");
+
+		VASSERT_EQ("Value", true, hdr.isEmpty());
+	}
+
+	// getFieldAt
+	void testGetFieldAt() {
+
+		vmime::header hdr;
+		hdr.parse("B: b\r\nA: a\r\nC: c\r\n");
+
+		vmime::shared_ptr <vmime::headerField> res = hdr.getFieldAt(2);
+
+		VASSERT_EQ("Value", "C: c", getFieldValue(*res));
+	}
+
+	// getFieldList
+	void testGetFieldList1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nB: b1\r\nC: c\r\nB: b2\r\n");
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(4), res.size());
+		VASSERT_EQ("First value", "A: a", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b1", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Third value", "C: c", headerTest::getFieldValue(*res[2]));
+		VASSERT_EQ("Thourth value", "B: b2", headerTest::getFieldValue(*res[3]));
+	}
+
+	void testGetFieldList2() {
+
+		vmime::header hdr;
+		hdr.parse("\r\n");
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.getFieldList();
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res.size());
+	}
+
+	// find function tests
+	void testFind1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a\r\nB: b\r\nC: c\r\nB: d\r\n");
+
+		vmime::shared_ptr <vmime::headerField> res = hdr.findField("B");
+
+		VASSERT_EQ("Value", "B: b", getFieldValue(*res));
+	}
+
+	// getAllByName function tests
+	void testFindAllFields1() {
+
+		vmime::header hdr;
+		hdr.parse("A: a1\nC: c1\n");
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.findAllFields("B");
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(0), res.size());
+	}
+
+	void testFindAllFields2() {
+
+		vmime::header hdr;
+		hdr.parse("A: a1\nB: b1\nB: b2\nC: c1\n");
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.findAllFields("B");
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(2), res.size());
+		VASSERT_EQ("First value", "B: b1", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "B: b2", headerTest::getFieldValue(*res[1]));
+	}
+
+	void testFindAllFields3() {
+
+		vmime::header hdr;
+		hdr.parse("A: a1\nB: b1\nB: b2\nC: c1\nC: c3\nC: c2\n");
+
+		std::vector <vmime::shared_ptr <vmime::headerField> > res = hdr.findAllFields("C");
+
+		VASSERT_EQ("Count", static_cast <unsigned int>(3), res.size());
+		VASSERT_EQ("First value", "C: c1", headerTest::getFieldValue(*res[0]));
+		VASSERT_EQ("Second value", "C: c3", headerTest::getFieldValue(*res[1]));
+		VASSERT_EQ("Second value", "C: c2", headerTest::getFieldValue(*res[2]));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/htmlTextPartTest.cpp b/vmime-master/tests/parser/htmlTextPartTest.cpp
new file mode 100644
index 0000000..6dfaaa0
--- /dev/null
+++ b/vmime-master/tests/parser/htmlTextPartTest.cpp
@@ -0,0 +1,241 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+#include "vmime/htmlTextPart.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(htmlTextPartTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParseText)
+		VMIME_TEST(testParseEmbeddedObjectsCID)
+		VMIME_TEST(testParseEmbeddedObjectsLocation)
+	VMIME_TEST_LIST_END
+
+
+	static const vmime::string extractContent(
+		const vmime::shared_ptr <const vmime::contentHandler>& cth
+	) {
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth->extract(osa);
+
+		return oss.str();
+	}
+
+
+	void testParseText() {
+
+		const vmime::string msgString = ""
+"MIME-Version: 1.0\r\n"
+"Content-Type: multipart/alternative; boundary=\"LEVEL1\"\r\n"
+"\r\n"
+"--LEVEL1\r\n"
+"Content-Type: text/plain; charset=\"x-ch1\"\r\n"
+"\r\n"
+"Plain text part\r\n"
+"--LEVEL1\r\n"
+"Content-Type: multipart/related; boundary=\"LEVEL2\"\r\n"
+"\r\n"
+"--LEVEL2\r\n"
+"Content-Type: text/html; charset=\"x-ch2\"\r\n"
+"\r\n"
+"<img src=\"cid:image@test\"/>\r\n"
+"--LEVEL2\r\n"
+"Content-Type: image/png; name=\"image.png\"\r\n"
+"Content-Disposition: inline; filename=\"image.png\"\r\n"
+"Content-ID: <image@test>\r\n"
+"\r\n"
+"Image\r\n"
+"--LEVEL2--\r\n"
+"\r\n"
+"--LEVEL1--\r\n"
+"";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(msgString);
+
+		// Sanity checks
+		VASSERT_EQ("part-count1", 2, msg->getBody()->getPartCount());
+		VASSERT_EQ("part-count2", 2, msg->getBody()->getPartAt(1)->getBody()->getPartCount());
+
+		vmime::htmlTextPart htmlPart;
+		htmlPart.parse(msg, msg->getBody()->getPartAt(1),
+			msg->getBody()->getPartAt(1)->getBody()->getPartAt(0));
+
+		VASSERT_EQ("plain", "Plain text part", extractContent(htmlPart.getPlainText()));
+		VASSERT_EQ("html", "<img src=\"cid:image@test\"/>", extractContent(htmlPart.getText()));
+
+		// Should return the charset of the HTML part
+		VASSERT_EQ("charset", "x-ch2", htmlPart.getCharset().generate());
+	}
+
+	/** Test parsing of embedded objects by CID (Content-Id).
+	  */
+	void testParseEmbeddedObjectsCID() {
+
+		const vmime::string msgString = ""
+"MIME-Version: 1.0\r\n"
+"Content-Type: multipart/alternative; boundary=\"LEVEL1\"\r\n"
+"\r\n"
+"--LEVEL1\r\n"
+"Content-Type: text/plain; charset=\"x-ch1\"\r\n"
+"\r\n"
+"Plain text part\r\n"
+"--LEVEL1\r\n"
+"Content-Type: multipart/related; boundary=\"LEVEL2\"\r\n"
+"\r\n"
+"--LEVEL2\r\n"  // one embedded object before...
+"Content-Type: image/png; name=\"image1.png\"\r\n"
+"Content-Disposition: inline; filename=\"image1.png\"\r\n"
+"Content-ID: <image1@test>\r\n"
+"\r\n"
+"Image1\r\n"
+"--LEVEL2\r\n"  // ...the actual text part...
+"Content-Type: text/html; charset=\"x-ch2\"\r\n"
+"\r\n"
+"<img src=\"cid:image1@test\"/>\r\n"
+"<img src=\"CID:image2@test\"/>\r\n"
+"--LEVEL2\r\n"  // ...and one after
+"Content-Type: image/jpeg; name=\"image2.jpg\"\r\n"
+"Content-Disposition: inline; filename=\"image2.jpg\"\r\n"
+"Content-ID: <image2@test>\r\n"
+"\r\n"
+"Image2\r\n"
+"--LEVEL2--\r\n"
+"\r\n"
+"--LEVEL1--\r\n"
+"";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(msgString);
+
+		// Sanity checks
+		VASSERT_EQ("part-count1", 2, msg->getBody()->getPartCount());
+		VASSERT_EQ("part-count2", 3, msg->getBody()->getPartAt(1)->getBody()->getPartCount());
+
+		vmime::htmlTextPart htmlPart;
+		htmlPart.parse(
+			msg, msg->getBody()->getPartAt(1),
+			msg->getBody()->getPartAt(1)->getBody()->getPartAt(1)
+		);
+
+		// Two embedded objects should be found.
+		// BUGFIX: "CID:" prefix is not case-sensitive.
+		VASSERT_EQ("count", 2, htmlPart.getObjectCount());
+
+		// Ensure the right objects have been found.
+		VASSERT_EQ("has-obj1", true, htmlPart.hasObject("image1@test"));
+		VASSERT_EQ("has-obj2", true, htmlPart.hasObject("image2@test"));
+
+		// hasObject() should also work with prefixes
+		VASSERT_EQ("has-obj1-pre", true, htmlPart.hasObject("CID:image1@test"));
+		VASSERT_EQ("has-obj2-pre", true, htmlPart.hasObject("cid:image2@test"));
+
+		// Check data in objects
+		vmime::shared_ptr <const vmime::htmlTextPart::embeddedObject> obj;
+
+		obj = htmlPart.findObject("image1@test");
+
+		VASSERT_EQ("ref-type1", vmime::htmlTextPart::embeddedObject::REFERENCED_BY_ID, obj->getReferenceType());
+		VASSERT_EQ("id-obj1", "image1@test", obj->getId());
+		VASSERT_EQ("data-obj1", "Image1", extractContent(obj->getData()));
+		VASSERT_EQ("type-obj1", "image/png", obj->getType().generate());
+
+		obj = htmlPart.findObject("image2@test");
+
+		VASSERT_EQ("ref-type2", vmime::htmlTextPart::embeddedObject::REFERENCED_BY_ID, obj->getReferenceType());
+		VASSERT_EQ("id-obj2", "image2@test", obj->getId());
+		VASSERT_EQ("data-obj2", "Image2", extractContent(obj->getData()));
+		VASSERT_EQ("type-obj2", "image/jpeg", obj->getType().generate());
+	}
+
+	/** Test parsing of embedded objects by location.
+	  */
+	void testParseEmbeddedObjectsLocation() {
+
+		const vmime::string msgString = ""
+"MIME-Version: 1.0\r\n"
+"Content-Type: multipart/alternative; boundary=\"LEVEL1\"\r\n"
+"\r\n"
+"--LEVEL1\r\n"
+"Content-Type: text/plain; charset=\"x-ch1\"\r\n"
+"\r\n"
+"Plain text part\r\n"
+"--LEVEL1\r\n"
+"Content-Type: multipart/related; boundary=\"LEVEL2\"\r\n"
+"\r\n"
+"--LEVEL2\r\n"
+"Content-Type: image/png; name=\"image1.png\"\r\n"
+"Content-Location: http://www.vmime.org/test/image1.png\r\n"
+"Content-Disposition: inline; filename=\"image1.png\"\r\n"
+"Content-Id: <image1@test>\r\n"
+"\r\n"
+"Image1\r\n"
+"--LEVEL2\r\n"
+"Content-Type: text/html; charset=\"x-ch2\"\r\n"
+"\r\n"
+"<img src=\"http://www.vmime.org/test/image1.png\"/>\r\n"
+"--LEVEL2--\r\n"
+"\r\n"
+"--LEVEL1--\r\n"
+"";
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->parse(msgString);
+
+		// Sanity checks
+		VASSERT_EQ("part-count1", 2, msg->getBody()->getPartCount());
+		VASSERT_EQ("part-count2", 2, msg->getBody()->getPartAt(1)->getBody()->getPartCount());
+
+		vmime::htmlTextPart htmlPart;
+		htmlPart.parse(
+			msg, msg->getBody()->getPartAt(1),
+			msg->getBody()->getPartAt(1)->getBody()->getPartAt(1)
+		);
+
+		// Only one embedded object
+		VASSERT_EQ("count", 1, htmlPart.getObjectCount());
+
+		// Should work only with Content-Location as the Content-Id is
+		// not referenced in the HTML contents
+		VASSERT_EQ("has-obj-loc", true, htmlPart.hasObject("http://www.vmime.org/test/image1.png"));
+		VASSERT_EQ("has-obj-cid", false, htmlPart.hasObject("image1@test"));
+
+		// Check data
+		vmime::shared_ptr <const vmime::htmlTextPart::embeddedObject> obj;
+
+		obj = htmlPart.findObject("http://www.vmime.org/test/image1.png");
+
+		VASSERT_EQ("ref-type", vmime::htmlTextPart::embeddedObject::REFERENCED_BY_LOCATION, obj->getReferenceType());
+		VASSERT_EQ("id-obj", "http://www.vmime.org/test/image1.png", obj->getId());
+		VASSERT_EQ("data-obj", "Image1", extractContent(obj->getData()));
+		VASSERT_EQ("type-obj", "image/png", obj->getType().generate());
+	}
+
+	// TODO: test generation of text parts
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/mailboxGroupTest.cpp b/vmime-master/tests/parser/mailboxGroupTest.cpp
new file mode 100644
index 0000000..18ff425
--- /dev/null
+++ b/vmime-master/tests/parser/mailboxGroupTest.cpp
@@ -0,0 +1,107 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(mailboxGroupTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParseExtraWhitespaces)
+		VMIME_TEST(testParseNoEndDelimiter)
+		VMIME_TEST(testParseExtraChars)
+		VMIME_TEST(testEmptyGroup)
+		VMIME_TEST(testEncodedEmptyGroup)
+	VMIME_TEST_LIST_END
+
+
+	void testParseExtraWhitespaces() {
+
+		vmime::mailboxGroup mgrp;
+		mgrp.parse(" \t group  : aaa <aaa@vmime.org>, bbb <bbb@vmime.org>");
+
+		VASSERT_EQ("name", "group", mgrp.getName().getWholeBuffer());
+		VASSERT_EQ("count", 2, mgrp.getMailboxCount());
+
+		VASSERT_EQ("mbox1.email", "aaa@vmime.org", mgrp.getMailboxAt(0)->getEmail());
+		VASSERT_EQ("mbox1.name", "aaa", mgrp.getMailboxAt(0)->getName());
+
+		VASSERT_EQ("mbox2.email", "bbb@vmime.org", mgrp.getMailboxAt(1)->getEmail());
+		VASSERT_EQ("mbox2.name", "bbb", mgrp.getMailboxAt(1)->getName());
+	}
+
+	void testParseNoEndDelimiter() {
+
+		vmime::addressList addrs;
+		addrs.parse("group: aaa <aaa@vmime.org>, bbb <bbb@vmime.org>");
+
+		VASSERT_EQ("count", 1, addrs.getAddressCount());
+		VASSERT_TRUE("is group", addrs.getAddressAt(0)->isGroup());
+
+		vmime::shared_ptr <vmime::mailboxGroup> mgrp =
+			vmime::dynamicCast <vmime::mailboxGroup>(addrs.getAddressAt(0));
+
+		VASSERT_EQ("name", "group", mgrp->getName().getWholeBuffer());
+		VASSERT_EQ("count", 2, mgrp->getMailboxCount());
+
+		VASSERT_EQ("mbox1.email", "aaa@vmime.org", mgrp->getMailboxAt(0)->getEmail());
+		VASSERT_EQ("mbox1.name", "aaa", mgrp->getMailboxAt(0)->getName());
+
+		VASSERT_EQ("mbox2.email", "bbb@vmime.org", mgrp->getMailboxAt(1)->getEmail());
+		VASSERT_EQ("mbox2.name", "bbb", mgrp->getMailboxAt(1)->getName());
+	}
+
+	void testParseExtraChars() {
+
+		vmime::mailboxGroup mgrp;
+		mgrp.parse("group: aaa <aaa@vmime.org>, bbb <bbb@vmime.org>; extra chars here...");
+
+		VASSERT_EQ("name", "group", mgrp.getName().getWholeBuffer());
+		VASSERT_EQ("count", 2, mgrp.getMailboxCount());
+
+		VASSERT_EQ("mbox1.email", "aaa@vmime.org", mgrp.getMailboxAt(0)->getEmail());
+		VASSERT_EQ("mbox1.name", "aaa", mgrp.getMailboxAt(0)->getName());
+
+		VASSERT_EQ("mbox2.email", "bbb@vmime.org", mgrp.getMailboxAt(1)->getEmail());
+		VASSERT_EQ("mbox2.name", "bbb", mgrp.getMailboxAt(1)->getName());
+	}
+
+	void testEmptyGroup() {
+
+		vmime::mailboxGroup mgrp;
+		mgrp.parse("Undisclosed recipients:;");
+
+		VASSERT_EQ("name", "Undisclosed recipients", mgrp.getName().getWholeBuffer());
+		VASSERT_EQ("count", 0, mgrp.getMailboxCount());
+	}
+
+	void testEncodedEmptyGroup() {
+
+		vmime::mailboxGroup mgrp;
+		mgrp.parse("=?us-ascii?Q?Undisclosed_recipients?=:;");
+
+		VASSERT_EQ("name", "Undisclosed recipients", mgrp.getName().getWholeBuffer());
+		VASSERT_EQ("count", 0, mgrp.getMailboxCount());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/mailboxListTest.cpp b/vmime-master/tests/parser/mailboxListTest.cpp
new file mode 100644
index 0000000..7505acd
--- /dev/null
+++ b/vmime-master/tests/parser/mailboxListTest.cpp
@@ -0,0 +1,47 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(mailboxListTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParseGroup)
+	VMIME_TEST_LIST_END
+
+
+	// Disposition-Notification-To:: <email@domain.com>
+	void testParseGroup() {
+
+		// Groups should be extracted to multiple mailboxes in mailbox lists
+		vmime::mailboxList mboxList;
+		mboxList.parse("email1@domain1.com, : <email2@domain2.com>, email3@domain3.com");
+
+		VASSERT_EQ("count", 3, mboxList.getMailboxCount());
+		VASSERT_EQ("email", "email1@domain1.com", mboxList.getMailboxAt(0)->getEmail().generate());
+		VASSERT_EQ("email", "email2@domain2.com", mboxList.getMailboxAt(1)->getEmail().generate());
+		VASSERT_EQ("email", "email3@domain3.com", mboxList.getMailboxAt(2)->getEmail().generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/mailboxTest.cpp b/vmime-master/tests/parser/mailboxTest.cpp
new file mode 100644
index 0000000..997a6a3
--- /dev/null
+++ b/vmime-master/tests/parser/mailboxTest.cpp
@@ -0,0 +1,187 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(mailboxTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testEmptyEmailAddress)
+		VMIME_TEST(testSeparatorInComment)
+		VMIME_TEST(testMalformations)
+		VMIME_TEST(testExcessiveQuoting)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		static const vmime::string testSuitesParse[] = {
+
+			// Test 1
+			"My (this is a comment)name <me(another \\)comment) @    	somewhere(else).com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=My name]]], email=me@somewhere.com]]]",
+
+			// Test 2
+			"mailbox1 <mailbox@one>,;,,,	,,  	,,;group1:mailbox1@group1,  mailbox2@group2,,\"mailbox #3\" <mailbox3@group2>;, <mailbox@two>,,,,,,,,=?iso-8859-1?q?mailbox_number_3?= <mailbox@three>, =?abc?Q?mailbox?=   	 =?def?Q?_number_4?= <mailbox@four>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=mailbox1]]], email=mailbox@one],[mailbox-group: name=[text: [[word: charset=us-ascii, buffer=group1]]], list=[[mailbox: name=[text: []], email=mailbox1@group1],[mailbox: name=[text: []], email=mailbox2@group2],[mailbox: name=[text: [[word: charset=us-ascii, buffer=mailbox #3]]], email=mailbox3@group2]]],[mailbox: name=[text: []], email=mailbox@two],[mailbox: name=[text: [[word: charset=iso-8859-1, buffer=mailbox number 3]]], email=mailbox@three],[mailbox: name=[text: [[word: charset=abc, buffer=mailbox],[word: charset=def, buffer= number 4]]], email=mailbox@four]]]",
+
+			// Test 3
+			"John Doe <john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=John Doe]]], email=john.doe@acme.com]]]",
+
+			// Test 4
+			"john.doe@acme.com (John Doe)",
+
+			"[address-list: [[mailbox: name=[text: []], email=john.doe@acme.com]]]",
+
+			// Test 5
+			"John.Doe(ignore)@acme.com (John Doe)",
+
+			"[address-list: [[mailbox: name=[text: []], email=John.Doe@acme.com]]]",
+
+			// Test 6
+			"<john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: []], email=john.doe@acme.com]]]",
+
+			// Test 7
+			"john.doe@acme.com",
+
+			"[address-list: [[mailbox: name=[text: []], email=john.doe@acme.com]]]",
+
+			// Test 8
+			"\"John Doe\" <john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=John Doe]]], email=john.doe@acme.com]]]",
+
+			// Test 9
+			"=?us-ascii?q?John?=<john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=John]]], email=john.doe@acme.com]]]",
+
+			// Test 10
+			"\"John\"<john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=John]]], email=john.doe@acme.com]]]",
+
+			// Test 11
+			"John<john.doe@acme.com>",
+
+			"[address-list: [[mailbox: name=[text: [[word: charset=us-ascii, buffer=John]]], email=john.doe@acme.com]]]"
+		};
+
+		for (unsigned int i = 0 ; i < sizeof(testSuitesParse) / sizeof(testSuitesParse[0]) / 2 ; ++i) {
+
+			vmime::string in = testSuitesParse[i * 2];
+			vmime::string out = testSuitesParse[i * 2 + 1];
+
+			std::ostringstream oss;
+			oss << "Test " << (i + 1);
+
+			vmime::addressList addrList;
+			addrList.parse(in);
+
+			std::ostringstream cmp;
+			cmp << addrList;
+
+			VASSERT_EQ(oss.str(), out, cmp.str());
+		}
+	}
+
+	void testEmptyEmailAddress() {
+
+		vmime::addressList addrList;
+		addrList.parse("\"Full Name\" <>");
+
+		VASSERT_EQ("count", 1, addrList.getAddressCount());
+		VASSERT_EQ("!group", false, addrList.getAddressAt(0)->isGroup());
+
+		vmime::shared_ptr <vmime::mailbox> mbox =
+			vmime::dynamicCast <vmime::mailbox>(addrList.getAddressAt(0));
+
+		VASSERT_EQ("name", "Full Name", mbox->getName());
+		VASSERT_EQ("email", "", mbox->getEmail());
+	}
+
+	void testSeparatorInComment() {
+
+		vmime::addressList addrList;
+		addrList.parse("aaa(comment,comment)@vmime.org, bbb@vmime.org");
+
+		VASSERT_EQ("count", 2, addrList.getAddressCount());
+
+		vmime::shared_ptr <vmime::mailbox> mbox1 =
+			vmime::dynamicCast <vmime::mailbox>(addrList.getAddressAt(0));
+		vmime::shared_ptr <vmime::mailbox> mbox2 =
+			vmime::dynamicCast <vmime::mailbox>(addrList.getAddressAt(1));
+
+		VASSERT_EQ("name1", vmime::text(), mbox1->getName());
+		VASSERT_EQ("email1", "aaa@vmime.org", mbox1->getEmail());
+
+		VASSERT_EQ("name2", vmime::text(), mbox2->getName());
+		VASSERT_EQ("email2", "bbb@vmime.org", mbox2->getEmail());
+	}
+
+	void testMalformations() {
+		vmime::mailbox mbox;
+
+		mbox.parse("a@b.c <e@f.g>");
+		VASSERT_EQ("name", vmime::text("a@b.c"), mbox.getName());
+		VASSERT_EQ("email", "e@f.g", mbox.getEmail());
+
+		mbox.parse("a@b.c e@f.g <h@i.j>");
+		VASSERT_EQ("name", vmime::text("a@b.c e@f.g"), mbox.getName());
+		VASSERT_EQ("email", "h@i.j", mbox.getEmail());
+
+		mbox.parse("Foo <bar<baz@quux.com>");
+		VASSERT_EQ("name", vmime::text("Foo <bar"), mbox.getName());
+		VASSERT_EQ("email", "baz@quux.com", mbox.getEmail());
+
+		mbox.parse("Foo <foo@x.com> <bar@x.com>");
+		VASSERT_EQ("name", vmime::text("Foo <foo@x.com>"), mbox.getName());
+		VASSERT_EQ("email", "bar@x.com", mbox.getEmail());
+
+		mbox.parse("Foo <foo@x.com> Bar <bar@y.com>");
+		VASSERT_EQ("name", vmime::text("Foo <foo@x.com> Bar"), mbox.getName());
+		VASSERT_EQ("email", "bar@y.com", mbox.getEmail());
+	}
+
+	void testExcessiveQuoting() {
+		using namespace vmime;
+
+		// Check that ASCII display names are not encoded more than necessary
+		emailAddress e("a@b.com");
+		auto a = make_shared<mailbox>(text(word("Foo B@r", charsets::US_ASCII)), e);
+		VASSERT_EQ("generate", "\"Foo B@r\" <a@b.com>", a->generate());
+		VASSERT_NEQ("generate", "=?utf-8?Q?Foo_B=40r?= <a@b.com>", a->generate());
+
+		a = make_shared<mailbox>(text(word("Foo B@r", charsets::UTF_8)), e);
+		VASSERT_EQ("generate", "=?utf-8?Q?Foo_B=40r?= <a@b.com>", a->generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/mediaTypeTest.cpp b/vmime-master/tests/parser/mediaTypeTest.cpp
new file mode 100644
index 0000000..e98cfcd
--- /dev/null
+++ b/vmime-master/tests/parser/mediaTypeTest.cpp
@@ -0,0 +1,100 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(mediaTypeTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConstructors)
+		VMIME_TEST(testCopy)
+		VMIME_TEST(testSetFromString)
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	void testConstructors() {
+
+		vmime::mediaType t1;
+
+		VASSERT_EQ("1.1", vmime::mediaTypes::APPLICATION, t1.getType());
+		VASSERT_EQ("1.2", vmime::mediaTypes::APPLICATION_OCTET_STREAM, t1.getSubType());
+
+		vmime::mediaType t2("type", "sub");
+
+		VASSERT_EQ("2.1", "type", t2.getType());
+		VASSERT_EQ("2.2", "sub", t2.getSubType());
+
+		vmime::mediaType t3("type/sub");
+
+		VASSERT_EQ("3.1", "type", t3.getType());
+		VASSERT_EQ("3.2", "sub", t3.getSubType());
+	}
+
+	void testCopy() {
+
+		vmime::mediaType t1("type/sub");
+
+		VASSERT_EQ("eq1", "type", t1.getType());
+		VASSERT_EQ("eq2", "sub", t1.getSubType());
+
+		VASSERT("operator==", t1 == t1);
+		VASSERT("clone", t1 == *vmime::clone(t1));
+
+		VASSERT_EQ("eq3", "type", vmime::clone(t1)->getType());
+		VASSERT_EQ("eq4", "sub", vmime::clone(t1)->getSubType());
+
+		vmime::mediaType t2;
+		t2.copyFrom(t1);
+
+		VASSERT("copyFrom", t1 == t2);
+	}
+
+	void testSetFromString() {
+
+		vmime::mediaType t1;
+		t1.setFromString("type/sub");
+
+		VASSERT_EQ("1.1", "type", t1.getType());
+		VASSERT_EQ("1.2", "sub", t1.getSubType());
+	}
+
+	void testParse() {
+
+		vmime::mediaType t1;
+		t1.parse("type/sub");
+
+		VASSERT_EQ("1.1", "type", t1.getType());
+		VASSERT_EQ("1.2", "sub", t1.getSubType());
+	}
+
+	void testGenerate() {
+
+		vmime::mediaType t1("type", "sub");
+
+		VASSERT_EQ("1", "type/sub", t1.generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/messageIdSequenceTest.cpp b/vmime-master/tests/parser/messageIdSequenceTest.cpp
new file mode 100644
index 0000000..0237108
--- /dev/null
+++ b/vmime-master/tests/parser/messageIdSequenceTest.cpp
@@ -0,0 +1,78 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(messageIdSequenceTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		vmime::messageIdSequence s1;
+		s1.parse("");
+
+		VASSERT_EQ("1", 0, s1.getMessageIdCount());
+
+		vmime::messageIdSequence s2;
+		s2.parse("   \t  ");
+
+		VASSERT_EQ("2", 0, s2.getMessageIdCount());
+
+		vmime::messageIdSequence s3;
+		s3.parse("<a@b>");
+
+		VASSERT_EQ("3.1", 1, s3.getMessageIdCount());
+		VASSERT_EQ("3.2", "a", s3.getMessageIdAt(0)->getLeft());
+		VASSERT_EQ("3.3", "b", s3.getMessageIdAt(0)->getRight());
+
+		vmime::messageIdSequence s4;
+		s4.parse("<a@b>  \r\n\t<c@d>");
+
+		VASSERT_EQ("4.1", 2, s4.getMessageIdCount());
+		VASSERT_EQ("4.2", "a", s4.getMessageIdAt(0)->getLeft());
+		VASSERT_EQ("4.3", "b", s4.getMessageIdAt(0)->getRight());
+		VASSERT_EQ("4.4", "c", s4.getMessageIdAt(1)->getLeft());
+		VASSERT_EQ("4.5", "d", s4.getMessageIdAt(1)->getRight());
+	}
+
+	void testGenerate() {
+
+		vmime::messageIdSequence s1;
+		s1.appendMessageId(vmime::make_shared <vmime::messageId>("a", "b"));
+
+		VASSERT_EQ("1", "<a@b>", s1.generate());
+
+		vmime::messageIdSequence s2;
+		s2.appendMessageId(vmime::make_shared <vmime::messageId>("a", "b"));
+		s2.appendMessageId(vmime::make_shared <vmime::messageId>("c", "d"));
+
+		VASSERT_EQ("2", "<a@b> <c@d>", s2.generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/messageIdTest.cpp b/vmime-master/tests/parser/messageIdTest.cpp
new file mode 100644
index 0000000..8433093
--- /dev/null
+++ b/vmime-master/tests/parser/messageIdTest.cpp
@@ -0,0 +1,77 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(messageIdTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testParseInvalid)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		vmime::messageId m1;
+		m1.parse("<a@b>");
+
+		VASSERT_EQ("1.1", "a", m1.getLeft());
+		VASSERT_EQ("1.2", "b", m1.getRight());
+	}
+
+	void testParseInvalid() {
+
+		vmime::messageId m1;
+		m1.parse("foo@bar");
+
+		VASSERT_EQ("1.1", "foo", m1.getLeft());
+		VASSERT_EQ("1.2", "bar", m1.getRight());
+	}
+
+	void testGenerate() {
+
+		vmime::messageId m1;
+
+		VASSERT_EQ("1", "<>", m1.generate());
+
+		vmime::messageId m2;
+		m2.setLeft("a");
+
+		VASSERT_EQ("2", "<a>", m2.generate());
+
+		vmime::messageId m3;
+		m3.setRight("b");
+
+		VASSERT_EQ("3", "<@b>", m3.generate());
+
+		vmime::messageId m4;
+		m4.setLeft("a");
+		m4.setRight("b");
+
+		VASSERT_EQ("4", "<a@b>", m4.generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/messageTest.cpp b/vmime-master/tests/parser/messageTest.cpp
new file mode 100644
index 0000000..b89d63e
--- /dev/null
+++ b/vmime-master/tests/parser/messageTest.cpp
@@ -0,0 +1,64 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(messageTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testGetGeneratedSize)
+	VMIME_TEST_LIST_END
+
+
+	void testGetGeneratedSize() {
+
+		vmime::generationContext ctx;
+
+		vmime::shared_ptr <vmime::message> msg = vmime::make_shared <vmime::message>();
+		msg->getHeader()->getField("Foo")->setValue(vmime::string("bar"));
+
+		vmime::htmlTextPart textPart;
+		textPart.setPlainText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"Foo bar bazé foo foo foo"
+			)
+		);
+		textPart.setText(
+			vmime::make_shared <vmime::stringContentHandler>(
+				"Foo bar <strong>bazé</strong> foo foo foo"
+			)
+		);
+		textPart.generateIn(msg, msg);
+
+		// Estimated/computed generated size must be greater than the actual generated size
+		const vmime::size_t genSize = msg->getGeneratedSize(ctx);
+		const vmime::size_t actualSize = msg->generate().length();
+
+		std::ostringstream oss;
+		oss << "estimated size (" << genSize << ") >= actual size (" << actualSize << ")";
+
+		VASSERT(oss.str(), genSize >= actualSize);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/parameterTest.cpp b/vmime-master/tests/parser/parameterTest.cpp
new file mode 100644
index 0000000..464c305
--- /dev/null
+++ b/vmime-master/tests/parser/parameterTest.cpp
@@ -0,0 +1,722 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include <locale>
+#include <clocale>
+
+
+VMIME_TEST_SUITE_BEGIN(parameterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testParseRFC2231)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testGetGeneratedSize)
+		VMIME_TEST(testGenerateRFC2231)
+		VMIME_TEST(testGetGeneratedSizeRFC2231)
+		VMIME_TEST(testNonStandardEncodedParam)
+		VMIME_TEST(testParseNonSignificantWS)
+		VMIME_TEST(testEncodeTSpecials)
+		VMIME_TEST(testEncodeTSpecialsInRFC2231)
+		VMIME_TEST(testWhitespaceBreaksTheValue)
+	VMIME_TEST_LIST_END
+
+
+	// HACK: parameterizedHeaderField constructor is private
+	class parameterizedHeaderField : public vmime::parameterizedHeaderField {
+
+	public:
+
+		parameterizedHeaderField() {
+
+			setName("F");
+			setValue(vmime::headerFieldFactory::getInstance()->createValue(getName()));
+			setValue(vmime::word("X"));
+		}
+
+		using vmime::parameterizedHeaderField::generate;
+
+		const vmime::string generate(
+			const vmime::generationContext::EncodedParameterValueModes genMode,
+			const vmime::size_t maxLineLength = 0
+		) const {
+
+			vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+			ctx.setEncodedParameterValueMode(genMode);
+
+			if (maxLineLength != 0) {
+				ctx.setMaxLineLength(maxLineLength);
+			}
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter adapter(oss);
+
+			vmime::parameterizedHeaderField::generate(ctx, adapter);
+
+			return oss.str();
+		}
+	};
+
+
+	const vmime::string generateParameter(
+		const vmime::parameter& param,
+		const vmime::generationContext& ctx,
+		const vmime::size_t maxLineLength = 0
+	) const {
+
+		vmime::generationContext ctx2(ctx);
+
+		if (maxLineLength != 0) {
+			ctx2.setMaxLineLength(maxLineLength);
+		}
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter adapter(oss);
+
+		param.generate(ctx2, adapter);
+
+		return oss.str();
+	}
+
+
+#define FIELD_VALUE(f) (f.getValue()->generate())
+#define PARAM_VALUE(p, n) (p.getParameterAt(n)->getValue().generate())
+#define PARAM_NAME(p, n) (p.getParameterAt(n)->getName())
+#define PARAM_CHARSET(p, n) \
+	(p.getParameterAt(n)->getValue().getCharset().generate())
+#define PARAM_LANG(p, n) \
+	(p.getParameterAt(n)->getValue().getLanguage())
+#define PARAM_BUFFER(p, n) \
+	(p.getParameterAt(n)->getValue().getBuffer())
+
+
+	void setUp() {
+
+		// Set the global C and C++ locale to the user-configured locale.
+		// The locale should use UTF-8 encoding for these tests to run successfully.
+		try {
+			std::locale::global(std::locale(""));
+		} catch (std::exception &) {
+			std::setlocale(LC_ALL, "");
+		}
+	}
+
+	void tearDown() {
+
+		// Restore default locale
+		std::locale::global(std::locale("C"));
+	}
+
+
+	void testParse() {
+
+		// Simple parameter
+		parameterizedHeaderField p1;
+		p1.parse("X; param1=value1;\r\n");
+
+		VASSERT_EQ("1.1", 1, p1.getParameterCount());
+		VASSERT_EQ("1.2", "param1", PARAM_NAME(p1, 0));
+		VASSERT_EQ("1.3", "value1", PARAM_VALUE(p1, 0));
+
+		// Multi-section parameters (1/2)
+		parameterizedHeaderField p2a;
+		p2a.parse(
+			"X; param1=value1;\r\n"
+			"  param2*0=\"val\";\r\n"
+			"  param2*1=\"ue2\";"
+		);
+
+		VASSERT_EQ("2a.1", 2, p2a.getParameterCount());
+		VASSERT_EQ("2a.2", "param1", PARAM_NAME(p2a, 0));
+		VASSERT_EQ("2a.3", "value1", PARAM_VALUE(p2a, 0));
+		VASSERT_EQ("2a.4", "param2", PARAM_NAME(p2a, 1));
+		VASSERT_EQ("2a.5", "value2", PARAM_VALUE(p2a, 1));
+
+		// Multi-section parameters (2/2)
+		parameterizedHeaderField p2b;
+		p2b.parse(
+			"X; param1=value1;\r\n"
+			"  param2=\"should be ignored\";\r\n"
+			"  param2*0=\"val\";\r\n"
+			"  param2*1=\"ue2\";"
+		);
+
+		VASSERT_EQ("2b.1", 2, p2b.getParameterCount());
+		VASSERT_EQ("2b.2", "param1", PARAM_NAME(p2b, 0));
+		VASSERT_EQ("2b.3", "value1", PARAM_VALUE(p2b, 0));
+		VASSERT_EQ("2b.4", "param2", PARAM_NAME(p2b, 1));
+		VASSERT_EQ("2b.5", "value2", PARAM_VALUE(p2b, 1));
+
+		// Extended parameter (charset and language information)
+		parameterizedHeaderField p3;
+		p3.parse("X; param1*=charset'language'value1;\r\n");
+
+		VASSERT_EQ("3.1", 1, p3.getParameterCount());
+		VASSERT_EQ("3.2", "param1", PARAM_NAME(p3, 0));
+		VASSERT_EQ("3.3", "charset", PARAM_CHARSET(p3, 0));
+		VASSERT_EQ("3.4", "value1", PARAM_BUFFER(p3, 0));
+
+		// Encoded characters in extended parameter values
+		parameterizedHeaderField p4;
+		p4.parse("X; param1*=a%20value%20with%20multiple%20word%73");  // 0x73 = 's'
+
+		VASSERT_EQ("4.1", 1, p4.getParameterCount());
+		VASSERT_EQ("4.2", "param1", PARAM_NAME(p4, 0));
+		VASSERT_EQ("4.3", "a value with multiple words", PARAM_VALUE(p4, 0));
+
+		// Invalid encoded character
+		parameterizedHeaderField p5;
+		p5.parse("X; param1*=test%20value%");
+
+		VASSERT_EQ("5.1", 1, p5.getParameterCount());
+		VASSERT_EQ("5.2", "param1", PARAM_NAME(p5, 0));
+		VASSERT_EQ("5.3", "test value%", PARAM_VALUE(p5, 0));
+
+		// Spaces before and after '='
+		parameterizedHeaderField p6;
+		p6.parse("X; param1\t=  \"value1\"");
+
+		VASSERT_EQ("6.1", 1, p6.getParameterCount());
+		VASSERT_EQ("6.2", "param1", PARAM_NAME(p6, 0));
+		VASSERT_EQ("6.3", "value1", PARAM_VALUE(p6, 0));
+
+		// Quoted strings and escaped chars
+		parameterizedHeaderField p7;
+		p7.parse("X; param1=\"this is a slash: \\\"\\\\\\\"\"");  // \"\\\"
+
+		VASSERT_EQ("7.1", 1, p7.getParameterCount());
+		VASSERT_EQ("7.2", "param1", PARAM_NAME(p7, 0));
+		VASSERT_EQ("7.3", "this is a slash: \"\\\"", PARAM_VALUE(p7, 0));
+	}
+
+	void testParseRFC2231() {
+
+		// Extended parameter with charset specified in more than one
+		// section (this is forbidden by RFC, but is should not fail)
+		parameterizedHeaderField p1;
+		p1.parse(
+			"X; param1*0*=charset1'language1'value1;\r\n"
+			"   param1*1*=charset2'language2'value2;"
+		);
+
+		VASSERT_EQ("1.1", 1, p1.getParameterCount());
+		VASSERT_EQ("1.2", "param1", PARAM_NAME(p1, 0));
+		VASSERT_EQ("1.3", "charset1", PARAM_CHARSET(p1, 0));
+		VASSERT_EQ("1.4", "value1charset2'language2'value2", PARAM_BUFFER(p1, 0));
+
+		// Charset not specified in the first section (that is not encoded),
+		// but specified in the second one (legal)
+		parameterizedHeaderField p2;
+		p2.parse(
+			"X; param1*0=value1;\r\n"
+			"   param1*1*=charset'language'value2;"
+		);
+
+		VASSERT_EQ("2.1", 1, p2.getParameterCount());
+		VASSERT_EQ("2.2", "param1", PARAM_NAME(p2, 0));
+		VASSERT_EQ("2.3", "charset", PARAM_CHARSET(p2, 0));
+		VASSERT_EQ("2.4", "value1value2", PARAM_BUFFER(p2, 0));
+
+		// Characters prefixed with '%' in a simple (not extended) section
+		// should not be decoded
+		parameterizedHeaderField p3;
+		p3.parse("X; param1=val%20ue1");
+
+		VASSERT_EQ("3.1", 1, p3.getParameterCount());
+		VASSERT_EQ("3.2", "param1", PARAM_NAME(p3, 0));
+		VASSERT_EQ("3.3", "val%20ue1", PARAM_VALUE(p3, 0));
+
+		// Multiple sections + charset specified and encoding
+		parameterizedHeaderField p4;
+		p4.parse(
+			"X; param1*0*=charset'language'value1a%20;"
+			"   param1*1*=value1b%20;"
+			"   param1*2=value1c"
+		);
+
+		VASSERT_EQ("4.1", 1, p4.getParameterCount());
+		VASSERT_EQ("4.2", "param1", PARAM_NAME(p4, 0));
+		VASSERT_EQ("4.3", "charset", PARAM_CHARSET(p4, 0));
+		VASSERT_EQ("4.4", "value1a value1b value1c", PARAM_BUFFER(p4, 0));
+
+		// No charset specified: defaults to US-ASCII
+		parameterizedHeaderField p5;
+		p5.parse("X; param1*='language'value1");
+
+		VASSERT_EQ("5.1", 1, p5.getParameterCount());
+		VASSERT_EQ("5.2", "param1", PARAM_NAME(p5, 0));
+		VASSERT_EQ("5.3", "us-ascii", PARAM_CHARSET(p5, 0));
+		VASSERT_EQ("5.4", "value1", PARAM_BUFFER(p5, 0));
+
+		// Language specification
+		parameterizedHeaderField p6;
+		p6.parse("X; param1*=us-ascii'en-us'This%20is%20%2A%2A%2Afun%2A%2A%2A");
+
+		VASSERT_EQ("6.1", 1, p6.getParameterCount());
+		VASSERT_EQ("6.2", "param1", PARAM_NAME(p6, 0));
+		VASSERT_EQ("6.3", "us-ascii", PARAM_CHARSET(p6, 0));
+		VASSERT_EQ("6.4", "en-us", PARAM_LANG(p6, 0));
+		VASSERT_EQ("6.5", "This is ***fun***", PARAM_BUFFER(p6, 0));
+	}
+
+	void testGenerate() {
+
+		// Simple parameter/value
+		parameterizedHeaderField p1;
+		p1.appendParameter(vmime::make_shared <vmime::parameter>("param1", "value1"));
+
+		VASSERT_EQ("1", "F: X; param1=value1", p1.generate());
+
+		// Value that needs quoting (1/2)
+		parameterizedHeaderField p2a;
+		p2a.appendParameter(vmime::make_shared <vmime::parameter>("param1", "value1a;value1b"));
+
+		VASSERT_EQ("2a", "F: X; param1=\"value1a;value1b\"", p2a.generate());
+
+		// Value that needs quoting (2/2)
+		parameterizedHeaderField p2b;
+		p2b.appendParameter(vmime::make_shared <vmime::parameter>("param1", "va\\lue\"1"));
+
+		VASSERT_EQ("2b", "F: X; param1=\"va\\\\lue\\\"1\"", p2b.generate());
+	}
+
+	void testGetGeneratedSize() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+
+		vmime::parameter p1("param1", "value1");
+		VASSERT("1", p1.getGeneratedSize(ctx) >= generateParameter(p1, ctx).length());
+
+		vmime::parameter p2a("param1", "value1a;value1b");
+		VASSERT("2&", p2a.getGeneratedSize(ctx) >= generateParameter(p2a, ctx).length());
+
+		vmime::parameter p2b("param1", "va\\lue\"1");
+		VASSERT("1", p2b.getGeneratedSize(ctx) >= generateParameter(p2b, ctx).length());
+	}
+
+	void testGenerateRFC2231() {
+
+		// Extended parameter with charset specifier
+		parameterizedHeaderField p1;
+		p1.appendParameter(
+			vmime::make_shared <vmime::parameter>(
+				"param1",
+				vmime::word("value 1\xe9", vmime::charset("charset"))
+			)
+		);
+
+		VASSERT_EQ(
+			"1.no-encoding",
+			"F: X; param1=\"value 1\"",
+			p1.generate(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING)
+		);
+
+		VASSERT_EQ(
+			"1.rfc2047",
+			"F: X; param1=\"=?charset?Q?value_1=E9?=\"",
+			p1.generate(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY)
+		);
+
+		VASSERT_EQ(
+			"1.rfc2231",
+			"F: X; param1*=charset''value%201%E9",
+			p1.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY)
+		);
+
+		VASSERT_EQ(
+			"1.both",
+			"F: X; param1=\"=?charset?Q?value_1=E9?=\";param1*=charset''value%201%E9",
+			p1.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047)
+		);
+
+		// Value that spans on multiple lines
+		parameterizedHeaderField p2;
+		p2.appendParameter(
+			vmime::make_shared <vmime::parameter>(
+				"param1",
+				vmime::word(
+					"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+					vmime::charset("charset")
+				)
+			)
+		);
+
+		VASSERT_EQ(
+			"2.no-encoding",
+			"F: X; \r\n "
+			"param1=abcdefghijkl",
+			p2.generate(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING, 25)  // max line length = 25
+		);
+
+		VASSERT_EQ(
+			"2.rfc2047",
+			"F: X; \r\n "
+			"param1=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+			p2.generate(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY, 25)  // max line length = 25
+		);
+
+		VASSERT_EQ(
+			"2.rfc2231",
+			"F: X; \r\n "
+			"param1*0*=charset''abc;\r\n "
+			"param1*1*=defghijkl;\r\n "
+			"param1*2*=mnopqrstu;\r\n "
+			"param1*3*=vwxyzABCD;\r\n "
+			"param1*4*=EFGHIJKLM;\r\n "
+			"param1*5*=NOPQRSTUV;\r\n "
+			"param1*6*=WXYZ",
+			p2.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY, 25)  // max line length = 25
+		);
+
+		VASSERT_EQ(
+			"2.both",
+			"F: X; \r\n "
+			"param1=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ;\r\n "
+			"param1*0*=charset''abc;\r\n "
+			"param1*1*=defghijkl;\r\n "
+			"param1*2*=mnopqrstu;\r\n "
+			"param1*3*=vwxyzABCD;\r\n "
+			"param1*4*=EFGHIJKLM;\r\n "
+			"param1*5*=NOPQRSTUV;\r\n "
+			"param1*6*=WXYZ",
+			p2.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047, 25)  // max line length = 25
+		);
+
+		// Non-ASCII parameter value
+		parameterizedHeaderField p3;
+		p3.appendParameter(
+			vmime::make_shared <vmime::parameter>(
+				"param1",
+				vmime::word(
+					"δσσσσσσσσσσσσσσσσσσσσδσδα δσαδσδσαδσαδασδασ δσαδασδσα δσαδασδσα δασδασδασ δασαχφδδσα 2008.doc",
+					vmime::charset("utf-8")
+				)
+			)
+		);
+
+		VASSERT_EQ(
+			"3.no-encoding",
+			"F: X; \r\n "
+			"param1=\"      2008.doc\"",
+			p3.generate(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING, 80)  // max line length = 80
+		);
+
+		VASSERT_EQ(
+			"3.7bit-only",
+			"F: X; \r\n "
+			"param1=\"=?utf-8?B?zrTPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+DzrTPg860?=\r\n "
+			"=?utf-8?B?zrEgzrTPg86xzrTPg860z4POsc60z4POsc60zrHPg860zrHPgyDOtM+DzrHOtM6x?=\r\n "
+			"=?utf-8?B?z4POtM+DzrEgzrTPg86xzrTOsc+DzrTPg86xIM60zrHPg860zrHPg860zrHPgyDOtA==?=\r\n "
+			"=?utf-8?B?zrHPg86xz4fPhs60zrTPg86xIDIwMDguZG9j?=\"",
+			p3.generate(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY, 80)  // max line length = 80
+		);
+
+		VASSERT_EQ(
+			"3.both",
+			"F: X; \r\n "
+			"param1=\"=?utf-8?B?zrTPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+Dz4PPg8+DzrTPg860?=\r\n "
+			"=?utf-8?B?zrEgzrTPg86xzrTPg860z4POsc60z4POsc60zrHPg860zrHPgyDOtM+DzrHOtM6x?=\r\n "
+			"=?utf-8?B?z4POtM+DzrEgzrTPg86xzrTOsc+DzrTPg86xIM60zrHPg860zrHPg860zrHPgyDOtA==?=\r\n "
+			"=?utf-8?B?zrHPg86xz4fPhs60zrTPg86xIDIwMDguZG9j?=\";\r\n "
+			"param1*0*=utf-8''%CE%B4%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83;\r\n "
+			"param1*1*=%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83;\r\n "
+			"param1*2*=%CE%B4%CF%83%CE%B4%CE%B1%20%CE%B4%CF%83%CE%B1%CE%B4%CF%83%CE%B4%CF;\r\n "
+			"param1*3*=%83%CE%B1%CE%B4%CF%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CE%B1%CF%83%20;\r\n "
+			"param1*4*=%CE%B4%CF%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CF%83%CE%B1%20%CE%B4%CF;\r\n "
+			"param1*5*=%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CF%83%CE%B1%20%CE%B4%CE%B1%CF%83;\r\n "
+			"param1*6*=%CE%B4%CE%B1%CF%83%CE%B4%CE%B1%CF%83%20%CE%B4%CE%B1%CF%83%CE%B1%CF;\r\n "
+			"param1*7*=%87%CF%86%CE%B4%CE%B4%CF%83%CE%B1%202008.doc",
+			p3.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047, 80)  // max line length = 80
+		);
+
+		VASSERT_EQ(
+			"3.either",
+			"F: X; param1*0*=utf-8''%CE%B4%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83;\r\n "
+			"param1*1*=%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83%CF%83;\r\n "
+			"param1*2*=%CE%B4%CF%83%CE%B4%CE%B1%20%CE%B4%CF%83%CE%B1%CE%B4%CF%83%CE%B4%CF;\r\n "
+			"param1*3*=%83%CE%B1%CE%B4%CF%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CE%B1%CF%83%20;\r\n "
+			"param1*4*=%CE%B4%CF%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CF%83%CE%B1%20%CE%B4%CF;\r\n "
+			"param1*5*=%83%CE%B1%CE%B4%CE%B1%CF%83%CE%B4%CF%83%CE%B1%20%CE%B4%CE%B1%CF%83;\r\n "
+			"param1*6*=%CE%B4%CE%B1%CF%83%CE%B4%CE%B1%CF%83%20%CE%B4%CE%B1%CF%83%CE%B1%CF;\r\n "
+			"param1*7*=%87%CF%86%CE%B4%CE%B4%CF%83%CE%B1%202008.doc",
+			p3.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY, 80)  // max line length = 80
+		);
+
+		// No encoding needed
+		parameterizedHeaderField p4;
+		p4.appendParameter(
+			vmime::make_shared <vmime::parameter>(
+				"param1",
+				vmime::word("va lue", vmime::charset("charset"))
+			)
+		);
+
+		VASSERT_EQ(
+			"4.no-encoding",
+			"F: X; param1=\"va lue\"",
+			p4.generate(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING)
+		);
+
+		VASSERT_EQ(
+			"4.rfc2047",
+			"F: X; param1=\"va lue\"",
+			p4.generate(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY)
+		);
+
+		VASSERT_EQ(
+			"4.rfc2231",
+			"F: X; param1=\"va lue\"",
+			p4.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY)
+		);
+
+		VASSERT_EQ(
+			"4.both",
+			"F: X; param1=\"va lue\"",
+			p4.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047)
+		);
+
+		// Language specification
+		parameterizedHeaderField p5;
+		p5.appendParameter(
+			vmime::make_shared <vmime::parameter>("param1",
+			vmime::word("This is ***fun***", vmime::charset("us-ascii"), "en-us"))
+		);
+
+		VASSERT_EQ(
+			"5.no-encoding",
+			"F: X; param1=\"This is ***fun***\"",
+			p5.generate(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING)
+		);
+
+		VASSERT_EQ(
+			"5.rfc2047",
+			"F: X; param1=\"=?us-ascii*en-us?Q?This_is_***fun***?=\"",
+			p5.generate(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY)
+		);
+
+		VASSERT_EQ(
+			"5.rfc2231",
+			"F: X; param1*=us-ascii''This%20is%20***fun***",
+			p5.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY)
+		);
+
+		VASSERT_EQ(
+			"5.both",
+			"F: X; "
+			"param1=\"=?us-ascii*en-us?Q?This_is_***fun***?=\";\r\n "
+			"param1*=us-ascii''This%20is%20***fun***",
+			p5.generate(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047));
+	}
+
+	void testGetGeneratedSizeRFC2231() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+
+		// Extended parameter with charset specifier
+		vmime::parameter p1(
+			"param1",
+			vmime::word("value 1\xe9", vmime::charset("charset"))
+		);
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING);
+		VASSERT("1.no-encoding", p1.getGeneratedSize(ctx) >= generateParameter(p1, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY);
+		VASSERT("1.rfc2047", p1.getGeneratedSize(ctx) >= generateParameter(p1, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY);
+		VASSERT("1.rfc2231", p1.getGeneratedSize(ctx) >= generateParameter(p1, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047);
+		VASSERT("1.both", p1.getGeneratedSize(ctx) >= generateParameter(p1, ctx).length());
+
+		// Value that spans on multiple lines
+		vmime::parameter p2(
+			"param1",
+			vmime::word(
+				"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+				vmime::charset("charset")
+			)
+		);
+
+		ctx.setMaxLineLength(25);
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING);
+		VASSERT("2.no-encoding", p2.getGeneratedSize(ctx) >= generateParameter(p2, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY);
+		VASSERT("2.rfc2047", p2.getGeneratedSize(ctx) >= generateParameter(p2, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY);
+		VASSERT("2.rfc2231", p2.getGeneratedSize(ctx) >= generateParameter(p2, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047);
+		VASSERT("2.both", p2.getGeneratedSize(ctx) >= generateParameter(p2, ctx).length());
+
+		// Non-ASCII parameter value
+		vmime::parameter p3(
+			"param1",
+			vmime::word(
+				"δσσσσσσσσσσσσσσσσσσσσδσδα δσαδσδσαδσαδασδασ δσαδασδσα δσαδασδσα δασδασδασ δασαχφδδσα 2008.doc",
+				vmime::charset("utf-8")
+			)
+		);
+
+		ctx.setMaxLineLength(vmime::generationContext::getDefaultContext().getMaxLineLength());
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING);
+		VASSERT("3.no-encoding", p3.getGeneratedSize(ctx) >= generateParameter(p3, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY);
+		VASSERT("3.rfc2047", p3.getGeneratedSize(ctx) >= generateParameter(p3, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY);
+		VASSERT("3.rfc2231", p3.getGeneratedSize(ctx) >= generateParameter(p3, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047);
+		VASSERT("3.both", p3.getGeneratedSize(ctx) >= generateParameter(p3, ctx).length());
+
+		// No encoding needed
+		vmime::parameter p4(
+			"param1",
+			vmime::word("va lue", vmime::charset("charset"))
+		);
+
+		ctx.setMaxLineLength(vmime::generationContext::getDefaultContext().getMaxLineLength());
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING);
+		VASSERT("4.no-encoding", p4.getGeneratedSize(ctx) >= generateParameter(p4, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY);
+		VASSERT("4.rfc2047", p4.getGeneratedSize(ctx) >= generateParameter(p4, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY);
+		VASSERT("4.rfc2231", p4.getGeneratedSize(ctx) >= generateParameter(p4, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047);
+		VASSERT("4.both", p4.getGeneratedSize(ctx) >= generateParameter(p4, ctx).length());
+
+		// Language specification
+		vmime::parameter p5(
+			"param1",
+			vmime::word("This is ***fun***", vmime::charset("us-ascii"), "en-us")
+		);
+
+		ctx.setMaxLineLength(vmime::generationContext::getDefaultContext().getMaxLineLength());
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_NO_ENCODING);
+		VASSERT("5.no-encoding", p5.getGeneratedSize(ctx) >= generateParameter(p5, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2047_ONLY);
+		VASSERT("5.rfc2047", p5.getGeneratedSize(ctx) >= generateParameter(p5, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_ONLY);
+		VASSERT("5.rfc2231", p5.getGeneratedSize(ctx) >= generateParameter(p5, ctx).length());
+
+		ctx.setEncodedParameterValueMode(vmime::generationContext::PARAMETER_VALUE_RFC2231_AND_RFC2047);
+		VASSERT("5.both", p5.getGeneratedSize(ctx) >= generateParameter(p5, ctx).length());
+	}
+
+	void testNonStandardEncodedParam() {
+
+		// This syntax is non-standard (expressly prohibited
+		// by RFC-2047), but is used by Mozilla:
+		//
+		// Content-Type: image/png;
+		//    name="=?us-ascii?Q?Logo_VMime=2Epng?="
+
+		parameterizedHeaderField p1;
+		p1.parse("image/png; name=\"=?us-ascii?Q?Logo_VMime=2Epng?=\"");
+
+		VASSERT_EQ("1.1", 1, p1.getParameterCount());
+		VASSERT_EQ("1.2", "name", PARAM_NAME(p1, 0));
+		VASSERT_EQ("1.3", "Logo VMime.png", PARAM_VALUE(p1, 0));
+
+		parameterizedHeaderField p2;
+		p2.parse("image/png; name=\"Logo =?us-ascii?Q?VMime=2Epng?=\"");
+
+		VASSERT_EQ("2.1", 1, p2.getParameterCount());
+		VASSERT_EQ("2.2", "name", PARAM_NAME(p2, 0));
+		VASSERT_EQ("2.3", "Logo VMime.png", PARAM_VALUE(p2, 0));
+	}
+
+	// Parse parameters with non-significant whitespaces
+	void testParseNonSignificantWS() {
+
+		parameterizedHeaderField p1;
+		p1.parse(" \t X   \r\n");
+
+		VASSERT_EQ("1.1", "X", FIELD_VALUE(p1));
+
+		parameterizedHeaderField p2;
+		p2.parse(" X  ; param1 =  value1 \r\n");
+
+		VASSERT_EQ("2.1", 1, p2.getParameterCount());
+		VASSERT_EQ("2.2", "X", FIELD_VALUE(p2));
+		VASSERT_EQ("2.3", "param1", PARAM_NAME(p2, 0));
+		VASSERT_EQ("2.4", "value1", PARAM_VALUE(p2, 0));
+	}
+
+	// Encode "tspecials"
+	void testEncodeTSpecials() {
+
+		VASSERT_EQ(" 1", "p=\"val(ue\"",  vmime::make_shared <vmime::parameter>("p", "val(ue")->generate());
+		VASSERT_EQ(" 2", "p=\"val)ue\"",  vmime::make_shared <vmime::parameter>("p", "val)ue")->generate());
+		VASSERT_EQ(" 3", "p=\"val<ue\"",  vmime::make_shared <vmime::parameter>("p", "val<ue")->generate());
+		VASSERT_EQ(" 4", "p=\"val>ue\"",  vmime::make_shared <vmime::parameter>("p", "val>ue")->generate());
+		VASSERT_EQ(" 5", "p=\"val@ue\"",  vmime::make_shared <vmime::parameter>("p", "val@ue")->generate());
+		VASSERT_EQ(" 6", "p=\"val,ue\"",  vmime::make_shared <vmime::parameter>("p", "val,ue")->generate());
+		VASSERT_EQ(" 7", "p=\"val;ue\"",  vmime::make_shared <vmime::parameter>("p", "val;ue")->generate());
+		VASSERT_EQ(" 8", "p=\"val:ue\"",  vmime::make_shared <vmime::parameter>("p", "val:ue")->generate());
+		VASSERT_EQ(" 9", "p=\"val/ue\"",  vmime::make_shared <vmime::parameter>("p", "val/ue")->generate());
+		VASSERT_EQ("10", "p=\"val[ue\"",  vmime::make_shared <vmime::parameter>("p", "val[ue")->generate());
+		VASSERT_EQ("11", "p=\"val]ue\"",  vmime::make_shared <vmime::parameter>("p", "val]ue")->generate());
+		VASSERT_EQ("12", "p=\"val?ue\"",  vmime::make_shared <vmime::parameter>("p", "val?ue")->generate());
+		VASSERT_EQ("13", "p=\"val=ue\"",  vmime::make_shared <vmime::parameter>("p", "val=ue")->generate());
+		VASSERT_EQ("14", "p=\"val ue\"",  vmime::make_shared <vmime::parameter>("p", "val ue")->generate());
+		VASSERT_EQ("15", "p=\"val\tue\"", vmime::make_shared <vmime::parameter>("p", "val\tue")->generate());
+	}
+
+	// http://sourceforge.net/projects/vmime/forums/forum/237356/topic/3812278
+	void testEncodeTSpecialsInRFC2231() {
+
+		VASSERT_EQ(
+			"1",
+			"filename*=UTF-8''my_file_name_%C3%B6%C3%A4%C3%BC_%281%29.txt",
+			vmime::make_shared <vmime::parameter>(
+				"filename",
+				vmime::word("my_file_name_\xc3\xb6\xc3\xa4\xc3\xbc_(1).txt", "UTF-8")
+			)->generate()
+		);
+	}
+
+	void testWhitespaceBreaksTheValue() {
+
+		parameterizedHeaderField p;
+		p.parse("xxx yyy; param1=value1 \r\n");
+
+		VASSERT_EQ("count", 1, p.getParameterCount());
+		VASSERT_EQ("value", "xxx", FIELD_VALUE(p));
+		VASSERT_EQ("param1.name", "param1", PARAM_NAME(p, 0));
+		VASSERT_EQ("param1.value", "value1", PARAM_VALUE(p, 0));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/pathTest.cpp b/vmime-master/tests/parser/pathTest.cpp
new file mode 100644
index 0000000..1396911
--- /dev/null
+++ b/vmime-master/tests/parser/pathTest.cpp
@@ -0,0 +1,102 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(pathTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse)
+		VMIME_TEST(testParse2)
+		VMIME_TEST(testGenerate)
+	VMIME_TEST_LIST_END
+
+
+	void testParse() {
+
+		vmime::path p1;
+		p1.parse("<>");
+
+		VASSERT_EQ("1.1", "", p1.getLocalPart());
+		VASSERT_EQ("1.2", "", p1.getDomain());
+
+		vmime::path p2;
+		p2.parse("<domain>");
+
+		VASSERT_EQ("2.1", "", p2.getLocalPart());
+		VASSERT_EQ("2.2", "domain", p2.getDomain());
+
+		vmime::path p3;
+		p3.parse("<local@domain>");
+
+		VASSERT_EQ("3.1", "local", p3.getLocalPart());
+		VASSERT_EQ("3.2", "domain", p3.getDomain());
+	}
+
+	void testParse2() {
+
+		// Test some invalid paths (no '<>')
+		vmime::path p1;
+		p1.parse("");
+
+		VASSERT_EQ("1.1", "", p1.getLocalPart());
+		VASSERT_EQ("1.2", "", p1.getDomain());
+
+		vmime::path p2;
+		p2.parse("domain");
+
+		VASSERT_EQ("2.1", "", p2.getLocalPart());
+		VASSERT_EQ("2.2", "domain", p2.getDomain());
+
+		vmime::path p3;
+		p3.parse("local@domain");
+
+		VASSERT_EQ("3.1", "local", p3.getLocalPart());
+		VASSERT_EQ("3.2", "domain", p3.getDomain());
+	}
+
+	void testGenerate() {
+
+		vmime::path p1;
+
+		VASSERT_EQ("1", "<>", p1.generate());
+
+		vmime::path p2;
+		p2.setLocalPart("local");
+
+		VASSERT_EQ("2", "<local@>", p2.generate());
+
+		vmime::path p3;
+		p3.setDomain("domain");
+
+		VASSERT_EQ("3", "<@domain>", p3.generate());
+
+		vmime::path p4;
+		p4.setLocalPart("local");
+		p4.setDomain("domain");
+
+		VASSERT_EQ("4", "<local@domain>", p4.generate());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/streamContentHandlerTest.cpp b/vmime-master/tests/parser/streamContentHandlerTest.cpp
new file mode 100644
index 0000000..399118e
--- /dev/null
+++ b/vmime-master/tests/parser/streamContentHandlerTest.cpp
@@ -0,0 +1,194 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(streamContentHandlerTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testIsEmpty)
+		VMIME_TEST(testGetLength)
+		VMIME_TEST(testIsEncoded)
+		VMIME_TEST(testGetLength_Encoded)
+		VMIME_TEST(testExtract)
+		VMIME_TEST(testExtract_Encoded)
+		VMIME_TEST(testExtractRaw_Encoded)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testGenerate_Encoded)
+	VMIME_TEST_LIST_END
+
+
+	void testIsEmpty() {
+
+		vmime::streamContentHandler cth;
+
+		VASSERT_TRUE("empty", cth.isEmpty());
+	}
+
+	void testGetLength() {
+
+		vmime::string data("Test Data");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length());
+
+		VASSERT_FALSE("empty", cth.isEmpty());
+		VASSERT_EQ("length", 9, cth.getLength());
+	}
+
+	void testIsEncoded() {
+
+		vmime::string data("Test Data");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length());
+
+		VASSERT_FALSE("encoded", cth.isEncoded());
+		VASSERT_EQ("encoding", vmime::contentHandler::NO_ENCODING, cth.getEncoding());
+
+
+		vmime::string data2("Zm9vEjRWYmFy=");
+		vmime::shared_ptr <vmime::utility::inputStream> stream2 =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data2);
+
+		vmime::streamContentHandler cth2(stream2, data2.length(), vmime::encoding("base64"));
+
+		VASSERT_TRUE("encoded", cth2.isEncoded());
+		VASSERT_EQ("encoding", "base64", cth2.getEncoding().generate());
+	}
+
+	void testGetLength_Encoded() {
+
+		vmime::string data("foo=12=34=56bar");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length(), vmime::encoding("quoted-printable"));
+
+		// Reported length should be the length of encoded data
+		VASSERT_EQ("length", 15, cth.getLength());
+	}
+
+	void testExtract() {
+
+		vmime::string data("Test Data");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length());
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		VASSERT_EQ("extract", "Test Data", oss.str());
+	}
+
+	void testExtract_Encoded() {
+
+		vmime::string data(
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk="
+		);
+
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length(), vmime::encoding("base64"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		// Data should be decoded from B64
+		VASSERT_EQ(
+			"extract",
+			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+			oss.str()
+		);
+	}
+
+	void testExtractRaw_Encoded()
+	{
+		vmime::string data(
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk="
+		);
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length(), vmime::encoding("base64"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extractRaw(osa);
+
+		// Data should not be decoded
+		VASSERT_EQ(
+			"extractRaw",
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk=",
+			oss.str()
+		);
+	}
+
+	void testGenerate() {
+
+		vmime::string data("foo\x12\x34\x56 bar");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length());
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("base64"));
+
+		// Data should be encoded to B64
+		VASSERT_EQ("generate", "Zm9vEjRWIGJhcg==", oss.str());
+	}
+
+	void testGenerate_Encoded() {
+
+		vmime::string data("foo=12=34=56bar");
+		vmime::shared_ptr <vmime::utility::inputStream> stream =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(data);
+
+		vmime::streamContentHandler cth(stream, data.length(), vmime::encoding("quoted-printable"));
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("base64"));
+
+		// Data should be reencoded from QP to B64
+		VASSERT_EQ("generate", "Zm9vEjRWYmFy", oss.str());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/stringContentHandlerTest.cpp b/vmime-master/tests/parser/stringContentHandlerTest.cpp
new file mode 100644
index 0000000..c856301
--- /dev/null
+++ b/vmime-master/tests/parser/stringContentHandlerTest.cpp
@@ -0,0 +1,165 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(stringContentHandlerTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testIsEmpty)
+		VMIME_TEST(testGetLength)
+		VMIME_TEST(testIsEncoded)
+		VMIME_TEST(testGetLength_Encoded)
+		VMIME_TEST(testExtract)
+		VMIME_TEST(testExtract_Encoded)
+		VMIME_TEST(testExtractRaw_Encoded)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testGenerate_Encoded)
+	VMIME_TEST_LIST_END
+
+
+	void testIsEmpty() {
+
+		vmime::stringContentHandler cth;
+
+		VASSERT_TRUE("empty", cth.isEmpty());
+	}
+
+	void testGetLength() {
+
+		vmime::stringContentHandler cth("Test Data");
+
+		VASSERT_FALSE("empty", cth.isEmpty());
+		VASSERT_EQ("length", 9, cth.getLength());
+	}
+
+	void testIsEncoded() {
+
+		vmime::stringContentHandler cth("Test Data");
+
+		VASSERT_FALSE("encoded", cth.isEncoded());
+		VASSERT_EQ("encoding", vmime::contentHandler::NO_ENCODING, cth.getEncoding());
+
+
+		vmime::stringContentHandler cth2("Zm9vEjRWYmFy=", vmime::encoding("base64"));
+
+		VASSERT_TRUE("encoded", cth2.isEncoded());
+		VASSERT_EQ("encoding", "base64", cth2.getEncoding().generate());
+	}
+
+	void testGetLength_Encoded() {
+
+		vmime::stringContentHandler cth(
+			"foo=12=34=56bar",
+			vmime::encoding("quoted-printable")
+		);
+
+		// Reported length should be the length of encoded data
+		VASSERT_EQ("length", 15, cth.getLength());
+	}
+
+	void testExtract() {
+
+		vmime::stringContentHandler cth("Test Data");
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		VASSERT_EQ("extract", "Test Data", oss.str());
+	}
+
+	void testExtract_Encoded() {
+
+		vmime::stringContentHandler cth(
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk=",
+			vmime::encoding("base64")
+		);
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extract(osa);
+
+		// Data should be decoded from B64
+		VASSERT_EQ(
+			"extract",
+			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+			oss.str()
+		);
+	}
+
+	void testExtractRaw_Encoded() {
+
+		vmime::stringContentHandler cth(
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk=",
+			vmime::encoding("base64")
+		);
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.extractRaw(osa);
+
+		// Data should not be decoded
+		VASSERT_EQ(
+			"extractRaw",
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODk=",
+			oss.str()
+		);
+	}
+
+	void testGenerate() {
+
+		vmime::stringContentHandler cth("foo\x12\x34\x56 bar");
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("base64"));
+
+		// Data should be encoded to B64
+		VASSERT_EQ("generate", "Zm9vEjRWIGJhcg==", oss.str());
+	}
+
+	void testGenerate_Encoded() {
+
+		vmime::stringContentHandler cth(
+			"foo=12=34=56bar",
+			vmime::encoding("quoted-printable")
+		);
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter osa(oss);
+
+		cth.generate(osa, vmime::encoding("base64"));
+
+		// Data should be reencoded from QP to B64
+		VASSERT_EQ("generate", "Zm9vEjRWYmFy", oss.str());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/textTest.cpp b/vmime-master/tests/parser/textTest.cpp
new file mode 100644
index 0000000..e9ddc26
--- /dev/null
+++ b/vmime-master/tests/parser/textTest.cpp
@@ -0,0 +1,918 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include <locale>
+#include <clocale>
+
+
+VMIME_TEST_SUITE_BEGIN(textTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConstructors)
+		VMIME_TEST(testCopy)
+		VMIME_TEST(testNewFromString)
+		VMIME_TEST(testDisplayForm)
+		VMIME_TEST(testParse)
+		VMIME_TEST(testGenerate)
+
+		VMIME_TEST(testWordConstructors)
+		VMIME_TEST(testWordParse)
+		VMIME_TEST(testWordGenerate)
+		VMIME_TEST(testWordGenerateSpace)
+		VMIME_TEST(testWordGenerateSpace2)
+		VMIME_TEST(testWordGenerateMultiBytes)
+		VMIME_TEST(testWordGenerateQuote)
+		VMIME_TEST(testWordGenerateSpecialCharsets)
+		VMIME_TEST(testWordGenerateSpecials)
+
+		VMIME_TEST(testWhitespace)
+		VMIME_TEST(testWhitespaceMBox)
+
+		VMIME_TEST(testFoldingAscii)
+		VMIME_TEST(testForcedNonEncoding)
+
+		VMIME_TEST(testBugFix20110511)
+
+		VMIME_TEST(testInternationalizedEmail_specialChars)
+		VMIME_TEST(testInternationalizedEmail_UTF8)
+		VMIME_TEST(testInternationalizedEmail_nonUTF8)
+		VMIME_TEST(testInternationalizedEmail_folding)
+		VMIME_TEST(testInternationalizedEmail_whitespace)
+
+		VMIME_TEST(testWronglyPaddedB64Words)
+		VMIME_TEST(testFixBrokenWords)
+		VMIME_TEST(testUnknownCharset)
+	VMIME_TEST_LIST_END
+
+
+	static const vmime::string getDisplayText(const vmime::text& t) {
+
+		return t.getWholeBuffer();
+	}
+
+	static const vmime::string cleanGeneratedWords(const std::string& str) {
+
+		std::istringstream iss(str);
+
+		std::string res;
+		std::string x;
+
+		while (std::getline(iss, x)) {
+			res += vmime::utility::stringUtils::trim(x);
+		}
+
+		return res;
+	}
+
+
+	void setUp() {
+
+		// Set the global C and C++ locale to the user-configured locale.
+		// The locale should use UTF-8 encoding for these tests to run successfully.
+		try {
+			std::locale::global(std::locale(""));
+		} catch (std::exception &) {
+			std::setlocale(LC_ALL, "");
+		}
+	}
+
+	void tearDown() {
+
+		// Restore default locale
+		std::locale::global(std::locale("C"));
+	}
+
+
+	void testConstructors() {
+
+		vmime::text t1;
+
+		VASSERT_EQ("1.1", 0, t1.getWordCount());
+
+		vmime::text t2("Test\xa9\xc3");
+
+		VASSERT_EQ("2.1", 1, t2.getWordCount());
+		VASSERT_EQ("2.2", "Test\xa9\xc3", t2.getWordAt(0)->getBuffer());
+		VASSERT_EQ("2.3", vmime::charset::getLocalCharset(), t2.getWordAt(0)->getCharset());
+
+		vmime::text t3("Test\xa9\xc3", vmime::charset(vmime::charsets::ISO8859_13));
+
+		VASSERT_EQ("3.1", 1, t3.getWordCount());
+		VASSERT_EQ("3.2", "Test\xa9\xc3", t3.getWordAt(0)->getBuffer());
+		VASSERT_EQ("3.3", vmime::charset(vmime::charsets::ISO8859_13), t3.getWordAt(0)->getCharset());
+
+		vmime::word w1("Test", vmime::charset(vmime::charsets::UTF_8));
+		vmime::text t4(w1);
+
+		VASSERT_EQ("4.1", 1, t4.getWordCount());
+		VASSERT_EQ("4.2", w1.getBuffer(), t4.getWordAt(0)->getBuffer());
+		VASSERT_EQ("4.3", w1.getCharset(), t4.getWordAt(0)->getCharset());
+
+		vmime::word w2("Other", vmime::charset(vmime::charsets::US_ASCII));
+		t4.appendWord(vmime::make_shared <vmime::word>(w2));
+
+		vmime::text t5(t4);
+
+		VASSERT_EQ("5.1", 2, t5.getWordCount());
+		VASSERT_EQ("5.2", w1.getBuffer(), t5.getWordAt(0)->getBuffer());
+		VASSERT_EQ("5.3", w1.getCharset(), t5.getWordAt(0)->getCharset());
+		VASSERT_EQ("5.4", w2.getBuffer(), t5.getWordAt(1)->getBuffer());
+		VASSERT_EQ("5.5", w2.getCharset(), t5.getWordAt(1)->getCharset());
+	}
+
+	void testCopy() {
+
+		vmime::text t1("Test: \xa9\xc3");
+
+		VASSERT("operator==", t1 == t1);
+		VASSERT("clone", *vmime::clone(t1) == t1);
+
+		vmime::text t2;
+		t2.copyFrom(t1);
+
+		VASSERT("copyFrom", t1 == t2);
+	}
+
+	void testNewFromString() {
+
+		vmime::string s1 = "only ASCII characters";
+		vmime::charset c1("test");
+		vmime::text t1;
+
+		t1.createFromString(s1, c1);
+
+		VASSERT_EQ("1.1", 1, t1.getWordCount());
+		VASSERT_EQ("1.2", s1, t1.getWordAt(0)->getBuffer());
+		VASSERT_EQ("1.3", vmime::charset(vmime::charsets::US_ASCII), t1.getWordAt(0)->getCharset());
+
+		vmime::string s2_1 = "some ASCII characters and special chars: ";
+		vmime::string s2_2 = "\xf1\xf2\xf3\xf4 ";
+		vmime::string s2_3 = "and then more ASCII chars.";
+		vmime::string s2 = s2_1 + s2_2 + s2_3;
+		vmime::charset c2("test");
+		vmime::text t2;
+
+		t2.createFromString(s2, c2);
+
+		VASSERT_EQ("2.1", 3, t2.getWordCount());
+		VASSERT_EQ("2.2", "some ASCII characters and special chars: ", t2.getWordAt(0)->getBuffer());
+		VASSERT_EQ("2.3", vmime::charset(vmime::charsets::US_ASCII), t2.getWordAt(0)->getCharset());
+		VASSERT_EQ("2.4", "\xf1\xf2\xf3\xf4", t2.getWordAt(1)->getBuffer());
+		VASSERT_EQ("2.5", c2, t2.getWordAt(1)->getCharset());
+		VASSERT_EQ("2.6", "and then more ASCII chars.", t2.getWordAt(2)->getBuffer());
+		VASSERT_EQ("2.7", vmime::charset(vmime::charsets::US_ASCII), t2.getWordAt(2)->getCharset());
+	}
+
+	static const vmime::string parseText(const vmime::string& buffer) {
+
+		vmime::text t;
+		t.parse(buffer);
+
+		std::ostringstream oss;
+		oss << t;
+
+		return oss.str();
+	}
+
+	void testParse() {
+
+		// From RFC-2047
+		VASSERT_EQ(
+			"1",
+			"[text: [[word: charset=US-ASCII, buffer=Keith Moore]]]",
+			parseText("=?US-ASCII?Q?Keith_Moore?=")
+		);
+
+		VASSERT_EQ(
+			"2",
+			"[text: [[word: charset=ISO-8859-1, buffer=Keld J\xf8rn Simonsen]]]",
+			parseText("=?ISO-8859-1?Q?Keld_J=F8rn_Simonsen?=")
+		);
+
+		VASSERT_EQ(
+			"3",
+			"[text: [[word: charset=ISO-8859-1, buffer=Andr\xe9]," \
+			        "[word: charset=us-ascii, buffer= Pirard]]]",
+			parseText("=?ISO-8859-1?Q?Andr=E9?= Pirard")
+		);
+
+		VASSERT_EQ(
+			"4",
+			"[text: [[word: charset=ISO-8859-1, buffer=If you can read this yo]," \
+			        "[word: charset=ISO-8859-2, buffer=u understand the example.]]]",
+			parseText(
+				"=?ISO-8859-1?B?SWYgeW91IGNhbiByZWFkIHRoaXMgeW8=?=\r\n " \
+				"=?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?="
+			)
+		);
+
+		// Bugfix: in "=?charset?q?=XX=YY?=", the "?=" finish
+		// sequence was not correctly found (should be the one
+		// after '=YY' and not the one after '?q').
+		VASSERT_EQ(
+			"5",
+			"[text: [[word: charset=abc, buffer=\xe9\xe9]]]",
+			parseText("=?abc?q?=E9=E9?=")
+		);
+
+		// Question marks (?) in the middle of the string
+		VASSERT_EQ(
+			"6",
+			"[text: [[word: charset=iso-8859-1, buffer=Know wh\xe4t? It works!]]]",
+			parseText("=?iso-8859-1?Q?Know_wh=E4t?_It_works!?=")
+		);
+
+		// With language specifier
+		VASSERT_EQ(
+			"7",
+			"[text: [[word: charset=US-ASCII, buffer=Keith Moore, lang=EN]]]",
+			parseText("=?US-ASCII*EN?Q?Keith_Moore?=")
+		);
+	}
+
+	void testGenerate() {
+
+		// TODO
+
+		// With language specifier
+		vmime::word wlang1("Émeline", vmime::charset("UTF-8"), "FR");
+		VASSERT_EQ("lang1", "=?UTF-8*FR?Q?=C3=89meline?=", wlang1.generate());
+
+		vmime::word wlang2("Keith Moore", vmime::charset("US-ASCII"), "EN");
+		VASSERT_EQ("lang2", "=?US-ASCII*EN?Q?Keith_Moore?=", wlang2.generate());
+	}
+
+	void testDisplayForm() {
+
+#define DISPLAY_FORM(x) getDisplayText(*vmime::text::decodeAndUnfold(x))
+
+		// From RFC-2047
+		VASSERT_EQ("1", "a", DISPLAY_FORM("=?ISO-8859-1?Q?a?="));
+		VASSERT_EQ("2", "a b", DISPLAY_FORM("=?ISO-8859-1?Q?a?= b"));
+		VASSERT_EQ("3", "ab", DISPLAY_FORM("=?ISO-8859-1?Q?a?= =?ISO-8859-1?Q?b?="));
+		VASSERT_EQ("4", "ab", DISPLAY_FORM("=?ISO-8859-1?Q?a?= \t  =?ISO-8859-1?Q?b?="));
+		VASSERT_EQ("5", "ab", DISPLAY_FORM("=?ISO-8859-1?Q?a?= \r\n  \t =?ISO-8859-1?Q?b?="));
+		VASSERT_EQ("6", "a b", DISPLAY_FORM("=?ISO-8859-1?Q?a_b?="));
+		VASSERT_EQ("7", "a b", DISPLAY_FORM("=?ISO-8859-1?Q?a?= =?ISO-8859-2?Q?_b?="));
+
+		// Some more tests...
+		VASSERT_EQ("8", "a b", DISPLAY_FORM(" a =?ISO-8859-1?Q?b?=  "));
+		VASSERT_EQ("9", "a b  ", DISPLAY_FORM(" \t  =?ISO-8859-1?Q?a?= b  "));
+		VASSERT_EQ("10", "a b", DISPLAY_FORM("  a\r\n\t  b"));
+
+		VASSERT_EQ("11", "a b c", DISPLAY_FORM("a =?ISO-8859-1?Q?b?= c"));
+		VASSERT_EQ("12", "a b c ", DISPLAY_FORM("a =?ISO-8859-1?Q?b?= c "));
+		VASSERT_EQ("13", "a b c ", DISPLAY_FORM(" a =?ISO-8859-1?Q?b?= c "));
+		VASSERT_EQ("14", "a b c d", DISPLAY_FORM("a =?ISO-8859-1?Q?b?= c =?ISO-8859-1?Q?d?= "));
+		VASSERT_EQ("15", "a b c d e", DISPLAY_FORM("a =?ISO-8859-1?Q?b?= c =?ISO-8859-1?Q?d?= e"));
+
+		// Whitespaces and multiline
+		VASSERT_EQ("16", "a b c d e", DISPLAY_FORM("=?ISO-8859-1?Q?a_b_?=c\n\t=?ISO-8859-1?Q?d_?=e"));
+
+		// Ignored newlines
+		VASSERT_EQ("17", "ab", DISPLAY_FORM("=?ISO-8859-1?Q?a?=\r\nb"));
+		VASSERT_EQ("18", "a b", DISPLAY_FORM("=?ISO-8859-1?Q?a?= \r\nb"));
+
+#undef DISPLAY_FORM
+	}
+
+	void testWordConstructors() {
+
+		VASSERT_EQ("1.1", vmime::charset::getLocalCharset(), vmime::word().getCharset());
+		VASSERT_EQ("1.2", "", vmime::word().getBuffer());
+
+		VASSERT_EQ("2.1", vmime::charset::getLocalCharset(), vmime::word("foo").getCharset());
+		VASSERT_EQ("2.2", "foo", vmime::word("foo").getBuffer());
+
+		VASSERT_EQ("3.1", "bar", vmime::word("foo", vmime::charset("bar")).getCharset().getName());
+		VASSERT_EQ("3.2", "foo", vmime::word("foo", vmime::charset("bar")).getBuffer());
+	}
+
+	void testWordParse() {
+
+		// Simple encoded word
+		vmime::word w1;
+		w1.parse("=?foo?q?bar=E9 baz?=");
+
+		VASSERT_EQ("1.1", "foo", w1.getCharset().getName());
+		VASSERT_EQ("1.2", "bar\xe9 baz", w1.getBuffer());
+
+		// Unencoded text
+		vmime::word w2;
+		w2.parse("  foo bar \tbaz...");
+
+		VASSERT_EQ("2.1", vmime::charset(vmime::charsets::US_ASCII), w2.getCharset());
+		VASSERT_EQ("2.2", "  foo bar \tbaz...", w2.getBuffer());
+
+		// Malformed word
+		vmime::word w3;
+		w3.parse("=?foo bar");
+
+		VASSERT_EQ("3.1", vmime::charset(vmime::charsets::US_ASCII), w3.getCharset());
+		VASSERT_EQ("3.2", "=?foo bar", w3.getBuffer());
+
+		// Unknown encoding
+		vmime::word w4;
+		w4.parse("=?whatever?not_q_or_b?whatever?=");
+
+		VASSERT_EQ("4.1", vmime::charset(vmime::charsets::US_ASCII), w4.getCharset());
+		VASSERT_EQ("4.2", "=?whatever?not_q_or_b?whatever?=", w4.getBuffer());
+	}
+
+	void testWordGenerate() {
+
+		VASSERT_EQ(
+			"1",
+			"=?foo?Q?bar=E9_baz?=",
+			vmime::word("bar\xe9 baz", vmime::charset("foo")).generate()
+		);
+
+		VASSERT_EQ(
+			"2",
+			"=?foo?B?8fLz9PU=?=",
+			vmime::word("\xf1\xf2\xf3\xf4\xf5", vmime::charset("foo")).generate()
+		);
+	}
+
+	void testWordGenerateSpace() {
+
+		// No white-space between an unencoded word and a encoded one
+		VASSERT_EQ(
+			"1",
+			"Bonjour =?utf-8?Q?Fran=C3=A7ois?=",
+			vmime::text::newFromString(
+				"Bonjour Fran\xc3\xa7ois",
+				vmime::charset("utf-8")
+			)->generate()
+		);
+
+		// White-space between two encoded words
+		vmime::text txt;
+		txt.appendWord(vmime::make_shared <vmime::word>("\xc3\x89t\xc3\xa9", "utf-8"));
+		txt.appendWord(vmime::make_shared <vmime::word>("Fran\xc3\xa7ois", "utf-8"));
+
+		const vmime::string decoded = "\xc3\x89t\xc3\xa9""Fran\xc3\xa7ois";
+		const vmime::string encoded = "=?utf-8?B?w4l0w6k=?= =?utf-8?Q?Fran=C3=A7ois?=";
+
+		// -- test encoding
+		VASSERT_EQ("2", encoded, txt.generate());
+
+		// -- ensure no space is added when decoding
+		vmime::text txt2;
+		txt2.parse(encoded, 0, encoded.length());
+
+		VASSERT_EQ("3", decoded, txt2.getWholeBuffer());
+
+		// -- test rencoding
+		VASSERT_EQ("4", encoded, txt2.generate());
+	}
+
+	void testWordGenerateSpace2() {
+
+		// White-space between two encoded words (#2)
+		vmime::text txt;
+		txt.appendWord(vmime::make_shared <vmime::word>("Facture ", "utf-8"));
+		txt.appendWord(vmime::make_shared <vmime::word>("\xc3\xa0", "utf-8"));
+		txt.appendWord(vmime::make_shared <vmime::word>(" envoyer ", "utf-8"));
+		txt.appendWord(vmime::make_shared <vmime::word>("\xc3\xa0", "utf-8"));
+		txt.appendWord(vmime::make_shared <vmime::word>(" Martine", "utf-8"));
+
+		const vmime::string decoded = "Facture ""\xc3\xa0"" envoyer ""\xc3\xa0"" Martine";
+		const vmime::string encoded = "Facture =?utf-8?B?w6A=?= envoyer =?utf-8?B?w6A=?= Martine";
+
+		// -- test encoding
+		VASSERT_EQ("1", encoded, txt.generate());
+
+		// -- ensure no space is added when decoding
+		vmime::text txt2;
+		txt2.parse(encoded, 0, encoded.length());
+
+		VASSERT_EQ("2", decoded, txt2.getWholeBuffer());
+
+		// -- test rencoding
+		VASSERT_EQ("3", encoded, txt2.generate());
+	}
+
+	void testWordGenerateMultiBytes() {
+
+		// Ensure we don't encode a non-integral number of characters
+		VASSERT_EQ(
+			"1",
+			"=?utf-8?Q?aaa?==?utf-8?Q?=C3=A9?==?utf-8?Q?zzz?=",
+			cleanGeneratedWords(
+				vmime::word("aaa\xc3\xa9zzz", vmime::charset("utf-8")).generate(16)
+			)
+		);
+
+		VASSERT_EQ(
+			"2",
+			"=?utf-8?Q?aaa=C3=A9?==?utf-8?Q?zzz?=",
+			cleanGeneratedWords(
+				vmime::word("aaa\xc3\xa9zzz", vmime::charset("utf-8")).generate(17)
+			)
+		);
+	}
+
+	void testWordGenerateQuote() {
+
+		std::string str;
+		vmime::utility::outputStreamStringAdapter os(str);
+
+		vmime::generationContext ctx;
+		ctx.setMaxLineLength(1000);
+
+		// ASCII-only text is quotable
+		str.clear();
+		vmime::word("Quoted text")
+			.generate(ctx, os, 0, NULL, vmime::text::QUOTE_IF_POSSIBLE, NULL);
+
+		VASSERT_EQ("1", "\"Quoted text\"", cleanGeneratedWords(str));
+
+		// Text with CR/LF is not quotable
+		str.clear();
+		vmime::word("Non-quotable\ntext", "us-ascii")
+			.generate(ctx, os, 0, NULL, vmime::text::QUOTE_IF_POSSIBLE, NULL);
+
+		VASSERT_EQ("2", "=?us-ascii?Q?Non-quotable=0Atext?=", cleanGeneratedWords(str));
+
+		// Text with non-ASCII chars is not quotable
+		str.clear();
+		vmime::word("Non-quotable text \xc3\xa9")
+			.generate(ctx, os, 0, NULL, vmime::text::QUOTE_IF_POSSIBLE, NULL);
+
+		VASSERT_EQ("3", "=?UTF-8?Q?Non-quotable_text_=C3=A9?=", cleanGeneratedWords(str));
+	}
+
+	void testWordGenerateSpecialCharsets() {
+
+		// ISO-2022-JP only uses 7-bit chars but should be encoded in Base64
+		VASSERT_EQ(
+			"1",
+			"=?iso-2022-jp?B?XlskQiVRITwlPSVKJWshJiU9JVUlSCUmJSclIl5bKEI=?=",
+			cleanGeneratedWords(
+				vmime::word(
+					"^[$B%Q!<%=%J%k!&%=%U%H%&%'%\"^[(B",
+					vmime::charset("iso-2022-jp")
+				).generate(100)
+			)
+		);
+	}
+
+	void testWordGenerateSpecials() {
+
+		// In RFC-2047, quotation marks (ASCII 22h) should be encoded
+		VASSERT_EQ(
+			"1",
+			"=?UTF-8?Q?=22=C3=9Cml=C3=A4ute=22?=",
+			vmime::word(
+				"\x22\xC3\x9Cml\xC3\xA4ute\x22",
+				vmime::charset("UTF-8")
+			).generate()
+		);
+	}
+
+	void testWhitespace() {
+
+		// Create
+		vmime::text text;
+		text.createFromString("Achim Br\xc3\xa4ndt", vmime::charsets::UTF_8);
+
+		VASSERT_EQ("1", 2, text.getWordCount());
+		VASSERT_EQ("2", "Achim ", text.getWordAt(0)->getBuffer());
+		VASSERT_EQ("3", "us-ascii", text.getWordAt(0)->getCharset());
+		VASSERT_EQ("4", "Br\xc3\xa4ndt", text.getWordAt(1)->getBuffer());
+		VASSERT_EQ("5", "utf-8", text.getWordAt(1)->getCharset());
+
+		// Generate
+		VASSERT_EQ("6", "Achim =?utf-8?Q?Br=C3=A4ndt?=", text.generate());
+
+		// Parse
+		text.parse("=?us-ascii?Q?Achim_?= =?utf-8?Q?Br=C3=A4ndt?=");
+
+		VASSERT_EQ("7", 2, text.getWordCount());
+		VASSERT_EQ("8", "Achim ", text.getWordAt(0)->getBuffer());
+		VASSERT_EQ("9", "us-ascii", text.getWordAt(0)->getCharset());
+		VASSERT_EQ("10", "Br\xc3\xa4ndt", text.getWordAt(1)->getBuffer());
+		VASSERT_EQ("11", "utf-8", text.getWordAt(1)->getCharset());
+	}
+
+	void testWhitespaceMBox() {
+
+		// Space MUST be encoded inside a word
+		vmime::mailbox mbox(vmime::text("Achim Br\xc3\xa4ndt", vmime::charsets::UTF_8), "me@vmime.org");
+		VASSERT_EQ("generate1", "=?us-ascii?Q?Achim_?= =?utf-8?Q?Br=C3=A4ndt?= <me@vmime.org>", mbox.generate());
+
+		vmime::text txt;
+		txt.appendWord(vmime::make_shared <vmime::word>("Achim ", "us-ascii"));
+		txt.appendWord(vmime::make_shared <vmime::word>("Br\xc3\xa4ndt", "utf-8"));
+		mbox = vmime::mailbox(txt, "me@vmime.org");
+		VASSERT_EQ("generate2", "=?us-ascii?Q?Achim_?= =?utf-8?Q?Br=C3=A4ndt?= <me@vmime.org>", mbox.generate());
+
+		mbox.parse("=?us-ascii?Q?Achim?= =?utf-8?Q?Br=C3=A4ndt?= <me@vmime.org>");
+		VASSERT_EQ("parse.name.count", 2, mbox.getName().getWordCount());
+		VASSERT_EQ("parse.name.word1.buffer", "Achim", mbox.getName().getWordAt(0)->getBuffer());
+		VASSERT_EQ("parse.name.word1.charset", "us-ascii", mbox.getName().getWordAt(0)->getCharset());
+		VASSERT_EQ("parse.name.word2.buffer", "Br\xc3\xa4ndt", mbox.getName().getWordAt(1)->getBuffer());
+		VASSERT_EQ("parse.name.word2.charset", "utf-8", mbox.getName().getWordAt(1)->getCharset());
+
+		VASSERT_EQ("parse.email", "me@vmime.org", mbox.getEmail());
+	}
+
+	void testFoldingAscii() {
+
+		// In this test, no encoding is needed, but line should be folded anyway
+		vmime::word w("01234567890123456789012345678901234567890123456789"
+		              "01234567890123456789012345678901234567890123456789", vmime::charset("us-ascii"));
+
+		VASSERT_EQ(
+			"fold.ascii",
+			"=?us-ascii?Q?01234567890123456789012345678901234?=\r\n"
+			" =?us-ascii?Q?5678901234567890123456789012345678?=\r\n"
+			" =?us-ascii?Q?9012345678901234567890123456789?=", w.generate(50)
+		);
+	}
+
+	void testForcedNonEncoding() {
+
+		// Testing long unbreakable and unencodable header
+		vmime::relay r;
+		r.parse(
+			" from User (Ee9GMqZQ8t7IQwftfAFHd2KyScCYRrFSJ50tKEoXv2bVCG4HcPU80GGWiFabAvG77FekpGgF1h@[127.0.0.1]) by servername.hostname.com\n\t"
+			"with esmtp id 1NGTS9-2C0sqG0; Fri, 4 Dec 2009 09:23:49 +0100"
+		);
+
+		VASSERT_EQ(
+			"received.long",
+			"from User\r\n (Ee9GMqZQ8t7IQwftfAFHd2KyScCYRrFSJ50tKEoXv2bVCG4HcPU80GGWiFabAvG77FekpGgF1h@[127.0.0.1])\r\n by servername.hostname.com with esmtp id 1NGTS9-2C0sqG0; Fri, 4 Dec 2009\r\n 09:23:49 +0100",
+			r.generate(78)
+		);
+	}
+
+	void testBugFix20110511() {
+
+		/*
+
+		 Using the latest version of vmime (0.9.1), encoding the following string: Jean
+		 Gwenaël Dutourd will result in:
+		 Jean =?utf-8?Q?Gwena=C3=ABl_?= Dutourd
+		 However, decoding this will result in Jean Gwenaël  Dutourd (notice two spaces
+		 between the last 2 words).  The encoder adds a _ after the second word, but
+		 since the last word is not encoded, the space between them is not ignored, and
+		 is decoded into an additional space.
+
+		 See: http://sourceforge.net/projects/vmime/forums/forum/237357/topic/4531365
+
+		*/
+
+		const std::string DECODED_TEXT = "Jean Gwenaël Dutourd";
+		const std::string ENCODED_TEXT = "Jean =?utf-8?Q?Gwena=C3=ABl?= Dutourd";
+
+		// Encode
+		VASSERT_EQ(
+			"encode",
+			ENCODED_TEXT,
+			vmime::text::newFromString(DECODED_TEXT, vmime::charset("utf-8"))->generate()
+		);
+
+		// Decode
+		vmime::text t;
+		t.parse(ENCODED_TEXT);
+
+		// -- words
+		std::ostringstream oss; oss << t;
+		VASSERT_EQ(
+			"decode1",
+			"[text: [[word: charset=us-ascii, buffer=Jean ],"
+			        "[word: charset=utf-8, buffer=Gwenaël],"
+			        "[word: charset=us-ascii, buffer= Dutourd]]]",
+			oss.str()
+		);
+
+		// -- getWholeBuffer
+		VASSERT_EQ("decode2", DECODED_TEXT, t.getWholeBuffer());
+	}
+
+	void testInternationalizedEmail_specialChars() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(true);
+
+		vmime::generationContext::switcher <vmime::generationContext> contextSwitcher(ctx);
+
+		// Special sequence/chars should still be encoded
+		VASSERT_EQ(
+			"1",
+			"=?us-ascii?Q?Test=3D=3Frfc2047_sequence?=",
+			vmime::word("Test=?rfc2047 sequence", vmime::charset("us-ascii")).generate()
+		);
+
+		VASSERT_EQ(
+			"2",
+			"=?us-ascii?Q?Line_One=0ALine_Two?=",
+			vmime::word("Line One\nLine Two", vmime::charset("us-ascii")).generate()
+		);
+	}
+
+	void testInternationalizedEmail_UTF8() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(true);
+
+		vmime::generationContext::switcher <vmime::generationContext> contextSwitcher(ctx);
+
+		// Already UTF-8 encoded text should be left as is
+		VASSERT_EQ(
+			"1", "Achim Br\xc3\xa4ndt",
+			vmime::word("Achim Br\xc3\xa4ndt", vmime::charset("utf-8")).generate()
+		);
+	}
+
+	void testInternationalizedEmail_nonUTF8() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(true);
+
+		vmime::generationContext::switcher <vmime::generationContext> contextSwitcher(ctx);
+
+		// Non UTF-8 encoded text should first be converted to UTF-8
+		VASSERT_EQ(
+			"1", "Achim Br\xc3\xa4ndt",
+			vmime::word("Achim Br\xe4ndt", vmime::charset("iso-8859-1")).generate()
+		);
+	}
+
+	void testInternationalizedEmail_folding() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(true);
+
+		vmime::generationContext::switcher <vmime::generationContext> contextSwitcher(ctx);
+
+		// RFC-2047 encoding must be performed, as line folding is needed
+		vmime::word w1("01234567890123456789\xc3\xa0x012345678901234567890123456789"
+		               "01234567890123456789\xc3\xa0x012345678901234567890123456789", vmime::charset("utf-8"));
+
+		VASSERT_EQ(
+			"1",
+			"=?utf-8?Q?01234567890123456789=C3=A0x01234567890?=\r\n"
+			" =?utf-8?Q?1234567890123456789012345678901234567?=\r\n"
+			" =?utf-8?Q?89=C3=A0x0123456789012345678901234567?=\r\n"
+			" =?utf-8?Q?89?=",
+			w1.generate(50)
+		);
+
+		// RFC-2047 encoding will not be forced, as words can be wrapped in a new line
+		vmime::word w2("bla bla bla This is some '\xc3\xa0\xc3\xa7' UTF-8 encoded text", vmime::charset("utf-8"));
+
+		VASSERT_EQ(
+			"2",
+			"bla bla bla This is\r\n"
+			" some '\xc3\xa0\xc3\xa7' UTF-8\r\n"
+			" encoded text",
+			w2.generate(20)
+		);
+	}
+
+	void testInternationalizedEmail_whitespace() {
+
+		// Sanity checks for running this test
+		{
+			vmime::text t;
+			t.parse("=?utf-8?Q?Adquisi=C3=B3n?= de Laptop y celular");
+
+			VASSERT_EQ("parse", "Adquisión de Laptop y celular", t.getWholeBuffer());
+		}
+
+		{
+			vmime::text t("Adquisi\xc3\xb3n de Laptop y celular", vmime::charset("UTF-8"));
+
+			VASSERT_EQ("generate", "=?UTF-8?Q?Adquisi=C3=B3n?= de Laptop y celular", t.generate());
+		}
+
+		// Ensure a whitespace is added between encoded words in intl email support enabled
+		{
+			vmime::text t;
+			t.parse("=?utf-8?Q?Adquisi=C3=B3n?= de Laptop y celular");
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter ossAdapter(oss);
+			vmime::generationContext gctx(vmime::generationContext::getDefaultContext());
+			gctx.setInternationalizedEmailSupport(true);
+			t.generate(gctx, ossAdapter);
+
+			VASSERT_EQ("generate", "Adquisi\xc3\xb3n de Laptop y celular", oss.str());
+		}
+
+		{
+			vmime::text t;
+			t.parse("=?utf-8?Q?Adquisi=C3=B3n?= de Laptop =?utf-8?Q?y?= celular");
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter ossAdapter(oss);
+			vmime::generationContext gctx(vmime::generationContext::getDefaultContext());
+			gctx.setInternationalizedEmailSupport(true);
+			t.generate(gctx, ossAdapter);
+
+			VASSERT_EQ("generate", "Adquisi\xc3\xb3n de Laptop y celular", oss.str());
+		}
+
+		{
+			vmime::text t;
+			t.parse("=?utf-8?Q?Adquisi=C3=B3n?= de Laptop =?utf-8?Q?y_celular?=");
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter ossAdapter(oss);
+			vmime::generationContext gctx(vmime::generationContext::getDefaultContext());
+			gctx.setInternationalizedEmailSupport(true);
+			t.generate(gctx, ossAdapter);
+
+			VASSERT_EQ("generate", "Adquisi\xc3\xb3n de Laptop y celular", oss.str());
+		}
+
+		// Ensure no whitespace is added with non-encoded words
+		{
+			vmime::text t;
+			t.parse("Laptop y celular");
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter ossAdapter(oss);
+			vmime::generationContext gctx(vmime::generationContext::getDefaultContext());
+			gctx.setInternationalizedEmailSupport(true);
+			t.generate(gctx, ossAdapter);
+
+			VASSERT_EQ("generate", "Laptop y celular", oss.str());
+		}
+
+		{
+			vmime::text t;
+			t.parse("=?utf-8?Q?Laptop_y_celular?=");
+
+			std::ostringstream oss;
+			vmime::utility::outputStreamAdapter ossAdapter(oss);
+			vmime::generationContext gctx(vmime::generationContext::getDefaultContext());
+			gctx.setInternationalizedEmailSupport(true);
+			t.generate(gctx, ossAdapter);
+
+			VASSERT_EQ("generate", "Laptop y celular", oss.str());
+		}
+	}
+
+	void testWronglyPaddedB64Words() {
+
+		vmime::text outText;
+
+		vmime::text::decodeAndUnfold("=?utf-8?B?5Lit5?=\n =?utf-8?B?paH?=", &outText);
+
+		VASSERT_EQ(
+			"1",
+			"\xe4\xb8\xad\xe6\x96\x87",
+			outText.getConvertedText(vmime::charset("utf-8"))
+		);
+
+		vmime::text::decodeAndUnfold("=?utf-8?B?5Lit5p?=\n =?utf-8?B?aH?=", &outText);
+
+		VASSERT_EQ(
+			"2",
+			"\xe4\xb8\xad\xe6\x96\x87",
+			outText.getConvertedText(vmime::charset("utf-8"))
+		);
+
+		vmime::text::decodeAndUnfold("=?utf-8?B?5Lit5pa?=\n =?utf-8?B?H?=", &outText);
+
+		VASSERT_EQ(
+			"3",
+			"\xe4\xb8\xad\xe6\x96\x87",
+			outText.getConvertedText(vmime::charset("utf-8"))
+		);
+	}
+
+	// Ensure that words which encode a non-integral number of characters
+	// are correctly decoded.
+	void testFixBrokenWords() {
+
+		vmime::text outText;
+
+		vmime::charsetConverterOptions opts;
+		opts.silentlyReplaceInvalidSequences = false;  // just to be sure that broken words are actually fixed
+
+		// Test case 1
+		vmime::text::decodeAndUnfold(
+			"=?utf-8?Q?Gwena=C3?="
+			"=?utf-8?Q?=ABl?=",
+			&outText
+		);
+
+		VASSERT_EQ("1.1", 1, outText.getWordCount());
+		VASSERT_EQ("1.2", "Gwena\xc3\xabl", outText.getWordAt(0)->getBuffer());
+		VASSERT_EQ("1.3", vmime::charset("utf-8"), outText.getWordAt(0)->getCharset());
+
+		// Test case 2
+		vmime::text::decodeAndUnfold(
+			"=?utf-8?B?5Lit6Yu85qmf5qKw6JGj5LqL5pyDMTAz5bm056ysMDXlsYbn?="
+			"=?utf-8?B?rKwwN+asoeitsOeoiw==?=",
+			&outText
+		);
+
+		VASSERT_EQ("2.1", 1, outText.getWordCount());
+		VASSERT_EQ("2.2", "\xe4\xb8\xad\xe9\x8b\xbc\xe6\xa9\x9f\xe6\xa2\xb0"
+			"\xe8\x91\xa3\xe4\xba\x8b\xe6\x9c\x83\x31\x30\x33\xe5\xb9\xb4"
+			"\xe7\xac\xac\x30\x35\xe5\xb1\x86\xe7\xac\xac\x30\x37\xe6\xac"
+			"\xa1\xe8\xad\xb0\xe7\xa8\x8b", outText.getWordAt(0)->getBuffer());
+		VASSERT_EQ("2.3", vmime::charset("utf-8"), outText.getWordAt(0)->getCharset());
+
+		// Test case 3 (a character spanning over 3 words: 'ã‚’' = E3 82 92)
+		vmime::text::decodeAndUnfold(
+			"=?utf-8?Q?abc=E3?="
+			"=?utf-8?Q?=82?="
+			"=?utf-8?Q?=92xyz?=",
+			&outText
+		);
+
+		VASSERT_EQ("3.1", 1, outText.getWordCount());
+		VASSERT_EQ("3.2", "abc\xe3\x82\x92xyz", outText.getWordAt(0)->getBuffer());
+		VASSERT_EQ("3.3", vmime::charset("utf-8"), outText.getWordAt(0)->getCharset());
+
+		// Test case 4 (remains invalid)
+		vmime::text::decodeAndUnfold(
+			"=?utf-8?Q?abc=E3?="
+			"=?utf-8?Q?=82?="
+			"=?utf-8?Q?xy?="
+			"=?utf-8?Q?z?=",
+			&outText
+		);
+
+		VASSERT_EQ("4.1", 2, outText.getWordCount());
+		VASSERT_EQ("4.2", "abc", outText.getWordAt(0)->getBuffer());
+		VASSERT_EQ("4.3", vmime::charset("utf-8"), outText.getWordAt(0)->getCharset());
+		VASSERT_EQ("4.4", "\xe3\x82xyz", outText.getWordAt(1)->getBuffer());
+		VASSERT_EQ("4.5", vmime::charset("utf-8"), outText.getWordAt(1)->getCharset());
+
+		// Test case 5 (remains partially invalid)
+		vmime::text::decodeAndUnfold(
+			"=?utf-8?Q?abc=E3?="
+			"=?utf-8?Q?=82?="
+			"=?utf-8?Q?\x92xy?="
+			"=?utf-8?Q?z\xc3?=",
+			&outText
+		);
+
+		VASSERT_EQ("5.1", 2, outText.getWordCount());
+		VASSERT_EQ("5.2", "abc\xe3\x82\x92xyz", outText.getWordAt(0)->getBuffer());
+		VASSERT_EQ("5.3", vmime::charset("utf-8"), outText.getWordAt(0)->getCharset());
+		VASSERT_EQ("5.4", "\xc3", outText.getWordAt(1)->getBuffer());
+		VASSERT_EQ("5.5", vmime::charset("utf-8"), outText.getWordAt(1)->getCharset());
+	}
+
+	void testUnknownCharset() {
+
+		vmime::text t;
+		vmime::text::decodeAndUnfold("=?gb2312?B?wdaRY8PA?=", &t);
+
+		VASSERT_EQ("1.1", 1, t.getWordCount());
+		VASSERT_EQ("1.2", "\xc1\xd6\x91\x63\xc3\xc0", t.getWordAt(0)->getBuffer());
+		VASSERT_EQ("1.3", vmime::charset("gb2312"), t.getWordAt(0)->getCharset());
+
+
+
+		vmime::parsingContext ctx;
+
+		const vmime::string hfieldBuffer = "From: '=?gb2312?B?wdaRY8PA?=' <a.b@c.de>";
+
+		vmime::shared_ptr <vmime::headerField> hfield =
+			vmime::headerField::parseNext(ctx, hfieldBuffer, 0, hfieldBuffer.size());
+
+		vmime::shared_ptr <vmime::mailbox> hvalue =
+			hfield->getValue <vmime::mailbox>();
+
+		VASSERT_EQ("2.1", 3, hvalue->getName().getWordCount());
+		VASSERT_EQ("2.2", "'", hvalue->getName().getWordAt(0)->getBuffer());
+		VASSERT_EQ("2.3", vmime::charset("us-ascii"), hvalue->getName().getWordAt(0)->getCharset());
+		VASSERT_EQ("2.4", "\xc1\xd6\x91\x63\xc3\xc0", hvalue->getName().getWordAt(1)->getBuffer());
+		VASSERT_EQ("2.5", vmime::charset("gb2312"), hvalue->getName().getWordAt(1)->getCharset());
+		VASSERT_EQ("2.6", "'", hvalue->getName().getWordAt(2)->getBuffer());
+		VASSERT_EQ("2.7", vmime::charset("us-ascii"), hvalue->getName().getWordAt(2)->getCharset());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/parser/wordEncoderTest.cpp b/vmime-master/tests/parser/wordEncoderTest.cpp
new file mode 100644
index 0000000..08d34aa
--- /dev/null
+++ b/vmime-master/tests/parser/wordEncoderTest.cpp
@@ -0,0 +1,174 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/wordEncoder.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(wordEncoderTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testGetNextChunk)
+		VMIME_TEST(testGetNextChunk_integral)
+		VMIME_TEST(testIsEncodingNeeded_ascii)
+		VMIME_TEST(testIsEncodingNeeded_withLanguage)
+		VMIME_TEST(testIsEncodingNeeded_specialChars)
+		VMIME_TEST(testGuessBestEncoding_QP)
+		VMIME_TEST(testGuessBestEncoding_B64)
+		VMIME_TEST(testEncodeQP_RFC2047)
+	VMIME_TEST_LIST_END
+
+
+	void testGetNextChunk() {
+
+		// An integral number of characters should be encoded
+		vmime::wordEncoder we(
+			"bufferfoobarbaz",
+			vmime::charset("utf-8"),
+			vmime::wordEncoder::ENCODING_AUTO
+		);
+
+		VASSERT_EQ("1", "buffer", we.getNextChunk(6));
+		VASSERT_EQ("2", "foo", we.getNextChunk(3));
+		VASSERT_EQ("3", "barbaz", we.getNextChunk(10));
+	}
+
+	void testGetNextChunk_integral() {
+
+		// An integral number of characters should be encoded
+		vmime::wordEncoder we(
+			"buffer\xc3\xa0plop",
+			vmime::charset("utf-8"),
+			vmime::wordEncoder::ENCODING_AUTO
+		);
+
+		VASSERT_EQ("1", "buffer=C3=A0", we.getNextChunk(7));
+		VASSERT_EQ("2", "plop", we.getNextChunk(10));
+	}
+
+	void testIsEncodingNeeded_ascii() {
+
+		vmime::generationContext ctx(vmime::generationContext::getDefaultContext());
+		ctx.setInternationalizedEmailSupport(false);
+
+		VASSERT_FALSE(
+			"ascii",
+			vmime::wordEncoder::isEncodingNeeded(
+				ctx, "ASCII-only buffer", vmime::charset("utf-8"), ""
+			)
+		);
+
+		VASSERT_TRUE(
+			"non-ascii",
+			vmime::wordEncoder::isEncodingNeeded(
+				ctx, "Buffer with some UTF-8 '\xc3\xa0'", vmime::charset("utf-8"), ""
+			)
+		);
+	}
+
+	void testIsEncodingNeeded_withLanguage() {
+
+		VASSERT_TRUE(
+			"ascii",
+			vmime::wordEncoder::isEncodingNeeded(
+				vmime::generationContext::getDefaultContext(),
+				"ASCII-only buffer",
+				vmime::charset("utf-8"),
+				"en"
+			)
+		);
+	}
+
+	void testIsEncodingNeeded_specialChars() {
+
+		VASSERT_TRUE(
+			"rfc2047",
+			vmime::wordEncoder::isEncodingNeeded(
+				vmime::generationContext::getDefaultContext(),
+				"foo bar =? foo bar",
+				vmime::charset("us-ascii"),
+				""
+			)
+		);
+
+		VASSERT_TRUE(
+			"new line 1",
+			vmime::wordEncoder::isEncodingNeeded(
+				vmime::generationContext::getDefaultContext(),
+				"foo bar \n foo bar",
+				vmime::charset("us-ascii"),
+				""
+			)
+		);
+
+		VASSERT_TRUE(
+			"new line 2",
+			vmime::wordEncoder::isEncodingNeeded(
+				vmime::generationContext::getDefaultContext(),
+				"foo bar \r foo bar",
+				vmime::charset("us-ascii"),
+				""
+			)
+		);
+	}
+
+	void testGuessBestEncoding_QP() {
+
+		VASSERT_EQ(
+			"1",
+			vmime::wordEncoder::ENCODING_QP,
+			vmime::wordEncoder::guessBestEncoding("ASCII only buffer", vmime::charset("us-ascii"))
+		);
+	}
+
+	void testGuessBestEncoding_B64() {
+
+		// >= 40% non-ASCII => Base64...
+		VASSERT_EQ(
+			"1",
+			vmime::wordEncoder::ENCODING_B64,
+			vmime::wordEncoder::guessBestEncoding("xxxxx\xc3\xa0\xc3\xa0", vmime::charset("utf-8"))
+		);
+
+		// ...else Quoted-Printable
+		VASSERT_EQ(
+			"2",
+			vmime::wordEncoder::ENCODING_QP,
+			vmime::wordEncoder::guessBestEncoding("xxxxxx\xc3\xa0\xc3\xa0", vmime::charset("utf-8"))
+		);
+	}
+
+	void testEncodeQP_RFC2047() {
+
+		// When Quoted-Printable is used, it should be RFC-2047 QP encoding
+		vmime::wordEncoder we(
+			"buffer\xc3\xa0 foo_bar",
+			vmime::charset("utf-8"),
+			vmime::wordEncoder::ENCODING_AUTO
+		);
+
+		VASSERT_EQ("1", "buffer=C3=A0_foo=5Fbar", we.getNextChunk(100));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/security/digest/md5Test.cpp b/vmime-master/tests/security/digest/md5Test.cpp
new file mode 100644
index 0000000..ca6d3d4
--- /dev/null
+++ b/vmime-master/tests/security/digest/md5Test.cpp
@@ -0,0 +1,228 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/security/digest/messageDigestFactory.hpp"
+
+
+#define INIT_DIGEST(var, algo) \
+	vmime::shared_ptr <vmime::security::digest::messageDigest> var = \
+		vmime::security::digest::messageDigestFactory::getInstance()->create(algo)
+
+
+
+VMIME_TEST_SUITE_BEGIN(md5Test)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testRFC1321_1)
+		VMIME_TEST(testRFC1321_2)
+		VMIME_TEST(testRFC1321_3)
+		VMIME_TEST(testRFC1321_4)
+		VMIME_TEST(testRFC1321_5)
+		VMIME_TEST(testRFC1321_6)
+		VMIME_TEST(testRFC1321_7)
+		VMIME_TEST(testUpdate1)
+		VMIME_TEST(testUpdate2)
+		VMIME_TEST(testUpdate3)
+		VMIME_TEST(testUpdate4)
+		VMIME_TEST(testUpdate5)
+		VMIME_TEST(testUpdate6)
+		VMIME_TEST(testUpdate7)
+	VMIME_TEST_LIST_END
+
+
+	// Test suites from RFC #1321
+
+	void testRFC1321_1() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("");
+		algo->finalize();
+
+		VASSERT_EQ("*", "d41d8cd98f00b204e9800998ecf8427e", algo->getHexDigest());
+	}
+
+	void testRFC1321_2() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("a");
+		algo->finalize();
+
+		VASSERT_EQ("*", "0cc175b9c0f1b6a831c399e269772661", algo->getHexDigest());
+	}
+
+	void testRFC1321_3() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("abc");
+		algo->finalize();
+
+		VASSERT_EQ("*", "900150983cd24fb0d6963f7d28e17f72", algo->getHexDigest());
+	}
+
+	void testRFC1321_4() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("message digest");
+		algo->finalize();
+
+		VASSERT_EQ("*", "f96b697d7cb7938d525a2f31aaf161d0", algo->getHexDigest());
+	}
+
+	void testRFC1321_5() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("abcdefghijklmnopqrstuvwxyz");
+		algo->finalize();
+
+		VASSERT_EQ("*", "c3fcd3d76192e4007dfb496cca67e13b", algo->getHexDigest());
+	}
+
+	void testRFC1321_6() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+		algo->finalize();
+
+		VASSERT_EQ("*", "d174ab98d277d9f5a5611c2c9f419d9f", algo->getHexDigest());
+	}
+
+	void testRFC1321_7() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+		algo->finalize();
+
+		VASSERT_EQ("*", "57edf4a22be3c955ac49da2e2107b67a", algo->getHexDigest());
+	}
+
+	void testReset() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("foo");
+		algo->update("bar");
+		algo->finalize();
+
+		algo->reset();
+		algo->finalize();
+
+		VASSERT_EQ("*", "d41d8cd98f00b204e9800998ecf8427e", algo->getHexDigest());  // empty string
+	}
+
+	void testUpdate1() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("");
+		algo->finalize();
+
+		VASSERT_EQ("*", "d41d8cd98f00b204e9800998ecf8427e", algo->getHexDigest());
+	}
+
+	void testUpdate2() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("a");
+		algo->update("");
+		algo->finalize();
+
+		VASSERT_EQ("2", "0cc175b9c0f1b6a831c399e269772661", algo->getHexDigest());
+	}
+
+	void testUpdate3() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("ab");
+		algo->update("c");
+		algo->finalize();
+
+		VASSERT_EQ("3", "900150983cd24fb0d6963f7d28e17f72", algo->getHexDigest());
+	}
+
+	void testUpdate4() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("");
+		algo->update("message");
+		algo->update(" ");
+		algo->update("digest");
+		algo->finalize();
+
+		VASSERT_EQ("4", "f96b697d7cb7938d525a2f31aaf161d0", algo->getHexDigest());
+	}
+
+	void testUpdate5() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("abcd");
+		algo->update("");
+		algo->update("efghijklmnop");
+		algo->update("qrstuvwx");
+		algo->update("yz");
+		algo->finalize();
+
+		VASSERT_EQ("5", "c3fcd3d76192e4007dfb496cca67e13b", algo->getHexDigest());
+	}
+
+	void testUpdate6() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012");
+		algo->update("345");
+		algo->update("6");
+		algo->update("7");
+		algo->update("89");
+		algo->finalize();
+
+		VASSERT_EQ("6", "d174ab98d277d9f5a5611c2c9f419d9f", algo->getHexDigest());
+	}
+
+	void testUpdate7() {
+
+		INIT_DIGEST(algo, "md5");
+
+		algo->update("12345678901234567890123456789");
+		algo->update("01234567890123456789012345678901");
+		algo->update("234567890123456789");
+		algo->update("");
+		algo->update("0");
+		algo->finalize();
+
+		VASSERT_EQ("7", "57edf4a22be3c955ac49da2e2107b67a", algo->getHexDigest());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/security/digest/sha1Test.cpp b/vmime-master/tests/security/digest/sha1Test.cpp
new file mode 100644
index 0000000..cbcd1cf
--- /dev/null
+++ b/vmime-master/tests/security/digest/sha1Test.cpp
@@ -0,0 +1,119 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/security/digest/messageDigestFactory.hpp"
+
+
+#define INIT_DIGEST(var, algo) \
+	vmime::shared_ptr <vmime::security::digest::messageDigest> var = \
+		vmime::security::digest::messageDigestFactory::getInstance()->create(algo)
+
+
+
+VMIME_TEST_SUITE_BEGIN(sha1Test)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testFIPS180_1)
+		VMIME_TEST(testFIPS180_2)
+		VMIME_TEST(testFIPS180_3)
+		VMIME_TEST(testReset)
+		VMIME_TEST(testUpdate)
+	VMIME_TEST_LIST_END
+
+
+	// Test suites from FIPS PUB 180-1
+	// http://www.itl.nist.gov/fipspubs/fip180-1.htm
+
+	void testFIPS180_1() {
+
+		INIT_DIGEST(algo, "sha1");
+
+		algo->update("abc");
+		algo->finalize();
+
+		VASSERT_EQ("*", "a9993e364706816aba3e25717850c26c9cd0d89d", algo->getHexDigest());
+	}
+
+	void testFIPS180_2() {
+
+		INIT_DIGEST(algo, "sha1");
+
+		algo->update("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq");
+		algo->finalize();
+
+		VASSERT_EQ("*", "84983e441c3bd26ebaae4aa1f95129e5e54670f1", algo->getHexDigest());
+	}
+
+	void testFIPS180_3() {
+
+		INIT_DIGEST(algo, "sha1");
+
+		vmime::byte_t* buffer = new vmime::byte_t[1000000];
+
+		for (int i = 0 ; i < 1000000 ; ++i) {
+			buffer[i] = 'a';
+		}
+
+		algo->update(buffer, 1000000);
+		algo->finalize();
+
+		delete [] buffer;
+
+		VASSERT_EQ("*", "34aa973cd4c4daa4f61eeb2bdbad27316534016f", algo->getHexDigest());
+	}
+
+	void testReset() {
+
+		INIT_DIGEST(algo, "sha1");
+
+		algo->update("ab");
+		algo->update("c");
+		algo->finalize();
+
+		algo->reset();
+		algo->finalize();
+
+		VASSERT_EQ("*", "da39a3ee5e6b4b0d3255bfef95601890afd80709", algo->getHexDigest());  // empty string
+	}
+
+	void testUpdate() {
+
+		INIT_DIGEST(algo, "sha1");
+
+		algo->update("a");
+		algo->update("");
+		algo->update("bcdbcdecdefd");
+		algo->update("efgef");
+		algo->update("ghfghighijhijkijkljklmklmnlmnomnopnop");
+		algo->update("");
+		algo->update("q");
+		algo->update("");
+		algo->update("");
+		algo->finalize();
+
+		VASSERT_EQ("*", "84983e441c3bd26ebaae4aa1f95129e5e54670f1", algo->getHexDigest());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/testRunner.cpp b/vmime-master/tests/testRunner.cpp
new file mode 100644
index 0000000..f1f13b2
--- /dev/null
+++ b/vmime-master/tests/testRunner.cpp
@@ -0,0 +1,305 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include <sys/time.h>
+#include <time.h>
+
+#include <iostream>
+#include <vector>
+#include <algorithm>
+#include <memory>
+
+#include <cppunit/XmlOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/TestListener.h>
+#include <cppunit/TestResult.h>
+#include <cppunit/TestResultCollector.h>
+#include <cppunit/TestFailure.h>
+#include <cppunit/SourceLine.h>
+#include <cppunit/Exception.h>
+#include <cppunit/tools/XmlDocument.h>
+#include <cppunit/tools/XmlElement.h>
+
+#include "vmime/vmime.hpp"
+#include "vmime/platforms/posix/posixHandler.hpp"
+
+
+class Clock {
+
+public:
+
+	void reset() {
+
+		struct timezone tz;
+
+		gettimeofday(&m_start, &tz);
+	}
+
+	double getDuration() const {
+
+		struct timeval tv;
+		struct timezone tz;
+
+		gettimeofday(&tv, &tz);
+
+		return static_cast <double>(tv.tv_sec - m_start.tv_sec)
+			+ static_cast <double>(tv.tv_usec - m_start.tv_usec) / 1000000.0;
+	}
+
+private:
+
+	struct timeval m_start;
+};
+
+
+class XmlTestListener : public CppUnit::TestListener {
+
+public:
+
+	XmlTestListener()
+		: m_doc("utf-8"),
+		  m_testElt(NULL) {
+
+		m_doc.setRootElement(new CppUnit::XmlElement("TestRun"));
+	}
+
+	void startTest(CppUnit::Test* test) {
+
+		m_testElt = new CppUnit::XmlElement("Test");
+		m_suiteElt.back()->addElement(m_testElt);
+
+		m_testElt->addElement(new CppUnit::XmlElement("Name", test->getName()));
+
+		m_chrono.reset();
+	}
+
+	void addFailure(const CppUnit::TestFailure& failure) {
+
+		CppUnit::XmlElement* failElt = new CppUnit::XmlElement("Failure");
+		m_testElt->addElement(failElt);
+
+		failElt->addElement(
+			new CppUnit::XmlElement("FailureType", failure.isError() ? "Error" : "Assertion")
+		);
+
+		if (failure.sourceLine().isValid()) {
+
+			CppUnit::XmlElement* locElt = new CppUnit::XmlElement("Location");
+			failElt->addElement(locElt);
+
+			locElt->addElement(new CppUnit::XmlElement("File", failure.sourceLine().fileName()));
+			locElt->addElement(new CppUnit::XmlElement("Line", failure.sourceLine().lineNumber()));
+		}
+
+		CppUnit::XmlElement* exElt = new CppUnit::XmlElement("Exception");
+		failElt->addElement(exElt);
+
+		exElt->addElement(new CppUnit::XmlElement("Message", failure.thrownException()->what()));
+	}
+
+	void endTest(CppUnit::Test* /* test */) {
+
+		std::ostringstream ossTime;
+		ossTime << (m_chrono.getDuration() * 1000.0);
+
+		m_testElt->addElement(new CppUnit::XmlElement("Time", ossTime.str()));
+
+		m_testElt = NULL;
+	}
+
+	void startSuite(CppUnit::Test* suite) {
+
+		if (suite->getName() == "All Tests") {
+			return;
+		}
+
+		CppUnit::XmlElement* suiteElt = new CppUnit::XmlElement("Suite");
+
+		if (m_suiteElt.size() == 0) {
+			m_doc.rootElement().addElement(suiteElt);
+		} else {
+			m_suiteElt.back()->addElement(suiteElt);
+		}
+
+		m_suiteElt.push_back(suiteElt);
+
+		suiteElt->addElement(new CppUnit::XmlElement("Name", suite->getName()));
+	}
+
+	void endSuite(CppUnit::Test* /* suite */) {
+
+		if (m_suiteElt.size()) {
+			m_suiteElt.pop_back();
+		}
+	}
+
+	void startTestRun(CppUnit::Test* /* test */, CppUnit::TestResult* /* eventManager */) {
+
+	}
+
+	void endTestRun(CppUnit::Test* /* test */, CppUnit::TestResult* /* eventManager */) {
+
+	}
+
+	void output(std::ostream& os) {
+
+		os << m_doc.toString();
+	}
+
+private:
+
+	Clock m_chrono;
+
+	CppUnit::XmlDocument m_doc;
+	std::vector <CppUnit::XmlElement*> m_suiteElt;
+	CppUnit::XmlElement* m_testElt;
+};
+
+
+
+// see testUtils.hpp
+
+std::vector <std::string>& getTestModules() {
+
+	static std::vector <std::string> allModules;
+	return allModules;
+}
+
+
+void registerTestModule(const char* name_) {
+
+	std::vector <std::string>& testModules = getTestModules();
+	std::string name(name_);
+
+	if (std::find(testModules.begin(), testModules.end(), name) == testModules.end()) {
+		testModules.push_back(name);
+	}
+}
+
+
+const std::string getNormalizedPath(const std::string& path) {
+
+	std::string res = path;
+
+	for (std::size_t i = 0, n = res.length() ; i < n ; ++i) {
+
+		if (res[i] == '\\') {
+			res[i] = '/';
+		}
+	}
+
+	return res;
+}
+
+
+const std::string getFileNameFromPath(const std::string& path) {
+
+	const std::size_t pos = path.find_last_of('/');
+
+	if (pos == std::string::npos) {
+		return "";
+	}
+
+	return path.substr(pos + 1);
+}
+
+
+static char g_moduleNameBuffer[2048];
+
+
+const char* getTestModuleNameFromSourceFile(const char *path_) {
+
+	static const std::string testRunnerPath(getNormalizedPath(__FILE__));
+	static const std::string testRunnerFileName(getFileNameFromPath(testRunnerPath));
+
+	const std::string path = getNormalizedPath(path_);
+
+	// "/path/to/testRunner.cpp" --> "/path/to/"
+	const std::string basePath
+		(testRunnerPath.begin(), testRunnerPath.end() - testRunnerFileName.length());
+
+	// "/path/to/module/testFile.cpp" --> "module/testFile.cpp"
+	const std::string testFileName(getFileNameFromPath(path));
+	const std::string testPath(path.begin() + basePath.length(), path.end());
+
+	// "module/testFile.cpp" --> "module"
+	const std::string moduleName(testPath.substr(0, testPath.length() - testFileName.length() - 1));
+	std::copy(moduleName.begin(), moduleName.end(), g_moduleNameBuffer);
+	g_moduleNameBuffer[moduleName.length()] = 0;
+
+	return g_moduleNameBuffer;
+}
+
+
+int main(int argc, char* argv[]) {
+
+	// Parse arguments
+	bool xmlOutput = false;
+
+	for (int c = 1 ; c < argc ; ++c) {
+
+		const std::string arg = argv[c];
+
+		if (arg == "--xml") {
+			xmlOutput = true;
+		}
+	}
+
+	// Run the tests
+	if (xmlOutput) {
+
+		// Get the test suites from the registry and add them to the list of tests to run
+		CppUnit::TestRunner runner;
+
+		for (unsigned int i = 0 ; i < getTestModules().size() ; ++i) {
+
+			runner.addTest(
+				CppUnit::TestFactoryRegistry::getRegistry(getTestModules()[i]).makeTest()
+			);
+		}
+
+		XmlTestListener xmlListener;
+
+		CppUnit::TestResult controller;
+		controller.addListener(&xmlListener);
+
+		CppUnit::TestResultCollector result;
+		controller.addListener(&result);
+
+		runner.run(controller);
+
+		xmlListener.output(std::cout);
+
+		// Return error code 1 if a test failed
+		return result.wasSuccessful() ? 0 : 1;
+
+	} else {
+
+		// Get the top level suite from the registry
+		CppUnit::TextUi::TestRunner runner;
+		runner.addTest(CppUnit::TestFactoryRegistry::getRegistry().makeTest());
+
+		return runner.run() ? 0 : 1;
+	}
+}
diff --git a/vmime-master/tests/testUtils.cpp b/vmime-master/tests/testUtils.cpp
new file mode 100644
index 0000000..ae75547
--- /dev/null
+++ b/vmime-master/tests/testUtils.cpp
@@ -0,0 +1,404 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "testUtils.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+#include <cstring>
+#include <iostream>
+
+
+// Enable to output socket send/receive on standard output
+#define DEBUG_SOCKET_IN_OUT  0
+
+
+
+// testSocket
+
+void testSocket::connect(const vmime::string& address, const vmime::port_t port) {
+
+	m_address = address;
+	m_port = port;
+	m_connected = true;
+
+	onConnected();
+}
+
+
+void testSocket::disconnect() {
+
+	m_address.clear();
+	m_port = 0;
+	m_connected = false;
+}
+
+
+bool testSocket::isConnected() const {
+
+	return m_connected;
+}
+
+
+vmime::size_t testSocket::getBlockSize() const {
+
+	return 16384;
+}
+
+
+unsigned int testSocket::getStatus() const {
+
+	return 0;
+}
+
+
+const vmime::string testSocket::getPeerName() const {
+
+	return "test.vmime.org";
+}
+
+
+const vmime::string testSocket::getPeerAddress() const {
+
+	return "127.0.0.1";
+}
+
+
+vmime::shared_ptr <vmime::net::timeoutHandler> testSocket::getTimeoutHandler() {
+
+	return vmime::null;
+}
+
+
+void testSocket::setTracer(const vmime::shared_ptr <vmime::net::tracer>& /* tracer */) {
+
+}
+
+
+vmime::shared_ptr <vmime::net::tracer> testSocket::getTracer() {
+
+	return vmime::null;
+}
+
+
+bool testSocket::waitForRead(const int /* msecs */) {
+
+	return true;
+}
+
+
+bool testSocket::waitForWrite(const int /* msecs */) {
+
+	return true;
+}
+
+
+void testSocket::receive(vmime::string& buffer) {
+
+	buffer = m_inBuffer;
+	m_inBuffer.clear();
+}
+
+
+void testSocket::send(const vmime::string& buffer) {
+
+	m_outBuffer += buffer;
+
+	onDataReceived();
+}
+
+
+void testSocket::send(const char* str) {
+
+	sendRaw(reinterpret_cast <const vmime::byte_t*>(str), strlen(str));
+}
+
+
+vmime::size_t testSocket::receiveRaw(vmime::byte_t* buffer, const size_t count) {
+
+	const size_t n = std::min(count, static_cast <size_t>(m_inBuffer.size()));
+
+	std::copy(m_inBuffer.begin(), m_inBuffer.begin() + n, buffer);
+	m_inBuffer.erase(m_inBuffer.begin(), m_inBuffer.begin() + n);
+
+	return  n;
+}
+
+
+void testSocket::sendRaw(const vmime::byte_t* buffer, const size_t count) {
+
+	send(vmime::utility::stringUtils::makeStringFromBytes(buffer, count));
+}
+
+
+vmime::size_t testSocket::sendRawNonBlocking(const vmime::byte_t* buffer, const size_t count) {
+
+	sendRaw(buffer, count);
+	return count;
+}
+
+
+void testSocket::localSend(const vmime::string& buffer) {
+
+	m_inBuffer += buffer;
+
+#if DEBUG_SOCKET_IN_OUT
+	std::cout << "> " << vmime::utility::stringUtils::trim(buffer) << std::endl;
+#endif // DEBUG_SOCKET_IN_OUT
+
+}
+
+
+void testSocket::localReceive(vmime::string& buffer) {
+
+	buffer = m_outBuffer;
+	m_outBuffer.clear();
+}
+
+
+bool testSocket::localReceiveLine(vmime::string& line) {
+
+	vmime::size_t eol;
+
+	if ((eol = m_outBuffer.find('\n')) != vmime::string::npos) {
+
+		line = vmime::string(m_outBuffer.begin(), m_outBuffer.begin() + eol);
+
+		if (!line.empty() && line[line.length() - 1] == '\r') {
+			line.erase(line.end() - 1, line.end());
+		}
+
+		m_outBuffer.erase(m_outBuffer.begin(), m_outBuffer.begin() + eol + 1);
+
+		return true;
+	}
+
+	return false;
+}
+
+
+vmime::size_t testSocket::localReceiveRaw(vmime::byte_t* buffer, const size_t count) {
+
+	const size_t received = std::min(count, static_cast <size_t>(m_outBuffer.size()));
+
+	if (received != 0) {
+
+		if (buffer) {
+			std::copy(m_outBuffer.begin(), m_outBuffer.begin() + received, buffer);
+		}
+
+		m_outBuffer.erase(m_outBuffer.begin(), m_outBuffer.begin() + received);
+	}
+
+	return received;
+}
+
+
+void testSocket::onDataReceived() {
+
+	// Override
+}
+
+
+void testSocket::onConnected() {
+
+	// Override
+}
+
+
+// lineBasedTestSocket
+
+void lineBasedTestSocket::onDataReceived() {
+
+	vmime::string chunk;
+	localReceive(chunk);
+
+	m_buffer += chunk;
+
+	vmime::size_t eol;
+
+	while ((eol = m_buffer.find('\n')) != vmime::string::npos) {
+
+		vmime::string line(std::string(m_buffer.begin(), m_buffer.begin() + eol));
+
+		if (!line.empty() && line[line.length() - 1] == '\r') {
+			line.erase(line.end() - 1, line.end());
+		}
+
+#if DEBUG_SOCKET_IN_OUT
+		std::cout << "< " << vmime::utility::stringUtils::trim(line) << std::endl;
+#endif // DEBUG_SOCKET_IN_OUT
+
+		m_lines.push_back(line);
+		m_buffer.erase(m_buffer.begin(), m_buffer.begin() + eol + 1);
+	}
+
+	while (!m_lines.empty()) {
+		processCommand();
+	}
+}
+
+
+const vmime::string lineBasedTestSocket::getNextLine() {
+
+	const vmime::string line = m_lines.front();
+	m_lines.erase(m_lines.begin(), m_lines.begin() + 1);
+	return line;
+}
+
+
+bool lineBasedTestSocket::haveMoreLines() const {
+
+	return !m_lines.empty();
+}
+
+
+// testTimeoutHandler
+
+testTimeoutHandler::testTimeoutHandler(const unsigned long delay)
+	: m_delay(delay),
+	  m_start(0) {
+
+}
+
+
+bool testTimeoutHandler::isTimeOut() {
+
+	return (vmime::platform::getHandler()->getUnixTime() - m_start) >= m_delay;
+}
+
+
+void testTimeoutHandler::resetTimeOut() {
+
+	m_start = vmime::platform::getHandler()->getUnixTime();
+}
+
+
+bool testTimeoutHandler::handleTimeOut() {
+
+	return false;
+}
+
+
+// testTimeoutHandlerFactory : public vmime::net::timeoutHandlerFactory
+
+vmime::shared_ptr <vmime::net::timeoutHandler> testTimeoutHandlerFactory::create() {
+
+	return vmime::make_shared <testTimeoutHandler>();
+}
+
+
+
+// Exception helper
+std::ostream& operator<<(std::ostream& os, const vmime::exception& e) {
+
+	os << "* vmime::exceptions::" << e.name() << std::endl;
+	os << "    what = " << e.what() << std::endl;
+
+	// More information for special exceptions
+	if (dynamic_cast <const vmime::exceptions::command_error*>(&e)) {
+
+		const vmime::exceptions::command_error& cee =
+			dynamic_cast <const vmime::exceptions::command_error&>(e);
+
+		os << "    command = " << cee.command() << std::endl;
+		os << "    response = " << cee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::invalid_response*>(&e)) {
+
+		const vmime::exceptions::invalid_response& ir =
+			dynamic_cast <const vmime::exceptions::invalid_response&>(e);
+
+		os << "    response = " << ir.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::connection_greeting_error*>(&e)) {
+
+		const vmime::exceptions::connection_greeting_error& cgee =
+			dynamic_cast <const vmime::exceptions::connection_greeting_error&>(e);
+
+		os << "    response = " << cgee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::authentication_error*>(&e)) {
+
+		const vmime::exceptions::authentication_error& aee =
+			dynamic_cast <const vmime::exceptions::authentication_error&>(e);
+
+		os << "    response = " << aee.response() << std::endl;
+	}
+
+	if (dynamic_cast <const vmime::exceptions::filesystem_exception*>(&e)) {
+
+		const vmime::exceptions::filesystem_exception& fse =
+			dynamic_cast <const vmime::exceptions::filesystem_exception&>(e);
+
+		os << "    path = " << vmime::platform::getHandler()->
+			getFileSystemFactory()->pathToString(fse.path()) << std::endl;
+	}
+
+	if (e.other()) {
+		os << *e.other();
+	}
+
+	return os;
+}
+
+
+const vmime::string toHex(const vmime::string str) {
+
+	static const char hexChars[] = "0123456789abcdef";
+
+	vmime::string res = "\n";
+
+	for (size_t i = 0 ; i < str.length() ; i += 16) {
+
+		size_t r = std::min(static_cast <size_t>(16), str.length() - i);
+
+		vmime::string hex;
+		vmime::string chr;
+
+		for (size_t j = 0 ; j < r ; ++j) {
+
+			const unsigned char c = str[i + j];
+
+			hex += hexChars[c / 16];
+			hex += hexChars[c % 16];
+			hex += " ";
+
+			if (c >= 32 && c <= 127)
+				chr += c;
+			else
+				chr += '.';
+		}
+
+		for (size_t j = r ; j < 16 ; ++j) {
+			hex += "   ";
+		}
+
+		res += hex + "  " + chr + "\n";
+	}
+
+	return res;
+}
diff --git a/vmime-master/tests/testUtils.hpp b/vmime-master/tests/testUtils.hpp
new file mode 100644
index 0000000..e6bf1ee
--- /dev/null
+++ b/vmime-master/tests/testUtils.hpp
@@ -0,0 +1,407 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include <ostream>
+#include <iostream>
+#include <sstream>
+#include <vector>
+#include <string>
+
+
+// VMime
+#include "vmime/vmime.hpp"
+
+
+// CppUnit
+#pragma GCC diagnostic ignored "-Wold-style-cast"
+#include <cppunit/TestAssert.h>
+#include <cppunit/extensions/HelperMacros.h>
+#pragma GCC diagnostic warning "-Wold-style-cast"
+
+#define VASSERT(msg, cond) \
+	CPPUNIT_ASSERT_MESSAGE(std::string(msg), cond)
+
+#define VASSERT_TRUE(msg, cond) \
+	VASSERT(msg, cond)
+#define VASSERT_FALSE(msg, cond) \
+	VASSERT(msg, !(cond))
+
+#define VASSERT_NOT_NULL(msg, cond) \
+	VASSERT(msg, cond != NULL)
+#define VASSERT_NULL(msg, cond) \
+	VASSERT(msg, cond == NULL)
+
+#define VASSERT_EQ(msg, expected, actual) \
+	CPPUNIT_ASSERT_EQUAL_MESSAGE(std::string(msg), expected, actual)
+#define VASSERT_NEQ(msg, expected, actual) \
+	CPPUNIT_ASSERT_MESSAGE(std::string(msg), (expected) != (actual))
+
+#define VASSERT_THROW(msg, expression, exceptionType) \
+	CPPUNIT_ASSERT_THROW(expression, exceptionType)
+#define VASSERT_NO_THROW(msg, expression) \
+	CPPUNIT_ASSERT_NO_THROW(expression)
+
+#define VMIME_TEST_SUITE_BEGIN(testSuiteName) \
+	class testSuiteName; \
+	typedef testSuiteName VMIME_TEST_SUITE; \
+	class testSuiteName : public CppUnit::TestFixture { public:
+#define VMIME_TEST_SUITE_END \
+	}; \
+	\
+	/*static CppUnit::AutoRegisterSuite <VMIME_TEST_SUITE>(autoRegisterRegistry1);*/ \
+	/*static CppUnit::AutoRegisterSuite <VMIME_TEST_SUITE>(autoRegisterRegistry2)(VMIME_TEST_SUITE_MODULE);*/ \
+	extern void registerTestModule(const char* name); \
+	extern const char* getTestModuleNameFromSourceFile(const char *path); \
+	template <typename T> \
+	struct AutoRegisterModule { \
+		AutoRegisterModule() { \
+			static const char* moduleName = getTestModuleNameFromSourceFile(__FILE__); \
+			static CppUnit::AutoRegisterSuite <VMIME_TEST_SUITE>(autoRegisterRegistry1); \
+			static CppUnit::AutoRegisterSuite <VMIME_TEST_SUITE>(autoRegisterRegistry2)(moduleName); \
+			registerTestModule(moduleName); \
+		} \
+	}; \
+	static AutoRegisterModule <VMIME_TEST_SUITE> autoRegisterModule;
+
+#define VMIME_TEST_LIST_BEGIN       CPPUNIT_TEST_SUITE(VMIME_TEST_SUITE);
+#define VMIME_TEST_LIST_END         CPPUNIT_TEST_SUITE_END(); public:
+#define VMIME_TEST(name)            CPPUNIT_TEST(name);
+
+
+namespace CppUnit {
+
+	// Work-around for comparing 'std::string' against 'char*'
+	inline void assertEquals(
+		const char* expected,
+		const std::string actual,
+		SourceLine sourceLine,
+		const std::string &message
+	) {
+
+		assertEquals(std::string(expected), actual, sourceLine, message);
+	}
+
+	template <typename X, typename Y>
+	void assertEquals(
+		const X expected,
+		const Y actual,
+		SourceLine sourceLine,
+		const std::string &message
+	) {
+
+		assertEquals(static_cast <Y>(expected), actual, sourceLine, message);
+	}
+}
+
+
+namespace std {
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::charset& ch) {
+
+	os << "[charset: " << ch.getName() << "]";
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::word& w) {
+
+	os << "[word: charset=" << w.getCharset().getName()
+	   << ", buffer=" << w.getBuffer();
+
+	if (!w.getLanguage().empty()) {
+		os << ", lang=" << w.getLanguage();
+	}
+
+	os << "]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::text& txt) {
+
+	os << "[text: [";
+
+	for (size_t i = 0 ; i < txt.getWordCount() ; ++i) {
+
+		const vmime::word& w = *txt.getWordAt(i);
+
+		if (i != 0) {
+			os << ",";
+		}
+
+		os << w;
+	}
+
+	os << "]]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::emailAddress& email) {
+
+	os << email.generate();
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::mailbox& mbox) {
+
+	os << "[mailbox: name=" << mbox.getName() << ", email=" << mbox.getEmail() << "]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::mailboxGroup& group) {
+
+	os << "[mailbox-group: name=" << group.getName() << ", list=[";
+
+	for (size_t i = 0 ; i < group.getMailboxCount() ; ++i) {
+
+		if (i != 0) {
+			os << ",";
+		}
+
+		os << *group.getMailboxAt(i);
+	}
+
+	os << "]]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::addressList& list) {
+
+	os << "[address-list: [";
+
+	for (size_t i = 0 ; i < list.getAddressCount() ; ++i) {
+
+		const vmime::address& addr = *list.getAddressAt(i);
+
+		if (i != 0) {
+			os << ",";
+		}
+
+		if (addr.isGroup()) {
+
+			const vmime::mailboxGroup& group =
+				dynamic_cast <const vmime::mailboxGroup&>(addr);
+
+			os << group;
+
+		} else {
+
+			const vmime::mailbox& mbox =
+				dynamic_cast <const vmime::mailbox&>(addr);
+
+			os << mbox;
+		}
+	}
+
+	os << "]]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::datetime& d) {
+
+	os << "[datetime: " << d.getYear() << "/" << d.getMonth() << "/" << d.getDay();
+	os << " " << d.getHour() << ":" << d.getMinute() << ":" << d.getSecond();
+	os << " #" << d.getZone() << "]";
+
+	return os;
+}
+
+
+inline std::ostream& operator<<(std::ostream& os, const vmime::encoding& enc) {
+
+	os << enc.generate();
+
+	return os;
+}
+
+
+}
+
+
+
+// Used to test network features.
+//
+// This works like a local pipe: client reads and writes data using receive()
+// and send(). Server reads incoming data with localReceive() and sends data
+// to client with localSend().
+
+class testSocket : public vmime::net::socket {
+
+public:
+
+	void connect(const vmime::string& address, const vmime::port_t port);
+	void disconnect();
+
+	bool isConnected() const;
+
+	bool waitForWrite(const int msecs = 30000);
+	bool waitForRead(const int msecs = 30000);
+
+	void receive(vmime::string& buffer);
+	void send(const vmime::string& buffer);
+	void send(const char* str);
+
+	size_t receiveRaw(vmime::byte_t* buffer, const size_t count);
+	void sendRaw(const vmime::byte_t* buffer, const size_t count);
+	size_t sendRawNonBlocking(const vmime::byte_t* buffer, const size_t count);
+
+	size_t getBlockSize() const;
+
+	unsigned int getStatus() const;
+
+	const vmime::string getPeerName() const;
+	const vmime::string getPeerAddress() const;
+
+	vmime::shared_ptr <vmime::net::timeoutHandler> getTimeoutHandler();
+
+	void setTracer(const vmime::shared_ptr <vmime::net::tracer>& tracer);
+	vmime::shared_ptr <vmime::net::tracer> getTracer();
+
+	/** Send data to client.
+	  *
+	  * @param buffer data to send
+	  */
+	void localSend(const vmime::string& buffer);
+
+	/** Receive data from client.
+	  *
+	  * @param buffer buffer in which to store received data
+	  */
+	void localReceive(vmime::string& buffer);
+
+	/** Receive a line from client.
+	  *
+	  * @param buffer buffer in which to store received line
+	  * @return true if a line has been read, or false otherwise
+	  */
+	bool localReceiveLine(vmime::string& buffer);
+
+	/** Receive data from client.
+	  *
+	  * @param buffer buffer in which to store received data
+	  * @param count number of bytes to receive
+	  * @return number of bytes received
+	  */
+	vmime::size_t localReceiveRaw(vmime::byte_t* buffer, const size_t count);
+
+protected:
+
+	/** Called when the client has sent some data.
+	  */
+	virtual void onDataReceived();
+
+	/** Called when the client has connected.
+	  */
+	virtual void onConnected();
+
+private:
+
+	vmime::string m_address;
+	vmime::port_t m_port;
+	bool m_connected;
+
+	vmime::string m_inBuffer;
+	vmime::string m_outBuffer;
+};
+
+
+template <typename T>
+class testSocketFactory : public vmime::net::socketFactory {
+
+public:
+
+	vmime::shared_ptr <vmime::net::socket> create() {
+
+		return vmime::make_shared <T>();
+	}
+
+	vmime::shared_ptr <vmime::net::socket> create(
+		const vmime::shared_ptr <vmime::net::timeoutHandler>& /* th */
+	) {
+
+		return vmime::make_shared <T>();
+	}
+};
+
+
+class lineBasedTestSocket : public testSocket {
+
+public:
+
+	void onDataReceived();
+
+	const vmime::string getNextLine();
+	bool haveMoreLines() const;
+
+	virtual void processCommand() = 0;
+
+private:
+
+	std::vector <vmime::string> m_lines;
+	std::string m_buffer;
+};
+
+
+class testTimeoutHandler : public vmime::net::timeoutHandler {
+
+public:
+
+	testTimeoutHandler(const unsigned long delay = 3);
+
+	bool isTimeOut();
+	void resetTimeOut();
+	bool handleTimeOut();
+
+private:
+
+	unsigned long m_delay;
+	unsigned long m_start;
+};
+
+
+class testTimeoutHandlerFactory : public vmime::net::timeoutHandlerFactory {
+
+public:
+
+	vmime::shared_ptr <vmime::net::timeoutHandler> create();
+};
+
+
+// Exception helper
+std::ostream& operator<<(std::ostream& os, const vmime::exception& e);
+
+
+// Conversion to hexadecimal for easier debugging
+const vmime::string toHex(const vmime::string str);
diff --git a/vmime-master/tests/utility/datetimeUtilsTest.cpp b/vmime-master/tests/utility/datetimeUtilsTest.cpp
new file mode 100644
index 0000000..77ce242
--- /dev/null
+++ b/vmime-master/tests/utility/datetimeUtilsTest.cpp
@@ -0,0 +1,157 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/dateTime.hpp"
+#include "vmime/utility/datetimeUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(datetimeUtilsTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testIsLeapYear)
+		VMIME_TEST(testGetDaysInMonth)
+		VMIME_TEST(testGetDaysInMonthLeapYear)
+		VMIME_TEST(testToUniversalTime)
+		VMIME_TEST(testToLocalTime)
+		VMIME_TEST(testGetDayOfWeek)
+		VMIME_TEST(testGetWeekOfYear)
+	VMIME_TEST_LIST_END
+
+
+	typedef vmime::utility::datetimeUtils datetimeUtils;
+
+
+	void testIsLeapYear() {
+
+		VASSERT_EQ("1", false, datetimeUtils::isLeapYear(1999));
+		VASSERT_EQ("2", false, datetimeUtils::isLeapYear(1800));
+		VASSERT_EQ("3", false, datetimeUtils::isLeapYear(1900));
+		VASSERT_EQ("4", false, datetimeUtils::isLeapYear(2100));
+		VASSERT_EQ("5", false, datetimeUtils::isLeapYear(2200));
+
+		VASSERT_EQ("6", true, datetimeUtils::isLeapYear(1996));
+		VASSERT_EQ("7", true, datetimeUtils::isLeapYear(2000));
+	}
+
+	void testGetDaysInMonth() {
+
+		VASSERT_EQ("1",  31, datetimeUtils::getDaysInMonth(2006, 1));
+		VASSERT_EQ("2",  28, datetimeUtils::getDaysInMonth(2006, 2));
+		VASSERT_EQ("3",  31, datetimeUtils::getDaysInMonth(2006, 3));
+		VASSERT_EQ("4",  30, datetimeUtils::getDaysInMonth(2006, 4));
+		VASSERT_EQ("5",  31, datetimeUtils::getDaysInMonth(2006, 5));
+		VASSERT_EQ("6",  30, datetimeUtils::getDaysInMonth(2006, 6));
+		VASSERT_EQ("7",  31, datetimeUtils::getDaysInMonth(2006, 7));
+		VASSERT_EQ("8",  31, datetimeUtils::getDaysInMonth(2006, 8));
+		VASSERT_EQ("9",  30, datetimeUtils::getDaysInMonth(2006, 9));
+		VASSERT_EQ("10", 31, datetimeUtils::getDaysInMonth(2006, 10));
+		VASSERT_EQ("11", 30, datetimeUtils::getDaysInMonth(2006, 11));
+		VASSERT_EQ("12", 31, datetimeUtils::getDaysInMonth(2006, 12));
+	}
+
+	void testGetDaysInMonthLeapYear() {
+
+		VASSERT_EQ("1",  31, datetimeUtils::getDaysInMonth(2004, 1));
+		VASSERT_EQ("2",  29, datetimeUtils::getDaysInMonth(2004, 2));
+		VASSERT_EQ("3",  31, datetimeUtils::getDaysInMonth(2004, 3));
+		VASSERT_EQ("4",  30, datetimeUtils::getDaysInMonth(2004, 4));
+		VASSERT_EQ("5",  31, datetimeUtils::getDaysInMonth(2004, 5));
+		VASSERT_EQ("6",  30, datetimeUtils::getDaysInMonth(2004, 6));
+		VASSERT_EQ("7",  31, datetimeUtils::getDaysInMonth(2004, 7));
+		VASSERT_EQ("8",  31, datetimeUtils::getDaysInMonth(2004, 8));
+		VASSERT_EQ("9",  30, datetimeUtils::getDaysInMonth(2004, 9));
+		VASSERT_EQ("10", 31, datetimeUtils::getDaysInMonth(2004, 10));
+		VASSERT_EQ("11", 30, datetimeUtils::getDaysInMonth(2004, 11));
+		VASSERT_EQ("12", 31, datetimeUtils::getDaysInMonth(2004, 12));
+	}
+
+	void testToUniversalTime() {
+
+		const vmime::datetime local(2005, 12, 2, 12, 34, 56, -789);
+
+		const vmime::datetime gmt = datetimeUtils::toUniversalTime(local);
+
+		// 789 is 13 hours, 9 minutes later
+		VASSERT_EQ("1", 2005, gmt.getYear());
+		VASSERT_EQ("2",   12, gmt.getMonth());
+		VASSERT_EQ("3",    3, gmt.getDay());
+		VASSERT_EQ("4",    1, gmt.getHour());
+		VASSERT_EQ("5",   43, gmt.getMinute());
+		VASSERT_EQ("6",   56, gmt.getSecond());
+		VASSERT_EQ("7",    0, gmt.getZone());
+	}
+
+	void testToLocalTime() {
+
+		const vmime::datetime date(2005, 12, 2, 12, 34, 56, -120); // GMT-2
+
+		const vmime::datetime local = datetimeUtils::toLocalTime(date, 120); // GMT+2
+
+		VASSERT_EQ("1", 2005, local.getYear());
+		VASSERT_EQ("2",   12, local.getMonth());
+		VASSERT_EQ("3",    2, local.getDay());
+		VASSERT_EQ("4",   16, local.getHour());
+		VASSERT_EQ("5",   34, local.getMinute());
+		VASSERT_EQ("6",   56, local.getSecond());
+		VASSERT_EQ("7",  120, local.getZone());
+	}
+
+	void testGetDayOfWeek() {
+
+		VASSERT_EQ("1", vmime::datetime::WEDNESDAY, datetimeUtils::getDayOfWeek(1969, 12, 31));
+		VASSERT_EQ("2", vmime::datetime::FRIDAY,    datetimeUtils::getDayOfWeek(1976,  4,  9));
+		VASSERT_EQ("3", vmime::datetime::TUESDAY,   datetimeUtils::getDayOfWeek(1987,  6, 23));
+		VASSERT_EQ("4", vmime::datetime::SATURDAY,  datetimeUtils::getDayOfWeek(1990,  1, 13));
+		VASSERT_EQ("5", vmime::datetime::MONDAY,    datetimeUtils::getDayOfWeek(1999,  9, 20));
+		VASSERT_EQ("6", vmime::datetime::THURSDAY,  datetimeUtils::getDayOfWeek(2003,  2, 27));
+		VASSERT_EQ("7", vmime::datetime::SATURDAY,  datetimeUtils::getDayOfWeek(2005, 11, 19));
+		VASSERT_EQ("8", vmime::datetime::WEDNESDAY, datetimeUtils::getDayOfWeek(2012,  5, 16));
+		VASSERT_EQ("9", vmime::datetime::FRIDAY,    datetimeUtils::getDayOfWeek(2027,  3, 12));
+	}
+
+	void testGetWeekOfYear() {
+
+		VASSERT_EQ("1.1", 52, datetimeUtils::getWeekOfYear(2003, 12, 27));
+		VASSERT_EQ("1.2", 52, datetimeUtils::getWeekOfYear(2003, 12, 28));
+		VASSERT_EQ("1.3",  1, datetimeUtils::getWeekOfYear(2003, 12, 29, true));
+		VASSERT_EQ("1.4", 53, datetimeUtils::getWeekOfYear(2003, 12, 29, false));
+		VASSERT_EQ("1.5",  1, datetimeUtils::getWeekOfYear(2004,  1,  4));
+		VASSERT_EQ("1.6",  2, datetimeUtils::getWeekOfYear(2004,  1,  5));
+		VASSERT_EQ("1.7",  2, datetimeUtils::getWeekOfYear(2004,  1, 11));
+
+		VASSERT_EQ("2.1", 52, datetimeUtils::getWeekOfYear(2004, 12, 26));
+		VASSERT_EQ("2.2", 53, datetimeUtils::getWeekOfYear(2004, 12, 27));
+		VASSERT_EQ("2.3", 53, datetimeUtils::getWeekOfYear(2005,  1,  2));
+		VASSERT_EQ("2.4",  1, datetimeUtils::getWeekOfYear(2005,  1,  3));
+		VASSERT_EQ("2.5",  1, datetimeUtils::getWeekOfYear(2005,  1,  4));
+		VASSERT_EQ("2.6",  2, datetimeUtils::getWeekOfYear(2005,  1, 11));
+
+		VASSERT_EQ("3.1",  9, datetimeUtils::getWeekOfYear(2027,  3,  7));
+		VASSERT_EQ("3.2", 10, datetimeUtils::getWeekOfYear(2027,  3,  8));
+		VASSERT_EQ("3.3", 10, datetimeUtils::getWeekOfYear(2027,  3, 14));
+		VASSERT_EQ("3.4", 11, datetimeUtils::getWeekOfYear(2027,  3, 15));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/encoder/b64EncoderTest.cpp b/vmime-master/tests/utility/encoder/b64EncoderTest.cpp
new file mode 100644
index 0000000..36fa61a
--- /dev/null
+++ b/vmime-master/tests/utility/encoder/b64EncoderTest.cpp
@@ -0,0 +1,168 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "encoderTestUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(b64EncoderTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testBase64)
+	VMIME_TEST_LIST_END
+
+
+	void testBase64() {
+
+		static const vmime::string testSuites[] = {
+
+			// Test 1
+			"",
+
+			"",
+
+			// Test 2
+			"A",
+
+			"QQ==",
+
+			// Test 3
+			"AB",
+
+			"QUI=",
+
+			// Test 4
+			"ABC",
+
+			"QUJD",
+
+			// Test 5
+			"foo",
+
+			"Zm9v",
+
+			// Test 6
+			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+
+			"QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAx"
+			"MjM0NTY3ODk=",
+
+			// Test 7
+			vmime::string(
+			"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+			"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+			"\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
+			"\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
+			"\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
+			"\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
+			"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
+			"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
+			"\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
+			"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+			"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+			"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+			"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
+			"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef"
+			"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
+			256),
+
+			"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1"
+			"Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWpr"
+			"bG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6Ch"
+			"oqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX"
+			"2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w=="
+		};
+
+
+		for (unsigned int i = 0 ; i < sizeof(testSuites) / sizeof(testSuites[0]) / 2 ; ++i) {
+
+			const vmime::string decoded = testSuites[i * 2];
+			const vmime::string encoded = testSuites[i * 2 + 1];
+
+			std::ostringstream oss;
+			oss << "[Base64] Test " << (i + 1) << ": ";
+
+			// Encoding
+			VASSERT_EQ(oss.str() + "encoding", encoded, encode("base64", decoded));
+
+			// Decoding
+			VASSERT_EQ(oss.str() + "decoding", decoded, decode("base64", encoded));
+
+			// Multiple and successive encoding/decoding
+			VASSERT_EQ(
+				oss.str() + "multiple1",
+				decoded,
+				decode("base64",
+					encode("base64", decoded))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple2",
+				decoded,
+				decode("base64",
+					decode("base64",
+						encode("base64",
+							encode("base64", decoded))))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple3",
+				decoded,
+				decode("base64",
+					decode("base64",
+						decode("base64",
+							encode("base64",
+								encode("base64",
+									encode("base64", decoded))))))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple4",
+				decoded,
+				decode("base64",
+					decode("base64",
+						decode("base64",
+							decode("base64",
+								encode("base64",
+									encode("base64",
+										encode("base64",
+											encode("base64", decoded))))))))
+			);
+
+			VASSERT(
+				oss.str() + "encoded size",
+				getEncoder("base64")->getEncodedSize(decoded.length())
+					>= encode("base64", decoded).length()
+			);
+
+			VASSERT(
+				oss.str() + "decoded size",
+				getEncoder("base64")->getDecodedSize(encoded.length())
+					>= decode("base64", encoded).length()
+			);
+		}
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/encoder/encoderFactoryTest.cpp b/vmime-master/tests/utility/encoder/encoderFactoryTest.cpp
new file mode 100644
index 0000000..916706c
--- /dev/null
+++ b/vmime-master/tests/utility/encoder/encoderFactoryTest.cpp
@@ -0,0 +1,63 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/encoder/noopEncoder.hpp"
+
+
+
+VMIME_TEST_SUITE_BEGIN(encoderFactoryTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testNoDefaultEncoder)
+		VMIME_TEST(testDefaultEncoder)
+	VMIME_TEST_LIST_END
+
+
+	void testNoDefaultEncoder() {
+
+		vmime::shared_ptr <vmime::utility::encoder::encoderFactory> ef =
+			vmime::utility::encoder::encoderFactory::getInstance();
+
+		VASSERT_THROW(
+			"no default encoder",
+			ef->create("non-existing-encoding"),
+			vmime::exceptions::no_encoder_available
+		);
+	}
+
+	void testDefaultEncoder() {
+
+		vmime::shared_ptr <vmime::utility::encoder::encoderFactory> ef =
+			vmime::utility::encoder::encoderFactory::getInstance();
+
+		ef->setDefaultEncoder(vmime::make_shared <vmime::utility::encoder::noopEncoder>());
+
+		VASSERT_NO_THROW(
+			"default encoder",
+			ef->create("non-existing-encoding")
+		);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/encoder/encoderTestUtils.hpp b/vmime-master/tests/utility/encoder/encoderTestUtils.hpp
new file mode 100644
index 0000000..cc1141c
--- /dev/null
+++ b/vmime-master/tests/utility/encoder/encoderTestUtils.hpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+
+// Helper function to obtain an encoder given its name
+static vmime::shared_ptr <vmime::utility::encoder::encoder> getEncoder(
+	const vmime::string& name,
+	int maxLineLength = 0,
+	const vmime::propertySet props = vmime::propertySet()
+) {
+
+	vmime::shared_ptr <vmime::utility::encoder::encoder> enc =
+		vmime::utility::encoder::encoderFactory::getInstance()->create(name);
+
+	enc->getProperties() = props;
+
+	if (maxLineLength != 0) {
+		enc->getProperties()["maxlinelength"] = maxLineLength;
+	}
+
+	return enc;
+}
+
+
+// Encoding helper function
+static const vmime::string encode(
+	const vmime::string& name, const vmime::string& in,
+	int maxLineLength = 0,
+	const vmime::propertySet props = vmime::propertySet()
+) {
+
+	vmime::shared_ptr <vmime::utility::encoder::encoder> enc = getEncoder(name, maxLineLength, props);
+
+	vmime::utility::inputStreamStringAdapter vin(in);
+
+	std::ostringstream out;
+	vmime::utility::outputStreamAdapter vout(out);
+
+	enc->encode(vin, vout);
+
+	return (out.str());
+}
+
+
+// Decoding helper function
+static const vmime::string decode(
+	const vmime::string& name,
+	const vmime::string& in,
+	int maxLineLength = 0
+) {
+
+	vmime::shared_ptr <vmime::utility::encoder::encoder> enc = getEncoder(name, maxLineLength);
+
+	vmime::utility::inputStreamStringAdapter vin(in);
+
+	std::ostringstream out;
+	vmime::utility::outputStreamAdapter vout(out);
+
+	enc->decode(vin, vout);
+
+	return (out.str());
+}
diff --git a/vmime-master/tests/utility/encoder/qpEncoderTest.cpp b/vmime-master/tests/utility/encoder/qpEncoderTest.cpp
new file mode 100644
index 0000000..e476947
--- /dev/null
+++ b/vmime-master/tests/utility/encoder/qpEncoderTest.cpp
@@ -0,0 +1,275 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "encoderTestUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(qpEncoderTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testQuotedPrintable)
+		VMIME_TEST(testQuotedPrintable_SoftLineBreaks)
+		VMIME_TEST(testQuotedPrintable_HardLineBreakEncode)
+		VMIME_TEST(testQuotedPrintable_HardLineBreakDecode)
+		VMIME_TEST(testQuotedPrintable_CRLF)
+		VMIME_TEST(testQuotedPrintable_RFC2047)
+	VMIME_TEST_LIST_END
+
+
+	void testQuotedPrintable() {
+
+		static const vmime::string testSuites[] = {
+
+			// Test 1
+			"",
+
+			"",
+
+			// Test 2
+			"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+
+			"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+
+			// Test 3
+			"0123456789012345678901234567890123456789012345678901234567890123456789012"
+			"3456789012345678901234567890123456789012345678901234567890123456789012345"
+			"6789",
+
+			"0123456789012345678901234567890123456789012345678901234567890123456789012=\r\n"
+			"3456789012345678901234567890123456789012345678901234567890123456789012345=\r\n"
+			"6789",
+
+			// Test 4
+			vmime::string(
+			"\x89\xe8\x24\x04\x2f\xe8\xff\xfb\xeb\xff\x90\xd7\x74\x8d\x00\x26\x89\x55"
+			"\x83\xe5\x08\xec\x04\xc7\xa0\x24\x05\xa2\xe8\x08\x43\xee\x00\x00\xc0\x85"
+			"\x0a\x74\xec\x89\xc3\x5d\xb6\x8d\x00\x00\x00\x00\x04\xc7\xa8\x24\x05\xa2"
+			"\xe8\x08\x43\xd4\x00\x00\xe8\xeb\xf6\x89\x89\x55\x81\xe5\xa8\xec\x00\x00"
+			"\x89\x00\xfc\x75\x75\x8b\x89\x08\xf8\x5d\xb9\xe8\xff\xff\x83\xff\x14\xfe"
+			"\x47\x74\xc0\x31\x9d\x8d\xff\x68\xff\xff\x85\x89\xff\x68\xff\xff\x85\x8d"
+			"\xff\x6c\xff\xff\x04\x89\xe8\x24\xfa\x50\xff\xff\x45\xc7\x00\xec\x00\x00"
+			"\x31\x00\x89\xc0\x24\x44\x89\x08\x24\x5c\x89\x04\x24\x34\x87\xe8\xff\xf6"
+			"\x89\xff\x24\x34\x2f\xe8\xff\xf9\x8b\xff\xf8\x5d\x75\x8b\x89\xfc\x5d\xec"
+			"\xbe\xc3\x00\x13\x00\x00\xe7\xeb\xb6\x8d\x00\x00\x00\x00\x89\x55\x57\xe5"
+			"\x53\x56\xec\x81\x01\xdc\x00\x00\x45\xbb\x05\x5c\x8b\x08\x0c\x55\xe4\x83"
+			"\x8b\xf0\x89\x02\x24\x5c\xc7\x04\x24\x04\x00\x06\x00\x00\xec\xa3\x05\xa9"
+			"\xe8\x08\xf7\x2a\xff\xff\x04\xc7\x46\x24\x05\x5c\xb9\x08\x5c\x50\x08\x05"
+			"\x4c\x89\x04\x24\xf5\xe8\xff\xf7\xc7\xff\x24\x04\x5c\x46\x08\x05\xe9\xe8"
+			"\xff\xf8\xc7\xff\x24\x04\x1d\x70\x08\x05\x55\xe8\x00\xbb\xb8\x00\x00\x01"
+			"\x00\x00\xd2\x31\x08\xa3\x05\xa7\xb8\x08\x00\x01\x00\x00\x0c\xa3\x05\xa7",
+			18 * 16),
+
+			"=89=E8$=04/=E8=FF=FB=EB=FF=90=D7t=8D=00&=89U=83=E5=08=EC=04=C7=A0$=05=A2=E8=\r\n"
+			"=08C=EE=00=00=C0=85=0At=EC=89=C3]=B6=8D=00=00=00=00=04=C7=A8$=05=A2=E8=08=\r\n"
+			"C=D4=00=00=E8=EB=F6=89=89U=81=E5=A8=EC=00=00=89=00=FCuu=8B=89=08=F8]=B9=E8=\r\n"
+			"=FF=FF=83=FF=14=FEGt=C01=9D=8D=FFh=FF=FF=85=89=FFh=FF=FF=85=8D=FFl=FF=FF=04=\r\n"
+			"=89=E8$=FAP=FF=FFE=C7=00=EC=00=001=00=89=C0$D=89=08$\\=89=04$4=87=E8=FF=F6=\r\n"
+			"=89=FF$4/=E8=FF=F9=8B=FF=F8]u=8B=89=FC]=EC=BE=C3=00=13=00=00=E7=EB=B6=8D=00=\r\n"
+			"=00=00=00=89UW=E5SV=EC=81=01=DC=00=00E=BB=05\\=8B=08=0CU=E4=83=8B=F0=89=02=\r\n"
+			"$\\=C7=04$=04=00=06=00=00=EC=A3=05=A9=E8=08=F7*=FF=FF=04=C7F$=05\\=B9=08\\P=08=\r\n"
+			"=05L=89=04$=F5=E8=FF=F7=C7=FF$=04\\F=08=05=E9=E8=FF=F8=C7=FF$=04=1Dp=08=05=\r\n"
+			"U=E8=00=BB=B8=00=00=01=00=00=D21=08=A3=05=A7=B8=08=00=01=00=00=0C=A3=05=A7=\r\n"
+		};
+
+
+		for (unsigned int i = 0 ; i < sizeof(testSuites) / sizeof(testSuites[0]) / 2 ; ++i) {
+
+			const vmime::string decoded = testSuites[i * 2];
+			const vmime::string encoded = testSuites[i * 2 + 1];
+
+			std::ostringstream oss;
+			oss << "[QP] Test " << (i + 1) << ": ";
+
+			// Encoding
+			VASSERT_EQ(oss.str() + "encoding", encoded, encode("quoted-printable", decoded, 74));
+
+			// Decoding
+			VASSERT_EQ(oss.str() + "decoding", decoded, decode("quoted-printable", encoded, 74));
+
+			// Multiple and successive encoding/decoding
+			VASSERT_EQ(
+				oss.str() + "multiple1",
+				decoded,
+				decode("quoted-printable",
+					encode("quoted-printable", decoded))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple2",
+				decoded,
+				decode("quoted-printable",
+					decode("quoted-printable",
+						encode("quoted-printable",
+							encode("quoted-printable", decoded))))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple3",
+				decoded,
+				decode("quoted-printable",
+					decode("quoted-printable",
+						decode("quoted-printable",
+							encode("quoted-printable",
+								encode("quoted-printable",
+									encode("quoted-printable", decoded))))))
+			);
+
+			VASSERT_EQ(
+				oss.str() + "multiple4",
+				decoded,
+				decode("quoted-printable",
+					decode("quoted-printable",
+						decode("quoted-printable",
+							decode("quoted-printable",
+								encode("quoted-printable",
+									encode("quoted-printable",
+										encode("quoted-printable",
+											encode("quoted-printable", decoded))))))))
+			);
+
+			VASSERT(
+				oss.str() + "encoded size",
+				getEncoder("quoted-printable")->getEncodedSize(decoded.length())
+					>= encode("quoted-printable", decoded).length()
+			);
+
+			VASSERT(
+				oss.str() + "decoded size",
+				getEncoder("quoted-printable")->getDecodedSize(encoded.length())
+					>= decode("quoted-printable", encoded).length()
+			);
+		}
+	}
+
+	/** Tests Soft Line Breaks (RFC-2047/6.7(5). */
+	void testQuotedPrintable_SoftLineBreaks() {
+
+		VASSERT_EQ(
+			"1",
+			"Now's the time=\r\n"
+			" for all folk =\r\n"
+			"to come to the=\r\n"
+			" aid of their =\r\n"
+			"country.",
+			encode(
+				"quoted-printable",
+				"Now's the time for all folk "
+				"to come to the aid of their country.",
+				15
+			)
+		);
+	}
+
+	void testQuotedPrintable_HardLineBreakEncode() {
+
+		const std::string data =
+			"If you believe that truth=beauty,"
+			" then surely mathematics\r\nis the most"
+			" beautiful branch of philosophy.";
+
+		const std::string expected =
+			"If you believe that truth=3Dbeauty=\r\n"
+			", then surely mathematics\r\n"
+			"is the most beautiful branch of ph=\r\n"
+			"ilosophy.";
+
+		vmime::propertySet encProps;
+		encProps["text"] = true;
+
+		VASSERT_EQ("1", expected, encode("quoted-printable", data, 35, encProps));
+	}
+
+	void testQuotedPrintable_HardLineBreakDecode() {
+
+		const std::string expected =
+			"If you believe that truth=beauty,"
+			" then surely mathematics\r\nis the most"
+			" beautiful branch of philosophy.";
+
+		const std::string data =
+			"If you believe that truth=3Dbeauty=\r\n"
+			", then surely mathematics\r\n"
+			"is the most beautiful branch of ph=\r\n"
+			"ilosophy.";
+
+		VASSERT_EQ("1", expected, decode("quoted-printable", data, 35));
+	}
+
+
+	/** In text mode, ensure line breaks in QP-encoded text are represented
+	  * by a CRLF sequence, as per RFC-2047/6.7(4). */
+	void testQuotedPrintable_CRLF() {
+
+		vmime::propertySet encProps;
+
+		// in "text" mode
+		encProps["text"] = true;
+		VASSERT_EQ(
+			"text",
+			"line1\r\nline2",
+			encode("quoted-printable", "line1\r\nline2", 80, encProps)
+		);
+
+		// in "binary" mode
+		encProps["text"] = false;
+		VASSERT_EQ(
+			"binary",
+			"line1=0D=0Aline2",
+			encode("quoted-printable", "line1\r\nline2", 80, encProps)
+		);
+	}
+
+	void testQuotedPrintable_RFC2047() {
+
+		/*
+		 * The RFC (http://tools.ietf.org/html/rfc2047#section-5) says:
+		 *
+		 *    In this case the set of characters that may be used in a "Q"-encoded
+		 *    'encoded-word' is restricted to: <upper and lower case ASCII
+		 *    letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_"
+		 *    (underscore, ASCII 95.)>.  An 'encoded-word' that appears within a
+		 *    'phrase' MUST be separated from any adjacent 'word', 'text' or
+		 *    'special' by 'linear-white-space'.
+		 */
+
+		vmime::propertySet encProps;
+		encProps["rfc2047"] = true;
+
+		// Ensure 'especials' are encoded
+		VASSERT_EQ("especials.1",  "=2C", encode("quoted-printable", ",", 10, encProps));
+		VASSERT_EQ("especials.2",  "=3B", encode("quoted-printable", ";", 10, encProps));
+		VASSERT_EQ("especials.3",  "=3A", encode("quoted-printable", ":", 10, encProps));
+		VASSERT_EQ("especials.4",  "=5F", encode("quoted-printable", "_", 10, encProps));
+		VASSERT_EQ("especials.5",  "=40", encode("quoted-printable", "@", 10, encProps));
+		VASSERT_EQ("especials.6",  "=28", encode("quoted-printable", "(", 10, encProps));
+		VASSERT_EQ("especials.7",  "=29", encode("quoted-printable", ")", 10, encProps));
+		VASSERT_EQ("especials.8",  "=3C", encode("quoted-printable", "<", 10, encProps));
+		VASSERT_EQ("especials.9",  "=3E", encode("quoted-printable", ">", 10, encProps));
+		VASSERT_EQ("especials.10", "=5B", encode("quoted-printable", "[", 10, encProps));
+		VASSERT_EQ("especials.11", "=5D", encode("quoted-printable", "]", 10, encProps));
+		VASSERT_EQ("especials.12", "=22", encode("quoted-printable", "\"", 10, encProps));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/filteredStreamTest.cpp b/vmime-master/tests/utility/filteredStreamTest.cpp
new file mode 100644
index 0000000..ff3fb6a
--- /dev/null
+++ b/vmime-master/tests/utility/filteredStreamTest.cpp
@@ -0,0 +1,341 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/filteredStream.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(filteredStreamTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testDotFilteredInputStream)
+		VMIME_TEST(testDotFilteredOutputStream)
+		VMIME_TEST(testCRLFToLFFilteredOutputStream)
+		VMIME_TEST(testStopSequenceFilteredInputStream1)
+		VMIME_TEST(testStopSequenceFilteredInputStreamN_2)
+		VMIME_TEST(testStopSequenceFilteredInputStreamN_3)
+		VMIME_TEST(testLFToCRLFFilteredOutputStream_Global)
+		VMIME_TEST(testLFToCRLFFilteredOutputStream_Edge)
+	VMIME_TEST_LIST_END
+
+
+	class chunkInputStream : public vmime::utility::inputStream {
+
+	private:
+
+		std::vector <std::string> m_chunks;
+		size_t m_index;
+
+	public:
+
+		chunkInputStream() : m_index(0) { }
+
+		void addChunk(const std::string& chunk) { m_chunks.push_back(chunk); }
+
+		bool eof() const { return (m_index >= m_chunks.size()); }
+		void reset() { m_index = 0; }
+
+		vmime::size_t read(vmime::byte_t* const data, const vmime::size_t /* count */) {
+
+			if (eof()) {
+				return 0;
+			}
+
+			const std::string chunk = m_chunks[m_index];
+
+			// Warning: 'count' should be larger than chunk length.
+			// This is OK for our tests.
+			std::copy(chunk.begin(), chunk.end(), data);
+
+			++m_index;
+
+			return chunk.length();
+		}
+
+		vmime::size_t skip(const vmime::size_t /* count */) {
+
+			// Not supported
+			return 0;
+		}
+	};
+
+
+	const std::string readWhole(vmime::utility::inputStream& is) {
+
+		vmime::byte_t buffer[256];
+		std::string whole;
+
+		while (!is.eof()) {
+
+			const vmime::size_t read = is.read(buffer, sizeof(buffer));
+
+			whole += vmime::utility::stringUtils::makeStringFromBytes(buffer, read);
+		}
+
+		return whole;
+	}
+
+
+	// dotFilteredInputStream
+
+	void testDotFilteredInputStreamHelper(
+		const std::string& number,
+		const std::string& expected,
+		const std::string& c1,
+		const std::string& c2 = "",
+		const std::string& c3 = "",
+		const std::string& c4 = ""
+	) {
+
+		chunkInputStream cis;
+		cis.addChunk(c1);
+		if (!c2.empty()) cis.addChunk(c2);
+		if (!c3.empty()) cis.addChunk(c3);
+		if (!c4.empty()) cis.addChunk(c4);
+
+		vmime::utility::dotFilteredInputStream is(cis);
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter os(oss);
+
+		vmime::utility::bufferedStreamCopy(is, os);
+
+		VASSERT_EQ(number, expected, oss.str());
+	}
+
+	void testDotFilteredInputStream() {
+
+		testDotFilteredInputStreamHelper("1", "foo\n.bar", "foo\n..bar");
+		testDotFilteredInputStreamHelper("2", "foo\n.bar", "foo\n", "..bar");
+		testDotFilteredInputStreamHelper("3", "foo\n.bar", "foo\n.", ".bar");
+		testDotFilteredInputStreamHelper("4", "foo\n.bar", "foo\n..", "bar");
+		testDotFilteredInputStreamHelper("5", "foo\n.bar", "foo\n", ".", ".bar");
+		testDotFilteredInputStreamHelper("6", "foo\n.bar", "foo\n", ".", ".", "bar");
+
+		testDotFilteredInputStreamHelper("7", "\x0d\x0a.", "\x0d\x0a..");
+		testDotFilteredInputStreamHelper("8", "\x0d\x0a.\x0d\x0a", "\x0d\x0a..\x0d\x0a");
+		testDotFilteredInputStreamHelper("9", "\x0d\x0a.\x0d\x0a.", "\x0d\x0a..\x0d\x0a.");
+		testDotFilteredInputStreamHelper("10", "\x0d\x0a.\x0d\x0a.\x0d\x0ax", "\x0d\x0a..\x0d\x0a.\x0d\x0ax");
+		testDotFilteredInputStreamHelper("11", "this is the first line\x0d\x0a.\x0d\x0aone dot\x0d\x0a..\x0d\x0atwo dots\x0d\x0a...\x0d\x0athree... \x0d\x0a.\x0d\x0a.\x0d\x0a", "this is the first line\x0d\x0a..\x0d\x0aone dot\x0d\x0a...\x0d\x0atwo dots\x0d\x0a....\x0d\x0athree... \x0d\x0a..\x0d\x0a.\x0d\x0a");
+	}
+
+	// dotFilteredOutputStream
+	// CRLFToLFFilteredOutputStream
+
+	template <typename FILTER>
+	void testFilteredOutputStreamHelper(
+		const std::string& number,
+		const std::string& expected,
+		const std::string& c1,
+		const std::string& c2 = "",
+		const std::string& c3 = "",
+		const std::string& c4 = ""
+	) {
+
+		std::ostringstream oss;
+		vmime::utility::outputStreamAdapter os(oss);
+
+		FILTER fos(os);
+
+		fos.write(c1.data(), c1.length());
+		if (!c2.empty()) fos.write(c2.data(), c2.length());
+		if (!c3.empty()) fos.write(c3.data(), c3.length());
+		if (!c4.empty()) fos.write(c4.data(), c4.length());
+
+		VASSERT_EQ(number, expected, oss.str());
+	}
+
+	void testDotFilteredOutputStream() {
+
+		typedef vmime::utility::dotFilteredOutputStream FILTER;
+
+		testFilteredOutputStreamHelper<FILTER>("1", "foo\n..bar", "foo\n.bar");
+		testFilteredOutputStreamHelper<FILTER>("2", "foo\n..bar", "foo\n", ".bar");
+		testFilteredOutputStreamHelper<FILTER>("3", "foo\n..bar", "foo", "\n.bar");
+		testFilteredOutputStreamHelper<FILTER>("4", "foo\n..bar", "foo", "\n", ".bar");
+		testFilteredOutputStreamHelper<FILTER>("5", "foo\n..bar", "foo", "\n", ".", "bar");
+
+		testFilteredOutputStreamHelper<FILTER>("6", "..\nfoobar", ".\nfoobar");
+		testFilteredOutputStreamHelper<FILTER>("7", "..\r\nfoobar", ".\r\nfoobar");
+		testFilteredOutputStreamHelper<FILTER>("8", "..\r\nfoobar", ".\r", "\nfoobar");
+		testFilteredOutputStreamHelper<FILTER>("9", ".foobar", ".foobar");
+		testFilteredOutputStreamHelper<FILTER>("10", ".foobar", ".", "foobar");
+
+		testFilteredOutputStreamHelper<FILTER>("11", "this is the first line\x0d\x0a...\x0d\x0aone dot\x0d\x0a....\x0d\x0atwo dots\x0d\x0a.....\x0d\x0athree... \x0d\x0a...\x0d\x0a..\x0d\x0a", "this is the first line\x0d\x0a..\x0d\x0aone dot\x0d\x0a...\x0d\x0atwo dots\x0d\x0a....\x0d\x0athree... \x0d\x0a..\x0d\x0a.\x0d\x0a");
+	}
+
+	void testCRLFToLFFilteredOutputStream() {
+
+		typedef vmime::utility::CRLFToLFFilteredOutputStream FILTER;
+
+		testFilteredOutputStreamHelper<FILTER>("1", "foo\nbar", "foo\r\nbar");
+		testFilteredOutputStreamHelper<FILTER>("2", "foo\nbar", "foo\r\n", "bar");
+		testFilteredOutputStreamHelper<FILTER>("3", "foo\nbar", "foo\r", "\nbar");
+		testFilteredOutputStreamHelper<FILTER>("4", "foo\nbar", "foo", "\r\nbar");
+		testFilteredOutputStreamHelper<FILTER>("5", "foo\nbar", "foo", "\r", "\nbar");
+		testFilteredOutputStreamHelper<FILTER>("6", "foo\nbar", "foo", "\r", "\n", "bar");
+		testFilteredOutputStreamHelper<FILTER>("7", "foo\nba\nr", "foo\r", "\nba\r\nr");
+	}
+
+	// stopSequenceFilteredInputStream
+
+	template <int N>
+	void testStopSequenceFISHelper(
+		const std::string& number,
+		const std::string& sequence,
+		const std::string& expected,
+		const std::string& c1,
+		const std::string& c2 = "",
+		const std::string& c3 = "",
+		const std::string& c4 = "",
+		const std::string& c5 = ""
+	) {
+
+		chunkInputStream cis;
+		cis.addChunk(c1);
+		if (!c2.empty()) cis.addChunk(c2);
+		if (!c3.empty()) cis.addChunk(c3);
+		if (!c4.empty()) cis.addChunk(c4);
+		if (!c5.empty()) cis.addChunk(c5);
+
+		vmime::utility::stopSequenceFilteredInputStream <N> is(cis, sequence.data());
+
+		VASSERT_EQ(number, expected, readWhole(is));
+	}
+
+	void testStopSequenceFilteredInputStream1() {
+
+		testStopSequenceFISHelper <1>("1", "x", "foo", "fooxbar");
+		testStopSequenceFISHelper <1>("2", "x", "foo", "foox", "bar");
+		testStopSequenceFISHelper <1>("3", "x", "foo", "foo", "x", "bar");
+		testStopSequenceFISHelper <1>("4", "x", "foo", "fo", "o", "x", "bar");
+		testStopSequenceFISHelper <1>("5", "x", "foo", "fo", "o", "x", "b", "ar");
+
+		testStopSequenceFISHelper <1>("6", "x", "foobar", "fo", "o", "b", "ar");
+		testStopSequenceFISHelper <1>("7", "x", "foobar", "foo", "bar");
+		testStopSequenceFISHelper <1>("8", "x", "foobar", "foo", "b", "ar");
+
+		testStopSequenceFISHelper <1>("9", "x", "foobar", "foobar");
+		testStopSequenceFISHelper <1>("10", "x", "foobar", "foobarx");
+
+		testStopSequenceFISHelper <1>("11", "x", "", "");
+		testStopSequenceFISHelper <1>("12", "x", "", "x");
+		testStopSequenceFISHelper <1>("13", "x", "", "", "x");
+	}
+
+	void testStopSequenceFilteredInputStreamN_2() {
+
+		testStopSequenceFISHelper <2>("1", "xy", "foo", "fooxybar");
+		testStopSequenceFISHelper <2>("2", "xy", "foo", "foox", "ybar");
+		testStopSequenceFISHelper <2>("3", "xy", "foo", "foox", "y", "bar");
+		testStopSequenceFISHelper <2>("4", "xy", "foo", "foo", "x", "ybar");
+		testStopSequenceFISHelper <2>("5", "xy", "foo", "foo", "xy", "bar");
+		testStopSequenceFISHelper <2>("6", "xy", "foo", "foo", "x", "y", "bar");
+
+		testStopSequenceFISHelper <2>("7", "xy", "fooxbar", "foox", "bar");
+		testStopSequenceFISHelper <2>("8", "xy", "fooxbar", "foo", "xbar");
+		testStopSequenceFISHelper <2>("9", "xy", "fooxbar", "foo", "x", "bar");
+		testStopSequenceFISHelper <2>("10", "xy", "foobarx", "foo", "barx");
+
+		testStopSequenceFISHelper <2>("11", "xy", "foobar", "foobarxy");
+		testStopSequenceFISHelper <2>("12", "xy", "foobar", "foo", "barxy");
+		testStopSequenceFISHelper <2>("13", "xy", "foobar", "foo", "bar", "xy");
+
+		testStopSequenceFISHelper <2>("14", "xy", "", "");
+		testStopSequenceFISHelper <2>("15", "xy", "x", "x");
+		testStopSequenceFISHelper <2>("16", "xy", "", "xy");
+		testStopSequenceFISHelper <2>("17", "xy", "", "x", "y");
+	}
+
+	void testStopSequenceFilteredInputStreamN_3() {
+
+		testStopSequenceFISHelper <3>("1", "xyz", "foo", "fooxyzbar");
+		testStopSequenceFISHelper <3>("2", "xyz", "foo", "foox", "yzbar");
+		testStopSequenceFISHelper <3>("3", "xyz", "foo", "foox", "y", "zbar");
+		testStopSequenceFISHelper <3>("4", "xyz", "foo", "foox", "yz", "bar");
+		testStopSequenceFISHelper <3>("5", "xyz", "foo", "foo", "xyz", "bar");
+		testStopSequenceFISHelper <3>("6", "xyz", "foo", "foo", "xy", "zbar");
+		testStopSequenceFISHelper <3>("7", "xyz", "foo", "foo", "x", "y", "zbar");
+		testStopSequenceFISHelper <3>("8", "xyz", "foo", "foo", "x", "y", "z", "bar");
+		testStopSequenceFISHelper <3>("9", "xyz", "foo", "fooxy", "z", "bar");
+
+		testStopSequenceFISHelper <3>("10", "xyz", "fooxybar", "foox", "y", "bar");
+		testStopSequenceFISHelper <3>("11", "xyz", "fooxybar", "fooxy", "bar");
+		testStopSequenceFISHelper <3>("12", "xyz", "fooxybar", "fo", "ox", "y", "bar");
+		testStopSequenceFISHelper <3>("13", "xyz", "fooxybar", "fo", "o", "x", "y", "bar");
+		testStopSequenceFISHelper <3>("14", "xyz", "fooxybar", "foo", "x", "ybar");
+		testStopSequenceFISHelper <3>("15", "xyz", "fooxybar", "foo", "xybar");
+
+		testStopSequenceFISHelper <3>("16", "xyz", "xfoxoxybxar", "xfoxo", "xybxar");
+		testStopSequenceFISHelper <3>("17", "xyz", "xfoxoxybxarx", "xfoxo", "xybxarx");
+		testStopSequenceFISHelper <3>("18", "xyz", "xfoxoxybxarxy", "xfoxo", "xybxarxy");
+
+		testStopSequenceFISHelper <3>("19", "xyz", "", "");
+		testStopSequenceFISHelper <3>("20", "xyz", "x", "x");
+		testStopSequenceFISHelper <3>("21", "xyz", "xy", "xy");
+		testStopSequenceFISHelper <3>("22", "xyz", "", "xyz");
+		testStopSequenceFISHelper <3>("23", "xyz", "", "x", "yz");
+		testStopSequenceFISHelper <3>("24", "xyz", "", "x", "y", "z");
+	}
+
+
+	// LFToCRLFFilteredOutputStream
+
+	void testLFToCRLFFilteredOutputStream_Global() {
+
+		typedef vmime::utility::LFToCRLFFilteredOutputStream FILTER;
+
+		testFilteredOutputStreamHelper<FILTER>("1",  "ABC\r\nDEF",       "ABC\nDEF");
+		testFilteredOutputStreamHelper<FILTER>("2",  "ABC\r\nDEF",       "ABC\rDEF");
+		testFilteredOutputStreamHelper<FILTER>("3",  "\r\n\r\nAB\r\n\r\nA\r\nB\r\n", "\n\nAB\n\nA\nB\n");
+		testFilteredOutputStreamHelper<FILTER>("4",  "ABCDE\r\nF",       "ABCDE\nF");
+		testFilteredOutputStreamHelper<FILTER>("5",  "ABCDE\r\nF",       "ABCDE\r\nF");
+		testFilteredOutputStreamHelper<FILTER>("6",  "\r\n\r\n\r\n",     "\n\n\n");
+		testFilteredOutputStreamHelper<FILTER>("7",  "\r\n\r\n\r\n",     "\r\r\n\n");
+		testFilteredOutputStreamHelper<FILTER>("8",  "\r\n\r\n\r\n\r\n", "\r\r\r\r");
+		testFilteredOutputStreamHelper<FILTER>("9",  "\r\n\r\n\r\n\r\n", "\n\n\n\n");
+		testFilteredOutputStreamHelper<FILTER>("10", "\r\n\r\n\r\n",     "\r\n\n\n");
+		testFilteredOutputStreamHelper<FILTER>("11", "\r\n\r\n\r\n\r\n", "\n\n\n\r\n");
+	}
+
+	void testLFToCRLFFilteredOutputStream_Edge() {
+
+		typedef vmime::utility::LFToCRLFFilteredOutputStream FILTER;
+
+		testFilteredOutputStreamHelper<FILTER>("1",  "\r\n\r\n",         "\r", "\r");
+		testFilteredOutputStreamHelper<FILTER>("2",  "\r\n\r\n",         "\r", "\n\r");
+		testFilteredOutputStreamHelper<FILTER>("3",  "ABC\r\n\r\n",      "ABC\r", "\n\r");
+		testFilteredOutputStreamHelper<FILTER>("4",  "ABC\r\n\r\n\r\n",  "ABC\r", "\n\r", "\n\n");
+		testFilteredOutputStreamHelper<FILTER>("5",  "\r\n\r\n",         "\n", "\n");
+		testFilteredOutputStreamHelper<FILTER>("6",  "\r\n\r\n",         "\r\n\r\n");
+		testFilteredOutputStreamHelper<FILTER>("7",  "\r\n\r\n",         "\r\n\r", "\n");
+
+		testFilteredOutputStreamHelper<FILTER>("8",  "A\r\nB\r\nC\r\nD",         "A\rB", "\nC\r\nD");
+		testFilteredOutputStreamHelper<FILTER>("9",  "\r\nA\r\nB\r\nC\r\nD",     "\rA\r", "B\nC\r\nD");
+		testFilteredOutputStreamHelper<FILTER>("10", "\r\nA\r\nB\r\nC\r\nD",     "\nA\r", "B\nC\r\nD");
+		testFilteredOutputStreamHelper<FILTER>("11", "\r\nA\r\nB\r\nC\r\nD\r\n", "\nA\rB", "\nC\r\nD\r");
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/outputStreamByteArrayAdapterTest.cpp b/vmime-master/tests/utility/outputStreamByteArrayAdapterTest.cpp
new file mode 100644
index 0000000..07a0f4b
--- /dev/null
+++ b/vmime-master/tests/utility/outputStreamByteArrayAdapterTest.cpp
@@ -0,0 +1,82 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamByteArrayAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(outputStreamByteArrayAdapterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testWrite)
+		VMIME_TEST(testWriteBinary)
+		VMIME_TEST(testWriteCRLF)
+	VMIME_TEST_LIST_END
+
+
+	void testWrite() {
+
+		vmime::byteArray bytes;
+
+		vmime::utility::outputStreamByteArrayAdapter stream(bytes);
+		stream << "some data";
+		stream.flush();
+
+		VASSERT_EQ("Write 1", 0, memcmp("some data", &bytes[0], 9));
+
+		stream.write("more data", 9);
+
+		VASSERT_EQ("Write 2", 0, memcmp("some datamore data", &bytes[0], 18));
+	}
+
+	void testWriteBinary() {
+
+		const char binaryData[] =
+			"\xc5\x9a\xc3\xb8\xc9\xb1\xc9\x9b\x20\xc9\x93\xc9\xa8\xc9\xb2\xc9"
+			"\x91\xc5\x95\xc9\xa3\x20\xc9\x96\xc9\x90\xca\x88\xc9\x92";
+
+		vmime::byteArray bytes;
+
+		vmime::utility::outputStreamByteArrayAdapter stream(bytes);
+		stream.write(binaryData, sizeof(binaryData));
+		stream.flush();
+
+		VASSERT_EQ("Write", 0, memcmp(binaryData, &bytes[0], sizeof(binaryData)));
+	}
+
+	void testWriteCRLF() {
+
+		vmime::byteArray bytes;
+
+		vmime::utility::outputStreamByteArrayAdapter stream(bytes);
+		stream << "some data";
+		stream.flush();
+
+		stream << "\nmore\r\ndata\r";
+		stream.flush();
+
+		VASSERT_EQ("Write", 0, memcmp("some data\nmore\r\ndata\r", &bytes[0], 21));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/outputStreamSocketAdapterTest.cpp b/vmime-master/tests/utility/outputStreamSocketAdapterTest.cpp
new file mode 100644
index 0000000..a869ed7
--- /dev/null
+++ b/vmime-master/tests/utility/outputStreamSocketAdapterTest.cpp
@@ -0,0 +1,87 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamSocketAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(outputStreamSocketAdapterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testWrite)
+		VMIME_TEST(testWriteBinary)
+		VMIME_TEST(testWriteCRLF)
+	VMIME_TEST_LIST_END
+
+
+	void testWrite() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+
+		vmime::utility::outputStreamSocketAdapter stream(*socket);
+		stream << "some data";
+		stream.flush();
+
+		vmime::string buffer;
+		socket->localReceive(buffer);
+
+		VASSERT_EQ("Write", "some data", buffer);
+	}
+
+	void testWriteBinary() {
+
+		const char binaryData[] =
+			"\xc5\x9a\xc3\xb8\xc9\xb1\xc9\x9b\x20\xc9\x93\xc9\xa8\xc9\xb2\xc9"
+			"\x91\xc5\x95\xc9\xa3\x20\xc9\x96\xc9\x90\xca\x88\xc9\x92";
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+
+		vmime::utility::outputStreamSocketAdapter stream(*socket);
+		stream.write(binaryData, sizeof(binaryData));
+		stream.flush();
+
+		vmime::string buffer;
+		socket->localReceive(buffer);
+
+		VASSERT_EQ("Write", 0, memcmp(binaryData, buffer.data(), sizeof(binaryData)));
+	}
+
+	void testWriteCRLF() {
+
+		vmime::shared_ptr <testSocket> socket = vmime::make_shared <testSocket>();
+
+		vmime::utility::outputStreamSocketAdapter stream(*socket);
+		stream << "some data";
+		stream.flush();
+
+		stream << "\nmore\r\ndata\r";
+		stream.flush();
+
+		vmime::string buffer;
+		socket->localReceive(buffer);
+
+		VASSERT_EQ("Write", "some data\nmore\r\ndata\r", buffer);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/outputStreamStringAdapterTest.cpp b/vmime-master/tests/utility/outputStreamStringAdapterTest.cpp
new file mode 100644
index 0000000..3de8f8b
--- /dev/null
+++ b/vmime-master/tests/utility/outputStreamStringAdapterTest.cpp
@@ -0,0 +1,84 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/outputStreamStringAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(outputStreamStringAdapterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testWrite)
+		VMIME_TEST(testWriteBinary)
+		VMIME_TEST(testWriteCRLF)
+	VMIME_TEST_LIST_END
+
+
+	void testWrite() {
+
+		vmime::string str("initial data");
+
+		vmime::utility::outputStreamStringAdapter stream(str);
+		stream << "additional data";
+		stream.flush();
+
+		VASSERT_EQ("Write 1 len", 27, str.length());
+		VASSERT_EQ("Write 1 data", "initial dataadditional data", str);
+
+		stream.write("more data");
+
+		VASSERT_EQ("Write 2 len", 36, str.length());
+		VASSERT_EQ("Write 2 data", "initial dataadditional datamore data", str);
+	}
+
+	void testWriteBinary() {
+
+		const vmime::byte_t binaryData[] =
+			"\xc5\x9a\xc3\xb8\xc9\xb1\xc9\x9b\x20\xc9\x93\xc9\xa8\xc9\xb2\xc9"
+			"\x91\xc5\x95\xc9\xa3\x20\xc9\x96\xc9\x90\xca\x88\xc9\x92";
+
+		vmime::string str;
+
+		vmime::utility::outputStreamStringAdapter stream(str);
+		stream.write(binaryData, sizeof(binaryData));
+		stream.flush();
+
+		VASSERT_EQ("Write", 0, memcmp(binaryData, str.data(), sizeof(binaryData)));
+	}
+
+	void testWriteCRLF() {
+
+		vmime::string str;
+
+		vmime::utility::outputStreamStringAdapter stream(str);
+		stream << "some data";
+		stream.flush();
+
+		stream << "\nmore\r\ndata\r";
+		stream.flush();
+
+		VASSERT_EQ("Write", "some data\nmore\r\ndata\r", str);
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/parserInputStreamAdapterTest.cpp b/vmime-master/tests/utility/parserInputStreamAdapterTest.cpp
new file mode 100644
index 0000000..4bc310c
--- /dev/null
+++ b/vmime-master/tests/utility/parserInputStreamAdapterTest.cpp
@@ -0,0 +1,51 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/parserInputStreamAdapter.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(parserInputStreamAdapterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testEndlessLoopBufferSize)
+	VMIME_TEST_LIST_END
+
+
+	void testEndlessLoopBufferSize() {
+
+		static const unsigned int BUFFER_SIZE = 4096;  // same as in parserInputStreamAdapter::findNext()
+
+		vmime::string str(BUFFER_SIZE, 'X');
+
+		vmime::shared_ptr <vmime::utility::inputStreamStringAdapter> iss =
+			vmime::make_shared <vmime::utility::inputStreamStringAdapter>(str);
+
+		vmime::shared_ptr <vmime::utility::parserInputStreamAdapter> parser =
+			vmime::make_shared <vmime::utility::parserInputStreamAdapter>(iss);
+
+		VASSERT_EQ("Not found", vmime::string::npos, parser->findNext("token"));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/pathTest.cpp b/vmime-master/tests/utility/pathTest.cpp
new file mode 100644
index 0000000..e6227f3
--- /dev/null
+++ b/vmime-master/tests/utility/pathTest.cpp
@@ -0,0 +1,356 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/path.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(utilityPathTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testConstruct1)
+		VMIME_TEST(testConstruct2)
+		VMIME_TEST(testConstruct3)
+		VMIME_TEST(testConstruct4)
+
+		VMIME_TEST(testAppendComponent)
+
+		VMIME_TEST(testOperatorDiv1)
+		VMIME_TEST(testOperatorDiv2)
+
+		VMIME_TEST(testOperatorDivEqual1)
+		VMIME_TEST(testOperatorDivEqual2)
+
+		VMIME_TEST(testGetParent)
+
+		VMIME_TEST(testComparison)
+
+		VMIME_TEST(testGetLastComponent)
+
+		VMIME_TEST(testIsDirectParentOf)
+		VMIME_TEST(testIsParentOf)
+		VMIME_TEST(testIsParentOf_EquivalentCharset)
+
+		VMIME_TEST(testRenameParent)
+
+		VMIME_TEST(testFromString)
+		VMIME_TEST(testFromString_IgnoreLeadingOrTrailingSep)
+		VMIME_TEST(testToString)
+	VMIME_TEST_LIST_END
+
+
+	typedef vmime::utility::path path;
+	typedef vmime::utility::path::component comp;
+
+
+	void testConstruct1() {
+
+		VASSERT_EQ("1", true, path().isEmpty());
+		VASSERT_EQ("2", 0, path().getSize());
+	}
+
+	void testConstruct2() {
+
+		path p(comp("foo"));
+
+		VASSERT_EQ("1", false, p.isEmpty());
+		VASSERT_EQ("2", 1, p.getSize());
+		VASSERT_EQ("3", "foo", p.getComponentAt(0).getBuffer());
+	}
+
+	void testAppendComponent() {
+
+		path p;
+
+		VASSERT_EQ("1", 0, p.getSize());
+
+		comp c("foo");
+		p.appendComponent(c);
+
+		VASSERT_EQ("2", 1, p.getSize());
+		VASSERT_EQ("3", c.getBuffer(), p.getComponentAt(0).getBuffer());
+	}
+
+	void testConstruct3() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		path p2(p1);
+
+		VASSERT_EQ("1", 2, p2.getSize());
+		VASSERT_EQ("2", "foo", p2.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", "bar", p2.getComponentAt(1).getBuffer());
+	}
+
+	void testConstruct4() {
+
+		// Same as path::path(const component&)
+		path p("foo");
+
+		VASSERT_EQ("1", false, p.isEmpty());
+		VASSERT_EQ("2", 1, p.getSize());
+		VASSERT_EQ("3", "foo", p.getComponentAt(0).getBuffer());
+	}
+
+	void testOperatorDiv1() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		path p2;
+		p2.appendComponent(comp("baz"));
+
+		path p3 = p1 / p2;
+
+		VASSERT_EQ("1", 3, p3.getSize());
+		VASSERT_EQ("2", p1.getComponentAt(0).getBuffer(), p3.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", p1.getComponentAt(1).getBuffer(), p3.getComponentAt(1).getBuffer());
+		VASSERT_EQ("4", p2.getComponentAt(0).getBuffer(), p3.getComponentAt(2).getBuffer());
+	}
+
+	void testOperatorDiv2() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		comp c("baz");
+
+		path p2 = p1 / c;
+
+		VASSERT_EQ("1", 3, p2.getSize());
+		VASSERT_EQ("2", p1.getComponentAt(0).getBuffer(), p2.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", p1.getComponentAt(1).getBuffer(), p2.getComponentAt(1).getBuffer());
+		VASSERT_EQ("4", c.getBuffer(), p2.getComponentAt(2).getBuffer());
+	}
+
+	void testOperatorDivEqual1() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		path p2;
+		p2.appendComponent(comp("baz"));
+
+		path p3(p1);
+		p3 /= p2;
+
+		VASSERT_EQ("1", 3, p3.getSize());
+		VASSERT_EQ("2", p1.getComponentAt(0).getBuffer(), p3.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", p1.getComponentAt(1).getBuffer(), p3.getComponentAt(1).getBuffer());
+		VASSERT_EQ("4", p2.getComponentAt(0).getBuffer(), p3.getComponentAt(2).getBuffer());
+	}
+
+	void testOperatorDivEqual2() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		comp c("baz");
+
+		path p2(p1);
+		p2 /= c;
+
+		VASSERT_EQ("1", 3, p2.getSize());
+		VASSERT_EQ("2", p1.getComponentAt(0).getBuffer(), p2.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", p1.getComponentAt(1).getBuffer(), p2.getComponentAt(1).getBuffer());
+		VASSERT_EQ("4", c.getBuffer(), p2.getComponentAt(2).getBuffer());
+	}
+
+	void testGetParent() {
+
+		path p1;
+		path p1p = p1.getParent();
+
+		VASSERT_EQ("1", true, p1p.isEmpty());
+
+		path p2;
+		p2.appendComponent(comp("foo"));
+		p2.appendComponent(comp("bar"));
+
+		path p2p = p2.getParent();
+
+		VASSERT_EQ("2", 1, p2p.getSize());
+		VASSERT_EQ("3", p2.getComponentAt(0).getBuffer(), p2p.getComponentAt(0).getBuffer());
+	}
+
+	void testComparison() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+
+		path p2;
+		p2.appendComponent(comp("foo"));
+		p2.appendComponent(comp("bar"));
+
+		path p3;
+		p3.appendComponent(comp("foo"));
+		p3.appendComponent(comp("bar"));
+		p3.appendComponent(comp("baz"));
+
+		VASSERT_EQ("1", true, p1 == p2);
+		VASSERT_EQ("2", false, p1 == p3);
+
+		VASSERT_EQ("3", false, p1 != p2);
+		VASSERT_EQ("4", true, p1 != p3);
+
+		VASSERT_EQ("5", true, p3.getParent() == p1);
+	}
+
+	void testGetLastComponent() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+		p1.appendComponent(comp("bar"));
+		p1.appendComponent(comp("baz"));
+
+		VASSERT_EQ("1", "baz", p1.getLastComponent().getBuffer());
+		VASSERT_EQ("2", "bar", p1.getParent().getLastComponent().getBuffer());
+		VASSERT_EQ("3", "foo", p1.getParent().getParent().getLastComponent().getBuffer());
+	}
+
+	void testIsDirectParentOf() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+
+		path p2;
+		p2.appendComponent(comp("foo"));
+		p2.appendComponent(comp("bar"));
+
+		path p3;
+		p3.appendComponent(comp("foo"));
+		p3.appendComponent(comp("bar"));
+		p3.appendComponent(comp("baz"));
+
+		VASSERT_EQ("1", true, p1.isDirectParentOf(p2));
+		VASSERT_EQ("2", true, p2.isDirectParentOf(p3));
+		VASSERT_EQ("3", false, p1.isDirectParentOf(p3));
+		VASSERT_EQ("4", false, p2.isDirectParentOf(p1));
+	}
+
+	void testIsParentOf() {
+
+		path p1;
+		p1.appendComponent(comp("foo"));
+
+		path p2;
+		p2.appendComponent(comp("foo"));
+		p2.appendComponent(comp("bar"));
+
+		path p3;
+		p3.appendComponent(comp("foo"));
+		p3.appendComponent(comp("bar"));
+		p3.appendComponent(comp("baz"));
+
+		VASSERT_EQ("1", true, p1.isParentOf(p2));
+		VASSERT_EQ("2", true, p2.isParentOf(p3));
+		VASSERT_EQ("3", true, p1.isParentOf(p3));
+		VASSERT_EQ("4", false, p2.isParentOf(p1));
+	}
+
+	void testIsParentOf_EquivalentCharset() {
+
+		path p1;
+		p1.appendComponent(comp("foo", "us-ascii"));
+
+		path p2;
+		p2.appendComponent(comp("foo", "utf-8"));
+		p2.appendComponent(comp("bar"));
+		p2.appendComponent(comp("baz"));
+
+		VASSERT_EQ("1", true, p1.isParentOf(p2));
+	}
+
+	void testRenameParent() {
+
+		path p1;
+		p1.appendComponent(comp("a"));
+		p1.appendComponent(comp("b"));
+		p1.appendComponent(comp("c"));
+		p1.appendComponent(comp("d"));
+
+		path p2;
+		p2.appendComponent(comp("a"));
+		p2.appendComponent(comp("b"));
+
+		path p3;
+		p3.appendComponent(comp("x"));
+		p3.appendComponent(comp("y"));
+		p3.appendComponent(comp("z"));
+
+		path p(p1);
+		p.renameParent(p2, p3);
+
+		VASSERT_EQ("1", 5, p.getSize());
+		VASSERT_EQ("2", "x", p.getComponentAt(0).getBuffer());
+		VASSERT_EQ("3", "y", p.getComponentAt(1).getBuffer());
+		VASSERT_EQ("4", "z", p.getComponentAt(2).getBuffer());
+		VASSERT_EQ("5", "c", p.getComponentAt(3).getBuffer());
+		VASSERT_EQ("6", "d", p.getComponentAt(4).getBuffer());
+	}
+
+	void testFromString() {
+
+		path p = path::fromString("ab/cde/f", "/", vmime::charset("my-charset"));
+
+		VASSERT_EQ("count", 3, p.getSize());
+		VASSERT_EQ("buffer1", "ab", p.getComponentAt(0).getBuffer());
+		VASSERT_EQ("charset1", "my-charset", p.getComponentAt(0).getCharset().getName());
+		VASSERT_EQ("buffer2", "cde", p.getComponentAt(1).getBuffer());
+		VASSERT_EQ("charset2", "my-charset", p.getComponentAt(1).getCharset().getName());
+		VASSERT_EQ("buffer3", "f", p.getComponentAt(2).getBuffer());
+		VASSERT_EQ("charset3", "my-charset", p.getComponentAt(2).getCharset().getName());
+	}
+
+	void testFromString_IgnoreLeadingOrTrailingSep() {
+
+		path p = path::fromString("//ab/cde/f////", "/", vmime::charset("my-charset"));
+
+		VASSERT_EQ("count", 3, p.getSize());
+		VASSERT_EQ("buffer1", "ab", p.getComponentAt(0).getBuffer());
+		VASSERT_EQ("charset1", "my-charset", p.getComponentAt(0).getCharset().getName());
+		VASSERT_EQ("buffer2", "cde", p.getComponentAt(1).getBuffer());
+		VASSERT_EQ("charset2", "my-charset", p.getComponentAt(1).getCharset().getName());
+		VASSERT_EQ("buffer3", "f", p.getComponentAt(2).getBuffer());
+		VASSERT_EQ("charset3", "my-charset", p.getComponentAt(2).getCharset().getName());
+	}
+
+	void testToString() {
+
+		path p;
+		p.appendComponent(comp("ab"));
+		p.appendComponent(comp("cde"));
+		p.appendComponent(comp("f"));
+
+		VASSERT_EQ("string", "ab/cde/f", p.toString("/", vmime::charset("us-ascii")));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/seekableInputStreamRegionAdapterTest.cpp b/vmime-master/tests/utility/seekableInputStreamRegionAdapterTest.cpp
new file mode 100644
index 0000000..b099cd7
--- /dev/null
+++ b/vmime-master/tests/utility/seekableInputStreamRegionAdapterTest.cpp
@@ -0,0 +1,176 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/inputStreamStringAdapter.hpp"
+#include "vmime/utility/seekableInputStreamRegionAdapter.hpp"
+#include "vmime/utility/stringUtils.hpp"
+
+
+using namespace vmime::utility;
+
+
+VMIME_TEST_SUITE_BEGIN(seekableInputStreamRegionAdapterTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testInitialPosition)
+		VMIME_TEST(testSeekAndGetPosition)
+		VMIME_TEST(testRead)
+		VMIME_TEST(testSkip)
+		VMIME_TEST(testReset)
+		VMIME_TEST(testOwnPosition)
+	VMIME_TEST_LIST_END
+
+
+	vmime::shared_ptr <seekableInputStreamRegionAdapter> createStream(
+		vmime::shared_ptr <seekableInputStream>* underlyingStream = NULL
+	) {
+
+		vmime::string buffer("THIS IS A TEST BUFFER");
+
+		vmime::shared_ptr <seekableInputStream> strStream =
+			vmime::make_shared <inputStreamStringAdapter>(buffer);
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> rgnStream =
+			vmime::make_shared <seekableInputStreamRegionAdapter>(strStream, 10, 11);
+
+		if (underlyingStream) {
+			*underlyingStream = strStream;
+		}
+
+		return rgnStream;
+	}
+
+	void testInitialPosition() {
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream();
+
+		VASSERT_EQ("Pos", 0, stream->getPosition());
+		VASSERT_FALSE("EOF", stream->eof());
+	}
+
+	void testSeekAndGetPosition() {
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream();
+
+		stream->seek(5);
+
+		VASSERT_EQ("Pos 1", 5, stream->getPosition());
+		VASSERT_FALSE("EOF 1", stream->eof());
+
+		stream->seek(20);
+
+		VASSERT_EQ("Pos 2", 11, stream->getPosition());
+		VASSERT_TRUE("EOF 2", stream->eof());
+	}
+
+	void testRead() {
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream();
+
+		stream->seek(5);
+
+		vmime::byte_t buffer[100];
+		std::fill(vmime::begin(buffer), vmime::end(buffer), 0);
+		vmime::size_t read = stream->read(buffer, 6);
+
+		VASSERT_EQ("Pos", 11, stream->getPosition());
+		VASSERT_EQ("Read", 6, read);
+		VASSERT_TRUE("EOF", stream->eof());
+		VASSERT_EQ("Buffer", "BUFFER", vmime::utility::stringUtils::makeStringFromBytes(buffer, 6));
+	}
+
+	void testSkip() {
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream();
+
+		stream->skip(5);
+
+		VASSERT_EQ("Pos 1", 5, stream->getPosition());
+		VASSERT_FALSE("EOF 1", stream->eof());
+
+		vmime::byte_t buffer[100];
+		std::fill(vmime::begin(buffer), vmime::end(buffer), 0);
+		vmime::size_t read = stream->read(buffer, 3);
+
+		VASSERT_EQ("Pos 2", 8, stream->getPosition());
+		VASSERT_EQ("Read", 3, read);
+		VASSERT_FALSE("EOF 2", stream->eof());
+		VASSERT_EQ("Buffer", "BUF", vmime::utility::stringUtils::makeStringFromBytes(buffer, 3));
+
+		stream->skip(50);
+
+		VASSERT_EQ("Pos 3", 11, stream->getPosition());
+		VASSERT_TRUE("EOF 3", stream->eof());
+	}
+
+	void testReset() {
+
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream();
+
+		stream->skip(100);
+		stream->reset();
+
+		VASSERT_EQ("Pos", 0, stream->getPosition());
+		VASSERT_FALSE("EOF", stream->eof());
+	}
+
+	void testOwnPosition() {
+
+		// seekableInputStreamRegionAdapter should keep track of its own position
+		// in the underlying stream, and not be affected by possible seek/read
+		// operations on it...
+		vmime::shared_ptr <seekableInputStream> ustream;
+		vmime::shared_ptr <seekableInputStreamRegionAdapter> stream = createStream(&ustream);
+
+		stream->seek(5);
+
+		vmime::byte_t buffer1[100];
+		std::fill(vmime::begin(buffer1), vmime::end(buffer1), 0);
+
+		VASSERT_EQ("Read 1", 7, ustream->read(buffer1, 7));
+
+		vmime::byte_t buffer2[100];
+		std::fill(vmime::begin(buffer2), vmime::end(buffer2), 0);
+
+		VASSERT_EQ("Read 2", 6, stream->read(buffer2, 6));
+
+		VASSERT_EQ(
+			"Buffer 1",
+			"THIS IS",
+			vmime::utility::stringUtils::makeStringFromBytes(buffer1, 7)
+		);
+
+		VASSERT_EQ(
+			"Buffer 2",
+			"BUFFER",
+			vmime::utility::stringUtils::makeStringFromBytes(buffer2, 6)
+		);
+
+		// ...but the underlying stream position is affected by read operations
+		// from the region adapter (FIXME?)
+		VASSERT_EQ("Pos", 21, ustream->getPosition());
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/stringUtilsTest.cpp b/vmime-master/tests/utility/stringUtilsTest.cpp
new file mode 100644
index 0000000..6c2e18f
--- /dev/null
+++ b/vmime-master/tests/utility/stringUtilsTest.cpp
@@ -0,0 +1,214 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/stringUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(stringUtilsTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testMakeStringFromBytes)
+		VMIME_TEST(testAppendBytesToString)
+
+		VMIME_TEST(testIsStringEqualNoCase1)
+		VMIME_TEST(testIsStringEqualNoCase2)
+		VMIME_TEST(testIsStringEqualNoCase3)
+
+		VMIME_TEST(testToLower)
+
+		VMIME_TEST(testTrim)
+
+		VMIME_TEST(testCountASCIIChars)
+
+		VMIME_TEST(testUnquote)
+
+		VMIME_TEST(testIsValidHostname)
+		VMIME_TEST(testIsValidFQDN)
+	VMIME_TEST_LIST_END
+
+
+	typedef vmime::utility::stringUtils stringUtils;
+
+
+	void testMakeStringFromBytes() {
+
+		vmime::byte_t bytes[] = { 0x12, 0x34, 0x56, 0x78 };
+		vmime::string str = vmime::utility::stringUtils::makeStringFromBytes(bytes, 3);
+
+		VASSERT_EQ("length", 3, str.length());
+		VASSERT_EQ("byte1", '\x12', str[0]);
+		VASSERT_EQ("byte2", '\x34', str[1]);
+		VASSERT_EQ("byte3", '\x56', str[2]);
+	}
+
+	void testAppendBytesToString() {
+
+		vmime::byte_t bytes[] = { 0x42, 0x56, 0x12, 0x00, 'f', 'o', 'o' };
+
+		vmime::string str = "test";
+		vmime::utility::stringUtils::appendBytesToString(str, bytes, 7);
+
+		VASSERT_EQ("length", 4 + 7, str.length());
+		VASSERT_EQ("byte1", 't', str[0]);
+		VASSERT_EQ("byte2", 'e', str[1]);
+		VASSERT_EQ("byte3", 's', str[2]);
+		VASSERT_EQ("byte4", 't', str[3]);
+		VASSERT_EQ("byte5", '\x42', str[4]);
+		VASSERT_EQ("byte6", '\x56', str[5]);
+		VASSERT_EQ("byte7", '\x12', str[6]);
+		VASSERT_EQ("byte8", '\0', str[7]);
+		VASSERT_EQ("byte9", 'f', str[8]);
+		VASSERT_EQ("byte10", 'o', str[9]);
+		VASSERT_EQ("byte11", 'o', str[10]);
+	}
+
+	void testIsStringEqualNoCase1() {
+
+		VASSERT_EQ("1", true, stringUtils::isStringEqualNoCase(vmime::string("foo"), "foo", 3));
+		VASSERT_EQ("2", true, stringUtils::isStringEqualNoCase(vmime::string("FOo"), "foo", 3));
+
+		VASSERT_EQ("3", false, stringUtils::isStringEqualNoCase(vmime::string("foo"), "FOo", 3));
+		VASSERT_EQ("4", false, stringUtils::isStringEqualNoCase(vmime::string("foo"), "bar", 3));
+
+		VASSERT_EQ("5", false, stringUtils::isStringEqualNoCase(vmime::string("foO"), "bar", 3));
+		VASSERT_EQ("6", false, stringUtils::isStringEqualNoCase(vmime::string("foOO"), "barO", 4));
+		VASSERT_EQ("7", false, stringUtils::isStringEqualNoCase(vmime::string("foOO"), "ba", 2));
+
+		VASSERT_EQ("8", true, stringUtils::isStringEqualNoCase(vmime::string("FOoooo"), "foo", 3));
+	}
+
+	void testIsStringEqualNoCase2() {
+
+		VASSERT_EQ("1", true, stringUtils::isStringEqualNoCase(vmime::string("foo"), vmime::string("foo")));
+		VASSERT_EQ("2", true, stringUtils::isStringEqualNoCase(vmime::string("FOo"), vmime::string("foo")));
+		VASSERT_EQ("3", true, stringUtils::isStringEqualNoCase(vmime::string("foO"), vmime::string("FOo")));
+
+		VASSERT_EQ("4", false, stringUtils::isStringEqualNoCase(vmime::string("foO"), vmime::string("bar")));
+		VASSERT_EQ("5", false, stringUtils::isStringEqualNoCase(vmime::string("foOO"), vmime::string("barO")));
+	}
+
+	void testIsStringEqualNoCase3() {
+
+		vmime::string str1("FooBar");
+
+		VASSERT_EQ("1", true, stringUtils::isStringEqualNoCase(str1.begin(), str1.end(), "foobar", 6));
+		VASSERT_EQ("2", false, stringUtils::isStringEqualNoCase(str1.begin(), str1.end(), "FooBar", 6));
+		VASSERT_EQ("3", true, stringUtils::isStringEqualNoCase(str1.begin(), str1.end(), "fooBar", 3));
+		VASSERT_EQ("4", false, stringUtils::isStringEqualNoCase(str1.begin(), str1.begin() + 3, "fooBar", 6));
+		VASSERT_EQ("5", false, stringUtils::isStringEqualNoCase(str1.begin(), str1.begin() + 3, "bar", 3));
+		VASSERT_EQ("6", false, stringUtils::isStringEqualNoCase(str1.begin(), str1.begin() + 6, "barbar", 6));
+	}
+
+	void testToLower() {
+
+		VASSERT_EQ("1", "foo", stringUtils::toLower("FOO"));
+		VASSERT_EQ("2", "foo", stringUtils::toLower("foO"));
+		VASSERT_EQ("3", "foo", stringUtils::toLower("foo"));
+	}
+
+	void testTrim() {
+
+		VASSERT_EQ("1", "foo", stringUtils::trim("  foo"));
+		VASSERT_EQ("2", "foo", stringUtils::trim("\t\tfoo"));
+		VASSERT_EQ("3", "foo", stringUtils::trim(" \t \tfoo"));
+		VASSERT_EQ("4", "foo", stringUtils::trim(" \r\n\tfoo"));
+
+		VASSERT_EQ("5", "foo", stringUtils::trim("foo  "));
+		VASSERT_EQ("6", "foo", stringUtils::trim("foo\t\t"));
+		VASSERT_EQ("7", "foo", stringUtils::trim("foo \t \t"));
+		VASSERT_EQ("8", "foo", stringUtils::trim("foo \r\n\t"));
+
+		VASSERT_EQ( "9", "foo", stringUtils::trim("foo  "));
+		VASSERT_EQ("10", "foo", stringUtils::trim(" foo  "));
+		VASSERT_EQ("11", "foo", stringUtils::trim(" foo\t\t"));
+		VASSERT_EQ("12", "foo", stringUtils::trim("\tfoo \r \t"));
+		VASSERT_EQ("13", "foo", stringUtils::trim("\r \tfoo \n\t"));
+	}
+
+	void testCountASCIIChars() {
+
+		vmime::string str1("foo");
+		VASSERT_EQ(
+			"1",
+			static_cast <vmime::size_t>(3),
+			stringUtils::countASCIIchars(str1.begin(), str1.end())
+		);
+
+		vmime::string str2("f=?oo");
+		VASSERT_EQ(
+			"2",
+			static_cast <vmime::size_t>(3 + 1),
+			stringUtils::countASCIIchars(str2.begin(), str2.end())
+		);
+
+		vmime::string str3("foo\x7f");
+		VASSERT_EQ(
+			"3",
+			static_cast <vmime::size_t>(4),
+			stringUtils::countASCIIchars(str3.begin(), str3.end())
+		);
+
+		vmime::string str4("foo\x80");
+		VASSERT_EQ(
+			"4",
+			static_cast <vmime::size_t>(3),
+			stringUtils::countASCIIchars(str4.begin(), str4.end())
+		);
+	}
+
+	void testUnquote() {
+
+		VASSERT_EQ("1", "quoted", stringUtils::unquote("\"quoted\""));  // "quoted"
+		VASSERT_EQ("2", "\"not quoted", stringUtils::unquote("\"not quoted"));  // "not quoted
+		VASSERT_EQ("3", "not quoted\"", stringUtils::unquote("not quoted\""));  // not quoted"
+		VASSERT_EQ("4", "quoted with \"escape\"", stringUtils::unquote("\"quoted with \\\"escape\\\"\""));  // "quoted with \"escape\""
+	}
+
+	void testIsValidHostname() {
+
+		VASSERT_TRUE ("1", stringUtils::isValidHostname("localhost"));
+		VASSERT_TRUE ("2", stringUtils::isValidHostname("localhost.localdomain"));
+		VASSERT_TRUE ("3", stringUtils::isValidHostname("example.com"));
+		VASSERT_TRUE ("4", stringUtils::isValidHostname("host.example.com"));
+		VASSERT_FALSE("5", stringUtils::isValidHostname(".example.com"));
+		VASSERT_FALSE("6", stringUtils::isValidHostname(".-example.com"));
+		VASSERT_FALSE("7", stringUtils::isValidHostname(".example-.com"));
+		VASSERT_FALSE("8", stringUtils::isValidHostname(".exa--mple.com"));
+		VASSERT_FALSE("9", stringUtils::isValidHostname("-example.com"));
+	}
+
+	void testIsValidFQDN() {
+
+		VASSERT_FALSE("1", stringUtils::isValidFQDN("localhost"));
+		VASSERT_FALSE("2", stringUtils::isValidFQDN("localhost.localdomain"));
+		VASSERT_FALSE("3", stringUtils::isValidFQDN("example.com"));
+		VASSERT_TRUE ("4", stringUtils::isValidFQDN("host.example.com"));
+		VASSERT_FALSE("5", stringUtils::isValidFQDN(".example.com"));
+		VASSERT_FALSE("6", stringUtils::isValidFQDN(".-example.com"));
+		VASSERT_FALSE("7", stringUtils::isValidFQDN(".example-.com"));
+		VASSERT_FALSE("8", stringUtils::isValidFQDN(".exa--mple.com"));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/tests/utility/urlTest.cpp b/vmime-master/tests/utility/urlTest.cpp
new file mode 100644
index 0000000..36820a6
--- /dev/null
+++ b/vmime-master/tests/utility/urlTest.cpp
@@ -0,0 +1,312 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "tests/testUtils.hpp"
+
+#include "vmime/utility/url.hpp"
+#include "vmime/utility/urlUtils.hpp"
+
+
+VMIME_TEST_SUITE_BEGIN(urlTest)
+
+	VMIME_TEST_LIST_BEGIN
+		VMIME_TEST(testParse1)
+		VMIME_TEST(testParse2)
+		VMIME_TEST(testParse3)
+		VMIME_TEST(testParse4)
+		VMIME_TEST(testParse5)
+		VMIME_TEST(testGenerate)
+		VMIME_TEST(testUtilsEncode)
+		VMIME_TEST(testUtilsDecode)
+		VMIME_TEST(testUtilsDecodeSpecialCases)
+		VMIME_TEST(testUtilsEncodeReservedChars)
+		VMIME_TEST(testUtilsEncodeUnsafeChars)
+	VMIME_TEST_LIST_END
+
+
+	static bool parseHelper(vmime::utility::url& u, const vmime::string& str) {
+
+		try {
+
+			u = vmime::utility::url(str);
+
+		} catch (vmime::exceptions::malformed_url) {
+
+			return false;
+		}
+
+		return true;
+	}
+
+
+	void testParse1() {
+
+		// Test some valid constructions
+		vmime::utility::url u1("", "");
+
+		VASSERT_EQ("1.1", true, parseHelper(u1, "protocol://user:password@host:12345/path/"));
+		VASSERT_EQ("1.2", "protocol", u1.getProtocol());
+		VASSERT_EQ("1.3", "user", u1.getUsername());
+		VASSERT_EQ("1.4", "password", u1.getPassword());
+		VASSERT_EQ("1.5", "host", u1.getHost());
+		VASSERT_EQ("1.6", 12345, u1.getPort());
+		VASSERT_EQ("1.7", "/path/", u1.getPath());
+
+		vmime::utility::url u2("", "");
+
+		VASSERT_EQ("2.1", true, parseHelper(u2, "protocol://user@host:12345/path/"));
+		VASSERT_EQ("2.2", "protocol", u2.getProtocol());
+		VASSERT_EQ("2.3", "user", u2.getUsername());
+		VASSERT_EQ("2.4", "", u2.getPassword());
+		VASSERT_EQ("2.5", "host", u2.getHost());
+		VASSERT_EQ("2.6", 12345, u2.getPort());
+		VASSERT_EQ("2.7", "/path/", u2.getPath());
+
+		vmime::utility::url u3("", "");
+
+		VASSERT_EQ("3.1", true, parseHelper(u3, "protocol://host:12345/path/"));
+		VASSERT_EQ("3.2", "protocol", u3.getProtocol());
+		VASSERT_EQ("3.3", "", u3.getUsername());
+		VASSERT_EQ("3.4", "", u3.getPassword());
+		VASSERT_EQ("3.5", "host", u3.getHost());
+		VASSERT_EQ("3.6", 12345, u3.getPort());
+		VASSERT_EQ("3.7", "/path/", u3.getPath());
+
+		vmime::utility::url u4("", "");
+
+		VASSERT_EQ("4.1", true, parseHelper(u4, "protocol://host/path/"));
+		VASSERT_EQ("4.2", "protocol", u4.getProtocol());
+		VASSERT_EQ("4.3", "", u4.getUsername());
+		VASSERT_EQ("4.4", "", u4.getPassword());
+		VASSERT_EQ("4.5", "host", u4.getHost());
+		VASSERT_EQ("4.6", vmime::utility::url::UNSPECIFIED_PORT, u4.getPort());
+		VASSERT_EQ("4.7", "/path/", u4.getPath());
+
+		vmime::utility::url u5("", "");
+
+		VASSERT_EQ("5.1", true, parseHelper(u5, "protocol://host/"));
+		VASSERT_EQ("5.2", "protocol", u5.getProtocol());
+		VASSERT_EQ("5.3", "", u5.getUsername());
+		VASSERT_EQ("5.4", "", u5.getPassword());
+		VASSERT_EQ("5.5", "host", u5.getHost());
+		VASSERT_EQ("5.6", vmime::utility::url::UNSPECIFIED_PORT, u4.getPort());
+		VASSERT_EQ("5.7", "", u5.getPath());
+
+		vmime::utility::url u6("", "");
+
+		VASSERT_EQ("6.1", true, parseHelper(u4, "protocol://host/path/file"));
+		VASSERT_EQ("6.2", "protocol", u4.getProtocol());
+		VASSERT_EQ("6.3", "", u4.getUsername());
+		VASSERT_EQ("6.4", "", u4.getPassword());
+		VASSERT_EQ("6.5", "host", u4.getHost());
+		VASSERT_EQ("6.6", vmime::utility::url::UNSPECIFIED_PORT, u4.getPort());
+		VASSERT_EQ("6.7", "/path/file", u4.getPath());
+	}
+
+	void testParse2() {
+
+		// Now, test some ill-formed URLs
+
+		// -- missing protocol
+		vmime::utility::url u1("", "");
+		VASSERT_EQ("1", false, parseHelper(u1, "://host"));
+
+		// -- port can contain only digits
+		vmime::utility::url u2("", "");
+		VASSERT_EQ("2", false, parseHelper(u2, "proto://host:abc123"));
+
+		// -- no host specified
+		vmime::utility::url u3("", "");
+		VASSERT_EQ("3", false, parseHelper(u3, "proto:///path"));
+
+		// -- no protocol separator (://)
+		vmime::utility::url u4("", "");
+		VASSERT_EQ("4", false, parseHelper(u4, "protohost/path"));
+	}
+
+	void testParse3() {
+
+		// Test decoding
+		vmime::utility::url u1("", "");
+
+		VASSERT_EQ("1.1", true, parseHelper(u1, "pro%12to://user%34:pass%56word@ho%78st:12345/pa%abth/"));
+		VASSERT_EQ("1.2", "pro%12to", u1.getProtocol());  // protocol should not be decoded
+		VASSERT_EQ("1.3", "user\x34", u1.getUsername());
+		VASSERT_EQ("1.4", "pass\x56word", u1.getPassword());
+		VASSERT_EQ("1.5", "ho\x78st", u1.getHost());
+		VASSERT_EQ("1.6", 12345, u1.getPort());
+		VASSERT_EQ("1.7", "/pa\xabth/", u1.getPath());
+	}
+
+	void testParse4() {
+
+		// Test parameters
+		vmime::utility::url u1("", "");
+
+		VASSERT_EQ("1.1", true, parseHelper(u1, "proto://host/path?p1=v1&p2=v2"));
+		VASSERT_EQ("1.2", "v1", u1.getParams()["p1"]);
+		VASSERT_EQ("1.3", "v2", u1.getParams()["p2"]);
+		VASSERT_EQ("1.4", "/path", u1.getPath());
+
+		vmime::utility::url u2("", "");
+
+		VASSERT_EQ("2.1", true, parseHelper(u2, "proto://host/path?p1=v1&p2"));
+		VASSERT_EQ("2.2", "v1", u2.getParams()["p1"]);
+		VASSERT_EQ("2.3", "p2", u2.getParams()["p2"]);
+		VASSERT_EQ("2.4", "/path", u2.getPath());
+
+		vmime::utility::url u3("", "");
+
+		VASSERT_EQ("3.1", true, parseHelper(u3, "proto://host/?p1=v1&p2=v2"));
+		VASSERT_EQ("3.2", "v1", u3.getParams()["p1"]);
+		VASSERT_EQ("3.3", "v2", u3.getParams()["p2"]);
+		VASSERT_EQ("3.4", "", u3.getPath());
+
+		vmime::utility::url u4("", "");
+
+		VASSERT_EQ("4.1", true, parseHelper(u4, "proto://host/path?p1=%3D&%3D=v2"));
+		VASSERT_EQ("4.2", "=", u4.getParams()["p1"]);
+		VASSERT_EQ("4.3", "v2", u4.getParams()["="]);
+		VASSERT_EQ("4.4", "/path", u4.getPath());
+	}
+
+	// '@' symbol in the username part
+	void testParse5() {
+
+		vmime::utility::url u1("", "");
+
+		VASSERT_EQ("1", true, parseHelper(u1, "imap://account@myserver.com:password@myserver.com"));
+		VASSERT_EQ("2", "account@myserver.com", u1.getUsername());
+		VASSERT_EQ("3", "password", u1.getPassword());
+		VASSERT_EQ("4", "myserver.com", u1.getHost());
+	}
+
+	void testGenerate() {
+
+		vmime::utility::url u1("proto", "host", 12345, "path", "user", "password");
+		VASSERT_EQ(
+			"1",
+			"proto://user:password@host:12345/path",
+			static_cast <vmime::string>(u1)
+		);
+
+		vmime::utility::url u2("proto", "host");
+		VASSERT_EQ("2", "proto://host", static_cast <vmime::string>(u2));
+
+		vmime::utility::url u3("proto", "host");
+		u3.getParams()["p1"] = "v1";
+		VASSERT_EQ(
+			"3.1",
+			"proto://host/?p1=v1",
+			static_cast <vmime::string>(u3)
+		);
+		u3.getParams()["p2"] = "v2";
+		VASSERT_EQ(
+			"3.2",
+			"proto://host/?p1=v1&p2=v2",
+			static_cast <vmime::string>(u3)
+		);
+
+		// Test special characters
+		u3.getParams().clear();
+		u3.getParams()["&"] = "=";
+		VASSERT_EQ(
+			"3.3",
+			"proto://host/?%26=%3D",
+			static_cast <vmime::string>(u3)
+		);
+	}
+
+	void testUtilsEncode() {
+
+		VASSERT_EQ("1", "%01", vmime::utility::urlUtils::encode("\x01"));
+		VASSERT_EQ("2", "%20", vmime::utility::urlUtils::encode(" "));
+		VASSERT_EQ("3", "%FF", vmime::utility::urlUtils::encode("\xff"));
+		VASSERT_EQ("4", "a", vmime::utility::urlUtils::encode("a"));
+	}
+
+	void testUtilsDecode() {
+
+		for (int i = 0 ; i < 255 ; ++i) {
+
+			std::ostringstream ossTest;
+			ossTest << "%" << "0123456789ABCDEF"[i / 16]
+			               << "0123456789ABCDEF"[i % 16];
+
+			std::ostringstream ossNum;
+			ossNum << i;
+
+			vmime::string res;
+			res += static_cast <unsigned char>(i);
+
+			VASSERT_EQ(
+				ossNum.str(),
+				res,
+				vmime::utility::urlUtils::decode(ossTest.str())
+			);
+		}
+
+	}
+
+	void testUtilsDecodeSpecialCases() {
+
+		// Bug #1656547: segfault with '%' at the end of the string
+		VASSERT_EQ("1.1", "sadfsda%", vmime::utility::urlUtils::decode("sadfsda%"));
+		VASSERT_EQ("1.2", "sadfsda\x05", vmime::utility::urlUtils::decode("sadfsda%5"));
+		VASSERT_EQ("1.3", "sadfsda\x42", vmime::utility::urlUtils::decode("sadfsda%42"));
+	}
+
+	void testUtilsEncodeReservedChars() {
+
+		VASSERT_EQ("1",  "%24", vmime::utility::urlUtils::encode("$"));
+		VASSERT_EQ("2",  "%26", vmime::utility::urlUtils::encode("&"));
+		VASSERT_EQ("3",  "%2B", vmime::utility::urlUtils::encode("+"));
+		VASSERT_EQ("4",  "%2C", vmime::utility::urlUtils::encode(","));
+		VASSERT_EQ("5",  "%2F", vmime::utility::urlUtils::encode("/"));
+		VASSERT_EQ("6",  "%3A", vmime::utility::urlUtils::encode(":"));
+		VASSERT_EQ("7",  "%3B", vmime::utility::urlUtils::encode(";"));
+		VASSERT_EQ("8",  "%3D", vmime::utility::urlUtils::encode("="));
+		VASSERT_EQ("9",  "%3F", vmime::utility::urlUtils::encode("?"));
+		VASSERT_EQ("10", "%40", vmime::utility::urlUtils::encode("@"));
+	}
+
+	void testUtilsEncodeUnsafeChars() {
+
+		VASSERT_EQ("1",  "%20", vmime::utility::urlUtils::encode(" "));
+		VASSERT_EQ("2",  "%22", vmime::utility::urlUtils::encode("\""));
+		VASSERT_EQ("3",  "%3C", vmime::utility::urlUtils::encode("<"));
+		VASSERT_EQ("4",  "%3E", vmime::utility::urlUtils::encode(">"));
+		VASSERT_EQ("5",  "%23", vmime::utility::urlUtils::encode("#"));
+		VASSERT_EQ("6",  "%25", vmime::utility::urlUtils::encode("%"));
+		VASSERT_EQ("7",  "%7B", vmime::utility::urlUtils::encode("{"));
+		VASSERT_EQ("8",  "%7D", vmime::utility::urlUtils::encode("}"));
+		VASSERT_EQ("9",  "%7C", vmime::utility::urlUtils::encode("|"));
+		VASSERT_EQ("10", "%5C", vmime::utility::urlUtils::encode("\\"));
+		VASSERT_EQ("11", "%5E", vmime::utility::urlUtils::encode("^"));
+		VASSERT_EQ("12", "%7E", vmime::utility::urlUtils::encode("~"));
+		VASSERT_EQ("13", "%5B", vmime::utility::urlUtils::encode("["));
+		VASSERT_EQ("14", "%5D", vmime::utility::urlUtils::encode("]"));
+		VASSERT_EQ("15", "%60", vmime::utility::urlUtils::encode("`"));
+	}
+
+VMIME_TEST_SUITE_END
diff --git a/vmime-master/vmime.pc.in b/vmime-master/vmime.pc.in
new file mode 100644
index 0000000..fc1103e
--- /dev/null
+++ b/vmime-master/vmime.pc.in
@@ -0,0 +1,13 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: @VMIME_PACKAGE_NAME@
+Description: @VMIME_PACKAGE_DESCRIPTION@
+Version: @VMIME_PACKAGE_VERSION@
+Requires.private: @VMIME_PKGCONFIG_REQUIRES@
+Libs: -L${libdir} -l@VMIME_LIBRARY_NAME@
+Libs.private: @VMIME_PKGCONFIG_LIBS@
+Cflags: -I${includedir}/ @VMIME_PKGCONFIG_CFLAGS@
+